diff --git a/.editorconfig b/.editorconfig
index 6e1b7d5ab..0c95aa667 100644
--- a/.editorconfig
+++ b/.editorconfig
@@ -6,6 +6,7 @@ indent_size = 2
 insert_final_newline = true
 charset = utf-8
 end_of_line = lf
+trim_trailing_whitespace = true
 
 [{pom.xml,*.md}]
 indent_style = space
diff --git a/.gitattributes b/.gitattributes
index fcadb2cf9..3fef52615 100644
--- a/.gitattributes
+++ b/.gitattributes
@@ -1 +1,2 @@
 * text eol=lf
+*.bin binary
diff --git a/.github/actions/download-artifact/action.yml b/.github/actions/download-artifact/action.yml
new file mode 100644
index 000000000..1063946ba
--- /dev/null
+++ b/.github/actions/download-artifact/action.yml
@@ -0,0 +1,62 @@
+name: Download artifact
+description: Wrapper around GitHub's official action, with additional extraction before download
+
+# https://github.com/actions/download-artifact/blob/main/action.yml
+inputs:
+  name:
+    description: Artifact name
+    required: true
+  path:
+    description: Destination path
+    required: false
+    default: .
+
+runs:
+  using: composite
+  steps:
+    - name: Download artifacts
+      if: github.event_name != 'workflow_run'
+      uses: actions/download-artifact@v7
+      with:
+        pattern: ${{ inputs.name }}
+        path: ${{ inputs.path }}
+        merge-multiple: true
+
+    - name: Download artifacts
+      if: github.event_name == 'workflow_run'
+      #v12
+      uses: dawidd6/action-download-artifact@0bd50d53a6d7fb5cb921e607957e9cc12b4ce392
+      with:
+        workflow: ${{ github.event.workflow_run.name }}
+        run_id: ${{ github.event.workflow_run.id }}
+        name: ${{ inputs.name }}
+        path: ${{ inputs.path }}
+        name_is_regexp: true
+
+    - name: Extract artifacts
+      if: github.event_name != 'workflow_run'
+      run: |
+        for t in ${{ inputs.name }}*.tar
+        do
+          tar -xvf "${t}"
+        done
+      shell: bash
+      working-directory: ${{ inputs.path }}
+
+    - name: Extract artifacts
+      if: github.event_name == 'workflow_run'
+      run: |
+        for t in ${{ inputs.name }}/${{ inputs.name }}*.tar
+        do
+          mv "${t}" .
+          tar -xvf "${t}"
+        done
+      shell: bash
+      working-directory: ${{ inputs.path }}
+
+    - name: Remove archive
+      run: |
+        rm -f ${{ inputs.name }}.tar
+        rm -f ${{ inputs.name }}.zip
+      shell: bash
+      working-directory: ${{ inputs.path }}
diff --git a/.github/actions/prepare-analysis/action.yml b/.github/actions/prepare-analysis/action.yml
new file mode 100644
index 000000000..7a7b9fad7
--- /dev/null
+++ b/.github/actions/prepare-analysis/action.yml
@@ -0,0 +1,64 @@
+name: Prepare code analysis
+description: Prepare the working directory for SonarQube code analysis
+
+inputs:
+  cache:
+    description: Cache type
+
+runs:
+  using: composite
+  steps:
+    - name: Get reports
+      uses: ./.github/actions/download-artifact
+      with:
+        name: reports-*
+
+    - name: Get coverage
+      uses: ./.github/actions/download-artifact
+      with:
+        name: merged-coverage
+
+    - name: Get classes
+      uses: ./.github/actions/download-artifact
+      with:
+        name: classes
+
+    - name: Create paths for JUnit reporting
+      id: junit_paths
+      shell: bash
+      run: |
+        report_paths=""
+        check_name=""
+        for file in target/surefire-reports-*
+        do
+          report_paths="${file}/TEST-*.xml"$'\n'"${report_paths}"
+          check_name="JUnit Report ${file##target/surefire-reports-}"$'\n'"${check_name}"
+        done
+        echo "report_paths<<EOF"$'\n'"${report_paths}EOF" >> $GITHUB_OUTPUT
+        echo "check_name<<EOF"$'\n'"${check_name}EOF" >> $GITHUB_OUTPUT
+
+    - name: Publish Test Report
+      #v6.1.0
+      uses: mikepenz/action-junit-report@a294a61c909bd8a4b563024a2faa28897fd53ebc
+      with:
+        commit: ${{ github.event.workflow_run.head_sha }}
+        report_paths: ${{ steps.junit_paths.outputs.report_paths }}
+        check_name: ${{ steps.junit_paths.outputs.check_name }}
+        require_tests: true
+        check_retries: true
+        detailed_summary: true
+
+    - name: Set up JDK
+      uses: actions/setup-java@v5
+      with:
+        java-version: ${{ env.BUILD_JAVA_VERSION }}
+        distribution: temurin
+        cache: ${{ inputs.cache }}
+
+    - name: Cache SonarCloud packages
+      if: inputs.cache
+      uses: actions/cache@v5
+      with:
+        path: ~/.sonar/cache
+        key: ${{ runner.os }}-sonar
+        restore-keys: ${{ runner.os }}-sonar
diff --git a/.github/actions/upload-artifact/action.yml b/.github/actions/upload-artifact/action.yml
new file mode 100644
index 000000000..ab93f1fbc
--- /dev/null
+++ b/.github/actions/upload-artifact/action.yml
@@ -0,0 +1,50 @@
+name: Upload artifact
+description: Wrapper around GitHub's official action, with additional archiving before upload
+
+# https://github.com/actions/upload-artifact/blob/main/action.yml
+inputs:
+  name:
+    description: Artifact name
+    required: true
+  filename:
+    description: Tar filename in artifact
+    required: false
+    default: ''
+  path:
+    description: One or more files, directories or wildcard pattern that describes what to upload
+    required: true
+  if-no-files-found:
+    description: >
+      The desired behavior if no files are found using the provided path.
+      Available Options:
+        warn: Output a warning but do not fail the action
+        error: Fail the action with an error message
+        ignore: Do not output any warnings or errors, the action does not fail
+    required: false
+    default: warn
+  retention-days:
+    description: >
+      Duration after which artifact will expire in days. 0 means using default retention.
+      Minimum 1 day.
+      Maximum 90 days unless changed from the repository settings page.
+    required: false
+    default: '1'
+
+runs:
+  using: composite
+  steps:
+    - name: Archive artifacts
+      run: tar -cvf "${{inputs.name}}${{ inputs.filename }}.tar" $(echo "${{ inputs.path }}" | tr '\n' ' ')
+      shell: bash
+
+    - name: Upload artifacts
+      uses: actions/upload-artifact@v6
+      with:
+        if-no-files-found: ${{ inputs.if-no-files-found }}
+        name: ${{ inputs.name }}
+        path: ${{ inputs.name }}${{ inputs.filename }}.tar
+        retention-days: ${{ inputs.retention-days }}
+
+    - name: Remove archive
+      run: rm -f ${{ inputs.name }}.tar
+      shell: bash
diff --git a/.github/workflows/analyze.yml b/.github/workflows/analyze.yml
new file mode 100644
index 000000000..31b3c7775
--- /dev/null
+++ b/.github/workflows/analyze.yml
@@ -0,0 +1,91 @@
+name: Analyze PR
+
+on:
+  workflow_run:
+    workflows:
+      - 'Build'
+    types:
+      - completed
+
+permissions:
+  pull-requests: read
+  contents: read
+  checks: write
+
+env:
+  BUILD_JAVA_VERSION: '25'
+
+jobs:
+  analyze:
+    name: Analyze Code
+    # Only run on forks, in-repo PRs are analyzed directly
+    if: github.event.workflow_run.head_repository.owner.login != 'dnsjava'
+    runs-on: ubuntu-latest
+    steps:
+      - name: Download PR number artifact
+        id: get_pr_number
+        #v12
+        uses: dawidd6/action-download-artifact@0bd50d53a6d7fb5cb921e607957e9cc12b4ce392
+        with:
+          workflow: ${{ github.event.workflow_run.name }}
+          run_id: ${{ github.event.workflow_run.id }}
+          name: pr_number
+
+      - name: Read Pull Request Number
+        id: pr_number
+        run: |
+          PR=$(cat pr_number.txt)
+          echo "pr_number=${PR}" >> "$GITHUB_OUTPUT"
+
+      - name: Request PR data from GitHub API
+        id: get_pr_data
+        if: steps.get_pr_number.outputs.found_artifact
+        #v2.4.0
+        uses: octokit/request-action@dad4362715b7fb2ddedf9772c8670824af564f0d
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+        with:
+          route: GET /repos/{full_name}/pulls/{number}
+          full_name: ${{ github.event.repository.full_name }}
+          number: ${{ steps.pr_number.outputs.pr_number }}
+
+      - name: Checkout PR
+        uses: actions/checkout@v6
+        with:
+          repository: ${{ github.event.workflow_run.head_repository.full_name }}
+          ref: ${{ github.event.workflow_run.head_sha }}
+          persist-credentials: false
+          path: pr
+          # for Sonar
+          fetch-depth: 0
+
+      - name: Checkout base
+        uses: actions/checkout@v6
+        with:
+          repository: ${{ github.event.repository.full_name }}
+          ref: ${{ fromJson(steps.get_pr_data.outputs.data).base.ref }}
+          persist-credentials: false
+          path: base
+
+      - name: Get analysis data
+        uses: ./base/.github/actions/prepare-analysis
+
+      - name: Run SonarQube
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+          SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
+          WF_REVISION: ${{ github.event.workflow_run.head_sha }}
+          WF_PRKEY: ${{ fromJson(steps.get_pr_data.outputs.data).number }}
+          WF_BRANCH: ${{ fromJson(steps.get_pr_data.outputs.data).head.ref }}
+          WF_BASE: ${{ fromJson(steps.get_pr_data.outputs.data).base.ref }}
+        run: |
+          cp -f base/pom.xml pr/
+          cd pr
+          mvn -B \
+          -f pom.xml \
+          -Dsonar.scm.revision='${WF_REVISION}' \
+          -Dsonar.pullrequest.key='${WF_PRKEY}' \
+          -Dsonar.pullrequest.branch='${WF_BRANCH}' \
+          -Dsonar.pullrequest.base='${WF_BASE}' \
+          properties:read-project-properties \
+          org.sonarsource.scanner.maven:sonar-maven-plugin:sonar
diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml
index d0bcbaf6f..b1f3c236a 100644
--- a/.github/workflows/build.yml
+++ b/.github/workflows/build.yml
@@ -1,4 +1,4 @@
-name: dnsjava CI
+name: Build
 
 on:
   push:
@@ -10,6 +10,9 @@ on:
       - master
       - 'release/**'
 
+env:
+  BUILD_JAVA_VERSION: '25'
+
 jobs:
   test:
     runs-on: ${{ matrix.os }}
@@ -17,76 +20,180 @@ jobs:
     strategy:
       fail-fast: false
       matrix:
-        os: [ ubuntu-18.04, ubuntu-20.04, windows-latest ]
-        java: [ '8', '11' ]
-        arch: [ 'x86', 'x64' ]
-        exclude:
-          - os: ubuntu-18.04
-            arch: x86
-          - os: ubuntu-20.04
+        os: [ ubuntu-latest, windows-latest ]
+        java: [ '8', '11', '17', '21', '25' ]
+        arch: [ 'x64' ]
+        include:
+          - os: windows-latest
+            java: '17'
             arch: x86
 
     name: Java ${{ matrix.java }}/${{ matrix.arch }}/${{ matrix.os }}
 
     steps:
       - name: Checkout
-        uses: actions/checkout@v2
-        with:
-          # for Sonar
-          fetch-depth: 0
-
-      - name: Cache Maven dependencies
-        uses: actions/cache@v2
+        uses: actions/checkout@v6
         with:
-          path: ~/.m2/repository
-          key: ${{ runner.os }}-maven-${{ hashFiles('**/pom.xml') }}
-          restore-keys: |
-            ${{ runner.os }}-maven-
+          persist-credentials: false
 
       - name: Set up JDK ${{ matrix.java }}
-        uses: actions/setup-java@v2
+        uses: actions/setup-java@v5
         with:
           java-version: ${{ matrix.java }}
           architecture: ${{ matrix.arch }}
           distribution: temurin
-          check-latest: true
+          cache: maven
 
       - name: Build with Maven
-        if: "${{ !(matrix.arch == 'x64' && matrix.os == 'ubuntu-20.04' && matrix.java == '11') || github.event.pull_request.head.repo.full_name != 'dnsjava/dnsjava' }}"
-        run: mvn verify -B -"Dgpg.skip"
+        shell: bash
+        run: |
+          TEST_EXCLUSIONS=$([ '${{ matrix.java }}' == '25' ] && echo "" || echo "concurrency" )
+          mvn verify \
+            -B \
+            -Dsurefire.rerunFailingTestsCount=2 \
+            -"Dgpg.skip" \
+            -DexcludedGroups="${TEST_EXCLUSIONS}" \
+            jacoco:report
+
+      - name: Copy build reports
+        shell: bash
+        if: always() # always run even if the previous step fails
+        run: |
+          cd target
+          mv jacoco.exec jacoco-${{ matrix.java }}-${{ matrix.arch }}-${{ matrix.os }}.exec
+          mv surefire-reports surefire-reports-${{ matrix.java }}-${{ matrix.arch }}-${{ matrix.os }}
+
+      - name: Verify that the main classes are really compiled for Java 8
+        if: matrix.os == 'ubuntu-latest'
+        run: |
+          class_file_version=$(javap -v target/classes/org/xbill/DNS/SimpleResolver.class | grep -oP "major version: \K\d+")
+          echo "::notice file=SimpleResolver.class::Class file version ${class_file_version}"
+          if [ "${class_file_version}" != "52" ]; then
+            echo "::error file=SimpleResolver.class::Class file version is not Java 8"
+            exit 1
+          fi
+
+      - name: Upload classes
+        uses: ./.github/actions/upload-artifact
+        if: always() && matrix.java == env.BUILD_JAVA_VERSION && matrix.arch == 'x64' && matrix.os == 'ubuntu-latest'
+        with:
+          name: classes
+          path: target/*classes
+
+      - name: Upload JUnit Reports
+        uses: ./.github/actions/upload-artifact
+        if: always() # always run even if the previous step fails
+        with:
+          name: reports-${{ matrix.java }}-${{ matrix.arch }}-${{ matrix.os }}
+          filename: ${{ matrix.java }}-${{ matrix.arch }}-${{ matrix.os }}
+          path: target/surefire-reports-*/TEST-*.xml
+
+      - name: Upload Coverage Reports
+        uses: ./.github/actions/upload-artifact
+        if: always() # always run even if the previous step fails
+        with:
+          name: coverage-${{ matrix.java }}-${{ matrix.arch }}-${{ matrix.os }}
+          filename: ${{ matrix.java }}-${{ matrix.arch }}-${{ matrix.os }}
+          path: target/jacoco-${{ matrix.java }}-${{ matrix.arch }}-${{ matrix.os }}.exec
+
+  report:
+    name: JUnit Reports/JaCoCo Merge
+    runs-on: ubuntu-latest
+    needs: test
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v6
+        with:
+          persist-credentials: false
 
-      # doesn't work with PRs from forks, see https://jira.sonarsource.com/browse/MMF-1371
-      - name: Build with Maven and run Sonar
-        if: "${{ (github.ref == 'refs/heads/master' || startsWith(github.ref, 'refs/heads/release/') || github.event.pull_request.head.repo.full_name == 'dnsjava/dnsjava') && matrix.arch == 'x64' && matrix.os == 'ubuntu-20.04' && matrix.java == '11' }}"
+      - name: Set up JDK
+        uses: actions/setup-java@v5
+        with:
+          java-version: ${{ env.BUILD_JAVA_VERSION }}
+          distribution: temurin
+          cache: maven
+
+      - name: Get coverage artifact
+        uses: ./.github/actions/download-artifact
+        with:
+          name: coverage-*
+
+      - name: Get classes
+        uses: ./.github/actions/download-artifact
+        with:
+          name: classes
+
+      - name: Merge JaCoCo and output
+        run: mvn -B jacoco:merge jacoco:report
+
+      - name: Upload
+        uses: ./.github/actions/upload-artifact
+        with:
+          name: merged-coverage
+          path: |
+            target/site/jacoco
+            target/jacoco.exec
+
+      - name: Save PR number to file
+        if: github.event_name == 'pull_request' && github.event.pull_request.head.repo.owner.login != 'dnsjava'
+        run: echo ${{ github.event.number }} > pr_number.txt
+
+      - name: Archive PR number
+        if: github.event_name == 'pull_request' && github.event.pull_request.head.repo.owner.login != 'dnsjava'
+        uses: actions/upload-artifact@v6
+        with:
+          name: pr_number
+          path: pr_number.txt
+
+  analyze:
+    name: Analyze Code
+    runs-on: ubuntu-latest
+    needs: report
+    if: github.event_name == 'push' || github.event.pull_request.head.repo.owner.login == 'dnsjava'
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v6
+        with:
+          persist-credentials: false
+          # for Sonar
+          fetch-depth: 0
+
+      - name: Get analysis data
+        uses: ./.github/actions/prepare-analysis
+        with:
+          cache: maven
+
+      - name: Run codecov
+        #v5.5.2
+        uses: codecov/codecov-action@671740ac38dd9b0130fbe1cec585b89eea48d3de
+
+      # doesn't work with PRs from forks, see
+      # https://portal.productboard.com/sonarsource/1-sonarcloud/c/50-sonarcloud-analyzes-external-pull-request
+      # or https://jira.sonarsource.com/browse/MMF-1371 (not public anymore)
+      - name: Run SonarQube
         env:
           GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
           SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
-        run: mvn -B -"Dgpg.skip" verify jacoco:report org.sonarsource.scanner.maven:sonar-maven-plugin:sonar
-
-      - name: Run codecovc
-        if: "${{ matrix.arch == 'x64' && matrix.os == 'ubuntu-20.04' && matrix.java == '11' }}"
-        uses: codecov/codecov-action@v2
+        run: mvn -B properties:read-project-properties org.sonarsource.scanner.maven:sonar-maven-plugin:sonar
 
   release:
     if: github.ref == 'refs/heads/master' || startsWith(github.ref, 'refs/heads/release/')
     needs: test
-    runs-on: ubuntu-20.04
+    runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@v2
-
-      - name: Cache Maven dependencies
-        uses: actions/cache@v2
+      - name: Checkout
+        uses: actions/checkout@v6
         with:
-          path: ~/.m2/repository
-          key: m2-cache-8-x64-ubuntu-20.04
+          persist-credentials: false
 
-      - name: Set up JDK 8
-        uses: actions/setup-java@v2
+      - name: Set up JDK ${{ env.BUILD_JAVA_VERSION }}
+        uses: actions/setup-java@v5
         with:
-          java-version: '8'
+          java-version: ${{ env.BUILD_JAVA_VERSION }}
           architecture: 'x64'
           distribution: temurin
-          server-id: ossrh
+          cache: maven
+          server-id: central
           server-username: SONATYPE_USER
           server-password: SONATYPE_PW
 
@@ -94,12 +201,28 @@ jobs:
         env:
           SONATYPE_USER: ${{ secrets.SONATYPE_USER }}
           SONATYPE_PW: ${{ secrets.SONATYPE_PW }}
+          MAVEN_GPG_PASSPHRASE: ${{ secrets.GPG_PW }}
         run: |
           cat <(echo -e "${{ secrets.GPG_KEY }}") | gpg --batch --import
           gpg --list-secret-keys --keyid-format LONG
           mvn \
             --no-transfer-progress \
             --batch-mode \
-            -Dgpg.passphrase="${{ secrets.GPG_PW }}" \
-            -DperformRelease=true \
-            deploy
+            compile
+          # Verify that the main classes are really compiled for Java 8
+          class_file_version=$(javap -v target/classes/org/xbill/DNS/SimpleResolver.class | grep -oP "major version: \K\d+")
+          echo "::notice file=SimpleResolver.class::Class file version ${class_file_version}"
+          if [ "${class_file_version}" == "52" ]; then
+            mvn \
+              --no-transfer-progress \
+              --batch-mode \
+              -DperformRelease=true \
+              -DskipTests \
+              -Dcheckstyle.skip \
+              -Dspotless.check.skip=true \
+              -Danimal.sniffer.skip=true \
+              deploy
+          else
+            echo "::error file=SimpleResolver.class::Class file version is not Java 8"
+            exit 1
+          fi
diff --git a/.github/workflows/codeql-analysis.yml b/.github/workflows/codeql-analysis.yml
new file mode 100644
index 000000000..f3280389c
--- /dev/null
+++ b/.github/workflows/codeql-analysis.yml
@@ -0,0 +1,61 @@
+name: "CodeQL"
+
+on:
+  push:
+    branches:
+      - master
+      - 'release/**'
+  pull_request:
+    # The branches below must be a subset of the branches above
+    branches:
+      - master
+      - 'release/**'
+  schedule:
+    #daily at 01:19 UTC
+    - cron: '19 1 * * *'
+
+jobs:
+  analyze:
+    name: Analyze
+    runs-on: ubuntu-latest
+    permissions:
+      actions: read
+      contents: read
+      security-events: write
+
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@v6
+        with:
+          persist-credentials: false
+
+      # Initializes the CodeQL tools for scanning.
+      - name: Initialize CodeQL
+        uses: github/codeql-action/init@v4
+        with:
+          languages: java
+
+      - name: Set up JDK 25
+        uses: actions/setup-java@v5
+        with:
+          java-version: 25
+          distribution: temurin
+          check-latest: true
+          cache: maven
+
+      - name: Build with Maven
+        # Skip tests, code style, etc. This is handled in the regular CI workflows.
+        run: |
+          mvn clean package -B -V \
+            -DskipTests \
+            -Dgpg.skip \
+            -Dcheckstyle.skip \
+            -Denforcer.skip \
+            -Dmaven.javadoc.skip \
+            -Dspotless.check.skip=true \
+            -Danimal.sniffer.skip=true \
+            compile \
+            test-compile
+
+      - name: Perform CodeQL Analysis
+        uses: github/codeql-action/analyze@v4
diff --git a/.gitignore b/.gitignore
index 4c4dfaab2..7ea6feabc 100644
--- a/.gitignore
+++ b/.gitignore
@@ -5,4 +5,5 @@
 *.iml
 target/
 .DS_Store
-
+.vscode/
+jcstress-results-*
diff --git a/Changelog b/Changelog
index 80f793b8e..9356884fd 100644
--- a/Changelog
+++ b/Changelog
@@ -1,3 +1,113 @@
+01/18/2026
+	- 3.6.4 released
+	- Fix Zone-class serialization (#391)
+	- Avoid Double DNS Lookup for Names with Labels >= ndots (#388)
+	- Prevent NPE when calling Message#getTSIG() on DNS request with
+	  bad header (#384)
+	- Unwrap an exception in the legacy callback-based async interface (#383)
+	- Prevent ConcurrentModificationException in NIO clients
+	  (#379, @bhaveshthakker)
+	- Handle `null` in all setSearchPath overloads equally (#157)
+	- Reduce warning level of invalid `hosts` file entries (#371)
+	- Remove a lock on the hot-path in the `hosts` file parser (#371)
+	- DoH Resolver makes use of the Multi-Release jar and tests are executed
+	  for Java 8 and 11+ implementations (#385)
+	- Fix DoH Resolver initial request delay (#385)
+
+01/26/2025
+	- 3.6.3 released
+	- Support custom hosts file size (@flaming-archer, #349)
+	- Fix origin handling in zone loaded from file or stream (#346)
+	- Prevent TCP port leak when closing IO (#351)
+	- Fix confusing parameter name in CNAMERecord (@chkal, #354)
+	- Optionally disable ShutdownHook in NioClient (@SvenssonWeb, #359)
+	- TSIG algorithm names from RFC 8945
+	- Message.toWire can exceed MAXLENGTH (#355)
+	- TCP query might fail if the shared buffer is full (#357)
+	- Dynamic updates silently truncates records (#356)
+	- Fix DoH initial request using recommended nanoTime calculation
+	 (@LinZong, #345)
+
+09/21/2024
+	- 3.6.2 released
+	- Add new IANA Trust Anchor (@technolord, #337)
+	- Fix Zone handling with signed SOA (@frankarinnet, #335)
+
+07/28/2024
+	- 3.6.1 released
+	- Properly fix LookupSession doesn't cache CNAMEs (#316)
+	- Move JEP-418 SPI to Java 18 to support EOL workflows (#329)
+
+07/21/2024
+	- 3.6.0 released
+	- Fix CVE-2024-25638 (GHSA-cfxw-4h78-h7fw)
+	  Lookup and LookupSession do not sanitize input properly,
+	  allowing to smuggle additional responses, even with DNSSEC.
+	  I would like to thank Thomas Bellebaum from Fraunhofer AISEC
+	  (@bellebaum) and Martin Schanzenbach (@schanzen) for reporting
+	  and assisting me with this issue.
+	- Fix CVE-2023-50387 (GHSA-crjg-w57m-rqqf)
+	  Denial-of-Service Algorithmic Complexity Attacks (KeyTrap)
+	- Fix CVE-2023-50868 (GHSA-mmwx-rj87-vfgr)
+	  NSEC3 closest encloser proof can exhaust CPU resources (KeyTrap)
+	- Fix running all DNSSEC on the specified executor
+	- Add new DNSSEC algorithm constants for SM2SM3 and ECC-GOST12
+	- Add A/AAAA record constructor with IP address byte array
+	- Validate DS record digest lengths (#250)
+	- Fix NPE in SimpleResolver on invalid responses (#277)
+	- Add support for JEP 418: Internet-Address Resolution SPI (#290)
+	- Full JPMS support (#246)
+	- Pluggable I/O for SimpleResolver
+	  (@chrisruffalo, #253)
+	- UDP port leak in SimpleResolver (#318)
+	- Fix clean shutdown in app containers when never used (#319)
+	- Fix concurrency issue in I/O clients (#315, #323)
+	- LookupSession doesn't cache CNAMEs (#316)
+	- SimpleResolver can fail with UPDATE response (#322)
+	- Replace synchronization in Zone with locks
+	  (#305, based on work from @srijeet0406 in #306)
+
+11/11/2023
+	- 3.5.3 released
+	- Fix CNAME in LookupSession (#279)
+	- Fix Name constructor failing with max length, relative name
+	  and root origin (#289, @MMauro94)
+	- Add config option for Resolver I/O timeout (#273, @vmarian2)
+	- Extend I/O logging
+	- Prevent exception during TCP I/O with missing or truncated
+	  length prefix
+	- Use internal base64 codec for Android compatibility (#271)
+	- Fix multi-message TSIG stream verification for pre-RFC8945
+	  servers (#295, @frankarinnet and @nguichon)
+	- Add StreamGenerator for generating RFC8945 compliant
+	  multi-message streams (related to #295)
+
+11/16/2022
+	- 3.5.2 released
+	- Correctly render empty TXT records (#254)
+	- More validation on TLSA data input (#257)
+
+05/15/2022
+	- 3.5.1 released
+	- Fix validation of TSIG signed responses (#249)
+	- DS rdata digest validation hexadecimal digits (#252)
+
+02/05/2022
+	- 3.5.0 released
+	- Add full built-in support for DNSSEC based on dnssecjava (#209)
+	- Make Record classes serializable again (#242)
+	- Allow SVCB ServiceMode records without params
+	  (#244, @adam-stoler)
+	- Fix TCPClient receive timeouts
+	  (#218 @nguydavi, #219)
+
+12/05/2021
+	- 3.4.3 released
+	- Fix handling of buffers in DNSInput
+	  (#224, #225 @nresare)
+	- Clear existing nameservers on config refresh (#226)
+	- Fix exception when calling ResolverConfig.refresh (#234)
+
 09/19/2021
 	- 3.4.2 released
 	- Document behavior of ExtendedResolver.setTimeout (#206)
@@ -41,7 +151,7 @@
 	- 3.3.1 released
 	- Fix value of getAlias in C/DNameRecord (#136)
 	- Fix bug with SVCB/HTTPS parsing of master file format
-	  (PR#135, @adam-stoler) 
+	  (PR#135, @adam-stoler)
 
 09/27/2020
 	 - 3.3.0 released
@@ -104,7 +214,7 @@
 	- 3.0.0-next.1 released
 	- Requires Java 8 and slf4j-api
 	- Adds support for Java 9+ and Android O+ via a new server config
-	  lookup system (#6, #9, 
+	  lookup system (#6, #9)
 	- Resolving is now fully asynchronous, no new thread per query anymore
 	- Message provides information about the resolver that produced it (#41)
 	- Add support for Host Identity Protocol (HIP) records (RFC 8005, #47)
@@ -419,7 +529,7 @@
 	- The TSIG verification routines (TSIG.verify,
 	  TSIG.StreamVerifier.verify() now update the Message object with the
 	  status of the verification in addition to returning the status.
-	
+
 6/03/2009
 	- The lists of servers and searchlist entries in ResolverConfig should
 	  not be static.
@@ -654,7 +764,7 @@
 
 5/7/2005
 	- Fix several problems with empty names.
-	  (Matt Rutherford <rutherfo@cs.colorado.edu>)  
+	  (Matt Rutherford <rutherfo@cs.colorado.edu>)
 
 4/23/2005
 	- As per RFC 2181, the maximum allowed TTL value is 0x7FFFFFFF.
@@ -1078,7 +1188,7 @@
 	- Converting some types of records (TXT, for example) to wire format
 	  could throw an IndexOutOfBoundsException.
 	- TSIG signed UDP queries weren't properly verified by jnamed.
-	- Add a method to render a Message with a specified maximum size - 
+	- Add a method to render a Message with a specified maximum size -
 	  this method will properly truncate large responses and apply
 	  TSIG signatures.
 
@@ -1144,7 +1254,7 @@
 
 10/6/2002
 	- Fix minor bugs in Name code (Bob Halley <bob.halley@nominum.com>)
-	  
+
 10/1/2002
 	- Memory usage and speed improvements to the TypeMap class.
 
@@ -1377,7 +1487,7 @@
 	  (Christopher Fitch <cfitch@sbti.com>)
 	- Added a routine to build a SIG record based on the results of
 	  a DSA signature (Pasi Eronen <pe@iki.fi>)
-	
+
 8/13/2000
 	- Added 'clear' command to update client
 	- Removed some deprecated code
@@ -1647,21 +1757,21 @@
 5/13/1999
 	- split WorkerThread into WorkerThread and ResolveThread
 
-4/25/1999	
+4/25/1999
 	- moved files to org.xbill.DNS
 	- Cache round-robins RRsets before handing them out
 	- changed the way ExtendedResolver decides when to send queries
 	- various reflection changes
 
-4/21/1999	
+4/21/1999
 	- minor WorkerThread fixes
 
-4/19/1999	
+4/19/1999
 	- 0.9.1 released
 	- WorkerThreads should die after 15 minutes of idle time
 	- Address.getByName/getAllByName handle dotted quad IP addresses
 
-4/18/1999	
+4/18/1999
 	- 0.9 released
 	- Finished javadoc-ing classes in DNS.*
 	- Server should work now
diff --git a/EXAMPLES.md b/EXAMPLES.md
index f25af9e16..fd4cc7a38 100644
--- a/EXAMPLES.md
+++ b/EXAMPLES.md
@@ -122,3 +122,71 @@ for (int i = 0; i < n.labels(); i++) {
     System.out.println(n.getLabelString(i));
 }
 ```
+
+## DNSSEC Resolver
+
+```java
+import java.io.*;
+
+import java.nio.charset.StandardCharsets;
+import org.xbill.DNS.*;
+
+public class ResolveExample {
+    // Root anchors, see https://data.iana.org/root-anchors/root-anchors.xml
+    static String ROOT =
+        ". IN DS 20326 8 2 E06D44B80B8F1D39A95C0B0D7C65D08458E880409BBC683457104237C7F8EC8D\n" +
+        ". IN DS 38696 8 2 683D2D0ACB8C9B712A1948B27F741219298D0A450D612C483AF444A4C0FB2B16";
+
+    public static void main(String[] args) throws Exception {
+        // Send two sample queries using a standard resolver
+        SimpleResolver sr = new SimpleResolver("4.2.2.1");
+        System.out.println("Standard resolver:");
+        sendAndPrint(sr, "www.dnssec-failed.org.");
+        sendAndPrint(sr, "nic.ch.");
+
+        // Send the same queries using the validating resolver with the
+        // trust anchor of the root zone
+        // https://data.iana.org/root-anchors/root-anchors.xml
+        ValidatingResolver vr = new ValidatingResolver(sr);
+        vr.loadTrustAnchors(new ByteArrayInputStream(ROOT.getBytes(StandardCharsets.US_ASCII)));
+        System.out.println("\n\nValidating resolver:");
+        sendAndPrint(vr, "www.dnssec-failed.org.");
+        sendAndPrint(vr, "nic.ch.");
+    }
+
+    private static void sendAndPrint(Resolver vr, String name) throws IOException {
+        System.out.println("\n---" + name);
+        Record qr = Record.newRecord(Name.fromConstantString(name), Type.A, DClass.IN);
+        Message response = vr.send(Message.newQuery(qr));
+        System.out.println("AD-Flag: " + response.getHeader().getFlag(Flags.AD));
+        System.out.println("RCode:   " + Rcode.string(response.getRcode()));
+        for (RRset set : response.getSectionRRsets(Section.ADDITIONAL)) {
+            if (set.getName().equals(Name.root) && set.getType() == Type.TXT
+                && set.getDClass() == ValidatingResolver.VALIDATION_REASON_QCLASS) {
+                System.out.println("Reason:  " + ((TXTRecord) set.first()).getStrings().get(0));
+            }
+        }
+    }
+}
+
+```
+
+This should result in an output like
+```
+Standard resolver:
+---www.dnssec-failed.org.
+AD-Flag: false
+RCode:   NOERROR
+---nic.ch.
+AD-Flag: false
+RCode:   NOERROR
+
+Validating resolver:
+---www.dnssec-failed.org.
+AD-Flag: false
+RCode:   SERVFAIL
+Reason:  Could not establish a chain of trust to keys for [dnssec-failed.org.]. Reason: No keys for dnssec-failed.org. have a DS for alg RSASHA1
+---nic.ch.
+AD-Flag: true
+RCode:   NOERROR
+```
diff --git a/LICENSE b/LICENSE
index b3024ea73..60bca5d90 100644
--- a/LICENSE
+++ b/LICENSE
@@ -1,5 +1,6 @@
 Copyright (c) 1998-2019, Brian Wellington
-Copyright (c) 2019-2021, dnsjava authors
+Copyright (c) 2005 VeriSign. All rights reserved.
+Copyright (c) 2019-2023, dnsjava authors
 
 All rights reserved.
 
diff --git a/README.adoc b/README.adoc
new file mode 100644
index 000000000..d43c3ed4e
--- /dev/null
+++ b/README.adoc
@@ -0,0 +1,408 @@
+= dnsjava
+
+image:https://github.com/dnsjava/dnsjava/actions/workflows/build.yml/badge.svg["GitHub CI Build Status",link="https://github.com/dnsjava/dnsjava/actions/workflows/build.yml"]
+image:https://codecov.io/gh/dnsjava/dnsjava/branch/master/graph/badge.svg?token=FKmcwl1Oys["codecov",link="https://codecov.io/gh/dnsjava/dnsjava"]
+image:https://img.shields.io/maven-central/v/dnsjava/dnsjava["Maven Central",link="https://central.sonatype.com/artifact/dnsjava/dnsjava"]
+image:https://javadoc.io/badge/dnsjava/dnsjava.svg["Javadocs",link="https://javadoc.io/doc/dnsjava/dnsjava"]
+
+== Overview
+
+dnsjava is an implementation of DNS in Java.
+It
+
+* supports almost all defined record types (including the DNSSEC types), and unknown types.
+* can be used for queries, zone transfers, and dynamic updates.
+* includes a cache which can be used by clients, and an authoritative only server.
+* supports TSIG authenticated messages, DNSSEC verification, and EDNS0.
+* is fully thread safe.
+
+== Getting started
+
+Have a look at the basic link:EXAMPLES.md[examples].
+
+=== Config options
+
+Some settings of dnsjava can be configured via Java
+https://docs.oracle.com/javase/tutorial/essential/environment/sysprop.html[system properties]:
+
+[cols=4*]
+|===
+.2+h|Property
+3+h|Explanation
+h|Type
+h|Default
+h|Example
+
+.2+|dns[.fallback].server
+3+|DNS server(s) to use for resolving.
+Comma separated list.
+Can be IPv4/IPv6 addresses or hostnames (which are resolved using Java's built in DNS support).
+|String
+|-
+|8.8.8.8,[2001:4860:4860::8888]:853,dns.google
+
+.2+|dns[.fallback].search
+3+|Comma separated list of DNS search paths.
+|String
+|-
+|ds.example.com,example.com
+
+.2+|dns[.fallback].ndots
+3+|Sets a threshold for the number of dots which must appear in a name given to resolve before an initial absolute query will be made.
+|Integer
+|1
+|2
+
+.2+|dnsjava.options
+3+|Comma separated key-value pairs, see <<_optionpairs>>.
+|option list
+|-
+|BINDTTL,tsigfudge=1
+
+.2+|dnsjava.configprovider.skipinit
+3+|Set to true to disable static ResolverConfig initialization.
+|Boolean
+|false
+|true
+
+.2+|dnsjava.configprovider.sunjvm.enabled
+3+|Set to true to enable the reflection based DNS server lookup, see <<_limitations>>.
+|Boolean
+|false
+|true
+
+.2+|dnsjava.udp.ephemeral.start
+3+|First ephemeral port for UDP-based DNS queries.
+|Integer
+|49152 (Linux: 32768)
+|50000
+
+.2+|dnsjava.udp.ephemeral.end
+3+|Last ephemeral port for UDP-based DNS queries.
+|Integer
+|65535 (Linux: 60999)
+|60000
+
+.2+|dnsjava.udp.ephemeral.use_ephemeral_port
+3+|Use an OS-assigned ephemeral port for UDP queries.
+Enabling this option is *insecure*!
+Do NOT use it.
+|Boolean
+|false
+|true
+
+.2+|dnsjava.lookup.max_iterations
+3+|Maximum number of CNAMEs to follow in a chain.
+|Integer
+|16
+|20
+
+.2+|dnsjava.lookup.use_hosts_file
+3+|Use the system's hosts file for lookups before resorting to a resolver.
+|Boolean
+|true
+|false
+
+.2+|dnsjava.hostsfile.max_size_bytes
+3+|Set the size of the hosts file to be loaded at a time, in bytes.
+|Integer
+|16384
+|1000000
+
+.2+|dnsjava.nio.selector_timeout
+3+|Set selector timeout in milliseconds. Default/Max 1000, Min 1.
+|Integer
+|1000
+|700
+
+.2+|dnsjava.nio.register_shutdown_hook
+3+|Register Shutdown Hook for automatic termination of NIO.
+If disabled, the nio selector thread will not automatically clean up on JVM termination.
+|Boolean
+|True
+|False
+
+.2+|dnsjava.harden_unknown_additional
+3+|Harden against unknown records in the authority section and additional section.
+If disabled, such records are copied from the upstream and presented to the client together with the answer.
+|Boolean
+|True
+|False
+
+4+h|DNSSEC Options
+.2+|dnsjava.dnssec.keycache.max_ttl
+3+|Maximum time-to-live (TTL) of entries in the key cache in seconds.
+|Integer
+|900
+|1800
+
+.2+|dnsjava.dnssec.keycache.max_size
+3+|Maximum number of entries in the key cache.
+|Integer
+|1000
+|5000
+
+.2+|org.jitsi.dnssec.nsec3.iterations.N
+3+a|Maximum iteration count for the NSEC3 hashing function depending on the key size N. The defaults are from https://datatracker.ietf.org/doc/html/rfc5155#section-10.3[RFC5155].
+|Integer
+2+a|- 1024 bit keys: 150 iterations
+- 2048 bit keys: 500 iterations
+- 4096 bit keys: 2500 iterations
+
+e.g. dnsjava.dnssec.nsec3.iterations.1024=200
+
+.2+|dnsjava.dnssec.trust_anchor_file
+3+|The file from which the trust anchor should be loaded.
+The file must be formatted like a DNS zone master file.
+It can only contain DS or DNSKEY records.
+|String
+|-
+|/etc/dnssec-root-anchors
+
+.2+|dnsjava.dnssec.digest_preference
+3+|Defines the preferred DS record digest algorithm if a zone has registered multiple DS records.
+The list is comma-separated, the highest preference first.
+
+If this property is not specified, the DS record with the highest
+https://www.iana.org/assignments/ds-rr-types/ds-rr-types.xhtml[digest ID] is chosen.
+To stay compliant with the RFCs, the mandatory digest IDs must be listed in this property.
+
+The GOST digest requires https://www.bouncycastle.org/java.html[BouncyCastle] on the classpath.
+|String
+|-
+|2,1,4
+
+.2+|dnsjava.dnssec.harden_algo_downgrade
+3+|Prevent algorithm downgrade when multiple algorithms are advertised in a zone's DS records.
+If `false`, allows any algorithm to validate the zone.
+|Boolean
+|true
+|false
+
+.2+|dnsjava.dnssec.max_validate_rrsigs
+3+|Maximum number of RRSig records to validate until the response is considered bogus.
+This is limited to avoid the 'KeyTrap' vulnerability (CVE-2023-50387).
+|Integer
+|8
+|4
+
+.2+|dnsjava.dnssec.max_ds_match_failures
+3+|Maximum number of DS records to validate until the response is considered bogus.
+This is limited to avoid the 'KeyTrap' vulnerability (CVE-2023-50387).
+|Integer
+|4
+|2
+
+.2+|dnsjava.dnssec.algorithm_enabled.ID
+3+|Enable or disable a DS/DNSKEY algorithm.
+See
+https://datatracker.ietf.org/doc/html/rfc8624#section-3.1[RFC8624] for recommended values.
+Note that algorithm number 1, `RSAMD5`, is disabled and cannot be enabled with this property.
+|Boolean
+2+|Disable ED448:
+`dnsjava.dnssec.algorithm_enabled.16=false`
+
+.2+|dnsjava.dnssec.algorithm_rsa_min_key_size
+3+|Set the minimum size, in bits, for RSA keys.
+|Integer
+|1024
+|512
+
+.2+|dnsjava.dnssec.digest_enabled.ID
+3+|Enable or disable a DS record digest algorithm.
+See
+https://datatracker.ietf.org/doc/html/rfc8624#section-3.3[RFC8624] for recommended values.
+|Boolean
+2+|Disable SHA.1:
+`dnsjava.dnssec.digest_enabled.1=false`
+
+|===
+
+[#_optionpairs]
+==== dnsjava.options pairs
+
+The `dnsjava.options` configuration options can also be set programmatically through the `Options` class.
+Please refer to the Javadoc for details.
+
+[cols="1,1,1,4",options=header]
+|===
+| Key | Type | Default | Explanation
+| `BINDTTL` | Boolean | false | Print TTLs in BIND format
+| `multiline` | Boolean | false | Print records in multiline format
+| `noPrintIN` | Boolean | false | Do not print the class of a record if it is `IN`
+| `tsigfudge` | Integer | 300 | Sets the default TSIG fudge value (in seconds)
+| `sig0validity` | Integer | 300 | Sets the default SIG(0) validity period (in seconds)
+|===
+
+=== Resolvers
+
+==== SimpleResolver
+
+Basic resolver that uses UDP by default and falls back to TCP if required.
+
+==== ExtendedResolver
+
+A `Resolver` that uses multiple ``Resolver``s to send the queries, defaulting to ``SimpleResolver``s.
+Can be configured to query the servers in a round-robin order.
+Blacklists a server if it times out.
+
+==== DohResolver
+
+Proof-of-concept DNS over HTTP resolver, e.g. to use https://dns.google/query.
+
+==== ValidatingResolver
+
+DNSSEC validating stub resolver.
+Originally based on the work of the Unbound Java prototype from 2005/2006.
+The Unbound prototype was stripped from all unnecessary parts, heavily modified, complemented with more than 300 unit test and found bugs were fixed.
+Before the import into dnsjava, the resolver was developed as an independent library at https://github.com/ibauersachs/dnssecjava.
+To migrate from dnssecjava, replace `org.jitsi` with `org.xbill.DNS` in Java packages and `org.jitsi` with `dnsjava` in property prefixes.
+
+Validated, secure responses contain the DNS `AD`-flag, while responses that failed validation return the `SERVFAIL`-RCode.
+Insecure responses return the actual return code without the `AD`-flag set.
+The reason why the validation failed or is insecure is provided as a localized string in the additional section under the record ./65280/TXT (a TXT record for the owner name of the root zone in the private query class `ValidatingResolver.VALIDATION_REASON_QCLASS`).
+The Extended DNS Errors (EDE, https://datatracker.ietf.org/doc/html/rfc8914[RFC8914]) also provides the failure reason, although in less detail.
+
+The link:EXAMPLES.md[examples] contain a small demo.
+
+[IMPORTANT]
+.Do not use the `ValidatingResolver` standalone.
+A response will need CNAME/DNAME post-processing, and DNS messages can still be manipulated with DNSSEC alone.
+Subsequent processing and validation of messages is intricate and best done using the built-in `LookupSession` (or the legacy `Lookup`) class.
+
+=== Migrating from version 2.1.x to v3
+
+dnsjava v3 has significant API changes compared to version 2.1.x and is neither source nor binary compatible.
+The most important changes are:
+
+* Requires at least Java 8
+
+* Uses https://www.slf4j.org/[slf4j] for logging and thus needs `slf4j-api`
+on the classpath
+
+* The link:USAGE.md[command line tools] were moved to the `org.xbill.DNS.tools`
+package
+
+* On Windows, https://github.com/java-native-access/jna[JNA] should be on the classpath for the search path and proper DNS server finding.
+As of Java 24, note that additional JVM config is required, see https://javadoc.io/doc/net.java.dev.jna/jna/latest/index.html#special-considerations-for-jdk24--heading[Special considerations for JDK24+].
+
+* The `Resolver` API for custom resolvers has changed to use
+`CompletionStage<Message>` for asynchronous resolving.
+The built-in resolvers are now fully non-blocking and do not start a thread per query anymore.
+
+* Many methods return a `List<T>` instead of an array.
+Ideally, use a for-each loop.
+If this is not possible, call `size()` instead of using `length`:
+** Cache#findAnyRecords
+** Cache#findRecords
+** Lookup#getDefaultSearchPath
+** Message#getSectionRRsets
+** SetResponse#answers
+** ResolverConfig
+
+* RRset returns a List<T> instead of an `Iterator`.
+Ideally, modify your code to use a for-each loop.
+If this is not possible, create an iterator on the returned list:
+** RRset#rrs
+** RRset#sigs
+
+* Methods using `java.util.Date` are deprecated.
+Use the new versions with
+`java.time.Instant` or `java.time.Duration` instead
+
+* The type hierarchy of `SMIMEARecord` changed, it now inherits from
+`TLSARecord` and constants are shared
+
+* ``Record``s are no longer marked as `Serializable` after 3.0.
+While 3.5 reintroduced `Serializable`, it is preferred to use the RFC defined serialization formats directly:
+** `toString()`, `rrToString()` ↔ `fromString()`
+** `toWire()` ↔ `fromWire()`, `newRecord()`
+
+* `Message` and `Header` properly support `clone()`
+
+=== Replacing the standard Java DNS functionality
+
+==== Java 1.4 to 8
+
+Java versions from 1.4 to 8 can load DNS service providers at runtime.
+To load the dnsjava service provider, build dnsjava on JDK 8 and set the system property:
+
+	sun.net.spi.nameservice.provider.1=dns,dnsjava
+
+This instructs the JVM to use the dnsjava service provide for DNS at the highest priority.
+
+==== Java 9 to 17
+
+The functionality to load a DNS SPI was https://bugs.openjdk.java.net/browse/JDK-8134577[removed in JDK 9] and a replacement API was https://bugs.openjdk.java.net/browse/JDK-8192780[requested].
+
+==== Java 18+
+
+https://bugs.openjdk.java.net/browse/JDK-8263693[JEP 418: Internet-Address Resolution SPI] reintroduces a DNS SPI.
+See https://github.com/dnsjava/dnsjava/issues/245[#245] for the support status in dnsjava.
+
+=== Build
+
+dnsjava uses https://maven.apache.org/[Maven] as the build system.
+Run `mvn package` from the toplevel directory to build dnsjava.
+JDK 8 or higher is required.
+
+=== Testing dnsjava
+
+mailto:rutherfo@cs.colorado.edu[Matt Rutherford] contributed a number of unit tests, which are in the tests subdirectory.
+
+The hierarchy under tests mirrors the `org.xbill.DNS` classes.
+To run the unit tests, execute `mvn test`.
+
+[#_limitations]
+== Limitations
+
+There is no standard way to determine what the local nameserver or DNS search path is at runtime from within the JVM.
+dnsjava attempts several methods until one succeeds.
+
+- The properties `dns.server` and `dns.search` (comma delimited lists) are checked.
+The servers can either be IP addresses or hostnames (which are resolved using Java's built in DNS support).
+- On Unix/Solaris, `/etc/resolv.conf` is parsed.
+- On Windows, if https://github.com/java-native-access/jna[JNA] is available on the classpath, the `GetAdaptersAddresses` API is used.
+- On Android the `ConnectivityManager` is used (requires initialization using `org.xbill.DNS.config.AndroidResolverConfigProvider.setContext`).
+- The `sun.net.dns.ResolverConfiguration` class is queried if enabled.
+As of Java 16 the JVM flag `--add-opens java.base/sun.net.dns=ALL-UNNAMED` (classpath) or `--add-opens java.base/sun.net.dns=org.dnsjava` (modules) is also required.
+- If available and no servers have been found yet, https://docs.oracle.com/javase/8/docs/technotes/guides/jndi/jndi-dns.html[JNDI-DNS] is used.
+- If still no servers have been found yet, use the fallback properties.
+This can be used to query e.g. a well-known public DNS server instead of localhost.
+- As a last resort, `localhost` is used as the nameserver, and the search path is empty.
+
+== Additional documentation
+
+Javadoc documentation can be built with `mvn javadoc:javadoc` or viewed online at https://javadoc.io/doc/dnsjava/dnsjava[javadoc.io].
+See the link:EXAMPLES.md[examples] for some basic usage information.
+
+== License
+
+dnsjava is placed under the link:LICENSE[BSD-3-Clause license].
+
+== History
+
+dnsjava was started as an excuse to learn Java.
+It was useful for testing new features in BIND without rewriting the C resolver.
+It was then cleaned up and extended in order to be used as a testing framework for DNS interoperability testing.
+The high level API and caching resolver were added to make it useful to a wider audience.
+The authoritative only server was added as proof of concept.
+
+=== dnsjava on GitHub
+
+This repository has been a mirror of the dnsjava project at Sourceforge since 2014 to maintain the Maven build for publishing to https://search.maven.org/artifact/dnsjava/dnsjava[Maven Central].
+As of 2019-05-15, GitHub is https://sourceforge.net/p/dnsjava/mailman/message/36666800/[officially] the new home of dnsjava.
+The mailto:dnsjava-users@lists.sourceforge.net[dnsjava-users] mailing list (https://sourceforge.net/p/dnsjava/mailman/dnsjava-users/[archive]) still exists but is mostly inactive.
+
+Please use the GitHub https://github.com/dnsjava/dnsjava/issues[issue tracker] and send - well tested - pull requests.
+
+== Authors
+
+- Brian Wellington (@bwelling), March 12, 2004
+- Various contributors, see the link:Changelog[Changelog]
+- Ingo Bauersachs (@ibauersachs), current maintainer
+
+== Final notes
+
+- Thanks to Network Associates, Inc. for sponsoring some of the original dnsjava work in 1999-2000.
+- Thanks to Nominum, Inc. for sponsoring some work on dnsjava from 2000 through 2017.
diff --git a/README.md b/README.md
deleted file mode 100644
index 4aa71a68c..000000000
--- a/README.md
+++ /dev/null
@@ -1,295 +0,0 @@
-[![dnsjava CI](https://github.com/dnsjava/dnsjava/actions/workflows/build.yml/badge.svg)](https://github.com/dnsjava/dnsjava/actions/workflows/build.yml)
-[![codecov](https://codecov.io/gh/dnsjava/dnsjava/branch/master/graph/badge.svg?token=FKmcwl1Oys)](https://codecov.io/gh/dnsjava/dnsjava)
-[![Maven Central](https://maven-badges.herokuapp.com/maven-central/dnsjava/dnsjava/badge.svg)](https://search.maven.org/artifact/dnsjava/dnsjava)
-[![Javadocs](http://javadoc.io/badge/dnsjava/dnsjava.svg)](http://javadoc.io/doc/dnsjava/dnsjava)
-
-# dnsjava
-
-## Overview
-
-dnsjava is an implementation of DNS in Java. It supports almost all defined record
-types (including the DNSSEC types), and unknown types. It can be used for
-queries, zone transfers, and dynamic updates. It includes a cache which can be
-used by clients, and an authoritative only server. It supports TSIG
-authenticated messages, partial DNSSEC verification, and EDNS0. It is fully
-thread safe.
-
-dnsjava was started as an excuse to learn Java. It was useful for testing new
-features in BIND without rewriting the C resolver. It was then cleaned up and
-extended in order to be used as a testing framework for DNS interoperability
-testing. The high level API and caching resolver were added to make it useful
-to a wider audience. The authoritative only server was added as proof of
-concept.
-
-## dnsjava on Github
-
-This repository has been a mirror of the dnsjava project at Sourceforge
-since 2014 to maintain the Maven build for publishing to
-[Maven Central](https://search.maven.org/artifact/dnsjava/dnsjava).
-As of 2019-05-15, Github is
-[officially](https://sourceforge.net/p/dnsjava/mailman/message/36666800/)
-the new home of dnsjava.
-
-Please use the Github [issue tracker](https://github.com/dnsjava/dnsjava/issues)
-and send - well tested - pull requests. The
-[dnsjava-users@lists.sourceforge.net](mailto:dnsjava-users@lists.sourceforge.net)
-mailing list still exists.
-
-## Getting started
-
-### Config options
-Some settings of dnsjava can be configured via
-[system properties](https://docs.oracle.com/javase/tutorial/essential/environment/sysprop.html):
-
-<table>
-    <thead>
-        <tr>
-            <th rowspan="2">Property</th>
-            <th>Type</th>
-            <th>Default</th>
-            <th>Example</th>
-        </tr>
-        <tr>
-            <th colspan="3">Explanation</th>
-        </tr>
-    </thead>
-    <tbody class="rich-diff-level-one">
-        <tr>
-            <td rowspan="2">dns[.fallback].server</td>
-            <td>String</td>
-            <td>-</td>
-            <td>8.8.8.8,[2001:4860:4860::8888]:853,dns.google</td>
-        </tr>
-        <tr>
-            <td colspan="3">DNS server(s) to use for resolving. Comma separated list. Can be IPv4/IPv6 addresses or hostnames (which are resolved using Java's built in DNS support).</td>
-        </tr>
-        <tr>
-            <td rowspan="2">dns[.fallback].search</td>
-            <td>String</td>
-            <td>-</td>
-            <td>ds.example.com,example.com</td>
-        </tr>
-        <tr>
-            <td colspan="3">Comma separated list of DNS search paths.</td>
-        </tr>
-        <tr>
-            <td rowspan="2">dns[.fallback].ndots</td>
-            <td>Integer</td>
-            <td>1</td>
-            <td>2</td>
-        </tr>
-        <tr>
-            <td colspan="3">Sets a threshold for the number of dots which must appear in a name given to resolve before an initial absolute query will be made.</td>
-        </tr>
-        <tr>
-            <td rowspan="2">dnsjava.options</td>
-            <td>option list</td>
-            <td>-</td>
-            <td>BINDTTL,tsigfudge=1</td>
-        </tr>
-        <tr>
-            <td colspan="3">Comma separated key-value pairs, see below.</td>
-        </tr>
-        <tr>
-            <td rowspan="2">dnsjava.configprovider.skipinit</td>
-            <td>Boolean</td>
-            <td>false</td>
-            <td>true</td>
-        </tr>
-        <tr>
-            <td colspan="3">Set to true to disable static ResolverConfig initialization.</td>
-        </tr>
-        <tr>
-            <td rowspan="2">dnsjava.configprovider.sunjvm.enabled</td>
-            <td>Boolean</td>
-            <td>false</td>
-            <td>true</td>
-        </tr>
-        <tr>
-            <td colspan="3">Set to true to enable the reflection based DNS server lookup, see limitations below.</td>
-        </tr>
-        <tr>
-            <td rowspan="2">dnsjava.udp.ephemeral.start</td>
-            <td>Integer</td>
-            <td>49152 (Linux: 32768)</td>
-            <td>50000</td>
-        </tr>
-        <tr>
-            <td colspan="3">First ephemeral port for UDP-based DNS queries.</td>
-        </tr>
-        <tr>
-            <td rowspan="2">dnsjava.udp.ephemeral.end</td>
-            <td>Integer</td>
-            <td>65535 (Linux: 60999)</td>
-            <td>60000</td>
-        </tr>
-        <tr>
-            <td colspan="3">Last ephemeral port for UDP-based DNS queries.</td>
-        </tr>
-        <tr>
-            <td rowspan="2">dnsjava.udp.ephemeral.use_ephemeral_port</td>
-            <td>Boolean</td>
-            <td>false</td>
-            <td>true</td>
-        </tr>
-        <tr>
-            <td colspan="3">Use an OS-assigned ephemeral port for UDP queries. Enabling this option is insecure! Do NOT use it.</td>
-        </tr>
-        <tr>
-            <td rowspan="2">dnsjava.lookup.max_iterations</td>
-            <td>Integer</td>
-            <td>16</td>
-            <td>20</td>
-        </tr>
-        <tr>
-            <td colspan="3">Maximum number of CNAMEs to follow in a chain.</td>
-        </tr>
-        <tr>
-            <td rowspan="2">dnsjava.lookup.use_hosts_file</td>
-            <td>Boolean</td>
-            <td>true</td>
-            <td>false</td>
-        </tr>
-        <tr>
-            <td colspan="3">Use the system's hosts file for lookups before resorting to a resolver.</td>
-        </tr>
-    </tbody>
-</table>
-
-#### dnsjava.options pairs
-The dnsjava.options configuration options can also be set programmatically
-through the `Options` class. Please refer to the Javadoc for details.
-
-| Key | Type | Default | Explanation |
-| --- | ---- | -------|  ----------- |
-| BINDTTL | Boolean | false | Print TTLs in BIND format |
-| multiline | Boolean | false | Print records in multiline format |
-| noPrintIN | Boolean | false | Do not print the class of a record if it is `IN` |
-| tsigfudge | Integer | 300 | Sets the default TSIG fudge value (in seconds) |
-| sig0validity | Integer | 300 | Sets the default SIG(0) validity period (in seconds) |
-
-### Resolvers
-dnsjava comes with several built-in resolvers: 
-- `SimpleResolver`: a basic resolver that uses UDP by default and falls back
-  to TCP if required.
-- `ExtendedResolver`: a resolver that uses multiple `SimpleResolver`s to send
-   the queries. Can be configured to query the servers in a round-robin order.
-   Blacklists a server if it times out.
-- `DohResolver`: a proof-of-concept DNS over HTTP resolver, e.g. to use
-  `https://dns.google/query`.
-
-The project [dnssecjava](https://github.com/ibauersachs/dnssecjava) has a
-resolver that validates responses with DNSSEC.
-
-### Migrating from version 2.1.x to v3
-dnsjava 3 has significant API changes compared to version 2.1.x and is
-neither source nor binary compatible. The most important changes are:
-- The minimum supported version is Java 8
-- Uses [slf4j](http://www.slf4j.org/) for logging and thus needs `slf4j-api`
-  on the classpath
-- The [command line tools](USAGE.md) were moved to the `org.xbill.DNS.tools`
-  package
-- On Windows, [JNA](https://github.com/java-native-access/jna) should be
-  on the classpath for the search path
-- The `Resolver` API for custom resolvers has changed to use
-  `CompletionStage<Message>` for asynchronous resolving. The built-in
-   resolvers are now fully non-blocking and do not start a thread per
-   query anymore.
-- Many methods return a `List<T>` instead of an array. Ideally, use a
-  for-each loop. If this isn't possible, call `size()` instead of
-  using `length`:
-  - Cache#findAnyRecords
-  - Cache#findRecords
-  - Lookup#getDefaultSearchPath
-  - Message#getSectionRRsets
-  - SetResponse#answers
-  - ResolverConfig
-- RRset returns a List<T> instead of an `Iterator`. Ideally, modify your
-  code to use a for-each loop. If this is not possible, create an iterator
-  on the returned list:
-  - RRset#rrs
-  - RRset#sigs
-- Methods using `java.util.Date` are deprecated. Use the new versions with
-  `java.time.Instant` or `java.time.Duration` instead
-- The type hierarchy of `SMIMEARecord` changed, it now inherits from
-  `TLSARecord` and constants are shared
-- `Record`s are no longer marked as `Serializable`. Use the RFC defined
-   serialization formats:
-   - `toString()`, `rrToString()` <-> `fromString()`
-   - `toWire()` <-> `fromWire()`, `newRecord()`
-- `Message` and `Header` properly support `clone()`
-
-### Replacing the standard Java DNS functionality
-
-Java versions from 1.4 to 8 can load DNS service providers at runtime. The
-functionality was [removed in JDK 9](https://bugs.openjdk.java.net/browse/JDK-8134577),
-a replacement is [requested](https://bugs.openjdk.java.net/browse/JDK-8192780),
-but so far only a [proposal](https://bugs.openjdk.java.net/browse/JDK-8263693)
-has been defined.
-
-To load the dnsjava service provider, build dnsjava on JDK 8 and set the system property:
-
-	sun.net.spi.nameservice.provider.1=dns,dnsjava
-
-This instructs the JVM to use the dnsjava service provide for DNS at the
-highest priority.
-
-### Build
-
-Run `mvn package` from the toplevel directory to build dnsjava. JDK 8
-or higher is required.
-
-### Testing dnsjava
-
-[Matt Rutherford](mailto:rutherfo@cs.colorado.edu) contributed a number of unit
-tests, which are in the tests subdirectory. The hierarchy under tests
-mirrors the org.xbill.DNS classes. To run the unit tests, execute
-`mvn test`.
-
-
-## Limitations
-
-There's no standard way to determine what the local nameserver or DNS search
-path is at runtime from within the JVM. dnsjava attempts several methods
-until one succeeds.
-
-- The properties `dns.server` and `dns.search` (comma delimited lists) are
-  checked. The servers can either be IP addresses or hostnames (which are
-  resolved using Java's built in DNS support).
-- On Unix/Solaris, `/etc/resolv.conf` is parsed.
-- On Windows, if [JNA](https://github.com/java-native-access/jna) is available
-  on the classpath, the `GetAdaptersAddresses` API is used.
-- On Android the `ConnectivityManager` is used (requires initialization using
-  `org.xbill.DNS.config.AndroidResolverConfigProvider.setContext`).
-- The `sun.net.dns.ResolverConfiguration` class is queried if enabled. As of
-  Java 16 the JVM flag `--add-opens java.base/sun.net.dns=ALL-UNNAMED` is also
-  required.
-- If available and no servers have been found yet,
-  [JNDI-DNS](https://docs.oracle.com/javase/8/docs/technotes/guides/jndi/jndi-dns.html) is used.
-- If still no servers have been found yet, use the fallback properties. This can be used to query
-  e.g. a well-known public DNS server instead of localhost. 
-- As a last resort, `localhost` is used as the nameserver, and the search
-  path is empty.
-
-
-## Additional documentation
-
-Javadoc documentation can be built with `mvn javadoc:javadoc` or viewed online
-at [javadoc.io](http://javadoc.io/doc/dnsjava/dnsjava). See the
-[examples](EXAMPLES.md) for some basic usage information.
-
-
-## License
-
-dnsjava is placed under the [BSD-3-Clause license](LICENSE).
-
-## Authors
-
-- Brian Wellington (@bwelling), March 12, 2004
-- Various contributors, see [Changelog](Changelog)
-- Ingo Bauersachs (@ibauersachs), current maintainer
-
-## Final notes
-- Thanks to Network Associates, Inc. for sponsoring some of the original
-  dnsjava work in 1999-2000.
-- Thanks to Nominum, Inc. for sponsoring some work on dnsjava from 2000 through 2017.
diff --git a/TODO.dnssec.md b/TODO.dnssec.md
new file mode 100644
index 000000000..7f0e73a01
--- /dev/null
+++ b/TODO.dnssec.md
@@ -0,0 +1,69 @@
+<del>CNAME Handling
+--------------
+<del>The CNAME handling is terribly inefficient. A recursive nameserver is required
+to deliver all intermediate results in the response to the original query. The
+code however still splits up the query into each part and performs a query for
+each CNAME till the end of the chain is reached.
+This should be changed to follow the chain in the response of the original
+query, but is not so easy because the validation only has the keys for each
+original query.
+A possible workaround would be to synthesize the intermediate responses from
+the original query. Easy for positive responses, but for NXDOMAIN - which
+NSEC(3)s are to be included...?
+
+<del>DNAME Handling
+--------------
+<del>A DNAME causes validation failures during priming because the synthesized
+CNAME is not considered valid. Some unit-tests are failing due to this.
+
+API
+---
+- <del>Provide the final failure reason as a (localizable) string
+
+Code Coverage / Bugs
+--------------------
+- The code still has some untested parts:
+  - <del>Wildcard/ENT DS delegations!!!
+  - ANY responses, especially wildcard expansion
+  - Insecure NSEC3 NODATA responses
+  - <del>Wildcard NODATA responses might pass too broad cases
+  - <del>Behavior if all NSEC3s are not understandable
+  - NXDOMAIN when a NSEC would prove that a wildcard exists
+  - Exceptions thrown by the head resolver
+  - Bogus/Insecure handling of CNAME answer to DS query
+  - <del>Async calling of the validator
+  - <del>Passthrough without validation if the CD flag is set
+  - Various cases in dsReponseToKeForNodata
+  - <del>longestCommonName
+  - <del>Various NSEC NODATA cases
+  - <del>Unsupported algorithm or digest ID cases
+  - <del>NSEC3 iteration count configuration
+  - <del>NSEC3 with unsupported hash algorithm
+  - Multiple NSEC3s for a zone
+  - NSEC3: proveClosestEncloser
+  - NSEC3: proveNodata
+  - NSEC3: proveNoDS
+  - <del>Implement http://tools.ietf.org/html/rfc4509#section-3 to prevent downgrade attacks
+  - <del>http://tools.ietf.org/html/rfc6840#section-4.3 (CNAME bit check)
+  - http://tools.ietf.org/html/rfc6840#section-4.4 (Insecure Delegation Proofs)
+  - http://tools.ietf.org/html/rfc6840#section-5.4 (Caution about Local Policy and Multiple RRSIGs)
+  - <del>Refuse DNAME wildcards (RFC4597)
+  - Test validating against a non-Bind9 head solver
+  - Rate limit queries to be able to validate against Google's public resolvers
+
+Unit Tests
+----------
+- <del>The tests currently rely on an online connection to a recursive server and
+  external zones. They must be able to run offline.
+- <del>Some tests will start to fail after June 9, 2013 because the signature date
+  is compared against the current system time. This must be changed to take
+  the test authoring time. To make this possible DNSJAVA must probably be
+  changed.
+
+DNSJAVA
+-------
+- <del>Fix the Maven project definition to build correctly with a local lib folder
+  as it is not officially distributed on Maven central
+- <del>Version 2.1.5 contains a bug in the Name constructor and needs at least
+  SVN rev. 1686
+- <del>Remove local-repo once 2.1.6 appears on Maven central
diff --git a/checkstyle/checkstyle-config.xml b/checkstyle/checkstyle-config.xml
index 0d6704580..f99d54197 100644
--- a/checkstyle/checkstyle-config.xml
+++ b/checkstyle/checkstyle-config.xml
@@ -3,10 +3,19 @@
 <module name="Checker">
   <module name="TreeWalker">
     <module name="AvoidStarImport"/>
+    <module name="HiddenField">
+      <property name="tokens" value="VARIABLE_DEF"/>
+    </module>
+    <module name="MissingOverride"/>
     <module name="NeedBraces"/>
+    <module name="OneTopLevelClass"/>
   </module>
   <module name="RegexpHeader">
     <property name="headerFile" value="checkstyle/header.template.txt"/>
     <property name="fileExtensions" value="java"/>
   </module>
+  <!-- Excludes all 'module-info.java' files, see https://github.com/checkstyle/checkstyle/issues/8240 -->
+  <module name="BeforeExecutionExclusionFileFilter">
+    <property name="fileNamePattern" value="module\-info\.java$"/>
+  </module>
 </module>
diff --git a/checkstyle/checkstyle-suppressions.xml b/checkstyle/checkstyle-suppressions.xml
new file mode 100644
index 000000000..dded17094
--- /dev/null
+++ b/checkstyle/checkstyle-suppressions.xml
@@ -0,0 +1,8 @@
+<?xml version="1.0"?>
+<!DOCTYPE suppressions PUBLIC
+  "-//Checkstyle//DTD SuppressionFilter Configuration 1.2//EN"
+  "https://checkstyle.org/dtds/suppressions_1_2.dtd">
+<suppressions>
+  <!-- Exclude generated files in the output directory -->
+  <suppress files="[/\\]target[/\\]" checks=".*"/>
+</suppressions>
diff --git a/pom.xml b/pom.xml
index 5fbf5c6ab..52fd2d267 100644
--- a/pom.xml
+++ b/pom.xml
@@ -1,13 +1,13 @@
 <?xml version="1.0" encoding="UTF-8"?>
 <project
-    xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd"
+    xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 https://maven.apache.org/xsd/maven-4.0.0.xsd"
     xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
 
     <modelVersion>4.0.0</modelVersion>
     <groupId>dnsjava</groupId>
     <artifactId>dnsjava</artifactId>
     <packaging>bundle</packaging>
-    <version>3.5.0-SNAPSHOT</version>
+    <version>3.6.5-SNAPSHOT</version>
     <name>dnsjava</name>
     <description>dnsjava is an implementation of DNS in Java. It supports all defined record types (including the DNSSEC
         types), and unknown types. It can be used for queries, zone transfers, and dynamic updates. It includes a cache
@@ -46,29 +46,110 @@
     <properties>
         <project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
         <target.jdk>8</target.jdk>
+        <maven.compiler.showCompilationChanges>true</maven.compiler.showCompilationChanges>
+        <maven.compiler.createMissingPackageInfoClass>false</maven.compiler.createMissingPackageInfoClass>
 
-        <org.junit.version>5.8.0</org.junit.version>
-        <mockito.version>3.12.4</mockito.version>
-        <slf4j.version>1.7.32</slf4j.version>
-        <lombok.version>1.18.20</lombok.version>
-        <jna.version>5.9.0</jna.version>
-        <bouncycastle.version>1.69</bouncycastle.version>
-        <vertx.version>4.1.4</vertx.version>
-
-        <sonar.projectKey>dnsjava_dnsjava</sonar.projectKey>
-        <sonar.organization>dnsjava</sonar.organization>
-        <sonar.host.url>https://sonarcloud.io</sonar.host.url>
-        <sonar.java.source>${target.jdk}</sonar.java.source>
-        <sonar.coverage.jacoco.xmlReportPaths>${project.build.directory}/site/jacoco/jacoco.xml
-        </sonar.coverage.jacoco.xmlReportPaths>
+        <!-- Stay on 5.x for Java 8 compatibility. -->
+        <org.junit.version>5.14.2</org.junit.version>
+        <!-- Stay on 4.x for Java 8 compatibility. Newer versions are used for Java 11+ builds -->
+        <mockito.version>4.11.0</mockito.version>
+        <slf4j.version>1.7.36</slf4j.version>
+        <lombok.version>1.18.42</lombok.version>
+        <jna.version>5.18.1</jna.version>
+        <bouncycastle.version>1.83</bouncycastle.version>
+        <!-- Stay on 5.x for Java 8 compatibility. -->
+        <vertx.version>4.5.24</vertx.version>
+        <!-- Stay on 1.7 for Java 8 compatibility. Newer versions are used for Java 11+ builds -->
+        <google-java-format.version>1.7</google-java-format.version>
+        <spotless.version>2.30.0</spotless.version>
+
+        <sonar.coverage.jacoco.xmlReportPaths>${project.build.directory}/site/jacoco/jacoco.xml</sonar.coverage.jacoco.xmlReportPaths>
+        <delombok.output>${project.build.directory}/delombok</delombok.output>
     </properties>
 
     <build>
+        <pluginManagement>
+            <plugins>
+                <plugin>
+                    <groupId>org.apache.maven.plugins</groupId>
+                    <artifactId>maven-antrun-plugin</artifactId>
+                    <version>3.2.0</version>
+                </plugin>
+
+                <plugin>
+                    <groupId>org.apache.maven.plugins</groupId>
+                    <artifactId>maven-assembly-plugin</artifactId>
+                    <version>3.8.0</version>
+                </plugin>
+
+                <plugin>
+                    <groupId>org.apache.maven.plugins</groupId>
+                    <artifactId>maven-dependency-plugin</artifactId>
+                    <version>3.9.0</version>
+                </plugin>
+
+                <plugin>
+                    <groupId>org.apache.maven.plugins</groupId>
+                    <artifactId>maven-deploy-plugin</artifactId>
+                    <version>3.1.4</version>
+                </plugin>
+
+                <plugin>
+                    <groupId>org.apache.maven.plugins</groupId>
+                    <artifactId>maven-install-plugin</artifactId>
+                    <version>3.1.4</version>
+                </plugin>
+
+                <plugin>
+                    <groupId>org.apache.maven.plugins</groupId>
+                    <artifactId>maven-release-plugin</artifactId>
+                    <version>3.3.1</version>
+                </plugin>
+
+                <plugin>
+                    <groupId>org.apache.maven.plugins</groupId>
+                    <artifactId>maven-resources-plugin</artifactId>
+                    <version>3.4.0</version>
+                </plugin>
+
+                <plugin>
+                    <groupId>org.apache.maven.plugins</groupId>
+                    <artifactId>maven-site-plugin</artifactId>
+                    <version>3.21.0</version>
+                </plugin>
+
+                <plugin>
+                    <groupId>org.codehaus.mojo</groupId>
+                    <artifactId>build-helper-maven-plugin</artifactId>
+                    <version>3.6.1</version>
+                </plugin>
+            </plugins>
+        </pluginManagement>
+
         <plugins>
+            <plugin>
+                <groupId>org.codehaus.mojo</groupId>
+                <artifactId>properties-maven-plugin</artifactId>
+                <version>1.2.1</version>
+                <executions>
+                    <execution>
+                        <phase>initialize</phase>
+                        <goals>
+                            <goal>read-project-properties</goal>
+                        </goals>
+                    </execution>
+                </executions>
+                <configuration>
+                    <files>
+                        <file>sonar-project.properties</file>
+                    </files>
+                </configuration>
+            </plugin>
+
             <plugin>
                 <groupId>org.apache.maven.plugins</groupId>
                 <artifactId>maven-gpg-plugin</artifactId>
-                <version>3.0.1</version>
+                <version>3.2.8</version>
                 <executions>
                     <execution>
                         <id>sign-artifacts</id>
@@ -83,21 +164,36 @@
                         <arg>--pinentry-mode</arg>
                         <arg>loopback</arg>
                     </gpgArguments>
+                    <useAgent>false</useAgent>
                 </configuration>
             </plugin>
 
             <plugin>
                 <groupId>org.apache.maven.plugins</groupId>
                 <artifactId>maven-compiler-plugin</artifactId>
-                <version>3.8.1</version>
+                <version>3.14.1</version>
                 <configuration>
-                    <compilerArgument>-Xlint:unchecked</compilerArgument>
+                    <compilerArgs>
+                        <arg>-Xlint:all,-serial,-processing</arg>
+                        <arg>-Xpkginfo:always</arg>
+                    </compilerArgs>
                     <annotationProcessorPaths>
                         <path>
                             <groupId>org.projectlombok</groupId>
                             <artifactId>lombok</artifactId>
                             <version>${lombok.version}</version>
                         </path>
+                        <path>
+                            <groupId>org.openjdk.jcstress</groupId>
+                            <artifactId>jcstress-core</artifactId>
+                            <version>0.16</version>
+                            <exclusions>
+                                <exclusion>
+                                    <groupId>*</groupId>
+                                    <artifactId>*</artifactId>
+                                </exclusion>
+                            </exclusions>
+                        </path>
                     </annotationProcessorPaths>
                 </configuration>
             </plugin>
@@ -105,64 +201,106 @@
             <plugin>
                 <groupId>org.apache.maven.plugins</groupId>
                 <artifactId>maven-source-plugin</artifactId>
-                <version>3.2.1</version>
+                <version>3.4.0</version>
             </plugin>
 
             <plugin>
                 <groupId>org.apache.felix</groupId>
                 <artifactId>maven-bundle-plugin</artifactId>
-                <version>5.1.2</version>
+                <!-- Stay before v6 for Java 8 compatibility -->
+                <version>5.1.9</version>
                 <extensions>true</extensions>
                 <configuration>
+                    <niceManifest>true</niceManifest>
+                    <excludeDependencies>lombok</excludeDependencies>
                     <instructions>
-                        <Bundle-Name>dnsjava is an implementation of DNS in Java</Bundle-Name>
+                        <Bundle-Name>dnsjava</Bundle-Name>
+                        <Bundle-Description>dnsjava is an implementation of DNS in Java</Bundle-Description>
                         <Bundle-SymbolicName>org.xbill.dns</Bundle-SymbolicName>
-                        <Automatic-Module-Name>org.dnsjava</Automatic-Module-Name>
+                        <Bundle-DocURL>https://javadoc.io/doc/dnsjava/dnsjava</Bundle-DocURL>
                         <_noclassforname>true</_noclassforname>
+                        <_donotcopy>android|sun</_donotcopy>
+                        <_nouses>true</_nouses>
+                        <_noee>true</_noee>
                         <Export-Package>
                             org.xbill.DNS.*
                         </Export-Package>
+                        <Private-Package>!android.*,!sun.*,.</Private-Package>
                         <Import-Package>
                             !org.xbill.DNS*,
                             !sun.*,
                             !lombok,
-                            android.*;resolution:=optional,
+                            !android.*,
                             javax.naming.*;resolution:=optional,
-                            com.sun.jna.*;resolution:=optional,
+                            org.slf4j;version="[1.7,3)",
+                            com.sun.jna.*;resolution:=optional;version="[5,6)",
                             *
                         </Import-Package>
-                        <Bundle-RequiredExecutionEnvironment>JavaSE-1.8</Bundle-RequiredExecutionEnvironment>
                         <Bundle-License>
                             BSD-3-Clause;link="https://raw.githubusercontent.com/dnsjava/dnsjava/master/LICENSE"
                         </Bundle-License>
-                        <_removeheaders>Bnd-*, Tool, Require-Capability, Include-Resource</_removeheaders>
+                        <_removeheaders>Bnd-*, Tool, Require-Capability, Include-Resource, Private-Package</_removeheaders>
+                        <_snapshot>SNAPSHOT</_snapshot>
                         <Include-Resource>
                             {maven-resources},
                             META-INF/LICENSE=LICENSE
                         </Include-Resource>
                         <Main-Class>org.xbill.DNS.tools.Tools</Main-Class>
+                        <_fixupmessages>"Classes found in the wrong directory";is:=ignore</_fixupmessages>
+                        <Multi-Release>true</Multi-Release>
                     </instructions>
                 </configuration>
             </plugin>
 
+            <plugin>
+                <groupId>org.projectlombok</groupId>
+                <artifactId>lombok-maven-plugin</artifactId>
+                <version>1.18.20.0</version>
+                <configuration>
+                    <sourceDirectory>${project.build.sourceDirectory}</sourceDirectory>
+                    <addOutputDirectory>false</addOutputDirectory>
+                    <outputDirectory>${delombok.output}</outputDirectory>
+                </configuration>
+                <executions>
+                    <execution>
+                        <phase>generate-sources</phase>
+                        <goals>
+                            <goal>delombok</goal>
+                        </goals>
+                    </execution>
+                </executions>
+
+                <dependencies>
+                    <dependency>
+                        <groupId>org.projectlombok</groupId>
+                        <artifactId>lombok</artifactId>
+                        <version>${lombok.version}</version>
+                    </dependency>
+                </dependencies>
+            </plugin>
+
             <plugin>
                 <groupId>org.apache.maven.plugins</groupId>
                 <artifactId>maven-javadoc-plugin</artifactId>
-                <version>3.3.1</version>
+                <version>3.12.0</version>
                 <configuration>
                     <source>${target.jdk}</source>
+                    <sourcepath>${delombok.output}</sourcepath>
                     <debug>true</debug>
                     <windowtitle>dnsjava documentation</windowtitle>
                     <footer/>
                     <doclint>none</doclint>
+                    <excludePackageNames>android,android.*,sun.*</excludePackageNames>
                 </configuration>
             </plugin>
 
             <plugin>
                 <groupId>org.apache.maven.plugins</groupId>
                 <artifactId>maven-surefire-plugin</artifactId>
-                <version>2.22.2</version>
+                <version>3.5.4</version>
                 <configuration>
+                    <rerunFailingTestsCount>3</rerunFailingTestsCount>
+                    <redirectTestOutputToFile>true</redirectTestOutputToFile>
                     <includes>
                         <!-- Override default config to include inner test classes -->
                         <include>**/*Test*</include>
@@ -177,7 +315,7 @@
             <plugin>
                 <groupId>org.jacoco</groupId>
                 <artifactId>jacoco-maven-plugin</artifactId>
-                <version>0.8.7</version>
+                <version>0.8.14</version>
                 <executions>
                     <execution>
                         <id>prepare-agent</id>
@@ -192,13 +330,30 @@
                             <goal>report</goal>
                         </goals>
                     </execution>
+                    <execution>
+                        <id>default-cli</id>
+                        <goals>
+                            <goal>merge</goal>
+                        </goals>
+                        <configuration>
+                            <fileSets>
+                                <fileSet>
+                                    <directory>${project.build.directory}</directory>
+                                    <includes>
+                                        <include>jacoco-*.exec</include>
+                                    </includes>
+                                </fileSet>
+                            </fileSets>
+                            <destFile>${project.build.directory}/jacoco.exec</destFile>
+                        </configuration>
+                    </execution>
                 </executions>
             </plugin>
 
             <plugin>
                 <groupId>com.github.siom79.japicmp</groupId>
                 <artifactId>japicmp-maven-plugin</artifactId>
-                <version>0.15.3</version>
+                <version>0.25.4</version>
                 <configuration>
                     <newVersion>
                         <file>
@@ -212,24 +367,36 @@
                         <breakBuildOnBinaryIncompatibleModifications>true</breakBuildOnBinaryIncompatibleModifications>
                         <breakBuildOnSourceIncompatibleModifications>true</breakBuildOnSourceIncompatibleModifications>
                         <excludes>
-                            <!-- JDK9 removed the Nameservice SPI as per bug 8134577. -->
-                            <exclude>org.xbill.DNS.spi</exclude>
+                            <!-- Ignore classes that we need for compilation only -->
+                            <exclude>android</exclude>
+                            <exclude>sun</exclude>
                             <!-- internal API detected as public -->
                             <exclude>org.xbill.DNS.config.IPHlpAPI</exclude>
+                            <exclude>org.xbill.DNS.spi.DnsjavaInetAddressResolver</exclude>
+                            <exclude>org.xbill.DNS.spi.DNSJavaNameService</exclude>
+                            <exclude>org.xbill.DNS.spi.DNSJavaNameServiceDescriptor</exclude>
+                            <!-- Not available before Java 18 -->
+                            <exclude>org.xbill.DNS.spi.DnsjavaInetAddressResolver</exclude>
+                            <exclude>org.xbill.DNS.spi.DnsjavaInetAddressResolverProvider</exclude>
                         </excludes>
                         <overrideCompatibilityChangeParameters>
                             <overrideCompatibilityChangeParameter>
-                                <compatibilityChange>ANNOTATION_DEPRECATED_ADDED</compatibilityChange>
-                                <semanticVersionLevel>PATCH</semanticVersionLevel>
+                                <compatibilityChange>INTERFACE_ADDED</compatibilityChange>
+                                <binaryCompatible>true</binaryCompatible>
                                 <sourceCompatible>true</sourceCompatible>
+                                <semanticVersionLevel>PATCH</semanticVersionLevel>
+                            </overrideCompatibilityChangeParameter>
+                            <overrideCompatibilityChangeParameter>
+                                <compatibilityChange>SUPERCLASS_ADDED</compatibilityChange>
                                 <binaryCompatible>true</binaryCompatible>
+                                <sourceCompatible>true</sourceCompatible>
+                                <semanticVersionLevel>PATCH</semanticVersionLevel>
                             </overrideCompatibilityChangeParameter>
                             <overrideCompatibilityChangeParameter>
-                                <!-- https://github.com/siom79/japicmp/issues/201 -->
-                                <compatibilityChange>METHOD_NEW_DEFAULT</compatibilityChange>
+                                <compatibilityChange>ANNOTATION_DEPRECATED_ADDED</compatibilityChange>
                                 <semanticVersionLevel>PATCH</semanticVersionLevel>
-                                <binaryCompatible>true</binaryCompatible>
                                 <sourceCompatible>true</sourceCompatible>
+                                <binaryCompatible>true</binaryCompatible>
                             </overrideCompatibilityChangeParameter>
                         </overrideCompatibilityChangeParameters>
                     </parameter>
@@ -246,22 +413,52 @@
             </plugin>
 
             <plugin>
-                <groupId>com.coveo</groupId>
-                <artifactId>fmt-maven-plugin</artifactId>
-                <version>2.9.1</version>
+                <groupId>com.diffplug.spotless</groupId>
+                <artifactId>spotless-maven-plugin</artifactId>
+                <version>${spotless.version}</version>
                 <executions>
                     <execution>
                         <goals>
                             <goal>check</goal>
                         </goals>
+                        <phase>verify</phase>
                     </execution>
                 </executions>
+                <configuration>
+                    <formats>
+                        <format>
+                            <includes>
+                                <include>*.*</include>
+                            </includes>
+                            <excludes>
+                                <exclude>*.iml</exclude>
+                                <exclude>jcstress-*</exclude>
+                            </excludes>
+                            <trimTrailingWhitespace/>
+                            <endWithNewline/>
+                        </format>
+                    </formats>
+
+                    <java>
+                        <includes>
+                            <include>src/main/java/**/*.java</include>
+                            <include>src/main/java11/**/*.java</include>
+                            <include>src/main/java18/**/*.java</include>
+                            <include>src/test/java/**/*.java</include>
+                        </includes>
+                        <googleJavaFormat>
+                            <version>${google-java-format.version}</version>
+                        </googleJavaFormat>
+                        <removeUnusedImports/>
+                        <importOrder/>
+                    </java>
+                </configuration>
             </plugin>
 
             <plugin>
                 <groupId>org.apache.maven.plugins</groupId>
                 <artifactId>maven-checkstyle-plugin</artifactId>
-                <version>3.1.2</version>
+                <version>3.6.0</version>
                 <executions>
                     <execution>
                         <id>check</id>
@@ -277,6 +474,8 @@
                     <configLocation>google_checks.xml</configLocation>
                     -->
                     <configLocation>checkstyle/checkstyle-config.xml</configLocation>
+                    <suppressionsLocation>checkstyle/checkstyle-suppressions.xml</suppressionsLocation>
+                    <includeTestSourceDirectory>true</includeTestSourceDirectory>
                     <linkXRef>false</linkXRef>
                     <consoleOutput>true</consoleOutput>
                     <failsOnError>true</failsOnError>
@@ -285,66 +484,89 @@
                     <dependency>
                         <groupId>com.puppycrawl.tools</groupId>
                         <artifactId>checkstyle</artifactId>
-                        <version>8.44</version>
+                        <version>9.3</version>
                     </dependency>
                 </dependencies>
             </plugin>
 
             <plugin>
                 <groupId>org.apache.maven.plugins</groupId>
-                <artifactId>maven-deploy-plugin</artifactId>
-                <version>2.8.2</version>
+                <artifactId>maven-clean-plugin</artifactId>
+                <version>3.5.0</version>
+                <configuration>
+                    <filesets>
+                        <fileset>
+                            <!-- JCStress writes to the project directory without any option to configure the target -->
+                            <directory>${project.basedir}</directory>
+                            <includes>
+                                <include>jcstress-*</include>
+                            </includes>
+                        </fileset>
+                    </filesets>
+                </configuration>
             </plugin>
 
             <plugin>
-                <groupId>org.sonatype.plugins</groupId>
-                <artifactId>nexus-staging-maven-plugin</artifactId>
-                <version>1.6.8</version>
+                <groupId>org.sonatype.central</groupId>
+                <artifactId>central-publishing-maven-plugin</artifactId>
+                <version>0.10.0</version>
                 <extensions>true</extensions>
                 <configuration>
-                    <serverId>ossrh</serverId>
-                    <nexusUrl>https://oss.sonatype.org/</nexusUrl>
-                    <autoReleaseAfterClose>true</autoReleaseAfterClose>
+                    <publishingServerId>central</publishingServerId>
+                    <autoPublish>true</autoPublish>
                 </configuration>
             </plugin>
 
             <plugin>
-                <groupId>org.codehaus.mojo</groupId>
-                <artifactId>animal-sniffer-maven-plugin</artifactId>
-                <version>1.20</version>
-                <configuration>
-                    <signature>
-                        <groupId>net.sf.androidscents.signature</groupId>
-                        <artifactId>android-api-level-26</artifactId>
-                        <version>8.0.0_r2</version>
-                    </signature>
-                    <ignores>
-                        <ignore>javax.naming.NamingException</ignore>
-                        <ignore>javax.naming.directory.*</ignore>
-                        <ignore>sun.net.spi.nameservice.*</ignore>
-                    </ignores>
-                </configuration>
+                <groupId>org.apache.maven.plugins</groupId>
+                <artifactId>maven-enforcer-plugin</artifactId>
+                <version>3.6.2</version>
                 <executions>
                     <execution>
-                        <id>animal-sniffer</id>
-                        <phase>test</phase>
+                        <id>enforce-maven</id>
                         <goals>
-                            <goal>check</goal>
+                            <goal>enforce</goal>
                         </goals>
+                        <configuration>
+                            <rules>
+                                <requireMavenVersion>
+                                    <version>3.6.3</version>
+                                </requireMavenVersion>
+                            </rules>
+                        </configuration>
                     </execution>
                 </executions>
             </plugin>
 
             <plugin>
-                <groupId>org.apache.maven.plugins</groupId>
-                <artifactId>maven-resources-plugin</artifactId>
-                <version>3.2.0</version>
-            </plugin>
-
-            <plugin>
-                <groupId>org.apache.maven.plugins</groupId>
-                <artifactId>maven-install-plugin</artifactId>
-                <version>2.5.2</version>
+                <groupId>org.codehaus.mojo</groupId>
+                <artifactId>versions-maven-plugin</artifactId>
+                <version>2.20.1</version>
+                <configuration>
+                    <ignoredVersions>
+                        <!-- Ignore Alpha's, Beta's, release candidates and milestones -->
+                        <ignoreVersion type="regex">(?i).*Alpha(?:-?\d+)?</ignoreVersion>
+                        <ignoreVersion type="regex">(?i).*a(?:-?\d+)?</ignoreVersion>
+                        <ignoreVersion type="regex">(?i).*Beta(?:-?\d+)?</ignoreVersion>
+                        <ignoreVersion type="regex">(?i).*-B(?:-?\d+)?</ignoreVersion>
+                        <ignoreVersion type="regex">(?i).*RC(?:-?\d+)?</ignoreVersion>
+                        <ignoreVersion type="regex">(?i).*CR(?:-?\d+)?</ignoreVersion>
+                        <ignoreVersion type="regex">(?i).*M(?:-?\d+)?</ignoreVersion>
+                    </ignoredVersions>
+                    <ruleSet>
+                        <rules>
+                            <rule>
+                                <!-- stay on slf4j 1.x -->
+                                <groupId>org.slf4j</groupId>
+                                <ignoreVersions><ignoreVersion>
+                                    <type>range</type>
+                                    <version>[2.0,)</version>
+                                </ignoreVersion>
+                                </ignoreVersions>
+                            </rule>
+                        </rules>
+                    </ruleSet>
+                </configuration>
             </plugin>
         </plugins>
     </build>
@@ -361,12 +583,6 @@
             <version>${lombok.version}</version>
             <scope>provided</scope>
         </dependency>
-        <dependency>
-            <groupId>org.robolectric</groupId>
-            <artifactId>android-all</artifactId>
-            <version>10-robolectric-5803371</version>
-            <scope>provided</scope>
-        </dependency>
         <dependency>
             <groupId>net.java.dev.jna</groupId>
             <artifactId>jna</artifactId>
@@ -381,7 +597,13 @@
         </dependency>
         <dependency>
             <groupId>org.bouncycastle</groupId>
-            <artifactId>bcprov-jdk15on</artifactId>
+            <artifactId>bcprov-jdk18on</artifactId>
+            <version>${bouncycastle.version}</version>
+            <scope>test</scope>
+        </dependency>
+        <dependency>
+            <groupId>org.bouncycastle</groupId>
+            <artifactId>bcutil-jdk18on</artifactId>
             <version>${bouncycastle.version}</version>
             <scope>test</scope>
         </dependency>
@@ -403,6 +625,12 @@
             <version>${org.junit.version}</version>
             <scope>test</scope>
         </dependency>
+        <dependency>
+            <groupId>org.assertj</groupId>
+            <artifactId>assertj-core</artifactId>
+            <version>3.27.6</version>
+            <scope>test</scope>
+        </dependency>
         <dependency>
             <groupId>org.mockito</groupId>
             <artifactId>mockito-core</artifactId>
@@ -415,6 +643,12 @@
             <version>${mockito.version}</version>
             <scope>test</scope>
         </dependency>
+        <dependency>
+            <groupId>net.bytebuddy</groupId>
+            <artifactId>byte-buddy-agent</artifactId>
+            <version>1.18.4</version>
+            <scope>test</scope>
+        </dependency>
         <dependency>
             <groupId>org.slf4j</groupId>
             <artifactId>slf4j-simple</artifactId>
@@ -433,6 +667,25 @@
             <version>${vertx.version}</version>
             <scope>test</scope>
         </dependency>
+        <dependency>
+            <!-- Not actually needed, but required to silence javac annotation processor warnings -->
+            <groupId>io.vertx</groupId>
+            <artifactId>vertx-codegen</artifactId>
+            <version>${vertx.version}</version>
+            <scope>test</scope>
+        </dependency>
+        <dependency>
+            <groupId>commons-io</groupId>
+            <artifactId>commons-io</artifactId>
+            <version>2.21.0</version>
+            <scope>test</scope>
+        </dependency>
+        <dependency>
+            <groupId>org.openjdk.jcstress</groupId>
+            <artifactId>jcstress-core</artifactId>
+            <version>0.16</version>
+            <scope>test</scope>
+        </dependency>
     </dependencies>
 
     <profiles>
@@ -451,69 +704,340 @@
                             <target>${target.jdk}</target>
                         </configuration>
                     </plugin>
+
+                    <plugin>
+                        <groupId>org.codehaus.mojo</groupId>
+                        <artifactId>animal-sniffer-maven-plugin</artifactId>
+                        <version>1.24</version>
+                        <configuration>
+                            <signature>
+                                <groupId>com.toasttab.android</groupId>
+                                <artifactId>gummy-bears-api-26</artifactId>
+                                <version>0.12.0</version>
+                            </signature>
+                            <ignores>
+                                <ignore>javax.naming.NamingException</ignore>
+                                <ignore>javax.naming.directory.*</ignore>
+                                <ignore>sun.net.spi.nameservice.*</ignore>
+                                <ignore>java.net.spi.*</ignore>
+                            </ignores>
+                        </configuration>
+                        <dependencies>
+                            <dependency>
+                                <groupId>org.ow2.asm</groupId>
+                                <artifactId>asm</artifactId>
+                                <version>9.8</version>
+                            </dependency>
+                        </dependencies>
+                        <executions>
+                            <execution>
+                                <id>animal-sniffer</id>
+                                <phase>test</phase>
+                                <goals>
+                                    <goal>check</goal>
+                                </goals>
+                            </execution>
+                        </executions>
+                    </plugin>
+
+                    <plugin>
+                        <groupId>org.jacoco</groupId>
+                        <artifactId>jacoco-maven-plugin</artifactId>
+                        <executions>
+                            <execution>
+                                <id>report</id>
+                                <phase>verify</phase>
+                                <goals>
+                                    <goal>report</goal>
+                                </goals>
+                                <configuration>
+                                    <excludes>
+                                        <exclude>META-INF/**</exclude>
+                                    </excludes>
+                                </configuration>
+                            </execution>
+                        </executions>
+                    </plugin>
                 </plugins>
             </build>
         </profile>
 
         <profile>
-            <!-- JDK9 removed the Nameservice SPI as per bug 8134577. There's no replacement. -->
-            <id>no-spi-on-java9</id>
+            <id>java11</id>
             <activation>
-                <jdk>[9,)</jdk>
+                <jdk>[11,)</jdk>
             </activation>
 
+            <properties>
+                <mockito.version>5.21.0</mockito.version>
+                <!--
+                 Stay on 1.24 as 1.25 requires JDK 17
+                -->
+                <google-java-format.version>1.24.0</google-java-format.version>
+                <!--
+                 Stay on 2x as 3.x requires JDK 17
+                -->
+                <spotless.version>2.46.1</spotless.version>
+            </properties>
+
             <build>
                 <plugins>
+                    <plugin>
+                        <groupId>org.apache.felix</groupId>
+                        <artifactId>maven-bundle-plugin</artifactId>
+                        <configuration>
+                            <instructions>
+                                <Include-Resource>
+                                    {maven-resources},
+                                    META-INF/versions=-target/classes/META-INF/versions,
+                                    META-INF/LICENSE=LICENSE
+                                </Include-Resource>
+                            </instructions>
+                        </configuration>
+                    </plugin>
+
                     <plugin>
                         <groupId>org.apache.maven.plugins</groupId>
                         <artifactId>maven-compiler-plugin</artifactId>
                         <configuration>
                             <release>${target.jdk}</release>
+                            <compilerArgs>
+                                <arg>-Xlint:all,-serial,-processing,-requires-automatic</arg>
+                                <arg>-Xpkginfo:always</arg>
+                            </compilerArgs>
+                        </configuration>
+
+                        <executions>
+                            <!-- Compile by default for Java 8 -->
+                            <execution>
+                                <id>default-compile</id>
+                                <goals>
+                                    <goal>compile</goal>
+                                </goals>
+                                <configuration>
+                                    <release>${target.jdk}</release>
+                                    <compileSourceRoots>
+                                        <compileSourceRoot>${project.basedir}/src/main/java</compileSourceRoot>
+                                    </compileSourceRoots>
+                                </configuration>
+                            </execution>
+
+                            <!-- Compile Java 11+ stuff (module-info) -->
+                            <execution>
+                                <id>compile-java11</id>
+                                <goals>
+                                    <goal>compile</goal>
+                                </goals>
+                                <configuration>
+                                    <release>11</release>
+                                    <multiReleaseOutput>true</multiReleaseOutput>
+                                    <compileSourceRoots>
+                                        <compileSourceRoot>${project.basedir}/src/main/java11</compileSourceRoot>
+                                    </compileSourceRoots>
+                                </configuration>
+                            </execution>
+
+                            <execution>
+                                <id>default-testCompile</id>
+                                <configuration>
+                                    <release>${target.jdk}</release>
+                                </configuration>
+                            </execution>
+                        </executions>
+                    </plugin>
+
+                    <plugin>
+                        <groupId>org.apache.maven.plugins</groupId>
+                        <artifactId>maven-surefire-plugin</artifactId>
+                        <configuration>
+                            <argLine>
+                                @{argLine}
+                                --add-opens java.base/sun.net.dns=ALL-UNNAMED
+                            </argLine>
+
+                            <!--
+                              Workaround to actually use / prefer the versioned classes
+                              https://issues.apache.org/jira/browse/SUREFIRE-1731
+                            -->
+                            <useModulePath>false</useModulePath>
+                            <classesDirectory>${project.build.outputDirectory}/META-INF/versions/11</classesDirectory>
+                            <additionalClasspathElements>
+                                <additionalClasspathElement>${project.build.outputDirectory}</additionalClasspathElement>
+                            </additionalClasspathElements>
+                        </configuration>
+                    </plugin>
+
+                    <plugin>
+                        <groupId>org.jacoco</groupId>
+                        <artifactId>jacoco-maven-plugin</artifactId>
+                        <configuration>
                             <excludes>
-                                <exclude>org/xbill/DNS/spi/**</exclude>
+                                <exclude>org/xbill/DNS/AsyncSemaphore*</exclude>
+                                <exclude>org/xbill/DNS/DohResolver*</exclude>
                             </excludes>
                         </configuration>
                     </plugin>
+                </plugins>
+            </build>
+        </profile>
 
+        <profile>
+            <!--
+              Required only for maven-source-plugin, but needs to be hidden from IntelliJ
+              https://github.com/apache/maven-source-plugin/issues/215
+            -->
+            <id>java11-not-idea</id>
+            <activation>
+                <activeByDefault>false</activeByDefault>
+                <jdk>[11,)</jdk>
+                <property>
+                    <name>!idea.version</name>
+                </property>
+            </activation>
+            <build>
+                <plugins>
                     <plugin>
-                        <groupId>org.apache.maven.plugins</groupId>
-                        <artifactId>maven-javadoc-plugin</artifactId>
+                        <groupId>org.codehaus.mojo</groupId>
+                        <artifactId>build-helper-maven-plugin</artifactId>
+                        <executions>
+                            <execution>
+                                <id>add-java11-source</id>
+                                <phase>generate-sources</phase>
+                                <goals>
+                                    <goal>add-source</goal>
+                                </goals>
+                                <configuration>
+                                    <sources>
+                                        <source>src/main/java11</source>
+                                    </sources>
+                                </configuration>
+                            </execution>
+                        </executions>
+                    </plugin>
+                </plugins>
+            </build>
+        </profile>
+
+        <profile>
+            <id>java18</id>
+            <activation>
+                <jdk>[18,)</jdk>
+            </activation>
+
+            <properties>
+                <google-java-format.version>1.27.0</google-java-format.version>
+                <spotless.version>3.1.0</spotless.version>
+            </properties>
+
+            <build>
+                <plugins>
+                    <plugin>
+                        <groupId>com.diffplug.spotless</groupId>
+                        <artifactId>spotless-maven-plugin</artifactId>
                         <configuration>
-                            <excludePackageNames>*.spi</excludePackageNames>
+                            <java>
+                                <forbidWildcardImports/>
+                            </java>
                         </configuration>
                     </plugin>
 
+                    <plugin>
+                        <groupId>org.apache.maven.plugins</groupId>
+                        <artifactId>maven-compiler-plugin</artifactId>
+                        <executions>
+                            <!-- Compile Java 18+ stuff (DNS SPI) -->
+                            <execution>
+                                <id>compile-java18</id>
+                                <goals>
+                                    <goal>compile</goal>
+                                </goals>
+                                <configuration>
+                                    <release>18</release>
+                                    <multiReleaseOutput>true</multiReleaseOutput>
+                                    <compileSourceRoots>
+                                        <compileSourceRoot>${project.basedir}/src/main/java18</compileSourceRoot>
+                                    </compileSourceRoots>
+                                </configuration>
+                            </execution>
+                        </executions>
+                    </plugin>
+
+                    <plugin>
+                        <groupId>org.apache.maven.plugins</groupId>
+                        <artifactId>maven-dependency-plugin</artifactId>
+                        <executions>
+                            <execution>
+                                <phase>initialize</phase>
+                                <goals>
+                                    <goal>properties</goal>
+                                </goals>
+                            </execution>
+                        </executions>
+                    </plugin>
+
                     <plugin>
                         <groupId>org.apache.maven.plugins</groupId>
                         <artifactId>maven-surefire-plugin</artifactId>
                         <configuration>
                             <argLine>
-                                ${argLine} --add-opens java.base/sun.net.dns=ALL-UNNAMED
+                                @{argLine}
+                                --enable-native-access=ALL-UNNAMED
+                                --add-opens java.base/sun.net.dns=ALL-UNNAMED
+                                -javaagent:${net.bytebuddy:byte-buddy-agent:jar}
+                                -javaagent:${org.mockito:mockito-core:jar}
                             </argLine>
+
+                            <!--
+                              Workaround to actually use / prefer the versioned classes
+                              https://issues.apache.org/jira/browse/SUREFIRE-1731
+                            -->
+                            <useModulePath>false</useModulePath>
+                            <classesDirectory>${project.build.outputDirectory}/META-INF/versions/18</classesDirectory>
+                            <additionalClasspathElements>
+                                <additionalClasspathElement>${project.build.outputDirectory}/META-INF/versions/11</additionalClasspathElement>
+                                <additionalClasspathElement>${project.build.outputDirectory}</additionalClasspathElement>
+                            </additionalClasspathElements>
                         </configuration>
                     </plugin>
                 </plugins>
+            </build>
+        </profile>
 
-                <resources>
-                    <resource>
-                        <directory>src/main/resources</directory>
-                        <excludes>
-                            <exclude>META-INF/services/sun.net.spi.nameservice.NameServiceDescriptor</exclude>
-                        </excludes>
-                    </resource>
-                </resources>
+        <profile>
+            <!--
+              Required only for maven-source-plugin, but needs to be hidden from IntelliJ
+              https://github.com/apache/maven-source-plugin/issues/215
+            -->
+            <id>java18-not-idea</id>
+            <activation>
+                <activeByDefault>false</activeByDefault>
+                <jdk>[18,)</jdk>
+                <property>
+                    <name>!idea.version</name>
+                </property>
+            </activation>
+            <build>
+                <plugins>
+                    <plugin>
+                        <groupId>org.codehaus.mojo</groupId>
+                        <artifactId>build-helper-maven-plugin</artifactId>
+                        <executions>
+                            <execution>
+                                <id>add-java18-source</id>
+                                <phase>generate-sources</phase>
+                                <goals>
+                                    <goal>add-source</goal>
+                                </goals>
+                                <configuration>
+                                    <sources>
+                                        <source>src/main/java18</source>
+                                    </sources>
+                                </configuration>
+                            </execution>
+                        </executions>
+                    </plugin>
+                </plugins>
             </build>
         </profile>
     </profiles>
-
-    <distributionManagement>
-        <snapshotRepository>
-            <id>ossrh</id>
-            <url>https://oss.sonatype.org/content/repositories/snapshots</url>
-        </snapshotRepository>
-        <repository>
-            <id>ossrh</id>
-            <url>https://oss.sonatype.org/service/local/staging/deploy/maven2/</url>
-        </repository>
-    </distributionManagement>
 </project>
diff --git a/sonar-project.properties b/sonar-project.properties
new file mode 100644
index 000000000..cd8976375
--- /dev/null
+++ b/sonar-project.properties
@@ -0,0 +1,35 @@
+sonar.projectKey=dnsjava_dnsjava
+sonar.organization=dnsjava
+sonar.host.url=https://sonarcloud.io
+sonar.java.source=8
+sonar.coverage.jacoco.xmlReportPaths=target/site/jacoco/jacoco.xml
+sonar.scanner.skipJreProvisioning=true
+
+sonar.issue.ignore.multicriteria=S106,S107,S120,S1948,S2160
+
+# Standard outputs should not be used directly to log anything
+# The tools are intended for command line usage, it's not logging
+sonar.issue.ignore.multicriteria.S106.ruleKey=java:S106
+sonar.issue.ignore.multicriteria.S106.resourceKey=**/tools/*.java
+
+# Package names should comply with a naming convention
+# org.xbill.DNS - api compatibility
+sonar.issue.ignore.multicriteria.S120.ruleKey=java:S120
+sonar.issue.ignore.multicriteria.S120.resourceKey=**
+
+# Methods should not have too many parameters
+# The Record implementations have these for their definition
+sonar.issue.ignore.multicriteria.S107.ruleKey=java:S107
+sonar.issue.ignore.multicriteria.S107.resourceKey=**/*Record.java
+
+# Fields in a "Serializable" class should either be transient or serializable
+# Serialization should use the wire format, supported for EJB scenarios. See
+# https://github.com/dnsjava/dnsjava/issues/114
+# https://github.com/dnsjava/dnsjava/issues/132
+sonar.issue.ignore.multicriteria.S1948.ruleKey=java:S1948
+sonar.issue.ignore.multicriteria.S1948.resourceKey=**/*Record.java
+
+# Subclasses that add fields to classes that override "equals" should also override "equals"
+# The Record base class implements equals based on the record's wire format
+sonar.issue.ignore.multicriteria.S2160.ruleKey=java:S2160
+sonar.issue.ignore.multicriteria.S2160.resourceKey=**/*Record.java
diff --git a/src/main/java/android/content/Context.java b/src/main/java/android/content/Context.java
new file mode 100644
index 000000000..45628bc73
--- /dev/null
+++ b/src/main/java/android/content/Context.java
@@ -0,0 +1,8 @@
+// SPDX-License-Identifier: BSD-3-Clause
+package android.content;
+
+public class Context {
+  public <T> T getSystemService(Class<T> serviceClass) {
+    throw new UnsupportedOperationException();
+  }
+}
diff --git a/src/main/java/android/net/ConnectivityManager.java b/src/main/java/android/net/ConnectivityManager.java
new file mode 100644
index 000000000..2c3c44d3e
--- /dev/null
+++ b/src/main/java/android/net/ConnectivityManager.java
@@ -0,0 +1,12 @@
+// SPDX-License-Identifier: BSD-3-Clause
+package android.net;
+
+public class ConnectivityManager {
+  public Network getActiveNetwork() {
+    throw new UnsupportedOperationException();
+  }
+
+  public LinkProperties getLinkProperties(Network network) {
+    throw new UnsupportedOperationException();
+  }
+}
diff --git a/src/main/java/android/net/LinkProperties.java b/src/main/java/android/net/LinkProperties.java
new file mode 100644
index 000000000..ad264e794
--- /dev/null
+++ b/src/main/java/android/net/LinkProperties.java
@@ -0,0 +1,15 @@
+// SPDX-License-Identifier: BSD-3-Clause
+package android.net;
+
+import java.net.InetAddress;
+import java.util.List;
+
+public class LinkProperties {
+  public List<InetAddress> getDnsServers() {
+    throw new UnsupportedOperationException();
+  }
+
+  public String getDomains() {
+    throw new UnsupportedOperationException();
+  }
+}
diff --git a/src/main/java/android/net/Network.java b/src/main/java/android/net/Network.java
new file mode 100644
index 000000000..afa217c19
--- /dev/null
+++ b/src/main/java/android/net/Network.java
@@ -0,0 +1,5 @@
+// SPDX-License-Identifier: BSD-3-Clause
+package android.net;
+
+@SuppressWarnings("java:S2094")
+public class Network {}
diff --git a/src/main/java/android/package-info.java b/src/main/java/android/package-info.java
new file mode 100644
index 000000000..5e78b1b4b
--- /dev/null
+++ b/src/main/java/android/package-info.java
@@ -0,0 +1,7 @@
+// SPDX-License-Identifier: BSD-3-Clause
+
+/**
+ * The interfaces in this package were automatically extracted and are used to compile on against
+ * the Android SDK without installing it. The RoboElectric dependency does not work with JPMS.
+ */
+package android;
diff --git a/src/main/java/org/xbill/DNS/A6Record.java b/src/main/java/org/xbill/DNS/A6Record.java
index 3d8441ee2..7f1915240 100644
--- a/src/main/java/org/xbill/DNS/A6Record.java
+++ b/src/main/java/org/xbill/DNS/A6Record.java
@@ -11,7 +11,8 @@
  * A6 Record - maps a domain name to an IPv6 address (historic)
  *
  * @author Brian Wellington
- * @see <a href="https://tools.ietf.org/html/rfc6563">RFC 6563: Moving A6 to Historic Status</a>
+ * @see <a href="https://datatracker.ietf.org/doc/html/rfc6563">RFC 6563: Moving A6 to Historic
+ *     Status</a>
  */
 public class A6Record extends Record {
   private int prefixBits;
diff --git a/src/main/java/org/xbill/DNS/AAAARecord.java b/src/main/java/org/xbill/DNS/AAAARecord.java
index 6f7c4b9b9..a834c2ff1 100644
--- a/src/main/java/org/xbill/DNS/AAAARecord.java
+++ b/src/main/java/org/xbill/DNS/AAAARecord.java
@@ -11,8 +11,8 @@
  * IPv6 Address Record - maps a domain name to an IPv6 address
  *
  * @author Brian Wellington
- * @see <a href="https://tools.ietf.org/html/rfc3596">RFC 3596: DNS Extensions to Support IP Version
- *     6</a>
+ * @see <a href="https://datatracker.ietf.org/doc/html/rfc3596">RFC 3596: DNS Extensions to Support
+ *     IP Version 6</a>
  */
 public class AAAARecord extends Record {
   private byte[] address;
@@ -20,9 +20,9 @@ public class AAAARecord extends Record {
   AAAARecord() {}
 
   /**
-   * Creates an AAAA Record from the given data
+   * Creates an AAAA record from the given address.
    *
-   * @param address The address suffix
+   * @param address The address that the name refers to.
    */
   public AAAARecord(Name name, int dclass, long ttl, InetAddress address) {
     super(name, Type.AAAA, dclass, ttl);
@@ -32,6 +32,20 @@ public AAAARecord(Name name, int dclass, long ttl, InetAddress address) {
     this.address = address.getAddress();
   }
 
+  /**
+   * Creates an AAAA record from the given data.
+   *
+   * @param address The address that the name refers to
+   * @since 3.6
+   */
+  public AAAARecord(Name name, int dclass, long ttl, byte[] address) {
+    super(name, Type.AAAA, dclass, ttl);
+    if (address == null || address.length != 16) {
+      throw new IllegalArgumentException("invalid IPv6 address");
+    }
+    this.address = address;
+  }
+
   @Override
   protected void rrFromWire(DNSInput in) throws IOException {
     address = in.readByteArray(16);
diff --git a/src/main/java/org/xbill/DNS/AFSDBRecord.java b/src/main/java/org/xbill/DNS/AFSDBRecord.java
index 6a41251b3..6ca2f0524 100644
--- a/src/main/java/org/xbill/DNS/AFSDBRecord.java
+++ b/src/main/java/org/xbill/DNS/AFSDBRecord.java
@@ -7,7 +7,7 @@
  * AFS Data Base Record - maps a domain name to the name of an AFS cell database server.
  *
  * @author Brian Wellington
- * @see <a href="https://tools.ietf.org/html/rfc1183">RFC 1183: New DNS RR Definitions</a>
+ * @see <a href="https://datatracker.ietf.org/doc/html/rfc1183">RFC 1183: New DNS RR Definitions</a>
  */
 public class AFSDBRecord extends U16NameBase {
   AFSDBRecord() {}
diff --git a/src/main/java/org/xbill/DNS/APLRecord.java b/src/main/java/org/xbill/DNS/APLRecord.java
index 6a3f254d5..cdfc805fe 100644
--- a/src/main/java/org/xbill/DNS/APLRecord.java
+++ b/src/main/java/org/xbill/DNS/APLRecord.java
@@ -4,27 +4,23 @@
 package org.xbill.DNS;
 
 import java.io.IOException;
+import java.io.Serializable;
 import java.net.InetAddress;
 import java.util.ArrayList;
 import java.util.Iterator;
 import java.util.List;
 import org.xbill.DNS.utils.base16;
 
-/*
- * Note: this currently uses the same constants as the Address class;
- * this could change if more constants are defined for APL records.
- */
-
 /**
  * APL - Address Prefix List.
  *
  * @author Brian Wellington
- * @see <a href="https://tools.ietf.org/html/rfc3123">RFC 3123: A DNS RR Type for Lists of Address
- *     Prefixes (APL RR)</a>
+ * @see <a href="https://datatracker.ietf.org/doc/html/rfc3123">RFC 3123: A DNS RR Type for Lists of
+ *     Address Prefixes (APL RR)</a>
  */
 public class APLRecord extends Record {
 
-  public static class Element {
+  public static class Element implements Serializable {
     public final int family;
     public final boolean negative;
     public final int prefixLength;
@@ -168,7 +164,7 @@ protected void rdataFromString(Tokenizer st, Name origin) throws IOException {
       int family;
       int prefix;
 
-      String s = t.value;
+      String s = t.value();
       int start = 0;
       if (s.startsWith("!")) {
         negative = true;
diff --git a/src/main/java/org/xbill/DNS/ARecord.java b/src/main/java/org/xbill/DNS/ARecord.java
index a4739fccb..e5cd28f94 100644
--- a/src/main/java/org/xbill/DNS/ARecord.java
+++ b/src/main/java/org/xbill/DNS/ARecord.java
@@ -11,8 +11,8 @@
  * Address Record - maps a domain name to an Internet address
  *
  * @author Brian Wellington
- * @see <a href="https://tools.ietf.org/html/rfc1035">RFC 1035: Domain Names - Implementation and
- *     Specification</a>
+ * @see <a href="https://datatracker.ietf.org/doc/html/rfc1035">RFC 1035: Domain Names -
+ *     Implementation and Specification</a>
  */
 public class ARecord extends Record {
   private int addr;
@@ -48,6 +48,20 @@ public ARecord(Name name, int dclass, long ttl, InetAddress address) {
     addr = fromArray(address.getAddress());
   }
 
+  /**
+   * Creates an A Record from the given data
+   *
+   * @param address The address that the name refers to
+   * @since 3.6
+   */
+  public ARecord(Name name, int dclass, long ttl, byte[] address) {
+    super(name, Type.A, dclass, ttl);
+    if (address == null || address.length != 4) {
+      throw new IllegalArgumentException("invalid IPv4 address");
+    }
+    addr = fromArray(address);
+  }
+
   @Override
   protected void rrFromWire(DNSInput in) throws IOException {
     addr = fromArray(in.readByteArray(4));
@@ -79,6 +93,6 @@ public InetAddress getAddress() {
 
   @Override
   protected void rrToWire(DNSOutput out, Compression c, boolean canonical) {
-    out.writeU32((long) addr & 0xFFFFFFFFL);
+    out.writeU32(addr & 0xFFFFFFFFL);
   }
 }
diff --git a/src/main/java/org/xbill/DNS/Address.java b/src/main/java/org/xbill/DNS/Address.java
index 8a8c16320..c2bc669e0 100644
--- a/src/main/java/org/xbill/DNS/Address.java
+++ b/src/main/java/org/xbill/DNS/Address.java
@@ -7,6 +7,7 @@
 import java.net.Inet6Address;
 import java.net.InetAddress;
 import java.net.UnknownHostException;
+import lombok.experimental.UtilityClass;
 
 /**
  * Routines dealing with IP addresses. Includes functions similar to those in the
@@ -14,166 +15,12 @@
  *
  * @author Brian Wellington
  */
+@UtilityClass
 public final class Address {
 
   public static final int IPv4 = 1;
   public static final int IPv6 = 2;
 
-  private Address() {}
-
-  private static byte[] parseV4(String s) {
-    int numDigits;
-    int currentOctet;
-    byte[] values = new byte[4];
-    int currentValue;
-    int length = s.length();
-
-    currentOctet = 0;
-    currentValue = 0;
-    numDigits = 0;
-    for (int i = 0; i < length; i++) {
-      char c = s.charAt(i);
-      if (c >= '0' && c <= '9') {
-        /* Can't have more than 3 digits per octet. */
-        if (numDigits == 3) {
-          return null;
-        }
-        /* Octets shouldn't start with 0, unless they are 0. */
-        if (numDigits > 0 && currentValue == 0) {
-          return null;
-        }
-        numDigits++;
-        currentValue *= 10;
-        currentValue += c - '0';
-        /* 255 is the maximum value for an octet. */
-        if (currentValue > 255) {
-          return null;
-        }
-      } else if (c == '.') {
-        /* Can't have more than 3 dots. */
-        if (currentOctet == 3) {
-          return null;
-        }
-        /* Two consecutive dots are bad. */
-        if (numDigits == 0) {
-          return null;
-        }
-        values[currentOctet++] = (byte) currentValue;
-        currentValue = 0;
-        numDigits = 0;
-      } else {
-        return null;
-      }
-    }
-    /* Must have 4 octets. */
-    if (currentOctet != 3) {
-      return null;
-    }
-    /* The fourth octet can't be empty. */
-    if (numDigits == 0) {
-      return null;
-    }
-    values[currentOctet] = (byte) currentValue;
-    return values;
-  }
-
-  private static byte[] parseV6(String s) {
-    int range = -1;
-    byte[] data = new byte[16];
-
-    String[] tokens = s.split(":", -1);
-
-    int first = 0;
-    int last = tokens.length - 1;
-
-    if (tokens[0].length() == 0) {
-      // If the first two tokens are empty, it means the string
-      // started with ::, which is fine.  If only the first is
-      // empty, the string started with :, which is bad.
-      if (last - first > 0 && tokens[1].length() == 0) {
-        first++;
-      } else {
-        return null;
-      }
-    }
-
-    if (tokens[last].length() == 0) {
-      // If the last two tokens are empty, it means the string
-      // ended with ::, which is fine.  If only the last is
-      // empty, the string ended with :, which is bad.
-      if (last - first > 0 && tokens[last - 1].length() == 0) {
-        last--;
-      } else {
-        return null;
-      }
-    }
-
-    if (last - first + 1 > 8) {
-      return null;
-    }
-
-    int i, j;
-    for (i = first, j = 0; i <= last; i++) {
-      if (tokens[i].length() == 0) {
-        if (range >= 0) {
-          return null;
-        }
-        range = j;
-        continue;
-      }
-
-      if (tokens[i].indexOf('.') >= 0) {
-        // An IPv4 address must be the last component
-        if (i < last) {
-          return null;
-        }
-        // There can't have been more than 6 components.
-        if (i > 6) {
-          return null;
-        }
-        byte[] v4addr = Address.toByteArray(tokens[i], IPv4);
-        if (v4addr == null) {
-          return null;
-        }
-        for (int k = 0; k < 4; k++) {
-          data[j++] = v4addr[k];
-        }
-        break;
-      }
-
-      try {
-        for (int k = 0; k < tokens[i].length(); k++) {
-          char c = tokens[i].charAt(k);
-          if (Character.digit(c, 16) < 0) {
-            return null;
-          }
-        }
-        int x = Integer.parseInt(tokens[i], 16);
-        if (x > 0xFFFF || x < 0) {
-          return null;
-        }
-        data[j++] = (byte) (x >>> 8);
-        data[j++] = (byte) (x & 0xFF);
-      } catch (NumberFormatException e) {
-        return null;
-      }
-    }
-
-    if (j < 16 && range < 0) {
-      return null;
-    }
-
-    if (range >= 0) {
-      int empty = 16 - j;
-      System.arraycopy(data, range, data, range + empty, j - range);
-      for (i = range; i < range + empty; i++) {
-        data[i] = 0;
-      }
-    }
-
-    return data;
-  }
-
   /**
    * Convert a string containing an IP address to an array of 4 or 16 integers.
    *
@@ -212,9 +59,9 @@ public static int[] toArray(String s) {
    */
   public static byte[] toByteArray(String s, int family) {
     if (family == IPv4) {
-      return parseV4(s);
+      return IPAddressUtils.parseV4(s);
     } else if (family == IPv6) {
-      return parseV6(s);
+      return IPAddressUtils.parseV6(s);
     } else {
       throw new IllegalArgumentException("unknown address family");
     }
@@ -450,7 +297,7 @@ public static InetAddress truncate(InetAddress address, int maskLength) {
     for (int i = 0; i < maskBits; i++) {
       bitmask |= 1 << (7 - i);
     }
-    bytes[maskLength / 8] &= bitmask;
+    bytes[maskLength / 8] &= (byte) bitmask;
     try {
       return InetAddress.getByAddress(bytes);
     } catch (UnknownHostException e) {
diff --git a/src/main/java/org/xbill/DNS/AsyncSemaphore.java b/src/main/java/org/xbill/DNS/AsyncSemaphore.java
index 456b8ad32..0d704913a 100644
--- a/src/main/java/org/xbill/DNS/AsyncSemaphore.java
+++ b/src/main/java/org/xbill/DNS/AsyncSemaphore.java
@@ -6,6 +6,7 @@
 import java.util.Queue;
 import java.util.concurrent.CompletableFuture;
 import java.util.concurrent.CompletionStage;
+import java.util.concurrent.Executor;
 import java.util.concurrent.TimeUnit;
 import lombok.extern.slf4j.Slf4j;
 
@@ -13,34 +14,50 @@
 final class AsyncSemaphore {
   private final Queue<CompletableFuture<Permit>> queue = new ArrayDeque<>();
   private final Permit singletonPermit = new Permit();
+  private final String name;
   private volatile int permits;
 
   final class Permit {
-    public void release() {
+    public void release(int id, Executor executor) {
       synchronized (queue) {
         CompletableFuture<Permit> next = queue.poll();
         if (next == null) {
           permits++;
+          log.trace("{} permit released id={}, available={}", name, id, permits);
         } else {
-          next.complete(this);
+          log.trace("{} permit released id={}, available={}, immediate next", name, id, permits);
+          executor.execute(() -> next.complete(this));
         }
       }
     }
   }
 
-  AsyncSemaphore(int permits) {
+  AsyncSemaphore(int permits, String name) {
     this.permits = permits;
+    this.name = name;
+    log.debug("Using Java 8 implementation for {}", name);
   }
 
-  CompletionStage<Permit> acquire(Duration timeout) {
+  CompletionStage<Permit> acquire(Duration timeout, int id, Executor executor) {
     synchronized (queue) {
       if (permits > 0) {
         permits--;
+        log.trace("{} permit acquired id={}, available={}", name, id, permits);
         return CompletableFuture.completedFuture(singletonPermit);
       } else {
         TimeoutCompletableFuture<Permit> f = new TimeoutCompletableFuture<>();
         f.compatTimeout(timeout.toNanos(), TimeUnit.NANOSECONDS)
-            .whenComplete((result, ex) -> queue.remove(f));
+            .whenCompleteAsync(
+                (result, ex) -> {
+                  synchronized (queue) {
+                    if (ex != null) {
+                      log.trace("{} permit timed out id={}, available={}", name, id, permits);
+                    }
+                    queue.remove(f);
+                  }
+                },
+                executor);
+        log.trace("{} permit queued id={}, available={}", name, id, permits);
         queue.add(f);
         return f;
       }
diff --git a/src/main/java/org/xbill/DNS/CAARecord.java b/src/main/java/org/xbill/DNS/CAARecord.java
index 47a4dd20c..2fc61cee8 100644
--- a/src/main/java/org/xbill/DNS/CAARecord.java
+++ b/src/main/java/org/xbill/DNS/CAARecord.java
@@ -9,8 +9,8 @@
  * Certification Authority Authorization
  *
  * @author Brian Wellington
- * @see <a href="https://tools.ietf.org/html/rfc6844">RFC 6844: DNS Certification Authority
- *     Authorization (CAA) Resource Record</a>
+ * @see <a href="https://datatracker.ietf.org/doc/html/rfc6844">RFC 6844: DNS Certification
+ *     Authority Authorization (CAA) Resource Record</a>
  */
 public class CAARecord extends Record {
   public static class Flags {
diff --git a/src/main/java/org/xbill/DNS/CDNSKEYRecord.java b/src/main/java/org/xbill/DNS/CDNSKEYRecord.java
index 887902718..778ac69a6 100644
--- a/src/main/java/org/xbill/DNS/CDNSKEYRecord.java
+++ b/src/main/java/org/xbill/DNS/CDNSKEYRecord.java
@@ -7,8 +7,8 @@
  * Child DNSKEY record as specified in RFC 8078.
  *
  * @see DNSSEC
- * @see <a href="https://tools.ietf.org/html/rfc8078">RFC 8078: Managing DS Records from the Parent
- *     via CDS/CDNSKEY</a>
+ * @see <a href="https://datatracker.ietf.org/doc/html/rfc8078">RFC 8078: Managing DS Records from
+ *     the Parent via CDS/CDNSKEY</a>
  */
 public class CDNSKEYRecord extends DNSKEYRecord {
   CDNSKEYRecord() {}
diff --git a/src/main/java/org/xbill/DNS/CDSRecord.java b/src/main/java/org/xbill/DNS/CDSRecord.java
index d3e838294..c9eee1fd8 100644
--- a/src/main/java/org/xbill/DNS/CDSRecord.java
+++ b/src/main/java/org/xbill/DNS/CDSRecord.java
@@ -5,8 +5,8 @@
  * Child Delegation Signer record as specified in RFC 8078.
  *
  * @see DNSSEC
- * @see <a href="https://tools.ietf.org/html/rfc8078">RFC 8078: Managing DS Records from the Parent
- *     via CDS/CDNSKEY</a>
+ * @see <a href="https://datatracker.ietf.org/doc/html/rfc8078">RFC 8078: Managing DS Records from
+ *     the Parent via CDS/CDNSKEY</a>
  */
 public class CDSRecord extends DSRecord {
   CDSRecord() {}
diff --git a/src/main/java/org/xbill/DNS/CERTRecord.java b/src/main/java/org/xbill/DNS/CERTRecord.java
index 624f6005a..fb7c73695 100644
--- a/src/main/java/org/xbill/DNS/CERTRecord.java
+++ b/src/main/java/org/xbill/DNS/CERTRecord.java
@@ -12,8 +12,8 @@
  *
  * @see KEYRecord
  * @author Brian Wellington
- * @see <a href="https://tools.ietf.org/html/rfc4398">RFC 4398: Storing Certificates in the Domain
- *     Name System (DNS)</a>
+ * @see <a href="https://datatracker.ietf.org/doc/html/rfc4398">RFC 4398: Storing Certificates in
+ *     the Domain Name System (DNS)</a>
  */
 public class CERTRecord extends Record {
 
@@ -102,7 +102,8 @@ public static int value(String s) {
   /** Certificate format defined by IOD */
   public static final int OID = CertificateType.OID;
 
-  private int certType, keyTag;
+  private int certType;
+  private int keyTag;
   private int alg;
   private byte[] cert;
 
@@ -159,7 +160,7 @@ protected String rrToString() {
     sb.append(" ");
     sb.append(alg);
     if (cert != null) {
-      if (Options.check("multiline")) {
+      if (Options.multiline()) {
         sb.append(" (\n");
         sb.append(base64.formatString(cert, 64, "\t", true));
       } else {
diff --git a/src/main/java/org/xbill/DNS/CNAMERecord.java b/src/main/java/org/xbill/DNS/CNAMERecord.java
index 0359cf379..1449e4e20 100644
--- a/src/main/java/org/xbill/DNS/CNAMERecord.java
+++ b/src/main/java/org/xbill/DNS/CNAMERecord.java
@@ -7,8 +7,8 @@
  * CNAME Record - maps an alias to its real name
  *
  * @author Brian Wellington
- * @see <a href="https://tools.ietf.org/html/rfc1035">RFC 1035: Domain Names - Implementation and
- *     Specification</a>
+ * @see <a href="https://datatracker.ietf.org/doc/html/rfc1035">RFC 1035: Domain Names -
+ *     Implementation and Specification</a>
  */
 public class CNAMERecord extends SingleCompressedNameBase {
   CNAMERecord() {}
@@ -16,10 +16,10 @@ public class CNAMERecord extends SingleCompressedNameBase {
   /**
    * Creates a new CNAMERecord with the given data
    *
-   * @param alias The name to which the CNAME alias points
+   * @param target The name to which the CNAME alias points
    */
-  public CNAMERecord(Name name, int dclass, long ttl, Name alias) {
-    super(name, Type.CNAME, dclass, ttl, alias, "alias");
+  public CNAMERecord(Name name, int dclass, long ttl, Name target) {
+    super(name, Type.CNAME, dclass, ttl, target, "target");
   }
 
   /** Gets the target of the CNAME Record */
diff --git a/src/main/java/org/xbill/DNS/Cache.java b/src/main/java/org/xbill/DNS/Cache.java
index e1c88ea2f..3a6da65ce 100644
--- a/src/main/java/org/xbill/DNS/Cache.java
+++ b/src/main/java/org/xbill/DNS/Cache.java
@@ -4,6 +4,7 @@
 package org.xbill.DNS;
 
 import java.io.IOException;
+import java.io.InputStream;
 import java.util.HashSet;
 import java.util.LinkedHashMap;
 import java.util.LinkedList;
@@ -31,6 +32,8 @@ private interface Element {
     int compareCredibility(int cred);
 
     int getType();
+
+    boolean isAuthenticated();
   }
 
   private static int limitExpire(long ttl, long maxttl) {
@@ -44,23 +47,23 @@ private static int limitExpire(long ttl, long maxttl) {
     return (int) expire;
   }
 
-  private static class CacheRRset extends RRset implements Element {
-    private static final long serialVersionUID = 5971755205903597024L;
-
+  static class CacheRRset extends RRset implements Element {
     int credibility;
     int expire;
+    boolean isAuthenticated;
 
-    public CacheRRset(Record rec, int cred, long maxttl) {
-      super();
+    public CacheRRset(Record rec, int cred, long maxttl, boolean isAuthenticated) {
       this.credibility = cred;
       this.expire = limitExpire(rec.getTTL(), maxttl);
+      this.isAuthenticated = isAuthenticated;
       addRR(rec);
     }
 
-    public CacheRRset(RRset rrset, int cred, long maxttl) {
+    public CacheRRset(RRset rrset, int cred, long maxttl, boolean isAuthenticated) {
       super(rrset);
       this.credibility = cred;
       this.expire = limitExpire(rrset.getTTL(), maxttl);
+      this.isAuthenticated = isAuthenticated;
     }
 
     @Override
@@ -78,6 +81,11 @@ public final int compareCredibility(int cred) {
     public String toString() {
       return super.toString() + " cl = " + credibility;
     }
+
+    @Override
+    public boolean isAuthenticated() {
+      return isAuthenticated;
+    }
   }
 
   private static class NegativeElement implements Element {
@@ -85,8 +93,10 @@ private static class NegativeElement implements Element {
     Name name;
     int credibility;
     int expire;
+    boolean isAuthenticated;
 
-    public NegativeElement(Name name, int type, SOARecord soa, int cred, long maxttl) {
+    public NegativeElement(
+        Name name, int type, SOARecord soa, int cred, long maxttl, boolean isAuthenticated) {
       this.name = name;
       this.type = type;
       long cttl = 0;
@@ -95,6 +105,7 @@ public NegativeElement(Name name, int type, SOARecord soa, int cred, long maxttl
       }
       this.credibility = cred;
       this.expire = limitExpire(cttl, maxttl);
+      this.isAuthenticated = isAuthenticated;
     }
 
     @Override
@@ -113,6 +124,11 @@ public final int compareCredibility(int cred) {
       return credibility - cred;
     }
 
+    @Override
+    public boolean isAuthenticated() {
+      return isAuthenticated;
+    }
+
     @Override
     public String toString() {
       StringBuilder sb = new StringBuilder();
@@ -149,17 +165,17 @@ void setMaxSize(int maxsize) {
     }
 
     @Override
-    protected boolean removeEldestEntry(Map.Entry eldest) {
+    protected boolean removeEldestEntry(Map.Entry<Name, Object> eldest) {
       return maxsize >= 0 && size() > maxsize;
     }
   }
 
   private final CacheMap data;
+  private final int dclass;
   private int maxncache = -1;
   private int maxcache = -1;
-  private int dclass;
 
-  private static final int defaultMaxEntries = 50000;
+  private static final int DEFAULT_MAX_ENTRIES = 50000;
 
   /**
    * Creates an empty Cache
@@ -169,7 +185,7 @@ protected boolean removeEldestEntry(Map.Entry eldest) {
    */
   public Cache(int dclass) {
     this.dclass = dclass;
-    data = new CacheMap(defaultMaxEntries);
+    data = new CacheMap(DEFAULT_MAX_ENTRIES);
   }
 
   /**
@@ -183,12 +199,27 @@ public Cache() {
 
   /** Creates a Cache which initially contains all records in the specified file. */
   public Cache(String file) throws IOException {
-    data = new CacheMap(defaultMaxEntries);
-    try (Master m = new Master(file)) {
-      Record record;
-      while ((record = m.nextRecord()) != null) {
-        addRecord(record, Credibility.HINT);
+    this(new Master(file));
+  }
+
+  /**
+   * Creates a Cache which initially contains all records in the specified stream.
+   *
+   * @since 3.6.2
+   */
+  public Cache(InputStream input) throws IOException {
+    this(new Master(input));
+  }
+
+  private <T> Cache(Master m) throws IOException {
+    this();
+    try {
+      Record r;
+      while ((r = m.nextRecord()) != null) {
+        addRecord(r, Credibility.HINT);
       }
+    } finally {
+      m.close();
     }
   }
 
@@ -297,7 +328,7 @@ private synchronized void removeElement(Name name, int type) {
         Element elt = list.get(i);
         if (elt.getType() == type) {
           list.remove(i);
-          if (list.size() == 0) {
+          if (list.isEmpty()) {
             data.remove(name);
           }
           return;
@@ -316,6 +347,7 @@ private synchronized void removeElement(Name name, int type) {
   public synchronized void clearCache() {
     data.clear();
   }
+
   /**
    * Adds a record to the Cache.
    *
@@ -326,7 +358,7 @@ public synchronized void clearCache() {
    */
   @Deprecated
   public synchronized void addRecord(Record r, int cred, Object o) {
-    addRecord(r, cred);
+    addRecord(r, cred, false);
   }
 
   /**
@@ -337,6 +369,10 @@ public synchronized void addRecord(Record r, int cred, Object o) {
    * @see Record
    */
   public synchronized void addRecord(Record r, int cred) {
+    addRecord(r, cred, false);
+  }
+
+  private synchronized void addRecord(Record r, int cred, boolean isAuthenticated) {
     Name name = r.getName();
     int type = r.getRRsetType();
     if (!Type.isRR(type)) {
@@ -344,13 +380,11 @@ public synchronized void addRecord(Record r, int cred) {
     }
     Element element = findElement(name, type, cred);
     if (element == null) {
-      CacheRRset crrset = new CacheRRset(r, cred, maxcache);
-      addRRset(crrset, cred);
-    } else if (element.compareCredibility(cred) == 0) {
-      if (element instanceof CacheRRset) {
-        CacheRRset crrset = (CacheRRset) element;
-        crrset.addRR(r);
-      }
+      CacheRRset crrset = new CacheRRset(r, cred, maxcache, isAuthenticated);
+      addRRset(crrset, cred, isAuthenticated);
+    } else if (element.compareCredibility(cred) == 0 && element instanceof CacheRRset) {
+      CacheRRset crrset = (CacheRRset) element;
+      crrset.addRR(r);
     }
   }
 
@@ -362,6 +396,11 @@ public synchronized void addRecord(Record r, int cred) {
    * @see RRset
    */
   public synchronized <T extends Record> void addRRset(RRset rrset, int cred) {
+    addRRset(rrset, cred, false);
+  }
+
+  private synchronized <T extends Record> void addRRset(
+      RRset rrset, int cred, boolean isAuthenticated) {
     long ttl = rrset.getTTL();
     Name name = rrset.getName();
     int type = rrset.getType();
@@ -379,7 +418,7 @@ public synchronized <T extends Record> void addRRset(RRset rrset, int cred) {
         if (rrset instanceof CacheRRset) {
           crrset = (CacheRRset) rrset;
         } else {
-          crrset = new CacheRRset(rrset, cred, maxcache);
+          crrset = new CacheRRset(rrset, cred, maxcache, isAuthenticated);
         }
         addElement(name, crrset);
       }
@@ -396,6 +435,11 @@ public synchronized <T extends Record> void addRRset(RRset rrset, int cred) {
    * @param cred The credibility of the negative entry
    */
   public synchronized void addNegative(Name name, int type, SOARecord soa, int cred) {
+    addNegative(name, type, soa, cred, false);
+  }
+
+  private synchronized void addNegative(
+      Name name, int type, SOARecord soa, int cred, boolean isAuthenticated) {
     long ttl = 0;
     if (soa != null) {
       ttl = Math.min(soa.getMinimum(), soa.getTTL());
@@ -410,7 +454,7 @@ public synchronized void addNegative(Name name, int type, SOARecord soa, int cre
         element = null;
       }
       if (element == null) {
-        addElement(name, new NegativeElement(name, type, soa, cred, maxncache));
+        addElement(name, new NegativeElement(name, type, soa, cred, maxncache, isAuthenticated));
       }
     }
   }
@@ -422,7 +466,6 @@ protected synchronized SetResponse lookup(Name name, int type, int minCred) {
     Element element;
     Name tname;
     Object types;
-    SetResponse sr;
 
     labels = name.labels();
 
@@ -449,8 +492,8 @@ protected synchronized SetResponse lookup(Name name, int type, int minCred) {
        * Otherwise, look for a DNAME.
        */
       if (isExact && type == Type.ANY) {
-        sr = new SetResponse(SetResponse.SUCCESSFUL);
         Element[] elements = allElements(types);
+        SetResponse sr = SetResponse.ofType(SetResponseType.SUCCESSFUL);
         int added = 0;
         for (Element value : elements) {
           element = value;
@@ -474,40 +517,37 @@ protected synchronized SetResponse lookup(Name name, int type, int minCred) {
       } else if (isExact) {
         element = oneElement(tname, types, type, minCred);
         if (element instanceof CacheRRset) {
-          sr = new SetResponse(SetResponse.SUCCESSFUL);
-          sr.addRRset((CacheRRset) element);
-          return sr;
+          return SetResponse.ofType(SetResponseType.SUCCESSFUL, (CacheRRset) element);
         } else if (element != null) {
-          sr = new SetResponse(SetResponse.NXRRSET);
-          return sr;
+          return SetResponse.ofType(SetResponseType.NXRRSET);
         }
 
         element = oneElement(tname, types, Type.CNAME, minCred);
         if (element instanceof CacheRRset) {
-          return new SetResponse(SetResponse.CNAME, (CacheRRset) element);
+          return SetResponse.ofType(SetResponseType.CNAME, (CacheRRset) element);
         }
       } else {
         element = oneElement(tname, types, Type.DNAME, minCred);
         if (element instanceof CacheRRset) {
-          return new SetResponse(SetResponse.DNAME, (CacheRRset) element);
+          return SetResponse.ofType(SetResponseType.DNAME, (CacheRRset) element);
         }
       }
 
       /* Look for an NS */
       element = oneElement(tname, types, Type.NS, minCred);
       if (element instanceof CacheRRset) {
-        return new SetResponse(SetResponse.DELEGATION, (CacheRRset) element);
+        return SetResponse.ofType(SetResponseType.DELEGATION, (CacheRRset) element);
       }
 
       /* Check for the special NXDOMAIN element. */
       if (isExact) {
         element = oneElement(tname, types, 0, minCred);
         if (element != null) {
-          return SetResponse.ofType(SetResponse.NXDOMAIN);
+          return SetResponse.ofType(SetResponseType.NXDOMAIN);
         }
       }
     }
-    return SetResponse.ofType(SetResponse.UNKNOWN);
+    return SetResponse.ofType(SetResponseType.UNKNOWN);
   }
 
   /**
@@ -539,7 +579,7 @@ private List<RRset> findRecords(Name name, int type, int minCred) {
    *
    * @param name The name to look up
    * @param type The type to look up
-   * @return An array of RRsets, or null
+   * @return A list of matching RRsets, or {@code null}.
    * @see Credibility
    */
   public List<RRset> findRecords(Name name, int type) {
@@ -552,7 +592,7 @@ public List<RRset> findRecords(Name name, int type) {
    *
    * @param name The name to look up
    * @param type The type to look up
-   * @return An array of RRsets, or null
+   * @return A list of matching RRsets, or {@code null}.
    * @see Credibility
    */
   public List<RRset> findAnyRecords(Name name, int type) {
@@ -603,7 +643,8 @@ private static void markAdditional(RRset rrset, Set<Name> names) {
    * @see Message
    */
   public SetResponse addMessage(Message in) {
-    boolean isAuth = in.getHeader().getFlag(Flags.AA);
+    boolean isAuthoritative = in.getHeader().getFlag(Flags.AA);
+    boolean isAuthenticated = in.getHeader().getFlag(Flags.AD);
     Record question = in.getQuestion();
     Name qname;
     Name curname;
@@ -612,7 +653,6 @@ public SetResponse addMessage(Message in) {
     int cred;
     int rcode = in.getHeader().getRcode();
     boolean completed = false;
-    List<RRset> answers, auth, addl;
     SetResponse response = null;
     HashSet<Name> additionalNames;
 
@@ -628,48 +668,59 @@ public SetResponse addMessage(Message in) {
 
     additionalNames = new HashSet<>();
 
-    answers = in.getSectionRRsets(Section.ANSWER);
-    for (RRset answer : answers) {
+    List<RRset> answers = in.getSectionRRsets(Section.ANSWER);
+    for (int i = 0; i < answers.size(); i++) {
+      RRset answer = answers.get(i);
       if (answer.getDClass() != qclass) {
         continue;
       }
       int type = answer.getType();
       Name name = answer.getName();
-      cred = getCred(Section.ANSWER, isAuth);
+      cred = getCred(Section.ANSWER, isAuthoritative);
       if ((type == qtype || qtype == Type.ANY) && name.equals(curname)) {
-        addRRset(answer, cred);
+        addRRset(answer, cred, isAuthenticated);
         completed = true;
         if (curname == qname) {
           if (response == null) {
-            response = new SetResponse(SetResponse.SUCCESSFUL);
+            response = SetResponse.ofType(SetResponseType.SUCCESSFUL);
           }
           response.addRRset(answer);
         }
         markAdditional(answer, additionalNames);
-      } else if (type == Type.CNAME && name.equals(curname)) {
-        CNAMERecord cname;
-        addRRset(answer, cred);
-        if (curname == qname) {
-          response = new SetResponse(SetResponse.CNAME, answer);
-        }
-        cname = (CNAMERecord) answer.first();
-        curname = cname.getTarget();
       } else if (type == Type.DNAME && curname.subdomain(name)) {
         DNAMERecord dname;
-        addRRset(answer, cred);
+        addRRset(answer, cred, isAuthenticated);
         if (curname == qname) {
-          response = new SetResponse(SetResponse.DNAME, answer);
+          response = SetResponse.ofType(SetResponseType.DNAME, answer, isAuthenticated);
         }
+
+        if (i + 1 < answers.size()) {
+          RRset next = answers.get(i + 1);
+          if (next.getType() == Type.CNAME && next.getName().equals(curname)) {
+            // Skip generating the next name from the current DNAME, the synthesized CNAME did that
+            // for us
+            continue;
+          }
+        }
+
         dname = (DNAMERecord) answer.first();
         try {
           curname = curname.fromDNAME(dname);
         } catch (NameTooLongException e) {
           break;
         }
+      } else if (type == Type.CNAME && name.equals(curname)) {
+        CNAMERecord cname;
+        addRRset(answer, cred, isAuthenticated);
+        if (curname == qname) {
+          response = SetResponse.ofType(SetResponseType.CNAME, answer, isAuthenticated);
+        }
+        cname = (CNAMERecord) answer.first();
+        curname = cname.getTarget();
       }
     }
 
-    auth = in.getSectionRRsets(Section.AUTHORITY);
+    List<RRset> auth = in.getSectionRRsets(Section.AUTHORITY);
     RRset soa = null;
     RRset ns = null;
     for (RRset rset : auth) {
@@ -684,40 +735,40 @@ public SetResponse addMessage(Message in) {
       int cachetype = (rcode == Rcode.NXDOMAIN) ? 0 : qtype;
       if (rcode == Rcode.NXDOMAIN || soa != null || ns == null) {
         /* Negative response */
-        cred = getCred(Section.AUTHORITY, isAuth);
+        cred = getCred(Section.AUTHORITY, isAuthoritative);
         SOARecord soarec = null;
         if (soa != null) {
           soarec = (SOARecord) soa.first();
         }
-        addNegative(curname, cachetype, soarec, cred);
+        addNegative(curname, cachetype, soarec, cred, isAuthenticated);
         if (response == null) {
-          int responseType;
+          SetResponseType responseType;
           if (rcode == Rcode.NXDOMAIN) {
-            responseType = SetResponse.NXDOMAIN;
+            responseType = SetResponseType.NXDOMAIN;
           } else {
-            responseType = SetResponse.NXRRSET;
+            responseType = SetResponseType.NXRRSET;
           }
           response = SetResponse.ofType(responseType);
         }
         /* DNSSEC records are not cached. */
       } else {
         /* Referral response */
-        cred = getCred(Section.AUTHORITY, isAuth);
-        addRRset(ns, cred);
+        cred = getCred(Section.AUTHORITY, isAuthoritative);
+        addRRset(ns, cred, isAuthenticated);
         markAdditional(ns, additionalNames);
         if (response == null) {
-          response = new SetResponse(SetResponse.DELEGATION, ns);
+          response = SetResponse.ofType(SetResponseType.DELEGATION, ns, isAuthenticated);
         }
       }
     } else if (rcode == Rcode.NOERROR && ns != null) {
       /* Cache the NS set from a positive response. */
-      cred = getCred(Section.AUTHORITY, isAuth);
-      addRRset(ns, cred);
+      cred = getCred(Section.AUTHORITY, isAuthoritative);
+      addRRset(ns, cred, isAuthenticated);
       markAdditional(ns, additionalNames);
     }
 
-    addl = in.getSectionRRsets(Section.ADDITIONAL);
-    for (RRset rRset : addl) {
+    List<RRset> additional = in.getSectionRRsets(Section.ADDITIONAL);
+    for (RRset rRset : additional) {
       int type = rRset.getType();
       if (type != Type.A && type != Type.AAAA && type != Type.A6) {
         continue;
@@ -726,8 +777,8 @@ public SetResponse addMessage(Message in) {
       if (!additionalNames.contains(name)) {
         continue;
       }
-      cred = getCred(Section.ADDITIONAL, isAuth);
-      addRRset(rRset, cred);
+      cred = getCred(Section.ADDITIONAL, isAuthoritative);
+      addRRset(rRset, cred, isAuthenticated);
     }
 
     log.debug(
diff --git a/src/main/java/org/xbill/DNS/ClientSubnetOption.java b/src/main/java/org/xbill/DNS/ClientSubnetOption.java
index 8d2730a01..6d8df8d0f 100644
--- a/src/main/java/org/xbill/DNS/ClientSubnetOption.java
+++ b/src/main/java/org/xbill/DNS/ClientSubnetOption.java
@@ -7,8 +7,7 @@
 import java.net.UnknownHostException;
 
 /**
- * The Client Subnet EDNS Option, defined in <a href="https://tools.ietf.org/html/rfc7871">Client
- * subnet in DNS requests</a>.
+ * The Client Subnet EDNS Option.
  *
  * <p>The option is used to convey information about the IP address of the originating client, so
  * that an authoritative server can make decisions based on this address, rather than the address of
@@ -22,6 +21,7 @@
  * length (where the final octet is padded with bits set to 0)
  *
  * @see OPTRecord
+ * @see <a href="https://datatracker.ietf.org/doc/html/rfc7871">RFC 7871</a>
  * @author Brian Wellington
  * @author Ming Zhou &lt;mizhou@bnivideo.com&gt;, Beaumaris Networks
  */
diff --git a/src/main/java/org/xbill/DNS/CookieOption.java b/src/main/java/org/xbill/DNS/CookieOption.java
index 17f22472f..5228f31bf 100644
--- a/src/main/java/org/xbill/DNS/CookieOption.java
+++ b/src/main/java/org/xbill/DNS/CookieOption.java
@@ -6,9 +6,10 @@
 import org.xbill.DNS.utils.base16;
 
 /**
- * Cookie EDNS0 Option, as defined in https://tools.ietf.org/html/rfc7873
+ * Cookie EDNS0 Option.
  *
  * @see OPTRecord
+ * @see <a href="https://datatracker.ietf.org/doc/html/rfc7873">RFC 7873</a>
  * @author Klaus Malorny
  */
 public class CookieOption extends EDNSOption {
diff --git a/src/main/java/org/xbill/DNS/Credibility.java b/src/main/java/org/xbill/DNS/Credibility.java
index 0feb5a2a0..066c8c728 100644
--- a/src/main/java/org/xbill/DNS/Credibility.java
+++ b/src/main/java/org/xbill/DNS/Credibility.java
@@ -24,16 +24,16 @@ private Credibility() {}
   /** The additional section of a response. */
   public static final int GLUE = 2;
 
-  /** The authority section of a nonauthoritative response. */
+  /** The authority section of a non-authoritative response. */
   public static final int NONAUTH_AUTHORITY = 3;
 
-  /** The answer section of a nonauthoritative response. */
+  /** The answer section of a non-authoritative response. */
   public static final int NONAUTH_ANSWER = 3;
 
   /** The authority section of an authoritative response. */
   public static final int AUTH_AUTHORITY = 4;
 
-  /** The answer section of a authoritative response. */
+  /** The answer section of an authoritative response. */
   public static final int AUTH_ANSWER = 4;
 
   /** A zone. */
diff --git a/src/main/java/org/xbill/DNS/DHCIDRecord.java b/src/main/java/org/xbill/DNS/DHCIDRecord.java
index 827c9767e..be3947074 100644
--- a/src/main/java/org/xbill/DNS/DHCIDRecord.java
+++ b/src/main/java/org/xbill/DNS/DHCIDRecord.java
@@ -10,8 +10,8 @@
  * DHCID - Dynamic Host Configuration Protocol (DHCP) ID (RFC 4701)
  *
  * @author Brian Wellington
- * @see <a href="https://tools.ietf.org/html/rfc4701">RFC 4701: A DNS Resource Record (RR) for
- *     Encoding Dynamic Host Configuration Protocol (DHCP) Information (DHCID RR)</a>
+ * @see <a href="https://datatracker.ietf.org/doc/html/rfc4701">RFC 4701: A DNS Resource Record (RR)
+ *     for Encoding Dynamic Host Configuration Protocol (DHCP) Information (DHCID RR)</a>
  */
 public class DHCIDRecord extends Record {
   private byte[] data;
diff --git a/src/main/java/org/xbill/DNS/DLVRecord.java b/src/main/java/org/xbill/DNS/DLVRecord.java
index 8a7dd591f..88d16e453 100644
--- a/src/main/java/org/xbill/DNS/DLVRecord.java
+++ b/src/main/java/org/xbill/DNS/DLVRecord.java
@@ -14,14 +14,23 @@
  * @see DSRecord
  * @author David Blacka
  * @author Brian Wellington
- * @see <a href="https://tools.ietf.org/html/rfc4431">RFC 4431: The DNSSEC Lookaside Validation
- *     (DLV) DNS Resource Record</a>
+ * @see <a href="https://datatracker.ietf.org/doc/html/rfc4431">RFC 4431: The DNSSEC Lookaside
+ *     Validation (DLV) DNS Resource Record</a>
  */
 public class DLVRecord extends Record {
 
-  /** @deprecated use {@link DNSSEC.Digest#SHA1} */
+  /**
+   * SHA1 digest ID for DLV records.
+   *
+   * @deprecated use {@link DNSSEC.Digest#SHA1}
+   */
   @Deprecated public static final int SHA1_DIGEST_ID = DNSSEC.Digest.SHA1;
-  /** @deprecated use {@link DNSSEC.Digest#SHA256} */
+
+  /**
+   * SHA256 digest ID for DLV records.
+   *
+   * @deprecated use {@link DNSSEC.Digest#SHA256}
+   */
   @Deprecated public static final int SHA256_DIGEST_ID = DNSSEC.Digest.SHA256;
 
   private int footprint;
@@ -61,7 +70,7 @@ protected void rdataFromString(Tokenizer st, Name origin) throws IOException {
     footprint = st.getUInt16();
     alg = st.getUInt8();
     digestid = st.getUInt8();
-    digest = st.getHex();
+    digest = st.getHex(true);
   }
 
   /** Converts rdata to a String */
diff --git a/src/main/java/org/xbill/DNS/DNAMERecord.java b/src/main/java/org/xbill/DNS/DNAMERecord.java
index 429aae5b1..d088d8f6d 100644
--- a/src/main/java/org/xbill/DNS/DNAMERecord.java
+++ b/src/main/java/org/xbill/DNS/DNAMERecord.java
@@ -7,7 +7,8 @@
  * DNAME Record - maps a nonterminal alias (subtree) to a different domain
  *
  * @author Brian Wellington
- * @see <a href="https://tools.ietf.org/html/rfc6672">RFC 6672: DNAME Redirection in the DNS</a>
+ * @see <a href="https://datatracker.ietf.org/doc/html/rfc6672">RFC 6672: DNAME Redirection in the
+ *     DNS</a>
  */
 public class DNAMERecord extends SingleNameBase {
   DNAMERecord() {}
diff --git a/src/main/java/org/xbill/DNS/DNSInput.java b/src/main/java/org/xbill/DNS/DNSInput.java
index 85f9bcf2d..fb26cb580 100644
--- a/src/main/java/org/xbill/DNS/DNSInput.java
+++ b/src/main/java/org/xbill/DNS/DNSInput.java
@@ -79,7 +79,7 @@ public void clearActive() {
 
   /** Returns the position of the end of the current active region. */
   public int saveActive() {
-    return limit - offset;
+    return byteBuffer.limit() - offset;
   }
 
   /**
diff --git a/src/main/java/org/xbill/DNS/DNSKEYRecord.java b/src/main/java/org/xbill/DNS/DNSKEYRecord.java
index 438fa1dd3..1b868992f 100644
--- a/src/main/java/org/xbill/DNS/DNSKEYRecord.java
+++ b/src/main/java/org/xbill/DNS/DNSKEYRecord.java
@@ -12,8 +12,8 @@
  *
  * @see DNSSEC
  * @author Brian Wellington
- * @see <a href="https://tools.ietf.org/html/rfc4034">RFC 4034: Resource Records for the DNS
- *     Security Extensions</a>
+ * @see <a href="https://datatracker.ietf.org/doc/html/rfc4034">RFC 4034: Resource Records for the
+ *     DNS Security Extensions</a>
  */
 public class DNSKEYRecord extends KEYBase {
 
@@ -24,6 +24,10 @@ private Protocol() {}
     public static final int DNSSEC = 3;
   }
 
+  /**
+   * {@code DNSKEY} flags as defined in the <a
+   * href="https://www.iana.org/assignments/dnskey-flags/dnskey-flags.xhtml">IANA registry</a>.
+   */
   public static class Flags {
     private Flags() {}
 
diff --git a/src/main/java/org/xbill/DNS/DNSOutput.java b/src/main/java/org/xbill/DNS/DNSOutput.java
index 0aab750d0..204fda0e6 100644
--- a/src/main/java/org/xbill/DNS/DNSOutput.java
+++ b/src/main/java/org/xbill/DNS/DNSOutput.java
@@ -12,7 +12,7 @@ public class DNSOutput {
 
   private byte[] array;
   private int pos;
-  private int saved_pos;
+  private int savedPos;
 
   /**
    * Create a new DNSOutput with a specified size.
@@ -22,7 +22,7 @@ public class DNSOutput {
   public DNSOutput(int size) {
     array = new byte[size];
     pos = 0;
-    saved_pos = -1;
+    savedPos = -1;
   }
 
   /** Create a new DNSOutput */
@@ -75,16 +75,16 @@ public void jump(int index) {
    * @throws IllegalArgumentException The index is not within the output.
    */
   public void save() {
-    saved_pos = pos;
+    savedPos = pos;
   }
 
   /** Restores the input stream to its state before the call to {@link #save}. */
   public void restore() {
-    if (saved_pos < 0) {
+    if (savedPos < 0) {
       throw new IllegalStateException("no previous state");
     }
-    pos = saved_pos;
-    saved_pos = -1;
+    pos = savedPos;
+    savedPos = -1;
   }
 
   /**
@@ -122,7 +122,7 @@ public void writeU16At(int val, int where) {
       throw new IllegalArgumentException("cannot write past end of data");
     }
     array[where++] = (byte) ((val >>> 8) & 0xFF);
-    array[where++] = (byte) (val & 0xFF);
+    array[where] = (byte) (val & 0xFF);
   }
 
   /**
diff --git a/src/main/java/org/xbill/DNS/DNSSEC.java b/src/main/java/org/xbill/DNS/DNSSEC.java
index dbf684a2c..ff8e7efa3 100644
--- a/src/main/java/org/xbill/DNS/DNSSEC.java
+++ b/src/main/java/org/xbill/DNS/DNSSEC.java
@@ -26,16 +26,19 @@
 import java.time.Instant;
 import java.util.Arrays;
 import java.util.Date;
+import java.util.HashMap;
+import java.util.Map;
+import lombok.Getter;
 
 /**
  * Constants and methods relating to DNSSEC.
  *
  * <p>DNSSEC provides authentication for DNS information.
  *
+ * @author Brian Wellington
  * @see RRSIGRecord
  * @see DNSKEYRecord
  * @see RRset
- * @author Brian Wellington
  */
 public class DNSSEC {
   /** Domain Name System Security (DNSSEC) Algorithm Numbers. */
@@ -43,8 +46,9 @@ public static class Algorithm {
     private Algorithm() {}
 
     /**
-     * Delete DS record in parent zone, RFC8078.
+     * Delete DS record in parent zone.
      *
+     * @see <a href="https://datatracker.ietf.org/doc/html/rfc8078/">RFC 8078</a>
      * @since 3.5
      */
     public static final int DELETE = 0;
@@ -76,18 +80,43 @@ private Algorithm() {}
     /** GOST R 34.10-2001. This requires an external cryptography provider, such as BouncyCastle. */
     public static final int ECC_GOST = 12;
 
-    /** ECDSA Curve P-256 with SHA-256 public key * */
+    /** ECDSA Curve P-256 with SHA-256 public key. */
     public static final int ECDSAP256SHA256 = 13;
 
-    /** ECDSA Curve P-384 with SHA-384 public key * */
+    /** ECDSA Curve P-384 with SHA-384 public key. */
     public static final int ECDSAP384SHA384 = 14;
 
-    /** Edwards-Curve Digital Security Algorithm (EdDSA) for DNSSEC, RFC8080 */
+    /**
+     * Edwards-Curve Digital Security Algorithm (EdDSA) for DNSSEC.
+     *
+     * @see <a href="https://datatracker.ietf.org/doc/html/rfc8080/">RFC 8080</a>
+     */
     public static final int ED25519 = 15;
 
-    /** Edwards-Curve Digital Security Algorithm (EdDSA) for DNSSEC, RFC8080 */
+    /**
+     * Edwards-Curve Digital Security Algorithm (EdDSA) for DNSSEC.
+     *
+     * @see <a href="https://datatracker.ietf.org/doc/html/rfc8080/">RFC 8080</a>
+     */
     public static final int ED448 = 16;
 
+    /**
+     * SM2 signing algorithm with SM3 hashing algorithm.
+     *
+     * @see <a
+     *     href="https://datatracker.ietf.org/doc/draft-cuiling-dnsop-sm2-alg/15/">draft-cuiling-dnsop-sm2-alg-15</a>
+     * @since 3.6
+     */
+    public static final int SM2SM3 = 17;
+
+    /**
+     * GOST R 34.10-2012.
+     *
+     * @see <a href="https://datatracker.ietf.org/doc/html/rfc9558/">RFC 9558</a>
+     * @since 3.6
+     */
+    public static final int ECC_GOST12 = 23;
+
     /** Indirect keys; the actual key is elsewhere. */
     public static final int INDIRECT = 252;
 
@@ -109,7 +138,7 @@ private Algorithm() {}
       algs.add(DSA, "DSA");
       algs.add(RSASHA1, "RSASHA1");
       algs.add(DSA_NSEC3_SHA1, "DSA-NSEC3-SHA1");
-      algs.add(RSA_NSEC3_SHA1, "RSA-NSEC3-SHA1");
+      algs.add(RSA_NSEC3_SHA1, "RSASHA1-NSEC3-SHA1");
       algs.add(RSASHA256, "RSASHA256");
       algs.add(RSASHA512, "RSASHA512");
       algs.add(ECC_GOST, "ECC-GOST");
@@ -117,6 +146,8 @@ private Algorithm() {}
       algs.add(ECDSAP384SHA384, "ECDSAP384SHA384");
       algs.add(ED25519, "ED25519");
       algs.add(ED448, "ED448");
+      algs.add(SM2SM3, "SM2SM3");
+      algs.add(ECC_GOST12, "ECC-GOST12");
       algs.add(INDIRECT, "INDIRECT");
       algs.add(PRIVATEDNS, "PRIVATEDNS");
       algs.add(PRIVATEOID, "PRIVATEOID");
@@ -137,6 +168,11 @@ public static String string(int alg) {
     public static int value(String s) {
       return algs.getValue(s);
     }
+
+    /** Checks that a numeric value is within the range [0..max] */
+    public static void check(int val) {
+      algs.check(val);
+    }
   }
 
   /**
@@ -147,29 +183,71 @@ public static int value(String s) {
   public static class Digest {
     private Digest() {}
 
-    /** SHA-1, RFC3658. */
+    /**
+     * SHA-1.
+     *
+     * @see <a href="https://datatracker.ietf.org/doc/html/rfc3658/">RFC 3658</a>
+     */
     public static final int SHA1 = 1;
 
-    /** SHA-256, RFC4509. */
+    /**
+     * SHA-256.
+     *
+     * @see <a href="https://datatracker.ietf.org/doc/html/rfc4509/">RFC 4509</a>
+     */
     public static final int SHA256 = 2;
 
-    /** GOST R 34.11-94, RFC5933. */
+    /**
+     * GOST R 34.11-94.
+     *
+     * @see <a href="https://datatracker.ietf.org/doc/html/rfc5933/">RFC 5933</a>
+     */
     public static final int GOST3411 = 3;
 
-    /** SHA-384, RFC6605. */
+    /**
+     * SHA-384.
+     *
+     * @see <a href="https://datatracker.ietf.org/doc/html/rfc6605/">RFC 6605</a>
+     */
     public static final int SHA384 = 4;
 
+    /**
+     * GOST R 34.11-2012.
+     *
+     * @see <a href="https://datatracker.ietf.org/doc/html/rfc9558/">RFC 9558</a>
+     * @since 3.6
+     */
+    public static final int GOST3411_12 = 5;
+
+    /**
+     * SM3 hashing algorithm.
+     *
+     * @see <a
+     *     href="https://datatracker.ietf.org/doc/draft-cuiling-dnsop-sm2-alg/15/">draft-cuiling-dnsop-sm2-alg-15</a>
+     * @since 3.6
+     */
+    public static final int SM3 = 6;
+
     private static final Mnemonic algs =
         new Mnemonic("DNSSEC Digest Algorithm", Mnemonic.CASE_UPPER);
+    private static final Map<Integer, Integer> algLengths = new HashMap<>(4);
 
     static {
       algs.setMaximum(0xFF);
       algs.setNumericAllowed(true);
 
       algs.add(SHA1, "SHA-1");
+      algLengths.put(SHA1, 20);
       algs.add(SHA256, "SHA-256");
+      algLengths.put(SHA256, 32);
       algs.add(GOST3411, "GOST R 34.11-94");
+      algLengths.put(GOST3411, 32);
       algs.add(SHA384, "SHA-384");
+      algLengths.put(SHA384, 48);
+      algs.add(GOST3411_12, "GOST12");
+      algLengths.put(GOST3411_12, 64);
+      algs.add(SM3, "SM3");
+      algLengths.put(SM3, 32);
     }
 
     /** Converts an algorithm into its textual representation */
@@ -187,6 +265,17 @@ public static String string(int alg) {
     public static int value(String s) {
       return algs.getValue(s);
     }
+
+    /**
+     * Gets the length, in bytes, of the specified digest id.
+     *
+     * @return The length, in bytes, or -1 for an unknown digest.
+     * @since 3.6
+     */
+    public static int algLength(int alg) {
+      Integer len = algLengths.get(alg);
+      return len == null ? -1 : len;
+    }
   }
 
   private DNSSEC() {}
@@ -290,6 +379,16 @@ public static class UnsupportedAlgorithmException extends DNSSECException {
     }
   }
 
+  /** The {@link DNSKEYRecord} used for the validation is not a zone signing key. */
+  public static class InvalidDnskeyException extends DNSSECException {
+    @Getter private final int edeCode;
+
+    InvalidDnskeyException(DNSKEYRecord dnskey, String message, int edeCode) {
+      super("DNSKEY " + dnskey.getName() + " is invalid, " + message);
+      this.edeCode = edeCode;
+    }
+  }
+
   /** The cryptographic data in a DNSSEC key is malformed. */
   public static class MalformedKeyException extends DNSSECException {
     MalformedKeyException(String message) {
@@ -332,12 +431,12 @@ public static class SignatureExpiredException extends DNSSECException {
       this.now = now;
     }
 
-    /** @return When the signature expired */
+    /** When the signature expired. */
     public Instant getExpiration() {
       return when;
     }
 
-    /** @return When the verification was attempted */
+    /** When the verification was attempted. */
     public Instant getVerifyTime() {
       return now;
     }
@@ -354,12 +453,12 @@ public static class SignatureNotYetValidException extends DNSSECException {
       this.now = now;
     }
 
-    /** @return When the signature will become valid */
+    /** When the signature will become valid. */
     public Instant getExpiration() {
       return when;
     }
 
-    /** @return When the verification was attempted */
+    /** When the verification was attempted. */
     public Instant getVerifyTime() {
       return now;
     }
@@ -367,8 +466,12 @@ public Instant getVerifyTime() {
 
   /** A DNSSEC verification failed because the cryptographic signature verification failed. */
   public static class SignatureVerificationException extends DNSSECException {
-    SignatureVerificationException() {
-      super("signature verification failed");
+    SignatureVerificationException(Throwable inner) {
+      super("Signature verification failed", inner);
+    }
+
+    SignatureVerificationException(String message) {
+      super("Signature verification failed: " + message);
     }
   }
 
@@ -786,7 +889,7 @@ private static IOException asn1ParseException(Object expected, Object actual) {
   private static byte[] dsaSignatureFromDNS(byte[] signature, int keyLength, boolean skipT)
       throws DNSSECException, IOException {
     if (signature.length != keyLength * 2 + (skipT ? 1 : 0)) {
-      throw new SignatureVerificationException();
+      throw new SignatureVerificationException("input has unexpected length " + signature.length);
     }
 
     DNSInput in = new DNSInput(signature);
@@ -880,13 +983,16 @@ private static void transformAns1IntToDns(int rsLen, DNSInput in, DNSOutput out)
     out.writeByteArray(in.readByteArray(len));
   }
 
-  private static void verify(PublicKey key, int alg, byte[] data, byte[] signature)
+  private static void verify(KEYBase keyRecord, SIGBase sigRecord, byte[] data, int coveredType)
       throws DNSSECException {
+    PublicKey key = keyRecord.getPublicKey();
+    int alg = sigRecord.getAlgorithm();
+    byte[] signature = sigRecord.getSignature();
     if (key instanceof DSAPublicKey) {
       try {
         signature = dsaSignatureFromDNS(signature, DSA_LEN, true);
       } catch (IOException e) {
-        throw new IllegalStateException();
+        throw new SignatureVerificationException(e);
       }
     } else if (key instanceof ECPublicKey) {
       try {
@@ -894,7 +1000,8 @@ private static void verify(PublicKey key, int alg, byte[] data, byte[] signature
           case Algorithm.ECC_GOST:
             // Wire format is equal to the engine input
             if (signature.length != GOST.length * 2) {
-              throw new SignatureVerificationException();
+              throw new SignatureVerificationException(
+                  "input has unexpected length " + signature.length);
             }
             break;
           case Algorithm.ECDSAP256SHA256:
@@ -907,7 +1014,7 @@ private static void verify(PublicKey key, int alg, byte[] data, byte[] signature
             throw new UnsupportedAlgorithmException(alg);
         }
       } catch (IOException e) {
-        throw new IllegalStateException();
+        throw new SignatureVerificationException(e);
       }
     }
 
@@ -916,7 +1023,24 @@ private static void verify(PublicKey key, int alg, byte[] data, byte[] signature
       s.initVerify(key);
       s.update(data);
       if (!s.verify(signature)) {
-        throw new SignatureVerificationException();
+        throw new SignatureVerificationException(
+            "Key "
+                + keyRecord.getName()
+                + " (alg="
+                + keyRecord.getAlgorithm()
+                + ",id="
+                + keyRecord.getFootprint()
+                + ") doesn't validate <"
+                + sigRecord.getName()
+                + "/"
+                + DClass.string(sigRecord.getDClass())
+                + "/"
+                + Type.string(coveredType)
+                + "> (alg="
+                + sigRecord.getAlgorithm()
+                + ",id="
+                + sigRecord.getFootprint()
+                + ")");
       }
     } catch (GeneralSecurityException e) {
       throw new DNSSECException(e);
@@ -987,20 +1111,34 @@ public static void verify(RRset rrset, RRSIGRecord rrsig, DNSKEYRecord key, Date
    */
   public static void verify(RRset rrset, RRSIGRecord rrsig, DNSKEYRecord key, Instant date)
       throws DNSSECException {
-    if (!matches(rrsig, key)) {
-      throw new KeyMismatchException(key, rrsig);
+    if ((key.getFlags() & DNSKEYRecord.Flags.ZONE_KEY) != DNSKEYRecord.Flags.ZONE_KEY) {
+      throw new InvalidDnskeyException(
+          key, "zone key flag is not set", ExtendedErrorCodeOption.NO_ZONE_KEY_BIT_SET);
+    }
+
+    if (key.getProtocol() != DNSKEYRecord.Protocol.DNSSEC) {
+      throw new InvalidDnskeyException(
+          key, "invalid protocol", ExtendedErrorCodeOption.DNSSEC_BOGUS);
     }
 
-    if (date.compareTo(rrsig.getExpire()) > 0) {
-      throw new SignatureExpiredException(rrsig.getExpire(), date);
+    checkKeyAndSigRecord(rrsig, key, date);
+
+    verify(key, rrsig, digestRRset(rrsig, rrset), rrset.getType());
+  }
+
+  private static void checkKeyAndSigRecord(SIGBase sig, KEYBase key, Instant date)
+      throws DNSSECException {
+    if (!matches(sig, key)) {
+      throw new KeyMismatchException(key, sig);
     }
-    if (date.compareTo(rrsig.getTimeSigned()) < 0) {
-      throw new SignatureNotYetValidException(rrsig.getTimeSigned(), date);
+
+    if (date.compareTo(sig.getExpire()) > 0) {
+      throw new SignatureExpiredException(sig.getExpire(), date);
     }
 
-    verify(
-        key.getPublicKey(), rrsig.getAlgorithm(),
-        digestRRset(rrsig, rrset), rrsig.getSignature());
+    if (date.compareTo(sig.getTimeSigned()) < 0) {
+      throw new SignatureNotYetValidException(sig.getTimeSigned(), date);
+    }
   }
 
   static byte[] sign(PrivateKey privkey, PublicKey pubkey, int alg, byte[] data, String provider)
@@ -1027,7 +1165,7 @@ static byte[] sign(PrivateKey privkey, PublicKey pubkey, int alg, byte[] data, S
         int t = (bigIntegerLength(p) - 64) / 8;
         signature = dsaSignatureToDNS(signature, DSA_LEN, t);
       } catch (IOException e) {
-        throw new IllegalStateException(e);
+        throw new DNSSECException(e);
       }
     } else if (pubkey instanceof ECPublicKey) {
       try {
@@ -1045,7 +1183,7 @@ static byte[] sign(PrivateKey privkey, PublicKey pubkey, int alg, byte[] data, S
             throw new UnsupportedAlgorithmException(alg);
         }
       } catch (IOException e) {
-        throw new IllegalStateException(e);
+        throw new DNSSECException(e);
       }
     }
 
@@ -1100,10 +1238,10 @@ static void checkAlgorithm(PrivateKey key, int alg) throws UnsupportedAlgorithmE
    * @param privkey The PrivateKey to use when signing
    * @param inception The time at which the signatures should become valid
    * @param expiration The time at which the signatures should expire
+   * @return The generated signature
    * @throws UnsupportedAlgorithmException The algorithm is unknown
    * @throws MalformedKeyException The key is malformed
    * @throws DNSSECException Some other error occurred.
-   * @return The generated signature
    * @deprecated use {@link #sign(RRset, DNSKEYRecord, PrivateKey, Instant, Instant)}
    */
   @Deprecated
@@ -1122,10 +1260,10 @@ public static RRSIGRecord sign(
    * @param privkey The PrivateKey to use when signing
    * @param inception The time at which the signatures should become valid
    * @param expiration The time at which the signatures should expire
+   * @return The generated signature
    * @throws UnsupportedAlgorithmException The algorithm is unknown
    * @throws MalformedKeyException The key is malformed
    * @throws DNSSECException Some other error occurred.
-   * @return The generated signature
    * @deprecated use {@link #sign(RRset, DNSKEYRecord, PrivateKey, Instant, Instant, String)}
    */
   @Deprecated
@@ -1149,10 +1287,10 @@ public static RRSIGRecord sign(
    * @param privkey The PrivateKey to use when signing
    * @param inception The time at which the signatures should become valid
    * @param expiration The time at which the signatures should expire
+   * @return The generated signature
    * @throws UnsupportedAlgorithmException The algorithm is unknown
    * @throws MalformedKeyException The key is malformed
    * @throws DNSSECException Some other error occurred.
-   * @return The generated signature
    */
   public static RRSIGRecord sign(
       RRset rrset, DNSKEYRecord key, PrivateKey privkey, Instant inception, Instant expiration)
@@ -1171,10 +1309,10 @@ public static RRSIGRecord sign(
    * @param expiration The time at which the signatures should expire
    * @param provider The name of the JCA provider. If non-null, it will be passed to JCA
    *     getInstance() methods.
+   * @return The generated signature
    * @throws UnsupportedAlgorithmException The algorithm is unknown
    * @throws MalformedKeyException The key is malformed
    * @throws DNSSECException Some other error occurred.
-   * @return The generated signature
    */
   public static RRSIGRecord sign(
       RRset rrset,
@@ -1247,16 +1385,7 @@ static void verifyMessage(
       throw new NoSignatureException();
     }
 
-    if (!matches(sig, key)) {
-      throw new KeyMismatchException(key, sig);
-    }
-
-    if (now.compareTo(sig.getExpire()) > 0) {
-      throw new SignatureExpiredException(sig.getExpire(), now);
-    }
-    if (now.compareTo(sig.getTimeSigned()) < 0) {
-      throw new SignatureNotYetValidException(sig.getTimeSigned(), now);
-    }
+    checkKeyAndSigRecord(sig, key, now);
 
     DNSOutput out = new DNSOutput();
     digestSIG(out, sig);
@@ -1270,9 +1399,7 @@ static void verifyMessage(
 
     out.writeByteArray(bytes, Header.LENGTH, message.sig0start - Header.LENGTH);
 
-    verify(
-        key.getPublicKey(), sig.getAlgorithm(),
-        out.toByteArray(), sig.getSignature());
+    verify(key, sig, out.toByteArray(), 0);
   }
 
   /**
diff --git a/src/main/java/org/xbill/DNS/DSRecord.java b/src/main/java/org/xbill/DNS/DSRecord.java
index 86b56cd7d..ab2794188 100644
--- a/src/main/java/org/xbill/DNS/DSRecord.java
+++ b/src/main/java/org/xbill/DNS/DSRecord.java
@@ -13,12 +13,16 @@
  * @see DNSSEC
  * @author David Blacka
  * @author Brian Wellington
- * @see <a href="https://tools.ietf.org/html/rfc4034">RFC 4034: Resource Records for the DNS
- *     Security Extensions</a>
+ * @see <a href="https://datatracker.ietf.org/doc/html/rfc4034">RFC 4034: Resource Records for the
+ *     DNS Security Extensions</a>
  */
 public class DSRecord extends Record {
 
-  /** @deprecated use {@link DNSSEC.Digest} */
+  /**
+   * DS digest constants.
+   *
+   * @deprecated use {@link DNSSEC.Digest}
+   */
   @Deprecated
   public static class Digest {
     private Digest() {}
@@ -36,13 +40,32 @@ private Digest() {}
     public static final int SHA384 = DNSSEC.Digest.SHA384;
   }
 
-  /** @deprecated use {@link DNSSEC.Digest#SHA1} */
+  /**
+   * SHA1 delegation signer digest ID.
+   *
+   * @deprecated use {@link DNSSEC.Digest#SHA1}
+   */
   @Deprecated public static final int SHA1_DIGEST_ID = DNSSEC.Digest.SHA1;
-  /** @deprecated use {@link DNSSEC.Digest#SHA256} */
+
+  /**
+   * SHA256 delegation signer digest ID.
+   *
+   * @deprecated use {@link DNSSEC.Digest#SHA256}
+   */
   @Deprecated public static final int SHA256_DIGEST_ID = DNSSEC.Digest.SHA256;
-  /** @deprecated use {@link DNSSEC.Digest#GOST3411} */
+
+  /**
+   * GOST4311 delegation signer digest ID.
+   *
+   * @deprecated use {@link DNSSEC.Digest#GOST3411}
+   */
   @Deprecated public static final int GOST3411_DIGEST_ID = DNSSEC.Digest.GOST3411;
-  /** @deprecated use {@link DNSSEC.Digest#SHA384} */
+
+  /**
+   * SHA384 delegation signer digest ID.
+   *
+   * @deprecated use {@link DNSSEC.Digest#SHA384}
+   */
   @Deprecated public static final int SHA384_DIGEST_ID = DNSSEC.Digest.SHA384;
 
   private int footprint;
@@ -70,6 +93,18 @@ protected DSRecord(
       int digestid,
       byte[] digest) {
     super(name, type, dclass, ttl);
+
+    int len = DNSSEC.Digest.algLength(digestid);
+    if (len > -1 && len != digest.length) {
+      throw new IllegalArgumentException(
+          "Expected "
+              + len
+              + " bytes for "
+              + DNSSEC.Digest.string(digestid)
+              + ", got "
+              + digest.length);
+    }
+
     this.footprint = checkU16("footprint", footprint);
     this.alg = checkU8("alg", alg);
     this.digestid = checkU8("digestid", digestid);
@@ -119,7 +154,17 @@ protected void rdataFromString(Tokenizer st, Name origin) throws IOException {
     footprint = st.getUInt16();
     alg = st.getUInt8();
     digestid = st.getUInt8();
-    digest = st.getHex();
+    digest = st.getHex(true);
+    int len = DNSSEC.Digest.algLength(digestid);
+    if (len > -1 && len != digest.length) {
+      throw st.exception(
+          "Expected "
+              + len
+              + " bytes for "
+              + DNSSEC.Digest.string(digestid)
+              + ", got "
+              + digest.length);
+    }
   }
 
   /** Converts rdata to a String */
diff --git a/src/main/java/org/xbill/DNS/DefaultIoClient.java b/src/main/java/org/xbill/DNS/DefaultIoClient.java
new file mode 100644
index 000000000..0f6cd407a
--- /dev/null
+++ b/src/main/java/org/xbill/DNS/DefaultIoClient.java
@@ -0,0 +1,46 @@
+// SPDX-License-Identifier: BSD-3-Clause
+package org.xbill.DNS;
+
+import java.net.InetSocketAddress;
+import java.time.Duration;
+import java.util.concurrent.CompletableFuture;
+import org.xbill.DNS.io.TcpIoClient;
+import org.xbill.DNS.io.UdpIoClient;
+
+/**
+ * An implementation of the IO clients that use the internal NIO-based clients.
+ *
+ * @see NioUdpClient
+ * @see NioTcpClient
+ * @since 3.6
+ */
+public class DefaultIoClient implements TcpIoClient, UdpIoClient {
+  private final TcpIoClient tcpIoClient;
+  private final UdpIoClient udpIoClient;
+
+  public DefaultIoClient() {
+    tcpIoClient = new NioTcpClient();
+    udpIoClient = new NioUdpClient();
+  }
+
+  @Override
+  public CompletableFuture<byte[]> sendAndReceiveTcp(
+      InetSocketAddress local,
+      InetSocketAddress remote,
+      Message query,
+      byte[] data,
+      Duration timeout) {
+    return tcpIoClient.sendAndReceiveTcp(local, remote, query, data, timeout);
+  }
+
+  @Override
+  public CompletableFuture<byte[]> sendAndReceiveUdp(
+      InetSocketAddress local,
+      InetSocketAddress remote,
+      Message query,
+      byte[] data,
+      int max,
+      Duration timeout) {
+    return udpIoClient.sendAndReceiveUdp(local, remote, query, data, max, timeout);
+  }
+}
diff --git a/src/main/java/org/xbill/DNS/DohResolver.java b/src/main/java/org/xbill/DNS/DohResolver.java
index d6f27b93b..fa150cc09 100644
--- a/src/main/java/org/xbill/DNS/DohResolver.java
+++ b/src/main/java/org/xbill/DNS/DohResolver.java
@@ -5,39 +5,31 @@
 import java.io.EOFException;
 import java.io.IOException;
 import java.io.InputStream;
-import java.lang.reflect.InvocationTargetException;
-import java.lang.reflect.Method;
 import java.net.HttpURLConnection;
 import java.net.SocketTimeoutException;
 import java.net.URI;
-import java.net.URL;
+import java.net.URISyntaxException;
 import java.security.NoSuchAlgorithmException;
 import java.time.Duration;
 import java.time.temporal.ChronoUnit;
-import java.util.Collections;
 import java.util.List;
-import java.util.Map;
-import java.util.WeakHashMap;
 import java.util.concurrent.CompletableFuture;
+import java.util.concurrent.CompletionException;
 import java.util.concurrent.CompletionStage;
 import java.util.concurrent.Executor;
-import java.util.concurrent.ForkJoinPool;
 import java.util.concurrent.TimeUnit;
-import java.util.concurrent.atomic.AtomicLong;
+import java.util.concurrent.TimeoutException;
 import java.util.function.Function;
 import javax.net.ssl.HttpsURLConnection;
 import javax.net.ssl.SSLContext;
 import javax.net.ssl.SSLSocketFactory;
-import lombok.SneakyThrows;
 import lombok.Value;
 import lombok.extern.slf4j.Slf4j;
-import org.xbill.DNS.AsyncSemaphore.Permit;
-import org.xbill.DNS.utils.base64;
 
 /**
- * Proof-of-concept <a href="https://tools.ietf.org/html/rfc8484">DNS over HTTP (DoH)</a> resolver.
- * This class is not suitable for high load scenarios because of the shortcomings of Java's built-in
- * HTTP clients. For more control, implement your own {@link Resolver} using e.g. <a
+ * Proof-of-concept <a href="https://datatracker.ietf.org/doc/html/rfc8484">DNS over HTTP (DoH)</a>
+ * resolver. This class is not suitable for high load scenarios because of the shortcomings of
+ * Java's built-in HTTP clients. For more control, implement your own {@link Resolver} using e.g. <a
  * href="https://github.com/square/okhttp/">OkHttp</a>.
  *
  * <p>On Java 8, it uses HTTP/1.1, which is against the recommendation of RFC 8484 to use HTTP/2 and
@@ -51,136 +43,16 @@
  * @since 3.0
  */
 @Slf4j
-public final class DohResolver implements Resolver {
-  private static final boolean USE_HTTP_CLIENT;
-  private static final Map<Executor, Object> httpClients =
-      Collections.synchronizedMap(new WeakHashMap<>());
+public final class DohResolver extends DohResolverCommon {
   private final SSLSocketFactory sslSocketFactory;
 
-  private static Object defaultHttpRequestBuilder;
-  private static Method publisherOfByteArrayMethod;
-  private static Method requestBuilderTimeoutMethod;
-  private static Method requestBuilderCopyMethod;
-  private static Method requestBuilderUriMethod;
-  private static Method requestBuilderBuildMethod;
-  private static Method requestBuilderPostMethod;
-
-  private static Method httpClientNewBuilderMethod;
-  private static Method httpClientBuilderTimeoutMethod;
-  private static Method httpClientBuilderExecutorMethod;
-  private static Method httpClientBuilderBuildMethod;
-  private static Method httpClientSendAsyncMethod;
-
-  private static Method byteArrayBodyPublisherMethod;
-  private static Method httpResponseBodyMethod;
-  private static Method httpResponseStatusCodeMethod;
-
-  private boolean usePost = false;
-  private Duration timeout = Duration.ofSeconds(5);
-  private String uriTemplate;
-  private final Duration idleConnectionTimeout;
-  private OPTRecord queryOPT = new OPTRecord(0, 0, 0);
-  private TSIG tsig;
-  private Executor defaultExecutor = ForkJoinPool.commonPool();
-
-  /**
-   * Maximum concurrent HTTP/2 streams or HTTP/1.1 connections.
-   *
-   * <p>rfc7540#section-6.5.2 recommends a minimum of 100 streams for HTTP/2.
-   */
-  private final AsyncSemaphore maxConcurrentRequests;
-
-  private final AtomicLong lastRequest = new AtomicLong(0);
-  private final AsyncSemaphore initialRequestLock = new AsyncSemaphore(1);
-
-  private static final String APPLICATION_DNS_MESSAGE = "application/dns-message";
-
-  static {
-    boolean initSuccess = false;
-    if (!System.getProperty("java.version").startsWith("1.")) {
-      try {
-        Class<?> httpClientBuilderClass = Class.forName("java.net.http.HttpClient$Builder");
-        Class<?> httpClientClass = Class.forName("java.net.http.HttpClient");
-        Class<?> httpVersionEnum = Class.forName("java.net.http.HttpClient$Version");
-        Class<?> httpRequestBuilderClass = Class.forName("java.net.http.HttpRequest$Builder");
-        Class<?> httpRequestClass = Class.forName("java.net.http.HttpRequest");
-        Class<?> bodyPublishersClass = Class.forName("java.net.http.HttpRequest$BodyPublishers");
-        Class<?> bodyPublisherClass = Class.forName("java.net.http.HttpRequest$BodyPublisher");
-        Class<?> httpResponseClass = Class.forName("java.net.http.HttpResponse");
-        Class<?> bodyHandlersClass = Class.forName("java.net.http.HttpResponse$BodyHandlers");
-        Class<?> bodyHandlerClass = Class.forName("java.net.http.HttpResponse$BodyHandler");
-
-        // HttpClient.Builder
-        httpClientBuilderTimeoutMethod =
-            httpClientBuilderClass.getDeclaredMethod("connectTimeout", Duration.class);
-        httpClientBuilderExecutorMethod =
-            httpClientBuilderClass.getDeclaredMethod("executor", Executor.class);
-        httpClientBuilderBuildMethod = httpClientBuilderClass.getDeclaredMethod("build");
-
-        // HttpClient
-        httpClientNewBuilderMethod = httpClientClass.getDeclaredMethod("newBuilder");
-        httpClientSendAsyncMethod =
-            httpClientClass.getDeclaredMethod("sendAsync", httpRequestClass, bodyHandlerClass);
-
-        // HttpRequestBuilder
-        Method requestBuilderHeaderMethod =
-            httpRequestBuilderClass.getDeclaredMethod("header", String.class, String.class);
-        Method requestBuilderVersionMethod =
-            httpRequestBuilderClass.getDeclaredMethod("version", httpVersionEnum);
-        requestBuilderTimeoutMethod =
-            httpRequestBuilderClass.getDeclaredMethod("timeout", Duration.class);
-        requestBuilderUriMethod = httpRequestBuilderClass.getDeclaredMethod("uri", URI.class);
-        requestBuilderCopyMethod = httpRequestBuilderClass.getDeclaredMethod("copy");
-        requestBuilderBuildMethod = httpRequestBuilderClass.getDeclaredMethod("build");
-        requestBuilderPostMethod =
-            httpRequestBuilderClass.getDeclaredMethod("POST", bodyPublisherClass);
-
-        // HttpRequest
-        Method requestBuilderNewBuilderMethod = httpRequestClass.getDeclaredMethod("newBuilder");
-
-        // BodyPublishers
-        publisherOfByteArrayMethod =
-            bodyPublishersClass.getDeclaredMethod("ofByteArray", byte[].class);
-
-        // BodyPublisher
-        byteArrayBodyPublisherMethod = bodyHandlersClass.getDeclaredMethod("ofByteArray");
-
-        // HttpResponse
-        httpResponseBodyMethod = httpResponseClass.getDeclaredMethod("body");
-        httpResponseStatusCodeMethod = httpResponseClass.getDeclaredMethod("statusCode");
-
-        // defaultHttpRequestBuilder = HttpRequest.newBuilder();
-        // defaultHttpRequestBuilder.version(HttpClient.Version.HTTP_2);
-        // defaultHttpRequestBuilder.header("Content-Type", "application/dns-message");
-        // defaultHttpRequestBuilder.header("Accept", "application/dns-message");
-        defaultHttpRequestBuilder = requestBuilderNewBuilderMethod.invoke(null);
-        @SuppressWarnings({"unchecked", "rawtypes"})
-        Enum<?> http2Version = Enum.valueOf((Class<Enum>) httpVersionEnum, "HTTP_2");
-        requestBuilderVersionMethod.invoke(defaultHttpRequestBuilder, http2Version);
-        requestBuilderHeaderMethod.invoke(
-            defaultHttpRequestBuilder, "Content-Type", APPLICATION_DNS_MESSAGE);
-        requestBuilderHeaderMethod.invoke(
-            defaultHttpRequestBuilder, "Accept", APPLICATION_DNS_MESSAGE);
-        initSuccess = true;
-      } catch (ClassNotFoundException
-          | NoSuchMethodException
-          | IllegalAccessException
-          | InvocationTargetException e) {
-        // fallback to Java 8
-        log.warn("Java >= 11 detected, but HttpRequest not available");
-      }
-    }
-
-    USE_HTTP_CLIENT = initSuccess;
-  }
-
   /**
    * Creates a new DoH resolver that performs lookups with HTTP GET and the default timeout (5s).
    *
    * @param uriTemplate the URI to use for resolving, e.g. {@code https://dns.google/dns-query}
    */
   public DohResolver(String uriTemplate) {
-    this(uriTemplate, 100, Duration.ofMinutes(2));
+    this(uriTemplate, 100, Duration.ZERO);
   }
 
   /**
@@ -196,22 +68,9 @@ public DohResolver(String uriTemplate) {
    */
   public DohResolver(
       String uriTemplate, int maxConcurrentRequests, Duration idleConnectionTimeout) {
-    this.uriTemplate = uriTemplate;
-    this.idleConnectionTimeout = idleConnectionTimeout;
-    if (maxConcurrentRequests <= 0) {
-      throw new IllegalArgumentException("maxConcurrentRequests must be > 0");
-    }
-    if (!USE_HTTP_CLIENT) {
-      try {
-        int javaMaxConn = Integer.parseInt(System.getProperty("http.maxConnections", "5"));
-        if (maxConcurrentRequests > javaMaxConn) {
-          maxConcurrentRequests = javaMaxConn;
-        }
-      } catch (NumberFormatException nfe) {
-        // well, use what we got
-      }
-    }
-    this.maxConcurrentRequests = new AsyncSemaphore(maxConcurrentRequests);
+    super(uriTemplate, maxConcurrentRequests);
+
+    log.debug("Using Java 8 implementation");
     try {
       sslSocketFactory = SSLContext.getDefault().getSocketFactory();
     } catch (NoSuchAlgorithmException e) {
@@ -219,45 +78,6 @@ public DohResolver(
     }
   }
 
-  @SneakyThrows
-  private Object getHttpClient(Executor executor) {
-    return httpClients.computeIfAbsent(
-        executor,
-        key -> {
-          try {
-            // return HttpClient.newBuilder()
-            //   .connectTimeout(timeout).
-            //   .executor(executor)
-            //   .build();
-            Object httpClientBuilder = httpClientNewBuilderMethod.invoke(null);
-            httpClientBuilderTimeoutMethod.invoke(httpClientBuilder, timeout);
-            httpClientBuilderExecutorMethod.invoke(httpClientBuilder, key);
-            return httpClientBuilderBuildMethod.invoke(httpClientBuilder);
-          } catch (IllegalAccessException | InvocationTargetException e) {
-            log.warn("Could not create a HttpClient with for Executor {}", key, e);
-            return null;
-          }
-        });
-  }
-
-  /** Not implemented. Specify the port in {@link #setUriTemplate(String)} if required. */
-  @Override
-  public void setPort(int port) {
-    // Not implemented, port is part of the URI
-  }
-
-  /** Not implemented. */
-  @Override
-  public void setTCP(boolean flag) {
-    // Not implemented, HTTP is always TCP
-  }
-
-  /** Not implemented. */
-  @Override
-  public void setIgnoreTruncation(boolean flag) {
-    // Not implemented, protocol uses TCP and doesn't have truncation
-  }
-
   /**
    * Sets the EDNS information on outgoing messages.
    *
@@ -267,87 +87,85 @@ public void setIgnoreTruncation(boolean flag) {
    * @param options EDNS options to be set in the OPT record
    */
   @Override
+  @SuppressWarnings("java:S1185") // required for source- and binary compatibility
   public void setEDNS(int version, int payloadSize, int flags, List<EDNSOption> options) {
-    switch (version) {
-      case -1:
-        queryOPT = null;
-        break;
-
-      case 0:
-        queryOPT = new OPTRecord(0, 0, version, flags, options);
-        break;
-
-      default:
-        throw new IllegalArgumentException("invalid EDNS version - must be 0 or -1 to disable");
-    }
-  }
-
-  @Override
-  public void setTSIGKey(TSIG key) {
-    this.tsig = key;
-  }
-
-  @Override
-  public void setTimeout(Duration timeout) {
-    this.timeout = timeout;
-    httpClients.clear();
-  }
-
-  @Override
-  public Duration getTimeout() {
-    return timeout;
+    // required for source- and binary compatibility
+    super.setEDNS(version, payloadSize, flags, options);
   }
 
   @Override
+  @SuppressWarnings("java:S1185") // required for source- and binary compatibility
   public CompletionStage<Message> sendAsync(Message query) {
-    return sendAsync(query, defaultExecutor);
+    // required for source- and binary compatibility
+    return this.sendAsync(query, defaultExecutor);
   }
 
   @Override
   public CompletionStage<Message> sendAsync(Message query, Executor executor) {
-    if (USE_HTTP_CLIENT) {
-      return sendAsync11(query, executor);
-    }
-
-    return sendAsync8(query, executor);
-  }
-
-  private CompletionStage<Message> sendAsync8(final Message query, Executor executor) {
     byte[] queryBytes = prepareQuery(query).toWire();
     String url = getUrl(queryBytes);
-    long startTime = System.nanoTime();
-    return maxConcurrentRequests
-        .acquire(timeout)
-        .handleAsync(
-            (permit, ex) -> {
-              if (ex != null) {
-                return this.<Message>timeoutFailedFuture(query, ex);
-              } else {
-                try {
-                  SendAndGetMessageBytesResponse result =
-                      sendAndGetMessageBytes(url, queryBytes, startTime);
-                  Message response;
-                  if (result.rc == Rcode.NOERROR) {
-                    response = new Message(result.responseBytes);
-                    verifyTSIG(query, response, result.responseBytes, tsig);
+    long startTime = getNanoTime();
+    int queryId = query.getHeader().getID();
+
+    CompletableFuture<Message> f =
+        maxConcurrentRequests
+            .acquire(timeout, queryId, executor)
+            .handleAsync(
+                (permit, ex) -> {
+                  if (ex != null) {
+                    return this.<Message>timeoutFailedFuture(
+                        query, "could not acquire lock to send request", ex);
                   } else {
-                    response = new Message(0);
-                    response.getHeader().setRcode(result.rc);
-                  }
+                    try {
+                      SendAndGetMessageBytesResponse result =
+                          sendAndGetMessageBytes(url, queryBytes, startTime);
+                      Message response;
+                      if (result.rc == Rcode.NOERROR) {
+                        response = new Message(result.responseBytes);
+                        verifyTSIG(query, response, result.responseBytes, tsig);
+                      } else {
+                        response = new Message(0);
+                        response.getHeader().setRcode(result.rc);
+                      }
 
-                  response.setResolver(this);
-                  return CompletableFuture.completedFuture(response);
-                } catch (SocketTimeoutException e) {
-                  return this.<Message>timeoutFailedFuture(query, e);
-                } catch (IOException e) {
-                  return this.<Message>failedFuture(e);
-                } finally {
-                  permit.release();
-                }
+                      response.setResolver(this);
+                      return CompletableFuture.completedFuture(response);
+                    } catch (SocketTimeoutException e) {
+                      return this.<Message>timeoutFailedFuture(query, e);
+                    } catch (IOException | URISyntaxException e) {
+                      return this.<Message>failedFuture(e);
+                    } finally {
+                      permit.release(queryId, executor);
+                    }
+                  }
+                },
+                executor)
+            .thenCompose(Function.identity())
+            .toCompletableFuture();
+
+    Duration remainingTimeout = timeout.minus(getNanoTime() - startTime, ChronoUnit.NANOS);
+    return TimeoutCompletableFuture.compatTimeout(
+            f, remainingTimeout.toMillis(), TimeUnit.MILLISECONDS)
+        .exceptionally(
+            ex -> {
+              if (ex instanceof TimeoutException) {
+                throw new CompletionException(
+                    new TimeoutException(
+                        "Query "
+                            + queryId
+                            + " for "
+                            + query.getQuestion().getName()
+                            + "/"
+                            + Type.string(query.getQuestion().getType())
+                            + " timed out in remaining "
+                            + remainingTimeout.toMillis()
+                            + "ms"));
+              } else if (ex instanceof CompletionException) {
+                throw (CompletionException) ex;
               }
-            },
-            executor)
-        .thenCompose(Function.identity());
+
+              throw new CompletionException(ex);
+            });
   }
 
   @Value
@@ -357,20 +175,33 @@ private static class SendAndGetMessageBytesResponse {
   }
 
   private SendAndGetMessageBytesResponse sendAndGetMessageBytes(
-      String url, byte[] queryBytes, long startTime) throws IOException {
-    HttpURLConnection conn = (HttpURLConnection) new URL(url).openConnection();
+      String url, byte[] queryBytes, long startTime) throws IOException, URISyntaxException {
+    HttpURLConnection conn = (HttpURLConnection) new URI(url).toURL().openConnection();
     if (conn instanceof HttpsURLConnection) {
       ((HttpsURLConnection) conn).setSSLSocketFactory(sslSocketFactory);
     }
-
-    Duration remainingTimeout = timeout.minus(System.nanoTime() - startTime, ChronoUnit.NANOS);
-    conn.setConnectTimeout((int) remainingTimeout.toMillis());
-    conn.setReadTimeout((int) remainingTimeout.toMillis());
     conn.setRequestMethod(usePost ? "POST" : "GET");
     conn.setRequestProperty("Content-Type", APPLICATION_DNS_MESSAGE);
     conn.setRequestProperty("Accept", APPLICATION_DNS_MESSAGE);
+
+    Duration remainingTimeout = timeout.minus(getNanoTime() - startTime, ChronoUnit.NANOS);
+    if (remainingTimeout.toMillis() <= 0) {
+      throw new SocketTimeoutException("No time left to connect");
+    }
+
+    conn.setConnectTimeout((int) remainingTimeout.toMillis());
     if (usePost) {
       conn.setDoOutput(true);
+    }
+
+    conn.connect();
+    remainingTimeout = timeout.minus(getNanoTime() - startTime, ChronoUnit.NANOS);
+    if (remainingTimeout.toMillis() <= 0) {
+      throw new SocketTimeoutException("No time left to request data");
+    }
+
+    conn.setReadTimeout((int) remainingTimeout.toMillis());
+    if (usePost) {
       conn.getOutputStream().write(queryBytes);
     }
 
@@ -389,23 +220,34 @@ private SendAndGetMessageBytesResponse sendAndGetMessageBytes(
         int offset = 0;
         while ((r = is.read(responseBytes, offset, responseBytes.length - offset)) > 0) {
           offset += r;
-          remainingTimeout = timeout.minus(System.nanoTime() - startTime, ChronoUnit.NANOS);
-          if (remainingTimeout.isNegative()) {
-            throw new SocketTimeoutException();
+          remainingTimeout = timeout.minus(getNanoTime() - startTime, ChronoUnit.NANOS);
+
+          // Don't throw if we just received all data
+          if (offset != responseBytes.length
+              && (remainingTimeout.isNegative() || remainingTimeout.isZero())) {
+            throw new SocketTimeoutException(
+                "Timed out waiting for response data, got "
+                    + offset
+                    + " of "
+                    + responseBytes.length
+                    + " expected bytes");
           }
         }
+
         if (offset < responseBytes.length) {
           throw new EOFException("Could not read expected content length");
         }
+
         return new SendAndGetMessageBytesResponse(Rcode.NOERROR, responseBytes);
       } else {
         try (ByteArrayOutputStream bos = new ByteArrayOutputStream()) {
           byte[] buffer = new byte[4096];
           int r;
           while ((r = is.read(buffer, 0, buffer.length)) > 0) {
-            remainingTimeout = timeout.minus(System.nanoTime() - startTime, ChronoUnit.NANOS);
-            if (remainingTimeout.isNegative()) {
-              throw new SocketTimeoutException();
+            remainingTimeout = timeout.minus(getNanoTime() - startTime, ChronoUnit.NANOS);
+            if (remainingTimeout.isNegative() || remainingTimeout.isZero()) {
+              throw new SocketTimeoutException(
+                  "Timed out waiting for response data, got " + bos.size() + " bytes so far");
             }
             bos.write(buffer, 0, r);
           }
@@ -431,276 +273,10 @@ private void discardStream(InputStream es) throws IOException {
     }
   }
 
-  private CompletionStage<Message> sendAsync11(final Message query, Executor executor) {
-    long startTime = System.nanoTime();
-    byte[] queryBytes = prepareQuery(query).toWire();
-    String url = getUrl(queryBytes);
-
-    // var requestBuilder = defaultHttpRequestBuilder.copy();
-    // requestBuilder.uri(URI.create(url));
-    Object requestBuilder;
-    try {
-      requestBuilder = requestBuilderCopyMethod.invoke(defaultHttpRequestBuilder);
-      requestBuilderUriMethod.invoke(requestBuilder, URI.create(url));
-      if (usePost) {
-        // requestBuilder.POST(HttpRequest.BodyPublishers.ofByteArray(queryBytes));
-        requestBuilderPostMethod.invoke(
-            requestBuilder, publisherOfByteArrayMethod.invoke(null, queryBytes));
-      }
-    } catch (IllegalAccessException | InvocationTargetException e) {
-      return failedFuture(e);
-    }
-
-    // check if this request needs to be done synchronously because of HttpClient's stupidity to
-    // not use the connection pool for HTTP/2 until one connection is successfully established,
-    // which could lead to hundreds of connections (and threads with the default executor)
-    Duration remainingTimeout = timeout.minus(System.nanoTime() - startTime, ChronoUnit.NANOS);
-    return initialRequestLock
-        .acquire(remainingTimeout)
-        .handle(
-            (initialRequestPermit, initialRequestEx) -> {
-              if (initialRequestEx != null) {
-                return this.<Message>timeoutFailedFuture(query, initialRequestEx);
-              } else {
-                return sendAsync11WithInitialRequestPermit(
-                    query, executor, startTime, requestBuilder, initialRequestPermit);
-              }
-            })
-        .thenCompose(Function.identity());
-  }
-
-  private CompletionStage<Message> sendAsync11WithInitialRequestPermit(
-      Message query,
-      Executor executor,
-      long startTime,
-      Object requestBuilder,
-      Permit initialRequestPermit) {
-    long lastRequestTime = lastRequest.get();
-    boolean isInitialRequest =
-        (lastRequestTime < System.nanoTime() - idleConnectionTimeout.toNanos());
-    if (!isInitialRequest) {
-      initialRequestPermit.release();
-    }
-
-    // check if we already exceeded the query timeout while checking the initial connection
-    Duration remainingTimeout = timeout.minus(System.nanoTime() - startTime, ChronoUnit.NANOS);
-    if (remainingTimeout.isNegative()) {
-      if (isInitialRequest) {
-        initialRequestPermit.release();
-      }
-      return timeoutFailedFuture(query, null);
-    }
-
-    // Lock a HTTP/2 stream. Another stupidity of HttpClient to not simply queue the
-    // request, but fail with an IOException which also CLOSES the connection... *facepalm*
-    return maxConcurrentRequests
-        .acquire(remainingTimeout)
-        .handle(
-            (maxConcurrentRequestPermit, maxConcurrentRequestEx) -> {
-              if (maxConcurrentRequestEx != null) {
-                if (isInitialRequest) {
-                  initialRequestPermit.release();
-                }
-                return this.<Message>timeoutFailedFuture(query, maxConcurrentRequestEx);
-              } else {
-                return sendAsync11WithConcurrentRequestPermit(
-                    query,
-                    executor,
-                    startTime,
-                    requestBuilder,
-                    initialRequestPermit,
-                    isInitialRequest,
-                    maxConcurrentRequestPermit);
-              }
-            })
-        .thenCompose(Function.identity());
-  }
-
-  private CompletionStage<Message> sendAsync11WithConcurrentRequestPermit(
-      Message query,
-      Executor executor,
-      long startTime,
-      Object requestBuilder,
-      Permit initialRequestPermit,
-      boolean isInitialRequest,
-      Permit maxConcurrentRequestPermit) {
-    // check if the stream lock acquisition took too long
-    Duration remainingTimeout = timeout.minus(System.nanoTime() - startTime, ChronoUnit.NANOS);
-    if (remainingTimeout.isNegative()) {
-      if (isInitialRequest) {
-        initialRequestPermit.release();
-      }
-      maxConcurrentRequestPermit.release();
-      return timeoutFailedFuture(query, null);
-    }
-
-    // var httpRequest = requestBuilder.timeout(remainingTimeout).build();
-    // var bodyHandler = HttpResponse.BodyHandlers.ofByteArray();
-    // return getHttpClient(executor).sendAsync(httpRequest, bodyHandler)
-    try {
-      Object httpClient = getHttpClient(executor);
-      requestBuilderTimeoutMethod.invoke(requestBuilder, remainingTimeout);
-      Object httpRequest = requestBuilderBuildMethod.invoke(requestBuilder);
-      Object bodyHandler = byteArrayBodyPublisherMethod.invoke(null);
-      CompletableFuture<Message> f =
-          ((CompletableFuture<?>)
-                  httpClientSendAsyncMethod.invoke(httpClient, httpRequest, bodyHandler))
-              .whenComplete(
-                  (result, ex) -> {
-                    if (ex == null) {
-                      lastRequest.set(startTime);
-                    }
-                    maxConcurrentRequestPermit.release();
-                    if (isInitialRequest) {
-                      initialRequestPermit.release();
-                    }
-                  })
-              .handleAsync(
-                  (response, ex) -> {
-                    if (ex != null) {
-                      if (ex.getCause().getClass().getSimpleName().equals("HttpTimeoutException")) {
-                        return this.<Message>timeoutFailedFuture(query, ex.getCause());
-                      } else {
-                        return this.<Message>failedFuture(ex);
-                      }
-                    } else {
-                      try {
-                        Message responseMessage;
-                        // int rc = response.statusCode();
-                        int rc = (int) httpResponseStatusCodeMethod.invoke(response);
-                        if (rc >= 200 && rc < 300) {
-                          // byte[] responseBytes = response.body();
-                          byte[] responseBytes = (byte[]) httpResponseBodyMethod.invoke(response);
-                          responseMessage = new Message(responseBytes);
-                          verifyTSIG(query, responseMessage, responseBytes, tsig);
-                        } else {
-                          responseMessage = new Message();
-                          responseMessage.getHeader().setRcode(Rcode.SERVFAIL);
-                        }
-
-                        responseMessage.setResolver(this);
-                        return CompletableFuture.completedFuture(responseMessage);
-                      } catch (IOException | IllegalAccessException | InvocationTargetException e) {
-                        return this.<Message>failedFuture(e);
-                      }
-                    }
-                  },
-                  executor)
-              .thenCompose(Function.identity());
-      return TimeoutCompletableFuture.compatTimeout(
-          f, remainingTimeout.toMillis(), TimeUnit.MILLISECONDS);
-    } catch (IllegalAccessException | InvocationTargetException e) {
-      return failedFuture(e);
-    }
-  }
-
-  private <T> CompletableFuture<T> failedFuture(Throwable e) {
+  @Override
+  protected <T> CompletableFuture<T> failedFuture(Throwable e) {
     CompletableFuture<T> f = new CompletableFuture<>();
     f.completeExceptionally(e);
     return f;
   }
-
-  private <T> CompletableFuture<T> timeoutFailedFuture(Message query, Throwable inner) {
-    return failedFuture(
-        new IOException(
-            "Query "
-                + query.getHeader().getID()
-                + " for "
-                + query.getQuestion().getName()
-                + "/"
-                + Type.string(query.getQuestion().getType())
-                + " timed out",
-            inner));
-  }
-
-  private String getUrl(byte[] queryBytes) {
-    String url = uriTemplate;
-    if (!usePost) {
-      url += "?dns=" + base64.toString(queryBytes, true);
-    }
-    return url;
-  }
-
-  private Message prepareQuery(Message query) {
-    Message preparedQuery = query.clone();
-    preparedQuery.getHeader().setID(0);
-    if (queryOPT != null && preparedQuery.getOPT() == null) {
-      preparedQuery.addRecord(queryOPT, Section.ADDITIONAL);
-    }
-
-    if (tsig != null) {
-      tsig.apply(preparedQuery, null);
-    }
-
-    return preparedQuery;
-  }
-
-  private void verifyTSIG(Message query, Message response, byte[] b, TSIG tsig) {
-    if (tsig == null) {
-      return;
-    }
-
-    int error = tsig.verify(response, b, query.getTSIG());
-    log.debug(
-        "TSIG verify for query {}, {}/{}: {}",
-        query.getHeader().getID(),
-        query.getQuestion().getName(),
-        Type.string(query.getQuestion().getType()),
-        Rcode.TSIGstring(error));
-  }
-
-  /** Returns {@code true} if the HTTP method POST to resolve, {@code false} if GET is used. */
-  public boolean isUsePost() {
-    return usePost;
-  }
-
-  /**
-   * Sets the HTTP method to use for resolving.
-   *
-   * @param usePost {@code true} to use POST, {@code false} to use GET (the default).
-   */
-  public void setUsePost(boolean usePost) {
-    this.usePost = usePost;
-  }
-
-  /** Gets the current URI used for resolving. */
-  public String getUriTemplate() {
-    return uriTemplate;
-  }
-
-  /** Sets the URI to use for resolving, e.g. {@code https://dns.google/dns-query} */
-  public void setUriTemplate(String uriTemplate) {
-    this.uriTemplate = uriTemplate;
-  }
-
-  /**
-   * Gets the default {@link Executor} for request handling, defaults to {@link
-   * ForkJoinPool#commonPool()}.
-   *
-   * @since 3.3
-   * @deprecated not applicable if {@link #sendAsync(Message, Executor)} is used.
-   */
-  @Deprecated
-  public Executor getExecutor() {
-    return defaultExecutor;
-  }
-
-  /**
-   * Sets the default {@link Executor} for request handling.
-   *
-   * @param executor The new {@link Executor}, can be {@code null} (which is equivalent to {@link
-   *     ForkJoinPool#commonPool()}).
-   * @since 3.3
-   * @deprecated Use {@link #sendAsync(Message, Executor)}.
-   */
-  @Deprecated
-  public void setExecutor(Executor executor) {
-    this.defaultExecutor = executor == null ? ForkJoinPool.commonPool() : executor;
-    httpClients.clear();
-  }
-
-  @Override
-  public String toString() {
-    return "DohResolver {" + (usePost ? "POST " : "GET ") + uriTemplate + "}";
-  }
 }
diff --git a/src/main/java/org/xbill/DNS/DohResolverCommon.java b/src/main/java/org/xbill/DNS/DohResolverCommon.java
new file mode 100644
index 000000000..c584fa2da
--- /dev/null
+++ b/src/main/java/org/xbill/DNS/DohResolverCommon.java
@@ -0,0 +1,233 @@
+// SPDX-License-Identifier: BSD-3-Clause
+package org.xbill.DNS;
+
+import java.time.Duration;
+import java.util.List;
+import java.util.concurrent.CompletableFuture;
+import java.util.concurrent.Executor;
+import java.util.concurrent.ForkJoinPool;
+import java.util.concurrent.TimeoutException;
+import java.util.concurrent.atomic.AtomicLong;
+import lombok.extern.slf4j.Slf4j;
+import org.xbill.DNS.utils.base64;
+
+@Slf4j
+abstract class DohResolverCommon implements Resolver {
+  /**
+   * Maximum concurrent HTTP/2 streams or HTTP/1.1 connections.
+   *
+   * <p>rfc7540#section-6.5.2 recommends a minimum of 100 streams for HTTP/2.
+   */
+  protected final AsyncSemaphore maxConcurrentRequests;
+
+  protected final AtomicLong lastRequest = new AtomicLong(0);
+
+  protected static final String APPLICATION_DNS_MESSAGE = "application/dns-message";
+
+  protected boolean usePost = false;
+  protected Duration timeout = Duration.ofSeconds(5);
+  protected String uriTemplate;
+  protected OPTRecord queryOPT = new OPTRecord(0, 0, 0);
+  protected TSIG tsig;
+  protected Executor defaultExecutor = ForkJoinPool.commonPool();
+
+  // package-visible for testing
+  long getNanoTime() {
+    return System.nanoTime();
+  }
+
+  /**
+   * Creates a new DoH resolver that performs lookups with HTTP GET and the default timeout (5s).
+   *
+   * @param uriTemplate the URI to use for resolving, e.g. {@code https://dns.google/dns-query}
+   * @param maxConcurrentRequests Maximum concurrent HTTP/2 streams for Java 11+ or HTTP/1.1
+   *     connections for Java 8. On Java 8 this cannot exceed the system property {@code
+   *     http.maxConnections}.
+   */
+  protected DohResolverCommon(String uriTemplate, int maxConcurrentRequests) {
+    this.uriTemplate = uriTemplate;
+    if (maxConcurrentRequests <= 0) {
+      throw new IllegalArgumentException("maxConcurrentRequests must be > 0");
+    }
+
+    try {
+      int javaMaxConn = Integer.parseInt(System.getProperty("http.maxConnections", "5"));
+      if (maxConcurrentRequests > javaMaxConn) {
+        maxConcurrentRequests = javaMaxConn;
+      }
+    } catch (NumberFormatException nfe) {
+      // well, use what we got
+    }
+
+    this.maxConcurrentRequests =
+        new AsyncSemaphore(maxConcurrentRequests, "concurrent request limit");
+  }
+
+  /** Not implemented. Specify the port in {@link #setUriTemplate(String)} if required. */
+  @Override
+  public void setPort(int port) {
+    // Not implemented, port is part of the URI
+  }
+
+  /** Not implemented. */
+  @Override
+  public void setTCP(boolean flag) {
+    // Not implemented, HTTP is always TCP
+  }
+
+  /** Not implemented. */
+  @Override
+  public void setIgnoreTruncation(boolean flag) {
+    // Not implemented, protocol uses TCP and doesn't have truncation
+  }
+
+  /**
+   * Sets the EDNS information on outgoing messages.
+   *
+   * @param version The EDNS version to use. 0 indicates EDNS0 and -1 indicates no EDNS.
+   * @param payloadSize ignored
+   * @param flags EDNS extended flags to be set in the OPT record.
+   * @param options EDNS options to be set in the OPT record
+   */
+  @Override
+  public void setEDNS(int version, int payloadSize, int flags, List<EDNSOption> options) {
+    switch (version) {
+      case -1:
+        queryOPT = null;
+        break;
+
+      case 0:
+        queryOPT = new OPTRecord(0, 0, version, flags, options);
+        break;
+
+      default:
+        throw new IllegalArgumentException("invalid EDNS version - must be 0 or -1 to disable");
+    }
+  }
+
+  @Override
+  public void setTSIGKey(TSIG key) {
+    this.tsig = key;
+  }
+
+  @Override
+  public void setTimeout(Duration timeout) {
+    this.timeout = timeout;
+  }
+
+  @Override
+  public Duration getTimeout() {
+    return timeout;
+  }
+
+  protected String getUrl(byte[] queryBytes) {
+    String url = uriTemplate;
+    if (!usePost) {
+      url += "?dns=" + base64.toString(queryBytes, true);
+    }
+    return url;
+  }
+
+  protected Message prepareQuery(Message query) {
+    Message preparedQuery = query.clone();
+    preparedQuery.getHeader().setID(0);
+    if (queryOPT != null && preparedQuery.getOPT() == null) {
+      preparedQuery.addRecord(queryOPT, Section.ADDITIONAL);
+    }
+
+    if (tsig != null) {
+      tsig.apply(preparedQuery, null);
+    }
+
+    return preparedQuery;
+  }
+
+  protected void verifyTSIG(Message query, Message response, byte[] b, TSIG tsig) {
+    if (tsig == null) {
+      return;
+    }
+
+    int error = tsig.verify(response, b, query.getGeneratedTSIG());
+    log.debug(
+        "TSIG verify for query {}, {}/{}: {}",
+        query.getHeader().getID(),
+        query.getQuestion().getName(),
+        Type.string(query.getQuestion().getType()),
+        Rcode.TSIGstring(error));
+  }
+
+  /** Returns {@code true} if the HTTP method POST to resolve, {@code false} if GET is used. */
+  public boolean isUsePost() {
+    return usePost;
+  }
+
+  /**
+   * Sets the HTTP method to use for resolving.
+   *
+   * @param usePost {@code true} to use POST, {@code false} to use GET (the default).
+   */
+  public void setUsePost(boolean usePost) {
+    this.usePost = usePost;
+  }
+
+  /** Gets the current URI used for resolving. */
+  public String getUriTemplate() {
+    return uriTemplate;
+  }
+
+  /** Sets the URI to use for resolving, e.g. {@code https://dns.google/dns-query} */
+  public void setUriTemplate(String uriTemplate) {
+    this.uriTemplate = uriTemplate;
+  }
+
+  /**
+   * Gets the default {@link Executor} for request handling, defaults to {@link
+   * ForkJoinPool#commonPool()}.
+   *
+   * @since 3.3
+   * @deprecated not applicable if {@link #sendAsync(Message, Executor)} is used.
+   */
+  @Deprecated
+  public Executor getExecutor() {
+    return defaultExecutor;
+  }
+
+  /**
+   * Sets the default {@link Executor} for request handling.
+   *
+   * @param executor The new {@link Executor}, can be {@code null} (which is equivalent to {@link
+   *     ForkJoinPool#commonPool()}).
+   * @since 3.3
+   * @deprecated Use {@link #sendAsync(Message, Executor)}.
+   */
+  @Deprecated
+  public void setExecutor(Executor executor) {
+    this.defaultExecutor = executor == null ? ForkJoinPool.commonPool() : executor;
+  }
+
+  @Override
+  public String toString() {
+    return "DohResolver {" + (usePost ? "POST " : "GET ") + uriTemplate + "}";
+  }
+
+  protected abstract <T> CompletableFuture<T> failedFuture(Throwable e);
+
+  protected final <T> CompletableFuture<T> timeoutFailedFuture(Message query, Throwable inner) {
+    return timeoutFailedFuture(query, null, inner);
+  }
+
+  protected final <T> CompletableFuture<T> timeoutFailedFuture(
+      Message query, String message, Throwable inner) {
+    return failedFuture(
+        new TimeoutException(
+            "Query "
+                + query.getHeader().getID()
+                + " for "
+                + query.getQuestion().getName()
+                + "/"
+                + Type.string(query.getQuestion().getType())
+                + " timed out"
+                + (message != null ? ": " + message : "")
+                + (inner != null && inner.getMessage() != null ? ", " + inner.getMessage() : "")));
+  }
+}
diff --git a/src/main/java/org/xbill/DNS/EDNSOption.java b/src/main/java/org/xbill/DNS/EDNSOption.java
index 4de7ad1fb..b8dc7ca1f 100644
--- a/src/main/java/org/xbill/DNS/EDNSOption.java
+++ b/src/main/java/org/xbill/DNS/EDNSOption.java
@@ -3,6 +3,7 @@
 package org.xbill.DNS;
 
 import java.io.IOException;
+import java.io.Serializable;
 import java.util.Arrays;
 
 /**
@@ -12,7 +13,7 @@
  * @author Brian Wellington
  * @author Ming Zhou &lt;mizhou@bnivideo.com&gt;, Beaumaris Networks
  */
-public abstract class EDNSOption {
+public abstract class EDNSOption implements Serializable {
 
   /**
    * @see <a
@@ -22,54 +23,129 @@ public abstract class EDNSOption {
   public static class Code {
     private Code() {}
 
-    /** Apple's DNS Long-Lived Queries protocol, draft-sekar-dns-llq-06 */
+    /**
+     * Apple's DNS Long-Lived Queries protocol.
+     *
+     * @see <a href="https://datatracker.ietf.org/doc/html/rfc8764/">RFC 8764</a>
+     */
     public static final int LLQ = 1;
 
-    /** Dynamic DNS Update Leases, draft-sekar-dns-ul-02 */
+    /**
+     * Dynamic DNS Update Leases.
+     *
+     * @see <a
+     *     href="https://datatracker.ietf.org/doc/html/draft-sekar-dns-ul-03">draft-sekar-dns-ul-03</a>
+     */
     public static final int UL = 2;
 
-    /** Name Server Identifier, RFC 5001 */
+    /**
+     * Name Server Identifier.
+     *
+     * @see <a href="https://datatracker.ietf.org/doc/html/rfc5001/">RFC 5001</a>
+     */
     public static final int NSID = 3;
 
-    /** DNSSEC Algorithm Understood (DAU), RFC 6975 */
+    /**
+     * DNSSEC Algorithm Understood (DAU).
+     *
+     * @see <a href="https://datatracker.ietf.org/doc/html/rfc6975/">RFC 6975</a>
+     */
     public static final int DAU = 5;
 
-    /** DNSSEC DS Hash Understood (DHU), RFC 6975 */
+    /**
+     * DNSSEC DS Hash Understood (DHU).
+     *
+     * @see <a href="https://datatracker.ietf.org/doc/html/rfc8764/">RFC 8764</a>
+     */
     public static final int DHU = 6;
 
-    /** DNSSEC NSEC3 Hash Understood (N3U), RFC 6975 */
+    /**
+     * DNSSEC NSEC3 Hash Understood (N3U).
+     *
+     * @see <a href="https://datatracker.ietf.org/doc/html/rfc6975/">RFC 6975</a>
+     */
     public static final int N3U = 7;
 
-    /** Client Subnet, RFC 7871 */
+    /**
+     * Client Subnet.
+     *
+     * @see <a href="https://datatracker.ietf.org/doc/html/rfc7871/">RFC 7871</a>
+     */
     public static final int CLIENT_SUBNET = 8;
 
-    /** (EDNS) EXPIRE Option, RFC 7314 */
+    /**
+     * (EDNS) EXPIRE Option.
+     *
+     * @see <a href="https://datatracker.ietf.org/doc/html/rfc7314/">RFC 7314</a>
+     */
     public static final int EDNS_EXPIRE = 9;
 
-    /** Cookie, RFC 7873 */
+    /**
+     * Cookie.
+     *
+     * @see <a href="https://datatracker.ietf.org/doc/html/rfc7873/">RFC 7873</a>
+     */
     public static final int COOKIE = 10;
 
-    /** TCP Keepalive, RFC 7828 */
+    /**
+     * TCP Keepalive.
+     *
+     * @see <a href="https://datatracker.ietf.org/doc/html/rfc7828/">RFC 7828</a>
+     */
     public static final int TCP_KEEPALIVE = 11;
 
-    /** EDNS(0) Padding Option, RFC 7830 */
+    /**
+     * EDNS(0) Padding Option.
+     *
+     * @see <a href="https://datatracker.ietf.org/doc/html/rfc7830/">RFC 7830</a>
+     */
     public static final int PADDING = 12;
 
-    /** CHAIN Query Requests in DNS, RFC 7901 */
+    /**
+     * CHAIN Query Requests in DNS.
+     *
+     * @see <a href="https://datatracker.ietf.org/doc/html/rfc7901/">RFC 7901</a>
+     */
     public static final int CHAIN = 13;
 
-    /** Signaling Trust Anchor Knowledge in DNS Security Extensions (DNSSEC), RFC 8145 */
+    /**
+     * Signaling Trust Anchor Knowledge in DNS Security Extensions (DNSSEC).
+     *
+     * @see <a href="https://datatracker.ietf.org/doc/html/rfc8145/">RFC 8145</a>
+     */
     public static final int EDNS_KEY_TAG = 14;
 
-    /** Extended DNS Errors, RFC 8914. */
+    /**
+     * Extended DNS Errors.
+     *
+     * @see <a href="https://datatracker.ietf.org/doc/html/rfc8914/">RFC 8914</a>
+     */
     public static final int EDNS_EXTENDED_ERROR = 15;
 
-    /** DNS EDNS Tags, draft-bellis-dnsop-edns-tags-01 */
+    /**
+     * DNS EDNS Tags.
+     *
+     * @see <a
+     *     href="https://datatracker.ietf.org/doc/html/draft-bellis-dnsop-edns-tags-01">draft-bellis-dnsop-edns-tags-01</a>
+     */
     public static final int EDNS_CLIENT_TAG = 16;
 
-    /** DNS EDNS Tags, draft-bellis-dnsop-edns-tags-01 */
+    /**
+     * DNS EDNS Tags.
+     *
+     * @see <a
+     *     href="https://datatracker.ietf.org/doc/html/draft-bellis-dnsop-edns-tags-01">draft-bellis-dnsop-edns-tags-01</a>
+     */
     public static final int EDNS_SERVER_TAG = 17;
 
+    /**
+     * Report Channel.
+     *
+     * @see <a href="https://datatracker.ietf.org/doc/html/rfc9567/">RFC 9567</a>
+     * @since 3.6
+     */
+    public static final int REPORT_CHANNEL = 18;
+
     private static final Mnemonic codes =
         new Mnemonic("EDNS Option Codes", Mnemonic.CASE_SENSITIVE);
 
@@ -95,6 +171,7 @@ private Code() {}
       codes.add(EDNS_EXTENDED_ERROR, "Extended_DNS_Error");
       codes.add(EDNS_CLIENT_TAG, "EDNS-Client-Tag");
       codes.add(EDNS_SERVER_TAG, "EDNS-Server-Tag");
+      codes.add(REPORT_CHANNEL, "Report-Channel");
     }
 
     /** Converts an EDNS Option Code into its textual representation */
@@ -160,7 +237,8 @@ byte[] getData() {
    * @param in The input stream.
    */
   static EDNSOption fromWire(DNSInput in) throws IOException {
-    int code, length;
+    int code;
+    int length;
 
     code = in.readU16();
     length = in.readU16();
diff --git a/src/main/java/org/xbill/DNS/EmptyRecord.java b/src/main/java/org/xbill/DNS/EmptyRecord.java
index 28bebfee1..0f24109a7 100644
--- a/src/main/java/org/xbill/DNS/EmptyRecord.java
+++ b/src/main/java/org/xbill/DNS/EmptyRecord.java
@@ -13,10 +13,14 @@ class EmptyRecord extends Record {
   EmptyRecord() {}
 
   @Override
-  protected void rrFromWire(DNSInput in) {}
+  protected void rrFromWire(DNSInput in) {
+    // The empty record doesn't have any data to parse
+  }
 
   @Override
-  protected void rdataFromString(Tokenizer st, Name origin) {}
+  protected void rdataFromString(Tokenizer st, Name origin) {
+    // The empty record doesn't have any data to parse
+  }
 
   @Override
   protected String rrToString() {
@@ -24,5 +28,7 @@ protected String rrToString() {
   }
 
   @Override
-  protected void rrToWire(DNSOutput out, Compression c, boolean canonical) {}
+  protected void rrToWire(DNSOutput out, Compression c, boolean canonical) {
+    // The empty record doesn't have any data to write
+  }
 }
diff --git a/src/main/java/org/xbill/DNS/ExtendedErrorCodeOption.java b/src/main/java/org/xbill/DNS/ExtendedErrorCodeOption.java
index d3e12405f..1c40d5714 100644
--- a/src/main/java/org/xbill/DNS/ExtendedErrorCodeOption.java
+++ b/src/main/java/org/xbill/DNS/ExtendedErrorCodeOption.java
@@ -11,32 +11,190 @@
  * @since 3.4
  */
 public class ExtendedErrorCodeOption extends EDNSOption {
+
+  /** The error in question falls into a category that does not match known extended error codes. */
   public static final int OTHER = 0;
+
+  /**
+   * The resolver attempted to perform DNSSEC validation, but a {@link DNSKEYRecord} {@link RRset}
+   * contained only unsupported DNSSEC algorithms.
+   */
   public static final int UNSUPPORTED_DNSKEY_ALGORITHM = 1;
+
+  /**
+   * The resolver attempted to perform DNSSEC validation, but a {@link DSRecord} {@link RRset}
+   * contained only unsupported Digest Types.
+   */
   public static final int UNSUPPORTED_DS_DIGEST_TYPE = 2;
+
+  /**
+   * The resolver was unable to resolve the answer within its time limits and decided to answer with
+   * previously cached data instead of answering with an error.
+   */
   public static final int STALE_ANSWER = 3;
+
+  /**
+   * For policy reasons (legal obligation or malware filtering, for instance), an answer was forged.
+   */
   public static final int FORGED_ANSWER = 4;
+
+  /**
+   * The resolver attempted to perform DNSSEC validation, but validation ended in the Indeterminate
+   * state.
+   *
+   * @see <a href="https://datatracker.ietf.org/doc/html/rfc4035>RFC 4035</a>
+   */
   public static final int DNSSEC_INDETERMINATE = 5;
+
+  /**
+   * The resolver attempted to perform DNSSEC validation, but validation ended in the Bogus state.
+   */
   public static final int DNSSEC_BOGUS = 6;
+
+  /**
+   * The resolver attempted to perform DNSSEC validation, but no signatures are presently valid and
+   * some (often all) are expired.
+   */
   public static final int SIGNATURE_EXPIRED = 7;
+
+  /**
+   * The resolver attempted to perform DNSSEC validation, but no signatures are presently valid and
+   * at least some are not yet valid.
+   */
   public static final int SIGNATURE_NOT_YET_VALID = 8;
+
+  /**
+   * A {@link DSRecord} existed at a parent, but no supported matching {@link DNSKEYRecord} could be
+   * found for the child.
+   */
   public static final int DNSKEY_MISSING = 9;
+
+  /**
+   * The resolver attempted to perform DNSSEC validation, but no {@link RRSIGRecord}s could be found
+   * for at least one {@link RRset} where {@link RRSIGRecord}s were expected.
+   */
   public static final int RRSIGS_MISSING = 10;
+
+  /**
+   * The resolver attempted to perform DNSSEC validation, but no Zone Key Bit was set in a DNSKEY.
+   */
   public static final int NO_ZONE_KEY_BIT_SET = 11;
+
+  /**
+   * The resolver attempted to perform DNSSEC validation, but the requested data was missing and a
+   * covering {@link NSECRecord} or {@link NSEC3Record} was not provided
+   */
   public static final int NSEC_MISSING = 12;
+
+  /** The resolver is returning the {@link Rcode#SERVFAIL} from its cache. */
   public static final int CACHED_ERROR = 13;
+
+  /**
+   * The server is unable to answer the query, as it was not fully functional when the query was
+   * received.
+   */
   public static final int NOT_READY = 14;
+
+  /**
+   * The server is unable to respond to the request because the domain is on a blocklist due to an
+   * internal security policy imposed by the operator of the server resolving or forwarding the
+   * query.
+   */
   public static final int BLOCKED = 15;
+
+  /**
+   * The server is unable to respond to the request because the domain is on a blocklist due to an
+   * external requirement imposed by an entity other than the operator of the server resolving or
+   * forwarding the query.
+   */
   public static final int CENSORED = 16;
+
+  /**
+   * The server is unable to respond to the request because the domain is on a blocklist as
+   * requested by the client.
+   */
   public static final int FILTERED = 17;
+
+  /**
+   * An authoritative server or recursive resolver that receives a query from an "unauthorized"
+   * client can annotate its {@link Rcode#REFUSED} message with this code.
+   */
   public static final int PROHIBITED = 18;
+
+  /**
+   * The resolver was unable to resolve an answer within its configured time limits and decided to
+   * answer with a previously cached {@link Rcode#NXDOMAIN} answer instead of answering with an
+   * error.
+   */
   public static final int STALE_NXDOMAIN_ANSWER = 19;
+
+  /**
+   * Response to a query with the Recursion Desired (RD) bit clear, or when the server is not
+   * configured for recursion (and the query is for a domain for which it is not authoritative).
+   */
   public static final int NOT_AUTHORITATIVE = 20;
+
+  /** The requested operation or query is not supported. */
   public static final int NOT_SUPPORTED = 21;
+
+  /**
+   * The resolver could not reach any of the authoritative name servers (or they potentially refused
+   * to reply).
+   */
   public static final int NO_REACHABLE_AUTHORITY = 22;
+
+  /** An unrecoverable error occurred while communicating with another server. */
   public static final int NETWORK_ERROR = 23;
+
+  /**
+   * The authoritative server cannot answer with data for a zone it is otherwise configured to
+   * support.
+   */
   public static final int INVALID_DATA = 24;
 
+  /**
+   * The signature expired before it started to become valid.
+   *
+   * @since 3.6
+   * @see <a href="https://github.com/NLnetLabs/unbound/pull/604#discussion_r802678343">Unbound
+   *     PR#604</a>
+   */
+  public static final int SIGNATURE_EXPIRED_BEFORE_VALID = 25;
+
+  /**
+   * DNS over QUIC session resumption error.
+   *
+   * @since 3.6
+   * @see <a href="https://datatracker.ietf.org/doc/html/rfc9250#section-4.5-3">RFC 9250, 4.5</a>
+   */
+  public static final int TOO_EARLY = 26;
+
+  /**
+   * The NSEC3 iterations value is not supported.
+   *
+   * @since 3.6
+   * @see <a href="https://datatracker.ietf.org/doc/html/rfc9276#section-3.2">RFC 9276, 3.2</a>
+   */
+  public static final int UNSUPPORTED_NSEC3_ITERATIONS_VALUE = 27;
+
+  /**
+   * Unable to conform to policy.
+   *
+   * @since 3.6
+   * @see <a
+   *     href="https://datatracker.ietf.org/doc/draft-homburg-dnsop-codcp/01/">draft-homburg-dnsop-codcp-01</a>
+   */
+  public static final int UNABLE_TO_CONFORM_TO_POLICY = 28;
+
+  /**
+   * Result synthesized from aggressive NSEC cache.
+   *
+   * @since 3.6
+   * @see <a href="https://github.com/PowerDNS/pdns/pull/12334">PowerDNS PR#12334</a>
+   * @see <a href="https://datatracker.ietf.org/doc/html/rfc8198">RFC 8198</a>
+   */
+  public static final int SYNTHESIZED = 29;
+
   @Getter private int errorCode;
   @Getter private String text;
 
@@ -46,31 +204,54 @@ public class ExtendedErrorCodeOption extends EDNSOption {
   static {
     codes.setMaximum(0xFFFF);
     codes.setPrefix("EDE");
-    codes.add(OTHER, "Other");
-    codes.add(UNSUPPORTED_DNSKEY_ALGORITHM, "Unsupported DNSKEY Algorithm");
-    codes.add(UNSUPPORTED_DS_DIGEST_TYPE, "Unsupported DS Digest Type");
-    codes.add(STALE_ANSWER, "Stale Answer");
-    codes.add(FORGED_ANSWER, "Forged Answer");
-    codes.add(DNSSEC_INDETERMINATE, "DNSSEC Indeterminate");
-    codes.add(DNSSEC_BOGUS, "DNSSEC Bogus");
-    codes.add(SIGNATURE_EXPIRED, "Signature Expired");
-    codes.add(SIGNATURE_NOT_YET_VALID, "Signature Not Yet Valid");
-    codes.add(DNSKEY_MISSING, "DNSKEY Missing");
-    codes.add(RRSIGS_MISSING, "RRSIGs Missing");
-    codes.add(NO_ZONE_KEY_BIT_SET, "No Zone Key Bit Set");
-    codes.add(NSEC_MISSING, "NSEC Missing");
-    codes.add(CACHED_ERROR, "Cached Error");
-    codes.add(NOT_READY, "Not Ready");
-    codes.add(BLOCKED, "Blocked");
-    codes.add(CENSORED, "Censored");
-    codes.add(FILTERED, "Filtered");
-    codes.add(PROHIBITED, "Prohibited");
-    codes.add(STALE_NXDOMAIN_ANSWER, "Stale NXDOMAIN Answer");
-    codes.add(NOT_AUTHORITATIVE, "Not Authoritative");
-    codes.add(NOT_SUPPORTED, "Not Supported");
-    codes.add(NO_REACHABLE_AUTHORITY, "No Reachable Authority");
-    codes.add(NETWORK_ERROR, "Network Error");
-    codes.add(INVALID_DATA, "Invalid Data");
+    codes.add(OTHER, "OTHER");
+    codes.add(UNSUPPORTED_DNSKEY_ALGORITHM, "UNSUPPORTED_DNSKEY_ALGORITHM");
+    codes.add(UNSUPPORTED_DS_DIGEST_TYPE, "UNSUPPORTED_DS_DIGEST_TYPE");
+    codes.add(STALE_ANSWER, "STALE_ANSWER");
+    codes.add(FORGED_ANSWER, "FORGED_ANSWER");
+    codes.add(DNSSEC_INDETERMINATE, "DNSSEC_INDETERMINATE");
+    codes.add(DNSSEC_BOGUS, "DNSSEC_BOGUS");
+    codes.add(SIGNATURE_EXPIRED, "SIGNATURE_EXPIRED");
+    codes.add(SIGNATURE_NOT_YET_VALID, "SIGNATURE_NOT_YET_VALID");
+    codes.add(DNSKEY_MISSING, "DNSKEY_MISSING");
+    codes.add(RRSIGS_MISSING, "RRSIGS_MISSING");
+    codes.add(NO_ZONE_KEY_BIT_SET, "NO_ZONE_KEY_BIT_SET");
+    codes.add(NSEC_MISSING, "NSEC_MISSING");
+    codes.add(CACHED_ERROR, "CACHED_ERROR");
+    codes.add(NOT_READY, "NOT_READY");
+    codes.add(BLOCKED, "BLOCKED");
+    codes.add(CENSORED, "CENSORED");
+    codes.add(FILTERED, "FILTERED");
+    codes.add(PROHIBITED, "PROHIBITED");
+    codes.add(STALE_NXDOMAIN_ANSWER, "STALE_NXDOMAIN_ANSWER");
+    codes.add(NOT_AUTHORITATIVE, "NOT_AUTHORITATIVE");
+    codes.add(NOT_SUPPORTED, "NOT_SUPPORTED");
+    codes.add(NO_REACHABLE_AUTHORITY, "NO_REACHABLE_AUTHORITY");
+    codes.add(NETWORK_ERROR, "NETWORK_ERROR");
+    codes.add(INVALID_DATA, "INVALID_DATA");
+    codes.add(SIGNATURE_EXPIRED_BEFORE_VALID, "SIGNATURE_EXPIRED_BEFORE_VALID");
+    codes.add(TOO_EARLY, "TOO_EARLY");
+    codes.add(UNSUPPORTED_NSEC3_ITERATIONS_VALUE, "UNSUPPORTED_NSEC3_ITERATIONS_VALUE");
+    codes.add(UNABLE_TO_CONFORM_TO_POLICY, "UNABLE_TO_CONFORM_TO_POLICY");
+    codes.add(SYNTHESIZED, "SYNTHESIZED");
+  }
+
+  /**
+   * Gets the text mnemonic corresponding to an EDE value.
+   *
+   * @since 3.5
+   */
+  public static String text(int code) {
+    return codes.getText(code);
+  }
+
+  /**
+   * Gets the numeric value corresponding to an EDE text mnemonic.
+   *
+   * @since 3.5
+   */
+  public static int code(String text) {
+    return codes.getValue(text);
   }
 
   /** Creates an extended error code EDNS option. */
@@ -118,7 +299,7 @@ void optionFromWire(DNSInput in) throws IOException {
   @Override
   void optionToWire(DNSOutput out) {
     out.writeU16(errorCode);
-    if (text != null && text.length() > 0) {
+    if (text != null && !text.isEmpty()) {
       out.writeByteArray(text.getBytes(StandardCharsets.UTF_8));
     }
   }
diff --git a/src/main/java/org/xbill/DNS/Flags.java b/src/main/java/org/xbill/DNS/Flags.java
index d76c539c1..d71c5c337 100644
--- a/src/main/java/org/xbill/DNS/Flags.java
+++ b/src/main/java/org/xbill/DNS/Flags.java
@@ -10,7 +10,7 @@
  */
 public final class Flags {
 
-  private static final Mnemonic flags = new Mnemonic("DNS Header Flag", Mnemonic.CASE_LOWER);
+  private static final Mnemonic HEADER_FLAGS = new Mnemonic("DNS Header Flag", Mnemonic.CASE_LOWER);
 
   /** query/response */
   public static final byte QR = 0;
@@ -37,29 +37,29 @@ public final class Flags {
   public static final int DO = ExtendedFlags.DO;
 
   static {
-    flags.setMaximum(0xF);
-    flags.setPrefix("FLAG");
-    flags.setNumericAllowed(true);
-
-    flags.add(QR, "qr");
-    flags.add(AA, "aa");
-    flags.add(TC, "tc");
-    flags.add(RD, "rd");
-    flags.add(RA, "ra");
-    flags.add(AD, "ad");
-    flags.add(CD, "cd");
+    HEADER_FLAGS.setMaximum(0xF);
+    HEADER_FLAGS.setPrefix("FLAG");
+    HEADER_FLAGS.setNumericAllowed(true);
+
+    HEADER_FLAGS.add(QR, "qr");
+    HEADER_FLAGS.add(AA, "aa");
+    HEADER_FLAGS.add(TC, "tc");
+    HEADER_FLAGS.add(RD, "rd");
+    HEADER_FLAGS.add(RA, "ra");
+    HEADER_FLAGS.add(AD, "ad");
+    HEADER_FLAGS.add(CD, "cd");
   }
 
   private Flags() {}
 
   /** Converts a numeric Flag into a String */
   public static String string(int i) {
-    return flags.getText(i);
+    return HEADER_FLAGS.getText(i);
   }
 
   /** Converts a String representation of an Flag into its numeric value */
   public static int value(String s) {
-    return flags.getValue(s);
+    return HEADER_FLAGS.getValue(s);
   }
 
   /**
@@ -67,7 +67,7 @@ public static int value(String s) {
    * it's not.
    */
   public static boolean isFlag(int index) {
-    flags.check(index);
+    HEADER_FLAGS.check(index);
     return (index < 1 || index > 4) && (index < 12);
   }
 }
diff --git a/src/main/java/org/xbill/DNS/GPOSRecord.java b/src/main/java/org/xbill/DNS/GPOSRecord.java
index 8911b7f46..e9fee7cc9 100644
--- a/src/main/java/org/xbill/DNS/GPOSRecord.java
+++ b/src/main/java/org/xbill/DNS/GPOSRecord.java
@@ -10,11 +10,13 @@
  * limited early version of {@link LOCRecord})
  *
  * @author Brian Wellington
- * @see <a href="https://tools.ietf.org/html/rfc1712">RFC 1712: DNS Encoding of Geographical
- *     Location</a>
+ * @see <a href="https://datatracker.ietf.org/doc/html/rfc1712">RFC 1712: DNS Encoding of
+ *     Geographical Location</a>
  */
 public class GPOSRecord extends Record {
-  private byte[] latitude, longitude, altitude;
+  private byte[] latitude;
+  private byte[] longitude;
+  private byte[] altitude;
 
   GPOSRecord() {}
 
diff --git a/src/main/java/org/xbill/DNS/HINFORecord.java b/src/main/java/org/xbill/DNS/HINFORecord.java
index 6981ee6b9..90b0192b0 100644
--- a/src/main/java/org/xbill/DNS/HINFORecord.java
+++ b/src/main/java/org/xbill/DNS/HINFORecord.java
@@ -9,11 +9,12 @@
  * Host Information - describes the CPU and OS of a host
  *
  * @author Brian Wellington
- * @see <a href="https://tools.ietf.org/html/rfc1035">RFC 1035: Domain Names - Implementation and
- *     Specification</a>
+ * @see <a href="https://datatracker.ietf.org/doc/html/rfc1035">RFC 1035: Domain Names -
+ *     Implementation and Specification</a>
  */
 public class HINFORecord extends Record {
-  private byte[] cpu, os;
+  private byte[] cpu;
+  private byte[] os;
 
   HINFORecord() {}
 
diff --git a/src/main/java/org/xbill/DNS/HIPRecord.java b/src/main/java/org/xbill/DNS/HIPRecord.java
index cf74e2738..257334d90 100644
--- a/src/main/java/org/xbill/DNS/HIPRecord.java
+++ b/src/main/java/org/xbill/DNS/HIPRecord.java
@@ -100,11 +100,11 @@ private static int mapAlgTypeToDnssec(int alg) throws UnsupportedAlgorithmExcept
   @Override
   protected String rrToString() {
     StringBuilder sb = new StringBuilder();
-    if (Options.check("multiline")) {
+    if (Options.multiline()) {
       sb.append("( ");
     }
 
-    String separator = Options.check("multiline") ? "\n\t" : " ";
+    String separator = Options.multiline() ? "\n\t" : " ";
     sb.append(pkAlgorithm);
     sb.append(" ");
     sb.append(base16.toString(hit));
@@ -116,7 +116,7 @@ protected String rrToString() {
     }
 
     sb.append(rvServers.stream().map(Name::toString).collect(Collectors.joining(separator)));
-    if (Options.check("multiline")) {
+    if (Options.multiline()) {
       sb.append(" )");
     }
 
@@ -130,7 +130,7 @@ protected void rdataFromString(Tokenizer st, Name origin) throws IOException {
     publicKey = base64.fromString(st.getString());
     Token t;
     while ((t = st.get()).isString()) {
-      rvServers.add(new Name(t.value));
+      rvServers.add(new Name(t.value()));
     }
   }
 
diff --git a/src/main/java/org/xbill/DNS/HTTPSRecord.java b/src/main/java/org/xbill/DNS/HTTPSRecord.java
index 56659f482..785401c4c 100644
--- a/src/main/java/org/xbill/DNS/HTTPSRecord.java
+++ b/src/main/java/org/xbill/DNS/HTTPSRecord.java
@@ -4,11 +4,10 @@
 import java.util.List;
 
 /**
- * HTTPS Service Location and Parameter Binding Record
+ * HTTPS Service Location and Parameter Binding Record.
  *
- * @see <a
- *     href="https://tools.ietf.org/html/draft-ietf-dnsop-svcb-https-06">draft-ietf-dnsop-svcb-https</a>
  * @since 3.3
+ * @see <a href="https://datatracker.ietf.org/doc/html/rfc9460">RFC 9460</a>
  */
 public class HTTPSRecord extends SVCBBase {
   HTTPSRecord() {}
diff --git a/src/main/java/org/xbill/DNS/Header.java b/src/main/java/org/xbill/DNS/Header.java
index 8cc21c965..5f7dd421a 100644
--- a/src/main/java/org/xbill/DNS/Header.java
+++ b/src/main/java/org/xbill/DNS/Header.java
@@ -31,7 +31,7 @@ public class Header implements Cloneable {
    * @param id The message id
    */
   public Header(int id) {
-    if (id < 0 || id > 0xffff) {
+    if (!Utils.isUInt16(id)) {
       throw new IllegalArgumentException("DNS message ID " + id + " is out of range");
     }
     counts = new int[4];
@@ -97,6 +97,13 @@ static int setFlag(int flags, int bit, boolean value) {
     }
   }
 
+  static boolean getFlag(int flags, int bit) {
+    checkFlag(bit);
+
+    // bits are indexed from left to right
+    return (flags & (1 << (15 - bit))) != 0;
+  }
+
   /**
    * Sets a flag to the supplied value
    *
@@ -123,9 +130,7 @@ public void unsetFlag(int bit) {
    * @see Flags
    */
   public boolean getFlag(int bit) {
-    checkFlag(bit);
-    // bits are indexed from left to right
-    return (flags & (1 << (15 - bit))) != 0;
+    return getFlag(flags, bit);
   }
 
   boolean[] getFlags() {
@@ -145,7 +150,7 @@ public int getID() {
 
   /** Sets the message ID */
   public void setID(int id) {
-    if (id < 0 || id > 0xffff) {
+    if (!Utils.isUInt16(id)) {
       throw new IllegalArgumentException("DNS message ID " + id + " is out of range");
     }
     this.id = id;
@@ -196,7 +201,7 @@ public int getOpcode() {
   }
 
   void setCount(int field, int value) {
-    if (value < 0 || value > 0xFFFF) {
+    if (!Utils.isUInt16(value)) {
       throw new IllegalArgumentException("DNS section count " + value + " is out of range");
     }
     counts[field] = value;
diff --git a/src/main/java/org/xbill/DNS/IPAddressUtils.java b/src/main/java/org/xbill/DNS/IPAddressUtils.java
new file mode 100644
index 000000000..8f0aac23c
--- /dev/null
+++ b/src/main/java/org/xbill/DNS/IPAddressUtils.java
@@ -0,0 +1,165 @@
+// SPDX-License-Identifier: BSD-3-Clause
+package org.xbill.DNS;
+
+import lombok.experimental.UtilityClass;
+
+@UtilityClass
+@SuppressWarnings({"java:S115", "java:S1168"})
+class IPAddressUtils {
+  static final int IPv4 = 1;
+  static final int IPv6 = 2;
+
+  static byte[] parseV4(String s) {
+    int numDigits;
+    int currentOctet;
+    byte[] values = new byte[4];
+    int currentValue;
+    int length = s.length();
+
+    currentOctet = 0;
+    currentValue = 0;
+    numDigits = 0;
+    for (int i = 0; i < length; i++) {
+      char c = s.charAt(i);
+      if (c >= '0' && c <= '9') {
+        /* Can't have more than 3 digits per octet. */
+        if (numDigits == 3) {
+          return null;
+        }
+        /* Octets shouldn't start with 0, unless they are 0. */
+        if (numDigits > 0 && currentValue == 0) {
+          return null;
+        }
+        numDigits++;
+        currentValue *= 10;
+        currentValue += c - '0';
+        /* 255 is the maximum value for an octet. */
+        if (currentValue > 255) {
+          return null;
+        }
+      } else if (c == '.') {
+        /* Can't have more than 3 dots. */
+        if (currentOctet == 3) {
+          return null;
+        }
+        /* Two consecutive dots are bad. */
+        if (numDigits == 0) {
+          return null;
+        }
+        values[currentOctet++] = (byte) currentValue;
+        currentValue = 0;
+        numDigits = 0;
+      } else {
+        return null;
+      }
+    }
+    /* Must have 4 octets. */
+    if (currentOctet != 3) {
+      return null;
+    }
+    /* The fourth octet can't be empty. */
+    if (numDigits == 0) {
+      return null;
+    }
+    values[currentOctet] = (byte) currentValue;
+    return values;
+  }
+
+  static byte[] parseV6(String s) {
+    int range = -1;
+    byte[] data = new byte[16];
+
+    String[] tokens = s.split(":", -1);
+
+    int first = 0;
+    int last = tokens.length - 1;
+
+    if (tokens[0].isEmpty()) {
+      // If the first two tokens are empty, it means the string
+      // started with ::, which is fine.  If only the first is
+      // empty, the string started with :, which is bad.
+      if (last - first > 0 && tokens[1].isEmpty()) {
+        first++;
+      } else {
+        return null;
+      }
+    }
+
+    if (tokens[last].isEmpty()) {
+      // If the last two tokens are empty, it means the string
+      // ended with ::, which is fine.  If only the last is
+      // empty, the string ended with :, which is bad.
+      if (last - first > 0 && tokens[last - 1].isEmpty()) {
+        last--;
+      } else {
+        return null;
+      }
+    }
+
+    if (last - first + 1 > 8) {
+      return null;
+    }
+
+    int i;
+    int j;
+    for (i = first, j = 0; i <= last; i++) {
+      if (tokens[i].isEmpty()) {
+        if (range >= 0) {
+          return null;
+        }
+        range = j;
+        continue;
+      }
+
+      if (tokens[i].indexOf('.') >= 0) {
+        // An IPv4 address must be the last component
+        if (i < last) {
+          return null;
+        }
+        // There can't have been more than 6 components.
+        if (i > 6) {
+          return null;
+        }
+        byte[] v4addr = Address.toByteArray(tokens[i], Address.IPv4);
+        if (v4addr == null) {
+          return null;
+        }
+        for (int k = 0; k < 4; k++) {
+          data[j++] = v4addr[k];
+        }
+        break;
+      }
+
+      try {
+        for (int k = 0; k < tokens[i].length(); k++) {
+          char c = tokens[i].charAt(k);
+          if (Character.digit(c, 16) < 0) {
+            return null;
+          }
+        }
+        int x = Integer.parseInt(tokens[i], 16);
+        if (!Utils.isUInt16(x)) {
+          return null;
+        }
+        data[j++] = (byte) (x >>> 8);
+        data[j++] = (byte) (x & 0xFF);
+      } catch (NumberFormatException e) {
+        return null;
+      }
+    }
+
+    if (j < 16 && range < 0) {
+      return null;
+    }
+
+    if (range >= 0) {
+      int empty = 16 - j;
+      System.arraycopy(data, range, data, range + empty, j - range);
+      for (i = range; i < range + empty; i++) {
+        data[i] = 0;
+      }
+    }
+
+    return data;
+  }
+}
diff --git a/src/main/java/org/xbill/DNS/IPSECKEYRecord.java b/src/main/java/org/xbill/DNS/IPSECKEYRecord.java
index 5a2439d5b..59c5be20f 100644
--- a/src/main/java/org/xbill/DNS/IPSECKEYRecord.java
+++ b/src/main/java/org/xbill/DNS/IPSECKEYRecord.java
@@ -12,8 +12,8 @@
  * IPsec Keying Material (RFC 4025)
  *
  * @author Brian Wellington
- * @see <a href="https://tools.ietf.org/html/rfc4025">RFC 4025: A Method for Storing IPsec Keying
- *     Material in DNS</a>
+ * @see <a href="https://datatracker.ietf.org/doc/html/rfc4025">RFC 4025: A Method for Storing IPsec
+ *     Keying Material in DNS</a>
  */
 public class IPSECKEYRecord extends Record {
   /**
@@ -24,13 +24,25 @@ public class IPSECKEYRecord extends Record {
   public static class Algorithm {
     private Algorithm() {}
 
-    /** A DSA key is present, in the format defined in [RFC2536] */
+    /**
+     * A DSA key is present.
+     *
+     * @see <a href="https://datatracker.ietf.org/doc/html/rfc2536">RFC 2536</a>
+     */
     public static final int DSA = 1;
 
-    /** A RSA key is present, in the format defined in [RFC3110] */
+    /**
+     * A RSA key is present.
+     *
+     * @see <a href="https://datatracker.ietf.org/doc/html/rfc3110">RFC 3110</a>
+     */
     public static final int RSA = 2;
 
-    /** An ECDSA key is present, in the format defined in [RFC6605] */
+    /**
+     * An ECDSA key is present.
+     *
+     * @see <a href="https://datatracker.ietf.org/doc/html/rfc6605">RFC 6605</a>
+     */
     public static final int ECDSA = 3;
   }
 
diff --git a/src/main/java/org/xbill/DNS/ISDNRecord.java b/src/main/java/org/xbill/DNS/ISDNRecord.java
index 8f0ff9234..4e2757425 100644
--- a/src/main/java/org/xbill/DNS/ISDNRecord.java
+++ b/src/main/java/org/xbill/DNS/ISDNRecord.java
@@ -9,7 +9,7 @@
  * ISDN - identifies the ISDN number and subaddress associated with a name.
  *
  * @author Brian Wellington
- * @see <a href="https://tools.ietf.org/html/rfc1183">RFC 1183: New DNS RR Definitions</a>
+ * @see <a href="https://datatracker.ietf.org/doc/html/rfc1183">RFC 1183: New DNS RR Definitions</a>
  */
 public class ISDNRecord extends Record {
   private byte[] address;
@@ -50,7 +50,7 @@ protected void rdataFromString(Tokenizer st, Name origin) throws IOException {
       address = byteArrayFromString(st.getString());
       Tokenizer.Token t = st.get();
       if (t.isString()) {
-        subAddress = byteArrayFromString(t.value);
+        subAddress = byteArrayFromString(t.value());
       } else {
         st.unget();
       }
diff --git a/src/main/java/org/xbill/DNS/KEYBase.java b/src/main/java/org/xbill/DNS/KEYBase.java
index cc50ecb5a..fce471302 100644
--- a/src/main/java/org/xbill/DNS/KEYBase.java
+++ b/src/main/java/org/xbill/DNS/KEYBase.java
@@ -13,14 +13,16 @@
  * @author Brian Wellington
  */
 abstract class KEYBase extends Record {
-  protected int flags, proto, alg;
+  protected int flags;
+  protected int proto;
+  protected int alg;
   protected byte[] key;
   protected int footprint = -1;
   protected PublicKey publicKey = null;
 
   protected KEYBase() {}
 
-  public KEYBase(
+  protected KEYBase(
       Name name, int type, int dclass, long ttl, int flags, int proto, int alg, byte[] key) {
     super(name, type, dclass, ttl);
     this.flags = checkU16("flags", flags);
@@ -49,7 +51,7 @@ protected String rrToString() {
     sb.append(" ");
     sb.append(alg);
     if (key != null) {
-      if (Options.check("multiline")) {
+      if (Options.multiline()) {
         sb.append(" (\n");
         sb.append(base64.formatString(key, 64, "\t", true));
         sb.append(" ; key_tag = ");
diff --git a/src/main/java/org/xbill/DNS/KEYRecord.java b/src/main/java/org/xbill/DNS/KEYRecord.java
index f5b40cb2e..83570866d 100644
--- a/src/main/java/org/xbill/DNS/KEYRecord.java
+++ b/src/main/java/org/xbill/DNS/KEYRecord.java
@@ -14,10 +14,10 @@
  * @see DNSSEC
  * @see DNSKEYRecord
  * @author Brian Wellington
- * @see <a href="https://tools.ietf.org/html/rfc2535">RFC 2535: Domain Name System Security
- *     Extensions</a>
- * @see <a href="https://tools.ietf.org/html/rfc3755">RFC 3755: Legacy Resolver Compatibility for
- *     Delegation Signer (DS)</a>
+ * @see <a href="https://datatracker.ietf.org/doc/html/rfc2535">RFC 2535: Domain Name System
+ *     Security Extensions</a>
+ * @see <a href="https://datatracker.ietf.org/doc/html/rfc3755">RFC 3755: Legacy Resolver
+ *     Compatibility for Delegation Signer (DS)</a>
  */
 public class KEYRecord extends KEYBase {
   /** KEY protocol identifiers. */
@@ -178,43 +178,43 @@ private Flags() {}
     /** Signatory value 15 */
     public static final int SIG15 = 15;
 
-    private static final Mnemonic flags = new Mnemonic("KEY flags", Mnemonic.CASE_UPPER);
+    private static final Mnemonic KEY_FLAGS = new Mnemonic("KEY flags", Mnemonic.CASE_UPPER);
 
     static {
-      flags.setMaximum(0xFFFF);
-      flags.setNumericAllowed(false);
-
-      flags.add(NOCONF, "NOCONF");
-      flags.add(NOAUTH, "NOAUTH");
-      flags.add(NOKEY, "NOKEY");
-      flags.add(FLAG2, "FLAG2");
-      flags.add(EXTEND, "EXTEND");
-      flags.add(FLAG4, "FLAG4");
-      flags.add(FLAG5, "FLAG5");
-      flags.add(USER, "USER");
-      flags.add(ZONE, "ZONE");
-      flags.add(HOST, "HOST");
-      flags.add(NTYP3, "NTYP3");
-      flags.add(FLAG8, "FLAG8");
-      flags.add(FLAG9, "FLAG9");
-      flags.add(FLAG10, "FLAG10");
-      flags.add(FLAG11, "FLAG11");
-      flags.add(SIG0, "SIG0");
-      flags.add(SIG1, "SIG1");
-      flags.add(SIG2, "SIG2");
-      flags.add(SIG3, "SIG3");
-      flags.add(SIG4, "SIG4");
-      flags.add(SIG5, "SIG5");
-      flags.add(SIG6, "SIG6");
-      flags.add(SIG7, "SIG7");
-      flags.add(SIG8, "SIG8");
-      flags.add(SIG9, "SIG9");
-      flags.add(SIG10, "SIG10");
-      flags.add(SIG11, "SIG11");
-      flags.add(SIG12, "SIG12");
-      flags.add(SIG13, "SIG13");
-      flags.add(SIG14, "SIG14");
-      flags.add(SIG15, "SIG15");
+      KEY_FLAGS.setMaximum(0xFFFF);
+      KEY_FLAGS.setNumericAllowed(false);
+
+      KEY_FLAGS.add(NOCONF, "NOCONF");
+      KEY_FLAGS.add(NOAUTH, "NOAUTH");
+      KEY_FLAGS.add(NOKEY, "NOKEY");
+      KEY_FLAGS.add(FLAG2, "FLAG2");
+      KEY_FLAGS.add(EXTEND, "EXTEND");
+      KEY_FLAGS.add(FLAG4, "FLAG4");
+      KEY_FLAGS.add(FLAG5, "FLAG5");
+      KEY_FLAGS.add(USER, "USER");
+      KEY_FLAGS.add(ZONE, "ZONE");
+      KEY_FLAGS.add(HOST, "HOST");
+      KEY_FLAGS.add(NTYP3, "NTYP3");
+      KEY_FLAGS.add(FLAG8, "FLAG8");
+      KEY_FLAGS.add(FLAG9, "FLAG9");
+      KEY_FLAGS.add(FLAG10, "FLAG10");
+      KEY_FLAGS.add(FLAG11, "FLAG11");
+      KEY_FLAGS.add(SIG0, "SIG0");
+      KEY_FLAGS.add(SIG1, "SIG1");
+      KEY_FLAGS.add(SIG2, "SIG2");
+      KEY_FLAGS.add(SIG3, "SIG3");
+      KEY_FLAGS.add(SIG4, "SIG4");
+      KEY_FLAGS.add(SIG5, "SIG5");
+      KEY_FLAGS.add(SIG6, "SIG6");
+      KEY_FLAGS.add(SIG7, "SIG7");
+      KEY_FLAGS.add(SIG8, "SIG8");
+      KEY_FLAGS.add(SIG9, "SIG9");
+      KEY_FLAGS.add(SIG10, "SIG10");
+      KEY_FLAGS.add(SIG11, "SIG11");
+      KEY_FLAGS.add(SIG12, "SIG12");
+      KEY_FLAGS.add(SIG13, "SIG13");
+      KEY_FLAGS.add(SIG14, "SIG14");
+      KEY_FLAGS.add(SIG15, "SIG15");
     }
 
     /**
@@ -228,16 +228,17 @@ public static int value(String s) {
       int value;
       try {
         value = Integer.parseInt(s);
-        if (value >= 0 && value <= 0xFFFF) {
+        if (Utils.isUInt16(value)) {
           return value;
         }
         return -1;
       } catch (NumberFormatException e) {
+        // Ignore
       }
       StringTokenizer st = new StringTokenizer(s, "|");
       value = 0;
       while (st.hasMoreTokens()) {
-        int val = flags.getValue(st.nextToken());
+        int val = KEY_FLAGS.getValue(st.nextToken());
         if (val < 0) {
           return -1;
         }
diff --git a/src/main/java/org/xbill/DNS/KXRecord.java b/src/main/java/org/xbill/DNS/KXRecord.java
index 5918bfaec..7ea5cf9f6 100644
--- a/src/main/java/org/xbill/DNS/KXRecord.java
+++ b/src/main/java/org/xbill/DNS/KXRecord.java
@@ -7,8 +7,8 @@
  * Key Exchange - delegation of authority
  *
  * @author Brian Wellington
- * @see <a href="https://tools.ietf.org/html/rfc2230">RFC 2230: Key Exchange Delegation Record for
- *     the DNS</a>
+ * @see <a href="https://datatracker.ietf.org/doc/html/rfc2230">RFC 2230: Key Exchange Delegation
+ *     Record for the DNS</a>
  */
 public class KXRecord extends U16NameBase {
   KXRecord() {}
diff --git a/src/main/java/org/xbill/DNS/LOCRecord.java b/src/main/java/org/xbill/DNS/LOCRecord.java
index 4838bf195..ca51dbb63 100644
--- a/src/main/java/org/xbill/DNS/LOCRecord.java
+++ b/src/main/java/org/xbill/DNS/LOCRecord.java
@@ -11,14 +11,18 @@
  * Location - describes the physical location of hosts, networks, subnets.
  *
  * @author Brian Wellington
- * @see <a href="https://tools.ietf.org/html/rfc1876">RFC 1876: A Means for Expressing Location
- *     Information in the Domain Name System</a>
+ * @see <a href="https://datatracker.ietf.org/doc/html/rfc1876">RFC 1876: A Means for Expressing
+ *     Location Information in the Domain Name System</a>
  */
 public class LOCRecord extends Record {
   private static final NumberFormat w2;
   private static final NumberFormat w3;
-  private long size, hPrecision, vPrecision;
-  private long latitude, longitude, altitude;
+  private long size;
+  private long hPrecision;
+  private long vPrecision;
+  private long latitude;
+  private long longitude;
+  private long altitude;
 
   static {
     w2 = new DecimalFormat();
@@ -95,7 +99,8 @@ private double parseFixedPoint(String s) {
 
   private long parsePosition(Tokenizer st, String type) throws IOException {
     boolean isLatitude = type.equals("latitude");
-    int deg, min = 0;
+    int deg;
+    int min = 0;
     double sec = 0;
     long value;
     String s;
@@ -149,7 +154,7 @@ private long parseDouble(
       st.unget();
       return defaultValue;
     }
-    String s = token.value;
+    String s = token.value();
     if (s.length() > 1 && s.charAt(s.length() - 1) == 'm') {
       s = s.substring(0, s.length() - 1);
     }
diff --git a/src/main/java/org/xbill/DNS/Lookup.java b/src/main/java/org/xbill/DNS/Lookup.java
index b8b27cdf6..6a7ae8fb2 100644
--- a/src/main/java/org/xbill/DNS/Lookup.java
+++ b/src/main/java/org/xbill/DNS/Lookup.java
@@ -8,6 +8,7 @@
 import java.net.InetAddress;
 import java.util.ArrayList;
 import java.util.Arrays;
+import java.util.Collections;
 import java.util.HashMap;
 import java.util.List;
 import java.util.Map;
@@ -43,7 +44,7 @@
 public final class Lookup {
 
   private static Resolver defaultResolver;
-  private static List<Name> defaultSearchPath;
+  private static List<Name> defaultSearchPath = Collections.emptyList();
   private static Map<Integer, Cache> defaultCaches;
   private static int defaultNdots;
   private static HostsFileParser defaultHostsFileParser;
@@ -52,7 +53,7 @@ public final class Lookup {
   private List<Name> searchPath;
   private int ndots;
   private Cache cache;
-  private boolean temporary_cache;
+  private boolean temporaryCache;
   private int credibility;
   private final Name name;
   private final int type;
@@ -67,7 +68,7 @@ public final class Lookup {
   private String error;
   private boolean nxdomain;
   private boolean badresponse;
-  private String badresponse_error;
+  private String badresponseError;
   private boolean networkerror;
   private boolean timedout;
   private boolean nametoolong;
@@ -173,6 +174,11 @@ public static synchronized List<Name> getDefaultSearchPath() {
    *     made absolute.
    */
   public static synchronized void setDefaultSearchPath(List<Name> domains) {
+    if (domains == null) {
+      defaultSearchPath = Collections.emptyList();
+      return;
+    }
+
     defaultSearchPath = convertSearchPathDomainList(domains);
   }
 
@@ -184,6 +190,11 @@ public static synchronized void setDefaultSearchPath(List<Name> domains) {
    *     made absolute.
    */
   public static synchronized void setDefaultSearchPath(Name... domains) {
+    if (domains == null) {
+      defaultSearchPath = Collections.emptyList();
+      return;
+    }
+
     setDefaultSearchPath(Arrays.asList(domains));
   }
 
@@ -196,16 +207,16 @@ public static synchronized void setDefaultSearchPath(Name... domains) {
   public static synchronized void setDefaultSearchPath(String... domains)
       throws TextParseException {
     if (domains == null) {
-      defaultSearchPath = null;
+      defaultSearchPath = Collections.emptyList();
       return;
     }
 
-    List<Name> newdomains = new ArrayList<>(domains.length);
+    List<Name> newDomains = new ArrayList<>(domains.length);
     for (String domain : domains) {
-      newdomains.add(Name.fromString(domain, Name.root));
+      newDomains.add(Name.fromString(domain, Name.root));
     }
 
-    defaultSearchPath = newdomains;
+    defaultSearchPath = newDomains;
   }
 
   /**
@@ -248,7 +259,8 @@ private static List<Name> convertSearchPathDomainList(List<Name> domains) {
   }
 
   /**
-   * Sets a custom logger that will be used to log the sent and received packets.
+   * Sets a custom logger that will be used to log the sent and received packets. This is only
+   * applicable to the default I/O implementations.
    *
    * @param logger The logger
    */
@@ -267,12 +279,12 @@ private void reset() {
     error = null;
     nxdomain = false;
     badresponse = false;
-    badresponse_error = null;
+    badresponseError = null;
     networkerror = false;
     timedout = false;
     nametoolong = false;
     referral = false;
-    if (temporary_cache) {
+    if (temporaryCache) {
       cache.clearCache();
     }
   }
@@ -394,6 +406,11 @@ public void setResolver(Resolver resolver) {
    *     made absolute.
    */
   public void setSearchPath(List<Name> domains) {
+    if (domains == null) {
+      this.searchPath = Collections.emptyList();
+      return;
+    }
+
     this.searchPath = convertSearchPathDomainList(domains);
   }
 
@@ -405,6 +422,11 @@ public void setSearchPath(List<Name> domains) {
    *     made absolute.
    */
   public void setSearchPath(Name... domains) {
+    if (domains == null) {
+      this.searchPath = Collections.emptyList();
+      return;
+    }
+
     setSearchPath(Arrays.asList(domains));
   }
 
@@ -416,15 +438,16 @@ public void setSearchPath(Name... domains) {
    */
   public void setSearchPath(String... domains) throws TextParseException {
     if (domains == null) {
-      this.searchPath = null;
+      this.searchPath = Collections.emptyList();
       return;
     }
 
-    List<Name> newdomains = new ArrayList<>(domains.length);
+    List<Name> newDomains = new ArrayList<>(domains.length);
     for (String domain : domains) {
-      newdomains.add(Name.fromString(domain, Name.root));
+      newDomains.add(Name.fromString(domain, Name.root));
     }
-    this.searchPath = newdomains;
+
+    this.searchPath = newDomains;
   }
 
   /**
@@ -432,14 +455,20 @@ public void setSearchPath(String... domains) throws TextParseException {
    * results of this lookup should not be permanently cached, null can be provided here.
    *
    * @param cache The cache to use.
+   * @throws IllegalArgumentException If the DClass of the cache doesn't match this Lookup's DClass.
    */
   public void setCache(Cache cache) {
     if (cache == null) {
       this.cache = new Cache(dclass);
-      this.temporary_cache = true;
+      this.temporaryCache = true;
     } else {
+      if (cache.getDClass() != dclass) {
+        throw new IllegalArgumentException(
+            "DClass of cache doesn't match DClass of this Lookup instance");
+      }
+
       this.cache = cache;
-      this.temporary_cache = false;
+      this.temporaryCache = false;
     }
   }
 
@@ -570,7 +599,7 @@ private void lookup(Name current) {
     Message query = Message.newQuery(question);
     Message response;
     try {
-      response = resolver.send(query);
+      response = resolver.send(query).normalize(query);
     } catch (IOException e) {
       log.debug(
           "Lookup for {}/{}, id={} failed using resolver {}",
@@ -593,14 +622,14 @@ private void lookup(Name current) {
       // The server we contacted is broken or otherwise unhelpful.
       // Press on.
       badresponse = true;
-      badresponse_error = Rcode.string(rcode);
+      badresponseError = Rcode.string(rcode);
       return;
     }
 
     if (!query.getQuestion().equals(response.getQuestion())) {
       // The answer doesn't match the question.  That's not good.
       badresponse = true;
-      badresponse_error = "response does not match query";
+      badresponseError = "response does not match query";
       return;
     }
 
@@ -639,18 +668,15 @@ private boolean lookupFromHostsFile(Name current) {
 
   private void resolve(Name current, Name suffix) {
     doneCurrent = false;
-    Name tname;
     if (suffix == null) {
-      tname = current;
+      lookup(current);
     } else {
       try {
-        tname = Name.concatenate(current, suffix);
+        lookup(Name.concatenate(current, suffix));
       } catch (NameTooLongException e) {
         nametoolong = true;
-        return;
       }
     }
-    lookup(tname);
   }
 
   /**
@@ -664,14 +690,14 @@ public Record[] run() {
     }
     if (name.isAbsolute()) {
       resolve(name, null);
-    } else if (searchPath == null) {
-      resolve(name, Name.root);
     } else {
-      if (name.labels() > ndots) {
+      // Save absolute query attempt state to prevent a double absolute lookup
+      boolean absoluteNameAttempted = name.labels() > ndots;
+      if (absoluteNameAttempted) {
         resolve(name, Name.root);
-      }
-      if (done) {
-        return answers;
+        if (done) {
+          return answers;
+        }
       }
 
       for (Name value : searchPath) {
@@ -683,12 +709,15 @@ public Record[] run() {
         }
       }
 
-      resolve(name, Name.root);
+      if (!absoluteNameAttempted) {
+        resolve(name, Name.root);
+      }
     }
+
     if (!done) {
       if (badresponse) {
         result = TRY_AGAIN;
-        error = badresponse_error;
+        error = badresponseError;
         done = true;
       } else if (timedout) {
         result = TRY_AGAIN;
diff --git a/src/main/java/org/xbill/DNS/MBRecord.java b/src/main/java/org/xbill/DNS/MBRecord.java
index 626df3f29..a2fbc91e5 100644
--- a/src/main/java/org/xbill/DNS/MBRecord.java
+++ b/src/main/java/org/xbill/DNS/MBRecord.java
@@ -7,8 +7,8 @@
  * Mailbox Record - specifies a host containing a mailbox.
  *
  * @author Brian Wellington
- * @see <a href="https://tools.ietf.org/html/rfc883">RFC 883: Domain Names - Implementation and
- *     Specification</a>
+ * @see <a href="https://datatracker.ietf.org/doc/html/rfc883">RFC 883: Domain Names -
+ *     Implementation and Specification</a>
  */
 public class MBRecord extends SingleNameBase {
   MBRecord() {}
diff --git a/src/main/java/org/xbill/DNS/MDRecord.java b/src/main/java/org/xbill/DNS/MDRecord.java
index 84077db0f..78c6a18d8 100644
--- a/src/main/java/org/xbill/DNS/MDRecord.java
+++ b/src/main/java/org/xbill/DNS/MDRecord.java
@@ -7,7 +7,7 @@
  * Mail Destination Record - specifies a mail agent which delivers mail for a domain (obsolete)
  *
  * @author Brian Wellington
- * @see <a href="https://tools.ietf.org/html/rfc973">RFC 973: Domain System Changes and
+ * @see <a href="https://datatracker.ietf.org/doc/html/rfc973">RFC 973: Domain System Changes and
  *     Observations</a>
  */
 public class MDRecord extends SingleNameBase {
diff --git a/src/main/java/org/xbill/DNS/MFRecord.java b/src/main/java/org/xbill/DNS/MFRecord.java
index 55828b617..0e0d59c3c 100644
--- a/src/main/java/org/xbill/DNS/MFRecord.java
+++ b/src/main/java/org/xbill/DNS/MFRecord.java
@@ -7,7 +7,7 @@
  * Mail Forwarder Record - specifies a mail agent which forwards mail for a domain (obsolete)
  *
  * @author Brian Wellington
- * @see <a href="https://tools.ietf.org/html/rfc973">RFC 973: Domain System Changes and
+ * @see <a href="https://datatracker.ietf.org/doc/html/rfc973">RFC 973: Domain System Changes and
  *     Observations</a>
  */
 public class MFRecord extends SingleNameBase {
diff --git a/src/main/java/org/xbill/DNS/MGRecord.java b/src/main/java/org/xbill/DNS/MGRecord.java
index 4d0d0fb8c..fd5077b1f 100644
--- a/src/main/java/org/xbill/DNS/MGRecord.java
+++ b/src/main/java/org/xbill/DNS/MGRecord.java
@@ -7,8 +7,8 @@
  * Mail Group Record - specifies a mailbox which is a member of a mail group.
  *
  * @author Brian Wellington
- * @see <a href="https://tools.ietf.org/html/rfc883">RFC 883: Domain Names - Implementation and
- *     Specification</a>
+ * @see <a href="https://datatracker.ietf.org/doc/html/rfc883">RFC 883: Domain Names -
+ *     Implementation and Specification</a>
  */
 public class MGRecord extends SingleNameBase {
   MGRecord() {}
diff --git a/src/main/java/org/xbill/DNS/MINFORecord.java b/src/main/java/org/xbill/DNS/MINFORecord.java
index 242600ffa..a73009548 100644
--- a/src/main/java/org/xbill/DNS/MINFORecord.java
+++ b/src/main/java/org/xbill/DNS/MINFORecord.java
@@ -10,8 +10,8 @@
  * address to receive error messages relating to the mailing list/mailbox.
  *
  * @author Brian Wellington
- * @see <a href="https://tools.ietf.org/html/rfc883">RFC 883: Domain Names - Implementation and
- *     Specification</a>
+ * @see <a href="https://datatracker.ietf.org/doc/html/rfc883">RFC 883: Domain Names -
+ *     Implementation and Specification</a>
  */
 public class MINFORecord extends Record {
   private Name responsibleAddress;
diff --git a/src/main/java/org/xbill/DNS/MRRecord.java b/src/main/java/org/xbill/DNS/MRRecord.java
index 574997efd..68e9f152e 100644
--- a/src/main/java/org/xbill/DNS/MRRecord.java
+++ b/src/main/java/org/xbill/DNS/MRRecord.java
@@ -7,8 +7,8 @@
  * Mailbox Rename Record - specifies a rename of a mailbox.
  *
  * @author Brian Wellington
- * @see <a href="https://tools.ietf.org/html/rfc883">RFC 883: Domain Names - Implementation and
- *     Specification</a>
+ * @see <a href="https://datatracker.ietf.org/doc/html/rfc883">RFC 883: Domain Names -
+ *     Implementation and Specification</a>
  */
 public class MRRecord extends SingleNameBase {
   MRRecord() {}
diff --git a/src/main/java/org/xbill/DNS/MXRecord.java b/src/main/java/org/xbill/DNS/MXRecord.java
index 8a6689f82..f5ec13c7f 100644
--- a/src/main/java/org/xbill/DNS/MXRecord.java
+++ b/src/main/java/org/xbill/DNS/MXRecord.java
@@ -7,10 +7,10 @@
  * Mail Exchange - specifies where mail to a domain is sent
  *
  * @author Brian Wellington
- * @see <a href="https://tools.ietf.org/html/rfc1035">RFC 1035: Domain Names - Implementation and
- *     Specification</a>
- * @see <a href="https://tools.ietf.org/html/rfc7505">RFC 7505: A "Null MX" No Service Resource
- *     Record for Domains That Accept No Mail</a>
+ * @see <a href="https://datatracker.ietf.org/doc/html/rfc1035">RFC 1035: Domain Names -
+ *     Implementation and Specification</a>
+ * @see <a href="https://datatracker.ietf.org/doc/html/rfc7505">RFC 7505: A "Null MX" No Service
+ *     Resource Record for Domains That Accept No Mail</a>
  */
 public class MXRecord extends U16NameBase {
   MXRecord() {}
diff --git a/src/main/java/org/xbill/DNS/Master.java b/src/main/java/org/xbill/DNS/Master.java
index 1cab6ce5d..0c35de146 100644
--- a/src/main/java/org/xbill/DNS/Master.java
+++ b/src/main/java/org/xbill/DNS/Master.java
@@ -124,7 +124,7 @@ private Name parseName(String s, Name origin) throws TextParseException {
 
   private void parseTTLClassAndType() throws IOException {
     String s;
-    boolean seen_class;
+    boolean seenClass;
 
     // This is a bit messy, since any of the following are legal:
     //   class ttl type
@@ -132,11 +132,11 @@ private void parseTTLClassAndType() throws IOException {
     //   class type
     //   ttl type
     //   type
-    seen_class = false;
+    seenClass = false;
     s = st.getString();
     if ((currentDClass = DClass.value(s)) >= 0) {
       s = st.getString();
-      seen_class = true;
+      seenClass = true;
     }
 
     currentTTL = -1;
@@ -151,7 +151,7 @@ private void parseTTLClassAndType() throws IOException {
       }
     }
 
-    if (!seen_class) {
+    if (!seenClass) {
       if ((currentDClass = DClass.value(s)) >= 0) {
         s = st.getString();
       } else {
@@ -181,7 +181,7 @@ private long parseUInt32(String s) {
     }
     try {
       long l = Long.parseLong(s);
-      if (l < 0 || l > 0xFFFFFFFFL) {
+      if (!Utils.isUInt32(l)) {
         return -1;
       }
       return l;
@@ -270,7 +270,7 @@ private Record nextGenerated() throws IOException {
    * @return The next record.
    * @throws IOException The master file could not be read, or was syntactically invalid.
    */
-  private Record _nextRecord() throws IOException {
+  private Record nextRecordInternal() throws IOException {
     Tokenizer.Token token;
     String s;
 
@@ -292,11 +292,11 @@ private Record _nextRecord() throws IOException {
       Name name;
 
       token = st.get(true, false);
-      if (token.type == Tokenizer.WHITESPACE) {
+      if (token.type() == Tokenizer.WHITESPACE) {
         Tokenizer.Token next = st.get();
-        if (next.type == Tokenizer.EOL) {
+        if (next.type() == Tokenizer.EOL) {
           continue;
-        } else if (next.type == Tokenizer.EOF) {
+        } else if (next.type() == Tokenizer.EOF) {
           return null;
         } else {
           st.unget();
@@ -305,12 +305,12 @@ private Record _nextRecord() throws IOException {
           throw st.exception("no owner");
         }
         name = last.getName();
-      } else if (token.type == Tokenizer.EOL) {
+      } else if (token.type() == Tokenizer.EOL) {
         continue;
-      } else if (token.type == Tokenizer.EOF) {
+      } else if (token.type() == Tokenizer.EOF) {
         return null;
-      } else if (token.value.charAt(0) == '$') {
-        s = token.value;
+      } else if (token.value().charAt(0) == '$') {
+        s = token.value();
 
         if (s.equalsIgnoreCase("$ORIGIN")) {
           origin = st.getName(Name.root);
@@ -343,7 +343,7 @@ private Record _nextRecord() throws IOException {
           Name includeOrigin = origin;
           token = st.get();
           if (token.isString()) {
-            includeOrigin = parseName(token.value, Name.root);
+            includeOrigin = parseName(token.value(), Name.root);
             st.getEOL();
           }
           included = new Master(includeFile, includeOrigin, defaultTTL);
@@ -366,7 +366,7 @@ private Record _nextRecord() throws IOException {
           throw st.exception("Invalid directive: " + s);
         }
       } else {
-        s = token.value;
+        s = token.value();
         name = parseName(s, origin);
         if (last != null && name.equals(last.getName())) {
           name = last.getName();
@@ -395,7 +395,7 @@ private Record _nextRecord() throws IOException {
   public Record nextRecord() throws IOException {
     Record rec = null;
     try {
-      rec = _nextRecord();
+      rec = nextRecordInternal();
     } finally {
       if (rec == null) {
         st.close();
diff --git a/src/main/java/org/xbill/DNS/Message.java b/src/main/java/org/xbill/DNS/Message.java
index bbaf1ef38..dc24516ca 100644
--- a/src/main/java/org/xbill/DNS/Message.java
+++ b/src/main/java/org/xbill/DNS/Message.java
@@ -1,5 +1,6 @@
 // SPDX-License-Identifier: BSD-3-Clause
 // Copyright (c) 1999-2004 Brian Wellington (bwelling@xbill.org)
+// Copyright (c) 2007-2023 NLnet Labs
 
 package org.xbill.DNS;
 
@@ -7,12 +8,11 @@
 import java.nio.ByteBuffer;
 import java.util.ArrayList;
 import java.util.Collections;
-import java.util.HashSet;
 import java.util.LinkedList;
 import java.util.List;
 import java.util.Optional;
-import java.util.Set;
 import lombok.SneakyThrows;
+import lombok.extern.slf4j.Slf4j;
 
 /**
  * A DNS Message. A message is the basic unit of communication between the client and server of a
@@ -23,6 +23,7 @@
  * @see Section
  * @author Brian Wellington
  */
+@Slf4j
 public class Message implements Cloneable {
 
   /** The maximum length of a message in wire format. */
@@ -32,6 +33,7 @@ public class Message implements Cloneable {
   private List<Record>[] sections;
   private int size;
   private TSIG tsigkey;
+  private TSIGRecord generatedTsig;
   private TSIGRecord querytsig;
   private int tsigerror;
   private Resolver resolver;
@@ -57,9 +59,9 @@ public class Message implements Cloneable {
 
   private static final Record[] emptyRecordArray = new Record[0];
 
-  @SuppressWarnings("unchecked")
+  @SuppressWarnings({"unchecked"})
   private Message(Header header) {
-    sections = new List[4];
+    sections = (List<Record>[]) new List<?>[4];
     this.header = header;
   }
 
@@ -191,6 +193,7 @@ public void addRecord(Record r, int section) {
    * @see Section
    */
   public boolean removeRecord(Record r, int section) {
+    Section.check(section);
     if (sections[section] != null && sections[section].remove(r)) {
       header.decCount(section);
       return true;
@@ -206,6 +209,7 @@ public boolean removeRecord(Record r, int section) {
    * @see Section
    */
   public void removeAllRecords(int section) {
+    Section.check(section);
     sections[section] = null;
     header.setCount(section, 0);
   }
@@ -217,6 +221,7 @@ public void removeAllRecords(int section) {
    * @see Section
    */
   public boolean findRecord(Record r, int section) {
+    Section.check(section);
     return sections[section] != null && sections[section].contains(r);
   }
 
@@ -242,6 +247,8 @@ public boolean findRecord(Record r) {
    * @see Section
    */
   public boolean findRRset(Name name, int type, int section) {
+    Type.check(type);
+    Section.check(section);
     if (sections[section] == null) {
       return false;
     }
@@ -274,7 +281,7 @@ public boolean findRRset(Name name, int type) {
    */
   public Record getQuestion() {
     List<Record> l = sections[Section.QUESTION];
-    if (l == null || l.size() == 0) {
+    if (l == null || l.isEmpty()) {
       return null;
     }
     return l.get(0);
@@ -300,6 +307,16 @@ public TSIGRecord getTSIG() {
     return (TSIGRecord) rec;
   }
 
+  /**
+   * Gets the generated {@link TSIGRecord}. Only valid if the messages has been converted to wire
+   * format with {@link #toWire(int)} before.
+   *
+   * @return A generated TSIG record or {@code null}.
+   */
+  TSIGRecord getGeneratedTSIG() {
+    return generatedTsig;
+  }
+
   /**
    * Was this message signed by a TSIG?
    *
@@ -325,9 +342,9 @@ public boolean isVerified() {
    * @see Section
    */
   public OPTRecord getOPT() {
-    for (Record record : getSection(Section.ADDITIONAL)) {
-      if (record instanceof OPTRecord) {
-        return (OPTRecord) record;
+    for (Record r : getSection(Section.ADDITIONAL)) {
+      if (r instanceof OPTRecord) {
+        return (OPTRecord) r;
       }
     }
     return null;
@@ -353,6 +370,7 @@ public int getRcode() {
    */
   @Deprecated
   public Record[] getSectionArray(int section) {
+    Section.check(section);
     if (sections[section] == null) {
       return emptyRecordArray;
     }
@@ -367,51 +385,43 @@ public Record[] getSectionArray(int section) {
    * @see Section
    */
   public List<Record> getSection(int section) {
+    Section.check(section);
     if (sections[section] == null) {
       return Collections.emptyList();
     }
     return Collections.unmodifiableList(sections[section]);
   }
 
-  private static boolean sameSet(Record r1, Record r2) {
-    return r1.getRRsetType() == r2.getRRsetType()
-        && r1.getDClass() == r2.getDClass()
-        && r1.getName().equals(r2.getName());
-  }
-
   /**
    * Returns an array containing all records in the given section grouped into RRsets.
    *
    * @see RRset
    * @see Section
    */
+  @SuppressWarnings("java:S1119") // label
   public List<RRset> getSectionRRsets(int section) {
+    Section.check(section);
     if (sections[section] == null) {
       return Collections.emptyList();
     }
+
     List<RRset> sets = new LinkedList<>();
-    Set<Name> hash = new HashSet<>();
-    for (Record rec : getSection(section)) {
-      Name name = rec.getName();
-      boolean newset = true;
-      if (hash.contains(name)) {
-        for (int j = sets.size() - 1; j >= 0; j--) {
-          RRset set = sets.get(j);
-          if (set.getType() == rec.getRRsetType()
-              && set.getDClass() == rec.getDClass()
-              && set.getName().equals(name)) {
-            set.addRR(rec);
-            newset = false;
-            break;
-          }
+    record_iteration:
+    for (Record rec : sections[section]) {
+      for (int j = sets.size() - 1; j >= 0; j--) {
+        RRset set = sets.get(j);
+        if (rec.sameRRset(set)) {
+          set.addRR(rec);
+
+          // Existing set found, continue with the next record
+          continue record_iteration;
         }
       }
-      if (newset) {
-        RRset set = new RRset(rec);
-        sets.add(set);
-        hash.add(name);
-      }
+
+      // No existing set found, create a new one
+      sets.add(new RRset(rec));
     }
+
     return sets;
   }
 
@@ -442,7 +452,7 @@ private int sectionToWire(DNSOutput out, int section, Compression c, int maxLeng
         continue;
       }
 
-      if (lastrec != null && !sameSet(rec, lastrec)) {
+      if (lastrec != null && !rec.sameRRset(lastrec)) {
         pos = out.current();
         rendered = count;
       }
@@ -457,10 +467,10 @@ private int sectionToWire(DNSOutput out, int section, Compression c, int maxLeng
     return n - count;
   }
 
-  /* Returns true if the message could be rendered. */
-  private void toWire(DNSOutput out, int maxLength) {
+  /* Returns true if the message could be completely rendered (i.e. not truncated). */
+  private boolean toWire(DNSOutput out, int maxLength) {
     if (maxLength < Header.LENGTH) {
-      return;
+      return false;
     }
 
     int tempMaxLength = maxLength;
@@ -516,8 +526,11 @@ private void toWire(DNSOutput out, int maxLength) {
       TSIGRecord tsigrec = tsigkey.generate(this, out.toByteArray(), tsigerror, querytsig);
 
       tsigrec.toWire(out, Section.ADDITIONAL, c);
+      generatedTsig = tsigrec;
       out.writeU16At(additionalCount + 1, startpos + 10);
     }
+
+    return !Header.getFlag(flags, Flags.TC);
   }
 
   /**
@@ -535,10 +548,8 @@ public byte[] toWire() {
 
   /**
    * Returns an array containing the wire format representation of the Message with the specified
-   * maximum length. This will generate a truncated message (with the TC bit) if the message doesn't
-   * fit, and will also sign the message with the TSIG key set by a call to setTSIG(). This method
-   * may return an empty byte array if the message could not be rendered at all; this could happen
-   * if maxLength is smaller than a DNS header, for example.
+   * maximum length. Equivalent to calling {@link #toWire(int maxLength, boolean truncate)
+   * toWire(maxLength, true)}.
    *
    * <p>Do NOT use this method in conjunction with {@link TSIG#apply(Message, TSIGRecord)}, it
    * produces inconsistent results! Use {@link #setTSIG(TSIG, int, TSIGRecord)} instead.
@@ -556,6 +567,46 @@ public byte[] toWire(int maxLength) {
     return out.toByteArray();
   }
 
+  /**
+   * Returns an array containing the wire format representation of the Message with the specified
+   * maximum length. If {@code truncate} is {@code true} it will generate a truncated message (with
+   * the TC bit) if the message doesn't fit, otherwise an exception will be thrown. It will also
+   * sign the message with the TSIG key set by a call to {@link #setTSIG(TSIG, int, TSIGRecord)}.
+   * This method may return an empty byte array if the message could not be rendered at all; this
+   * could happen if maxLength is smaller than a DNS header, for example.
+   *
+   * <p>Do NOT use this method in conjunction with {@link TSIG#apply(Message, TSIGRecord)}, it
+   * produces inconsistent results! Use {@link #setTSIG(TSIG, int, TSIGRecord)} instead.
+   *
+   * @param maxLength The maximum length of the message.
+   * @return The wire format of the message, or an empty array if the message could not be rendered
+   *     into the specified length.
+   * @throws MessageSizeExceededException When the message size would exceed the specified {@code
+   *     maxLength}.
+   * @see Flags
+   * @see TSIG
+   */
+  public byte[] toWire(int maxLength, boolean truncate) throws MessageSizeExceededException {
+    DNSOutput out = new DNSOutput();
+    boolean completelyRendered = toWire(out, maxLength);
+    if (!completelyRendered && !truncate) {
+      throw new MessageSizeExceededException(maxLength);
+    }
+
+    size = out.current();
+    return out.toByteArray();
+  }
+
+  /**
+   * Sets the TSIG key to sign a message.
+   *
+   * @param key The TSIG key.
+   * @since 3.5.1
+   */
+  public void setTSIG(TSIG key) {
+    setTSIG(key, Rcode.NOERROR, null);
+  }
+
   /**
    * Sets the TSIG key and other necessary information to sign a message.
    *
@@ -582,13 +633,10 @@ public int numBytes() {
    *
    * @see Section
    */
-  public String sectionToString(int i) {
-    if (i > 3) {
-      return null;
-    }
-
+  public String sectionToString(int section) {
+    Section.check(section);
     StringBuilder sb = new StringBuilder();
-    sectionToString(sb, i);
+    sectionToString(sb, section);
     return sb.toString();
   }
 
@@ -655,10 +703,10 @@ public String toString() {
    */
   @Override
   @SneakyThrows(CloneNotSupportedException.class)
-  @SuppressWarnings("unchecked")
+  @SuppressWarnings({"unchecked", "java:S2975"})
   public Message clone() {
     Message m = (Message) super.clone();
-    m.sections = (List<Record>[]) new List[sections.length];
+    m.sections = (List<Record>[]) new List<?>[sections.length];
     for (int i = 0; i < sections.length; i++) {
       if (sections[i] != null) {
         m.sections[i] = new LinkedList<>(sections[i]);
@@ -668,6 +716,9 @@ public Message clone() {
     if (querytsig != null) {
       m.querytsig = (TSIGRecord) querytsig.cloneRecord();
     }
+    if (generatedTsig != null) {
+      m.generatedTsig = (TSIGRecord) generatedTsig.cloneRecord();
+    }
     return m;
   }
 
@@ -680,4 +731,414 @@ public void setResolver(Resolver resolver) {
   public Optional<Resolver> getResolver() {
     return Optional.ofNullable(resolver);
   }
+
+  /**
+   * Checks if a record {@link Type} is allowed within a {@link Section}.
+   *
+   * @return {@code true} if the type is allowed, {@code false} otherwise.
+   */
+  boolean isTypeAllowedInSection(int type, int section) {
+    Type.check(type);
+    Section.check(section);
+    switch (section) {
+      case Section.AUTHORITY:
+        if (type == Type.SOA
+            || type == Type.NS
+            || type == Type.DS
+            || type == Type.NSEC
+            || type == Type.NSEC3) {
+          return true;
+        }
+        break;
+      case Section.ADDITIONAL:
+        if (type == Type.A || type == Type.AAAA) {
+          return true;
+        }
+        break;
+    }
+
+    return !Boolean.parseBoolean(System.getProperty("dnsjava.harden_unknown_additional", "true"));
+  }
+
+  /**
+   * Creates a normalized copy of this message by following xNAME chains, synthesizing CNAMEs from
+   * DNAMEs if necessary, and removing illegal RRsets from {@link Section#AUTHORITY} and {@link
+   * Section#ADDITIONAL}.
+   *
+   * <p>Normalization is only applied to {@link Rcode#NOERROR} and {@link Rcode#NXDOMAIN} responses.
+   *
+   * <p>This method is equivalent to calling {@link #normalize(Message, boolean)} with {@code
+   * false}.
+   *
+   * @param query The query that produced this message.
+   * @return {@code null} if the message could not be normalized or is otherwise invalid.
+   * @since 3.6
+   */
+  public Message normalize(Message query) {
+    try {
+      return normalize(query, false);
+    } catch (WireParseException e) {
+      // Cannot happen with 'false'
+    }
+
+    return null;
+  }
+
+  /**
+   * Creates a normalized copy of this message by following xNAME chains, synthesizing CNAMEs from
+   * DNAMEs if necessary, and removing illegal RRsets from {@link Section#AUTHORITY} and {@link
+   * Section#ADDITIONAL}.
+   *
+   * <p>Normalization is only applied to {@link Rcode#NOERROR} and {@link Rcode#NXDOMAIN} responses.
+   *
+   * @param query The query that produced this message.
+   * @param throwOnIrrelevantRecord If {@code true}, throw an exception instead of silently ignoring
+   *     irrelevant records.
+   * @return {@code null} if the message could not be normalized or is otherwise invalid.
+   * @throws WireParseException when {@code throwOnIrrelevantRecord} is {@code true} and an invalid
+   *     or irrelevant record was found.
+   * @since 3.6
+   */
+  public Message normalize(Message query, boolean throwOnIrrelevantRecord)
+      throws WireParseException {
+    if (getRcode() != Rcode.NOERROR && getRcode() != Rcode.NXDOMAIN) {
+      return this;
+    }
+
+    Name sname = query.getQuestion().getName();
+    List<RRset> answerSectionSets = getSectionRRsets(Section.ANSWER);
+    List<RRset> additionalSectionSets = getSectionRRsets(Section.ADDITIONAL);
+    List<RRset> authoritySectionSets = getSectionRRsets(Section.AUTHORITY);
+
+    @SuppressWarnings({"unchecked", "rawtypes"})
+    List<RRset>[] cleanedSection = new ArrayList[4];
+    cleanedSection[Section.ANSWER] = new ArrayList<>();
+    cleanedSection[Section.AUTHORITY] = new ArrayList<>();
+    cleanedSection[Section.ADDITIONAL] = new ArrayList<>();
+    boolean hadNsInAuthority = false;
+
+    // For the ANSWER section, remove all "irrelevant" records and add synthesized CNAMEs from
+    // DNAMEs. This will strip out-of-order CNAMEs as well.
+    for (int i = 0; i < answerSectionSets.size(); i++) {
+      RRset rrset = answerSectionSets.get(i);
+      Name oldSname = sname;
+
+      if (rrset.getType() == Type.DNAME && sname.subdomain(rrset.getName())) {
+        if (rrset.size() > 1) {
+          String template =
+              "Normalization failed in response to <{}/{}/{}> (id {}), found {} entries (instead of just one) in DNAME RRSet <{}/{}>";
+          if (throwOnIrrelevantRecord) {
+            throw new WireParseException(template.replace("{}", "%s"));
+          }
+          log.warn(
+              template,
+              sname,
+              Type.string(query.getQuestion().getType()),
+              DClass.string(query.getQuestion().getDClass()),
+              getHeader().getID(),
+              rrset.size(),
+              rrset.getName(),
+              DClass.string(rrset.getDClass()));
+          return null;
+        }
+
+        // If DNAME was queried, don't attempt to synthesize CNAME
+        if (query.getQuestion().getType() != Type.DNAME) {
+          // The DNAME is valid, accept it
+          cleanedSection[Section.ANSWER].add(rrset);
+
+          // Check if the next rrset is correct CNAME, otherwise synthesize a CNAME
+          RRset nextRRSet = answerSectionSets.size() >= i + 2 ? answerSectionSets.get(i + 1) : null;
+          DNAMERecord dname = ((DNAMERecord) rrset.first());
+          try {
+            // Validate that an existing CNAME matches what we would synthesize
+            if (nextRRSet != null
+                && nextRRSet.getType() == Type.CNAME
+                && nextRRSet.getName().equals(sname)) {
+              Name expected =
+                  Name.concatenate(
+                      nextRRSet.getName().relativize(dname.getName()), dname.getTarget());
+              if (expected.equals(((CNAMERecord) nextRRSet.first()).getTarget())) {
+                continue;
+              }
+            }
+
+            // Add a synthesized CNAME; TTL=0 to avoid caching
+            Name dnameTarget = sname.fromDNAME(dname);
+            cleanedSection[Section.ANSWER].add(
+                new RRset(new CNAMERecord(sname, dname.getDClass(), 0, dnameTarget)));
+            sname = dnameTarget;
+
+            // In DNAME ANY response, can have data after DNAME
+            if (query.getQuestion().getType() == Type.ANY) {
+              for (i++; i < answerSectionSets.size(); i++) {
+                rrset = answerSectionSets.get(i);
+                if (rrset.getName().equals(oldSname)) {
+                  cleanedSection[Section.ANSWER].add(rrset);
+                } else {
+                  break;
+                }
+              }
+            }
+
+            continue;
+          } catch (NameTooLongException e) {
+            String template =
+                "Normalization failed in response to <{}/{}/{}> (id {}), could not synthesize CNAME for DNAME <{}/{}>";
+            if (throwOnIrrelevantRecord) {
+              throw new WireParseException(template.replace("{}", "%s"), e);
+            }
+            log.warn(
+                template,
+                sname,
+                Type.string(query.getQuestion().getType()),
+                DClass.string(query.getQuestion().getDClass()),
+                getHeader().getID(),
+                rrset.getName(),
+                DClass.string(rrset.getDClass()));
+            return null;
+          }
+        }
+      }
+
+      // Ignore irrelevant records
+      if (!sname.equals(rrset.getName())) {
+        logOrThrow(
+            throwOnIrrelevantRecord,
+            "Ignoring irrelevant RRset <{}/{}/{}> in response to <{}/{}/{}> (id {})",
+            rrset,
+            sname,
+            query);
+        continue;
+      }
+
+      // Follow CNAMEs
+      if (rrset.getType() == Type.CNAME && query.getQuestion().getType() != Type.CNAME) {
+        if (rrset.size() > 1) {
+          String template =
+              "Found {} CNAMEs in <{}/{}> response to <{}/{}/{}> (id {}), removing all but the first";
+          if (throwOnIrrelevantRecord) {
+            throw new WireParseException(
+                String.format(
+                    template.replace("{}", "%s"),
+                    rrset.rrs(false).size(),
+                    rrset.getName(),
+                    DClass.string(rrset.getDClass()),
+                    sname,
+                    Type.string(query.getQuestion().getType()),
+                    DClass.string(query.getQuestion().getDClass()),
+                    getHeader().getID()));
+          }
+          log.warn(
+              template,
+              rrset.rrs(false).size(),
+              rrset.getName(),
+              DClass.string(rrset.getDClass()),
+              sname,
+              Type.string(query.getQuestion().getType()),
+              DClass.string(query.getQuestion().getDClass()),
+              getHeader().getID());
+          List<Record> cnameRRset = rrset.rrs(false);
+          for (int cnameIndex = 1; cnameIndex < cnameRRset.size(); cnameIndex++) {
+            rrset.deleteRR(cnameRRset.get(i));
+          }
+        }
+
+        sname = ((CNAMERecord) rrset.first()).getTarget();
+        cleanedSection[Section.ANSWER].add(rrset);
+
+        // In CNAME ANY response, can have data after CNAME
+        if (query.getQuestion().getType() == Type.ANY) {
+          for (i++; i < answerSectionSets.size(); i++) {
+            rrset = answerSectionSets.get(i);
+            if (rrset.getName().equals(oldSname)) {
+              cleanedSection[Section.ANSWER].add(rrset);
+            } else {
+              break;
+            }
+          }
+        }
+
+        continue;
+      }
+
+      // Remove records that don't match the queried type
+      int qtype = getQuestion().getType();
+      if (qtype != Type.ANY && rrset.getActualType() != qtype) {
+        logOrThrow(
+            throwOnIrrelevantRecord,
+            "Ignoring irrelevant RRset <{}/{}/{}> in ANSWER section response to <{}/{}/{}> (id {})",
+            rrset,
+            sname,
+            query);
+        continue;
+      }
+
+      // Mark the additional names from relevant RRset as OK
+      cleanedSection[Section.ANSWER].add(rrset);
+      if (sname.equals(rrset.getName())) {
+        addAdditionalRRset(rrset, additionalSectionSets, cleanedSection[Section.ADDITIONAL]);
+      }
+    }
+
+    for (RRset rrset : authoritySectionSets) {
+      switch (rrset.getType()) {
+        case Type.DNAME:
+        case Type.CNAME:
+        case Type.A:
+        case Type.AAAA:
+          logOrThrow(
+              throwOnIrrelevantRecord,
+              "Ignoring forbidden RRset <{}/{}/{}> in AUTHORITY section response to <{}/{}/{}> (id {})",
+              rrset,
+              sname,
+              query);
+          continue;
+      }
+
+      if (!isTypeAllowedInSection(rrset.getType(), Section.AUTHORITY)) {
+        logOrThrow(
+            throwOnIrrelevantRecord,
+            "Ignoring disallowed RRset <{}/{}/{}> in AUTHORITY section response to <{}/{}/{}> (id {})",
+            rrset,
+            sname,
+            query);
+        continue;
+      }
+
+      if (rrset.getType() == Type.NS) {
+        // NS set must be pertinent to the query
+        if (!sname.subdomain(rrset.getName())) {
+          logOrThrow(
+              throwOnIrrelevantRecord,
+              "Ignoring disallowed RRset <{}/{}/{}> in AUTHORITY section response to <{}/{}/{}> (id {}), not a subdomain of the query",
+              rrset,
+              sname,
+              query);
+          continue;
+        }
+
+        // We don't want NS sets for NODATA or NXDOMAIN answers, because they could contain
+        // poisonous contents, from e.g. fragmentation attacks, inserted after long RRSIGs in the
+        // packet get to the packet border and such
+        if (getRcode() == Rcode.NXDOMAIN
+            || (getRcode() == Rcode.NOERROR
+                && authoritySectionSets.stream().anyMatch(set -> set.getType() == Type.SOA)
+                && sections[Section.ANSWER] == null)) {
+          logOrThrow(
+              throwOnIrrelevantRecord,
+              "Ignoring disallowed RRset <{}/{}/{}> in AUTHORITY section response to <{}/{}/{}> (id {}), NXDOMAIN or NODATA",
+              rrset,
+              sname,
+              query);
+          continue;
+        }
+
+        if (!hadNsInAuthority) {
+          hadNsInAuthority = true;
+        } else {
+          logOrThrow(
+              throwOnIrrelevantRecord,
+              "Ignoring disallowed RRset <{}/{}/{}> in AUTHORITY section response to <{}/{}/{}> (id {}), already seen another NS",
+              rrset,
+              sname,
+              query);
+          continue;
+        }
+      }
+
+      cleanedSection[Section.AUTHORITY].add(rrset);
+      addAdditionalRRset(rrset, additionalSectionSets, cleanedSection[Section.ADDITIONAL]);
+    }
+
+    Message cleanedMessage = new Message(this.getHeader());
+    cleanedMessage.sections[Section.QUESTION] = this.sections[Section.QUESTION];
+    for (int section : new int[] {Section.ANSWER, Section.AUTHORITY, Section.ADDITIONAL}) {
+      cleanedMessage.sections[section] = rrsetListToRecords(cleanedSection[section]);
+
+      // Fixup counts in the header
+      cleanedMessage
+          .getHeader()
+          .setCount(
+              section,
+              cleanedMessage.sections[section] == null
+                  ? 0
+                  : cleanedMessage.sections[section].size());
+    }
+
+    return cleanedMessage;
+  }
+
+  private void logOrThrow(
+      boolean throwOnIrrelevantRecord, String format, RRset rrset, Name sname, Message query)
+      throws WireParseException {
+    if (throwOnIrrelevantRecord) {
+      throw new WireParseException(
+          String.format(
+              format.replace("{}", "%s"),
+              rrset.getName(),
+              DClass.string(rrset.getDClass()),
+              Type.string(rrset.getType()),
+              sname,
+              DClass.string(query.getQuestion().getDClass()),
+              Type.string(query.getQuestion().getType()),
+              getHeader().getID()));
+    }
+
+    log.debug(
+        format,
+        rrset.getName(),
+        DClass.string(rrset.getDClass()),
+        Type.string(rrset.getType()),
+        sname,
+        DClass.string(query.getQuestion().getDClass()),
+        Type.string(query.getQuestion().getType()),
+        getHeader().getID());
+  }
+
+  private List<Record> rrsetListToRecords(List<RRset> rrsets) {
+    if (rrsets.isEmpty()) {
+      return null;
+    }
+
+    List<Record> result = new ArrayList<>(rrsets.size());
+    for (RRset set : rrsets) {
+      result.addAll(set.rrs(false));
+      result.addAll(set.sigs());
+    }
+
+    return result;
+  }
+
+  private void addAdditionalRRset(
+      RRset rrset, List<RRset> additionalSectionSets, List<RRset> cleanedAdditionalSection) {
+    if (!doesTypeHaveAdditionalRecords(rrset.getType())) {
+      return;
+    }
+
+    for (Record r : rrset.rrs(false)) {
+      for (RRset set : additionalSectionSets) {
+        if (set.getName().equals(r.getAdditionalName())
+            && isTypeAllowedInSection(set.getType(), Section.ADDITIONAL)) {
+          cleanedAdditionalSection.add(set);
+        }
+      }
+    }
+  }
+
+  private boolean doesTypeHaveAdditionalRecords(int type) {
+    switch (type) {
+      case Type.MB:
+      case Type.MD:
+      case Type.MF:
+      case Type.NS:
+      case Type.MX:
+      case Type.KX:
+      case Type.SRV:
+      case Type.NAPTR:
+        return true;
+    }
+
+    return false;
+  }
 }
diff --git a/src/main/java/org/xbill/DNS/MessageSizeExceededException.java b/src/main/java/org/xbill/DNS/MessageSizeExceededException.java
new file mode 100644
index 000000000..4387bee4a
--- /dev/null
+++ b/src/main/java/org/xbill/DNS/MessageSizeExceededException.java
@@ -0,0 +1,16 @@
+// SPDX-License-Identifier: BSD-3-Clause
+package org.xbill.DNS;
+
+import lombok.Getter;
+
+/** Indicates that converting a {@link Message} to wire format exceeded the maximum length. */
+@Getter
+public final class MessageSizeExceededException extends Exception {
+  /** Gets the maximum allowed size (in bytes). */
+  private final int maxSize;
+
+  MessageSizeExceededException(int maxSize) {
+    super("Message size would exceed the allowed maximum of " + maxSize + " bytes");
+    this.maxSize = maxSize;
+  }
+}
diff --git a/src/main/java/org/xbill/DNS/Mnemonic.java b/src/main/java/org/xbill/DNS/Mnemonic.java
index 8294ffd9a..912ecab13 100644
--- a/src/main/java/org/xbill/DNS/Mnemonic.java
+++ b/src/main/java/org/xbill/DNS/Mnemonic.java
@@ -63,7 +63,7 @@ public void setNumericAllowed(boolean numeric) {
   /** Checks that a numeric value is within the range [0..max] */
   public void check(int val) {
     if (val < 0 || val > max) {
-      throw new IllegalArgumentException(description + " " + val + "is out of range");
+      throw new IllegalArgumentException(description + " " + val + " is out of range");
     }
   }
 
@@ -84,6 +84,7 @@ private int parseNumeric(String s) {
         return val;
       }
     } catch (NumberFormatException e) {
+      // Ignore
     }
     return -1;
   }
@@ -181,12 +182,10 @@ public int getValue(String str) {
     if (value != null) {
       return value;
     }
-    if (prefix != null) {
-      if (str.startsWith(prefix)) {
-        int val = parseNumeric(str.substring(prefix.length()));
-        if (val >= 0) {
-          return val;
-        }
+    if (prefix != null && str.startsWith(prefix)) {
+      int val = parseNumeric(str.substring(prefix.length()));
+      if (val >= 0) {
+        return val;
       }
     }
     if (numericok) {
diff --git a/src/main/java/org/xbill/DNS/NAPTRRecord.java b/src/main/java/org/xbill/DNS/NAPTRRecord.java
index da3bf9afb..87d5f9720 100644
--- a/src/main/java/org/xbill/DNS/NAPTRRecord.java
+++ b/src/main/java/org/xbill/DNS/NAPTRRecord.java
@@ -10,12 +10,15 @@
  * will produce a new domain.
  *
  * @author Chuck Santos
- * @see <a href="https://tools.ietf.org/html/rfc3403">RFC 3403: Dynamic Delegation Discovery System
- *     (DDDS) Part Three: The Domain Name System (DNS) Database</a>
+ * @see <a href="https://datatracker.ietf.org/doc/html/rfc3403">RFC 3403: Dynamic Delegation
+ *     Discovery System (DDDS) Part Three: The Domain Name System (DNS) Database</a>
  */
 public class NAPTRRecord extends Record {
-  private int order, preference;
-  private byte[] flags, service, regexp;
+  private int order;
+  private int preference;
+  private byte[] flags;
+  private byte[] service;
+  private byte[] regexp;
   private Name replacement;
 
   NAPTRRecord() {}
diff --git a/src/main/java/org/xbill/DNS/NSAPRecord.java b/src/main/java/org/xbill/DNS/NSAPRecord.java
index 3be0047cf..8b881757b 100644
--- a/src/main/java/org/xbill/DNS/NSAPRecord.java
+++ b/src/main/java/org/xbill/DNS/NSAPRecord.java
@@ -11,7 +11,8 @@
  * NSAP Address Record.
  *
  * @author Brian Wellington
- * @see <a href="https://tools.ietf.org/html/rfc1706">RFC 1706: DNS NSAP Resource Records</a>
+ * @see <a href="https://datatracker.ietf.org/doc/html/rfc1706">RFC 1706: DNS NSAP Resource
+ *     Records</a>
  */
 public class NSAPRecord extends Record {
   private byte[] address;
diff --git a/src/main/java/org/xbill/DNS/NSAP_PTRRecord.java b/src/main/java/org/xbill/DNS/NSAP_PTRRecord.java
index 8e1da00b1..478ddd15b 100644
--- a/src/main/java/org/xbill/DNS/NSAP_PTRRecord.java
+++ b/src/main/java/org/xbill/DNS/NSAP_PTRRecord.java
@@ -7,7 +7,8 @@
  * NSAP Pointer Record - maps a domain name representing an NSAP Address to a hostname. (obsolete)
  *
  * @author Brian Wellington
- * @see <a href="https://tools.ietf.org/html/rfc1706">RFC 1706: DNS NSAP Resource Records</a>
+ * @see <a href="https://datatracker.ietf.org/doc/html/rfc1706">RFC 1706: DNS NSAP Resource
+ *     Records</a>
  */
 public class NSAP_PTRRecord extends SingleNameBase {
   NSAP_PTRRecord() {}
diff --git a/src/main/java/org/xbill/DNS/NSEC3PARAMRecord.java b/src/main/java/org/xbill/DNS/NSEC3PARAMRecord.java
index 9875040fa..ce5ce4b93 100644
--- a/src/main/java/org/xbill/DNS/NSEC3PARAMRecord.java
+++ b/src/main/java/org/xbill/DNS/NSEC3PARAMRecord.java
@@ -15,8 +15,8 @@
  *
  * @author Brian Wellington
  * @author David Blacka
- * @see <a href="https://tools.ietf.org/html/rfc5155">RFC 5155: DNS Security (DNSSEC) Hashed
- *     Authenticated Denial of Existence</a>
+ * @see <a href="https://datatracker.ietf.org/doc/html/rfc5155">RFC 5155: DNS Security (DNSSEC)
+ *     Hashed Authenticated Denial of Existence</a>
  */
 public class NSEC3PARAMRecord extends Record {
   private int hashAlg;
@@ -61,9 +61,9 @@ protected void rrFromWire(DNSInput in) throws IOException {
     flags = in.readU8();
     iterations = in.readU16();
 
-    int salt_length = in.readU8();
-    if (salt_length > 0) {
-      salt = in.readByteArray(salt_length);
+    int saltLength = in.readU8();
+    if (saltLength > 0) {
+      salt = in.readByteArray(saltLength);
     } else {
       salt = null;
     }
diff --git a/src/main/java/org/xbill/DNS/NSEC3Record.java b/src/main/java/org/xbill/DNS/NSEC3Record.java
index 8fe2dfea3..aaad185b9 100644
--- a/src/main/java/org/xbill/DNS/NSEC3Record.java
+++ b/src/main/java/org/xbill/DNS/NSEC3Record.java
@@ -18,8 +18,8 @@
  *
  * @author Brian Wellington
  * @author David Blacka
- * @see <a href="https://tools.ietf.org/html/rfc5155">RFC 5155: DNS Security (DNSSEC) Hashed
- *     Authenticated Denial of Existence</a>
+ * @see <a href="https://datatracker.ietf.org/doc/html/rfc5155">RFC 5155: DNS Security (DNSSEC)
+ *     Hashed Authenticated Denial of Existence</a>
  */
 public class NSEC3Record extends Record {
 
@@ -126,15 +126,15 @@ protected void rrFromWire(DNSInput in) throws IOException {
     flags = in.readU8();
     iterations = in.readU16();
 
-    int salt_length = in.readU8();
-    if (salt_length > 0) {
-      salt = in.readByteArray(salt_length);
+    int saltLength = in.readU8();
+    if (saltLength > 0) {
+      salt = in.readByteArray(saltLength);
     } else {
       salt = null;
     }
 
-    int next_length = in.readU8();
-    next = in.readByteArray(next_length);
+    int nextLength = in.readU8();
+    next = in.readByteArray(nextLength);
     types = new TypeBitmap(in);
   }
 
diff --git a/src/main/java/org/xbill/DNS/NSECRecord.java b/src/main/java/org/xbill/DNS/NSECRecord.java
index cf28f5d96..67375944e 100644
--- a/src/main/java/org/xbill/DNS/NSECRecord.java
+++ b/src/main/java/org/xbill/DNS/NSECRecord.java
@@ -14,8 +14,8 @@
  *
  * @author Brian Wellington
  * @author David Blacka
- * @see <a href="https://tools.ietf.org/html/rfc4034">RFC 4034: Resource Records for the DNS
- *     Security Extensions</a>
+ * @see <a href="https://datatracker.ietf.org/doc/html/rfc4034">RFC 4034: Resource Records for the
+ *     DNS Security Extensions</a>
  */
 public class NSECRecord extends Record {
   private Name next;
diff --git a/src/main/java/org/xbill/DNS/NSIDOption.java b/src/main/java/org/xbill/DNS/NSIDOption.java
index 31dcef433..477e36ebe 100644
--- a/src/main/java/org/xbill/DNS/NSIDOption.java
+++ b/src/main/java/org/xbill/DNS/NSIDOption.java
@@ -8,8 +8,8 @@
  *
  * @see OPTRecord
  * @author Brian Wellington
- * @see <a href="https://tools.ietf.org/html/rfc5001">RFC 5001: DNS Name Server Identifier (NSID)
- *     Option</a>
+ * @see <a href="https://datatracker.ietf.org/doc/html/rfc5001">RFC 5001: DNS Name Server Identifier
+ *     (NSID) Option</a>
  */
 public class NSIDOption extends GenericEDNSOption {
   NSIDOption() {
diff --git a/src/main/java/org/xbill/DNS/NSRecord.java b/src/main/java/org/xbill/DNS/NSRecord.java
index 1c48370b8..e5a075717 100644
--- a/src/main/java/org/xbill/DNS/NSRecord.java
+++ b/src/main/java/org/xbill/DNS/NSRecord.java
@@ -7,8 +7,8 @@
  * Name Server Record - contains the name server serving the named zone
  *
  * @author Brian Wellington
- * @see <a href="https://tools.ietf.org/html/rfc1035">RFC 1035: Domain Names - Implementation and
- *     Specification</a>
+ * @see <a href="https://datatracker.ietf.org/doc/html/rfc1035">RFC 1035: Domain Names -
+ *     Implementation and Specification</a>
  */
 public class NSRecord extends SingleCompressedNameBase {
   NSRecord() {}
diff --git a/src/main/java/org/xbill/DNS/NULLRecord.java b/src/main/java/org/xbill/DNS/NULLRecord.java
index 00e1a294f..a96554fe4 100644
--- a/src/main/java/org/xbill/DNS/NULLRecord.java
+++ b/src/main/java/org/xbill/DNS/NULLRecord.java
@@ -9,8 +9,8 @@
  * The NULL Record. This has no defined purpose, but can be used to hold arbitrary data.
  *
  * @author Brian Wellington
- * @see <a href="https://tools.ietf.org/html/rfc1035">RFC 1035: Domain Names - Implementation and
- *     Specification</a>
+ * @see <a href="https://datatracker.ietf.org/doc/html/rfc1035">RFC 1035: Domain Names -
+ *     Implementation and Specification</a>
  */
 public class NULLRecord extends Record {
   private byte[] data;
diff --git a/src/main/java/org/xbill/DNS/NXTRecord.java b/src/main/java/org/xbill/DNS/NXTRecord.java
index 15bf73ca0..ac1347fc1 100644
--- a/src/main/java/org/xbill/DNS/NXTRecord.java
+++ b/src/main/java/org/xbill/DNS/NXTRecord.java
@@ -12,8 +12,8 @@
  * signifies a failed query for data in a DNSSEC-signed zone.
  *
  * @author Brian Wellington
- * @see <a href="https://tools.ietf.org/html/rfc2065">RFC 2065: Domain Name System Security
- *     Extensions</a>
+ * @see <a href="https://datatracker.ietf.org/doc/html/rfc2065">RFC 2065: Domain Name System
+ *     Security Extensions</a>
  */
 public class NXTRecord extends Record {
   private Name next;
@@ -57,9 +57,9 @@ protected void rdataFromString(Tokenizer st, Name origin) throws IOException {
       if (!t.isString()) {
         break;
       }
-      int typecode = Type.value(t.value, true);
+      int typecode = Type.value(t.value(), true);
       if (typecode <= 0 || typecode > 128) {
-        throw st.exception("Invalid type: " + t.value);
+        throw st.exception("Invalid type: " + t.value());
       }
       bitmap.set(typecode);
     }
diff --git a/src/main/java/org/xbill/DNS/Name.java b/src/main/java/org/xbill/DNS/Name.java
index 9c5465fc1..99580d3e4 100644
--- a/src/main/java/org/xbill/DNS/Name.java
+++ b/src/main/java/org/xbill/DNS/Name.java
@@ -78,7 +78,7 @@ public class Name implements Comparable<Name>, Serializable {
 
   private Name() {}
 
-  private void setoffset(int n, int offset) {
+  private void setOffset(int n, int offset) {
     if (n == 0 || n >= MAXOFFSETS) {
       return;
     }
@@ -134,7 +134,7 @@ private void append(byte[] array, int arrayOffset, int numLabels) throws NameToo
     System.arraycopy(array, arrayOffset, newname, length, appendLength);
     name = newname;
     for (int i = 0, pos = length; i < numLabels && i < MAXOFFSETS; i++) {
-      setoffset(labels + i, pos);
+      setOffset(labels + i, pos);
       pos += newname[pos] + 1;
     }
     labels += numLabels;
@@ -162,7 +162,7 @@ private int prepareAppend(int len) throws NameTooLongException {
     }
     newname[length] = (byte) len;
     name = newname;
-    setoffset(labels, length);
+    setOffset(labels, length);
     labels++;
     return length + 1;
   }
@@ -271,6 +271,7 @@ public Name(String s, Name origin) throws TextParseException {
       appendFromString(s, label, pos);
     }
     if (origin != null && !absolute) {
+      absolute = origin.isAbsolute();
       appendFromString(s, origin.name, origin.labels);
     }
     // A relative name that is MAXNAME octets long is a strange and wonderful thing.
@@ -418,7 +419,7 @@ public Name(Name src, int n) {
     name = Arrays.copyOfRange(src.name, src.offset(n), src.name.length);
     int strippedBytes = src.offset(n);
     for (int i = 1; i < MAXOFFSETS && i < labels; i++) {
-      setoffset(i, src.offset(i + n) - strippedBytes);
+      setOffset(i, src.offset(i + n) - strippedBytes);
     }
   }
 
@@ -538,7 +539,7 @@ public Name fromDNAME(DNAMERecord dname) throws NameTooLongException {
     System.arraycopy(dnametarget.name, 0, newname.name, plength, dlength);
 
     for (int i = 0, pos = 0; i < MAXOFFSETS && i < plabels + dlabels; i++) {
-      newname.setoffset(i, pos);
+      newname.setOffset(i, pos);
       pos += newname.name[pos] + 1;
     }
     return newname;
@@ -573,7 +574,7 @@ public int labels() {
     return labels;
   }
 
-  /** Is the current Name a subdomain of the specified name? */
+  /** Returns {@code true} if this {@link Name} a subdomain of {@code domain}. */
   public boolean subdomain(Name domain) {
     int dlabels = domain.labels;
     if (dlabels > labels) {
diff --git a/src/main/java/org/xbill/DNS/NioClient.java b/src/main/java/org/xbill/DNS/NioClient.java
index cedf7a52b..b197f4161 100644
--- a/src/main/java/org/xbill/DNS/NioClient.java
+++ b/src/main/java/org/xbill/DNS/NioClient.java
@@ -5,12 +5,12 @@
 
 import java.io.IOException;
 import java.net.SocketAddress;
+import java.nio.ByteBuffer;
 import java.nio.channels.ClosedSelectorException;
 import java.nio.channels.SelectionKey;
 import java.nio.channels.Selector;
 import java.util.Iterator;
-import java.util.List;
-import java.util.concurrent.CopyOnWriteArrayList;
+import java.util.function.Consumer;
 import lombok.AccessLevel;
 import lombok.NoArgsConstructor;
 import lombok.extern.slf4j.Slf4j;
@@ -22,20 +22,38 @@
  * {@code dnsjava} is used in an application container like Tomcat. In a normal JVM setup {@link
  * #close()} is called by a shutdown hook.
  *
+ * <p>The following configuration parameter is available:
+ *
+ * <dl>
+ *   <dt>{@value SELECTOR_TIMEOUT_PROPERTY}
+ *   <dd>Set selector timeout in milliseconds. Default/Max 1000, Min 1.
+ *   <dt>{@value REGISTER_SHUTDOWN_HOOK_PROPERTY}
+ *   <dd>Register Shutdown Hook termination of NIO. Default True.
+ * </dl>
+ *
  * @since 3.4
  */
 @Slf4j
 @NoArgsConstructor(access = AccessLevel.NONE)
 public abstract class NioClient {
+  static final String SELECTOR_TIMEOUT_PROPERTY = "dnsjava.nio.selector_timeout";
+  static final String REGISTER_SHUTDOWN_HOOK_PROPERTY = "dnsjava.nio.register_shutdown_hook";
+  private static final Object NIO_CLIENT_LOCK = new Object();
+
   /** Packet logger, if available. */
   private static PacketLogger packetLogger = null;
 
-  private static final List<Runnable> timeoutTasks = new CopyOnWriteArrayList<>();
-  private static final List<Runnable> closeTasks = new CopyOnWriteArrayList<>();
+  private static final Runnable[] TIMEOUT_TASKS = new Runnable[2];
+
+  private static Consumer<Selector> TCP_REGISTRATIONS_TASK;
+  private static Consumer<Selector> UDP_REGISTRATIONS_TASK;
+
+  private static final Runnable[] CLOSE_TASKS = new Runnable[2];
   private static Thread selectorThread;
   private static Thread closeThread;
   private static volatile Selector selector;
   private static volatile boolean run;
+  private static volatile boolean closeDone;
 
   interface KeyProcessor {
     void processReadyKey(SelectionKey key);
@@ -43,7 +61,7 @@ interface KeyProcessor {
 
   static Selector selector() throws IOException {
     if (selector == null) {
-      synchronized (NioClient.class) {
+      synchronized (NIO_CLIENT_LOCK) {
         if (selector == null) {
           selector = Selector.open();
           log.debug("Starting dnsjava NIO selector thread");
@@ -54,7 +72,9 @@ static Selector selector() throws IOException {
           selectorThread.start();
           closeThread = new Thread(() -> close(true));
           closeThread.setName("dnsjava NIO shutdown hook");
-          Runtime.getRuntime().addShutdownHook(closeThread);
+          if (Boolean.parseBoolean(System.getProperty(REGISTER_SHUTDOWN_HOOK_PROPERTY, "true"))) {
+            Runtime.getRuntime().addShutdownHook(closeThread);
+          }
         }
       }
     }
@@ -62,59 +82,69 @@ static Selector selector() throws IOException {
     return selector;
   }
 
-  /** Shutdown the network I/O used by the {@link SimpleResolver}. */
+  /**
+   * Shutdown the network I/O used by the {@link SimpleResolver}.
+   *
+   * @implNote Does not wait until the selector thread has stopped. But users may immediately start
+   *     using the {@link NioClient} again.
+   * @since 3.4.0
+   */
   public static void close() {
     close(false);
   }
 
   private static void close(boolean fromHook) {
     run = false;
+    Selector localSelector = selector;
+    if (localSelector != null) {
+      selector.wakeup();
+    }
 
     if (!fromHook) {
-      try {
-        Runtime.getRuntime().removeShutdownHook(closeThread);
-      } catch (Exception ex) {
-        log.warn("Failed to remove shutdown hoook, ignoring and continuing close");
+      synchronized (NIO_CLIENT_LOCK) {
+        if (closeThread != null) {
+          try {
+            Runtime.getRuntime().removeShutdownHook(closeThread);
+          } catch (Exception ex) {
+            log.warn("Failed to remove shutdown hook, ignoring and continuing close", ex);
+          }
+        }
       }
     }
 
-    for (Runnable closeTask : closeTasks) {
+    if (localSelector == null) {
+      // Prevent hanging when close() was called without starting
+      return;
+    }
+
+    synchronized (NIO_CLIENT_LOCK) {
       try {
-        closeTask.run();
-      } catch (Exception e) {
-        log.warn("Failed to execute a shutdown task, ignoring and continuing close", e);
+        while (!closeDone) {
+          NIO_CLIENT_LOCK.wait();
+        }
+      } catch (InterruptedException e) {
+        Thread.currentThread().interrupt();
+      } finally {
+        closeDone = false;
       }
     }
+  }
 
-    selector.wakeup();
-
-    try {
-      selector.close();
-    } catch (IOException e) {
-      log.warn("Failed to properly close selector, ignoring and continuing close", e);
-    }
+  static void runSelector() {
+    int timeout = Integer.getInteger(SELECTOR_TIMEOUT_PROPERTY, 1000);
 
-    try {
-      selectorThread.join();
-    } catch (InterruptedException e) {
-      Thread.currentThread().interrupt();
-    } finally {
-      synchronized (NioClient.class) {
-        selector = null;
-        selectorThread = null;
-        closeThread = null;
-      }
+    if (timeout <= 0 || timeout > 1000) {
+      throw new IllegalArgumentException("Invalid selector_timeout, must be between 1 and 1000");
     }
-  }
 
-  private static void runSelector() {
     while (run) {
       try {
-        if (selector.select(1000) == 0) {
-          timeoutTasks.forEach(Runnable::run);
+        if (selector.select(timeout) == 0) {
+          runTasks(TIMEOUT_TASKS);
         }
 
         if (run) {
+          runRegistrationTasks();
           processReadyKeys();
         }
       } catch (IOException e) {
@@ -123,15 +153,89 @@ private static void runSelector() {
         // ignore
       }
     }
+
+    runClose();
     log.debug("dnsjava NIO selector thread stopped");
   }
 
-  static void addSelectorTimeoutTask(Runnable r) {
-    timeoutTasks.add(r);
+  private static void runClose() {
+    try {
+      runTasks(CLOSE_TASKS);
+    } catch (Exception e) {
+      log.warn("Failed to execute shutdown task, ignoring and continuing close", e);
+    }
+
+    Selector localSelector = selector;
+    Thread localSelectorThread = selectorThread;
+    synchronized (NIO_CLIENT_LOCK) {
+      selector = null;
+      selectorThread = null;
+      closeThread = null;
+      closeDone = true;
+      NIO_CLIENT_LOCK.notifyAll();
+    }
+
+    if (localSelector != null) {
+      try {
+        localSelector.close();
+      } catch (IOException e) {
+        log.warn("Failed to properly close selector, ignoring and continuing close", e);
+      }
+    }
+
+    if (localSelectorThread != null) {
+      try {
+        localSelectorThread.join();
+      } catch (InterruptedException e) {
+        Thread.currentThread().interrupt();
+      }
+    }
   }
 
-  static void addCloseTask(Runnable r) {
-    closeTasks.add(r);
+  static void setTimeoutTask(Runnable r, boolean isTcpClient) {
+    addTask(TIMEOUT_TASKS, r, isTcpClient);
+  }
+
+  static void setRegistrationsTask(Consumer<Selector> r, boolean isTcpClient) {
+    if (isTcpClient) {
+      TCP_REGISTRATIONS_TASK = r;
+    } else {
+      UDP_REGISTRATIONS_TASK = r;
+    }
+  }
+
+  static void setCloseTask(Runnable r, boolean isTcpClient) {
+    addTask(CLOSE_TASKS, r, isTcpClient);
+  }
+
+  private static void addTask(Runnable[] tasks, Runnable r, boolean isTcpClient) {
+    if (isTcpClient) {
+      tasks[0] = r;
+    } else {
+      tasks[1] = r;
+    }
+  }
+
+  private static void runTasks(Runnable[] runnables) {
+    Runnable r0 = runnables[0];
+    if (r0 != null) {
+      r0.run();
+    }
+    Runnable r1 = runnables[1];
+    if (r1 != null) {
+      r1.run();
+    }
+  }
+
+  private static void runRegistrationTasks() {
+    Consumer<Selector> tcpTask = TCP_REGISTRATIONS_TASK;
+    if (tcpTask != null) {
+      tcpTask.accept(selector);
+    }
+    Consumer<Selector> udpTask = UDP_REGISTRATIONS_TASK;
+    if (udpTask != null) {
+      udpTask.accept(selector);
+    }
   }
 
   private static void processReadyKeys() {
@@ -144,6 +248,17 @@ private static void processReadyKeys() {
     }
   }
 
+  static void verboseLog(
+      String prefix, SocketAddress local, SocketAddress remote, ByteBuffer data) {
+    if (log.isTraceEnabled() || packetLogger != null) {
+      byte[] dst = new byte[data.remaining()];
+      int pos = data.position();
+      data.get(dst, 0, data.remaining());
+      data.position(pos);
+      verboseLog(prefix, local, remote, dst);
+    }
+  }
+
   static void verboseLog(String prefix, SocketAddress local, SocketAddress remote, byte[] data) {
     if (log.isTraceEnabled()) {
       log.trace(hexdump.dump(prefix, data));
diff --git a/src/main/java/org/xbill/DNS/NioTcpClient.java b/src/main/java/org/xbill/DNS/NioTcpClient.java
index 4fc3d3ed6..200a53316 100644
--- a/src/main/java/org/xbill/DNS/NioTcpClient.java
+++ b/src/main/java/org/xbill/DNS/NioTcpClient.java
@@ -18,26 +18,28 @@
 import java.util.concurrent.ConcurrentLinkedQueue;
 import lombok.EqualsAndHashCode;
 import lombok.RequiredArgsConstructor;
-import lombok.experimental.UtilityClass;
 import lombok.extern.slf4j.Slf4j;
+import org.xbill.DNS.io.TcpIoClient;
 
 @Slf4j
-@UtilityClass
-final class NioTcpClient extends NioClient {
-  private static final Queue<ChannelState> registrationQueue = new ConcurrentLinkedQueue<>();
-  private static final Map<ChannelKey, ChannelState> channelMap = new ConcurrentHashMap<>();
-
-  static {
-    addSelectorTimeoutTask(NioTcpClient::processPendingRegistrations);
-    addSelectorTimeoutTask(NioTcpClient::checkTransactionTimeouts);
-    addCloseTask(NioTcpClient::closeTcp);
+final class NioTcpClient extends NioClient implements TcpIoClient {
+  private final Queue<ChannelState> registrationQueue = new ConcurrentLinkedQueue<>();
+  private final Map<ChannelKey, ChannelState> channelMap = new ConcurrentHashMap<>();
+
+  NioTcpClient() {
+    setRegistrationsTask(this::processPendingRegistrations, true);
+    setTimeoutTask(this::checkTransactionTimeouts, true);
+    setCloseTask(this::closeTcp, true);
   }
 
-  private static void processPendingRegistrations() {
+  private void processPendingRegistrations(Selector selector) {
     while (!registrationQueue.isEmpty()) {
-      ChannelState state = registrationQueue.remove();
+      ChannelState state = registrationQueue.poll();
+      if (state == null) {
+        continue;
+      }
+
       try {
-        final Selector selector = selector();
         if (!state.channel.isConnected()) {
           state.channel.register(selector, SelectionKey.OP_CONNECT, state);
         } else {
@@ -49,7 +51,7 @@ private static void processPendingRegistrations() {
     }
   }
 
-  private static void checkTransactionTimeouts() {
+  private void checkTransactionTimeouts() {
     for (ChannelState state : channelMap.values()) {
       for (Iterator<Transaction> it = state.pendingTransactions.iterator(); it.hasNext(); ) {
         Transaction t = it.next();
@@ -61,10 +63,14 @@ private static void checkTransactionTimeouts() {
     }
   }
 
-  private static void closeTcp() {
+  private void closeTcp() {
     registrationQueue.clear();
     EOFException closing = new EOFException("Client is closing");
-    channelMap.forEach((key, state) -> state.handleTransactionException(closing));
+    channelMap.forEach(
+        (key, state) -> {
+          state.handleTransactionException(closing);
+          state.handleChannelException(closing);
+        });
     channelMap.clear();
   }
 
@@ -75,45 +81,65 @@ private static class Transaction {
     private final long endTime;
     private final SocketChannel channel;
     private final CompletableFuture<byte[]> f;
-    private boolean sendDone;
+    private ByteBuffer queryDataBuffer;
+    long bytesWrittenTotal = 0;
 
-    void send() throws IOException {
-      if (sendDone) {
-        return;
+    boolean send() throws IOException {
+      // send can be invoked multiple times if the entire buffer couldn't be written at once
+      if (bytesWrittenTotal == queryData.length + 2) {
+        return true;
+      }
+
+      if (queryDataBuffer == null) {
+        // combine length+message to avoid multiple TCP packets
+        // https://datatracker.ietf.org/doc/html/rfc7766#section-8
+        queryDataBuffer = ByteBuffer.allocate(queryData.length + 2);
+        queryDataBuffer.put((byte) (queryData.length >>> 8));
+        queryDataBuffer.put((byte) (queryData.length & 0xFF));
+        queryDataBuffer.put(queryData);
+        queryDataBuffer.flip();
       }
 
       verboseLog(
-          "TCP write",
+          "TCP write: transaction id=" + query.getHeader().getID(),
           channel.socket().getLocalSocketAddress(),
           channel.socket().getRemoteSocketAddress(),
-          queryData);
-
-      // combine length+message to avoid multiple TCP packets
-      // https://tools.ietf.org/html/rfc7766#section-8
-      ByteBuffer buffer = ByteBuffer.allocate(queryData.length + 2);
-      buffer.put((byte) (queryData.length >>> 8));
-      buffer.put((byte) (queryData.length & 0xFF));
-      buffer.put(queryData);
-      buffer.flip();
-      while (buffer.hasRemaining()) {
-        long n = channel.write(buffer);
-        if (n < 0) {
-          throw new EOFException();
+          queryDataBuffer);
+
+      while (queryDataBuffer.hasRemaining()) {
+        long bytesWritten = channel.write(queryDataBuffer);
+        bytesWrittenTotal += bytesWritten;
+        if (bytesWritten == 0) {
+          log.debug(
+              "Insufficient room for the data in the underlying output buffer for transaction {}, retrying",
+              query.getHeader().getID());
+          return false;
+        } else if (bytesWrittenTotal < queryData.length) {
+          log.debug(
+              "Wrote {} of {} bytes data for transaction {}",
+              bytesWrittenTotal,
+              queryData.length,
+              query.getHeader().getID());
         }
       }
 
-      sendDone = true;
+      log.debug(
+          "Send for transaction {} is complete, wrote {} bytes",
+          query.getHeader().getID(),
+          bytesWrittenTotal);
+      return true;
     }
   }
 
   @RequiredArgsConstructor
-  private static class ChannelState implements KeyProcessor {
-    final SocketChannel channel;
+  private class ChannelState implements KeyProcessor {
+    private final SocketChannel channel;
     final Queue<Transaction> pendingTransactions = new ConcurrentLinkedQueue<>();
     ByteBuffer responseLengthData = ByteBuffer.allocate(2);
     ByteBuffer responseData = ByteBuffer.allocate(Message.MAXLENGTH);
     int readState = 0;
 
+    @Override
     public void processReadyKey(SelectionKey key) {
       if (key.isValid()) {
         if (key.isConnectable()) {
@@ -145,7 +171,11 @@ private void handleChannelException(IOException e) {
           try {
             channel.close();
           } catch (IOException ex) {
-            log.error("failed to close channel", ex);
+            log.warn(
+                "Failed to close channel l={}/r={}",
+                entry.getKey().local,
+                entry.getKey().remote,
+                ex);
           }
           return;
         }
@@ -196,15 +226,26 @@ private void processRead() {
       byte[] data = new byte[responseData.limit()];
       System.arraycopy(
           responseData.array(), responseData.arrayOffset(), data, 0, responseData.limit());
+
+      // The message was shorter than the minimum length to find the transaction, abort
+      if (data.length < 2) {
+        verboseLog(
+            "TCP read: response too short for a valid reply, discarding",
+            channel.socket().getLocalSocketAddress(),
+            channel.socket().getRemoteSocketAddress(),
+            data);
+        return;
+      }
+
+      int id = ((data[0] & 0xFF) << 8) + (data[1] & 0xFF);
       verboseLog(
-          "TCP read",
+          "TCP read: transaction id=" + id,
           channel.socket().getLocalSocketAddress(),
           channel.socket().getRemoteSocketAddress(),
           data);
 
       for (Iterator<Transaction> it = pendingTransactions.iterator(); it.hasNext(); ) {
         Transaction t = it.next();
-        int id = ((data[0] & 0xFF) << 8) + (data[1] & 0xFF);
         int qid = t.query.getHeader().getID();
         if (id == qid) {
           t.f.complete(data);
@@ -212,13 +253,20 @@ private void processRead() {
           return;
         }
       }
+
+      log.warn("Transaction for answer to id {} not found", id);
     }
 
     private void processWrite(SelectionKey key) {
       for (Iterator<Transaction> it = pendingTransactions.iterator(); it.hasNext(); ) {
         Transaction t = it.next();
         try {
-          t.send();
+          if (!t.send()) {
+            // Write was incomplete because the output buffer was full. Wait until the selector
+            // tells us that we can write again
+            key.interestOps(SelectionKey.OP_WRITE);
+            return;
+          }
         } catch (IOException e) {
           t.f.completeExceptionally(e);
           it.remove();
@@ -236,7 +284,8 @@ private static class ChannelKey {
     final InetSocketAddress remote;
   }
 
-  static CompletableFuture<byte[]> sendrecv(
+  @Override
+  public CompletableFuture<byte[]> sendAndReceiveTcp(
       InetSocketAddress local,
       InetSocketAddress remote,
       Message query,
@@ -250,9 +299,10 @@ static CompletableFuture<byte[]> sendrecv(
           channelMap.computeIfAbsent(
               new ChannelKey(local, remote),
               key -> {
+                log.debug("Opening async channel for l={}/r={}", local, remote);
+                SocketChannel c = null;
                 try {
-                  log.trace("Opening async channel for l={}/r={}", local, remote);
-                  SocketChannel c = SocketChannel.open();
+                  c = SocketChannel.open();
                   c.configureBlocking(false);
                   if (local != null) {
                     c.bind(local);
@@ -261,13 +311,21 @@ static CompletableFuture<byte[]> sendrecv(
                   c.connect(remote);
                   return new ChannelState(c);
                 } catch (IOException e) {
+                  if (c != null) {
+                    try {
+                      c.close();
+                    } catch (IOException ee) {
+                      // ignore
+                    }
+                  }
                   f.completeExceptionally(e);
                   return null;
                 }
               });
       if (channel != null) {
         log.trace(
-            "Creating transaction for {}/{}",
+            "Creating transaction for id {} ({}/{})",
+            query.getHeader().getID(),
             query.getQuestion().getName(),
             Type.string(query.getQuestion().getType()));
         Transaction t = new Transaction(query, data, endTime, channel.channel, f);
diff --git a/src/main/java/org/xbill/DNS/NioUdpClient.java b/src/main/java/org/xbill/DNS/NioUdpClient.java
index 926952454..e2ccfef25 100644
--- a/src/main/java/org/xbill/DNS/NioUdpClient.java
+++ b/src/main/java/org/xbill/DNS/NioUdpClient.java
@@ -17,21 +17,20 @@
 import java.util.concurrent.CompletableFuture;
 import java.util.concurrent.ConcurrentLinkedQueue;
 import lombok.RequiredArgsConstructor;
-import lombok.experimental.UtilityClass;
 import lombok.extern.slf4j.Slf4j;
+import org.xbill.DNS.io.UdpIoClient;
 
 @Slf4j
-@UtilityClass
-final class NioUdpClient extends NioClient {
-  private static final int EPHEMERAL_START;
-  private static final int EPHEMERAL_RANGE;
+final class NioUdpClient extends NioClient implements UdpIoClient {
+  private final int ephemeralStart;
+  private final int ephemeralRange;
 
-  private static final SecureRandom prng;
-  private static final Queue<Transaction> registrationQueue = new ConcurrentLinkedQueue<>();
-  private static final Queue<Transaction> pendingTransactions = new ConcurrentLinkedQueue<>();
+  private final SecureRandom prng;
+  private final Queue<Transaction> registrationQueue = new ConcurrentLinkedQueue<>();
+  private final Queue<Transaction> pendingTransactions = new ConcurrentLinkedQueue<>();
 
-  static {
-    // https://tools.ietf.org/html/rfc6335#section-6
+  NioUdpClient() {
+    // https://datatracker.ietf.org/doc/html/rfc6335#section-6
     int ephemeralStartDefault = 49152;
     int ephemeralEndDefault = 65535;
 
@@ -41,45 +40,50 @@ final class NioUdpClient extends NioClient {
       ephemeralEndDefault = 60999;
     }
 
-    EPHEMERAL_START = Integer.getInteger("dnsjava.udp.ephemeral.start", ephemeralStartDefault);
+    ephemeralStart = Integer.getInteger("dnsjava.udp.ephemeral.start", ephemeralStartDefault);
     int ephemeralEnd = Integer.getInteger("dnsjava.udp.ephemeral.end", ephemeralEndDefault);
-    EPHEMERAL_RANGE = ephemeralEnd - EPHEMERAL_START;
+    ephemeralRange = ephemeralEnd - ephemeralStart;
 
     if (Boolean.getBoolean("dnsjava.udp.ephemeral.use_ephemeral_port")) {
       prng = null;
     } else {
       prng = new SecureRandom();
     }
-    addSelectorTimeoutTask(NioUdpClient::processPendingRegistrations);
-    addSelectorTimeoutTask(NioUdpClient::checkTransactionTimeouts);
-    addCloseTask(NioUdpClient::closeUdp);
+    setRegistrationsTask(this::processPendingRegistrations, false);
+    setTimeoutTask(this::checkTransactionTimeouts, false);
+    setCloseTask(this::closeUdp, false);
   }
 
-  private static void processPendingRegistrations() {
+  private void processPendingRegistrations(Selector selector) {
     while (!registrationQueue.isEmpty()) {
-      Transaction t = registrationQueue.remove();
+      Transaction t = registrationQueue.poll();
+      if (t == null) {
+        continue;
+      }
+
       try {
-        t.channel.register(selector(), SelectionKey.OP_READ, t);
+        log.trace("Registering OP_READ for transaction with id {}", t.id);
+        t.channel.register(selector, SelectionKey.OP_READ, t);
         t.send();
       } catch (IOException e) {
-        t.f.completeExceptionally(e);
+        t.completeExceptionally(e);
       }
     }
   }
 
-  private static void checkTransactionTimeouts() {
+  private void checkTransactionTimeouts() {
     for (Iterator<Transaction> it = pendingTransactions.iterator(); it.hasNext(); ) {
       Transaction t = it.next();
       if (t.endTime - System.nanoTime() < 0) {
-        t.silentCloseChannel();
-        t.f.completeExceptionally(new SocketTimeoutException("Query timed out"));
+        t.completeExceptionally(new SocketTimeoutException("Query timed out"));
         it.remove();
       }
     }
   }
 
   @RequiredArgsConstructor
-  private static class Transaction implements KeyProcessor {
+  private class Transaction implements KeyProcessor {
+    private final int id;
     private final byte[] data;
     private final int max;
     private final long endTime;
@@ -89,74 +93,88 @@ private static class Transaction implements KeyProcessor {
     void send() throws IOException {
       ByteBuffer buffer = ByteBuffer.wrap(data);
       verboseLog(
-          "UDP write",
+          "UDP write: transaction id=" + id,
           channel.socket().getLocalSocketAddress(),
           channel.socket().getRemoteSocketAddress(),
           data);
       int n = channel.send(buffer, channel.socket().getRemoteSocketAddress());
-      if (n <= 0) {
-        throw new EOFException();
+      if (n == 0) {
+        throw new EOFException(
+            "Insufficient room for the datagram in the underlying output buffer for transaction "
+                + id);
+      } else if (n < data.length) {
+        throw new EOFException("Could not send all data for transaction " + id);
       }
     }
 
+    @Override
     public void processReadyKey(SelectionKey key) {
       if (!key.isReadable()) {
-        silentCloseChannel();
-        f.completeExceptionally(new EOFException("channel not readable"));
+        completeExceptionally(new EOFException("Key for transaction " + id + " is not readable"));
         pendingTransactions.remove(this);
         return;
       }
 
-      DatagramChannel channel = (DatagramChannel) key.channel();
+      DatagramChannel keyChannel = (DatagramChannel) key.channel();
       ByteBuffer buffer = ByteBuffer.allocate(max);
       int read;
       try {
-        read = channel.read(buffer);
+        read = keyChannel.read(buffer);
         if (read <= 0) {
           throw new EOFException();
         }
       } catch (IOException e) {
-        silentCloseChannel();
-        f.completeExceptionally(e);
+        completeExceptionally(e);
         pendingTransactions.remove(this);
         return;
       }
 
       buffer.flip();
-      byte[] data = new byte[read];
-      System.arraycopy(buffer.array(), 0, data, 0, read);
+      byte[] resultingData = new byte[read];
+      System.arraycopy(buffer.array(), 0, resultingData, 0, read);
       verboseLog(
-          "UDP read",
-          channel.socket().getLocalSocketAddress(),
-          channel.socket().getRemoteSocketAddress(),
-          data);
-      silentCloseChannel();
-      f.complete(data);
+          "UDP read: transaction id=" + id,
+          keyChannel.socket().getLocalSocketAddress(),
+          keyChannel.socket().getRemoteSocketAddress(),
+          resultingData);
+      silentDisconnectAndCloseChannel();
+      f.complete(resultingData);
       pendingTransactions.remove(this);
     }
 
-    private void silentCloseChannel() {
+    private void completeExceptionally(Exception e) {
+      silentDisconnectAndCloseChannel();
+      f.completeExceptionally(e);
+    }
+
+    private void silentDisconnectAndCloseChannel() {
       try {
         channel.disconnect();
       } catch (IOException e) {
         // ignore, we either already have everything we need or can't do anything
       } finally {
-        try {
-          channel.close();
-        } catch (IOException e) {
-          // ignore
-        }
+        NioUdpClient.silentCloseChannel(channel);
       }
     }
   }
 
-  static CompletableFuture<byte[]> sendrecv(
-      InetSocketAddress local, InetSocketAddress remote, byte[] data, int max, Duration timeout) {
+  @Override
+  public CompletableFuture<byte[]> sendAndReceiveUdp(
+      InetSocketAddress local,
+      InetSocketAddress remote,
+      Message query,
+      byte[] data,
+      int max,
+      Duration timeout) {
+    long endTime = System.nanoTime() + timeout.toNanos();
     CompletableFuture<byte[]> f = new CompletableFuture<>();
+    DatagramChannel channel = null;
     try {
       final Selector selector = selector();
-      DatagramChannel channel = DatagramChannel.open();
+      channel = DatagramChannel.open();
       channel.configureBlocking(false);
+
+      Transaction t = new Transaction(query.getHeader().getID(), data, max, endTime, channel, f);
       if (local == null || local.getPort() == 0) {
         boolean bound = false;
         for (int i = 0; i < 1024; i++) {
@@ -164,12 +182,12 @@ static CompletableFuture<byte[]> sendrecv(
             InetSocketAddress addr = null;
             if (local == null) {
               if (prng != null) {
-                addr = new InetSocketAddress(prng.nextInt(EPHEMERAL_RANGE) + EPHEMERAL_START);
+                addr = new InetSocketAddress(prng.nextInt(ephemeralRange) + ephemeralStart);
               }
             } else {
               int port = local.getPort();
               if (port == 0 && prng != null) {
-                port = prng.nextInt(EPHEMERAL_RANGE) + EPHEMERAL_START;
+                port = prng.nextInt(ephemeralRange) + ephemeralStart;
               }
 
               addr = new InetSocketAddress(local.getAddress(), port);
@@ -184,29 +202,41 @@ static CompletableFuture<byte[]> sendrecv(
         }
 
         if (!bound) {
-          channel.close();
-          f.completeExceptionally(new IOException("No available source port found"));
+          t.completeExceptionally(new IOException("No available source port found"));
           return f;
         }
       }
 
       channel.connect(remote);
-      long endTime = System.nanoTime() + timeout.toNanos();
-      Transaction t = new Transaction(data, max, endTime, channel, f);
       pendingTransactions.add(t);
       registrationQueue.add(t);
       selector.wakeup();
     } catch (IOException e) {
+      silentCloseChannel(channel);
       f.completeExceptionally(e);
+    } catch (Throwable e) {
+      // Make sure to close the channel, no matter what, but only handle the declared IOException
+      silentCloseChannel(channel);
+      throw e;
     }
 
     return f;
   }
 
-  private static void closeUdp() {
+  private static void silentCloseChannel(DatagramChannel channel) {
+    if (channel != null) {
+      try {
+        channel.close();
+      } catch (IOException ioe) {
+        // ignore
+      }
+    }
+  }
+
+  private void closeUdp() {
     registrationQueue.clear();
     EOFException closing = new EOFException("Client is closing");
-    pendingTransactions.forEach(t -> t.f.completeExceptionally(closing));
+    pendingTransactions.forEach(t -> t.completeExceptionally(closing));
     pendingTransactions.clear();
   }
 }
diff --git a/src/main/java/org/xbill/DNS/OPENPGPKEYRecord.java b/src/main/java/org/xbill/DNS/OPENPGPKEYRecord.java
index 1801b8abd..ab43bfe61 100644
--- a/src/main/java/org/xbill/DNS/OPENPGPKEYRecord.java
+++ b/src/main/java/org/xbill/DNS/OPENPGPKEYRecord.java
@@ -9,8 +9,8 @@
  *
  * @author Brian Wellington
  * @author Valentin Hauner
- * @see <a href="https://tools.ietf.org/html/rfc7929">RFC 7929: DNS-Based Authentication of Named
- *     Entities (DANE) Bindings for OpenPGP</a>
+ * @see <a href="https://datatracker.ietf.org/doc/html/rfc7929">RFC 7929: DNS-Based Authentication
+ *     of Named Entities (DANE) Bindings for OpenPGP</a>
  */
 public class OPENPGPKEYRecord extends Record {
   private byte[] cert;
@@ -42,7 +42,7 @@ protected void rdataFromString(Tokenizer st, Name origin) throws IOException {
   protected String rrToString() {
     StringBuilder sb = new StringBuilder();
     if (cert != null) {
-      if (Options.check("multiline")) {
+      if (Options.multiline()) {
         sb.append("(\n");
         sb.append(base64.formatString(cert, 64, "\t", true));
       } else {
diff --git a/src/main/java/org/xbill/DNS/OPTRecord.java b/src/main/java/org/xbill/DNS/OPTRecord.java
index f026113d9..a8d7cae86 100644
--- a/src/main/java/org/xbill/DNS/OPTRecord.java
+++ b/src/main/java/org/xbill/DNS/OPTRecord.java
@@ -18,7 +18,8 @@
  *
  * @see Message
  * @see Resolver
- * @see <a href="https://tools.ietf.org/html/rfc6891">RFC 6891: Extension Mechanisms for DNS</a>
+ * @see <a href="https://datatracker.ietf.org/doc/html/rfc6891">RFC 6891: Extension Mechanisms for
+ *     DNS</a>
  * @author Brian Wellington
  */
 public class OPTRecord extends Record {
diff --git a/src/main/java/org/xbill/DNS/Opcode.java b/src/main/java/org/xbill/DNS/Opcode.java
index 2445736b9..55414b1ff 100644
--- a/src/main/java/org/xbill/DNS/Opcode.java
+++ b/src/main/java/org/xbill/DNS/Opcode.java
@@ -20,12 +20,17 @@ public final class Opcode {
   public static final int STATUS = 2;
 
   /** A message from a primary to a secondary server to initiate a zone transfer */
+  @SuppressWarnings("java:S1845")
   public static final int NOTIFY = 4;
 
   /** A dynamic update message */
   public static final int UPDATE = 5;
 
-  /** DNS Stateful Operations (DSO, RFC8490) */
+  /**
+   * DNS Stateful Operations (DSO).
+   *
+   * @see <a href="https://datatracker.ietf.org/doc/html/rfc8490">RFC 8490</a>
+   */
   public static final int DSO = 6;
 
   private static final Mnemonic opcodes = new Mnemonic("DNS Opcode", Mnemonic.CASE_UPPER);
diff --git a/src/main/java/org/xbill/DNS/Options.java b/src/main/java/org/xbill/DNS/Options.java
index 7204b138a..4459a6320 100644
--- a/src/main/java/org/xbill/DNS/Options.java
+++ b/src/main/java/org/xbill/DNS/Options.java
@@ -35,6 +35,7 @@ public final class Options {
     try {
       refresh();
     } catch (SecurityException e) {
+      // Ignore
     }
   }
 
@@ -63,7 +64,7 @@ public static void clear() {
     table = null;
   }
 
-  /** Sets an option to "true" */
+  /** Sets an option to {@code true}. */
   public static void set(String option) {
     if (table == null) {
       table = new HashMap<>();
@@ -71,7 +72,7 @@ public static void set(String option) {
     table.put(option.toLowerCase(), "true");
   }
 
-  /** Sets an option to the the supplied value */
+  /** Sets an option to the supplied value */
   public static void set(String option, String value) {
     if (table == null) {
       table = new HashMap<>();
@@ -113,8 +114,17 @@ public static int intValue(String option) {
           return val;
         }
       } catch (NumberFormatException e) {
+        // Ignore
       }
     }
     return -1;
   }
+
+  static boolean multiline() {
+    if (table == null) {
+      return false;
+    }
+
+    return table.get("multiline") != null;
+  }
 }
diff --git a/src/main/java/org/xbill/DNS/PTRRecord.java b/src/main/java/org/xbill/DNS/PTRRecord.java
index 2ecaffec3..68c139deb 100644
--- a/src/main/java/org/xbill/DNS/PTRRecord.java
+++ b/src/main/java/org/xbill/DNS/PTRRecord.java
@@ -7,8 +7,8 @@
  * Pointer Record - maps a domain name representing an Internet Address to a hostname.
  *
  * @author Brian Wellington
- * @see <a href="https://tools.ietf.org/html/rfc1035">RFC 1035: Domain Names - Implementation and
- *     Specification</a>
+ * @see <a href="https://datatracker.ietf.org/doc/html/rfc1035">RFC 1035: Domain Names -
+ *     Implementation and Specification</a>
  */
 public class PTRRecord extends SingleCompressedNameBase {
   PTRRecord() {}
diff --git a/src/main/java/org/xbill/DNS/PXRecord.java b/src/main/java/org/xbill/DNS/PXRecord.java
index c81db6003..135de5dff 100644
--- a/src/main/java/org/xbill/DNS/PXRecord.java
+++ b/src/main/java/org/xbill/DNS/PXRecord.java
@@ -9,8 +9,8 @@
  * X.400 mail mapping record.
  *
  * @author Brian Wellington
- * @see <a href="https://tools.ietf.org/html/rfc2163">RFC 2163: Using the Internet DNS to Distribute
- *     MIXER Conformant Global Address Mapping (MCGAM)</a>
+ * @see <a href="https://datatracker.ietf.org/doc/html/rfc2163">RFC 2163: Using the Internet DNS to
+ *     Distribute MIXER Conformant Global Address Mapping (MCGAM)</a>
  */
 public class PXRecord extends Record {
   private int preference;
diff --git a/src/main/java/org/xbill/DNS/RPRecord.java b/src/main/java/org/xbill/DNS/RPRecord.java
index 461306b3c..93c7eb5ec 100644
--- a/src/main/java/org/xbill/DNS/RPRecord.java
+++ b/src/main/java/org/xbill/DNS/RPRecord.java
@@ -11,7 +11,7 @@
  *
  * @author Tom Scola (tscola@research.att.com)
  * @author Brian Wellington
- * @see <a href="https://tools.ietf.org/html/rfc1183">RFC 1183: New DNS RR Definitions</a>
+ * @see <a href="https://datatracker.ietf.org/doc/html/rfc1183">RFC 1183: New DNS RR Definitions</a>
  */
 public class RPRecord extends Record {
   private Name mailbox;
diff --git a/src/main/java/org/xbill/DNS/RRSIGRecord.java b/src/main/java/org/xbill/DNS/RRSIGRecord.java
index 701973ca3..a7fef0c89 100644
--- a/src/main/java/org/xbill/DNS/RRSIGRecord.java
+++ b/src/main/java/org/xbill/DNS/RRSIGRecord.java
@@ -14,8 +14,8 @@
  * @see RRset
  * @see DNSSEC
  * @see KEYRecord
- * @see <a href="https://tools.ietf.org/html/rfc4034">RFC 4034: Resource Records for the DNS
- *     Security Extensions</a>
+ * @see <a href="https://datatracker.ietf.org/doc/html/rfc4034">RFC 4034: Resource Records for the
+ *     DNS Security Extensions</a>
  * @author Brian Wellington
  */
 public class RRSIGRecord extends SIGBase {
diff --git a/src/main/java/org/xbill/DNS/RRset.java b/src/main/java/org/xbill/DNS/RRset.java
index b0dc86c65..afeef6190 100644
--- a/src/main/java/org/xbill/DNS/RRset.java
+++ b/src/main/java/org/xbill/DNS/RRset.java
@@ -20,7 +20,7 @@
  * @author Brian Wellington
  */
 @EqualsAndHashCode(of = {"rrs", "sigs"})
-public class RRset implements Serializable {
+public class RRset implements Serializable, Iterable<Record> {
   private final ArrayList<Record> rrs;
   private final ArrayList<RRSIGRecord> sigs;
   private short position;
@@ -33,9 +33,9 @@ public RRset() {
   }
 
   /** Creates an RRset and sets its contents to the specified record */
-  public RRset(Record record) {
+  public RRset(Record r) {
     this();
-    addRR(record);
+    addRR(r);
   }
 
   /**
@@ -51,6 +51,20 @@ public RRset(Record... records) {
     }
   }
 
+  /**
+   * Creates an RRset and sets its contents to the specified record(s)
+   *
+   * @param records The records to add to the set. See {@link #addRR(Record)} for restrictions.
+   * @since 3.6
+   */
+  public RRset(Iterable<Record> records) {
+    this();
+    Objects.requireNonNull(records);
+    for (Record r : records) {
+      addRR(r);
+    }
+  }
+
   /** Creates an RRset with the contents of an existing RRset */
   public RRset(RRset rrset) {
     rrs = new ArrayList<>(rrset.rrs);
@@ -191,11 +205,30 @@ public List<RRSIGRecord> sigs() {
     return Collections.unmodifiableList(sigs);
   }
 
-  /** Returns the number of (data) records */
+  /** Returns the number of data records. */
   public int size() {
     return rrs.size();
   }
 
+  /**
+   * Returns the number of signature records.
+   *
+   * @since 3.6
+   */
+  public int sigSize() {
+    return sigs.size();
+  }
+
+  /**
+   * Returns {@code true} if this RRset is empty, i.e. if there are neither data nor signature
+   * records.
+   *
+   * @since 3.6
+   */
+  public boolean isEmpty() {
+    return rrs.isEmpty() && sigs.isEmpty();
+  }
+
   /**
    * Returns the name of the records
    *
@@ -206,7 +239,8 @@ public Name getName() {
   }
 
   /**
-   * Returns the type of the records
+   * Returns the type of the records. If this set contains only signatures, it returns the covered
+   * type.
    *
    * @see Type
    */
@@ -214,6 +248,16 @@ public int getType() {
     return first().getRRsetType();
   }
 
+  /**
+   * Returns the actual type of the records, i.e. for signatures not the type covered but {@link
+   * Type#RRSIG}.
+   *
+   * @see Type
+   */
+  int getActualType() {
+    return first().getType();
+  }
+
   /**
    * Returns the class of the records
    *
@@ -278,4 +322,15 @@ public String toString() {
     sb.append(" }");
     return sb.toString();
   }
+
+  /**
+   * Returns an {@link Iterator} over the resource records. This is a convenience method / interface
+   * implementation and equivalent to calling {@code rrs().iterator()}.
+   *
+   * @since 3.6
+   */
+  @Override
+  public Iterator<Record> iterator() {
+    return rrs().iterator();
+  }
 }
diff --git a/src/main/java/org/xbill/DNS/RTRecord.java b/src/main/java/org/xbill/DNS/RTRecord.java
index a66b69e19..143cfecc8 100644
--- a/src/main/java/org/xbill/DNS/RTRecord.java
+++ b/src/main/java/org/xbill/DNS/RTRecord.java
@@ -7,8 +7,8 @@
  * Route Through Record - lists a route preference and intermediate host.
  *
  * @author Brian Wellington
- * @see <a href="https://tools.ietf.org/html/rfc1035">RFC 1035: Domain Names - Implementation and
- *     Specification</a>
+ * @see <a href="https://datatracker.ietf.org/doc/html/rfc1035">RFC 1035: Domain Names -
+ *     Implementation and Specification</a>
  */
 public class RTRecord extends U16NameBase {
   RTRecord() {}
diff --git a/src/main/java/org/xbill/DNS/Rcode.java b/src/main/java/org/xbill/DNS/Rcode.java
index 6bd1e078e..9f4bec7d5 100644
--- a/src/main/java/org/xbill/DNS/Rcode.java
+++ b/src/main/java/org/xbill/DNS/Rcode.java
@@ -29,7 +29,7 @@ public final class Rcode {
   /**
    * Synonym for NOTIMP.
    *
-   * @deprecated use {{@link #NOTIMP}}
+   * @deprecated Use {@link #NOTIMP}.
    */
   @Deprecated public static final int NOTIMPL = 4;
 
diff --git a/src/main/java/org/xbill/DNS/Record.java b/src/main/java/org/xbill/DNS/Record.java
index 7f942a4d4..a830a25b5 100644
--- a/src/main/java/org/xbill/DNS/Record.java
+++ b/src/main/java/org/xbill/DNS/Record.java
@@ -5,9 +5,14 @@
 
 import java.io.ByteArrayOutputStream;
 import java.io.IOException;
+import java.io.InvalidObjectException;
+import java.io.ObjectInputStream;
+import java.io.ObjectStreamException;
+import java.io.Serializable;
 import java.text.DecimalFormat;
 import java.util.Arrays;
 import java.util.function.Supplier;
+import lombok.extern.slf4j.Slf4j;
 import org.xbill.DNS.utils.base16;
 
 /**
@@ -16,9 +21,11 @@
  *
  * @author Brian Wellington
  */
-public abstract class Record implements Cloneable, Comparable<Record> {
+@Slf4j
+public abstract class Record implements Cloneable, Comparable<Record>, Serializable {
   protected Name name;
-  protected int type, dclass;
+  protected int type;
+  protected int dclass;
   protected long ttl;
 
   private static final DecimalFormat byteFormat = new DecimalFormat();
@@ -27,9 +34,32 @@ public abstract class Record implements Cloneable, Comparable<Record> {
     byteFormat.setMinimumIntegerDigits(3);
   }
 
+  private static class RecordSerializationProxy implements Serializable {
+    private static final long serialVersionUID = 1434159920070152561L;
+    private final byte[] wireData;
+    private final boolean isEmpty;
+
+    RecordSerializationProxy(Record r) {
+      this.isEmpty = r instanceof EmptyRecord;
+      wireData = r.toWire(isEmpty ? Section.QUESTION : Section.ANSWER);
+    }
+
+    protected Object readResolve() throws ObjectStreamException {
+      try {
+        return Record.fromWire(wireData, isEmpty ? Section.QUESTION : Section.ANSWER);
+      } catch (IOException e) {
+        throw new InvalidObjectException(e.getMessage());
+      }
+    }
+  }
+
   protected Record() {}
 
-  /** @since 3.1 */
+  /**
+   * Initialize the basic fields of a record.
+   *
+   * @since 3.1
+   */
   protected Record(Name name, int type, int dclass, long ttl) {
     if (!name.isAbsolute()) {
       throw new RelativeNameException(name);
@@ -43,6 +73,15 @@ protected Record(Name name, int type, int dclass, long ttl) {
     this.ttl = ttl;
   }
 
+  Object writeReplace() {
+    log.trace("Creating proxy object for serialization");
+    return new RecordSerializationProxy(this);
+  }
+
+  private void readObject(ObjectInputStream ois) throws InvalidObjectException {
+    throw new InvalidObjectException("Use RecordSerializationProxy");
+  }
+
   private static Record getEmptyRecord(Name name, int type, int dclass, long ttl, boolean hasData) {
     Record rec;
     if (hasData) {
@@ -169,7 +208,8 @@ public static Record newRecord(Name name, int type, int dclass) {
   }
 
   static Record fromWire(DNSInput in, int section, boolean isUpdate) throws IOException {
-    int type, dclass;
+    int type;
+    int dclass;
     long ttl;
     int length;
     Name name;
@@ -303,7 +343,7 @@ public String toString() {
     }
     sb.append(Type.string(type));
     String rdata = rrToString();
-    if (!rdata.equals("")) {
+    if (!rdata.isEmpty()) {
       sb.append("\t");
       sb.append(rdata);
     }
@@ -404,12 +444,7 @@ protected static String byteArrayToString(byte[] array, boolean quote) {
 
   /** Converts a byte array into the unknown RR format. */
   protected static String unknownToString(byte[] data) {
-    StringBuilder sb = new StringBuilder();
-    sb.append("\\# ");
-    sb.append(data.length);
-    sb.append(" ");
-    sb.append(base16.toString(data));
-    return sb.toString();
+    return "\\# " + data.length + " " + base16.toString(data);
   }
 
   /**
@@ -436,7 +471,7 @@ public static Record fromString(
     TTL.check(ttl);
 
     Tokenizer.Token t = st.get();
-    if (t.type == Tokenizer.IDENTIFIER && t.value.equals("\\#")) {
+    if (t.type() == Tokenizer.IDENTIFIER && t.value().equals("\\#")) {
       int length = st.getUInt16();
       byte[] data = st.getHex();
       if (data == null) {
@@ -452,9 +487,8 @@ public static Record fromString(
     rec = getEmptyRecord(name, type, dclass, ttl, true);
     rec.rdataFromString(st, origin);
     t = st.get();
-    if (t.type != Tokenizer.EOL && t.type != Tokenizer.EOF) {
-      throw st.exception(
-          "unexpected tokens at end of record (wanted EOL/EOF, got " + t.toString() + ")");
+    if (t.type() != Tokenizer.EOL && t.type() != Tokenizer.EOF) {
+      throw st.exception("unexpected tokens at end of record (wanted EOL/EOF, got " + t + ")");
     }
     return rec;
   }
@@ -532,6 +566,18 @@ public boolean sameRRset(Record rec) {
     return getRRsetType() == rec.getRRsetType() && dclass == rec.dclass && name.equals(rec.name);
   }
 
+  /**
+   * Determines if this Record could be part of the passed RRset. This compares the name, type, and
+   * class of the Record and the set.
+   *
+   * @since 3.6
+   */
+  public boolean sameRRset(RRset set) {
+    return getRRsetType() == set.getType()
+        && dclass == set.getDClass()
+        && name.equals(set.getName());
+  }
+
   /**
    * Determines if two Records are identical. This compares the name, type, class, and rdata (with
    * names canonicalized). The TTLs are not compared.
@@ -657,7 +703,7 @@ public Name getAdditionalName() {
 
   /* Checks that an int contains an unsigned 8 bit value */
   static int checkU8(String field, int val) {
-    if (val < 0 || val > 0xFF) {
+    if (!Utils.isUInt8(val)) {
       throw new IllegalArgumentException(
           "\"" + field + "\" " + val + " must be an unsigned 8 bit value");
     }
@@ -666,7 +712,7 @@ static int checkU8(String field, int val) {
 
   /* Checks that an int contains an unsigned 16 bit value */
   static int checkU16(String field, int val) {
-    if (val < 0 || val > 0xFFFF) {
+    if (!Utils.isUInt16(val)) {
       throw new IllegalArgumentException(
           "\"" + field + "\" " + val + " must be an unsigned 16 bit value");
     }
@@ -675,7 +721,7 @@ static int checkU16(String field, int val) {
 
   /* Checks that a long contains an unsigned 32 bit value */
   static long checkU32(String field, long val) {
-    if (val < 0 || val > 0xFFFFFFFFL) {
+    if (!Utils.isUInt32(val)) {
       throw new IllegalArgumentException(
           "\"" + field + "\" " + val + " must be an unsigned 32 bit value");
     }
diff --git a/src/main/java/org/xbill/DNS/Resolver.java b/src/main/java/org/xbill/DNS/Resolver.java
index 34e545a44..5b6ce5111 100644
--- a/src/main/java/org/xbill/DNS/Resolver.java
+++ b/src/main/java/org/xbill/DNS/Resolver.java
@@ -9,6 +9,7 @@
 import java.util.Collections;
 import java.util.List;
 import java.util.concurrent.CompletableFuture;
+import java.util.concurrent.CompletionException;
 import java.util.concurrent.CompletionStage;
 import java.util.concurrent.ExecutionException;
 import java.util.concurrent.Executor;
@@ -157,8 +158,10 @@ default Message send(Message query) throws IOException {
     } catch (ExecutionException e) {
       if (e.getCause() instanceof IOException) {
         throw (IOException) e.getCause();
-      } else {
+      } else if (e.getCause() != null) {
         throw new IOException(e.getCause());
+      } else {
+        throw new IOException(e);
       }
     } catch (TimeoutException e) {
       throw new IOException(
@@ -167,7 +170,8 @@ default Message send(Message query) throws IOException {
               + "/"
               + Type.string(query.getQuestion().type)
               + ", id="
-              + query.getHeader().getID());
+              + query.getHeader().getID(),
+          e);
     }
   }
 
@@ -236,11 +240,16 @@ default Object sendAsync(Message query, ResolverListener listener) {
         (result, throwable) -> {
           if (throwable != null) {
             Exception exception;
+            if (throwable instanceof CompletionException && throwable.getCause() != null) {
+              throwable = throwable.getCause();
+            }
+
             if (throwable instanceof Exception) {
               exception = (Exception) throwable;
             } else {
               exception = new Exception(throwable);
             }
+
             listener.handleException(id, exception);
             return null;
           }
diff --git a/src/main/java/org/xbill/DNS/ResolverConfig.java b/src/main/java/org/xbill/DNS/ResolverConfig.java
index ea7c431db..d3cc022e8 100644
--- a/src/main/java/org/xbill/DNS/ResolverConfig.java
+++ b/src/main/java/org/xbill/DNS/ResolverConfig.java
@@ -44,7 +44,11 @@
  */
 @Slf4j
 public final class ResolverConfig {
-  /** @since 3.2 */
+  /**
+   * System property name to disable {@link ResolverConfigProvider} initialization.
+   *
+   * @since 3.2
+   */
   public static final String CONFIGPROVIDER_SKIP_INIT = "dnsjava.configprovider.skipinit";
 
   private final List<InetSocketAddress> servers = new ArrayList<>(2);
@@ -55,20 +59,7 @@ public final class ResolverConfig {
   private static List<ResolverConfigProvider> configProviders;
 
   private static void checkInitialized() {
-    if (configProviders == null) {
-      configProviders = new ArrayList<>(8);
-      if (!Boolean.getBoolean(CONFIGPROVIDER_SKIP_INIT)) {
-        configProviders.add(new PropertyResolverConfigProvider());
-        configProviders.add(new ResolvConfResolverConfigProvider());
-        configProviders.add(new WindowsResolverConfigProvider());
-        configProviders.add(new AndroidResolverConfigProvider());
-        configProviders.add(new JndiContextResolverConfigProvider());
-        configProviders.add(new SunJvmResolverConfigProvider());
-        configProviders.add(new FallbackPropertyResolverConfigProvider());
-      }
-    }
-
-    if (currentConfig == null) {
+    if (currentConfig == null || configProviders == null) {
       refresh();
     }
   }
@@ -103,6 +94,21 @@ public static void refresh() {
   }
 
   public ResolverConfig() {
+    synchronized (ResolverConfig.class) {
+      if (configProviders == null) {
+        configProviders = new ArrayList<>(8);
+        if (!Boolean.getBoolean(CONFIGPROVIDER_SKIP_INIT)) {
+          configProviders.add(new PropertyResolverConfigProvider());
+          configProviders.add(new ResolvConfResolverConfigProvider());
+          configProviders.add(new WindowsResolverConfigProvider());
+          configProviders.add(new AndroidResolverConfigProvider());
+          configProviders.add(new JndiContextResolverConfigProvider());
+          configProviders.add(new SunJvmResolverConfigProvider());
+          configProviders.add(new FallbackPropertyResolverConfigProvider());
+        }
+      }
+    }
+
     for (ResolverConfigProvider provider : configProviders) {
       if (provider.isEnabled()) {
         try {
diff --git a/src/main/java/org/xbill/DNS/ReverseMap.java b/src/main/java/org/xbill/DNS/ReverseMap.java
index 09c691a07..21a307ba0 100644
--- a/src/main/java/org/xbill/DNS/ReverseMap.java
+++ b/src/main/java/org/xbill/DNS/ReverseMap.java
@@ -149,14 +149,14 @@ public static InetAddress fromName(String name) throws UnknownHostException, Tex
    */
   public static InetAddress fromName(Name name) throws UnknownHostException {
     if (name.labels() <= 3) {
-      throw new UnknownHostException("Not an arpa address: " + name.toString());
+      throw new UnknownHostException("Not an arpa address: " + name);
     }
 
     byte[] ipBytes;
     if (name.subdomain(inaddr4)) {
       Name ip = name.relativize(inaddr4);
       if (ip.labels() > 4) {
-        throw new UnknownHostException("Invalid IPv4 arpa address: " + name.toString());
+        throw new UnknownHostException("Invalid IPv4 arpa address: " + name);
       }
 
       ipBytes = new byte[4];
@@ -165,26 +165,28 @@ public static InetAddress fromName(Name name) throws UnknownHostException {
           ipBytes[ip.labels() - i - 1] = (byte) Integer.parseInt(ip.getLabelString(i));
         }
       } catch (NumberFormatException e) {
-        throw new UnknownHostException("Invalid IPv4 arpa address: " + name.toString());
+        throw new UnknownHostException("Invalid IPv4 arpa address: " + name);
       }
       return InetAddress.getByAddress(ipBytes);
     } else if (name.subdomain(inaddr6)) {
       Name ip = name.relativize(inaddr6);
       if (ip.labels() > 32) {
-        throw new UnknownHostException("Invalid IPv6 arpa address: " + name.toString());
+        throw new UnknownHostException("Invalid IPv6 arpa address: " + name);
       }
 
       ipBytes = new byte[16];
       try {
         for (int i = 0; i < ip.labels(); i++) {
           ipBytes[(ip.labels() - i - 1) / 2] |=
-              Byte.parseByte(ip.getLabelString(i), 16) << ((ip.labels() - i) % 2 == 0 ? 0 : 4);
+              (byte)
+                  (Byte.parseByte(ip.getLabelString(i), 16)
+                      << ((ip.labels() - i) % 2 == 0 ? 0 : 4));
         }
       } catch (NumberFormatException e) {
-        throw new UnknownHostException("Invalid IPv6 arpa address: " + name.toString());
+        throw new UnknownHostException("Invalid IPv6 arpa address: " + name);
       }
     } else {
-      throw new UnknownHostException("Not an arpa address: " + name.toString());
+      throw new UnknownHostException("Not an arpa address: " + name);
     }
 
     return InetAddress.getByAddress(ipBytes);
diff --git a/src/main/java/org/xbill/DNS/SIG0.java b/src/main/java/org/xbill/DNS/SIG0.java
index 06fb55d33..3ef7b270f 100644
--- a/src/main/java/org/xbill/DNS/SIG0.java
+++ b/src/main/java/org/xbill/DNS/SIG0.java
@@ -98,14 +98,14 @@ public static void verifyMessage(
       Message message, byte[] b, KEYRecord key, SIGRecord previous, Instant now)
       throws DNSSEC.DNSSECException {
     SIGRecord sig = null;
-    for (Record record : message.getSection(Section.ADDITIONAL)) {
-      if (record.getType() != Type.SIG) {
+    for (Record r : message.getSection(Section.ADDITIONAL)) {
+      if (r.getType() != Type.SIG) {
         continue;
       }
-      if (((SIGRecord) record).getTypeCovered() != 0) {
+      if (((SIGRecord) r).getTypeCovered() != 0) {
         continue;
       }
-      sig = (SIGRecord) record;
+      sig = (SIGRecord) r;
       break;
     }
     DNSSEC.verifyMessage(message, b, sig, previous, key, now);
diff --git a/src/main/java/org/xbill/DNS/SIGBase.java b/src/main/java/org/xbill/DNS/SIGBase.java
index 7a252617f..58d80b100 100644
--- a/src/main/java/org/xbill/DNS/SIGBase.java
+++ b/src/main/java/org/xbill/DNS/SIGBase.java
@@ -14,7 +14,8 @@
  */
 abstract class SIGBase extends Record {
   protected int covered;
-  protected int alg, labels;
+  protected int alg;
+  protected int labels;
   protected long origttl;
   protected Instant expire;
   protected Instant timeSigned;
@@ -24,7 +25,7 @@ abstract class SIGBase extends Record {
 
   protected SIGBase() {}
 
-  public SIGBase(
+  protected SIGBase(
       Name name,
       int type,
       int dclass,
@@ -100,7 +101,7 @@ protected String rrToString() {
     sb.append(" ");
     sb.append(origttl);
     sb.append(" ");
-    if (Options.check("multiline")) {
+    if (Options.multiline()) {
       sb.append("(\n\t");
     }
     sb.append(FormattedTime.format(expire));
@@ -110,7 +111,7 @@ protected String rrToString() {
     sb.append(footprint);
     sb.append(" ");
     sb.append(signer);
-    if (Options.check("multiline")) {
+    if (Options.multiline()) {
       sb.append("\n");
       sb.append(base64.formatString(signature, 64, "\t", true));
     } else {
diff --git a/src/main/java/org/xbill/DNS/SIGRecord.java b/src/main/java/org/xbill/DNS/SIGRecord.java
index e25c2d055..9a012bd21 100644
--- a/src/main/java/org/xbill/DNS/SIGRecord.java
+++ b/src/main/java/org/xbill/DNS/SIGRecord.java
@@ -13,8 +13,8 @@
  *
  * @see RRset
  * @see DNSSEC
- * @see KEYRecord <a href="https://tools.ietf.org/html/rfc2535">RFC 2535: Domain Name System
- *     Security Extensions</a>
+ * @see KEYRecord <a href="https://datatracker.ietf.org/doc/html/rfc2535">RFC 2535: Domain Name
+ *     System Security Extensions</a>
  * @author Brian Wellington
  */
 public class SIGRecord extends SIGBase {
diff --git a/src/main/java/org/xbill/DNS/SMIMEARecord.java b/src/main/java/org/xbill/DNS/SMIMEARecord.java
index fe3b502ce..d98302ea8 100644
--- a/src/main/java/org/xbill/DNS/SMIMEARecord.java
+++ b/src/main/java/org/xbill/DNS/SMIMEARecord.java
@@ -6,8 +6,8 @@
 /**
  * S/MIME cert association
  *
- * @see <a href="https://tools.ietf.org/html/rfc8162">RFC 8162: Using Secure DNS to Associate
- *     Certificates with Domain Names for S/MIME</a>
+ * @see <a href="https://datatracker.ietf.org/doc/html/rfc8162">RFC 8162: Using Secure DNS to
+ *     Associate Certificates with Domain Names for S/MIME</a>
  * @author Brian Wellington
  */
 public class SMIMEARecord extends TLSARecord {
diff --git a/src/main/java/org/xbill/DNS/SOARecord.java b/src/main/java/org/xbill/DNS/SOARecord.java
index 58e97afb7..9f327959e 100644
--- a/src/main/java/org/xbill/DNS/SOARecord.java
+++ b/src/main/java/org/xbill/DNS/SOARecord.java
@@ -9,12 +9,17 @@
  * Start of Authority - describes properties of a zone.
  *
  * @author Brian Wellington
- * @see <a href="https://tools.ietf.org/html/rfc1035">RFC 1035: Domain Names - Implementation and
- *     Specification</a>
+ * @see <a href="https://datatracker.ietf.org/doc/html/rfc1035">RFC 1035: Domain Names -
+ *     Implementation and Specification</a>
  */
 public class SOARecord extends Record {
-  private Name host, admin;
-  private long serial, refresh, retry, expire, minimum;
+  private Name host;
+  private Name admin;
+  private long serial;
+  private long refresh;
+  private long retry;
+  private long expire;
+  private long minimum;
 
   SOARecord() {}
 
@@ -79,7 +84,7 @@ protected String rrToString() {
     sb.append(host);
     sb.append(" ");
     sb.append(admin);
-    if (Options.check("multiline")) {
+    if (Options.multiline()) {
       sb.append(" (\n\t\t\t\t\t");
       sb.append(serial);
       sb.append("\t; serial\n\t\t\t\t\t");
diff --git a/src/main/java/org/xbill/DNS/SPFRecord.java b/src/main/java/org/xbill/DNS/SPFRecord.java
index 01a993ce1..074b4b0f7 100644
--- a/src/main/java/org/xbill/DNS/SPFRecord.java
+++ b/src/main/java/org/xbill/DNS/SPFRecord.java
@@ -9,8 +9,8 @@
  * Sender Policy Framework (discontinued in RFC 7208)
  *
  * @author Brian Wellington
- * @see <a href="https://tools.ietf.org/html/rfc7208">RFC 7208: Sender Policy Framework (SPF) for
- *     Authorizing Use of Domains in Email, Version 1</a>
+ * @see <a href="https://datatracker.ietf.org/doc/html/rfc7208">RFC 7208: Sender Policy Framework
+ *     (SPF) for Authorizing Use of Domains in Email, Version 1</a>
  */
 public class SPFRecord extends TXTBase {
   SPFRecord() {}
diff --git a/src/main/java/org/xbill/DNS/SRVRecord.java b/src/main/java/org/xbill/DNS/SRVRecord.java
index be0805a09..78f05ceba 100644
--- a/src/main/java/org/xbill/DNS/SRVRecord.java
+++ b/src/main/java/org/xbill/DNS/SRVRecord.java
@@ -11,11 +11,13 @@
  * (for the secure SIP protocol) and _http._tcp.example.com (if HTTP used SRV records)
  *
  * @author Brian Wellington
- * @see <a href="https://tools.ietf.org/html/rfc2782">RFC 2782: A DNS RR for specifying the location
- *     of services (DNS SRV)</a>
+ * @see <a href="https://datatracker.ietf.org/doc/html/rfc2782">RFC 2782: A DNS RR for specifying
+ *     the location of services (DNS SRV)</a>
  */
 public class SRVRecord extends Record {
-  private int priority, weight, port;
+  private int priority;
+  private int weight;
+  private int port;
   private Name target;
 
   SRVRecord() {}
diff --git a/src/main/java/org/xbill/DNS/SSHFPRecord.java b/src/main/java/org/xbill/DNS/SSHFPRecord.java
index ccf9a817b..4d7e9715e 100644
--- a/src/main/java/org/xbill/DNS/SSHFPRecord.java
+++ b/src/main/java/org/xbill/DNS/SSHFPRecord.java
@@ -10,8 +10,8 @@
  * SSH Fingerprint - stores the fingerprint of an SSH host key.
  *
  * @author Brian Wellington
- * @see <a href="https://tools.ietf.org/html/rfc4255">RFC 4255: Using DNS to Securely Publish Secure
- *     Shell (SSH) Key Fingerprints</a>
+ * @see <a href="https://datatracker.ietf.org/doc/html/rfc4255">RFC 4255: Using DNS to Securely
+ *     Publish Secure Shell (SSH) Key Fingerprints</a>
  */
 public class SSHFPRecord extends Record {
   public static class Algorithm {
diff --git a/src/main/java/org/xbill/DNS/SVCBBase.java b/src/main/java/org/xbill/DNS/SVCBBase.java
index f3fe4f5e6..cd5a88083 100644
--- a/src/main/java/org/xbill/DNS/SVCBBase.java
+++ b/src/main/java/org/xbill/DNS/SVCBBase.java
@@ -2,12 +2,12 @@
 package org.xbill.DNS;
 
 import java.io.IOException;
+import java.io.Serializable;
 import java.net.Inet4Address;
 import java.net.Inet6Address;
 import java.net.InetAddress;
 import java.net.UnknownHostException;
 import java.util.ArrayList;
-import java.util.Base64;
 import java.util.HashMap;
 import java.util.LinkedList;
 import java.util.List;
@@ -16,13 +16,13 @@
 import java.util.TreeMap;
 import java.util.function.Supplier;
 import java.util.stream.Collectors;
+import org.xbill.DNS.utils.base64;
 
 /**
  * Implements common functionality for SVCB and HTTPS records
  *
- * @see <a
- *     href="https://tools.ietf.org/html/draft-ietf-dnsop-svcb-https-06">draft-ietf-dnsop-svcb-https</a>
  * @since 3.3
+ * @see <a href="https://datatracker.ietf.org/doc/html/rfc9460">RFC 9460</a>
  */
 public abstract class SVCBBase extends Record {
   protected int svcPriority;
@@ -36,7 +36,12 @@ public abstract class SVCBBase extends Record {
   public static final int IPV4HINT = 4;
   public static final int ECH = 5;
   public static final int IPV6HINT = 6;
-  /** @deprecated use {@link #ECH} */
+
+  /**
+   * Pre-RFC constant for the {@link #ECH} SVC parameter.
+   *
+   * @deprecated use {@link #ECH}
+   */
   @Deprecated public static final int ECHCONFIG = 5;
 
   protected SVCBBase() {
@@ -119,7 +124,7 @@ public Supplier<ParameterBase> getFactory(int val) {
     parameters.addAlias(ECH, "echconfig");
   }
 
-  public abstract static class ParameterBase {
+  public abstract static class ParameterBase implements Serializable {
     public ParameterBase() {}
 
     public abstract int getKey();
@@ -130,6 +135,7 @@ public ParameterBase() {}
 
     public abstract byte[] toWire();
 
+    @Override
     public abstract String toString();
 
     // Split string on commas, but not if comma is escaped with a '\'
@@ -230,11 +236,11 @@ public ParameterAlpn(List<String> values) throws TextParseException {
     }
 
     public List<String> getValues() {
-      List<String> values = new ArrayList<>();
-      for (byte[] b : this.values) {
-        values.add(byteArrayToString(b, false));
+      List<String> result = new ArrayList<>();
+      for (byte[] b : values) {
+        result.add(byteArrayToString(b, false));
       }
-      return values;
+      return result;
     }
 
     @Override
@@ -280,7 +286,7 @@ public String toString() {
           sb.append(",");
         }
         String str = byteArrayToString(b, false);
-        str = str.replaceAll(",", "\\\\,");
+        str = str.replace(",", "\\,");
         sb.append(str);
       }
       return sb.toString();
@@ -388,14 +394,14 @@ public ParameterIpv4Hint(List<Inet4Address> addresses) {
     }
 
     public List<Inet4Address> getAddresses() throws UnknownHostException {
-      List<Inet4Address> addresses = new LinkedList<>();
-      for (byte[] bytes : this.addresses) {
+      List<Inet4Address> result = new LinkedList<>();
+      for (byte[] bytes : addresses) {
         InetAddress address = InetAddress.getByAddress(bytes);
         if (address instanceof Inet4Address) {
-          addresses.add((Inet4Address) address);
+          result.add((Inet4Address) address);
         }
       }
-      return addresses;
+      return result;
     }
 
     @Override
@@ -483,7 +489,7 @@ public void fromString(String string) throws TextParseException {
       if (string == null || string.isEmpty()) {
         throw new TextParseException("Non-empty base64 value must be specified for ech");
       }
-      data = Base64.getDecoder().decode(string);
+      data = base64.fromString(string);
     }
 
     @Override
@@ -493,11 +499,15 @@ public byte[] toWire() {
 
     @Override
     public String toString() {
-      return Base64.getEncoder().encodeToString(data);
+      return base64.toString(data);
     }
   }
 
-  /** @deprecated use {@link ParameterEch} */
+  /**
+   * Pre-RFC class for {@link ParameterEch}.
+   *
+   * @deprecated use {@link ParameterEch}
+   */
   @Deprecated
   public static class ParameterEchConfig extends ParameterBase {
     private byte[] data;
@@ -530,7 +540,7 @@ public void fromString(String string) throws TextParseException {
       if (string == null || string.isEmpty()) {
         throw new TextParseException("Non-empty base64 value must be specified for echconfig");
       }
-      data = Base64.getDecoder().decode(string);
+      data = base64.fromString(string);
     }
 
     @Override
@@ -540,7 +550,7 @@ public byte[] toWire() {
 
     @Override
     public String toString() {
-      return Base64.getEncoder().encodeToString(data);
+      return base64.toString(data);
     }
   }
 
@@ -559,14 +569,14 @@ public ParameterIpv6Hint(List<Inet6Address> addresses) {
     }
 
     public List<Inet6Address> getAddresses() throws UnknownHostException {
-      List<Inet6Address> addresses = new LinkedList<>();
-      for (byte[] bytes : this.addresses) {
+      List<Inet6Address> result = new LinkedList<>();
+      for (byte[] bytes : addresses) {
         InetAddress address = InetAddress.getByAddress(bytes);
         if (address instanceof Inet6Address) {
-          addresses.add((Inet6Address) address);
+          result.add((Inet6Address) address);
         }
       }
-      return addresses;
+      return result;
     }
 
     @Override
@@ -724,10 +734,10 @@ protected String rrToString() {
     sb.append(svcPriority);
     sb.append(" ");
     sb.append(targetName);
-    for (Integer key : svcParams.keySet()) {
+    for (Map.Entry<Integer, ParameterBase> entry : svcParams.entrySet()) {
       sb.append(" ");
-      sb.append(parameters.getText(key));
-      ParameterBase param = svcParams.get(key);
+      sb.append(parameters.getText(entry.getKey()));
+      ParameterBase param = entry.getValue();
       String value = param.toString();
       if (value != null && !value.isEmpty()) {
         sb.append("=");
@@ -749,24 +759,24 @@ protected void rdataFromString(Tokenizer st, Name origin) throws IOException {
       if (!t.isString()) {
         break;
       }
-      int indexOfEquals = t.value.indexOf('=');
+      int indexOfEquals = t.value().indexOf('=');
       if (indexOfEquals == -1) {
         // No "=" is key with no value case, leave value string as null
-        keyStr = t.value;
-      } else if (indexOfEquals == t.value.length() - 1) {
+        keyStr = t.value();
+      } else if (indexOfEquals == t.value().length() - 1) {
         // Ends with "=" means the next token is quoted string with the value
-        keyStr = t.value.substring(0, indexOfEquals);
+        keyStr = t.value().substring(0, indexOfEquals);
         Tokenizer.Token valueToken = st.get();
         if (!valueToken.isString()) {
           throw new TextParseException("Expected value for parameter key '" + keyStr + "'");
         }
-        valueStr = valueToken.value;
+        valueStr = valueToken.value();
       } else if (indexOfEquals > 0) {
         // If "=" is in the middle then need to split the key and value from this token
-        keyStr = t.value.substring(0, indexOfEquals);
-        valueStr = t.value.substring(indexOfEquals + 1);
+        keyStr = t.value().substring(0, indexOfEquals);
+        valueStr = t.value().substring(indexOfEquals + 1);
       } else {
-        throw new TextParseException("Expected valid parameter key=value for '" + t.value + "'");
+        throw new TextParseException("Expected valid parameter key=value for '" + t.value() + "'");
       }
 
       ParameterBase param;
@@ -788,10 +798,6 @@ protected void rdataFromString(Tokenizer st, Name origin) throws IOException {
     }
     st.unget();
 
-    if (svcPriority > 0 && svcParams.isEmpty()) {
-      throw new TextParseException(
-          "At least one parameter value must be specified for ServiceMode");
-    }
     if (svcPriority == 0 && !svcParams.isEmpty()) {
       throw new TextParseException("No parameter values allowed for AliasMode");
     }
@@ -804,9 +810,9 @@ protected void rdataFromString(Tokenizer st, Name origin) throws IOException {
   protected void rrToWire(DNSOutput out, Compression c, boolean canonical) {
     out.writeU16(svcPriority);
     targetName.toWire(out, null, canonical);
-    for (Integer key : svcParams.keySet()) {
-      out.writeU16(key);
-      ParameterBase param = svcParams.get(key);
+    for (Map.Entry<Integer, ParameterBase> entry : svcParams.entrySet()) {
+      out.writeU16(entry.getKey());
+      ParameterBase param = entry.getValue();
       byte[] value = param.toWire();
       out.writeU16(value.length);
       out.writeByteArray(value);
diff --git a/src/main/java/org/xbill/DNS/SVCBRecord.java b/src/main/java/org/xbill/DNS/SVCBRecord.java
index bed4de00c..1785e52e5 100644
--- a/src/main/java/org/xbill/DNS/SVCBRecord.java
+++ b/src/main/java/org/xbill/DNS/SVCBRecord.java
@@ -6,9 +6,8 @@
 /**
  * Service Location and Parameter Binding Record
  *
- * @see <a
- *     href="https://tools.ietf.org/html/draft-ietf-dnsop-svcb-https-06">draft-ietf-dnsop-svcb-https</a>
  * @since 3.3
+ * @see <a href="https://datatracker.ietf.org/doc/html/rfc9460">RFC 9460</a>
  */
 public class SVCBRecord extends SVCBBase {
   SVCBRecord() {}
diff --git a/src/main/java/org/xbill/DNS/Section.java b/src/main/java/org/xbill/DNS/Section.java
index a72f6eec4..75483a06f 100644
--- a/src/main/java/org/xbill/DNS/Section.java
+++ b/src/main/java/org/xbill/DNS/Section.java
@@ -79,4 +79,13 @@ public static String updString(int i) {
   public static int value(String s) {
     return sections.getValue(s);
   }
+
+  /**
+   * Checks that a numeric section value is valid.
+   *
+   * @since 3.6
+   */
+  public static void check(int section) {
+    sections.check(section);
+  }
 }
diff --git a/src/main/java/org/xbill/DNS/Serial.java b/src/main/java/org/xbill/DNS/Serial.java
index cd7bf29ea..e7cc0dafe 100644
--- a/src/main/java/org/xbill/DNS/Serial.java
+++ b/src/main/java/org/xbill/DNS/Serial.java
@@ -8,10 +8,14 @@
  * serial numbers. SOA serial number arithmetic is defined in RFC 1982 and also referenced in RFC
  * 2136.
  *
+ * @see <a href="https://datatracker.ietf.org/doc/html/rfc1982">RFC 1982: Serial Number
+ *     Arithmetic</a>
+ * @see <a href="https://datatracker.ietf.org/doc/html/rfc2136">RFC 2136: DDynamic Updates in the
+ *     Domain Name System (DNS UPDATE)</a>
  * @author Brian Wellington
  */
 public final class Serial {
-
+  private static final String ERROR_MESSAGE_SUFFIX = " out of range";
   private static final long MAX32 = 0xFFFFFFFFL;
 
   private Serial() {}
@@ -28,16 +32,14 @@ private Serial() {}
    */
   public static int compare(long serial1, long serial2) {
     if (serial1 < 0 || serial1 > MAX32) {
-      throw new IllegalArgumentException(serial1 + " out of range");
+      throw new IllegalArgumentException(serial1 + ERROR_MESSAGE_SUFFIX);
     }
     if (serial2 < 0 || serial2 > MAX32) {
-      throw new IllegalArgumentException(serial2 + " out of range");
+      throw new IllegalArgumentException(serial2 + ERROR_MESSAGE_SUFFIX);
     }
     long diff = serial1 - serial2;
     if (diff >= MAX32) {
       diff -= MAX32 + 1;
-    } else if (diff < -MAX32) {
-      diff += MAX32 + 1;
     }
     return (int) diff;
   }
@@ -53,7 +55,7 @@ public static int compare(long serial1, long serial2) {
    */
   public static long increment(long serial) {
     if (serial < 0 || serial > MAX32) {
-      throw new IllegalArgumentException(serial + " out of range");
+      throw new IllegalArgumentException(serial + ERROR_MESSAGE_SUFFIX);
     }
     if (serial == MAX32) {
       return 1;
diff --git a/src/main/java/org/xbill/DNS/SetResponse.java b/src/main/java/org/xbill/DNS/SetResponse.java
index 3fbf8552e..589bd2263 100644
--- a/src/main/java/org/xbill/DNS/SetResponse.java
+++ b/src/main/java/org/xbill/DNS/SetResponse.java
@@ -3,8 +3,18 @@
 
 package org.xbill.DNS;
 
+import static org.xbill.DNS.SetResponseType.CNAME;
+import static org.xbill.DNS.SetResponseType.DELEGATION;
+import static org.xbill.DNS.SetResponseType.DNAME;
+import static org.xbill.DNS.SetResponseType.NXDOMAIN;
+import static org.xbill.DNS.SetResponseType.NXRRSET;
+import static org.xbill.DNS.SetResponseType.SUCCESSFUL;
+import static org.xbill.DNS.SetResponseType.UNKNOWN;
+
 import java.util.ArrayList;
 import java.util.List;
+import lombok.AccessLevel;
+import lombok.Getter;
 
 /**
  * The Response from a query to {@link Cache#lookupRecords(Name, int, int)} or {@link
@@ -15,93 +25,74 @@
  * @author Brian Wellington
  */
 public class SetResponse {
+  private static final SetResponse SR_UNKNOWN = new SetResponse(UNKNOWN, null, false);
+  private static final SetResponse SR_UNKNOWN_AUTH = new SetResponse(UNKNOWN, null, true);
+  private static final SetResponse SR_NXDOMAIN = new SetResponse(NXDOMAIN, null, false);
+  private static final SetResponse SR_NXDOMAIN_AUTH = new SetResponse(NXDOMAIN, null, true);
+  private static final SetResponse SR_NXRRSET = new SetResponse(NXRRSET, null, false);
+  private static final SetResponse SR_NXRRSET_AUTH = new SetResponse(NXRRSET, null, true);
 
-  /** The Cache contains no information about the requested name/type */
-  static final int UNKNOWN = 0;
-
-  /**
-   * The Zone does not contain the requested name, or the Cache has determined that the name does
-   * not exist.
-   */
-  static final int NXDOMAIN = 1;
-
-  /**
-   * The Zone contains the name, but no data of the requested type, or the Cache has determined that
-   * the name exists and has no data of the requested type.
-   */
-  static final int NXRRSET = 2;
-
-  /** A delegation enclosing the requested name was found. */
-  static final int DELEGATION = 3;
-
-  /**
-   * The Cache/Zone found a CNAME when looking for the name.
-   *
-   * @see CNAMERecord
-   */
-  static final int CNAME = 4;
-
-  /**
-   * The Cache/Zone found a DNAME when looking for the name.
-   *
-   * @see DNAMERecord
-   */
-  static final int DNAME = 5;
-
-  /** The Cache/Zone has successfully answered the question for the requested name/type/class. */
-  static final int SUCCESSFUL = 6;
-
-  private static final SetResponse unknown = new SetResponse(UNKNOWN);
-  private static final SetResponse nxdomain = new SetResponse(NXDOMAIN);
-  private static final SetResponse nxrrset = new SetResponse(NXRRSET);
-
-  private int type;
-  private List<RRset> data;
+  private final SetResponseType type;
 
-  private SetResponse() {}
+  @Getter(AccessLevel.PACKAGE)
+  private boolean isAuthenticated;
 
-  SetResponse(int type, RRset rrset) {
-    if (type < 0 || type > 6) {
-      throw new IllegalArgumentException("invalid type");
-    }
+  private List<RRset> data;
+
+  private SetResponse(SetResponseType type, RRset rrset, boolean isAuthenticated) {
     this.type = type;
-    this.data = new ArrayList<>();
-    this.data.add(rrset);
+    this.isAuthenticated = isAuthenticated;
+    if (rrset != null) {
+      addRRset(rrset);
+    }
   }
 
-  SetResponse(int type) {
-    if (type < 0 || type > 6) {
-      throw new IllegalArgumentException("invalid type");
-    }
-    this.type = type;
-    this.data = null;
+  static SetResponse ofType(SetResponseType type) {
+    return ofType(type, null, false);
+  }
+
+  static SetResponse ofType(SetResponseType type, RRset rrset) {
+    return ofType(type, rrset, false);
   }
 
-  static SetResponse ofType(int type) {
+  static SetResponse ofType(SetResponseType type, Cache.CacheRRset rrset) {
+    return ofType(type, rrset, rrset.isAuthenticated());
+  }
+
+  static SetResponse ofType(SetResponseType type, RRset rrset, boolean isAuthenticated) {
     switch (type) {
       case UNKNOWN:
-        return unknown;
+        return isAuthenticated ? SR_UNKNOWN_AUTH : SR_UNKNOWN;
       case NXDOMAIN:
-        return nxdomain;
+        return isAuthenticated ? SR_NXDOMAIN_AUTH : SR_NXDOMAIN;
       case NXRRSET:
-        return nxrrset;
+        return isAuthenticated ? SR_NXRRSET_AUTH : SR_NXRRSET;
       case DELEGATION:
       case CNAME:
       case DNAME:
       case SUCCESSFUL:
-        SetResponse sr = new SetResponse();
-        sr.type = type;
-        sr.data = null;
-        return sr;
+        return new SetResponse(type, rrset, isAuthenticated);
       default:
         throw new IllegalArgumentException("invalid type");
     }
   }
 
   void addRRset(RRset rrset) {
+    if (type.isSealed()) {
+      throw new IllegalStateException("Attempted to add RRset to sealed response of type " + type);
+    }
+
     if (data == null) {
       data = new ArrayList<>();
+      if (rrset instanceof Cache.CacheRRset) {
+        isAuthenticated = ((Cache.CacheRRset) rrset).isAuthenticated();
+      }
+    } else {
+      if (rrset instanceof Cache.CacheRRset && isAuthenticated) {
+        isAuthenticated = ((Cache.CacheRRset) rrset).isAuthenticated();
+      }
     }
+
     data.add(rrset);
   }
 
@@ -160,29 +151,12 @@ public DNAMERecord getDNAME() {
 
   /** If the query hit a delegation point, return the NS set. */
   public RRset getNS() {
-    return (data != null) ? data.get(0) : null;
+    return data != null ? data.get(0) : null;
   }
 
   /** Prints the value of the SetResponse */
   @Override
   public String toString() {
-    switch (type) {
-      case UNKNOWN:
-        return "unknown";
-      case NXDOMAIN:
-        return "NXDOMAIN";
-      case NXRRSET:
-        return "NXRRSET";
-      case DELEGATION:
-        return "delegation: " + data.get(0);
-      case CNAME:
-        return "CNAME: " + data.get(0);
-      case DNAME:
-        return "DNAME: " + data.get(0);
-      case SUCCESSFUL:
-        return "successful";
-      default:
-        throw new IllegalStateException();
-    }
+    return type + (type.isPrintRecords() ? ": " + data.get(0) : "");
   }
 }
diff --git a/src/main/java/org/xbill/DNS/SetResponseType.java b/src/main/java/org/xbill/DNS/SetResponseType.java
new file mode 100644
index 000000000..13c84a566
--- /dev/null
+++ b/src/main/java/org/xbill/DNS/SetResponseType.java
@@ -0,0 +1,52 @@
+// SPDX-License-Identifier: BSD-3-Clause
+package org.xbill.DNS;
+
+import lombok.Getter;
+import lombok.RequiredArgsConstructor;
+
+@Getter
+@RequiredArgsConstructor
+enum SetResponseType {
+  /** The Cache contains no information about the requested name/type */
+  UNKNOWN(false, true),
+
+  /**
+   * The Zone does not contain the requested name, or the Cache has determined that the name does
+   * not exist.
+   */
+  NXDOMAIN(false, true),
+
+  /**
+   * The Zone contains the name, but no data of the requested type, or the Cache has determined that
+   * the name exists and has no data of the requested type.
+   */
+  NXRRSET(false, true),
+
+  /** A delegation enclosing the requested name was found. */
+  DELEGATION(true, false),
+
+  /**
+   * The {@link Cache} or {@link Zone} found a CNAME when looking for the name.
+   *
+   * @see CNAMERecord
+   */
+  CNAME(true, false),
+
+  /**
+   * The {@link Cache} or {@link Zone} found a DNAME when looking for the name.
+   *
+   * @see DNAMERecord
+   */
+  DNAME(true, false),
+
+  /**
+   * The {@link Cache} or {@link Zone} has successfully answered the question for the requested
+   * name/type/class.
+   */
+  SUCCESSFUL(false, false);
+
+  private final boolean printRecords;
+
+  /** If true, no RRsets can be added. Intended for static NX* instances. */
+  private final boolean isSealed;
+}
diff --git a/src/main/java/org/xbill/DNS/SimpleResolver.java b/src/main/java/org/xbill/DNS/SimpleResolver.java
index eeeb28ac1..4f5fd72a6 100644
--- a/src/main/java/org/xbill/DNS/SimpleResolver.java
+++ b/src/main/java/org/xbill/DNS/SimpleResolver.java
@@ -14,7 +14,11 @@
 import java.util.concurrent.CompletionStage;
 import java.util.concurrent.Executor;
 import java.util.concurrent.ForkJoinPool;
+import lombok.Getter;
+import lombok.Setter;
 import lombok.extern.slf4j.Slf4j;
+import org.xbill.DNS.io.DefaultIoClientFactory;
+import org.xbill.DNS.io.IoClientFactory;
 
 /**
  * An implementation of Resolver that sends one query to one server. SimpleResolver handles TCP
@@ -36,13 +40,21 @@ public class SimpleResolver implements Resolver {
 
   private InetSocketAddress address;
   private InetSocketAddress localAddress;
-  private boolean useTCP, ignoreTruncation;
+  private boolean useTCP;
+  private boolean ignoreTruncation;
   private OPTRecord queryOPT = new OPTRecord(DEFAULT_EDNS_PAYLOADSIZE, 0, 0, 0);
   private TSIG tsig;
   private Duration timeoutValue = Duration.ofSeconds(10);
 
   private static final short DEFAULT_UDPSIZE = 512;
 
+  /**
+   * Gets or sets the factory that creates clients for sending messages to the wire.
+   *
+   * @since 3.6
+   */
+  @Getter @Setter private IoClientFactory ioClientFactory = new DefaultIoClientFactory();
+
   private static InetSocketAddress defaultResolver =
       new InetSocketAddress(InetAddress.getLoopbackAddress(), DEFAULT_PORT);
 
@@ -267,12 +279,13 @@ private Message parseMessage(byte[] b) throws WireParseException {
     }
   }
 
-  private void verifyTSIG(Message query, Message response, byte[] b, TSIG tsig) {
+  private void verifyTSIG(Message query, Message response, byte[] b) {
     if (tsig == null) {
       return;
     }
-    int error = tsig.verify(response, b, query.getTSIG());
-    log.debug("TSIG verify: {}", Rcode.TSIGstring(error));
+    int error = tsig.verify(response, b, query.getGeneratedTSIG());
+    log.debug(
+        "TSIG verify on message id {}: {}", query.getHeader().getID(), Rcode.TSIGstring(error));
   }
 
   private void applyEDNS(Message query) {
@@ -340,7 +353,16 @@ public CompletionStage<Message> sendAsync(Message query, Executor executor) {
 
   CompletableFuture<Message> sendAsync(Message query, boolean forceTcp, Executor executor) {
     int qid = query.getHeader().getID();
-    byte[] out = query.toWire(Message.MAXLENGTH);
+    boolean truncate = query.getHeader().getOpcode() != Opcode.UPDATE;
+    byte[] out;
+    try {
+      out = query.toWire(Message.MAXLENGTH, truncate);
+    } catch (MessageSizeExceededException e) {
+      CompletableFuture<Message> f = new CompletableFuture<>();
+      f.completeExceptionally(e);
+      return f;
+    }
+
     int udpSize = maxUDPSize(query);
     boolean tcp = forceTcp || out.length > udpSize;
     if (log.isTraceEnabled()) {
@@ -366,9 +388,15 @@ CompletableFuture<Message> sendAsync(Message query, boolean forceTcp, Executor e
 
     CompletableFuture<byte[]> result;
     if (tcp) {
-      result = NioTcpClient.sendrecv(localAddress, address, query, out, timeoutValue);
+      result =
+          ioClientFactory
+              .createOrGetTcpClient()
+              .sendAndReceiveTcp(localAddress, address, query, out, timeoutValue);
     } else {
-      result = NioUdpClient.sendrecv(localAddress, address, out, udpSize, timeoutValue);
+      result =
+          ioClientFactory
+              .createOrGetUdpClient()
+              .sendAndReceiveUdp(localAddress, address, query, out, udpSize, timeoutValue);
     }
 
     return result.thenComposeAsync(
@@ -400,38 +428,55 @@ CompletableFuture<Message> sendAsync(Message query, boolean forceTcp, Executor e
             return f;
           }
 
-          // validate name, class and type (rfc5452#section-9.1)
-          if (!query.getQuestion().getName().equals(response.getQuestion().getName())) {
-            f.completeExceptionally(
-                new WireParseException(
-                    "invalid name in message: expected "
-                        + query.getQuestion().getName()
-                        + "; got "
-                        + response.getQuestion().getName()));
-            return f;
-          }
+          // rfc2136#section-3.8:
+          //  A response message is generated by copying the ID and Opcode fields from the request,
+          // [...] and not including any part of the original update
+          if (query.getHeader().getOpcode() == Opcode.UPDATE) {
+            if (response.getHeader().getOpcode() != Opcode.UPDATE) {
+              f.completeExceptionally(
+                  new WireParseException("invalid message: opcode response is not UPDATE"));
+              return f;
+            }
+          } else {
+            if (response.getQuestion() == null) {
+              f.completeExceptionally(
+                  new WireParseException("invalid message: question section missing"));
+              return f;
+            }
 
-          if (query.getQuestion().getDClass() != response.getQuestion().getDClass()) {
-            f.completeExceptionally(
-                new WireParseException(
-                    "invalid class in message: expected "
-                        + DClass.string(query.getQuestion().getDClass())
-                        + "; got "
-                        + DClass.string(response.getQuestion().getDClass())));
-            return f;
-          }
+            // validate name, class and type (rfc5452#section-9.1)
+            if (!query.getQuestion().getName().equals(response.getQuestion().getName())) {
+              f.completeExceptionally(
+                  new WireParseException(
+                      "invalid name in message: expected "
+                          + query.getQuestion().getName()
+                          + "; got "
+                          + response.getQuestion().getName()));
+              return f;
+            }
 
-          if (query.getQuestion().getType() != response.getQuestion().getType()) {
-            f.completeExceptionally(
-                new WireParseException(
-                    "invalid type in message: expected "
-                        + Type.string(query.getQuestion().getType())
-                        + "; got "
-                        + Type.string(response.getQuestion().getType())));
-            return f;
+            if (query.getQuestion().getDClass() != response.getQuestion().getDClass()) {
+              f.completeExceptionally(
+                  new WireParseException(
+                      "invalid class in message: expected "
+                          + DClass.string(query.getQuestion().getDClass())
+                          + "; got "
+                          + DClass.string(response.getQuestion().getDClass())));
+              return f;
+            }
+
+            if (query.getQuestion().getType() != response.getQuestion().getType()) {
+              f.completeExceptionally(
+                  new WireParseException(
+                      "invalid type in message: expected "
+                          + Type.string(query.getQuestion().getType())
+                          + "; got "
+                          + Type.string(response.getQuestion().getType())));
+              return f;
+            }
           }
 
-          verifyTSIG(query, response, in, tsig);
+          verifyTSIG(query, response, in);
           if (!tcp && !ignoreTruncation && response.getHeader().getFlag(Flags.TC)) {
             if (log.isTraceEnabled()) {
               log.trace(
@@ -466,8 +511,8 @@ private Message sendAXFR(Message query) throws IOException {
     response.getHeader().setFlag(Flags.AA);
     response.getHeader().setFlag(Flags.QR);
     response.addRecord(query.getQuestion(), Section.QUESTION);
-    for (Record record : records) {
-      response.addRecord(record, Section.ANSWER);
+    for (Record r : records) {
+      response.addRecord(r, Section.ANSWER);
     }
     return response;
   }
diff --git a/src/main/java/org/xbill/DNS/TCPClient.java b/src/main/java/org/xbill/DNS/TCPClient.java
index 7f65f4391..ccc893696 100644
--- a/src/main/java/org/xbill/DNS/TCPClient.java
+++ b/src/main/java/org/xbill/DNS/TCPClient.java
@@ -14,7 +14,8 @@
 import java.time.Duration;
 import java.time.temporal.ChronoUnit;
 
-final class TCPClient {
+@SuppressWarnings("resource")
+class TCPClient implements AutoCloseable {
   private final long startTime;
   private final Duration timeout;
   private final SelectionKey key;
@@ -101,7 +102,7 @@ void send(byte[] data) throws IOException {
     }
   }
 
-  private byte[] _recv(int length) throws IOException {
+  private byte[] recv(int length) throws IOException {
     SocketChannel channel = (SocketChannel) key.channel();
     int nrecvd = 0;
     byte[] data = new byte[length];
@@ -144,15 +145,16 @@ private void blockUntil(SelectionKey key) throws IOException {
     }
   }
 
-  void cleanup() throws IOException {
+  @Override
+  public void close() throws IOException {
     key.selector().close();
     key.channel().close();
   }
 
   byte[] recv() throws IOException {
-    byte[] buf = _recv(2);
+    byte[] buf = recv(2);
     int length = ((buf[0] & 0xFF) << 8) + (buf[1] & 0xFF);
-    byte[] data = _recv(length);
+    byte[] data = recv(length);
     SocketChannel channel = (SocketChannel) key.channel();
     NioClient.verboseLog(
         "TCP read",
diff --git a/src/main/java/org/xbill/DNS/TKEYRecord.java b/src/main/java/org/xbill/DNS/TKEYRecord.java
index 0664604ae..ee307eee0 100644
--- a/src/main/java/org/xbill/DNS/TKEYRecord.java
+++ b/src/main/java/org/xbill/DNS/TKEYRecord.java
@@ -13,8 +13,8 @@
  *
  * @see TSIG
  * @author Brian Wellington
- * @see <a href="https://tools.ietf.org/html/rfc2930">RFC 2930: Secret Key Establishment for DNS
- *     (TKEY RR)</a>
+ * @see <a href="https://datatracker.ietf.org/doc/html/rfc2930">RFC 2930: Secret Key Establishment
+ *     for DNS (TKEY RR)</a>
  */
 public class TKEYRecord extends Record {
   private Name alg;
@@ -164,7 +164,7 @@ protected String rrToString() {
     StringBuilder sb = new StringBuilder();
     sb.append(alg);
     sb.append(" ");
-    if (Options.check("multiline")) {
+    if (Options.multiline()) {
       sb.append("(\n\t");
     }
     sb.append(FormattedTime.format(timeInception));
@@ -174,7 +174,7 @@ protected String rrToString() {
     sb.append(modeString());
     sb.append(" ");
     sb.append(Rcode.TSIGstring(error));
-    if (Options.check("multiline")) {
+    if (Options.multiline()) {
       sb.append("\n");
       if (key != null) {
         sb.append(base64.formatString(key, 64, "\t", false));
diff --git a/src/main/java/org/xbill/DNS/TLSARecord.java b/src/main/java/org/xbill/DNS/TLSARecord.java
index c90068675..46714fcef 100644
--- a/src/main/java/org/xbill/DNS/TLSARecord.java
+++ b/src/main/java/org/xbill/DNS/TLSARecord.java
@@ -10,8 +10,8 @@
  * Transport Layer Security Authentication
  *
  * @author Brian Wellington
- * @see <a href="https://tools.ietf.org/html/rfc6698">RFC 6698: The DNS-Based Authentication of
- *     Named Entities (DANE) Transport Layer Security (TLS) Protocol: TLSA</a>
+ * @see <a href="https://datatracker.ietf.org/doc/html/rfc6698">RFC 6698: The DNS-Based
+ *     Authentication of Named Entities (DANE) Transport Layer Security (TLS) Protocol: TLSA</a>
  */
 public class TLSARecord extends Record {
   public static class CertificateUsage {
@@ -26,10 +26,18 @@ private CertificateUsage() {}
   public static class Selector {
     private Selector() {}
 
-    /** Full certificate; the Certificate binary structure defined in [RFC5280] */
+    /**
+     * Full certificate; the Certificate binary structure.
+     *
+     * @see <a href="https://datatracker.ietf.org/doc/html/rfc5280">RFC 5280</a>
+     */
     public static final int FULL_CERTIFICATE = 0;
 
-    /** SubjectPublicKeyInfo; DER-encoded binary structure defined in [RFC5280] */
+    /**
+     * SubjectPublicKeyInfo; DER-encoded binary structure.
+     *
+     * @see <a href="https://datatracker.ietf.org/doc/html/rfc5280">RFC 5280</a>
+     */
     public static final int SUBJECT_PUBLIC_KEY_INFO = 1;
   }
 
@@ -39,10 +47,18 @@ private MatchingType() {}
     /** Exact match on selected content */
     public static final int EXACT = 0;
 
-    /** SHA-256 hash of selected content [RFC6234] */
+    /**
+     * SHA-256 hash of selected content.
+     *
+     * @see <a href="https://datatracker.ietf.org/doc/html/rfc6234">RFC 6234</a>
+     */
     public static final int SHA256 = 1;
 
-    /** SHA-512 hash of selected content [RFC6234] */
+    /**
+     * SHA-512 hash of selected content.
+     *
+     * @see <a href="https://datatracker.ietf.org/doc/html/rfc6234">RFC 6234</a>
+     */
     public static final int SHA512 = 2;
   }
 
@@ -76,6 +92,9 @@ protected TLSARecord(
     this.certificateUsage = checkU8("certificateUsage", certificateUsage);
     this.selector = checkU8("selector", selector);
     this.matchingType = checkU8("matchingType", matchingType);
+    if (certificateAssociationData == null || certificateAssociationData.length == 0) {
+      throw new IllegalArgumentException("certificateAssociationData must not be null or empty");
+    }
     this.certificateAssociationData =
         checkByteArrayLength("certificateAssociationData", certificateAssociationData, 0xFFFF);
   }
@@ -115,6 +134,9 @@ protected void rrFromWire(DNSInput in) throws IOException {
     selector = in.readU8();
     matchingType = in.readU8();
     certificateAssociationData = in.readByteArray();
+    if (certificateAssociationData.length == 0) {
+      throw new WireParseException("end of input");
+    }
   }
 
   @Override
@@ -122,22 +144,19 @@ protected void rdataFromString(Tokenizer st, Name origin) throws IOException {
     certificateUsage = st.getUInt8();
     selector = st.getUInt8();
     matchingType = st.getUInt8();
-    certificateAssociationData = st.getHex();
+    certificateAssociationData = st.getHex(true);
   }
 
   /** Converts rdata to a String */
   @Override
   protected String rrToString() {
-    StringBuilder sb = new StringBuilder();
-    sb.append(certificateUsage);
-    sb.append(" ");
-    sb.append(selector);
-    sb.append(" ");
-    sb.append(matchingType);
-    sb.append(" ");
-    sb.append(base16.toString(certificateAssociationData));
-
-    return sb.toString();
+    return certificateUsage
+        + " "
+        + selector
+        + " "
+        + matchingType
+        + " "
+        + base16.toString(certificateAssociationData);
   }
 
   @Override
diff --git a/src/main/java/org/xbill/DNS/TSIG.java b/src/main/java/org/xbill/DNS/TSIG.java
index 5b5fee1c6..baaa3299f 100644
--- a/src/main/java/org/xbill/DNS/TSIG.java
+++ b/src/main/java/org/xbill/DNS/TSIG.java
@@ -12,9 +12,13 @@
 import java.util.HashMap;
 import java.util.Map;
 import java.util.Objects;
+import java.util.TreeMap;
+import java.util.regex.Matcher;
+import java.util.regex.Pattern;
 import javax.crypto.Mac;
 import javax.crypto.SecretKey;
 import javax.crypto.spec.SecretKeySpec;
+import lombok.Getter;
 import lombok.extern.slf4j.Slf4j;
 import org.xbill.DNS.utils.base64;
 import org.xbill.DNS.utils.hexdump;
@@ -30,56 +34,179 @@
 public class TSIG {
   // https://www.iana.org/assignments/tsig-algorithm-names/tsig-algorithm-names.xml
 
-  /** The domain name representing the gss-tsig algorithm. */
+  /**
+   * The domain name representing the gss-tsig algorithm.
+   *
+   * @see <a href="https://datatracker.ietf.org/doc/html/rfc3645">RFC 3645</a>
+   */
   public static final Name GSS_TSIG = Name.fromConstantString("gss-tsig.");
 
-  /** The domain name representing the HMAC-MD5 algorithm. */
+  /**
+   * The domain name representing the HMAC-MD5 algorithm.
+   *
+   * @see <a href="https://datatracker.ietf.org/doc/html/rfc8945">RFC 8945</a>
+   */
   public static final Name HMAC_MD5 = Name.fromConstantString("HMAC-MD5.SIG-ALG.REG.INT.");
 
   /**
    * The domain name representing the HMAC-MD5 algorithm.
    *
+   * @see <a href="https://datatracker.ietf.org/doc/html/rfc8945">RFC 8945</a>
    * @deprecated use {@link #HMAC_MD5}
    */
   @Deprecated public static final Name HMAC = HMAC_MD5;
 
-  /** The domain name representing the HMAC-SHA1 algorithm. */
+  /**
+   * The domain name representing the HMAC-SHA1 algorithm.
+   *
+   * @see <a href="https://datatracker.ietf.org/doc/html/rfc8945">RFC 8945</a>
+   */
   public static final Name HMAC_SHA1 = Name.fromConstantString("hmac-sha1.");
 
-  /** The domain name representing the HMAC-SHA224 algorithm. */
+  /**
+   * The domain name representing the HMAC-SHA224 algorithm.
+   *
+   * @see <a href="https://datatracker.ietf.org/doc/html/rfc8945">RFC 8945</a>
+   */
   public static final Name HMAC_SHA224 = Name.fromConstantString("hmac-sha224.");
 
-  /** The domain name representing the HMAC-SHA256 algorithm. */
+  /**
+   * The domain name representing the HMAC-SHA256 algorithm.
+   *
+   * @see <a href="https://datatracker.ietf.org/doc/html/rfc8945">RFC 8945</a>
+   */
   public static final Name HMAC_SHA256 = Name.fromConstantString("hmac-sha256.");
 
-  /** The domain name representing the HMAC-SHA384 algorithm. */
+  /**
+   * The domain name representing the HMAC-SHA384 algorithm.
+   *
+   * @see <a href="https://datatracker.ietf.org/doc/html/rfc8945">RFC 8945</a>
+   */
   public static final Name HMAC_SHA384 = Name.fromConstantString("hmac-sha384.");
 
-  /** The domain name representing the HMAC-SHA512 algorithm. */
+  /**
+   * The domain name representing the HMAC-SHA512 algorithm.
+   *
+   * @see <a href="https://datatracker.ietf.org/doc/html/rfc8945">RFC 8945</a>
+   */
   public static final Name HMAC_SHA512 = Name.fromConstantString("hmac-sha512.");
 
+  /**
+   * The domain name representing the HMAC-SHA256-128 algorithm.
+   *
+   * @see <a href="https://datatracker.ietf.org/doc/html/rfc4868">RFC 4868</a>
+   * @see <a href="https://datatracker.ietf.org/doc/html/rfc8945">RFC 8945</a>
+   * @since 3.6.3
+   */
+  public static final Name HMAC_SHA256_128 = Name.fromConstantString("hmac-sha256-128.");
+
+  /**
+   * The domain name representing the HMAC-SHA384-192 algorithm.
+   *
+   * @see <a href="https://datatracker.ietf.org/doc/html/rfc4868">RFC 4868</a>
+   * @see <a href="https://datatracker.ietf.org/doc/html/rfc8945">RFC 8945</a>
+   * @since 3.6.3
+   */
+  public static final Name HMAC_SHA384_192 = Name.fromConstantString("hmac-sha384-192.");
+
+  /**
+   * The domain name representing the HMAC-SHA512-256 algorithm.
+   *
+   * @see <a href="https://datatracker.ietf.org/doc/html/rfc4868">RFC 4868</a>
+   * @see <a href="https://datatracker.ietf.org/doc/html/rfc8945">RFC 8945</a>
+   * @since 3.6.3
+   */
+  public static final Name HMAC_SHA512_256 = Name.fromConstantString("hmac-sha512-256.");
+
   private static final Map<Name, String> algMap;
+  private static final Map<Name, Integer> algLengthMap;
+  private static final Pattern javaAlgNamePattern =
+      Pattern.compile(
+          "^Hmac(?<alg>(SHA(1|\\d{3})|MD5))(/(?<length>\\d{3}))?$", Pattern.CASE_INSENSITIVE);
 
   static {
-    Map<Name, String> out = new HashMap<>();
-    out.put(HMAC_MD5, "HmacMD5");
-    out.put(HMAC_SHA1, "HmacSHA1");
-    out.put(HMAC_SHA224, "HmacSHA224");
-    out.put(HMAC_SHA256, "HmacSHA256");
-    out.put(HMAC_SHA384, "HmacSHA384");
-    out.put(HMAC_SHA512, "HmacSHA512");
-    algMap = Collections.unmodifiableMap(out);
+    Map<Name, String> names = new TreeMap<>();
+    names.put(HMAC_MD5, "HmacMD5");
+    names.put(HMAC_SHA1, "HmacSHA1");
+    names.put(HMAC_SHA224, "HmacSHA224");
+    names.put(HMAC_SHA256, "HmacSHA256");
+    names.put(HMAC_SHA384, "HmacSHA384");
+    names.put(HMAC_SHA512, "HmacSHA512");
+    // These must always be after the non-truncated versions
+    names.put(HMAC_SHA256_128, "HmacSHA256");
+    names.put(HMAC_SHA384_192, "HmacSHA384");
+    names.put(HMAC_SHA512_256, "HmacSHA512");
+    algMap = Collections.unmodifiableMap(names);
+
+    Map<Name, Integer> lengths = new HashMap<>();
+    lengths.put(HMAC_MD5, 16);
+    lengths.put(HMAC_SHA1, 20);
+    lengths.put(HMAC_SHA224, 28);
+    lengths.put(HMAC_SHA256, 32);
+    lengths.put(HMAC_SHA384, 48);
+    lengths.put(HMAC_SHA512, 64);
+    lengths.put(HMAC_SHA256_128, 16);
+    lengths.put(HMAC_SHA384_192, 24);
+    lengths.put(HMAC_SHA512_256, 32);
+    algLengthMap = Collections.unmodifiableMap(lengths);
   }
 
+  /**
+   * Convert an algorithm String to its equivalent Name.
+   *
+   * @param alg String containing name of algorithm.
+   * @return Name object for algorithm
+   * @throws IllegalArgumentException The algorithm is null or invalid.
+   */
   public static Name algorithmToName(String alg) {
-    for (Map.Entry<Name, String> entry : algMap.entrySet()) {
-      if (alg.equalsIgnoreCase(entry.getValue())) {
-        return entry.getKey();
+    if (alg == null) {
+      throw new IllegalArgumentException("Null algorithm");
+    }
+
+    // Handle Java algorithm names
+    if (!alg.contains("-")) {
+      Matcher m = javaAlgNamePattern.matcher(alg);
+      if (m.matches()) {
+        alg = "hmac-" + m.group("alg");
+        String truncatedLength = m.group("length");
+        if (truncatedLength != null) {
+          alg += "-" + truncatedLength;
+        }
       }
     }
-    throw new IllegalArgumentException("Unknown algorithm: " + alg);
+
+    if (!alg.endsWith(".")) {
+      alg += ".";
+    }
+
+    Name nameAlg;
+    try {
+      nameAlg = Name.fromString(alg);
+    } catch (TextParseException e) {
+      throw new IllegalArgumentException(e);
+    }
+
+    // Special case, allow "hmac-md5" as an alias for the RFC name.
+    if (nameAlg.equals(Name.fromConstantString("hmac-md5."))) {
+      return HMAC_MD5;
+    }
+
+    // Make sure we understand this name
+    if (algMap.get(nameAlg) == null) {
+      throw new IllegalArgumentException("Unknown algorithm: " + nameAlg);
+    }
+
+    return nameAlg;
   }
 
+  /**
+   * Convert an algorithm Name to a string.
+   *
+   * @param name Name object
+   * @return String equivalent
+   * @deprecated Returns java algorithm name, will be made private in 4.0
+   */
+  @Deprecated
   public static String nameToAlgorithm(Name name) {
     String alg = algMap.get(name);
     if (alg != null) {
@@ -245,12 +372,26 @@ public TSIG(Name algorithm, String name, String key) {
   /**
    * Creates a new TSIG object, which can be used to sign or verify a message.
    *
+   * @param algorithm The RFC8945 algorithm name of the shared key. The legal values are:
+   *     <ul>
+   *       <li>hmac-md5.sig-alg.reg.int.
+   *       <li>hmac-md5. (alias for hmac-md5.sig-alg.reg.int.)
+   *       <li>hmac-sha1.
+   *       <li>hmac-sha224.
+   *       <li>hmac-sha256.
+   *       <li>hmac-sha256-128.
+   *       <li>hmac-sha384.
+   *       <li>hmac-sha384-192.
+   *       <li>hmac-sha512.
+   *       <li>hmac-sha512-256.
+   *     </ul>
+   *     The trailing &quot;.&quot; can be omitted.
    * @param name The name of the shared key.
-   * @param algorithm The algorithm of the shared key. The legal values are "hmac-md5", "hmac-sha1",
-   *     "hmac-sha224", "hmac-sha256", "hmac-sha384", and "hmac-sha512".
    * @param key The shared key's data represented as a base64 encoded string.
    * @throws IllegalArgumentException The key name is an invalid name
    * @throws IllegalArgumentException The key data is improperly encoded
+   * @see <a href="https://datatracker.ietf.org/doc/html/rfc8945">RFC 8945</a>
+   * @apiNote Do NOT use the MD5 algorithms anymore.
    */
   public TSIG(String algorithm, String name, String key) {
     this(algorithmToName(algorithm), name, key);
@@ -323,28 +464,35 @@ public TSIGRecord generate(Message m, byte[] b, int error, TSIGRecord old) {
    */
   public TSIGRecord generate(
       Message m, byte[] b, int error, TSIGRecord old, boolean fullSignature) {
-    Instant timeSigned;
-    if (error == Rcode.BADTIME) {
-      timeSigned = old.getTimeSigned();
-    } else {
-      timeSigned = clock.instant();
-    }
-
-    boolean signing = false;
     Mac hmac = null;
     if (error == Rcode.NOERROR || error == Rcode.BADTIME || error == Rcode.BADTRUNC) {
-      signing = true;
       hmac = initHmac();
     }
 
-    Duration fudge;
-    int fudgeOption = Options.intValue("tsigfudge");
-    if (fudgeOption < 0 || fudgeOption > 0x7FFF) {
-      fudge = FUDGE;
-    } else {
-      fudge = Duration.ofSeconds(fudgeOption);
-    }
+    return generate(m, b, error, old, fullSignature, hmac);
+  }
+
+  /**
+   * Generates a TSIG record with a specific error for a message that has been rendered.
+   *
+   * @param m The message
+   * @param b The rendered message
+   * @param error The error
+   * @param old If this message is a response, the TSIG from the request
+   * @param fullSignature {@code true} if this {@link TSIGRecord} is the to be added to the first of
+   *     many messages in a TCP connection and all TSIG variables (rfc2845, 3.4.2.) should be
+   *     included in the signature. {@code false} for subsequent messages with reduced TSIG
+   *     variables set (rfc2845, 4.4.).
+   * @param hmac A mac instance to reuse for a stream of messages to sign, e.g. when doing a zone
+   *     transfer.
+   * @return The TSIG record to be added to the message
+   */
+  private TSIGRecord generate(
+      Message m, byte[] b, int error, TSIGRecord old, boolean fullSignature, Mac hmac) {
+    Instant timeSigned = getTimeSigned(error, old);
+    Duration fudge = getTsigFudge();
 
+    boolean signing = hmac != null;
     if (old != null && signing) {
       hmacAddSignature(hmac, old);
     }
@@ -367,7 +515,7 @@ public TSIGRecord generate(
       alg.toWireCanonical(out);
     }
 
-    writeTsigTimersVariables(timeSigned, fudge, out);
+    writeTsigTimerVariables(timeSigned, fudge, out);
     if (fullSignature) {
       out.writeU16(error);
       out.writeU16(0); /* No other data */
@@ -380,6 +528,9 @@ public TSIGRecord generate(
         log.trace(hexdump.dump("TSIG-HMAC variables", tsigVariables));
       }
       signature = hmac.doFinal(tsigVariables);
+      if (signature.length > algLengthMap.get(alg)) {
+        signature = Arrays.copyOfRange(signature, 0, algLengthMap.get(alg));
+      }
     } else {
       signature = new byte[0];
     }
@@ -404,6 +555,15 @@ public TSIGRecord generate(
         other);
   }
 
+  private Instant getTimeSigned(int error, TSIGRecord old) {
+    return error == Rcode.BADTIME ? old.getTimeSigned() : clock.instant();
+  }
+
+  private static Duration getTsigFudge() {
+    int fudgeOption = Options.intValue("tsigfudge");
+    return fudgeOption < 0 || fudgeOption > 0x7FFF ? FUDGE : Duration.ofSeconds(fudgeOption);
+  }
+
   /**
    * Generates a TSIG record for a message and adds it to the message
    *
@@ -476,6 +636,8 @@ public void applyStream(Message m, TSIGRecord old, boolean fullSignature) {
    * TSIG is expected to be present, it is an error if one is not present. After calling this
    * routine, Message.isVerified() may be called on this message.
    *
+   * <p>Use {@link StreamVerifier} to validate multiple messages in a stream.
+   *
    * @param m The message
    * @param b An array containing the message in unparsed form. This is necessary since TSIG signs
    *     the message in wire format, and we can't recreate the exact wire format (with the same name
@@ -496,16 +658,18 @@ public byte verify(Message m, byte[] b, int length, TSIGRecord old) {
    * TSIG is expected to be present, it is an error if one is not present. After calling this
    * routine, Message.isVerified() may be called on this message.
    *
+   * <p>Use {@link StreamVerifier} to validate multiple messages in a stream.
+   *
    * @param m The message to verify
-   * @param b An array containing the message in unparsed form. This is necessary since TSIG signs
-   *     the message in wire format, and we can't recreate the exact wire format (with the same name
-   *     compression).
-   * @param old If this message is a response, the TSIG from the request
+   * @param messageBytes An array containing the message in unparsed form. This is necessary since
+   *     TSIG signs the message in wire format, and we can't recreate the exact wire format (with
+   *     the same name compression).
+   * @param requestTSIG If this message is a response, the TSIG from the request
    * @return The result of the verification (as an Rcode)
    * @see Rcode
    */
-  public int verify(Message m, byte[] b, TSIGRecord old) {
-    return verify(m, b, old, true);
+  public int verify(Message m, byte[] messageBytes, TSIGRecord requestTSIG) {
+    return verify(m, messageBytes, requestTSIG, true);
   }
 
   /**
@@ -513,11 +677,13 @@ public int verify(Message m, byte[] b, TSIGRecord old) {
    * TSIG is expected to be present, it is an error if one is not present. After calling this
    * routine, Message.isVerified() may be called on this message.
    *
+   * <p>Use {@link StreamVerifier} to validate multiple messages in a stream.
+   *
    * @param m The message to verify
-   * @param b An array containing the message in unparsed form. This is necessary since TSIG signs
-   *     the message in wire format, and we can't recreate the exact wire format (with the same name
-   *     compression).
-   * @param old If this message is a response, the TSIG from the request
+   * @param messageBytes An array containing the message in unparsed form. This is necessary since
+   *     TSIG signs the message in wire format, and we can't recreate the exact wire format (with
+   *     the same name compression).
+   * @param requestTSIG If this message is a response, the TSIG from the request
    * @param fullSignature {@code true} if this message is the first of many in a TCP connection and
    *     all TSIG variables (rfc2845, 3.4.2.) should be included in the signature. {@code false} for
    *     subsequent messages with reduced TSIG variables set (rfc2845, 4.4.).
@@ -525,7 +691,28 @@ public int verify(Message m, byte[] b, TSIGRecord old) {
    * @see Rcode
    * @since 3.2
    */
-  public int verify(Message m, byte[] b, TSIGRecord old, boolean fullSignature) {
+  public int verify(Message m, byte[] messageBytes, TSIGRecord requestTSIG, boolean fullSignature) {
+    return verify(m, messageBytes, requestTSIG, fullSignature, null);
+  }
+
+  /**
+   * Verifies a TSIG record on an incoming message. Since this is only called in the context where a
+   * TSIG is expected to be present, it is an error if one is not present. After calling this
+   * routine, Message.isVerified() may be called on this message.
+   *
+   * @param m The message to verify
+   * @param messageBytes An array containing the message in unparsed form. This is necessary since
+   *     TSIG signs the message in wire format, and we can't recreate the exact wire format (with
+   *     the same name compression).
+   * @param requestTSIG If this message is a response, the TSIG from the request
+   * @param fullSignature {@code true} if this message is the first of many in a TCP connection and
+   *     all TSIG variables (rfc2845, 3.4.2.) should be included in the signature. {@code false} for
+   *     subsequent messages with reduced TSIG variables set (rfc2845, 4.4.).
+   * @return The result of the verification (as an Rcode)
+   * @see Rcode
+   */
+  private int verify(
+      Message m, byte[] messageBytes, TSIGRecord requestTSIG, boolean fullSignature, Mac hmac) {
     m.tsigState = Message.TSIG_FAILED;
     TSIGRecord tsig = m.getTSIG();
     if (tsig == null) {
@@ -534,7 +721,8 @@ public int verify(Message m, byte[] b, TSIGRecord old, boolean fullSignature) {
 
     if (!tsig.getName().equals(name) || !tsig.getAlgorithm().equals(alg)) {
       log.debug(
-          "BADKEY failure, expected: {}/{}, actual: {}/{}",
+          "BADKEY failure on message id {}, expected: {}/{}, actual: {}/{}",
+          m.getHeader().getID(),
           name,
           alg,
           tsig.getName(),
@@ -542,9 +730,12 @@ public int verify(Message m, byte[] b, TSIGRecord old, boolean fullSignature) {
       return Rcode.BADKEY;
     }
 
-    Mac hmac = initHmac();
-    if (old != null && tsig.getError() != Rcode.BADKEY && tsig.getError() != Rcode.BADSIG) {
-      hmacAddSignature(hmac, old);
+    if (hmac == null) {
+      hmac = initHmac();
+    }
+
+    if (requestTSIG != null && tsig.getError() != Rcode.BADKEY && tsig.getError() != Rcode.BADSIG) {
+      hmacAddSignature(hmac, requestTSIG);
     }
 
     m.getHeader().decCount(Section.ADDITIONAL);
@@ -557,10 +748,31 @@ public int verify(Message m, byte[] b, TSIGRecord old, boolean fullSignature) {
 
     int len = m.tsigstart - header.length;
     if (log.isTraceEnabled()) {
-      log.trace(hexdump.dump("TSIG-HMAC message after header", b, header.length, len));
+      log.trace(hexdump.dump("TSIG-HMAC message after header", messageBytes, header.length, len));
+    }
+    hmac.update(messageBytes, header.length, len);
+
+    byte[] tsigVariables = getTsigVariables(fullSignature, tsig);
+    hmac.update(tsigVariables);
+
+    byte[] signature = tsig.getSignature();
+    int badsig = verifySignature(hmac, signature);
+    if (badsig != Rcode.NOERROR) {
+      return badsig;
     }
-    hmac.update(b, header.length, len);
 
+    // validate time after the signature, as per
+    // https://datatracker.ietf.org/doc/html/rfc8945#section-5.4
+    int badtime = verifyTime(tsig);
+    if (badtime != Rcode.NOERROR) {
+      return badtime;
+    }
+
+    m.tsigState = Message.TSIG_VERIFIED;
+    return Rcode.NOERROR;
+  }
+
+  private static byte[] getTsigVariables(boolean fullSignature, TSIGRecord tsig) {
     DNSOutput out = new DNSOutput();
     if (fullSignature) {
       tsig.getName().toWireCanonical(out);
@@ -568,7 +780,7 @@ public int verify(Message m, byte[] b, TSIGRecord old, boolean fullSignature) {
       out.writeU32(tsig.ttl);
       tsig.getAlgorithm().toWireCanonical(out);
     }
-    writeTsigTimersVariables(tsig.getTimeSigned(), tsig.getFudge(), out);
+    writeTsigTimerVariables(tsig.getTimeSigned(), tsig.getFudge(), out);
     if (fullSignature) {
       out.writeU16(tsig.getError());
       if (tsig.getOther() != null) {
@@ -583,9 +795,10 @@ public int verify(Message m, byte[] b, TSIGRecord old, boolean fullSignature) {
     if (log.isTraceEnabled()) {
       log.trace(hexdump.dump("TSIG-HMAC variables", tsigVariables));
     }
-    hmac.update(tsigVariables);
+    return tsigVariables;
+  }
 
-    byte[] signature = tsig.getSignature();
+  private int verifySignature(Mac hmac, byte[] signature) {
     int digestLength = hmac.getMacLength();
 
     // rfc4635#section-3.1, 4.:
@@ -605,6 +818,10 @@ public int verify(Message m, byte[] b, TSIGRecord old, boolean fullSignature) {
       return Rcode.BADSIG;
     } else {
       byte[] expectedSignature = hmac.doFinal();
+      if (expectedSignature.length > algLengthMap.get(alg)) {
+        expectedSignature = Arrays.copyOfRange(expectedSignature, 0, algLengthMap.get(alg));
+      }
+
       if (!verify(expectedSignature, signature)) {
         if (log.isDebugEnabled()) {
           log.debug(
@@ -615,9 +832,10 @@ public int verify(Message m, byte[] b, TSIGRecord old, boolean fullSignature) {
         return Rcode.BADSIG;
       }
     }
+    return Rcode.NOERROR;
+  }
 
-    // validate time after the signature, as per
-    // https://tools.ietf.org/html/draft-ietf-dnsop-rfc2845bis-08#section-5.4.3
+  private int verifyTime(TSIGRecord tsig) {
     Instant now = clock.instant();
     Duration delta = Duration.between(now, tsig.getTimeSigned()).abs();
     if (delta.compareTo(tsig.getFudge()) > 0) {
@@ -628,8 +846,6 @@ public int verify(Message m, byte[] b, TSIGRecord old, boolean fullSignature) {
           tsig.getFudge());
       return Rcode.BADTIME;
     }
-
-    m.tsigState = Message.TSIG_VERIFIED;
     return Rcode.NOERROR;
   }
 
@@ -643,7 +859,8 @@ public int recordLength() {
         + 10
         + alg.length()
         + 8 // time signed, fudge
-        + 18 // 2 byte MAC length, 16 byte MAC
+        + 2 // 2 byte MAC length
+        + algLengthMap.get(alg)
         + 4 // original id, error
         + 8; // 2 byte error length, 6 byte max error field.
   }
@@ -659,7 +876,7 @@ private static void hmacAddSignature(Mac hmac, TSIGRecord tsig) {
     hmac.update(tsig.getSignature());
   }
 
-  private static void writeTsigTimersVariables(Instant instant, Duration fudge, DNSOutput out) {
+  private static void writeTsigTimerVariables(Instant instant, Duration fudge, DNSOutput out) {
     writeTsigTime(instant, out);
     out.writeU16((int) fudge.getSeconds());
   }
@@ -672,58 +889,198 @@ private static void writeTsigTime(Instant instant, DNSOutput out) {
     out.writeU32(timeLow);
   }
 
+  /**
+   * A utility class for generating signed message responses.
+   *
+   * @since 3.5.3
+   */
+  public static class StreamGenerator {
+    private final TSIG key;
+    private final Mac sharedHmac;
+    private final int signEveryNthMessage;
+
+    private int numGenerated;
+    private TSIGRecord lastTsigRecord;
+
+    /**
+     * Creates an instance to sign multiple message for use in a stream.
+     *
+     * <p>This class creates a {@link TSIGRecord} on every message to conform with <a
+     * href="https://datatracker.ietf.org/doc/html/rfc8945#section-5.3.1">RFC 8945, 5.3.1</a>.
+     *
+     * @param key The TSIG key used to create the signature records.
+     * @param queryTsig The initial TSIG records, e.g. from a query to a server.
+     */
+    public StreamGenerator(TSIG key, TSIGRecord queryTsig) {
+      // The TSIG MUST be included on all DNS messages in the response.
+      this(key, queryTsig, 1);
+    }
+
+    /**
+     * This constructor is <b>only</b> for unit-testing {@link StreamVerifier} with responses where
+     * not every message is signed.
+     */
+    StreamGenerator(TSIG key, TSIGRecord queryTsig, int signEveryNthMessage) {
+      if (signEveryNthMessage < 1 || signEveryNthMessage > 100) {
+        throw new IllegalArgumentException("signEveryNthMessage must be between 1 and 100");
+      }
+
+      this.key = key;
+      this.lastTsigRecord = queryTsig;
+      this.signEveryNthMessage = signEveryNthMessage;
+      sharedHmac = this.key.initHmac();
+    }
+
+    /**
+     * Generate TSIG a signature for use of the message in a stream.
+     *
+     * @param message The message to sign.
+     */
+    public void generate(Message message) {
+      generate(message, true);
+    }
+
+    void generate(Message message, boolean isLastMessage) {
+      boolean isNthMessage = numGenerated % signEveryNthMessage == 0;
+      boolean isFirstMessage = numGenerated == 0;
+      if (isFirstMessage || isNthMessage || isLastMessage) {
+        TSIGRecord r =
+            key.generate(
+                message,
+                message.toWire(),
+                Rcode.NOERROR,
+                isFirstMessage ? lastTsigRecord : null,
+                isFirstMessage,
+                sharedHmac);
+        message.addRecord(r, Section.ADDITIONAL);
+        message.tsigState = Message.TSIG_SIGNED;
+        lastTsigRecord = r;
+        hmacAddSignature(sharedHmac, r);
+      } else {
+        byte[] responseBytes = message.toWire(Message.MAXLENGTH);
+        sharedHmac.update(responseBytes);
+      }
+
+      numGenerated++;
+    }
+  }
+
+  /** A utility class for verifying multiple message responses. */
   public static class StreamVerifier {
-    /** A helper class for verifying multiple message responses. */
     private final TSIG key;
+    private final Mac sharedHmac;
+    private final TSIGRecord queryTsig;
 
     private int nresponses;
     private int lastsigned;
-    private TSIGRecord lastTSIG;
+
+    /** {@code null} or the detailed error when validation failed due to a {@link Rcode#FORMERR}. */
+    @Getter private String errorMessage;
 
     /** Creates an object to verify a multiple message response */
     public StreamVerifier(TSIG tsig, TSIGRecord queryTsig) {
       key = tsig;
+      sharedHmac = key.initHmac();
       nresponses = 0;
-      lastTSIG = queryTsig;
+      this.queryTsig = queryTsig;
     }
 
     /**
      * Verifies a TSIG record on an incoming message that is part of a multiple message response.
      * TSIG records must be present on the first and last messages, and at least every 100 records
-     * in between. After calling this routine, Message.isVerified() may be called on this message.
+     * in between. After calling this routine,{@link Message#isVerified()} may be called on this
+     * message.
+     *
+     * <p>This overload assumes that the verified message is not the last one, which is required to
+     * have a {@link TSIGRecord}. Use {@link #verify(Message, byte[], boolean)} to explicitly
+     * specify the last message or check that the message is verified with {@link
+     * Message#isVerified()}.
      *
-     * @param m The message
-     * @param b The message in unparsed form
+     * @param message The message
+     * @param messageBytes The message in unparsed form
      * @return The result of the verification (as an Rcode)
      * @see Rcode
      */
-    public int verify(Message m, byte[] b) {
-      TSIGRecord tsig = m.getTSIG();
+    public int verify(Message message, byte[] messageBytes) {
+      return verify(message, messageBytes, false);
+    }
 
+    /**
+     * Verifies a TSIG record on an incoming message that is part of a multiple message response.
+     * TSIG records must be present on the first and last messages, and at least every 100 records
+     * in between. After calling this routine, {@link Message#isVerified()} may be called on this
+     * message.
+     *
+     * @param message The message
+     * @param messageBytes The message in unparsed form
+     * @param isLastMessage If true, verifies that the {@link Message} has an {@link TSIGRecord}.
+     * @return The result of the verification (as an Rcode)
+     * @see Rcode
+     * @since 3.5.3
+     */
+    public int verify(Message message, byte[] messageBytes, boolean isLastMessage) {
+      final String warningPrefix = "FORMERR: {}";
+      TSIGRecord tsig = message.getTSIG();
+
+      // https://datatracker.ietf.org/doc/html/rfc8945#section-5.3.1
+      // [...] a client that receives DNS messages and verifies TSIG MUST accept up to 99
+      // intermediary messages without a TSIG and MUST verify that both the first and last message
+      // contain a TSIG.
       nresponses++;
       if (nresponses == 1) {
-        int result = key.verify(m, b, lastTSIG);
-        lastTSIG = tsig;
-        return result;
+        if (tsig != null) {
+          int result = key.verify(message, messageBytes, queryTsig, true, sharedHmac);
+          hmacAddSignature(sharedHmac, tsig);
+          lastsigned = nresponses;
+          return result;
+        } else {
+          errorMessage = "missing required signature on first message";
+          log.debug(warningPrefix, errorMessage);
+          message.tsigState = Message.TSIG_FAILED;
+          return Rcode.FORMERR;
+        }
       }
 
       if (tsig != null) {
-        int result = key.verify(m, b, lastTSIG, false);
+        int result = key.verify(message, messageBytes, null, false, sharedHmac);
         lastsigned = nresponses;
-        lastTSIG = tsig;
+        hmacAddSignature(sharedHmac, tsig);
         return result;
       } else {
         boolean required = nresponses - lastsigned >= 100;
         if (required) {
-          log.debug("FORMERR: missing required signature on {}th message", nresponses);
-          m.tsigState = Message.TSIG_FAILED;
+          errorMessage = "Missing required signature on message #" + nresponses;
+          log.debug(warningPrefix, errorMessage);
+          message.tsigState = Message.TSIG_FAILED;
+          return Rcode.FORMERR;
+        } else if (isLastMessage) {
+          errorMessage = "Missing required signature on last message";
+          log.debug(warningPrefix, errorMessage);
+          message.tsigState = Message.TSIG_FAILED;
           return Rcode.FORMERR;
         } else {
-          log.trace("Intermediate message {} without signature", nresponses);
-          m.tsigState = Message.TSIG_INTERMEDIATE;
+          errorMessage = "Intermediate message #" + nresponses + " without signature";
+          log.debug(warningPrefix, errorMessage);
+          addUnsignedMessageToMac(message, messageBytes, sharedHmac);
           return Rcode.NOERROR;
         }
       }
     }
+
+    private void addUnsignedMessageToMac(Message m, byte[] messageBytes, Mac hmac) {
+      byte[] header = m.getHeader().toWire();
+      if (log.isTraceEnabled()) {
+        log.trace(hexdump.dump("TSIG-HMAC header", header));
+      }
+
+      hmac.update(header);
+      int len = messageBytes.length - header.length;
+      if (log.isTraceEnabled()) {
+        log.trace(hexdump.dump("TSIG-HMAC message after header", messageBytes, header.length, len));
+      }
+
+      hmac.update(messageBytes, header.length, len);
+      m.tsigState = Message.TSIG_INTERMEDIATE;
+    }
   }
 }
diff --git a/src/main/java/org/xbill/DNS/TSIGRecord.java b/src/main/java/org/xbill/DNS/TSIGRecord.java
index 2296994ab..533440e95 100644
--- a/src/main/java/org/xbill/DNS/TSIGRecord.java
+++ b/src/main/java/org/xbill/DNS/TSIGRecord.java
@@ -15,7 +15,7 @@
  *
  * @see Resolver
  * @see TSIG
- * @see <a href="https://tools.ietf.org/html/rfc2845">RFC 2845: Secret Key Transaction
+ * @see <a href="https://datatracker.ietf.org/doc/html/rfc2845">RFC 2845: Secret Key Transaction
  *     Authentication for DNS (TSIG)</a>
  * @author Brian Wellington
  */
@@ -140,7 +140,7 @@ protected String rrToString() {
     StringBuilder sb = new StringBuilder();
     sb.append(alg);
     sb.append(" ");
-    if (Options.check("multiline")) {
+    if (Options.multiline()) {
       sb.append("(\n\t");
     }
 
@@ -149,7 +149,7 @@ protected String rrToString() {
     sb.append((int) fudge.getSeconds());
     sb.append(" ");
     sb.append(signature.length);
-    if (Options.check("multiline")) {
+    if (Options.multiline()) {
       sb.append("\n");
       sb.append(base64.formatString(signature, 64, "\t", false));
     } else {
@@ -163,7 +163,7 @@ protected String rrToString() {
       sb.append(0);
     } else {
       sb.append(other.length);
-      if (Options.check("multiline")) {
+      if (Options.multiline()) {
         sb.append("\n\n\n\t");
       } else {
         sb.append(" ");
@@ -175,7 +175,7 @@ protected String rrToString() {
           long time =
               ((long) (other[0] & 0xFF) << 40)
                   + ((long) (other[1] & 0xFF) << 32)
-                  + ((other[2] & 0xFF) << 24)
+                  + ((long) (other[2] & 0xFF) << 24)
                   + ((other[3] & 0xFF) << 16)
                   + ((other[4] & 0xFF) << 8)
                   + (other[5] & 0xFF);
@@ -189,7 +189,7 @@ protected String rrToString() {
         sb.append(">");
       }
     }
-    if (Options.check("multiline")) {
+    if (Options.multiline()) {
       sb.append(" )");
     }
     return sb.toString();
diff --git a/src/main/java/org/xbill/DNS/TTL.java b/src/main/java/org/xbill/DNS/TTL.java
index 76197d79a..0a5c6111e 100644
--- a/src/main/java/org/xbill/DNS/TTL.java
+++ b/src/main/java/org/xbill/DNS/TTL.java
@@ -31,8 +31,9 @@ static void check(long i) {
    * @return The value as a number of seconds
    * @throws NumberFormatException The string was not in a valid TTL format.
    */
+  @SuppressWarnings("fallthrough")
   public static long parse(String s, boolean clamp) {
-    if (s == null || s.length() == 0 || !Character.isDigit(s.charAt(0))) {
+    if (s == null || s.isEmpty() || !Character.isDigit(s.charAt(0))) {
       throw new NumberFormatException();
     }
     long value = 0;
@@ -94,16 +95,15 @@ public static long parseTTL(String s) {
   public static String format(long ttl) {
     TTL.check(ttl);
     StringBuilder sb = new StringBuilder();
-    long secs, mins, hours, days, weeks;
-    secs = ttl % 60;
+    long secs = ttl % 60;
     ttl /= 60;
-    mins = ttl % 60;
+    long mins = ttl % 60;
     ttl /= 60;
-    hours = ttl % 24;
+    long hours = ttl % 24;
     ttl /= 24;
-    days = ttl % 7;
+    long days = ttl % 7;
     ttl /= 7;
-    weeks = ttl;
+    long weeks = ttl;
     if (weeks > 0) {
       sb.append(weeks).append("W");
     }
diff --git a/src/main/java/org/xbill/DNS/TXTBase.java b/src/main/java/org/xbill/DNS/TXTBase.java
index 0991f2425..96694b12a 100644
--- a/src/main/java/org/xbill/DNS/TXTBase.java
+++ b/src/main/java/org/xbill/DNS/TXTBase.java
@@ -62,7 +62,7 @@ protected void rdataFromString(Tokenizer st, Name origin) throws IOException {
         break;
       }
       try {
-        strings.add(byteArrayFromString(t.value));
+        strings.add(byteArrayFromString(t.value()));
       } catch (TextParseException e) {
         throw st.exception(e.getMessage());
       }
@@ -73,6 +73,10 @@ protected void rdataFromString(Tokenizer st, Name origin) throws IOException {
   /** converts to a String */
   @Override
   protected String rrToString() {
+    if (strings.isEmpty()) {
+      // always return at least an empty quoted String
+      return "\"\"";
+    }
     StringBuilder sb = new StringBuilder();
     Iterator<byte[]> it = strings.iterator();
     while (it.hasNext()) {
diff --git a/src/main/java/org/xbill/DNS/TXTRecord.java b/src/main/java/org/xbill/DNS/TXTRecord.java
index 6f338e45b..221555f22 100644
--- a/src/main/java/org/xbill/DNS/TXTRecord.java
+++ b/src/main/java/org/xbill/DNS/TXTRecord.java
@@ -9,8 +9,8 @@
  * Text - stores text strings
  *
  * @author Brian Wellington
- * @see <a href="https://tools.ietf.org/html/rfc1035">RFC 1035: Domain Names - Implementation and
- *     Specification</a>
+ * @see <a href="https://datatracker.ietf.org/doc/html/rfc1035">RFC 1035: Domain Names -
+ *     Implementation and Specification</a>
  */
 public class TXTRecord extends TXTBase {
   TXTRecord() {}
diff --git a/src/main/java/org/xbill/DNS/TcpKeepaliveOption.java b/src/main/java/org/xbill/DNS/TcpKeepaliveOption.java
index ea4269872..f9e279f03 100644
--- a/src/main/java/org/xbill/DNS/TcpKeepaliveOption.java
+++ b/src/main/java/org/xbill/DNS/TcpKeepaliveOption.java
@@ -7,7 +7,7 @@
 import java.util.OptionalInt;
 
 /**
- * TCP Keepalive EDNS0 Option, as defined in https://tools.ietf.org/html/rfc7828
+ * TCP Keepalive EDNS0 Option, as defined in https://datatracker.ietf.org/doc/html/rfc7828
  *
  * @see OPTRecord
  * @author Klaus Malorny
diff --git a/src/main/java/org/xbill/DNS/TextParseException.java b/src/main/java/org/xbill/DNS/TextParseException.java
index d58eebf64..642431146 100644
--- a/src/main/java/org/xbill/DNS/TextParseException.java
+++ b/src/main/java/org/xbill/DNS/TextParseException.java
@@ -20,12 +20,20 @@ public TextParseException(String s) {
     super(s);
   }
 
-  /** @since 3.5 */
+  /**
+   * Create an instance with preformatted message.
+   *
+   * @since 3.5
+   */
   public TextParseException(String name, String message) {
     super("'" + name + "': " + message);
   }
 
-  /** @since 3.5 */
+  /**
+   * Create an instance with preformatted message and inner exception.
+   *
+   * @since 3.5
+   */
   public TextParseException(String name, String message, Exception inner) {
     super("'" + name + "': " + message, inner);
   }
diff --git a/src/main/java/org/xbill/DNS/TimeoutCompletableFuture.java b/src/main/java/org/xbill/DNS/TimeoutCompletableFuture.java
index 24796df6a..e2ae60f64 100644
--- a/src/main/java/org/xbill/DNS/TimeoutCompletableFuture.java
+++ b/src/main/java/org/xbill/DNS/TimeoutCompletableFuture.java
@@ -1,8 +1,6 @@
 // SPDX-License-Identifier: BSD-3-Clause
 package org.xbill.DNS;
 
-import java.lang.reflect.InvocationTargetException;
-import java.lang.reflect.Method;
 import java.util.concurrent.CompletableFuture;
 import java.util.concurrent.ScheduledFuture;
 import java.util.concurrent.ScheduledThreadPoolExecutor;
@@ -10,57 +8,28 @@
 import java.util.concurrent.TimeoutException;
 import lombok.extern.slf4j.Slf4j;
 
-/**
- * Utility class to backport {@code orTimeout} to Java 8 with a custom implementation. On Java 9+
- * the built-in method is called.
- */
+/** Utility class to backport {@code orTimeout} to Java 8 with a custom implementation. */
 @Slf4j
 class TimeoutCompletableFuture<T> extends CompletableFuture<T> {
-  private static final Method orTimeoutMethod;
-
-  static {
-    Method localOrTimeoutMethod;
-    if (!System.getProperty("java.version").startsWith("1.")) {
-      try {
-        localOrTimeoutMethod =
-            CompletableFuture.class.getMethod("orTimeout", long.class, TimeUnit.class);
-      } catch (NoSuchMethodException e) {
-        localOrTimeoutMethod = null;
-        log.warn(
-            "CompletableFuture.orTimeout method not found in Java 9+, using custom implementation",
-            e);
-      }
-    } else {
-      localOrTimeoutMethod = null;
-    }
-    orTimeoutMethod = localOrTimeoutMethod;
-  }
-
   public CompletableFuture<T> compatTimeout(long timeout, TimeUnit unit) {
     return compatTimeout(this, timeout, unit);
   }
 
-  @SuppressWarnings("unchecked")
   public static <T> CompletableFuture<T> compatTimeout(
       CompletableFuture<T> f, long timeout, TimeUnit unit) {
-    if (orTimeoutMethod == null) {
-      return orTimeout(f, timeout, unit);
-    } else {
-      try {
-        return (CompletableFuture<T>) orTimeoutMethod.invoke(f, timeout, unit);
-      } catch (IllegalAccessException | InvocationTargetException e) {
-        return orTimeout(f, timeout, unit);
-      }
+    if (timeout <= 0) {
+      f.completeExceptionally(new TimeoutException("timeout is " + timeout + ", but must be > 0"));
     }
-  }
 
-  private static <T> CompletableFuture<T> orTimeout(
-      CompletableFuture<T> f, long timeout, TimeUnit unit) {
     ScheduledFuture<?> sf =
         TimeoutScheduler.executor.schedule(
             () -> {
               if (!f.isDone()) {
-                f.completeExceptionally(new TimeoutException());
+                f.completeExceptionally(
+                    new TimeoutException(
+                        "Timeout of "
+                            + unit.toMillis(timeout)
+                            + "ms has elapsed before the task completed"));
               }
             },
             timeout,
diff --git a/src/main/java/org/xbill/DNS/Tokenizer.java b/src/main/java/org/xbill/DNS/Tokenizer.java
index 4e6db7c58..f2d3ae49b 100644
--- a/src/main/java/org/xbill/DNS/Tokenizer.java
+++ b/src/main/java/org/xbill/DNS/Tokenizer.java
@@ -38,10 +38,14 @@
  * @author Brian Wellington
  * @author Bob Halley
  */
+@SuppressWarnings({
+  "deprecated",
+  "java:S1874", // deprecated usage of type/value
+})
 public class Tokenizer implements AutoCloseable {
 
-  private static final String delim = " \t\n;()\"";
-  private static final String quotes = "\"";
+  private static final String DEFAULT_DELIMITERS = " \t\n;()\"";
+  private static final String QUOTES = "\"";
 
   /** End of file */
   public static final int EOF = 0;
@@ -66,32 +70,52 @@ public class Tokenizer implements AutoCloseable {
   private int multiline;
   private boolean quoting;
   private String delimiters;
-  private final Token current;
-  private final StringBuffer sb;
+  private Token current;
+  private final StringBuilder sb;
   private boolean wantClose;
 
   private String filename;
   private int line;
 
   public static class Token {
-    /** The type of token. */
-    public int type;
-
-    /** The value of the token, or null for tokens without values. */
-    public String value;
-
-    private Token() {
-      type = -1;
-      value = null;
-    }
-
-    private Token set(int type, StringBuffer value) {
+    /**
+     * The type of token.
+     *
+     * @deprecated use {@link #type()}, will be made private and final in 4.0
+     */
+    @Deprecated public int type;
+
+    /**
+     * The value of the token, or null for tokens without values.
+     *
+     * @deprecated use {@link #value()}, will be made private and final in 4.0
+     */
+    @Deprecated public String value;
+
+    /**
+     * The type of token.
+     *
+     * @since 3.5.1
+     */
+    public int type() {
+      return type;
+    }
+
+    /**
+     * The value of the token, or null for tokens without values.
+     *
+     * @since 3.5.1
+     */
+    public String value() {
+      return value;
+    }
+
+    private Token(int type, StringBuilder value) {
       if (type < 0) {
         throw new IllegalArgumentException();
       }
       this.type = type;
       this.value = value == null ? null : value.toString();
-      return this;
     }
 
     /** Converts the token to a string containing a representation useful for debugging. */
@@ -139,9 +163,8 @@ public Tokenizer(InputStream is) {
     ungottenToken = false;
     multiline = 0;
     quoting = false;
-    delimiters = delim;
-    current = new Token();
-    sb = new StringBuffer();
+    delimiters = DEFAULT_DELIMITERS;
+    sb = new StringBuilder();
     filename = "<none>";
     line = 1;
   }
@@ -195,11 +218,9 @@ private int skipWhitespace() throws IOException {
     int skipped = 0;
     while (true) {
       int c = getChar();
-      if (c != ' ' && c != '\t') {
-        if (!(c == '\n' && multiline > 0)) {
-          ungetChar(c);
-          return skipped;
-        }
+      if (c != ' ' && c != '\t' && !(c == '\n' && multiline > 0)) {
+        ungetChar(c);
+        return skipped;
       }
       skipped++;
     }
@@ -243,7 +264,7 @@ public Token get(boolean wantWhitespace, boolean wantComment) throws IOException
     }
     int skipped = skipWhitespace();
     if (skipped > 0 && wantWhitespace) {
-      return current.set(WHITESPACE, null);
+      return setCurrentToken(WHITESPACE, null);
     }
     type = IDENTIFIER;
     sb.setLength(0);
@@ -254,9 +275,9 @@ public Token get(boolean wantWhitespace, boolean wantComment) throws IOException
           if (quoting) {
             throw exception("EOF in quoted string");
           } else if (sb.length() == 0) {
-            return current.set(EOF, null);
+            return setCurrentToken(EOF, null);
           } else {
-            return current.set(type, sb);
+            return setCurrentToken(type, sb);
           }
         }
         if (sb.length() == 0 && type != QUOTED_STRING) {
@@ -274,16 +295,16 @@ public Token get(boolean wantWhitespace, boolean wantComment) throws IOException
           } else if (c == '"') {
             if (!quoting) {
               quoting = true;
-              delimiters = quotes;
+              delimiters = QUOTES;
               type = QUOTED_STRING;
             } else {
               quoting = false;
-              delimiters = delim;
+              delimiters = DEFAULT_DELIMITERS;
               skipWhitespace();
             }
             continue;
           } else if (c == '\n') {
-            return current.set(EOL, null);
+            return setCurrentToken(EOL, null);
           } else if (c == ';') {
             while (true) {
               c = getChar();
@@ -294,16 +315,16 @@ public Token get(boolean wantWhitespace, boolean wantComment) throws IOException
             }
             if (wantComment) {
               ungetChar(c);
-              return current.set(COMMENT, sb);
+              return setCurrentToken(COMMENT, sb);
             } else if (c == -1 && type != QUOTED_STRING) {
               checkUnbalancedParens();
-              return current.set(EOF, null);
+              return setCurrentToken(EOF, null);
             } else if (multiline > 0) {
               skipWhitespace();
               sb.setLength(0);
               continue;
             } else {
-              return current.set(EOL, null);
+              return setCurrentToken(EOL, null);
             }
           } else {
             throw new IllegalStateException();
@@ -325,9 +346,14 @@ public Token get(boolean wantWhitespace, boolean wantComment) throws IOException
     }
     if (sb.length() == 0 && type != QUOTED_STRING) {
       checkUnbalancedParens();
-      return current.set(EOF, null);
+      return setCurrentToken(EOF, null);
     }
-    return current.set(type, sb);
+    return setCurrentToken(type, sb);
+  }
+
+  private Token setCurrentToken(int type, StringBuilder value) {
+    current = new Token(type, value);
+    return current;
   }
 
   /**
@@ -371,7 +397,7 @@ public String getString() throws IOException {
     return next.value;
   }
 
-  private String _getIdentifier(String expected) throws IOException {
+  private String getIdentifier(String expected) throws IOException {
     Token next = get();
     if (next.type != IDENTIFIER) {
       throw exception("expected " + expected);
@@ -388,7 +414,7 @@ private String _getIdentifier(String expected) throws IOException {
    * @throws IOException An I/O error occurred.
    */
   public String getIdentifier() throws IOException {
-    return _getIdentifier("an identifier");
+    return getIdentifier("an identifier");
   }
 
   /**
@@ -399,7 +425,7 @@ public String getIdentifier() throws IOException {
    * @throws IOException An I/O error occurred.
    */
   public long getLong() throws IOException {
-    String next = _getIdentifier("an integer");
+    String next = getIdentifier("an integer");
     if (!Character.isDigit(next.charAt(0))) {
       throw exception("expected an integer");
     }
@@ -419,7 +445,7 @@ public long getLong() throws IOException {
    */
   public long getUInt32() throws IOException {
     long l = getLong();
-    if (l < 0 || l > 0xFFFFFFFFL) {
+    if (!Utils.isUInt32(l)) {
       throw exception("expected an 32 bit unsigned integer");
     }
     return l;
@@ -434,7 +460,7 @@ public long getUInt32() throws IOException {
    */
   public int getUInt16() throws IOException {
     long l = getLong();
-    if (l < 0 || l > 0xFFFFL) {
+    if (!Utils.isUInt16(l)) {
       throw exception("expected an 16 bit unsigned integer");
     }
     return (int) l;
@@ -449,7 +475,7 @@ public int getUInt16() throws IOException {
    */
   public int getUInt8() throws IOException {
     long l = getLong();
-    if (l < 0 || l > 0xFFL) {
+    if (!Utils.isUInt8(l)) {
       throw exception("expected an 8 bit unsigned integer");
     }
     return (int) l;
@@ -464,7 +490,7 @@ public int getUInt8() throws IOException {
    * @see TTL
    */
   public long getTTL() throws IOException {
-    String next = _getIdentifier("a TTL value");
+    String next = getIdentifier("a TTL value");
     try {
       return TTL.parseTTL(next);
     } catch (NumberFormatException e) {
@@ -481,7 +507,7 @@ public long getTTL() throws IOException {
    * @see TTL
    */
   public long getTTLLike() throws IOException {
-    String next = _getIdentifier("a TTL-like value");
+    String next = getIdentifier("a TTL-like value");
     try {
       return TTL.parse(next, false);
     } catch (NumberFormatException e) {
@@ -500,7 +526,7 @@ public long getTTLLike() throws IOException {
    * @see Name
    */
   public Name getName(Name origin) throws IOException {
-    String next = _getIdentifier("a name");
+    String next = getIdentifier("a name");
     try {
       Name name = Name.fromString(next, origin);
       if (!name.isAbsolute()) {
@@ -522,12 +548,19 @@ public Name getName(Name origin) throws IOException {
    * @see Address
    */
   public byte[] getAddressBytes(int family) throws IOException {
-    String next = _getIdentifier("an address");
-    byte[] bytes = Address.toByteArray(next, family);
-    if (bytes == null) {
-      throw exception("Invalid address: " + next);
+    String next = getIdentifier("an address");
+    byte[] bytes = null;
+    if (family == IPAddressUtils.IPv4) {
+      bytes = IPAddressUtils.parseV4(next);
+    } else if (family == IPAddressUtils.IPv6) {
+      bytes = IPAddressUtils.parseV6(next);
     }
-    return bytes;
+
+    if (bytes != null) {
+      return bytes;
+    }
+
+    throw exception("Invalid address: " + next);
   }
 
   /**
@@ -540,7 +573,7 @@ public byte[] getAddressBytes(int family) throws IOException {
    * @see Address
    */
   public InetAddress getAddress(int family) throws IOException {
-    String next = _getIdentifier("an address");
+    String next = getIdentifier("an address");
     try {
       return Address.getByAddress(next, family);
     } catch (UnknownHostException e) {
@@ -563,14 +596,14 @@ public void getEOL() throws IOException {
 
   /** Returns a concatenation of the remaining strings from a Tokenizer. */
   private String remainingStrings() throws IOException {
-    StringBuffer buffer = null;
+    StringBuilder buffer = null;
     while (true) {
       Tokenizer.Token t = get();
       if (!t.isString()) {
         break;
       }
       if (buffer == null) {
-        buffer = new StringBuffer();
+        buffer = new StringBuilder();
       }
       buffer.append(t.value);
     }
@@ -669,7 +702,7 @@ public byte[] getHex() throws IOException {
    * @throws IOException An I/O error occurred.
    */
   public byte[] getHexString() throws IOException {
-    String next = _getIdentifier("a hex string");
+    String next = getIdentifier("a hex string");
     byte[] array = base16.fromString(next);
     if (array == null) {
       throw exception("invalid hex encoding");
@@ -686,7 +719,7 @@ public byte[] getHexString() throws IOException {
    * @throws IOException An I/O error occurred.
    */
   public byte[] getBase32String(base32 b32) throws IOException {
-    String next = _getIdentifier("a base32 string");
+    String next = getIdentifier("a base32 string");
     byte[] array = b32.fromString(next);
     if (array == null) {
       throw exception("invalid base32 encoding");
@@ -711,6 +744,7 @@ public void close() {
       try {
         is.close();
       } catch (IOException e) {
+        // ignore
       }
     }
   }
diff --git a/src/main/java/org/xbill/DNS/Type.java b/src/main/java/org/xbill/DNS/Type.java
index b87c38d28..34b732229 100644
--- a/src/main/java/org/xbill/DNS/Type.java
+++ b/src/main/java/org/xbill/DNS/Type.java
@@ -104,18 +104,18 @@ public final class Type {
   public static final int NXT = 30;
 
   /**
-   * Endpoint identifier
+   * DNS Resource Records for Nimrod Routing Architecture, Endpoint identifier.
    *
-   * @see <a href="https://tools.ietf.org/html/draft-ietf-nimrod-dns-00">DNS Resource Records for
-   *     Nimrod Routing Architecture</a>
+   * @see <a
+   *     href="https://datatracker.ietf.org/doc/draft-ietf-nimrod-dns/">draft-ietf-nimrod-dns</a>
    */
   public static final int EID = 31;
 
   /**
-   * Nimrod locator
+   * DNS Resource Records for Nimrod Routing Architecture, Nimrod locator.
    *
-   * @see <a href="https://tools.ietf.org/html/draft-ietf-nimrod-dns-00">DNS Resource Records for
-   *     Nimrod Routing Architecture</a>
+   * @see <a
+   *     href="https://datatracker.ietf.org/doc/draft-ietf-nimrod-dns/">draft-ietf-nimrod-dns</a>
    */
   public static final int NIMLOC = 32;
 
@@ -188,7 +188,8 @@ public final class Type {
   /**
    * Zone Status (ZS).
    *
-   * @see <a href="https://tools.ietf.org/html/draft-reid-dnsext-zs-01">draft-reid-dnsext-zs-01</a>
+   * @see <a
+   *     href="https://datatracker.ietf.org/doc/html/draft-reid-dnsext-zs-01">draft-reid-dnsext-zs-01</a>
    */
   public static final int NINFO = 56;
 
@@ -196,7 +197,7 @@ public final class Type {
    * RKEY DNS Resource Record, used for encryption of NAPTR records.
    *
    * @see <a
-   *     href="https://tools.ietf.org/html/draft-reid-dnsext-rkey-00">draft-reid-dnsext-rkey-00</a>
+   *     href="https://datatracker.ietf.org/doc/html/draft-reid-dnsext-zs-01">draft-reid-dnsext-rkey-01</a>
    */
   public static final int RKEY = 57;
 
@@ -204,7 +205,7 @@ public final class Type {
    * DNSSEC Trust Anchor History Service.
    *
    * @see <a
-   *     href="https://tools.ietf.org/html/draft-wijngaards-dnsop-trust-history-02">draft-wijngaards-dnsop-trust-history-02</a>
+   *     href="https://datatracker.ietf.org/doc/html/draft-wijngaards-dnsop-trust-history-02">draft-wijngaards-dnsop-trust-history-02</a>
    */
   public static final int TALINK = 58;
 
@@ -226,16 +227,14 @@ public final class Type {
   /**
    * Service Location and Parameter Binding
    *
-   * @see <a
-   *     href="https://tools.ietf.org/html/draft-ietf-dnsop-svcb-https-06">draft-ietf-dnsop-svcb-https</a>
+   * @see <a href="https://datatracker.ietf.org/doc/html/rfc9460">RFC 9460</a>
    */
   public static final int SVCB = 64;
 
   /**
    * HTTPS Service Location and Parameter Binding
    *
-   * @see <a
-   *     href="https://tools.ietf.org/html/draft-ietf-dnsop-svcb-https-06">draft-ietf-dnsop-svcb-https</a>
+   * @see <a href="https://datatracker.ietf.org/doc/html/rfc9460">RFC 9460</a>
    */
   public static final int HTTPS = 65;
 
@@ -424,7 +423,7 @@ public Supplier<Record> getFactory(int val) {
     types.add(CDNSKEY, "CDNSKEY", CDNSKEYRecord::new);
     types.add(OPENPGPKEY, "OPENPGPKEY", OPENPGPKEYRecord::new);
     types.add(CSYNC, "CSYNC");
-    types.add(ZONEMD, "ZONEMD");
+    types.add(ZONEMD, "ZONEMD", ZoneMDRecord::new);
     types.add(SVCB, "SVCB", SVCBRecord::new);
     types.add(HTTPS, "HTTPS", HTTPSRecord::new);
 
@@ -465,7 +464,7 @@ private Type() {}
    * @throws InvalidTypeException The type is out of range.
    */
   public static void check(int val) {
-    if (val < 0 || val > 0xFFFF) {
+    if (!Utils.isUInt16(val)) {
       throw new InvalidTypeException(val);
     }
   }
diff --git a/src/main/java/org/xbill/DNS/TypeBitmap.java b/src/main/java/org/xbill/DNS/TypeBitmap.java
index 167ca0db9..d827cf40b 100644
--- a/src/main/java/org/xbill/DNS/TypeBitmap.java
+++ b/src/main/java/org/xbill/DNS/TypeBitmap.java
@@ -33,35 +33,47 @@ public TypeBitmap(int[] array) {
 
   public TypeBitmap(DNSInput in) throws WireParseException {
     this();
-    int lastbase = -1;
+
+    // Encoding: ( Window Block # | Bitmap Length | Bitmap )+
+    int lastWindowBlockNumber = -1;
     while (in.remaining() > 0) {
+      // Validate block size, which is at least 2 bytes: block number + map length
       if (in.remaining() < 2) {
         throw new WireParseException("invalid bitmap descriptor");
       }
-      int mapbase = in.readU8();
-      if (mapbase < lastbase) {
-        throw new WireParseException("invalid ordering");
-      }
-      int maplength = in.readU8();
-      if (maplength > in.remaining()) {
-        throw new WireParseException("invalid bitmap");
-      }
-      for (int i = 0; i < maplength; i++) {
-        int current = in.readU8();
-        if (current == 0) {
-          continue;
-        }
-        for (int j = 0; j < 8; j++) {
-          if ((current & (1 << (7 - j))) == 0) {
-            continue;
+
+      int windowBlockNumber = getWindowBlockNumber(in, lastWindowBlockNumber);
+      int mapLength = getMapLength(in);
+      for (int i = 0; i < mapLength; i++) {
+        // Test each bit (of the non-zero bytes) in the bitmap for 1. If set, this is an enabled
+        // type.
+        int bitmapByte = in.readU8();
+        for (int j = 0; j < 8 && bitmapByte > 0; j++) {
+          if ((bitmapByte & (1 << (7 - j))) != 0) {
+            types.add(windowBlockNumber * 256 + i * 8 + j);
           }
-          int typecode = mapbase * 256 + +i * 8 + j;
-          types.add(typecode);
         }
       }
     }
   }
 
+  private static int getWindowBlockNumber(DNSInput in, int lastWindowBlockNumber)
+      throws WireParseException {
+    int windowBlockNumber = in.readU8();
+    if (windowBlockNumber < lastWindowBlockNumber) {
+      throw new WireParseException("invalid ordering");
+    }
+    return windowBlockNumber;
+  }
+
+  private static int getMapLength(DNSInput in) throws WireParseException {
+    int mapLength = in.readU8();
+    if (mapLength > in.remaining()) {
+      throw new WireParseException("invalid bitmap");
+    }
+    return mapLength;
+  }
+
   public TypeBitmap(Tokenizer st) throws IOException {
     this();
     while (true) {
@@ -69,9 +81,9 @@ public TypeBitmap(Tokenizer st) throws IOException {
       if (!t.isString()) {
         break;
       }
-      int typecode = Type.value(t.value);
+      int typecode = Type.value(t.value());
       if (typecode < 0) {
-        throw st.exception("Invalid type: " + t.value);
+        throw st.exception("Invalid type: " + t.value());
       }
       types.add(typecode);
     }
@@ -106,8 +118,7 @@ private static void mapToWire(DNSOutput out, TreeSet<Integer> map, int mapbase)
     int[] array = new int[arraylength];
     out.writeU8(mapbase);
     out.writeU8(arraylength);
-    for (Integer integer : map) {
-      int typecode = integer;
+    for (int typecode : map) {
       array[(typecode & 0xFF) / 8] |= 1 << (7 - typecode % 8);
     }
     for (int j = 0; j < arraylength; j++) {
@@ -116,7 +127,7 @@ private static void mapToWire(DNSOutput out, TreeSet<Integer> map, int mapbase)
   }
 
   public void toWire(DNSOutput out) {
-    if (types.size() == 0) {
+    if (types.isEmpty()) {
       return;
     }
 
@@ -127,7 +138,7 @@ public void toWire(DNSOutput out) {
       int t = type;
       int base = t >> 8;
       if (base != mapbase) {
-        if (map.size() > 0) {
+        if (!map.isEmpty()) {
           mapToWire(out, map, mapbase);
           map.clear();
         }
diff --git a/src/main/java/org/xbill/DNS/URIRecord.java b/src/main/java/org/xbill/DNS/URIRecord.java
index c1035bb51..3141f8e32 100644
--- a/src/main/java/org/xbill/DNS/URIRecord.java
+++ b/src/main/java/org/xbill/DNS/URIRecord.java
@@ -10,11 +10,12 @@
  * Uniform Resource Identifier (URI) DNS Resource Record
  *
  * @author Anthony Kirby
- * @see <a href="https://tools.ietf.org/html/rfc7553">RFC 7553: The Uniform Resource Identifier
- *     (URI) DNS Resource Record</a>
+ * @see <a href="https://datatracker.ietf.org/doc/html/rfc7553">RFC 7553: The Uniform Resource
+ *     Identifier (URI) DNS Resource Record</a>
  */
 public class URIRecord extends Record {
-  private int priority, weight;
+  private int priority;
+  private int weight;
   private byte[] target;
 
   URIRecord() {
diff --git a/src/main/java/org/xbill/DNS/Update.java b/src/main/java/org/xbill/DNS/Update.java
index 146431bc9..948f154bf 100644
--- a/src/main/java/org/xbill/DNS/Update.java
+++ b/src/main/java/org/xbill/DNS/Update.java
@@ -75,8 +75,8 @@ public void present(Name name, int type) {
    *
    * @throws IOException The record could not be parsed.
    */
-  public void present(Name name, int type, String record) throws IOException {
-    newPrereq(Record.fromString(name, type, dclass, 0, record, origin));
+  public void present(Name name, int type, String recordToCheck) throws IOException {
+    newPrereq(Record.fromString(name, type, dclass, 0, recordToCheck, origin));
   }
 
   /**
@@ -97,8 +97,8 @@ public void present(Name name, int type, Tokenizer tokenizer) throws IOException
    * and type in the update message must be identical to the set of all records with that name and
    * type on the server.
    */
-  public void present(Record record) {
-    newPrereq(record);
+  public void present(Record recordToCheck) {
+    newPrereq(recordToCheck);
   }
 
   /**
@@ -123,8 +123,8 @@ public void absent(Name name, int type) {
    *
    * @throws IOException The record could not be parsed.
    */
-  public void add(Name name, int type, long ttl, String record) throws IOException {
-    newUpdate(Record.fromString(name, type, dclass, ttl, record, origin));
+  public void add(Name name, int type, long ttl, String recordToAdd) throws IOException {
+    newUpdate(Record.fromString(name, type, dclass, ttl, recordToAdd, origin));
   }
 
   /**
@@ -138,18 +138,18 @@ public void add(Name name, int type, long ttl, Tokenizer tokenizer) throws IOExc
   }
 
   /** Indicates that the record should be inserted into the zone. */
-  public void add(Record record) {
-    newUpdate(record);
+  public void add(Record recordToAdd) {
+    newUpdate(recordToAdd);
   }
 
   /** Indicates that the records should be inserted into the zone. */
   public void add(Record[] records) {
-    for (Record record : records) {
-      add(record);
+    for (Record r : records) {
+      add(r);
     }
   }
 
-  /** Indicates that all of the records in the rrset should be inserted into the zone. */
+  /** Indicates that all the records in the rrset should be inserted into the zone. */
   public <T extends Record> void add(RRset rrset) {
     rrset.rrs().forEach(this::add);
   }
@@ -169,8 +169,8 @@ public void delete(Name name, int type) {
    *
    * @throws IOException The record could not be parsed.
    */
-  public void delete(Name name, int type, String record) throws IOException {
-    newUpdate(Record.fromString(name, type, DClass.NONE, 0, record, origin));
+  public void delete(Name name, int type, String recordToDelete) throws IOException {
+    newUpdate(Record.fromString(name, type, DClass.NONE, 0, recordToDelete, origin));
   }
 
   /**
@@ -184,14 +184,14 @@ public void delete(Name name, int type, Tokenizer tokenizer) throws IOException
   }
 
   /** Indicates that the specified record should be deleted from the zone. */
-  public void delete(Record record) {
-    newUpdate(record.withDClass(DClass.NONE, 0));
+  public void delete(Record recordToDelete) {
+    newUpdate(recordToDelete.withDClass(DClass.NONE, 0));
   }
 
   /** Indicates that the records should be deleted from the zone. */
   public void delete(Record[] records) {
-    for (Record record : records) {
-      delete(record);
+    for (Record r : records) {
+      delete(r);
     }
   }
 
@@ -206,9 +206,9 @@ public <T extends Record> void delete(RRset rrset) {
    *
    * @throws IOException The record could not be parsed.
    */
-  public void replace(Name name, int type, long ttl, String record) throws IOException {
+  public void replace(Name name, int type, long ttl, String recordToReplace) throws IOException {
     delete(name, type);
-    add(name, type, ttl, record);
+    add(name, type, ttl, recordToReplace);
   }
 
   /**
@@ -226,9 +226,9 @@ public void replace(Name name, int type, long ttl, Tokenizer tokenizer) throws I
    * Indicates that the record should be inserted into the zone replacing any other records with the
    * same name and type.
    */
-  public void replace(Record record) {
-    delete(record.getName(), record.getType());
-    add(record);
+  public void replace(Record recordToReplace) {
+    delete(recordToReplace.getName(), recordToReplace.getType());
+    add(recordToReplace);
   }
 
   /**
@@ -236,13 +236,13 @@ public void replace(Record record) {
    * the same name and type as each one.
    */
   public void replace(Record[] records) {
-    for (Record record : records) {
-      replace(record);
+    for (Record r : records) {
+      replace(r);
     }
   }
 
   /**
-   * Indicates that all of the records in the rrset should be inserted into the zone replacing any
+   * Indicates that all the records in the rrset should be inserted into the zone replacing any
    * other records with the same name and type.
    */
   public <T extends Record> void replace(RRset rrset) {
diff --git a/src/main/java/org/xbill/DNS/Utils.java b/src/main/java/org/xbill/DNS/Utils.java
new file mode 100644
index 000000000..a968cd2ee
--- /dev/null
+++ b/src/main/java/org/xbill/DNS/Utils.java
@@ -0,0 +1,27 @@
+// SPDX-License-Identifier: BSD-3-Clause
+package org.xbill.DNS;
+
+import lombok.experimental.UtilityClass;
+
+@UtilityClass
+class Utils {
+  static boolean isUInt8(int value) {
+    return value >= 0 && value <= 255;
+  }
+
+  static boolean isUInt8(long value) {
+    return value >= 0 && value <= 255;
+  }
+
+  static boolean isUInt16(int value) {
+    return value >= 0 && value <= 0xffff;
+  }
+
+  static boolean isUInt16(long value) {
+    return value >= 0 && value <= 0xffff;
+  }
+
+  static boolean isUInt32(long value) {
+    return value >= 0 && value <= 0xffffffffL;
+  }
+}
diff --git a/src/main/java/org/xbill/DNS/WKSRecord.java b/src/main/java/org/xbill/DNS/WKSRecord.java
index 081f23e34..104b03ece 100644
--- a/src/main/java/org/xbill/DNS/WKSRecord.java
+++ b/src/main/java/org/xbill/DNS/WKSRecord.java
@@ -14,14 +14,14 @@
  * Well Known Services - Lists services offered by this host.
  *
  * @author Brian Wellington
- * @see <a href="https://tools.ietf.org/html/rfc1035">RFC 1035: Domain Names - Implementation and
- *     Specification</a>
+ * @see <a href="https://datatracker.ietf.org/doc/html/rfc1035">RFC 1035: Domain Names -
+ *     Implementation and Specification</a>
  */
 public class WKSRecord extends Record {
   /**
    * IP protocol identifiers. This is basically copied out of RFC 1010.
    *
-   * @see <a href="https://tools.ietf.org/html/rfc1010">RFC 1010: Assigned Numbers</a>
+   * @see <a href="https://datatracker.ietf.org/doc/html/rfc1010">RFC 1010: Assigned Numbers</a>
    */
   public static class Protocol {
 
@@ -637,9 +637,9 @@ protected void rdataFromString(Tokenizer st, Name origin) throws IOException {
       if (!t.isString()) {
         break;
       }
-      int service = Service.value(t.value);
+      int service = Service.value(t.value());
       if (service < 0) {
-        throw st.exception("Invalid TCP/UDP service: " + t.value);
+        throw st.exception("Invalid TCP/UDP service: " + t.value());
       }
       list.add(service);
     }
@@ -689,7 +689,7 @@ protected void rrToWire(DNSOutput out, Compression c, boolean canonical) {
     int highestPort = services[services.length - 1];
     byte[] array = new byte[highestPort / 8 + 1];
     for (int port : services) {
-      array[port / 8] |= 1 << (7 - port % 8);
+      array[port / 8] |= (byte) (1 << (7 - port % 8));
     }
     out.writeByteArray(array);
   }
diff --git a/src/main/java/org/xbill/DNS/WireParseException.java b/src/main/java/org/xbill/DNS/WireParseException.java
index 8d07e8914..2c75e8649 100644
--- a/src/main/java/org/xbill/DNS/WireParseException.java
+++ b/src/main/java/org/xbill/DNS/WireParseException.java
@@ -21,7 +21,6 @@ public WireParseException(String s) {
   }
 
   public WireParseException(String s, Throwable cause) {
-    super(s);
-    initCause(cause);
+    super(s, cause);
   }
 }
diff --git a/src/main/java/org/xbill/DNS/X25Record.java b/src/main/java/org/xbill/DNS/X25Record.java
index 80ec9c2f3..9b2ca5d80 100644
--- a/src/main/java/org/xbill/DNS/X25Record.java
+++ b/src/main/java/org/xbill/DNS/X25Record.java
@@ -10,7 +10,7 @@
  * associated with a name.
  *
  * @author Brian Wellington
- * @see <a href="https://tools.ietf.org/html/rfc1183">RFC 1183: New DNS RR Definitions</a>
+ * @see <a href="https://datatracker.ietf.org/doc/html/rfc1183">RFC 1183: New DNS RR Definitions</a>
  */
 public class X25Record extends Record {
   private byte[] address;
diff --git a/src/main/java/org/xbill/DNS/Zone.java b/src/main/java/org/xbill/DNS/Zone.java
index e335a2707..d323fb4d6 100644
--- a/src/main/java/org/xbill/DNS/Zone.java
+++ b/src/main/java/org/xbill/DNS/Zone.java
@@ -4,252 +4,497 @@
 package org.xbill.DNS;
 
 import java.io.IOException;
+import java.io.InputStream;
 import java.io.Serializable;
+import java.util.ArrayList;
+import java.util.Arrays;
+import java.util.Collections;
 import java.util.Iterator;
 import java.util.LinkedList;
 import java.util.List;
 import java.util.Map;
 import java.util.NoSuchElementException;
-import java.util.TreeMap;
+import java.util.concurrent.ConcurrentSkipListMap;
+import java.util.concurrent.locks.ReentrantReadWriteLock;
+import java.util.function.Supplier;
+import lombok.Getter;
 
 /**
- * A DNS Zone. This encapsulates all data related to a Zone, and provides convenient lookup methods.
+ * A DNS zone. This encapsulates all data related to a zone, and provides convenient lookup methods.
+ * A zone always contains a {@link SOARecord} and at least one {@link NSRecord}.
  *
+ * @implNote This class uses a {@link java.util.concurrent.locks.ReadWriteLock} to ensure access and
+ *     manipulation is safe from multiple threads. Iterators are "weakly consistent" (see the
+ *     package info from {@code java.util.concurrent}).
  * @author Brian Wellington
  */
-public class Zone implements Serializable {
-
-  private static final long serialVersionUID = -9220510891189510942L;
-
-  /** A primary zone */
+public class Zone implements Serializable, Iterable<RRset> {
+  /** A primary zone. */
   public static final int PRIMARY = 1;
 
-  /** A secondary zone */
+  /** A secondary zone. */
   public static final int SECONDARY = 2;
 
-  private Map<Name, Object> data;
-  private Name origin;
+  private final ReentrantReadWriteLock readWriteLock = new ReentrantReadWriteLock();
+  private final ReentrantReadWriteLock.ReadLock readLock = readWriteLock.readLock();
+  private final ReentrantReadWriteLock.WriteLock writeLock = readWriteLock.writeLock();
+
+  private final Map<Name, Object> data = new ConcurrentSkipListMap<>();
+
   private Object originNode;
-  private RRset NS;
-  private SOARecord SOA;
   private boolean hasWild;
 
-  class ZoneIterator implements Iterator<RRset> {
-    private final Iterator<Map.Entry<Name, Object>> zentries;
-    private RRset[] current;
-    private int count;
-    private boolean wantLastSOA;
+  /** Returns the zone's origin. */
+  @Getter private Name origin;
 
-    ZoneIterator(boolean axfr) {
-      synchronized (Zone.this) {
-        zentries = data.entrySet().iterator();
-      }
-      wantLastSOA = axfr;
-      RRset[] sets = allRRsets(originNode);
-      current = new RRset[sets.length];
-      for (int i = 0, j = 2; i < sets.length; i++) {
-        int type = sets[i].getType();
-        if (type == Type.SOA) {
-          current[0] = sets[i];
-        } else if (type == Type.NS) {
-          current[1] = sets[i];
-        } else {
-          current[j++] = sets[i];
-        }
-      }
-    }
+  /** Returns the zone origin's {@link NSRecord NS records}. */
+  private RRset nsRRset;
 
-    @Override
-    public boolean hasNext() {
-      return current != null || wantLastSOA;
-    }
-
-    @Override
-    public RRset next() {
-      if (!hasNext()) {
-        throw new NoSuchElementException();
-      }
-      if (current == null) {
-        wantLastSOA = false;
-        return oneRRset(originNode, Type.SOA);
-      }
-      RRset set = current[count++];
-      if (count == current.length) {
-        current = null;
-        while (zentries.hasNext()) {
-          Map.Entry<Name, Object> entry = zentries.next();
-          if (entry.getKey().equals(origin)) {
-            continue;
-          }
-          RRset[] sets = allRRsets(entry.getValue());
-          if (sets.length == 0) {
-            continue;
-          }
-          current = sets;
-          count = 0;
-          break;
-        }
-      }
-      return set;
-    }
+  private SOARecord soaRecord;
 
-    @Override
-    public void remove() {
-      throw new UnsupportedOperationException();
-    }
+  /** Returns the zone's {@link DClass class}. */
+  public int getDClass() {
+    return DClass.IN;
   }
 
-  private void validate() throws IOException {
-    originNode = exactName(origin);
-    if (originNode == null) {
-      throw new IOException(origin + ": no data specified");
-    }
-
-    RRset rrset = oneRRset(originNode, Type.SOA);
-    if (rrset == null || rrset.size() != 1) {
-      throw new IOException(origin + ": exactly 1 SOA must be specified");
-    }
-    SOA = (SOARecord) rrset.rrs().get(0);
+  /** Returns the zone origin's {@link NSRecord NS records}. */
+  public RRset getNS() {
+    return withReadLock(() -> new RRset(nsRRset));
+  }
 
-    NS = oneRRset(originNode, Type.NS);
-    if (NS == null) {
-      throw new IOException(origin + ": no NS set specified");
-    }
+  /** Returns the zone's {@link SOARecord SOA record}. */
+  public SOARecord getSOA() {
+    return soaRecord;
   }
 
-  private void maybeAddRecord(Record record) throws IOException {
-    int rtype = record.getType();
-    Name name = record.getName();
+  // ------------- Constructors
 
-    if (rtype == Type.SOA && !name.equals(origin)) {
-      throw new IOException("SOA owner " + name + " does not match zone origin " + origin);
+  /**
+   * Creates a zone from the records in the specified master file.
+   *
+   * @param zone The name of the zone.
+   * @param input The master file to read from.
+   * @throws IllegalArgumentException if {@code zone} or {@code file} is {@code null}.
+   * @throws IOException if the zone file does not contain a {@link SOARecord} or no {@link
+   *     NSRecord}s.
+   * @see Master
+   * @since 3.6.2
+   */
+  public Zone(Name zone, InputStream input) throws IOException {
+    if (zone == null) {
+      throw new IllegalArgumentException("no zone name specified");
     }
-    if (name.subdomain(origin)) {
-      addRecord(record);
+
+    if (input == null) {
+      throw new IllegalArgumentException("no input stream specified");
     }
+
+    this.origin = zone;
+    fromMasterFile(new Master(input, origin));
   }
 
   /**
-   * Creates a Zone from the records in the specified master file.
+   * Creates a zone from the records in the specified master file.
    *
    * @param zone The name of the zone.
    * @param file The master file to read from.
+   * @throws IllegalArgumentException if {@code zone} or {@code file} is {@code null}.
+   * @throws IOException if the zone file does not contain a {@link SOARecord} or no {@link
+   *     NSRecord}s.
    * @see Master
    */
   public Zone(Name zone, String file) throws IOException {
-    data = new TreeMap<>();
-
     if (zone == null) {
       throw new IllegalArgumentException("no zone name specified");
     }
-    try (Master m = new Master(file, zone)) {
-      Record record;
 
-      origin = zone;
-      while ((record = m.nextRecord()) != null) {
-        maybeAddRecord(record);
-      }
+    if (file == null) {
+      throw new IllegalArgumentException("no file name specified");
     }
-    validate();
+
+    this.origin = zone;
+    fromMasterFile(new Master(file, origin));
   }
 
   /**
-   * Creates a Zone from an array of records.
+   * Creates a zone from an array of records.
    *
    * @param zone The name of the zone.
    * @param records The records to add to the zone.
+   * @throws IllegalArgumentException if {@code zone} or {@code records} is {@code null}.
+   * @throws IOException if the records do not contain a {@link SOARecord} or no {@link NSRecord}s.
    * @see Master
    */
-  public Zone(Name zone, Record[] records) throws IOException {
-    data = new TreeMap<>();
-
+  public Zone(Name zone, Record... records) throws IOException {
     if (zone == null) {
       throw new IllegalArgumentException("no zone name specified");
     }
-    origin = zone;
-    for (Record record : records) {
-      maybeAddRecord(record);
-    }
-    validate();
-  }
 
-  private void fromXFR(ZoneTransferIn xfrin) throws IOException, ZoneTransferException {
-    synchronized (this) {
-      data = new TreeMap<>();
+    if (records == null) {
+      throw new IllegalArgumentException("no records are specified");
     }
 
-    origin = xfrin.getName();
-    xfrin.run();
-    if (!xfrin.isAXFR()) {
-      throw new IllegalArgumentException("zones can only be created from AXFRs");
+    origin = zone;
+    for (Record r : records) {
+      maybeAddRecord(r);
     }
 
-    for (Record record : xfrin.getAXFR()) {
-      maybeAddRecord(record);
-    }
     validate();
   }
 
   /**
-   * Creates a Zone by doing the specified zone transfer.
+   * Creates a zone by doing the specified zone transfer.
    *
    * @param xfrin The incoming zone transfer to execute.
+   * @throws IllegalArgumentException if {@code xfrin} is {@code null}.
+   * @throws IOException if the zone does not contain a {@link SOARecord} or no {@link NSRecord}s.
    * @see ZoneTransferIn
    */
   public Zone(ZoneTransferIn xfrin) throws IOException, ZoneTransferException {
+    if (xfrin == null) {
+      throw new IllegalArgumentException("no xfrin specified");
+    }
+
     fromXFR(xfrin);
   }
 
   /**
-   * Creates a Zone by performing a zone transfer to the specified host.
+   * Creates a zone by performing a zone transfer from the specified host. This uses the default
+   * port and no {@link TSIG}. Use {@link Zone#Zone(ZoneTransferIn)} for more control.
    *
+   * @param zone The zone to transfer.
+   * @param dclass The {@link DClass} of the zone to transfer.
+   * @param remote The remote host to transfer from.
+   * @throws IllegalArgumentException if {@code zone} or {@code remote} is {@code null}.
+   * @throws IOException if the zone does not contain a {@link SOARecord} or no {@link NSRecord}s.
+   * @throws InvalidDClassException if {@code dclass} is not a valid {@link DClass}.
    * @see ZoneTransferIn
    */
   public Zone(Name zone, int dclass, String remote) throws IOException, ZoneTransferException {
+    if (zone == null) {
+      throw new IllegalArgumentException("no zone name specified");
+    }
+    DClass.check(dclass);
+
     ZoneTransferIn xfrin = ZoneTransferIn.newAXFR(zone, remote, null);
     xfrin.setDClass(dclass);
     fromXFR(xfrin);
   }
 
-  /** Returns the Zone's origin */
-  public Name getOrigin() {
-    return origin;
+  private void fromMasterFile(Master m) throws IOException {
+    try {
+      Record r;
+      while ((r = m.nextRecord()) != null) {
+        maybeAddRecord(r);
+      }
+    } finally {
+      m.close();
+    }
+    validate();
   }
 
-  /** Returns the Zone origin's NS records */
-  public RRset getNS() {
-    return NS;
+  private void fromXFR(ZoneTransferIn xfrin) throws IOException, ZoneTransferException {
+    origin = xfrin.getName();
+    xfrin.run();
+    if (!xfrin.isAXFR()) {
+      throw new IllegalArgumentException("zones can only be created from AXFRs");
+    }
+
+    for (Record r : xfrin.getAXFR()) {
+      maybeAddRecord(r);
+    }
+    validate();
   }
 
-  /** Returns the Zone's SOA record */
-  public SOARecord getSOA() {
-    return SOA;
+  private void maybeAddRecord(Record r) throws IOException {
+    int rtype = r.getType();
+    Name name = r.getName();
+
+    if (rtype == Type.SOA && !name.equals(origin)) {
+      throw new IOException("SOA owner " + name + " does not match zone origin " + origin);
+    }
+
+    if (name.subdomain(origin)) {
+      addRecord(r);
+    }
   }
 
-  /** Returns the Zone's class */
-  public int getDClass() {
-    return DClass.IN;
+  private void validate() throws IOException {
+    originNode = exactName(origin);
+    if (originNode == null) {
+      throw new IOException(origin + ": no data specified");
+    }
+
+    RRset rrset = oneRRsetWithoutLock(originNode, Type.SOA);
+    if (rrset == null || rrset.size() != 1) {
+      throw new IOException(origin + ": exactly 1 SOA must be specified");
+    }
+    soaRecord = (SOARecord) rrset.first();
+
+    nsRRset = oneRRsetWithoutLock(originNode, Type.NS);
+    if (nsRRset == null) {
+      throw new IOException(origin + ": no NS set specified");
+    }
+  }
+
+  // ------------- Iterators
+
+  /** Returns an iterator over the {@link RRset RRsets} in the zone. */
+  @Override
+  public Iterator<RRset> iterator() {
+    return new ZoneIterator(false);
+  }
+
+  /**
+   * Returns an Iterator over the {@link RRset RRsets} in the zone that can be used to construct an
+   * AXFR response. This is identical to {@link #iterator} except that the SOA is returned at the
+   * end as well as the beginning.
+   */
+  public Iterator<RRset> AXFR() {
+    return new ZoneIterator(true);
   }
 
-  private synchronized Object exactName(Name name) {
+  // ------------- Manipulation
+
+  /**
+   * Adds a record to the zone. If there is an existing {@link RRset} of the same {@link Name} and
+   * {@link Type}, the record is <b>added</b> to this set.
+   *
+   * @param r The record to add.
+   * @throws IllegalArgumentException if {@code name} is {@code null} or if the rrset name does not
+   *     match the zone origin.
+   */
+  public <T extends Record> void addRecord(T r) {
+    if (r == null) {
+      throw new IllegalArgumentException("r must not be null");
+    }
+
+    Name name = r.getName();
+    int rtype = r.getRRsetType();
+    int actualType = r.getType();
+
+    if (rtype == Type.SOA && !name.equals(origin)) {
+      throw new IllegalArgumentException(
+          "SOA owner " + name + " does not match zone origin " + origin);
+    }
+
+    if (!name.subdomain(origin)) {
+      throw new IllegalArgumentException(
+          "name " + name + " is absolute and not a subdomain of " + origin);
+    }
+
+    withWriteLock(
+        () -> {
+          RRset rrset = findRRsetWithoutLock(name, rtype);
+          if (rrset == null) {
+            rrset = new RRset(r);
+            addRRsetWithoutLock(name, rrset);
+          } else {
+            // Adding a SOA must replace any existing record. We validated before that the zone name
+            // didn't change
+            if (actualType == Type.SOA) {
+              rrset.deleteRR(soaRecord);
+              soaRecord = (SOARecord) r;
+            }
+
+            rrset.addRR(r);
+          }
+        });
+  }
+
+  /**
+   * Removes a record from the zone.
+   *
+   * @param r The record to remove.
+   * @throws IllegalArgumentException if {@code r} is {@code null}, if the record to remove is the
+   *     {@link SOARecord} or the last {@link NSRecord}.
+   */
+  public void removeRecord(Record r) {
+    if (r == null) {
+      throw new IllegalArgumentException("r must not be null");
+    }
+
+    Name name = r.getName();
+    int rtype = r.getRRsetType();
+
+    if (r.getType() == Type.SOA) {
+      throw new IllegalArgumentException("Cannot remove SOA record");
+    }
+
+    withWriteLock(
+        () -> {
+          RRset rrset = findRRsetWithoutLock(name, rtype);
+          if (rrset == null) {
+            // No set found, thus no record to remove
+            return;
+          }
+
+          if (rtype == Type.NS && rrset.size() == 1) {
+            throw new IllegalArgumentException("Cannot remove all NS");
+          }
+
+          if (rrset.size() + rrset.sigSize() > 1) {
+            rrset.deleteRR(r);
+          } else {
+            // Remove the set (and maybe the entire name) if the set is now empty
+            removeRRsetWithoutLock(name, rtype);
+          }
+        });
+  }
+
+  /**
+   * Adds an RRset to the zone.
+   *
+   * @implNote An existing {@link RRset} of the same {@link Name} and {@link Type} is
+   *     <b>replaced</b>.
+   * @param rrset The RRset to add.
+   * @see RRset
+   * @throws IllegalArgumentException if {@code rrset} is {@code null} or if the rrset name is not a
+   *     {@link Name#subdomain(Name) subdomain} of the zone origin (or, in case of a SOA, is not
+   *     equal to the zone origin).
+   */
+  public void addRRset(RRset rrset) {
+    if (rrset == null) {
+      throw new IllegalArgumentException("rrset must not be null");
+    }
+
+    Name name = rrset.getName();
+    int type = rrset.getType();
+    if (type == Type.SOA) {
+      if (!name.equals(origin)) {
+        throw new IllegalArgumentException(
+            "SOA owner " + name + " does not match zone origin " + origin);
+      }
+
+      if (rrset.size() != 1) {
+        throw new IllegalArgumentException(origin + ": exactly 1 SOA must be specified");
+      }
+    }
+
+    if (!name.subdomain(origin)) {
+      throw new IllegalArgumentException(
+          "name " + name + " is absolute and not a subdomain of " + origin);
+    }
+
+    withWriteLock(
+        () -> {
+          addRRsetWithoutLock(name, rrset);
+          if (type == Type.SOA) {
+            soaRecord = (SOARecord) rrset.first();
+          }
+        });
+  }
+
+  /**
+   * Removes an RRset from the zone.
+   *
+   * @param name The name to remove.
+   * @param type The type to remove.
+   * @throws IllegalArgumentException if {@code name} is {@code null}.
+   * @throws InvalidTypeException if the specified {@code type} is invalid or {@link Type#SOA} or
+   *     {@link Type#NS}.
+   * @see RRset
+   * @since 3.6
+   */
+  public void removeRRset(Name name, int type) {
+    if (name == null) {
+      throw new IllegalArgumentException("name must not be null");
+    }
+    Type.check(type);
+
+    withWriteLock(() -> removeRRsetWithoutLock(name, type));
+  }
+
+  // ------------- Search
+
+  /**
+   * Looks up Records in the zone, finding exact matches only.
+   *
+   * @param name The name to look up
+   * @param type The type to look up
+   * @return The matching RRset or {@code null} if no exact match is found.
+   * @throws IllegalArgumentException if {@code name} is {@code null}.
+   * @throws InvalidTypeException if the specified {@code type} is invalid.
+   * @see RRset
+   */
+  public RRset findExactMatch(Name name, int type) {
+    if (name == null) {
+      throw new IllegalArgumentException("name must not be null");
+    }
+    Type.check(type);
+    return withReadLock(
+        () -> {
+          RRset set = findRRsetWithoutLock(name, type);
+          if (set == null) {
+            return null;
+          }
+
+          // Create a copy to keep the thread safety guarantees and consistency
+          return new RRset(set);
+        });
+  }
+
+  /**
+   * Looks up Records in the zone. The answer can be a {@code CNAME} instead of the actual requested
+   * type and wildcards are expanded.
+   *
+   * @param name The name to look up
+   * @param type The type to look up
+   * @return A SetResponse object
+   * @throws IllegalArgumentException if {@code name} is {@code null}.
+   * @throws InvalidTypeException if the specified {@code type} is invalid.
+   * @see SetResponse
+   */
+  public SetResponse findRecords(Name name, int type) {
+    if (name == null) {
+      throw new IllegalArgumentException("name must not be null");
+    }
+    Type.check(type);
+
+    if (!name.subdomain(origin)) {
+      return SetResponse.ofType(SetResponseType.NXDOMAIN);
+    }
+
+    return withReadLock(() -> findRecordsWithoutLock(name, type));
+  }
+
+  // ----------- Internal
+  private <T> T withReadLock(Supplier<T> callable) {
+    readLock.lock();
+    try {
+      return callable.get();
+    } finally {
+      readLock.unlock();
+    }
+  }
+
+  private void withWriteLock(Runnable callable) {
+    writeLock.lock();
+    try {
+      callable.run();
+    } finally {
+      writeLock.unlock();
+    }
+  }
+
+  private Object exactName(Name name) {
     return data.get(name);
   }
 
-  private synchronized RRset[] allRRsets(Object types) {
+  @SuppressWarnings("unchecked")
+  private List<RRset> allRRsetsWithoutLock(Object types) {
     if (types instanceof List) {
-      @SuppressWarnings("unchecked")
-      List<RRset> typelist = (List<RRset>) types;
-      return typelist.toArray(new RRset[0]);
+      return (List<RRset>) types;
     } else {
-      RRset set = (RRset) types;
-      return new RRset[] {set};
+      return Collections.singletonList((RRset) types);
     }
   }
 
-  private synchronized RRset oneRRset(Object types, int type) {
+  private RRset oneRRsetWithoutLock(Object types, int type) {
     if (type == Type.ANY) {
-      throw new IllegalArgumentException("oneRRset(ANY)");
+      throw new IllegalArgumentException("Cannot lookup an exact match for type ANY");
     }
+
     if (types instanceof List) {
       @SuppressWarnings("unchecked")
       List<RRset> list = (List<RRset>) types;
@@ -264,43 +509,56 @@ private synchronized RRset oneRRset(Object types, int type) {
         return set;
       }
     }
+
     return null;
   }
 
-  private synchronized RRset findRRset(Name name, int type) {
+  private RRset findRRsetWithoutLock(Name name, int type) {
     Object types = exactName(name);
     if (types == null) {
       return null;
     }
-    return oneRRset(types, type);
+    return oneRRsetWithoutLock(types, type);
   }
 
-  private synchronized void addRRset(Name name, RRset rrset) {
+  private void addRRsetWithoutLock(Name name, RRset rrset) {
     if (!hasWild && name.isWild()) {
       hasWild = true;
     }
+
     Object types = data.get(name);
+
+    // Nothing in the zone for this name, add the set directly
     if (types == null) {
       data.put(name, rrset);
       return;
     }
+
     int rtype = rrset.getType();
+
+    // Multiple types for this name
     if (types instanceof List) {
       @SuppressWarnings("unchecked")
       List<RRset> list = (List<RRset>) types;
       for (int i = 0; i < list.size(); i++) {
         RRset set = list.get(i);
+        // There's already a set of the specified type, replace it
         if (set.getType() == rtype) {
           list.set(i, rrset);
           return;
         }
       }
+
+      // The new type doesn't exist yet, add it
       list.add(rrset);
     } else {
+      // One type for this name
       RRset set = (RRset) types;
       if (set.getType() == rtype) {
+        // There's already a set of the specified type, replace it
         data.put(name, rrset);
       } else {
+        // Different type, replace the RRset in the map with a list
         LinkedList<RRset> list = new LinkedList<>();
         list.add(set);
         list.add(rrset);
@@ -309,38 +567,52 @@ private synchronized void addRRset(Name name, RRset rrset) {
     }
   }
 
-  private synchronized void removeRRset(Name name, int type) {
+  private void removeRRsetWithoutLock(Name name, int type) {
+    if (type == Type.SOA) {
+      throw new IllegalArgumentException("Cannot remove SOA");
+    }
+
+    if (type == Type.NS) {
+      throw new IllegalArgumentException("Cannot remove all NS");
+    }
+
     Object types = data.get(name);
+    // Nothing in the zone for this name/type
     if (types == null) {
       return;
     }
+
+    // Multiple types for this name
     if (types instanceof List) {
       @SuppressWarnings("unchecked")
       List<RRset> list = (List<RRset>) types;
       for (int i = 0; i < list.size(); i++) {
         RRset set = list.get(i);
         if (set.getType() == type) {
+          // The type of this RRset matched, remove the set
           list.remove(i);
-          if (list.size() == 0) {
-            data.remove(name);
-          }
-          return;
+          break;
         }
       }
+
+      // No types left, remove the entire name
+      if (list.isEmpty()) {
+        data.remove(name);
+      }
     } else {
+      // One type for this name
       RRset set = (RRset) types;
       if (set.getType() != type) {
+        // Type doesn't match, nothing to remove
         return;
       }
+
+      // The only type matched, remove the entire name
       data.remove(name);
     }
   }
 
-  private synchronized SetResponse lookup(Name name, int type) {
-    if (!name.subdomain(origin)) {
-      return SetResponse.ofType(SetResponse.NXDOMAIN);
-    }
-
+  private SetResponse findRecordsWithoutLock(Name name, int type) {
     int labels = name.labels();
     int olabels = origin.labels();
 
@@ -362,46 +634,44 @@ private synchronized SetResponse lookup(Name name, int type) {
         continue;
       }
 
-      /* If this is a delegation, return that. */
+      // If this is a delegation, return that.
       if (!isOrigin) {
-        RRset ns = oneRRset(types, Type.NS);
+        RRset ns = oneRRsetWithoutLock(types, Type.NS);
         if (ns != null) {
-          return new SetResponse(SetResponse.DELEGATION, ns);
+          return SetResponse.ofType(SetResponseType.DELEGATION, ns);
         }
       }
 
-      /* If this is an ANY lookup, return everything. */
+      // If this is an ANY lookup, return everything.
       if (isExact && type == Type.ANY) {
-        SetResponse sr = new SetResponse(SetResponse.SUCCESSFUL);
-        for (RRset set : allRRsets(types)) {
+        SetResponse sr = SetResponse.ofType(SetResponseType.SUCCESSFUL);
+        for (RRset set : allRRsetsWithoutLock(types)) {
           sr.addRRset(set);
         }
         return sr;
       }
 
-      /*
-       * If this is the name, look for the actual type or a CNAME.
-       * Otherwise, look for a DNAME.
-       */
+      // If this is the name, look for the actual type or a CNAME.
+      // Otherwise, look for a DNAME.
       if (isExact) {
-        RRset rrset = oneRRset(types, type);
+        RRset rrset = oneRRsetWithoutLock(types, type);
         if (rrset != null) {
-          return new SetResponse(SetResponse.SUCCESSFUL, rrset);
+          return SetResponse.ofType(SetResponseType.SUCCESSFUL, rrset);
         }
-        rrset = oneRRset(types, Type.CNAME);
+        rrset = oneRRsetWithoutLock(types, Type.CNAME);
         if (rrset != null) {
-          return new SetResponse(SetResponse.CNAME, rrset);
+          return SetResponse.ofType(SetResponseType.CNAME, rrset);
         }
       } else {
-        RRset rrset = oneRRset(types, Type.DNAME);
+        RRset rrset = oneRRsetWithoutLock(types, Type.DNAME);
         if (rrset != null) {
-          return new SetResponse(SetResponse.DNAME, rrset);
+          return SetResponse.ofType(SetResponseType.DNAME, rrset);
         }
       }
 
-      /* We found the name, but not the type. */
+      // We found the name, but not the type.
       if (isExact) {
-        return SetResponse.ofType(SetResponse.NXRRSET);
+        return SetResponse.ofType(SetResponseType.NXRRSET);
       }
     }
 
@@ -414,26 +684,26 @@ private synchronized SetResponse lookup(Name name, int type) {
         }
 
         if (type == Type.ANY) {
-          SetResponse sr = new SetResponse(SetResponse.SUCCESSFUL);
-          for (RRset set : allRRsets(types)) {
+          SetResponse sr = SetResponse.ofType(SetResponseType.SUCCESSFUL);
+          for (RRset set : allRRsetsWithoutLock(types)) {
             sr.addRRset(expandSet(set, name));
           }
           return sr;
         } else {
-          RRset rrset = oneRRset(types, type);
+          RRset rrset = oneRRsetWithoutLock(types, type);
           if (rrset != null) {
-            return new SetResponse(SetResponse.SUCCESSFUL, expandSet(rrset, name));
+            return SetResponse.ofType(SetResponseType.SUCCESSFUL, expandSet(rrset, name));
           }
         }
       }
     }
 
-    return SetResponse.ofType(SetResponse.NXDOMAIN);
+    return SetResponse.ofType(SetResponseType.NXDOMAIN);
   }
 
   private RRset expandSet(RRset set, Name tname) {
     RRset expandedSet = new RRset();
-    for (Record r : set.rrs()) {
+    for (Record r : set.rrs(false)) {
       expandedSet.addRR(r.withName(tname));
     }
     for (RRSIGRecord r : set.sigs()) {
@@ -442,125 +712,138 @@ private RRset expandSet(RRset set, Name tname) {
     return expandedSet;
   }
 
-  /**
-   * Looks up Records in the Zone. The answer can be a {@code CNAME} instead of the actual requested
-   * type and wildcards are expanded.
-   *
-   * @param name The name to look up
-   * @param type The type to look up
-   * @return A SetResponse object
-   * @see SetResponse
-   */
-  public SetResponse findRecords(Name name, int type) {
-    return lookup(name, type);
+  private void nodeToString(StringBuilder sb, Object node) {
+    List<RRset> sets = allRRsetsWithoutLock(node);
+    for (RRset rrset : sets) {
+      rrset.rrs(false).forEach(r -> sb.append(r).append('\n'));
+      rrset.sigs().forEach(r -> sb.append(r).append('\n'));
+    }
   }
 
   /**
-   * Looks up Records in the zone, finding exact matches only.
+   * Returns the contents of the zone in master file format.
    *
-   * @param name The name to look up
-   * @param type The type to look up
-   * @return The matching RRset
-   * @see RRset
+   * @see Master
    */
-  public RRset findExactMatch(Name name, int type) {
-    Object types = exactName(name);
-    if (types == null) {
-      return null;
-    }
-    return oneRRset(types, type);
+  public String toMasterFile() {
+    StringBuilder sb = new StringBuilder();
+    withReadLock(
+        () -> {
+          nodeToString(sb, originNode);
+          for (Map.Entry<Name, Object> entry : data.entrySet()) {
+            if (!origin.equals(entry.getKey())) {
+              nodeToString(sb, entry.getValue());
+            }
+          }
+          return null;
+        });
+    return sb.toString();
   }
 
   /**
-   * Adds an RRset to the Zone
+   * Returns the contents of the zone as a string.
    *
-   * @param rrset The RRset to be added
-   * @see RRset
+   * @see #toMasterFile
    */
-  public void addRRset(RRset rrset) {
-    Name name = rrset.getName();
-    addRRset(name, rrset);
+  @Override
+  public String toString() {
+    return toMasterFile();
   }
 
-  /**
-   * Adds a Record to the Zone
-   *
-   * @param r The record to be added
-   * @see Record
-   */
-  public <T extends Record> void addRecord(T r) {
-    Name name = r.getName();
-    int rtype = r.getRRsetType();
-    synchronized (this) {
-      RRset rrset = findRRset(name, rtype);
-      if (rrset == null) {
-        rrset = new RRset(r);
-        addRRset(name, rrset);
-      } else {
-        rrset.addRR(r);
+  class ZoneIterator implements Iterator<RRset> {
+    private final Iterator<Map.Entry<Name, Object>> zoneEntries;
+    private List<RRset> current;
+    private int index;
+    private boolean wantLastSOA;
+    private RRset returnedSet;
+    private RRset soaSet;
+
+    ZoneIterator(boolean axfr) {
+      zoneEntries = data.entrySet().iterator();
+      wantLastSOA = axfr;
+
+      // Start the iterator at origin, with SOA and NS as the first and second entries
+      // Create a copy of the RRset list to ensure that concurrent manipulation is safe
+      List<RRset> originSets =
+          withReadLock(() -> new ArrayList<>(allRRsetsWithoutLock(originNode)));
+      RRset[] sortedOriginSets = new RRset[originSets.size()];
+      current = Arrays.asList(sortedOriginSets);
+      for (int i = 0, j = 2; i < originSets.size(); i++) {
+        RRset originSet = originSets.get(i);
+        int type = originSet.getType();
+        if (type == Type.SOA) {
+          sortedOriginSets[0] = soaSet = new RRset(originSet);
+        } else if (type == Type.NS) {
+          sortedOriginSets[1] = new RRset(originSet);
+        } else {
+          sortedOriginSets[j++] = new RRset(originSet);
+        }
       }
     }
-  }
 
-  /**
-   * Removes a record from the Zone
-   *
-   * @param r The record to be removed
-   * @see Record
-   */
-  public void removeRecord(Record r) {
-    Name name = r.getName();
-    int rtype = r.getRRsetType();
-    synchronized (this) {
-      RRset rrset = findRRset(name, rtype);
-      if (rrset == null) {
-        return;
+    @Override
+    public boolean hasNext() {
+      return current != null || wantLastSOA;
+    }
+
+    @Override
+    public RRset next() {
+      if (!hasNext()) {
+        throw new NoSuchElementException("No more elements");
       }
-      if (rrset.size() == 1 && rrset.first().equals(r)) {
-        removeRRset(name, rtype);
-      } else {
-        rrset.deleteRR(r);
+
+      // If AXFR was requested, return the SOA as the last set again
+      if (current == null) {
+        wantLastSOA = false;
+        returnedSet = soaSet;
+        return returnedSet;
       }
-    }
-  }
 
-  /** Returns an Iterator over the RRsets in the zone. */
-  public Iterator<RRset> iterator() {
-    return new ZoneIterator(false);
-  }
+      // Create a copy of the RRset to prevent manipulation of the zone via the returned set
+      returnedSet = new RRset(current.get(index++));
 
-  /**
-   * Returns an Iterator over the RRsets in the zone that can be used to construct an AXFR response.
-   * This is identical to {@link #iterator} except that the SOA is returned at the end as well as
-   * the beginning.
-   */
-  public Iterator<RRset> AXFR() {
-    return new ZoneIterator(true);
-  }
+      // Move to the next iterator step if there are no more sets at the current name
+      if (index == current.size()) {
+        current = null;
+        while (zoneEntries.hasNext()) {
+          Map.Entry<Name, Object> entry = zoneEntries.next();
 
-  private void nodeToString(StringBuffer sb, Object node) {
-    RRset[] sets = allRRsets(node);
-    for (RRset rrset : sets) {
-      rrset.rrs().forEach(r -> sb.append(r).append('\n'));
-      rrset.sigs().forEach(r -> sb.append(r).append('\n'));
-    }
-  }
+          // Skip origin, the iterator started with it
+          if (entry.getKey().equals(origin)) {
+            continue;
+          }
 
-  /** Returns the contents of the Zone in master file format. */
-  public synchronized String toMasterFile() {
-    StringBuffer sb = new StringBuffer();
-    nodeToString(sb, originNode);
-    for (Map.Entry<Name, Object> entry : data.entrySet()) {
-      if (!origin.equals(entry.getKey())) {
-        nodeToString(sb, entry.getValue());
+          // Create a copy of the RRset list to ensure that concurrent manipulation is safe
+          List<RRset> sets =
+              withReadLock(() -> new ArrayList<>(allRRsetsWithoutLock(entry.getValue())));
+          if (sets.isEmpty()) {
+            // Ignore empty sets (they shouldn't exist anyway)
+            continue;
+          }
+
+          current = sets;
+          index = 0;
+          break;
+        }
       }
+
+      return returnedSet;
     }
-    return sb.toString();
-  }
 
-  /** Returns the contents of the Zone as a string (in master file format). */
-  @Override
-  public String toString() {
-    return toMasterFile();
+    /**
+     * Removes the current {@link RRset} from the zone.
+     *
+     * @throws IllegalArgumentException when there are no more elements; on attempting to remove the
+     *     SOA; when attempting to remove the NS set.
+     * @since 3.6
+     */
+    @Override
+    public void remove() {
+      if (returnedSet == null) {
+        throw new IllegalStateException("Not at an element");
+      }
+
+      withWriteLock(() -> removeRRsetWithoutLock(returnedSet.getName(), returnedSet.getType()));
+    }
   }
 }
diff --git a/src/main/java/org/xbill/DNS/ZoneMDRecord.java b/src/main/java/org/xbill/DNS/ZoneMDRecord.java
new file mode 100644
index 000000000..14e39ddbe
--- /dev/null
+++ b/src/main/java/org/xbill/DNS/ZoneMDRecord.java
@@ -0,0 +1,223 @@
+// SPDX-License-Identifier: BSD-3-Clause
+package org.xbill.DNS;
+
+import java.io.IOException;
+import java.util.HashMap;
+import java.util.Map;
+import lombok.Getter;
+import lombok.experimental.UtilityClass;
+import org.xbill.DNS.utils.base16;
+
+/**
+ * ZONEMD Resource record.
+ *
+ * @since 3.6
+ * @see <a href="https://datatracker.ietf.org/doc/html/rfc8976">RFC 8976</a>
+ */
+public class ZoneMDRecord extends Record {
+  /**
+   * ZONEMD Schemes.
+   *
+   * @see <a
+   *     href="https://www.iana.org/assignments/dns-parameters/dns-parameters.xml#zonemd-schemes">IANA
+   *     registry</a>
+   */
+  @UtilityClass
+  public static class Scheme {
+    /** Reserved. */
+    public static final int RESERVED = 0;
+
+    /** Simple ZONEMD collation */
+    public static final int SIMPLE = 1;
+
+    private static final Mnemonic schemes = new Mnemonic("ZONEMD Schemes", Mnemonic.CASE_UPPER);
+
+    static {
+      schemes.setMaximum(0xFF);
+      schemes.setNumericAllowed(true);
+      schemes.add(RESERVED, "RESERVED");
+      schemes.add(SIMPLE, "SIMPLE");
+    }
+
+    /** Converts an algorithm into its textual representation */
+    public static String string(int alg) {
+      return schemes.getText(alg);
+    }
+
+    /**
+     * Converts a textual representation of a scheme into its numeric code. Integers in the range
+     * 0..255 are also accepted.
+     *
+     * @param s The textual representation of the scheme.
+     * @return The algorithm code, or -1 for an unknown scheme.
+     */
+    public static int value(String s) {
+      return schemes.getValue(s);
+    }
+  }
+
+  /**
+   * ZONEMD Hash Algorithms.
+   *
+   * @see <a
+   *     href="https://www.iana.org/assignments/dns-parameters/dns-parameters.xml#zonemd-hash-algorithms">IANA
+   *     registry</a>
+   */
+  @UtilityClass
+  public static class Hash {
+    /** Reserved. */
+    public static final int RESERVED = 0;
+
+    /** SHA-384 */
+    public static final int SHA384 = 1;
+
+    /** SHA-512 */
+    public static final int SHA512 = 2;
+
+    private static final Mnemonic schemes =
+        new Mnemonic("ZONEMD Hash Algorithms", Mnemonic.CASE_UPPER);
+    private static final Map<Integer, Integer> hashLengths = new HashMap<>(2);
+
+    static {
+      schemes.setMaximum(0xFF);
+      schemes.setNumericAllowed(true);
+      schemes.add(RESERVED, "RESERVED");
+      schemes.add(SHA384, "SHA384");
+      hashLengths.put(SHA384, 48);
+      schemes.add(SHA512, "SHA512");
+      hashLengths.put(SHA512, 64);
+    }
+
+    /** Converts an algorithm into its textual representation */
+    public static String string(int alg) {
+      return schemes.getText(alg);
+    }
+
+    /**
+     * Converts a textual representation of a hash algorithm into its numeric code. Integers in the
+     * range 0..255 are also accepted.
+     *
+     * @param s The textual representation of the hash algorithm.
+     * @return The algorithm code, or -1 for an unknown hash algorithm.
+     */
+    public static int value(String s) {
+      return schemes.getValue(s);
+    }
+
+    /**
+     * Gets the length, in bytes, of the specified hash algorithm.
+     *
+     * @return The length, in bytes, or -1 for an unknown hash algorithm.
+     */
+    public static int hashLength(int hashAlgorithm) {
+      Integer len = hashLengths.get(hashAlgorithm);
+      return len == null ? -1 : len;
+    }
+  }
+
+  /**
+   * A 32-bit unsigned integer in network byte order. It is the serial number from the zone's SOA
+   * record (<a href="https://datatracker.ietf.org/doc/html/rfc1035">RFC 1035, Section 3.3.13]</a>)
+   * for which the zone digest was generated.
+   */
+  @Getter private long serial;
+
+  /**
+   * An 8-bit unsigned integer that identifies the methods by which data is collated and presented
+   * as input to the hashing function.
+   *
+   * @see Scheme
+   */
+  @Getter private int scheme;
+
+  /**
+   * An 8-bit unsigned integer that identifies the cryptographic hash algorithm used to construct
+   * the digest.
+   *
+   * @see Hash
+   */
+  @Getter private int hashAlgorithm;
+
+  /**
+   * A byte array containing the output of the hash algorithm. The length is determined by {@link
+   * #getHashAlgorithm()}.
+   *
+   * @see Hash
+   */
+  @Getter private byte[] digest;
+
+  ZoneMDRecord() {}
+
+  public ZoneMDRecord(
+      Name name, int dclass, long ttl, long serial, int scheme, int hashAlgorithm, byte[] digest) {
+    super(name, Type.ZONEMD, dclass, ttl);
+    this.serial = checkU32("serial", serial);
+    this.scheme = checkU8("scheme", scheme);
+    this.hashAlgorithm = checkU8("hashAlgorithm", hashAlgorithm);
+    String validateDigestSizeMessage = getDigestSizeExceptionMessage(hashAlgorithm, digest);
+    if (validateDigestSizeMessage != null) {
+      throw new IllegalArgumentException(validateDigestSizeMessage);
+    }
+    this.digest = digest;
+  }
+
+  @Override
+  protected void rrToWire(DNSOutput out, Compression c, boolean canonical) {
+    out.writeU32(serial);
+    out.writeU8(scheme);
+    out.writeU8(hashAlgorithm);
+    out.writeByteArray(digest);
+  }
+
+  @Override
+  protected void rrFromWire(DNSInput in) throws IOException {
+    serial = in.readU32();
+    scheme = in.readU8();
+    hashAlgorithm = in.readU8();
+    digest = in.readByteArray();
+    String validateDigestSizeMessage = getDigestSizeExceptionMessage(hashAlgorithm, digest);
+    if (validateDigestSizeMessage != null) {
+      throw new WireParseException(validateDigestSizeMessage);
+    }
+  }
+
+  @Override
+  protected String rrToString() {
+    String rr = serial + " " + scheme + " " + hashAlgorithm + " ";
+
+    if (Options.multiline()) {
+      rr += "(" + base16.toString(digest, 48, "\t", true);
+    } else {
+      rr += base16.toString(digest);
+    }
+    return rr;
+  }
+
+  @Override
+  protected void rdataFromString(Tokenizer st, Name origin) throws IOException {
+    serial = st.getUInt32();
+    scheme = st.getUInt8();
+    hashAlgorithm = st.getUInt8();
+    digest = st.getHex(true);
+    String validateDigestSizeMessage = getDigestSizeExceptionMessage(hashAlgorithm, digest);
+    if (validateDigestSizeMessage != null) {
+      throw st.exception(validateDigestSizeMessage);
+    }
+  }
+
+  private String getDigestSizeExceptionMessage(int hashAlgorithm, byte[] digest) {
+    int len = Hash.hashLength(hashAlgorithm);
+    if (len != -1 && len != digest.length) {
+      return "Digest size for "
+          + Hash.string(hashAlgorithm)
+          + " be exactly "
+          + Hash.hashLength(hashAlgorithm)
+          + " bytes, got "
+          + digest.length;
+    } else if (digest.length < 12) {
+      return "Digest size must be at least 12 bytes, got " + digest.length;
+    }
+
+    return null;
+  }
+}
diff --git a/src/main/java/org/xbill/DNS/ZoneTransferIn.java b/src/main/java/org/xbill/DNS/ZoneTransferIn.java
index 177460ff8..eb90c5a28 100644
--- a/src/main/java/org/xbill/DNS/ZoneTransferIn.java
+++ b/src/main/java/org/xbill/DNS/ZoneTransferIn.java
@@ -49,24 +49,24 @@ public class ZoneTransferIn {
   private static final int AXFR = 6;
   private static final int END = 7;
 
-  private Name zname;
+  private final Name zname;
   private int qtype;
   private int dclass;
-  private long ixfr_serial;
-  private boolean want_fallback;
+  private final long ixfrSerial;
+  private final boolean wantFallback;
   private ZoneTransferHandler handler;
 
   private SocketAddress localAddress;
-  private SocketAddress address;
+  private final SocketAddress address;
   private TCPClient client;
-  private TSIG tsig;
+  private final TSIG tsig;
   private TSIG.StreamVerifier verifier;
   private Duration timeout = Duration.ofMinutes(15);
 
   private int state;
-  private long end_serial;
-  private long current_serial;
-  private Record initialsoa;
+  private long endSerial;
+  private long currentSerial;
+  private Record initialSoaRecord;
 
   private int rtype;
 
@@ -155,7 +155,7 @@ public void startIXFRAdds(Record soa) {
     public void handleRecord(Record r) {
       if (ixfr != null) {
         Delta delta = ixfr.get(ixfr.size() - 1);
-        if (delta.adds.size() > 0) {
+        if (!delta.adds.isEmpty()) {
           delta.adds.add(r);
         } else {
           delta.deletes.add(r);
@@ -166,9 +166,7 @@ public void handleRecord(Record r) {
     }
   }
 
-  private ZoneTransferIn() {}
-
-  private ZoneTransferIn(
+  ZoneTransferIn(
       Name zone, int xfrtype, long serial, boolean fallback, SocketAddress address, TSIG key) {
     this.address = address;
     this.tsig = key;
@@ -183,8 +181,8 @@ private ZoneTransferIn(
     }
     qtype = xfrtype;
     dclass = DClass.IN;
-    ixfr_serial = serial;
-    want_fallback = fallback;
+    ixfrSerial = serial;
+    wantFallback = fallback;
     state = INITIALSOA;
   }
 
@@ -330,13 +328,17 @@ public void setLocalAddress(SocketAddress addr) {
   }
 
   private void openConnection() throws IOException {
-    client = new TCPClient(timeout);
+    client = createTcpClient(timeout);
     if (localAddress != null) {
       client.bind(localAddress);
     }
     client.connect(address);
   }
 
+  TCPClient createTcpClient(Duration timeout) throws IOException {
+    return new TCPClient(timeout);
+  }
+
   private void sendQuery() throws IOException {
     Record question = Record.newRecord(zname, qtype, dclass);
 
@@ -344,7 +346,7 @@ private void sendQuery() throws IOException {
     query.getHeader().setOpcode(Opcode.QUERY);
     query.addRecord(question, Section.QUESTION);
     if (qtype == Type.IXFR) {
-      Record soa = new SOARecord(zname, dclass, 0, Name.root, Name.root, ixfr_serial, 0, 0, 0, 0);
+      Record soa = new SOARecord(zname, dclass, 0, Name.root, Name.root, ixfrSerial, 0, 0, 0, 0);
       query.addRecord(soa, Section.AUTHORITY);
     }
     if (tsig != null) {
@@ -369,7 +371,7 @@ private void fail(String s) throws ZoneTransferException {
   }
 
   private void fallback() throws ZoneTransferException {
-    if (!want_fallback) {
+    if (!wantFallback) {
       fail("server doesn't support IXFR");
     }
 
@@ -386,11 +388,11 @@ private void parseRR(Record rec) throws ZoneTransferException {
         if (type != Type.SOA) {
           fail("missing initial SOA");
         }
-        initialsoa = rec;
+        initialSoaRecord = rec;
         // Remember the serial number in the initial SOA; we need it
         // to recognize the end of an IXFR.
-        end_serial = getSOASerial(rec);
-        if (qtype == Type.IXFR && Serial.compare(end_serial, ixfr_serial) <= 0) {
+        endSerial = getSOASerial(rec);
+        if (qtype == Type.IXFR && Serial.compare(endSerial, ixfrSerial) <= 0) {
           logxfr("up to date");
           state = END;
           break;
@@ -401,7 +403,7 @@ private void parseRR(Record rec) throws ZoneTransferException {
       case FIRSTDATA:
         // If the transfer begins with 1 SOA, it's an AXFR.
         // If it begins with 2 SOAs, it's an IXFR.
-        if (qtype == Type.IXFR && type == Type.SOA && getSOASerial(rec) == ixfr_serial) {
+        if (qtype == Type.IXFR && type == Type.SOA && getSOASerial(rec) == ixfrSerial) {
           rtype = Type.IXFR;
           handler.startIXFR();
           logxfr("got incremental response");
@@ -409,7 +411,7 @@ private void parseRR(Record rec) throws ZoneTransferException {
         } else {
           rtype = Type.AXFR;
           handler.startAXFR();
-          handler.handleRecord(initialsoa);
+          handler.handleRecord(initialSoaRecord);
           logxfr("got nonincremental response");
           state = AXFR;
         }
@@ -423,7 +425,7 @@ private void parseRR(Record rec) throws ZoneTransferException {
 
       case IXFR_DEL:
         if (type == Type.SOA) {
-          current_serial = getSOASerial(rec);
+          currentSerial = getSOASerial(rec);
           state = IXFR_ADDSOA;
           parseRR(rec); // Restart...
           return;
@@ -439,11 +441,11 @@ private void parseRR(Record rec) throws ZoneTransferException {
       case IXFR_ADD:
         if (type == Type.SOA) {
           long soa_serial = getSOASerial(rec);
-          if (soa_serial == end_serial) {
+          if (soa_serial == endSerial) {
             state = END;
             break;
-          } else if (soa_serial != current_serial) {
-            fail("IXFR out of sync: expected serial " + current_serial + " , got " + soa_serial);
+          } else if (soa_serial != currentSerial) {
+            fail("IXFR out of sync: expected serial " + currentSerial + " , got " + soa_serial);
           } else {
             state = IXFR_DELSOA;
             parseRR(rec); // Restart...
@@ -477,9 +479,10 @@ private void parseRR(Record rec) throws ZoneTransferException {
   private void closeConnection() {
     try {
       if (client != null) {
-        client.cleanup();
+        client.close();
       }
     } catch (IOException e) {
+      // Ignore
     }
   }
 
@@ -490,7 +493,7 @@ private Message parseMessage(byte[] b) throws WireParseException {
       if (e instanceof WireParseException) {
         throw (WireParseException) e;
       }
-      throw new WireParseException("Error parsing message");
+      throw new WireParseException("Error parsing message", e);
     }
   }
 
@@ -499,14 +502,24 @@ private void doxfr() throws IOException, ZoneTransferException {
     while (state != END) {
       byte[] in = client.recv();
       Message response = parseMessage(in);
+      List<Record> answers = response.getSection(Section.ANSWER);
       if (response.getHeader().getRcode() == Rcode.NOERROR && verifier != null) {
-        int error = verifier.verify(response, in);
+        int error =
+            verifier.verify(response, in, answers.get(answers.size() - 1).getType() == Type.SOA);
         if (error != Rcode.NOERROR) {
-          fail("TSIG failure: " + Rcode.TSIGstring(error));
+          if (verifier.getErrorMessage() != null) {
+            fail(
+                "TSIG failure: "
+                    + Rcode.TSIGstring(error)
+                    + " ("
+                    + verifier.getErrorMessage()
+                    + ")");
+          } else {
+            fail("TSIG failure: " + Rcode.TSIGstring(error));
+          }
         }
       }
 
-      List<Record> answers = response.getSection(Section.ANSWER);
       if (state == INITIALSOA) {
         int rcode = response.getRcode();
         if (rcode != Rcode.NOERROR) {
@@ -533,10 +546,6 @@ private void doxfr() throws IOException, ZoneTransferException {
       for (Record answer : answers) {
         parseRR(answer);
       }
-
-      if (state == END && verifier != null && !response.isVerified()) {
-        fail("last message must be signed");
-      }
     }
   }
 
@@ -567,8 +576,8 @@ public void run(ZoneTransferHandler handler) throws IOException, ZoneTransferExc
    *     itself.
    */
   public void run() throws IOException, ZoneTransferException {
-    BasicHandler handler = new BasicHandler();
-    run(handler);
+    BasicHandler basicHandler = new BasicHandler();
+    run(basicHandler);
   }
 
   private BasicHandler getBasicHandler() throws IllegalArgumentException {
@@ -594,8 +603,8 @@ public boolean isAXFR() {
    *     not stored.
    */
   public List<Record> getAXFR() {
-    BasicHandler handler = getBasicHandler();
-    return handler.axfr;
+    BasicHandler basicHandler = getBasicHandler();
+    return basicHandler.axfr;
   }
 
   /**
@@ -613,8 +622,8 @@ public boolean isIXFR() {
    *     not stored.
    */
   public List<Delta> getIXFR() {
-    BasicHandler handler = getBasicHandler();
-    return handler.ixfr;
+    BasicHandler basicHandler = getBasicHandler();
+    return basicHandler.ixfr;
   }
 
   /**
@@ -625,7 +634,7 @@ public List<Delta> getIXFR() {
    *     not stored.
    */
   public boolean isCurrent() {
-    BasicHandler handler = getBasicHandler();
-    return handler.axfr == null && handler.ixfr == null;
+    BasicHandler basicHandler = getBasicHandler();
+    return basicHandler.axfr == null && basicHandler.ixfr == null;
   }
 }
diff --git a/src/main/java/org/xbill/DNS/config/AndroidResolverConfigProvider.java b/src/main/java/org/xbill/DNS/config/AndroidResolverConfigProvider.java
index 451b50906..c78f10a9a 100644
--- a/src/main/java/org/xbill/DNS/config/AndroidResolverConfigProvider.java
+++ b/src/main/java/org/xbill/DNS/config/AndroidResolverConfigProvider.java
@@ -31,6 +31,7 @@ public static void setContext(Context ctx) {
 
   @Override
   public void initialize() throws InitializationException {
+    reset();
     if (context == null) {
       throw new InitializationException("Context must be initialized by calling setContext");
     }
diff --git a/src/main/java/org/xbill/DNS/config/BaseResolverConfigProvider.java b/src/main/java/org/xbill/DNS/config/BaseResolverConfigProvider.java
index a21698ca5..0d5d0e5c9 100644
--- a/src/main/java/org/xbill/DNS/config/BaseResolverConfigProvider.java
+++ b/src/main/java/org/xbill/DNS/config/BaseResolverConfigProvider.java
@@ -20,12 +20,21 @@
  * @since 3.2
  */
 public abstract class BaseResolverConfigProvider implements ResolverConfigProvider {
-  private static final boolean ipv4only = Boolean.getBoolean("java.net.preferIPv4Stack");
-  private static final boolean ipv6first = Boolean.getBoolean("java.net.preferIPv6Addresses");
+  private static final boolean IPV4_ONLY = Boolean.getBoolean("java.net.preferIPv4Stack");
+  private static final boolean IPV6_FIRST = Boolean.getBoolean("java.net.preferIPv6Addresses");
+
+  protected static final int DEFAULT_PORT = 53;
 
   private final List<InetSocketAddress> nameservers = new ArrayList<>(3);
-  final Logger log = LoggerFactory.getLogger(getClass());
-  List<Name> searchlist = new ArrayList<>(1);
+
+  protected final Logger log = LoggerFactory.getLogger(getClass());
+  protected final List<Name> searchlist = new ArrayList<>(1);
+
+  protected final void reset() {
+    // TODO v4: make a final void initialize() that clears and then calls abstract doInit()
+    nameservers.clear();
+    searchlist.clear();
+  }
 
   protected void parseSearchPathList(String search, String delimiter) {
     if (search != null) {
@@ -82,7 +91,7 @@ protected int parseNdots(String token) {
 
   @Override
   public final List<InetSocketAddress> servers() {
-    if (ipv6first) {
+    if (IPV6_FIRST) {
       // prefer IPv6: return IPv6 first, then IPv4 (each in the order added)
       return nameservers.stream()
           .sorted(
@@ -90,7 +99,7 @@ public final List<InetSocketAddress> servers() {
                   Integer.compare(
                       b.getAddress().getAddress().length, a.getAddress().getAddress().length))
           .collect(Collectors.toList());
-    } else if (ipv4only) {
+    } else if (IPV4_ONLY) {
       // skip IPv6 addresses
       return nameservers.stream()
           .filter(isa -> isa.getAddress() instanceof Inet4Address)
diff --git a/src/main/java/org/xbill/DNS/config/IPHlpAPI.java b/src/main/java/org/xbill/DNS/config/IPHlpAPI.java
index 57c3b8448..eab5c6c68 100644
--- a/src/main/java/org/xbill/DNS/config/IPHlpAPI.java
+++ b/src/main/java/org/xbill/DNS/config/IPHlpAPI.java
@@ -13,6 +13,15 @@
 import java.net.InetAddress;
 import java.net.UnknownHostException;
 
+@SuppressWarnings({
+  "java:S101",
+  "java:S131",
+  "java:S116",
+  "java:S1104",
+  "java:S2160",
+  "java:S100",
+  "unused",
+})
 interface IPHlpAPI extends Library {
   IPHlpAPI INSTANCE = Native.load("IPHlpAPI", IPHlpAPI.class, W32APIOptions.ASCII_OPTIONS);
 
diff --git a/src/main/java/org/xbill/DNS/config/JndiContextResolverConfigProvider.java b/src/main/java/org/xbill/DNS/config/JndiContextResolverConfigProvider.java
index 4127cc587..536cf6dd0 100644
--- a/src/main/java/org/xbill/DNS/config/JndiContextResolverConfigProvider.java
+++ b/src/main/java/org/xbill/DNS/config/JndiContextResolverConfigProvider.java
@@ -41,7 +41,9 @@ private static final class InnerJndiContextResolverConfigProvider
       log.debug("JNDI class: {}", DirContext.class.getName());
     }
 
+    @Override
     public void initialize() {
+      reset();
       Hashtable<String, String> env = new Hashtable<>();
       env.put(Context.INITIAL_CONTEXT_FACTORY, "com.sun.jndi.dns.DnsContextFactory");
       // http://mail.openjdk.java.net/pipermail/net-dev/2017-March/010695.html
diff --git a/src/main/java/org/xbill/DNS/config/PropertyResolverConfigProvider.java b/src/main/java/org/xbill/DNS/config/PropertyResolverConfigProvider.java
index ad4710a25..e570d6ccb 100644
--- a/src/main/java/org/xbill/DNS/config/PropertyResolverConfigProvider.java
+++ b/src/main/java/org/xbill/DNS/config/PropertyResolverConfigProvider.java
@@ -5,7 +5,6 @@
 import java.net.URI;
 import java.net.URISyntaxException;
 import java.util.StringTokenizer;
-import org.xbill.DNS.SimpleResolver;
 
 /**
  * The properties {@link #DNS_SERVER_PROP}, {@link #DNS_SEARCH_PROP} (comma delimited lists) are
@@ -34,6 +33,7 @@ public void initialize() {
    * @since 3.2
    */
   protected void initialize(String serverName, String searchName, String ndotsName) {
+    reset();
     String servers = System.getProperty(serverName);
     if (servers != null) {
       StringTokenizer st = new StringTokenizer(servers, ",");
@@ -43,11 +43,11 @@ protected void initialize(String serverName, String searchName, String ndotsName
           URI uri = new URI("dns://" + server);
           // assume this is an IPv6 address without brackets
           if (uri.getHost() == null) {
-            addNameserver(new InetSocketAddress(server, SimpleResolver.DEFAULT_PORT));
+            addNameserver(new InetSocketAddress(server, DEFAULT_PORT));
           } else {
             int port = uri.getPort();
             if (port == -1) {
-              port = SimpleResolver.DEFAULT_PORT;
+              port = DEFAULT_PORT;
             }
 
             addNameserver(new InetSocketAddress(uri.getHost(), port));
diff --git a/src/main/java/org/xbill/DNS/config/ResolvConfResolverConfigProvider.java b/src/main/java/org/xbill/DNS/config/ResolvConfResolverConfigProvider.java
index 2229cadcf..73ee8b5b6 100644
--- a/src/main/java/org/xbill/DNS/config/ResolvConfResolverConfigProvider.java
+++ b/src/main/java/org/xbill/DNS/config/ResolvConfResolverConfigProvider.java
@@ -15,7 +15,9 @@
 public class ResolvConfResolverConfigProvider extends BaseResolverConfigProvider {
   private int ndots = 1;
 
+  @Override
   public void initialize() {
+    reset();
     // first try the default unix config path
     if (!tryParseResolveConf("/etc/resolv.conf")) {
       // then fallback to netware
@@ -72,6 +74,7 @@ protected void parseResolvConf(InputStream in) throws IOException {
             while (st.hasMoreTokens()) {
               addSearchPath(st.nextToken());
             }
+            break;
 
           case "options":
             while (st.hasMoreTokens()) {
diff --git a/src/main/java/org/xbill/DNS/config/SunJvmResolverConfigProvider.java b/src/main/java/org/xbill/DNS/config/SunJvmResolverConfigProvider.java
index 5f3f057f3..66baeac01 100644
--- a/src/main/java/org/xbill/DNS/config/SunJvmResolverConfigProvider.java
+++ b/src/main/java/org/xbill/DNS/config/SunJvmResolverConfigProvider.java
@@ -10,15 +10,19 @@
  * sun.net.dns.ResolverConfiguration} via reflection.
  *
  * <ul>
- *   <li>As of Java 9, generates an illegal reflective access exception.
- *   <li>As of Java 16, adding the JVM flag {@code --add-opens java.base/sun.net.dns=ALL-UNNAMED} is
- *       required.
+ *   <li>Java 9: generates an illegal reflective access exception.
+ *   <li>Java 16 (classpath): requires adding the JVM flag {@code --add-opens
+ *       java.base/sun.net.dns=ALL-UNNAMED}.
+ *   <li>Java 16 (module path): requires adding the JVM flag {@code --add-opens
+ *       java.base/sun.net.dns=org.dnsjava}.
  *   <li>On Windows, may return invalid nameservers of disconnected NICs before Java 15, <a
  *       href="https://bugs.openjdk.java.net/browse/JDK-7006496">JDK-7006496</a>.
  * </ul>
  */
 public class SunJvmResolverConfigProvider extends BaseResolverConfigProvider {
+  @Override
   public void initialize() throws InitializationException {
+    reset();
     try {
       Class<?> resConfClass = Class.forName("sun.net.dns.ResolverConfiguration");
       Method open = resConfClass.getDeclaredMethod("open");
diff --git a/src/main/java/org/xbill/DNS/config/WindowsResolverConfigProvider.java b/src/main/java/org/xbill/DNS/config/WindowsResolverConfigProvider.java
index 02c61a9be..7e2168caa 100644
--- a/src/main/java/org/xbill/DNS/config/WindowsResolverConfigProvider.java
+++ b/src/main/java/org/xbill/DNS/config/WindowsResolverConfigProvider.java
@@ -55,7 +55,9 @@ private static final class InnerWindowsResolverConfigProvider extends BaseResolv
           Win32Exception.class.getName());
     }
 
+    @Override
     public void initialize() throws InitializationException {
+      reset();
       // The recommended method of calling the GetAdaptersAddresses function is to pre-allocate a
       // 15KB working buffer
       Memory buffer = new Memory(15 * 1024L);
diff --git a/src/main/java/org/xbill/DNS/dnssec/AlgorithmRequirements.java b/src/main/java/org/xbill/DNS/dnssec/AlgorithmRequirements.java
new file mode 100644
index 000000000..2b4a3169c
--- /dev/null
+++ b/src/main/java/org/xbill/DNS/dnssec/AlgorithmRequirements.java
@@ -0,0 +1,136 @@
+// SPDX-License-Identifier: BSD-3-Clause
+// Copyright (c) 2024 Ingo Bauersachs
+// Copyright (c) 2007-2024 NLnet Labs
+package org.xbill.DNS.dnssec;
+
+import java.util.ArrayList;
+import java.util.List;
+import lombok.Getter;
+import org.xbill.DNS.DSRecord;
+import org.xbill.DNS.RRset;
+import org.xbill.DNS.Record;
+
+/** Storage for DNSKEY algorithm requirements. */
+class AlgorithmRequirements {
+  private static final int MAX_ALGORITHMS = 0xFF;
+  private final ValUtils valUtils;
+
+  public AlgorithmRequirements(ValUtils valUtils) {
+    this.valUtils = valUtils;
+  }
+
+  /**
+   * the algorithms (8-bit) with each a number.
+   *
+   * <p>0: not marked.<br>
+   * 1: marked 'necessary but not yet fulfilled'<br>
+   * 2: marked bogus.
+   *
+   * <p>Indexed by algorithm number.
+   */
+  private final short[] needs = new short[MAX_ALGORITHMS];
+
+  /** The number of entries in {@link #needs} that are unfulfilled */
+  @Getter private int num;
+
+  /**
+   * Initialize this instance from a signalled algo list.
+   *
+   * @param sigalg signalled algorithm list.
+   */
+  void initList(List<Integer> sigalg) {
+    num = 0;
+    for (Integer algo : sigalg) {
+      needs[algo] = 1;
+      num++;
+    }
+  }
+
+  /**
+   * Initialize algo needs structure, set algos from rrset as needed.
+   *
+   * @param dsRRset algorithms from this RRset are necessary.
+   * @param favoriteDsAlgorithm filter to use only this DS algo.
+   * @return List of signalled algorithms.
+   */
+  List<Integer> initDs(RRset dsRRset, int favoriteDsAlgorithm) {
+    List<Integer> sigalg = new ArrayList<>();
+    num = 0;
+    for (Record r : dsRRset.rrs(false)) {
+      DSRecord ds = (DSRecord) r;
+      if (ds.getDigestID() != favoriteDsAlgorithm) {
+        continue;
+      }
+
+      int algo = ds.getAlgorithm();
+      if (!valUtils.isAlgorithmSupported(algo)) {
+        continue;
+      }
+
+      if (needs[algo] == 0) {
+        needs[algo] = 1;
+        sigalg.add(algo);
+        num++;
+      }
+    }
+
+    return sigalg;
+  }
+
+  /**
+   * Mark this algorithm as a success ({@link SecurityStatus#SECURE}), and see if we are done.
+   *
+   * @param algo: the algorithm processed to be secure.
+   * @return if true, processing has finished successfully, we are satisfied.
+   */
+  boolean setSecure(int algo) {
+    if (needs[algo] != 0) {
+      needs[algo] = 0;
+      num--;
+      // done!
+      return num == 0;
+    }
+
+    return false;
+  }
+
+  /**
+   * Mark this algorithm a failure ({@link SecurityStatus#BOGUS}). It can later be overridden by a
+   * success for this algorithm (with a different signature).
+   *
+   * @param algo the algorithm processed to be bogus.
+   */
+  void setBogus(int algo) {
+    if (needs[algo] != 0) {
+      // need it, but bogus
+      needs[algo] = 2;
+    }
+  }
+
+  /**
+   * See how many algorithms are missing (not bogus or secure, but not processed)
+   *
+   * @return number of algorithms missing after processing.
+   */
+  int missing() {
+    int miss = -1;
+    // check if a needed algo was bogus - report that,
+    // check the first missing algo - report that,
+    // or return 0
+    for (int i = 0; i < needs.length; i++) {
+      if (needs[i] == 2) {
+        return 0;
+      }
+
+      if (needs[i] == 1 && miss == -1) {
+        miss = i;
+      }
+    }
+
+    if (miss != -1) {
+      return miss;
+    }
+
+    return 0;
+  }
+}
diff --git a/src/main/java/org/xbill/DNS/dnssec/ByteArrayComparator.java b/src/main/java/org/xbill/DNS/dnssec/ByteArrayComparator.java
new file mode 100644
index 000000000..3ef64667f
--- /dev/null
+++ b/src/main/java/org/xbill/DNS/dnssec/ByteArrayComparator.java
@@ -0,0 +1,39 @@
+// SPDX-License-Identifier: BSD-3-Clause
+// Copyright (c) 2005 VeriSign. All rights reserved.
+// Copyright (c) 2013-2021 Ingo Bauersachs
+package org.xbill.DNS.dnssec;
+
+import lombok.experimental.UtilityClass;
+
+/**
+ * This class implements a basic comparator for byte arrays. It is primarily useful for comparing
+ * RDATA portions of DNS records in doing DNSSEC canonical ordering.
+ *
+ * @since 3.5
+ */
+@UtilityClass
+final class ByteArrayComparator {
+  private static final int MAX_BYTE = 0xFF;
+
+  /**
+   * Compares its two arguments for order.
+   *
+   * @param b1 the first object to be compared.
+   * @param b2 the second object to be compared.
+   * @return a negative integer, zero, or a positive integer as the first argument is less than,
+   *     equal to, or greater than the second.
+   */
+  public int compare(byte[] b1, byte[] b2) {
+    if (b1.length != b2.length) {
+      return b1.length - b2.length;
+    }
+
+    for (int i = 0; i < b1.length; i++) {
+      if (b1[i] != b2[i]) {
+        return (b1[i] & MAX_BYTE) - (b2[i] & MAX_BYTE);
+      }
+    }
+
+    return 0;
+  }
+}
diff --git a/src/main/java/org/xbill/DNS/dnssec/DefaultTrustAnchorStore.java b/src/main/java/org/xbill/DNS/dnssec/DefaultTrustAnchorStore.java
new file mode 100644
index 000000000..943910582
--- /dev/null
+++ b/src/main/java/org/xbill/DNS/dnssec/DefaultTrustAnchorStore.java
@@ -0,0 +1,99 @@
+// SPDX-License-Identifier: BSD-3-Clause
+// Copyright (c) 2005 VeriSign. All rights reserved.
+// Copyright (c) 2013-2021 Ingo Bauersachs
+package org.xbill.DNS.dnssec;
+
+import java.util.Collection;
+import java.util.Collections;
+import java.util.HashMap;
+import java.util.Map;
+import org.xbill.DNS.DNSKEYRecord;
+import org.xbill.DNS.DNSSEC;
+import org.xbill.DNS.DSRecord;
+import org.xbill.DNS.Name;
+import org.xbill.DNS.RRset;
+import org.xbill.DNS.Record;
+import org.xbill.DNS.Type;
+
+/** Storage for DS or DNSKEY records that are known to be trusted. */
+final class DefaultTrustAnchorStore implements TrustAnchorStore {
+  private final Map<String, RRset> map;
+
+  /** Creates a new instance of this class. */
+  public DefaultTrustAnchorStore() {
+    this.map = new HashMap<>();
+  }
+
+  /**
+   * Stores the given RRset as known trusted keys. Existing keys for the same name and class are
+   * overwritten.
+   *
+   * @param rrset The key set to store as trusted.
+   */
+  @Override
+  public void store(RRset rrset) {
+    if (rrset.getType() != Type.DS && rrset.getType() != Type.DNSKEY) {
+      throw new IllegalArgumentException("Trust anchors can only be DS or DNSKEY records");
+    }
+
+    if (rrset.getType() == Type.DNSKEY) {
+      SRRset temp = new SRRset();
+      for (Record r : rrset.rrs()) {
+        DNSKEYRecord key = (DNSKEYRecord) r;
+        DSRecord ds =
+            new DSRecord(key.getName(), key.getDClass(), key.getTTL(), DNSSEC.Digest.SHA384, key);
+        temp.addRR(ds);
+      }
+
+      rrset = temp;
+    }
+
+    String k = this.key(rrset.getName(), rrset.getDClass());
+    RRset previous = this.map.put(k, rrset);
+    if (previous != null) {
+      previous.rrs().forEach(rrset::addRR);
+    }
+  }
+
+  /**
+   * Gets the closest trusted key for the given name or <code>null</code> if no match is found.
+   *
+   * @param name The name to search for.
+   * @param dclass The class of the keys.
+   * @return The closest found key for <code>name</code> or <code>null</code>.
+   */
+  @Override
+  public RRset find(Name name, int dclass) {
+    while (name.labels() > 0) {
+      String k = this.key(name, dclass);
+      RRset r = this.lookup(k);
+      if (r != null) {
+        return r;
+      }
+
+      name = new Name(name, 1);
+    }
+
+    return null;
+  }
+
+  /** Removes all stored trust anchors. */
+  @Override
+  public void clear() {
+    this.map.clear();
+  }
+
+  /** Gets all trust anchors currently in use. */
+  @Override
+  public Collection<RRset> items() {
+    return Collections.unmodifiableCollection(this.map.values());
+  }
+
+  private RRset lookup(String key) {
+    return this.map.get(key);
+  }
+
+  private String key(Name n, int dclass) {
+    return "T" + dclass + "/" + n.canonicalize();
+  }
+}
diff --git a/src/main/java/org/xbill/DNS/dnssec/DnsSecVerifier.java b/src/main/java/org/xbill/DNS/dnssec/DnsSecVerifier.java
new file mode 100644
index 000000000..e169f0cad
--- /dev/null
+++ b/src/main/java/org/xbill/DNS/dnssec/DnsSecVerifier.java
@@ -0,0 +1,302 @@
+// SPDX-License-Identifier: BSD-3-Clause
+// Copyright (c) 2005 VeriSign. All rights reserved.
+// Copyright (c) 2007-2024 NLnet Labs
+// Copyright (c) 2013-2024 Ingo Bauersachs
+package org.xbill.DNS.dnssec;
+
+import java.time.Instant;
+import java.util.ArrayList;
+import java.util.Collections;
+import java.util.List;
+import java.util.Properties;
+import lombok.extern.slf4j.Slf4j;
+import org.xbill.DNS.DClass;
+import org.xbill.DNS.DNSKEYRecord;
+import org.xbill.DNS.DNSSEC;
+import org.xbill.DNS.DNSSEC.DNSSECException;
+import org.xbill.DNS.DNSSEC.InvalidDnskeyException;
+import org.xbill.DNS.DNSSEC.KeyMismatchException;
+import org.xbill.DNS.DNSSEC.SignatureExpiredException;
+import org.xbill.DNS.DNSSEC.SignatureNotYetValidException;
+import org.xbill.DNS.ExtendedErrorCodeOption;
+import org.xbill.DNS.RRSIGRecord;
+import org.xbill.DNS.RRset;
+import org.xbill.DNS.Record;
+import org.xbill.DNS.Type;
+
+/**
+ * A class for performing basic DNSSEC verification. The DNSJAVA package contains a similar class.
+ * This is a reimplementation that allows us to have finer control over the validation process.
+ *
+ * @since 3.5
+ */
+@Slf4j
+final class DnsSecVerifier {
+  public static final String MAX_VALIDATE_RRSIGS_PROPERTY = "dnsjava.dnssec.max_validate_rrsigs";
+  private final ValUtils valUtils;
+  private int maxValidateRRsigs;
+
+  public DnsSecVerifier(ValUtils valUtils) {
+    this.valUtils = valUtils;
+  }
+
+  /**
+   * Initialize the module. The recognized configuration values are:
+   *
+   * <ul>
+   *   <li>{@value #MAX_VALIDATE_RRSIGS_PROPERTY}
+   * </ul>
+   *
+   * @param config The configuration data for this module.
+   */
+  public void init(Properties config) {
+    maxValidateRRsigs = Integer.parseInt(config.getProperty(MAX_VALIDATE_RRSIGS_PROPERTY, "8"));
+  }
+
+  /**
+   * Find the matching DNSKEY(s) to an RRSIG within a DNSKEY rrset. Normally this will only return
+   * one DNSKEY. It can return more than one, since KeyID/Footprints are not guaranteed to be
+   * unique.
+   *
+   * @param dnskeyRrset The DNSKEY rrset to search.
+   * @param signature The RRSIG to match against.
+   * @return A List that contains one or more DNSKEYRecord objects; empty if a matching DNSKEY could
+   *     not be found.
+   */
+  private List<DNSKEYRecord> findKey(RRset dnskeyRrset, RRSIGRecord signature) {
+    if (!signature.getSigner().equals(dnskeyRrset.getName())) {
+      log.trace(
+          "Could not find appropriate key because incorrect keyset was supplied. Wanted: {}, got: {}",
+          signature.getSigner(),
+          dnskeyRrset.getName());
+      return Collections.emptyList();
+    }
+
+    int keyid = signature.getFootprint();
+    int alg = signature.getAlgorithm();
+    List<DNSKEYRecord> res = new ArrayList<>(dnskeyRrset.size());
+    for (Record r : dnskeyRrset.rrs(false)) {
+      DNSKEYRecord dnskey = (DNSKEYRecord) r;
+      if (dnskey.getAlgorithm() == alg && dnskey.getFootprint() == keyid) {
+        res.add(dnskey);
+      }
+    }
+
+    return res;
+  }
+
+  /**
+   * Verify an RRset against a particular signature.
+   *
+   * @param rrset The RRset to verify.
+   * @param sigrec The signature record that signs the RRset.
+   * @param keyRrset The keys used to create the signature record.
+   * @param date The date against which to verify the signature.
+   * @return {@link SecurityStatus#SECURE} if the signature verified, {@link SecurityStatus#BOGUS}
+   *     if it did not verify (for any reason), and {@link SecurityStatus#UNCHECKED} if verification
+   *     could not be completed (usually because the public key was not available).
+   */
+  private JustifiedSecStatus verifySignature(
+      SRRset rrset, RRSIGRecord sigrec, KeyEntry keyRrset, Instant date) {
+    if (!rrset.getName().subdomain(sigrec.getSigner())) {
+      log.debug("Signer name {} is off-tree for {}", sigrec.getSigner(), rrset.getName());
+      return new JustifiedSecStatus(
+          SecurityStatus.BOGUS,
+          ExtendedErrorCodeOption.DNSSEC_BOGUS,
+          R.get("dnskey.key_offtree", sigrec.getSigner(), rrset.getName()));
+    }
+
+    List<DNSKEYRecord> keys = this.findKey(keyRrset, sigrec);
+
+    for (DNSKEYRecord dnskey : keys) {
+      try {
+        DNSSEC.verify(rrset, sigrec, dnskey, date);
+        ValUtils.setCanonicalNsecOwner(rrset, sigrec);
+        return new JustifiedSecStatus(SecurityStatus.SECURE, -1, null);
+      } catch (KeyMismatchException kme) {
+        return new JustifiedSecStatus(
+            SecurityStatus.BOGUS, ExtendedErrorCodeOption.DNSSEC_BOGUS, R.get("dnskey.no_match"));
+      } catch (SignatureExpiredException e) {
+        return new JustifiedSecStatus(
+            SecurityStatus.BOGUS,
+            ExtendedErrorCodeOption.SIGNATURE_EXPIRED,
+            R.get("dnskey.expired"));
+      } catch (SignatureNotYetValidException e) {
+        return new JustifiedSecStatus(
+            SecurityStatus.BOGUS,
+            ExtendedErrorCodeOption.SIGNATURE_NOT_YET_VALID,
+            R.get("dnskey.not_yet_valid"));
+      } catch (InvalidDnskeyException e) {
+        return new JustifiedSecStatus(
+            SecurityStatus.BOGUS, e.getEdeCode(), R.get("dnskey.invalid"));
+      } catch (DNSSECException e) {
+        log.error(
+            "Failed to validate RRset <{}/{}/{}>",
+            rrset.getName(),
+            DClass.string(rrset.getDClass()),
+            Type.string(rrset.getType()),
+            e);
+        return new JustifiedSecStatus(
+            SecurityStatus.BOGUS, ExtendedErrorCodeOption.DNSSEC_BOGUS, R.get("dnskey.invalid"));
+      }
+    }
+
+    log.trace("Could not find appropriate key for {}", sigrec);
+    return new JustifiedSecStatus(
+        SecurityStatus.UNCHECKED,
+        ExtendedErrorCodeOption.DNSKEY_MISSING,
+        R.get("dnskey.no_key", sigrec.getSigner()));
+  }
+
+  /**
+   * Verifies an RRset. This routine does not modify the RRset. The RRset is presumed to be
+   * verifiable, and the correct DNSKEY rrset is presumed to have been found.
+   *
+   * @param rrset The RRset to verify.
+   * @param keyRrset The keys to verify the signatures in the RRset to check.
+   * @param date The date against which to verify the rrset.
+   * @return {@link SecurityStatus#SECURE} if the {@link RRset} verified positively, {@link
+   *     SecurityStatus#BOGUS} otherwise.
+   */
+  public JustifiedSecStatus verify(SRRset rrset, KeyEntry keyRrset, Instant date) {
+    List<RRSIGRecord> sigs = rrset.sigs();
+    if (sigs.isEmpty()) {
+      log.info(
+          "RRset <{}/{}/{}> failed to verify due to a lack of signatures",
+          rrset.getName(),
+          DClass.string(rrset.getDClass()),
+          Type.string(rrset.getType()));
+      return new JustifiedSecStatus(
+          SecurityStatus.BOGUS,
+          ExtendedErrorCodeOption.RRSIGS_MISSING,
+          R.get("validate.bogus.missingsig_named", rrset.getName(), Type.string(rrset.getType())));
+    }
+
+    AlgorithmRequirements needs = null;
+    if (keyRrset.getAlgo() != null) {
+      needs = new AlgorithmRequirements(valUtils);
+      needs.initList(keyRrset.getAlgo());
+      if (needs.getNum() == 0) {
+        log.debug("{} has no known algorithms", rrset.getName());
+        return new JustifiedSecStatus(
+            SecurityStatus.INSECURE,
+            ExtendedErrorCodeOption.UNSUPPORTED_DNSKEY_ALGORITHM,
+            R.get("validate.insecure.noalg", rrset.getName()));
+      }
+    }
+
+    JustifiedSecStatus res = null;
+    int numVerified = 0;
+    for (RRSIGRecord sigrec : sigs) {
+      res = this.verifySignature(rrset, sigrec, keyRrset, date);
+      if (res.status == SecurityStatus.SECURE) {
+        if (needs == null || needs.setSecure(sigrec.getAlgorithm())) {
+          return res;
+        }
+      } else if (needs != null && res.status == SecurityStatus.BOGUS) {
+        needs.setBogus(sigrec.getAlgorithm());
+      }
+
+      numVerified++;
+      if (numVerified > maxValidateRRsigs) {
+        log.warn(
+            "RRset <{}/{}/{}> failed to verify: too many signatures",
+            rrset.getName(),
+            DClass.string(rrset.getDClass()),
+            Type.string(rrset.getType()));
+        return new JustifiedSecStatus(
+            SecurityStatus.BOGUS,
+            ExtendedErrorCodeOption.DNSSEC_BOGUS,
+            R.get("validate.bogus.rrsigtoomany", rrset.getName(), Type.string(rrset.getType())));
+      }
+    }
+
+    log.warn(
+        "RRset <{}/{}/{}> failed to verify: all signatures are BOGUS",
+        rrset.getName(),
+        DClass.string(rrset.getDClass()),
+        Type.string(rrset.getType()));
+    return res;
+  }
+
+  /**
+   * Verify an RRset against a single DNSKEY. Use this when you must be certain that an RRset signed
+   * and verifies with a particular DNSKEY (as opposed to a particular DNSKEY rrset).
+   *
+   * @param rrset The rrset to verify.
+   * @param dnskey The DNSKEY to verify with.
+   * @param date The date against which to verify the rrset.
+   * @return {@link SecurityStatus#SECURE} if the {@link RRset} verified, {@link
+   *     SecurityStatus#BOGUS} otherwise.
+   */
+  public JustifiedSecStatus verify(RRset rrset, DNSKEYRecord dnskey, Instant date) {
+    List<RRSIGRecord> sigs = rrset.sigs();
+    if (sigs.isEmpty()) {
+      log.warn(
+          "RRset <{}/{}/{}> failed to verify due to lack of signatures",
+          rrset.getName(),
+          DClass.string(rrset.getDClass()),
+          Type.string(rrset.getType()));
+      return new JustifiedSecStatus(
+          SecurityStatus.BOGUS,
+          ExtendedErrorCodeOption.RRSIGS_MISSING,
+          R.get("validate.bogus.missingsig_named", rrset.getName(), Type.string(rrset.getType())));
+    }
+
+    DNSSECException lastException = null;
+    int numVerified = 0;
+    for (RRSIGRecord sigrec : sigs) {
+      // Skip RRSIGs that do not match our given key's footprint.
+      if (sigrec.getFootprint() != dnskey.getFootprint()) {
+        continue;
+      }
+
+      numVerified++;
+      try {
+        DNSSEC.verify(rrset, sigrec, dnskey, date);
+        return new JustifiedSecStatus(SecurityStatus.SECURE, -1, null);
+      } catch (DNSSECException e) {
+        log.warn(
+            "Failed to validate RRset <{}/{}/{}> with signature {}",
+            rrset.getName(),
+            DClass.string(rrset.getDClass()),
+            Type.string(rrset.getType()),
+            sigrec.getFootprint(),
+            e);
+        lastException = e;
+      }
+
+      if (numVerified > maxValidateRRsigs) {
+        log.warn(
+            "RRset <{}/{}/{}> failed to verify: too many signatures",
+            rrset.getName(),
+            DClass.string(rrset.getDClass()),
+            Type.string(rrset.getType()));
+        return new JustifiedSecStatus(
+            SecurityStatus.BOGUS,
+            ExtendedErrorCodeOption.DNSSEC_BOGUS,
+            R.get("validate.bogus.rrsigtoomany", rrset.getName(), Type.string(rrset.getType())));
+      }
+    }
+
+    log.warn(
+        "RRset <{}/{}/{}> failed to verify: all signatures were BOGUS",
+        rrset.getName(),
+        DClass.string(rrset.getDClass()),
+        Type.string(rrset.getType()));
+    int edeReason = ExtendedErrorCodeOption.DNSSEC_BOGUS;
+    String reason = "dnskey.invalid";
+    if (numVerified == 0) {
+      edeReason = ExtendedErrorCodeOption.DNSKEY_MISSING;
+      reason = "dnskey.no_ds_match";
+    } else if (lastException instanceof SignatureExpiredException) {
+      edeReason = ExtendedErrorCodeOption.SIGNATURE_EXPIRED;
+      reason = "dnskey.expired";
+    } else if (lastException instanceof SignatureNotYetValidException) {
+      edeReason = ExtendedErrorCodeOption.SIGNATURE_NOT_YET_VALID;
+      reason = "dnskey.not_yet_valid";
+    }
+
+    return new JustifiedSecStatus(SecurityStatus.BOGUS, edeReason, R.get(reason));
+  }
+}
diff --git a/src/main/java/org/xbill/DNS/dnssec/FindKeyState.java b/src/main/java/org/xbill/DNS/dnssec/FindKeyState.java
new file mode 100644
index 000000000..a566ad2fa
--- /dev/null
+++ b/src/main/java/org/xbill/DNS/dnssec/FindKeyState.java
@@ -0,0 +1,35 @@
+// SPDX-License-Identifier: BSD-3-Clause
+// Copyright (c) 2005 VeriSign. All rights reserved.
+// Copyright (c) 2013-2021 Ingo Bauersachs
+
+package org.xbill.DNS.dnssec;
+
+import org.xbill.DNS.Name;
+
+/**
+ * State-object for the key-finding phase.
+ *
+ * @since 3.5
+ */
+final class FindKeyState {
+  /** The (initial) DS RRset for the following DNSKEY search and validate phase. */
+  SRRset dsRRset;
+
+  /** Iteratively holds the key during the search phase. */
+  KeyEntry keyEntry;
+
+  /**
+   * The name of the key to search. This is taken from the RRSIG's signer name or the query name if
+   * no signer name is available.
+   */
+  Name signerName;
+
+  /** The query class of the key to find. */
+  int qclass;
+
+  /** Sets the key name being searched for when a DS response is provably not a delegation point. */
+  Name emptyDSName;
+
+  /** The initial key name when the key search is started from a trust anchor. */
+  Name currentDSKeyName;
+}
diff --git a/src/main/java/org/xbill/DNS/dnssec/JustifiedSecStatus.java b/src/main/java/org/xbill/DNS/dnssec/JustifiedSecStatus.java
new file mode 100644
index 000000000..944c3e9fe
--- /dev/null
+++ b/src/main/java/org/xbill/DNS/dnssec/JustifiedSecStatus.java
@@ -0,0 +1,34 @@
+// SPDX-License-Identifier: BSD-3-Clause
+package org.xbill.DNS.dnssec;
+
+/**
+ * Codes for DNSSEC security statuses along with a reason why the status was determined.
+ *
+ * @since 3.5
+ */
+final class JustifiedSecStatus {
+  SecurityStatus status;
+  int edeReason;
+  String reason;
+
+  /**
+   * Creates a new instance of this class.
+   *
+   * @param status The security status.
+   * @param reason The reason why the status was determined.
+   */
+  JustifiedSecStatus(SecurityStatus status, int edeReason, String reason) {
+    this.status = status;
+    this.edeReason = edeReason;
+    this.reason = reason;
+  }
+
+  /**
+   * Applies this security status to a response message.
+   *
+   * @param response The response to which to apply this status.
+   */
+  void applyToResponse(SMessage response) {
+    response.setStatus(this.status, edeReason, this.reason);
+  }
+}
diff --git a/src/main/java/org/xbill/DNS/dnssec/KeyCache.java b/src/main/java/org/xbill/DNS/dnssec/KeyCache.java
new file mode 100644
index 000000000..0d8d159bc
--- /dev/null
+++ b/src/main/java/org/xbill/DNS/dnssec/KeyCache.java
@@ -0,0 +1,167 @@
+// SPDX-License-Identifier: BSD-3-Clause
+// Copyright (c) 2005 VeriSign. All rights reserved.
+// Copyright (c) 2013-2021 Ingo Bauersachs
+package org.xbill.DNS.dnssec;
+
+import java.time.Clock;
+import java.time.Instant;
+import java.time.temporal.ChronoUnit;
+import java.util.Collections;
+import java.util.LinkedHashMap;
+import java.util.Map;
+import java.util.Properties;
+import org.xbill.DNS.Name;
+import org.xbill.DNS.Type;
+
+/**
+ * Cache for DNSKEY RRsets or corresponding null/bad key entries with a limited size and respect for
+ * TTL values.
+ *
+ * @since 3.5
+ */
+final class KeyCache {
+  /** Name of the property that configures the maximum cache TTL. */
+  public static final String MAX_TTL_CONFIG = "dnsjava.dnssec.keycache.max_ttl";
+
+  /** Name of the property that configures the maximum cache size. */
+  public static final String MAX_CACHE_SIZE_CONFIG = "dnsjava.dnssec.keycache.max_size";
+
+  private static final int DEFAULT_MAX_TTL = 900;
+  private static final int DEFAULT_MAX_CACHE_SIZE = 1000;
+
+  /** This is the main caching data structure. */
+  private final Map<String, CacheEntry> cache;
+
+  private final Clock clock;
+
+  /** This is the maximum TTL [s] that all key cache entries will have. */
+  private long maxTtl = DEFAULT_MAX_TTL;
+
+  /** This is the maximum number of entries that the key cache will hold. */
+  private int maxCacheSize = DEFAULT_MAX_CACHE_SIZE;
+
+  /** Creates a new instance of this class. Uses the default system clock for cache eviction. */
+  public KeyCache() {
+    this(Clock.systemUTC());
+  }
+
+  /**
+   * Creates a new instance of this class.
+   *
+   * @param clock The clock to use for cache eviction.
+   */
+  public KeyCache(Clock clock) {
+    this.clock = clock;
+    this.cache =
+        Collections.synchronizedMap(
+            new LinkedHashMap<String, CacheEntry>() {
+              @Override
+              protected boolean removeEldestEntry(Map.Entry<String, CacheEntry> eldest) {
+                return size() >= KeyCache.this.maxCacheSize;
+              }
+            });
+  }
+
+  /**
+   * Initialize the cache. This implementation recognizes the following configuration parameters:
+   *
+   * <dl>
+   *   <dt>{@value #MAX_TTL_CONFIG}
+   *   <dd>The maximum TTL to apply to any cache entry.
+   *   <dt>{@value #MAX_CACHE_SIZE_CONFIG}
+   *   <dd>The maximum number of entries that the cache will hold.
+   * </dl>
+   *
+   * @param config The configuration information.
+   */
+  public void init(Properties config) {
+    if (config == null) {
+      return;
+    }
+
+    String s = config.getProperty(MAX_TTL_CONFIG);
+    if (s != null) {
+      this.maxTtl = Long.parseLong(s);
+    }
+
+    s = config.getProperty(MAX_CACHE_SIZE_CONFIG);
+    if (s != null) {
+      this.maxCacheSize = Integer.parseInt(s);
+    }
+  }
+
+  /**
+   * Find the 'closest' trusted DNSKEY rrset to the given name.
+   *
+   * @param n The name to start the search.
+   * @param dclass The class this DNSKEY rrset should be in.
+   * @return The 'closest' entry to 'n' in the same class as 'dclass'.
+   */
+  public KeyEntry find(Name n, int dclass) {
+    while (n.labels() > 0) {
+      String k = this.key(n, dclass);
+      KeyEntry entry = this.lookupEntry(k);
+      if (entry != null) {
+        return entry;
+      }
+
+      n = new Name(n, 1);
+    }
+
+    return null;
+  }
+
+  /**
+   * Store a {@link KeyEntry} in the cache. The entry will be ignored if it isn't a DNSKEY rrset, if
+   * it doesn't have the SECURE security status, or if it isn't a null-Key.
+   *
+   * @param ke The key entry to cache.
+   */
+  public void store(KeyEntry ke) {
+    if (!ke.isGood() && !ke.isNull()) {
+      return;
+    }
+
+    if (ke.getType() != Type.DNSKEY) {
+      return;
+    }
+
+    String k = this.key(ke.getName(), ke.getDClass());
+    CacheEntry ce = new CacheEntry(ke, this.maxTtl);
+    this.cache.put(k, ce);
+  }
+
+  private String key(Name n, int dclass) {
+    return "K" + dclass + "/" + n;
+  }
+
+  private KeyEntry lookupEntry(String key) {
+    CacheEntry centry = this.cache.get(key);
+    if (centry == null) {
+      return null;
+    }
+
+    if (centry.expiration.isBefore(clock.instant())) {
+      this.cache.remove(key);
+      return null;
+    }
+
+    return centry.keyEntry;
+  }
+
+  /** Utility class to cache key entries with an expiration date. */
+  private class CacheEntry {
+    private final Instant expiration;
+    private final KeyEntry keyEntry;
+
+    CacheEntry(KeyEntry keyEntry, long maxTtl) {
+      long ttl = keyEntry.getTTL();
+      if (ttl > maxTtl) {
+        ttl = maxTtl;
+      }
+
+      this.expiration = clock.instant().plus(ttl, ChronoUnit.SECONDS);
+      this.keyEntry = keyEntry;
+    }
+  }
+}
diff --git a/src/main/java/org/xbill/DNS/dnssec/KeyEntry.java b/src/main/java/org/xbill/DNS/dnssec/KeyEntry.java
new file mode 100644
index 000000000..75745411d
--- /dev/null
+++ b/src/main/java/org/xbill/DNS/dnssec/KeyEntry.java
@@ -0,0 +1,207 @@
+// SPDX-License-Identifier: BSD-3-Clause
+// Copyright (c) 2005 VeriSign. All rights reserved.
+// Copyright (c) 2013-2021 Ingo Bauersachs
+
+package org.xbill.DNS.dnssec;
+
+import java.util.List;
+import lombok.EqualsAndHashCode;
+import lombok.Getter;
+import lombok.extern.slf4j.Slf4j;
+import org.xbill.DNS.DClass;
+import org.xbill.DNS.ExtendedErrorCodeOption;
+import org.xbill.DNS.Name;
+import org.xbill.DNS.Record;
+import org.xbill.DNS.Type;
+
+/**
+ * DNSKEY cache entry for a given {@link Name}, with or without actual keys.
+ *
+ * @since 3.5
+ */
+@Slf4j
+@EqualsAndHashCode(
+    callSuper = true,
+    of = {"edeReason", "badReason", "isEmpty"})
+final class KeyEntry extends SRRset {
+  /** List of algorithms signalled, may be {@code null}. */
+  @Getter private final List<Integer> algo;
+
+  private int edeReason = -1;
+  private String badReason;
+  private boolean isEmpty;
+
+  /**
+   * Create a new, positive key entry.
+   *
+   * @param rrset The set of records to cache.
+   */
+  private KeyEntry(SRRset rrset) {
+    this(rrset, null);
+  }
+
+  /**
+   * Create a new, positive key entry.
+   *
+   * @param rrset The set of records to cache.
+   * @param sigalg signalled algorithm list, may be {@code null}.
+   */
+  private KeyEntry(SRRset rrset, List<Integer> sigalg) {
+    super(rrset);
+    this.algo = sigalg;
+  }
+
+  private KeyEntry(Name name, int dclass, long ttl, boolean isBad) {
+    super(new SRRset(Record.newRecord(name, Type.DNSKEY, dclass, ttl)));
+    this.isEmpty = true;
+    this.algo = null;
+    if (isBad) {
+      setSecurityStatus(SecurityStatus.BOGUS);
+    }
+  }
+
+  /**
+   * Creates a new key entry from actual DNSKEYs.
+   *
+   * @param rrset The DNSKEYs to cache.
+   * @return The created key entry.
+   */
+  public static KeyEntry newKeyEntry(SRRset rrset) {
+    return new KeyEntry(rrset);
+  }
+
+  /**
+   * Creates a new key entry from actual DNSKEYs.
+   *
+   * @param rrset The DNSKEYs to cache.
+   * @param sigalg signalled algorithm list, may be {@code null}.
+   * @return The created key entry.
+   */
+  public static KeyEntry newKeyEntry(SRRset rrset, List<Integer> sigalg) {
+    return new KeyEntry(rrset, sigalg);
+  }
+
+  /**
+   * Creates a new trusted key entry without actual DNSKEYs, i.e. it is proven that there are no
+   * keys.
+   *
+   * @param n The name for which the empty cache entry is created.
+   * @param dclass The DNS class.
+   * @param ttl The TTL [s].
+   * @return The created key entry.
+   */
+  public static KeyEntry newNullKeyEntry(Name n, int dclass, long ttl) {
+    return new KeyEntry(n, dclass, ttl, false);
+  }
+
+  /**
+   * Creates a new bad key entry without actual DNSKEYs, i.e. from a response that did not validate.
+   *
+   * @param n The name for which the bad cache entry is created.
+   * @param dclass The DNS class.
+   * @param ttl The TTL [s].
+   * @return The created key entry.s
+   */
+  public static KeyEntry newBadKeyEntry(Name n, int dclass, long ttl) {
+    return new KeyEntry(n, dclass, ttl, true);
+  }
+
+  /**
+   * Gets an indication if this is a null key, i.e. a proven secure response without keys.
+   *
+   * @return <code>True</code> is it is null, <code>false</code> otherwise.
+   */
+  public boolean isNull() {
+    return this.isEmpty && this.getSecurityStatus() == SecurityStatus.UNCHECKED;
+  }
+
+  /**
+   * Gets an indication if this is a bad key, i.e. an invalid response.
+   *
+   * @return <code>True</code> is it is bad, <code>false</code> otherwise.
+   */
+  public boolean isBad() {
+    return this.isEmpty && this.getSecurityStatus() == SecurityStatus.BOGUS;
+  }
+
+  /**
+   * Gets an indication if this is a good key, i.e. a proven secure response with keys.
+   *
+   * @return <code>True</code> is it is good, <code>false</code> otherwise.
+   */
+  public boolean isGood() {
+    return !this.isEmpty && this.getSecurityStatus() == SecurityStatus.SECURE;
+  }
+
+  /**
+   * Sets the reason why this key entry is bad.
+   *
+   * @param reason The reason why this key entry is bad.
+   */
+  public void setBadReason(int edeReason, String reason) {
+    this.edeReason = edeReason;
+    this.badReason = reason;
+  }
+
+  /**
+   * Validate if this key instance is valid for the specified name.
+   *
+   * @param set the set against which this key is validated.
+   * @return A security status indicating if this key is valid, or if not, why.
+   */
+  JustifiedSecStatus validateKeyFor(SRRset set) {
+    // signerName being null is the indicator that this response was
+    // unsigned
+    Name signerName = set.getSignerName();
+    if (signerName == null) {
+      // A synthesized CNAME has no key, but since it was created from a signed DNAME, it's valid
+      if (set.getType() == Type.CNAME && set.getSecurityStatus() == SecurityStatus.SECURE) {
+        return new JustifiedSecStatus(set.getSecurityStatus(), -1, null);
+      }
+
+      log.debug(
+          "No signerName for <{}/{}/{}>",
+          set.getName(),
+          DClass.string(set.getDClass()),
+          Type.string(set.getType()));
+
+      // Unsigned responses must be underneath a "null" key entry.
+      if (this.isNull()) {
+        String reason = this.badReason;
+        if (reason == null) {
+          reason = R.get("validate.insecure_unsigned");
+        }
+
+        return new JustifiedSecStatus(SecurityStatus.INSECURE, edeReason, reason);
+      }
+
+      if (this.isGood()) {
+        return new JustifiedSecStatus(
+            SecurityStatus.BOGUS,
+            ExtendedErrorCodeOption.RRSIGS_MISSING,
+            R.get("validate.bogus.missingsig"));
+      }
+
+      return new JustifiedSecStatus(
+          SecurityStatus.BOGUS, edeReason, R.get("validate.bogus", this.badReason));
+    }
+
+    if (this.isBad()) {
+      return new JustifiedSecStatus(
+          SecurityStatus.BOGUS,
+          edeReason,
+          R.get("validate.bogus.badkey", this.getName(), this.badReason));
+    }
+
+    if (this.isNull()) {
+      String reason = this.badReason;
+      if (reason == null) {
+        reason = R.get("validate.insecure");
+      }
+
+      return new JustifiedSecStatus(SecurityStatus.INSECURE, edeReason, reason);
+    }
+
+    return null;
+  }
+}
diff --git a/src/main/java/org/xbill/DNS/dnssec/NSEC3ValUtils.java b/src/main/java/org/xbill/DNS/dnssec/NSEC3ValUtils.java
new file mode 100644
index 000000000..50aafb62b
--- /dev/null
+++ b/src/main/java/org/xbill/DNS/dnssec/NSEC3ValUtils.java
@@ -0,0 +1,810 @@
+// SPDX-License-Identifier: BSD-3-Clause
+// Copyright (c) 2005 VeriSign. All rights reserved.
+// Copyright (c) 2007-2024 NLnet Labs
+// Copyright (c) 2013-2024 Ingo Bauersachs
+package org.xbill.DNS.dnssec;
+
+import static org.xbill.DNS.ExtendedErrorCodeOption.DNSSEC_BOGUS;
+import static org.xbill.DNS.ExtendedErrorCodeOption.NSEC_MISSING;
+
+import java.security.NoSuchAlgorithmException;
+import java.security.interfaces.DSAPublicKey;
+import java.security.interfaces.ECPublicKey;
+import java.security.interfaces.RSAPublicKey;
+import java.util.HashMap;
+import java.util.List;
+import java.util.ListIterator;
+import java.util.Map;
+import java.util.Properties;
+import java.util.TreeMap;
+import lombok.extern.slf4j.Slf4j;
+import org.xbill.DNS.DNSKEYRecord;
+import org.xbill.DNS.DNSSEC.Algorithm;
+import org.xbill.DNS.DNSSEC.DNSSECException;
+import org.xbill.DNS.ExtendedErrorCodeOption;
+import org.xbill.DNS.NSEC3Record;
+import org.xbill.DNS.NSEC3Record.Flags;
+import org.xbill.DNS.Name;
+import org.xbill.DNS.NameTooLongException;
+import org.xbill.DNS.Record;
+import org.xbill.DNS.TextParseException;
+import org.xbill.DNS.Type;
+import org.xbill.DNS.utils.base32;
+
+/**
+ * NSEC3 non-existence proof utilities.
+ *
+ * @since 3.5
+ */
+@Slf4j
+final class NSEC3ValUtils {
+  public static final String NSEC3_MAX_ITERATIONS_PROPERTY_PREFIX =
+      "dnsjava.dnssec.nsec3.iterations";
+  private static final Name ASTERISK_LABEL = Name.fromConstantString("*");
+
+  private static final int MAX_ITERATION_COUNT = 65536;
+
+  /**
+   * Max number of NSEC3 calculations at once. 8 is low enough and allows for cases where multiple
+   * proofs are needed.
+   */
+  private static final int MAX_NSEC3_CALCULATIONS = 8;
+
+  /**
+   * When all allowed NSEC3 calculations at once resulted in error treat as bogus. NSEC3 hash errors
+   * are not cached and this helps breaks loops with erroneous data.
+   */
+  private static final int MAX_NSEC3_ERRORS = -1;
+
+  private final TreeMap<Integer, Integer> maxIterations;
+
+  /** Creates a new instance of this class. */
+  NSEC3ValUtils() {
+    // see RFC5155#10.3 for the max iteration count
+    this.maxIterations = new TreeMap<>();
+    this.maxIterations.put(1024, 150);
+    this.maxIterations.put(2048, 500);
+    this.maxIterations.put(4096, 2500);
+  }
+
+  /**
+   * Loads the configuration data. Supported properties are:
+   *
+   * <ul>
+   *   <li>{@value #NSEC3_MAX_ITERATIONS_PROPERTY_PREFIX}.M=N
+   * </ul>
+   *
+   * @param config The configuration data.
+   */
+  void init(Properties config) {
+    boolean first = true;
+    for (Map.Entry<?, ?> s : config.entrySet()) {
+      String key = s.getKey().toString();
+      if (key.startsWith(NSEC3_MAX_ITERATIONS_PROPERTY_PREFIX)) {
+        int keySize = Integer.parseInt(key.substring(key.lastIndexOf(".") + 1));
+        int iterations = Integer.parseInt(s.getValue().toString());
+        if (iterations > MAX_ITERATION_COUNT) {
+          throw new IllegalArgumentException(
+              iterations + " iterations is too high, maximum is " + MAX_ITERATION_COUNT);
+        }
+
+        if (first) {
+          first = false;
+          this.maxIterations.clear();
+        }
+
+        this.maxIterations.put(keySize, iterations);
+      }
+    }
+  }
+
+  /** This is just a simple class to encapsulate the response to a closest encloser proof. */
+  private static final class CEResponse {
+    private final Name closestEncloser;
+    private final NSEC3Record ceNsec3;
+    private NSEC3Record ncNsec3;
+
+    /**
+     *
+     *
+     * <ul>
+     *   <li>bogus if no closest encloser could be proven.
+     *   <li>secure if a closest encloser could be proven, ce is set.
+     *   <li>insecure if the closest-encloser candidate turns out to prove that an insecure
+     *       delegation exists above the qname.
+     * </ul>
+     */
+    private SecurityStatus status = SecurityStatus.UNCHECKED;
+
+    private CEResponse(Name ce, NSEC3Record nsec3) {
+      this.closestEncloser = ce;
+      this.ceNsec3 = nsec3;
+    }
+  }
+
+  private boolean supportsHashAlgorithm(int alg) {
+    return alg == NSEC3Record.SHA1_DIGEST_ID;
+  }
+
+  /**
+   * Remove all records whose algorithm is unknown.
+   *
+   * @param nsec3s List of NSEC3 records to check. The list is modified by this method.
+   */
+  public void stripUnknownAlgNSEC3s(List<SRRset> nsec3s) {
+    for (ListIterator<SRRset> i = nsec3s.listIterator(); i.hasNext(); ) {
+      NSEC3Record nsec3 = (NSEC3Record) i.next().first();
+      if (!this.supportsHashAlgorithm(nsec3.getHashAlgorithm())) {
+        i.remove();
+      }
+    }
+  }
+
+  /**
+   * Given the name of a closest encloser, return the name *.closest_encloser.
+   *
+   * @param closestEncloser The name to start with.
+   * @return The wildcard name.
+   */
+  private Name ceWildcard(Name closestEncloser) {
+    try {
+      return Name.concatenate(ASTERISK_LABEL, closestEncloser);
+    } catch (NameTooLongException e) {
+      return null;
+    }
+  }
+
+  /**
+   * Given a qname and its proven closest encloser, calculate the "next closest" name. Basically,
+   * this is the name that is one label longer than the closest encloser that is still a subdomain
+   * of qname.
+   *
+   * @param qname The qname.
+   * @param closestEncloser The closest encloser name.
+   * @return The next closer name.
+   */
+  private Name nextClosest(Name qname, Name closestEncloser) {
+    int strip = qname.labels() - closestEncloser.labels() - 1;
+    return (strip > 0) ? new Name(qname, strip) : qname;
+  }
+
+  /**
+   * Find the NSEC3Record that matches a hash of a name.
+   *
+   * @param name The name to find.
+   * @param zonename The name of the zone that the NSEC3s are from.
+   * @param nsec3s A list of NSEC3Records from a given message.
+   * @param state State to keep track of NSEC3 hashes and calculation count.
+   * @return The matching NSEC3Record if one is present, null otherwise.
+   */
+  private NSEC3Record findMatchingNSEC3(
+      Name name, Name zonename, List<SRRset> nsec3s, Nsec3ValidationState state) {
+    for (SRRset set : nsec3s) {
+      if (state.numCalc >= MAX_NSEC3_CALCULATIONS) {
+        if (state.numCalc == state.numCalcErrors) {
+          log.debug("NSEC3 reached max. hash calculation errors");
+          state.numCalc = MAX_NSEC3_ERRORS;
+        } else {
+          log.debug("NSEC3 reached max. hash calculations");
+        }
+        break;
+      }
+
+      try {
+        NSEC3Record nsec3 = (NSEC3Record) set.first();
+        Nsec3ValidationState.Nsec3CacheEntry hash = state.computeIfAbsent(nsec3, name);
+        Name complete = new Name(hash.getHashAsBase32(), zonename);
+        if (complete.equals(nsec3.getName())) {
+          return nsec3;
+        }
+      } catch (NoSuchAlgorithmException | TextParseException e) {
+        state.numCalcErrors++;
+        log.debug("Unrecognized NSEC3 in set: {}", set, e);
+      }
+    }
+
+    return null;
+  }
+
+  /**
+   * Given a hash and a candidate NSEC3Record, determine if that NSEC3Record covers the hash. Covers
+   * specifically means that the hash is in between the owner and next hashes and does not equal
+   * either.
+   *
+   * @param nsec3 The candidate NSEC3Record.
+   * @param zonename The zone name.
+   * @param hash The precalculated hash.
+   * @return True if the NSEC3Record covers the hash.
+   */
+  private boolean nsec3Covers(NSEC3Record nsec3, Name zonename, byte[] hash) {
+    if (!new Name(nsec3.getName(), 1).equals(zonename)) {
+      return false;
+    }
+
+    byte[] owner =
+        new base32(base32.Alphabet.BASE32HEX, false, false)
+            .fromString(nsec3.getName().getLabelString(0));
+    byte[] next = nsec3.getNext();
+
+    // This is the "normal case: owner < next and owner < hash < next
+    if (ByteArrayComparator.compare(owner, hash) < 0
+        && ByteArrayComparator.compare(hash, next) < 0) {
+      return true;
+    }
+
+    // this is the end of zone case: next <= owner AND (hash > owner OR hash < next)
+    // Otherwise, the NSEC3 does not cover the hash.
+    return ByteArrayComparator.compare(next, owner) <= 0
+        && (ByteArrayComparator.compare(hash, owner) > 0
+            || ByteArrayComparator.compare(hash, next) < 0);
+  }
+
+  /**
+   * Given a pre-hashed name, find a covering NSEC3 from among a list of NSEC3s.
+   *
+   * @param name The name to consider.
+   * @param zonename The name of the zone.
+   * @param nsec3s The list of NSEC3s present in a message.
+   * @param state State to keep track of NSEC3 hashes and calculation count.
+   * @return A covering NSEC3 if one is present, null otherwise.
+   */
+  private NSEC3Record findCoveringNSEC3(
+      Name name, Name zonename, List<SRRset> nsec3s, Nsec3ValidationState state) {
+    for (SRRset set : nsec3s) {
+      // Check if we are allowed more calculations
+      if (state.numCalc >= MAX_NSEC3_CALCULATIONS) {
+        if (state.numCalcErrors == state.numCalc) {
+          state.numCalc = MAX_NSEC3_ERRORS;
+        }
+
+        return null;
+      }
+
+      try {
+        NSEC3Record nsec3 = (NSEC3Record) set.first();
+        Nsec3ValidationState.Nsec3CacheEntry hash = state.computeIfAbsent(nsec3, name);
+        if (this.nsec3Covers(nsec3, zonename, hash.getHash())) {
+          return nsec3;
+        }
+      } catch (NoSuchAlgorithmException e) {
+        // Malformed NSEC3
+        state.numCalcErrors++;
+        log.debug("Unrecognized NSEC3 in set: {}", set, e);
+      }
+    }
+
+    return null;
+  }
+
+  /**
+   * Given a name and a list of NSEC3s, find the candidate closest encloser. This will be the first
+   * ancestor of 'name' (including itself) to have a matching NSEC3 RR.
+   *
+   * @param name The name the start with.
+   * @param zonename The name of the zone that the NSEC3s came from.
+   * @param nsec3s The list of NSEC3s.
+   * @param state State to keep track of NSEC3 hashes and calculation count.
+   * @return A CEResponse containing the closest encloser name and the NSEC3 RR that matched it, or
+   *     null if there wasn't one.
+   */
+  private CEResponse findClosestEncloser(
+      Name name, Name zonename, List<SRRset> nsec3s, Nsec3ValidationState state) {
+    // This scans from longest name to shortest, so the first match we find
+    // is the only viable candidate.
+    // FIXME: modify so that the NSEC3 matching the zone apex need not be present
+    while (name.labels() >= zonename.labels()) {
+      if (state.numCalc >= MAX_NSEC3_CALCULATIONS || state.numCalc == MAX_NSEC3_ERRORS) {
+        log.debug("NSEC3 reached max. hash calculations");
+        break;
+      }
+
+      NSEC3Record nsec3 = this.findMatchingNSEC3(name, zonename, nsec3s, state);
+      if (nsec3 != null) {
+        return new CEResponse(name, nsec3);
+      }
+
+      name = new Name(name, 1);
+    }
+
+    return null;
+  }
+
+  /**
+   * Given a List of nsec3 RRs, find and prove the closest encloser to qname.
+   *
+   * @param qname The qname in question.
+   * @param zonename The name of the zone that the NSEC3 RRs come from.
+   * @param nsec3s The list of NSEC3s found the this response (already verified).
+   * @param state State to keep track of NSEC3 hashes and calculation count.
+   * @return A CEResponse object which contains the closest encloser name and the NSEC3 that matches
+   *     it.
+   */
+  private CEResponse proveClosestEncloser(
+      Name qname, Name zonename, List<SRRset> nsec3s, Nsec3ValidationState state) {
+    CEResponse candidate = this.findClosestEncloser(qname, zonename, nsec3s, state);
+    if (candidate == null) {
+      log.debug("Could not find a candidate for the closest encloser");
+      candidate = new CEResponse(Name.empty, null);
+      candidate.status = SecurityStatus.BOGUS;
+      return candidate;
+    }
+
+    if (candidate.closestEncloser.equals(qname)) {
+      log.debug("Proved that qname existed!");
+      candidate.status = SecurityStatus.BOGUS;
+      return candidate;
+    }
+
+    // If the closest encloser is actually a delegation, then the response
+    // should have been a referral. If it is a DNAME, then it should have
+    // been a DNAME response.
+    if (candidate.ceNsec3.hasType(Type.NS) && !candidate.ceNsec3.hasType(Type.SOA)) {
+      if (!candidate.ceNsec3.hasType(Type.DS)) {
+        candidate.status = SecurityStatus.INSECURE;
+        return candidate;
+      }
+
+      log.debug("Closest encloser was a delegation!");
+      candidate.status = SecurityStatus.BOGUS;
+      return candidate;
+    }
+
+    if (candidate.ceNsec3.hasType(Type.DNAME)) {
+      log.debug("Closest encloser was a DNAME!");
+      candidate.status = SecurityStatus.BOGUS;
+      return candidate;
+    }
+
+    // Otherwise, we need to show that the next closer name is covered.
+    Name nextClosest = this.nextClosest(qname, candidate.closestEncloser);
+    candidate.ncNsec3 = this.findCoveringNSEC3(nextClosest, zonename, nsec3s, state);
+    if (candidate.ncNsec3 == null) {
+      log.debug("Could not find proof that the closest encloser was the closest encloser");
+      candidate.status = SecurityStatus.BOGUS;
+      return candidate;
+    }
+
+    candidate.status = SecurityStatus.SECURE;
+    return candidate;
+  }
+
+  private boolean validIterations(SRRset nsec, KeyCache keyCache) {
+    SRRset dnskeyRrset = keyCache.find(nsec.getSignerName(), nsec.getDClass());
+    if (dnskeyRrset == null) {
+      return false;
+    }
+
+    // for now, we return the maximum iterations based simply on the key
+    // algorithms that may have been used to sign the NSEC3 RRsets.
+    try {
+      // Compute size of smallest ZSK key in the rrset
+      int smallestKeySize = Integer.MAX_VALUE;
+      for (Record r : dnskeyRrset.rrs(false)) {
+        DNSKEYRecord dnskey = (DNSKEYRecord) r;
+        if ((dnskey.getFlags() & DNSKEYRecord.Flags.ZONE_KEY) != DNSKEYRecord.Flags.ZONE_KEY) {
+          continue;
+        }
+
+        int keysize;
+        switch (dnskey.getAlgorithm()) {
+          case Algorithm.RSAMD5:
+            return false; // obsoleted by rfc6725
+          case Algorithm.RSASHA1:
+          case Algorithm.RSASHA256:
+          case Algorithm.RSASHA512:
+          case Algorithm.RSA_NSEC3_SHA1:
+            keysize = ((RSAPublicKey) dnskey.getPublicKey()).getModulus().bitLength();
+            break;
+          case Algorithm.DSA:
+          case Algorithm.DSA_NSEC3_SHA1:
+            keysize = ((DSAPublicKey) dnskey.getPublicKey()).getParams().getP().bitLength();
+            break;
+          case Algorithm.ECDSAP256SHA256:
+          case Algorithm.ECDSAP384SHA384:
+            keysize =
+                ((ECPublicKey) dnskey.getPublicKey())
+                    .getParams()
+                    .getCurve()
+                    .getField()
+                    .getFieldSize();
+            break;
+          case Algorithm.ECC_GOST:
+            keysize = 512;
+            break;
+          case Algorithm.ED25519:
+            keysize = 256;
+            break;
+          case Algorithm.ED448:
+            keysize = 456;
+            break;
+          default:
+            return false;
+        }
+
+        if (keysize < smallestKeySize) {
+          smallestKeySize = keysize;
+        }
+      }
+
+      // Round up to nearest config key size
+      Integer maxIterationsForKeySet = this.maxIterations.floorKey(smallestKeySize);
+      if (maxIterationsForKeySet == null) {
+        maxIterationsForKeySet = this.maxIterations.firstKey();
+      }
+
+      maxIterationsForKeySet = this.maxIterations.get(maxIterationsForKeySet);
+      return ((NSEC3Record) nsec.first()).getIterations() <= maxIterationsForKeySet;
+    } catch (DNSSECException e) {
+      log.error("Could not get public key from NSEC3 record", e);
+      return false;
+    }
+  }
+
+  /**
+   * Determine if all of the NSEC3s in a response are legally ignoreable (i.e., their presence
+   * should lead to an INSECURE result). Currently, this is solely based on iterations.
+   *
+   * @param nsec3s The list of NSEC3s. If there is more than one set of NSEC3 parameters present,
+   *     this test will not be performed.
+   * @param dnskeyRrset The set of validating DNSKEYs.
+   * @return true if all NSEC3s can be legally ignored, false if not.
+   */
+  public boolean allNSEC3sIgnorable(List<SRRset> nsec3s, KeyCache dnskeyRrset) {
+    Map<Name, NSEC3Record> foundNsecs = new HashMap<>();
+    for (SRRset set : nsec3s) {
+      for (Record r : set.rrs()) {
+        NSEC3Record current = (NSEC3Record) r;
+        Name key = new Name(current.getName(), 1);
+        NSEC3Record previous = foundNsecs.get(key);
+        if (previous != null) {
+          if (current.getHashAlgorithm() != previous.getHashAlgorithm()) {
+            return true;
+          }
+
+          if (current.getIterations() != previous.getIterations()) {
+            return true;
+          }
+
+          if (current.getSalt() == null ^ previous.getSalt() == null) {
+            return true;
+          }
+
+          if (current.getSalt() != null
+              && ByteArrayComparator.compare(current.getSalt(), previous.getSalt()) != 0) {
+            return true;
+          }
+        } else {
+          foundNsecs.put(key, current);
+        }
+      }
+    }
+
+    for (SRRset set : nsec3s) {
+      if (this.validIterations(set, dnskeyRrset)) {
+        return false;
+      }
+    }
+
+    return true;
+  }
+
+  /**
+   * Determine if the set of NSEC3 records provided with a response prove NAME ERROR. This means
+   * that the NSEC3s prove a) the closest encloser exists, b) the direct child of the closest
+   * encloser towards qname doesn't exist, and c) *.closest encloser does not exist.
+   *
+   * @param nsec3s The list of NSEC3s.
+   * @param qname The query name to check against.
+   * @param zonename This is the name of the zone that the NSEC3s belong to. This may be discovered
+   *     in any number of ways. A good one is to use the signerName from the NSEC3 record's RRSIG.
+   * @param state State to keep track of NSEC3 hashes and calculation count.
+   * @return {@link SecurityStatus#SECURE} of the Name Error is proven by the NSEC3 RRs, {@link
+   *     SecurityStatus#BOGUS} if not, {@link SecurityStatus#INSECURE} if all of the NSEC3s could be
+   *     validly ignored.
+   */
+  public SecurityStatus proveNameError(
+      List<SRRset> nsec3s, Name qname, Name zonename, Nsec3ValidationState state) {
+    if (nsec3s == null || nsec3s.isEmpty()) {
+      return SecurityStatus.BOGUS;
+    }
+
+    // First locate and prove the closest encloser to qname. We will use the
+    // variant that fails if the closest encloser turns out to be qname.
+    CEResponse ce = this.proveClosestEncloser(qname, zonename, nsec3s, state);
+
+    if (ce.status != SecurityStatus.SECURE) {
+      log.debug("Failed to prove a closest encloser");
+      return ce.status;
+    }
+
+    // At this point, we know that qname does not exist. Now we need to
+    // prove that the wildcard does not exist.
+    Name wc = this.ceWildcard(ce.closestEncloser);
+    if (wc == null) {
+      return SecurityStatus.BOGUS;
+    }
+
+    NSEC3Record nsec3 = this.findCoveringNSEC3(wc, zonename, nsec3s, state);
+    if (nsec3 == null) {
+      log.debug("Could not prove that the applicable wildcard did not exist");
+      if (state.numCalc == MAX_NSEC3_ERRORS) {
+        log.debug("NSEC3 reached max. hash calculation errors");
+        return SecurityStatus.BOGUS;
+      } else if (state.numCalc == MAX_NSEC3_CALCULATIONS) {
+        log.debug("NSEC3 reached max. hash calculations");
+        return SecurityStatus.UNCHECKED;
+      }
+
+      return SecurityStatus.BOGUS;
+    }
+
+    if ((ce.ncNsec3.getFlags() & Flags.OPT_OUT) == Flags.OPT_OUT) {
+      log.debug("NSEC3 nameerror proof: nc has optout");
+      return SecurityStatus.INSECURE;
+    }
+
+    return SecurityStatus.SECURE;
+  }
+
+  /**
+   * Determine if the NSEC3s provided in a response prove the NOERROR/NODATA status. There are a
+   * number of different variants to this:
+   *
+   * <p>1) Normal NODATA -- qname is matched to an NSEC3 record, type is not present.
+   *
+   * <p>2) ENT NODATA -- because there must be NSEC3 record for empty-non-terminals, this is the
+   * same as #1.
+   *
+   * <p>3) NSEC3 ownername NODATA -- qname matched an existing, lone NSEC3 ownername, but qtype was
+   * not NSEC3. NOTE: as of nsec-05, this case no longer exists.
+   *
+   * <p>4) Wildcard NODATA -- A wildcard matched the name, but not the type.
+   *
+   * <p>5) Opt-In DS NODATA -- the qname is covered by an opt-in span and qtype == DS. (or maybe
+   * some future record with the same parent-side-only property)
+   *
+   * @param nsec3s The NSEC3Records to consider.
+   * @param qname The qname in question.
+   * @param qtype The qtype in question.
+   * @param zonename The name of the zone that the NSEC3s came from.
+   * @param state State to keep track of NSEC3 hashes and calculation count.
+   * @return {@link SecurityStatus#SECURE} if the NSEC3s prove the proposition, {@link
+   *     SecurityStatus#INSECURE} if qname is under opt-out, {@link SecurityStatus#BOGUS} otherwise.
+   */
+  public JustifiedSecStatus proveNodata(
+      List<SRRset> nsec3s, Name qname, int qtype, Name zonename, Nsec3ValidationState state) {
+    if (nsec3s == null || nsec3s.isEmpty()) {
+      return new JustifiedSecStatus(
+          SecurityStatus.BOGUS, ExtendedErrorCodeOption.NSEC_MISSING, R.get("failed.nsec3.none"));
+    }
+
+    NSEC3Record nsec3 = this.findMatchingNSEC3(qname, zonename, nsec3s, state);
+    // Cases 1 & 2.
+    if (nsec3 != null) {
+      if (nsec3.hasType(qtype)) {
+        log.debug("Matching NSEC3 proved that type existed!");
+        return new JustifiedSecStatus(
+            SecurityStatus.BOGUS, DNSSEC_BOGUS, R.get("failed.nsec3.type_exists"));
+      }
+
+      if (nsec3.hasType(Type.CNAME)) {
+        log.debug("Matching NSEC3 proved that a CNAME existed!");
+        return new JustifiedSecStatus(
+            SecurityStatus.BOGUS, DNSSEC_BOGUS, R.get("failed.nsec3.cname_exists"));
+      }
+
+      if (qtype == Type.DS && nsec3.hasType(Type.SOA) && !Name.root.equals(qname)) {
+        log.debug("Apex NSEC3 abused for no DS proof, bogus");
+        return new JustifiedSecStatus(
+            SecurityStatus.BOGUS, DNSSEC_BOGUS, R.get("failed.nsec3.apex_abuse"));
+      } else if (qtype != Type.DS && nsec3.hasType(Type.NS) && !nsec3.hasType(Type.SOA)) {
+        if (!nsec3.hasType(Type.DS)) {
+          log.debug("Matching NSEC3 is insecure delegation");
+          return new JustifiedSecStatus(SecurityStatus.INSECURE, -1, null);
+        }
+
+        log.debug("Matching NSEC3 is a delegation, bogus");
+        return new JustifiedSecStatus(
+            SecurityStatus.BOGUS, DNSSEC_BOGUS, R.get("failed.nsec3.delegation"));
+      }
+
+      return new JustifiedSecStatus(SecurityStatus.SECURE, -1, null);
+    }
+
+    if (state.numCalc == MAX_NSEC3_ERRORS) {
+      log.debug("NSEC3 reached max. hash calculation errors");
+      return new JustifiedSecStatus(
+          SecurityStatus.BOGUS, DNSSEC_BOGUS, R.get("failed.nsec3.hash_errors"));
+    } else if (state.numCalc == MAX_NSEC3_CALCULATIONS) {
+      log.debug("NSEC3 reached max. hash calculations");
+      return new JustifiedSecStatus(SecurityStatus.UNCHECKED, -1, null);
+    }
+
+    // For cases 3 - 5, we need the proven closest encloser, and it can't
+    // match qname. Although, at this point, we know that it won't since we
+    // just checked that.
+    CEResponse ce = this.proveClosestEncloser(qname, zonename, nsec3s, state);
+
+    // At this point, not finding a match or a proven closest encloser is a
+    // problem.
+    if (ce.status == SecurityStatus.BOGUS) {
+      log.debug("Did not match qname, nor found a proven closest encloser");
+      return new JustifiedSecStatus(
+          SecurityStatus.BOGUS, DNSSEC_BOGUS, R.get("failed.nsec3.qname_ce"));
+    } else if (ce.status == SecurityStatus.INSECURE && qtype != Type.DS) {
+      log.debug("Closest NSEC3 is insecure delegation");
+      return new JustifiedSecStatus(SecurityStatus.INSECURE, -1, null);
+    } else if (ce.status == SecurityStatus.UNCHECKED) {
+      return new JustifiedSecStatus(SecurityStatus.UNCHECKED, -1, null);
+    }
+
+    // Case 3: REMOVED
+
+    // Case 4:
+    Name wc = this.ceWildcard(ce.closestEncloser);
+    nsec3 = this.findMatchingNSEC3(wc, zonename, nsec3s, state);
+    if (nsec3 != null) {
+      if (nsec3.hasType(qtype)) {
+        log.debug("Matching wildcard has qtype {}", Type.string(qtype));
+        return new JustifiedSecStatus(
+            SecurityStatus.BOGUS, DNSSEC_BOGUS, R.get("failed.nsec3.type_exists_wc"));
+      } else if (nsec3.hasType(Type.CNAME)) {
+        log.debug("Matching wildcard has a CNAME, bogus");
+        return new JustifiedSecStatus(
+            SecurityStatus.BOGUS, DNSSEC_BOGUS, R.get("failed.nsec3.cname_exists_wc"));
+      }
+
+      if (qtype == Type.DS && qname.labels() != 1 && nsec3.hasType(Type.SOA)) {
+        log.debug("Matching wildcard for no DS proof has a SOA, bogus");
+        return new JustifiedSecStatus(
+            SecurityStatus.BOGUS, DNSSEC_BOGUS, R.get("failed.nsec3.wc_soa"));
+      } else if (qtype != Type.DS && nsec3.hasType(Type.NS) && !nsec3.hasType(Type.SOA)) {
+        log.debug("Matching wildcard is a delegation, bogus");
+        return new JustifiedSecStatus(
+            SecurityStatus.BOGUS, DNSSEC_BOGUS, R.get("failed.nsec3.delegation_wc"));
+      }
+
+      if (ce.ncNsec3 != null && (ce.ncNsec3.getFlags() & Flags.OPT_OUT) == Flags.OPT_OUT) {
+        log.debug("Matching wildcard is in opt-out range, insecure");
+        return new JustifiedSecStatus(SecurityStatus.INSECURE, -1, null);
+      }
+
+      return new JustifiedSecStatus(SecurityStatus.SECURE, -1, null);
+    }
+
+    if (state.numCalc == MAX_NSEC3_ERRORS) {
+      log.debug("NSEC3 reached max. hash calculation errors");
+      return new JustifiedSecStatus(
+          SecurityStatus.BOGUS, DNSSEC_BOGUS, R.get("failed.nsec3.wc.hash_errors"));
+    } else if (state.numCalc == MAX_NSEC3_CALCULATIONS) {
+      log.debug("NSEC3 reached max. hash calculations");
+      return new JustifiedSecStatus(SecurityStatus.UNCHECKED, -1, null);
+    }
+
+    // Case 5.
+    // Due to forwarders, cnames, and other collating effects, we
+    // can see the ordinary unsigned data from a zone beneath an
+    // insecure delegation under an optout here */
+    if (ce.ncNsec3 == null) {
+      log.debug("No next closer NSEC3");
+      return new JustifiedSecStatus(
+          SecurityStatus.BOGUS, NSEC_MISSING, R.get("failed.nsec3.no_next"));
+    }
+
+    // We need to make sure that the covering NSEC3 is opt-out.
+    if ((ce.ncNsec3.getFlags() & Flags.OPT_OUT) == 0) {
+      if (qtype != Type.DS) {
+        log.debug("Covering NSEC3 was not opt-out in an opt-out DS NOERROR/NODATA case");
+        return new JustifiedSecStatus(
+            SecurityStatus.BOGUS, DNSSEC_BOGUS, R.get("failed.nsec3.not_optout"));
+      } else {
+        log.debug(
+            "Could not find matching NSEC3, nor matching wildcard, and qtype is not DS -- no more options");
+        return new JustifiedSecStatus(
+            SecurityStatus.BOGUS, NSEC_MISSING, R.get("failed.nsec3.not_found"));
+      }
+    }
+
+    // RFC5155 section 9.2: if nc has optout then no AD flag set
+    return new JustifiedSecStatus(SecurityStatus.INSECURE, -1, null);
+  }
+
+  /**
+   * Prove that a positive wildcard match was appropriate (no direct match RRset).
+   *
+   * @param nsec3s The NSEC3 records to work with.
+   * @param qname The qname that was matched to the wildard
+   * @param zonename The name of the zone that the NSEC3s come from.
+   * @param wildcard The purported wildcard that matched.
+   * @param state State to keep track of NSEC3 hashes and calculation count.
+   * @return {@link SecurityStatus#SECURE} if the NSEC3 records prove this case.
+   */
+  public SecurityStatus proveWildcard(
+      List<SRRset> nsec3s, Name qname, Name zonename, Name wildcard, Nsec3ValidationState state) {
+    if (nsec3s == null || nsec3s.isEmpty() || qname == null || wildcard == null) {
+      return SecurityStatus.BOGUS;
+    }
+
+    // We know what the (purported) closest encloser is by just looking at
+    // the supposed generating wildcard.
+    CEResponse candidate = new CEResponse(new Name(wildcard, 1), null);
+
+    // Now we still need to prove that the original data did not exist.
+    // Otherwise, we need to show that the next closer name is covered.
+    Name nextClosest = this.nextClosest(qname, candidate.closestEncloser);
+    candidate.ncNsec3 = this.findCoveringNSEC3(nextClosest, zonename, nsec3s, state);
+
+    if (candidate.ncNsec3 == null) {
+      log.debug(
+          "did not find a covering NSEC3 that covered the next closer name to {} from {} (derived from wildcard {})",
+          qname,
+          candidate.closestEncloser,
+          wildcard);
+      return SecurityStatus.BOGUS;
+    }
+
+    if ((candidate.ncNsec3.getFlags() & Flags.OPT_OUT) == Flags.OPT_OUT) {
+      return SecurityStatus.INSECURE;
+    }
+
+    return SecurityStatus.SECURE;
+  }
+
+  /**
+   * Prove that a DS response either had no DS, or wasn't a delegation point.
+   *
+   * <p>Fundamentally there are two cases here: normal NODATA and Opt-In NODATA.
+   *
+   * @param nsec3s The NSEC3 RRs to examine.
+   * @param qname The name of the DS in question.
+   * @param zonename The name of the zone that the NSEC3 RRs come from.
+   * @param state State to keep track of NSEC3 hashes and calculation count.
+   * @return SecurityStatus.SECURE if it was proven that there is no DS in a secure (i.e., not
+   *     opt-in) way, {@link SecurityStatus#INSECURE} if there was no DS in an insecure (i.e.,
+   *     opt-in) way, {@link SecurityStatus#INDETERMINATE} if it was clear that this wasn't a
+   *     delegation point, and {@link SecurityStatus#BOGUS} if the proofs don't work out.
+   */
+  public SecurityStatus proveNoDS(
+      List<SRRset> nsec3s, Name qname, Name zonename, Nsec3ValidationState state) {
+    if (nsec3s == null || nsec3s.isEmpty()) {
+      return SecurityStatus.BOGUS;
+    }
+
+    // Look for a matching NSEC3 to qname -- this is the normal NODATA case.
+    NSEC3Record nsec3 = this.findMatchingNSEC3(qname, zonename, nsec3s, state);
+
+    if (nsec3 != null) {
+      // If the matching NSEC3 has the SOA bit set, it is from the wrong
+      // zone (the child instead of the parent). If it has the DS bit set,
+      // then we were lied to.
+      if (nsec3.hasType(Type.SOA) || nsec3.hasType(Type.DS)) {
+        return SecurityStatus.BOGUS;
+      }
+
+      // If the NSEC3 RR doesn't have the NS bit set, then this wasn't a
+      // delegation point.
+      if (!nsec3.hasType(Type.NS)) {
+        return SecurityStatus.INDETERMINATE;
+      }
+
+      // Otherwise, this proves no DS.
+      return SecurityStatus.SECURE;
+    }
+
+    // Otherwise, we are probably in the opt-out case.
+    CEResponse ce = this.proveClosestEncloser(qname, zonename, nsec3s, state);
+    if (ce.status != SecurityStatus.SECURE) {
+      return SecurityStatus.BOGUS;
+    }
+
+    // If we had the closest encloser proof, then we need to check that the
+    // covering NSEC3 was opt-in -- the proveClosestEncloser step already
+    // checked to see if the closest encloser was a delegation or DNAME.
+    if ((ce.ncNsec3.getFlags() & Flags.OPT_OUT) != Flags.OPT_OUT) {
+      return SecurityStatus.BOGUS;
+    }
+
+    // RFC5155 section 9.2: if nc has optout then no AD flag set
+    return SecurityStatus.INSECURE;
+  }
+}
diff --git a/src/main/java/org/xbill/DNS/dnssec/Nsec3ValidationState.java b/src/main/java/org/xbill/DNS/dnssec/Nsec3ValidationState.java
new file mode 100644
index 000000000..1771f0df3
--- /dev/null
+++ b/src/main/java/org/xbill/DNS/dnssec/Nsec3ValidationState.java
@@ -0,0 +1,63 @@
+// SPDX-License-Identifier: BSD-3-Clause
+package org.xbill.DNS.dnssec;
+
+import java.math.BigInteger;
+import java.security.NoSuchAlgorithmException;
+import java.util.HashMap;
+import java.util.Map;
+import lombok.Getter;
+import lombok.RequiredArgsConstructor;
+import org.xbill.DNS.NSEC3Record;
+import org.xbill.DNS.Name;
+import org.xbill.DNS.utils.base32;
+
+/**
+ * Cache for NSEC3 hashes and to keep track of the number of hash calculations as well as
+ * calculation errors.
+ */
+class Nsec3ValidationState {
+  private static final base32 b32 = new base32(base32.Alphabet.BASE32HEX, false, false);
+
+  private final Map<String, Nsec3CacheEntry> cache = new HashMap<>();
+
+  int numCalc;
+  int numCalcErrors;
+
+  public Nsec3CacheEntry computeIfAbsent(NSEC3Record nsec3, Name name)
+      throws NoSuchAlgorithmException {
+    String key = key(nsec3, name);
+    Nsec3CacheEntry entry = cache.get(key);
+    if (entry == null) {
+      byte[] hash = nsec3.hashName(name);
+      entry = new Nsec3CacheEntry(hash);
+      cache.put(key, entry);
+      numCalc++;
+    }
+
+    return entry;
+  }
+
+  @RequiredArgsConstructor
+  static class Nsec3CacheEntry {
+    @Getter private final byte[] hash;
+    private String asBase32;
+
+    String getHashAsBase32() {
+      if (asBase32 == null) {
+        asBase32 = b32.toString(hash);
+      }
+
+      return asBase32;
+    }
+  }
+
+  private String key(NSEC3Record nsec3, Name name) {
+    return name
+        + "/"
+        + nsec3.getHashAlgorithm()
+        + "/"
+        + nsec3.getIterations()
+        + "/"
+        + (nsec3.getSalt() == null ? "-" : new BigInteger(nsec3.getSalt()).toString());
+  }
+}
diff --git a/src/main/java/org/xbill/DNS/dnssec/R.java b/src/main/java/org/xbill/DNS/dnssec/R.java
new file mode 100644
index 000000000..d9054f284
--- /dev/null
+++ b/src/main/java/org/xbill/DNS/dnssec/R.java
@@ -0,0 +1,70 @@
+// SPDX-License-Identifier: BSD-3-Clause
+package org.xbill.DNS.dnssec;
+
+import java.text.MessageFormat;
+import java.util.MissingResourceException;
+import java.util.ResourceBundle;
+
+/**
+ * Utility class to retrieve messages from {@link ResourceBundle}s.
+ *
+ * @since 3.5
+ */
+public final class R {
+  private static ResourceBundle rb;
+  private static boolean useNeutral;
+
+  private R() {}
+
+  /**
+   * Programmatically set the ResourceBundle to be used.
+   *
+   * @param resourceBundle the bundle to be used.
+   */
+  public static void setBundle(ResourceBundle resourceBundle) {
+    R.rb = resourceBundle;
+  }
+
+  /**
+   * If set to {@code true}, messages will not be obtained from resource bundles but formatted as
+   * {@code key:param1:...:paramN}.
+   *
+   * @param useNeutral {@code true} to use neutral messages, {@code false} otherwise
+   */
+  public static void setUseNeutralMessages(boolean useNeutral) {
+    R.useNeutral = useNeutral;
+  }
+
+  /**
+   * Gets a translated message.
+   *
+   * @param key The message key to retrieve.
+   * @param values The values that fill placeholders in the message.
+   * @return The formatted message.
+   */
+  public static String get(String key, Object... values) {
+    if (useNeutral) {
+      return getNeutral(key, values);
+    }
+
+    try {
+      if (R.rb == null) {
+        rb = ResourceBundle.getBundle("messages");
+      }
+
+      return MessageFormat.format(rb.getString(key), values);
+    } catch (MissingResourceException e) {
+      return getNeutral(key, values);
+    }
+  }
+
+  private static String getNeutral(String key, Object[] values) {
+    StringBuilder sb = new StringBuilder(key);
+    for (Object val : values) {
+      sb.append(":");
+      sb.append(val);
+    }
+
+    return sb.toString();
+  }
+}
diff --git a/src/main/java/org/xbill/DNS/dnssec/ResponseClassification.java b/src/main/java/org/xbill/DNS/dnssec/ResponseClassification.java
new file mode 100644
index 000000000..195ba132c
--- /dev/null
+++ b/src/main/java/org/xbill/DNS/dnssec/ResponseClassification.java
@@ -0,0 +1,39 @@
+// SPDX-License-Identifier: BSD-3-Clause
+// Copyright (c) 2005 VeriSign. All rights reserved.
+// Copyright (c) 2013-2021 Ingo Bauersachs
+package org.xbill.DNS.dnssec;
+
+/**
+ * These are response subtypes. They are necessary for determining the validation strategy. They
+ * have no bearing on the iterative resolution algorithm, so they are confined here.
+ *
+ * @since 3.5
+ */
+enum ResponseClassification {
+  /** Not a recognized subtype. */
+  UNKNOWN,
+
+  /** A postive, direct, response. */
+  POSITIVE,
+
+  /** A postive response, with a CNAME/DNAME chain. */
+  CNAME,
+
+  /** A NOERROR/NODATA response. */
+  NODATA,
+
+  /** A NXDOMAIN response. */
+  NAMEERROR,
+
+  /** A response to a qtype=ANY query. */
+  ANY,
+
+  /** A response with CNAMES that points to a non-existing type. */
+  CNAME_NODATA,
+
+  /** A response with CNAMES that points into the void. */
+  CNAME_NAMEERROR,
+
+  /** A referral, from cache with a nonRD query. */
+  REFERRAL,
+}
diff --git a/src/main/java/org/xbill/DNS/dnssec/SMessage.java b/src/main/java/org/xbill/DNS/dnssec/SMessage.java
new file mode 100644
index 000000000..eab60573a
--- /dev/null
+++ b/src/main/java/org/xbill/DNS/dnssec/SMessage.java
@@ -0,0 +1,347 @@
+// SPDX-License-Identifier: BSD-3-Clause
+// Copyright (c) 2005 VeriSign. All rights reserved.
+// Copyright (c) 2013-2021 Ingo Bauersachs
+package org.xbill.DNS.dnssec;
+
+import java.util.ArrayList;
+import java.util.Collections;
+import java.util.LinkedList;
+import java.util.List;
+import lombok.extern.slf4j.Slf4j;
+import org.xbill.DNS.ExtendedErrorCodeOption;
+import org.xbill.DNS.Flags;
+import org.xbill.DNS.Header;
+import org.xbill.DNS.Message;
+import org.xbill.DNS.Name;
+import org.xbill.DNS.OPTRecord;
+import org.xbill.DNS.RRSIGRecord;
+import org.xbill.DNS.RRset;
+import org.xbill.DNS.Record;
+import org.xbill.DNS.Section;
+import org.xbill.DNS.Type;
+
+/**
+ * This class represents a DNS message with validator state and some utility methods.
+ *
+ * @since 3.5
+ */
+@Slf4j
+final class SMessage {
+  private static final int NUM_SECTIONS = 3;
+  private static final int MAX_FLAGS = 16;
+  private static final int EXTENDED_FLAGS_BIT_OFFSET = 4;
+
+  private final Header header;
+  private Record question;
+  private OPTRecord oPTRecord;
+  private final List<SRRset>[] sections;
+  private SecurityStatus securityStatus;
+  private String bogusReason;
+  private int edeReason = -1;
+
+  /**
+   * Creates a instance of this class.
+   *
+   * @param h The header of the original message.
+   */
+  @SuppressWarnings("unchecked")
+  public SMessage(Header h) {
+    this.sections = (List<SRRset>[]) new List<?>[NUM_SECTIONS];
+    this.header = h;
+    this.securityStatus = SecurityStatus.UNCHECKED;
+  }
+
+  /**
+   * Creates a new instance of this class.
+   *
+   * @param id The ID of the DNS query or response message.
+   * @param question The question section of the query or response.
+   */
+  public SMessage(int id, Record question) {
+    this(new Header(id));
+    this.question = question;
+  }
+
+  /**
+   * Creates a new instance of this class.
+   *
+   * @param m The DNS message to wrap.
+   */
+  public SMessage(Message m) {
+    this(m.getHeader());
+    this.question = m.getQuestion();
+    this.oPTRecord = m.getOPT();
+
+    for (int i = Section.ANSWER; i <= Section.ADDITIONAL; i++) {
+      for (RRset rrset : m.getSectionRRsets(i)) {
+        this.addRRset(new SRRset(rrset), i);
+      }
+    }
+  }
+
+  /**
+   * Gets the header of this message.
+   *
+   * @return The header of this message.
+   */
+  public Header getHeader() {
+    return this.header;
+  }
+
+  /**
+   * Gets the question section of this message.
+   *
+   * @return The question section of this message.
+   */
+  public Record getQuestion() {
+    return this.question;
+  }
+
+  /**
+   * Gets signed RRsets for the queried section.
+   *
+   * @param section The section whose RRsets are demanded.
+   * @return Signed RRsets for the queried section.
+   */
+  public List<SRRset> getSectionRRsets(int section) {
+    this.checkSectionValidity(section);
+
+    if (this.sections[section - 1] == null) {
+      this.sections[section - 1] = new LinkedList<>();
+    }
+
+    return this.sections[section - 1];
+  }
+
+  private void addRRset(SRRset srrset, int section) {
+    this.checkSectionValidity(section);
+
+    if (srrset.getType() == Type.OPT) {
+      this.oPTRecord = (OPTRecord) srrset.first();
+      return;
+    }
+
+    List<SRRset> sectionList = this.getSectionRRsets(section);
+    sectionList.add(srrset);
+  }
+
+  private void checkSectionValidity(int section) {
+    if (section <= Section.QUESTION || section > Section.ADDITIONAL) {
+      throw new IllegalArgumentException("Invalid section");
+    }
+  }
+
+  /**
+   * Gets signed RRsets for the queried section.
+   *
+   * @param section The section whose RRsets are demanded.
+   * @param qtype Filter the results for these record types.
+   * @return Signed RRsets for the queried section.
+   */
+  public List<SRRset> getSectionRRsets(int section, int qtype) {
+    List<SRRset> slist = this.getSectionRRsets(section);
+
+    if (slist.isEmpty()) {
+      return Collections.emptyList();
+    }
+
+    List<SRRset> result = new ArrayList<>(slist.size());
+    for (SRRset rrset : slist) {
+      if (rrset.getType() == qtype) {
+        result.add(rrset);
+      }
+    }
+
+    return result;
+  }
+
+  /**
+   * Gets the result code of the response message.
+   *
+   * @return The result code of the response message.
+   */
+  public int getRcode() {
+    int rcode = this.header.getRcode();
+    if (this.oPTRecord != null) {
+      rcode += this.oPTRecord.getExtendedRcode() << EXTENDED_FLAGS_BIT_OFFSET;
+    }
+
+    return rcode;
+  }
+
+  /**
+   * Gets the security status of this message.
+   *
+   * @return The security status of this message.
+   */
+  public SecurityStatus getStatus() {
+    return this.securityStatus;
+  }
+
+  /**
+   * Sets the security status for this message.
+   *
+   * @param status the new security status for this message.
+   */
+  public void setStatus(SecurityStatus status, int edeReason) {
+    setStatus(status, edeReason, null);
+  }
+
+  /**
+   * Sets the security status for this message.
+   *
+   * @param status the new security status for this message.
+   * @param reason Why this message's status is set as indicated.
+   */
+  public void setStatus(SecurityStatus status, int edeReason, String reason) {
+    this.securityStatus = status;
+    this.edeReason = edeReason;
+    this.bogusReason = reason;
+    if (reason != null) {
+      log.debug("Setting bad reason for message to {}", reason);
+    }
+  }
+
+  /**
+   * Sets the security status of this message to bogus and sets the reason.
+   *
+   * @param reason Why this message's status is bogus.
+   */
+  public void setBogus(String reason) {
+    setStatus(SecurityStatus.BOGUS, ExtendedErrorCodeOption.DNSSEC_BOGUS, reason);
+  }
+
+  /**
+   * Sets the security status of this message to bogus and sets the reason.
+   *
+   * @param reason Why this message's status is bogus.
+   */
+  public void setBogus(String reason, int edeReason) {
+    setStatus(SecurityStatus.BOGUS, edeReason, reason);
+  }
+
+  /**
+   * Gets the reason why this messages' status is bogus.
+   *
+   * @return The reason why this messages' status is bogus.
+   */
+  public String getBogusReason() {
+    return this.bogusReason;
+  }
+
+  /**
+   * Gets the {@link org.xbill.DNS.ExtendedErrorCodeOption} reason why this messages' status is
+   * bogus.
+   */
+  public int getEdeReason() {
+    return this.edeReason;
+  }
+
+  /**
+   * Gets this message as a standard DNSJAVA message.
+   *
+   * @return This message as a standard DNSJAVA message.
+   */
+  public Message getMessage() {
+    // Generate our new message.
+    Message m = new Message(this.header.getID());
+
+    // Convert the header
+    // We do this for two reasons:
+    // 1) setCount() is package scope, so we can't do that, and
+    // 2) setting the header on a message after creating the
+    // message frequently gets stuff out of sync, leading to malformed wire
+    // format messages.
+    Header h = m.getHeader();
+    h.setOpcode(this.header.getOpcode());
+    h.setRcode(this.header.getRcode());
+    for (int i = 0; i < MAX_FLAGS; i++) {
+      if (Flags.isFlag(i) && this.header.getFlag(i)) {
+        h.setFlag(i);
+      }
+    }
+
+    // Add all the records. -- this will set the counts correctly in the
+    // message header.
+    if (this.question != null) {
+      m.addRecord(this.question, Section.QUESTION);
+    }
+
+    for (int sec = Section.ANSWER; sec <= Section.ADDITIONAL; sec++) {
+      List<SRRset> slist = this.getSectionRRsets(sec);
+      for (SRRset rrset : slist) {
+        for (Record j : rrset.rrs()) {
+          m.addRecord(j, sec);
+        }
+
+        for (RRSIGRecord j : rrset.sigs()) {
+          m.addRecord(j, sec);
+        }
+      }
+    }
+
+    if (this.oPTRecord != null) {
+      m.addRecord(this.oPTRecord, Section.ADDITIONAL);
+    }
+
+    return m;
+  }
+
+  /**
+   * Gets the number of records.
+   *
+   * @param section The section for which the records are counted.
+   * @return The number of records for the queried section.
+   */
+  public int getCount(int section) {
+    if (section == Section.QUESTION) {
+      return 1;
+    }
+
+    List<SRRset> sectionList = this.getSectionRRsets(section);
+    if (sectionList.isEmpty()) {
+      return 0;
+    }
+
+    int count = 0;
+    for (SRRset sr : sectionList) {
+      count += sr.size();
+    }
+
+    return count;
+  }
+
+  /**
+   * Find a specific (S)RRset in a given section.
+   *
+   * @param name the name of the RRset.
+   * @param type the type of the RRset.
+   * @param dclass the class of the RRset.
+   * @param section the section to look in (ANSWER to ADDITIONAL)
+   * @return The SRRset if found, null otherwise.
+   */
+  public SRRset findRRset(Name name, int type, int dclass, int section) {
+    this.checkSectionValidity(section);
+
+    for (SRRset set : this.getSectionRRsets(section)) {
+      if (set.getName().equals(name) && set.getType() == type && set.getDClass() == dclass) {
+        return set;
+      }
+    }
+
+    return null;
+  }
+
+  /**
+   * Find an "answer" RRset. This will look for RRsets in the ANSWER section that match the
+   * &lt;qname,qtype,qclass&gt;, without considering CNAMEs.
+   *
+   * @param qname The starting search name.
+   * @param qtype The search type.
+   * @param qclass The search class.
+   * @return a SRRset matching the query.
+   */
+  public SRRset findAnswerRRset(Name qname, int qtype, int qclass) {
+    return this.findRRset(qname, qtype, qclass, Section.ANSWER);
+  }
+}
diff --git a/src/main/java/org/xbill/DNS/dnssec/SRRset.java b/src/main/java/org/xbill/DNS/dnssec/SRRset.java
new file mode 100644
index 000000000..fc5b19d02
--- /dev/null
+++ b/src/main/java/org/xbill/DNS/dnssec/SRRset.java
@@ -0,0 +1,107 @@
+// SPDX-License-Identifier: BSD-3-Clause
+// Copyright (c) 2005 VeriSign. All rights reserved.
+// Copyright (c) 2013-2021 Ingo Bauersachs
+package org.xbill.DNS.dnssec;
+
+import java.util.List;
+import lombok.EqualsAndHashCode;
+import org.xbill.DNS.Name;
+import org.xbill.DNS.RRSIGRecord;
+import org.xbill.DNS.RRset;
+import org.xbill.DNS.Record;
+
+/**
+ * An extended version of {@link RRset} that adds the indication of DNSSEC security status.
+ *
+ * @since 3.5
+ */
+@EqualsAndHashCode(
+    callSuper = true,
+    of = {"securityStatus", "ownerName"})
+class SRRset extends RRset {
+  private SecurityStatus securityStatus;
+  private Name ownerName;
+
+  /** Create a new, blank SRRset. */
+  public SRRset() {
+    super();
+    this.securityStatus = SecurityStatus.UNCHECKED;
+  }
+
+  /**
+   * Create a new SRRset with one record.
+   *
+   * @param r The record to add to the RRset.
+   */
+  public SRRset(Record r) {
+    super(r);
+    this.securityStatus = SecurityStatus.UNCHECKED;
+  }
+
+  /**
+   * Create a new SRRset from an existing RRset. This SRRset will contain the same internal {@link
+   * Record} objects as the original RRset.
+   *
+   * @param r The RRset to copy.
+   */
+  public SRRset(RRset r) {
+    super(r);
+    this.securityStatus = SecurityStatus.UNCHECKED;
+  }
+
+  /**
+   * Create a new SRRset from an existing SRRset. This SRRset will contain the same internal {@link
+   * Record} objects as the original SRRset.
+   *
+   * @param r The RRset to copy.
+   */
+  public SRRset(SRRset r) {
+    super(r);
+    this.securityStatus = r.securityStatus;
+    this.ownerName = r.ownerName;
+  }
+
+  /**
+   * Return the current security status (generally: {@link SecurityStatus#UNCHECKED}, {@link
+   * SecurityStatus#BOGUS}, or {@link SecurityStatus#SECURE}).
+   *
+   * @return The security status for this set, {@link SecurityStatus#UNCHECKED} if it has never been
+   *     set manually.
+   */
+  public SecurityStatus getSecurityStatus() {
+    return this.securityStatus;
+  }
+
+  /**
+   * Set the current security status for this SRRset.
+   *
+   * @param status The new security status for this set.
+   */
+  public void setSecurityStatus(SecurityStatus status) {
+    this.securityStatus = status;
+  }
+
+  /** The "signer" name for this {@link SRRset}, if signed, or {@code null} if not. */
+  public Name getSignerName() {
+    List<RRSIGRecord> sigs = sigs();
+    if (!sigs.isEmpty()) {
+      return sigs.get(0).getSigner();
+    }
+
+    return null;
+  }
+
+  @Override
+  public Name getName() {
+    return this.ownerName == null ? super.getName() : this.ownerName;
+  }
+
+  /**
+   * Set the name of the records.
+   *
+   * @param ownerName the {@link Name} to override the original name with.
+   */
+  public void setName(Name ownerName) {
+    this.ownerName = ownerName;
+  }
+}
diff --git a/src/main/java/org/xbill/DNS/dnssec/SecurityStatus.java b/src/main/java/org/xbill/DNS/dnssec/SecurityStatus.java
new file mode 100644
index 000000000..399e8c7e7
--- /dev/null
+++ b/src/main/java/org/xbill/DNS/dnssec/SecurityStatus.java
@@ -0,0 +1,35 @@
+// SPDX-License-Identifier: BSD-3-Clause
+// Copyright (c) 2005 VeriSign. All rights reserved.
+// Copyright (c) 2013-2021 Ingo Bauersachs
+package org.xbill.DNS.dnssec;
+
+/**
+ * Codes for DNSSEC security statuses.
+ *
+ * @since 3.5
+ */
+public enum SecurityStatus {
+  /** UNCHECKED means that object has yet to be validated. */
+  UNCHECKED,
+
+  /**
+   * BOGUS means that the object (RRset or message) failed to validate (according to local policy),
+   * but should have validated.
+   */
+  BOGUS,
+
+  /**
+   * INDTERMINATE means that the object is insecure, but not authoritatively so. Generally this
+   * means that the RRset is not below a configured trust anchor.
+   */
+  INDETERMINATE,
+
+  /**
+   * INSECURE means that the object is authoritatively known to be insecure. Generally this means
+   * that this RRset is below a trust anchor, but also below a verified, insecure delegation.
+   */
+  INSECURE,
+
+  /** SECURE means that the object (RRset or message) validated according to local policy. */
+  SECURE,
+}
diff --git a/src/main/java/org/xbill/DNS/dnssec/TrustAnchorStore.java b/src/main/java/org/xbill/DNS/dnssec/TrustAnchorStore.java
new file mode 100644
index 000000000..3225e8dad
--- /dev/null
+++ b/src/main/java/org/xbill/DNS/dnssec/TrustAnchorStore.java
@@ -0,0 +1,36 @@
+// SPDX-License-Identifier: BSD-3-Clause
+package org.xbill.DNS.dnssec;
+
+import java.util.Collection;
+import org.xbill.DNS.DClass;
+import org.xbill.DNS.Name;
+import org.xbill.DNS.RRset;
+
+/**
+ * Storage for DS or DNSKEY records that are known to be trusted.
+ *
+ * @since 3.6
+ */
+public interface TrustAnchorStore {
+  /**
+   * Stores the given {@link RRset} as known trusted keys.
+   *
+   * @param rrset The key set to store as trusted.
+   */
+  void store(RRset rrset);
+
+  /**
+   * Gets the closest trusted key for the given name or {@code null} if no match is found.
+   *
+   * @param name The name to search for.
+   * @param dclass The {@link DClass} of the keys.
+   * @return The closest found key for {@code name} or {@code null}.
+   */
+  RRset find(Name name, int dclass);
+
+  /** Removes all stored trust anchors. */
+  void clear();
+
+  /** Gets all trust anchors currently in use. */
+  Collection<RRset> items();
+}
diff --git a/src/main/java/org/xbill/DNS/dnssec/ValUtils.java b/src/main/java/org/xbill/DNS/dnssec/ValUtils.java
new file mode 100644
index 000000000..46553b0e1
--- /dev/null
+++ b/src/main/java/org/xbill/DNS/dnssec/ValUtils.java
@@ -0,0 +1,1139 @@
+// SPDX-License-Identifier: BSD-3-Clause
+// Copyright (c) 2005 VeriSign. All rights reserved.
+// Copyright (c) 2007-2024 NLnet Labs
+// Copyright (c) 2013-2024 Ingo Bauersachs
+package org.xbill.DNS.dnssec;
+
+import java.security.PublicKey;
+import java.security.Security;
+import java.security.interfaces.RSAPublicKey;
+import java.time.Instant;
+import java.util.Arrays;
+import java.util.List;
+import java.util.Properties;
+import java.util.concurrent.atomic.AtomicInteger;
+import lombok.extern.slf4j.Slf4j;
+import org.xbill.DNS.DClass;
+import org.xbill.DNS.DNSKEYRecord;
+import org.xbill.DNS.DNSSEC;
+import org.xbill.DNS.DNSSEC.Algorithm;
+import org.xbill.DNS.DSRecord;
+import org.xbill.DNS.ExtendedErrorCodeOption;
+import org.xbill.DNS.Flags;
+import org.xbill.DNS.Message;
+import org.xbill.DNS.NSECRecord;
+import org.xbill.DNS.Name;
+import org.xbill.DNS.NameTooLongException;
+import org.xbill.DNS.RRSIGRecord;
+import org.xbill.DNS.RRset;
+import org.xbill.DNS.Rcode;
+import org.xbill.DNS.Record;
+import org.xbill.DNS.Section;
+import org.xbill.DNS.Type;
+
+/**
+ * This is a collection of routines encompassing the logic of validating different message types.
+ *
+ * @since 3.5
+ */
+@Slf4j
+final class ValUtils {
+  public static final String DIGEST_PREFERENCE = "dnsjava.dnssec.digest_preference";
+  public static final String DIGEST_ENABLED = "dnsjava.dnssec.digest";
+  public static final String DIGEST_HARDEN_DOWNGRADE = "dnsjava.dnssec.harden_algo_downgrade";
+  public static final String ALGORITHM_ENABLED = "dnsjava.dnssec.algorithm";
+  public static final String ALGORITHM_RSA_MIN_KEY_SIZE =
+      "dnsjava.dnssec.algorithm_rsa_min_key_size";
+  public static final String MAX_DS_MATCH_FAILURES_PROPERTY =
+      "dnsjava.dnssec.max_ds_match_failures";
+
+  private static final Name WILDCARD = Name.fromConstantString("*");
+
+  /** A local copy of the verifier object. */
+  private final DnsSecVerifier verifier;
+
+  private int[] digestPreference = null;
+  private Properties config = null;
+  private boolean digestHardenDowngrade = true;
+  private int minRsaKeySize = 1024;
+  private boolean hasGost;
+  private boolean hasEd25519;
+  private boolean hasEd448;
+  private int maxDsMatchFailures = 4;
+
+  /** Creates a new instance of this class. */
+  public ValUtils() {
+    hasGost = Security.getProviders("MessageDigest.GOST3411") != null;
+    hasEd25519 = Security.getProviders("KeyFactory.Ed25519") != null;
+    hasEd448 = Security.getProviders("KeyFactory.Ed448") != null;
+    this.verifier = new DnsSecVerifier(this);
+  }
+
+  /**
+   * Set the owner name of NSEC RRsets to the canonical name, i.e. the name that is <b>not</b>
+   * expanded from a wildcard label.
+   *
+   * @param set The RRset to canonicalize.
+   * @param sig The signature that validated this RRset.
+   */
+  public static void setCanonicalNsecOwner(SRRset set, RRSIGRecord sig) {
+    if (set.getType() != Type.NSEC) {
+      return;
+    }
+
+    Record nsec = set.first();
+    int fqdnLabelCount = nsec.getName().labels() - 1; // don't count the root label
+    if (nsec.getName().isWild()) {
+      --fqdnLabelCount; // don't count the wildcard label
+    }
+
+    if (sig.getLabels() == fqdnLabelCount) {
+      set.setName(nsec.getName());
+    } else if (sig.getLabels() < fqdnLabelCount) {
+      set.setName(nsec.getName().wild(sig.getSigner().labels() - sig.getLabels()));
+    } else {
+      throw new IllegalArgumentException("invalid nsec record");
+    }
+  }
+
+  /**
+   * Initialize the module. The recognized configuration values are:
+   *
+   * <ul>
+   *   <li>{@value #DIGEST_PREFERENCE}
+   *   <li>{@value #DIGEST_HARDEN_DOWNGRADE}
+   *   <li>{@value #DIGEST_ENABLED}
+   *   <li>{@value #ALGORITHM_ENABLED}
+   *   <li>{@value #ALGORITHM_RSA_MIN_KEY_SIZE}
+   * </ul>
+   *
+   * @param config The configuration data for this module.
+   */
+  public void init(Properties config) {
+    hasGost = Security.getProviders("MessageDigest.GOST3411") != null;
+    hasEd25519 = Security.getProviders("KeyFactory.Ed25519") != null;
+    hasEd448 = Security.getProviders("KeyFactory.Ed448") != null;
+    this.config = config;
+    String dp = config.getProperty(DIGEST_PREFERENCE);
+    if (dp != null) {
+      String[] dpdata = dp.split(",");
+      this.digestPreference = new int[dpdata.length];
+      for (int i = 0; i < dpdata.length; i++) {
+        this.digestPreference[i] = Integer.parseInt(dpdata[i]);
+        if (!isDigestSupported(this.digestPreference[i])) {
+          throw new IllegalArgumentException(
+              "Unsupported or disabled digest ID in digest preferences");
+        }
+      }
+    }
+
+    this.digestHardenDowngrade =
+        Boolean.parseBoolean(config.getProperty(DIGEST_HARDEN_DOWNGRADE, Boolean.TRUE.toString()));
+    this.minRsaKeySize =
+        Integer.parseInt(
+            config.getProperty(ALGORITHM_RSA_MIN_KEY_SIZE, Integer.toString(minRsaKeySize)));
+    this.maxDsMatchFailures =
+        Integer.parseInt(
+            config.getProperty(
+                MAX_DS_MATCH_FAILURES_PROPERTY, Integer.toString(maxDsMatchFailures)));
+    this.verifier.init(config);
+  }
+
+  /**
+   * Given a response, classify ANSWER responses into a subtype.
+   *
+   * @param request The original query message.
+   * @param m The response to classify.
+   * @return A subtype ranging from UNKNOWN to NAMEERROR.
+   */
+  public static ResponseClassification classifyResponse(Message request, SMessage m) {
+    // Normal Name Error's are easy to detect -- but don't mistake a CNAME
+    // chain ending in NXDOMAIN.
+    if (m.getRcode() == Rcode.NXDOMAIN && m.getCount(Section.ANSWER) == 0) {
+      return ResponseClassification.NAMEERROR;
+    }
+
+    // check for referral: nonRD query and it looks like a nodata
+    if (!request.getHeader().getFlag(Flags.RD)
+        && m.getCount(Section.ANSWER) == 0
+        && m.getRcode() != Rcode.NOERROR) {
+      // SOA record in auth indicates it is NODATA instead.
+      // All validation requiring NODATA messages have SOA in
+      // authority section.
+      // uses fact that answer section is empty
+      boolean sawNs = false;
+      for (RRset set : m.getSectionRRsets(Section.AUTHORITY)) {
+        if (set.getType() == Type.SOA) {
+          return ResponseClassification.NODATA;
+        }
+
+        if (set.getType() == Type.DS) {
+          return ResponseClassification.REFERRAL;
+        }
+
+        if (set.getType() == Type.NS) {
+          sawNs = true;
+        }
+      }
+
+      return sawNs ? ResponseClassification.REFERRAL : ResponseClassification.NODATA;
+    }
+
+    // root referral where NS set is in the answer section
+    if (m.getSectionRRsets(Section.AUTHORITY).isEmpty()
+        && m.getSectionRRsets(Section.ANSWER).size() == 1
+        && m.getRcode() == Rcode.NOERROR
+        && m.getSectionRRsets(Section.ANSWER).get(0).getType() == Type.NS
+        && !m.getSectionRRsets(Section.ANSWER)
+            .get(0)
+            .getName()
+            .equals(request.getQuestion().getName())) {
+      return ResponseClassification.REFERRAL;
+    }
+
+    // dump bad messages
+    if (m.getRcode() != Rcode.NOERROR && m.getRcode() != Rcode.NXDOMAIN) {
+      return ResponseClassification.UNKNOWN;
+    }
+
+    // Next is NODATA
+    if (m.getRcode() == Rcode.NOERROR && m.getCount(Section.ANSWER) == 0) {
+      return ResponseClassification.NODATA;
+    }
+
+    // We distinguish between CNAME response and other positive/negative
+    // responses because CNAME answers require extra processing.
+    int qtype = m.getQuestion().getType();
+
+    // We distinguish between ANY and CNAME or POSITIVE because ANY
+    // responses are validated differently.
+    if (qtype == Type.ANY) {
+      return ResponseClassification.ANY;
+    }
+
+    boolean hadCname = false;
+    for (RRset set : m.getSectionRRsets(Section.ANSWER)) {
+      if (set.getType() == qtype) {
+        return ResponseClassification.POSITIVE;
+      }
+
+      if (set.getType() == Type.CNAME || set.getType() == Type.DNAME) {
+        hadCname = true;
+        if (qtype == Type.DS) {
+          return ResponseClassification.CNAME;
+        }
+      }
+    }
+
+    if (hadCname) {
+      if (m.getRcode() == Rcode.NXDOMAIN) {
+        return ResponseClassification.CNAME_NAMEERROR;
+      } else {
+        return ResponseClassification.CNAME_NODATA;
+      }
+    }
+
+    log.warn("Failed to classify response message:\n{}", m);
+    return ResponseClassification.UNKNOWN;
+  }
+
+  /**
+   * Given a DS rrset and a DNSKEY rrset, match the DS to a DNSKEY and verify the DNSKEY rrset with
+   * that key.
+   *
+   * @param dnskeyRrset The DNSKEY rrset to match against. The security status of this rrset will be
+   *     updated on a successful verification.
+   * @param dsRrset The DS rrset to match with. This rrset must already be trusted.
+   * @param badKeyTTL The TTL [s] for keys determined to be bad.
+   * @param date The date against which to verify the rrset.
+   * @return a KeyEntry. This will either contain the now trusted dnskey RRset, a "null" key entry
+   *     indicating that this DS rrset/DNSKEY pair indicate an secure end to the island of trust
+   *     (i.e., unknown algorithms), or a "bad" KeyEntry if the dnskey RRset fails to verify. Note
+   *     that the "null" response should generally only occur in a private algorithm scenario:
+   *     normally this sort of thing is checked before fetching the matching DNSKEY rrset.
+   */
+  public KeyEntry verifyNewDNSKEYs(
+      SRRset dnskeyRrset, SRRset dsRrset, long badKeyTTL, Instant date) {
+    if (!dnskeyRrset.getName().equals(dsRrset.getName())) {
+      KeyEntry ke = KeyEntry.newBadKeyEntry(dsRrset.getName(), dsRrset.getDClass(), badKeyTTL);
+      ke.setBadReason(ExtendedErrorCodeOption.DNSSEC_BOGUS, R.get("dnskey.no_name_match"));
+      return ke;
+    }
+
+    int favoriteDigestID;
+    AlgorithmRequirements needs = null;
+    List<Integer> sigalg = null;
+    if (digestHardenDowngrade) {
+      favoriteDigestID = this.favoriteDSDigestID(dsRrset);
+      needs = new AlgorithmRequirements(this);
+      sigalg = needs.initDs(dsRrset, favoriteDigestID);
+      log.trace(
+          "Favorite DigestID for rrset {}/DNSKEY is {} ({})",
+          dnskeyRrset.getName(),
+          favoriteDigestID,
+          DNSSEC.Digest.string(favoriteDigestID));
+    } else {
+      favoriteDigestID = -1;
+    }
+
+    boolean hasAlgoRefusal = false;
+    boolean hasCheckedDs = false;
+    boolean hasUsefulDs = false;
+    JustifiedSecStatus lastVerificationResult = null;
+    AtomicInteger numDsChecked = new AtomicInteger(0);
+    for (Record dsr : dsRrset.rrs(false)) {
+      DSRecord ds = (DSRecord) dsr;
+      if (!isDigestSupported(ds.getDigestID())) {
+        log.debug(
+            "Digest ID {} ({}) is not supported",
+            ds.getDigestID(),
+            DNSSEC.Digest.string(ds.getDigestID()));
+        continue;
+      }
+
+      if (!isAlgorithmSupported(ds.getAlgorithm())) {
+        log.debug(
+            "Algorithm {} ({}) is not supported",
+            ds.getAlgorithm(),
+            DNSSEC.Algorithm.string(ds.getAlgorithm()));
+        continue;
+      }
+
+      if ((needs != null && ds.getDigestID() != favoriteDigestID)) {
+        log.debug(
+            "Downgrade protection prevents using digest ID {} ({})",
+            ds.getDigestID(),
+            DNSSEC.Digest.string(ds.getDigestID()));
+        continue;
+      }
+
+      lastVerificationResult = verifyDnskeysWithDs(dnskeyRrset, ds, date, numDsChecked);
+      if (lastVerificationResult.status == SecurityStatus.INSECURE) {
+        log.debug(
+            "Algorithm {} ({}) refused",
+            ds.getAlgorithm(),
+            DNSSEC.Algorithm.string(ds.getAlgorithm()));
+        hasAlgoRefusal = true;
+        continue;
+      }
+
+      if (numDsChecked.get() > 0) {
+        log.debug("Checked #{} DS", numDsChecked.get());
+        hasCheckedDs = true;
+      }
+
+      // Once we see a single DS with a known digestID and algorithm, we cannot return INSECURE
+      // (with a "null" KeyEntry).
+      hasUsefulDs = true;
+
+      if (lastVerificationResult.status == SecurityStatus.SECURE) {
+        if (needs == null || needs.setSecure(ds.getAlgorithm())) {
+          if (!isKeySizeSupported(dnskeyRrset)) {
+            log.debug(
+                "DS {} (footprint={}, id={}, alg={}) works, but DNSKEY set contains keys that are unsupported, treat as insecure",
+                ds.getName(),
+                ds.getFootprint(),
+                ds.getDigestID(),
+                ds.getAlgorithm());
+            return KeyEntry.newNullKeyEntry(dsRrset.getName(), dsRrset.getDClass(), badKeyTTL);
+          }
+
+          dnskeyRrset.setSecurityStatus(SecurityStatus.SECURE);
+          return KeyEntry.newKeyEntry(dnskeyRrset, sigalg);
+        }
+      } else if (needs != null && lastVerificationResult.status == SecurityStatus.BOGUS) {
+        needs.setBogus(ds.getAlgorithm());
+      }
+    }
+
+    // None of the DS's worked out.
+
+    // If none of the DSes have been checked, eg. that means no matches
+    // for keytags, and the other dses are all algo_refusal, it is an
+    // insecure delegation point, since the only matched DS records
+    // have an algo refusal, or are unsupported.
+    if (hasAlgoRefusal && !hasCheckedDs) {
+      log.debug("No supported DS records were found -- treating as insecure");
+      KeyEntry ke = KeyEntry.newNullKeyEntry(dsRrset.getName(), dsRrset.getDClass(), badKeyTTL);
+      ke.setBadReason(
+          ExtendedErrorCodeOption.UNSUPPORTED_DS_DIGEST_TYPE,
+          R.get("failed.ds.nodigest", dsRrset.getName()));
+      return ke;
+    }
+
+    // If no DSs were understandable, then this is OK.
+    if (!hasUsefulDs) {
+      log.debug("No usable DS records were found -- treating as insecure");
+      KeyEntry ke = KeyEntry.newNullKeyEntry(dsRrset.getName(), dsRrset.getDClass(), badKeyTTL);
+      ke.setBadReason(
+          ExtendedErrorCodeOption.UNSUPPORTED_DS_DIGEST_TYPE,
+          R.get("failed.ds.no_usable_digest", dsRrset.getName()));
+      return ke;
+    }
+
+    // If any were understandable, then it is bad.
+    log.debug("Failed to match any usable DS to a DNSKEY");
+    if (needs != null) {
+      int alg = needs.missing();
+      if (alg != 0) {
+        log.debug(
+            "Missing verification of DNSKEY signature with algorithm {} ({})",
+            alg,
+            DNSSEC.Algorithm.string(alg));
+      }
+    }
+
+    KeyEntry ke = KeyEntry.newBadKeyEntry(dsRrset.getName(), dsRrset.getDClass(), badKeyTTL);
+    ke.setBadReason(lastVerificationResult.edeReason, lastVerificationResult.reason);
+    return ke;
+  }
+
+  private JustifiedSecStatus verifyDnskeysWithDs(
+      SRRset dnskeyRrset, DSRecord ds, Instant date, AtomicInteger numDsChecked) {
+    int numDsOk = 0;
+    int numDsSizeUnsupported = 0;
+    for (Record dsnkeyr : dnskeyRrset.rrs(false)) {
+      DNSKEYRecord dnskey = (DNSKEYRecord) dsnkeyr;
+
+      log.trace(
+          "Validating DNSKEY {} (footprint={}, alg={}) against DS {} (footprint={}, digest={}, alg={})",
+          dnskey.getName(),
+          dnskey.getFootprint(),
+          dnskey.getAlgorithm(),
+          ds.getName(),
+          ds.getFootprint(),
+          ds.getDigestID(),
+          ds.getAlgorithm());
+
+      // Skip DNSKEYs that don't match the basic criteria.
+      if (ds.getFootprint() != dnskey.getFootprint()
+          || ds.getAlgorithm() != dnskey.getAlgorithm()) {
+        log.trace("Footprint or algorithm mismatch, ignoring");
+        continue;
+      }
+
+      numDsChecked.getAndIncrement();
+      if (!dsDigestMatchesDnskey(ds, dnskey)) {
+        log.debug("DS did not match DNSKEY, ignoring");
+        if (numDsChecked.get() > numDsOk + maxDsMatchFailures) {
+          return new JustifiedSecStatus(
+              SecurityStatus.BOGUS,
+              ExtendedErrorCodeOption.DNSSEC_BOGUS,
+              R.get("dnskey.ds_max_match"));
+        }
+
+        continue;
+      }
+
+      numDsOk++;
+      if (!isKeySizeSupported(dnskey)) {
+        log.debug("DS okay but that DNSKEY size is not supported");
+        numDsSizeUnsupported++;
+        continue;
+      }
+
+      // Otherwise, we have a match! Make sure that the DNSKEY
+      // verifies *with this key*.
+      JustifiedSecStatus sec = this.verifier.verify(dnskeyRrset, dnskey, date);
+      if (sec.status == SecurityStatus.SECURE) {
+        return sec;
+      }
+
+      // If it didn't validate with the DNSKEY, try the next one!
+    }
+
+    if (numDsSizeUnsupported > 0) {
+      return new JustifiedSecStatus(SecurityStatus.INSECURE, -1, null);
+    }
+
+    if (numDsChecked.get() == 0) {
+      return new JustifiedSecStatus(
+          SecurityStatus.BOGUS,
+          ExtendedErrorCodeOption.DNSKEY_MISSING,
+          R.get(
+              "dnskey.no_ds_alg_match",
+              dnskeyRrset.getName(),
+              DNSSEC.Algorithm.string(ds.getAlgorithm())));
+    } else if (numDsOk == 0) {
+      return new JustifiedSecStatus(
+          SecurityStatus.BOGUS, ExtendedErrorCodeOption.DNSSEC_BOGUS, R.get("dnskey.no_ds_match"));
+    }
+
+    return new JustifiedSecStatus(
+        SecurityStatus.BOGUS,
+        ExtendedErrorCodeOption.DNSSEC_BOGUS,
+        R.get("dnskey.ds_match_mismatch"));
+  }
+
+  private boolean dsDigestMatchesDnskey(DSRecord ds, DNSKEYRecord dnskey) {
+    byte[] dsHash = ds.getDigest();
+
+    // Convert the candidate DNSKEY into a hash using the same DS hash algorithm
+    byte[] keyHash;
+    try {
+      DSRecord keyDigest = new DSRecord(Name.root, ds.getDClass(), 0, ds.getDigestID(), dnskey);
+      keyHash = keyDigest.getDigest();
+    } catch (IllegalArgumentException iae) {
+      log.debug("Digest generation failed", iae);
+      return false;
+    }
+
+    if (!Arrays.equals(keyHash, dsHash)) {
+      log.debug("Hash mismatch: key {} != ds {}", keyHash, dsHash);
+      return false;
+    }
+
+    return true;
+  }
+
+  /**
+   * Gets the digest ID for the favorite (best) algorithm that is supported in a given DS set.
+   *
+   * <p>The order of preference can be configured with the property {@value #DIGEST_PREFERENCE}. If
+   * the property is not set, the highest supported number is returned.
+   *
+   * @param dsset The DS set to check for the favorite algorithm.
+   * @return The favorite digest ID or 0 if none is supported. 0 is not a known digest ID.
+   */
+  int favoriteDSDigestID(SRRset dsset) {
+    if (this.digestPreference == null) {
+      int max = 0;
+      for (Record r : dsset.rrs(false)) {
+        DSRecord ds = (DSRecord) r;
+        if (ds.getDigestID() > max
+            && isDigestSupported(ds.getDigestID())
+            && isAlgorithmSupported(ds.getAlgorithm())) {
+          max = ds.getDigestID();
+        }
+      }
+
+      return max;
+    } else {
+      for (int preference : this.digestPreference) {
+        for (Record r : dsset.rrs(false)) {
+          DSRecord ds = (DSRecord) r;
+          if (ds.getDigestID() == preference) {
+            return ds.getDigestID();
+          }
+        }
+      }
+    }
+
+    return 0;
+  }
+
+  /**
+   * Given an SRRset that is signed by a DNSKEY found in the key_rrset, verify it. This will return
+   * the status (either BOGUS or SECURE) and set that status in rrset.
+   *
+   * @param rrset The SRRset to verify.
+   * @param keyRrset The set of keys to verify against.
+   * @param date The date against which to verify the rrset.
+   * @return The status (BOGUS or SECURE).
+   */
+  public JustifiedSecStatus verifySRRset(SRRset rrset, KeyEntry keyRrset, Instant date) {
+    if (rrset.getSecurityStatus() == SecurityStatus.SECURE) {
+      log.trace(
+          "RRset <{}/{}/{}> previously found to be SECURE",
+          rrset.getName(),
+          Type.string(rrset.getType()),
+          DClass.string(rrset.getDClass()));
+      return new JustifiedSecStatus(SecurityStatus.SECURE, -1, null);
+    }
+
+    JustifiedSecStatus res = this.verifier.verify(rrset, keyRrset, date);
+    rrset.setSecurityStatus(res.status);
+    return res;
+  }
+
+  /**
+   * Determine by looking at a signed RRset whether the RRset name was the result of a wildcard
+   * expansion. If so, return the name of the generating wildcard.
+   *
+   * @param rrset The rrset to chedck.
+   * @return the wildcard name, if the rrset was synthesized from a wildcard. null if not.
+   */
+  public static Name rrsetWildcard(RRset rrset) {
+    List<RRSIGRecord> sigs = rrset.sigs();
+    RRSIGRecord firstSig = sigs.get(0);
+
+    // check rest of signatures have identical label count
+    for (int i = 1; i < sigs.size(); i++) {
+      if (sigs.get(i).getLabels() != firstSig.getLabels()) {
+        throw new IllegalArgumentException("failed.wildcard.label_count_mismatch");
+      }
+    }
+
+    // if the RRSIG label count is shorter than the number of actual labels,
+    // then this rrset was synthesized from a wildcard.
+    // Note that the RRSIG label count doesn't count the root label.
+    Name wn = rrset.getName();
+
+    // skip a leading wildcard label in the dname (RFC4035 2.2)
+    if (rrset.getName().isWild()) {
+      wn = new Name(wn, 1);
+    }
+
+    int labelDiff = (wn.labels() - 1) - firstSig.getLabels();
+    if (labelDiff > 0) {
+      return wn.wild(labelDiff);
+    }
+
+    return null;
+  }
+
+  /**
+   * Finds the longest domain name in common with the given name.
+   *
+   * @param domain1 The first domain to process.
+   * @param domain2 The second domain to process.
+   * @return The longest label in common of domain1 and domain2. The least common name is the root.
+   */
+  public static Name longestCommonName(Name domain1, Name domain2) {
+    int l = Math.min(domain1.labels(), domain2.labels());
+    domain1 = new Name(domain1, domain1.labels() - l);
+    domain2 = new Name(domain2, domain2.labels() - l);
+    for (int i = 0; i < l - 1; i++) {
+      Name ns1 = new Name(domain1, i);
+      if (ns1.equals(new Name(domain2, i))) {
+        return ns1;
+      }
+    }
+
+    return Name.root;
+  }
+
+  /**
+   * Is the first Name strictly a subdomain of the second name (i.e., below but not equal to).
+   *
+   * @param domain1 The first domain to process.
+   * @param domain2 The second domain to process.
+   * @return True when domain1 is a strict subdomain of domain2.
+   */
+  public static boolean strictSubdomain(Name domain1, Name domain2) {
+    if (domain1.labels() <= domain2.labels()) {
+      return false;
+    }
+
+    return new Name(domain1, domain1.labels() - domain2.labels()).equals(domain2);
+  }
+
+  /**
+   * Determines the 'closest encloser' - the name that has the most common labels between <code>
+   * domain</code> and ({@link NSECRecord#getName()} or {@link NSECRecord#getNext()}).
+   *
+   * @param domain The name for which the closest encloser is queried.
+   * @param owner The beginning of the covering {@link Name} to check.
+   * @param next The end of the covering {@link Name} to check.
+   * @return The closest encloser name of <code>domain</code> as defined by {@code owner} and {@code
+   *     next}.
+   */
+  public static Name closestEncloser(Name domain, Name owner, Name next) {
+    Name n1 = longestCommonName(domain, owner);
+    Name n2 = longestCommonName(domain, next);
+
+    return (n1.labels() > n2.labels()) ? n1 : n2;
+  }
+
+  /**
+   * Gets the closest encloser of <code>domain</code> prepended with a wildcard label.
+   *
+   * @param domain The name for which the wildcard closest encloser is demanded.
+   * @param set The RRset containing {@code nsec} to check.
+   * @param nsec The covering NSEC that defines the encloser.
+   * @return The wildcard closest encloser name of <code>domain</code> as defined by <code>nsec
+   *     </code>.
+   * @throws NameTooLongException If adding the wildcard label to the closest encloser results in an
+   *     invalid name.
+   */
+  public static Name nsecWildcard(Name domain, SRRset set, NSECRecord nsec)
+      throws NameTooLongException {
+    Name origin = closestEncloser(domain, set.getName(), nsec.getNext());
+    return Name.concatenate(WILDCARD, origin);
+  }
+
+  /**
+   * Determine if the given NSEC proves a NameError (NXDOMAIN) for a given qname.
+   *
+   * @param set The RRset that contains the NSEC.
+   * @param nsec The NSEC to check.
+   * @param qname The qname to check against.
+   * @return true if the NSEC proves the condition.
+   */
+  public static boolean nsecProvesNameError(SRRset set, NSECRecord nsec, Name qname) {
+    Name owner = set.getName();
+    Name next = nsec.getNext();
+
+    // If NSEC owner == qname, then this NSEC proves that qname exists.
+    if (qname.equals(owner)) {
+      return false;
+    }
+
+    // deny overreaching NSECs
+    if (!next.subdomain(set.getSignerName())) {
+      return false;
+    }
+
+    // If NSEC is a parent of qname, we need to check the type map
+    // If the parent name has a DNAME or is a delegation point, then this
+    // NSEC is being misused.
+    if (qname.subdomain(owner)) {
+      if (nsec.hasType(Type.DNAME)) {
+        return false;
+      }
+
+      if (nsec.hasType(Type.NS) && !nsec.hasType(Type.SOA)) {
+        return false;
+      }
+    }
+
+    if (owner.equals(next)) {
+      // this nsec is the only nsec: zone.name NSEC zone.name
+      // it disproves everything else but only for subdomains of that zone
+      return strictSubdomain(qname, next);
+    } else if (owner.compareTo(next) > 0) {
+      // this is the last nsec, ....(bigger) NSEC zonename(smaller)
+      // the names after the last (owner) name do not exist
+      // there are no names before the zone name in the zone
+      // but the qname must be a subdomain of the zone name(next).
+      return owner.compareTo(qname) < 0 && strictSubdomain(qname, next);
+    } else {
+      // regular NSEC, (smaller) NSEC (larger)
+      return owner.compareTo(qname) < 0 && qname.compareTo(next) < 0;
+    }
+  }
+
+  /**
+   * Determine if a NSEC record proves the non-existence of a wildcard that could have produced
+   * qname.
+   *
+   * @param set The RRset of the NSEC record.
+   * @param nsec The nsec record to check.
+   * @param qname The qname to check against.
+   * @return true if the NSEC proves the condition.
+   */
+  public static boolean nsecProvesNoWC(SRRset set, NSECRecord nsec, Name qname) {
+    Name ce = closestEncloser(qname, set.getName(), nsec.getNext());
+    int labelsToStrip = qname.labels() - ce.labels();
+    if (labelsToStrip > 0) {
+      Name wcName = qname.wild(labelsToStrip);
+      return nsecProvesNameError(set, nsec, wcName);
+    }
+
+    return false;
+  }
+
+  /**
+   * Container for responses of {@link ValUtils#nsecProvesNodata(SRRset, NSECRecord, Name, int)}.
+   */
+  public static class NsecProvesNodataResponse {
+    boolean result;
+    Name wc;
+  }
+
+  /**
+   * Determine if a NSEC proves the NOERROR/NODATA conditions. This will also handle the empty
+   * non-terminal (ENT) case and partially handle the wildcard case. If the ownername of 'nsec' is a
+   * wildcard, the validator must still be provided proof that qname did not directly exist and that
+   * the wildcard is, in fact, *.closest_encloser.
+   *
+   * @param set The RRset of the NSEC record.
+   * @param nsec The NSEC to check
+   * @param qname The query name to check against.
+   * @param qtype The query type to check against.
+   * @return true if the NSEC proves the condition.
+   */
+  public static NsecProvesNodataResponse nsecProvesNodata(
+      SRRset set, NSECRecord nsec, Name qname, int qtype) {
+    NsecProvesNodataResponse result = new NsecProvesNodataResponse();
+    if (!set.getName().equals(qname)) {
+      // empty-non-terminal checking.
+      // Done before wildcard, because this is an exact match,
+      // and would prevent a wildcard from matching.
+
+      // If the nsec is proving that qname is an ENT, the nsec owner will
+      // be less than qname, and the next name will be a child domain of
+      // the qname.
+      if (strictSubdomain(nsec.getNext(), qname) && set.getName().compareTo(qname) < 0) {
+        result.result = true;
+        return result;
+      }
+
+      // Wildcard checking:
+      // If this is a wildcard NSEC, make sure that a) it was possible to
+      // have generated qname from the wildcard and b) the type map does
+      // not contain qtype. Note that this does NOT prove that this
+      // wildcard was the applicable wildcard.
+      if (set.getName().isWild()) {
+        // the is the purported closest encloser.
+        Name ce = new Name(set.getName(), 1);
+
+        // The qname must be a strict subdomain of the closest encloser,
+        // and the qtype must be absent from the type map.
+        if (strictSubdomain(qname, ce)) {
+          if (nsec.hasType(Type.CNAME)) {
+            // should have gotten the wildcard CNAME
+            log.debug("NSEC proofed wildcard CNAME");
+            result.result = false;
+            return result;
+          }
+
+          if (nsec.hasType(Type.NS) && !nsec.hasType(Type.SOA)) {
+            // wrong parentside (wildcard) NSEC used, and it really
+            // should not exist anyway:
+            // http://tools.ietf.org/html/rfc4592#section-4.2
+            log.debug("Wrong parent (wildcard) NSEC used");
+            result.result = false;
+            return result;
+          }
+
+          if (nsec.hasType(qtype)) {
+            log.debug("NSEC proofed that {} exists", Type.string(qtype));
+            result.result = false;
+            return result;
+          }
+        }
+
+        result.wc = ce;
+        result.result = true;
+        return result;
+      }
+
+      // Otherwise, this NSEC does not prove ENT, so it does not prove
+      // NODATA.
+      result.result = false;
+      return result;
+    }
+
+    // If the qtype exists, then we should have gotten it.
+    if (nsec.hasType(qtype)) {
+      log.debug("NSEC proofed that {} exists", Type.string(qtype));
+      result.result = false;
+      return result;
+    }
+
+    // if the name is a CNAME node, then we should have gotten the CNAME
+    if (nsec.hasType(Type.CNAME)) {
+      log.debug("NSEC proofed CNAME");
+      result.result = false;
+      return result;
+    }
+
+    // If an NS set exists at this name, and NOT a SOA (so this is a zone
+    // cut, not a zone apex), then we should have gotten a referral (or we
+    // just got the wrong NSEC).
+    // The reverse of this check is used when qtype is DS, since that
+    // must use the NSEC from above the zone cut.
+    if (qtype != Type.DS && nsec.hasType(Type.NS) && !nsec.hasType(Type.SOA)) {
+      log.debug("NSEC proofed missing referral");
+      result.result = false;
+      return result;
+    }
+    if (qtype == Type.DS && nsec.hasType(Type.SOA) && !Name.root.equals(qname)) {
+      log.debug("NSEC from wrong zone");
+      result.result = false;
+      return result;
+    }
+
+    result.result = true;
+    return result;
+  }
+
+  /**
+   * Check DS absence. There is a NODATA reply to a DS that needs checking. NSECs can prove this is
+   * not a delegation point, or successfully prove that there is no DS. Or this fails.
+   *
+   * @param request The request that generated this response.
+   * @param response The response to validate.
+   * @param keyRrset The key that validate the NSECs.
+   * @param date The date against which to verify the response.
+   * @return The NODATA proof along with the reason of the result.
+   */
+  public JustifiedSecStatus nsecProvesNodataDsReply(
+      Message request, SMessage response, KeyEntry keyRrset, Instant date) {
+    Name qname = request.getQuestion().getName();
+    int qclass = request.getQuestion().getDClass();
+
+    // If we have a NSEC at the same name, it must prove one of two things:
+    // 1) this is a delegation point and there is no DS
+    // 2) this is not a delegation point
+    SRRset nsecRrset = response.findRRset(qname, Type.NSEC, qclass, Section.AUTHORITY);
+    if (nsecRrset != null) {
+      // The NSEC must verify, first of all.
+      JustifiedSecStatus res = this.verifySRRset(nsecRrset, keyRrset, date);
+      if (res.status != SecurityStatus.SECURE) {
+        return new JustifiedSecStatus(
+            SecurityStatus.BOGUS,
+            ExtendedErrorCodeOption.DNSSEC_BOGUS,
+            R.get("failed.ds.nsec", res.reason));
+      }
+
+      NSECRecord nsec = (NSECRecord) nsecRrset.first();
+      SecurityStatus status = ValUtils.nsecProvesNoDS(nsec, qname);
+      switch (status) {
+        case INSECURE: // this wasn't a delegation point.
+          return new JustifiedSecStatus(status, -1, R.get("failed.ds.nodelegation"));
+        case SECURE: // this proved no DS.
+          return new JustifiedSecStatus(status, -1, R.get("insecure.ds.nsec"));
+        default: // something was wrong.
+          return new JustifiedSecStatus(
+              status, ExtendedErrorCodeOption.DNSSEC_BOGUS, R.get("failed.ds.nsec.hasdata"));
+      }
+    }
+
+    // Otherwise, there is no NSEC at qname. This could be an ENT.
+    // If not, this is broken.
+    NsecProvesNodataResponse ndp = new NsecProvesNodataResponse();
+    Name ce = null;
+    boolean hasValidNSEC = false;
+    NSECRecord wcNsec = null;
+    for (SRRset set : response.getSectionRRsets(Section.AUTHORITY, Type.NSEC)) {
+      JustifiedSecStatus res = this.verifySRRset(set, keyRrset, date);
+      if (res.status != SecurityStatus.SECURE) {
+        return new JustifiedSecStatus(res.status, res.edeReason, R.get("failed.ds.nsec.ent"));
+      }
+
+      NSECRecord nsec = (NSECRecord) set.rrs(false).get(0);
+      ndp = ValUtils.nsecProvesNodata(set, nsec, qname, Type.DS);
+      if (ndp.result) {
+        hasValidNSEC = true;
+        if (ndp.wc != null && nsec.getName().isWild()) {
+          wcNsec = nsec;
+        }
+      }
+
+      if (ValUtils.nsecProvesNameError(set, nsec, qname)) {
+        ce = closestEncloser(qname, set.getName(), nsec.getNext());
+      }
+    }
+
+    // The wildcard NODATA is 1 NSEC proving that qname does not exists (and
+    // also proving what the closest encloser is), and 1 NSEC showing the
+    // matching wildcard, which must be *.closest_encloser.
+    if (ndp.wc != null && (ce == null || !ce.equals(ndp.wc))) {
+      hasValidNSEC = false;
+    }
+
+    if (hasValidNSEC) {
+      if (ndp.wc != null) {
+        SecurityStatus status = nsecProvesNoDS(wcNsec, qname);
+        return new JustifiedSecStatus(
+            status, ExtendedErrorCodeOption.NSEC_MISSING, R.get("failed.ds.nowildcardproof"));
+      }
+
+      return new JustifiedSecStatus(SecurityStatus.INSECURE, -1, R.get("insecure.ds.nsec.ent"));
+    }
+
+    return new JustifiedSecStatus(
+        SecurityStatus.UNCHECKED,
+        ExtendedErrorCodeOption.DNSSEC_INDETERMINATE,
+        R.get("failed.ds.nonconclusive"));
+  }
+
+  /**
+   * Checks if the authority section of a message contains at least one signed NSEC or NSEC3 record.
+   *
+   * @param message The message to inspect.
+   * @return True if at least one record is found, false otherwise.
+   */
+  public boolean hasSignedNsecs(SMessage message) {
+    for (SRRset set : message.getSectionRRsets(Section.AUTHORITY)) {
+      if ((set.getType() == Type.NSEC || set.getType() == Type.NSEC3) && !set.sigs().isEmpty()) {
+        return true;
+      }
+    }
+
+    return false;
+  }
+
+  /**
+   * Determines whether the given {@link NSECRecord} proves that there is no {@link DSRecord} for
+   * <code>qname</code>.
+   *
+   * @param nsec The NSEC that should prove the non-existence.
+   * @param qname The name for which the prove is made.
+   * @return {@link SecurityStatus#BOGUS} when the NSEC is from the child domain or indicates that
+   *     there indeed is a DS record, {@link SecurityStatus#INSECURE} when there is not even a prove
+   *     for a NS record, {@link SecurityStatus#SECURE} when there is no DS record.
+   */
+  public static SecurityStatus nsecProvesNoDS(NSECRecord nsec, Name qname) {
+    // Could check to make sure the qname is a subdomain of nsec
+    if ((nsec.hasType(Type.SOA) && !Name.root.equals(qname)) || nsec.hasType(Type.DS)) {
+      // SOA present means that this is the NSEC from the child, not the
+      // parent (so it is the wrong one) -> cannot happen because the
+      // keyset is always from the parent zone and doesn't validate the
+      // NSEC
+      // DS present means that there should have been a positive response
+      // to the DS query, so there is something wrong.
+      return SecurityStatus.BOGUS;
+    }
+
+    if (!nsec.hasType(Type.NS)) {
+      // If there is no NS at this point at all, then this doesn't prove
+      // anything one way or the other.
+      return SecurityStatus.INSECURE;
+    }
+
+    // Otherwise, this proves no DS.
+    return SecurityStatus.SECURE;
+  }
+
+  /**
+   * Determines if at least one of the DS records in the RRset has a supported algorithm.
+   *
+   * @param dsRRset The RR set to search in.
+   * @return True when at least one DS record uses a supported algorithm, false otherwise.
+   */
+  boolean atLeastOneSupportedAlgorithm(RRset dsRRset) {
+    for (Record r : dsRRset.rrs(false)) {
+      if (isAlgorithmSupported(((DSRecord) r).getAlgorithm())) {
+        return true;
+      }
+
+      // do nothing, there could be another DS we understand
+    }
+
+    return false;
+  }
+
+  /**
+   * Determines if the algorithm is supported.
+   *
+   * @param alg The algorithm to check.
+   * @return True when the algorithm is supported, false otherwise.
+   */
+  boolean isAlgorithmSupported(int alg) {
+    String configKey = ALGORITHM_ENABLED + "." + alg;
+    switch (alg) {
+      case Algorithm.RSAMD5:
+        return false; // obsoleted by rfc6725
+      case Algorithm.DSA:
+      case Algorithm.DSA_NSEC3_SHA1:
+        if (config == null) {
+          return false;
+        }
+
+        return Boolean.parseBoolean(config.getProperty(configKey, Boolean.FALSE.toString()));
+      case Algorithm.RSASHA1:
+      case Algorithm.RSA_NSEC3_SHA1:
+      case Algorithm.RSASHA256:
+      case Algorithm.RSASHA512:
+      case Algorithm.ECDSAP256SHA256:
+      case Algorithm.ECDSAP384SHA384:
+        return propertyOrTrueWithPrecondition(configKey, true);
+      case Algorithm.ECC_GOST:
+        return propertyOrTrueWithPrecondition(configKey, hasGost);
+      case Algorithm.ED25519:
+        return propertyOrTrueWithPrecondition(configKey, hasEd25519);
+      case Algorithm.ED448:
+        return propertyOrTrueWithPrecondition(configKey, hasEd448);
+      default:
+        return false;
+    }
+  }
+
+  /**
+   * Check if the key size for an algorithm is supported.
+   *
+   * @param dnskeyRrset the RRset of keys to validate.
+   * @return {@code true} if supported.
+   */
+  private boolean isKeySizeSupported(RRset dnskeyRrset) {
+    for (Record r : dnskeyRrset.rrs(false)) {
+      if (!isKeySizeSupported((DNSKEYRecord) r)) {
+        return false;
+      }
+    }
+    return true;
+  }
+
+  /**
+   * Check if the key size for an algorithm is supported.
+   *
+   * @param dnskey the key to validate.
+   * @return {@code true} if supported.
+   */
+  private boolean isKeySizeSupported(DNSKEYRecord dnskey) {
+    try {
+      PublicKey publicKey = dnskey.getPublicKey();
+      switch (dnskey.getAlgorithm()) {
+        case Algorithm.RSAMD5:
+        case Algorithm.RSASHA1:
+        case Algorithm.RSA_NSEC3_SHA1:
+        case Algorithm.RSASHA256:
+        case Algorithm.RSASHA512:
+          int bitLength = ((RSAPublicKey) publicKey).getModulus().bitLength();
+          boolean valid = bitLength >= minRsaKeySize;
+          if (!valid) {
+            log.debug(
+                "Key size {} for DNSKEY <{}/{}>, alg={}, id={} is less than minimum of {}",
+                bitLength,
+                dnskey.getName(),
+                DClass.string(dnskey.getDClass()),
+                DNSSEC.Algorithm.string(dnskey.getAlgorithm()),
+                dnskey.getFootprint(),
+                minRsaKeySize);
+          }
+          return valid;
+        default:
+          return true;
+      }
+    } catch (DNSSEC.DNSSECException e) {
+      return false;
+    }
+  }
+
+  /**
+   * Determines if at least one of the DS records in the RRset has a supported digest algorithm.
+   *
+   * @param dsRRset The RR set to search in.
+   * @return True when at least one DS record uses a supported digest algorithm, false otherwise.
+   */
+  boolean atLeastOneSupportedDigest(RRset dsRRset) {
+    for (Record r : dsRRset.rrs(false)) {
+      if (isDigestSupported(((DSRecord) r).getDigestID())) {
+        return true;
+      }
+
+      // do nothing, there could be another DS we understand
+    }
+
+    return false;
+  }
+
+  /**
+   * Determines if the digest algorithm is supported.
+   *
+   * @param digestID the algorithm to check.
+   * @return True when the digest algorithm is supported, false otherwise.
+   */
+  boolean isDigestSupported(int digestID) {
+    String configKey = DIGEST_ENABLED + "." + digestID;
+    switch (digestID) {
+      case DNSSEC.Digest.SHA1:
+      case DNSSEC.Digest.SHA256:
+      case DNSSEC.Digest.SHA384:
+        if (config == null) {
+          return true;
+        }
+
+        return Boolean.parseBoolean(config.getProperty(configKey, Boolean.TRUE.toString()));
+      case DNSSEC.Digest.GOST3411:
+        return propertyOrTrueWithPrecondition(configKey, hasGost);
+      default:
+        return false;
+    }
+  }
+
+  private boolean propertyOrTrueWithPrecondition(String configKey, boolean precondition) {
+    if (!precondition) {
+      return false;
+    }
+
+    if (config == null) {
+      return true;
+    }
+
+    return Boolean.parseBoolean(config.getProperty(configKey, Boolean.TRUE.toString()));
+  }
+}
diff --git a/src/main/java/org/xbill/DNS/dnssec/ValidatingResolver.java b/src/main/java/org/xbill/DNS/dnssec/ValidatingResolver.java
new file mode 100644
index 000000000..0d7e57dfd
--- /dev/null
+++ b/src/main/java/org/xbill/DNS/dnssec/ValidatingResolver.java
@@ -0,0 +1,1503 @@
+// SPDX-License-Identifier: BSD-3-Clause
+// Copyright (c) 2005 VeriSign. All rights reserved.
+// Copyright (c) 2007-2024 NLnet Labs
+// Copyright (c) 2013-2024 Ingo Bauersachs
+package org.xbill.DNS.dnssec;
+
+import static java.util.concurrent.CompletableFuture.completedFuture;
+
+import java.io.FileInputStream;
+import java.io.IOException;
+import java.io.InputStream;
+import java.time.Clock;
+import java.time.Duration;
+import java.util.ArrayList;
+import java.util.Arrays;
+import java.util.Collections;
+import java.util.HashMap;
+import java.util.Iterator;
+import java.util.List;
+import java.util.Map;
+import java.util.Properties;
+import java.util.concurrent.CompletableFuture;
+import java.util.concurrent.CompletionStage;
+import java.util.concurrent.Executor;
+import java.util.concurrent.atomic.AtomicInteger;
+import java.util.stream.Collectors;
+import lombok.Getter;
+import lombok.Setter;
+import lombok.extern.slf4j.Slf4j;
+import org.xbill.DNS.CNAMERecord;
+import org.xbill.DNS.DClass;
+import org.xbill.DNS.DNAMERecord;
+import org.xbill.DNS.EDNSOption;
+import org.xbill.DNS.EDNSOption.Code;
+import org.xbill.DNS.ExtendedErrorCodeOption;
+import org.xbill.DNS.ExtendedFlags;
+import org.xbill.DNS.Flags;
+import org.xbill.DNS.Header;
+import org.xbill.DNS.Master;
+import org.xbill.DNS.Message;
+import org.xbill.DNS.NSECRecord;
+import org.xbill.DNS.Name;
+import org.xbill.DNS.NameTooLongException;
+import org.xbill.DNS.OPTRecord;
+import org.xbill.DNS.RRset;
+import org.xbill.DNS.Rcode;
+import org.xbill.DNS.Record;
+import org.xbill.DNS.Resolver;
+import org.xbill.DNS.Section;
+import org.xbill.DNS.SimpleResolver;
+import org.xbill.DNS.TSIG;
+import org.xbill.DNS.TXTRecord;
+import org.xbill.DNS.Type;
+import org.xbill.DNS.dnssec.ValUtils.NsecProvesNodataResponse;
+
+/**
+ * This resolver validates responses with DNSSEC.
+ *
+ * @since 3.5
+ */
+@Slf4j
+public final class ValidatingResolver implements Resolver {
+  /**
+   * Property name from where the trust anchors are loaded.
+   *
+   * @since 3.6
+   */
+  public static final String TRUST_ANCHOR_FILE_PROPERTY = "dnsjava.dnssec.trust_anchor_file";
+
+  /**
+   * The QCLASS being used for the injection of the reason why the validator came to the returned
+   * result.
+   */
+  public static final int VALIDATION_REASON_QCLASS = 65280;
+
+  /** This is the TTL to use when a trust anchor priming query failed to validate. */
+  private static final long DEFAULT_TA_BAD_KEY_TTL = 60;
+
+  /** This is a cache of validated, but expirable DNSKEY rrsets. */
+  private final KeyCache keyCache;
+
+  /**
+   * A data structure holding all trust anchors. Trust anchors must be "primed" into the cache
+   * before being used to validate.
+   */
+  private final TrustAnchorStore trustAnchors;
+
+  /** The local validation utilities. */
+  private final ValUtils valUtils;
+
+  /** The local NSEC3 validation utilities. */
+  private final NSEC3ValUtils n3valUtils;
+
+  /** The resolver that performs the actual DNS lookups. */
+  private final Resolver headResolver;
+
+  /** The clock used to validate messages. */
+  private final Clock clock;
+
+  /**
+   * If {@code true}, an additional record with the validation reason is added to the {@link
+   * Section#ADDITIONAL} section. The record is available at {@code ./TXT/}{@value
+   * #VALIDATION_REASON_QCLASS}.
+   */
+  @Getter @Setter private boolean isAddReasonToAdditional = true;
+
+  /**
+   * Creates a new instance of this class.
+   *
+   * @param headResolver The resolver to which queries for DS, DNSKEY and referring CNAME records
+   *     are sent.
+   */
+  public ValidatingResolver(Resolver headResolver) {
+    this(headResolver, Clock.systemUTC());
+  }
+
+  /**
+   * Creates a new instance of this class.
+   *
+   * @param headResolver The resolver to which queries for DS, DNSKEY and referring CNAME records
+   *     are sent.
+   * @param clock the Clock to validate messages.
+   */
+  public ValidatingResolver(Resolver headResolver, Clock clock) {
+    this.headResolver = headResolver;
+    this.clock = clock;
+    headResolver.setEDNS(0, 0, ExtendedFlags.DO);
+    headResolver.setIgnoreTruncation(false);
+
+    this.keyCache = new KeyCache();
+    this.valUtils = new ValUtils();
+    this.n3valUtils = new NSEC3ValUtils();
+    this.trustAnchors = new DefaultTrustAnchorStore();
+    try {
+      init(System.getProperties());
+    } catch (IOException e) {
+      log.error("Could not initialize from system properties", e);
+    }
+  }
+
+  // ---------------- Module Initialization -------------------
+
+  /**
+   * Initialize the module. Recognized configuration values:
+   *
+   * <dl>
+   *   <dt>{@value #TRUST_ANCHOR_FILE_PROPERTY}
+   *   <dd>A filename from where to load the trust anchors
+   * </dl>
+   *
+   * See links for other initialized classes and their configuration values (or the readme).
+   *
+   * @see KeyCache#init(Properties)
+   * @see ValUtils#init(Properties)
+   * @see NSEC3ValUtils#init(Properties)
+   * @see DnsSecVerifier#init(Properties)
+   * @param config The configuration data for this module.
+   * @throws IOException When the file specified in the config does not exist or cannot be read.
+   */
+  public void init(Properties config) throws IOException {
+    this.keyCache.init(config);
+    this.n3valUtils.init(config);
+    this.valUtils.init(config);
+
+    // Load trust anchors
+    String s = config.getProperty(TRUST_ANCHOR_FILE_PROPERTY);
+    if (s != null) {
+      log.debug("Reading trust anchor file: {}", s);
+      this.loadTrustAnchors(new FileInputStream(s));
+    }
+  }
+
+  /**
+   * Load the trust anchor file into the trust anchor store. The trust anchors are currently stored
+   * in a zone file format list of DNSKEY or DS records.
+   *
+   * @param data The trust anchor data.
+   * @throws IOException when the trust anchor data could not be read.
+   */
+  public void loadTrustAnchors(InputStream data) throws IOException {
+    // First read in the whole trust anchor file.
+    List<Record> records = new ArrayList<>();
+    try (Master master = new Master(data, Name.root, 0)) {
+      Record mr;
+      while ((mr = master.nextRecord()) != null) {
+        records.add(mr);
+      }
+    }
+
+    // Record.compareTo() should sort them into DNSSEC canonical order.
+    // Don't care about canonical order per se, but do want them to be
+    // formable into RRsets.
+    Collections.sort(records);
+
+    SRRset currentRrset = new SRRset();
+    for (Record r : records) {
+      // Skip RR types that cannot be used as trust anchors.
+      if (r.getType() != Type.DNSKEY && r.getType() != Type.DS) {
+        continue;
+      }
+
+      // If our current set is empty, we can just add it.
+      if (currentRrset.size() == 0) {
+        currentRrset.addRR(r);
+        continue;
+      }
+
+      // If this record matches our current RRset, we can just add it.
+      if (currentRrset.getName().equals(r.getName())
+          && currentRrset.getType() == r.getType()
+          && currentRrset.getDClass() == r.getDClass()) {
+        currentRrset.addRR(r);
+        continue;
+      }
+
+      // Otherwise, we add the rrset to our set of trust anchors and begin
+      // a new set
+      this.trustAnchors.store(currentRrset);
+      currentRrset = new SRRset();
+      currentRrset.addRR(r);
+    }
+
+    // add the last rrset (if it was not empty)
+    if (currentRrset.size() > 0) {
+      this.trustAnchors.store(currentRrset);
+    }
+  }
+
+  /**
+   * Gets the store with the loaded trust anchors.
+   *
+   * @return The store with the loaded trust anchors.
+   * @since 3.6
+   */
+  public TrustAnchorStore getTrustAnchors() {
+    return this.trustAnchors;
+  }
+
+  /**
+   * For messages that are not referrals, if the chase reply contains an unsigned NS record in the
+   * authority section it could have been inserted by a (BIND) forwarder that thinks the zone is
+   * insecure, and that has an NS record without signatures in cache. Remove the NS record since the
+   * reply does not hinge on that record (in the authority section), but do not remove it if it
+   * removes the last record from the answer+authority sections.
+   *
+   * @param response: the chased reply, we have a key for this contents, so we should have
+   *     signatures for these rrsets and not having signatures means it will be bogus.
+   */
+  private void removeSpuriousAuthority(SMessage response) {
+    // if no answer and only 1 auth RRset, do not remove that one
+    if (response.getSectionRRsets(Section.ANSWER).isEmpty()
+        && response.getSectionRRsets(Section.AUTHORITY).size() == 1) {
+      return;
+    }
+
+    // search authority section for unsigned NS records
+    Iterator<SRRset> authRrsetIterator = response.getSectionRRsets(Section.AUTHORITY).iterator();
+    while (authRrsetIterator.hasNext()) {
+      SRRset rrset = authRrsetIterator.next();
+      if (rrset.getType() == Type.NS && rrset.sigs().isEmpty()) {
+        log.trace(
+            "Removing spurious unsigned NS record (likely inserted by forwarder) {}/{}/{}",
+            rrset.getName(),
+            Type.string(rrset.getType()),
+            DClass.string(rrset.getDClass()));
+        authRrsetIterator.remove();
+      }
+    }
+  }
+
+  /**
+   * Given a "postive" response -- a response that contains an answer to the question, and no CNAME
+   * chain, validate this response. This generally consists of verifying the answer RRset and the
+   * authority RRsets.
+   *
+   * <p>Given an "ANY" response -- a response that contains an answer to a qtype==ANY question, with
+   * answers. This consists of simply verifying all present answer/auth RRsets, with no checking
+   * that all types are present.
+   *
+   * <p>NOTE: it may be possible to get parent-side delegation point records here, which won't all
+   * be signed. Right now, this routine relies on the upstream iterative resolver to not return
+   * these responses -- instead treating them as referrals.
+   *
+   * <p>NOTE: RFC 4035 is silent on this issue, so this may change upon clarification.
+   *
+   * @param request The request that generated this response.
+   * @param response The response to validate.
+   * @param nsec3State State to keep track of NSEC3 hashes and calculation count.
+   * @param executor The service to use for async operations.
+   */
+  private CompletionStage<Void> validatePositiveResponse(
+      Message request, SMessage response, Nsec3ValidationState nsec3State, Executor executor) {
+    Map<Name, Name> wcs = new HashMap<>(1);
+    List<SRRset> nsec3s = new ArrayList<>(0);
+    List<SRRset> nsecs = new ArrayList<>(0);
+
+    return this.validateAnswerAndGetWildcards(
+            response, request.getQuestion().getType(), wcs, executor)
+        .thenCompose(
+            success -> {
+              if (Boolean.TRUE.equals(success)) {
+                // validate the AUTHORITY section as well - this will generally be the
+                // NS rrset (which could be missing, no problem)
+                int[] sections;
+                if (request.getQuestion().getType() == Type.ANY) {
+                  sections = new int[] {Section.ANSWER, Section.AUTHORITY};
+                } else {
+                  sections = new int[] {Section.AUTHORITY};
+                }
+
+                return this.validatePositiveResponseRecursive(
+                    response,
+                    wcs,
+                    nsec3s,
+                    nsecs,
+                    sections,
+                    new AtomicInteger(0),
+                    new AtomicInteger(0),
+                    executor);
+              }
+
+              return completedFuture(false);
+            })
+        .thenAccept(
+            success -> {
+              if (!Boolean.TRUE.equals(success)) {
+                return;
+              }
+
+              // If this is a positive wildcard response, and we have NSEC records,
+              // try to use them to
+              // 1) prove that qname doesn't exist and
+              // 2) that the correct wildcard was used.
+              if (!wcs.isEmpty()) {
+                for (Map.Entry<Name, Name> wc : wcs.entrySet()) {
+                  boolean wcNsecOk = false;
+                  for (SRRset set : nsecs) {
+                    NSECRecord nsec = (NSECRecord) set.first();
+                    if (ValUtils.nsecProvesNameError(set, nsec, wc.getKey())) {
+                      try {
+                        Name nsecWc = ValUtils.nsecWildcard(wc.getKey(), set, nsec);
+                        if (wc.getValue().equals(nsecWc)) {
+                          wcNsecOk = true;
+                          break;
+                        }
+                      } catch (NameTooLongException e) {
+                        // COVERAGE:OFF -> a NTLE can only be thrown when
+                        // the qname is equal to the NSEC owner or NSEC next
+                        // name, so that the wildcard is appended to
+                        // CE=qname=owner=next. This would however indicate
+                        // that the qname exists, which is proofed not the
+                        // be the case beforehand.
+                        throw new IllegalStateException(
+                            R.get("failed.positive.wildcardgeneration"));
+                      }
+                    }
+                  }
+
+                  // If this was a positive wildcard response that we haven't
+                  // already proven, and we have NSEC3 records, try to prove it
+                  // using the NSEC3 records.
+                  if (!wcNsecOk && !nsec3s.isEmpty()) {
+                    if (this.n3valUtils.allNSEC3sIgnorable(nsec3s, this.keyCache)) {
+                      response.setStatus(
+                          SecurityStatus.INSECURE, -1, R.get("failed.nsec3_ignored"));
+                      return;
+                    }
+
+                    SecurityStatus status =
+                        this.n3valUtils.proveWildcard(
+                            nsec3s,
+                            wc.getKey(),
+                            nsec3s.get(0).getSignerName(),
+                            wc.getValue(),
+                            nsec3State);
+                    if (status == SecurityStatus.INSECURE) {
+                      response.setStatus(status, -1);
+                      return;
+                    } else if (status == SecurityStatus.SECURE) {
+                      wcNsecOk = true;
+                    }
+                  }
+
+                  // If after all this, we still haven't proven the positive
+                  // wildcard response, fail.
+                  if (!wcNsecOk) {
+                    response.setBogus(R.get("failed.positive.wildcard_too_broad"));
+                    return;
+                  }
+                }
+              }
+
+              response.setStatus(SecurityStatus.SECURE, -1);
+            });
+  }
+
+  private CompletionStage<Boolean> validatePositiveResponseRecursive(
+      SMessage response,
+      Map<Name, Name> wcs,
+      List<SRRset> nsec3s,
+      List<SRRset> nsecs,
+      int[] sections,
+      AtomicInteger sectionIndex,
+      AtomicInteger setIndex,
+      Executor executor) {
+    // reached the end of the sections to validate, end recursion, success
+    if (sectionIndex.get() >= sections.length) {
+      return completedFuture(true);
+    }
+
+    List<SRRset> sectionRRsets = response.getSectionRRsets(sections[sectionIndex.get()]);
+
+    // reached the end of the rrset in the current section, advance to next section
+    if (setIndex.get() >= sectionRRsets.size()) {
+      sectionIndex.getAndIncrement();
+      setIndex.set(0);
+      return this.validatePositiveResponseRecursive(
+          response, wcs, nsec3s, nsecs, sections, sectionIndex, setIndex, executor);
+    }
+
+    SRRset set = sectionRRsets.get(setIndex.getAndIncrement());
+    return this.prepareFindKey(set, executor)
+        .thenCompose(
+            ke -> {
+              JustifiedSecStatus kve = ke.validateKeyFor(set);
+              if (kve != null) {
+                kve.applyToResponse(response);
+                return completedFuture(false);
+              }
+
+              JustifiedSecStatus res = this.valUtils.verifySRRset(set, ke, this.clock.instant());
+              // If anything in the authority section fails to be secure, we
+              // have a bad message.
+              if (res.status != SecurityStatus.SECURE) {
+                response.setBogus(R.get("failed.authority.positive", set));
+                return completedFuture(false);
+              }
+
+              if (!wcs.isEmpty()) {
+                if (set.getType() == Type.NSEC) {
+                  nsecs.add(set);
+                } else if (set.getType() == Type.NSEC3) {
+                  nsec3s.add(set);
+                }
+              }
+
+              return this.validatePositiveResponseRecursive(
+                  response, wcs, nsec3s, nsecs, sections, sectionIndex, setIndex, executor);
+            });
+  }
+
+  private CompletionStage<Boolean> validateAnswerAndGetWildcards(
+      SMessage response, int qtype, Map<Name, Name> wcs, Executor executor) {
+    return this.validateAnswerAndGetWildcardsRecursive(
+        response, qtype, wcs, new AtomicInteger(0), executor);
+  }
+
+  private CompletionStage<Boolean> validateAnswerAndGetWildcardsRecursive(
+      SMessage response,
+      int qtype,
+      Map<Name, Name> wcs,
+      AtomicInteger setIndex,
+      Executor executor) {
+    // validate the ANSWER section - this will be the answer itself
+    List<SRRset> sectionRRsets = response.getSectionRRsets(Section.ANSWER);
+
+    // reached the end of the answer section, success
+    if (setIndex.get() >= sectionRRsets.size()) {
+      return completedFuture(true);
+    }
+
+    SRRset set = sectionRRsets.get(setIndex.get());
+    // Verify the answer rrset.
+    return this.prepareFindKey(set, executor)
+        .thenCompose(
+            ke -> {
+              JustifiedSecStatus kve = ke.validateKeyFor(set);
+              if (kve != null) {
+                kve.applyToResponse(response);
+                return completedFuture(false);
+              }
+
+              JustifiedSecStatus res = this.valUtils.verifySRRset(set, ke, this.clock.instant());
+              // If the answer rrset failed to validate, then this message is BAD
+              if (res.status != SecurityStatus.SECURE) {
+                response.setBogus(R.get("failed.answer.positive", set));
+                return completedFuture(false);
+              }
+
+              // Check to see if the rrset is the result of a wildcard expansion.
+              // If so, an additional check will need to be made in the authority
+              // section.
+              Name wc;
+              try {
+                wc = ValUtils.rrsetWildcard(set);
+              } catch (RuntimeException ex) {
+                response.setBogus(R.get(ex.getMessage(), set.getName()));
+                return completedFuture(false);
+              }
+
+              if (wc != null) {
+                // RFC 4592, Section 4.4 does not allow wildcarded DNAMEs
+                if (set.getType() == Type.DNAME) {
+                  response.setBogus(R.get("failed.dname.wildcard", set.getName()));
+                  return completedFuture(false);
+                }
+
+                wcs.put(set.getName(), wc);
+              }
+
+              // Notice a DNAME that should be followed by an unsigned CNAME.
+              if (qtype != Type.DNAME && set.getType() == Type.DNAME) {
+                DNAMERecord dname = (DNAMERecord) set.first();
+                if (setIndex.getAndIncrement() < sectionRRsets.size()) {
+                  SRRset cnameSet = sectionRRsets.get(setIndex.get());
+                  // Validate the CNAME following a (validated) DNAME is correctly
+                  // synthesized.
+                  if (cnameSet.getType() == Type.CNAME && dname != null) {
+                    if (cnameSet.size() > 1) {
+                      response.setBogus(R.get("failed.synthesize.multiple"));
+                      return completedFuture(false);
+                    }
+
+                    CNAMERecord cname = (CNAMERecord) cnameSet.first();
+                    try {
+                      Name expected =
+                          Name.concatenate(
+                              cname.getName().relativize(dname.getName()), dname.getTarget());
+                      if (!expected.equals(cname.getTarget())) {
+                        response.setBogus(
+                            R.get("failed.synthesize.nomatch", cname.getTarget(), expected));
+                        return completedFuture(false);
+                      }
+                    } catch (NameTooLongException e) {
+                      response.setBogus(R.get("failed.synthesize.toolong"));
+                      return completedFuture(false);
+                    }
+
+                    cnameSet.setSecurityStatus(SecurityStatus.SECURE);
+                  }
+                }
+              }
+
+              setIndex.getAndIncrement();
+              return this.validateAnswerAndGetWildcardsRecursive(
+                  response, qtype, wcs, setIndex, executor);
+            });
+  }
+
+  /**
+   * Validate a NOERROR/NODATA signed response -- a response that has a NOERROR Rcode but no ANSWER
+   * section RRsets. This consists of verifying the authority section rrsets and making certain that
+   * the authority section NSEC/NSEC3s proves that the qname does exist and the qtype doesn't.
+   *
+   * <p>Note that by the time this method is called, the process of finding the trusted DNSKEY rrset
+   * that signs this response must already have been completed.
+   *
+   * @param request The request that generated this response.
+   * @param response The response to validate.
+   * @param nsec3State State to keep track of NSEC3 hashes and calculation count.
+   * @param executor The service to use for async operations.
+   */
+  private CompletionStage<Void> validateNodataResponse(
+      Message request, SMessage response, Nsec3ValidationState nsec3State, Executor executor) {
+    Name intermediateQname = request.getQuestion().getName();
+    int qtype = request.getQuestion().getType();
+
+    // Since we are here, the ANSWER section is either empty (and hence
+    // there's only the NODATA to validate) OR it contains an incomplete
+    // chain. In this case, the records were already validated before and we
+    // can concentrate on following the qname that lead to the NODATA
+    // classification
+    for (SRRset set : response.getSectionRRsets(Section.ANSWER)) {
+      if (set.getSecurityStatus() != SecurityStatus.SECURE) {
+        response.setBogus(R.get("failed.answer.cname_nodata", set.getName()));
+        return completedFuture(null);
+      }
+
+      if (set.getType() == Type.CNAME) {
+        intermediateQname = ((CNAMERecord) set.first()).getTarget();
+      }
+    }
+
+    // validate the AUTHORITY section
+    Name qname = intermediateQname;
+    return this.validateNodataResponseRecursive(
+            response, new AtomicInteger(0), nsec3State, executor)
+        .handleAsync(
+            (result, ex) -> {
+              if (ex != null) {
+                return null;
+              }
+
+              // If true, then the NODATA has been proven.
+              boolean hasValidNSEC = false;
+
+              // for wildcard nodata responses. This is the proven closest encloser.
+              Name ce = null;
+
+              // for wildcard nodata responses. This is the wildcard NSEC.
+              NsecProvesNodataResponse ndp = new NsecProvesNodataResponse();
+
+              // A collection of NSEC3 RRs found in the authority section.
+              List<SRRset> nsec3s = new ArrayList<>(0);
+
+              // The RRSIG signer field for the NSEC3 RRs.
+              Name nsec3Signer = null;
+
+              int edeReason = ExtendedErrorCodeOption.NSEC_MISSING;
+              for (SRRset set : response.getSectionRRsets(Section.AUTHORITY)) {
+                // If we encounter an NSEC record, try to use it to prove NODATA.
+                // This needs to handle the empty non-terminal (ENT) NODATA case.
+                if (set.getType() == Type.NSEC) {
+                  NSECRecord nsec = (NSECRecord) set.first();
+                  ndp = ValUtils.nsecProvesNodata(set, nsec, qname, qtype);
+                  if (ndp.result) {
+                    hasValidNSEC = true;
+                  } else {
+                    edeReason = ExtendedErrorCodeOption.DNSSEC_BOGUS;
+                  }
+
+                  if (ValUtils.nsecProvesNameError(set, nsec, qname)) {
+                    ce = ValUtils.closestEncloser(qname, set.getName(), nsec.getNext());
+                  }
+                }
+
+                // Collect any NSEC3 records present.
+                if (set.getType() == Type.NSEC3) {
+                  nsec3s.add(set);
+                  nsec3Signer = set.getSignerName();
+                }
+              }
+
+              // check to see if we have a wildcard NODATA proof.
+
+              // The wildcard NODATA is 1 NSEC proving that qname does not exist (and
+              // also proving what the closest encloser is), and 1 NSEC showing the
+              // matching wildcard, which must be *.closest_encloser.
+              if (ndp.wc != null && (ce == null || (!ce.equals(ndp.wc) && !qname.equals(ce)))) {
+                edeReason = ExtendedErrorCodeOption.DNSSEC_BOGUS;
+                hasValidNSEC = false;
+              }
+
+              this.n3valUtils.stripUnknownAlgNSEC3s(nsec3s);
+              if (!hasValidNSEC && !nsec3s.isEmpty()) {
+                log.debug("Using NSEC3 records");
+
+                // try to prove NODATA with our NSEC3 record(s)
+                if (this.n3valUtils.allNSEC3sIgnorable(nsec3s, this.keyCache)) {
+                  response.setBogus(R.get("failed.nsec3_ignored"));
+                  return null;
+                }
+
+                JustifiedSecStatus res =
+                    this.n3valUtils.proveNodata(nsec3s, qname, qtype, nsec3Signer, nsec3State);
+                edeReason = res.edeReason;
+                if (res.status == SecurityStatus.INSECURE) {
+                  response.setStatus(SecurityStatus.INSECURE, -1);
+                  return null;
+                }
+
+                hasValidNSEC = res.status == SecurityStatus.SECURE;
+              }
+
+              if (!hasValidNSEC) {
+                response.setBogus(R.get("failed.nodata"), edeReason);
+                log.trace("Failed NODATA for {}", qname);
+                return null;
+              }
+
+              log.trace("Successfully validated NODATA response");
+              response.setStatus(SecurityStatus.SECURE, -1);
+              return null;
+            });
+  }
+
+  private CompletionStage<Void> validateNodataResponseRecursive(
+      SMessage response,
+      AtomicInteger setIndex,
+      Nsec3ValidationState nsec3State,
+      Executor executor) {
+    if (setIndex.get() >= response.getSectionRRsets(Section.AUTHORITY).size()) {
+      return completedFuture(null);
+    }
+
+    SRRset set = response.getSectionRRsets(Section.AUTHORITY).get(setIndex.getAndIncrement());
+    return this.prepareFindKey(set, executor)
+        .thenComposeAsync(
+            ke -> {
+              JustifiedSecStatus kve = ke.validateKeyFor(set);
+              if (kve != null) {
+                kve.applyToResponse(response);
+                return this.failedFuture(new Exception(kve.reason));
+              }
+
+              JustifiedSecStatus res = this.valUtils.verifySRRset(set, ke, this.clock.instant());
+              if (res.status != SecurityStatus.SECURE) {
+                response.setBogus(R.get("failed.authority.nodata", set));
+                return this.failedFuture(new Exception("failed.authority.nodata"));
+              }
+
+              return this.validateNodataResponseRecursive(response, setIndex, nsec3State, executor);
+            });
+  }
+
+  private <T> CompletionStage<T> failedFuture(Throwable e) {
+    CompletableFuture<T> f = new CompletableFuture<>();
+    f.completeExceptionally(e);
+    return f;
+  }
+
+  /**
+   * Validate a NAMEERROR signed response -- a response that has a NXDOMAIN Rcode. This consists of
+   * verifying the authority section rrsets and making certain that the authority section NSEC
+   * proves that the qname doesn't exist and the covering wildcard also doesn't exist..
+   *
+   * <p>Note that by the time this method is called, the process of finding the trusted DNSKEY rrset
+   * that signs this response must already have been completed.
+   *
+   * @param request The request to be proved to not exist.
+   * @param response The response to validate.
+   * @param nsec3State State to keep track of NSEC3 hashes and calculation count.
+   * @param executor The service to use for async operations.
+   */
+  private CompletionStage<Void> validateNameErrorResponse(
+      Message request, SMessage response, Nsec3ValidationState nsec3State, Executor executor) {
+    Name intermediateQname = request.getQuestion().getName();
+
+    // The ANSWER section is either empty OR it contains an xNAME chain that
+    // ultimately lead to the NAMEERROR response. In this case the ANSWER
+    // section has already been validated before and we can concentrate on
+    // following the xNAMEs to find the qname that caused the NXDOMAIN.
+    for (SRRset set : response.getSectionRRsets(Section.ANSWER)) {
+      if (set.getSecurityStatus() != SecurityStatus.SECURE) {
+        response.setBogus(R.get("failed.nxdomain.cname_nxdomain", set));
+        return completedFuture(null);
+      }
+
+      if (set.getType() == Type.CNAME) {
+        intermediateQname = ((CNAMERecord) set.first()).getTarget();
+      }
+    }
+
+    // validate the AUTHORITY section
+    Name qname = intermediateQname;
+    return this.validateNameErrorResponseRecursive(response, new AtomicInteger(0), executor)
+        .thenComposeAsync(
+            v -> {
+              // Validate the authority section -- all RRsets in the authority section
+              // must be signed and valid.
+              // In addition, the NSEC record(s) must prove the NXDOMAIN condition.
+              boolean hasValidNSEC = false;
+              boolean hasValidWCNSEC = false;
+              List<SRRset> nsec3s = new ArrayList<>(0);
+              Name nsec3Signer = null;
+              int previousClosestEncloseLabels = 0;
+
+              for (SRRset set : response.getSectionRRsets(Section.AUTHORITY)) {
+                // If we encounter an NSEC record, try to use it to prove NODATA.
+                // This needs to handle the empty non-terminal (ENT) NODATA case.
+                if (set.getType() == Type.NSEC) {
+                  NSECRecord nsec = (NSECRecord) set.first();
+                  if (ValUtils.nsecProvesNameError(set, nsec, qname)) {
+                    hasValidNSEC = true;
+                  }
+
+                  Name next = nsec.getNext();
+                  int closestEncloserLabels =
+                      ValUtils.closestEncloser(qname, set.getName(), next).labels();
+                  if (closestEncloserLabels > previousClosestEncloseLabels
+                      || (closestEncloserLabels == previousClosestEncloseLabels
+                          && !hasValidWCNSEC)) {
+                    hasValidWCNSEC = ValUtils.nsecProvesNoWC(set, nsec, qname);
+                  }
+
+                  previousClosestEncloseLabels = closestEncloserLabels;
+                }
+
+                if (set.getType() == Type.NSEC3) {
+                  nsec3s.add(set);
+                  nsec3Signer = set.getSignerName();
+                }
+              }
+
+              this.n3valUtils.stripUnknownAlgNSEC3s(nsec3s);
+              if ((!hasValidNSEC || !hasValidWCNSEC) && !nsec3s.isEmpty()) {
+                log.debug("Validating nxdomain: using NSEC3 records");
+
+                // Attempt to prove name error with nsec3 records.
+                if (this.n3valUtils.allNSEC3sIgnorable(nsec3s, this.keyCache)) {
+                  response.setStatus(SecurityStatus.INSECURE, -1, R.get("failed.nsec3_ignored"));
+                  return completedFuture(null);
+                }
+
+                SecurityStatus status =
+                    this.n3valUtils.proveNameError(nsec3s, qname, nsec3Signer, nsec3State);
+                if (status != SecurityStatus.SECURE) {
+                  if (status == SecurityStatus.INSECURE) {
+                    response.setStatus(status, -1, R.get("failed.nxdomain.nsec3_insecure"));
+                  } else {
+                    response.setStatus(
+                        status,
+                        ExtendedErrorCodeOption.DNSSEC_BOGUS,
+                        R.get("failed.nxdomain.nsec3_bogus"));
+                  }
+
+                  return completedFuture(null);
+                }
+
+                // Note that we assume that the NSEC3ValUtils proofs encompass the
+                // wildcard part of the proof.
+                hasValidNSEC = true;
+                hasValidWCNSEC = true;
+              }
+
+              if (!hasValidNSEC || !hasValidWCNSEC) {
+                boolean hasValidNSEC2 = hasValidNSEC;
+
+                // Be lenient with RCODE in NSEC NameError responses
+                return this.validateNodataResponse(request, response, nsec3State, executor)
+                    .thenRun(
+                        () -> {
+                          if (response.getStatus() == SecurityStatus.SECURE) {
+                            response.getHeader().setRcode(Rcode.NOERROR);
+                          } else {
+                            // If the message fails to prove either condition, it is bogus.
+                            if (!hasValidNSEC2) {
+                              response.setBogus(
+                                  R.get(
+                                      "failed.nxdomain.exists", response.getQuestion().getName()));
+                              return;
+                            }
+
+                            response.setBogus(R.get("failed.nxdomain.haswildcard"));
+                          }
+                        });
+              }
+
+              // Otherwise, we consider the message secure.
+              log.trace("Successfully validated NAME ERROR response");
+              response.setStatus(SecurityStatus.SECURE, -1);
+              return completedFuture(null);
+            })
+        .exceptionally(ex -> null);
+  }
+
+  private CompletionStage<Void> validateNameErrorResponseRecursive(
+      SMessage response, AtomicInteger setIndex, Executor executor) {
+    if (setIndex.get() >= response.getSectionRRsets(Section.AUTHORITY).size()) {
+      return completedFuture(null);
+    }
+
+    SRRset set = response.getSectionRRsets(Section.AUTHORITY).get(setIndex.getAndIncrement());
+    return this.prepareFindKey(set, executor)
+        .thenCompose(
+            ke -> {
+              JustifiedSecStatus kve = ke.validateKeyFor(set);
+              if (kve != null) {
+                kve.applyToResponse(response);
+                return this.failedFuture(new Exception(kve.reason));
+              }
+
+              JustifiedSecStatus res = this.valUtils.verifySRRset(set, ke, this.clock.instant());
+              if (res.status != SecurityStatus.SECURE) {
+                response.setBogus(R.get("failed.nxdomain.authority", set));
+                return this.failedFuture(new Exception("failed.nxdomain.authority"));
+              }
+
+              return this.validateNameErrorResponseRecursive(response, setIndex, executor);
+            });
+  }
+
+  private CompletionStage<SMessage> sendRequest(Message request, Executor executor) {
+    Record q = request.getQuestion();
+    log.trace(
+        "Sending request: <{}/{}/{}>",
+        q.getName(),
+        Type.string(q.getType()),
+        DClass.string(q.getDClass()));
+
+    // Send the request along by using a local copy of the request
+    Message localRequest = request.clone();
+    localRequest.getHeader().setFlag(Flags.CD);
+    return this.headResolver
+        .sendAsync(localRequest, executor)
+        .thenApply(message -> new SMessage(message.normalize(localRequest)));
+  }
+
+  private CompletionStage<KeyEntry> prepareFindKey(SRRset rrset, Executor executor) {
+    FindKeyState state = new FindKeyState();
+    state.signerName = rrset.getSignerName();
+    state.qclass = rrset.getDClass();
+
+    if (state.signerName == null) {
+      state.signerName = rrset.getName();
+    }
+
+    RRset trustAnchorRRset = this.trustAnchors.find(state.signerName, rrset.getDClass());
+    if (trustAnchorRRset == null) {
+      // response isn't under a trust anchor, so we cannot validate.
+      KeyEntry ke =
+          KeyEntry.newNullKeyEntry(state.signerName, rrset.getDClass(), DEFAULT_TA_BAD_KEY_TTL);
+      return completedFuture(ke);
+    }
+
+    SRRset trustAnchorSRRset = new SRRset(trustAnchorRRset);
+    trustAnchorSRRset.setSecurityStatus(SecurityStatus.SECURE);
+    state.keyEntry = this.keyCache.find(state.signerName, rrset.getDClass());
+    if (state.keyEntry == null
+        || (!state.keyEntry.getName().equals(state.signerName) && state.keyEntry.isGood())) {
+      // start the FINDKEY phase with the trust anchor
+      if (trustAnchorSRRset.getType() == Type.DS) {
+        state.dsRRset = trustAnchorSRRset;
+        state.keyEntry = null;
+        state.currentDSKeyName = new Name(trustAnchorRRset.getName(), 1);
+        // and otherwise, don't continue processing this event.
+        // (it will be reactivated when the priming query returns).
+        return this.processFindKey(state, executor).thenApply(v -> state.keyEntry);
+      } else {
+        state.keyEntry = KeyEntry.newKeyEntry(trustAnchorSRRset);
+        state.keyEntry.setSecurityStatus(SecurityStatus.SECURE);
+        this.keyCache.store(state.keyEntry);
+      }
+    }
+
+    return completedFuture(state.keyEntry);
+  }
+
+  /**
+   * Process the FINDKEY state. Generally this just calculates the next name to query and either
+   * issues a DS or a DNSKEY query. It will check to see if the correct key has already been
+   * reached, in which case it will advance the event to the next state.
+   *
+   * @param state The state associated with the current key finding phase.
+   */
+  private CompletionStage<Void> processFindKey(FindKeyState state, Executor executor) {
+    // We know that state.keyEntry is not a null or bad key -- if it were,
+    // then previous processing should have directed this event to a
+    // different state.
+    int qclass = state.qclass;
+    Name targetKeyName = state.signerName;
+    Name currentKeyName = Name.empty;
+    if (state.keyEntry != null) {
+      currentKeyName = state.keyEntry.getName();
+    }
+
+    if (state.currentDSKeyName != null) {
+      currentKeyName = state.currentDSKeyName;
+      state.currentDSKeyName = null;
+    }
+
+    // If our current key entry matches our target, then we are done.
+    if (currentKeyName.equals(targetKeyName)) {
+      return completedFuture(null);
+    }
+
+    if (state.emptyDSName != null) {
+      currentKeyName = state.emptyDSName;
+    }
+
+    // Calculate the next lookup name.
+    int targetLabels = targetKeyName.labels();
+    int currentLabels = currentKeyName.labels();
+    int l = targetLabels - currentLabels - 1;
+
+    // the next key name would be trying to invent a name, so we stop here
+    if (l < 0) {
+      return completedFuture(null);
+    }
+
+    Name nextKeyName = new Name(targetKeyName, l);
+    log.trace(
+        "Key search: targetKeyName = {}, currentKeyName = {}, nextKeyName = {}",
+        targetKeyName,
+        currentKeyName,
+        nextKeyName);
+
+    // The next step is either to query for the next DS, or to query for the
+    // next DNSKEY.
+    if (state.dsRRset == null || !state.dsRRset.getName().equals(nextKeyName)) {
+      Message dsRequest = Message.newQuery(Record.newRecord(nextKeyName, Type.DS, qclass));
+      return this.sendRequest(dsRequest, executor)
+          .thenComposeAsync(
+              dsResponse -> this.processDSResponse(dsRequest, dsResponse, state, executor));
+    }
+
+    // Otherwise, it is time to query for the DNSKEY
+    Message dnskeyRequest =
+        Message.newQuery(Record.newRecord(state.dsRRset.getName(), Type.DNSKEY, qclass));
+    return this.sendRequest(dnskeyRequest, executor)
+        .thenComposeAsync(
+            dnskeyResponse ->
+                this.processDNSKEYResponse(dnskeyRequest, dnskeyResponse, state, executor));
+  }
+
+  /**
+   * Given a DS response, the DS request, and the current key rrset, validate the DS response,
+   * returning a KeyEntry.
+   *
+   * @param response The DS response.
+   * @param request The DS request.
+   * @param keyRrset The current DNSKEY rrset from the forEvent state.
+   * @return A KeyEntry, bad if the DS response fails to validate, null if the DS response indicated
+   *     an end to secure space, good if the DS validated. It returns null if the DS response
+   *     indicated that the request wasn't a delegation point.
+   */
+  private KeyEntry dsResponseToKE(SMessage response, Message request, KeyEntry keyRrset) {
+    Name qname = request.getQuestion().getName();
+    int qclass = request.getQuestion().getDClass();
+
+    JustifiedSecStatus res;
+    ResponseClassification subtype = ValUtils.classifyResponse(request, response);
+
+    KeyEntry bogusKE = KeyEntry.newBadKeyEntry(qname, qclass, DEFAULT_TA_BAD_KEY_TTL);
+    switch (subtype) {
+      case POSITIVE:
+        // Verify only returns BOGUS or SECURE. If the rrset is bogus,
+        // then we are done.
+        SRRset dsRrset = response.findAnswerRRset(qname, Type.DS, qclass);
+        res = this.valUtils.verifySRRset(dsRrset, keyRrset, this.clock.instant());
+        if (res.status != SecurityStatus.SECURE) {
+          bogusKE.setBadReason(res.edeReason, res.reason);
+          return bogusKE;
+        }
+
+        if (!valUtils.atLeastOneSupportedAlgorithm(dsRrset)) {
+          KeyEntry nullKey = KeyEntry.newNullKeyEntry(qname, qclass, dsRrset.getTTL());
+          nullKey.setBadReason(
+              ExtendedErrorCodeOption.UNSUPPORTED_DNSKEY_ALGORITHM,
+              R.get("insecure.ds.noalgorithms", qname));
+          return nullKey;
+        }
+
+        // Otherwise, we return the positive response.
+        log.trace("DS RRset was good");
+        return KeyEntry.newKeyEntry(dsRrset);
+
+      case CNAME:
+        // Verify only returns BOGUS or SECURE. If the rrset is bogus,
+        // then we are done.
+        SRRset cnameRrset = response.findAnswerRRset(qname, Type.CNAME, qclass);
+        res = this.valUtils.verifySRRset(cnameRrset, keyRrset, this.clock.instant());
+        if (res.status == SecurityStatus.SECURE) {
+          return null;
+        }
+
+        bogusKE.setBadReason(ExtendedErrorCodeOption.DNSSEC_BOGUS, R.get("failed.ds.cname"));
+        return bogusKE;
+
+      case NODATA:
+      case NAMEERROR:
+        return this.dsResponseToKeForNodata(response, request, keyRrset);
+
+      default:
+        // We've encountered an unhandled classification for this
+        // response.
+        bogusKE.setBadReason(
+            ExtendedErrorCodeOption.DNSSEC_BOGUS, R.get("failed.ds.notype", subtype));
+        return bogusKE;
+    }
+  }
+
+  /**
+   * Given a DS response, the DS request, and the current key rrset, validate the DS response for
+   * the NODATA case, returning a KeyEntry.
+   *
+   * @param response The DS response.
+   * @param request The DS request.
+   * @param keyRrset The current DNSKEY rrset from the forEvent state.
+   * @return A KeyEntry, bad if the DS response fails to validate, null if the DS response indicated
+   *     an end to secure space, good if the DS validated. It returns null if the DS response
+   *     indicated that the request wasn't a delegation point.
+   */
+  private KeyEntry dsResponseToKeForNodata(SMessage response, Message request, KeyEntry keyRrset) {
+    Name qname = request.getQuestion().getName();
+    int qclass = request.getQuestion().getDClass();
+    KeyEntry bogusKE = KeyEntry.newBadKeyEntry(qname, qclass, DEFAULT_TA_BAD_KEY_TTL);
+
+    if (!this.valUtils.hasSignedNsecs(response)) {
+      bogusKE.setBadReason(
+          ExtendedErrorCodeOption.RRSIGS_MISSING, R.get("failed.ds.nonsec", qname));
+      return bogusKE;
+    }
+
+    // Try to prove absence of the DS with NSEC
+    JustifiedSecStatus status =
+        this.valUtils.nsecProvesNodataDsReply(request, response, keyRrset, this.clock.instant());
+    switch (status.status) {
+      case SECURE:
+        KeyEntry nullKey = KeyEntry.newNullKeyEntry(qname, qclass, DEFAULT_TA_BAD_KEY_TTL);
+        nullKey.setBadReason(-1, R.get("insecure.ds.nsec"));
+        return nullKey;
+      case INSECURE:
+        return null;
+      case BOGUS:
+        bogusKE.setBadReason(status.edeReason, status.reason);
+        return bogusKE;
+      default:
+        // NSEC proof did not work, try NSEC3
+        break;
+    }
+
+    // Or it could be using NSEC3.
+    List<SRRset> nsec3Rrsets = response.getSectionRRsets(Section.AUTHORITY, Type.NSEC3);
+    List<SRRset> nsec3s = new ArrayList<>(0);
+    Name nsec3Signer = null;
+    long nsec3TTL = -1;
+    if (!nsec3Rrsets.isEmpty()) {
+      // Attempt to prove no DS with NSEC3s.
+      for (SRRset nsec3set : nsec3Rrsets) {
+        JustifiedSecStatus res =
+            this.valUtils.verifySRRset(nsec3set, keyRrset, this.clock.instant());
+        if (res.status != SecurityStatus.SECURE) {
+          // We could just fail here as there is an invalid rrset, but
+          // skipping doesn't matter because we might not need it or
+          // the proof will fail anyway.
+          log.debug("Skipping bad NSEC3");
+          continue;
+        }
+
+        nsec3Signer = nsec3set.getSignerName();
+        if (nsec3TTL < 0 || nsec3set.getTTL() < nsec3TTL) {
+          nsec3TTL = nsec3set.getTTL();
+        }
+
+        nsec3s.add(nsec3set);
+      }
+
+      Nsec3ValidationState nsec3State = new Nsec3ValidationState();
+      switch (this.n3valUtils.proveNoDS(nsec3s, qname, nsec3Signer, nsec3State)) {
+        case INSECURE:
+        case SECURE:
+          // case insecure also continues to unsigned space.
+          // If nsec3-iter-count too high or optout, then treat below as unsigned
+          KeyEntry nullKey = KeyEntry.newNullKeyEntry(qname, qclass, nsec3TTL);
+          nullKey.setBadReason(-1, R.get("insecure.ds.nsec3"));
+          return nullKey;
+        case INDETERMINATE:
+          log.debug("NSEC3s for the referral proved no delegation");
+          return null;
+        case BOGUS:
+          bogusKE.setBadReason(ExtendedErrorCodeOption.DNSSEC_BOGUS, R.get("failed.ds.nsec3"));
+          return bogusKE;
+        default:
+          bogusKE.setBadReason(ExtendedErrorCodeOption.DNSSEC_BOGUS, R.get("unknown.ds.nsec3"));
+          return bogusKE;
+      }
+    }
+
+    // Apparently no available NSEC/NSEC3 proved NODATA, so this is
+    // BOGUS.
+    bogusKE.setBadReason(ExtendedErrorCodeOption.DNSSEC_BOGUS, R.get("failed.ds.unknown"));
+    return bogusKE;
+  }
+
+  /**
+   * This handles the responses to locally generated DS queries.
+   *
+   * @param request The request for which the response is processed.
+   * @param response The response to process.
+   * @param state The state associated with the current key finding phase.
+   */
+  private CompletionStage<Void> processDSResponse(
+      Message request, SMessage response, FindKeyState state, Executor executor) {
+    Name qname = request.getQuestion().getName();
+
+    state.emptyDSName = null;
+    state.dsRRset = null;
+
+    KeyEntry dsKE = this.dsResponseToKE(response, request, state.keyEntry);
+    if (dsKE == null) {
+      // DS response indicated that we aren't on a delegation point.
+      state.emptyDSName = qname;
+    } else if (dsKE.isGood()) {
+      state.dsRRset = dsKE;
+      state.currentDSKeyName = new Name(dsKE.getName(), 1);
+    } else {
+      // The reason for the DS to be not good (that is, either bad
+      // or null) should have been logged by dsResponseToKE.
+      state.keyEntry = dsKE;
+      if (dsKE.isNull()) {
+        this.keyCache.store(dsKE);
+      }
+
+      // The FINDKEY phase has ended, so move on.
+      return completedFuture(null);
+    }
+
+    return this.processFindKey(state, executor);
+  }
+
+  private CompletionStage<Void> processDNSKEYResponse(
+      Message request, SMessage response, FindKeyState state, Executor executor) {
+    Name qname = request.getQuestion().getName();
+    int qclass = request.getQuestion().getDClass();
+
+    SRRset dnskeyRrset = response.findAnswerRRset(qname, Type.DNSKEY, qclass);
+    if (dnskeyRrset == null) {
+      // If the DNSKEY rrset was missing, this is the end of the line.
+      state.keyEntry = KeyEntry.newBadKeyEntry(qname, qclass, DEFAULT_TA_BAD_KEY_TTL);
+      state.keyEntry.setBadReason(
+          ExtendedErrorCodeOption.DNSKEY_MISSING, R.get("dnskey.no_rrset", qname));
+      return completedFuture(null);
+    }
+
+    state.keyEntry =
+        this.valUtils.verifyNewDNSKEYs(
+            dnskeyRrset, state.dsRRset, DEFAULT_TA_BAD_KEY_TTL, this.clock.instant());
+
+    // If the key entry isBad or isNull, then we can move on to the next
+    // state.
+    if (!state.keyEntry.isGood()) {
+      return completedFuture(null);
+    }
+
+    // The DNSKEY validated, so cache it as a trusted key rrset.
+    this.keyCache.store(state.keyEntry);
+
+    // If good, we stay in the FINDKEY state.
+    return this.processFindKey(state, executor);
+  }
+
+  private CompletionStage<SMessage> processValidate(
+      Message request, SMessage response, Executor executor) {
+    ResponseClassification subtype = ValUtils.classifyResponse(request, response);
+    if (subtype != ResponseClassification.REFERRAL) {
+      this.removeSpuriousAuthority(response);
+    }
+
+    Nsec3ValidationState nsec3State = new Nsec3ValidationState();
+    CompletionStage<Void> completionStage;
+    switch (subtype) {
+      case POSITIVE:
+      case CNAME:
+      case ANY:
+        log.trace("Validating a positive response");
+        completionStage = this.validatePositiveResponse(request, response, nsec3State, executor);
+        break;
+
+      case NODATA:
+        log.trace("Validating a nodata response");
+        completionStage = this.validateNodataResponse(request, response, nsec3State, executor);
+        break;
+
+      case CNAME_NODATA:
+        log.trace("Validating a CNAME_NODATA response");
+        completionStage =
+            this.validatePositiveResponse(request, response, nsec3State, executor)
+                .thenCompose(
+                    v -> {
+                      if (response.getStatus() != SecurityStatus.INSECURE) {
+                        response.setStatus(SecurityStatus.UNCHECKED, -1);
+                        return this.validateNodataResponse(request, response, nsec3State, executor);
+                      }
+
+                      return completedFuture(null);
+                    });
+        break;
+
+      case NAMEERROR:
+        log.trace("Validating a nxdomain response");
+        completionStage = this.validateNameErrorResponse(request, response, nsec3State, executor);
+        break;
+
+      case CNAME_NAMEERROR:
+        log.trace("Validating a cname_nxdomain response");
+        completionStage =
+            this.validatePositiveResponse(request, response, nsec3State, executor)
+                .thenCompose(
+                    v -> {
+                      if (response.getStatus() != SecurityStatus.INSECURE) {
+                        response.setStatus(SecurityStatus.UNCHECKED, -1);
+                        return this.validateNameErrorResponse(
+                            request, response, nsec3State, executor);
+                      }
+
+                      return completedFuture(null);
+                    });
+        break;
+
+      default:
+        response.setBogus(R.get("validate.response.unknown", subtype));
+        completionStage = completedFuture(null);
+        break;
+    }
+
+    return completionStage.thenApply(v -> this.processFinishedState(request, response));
+  }
+
+  /**
+   * Apply any final massaging to a response before returning up the pipeline. Primarily this means
+   * setting the AD bit or not and possibly stripping DNSSEC data.
+   */
+  private SMessage processFinishedState(Message request, SMessage response) {
+    // If the response message validated, set the AD bit.
+    SecurityStatus status = response.getStatus();
+    String reason = response.getBogusReason();
+    int edeReason = response.getEdeReason();
+    switch (status) {
+      case BOGUS:
+        // For now, in the absence of any other API information, we
+        // return SERVFAIL.
+        int code = response.getHeader().getRcode();
+        if (code == Rcode.NOERROR || code == Rcode.NXDOMAIN) {
+          code = Rcode.SERVFAIL;
+        }
+
+        response = ValidatingResolver.errorMessage(request, code);
+        break;
+      case SECURE:
+        response.getHeader().setFlag(Flags.AD);
+        break;
+      case UNCHECKED:
+      case INSECURE:
+        break;
+      default:
+        throw new IllegalArgumentException("unexpected security status");
+    }
+
+    response.setStatus(status, edeReason, reason);
+    return response;
+  }
+
+  // Resolver-interface implementation --------------------------------------
+
+  /**
+   * Forwards the data to the head resolver passed at construction time.
+   *
+   * @param port The IP destination port for the queries sent.
+   * @see Resolver#setPort(int)
+   */
+  @Override
+  public void setPort(int port) {
+    this.headResolver.setPort(port);
+  }
+
+  /**
+   * Forwards the data to the head resolver passed at construction time.
+   *
+   * @param flag <code>true</code> to enable TCP, <code>false</code> to disable it.
+   * @see Resolver#setTCP(boolean)
+   */
+  @Override
+  public void setTCP(boolean flag) {
+    this.headResolver.setTCP(flag);
+  }
+
+  /**
+   * This is a no-op, truncation is never ignored.
+   *
+   * @param flag unused
+   */
+  @Override
+  public void setIgnoreTruncation(boolean flag) {
+    // never ignore
+  }
+
+  /**
+   * The method is forwarded to the resolver, but always ensure that the level is 0 and the flags
+   * contains DO.
+   *
+   * @param version The EDNS level to use. 0 indicates EDNS0.
+   * @param payloadSize The maximum DNS packet size that this host is capable of receiving over UDP.
+   *     If 0 is specified, the default (1280) is used.
+   * @param flags EDNS extended flags to be set in the OPT record, {@link ExtendedFlags#DO} is
+   *     always appended.
+   * @param options EDNS options to be set in the OPT record, specified as a List of
+   *     OPTRecord.Option elements.
+   * @see Resolver#setEDNS(int, int, int, List)
+   */
+  @Override
+  public void setEDNS(int version, int payloadSize, int flags, List<EDNSOption> options) {
+    if (version == -1) {
+      throw new IllegalArgumentException("EDNS cannot be disabled");
+    }
+
+    this.headResolver.setEDNS(version, payloadSize, flags | ExtendedFlags.DO, options);
+  }
+
+  /**
+   * Forwards the data to the head resolver passed at construction time.
+   *
+   * @param key The key.
+   * @see Resolver#setTSIGKey(TSIG)
+   */
+  @Override
+  public void setTSIGKey(TSIG key) {
+    this.headResolver.setTSIGKey(key);
+  }
+
+  @Override
+  public Duration getTimeout() {
+    return this.headResolver.getTimeout();
+  }
+
+  @Override
+  public void setTimeout(Duration duration) {
+    this.headResolver.setTimeout(duration);
+  }
+
+  /**
+   * Asynchronously sends a message and validates the response with DNSSEC before returning it.
+   *
+   * @param query The query to send.
+   * @param executor The service to use for async operations.
+   * @return A future that completes when the query is finished.
+   */
+  @Override
+  public CompletionStage<Message> sendAsync(Message query, Executor executor) {
+    return this.sendRequest(query, executor)
+        .thenCompose(
+            response -> {
+              response.getHeader().unsetFlag(Flags.AD);
+
+              // If the CD bit is set, do not process the (cached) validation status.
+              if (query.getHeader().getFlag(Flags.CD)) {
+                return completedFuture(response.getMessage());
+              }
+
+              // Positive RRSIG responses cannot be validated as there are no
+              // signatures on signatures. Negative answers CAN be validated.
+              Message rrsigResponse = response.getMessage();
+              if (query.getQuestion().getType() == Type.RRSIG
+                  && rrsigResponse.getHeader().getRcode() == Rcode.NOERROR
+                  && !rrsigResponse.getSectionRRsets(Section.ANSWER).isEmpty()) {
+                rrsigResponse.getHeader().unsetFlag(Flags.AD);
+                return completedFuture(rrsigResponse);
+              }
+
+              return this.processValidate(query, response, executor)
+                  .thenApply(
+                      validated -> {
+                        Message m = validated.getMessage();
+                        String reason = validated.getBogusReason();
+                        if (reason != null) {
+                          applyEdeToOpt(validated, m);
+                          if (isAddReasonToAdditional) {
+                            addValidationReasonTxtRecord(m, reason);
+                          }
+                        }
+
+                        return m;
+                      });
+            });
+  }
+
+  private void applyEdeToOpt(SMessage validated, Message m) {
+    if (validated.getEdeReason() <= -1) {
+      return;
+    }
+
+    OPTRecord old = m.getOPT();
+    OPTRecord newOpt;
+    List<EDNSOption> options = new ArrayList<>();
+    options.add(new ExtendedErrorCodeOption(validated.getEdeReason(), validated.getBogusReason()));
+    if (old != null) {
+      options.addAll(
+          old.getOptions().stream()
+              .filter(o -> o.getCode() != Code.EDNS_EXTENDED_ERROR)
+              .collect(Collectors.toList()));
+      newOpt =
+          new OPTRecord(
+              old.getPayloadSize(),
+              old.getExtendedRcode(),
+              old.getVersion(),
+              old.getFlags(),
+              options);
+      m.removeRecord(m.getOPT(), Section.ADDITIONAL);
+    } else {
+      newOpt = new OPTRecord(SimpleResolver.DEFAULT_EDNS_PAYLOADSIZE, 0, 0, 0, options);
+    }
+    m.addRecord(newOpt, Section.ADDITIONAL);
+  }
+
+  private void addValidationReasonTxtRecord(Message m, String reason) {
+    final int maxTxtRecordStringLength = 255;
+    String[] parts = new String[reason.length() / maxTxtRecordStringLength + 1];
+    for (int i = 0; i < parts.length; i++) {
+      int length = Math.min((i + 1) * maxTxtRecordStringLength, reason.length());
+      parts[i] = reason.substring(i * maxTxtRecordStringLength, length);
+    }
+
+    m.addRecord(
+        new TXTRecord(Name.root, VALIDATION_REASON_QCLASS, 0, Arrays.asList(parts)),
+        Section.ADDITIONAL);
+  }
+
+  /**
+   * Creates a response message with the given return code.
+   *
+   * @param request The request for which the response belongs.
+   * @param rcode The response code, @see Rcode
+   * @return The response message for <code>request</code>.
+   */
+  private static SMessage errorMessage(Message request, int rcode) {
+    SMessage m = new SMessage(request.getHeader().getID(), request.getQuestion());
+    Header h = m.getHeader();
+    h.setRcode(rcode);
+    h.setFlag(Flags.QR);
+
+    return m;
+  }
+}
diff --git a/src/main/java/org/xbill/DNS/hosts/HostsFileParser.java b/src/main/java/org/xbill/DNS/hosts/HostsFileParser.java
index 2e6ac420a..cd5dfb88d 100644
--- a/src/main/java/org/xbill/DNS/hosts/HostsFileParser.java
+++ b/src/main/java/org/xbill/DNS/hosts/HostsFileParser.java
@@ -8,12 +8,15 @@
 import java.nio.file.Files;
 import java.nio.file.Path;
 import java.nio.file.Paths;
+import java.time.Clock;
+import java.time.Duration;
 import java.time.Instant;
 import java.util.Arrays;
-import java.util.HashMap;
 import java.util.Map;
 import java.util.Objects;
 import java.util.Optional;
+import java.util.concurrent.ConcurrentHashMap;
+import java.util.concurrent.atomic.AtomicInteger;
 import lombok.RequiredArgsConstructor;
 import lombok.extern.slf4j.Slf4j;
 import org.xbill.DNS.Address;
@@ -29,13 +32,25 @@
  */
 @Slf4j
 public final class HostsFileParser {
-  private static final int MAX_FULL_CACHE_FILE_SIZE_BYTES = 16384;
+  private final int maxFullCacheFileSizeBytes =
+      Integer.parseInt(System.getProperty("dnsjava.hostsfile.max_size_bytes", "16384"));
+  private final Duration fileChangeCheckInterval =
+      Duration.ofMillis(
+          Integer.parseInt(
+              System.getProperty("dnsjava.hostsfile.change_check_interval_ms", "300000")));
 
-  private final Map<String, InetAddress> hostsCache = new HashMap<>();
   private final Path path;
   private final boolean clearCacheOnChange;
+  private Clock clock = Clock.systemUTC();
+
+  @SuppressWarnings("java:S3077")
+  private volatile Map<String, InetAddress> hostsCache;
+
+  private Instant lastFileModificationCheckTime = Instant.MIN;
   private Instant lastFileReadTime = Instant.MIN;
   private boolean isEntireFileParsed;
+  private boolean hostsFileWarningLogged = false;
+  private long hostsFileSizeBytes;
 
   /**
    * Creates a new instance based on the current OS's default. Unix and alike (or rather everything
@@ -85,8 +100,7 @@ public HostsFileParser(Path path, boolean clearCacheOnChange) {
    * @throws IllegalArgumentException when {@code type} is not {@link org.xbill.DNS.Type#A} or{@link
    *     org.xbill.DNS.Type#AAAA}.
    */
-  public synchronized Optional<InetAddress> getAddressForHost(Name name, int type)
-      throws IOException {
+  public Optional<InetAddress> getAddressForHost(Name name, int type) throws IOException {
     Objects.requireNonNull(name, "name is required");
     if (type != Type.A && type != Type.AAAA) {
       throw new IllegalArgumentException("type can only be A or AAAA");
@@ -99,13 +113,11 @@ public synchronized Optional<InetAddress> getAddressForHost(Name name, int type)
       return Optional.of(cachedAddress);
     }
 
-    if (isEntireFileParsed || !Files.exists(path)) {
+    if (isEntireFileParsed) {
       return Optional.empty();
     }
 
-    if (Files.size(path) <= MAX_FULL_CACHE_FILE_SIZE_BYTES) {
-      parseEntireHostsFile();
-    } else {
+    if (hostsFileSizeBytes > maxFullCacheFileSizeBytes) {
       searchHostsFileForEntry(name, type);
     }
 
@@ -115,9 +127,11 @@ public synchronized Optional<InetAddress> getAddressForHost(Name name, int type)
   private void parseEntireHostsFile() throws IOException {
     String line;
     int lineNumber = 0;
+    AtomicInteger addressFailures = new AtomicInteger(0);
+    AtomicInteger nameFailures = new AtomicInteger(0);
     try (BufferedReader hostsReader = Files.newBufferedReader(path, StandardCharsets.UTF_8)) {
       while ((line = hostsReader.readLine()) != null) {
-        LineData lineData = parseLine(++lineNumber, line);
+        LineData lineData = parseLine(++lineNumber, line, addressFailures, nameFailures);
         if (lineData != null) {
           for (Name lineName : lineData.names) {
             InetAddress lineAddress =
@@ -128,15 +142,24 @@ private void parseEntireHostsFile() throws IOException {
       }
     }
 
-    isEntireFileParsed = true;
+    if (!hostsFileWarningLogged && (addressFailures.get() > 0 || nameFailures.get() > 0)) {
+      log.warn(
+          "Failed to parse entire hosts file {}, address failures={}, name failures={}",
+          path,
+          addressFailures.get(),
+          nameFailures);
+      hostsFileWarningLogged = true;
+    }
   }
 
   private void searchHostsFileForEntry(Name name, int type) throws IOException {
     String line;
     int lineNumber = 0;
+    AtomicInteger addressFailures = new AtomicInteger(0);
+    AtomicInteger nameFailures = new AtomicInteger(0);
     try (BufferedReader hostsReader = Files.newBufferedReader(path, StandardCharsets.UTF_8)) {
       while ((line = hostsReader.readLine()) != null) {
-        LineData lineData = parseLine(++lineNumber, line);
+        LineData lineData = parseLine(++lineNumber, line, addressFailures, nameFailures);
         if (lineData != null) {
           for (Name lineName : lineData.names) {
             boolean isSearchedEntry = lineName.equals(name);
@@ -150,6 +173,16 @@ private void searchHostsFileForEntry(Name name, int type) throws IOException {
         }
       }
     }
+
+    if (!hostsFileWarningLogged && (addressFailures.get() > 0 || nameFailures.get() > 0)) {
+      log.warn(
+          "Failed to find {} in hosts file {}, address failures={}, name failures={}",
+          name,
+          path,
+          addressFailures.get(),
+          nameFailures);
+      hostsFileWarningLogged = true;
+    }
   }
 
   @RequiredArgsConstructor
@@ -159,7 +192,8 @@ private static final class LineData {
     final Iterable<? extends Name> names;
   }
 
-  private LineData parseLine(int lineNumber, String line) {
+  private LineData parseLine(
+      int lineNumber, String line, AtomicInteger addressFailures, AtomicInteger nameFailures) {
     String[] lineTokens = getLineTokens(line);
     if (lineTokens.length < 2) {
       return null;
@@ -173,24 +207,26 @@ private LineData parseLine(int lineNumber, String line) {
     }
 
     if (lineAddressBytes == null) {
-      log.warn("Could not decode address {}, {}#L{}", lineTokens[0], path, lineNumber);
+      log.debug("Could not decode address {}, {}#L{}", lineTokens[0], path, lineNumber);
+      addressFailures.incrementAndGet();
       return null;
     }
 
     Iterable<? extends Name> lineNames =
         Arrays.stream(lineTokens)
                 .skip(1)
-                .map(lineTokenName -> safeName(lineTokenName, lineNumber))
+                .map(lineTokenName -> safeName(lineTokenName, lineNumber, nameFailures))
                 .filter(Objects::nonNull)
             ::iterator;
     return new LineData(lineAddressType, lineAddressBytes, lineNames);
   }
 
-  private Name safeName(String name, int lineNumber) {
+  private Name safeName(String name, int lineNumber, AtomicInteger nameFailures) {
     try {
       return Name.fromString(name, Name.root);
     } catch (TextParseException e) {
-      log.warn("Could not decode name {}, {}#L{}, skipping", name, path, lineNumber);
+      log.debug("Could not decode name {}, {}#L{}, skipping", name, path, lineNumber);
+      nameFailures.incrementAndGet();
       return null;
     }
   }
@@ -206,21 +242,61 @@ private String[] getLineTokens(String line) {
   }
 
   private void validateCache() throws IOException {
-    if (clearCacheOnChange) {
+    if (!clearCacheOnChange) {
+      if (hostsCache == null) {
+        synchronized (this) {
+          if (hostsCache == null) {
+            readHostsFile();
+          }
+        }
+      }
+
+      return;
+    }
+
+    if (lastFileModificationCheckTime.plus(fileChangeCheckInterval).isBefore(clock.instant())) {
+      log.debug("Checked for changes more than 5minutes ago, checking");
       // A filewatcher / inotify etc. would be nicer, but doesn't work. c.f. the write up at
       // https://blog.arkey.fr/2019/09/13/watchservice-and-bind-mount/
-      Instant fileTime =
-          Files.exists(path) ? Files.getLastModifiedTime(path).toInstant() : Instant.MAX;
-      if (fileTime.isAfter(lastFileReadTime)) {
-        // skip logging noise when the cache is empty anyway
-        if (!hostsCache.isEmpty()) {
-          log.info("Local hosts database has changed at {}, clearing cache", fileTime);
-          hostsCache.clear();
+
+      synchronized (this) {
+        if (!lastFileModificationCheckTime
+            .plus(fileChangeCheckInterval)
+            .isBefore(clock.instant())) {
+          log.debug("Never mind, check fulfilled in another thread");
+          return;
+        }
+
+        lastFileModificationCheckTime = clock.instant();
+        readHostsFile();
+      }
+    }
+  }
+
+  private void readHostsFile() throws IOException {
+    if (Files.exists(path)) {
+      Instant fileTime = Files.getLastModifiedTime(path).toInstant();
+      if (!lastFileReadTime.equals(fileTime)) {
+        createOrClearCache();
+
+        hostsFileSizeBytes = Files.size(path);
+        if (hostsFileSizeBytes <= maxFullCacheFileSizeBytes) {
+          parseEntireHostsFile();
+          isEntireFileParsed = true;
         }
 
-        isEntireFileParsed = false;
         lastFileReadTime = fileTime;
       }
+    } else {
+      createOrClearCache();
+    }
+  }
+
+  private void createOrClearCache() {
+    if (hostsCache == null) {
+      hostsCache = new ConcurrentHashMap<>();
+    } else {
+      hostsCache.clear();
     }
   }
 
@@ -230,6 +306,10 @@ private String key(Name name, int type) {
 
   // for unit testing only
   int cacheSize() {
-    return hostsCache.size();
+    return hostsCache == null ? 0 : hostsCache.size();
+  }
+
+  void setClock(Clock clock) {
+    this.clock = clock;
   }
 }
diff --git a/src/main/java/org/xbill/DNS/io/DefaultIoClientFactory.java b/src/main/java/org/xbill/DNS/io/DefaultIoClientFactory.java
new file mode 100644
index 000000000..04d173f2c
--- /dev/null
+++ b/src/main/java/org/xbill/DNS/io/DefaultIoClientFactory.java
@@ -0,0 +1,30 @@
+// SPDX-License-Identifier: BSD-3-Clause
+package org.xbill.DNS.io;
+
+import org.xbill.DNS.DefaultIoClient;
+import org.xbill.DNS.SimpleResolver;
+
+/**
+ * Serves as a default implementation that is used by the {@link SimpleResolver}, unless otherwise
+ * configured. This preserves the default behavior (to use the built-in NIO clients) while allowing
+ * flexibility at the point of use.
+ *
+ * @since 3.6
+ */
+public class DefaultIoClientFactory implements IoClientFactory {
+  /**
+   * Shared instance because it only serves as a bridge to the static NIO classes and does not need
+   * to be different per class.
+   */
+  private static final DefaultIoClient RESOLVER_CLIENT = new DefaultIoClient();
+
+  @Override
+  public TcpIoClient createOrGetTcpClient() {
+    return RESOLVER_CLIENT;
+  }
+
+  @Override
+  public UdpIoClient createOrGetUdpClient() {
+    return RESOLVER_CLIENT;
+  }
+}
diff --git a/src/main/java/org/xbill/DNS/io/IoClientFactory.java b/src/main/java/org/xbill/DNS/io/IoClientFactory.java
new file mode 100644
index 000000000..70154ff2e
--- /dev/null
+++ b/src/main/java/org/xbill/DNS/io/IoClientFactory.java
@@ -0,0 +1,30 @@
+// SPDX-License-Identifier: BSD-3-Clause
+package org.xbill.DNS.io;
+
+import org.xbill.DNS.SimpleResolver;
+
+/**
+ * Interface for creating the TCP/UDP factories necessary for the {@link SimpleResolver}.
+ *
+ * @since 3.6
+ */
+public interface IoClientFactory {
+  /**
+   * Create or return a cached/reused instance of the TCP resolver that should be used to send DNS
+   * data over the wire to the remote target. <br>
+   * It is the responsibility of this method to manage pooling or connection reuse. This method is
+   * called right before the connection is made every time the {@link SimpleResolver} is called. The
+   * implementer of this method should be aware and choose how to pool or reuse connections.
+   *
+   * @return an instance of the tcp resolver client
+   */
+  TcpIoClient createOrGetTcpClient();
+
+  /**
+   * Create or return a cached/reused instance of the UDP resolver that should be used to send DNS
+   * data over the wire to the remote target.
+   *
+   * @return an instance of the udp resolver client
+   */
+  UdpIoClient createOrGetUdpClient();
+}
diff --git a/src/main/java/org/xbill/DNS/io/TcpIoClient.java b/src/main/java/org/xbill/DNS/io/TcpIoClient.java
new file mode 100644
index 000000000..e8febbef8
--- /dev/null
+++ b/src/main/java/org/xbill/DNS/io/TcpIoClient.java
@@ -0,0 +1,35 @@
+// SPDX-License-Identifier: BSD-3-Clause
+package org.xbill.DNS.io;
+
+import java.net.InetSocketAddress;
+import java.time.Duration;
+import java.util.concurrent.CompletableFuture;
+import org.xbill.DNS.Message;
+import org.xbill.DNS.Resolver;
+
+/**
+ * Serves as an interface from a {@link Resolver} to the underlying mechanism for sending bytes over
+ * the wire as a TCP message.
+ *
+ * @since 3.6
+ */
+public interface TcpIoClient {
+  /**
+   * Sends a query to a remote server and returns the answer.
+   *
+   * @param local Address from which the connection is coming. may be {@code null} and the
+   *     implementation must decide on the local address.
+   * @param remote Address that the connection should send the data to.
+   * @param query DNS message representation of the outbound query.
+   * @param data Raw byte representation of the outbound query.
+   * @param timeout Duration before the connection will time out and be closed.
+   * @return A {@link CompletableFuture} that will be completed with the byte value of the response.
+   * @since 3.6
+   */
+  CompletableFuture<byte[]> sendAndReceiveTcp(
+      InetSocketAddress local,
+      InetSocketAddress remote,
+      Message query,
+      byte[] data,
+      Duration timeout);
+}
diff --git a/src/main/java/org/xbill/DNS/io/UdpIoClient.java b/src/main/java/org/xbill/DNS/io/UdpIoClient.java
new file mode 100644
index 000000000..394ccc4b3
--- /dev/null
+++ b/src/main/java/org/xbill/DNS/io/UdpIoClient.java
@@ -0,0 +1,37 @@
+// SPDX-License-Identifier: BSD-3-Clause
+package org.xbill.DNS.io;
+
+import java.net.InetSocketAddress;
+import java.time.Duration;
+import java.util.concurrent.CompletableFuture;
+import org.xbill.DNS.Message;
+import org.xbill.DNS.Resolver;
+
+/**
+ * Serves as an interface from a {@link Resolver} to the underlying mechanism for sending bytes over
+ * the wire as a UDP message.
+ *
+ * @since 3.6
+ */
+public interface UdpIoClient {
+  /**
+   * Sends a query to a remote server and returns the answer.
+   *
+   * @param local Address from which the connection is coming. may be {@code null} and the
+   *     implementation must decide on the local address.
+   * @param remote Address that the connection should send the data to.
+   * @param query DNS message representation of the outbound query.
+   * @param data Raw byte representation of the outbound query.
+   * @param max Size of the response buffer.
+   * @param timeout Duration before the connection will time out and be closed.
+   * @return A {@link CompletableFuture} that will be completed with the byte value of the response.
+   * @since 3.6
+   */
+  CompletableFuture<byte[]> sendAndReceiveUdp(
+      InetSocketAddress local,
+      InetSocketAddress remote,
+      Message query,
+      byte[] data,
+      int max,
+      Duration timeout);
+}
diff --git a/src/main/java/org/xbill/DNS/lookup/InvalidZoneDataException.java b/src/main/java/org/xbill/DNS/lookup/InvalidZoneDataException.java
index 3b5137323..65583be59 100644
--- a/src/main/java/org/xbill/DNS/lookup/InvalidZoneDataException.java
+++ b/src/main/java/org/xbill/DNS/lookup/InvalidZoneDataException.java
@@ -5,6 +5,8 @@
  * Sometimes DNS zone data involved in the lookup might be violating specifications. For example, a
  * DNAME expansion might result in names that are too long or a query response might hold multiple
  * CNAME records.
+ *
+ * @since 3.4
  */
 public class InvalidZoneDataException extends LookupFailedException {
   InvalidZoneDataException(String message, Throwable inner) {
diff --git a/src/main/java/org/xbill/DNS/lookup/IrrelevantRecordMode.java b/src/main/java/org/xbill/DNS/lookup/IrrelevantRecordMode.java
new file mode 100644
index 000000000..2ff812908
--- /dev/null
+++ b/src/main/java/org/xbill/DNS/lookup/IrrelevantRecordMode.java
@@ -0,0 +1,10 @@
+// SPDX-License-Identifier: BSD-3-Clause
+package org.xbill.DNS.lookup;
+
+/** Defines the handling of irrelevant records during messages normalization. */
+enum IrrelevantRecordMode {
+  /** Irrelevant records are removed from the message, but otherwise ignored. */
+  REMOVE,
+  /** Throws an error when an irrelevant record is found. */
+  THROW,
+}
diff --git a/src/main/java/org/xbill/DNS/lookup/LookupFailedException.java b/src/main/java/org/xbill/DNS/lookup/LookupFailedException.java
index d0d31bdfa..f45fb6185 100644
--- a/src/main/java/org/xbill/DNS/lookup/LookupFailedException.java
+++ b/src/main/java/org/xbill/DNS/lookup/LookupFailedException.java
@@ -1,25 +1,33 @@
 // SPDX-License-Identifier: BSD-3-Clause
 package org.xbill.DNS.lookup;
 
+import lombok.AccessLevel;
+import lombok.Getter;
 import org.xbill.DNS.Name;
+import org.xbill.DNS.Type;
 
-/** A base class for all types of things that might fail when making a DNS lookup. */
+/**
+ * A base class for all types of things that might fail when making a DNS lookup.
+ *
+ * @since 3.4
+ */
 public class LookupFailedException extends RuntimeException {
   private final Name name;
   private final int type;
 
+  @Getter(AccessLevel.PACKAGE)
+  private final boolean isAuthenticated;
+
   public LookupFailedException() {
-    this(null, null);
+    this(null, null, null, 0, false);
   }
 
   public LookupFailedException(String message) {
-    this(message, null);
+    this(message, null, null, 0, false);
   }
 
   LookupFailedException(String message, Throwable inner) {
-    super(message, inner);
-    name = null;
-    type = 0;
+    this(message, inner, null, 0, false);
   }
 
   /**
@@ -30,8 +38,27 @@ public LookupFailedException(String message) {
    * @param type the type that caused the failure.
    */
   public LookupFailedException(Name name, int type) {
+    this("Lookup for " + name + "/" + Type.string(type) + " failed", name, type);
+  }
+
+  /**
+   * Construct a LookupFailedException with a custom message that also specifies the name and type
+   * of the lookup that failed.
+   *
+   * @param name the name that caused the failure.
+   * @param type the type that caused the failure.
+   * @since 3.6
+   */
+  public LookupFailedException(String message, Name name, int type) {
+    this(message, null, name, type, false);
+  }
+
+  LookupFailedException(
+      String message, Throwable inner, Name name, int type, boolean isAuthenticated) {
+    super(message, inner);
     this.name = name;
     this.type = type;
+    this.isAuthenticated = isAuthenticated;
   }
 
   /** Gets the Name being looked up when this failure occurred. */
diff --git a/src/main/java/org/xbill/DNS/lookup/LookupResult.java b/src/main/java/org/xbill/DNS/lookup/LookupResult.java
index 956dd3550..57e6e40f8 100644
--- a/src/main/java/org/xbill/DNS/lookup/LookupResult.java
+++ b/src/main/java/org/xbill/DNS/lookup/LookupResult.java
@@ -3,12 +3,23 @@
 
 import java.util.ArrayList;
 import java.util.Collections;
+import java.util.HashMap;
 import java.util.List;
+import java.util.Map;
+import java.util.Objects;
+import lombok.AccessLevel;
 import lombok.Data;
+import lombok.Getter;
+import org.xbill.DNS.Flags;
+import org.xbill.DNS.Message;
 import org.xbill.DNS.Name;
 import org.xbill.DNS.Record;
 
-/** LookupResult instances holds the result of a successful lookup operation. */
+/**
+ * LookupResult instances holds the result of a successful lookup operation.
+ *
+ * @since 3.4
+ */
 @Data
 public final class LookupResult {
   /** An unmodifiable list of records that this instance wraps, may not be null but can be empty */
@@ -22,18 +33,77 @@ public final class LookupResult {
    */
   private final List<Name> aliases;
 
+  /** The queries and responses that made up the result. */
+  @Getter(AccessLevel.PACKAGE)
+  private final Map<Record, Message> queryResponsePairs;
+
+  /**
+   * Gets an indication if the message(s) that provided this result were authenticated, e.g. by
+   * using {@link org.xbill.DNS.dnssec.ValidatingResolver} or when the upstream resolver has set the
+   * {@link org.xbill.DNS.Flags#AD} flag.
+   *
+   * <p><b>IMPORTANT</b>: Note that in the latter case, the flag cannot be trusted unless the {@link
+   * org.xbill.DNS.Resolver} used by the {@link LookupSession} that created this result:
+   *
+   * <ul>
+   *   <li>has TSIG enabled
+   *   <li>uses an externally secured transport, e.g. with IPSec or DNS over TLS.
+   * </ul>
+   */
+  @Getter(AccessLevel.PACKAGE)
+  private final boolean isAuthenticated;
+
   /**
    * Construct an instance with the provided records and, in the case of a CNAME or DNAME
    * indirection a List of aliases.
    *
    * @param records a list of records to return.
    * @param aliases a list of aliases discovered during lookup, or null if there was no indirection.
+   * @deprecated This class is not intended for public instantiation.
    */
+  @Deprecated
   public LookupResult(List<Record> records, List<Name> aliases) {
     this.records = Collections.unmodifiableList(new ArrayList<>(records));
     this.aliases =
         aliases == null
             ? Collections.emptyList()
             : Collections.unmodifiableList(new ArrayList<>(aliases));
+    queryResponsePairs = Collections.emptyMap();
+    isAuthenticated = false;
+  }
+
+  LookupResult(boolean isAuthenticated) {
+    queryResponsePairs = Collections.emptyMap();
+    this.isAuthenticated = isAuthenticated;
+    records = Collections.emptyList();
+    aliases = Collections.emptyList();
+  }
+
+  LookupResult(Record query, boolean isAuthenticated, Record result) {
+    this.queryResponsePairs = Collections.singletonMap(query, null);
+    this.isAuthenticated = isAuthenticated;
+    this.records = Collections.singletonList(result);
+    this.aliases = Collections.emptyList();
+  }
+
+  LookupResult(
+      LookupResult previous,
+      Record query,
+      Message answer,
+      boolean isAuthenticated,
+      List<Record> records,
+      List<Name> aliases) {
+    Map<Record, Message> map = new HashMap<>(previous.queryResponsePairs.size() + 1);
+    map.putAll(previous.queryResponsePairs);
+    map.put(query, answer);
+    this.queryResponsePairs = Collections.unmodifiableMap(map);
+    this.isAuthenticated =
+        previous.isAuthenticated
+            && isAuthenticated
+            && this.queryResponsePairs.values().stream()
+                .filter(Objects::nonNull)
+                .allMatch(a -> a.getHeader().getFlag(Flags.AD));
+    this.records = Collections.unmodifiableList(new ArrayList<>(records));
+    this.aliases = Collections.unmodifiableList(new ArrayList<>(aliases));
   }
 }
diff --git a/src/main/java/org/xbill/DNS/lookup/LookupSession.java b/src/main/java/org/xbill/DNS/lookup/LookupSession.java
index e9762f757..892594789 100644
--- a/src/main/java/org/xbill/DNS/lookup/LookupSession.java
+++ b/src/main/java/org/xbill/DNS/lookup/LookupSession.java
@@ -27,6 +27,8 @@
 import org.xbill.DNS.Credibility;
 import org.xbill.DNS.DClass;
 import org.xbill.DNS.DNAMERecord;
+import org.xbill.DNS.EDNSOption;
+import org.xbill.DNS.ExtendedErrorCodeOption;
 import org.xbill.DNS.ExtendedResolver;
 import org.xbill.DNS.Lookup;
 import org.xbill.DNS.Message;
@@ -41,15 +43,19 @@
 import org.xbill.DNS.SetResponse;
 import org.xbill.DNS.SimpleResolver;
 import org.xbill.DNS.Type;
+import org.xbill.DNS.WireParseException;
 import org.xbill.DNS.hosts.HostsFileParser;
 
 /**
  * LookupSession provides facilities to make DNS Queries. A LookupSession is intended to be long
  * lived, and it's behaviour can be configured using the properties of the {@link
  * LookupSessionBuilder} instance returned by {@link #builder()}.
+ *
+ * @since 3.4
  */
 @Slf4j
 public class LookupSession {
+
   public static final int DEFAULT_MAX_ITERATIONS = 16;
   public static final int DEFAULT_NDOTS = 1;
 
@@ -61,6 +67,7 @@ public class LookupSession {
   private final Map<Integer, Cache> caches;
   private final HostsFileParser hostsFileParser;
   private final Executor executor;
+  private final IrrelevantRecordMode irrelevantRecordMode;
 
   private LookupSession(
       @NonNull Resolver resolver,
@@ -70,7 +77,8 @@ private LookupSession(
       boolean cycleResults,
       List<Cache> caches,
       HostsFileParser hostsFileParser,
-      Executor executor) {
+      Executor executor,
+      IrrelevantRecordMode irrelevantRecordMode) {
     this.resolver = resolver;
     this.maxRedirects = maxRedirects;
     this.ndots = ndots;
@@ -82,6 +90,7 @@ private LookupSession(
             : caches.stream().collect(Collectors.toMap(Cache::getDClass, e -> e));
     this.hostsFileParser = hostsFileParser;
     this.executor = executor == null ? ForkJoinPool.commonPool() : executor;
+    this.irrelevantRecordMode = irrelevantRecordMode;
   }
 
   /**
@@ -92,6 +101,7 @@ private LookupSession(
    */
   @ToString
   public static class LookupSessionBuilder {
+
     private Resolver resolver;
     private int maxRedirects;
     private int ndots;
@@ -100,6 +110,7 @@ public static class LookupSessionBuilder {
     private List<Cache> caches;
     private HostsFileParser hostsFileParser;
     private Executor executor;
+    private IrrelevantRecordMode irrelevantRecordMode = IrrelevantRecordMode.REMOVE;
 
     private LookupSessionBuilder() {}
 
@@ -206,11 +217,22 @@ public LookupSessionBuilder executor(Executor executor) {
       return this;
     }
 
+    /**
+     * Sets how irrelevant records in a {@link Message} returned from the {@link
+     * #resolver(Resolver)} is handled. The default is {@link IrrelevantRecordMode#REMOVE}.
+     *
+     * @return {@code this}.
+     */
+    LookupSessionBuilder irrelevantRecordMode(IrrelevantRecordMode irrelevantRecordMode) {
+      this.irrelevantRecordMode = irrelevantRecordMode;
+      return this;
+    }
+
     /**
      * Enable querying the local hosts database using the system defaults.
      *
-     * @see HostsFileParser
      * @return {@code this}.
+     * @see HostsFileParser
      */
     public LookupSessionBuilder defaultHostsFileParser() {
       hostsFileParser = new HostsFileParser();
@@ -221,8 +243,8 @@ public LookupSessionBuilder defaultHostsFileParser() {
      * Enable caching using the supplied cache. An existing {@link Cache} for the same class will be
      * replaced.
      *
-     * @see Cache
      * @return {@code this}.
+     * @see Cache
      */
     public LookupSessionBuilder cache(@NonNull Cache cache) {
       if (caches == null) {
@@ -242,8 +264,8 @@ public LookupSessionBuilder cache(@NonNull Cache cache) {
      * Enable caching using the supplied caches. Existing {@link Cache}s for the same class will be
      * replaced.
      *
-     * @see Cache
      * @return {@code this}.
+     * @see Cache
      */
     public LookupSessionBuilder caches(@NonNull Collection<Cache> caches) {
       caches.forEach(this::cache);
@@ -266,9 +288,9 @@ public LookupSessionBuilder clearCaches() {
      * Enable caching using the supplied cache for the given class.
      *
      * @param dclass unused
-     * @deprecated use {@link #cache(Cache)}, the {@link Cache} already provides the class.
-     * @see Cache
      * @return {@code this}.
+     * @see Cache
+     * @deprecated use {@link #cache(Cache)}, the {@link Cache} already provides the class.
      */
     @Deprecated
     public LookupSessionBuilder cache(@NonNull Integer dclass, @NonNull Cache cache) {
@@ -280,10 +302,10 @@ public LookupSessionBuilder cache(@NonNull Integer dclass, @NonNull Cache cache)
      * Enable caching using the supplied caches.
      *
      * @param caches unused
+     * @return {@code this}.
+     * @see Cache
      * @deprecated use {@link #cache(Cache)} or {@link #caches(Collection)}, the {@link Cache}
      *     already provides the class.
-     * @see Cache
-     * @return {@code this}.
      */
     @Deprecated
     public LookupSessionBuilder caches(@NonNull Map<Integer, Cache> caches) {
@@ -318,7 +340,8 @@ public LookupSession build() {
           cycleResults,
           caches,
           hostsFileParser,
-          executor);
+          executor,
+          irrelevantRecordMode);
     }
   }
 
@@ -356,6 +379,22 @@ public static LookupSessionBuilder defaultBuilder() {
         .defaultHostsFileParser();
   }
 
+  // Visible for testing only
+  Cache getCache(int dclass) {
+    return caches.get(dclass);
+  }
+
+  /**
+   * Make an asynchronous lookup with the provided {@link Record}.
+   *
+   * @param question the name, type and DClass to look up.
+   * @return A {@link CompletionStage} what will yield the eventual lookup result.
+   * @since 3.6
+   */
+  public CompletionStage<LookupResult> lookupAsync(Record question) {
+    return lookupAsync(question.getName(), question.getType(), question.getDClass());
+  }
+
   /**
    * Make an asynchronous lookup of the provided name using the default {@link DClass#IN}.
    *
@@ -430,7 +469,8 @@ private LookupResult lookupWithHosts(List<Name> names, int type) {
             } else {
               r = new AAAARecord(name, DClass.IN, 0, result.get());
             }
-            return new LookupResult(Collections.singletonList(r), Collections.emptyList());
+
+            return new LookupResult(Record.newRecord(name, type, DClass.IN), true, r);
           }
         }
       } catch (IOException e) {
@@ -454,10 +494,10 @@ private CompletionStage<LookupResult> lookupUntilSuccess(
                 if (names.hasNext()) {
                   return lookupUntilSuccess(names, type, dclass);
                 } else {
-                  return completeExceptionally(cause);
+                  return this.<Throwable, LookupResult>completeExceptionally(cause);
                 }
               } else if (cause != null) {
-                return completeExceptionally(cause);
+                return this.<Throwable, LookupResult>completeExceptionally(cause);
               } else {
                 return CompletableFuture.completedFuture(result);
               }
@@ -467,14 +507,54 @@ private CompletionStage<LookupResult> lookupUntilSuccess(
 
   private CompletionStage<LookupResult> lookupWithCache(Record queryRecord, List<Name> aliases) {
     return Optional.ofNullable(caches.get(queryRecord.getDClass()))
-        .map(c -> c.lookupRecords(queryRecord.getName(), queryRecord.getType(), Credibility.NORMAL))
+        .map(
+            c -> {
+              log.debug(
+                  "Looking for <{}/{}/{}> in cache",
+                  queryRecord.getName(),
+                  Type.string(queryRecord.getType()),
+                  DClass.string(queryRecord.getDClass()));
+              return c.lookupRecords(
+                  queryRecord.getName(), queryRecord.getType(), Credibility.NORMAL);
+            })
         .map(setResponse -> setResponseToMessageFuture(setResponse, queryRecord, aliases))
         .orElseGet(() -> lookupWithResolver(queryRecord, aliases));
   }
 
   private CompletionStage<LookupResult> lookupWithResolver(Record queryRecord, List<Name> aliases) {
+    Message query = Message.newQuery(queryRecord);
+    log.debug(
+        "Asking {} for <{}/{}/{}>",
+        resolver,
+        queryRecord.getName(),
+        Type.string(queryRecord.getType()),
+        DClass.string(queryRecord.getDClass()));
     return resolver
-        .sendAsync(Message.newQuery(queryRecord), executor)
+        .sendAsync(query, executor)
+        .thenCompose(
+            m -> {
+              try {
+                Message normalized =
+                    m.normalize(query, irrelevantRecordMode == IrrelevantRecordMode.THROW);
+
+                log.trace(
+                    "Normalized response for <{}/{}/{}> from \n{}\ninto\n{}",
+                    queryRecord.getName(),
+                    Type.string(queryRecord.getType()),
+                    DClass.string(queryRecord.getDClass()),
+                    m,
+                    normalized);
+                if (normalized == null) {
+                  return completeExceptionally(
+                      new InvalidZoneDataException("Failed to normalize message"));
+                }
+                return CompletableFuture.completedFuture(normalized);
+              } catch (WireParseException e) {
+                return completeExceptionally(
+                    new LookupFailedException(
+                        "Message normalization failed, refusing to return it", e));
+              }
+            })
         .thenApply(this::maybeAddToCache)
         .thenApply(answer -> buildResult(answer, aliases, queryRecord));
   }
@@ -482,7 +562,7 @@ private CompletionStage<LookupResult> lookupWithResolver(Record queryRecord, Lis
   private Message maybeAddToCache(Message message) {
     for (RRset set : message.getSectionRRsets(Section.ANSWER)) {
       if ((set.getType() == Type.CNAME || set.getType() == Type.DNAME) && set.size() != 1) {
-        throw new InvalidZoneDataException("Multiple CNAME RRs not allowed, see RFC1034 3.6.2");
+        throw new InvalidZoneDataException("Multiple CNAME RRs not allowed, see RFC 1034 3.6.2");
       }
     }
     Optional.ofNullable(caches.get(message.getQuestion().getDClass()))
@@ -490,34 +570,44 @@ private Message maybeAddToCache(Message message) {
     return message;
   }
 
+  @SuppressWarnings("deprecation")
   private CompletionStage<LookupResult> setResponseToMessageFuture(
       SetResponse setResponse, Record queryRecord, List<Name> aliases) {
     if (setResponse.isNXDOMAIN()) {
       return completeExceptionally(
           new NoSuchDomainException(queryRecord.getName(), queryRecord.getType()));
     }
+
     if (setResponse.isNXRRSET()) {
       return completeExceptionally(
           new NoSuchRRSetException(queryRecord.getName(), queryRecord.getType()));
     }
-    if (setResponse.isSuccessful()) {
+
+    if (setResponse.isCNAME()) {
+      return CompletableFuture.completedFuture(
+          new LookupResult(Collections.singletonList(setResponse.getCNAME()), aliases));
+    } else if (setResponse.isDNAME()) {
+      return CompletableFuture.completedFuture(
+          new LookupResult(Collections.singletonList(setResponse.getDNAME()), aliases));
+    } else if (setResponse.isSuccessful()) {
       List<Record> records =
           setResponse.answers().stream()
               .flatMap(rrset -> rrset.rrs(cycleResults).stream())
               .collect(Collectors.toList());
       return CompletableFuture.completedFuture(new LookupResult(records, aliases));
     }
+
     return null;
   }
 
-  private <T extends Throwable> CompletionStage<LookupResult> completeExceptionally(T failure) {
-    CompletableFuture<LookupResult> future = new CompletableFuture<>();
+  private <T extends Throwable, R> CompletionStage<R> completeExceptionally(T failure) {
+    CompletableFuture<R> future = new CompletableFuture<>();
     future.completeExceptionally(failure);
     return future;
   }
 
   private CompletionStage<LookupResult> resolveRedirects(LookupResult response, Record query) {
-    return maybeFollowRedirect(response, query, 1);
+    return maybeFollowRedirect(response, query, 0);
   }
 
   private CompletionStage<LookupResult> maybeFollowRedirect(
@@ -528,6 +618,7 @@ private CompletionStage<LookupResult> maybeFollowRedirect(
 
     List<Record> records = response.getRecords();
     if (!records.isEmpty()
+        && query.getType() != records.get(0).getType()
         && (records.get(0).getType() == Type.CNAME || records.get(0).getType() == Type.DNAME)) {
       return maybeFollowRedirectsInAnswer(response, query, redirectCount);
     } else {
@@ -535,13 +626,20 @@ private CompletionStage<LookupResult> maybeFollowRedirect(
     }
   }
 
+  @SuppressWarnings("deprecation")
   private CompletionStage<LookupResult> maybeFollowRedirectsInAnswer(
       LookupResult response, Record query, int redirectCount) {
     List<Name> aliases = new ArrayList<>(response.getAliases());
     List<Record> results = new ArrayList<>();
     Name current = query.getName();
     for (Record r : response.getRecords()) {
-      if (redirectCount > maxRedirects) {
+      // Abort with a dedicated exception for loops instead of simply trying until reaching the max
+      // redirects
+      if (aliases.contains(current)) {
+        return completeExceptionally(new RedirectLoopException(maxRedirects));
+      }
+
+      if (redirectCount >= maxRedirects) {
         throw new RedirectOverflowException(maxRedirects);
       }
 
@@ -571,11 +669,17 @@ private CompletionStage<LookupResult> maybeFollowRedirectsInAnswer(
       return CompletableFuture.completedFuture(new LookupResult(results, aliases));
     }
 
-    if (redirectCount > maxRedirects) {
+    // Abort with a dedicated exception for loops instead of simply trying until reaching the max
+    // redirects
+    if (aliases.contains(current)) {
+      return completeExceptionally(new RedirectLoopException(maxRedirects));
+    }
+
+    if (redirectCount >= maxRedirects) {
       throw new RedirectOverflowException(maxRedirects);
     }
 
-    int finalRedirectCount = redirectCount + 1;
+    int finalRedirectCount = redirectCount;
     Record redirectQuery = Record.newRecord(current, query.getType(), query.getDClass());
     return lookupWithCache(redirectQuery, aliases)
         .thenCompose(
@@ -583,7 +687,10 @@ private CompletionStage<LookupResult> maybeFollowRedirectsInAnswer(
                 maybeFollowRedirect(responseFromCache, redirectQuery, finalRedirectCount));
   }
 
-  /** Returns a LookupResult if this response was a non-exceptional empty result, else null. */
+  /**
+   * Returns a LookupResult if this response was a non-exceptional empty result, throws otherwise.
+   */
+  @SuppressWarnings("deprecation")
   private static LookupResult buildResult(Message answer, List<Name> aliases, Record query) {
     int rcode = answer.getRcode();
     List<Record> answerRecords = answer.getSection(Section.ANSWER);
@@ -594,7 +701,16 @@ private static LookupResult buildResult(Message answer, List<Name> aliases, Reco
         case Rcode.NXRRSET:
           throw new NoSuchRRSetException(query.getName(), query.getType());
         case Rcode.SERVFAIL:
-          throw new ServerFailedException();
+          if (answer.getOPT() != null) {
+            List<EDNSOption> options =
+                answer.getOPT().getOptions(EDNSOption.Code.EDNS_EXTENDED_ERROR);
+            if (!options.isEmpty()) {
+              throw new ServerFailedException(
+                  query.getName(), query.getType(), (ExtendedErrorCodeOption) options.get(0));
+            }
+          }
+
+          throw new ServerFailedException(query.getName(), query.getType());
         default:
           throw new LookupFailedException(
               String.format("Unknown non-success error code %s", Rcode.string(rcode)));
diff --git a/src/main/java/org/xbill/DNS/lookup/NoSuchDomainException.java b/src/main/java/org/xbill/DNS/lookup/NoSuchDomainException.java
index 38b8f6da4..48f2f4199 100644
--- a/src/main/java/org/xbill/DNS/lookup/NoSuchDomainException.java
+++ b/src/main/java/org/xbill/DNS/lookup/NoSuchDomainException.java
@@ -4,11 +4,17 @@
 import org.xbill.DNS.Name;
 
 /**
- * Thrown to indicate that no data is associated with the given name, as indicated by the NXDOMAIN
- * response code as specified in RF2136 Section 2.2.
+ * Thrown to indicate that no data is associated with the given name, as indicated by the {@link
+ * org.xbill.DNS.Rcode#NXDOMAIN} response code as specified in RF2136 Section 2.2.
+ *
+ * @since 3.4
  */
 public class NoSuchDomainException extends LookupFailedException {
   public NoSuchDomainException(Name name, int type) {
-    super(name, type);
+    this(name, type, false);
+  }
+
+  NoSuchDomainException(Name name, int type, boolean isAuthenticated) {
+    super(null, null, name, type, isAuthenticated);
   }
 }
diff --git a/src/main/java/org/xbill/DNS/lookup/NoSuchRRSetException.java b/src/main/java/org/xbill/DNS/lookup/NoSuchRRSetException.java
index 2002d886d..bc6d0f4df 100644
--- a/src/main/java/org/xbill/DNS/lookup/NoSuchRRSetException.java
+++ b/src/main/java/org/xbill/DNS/lookup/NoSuchRRSetException.java
@@ -5,10 +5,17 @@
 
 /**
  * Thrown to indicate that records of the name and type queried does not exist, corresponding to the
- * NXRRSET return code as specified in RFC2136 Section 2.2.
+ * {@link org.xbill.DNS.Rcode#NXRRSET} return code as specified in RFC 2136, Section 2.2.
+ *
+ * @since 3.4
+ * @see <a href="https://datatracker.ietf.org/doc/html/rfc2136#section-2">RFC 2136</a>
  */
 public class NoSuchRRSetException extends LookupFailedException {
   public NoSuchRRSetException(Name name, int type) {
-    super(name, type);
+    this(name, type, false);
+  }
+
+  NoSuchRRSetException(Name name, int type, boolean isAuthenticated) {
+    super(null, null, name, type, isAuthenticated);
   }
 }
diff --git a/src/main/java/org/xbill/DNS/lookup/RedirectLoopException.java b/src/main/java/org/xbill/DNS/lookup/RedirectLoopException.java
new file mode 100644
index 000000000..c32bba6ba
--- /dev/null
+++ b/src/main/java/org/xbill/DNS/lookup/RedirectLoopException.java
@@ -0,0 +1,13 @@
+// SPDX-License-Identifier: BSD-3-Clause
+package org.xbill.DNS.lookup;
+
+/**
+ * Thrown if the lookup results in a loop of CNAME and/or DNAME indirections.
+ *
+ * @since 3.6
+ */
+public class RedirectLoopException extends RedirectOverflowException {
+  public RedirectLoopException(int maxRedirects) {
+    super("Detected a redirect loop", maxRedirects);
+  }
+}
diff --git a/src/main/java/org/xbill/DNS/lookup/RedirectOverflowException.java b/src/main/java/org/xbill/DNS/lookup/RedirectOverflowException.java
index 47e287164..2276aa96d 100644
--- a/src/main/java/org/xbill/DNS/lookup/RedirectOverflowException.java
+++ b/src/main/java/org/xbill/DNS/lookup/RedirectOverflowException.java
@@ -6,19 +6,35 @@
 /**
  * Thrown if the lookup results in too many CNAME and/or DNAME indirections. This would be the case
  * for example if two CNAME records point to each other.
+ *
+ * @since 3.4
  */
 public class RedirectOverflowException extends LookupFailedException {
   @Getter private final int maxRedirects;
 
-  /** @deprecated Use {@link RedirectOverflowException#RedirectOverflowException(int)}. */
+  /**
+   * Do not use.
+   *
+   * @deprecated Use {@link RedirectOverflowException#RedirectOverflowException(int)}.
+   */
   @Deprecated
   public RedirectOverflowException(String message) {
     super(message);
     maxRedirects = 0;
   }
 
+  /**
+   * @param maxRedirects Informational, indicates the after how many redirects following was
+   *     aborted.
+   * @since 3.4.2
+   */
   public RedirectOverflowException(int maxRedirects) {
     super("Refusing to follow more than " + maxRedirects + " redirects");
     this.maxRedirects = maxRedirects;
   }
+
+  RedirectOverflowException(String message, int maxRedirects) {
+    super(message);
+    this.maxRedirects = maxRedirects;
+  }
 }
diff --git a/src/main/java/org/xbill/DNS/lookup/ServerFailedException.java b/src/main/java/org/xbill/DNS/lookup/ServerFailedException.java
index 1555960ee..1ba098f71 100644
--- a/src/main/java/org/xbill/DNS/lookup/ServerFailedException.java
+++ b/src/main/java/org/xbill/DNS/lookup/ServerFailedException.java
@@ -1,8 +1,56 @@
 // SPDX-License-Identifier: BSD-3-Clause
 package org.xbill.DNS.lookup;
 
+import lombok.Getter;
+import org.xbill.DNS.ExtendedErrorCodeOption;
+import org.xbill.DNS.Name;
+import org.xbill.DNS.Type;
+
 /**
- * Represents a server failure, that the upstream server responding to the request returned a
- * SERVFAIL status.
+ * Represents a server failure. The upstream server responding to the request returned a {@link
+ * org.xbill.DNS.Rcode#SERVFAIL} status.
+ *
+ * @since 3.4
  */
-public class ServerFailedException extends LookupFailedException {}
+public class ServerFailedException extends LookupFailedException {
+  /**
+   * An extended error code explaining why the server failed to return a result. May be {@code
+   * null}.
+   *
+   * @since 3.6
+   */
+  @Getter private final ExtendedErrorCodeOption extendedRcode;
+
+  public ServerFailedException() {
+    extendedRcode = null;
+  }
+
+  /**
+   * Creates a new instance of this class.
+   *
+   * @param name The name in the query that caused the failure.
+   * @param type The type in the query that caused the failure.
+   * @since 3.6
+   */
+  public ServerFailedException(Name name, int type) {
+    super(name, type);
+    extendedRcode = null;
+  }
+
+  /**
+   * Creates a new instance of this class.
+   *
+   * @param name The name in the query that caused the failure.
+   * @param type The type in the query that caused the failure.
+   * @param extendedRcode An extended error code explaining why the server failed to return a
+   *     result.
+   * @since 3.6
+   */
+  public ServerFailedException(Name name, int type, ExtendedErrorCodeOption extendedRcode) {
+    super(
+        "Lookup for " + name + "/" + Type.string(type) + " failed with " + extendedRcode.getText(),
+        name,
+        type);
+    this.extendedRcode = extendedRcode;
+  }
+}
diff --git a/src/main/java/org/xbill/DNS/spi/DNSJavaNameService.java b/src/main/java/org/xbill/DNS/spi/DNSJavaNameService.java
index 99146f97e..dcc119850 100644
--- a/src/main/java/org/xbill/DNS/spi/DNSJavaNameService.java
+++ b/src/main/java/org/xbill/DNS/spi/DNSJavaNameService.java
@@ -27,20 +27,19 @@
  *
  * <p>This Name Service Provider uses dnsjava.
  *
- * <p>To use this provider, you must set the following system property:
- * <b>sun.net.spi.nameservice.provider.1=dns,dnsjava</b>
+ * <p>To use this provider, you must set the following system property: {@code
+ * sun.net.spi.nameservice.provider.1=dns,dnsjava}
  *
  * @author Brian Wellington
  * @author Paul Cowan (pwc21@yahoo.com)
  */
 @Slf4j
 public class DNSJavaNameService implements NameService {
+  private static final String NAMESERVERS_PROPERTY = "sun.net.spi.nameservice.nameservers";
+  private static final String DOMAIN_PROPERTY = "sun.net.spi.nameservice.domain";
+  private static final String PREFER_V6_PROPERTY = "java.net.preferIPv6Addresses";
 
-  private static final String nsProperty = "sun.net.spi.nameservice.nameservers";
-  private static final String domainProperty = "sun.net.spi.nameservice.domain";
-  private static final String v6Property = "java.net.preferIPv6Addresses";
-
-  private boolean preferV6 = false;
+  private final boolean preferV6;
 
   private Name localhostName = null;
   private InetAddress[] localhostNamedAddresses = null;
@@ -53,10 +52,11 @@ public class DNSJavaNameService implements NameService {
    * <p>Uses the <b>sun.net.spi.nameservice.nameservers</b>, <b>sun.net.spi.nameservice.domain</b>,
    * and <b>java.net.preferIPv6Addresses</b> properties for configuration.
    */
+  @SuppressWarnings("java:S3011")
   protected DNSJavaNameService() {
-    String nameServers = System.getProperty(nsProperty);
-    String domain = System.getProperty(domainProperty);
-    String v6 = System.getProperty(v6Property);
+    preferV6 = Boolean.getBoolean(PREFER_V6_PROPERTY);
+    String nameServers = System.getProperty(NAMESERVERS_PROPERTY);
+    String domain = System.getProperty(DOMAIN_PROPERTY);
 
     if (nameServers != null) {
       StringTokenizer st = new StringTokenizer(nameServers, ",");
@@ -69,22 +69,18 @@ protected DNSJavaNameService() {
         Resolver res = new ExtendedResolver(servers);
         Lookup.setDefaultResolver(res);
       } catch (UnknownHostException e) {
-        log.error("DNSJavaNameService: invalid {}", nsProperty);
+        log.error("DNSJavaNameService: invalid {}", NAMESERVERS_PROPERTY);
       }
     }
 
     if (domain != null) {
       try {
-        Lookup.setDefaultSearchPath(new String[] {domain});
+        Lookup.setDefaultSearchPath(domain);
       } catch (TextParseException e) {
-        log.error("DNSJavaNameService: invalid {}", domainProperty);
+        log.error("DNSJavaNameService: invalid {}", DOMAIN_PROPERTY);
       }
     }
 
-    if (v6 != null && v6.equalsIgnoreCase("true")) {
-      preferV6 = true;
-    }
-
     try {
       // retrieve the name from the system that is used as localhost
       Class<?> inetAddressImplFactoryClass = Class.forName("java.net.InetAddressImplFactory");
@@ -117,6 +113,7 @@ protected DNSJavaNameService() {
    * @param host The host name to resolve.
    * @return All the ip addresses found for the host name.
    */
+  @Override
   public InetAddress[] lookupAllHostAddr(String host) throws UnknownHostException {
     Name name;
     try {
@@ -168,6 +165,7 @@ public InetAddress[] lookupAllHostAddr(String host) throws UnknownHostException
    * @param addr The ip address to lookup.
    * @return The host name found for the ip address.
    */
+  @Override
   public String getHostByAddr(byte[] addr) throws UnknownHostException {
     Name name = ReverseMap.fromAddress(InetAddress.getByAddress(addr));
     Record[] records = new Lookup(name, Type.PTR).run();
diff --git a/src/main/java/org/xbill/DNS/tools/dig.java b/src/main/java/org/xbill/DNS/tools/dig.java
index 818b05cd8..e080f2faa 100644
--- a/src/main/java/org/xbill/DNS/tools/dig.java
+++ b/src/main/java/org/xbill/DNS/tools/dig.java
@@ -17,10 +17,16 @@
 import org.xbill.DNS.ZoneTransferException;
 import org.xbill.DNS.ZoneTransferIn;
 
-/** @author Brian Wellington &lt;bwelling@xbill.org&gt; */
+/**
+ * A dnsjava-based copy of the {@code dig} CLI tool.
+ *
+ * @author Brian Wellington &lt;bwelling@xbill.org&gt;
+ */
 public class dig {
+
   static Name name = null;
-  static int type = Type.A, dclass = DClass.IN;
+  static int type = Type.A;
+  static int dclass = DClass.IN;
 
   static void usage() {
     System.out.println("; dnsjava dig");
@@ -35,20 +41,17 @@ static void doQuery(Message response, long ms) {
   }
 
   public static void main(String[] argv) throws IOException {
-    String server = null;
     int arg;
-    Message query, response;
-    Record rec;
-    SimpleResolver res = null;
-    boolean printQuery = false;
-    long startTime, endTime;
 
     if (argv.length < 1) {
       usage();
     }
 
+    SimpleResolver res = null;
+    boolean printQuery = false;
     try {
       arg = 0;
+      String server = null;
       if (argv[arg].startsWith("@")) {
         server = argv[arg++].substring(1);
       }
@@ -185,8 +188,8 @@ public static void main(String[] argv) throws IOException {
       res = new SimpleResolver();
     }
 
-    rec = Record.newRecord(name, type, dclass);
-    query = Message.newQuery(rec);
+    Record rec = Record.newRecord(name, type, dclass);
+    Message query = Message.newQuery(rec);
     if (printQuery) {
       System.out.println(query);
     }
@@ -219,9 +222,9 @@ public void handleRecord(Record r) {
         throw new WireParseException(e.getMessage());
       }
     } else {
-      startTime = System.currentTimeMillis();
-      response = res.send(query);
-      endTime = System.currentTimeMillis();
+      long startTime = System.currentTimeMillis();
+      Message response = res.send(query);
+      long endTime = System.currentTimeMillis();
       doQuery(response, endTime - startTime);
     }
   }
diff --git a/src/main/java/org/xbill/DNS/tools/jnamed.java b/src/main/java/org/xbill/DNS/tools/jnamed.java
index e71dcadf1..b111ce355 100644
--- a/src/main/java/org/xbill/DNS/tools/jnamed.java
+++ b/src/main/java/org/xbill/DNS/tools/jnamed.java
@@ -46,7 +46,11 @@
 import org.xbill.DNS.Zone;
 import org.xbill.DNS.ZoneTransferException;
 
-/** @author Brian Wellington &lt;bwelling@xbill.org&gt; */
+/**
+ * A very basic implementation of a DNS server.
+ *
+ * @author Brian Wellington &lt;bwelling@xbill.org&gt;
+ */
 public class jnamed {
 
   static final int FLAG_DNSSECOK = 1;
@@ -54,7 +58,7 @@ public class jnamed {
 
   Map<Integer, Cache> caches;
   Map<Name, Zone> znames;
-  Map<Name, TSIG> TSIGs;
+  Map<Name, TSIG> tsigs;
 
   private static String addrport(InetAddress addr, int port) {
     return addr.getHostAddress() + "#" + port;
@@ -64,8 +68,8 @@ public jnamed(String conffile) throws IOException, ZoneTransferException {
     FileInputStream fs;
     InputStreamReader isr;
     BufferedReader br;
-    List<Integer> ports = new ArrayList<Integer>();
-    List<InetAddress> addresses = new ArrayList<InetAddress>();
+    List<Integer> ports = new ArrayList<>();
+    List<InetAddress> addresses = new ArrayList<>();
     try {
       fs = new FileInputStream(conffile);
       isr = new InputStreamReader(fs);
@@ -76,9 +80,9 @@ public jnamed(String conffile) throws IOException, ZoneTransferException {
     }
 
     try {
-      caches = new HashMap<Integer, Cache>();
+      caches = new HashMap<>();
       znames = new HashMap<>();
-      TSIGs = new HashMap<Name, TSIG>();
+      tsigs = new HashMap<>();
 
       String line;
       while ((line = br.readLine()) != null) {
@@ -127,21 +131,20 @@ public jnamed(String conffile) throws IOException, ZoneTransferException {
         }
       }
 
-      if (ports.size() == 0) {
+      if (ports.isEmpty()) {
         ports.add(53);
       }
 
-      if (addresses.size() == 0) {
+      if (addresses.isEmpty()) {
         addresses.add(Address.getByAddress("0.0.0.0"));
       }
 
-      for (Object address : addresses) {
-        InetAddress addr = (InetAddress) address;
-        for (Object o : ports) {
-          int port = (Integer) o;
-          addUDP(addr, port);
-          addTCP(addr, port);
-          System.out.println("jnamed: listening on " + addrport(addr, port));
+      for (InetAddress address : addresses) {
+        for (Integer o : ports) {
+          int port = o;
+          addUDP(address, port);
+          addTCP(address, port);
+          System.out.println("jnamed: listening on " + addrport(address, port));
         }
       }
       System.out.println("jnamed: running");
@@ -168,16 +171,11 @@ public void addSecondaryZone(String zone, String remote)
 
   public void addTSIG(String algstr, String namestr, String key) throws IOException {
     Name name = Name.fromString(namestr, Name.root);
-    TSIGs.put(name, new TSIG(algstr, namestr, key));
+    tsigs.put(name, new TSIG(algstr, namestr, key));
   }
 
   public Cache getCache(int dclass) {
-    Cache c = caches.get(dclass);
-    if (c == null) {
-      c = new Cache(dclass);
-      caches.put(dclass, c);
-    }
-    return c;
+    return caches.computeIfAbsent(dclass, Cache::new);
   }
 
   public Zone findBestZone(Name name) {
@@ -197,7 +195,7 @@ public Zone findBestZone(Name name) {
     return null;
   }
 
-  public <T extends Record> RRset findExactMatch(Name name, int type, int dclass, boolean glue) {
+  public RRset findExactMatch(Name name, int type, int dclass, boolean glue) {
     Zone zone = findBestZone(name);
     if (zone != null) {
       return zone.findExactMatch(name, type);
@@ -217,8 +215,7 @@ public <T extends Record> RRset findExactMatch(Name name, int type, int dclass,
     }
   }
 
-  <T extends Record> void addRRset(
-      Name name, Message response, RRset rrset, int section, int flags) {
+  void addRRset(Name name, Message response, RRset rrset, int section, int flags) {
     for (int s = 1; s <= section; s++) {
       if (response.findRRset(name, rrset.getType(), s)) {
         return;
@@ -403,6 +400,7 @@ byte[] doAXFR(Name name, Message query, TSIG tsig, TSIGRecord qtsig, Socket s) {
     try {
       s.close();
     } catch (IOException ex) {
+      // ignore
     }
     return null;
   }
@@ -414,7 +412,6 @@ byte[] doAXFR(Name name, Message query, TSIG tsig, TSIGRecord qtsig, Socket s) {
    */
   byte[] generateReply(Message query, byte[] in, Socket s) {
     Header header;
-    boolean badversion;
     int maxLength;
     int flags = 0;
 
@@ -434,7 +431,7 @@ byte[] generateReply(Message query, byte[] in, Socket s) {
     TSIGRecord queryTSIG = query.getTSIG();
     TSIG tsig = null;
     if (queryTSIG != null) {
-      tsig = TSIGs.get(queryTSIG.getName());
+      tsig = tsigs.get(queryTSIG.getName());
       if (tsig == null || tsig.verify(query, in, null) != Rcode.NOERROR) {
         return formerrMessage(in);
       }
@@ -515,13 +512,12 @@ public byte[] errorMessage(Message query, int rcode) {
   }
 
   public void TCPclient(Socket s) {
-    try {
+    try (InputStream is = s.getInputStream()) {
       int inLength;
       DataInputStream dataIn;
       DataOutputStream dataOut;
       byte[] in;
 
-      InputStream is = s.getInputStream();
       dataIn = new DataInputStream(is);
       inLength = dataIn.readUnsignedShort();
       in = new byte[inLength];
@@ -544,11 +540,6 @@ public void TCPclient(Socket s) {
     } catch (IOException e) {
       System.out.println(
           "TCPclient(" + addrport(s.getLocalAddress(), s.getLocalPort()) + "): " + e);
-    } finally {
-      try {
-        s.close();
-      } catch (IOException e) {
-      }
     }
   }
 
diff --git a/src/main/java/org/xbill/DNS/tools/lookup.java b/src/main/java/org/xbill/DNS/tools/lookup.java
index bfe28c0d3..f5f8e5161 100644
--- a/src/main/java/org/xbill/DNS/tools/lookup.java
+++ b/src/main/java/org/xbill/DNS/tools/lookup.java
@@ -7,7 +7,12 @@
 import org.xbill.DNS.Record;
 import org.xbill.DNS.Type;
 
-/** @author Brian Wellington &lt;bwelling@xbill.org&gt; */
+/**
+ * A very basic implementation to perform an {@link Type#A} record lookup.
+ *
+ * @author Brian Wellington &lt;bwelling@xbill.org&gt;
+ * @see dig
+ */
 public class lookup {
 
   public static void printAnswer(String name, Lookup lookup) {
diff --git a/src/main/java/org/xbill/DNS/tools/update.java b/src/main/java/org/xbill/DNS/tools/update.java
index 7e967d478..694612427 100644
--- a/src/main/java/org/xbill/DNS/tools/update.java
+++ b/src/main/java/org/xbill/DNS/tools/update.java
@@ -31,10 +31,15 @@
 import org.xbill.DNS.Tokenizer;
 import org.xbill.DNS.Type;
 
-/** @author Brian Wellington &lt;bwelling@xbill.org&gt; */
+/**
+ * A basic implementation to manipulate DNS zones.
+ *
+ * @author Brian Wellington &lt;bwelling@xbill.org&gt;
+ */
 public class update {
 
-  Message query, response;
+  Message query;
+  Message response;
   Resolver res;
   String server = null;
   Name zone = Name.root;
@@ -94,7 +99,7 @@ public update(InputStream in) {
           log.println("> " + line);
         }
 
-        if (line.length() == 0 || line.charAt(0) == '#') {
+        if (line.isEmpty() || line.charAt(0) == '#') {
           continue;
         }
 
@@ -109,7 +114,7 @@ public update(InputStream in) {
           if (token.isEOL()) {
             continue;
           }
-          String operation = token.value;
+          String operation = token.value();
 
           switch (operation) {
             case "server":
@@ -117,7 +122,7 @@ public update(InputStream in) {
               res = new SimpleResolver(server);
               token = st.get();
               if (token.isString()) {
-                String portstr = token.value;
+                String portstr = token.value();
                 res.setPort(Short.parseShort(portstr));
               }
               break;
@@ -182,7 +187,7 @@ public update(InputStream in) {
             case "?":
               token = st.get();
               if (token.isString()) {
-                help(token.value);
+                help(token.value());
               } else {
                 help(null);
               }
@@ -236,7 +241,7 @@ public update(InputStream in) {
             case "date":
               Instant now = Instant.now();
               token = st.get();
-              if (token.isString() && token.value.equals("-ms")) {
+              if (token.isString() && token.value().equals("-ms")) {
                 print(Long.toString(now.toEpochMilli()));
               } else {
                 print(now);
@@ -323,68 +328,68 @@ Record parseRR(Tokenizer st, int classValue, long TTLValue) throws IOException {
   void doRequire(Tokenizer st) throws IOException {
     Tokenizer.Token token;
     Name name;
-    Record record;
+    Record r;
     int type;
 
     name = st.getName(zone);
     token = st.get();
     if (token.isString()) {
-      if ((type = Type.value(token.value)) < 0) {
-        throw new IOException("Invalid type: " + token.value);
+      if ((type = Type.value(token.value())) < 0) {
+        throw new IOException("Invalid type: " + token.value());
       }
       token = st.get();
       boolean iseol = token.isEOL();
       st.unget();
       if (!iseol) {
-        record = Record.fromString(name, type, defaultClass, 0, st, zone);
+        r = Record.fromString(name, type, defaultClass, 0, st, zone);
       } else {
-        record = Record.newRecord(name, type, DClass.ANY, 0);
+        r = Record.newRecord(name, type, DClass.ANY, 0);
       }
     } else {
-      record = Record.newRecord(name, Type.ANY, DClass.ANY, 0);
+      r = Record.newRecord(name, Type.ANY, DClass.ANY, 0);
     }
 
-    query.addRecord(record, Section.PREREQ);
-    print(record);
+    query.addRecord(r, Section.PREREQ);
+    print(r);
   }
 
   void doProhibit(Tokenizer st) throws IOException {
     Tokenizer.Token token;
     Name name;
-    Record record;
+    Record r;
     int type;
 
     name = st.getName(zone);
     token = st.get();
     if (token.isString()) {
-      if ((type = Type.value(token.value)) < 0) {
-        throw new IOException("Invalid type: " + token.value);
+      if ((type = Type.value(token.value())) < 0) {
+        throw new IOException("Invalid type: " + token.value());
       }
     } else {
       type = Type.ANY;
     }
-    record = Record.newRecord(name, type, DClass.NONE, 0);
-    query.addRecord(record, Section.PREREQ);
-    print(record);
+    r = Record.newRecord(name, type, DClass.NONE, 0);
+    query.addRecord(r, Section.PREREQ);
+    print(r);
   }
 
   void doAdd(Tokenizer st) throws IOException {
-    Record record = parseRR(st, defaultClass, defaultTTL);
-    query.addRecord(record, Section.UPDATE);
-    print(record);
+    Record r = parseRR(st, defaultClass, defaultTTL);
+    query.addRecord(r, Section.UPDATE);
+    print(r);
   }
 
   void doDelete(Tokenizer st) throws IOException {
     Tokenizer.Token token;
     String s;
     Name name;
-    Record record;
+    Record r;
     int type;
 
     name = st.getName(zone);
     token = st.get();
     if (token.isString()) {
-      s = token.value;
+      s = token.value();
       if (DClass.value(s) >= 0) {
         s = st.getString();
       }
@@ -395,22 +400,22 @@ void doDelete(Tokenizer st) throws IOException {
       boolean iseol = token.isEOL();
       st.unget();
       if (!iseol) {
-        record = Record.fromString(name, type, DClass.NONE, 0, st, zone);
+        r = Record.fromString(name, type, DClass.NONE, 0, st, zone);
       } else {
-        record = Record.newRecord(name, type, DClass.ANY, 0);
+        r = Record.newRecord(name, type, DClass.ANY, 0);
       }
     } else {
-      record = Record.newRecord(name, Type.ANY, DClass.ANY, 0);
+      r = Record.newRecord(name, Type.ANY, DClass.ANY, 0);
     }
 
-    query.addRecord(record, Section.UPDATE);
-    print(record);
+    query.addRecord(r, Section.UPDATE);
+    print(r);
   }
 
   void doGlue(Tokenizer st) throws IOException {
-    Record record = parseRR(st, defaultClass, defaultTTL);
-    query.addRecord(record, Section.ADDITIONAL);
-    print(record);
+    Record r = parseRR(st, defaultClass, defaultTTL);
+    query.addRecord(r, Section.ADDITIONAL);
+    print(r);
   }
 
   void doQuery(Tokenizer st) throws IOException {
@@ -424,13 +429,13 @@ void doQuery(Tokenizer st) throws IOException {
     name = st.getName(zone);
     token = st.get();
     if (token.isString()) {
-      type = Type.value(token.value);
+      type = Type.value(token.value());
       if (type < 0) {
         throw new IOException("Invalid type");
       }
       token = st.get();
       if (token.isString()) {
-        dclass = DClass.value(token.value);
+        dclass = DClass.value(token.value());
         if (dclass < 0) {
           throw new IOException("Invalid class");
         }
@@ -531,7 +536,7 @@ boolean doAssert(Tokenizer st) throws IOException {
         if (!token.isString()) {
           break;
         }
-        print(token.value);
+        print(token.value());
       }
       st.unget();
     }
diff --git a/src/main/java/org/xbill/DNS/tools/xfrin.java b/src/main/java/org/xbill/DNS/tools/xfrin.java
index a57441059..dd3bdf2f4 100644
--- a/src/main/java/org/xbill/DNS/tools/xfrin.java
+++ b/src/main/java/org/xbill/DNS/tools/xfrin.java
@@ -25,7 +25,7 @@ private static void usage(String s) {
   public static void main(String[] args) throws Exception {
     ZoneTransferIn xfrin;
     TSIG key = null;
-    int ixfr_serial = -1;
+    int ixfrSerial = -1;
     String server = null;
     int port = SimpleResolver.DEFAULT_PORT;
     boolean fallback = false;
@@ -34,8 +34,8 @@ public static void main(String[] args) throws Exception {
     int arg = 0;
     while (arg < args.length) {
       if (args[arg].equals("-i")) {
-        ixfr_serial = Integer.parseInt(args[++arg]);
-        if (ixfr_serial < 0) {
+        ixfrSerial = Integer.parseInt(args[++arg]);
+        if (ixfrSerial < 0) {
           usage("invalid serial number");
         }
       } else if (args[arg].equals("-k")) {
@@ -77,21 +77,21 @@ public static void main(String[] args) throws Exception {
       System.out.println("sending to server '" + server + "'");
     }
 
-    if (ixfr_serial >= 0) {
-      xfrin = ZoneTransferIn.newIXFR(zname, ixfr_serial, fallback, server, port, key);
+    if (ixfrSerial >= 0) {
+      xfrin = ZoneTransferIn.newIXFR(zname, ixfrSerial, fallback, server, port, key);
     } else {
       xfrin = ZoneTransferIn.newAXFR(zname, server, port, key);
     }
 
     xfrin.run();
     if (xfrin.isAXFR()) {
-      if (ixfr_serial >= 0) {
+      if (ixfrSerial >= 0) {
         System.out.println("AXFR-like IXFR response");
       } else {
         System.out.println("AXFR response");
       }
-      for (Record record : xfrin.getAXFR()) {
-        System.out.println(record);
+      for (Record r : xfrin.getAXFR()) {
+        System.out.println(r);
       }
     } else if (xfrin.isIXFR()) {
       System.out.println("IXFR response");
diff --git a/src/main/java/org/xbill/DNS/utils/BaseUtils.java b/src/main/java/org/xbill/DNS/utils/BaseUtils.java
new file mode 100644
index 000000000..f244e193a
--- /dev/null
+++ b/src/main/java/org/xbill/DNS/utils/BaseUtils.java
@@ -0,0 +1,33 @@
+// SPDX-License-Identifier: BSD-3-Clause
+package org.xbill.DNS.utils;
+
+import lombok.experimental.UtilityClass;
+
+@UtilityClass
+class BaseUtils {
+  /**
+   * Wrap a long string at {@code lineLength} characters.
+   *
+   * @param s The string to wrap.
+   * @param lineLength The number of characters per line.
+   * @param prefix A string prefixing the characters on each line.
+   * @param addClose Whether to add a close parenthesis or not.
+   * @return The wrapped string.
+   */
+  String wrapLines(String s, int lineLength, String prefix, boolean addClose) {
+    StringBuilder sb = new StringBuilder();
+    for (int i = 0; i < s.length(); i += lineLength) {
+      sb.append(prefix);
+      if (i + lineLength >= s.length()) {
+        sb.append(s.substring(i));
+        if (addClose) {
+          sb.append(" )");
+        }
+      } else {
+        sb.append(s, i, i + lineLength);
+        sb.append("\n");
+      }
+    }
+    return sb.toString();
+  }
+}
diff --git a/src/main/java/org/xbill/DNS/utils/base16.java b/src/main/java/org/xbill/DNS/utils/base16.java
index c4cba1cc8..74c4e3bcd 100644
--- a/src/main/java/org/xbill/DNS/utils/base16.java
+++ b/src/main/java/org/xbill/DNS/utils/base16.java
@@ -4,8 +4,6 @@
 package org.xbill.DNS.utils;
 
 import java.io.ByteArrayOutputStream;
-import java.io.DataOutputStream;
-import java.io.IOException;
 
 /**
  * Routines for converting between Strings of hex-encoded data and arrays of binary data. This is
@@ -15,7 +13,7 @@
  */
 public class base16 {
 
-  private static final String Base16 = "0123456789ABCDEF";
+  private static final String BASE_16_CHARS = "0123456789ABCDEF";
 
   private base16() {}
 
@@ -26,47 +24,78 @@ private base16() {}
    * @return A String containing the encoded data
    */
   public static String toString(byte[] b) {
-    ByteArrayOutputStream os = new ByteArrayOutputStream();
-
+    StringBuilder sb = new StringBuilder(b.length * 2);
     for (byte item : b) {
       short value = (short) (item & 0xFF);
       byte high = (byte) (value >> 4);
       byte low = (byte) (value & 0xF);
-      os.write(Base16.charAt(high));
-      os.write(Base16.charAt(low));
+      sb.append(BASE_16_CHARS.charAt(high));
+      sb.append(BASE_16_CHARS.charAt(low));
     }
-    return os.toString();
+    return sb.toString();
   }
 
   /**
-   * Convert a hex-encoded String to binary data
+   * Convert binary data to a hex-encoded string, line-wrapped at {@code lineLength} characters.
    *
-   * @param str A String containing the encoded data
-   * @return An array containing the binary data, or null if the string is invalid
+   * @param b An array containing binary data
+   * @param lineLength The number of characters per line
+   * @param prefix A string prefixing the characters on each line
+   * @param addClose Whether to add a close parenthesis or not
+   * @return A String containing the encoded data
+   * @since 3.6
+   */
+  public static String toString(byte[] b, int lineLength, String prefix, boolean addClose) {
+    return BaseUtils.wrapLines(toString(b), lineLength, prefix, addClose);
+  }
+
+  /**
+   * Convert a hex-encoded String to binary data, ignoring {@link Character#isWhitespace(char)
+   * whitespace} characters.
+   *
+   * <p>Returns {@code null}
+   *
+   * <ul>
+   *   <li>when {@code str} is {@code null},
+   *   <li>when non-hex digits or non-whitespace characters are encountered.
+   *
+   * @param str A String containing the encoded data.
+   * @return An array containing the binary data, or null if the string is invalid.
    */
   public static byte[] fromString(String str) {
+    if (str == null) {
+      return null;
+    }
+
+    if (str.isEmpty()) {
+      return new byte[0];
+    }
+
     ByteArrayOutputStream bs = new ByteArrayOutputStream();
-    byte[] raw = str.getBytes();
-    for (byte b : raw) {
-      if (!Character.isWhitespace((char) b)) {
-        bs.write(b);
+    for (int i = 0; i < str.length(); i++) {
+      char c = str.charAt(i);
+      if (c >= 48 && c <= 57 || c >= 65 && c <= 70) {
+        // 0-9, A-Z
+        bs.write(c);
+      } else if (c >= 97 && c <= 102) {
+        // convert a-z to A-Z
+        bs.write(c - 32);
+      } else if (!Character.isWhitespace(c)) {
+        return null;
       }
     }
+
     byte[] in = bs.toByteArray();
-    if (in.length % 2 != 0) {
+    if ((in.length & 1) != 0) {
       return null;
     }
 
     bs.reset();
-    DataOutputStream ds = new DataOutputStream(bs);
 
     for (int i = 0; i < in.length; i += 2) {
-      byte high = (byte) Base16.indexOf(Character.toUpperCase((char) in[i]));
-      byte low = (byte) Base16.indexOf(Character.toUpperCase((char) in[i + 1]));
-      try {
-        ds.writeByte((high << 4) + (low & 0xFF));
-      } catch (IOException e) {
-      }
+      byte high = (byte) BASE_16_CHARS.indexOf(in[i]);
+      byte low = (byte) BASE_16_CHARS.indexOf(in[i + 1]);
+      bs.write((high << 4) + (low & 0x0F));
     }
     return bs.toByteArray();
   }
diff --git a/src/main/java/org/xbill/DNS/utils/base32.java b/src/main/java/org/xbill/DNS/utils/base32.java
index 40b495d89..563e232a3 100644
--- a/src/main/java/org/xbill/DNS/utils/base32.java
+++ b/src/main/java/org/xbill/DNS/utils/base32.java
@@ -112,9 +112,9 @@ public String toString(byte[] b) {
       t[4] = (byte) (((s[2] & 0x0F) << 1) | ((s[3] >> 7) & 0x01));
       // bits 6-2 from 4th
       t[5] = (byte) ((s[3] >> 2) & 0x1F);
-      // lower 2 from 4th, upper 3 from 5th;
+      // lower 2 from 4th, upper 3 from 5th
       t[6] = (byte) (((s[3] & 0x03) << 3) | ((s[4] >> 5) & 0x07));
-      // lower 5 from 5th;
+      // lower 5 from 5th
       t[7] = (byte) (s[4] & 0x1F);
 
       // write out the actual characters.
@@ -134,7 +134,7 @@ public String toString(byte[] b) {
       }
     }
 
-    return new String(os.toByteArray());
+    return os.toString();
   }
 
   /**
diff --git a/src/main/java/org/xbill/DNS/utils/base64.java b/src/main/java/org/xbill/DNS/utils/base64.java
index 9e9367a25..a69b57e8f 100644
--- a/src/main/java/org/xbill/DNS/utils/base64.java
+++ b/src/main/java/org/xbill/DNS/utils/base64.java
@@ -14,9 +14,9 @@
  */
 public class base64 {
 
-  private static final String Base64 =
+  private static final String BASE_64 =
       "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/=";
-  private static final String Base64Url =
+  private static final String BASE_64_URL =
       "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789-_";
 
   private base64() {}
@@ -39,7 +39,7 @@ public static String toString(byte[] b) {
    * @return A String containing the encoded data
    */
   public static String toString(byte[] b, boolean useUrl) {
-    String base = useUrl ? Base64Url : Base64;
+    String base = useUrl ? BASE_64_URL : BASE_64;
     ByteArrayOutputStream os = new ByteArrayOutputStream();
     for (int i = 0; i < (b.length + 2) / 3; i++) {
       short[] s = new short[3];
@@ -74,7 +74,7 @@ public static String toString(byte[] b, boolean useUrl) {
         os.write(base.charAt(t[j]));
       }
     }
-    return new String(os.toByteArray());
+    return os.toString();
   }
 
   /**
@@ -87,21 +87,7 @@ public static String toString(byte[] b, boolean useUrl) {
    * @return A String representing the formatted output
    */
   public static String formatString(byte[] b, int lineLength, String prefix, boolean addClose) {
-    String s = toString(b);
-    StringBuilder sb = new StringBuilder();
-    for (int i = 0; i < s.length(); i += lineLength) {
-      sb.append(prefix);
-      if (i + lineLength >= s.length()) {
-        sb.append(s.substring(i));
-        if (addClose) {
-          sb.append(" )");
-        }
-      } else {
-        sb.append(s, i, i + lineLength);
-        sb.append("\n");
-      }
-    }
-    return sb.toString();
+    return BaseUtils.wrapLines(toString(b), lineLength, prefix, addClose);
   }
 
   /**
@@ -131,7 +117,7 @@ public static byte[] fromString(String str) {
       short[] t = new short[3];
 
       for (int j = 0; j < 4; j++) {
-        s[j] = (short) Base64.indexOf(in[i * 4 + j]);
+        s[j] = (short) BASE_64.indexOf(in[i * 4 + j]);
       }
 
       t[0] = (short) ((s[0] << 2) + (s[1] >> 4));
@@ -158,6 +144,7 @@ public static byte[] fromString(String str) {
           }
         }
       } catch (IOException e) {
+        // Ignore
       }
     }
     return bs.toByteArray();
diff --git a/src/main/java/org/xbill/DNS/utils/hexdump.java b/src/main/java/org/xbill/DNS/utils/hexdump.java
index d4a478e75..2ddde8a20 100644
--- a/src/main/java/org/xbill/DNS/utils/hexdump.java
+++ b/src/main/java/org/xbill/DNS/utils/hexdump.java
@@ -41,7 +41,7 @@ public static String dump(String description, byte[] b, int offset, int length)
           sb.append('\t');
         }
       }
-      int value = (int) b[i + offset] & 0xFF;
+      int value = b[i + offset] & 0xFF;
       sb.append(hex[value >> 4]);
       sb.append(hex[value & 0xF]);
       sb.append(' ');
diff --git a/src/main/java/sun/net/spi/nameservice/NameService.java b/src/main/java/sun/net/spi/nameservice/NameService.java
new file mode 100644
index 000000000..4ddbf079d
--- /dev/null
+++ b/src/main/java/sun/net/spi/nameservice/NameService.java
@@ -0,0 +1,11 @@
+// SPDX-License-Identifier: BSD-3-Clause
+package sun.net.spi.nameservice;
+
+import java.net.InetAddress;
+import java.net.UnknownHostException;
+
+public interface NameService {
+  InetAddress[] lookupAllHostAddr(String var1) throws UnknownHostException;
+
+  String getHostByAddr(byte[] var1) throws UnknownHostException;
+}
diff --git a/src/main/java/sun/net/spi/nameservice/NameServiceDescriptor.java b/src/main/java/sun/net/spi/nameservice/NameServiceDescriptor.java
new file mode 100644
index 000000000..090f77f1e
--- /dev/null
+++ b/src/main/java/sun/net/spi/nameservice/NameServiceDescriptor.java
@@ -0,0 +1,10 @@
+// SPDX-License-Identifier: BSD-3-Clause
+package sun.net.spi.nameservice;
+
+public interface NameServiceDescriptor {
+  NameService createNameService() throws Exception;
+
+  String getProviderName();
+
+  String getType();
+}
diff --git a/src/main/java/sun/net/spi/nameservice/package-info.java b/src/main/java/sun/net/spi/nameservice/package-info.java
new file mode 100644
index 000000000..d2411afbb
--- /dev/null
+++ b/src/main/java/sun/net/spi/nameservice/package-info.java
@@ -0,0 +1,7 @@
+// SPDX-License-Identifier: BSD-3-Clause
+
+/**
+ * JDK9 removed the Nameservice SPI as per bug 8134577. The interfaces in this package were
+ * automatically extracted and are used to compile on newer JDKs.
+ */
+package sun.net.spi.nameservice;
diff --git a/src/main/java11/module-info.java b/src/main/java11/module-info.java
new file mode 100644
index 000000000..8ed168871
--- /dev/null
+++ b/src/main/java11/module-info.java
@@ -0,0 +1,18 @@
+// SPDX-License-Identifier: BSD-3-Clause
+
+module org.dnsjava {
+  requires static lombok;
+  requires static java.naming;
+  requires static com.sun.jna;
+  requires static com.sun.jna.platform;
+  requires static java.net.http;
+  requires org.slf4j;
+
+  exports org.xbill.DNS;
+  exports org.xbill.DNS.config;
+  exports org.xbill.DNS.dnssec;
+  exports org.xbill.DNS.hosts;
+  exports org.xbill.DNS.lookup;
+  exports org.xbill.DNS.tools;
+  exports org.xbill.DNS.utils;
+}
diff --git a/src/main/java11/org/xbill/DNS/AsyncSemaphore.java b/src/main/java11/org/xbill/DNS/AsyncSemaphore.java
new file mode 100644
index 000000000..d2dcf6dd0
--- /dev/null
+++ b/src/main/java11/org/xbill/DNS/AsyncSemaphore.java
@@ -0,0 +1,66 @@
+// SPDX-License-Identifier: BSD-3-Clause
+package org.xbill.DNS;
+
+import java.time.Duration;
+import java.util.ArrayDeque;
+import java.util.Queue;
+import java.util.concurrent.CompletableFuture;
+import java.util.concurrent.CompletionStage;
+import java.util.concurrent.Executor;
+import java.util.concurrent.TimeUnit;
+import lombok.extern.slf4j.Slf4j;
+
+@Slf4j
+final class AsyncSemaphore {
+  private final Queue<CompletableFuture<Permit>> queue = new ArrayDeque<>();
+  private final Permit singletonPermit = new Permit();
+  private final String name;
+  private volatile int permits;
+
+  final class Permit {
+    public void release(int id, Executor executor) {
+      synchronized (queue) {
+        CompletableFuture<Permit> next = queue.poll();
+        if (next == null) {
+          permits++;
+          log.trace("{} permit released id={}, available={}", name, id, permits);
+        } else {
+          log.trace("{} permit released id={}, available={}, immediate next", name, id, permits);
+          next.completeAsync(() -> this, executor);
+        }
+      }
+    }
+  }
+
+  AsyncSemaphore(int permits, String name) {
+    this.permits = permits;
+    this.name = name;
+    log.debug("Using Java 11+ implementation for {}", name);
+  }
+
+  CompletionStage<Permit> acquire(Duration timeout, int id, Executor executor) {
+    synchronized (queue) {
+      if (permits > 0) {
+        permits--;
+        log.trace("{} permit acquired id={}, available={}", name, id, permits);
+        return CompletableFuture.completedFuture(singletonPermit);
+      } else {
+        CompletableFuture<Permit> f = new CompletableFuture<>();
+        f.orTimeout(timeout.toNanos(), TimeUnit.NANOSECONDS)
+            .whenCompleteAsync(
+                (result, ex) -> {
+                  synchronized (queue) {
+                    if (ex != null) {
+                      log.trace("{} permit timed out id={}, available={}", name, id, permits);
+                    }
+                    queue.remove(f);
+                  }
+                },
+                executor);
+        log.trace("{} permit queued id={}, available={}", name, id, permits);
+        queue.add(f);
+        return f;
+      }
+    }
+  }
+}
diff --git a/src/main/java11/org/xbill/DNS/DohResolver.java b/src/main/java11/org/xbill/DNS/DohResolver.java
new file mode 100644
index 000000000..8e73eca5c
--- /dev/null
+++ b/src/main/java11/org/xbill/DNS/DohResolver.java
@@ -0,0 +1,311 @@
+// SPDX-License-Identifier: BSD-3-Clause
+package org.xbill.DNS;
+
+import java.io.IOException;
+import java.net.URI;
+import java.net.http.HttpClient;
+import java.net.http.HttpRequest;
+import java.net.http.HttpResponse;
+import java.net.http.HttpTimeoutException;
+import java.time.Duration;
+import java.time.temporal.ChronoUnit;
+import java.util.Collections;
+import java.util.List;
+import java.util.Map;
+import java.util.WeakHashMap;
+import java.util.concurrent.CompletableFuture;
+import java.util.concurrent.CompletionException;
+import java.util.concurrent.CompletionStage;
+import java.util.concurrent.Executor;
+import java.util.concurrent.TimeUnit;
+import java.util.concurrent.TimeoutException;
+import java.util.function.Function;
+import lombok.SneakyThrows;
+import lombok.extern.slf4j.Slf4j;
+import org.xbill.DNS.AsyncSemaphore.Permit;
+
+/**
+ * Proof-of-concept <a href="https://datatracker.ietf.org/doc/html/rfc8484">DNS over HTTP (DoH)</a>
+ * resolver. This class is not suitable for high load scenarios because of the shortcomings of
+ * Java's built-in HTTP clients. For more control, implement your own {@link Resolver} using e.g. <a
+ * href="https://github.com/square/okhttp/">OkHttp</a>.
+ *
+ * <p>On Java 8, it uses HTTP/1.1, which is against the recommendation of RFC 8484 to use HTTP/2 and
+ * thus slower. On Java 11 or newer, HTTP/2 is always used, but the built-in HttpClient has its own
+ * <a href="https://bugs.openjdk.java.net/browse/JDK-8225647">issues</a> with connection handling.
+ *
+ * <p>As of 2020-09-13, the following limits of public resolvers for HTTP/2 were observed:
+ * <li>https://cloudflare-dns.com/dns-query: max streams=250, idle timeout=400s
+ * <li>https://dns.google/dns-query: max streams=100, idle timeout=240s
+ *
+ * @since 3.0
+ */
+@Slf4j
+public final class DohResolver extends DohResolverCommon {
+  private static final String APPLICATION_DNS_MESSAGE = "application/dns-message";
+  private static final Map<Executor, HttpClient> httpClients =
+      Collections.synchronizedMap(new WeakHashMap<>());
+  private static final HttpRequest.Builder defaultHttpRequestBuilder;
+
+  private final AsyncSemaphore initialRequestLock = new AsyncSemaphore(1, "initial request");
+
+  private final Duration idleConnectionTimeout;
+
+  static {
+    defaultHttpRequestBuilder = HttpRequest.newBuilder();
+    defaultHttpRequestBuilder.version(HttpClient.Version.HTTP_2);
+    defaultHttpRequestBuilder.header("Content-Type", APPLICATION_DNS_MESSAGE);
+    defaultHttpRequestBuilder.header("Accept", APPLICATION_DNS_MESSAGE);
+  }
+
+  /**
+   * Creates a new DoH resolver that performs lookups with HTTP GET and the default timeout (5s).
+   *
+   * @param uriTemplate the URI to use for resolving, e.g. {@code https://dns.google/dns-query}
+   */
+  public DohResolver(String uriTemplate) {
+    this(uriTemplate, 100, Duration.ofMinutes(2));
+  }
+
+  /**
+   * Creates a new DoH resolver that performs lookups with HTTP GET and the default timeout (5s).
+   *
+   * @param uriTemplate the URI to use for resolving, e.g. {@code https://dns.google/dns-query}
+   * @param maxConcurrentRequests Maximum concurrent HTTP/2 streams for Java 11+ or HTTP/1.1
+   *     connections for Java 8. On Java 8 this cannot exceed the system property {@code
+   *     http.maxConnections}.
+   * @param idleConnectionTimeout Max. idle time for HTTP/2 connections until a request is
+   *     serialized. Applies to Java 11+ only.
+   * @since 3.3
+   */
+  public DohResolver(
+      String uriTemplate, int maxConcurrentRequests, Duration idleConnectionTimeout) {
+    super(uriTemplate, maxConcurrentRequests);
+    log.debug("Using Java 11+ implementation");
+    this.idleConnectionTimeout = idleConnectionTimeout;
+  }
+
+  @SneakyThrows
+  private HttpClient getHttpClient(Executor executor) {
+    return httpClients.computeIfAbsent(
+        executor,
+        key -> {
+          try {
+            return HttpClient.newBuilder().connectTimeout(timeout).executor(executor).build();
+          } catch (IllegalArgumentException e) {
+            log.warn("Could not create a HttpClient for Executor {}", key, e);
+            return null;
+          }
+        });
+  }
+
+  @Override
+  public void setTimeout(Duration timeout) {
+    this.timeout = timeout;
+    httpClients.clear();
+  }
+
+  /**
+   * Sets the EDNS information on outgoing messages.
+   *
+   * @param version The EDNS version to use. 0 indicates EDNS0 and -1 indicates no EDNS.
+   * @param payloadSize ignored
+   * @param flags EDNS extended flags to be set in the OPT record.
+   * @param options EDNS options to be set in the OPT record
+   */
+  @Override
+  @SuppressWarnings("java:S1185") // required for source- and binary compatibility
+  public void setEDNS(int version, int payloadSize, int flags, List<EDNSOption> options) {
+    // required for source- and binary compatibility
+    super.setEDNS(version, payloadSize, flags, options);
+  }
+
+  @Override
+  @SuppressWarnings("java:S1185") // required for source- and binary compatibility
+  public CompletionStage<Message> sendAsync(Message query) {
+    return this.sendAsync(query, defaultExecutor);
+  }
+
+  @Override
+  public CompletionStage<Message> sendAsync(Message query, Executor executor) {
+    long startTime = getNanoTime();
+    byte[] queryBytes = prepareQuery(query).toWire();
+    String url = getUrl(queryBytes);
+
+    var requestBuilder = defaultHttpRequestBuilder.copy();
+    requestBuilder.uri(URI.create(url));
+    if (usePost) {
+      requestBuilder.POST(HttpRequest.BodyPublishers.ofByteArray(queryBytes));
+    }
+
+    // check if this request needs to be done synchronously because of HttpClient's stupidity to
+    // not use the connection pool for HTTP/2 until one connection is successfully established,
+    // which could lead to hundreds of connections (and threads with the default executor)
+    Duration remainingTimeout = timeout.minus(getNanoTime() - startTime, ChronoUnit.NANOS);
+    if (remainingTimeout.toMillis() <= 0) {
+      return timeoutFailedFuture(query, "no time left to acquire lock for first request", null);
+    }
+
+    return initialRequestLock
+        .acquire(remainingTimeout, query.getHeader().getID(), executor)
+        .handle(
+            (initialRequestPermit, initialRequestEx) -> {
+              if (initialRequestEx != null) {
+                return this.<Message>timeoutFailedFuture(query, initialRequestEx);
+              } else {
+                return sendAsyncWithInitialRequestPermit(
+                    query, executor, startTime, requestBuilder, initialRequestPermit);
+              }
+            })
+        .thenCompose(Function.identity());
+  }
+
+  private CompletionStage<Message> sendAsyncWithInitialRequestPermit(
+      Message query,
+      Executor executor,
+      long startTime,
+      HttpRequest.Builder requestBuilder,
+      Permit initialRequestPermit) {
+    int queryId = query.getHeader().getID();
+    long lastRequestTime = lastRequest.get();
+    long requestDeltaNanos = getNanoTime() - lastRequestTime;
+    boolean isInitialRequest =
+        lastRequestTime == 0 || idleConnectionTimeout.toNanos() < requestDeltaNanos;
+    if (!isInitialRequest) {
+      initialRequestPermit.release(queryId, executor);
+    }
+
+    // check if we already exceeded the query timeout while checking the initial connection
+    Duration remainingTimeout = timeout.minus(getNanoTime() - startTime, ChronoUnit.NANOS);
+    if (remainingTimeout.toMillis() <= 0) {
+      if (isInitialRequest) {
+        initialRequestPermit.release(queryId, executor);
+      }
+
+      return timeoutFailedFuture(
+          query, "no time left to acquire lock for concurrent request", null);
+    }
+
+    // Lock a HTTP/2 stream. Another stupidity of HttpClient to not simply queue the
+    // request, but fail with an IOException which also CLOSES the connection... *facepalm*
+    return maxConcurrentRequests
+        .acquire(remainingTimeout, queryId, executor)
+        .handle(
+            (maxConcurrentRequestPermit, maxConcurrentRequestEx) -> {
+              if (maxConcurrentRequestEx != null) {
+                if (isInitialRequest) {
+                  initialRequestPermit.release(queryId, executor);
+                }
+                return this.<Message>timeoutFailedFuture(
+                    query,
+                    "timed out waiting for a concurrent request lease",
+                    maxConcurrentRequestEx);
+              } else {
+                return sendAsyncWithConcurrentRequestPermit(
+                    query,
+                    executor,
+                    startTime,
+                    requestBuilder,
+                    initialRequestPermit,
+                    isInitialRequest,
+                    maxConcurrentRequestPermit);
+              }
+            })
+        .thenCompose(Function.identity());
+  }
+
+  private CompletionStage<Message> sendAsyncWithConcurrentRequestPermit(
+      Message query,
+      Executor executor,
+      long startTime,
+      HttpRequest.Builder requestBuilder,
+      Permit initialRequestPermit,
+      boolean isInitialRequest,
+      Permit maxConcurrentRequestPermit) {
+    int queryId = query.getHeader().getID();
+
+    // check if the stream lock acquisition took too long
+    Duration remainingTimeout = timeout.minus(getNanoTime() - startTime, ChronoUnit.NANOS);
+    if (remainingTimeout.toMillis() <= 0) {
+      if (isInitialRequest) {
+        initialRequestPermit.release(queryId, executor);
+      }
+
+      maxConcurrentRequestPermit.release(queryId, executor);
+      return timeoutFailedFuture(
+          query, "no time left to acquire lock for concurrent request", null);
+    }
+
+    var httpRequest = requestBuilder.timeout(remainingTimeout).build();
+    var bodyHandler = HttpResponse.BodyHandlers.ofByteArray();
+    return getHttpClient(executor)
+        .sendAsync(httpRequest, bodyHandler)
+        .whenComplete(
+            (result, ex) -> {
+              if (ex == null) {
+                lastRequest.set(startTime);
+              }
+              maxConcurrentRequestPermit.release(queryId, executor);
+              if (isInitialRequest) {
+                initialRequestPermit.release(queryId, executor);
+              }
+            })
+        .handleAsync(
+            (response, ex) -> {
+              if (ex != null) {
+                if (ex instanceof HttpTimeoutException) {
+                  return this.<Message>timeoutFailedFuture(
+                      query, "http request did not complete", ex.getCause());
+                } else {
+                  return CompletableFuture.<Message>failedFuture(ex);
+                }
+              } else {
+                try {
+                  Message responseMessage;
+                  int rc = response.statusCode();
+                  if (rc >= 200 && rc < 300) {
+                    byte[] responseBytes = response.body();
+                    responseMessage = new Message(responseBytes);
+                    verifyTSIG(query, responseMessage, responseBytes, tsig);
+                  } else {
+                    responseMessage = new Message();
+                    responseMessage.getHeader().setRcode(Rcode.SERVFAIL);
+                  }
+
+                  responseMessage.setResolver(this);
+                  return CompletableFuture.completedFuture(responseMessage);
+                } catch (IOException e) {
+                  return CompletableFuture.<Message>failedFuture(e);
+                }
+              }
+            },
+            executor)
+        .thenCompose(Function.identity())
+        .orTimeout(remainingTimeout.toMillis(), TimeUnit.MILLISECONDS)
+        .exceptionally(
+            ex -> {
+              if (ex instanceof TimeoutException) {
+                throw new CompletionException(
+                    new TimeoutException(
+                        "Query "
+                            + query.getHeader().getID()
+                            + " for "
+                            + query.getQuestion().getName()
+                            + "/"
+                            + Type.string(query.getQuestion().getType())
+                            + " timed out in remaining "
+                            + remainingTimeout.toMillis()
+                            + "ms"));
+              } else if (ex instanceof CompletionException) {
+                throw (CompletionException) ex;
+              }
+
+              throw new CompletionException(ex);
+            });
+  }
+
+  @Override
+  protected <T> CompletableFuture<T> failedFuture(Throwable e) {
+    return CompletableFuture.failedFuture(e);
+  }
+}
diff --git a/src/main/java18/module-info.java b/src/main/java18/module-info.java
new file mode 100644
index 000000000..73a90f811
--- /dev/null
+++ b/src/main/java18/module-info.java
@@ -0,0 +1,24 @@
+// SPDX-License-Identifier: BSD-3-Clause
+
+import java.net.spi.InetAddressResolverProvider;
+import org.xbill.DNS.spi.DnsjavaInetAddressResolverProvider;
+
+module org.dnsjava {
+  requires static lombok;
+  requires static java.naming;
+  requires static com.sun.jna;
+  requires static com.sun.jna.platform;
+  requires static java.net.http;
+  requires org.slf4j;
+
+  exports org.xbill.DNS;
+  exports org.xbill.DNS.config;
+  exports org.xbill.DNS.dnssec;
+  exports org.xbill.DNS.hosts;
+  exports org.xbill.DNS.lookup;
+  exports org.xbill.DNS.tools;
+  exports org.xbill.DNS.utils;
+
+  provides InetAddressResolverProvider with
+      DnsjavaInetAddressResolverProvider;
+}
diff --git a/src/main/java18/org/xbill/DNS/spi/DnsjavaInetAddressResolver.java b/src/main/java18/org/xbill/DNS/spi/DnsjavaInetAddressResolver.java
new file mode 100644
index 000000000..d92be358e
--- /dev/null
+++ b/src/main/java18/org/xbill/DNS/spi/DnsjavaInetAddressResolver.java
@@ -0,0 +1,117 @@
+// SPDX-License-Identifier: BSD-3-Clause
+package org.xbill.DNS.spi;
+
+import java.net.InetAddress;
+import java.net.UnknownHostException;
+import java.net.spi.InetAddressResolver;
+import java.net.spi.InetAddressResolverProvider.Configuration;
+import java.util.ArrayList;
+import java.util.List;
+import java.util.stream.Stream;
+import lombok.extern.slf4j.Slf4j;
+import org.xbill.DNS.AAAARecord;
+import org.xbill.DNS.ARecord;
+import org.xbill.DNS.Lookup;
+import org.xbill.DNS.Name;
+import org.xbill.DNS.PTRRecord;
+import org.xbill.DNS.Record;
+import org.xbill.DNS.ReverseMap;
+import org.xbill.DNS.TextParseException;
+import org.xbill.DNS.Type;
+
+@Slf4j
+class DnsjavaInetAddressResolver implements InetAddressResolver {
+  private static final String PREFER_V6_PROPERTY = "java.net.preferIPv6Addresses";
+
+  private final boolean preferV6;
+  private final Configuration configuration;
+
+  DnsjavaInetAddressResolver(Configuration configuration) {
+    log.info("Enabling dnsjava SPI");
+    this.configuration = configuration;
+    preferV6 = Boolean.getBoolean(PREFER_V6_PROPERTY);
+  }
+
+  @Override
+  public Stream<InetAddress> lookupByName(String host, LookupPolicy lookupPolicy)
+      throws UnknownHostException {
+    // delegate local hostnames to the default resolver - we don't know them any better
+    // and this shouldn't leak anything either
+    if (host.equalsIgnoreCase(configuration.lookupLocalHostName())
+        || "localhost".equalsIgnoreCase(host)) {
+      return configuration.builtinResolver().lookupByName(host, lookupPolicy);
+    }
+
+    Name name;
+    try {
+      name = new Name(host);
+    } catch (TextParseException e) {
+      throw new UnknownHostException(host);
+    }
+
+    List<InetAddress> results = new ArrayList<>(8);
+    boolean ranIpV4 = false;
+    boolean ranIpV6 = false;
+
+    int characteristics = lookupPolicy.characteristics();
+    // fallback to default policy if no specific preference has been set
+    if ((characteristics & (LookupPolicy.IPV6_FIRST | LookupPolicy.IPV4_FIRST)) == 0) {
+      if (preferV6) {
+        characteristics |= LookupPolicy.IPV6_FIRST;
+      } else {
+        characteristics |= LookupPolicy.IPV4_FIRST;
+      }
+    }
+    if ((characteristics & LookupPolicy.IPV6) == LookupPolicy.IPV6
+        && (characteristics & LookupPolicy.IPV6_FIRST) == LookupPolicy.IPV6_FIRST) {
+      Record[] records = new Lookup(name, Type.AAAA).run();
+      if (records != null) {
+        for (Record r : records) {
+          results.add(((AAAARecord) r).getAddress());
+        }
+      }
+      ranIpV6 = true;
+    }
+    if ((characteristics & LookupPolicy.IPV4) == LookupPolicy.IPV4
+        && (characteristics & LookupPolicy.IPV4_FIRST) == LookupPolicy.IPV4_FIRST) {
+      Record[] records = new Lookup(name, Type.A).run();
+      if (records != null) {
+        for (Record r : records) {
+          results.add(((ARecord) r).getAddress());
+        }
+      }
+      ranIpV4 = true;
+    }
+    if ((characteristics & LookupPolicy.IPV4) == LookupPolicy.IPV4 && !ranIpV4) {
+      Record[] records = new Lookup(name, Type.A).run();
+      if (records != null) {
+        for (Record r : records) {
+          results.add(((ARecord) r).getAddress());
+        }
+      }
+    }
+    if ((characteristics & LookupPolicy.IPV6) == LookupPolicy.IPV6 && !ranIpV6) {
+      Record[] records = new Lookup(name, Type.AAAA).run();
+      if (records != null) {
+        for (Record r : records) {
+          results.add(((AAAARecord) r).getAddress());
+        }
+      }
+    }
+    if (results.isEmpty()) {
+      throw new UnknownHostException(host);
+    }
+
+    return results.stream();
+  }
+
+  @Override
+  public String lookupByAddress(byte[] addr) throws UnknownHostException {
+    Name name = ReverseMap.fromAddress(InetAddress.getByAddress(addr));
+    Record[] records = new Lookup(name, Type.PTR).run();
+    if (records == null) {
+      throw new UnknownHostException("Unknown address: " + name);
+    }
+    return ((PTRRecord) records[0]).getTarget().toString();
+  }
+}
diff --git a/src/main/java18/org/xbill/DNS/spi/DnsjavaInetAddressResolverProvider.java b/src/main/java18/org/xbill/DNS/spi/DnsjavaInetAddressResolverProvider.java
new file mode 100644
index 000000000..f146c399a
--- /dev/null
+++ b/src/main/java18/org/xbill/DNS/spi/DnsjavaInetAddressResolverProvider.java
@@ -0,0 +1,24 @@
+// SPDX-License-Identifier: BSD-3-Clause
+package org.xbill.DNS.spi;
+
+import java.net.spi.InetAddressResolver;
+import java.net.spi.InetAddressResolverProvider;
+
+public class DnsjavaInetAddressResolverProvider extends InetAddressResolverProvider {
+  public static final String ENABLE_SPI = "org.dnsjava.spi.enable";
+
+  @Override
+  public InetAddressResolver get(Configuration configuration) {
+    // The provider is opt-in only. Simply placing dnsjava on the classpath should not
+    // modify default resolution behavior.
+    if (Boolean.getBoolean(ENABLE_SPI)) {
+      return new DnsjavaInetAddressResolver(configuration);
+    }
+    return configuration.builtinResolver();
+  }
+
+  @Override
+  public String name() {
+    return "dnsjava";
+  }
+}
diff --git a/src/main/resources/META-INF/services/java.net.spi.InetAddressResolverProvider b/src/main/resources/META-INF/services/java.net.spi.InetAddressResolverProvider
new file mode 100644
index 000000000..e477fd238
--- /dev/null
+++ b/src/main/resources/META-INF/services/java.net.spi.InetAddressResolverProvider
@@ -0,0 +1 @@
+org.xbill.DNS.spi.DnsjavaInetAddressResolverProvider
diff --git a/src/main/resources/messages.properties b/src/main/resources/messages.properties
new file mode 100644
index 000000000..38f34467f
--- /dev/null
+++ b/src/main/resources/messages.properties
@@ -0,0 +1,76 @@
+# SPDX-License-Identifier: BSD-3-Clause
+failed.authority.nodata=NODATA response has failed AUTHORITY rrset: {0}
+failed.answer.cname_nodata=CNAME_NODATA response has failed ANSWER rrset: {0}
+failed.nodata=NODATA response failed to prove NODATA status with NSEC/NSEC3
+failed.synthesize.multiple=Synthesized CNAME RRset has multiple records - that doesn't make sense.
+failed.synthesize.nomatch=Synthesized CNAME target ({0}) included in answer doesn't match DNAME synthesis rules (expected {1}).
+failed.synthesize.toolong=Synthesized name would be too long, thus bogus.
+failed.answer.positive=Positive response has failed ANSWER rrset: {0}
+failed.authority.positive=Positive response has failed AUTHORITY rrset: {0}
+failed.positive.wildcardgeneration=Could not generate NSEC wildcard, resulting name would be too long.
+failed.positive.wildcard_too_broad=Positive response was wildcard expansion and did not prove original data did not exist or wasn't generated by the correct wildcard.
+failed.nxdomain.cname_nxdomain=CNAME_NAMEERROR response has failed ANSWER rrset: {0}
+failed.nxdomain.authority=NameError response has failed AUTHORITY rrset: {0}
+failed.nsec3.none=No NSEC3 records
+failed.nsec3.not_found=No matching NSEC3 records found
+failed.nsec3.type_exists=NSEC3 proofed type exists
+failed.nsec3.type_exists_wc=NSEC3 wildcard proofed type exists
+failed.nsec3.cname_exists=NSEC3 proofed a CNAME exists
+failed.nsec3.cname_exists_wc=NSEC3 wildcard proofed a CNAME exists
+failed.nsec3.wc_soa=NSEC3 wildcard proofed a CNAME exists
+failed.nsec3.apex_abuse=NSEC3 from apex abused
+failed.nsec3.delegation=NSEC3 is a delegation
+failed.nsec3.delegation_wc=NSEC3 wildcard is a delegation
+failed.nsec3.no_next=No next closer NSEC3
+failed.nsec3.not_optout=NSEC3 was not opt-out
+failed.nsec3.qname_ce=NSEC3 did not match query name and closest encloser not found
+failed.nsec3_ignored=All NSEC3s were validated but ignored due to unknown algorithms or invalid iteration counts.
+failed.nsec3.hash_errors=All attempted hash calculations while finding a matching NSEC3 were erroneous.
+failed.nsec3.wc.hash_errors=All attempted hash calculations while matching wildcard were erroneous.
+failed.nxdomain.nsec3_bogus=NSEC3 failed to proof the name error.
+failed.nxdomain.nsec3_insecure=NSEC3 proofed that the target domain is under opt-out, response is insecure.
+failed.nxdomain.exists=NameError response has failed to prove that {0} does not exist.
+failed.nxdomain.haswildcard=NameError response has failed to prove that the covering wildcard does not exist.
+dnskey.no_rrset=Missing DNSKEY RRset in response to DNSKEY query for {0}.
+dnskey.no_ds_match=Did not match a DS to a DNSKEY.
+dnskey.no_ds_alg_match=No keys for {0} have a DS for alg {1}
+dnskey.no_name_match=DS and DNSKEY names do not match.
+dnskey.no_key=No key for signature {0}
+dnskey.ds_max_match=DS match max. attempt reached
+dnskey.ds_match_mismatch=Keyset not secured by DNSKEY that matches DS
+dnskey.key_offtree=Signer name {0} is off-tree for {1}
+dnskey.no_match=Key does not match signature
+dnskey.expired=Key expired
+dnskey.not_yet_valid=Key is not yet valid
+dnskey.invalid=Key does not verify signature
+failed.ds=DS rrset in DS response did not verify.
+failed.ds.cname=CNAME in DS response was not secure.
+ds.secure=CNAME validated, proof that DS does not exist.
+failed.ds.nsec=NSEC RRset for the referral did not verify, {0}.
+failed.ds.nsec.hasdata=NSEC RRset for the referral did not prove no DS.
+failed.ds.nonsec=No signed NSEC/NSEC3 records for query to {0}/DS.
+failed.ds.nodelegation=NSEC RRset for the referral proved not a delegation point
+insecure.ds.nsec=NSEC RRset for the referral proved no DS.
+failed.ds.nowildcardproof=NSEC for wildcard does not prove absence of DS.
+failed.ds.nsec.ent=NSEC for empty non-terminal did not verify.
+insecure.ds.nsec.ent=NSEC for empty non-terminal proved no DS.
+failed.ds.nonconclusive=NSEC proof did not conclusively point to DS or no DS.
+failed.ds.nsec3=NSEC3s for the referral did not prove no DS.
+unknown.ds.nsec3=no DS but also no proof of that
+insecure.ds.nsec3=NSEC3s for the referral proved no DS.
+failed.ds.unknown=Ran out of validation options, thus bogus.
+failed.ds.notype=Encountered an unhandled type ({0}) of DS response, thus bogus.
+failed.ds.nodigest=No supported digest ID for DS for {0}.
+failed.ds.no_usable_digest=No usable digest ID for DS for {0}.
+validate.insecure_unsigned=Unsigned response was proved to be validly INSECURE
+validate.bogus=Could not establish validation of INSECURE status of unsigned response. Reason: {0}
+validate.bogus.badkey=Could not establish a chain of trust to keys for [{0}]. Reason: {1}
+validate.bogus.missingsig=Could not validate RRset due to missing signature.
+validate.bogus.missingsig_named=Could not validate RRset {0}/{1} due to missing signature.
+validate.bogus.rrsigtoomany=Could not validate RRset {0}/{1}, too many signatures.
+validate.insecure=Verified that response is INSECURE
+validate.insecure.noalg={0} has no known algorithms
+validate.response.unknown=Response subtype is {0} and thus cannot be validated.
+insecure.ds.noalgorithms=No supported algorithms in DS RRset for {0}, treating as insecure.
+failed.dname.wildcard=Illegal DNAME ({0} is from a wildcard expansion).
+failed.wildcard.label_count_mismatch=Label count mismatch on RRSIGs for {0}
diff --git a/src/test/java/org/xbill/DNS/A6RecordTest.java b/src/test/java/org/xbill/DNS/A6RecordTest.java
index 2f14a42cc..3065b9bd1 100644
--- a/src/test/java/org/xbill/DNS/A6RecordTest.java
+++ b/src/test/java/org/xbill/DNS/A6RecordTest.java
@@ -80,7 +80,7 @@ void ctor_0arg() {
   }
 
   @Test
-  void ctor_6arg() {
+  void ctor_6arg() throws UnknownHostException {
     A6Record ar = new A6Record(m_an, DClass.IN, m_ttl, m_prefix_bits, m_addr, null);
     assertEquals(m_an, ar.getName());
     assertEquals(Type.A6, ar.getType());
@@ -116,11 +116,10 @@ void ctor_6arg() {
         () -> new A6Record(m_rn, DClass.IN, m_ttl, 0x100, m_addr, null));
 
     // an IPv4 address
+    InetAddress address = InetAddress.getByName("192.168.0.1");
     assertThrows(
         IllegalArgumentException.class,
-        () ->
-            new A6Record(
-                m_an, DClass.IN, m_ttl, m_prefix_bits, InetAddress.getByName("192.168.0.1"), null));
+        () -> new A6Record(m_an, DClass.IN, m_ttl, m_prefix_bits, address, null));
   }
 
   @Test
diff --git a/src/test/java/org/xbill/DNS/AAAARecordTest.java b/src/test/java/org/xbill/DNS/AAAARecordTest.java
index f77f339e9..5b87cd60b 100644
--- a/src/test/java/org/xbill/DNS/AAAARecordTest.java
+++ b/src/test/java/org/xbill/DNS/AAAARecordTest.java
@@ -45,6 +45,8 @@
 import java.net.UnknownHostException;
 import org.junit.jupiter.api.BeforeEach;
 import org.junit.jupiter.api.Test;
+import org.junit.jupiter.params.ParameterizedTest;
+import org.junit.jupiter.params.provider.ValueSource;
 
 class AAAARecordTest {
   private Name m_an;
@@ -87,6 +89,14 @@ void ctor_4arg() {
     assertThrows(RelativeNameException.class, () -> new AAAARecord(m_rn, DClass.IN, m_ttl, m_addr));
   }
 
+  @ParameterizedTest
+  @ValueSource(ints = {0, 1, 2, 3, 4, 5, 17})
+  void ctor_4arg_bytes_invalidLength(int len) {
+    assertThrows(
+        IllegalArgumentException.class,
+        () -> new AAAARecord(m_an, DClass.IN, m_ttl, new byte[len]));
+  }
+
   @Test
   void ctor_v4() throws UnknownHostException {
     AAAARecord ar = new AAAARecord(m_an, DClass.IN, m_ttl, InetAddress.getByName("192.168.1.1"));
diff --git a/src/test/java/org/xbill/DNS/APLRecordTest.java b/src/test/java/org/xbill/DNS/APLRecordTest.java
index f6809891a..222c2af80 100644
--- a/src/test/java/org/xbill/DNS/APLRecordTest.java
+++ b/src/test/java/org/xbill/DNS/APLRecordTest.java
@@ -366,7 +366,7 @@ void validIPv4() throws IOException {
       assertEquals(exp, ar.getElements());
 
       // make sure extra token is put back
-      assertEquals(Tokenizer.EOL, t.get().type);
+      assertEquals(Tokenizer.EOL, t.get().type());
     }
 
     @Test
@@ -394,7 +394,7 @@ void validIPv6() throws IOException {
       assertEquals(exp, ar.getElements());
 
       // make sure extra token is put back
-      assertEquals(Tokenizer.EOL, t.get().type);
+      assertEquals(Tokenizer.EOL, t.get().type());
     }
 
     @Test
diff --git a/src/test/java/org/xbill/DNS/ARecordTest.java b/src/test/java/org/xbill/DNS/ARecordTest.java
index b330a7b64..452be1c94 100644
--- a/src/test/java/org/xbill/DNS/ARecordTest.java
+++ b/src/test/java/org/xbill/DNS/ARecordTest.java
@@ -40,11 +40,17 @@
 import static org.junit.jupiter.api.Assertions.assertNull;
 import static org.junit.jupiter.api.Assertions.assertThrows;
 
+import java.io.ByteArrayInputStream;
+import java.io.ByteArrayOutputStream;
 import java.io.IOException;
+import java.io.ObjectInputStream;
+import java.io.ObjectOutputStream;
 import java.net.InetAddress;
 import java.net.UnknownHostException;
 import org.junit.jupiter.api.BeforeEach;
 import org.junit.jupiter.api.Test;
+import org.junit.jupiter.params.ParameterizedTest;
+import org.junit.jupiter.params.provider.ValueSource;
 
 class ARecordTest {
   private Name m_an;
@@ -75,7 +81,7 @@ void ctor_0arg() throws UnknownHostException {
   }
 
   @Test
-  void ctor_4arg() {
+  void ctor_4arg() throws UnknownHostException {
     ARecord ar = new ARecord(m_an, DClass.IN, m_ttl, m_addr);
     assertEquals(m_an, ar.getName());
     assertEquals(Type.A, ar.getType());
@@ -87,14 +93,29 @@ void ctor_4arg() {
     assertThrows(RelativeNameException.class, () -> new ARecord(m_rn, DClass.IN, m_ttl, m_addr));
 
     // an IPv6 address
+    InetAddress address = InetAddress.getByName("2001:0db8:85a3:08d3:1319:8a2e:0370:7334");
     assertThrows(
-        IllegalArgumentException.class,
-        () ->
-            new ARecord(
-                m_an,
-                DClass.IN,
-                m_ttl,
-                InetAddress.getByName("2001:0db8:85a3:08d3:1319:8a2e:0370:7334")));
+        IllegalArgumentException.class, () -> new ARecord(m_an, DClass.IN, m_ttl, address));
+  }
+
+  @ParameterizedTest
+  @ValueSource(ints = {0, 1, 2, 3, 5, 16})
+  void ctor_4arg_bytes_invalidLength(int len) {
+    assertThrows(
+        IllegalArgumentException.class, () -> new ARecord(m_an, DClass.IN, m_ttl, new byte[len]));
+  }
+
+  @Test
+  void ctor_4arg_bytes() {
+    ARecord ar = new ARecord(m_an, DClass.IN, m_ttl, m_addr_bytes);
+    assertEquals(m_an, ar.getName());
+    assertEquals(Type.A, ar.getType());
+    assertEquals(DClass.IN, ar.getDClass());
+    assertEquals(m_ttl, ar.getTTL());
+    assertEquals(m_addr, ar.getAddress());
+
+    // a relative name
+    assertThrows(RelativeNameException.class, () -> new ARecord(m_rn, DClass.IN, m_ttl, m_addr));
   }
 
   @Test
@@ -140,4 +161,19 @@ void rrToWire() {
     ar.rrToWire(dout, null, false);
     assertArrayEquals(m_addr_bytes, dout.toByteArray());
   }
+
+  @Test
+  void testSerializable() throws IOException, ClassNotFoundException {
+    try (ByteArrayOutputStream bos = new ByteArrayOutputStream()) {
+      try (ObjectOutputStream oos = new ObjectOutputStream(bos)) {
+        ARecord expected = new ARecord(Name.root, DClass.IN, 60, m_addr);
+        oos.writeObject(expected);
+        try (ObjectInputStream ois =
+            new ObjectInputStream(new ByteArrayInputStream(bos.toByteArray()))) {
+          Record actual = (Record) ois.readObject();
+          assertEquals(expected, actual);
+        }
+      }
+    }
+  }
 }
diff --git a/src/test/java/org/xbill/DNS/CAARecordTest.java b/src/test/java/org/xbill/DNS/CAARecordTest.java
index 099f16828..0af2718d6 100644
--- a/src/test/java/org/xbill/DNS/CAARecordTest.java
+++ b/src/test/java/org/xbill/DNS/CAARecordTest.java
@@ -13,10 +13,10 @@ class CAARecordTest {
 
   @Test
   void ctor_6arg() {
-    CAARecord record = new CAARecord(n, DClass.IN, 0, CAARecord.Flags.IssuerCritical, "", "");
-    assertEquals(CAARecord.Flags.IssuerCritical, record.getFlags());
-    assertEquals("", record.getTag());
-    assertEquals("", record.getValue());
+    CAARecord caa = new CAARecord(n, DClass.IN, 0, CAARecord.Flags.IssuerCritical, "", "");
+    assertEquals(CAARecord.Flags.IssuerCritical, caa.getFlags());
+    assertEquals("", caa.getTag());
+    assertEquals("", caa.getValue());
 
     String data = new String(new char[256]);
     IllegalArgumentException thrown =
@@ -29,9 +29,9 @@ void ctor_6arg() {
   @Test
   void rdataFromString() throws IOException {
     Tokenizer t = new Tokenizer(CAARecord.Flags.IssuerCritical + " issue entrust.net");
-    CAARecord record = new CAARecord();
-    record.rdataFromString(t, null);
-    assertEquals("issue", record.getTag());
-    assertEquals("entrust.net", record.getValue());
+    CAARecord caa = new CAARecord();
+    caa.rdataFromString(t, null);
+    assertEquals("issue", caa.getTag());
+    assertEquals("entrust.net", caa.getValue());
   }
 }
diff --git a/src/test/java/org/xbill/DNS/CERTRecordTest.java b/src/test/java/org/xbill/DNS/CERTRecordTest.java
index 3efaa3fc3..289dd200d 100644
--- a/src/test/java/org/xbill/DNS/CERTRecordTest.java
+++ b/src/test/java/org/xbill/DNS/CERTRecordTest.java
@@ -13,10 +13,10 @@ class CERTRecordTest {
   @Test
   void rdataFromString() throws IOException {
     Tokenizer t = new Tokenizer("PGP 0 0 CAFEBABE");
-    CERTRecord record = new CERTRecord();
-    record.rdataFromString(t, null);
-    assertEquals(0, record.getAlgorithm());
-    assertEquals(0, record.getKeyTag());
-    assertArrayEquals(base64.fromString("CAFEBABE"), record.getCert());
+    CERTRecord cert = new CERTRecord();
+    cert.rdataFromString(t, null);
+    assertEquals(0, cert.getAlgorithm());
+    assertEquals(0, cert.getKeyTag());
+    assertArrayEquals(base64.fromString("CAFEBABE"), cert.getCert());
   }
 }
diff --git a/src/test/java/org/xbill/DNS/DLVRecordTest.java b/src/test/java/org/xbill/DNS/DLVRecordTest.java
index 7c5a160a0..6fa6b0e44 100644
--- a/src/test/java/org/xbill/DNS/DLVRecordTest.java
+++ b/src/test/java/org/xbill/DNS/DLVRecordTest.java
@@ -13,30 +13,30 @@ class DLVRecordTest {
 
   @Test
   void ctor_0arg() {
-    DLVRecord record = new DLVRecord();
-    assertEquals(0, record.getFootprint());
-    assertEquals(0, record.getAlgorithm());
-    assertEquals(0, record.getDigestID());
-    assertNull(record.getDigest());
+    DLVRecord dlv = new DLVRecord();
+    assertEquals(0, dlv.getFootprint());
+    assertEquals(0, dlv.getAlgorithm());
+    assertEquals(0, dlv.getDigestID());
+    assertNull(dlv.getDigest());
   }
 
   @Test
   void ctor_7arg() {
-    DLVRecord record = new DLVRecord(n, DClass.IN, 0, 1, 2, 3, "".getBytes());
-    assertEquals(1, record.getFootprint());
-    assertEquals(2, record.getAlgorithm());
-    assertEquals(3, record.getDigestID());
-    assertEquals(0, record.getDigest().length);
+    DLVRecord dlv = new DLVRecord(n, DClass.IN, 0, 1, 2, 3, "".getBytes());
+    assertEquals(1, dlv.getFootprint());
+    assertEquals(2, dlv.getAlgorithm());
+    assertEquals(3, dlv.getDigestID());
+    assertEquals(0, dlv.getDigest().length);
   }
 
   @Test
   void rdataFromString() throws IOException {
     Tokenizer t = new Tokenizer("60485 5 1 CAFEBABE");
-    DLVRecord record = new DLVRecord();
-    record.rdataFromString(t, null);
-    assertEquals(60485, record.getFootprint());
-    assertEquals(5, record.getAlgorithm());
-    assertEquals(1, record.getDigestID());
-    assertEquals(4, record.getDigest().length);
+    DLVRecord dlv = new DLVRecord();
+    dlv.rdataFromString(t, null);
+    assertEquals(60485, dlv.getFootprint());
+    assertEquals(5, dlv.getAlgorithm());
+    assertEquals(1, dlv.getDigestID());
+    assertEquals(4, dlv.getDigest().length);
   }
 }
diff --git a/src/test/java/org/xbill/DNS/DNSInputTest.java b/src/test/java/org/xbill/DNS/DNSInputTest.java
index 117e4fa22..2d623620c 100644
--- a/src/test/java/org/xbill/DNS/DNSInputTest.java
+++ b/src/test/java/org/xbill/DNS/DNSInputTest.java
@@ -39,17 +39,19 @@
 import static org.junit.jupiter.api.Assertions.assertEquals;
 import static org.junit.jupiter.api.Assertions.assertThrows;
 
+import java.io.ByteArrayOutputStream;
+import java.io.IOException;
 import java.nio.ByteBuffer;
 import org.junit.jupiter.api.BeforeEach;
 import org.junit.jupiter.api.Test;
 import org.junit.jupiter.params.ParameterizedTest;
 import org.junit.jupiter.params.provider.ValueSource;
 
-abstract class DNSInputBase {
+abstract class DNSInputTest {
   protected byte[] m_raw;
   protected DNSInput m_di;
 
-  static class DNSInputArrayTest extends DNSInputBase {
+  static class DNSInputArrayTest extends DNSInputTest {
     @BeforeEach
     void setUp() {
       m_raw = new byte[] {0, 1, 2, 3, 4, 5, (byte) 255, (byte) 255, (byte) 255, (byte) 255};
@@ -57,7 +59,7 @@ void setUp() {
     }
   }
 
-  static class DNSInputByteBufferTest extends DNSInputBase {
+  static class DNSInputByteBufferTest extends DNSInputTest {
     @BeforeEach
     void setUp() {
       m_raw = new byte[] {0, 1, 2, 3, 4, 5, (byte) 255, (byte) 255, (byte) 255, (byte) 255};
@@ -70,7 +72,7 @@ void setUp() {
     }
   }
 
-  static class DNSInputByteBufferLimitTest extends DNSInputBase {
+  static class DNSInputByteBufferLimitTest extends DNSInputTest {
     @BeforeEach
     void setUp() {
       m_raw = new byte[] {0, 1, 2, 3, 4, 5, (byte) 255, (byte) 255, (byte) 255, (byte) 255};
@@ -84,6 +86,19 @@ void setUp() {
     }
   }
 
+  static class DNSInputByteBufferLimitOffsetTest extends DNSInputTest {
+    @BeforeEach
+    void setUp() throws IOException {
+      m_raw = new byte[] {0, 1, 2, 3, 4, 5, (byte) 255, (byte) 255, (byte) 255, (byte) 255};
+      // create a new byte array with a prefix and a suffix to be ignored
+      ByteArrayOutputStream out = new ByteArrayOutputStream();
+      out.write(42);
+      out.write(m_raw);
+      out.write(47);
+      m_di = new DNSInput(ByteBuffer.wrap(out.toByteArray(), 1, 10));
+    }
+  }
+
   @Test
   void initial_state() {
     assertEquals(0, m_di.current());
@@ -319,4 +334,28 @@ void readCountedSting() throws WireParseException {
     assertEquals(3, m_di.current());
     assertEquals(2, out[0]);
   }
+
+  @Test
+  void setActive_recursive() throws WireParseException {
+    int outer = m_di.saveActive();
+    m_di.setActive(3);
+
+    assertEquals(0x00, m_di.readU8());
+    assertEquals(2, m_di.remaining());
+
+    int inner = m_di.saveActive();
+
+    m_di.setActive(1);
+    assertArrayEquals(new byte[] {0x01}, m_di.readByteArray());
+
+    m_di.restoreActive(inner);
+
+    assertArrayEquals(new byte[] {0x02}, m_di.readByteArray());
+    assertEquals(0, m_di.remaining());
+
+    m_di.restoreActive(outer);
+
+    assertEquals(0x03, m_di.readU8());
+    assertEquals(6, m_di.remaining());
+  }
 }
diff --git a/src/test/java/org/xbill/DNS/DNSKEYRecordTest.java b/src/test/java/org/xbill/DNS/DNSKEYRecordTest.java
index b7d3a989f..40d26b371 100644
--- a/src/test/java/org/xbill/DNS/DNSKEYRecordTest.java
+++ b/src/test/java/org/xbill/DNS/DNSKEYRecordTest.java
@@ -61,7 +61,6 @@ void ctor_0arg() {
   @Test
   void ctor_7arg() throws TextParseException {
     Name n = Name.fromString("My.Absolute.Name.");
-    Name r = Name.fromString("My.Relative.Name");
     byte[] key = new byte[] {0, 1, 3, 5, 7, 9};
 
     DNSKEYRecord kr = new DNSKEYRecord(n, DClass.IN, 0x24AC, 0x9832, 0x12, 0x67, key);
@@ -73,8 +72,13 @@ void ctor_7arg() throws TextParseException {
     assertEquals(0x12, kr.getProtocol());
     assertEquals(0x67, kr.getAlgorithm());
     assertArrayEquals(key, kr.getKey());
+  }
+
+  @Test
+  void ctor_7arg_relativeName() throws TextParseException {
+    Name r = Name.fromString("My.Relative.Name");
+    byte[] key = new byte[] {0, 1, 3, 5, 7, 9};
 
-    // a relative name
     assertThrows(
         RelativeNameException.class,
         () -> new DNSKEYRecord(r, DClass.IN, 0x24AC, 0x9832, 0x12, 0x67, key));
@@ -91,12 +95,36 @@ void rdataFromString() throws IOException {
     assertEquals(DNSSEC.Algorithm.RSASHA1, kr.getAlgorithm());
     assertArrayEquals(new byte[] {1, 2, 3, 4, 5, 6, 7, 8, 9}, kr.getKey());
     assertEquals(17895, kr.getFootprint());
+  }
 
-    // invalid algorithm
+  @Test
+  void rdataFromStringUnknownAlgorithm() {
+    // Algorithm name 'ZONE' is invalid
     assertThrows(
         TextParseException.class,
         () ->
             new DNSKEYRecord()
                 .rdataFromString(new Tokenizer(0x1212 + " " + 0xAA + " ZONE AQIDBAUGBwgJ"), null));
   }
+
+  @Test
+  void rdataFromStringIntAlg() throws IOException {
+    DNSKEYRecord kr = new DNSKEYRecord();
+    Tokenizer st = new Tokenizer(0xABCD + " " + 0x81 + " 5 AQIDBAUGBwgJ");
+    kr.rdataFromString(st, null);
+    assertEquals(0xABCD, kr.getFlags());
+    assertEquals(0x81, kr.getProtocol());
+    assertEquals(DNSSEC.Algorithm.RSASHA1, kr.getAlgorithm());
+    assertArrayEquals(new byte[] {1, 2, 3, 4, 5, 6, 7, 8, 9}, kr.getKey());
+    assertEquals(17895, kr.getFootprint());
+  }
+
+  @Test
+  void rdataFromStringBadIntAlg() {
+    // Algorithm number 257 is outside the allowed range
+    DNSKEYRecord kr = new DNSKEYRecord();
+    assertThrows(
+        TextParseException.class,
+        () -> kr.rdataFromString(new Tokenizer(0xABCD + " " + 0x81 + " 257 AQIDBAUGBwgJ"), null));
+  }
 }
diff --git a/src/test/java/org/xbill/DNS/DSRecordTest.java b/src/test/java/org/xbill/DNS/DSRecordTest.java
index 0e0e139e4..e9407ee25 100644
--- a/src/test/java/org/xbill/DNS/DSRecordTest.java
+++ b/src/test/java/org/xbill/DNS/DSRecordTest.java
@@ -43,6 +43,10 @@
 import java.io.IOException;
 import org.junit.jupiter.api.BeforeEach;
 import org.junit.jupiter.api.Test;
+import org.junit.jupiter.params.ParameterizedTest;
+import org.junit.jupiter.params.provider.CsvSource;
+import org.xbill.DNS.DNSSEC.Algorithm;
+import org.xbill.DNS.utils.base16;
 
 class DSRecordTest {
   @Test
@@ -172,32 +176,71 @@ void rrFromWire() throws IOException {
 
   @Test
   void rdataFromString() throws IOException {
-    byte[] raw =
-        new byte[] {
-          (byte) 0xAB,
-          (byte) 0xCD,
-          (byte) 0xEF,
-          (byte) 0x01,
-          (byte) 0x23,
-          (byte) 0x45,
-          (byte) 0x67,
-          (byte) 0x89
-        };
-    Tokenizer t = new Tokenizer(0xABCD + " " + 0xEF + " " + 0x01 + " 23456789AB");
+    Tokenizer t = new Tokenizer(0xABCD + " " + 0xEF + " " + 0xFF + " 23456789AB");
 
     DSRecord dr = new DSRecord();
     dr.rdataFromString(t, null);
     assertEquals(0xABCD, dr.getFootprint());
     assertEquals(0xEF, dr.getAlgorithm());
-    assertEquals(0x01, dr.getDigestID());
+    assertEquals(0xFF, dr.getDigestID());
     assertArrayEquals(
         new byte[] {(byte) 0x23, (byte) 0x45, (byte) 0x67, (byte) 0x89, (byte) 0xAB},
         dr.getDigest());
   }
 
+  @Test
+  void rdataFromStringMissingDigest() {
+    Tokenizer t = new Tokenizer(0xABCD + " " + 0xEF + " " + 0x01);
+    assertThrows(TextParseException.class, () -> new DSRecord().rdataFromString(t, null));
+  }
+
+  @Test
+  void rdataFromStringInvalidDigestData() {
+    Tokenizer t = new Tokenizer(0xABCD + " " + 0xEF + " " + 0x01 + " $^");
+    assertThrows(TextParseException.class, () -> new DSRecord().rdataFromString(t, null));
+  }
+
+  @ParameterizedTest(name = "digest {0}")
+  @CsvSource({
+    "1,01020304050607080900 01020304050607080900",
+    "2,0102030405060708 0102030405060708 0102030405060708 0102030405060708",
+    "3,0102030405060708 0102030405060708 0102030405060708 0102030405060708",
+    "4,0102030405060708 0102030405060708 0102030405060708 0102030405060708 0102030405060708 0102030405060708",
+    "255,0102"
+  })
+  void rdataFromString_validDigestLengths(int digestId, String data) throws IOException {
+    Tokenizer t = new Tokenizer(0xABCD + " " + 0xEF + " " + digestId + " " + data);
+    DSRecord r = new DSRecord();
+    r.rdataFromString(t, null);
+    assertEquals(base16.fromString(data).length, r.getDigest().length);
+  }
+
+  @ParameterizedTest(name = "digest {0}")
+  @CsvSource({
+    "1,01", "2,01", "3,01", "4,01",
+  })
+  void rdataFromString_invalidDigestLengths(int digestId, String data) {
+    Tokenizer t = new Tokenizer(0xABCD + " " + 0xEF + " " + digestId + " " + data);
+    assertThrows(TextParseException.class, () -> new DSRecord().rdataFromString(t, null));
+    assertThrows(
+        IllegalArgumentException.class,
+        () ->
+            new DSRecord(
+                Name.root,
+                DClass.IN,
+                3600,
+                1,
+                Algorithm.RSASHA1,
+                digestId,
+                base16.fromString(data)));
+    assertThrows(
+        TextParseException.class,
+        () -> Record.fromString(Name.root, Type.DS, DClass.IN, 3600, t, null));
+  }
+
   @Test
   void rrToString() throws TextParseException {
-    String exp = 0xABCD + " " + 0xEF + " " + 0x01 + " 23456789AB";
+    String exp = 0xABCD + " " + 0xEF + " " + 0xFF + " 23456789AB";
 
     DSRecord dr =
         new DSRecord(
@@ -206,7 +249,7 @@ void rrToString() throws TextParseException {
             0x123,
             0xABCD,
             0xEF,
-            0x01,
+            0xFF,
             new byte[] {(byte) 0x23, (byte) 0x45, (byte) 0x67, (byte) 0x89, (byte) 0xAB});
     assertEquals(exp, dr.rrToString());
   }
@@ -220,7 +263,7 @@ void rrToWire() throws TextParseException {
             0x123,
             0xABCD,
             0xEF,
-            0x01,
+            0xFF,
             new byte[] {(byte) 0x23, (byte) 0x45, (byte) 0x67, (byte) 0x89, (byte) 0xAB});
 
     byte[] exp =
@@ -228,7 +271,7 @@ void rrToWire() throws TextParseException {
           (byte) 0xAB,
           (byte) 0xCD,
           (byte) 0xEF,
-          (byte) 0x01,
+          (byte) 0xFF,
           (byte) 0x23,
           (byte) 0x45,
           (byte) 0x67,
diff --git a/src/test/java/org/xbill/DNS/DohResolverTest.java b/src/test/java/org/xbill/DNS/DohResolverTest.java
index c3931d639..6d1500d66 100644
--- a/src/test/java/org/xbill/DNS/DohResolverTest.java
+++ b/src/test/java/org/xbill/DNS/DohResolverTest.java
@@ -3,6 +3,8 @@
 
 import static org.junit.jupiter.api.Assertions.assertEquals;
 import static org.junit.jupiter.api.Assertions.assertTrue;
+import static org.mockito.Mockito.doAnswer;
+import static org.mockito.Mockito.spy;
 
 import io.netty.handler.codec.http.HttpHeaderNames;
 import io.vertx.core.Future;
@@ -20,17 +22,24 @@
 import java.time.Duration;
 import java.util.Base64;
 import java.util.Collections;
+import java.util.concurrent.CompletionStage;
+import java.util.concurrent.TimeUnit;
 import java.util.concurrent.TimeoutException;
+import java.util.concurrent.atomic.AtomicBoolean;
 import java.util.concurrent.atomic.AtomicInteger;
+import java.util.concurrent.atomic.AtomicLong;
+import lombok.extern.slf4j.Slf4j;
 import org.junit.jupiter.api.BeforeEach;
-import org.junit.jupiter.api.Test;
+import org.junit.jupiter.api.condition.EnabledForJreRange;
+import org.junit.jupiter.api.condition.JRE;
 import org.junit.jupiter.api.extension.ExtendWith;
 import org.junit.jupiter.params.ParameterizedTest;
 import org.junit.jupiter.params.provider.ValueSource;
+import org.mockito.stubbing.Answer;
 
 @ExtendWith(VertxExtension.class)
+@Slf4j
 class DohResolverTest {
-  private DohResolver resolver;
   private final Name queryName = Name.fromConstantString("example.com.");
   private final Record qr = Record.newRecord(queryName, Type.A, DClass.IN);
   private final Message qm = Message.newQuery(qr);
@@ -39,7 +48,6 @@ class DohResolverTest {
 
   @BeforeEach
   void beforeEach() throws UnknownHostException {
-    resolver = new DohResolver("http://localhost");
     Record ar =
         new ARecord(
             Name.fromConstantString("example.com."),
@@ -50,11 +58,16 @@ void beforeEach() throws UnknownHostException {
     a.addRecord(ar, Section.ANSWER);
   }
 
+  private DohResolver getResolver() {
+    return new DohResolver("http://localhost");
+  }
+
   @ParameterizedTest
   @ValueSource(booleans = {false, true})
   void simpleResolve(boolean usePost, Vertx vertx, VertxTestContext context) {
+    DohResolver resolver = getResolver();
     resolver.setUsePost(usePost);
-    setupResolverWithServer(Duration.ZERO, 200, 1, vertx, context)
+    setupResolverWithServer(resolver, Duration.ZERO, 200, 1, vertx, context)
         .onSuccess(
             server ->
                 Future.fromCompletionStage(resolver.sendAsync(qm))
@@ -70,10 +83,13 @@ void simpleResolve(boolean usePost, Vertx vertx, VertxTestContext context) {
                                     }))));
   }
 
-  @Test
-  void timeoutResolve(Vertx vertx, VertxTestContext context) {
+  @ParameterizedTest
+  @ValueSource(booleans = {false, true})
+  void timeoutResolve(boolean usePost, Vertx vertx, VertxTestContext context) {
+    DohResolver resolver = getResolver();
     resolver.setTimeout(Duration.ofSeconds(1));
-    setupResolverWithServer(Duration.ofSeconds(5), 200, 1, vertx, context)
+    resolver.setUsePost(usePost);
+    setupResolverWithServer(resolver, Duration.ofSeconds(5), 200, 1, vertx, context)
         .onSuccess(
             server ->
                 Future.fromCompletionStage(resolver.sendAsync(qm))
@@ -89,9 +105,12 @@ void timeoutResolve(Vertx vertx, VertxTestContext context) {
                                     }))));
   }
 
-  @Test
-  void servfailResolve(Vertx vertx, VertxTestContext context) {
-    setupResolverWithServer(Duration.ZERO, 301, 1, vertx, context)
+  @ParameterizedTest
+  @ValueSource(booleans = {false, true})
+  void servfailResolve(boolean usePost, Vertx vertx, VertxTestContext context) {
+    DohResolver resolver = getResolver();
+    resolver.setUsePost(usePost);
+    setupResolverWithServer(resolver, Duration.ZERO, 301, 1, vertx, context)
         .onSuccess(
             server ->
                 Future.fromCompletionStage(resolver.sendAsync(qm))
@@ -105,12 +124,14 @@ void servfailResolve(Vertx vertx, VertxTestContext context) {
                                     }))));
   }
 
-  @Test
-  void limitRequestsResolve(Vertx vertx, VertxTestContext context) {
-    resolver = new DohResolver("http://localhost", 5, Duration.ofMinutes(2));
+  @ParameterizedTest
+  @ValueSource(booleans = {false, true})
+  void limitRequestsResolve(boolean usePost, Vertx vertx, VertxTestContext context) {
+    DohResolver resolver = new DohResolver("http://localhost", 5, Duration.ofMinutes(2));
+    resolver.setUsePost(usePost);
     int requests = 100;
     Checkpoint cpPass = context.checkpoint(requests);
-    setupResolverWithServer(Duration.ofMillis(100), 200, 5, vertx, context)
+    setupResolverWithServer(resolver, Duration.ofMillis(100), 200, 5, vertx, context)
         .onSuccess(
             server -> {
               for (int i = 0; i < requests; i++) {
@@ -128,13 +149,15 @@ void limitRequestsResolve(Vertx vertx, VertxTestContext context) {
             });
   }
 
-  @Test
-  void initialRequestSlowResolve(Vertx vertx, VertxTestContext context) {
-    resolver = new DohResolver("http://localhost", 2, Duration.ofMinutes(2));
+  @ParameterizedTest
+  @ValueSource(booleans = {false, true})
+  void initialRequestSlowResolve(boolean usePost, Vertx vertx, VertxTestContext context) {
+    DohResolver resolver = new DohResolver("http://localhost", 2, Duration.ofMinutes(2));
+    resolver.setUsePost(usePost);
     int requests = 20;
     allRequestsUseTimeout = false;
     Checkpoint cpPass = context.checkpoint(requests);
-    setupResolverWithServer(Duration.ofSeconds(1), 200, 2, vertx, context)
+    setupResolverWithServer(resolver, Duration.ofSeconds(1), 200, 2, vertx, context)
         .onSuccess(
             server -> {
               for (int i = 0; i < requests; i++) {
@@ -152,19 +175,23 @@ void initialRequestSlowResolve(Vertx vertx, VertxTestContext context) {
             });
   }
 
-  @Test
-  void initialRequestTimeoutResolve(Vertx vertx, VertxTestContext context) {
-    resolver = new DohResolver("http://localhost", 2, Duration.ofMinutes(2));
+  @ParameterizedTest
+  @ValueSource(booleans = {false, true})
+  void initialRequestTimeoutResolve(boolean usePost, Vertx vertx, VertxTestContext context) {
+    DohResolver resolver = new DohResolver("http://localhost", 2, Duration.ofMinutes(2));
+    resolver.setUsePost(usePost);
     resolver.setTimeout(Duration.ofSeconds(1));
     int requests = 20;
     allRequestsUseTimeout = false;
     Checkpoint cpPass = context.checkpoint(requests - 1);
     Checkpoint cpFail = context.checkpoint();
-    setupResolverWithServer(Duration.ofSeconds(2), 200, 2, vertx, context)
+    setupResolverWithServer(resolver, Duration.ofSeconds(2), 200, 2, vertx, context)
         .onSuccess(
             server -> {
+              Message q = qm.clone();
+              q.getHeader().setID(0);
               resolver
-                  .sendAsync(qm)
+                  .sendAsync(q)
                   .whenComplete(
                       (result, ex) -> {
                         if (ex == null) {
@@ -176,9 +203,11 @@ void initialRequestTimeoutResolve(Vertx vertx, VertxTestContext context) {
               vertx.setTimer(
                   1000,
                   timer -> {
-                    for (int i = 0; i < requests - 1; i++) {
+                    for (int i = 1; i < requests; i++) {
+                      Message qq = qm.clone();
+                      qq.getHeader().setID(i);
                       resolver
-                          .sendAsync(qm)
+                          .sendAsync(qq)
                           .whenComplete(
                               (result, ex) -> {
                                 if (ex == null) {
@@ -193,6 +222,7 @@ void initialRequestTimeoutResolve(Vertx vertx, VertxTestContext context) {
   }
 
   private Future<HttpServer> setupResolverWithServer(
+      DohResolver resolver,
       Duration responseDelay,
       int statusCode,
       int maxConcurrentRequests,
@@ -202,6 +232,78 @@ private Future<HttpServer> setupResolverWithServer(
         .onSuccess(server -> resolver.setUriTemplate("http://localhost:" + server.actualPort()));
   }
 
+  @EnabledForJreRange(
+      min = JRE.JAVA_9,
+      disabledReason = "Java 8 implementation doesn't have the initial request guard")
+  @ParameterizedTest
+  @ValueSource(booleans = {false, true})
+  void initialRequestGuardIfIdleConnectionTimeIsLargerThanSystemNanoTime(
+      boolean usePost, Vertx vertx, VertxTestContext context) {
+    AtomicLong startNanos = new AtomicLong(System.nanoTime());
+    DohResolver resolver = spy(new DohResolver("http://localhost", 2, Duration.ofMinutes(2)));
+    resolver.setTimeout(Duration.ofSeconds(1));
+    resolver.setUsePost(usePost);
+    // Simulate a nanoTime value that is lower than the idle timeout
+    doAnswer((Answer<Long>) invocationOnMock -> System.nanoTime() - startNanos.get())
+        .when(resolver)
+        .getNanoTime();
+
+    // Just add a 100ms delay before responding to the 1st call
+    // to simulate a 'concurrent doh request' for the 2nd call,
+    // then let the fake dns server respond to the 2nd call ASAP.
+    allRequestsUseTimeout = false;
+
+    // idleConnectionTimeout = 2s, lastRequest = 0L
+    // Ensure idleConnectionTimeout < System.nanoTime() - lastRequest (3s)
+
+    // Timeline:
+    //         |<-------- 100ms -------->|
+    //         ↑                         ↑
+    //  1st call sent              response of 1st call
+    //         |20ms|<------ 80ms ------>|<------ few millis ------->|
+    //              ↑ wait until 1st call ↑                           ↑
+    //       2nd call begin         2nd call sent            response of 2nd call
+
+    AtomicBoolean firstCallCompleted = new AtomicBoolean(false);
+
+    setupResolverWithServer(resolver, Duration.ofMillis(100L), 200, 2, vertx, context)
+        .onSuccess(
+            server -> {
+              // First call
+              CompletionStage<Message> firstCall =
+                  resolver.sendAsync(qm).whenComplete((msg, ex) -> firstCallCompleted.set(true));
+
+              // Ensure second call was made after first call and uses a different query
+              startNanos.addAndGet(TimeUnit.MILLISECONDS.toNanos(20));
+              CompletionStage<Message> secondCall = resolver.sendAsync(Message.newQuery(qr));
+
+              Future.fromCompletionStage(firstCall)
+                  .onComplete(
+                      context.succeeding(
+                          result ->
+                              context.verify(
+                                  () -> {
+                                    assertEquals(Rcode.NOERROR, result.getHeader().getRcode());
+                                    assertEquals(0, result.getHeader().getID());
+                                    assertEquals(queryName, result.getQuestion().getName());
+                                  })));
+
+              Future.fromCompletionStage(secondCall)
+                  .onComplete(
+                      context.succeeding(
+                          result ->
+                              context.verify(
+                                  () -> {
+                                    assertTrue(firstCallCompleted.get());
+                                    assertEquals(Rcode.NOERROR, result.getHeader().getRcode());
+                                    assertEquals(0, result.getHeader().getID());
+                                    assertEquals(queryName, result.getQuestion().getName());
+                                    // Complete context after the 2nd call was completed.
+                                    context.completeNow();
+                                  })));
+            });
+  }
+
   private Future<HttpServer> setupServer(
       Message expectedDnsRequest,
       Message dnsResponse,
@@ -224,10 +326,12 @@ private Future<HttpServer> setupServer(
               int thisRequestNum = requestCount.incrementAndGet();
               int count = concurrentRequests.incrementAndGet();
               if (count > maxConcurrentRequests) {
-                context.failNow("Concurrent requests exceeded");
+                context.failNow(
+                    "Concurrent requests exceeded: " + count + " > " + maxConcurrentRequests);
                 return;
               }
 
+              httpRequest.endHandler(v -> concurrentRequests.decrementAndGet());
               httpRequest.bodyHandler(
                   body -> {
                     context.verify(
@@ -254,15 +358,12 @@ private Future<HttpServer> setupServer(
                         && (thisRequestNum == 1 || allRequestsUseTimeout)) {
                       vertx.setTimer(
                           serverProcessingTime.toMillis(),
-                          timer -> {
-                            concurrentRequests.decrementAndGet();
-                            httpRequest
-                                .response()
-                                .setStatusCode(statusCode)
-                                .end(Buffer.buffer(dnsResponseCopy.toWire()));
-                          });
+                          timer ->
+                              httpRequest
+                                  .response()
+                                  .setStatusCode(statusCode)
+                                  .end(Buffer.buffer(dnsResponseCopy.toWire())));
                     } else {
-                      concurrentRequests.decrementAndGet();
                       httpRequest
                           .response()
                           .setStatusCode(statusCode)
diff --git a/src/test/java/org/xbill/DNS/EDNS0MessageTests.java b/src/test/java/org/xbill/DNS/EDNS0MessageTests.java
index 20679fdf9..beb22a3ed 100644
--- a/src/test/java/org/xbill/DNS/EDNS0MessageTests.java
+++ b/src/test/java/org/xbill/DNS/EDNS0MessageTests.java
@@ -1,3 +1,4 @@
+// SPDX-License-Identifier: BSD-3-Clause
 package org.xbill.DNS;
 
 import static org.junit.jupiter.api.Assertions.assertArrayEquals;
diff --git a/src/test/java/org/xbill/DNS/ExtendedErrorCodeOptionTest.java b/src/test/java/org/xbill/DNS/ExtendedErrorCodeOptionTest.java
index d76a2ebd1..f5cc714d6 100644
--- a/src/test/java/org/xbill/DNS/ExtendedErrorCodeOptionTest.java
+++ b/src/test/java/org/xbill/DNS/ExtendedErrorCodeOptionTest.java
@@ -89,7 +89,7 @@ void testCodeAndTextNullTerminated() throws IOException {
   @Test
   void testToStringCodeOnly() {
     ExtendedErrorCodeOption option = new ExtendedErrorCodeOption(1);
-    assertEquals("Unsupported DNSKEY Algorithm", option.optionToString());
+    assertEquals("UNSUPPORTED_DNSKEY_ALGORITHM", option.optionToString());
   }
 
   @Test
@@ -101,6 +101,6 @@ void testToStringUnknownCode() {
   @Test
   void testToStringCodeAndText() {
     ExtendedErrorCodeOption option = new ExtendedErrorCodeOption(1, "ab");
-    assertEquals("Unsupported DNSKEY Algorithm: ab", option.optionToString());
+    assertEquals("UNSUPPORTED_DNSKEY_ALGORITHM: ab", option.optionToString());
   }
 }
diff --git a/src/test/java/org/xbill/DNS/FormattedTimeTest.java b/src/test/java/org/xbill/DNS/FormattedTimeTest.java
index 0d43940e4..53fc35958 100644
--- a/src/test/java/org/xbill/DNS/FormattedTimeTest.java
+++ b/src/test/java/org/xbill/DNS/FormattedTimeTest.java
@@ -70,7 +70,7 @@ void parse() throws DateTimeParseException {
     assertEquals(cal, cal2);
   }
 
-  @Test()
+  @Test
   void parseEpoch() throws DateTimeParseException {
     // have to make sure to clear out the milliseconds since there
     // is occasionally a difference between when cal and cal2 are
diff --git a/src/test/java/org/xbill/DNS/HTTPSRecordTest.java b/src/test/java/org/xbill/DNS/HTTPSRecordTest.java
index 87fa826cb..5acfe4a1b 100644
--- a/src/test/java/org/xbill/DNS/HTTPSRecordTest.java
+++ b/src/test/java/org/xbill/DNS/HTTPSRecordTest.java
@@ -73,24 +73,24 @@ void createRecord() throws IOException {
     HTTPSRecord.ParameterIpv4Hint ipv4 = new HTTPSRecord.ParameterIpv4Hint();
     ipv4.fromString("1.2.3.4,5.6.7.8");
     List<HTTPSRecord.ParameterBase> params = Arrays.asList(mandatory, ipv4, alpn);
-    HTTPSRecord record = new HTTPSRecord(label, DClass.IN, 300, svcPriority, svcDomain, params);
+    HTTPSRecord https = new HTTPSRecord(label, DClass.IN, 300, svcPriority, svcDomain, params);
 
-    assertEquals(Type.HTTPS, record.getType());
-    assertEquals(label, record.getName());
-    assertEquals(svcPriority, record.getSvcPriority());
-    assertEquals(svcDomain, record.getTargetName());
+    assertEquals(Type.HTTPS, https.getType());
+    assertEquals(label, https.getName());
+    assertEquals(svcPriority, https.getSvcPriority());
+    assertEquals(svcDomain, https.getTargetName());
     assertEquals(
         Arrays.asList(HTTPSRecord.MANDATORY, HTTPSRecord.ALPN, HTTPSRecord.IPV4HINT).toString(),
-        record.getSvcParamKeys().toString());
-    assertEquals("alpn", record.getSvcParamValue(HTTPSRecord.MANDATORY).toString());
-    assertEquals("h1,h2", record.getSvcParamValue(HTTPSRecord.ALPN).toString());
-    assertEquals("h1,h2", record.getSvcParamValue(HTTPSRecord.ALPN).toString());
-    assertNull(record.getSvcParamValue(1234));
+        https.getSvcParamKeys().toString());
+    assertEquals("alpn", https.getSvcParamValue(HTTPSRecord.MANDATORY).toString());
+    assertEquals("h1,h2", https.getSvcParamValue(HTTPSRecord.ALPN).toString());
+    assertEquals("h1,h2", https.getSvcParamValue(HTTPSRecord.ALPN).toString());
+    assertNull(https.getSvcParamValue(1234));
     Options.unset("BINDTTL");
     Options.unset("noPrintIN");
     assertEquals(
         "test.com.\t\t300\tIN\tHTTPS\t5 svc.test.com. mandatory=alpn alpn=h1,h2 ipv4hint=1.2.3.4,5.6.7.8",
-        record.toString());
+        https.toString());
   }
 
   @Test
diff --git a/src/test/java/org/xbill/DNS/HeaderTest.java b/src/test/java/org/xbill/DNS/HeaderTest.java
index 0f7435d80..81c989a76 100644
--- a/src/test/java/org/xbill/DNS/HeaderTest.java
+++ b/src/test/java/org/xbill/DNS/HeaderTest.java
@@ -35,6 +35,7 @@
 //
 package org.xbill.DNS;
 
+import static org.assertj.core.api.Assertions.assertThat;
 import static org.junit.jupiter.api.Assertions.assertEquals;
 import static org.junit.jupiter.api.Assertions.assertFalse;
 import static org.junit.jupiter.api.Assertions.assertNotSame;
@@ -232,7 +233,7 @@ void ID() {
 
     int id = m_h.getID();
     assertEquals(id, m_h.getID());
-    assertTrue(id >= 0 && id < 0xffff);
+    assertThat(id).isNotNegative().isLessThanOrEqualTo(0xffff);
 
     m_h.setID(0xDCBA);
     assertEquals(0xDCBA, m_h.getID());
diff --git a/src/test/java/org/xbill/DNS/IPSECKEYRecordTest.java b/src/test/java/org/xbill/DNS/IPSECKEYRecordTest.java
index cd70b68fc..688def1a2 100644
--- a/src/test/java/org/xbill/DNS/IPSECKEYRecordTest.java
+++ b/src/test/java/org/xbill/DNS/IPSECKEYRecordTest.java
@@ -2,8 +2,8 @@
 package org.xbill.DNS;
 
 import static org.junit.jupiter.api.Assertions.assertEquals;
+import static org.junit.jupiter.api.Assertions.assertInstanceOf;
 import static org.junit.jupiter.api.Assertions.assertNull;
-import static org.junit.jupiter.api.Assertions.assertTrue;
 
 import java.io.IOException;
 import java.net.InetAddress;
@@ -15,17 +15,17 @@ class IPSECKEYRecordTest {
 
   @Test
   void ctor_0arg() {
-    IPSECKEYRecord record = new IPSECKEYRecord();
-    assertEquals(0, record.getPrecedence());
-    assertEquals(0, record.getGatewayType());
-    assertEquals(0, record.getAlgorithmType());
-    assertNull(record.getGateway());
-    assertNull(record.getKey());
+    IPSECKEYRecord ipsecKey = new IPSECKEYRecord();
+    assertEquals(0, ipsecKey.getPrecedence());
+    assertEquals(0, ipsecKey.getGatewayType());
+    assertEquals(0, ipsecKey.getAlgorithmType());
+    assertNull(ipsecKey.getGateway());
+    assertNull(ipsecKey.getKey());
   }
 
   @Test
   void ctor_8arg() {
-    IPSECKEYRecord record =
+    IPSECKEYRecord ipsecKey =
         new IPSECKEYRecord(
             n,
             DClass.IN,
@@ -35,37 +35,37 @@ void ctor_8arg() {
             IPSECKEYRecord.Algorithm.DSA,
             n,
             "".getBytes());
-    assertEquals(1, record.getPrecedence());
-    assertEquals(IPSECKEYRecord.Gateway.Name, record.getGatewayType());
-    assertEquals(IPSECKEYRecord.Algorithm.DSA, record.getAlgorithmType());
-    assertEquals(n, record.getGateway());
-    assertEquals(0, record.getKey().length);
+    assertEquals(1, ipsecKey.getPrecedence());
+    assertEquals(IPSECKEYRecord.Gateway.Name, ipsecKey.getGatewayType());
+    assertEquals(IPSECKEYRecord.Algorithm.DSA, ipsecKey.getAlgorithmType());
+    assertEquals(n, ipsecKey.getGateway());
+    assertEquals(0, ipsecKey.getKey().length);
   }
 
   @Test
   void rdataFromString() throws IOException {
     Tokenizer t = new Tokenizer("10 0 2 . CAFEBABE");
-    IPSECKEYRecord record = new IPSECKEYRecord();
-    record.rdataFromString(t, null);
-    assertEquals(10, record.getPrecedence());
-    assertEquals(IPSECKEYRecord.Gateway.None, record.getGatewayType());
-    assertEquals(IPSECKEYRecord.Algorithm.RSA, record.getAlgorithmType());
-    assertNull(record.getGateway());
-    assertEquals(6, record.getKey().length);
-    record = new IPSECKEYRecord();
+    IPSECKEYRecord ipseckey = new IPSECKEYRecord();
+    ipseckey.rdataFromString(t, null);
+    assertEquals(10, ipseckey.getPrecedence());
+    assertEquals(IPSECKEYRecord.Gateway.None, ipseckey.getGatewayType());
+    assertEquals(IPSECKEYRecord.Algorithm.RSA, ipseckey.getAlgorithmType());
+    assertNull(ipseckey.getGateway());
+    assertEquals(6, ipseckey.getKey().length);
+    ipseckey = new IPSECKEYRecord();
     t = new Tokenizer("( 10 1 2 192.0.2.3 CAFEBABE )");
-    record.rdataFromString(t, null);
-    assertEquals(1, record.getGatewayType());
-    assertTrue(record.getGateway() instanceof InetAddress);
-    record = new IPSECKEYRecord();
+    ipseckey.rdataFromString(t, null);
+    assertEquals(1, ipseckey.getGatewayType());
+    assertInstanceOf(InetAddress.class, ipseckey.getGateway());
+    ipseckey = new IPSECKEYRecord();
     t = new Tokenizer("10 2 2 2001:0DB8:0:8002::2000:1 CAFEBABE");
-    record.rdataFromString(t, null);
-    assertEquals(2, record.getGatewayType());
-    assertTrue(record.getGateway() instanceof InetAddress);
-    record = new IPSECKEYRecord();
+    ipseckey.rdataFromString(t, null);
+    assertEquals(2, ipseckey.getGatewayType());
+    assertInstanceOf(InetAddress.class, ipseckey.getGateway());
+    ipseckey = new IPSECKEYRecord();
     t = new Tokenizer("10 3 2 mygateway.example.com. CAFEBABE");
-    record.rdataFromString(t, null);
-    assertEquals(3, record.getGatewayType());
-    assertEquals(Name.fromConstantString("mygateway.example.com."), record.getGateway());
+    ipseckey.rdataFromString(t, null);
+    assertEquals(3, ipseckey.getGatewayType());
+    assertEquals(Name.fromConstantString("mygateway.example.com."), ipseckey.getGateway());
   }
 }
diff --git a/src/test/java/org/xbill/DNS/ISDNRecordTest.java b/src/test/java/org/xbill/DNS/ISDNRecordTest.java
index f5c3e2131..ec28ccac3 100644
--- a/src/test/java/org/xbill/DNS/ISDNRecordTest.java
+++ b/src/test/java/org/xbill/DNS/ISDNRecordTest.java
@@ -12,17 +12,17 @@ class ISDNRecordTest {
 
   @Test
   void ctor_5arg() {
-    ISDNRecord record = new ISDNRecord(n, DClass.IN, 0, "foo", "bar");
-    assertEquals("foo", record.getAddress());
-    assertEquals("bar", record.getSubAddress());
+    ISDNRecord isdn = new ISDNRecord(n, DClass.IN, 0, "foo", "bar");
+    assertEquals("foo", isdn.getAddress());
+    assertEquals("bar", isdn.getSubAddress());
   }
 
   @Test
   void rdataFromString() throws IOException {
     Tokenizer t = new Tokenizer("150862028003217 004");
-    ISDNRecord record = new ISDNRecord();
-    record.rdataFromString(t, null);
-    assertEquals("150862028003217", record.getAddress());
-    assertEquals("004", record.getSubAddress());
+    ISDNRecord isdn = new ISDNRecord();
+    isdn.rdataFromString(t, null);
+    assertEquals("150862028003217", isdn.getAddress());
+    assertEquals("004", isdn.getSubAddress());
   }
 }
diff --git a/src/test/java/org/xbill/DNS/LOCRecordTest.java b/src/test/java/org/xbill/DNS/LOCRecordTest.java
index 6a1423c31..9ec9571f5 100644
--- a/src/test/java/org/xbill/DNS/LOCRecordTest.java
+++ b/src/test/java/org/xbill/DNS/LOCRecordTest.java
@@ -12,36 +12,36 @@ class LOCRecordTest {
 
   @Test
   void ctor_0arg() {
-    LOCRecord record = new LOCRecord();
-    assertEquals(0.0, record.getVPrecision());
-    assertEquals(0.0, record.getHPrecision());
-    assertEquals(-100000.0, record.getAltitude());
-    assertEquals(-596.52323, record.getLongitude(), 0.1);
-    assertEquals(-596.52323, record.getLatitude(), 0.1);
-    assertEquals(0.0, record.getSize());
+    LOCRecord loc = new LOCRecord();
+    assertEquals(0.0, loc.getVPrecision());
+    assertEquals(0.0, loc.getHPrecision());
+    assertEquals(-100000.0, loc.getAltitude());
+    assertEquals(-596.52323, loc.getLongitude(), 0.1);
+    assertEquals(-596.52323, loc.getLatitude(), 0.1);
+    assertEquals(0.0, loc.getSize());
   }
 
   @Test
   void ctor_9arg() {
-    LOCRecord record = new LOCRecord(n, DClass.IN, 0, 1.5, 2.5, 3.5, 4.5, 5.5, 6.5);
-    assertEquals(6.5, record.getVPrecision());
-    assertEquals(5.5, record.getHPrecision());
-    assertEquals(3.5, record.getAltitude());
-    assertEquals(2.5, record.getLongitude());
-    assertEquals(1.5, record.getLatitude());
-    assertEquals(4.5, record.getSize());
+    LOCRecord loc = new LOCRecord(n, DClass.IN, 0, 1.5, 2.5, 3.5, 4.5, 5.5, 6.5);
+    assertEquals(6.5, loc.getVPrecision());
+    assertEquals(5.5, loc.getHPrecision());
+    assertEquals(3.5, loc.getAltitude());
+    assertEquals(2.5, loc.getLongitude());
+    assertEquals(1.5, loc.getLatitude());
+    assertEquals(4.5, loc.getSize());
   }
 
   @Test
   void rdataFromString() throws IOException {
     Tokenizer t = new Tokenizer("52 22 23.000 N 4 53 32.000 E -2.00m 0.00m 10000m 10m");
-    LOCRecord record = new LOCRecord();
-    record.rdataFromString(t, null);
-    assertEquals(10.0, record.getVPrecision());
-    assertEquals(10000.0, record.getHPrecision());
-    assertEquals(-2.0, record.getAltitude());
-    assertEquals(4.892, record.getLongitude(), 0.1);
-    assertEquals(52.373, record.getLatitude(), 0.1);
-    assertEquals(0.0, record.getSize());
+    LOCRecord loc = new LOCRecord();
+    loc.rdataFromString(t, null);
+    assertEquals(10.0, loc.getVPrecision());
+    assertEquals(10000.0, loc.getHPrecision());
+    assertEquals(-2.0, loc.getAltitude());
+    assertEquals(4.892, loc.getLongitude(), 0.1);
+    assertEquals(52.373, loc.getLatitude(), 0.1);
+    assertEquals(0.0, loc.getSize());
   }
 }
diff --git a/src/test/java/org/xbill/DNS/LookupTest.java b/src/test/java/org/xbill/DNS/LookupTest.java
index a5132c819..f3eb848d1 100644
--- a/src/test/java/org/xbill/DNS/LookupTest.java
+++ b/src/test/java/org/xbill/DNS/LookupTest.java
@@ -4,6 +4,7 @@
 import static java.util.Arrays.asList;
 import static java.util.Collections.singletonList;
 import static java.util.stream.Collectors.joining;
+import static org.assertj.core.api.Assertions.assertThat;
 import static org.junit.jupiter.api.Assertions.assertEquals;
 import static org.junit.jupiter.api.Assertions.assertNotNull;
 import static org.junit.jupiter.api.Assertions.assertNull;
@@ -316,19 +317,19 @@ void testRun_concatenatedNameTooLong() throws Exception {
 
   @Test
   void testNdots1() throws Exception {
-    Resolver mockResolver = Mockito.mock(Resolver.class);
+    mockResolver = Mockito.mock(Resolver.class);
     wireUpMockResolver(mockResolver, this::simpleAnswer);
     Lookup l = makeLookupWithResolver(mockResolver, "example.com");
     l.setSearchPath("namespace.svc.cluster.local", "svc.cluster.local", "cluster.local");
     Record[] results = l.run();
-    verify(mockResolver).send(any(Message.class));
+    verify(mockResolver, times(1)).send(any(Message.class));
     assertEquals(1, results.length);
   }
 
   @Test
   void testNdotsFallbackToAbsolute() throws Exception {
-    Resolver mockResolver = Mockito.mock(Resolver.class);
-    wireUpMockResolver(mockResolver, this::goodAnswerWhenThreeLabels);
+    mockResolver = Mockito.mock(Resolver.class);
+    wireUpMockResolver(mockResolver, name -> goodAnswerWhenNLabels(name, 3));
     Lookup l = makeLookupWithResolver(mockResolver, "example.com");
     l.setSearchPath("namespace.svc.cluster.local", "svc.cluster.local", "cluster.local");
     l.setNdots(5);
@@ -337,6 +338,20 @@ void testNdotsFallbackToAbsolute() throws Exception {
     assertEquals(1, results.length);
   }
 
+  @Test
+  void testNdotsFallbackToAbsoluteButNotTwice() throws Exception {
+    mockResolver = Mockito.mock(Resolver.class);
+    // Never answer with a positive response
+    wireUpMockResolver(mockResolver, name -> goodAnswerWhenNLabels(name, -1));
+    // Two dots with ndots=2, so implicitly absolute
+    Lookup l = makeLookupWithResolver(mockResolver, "service.example.com");
+    l.setNdots(2);
+    Record[] results = l.run();
+    verify(mockResolver, times(1)).send(any(Message.class));
+    assertThat(results).isNull();
+    assertThat(l.getResult()).isEqualTo(Lookup.HOST_NOT_FOUND);
+  }
+
   @Test
   void testLookup_constructorFailsWithMetaTypes() {
     assertThrows(IllegalArgumentException.class, () -> new Lookup("example.com.", Type.OPT));
@@ -384,11 +399,11 @@ void testLookupFromHostsWithSearchDomain()
         ((ARecord) run[0]).getAddress());
   }
 
-  private Message goodAnswerWhenThreeLabels(Message query) {
+  private Message goodAnswerWhenNLabels(Message query, int numLabels) {
     return answer(
         query,
         name -> {
-          if (name.labels() == 3) {
+          if (name.labels() == numLabels) {
             return new ARecord(DUMMY_NAME, DClass.IN, 60, InetAddress.getLoopbackAddress());
           } else {
             return null;
@@ -445,8 +460,28 @@ public static Message answer(Message query, Function<Name, Record> recordMaker)
       if (DUMMY_NAME.equals(response.getName())) {
         response = response.withName(query.getQuestion().getName());
       }
+      response.setTTL(120);
       answer.addRecord(response, Section.ANSWER);
     }
     return answer;
   }
+
+  public static Message multiAnswer(Message query, Function<Name, Record[]> recordMaker) {
+    Message answer = new Message(query.getHeader().getID());
+    answer.addRecord(query.getQuestion(), Section.QUESTION);
+    Name questionName = query.getQuestion().getName();
+    Record[] response = recordMaker.apply(questionName);
+    if (response == null) {
+      answer.getHeader().setRcode(Rcode.NXDOMAIN);
+    } else {
+      for (Record r : response) {
+        if (DUMMY_NAME.equals(r.getName())) {
+          r = r.withName(query.getQuestion().getName());
+        }
+        r.setTTL(120);
+        answer.addRecord(r, Section.ANSWER);
+      }
+    }
+    return answer;
+  }
 }
diff --git a/src/test/java/org/xbill/DNS/MINFORecordTest.java b/src/test/java/org/xbill/DNS/MINFORecordTest.java
index b3060ddf5..f86677392 100644
--- a/src/test/java/org/xbill/DNS/MINFORecordTest.java
+++ b/src/test/java/org/xbill/DNS/MINFORecordTest.java
@@ -14,17 +14,17 @@ class MINFORecordTest {
   void ctor_5arg() {
     Name respAddress = Name.fromConstantString("example.com.");
     Name errorAddress = Name.fromConstantString("error.com.");
-    MINFORecord record = new MINFORecord(n, DClass.IN, 0, respAddress, errorAddress);
-    assertEquals(respAddress, record.getResponsibleAddress());
-    assertEquals(errorAddress, record.getErrorAddress());
+    MINFORecord minfo = new MINFORecord(n, DClass.IN, 0, respAddress, errorAddress);
+    assertEquals(respAddress, minfo.getResponsibleAddress());
+    assertEquals(errorAddress, minfo.getErrorAddress());
   }
 
   @Test
   void rdataFromString() throws IOException {
     Tokenizer t = new Tokenizer("foo.com. bar.com.");
-    MINFORecord record = new MINFORecord();
-    record.rdataFromString(t, null);
-    assertEquals(Name.fromConstantString("foo.com."), record.getResponsibleAddress());
-    assertEquals(Name.fromConstantString("bar.com."), record.getErrorAddress());
+    MINFORecord minfo = new MINFORecord();
+    minfo.rdataFromString(t, null);
+    assertEquals(Name.fromConstantString("foo.com."), minfo.getResponsibleAddress());
+    assertEquals(Name.fromConstantString("bar.com."), minfo.getErrorAddress());
   }
 }
diff --git a/src/test/java/org/xbill/DNS/MXRecordTest.java b/src/test/java/org/xbill/DNS/MXRecordTest.java
index 54979c00c..74e0fcafe 100644
--- a/src/test/java/org/xbill/DNS/MXRecordTest.java
+++ b/src/test/java/org/xbill/DNS/MXRecordTest.java
@@ -82,10 +82,10 @@ void rrToWire() throws TextParseException {
   @Test
   void rdataFromString_nullMXRecord() throws IOException {
     Tokenizer t = new Tokenizer("0 .");
-    MXRecord record = new MXRecord();
-    record.rdataFromString(t, null);
-    assertEquals(Name.fromConstantString("."), record.getTarget());
-    assertEquals(record.getTarget(), record.getAdditionalName());
-    assertEquals(0, record.getPriority());
+    MXRecord mx = new MXRecord();
+    mx.rdataFromString(t, null);
+    assertEquals(Name.fromConstantString("."), mx.getTarget());
+    assertEquals(mx.getTarget(), mx.getAdditionalName());
+    assertEquals(0, mx.getPriority());
   }
 }
diff --git a/src/test/java/org/xbill/DNS/MasterTest.java b/src/test/java/org/xbill/DNS/MasterTest.java
index cb25178ca..f4c024992 100644
--- a/src/test/java/org/xbill/DNS/MasterTest.java
+++ b/src/test/java/org/xbill/DNS/MasterTest.java
@@ -3,6 +3,7 @@
 
 import static org.junit.jupiter.api.Assertions.assertEquals;
 import static org.junit.jupiter.api.Assertions.assertFalse;
+import static org.junit.jupiter.api.Assertions.assertNotEquals;
 import static org.junit.jupiter.api.Assertions.assertNull;
 import static org.junit.jupiter.api.Assertions.assertThrows;
 import static org.junit.jupiter.api.Assertions.assertTrue;
@@ -12,10 +13,61 @@
 import java.io.InputStream;
 import java.net.URISyntaxException;
 import java.nio.file.Paths;
+import java.time.Instant;
+import java.util.ArrayList;
+import java.util.HashMap;
+import java.util.List;
+import java.util.Map;
 import org.junit.jupiter.api.Test;
+import org.xbill.DNS.DNSSEC.DNSSECException;
 
 class MasterTest {
 
+  /**
+   * Parse the <a href="https://www.internic.net/domain/root.zone">root zone file</a> to validate
+   * that we understand all record types.
+   */
+  @Test
+  void testRootZoneFile() throws IOException, DNSSECException {
+    List<Record> records = new ArrayList<>(26000);
+    Map<String, RRset> rrSets = new HashMap<>(13000);
+    try (Master master = new Master(MasterTest.class.getResourceAsStream("/root.zone"))) {
+      Record r;
+      while ((r = master.nextRecord()) != null) {
+        records.add(r);
+        String key =
+            r.getName()
+                + "/"
+                + (r.getType() == Type.RRSIG ? ((RRSIGRecord) r).getTypeCovered() : r.getType());
+        RRset set = rrSets.computeIfAbsent(key, n -> new RRset());
+        set.addRR(r);
+        assertFalse(r.getClass().isInstance(EmptyRecord.class), "EmptyRecord type check");
+        assertNotEquals(Integer.toString(r.getType()), Type.string(r.getType()));
+      }
+    }
+
+    assertEquals(25097, records.size());
+
+    // Test the signatures
+    DNSKEYRecord[] keys =
+        records.stream()
+            .filter(r -> r.getName().equals(Name.root) && r.getType() == Type.DNSKEY)
+            .map(r -> (DNSKEYRecord) r)
+            .toArray(DNSKEYRecord[]::new);
+    for (RRset set : rrSets.values()) {
+      for (RRSIGRecord sig : set.sigs()) {
+        int verifyCount = 0;
+        for (DNSKEYRecord key : keys) {
+          if (key.getFootprint() == sig.getFootprint()) {
+            DNSSEC.verify(set, sig, key, Instant.parse("2023-11-05T19:50:00Z"));
+            verifyCount++;
+          }
+        }
+        assertEquals(set.sigs().size(), verifyCount);
+      }
+    }
+  }
+
   @Test
   void nextRecord() throws IOException {
     Name exampleComName = Name.fromConstantString("example.com.");
@@ -202,10 +254,10 @@ void invalidOriginNotAbsolute_ctorString() {
   }
 
   private Record skipTo(Master master, int type) throws IOException {
-    Record record;
+    Record r;
     do {
-      record = master.nextRecord();
-    } while (record != null && record.getType() != type);
-    return record;
+      r = master.nextRecord();
+    } while (r != null && r.getType() != type);
+    return r;
   }
 }
diff --git a/src/test/java/org/xbill/DNS/MessageTest.java b/src/test/java/org/xbill/DNS/MessageTest.java
index a46379963..48639a973 100644
--- a/src/test/java/org/xbill/DNS/MessageTest.java
+++ b/src/test/java/org/xbill/DNS/MessageTest.java
@@ -35,6 +35,7 @@
 //
 package org.xbill.DNS;
 
+import static org.assertj.core.api.Assertions.assertThat;
 import static org.junit.jupiter.api.Assertions.assertEquals;
 import static org.junit.jupiter.api.Assertions.assertThrows;
 import static org.junit.jupiter.api.Assertions.assertTrue;
@@ -47,102 +48,139 @@
 import org.junit.jupiter.api.Test;
 import org.xbill.DNS.utils.base64;
 
-public class MessageTest {
-  static class Test_init {
-    @Test
-    void ctor_0arg() {
-      Message m = new Message();
-      assertTrue(m.getSection(0).isEmpty());
-      assertTrue(m.getSection(1).isEmpty());
-      assertTrue(m.getSection(3).isEmpty());
-      assertTrue(m.getSection(2).isEmpty());
-      assertThrows(IndexOutOfBoundsException.class, () -> m.getSection(4));
-      Header h = m.getHeader();
-      assertEquals(0, h.getCount(0));
-      assertEquals(0, h.getCount(1));
-      assertEquals(0, h.getCount(2));
-      assertEquals(0, h.getCount(3));
-    }
+class MessageTest {
+  @Test
+  void ctor_0arg() {
+    Message m = new Message();
+    assertTrue(m.getSection(0).isEmpty());
+    assertTrue(m.getSection(1).isEmpty());
+    assertTrue(m.getSection(2).isEmpty());
+    assertTrue(m.getSection(3).isEmpty());
+    assertThrows(IllegalArgumentException.class, () -> m.getSection(4));
+    Header h = m.getHeader();
+    assertEquals(0, h.getCount(0));
+    assertEquals(0, h.getCount(1));
+    assertEquals(0, h.getCount(2));
+    assertEquals(0, h.getCount(3));
+  }
 
-    @Test
-    void ctor_1arg() {
-      Message m = new Message(10);
-      assertEquals(new Header(10).toString(), m.getHeader().toString());
-      assertTrue(m.getSection(0).isEmpty());
-      assertTrue(m.getSection(1).isEmpty());
-      assertTrue(m.getSection(2).isEmpty());
-      assertTrue(m.getSection(3).isEmpty());
-      assertThrows(IndexOutOfBoundsException.class, () -> m.getSection(4));
-      Header h = m.getHeader();
-      assertEquals(0, h.getCount(0));
-      assertEquals(0, h.getCount(1));
-      assertEquals(0, h.getCount(2));
-      assertEquals(0, h.getCount(3));
-    }
+  @Test
+  void ctor_1arg() {
+    Message m = new Message(10);
+    assertEquals(new Header(10).toString(), m.getHeader().toString());
+    assertTrue(m.getSection(0).isEmpty());
+    assertTrue(m.getSection(1).isEmpty());
+    assertTrue(m.getSection(2).isEmpty());
+    assertTrue(m.getSection(3).isEmpty());
+    assertThrows(IllegalArgumentException.class, () -> m.getSection(4));
+    Header h = m.getHeader();
+    assertEquals(0, h.getCount(0));
+    assertEquals(0, h.getCount(1));
+    assertEquals(0, h.getCount(2));
+    assertEquals(0, h.getCount(3));
+  }
 
-    @Test
-    void ctor_byteBuffer() throws IOException {
-      byte[] arr =
-          base64.fromString(
-              "EEuBgAABAAEABAAIA3d3dwZnb29nbGUDY29tAAABAAHADAABAAEAAAAaAASO+rokwBAAAgABAAFHCwAGA25zMcAQwBAAAgABAAFHCwAGA25zNMAQwBAAAgABAAFHCwAGA25zM8AQwBAAAgABAAFHCwAGA25zMsAQwDwAAQABAADObwAE2O8gCsByAAEAAQABrVEABNjvIgrAYAABAAEAAVqZAATY7yQKwE4AAQABAAK9RQAE2O8mCsA8ABwAAQAD4a0AECABSGBIAgAyAAAAAAAAAArAcgAcAAEAAtDgABAgAUhgSAIANAAAAAAAAAAKwGAAHAABAACSagAQIAFIYEgCADYAAAAAAAAACsBOABwAAQAErVoAECABSGBIAgA4AAAAAAAAAAo=");
+  @Test
+  void ctor_byteBuffer() throws IOException {
+    byte[] arr =
+        base64.fromString(
+            "EEuBgAABAAEABAAIA3d3dwZnb29nbGUDY29tAAABAAHADAABAAEAAAAaAASO+rokwBAAAgABAAFHCwAGA25zMcAQwBAAAgABAAFHCwAGA25zNMAQwBAAAgABAAFHCwAGA25zM8AQwBAAAgABAAFHCwAGA25zMsAQwDwAAQABAADObwAE2O8gCsByAAEAAQABrVEABNjvIgrAYAABAAEAAVqZAATY7yQKwE4AAQABAAK9RQAE2O8mCsA8ABwAAQAD4a0AECABSGBIAgAyAAAAAAAAAArAcgAcAAEAAtDgABAgAUhgSAIANAAAAAAAAAAKwGAAHAABAACSagAQIAFIYEgCADYAAAAAAAAACsBOABwAAQAErVoAECABSGBIAgA4AAAAAAAAAAo=");
 
-      ByteBuffer wrap = ByteBuffer.allocate(arr.length + 2);
+    ByteBuffer wrap = ByteBuffer.allocate(arr.length + 2);
 
-      // prepend length, like when reading a response from a TCP channel
-      wrap.putShort((short) arr.length);
-      wrap.put(arr);
-      wrap.flip();
-      wrap.getShort(); // read the prepended length
+    // prepend length, like when reading a response from a TCP channel
+    wrap.putShort((short) arr.length);
+    wrap.put(arr);
+    wrap.flip();
+    wrap.getShort(); // read the prepended length
 
-      Message m = new Message(wrap);
-      assertEquals(Name.fromConstantString("www.google.com."), m.getQuestion().getName());
-    }
+    Message m = new Message(wrap);
+    assertEquals(Name.fromConstantString("www.google.com."), m.getQuestion().getName());
+  }
 
-    @Test
-    void newQuery() throws TextParseException, UnknownHostException {
-      Name n = Name.fromString("The.Name.");
-      ARecord ar = new ARecord(n, DClass.IN, 1, InetAddress.getByName("192.168.101.110"));
-
-      Message m = Message.newQuery(ar);
-      assertEquals(1, m.getSection(0).size());
-      assertEquals(ar, m.getSection(0).get(0));
-      assertTrue(m.getSection(1).isEmpty());
-      assertTrue(m.getSection(2).isEmpty());
-      assertTrue(m.getSection(3).isEmpty());
-
-      Header h = m.getHeader();
-      assertEquals(1, h.getCount(0));
-      assertEquals(0, h.getCount(1));
-      assertEquals(0, h.getCount(2));
-      assertEquals(0, h.getCount(3));
-      assertEquals(Opcode.QUERY, h.getOpcode());
-      assertTrue(h.getFlag(Flags.RD));
-    }
+  @Test
+  void newQuery() throws TextParseException, UnknownHostException {
+    Name n = Name.fromString("The.Name.");
+    ARecord ar = new ARecord(n, DClass.IN, 1, InetAddress.getByName("192.168.101.110"));
+
+    Message m = Message.newQuery(ar);
+    assertEquals(1, m.getSection(0).size());
+    assertEquals(ar, m.getSection(0).get(0));
+    assertTrue(m.getSection(1).isEmpty());
+    assertTrue(m.getSection(2).isEmpty());
+    assertTrue(m.getSection(3).isEmpty());
+
+    Header h = m.getHeader();
+    assertEquals(1, h.getCount(0));
+    assertEquals(0, h.getCount(1));
+    assertEquals(0, h.getCount(2));
+    assertEquals(0, h.getCount(3));
+    assertEquals(Opcode.QUERY, h.getOpcode());
+    assertTrue(h.getFlag(Flags.RD));
+  }
+
+  @Test
+  void sectionToWire() throws IOException {
+    Message m = new Message(4711);
+    Name n2 = Name.fromConstantString("test2.example.");
+    m.addRecord(new TXTRecord(n2, DClass.IN, 86400, "other record"), Section.ADDITIONAL);
+    Name n = Name.fromConstantString("test.example.");
+    m.addRecord(new TXTRecord(n, DClass.IN, 86400, "example text -1-"), Section.ADDITIONAL);
+    m.addRecord(new TXTRecord(n, DClass.IN, 86400, "example text -2-"), Section.ADDITIONAL);
+    m.addRecord(new TXTRecord(n, DClass.IN, 86400, "example text -3-"), Section.ADDITIONAL);
+    m.addRecord(new TXTRecord(n, DClass.IN, 86400, "example text -4-"), Section.ADDITIONAL);
+    m.addRecord(new OPTRecord(512, 0, 0, 0), Section.ADDITIONAL);
 
-    @Test
-    void sectionToWire() throws IOException {
-      Message m = new Message(4711);
-      Name n2 = Name.fromConstantString("test2.example.");
-      m.addRecord(new TXTRecord(n2, DClass.IN, 86400, "other record"), Section.ADDITIONAL);
-      Name n = Name.fromConstantString("test.example.");
-      m.addRecord(new TXTRecord(n, DClass.IN, 86400, "example text -1-"), Section.ADDITIONAL);
-      m.addRecord(new TXTRecord(n, DClass.IN, 86400, "example text -2-"), Section.ADDITIONAL);
-      m.addRecord(new TXTRecord(n, DClass.IN, 86400, "example text -3-"), Section.ADDITIONAL);
-      m.addRecord(new TXTRecord(n, DClass.IN, 86400, "example text -4-"), Section.ADDITIONAL);
-      m.addRecord(new OPTRecord(512, 0, 0, 0), Section.ADDITIONAL);
-
-      for (int i = 5; i < 50; i++) {
-        m.addRecord(
-            new TXTRecord(n, DClass.IN, 86400, "example text -" + i + "-"), Section.ADDITIONAL);
-      }
-
-      byte[] binary = m.toWire(512);
-      Message m2 = new Message(binary);
-      assertEquals(2, m2.getHeader().getCount(Section.ADDITIONAL));
-      List<Record> records = m2.getSection(Section.ADDITIONAL);
-      assertEquals(2, records.size());
-      assertEquals(TXTRecord.class, records.get(0).getClass());
-      assertEquals(OPTRecord.class, records.get(1).getClass());
+    for (int i = 5; i < 50; i++) {
+      m.addRecord(
+          new TXTRecord(n, DClass.IN, 86400, "example text -" + i + "-"), Section.ADDITIONAL);
     }
+
+    byte[] binary = m.toWire(512);
+    Message m2 = new Message(binary);
+    assertEquals(2, m2.getHeader().getCount(Section.ADDITIONAL));
+    List<Record> records = m2.getSection(Section.ADDITIONAL);
+    assertEquals(2, records.size());
+    assertEquals(TXTRecord.class, records.get(0).getClass());
+    assertEquals(OPTRecord.class, records.get(1).getClass());
+  }
+
+  @Test
+  void testQuestionClone() {
+    Name qname = Name.fromConstantString("www.example.");
+    Record question = Record.newRecord(qname, Type.A, DClass.IN);
+    Message query = Message.newQuery(question);
+    Message clone = query.clone();
+    assertEquals(query.getHeader().getID(), clone.getHeader().getID());
+    assertEquals(query.getQuestion().getName(), clone.getQuestion().getName());
+  }
+
+  @Test
+  void testResponseClone() throws UnknownHostException {
+    Name qname = Name.fromConstantString("www.example.");
+    Record question = Record.newRecord(qname, Type.A, DClass.IN);
+    Message response = new Message();
+    response.getHeader().setFlag(Flags.QR);
+    response.addRecord(question, Section.QUESTION);
+    response.addRecord(
+        new ARecord(qname, DClass.IN, 0, InetAddress.getByName("127.0.0.1")), Section.ANSWER);
+    Message clone = response.clone();
+    assertEquals(clone.getQuestion(), response.getQuestion());
+    assertEquals(clone.getSection(Section.ANSWER), response.getSection(Section.ANSWER));
+  }
+
+  @Test
+  void normalize() throws WireParseException {
+    Record queryRecord =
+        Record.newRecord(Name.fromConstantString("example.com."), Type.MX, DClass.IN);
+    Message query = Message.newQuery(queryRecord);
+    Message response = new Message();
+    response.addRecord(queryRecord, Section.QUESTION);
+    response.addRecord(queryRecord, Section.ADDITIONAL);
+    response = response.normalize(query, true);
+    assertThat(response.getSection(Section.ANSWER)).isEmpty();
+    assertThat(response.getHeader().getCount(Section.ANSWER)).isZero();
+    assertThat(response.getSection(Section.ADDITIONAL)).isEmpty();
+    assertThat(response.getHeader().getCount(Section.ADDITIONAL)).isZero();
   }
 }
diff --git a/src/test/java/org/xbill/DNS/NAPTRRecordTest.java b/src/test/java/org/xbill/DNS/NAPTRRecordTest.java
index 0b99cad46..2a0417c86 100644
--- a/src/test/java/org/xbill/DNS/NAPTRRecordTest.java
+++ b/src/test/java/org/xbill/DNS/NAPTRRecordTest.java
@@ -11,13 +11,13 @@ class NAPTRRecordTest {
   @Test
   void rdataFromString() throws IOException {
     Tokenizer t = new Tokenizer("100  50  \"s\"    \"http+N2L+N2C+N2R\"  \"\"   www.example.com.");
-    NAPTRRecord record = new NAPTRRecord();
-    record.rdataFromString(t, null);
-    assertEquals(100, record.getOrder());
-    assertEquals(50, record.getPreference());
-    assertEquals("s", record.getFlags());
-    assertEquals("http+N2L+N2C+N2R", record.getService());
-    assertEquals("", record.getRegexp());
-    assertEquals(Name.fromConstantString("www.example.com."), record.getReplacement());
+    NAPTRRecord naptr = new NAPTRRecord();
+    naptr.rdataFromString(t, null);
+    assertEquals(100, naptr.getOrder());
+    assertEquals(50, naptr.getPreference());
+    assertEquals("s", naptr.getFlags());
+    assertEquals("http+N2L+N2C+N2R", naptr.getService());
+    assertEquals("", naptr.getRegexp());
+    assertEquals(Name.fromConstantString("www.example.com."), naptr.getReplacement());
   }
 }
diff --git a/src/test/java/org/xbill/DNS/NSAPRecordTest.java b/src/test/java/org/xbill/DNS/NSAPRecordTest.java
index ce17ce28b..7903154af 100644
--- a/src/test/java/org/xbill/DNS/NSAPRecordTest.java
+++ b/src/test/java/org/xbill/DNS/NSAPRecordTest.java
@@ -11,10 +11,10 @@ class NSAPRecordTest {
   @Test
   void rdataFromString() throws IOException {
     Tokenizer t = new Tokenizer("0x47.0005.80.005a00.0000.0001.e133.ffffff000161.00");
-    NSAPRecord record = new NSAPRecord();
-    record.rdataFromString(t, null);
+    NSAPRecord nsap = new NSAPRecord();
+    nsap.rdataFromString(t, null);
     assertEquals(
         "G\\000\\005\\128\\000Z\\000\\000\\000\\000\\001\\2253\\255\\255\\255\\000\\001a\\000",
-        record.getAddress());
+        nsap.getAddress());
   }
 }
diff --git a/src/test/java/org/xbill/DNS/NSAP_PTRRecordTest.java b/src/test/java/org/xbill/DNS/NSAP_PTRRecordTest.java
index 7c336fab0..bda3c5ab7 100644
--- a/src/test/java/org/xbill/DNS/NSAP_PTRRecordTest.java
+++ b/src/test/java/org/xbill/DNS/NSAP_PTRRecordTest.java
@@ -65,8 +65,8 @@ void ctor_4arg() throws TextParseException {
   @Test
   void rdataFromString() throws IOException {
     Tokenizer t = new Tokenizer("foo.bar.com.");
-    NSAP_PTRRecord record = new NSAP_PTRRecord();
-    record.rdataFromString(t, null);
-    assertEquals(Name.fromConstantString("foo.bar.com."), record.getTarget());
+    NSAP_PTRRecord nsapPtr = new NSAP_PTRRecord();
+    nsapPtr.rdataFromString(t, null);
+    assertEquals(Name.fromConstantString("foo.bar.com."), nsapPtr.getTarget());
   }
 }
diff --git a/src/test/java/org/xbill/DNS/NSEC3PARAMRecordTest.java b/src/test/java/org/xbill/DNS/NSEC3PARAMRecordTest.java
index 624540022..6021254f8 100644
--- a/src/test/java/org/xbill/DNS/NSEC3PARAMRecordTest.java
+++ b/src/test/java/org/xbill/DNS/NSEC3PARAMRecordTest.java
@@ -12,10 +12,10 @@ class NSEC3PARAMRecordTest {
   @Test
   void rdataFromString() throws IOException {
     Tokenizer t = new Tokenizer("1 1 10 5053851B");
-    NSEC3PARAMRecord record = new NSEC3PARAMRecord();
-    record.rdataFromString(t, null);
-    assertEquals(NSEC3Record.Digest.SHA1, record.getHashAlgorithm());
-    assertEquals(NSEC3Record.Flags.OPT_OUT, record.getFlags());
-    assertNotNull(record.getSalt());
+    NSEC3PARAMRecord nsec3PARAMRecord = new NSEC3PARAMRecord();
+    nsec3PARAMRecord.rdataFromString(t, null);
+    assertEquals(NSEC3Record.Digest.SHA1, nsec3PARAMRecord.getHashAlgorithm());
+    assertEquals(NSEC3Record.Flags.OPT_OUT, nsec3PARAMRecord.getFlags());
+    assertNotNull(nsec3PARAMRecord.getSalt());
   }
 }
diff --git a/src/test/java/org/xbill/DNS/NSEC3RecordTest.java b/src/test/java/org/xbill/DNS/NSEC3RecordTest.java
index 67683f375..2000e1903 100644
--- a/src/test/java/org/xbill/DNS/NSEC3RecordTest.java
+++ b/src/test/java/org/xbill/DNS/NSEC3RecordTest.java
@@ -15,16 +15,16 @@ void rdataFromString() throws IOException {
     Tokenizer t =
         new Tokenizer(
             "1 1 10 5053851B PF2TNEL79K4HTCBINCDBE9FPBU5I04KD A NS SOA MX AAAA RRSIG DNSKEY NSEC3PARAM TYPE65534");
-    NSEC3Record record = new NSEC3Record();
-    record.rdataFromString(t, null);
-    assertEquals(NSEC3Record.Digest.SHA1, record.getHashAlgorithm());
-    assertEquals(NSEC3Record.Flags.OPT_OUT, record.getFlags());
-    assertNotNull(record.getSalt());
-    record = new NSEC3Record();
-    record.rdataFromString(
+    NSEC3Record nsec3Record = new NSEC3Record();
+    nsec3Record.rdataFromString(t, null);
+    assertEquals(NSEC3Record.Digest.SHA1, nsec3Record.getHashAlgorithm());
+    assertEquals(NSEC3Record.Flags.OPT_OUT, nsec3Record.getFlags());
+    assertNotNull(nsec3Record.getSalt());
+    nsec3Record = new NSEC3Record();
+    nsec3Record.rdataFromString(
         new Tokenizer(
             "1 1 10 - PF2TNEL79K4HTCBINCDBE9FPBU5I04KD A NS SOA MX AAAA RRSIG DNSKEY NSEC3PARAM TYPE65534"),
         null);
-    assertNull(record.getSalt());
+    assertNull(nsec3Record.getSalt());
   }
 }
diff --git a/src/test/java/org/xbill/DNS/NSECRecordTest.java b/src/test/java/org/xbill/DNS/NSECRecordTest.java
index 1ecf5d482..e8b35afb4 100644
--- a/src/test/java/org/xbill/DNS/NSECRecordTest.java
+++ b/src/test/java/org/xbill/DNS/NSECRecordTest.java
@@ -12,9 +12,9 @@ class NSECRecordTest {
   @Test
   void rdataFromString() throws IOException {
     Tokenizer t = new Tokenizer("host.example.com. A MX RRSIG NSEC TYPE1234");
-    NSECRecord record = new NSECRecord();
-    record.rdataFromString(t, null);
-    assertEquals(Name.fromConstantString("host.example.com."), record.getNext());
-    assertFalse(record.hasType(-1));
+    NSECRecord nsecRecord = new NSECRecord();
+    nsecRecord.rdataFromString(t, null);
+    assertEquals(Name.fromConstantString("host.example.com."), nsecRecord.getNext());
+    assertFalse(nsecRecord.hasType(-1));
   }
 }
diff --git a/src/test/java/org/xbill/DNS/NXTRecordTest.java b/src/test/java/org/xbill/DNS/NXTRecordTest.java
index 4892fbf3d..7d92400e4 100644
--- a/src/test/java/org/xbill/DNS/NXTRecordTest.java
+++ b/src/test/java/org/xbill/DNS/NXTRecordTest.java
@@ -12,9 +12,9 @@ class NXTRecordTest {
   @Test
   void rdataFromString() throws IOException {
     Tokenizer t = new Tokenizer("medium.foo.tld. A MX SIG NXT");
-    NXTRecord record = new NXTRecord();
-    record.rdataFromString(t, null);
-    assertEquals(Name.fromConstantString("medium.foo.tld."), record.getNext());
-    assertNotNull(record.getBitmap());
+    NXTRecord nxtRecord = new NXTRecord();
+    nxtRecord.rdataFromString(t, null);
+    assertEquals(Name.fromConstantString("medium.foo.tld."), nxtRecord.getNext());
+    assertNotNull(nxtRecord.getBitmap());
   }
 }
diff --git a/src/test/java/org/xbill/DNS/NameTest.java b/src/test/java/org/xbill/DNS/NameTest.java
index d5986e3a7..e66f50b85 100644
--- a/src/test/java/org/xbill/DNS/NameTest.java
+++ b/src/test/java/org/xbill/DNS/NameTest.java
@@ -52,6 +52,9 @@
 import org.junit.jupiter.api.BeforeEach;
 import org.junit.jupiter.api.Nested;
 import org.junit.jupiter.api.Test;
+import org.junit.jupiter.params.ParameterizedTest;
+import org.junit.jupiter.params.provider.CsvSource;
+import org.junit.jupiter.params.provider.ValueSource;
 
 class NameTest {
   @Nested
@@ -350,6 +353,55 @@ void ctor_max_length_abs() throws TextParseException {
       assertEquals(255, n.length());
     }
 
+    @Test
+    void ctor_max_length_rel_with_root_origin() throws TextParseException {
+      // relative name with three 63-char labels and a 61-char label with Name.root as origin
+      Name n =
+          new Name(
+              "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa.bbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbb.ccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccc.ddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddd",
+              Name.root);
+      assertTrue(n.isAbsolute());
+      assertFalse(n.isWild());
+      assertEquals(5, n.labels());
+      assertEquals(255, n.length());
+    }
+
+    @Test
+    void ctor_max_length_rel_with_abs_origin() throws TextParseException {
+      // relative name with three 63-char labels and a 52-char label with 9-char absolute name as
+      // origin
+      Name n =
+          new Name(
+              "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa.bbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbb.ccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccc.dddddddddddddddddddddddddddddddddddddddddddddddddddd",
+              Name.fromString("absolute."));
+      assertTrue(n.isAbsolute());
+      assertFalse(n.isWild());
+      assertEquals(6, n.labels());
+      assertEquals(255, n.length());
+    }
+
+    @Test
+    void ctor_too_long_rel_with_rel_origin() {
+      // relative name with three 63-char labels and a 53-char label with an 8-char relative origin
+      assertThrows(
+          TextParseException.class,
+          () ->
+              new Name(
+                  "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa.bbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbb.ccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccc.ddddddddddddddddddddddddddddddddddddddddddddddddddddd",
+                  Name.fromConstantString("relative")));
+    }
+
+    @Test
+    void ctor_too_long_rel_with_abs_origin() {
+      // relative name with three 63-char labels and a 53-char label with a 9-char absolute origin
+      assertThrows(
+          TextParseException.class,
+          () ->
+              new Name(
+                  "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa.bbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbb.ccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccc.ddddddddddddddddddddddddddddddddddddddddddddddddddddd",
+                  Name.fromConstantString("absolute.")));
+    }
+
     @Test
     void ctor_escaped() throws TextParseException {
       Name n = new Name("ab\\123cd");
@@ -1290,19 +1342,24 @@ void subdomain_equal() throws TextParseException {
     assertTrue(dom.subdomain(sub));
   }
 
-  @Test
-  void toString_abs() throws TextParseException {
-    String in = "This.Is.My.Absolute.Name.";
-    Name n = new Name(in);
-
-    assertEquals(in, n.toString());
-  }
-
-  @Test
-  void toString_rel() throws TextParseException {
-    String in = "This.Is.My.Relative.Name";
+  @ParameterizedTest
+  @ValueSource(
+      strings = {
+        // absolute
+        "This.Is.My.Absolute.Name.",
+        // relative
+        "This.Is.My.Relative.Name",
+        // wildcard
+        "*.A.b.c.e",
+        // one escaped digit
+        "my.escaped\\001.label.",
+        // two escaped digits
+        "my.escaped\\010.label.",
+        // escaped junk
+        "my.escaped.junk\\128.label.",
+      })
+  void variousToString(String in) throws TextParseException {
     Name n = new Name(in);
-
     assertEquals(in, n.toString());
   }
 
@@ -1317,34 +1374,6 @@ void toString_root() {
     assertEquals(".", Name.root.toString());
   }
 
-  @Test
-  void toString_wild() throws TextParseException {
-    String in = "*.A.b.c.e";
-    Name n = new Name(in);
-    assertEquals(in, n.toString());
-  }
-
-  @Test
-  void toString_escaped_one_digit() throws TextParseException {
-    String in = "my.escaped\\001.label.";
-    Name n = new Name(in);
-    assertEquals(in, n.toString());
-  }
-
-  @Test
-  void toString_escaped_two_digits() throws TextParseException {
-    String in = "my.escaped\\010.label.";
-    Name n = new Name(in);
-    assertEquals(in, n.toString());
-  }
-
-  @Test
-  void toString_escaped() throws TextParseException {
-    String in = "my.escaped.junk\\128.label.";
-    Name n = new Name(in);
-    assertEquals(in, n.toString());
-  }
-
   @Test
   void toString_special_char() throws WireParseException {
     byte[] raw = new byte[] {1, '"', 1, '(', 1, ')', 1, '.', 1, ';', 1, '\\', 1, '@', 1, '$', 0};
@@ -1358,7 +1387,8 @@ class Test_toWire {
     @Test
     void rel() throws TextParseException {
       Name n = new Name("A.Relative.Name");
-      assertThrows(IllegalArgumentException.class, () -> n.toWire(new DNSOutput(), null));
+      DNSOutput out = new DNSOutput();
+      assertThrows(IllegalArgumentException.class, () -> n.toWire(out, null));
     }
 
     @Test
@@ -1592,46 +1622,22 @@ void close() throws TextParseException {
       assertTrue(n2.compareTo(n1) < 0);
     }
 
-    @Test
-    void disjoint() throws TextParseException {
-      Name n1 = new Name("b");
-      Name n2 = new Name("c");
-
-      assertTrue(n1.compareTo(n2) < 0);
-      assertTrue(n2.compareTo(n1) > 0);
-    }
-
-    @Test
-    void label_prefix() throws TextParseException {
-      Name n1 = new Name("thisIs.a.");
-      Name n2 = new Name("thisIsGreater.a.");
-
-      assertTrue(n1.compareTo(n2) < 0);
-      assertTrue(n2.compareTo(n1) > 0);
-    }
-
-    @Test
-    void more_labels() throws TextParseException {
-      Name n1 = new Name("c.b.a.");
-      Name n2 = new Name("d.c.b.a.");
-
-      assertTrue(n1.compareTo(n2) < 0);
-      assertTrue(n2.compareTo(n1) > 0);
-    }
-
-    @Test
-    void octal_digits_low() throws TextParseException {
-      Name n1 = new Name("\\004.b.a.");
-      Name n2 = new Name("c.b.a.");
-
-      assertTrue(n1.compareTo(n2) < 0);
-      assertTrue(n2.compareTo(n1) > 0);
-    }
-
-    @Test
-    void octal_digits_high() throws TextParseException {
-      Name n1 = new Name("c.b.a.");
-      Name n2 = new Name("\\237.b.a.");
+    @ParameterizedTest
+    @CsvSource({
+      // disjoint
+      "b, c",
+      // label_prefix
+      "thisIs.a., thisIsGreater.a.",
+      // more_labels
+      "c.b.a., d.c.b.a.",
+      // octal_digits_low
+      "\\004.b.a., c.b.a.",
+      // octal_digits_high
+      "c.b.a.,\\237.b.a.",
+    })
+    void compare(String name1, String name2) throws TextParseException {
+      Name n1 = new Name(name1);
+      Name n2 = new Name(name2);
 
       assertTrue(n1.compareTo(n2) < 0);
       assertTrue(n2.compareTo(n1) > 0);
diff --git a/src/test/java/org/xbill/DNS/NioTcpClientTest.java b/src/test/java/org/xbill/DNS/NioTcpClientTest.java
index 3cfe1e5d3..a985714b9 100644
--- a/src/test/java/org/xbill/DNS/NioTcpClientTest.java
+++ b/src/test/java/org/xbill/DNS/NioTcpClientTest.java
@@ -1,57 +1,261 @@
 // SPDX-License-Identifier: BSD-3-Clause
 package org.xbill.DNS;
 
+import static org.assertj.core.api.Assertions.assertThat;
+import static org.junit.jupiter.api.Assertions.assertDoesNotThrow;
 import static org.junit.jupiter.api.Assertions.assertEquals;
+import static org.junit.jupiter.api.Assertions.assertThrows;
 import static org.junit.jupiter.api.Assertions.fail;
+import static org.xbill.DNS.NioClient.SELECTOR_TIMEOUT_PROPERTY;
 
 import java.io.IOException;
 import java.io.InputStream;
+import java.io.OutputStream;
+import java.lang.reflect.Field;
 import java.net.InetAddress;
 import java.net.InetSocketAddress;
 import java.net.ServerSocket;
 import java.net.Socket;
 import java.net.SocketTimeoutException;
 import java.nio.ByteBuffer;
+import java.nio.channels.ClosedChannelException;
+import java.nio.channels.Pipe;
+import java.nio.channels.SelectionKey;
+import java.nio.channels.Selector;
 import java.time.Duration;
+import java.util.ArrayList;
+import java.util.ConcurrentModificationException;
+import java.util.List;
+import java.util.Queue;
+import java.util.concurrent.ConcurrentLinkedQueue;
 import java.util.concurrent.CountDownLatch;
 import java.util.concurrent.TimeUnit;
+import java.util.concurrent.atomic.AtomicReference;
+import lombok.extern.slf4j.Slf4j;
 import org.junit.jupiter.api.Test;
+import org.junit.jupiter.params.ParameterizedTest;
+import org.junit.jupiter.params.provider.ValueSource;
+import org.opentest4j.AssertionFailedError;
+import org.xbill.DNS.utils.base16;
 
+@Slf4j
 class NioTcpClientTest {
+  @Test
+  void testCloseWithoutStart() {
+    assertDoesNotThrow(NioClient::close);
+  }
+
+  @ParameterizedTest
+  @ValueSource(ints = {0, 1001})
+  void testSelectorTimeoutLimits(int timeout) {
+    System.setProperty(SELECTOR_TIMEOUT_PROPERTY, Integer.toString(timeout));
+    try {
+      assertThrows(IllegalArgumentException.class, NioClient::runSelector);
+    } finally {
+      System.clearProperty(SELECTOR_TIMEOUT_PROPERTY);
+    }
+  }
+
+  /**
+   * Verifies that NioClient.processReadyKeys() does not throw a ConcurrentModificationException
+   * when channels are registered with the selector while processReadyKeys() is iterating over
+   * selector.selectedKeys(). This simulates concurrent modifications that can occur under high
+   * load.
+   *
+   * <p>The test starts the selector thread, registers an initial key, and then rapidly registers
+   * new channels from another thread while making them ready. It fails if a
+   * ConcurrentModificationException is observed during the process.
+   *
+   * <p>Since this involves concurrency timing, the test may be flaky and not fail consistently,
+   * even if the underlying issue exists.
+   */
+  @Test
+  void testProcessReadyKeysShouldNotThrowConcurrentModificationException() throws Exception {
+    // Speed up selector loop
+    System.setProperty(SELECTOR_TIMEOUT_PROPERTY, "10");
+
+    try {
+      // Start selector thread
+      Selector selector = NioClient.selector();
+
+      // Add initial key to ensure selectedKeys isn't empty
+      Pipe initialPipe = Pipe.open();
+      initialPipe.source().configureBlocking(false);
+      SelectionKey key = initialPipe.source().register(selector, SelectionKey.OP_READ);
+      key.attach(
+          (NioClient.KeyProcessor)
+              readyKey -> {
+                try {
+                  // Slow down processing
+                  Thread.sleep(10);
+                } catch (InterruptedException ignored) {
+                  // ignore
+                }
+              });
+
+      // Watch for unexpected exceptions
+      AtomicReference<Throwable> sawCME = new AtomicReference<>(null);
+      Field selectorThreadField = NioClient.class.getDeclaredField("selectorThread");
+      selectorThreadField.setAccessible(true);
+      ((Thread) selectorThreadField.get(null))
+          .setUncaughtExceptionHandler(
+              (t, e) -> {
+                if (e instanceof ConcurrentModificationException) {
+                  // Violation of expected behavior
+                  sawCME.set(e);
+                }
+              });
+
+      List<Pipe> allPipes = new ArrayList<>();
+      Queue<Pipe> registrationQueue = new ConcurrentLinkedQueue<>();
+      NioClient.setRegistrationsTask(
+          sel -> {
+            Pipe pipe = registrationQueue.poll();
+            if (pipe != null) {
+              try {
+                SelectionKey sk = pipe.source().register(sel, SelectionKey.OP_READ);
+                sk.attach(
+                    (NioClient.KeyProcessor)
+                        readyKey -> {
+                          try {
+                            Thread.sleep(10);
+                          } catch (InterruptedException ignored) {
+                            // ignore
+                          }
+                        });
+              } catch (ClosedChannelException e) {
+                throw new RuntimeException(e);
+              }
+            }
+          },
+          true);
+
+      // Thread that registers new channels and makes some ready
+      Thread t1 =
+          new Thread(
+              () -> {
+                try {
+                  for (int i = 0; i < 100; i++) {
+                    Pipe pipe = Pipe.open();
+                    pipe.source().configureBlocking(false);
+                    registrationQueue.add(pipe);
+                    allPipes.add(pipe);
+
+                    // Make the channel ready to trigger selectedKeys modification
+                    if (i % 2 == 0) {
+                      pipe.sink().write(ByteBuffer.wrap("x".getBytes()));
+                    }
+
+                    // Help trigger overlap
+                    Thread.sleep(2);
+                  }
+                } catch (Exception ignored) {
+                  // ignore
+                }
+              });
+
+      // Thread that makes the remaining registrations ready
+      Thread t2 =
+          new Thread(
+              () -> {
+                try {
+                  for (int i = 0; i < 100; i++) {
+                    // Make the channel ready to trigger selectedKeys modification
+                    if (i % 2 != 0) {
+                      allPipes.get(i).sink().write(ByteBuffer.wrap("x".getBytes()));
+                    }
+
+                    // Help trigger overlap
+                    Thread.sleep(2);
+                  }
+                } catch (Exception ignored) {
+                  // ignore
+                }
+              });
+
+      t1.start();
+      t2.start();
+      t1.join(5000);
+      t2.join(5000);
+      NioClient.close();
+
+      // Assume correctness: fail if any exception was observed
+      assertThat(sawCME.get()).isNull();
+    } finally {
+      System.clearProperty(SELECTOR_TIMEOUT_PROPERTY);
+    }
+  }
+
   @Test
   void testResponseStream() throws InterruptedException, IOException {
     try {
       // start the selector thread early
       NioClient.selector();
+      NioTcpClient nioTcpClient = new NioTcpClient();
 
       Record qr = Record.newRecord(Name.fromConstantString("example.com."), Type.A, DClass.IN);
-      Message[] q = new Message[] {Message.newQuery(qr), Message.newQuery(qr)};
+      Message[] q = new Message[30];
+      for (int i = 0; i < q.length; i++) {
+        q[i] = Message.newQuery(qr);
+        // This is not actually valid data, but it increases the payload sufficiently to fill the
+        // send buffer, forcing NioTcpClient.Transaction#send into the retry
+        // see https://github.com/dnsjava/dnsjava/issues/357
+        for (int j = 0; j < 2048; j++) {
+          q[i].addRecord(
+              new AAAARecord(
+                  Name.fromConstantString("example.com."), DClass.IN, 3600, new byte[16]),
+              Section.AUTHORITY);
+        }
+      }
+
       CountDownLatch cdlServerThreadStart = new CountDownLatch(1);
+      CountDownLatch cdlServerThreadEnd = new CountDownLatch(1);
       CountDownLatch cdlQueryRepliesReceived = new CountDownLatch(q.length);
-      ServerSocket ss = new ServerSocket(0, 0, InetAddress.getLoopbackAddress());
-      ss.setSoTimeout(5000);
-      Thread server =
-          new Thread(
-              () -> {
-                try {
-                  cdlServerThreadStart.countDown();
-                  Socket s = ss.accept();
-                  for (int i = 0; i < q.length; i++) {
-                    try {
-                      InputStream is = s.getInputStream();
-                      byte[] lengthData = new byte[2];
-                      int readLength = is.read(lengthData);
-                      assertEquals(2, readLength);
-                      byte[] messageData = new byte[(lengthData[0] << 8) + lengthData[1]];
-                      int readMessageLength = is.read(messageData);
-                      assertEquals(messageData.length, readMessageLength);
-                      Message serverReceivedMessages = new Message(messageData);
+      List<Throwable> exceptions = new ArrayList<>();
+      try (ServerSocket ss = new ServerSocket(0, 0, InetAddress.getLoopbackAddress())) {
+        ss.setReceiveBufferSize(16);
+        ss.setSoTimeout(15000);
+        Thread server =
+            new Thread(
+                () -> {
+                  try {
+                    cdlServerThreadStart.countDown();
+                    Socket s = ss.accept();
+                    for (int i = 0; i < q.length; i++) {
+                      log.debug("Waiting for reply #{}, id={}", i, q[i].getHeader().getID());
+                      try {
+                        InputStream is = s.getInputStream();
+                        byte[] lengthData = new byte[2];
+                        int readLength = is.read(lengthData);
+                        assertEquals(2, readLength);
+                        byte[] messageData =
+                            new byte[((lengthData[0] & 0xff) << 8) + (lengthData[1] & 0xff)];
+                        log.debug("Expecting message length={}", messageData.length);
+                        int totalReadMessageLength = 0;
+                        while (totalReadMessageLength < messageData.length) {
+                          int readMessageLength =
+                              is.read(
+                                  messageData,
+                                  totalReadMessageLength,
+                                  messageData.length - totalReadMessageLength);
+                          log.debug(
+                              "Received {} of {} bytes",
+                              totalReadMessageLength,
+                              messageData.length);
+                          totalReadMessageLength += readMessageLength;
+                        }
+
+                        assertEquals(messageData.length, totalReadMessageLength);
+                        log.debug(
+                            "Receive for #{}, id={} complete, parsing message",
+                            i,
+                            q[i].getHeader().getID());
+                        Message serverReceivedMessage = new Message(messageData);
 
-                      for (int j = q.length - 1; j >= 0; j--) {
                         Message answer = new Message();
                         answer.getHeader().setRcode(Rcode.NOERROR);
-                        answer.getHeader().setID(serverReceivedMessages.getHeader().getID());
-                        answer.addRecord(serverReceivedMessages.getQuestion(), Section.QUESTION);
+                        answer.getHeader().setID(serverReceivedMessage.getHeader().getID());
+                        answer.addRecord(serverReceivedMessage.getQuestion(), Section.QUESTION);
                         answer.addRecord(
                             new ARecord(
                                 Name.fromConstantString("example.com."),
@@ -59,52 +263,169 @@ void testResponseStream() throws InterruptedException, IOException {
                                 900,
                                 InetAddress.getLoopbackAddress()),
                             Section.ANSWER);
-                        byte[] queryData = answer.toWire();
-                        ByteBuffer buffer = ByteBuffer.allocate(queryData.length + 2);
-                        buffer.put((byte) (queryData.length >>> 8));
-                        buffer.put((byte) (queryData.length & 0xFF));
-                        buffer.put(queryData);
-                        s.getOutputStream().write(buffer.array());
+                        byte[] answerData = answer.toWire();
+                        ByteBuffer answerBuffer = ByteBuffer.allocate(answerData.length + 2);
+                        answerBuffer.put((byte) (answerData.length >>> 8));
+                        answerBuffer.put((byte) (answerData.length & 0xFF));
+                        answerBuffer.put(answerData);
+                        s.getOutputStream().write(answerBuffer.array());
+
+                      } catch (IOException e) {
+                        log.warn("Writing message to client failed", e);
+                        exceptions.add(e);
+                      }
+                    }
+                  } catch (IOException e) {
+                    log.warn("Server failed", e);
+                    exceptions.add(e);
+                  }
+
+                  cdlServerThreadEnd.countDown();
+                });
+        server.setDaemon(true);
+        server.start();
+
+        if (!cdlServerThreadStart.await(15, TimeUnit.SECONDS)) {
+          fail("timed out waiting for server thread to start");
+        }
+
+        for (int j = 0; j < q.length; j++) {
+          int jj = j;
+          nioTcpClient
+              .sendAndReceiveTcp(
+                  null,
+                  (InetSocketAddress) ss.getLocalSocketAddress(),
+                  q[j],
+                  q[j].toWire(),
+                  Duration.ofSeconds(15))
+              .whenComplete(
+                  (d, e1) -> {
+                    if (e1 == null) {
+                      try {
+                        assertEquals(q[jj].getHeader().getID(), new Message(d).getHeader().getID());
+                      } catch (IOException | AssertionFailedError e2) {
+                        exceptions.add(e2);
                       }
+                    } else {
+                      log.warn("sendrcv failed", e1);
+                      exceptions.add(e1);
+                    }
+                    cdlQueryRepliesReceived.countDown();
+                  });
+        }
+
+        if (!cdlQueryRepliesReceived.await(15, TimeUnit.SECONDS)) {
+          fail("timed out waiting for answers in client");
+        }
+
+        if (!cdlServerThreadEnd.await(15, TimeUnit.SECONDS)) {
+          fail("timeout waiting for server to stop");
+        }
+      }
+
+      for (Throwable t : exceptions) {
+        log.error("Failure during test run", t);
+      }
+      assertEquals(0, exceptions.size(), "Test had exceptions in async code");
+    } finally {
+      NioClient.close();
+    }
+  }
 
+  @ParameterizedTest
+  @ValueSource(strings = {"000101", "0000", "0002", "000201"})
+  void testTooShortResponseStream(String base16ResponseBytes)
+      throws InterruptedException, IOException {
+    byte[] responseBytes = base16.fromString(base16ResponseBytes);
+    try {
+      // start the selector thread early
+      NioClient.selector();
+      NioTcpClient nioTcpClient = new NioTcpClient();
+
+      Record qr = Record.newRecord(Name.fromConstantString("example.com."), Type.A, DClass.IN);
+      Message q = Message.newQuery(qr);
+      CountDownLatch cdlServerThreadStart = new CountDownLatch(1);
+      CountDownLatch cdlServerThreadEnd = new CountDownLatch(1);
+      CountDownLatch cdlWaitForResult = new CountDownLatch(1);
+      List<Throwable> exceptions = new ArrayList<>();
+      try (ServerSocket ss = new ServerSocket(0, 0, InetAddress.getLoopbackAddress())) {
+        ss.setSoTimeout(15000);
+        Thread server =
+            new Thread(
+                () -> {
+                  try {
+                    cdlServerThreadStart.countDown();
+                    Socket s = ss.accept();
+                    try {
+                      InputStream is = s.getInputStream();
+                      byte[] lengthData = new byte[2];
+                      int readLength = is.read(lengthData);
+                      assertEquals(2, readLength);
+                      byte[] messageData =
+                          new byte[((lengthData[0] & 0xff) << 8) + (lengthData[1] & 0xff)];
+                      int totalReadMessageLength = 0;
+                      while (totalReadMessageLength < messageData.length) {
+                        int readMessageLength =
+                            is.read(
+                                messageData,
+                                totalReadMessageLength,
+                                messageData.length - totalReadMessageLength);
+                        totalReadMessageLength += readMessageLength;
+                      }
+                      assertEquals(messageData.length, totalReadMessageLength);
+
+                      // Send an invalid response, too short to contain an ID
+                      OutputStream os = s.getOutputStream();
+                      os.write(responseBytes);
+                      os.flush();
                     } catch (IOException e) {
                       fail(e);
                     }
+                  } catch (SocketTimeoutException ste) {
+                    log.warn("Timeout waiting for a client connection", ste);
+                    exceptions.add(ste);
+                  } catch (IOException e) {
+                    log.warn("Server failed", e);
+                    exceptions.add(e);
                   }
-                } catch (SocketTimeoutException ste) {
-                  fail("Timeout waiting for a client connection", ste);
-                } catch (IOException e) {
-                  fail(e);
-                }
-              });
-      server.start();
 
-      if (!cdlServerThreadStart.await(5, TimeUnit.SECONDS)) {
-        fail("timed out waiting for server thread to start");
-      }
+                  cdlServerThreadEnd.countDown();
+                });
+        server.setDaemon(true);
+        server.start();
 
-      for (int j = 0; j < q.length; j++) {
-        int jj = j;
-        NioTcpClient.sendrecv(
+        if (!cdlServerThreadStart.await(15, TimeUnit.SECONDS)) {
+          fail("timed out waiting for server thread to start");
+        }
+
+        nioTcpClient
+            .sendAndReceiveTcp(
                 null,
                 (InetSocketAddress) ss.getLocalSocketAddress(),
-                q[j],
-                q[j].toWire(),
-                Duration.ofSeconds(5))
-            .thenAccept(
-                d -> {
-                  try {
-                    assertEquals(q[jj].getHeader().getID(), new Message(d).getHeader().getID());
-                    cdlQueryRepliesReceived.countDown();
-                  } catch (IOException e) {
-                    fail(e);
+                q,
+                q.toWire(),
+                Duration.ofSeconds(1))
+            .whenComplete(
+                (r, e) -> {
+                  cdlWaitForResult.countDown();
+                  if (e == null) {
+                    exceptions.add(new AssertionError("Got an answer but expected timeout"));
                   }
                 });
+
+        if (!cdlWaitForResult.await(15, TimeUnit.SECONDS)) {
+          fail("Timeout");
+        }
+
+        if (!cdlServerThreadEnd.await(15, TimeUnit.SECONDS)) {
+          fail("timeout waiting for server to stop");
+        }
       }
 
-      if (!cdlQueryRepliesReceived.await(5, TimeUnit.SECONDS)) {
-        fail("timed out waiting for answers");
+      for (Throwable t : exceptions) {
+        log.error("Failure during test run", t);
       }
+      assertEquals(0, exceptions.size(), "Test had exceptions in async code");
     } finally {
       NioClient.close();
     }
diff --git a/src/test/java/org/xbill/DNS/OPENPGPKEYRecordTest.java b/src/test/java/org/xbill/DNS/OPENPGPKEYRecordTest.java
index e8e3632aa..4e3155f75 100644
--- a/src/test/java/org/xbill/DNS/OPENPGPKEYRecordTest.java
+++ b/src/test/java/org/xbill/DNS/OPENPGPKEYRecordTest.java
@@ -12,8 +12,8 @@ class OPENPGPKEYRecordTest {
   @Test
   void rdataFromString() throws IOException {
     Tokenizer t = new Tokenizer("CAFEBABE");
-    OPENPGPKEYRecord record = new OPENPGPKEYRecord();
-    record.rdataFromString(t, null);
-    assertArrayEquals(base64.fromString("CAFEBABE"), record.getCert());
+    OPENPGPKEYRecord openpgpkeyRecord = new OPENPGPKEYRecord();
+    openpgpkeyRecord.rdataFromString(t, null);
+    assertArrayEquals(base64.fromString("CAFEBABE"), openpgpkeyRecord.getCert());
   }
 }
diff --git a/src/test/java/org/xbill/DNS/OPTRecordTest.java b/src/test/java/org/xbill/DNS/OPTRecordTest.java
index fc3e628d5..286266c10 100644
--- a/src/test/java/org/xbill/DNS/OPTRecordTest.java
+++ b/src/test/java/org/xbill/DNS/OPTRecordTest.java
@@ -6,10 +6,13 @@
 import static org.junit.jupiter.api.Assertions.assertThrows;
 import static org.junit.jupiter.api.Assertions.assertTrue;
 
+import java.io.IOException;
+import java.util.Collections;
 import org.junit.jupiter.api.Test;
 import org.xbill.DNS.DNSSEC.Algorithm;
 import org.xbill.DNS.DNSSEC.Digest;
 import org.xbill.DNS.EDNSOption.Code;
+import org.xbill.DNS.utils.base16;
 
 class OPTRecordTest {
 
@@ -82,6 +85,24 @@ void rdataFromString() {
     assertTrue(thrown.getMessage().contains("no text format defined for OPT"));
   }
 
+  @Test
+  void rdataFromWire() throws IOException {
+    byte[] buf = base16.fromString("000029100000000000000C000A00084531D089BA80C6EB");
+    OPTRecord optRecord = (OPTRecord) OPTRecord.fromWire(new DNSInput(buf), Section.ADDITIONAL);
+    assertEquals(
+        Collections.singletonList(new CookieOption(base16.fromString("4531D089BA80C6EB"))),
+        optRecord.getOptions());
+  }
+
+  @Test
+  void rdataFromWire_nullPadded() throws IOException {
+    byte[] buf = base16.fromString("000029100000000000000C000A00084531D089BA80C6EB00");
+    OPTRecord optRecord = (OPTRecord) OPTRecord.fromWire(new DNSInput(buf), Section.ADDITIONAL);
+    assertEquals(
+        Collections.singletonList(new CookieOption(base16.fromString("4531D089BA80C6EB"))),
+        optRecord.getOptions());
+  }
+
   private void assertNotEqual(final OPTRecord optRecordOne, final OPTRecord optRecordTwo) {
     assertNotEquals(optRecordOne, optRecordTwo);
     assertNotEquals(optRecordTwo, optRecordOne);
diff --git a/src/test/java/org/xbill/DNS/PXRecordTest.java b/src/test/java/org/xbill/DNS/PXRecordTest.java
index 447603b71..d1310a7c3 100644
--- a/src/test/java/org/xbill/DNS/PXRecordTest.java
+++ b/src/test/java/org/xbill/DNS/PXRecordTest.java
@@ -11,10 +11,10 @@ class PXRecordTest {
   @Test
   void rdataFromString() throws IOException {
     Tokenizer t = new Tokenizer("10   net2.it.  PRMD-net2.ADMD-p400.C-it.");
-    PXRecord record = new PXRecord();
-    record.rdataFromString(t, null);
-    assertEquals(10, record.getPreference());
-    assertEquals(Name.fromConstantString("net2.it."), record.getMap822());
-    assertEquals(Name.fromConstantString("PRMD-net2.ADMD-p400.C-it."), record.getMapX400());
+    PXRecord pxRecord = new PXRecord();
+    pxRecord.rdataFromString(t, null);
+    assertEquals(10, pxRecord.getPreference());
+    assertEquals(Name.fromConstantString("net2.it."), pxRecord.getMap822());
+    assertEquals(Name.fromConstantString("PRMD-net2.ADMD-p400.C-it."), pxRecord.getMapX400());
   }
 }
diff --git a/src/test/java/org/xbill/DNS/RPRecordTest.java b/src/test/java/org/xbill/DNS/RPRecordTest.java
index dcb43c8b3..ef78af9ac 100644
--- a/src/test/java/org/xbill/DNS/RPRecordTest.java
+++ b/src/test/java/org/xbill/DNS/RPRecordTest.java
@@ -11,9 +11,9 @@ class RPRecordTest {
   @Test
   void rdataFromString() throws IOException {
     Tokenizer t = new Tokenizer("louie.trantor.umd.edu.  LAM1.people.umd.edu.");
-    RPRecord record = new RPRecord();
-    record.rdataFromString(t, null);
-    assertEquals(Name.fromConstantString("louie.trantor.umd.edu."), record.getMailbox());
-    assertEquals(Name.fromConstantString("LAM1.people.umd.edu."), record.getTextDomain());
+    RPRecord rpRecord = new RPRecord();
+    rpRecord.rdataFromString(t, null);
+    assertEquals(Name.fromConstantString("louie.trantor.umd.edu."), rpRecord.getMailbox());
+    assertEquals(Name.fromConstantString("LAM1.people.umd.edu."), rpRecord.getTextDomain());
   }
 }
diff --git a/src/test/java/org/xbill/DNS/RRSIGRecordTest.java b/src/test/java/org/xbill/DNS/RRSIGRecordTest.java
index 777061253..3927066fb 100644
--- a/src/test/java/org/xbill/DNS/RRSIGRecordTest.java
+++ b/src/test/java/org/xbill/DNS/RRSIGRecordTest.java
@@ -17,15 +17,15 @@ void rdataFromString() throws IOException, ParseException {
     Tokenizer t =
         new Tokenizer(
             "NSEC3 10 3 180 20161207204758 20161107195347 31055 example.com. GLqlvFaWiemLree+4WQeR+0ANSEYeuLW/KEWZw9mZPUJ1bcb1OQCxp43 7DNdPCSmS/RqJGiVGtSW8xsGoRgUwOdczL8s4j/z3pVi8wDlhw2jXE0k fGBiOshH+3VjZV4eLlDmDixZ3WmA9gzf0G+qAwRP9tjps2+vqRfXOpoj /UffmcMgZODEDGonHAOX/k35sBL+zIP4k6i6Kq/lpPZd8oxsxCwyxAYl E1oMxeE14TnRZoqCZdAEgvrViF91z/tnMbYAY/JNWYK4iREOuuWTLOox C0hKBsymi3fyLjwZ1NV1Bh3lqYN0rr1uo8ZSZmGrfLdg4l+hO4Xl6kG6 JTn27Q==");
-    RRSIGRecord record = new RRSIGRecord();
-    record.rdataFromString(t, null);
-    assertEquals(10, record.getAlgorithm());
-    assertEquals(31055, record.getFootprint());
-    assertEquals(Name.fromConstantString("example.com."), record.getSigner());
-    assertEquals(50, record.getTypeCovered());
+    RRSIGRecord rrsigRecord = new RRSIGRecord();
+    rrsigRecord.rdataFromString(t, null);
+    assertEquals(10, rrsigRecord.getAlgorithm());
+    assertEquals(31055, rrsigRecord.getFootprint());
+    assertEquals(Name.fromConstantString("example.com."), rrsigRecord.getSigner());
+    assertEquals(50, rrsigRecord.getTypeCovered());
     SimpleDateFormat formatter = new SimpleDateFormat("yyyyMMddhhmmss", Locale.US);
     formatter.setTimeZone(TimeZone.getTimeZone("UTC"));
-    assertEquals(formatter.parse("20161207204758").toInstant(), record.getExpire());
-    assertEquals(formatter.parse("20161107195347").toInstant(), record.getTimeSigned());
+    assertEquals(formatter.parse("20161207204758").toInstant(), rrsigRecord.getExpire());
+    assertEquals(formatter.parse("20161107195347").toInstant(), rrsigRecord.getTimeSigned());
   }
 }
diff --git a/src/test/java/org/xbill/DNS/RRsetTest.java b/src/test/java/org/xbill/DNS/RRsetTest.java
index 887997fd5..b5305339c 100644
--- a/src/test/java/org/xbill/DNS/RRsetTest.java
+++ b/src/test/java/org/xbill/DNS/RRsetTest.java
@@ -35,6 +35,7 @@
 //
 package org.xbill.DNS;
 
+import static org.junit.jupiter.api.Assertions.assertDoesNotThrow;
 import static org.junit.jupiter.api.Assertions.assertEquals;
 import static org.junit.jupiter.api.Assertions.assertFalse;
 import static org.junit.jupiter.api.Assertions.assertNotNull;
@@ -355,8 +356,11 @@ void cycleSimulationShortValues(int numOfCalls) {
     rrset.addRR(m_a1);
     rrset.addRR(m_a2);
 
-    for (int i = 0; i < numOfCalls; i++) {
-      rrset.rrs(true);
-    }
+    assertDoesNotThrow(
+        () -> {
+          for (int i = 0; i < numOfCalls; i++) {
+            rrset.rrs(true);
+          }
+        });
   }
 }
diff --git a/src/test/java/org/xbill/DNS/RecordTest.java b/src/test/java/org/xbill/DNS/RecordTest.java
index 7dee4e67b..b00cfc781 100644
--- a/src/test/java/org/xbill/DNS/RecordTest.java
+++ b/src/test/java/org/xbill/DNS/RecordTest.java
@@ -38,6 +38,7 @@
 import static org.junit.jupiter.api.Assertions.assertArrayEquals;
 import static org.junit.jupiter.api.Assertions.assertEquals;
 import static org.junit.jupiter.api.Assertions.assertFalse;
+import static org.junit.jupiter.api.Assertions.assertInstanceOf;
 import static org.junit.jupiter.api.Assertions.assertNotEquals;
 import static org.junit.jupiter.api.Assertions.assertNotNull;
 import static org.junit.jupiter.api.Assertions.assertNotSame;
@@ -46,12 +47,18 @@
 import static org.junit.jupiter.api.Assertions.assertTrue;
 import static org.junit.jupiter.api.Assertions.fail;
 
+import java.io.ByteArrayInputStream;
+import java.io.ByteArrayOutputStream;
 import java.io.IOException;
+import java.io.ObjectInputStream;
+import java.io.ObjectOutputStream;
 import java.net.InetAddress;
 import java.net.UnknownHostException;
 import java.time.Instant;
 import java.util.function.Supplier;
 import org.junit.jupiter.api.Test;
+import org.junit.jupiter.params.ParameterizedTest;
+import org.junit.jupiter.params.provider.ValueSource;
 
 class RecordTest {
   private static class SubRecord extends Record {
@@ -545,28 +552,36 @@ void fromString() throws IOException {
   }
 
   @Test
-  void fromString_invalid() throws IOException {
+  void fromString_empty() throws IOException {
     Name n = Name.fromString("My.N.");
+    Record r = Record.fromString(n, 0, DClass.IN, 3600, "\\# 0", Name.root);
+    assertInstanceOf(UNKRecord.class, r);
+    assertEquals(0, ((UNKRecord) r).getData().length);
+  }
+
+  @Test
+  void fromString_relative() throws IOException {
     Name rel = Name.fromString("My.R");
     Name n2 = Name.fromString("My.Second.Name.");
-    int t = Type.A;
-    int d = DClass.IN;
-    int ttl = 0xABE99;
-    InetAddress addr = InetAddress.getByName("191.234.43.10");
 
     assertThrows(
         RelativeNameException.class,
-        () -> Record.fromString(rel, t, d, ttl, new Tokenizer("191.234.43.10"), n2));
+        () -> Record.fromString(rel, Type.A, DClass.IN, 3600, "191.234.43.10", n2));
+  }
 
-    assertThrows(
-        TextParseException.class,
-        () -> Record.fromString(n, t, d, ttl, new Tokenizer("191.234.43.10 another_token"), n2));
+  @ParameterizedTest
+  @ValueSource(
+      strings = {
+        "191.234.43.10 another_token",
+        "\\# 100 ABCDE",
+        "\\# 100",
+      })
+  void fromString_invalid(String data) throws IOException {
+    Name n = Name.fromString("My.N.");
+    Name n2 = Name.fromString("My.Second.Name.");
 
     assertThrows(
-        TextParseException.class,
-        () -> Record.fromString(n, t, d, ttl, new Tokenizer("\\# 100 ABCDE"), n2));
-
-    assertThrows(TextParseException.class, () -> Record.fromString(n, t, d, ttl, "\\# 100", n2));
+        TextParseException.class, () -> Record.fromString(n, Type.A, DClass.IN, 3600, data, n2));
   }
 
   @Test
@@ -863,16 +878,46 @@ void testAllTypesHaveNoArgConstructor() {
           assertNotNull(proto.get());
         } catch (Exception e) {
           fail(
-              "Record type "
-                  + Type.string(i)
-                  + " ("
-                  + i
-                  + ", "
-                  + proto.getClass().getSimpleName()
-                  + ")"
-                  + " seems to have no or invalid 0arg ctor");
+              String.format(
+                  "Record type %s, (%d, %s) seems to have no or invalid 0arg ctor",
+                  Type.string(i), i, proto.getClass().getSimpleName()));
         }
       }
     }
   }
+
+  @Test
+  void testSerializable() throws IOException {
+    for (int i = 1; i < 65535; i++) {
+      try (ByteArrayOutputStream bos = new ByteArrayOutputStream()) {
+        try (ObjectOutputStream oos = new ObjectOutputStream(bos)) {
+          if (Type.getFactory(i) != null) {
+            Record expected = Record.newRecord(Name.root, i, DClass.IN);
+            try {
+              oos.writeObject(expected);
+              try (ObjectInputStream ois =
+                  new ObjectInputStream(new ByteArrayInputStream(bos.toByteArray()))) {
+                Record actual = (Record) ois.readObject();
+                assertEquals(expected, actual);
+              }
+            } catch (Exception e) {
+              fail(
+                  String.format(
+                      "Record type %s (%d, %s) failed to (de)serialize",
+                      Type.string(i), i, expected.getClass().getSimpleName()),
+                  e);
+            }
+          }
+        }
+      }
+    }
+  }
+
+  // https://github.com/dnsjava/dnsjava/issues/254
+  @Test
+  void testEmptyTXTSerialization() throws IOException {
+    Name recordName = Name.fromString("name.name.");
+    Record r = Record.fromString(recordName, Type.TXT, DClass.IN, 0, "", recordName);
+    assertEquals("name.name.\t\t0\tIN\tTXT\t\"\"", r.toString());
+  }
 }
diff --git a/src/test/java/org/xbill/DNS/ResolverConfigTest.java b/src/test/java/org/xbill/DNS/ResolverConfigTest.java
index 5b383bade..f14683989 100644
--- a/src/test/java/org/xbill/DNS/ResolverConfigTest.java
+++ b/src/test/java/org/xbill/DNS/ResolverConfigTest.java
@@ -1,6 +1,7 @@
 // SPDX-License-Identifier: BSD-3-Clause
 package org.xbill.DNS;
 
+import static org.junit.jupiter.api.Assertions.assertDoesNotThrow;
 import static org.junit.jupiter.api.Assertions.assertEquals;
 import static org.junit.jupiter.api.Assertions.assertFalse;
 import static org.junit.jupiter.api.Assertions.assertTrue;
@@ -13,6 +14,7 @@
 import java.lang.reflect.Field;
 import java.net.InetSocketAddress;
 import java.util.Arrays;
+import org.junit.jupiter.api.AfterEach;
 import org.junit.jupiter.api.Test;
 import org.junit.jupiter.api.condition.DisabledOnOs;
 import org.junit.jupiter.api.condition.EnabledOnOs;
@@ -25,28 +27,36 @@
 import org.xbill.DNS.config.WindowsResolverConfigProvider;
 
 class ResolverConfigTest {
-  @Test
-  void testSkipInit() throws Exception {
+  @AfterEach
+  void afterEach() throws Exception {
+    // make sure the ResolverConfig providers are not staying initialized after a test
     Field configProvidersField = ResolverConfig.class.getDeclaredField("configProviders");
     configProvidersField.setAccessible(true);
     configProvidersField.set(null, null);
+    Field currentConfigField = ResolverConfig.class.getDeclaredField("currentConfig");
+    currentConfigField.setAccessible(true);
+    currentConfigField.set(null, null);
+  }
+
+  @Test
+  void testSkipInit() {
     try {
       System.setProperty(ResolverConfig.CONFIGPROVIDER_SKIP_INIT, Boolean.TRUE.toString());
       assertTrue(ResolverConfig.getConfigProviders().isEmpty());
     } finally {
       System.setProperty(ResolverConfig.CONFIGPROVIDER_SKIP_INIT, Boolean.FALSE.toString());
-      configProvidersField.set(null, null);
     }
   }
 
   @Test
   void properties() {
-    String[] dnsServers = {"192.168.1.1", "192.168.1.2", "192.168.1.1"};
+    String[] dnsServers1 = {"192.168.1.1", "192.168.1.2", "192.168.1.1"};
+    String[] dnsServers2 = {"192.168.1.3"};
     // intentionally adding duplicate search entries for testing
     String[] dnsSearch = {"dnsjava.org", "example.com", "dnsjava.org"};
     Name[] searchPath =
         Arrays.stream(dnsSearch).map(s -> Name.fromConstantString(s + ".")).toArray(Name[]::new);
-    System.setProperty(DNS_SERVER_PROP, String.join(",", dnsServers));
+    System.setProperty(DNS_SERVER_PROP, String.join(",", dnsServers1));
     System.setProperty(DNS_SEARCH_PROP, String.join(",", dnsSearch));
     System.setProperty(DNS_NDOTS_PROP, String.valueOf(5));
     try {
@@ -55,7 +65,12 @@ void properties() {
       rc.initialize();
 
       assertEquals(2, rc.servers().size());
-      assertEquals(dnsServers[0], rc.servers().get(0).getAddress().getHostAddress());
+      assertEquals(dnsServers1[0], rc.servers().get(0).getAddress().getHostAddress());
+
+      // must remove no longer present servers
+      System.setProperty(DNS_SERVER_PROP, String.join(",", dnsServers2));
+      rc.initialize();
+      assertEquals(1, rc.servers().size());
 
       // any duplicate suffixes should be excluded
       assertEquals(2, rc.searchPaths().size());
@@ -184,13 +199,18 @@ void windowsServersContainedInJndi() throws InitializationException {
     WindowsResolverConfigProvider win = new WindowsResolverConfigProvider();
     win.initialize();
 
-    // the servers returned via Windows API must be in the JNDI list, but not necessarily the other
-    // way round. Unless there IPv6 servers which are not in the registry and Java <= 15 does not
-    // find.
+    // The servers returned via Windows API must be in the JNDI list, but not necessarily the other
+    // way round. Unless there are IPv6 servers which are not in the registry and Java <= 15 does
+    // not find.
     for (InetSocketAddress winServer : win.servers()) {
       assertTrue(
           jndi.servers().contains(winServer),
           winServer + " not found in JNDI, " + win.servers() + "; " + jndi.servers());
     }
   }
+
+  @Test
+  void refreshAsFirstCall() {
+    assertDoesNotThrow(ResolverConfig::refresh);
+  }
 }
diff --git a/src/test/java/org/xbill/DNS/ResolverTest.java b/src/test/java/org/xbill/DNS/ResolverTest.java
new file mode 100644
index 000000000..365254a83
--- /dev/null
+++ b/src/test/java/org/xbill/DNS/ResolverTest.java
@@ -0,0 +1,47 @@
+// SPDX-License-Identifier: BSD-3-Clause
+package org.xbill.DNS;
+
+import static org.assertj.core.api.Assertions.assertThat;
+import static org.junit.jupiter.api.Assertions.fail;
+
+import java.net.UnknownHostException;
+import java.time.Duration;
+import java.util.concurrent.CompletionException;
+import java.util.concurrent.CountDownLatch;
+import java.util.concurrent.TimeUnit;
+import org.junit.jupiter.api.Test;
+
+class ResolverTest {
+  @Test
+  @SuppressWarnings("deprecation")
+  void resolverListenerExceptionUnwrap() throws InterruptedException, UnknownHostException {
+    // 1. Point to a blackhole address from RFC 5737 TEST-NET-1 to ensure a timeout
+    SimpleResolver resolver = new SimpleResolver("192.0.2.1");
+    resolver.setTimeout(Duration.ofSeconds(2));
+
+    Message query =
+        Message.newQuery(
+            Record.newRecord(Name.fromConstantString("example.com."), Type.A, DClass.IN));
+    CountDownLatch latch = new CountDownLatch(1);
+
+    // 2. Use the async method with a listener
+    resolver.sendAsync(
+        query,
+        new ResolverListener() {
+          @Override
+          public void receiveMessage(Object id, Message m) {
+            fail("Received message (should not happen)");
+            latch.countDown();
+          }
+
+          @Override
+          public void handleException(Object id, Exception ex) {
+            // 3. Observe the exception type
+            assertThat(ex).isNotInstanceOf(CompletionException.class);
+            latch.countDown();
+          }
+        });
+
+    latch.await(5, TimeUnit.SECONDS);
+  }
+}
diff --git a/src/test/java/org/xbill/DNS/SMIMEARecordTest.java b/src/test/java/org/xbill/DNS/SMIMEARecordTest.java
index 46d67b48d..6f101a419 100644
--- a/src/test/java/org/xbill/DNS/SMIMEARecordTest.java
+++ b/src/test/java/org/xbill/DNS/SMIMEARecordTest.java
@@ -13,12 +13,13 @@ class SMIMEARecordTest {
   @Test
   void rdataFromString() throws IOException {
     Tokenizer t = new Tokenizer("(3 0 2 CAFEBABE)");
-    SMIMEARecord record = new SMIMEARecord();
-    record.rdataFromString(t, null);
+    SMIMEARecord smimeaRecord = new SMIMEARecord();
+    smimeaRecord.rdataFromString(t, null);
     assertEquals(
-        SMIMEARecord.CertificateUsage.DOMAIN_ISSUED_CERTIFICATE, record.getCertificateUsage());
-    assertEquals(SMIMEARecord.MatchingType.SHA512, record.getMatchingType());
-    assertEquals(SMIMEARecord.Selector.FULL_CERTIFICATE, record.getSelector());
-    assertArrayEquals(base16.fromString("CAFEBABE"), record.getCertificateAssociationData());
+        SMIMEARecord.CertificateUsage.DOMAIN_ISSUED_CERTIFICATE,
+        smimeaRecord.getCertificateUsage());
+    assertEquals(SMIMEARecord.MatchingType.SHA512, smimeaRecord.getMatchingType());
+    assertEquals(SMIMEARecord.Selector.FULL_CERTIFICATE, smimeaRecord.getSelector());
+    assertArrayEquals(base16.fromString("CAFEBABE"), smimeaRecord.getCertificateAssociationData());
   }
 }
diff --git a/src/test/java/org/xbill/DNS/SPFRecordTest.java b/src/test/java/org/xbill/DNS/SPFRecordTest.java
index bde1ad534..9d1dbf9aa 100644
--- a/src/test/java/org/xbill/DNS/SPFRecordTest.java
+++ b/src/test/java/org/xbill/DNS/SPFRecordTest.java
@@ -11,9 +11,9 @@ class SPFRecordTest {
   @Test
   void rdataFromString() throws IOException {
     Tokenizer t = new Tokenizer("v=spf1 a mx ip4:69.64.153.131 include:_spf.google.com ~all");
-    SPFRecord record = new SPFRecord();
-    record.rdataFromString(t, null);
-    assertEquals(6, record.getStrings().size());
-    assertEquals(6, record.getStringsAsByteArrays().size());
+    SPFRecord spfRecord = new SPFRecord();
+    spfRecord.rdataFromString(t, null);
+    assertEquals(6, spfRecord.getStrings().size());
+    assertEquals(6, spfRecord.getStringsAsByteArrays().size());
   }
 }
diff --git a/src/test/java/org/xbill/DNS/SRVRecordTest.java b/src/test/java/org/xbill/DNS/SRVRecordTest.java
index b99f5c913..39eeb39a8 100644
--- a/src/test/java/org/xbill/DNS/SRVRecordTest.java
+++ b/src/test/java/org/xbill/DNS/SRVRecordTest.java
@@ -11,12 +11,12 @@ class SRVRecordTest {
   @Test
   void rdataFromString() throws IOException {
     Tokenizer t = new Tokenizer("0 5 5060 sipserver.example.com.");
-    SRVRecord record = new SRVRecord();
-    record.rdataFromString(t, null);
-    assertEquals(0, record.getPriority());
-    assertEquals(5, record.getWeight());
-    assertEquals(5060, record.getPort());
-    assertEquals(Name.fromConstantString("sipserver.example.com."), record.getTarget());
-    assertEquals(record.getAdditionalName(), record.getTarget());
+    SRVRecord srvRecord = new SRVRecord();
+    srvRecord.rdataFromString(t, null);
+    assertEquals(0, srvRecord.getPriority());
+    assertEquals(5, srvRecord.getWeight());
+    assertEquals(5060, srvRecord.getPort());
+    assertEquals(Name.fromConstantString("sipserver.example.com."), srvRecord.getTarget());
+    assertEquals(srvRecord.getAdditionalName(), srvRecord.getTarget());
   }
 }
diff --git a/src/test/java/org/xbill/DNS/SSHFPRecordTest.java b/src/test/java/org/xbill/DNS/SSHFPRecordTest.java
index f2128657a..349b94d42 100644
--- a/src/test/java/org/xbill/DNS/SSHFPRecordTest.java
+++ b/src/test/java/org/xbill/DNS/SSHFPRecordTest.java
@@ -13,10 +13,10 @@ class SSHFPRecordTest {
   @Test
   void rdataFromString() throws IOException {
     Tokenizer t = new Tokenizer("2 1 CAFEBABE");
-    SSHFPRecord record = new SSHFPRecord();
-    record.rdataFromString(t, null);
-    assertEquals(SSHFPRecord.Algorithm.DSS, record.getAlgorithm());
-    assertEquals(SSHFPRecord.Digest.SHA1, record.getDigestType());
-    assertArrayEquals(base16.fromString("CAFEBABE"), record.getFingerPrint());
+    SSHFPRecord sshfpRecord = new SSHFPRecord();
+    sshfpRecord.rdataFromString(t, null);
+    assertEquals(SSHFPRecord.Algorithm.DSS, sshfpRecord.getAlgorithm());
+    assertEquals(SSHFPRecord.Digest.SHA1, sshfpRecord.getDigestType());
+    assertArrayEquals(base16.fromString("CAFEBABE"), sshfpRecord.getFingerPrint());
   }
 }
diff --git a/src/test/java/org/xbill/DNS/SVCBRecordTest.java b/src/test/java/org/xbill/DNS/SVCBRecordTest.java
index 966c7a677..73726b3e1 100644
--- a/src/test/java/org/xbill/DNS/SVCBRecordTest.java
+++ b/src/test/java/org/xbill/DNS/SVCBRecordTest.java
@@ -74,24 +74,24 @@ void createRecord() throws IOException {
     SVCBRecord.ParameterIpv4Hint ipv4 = new SVCBRecord.ParameterIpv4Hint();
     ipv4.fromString("1.2.3.4,5.6.7.8");
     List<SVCBRecord.ParameterBase> params = Arrays.asList(mandatory, ipv4, alpn);
-    SVCBRecord record = new SVCBRecord(label, DClass.IN, 300, svcPriority, svcDomain, params);
+    SVCBRecord svcbRecord = new SVCBRecord(label, DClass.IN, 300, svcPriority, svcDomain, params);
 
-    assertEquals(Type.SVCB, record.getType());
-    assertEquals(label, record.getName());
-    assertEquals(svcPriority, record.getSvcPriority());
-    assertEquals(svcDomain, record.getTargetName());
+    assertEquals(Type.SVCB, svcbRecord.getType());
+    assertEquals(label, svcbRecord.getName());
+    assertEquals(svcPriority, svcbRecord.getSvcPriority());
+    assertEquals(svcDomain, svcbRecord.getTargetName());
     assertEquals(
         Arrays.asList(SVCBRecord.MANDATORY, SVCBRecord.ALPN, SVCBRecord.IPV4HINT).toString(),
-        record.getSvcParamKeys().toString());
-    assertEquals("alpn", record.getSvcParamValue(SVCBRecord.MANDATORY).toString());
-    assertEquals("h1,h2", record.getSvcParamValue(SVCBRecord.ALPN).toString());
-    assertEquals("h1,h2", record.getSvcParamValue(SVCBRecord.ALPN).toString());
-    assertNull(record.getSvcParamValue(1234));
+        svcbRecord.getSvcParamKeys().toString());
+    assertEquals("alpn", svcbRecord.getSvcParamValue(SVCBRecord.MANDATORY).toString());
+    assertEquals("h1,h2", svcbRecord.getSvcParamValue(SVCBRecord.ALPN).toString());
+    assertEquals("h1,h2", svcbRecord.getSvcParamValue(SVCBRecord.ALPN).toString());
+    assertNull(svcbRecord.getSvcParamValue(1234));
     Options.unset("BINDTTL");
     Options.unset("noPrintIN");
     assertEquals(
         "test.com.\t\t300\tIN\tSVCB\t5 svc.test.com. mandatory=alpn alpn=h1,h2 ipv4hint=1.2.3.4,5.6.7.8",
-        record.toString());
+        svcbRecord.toString());
   }
 
   @Test
@@ -117,6 +117,15 @@ void aliasMode() throws IOException {
     assertEquals(str, wireToString(bytes));
   }
 
+  @Test
+  void serviceModeWithoutParameters() throws IOException {
+    String str = "1 .";
+    byte[] bytes = stringToWire(str);
+    byte[] expected = new byte[] {0, 1, 0};
+    assertArrayEquals(expected, bytes);
+    assertEquals(str, wireToString(bytes));
+  }
+
   @Test
   void serviceModePort() throws IOException {
     String str = "1 . port=8443";
@@ -319,6 +328,7 @@ void masterFormatParsing() throws IOException {
             + "test.net. 86400 IN NS ns1.test.net.\n"
             + "test.net. 300 IN HTTPS 0 www.test.net.\n"
             + "test.net. 300 IN SVCB 1 . alpn=h2\n"
+            + "test.net. 300 IN HTTPS 1 .\n"
             + "www.test.net. 300 IN A 1.2.3.4\n";
     Master m = new Master(new ByteArrayInputStream(str.getBytes()));
 
@@ -333,6 +343,9 @@ void masterFormatParsing() throws IOException {
     assertEquals(Type.SVCB, r.getType());
     assertEquals("1 . alpn=h2", r.rdataToString());
     r = m.nextRecord();
+    assertEquals(Type.HTTPS, r.getType());
+    assertEquals("1 .", r.rdataToString());
+    r = m.nextRecord();
     assertEquals(Type.A, r.getType());
     assertEquals("1.2.3.4", r.rdataToString());
     r = m.nextRecord();
@@ -351,12 +364,6 @@ void extraQuotesInParamValues() {
     assertThrows(TextParseException.class, () -> stringToWire(str));
   }
 
-  @Test
-  void serviceModeWithoutParameters() {
-    String str = "1 aliasmode.example.com.";
-    assertThrows(TextParseException.class, () -> stringToWire(str));
-  }
-
   @Test
   void aliasModeWithParameters() {
     String str = "0 . alpn=h3";
@@ -465,12 +472,6 @@ void emptyString() {
     assertThrows(TextParseException.class, () -> stringToWire(str));
   }
 
-  @Test
-  void noParamValues() {
-    String str = "1 .";
-    assertThrows(TextParseException.class, () -> stringToWire(str));
-  }
-
   @Test
   void svcPriorityTooHigh() {
     String str = "65536 . port=443";
@@ -581,18 +582,18 @@ void wireFormatIpv6HintTooShort() {
 
   public static byte[] stringToWire(String str) throws IOException {
     Tokenizer t = new Tokenizer(str);
-    SVCBRecord record = new SVCBRecord();
-    record.rdataFromString(t, null);
+    SVCBRecord svcbRecord = new SVCBRecord();
+    svcbRecord.rdataFromString(t, null);
     DNSOutput out = new DNSOutput();
-    record.rrToWire(out, null, true);
+    svcbRecord.rrToWire(out, null, true);
     return out.toByteArray();
   }
 
   public static String wireToString(byte[] bytes) throws IOException {
     DNSInput in = new DNSInput(bytes);
-    SVCBRecord record = new SVCBRecord();
-    record.rrFromWire(in);
-    return record.rdataToString();
+    SVCBRecord svcbRecord = new SVCBRecord();
+    svcbRecord.rrFromWire(in);
+    return svcbRecord.rdataToString();
   }
 
   public static String stringToWireToString(String str) throws IOException {
diff --git a/src/test/java/org/xbill/DNS/SetResponseTest.java b/src/test/java/org/xbill/DNS/SetResponseTest.java
index 36d59d757..2f91302ad 100644
--- a/src/test/java/org/xbill/DNS/SetResponseTest.java
+++ b/src/test/java/org/xbill/DNS/SetResponseTest.java
@@ -45,159 +45,138 @@
 import java.net.InetAddress;
 import java.net.UnknownHostException;
 import org.junit.jupiter.api.Test;
+import org.junit.jupiter.params.ParameterizedTest;
+import org.junit.jupiter.params.provider.CsvSource;
+import org.junit.jupiter.params.provider.EnumSource;
+import org.junit.jupiter.params.provider.ValueSource;
 
 class SetResponseTest {
-  @Test
-  void ctor_1arg() {
-    final int[] types =
-        new int[] {
-          SetResponse.UNKNOWN,
-          SetResponse.NXDOMAIN,
-          SetResponse.NXRRSET,
-          SetResponse.DELEGATION,
-          SetResponse.CNAME,
-          SetResponse.DNAME,
-          SetResponse.SUCCESSFUL
-        };
-
-    for (int type : types) {
-      SetResponse sr = new SetResponse(type);
-      assertNull(sr.getNS());
-      assertEquals(type == SetResponse.UNKNOWN, sr.isUnknown());
-      assertEquals(type == SetResponse.NXDOMAIN, sr.isNXDOMAIN());
-      assertEquals(type == SetResponse.NXRRSET, sr.isNXRRSET());
-      assertEquals(type == SetResponse.DELEGATION, sr.isDelegation());
-      assertEquals(type == SetResponse.CNAME, sr.isCNAME());
-      assertEquals(type == SetResponse.DNAME, sr.isDNAME());
-      assertEquals(type == SetResponse.SUCCESSFUL, sr.isSuccessful());
-    }
-  }
-
-  @Test
-  void ctor_1arg_toosmall() {
-    assertThrows(IllegalArgumentException.class, () -> new SetResponse(-1));
-  }
-
-  @Test
-  void ctor_1arg_toobig() {
-    assertThrows(IllegalArgumentException.class, () -> new SetResponse(7));
-  }
-
-  @Test
-  void ctor_2arg() {
-    final int[] types =
-        new int[] {
-          SetResponse.UNKNOWN,
-          SetResponse.NXDOMAIN,
-          SetResponse.NXRRSET,
-          SetResponse.DELEGATION,
-          SetResponse.CNAME,
-          SetResponse.DNAME,
-          SetResponse.SUCCESSFUL
-        };
-
-    for (int type : types) {
-      RRset rs = new RRset();
-      SetResponse sr = new SetResponse(type, rs);
-      assertSame(rs, sr.getNS());
-      assertEquals(type == SetResponse.UNKNOWN, sr.isUnknown());
-      assertEquals(type == SetResponse.NXDOMAIN, sr.isNXDOMAIN());
-      assertEquals(type == SetResponse.NXRRSET, sr.isNXRRSET());
-      assertEquals(type == SetResponse.DELEGATION, sr.isDelegation());
-      assertEquals(type == SetResponse.CNAME, sr.isCNAME());
-      assertEquals(type == SetResponse.DNAME, sr.isDNAME());
-      assertEquals(type == SetResponse.SUCCESSFUL, sr.isSuccessful());
-    }
-  }
-
-  @Test
-  void ctor_2arg_toosmall() {
-    assertThrows(IllegalArgumentException.class, () -> new SetResponse(-1, new RRset()));
-  }
-
-  @Test
-  void ctor_2arg_toobig() {
-    assertThrows(IllegalArgumentException.class, () -> new SetResponse(7, new RRset()));
-  }
-
-  @Test
-  void ofType_basic() {
-    final int[] types =
-        new int[] {
-          SetResponse.DELEGATION, SetResponse.CNAME, SetResponse.DNAME, SetResponse.SUCCESSFUL
-        };
-
-    for (int type : types) {
-      SetResponse sr = SetResponse.ofType(type);
-      assertNull(sr.getNS());
-      assertEquals(type == SetResponse.UNKNOWN, sr.isUnknown());
-      assertEquals(type == SetResponse.NXDOMAIN, sr.isNXDOMAIN());
-      assertEquals(type == SetResponse.NXRRSET, sr.isNXRRSET());
-      assertEquals(type == SetResponse.DELEGATION, sr.isDelegation());
-      assertEquals(type == SetResponse.CNAME, sr.isCNAME());
-      assertEquals(type == SetResponse.DNAME, sr.isDNAME());
-      assertEquals(type == SetResponse.SUCCESSFUL, sr.isSuccessful());
+  private static final ARecord A_RECORD_1 =
+      new ARecord(
+          Name.fromConstantString("The.Name."),
+          DClass.IN,
+          0xABCD,
+          new byte[] {(byte) 192, (byte) 168, 0, 1});
+  private static final ARecord A_RECORD_2 =
+      new ARecord(
+          Name.fromConstantString("The.Name."),
+          DClass.IN,
+          0xABCD,
+          new byte[] {(byte) 192, (byte) 168, 0, 2});
+
+  @ParameterizedTest
+  @EnumSource(value = SetResponseType.class)
+  void ctor_1arg(SetResponseType type) {
+    SetResponse sr = SetResponse.ofType(type);
+    assertNull(sr.getNS());
+    assertEquals(type == SetResponseType.UNKNOWN, sr.isUnknown());
+    assertEquals(type == SetResponseType.NXDOMAIN, sr.isNXDOMAIN());
+    assertEquals(type == SetResponseType.NXRRSET, sr.isNXRRSET());
+    assertEquals(type == SetResponseType.DELEGATION, sr.isDelegation());
+    assertEquals(type == SetResponseType.CNAME, sr.isCNAME());
+    assertEquals(type == SetResponseType.DNAME, sr.isDNAME());
+    assertEquals(type == SetResponseType.SUCCESSFUL, sr.isSuccessful());
+  }
+
+  @ParameterizedTest
+  @EnumSource(
+      value = SetResponseType.class,
+      names = {
+        "DELEGATION",
+        "CNAME",
+        "DNAME",
+        "SUCCESSFUL",
+      })
+  void ofType_basic(SetResponseType type) {
+    RRset rs = new RRset();
+    SetResponse sr = SetResponse.ofType(type, rs);
+    assertSame(rs, sr.getNS());
+    assertEquals(type == SetResponseType.DELEGATION, sr.isDelegation());
+    assertEquals(type == SetResponseType.CNAME, sr.isCNAME());
+    assertEquals(type == SetResponseType.DNAME, sr.isDNAME());
+    assertEquals(type == SetResponseType.SUCCESSFUL, sr.isSuccessful());
+
+    SetResponse sr2 = SetResponse.ofType(type, rs);
+    assertNotSame(sr, sr2);
+  }
+
+  @ParameterizedTest
+  @EnumSource(
+      value = SetResponseType.class,
+      names = {
+        "UNKNOWN",
+        "NXDOMAIN",
+        "NXRRSET",
+      })
+  void ofType_singleton(SetResponseType type) {
+    SetResponse sr = SetResponse.ofType(type);
+    assertNull(sr.getNS());
+    assertEquals(type == SetResponseType.UNKNOWN, sr.isUnknown());
+    assertEquals(type == SetResponseType.NXDOMAIN, sr.isNXDOMAIN());
+    assertEquals(type == SetResponseType.NXRRSET, sr.isNXRRSET());
+    assertThrows(IllegalStateException.class, () -> sr.addRRset(new RRset()));
+
+    SetResponse sr2 = SetResponse.ofType(type);
+    assertSame(sr, sr2);
+  }
+
+  @Test
+  void addRRset() {
+    RRset rrs = new RRset();
+    rrs.addRR(A_RECORD_1);
+    rrs.addRR(A_RECORD_2);
+    SetResponse sr = SetResponse.ofType(SetResponseType.SUCCESSFUL, rrs);
 
-      SetResponse sr2 = SetResponse.ofType(type);
-      assertNotSame(sr, sr2);
-    }
+    RRset[] exp = new RRset[] {rrs};
+    assertArrayEquals(exp, sr.answers().toArray());
   }
 
-  @Test
-  void ofType_singleton() {
-    final int[] types = new int[] {SetResponse.UNKNOWN, SetResponse.NXDOMAIN, SetResponse.NXRRSET};
-
-    for (int type : types) {
-      SetResponse sr = SetResponse.ofType(type);
-      assertNull(sr.getNS());
-      assertEquals(type == SetResponse.UNKNOWN, sr.isUnknown());
-      assertEquals(type == SetResponse.NXDOMAIN, sr.isNXDOMAIN());
-      assertEquals(type == SetResponse.NXRRSET, sr.isNXRRSET());
-      assertEquals(type == SetResponse.DELEGATION, sr.isDelegation());
-      assertEquals(type == SetResponse.CNAME, sr.isCNAME());
-      assertEquals(type == SetResponse.DNAME, sr.isDNAME());
-      assertEquals(type == SetResponse.SUCCESSFUL, sr.isSuccessful());
-
-      SetResponse sr2 = SetResponse.ofType(type);
-      assertSame(sr, sr2);
+  @ParameterizedTest
+  @ValueSource(booleans = {false, true})
+  void ofTypeWithCachedRRset(boolean isAuthenticated) {
+    SetResponse sr =
+        SetResponse.ofType(
+            SetResponseType.SUCCESSFUL,
+            new Cache.CacheRRset(new RRset(A_RECORD_1), 0, 0, isAuthenticated));
+    assertEquals(isAuthenticated, sr.isAuthenticated());
+  }
+
+  @ParameterizedTest
+  @CsvSource({
+    "false,true,true,true,true",
+    "false,false,true,false,false",
+    "true,true,false,true,false",
+    "true,false,false,false,false",
+  })
+  void addRRsetAuthenticated(
+      boolean addInitial,
+      boolean first,
+      boolean second,
+      boolean firstResult,
+      boolean secondResult) {
+    RRset rrs = new RRset(A_RECORD_1);
+    SetResponse sr;
+    if (addInitial) {
+      sr = SetResponse.ofType(SetResponseType.SUCCESSFUL, rrs, first);
+    } else {
+      sr = SetResponse.ofType(SetResponseType.SUCCESSFUL);
+      sr.addRRset(new Cache.CacheRRset(rrs, 0, 0, first));
     }
-  }
-
-  @Test
-  void ofType_toosmall() {
-    assertThrows(IllegalArgumentException.class, () -> SetResponse.ofType(-1));
-  }
-
-  @Test
-  void ofType_toobig() {
-    assertThrows(IllegalArgumentException.class, () -> SetResponse.ofType(7));
-  }
-
-  @Test
-  void addRRset() throws TextParseException, UnknownHostException {
-    RRset rrs = new RRset();
-    rrs.addRR(
-        new ARecord(
-            Name.fromString("The.Name."), DClass.IN, 0xABCD, InetAddress.getByName("192.168.0.1")));
-    rrs.addRR(
-        new ARecord(
-            Name.fromString("The.Name."), DClass.IN, 0xABCD, InetAddress.getByName("192.168.0.2")));
-    SetResponse sr = new SetResponse(SetResponse.SUCCESSFUL);
-    sr.addRRset(rrs);
 
     RRset[] exp = new RRset[] {rrs};
     assertArrayEquals(exp, sr.answers().toArray());
+    assertEquals(firstResult, sr.isAuthenticated());
+
+    sr.addRRset(new Cache.CacheRRset(new RRset(A_RECORD_1), 0, 0, second));
+    assertEquals(secondResult, sr.isAuthenticated());
+    assertEquals(2, sr.answers().size());
   }
 
   @Test
   void addRRset_multiple() throws TextParseException, UnknownHostException {
     RRset rrs = new RRset();
-    rrs.addRR(
-        new ARecord(
-            Name.fromString("The.Name."), DClass.IN, 0xABCD, InetAddress.getByName("192.168.0.1")));
-    rrs.addRR(
-        new ARecord(
-            Name.fromString("The.Name."), DClass.IN, 0xABCD, InetAddress.getByName("192.168.0.2")));
+    rrs.addRR(A_RECORD_1);
+    rrs.addRR(A_RECORD_2);
 
     RRset rrs2 = new RRset();
     rrs2.addRR(
@@ -213,7 +192,7 @@ void addRRset_multiple() throws TextParseException, UnknownHostException {
             0xABCE,
             InetAddress.getByName("192.168.1.2")));
 
-    SetResponse sr = new SetResponse(SetResponse.SUCCESSFUL);
+    SetResponse sr = SetResponse.ofType(SetResponseType.SUCCESSFUL);
     sr.addRRset(rrs);
     sr.addRRset(rrs2);
 
@@ -223,63 +202,40 @@ void addRRset_multiple() throws TextParseException, UnknownHostException {
 
   @Test
   void answers_nonSUCCESSFUL() {
-    SetResponse sr = new SetResponse(SetResponse.UNKNOWN, new RRset());
+    SetResponse sr = SetResponse.ofType(SetResponseType.UNKNOWN, new RRset());
     assertNull(sr.answers());
   }
 
   @Test
   void getCNAME() throws TextParseException {
-    RRset rrs = new RRset();
     CNAMERecord cr =
         new CNAMERecord(
             Name.fromString("The.Name."), DClass.IN, 0xABCD, Name.fromString("The.Alias."));
-    rrs.addRR(cr);
-    SetResponse sr = new SetResponse(SetResponse.CNAME, rrs);
+    RRset rrs = new RRset(cr);
+    SetResponse sr = SetResponse.ofType(SetResponseType.CNAME, rrs);
     assertEquals(cr, sr.getCNAME());
   }
 
   @Test
   void getDNAME() throws TextParseException {
-    RRset rrs = new RRset();
     DNAMERecord dr =
         new DNAMERecord(
             Name.fromString("The.Name."), DClass.IN, 0xABCD, Name.fromString("The.Alias."));
-    rrs.addRR(dr);
-    SetResponse sr = new SetResponse(SetResponse.DNAME, rrs);
+    RRset rrs = new RRset(dr);
+    SetResponse sr = SetResponse.ofType(SetResponseType.DNAME, rrs);
     assertEquals(dr, sr.getDNAME());
   }
 
-  @Test
-  void test_toString() throws TextParseException, UnknownHostException {
-    final int[] types =
-        new int[] {
-          SetResponse.UNKNOWN,
-          SetResponse.NXDOMAIN,
-          SetResponse.NXRRSET,
-          SetResponse.DELEGATION,
-          SetResponse.CNAME,
-          SetResponse.DNAME,
-          SetResponse.SUCCESSFUL
-        };
-    RRset rrs = new RRset();
-    rrs.addRR(
-        new ARecord(
-            Name.fromString("The.Name."), DClass.IN, 0xABCD, InetAddress.getByName("192.168.0.1")));
-
-    final String[] labels =
-        new String[] {
-          "unknown",
-          "NXDOMAIN",
-          "NXRRSET",
-          "delegation: " + rrs,
-          "CNAME: " + rrs,
-          "DNAME: " + rrs,
-          "successful"
-        };
+  @ParameterizedTest
+  @EnumSource(SetResponseType.class)
+  void test_toString(SetResponseType type) {
+    RRset rrs = new RRset(A_RECORD_1);
 
-    for (int i = 0; i < types.length; ++i) {
-      SetResponse sr = new SetResponse(types[i], rrs);
-      assertEquals(labels[i], sr.toString());
+    SetResponse sr = SetResponse.ofType(type, rrs);
+    if (type.isPrintRecords()) {
+      assertEquals(type + ": " + rrs, sr.toString());
+    } else {
+      assertEquals(type.toString(), sr.toString());
     }
   }
 }
diff --git a/src/test/java/org/xbill/DNS/SimpleResolverDeniedTest.java b/src/test/java/org/xbill/DNS/SimpleResolverDeniedTest.java
new file mode 100644
index 000000000..338d3069b
--- /dev/null
+++ b/src/test/java/org/xbill/DNS/SimpleResolverDeniedTest.java
@@ -0,0 +1,73 @@
+// SPDX-License-Identifier: BSD-3-Clause
+package org.xbill.DNS;
+
+import static org.junit.jupiter.api.Assertions.assertArrayEquals;
+import static org.junit.jupiter.api.Assertions.assertThrows;
+import static org.mockito.ArgumentMatchers.any;
+import static org.mockito.ArgumentMatchers.anyInt;
+import static org.mockito.Mockito.mock;
+import static org.mockito.Mockito.when;
+
+import java.io.IOException;
+import java.net.InetSocketAddress;
+import java.time.Duration;
+import java.util.concurrent.CompletableFuture;
+import org.junit.jupiter.api.Test;
+import org.xbill.DNS.io.IoClientFactory;
+import org.xbill.DNS.io.TcpIoClient;
+import org.xbill.DNS.io.UdpIoClient;
+
+class SimpleResolverDeniedTest {
+
+  @Test
+  void emptyResponseShouldThrowWireParseException() throws IOException {
+
+    Name zone = Name.fromString("example.");
+    Message query = Message.newUpdate(zone);
+    Record cnameRecord =
+        new CNAMERecord(Name.fromString("www", zone), DClass.IN, 300, Name.fromString("example."));
+    query.addRecord(cnameRecord, Section.UPDATE);
+
+    SimpleResolver simpleResolver = new SimpleResolver("127.0.0.1");
+    simpleResolver.setIoClientFactory(
+        new IoClientFactory() {
+          @Override
+          public TcpIoClient createOrGetTcpClient() {
+            return null;
+          }
+
+          @Override
+          public UdpIoClient createOrGetUdpClient() {
+            UdpIoClient udpMock = mock(NioUdpClient.class);
+            when(udpMock.sendAndReceiveUdp(
+                    any(),
+                    any(InetSocketAddress.class),
+                    any(Message.class),
+                    any(byte[].class),
+                    anyInt(),
+                    any(Duration.class)))
+                .thenAnswer(
+                    a -> {
+                      Message qparsed = new Message(a.<byte[]>getArgument(3));
+
+                      int id = qparsed.getHeader().getID();
+                      Message response = new Message(id);
+                      response.getHeader().setRcode(Rcode.REFUSED);
+                      byte[] rbytes = response.toWire(Message.MAXLENGTH);
+
+                      // This was the exact format returned by denying server
+                      assertArrayEquals(
+                          rbytes,
+                          new byte[] {(byte) (id >>> 8), (byte) id, 0, 5, 0, 0, 0, 0, 0, 0, 0, 0});
+
+                      CompletableFuture<byte[]> f = new CompletableFuture<>();
+                      f.complete(rbytes);
+                      return f;
+                    });
+            return udpMock;
+          }
+        });
+
+    assertThrows(WireParseException.class, () -> simpleResolver.send(query));
+  }
+}
diff --git a/src/test/java/org/xbill/DNS/TLSARecordTest.java b/src/test/java/org/xbill/DNS/TLSARecordTest.java
index a99a16dec..4a8e0f39e 100644
--- a/src/test/java/org/xbill/DNS/TLSARecordTest.java
+++ b/src/test/java/org/xbill/DNS/TLSARecordTest.java
@@ -3,21 +3,63 @@
 
 import static org.junit.jupiter.api.Assertions.assertArrayEquals;
 import static org.junit.jupiter.api.Assertions.assertEquals;
+import static org.junit.jupiter.api.Assertions.assertThrows;
 
 import java.io.IOException;
 import org.junit.jupiter.api.Test;
+import org.junit.jupiter.params.ParameterizedTest;
+import org.junit.jupiter.params.provider.ValueSource;
 import org.xbill.DNS.utils.base16;
 
 class TLSARecordTest {
+  @ParameterizedTest
+  @ValueSource(strings = {"CAFE", "CAFE CAFFEE"})
+  void rdataFromString(String rdata) throws IOException {
+    try (Tokenizer t = new Tokenizer("0 0 1 " + rdata)) {
+      TLSARecord tlsaRecord = new TLSARecord();
+      tlsaRecord.rdataFromString(t, null);
+      assertEquals(TLSARecord.CertificateUsage.CA_CONSTRAINT, tlsaRecord.getCertificateUsage());
+      assertEquals(TLSARecord.MatchingType.SHA256, tlsaRecord.getMatchingType());
+      assertEquals(TLSARecord.Selector.FULL_CERTIFICATE, tlsaRecord.getSelector());
+      assertArrayEquals(base16.fromString(rdata), tlsaRecord.getCertificateAssociationData());
+    }
+  }
+
+  @Test
+  void emptyAssociationDataFromWire() {
+    TLSARecord tlsaRecord = new TLSARecord();
+    DNSInput in = new DNSInput(new byte[] {0, 0, 1});
+    assertThrows(WireParseException.class, () -> tlsaRecord.rrFromWire(in));
+  }
+
+  @ParameterizedTest
+  @ValueSource(
+      strings = {
+        "",
+        "0 0 1",
+        "0 0 1 CAFEBABEZ",
+        "0 0 1 CAFEBABEZ-",
+        "0 0 1 A",
+        "3 1 1 0D6FCE13243AA-"
+      })
+  void invalidRdataFromString(String rdata) {
+    try (Tokenizer t = new Tokenizer(rdata)) {
+      TLSARecord tlsaRecord = new TLSARecord();
+      assertThrows(TextParseException.class, () -> tlsaRecord.rdataFromString(t, null));
+    }
+  }
+
+  @Test
+  void emptyAssociationDataConstruction() {
+    assertThrows(
+        IllegalArgumentException.class,
+        () -> new TLSARecord(Name.root, DClass.IN, 3600, 0, 0, 1, new byte[0]));
+  }
 
   @Test
-  void rdataFromString() throws IOException {
-    Tokenizer t = new Tokenizer("(0 0 1 CAFEBABE)");
-    TLSARecord record = new TLSARecord();
-    record.rdataFromString(t, null);
-    assertEquals(TLSARecord.CertificateUsage.CA_CONSTRAINT, record.getCertificateUsage());
-    assertEquals(TLSARecord.MatchingType.SHA256, record.getMatchingType());
-    assertEquals(TLSARecord.Selector.FULL_CERTIFICATE, record.getSelector());
-    assertArrayEquals(base16.fromString("CAFEBABE"), record.getCertificateAssociationData());
+  void nullAssociationDataConstruction() {
+    assertThrows(
+        IllegalArgumentException.class,
+        () -> new TLSARecord(Name.root, DClass.IN, 3600, 0, 0, 1, null));
   }
 }
diff --git a/src/test/java/org/xbill/DNS/TSIGTest.java b/src/test/java/org/xbill/DNS/TSIGTest.java
index e5abe41d3..416e87477 100644
--- a/src/test/java/org/xbill/DNS/TSIGTest.java
+++ b/src/test/java/org/xbill/DNS/TSIGTest.java
@@ -1,26 +1,99 @@
 // SPDX-License-Identifier: BSD-3-Clause
 package org.xbill.DNS;
 
+import static org.assertj.core.api.Assertions.assertThat;
+import static org.junit.jupiter.api.Assertions.assertDoesNotThrow;
 import static org.junit.jupiter.api.Assertions.assertEquals;
 import static org.junit.jupiter.api.Assertions.assertFalse;
+import static org.junit.jupiter.api.Assertions.assertNotEquals;
+import static org.junit.jupiter.api.Assertions.assertNotNull;
 import static org.junit.jupiter.api.Assertions.assertThrows;
 import static org.junit.jupiter.api.Assertions.assertTrue;
+import static org.mockito.ArgumentMatchers.any;
+import static org.mockito.ArgumentMatchers.anyInt;
+import static org.mockito.Mockito.mock;
+import static org.mockito.Mockito.when;
 
 import java.io.IOException;
+import java.lang.reflect.Field;
+import java.net.InetAddress;
+import java.net.InetSocketAddress;
+import java.net.SocketAddress;
+import java.nio.ByteBuffer;
+import java.time.Clock;
+import java.time.Duration;
+import java.time.Instant;
+import java.time.ZoneId;
+import java.util.AbstractMap;
+import java.util.ArrayList;
+import java.util.HashMap;
+import java.util.LinkedList;
 import java.util.List;
+import java.util.Map;
+import java.util.Objects;
 import java.util.concurrent.CompletableFuture;
 import java.util.concurrent.Executor;
+import javax.crypto.spec.SecretKeySpec;
+import lombok.Getter;
+import org.apache.commons.io.IOUtils;
 import org.junit.jupiter.api.Test;
+import org.junit.jupiter.params.ParameterizedTest;
+import org.junit.jupiter.params.provider.CsvSource;
+import org.junit.jupiter.params.provider.ValueSource;
+import org.xbill.DNS.TSIG.StreamGenerator;
+import org.xbill.DNS.io.IoClientFactory;
+import org.xbill.DNS.io.TcpIoClient;
+import org.xbill.DNS.io.UdpIoClient;
+import org.xbill.DNS.utils.base64;
 
 class TSIGTest {
+  private final TSIG defaultKey = new TSIG(TSIG.HMAC_SHA256, "example.", "12345678");
+
   @Test
-  void TSIG_query() throws IOException {
-    TSIG key = new TSIG(TSIG.HMAC_SHA256, "example.", "12345678");
+  void signedQuery() throws IOException {
+    Record question = Record.newRecord(Name.fromString("www.example."), Type.A, DClass.IN);
+    Message query = Message.newQuery(question);
+    query.setTSIG(defaultKey);
+    byte[] qbytes = query.toWire(512);
+    assertEquals(1, qbytes[11]);
 
-    Name qname = Name.fromString("www.example.");
-    Record rec = Record.newRecord(qname, Type.A, DClass.IN);
+    Message qparsed = new Message(qbytes);
+    int result = defaultKey.verify(qparsed, qbytes, null);
+    assertEquals(Rcode.NOERROR, result);
+    assertTrue(qparsed.isSigned());
+    assertTrue(qparsed.isVerified());
+  }
+
+  /**
+   * Check all the string algorithm names defined in the javadoc. Confirm that java names also
+   * allowed, even though undocumented. This is to conserve backwards compatibility.
+   */
+  @ParameterizedTest
+  @CsvSource({
+    "hmac-md5,16",
+    "hmac-md5.sig-alg.reg.int.,16",
+    "hmac-sha1,20",
+    "hmac-sha224,28",
+    "hmac-sha256,32",
+    "hmac-sha256.,32",
+    "hmac-sha256-128,16",
+    "hmac-sha384,48",
+    "hmac-sha384-192,24",
+    "hmac-sha512,64",
+    "hmac-sha512-256,32",
+    // Java names
+    "HmacMD5,16",
+    "HmacSHA1,20",
+    "HmacSHA256,32",
+    "HmacSHA256/128,16",
+    "hmacsha256/128,16",
+  })
+  void queryStringAlg(String alg, int signatureLengthBytes) throws IOException {
+    TSIG key = new TSIG(alg, "example.", "12345678");
+
+    Record rec = Record.newRecord(Name.fromString("www.example."), Type.A, DClass.IN);
     Message msg = Message.newQuery(rec);
-    msg.setTSIG(key, Rcode.NOERROR, null);
+    msg.setTSIG(key);
     byte[] bytes = msg.toWire(512);
     assertEquals(1, bytes[11]);
 
@@ -28,17 +101,23 @@ void TSIG_query() throws IOException {
     int result = key.verify(parsed, bytes, null);
     assertEquals(Rcode.NOERROR, result);
     assertTrue(parsed.isSigned());
+    assertTrue(parsed.isVerified());
+    assertThat(parsed.getTSIG().getSignature()).hasSize(signatureLengthBytes);
   }
 
+  /** Confirm error thrown with illegal algorithm name. */
   @Test
-  void TSIG_queryIsLastAddMessageRecord() throws IOException {
-    TSIG key = new TSIG(TSIG.HMAC_SHA256, "example.", "12345678");
+  void queryStringAlgError() {
+    assertThrows(
+        IllegalArgumentException.class, () -> new TSIG("randomalg", "example.", "12345678"));
+  }
 
-    Name qname = Name.fromString("www.example.");
-    Record rec = Record.newRecord(qname, Type.A, DClass.IN);
+  @Test
+  void queryIsLastAddMessageRecord() throws IOException {
+    Record rec = Record.newRecord(Name.fromString("www.example."), Type.A, DClass.IN);
     OPTRecord opt = new OPTRecord(SimpleResolver.DEFAULT_EDNS_PAYLOADSIZE, 0, 0, 0);
     Message msg = Message.newQuery(rec);
-    msg.setTSIG(key, Rcode.NOERROR, null);
+    msg.setTSIG(defaultKey);
     msg.addRecord(opt, Section.ADDITIONAL);
     byte[] bytes = msg.toWire(512);
     assertEquals(2, bytes[11]); // additional RR count, lower byte
@@ -47,34 +126,29 @@ void TSIG_queryIsLastAddMessageRecord() throws IOException {
     List<Record> additionalSection = parsed.getSection(Section.ADDITIONAL);
     assertEquals(Type.string(Type.OPT), Type.string(additionalSection.get(0).getType()));
     assertEquals(Type.string(Type.TSIG), Type.string(additionalSection.get(1).getType()));
-    int result = key.verify(parsed, bytes, null);
+    int result = defaultKey.verify(parsed, bytes, null);
     assertEquals(Rcode.NOERROR, result);
     assertTrue(parsed.isSigned());
+    assertTrue(parsed.isVerified());
   }
 
   @Test
-  void TSIG_queryAndTsigApplyMisbehaves() throws IOException {
-    Name qname = Name.fromString("www.example.com.");
-    Record rec = Record.newRecord(qname, Type.A, DClass.IN);
+  void queryAndTsigApplyMisbehaves() throws IOException {
+    Record rec = Record.newRecord(Name.fromString("www.example.com."), Type.A, DClass.IN);
     OPTRecord opt = new OPTRecord(SimpleResolver.DEFAULT_EDNS_PAYLOADSIZE, 0, 0, 0);
     Message msg = Message.newQuery(rec);
     msg.addRecord(opt, Section.ADDITIONAL);
     assertFalse(msg.isSigned());
+    assertFalse(msg.isVerified());
 
-    TSIG key = new TSIG(TSIG.HMAC_SHA256, "example.", "12345678");
-    key.apply(msg, null); // additional RR count, lower byte
+    defaultKey.apply(msg, null); // additional RR count, lower byte
     byte[] bytes = msg.toWire(Message.MAXLENGTH);
 
     assertThrows(WireParseException.class, () -> new Message(bytes), "Expected TSIG error");
   }
 
   @Test
-  void TSIG_queryIsLastResolver() throws IOException {
-    Name qname = Name.fromString("www.example.com.");
-    Record rec = Record.newRecord(qname, Type.A, DClass.IN);
-    Message msg = Message.newQuery(rec);
-
-    TSIG key = new TSIG(TSIG.HMAC_SHA256, "example.", "12345678");
+  void tsigInQueryIsLastViaResolver() throws IOException {
     SimpleResolver res =
         new SimpleResolver("127.0.0.1") {
           @Override
@@ -89,68 +163,145 @@ CompletableFuture<Message> sendAsync(Message query, boolean forceTcp, Executor e
             }
           }
         };
-    res.setTSIGKey(key);
-    Message parsed = res.send(msg);
+    res.setTSIGKey(defaultKey);
 
-    List<Record> additionalSection = parsed.getSection(Section.ADDITIONAL);
+    Name qname = Name.fromString("www.example.com.");
+    Record question = Record.newRecord(qname, Type.A, DClass.IN);
+    Message query = Message.newQuery(question);
+    Message response = res.send(query);
+
+    List<Record> additionalSection = response.getSection(Section.ADDITIONAL);
     assertEquals(Type.string(Type.OPT), Type.string(additionalSection.get(0).getType()));
     assertEquals(Type.string(Type.TSIG), Type.string(additionalSection.get(1).getType()));
-    int result = key.verify(parsed, parsed.toWire(), null);
+    int result = defaultKey.verify(response, response.toWire(), null);
     assertEquals(Rcode.NOERROR, result);
-    assertTrue(parsed.isSigned());
+    assertTrue(response.isSigned());
+    assertTrue(response.isVerified());
   }
 
   @Test
-  void TSIG_response() throws IOException {
-    TSIG key = new TSIG(TSIG.HMAC_SHA256, "example.", "12345678");
+  void unsignedQuerySignedResponse() throws IOException {
+    Name qname = Name.fromString("www.example.");
+    Record question = Record.newRecord(qname, Type.A, DClass.IN);
+    Message query = Message.newQuery(question);
+
+    Message response = new Message(query.getHeader().getID());
+    response.setTSIG(defaultKey, Rcode.NOERROR, null);
+    response.getHeader().setFlag(Flags.QR);
+    response.addRecord(question, Section.QUESTION);
+    Record answer = Record.fromString(qname, Type.A, DClass.IN, 300, "1.2.3.4", null);
+    response.addRecord(answer, Section.ANSWER);
+    byte[] rbytes = response.toWire(Message.MAXLENGTH);
 
+    Message rparsed = new Message(rbytes);
+    int result = defaultKey.verify(rparsed, rbytes, null);
+    assertEquals(Rcode.NOERROR, result);
+    assertTrue(rparsed.isSigned());
+    assertTrue(rparsed.isVerified());
+  }
+
+  @Test
+  void signedQuerySignedResponse() throws IOException {
     Name qname = Name.fromString("www.example.");
     Record question = Record.newRecord(qname, Type.A, DClass.IN);
     Message query = Message.newQuery(question);
-    query.setTSIG(key, Rcode.NOERROR, null);
-    byte[] qbytes = query.toWire();
+    query.setTSIG(defaultKey);
+    byte[] qbytes = query.toWire(Message.MAXLENGTH);
     Message qparsed = new Message(qbytes);
+    assertNotNull(query.getGeneratedTSIG());
+    assertEquals(query.getGeneratedTSIG(), qparsed.getTSIG());
 
     Message response = new Message(query.getHeader().getID());
-    response.setTSIG(key, Rcode.NOERROR, qparsed.getTSIG());
+    response.setTSIG(defaultKey, Rcode.NOERROR, qparsed.getTSIG());
     response.getHeader().setFlag(Flags.QR);
     response.addRecord(question, Section.QUESTION);
     Record answer = Record.fromString(qname, Type.A, DClass.IN, 300, "1.2.3.4", null);
     response.addRecord(answer, Section.ANSWER);
-    byte[] bytes = response.toWire(512);
+    byte[] rbytes = response.toWire(Message.MAXLENGTH);
 
-    Message parsed = new Message(bytes);
-    int result = key.verify(parsed, bytes, qparsed.getTSIG());
+    Message rparsed = new Message(rbytes);
+    int result = defaultKey.verify(rparsed, rbytes, query.getGeneratedTSIG());
     assertEquals(Rcode.NOERROR, result);
-    assertTrue(parsed.isSigned());
+    assertTrue(rparsed.isSigned());
+    assertTrue(rparsed.isVerified());
   }
 
   @Test
-  void TSIG_truncated() throws IOException {
-    TSIG key = new TSIG(TSIG.HMAC_SHA256, "example.", "12345678");
+  void signedQuerySignedResponseViaResolver() throws IOException {
+    Name qname = Name.fromString("www.example.");
+    Record question = Record.newRecord(qname, Type.A, DClass.IN);
+    Message query = Message.newQuery(question);
+
+    SimpleResolver res = new SimpleResolver("127.0.0.1");
+    res.setIoClientFactory(
+        new IoClientFactory() {
+          @Override
+          public TcpIoClient createOrGetTcpClient() {
+            return null;
+          }
+
+          @Override
+          public UdpIoClient createOrGetUdpClient() {
+            UdpIoClient udpClient = mock(UdpIoClient.class);
+            when(udpClient.sendAndReceiveUdp(
+                    any(),
+                    any(InetSocketAddress.class),
+                    any(),
+                    any(byte[].class),
+                    anyInt(),
+                    any(Duration.class)))
+                .thenAnswer(
+                    a -> {
+                      Message qparsed = new Message(a.getArgument(3, byte[].class));
 
+                      Message response = new Message(qparsed.getHeader().getID());
+                      response.setTSIG(defaultKey, Rcode.NOERROR, qparsed.getTSIG());
+                      response.getHeader().setFlag(Flags.QR);
+                      response.addRecord(question, Section.QUESTION);
+                      Record answer =
+                          Record.fromString(qname, Type.A, DClass.IN, 300, "1.2.3.4", null);
+                      response.addRecord(answer, Section.ANSWER);
+                      byte[] rbytes = response.toWire(Message.MAXLENGTH);
+
+                      CompletableFuture<byte[]> f = new CompletableFuture<>();
+                      f.complete(rbytes);
+                      return f;
+                    });
+            return udpClient;
+          }
+        });
+    res.setTSIGKey(defaultKey);
+
+    Message responseFromResolver = res.send(query);
+    assertTrue(responseFromResolver.isSigned());
+    assertTrue(responseFromResolver.isVerified());
+  }
+
+  @Test
+  void truncated() throws IOException {
     Name qname = Name.fromString("www.example.");
     Record question = Record.newRecord(qname, Type.A, DClass.IN);
     Message query = Message.newQuery(question);
-    query.setTSIG(key, Rcode.NOERROR, null);
-    byte[] qbytes = query.toWire();
+    query.setTSIG(defaultKey, Rcode.NOERROR, null);
+    byte[] qbytes = query.toWire(512);
     Message qparsed = new Message(qbytes);
 
     Message response = new Message(query.getHeader().getID());
-    response.setTSIG(key, Rcode.NOERROR, qparsed.getTSIG());
+    response.setTSIG(defaultKey, Rcode.NOERROR, qparsed.getTSIG());
     response.getHeader().setFlag(Flags.QR);
     response.addRecord(question, Section.QUESTION);
     for (int i = 0; i < 40; i++) {
       Record answer = Record.fromString(qname, Type.TXT, DClass.IN, 300, "foo" + i, null);
       response.addRecord(answer, Section.ANSWER);
     }
-    byte[] bytes = response.toWire(512);
+    byte[] rbytes = response.toWire(512);
 
-    Message parsed = new Message(bytes);
-    assertTrue(parsed.getHeader().getFlag(Flags.TC));
-    int result = key.verify(parsed, bytes, qparsed.getTSIG());
+    Message rparsed = new Message(rbytes);
+    assertTrue(rparsed.getHeader().getFlag(Flags.TC));
+    int result = defaultKey.verify(rparsed, rbytes, qparsed.getTSIG());
     assertEquals(Rcode.NOERROR, result);
-    assertTrue(parsed.isSigned());
+    assertTrue(rparsed.isSigned());
+    assertTrue(rparsed.isVerified());
   }
 
   @Test
@@ -161,4 +312,392 @@ void rdataFromString() {
             () -> new TSIGRecord().rdataFromString(new Tokenizer(" "), null));
     assertTrue(thrown.getMessage().contains("no text format defined for TSIG"));
   }
+
+  @Test
+  void testTSIGMessageClone() throws IOException {
+    TSIGRecord old =
+        new TSIGRecord(
+            Name.fromConstantString("example."),
+            DClass.IN,
+            0,
+            TSIG.HMAC_SHA256,
+            Instant.ofEpochSecond(1647025759),
+            Duration.ofSeconds(300),
+            base64.fromString("zcHnvVwo0Zlsj0WckOO/ctRD2Znh+BjIWnSvTQdvj94="),
+            32,
+            Rcode.NOERROR,
+            null);
+
+    Name qname = Name.fromConstantString("www.example.");
+    Record question = Record.newRecord(qname, Type.A, DClass.IN);
+    Message response = new Message();
+    response.getHeader().setFlag(Flags.QR);
+    response.addRecord(question, Section.QUESTION);
+    response.addRecord(
+        new ARecord(qname, DClass.IN, 0, InetAddress.getByName("127.0.0.1")), Section.ANSWER);
+    response.setTSIG(defaultKey, Rcode.NOERROR, old);
+    byte[] responseBytes = response.toWire(Message.MAXLENGTH);
+    assertNotNull(responseBytes);
+    assertNotEquals(0, responseBytes.length);
+
+    Message clone = response.clone();
+    assertEquals(response.getQuestion(), clone.getQuestion());
+    assertEquals(response.getSection(Section.ANSWER), clone.getSection(Section.ANSWER));
+    assertEquals(response.getGeneratedTSIG(), clone.getGeneratedTSIG());
+    byte[] cloneBytes = clone.toWire(Message.MAXLENGTH);
+    assertNotNull(cloneBytes);
+    assertNotEquals(0, cloneBytes.length);
+  }
+
+  @ParameterizedTest
+  @ValueSource(ints = {-1, 0, 101})
+  void testStreamGeneratorNthMessageArgument(int signEvery) {
+    assertThrows(
+        IllegalArgumentException.class,
+        () -> new TSIG.StreamGenerator(defaultKey, null, signEvery));
+  }
+
+  @Test
+  void testTSIGStreamVerifierMissingMinimumTsig() throws Exception {
+    MockMessageClient client = new MockMessageClient(defaultKey);
+    int numResponses = 200;
+    byte[] query = client.createQuery();
+    List<Message> response;
+    try (MockMessageServer server = new MockMessageServer(defaultKey, numResponses, 200, false)) {
+      server.send(query);
+      response = server.getMessages();
+    }
+    Map<Integer, Integer> expectedRcodes = new HashMap<>();
+    for (int i = 0; i < numResponses; i++) {
+      expectedRcodes.put(i, i < 100 ? Rcode.NOERROR : Rcode.FORMERR);
+    }
+    expectedRcodes.put(numResponses - 1, Rcode.BADSIG);
+    client.validateResponse(query, response, expectedRcodes, false);
+  }
+
+  @ParameterizedTest(name = "testTSIGStreamVerifier(numResponses: {0}, signEvery: {1})")
+  @CsvSource({
+    "20,1",
+    "53,6",
+    "105,7",
+    "1000,100",
+  })
+  void testTSIGStreamVerifier(int numResponses, int signEvery) throws Exception {
+    MockMessageClient client = new MockMessageClient(defaultKey);
+    byte[] query = client.createQuery();
+    List<Message> response;
+    try (MockMessageServer server =
+        new MockMessageServer(defaultKey, numResponses, signEvery, false)) {
+
+      server.send(query);
+      response = server.getMessages();
+    }
+    Map<Integer, Integer> expectedRcodes = new HashMap<>();
+    for (int i = 0; i < numResponses; i++) {
+      expectedRcodes.put(i, Rcode.NOERROR);
+    }
+    client.validateResponse(query, response, expectedRcodes, true);
+  }
+
+  @ParameterizedTest(name = "testTSIGStreamVerifierLastMessage(numResponses: {0}, signEvery: {1})")
+  @CsvSource({
+    "53,6",
+    "105,7",
+    "1000,100",
+  })
+  void testTSIGStreamVerifierLastMessage(int numResponses, int signEvery) throws Exception {
+    MockMessageClient client = new MockMessageClient(defaultKey);
+    byte[] query = client.createQuery();
+    List<Message> response;
+    try (MockMessageServer server =
+        new MockMessageServer(defaultKey, numResponses, signEvery, true)) {
+
+      server.send(query);
+      response = server.getMessages();
+    }
+    Map<Integer, Integer> expectedRcodes = new HashMap<>();
+    for (int i = 0; i < numResponses; i++) {
+      expectedRcodes.put(i, Rcode.NOERROR);
+    }
+
+    expectedRcodes.put(numResponses - 1, Rcode.FORMERR);
+    client.validateResponse(query, response, expectedRcodes, false);
+  }
+
+  @Test
+  void testFromTcpStream() throws IOException {
+    DNSInput request = new DNSInput(IOUtils.resourceToByteArray("/tsig-axfr/request.bin"));
+    byte[] queryBytes = request.readByteArray(request.readU16());
+    Message query = new Message(queryBytes);
+    assertNotNull(query.getTSIG());
+    TSIG key =
+        new TSIG(
+            TSIG.HMAC_SHA256,
+            Name.fromConstantString("dnssecishardtest."),
+            new SecretKeySpec(
+                Objects.requireNonNull(
+                    base64.fromString("q4Gsu0nYoyub20//PATXhABobmrVUQyqq5TFzYHfC7o=")),
+                "HmacSHA256"),
+            Clock.fixed(Instant.parse("2023-11-01T20:52:08Z"), ZoneId.of("UTC")));
+
+    TSIG.StreamVerifier verifier = new TSIG.StreamVerifier(key, query.getTSIG());
+    DNSInput response = new DNSInput(IOUtils.resourceToByteArray("/tsig-axfr/response.bin"));
+
+    // Use a list, not a map, to keep the message order intact
+    List<Map.Entry<Message, byte[]>> messages = new ArrayList<>();
+    while (response.remaining() > 0) {
+      byte[] messageBytes = response.readByteArray(response.readU16());
+      Message message = new Message(messageBytes);
+      messages.add(new AbstractMap.SimpleEntry<>(message, messageBytes));
+    }
+
+    for (int i = 0; i < messages.size(); i++) {
+      Map.Entry<Message, byte[]> e = messages.get(i);
+      assertEquals(
+          Rcode.NOERROR, verifier.verify(e.getKey(), e.getValue(), i == messages.size() - 1));
+    }
+  }
+
+  @Test
+  void testLargeMessageIsNotLargerThanMax() {
+    Update update = new Update(Name.fromConstantString("zone.example.com."));
+    for (int i = 0; i < 3000; i++) {
+      TXTRecord r =
+          new TXTRecord(
+              Name.fromConstantString("name-" + i + ".zone.example.com."), DClass.IN, 900, "a");
+      update.absent(r.name, r.type);
+      update.add(r);
+    }
+
+    TSIG tsigKey = new TSIG(TSIG.HMAC_SHA384, "zone.example.com.", "c2VjcmU=");
+    update.setTSIG(tsigKey);
+    byte[] wireData = update.toWire(Message.MAXLENGTH);
+    assertThat(wireData).hasSizeLessThan(Message.MAXLENGTH);
+  }
+
+  @Test
+  void testAxfrLastNotSignedError() throws Exception {
+    Name name = Name.fromConstantString("example.com.");
+    ZoneTransferIn client =
+        new ZoneTransferIn(
+            name,
+            Type.AXFR,
+            0,
+            false,
+            new InetSocketAddress(InetAddress.getLocalHost(), 53),
+            defaultKey) {
+          @Override
+          TCPClient createTcpClient(Duration timeout) throws IOException {
+            return new MockMessageServer(defaultKey, 200, 20, true);
+          }
+        };
+
+    ZoneTransferException exception =
+        assertThrows(ZoneTransferException.class, () -> client.run(new ZoneBuilderAxfrHandler()));
+    assertTrue(exception.getMessage().contains(Rcode.TSIGstring(Rcode.FORMERR)));
+    assertTrue(exception.getMessage().contains("last"));
+  }
+
+  @Test
+  void testAxfr() throws Exception {
+    Name name = Name.fromConstantString("example.com.");
+    ZoneTransferIn client =
+        new ZoneTransferIn(
+            name,
+            Type.AXFR,
+            0,
+            false,
+            new InetSocketAddress(InetAddress.getLocalHost(), 53),
+            defaultKey) {
+          @Override
+          TCPClient createTcpClient(Duration timeout) throws IOException {
+            return new MockMessageServer(defaultKey, 200, 20, false);
+          }
+        };
+
+    ZoneBuilderAxfrHandler handler = new ZoneBuilderAxfrHandler();
+    client.run(handler);
+    // soa on first message, + a record on every message, +soa on last message
+    assertEquals(202, handler.getRecords().size());
+  }
+
+  @Test
+  void invalidAdditionalCount() {
+    Message q = Message.newQuery(Record.newRecord(Name.root, Type.A, DClass.IN));
+    Message m = new Message();
+    m.addRecord(Record.newRecord(Name.root, Type.A, DClass.IN), Section.QUESTION);
+    m.addRecord(Record.newRecord(Name.root, Type.A, DClass.IN), Section.ANSWER);
+    m.addRecord(
+        Record.newRecord(Name.fromConstantString("example.com."), Type.A, DClass.IN),
+        Section.ADDITIONAL);
+    assertDoesNotThrow(m::getTSIG);
+    assertDoesNotThrow(() -> m.normalize(q).getTSIG());
+  }
+
+  @Getter
+  private static class ZoneBuilderAxfrHandler implements ZoneTransferIn.ZoneTransferHandler {
+    private final List<Record> records = new ArrayList<>();
+
+    @Override
+    public void startAXFR() {}
+
+    @Override
+    public void startIXFR() {}
+
+    @Override
+    public void startIXFRDeletes(Record soa) {}
+
+    @Override
+    public void startIXFRAdds(Record soa) {}
+
+    @Override
+    public void handleRecord(Record r) {
+      records.add(r);
+    }
+  }
+
+  private static class MockMessageClient {
+    private final TSIG key;
+
+    MockMessageClient(TSIG key) {
+      this.key = key;
+    }
+
+    byte[] createQuery() throws TextParseException {
+      Name qname = Name.fromString("www.example.");
+      Record question = Record.newRecord(qname, Type.A, DClass.IN);
+      Message query = Message.newQuery(question);
+      query.setTSIG(key);
+      return query.toWire(Message.MAXLENGTH);
+    }
+
+    public void validateResponse(
+        byte[] query,
+        List<Message> responses,
+        Map<Integer, Integer> expectedRcodes,
+        boolean lastResponseSignedState)
+        throws IOException {
+      Message queryMessage = new Message(query);
+      TSIG.StreamVerifier verifier = new TSIG.StreamVerifier(key, queryMessage.getTSIG());
+
+      Map<Integer, Integer> actualRcodes = new HashMap<>();
+      for (int i = 0; i < responses.size(); i++) {
+        boolean isLastMessage = i == responses.size() - 1;
+        byte[] renderedMessage = responses.get(i).toWire(Message.MAXLENGTH);
+        Message messageFromWire = new Message(renderedMessage);
+        actualRcodes.put(i, verifier.verify(messageFromWire, renderedMessage, isLastMessage));
+        if (isLastMessage) {
+          assertEquals(messageFromWire.isVerified(), lastResponseSignedState);
+        }
+      }
+
+      assertEquals(expectedRcodes, actualRcodes);
+    }
+  }
+
+  private static class MockMessageServer extends TCPClient {
+    private final TSIG key;
+    private final int responseMessageCount;
+    private final int signEvery;
+    private final boolean skipLast;
+    @Getter private List<Message> messages;
+    private int recvCalls;
+
+    MockMessageServer(TSIG key, int responseMessageCount, int signEvery, boolean skipLast)
+        throws IOException {
+      super(Duration.ZERO);
+      this.key = key;
+      this.responseMessageCount = responseMessageCount;
+      this.signEvery = signEvery;
+      this.skipLast = skipLast;
+    }
+
+    @Override
+    void bind(SocketAddress addr) {
+      // do nothing
+    }
+
+    @Override
+    void connect(SocketAddress addr) {
+      // do nothing
+    }
+
+    @Override
+    public void close() {
+      // do nothing
+    }
+
+    @Override
+    void send(byte[] queryMessageBytes) throws IOException {
+      Message parsedQueryMessage = new Message(queryMessageBytes);
+      assertNotNull(parsedQueryMessage.getTSIG());
+
+      messages = new LinkedList<>();
+      StreamGenerator generator;
+      try {
+        generator = getStreamGenerator(signEvery, parsedQueryMessage);
+      } catch (NoSuchFieldException | IllegalAccessException e) {
+        throw new IOException(e);
+      }
+
+      Name queryName = parsedQueryMessage.getQuestion().getName();
+      Record soa =
+          new SOARecord(
+              queryName,
+              DClass.IN,
+              300,
+              new Name("ns1", queryName),
+              new Name("admin", queryName),
+              1,
+              3600,
+              1,
+              3600,
+              1800);
+      for (int i = 0; i < responseMessageCount; i++) {
+        Message response = new Message(parsedQueryMessage.getHeader().getID());
+        response.getHeader().setFlag(Flags.QR);
+        response.addRecord(parsedQueryMessage.getQuestion(), Section.QUESTION);
+        if (i == 0) {
+          response.addRecord(soa, Section.ANSWER);
+        }
+        Record answer =
+            new ARecord(
+                parsedQueryMessage.getQuestion().getName(),
+                DClass.IN,
+                300,
+                InetAddress.getByAddress(ByteBuffer.allocate(4).putInt(i).array()));
+        response.addRecord(answer, Section.ANSWER);
+
+        if (i == responseMessageCount - 1) {
+          response.addRecord(soa, Section.ANSWER);
+        }
+
+        generator.generate(response, !skipLast && i == responseMessageCount - 1);
+        messages.add(response);
+      }
+    }
+
+    @Override
+    byte[] recv() {
+      return messages.get(recvCalls++).toWire(Message.MAXLENGTH);
+    }
+
+    private StreamGenerator getStreamGenerator(int signEvery, Message parsedQueryMessage)
+        throws NoSuchFieldException, IllegalAccessException {
+      TSIGRecord queryMessageTSIG = parsedQueryMessage.getTSIG();
+      StreamGenerator generator;
+
+      // Hack for testing invalid server responses, the constructor would normally prevent such an
+      // invalid argument
+      if (signEvery > 100) {
+        generator = new StreamGenerator(key, queryMessageTSIG, 1);
+        Field signEveryNthMessage = StreamGenerator.class.getDeclaredField("signEveryNthMessage");
+        signEveryNthMessage.setAccessible(true);
+        signEveryNthMessage.set(generator, signEvery);
+      } else {
+        generator = new StreamGenerator(key, queryMessageTSIG, signEvery);
+      }
+      return generator;
+    }
+  }
 }
diff --git a/src/test/java/org/xbill/DNS/TokenizerTest.java b/src/test/java/org/xbill/DNS/TokenizerTest.java
index 86934a2b5..94c2ad7df 100644
--- a/src/test/java/org/xbill/DNS/TokenizerTest.java
+++ b/src/test/java/org/xbill/DNS/TokenizerTest.java
@@ -46,200 +46,189 @@
 import java.io.BufferedInputStream;
 import java.io.ByteArrayInputStream;
 import java.io.File;
-import java.io.FileWriter;
 import java.io.IOException;
-import org.junit.jupiter.api.BeforeEach;
+import java.nio.charset.StandardCharsets;
+import java.nio.file.Files;
 import org.junit.jupiter.api.Test;
+import org.junit.jupiter.params.ParameterizedTest;
+import org.junit.jupiter.params.provider.CsvSource;
+import org.junit.jupiter.params.provider.ValueSource;
 
 class TokenizerTest {
-  private Tokenizer m_t;
-
-  @BeforeEach
-  void setUp() {
-    m_t = null;
-  }
-
   @Test
   void get() throws IOException {
-    m_t =
+    Tokenizer t =
         new Tokenizer(
             new BufferedInputStream(
                 new ByteArrayInputStream(
                     "AnIdentifier \"a quoted \\\" string\"\r\n; this is \"my\"\t(comment)\nanotherIdentifier (\ramultilineIdentifier\n)"
                         .getBytes())));
 
-    Tokenizer.Token tt = m_t.get(true, true);
-    assertEquals(Tokenizer.IDENTIFIER, tt.type);
+    Tokenizer.Token tt = t.get(true, true);
+    assertEquals(Tokenizer.IDENTIFIER, tt.type());
     assertTrue(tt.isString());
     assertFalse(tt.isEOL());
-    assertEquals("AnIdentifier", tt.value);
+    assertEquals("AnIdentifier", tt.value());
 
-    tt = m_t.get(true, true);
-    assertEquals(Tokenizer.WHITESPACE, tt.type);
+    tt = t.get(true, true);
+    assertEquals(Tokenizer.WHITESPACE, tt.type());
     assertFalse(tt.isString());
     assertFalse(tt.isEOL());
-    assertNull(tt.value);
+    assertNull(tt.value());
 
-    tt = m_t.get(true, true);
-    assertEquals(Tokenizer.QUOTED_STRING, tt.type);
+    tt = t.get(true, true);
+    assertEquals(Tokenizer.QUOTED_STRING, tt.type());
     assertTrue(tt.isString());
     assertFalse(tt.isEOL());
-    assertEquals("a quoted \\\" string", tt.value);
+    assertEquals("a quoted \\\" string", tt.value());
 
-    tt = m_t.get(true, true);
-    assertEquals(Tokenizer.EOL, tt.type);
+    tt = t.get(true, true);
+    assertEquals(Tokenizer.EOL, tt.type());
     assertFalse(tt.isString());
     assertTrue(tt.isEOL());
-    assertNull(tt.value);
+    assertNull(tt.value());
 
-    tt = m_t.get(true, true);
-    assertEquals(Tokenizer.COMMENT, tt.type);
+    tt = t.get(true, true);
+    assertEquals(Tokenizer.COMMENT, tt.type());
     assertFalse(tt.isString());
     assertFalse(tt.isEOL());
-    assertEquals(" this is \"my\"\t(comment)", tt.value);
+    assertEquals(" this is \"my\"\t(comment)", tt.value());
 
-    tt = m_t.get(true, true);
-    assertEquals(Tokenizer.EOL, tt.type);
+    tt = t.get(true, true);
+    assertEquals(Tokenizer.EOL, tt.type());
     assertFalse(tt.isString());
     assertTrue(tt.isEOL());
-    assertNull(tt.value);
+    assertNull(tt.value());
 
-    tt = m_t.get(true, true);
-    assertEquals(Tokenizer.IDENTIFIER, tt.type);
+    tt = t.get(true, true);
+    assertEquals(Tokenizer.IDENTIFIER, tt.type());
     assertTrue(tt.isString());
     assertFalse(tt.isEOL());
-    assertEquals("anotherIdentifier", tt.value);
+    assertEquals("anotherIdentifier", tt.value());
 
-    tt = m_t.get(true, true);
-    assertEquals(Tokenizer.WHITESPACE, tt.type);
+    tt = t.get(true, true);
+    assertEquals(Tokenizer.WHITESPACE, tt.type());
 
-    tt = m_t.get(true, true);
-    assertEquals(Tokenizer.IDENTIFIER, tt.type);
+    tt = t.get(true, true);
+    assertEquals(Tokenizer.IDENTIFIER, tt.type());
     assertTrue(tt.isString());
     assertFalse(tt.isEOL());
-    assertEquals("amultilineIdentifier", tt.value);
+    assertEquals("amultilineIdentifier", tt.value());
 
-    tt = m_t.get(true, true);
-    assertEquals(Tokenizer.WHITESPACE, tt.type);
+    tt = t.get(true, true);
+    assertEquals(Tokenizer.WHITESPACE, tt.type());
 
-    tt = m_t.get(true, true);
-    assertEquals(Tokenizer.EOF, tt.type);
+    tt = t.get(true, true);
+    assertEquals(Tokenizer.EOF, tt.type());
     assertFalse(tt.isString());
     assertTrue(tt.isEOL());
-    assertNull(tt.value);
+    assertNull(tt.value());
 
     // should be able to do this repeatedly
-    tt = m_t.get(true, true);
-    assertEquals(Tokenizer.EOF, tt.type);
+    tt = t.get(true, true);
+    assertEquals(Tokenizer.EOF, tt.type());
     assertFalse(tt.isString());
     assertTrue(tt.isEOL());
-    assertNull(tt.value);
+    assertNull(tt.value());
 
-    m_t = new Tokenizer("onlyOneIdentifier");
-    tt = m_t.get();
-    assertEquals(Tokenizer.IDENTIFIER, tt.type);
-    assertEquals("onlyOneIdentifier", tt.value);
+    t = new Tokenizer("onlyOneIdentifier");
+    tt = t.get();
+    assertEquals(Tokenizer.IDENTIFIER, tt.type());
+    assertEquals("onlyOneIdentifier", tt.value());
 
-    m_t = new Tokenizer("identifier ;");
-    tt = m_t.get();
-    assertEquals("identifier", tt.value);
-    tt = m_t.get();
-    assertEquals(Tokenizer.EOF, tt.type);
+    t = new Tokenizer("identifier ;");
+    tt = t.get();
+    assertEquals("identifier", tt.value());
+    tt = t.get();
+    assertEquals(Tokenizer.EOF, tt.type());
 
     // some ungets
-    m_t = new Tokenizer("identifier \nidentifier2; junk comment");
-    tt = m_t.get(true, true);
-    assertEquals(Tokenizer.IDENTIFIER, tt.type);
-    assertEquals("identifier", tt.value);
+    t = new Tokenizer("identifier \nidentifier2; junk comment");
+    tt = t.get(true, true);
+    assertEquals(Tokenizer.IDENTIFIER, tt.type());
+    assertEquals("identifier", tt.value());
 
-    m_t.unget();
+    t.unget();
 
-    tt = m_t.get(true, true);
-    assertEquals(Tokenizer.IDENTIFIER, tt.type);
-    assertEquals("identifier", tt.value);
+    tt = t.get(true, true);
+    assertEquals(Tokenizer.IDENTIFIER, tt.type());
+    assertEquals("identifier", tt.value());
 
-    tt = m_t.get(true, true);
-    assertEquals(Tokenizer.WHITESPACE, tt.type);
+    tt = t.get(true, true);
+    assertEquals(Tokenizer.WHITESPACE, tt.type());
 
-    m_t.unget();
-    tt = m_t.get(true, true);
-    assertEquals(Tokenizer.WHITESPACE, tt.type);
+    t.unget();
+    tt = t.get(true, true);
+    assertEquals(Tokenizer.WHITESPACE, tt.type());
 
-    tt = m_t.get(true, true);
-    assertEquals(Tokenizer.EOL, tt.type);
+    tt = t.get(true, true);
+    assertEquals(Tokenizer.EOL, tt.type());
 
-    m_t.unget();
-    tt = m_t.get(true, true);
-    assertEquals(Tokenizer.EOL, tt.type);
+    t.unget();
+    tt = t.get(true, true);
+    assertEquals(Tokenizer.EOL, tt.type());
 
-    tt = m_t.get(true, true);
-    assertEquals(Tokenizer.IDENTIFIER, tt.type);
-    assertEquals("identifier2", tt.value);
+    tt = t.get(true, true);
+    assertEquals(Tokenizer.IDENTIFIER, tt.type());
+    assertEquals("identifier2", tt.value());
 
-    tt = m_t.get(true, true);
-    assertEquals(Tokenizer.COMMENT, tt.type);
-    assertEquals(" junk comment", tt.value);
+    tt = t.get(true, true);
+    assertEquals(Tokenizer.COMMENT, tt.type());
+    assertEquals(" junk comment", tt.value());
 
-    m_t.unget();
-    tt = m_t.get(true, true);
-    assertEquals(Tokenizer.COMMENT, tt.type);
-    assertEquals(" junk comment", tt.value);
+    t.unget();
+    tt = t.get(true, true);
+    assertEquals(Tokenizer.COMMENT, tt.type());
+    assertEquals(" junk comment", tt.value());
 
-    tt = m_t.get(true, true);
-    assertEquals(Tokenizer.EOF, tt.type);
+    tt = t.get(true, true);
+    assertEquals(Tokenizer.EOF, tt.type());
 
-    m_t = new Tokenizer("identifier ( junk ; comment\n )");
-    tt = m_t.get();
-    assertEquals(Tokenizer.IDENTIFIER, tt.type);
-    assertEquals(Tokenizer.IDENTIFIER, m_t.get().type);
-    assertEquals(Tokenizer.EOF, m_t.get().type);
+    t = new Tokenizer("identifier ( junk ; comment\n )");
+    tt = t.get();
+    assertEquals(Tokenizer.IDENTIFIER, tt.type());
+    assertEquals(Tokenizer.IDENTIFIER, t.get().type());
+    assertEquals(Tokenizer.EOF, t.get().type());
   }
 
   @Test
-  void get_invalid() throws IOException {
-    m_t = new Tokenizer("(this ;");
-    m_t.get();
-    assertThrows(TextParseException.class, () -> m_t.get());
-
-    m_t = new Tokenizer("\"bad");
-    assertThrows(TextParseException.class, () -> m_t.get());
-
-    m_t = new Tokenizer(")");
-    assertThrows(TextParseException.class, () -> m_t.get());
-
-    m_t = new Tokenizer("\\");
-    assertThrows(TextParseException.class, () -> m_t.get());
+  void get_invalidIncomplete() throws IOException {
+    try (Tokenizer t = new Tokenizer("(this ;")) {
+      t.get();
+      assertThrows(TextParseException.class, t::get);
+    }
+  }
 
-    m_t = new Tokenizer("\"\n");
-    assertThrows(TextParseException.class, () -> m_t.get());
+  @ParameterizedTest
+  @ValueSource(
+      strings = {
+        "\"bad", ")", "\\", "\"\n",
+      })
+  void get_invalid(String data) {
+    try (Tokenizer t = new Tokenizer(data)) {
+      assertThrows(TextParseException.class, t::get);
+    }
   }
 
   @Test
-  void File_input() throws IOException {
+  void file_input() throws IOException {
     File tmp = File.createTempFile("dnsjava", "tmp");
-    try {
-      FileWriter fw = new FileWriter(tmp);
-      fw.write("file\ninput; test");
-      fw.close();
-
-      m_t = new Tokenizer(tmp);
-
-      Tokenizer.Token tt = m_t.get();
-      assertEquals(Tokenizer.IDENTIFIER, tt.type);
-      assertEquals("file", tt.value);
-
-      tt = m_t.get();
-      assertEquals(Tokenizer.EOL, tt.type);
-
-      tt = m_t.get();
-      assertEquals(Tokenizer.IDENTIFIER, tt.type);
-      assertEquals("input", tt.value);
-
-      tt = m_t.get(false, true);
-      assertEquals(Tokenizer.COMMENT, tt.type);
-      assertEquals(" test", tt.value);
-
-      m_t.close();
+    Files.write(tmp.toPath(), "file\ninput; test".getBytes(StandardCharsets.UTF_8));
+    try (Tokenizer t = new Tokenizer(tmp)) {
+      Tokenizer.Token tt = t.get();
+      assertEquals(Tokenizer.IDENTIFIER, tt.type());
+      assertEquals("file", tt.value());
+
+      tt = t.get();
+      assertEquals(Tokenizer.EOL, tt.type());
+
+      tt = t.get();
+      assertEquals(Tokenizer.IDENTIFIER, tt.type());
+      assertEquals("input", tt.value());
+
+      tt = t.get(false, true);
+      assertEquals(Tokenizer.COMMENT, tt.type());
+      assertEquals(" test", tt.value());
     } finally {
       tmp.delete();
     }
@@ -247,257 +236,274 @@ void File_input() throws IOException {
 
   @Test
   void unwanted_comment() throws IOException {
-    m_t = new Tokenizer("; this whole thing is a comment\n");
-    Tokenizer.Token tt = m_t.get();
+    Tokenizer t = new Tokenizer("; this whole thing is a comment\n");
+    Tokenizer.Token tt = t.get();
 
-    assertEquals(Tokenizer.EOL, tt.type);
+    assertEquals(Tokenizer.EOL, tt.type());
   }
 
   @Test
   void unwanted_ungotten_whitespace() throws IOException {
-    m_t = new Tokenizer(" ");
-    Tokenizer.Token tt = m_t.get(true, true);
-    m_t.unget();
-    tt = m_t.get();
-    assertEquals(Tokenizer.EOF, tt.type);
+    Tokenizer t = new Tokenizer(" ");
+    t.get(true, true);
+    t.unget();
+    Tokenizer.Token tt = t.get();
+    assertEquals(Tokenizer.EOF, tt.type());
   }
 
   @Test
   void unwanted_ungotten_comment() throws IOException {
-    m_t = new Tokenizer("; this whole thing is a comment");
-    Tokenizer.Token tt = m_t.get(true, true);
-    m_t.unget();
-    tt = m_t.get();
-    assertEquals(Tokenizer.EOF, tt.type);
+    Tokenizer t = new Tokenizer("; this whole thing is a comment");
+    t.get(true, true);
+    t.unget();
+    Tokenizer.Token tt = t.get();
+    assertEquals(Tokenizer.EOF, tt.type());
   }
 
   @Test
   void empty_string() throws IOException {
-    m_t = new Tokenizer("");
-    Tokenizer.Token tt = m_t.get();
-    assertEquals(Tokenizer.EOF, tt.type);
+    Tokenizer t = new Tokenizer("");
+    Tokenizer.Token tt = t.get();
+    assertEquals(Tokenizer.EOF, tt.type());
 
-    m_t = new Tokenizer(" ");
-    tt = m_t.get();
-    assertEquals(Tokenizer.EOF, tt.type);
+    t = new Tokenizer(" ");
+    tt = t.get();
+    assertEquals(Tokenizer.EOF, tt.type());
   }
 
   @Test
   void multiple_ungets() throws IOException {
-    m_t = new Tokenizer("a simple one");
-    Tokenizer.Token tt = m_t.get();
-
-    m_t.unget();
-    assertThrows(IllegalStateException.class, () -> m_t.unget());
+    Tokenizer t = new Tokenizer("a simple one");
+    t.get();
+    t.unget();
+    assertThrows(IllegalStateException.class, t::unget);
   }
 
   @Test
-  void getString() throws IOException {
-    m_t = new Tokenizer("just_an_identifier");
-    final String[] out = {m_t.getString()};
-    assertEquals("just_an_identifier", out[0]);
+  void getStringIdentifier() throws IOException {
+    Tokenizer t = new Tokenizer("just_an_identifier");
+    assertEquals("just_an_identifier", t.getString());
+  }
 
-    m_t = new Tokenizer("\"just a string\"");
-    out[0] = m_t.getString();
-    assertEquals("just a string", out[0]);
+  @Test
+  void getStringQuoted() throws IOException {
+    Tokenizer t = new Tokenizer("\"just a string\"");
+    assertEquals("just a string", t.getString());
+  }
 
-    m_t = new Tokenizer("; just a comment");
-    assertThrows(TextParseException.class, () -> out[0] = m_t.getString());
+  @Test
+  void getStringComment() {
+    Tokenizer t = new Tokenizer("; just a comment");
+    assertThrows(TextParseException.class, t::getString);
   }
 
   @Test
   void getIdentifier() throws IOException {
-    m_t = new Tokenizer("just_an_identifier");
-    String out = m_t.getIdentifier();
+    Tokenizer t = new Tokenizer("just_an_identifier");
+    String out = t.getIdentifier();
     assertEquals("just_an_identifier", out);
 
-    m_t = new Tokenizer("\"just a string\"");
-    assertThrows(TextParseException.class, () -> m_t.getIdentifier());
+    t = new Tokenizer("\"just a string\"");
+    assertThrows(TextParseException.class, t::getIdentifier);
   }
 
   @Test
   void getLong() throws IOException {
-    m_t = new Tokenizer((Integer.MAX_VALUE + 1L) + "");
-    long out = m_t.getLong();
+    Tokenizer t = new Tokenizer((Integer.MAX_VALUE + 1L) + "");
+    long out = t.getLong();
     assertEquals(Integer.MAX_VALUE + 1L, out);
 
-    m_t = new Tokenizer("-10");
-    assertThrows(TextParseException.class, () -> m_t.getLong());
+    t = new Tokenizer("-10");
+    assertThrows(TextParseException.class, t::getLong);
 
-    m_t = new Tokenizer("19_identifier");
-    assertThrows(TextParseException.class, () -> m_t.getLong());
+    t = new Tokenizer("19_identifier");
+    assertThrows(TextParseException.class, t::getLong);
   }
 
   @Test
   void getUInt32() throws IOException {
-    m_t = new Tokenizer(0xABCDEF12L + "");
-    long out = m_t.getUInt32();
+    Tokenizer t = new Tokenizer(0xABCDEF12L + "");
+    long out = t.getUInt32();
     assertEquals(0xABCDEF12L, out);
 
-    m_t = new Tokenizer(0x100000000L + "");
-    assertThrows(TextParseException.class, () -> m_t.getUInt32());
+    t = new Tokenizer(0x100000000L + "");
+    assertThrows(TextParseException.class, t::getUInt32);
 
-    m_t = new Tokenizer("-12345");
-    assertThrows(TextParseException.class, () -> m_t.getUInt32());
+    t = new Tokenizer("-12345");
+    assertThrows(TextParseException.class, t::getUInt32);
   }
 
   @Test
   void getUInt16() throws IOException {
-    m_t = new Tokenizer(0xABCDL + "");
-    int out = m_t.getUInt16();
+    Tokenizer t = new Tokenizer(0xABCDL + "");
+    int out = t.getUInt16();
     assertEquals(0xABCDL, out);
 
-    m_t = new Tokenizer(0x10000 + "");
-    assertThrows(TextParseException.class, () -> m_t.getUInt16());
+    t = new Tokenizer(0x10000 + "");
+    assertThrows(TextParseException.class, t::getUInt16);
 
-    m_t = new Tokenizer("-125");
-    assertThrows(TextParseException.class, () -> m_t.getUInt16());
+    t = new Tokenizer("-125");
+    assertThrows(TextParseException.class, t::getUInt16);
   }
 
   @Test
   void getUInt8() throws IOException {
-    m_t = new Tokenizer(0xCDL + "");
-    int out = m_t.getUInt8();
+    Tokenizer t = new Tokenizer(0xCDL + "");
+    int out = t.getUInt8();
     assertEquals(0xCDL, out);
 
-    m_t = new Tokenizer(0x100 + "");
-    assertThrows(TextParseException.class, () -> m_t.getUInt8());
+    t = new Tokenizer(0x100 + "");
+    assertThrows(TextParseException.class, t::getUInt8);
 
-    m_t = new Tokenizer("-12");
-    assertThrows(TextParseException.class, () -> m_t.getUInt8());
+    t = new Tokenizer("-12");
+    assertThrows(TextParseException.class, t::getUInt8);
   }
 
   @Test
   void getTTL() throws IOException {
-    m_t = new Tokenizer("59S");
-    assertEquals(59, m_t.getTTL());
+    Tokenizer t = new Tokenizer("59S");
+    assertEquals(59, t.getTTL());
 
-    m_t = new Tokenizer(TTL.MAX_VALUE + "");
-    assertEquals(TTL.MAX_VALUE, m_t.getTTL());
+    t = new Tokenizer(TTL.MAX_VALUE + "");
+    assertEquals(TTL.MAX_VALUE, t.getTTL());
 
-    m_t = new Tokenizer((TTL.MAX_VALUE + 1L) + "");
-    assertEquals(TTL.MAX_VALUE, m_t.getTTL());
+    t = new Tokenizer((TTL.MAX_VALUE + 1L) + "");
+    assertEquals(TTL.MAX_VALUE, t.getTTL());
 
-    m_t = new Tokenizer("Junk");
-    assertThrows(TextParseException.class, () -> m_t.getTTL());
+    t = new Tokenizer("Junk");
+    assertThrows(TextParseException.class, t::getTTL);
   }
 
   @Test
   void getTTLLike() throws IOException {
-    m_t = new Tokenizer("59S");
-    assertEquals(59, m_t.getTTLLike());
+    Tokenizer t = new Tokenizer("59S");
+    assertEquals(59, t.getTTLLike());
 
-    m_t = new Tokenizer(TTL.MAX_VALUE + "");
-    assertEquals(TTL.MAX_VALUE, m_t.getTTLLike());
+    t = new Tokenizer(TTL.MAX_VALUE + "");
+    assertEquals(TTL.MAX_VALUE, t.getTTLLike());
 
-    m_t = new Tokenizer((TTL.MAX_VALUE + 1L) + "");
-    assertEquals(TTL.MAX_VALUE + 1L, m_t.getTTLLike());
+    t = new Tokenizer((TTL.MAX_VALUE + 1L) + "");
+    assertEquals(TTL.MAX_VALUE + 1L, t.getTTLLike());
 
-    m_t = new Tokenizer("Junk");
-    assertThrows(TextParseException.class, () -> m_t.getTTLLike());
+    t = new Tokenizer("Junk");
+    assertThrows(TextParseException.class, t::getTTLLike);
   }
 
   @Test
   void getName() throws IOException {
-    Name root = Name.fromString(".");
-    m_t = new Tokenizer("junk");
+    Tokenizer t = new Tokenizer("junk");
     Name exp = Name.fromString("junk.");
-    Name out = m_t.getName(root);
+    Name out = t.getName(Name.root);
     assertEquals(exp, out);
+  }
 
+  @Test
+  void getNameRelative() throws IOException {
     Name rel = Name.fromString("you.dig");
-    m_t = new Tokenizer("junk");
-    assertThrows(RelativeNameException.class, () -> m_t.getName(rel));
+    Tokenizer t = new Tokenizer("junk");
+    assertThrows(RelativeNameException.class, () -> t.getName(rel));
+  }
 
-    m_t = new Tokenizer("");
-    assertThrows(TextParseException.class, () -> m_t.getName(root));
+  @Test
+  void getNameFromEmpty() {
+    Tokenizer t = new Tokenizer("");
+    assertThrows(TextParseException.class, () -> t.getName(Name.root));
   }
 
   @Test
   void getEOL() throws IOException {
-    m_t = new Tokenizer("id");
-    m_t.getIdentifier();
+    Tokenizer t = new Tokenizer("id");
+    t.getIdentifier();
     try {
-      m_t.getEOL();
+      t.getEOL();
     } catch (TextParseException e) {
       fail(e.getMessage());
     }
 
-    m_t = new Tokenizer("\n");
+    t = new Tokenizer("\n");
     try {
-      m_t.getEOL();
-      m_t.getEOL();
+      t.getEOL();
+      t.getEOL();
     } catch (TextParseException e) {
       fail(e.getMessage());
     }
 
-    m_t = new Tokenizer("id");
-    assertThrows(TextParseException.class, () -> m_t.getEOL());
+    t = new Tokenizer("id");
+    assertThrows(TextParseException.class, t::getEOL);
   }
 
-  @Test
-  void getBase64() throws IOException {
+  @ParameterizedTest
+  @ValueSource(
+      strings = {
+        // basic
+        "AQIDBAUGBwgJ",
+        // with some whitespace
+        "AQIDB AUGB   wgJ",
+        // two base64s separated by newline
+        "AQIDBAUGBwgJ\nAB23DK",
+      })
+  void getBase64(String data) throws IOException {
     byte[] exp = {1, 2, 3, 4, 5, 6, 7, 8, 9};
-    // basic
-    m_t = new Tokenizer("AQIDBAUGBwgJ");
-    byte[] out = m_t.getBase64();
-    assertArrayEquals(exp, out);
-
-    // with some whitespace
-    m_t = new Tokenizer("AQIDB AUGB   wgJ");
-    out = m_t.getBase64();
-    assertArrayEquals(exp, out);
-
-    // two base64s separated by newline
-    m_t = new Tokenizer("AQIDBAUGBwgJ\nAB23DK");
-    out = m_t.getBase64();
+    Tokenizer t = new Tokenizer(data);
+    byte[] out = t.getBase64();
     assertArrayEquals(exp, out);
+  }
 
+  @Test
+  void getBase64Newline() throws IOException {
     // no remaining strings
-    m_t = new Tokenizer("\n");
-    assertNull(m_t.getBase64());
-
-    m_t = new Tokenizer("\n");
-    assertThrows(TextParseException.class, () -> m_t.getBase64(true));
-
-    // invalid encoding
-    m_t = new Tokenizer("not_base64");
-    assertThrows(TextParseException.class, () -> m_t.getBase64(false));
-
-    m_t = new Tokenizer("not_base64");
-    assertThrows(TextParseException.class, () -> m_t.getBase64(true));
+    Tokenizer t = new Tokenizer("\n");
+    assertNull(t.getBase64());
   }
 
   @Test
-  void getHex() throws IOException {
-    byte[] exp = {1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15};
-    // basic
-    m_t = new Tokenizer("0102030405060708090A0B0C0D0E0F");
-    byte[] out = m_t.getHex();
-    assertArrayEquals(exp, out);
+  void getBase64NewlineRequired() {
+    Tokenizer t = new Tokenizer("\n");
+    assertThrows(TextParseException.class, () -> t.getBase64(true));
+  }
 
-    // with some whitespace
-    m_t = new Tokenizer("0102030 405 060708090A0B0C      0D0E0F");
-    out = m_t.getHex();
-    assertArrayEquals(exp, out);
+  @ParameterizedTest
+  @ValueSource(booleans = {false, true})
+  void getBase64InvalidEncoding(boolean required) {
+    Tokenizer t = new Tokenizer("not_base64");
+    assertThrows(TextParseException.class, () -> t.getBase64(required));
+  }
 
-    // two hexs separated by newline
-    m_t = new Tokenizer("0102030405060708090A0B0C0D0E0F\n01AB3FE");
-    out = m_t.getHex();
+  @ParameterizedTest
+  @CsvSource(
+      value = {
+        // basic
+        "0102030405060708090A0B0C0D0E0F",
+        // with some whitespace
+        "0102030 405 060708090A0B0C      0D0E0F",
+        // two hexs separated by newline
+        "0102030405060708090A0B0C0D0E0F\n01AB3FE",
+      },
+      ignoreLeadingAndTrailingWhitespace = false)
+  void getHex(String data) throws IOException {
+    byte[] exp = {1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15};
+    Tokenizer t = new Tokenizer(data);
+    byte[] out = t.getHex();
     assertArrayEquals(exp, out);
+  }
 
+  @Test
+  void getHexNewline() throws IOException {
     // no remaining strings
-    m_t = new Tokenizer("\n");
-    assertNull(m_t.getHex());
-
-    m_t = new Tokenizer("\n");
-    assertThrows(TextParseException.class, () -> m_t.getHex(true));
+    Tokenizer t = new Tokenizer("\n");
+    assertNull(t.getHex());
+  }
 
-    // invalid encoding
-    m_t = new Tokenizer("not_hex");
-    assertThrows(TextParseException.class, () -> m_t.getHex(false));
+  @Test
+  void getHexNewlineRequired() {
+    Tokenizer t = new Tokenizer("\n");
+    assertThrows(TextParseException.class, () -> t.getHex(true));
+  }
 
-    m_t = new Tokenizer("not_hex");
-    assertThrows(TextParseException.class, () -> m_t.getHex(true));
+  @ParameterizedTest
+  @ValueSource(booleans = {false, true})
+  void getHexInvalidEncoding(boolean required) {
+    Tokenizer t = new Tokenizer("not_hex");
+    assertThrows(TextParseException.class, () -> t.getHex(required));
   }
 }
diff --git a/src/test/java/org/xbill/DNS/TypeBitmapTest.java b/src/test/java/org/xbill/DNS/TypeBitmapTest.java
index ab94b5e2a..e3100caad 100644
--- a/src/test/java/org/xbill/DNS/TypeBitmapTest.java
+++ b/src/test/java/org/xbill/DNS/TypeBitmapTest.java
@@ -34,6 +34,7 @@
 //
 package org.xbill.DNS;
 
+import static org.junit.jupiter.api.Assertions.assertArrayEquals;
 import static org.junit.jupiter.api.Assertions.assertEquals;
 
 import org.junit.jupiter.api.Test;
@@ -47,13 +48,66 @@ void empty() {
 
   @Test
   void typeA() {
-    TypeBitmap typeBitmap = new TypeBitmap(new int[] {1});
+    TypeBitmap typeBitmap = new TypeBitmap(new int[] {Type.A});
     assertEquals("A", typeBitmap.toString());
   }
 
   @Test
   void typeNSandSOA() {
-    TypeBitmap typeBitmap = new TypeBitmap(new int[] {2, 6});
+    TypeBitmap typeBitmap = new TypeBitmap(new int[] {Type.NS, Type.SOA});
     assertEquals("NS SOA", typeBitmap.toString());
   }
+
+  @Test
+  void typeNSandSOAArray() {
+    int[] typeArray = new int[] {Type.NS, Type.SOA};
+    TypeBitmap typeBitmap = new TypeBitmap(typeArray);
+    assertArrayEquals(typeArray, typeBitmap.toArray());
+  }
+
+  @Test
+  void typeAAndSOAToWire() {
+    int[] typeArray = new int[] {Type.A, Type.SOA};
+    TypeBitmap typeBitmap = new TypeBitmap(typeArray);
+    DNSOutput out = new DNSOutput();
+    typeBitmap.toWire(out);
+    assertArrayEquals(new byte[] {0, 1, 0b0100_0010}, out.toByteArray());
+  }
+
+  @Test
+  void typeAandNSEC3ToWireAndBack() throws WireParseException {
+    int[] typeArray = new int[] {Type.A, Type.NSEC3};
+    byte[] wire =
+        new byte[] {
+          // block
+          0,
+          // size
+          7,
+          // 0-7
+          0b0100_0000,
+          // 8-15,
+          0,
+          // 16-23,
+          0,
+          // 24-31,
+          0,
+          // 32-39
+          0,
+          // 40-47
+          0,
+          // 48-55
+          0b0010_0000
+        };
+
+    // Test serialization
+    TypeBitmap typeBitmapOut = new TypeBitmap(typeArray);
+    DNSOutput out = new DNSOutput();
+    typeBitmapOut.toWire(out);
+    assertArrayEquals(wire, out.toByteArray());
+
+    // Test parsing
+    DNSInput in = new DNSInput(wire);
+    TypeBitmap typeBitmapIn = new TypeBitmap(in);
+    assertArrayEquals(typeArray, typeBitmapIn.toArray());
+  }
 }
diff --git a/src/test/java/org/xbill/DNS/TypeTest.java b/src/test/java/org/xbill/DNS/TypeTest.java
index 91ec60231..861322a0c 100644
--- a/src/test/java/org/xbill/DNS/TypeTest.java
+++ b/src/test/java/org/xbill/DNS/TypeTest.java
@@ -125,22 +125,22 @@ void checkCustomRecords() throws Exception {
     MYTXTRecord testRecord = new MYTXTRecord(testOwner, DClass.IN, 3600, "hello world");
 
     byte[] wireData = testRecord.toWire(Section.ANSWER);
-    Record record = Record.fromWire(new DNSInput(wireData), Section.ANSWER, false);
-    assertEquals(MYTXTRecord.class, record.getClass());
-    assertEquals(MYTXT, record.getType());
+    Record customRecord = Record.fromWire(new DNSInput(wireData), Section.ANSWER, false);
+    assertEquals(MYTXTRecord.class, customRecord.getClass());
+    assertEquals(MYTXT, customRecord.getType());
 
     byte[] textData = testRecord.toString().getBytes(StandardCharsets.US_ASCII);
     Master m = new Master(new ByteArrayInputStream(textData));
-    record = m.nextRecord();
-    assertNotNull(record);
-    assertEquals(MYTXTRecord.class, record.getClass());
-    assertEquals(MYTXT, record.getType());
+    customRecord = m.nextRecord();
+    assertNotNull(customRecord);
+    assertEquals(MYTXTRecord.class, customRecord.getClass());
+    assertEquals(MYTXT, customRecord.getType());
     m.close();
 
     Type.register(MYTXT, MYTXTName, null);
-    record = Record.fromWire(new DNSInput(wireData), Section.ANSWER, false);
-    assertEquals(UNKRecord.class, record.getClass());
-    assertEquals(MYTXT, record.getType());
+    customRecord = Record.fromWire(new DNSInput(wireData), Section.ANSWER, false);
+    assertEquals(UNKRecord.class, customRecord.getClass());
+    assertEquals(MYTXT, customRecord.getType());
 
     // test implementation replacement
 
@@ -152,16 +152,16 @@ record = Record.fromWire(new DNSInput(wireData), Section.ANSWER, false);
       Type.register(Type.TXT, "TXT", TXTRecordReplacement::new);
       TXTRecord testRecord2 = new TXTRecord(testOwner, DClass.IN, 3600, "howdy");
       wireData = testRecord2.toWire(Section.ANSWER);
-      record = Record.fromWire(new DNSInput(wireData), Section.ANSWER, false);
-      assertEquals(TXTRecordReplacement.class, record.getClass());
-      assertEquals(Type.TXT, record.getType());
+      customRecord = Record.fromWire(new DNSInput(wireData), Section.ANSWER, false);
+      assertEquals(TXTRecordReplacement.class, customRecord.getClass());
+      assertEquals(Type.TXT, customRecord.getType());
 
       byte[] textData2 = testRecord2.toString().getBytes(StandardCharsets.US_ASCII);
       m = new Master(new ByteArrayInputStream(textData2));
-      record = m.nextRecord();
-      assertNotNull(record);
-      assertEquals(TXTRecordReplacement.class, record.getClass());
-      assertEquals(Type.TXT, record.getType());
+      customRecord = m.nextRecord();
+      assertNotNull(customRecord);
+      assertEquals(TXTRecordReplacement.class, customRecord.getClass());
+      assertEquals(Type.TXT, customRecord.getType());
       m.close();
 
     } finally {
diff --git a/src/test/java/org/xbill/DNS/UpdateTest.java b/src/test/java/org/xbill/DNS/UpdateTest.java
new file mode 100644
index 000000000..23457e8d7
--- /dev/null
+++ b/src/test/java/org/xbill/DNS/UpdateTest.java
@@ -0,0 +1,68 @@
+// SPDX-License-Identifier: BSD-3-Clause
+package org.xbill.DNS;
+
+import static org.assertj.core.api.Assertions.assertThat;
+import static org.assertj.core.api.Assertions.assertThatThrownBy;
+
+import java.io.IOException;
+import java.net.UnknownHostException;
+import java.util.UUID;
+import java.util.concurrent.CompletableFuture;
+import org.junit.jupiter.api.Test;
+import org.xbill.DNS.io.IoClientFactory;
+import org.xbill.DNS.io.TcpIoClient;
+import org.xbill.DNS.io.UdpIoClient;
+
+class UpdateTest {
+  private static final Name exampleCom = Name.fromConstantString("example.com.");
+
+  private Update getLargeUpdateMessage() throws TextParseException {
+    Update u = new Update(exampleCom);
+    for (int i = 0; i < 2000; i++) {
+      u.add(
+          new TXTRecord(
+              new Name("name-" + i, exampleCom), DClass.IN, 900, UUID.randomUUID().toString()));
+    }
+    return u;
+  }
+
+  @Test
+  void toWireThrowsOnDisallowedTruncation() throws IOException {
+    Update u = getLargeUpdateMessage();
+    assertThatThrownBy(() -> u.toWire(Message.MAXLENGTH, false))
+        .isInstanceOf(MessageSizeExceededException.class);
+  }
+
+  @Test
+  void toWireAllowsTruncationByDefault() throws IOException, MessageSizeExceededException {
+    Update u = getLargeUpdateMessage();
+    int maxSize = 16384;
+    byte[] defaultOverloadResult = u.toWire(maxSize);
+    byte[] truncationAllowedResult = u.toWire(maxSize, true);
+    Message readBack = new Message(defaultOverloadResult);
+    assertThat(defaultOverloadResult).isEqualTo(truncationAllowedResult).hasSizeLessThan(maxSize);
+    assertThat(readBack.getHeader().getFlag(Flags.TC)).isTrue();
+  }
+
+  @Test
+  void resolverForbidsTruncation() throws TextParseException, UnknownHostException {
+    Update u = getLargeUpdateMessage();
+    SimpleResolver r = new SimpleResolver("127.0.0.1");
+    r.setIoClientFactory(
+        new IoClientFactory() {
+          @Override
+          public TcpIoClient createOrGetTcpClient() {
+            return (local, remote, query, data, timeout) -> CompletableFuture.completedFuture(data);
+          }
+
+          @Override
+          public UdpIoClient createOrGetUdpClient() {
+            throw new RuntimeException("Not implemented");
+          }
+        });
+    r.setTCP(true);
+    assertThatThrownBy(() -> r.send(u))
+        .rootCause()
+        .isInstanceOf(MessageSizeExceededException.class);
+  }
+}
diff --git a/src/test/java/org/xbill/DNS/WKSRecordTest.java b/src/test/java/org/xbill/DNS/WKSRecordTest.java
index 09fe52cc7..823f22902 100644
--- a/src/test/java/org/xbill/DNS/WKSRecordTest.java
+++ b/src/test/java/org/xbill/DNS/WKSRecordTest.java
@@ -13,12 +13,12 @@ class WKSRecordTest {
   @Test
   void rdataFromString() throws IOException {
     Tokenizer t = new Tokenizer("127.0.0.1 tcp ftp telnet smtp");
-    WKSRecord record = new WKSRecord();
-    record.rdataFromString(t, null);
-    assertNotNull(record.getAddress());
-    assertEquals(WKSRecord.Protocol.TCP, record.getProtocol());
+    WKSRecord wksRecord = new WKSRecord();
+    wksRecord.rdataFromString(t, null);
+    assertNotNull(wksRecord.getAddress());
+    assertEquals(WKSRecord.Protocol.TCP, wksRecord.getProtocol());
     assertArrayEquals(
         new int[] {WKSRecord.Service.FTP, WKSRecord.Service.TELNET, WKSRecord.Service.SMTP},
-        record.getServices());
+        wksRecord.getServices());
   }
 }
diff --git a/src/test/java/org/xbill/DNS/X25RecordTest.java b/src/test/java/org/xbill/DNS/X25RecordTest.java
index 7f422b1f7..1dc8a094c 100644
--- a/src/test/java/org/xbill/DNS/X25RecordTest.java
+++ b/src/test/java/org/xbill/DNS/X25RecordTest.java
@@ -11,8 +11,8 @@ class X25RecordTest {
   @Test
   void rdataFromString() throws IOException {
     Tokenizer t = new Tokenizer("311061700956");
-    X25Record record = new X25Record();
-    record.rdataFromString(t, null);
-    assertEquals("311061700956", record.getAddress());
+    X25Record x25Record = new X25Record();
+    x25Record.rdataFromString(t, null);
+    assertEquals("311061700956", x25Record.getAddress());
   }
 }
diff --git a/src/test/java/org/xbill/DNS/ZoneMDRecordTest.java b/src/test/java/org/xbill/DNS/ZoneMDRecordTest.java
new file mode 100644
index 000000000..84508bef9
--- /dev/null
+++ b/src/test/java/org/xbill/DNS/ZoneMDRecordTest.java
@@ -0,0 +1,216 @@
+// SPDX-License-Identifier: BSD-3-Clause
+package org.xbill.DNS;
+
+import static org.junit.jupiter.api.Assertions.assertArrayEquals;
+import static org.junit.jupiter.api.Assertions.assertEquals;
+import static org.junit.jupiter.api.Assertions.assertInstanceOf;
+import static org.junit.jupiter.api.Assertions.assertNotNull;
+import static org.junit.jupiter.api.Assertions.assertThrows;
+import static org.junit.jupiter.api.Assertions.assertTrue;
+
+import java.io.IOException;
+import org.junit.jupiter.api.Test;
+import org.junit.jupiter.params.ParameterizedTest;
+import org.junit.jupiter.params.provider.CsvSource;
+import org.xbill.DNS.ZoneMDRecord.Hash;
+import org.xbill.DNS.utils.base16;
+
+public class ZoneMDRecordTest {
+  @ParameterizedTest
+  @CsvSource({
+    "1,48", "2,64",
+  })
+  void testKnownHashLengths(int alg, int len) {
+    assertEquals(len, Hash.hashLength(alg));
+  }
+
+  @ParameterizedTest
+  @CsvSource({
+    "1,384", "2,512",
+  })
+  void testKnownHashNames(int alg, String suffix) {
+    assertEquals("SHA" + suffix, Hash.string(alg));
+  }
+
+  @ParameterizedTest
+  @CsvSource({
+    "0,0,12", "1,0,12", "0,1,48", "0,2,64",
+  })
+  void testConstructorSuccess(int scheme, int hash, int digestSize) {
+    ZoneMDRecord md =
+        new ZoneMDRecord(
+            Name.root, DClass.IN, 3600, 2147483648L, scheme, hash, new byte[digestSize]);
+    assertNotNull(md);
+    assertEquals(2147483648L, md.getSerial());
+    assertEquals(scheme, md.getScheme());
+    assertEquals(hash, md.getHashAlgorithm());
+  }
+
+  @ParameterizedTest
+  @CsvSource({
+    "-1,0,0,12",
+    "4294967296,0,0,12",
+    "2147483648,-1,0,12",
+    "2147483648,257,0,12",
+    "2147483648,0,-1,12",
+    "2147483648,0,257,12",
+    "2147483648,0,0,11",
+    "2147483648,0,1,47",
+    "2147483648,0,1,49",
+    "2147483648,0,2,63",
+    "2147483648,0,2,65",
+  })
+  void testConstructorFails(long serial, int scheme, int hash, int digestSize) {
+    assertThrows(
+        IllegalArgumentException.class,
+        () ->
+            new ZoneMDRecord(
+                Name.root, DClass.IN, 3600, serial, scheme, hash, new byte[digestSize]));
+  }
+
+  @ParameterizedTest
+  @CsvSource({
+    "2147483648,0,0,FEBE3D4CFEBEFEBE3D4CFEBE",
+    "2147483648,0,1,FEBE3D4CE2EC2FFA4BA99D46CD69D6D29711E55217057BEEFEBE3D4CE2EC2FFA4BA99D46CD69D6D29711E55217057BEE",
+    "2147483648,0,2,FEBE3D4CE2EC2FFA4BA99D46CD69D6D29711E55217057BEEFEBE3D4CFEBE3D4CFEBE3D4CE2EC2FFA4BA99D46CD69D6D29711E55217057BEEFEBE3D4CFEBE3D4C",
+    "2147483648,1,0,FEBE3D4CFEBEFEBE3D4CFEBE",
+    "2147483648,1,1,FEBE3D4CE2EC2FFA4BA99D46CD69D6D29711E55217057BEEFEBE3D4CE2EC2FFA4BA99D46CD69D6D29711E55217057BEE",
+    "2147483648,1,2,FEBE3D4CE2EC2FFA4BA99D46CD69D6D29711E55217057BEEFEBE3D4CFEBE3D4CFEBE3D4CE2EC2FFA4BA99D46CD69D6D29711E55217057BEEFEBE3D4CFEBE3D4C",
+  })
+  void testFromWireSuccess(long serial, int scheme, int hash, String digest) {
+    ZoneMDRecord md =
+        new ZoneMDRecord(
+            Name.root, DClass.IN, 3600, serial, scheme, hash, base16.fromString(digest));
+    assertNotNull(md);
+    assertEquals(2147483648L, md.getSerial());
+    assertEquals(scheme, md.getScheme());
+    assertEquals(hash, md.getHashAlgorithm());
+  }
+
+  @ParameterizedTest
+  @CsvSource({
+    "-1,0,0,FEBE3D4CFEBEFEBE3D4CFEBE",
+    "4294967296,0,0,FEBE3D4CFEBEFEBE3D4CFEBE",
+    "2147483648,0,2,FEBE3D4CE2EC2FFA4BA99D46CD69D6D29711E55217057BEEFEBE3D4CFEBE3D4CFEBE3D4CE2EC2FFA4BA99D46CD69D6D29711E55217057BEEFEBE3D4CFEBE3D4C5D",
+    "2147483648,0,2,FEBE3D4CE2EC2FFA4BA99D46CD69D6D29711E55217057BEEFEBE3D4CFEBE3D4CFEBE3D4CE2EC2FFA4BA99D46CD69D6D29711E55217057BEEFEBE3D4CFEBE3D",
+    "2147483648,0,1,FEBE3D4CE2EC2FFA4BA99D46CD69D6D29711E55217057BEEFEBE3D4CE2EC2FFA4BA99D46CD69D6D29711E55217057BEEFF",
+    "2147483648,0,1,FEBE3D4CE2EC2FFA4BA99D46CD69D6D29711E55217057BEEFEBE3D4CE2EC2FFA4BA99D46CD69D6D29711E55217057B",
+    "2147483648,0,0,FEBE3D4CFEBEFEBE3D4CFE",
+    "2147483648,-1,0,FEBE3D4CFEBEFEBE3D4CFEBE",
+    "2147483648,257,0,FEBE3D4CFEBEFEBE3D4CFEBE",
+    "2147483648,0,-1,FEBE3D4CFEBEFEBE3D4CFEBE",
+    "2147483648,0,257,FEBE3D4CFEBEFEBE3D4CFEBE",
+  })
+  void testFromWireFails(long serial, int scheme, int hash, String digest) {
+    assertThrows(
+        IllegalArgumentException.class,
+        () ->
+            new ZoneMDRecord(
+                Name.root, DClass.IN, 3600, serial, scheme, hash, base16.fromString(digest)));
+  }
+
+  @ParameterizedTest
+  @CsvSource({
+    "2147483648,0,0,FEBE3D4CFEBEFEBE3D4CFEBE",
+    "2147483648,0,1,FEBE3D4CE2EC2FFA4BA99D46CD69D6D29711E55217057BEEFEBE3D4CE2EC2FFA4BA99D46CD69D6D29711E55217057BEE",
+    "2147483648,0,2,FEBE3D4CE2EC2FFA4BA99D46CD69D6D29711E55217057BEEFEBE3D4CFEBE3D4CFEBE3D4CE2EC2FFA4BA99D46CD69D6D29711E55217057BEEFEBE3D4CFEBE3D4C",
+    "2147483648,1,0,FEBE3D4CFEBEFEBE3D4CFEBE",
+    "2147483648,1,1,FEBE3D4CE2EC2FFA4BA99D46CD69D6D29711E55217057BEEFEBE3D4CE2EC2FFA4BA99D46CD69D6D29711E55217057BEE",
+    "2147483648,1,2,FEBE3D4CE2EC2FFA4BA99D46CD69D6D29711E55217057BEEFEBE3D4CFEBE3D4CFEBE3D4CE2EC2FFA4BA99D46CD69D6D29711E55217057BEEFEBE3D4CFEBE3D4C",
+  })
+  void testToAndFromWire(long serial, int scheme, int hash, String digestHex) throws IOException {
+    byte[] digest = base16.fromString(digestHex);
+    ZoneMDRecord md = new ZoneMDRecord(Name.root, DClass.IN, 3600, serial, scheme, hash, digest);
+    byte[] data = md.toWire(Section.ANSWER);
+    Record parsed = Record.fromWire(data, Section.ANSWER);
+    assertInstanceOf(ZoneMDRecord.class, parsed);
+    ZoneMDRecord parsedMd = (ZoneMDRecord) parsed;
+    assertEquals(serial, parsedMd.getSerial());
+    assertEquals(scheme, parsedMd.getScheme());
+    assertEquals(hash, parsedMd.getHashAlgorithm());
+    assertArrayEquals(digest, parsedMd.getDigest());
+  }
+
+  @ParameterizedTest
+  @CsvSource({
+    // Name ("."), ZoneMD = 63, DClass = 1, ttl=3600, length
+    "00_003F_0001_00000E10_0002_8000",
+    "00_003F_0001_00000E10_0004_80000000",
+    "00_003F_0001_00000E10_0006_80000000_00",
+    "00_003F_0001_00000E10_0008_80000000_00_00",
+    "00_003F_0001_00000E10_0011_80000000_00_00_FEBE3D4CFEBEFEBE3D4CFE",
+    "00_003F_0001_00000E10_0035_80000000_00_01_FEBE3D4CE2EC2FFA4BA99D46CD69D6D29711E55217057BEEFEBE3D4CE2EC2FFA4BA99D46CD69D6D29711E55217057B",
+    "00_003F_0001_00000E10_0037_80000000_00_01_FEBE3D4CE2EC2FFA4BA99D46CD69D6D29711E55217057BEEFEBE3D4CE2EC2FFA4BA99D46CD69D6D29711E55217057BEEFF",
+    "00_003F_0001_00000E10_0045_80000000_00_02_FEBE3D4CE2EC2FFA4BA99D46CD69D6D29711E55217057BEEFEBE3D4CFEBE3D4CFEBE3D4CE2EC2FFA4BA99D46CD69D6D29711E55217057BEEFEBE3D4CFEBE3D",
+    "00_003F_0001_00000E10_0047_80000000_00_02_FEBE3D4CE2EC2FFA4BA99D46CD69D6D29711E55217057BEEFEBE3D4CFEBE3D4CFEBE3D4CE2EC2FFA4BA99D46CD69D6D29711E55217057BEEFEBE3D4CFEBE3D4C5D",
+  })
+  void testFromWireFails(String hex) {
+    byte[] data = base16.fromString(hex.replaceAll("_", ""));
+    assertThrows(WireParseException.class, () -> Record.fromWire(data, Section.ANSWER));
+  }
+
+  @ParameterizedTest
+  @CsvSource({
+    "2023110500,1,241,1AADC4FDD0FDB404C4848A9D7C1F1C674C31ADDFDF747454BAE966048EAE0806158EBA5569EEC4638E7A765A72F5019D",
+    "2147483648,0,0,FEBE3D4CFEBEFEBE3D4CFEBE",
+    "2147483648,0,1,FEBE3D4CE2EC2FFA4BA99D46CD69D6D29711E55217057BEEFEBE3D4CE2EC2FFA4BA99D46CD69D6D29711E55217057BEE",
+    "2147483648,0,2,FEBE3D4CE2EC2FFA4BA99D46CD69D6D29711E55217057BEEFEBE3D4CFEBE3D4CFEBE3D4CE2EC2FFA4BA99D46CD69D6D29711E55217057BEEFEBE3D4CFEBE3D4C",
+    "2147483648,1,0,FEBE3D4CFEBEFEBE3D4CFEBE",
+    "2147483648,1,1,FEBE3D4CE2EC2FFA4BA99D46CD69D6D29711E55217057BEEFEBE3D4CE2EC2FFA4BA99D46CD69D6D29711E55217057BEE",
+    "2147483648,1,2,FEBE3D4CE2EC2FFA4BA99D46CD69D6D29711E55217057BEEFEBE3D4CFEBE3D4CFEBE3D4CE2EC2FFA4BA99D46CD69D6D29711E55217057BEEFEBE3D4CFEBE3D4C",
+  })
+  void testToAndFromRData(long serial, int scheme, int hash, String digestHex) throws IOException {
+    byte[] digest = base16.fromString(digestHex);
+    ZoneMDRecord md = new ZoneMDRecord(Name.root, DClass.IN, 3600, serial, scheme, hash, digest);
+    String data = md.rrToString();
+    assertEquals(serial + " " + scheme + " " + hash + " " + digestHex, data);
+
+    Record parsed = Record.fromString(Name.root, Type.ZONEMD, DClass.IN, 3600, data, Name.root);
+    assertInstanceOf(ZoneMDRecord.class, parsed);
+    ZoneMDRecord parsedMd = (ZoneMDRecord) parsed;
+    assertEquals(serial, parsedMd.getSerial());
+    assertEquals(scheme, parsedMd.getScheme());
+    assertEquals(hash, parsedMd.getHashAlgorithm());
+    assertArrayEquals(digest, parsedMd.getDigest());
+  }
+
+  @Test
+  void testToWrappedRdata() throws IOException {
+    String rdataIn =
+        "2147483648 0 2 FEBE3D4CE2EC2FFA4BA99D46CD69D6D29711E55217057BEEFEBE3D4CFEBE3D4CFEBE3D4CE2EC2FFA4BA99D46CD69D6D29711E55217057BEEFEBE3D4CFEBE3D4C";
+    ZoneMDRecord md =
+        (ZoneMDRecord)
+            Record.fromString(Name.root, Type.ZONEMD, DClass.IN, 3600, rdataIn, Name.root);
+    try {
+      Options.set("multiline");
+      String rdataOut = md.rrToString();
+      String[] lines = rdataOut.split("\n");
+      assertEquals(3, rdataOut.split("\n").length, "Expected lines");
+      assertTrue(lines[0].contains("("), "Missing opening parenthesis");
+      assertTrue(lines[1].contains("\t"), "Missing tabs");
+      assertTrue(rdataOut.endsWith(")"), "Missing closing parenthesis at end of string");
+    } finally {
+      Options.unset("multiline");
+    }
+  }
+
+  @ParameterizedTest
+  @CsvSource({
+    "-1 0 0 FEBE3D4CFEBEFEBE3D4CFEBE",
+    "4294967296 0 0 FEBE3D4CFEBEFEBE3D4CFEBE",
+    "2147483648, 1 0 FEBE3D4CFEBEFEBE3D4CFEBE",
+    "2147483648 257 0 FEBE3D4CFEBEFEBE3D4CFEBE",
+    "2147483648, , 1 FEBE3D4CFEBEFEBE3D4CFEBE",
+    "2147483648 0 257 FEBE3D4CFEBEFEBE3D4CFEBE",
+    "2147483648 0 0 FEBE3D4CFEBEFEBE3D4CFE",
+    "2147483648 0 1 FEBE3D4CE2EC2FFA4BA99D46CD69D6D29711E55217057BEEFEBE3D4CE2EC2FFA4BA99D46CD69D6D29711E55217057B",
+    "2147483648 0 1 FEBE3D4CE2EC2FFA4BA99D46CD69D6D29711E55217057BEEFEBE3D4CE2EC2FFA4BA99D46CD69D6D29711E55217057BEEFF",
+    "2147483648 0 2 FEBE3D4CE2EC2FFA4BA99D46CD69D6D29711E55217057BEEFEBE3D4CFEBE3D4CFEBE3D4CE2EC2FFA4BA99D46CD69D6D29711E55217057BEEFEBE3D4CFEBE3D",
+    "2147483648 0 2 FEBE3D4CE2EC2FFA4BA99D46CD69D6D29711E55217057BEEFEBE3D4CFEBE3D4CFEBE3D4CE2EC2FFA4BA99D46CD69D6D29711E55217057BEEFEBE3D4CFEBE3D4C5D",
+  })
+  void testFromRDataFails(String rdata) {
+    assertThrows(
+        TextParseException.class,
+        () -> Record.fromString(Name.root, Type.ZONEMD, DClass.IN, 3600, rdata, Name.root));
+  }
+}
diff --git a/src/test/java/org/xbill/DNS/ZoneStressTest.java b/src/test/java/org/xbill/DNS/ZoneStressTest.java
new file mode 100644
index 000000000..3467f3105
--- /dev/null
+++ b/src/test/java/org/xbill/DNS/ZoneStressTest.java
@@ -0,0 +1,246 @@
+// SPDX-License-Identifier: BSD-3-Clause
+package org.xbill.DNS;
+
+import static org.openjdk.jcstress.annotations.Expect.ACCEPTABLE;
+import static org.openjdk.jcstress.annotations.Expect.ACCEPTABLE_INTERESTING;
+import static org.openjdk.jcstress.annotations.Expect.FORBIDDEN;
+
+import java.net.InetAddress;
+import java.util.List;
+import java.util.stream.Collectors;
+import lombok.SneakyThrows;
+import org.junit.jupiter.api.Disabled;
+import org.junit.jupiter.api.Tag;
+import org.junit.jupiter.api.Test;
+import org.openjdk.jcstress.Main;
+import org.openjdk.jcstress.annotations.Actor;
+import org.openjdk.jcstress.annotations.Arbiter;
+import org.openjdk.jcstress.annotations.Description;
+import org.openjdk.jcstress.annotations.JCStressTest;
+import org.openjdk.jcstress.annotations.Outcome;
+import org.openjdk.jcstress.annotations.State;
+import org.openjdk.jcstress.infra.results.II_Result;
+import org.openjdk.jcstress.infra.results.L_Result;
+
+class ZoneStressTest {
+  @Test
+  @Disabled("Too expensive to always run")
+  @Tag("concurrency")
+  void runZoneConcurrentReadStressTest() throws Exception {
+    // IntelliJ doesn't properly run the JCStress' annotation processor,
+    // use Maven to compile (and disable build-before-run)
+    Main.main(
+        new String[] {"-r", "target/jcstress", "-t", ZoneStressTest.class.getSimpleName(), "-v"});
+  }
+
+  public static class ZoneStressTestBase {
+    protected final Name zoneName;
+    protected final Zone zone;
+    protected final ARecord A1;
+    protected final ARecord A2_1;
+    protected final ARecord A2_2;
+    protected final Name mxName;
+    protected final InetAddress localhost4_1;
+    protected final InetAddress localhost4_2;
+    protected final InetAddress localhost4_3;
+
+    @SneakyThrows
+    public ZoneStressTestBase() {
+      zoneName = Name.fromConstantString("example.");
+      mxName = new Name("mx", zoneName);
+      SOARecord SOA1 =
+          new SOARecord(
+              zoneName,
+              DClass.IN,
+              3600L,
+              Name.fromConstantString("nameserver."),
+              new Name("hostadmin", zoneName),
+              1,
+              21600L,
+              7200L,
+              2160000L,
+              3600L);
+      NSRecord NS1 =
+          new NSRecord(zoneName, DClass.IN, 300L, Name.fromConstantString("nameserver1."));
+
+      localhost4_1 = InetAddress.getByName("127.0.0.1");
+      localhost4_2 = InetAddress.getByName("127.0.0.2");
+      localhost4_3 = InetAddress.getByName("127.0.0.3");
+      A1 = new ARecord(new Name("test1", zoneName), DClass.IN, 3600, localhost4_1);
+      A2_1 = new ARecord(new Name("test2", zoneName), DClass.IN, 3600, localhost4_2);
+      A2_2 = new ARecord(new Name("test2", zoneName), DClass.IN, 3600, localhost4_3);
+
+      Record[] zoneRecords =
+          new Record[] {
+            SOA1, NS1, A1, A2_1, A2_2,
+          };
+      zone = new Zone(zoneName, zoneRecords);
+    }
+  }
+
+  @JCStressTest
+  @Description("Test concurrent writes to the same RRset")
+  @Outcome(
+      id = {"10, 20", "20, 10"},
+      expect = ACCEPTABLE)
+  @Outcome(expect = FORBIDDEN, desc = "Other cases are forbidden.")
+  @State
+  public static class Write extends ZoneStressTestBase {
+    @Actor
+    public void writer1() {
+      zone.addRecord(new MXRecord(mxName, DClass.IN, 3600, 10, A1.getName()));
+    }
+
+    @Actor
+    public void writer2() {
+      zone.addRecord(new MXRecord(mxName, DClass.IN, 3600, 20, A2_1.getName()));
+    }
+
+    @Arbiter
+    public void reader(II_Result r) {
+      r.r1 = poll(0);
+      r.r2 = poll(1);
+    }
+
+    private int poll(int index) {
+      List<Record> rrs = zone.findExactMatch(mxName, Type.MX).rrs(false);
+      return rrs.size() > index ? ((MXRecord) rrs.get(index)).getPriority() : -1;
+    }
+  }
+
+  @JCStressTest
+  @Description("Test concurrent add/read to the same RRset")
+  @Outcome(
+      id = {"[127.0.0.1]", "[127.0.0.1, 127.0.0.2]"},
+      expect = ACCEPTABLE)
+  @Outcome(
+      id = {"[127.0.0.2, 127.0.0.1]"},
+      expect = ACCEPTABLE_INTERESTING)
+  @Outcome(expect = FORBIDDEN, desc = "Other cases are forbidden.")
+  @State
+  public static class AddRead extends ZoneStressTestBase {
+    @Actor
+    public void writer() {
+      zone.addRecord(new ARecord(A1.getName(), DClass.IN, 3600, localhost4_2));
+    }
+
+    @Actor
+    public void reader(L_Result r) {
+      r.r1 =
+          zone.findExactMatch(A1.getName(), Type.A).rrs(false).stream()
+              .map(record -> ((ARecord) record).getAddress().getHostAddress())
+              .collect(Collectors.toList());
+    }
+  }
+
+  @JCStressTest
+  @Description("Test concurrent remove/read to the same RRset")
+  @Outcome(
+      id = {"[127.0.0.3]", "[127.0.0.2, 127.0.0.3]"},
+      expect = ACCEPTABLE)
+  @Outcome(expect = FORBIDDEN, desc = "Other cases are forbidden.")
+  @State
+  public static class RemoveRead extends ZoneStressTestBase {
+    @Actor
+    public void writer() {
+      zone.removeRecord(A2_1);
+    }
+
+    @Actor
+    public void reader(L_Result r) {
+      r.r1 =
+          zone.findExactMatch(A2_1.getName(), Type.A).rrs(false).stream()
+              .map(record -> ((ARecord) record).getAddress().getHostAddress())
+              .collect(Collectors.toList());
+    }
+  }
+
+  @JCStressTest
+  @Description("Test concurrent add/read to a new RRset")
+  @Outcome(
+      id = {"1, -1", "1, 1"},
+      expect = ACCEPTABLE)
+  @Outcome(expect = FORBIDDEN, desc = "Other cases are forbidden.")
+  @State
+  public static class AddReadDifferentRRset extends ZoneStressTestBase {
+    private final Name testName;
+
+    @SneakyThrows
+    public AddReadDifferentRRset() {
+      testName = new Name("test", zoneName);
+    }
+
+    @Actor
+    public void writer() {
+      zone.addRecord(new ARecord(testName, DClass.IN, 3600, localhost4_1));
+    }
+
+    @Actor
+    public void reader(II_Result r) {
+      r.r1 = poll(A1.getName());
+      r.r2 = poll(testName);
+    }
+
+    private int poll(Name name) {
+      RRset rrs = zone.findExactMatch(name, Type.A);
+      return rrs != null ? rrs.size() : -1;
+    }
+  }
+
+  @JCStressTest
+  @Description("Test concurrent add and iteration")
+  @Outcome(
+      id = {"4, -1", "5, 1"},
+      expect = ACCEPTABLE)
+  @Outcome(expect = FORBIDDEN, desc = "Other cases are forbidden.")
+  @State
+  public static class AddNewRRsetAndIterate extends ZoneStressTestBase {
+    private final Name testName;
+
+    @SneakyThrows
+    public AddNewRRsetAndIterate() {
+      testName = new Name("test", zoneName);
+    }
+
+    @Actor
+    public void writer() {
+      zone.addRecord(new ARecord(testName, DClass.IN, 3600, localhost4_1));
+    }
+
+    @Actor
+    public void reader(II_Result r) {
+      r.r2 = -1;
+      for (RRset rr : zone) {
+        r.r1++;
+        if (rr.getName().equals(testName)) {
+          r.r2 = rr.size();
+        }
+      }
+    }
+  }
+
+  @JCStressTest
+  @Description("Test concurrent add and iteration")
+  @Outcome(
+      id = {"4, 1", "4, 2"},
+      expect = ACCEPTABLE)
+  @Outcome(expect = FORBIDDEN, desc = "Other cases are forbidden.")
+  @State
+  public static class AddToRRsetAndIterate extends ZoneStressTestBase {
+    @Actor
+    public void writer() {
+      zone.addRecord(new ARecord(A1.getName(), DClass.IN, 3600, localhost4_2));
+    }
+
+    @Actor
+    public void reader(II_Result r) {
+      r.r2 = -1;
+      for (RRset rr : zone) {
+        r.r1++;
+        if (rr.getName().equals(A1.getName())) {
+          r.r2 = rr.size();
+        }
+      }
+    }
+  }
+}
diff --git a/src/test/java/org/xbill/DNS/ZoneTest.java b/src/test/java/org/xbill/DNS/ZoneTest.java
index bd39e9039..e31517416 100644
--- a/src/test/java/org/xbill/DNS/ZoneTest.java
+++ b/src/test/java/org/xbill/DNS/ZoneTest.java
@@ -1,113 +1,706 @@
 // SPDX-License-Identifier: BSD-3-Clause
 package org.xbill.DNS;
 
+import static org.assertj.core.api.Assertions.assertThat;
+import static org.assertj.core.api.Assertions.assertThatThrownBy;
+import static org.junit.jupiter.api.Assertions.assertDoesNotThrow;
 import static org.junit.jupiter.api.Assertions.assertEquals;
+import static org.junit.jupiter.api.Assertions.assertNotNull;
+import static org.junit.jupiter.api.Assertions.assertNull;
+import static org.junit.jupiter.api.Assertions.assertThrows;
 import static org.junit.jupiter.api.Assertions.assertTrue;
 
+import java.io.ByteArrayInputStream;
+import java.io.ByteArrayOutputStream;
 import java.io.IOException;
+import java.io.ObjectInputStream;
+import java.io.ObjectOutputStream;
 import java.net.InetAddress;
 import java.util.Collections;
+import java.util.Iterator;
 import java.util.List;
+import java.util.NoSuchElementException;
 import java.util.stream.Collectors;
 import java.util.stream.Stream;
+import org.junit.jupiter.api.BeforeEach;
 import org.junit.jupiter.api.Test;
 
 class ZoneTest {
-  private static final ARecord A_TEST;
-  private static final AAAARecord AAAA_1_TEST;
-  private static final AAAARecord AAAA_2_TEST;
-  private static final ARecord A_WILD;
-  private static final TXTRecord TXT_WILD;
-  private static final Zone ZONE;
-
-  static {
-    try {
-      Name nameZone = new Name("example.");
-      InetAddress localhost4 = InetAddress.getByName("127.0.0.1");
-      InetAddress localhost6a = InetAddress.getByName("::1");
-      InetAddress localhost6b = InetAddress.getByName("::2");
-      A_TEST = new ARecord(new Name("test", nameZone), DClass.IN, 3600, localhost4);
-      AAAA_1_TEST = new AAAARecord(new Name("test", nameZone), DClass.IN, 3600, localhost6a);
-      AAAA_2_TEST = new AAAARecord(new Name("test", nameZone), DClass.IN, 3600, localhost6b);
-      A_WILD = new ARecord(new Name("*", nameZone), DClass.IN, 3600, localhost4);
-      TXT_WILD = new TXTRecord(new Name("*", nameZone), DClass.IN, 3600, "sometext");
-
-      Record[] zoneRecords =
-          new Record[] {
-            new SOARecord(
-                nameZone,
-                DClass.IN,
-                3600L,
-                Name.fromConstantString("nameserver."),
-                new Name("hostmaster", nameZone),
-                1,
-                21600L,
-                7200L,
-                2160000L,
-                3600L),
-            new NSRecord(nameZone, DClass.IN, 300L, Name.fromConstantString("nameserver.")),
-            A_TEST,
-            AAAA_1_TEST,
-            AAAA_2_TEST,
-            A_WILD,
-            TXT_WILD,
-          };
-      ZONE = new Zone(nameZone, zoneRecords);
-    } catch (IOException e) {
-      throw new RuntimeException(e);
-    }
+  private Name ZONE_NAME;
+  private SOARecord SOA1;
+  private SOARecord SOA2;
+  private NSRecord NS1;
+  private NSRecord NS2;
+  private ARecord A_UNIQUE;
+  private ARecord A_TEST;
+  private AAAARecord AAAA_1_TEST;
+  private AAAARecord AAAA_2_TEST;
+  private ARecord A_WILD;
+  private TXTRecord TXT_WILD;
+  private Zone ZONE;
+
+  @BeforeEach
+  void beforeEach() throws IOException {
+    ZONE_NAME = Name.fromConstantString("example.");
+    SOA1 =
+        new SOARecord(
+            ZONE_NAME,
+            DClass.IN,
+            3600L,
+            Name.fromConstantString("nameserver."),
+            new Name("hostadmin", ZONE_NAME),
+            1,
+            21600L,
+            7200L,
+            2160000L,
+            3600L);
+    SOA2 =
+        new SOARecord(
+            ZONE_NAME,
+            DClass.IN,
+            3600L,
+            Name.fromConstantString("nameserver."),
+            new Name("zoneadmin", ZONE_NAME),
+            1,
+            21600L,
+            7200L,
+            2160000L,
+            3600L);
+    NS1 = new NSRecord(ZONE_NAME, DClass.IN, 300L, Name.fromConstantString("nameserver1."));
+    NS2 = new NSRecord(ZONE_NAME, DClass.IN, 300L, Name.fromConstantString("nameserver2."));
+
+    InetAddress localhost4 = InetAddress.getByName("127.0.0.1");
+    InetAddress localhost6a = InetAddress.getByName("::1");
+    InetAddress localhost6b = InetAddress.getByName("::2");
+    A_UNIQUE =
+        new ARecord(
+            new Name("unique", ZONE_NAME), DClass.IN, 3600, InetAddress.getByName("127.0.0.3"));
+    A_TEST = new ARecord(new Name("test", ZONE_NAME), DClass.IN, 3600, localhost4);
+    AAAA_1_TEST = new AAAARecord(new Name("test", ZONE_NAME), DClass.IN, 3600, localhost6a);
+    AAAA_2_TEST = new AAAARecord(new Name("test", ZONE_NAME), DClass.IN, 3600, localhost6b);
+    A_WILD =
+        new ARecord(
+            new Name("*.wild", ZONE_NAME), DClass.IN, 3600, InetAddress.getByName("127.0.0.2"));
+    TXT_WILD = new TXTRecord(new Name("*.wild", ZONE_NAME), DClass.IN, 3600, "sometext");
+
+    Record[] zoneRecords =
+        new Record[] {
+          SOA1, NS1, NS2, A_UNIQUE, A_TEST, AAAA_1_TEST, AAAA_2_TEST, A_WILD, TXT_WILD,
+        };
+    ZONE = new Zone(ZONE_NAME, zoneRecords);
+  }
+
+  @Test
+  void exactNameNull() {
+    assertThatThrownBy(() -> ZONE.findExactMatch(null, Type.A))
+        .isInstanceOf(IllegalArgumentException.class)
+        .hasMessageContaining("null");
+    assertThatThrownBy(() -> ZONE.findExactMatch(null, -1))
+        .isInstanceOf(IllegalArgumentException.class)
+        .hasMessageContaining("null");
+    assertThatThrownBy(() -> ZONE.findExactMatch(Name.root, -1))
+        .isInstanceOf(InvalidTypeException.class)
+        .hasMessageContaining("type");
   }
 
   @Test
   void exactNameExistingALookup() {
-    Name testName = Name.fromConstantString("test.example.");
-    SetResponse resp = ZONE.findRecords(testName, Type.A);
+    assertThat(ZONE.findExactMatch(A_TEST.getName(), Type.A)).isNotNull().containsExactly(A_TEST);
+  }
+
+  @Test
+  void exactNameAnyThrow() {
+    Name name = A_TEST.getName();
+    assertThatThrownBy(() -> ZONE.findExactMatch(name, Type.ANY))
+        .isInstanceOf(IllegalArgumentException.class)
+        .hasMessageContaining("type ANY");
+  }
+
+  @Test
+  void findNameExistingALookup() {
+    SetResponse resp = ZONE.findRecords(A_TEST.getName(), Type.A);
     assertEquals(oneRRset(A_TEST), resp.answers());
   }
 
   @Test
-  void exactNameTwoAaaaLookup() {
-    Name testName = Name.fromConstantString("test.example.");
-    SetResponse resp = ZONE.findRecords(testName, Type.AAAA);
+  void findNameNXRRsetLookup() {
+    SetResponse resp = ZONE.findRecords(A_TEST.getName(), Type.TXT);
+    assertEquals(SetResponse.ofType(SetResponseType.NXRRSET), resp);
+  }
+
+  @Test
+  void findNameTwoAaaaLookup() {
+    SetResponse resp = ZONE.findRecords(AAAA_1_TEST.getName(), Type.AAAA);
     assertEquals(oneRRset(AAAA_1_TEST, AAAA_2_TEST), resp.answers());
   }
 
   @Test
-  void exactNameAnyLookup() {
-    Name testName = Name.fromConstantString("test.example.");
-    SetResponse resp = ZONE.findRecords(testName, Type.ANY);
+  void findNameAnyLookup() {
+    SetResponse resp = ZONE.findRecords(A_TEST.getName(), Type.ANY);
     assertTrue(resp.isSuccessful());
     assertEquals(listOf(new RRset(A_TEST), new RRset(AAAA_1_TEST, AAAA_2_TEST)), resp.answers());
   }
 
   @Test
-  void wildNameExistingALookup() {
-    Name testName = Name.fromConstantString("undefined.example.");
+  void findWildNameNull() {
+    assertThatThrownBy(() -> ZONE.findRecords(null, Type.A))
+        .isInstanceOf(IllegalArgumentException.class)
+        .hasMessageContaining("null");
+    assertThatThrownBy(() -> ZONE.findRecords(null, -1))
+        .isInstanceOf(IllegalArgumentException.class)
+        .hasMessageContaining("null");
+    assertThatThrownBy(() -> ZONE.findRecords(Name.root, -1))
+        .isInstanceOf(InvalidTypeException.class)
+        .hasMessageContaining("type");
+  }
+
+  @Test
+  void findWildNameNotSubdomain() {
+    assertThat(ZONE.findRecords(Name.root, Type.A))
+        .isNotNull()
+        .isEqualTo(SetResponse.ofType(SetResponseType.NXDOMAIN));
+  }
+
+  @Test
+  void findWildNameExistingALookup() {
+    Name testName = Name.fromConstantString("undefined.wild.example.");
     SetResponse resp = ZONE.findRecords(testName, Type.A);
-    assertEquals(oneRRset(A_WILD.withName(testName)), resp.answers());
+    assertThat(resp.answers()).containsExactly(new RRset(A_WILD.withName(testName)));
   }
 
   @Test
-  void wildNameExistingTxtLookup() {
-    Name testName = Name.fromConstantString("undefined.example.");
+  void findWildNameExistingTxtLookup() {
+    Name testName = Name.fromConstantString("undefined.wild.example.");
     SetResponse resp = ZONE.findRecords(testName, Type.TXT);
-    assertEquals(oneRRset(TXT_WILD.withName(testName)), resp.answers());
+    assertThat(resp.answers()).containsExactly(new RRset(TXT_WILD.withName(testName)));
   }
 
   @Test
-  void wildNameNonExistingMxLookup() {
-    SetResponse resp = ZONE.findRecords(Name.fromConstantString("undefined.example."), Type.MX);
+  void findWildNameNonExistingMxLookup() {
+    SetResponse resp =
+        ZONE.findRecords(Name.fromConstantString("undefined.wild.example."), Type.MX);
     assertTrue(resp.isNXDOMAIN());
   }
 
   @Test
-  void wildNameAnyLookup() {
-    Name testName = Name.fromConstantString("undefined.example.");
+  void findWildNameAnyLookup() {
+    Name testName = Name.fromConstantString("undefined.wild.example.");
     SetResponse resp = ZONE.findRecords(testName, Type.ANY);
-    assertTrue(resp.isSuccessful());
-    assertEquals(
-        listOf(new RRset(A_WILD.withName(testName)), new RRset(TXT_WILD.withName(testName))),
-        resp.answers());
+    assertThat(resp.isSuccessful()).isTrue();
+    assertThat(resp.answers())
+        .containsExactly(
+            new RRset(A_WILD.withName(testName)), new RRset(TXT_WILD.withName(testName)));
+  }
+
+  @Test
+  void ctorNull() {
+    assertThrows(IllegalArgumentException.class, () -> new Zone(null, (String) null));
+    assertThrows(IllegalArgumentException.class, () -> new Zone(null, (Record[]) null));
+    assertThrows(IllegalArgumentException.class, () -> new Zone(Name.root, (String) null));
+    assertThrows(IllegalArgumentException.class, () -> new Zone(Name.root, (Record[]) null));
+    assertThrows(IllegalArgumentException.class, () -> new Zone(null, "some-file.dns"));
+    assertThrows(IllegalArgumentException.class, () -> new Zone(null, new Record[0]));
+    assertThrows(IllegalArgumentException.class, () -> new Zone(null));
+    assertThrows(IllegalArgumentException.class, () -> new Zone(null, DClass.IN, null));
+    assertThrows(IllegalArgumentException.class, () -> new Zone(Name.root, DClass.IN, null));
+    assertThrows(IllegalArgumentException.class, () -> new Zone(null, DClass.IN, "localhost"));
+    assertThrows(InvalidDClassException.class, () -> new Zone(Name.root, -1, "localhost"));
+  }
+
+  @Test
+  void ctorMissingRecords() {
+    assertThrows(IOException.class, () -> new Zone(Name.root, new Record[0]));
+    assertThrows(IOException.class, () -> new Zone(Name.root, new Record[] {A_TEST}));
+    assertThatThrownBy(() -> new Zone(Name.root, new Record[] {SOA1}))
+        .isInstanceOf(IOException.class)
+        .hasMessageContaining("SOA owner");
+    assertThatThrownBy(() -> new Zone(ZONE_NAME, new Record[] {SOA1, NS1, SOA2}))
+        .isInstanceOf(IOException.class)
+        .hasMessageContaining("exactly 1 SOA");
+    assertThatThrownBy(() -> new Zone(ZONE_NAME, new Record[] {SOA1}))
+        .isInstanceOf(IOException.class)
+        .hasMessageContaining("no NS set");
+  }
+
+  @Test
+  void ctorInputStream() {
+    Zone zone =
+        assertDoesNotThrow(
+            () ->
+                new Zone(
+                    Name.fromConstantString("example.com."),
+                    ZoneTest.class.getResourceAsStream("/zonefileEx2")));
+    assertThat(zone.iterator().hasNext()).isTrue();
+    RRset set = zone.iterator().next();
+    assertThat(set.getType()).isEqualTo(Type.SOA);
+    assertThat(set.rrs(false)).hasSize(1);
+    assertThat(set.sigs()).hasSize(1);
+  }
+
+  @Test
+  void ctorWithoutOrigin() {
+    Zone zone =
+        assertDoesNotThrow(
+            () ->
+                new Zone(
+                    Name.fromConstantString("example.com."),
+                    ZoneTest.class.getResourceAsStream("/zonefileEx3")));
+    assertThat(zone.iterator().hasNext()).isTrue();
+    RRset set = zone.iterator().next();
+    assertThat(set.getType()).isEqualTo(Type.SOA);
+    assertThat(set.rrs(false)).hasSize(1);
+  }
+
+  @Test
+  void addRecord() throws TextParseException {
+    Name n = new Name("something", ZONE_NAME);
+    assertNull(ZONE.findExactMatch(n, Type.A));
+    ZONE.addRecord(A_TEST.withName(n));
+    assertNotNull(ZONE.findExactMatch(n, Type.A));
+  }
+
+  @Test
+  void addRecordExistingName() {
+    Name n = A_TEST.getName();
+    assertNotNull(ZONE.findExactMatch(n, Type.A));
+    assertNull(ZONE.findExactMatch(n, Type.MX));
+    MXRecord mx = new MXRecord(n, DClass.IN, 3600, 1, Name.root);
+    ZONE.addRecord(mx);
+    assertThat(ZONE.findExactMatch(n, Type.MX)).isNotNull().containsExactly(mx);
+  }
+
+  @Test
+  void addRecordExistingSet() {
+    Name n = A_TEST.getName();
+    assertThat(ZONE.findExactMatch(n, Type.A)).isNotNull().containsExactly(A_TEST);
+    ARecord a2 = new ARecord(n, DClass.IN, 3600, new byte[4]);
+    ZONE.addRecord(a2);
+    assertThat(ZONE.findExactMatch(n, Type.A)).isNotNull().containsExactly(A_TEST, a2);
+  }
+
+  @Test
+  void addRecordExistingSetOneType() {
+    assertThat(ZONE.findExactMatch(A_UNIQUE.getName(), Type.A))
+        .isNotNull()
+        .containsExactly(A_UNIQUE);
+    // Add a different record, testing that it was added to the existing set
+    ARecord a2 = new ARecord(A_UNIQUE.getName(), DClass.IN, 3600, new byte[4]);
+    assertDoesNotThrow(() -> ZONE.addRecord(a2));
+    assertThat(ZONE.findExactMatch(A_UNIQUE.getName(), Type.A))
+        .isNotNull()
+        .containsExactly(A_UNIQUE, a2);
+  }
+
+  @Test
+  void removeRecord() {
+    assertNotNull(ZONE.findExactMatch(A_TEST.getName(), Type.A));
+    ZONE.removeRecord(A_TEST);
+    assertNull(ZONE.findExactMatch(A_TEST.getName(), Type.A));
+  }
+
+  @Test
+  void addRRset() throws TextParseException {
+    Name n = new Name("something", ZONE_NAME);
+    assertNull(ZONE.findExactMatch(n, Type.A));
+    ZONE.addRRset(new RRset(A_TEST.withName(n)));
+    assertNotNull(ZONE.findExactMatch(n, Type.A));
+  }
+
+  @Test
+  void addRRsetExistingName() {
+    Name n = A_TEST.getName();
+    assertNotNull(ZONE.findExactMatch(n, Type.A));
+    assertNull(ZONE.findExactMatch(n, Type.MX));
+    MXRecord mx = new MXRecord(n, DClass.IN, 3600, 1, Name.root);
+    ZONE.addRRset(new RRset(mx));
+    assertThat(ZONE.findExactMatch(n, Type.MX)).isNotNull().containsExactly(mx);
+  }
+
+  @Test
+  void addRRsetExistingSet() {
+    Name n = A_TEST.getName();
+    assertThat(ZONE.findExactMatch(n, Type.A)).isNotNull().containsExactly(A_TEST);
+    ARecord a2 = new ARecord(n, DClass.IN, 3600, new byte[4]);
+    ZONE.addRRset(new RRset(a2));
+    assertThat(ZONE.findExactMatch(n, Type.A)).isNotNull().containsExactly(a2);
+  }
+
+  @Test
+  void addRRsetExistingSetOneType() {
+    assertThat(ZONE.findExactMatch(A_UNIQUE.getName(), Type.A))
+        .isNotNull()
+        .containsExactly(A_UNIQUE);
+
+    // Add a new set with a different record, testing that it replaced the existing set
+    ARecord a2 = new ARecord(A_UNIQUE.getName(), DClass.IN, 3600, new byte[4]);
+    assertDoesNotThrow(() -> ZONE.addRRset(new RRset(a2)));
+    assertThat(ZONE.findExactMatch(A_UNIQUE.getName(), Type.A)).isNotNull().containsExactly(a2);
+  }
+
+  @Test
+  void addRecordNull() {
+    assertThatThrownBy(() -> ZONE.addRecord(null))
+        .isInstanceOf(IllegalArgumentException.class)
+        .hasMessageContaining("null");
+  }
+
+  @Test
+  void addRRsetNull() {
+    assertThatThrownBy(() -> ZONE.addRRset(null))
+        .isInstanceOf(IllegalArgumentException.class)
+        .hasMessageContaining("null");
+  }
+
+  @Test
+  void addRecordOutOfZone() {
+    Record arecord = A_TEST.withName(Name.root);
+    assertThatThrownBy(() -> ZONE.addRecord(arecord))
+        .isInstanceOf(IllegalArgumentException.class)
+        .hasMessageContaining("subdomain");
+  }
+
+  @Test
+  void addRRsetOutOfZone() {
+    RRset aset = new RRset(A_TEST.withName(Name.root));
+    assertThatThrownBy(() -> ZONE.addRRset(aset))
+        .isInstanceOf(IllegalArgumentException.class)
+        .hasMessageContaining("subdomain");
+  }
+
+  @Test
+  void addSOARecordNewName() {
+    SOARecord newSoa = (SOARecord) SOA2.withName(Name.root);
+    assertThatThrownBy(() -> ZONE.addRecord(newSoa))
+        .isInstanceOf(IllegalArgumentException.class)
+        .hasMessageContaining("SOA owner");
+  }
+
+  @Test
+  void addSOARRsetNewName() {
+    SOARecord newSoa = (SOARecord) SOA2.withName(Name.root);
+    RRset soaSet = new RRset(newSoa);
+    assertThatThrownBy(() -> ZONE.addRRset(soaSet))
+        .isInstanceOf(IllegalArgumentException.class)
+        .hasMessageContaining("SOA owner");
+  }
+
+  @Test
+  void addSOARecordReplaceExisting() {
+    ZONE.addRecord(SOA2);
+    RRset soa = ZONE.findExactMatch(ZONE_NAME, Type.SOA);
+    assertThat(ZONE.getSOA()).isEqualTo(SOA2);
+    assertThat(soa).isNotNull().containsExactly(SOA2);
+  }
+
+  @Test
+  void addSOARRsetReplaceExisting() {
+    ZONE.addRRset(new RRset(SOA2));
+    RRset soa = ZONE.findExactMatch(ZONE_NAME, Type.SOA);
+    assertThat(soa).isNotNull();
+    assertThat(soa.size()).isEqualTo(1);
+    assertThat(soa.first()).isEqualTo(ZONE.getSOA()).isEqualTo(SOA2);
+  }
+
+  @Test
+  void addSOARRsetCheckSize() {
+    RRset soaSet = new RRset(SOA1, SOA2);
+    assertThatThrownBy(() -> ZONE.addRRset(soaSet))
+        .isInstanceOf(IllegalArgumentException.class)
+        .hasMessageContaining("exactly 1 SOA");
+    assertThat(ZONE.getSOA()).isNotNull().isEqualTo(SOA1);
+  }
+
+  @Test
+  void removeSOARecord() {
+    SOARecord soa = ZONE.getSOA();
+    assertThatThrownBy(() -> ZONE.removeRecord(soa))
+        .isInstanceOf(IllegalArgumentException.class)
+        .hasMessageContaining("remove SOA");
+    RRset soaSet = ZONE.findExactMatch(ZONE_NAME, Type.SOA);
+    assertThat(soaSet).isNotNull().containsExactly(ZONE.getSOA());
+  }
+
+  @Test
+  void removeRecordNull() {
+    assertThatThrownBy(() -> ZONE.removeRecord(null))
+        .isInstanceOf(IllegalArgumentException.class)
+        .hasMessageContaining("null");
+  }
+
+  @Test
+  void removeRecordNonExisting() throws TextParseException {
+    Name n = new Name("some", ZONE_NAME);
+    RRset some = ZONE.findExactMatch(n, Type.DS);
+    assertThat(some).isNull();
+    assertDoesNotThrow(() -> ZONE.removeRecord(Record.newRecord(n, Type.DS, DClass.IN, 3600)));
+  }
+
+  @Test
+  void removeRecordUniqueType() {
+    RRset some = ZONE.findExactMatch(A_UNIQUE.getName(), Type.A);
+    assertThat(some).isNotNull();
+    assertDoesNotThrow(() -> ZONE.removeRecord(A_UNIQUE));
+    assertThat(ZONE.findExactMatch(A_UNIQUE.getName(), Type.A)).isNull();
+  }
+
+  @Test
+  void removeRecordNs() {
+    RRset nsSet = ZONE.findExactMatch(ZONE_NAME, Type.NS);
+    assertThat(nsSet).containsExactly(NS1, NS2);
+    ZONE.removeRecord(NS1);
+    nsSet = ZONE.findExactMatch(ZONE_NAME, Type.NS);
+    assertThat(nsSet).containsExactly(NS2);
+    assertThatThrownBy(() -> ZONE.removeRecord(NS2))
+        .isInstanceOf(IllegalArgumentException.class)
+        .hasMessageContaining("all NS");
+    nsSet = ZONE.findExactMatch(ZONE_NAME, Type.NS);
+    assertThat(nsSet).containsExactly(NS2);
+  }
+
+  @Test
+  void removeRRsetNull() {
+    assertThatThrownBy(() -> ZONE.removeRRset(null, Type.A))
+        .isInstanceOf(IllegalArgumentException.class)
+        .hasMessageContaining("null");
+    assertThatThrownBy(() -> ZONE.removeRRset(null, -1))
+        .isInstanceOf(IllegalArgumentException.class)
+        .hasMessageContaining("null");
+    assertThatThrownBy(() -> ZONE.removeRRset(Name.root, -1))
+        .isInstanceOf(InvalidTypeException.class);
+  }
+
+  @Test
+  void removeRRsetNotExisting() throws TextParseException {
+    Name n = new Name("some", ZONE_NAME);
+    RRset some = ZONE.findExactMatch(n, Type.DS);
+    assertThat(some).isNull();
+    assertDoesNotThrow(() -> ZONE.removeRRset(n, Type.DS));
+  }
+
+  @Test
+  void removeRRsetMultiple() throws TextParseException {
+    Name n = new Name("*.wild", ZONE_NAME);
+    assertThat(ZONE.findExactMatch(n, Type.A)).isNotNull();
+    assertThat(ZONE.findExactMatch(n, Type.TXT)).isNotNull();
+    assertDoesNotThrow(() -> ZONE.removeRRset(n, Type.TXT));
+    assertThat(ZONE.findExactMatch(n, Type.A)).isNotNull();
+    assertThat(ZONE.findExactMatch(n, Type.TXT)).isNull();
+  }
+
+  @Test
+  void removeSOARRset() {
+    assertThatThrownBy(() -> ZONE.removeRRset(ZONE_NAME, Type.SOA))
+        .isInstanceOf(IllegalArgumentException.class)
+        .hasMessageContaining("remove SOA");
+    assertThat(ZONE.findExactMatch(ZONE_NAME, Type.SOA)).isNotNull().containsExactly(SOA1);
+    assertThat(ZONE.getSOA()).isNotNull();
+  }
+
+  @Test
+  void removeNSRRset() {
+    assertThatThrownBy(() -> ZONE.removeRRset(ZONE_NAME, Type.NS))
+        .isInstanceOf(IllegalArgumentException.class)
+        .hasMessageContaining("remove all NS");
+    assertThat(ZONE.findExactMatch(ZONE_NAME, Type.NS)).isNotNull();
+    assertThat(ZONE.getNS()).isNotNull().containsExactly(NS1, NS2);
+  }
+
+  @Test
+  void removeRRsetUniqueType() {
+    assertThat(ZONE.findExactMatch(A_UNIQUE.getName(), Type.A)).isNotNull();
+    assertDoesNotThrow(() -> ZONE.removeRRset(A_UNIQUE.getName(), Type.A));
+    assertThat(ZONE.findExactMatch(A_UNIQUE.getName(), Type.A)).isNull();
+  }
+
+  @Test
+  void removeRRsetUniqueTypeNonExisting() {
+    assertThat(ZONE.findExactMatch(A_UNIQUE.getName(), Type.A)).isNotNull();
+    assertDoesNotThrow(() -> ZONE.removeRRset(A_UNIQUE.getName(), Type.MX));
+    assertThat(ZONE.findExactMatch(A_UNIQUE.getName(), Type.A)).isNotNull();
+  }
+
+  @Test
+  void getNsReturnsSetCopyOfNs() {
+    RRset nsSet = ZONE.getNS();
+    assertThat(nsSet).containsExactly(NS1, NS2);
+    nsSet.deleteRR(nsSet.first());
+    assertThat(nsSet).hasSize(1).containsExactly(NS2);
+    assertThat(ZONE.getNS().rrs(false)).hasSize(2).containsExactly(NS1, NS2);
+  }
+
+  @Test
+  void removeAllTypes() {
+    Name n = A_TEST.getName();
+    assertThat(n).isEqualTo(AAAA_1_TEST.getName());
+    assertDoesNotThrow(() -> ZONE.removeRRset(n, Type.A));
+    assertThat(ZONE.findExactMatch(n, Type.A)).isNull();
+    assertDoesNotThrow(() -> ZONE.removeRRset(n, Type.AAAA));
+    assertThat(ZONE.findExactMatch(n, Type.AAAA)).isNull();
+    SetResponse any = assertDoesNotThrow(() -> ZONE.findRecords(n, Type.ANY));
+    assertThat(any).isNotNull();
+    assertThat(any.isNXDOMAIN()).isTrue();
+  }
+
+  @Test
+  void iteratorHasAllInOrder() {
+    assertThat(ZONE)
+        .hasSize(7)
+        .containsExactly(
+            new RRset(SOA1),
+            new RRset(NS1, NS2),
+            new RRset(A_TEST),
+            new RRset(AAAA_1_TEST, AAAA_2_TEST),
+            new RRset(A_UNIQUE),
+            new RRset(A_WILD),
+            new RRset(TXT_WILD));
+  }
+
+  @Test
+  void iteratorHasAllInOrderWithNamesAtOrigin() {
+    MXRecord mx = new MXRecord(ZONE_NAME, DClass.IN, 3600, 1, A_TEST.getName());
+    ZONE.addRecord(mx);
+    assertThat(ZONE)
+        .hasSize(8)
+        .containsExactly(
+            new RRset(SOA1),
+            new RRset(NS1, NS2),
+            new RRset(mx),
+            new RRset(A_TEST),
+            new RRset(AAAA_1_TEST, AAAA_2_TEST),
+            new RRset(A_UNIQUE),
+            new RRset(A_WILD),
+            new RRset(TXT_WILD));
+  }
+
+  @Test
+  void iteratorHasAllInOrderWithNamesAtOriginForAXFR() {
+    MXRecord mx = new MXRecord(ZONE_NAME, DClass.IN, 3600, 1, A_TEST.getName());
+    ZONE.addRecord(mx);
+    assertThat(ZONE.AXFR())
+        .toIterable()
+        .hasSize(9)
+        .containsExactly(
+            new RRset(SOA1),
+            new RRset(NS1, NS2),
+            new RRset(mx),
+            new RRset(A_TEST),
+            new RRset(AAAA_1_TEST, AAAA_2_TEST),
+            new RRset(A_UNIQUE),
+            new RRset(A_WILD),
+            new RRset(TXT_WILD),
+            new RRset(SOA1));
+  }
+
+  @Test
+  void iteratorHasAllInOrderOrignOnly() throws IOException {
+    assertThat(new Zone(ZONE_NAME, SOA1, NS1, NS2))
+        .hasSize(2)
+        .containsExactly(new RRset(SOA1), new RRset(NS1, NS2));
+  }
+
+  @Test
+  void iteratorReturnsSetCopyOfSoa() {
+    RRset soaSet = ZONE.iterator().next();
+    assertThat(soaSet).containsExactly(SOA1);
+    soaSet.deleteRR(soaSet.first());
+    assertThat(ZONE.getSOA()).isNotNull();
+  }
+
+  @Test
+  void iteratorReturnsSetCopyOfNs() {
+    Iterator<RRset> it = ZONE.iterator();
+    it.next(); // Skip SOA
+    RRset nsSet = it.next();
+    assertThat(nsSet).containsExactly(NS1, NS2);
+    nsSet.deleteRR(nsSet.first());
+    assertThat(nsSet).hasSize(1).containsExactly(NS2);
+    assertThat(ZONE.getNS().rrs(false)).hasSize(2).containsExactly(NS1, NS2);
+  }
+
+  @Test
+  void iteratorReturnsSetCopy() {
+    Iterator<RRset> it = ZONE.iterator();
+    it.next(); // Skip SOA
+    it.next(); // Skip NS
+    RRset aSet = it.next();
+    assertThat(aSet).containsExactly(A_TEST);
+    aSet.deleteRR(aSet.first());
+    assertThat(aSet).isEmpty();
+    assertThat(ZONE.findExactMatch(A_TEST.getName(), Type.A)).hasSize(1);
+  }
+
+  @Test
+  void iteratorRemoveSOAFails() {
+    Iterator<RRset> iterator = ZONE.iterator();
+    assertThat(iterator).isNotNull();
+    assertThat(iterator.hasNext()).isTrue();
+    assertThat(iterator.next()).isEqualTo(new RRset(ZONE.getSOA()));
+    assertThatThrownBy(iterator::remove).hasMessageContaining("remove SOA");
+  }
+
+  @Test
+  void iteratorRemoveAxfrSOAFails() {
+    Iterator<RRset> iterator = ZONE.AXFR();
+    while (iterator.hasNext()) {
+      iterator.next();
+    }
+
+    assertThatThrownBy(iterator::remove).hasMessageContaining("remove SOA");
+  }
+
+  @Test
+  void iteratorRemoveNSFails() {
+    Iterator<RRset> iterator = ZONE.iterator();
+    assertThat(iterator).isNotNull();
+    assertThat(iterator.hasNext()).isTrue();
+    assertThat(iterator.next()).isEqualTo(new RRset(ZONE.getSOA()));
+    assertThat(iterator.hasNext()).isTrue();
+    assertThat(iterator.next()).isEqualTo(ZONE.getNS());
+    assertThatThrownBy(iterator::remove).hasMessageContaining("remove all NS");
+  }
+
+  @Test
+  void iteratorRemoveNoNextFails() {
+    assertThatThrownBy(ZONE.iterator()::remove)
+        .isInstanceOf(IllegalStateException.class)
+        .hasMessageContaining("Not at");
+  }
+
+  @Test
+  void iteratorRemoveASucceeds() {
+    Iterator<RRset> it = ZONE.iterator();
+    it.next(); // SOA
+    it.next(); // NS
+    it.next(); // A
+    it.remove();
+    assertThat(ZONE.findExactMatch(A_TEST.getName(), Type.A)).isNull();
+  }
+
+  @Test
+  void iteratorNextAfterLastFails() {
+    Iterator<RRset> iterator = ZONE.iterator();
+    while (iterator.hasNext()) {
+      iterator.next();
+    }
+
+    assertThatThrownBy(iterator::next)
+        .isInstanceOf(NoSuchElementException.class)
+        .hasMessageContaining("No more elements");
+  }
+
+  @Test
+  void isSerializable() throws IOException, ClassNotFoundException {
+    ByteArrayOutputStream oms = new ByteArrayOutputStream();
+    ObjectOutputStream oos = new ObjectOutputStream(oms);
+    oos.writeObject(ZONE);
+    byte[] zoneData = oms.toByteArray();
+    ByteArrayInputStream ims = new ByteArrayInputStream(zoneData);
+    ObjectInputStream ois = new ObjectInputStream(ims);
+    Zone z = (Zone) ois.readObject();
+    assertThat(z.getSOA()).isEqualTo(SOA1);
+    assertThat(z.findExactMatch(ZONE.getOrigin(), Type.SOA)).first().isEqualTo(SOA1);
+    assertDoesNotThrow(
+        () -> z.addRecord(A_TEST.withName(new Name("some-other-name", ZONE.getOrigin()))));
   }
 
   private static List<RRset> listOf(RRset... rrsets) {
diff --git a/src/test/java/org/xbill/DNS/ZoneWithSoaSigTest.java b/src/test/java/org/xbill/DNS/ZoneWithSoaSigTest.java
new file mode 100644
index 000000000..fe68cbe33
--- /dev/null
+++ b/src/test/java/org/xbill/DNS/ZoneWithSoaSigTest.java
@@ -0,0 +1,206 @@
+// SPDX-License-Identifier: BSD-3-Clause
+package org.xbill.DNS;
+
+import static org.assertj.core.api.Assertions.assertThat;
+
+import java.io.IOException;
+import java.nio.charset.StandardCharsets;
+import java.time.Instant;
+import java.util.List;
+import java.util.stream.Collectors;
+import java.util.stream.StreamSupport;
+import org.junit.jupiter.api.Test;
+
+class ZoneWithSoaSigTest {
+  @Test
+  void canParseZoneWithSigs() throws IOException {
+    Name an = Name.fromString("10.in-addr.arpa.");
+    Name host = Name.fromString("z.example.com.");
+    Name secondary = Name.fromString("y.example.com.");
+    Name admin = Name.fromString("dns-ops.example.com.");
+
+    long ttl = 86400;
+    long serial = 2147483749L;
+    long refresh = 1800;
+    long retry = 900;
+    long expire = 691200;
+    long minimum = 10800;
+
+    // dummy set of records for a dummy zone
+    Record[] records =
+        new Record[] {
+          new SOARecord(an, DClass.IN, ttl, host, admin, serial, refresh, retry, expire, minimum),
+          new NSRecord(an, DClass.IN, ttl, host),
+          new NSRecord(an, DClass.IN, ttl, secondary),
+          new DNSKEYRecord(
+              an, DClass.IN, ttl, 256, 3, 5, "dummypublickey".getBytes(StandardCharsets.UTF_8)),
+          new RRSIGRecord(
+              an,
+              DClass.IN,
+              ttl,
+              Type.NS,
+              5,
+              ttl,
+              Instant.now(),
+              Instant.now(),
+              5,
+              an,
+              "dummysig1".getBytes(StandardCharsets.UTF_8)),
+          new RRSIGRecord(
+              an,
+              DClass.IN,
+              ttl,
+              Type.SOA,
+              5,
+              ttl,
+              Instant.now(),
+              Instant.now(),
+              5,
+              an,
+              "dummysig2".getBytes(StandardCharsets.UTF_8))
+        };
+
+    Zone z = new Zone(an, records);
+    List<RRset> rrSets = StreamSupport.stream(z.spliterator(), false).collect(Collectors.toList());
+
+    // there should be 3 RRsets (soa, ns, dskey)
+    assertThat(rrSets).hasSize(3);
+
+    // assert that there is 1 SOA and it is signed
+    List<RRset> allSoaSets =
+        rrSets.stream().filter(r -> r.getType() == Type.SOA).collect(Collectors.toList());
+    assertThat(allSoaSets).hasSize(1);
+    RRset onlySoaSet = allSoaSets.get(0);
+    assertThat(onlySoaSet.rrs()).hasSize(1);
+    assertThat(onlySoaSet.sigs()).hasSize(1);
+
+    // assert that there are 2 nameservers and they are signed
+    List<RRset> allNsSets =
+        rrSets.stream().filter(r -> r.getType() == Type.NS).collect(Collectors.toList());
+    RRset onlyNsSet = allNsSets.get(0);
+    assertThat(onlyNsSet.rrs()).hasSize(2);
+    assertThat(onlyNsSet.sigs()).hasSize(1);
+
+    // assert that there is 1 dskey and it is not signed
+    List<RRset> allKeySets =
+        rrSets.stream().filter(r -> r.getType() == Type.DNSKEY).collect(Collectors.toList());
+    RRset onlyKeySet = allKeySets.get(0);
+    assertThat(onlyKeySet.rrs()).hasSize(1);
+    assertThat(onlyKeySet.sigs()).isEmpty();
+  }
+
+  @Test
+  void canReplaceSoa() throws IOException {
+    Name an = Name.fromString("10.in-addr.arpa.");
+    Name host = Name.fromString("z.example.com.");
+    Name secondary = Name.fromString("y.example.com.");
+    Name admin = Name.fromString("dns-ops.example.com.");
+    Name admin2 = Name.fromString("dns-ops2.example.com.");
+
+    long ttl = 86400;
+    long serial = 2147483749L;
+    long refresh = 1800;
+    long retry = 900;
+    long expire = 691200;
+    long minimum = 10800;
+
+    Record soa =
+        new SOARecord(an, DClass.IN, ttl, host, admin, serial, refresh, retry, expire, minimum);
+    Record soaRrsig =
+        new RRSIGRecord(
+            an,
+            DClass.IN,
+            ttl,
+            Type.SOA,
+            5,
+            ttl,
+            Instant.now(),
+            Instant.now(),
+            5,
+            an,
+            "soa1Sig".getBytes(StandardCharsets.UTF_8));
+
+    // for otherSoa, admin is different than the original
+    Record otherSoa =
+        new SOARecord(an, DClass.IN, ttl, host, admin2, serial, refresh, retry, expire, minimum);
+    // for anotherSoaRrsig sig is different from the original
+    Record anotherSoaRrsig =
+        new RRSIGRecord(
+            an,
+            DClass.IN,
+            ttl,
+            Type.SOA,
+            5,
+            ttl,
+            Instant.now(),
+            Instant.now(),
+            5,
+            an,
+            "soa2sig".getBytes(StandardCharsets.UTF_8));
+
+    Record nsSig =
+        new RRSIGRecord(
+            an,
+            DClass.IN,
+            ttl,
+            Type.NS,
+            5,
+            ttl,
+            Instant.now(),
+            Instant.now(),
+            5,
+            an,
+            "nsSig".getBytes(StandardCharsets.UTF_8));
+
+    // dummy set of records for a dummy zone
+    Record[] records =
+        new Record[] {
+          soa,
+          new NSRecord(an, DClass.IN, ttl, host),
+          new NSRecord(an, DClass.IN, ttl, secondary),
+          new DNSKEYRecord(
+              an, DClass.IN, ttl, 256, 3, 5, "dummypublickey".getBytes(StandardCharsets.UTF_8)),
+          nsSig,
+          soaRrsig
+        };
+
+    Zone z = new Zone(an, records);
+    // replace Soa
+    z.addRecord(otherSoa);
+    // replace RRSig covering Soa
+    z.removeRecord(soaRrsig);
+    z.addRecord(anotherSoaRrsig);
+
+    List<RRset> rrSets = StreamSupport.stream(z.spliterator(), false).collect(Collectors.toList());
+
+    // there should be 3 RRsets (soa, ns, dskey)
+    assertThat(rrSets).hasSize(3);
+
+    // assert that there is 1 SOA and it is signed
+    List<RRset> allSoaSets =
+        rrSets.stream().filter(r -> r.getType() == Type.SOA).collect(Collectors.toList());
+    assertThat(allSoaSets).hasSize(1);
+    RRset onlySoaSet = allSoaSets.get(0);
+    assertThat(onlySoaSet.rrs()).hasSize(1);
+    assertThat(onlySoaSet.sigs()).hasSize(1);
+    // confirm that the SOA was replaced correctly
+    assertThat(((SOARecord) onlySoaSet.rrs().get(0)).getAdmin()).isEqualTo(admin2);
+    // confirm that the RRSig on the SOA was replaced correctly
+    assertThat((onlySoaSet.sigs().get(0)).getSignature())
+        .isEqualTo("soa2sig".getBytes(StandardCharsets.UTF_8));
+
+    // assert that there are 2 nameservers and they are signed
+    List<RRset> allNsSets =
+        rrSets.stream().filter(r -> r.getType() == Type.NS).collect(Collectors.toList());
+    RRset onlyNsSet = allNsSets.get(0);
+    assertThat(onlyNsSet.rrs()).hasSize(2);
+    assertThat(onlyNsSet.sigs()).hasSize(1);
+
+    // assert that there is 1 dskey and it is not signed
+    List<RRset> allKeySets =
+        rrSets.stream().filter(r -> r.getType() == Type.DNSKEY).collect(Collectors.toList());
+    RRset onlyKeySet = allKeySets.get(0);
+    assertThat(onlyKeySet.rrs()).hasSize(1);
+    assertThat(onlyKeySet.sigs()).isEmpty();
+  }
+}
diff --git a/src/test/java/org/xbill/DNS/dnssec/AlwaysOffline.java b/src/test/java/org/xbill/DNS/dnssec/AlwaysOffline.java
new file mode 100644
index 000000000..106a2b4cc
--- /dev/null
+++ b/src/test/java/org/xbill/DNS/dnssec/AlwaysOffline.java
@@ -0,0 +1,11 @@
+// SPDX-License-Identifier: BSD-3-Clause
+package org.xbill.DNS.dnssec;
+
+import java.lang.annotation.ElementType;
+import java.lang.annotation.Retention;
+import java.lang.annotation.RetentionPolicy;
+import java.lang.annotation.Target;
+
+@Retention(value = RetentionPolicy.RUNTIME)
+@Target(value = {ElementType.METHOD})
+public @interface AlwaysOffline {}
diff --git a/src/test/java/org/xbill/DNS/dnssec/Check.java b/src/test/java/org/xbill/DNS/dnssec/Check.java
new file mode 100644
index 000000000..81fa752b6
--- /dev/null
+++ b/src/test/java/org/xbill/DNS/dnssec/Check.java
@@ -0,0 +1,9 @@
+// SPDX-License-Identifier: BSD-3-Clause
+package org.xbill.DNS.dnssec;
+
+import org.xbill.DNS.Message;
+
+class Check {
+  Message query;
+  Message response;
+}
diff --git a/src/test/java/org/xbill/DNS/dnssec/DnsSecVerifierTests.java b/src/test/java/org/xbill/DNS/dnssec/DnsSecVerifierTests.java
new file mode 100644
index 000000000..ce1b628b6
--- /dev/null
+++ b/src/test/java/org/xbill/DNS/dnssec/DnsSecVerifierTests.java
@@ -0,0 +1,147 @@
+// SPDX-License-Identifier: BSD-3-Clause
+package org.xbill.DNS.dnssec;
+
+import static org.junit.jupiter.api.Assertions.assertEquals;
+import static org.junit.jupiter.api.Assertions.assertNull;
+
+import java.security.KeyPair;
+import java.security.KeyPairGenerator;
+import java.security.NoSuchAlgorithmException;
+import java.time.Instant;
+import java.util.Properties;
+import org.junit.jupiter.api.BeforeEach;
+import org.junit.jupiter.params.ParameterizedTest;
+import org.junit.jupiter.params.provider.ValueSource;
+import org.xbill.DNS.ARecord;
+import org.xbill.DNS.DClass;
+import org.xbill.DNS.DNSKEYRecord;
+import org.xbill.DNS.DNSSEC;
+import org.xbill.DNS.ExtendedErrorCodeOption;
+import org.xbill.DNS.Name;
+import org.xbill.DNS.RRset;
+
+public class DnsSecVerifierTests {
+  private final DnsSecVerifier verifier = new DnsSecVerifier(new ValUtils());
+  private final DNSKEYRecord key;
+  private final KeyEntry keyEntry;
+  private final RRset unsigned;
+  private final RRset signed;
+  private final RRset multiSigned;
+  private static final int NUM_RRSIGS = 5;
+
+  DnsSecVerifierTests() throws NoSuchAlgorithmException, DNSSEC.DNSSECException {
+    KeyPairGenerator kpg = KeyPairGenerator.getInstance("RSA");
+    kpg.initialize(2048);
+    KeyPair rsaKeyPair = kpg.generateKeyPair();
+    key =
+        new DNSKEYRecord(
+            Name.root,
+            DClass.IN,
+            3600,
+            DNSKEYRecord.Flags.ZONE_KEY,
+            DNSKEYRecord.Protocol.DNSSEC,
+            DNSSEC.Algorithm.RSASHA256,
+            rsaKeyPair.getPublic());
+    keyEntry = KeyEntry.newKeyEntry(new SRRset(key));
+    unsigned = new RRset(new ARecord(Name.root, DClass.IN, 3600, new byte[4]));
+    signed = new RRset(new ARecord(Name.root, DClass.IN, 3600, new byte[4]));
+    Instant inception = Instant.ofEpochSecond(3600);
+    Instant expiration = Instant.ofEpochSecond(7200);
+    signed.addRR(DNSSEC.sign(signed, key, rsaKeyPair.getPrivate(), inception, expiration));
+
+    multiSigned = new RRset(new ARecord(Name.root, DClass.IN, 3600, new byte[4]));
+    for (int i = 0; i < NUM_RRSIGS; i++) {
+      multiSigned.addRR(
+          DNSSEC.sign(
+              signed,
+              key,
+              rsaKeyPair.getPrivate(),
+              inception.plusSeconds(i),
+              expiration.plusSeconds(1)));
+    }
+  }
+
+  @BeforeEach
+  void beforeEach() {
+    verifier.init(new Properties());
+  }
+
+  @ParameterizedTest
+  @ValueSource(booleans = {false, true})
+  void validateUnsigned(boolean asSet) {
+    JustifiedSecStatus status;
+    if (asSet) {
+      status = verifier.verify(new SRRset(unsigned), keyEntry, Instant.ofEpochSecond(5400));
+    } else {
+      status = verifier.verify(unsigned, key, Instant.ofEpochSecond(5400));
+    }
+
+    assertEquals(SecurityStatus.BOGUS, status.status);
+    assertEquals(ExtendedErrorCodeOption.RRSIGS_MISSING, status.edeReason);
+    assertEquals("validate.bogus.missingsig_named:.:A", status.reason);
+  }
+
+  @ParameterizedTest
+  @ValueSource(booleans = {false, true})
+  void validateValid(boolean asSet) {
+    JustifiedSecStatus status;
+    if (asSet) {
+      status = verifier.verify(new SRRset(signed), keyEntry, Instant.ofEpochSecond(5400));
+    } else {
+      status = verifier.verify(signed, key, Instant.ofEpochSecond(5400));
+    }
+
+    assertEquals(SecurityStatus.SECURE, status.status);
+    assertEquals(-1, status.edeReason);
+    assertNull(status.reason);
+  }
+
+  @ParameterizedTest
+  @ValueSource(booleans = {false, true})
+  void validateNotYetValid(boolean asSet) {
+    JustifiedSecStatus status;
+    if (asSet) {
+      status = verifier.verify(new SRRset(signed), keyEntry, Instant.ofEpochSecond(1800));
+    } else {
+      status = verifier.verify(signed, key, Instant.ofEpochSecond(1800));
+    }
+
+    assertEquals(SecurityStatus.BOGUS, status.status);
+    assertEquals(ExtendedErrorCodeOption.SIGNATURE_NOT_YET_VALID, status.edeReason);
+    assertEquals("dnskey.not_yet_valid", status.reason);
+  }
+
+  @ParameterizedTest
+  @ValueSource(booleans = {false, true})
+  void validateExpired(boolean asSet) {
+    JustifiedSecStatus status;
+    if (asSet) {
+      status = verifier.verify(new SRRset(signed), keyEntry, Instant.ofEpochSecond(8000));
+    } else {
+      status = verifier.verify(signed, key, Instant.ofEpochSecond(8000));
+    }
+
+    assertEquals(SecurityStatus.BOGUS, status.status);
+    assertEquals(ExtendedErrorCodeOption.SIGNATURE_EXPIRED, status.edeReason);
+    assertEquals("dnskey.expired", status.reason);
+  }
+
+  @ParameterizedTest
+  @ValueSource(booleans = {false, true})
+  void validateTooManySignatures(boolean asSet) {
+    // Limit to max. 4 RRsigs
+    Properties config = new Properties();
+    config.put(DnsSecVerifier.MAX_VALIDATE_RRSIGS_PROPERTY, Integer.toString(NUM_RRSIGS - 1));
+    verifier.init(config);
+
+    JustifiedSecStatus status;
+    if (asSet) {
+      status = verifier.verify(new SRRset(multiSigned), keyEntry, Instant.ofEpochSecond(7208));
+    } else {
+      status = verifier.verify(multiSigned, key, Instant.ofEpochSecond(7208));
+    }
+    assertEquals(SecurityStatus.BOGUS, status.status);
+    assertEquals(ExtendedErrorCodeOption.DNSSEC_BOGUS, status.edeReason);
+    assertEquals("validate.bogus.rrsigtoomany:.:A", status.reason);
+  }
+}
diff --git a/src/test/java/org/xbill/DNS/dnssec/MessageReader.java b/src/test/java/org/xbill/DNS/dnssec/MessageReader.java
new file mode 100644
index 000000000..373d438b1
--- /dev/null
+++ b/src/test/java/org/xbill/DNS/dnssec/MessageReader.java
@@ -0,0 +1,87 @@
+// SPDX-License-Identifier: BSD-3-Clause
+package org.xbill.DNS.dnssec;
+
+import java.io.BufferedReader;
+import java.io.ByteArrayInputStream;
+import java.io.IOException;
+import java.io.Reader;
+import org.xbill.DNS.DClass;
+import org.xbill.DNS.Master;
+import org.xbill.DNS.Message;
+import org.xbill.DNS.Name;
+import org.xbill.DNS.Rcode;
+import org.xbill.DNS.Record;
+import org.xbill.DNS.Section;
+import org.xbill.DNS.Type;
+
+class MessageReader {
+  Message readMessage(Reader in) throws IOException {
+    BufferedReader r;
+    if (in instanceof BufferedReader) {
+      r = (BufferedReader) in;
+    } else {
+      r = new BufferedReader(in);
+    }
+
+    Message m = null;
+    String line;
+    int section = 103;
+    while ((line = r.readLine()) != null) {
+      String[] data;
+      if (line.startsWith(";; ->>HEADER<<- ")) {
+        section = 101;
+        m = new Message();
+      } else if (line.startsWith(";; QUESTIONS:")) {
+        section = 102;
+      } else if (line.startsWith(";; ANSWERS:")) {
+        section = Section.ANSWER;
+        line = r.readLine();
+      } else if (line.startsWith(";; AUTHORITY RECORDS:")) {
+        section = Section.AUTHORITY;
+        line = r.readLine();
+      } else if (line.startsWith(";; ADDITIONAL RECORDS:")) {
+        section = 100;
+      } else if (line.startsWith("####")) {
+        return m;
+      } else if (line.startsWith("#")) {
+        continue;
+      }
+
+      switch (section) {
+        case 100: // ignore
+          break;
+
+        case 101: // header
+          section = 100;
+          data = line.substring(";; ->>HEADER<<- ".length()).split(",");
+          m.getHeader().setRcode(Rcode.value(data[1].split(":\\s*")[1]));
+          m.getHeader().setID(Integer.parseInt(data[2].split(":\\s*")[1]));
+          break;
+
+        case 102: // question
+          line = r.readLine();
+          data = line.split(",");
+          Record q =
+              Record.newRecord(
+                  Name.fromString(data[0].replaceAll(";;\\s*", "")),
+                  Type.value(data[1].split("\\s*=\\s*")[1]),
+                  DClass.value(data[2].split("\\s*=\\s*")[1]));
+          m.addRecord(q, Section.QUESTION);
+          section = 100;
+          break;
+
+        default:
+          if (line != null && !line.isEmpty()) {
+            Master ma = new Master(new ByteArrayInputStream(line.getBytes()));
+            Record nextRecord = ma.nextRecord();
+            if (nextRecord != null) {
+              m.addRecord(nextRecord, section);
+            }
+          }
+      }
+    }
+
+    r.close();
+    return m;
+  }
+}
diff --git a/src/test/java/org/xbill/DNS/dnssec/PrepareMocks.java b/src/test/java/org/xbill/DNS/dnssec/PrepareMocks.java
new file mode 100644
index 000000000..05b962bfe
--- /dev/null
+++ b/src/test/java/org/xbill/DNS/dnssec/PrepareMocks.java
@@ -0,0 +1,13 @@
+// SPDX-License-Identifier: BSD-3-Clause
+package org.xbill.DNS.dnssec;
+
+import java.lang.annotation.ElementType;
+import java.lang.annotation.Retention;
+import java.lang.annotation.RetentionPolicy;
+import java.lang.annotation.Target;
+
+@Retention(value = RetentionPolicy.RUNTIME)
+@Target(value = {ElementType.METHOD})
+public @interface PrepareMocks {
+  String value();
+}
diff --git a/src/test/java/org/xbill/DNS/dnssec/RTest.java b/src/test/java/org/xbill/DNS/dnssec/RTest.java
new file mode 100644
index 000000000..711ed326d
--- /dev/null
+++ b/src/test/java/org/xbill/DNS/dnssec/RTest.java
@@ -0,0 +1,49 @@
+// SPDX-License-Identifier: BSD-3-Clause
+package org.xbill.DNS.dnssec;
+
+import static org.junit.jupiter.api.Assertions.assertEquals;
+import static org.mockito.ArgumentMatchers.anyString;
+import static org.mockito.Mockito.mock;
+import static org.mockito.Mockito.when;
+
+import java.util.ResourceBundle;
+import org.junit.jupiter.api.Test;
+import org.mockito.stubbing.Answer;
+
+class RTest {
+  @Test
+  void testCustomResourceBundle() {
+    ResourceBundle rb = mock(ResourceBundle.class);
+    when(rb.getString(anyString()))
+        .then((Answer<String>) invocation -> (String) invocation.getArguments()[0]);
+    R.setUseNeutralMessages(false);
+    R.setBundle(rb);
+    assertEquals("key", R.get("key"));
+    assertEquals("msg 1", R.get("msg {0}", 1));
+  }
+
+  @Test
+  void testExplicitNullBundle() {
+    R.setUseNeutralMessages(true);
+    assertEquals("key", R.get("key"));
+    assertEquals("key:1", R.get("key", 1));
+  }
+
+  @Test
+  void testNormal() {
+    R.setUseNeutralMessages(false);
+    R.setBundle(null);
+    assertEquals("no parameters", R.get("test.noparam"));
+    assertEquals("parameter: abc", R.get("test.withparam", "abc"));
+  }
+
+  @Test
+  void testMissingResource() {
+    R.setUseNeutralMessages(false);
+    R.setBundle(null);
+    assertEquals("test.notthere.noparam", R.get("test.notthere.noparam"));
+    assertEquals("test.notthere.withparam:abc", R.get("test.notthere.withparam", "abc"));
+    assertEquals(
+        "test.notthere.withparam:abc:null:1", R.get("test.notthere.withparam", "abc", null, 1));
+  }
+}
diff --git a/src/test/java/org/xbill/DNS/dnssec/ResolveExample.java b/src/test/java/org/xbill/DNS/dnssec/ResolveExample.java
new file mode 100644
index 000000000..f578f0aef
--- /dev/null
+++ b/src/test/java/org/xbill/DNS/dnssec/ResolveExample.java
@@ -0,0 +1,56 @@
+// SPDX-License-Identifier: BSD-3-Clause
+package org.xbill.DNS.dnssec;
+
+import java.io.ByteArrayInputStream;
+import java.io.IOException;
+import java.nio.charset.StandardCharsets;
+import org.xbill.DNS.DClass;
+import org.xbill.DNS.Flags;
+import org.xbill.DNS.Message;
+import org.xbill.DNS.Name;
+import org.xbill.DNS.RRset;
+import org.xbill.DNS.Rcode;
+import org.xbill.DNS.Record;
+import org.xbill.DNS.Resolver;
+import org.xbill.DNS.Section;
+import org.xbill.DNS.SimpleResolver;
+import org.xbill.DNS.TXTRecord;
+import org.xbill.DNS.Type;
+
+class ResolveExample {
+  static String ROOT =
+      ". IN DS 20326 8 2 E06D44B80B8F1D39A95C0B0D7C65D08458E880409BBC683457104237C7F8EC8D";
+
+  public static void main(String[] args) throws Exception {
+    // Send two sample queries using a standard DNSJAVA resolver
+    SimpleResolver sr = new SimpleResolver("8.8.8.8");
+    System.out.println("Standard resolver:");
+    sendAndPrint(sr, "www.dnssec-failed.org.");
+    sendAndPrint(sr, "www.isc.org.");
+
+    // Send the same queries using the validating resolver with the
+    // trust anchor of the root zone
+    // https://data.iana.org/root-anchors/root-anchors.xml
+    ValidatingResolver vr = new ValidatingResolver(sr);
+    vr.loadTrustAnchors(new ByteArrayInputStream(ROOT.getBytes("ASCII")));
+    vr.loadTrustAnchors(new ByteArrayInputStream(ROOT.getBytes(StandardCharsets.US_ASCII)));
+    System.out.println("\n\nValidating resolver:");
+    sendAndPrint(vr, "www.dnssec-failed.org.");
+    sendAndPrint(vr, "www.isc.org.");
+  }
+
+  private static void sendAndPrint(Resolver vr, String name) throws IOException {
+    System.out.println("\n---" + name);
+    Record qr = Record.newRecord(Name.fromConstantString(name), Type.A, DClass.IN);
+    Message response = vr.send(Message.newQuery(qr));
+    System.out.println("AD-Flag: " + response.getHeader().getFlag(Flags.AD));
+    System.out.println("RCode:   " + Rcode.string(response.getRcode()));
+    for (RRset set : response.getSectionRRsets(Section.ADDITIONAL)) {
+      if (set.getName().equals(Name.root)
+          && set.getType() == Type.TXT
+          && set.getDClass() == ValidatingResolver.VALIDATION_REASON_QCLASS) {
+        System.out.println("Reason:  " + ((TXTRecord) set.first()).getStrings().get(0));
+      }
+    }
+  }
+}
diff --git a/src/test/java/org/xbill/DNS/dnssec/Rpl.java b/src/test/java/org/xbill/DNS/dnssec/Rpl.java
new file mode 100644
index 000000000..ca6bd6c89
--- /dev/null
+++ b/src/test/java/org/xbill/DNS/dnssec/Rpl.java
@@ -0,0 +1,25 @@
+// SPDX-License-Identifier: BSD-3-Clause
+package org.xbill.DNS.dnssec;
+
+import java.time.Instant;
+import java.util.ArrayList;
+import java.util.List;
+import java.util.Map;
+import java.util.TreeMap;
+import org.xbill.DNS.Message;
+
+class Rpl {
+  List<SRRset> trustAnchors = new ArrayList<>(1);
+  Instant date;
+  String scenario;
+  List<Message> replays;
+  Map<Integer, Check> checks;
+  TreeMap<Integer, Integer> nsec3iterations;
+  String digestPreference;
+  boolean hardenAlgoDowngrade;
+  boolean hardenUnknownAdditional = true;
+  boolean enableSha1;
+  boolean enableDsa;
+  boolean loadBouncyCastle;
+  Integer minRsaSize;
+}
diff --git a/src/test/java/org/xbill/DNS/dnssec/RplParser.java b/src/test/java/org/xbill/DNS/dnssec/RplParser.java
new file mode 100644
index 000000000..c2641c81a
--- /dev/null
+++ b/src/test/java/org/xbill/DNS/dnssec/RplParser.java
@@ -0,0 +1,281 @@
+// SPDX-License-Identifier: BSD-3-Clause
+package org.xbill.DNS.dnssec;
+
+import java.io.BufferedReader;
+import java.io.ByteArrayInputStream;
+import java.io.IOException;
+import java.io.InputStream;
+import java.io.InputStreamReader;
+import java.lang.reflect.Field;
+import java.lang.reflect.Method;
+import java.text.ParseException;
+import java.time.LocalDateTime;
+import java.time.ZoneId;
+import java.time.ZoneOffset;
+import java.time.format.DateTimeFormatter;
+import java.time.format.DateTimeFormatterBuilder;
+import java.util.ArrayList;
+import java.util.LinkedList;
+import java.util.List;
+import java.util.TreeMap;
+import org.xbill.DNS.DClass;
+import org.xbill.DNS.DNSSEC;
+import org.xbill.DNS.DNSSEC.Algorithm;
+import org.xbill.DNS.Flags;
+import org.xbill.DNS.Master;
+import org.xbill.DNS.Message;
+import org.xbill.DNS.Name;
+import org.xbill.DNS.RRSIGRecord;
+import org.xbill.DNS.Rcode;
+import org.xbill.DNS.Record;
+import org.xbill.DNS.Section;
+import org.xbill.DNS.TextParseException;
+import org.xbill.DNS.Type;
+
+/** Parser for the RPL unit-test files of unbound. */
+class RplParser {
+  private final InputStream data;
+  private final List<String> algoStrings = new ArrayList<>();
+
+  private enum ParseState {
+    Zero,
+    Server,
+    ENTRY_BEGIN,
+    STEP_QUERY,
+    STEP_CHECK_ANSWER
+  }
+
+  RplParser(InputStream data) {
+    this.data = data;
+    for (Field f : Algorithm.class.getFields()) {
+      this.algoStrings.add(f.getName());
+    }
+  }
+
+  Rpl parse() throws ParseException, IOException {
+    BufferedReader r = new BufferedReader(new InputStreamReader(data));
+    String line;
+    ParseState state = ParseState.Zero;
+    Rpl rpl = new Rpl();
+    Message m = null;
+    int section = -1;
+    int step = -1;
+    Check check = null;
+
+    while ((line = r.readLine()) != null) {
+      // comment or empty
+      if (line.isEmpty() || line.startsWith(";")) {
+        continue;
+      }
+
+      switch (state) {
+        case Zero:
+          if (line.startsWith("server:")) {
+            state = ParseState.Server;
+          } else if (line.startsWith("SCENARIO_BEGIN")) {
+            rpl.scenario = line.substring(line.indexOf(" ")).trim();
+            rpl.replays = new LinkedList<>();
+            rpl.checks = new TreeMap<>();
+          } else if (line.startsWith("ENTRY_BEGIN")) {
+            state = ParseState.ENTRY_BEGIN;
+            m = new Message();
+          } else if (line.startsWith("STEP")) {
+            String[] lineItems = line.split("\\s");
+            step = Integer.parseInt(lineItems[1]);
+            m = new Message();
+            r.readLine();
+            if (lineItems[2].equals("QUERY")) {
+              state = ParseState.STEP_QUERY;
+              check = new Check();
+            } else if (lineItems[2].equals("CHECK_ANSWER")) {
+              state = ParseState.STEP_CHECK_ANSWER;
+            }
+          }
+
+          break;
+
+        case Server:
+          if (line.matches("\\s*trust-anchor:.*")) {
+            SRRset rrset = new SRRset();
+            rrset.setSecurityStatus(SecurityStatus.SECURE);
+            rrset.addRR(parseRecord(line.substring(line.indexOf("\"") + 1, line.length() - 1)));
+            rpl.trustAnchors.add(rrset);
+          } else if (line.matches("\\s*val-min-rsa-size:.*")) {
+            rpl.minRsaSize = Integer.parseInt(line.split(":")[1].trim());
+          } else if (line.matches("\\s*val-override-date:.*")) {
+            String date = line.substring(line.indexOf("\"") + 1, line.length() - 1);
+            DateTimeFormatter formatter =
+                new DateTimeFormatterBuilder()
+                    .appendPattern("yyyyMMddHHmmss")
+                    .toFormatter()
+                    .withZone(ZoneId.of("UTC"));
+            rpl.date = LocalDateTime.parse(date, formatter).toInstant(ZoneOffset.UTC);
+          } else if (line.matches("\\s*val-nsec3-keysize-iterations:.*")) {
+            String[] lineItems =
+                line.substring(line.indexOf("\"") + 1, line.length() - 1).split("\\s");
+            if (lineItems.length % 2 != 0) {
+              throw new ParseException("val-nsec3-keysize-iterations invalid", 0);
+            }
+
+            rpl.nsec3iterations = new TreeMap<>();
+            for (int i = 0; i < lineItems.length; i += 2) {
+              rpl.nsec3iterations.put(
+                  Integer.parseInt(lineItems[i]), Integer.parseInt(lineItems[i + 1]));
+            }
+          } else if (line.matches("\\s*val-digest-preference:.*")) {
+            rpl.digestPreference = line.substring(line.indexOf("\"") + 1, line.length() - 1);
+          } else if (line.matches("\\s*harden-algo-downgrade:.*")) {
+            rpl.hardenAlgoDowngrade = !"no".equalsIgnoreCase(line.split(":")[1].trim());
+          } else if (line.matches("\\s*fake-sha1:.*")) {
+            rpl.enableSha1 = "yes".equalsIgnoreCase(line.split(":")[1].trim());
+          } else if (line.matches("\\s*fake-dsa:.*")) {
+            rpl.enableDsa = "yes".equalsIgnoreCase(line.split(":")[1].trim());
+          } else if (line.matches("\\s*harden-unknown-additional:.*")) {
+            rpl.hardenUnknownAdditional = "yes".equalsIgnoreCase(line.split(":")[1].trim());
+          } else if (line.matches("\\s*bouncycastle:.*")) {
+            rpl.loadBouncyCastle = "yes".equalsIgnoreCase(line.split(":")[1].trim());
+          } else if (line.startsWith("CONFIG_END")) {
+            state = ParseState.Zero;
+          }
+
+          break;
+
+        case ENTRY_BEGIN:
+        case STEP_CHECK_ANSWER:
+        case STEP_QUERY:
+          if (line.startsWith("MATCH") || line.startsWith("ADJUST")) {
+            // ignore
+          } else if (line.startsWith("REPLY")) {
+            String[] flags = line.split("\\s");
+            if (state != ParseState.STEP_QUERY) {
+              m.getHeader().setRcode(Rcode.value(flags[flags.length - 1]));
+            }
+
+            for (int i = 1; i < flags.length - (state == ParseState.STEP_QUERY ? 0 : 1); i++) {
+              if (flags[i].equals("DO")) {
+                // set on the resolver, not on the message
+              } else {
+                int flag = Flags.value(flags[i]);
+                if (flag > -1) {
+                  m.getHeader().setFlag(flag);
+                } else {
+                  throw new ParseException(flags[i] + ": not a Flag", i);
+                }
+              }
+            }
+          } else if (line.startsWith("SECTION QUESTION")) {
+            section = Section.QUESTION;
+          } else if (line.startsWith("SECTION ANSWER")) {
+            section = Section.ANSWER;
+          } else if (line.startsWith("SECTION AUTHORITY")) {
+            section = Section.AUTHORITY;
+          } else if (line.startsWith("SECTION ADDITIONAL")) {
+            section = Section.ADDITIONAL;
+          } else if (line.startsWith("ENTRY_END")) {
+            if (state == ParseState.ENTRY_BEGIN) {
+              rpl.replays.add(m);
+            } else if (state == ParseState.STEP_CHECK_ANSWER) {
+              check.response = m;
+              rpl.checks.put(step, check);
+              check = null;
+            } else if (state == ParseState.STEP_QUERY) {
+              check.query = m;
+            }
+
+            m = null;
+            state = ParseState.Zero;
+          } else {
+            Record rec;
+            if (section == Section.QUESTION) {
+              rec = parseQuestion(line);
+            } else {
+              rec = parseRecord(line);
+            }
+
+            m.addRecord(rec, section);
+          }
+
+          break;
+      }
+    }
+
+    return rpl;
+  }
+
+  private Record parseRecord(String line) throws IOException {
+    try {
+      Master ma = new Master(new ByteArrayInputStream(line.getBytes()), Name.root, 3600);
+      Record r = ma.nextRecord();
+      if (r.getType() == Type.RRSIG) {
+        RRSIGRecord rr = (RRSIGRecord) r;
+        // unbound directly uses the DER format for DSA signatures
+        // instead of the format specified in rfc2536#section-3
+        if (rr.getAlgorithm() == Algorithm.DSA && rr.getSignature().length > 41) {
+          Method dsaSignatureToDNS =
+              DNSSEC.class.getDeclaredMethod(
+                  "dsaSignatureToDNS", byte[].class, int.class, int.class);
+          dsaSignatureToDNS.setAccessible(true);
+          byte[] signature = (byte[]) dsaSignatureToDNS.invoke(null, rr.getSignature(), 20, 0);
+          RRSIGRecord fixed =
+              new RRSIGRecord(
+                  rr.getName(),
+                  rr.getDClass(),
+                  rr.getTTL(),
+                  rr.getTypeCovered(),
+                  rr.getAlgorithm(),
+                  rr.getOrigTTL(),
+                  rr.getExpire(),
+                  rr.getTimeSigned(),
+                  rr.getFootprint(),
+                  rr.getSigner(),
+                  signature);
+          Field f = getField(RRSIGRecord.class, "labels");
+          f.setAccessible(true);
+          f.set(fixed, rr.getLabels());
+          r = fixed;
+        }
+      }
+
+      return r;
+    } catch (Exception ex) {
+      if (ex.getMessage() != null && ex.getMessage().contains("expected an integer")) {
+        String[] lineItems = line.split("\\s");
+        StringBuilder sb = new StringBuilder();
+        for (String lineItem : lineItems) {
+          if (this.algoStrings.contains(lineItem)) {
+            sb.append(Algorithm.value(lineItem));
+          } else {
+            sb.append(lineItem);
+          }
+          sb.append(' ');
+        }
+
+        return parseRecord(sb.toString());
+      } else {
+        throw new IOException(line, ex);
+      }
+    }
+  }
+
+  private static Field getField(Class<?> clazz, String fieldName) throws NoSuchFieldException {
+    try {
+      return clazz.getDeclaredField(fieldName);
+    } catch (NoSuchFieldException e) {
+      Class<?> superClass = clazz.getSuperclass();
+      if (superClass == null) {
+        throw e;
+      } else {
+        return getField(superClass, fieldName);
+      }
+    }
+  }
+
+  private Record parseQuestion(String line) throws TextParseException {
+    String[] temp = line.replaceAll("\\s+", " ").split(" ");
+    if (Type.value(temp[2]) == -1) {
+      System.out.println(temp[2]);
+    }
+
+    return Record.newRecord(Name.fromString(temp[0]), Type.value(temp[2]), DClass.value(temp[1]));
+  }
+}
diff --git a/src/test/java/org/xbill/DNS/dnssec/TestAlgorithmSupport.java b/src/test/java/org/xbill/DNS/dnssec/TestAlgorithmSupport.java
new file mode 100644
index 000000000..99111c2d0
--- /dev/null
+++ b/src/test/java/org/xbill/DNS/dnssec/TestAlgorithmSupport.java
@@ -0,0 +1,143 @@
+// SPDX-License-Identifier: BSD-3-Clause
+package org.xbill.DNS.dnssec;
+
+import static org.junit.jupiter.api.Assertions.assertEquals;
+import static org.junit.jupiter.api.Assertions.assertFalse;
+import static org.junit.jupiter.api.Assertions.assertNull;
+import static org.junit.jupiter.api.Assertions.assertThrows;
+import static org.junit.jupiter.api.Assertions.assertTrue;
+
+import java.io.IOException;
+import java.security.Security;
+import java.util.Properties;
+import org.bouncycastle.jce.provider.BouncyCastleProvider;
+import org.junit.jupiter.api.Test;
+import org.junit.jupiter.params.ParameterizedTest;
+import org.junit.jupiter.params.provider.ValueSource;
+import org.xbill.DNS.DClass;
+import org.xbill.DNS.DNSSEC;
+import org.xbill.DNS.DNSSEC.Algorithm;
+import org.xbill.DNS.DNSSEC.Digest;
+import org.xbill.DNS.DSRecord;
+import org.xbill.DNS.ExtendedErrorCodeOption;
+import org.xbill.DNS.Flags;
+import org.xbill.DNS.Message;
+import org.xbill.DNS.Name;
+import org.xbill.DNS.Rcode;
+
+class TestAlgorithmSupport extends TestBase {
+  @ParameterizedTest(name = "testAlgIsUnknown_{arguments}")
+  @ValueSource(strings = {"rsamd5", "eccgost"})
+  void testAlgIsUnknown(String param) throws IOException {
+    Message response = resolver.send(createMessage(param + ".ingotronic.ch./A"));
+    assertFalse(response.getHeader().getFlag(Flags.AD), "AD flag must not be set");
+    assertRCode(Rcode.NOERROR, response.getRcode());
+    assertEquals("insecure.ds.noalgorithms:" + param + ".ingotronic.ch.", getReason(response));
+    assertEde(ExtendedErrorCodeOption.UNSUPPORTED_DNSKEY_ALGORITHM, response);
+  }
+
+  @ParameterizedTest(name = "testEd_{arguments}")
+  @ValueSource(strings = {"ed448", "ed25519"})
+  void testEd(String param) throws IOException {
+    try {
+      Security.addProvider(new BouncyCastleProvider());
+      resolver.init(new Properties());
+      Message response = resolver.send(createMessage(param + ".nl./A"));
+      assertTrue(response.getHeader().getFlag(Flags.AD), "AD flag must be set");
+      assertRCode(Rcode.NOERROR, response.getRcode());
+      assertNull(getReason(response));
+      assertEde(-1, response);
+    } finally {
+      Security.removeProvider(BouncyCastleProvider.PROVIDER_NAME);
+    }
+  }
+
+  @Test
+  void testDigestIdIsUnknown() throws IOException {
+    Message response = resolver.send(createMessage("unknown-alg.ingotronic.ch./A"));
+    assertFalse(response.getHeader().getFlag(Flags.AD), "AD flag must not be set");
+    assertRCode(Rcode.NOERROR, response.getRcode());
+    assertEquals("failed.ds.no_usable_digest:unknown-alg.ingotronic.ch.", getReason(response));
+    assertEde(ExtendedErrorCodeOption.UNSUPPORTED_DS_DIGEST_TYPE, response);
+  }
+
+  @AlwaysOffline
+  @Test
+  void testUnsupportedDigestInDigestPreference() {
+    Properties config = new Properties();
+    config.put("dnsjava.dnssec.digest_preference", "1,2,0");
+    assertThrows(IllegalArgumentException.class, () -> resolver.init(config));
+  }
+
+  @AlwaysOffline
+  @Test
+  void testFavoriteDigestNotInRRset() {
+    Properties config = new Properties();
+    config.put("dnsjava.dnssec.digest_preference", Digest.SHA384);
+    ValUtils v = new ValUtils();
+    v.init(config);
+    SRRset set = new SRRset();
+    set.addRR(
+        new DSRecord(
+            Name.root,
+            DClass.IN,
+            120,
+            1234,
+            Algorithm.DSA,
+            Digest.SHA1,
+            new byte[] {1, 2, 3, 4, 5, 6, 7, 8, 9, 0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 0}));
+    set.addRR(
+        new DSRecord(
+            Name.root,
+            DClass.IN,
+            120,
+            1234,
+            Algorithm.DSA,
+            Digest.SHA256,
+            new byte[] {
+              1, 2, 3, 4, 5, 6, 7, 8, 1, 2, 3, 4, 5, 6, 7, 8, 1, 2, 3, 4, 5, 6, 7, 8, 1, 2, 3, 4, 5,
+              6, 7, 8
+            }));
+    int digestId = v.favoriteDSDigestID(set);
+    assertEquals(0, digestId);
+  }
+
+  @AlwaysOffline
+  @Test
+  void testOnlyUnsupportedDigestInRRset() {
+    ValUtils v = new ValUtils();
+    SRRset set = new SRRset();
+    set.addRR(
+        new DSRecord(
+            Name.root,
+            DClass.IN,
+            120,
+            1234,
+            Algorithm.DSA,
+            Digest.GOST3411,
+            new byte[] {
+              1, 2, 3, 4, 5, 6, 7, 8, 1, 2, 3, 4, 5, 6, 7, 8, 1, 2, 3, 4, 5, 6, 7, 8, 1, 2, 3, 4, 5,
+              6, 7, 8
+            }));
+    int digestId = v.favoriteDSDigestID(set);
+    assertEquals(0, digestId);
+  }
+
+  @AlwaysOffline
+  @Test
+  void testOnlyUnsupportedAlgorithmInRRset() {
+    ValUtils v = new ValUtils();
+    SRRset set = new SRRset();
+    set.addRR(
+        new DSRecord(
+            Name.root,
+            DClass.IN,
+            120,
+            1234,
+            0 /*Unknown alg*/,
+            DNSSEC.Digest.SHA1,
+            new byte[] {1, 2, 3, 4, 5, 6, 7, 8, 9, 0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 0}));
+    int digestId = v.favoriteDSDigestID(set);
+    assertEquals(0, digestId);
+  }
+}
diff --git a/src/test/java/org/xbill/DNS/dnssec/TestBase.java b/src/test/java/org/xbill/DNS/dnssec/TestBase.java
new file mode 100644
index 000000000..a5745c784
--- /dev/null
+++ b/src/test/java/org/xbill/DNS/dnssec/TestBase.java
@@ -0,0 +1,350 @@
+// SPDX-License-Identifier: BSD-3-Clause
+package org.xbill.DNS.dnssec;
+
+import static org.assertj.core.api.Assertions.assertThat;
+import static org.junit.jupiter.api.Assertions.assertEquals;
+import static org.junit.jupiter.api.Assertions.fail;
+import static org.mockito.Mockito.mock;
+import static org.mockito.Mockito.when;
+
+import java.io.BufferedReader;
+import java.io.ByteArrayInputStream;
+import java.io.File;
+import java.io.FileWriter;
+import java.io.IOException;
+import java.io.InputStream;
+import java.io.InputStreamReader;
+import java.io.StringReader;
+import java.lang.reflect.Method;
+import java.nio.charset.StandardCharsets;
+import java.time.Clock;
+import java.time.Duration;
+import java.time.ZonedDateTime;
+import java.time.format.DateTimeFormatter;
+import java.util.HashMap;
+import java.util.List;
+import java.util.Locale;
+import java.util.Map;
+import java.util.Optional;
+import java.util.concurrent.CompletableFuture;
+import java.util.concurrent.CompletionStage;
+import java.util.concurrent.ExecutionException;
+import java.util.concurrent.Executor;
+import lombok.extern.slf4j.Slf4j;
+import org.junit.jupiter.api.AfterEach;
+import org.junit.jupiter.api.BeforeAll;
+import org.junit.jupiter.api.BeforeEach;
+import org.junit.jupiter.api.TestInfo;
+import org.xbill.DNS.ARecord;
+import org.xbill.DNS.DClass;
+import org.xbill.DNS.DNSSEC.DNSSECException;
+import org.xbill.DNS.EDNSOption.Code;
+import org.xbill.DNS.ExtendedErrorCodeOption;
+import org.xbill.DNS.Master;
+import org.xbill.DNS.Message;
+import org.xbill.DNS.Name;
+import org.xbill.DNS.RRset;
+import org.xbill.DNS.Rcode;
+import org.xbill.DNS.Record;
+import org.xbill.DNS.Section;
+import org.xbill.DNS.SimpleResolver;
+import org.xbill.DNS.TXTRecord;
+import org.xbill.DNS.Type;
+
+@Slf4j
+public abstract class TestBase {
+  private static final boolean offline = !Boolean.getBoolean("dnsjava.dnssec.online");
+  private static final boolean partialOffline =
+      "partial".equals(System.getProperty("dnsjava.dnssec.offline"));
+  private static final boolean record = Boolean.getBoolean("dnsjava.dnssec.record");
+  private boolean unboundTest = false;
+  private boolean alwaysOffline = false;
+
+  private final Map<String, Message> queryResponsePairs = new HashMap<>();
+  private final MessageReader messageReader = new MessageReader();
+  private FileWriter w;
+
+  protected static final String localhost = "127.0.0.1";
+  protected ValidatingResolver resolver;
+  protected Clock resolverClock;
+  protected String testName;
+
+  @BeforeEach
+  void beforeEach(TestInfo description) throws IOException, DNSSECException {
+    starting(description);
+    setup();
+  }
+
+  private void starting(TestInfo description) {
+    unboundTest = false;
+    testName = description.getTestMethod().orElseThrow(RuntimeException::new).getName();
+    if (description.getDisplayName().startsWith(testName + "_")) {
+      testName = description.getDisplayName();
+    }
+    resolverClock = mock(Clock.class);
+
+    try {
+      // do not record or process unbound unit tests offline
+      alwaysOffline = description.getTestMethod().get().getAnnotation(AlwaysOffline.class) != null;
+      if (description
+          .getTestClass()
+          .orElseThrow(RuntimeException::new)
+          .getName()
+          .toLowerCase(Locale.ROOT)
+          .contains("unbound")) {
+        unboundTest = true;
+        return;
+      }
+
+      DateTimeFormatter formatter = DateTimeFormatter.ofPattern("yyyy-MM-dd'T'HH:mm:ssXXX");
+      String filename =
+          "/recordings/"
+              + description.getTestClass().get().getName().replace(".", "_")
+              + "/"
+              + testName;
+      File f = new File("./src/test/resources" + filename);
+      if ((record || !f.exists()) && !alwaysOffline) {
+        resolverClock = Clock.systemUTC();
+        f.getParentFile().getParentFile().mkdir();
+        f.getParentFile().mkdir();
+        w = new FileWriter(f.getAbsoluteFile());
+        w.write("#Date: " + ZonedDateTime.now().format(formatter));
+        w.write("\n");
+      } else if (offline || partialOffline || alwaysOffline) {
+        PrepareMocks pm = description.getTestMethod().get().getAnnotation(PrepareMocks.class);
+        if (pm != null) {
+          Method m = TestBase.this.getClass().getDeclaredMethod(pm.value());
+          m.setAccessible(true);
+          m.invoke(TestBase.this);
+        }
+
+        InputStream stream = getClass().getResourceAsStream(filename);
+        if (stream != null) {
+          BufferedReader r = new BufferedReader(new InputStreamReader(stream));
+          String date = r.readLine().substring("#Date: ".length());
+          when(resolverClock.instant())
+              .thenReturn(ZonedDateTime.parse(date, formatter).toInstant());
+
+          Message m;
+          while ((m = messageReader.readMessage(r)) != null) {
+            for (int i = 0; i < 4; i++) {
+              assertThat(m.getHeader().getCount(i))
+                  .withFailMessage("Before normalization")
+                  .isEqualTo(m.getSection(i).size());
+            }
+
+            m = m.normalize(Message.newQuery(m.getQuestion()), true);
+            for (int i = 0; i < 4; i++) {
+              assertThat(m.getHeader().getCount(i))
+                  .withFailMessage("After normalization")
+                  .isEqualTo(m.getSection(i).size());
+            }
+            queryResponsePairs.put(key(m), m);
+          }
+
+          r.close();
+        }
+      }
+    } catch (Exception e) {
+      System.err.println(e);
+      throw new RuntimeException(e);
+    }
+  }
+
+  @AfterEach
+  void finished() {
+    try {
+      if (w != null) {
+        w.flush();
+        w.close();
+        w = null;
+      }
+    } catch (IOException e) {
+      throw new RuntimeException(e);
+    }
+  }
+
+  @BeforeAll
+  static void setupClass() {
+    R.setBundle(null);
+    R.setUseNeutralMessages(true);
+  }
+
+  private void setup() throws NumberFormatException, IOException, DNSSECException {
+    // Some old keys are only 1023 bits long
+    System.setProperty("dnsjava.dnssec.algorithm_rsa_min_key_size", "1023");
+    resolver =
+        new ValidatingResolver(
+            new SimpleResolver("8.8.4.4") {
+              @Override
+              public CompletionStage<Message> sendAsync(Message query, Executor executor) {
+                Message response = queryResponsePairs.get(key(query));
+                if (response != null) {
+                  if (!log.isTraceEnabled()) {
+                    log.debug("---{}", key(query));
+                  }
+
+                  log.trace("---{}\n{}", key(query), response);
+                  return CompletableFuture.completedFuture(response);
+                } else if ((offline && !partialOffline) || unboundTest || alwaysOffline) {
+                  fail("Response for " + key(query) + " not found.");
+                }
+
+                Message networkResult;
+                try {
+                  networkResult = super.sendAsync(query, executor).toCompletableFuture().get();
+                  if (w != null) {
+                    w.write(networkResult.toString());
+                    w.write("\n\n###############################################\n\n");
+                  }
+                } catch (IOException | InterruptedException | ExecutionException e) {
+                  CompletableFuture<Message> f = new CompletableFuture<>();
+                  f.completeExceptionally(e);
+                  return f;
+                }
+
+                return CompletableFuture.completedFuture(networkResult);
+              }
+            },
+            resolverClock);
+
+    resolver.loadTrustAnchors(getClass().getResourceAsStream("/trust_anchors"));
+    resolver.setTimeout(Duration.ofHours(1));
+  }
+
+  protected void add(Message m) throws IOException {
+    this.add(key(m), m, true);
+  }
+
+  protected void add(String query, Message response) throws IOException {
+    this.add(query, response, true);
+  }
+
+  protected void add(String query, Message response, boolean clear) throws IOException {
+    queryResponsePairs.put(query, messageFromString(response.toString()));
+
+    // reset the resolver so any cached stuff is cleared
+    if (!clear) {
+      return;
+    }
+
+    try {
+      setup();
+    } catch (NumberFormatException | DNSSECException e) {
+      throw new IOException(e);
+    }
+  }
+
+  protected Message get(Name target, int type) {
+    return queryResponsePairs.get(key(target, type));
+  }
+
+  protected void clear() {
+    queryResponsePairs.clear();
+  }
+
+  protected Message createMessage(String query) throws IOException {
+    return Message.newQuery(
+        Record.newRecord(
+            Name.fromString(query.split("/")[0]), Type.value(query.split("/")[1]), DClass.IN));
+  }
+
+  protected Message messageFromString(String message) throws IOException {
+    return messageReader.readMessage(new StringReader(message));
+  }
+
+  protected String firstA(Message response) {
+    List<RRset> sectionRRsets = response.getSectionRRsets(Section.ANSWER);
+    if (!sectionRRsets.isEmpty()) {
+      for (Record r : sectionRRsets.get(0).rrs()) {
+        if (r.getType() == Type.A) {
+          return ((ARecord) r).getAddress().getHostAddress();
+        }
+      }
+    }
+
+    return null;
+  }
+
+  protected int getEdeReason(Message m) {
+    int edeReason =
+        Optional.ofNullable(m.getOPT())
+            .flatMap(
+                opt ->
+                    opt.getOptions(Code.EDNS_EXTENDED_ERROR).stream()
+                        .filter(o -> o instanceof ExtendedErrorCodeOption)
+                        .findFirst()
+                        .map(o -> ((ExtendedErrorCodeOption) o).getErrorCode()))
+            .orElse(-1);
+    if (edeReason != -1) {
+      assertEquals(getReason(m), getEdeText(m));
+    }
+    return edeReason;
+  }
+
+  protected void assertEde(int expected, Message m) {
+    int edeReason = getEdeReason(m);
+    String expectedText = expected == -1 ? null : ExtendedErrorCodeOption.text(expected);
+    String actualText = edeReason == -1 ? null : ExtendedErrorCodeOption.text(edeReason);
+    assertEquals(expectedText, actualText, "EDE does not match");
+  }
+
+  protected void assertRCode(int expected, int actual) {
+    assertEquals(Rcode.string(expected), Rcode.string(actual));
+  }
+
+  protected String getEdeText(Message m) {
+    return Optional.ofNullable(m.getOPT())
+        .flatMap(
+            opt ->
+                opt.getOptions(Code.EDNS_EXTENDED_ERROR).stream()
+                    .filter(ExtendedErrorCodeOption.class::isInstance)
+                    .findFirst()
+                    .map(o -> ((ExtendedErrorCodeOption) o).getText()))
+        .orElse(null);
+  }
+
+  protected String getReason(Message m) {
+    for (RRset set : m.getSectionRRsets(Section.ADDITIONAL)) {
+      if (set.getName().equals(Name.root)
+          && set.getType() == Type.TXT
+          && set.getDClass() == ValidatingResolver.VALIDATION_REASON_QCLASS) {
+        StringBuilder sb = new StringBuilder();
+        List<String> strings = ((TXTRecord) set.first()).getStrings();
+        for (String part : strings) {
+          sb.append(part);
+        }
+
+        return sb.toString();
+      }
+    }
+
+    return null;
+  }
+
+  protected boolean isEmptyAnswer(Message response) {
+    return response.getSectionRRsets(Section.ANSWER).isEmpty();
+  }
+
+  private String key(Name n, int t) {
+    return n + "/" + Type.string(t);
+  }
+
+  private String key(Record r) {
+    return key(r.getName(), r.getType());
+  }
+
+  private String key(Message m) {
+    return key(m.getQuestion());
+  }
+
+  protected Record toRecord(String data) {
+    try {
+      InputStream in = new ByteArrayInputStream(data.getBytes(StandardCharsets.UTF_8));
+      Master m = new Master(in, Name.root);
+      return m.nextRecord();
+    } catch (IOException e) {
+      throw new RuntimeException(e);
+    }
+  }
+}
diff --git a/src/test/java/org/xbill/DNS/dnssec/TestBogusReasonMessage.java b/src/test/java/org/xbill/DNS/dnssec/TestBogusReasonMessage.java
new file mode 100644
index 000000000..6b1657bd7
--- /dev/null
+++ b/src/test/java/org/xbill/DNS/dnssec/TestBogusReasonMessage.java
@@ -0,0 +1,28 @@
+// SPDX-License-Identifier: BSD-3-Clause
+package org.xbill.DNS.dnssec;
+
+import static org.junit.jupiter.api.Assertions.assertEquals;
+import static org.junit.jupiter.api.Assertions.assertFalse;
+
+import java.io.IOException;
+import org.junit.jupiter.api.Test;
+import org.xbill.DNS.ExtendedErrorCodeOption;
+import org.xbill.DNS.Flags;
+import org.xbill.DNS.Message;
+import org.xbill.DNS.Rcode;
+
+class TestBogusReasonMessage extends TestBase {
+  @Test
+  void testLongBogusReasonIsSplitCorrectly() throws IOException {
+    Message response =
+        resolver.send(
+            createMessage(
+                "01234567890123456789012345678901234567890123456789.01234567890123456789012345678901234567890123456789.01234567890123456789012345678901234567890123456789.01234567890123456789012345678901234567890123456789.isc.org./A"));
+    assertFalse(response.getHeader().getFlag(Flags.AD), "AD flag must not be set");
+    assertRCode(Rcode.SERVFAIL, response.getRcode());
+    assertEquals(
+        "failed.nxdomain.authority:{ isc.org. 2962 IN NSEC [01234567890123456789012345678901234567890123456789.01234567890123456789012345678901234567890123456789.01234567890123456789012345678901234567890123456789.01234567890123456789012345678901234567890123456789.isc.org. A NS SOA MX TXT AAAA NAPTR RRSIG NSEC DNSKEY SPF] sigs: [NSEC 5 2 3600 20160706234032 20160606234032 13953 isc.org. fnOJeQG2vOwrERAPIqAenLOosbIBT7UvmxOV8Az2ExOhlGxP2CEqZEc5NPVbidq4oZC2kHyG7x31D6LBJXeXgOuanv+uqPNe9UIiUhdj+Egf8FEWIOKp8nxgjQGiGSNbQenWjeWoR91sReFEU+Pn7NPlEI072MzEESOT8oVucx8=] }",
+        getReason(response));
+    assertEde(ExtendedErrorCodeOption.DNSSEC_BOGUS, response);
+  }
+}
diff --git a/src/test/java/org/xbill/DNS/dnssec/TestByteArrayComparator.java b/src/test/java/org/xbill/DNS/dnssec/TestByteArrayComparator.java
new file mode 100644
index 000000000..b288d60a5
--- /dev/null
+++ b/src/test/java/org/xbill/DNS/dnssec/TestByteArrayComparator.java
@@ -0,0 +1,30 @@
+// SPDX-License-Identifier: BSD-3-Clause
+package org.xbill.DNS.dnssec;
+
+import static org.junit.jupiter.api.Assertions.assertEquals;
+
+import org.junit.jupiter.api.Test;
+
+class TestByteArrayComparator {
+  private final byte[] b1 = new byte[] {0};
+  private final byte[] b2 = new byte[] {0};
+  private final byte[] b3 = new byte[] {1};
+  private final byte[] b4 = new byte[] {1, 0};
+
+  @Test
+  void testEquals() {
+    assertEquals(0, ByteArrayComparator.compare(b1, b2));
+  }
+
+  @Test
+  void testLessThan() {
+    assertEquals(-1, ByteArrayComparator.compare(b2, b3));
+    assertEquals(-1, ByteArrayComparator.compare(b1, b4));
+  }
+
+  @Test
+  void testGreaterThan() {
+    assertEquals(1, ByteArrayComparator.compare(b3, b2));
+    assertEquals(1, ByteArrayComparator.compare(b4, b1));
+  }
+}
diff --git a/src/test/java/org/xbill/DNS/dnssec/TestCNames.java b/src/test/java/org/xbill/DNS/dnssec/TestCNames.java
new file mode 100644
index 000000000..aae2dddce
--- /dev/null
+++ b/src/test/java/org/xbill/DNS/dnssec/TestCNames.java
@@ -0,0 +1,176 @@
+// SPDX-License-Identifier: BSD-3-Clause
+package org.xbill.DNS.dnssec;
+
+import static org.junit.jupiter.api.Assertions.assertEquals;
+import static org.junit.jupiter.api.Assertions.assertFalse;
+import static org.junit.jupiter.api.Assertions.assertNull;
+import static org.junit.jupiter.api.Assertions.assertTrue;
+
+import java.io.IOException;
+import org.junit.jupiter.api.Test;
+import org.junit.jupiter.params.ParameterizedTest;
+import org.junit.jupiter.params.provider.CsvSource;
+import org.xbill.DNS.ExtendedErrorCodeOption;
+import org.xbill.DNS.Flags;
+import org.xbill.DNS.Message;
+import org.xbill.DNS.Rcode;
+import org.xbill.DNS.Section;
+
+class TestCNames extends TestBase {
+  @Test
+  void testCNameToUnsignedA() throws IOException {
+    Message response = resolver.send(createMessage("cunsinged.ingotronic.ch./A"));
+    assertFalse(response.getHeader().getFlag(Flags.AD), "AD flag must not be set");
+    assertRCode(Rcode.NOERROR, response.getRcode());
+    assertEquals(3, response.getSection(Section.ANSWER).size());
+    assertEquals("insecure.ds.nsec3", getReason(response));
+    assertEde(-1, response);
+  }
+
+  @Test
+  void testCNameToUnsignedMX() throws IOException {
+    Message response = resolver.send(createMessage("cunsinged.ingotronic.ch./MX"));
+    assertFalse(response.getHeader().getFlag(Flags.AD), "AD flag must not be set");
+    assertRCode(Rcode.NOERROR, response.getRcode());
+    assertEquals(2, response.getSection(Section.ANSWER).size());
+    assertEquals("insecure.ds.nsec3", getReason(response));
+    assertEde(-1, response);
+  }
+
+  @Test
+  void testCNameToSignedA() throws IOException {
+    Message response = resolver.send(createMessage("csigned.ingotronic.ch./A"));
+    assertTrue(response.getHeader().getFlag(Flags.AD), "AD flag must be set");
+    assertRCode(Rcode.NOERROR, response.getRcode());
+    assertEquals(4, response.getSection(Section.ANSWER).size());
+    assertNull(getReason(response));
+    assertEde(-1, response);
+  }
+
+  @Test
+  void testCNameToSignedMX() throws IOException {
+    Message response = resolver.send(createMessage("csigned.ingotronic.ch./MX"));
+    assertTrue(response.getHeader().getFlag(Flags.AD), "AD flag must be set");
+    assertRCode(Rcode.NOERROR, response.getRcode());
+    assertEquals(2, response.getSection(Section.ANSWER).size());
+    assertNull(getReason(response));
+    assertEde(-1, response);
+  }
+
+  @Test
+  void testCNameToSignedAExternal() throws IOException {
+    Message response = resolver.send(createMessage("csext.ingotronic.ch./A"));
+    assertTrue(response.getHeader().getFlag(Flags.AD), "AD flag must be set");
+    assertRCode(Rcode.NOERROR, response.getRcode());
+    assertEquals(4, response.getSection(Section.ANSWER).size());
+    assertEquals(5, response.getSection(Section.AUTHORITY).size());
+    assertNull(getReason(response));
+    assertEde(-1, response);
+  }
+
+  @Test
+  void testCNameToInvalidSigned() throws IOException {
+    Message response = resolver.send(createMessage("cfailed.ingotronic.ch./A"));
+    assertFalse(response.getHeader().getFlag(Flags.AD), "AD flag must not be set");
+    assertRCode(Rcode.SERVFAIL, response.getRcode());
+    assertEquals(
+        "validate.bogus.badkey:dnssec-failed.org.:dnskey.no_ds_alg_match:dnssec-failed.org.:RSASHA1",
+        getReason(response));
+    assertEde(ExtendedErrorCodeOption.DNSKEY_MISSING, response);
+  }
+
+  @Test
+  void testCNameToUnsignedNsec3() throws IOException {
+    Message response = resolver.send(createMessage("cunsinged.nsec3.ingotronic.ch./A"));
+    assertFalse(response.getHeader().getFlag(Flags.AD), "AD flag must not be set");
+    assertRCode(Rcode.NOERROR, response.getRcode());
+    assertEquals("insecure.ds.nsec3", getReason(response));
+    assertEde(-1, response);
+  }
+
+  @Test
+  void testCNameToSignedNsec3() throws IOException {
+    Message response = resolver.send(createMessage("csigned.nsec3.ingotronic.ch./A"));
+    assertTrue(response.getHeader().getFlag(Flags.AD), "AD flag must be set");
+    assertRCode(Rcode.NOERROR, response.getRcode());
+    assertNull(getReason(response));
+    assertEde(-1, response);
+  }
+
+  @Test
+  void testCNameToInvalidSignedNsec3() throws IOException {
+    Message response = resolver.send(createMessage("cfailed.nsec3.ingotronic.ch./A"));
+    assertFalse(response.getHeader().getFlag(Flags.AD), "AD flag must not be set");
+    assertRCode(Rcode.SERVFAIL, response.getRcode());
+    assertEquals(
+        "validate.bogus.badkey:dnssec-failed.org.:dnskey.no_ds_alg_match:dnssec-failed.org.:RSASHA1",
+        getReason(response));
+    assertEde(ExtendedErrorCodeOption.DNSKEY_MISSING, response);
+  }
+
+  @ParameterizedTest(name = "testCNameToVoid_{index}")
+  @CsvSource({"cvoid1,2", "cvoid2,4", "cvoid3,6"})
+  void testCNameToVoid(String subdomain, int acount) throws IOException {
+    Message response = resolver.send(createMessage(subdomain + ".ingotronic.ch./A"));
+    assertTrue(response.getHeader().getFlag(Flags.AD), "AD flag must be set");
+    assertRCode(Rcode.NXDOMAIN, response.getRcode());
+    assertEquals(acount, response.getSection(Section.ANSWER).size());
+    assertNull(getReason(response));
+    assertEde(-1, response);
+  }
+
+  @Test
+  void testCNameToUnsignedVoid() throws IOException {
+    Message response = resolver.send(createMessage("cvoid4.ingotronic.ch./A"));
+    assertFalse(response.getHeader().getFlag(Flags.AD), "AD flag must not be set");
+    assertRCode(Rcode.NXDOMAIN, response.getRcode());
+    assertEquals("insecure.ds.nsec", getReason(response));
+    assertEde(-1, response);
+  }
+
+  @Test
+  void testCNameToExternalUnsignedVoid() throws IOException {
+    Message response = resolver.send(createMessage("cvoid.dnssectest.jitsi.net./A"));
+    assertFalse(response.getHeader().getFlag(Flags.AD), "AD flag must not be set");
+    assertRCode(Rcode.NXDOMAIN, response.getRcode());
+    assertEquals("insecure.ds.nsec3", getReason(response));
+    assertEde(-1, response);
+  }
+
+  @Test
+  void testCNameToSubSigned() throws IOException {
+    Message response = resolver.send(createMessage("cssub.ingotronic.ch./A"));
+    assertTrue(response.getHeader().getFlag(Flags.AD), "AD flag must be set");
+    assertRCode(Rcode.NOERROR, response.getRcode());
+    assertNull(getReason(response));
+    assertEde(-1, response);
+  }
+
+  @Test
+  void testCNameToVoidExternalInvalidTld() throws IOException {
+    Message response = resolver.send(createMessage("cvoidext1.ingotronic.ch./A"));
+    assertTrue(response.getHeader().getFlag(Flags.AD), "AD flag must be set");
+    assertRCode(Rcode.NXDOMAIN, response.getRcode());
+    assertEquals(2, response.getSection(Section.ANSWER).size());
+    assertNull(getReason(response));
+    assertEde(-1, response);
+  }
+
+  @Test
+  void testCNameToVoidExternalValidTld() throws IOException {
+    Message response = resolver.send(createMessage("cvoidext2.ingotronic.ch./A"));
+    assertTrue(response.getHeader().getFlag(Flags.AD), "AD flag must be set");
+    assertRCode(Rcode.NXDOMAIN, response.getRcode());
+    assertNull(getReason(response));
+    assertEde(-1, response);
+  }
+
+  @Test
+  void testCNameToVoidNsec3() throws IOException {
+    Message response = resolver.send(createMessage("cvoid.nsec3.ingotronic.ch./A"));
+    assertTrue(response.getHeader().getFlag(Flags.AD), "AD flag must be set");
+    assertRCode(Rcode.NXDOMAIN, response.getRcode());
+    assertNull(getReason(response));
+    assertEde(-1, response);
+  }
+}
diff --git a/src/test/java/org/xbill/DNS/dnssec/TestDNames.java b/src/test/java/org/xbill/DNS/dnssec/TestDNames.java
new file mode 100644
index 000000000..147f8a079
--- /dev/null
+++ b/src/test/java/org/xbill/DNS/dnssec/TestDNames.java
@@ -0,0 +1,190 @@
+// SPDX-License-Identifier: BSD-3-Clause
+package org.xbill.DNS.dnssec;
+
+import static org.junit.jupiter.api.Assertions.assertEquals;
+import static org.junit.jupiter.api.Assertions.assertFalse;
+import static org.junit.jupiter.api.Assertions.assertNotNull;
+import static org.junit.jupiter.api.Assertions.assertNull;
+import static org.junit.jupiter.api.Assertions.assertTrue;
+
+import java.io.IOException;
+import org.junit.jupiter.api.Disabled;
+import org.junit.jupiter.api.Test;
+import org.xbill.DNS.DClass;
+import org.xbill.DNS.DNAMERecord;
+import org.xbill.DNS.ExtendedErrorCodeOption;
+import org.xbill.DNS.Flags;
+import org.xbill.DNS.Lookup;
+import org.xbill.DNS.Message;
+import org.xbill.DNS.Name;
+import org.xbill.DNS.RRSIGRecord;
+import org.xbill.DNS.RRset;
+import org.xbill.DNS.Rcode;
+import org.xbill.DNS.Record;
+import org.xbill.DNS.Section;
+import org.xbill.DNS.Type;
+
+class TestDNames extends TestBase {
+  @Test
+  void testDNameToExistingIsValid() throws IOException {
+    Message response = resolver.send(createMessage("www.alias.ingotronic.ch./A"));
+    assertTrue(response.getHeader().getFlag(Flags.AD), "AD flag must be set");
+    assertRCode(Rcode.NOERROR, response.getRcode());
+    assertEquals(5, response.getSection(Section.ANSWER).size());
+    assertNull(getReason(response));
+    assertEde(-1, response);
+  }
+
+  @Test
+  void testDNameToNoDataIsValid() throws IOException {
+    Message response = resolver.send(createMessage("www.alias.ingotronic.ch./MX"));
+    assertTrue(response.getHeader().getFlag(Flags.AD), "AD flag must be set");
+    assertRCode(Rcode.NOERROR, response.getRcode());
+    assertEquals(3, response.getSection(Section.ANSWER).size());
+    assertNull(getReason(response));
+    assertEde(-1, response);
+  }
+
+  @Test
+  void testDNameToNxDomainIsValid() throws IOException {
+    Message response = resolver.send(createMessage("x.alias.ingotronic.ch./A"));
+    assertTrue(response.getHeader().getFlag(Flags.AD), "AD flag must be set");
+    assertRCode(Rcode.NXDOMAIN, response.getRcode());
+    assertNull(getReason(response));
+    assertEde(-1, response);
+  }
+
+  @Test
+  void testDNameDirectQueryIsValid() throws IOException {
+    Message response = resolver.send(createMessage("alias.ingotronic.ch./DNAME"));
+    assertTrue(response.getHeader().getFlag(Flags.AD), "AD flag must not set");
+    assertRCode(Rcode.NOERROR, response.getRcode());
+    assertNull(getReason(response));
+    for (RRset set : response.getSectionRRsets(Section.ANSWER)) {
+      if (set.getType() == Type.DNAME) {
+        DNAMERecord r = (DNAMERecord) set.first();
+        assertEquals(Name.fromString("ingotronic.ch."), r.getTarget());
+      }
+    }
+    assertEde(-1, response);
+  }
+
+  @Disabled("Now valid because of message normalization")
+  @Test
+  void testDNameWithFakedCnameIsInvalid() throws IOException {
+    Message m = resolver.send(createMessage("www.alias.ingotronic.ch./A"));
+    Message message =
+        messageFromString(m.toString().replaceAll("(.*CNAME\\s+)(.*)", "$1 www.isc.org."));
+    add("www.alias.ingotronic.ch./A", message);
+
+    Message response = resolver.send(createMessage("www.alias.ingotronic.ch./A"));
+    assertFalse(response.getHeader().getFlag(Flags.AD), "AD flag must not be set");
+    assertRCode(Rcode.SERVFAIL, response.getRcode());
+    assertEquals("failed.synthesize.nomatch:www.isc.org.:www.ingotronic.ch.", getReason(response));
+    assertEde(ExtendedErrorCodeOption.DNSSEC_BOGUS, response);
+  }
+
+  @Test
+  void testDNameWithNoCnameIsValid() throws IOException {
+    Message m = resolver.send(createMessage("www.isc.ingotronic.ch./A"));
+    Message message =
+        messageFromString(m.toString().replaceAll("(.*CNAME.*)", "").replaceAll("\n\n", "\n"));
+    add("www.isc.ingotronic.ch./A", message);
+
+    Message response = resolver.send(createMessage("www.isc.ingotronic.ch./A"));
+    assertTrue(response.getHeader().getFlag(Flags.AD), "AD flag must be set");
+    assertEquals(Rcode.NOERROR, response.getRcode());
+    assertNull(getReason(response));
+    Lookup l = new Lookup("www.isc.ingotronic.ch");
+    l.setResolver(resolver);
+    Record[] results = l.run();
+    assertNotNull(results);
+    assertTrue(results.length >= 1);
+    assertEde(-1, response);
+  }
+
+  @Disabled("Now valid because of message normalization")
+  @Test
+  void testDNameWithMultipleCnamesIsInvalid() throws IOException {
+    Message m = resolver.send(createMessage("www.alias.ingotronic.ch./A"));
+    Message message =
+        messageFromString(m.toString().replaceAll("(.*CNAME.*)", "$1\n$1example.com."));
+    add("www.alias.ingotronic.ch./A", message);
+
+    Message response = resolver.send(createMessage("www.alias.ingotronic.ch./A"));
+    assertFalse(response.getHeader().getFlag(Flags.AD), "AD flag must not be set");
+    assertRCode(Rcode.SERVFAIL, response.getRcode());
+    assertEquals("failed.synthesize.multiple", getReason(response));
+    assertEde(ExtendedErrorCodeOption.DNSSEC_BOGUS, response);
+  }
+
+  @Disabled("Now valid because of message normalization")
+  @Test
+  void testDNameWithTooLongCnameIsInvalid() throws IOException {
+    Message m = resolver.send(createMessage("www.n3.ingotronic.ch./A"));
+    Message message =
+        messageFromString(
+            m.toString()
+                .replaceAll(
+                    "(.*\\.)(.*CNAME)",
+                    "IamAVeryLongNameThatExeceedsTheMaximumOfTheAllowedDomainNameSys.temSpecificationLengthByAny.NumberThatAHumanOfTheSeventiesCouldHaveImagined.InThisSmallMindedWorldThatIs.NowAfterTheMillennium.InhabitedByOverSeven.BillionPeopleInFiveConts.n3.ingotronic.ch. $2"));
+    add("www.n3.ingotronic.ch./A", message);
+
+    Message response = resolver.send(createMessage("www.n3.ingotronic.ch./A"));
+    assertFalse(response.getHeader().getFlag(Flags.AD), "AD flag must not be set");
+    assertRCode(Rcode.SERVFAIL, response.getRcode());
+    assertEquals("failed.synthesize.toolong", getReason(response));
+    assertEde(ExtendedErrorCodeOption.DNSSEC_BOGUS, response);
+  }
+
+  @Test
+  void testDNameInNsecIsUnderstood_Rfc6672_5_3_4_1() throws IOException {
+    Message nsecs = resolver.send(createMessage("alias.ingotronic.ch./NS"));
+    RRset nsecSet = null;
+    for (RRset set : nsecs.getSectionRRsets(Section.AUTHORITY)) {
+      if (set.getName().equals(Name.fromString("alias.ingotronic.ch."))) {
+        nsecSet = set;
+        break;
+      }
+    }
+
+    Message message = new Message();
+    message.getHeader().setRcode(Rcode.NXDOMAIN);
+    message.addRecord(
+        Record.newRecord(Name.fromString("www.alias.ingotronic.ch."), Type.A, DClass.IN),
+        Section.QUESTION);
+    for (Record r : nsecSet.rrs()) {
+      message.addRecord(r, Section.AUTHORITY);
+    }
+
+    for (RRSIGRecord sig : nsecSet.sigs()) {
+      message.addRecord(sig, Section.AUTHORITY);
+    }
+
+    add("www.alias.ingotronic.ch./A", message);
+
+    Message response = resolver.send(createMessage("www.alias.ingotronic.ch./A"));
+    assertFalse(response.getHeader().getFlag(Flags.AD), "AD flag must not be set");
+    assertRCode(Rcode.SERVFAIL, response.getRcode());
+    assertEquals("failed.nxdomain.exists:www.alias.ingotronic.ch.", getReason(response));
+    assertEde(ExtendedErrorCodeOption.DNSSEC_BOGUS, response);
+  }
+
+  @Test
+  void testDNameToExternal() throws IOException {
+    Message response = resolver.send(createMessage("www.isc.ingotronic.ch./A"));
+    assertTrue(response.getHeader().getFlag(Flags.AD), "AD flag must be set");
+    assertRCode(Rcode.NOERROR, response.getRcode());
+    assertNull(getReason(response));
+    assertEde(-1, response);
+  }
+
+  @Test
+  void testDNameChain() throws IOException {
+    Message response = resolver.send(createMessage("www.alias.nsec3.ingotronic.ch./A"));
+    assertTrue(response.getHeader().getFlag(Flags.AD), "AD flag must be set");
+    assertRCode(Rcode.NOERROR, response.getRcode());
+    assertNull(getReason(response));
+    assertEde(-1, response);
+  }
+}
diff --git a/src/test/java/org/xbill/DNS/dnssec/TestDefaultTrustAnchorStore.java b/src/test/java/org/xbill/DNS/dnssec/TestDefaultTrustAnchorStore.java
new file mode 100644
index 000000000..42dbddc0c
--- /dev/null
+++ b/src/test/java/org/xbill/DNS/dnssec/TestDefaultTrustAnchorStore.java
@@ -0,0 +1,94 @@
+// SPDX-License-Identifier: BSD-3-Clause
+package org.xbill.DNS.dnssec;
+
+import static org.junit.jupiter.api.Assertions.assertEquals;
+import static org.junit.jupiter.api.Assertions.assertIterableEquals;
+import static org.junit.jupiter.api.Assertions.assertNotNull;
+import static org.junit.jupiter.api.Assertions.assertNull;
+import static org.junit.jupiter.api.Assertions.assertThrows;
+
+import java.util.Collections;
+import org.junit.jupiter.api.Test;
+import org.xbill.DNS.DClass;
+import org.xbill.DNS.DNSKEYRecord;
+import org.xbill.DNS.DSRecord;
+import org.xbill.DNS.Name;
+import org.xbill.DNS.RRset;
+import org.xbill.DNS.TXTRecord;
+import org.xbill.DNS.TextParseException;
+
+class TestDefaultTrustAnchorStore {
+  @Test
+  void testNullKeyWhenNameNotUnderAnchor() throws TextParseException {
+    DefaultTrustAnchorStore tas = new DefaultTrustAnchorStore();
+    RRset anchor = tas.find(Name.fromString("asdf.bla."), DClass.IN);
+    assertNull(anchor);
+  }
+
+  @Test
+  void testKeyWhenNameUnderAnchorDS() throws TextParseException {
+    SRRset set =
+        new SRRset(new DSRecord(Name.fromString("bla."), DClass.IN, 0, 0, 0, 0, new byte[] {0}));
+    DefaultTrustAnchorStore tas = new DefaultTrustAnchorStore();
+    tas.store(set);
+    RRset anchor = tas.find(Name.fromString("asdf.bla."), DClass.IN);
+    assertEquals(set, anchor);
+  }
+
+  @Test
+  void testKeyWhenNameUnderAnchorDNSKEY() throws TextParseException {
+    SRRset set =
+        new SRRset(
+            new DNSKEYRecord(Name.fromString("bla."), DClass.IN, 0, 0, 0, 0, new byte[] {0}));
+    DefaultTrustAnchorStore tas = new DefaultTrustAnchorStore();
+    tas.store(set);
+    RRset anchor = tas.find(Name.fromString("asdf.bla."), DClass.IN);
+    assertEquals(set.getName(), anchor.getName());
+  }
+
+  @Test
+  void testInvalidAnchorRecord() throws TextParseException {
+    SRRset set = new SRRset(new TXTRecord(Name.fromString("bla."), DClass.IN, 0, "root"));
+    DefaultTrustAnchorStore tas = new DefaultTrustAnchorStore();
+    assertThrows(IllegalArgumentException.class, () -> tas.store(set));
+  }
+
+  @Test
+  void testClear() throws TextParseException {
+    SRRset set =
+        new SRRset(
+            new DNSKEYRecord(Name.fromString("bla."), DClass.IN, 0, 0, 0, 0, new byte[] {0}));
+    DefaultTrustAnchorStore tas = new DefaultTrustAnchorStore();
+    tas.store(set);
+    RRset anchor = tas.find(Name.fromString("asdf.bla."), DClass.IN);
+    assertNotNull(anchor);
+    tas.clear();
+    assertNull(tas.find(Name.fromString("asdf.bla."), DClass.IN));
+  }
+
+  @Test
+  void testCaseInsensitiveAnchor() throws TextParseException {
+    DefaultTrustAnchorStore tas = new DefaultTrustAnchorStore();
+    SRRset set1 =
+        new SRRset(new DSRecord(Name.fromString("bla."), DClass.IN, 0, 0, 0, 0, new byte[] {0}));
+    SRRset set2 =
+        new SRRset(new DSRecord(Name.fromString("Bla."), DClass.IN, 0, 0, 0, 0, new byte[] {0}));
+    tas.store(set1);
+    tas.store(set2);
+    RRset anchor = tas.find(Name.fromString("bla."), DClass.IN);
+    assertEquals(set2, anchor);
+    assertIterableEquals(Collections.singleton(set2), tas.items());
+  }
+
+  @Test
+  void testCaseInsensitiveSameSetAnchor() throws TextParseException {
+    DefaultTrustAnchorStore tas = new DefaultTrustAnchorStore();
+    SRRset set = new SRRset();
+    set.addRR(new DSRecord(Name.fromString("Bla."), DClass.IN, 0, 0, 0, 0, new byte[] {0}));
+    set.addRR(new DSRecord(Name.fromString("bla."), DClass.IN, 0, 0, 0, 0, new byte[] {0}));
+    tas.store(set);
+    RRset anchor = tas.find(Name.fromString("bla."), DClass.IN);
+    assertEquals(set, anchor);
+    assertIterableEquals(Collections.singleton(set), tas.items());
+  }
+}
diff --git a/src/test/java/org/xbill/DNS/dnssec/TestInvalid.java b/src/test/java/org/xbill/DNS/dnssec/TestInvalid.java
new file mode 100644
index 000000000..f5a17827d
--- /dev/null
+++ b/src/test/java/org/xbill/DNS/dnssec/TestInvalid.java
@@ -0,0 +1,157 @@
+// SPDX-License-Identifier: BSD-3-Clause
+package org.xbill.DNS.dnssec;
+
+import static org.junit.jupiter.api.Assertions.assertEquals;
+import static org.junit.jupiter.api.Assertions.assertFalse;
+import static org.junit.jupiter.api.Assertions.assertTrue;
+
+import java.io.IOException;
+import java.net.InetAddress;
+import java.time.Instant;
+import org.junit.jupiter.api.Test;
+import org.junit.jupiter.params.ParameterizedTest;
+import org.junit.jupiter.params.provider.CsvSource;
+import org.xbill.DNS.ARecord;
+import org.xbill.DNS.DClass;
+import org.xbill.DNS.DNSSEC.Algorithm;
+import org.xbill.DNS.ExtendedErrorCodeOption;
+import org.xbill.DNS.Flags;
+import org.xbill.DNS.Message;
+import org.xbill.DNS.Name;
+import org.xbill.DNS.RRSIGRecord;
+import org.xbill.DNS.Rcode;
+import org.xbill.DNS.Record;
+import org.xbill.DNS.Section;
+import org.xbill.DNS.Type;
+
+class TestInvalid extends TestBase {
+  @ParameterizedTest(name = "testInvalid_{0}")
+  @CsvSource({
+    "bogussig.dnssec,dnskey.invalid,DNSSEC_BOGUS",
+    "bogussig.nsec3,dnskey.invalid,DNSSEC_BOGUS",
+    "sigexpired.dnssec,dnskey.expired,SIGNATURE_EXPIRED",
+    "sigexpired.nsec3,dnskey.expired,SIGNATURE_EXPIRED",
+    // unknownalgorithm would make you think this should return UNSUPPORTED_DNSKEY_ALGORITHM or
+    // UNSUPPORTED_DS_DIGEST_TYPE, but the zone has DS/DNSKEYs for alg=5, then a RRSig with alg=200.
+    // This results in a key not found, regardless of whether the alg is supported or not
+    "unknownalgorithm.dnssec,dnskey.no_key:dnssec.tjeb.nl.,DNSKEY_MISSING",
+    "unknownalgorithm.nsec3,dnskey.no_key:nsec3.tjeb.nl.,DNSKEY_MISSING",
+  })
+  @AlwaysOffline
+  void testInvalid(String param, String dnssecReason, String edeMnemonic) throws IOException {
+    Message response = resolver.send(createMessage(param + ".tjeb.nl./A"));
+    assertFalse(response.getHeader().getFlag(Flags.AD), "AD flag must not be set");
+    assertRCode(Rcode.SERVFAIL, response.getRcode());
+    assertEquals(
+        "validate.bogus.badkey:" + param + ".tjeb.nl.:" + dnssecReason, getReason(response));
+    assertEde(ExtendedErrorCodeOption.code(edeMnemonic), response);
+  }
+
+  @Test
+  @AlwaysOffline
+  void testSignedBelowUnsignedBelowSigned() throws IOException {
+    Message response = resolver.send(createMessage("ok.nods.ok.dnssec.tjeb.nl./A"));
+    assertFalse(response.getHeader().getFlag(Flags.AD), "AD flag must not be set");
+    assertRCode(Rcode.NOERROR, response.getRcode());
+    assertFalse(isEmptyAnswer(response));
+    assertEquals("insecure.ds.nsec", getReason(response));
+    assertEde(-1, response);
+  }
+
+  @Test
+  @AlwaysOffline
+  void testSignedBelowUnsignedBelowSignedNsec3() throws IOException {
+    Message response = resolver.send(createMessage("ok.nods.ok.Nsec3.tjeb.nl./A"));
+    assertFalse(response.getHeader().getFlag(Flags.AD), "AD flag must not be set");
+    assertRCode(Rcode.NOERROR, response.getRcode());
+    assertFalse(isEmptyAnswer(response));
+    assertEquals("insecure.ds.nsec3", getReason(response));
+    assertEde(-1, response);
+  }
+
+  @Test
+  void testUnsignedThatMustBeSigned() throws IOException {
+    Name query = Name.fromString("www.ingotronic.ch.");
+
+    // prepare a faked, unsigned response message that must have a signature
+    // to be valid
+    Message message = new Message();
+    message.addRecord(Record.newRecord(query, Type.A, DClass.IN), Section.QUESTION);
+    message.addRecord(
+        new ARecord(query, Type.A, DClass.IN, InetAddress.getByName(localhost)), Section.ANSWER);
+    add("www.ingotronic.ch./A", message);
+
+    Message response = resolver.send(createMessage("www.ingotronic.ch./A"));
+    assertFalse(response.getHeader().getFlag(Flags.AD), "AD flag must not be set");
+    assertRCode(Rcode.SERVFAIL, response.getRcode());
+    assertEquals("validate.bogus.missingsig", getReason(response));
+    assertEde(ExtendedErrorCodeOption.RRSIGS_MISSING, response);
+  }
+
+  @Test
+  void testModifiedSignature() throws IOException {
+    Name query = Name.fromString("www.ingotronic.ch.");
+
+    // prepare a faked, unsigned response message that must have a signature
+    // to be valid
+    Message message = new Message();
+    message.addRecord(Record.newRecord(query, Type.A, DClass.IN), Section.QUESTION);
+    message.addRecord(
+        new ARecord(query, Type.A, DClass.IN, InetAddress.getByName(localhost)), Section.ANSWER);
+    Instant now = Instant.now();
+    message.addRecord(
+        new RRSIGRecord(
+            query,
+            DClass.IN,
+            0,
+            Type.A,
+            Algorithm.RSASHA256,
+            5,
+            now.plusSeconds(5),
+            now.minusSeconds(5),
+            1234,
+            Name.fromString("ingotronic.ch."),
+            new byte[] {1, 2, 3}),
+        Section.ANSWER);
+    add("www.ingotronic.ch./A", message);
+
+    Message response = resolver.send(createMessage("www.ingotronic.ch./A"));
+    assertFalse(response.getHeader().getFlag(Flags.AD), "AD flag must not be set");
+    assertRCode(Rcode.SERVFAIL, response.getRcode());
+    assertTrue(getReason(response).startsWith("failed.answer.positive:{ www.ingotronic.ch."));
+    assertEde(ExtendedErrorCodeOption.DNSSEC_BOGUS, response);
+  }
+
+  @Test
+  void testReturnServfailIfIntermediateQueryFails() throws IOException {
+    Message message = new Message();
+    message.getHeader().setRcode(Rcode.NOTAUTH);
+    message.addRecord(
+        Record.newRecord(Name.fromString("ch."), Type.DS, DClass.IN), Section.QUESTION);
+    add("ch./DS", message);
+
+    Message response = resolver.send(createMessage("www.ingotronic.ch./A"));
+    assertFalse(response.getHeader().getFlag(Flags.AD), "AD flag must not be set");
+    // rfc4035#section-5.5
+    assertRCode(Rcode.SERVFAIL, response.getRcode());
+    assertEquals("validate.bogus.badkey:ch.:failed.ds.notype:UNKNOWN", getReason(response));
+    assertEde(ExtendedErrorCodeOption.DNSSEC_BOGUS, response);
+  }
+
+  @Test
+  void testReturnOriginalRcodeIfPrimaryQueryFails() throws IOException {
+    Message message = new Message();
+    message.getHeader().setRcode(Rcode.REFUSED);
+    message.addRecord(
+        Record.newRecord(Name.fromString("www.ingotronic.ch."), Type.A, DClass.IN),
+        Section.QUESTION);
+    add("www.ingotronic.ch./A", message);
+
+    Message response = resolver.send(createMessage("www.ingotronic.ch./A"));
+    assertFalse(response.getHeader().getFlag(Flags.AD), "AD flag must not be set");
+    // rfc4035#section-5.5
+    assertRCode(Rcode.REFUSED, response.getRcode());
+    assertEquals("validate.response.unknown:UNKNOWN", getReason(response));
+    assertEde(ExtendedErrorCodeOption.DNSSEC_BOGUS, response);
+  }
+}
diff --git a/src/test/java/org/xbill/DNS/dnssec/TestKeyCache.java b/src/test/java/org/xbill/DNS/dnssec/TestKeyCache.java
new file mode 100644
index 000000000..0befb69b2
--- /dev/null
+++ b/src/test/java/org/xbill/DNS/dnssec/TestKeyCache.java
@@ -0,0 +1,123 @@
+// SPDX-License-Identifier: BSD-3-Clause
+package org.xbill.DNS.dnssec;
+
+import static org.junit.jupiter.api.Assertions.assertEquals;
+import static org.junit.jupiter.api.Assertions.assertNull;
+import static org.mockito.Mockito.mock;
+import static org.mockito.Mockito.when;
+
+import java.time.Clock;
+import java.time.Instant;
+import java.util.Properties;
+import org.junit.jupiter.api.Test;
+import org.xbill.DNS.DClass;
+import org.xbill.DNS.DNSKEYRecord;
+import org.xbill.DNS.DSRecord;
+import org.xbill.DNS.Name;
+import org.xbill.DNS.TextParseException;
+
+class TestKeyCache {
+  @Test
+  void testNullPropertiesDontFail() {
+    KeyCache kc = new KeyCache();
+    kc.init(null);
+    assertNull(kc.find(Name.root, DClass.IN));
+  }
+
+  @Test
+  void testMaxCacheSize() throws TextParseException {
+    Properties p = new Properties();
+    p.put(KeyCache.MAX_CACHE_SIZE_CONFIG, "1");
+    KeyCache kc = new KeyCache();
+    kc.init(p);
+    KeyEntry nkeA = KeyEntry.newNullKeyEntry(Name.fromString("a."), DClass.IN, 60);
+    KeyEntry nkeB = KeyEntry.newNullKeyEntry(Name.fromString("b."), DClass.IN, 60);
+    kc.store(nkeA);
+    kc.store(nkeB);
+    KeyEntry fromCache = kc.find(Name.fromString("a."), DClass.IN);
+    assertNull(fromCache);
+  }
+
+  @Test
+  void testTtlExpiration() throws TextParseException {
+    Clock clock = mock(Clock.class);
+    Instant now = Clock.systemUTC().instant();
+    when(clock.instant()).thenReturn(now);
+    KeyCache kc = new KeyCache(clock);
+    KeyEntry nkeA = KeyEntry.newNullKeyEntry(Name.fromString("a."), DClass.IN, 1);
+    kc.store(nkeA);
+    when(clock.instant()).thenReturn(now.plusSeconds(5));
+    KeyEntry fromCache = kc.find(Name.fromString("a."), DClass.IN);
+    assertNull(fromCache);
+  }
+
+  @Test
+  void testTtlNoLongerThanMaxTtl() throws TextParseException {
+    Properties p = new Properties();
+    p.put(KeyCache.MAX_TTL_CONFIG, "1");
+    Clock clock = mock(Clock.class);
+    Instant now = Clock.systemUTC().instant();
+    when(clock.instant()).thenReturn(now);
+    KeyCache kc = new KeyCache(clock);
+    kc.init(p);
+    KeyEntry nkeA = KeyEntry.newNullKeyEntry(Name.fromString("a."), DClass.IN, 60);
+    kc.store(nkeA);
+    when(clock.instant()).thenReturn(now.plusSeconds(5));
+    KeyEntry fromCache = kc.find(Name.fromString("a."), DClass.IN);
+    assertNull(fromCache);
+  }
+
+  @Test
+  void testPositiveEntryExactMatch() throws TextParseException {
+    KeyCache kc = new KeyCache();
+    KeyEntry nkeA = KeyEntry.newNullKeyEntry(Name.fromString("a.a."), DClass.IN, 60);
+    KeyEntry nkeB = KeyEntry.newNullKeyEntry(Name.fromString("a.b."), DClass.IN, 60);
+    kc.store(nkeA);
+    kc.store(nkeB);
+    KeyEntry fromCache = kc.find(Name.fromString("a.a."), DClass.IN);
+    assertEquals(nkeA, fromCache);
+  }
+
+  @Test
+  void testPositiveEntryEncloserMatch() throws TextParseException {
+    KeyCache kc = new KeyCache();
+    KeyEntry nkeA = KeyEntry.newNullKeyEntry(Name.fromString("a."), DClass.IN, 60);
+    KeyEntry nkeB = KeyEntry.newNullKeyEntry(Name.fromString("b."), DClass.IN, 60);
+    kc.store(nkeA);
+    kc.store(nkeB);
+    KeyEntry fromCache = kc.find(Name.fromString("a.a."), DClass.IN);
+    assertEquals(nkeA, fromCache);
+  }
+
+  @Test
+  void testCacheOnlySecureDNSKEYs() throws TextParseException {
+    KeyCache kc = new KeyCache();
+
+    DNSKEYRecord rA =
+        new DNSKEYRecord(Name.fromString("a."), DClass.IN, 60, 0, 0, 0, new byte[] {0});
+    SRRset setA = new SRRset(rA);
+    setA.setSecurityStatus(SecurityStatus.SECURE);
+    KeyEntry nkeA = KeyEntry.newKeyEntry(setA);
+    kc.store(nkeA);
+
+    DSRecord rB = new DSRecord(Name.fromString("b."), DClass.IN, 60, 0, 0, 0, new byte[] {0});
+    SRRset setB = new SRRset(rB);
+    KeyEntry nkeB = KeyEntry.newKeyEntry(setB);
+    kc.store(nkeB);
+
+    DNSKEYRecord rC =
+        new DNSKEYRecord(Name.fromString("c."), DClass.IN, 60, 0, 0, 0, new byte[] {0});
+    SRRset setC = new SRRset(rC);
+    KeyEntry nkeC = KeyEntry.newKeyEntry(setC);
+    kc.store(nkeC);
+
+    KeyEntry fromCacheA = kc.find(Name.fromString("a."), DClass.IN);
+    assertEquals(nkeA, fromCacheA);
+
+    KeyEntry fromCacheB = kc.find(Name.fromString("b."), DClass.IN);
+    assertNull(fromCacheB);
+
+    KeyEntry fromCacheC = kc.find(Name.fromString("c."), DClass.IN);
+    assertNull(fromCacheC);
+  }
+}
diff --git a/src/test/java/org/xbill/DNS/dnssec/TestKeyCacheUsage.java b/src/test/java/org/xbill/DNS/dnssec/TestKeyCacheUsage.java
new file mode 100644
index 000000000..eebf571d7
--- /dev/null
+++ b/src/test/java/org/xbill/DNS/dnssec/TestKeyCacheUsage.java
@@ -0,0 +1,32 @@
+// SPDX-License-Identifier: BSD-3-Clause
+package org.xbill.DNS.dnssec;
+
+import static org.junit.jupiter.api.Assertions.assertEquals;
+import static org.junit.jupiter.api.Assertions.assertFalse;
+
+import java.io.IOException;
+import org.junit.jupiter.api.Test;
+import org.xbill.DNS.Flags;
+import org.xbill.DNS.Message;
+import org.xbill.DNS.Rcode;
+
+class TestKeyCacheUsage extends TestBase {
+
+  @Test
+  void testUnsigned() throws IOException {
+    Message response = resolver.send(createMessage("www.unsigned.ingotronic.ch./A"));
+    assertFalse(response.getHeader().getFlag(Flags.AD), "AD flag must not be set");
+    assertRCode(Rcode.NOERROR, response.getRcode());
+    assertEquals(localhost, firstA(response));
+    assertEquals("insecure.ds.nsec", getReason(response));
+    assertEde(-1, response);
+
+    // send the query a second time to ensure the cache doesn't create a wrong behavior
+    response = resolver.send(createMessage("www.unsigned.ingotronic.ch./A"));
+    assertFalse(response.getHeader().getFlag(Flags.AD), "AD flag must not be set");
+    assertRCode(Rcode.NOERROR, response.getRcode());
+    assertEquals(localhost, firstA(response));
+    assertEquals("insecure.ds.nsec", getReason(response));
+    assertEde(-1, response);
+  }
+}
diff --git a/src/test/java/org/xbill/DNS/dnssec/TestNSEC3NoData.java b/src/test/java/org/xbill/DNS/dnssec/TestNSEC3NoData.java
new file mode 100644
index 000000000..e1009f243
--- /dev/null
+++ b/src/test/java/org/xbill/DNS/dnssec/TestNSEC3NoData.java
@@ -0,0 +1,113 @@
+// SPDX-License-Identifier: BSD-3-Clause
+package org.xbill.DNS.dnssec;
+
+import static org.junit.jupiter.api.Assertions.assertFalse;
+import static org.junit.jupiter.api.Assertions.assertNull;
+import static org.junit.jupiter.api.Assertions.assertTrue;
+
+import java.io.IOException;
+import org.junit.jupiter.api.Test;
+import org.junit.jupiter.params.ParameterizedTest;
+import org.junit.jupiter.params.provider.CsvSource;
+import org.xbill.DNS.ExtendedErrorCodeOption;
+import org.xbill.DNS.Flags;
+import org.xbill.DNS.Message;
+import org.xbill.DNS.RRset;
+import org.xbill.DNS.Rcode;
+
+class TestNSEC3NoData extends TestBase {
+  @ParameterizedTest(name = "testNodataNsec3_{index}")
+  @CsvSource({
+    "www.nsec3.ingotronic.ch./MX,DNSSEC_BOGUS",
+    // get NSEC3 hashed whose name is sub.nsec3.ingotronic.ch. from the nsec3.ingotronic.ch.
+    // then return NODATA for the following query, "proofed" by the NSEC3 from the parent
+    "sub.nsec3.ingotronic.ch./A,DNSSEC_BOGUS",
+    // get NSEC3 hashed whose name is sub.nsec3.ingotronic.ch. from the sub.nsec3.ingotronic.ch.
+    // then return NODATA for the following query, "proofed" by the NSEC3 from the child
+    "sub.nsec3.ingotronic.ch./DS,DNSSEC_BOGUS",
+    // rfc5155#section-7.2.4
+    // response does not contain next closer NSEC3, thus bogus
+    "a.unsigned.nsec3.ingotronic.ch./DS,NSEC_MISSING",
+  })
+  @AlwaysOffline
+  void testNodataNsec3(String query, String ede) throws IOException {
+    Message response = resolver.send(createMessage(query));
+    assertFalse(response.getHeader().getFlag(Flags.AD), "AD flag must not be set");
+    assertRCode(Rcode.SERVFAIL, response.getRcode());
+    assertTrue(getReason(response).startsWith("failed.nodata"));
+    assertEde(ExtendedErrorCodeOption.code(ede), response);
+  }
+
+  @Test
+  @AlwaysOffline
+  void testNodataApexNsec3ProofInsecureDelegation() throws IOException {
+    // get NSEC3 hashed whose name is sub.nsec3.ingotronic.ch. from the nsec3.ingotronic.ch. zone
+    // then return NODATA for the following query, "proofed" by the NSEC3 from the parent
+    // which has the DS flag removed, effectively making the reply insecure
+    Message response = resolver.send(createMessage("sub.nsec3.ingotronic.ch./A"));
+    assertFalse(response.getHeader().getFlag(Flags.AD), "AD flag must not be set");
+    assertRCode(Rcode.NOERROR, response.getRcode());
+    assertNull(getReason(response));
+    assertEde(-1, response);
+  }
+
+  @Test
+  @AlwaysOffline
+  void testNodataApexNsec3WithSOAValid() throws IOException {
+    // get NSEC3 hashed whose name is sub.nsec3.ingotronic.ch. from the nsec3.ingotronic.ch.
+    // then return NODATA for the following query, "proofed" by the NSEC3 from the parent
+    Message response = resolver.send(createMessage("sub.nsec3.ingotronic.ch./A"));
+    assertTrue(response.getHeader().getFlag(Flags.AD), "AD flag must be set");
+    assertRCode(Rcode.NOERROR, response.getRcode());
+    assertNull(getReason(response));
+    assertEde(-1, response);
+  }
+
+  @Test
+  @AlwaysOffline
+  void testNoDSProofCanExistForRoot() throws IOException {
+    // ./DS can exist
+    resolver.getTrustAnchors().clear();
+    resolver
+        .getTrustAnchors()
+        .store(
+            new SRRset(
+                new RRset(
+                    toRecord(
+                        ".           300 IN  DS  16758 7 1 EC88DF5E2902FD4AB9E9C246BEEA9B822BD7BCF7"))));
+    Message response = resolver.send(createMessage("./DS"));
+    assertTrue(response.getHeader().getFlag(Flags.AD), "AD flag must be set");
+    assertRCode(Rcode.NOERROR, response.getRcode());
+    assertNull(getReason(response));
+    assertEde(-1, response);
+  }
+
+  @Test
+  @AlwaysOffline
+  void testNodataNsec3ForDSMustNotHaveSOA() throws IOException {
+    // bogus./DS cannot coexist with bogus./SOA
+    resolver.getTrustAnchors().clear();
+    resolver
+        .getTrustAnchors()
+        .store(
+            new SRRset(
+                new RRset(
+                    toRecord(
+                        "bogus.           300 IN  DS  16758 7 1 A5D56841416AB42DC39629E42D12C98B0E94232A"))));
+    Message response = resolver.send(createMessage("bogus./DS"));
+    assertTrue(response.getHeader().getFlag(Flags.AD), "AD flag must be set");
+    assertRCode(Rcode.NOERROR, response.getRcode());
+    assertNull(getReason(response));
+    assertEde(-1, response);
+  }
+
+  @Test
+  @AlwaysOffline
+  void testNsec3ClosestEncloserIsInsecureDelegation() throws IOException {
+    Message response = resolver.send(createMessage("a.unsigned.nsec3.ingotronic.ch./A"));
+    assertFalse(response.getHeader().getFlag(Flags.AD), "AD flag must not be set");
+    assertRCode(Rcode.NOERROR, response.getRcode());
+    assertNull(getReason(response));
+    assertEde(-1, response);
+  }
+}
diff --git a/src/test/java/org/xbill/DNS/dnssec/TestNoData.java b/src/test/java/org/xbill/DNS/dnssec/TestNoData.java
new file mode 100644
index 000000000..29944832c
--- /dev/null
+++ b/src/test/java/org/xbill/DNS/dnssec/TestNoData.java
@@ -0,0 +1,41 @@
+// SPDX-License-Identifier: BSD-3-Clause
+package org.xbill.DNS.dnssec;
+
+import static org.junit.jupiter.api.Assertions.assertFalse;
+import static org.junit.jupiter.api.Assertions.assertTrue;
+
+import java.io.IOException;
+import org.junit.jupiter.api.Test;
+import org.xbill.DNS.ExtendedErrorCodeOption;
+import org.xbill.DNS.Flags;
+import org.xbill.DNS.Message;
+import org.xbill.DNS.Rcode;
+
+class TestNoData extends TestBase {
+  @Test
+  void testFakedNoDataNsec3WithoutNsecs() throws IOException {
+    Message m = resolver.send(createMessage("www.nsec3.ingotronic.ch./A"));
+    Message message =
+        messageFromString(m.toString().replaceAll("www\\.nsec3\\.ingotronic\\.ch\\.\\s+.*", ""));
+    add("www.nsec3.ingotronic.ch./A", message);
+
+    Message response = resolver.send(createMessage("www.nsec3.ingotronic.ch./A"));
+    assertFalse(response.getHeader().getFlag(Flags.AD), "AD flag must not be set");
+    assertRCode(Rcode.SERVFAIL, response.getRcode());
+    assertTrue(getReason(response).startsWith("failed.nodata"));
+    assertEde(ExtendedErrorCodeOption.NSEC_MISSING, response);
+  }
+
+  @Test
+  void testFakedNoDataNsec3WithNsecs() throws IOException {
+    Message m = resolver.send(createMessage("www.nsec3.ingotronic.ch./MX"));
+    Message message = messageFromString(m.toString().replaceAll("type = MX", "type = A"));
+    add("www.nsec3.ingotronic.ch./A", message);
+
+    Message response = resolver.send(createMessage("www.nsec3.ingotronic.ch./A"));
+    assertFalse(response.getHeader().getFlag(Flags.AD), "AD flag must not be set");
+    assertRCode(Rcode.SERVFAIL, response.getRcode());
+    assertTrue(getReason(response).startsWith("failed.nodata"));
+    assertEde(ExtendedErrorCodeOption.DNSSEC_BOGUS, response);
+  }
+}
diff --git a/src/test/java/org/xbill/DNS/dnssec/TestNonExistence.java b/src/test/java/org/xbill/DNS/dnssec/TestNonExistence.java
new file mode 100644
index 000000000..5bf409c24
--- /dev/null
+++ b/src/test/java/org/xbill/DNS/dnssec/TestNonExistence.java
@@ -0,0 +1,118 @@
+// SPDX-License-Identifier: BSD-3-Clause
+package org.xbill.DNS.dnssec;
+
+import static org.junit.jupiter.api.Assertions.assertEquals;
+import static org.junit.jupiter.api.Assertions.assertFalse;
+import static org.junit.jupiter.api.Assertions.assertNull;
+import static org.junit.jupiter.api.Assertions.assertTrue;
+
+import java.io.IOException;
+import org.junit.jupiter.api.Test;
+import org.junit.jupiter.params.ParameterizedTest;
+import org.junit.jupiter.params.provider.ValueSource;
+import org.xbill.DNS.ExtendedErrorCodeOption;
+import org.xbill.DNS.Flags;
+import org.xbill.DNS.Message;
+import org.xbill.DNS.Rcode;
+import org.xbill.DNS.Section;
+
+class TestNonExistence extends TestBase {
+  @ParameterizedTest(name = "testNonExisting_{index}")
+  @ValueSource(
+      strings = {
+        "gibtsnicht",
+        "gibtsnicht.ingotronic.ch",
+        "gibtsnicht.nsec3.ingotronic.ch",
+        "gibtsnicht.gibtsnicht.ingotronic.ch",
+        "gibtsnicht.gibtsnicht.nsec3.ingotronic.ch"
+      })
+  void testNonExisting(String param) throws IOException {
+    Message response = resolver.send(createMessage(param + "./A"));
+    assertTrue(response.getHeader().getFlag(Flags.AD), "AD flag must be set");
+    assertRCode(Rcode.NXDOMAIN, response.getRcode());
+    assertNull(getReason(response));
+    assertEde(-1, response);
+  }
+
+  @Test
+  void testDoubleLabelABelowSignedNsec3MissingNsec3() throws IOException {
+    Message m = resolver.send(createMessage("gibtsnicht.gibtsnicht.nsec3.ingotronic.ch./A"));
+    Message message =
+        messageFromString(m.toString().replaceAll("L40.+nsec3\\.ingotronic\\.ch\\.\\s+300.*", ""));
+    add("gibtsnicht.gibtsnicht.nsec3.ingotronic.ch./A", message);
+
+    Message response = resolver.send(createMessage("gibtsnicht.gibtsnicht.nsec3.ingotronic.ch./A"));
+    assertFalse(response.getHeader().getFlag(Flags.AD), "AD flag must not be set");
+    assertRCode(Rcode.SERVFAIL, response.getRcode());
+    assertEquals("failed.nxdomain.nsec3_bogus", getReason(response));
+    assertEde(ExtendedErrorCodeOption.DNSSEC_BOGUS, response);
+  }
+
+  @Test
+  void testDoubleLabelABelowSignedBeforeZoneNsec3() throws IOException {
+    // the query name here must hash to a name BEFORE the first existing
+    // NSEC3 owner name
+    Message response = resolver.send(createMessage("alias.1gibtsnicht.nsec3.ingotronic.ch./A"));
+    assertTrue(response.getHeader().getFlag(Flags.AD), "AD flag must be set");
+    assertRCode(Rcode.NXDOMAIN, response.getRcode());
+    assertNull(getReason(response));
+    assertEde(-1, response);
+  }
+
+  @ParameterizedTest(name = "testSignedNodata_{index}")
+  @ValueSource(
+      strings = {
+        "www.ingotronic.ch",
+        "www.nsec3.ingotronic.ch",
+        "a.b.ingotronic.ch",
+        "a.b.nsec3.ingotronic.ch",
+        "b.d.ingotronic.ch",
+        "b.d.nsec3.ingotronic.ch",
+      })
+  void testSignedNodata(String param) throws IOException {
+    Message response = resolver.send(createMessage(param + "./MX"));
+    assertTrue(response.getHeader().getFlag(Flags.AD), "AD flag must be set");
+    assertTrue(response.getSectionRRsets(Section.ANSWER).isEmpty());
+    assertRCode(Rcode.NOERROR, response.getRcode());
+    assertNull(getReason(response));
+    assertEde(-1, response);
+  }
+
+  @Test
+  void testNxDomainWithInvalidNsecSignature() throws IOException {
+    Message m = resolver.send(createMessage("x.ingotronic.ch./A"));
+    Message message =
+        messageFromString(
+            m.toString().replaceAll("(.*\\sRRSIG\\sNSEC\\s(\\d+\\s+){6}.*\\.)(.*)", "$1 YXNkZg=="));
+    add("x.ingotronic.ch./A", message);
+
+    Message response = resolver.send(createMessage("x.ingotronic.ch./A"));
+    assertFalse(response.getHeader().getFlag(Flags.AD), "AD flag must not be set");
+    assertRCode(Rcode.SERVFAIL, response.getRcode());
+    assertTrue(getReason(response).startsWith("failed.nxdomain.authority"));
+    assertEde(ExtendedErrorCodeOption.DNSSEC_BOGUS, response);
+  }
+
+  @Test
+  void testNoDataWithInvalidNsecSignature() throws IOException {
+    Message m = resolver.send(createMessage("www.ingotronic.ch./MX"));
+    Message message =
+        messageFromString(
+            m.toString().replaceAll("(.*\\sRRSIG\\sNSEC\\s(\\d+\\s+){6}.*\\.)(.*)", "$1 YXNkZg=="));
+    add("www.ingotronic.ch./MX", message);
+
+    Message response = resolver.send(createMessage("www.ingotronic.ch./MX"));
+    assertFalse(response.getHeader().getFlag(Flags.AD), "AD flag must not be set");
+    assertRCode(Rcode.SERVFAIL, response.getRcode());
+    assertTrue(getReason(response).startsWith("failed.authority.nodata"));
+    assertEde(ExtendedErrorCodeOption.DNSSEC_BOGUS, response);
+  }
+
+  @Test
+  void testNoDataOnENT() throws IOException {
+    Message response = resolver.send(createMessage("b.ingotronic.ch./A"));
+    assertTrue(response.getHeader().getFlag(Flags.AD), "AD flag must be set");
+    assertRCode(Rcode.NOERROR, response.getRcode());
+    assertEde(-1, response);
+  }
+}
diff --git a/src/test/java/org/xbill/DNS/dnssec/TestNormallyUnreachableCode.java b/src/test/java/org/xbill/DNS/dnssec/TestNormallyUnreachableCode.java
new file mode 100644
index 000000000..8b5cb4263
--- /dev/null
+++ b/src/test/java/org/xbill/DNS/dnssec/TestNormallyUnreachableCode.java
@@ -0,0 +1,73 @@
+// SPDX-License-Identifier: BSD-3-Clause
+package org.xbill.DNS.dnssec;
+
+import static org.junit.jupiter.api.Assertions.assertEquals;
+
+import java.net.InetAddress;
+import java.net.UnknownHostException;
+import java.time.Instant;
+import org.junit.jupiter.api.BeforeEach;
+import org.junit.jupiter.api.Test;
+import org.xbill.DNS.ARecord;
+import org.xbill.DNS.DClass;
+import org.xbill.DNS.ExtendedErrorCodeOption;
+import org.xbill.DNS.Message;
+import org.xbill.DNS.Name;
+import org.xbill.DNS.OPTRecord;
+import org.xbill.DNS.Record;
+import org.xbill.DNS.Section;
+import org.xbill.DNS.Type;
+
+/**
+ * These test run checks that are unable to occur during actual validations.
+ *
+ * @author Ingo Bauersachs
+ */
+class TestNormallyUnreachableCode {
+  private InetAddress localhost;
+
+  @BeforeEach
+  void setUp() throws UnknownHostException {
+    localhost = InetAddress.getByAddress(new byte[] {127, 0, 0, 1});
+  }
+
+  @Test
+  void testVerifyWithoutSignaturesIsBogus() {
+    DnsSecVerifier verifier = new DnsSecVerifier(new ValUtils());
+    ARecord aRecord = new ARecord(Name.root, DClass.IN, 120, localhost);
+    SRRset set = new SRRset();
+    set.addRR(aRecord);
+    KeyEntry keys = KeyEntry.newKeyEntry(new SRRset());
+    JustifiedSecStatus res = verifier.verify(set, keys, Instant.now());
+    assertEquals(SecurityStatus.BOGUS, res.status);
+    assertEquals(ExtendedErrorCodeOption.RRSIGS_MISSING, res.edeReason);
+  }
+
+  @Test
+  void useAllEnumCode() {
+    assertEquals(
+        SecurityStatus.UNCHECKED, SecurityStatus.valueOf(SecurityStatus.values()[0].toString()));
+    assertEquals(
+        ResponseClassification.UNKNOWN,
+        ResponseClassification.valueOf(ResponseClassification.values()[0].toString()));
+  }
+
+  @Test
+  void testSmessageReturnsOptRecordOfOriginal() {
+    int xrcode = 0xFED;
+    Message m = Message.newQuery(Record.newRecord(Name.root, Type.NS, DClass.IN));
+    m.getHeader().setRcode(xrcode & 0xF);
+    m.addRecord(new OPTRecord(1, xrcode >> 4, 1), Section.ADDITIONAL);
+    SMessage sm = new SMessage(m);
+    assertEquals(m.toString(), sm.getMessage().toString());
+    assertEquals(xrcode, sm.getRcode());
+  }
+
+  @Test
+  void testCopyMessageWithoutQuestion() {
+    Message m = new Message();
+    m.addRecord(new ARecord(Name.root, DClass.IN, 120, localhost), Section.ANSWER);
+    SMessage sm = new SMessage(m);
+    assertEquals(m.toString(), sm.getMessage().toString());
+  }
+}
diff --git a/src/test/java/org/xbill/DNS/dnssec/TestNsec3ValUtils.java b/src/test/java/org/xbill/DNS/dnssec/TestNsec3ValUtils.java
new file mode 100644
index 000000000..f9bd38347
--- /dev/null
+++ b/src/test/java/org/xbill/DNS/dnssec/TestNsec3ValUtils.java
@@ -0,0 +1,142 @@
+// SPDX-License-Identifier: BSD-3-Clause
+package org.xbill.DNS.dnssec;
+
+import static org.junit.jupiter.api.Assertions.assertEquals;
+import static org.junit.jupiter.api.Assertions.assertFalse;
+import static org.junit.jupiter.api.Assertions.assertThrows;
+import static org.junit.jupiter.api.Assertions.assertTrue;
+
+import java.io.IOException;
+import java.security.Provider;
+import java.security.Security;
+import java.util.Properties;
+import org.junit.jupiter.api.Assumptions;
+import org.junit.jupiter.api.Test;
+import org.xbill.DNS.ExtendedErrorCodeOption;
+import org.xbill.DNS.Flags;
+import org.xbill.DNS.Message;
+import org.xbill.DNS.RRSIGRecord;
+import org.xbill.DNS.RRset;
+import org.xbill.DNS.Rcode;
+import org.xbill.DNS.Record;
+import org.xbill.DNS.Section;
+
+class TestNsec3ValUtils extends TestBase {
+  @Test
+  void testTooLargeIterationCountMustThrow() {
+    Properties config = new Properties();
+    config.put("dnsjava.dnssec.nsec3.iterations.512", Integer.MAX_VALUE);
+    NSEC3ValUtils val = new NSEC3ValUtils();
+    assertThrows(IllegalArgumentException.class, () -> val.init(config));
+  }
+
+  @Test
+  void testInvalidIterationCountMarksInsecure() throws IOException {
+    Properties config = new Properties();
+    config.put("dnsjava.dnssec.nsec3.iterations.1024", 0);
+    config.put("dnsjava.dnssec.nsec3.iterations.2048", 0);
+    config.put("dnsjava.dnssec.nsec3.iterations.4096", 0);
+    resolver.init(config);
+
+    Message response = resolver.send(createMessage("www.wc.nsec3.ingotronic.ch./A"));
+    assertFalse(response.getHeader().getFlag(Flags.AD), "AD flag must not be set");
+    assertRCode(Rcode.NOERROR, response.getRcode());
+    assertEquals("failed.nsec3_ignored", getReason(response));
+    assertEde(-1, response);
+  }
+
+  @Test
+  void testNsec3WithoutClosestEncloser() throws IOException {
+    Message m = resolver.send(createMessage("gibtsnicht.gibtsnicht.nsec3.ingotronic.ch./A"));
+    Message message =
+        messageFromString(
+            m.toString()
+                .replaceAll(
+                    "((UDUMPS9J6F8348HFHH2FAED6I9DDE0U6)|(NTV3QJT4VQDVBPB6BNOVM40NMKJ3H29P))\\.nsec3.*",
+                    ""));
+    add("gibtsnicht.gibtsnicht.nsec3.ingotronic.ch./A", message);
+
+    Message response = resolver.send(createMessage("gibtsnicht.gibtsnicht.nsec3.ingotronic.ch./A"));
+    assertFalse(response.getHeader().getFlag(Flags.AD), "AD flag must not be set");
+    assertRCode(Rcode.SERVFAIL, response.getRcode());
+    assertEquals("failed.nxdomain.nsec3_bogus", getReason(response));
+    assertEde(ExtendedErrorCodeOption.DNSSEC_BOGUS, response);
+  }
+
+  @Test
+  void testNsec3NodataChangedToNxdomainIsBogus() throws IOException {
+    Message m = resolver.send(createMessage("a.b.nsec3.ingotronic.ch./MX"));
+    Message message =
+        messageFromString(m.toString().replaceAll("status: NOERROR", "status: NXDOMAIN"));
+    add("a.b.nsec3.ingotronic.ch./A", message);
+
+    Message response = resolver.send(createMessage("a.b.nsec3.ingotronic.ch./A"));
+    assertFalse(response.getHeader().getFlag(Flags.AD), "AD flag must not be set");
+    assertRCode(Rcode.SERVFAIL, response.getRcode());
+    assertEquals("failed.nxdomain.nsec3_bogus", getReason(response));
+    assertEde(ExtendedErrorCodeOption.DNSSEC_BOGUS, response);
+  }
+
+  @Test
+  void testNsec3ClosestEncloserIsDelegation() throws IOException {
+    // hash(n=9.nsec3.ingotronic.ch.,it=10,s=1234)=6jl2t4i2bb7eilloi8mdhbf3uqjgvu4s
+    Message cem = resolver.send(createMessage("9.nsec3.ingotronic.ch./A"));
+    Record delegationNsec = null;
+    RRSIGRecord delegationNsecSig = null;
+    for (RRset set : cem.getSectionRRsets(Section.AUTHORITY)) {
+      // hash(n=sub.nsec3.ingotronic.ch.,it=10,s=1234)=5RFQOLI81S6LKQTUG5HLI19UVJNKUL3H
+      if (set.getName().toString().startsWith("5RFQOLI81S6LKQTUG5HLI19UVJNKUL3H")) {
+        delegationNsec = set.first();
+        delegationNsecSig = set.sigs().get(0);
+        break;
+      }
+    }
+
+    Message m = resolver.send(createMessage("a.sub.nsec3.ingotronic.ch./A"));
+    String temp = m.toString().replaceAll("^sub\\.nsec3.*", "");
+    // hash(n=sub.nsec3.ingotronic.ch.,it=11,s=4321)=8N8QLBCUIH7R2BG7DMCJ5AEE63K4KVUA
+    temp = temp.replaceAll("8N8QLBCUIH7R2BG7DMCJ5AEE63K4KVUA.*", "");
+    Message message = messageFromString(temp);
+    message.addRecord(delegationNsec, Section.AUTHORITY);
+    message.addRecord(delegationNsecSig, Section.AUTHORITY);
+    add("a.sub.nsec3.ingotronic.ch./A", message);
+
+    Message response = resolver.send(createMessage("a.sub.nsec3.ingotronic.ch./A"));
+    assertFalse(response.getHeader().getFlag(Flags.AD), "AD flag must not be set");
+    assertRCode(Rcode.SERVFAIL, response.getRcode());
+    assertEquals("failed.nxdomain.nsec3_bogus", getReason(response));
+    assertEde(ExtendedErrorCodeOption.DNSSEC_BOGUS, response);
+  }
+
+  @Test
+  @AlwaysOffline
+  void testNsec3ClosestEncloserIsInsecureDelegation() throws IOException {
+    Message response = resolver.send(createMessage("a.unsigned.nsec3.ingotronic.ch./A"));
+    assertFalse(response.getHeader().getFlag(Flags.AD), "AD flag must not be set");
+    assertRCode(Rcode.NXDOMAIN, response.getRcode());
+    assertEquals("failed.nxdomain.nsec3_insecure", getReason(response));
+    assertEde(-1, response);
+  }
+
+  @Test
+  void testNsecEcdsa256() throws IOException {
+    Provider[] providers = Security.getProviders("KeyFactory.EC");
+    Assumptions.assumeTrue(providers != null && providers.length > 0);
+
+    Message response = resolver.send(createMessage("www.wc.nsec3-ecdsa256.ingotronic.ch./A"));
+    assertTrue(response.getHeader().getFlag(Flags.AD), "AD flag must be set");
+    assertRCode(Rcode.NOERROR, response.getRcode());
+    assertEde(-1, response);
+  }
+
+  @Test
+  void testNsecEcdsa384() throws IOException {
+    Provider[] providers = Security.getProviders("KeyFactory.EC");
+    Assumptions.assumeTrue(providers != null && providers.length > 0);
+
+    Message response = resolver.send(createMessage("www.wc.nsec3-ecdsa384.ingotronic.ch./A"));
+    assertTrue(response.getHeader().getFlag(Flags.AD), "AD flag must be set");
+    assertRCode(Rcode.NOERROR, response.getRcode());
+    assertEde(-1, response);
+  }
+}
diff --git a/src/test/java/org/xbill/DNS/dnssec/TestNsec3ValUtilsPublicKeyLoading.java b/src/test/java/org/xbill/DNS/dnssec/TestNsec3ValUtilsPublicKeyLoading.java
new file mode 100644
index 000000000..c5fe6e5e4
--- /dev/null
+++ b/src/test/java/org/xbill/DNS/dnssec/TestNsec3ValUtilsPublicKeyLoading.java
@@ -0,0 +1,78 @@
+// SPDX-License-Identifier: BSD-3-Clause
+package org.xbill.DNS.dnssec;
+
+import static org.junit.jupiter.api.Assertions.assertEquals;
+import static org.junit.jupiter.api.Assertions.assertFalse;
+import static org.mockito.Mockito.doAnswer;
+import static org.mockito.Mockito.spy;
+
+import java.lang.reflect.Constructor;
+import java.lang.reflect.InvocationTargetException;
+import java.security.PublicKey;
+import java.util.concurrent.atomic.AtomicInteger;
+import org.junit.jupiter.api.Test;
+import org.mockito.stubbing.Answer;
+import org.xbill.DNS.DNSKEYRecord;
+import org.xbill.DNS.DNSSEC.DNSSECException;
+import org.xbill.DNS.Flags;
+import org.xbill.DNS.Message;
+import org.xbill.DNS.Name;
+import org.xbill.DNS.Rcode;
+import org.xbill.DNS.Type;
+
+class TestNsec3ValUtilsPublicKeyLoading extends TestBase {
+  @Test
+  @PrepareMocks("prepareTestPublicKeyLoadingException")
+  void testPublicKeyLoadingException() throws Exception {
+    try {
+      Message response = resolver.send(createMessage("www.wc.nsec3.ingotronic.ch./A"));
+      assertFalse(response.getHeader().getFlag(Flags.AD), "AD flag must not be set");
+      assertRCode(Rcode.NOERROR, response.getRcode());
+      assertEquals("failed.nsec3_ignored", getReason(response));
+    } finally {
+      Type.register(Type.DNSKEY, Type.string(Type.DNSKEY), () -> spy(DNSKEYRecord.class));
+    }
+  }
+
+  void prepareTestPublicKeyLoadingException() {
+    Name fakeName = Name.fromConstantString("nsec3.ingotronic.ch.");
+    Type.register(
+        Type.DNSKEY,
+        Type.string(Type.DNSKEY),
+        () -> {
+          DNSKEYRecord throwingDnskey = spy(DNSKEYRecord.class);
+          AtomicInteger invocationCount = new AtomicInteger(0);
+          try {
+            doAnswer(
+                    (Answer<PublicKey>)
+                        a -> {
+                          if (((DNSKEYRecord) a.getMock()).getName().equals(fakeName)) {
+                            if (invocationCount.getAndIncrement() == 4) {
+                              throwDnssecException();
+                            }
+                            return (PublicKey) a.callRealMethod();
+                          }
+                          return (PublicKey) a.callRealMethod();
+                        })
+                .when(throwingDnskey)
+                .getPublicKey();
+          } catch (DNSSECException e) {
+            throw new RuntimeException(e);
+          }
+          return throwingDnskey;
+        });
+  }
+
+  private void throwDnssecException() throws DNSSECException {
+    try {
+      Constructor<DNSSECException> c = DNSSECException.class.getDeclaredConstructor(String.class);
+      c.setAccessible(true);
+      throw c.newInstance("mock-text");
+    } catch (NoSuchMethodException
+        | IllegalAccessException
+        | InvocationTargetException
+        | InstantiationException e) {
+      throw new RuntimeException(e);
+    }
+  }
+}
diff --git a/src/test/java/org/xbill/DNS/dnssec/TestPartiallyInvalid.java b/src/test/java/org/xbill/DNS/dnssec/TestPartiallyInvalid.java
new file mode 100644
index 000000000..74a3f1658
--- /dev/null
+++ b/src/test/java/org/xbill/DNS/dnssec/TestPartiallyInvalid.java
@@ -0,0 +1,43 @@
+// SPDX-License-Identifier: BSD-3-Clause
+package org.xbill.DNS.dnssec;
+
+import static org.junit.jupiter.api.Assertions.assertEquals;
+import static org.junit.jupiter.api.Assertions.assertNull;
+import static org.junit.jupiter.api.Assertions.assertTrue;
+
+import java.io.IOException;
+import org.junit.jupiter.api.Test;
+import org.xbill.DNS.Flags;
+import org.xbill.DNS.Message;
+import org.xbill.DNS.Rcode;
+
+class TestPartiallyInvalid extends TestBase {
+  @Test
+  void testValidExising() throws IOException {
+    Message response = resolver.send(createMessage("www.partial.ingotronic.ch./A"));
+    assertTrue(response.getHeader().getFlag(Flags.AD), "AD flag must be set");
+    assertRCode(Rcode.NOERROR, response.getRcode());
+    assertEquals(localhost, firstA(response));
+    assertNull(getReason(response));
+    assertEde(-1, response);
+  }
+
+  @Test
+  void testValidExisingNoType() throws IOException {
+    Message response = resolver.send(createMessage("www.partial.ingotronic.ch./MX"));
+    assertTrue(response.getHeader().getFlag(Flags.AD), "AD flag must be set");
+    assertRCode(Rcode.NOERROR, response.getRcode());
+    assertTrue(isEmptyAnswer(response));
+    assertNull(getReason(response));
+    assertEde(-1, response);
+  }
+
+  @Test
+  void testValidNonExising() throws IOException {
+    Message response = resolver.send(createMessage("www.gibtsnicht.partial.ingotronic.ch./A"));
+    assertTrue(response.getHeader().getFlag(Flags.AD), "AD flag must be set");
+    assertRCode(Rcode.NXDOMAIN, response.getRcode());
+    assertNull(getReason(response));
+    assertEde(-1, response);
+  }
+}
diff --git a/src/test/java/org/xbill/DNS/dnssec/TestPositive.java b/src/test/java/org/xbill/DNS/dnssec/TestPositive.java
new file mode 100644
index 000000000..4973edd29
--- /dev/null
+++ b/src/test/java/org/xbill/DNS/dnssec/TestPositive.java
@@ -0,0 +1,79 @@
+// SPDX-License-Identifier: BSD-3-Clause
+package org.xbill.DNS.dnssec;
+
+import static org.junit.jupiter.api.Assertions.assertEquals;
+import static org.junit.jupiter.api.Assertions.assertFalse;
+import static org.junit.jupiter.api.Assertions.assertNull;
+import static org.junit.jupiter.api.Assertions.assertTrue;
+
+import java.io.IOException;
+import org.junit.jupiter.api.Test;
+import org.xbill.DNS.DClass;
+import org.xbill.DNS.ExtendedErrorCodeOption;
+import org.xbill.DNS.Flags;
+import org.xbill.DNS.MXRecord;
+import org.xbill.DNS.Message;
+import org.xbill.DNS.Name;
+import org.xbill.DNS.Rcode;
+import org.xbill.DNS.Section;
+
+class TestPositive extends TestBase {
+  @Test
+  void testValidExising() throws IOException {
+    Message response = resolver.send(createMessage("www.ingotronic.ch./A"));
+    assertTrue(response.getHeader().getFlag(Flags.AD), "AD flag must be set");
+    assertRCode(Rcode.NOERROR, response.getRcode());
+    assertEquals(localhost, firstA(response));
+    assertNull(getReason(response));
+    assertEde(-1, response);
+  }
+
+  @Test
+  void testValidNonExising() throws IOException {
+    Message response = resolver.send(createMessage("ingotronic.ch./ANY"));
+    assertTrue(response.getHeader().getFlag(Flags.AD), "AD flag must be set");
+    assertRCode(Rcode.NOERROR, response.getRcode());
+    assertNull(getReason(response));
+    assertEde(-1, response);
+  }
+
+  @Test
+  void testValidAnswerToDifferentQueryTypeIsBogus() throws IOException {
+    // Fetch a regular 'A' response, then replace the query with MX
+    Message m = resolver.send(createMessage("www.ingotronic.ch./A"));
+    m.removeAllRecords(Section.QUESTION);
+    m.addRecord(
+        new MXRecord(
+            Name.fromConstantString("www.ingotronic.ch."),
+            DClass.IN,
+            3600,
+            0,
+            Name.fromConstantString("www.ingotronic.ch.")),
+        Section.QUESTION);
+
+    // Assert that this results in bogus nodata/nsec missing after message normalization
+    add("www.ingotronic.ch./A", m);
+    Message response = resolver.send(createMessage("www.ingotronic.ch./A"));
+    assertFalse(response.getHeader().getFlag(Flags.AD), "AD flag must not be set");
+    assertRCode(Rcode.SERVFAIL, response.getRcode());
+    assertEquals("failed.nodata", getReason(response));
+    assertEde(ExtendedErrorCodeOption.NSEC_MISSING, response);
+  }
+
+  @Test
+  void testCDonQueryDoesntDoAnything() throws IOException {
+    Message m = resolver.send(createMessage("www.ingotronic.ch./A"));
+    Message message =
+        messageFromString(
+            m.toString().replaceAll("(.*\\sRRSIG\\s+A\\s(\\d+\\s+){6}.*\\.)(.*)", "$1 YXNkZg=="));
+    add("www.ingotronic.ch./A", message);
+
+    Message query = createMessage("www.ingotronic.ch./A");
+    query.getHeader().setFlag(Flags.CD);
+    Message response = resolver.send(query);
+    assertFalse(response.getHeader().getFlag(Flags.AD), "AD flag must not be set");
+    assertRCode(Rcode.NOERROR, response.getRcode());
+    assertNull(getReason(response));
+    assertEde(-1, response);
+  }
+}
diff --git a/src/test/java/org/xbill/DNS/dnssec/TestPriming.java b/src/test/java/org/xbill/DNS/dnssec/TestPriming.java
new file mode 100644
index 000000000..80a7ee131
--- /dev/null
+++ b/src/test/java/org/xbill/DNS/dnssec/TestPriming.java
@@ -0,0 +1,261 @@
+// SPDX-License-Identifier: BSD-3-Clause
+package org.xbill.DNS.dnssec;
+
+import static org.junit.jupiter.api.Assertions.assertEquals;
+import static org.junit.jupiter.api.Assertions.assertFalse;
+import static org.mockito.Mockito.spy;
+import static org.mockito.Mockito.when;
+
+import java.io.IOException;
+import java.security.MessageDigestSpi;
+import java.security.Provider;
+import java.security.Security;
+import org.junit.jupiter.api.Test;
+import org.xbill.DNS.DClass;
+import org.xbill.DNS.DNSKEYRecord;
+import org.xbill.DNS.ExtendedErrorCodeOption;
+import org.xbill.DNS.Flags;
+import org.xbill.DNS.Message;
+import org.xbill.DNS.Name;
+import org.xbill.DNS.RRset;
+import org.xbill.DNS.Rcode;
+import org.xbill.DNS.Record;
+import org.xbill.DNS.Section;
+import org.xbill.DNS.Type;
+
+class TestPriming extends TestBase {
+  @Test
+  void testDnskeyPrimeResponseWithEmptyAnswerIsBad() throws IOException {
+    Message message = new Message();
+    message.addRecord(Record.newRecord(Name.root, Type.DNSKEY, DClass.IN), Section.QUESTION);
+    add("./DNSKEY", message);
+
+    Message response = resolver.send(createMessage("www.ingotronic.ch./A"));
+    assertFalse(response.getHeader().getFlag(Flags.AD), "AD flag must not be set");
+    assertRCode(Rcode.SERVFAIL, response.getRcode());
+    assertEquals("validate.bogus.badkey:.:dnskey.no_rrset:.", getReason(response));
+    assertEde(ExtendedErrorCodeOption.DNSKEY_MISSING, response);
+  }
+
+  @Test
+  void testRootDnskeyPrimeResponseWithNxDomainIsBad() throws IOException {
+    Message message = new Message();
+    message.addRecord(Record.newRecord(Name.root, Type.DNSKEY, DClass.IN), Section.QUESTION);
+    message.getHeader().setRcode(Rcode.NXDOMAIN);
+    add("./DNSKEY", message);
+
+    Message response = resolver.send(createMessage("www.ingotronic.ch./A"));
+    assertFalse(response.getHeader().getFlag(Flags.AD), "AD flag must not be set");
+    assertRCode(Rcode.SERVFAIL, response.getRcode());
+    assertEquals("validate.bogus.badkey:.:dnskey.no_rrset:.", getReason(response));
+    assertEde(ExtendedErrorCodeOption.DNSKEY_MISSING, response);
+  }
+
+  @Test
+  void testDnskeyPrimeResponseWithInvalidSignatureIsBad()
+      throws IOException, NumberFormatException {
+    Message m = resolver.send(createMessage("./DNSKEY"));
+    Message message =
+        messageFromString(
+            m.toString()
+                .replaceAll("(.*\\sRRSIG\\sDNSKEY\\s(\\d+\\s+){6}.*\\.)(.*)", "$1 YXNkZg=="));
+    add("./DNSKEY", message);
+
+    Message response = resolver.send(createMessage("www.ingotronic.ch./A"));
+    assertFalse(response.getHeader().getFlag(Flags.AD), "AD flag must not be set");
+    assertRCode(Rcode.SERVFAIL, response.getRcode());
+    assertEquals("validate.bogus.badkey:.:dnskey.no_ds_match", getReason(response));
+    assertEde(ExtendedErrorCodeOption.DNSSEC_BOGUS, response);
+  }
+
+  @Test
+  @PrepareMocks("prepareTestDnskeyPrimeResponseWithMismatchedFootprintIsBad")
+  void testDnskeyPrimeResponseWithMismatchedFootprintIsBad() throws Exception {
+    try {
+      Message response = resolver.send(createMessage("www.ingotronic.ch./A"));
+      assertFalse(response.getHeader().getFlag(Flags.AD), "AD flag must not be set");
+      assertRCode(Rcode.SERVFAIL, response.getRcode());
+      assertEquals(
+          "validate.bogus.badkey:.:dnskey.no_ds_alg_match:.:RSASHA256", getReason(response));
+      assertEde(ExtendedErrorCodeOption.DNSKEY_MISSING, response);
+    } finally {
+      Type.register(Type.DNSKEY, Type.string(Type.DNSKEY), () -> spy(DNSKEYRecord.class));
+    }
+  }
+
+  void prepareTestDnskeyPrimeResponseWithMismatchedFootprintIsBad() {
+    Type.register(
+        Type.DNSKEY,
+        Type.string(Type.DNSKEY),
+        () -> {
+          DNSKEYRecord minus1FootprintDnskey = spy(DNSKEYRecord.class);
+          when(minus1FootprintDnskey.getFootprint()).thenReturn(-1);
+          return minus1FootprintDnskey;
+        });
+  }
+
+  @Test
+  @PrepareMocks("prepareTestDnskeyPrimeResponseWithMismatchedAlgorithmIsBad")
+  void testDnskeyPrimeResponseWithMismatchedAlgorithmIsBad() throws Exception {
+    try {
+      Message response = resolver.send(createMessage("www.ingotronic.ch./A"));
+      assertFalse(response.getHeader().getFlag(Flags.AD), "AD flag must not be set");
+      assertRCode(Rcode.SERVFAIL, response.getRcode());
+      assertEquals(
+          "validate.bogus.badkey:.:dnskey.no_ds_alg_match:.:RSASHA256", getReason(response));
+      assertEde(ExtendedErrorCodeOption.DNSKEY_MISSING, response);
+    } finally {
+      Type.register(Type.DNSKEY, Type.string(Type.DNSKEY), () -> spy(DNSKEYRecord.class));
+    }
+  }
+
+  void prepareTestDnskeyPrimeResponseWithMismatchedAlgorithmIsBad() {
+    Type.register(
+        Type.DNSKEY,
+        Type.string(Type.DNSKEY),
+        () -> {
+          DNSKEYRecord minus1AlgorithmDnskey = spy(DNSKEYRecord.class);
+          when(minus1AlgorithmDnskey.getAlgorithm()).thenReturn(-1);
+          return minus1AlgorithmDnskey;
+        });
+  }
+
+  static class FakeShaProvider extends Provider {
+    protected FakeShaProvider() {
+      super("FakeShaProvider", 1, "FakeShaProvider");
+      put("MessageDigest.SHA", FakeSha.class.getName());
+      put("MessageDigest.SHA-256", FakeSha.class.getName());
+    }
+
+    public static class FakeSha extends MessageDigestSpi {
+      @Override
+      protected void engineUpdate(byte input) {}
+
+      @Override
+      protected void engineUpdate(byte[] input, int offset, int len) {}
+
+      @Override
+      protected byte[] engineDigest() {
+        return new byte[] {1, 2, 3};
+      }
+
+      @Override
+      protected void engineReset() {}
+    }
+  }
+
+  @Test
+  void testDnskeyPrimeResponseWithWeirdHashIsBad() throws Exception {
+    Provider p = new FakeShaProvider();
+    try {
+      Security.insertProviderAt(p, 1);
+      Message response = resolver.send(createMessage("www.ingotronic.ch./A"));
+      assertFalse(response.getHeader().getFlag(Flags.AD), "AD flag must not be set");
+      assertRCode(Rcode.SERVFAIL, response.getRcode());
+      assertEquals("validate.bogus.badkey:.:dnskey.no_ds_match", getReason(response));
+      assertEde(ExtendedErrorCodeOption.DNSSEC_BOGUS, response);
+    } finally {
+      Security.removeProvider(p.getName());
+    }
+  }
+
+  @Test
+  void testDsPrimeResponseWithEmptyAnswerIsBad() throws IOException {
+    Message message = new Message();
+    message.addRecord(
+        Record.newRecord(Name.fromString("ch."), Type.DS, DClass.IN), Section.QUESTION);
+    add("ch./DS", message);
+
+    Message response = resolver.send(createMessage("www.ingotronic.ch./A"));
+    assertFalse(response.getHeader().getFlag(Flags.AD), "AD flag must not be set");
+    assertRCode(Rcode.SERVFAIL, response.getRcode());
+    assertEquals("validate.bogus.badkey:ch.:failed.ds.nonsec:ch.", getReason(response));
+    assertEde(ExtendedErrorCodeOption.RRSIGS_MISSING, response);
+  }
+
+  @Test
+  void testDsPrimeResponseWithNxDomainForTld() throws IOException {
+    Message message = new Message();
+    message.addRecord(
+        Record.newRecord(Name.fromString("ch."), Type.DS, DClass.IN), Section.QUESTION);
+    message.getHeader().setRcode(Rcode.NXDOMAIN);
+    add("ch./DS", message);
+
+    Message response = resolver.send(createMessage("www.ingotronic.ch./A"));
+    assertFalse(response.getHeader().getFlag(Flags.AD), "AD flag must not be set");
+    assertRCode(Rcode.SERVFAIL, response.getRcode());
+    assertEquals("validate.bogus.badkey:ch.:failed.ds.nonsec:ch.", getReason(response));
+    assertEde(ExtendedErrorCodeOption.RRSIGS_MISSING, response);
+  }
+
+  @Test
+  void testDsNoDataWhenNsecIsFromChildApex() throws IOException {
+    Message nsec = resolver.send(createMessage("1.sub.ingotronic.ch./NSEC"));
+    Record delegationNsec = null;
+    Record delegationNsecSig = null;
+    for (RRset set : nsec.getSectionRRsets(Section.AUTHORITY)) {
+      if (set.getName().toString().startsWith("sub.ingotronic.ch") && set.getType() == Type.NSEC) {
+        delegationNsec = set.first();
+        delegationNsecSig = set.sigs().get(0);
+        break;
+      }
+    }
+
+    Message m = createMessage("sub.ingotronic.ch./DS");
+    m.getHeader().setRcode(Rcode.NOERROR);
+    m.addRecord(delegationNsec, Section.AUTHORITY);
+    m.addRecord(delegationNsecSig, Section.AUTHORITY);
+    add("sub.ingotronic.ch./DS", m);
+
+    R.setUseNeutralMessages(false);
+    Message response = resolver.send(createMessage("sub.ingotronic.ch./A"));
+    assertFalse(response.getHeader().getFlag(Flags.AD), "AD flag must not be set");
+    assertRCode(Rcode.SERVFAIL, response.getRcode());
+    assertEquals(
+        "validate.bogus.badkey:sub.ingotronic.ch.:failed.ds.nsec:dnskey.no_key:sub.ingotronic.ch.",
+        getReason(response));
+    assertEde(ExtendedErrorCodeOption.DNSSEC_BOGUS, response);
+  }
+
+  @Test
+  void testDsNoDataWhenNsecOnEntIsBad() throws IOException {
+    Message m = resolver.send(createMessage("e.ingotronic.ch./DS"));
+    Message message =
+        messageFromString(
+            m.toString().replaceAll("(.*\\sRRSIG\\sNSEC\\s(\\d+\\s+){6}.*\\.)(.*)", "$1 YXNkZg=="));
+    add("e.ingotronic.ch./DS", message);
+
+    Message response = resolver.send(createMessage("a.e.ingotronic.ch./A"));
+    assertFalse(response.getHeader().getFlag(Flags.AD), "AD flag must not be set");
+    assertRCode(Rcode.SERVFAIL, response.getRcode());
+    assertEquals("validate.bogus:failed.ds.nsec.ent", getReason(response));
+    assertEde(ExtendedErrorCodeOption.DNSSEC_BOGUS, response);
+  }
+
+  @Test
+  void testDsNoDataWhenOnInsecureDelegationWithWrongNsec() throws IOException {
+    Message nsec = resolver.send(createMessage("alias.ingotronic.ch./NSEC"));
+    Record delegationNsec = null;
+    Record delegationNsecSig = null;
+    for (RRset set : nsec.getSectionRRsets(Section.ANSWER)) {
+      if (set.getName().toString().startsWith("alias.ingotronic.ch")
+          && set.getType() == Type.NSEC) {
+        delegationNsec = set.first();
+        delegationNsecSig = set.sigs().get(0);
+        break;
+      }
+    }
+
+    Message m = createMessage("unsigned.ingotronic.ch./DS");
+    m.getHeader().setRcode(Rcode.NOERROR);
+    m.addRecord(delegationNsec, Section.AUTHORITY);
+    m.addRecord(delegationNsecSig, Section.AUTHORITY);
+    add("unsigned.ingotronic.ch./DS", m);
+
+    Message response = resolver.send(createMessage("www.unsigned.ingotronic.ch./A"));
+    assertFalse(response.getHeader().getFlag(Flags.AD), "AD flag must not be set");
+    assertRCode(Rcode.SERVFAIL, response.getRcode());
+    assertEquals("validate.bogus:failed.ds.unknown", getReason(response));
+    assertEde(ExtendedErrorCodeOption.DNSSEC_BOGUS, response);
+  }
+}
diff --git a/src/test/java/org/xbill/DNS/dnssec/TestRRsig.java b/src/test/java/org/xbill/DNS/dnssec/TestRRsig.java
new file mode 100644
index 000000000..b784e8363
--- /dev/null
+++ b/src/test/java/org/xbill/DNS/dnssec/TestRRsig.java
@@ -0,0 +1,41 @@
+// SPDX-License-Identifier: BSD-3-Clause
+package org.xbill.DNS.dnssec;
+
+import static org.junit.jupiter.api.Assertions.assertEquals;
+import static org.junit.jupiter.api.Assertions.assertFalse;
+
+import java.io.IOException;
+import org.junit.jupiter.api.Test;
+import org.xbill.DNS.ExtendedErrorCodeOption;
+import org.xbill.DNS.Flags;
+import org.xbill.DNS.Message;
+import org.xbill.DNS.Rcode;
+
+class TestRRsig extends TestBase {
+  @Test
+  @AlwaysOffline
+  void testRRsigNodata() throws IOException {
+    Message message = createMessage("www.ingotronic.ch./RRSIG");
+    add("www.ingotronic.ch./RRSIG", message);
+
+    Message response = resolver.send(createMessage("www.ingotronic.ch./RRSIG"));
+    assertFalse(response.getHeader().getFlag(Flags.AD), "AD flag must not be set");
+    assertRCode(Rcode.SERVFAIL, response.getRcode());
+    assertEquals("failed.nodata", getReason(response));
+    assertEde(ExtendedErrorCodeOption.NSEC_MISSING, response);
+  }
+
+  @Test
+  @AlwaysOffline
+  void testRRsigServfail() throws IOException {
+    Message message = createMessage("www.ingotronic.ch./RRSIG");
+    message.getHeader().setRcode(Rcode.SERVFAIL);
+    add("www.ingotronic.ch./RRSIG", message);
+
+    Message response = resolver.send(createMessage("www.ingotronic.ch./RRSIG"));
+    assertFalse(response.getHeader().getFlag(Flags.AD), "AD flag must not be set");
+    assertRCode(Rcode.SERVFAIL, response.getRcode());
+    assertEquals("validate.response.unknown:UNKNOWN", getReason(response));
+    assertEde(ExtendedErrorCodeOption.DNSSEC_BOGUS, response);
+  }
+}
diff --git a/src/test/java/org/xbill/DNS/dnssec/TestSMessage.java b/src/test/java/org/xbill/DNS/dnssec/TestSMessage.java
new file mode 100644
index 000000000..105c6d59c
--- /dev/null
+++ b/src/test/java/org/xbill/DNS/dnssec/TestSMessage.java
@@ -0,0 +1,144 @@
+// SPDX-License-Identifier: BSD-3-Clause
+package org.xbill.DNS.dnssec;
+
+import static org.junit.jupiter.api.Assertions.assertEquals;
+import static org.junit.jupiter.api.Assertions.assertNull;
+import static org.junit.jupiter.api.Assertions.assertThrows;
+
+import java.net.InetAddress;
+import java.net.UnknownHostException;
+import java.util.List;
+import org.junit.jupiter.api.Test;
+import org.junit.jupiter.params.ParameterizedTest;
+import org.junit.jupiter.params.provider.ValueSource;
+import org.xbill.DNS.AAAARecord;
+import org.xbill.DNS.ARecord;
+import org.xbill.DNS.DClass;
+import org.xbill.DNS.Message;
+import org.xbill.DNS.Name;
+import org.xbill.DNS.Record;
+import org.xbill.DNS.Section;
+import org.xbill.DNS.TextParseException;
+import org.xbill.DNS.Type;
+
+class TestSMessage {
+  @Test
+  void testGetUndefinedSectionBelow() {
+    SMessage m = new SMessage(0, null);
+    assertThrows(IllegalArgumentException.class, () -> m.getSectionRRsets(-1));
+  }
+
+  @ParameterizedTest
+  @ValueSource(ints = {0, 4, 100})
+  void testGetUndefinedSection(int section) {
+    SMessage m = new SMessage(0, null);
+    assertThrows(IllegalArgumentException.class, () -> m.getSectionRRsets(section));
+  }
+
+  @Test
+  void testGetEmptySection() {
+    SMessage m = new SMessage(0, null);
+    List<SRRset> sets = m.getSectionRRsets(Section.ANSWER);
+    assertEquals(0, sets.size());
+  }
+
+  @Test
+  void testGetEmptySectionByType() {
+    SMessage m = new SMessage(0, null);
+    List<SRRset> sets = m.getSectionRRsets(Section.ANSWER, Type.A);
+    assertEquals(0, sets.size());
+  }
+
+  @Test
+  void testGetSectionByType() throws UnknownHostException {
+    Message m = new Message();
+    Record r1 =
+        new ARecord(Name.root, DClass.IN, 0, InetAddress.getByAddress(new byte[] {0, 0, 0, 0}));
+    m.addRecord(r1, Section.ANSWER);
+    Record r2 =
+        new AAAARecord(
+            Name.root,
+            DClass.IN,
+            0,
+            InetAddress.getByAddress(new byte[] {0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 1}));
+    m.addRecord(r2, Section.ANSWER);
+    SMessage sm = new SMessage(m);
+    List<SRRset> result = sm.getSectionRRsets(Section.ANSWER, Type.A);
+    assertEquals(1, result.size());
+    assertEquals(Type.A, result.get(0).getType());
+  }
+
+  @Test
+  void testRecordCountForQuestionIsOne() {
+    SMessage m = new SMessage(0, null);
+    int count = m.getCount(Section.QUESTION);
+    assertEquals(1, count);
+  }
+
+  @Test
+  void testRecordCountForEmptySectionIsZero() {
+    SMessage m = new SMessage(0, null);
+    int count = m.getCount(Section.ADDITIONAL);
+    assertEquals(0, count);
+  }
+
+  @Test
+  void testRecordCountForIsValid() throws UnknownHostException {
+    Message m = new Message();
+    m.addRecord(
+        new ARecord(Name.root, DClass.IN, 0, InetAddress.getByAddress(new byte[] {0, 0, 0, 0})),
+        Section.ANSWER);
+    SMessage sm = new SMessage(m);
+    int count = sm.getCount(Section.ANSWER);
+    assertEquals(1, count);
+  }
+
+  @Test
+  void testAnswerSectionSearchFound() throws UnknownHostException {
+    Message m = new Message();
+    Record r =
+        new ARecord(Name.root, DClass.IN, 0, InetAddress.getByAddress(new byte[] {0, 0, 0, 0}));
+    m.addRecord(r, Section.ANSWER);
+    SMessage sm = new SMessage(m);
+    SRRset result = sm.findAnswerRRset(Name.root, Type.A, DClass.IN);
+    assertEquals(r, result.first());
+  }
+
+  @Test
+  void testAnswerSectionSearchNotFoundDifferentClass() throws UnknownHostException {
+    Message m = new Message();
+    Record r =
+        new ARecord(Name.root, DClass.IN, 0, InetAddress.getByAddress(new byte[] {0, 0, 0, 0}));
+    m.addRecord(r, Section.ANSWER);
+    SMessage sm = new SMessage(m);
+    SRRset result = sm.findAnswerRRset(Name.root, Type.A, DClass.CH);
+    assertNull(result);
+  }
+
+  @Test
+  void testAnswerSectionSearchNotFoundDifferentType() throws UnknownHostException {
+    Message m = new Message();
+    Record r =
+        new ARecord(Name.root, DClass.IN, 0, InetAddress.getByAddress(new byte[] {0, 0, 0, 0}));
+    m.addRecord(r, Section.ANSWER);
+    SMessage sm = new SMessage(m);
+    SRRset result = sm.findAnswerRRset(Name.root, Type.MX, DClass.IN);
+    assertNull(result);
+  }
+
+  @Test
+  void testAnswerSectionSearchNotFoundDifferentName()
+      throws UnknownHostException, TextParseException {
+    Message m = new Message();
+    Record r =
+        new ARecord(
+            Name.fromString("asdf."),
+            DClass.IN,
+            0,
+            InetAddress.getByAddress(new byte[] {0, 0, 0, 0}));
+    m.addRecord(r, Section.ANSWER);
+    SMessage sm = new SMessage(m);
+    SRRset result = sm.findAnswerRRset(Name.root, Type.MX, DClass.IN);
+    assertNull(result);
+  }
+}
diff --git a/src/test/java/org/xbill/DNS/dnssec/TestTrustAnchorLoading.java b/src/test/java/org/xbill/DNS/dnssec/TestTrustAnchorLoading.java
new file mode 100644
index 000000000..821ff3898
--- /dev/null
+++ b/src/test/java/org/xbill/DNS/dnssec/TestTrustAnchorLoading.java
@@ -0,0 +1,140 @@
+// SPDX-License-Identifier: BSD-3-Clause
+package org.xbill.DNS.dnssec;
+
+import static org.junit.jupiter.api.Assertions.assertEquals;
+import static org.junit.jupiter.api.Assertions.assertFalse;
+import static org.junit.jupiter.api.Assertions.assertNotNull;
+import static org.junit.jupiter.api.Assertions.assertNull;
+import static org.junit.jupiter.api.Assertions.assertThrows;
+import static org.junit.jupiter.api.Assertions.assertTrue;
+
+import java.io.ByteArrayInputStream;
+import java.io.ByteArrayOutputStream;
+import java.io.IOException;
+import java.io.OutputStreamWriter;
+import java.util.Properties;
+import org.junit.jupiter.api.Test;
+import org.xbill.DNS.DClass;
+import org.xbill.DNS.ExtendedErrorCodeOption;
+import org.xbill.DNS.Flags;
+import org.xbill.DNS.Message;
+import org.xbill.DNS.Name;
+import org.xbill.DNS.RRset;
+import org.xbill.DNS.Rcode;
+import org.xbill.DNS.Record;
+import org.xbill.DNS.Section;
+import org.xbill.DNS.Type;
+
+class TestTrustAnchorLoading extends TestBase {
+  @Test
+  void testLoadRootTrustAnchors() {
+    assertNotNull(resolver.getTrustAnchors().find(Name.root, DClass.IN));
+    assertNull(resolver.getTrustAnchors().find(Name.root, DClass.CH));
+  }
+
+  @Test
+  void testLoadRootTrustAnchorsFromFile() throws IOException {
+    resolver.getTrustAnchors().clear();
+    Properties config = new Properties();
+    config.put("dnsjava.dnssec.trust_anchor_file", "./src/test/resources/trust_anchors");
+    resolver.init(config);
+    assertNotNull(resolver.getTrustAnchors().find(Name.root, DClass.IN));
+  }
+
+  @Test
+  void testInitializingWithEmptyConfigDoesNotFail() throws IOException {
+    resolver.getTrustAnchors().clear();
+    Properties config = new Properties();
+    resolver.init(config);
+    assertNull(resolver.getTrustAnchors().find(Name.root, DClass.IN));
+  }
+
+  @Test
+  void testInitializingWithNonExistingFileThrows() {
+    resolver.getTrustAnchors().clear();
+    Properties config = new Properties();
+    config.put("dnsjava.dnssec.trust_anchor_file", "xyz");
+    assertThrows(IOException.class, () -> resolver.init(config));
+  }
+
+  @Test
+  void testLoadRootTrustAnchorWithDNSKEY() throws IOException {
+    Message keys = resolver.send(createMessage("./DNSKEY"));
+    ByteArrayOutputStream bos = new ByteArrayOutputStream();
+    OutputStreamWriter osw = new OutputStreamWriter(bos);
+    for (RRset set : keys.getSectionRRsets(Section.ANSWER)) {
+      if (set.getType() == Type.DNSKEY) {
+        for (Record r : set.rrs()) {
+          osw.write(r.toString());
+          osw.write('\n');
+        }
+      }
+    }
+
+    osw.close();
+
+    resolver.getTrustAnchors().clear();
+    resolver.loadTrustAnchors(new ByteArrayInputStream(bos.toByteArray()));
+    assertNotNull(resolver.getTrustAnchors().find(Name.root, DClass.IN));
+
+    Message response = resolver.send(createMessage("www.ingotronic.ch./A"));
+    assertTrue(response.getHeader().getFlag(Flags.AD), "AD flag must be set");
+    assertRCode(Rcode.NOERROR, response.getRcode());
+    assertNull(getReason(response));
+    assertEde(-1, response);
+  }
+
+  @Test
+  void testLoadRootTrustAnchorWithInvalidDNSKEY() throws IOException {
+    resolver.getTrustAnchors().clear();
+    resolver.loadTrustAnchors(getClass().getResourceAsStream("/trust_anchors_dnskey_invalid"));
+    assertNotNull(resolver.getTrustAnchors().find(Name.root, DClass.IN));
+
+    Message response = resolver.send(createMessage("www.ingotronic.ch./A"));
+    assertFalse(response.getHeader().getFlag(Flags.AD), "AD flag must not be set");
+    assertRCode(Rcode.SERVFAIL, response.getRcode());
+    assertEquals("validate.bogus.badkey:.:dnskey.no_ds_alg_match:.:RSASHA256", getReason(response));
+    assertEde(ExtendedErrorCodeOption.DNSKEY_MISSING, response);
+  }
+
+  @Test
+  void testLoadRootTrustAnchorWithInvalidDS() throws IOException {
+    resolver.getTrustAnchors().clear();
+    resolver.loadTrustAnchors(getClass().getResourceAsStream("/trust_anchors_invalid"));
+    assertNotNull(resolver.getTrustAnchors().find(Name.root, DClass.IN));
+
+    Message response = resolver.send(createMessage("www.ingotronic.ch./A"));
+    assertFalse(response.getHeader().getFlag(Flags.AD), "AD flag must not be set");
+    assertRCode(Rcode.SERVFAIL, response.getRcode());
+    assertEquals("validate.bogus.badkey:.:dnskey.no_ds_match", getReason(response));
+    assertEde(ExtendedErrorCodeOption.DNSSEC_BOGUS, response);
+  }
+
+  @Test
+  void testLoadRootTrustAnchorsAlongWithGarbage() throws IOException {
+    resolver.getTrustAnchors().clear();
+    resolver.loadTrustAnchors(getClass().getResourceAsStream("/trust_anchors_test"));
+    assertNotNull(resolver.getTrustAnchors().find(Name.root, DClass.IN));
+    assertNotNull(resolver.getTrustAnchors().find(Name.root, DClass.CH));
+  }
+
+  @Test
+  void testLoadEmptyTrustAnchors() throws IOException {
+    resolver.getTrustAnchors().clear();
+    resolver.loadTrustAnchors(getClass().getResourceAsStream("/trust_anchors_empty"));
+    assertNull(resolver.getTrustAnchors().find(Name.root, DClass.IN));
+  }
+
+  @Test
+  void testInsecureWithEmptyTrustAnchor() throws IOException {
+    resolver.getTrustAnchors().clear();
+    resolver.loadTrustAnchors(getClass().getResourceAsStream("/trust_anchors_empty"));
+    assertNull(resolver.getTrustAnchors().find(Name.root, DClass.IN));
+
+    Message response = resolver.send(createMessage("www.ingotronic.ch./A"));
+    assertFalse(response.getHeader().getFlag(Flags.AD), "AD flag must not be set");
+    assertRCode(Rcode.NOERROR, response.getRcode());
+    assertEquals("validate.insecure", getReason(response));
+    assertEde(-1, response);
+  }
+}
diff --git a/src/test/java/org/xbill/DNS/dnssec/TestUnsigned.java b/src/test/java/org/xbill/DNS/dnssec/TestUnsigned.java
new file mode 100644
index 000000000..1bb01f693
--- /dev/null
+++ b/src/test/java/org/xbill/DNS/dnssec/TestUnsigned.java
@@ -0,0 +1,51 @@
+// SPDX-License-Identifier: BSD-3-Clause
+package org.xbill.DNS.dnssec;
+
+import static org.junit.jupiter.api.Assertions.assertEquals;
+import static org.junit.jupiter.api.Assertions.assertFalse;
+
+import java.io.IOException;
+import org.junit.jupiter.api.Test;
+import org.xbill.DNS.Flags;
+import org.xbill.DNS.Message;
+import org.xbill.DNS.Rcode;
+
+class TestUnsigned extends TestBase {
+  @Test
+  void testUnsignedBelowSignedZoneBind() throws IOException {
+    Message response = resolver.send(createMessage("www.unsigned.ingotronic.ch./A"));
+    assertFalse(response.getHeader().getFlag(Flags.AD), "AD flag must not be set");
+    assertRCode(Rcode.NOERROR, response.getRcode());
+    assertEquals(localhost, firstA(response));
+    assertEquals("insecure.ds.nsec", getReason(response));
+    assertEde(-1, response);
+  }
+
+  @Test
+  void testUnsignedBelowSignedTldNsec3NoOptOut() throws IOException {
+    Message response = resolver.send(createMessage("20min.ch./A"));
+    assertFalse(response.getHeader().getFlag(Flags.AD), "AD flag must not be set");
+    assertRCode(Rcode.NOERROR, response.getRcode());
+    assertEquals("insecure.ds.nsec3", getReason(response));
+    assertEde(-1, response);
+  }
+
+  @Test
+  void testUnsignedBelowSignedTldNsec3OptOut() throws IOException {
+    Message response = resolver.send(createMessage("yahoo.com./A"));
+    assertFalse(response.getHeader().getFlag(Flags.AD), "AD flag must not be set");
+    assertRCode(Rcode.NOERROR, response.getRcode());
+    assertEquals("insecure.ds.nsec3", getReason(response));
+    assertEde(-1, response);
+  }
+
+  @Test
+  void testUnsignedBelowUnsignedZone() throws IOException {
+    Message response = resolver.send(createMessage("www.sub.unsigned.ingotronic.ch./A"));
+    assertFalse(response.getHeader().getFlag(Flags.AD), "AD flag must not be set");
+    assertRCode(Rcode.NOERROR, response.getRcode());
+    assertEquals(localhost, firstA(response));
+    assertEquals("insecure.ds.nsec", getReason(response));
+    assertEde(-1, response);
+  }
+}
diff --git a/src/test/java/org/xbill/DNS/dnssec/TestValUtils.java b/src/test/java/org/xbill/DNS/dnssec/TestValUtils.java
new file mode 100644
index 000000000..d7b227a24
--- /dev/null
+++ b/src/test/java/org/xbill/DNS/dnssec/TestValUtils.java
@@ -0,0 +1,413 @@
+// SPDX-License-Identifier: BSD-3-Clause
+package org.xbill.DNS.dnssec;
+
+import static org.junit.jupiter.api.Assertions.assertEquals;
+import static org.junit.jupiter.api.Assertions.assertFalse;
+import static org.junit.jupiter.api.Assertions.assertNull;
+import static org.junit.jupiter.api.Assertions.assertTrue;
+
+import java.io.IOException;
+import org.junit.jupiter.api.Test;
+import org.xbill.DNS.DClass;
+import org.xbill.DNS.ExtendedErrorCodeOption;
+import org.xbill.DNS.Flags;
+import org.xbill.DNS.Message;
+import org.xbill.DNS.NSECRecord;
+import org.xbill.DNS.Name;
+import org.xbill.DNS.RRset;
+import org.xbill.DNS.Rcode;
+import org.xbill.DNS.Record;
+import org.xbill.DNS.Section;
+import org.xbill.DNS.Type;
+
+class TestValUtils extends TestBase {
+  @Test
+  void testLongestCommonNameRootIsRoot() {
+    assertEquals(
+        Name.root,
+        ValUtils.longestCommonName(
+            Name.fromConstantString("example.com."), Name.fromConstantString("example.net.")));
+  }
+
+  @Test
+  void testNoDataWhenResultIsFromDelegationPoint() throws IOException {
+    Message nsec = resolver.send(createMessage("t.ingotronic.ch./A"));
+    Record delegationNsec = null;
+    Record delegationNsecSig = null;
+    for (RRset set : nsec.getSectionRRsets(Section.AUTHORITY)) {
+      if (set.getName().toString().startsWith("sub.ingotronic.ch")) {
+        delegationNsec = set.first();
+        delegationNsecSig = set.sigs().get(0);
+        break;
+      }
+    }
+
+    Message m = resolver.send(createMessage("sub.ingotronic.ch./MX"));
+    Message message =
+        messageFromString(m.toString().replaceAll("sub\\.ingotronic\\.ch\\.\\s+\\d+.*", ""));
+    message.addRecord(delegationNsec, Section.AUTHORITY);
+    message.addRecord(delegationNsecSig, Section.AUTHORITY);
+    add("sub.ingotronic.ch./MX", message);
+
+    Message response = resolver.send(createMessage("sub.ingotronic.ch./MX"));
+    assertFalse(response.getHeader().getFlag(Flags.AD), "AD flag must not be set");
+    assertRCode(Rcode.SERVFAIL, response.getRcode());
+    assertEquals("failed.nodata", getReason(response));
+    assertEde(ExtendedErrorCodeOption.DNSSEC_BOGUS, response);
+  }
+
+  @Test
+  void testNameErrorWhenResultIsFromDelegationPoint() throws IOException {
+    Message nsec = resolver.send(createMessage("sub1.ingotronic.ch./NSEC"));
+    Record delegationNsec = null;
+    Record delegationNsecSig = null;
+    for (RRset set : nsec.getSectionRRsets(Section.AUTHORITY)) {
+      if (set.getName().toString().startsWith("sub.ingotronic.ch")) {
+        delegationNsec = set.first();
+        delegationNsecSig = set.sigs().get(0);
+        break;
+      }
+    }
+
+    Message m = createMessage("s.sub.ingotronic.ch./A");
+    m.getHeader().setRcode(Rcode.NXDOMAIN);
+    m.addRecord(delegationNsec, Section.AUTHORITY);
+    m.addRecord(delegationNsecSig, Section.AUTHORITY);
+    add("s.sub.ingotronic.ch./A", m);
+
+    Message response = resolver.send(createMessage("s.sub.ingotronic.ch./A"));
+    assertFalse(response.getHeader().getFlag(Flags.AD), "AD flag must not be set");
+    assertRCode(Rcode.SERVFAIL, response.getRcode());
+    assertEquals("failed.nxdomain.exists:s.sub.ingotronic.ch.", getReason(response));
+    assertEde(ExtendedErrorCodeOption.DNSSEC_BOGUS, response);
+  }
+
+  @Test
+  void testNameErrorWhenNsecIsNotFromApex() throws IOException {
+    Message response = resolver.send(createMessage("1.www.ingotronic.ch./A"));
+    assertTrue(response.getHeader().getFlag(Flags.AD), "AD flag must be set");
+    assertRCode(Rcode.NXDOMAIN, response.getRcode());
+    assertNull(getReason(response));
+  }
+
+  @Test
+  void testNameErrorWhenNsecIsLastAndQnameBefore() throws IOException {
+    Message nsec = resolver.send(createMessage("zz.ingotronic.ch./NSEC"));
+    Record delegationNsec = null;
+    Record delegationNsecSig = null;
+    for (RRset set : nsec.getSectionRRsets(Section.AUTHORITY)) {
+      if (set.getName().toString().startsWith("z.ingotronic.ch")) {
+        delegationNsec = set.first();
+        delegationNsecSig = set.sigs().get(0);
+        break;
+      }
+    }
+
+    Message m = createMessage("y.ingotronic.ch./A");
+    m.getHeader().setRcode(Rcode.NXDOMAIN);
+    m.addRecord(delegationNsec, Section.AUTHORITY);
+    m.addRecord(delegationNsecSig, Section.AUTHORITY);
+    add("y.ingotronic.ch./A", m);
+
+    Message response = resolver.send(createMessage("y.ingotronic.ch./A"));
+    assertFalse(response.getHeader().getFlag(Flags.AD), "AD flag must not be set");
+    assertRCode(Rcode.SERVFAIL, response.getRcode());
+    assertEquals("failed.nxdomain.exists:y.ingotronic.ch.", getReason(response));
+    assertEde(ExtendedErrorCodeOption.DNSSEC_BOGUS, response);
+  }
+
+  @Test
+  void testNameErrorWhenNsecIsLastAndQnameDifferentDomain() throws IOException {
+    Message nsec = resolver.send(createMessage("zz.ingotronic.ch./NSEC"));
+    Record delegationNsec = null;
+    Record delegationNsecSig = null;
+    for (RRset set : nsec.getSectionRRsets(Section.AUTHORITY)) {
+      if (set.getName().toString().startsWith("z.ingotronic.ch")) {
+        delegationNsec = set.first();
+        delegationNsecSig = set.sigs().get(0);
+        break;
+      }
+    }
+
+    Message m = createMessage("zingotronic.ch./A");
+    m.getHeader().setRcode(Rcode.NXDOMAIN);
+    m.addRecord(delegationNsec, Section.AUTHORITY);
+    m.addRecord(delegationNsecSig, Section.AUTHORITY);
+    add("zingotronic.ch./A", m);
+
+    Message response = resolver.send(createMessage("zingotronic.ch./A"));
+    assertFalse(response.getHeader().getFlag(Flags.AD), "AD flag must not be set");
+    assertRCode(Rcode.SERVFAIL, response.getRcode());
+    assertEquals("failed.nxdomain.exists:zingotronic.ch.", getReason(response));
+    assertEde(ExtendedErrorCodeOption.DNSSEC_BOGUS, response);
+  }
+
+  @Test
+  void testNameErrorWhenNsecIsLastAndQnameIsZoneApex() throws IOException {
+    Message nsec = resolver.send(createMessage("zz.ingotronic.ch./NSEC"));
+    Record delegationNsec = null;
+    Record delegationNsecSig = null;
+    for (RRset set : nsec.getSectionRRsets(Section.AUTHORITY)) {
+      if (set.getName().toString().startsWith("z.ingotronic.ch")) {
+        delegationNsec = set.first();
+        delegationNsecSig = set.sigs().get(0);
+        break;
+      }
+    }
+
+    Message m = createMessage("ingotronic.ch./A");
+    m.getHeader().setRcode(Rcode.NXDOMAIN);
+    m.addRecord(delegationNsec, Section.AUTHORITY);
+    m.addRecord(delegationNsecSig, Section.AUTHORITY);
+    add("ingotronic.ch./A", m);
+
+    Message response = resolver.send(createMessage("ingotronic.ch./A"));
+    assertFalse(response.getHeader().getFlag(Flags.AD), "AD flag must not be set");
+    assertRCode(Rcode.SERVFAIL, response.getRcode());
+    assertEquals("failed.nxdomain.exists:ingotronic.ch.", getReason(response));
+    assertEde(ExtendedErrorCodeOption.DNSSEC_BOGUS, response);
+  }
+
+  @Test
+  void testNoDataWhenDSResultIsFromChild() throws IOException {
+    Message m = resolver.send(createMessage("samekey.ingotronic.ch./MX"));
+    // this test needs to have the key in the cache
+    add("samekey.ingotronic.ch./DS", m, false);
+
+    Message response = resolver.send(createMessage("samekey.ingotronic.ch./DS"));
+    assertFalse(response.getHeader().getFlag(Flags.AD), "AD flag must not be set");
+    assertRCode(Rcode.SERVFAIL, response.getRcode());
+    assertEquals("failed.nodata", getReason(response));
+    assertEde(ExtendedErrorCodeOption.DNSSEC_BOGUS, response);
+  }
+
+  @Test
+  void testNoDataOfDSForRoot() throws IOException {
+    Message response = resolver.send(createMessage("./DS"));
+    assertTrue(response.getHeader().getFlag(Flags.AD), "AD flag must be set");
+    assertRCode(Rcode.NOERROR, response.getRcode());
+    assertNull(getReason(response));
+    assertEde(-1, response);
+  }
+
+  @Test
+  void testNsecProvesNoDS() {
+    SecurityStatus s =
+        ValUtils.nsecProvesNoDS(
+            new NSECRecord(Name.root, DClass.IN, 0, Name.root, new int[] {Type.SOA, Type.NS}),
+            Name.root);
+    assertEquals(SecurityStatus.SECURE, s, "Root NSEC SOA and without DS must be secure");
+  }
+
+  @Test
+  void testNsecProvesNoDSWithDSPresentForRoot() {
+    SecurityStatus s =
+        ValUtils.nsecProvesNoDS(
+            new NSECRecord(
+                Name.root, DClass.IN, 0, Name.root, new int[] {Type.SOA, Type.NS, Type.DS}),
+            Name.root);
+    assertEquals(SecurityStatus.BOGUS, s, "Root NSEC with DS must be bogus");
+  }
+
+  @Test
+  void testNsecProvesNoDSWithSOAForNonRoot() throws IOException {
+    Name ch = Name.fromString("ch.");
+    SecurityStatus s =
+        ValUtils.nsecProvesNoDS(
+            new NSECRecord(ch, DClass.IN, 0, ch, new int[] {Type.SOA, Type.NS}), ch);
+    assertEquals(SecurityStatus.BOGUS, s, "Non-root NSEC with SOA must be bogus");
+  }
+
+  @Test
+  void testNoDataOnEntWithWrongNsec() throws IOException {
+    Message nsec = resolver.send(createMessage("alias.ingotronic.ch./NSEC"));
+    Record delegationNsec = null;
+    Record delegationNsecSig = null;
+    for (RRset set : nsec.getSectionRRsets(Section.ANSWER)) {
+      if (set.getName().toString().startsWith("alias.ingotronic.ch")) {
+        delegationNsec = set.first();
+        delegationNsecSig = set.sigs().get(0);
+        break;
+      }
+    }
+
+    Message m = createMessage("ingotronic.ch./A");
+    m.getHeader().setRcode(Rcode.NOERROR);
+    m.addRecord(delegationNsec, Section.AUTHORITY);
+    m.addRecord(delegationNsecSig, Section.AUTHORITY);
+    add("ingotronic.ch./A", m);
+
+    Message response = resolver.send(createMessage("ingotronic.ch./A"));
+    assertFalse(response.getHeader().getFlag(Flags.AD), "AD flag must not be set");
+    assertRCode(Rcode.SERVFAIL, response.getRcode());
+    assertEquals("failed.nodata", getReason(response));
+    assertEde(ExtendedErrorCodeOption.DNSSEC_BOGUS, response);
+  }
+
+  @Test
+  void testNoDataWhenNsecProvesExistence() throws IOException {
+    Message nsec = resolver.send(createMessage("www.ingotronic.ch./NSEC"));
+    Record delegationNsec = null;
+    Record delegationNsecSig = null;
+    for (RRset set : nsec.getSectionRRsets(Section.ANSWER)) {
+      if (set.getName().toString().startsWith("www.ingotronic.ch")) {
+        delegationNsec = set.first();
+        delegationNsecSig = set.sigs().get(0);
+        break;
+      }
+    }
+
+    Message m = createMessage("www.ingotronic.ch./AAAA");
+    m.getHeader().setRcode(Rcode.NOERROR);
+    m.addRecord(delegationNsec, Section.AUTHORITY);
+    m.addRecord(delegationNsecSig, Section.AUTHORITY);
+    add("www.ingotronic.ch./AAAA", m);
+
+    Message response = resolver.send(createMessage("www.ingotronic.ch./AAAA"));
+    assertFalse(response.getHeader().getFlag(Flags.AD), "AD flag must not be set");
+    assertRCode(Rcode.SERVFAIL, response.getRcode());
+    assertEquals("failed.nodata", getReason(response));
+    assertEde(ExtendedErrorCodeOption.DNSSEC_BOGUS, response);
+  }
+
+  @Test
+  void testNoDataWhenNsecHasCname() throws IOException {
+    Message nsec = resolver.send(createMessage("csigned.ingotronic.ch./NSEC"));
+    Record delegationNsec = null;
+    Record delegationNsecSig = null;
+    for (RRset set : nsec.getSectionRRsets(Section.ANSWER)) {
+      if (set.getName().toString().startsWith("csigned.ingotronic.ch")) {
+        delegationNsec = set.first();
+        delegationNsecSig = set.sigs().get(0);
+        break;
+      }
+    }
+
+    Message m = createMessage("csigned.ingotronic.ch./A");
+    m.getHeader().setRcode(Rcode.NOERROR);
+    m.addRecord(delegationNsec, Section.AUTHORITY);
+    m.addRecord(delegationNsecSig, Section.AUTHORITY);
+    add("csigned.ingotronic.ch./A", m);
+
+    Message response = resolver.send(createMessage("csigned.ingotronic.ch./A"));
+    assertFalse(response.getHeader().getFlag(Flags.AD), "AD flag must not be set");
+    assertRCode(Rcode.SERVFAIL, response.getRcode());
+    assertEquals("failed.nodata", getReason(response));
+    assertEde(ExtendedErrorCodeOption.DNSSEC_BOGUS, response);
+  }
+
+  @Test
+  void testNoDataWhenWcNsecProvesType() throws IOException {
+    Message nsec = resolver.send(createMessage("*.c.ingotronic.ch./NSEC"));
+    Record delegationNsec = null;
+    Record delegationNsecSig = null;
+    for (RRset set : nsec.getSectionRRsets(Section.ANSWER)) {
+      if (set.getName().toString().startsWith("*.c.ingotronic.ch")) {
+        delegationNsec = set.first();
+        delegationNsecSig = set.sigs().get(0);
+        break;
+      }
+    }
+
+    Message m = createMessage("a.c.ingotronic.ch./A");
+    m.getHeader().setRcode(Rcode.NOERROR);
+    m.addRecord(delegationNsec, Section.AUTHORITY);
+    m.addRecord(delegationNsecSig, Section.AUTHORITY);
+    add("a.c.ingotronic.ch./A", m);
+
+    Message response = resolver.send(createMessage("a.c.ingotronic.ch./A"));
+    assertFalse(response.getHeader().getFlag(Flags.AD), "AD flag must not be set");
+    assertRCode(Rcode.SERVFAIL, response.getRcode());
+    assertEquals("failed.nodata", getReason(response));
+    assertEde(ExtendedErrorCodeOption.DNSSEC_BOGUS, response);
+  }
+
+  @Test
+  void testNoDataWhenWcNsecProvesCname() throws IOException {
+    Message nsec = resolver.send(createMessage("*.cwv.ingotronic.ch./NSEC"));
+    Record delegationNsec = null;
+    Record delegationNsecSig = null;
+    for (RRset set : nsec.getSectionRRsets(Section.ANSWER)) {
+      if (set.getName().toString().startsWith("*.cwv.ingotronic.ch")) {
+        delegationNsec = set.first();
+        delegationNsecSig = set.sigs().get(0);
+        break;
+      }
+    }
+
+    Message m = createMessage("a.cwv.ingotronic.ch./A");
+    m.getHeader().setRcode(Rcode.NOERROR);
+    m.addRecord(delegationNsec, Section.AUTHORITY);
+    m.addRecord(delegationNsecSig, Section.AUTHORITY);
+    add("a.cwv.ingotronic.ch./A", m);
+
+    Message response = resolver.send(createMessage("a.cwv.ingotronic.ch./A"));
+    assertFalse(response.getHeader().getFlag(Flags.AD), "AD flag must not be set");
+    assertRCode(Rcode.SERVFAIL, response.getRcode());
+    assertEquals("failed.nodata", getReason(response));
+    assertEde(ExtendedErrorCodeOption.DNSSEC_BOGUS, response);
+  }
+
+  @Test
+  void testNoDataWhenWcNsecIsForDifferentName() throws IOException {
+    Message nsec = resolver.send(createMessage("*.c.ingotronic.ch./NSEC"));
+    Record delegationNsec = null;
+    Record delegationNsecSig = null;
+    for (RRset set : nsec.getSectionRRsets(Section.ANSWER)) {
+      if (set.getName().toString().startsWith("*.c.ingotronic.ch")) {
+        delegationNsec = set.first();
+        delegationNsecSig = set.sigs().get(0);
+        break;
+      }
+    }
+
+    Message m = createMessage("b.d.ingotronic.ch./A");
+    m.getHeader().setRcode(Rcode.NOERROR);
+    m.addRecord(delegationNsec, Section.AUTHORITY);
+    m.addRecord(delegationNsecSig, Section.AUTHORITY);
+    add("b.d.ingotronic.ch./A", m);
+
+    Message response = resolver.send(createMessage("b.d.ingotronic.ch./A"));
+    assertFalse(response.getHeader().getFlag(Flags.AD), "AD flag must not be set");
+    assertRCode(Rcode.SERVFAIL, response.getRcode());
+    assertEquals("failed.nodata", getReason(response));
+    assertEde(ExtendedErrorCodeOption.DNSSEC_BOGUS, response);
+  }
+
+  @Test
+  void testDsNoDataWhenNsecProvesDs() throws IOException {
+    Message nsec = resolver.send(createMessage("sub1.ingotronic.ch./NSEC"));
+    Record delegationNsec = null;
+    Record delegationNsecSig = null;
+    for (RRset set : nsec.getSectionRRsets(Section.AUTHORITY)) {
+      if (set.getName().toString().startsWith("sub.ingotronic.ch")) {
+        delegationNsec = set.first();
+        delegationNsecSig = set.sigs().get(0);
+        break;
+      }
+    }
+
+    Message m = createMessage("sub.ingotronic.ch./DS");
+    m.getHeader().setRcode(Rcode.NOERROR);
+    m.addRecord(delegationNsec, Section.AUTHORITY);
+    m.addRecord(delegationNsecSig, Section.AUTHORITY);
+    add("sub.ingotronic.ch./DS", m);
+
+    Message response = resolver.send(createMessage("sub.ingotronic.ch./A"));
+    assertFalse(response.getHeader().getFlag(Flags.AD), "AD flag must not be set");
+    assertRCode(Rcode.SERVFAIL, response.getRcode());
+    assertEquals(
+        "validate.bogus.badkey:sub.ingotronic.ch.:failed.ds.nsec.hasdata", getReason(response));
+    assertEde(ExtendedErrorCodeOption.DNSSEC_BOGUS, response);
+  }
+
+  @Test
+  void testHasSignedNsecsWithoutSignedSigsReturnsFalse() {
+    Message m = new Message();
+    m.addRecord(
+        new NSECRecord(Name.root, DClass.IN, 0, Name.root, new int[] {Type.A}), Section.AUTHORITY);
+    SMessage sm = new SMessage(m);
+    boolean result = new ValUtils().hasSignedNsecs(sm);
+    assertFalse(result);
+  }
+}
diff --git a/src/test/java/org/xbill/DNS/dnssec/TestWildcard.java b/src/test/java/org/xbill/DNS/dnssec/TestWildcard.java
new file mode 100644
index 000000000..8116d5323
--- /dev/null
+++ b/src/test/java/org/xbill/DNS/dnssec/TestWildcard.java
@@ -0,0 +1,179 @@
+// SPDX-License-Identifier: BSD-3-Clause
+package org.xbill.DNS.dnssec;
+
+import static org.junit.jupiter.api.Assertions.assertEquals;
+import static org.junit.jupiter.api.Assertions.assertFalse;
+import static org.junit.jupiter.api.Assertions.assertTrue;
+
+import java.io.IOException;
+import java.net.InetAddress;
+import org.junit.jupiter.api.Test;
+import org.xbill.DNS.ARecord;
+import org.xbill.DNS.DClass;
+import org.xbill.DNS.ExtendedErrorCodeOption;
+import org.xbill.DNS.Flags;
+import org.xbill.DNS.Message;
+import org.xbill.DNS.Name;
+import org.xbill.DNS.Rcode;
+import org.xbill.DNS.Record;
+import org.xbill.DNS.Section;
+import org.xbill.DNS.Type;
+
+class TestWildcard extends TestBase {
+  @Test
+  void testNameNotExpandedFromWildcardWhenNonWildcardExists() throws IOException {
+    // create a faked response: the original query/response was for
+    // b.d.ingotronic.ch. and is changed to a.d.ingotronic.ch.
+    Message m = resolver.send(createMessage("b.d.ingotronic.ch./A"));
+    add(
+        "a.d.ingotronic.ch./A",
+        messageFromString(m.toString().replace("b.d.ingotronic.ch.", "a.d.ingotronic.ch.")));
+
+    // a.d.ingotronic.ch./A exists, but the response is faked from *.d.ingotronic.ch. which must be
+    // detected by the NSEC proof
+    Message response = resolver.send(createMessage("a.d.ingotronic.ch./A"));
+    assertFalse(response.getHeader().getFlag(Flags.AD));
+    assertRCode(Rcode.SERVFAIL, response.getHeader().getRcode());
+    assertEquals("failed.positive.wildcard_too_broad", getReason(response));
+    assertEde(ExtendedErrorCodeOption.DNSSEC_BOGUS, response);
+  }
+
+  @Test
+  void testNameNotExpandedFromWildcardWhenNonWildcardExistsNsec3() throws IOException {
+    // create a faked response: the original query/response was for
+    // b.d.nsec3.ingotronic.ch. and is changed to a.d.nsec3.ingotronic.ch.
+    Message m = resolver.send(createMessage("b.d.nsec3.ingotronic.ch./A"));
+    add(
+        "a.d.nsec3.ingotronic.ch./A",
+        messageFromString(
+            m.toString().replace("b.d.nsec3.ingotronic.ch.", "a.d.nsec3.ingotronic.ch.")));
+
+    // a.d.nsec3.ingotronic.ch./A exists, but the response is faked from
+    // *.d.nsec3.ingotronic.ch. which must be detected by the NSEC proof
+    Message response = resolver.send(createMessage("a.d.nsec3.ingotronic.ch./A"));
+    assertFalse(response.getHeader().getFlag(Flags.AD));
+    assertRCode(Rcode.SERVFAIL, response.getHeader().getRcode());
+    assertEquals("failed.positive.wildcard_too_broad", getReason(response));
+    assertEde(ExtendedErrorCodeOption.DNSSEC_BOGUS, response);
+  }
+
+  @AlwaysOffline
+  @Test
+  void testLabelCountInSignaturesNotAllSame() throws IOException {
+    Message response = resolver.send(createMessage("b.d.nsec3.ingotronic.ch./A"));
+    assertFalse(response.getHeader().getFlag(Flags.AD));
+    assertRCode(Rcode.SERVFAIL, response.getHeader().getRcode());
+    assertEquals(
+        "failed.wildcard.label_count_mismatch:b.d.nsec3.ingotronic.ch.", getReason(response));
+    assertEde(ExtendedErrorCodeOption.DNSSEC_BOGUS, response);
+  }
+
+  @Test
+  void testSynthesisUsesCorrectWildcard() throws IOException {
+    Message m = resolver.send(createMessage("a.wc.ingotronic.ch./A"));
+    Message message =
+        messageFromString(
+            m.toString().replaceAll("a\\.wc\\.ingotronic.ch\\.", "\1.sub.wc.ingotronic.ch."));
+    add(Name.fromString("\1.sub.wc.ingotronic.ch.").toString() + "/A", message);
+
+    Message response = resolver.send(createMessage("\1.sub.wc.ingotronic.ch./A"));
+    assertFalse(response.getHeader().getFlag(Flags.AD), "AD flag must not be set");
+    assertRCode(Rcode.SERVFAIL, response.getRcode());
+    assertEquals("failed.positive.wildcard_too_broad", getReason(response));
+    assertEde(ExtendedErrorCodeOption.DNSSEC_BOGUS, response);
+  }
+
+  @Test
+  void testPositiveWithInvalidNsecSignature() throws IOException {
+    Message m = resolver.send(createMessage("a.c.ingotronic.ch./A"));
+    Message message =
+        messageFromString(
+            m.toString().replaceAll("(.*\\sRRSIG\\sNSEC\\s(\\d+\\s+){6}.*\\.)(.*)", "$1 YXNkZg=="));
+    add("a.c.ingotronic.ch./A", message);
+
+    Message response = resolver.send(createMessage("a.c.ingotronic.ch./A"));
+    assertFalse(response.getHeader().getFlag(Flags.AD), "AD flag must not be set");
+    assertRCode(Rcode.SERVFAIL, response.getRcode());
+    assertTrue(getReason(response).startsWith("failed.authority.positive"));
+    assertEde(ExtendedErrorCodeOption.DNSSEC_BOGUS, response);
+  }
+
+  @Test
+  void testNodataWilcardWithoutCe() throws IOException {
+    // strip the closest encloser NSEC
+    Message m = resolver.send(createMessage("\1.c.ingotronic.ch./MX"));
+    Message message = messageFromString(m.toString().replaceAll("a\\.b\\.ingotronic\\.ch.*", ""));
+    add(Name.fromString("\1.c.ingotronic.ch./MX").toString(), message);
+
+    Message response = resolver.send(createMessage("\1.c.ingotronic.ch./MX"));
+    assertFalse(response.getHeader().getFlag(Flags.AD), "AD flag must not be set");
+    assertRCode(Rcode.SERVFAIL, response.getRcode());
+    assertEquals("failed.nodata", getReason(response));
+    assertEde(ExtendedErrorCodeOption.DNSSEC_BOGUS, response);
+  }
+
+  @Test
+  void testSynthesisUsesCorrectWildcardNodata() throws IOException {
+    Message m = resolver.send(createMessage("a.wc.ingotronic.ch./MX"));
+    Message message =
+        messageFromString(
+            m.toString().replaceAll("a\\.wc\\.ingotronic.ch\\.", "\1.sub.wc.ingotronic.ch."));
+    add(Name.fromString("\1.sub.wc.ingotronic.ch.").toString() + "/MX", message);
+
+    Message response = resolver.send(createMessage("\1.sub.wc.ingotronic.ch./MX"));
+    assertFalse(response.getHeader().getFlag(Flags.AD), "AD flag must not be set");
+    assertRCode(Rcode.SERVFAIL, response.getRcode());
+    assertEquals("failed.nodata", getReason(response));
+    assertEde(ExtendedErrorCodeOption.DNSSEC_BOGUS, response);
+  }
+
+  @Test
+  void testSynthesisUsesCorrectWildcardNodataNsec3() throws IOException {
+    Message m = resolver.send(createMessage("a.wc.nsec3.ingotronic.ch./MX"));
+    Message message =
+        messageFromString(
+            m.toString()
+                .replaceAll("a\\.wc\\.nsec3.ingotronic.ch\\.", "\1.sub.wc.nsec3.ingotronic.ch."));
+    add(Name.fromString("\1.sub.wc.nsec3.ingotronic.ch.").toString() + "/MX", message);
+
+    Message response = resolver.send(createMessage("\1.sub.wc.nsec3.ingotronic.ch./MX"));
+    assertFalse(response.getHeader().getFlag(Flags.AD), "AD flag must not be set");
+    assertRCode(Rcode.SERVFAIL, response.getRcode());
+    assertEquals("failed.nodata", getReason(response));
+    assertEde(ExtendedErrorCodeOption.DNSSEC_BOGUS, response);
+  }
+
+  @Test
+  void testDsNodataFromWildcardNsecChild() throws IOException {
+    Message m =
+        Message.newQuery(
+            Record.newRecord(Name.fromString("www.x.c.ingotronic.ch."), Type.A, DClass.IN));
+    m.addRecord(
+        new ARecord(
+            Name.fromString("www.x.c.ingotronic.ch."), DClass.IN, 300, InetAddress.getLocalHost()),
+        Section.ANSWER);
+    add("www.x.c.ingotronic.ch./A", m);
+
+    Message response = resolver.send(createMessage("www.x.c.ingotronic.ch./A"));
+    assertFalse(response.getHeader().getFlag(Flags.AD), "AD flag must not be set");
+    assertRCode(Rcode.SERVFAIL, response.getRcode());
+    assertEde(ExtendedErrorCodeOption.RRSIGS_MISSING, response);
+  }
+
+  @Test
+  void testDsNodataFromWildcardNsecCovered() throws IOException {
+    Message m =
+        Message.newQuery(
+            Record.newRecord(Name.fromString("www.x.ce.ingotronic.ch."), Type.A, DClass.IN));
+    m.addRecord(
+        new ARecord(
+            Name.fromString("www.x.ce.ingotronic.ch."), DClass.IN, 300, InetAddress.getLocalHost()),
+        Section.ANSWER);
+    add("www.x.ce.ingotronic.ch./A", m);
+
+    Message response = resolver.send(createMessage("www.x.ce.ingotronic.ch./A"));
+    assertFalse(response.getHeader().getFlag(Flags.AD), "AD flag must not be set");
+    assertRCode(Rcode.SERVFAIL, response.getRcode());
+    assertEde(ExtendedErrorCodeOption.DNSSEC_BOGUS, response);
+  }
+}
diff --git a/src/test/java/org/xbill/DNS/dnssec/UnboundTests.java b/src/test/java/org/xbill/DNS/dnssec/UnboundTests.java
new file mode 100644
index 000000000..928d653a9
--- /dev/null
+++ b/src/test/java/org/xbill/DNS/dnssec/UnboundTests.java
@@ -0,0 +1,1272 @@
+// SPDX-License-Identifier: BSD-3-Clause
+package org.xbill.DNS.dnssec;
+
+import static org.junit.jupiter.api.Assertions.assertEquals;
+import static org.mockito.Mockito.when;
+
+import java.io.File;
+import java.io.FileInputStream;
+import java.io.IOException;
+import java.io.InputStream;
+import java.security.Security;
+import java.text.ParseException;
+import java.time.Duration;
+import java.util.ArrayList;
+import java.util.HashMap;
+import java.util.List;
+import java.util.Map;
+import java.util.Map.Entry;
+import java.util.Properties;
+import lombok.extern.slf4j.Slf4j;
+import org.bouncycastle.jce.provider.BouncyCastleProvider;
+import org.junit.jupiter.api.Disabled;
+import org.junit.jupiter.api.DisplayName;
+import org.junit.jupiter.api.Test;
+import org.xbill.DNS.CNAMERecord;
+import org.xbill.DNS.DClass;
+import org.xbill.DNS.DNAMERecord;
+import org.xbill.DNS.DNSSEC;
+import org.xbill.DNS.Flags;
+import org.xbill.DNS.Message;
+import org.xbill.DNS.Name;
+import org.xbill.DNS.RRSIGRecord;
+import org.xbill.DNS.RRset;
+import org.xbill.DNS.Rcode;
+import org.xbill.DNS.Record;
+import org.xbill.DNS.Section;
+import org.xbill.DNS.Type;
+
+@Slf4j
+class UnboundTests extends TestBase {
+  void runUnboundTest() throws ParseException, IOException {
+    try {
+      InputStream data = getClass().getResourceAsStream("/unbound/" + testName + ".rpl");
+      RplParser p = new RplParser(data);
+      Rpl rpl = p.parse();
+      Properties config = new Properties();
+      if (rpl.nsec3iterations != null) {
+        for (Entry<Integer, Integer> e : rpl.nsec3iterations.entrySet()) {
+          config.put("dnsjava.dnssec.nsec3.iterations." + e.getKey(), e.getValue());
+        }
+      }
+
+      if (rpl.digestPreference != null) {
+        config.put(ValUtils.DIGEST_PREFERENCE, rpl.digestPreference);
+      }
+
+      config.put(ValUtils.DIGEST_HARDEN_DOWNGRADE, Boolean.toString(rpl.hardenAlgoDowngrade));
+
+      if (rpl.enableSha1) {
+        config.put(ValUtils.DIGEST_ENABLED + "." + DNSSEC.Digest.SHA1, Boolean.TRUE.toString());
+      }
+
+      if (rpl.enableDsa || rpl.enableSha1) {
+        config.put(
+            ValUtils.ALGORITHM_ENABLED + "." + DNSSEC.Algorithm.DSA, Boolean.TRUE.toString());
+        config.put(
+            ValUtils.ALGORITHM_ENABLED + "." + DNSSEC.Algorithm.DSA_NSEC3_SHA1,
+            Boolean.TRUE.toString());
+      }
+
+      if (!rpl.hardenUnknownAdditional) {
+        System.setProperty("dnsjava.harden_unknown_additional", Boolean.TRUE.toString());
+      }
+
+      if (rpl.loadBouncyCastle) {
+        Security.addProvider(new BouncyCastleProvider());
+      }
+
+      if (rpl.minRsaSize != null) {
+        config.put(ValUtils.ALGORITHM_RSA_MIN_KEY_SIZE, Integer.toString(rpl.minRsaSize));
+      }
+
+      for (Message m : rpl.replays) {
+        add(m);
+      }
+
+      // merge xNAME queries into one
+      List<Message> copy = new ArrayList<>(rpl.replays.size());
+      copy.addAll(rpl.replays);
+      List<Name> copiedTargets = new ArrayList<>(5);
+      for (Message m : copy) {
+        Name target = null;
+        for (RRset s : m.getSectionRRsets(Section.ANSWER)) {
+          if (s.getType() == Type.CNAME) {
+            target = ((CNAMERecord) s.first()).getTarget();
+          } else if (s.getType() == Type.DNAME) {
+            target = ((DNAMERecord) s.first()).getTarget();
+          }
+
+          while (target != null) {
+            Message a = get(target, m.getQuestion().getType());
+            if (a == null) {
+              a = get(target, Type.CNAME);
+            }
+
+            if (a == null) {
+              a = get(target, Type.DNAME);
+            }
+
+            if (a != null) {
+              target = add(m, a);
+              if (copiedTargets.contains(target)) {
+                break;
+              }
+
+              copiedTargets.add(target);
+              rpl.replays.remove(a);
+            } else {
+              target = null;
+            }
+          }
+        }
+      }
+
+      // promote any DS records in auth. sections to real queries
+      copy = new ArrayList<>(rpl.replays.size());
+      copy.addAll(rpl.replays);
+      for (Message m : copy) {
+        for (RRset s : m.getSectionRRsets(Section.AUTHORITY)) {
+          if (s.getType() == Type.DS) {
+            Message ds = new Message();
+            ds.addRecord(
+                Record.newRecord(s.getName(), s.getType(), s.getDClass()), Section.QUESTION);
+            for (Record rr : s.rrs()) {
+              ds.addRecord(rr, Section.ANSWER);
+            }
+
+            for (RRSIGRecord sig : s.sigs()) {
+              ds.addRecord(sig, Section.ANSWER);
+            }
+
+            rpl.replays.add(ds);
+          }
+        }
+      }
+
+      clear();
+      for (Message m : rpl.replays) {
+        add(m);
+      }
+
+      if (rpl.date != null) {
+        try {
+          when(resolverClock.instant()).thenReturn(rpl.date);
+        } catch (Exception e) {
+          throw new RuntimeException(e);
+        }
+      }
+
+      if (rpl.trustAnchors != null) {
+        resolver.getTrustAnchors().clear();
+        for (SRRset rrset : rpl.trustAnchors) {
+          resolver.getTrustAnchors().store(rrset);
+        }
+      }
+
+      resolver.init(config);
+      resolver.setTimeout(Duration.ofMinutes(1));
+
+      for (Check c : rpl.checks.values()) {
+        Message s = resolver.send(c.query).normalize(c.query, true);
+        log.trace(
+            "{}/{}/{} ---> \n{}",
+            c.query.getQuestion().getName(),
+            Type.string(c.query.getQuestion().getType()),
+            DClass.string(c.query.getQuestion().getDClass()),
+            s);
+        assertEquals(
+            c.response.getHeader().getFlag(Flags.AD),
+            s.getHeader().getFlag(Flags.AD),
+            "AD Flag must match");
+        assertEquals(
+            Rcode.string(c.response.getRcode()), Rcode.string(s.getRcode()), "RCode must match");
+      }
+    } finally {
+      Security.removeProvider(BouncyCastleProvider.PROVIDER_NAME);
+      System.clearProperty("dnsjava.harden_unknown_additional");
+    }
+  }
+
+  private Name add(Message target, Message source) {
+    Name next = null;
+    target.getHeader().setRcode(source.getRcode());
+    for (Record r : source.getSection(Section.ANSWER)) {
+      target.addRecord(r, Section.ANSWER);
+      if (r.getType() == Type.CNAME) {
+        next = ((CNAMERecord) r).getTarget();
+      } else if (r.getType() == Type.DNAME) {
+        next = ((DNAMERecord) r).getTarget();
+      }
+    }
+
+    for (Record r : source.getSection(Section.AUTHORITY)) {
+      if (r.getType() != Type.NS) {
+        target.addRecord(r, Section.AUTHORITY);
+      }
+    }
+
+    return next;
+  }
+
+  static void main(String[] xargs) throws IOException, ParseException {
+    Map<String, String> ignored =
+        new HashMap<String, String>() {
+          {
+            put("val_faildnskey_ok.rpl", "tests an unbound specific config option");
+            put("val_nsec3_nods_negcache.rpl", "we don't do negative caching");
+            put("val_unsecds_negcache.rpl", "we don't do negative caching");
+            put("val_negcache_dssoa.rpl", "we don't do negative caching");
+            put("val_negcache_nodata.rpl", "aggressive NSEC is not supported");
+            put("val_negcache_nxdomain.rpl", "aggressive NSEC is not supported");
+            put("val_nsec3_b3_optout_negcache.rpl", "we don't do negative caching");
+            put("val_dsnsec.rpl", "we don't do negative caching");
+            put("val_refer_unsignadd.rpl", "we don't do negative caching");
+            put("val_referglue.rpl", "we don't do negative caching");
+            put(
+                "val_noadwhennodo.rpl",
+                "irrelevant - if we wouldn't want AD, we wouldn't be using this stuff");
+            put("val_fwdds.rpl", "irrelevant, we're not a recursive resolver");
+            put("val_referd.rpl", "NSEC records missing for validation, tests caching stuff");
+            put("val_stubds.rpl", "tests unbound specific config (stub zones)");
+            put("val_cnametonsec.rpl", "incomplete CNAME answer");
+            put("val_cnametooptin.rpl", "incomplete CNAME answer");
+            put("val_cnametoinsecure.rpl", "incomplete CNAME answer");
+            put("val_nsec3_optout_cache.rpl", "more cache stuff");
+            put("val_unsecds_qtypeds.rpl", "tests the iterative resolver");
+            put(
+                "val_anchor_nx.rpl",
+                "tests resolving conflicting responses in a recursive resolver");
+            put(
+                "val_anchor_nx_nosig.rpl",
+                "tests resolving conflicting responses in a recursive resolver");
+            put("val_negcache_nta.rpl", "tests unbound option domain-insecure, not available here");
+          }
+        };
+
+    for (String f : new File("./src/test/resources/unbound").list()) {
+      String comment = ignored.get(f);
+      if (comment != null) {
+        System.out.println("    @Disabled(\"" + comment + "\")");
+      }
+
+      Rpl rpl = new RplParser(new FileInputStream("./src/test/resources/unbound/" + f)).parse();
+      System.out.println("    @Test");
+      System.out.println("    @DisplayName(\"" + f + ": " + rpl.scenario + "\")");
+      System.out.println(
+          "    void " + f.split("\\.")[0] + "() throws ParseException, IOException {");
+      System.out.println("        runUnboundTest();");
+      System.out.println("    }");
+      System.out.println();
+    }
+  }
+
+  @Test
+  @DisplayName("val_adbit.rpl: Test validator AD bit signaling")
+  void val_adbit() throws ParseException, IOException {
+    runUnboundTest();
+  }
+
+  @Test
+  @DisplayName("val_adcopy.rpl: Test validator AD bit sent by untrusted upstream")
+  void val_adcopy() throws ParseException, IOException {
+    runUnboundTest();
+  }
+
+  @Disabled("tests resolving conflicting responses in a recursive resolver")
+  @Test
+  @DisplayName("val_anchor_nx.rpl: Test validator with secure proof of trust anchor nxdomain")
+  void val_anchor_nx() throws ParseException, IOException {
+    runUnboundTest();
+  }
+
+  @Disabled("tests resolving conflicting responses in a recursive resolver")
+  @Test
+  @DisplayName("val_anchor_nx_nosig.rpl: Test validator with unsigned denial of trust anchor")
+  void val_anchor_nx_nosig() throws ParseException, IOException {
+    runUnboundTest();
+  }
+
+  @Test
+  @DisplayName("val_ans_dsent.rpl: Test validator with empty nonterminals on the trust chain.")
+  void val_ans_dsent() throws ParseException, IOException {
+    runUnboundTest();
+  }
+
+  @Test
+  @DisplayName("val_ans_nx.rpl: Test validator with DS nodata as nxdomain on trust chain")
+  void val_ans_nx() throws ParseException, IOException {
+    runUnboundTest();
+  }
+
+  @Test
+  @DisplayName("val_any.rpl: Test validator with response to qtype ANY")
+  void val_any() throws ParseException, IOException {
+    runUnboundTest();
+  }
+
+  @Test
+  @DisplayName("val_any_cname.rpl: Test validator with response to qtype ANY that includes CNAME")
+  void val_any_cname() throws ParseException, IOException {
+    runUnboundTest();
+  }
+
+  @Test
+  @DisplayName("val_any_dname.rpl: Test validator with response to qtype ANY that includes DNAME")
+  void val_any_dname() throws ParseException, IOException {
+    runUnboundTest();
+  }
+
+  @Test
+  @DisplayName("val_cnameinsectopos.rpl: Test validator with an insecure cname to positive cached")
+  void val_cnameinsectopos() throws ParseException, IOException {
+    runUnboundTest();
+  }
+
+  @Test
+  @DisplayName(
+      "val_cnamenx_dblnsec.rpl: Test validator with cname-nxdomain for duplicate NSEC detection")
+  void val_cnamenx_dblnsec() throws ParseException, IOException {
+    runUnboundTest();
+  }
+
+  @Test
+  @DisplayName("val_cnamenx_rcodenx.rpl: Test validator with cname-nxdomain with rcode nxdomain")
+  void val_cnamenx_rcodenx() throws ParseException, IOException {
+    runUnboundTest();
+  }
+
+  @Test
+  @DisplayName("val_cnameqtype.rpl: Test validator with a query for type cname")
+  void val_cnameqtype() throws ParseException, IOException {
+    runUnboundTest();
+  }
+
+  @Test
+  @DisplayName("val_cnametocloser.rpl: Test validator with CNAME to closer anchor under optout.")
+  void val_cnametocloser() throws ParseException, IOException {
+    runUnboundTest();
+  }
+
+  @Test
+  @DisplayName(
+      "val_cnametocloser_nosig.rpl: Test validator with CNAME to closer anchor optout missing sigs.")
+  void val_cnametocloser_nosig() throws ParseException, IOException {
+    runUnboundTest();
+  }
+
+  @Test
+  @DisplayName(
+      "val_cnametocnamewctoposwc.rpl: Test validator with a regular cname to wildcard cname to wildcard response")
+  void val_cnametocnamewctoposwc() throws ParseException, IOException {
+    runUnboundTest();
+  }
+
+  @Test
+  @DisplayName("val_cnametodname.rpl: Test validator with a cname to a dname")
+  void val_cnametodname() throws ParseException, IOException {
+    runUnboundTest();
+  }
+
+  @Test
+  @DisplayName(
+      "val_cnametodnametocnametopos.rpl: Test validator with cname, dname, cname, positive answer")
+  void val_cnametodnametocnametopos() throws ParseException, IOException {
+    runUnboundTest();
+  }
+
+  @Disabled("incomplete CNAME answer")
+  @Test
+  @DisplayName("val_cnametoinsecure.rpl: Test validator with CNAME to insecure NSEC or NSEC3.")
+  void val_cnametoinsecure() throws ParseException, IOException {
+    runUnboundTest();
+  }
+
+  @Test
+  @DisplayName("val_cnametonodata.rpl: Test validator with cname to nodata")
+  void val_cnametonodata() throws ParseException, IOException {
+    runUnboundTest();
+  }
+
+  @Test
+  @DisplayName("val_cnametonodata_nonsec.rpl: Test validator with cname to nodata")
+  void val_cnametonodata_nonsec() throws ParseException, IOException {
+    runUnboundTest();
+  }
+
+  @Disabled("incomplete CNAME answer")
+  @Test
+  @DisplayName("val_cnametonsec.rpl: Test validator with CNAME to insecure NSEC delegation")
+  void val_cnametonsec() throws ParseException, IOException {
+    runUnboundTest();
+  }
+
+  @Test
+  @DisplayName("val_cnametonx.rpl: Test validator with cname to nxdomain")
+  void val_cnametonx() throws ParseException, IOException {
+    runUnboundTest();
+  }
+
+  @Disabled("incomplete CNAME answer")
+  @Test
+  @DisplayName("val_cnametooptin.rpl: Test validator with CNAME to insecure optin NSEC3")
+  void val_cnametooptin() throws ParseException, IOException {
+    runUnboundTest();
+  }
+
+  @Test
+  @DisplayName("val_cnametooptout.rpl: Test validator with CNAME to optout NSEC3 span NODATA")
+  void val_cnametooptout() throws ParseException, IOException {
+    runUnboundTest();
+  }
+
+  @Test
+  @DisplayName("val_cnametopos.rpl: Test validator with a cname to positive")
+  void val_cnametopos() throws ParseException, IOException {
+    runUnboundTest();
+  }
+
+  @Test
+  @DisplayName(
+      "val_cnametoposnowc.rpl: Test validator with a cname to positive wildcard without proof")
+  void val_cnametoposnowc() throws ParseException, IOException {
+    runUnboundTest();
+  }
+
+  @Test
+  @DisplayName("val_cnametoposwc.rpl: Test validator with a cname to positive wildcard")
+  void val_cnametoposwc() throws ParseException, IOException {
+    runUnboundTest();
+  }
+
+  @Test
+  @DisplayName("val_cnamewctonodata.rpl: Test validator with wildcard cname to nodata")
+  void val_cnamewctonodata() throws ParseException, IOException {
+    runUnboundTest();
+  }
+
+  @Test
+  @DisplayName("val_cnamewctonx.rpl: Test validator with wildcard cname to nxdomain")
+  void val_cnamewctonx() throws ParseException, IOException {
+    runUnboundTest();
+  }
+
+  @Test
+  @DisplayName("val_cnamewctoposwc.rpl: Test validator with wildcard cname to positive wildcard")
+  void val_cnamewctoposwc() throws ParseException, IOException {
+    runUnboundTest();
+  }
+
+  @Test
+  @DisplayName("val_cname_loop1.rpl: Test validator with cname loop")
+  void val_cname_loop1() throws ParseException, IOException {
+    runUnboundTest();
+  }
+
+  @Test
+  @DisplayName("val_cname_loop2.rpl: Test validator with cname 2 step loop")
+  void val_cname_loop2() throws ParseException, IOException {
+    runUnboundTest();
+  }
+
+  @Test
+  @DisplayName("val_cname_loop3.rpl: Test validator with cname 3 step loop")
+  void val_cname_loop3() throws ParseException, IOException {
+    runUnboundTest();
+  }
+
+  @Test
+  @DisplayName("val_deleg_nons.rpl: Test validator with unsigned delegation with no NS bit in NSEC")
+  void val_deleg_nons() throws ParseException, IOException {
+    runUnboundTest();
+  }
+
+  @Test
+  @DisplayName("val_dnametoolong.rpl: Test validator with a dname too long response")
+  void val_dnametoolong() throws ParseException, IOException {
+    runUnboundTest();
+  }
+
+  @Test
+  @DisplayName("val_dnametopos.rpl: Test validator with a dname to positive")
+  void val_dnametopos() throws ParseException, IOException {
+    runUnboundTest();
+  }
+
+  @Test
+  @DisplayName("val_dnametoposwc.rpl: Test validator with a dname to positive wildcard")
+  void val_dnametoposwc() throws ParseException, IOException {
+    runUnboundTest();
+  }
+
+  @Test
+  @DisplayName("val_dnamewc.rpl: Test validator with a wildcarded dname")
+  void val_dnamewc() throws ParseException, IOException {
+    runUnboundTest();
+  }
+
+  @Disabled("we don't do negative caching")
+  @Test
+  @DisplayName("val_dsnsec.rpl: Test pickup of DS NSEC from the cache.")
+  void val_dsnsec() throws ParseException, IOException {
+    runUnboundTest();
+  }
+
+  @Test
+  @DisplayName("val_ds_afterprime.rpl: Test DS lookup after key prime is done.")
+  void val_ds_afterprime() throws ParseException, IOException {
+    runUnboundTest();
+  }
+
+  @Test
+  @DisplayName("val_ds_cname.rpl: Test validator with CNAME response to DS")
+  void val_ds_cname() throws ParseException, IOException {
+    runUnboundTest();
+  }
+
+  @Test
+  @DisplayName("val_ds_cnamesub.rpl: Test validator with CNAME response to DS in chain of trust")
+  void val_ds_cnamesub() throws ParseException, IOException {
+    runUnboundTest();
+  }
+
+  @Test
+  @DisplayName(
+      "val_ds_cnamesubbogus.rpl: Test validator with bogus CNAME response to DS in chain of trust")
+  void val_ds_cnamesubbogus() throws ParseException, IOException {
+    runUnboundTest();
+  }
+
+  @Test
+  @DisplayName("val_ds_gost.rpl: Test validator with GOST DS digest")
+  void val_ds_gost() throws ParseException, IOException {
+    runUnboundTest();
+  }
+
+  @Test
+  @DisplayName("val_ds_gost_downgrade.rpl: Test validator with GOST DS digest downgrade attack")
+  void val_ds_gost_downgrade() throws ParseException, IOException {
+    runUnboundTest();
+  }
+
+  @Test
+  @DisplayName("val_ds_sha2.rpl: Test validator with SHA256 DS digest")
+  void val_ds_sha2() throws ParseException, IOException {
+    runUnboundTest();
+  }
+
+  @Test
+  @DisplayName("val_ds_sha2_downgrade.rpl: Test validator with SHA256 DS downgrade to SHA1")
+  void val_ds_sha2_downgrade() throws ParseException, IOException {
+    runUnboundTest();
+  }
+
+  @Test
+  @DisplayName(
+      "val_ds_sha2_downgrade_override.rpl: Test validator with SHA256 DS downgrade to SHA1")
+  void val_ds_sha2_downgrade_override() throws ParseException, IOException {
+    runUnboundTest();
+  }
+
+  @Test
+  @DisplayName("val_ds_sha2_lenient.rpl: Test validator with SHA256 DS downgrade to SHA1 lenience")
+  void val_ds_sha2_lenient() throws ParseException, IOException {
+    runUnboundTest();
+  }
+
+  @Test
+  @DisplayName("val_entds.rpl: Test validator with lots of ENTs in the chain of trust")
+  void val_entds() throws ParseException, IOException {
+    runUnboundTest();
+  }
+
+  @Test
+  @DisplayName("val_faildnskey.rpl: Test validator with failed DNSKEY request")
+  void val_faildnskey() throws ParseException, IOException {
+    runUnboundTest();
+  }
+
+  @Disabled("tests an unbound specific config option")
+  @Test
+  @DisplayName(
+      "val_faildnskey_ok.rpl: Test validator with failed DNSKEY request, but not hardened.")
+  void val_faildnskey_ok() throws ParseException, IOException {
+    runUnboundTest();
+  }
+
+  @Disabled("irrelevant, we're not a recursive resolver")
+  @Test
+  @DisplayName("val_fwdds.rpl: Test forward-zone with DS query")
+  void val_fwdds() throws ParseException, IOException {
+    runUnboundTest();
+  }
+
+  @Test
+  @DisplayName("val_keyprefetch.rpl: Test validator with key prefetch")
+  void val_keyprefetch() throws ParseException, IOException {
+    runUnboundTest();
+  }
+
+  @Test
+  @DisplayName(
+      "val_keyprefetch_verify.rpl: Test validator with key prefetch and verify with the anchor")
+  void val_keyprefetch_verify() throws ParseException, IOException {
+    runUnboundTest();
+  }
+
+  @Test
+  @DisplayName("val_mal_wc.rpl: Test validator with nodata, wildcards and ENT")
+  void val_mal_wc() throws ParseException, IOException {
+    runUnboundTest();
+  }
+
+  @Test
+  @DisplayName("val_negcache_ds.rpl: Test validator with negative cache DS response")
+  void val_negcache_ds() throws ParseException, IOException {
+    runUnboundTest();
+  }
+
+  @Disabled("we don't do negative caching")
+  @Test
+  @DisplayName(
+      "val_negcache_dssoa.rpl: Test validator with negative cache DS response with cached SOA")
+  void val_negcache_dssoa() throws ParseException, IOException {
+    runUnboundTest();
+  }
+
+  @Disabled("aggressive NSEC is not supported")
+  @Test
+  @DisplayName(
+      "val_negcache_nodata.rpl: Test validator with negative cache NXDOMAIN response (aggressive NSEC)")
+  void val_negcache_nodata() throws ParseException, IOException {
+    runUnboundTest();
+  }
+
+  @Disabled("tests unbound option domain-insecure, not available here")
+  @Test
+  @DisplayName("val_negcache_nta.rpl: Test to not do aggressive NSEC for domains under NTA")
+  void val_negcache_nta() throws ParseException, IOException {
+    runUnboundTest();
+  }
+
+  @Disabled("aggressive NSEC is not supported")
+  @Test
+  @DisplayName(
+      "val_negcache_nxdomain.rpl: Test validator with negative cache NXDOMAIN response (aggressive NSEC)")
+  void val_negcache_nxdomain() throws ParseException, IOException {
+    runUnboundTest();
+  }
+
+  @Disabled("irrelevant - if we wouldn't want AD, we wouldn't be using this stuff")
+  @Test
+  @DisplayName("val_noadwhennodo.rpl: Test if AD bit is returned on non-DO query.")
+  void val_noadwhennodo() throws ParseException, IOException {
+    runUnboundTest();
+  }
+
+  @Test
+  @DisplayName("val_nodata.rpl: Test validator with nodata response")
+  void val_nodata() throws ParseException, IOException {
+    runUnboundTest();
+  }
+
+  @Test
+  @DisplayName("val_nodatawc.rpl: Test validator with wildcard nodata response")
+  void val_nodatawc() throws ParseException, IOException {
+    runUnboundTest();
+  }
+
+  @Test
+  @DisplayName("val_nodatawc_badce.rpl: Test validator with wildcard nodata, bad closest encloser")
+  void val_nodatawc_badce() throws ParseException, IOException {
+    runUnboundTest();
+  }
+
+  @Test
+  @DisplayName(
+      "val_nodatawc_nodeny.rpl: Test validator with wildcard nodata response without qdenial")
+  void val_nodatawc_nodeny() throws ParseException, IOException {
+    runUnboundTest();
+  }
+
+  @Test
+  @DisplayName("val_nodatawc_one.rpl: Test validator with wildcard nodata response with one NSEC")
+  void val_nodatawc_one() throws ParseException, IOException {
+    runUnboundTest();
+  }
+
+  @Test
+  @DisplayName(
+      "val_nodatawc_wcns.rpl: Test validator with wildcard nodata response from parent zone with SOA")
+  void val_nodatawc_wcns() throws ParseException, IOException {
+    runUnboundTest();
+  }
+
+  @Test
+  @DisplayName(
+      "val_nodatawc_wrongdeleg.rpl: Test validator with wildcard nodata response from parent zone")
+  void val_nodatawc_wrongdeleg() throws ParseException, IOException {
+    runUnboundTest();
+  }
+
+  @Test
+  @DisplayName("val_nodata_ent.rpl: Test validator with nodata on empty nonterminal response")
+  void val_nodata_ent() throws ParseException, IOException {
+    runUnboundTest();
+  }
+
+  @Test
+  @DisplayName(
+      "val_nodata_entnx.rpl: Test validator with nodata on empty nonterminal response with rcode NXDOMAIN")
+  void val_nodata_entnx() throws ParseException, IOException {
+    runUnboundTest();
+  }
+
+  @Test
+  @DisplayName(
+      "val_nodata_entwc.rpl: Test validator with wildcard nodata on empty nonterminal response")
+  void val_nodata_entwc() throws ParseException, IOException {
+    runUnboundTest();
+  }
+
+  @Test
+  @DisplayName("val_nodata_failsig.rpl: Test validator with nodata response with bogus RRSIG")
+  void val_nodata_failsig() throws ParseException, IOException {
+    runUnboundTest();
+  }
+
+  @Test
+  @DisplayName(
+      "val_nodata_failwc.rpl: Test validator with nodata response with wildcard expanded NSEC record, original NSEC owner does not provide proof for QNAME. CVE-2017-15105 test.")
+  void val_nodata_failwc() throws ParseException, IOException {
+    runUnboundTest();
+  }
+
+  @Test
+  @DisplayName("val_nodata_hasdata.rpl: Test validator with nodata response, that proves the data.")
+  void val_nodata_hasdata() throws ParseException, IOException {
+    runUnboundTest();
+  }
+
+  @Test
+  @DisplayName(
+      "val_nodata_zonecut.rpl: Test validator with nodata response from wrong side of zonecut")
+  void val_nodata_zonecut() throws ParseException, IOException {
+    runUnboundTest();
+  }
+
+  @Test
+  @DisplayName("val_nokeyprime.rpl: Test validator with failed key prime, no keys.")
+  void val_nokeyprime() throws ParseException, IOException {
+    runUnboundTest();
+  }
+
+  @Test
+  @DisplayName("val_nsec3_b1_nameerror.rpl: Test validator NSEC3 B.1 name error.")
+  void val_nsec3_b1_nameerror() throws ParseException, IOException {
+    runUnboundTest();
+  }
+
+  @Test
+  @DisplayName(
+      "val_nsec3_b1_nameerror_noce.rpl: Test validator NSEC3 B.1 name error without ce NSEC3.")
+  void val_nsec3_b1_nameerror_noce() throws ParseException, IOException {
+    runUnboundTest();
+  }
+
+  @Test
+  @DisplayName(
+      "val_nsec3_b1_nameerror_nonc.rpl: Test validator NSEC3 B.1 name error without nc NSEC3.")
+  void val_nsec3_b1_nameerror_nonc() throws ParseException, IOException {
+    runUnboundTest();
+  }
+
+  @Test
+  @DisplayName(
+      "val_nsec3_b1_nameerror_nowc.rpl: Test validator NSEC3 B.1 name error without wc NSEC3.")
+  void val_nsec3_b1_nameerror_nowc() throws ParseException, IOException {
+    runUnboundTest();
+  }
+
+  @Test
+  @DisplayName("val_nsec3_b21_nodataent.rpl: Test validator NSEC3 B.2.1 no data empty nonterminal.")
+  void val_nsec3_b21_nodataent() throws ParseException, IOException {
+    runUnboundTest();
+  }
+
+  @Test
+  @DisplayName(
+      "val_nsec3_b21_nodataent_wr.rpl: Test validator NSEC3 B.2.1 no data empty nonterminal, wrong rr.")
+  void val_nsec3_b21_nodataent_wr() throws ParseException, IOException {
+    runUnboundTest();
+  }
+
+  @Test
+  @DisplayName("val_nsec3_b2_nodata.rpl: Test validator NSEC3 B.2 no data.")
+  void val_nsec3_b2_nodata() throws ParseException, IOException {
+    runUnboundTest();
+  }
+
+  @Test
+  @DisplayName("val_nsec3_b2_nodata_nons.rpl: Test validator NSEC3 B.2 no data, without NSEC3.")
+  void val_nsec3_b2_nodata_nons() throws ParseException, IOException {
+    runUnboundTest();
+  }
+
+  @Test
+  @DisplayName(
+      "val_nsec3_b3_optout.rpl: Test validator NSEC3 B.3 referral to optout unsigned zone.")
+  void val_nsec3_b3_optout() throws ParseException, IOException {
+    runUnboundTest();
+  }
+
+  @Disabled("we don't do negative caching")
+  @Test
+  @DisplayName(
+      "val_nsec3_b3_optout_negcache.rpl: Test validator NSEC3 B.3 referral optout with negative cache.")
+  void val_nsec3_b3_optout_negcache() throws ParseException, IOException {
+    runUnboundTest();
+  }
+
+  @Test
+  @DisplayName(
+      "val_nsec3_b3_optout_noce.rpl: Test validator NSEC3 B.3 optout unsigned, without ce.")
+  void val_nsec3_b3_optout_noce() throws ParseException, IOException {
+    runUnboundTest();
+  }
+
+  @Test
+  @DisplayName(
+      "val_nsec3_b3_optout_nonc.rpl: Test validator NSEC3 B.3 optout unsigned, without nc.")
+  void val_nsec3_b3_optout_nonc() throws ParseException, IOException {
+    runUnboundTest();
+  }
+
+  @Test
+  @DisplayName("val_nsec3_b4_wild.rpl: Test validator NSEC3 B.4 wildcard expansion.")
+  void val_nsec3_b4_wild() throws ParseException, IOException {
+    runUnboundTest();
+  }
+
+  @Test
+  @DisplayName(
+      "val_nsec3_b4_wild_wr.rpl: Test validator NSEC3 B.4 wildcard expansion, wrong NSEC3.")
+  void val_nsec3_b4_wild_wr() throws ParseException, IOException {
+    runUnboundTest();
+  }
+
+  @Test
+  @DisplayName("val_nsec3_b5_wcnodata.rpl: Test validator NSEC3 B.5 wildcard nodata.")
+  void val_nsec3_b5_wcnodata() throws ParseException, IOException {
+    runUnboundTest();
+  }
+
+  @Test
+  @DisplayName(
+      "val_nsec3_b5_wcnodata_noce.rpl: Test validator NSEC3 B.5 wildcard nodata, without ce.")
+  void val_nsec3_b5_wcnodata_noce() throws ParseException, IOException {
+    runUnboundTest();
+  }
+
+  @Test
+  @DisplayName(
+      "val_nsec3_b5_wcnodata_nonc.rpl: Test validator NSEC3 B.5 wildcard nodata, without nc.")
+  void val_nsec3_b5_wcnodata_nonc() throws ParseException, IOException {
+    runUnboundTest();
+  }
+
+  @Test
+  @DisplayName(
+      "val_nsec3_b5_wcnodata_nowc.rpl: Test validator NSEC3 B.5 wildcard nodata, without wc.")
+  void val_nsec3_b5_wcnodata_nowc() throws ParseException, IOException {
+    runUnboundTest();
+  }
+
+  @Test
+  @DisplayName(
+      "val_nsec3_cnametocnamewctoposwc.rpl: Test validator with a regular cname to wildcard cname to wildcard response")
+  void val_nsec3_cnametocnamewctoposwc() throws ParseException, IOException {
+    runUnboundTest();
+  }
+
+  @Test
+  @DisplayName("val_nsec3_cname_ds.rpl: Test validator with NSEC3 CNAME for qtype DS.")
+  void val_nsec3_cname_ds() throws ParseException, IOException {
+    runUnboundTest();
+  }
+
+  @Test
+  @DisplayName("val_nsec3_cname_par.rpl: Test validator with NSEC3 wildcard CNAME to parent.")
+  void val_nsec3_cname_par() throws ParseException, IOException {
+    runUnboundTest();
+  }
+
+  @Test
+  @DisplayName("val_nsec3_cname_sub.rpl: Test validator with NSEC3 wildcard CNAME to subzone.")
+  void val_nsec3_cname_sub() throws ParseException, IOException {
+    runUnboundTest();
+  }
+
+  @Test
+  @DisplayName(
+      "val_nsec3_entnodata_optout.rpl: Test validator with NSEC3 response for NODATA ENT with optout.")
+  void val_nsec3_entnodata_optout() throws ParseException, IOException {
+    runUnboundTest();
+  }
+
+  @Test
+  @DisplayName(
+      "val_nsec3_entnodata_optout_badopt.rpl: Test validator with NSEC3 response for NODATA ENT with optout.")
+  void val_nsec3_entnodata_optout_badopt() throws ParseException, IOException {
+    runUnboundTest();
+  }
+
+  @Test
+  @DisplayName(
+      "val_nsec3_entnodata_optout_match.rpl: Test validator NODATA ENT with nsec3 optout matches the ent.")
+  void val_nsec3_entnodata_optout_match() throws ParseException, IOException {
+    runUnboundTest();
+  }
+
+  @Test
+  @DisplayName(
+      "val_nsec3_iter_high.rpl: Test validator with nxdomain NSEC3 with too high iterations")
+  void val_nsec3_iter_high() throws ParseException, IOException {
+    runUnboundTest();
+  }
+
+  @Test
+  @DisplayName(
+      "val_nsec3_nodatawccname.rpl: Test validator with nodata NSEC3 abused wildcarded CNAME.")
+  void val_nsec3_nodatawccname() throws ParseException, IOException {
+    runUnboundTest();
+  }
+
+  @Test
+  @DisplayName("val_nsec3_nods.rpl: Test validator with NSEC3 with no DS referral.")
+  void val_nsec3_nods() throws ParseException, IOException {
+    runUnboundTest();
+  }
+
+  @Test
+  @DisplayName(
+      "val_nsec3_nods_badopt.rpl: Test validator with NSEC3 with no DS with wrong optout bit.")
+  void val_nsec3_nods_badopt() throws ParseException, IOException {
+    runUnboundTest();
+  }
+
+  @Test
+  @DisplayName(
+      "val_nsec3_nods_badsig.rpl: Test validator with NSEC3 with no DS referral with bad signature.")
+  void val_nsec3_nods_badsig() throws ParseException, IOException {
+    runUnboundTest();
+  }
+
+  @Disabled("we don't do negative caching")
+  @Test
+  @DisplayName(
+      "val_nsec3_nods_negcache.rpl: Test validator with NSEC3 with no DS referral from neg cache.")
+  void val_nsec3_nods_negcache() throws ParseException, IOException {
+    runUnboundTest();
+  }
+
+  @Test
+  @DisplayName(
+      "val_nsec3_nods_soa.rpl: Test validator with NSEC3 with no DS referral abuse of apex.")
+  void val_nsec3_nods_soa() throws ParseException, IOException {
+    runUnboundTest();
+  }
+
+  @Test
+  @DisplayName(
+      "val_nsec3_optout_ad.rpl: Test validator with optout NSEC3 response that gets no AD.")
+  void val_nsec3_optout_ad() throws ParseException, IOException {
+    runUnboundTest();
+  }
+
+  @Disabled("more cache stuff")
+  @Test
+  @DisplayName(
+      "val_nsec3_optout_cache.rpl: Test validator with NSEC3 span change and cache effects.")
+  void val_nsec3_optout_cache() throws ParseException, IOException {
+    runUnboundTest();
+  }
+
+  @Test
+  @DisplayName("val_nsec3_wcany.rpl: Test validator with NSEC3 wildcard qtype ANY response.")
+  void val_nsec3_wcany() throws ParseException, IOException {
+    runUnboundTest();
+  }
+
+  @Test
+  @DisplayName(
+      "val_nsec3_wcany_nodeny.rpl: Test validator with NSEC3 wildcard qtype ANY without denial.")
+  void val_nsec3_wcany_nodeny() throws ParseException, IOException {
+    runUnboundTest();
+  }
+
+  @Test
+  @DisplayName("val_nx.rpl: Test validator with nxdomain response")
+  void val_nx() throws ParseException, IOException {
+    runUnboundTest();
+  }
+
+  @Test
+  @DisplayName(
+      "val_nx_failwc.rpl: Test validator with nxdomain response with wildcard expanded NSEC record, original NSEC owner does not provide proof for QNAME. CVE-2017-15105 test.")
+  void val_nx_failwc() throws ParseException, IOException {
+    runUnboundTest();
+  }
+
+  @Test
+  @DisplayName("val_nx_nodeny.rpl: Test validator with nxdomain response missing qname denial")
+  void val_nx_nodeny() throws ParseException, IOException {
+    runUnboundTest();
+  }
+
+  @Test
+  @DisplayName("val_nx_nowc.rpl: Test validator with nxdomain response missing wildcard denial")
+  void val_nx_nowc() throws ParseException, IOException {
+    runUnboundTest();
+  }
+
+  @Test
+  @DisplayName("val_nx_nsec3_collision.rpl: Test validator with nxdomain NSEC3 with a collision.")
+  void val_nx_nsec3_collision() throws ParseException, IOException {
+    runUnboundTest();
+  }
+
+  @Test
+  @DisplayName(
+      "val_nx_nsec3_collision2.rpl: Test validator with nxdomain NSEC3 with a salt mismatch.")
+  void val_nx_nsec3_collision2() throws ParseException, IOException {
+    runUnboundTest();
+  }
+
+  @Test
+  @DisplayName("val_nx_nsec3_collision3.rpl: Test validator with nxdomain NSEC3 with a collision.")
+  void val_nx_nsec3_collision3() throws ParseException, IOException {
+    runUnboundTest();
+  }
+
+  @Test
+  @DisplayName("val_nx_nsec3_collision4.rpl: Test validator with nxdomain NSEC3 with a collision.")
+  void val_nx_nsec3_collision4() throws ParseException, IOException {
+    runUnboundTest();
+  }
+
+  @Test
+  @DisplayName("val_nx_nsec3_hashalg.rpl: Test validator with unknown NSEC3 hash algorithm.")
+  void val_nx_nsec3_hashalg() throws ParseException, IOException {
+    runUnboundTest();
+  }
+
+  @Test
+  @DisplayName(
+      "val_nx_nsec3_nsecmix.rpl: Test validator with NSEC3 responses that has an NSEC mixed in.")
+  void val_nx_nsec3_nsecmix() throws ParseException, IOException {
+    runUnboundTest();
+  }
+
+  @Test
+  @DisplayName("val_nx_nsec3_params.rpl: Test validator with nxdomain NSEC3 several parameters.")
+  void val_nx_nsec3_params() throws ParseException, IOException {
+    runUnboundTest();
+  }
+
+  @Test
+  @DisplayName("val_nx_overreach.rpl: Test validator with overreaching NSEC record")
+  void val_nx_overreach() throws ParseException, IOException {
+    runUnboundTest();
+  }
+
+  @Test
+  @DisplayName("val_positive.rpl: Test validator with positive response")
+  void val_positive() throws ParseException, IOException {
+    runUnboundTest();
+  }
+
+  @Test
+  @DisplayName(
+      "val_positive_nosigs.rpl: Test validator with positive response, signatures removed.")
+  void val_positive_nosigs() throws ParseException, IOException {
+    runUnboundTest();
+  }
+
+  @Test
+  @DisplayName("val_positive_wc.rpl: Test validator with positive wildcard response")
+  void val_positive_wc() throws ParseException, IOException {
+    runUnboundTest();
+  }
+
+  @Test
+  @DisplayName(
+      "val_positive_wc_nodeny.rpl: Test validator with positive wildcard without qname denial")
+  void val_positive_wc_nodeny() throws ParseException, IOException {
+    runUnboundTest();
+  }
+
+  @Test
+  @DisplayName("val_pos_truncns.rpl: Test validator with badly truncated positive response")
+  void val_pos_truncns() throws ParseException, IOException {
+    runUnboundTest();
+  }
+
+  @Test
+  @DisplayName("val_qds_badanc.rpl: Test validator with DS query and a bad anchor")
+  void val_qds_badanc() throws ParseException, IOException {
+    runUnboundTest();
+  }
+
+  @Test
+  @DisplayName("val_qds_oneanc.rpl: Test validator with DS query and one anchor")
+  void val_qds_oneanc() throws ParseException, IOException {
+    runUnboundTest();
+  }
+
+  @Test
+  @DisplayName("val_qds_twoanc.rpl: Test validator with DS query and two anchors")
+  void val_qds_twoanc() throws ParseException, IOException {
+    runUnboundTest();
+  }
+
+  @Disabled("NSEC records missing for validation, tests caching stuff")
+  @Test
+  @DisplayName("val_referd.rpl: Test validator with cache referral")
+  void val_referd() throws ParseException, IOException {
+    runUnboundTest();
+  }
+
+  @Disabled("we don't do negative caching")
+  @Test
+  @DisplayName("val_referglue.rpl: Test validator with cache referral with unsigned glue")
+  void val_referglue() throws ParseException, IOException {
+    runUnboundTest();
+  }
+
+  @Disabled("we don't do negative caching")
+  @Test
+  @DisplayName("val_refer_unsignadd.rpl: Test validator with a referral with unsigned additional")
+  void val_refer_unsignadd() throws ParseException, IOException {
+    runUnboundTest();
+  }
+
+  @Test
+  @DisplayName("val_rrsig.rpl: Test validator with qtype RRSIG response")
+  void val_rrsig() throws ParseException, IOException {
+    runUnboundTest();
+  }
+
+  @Test
+  @DisplayName("val_secds.rpl: Test validator with secure delegation")
+  void val_secds() throws ParseException, IOException {
+    runUnboundTest();
+  }
+
+  @Test
+  @DisplayName("val_secds_nosig.rpl: Test validator with no signatures after secure delegation")
+  void val_secds_nosig() throws ParseException, IOException {
+    runUnboundTest();
+  }
+
+  @Test
+  @DisplayName("val_spurious_ns.rpl: Test validator with spurious unsigned NS in auth section")
+  void val_spurious_ns() throws ParseException, IOException {
+    runUnboundTest();
+  }
+
+  @Disabled("tests unbound specific config (stub zones)")
+  @Test
+  @DisplayName("val_stubds.rpl: Test stub with DS query")
+  void val_stubds() throws ParseException, IOException {
+    runUnboundTest();
+  }
+
+  @Test
+  @DisplayName("val_stub_noroot.rpl: Test validation of stub zone without root prime.")
+  void val_stub_noroot() throws ParseException, IOException {
+    runUnboundTest();
+  }
+
+  @Test
+  @DisplayName("val_ta_algo_dnskey.rpl: Test validator with multiple algorithm trust anchor")
+  void val_ta_algo_dnskey() throws ParseException, IOException {
+    runUnboundTest();
+  }
+
+  @Test
+  @DisplayName(
+      "val_ta_algo_dnskey_dp.rpl: Test validator with multiple algorithm trust anchor without harden")
+  void val_ta_algo_dnskey_dp() throws ParseException, IOException {
+    runUnboundTest();
+  }
+
+  @Test
+  @DisplayName("val_ta_algo_missing.rpl: Test validator with multiple algorithm missing one")
+  void val_ta_algo_missing() throws ParseException, IOException {
+    runUnboundTest();
+  }
+
+  @Test
+  @DisplayName("val_ta_algo_missing_dp.rpl: Test validator with multiple algorithm missing one")
+  void val_ta_algo_missing_dp() throws ParseException, IOException {
+    runUnboundTest();
+  }
+
+  @Test
+  @DisplayName("val_twocname.rpl: Test validator with unsigned CNAME to signed CNAME to data")
+  void val_twocname() throws ParseException, IOException {
+    runUnboundTest();
+  }
+
+  @Test
+  @DisplayName("val_unalgo_anchor.rpl: Test validator with unsupported algorithm trust anchor")
+  void val_unalgo_anchor() throws ParseException, IOException {
+    runUnboundTest();
+  }
+
+  @Test
+  @DisplayName("val_unalgo_dlv.rpl: Test validator with unknown algorithm DLV anchor")
+  void val_unalgo_dlv() throws ParseException, IOException {
+    runUnboundTest();
+  }
+
+  @Test
+  @DisplayName("val_unalgo_ds.rpl: Test validator with unknown algorithm delegation")
+  void val_unalgo_ds() throws ParseException, IOException {
+    runUnboundTest();
+  }
+
+  @Test
+  @DisplayName("val_unsecds.rpl: Test validator with insecure delegation")
+  void val_unsecds() throws ParseException, IOException {
+    runUnboundTest();
+  }
+
+  @Disabled("we don't do negative caching")
+  @Test
+  @DisplayName(
+      "val_unsecds_negcache.rpl: Test validator with insecure delegation and DS negative cache")
+  void val_unsecds_negcache() throws ParseException, IOException {
+    runUnboundTest();
+  }
+
+  @Disabled("tests the iterative resolver")
+  @Test
+  @DisplayName("val_unsecds_qtypeds.rpl: Test validator with insecure delegation and qtype DS.")
+  void val_unsecds_qtypeds() throws ParseException, IOException {
+    runUnboundTest();
+  }
+
+  @Test
+  @DisplayName("val_unsec_cname.rpl: Test validator with DS, unsec, cname sequence.")
+  void val_unsec_cname() throws ParseException, IOException {
+    runUnboundTest();
+  }
+
+  @Test
+  @DisplayName("val_wild_pos.rpl: Test validator with direct wildcard positive response")
+  void val_wild_pos() throws ParseException, IOException {
+    runUnboundTest();
+  }
+}
diff --git a/src/test/java/org/xbill/DNS/hosts/HostsFileParserTest.java b/src/test/java/org/xbill/DNS/hosts/HostsFileParserTest.java
index a9ae9d371..20700a9b5 100644
--- a/src/test/java/org/xbill/DNS/hosts/HostsFileParserTest.java
+++ b/src/test/java/org/xbill/DNS/hosts/HostsFileParserTest.java
@@ -5,6 +5,8 @@
 import static org.junit.jupiter.api.Assertions.assertNotEquals;
 import static org.junit.jupiter.api.Assertions.assertThrows;
 import static org.junit.jupiter.api.Assertions.assertTrue;
+import static org.mockito.Mockito.mock;
+import static org.mockito.Mockito.when;
 
 import java.io.BufferedWriter;
 import java.io.IOException;
@@ -18,6 +20,9 @@
 import java.nio.file.StandardCopyOption;
 import java.nio.file.StandardOpenOption;
 import java.nio.file.attribute.FileTime;
+import java.time.Clock;
+import java.time.Duration;
+import java.time.Instant;
 import java.util.Optional;
 import org.junit.jupiter.api.BeforeAll;
 import org.junit.jupiter.api.Test;
@@ -72,7 +77,7 @@ void testMissingFileIsEmptyResult() throws IOException {
   }
 
   @Test
-  void testCacheLookup() throws IOException {
+  void testCacheLookupAfterFileDeleteWithoutChangeChecking() throws IOException {
     Path tempHosts = Files.copy(hostsFileWindows, tempDir, StandardCopyOption.REPLACE_EXISTING);
     HostsFileParser hostsFileParser = new HostsFileParser(tempHosts, false);
     assertEquals(0, hostsFileParser.cacheSize());
@@ -98,6 +103,10 @@ void testFileDeletionClearsCache() throws IOException {
             tempDir.resolve("testFileWatcherClearsCache"),
             StandardCopyOption.REPLACE_EXISTING);
     HostsFileParser hostsFileParser = new HostsFileParser(tempHosts);
+    Clock clock = mock(Clock.class);
+    hostsFileParser.setClock(clock);
+    Instant now = Clock.systemUTC().instant();
+    when(clock.instant()).thenReturn(now);
     assertEquals(0, hostsFileParser.cacheSize());
     assertEquals(
         kubernetesAddress,
@@ -106,6 +115,7 @@ void testFileDeletionClearsCache() throws IOException {
             .orElseThrow(() -> new IllegalStateException("Host entry not found")));
     assertTrue(hostsFileParser.cacheSize() > 1, "Cache must not be empty");
     Files.delete(tempHosts);
+    when(clock.instant()).thenReturn(now.plus(Duration.ofMinutes(6)));
     assertEquals(Optional.empty(), hostsFileParser.getAddressForHost(kubernetesName, Type.A));
     assertEquals(0, hostsFileParser.cacheSize());
   }
@@ -119,6 +129,10 @@ void testFileChangeClearsCache() throws IOException {
             StandardCopyOption.REPLACE_EXISTING);
     Files.setLastModifiedTime(tempHosts, FileTime.fromMillis(0));
     HostsFileParser hostsFileParser = new HostsFileParser(tempHosts);
+    Clock clock = mock(Clock.class);
+    hostsFileParser.setClock(clock);
+    Instant now = Clock.systemUTC().instant();
+    when(clock.instant()).thenReturn(now);
     assertEquals(0, hostsFileParser.cacheSize());
     assertEquals(
         kubernetesAddress,
@@ -134,6 +148,7 @@ void testFileChangeClearsCache() throws IOException {
     }
 
     Files.setLastModifiedTime(tempHosts, FileTime.fromMillis(10_0000));
+    when(clock.instant()).thenReturn(now.plus(Duration.ofMinutes(6)));
     assertEquals(
         InetAddress.getByAddress(testName.toString(), localhostBytes),
         hostsFileParser
@@ -171,6 +186,20 @@ void testBigFileIsNotCompletelyCachedA() throws IOException {
     assertEquals(1, hostsFileParser.cacheSize());
   }
 
+  @Test
+  void testBigFileCompletelyCachedA() throws IOException {
+    try {
+      System.setProperty("dnsjava.hostsfile.max_size_bytes", 1024 * 1024 * 1024 + "");
+      HostsFileParser hostsFileParser = generateLargeHostsFile("testBigFileCompletelyCachedA");
+      hostsFileParser
+          .getAddressForHost(Name.fromConstantString("localhost-10."), Type.A)
+          .orElseThrow(() -> new IllegalStateException("Host entry not found"));
+      assertEquals(1280, hostsFileParser.cacheSize());
+    } finally {
+      System.clearProperty("dnsjava.hostsfile.max_size_bytes");
+    }
+  }
+
   @Test
   void testBigFileIsNotCompletelyCachedAAAA() throws IOException {
     HostsFileParser hostsFileParser =
diff --git a/src/test/java/org/xbill/DNS/lookup/LookupResultTest.java b/src/test/java/org/xbill/DNS/lookup/LookupResultTest.java
index 2ce793de9..3621b3a61 100644
--- a/src/test/java/org/xbill/DNS/lookup/LookupResultTest.java
+++ b/src/test/java/org/xbill/DNS/lookup/LookupResultTest.java
@@ -3,34 +3,101 @@
 
 import static java.util.Collections.singletonList;
 import static org.junit.jupiter.api.Assertions.assertEquals;
+import static org.junit.jupiter.api.Assertions.assertNull;
 import static org.junit.jupiter.api.Assertions.assertThrows;
 
 import java.net.InetAddress;
+import java.util.Collections;
 import org.junit.jupiter.api.Test;
+import org.junit.jupiter.params.ParameterizedTest;
+import org.junit.jupiter.params.provider.ValueSource;
 import org.xbill.DNS.ARecord;
+import org.xbill.DNS.CNAMERecord;
 import org.xbill.DNS.DClass;
 import org.xbill.DNS.Name;
 import org.xbill.DNS.Record;
 
 class LookupResultTest {
+  private static final LookupResult PREVIOUS = new LookupResult(false);
+  private static final ARecord A_RECORD =
+      new ARecord(Name.fromConstantString("a."), DClass.IN, 0, InetAddress.getLoopbackAddress());
+
   @Test
   void ctor_nullRecords() {
-    assertThrows(NullPointerException.class, () -> new LookupResult(null, null));
+    assertThrows(
+        NullPointerException.class,
+        () -> new LookupResult(PREVIOUS, null, null, false, null, Collections.emptyList()));
+  }
+
+  @Test
+  void ctor_nullAliases() {
+    assertThrows(
+        NullPointerException.class,
+        () -> new LookupResult(PREVIOUS, null, null, false, Collections.emptyList(), null));
+  }
+
+  @ParameterizedTest
+  @ValueSource(booleans = {false, true})
+  void ctor_authOnly(boolean isAuthenticated) {
+    LookupResult lookupResult = new LookupResult(isAuthenticated);
+    assertEquals(isAuthenticated, lookupResult.isAuthenticated());
+    assertEquals(0, lookupResult.getAliases().size());
+    assertEquals(0, lookupResult.getRecords().size());
+    assertEquals(0, lookupResult.getQueryResponsePairs().size());
+  }
+
+  @ParameterizedTest
+  @ValueSource(booleans = {false, true})
+  void ctor_singleRecord(boolean isAuthenticated) {
+    LookupResult lookupResult = new LookupResult(A_RECORD, isAuthenticated, A_RECORD);
+    assertEquals(isAuthenticated, lookupResult.isAuthenticated());
+    assertEquals(0, lookupResult.getAliases().size());
+    assertEquals(1, lookupResult.getRecords().size());
+    assertEquals(1, lookupResult.getQueryResponsePairs().size());
+    assertNull(lookupResult.getQueryResponsePairs().get(A_RECORD));
   }
 
   @Test
   void getResult() {
-    Record record =
-        new ARecord(Name.fromConstantString("a."), DClass.IN, 0, InetAddress.getLoopbackAddress());
-    LookupResult lookupResult = new LookupResult(singletonList(record), null);
-    assertEquals(singletonList(record), lookupResult.getRecords());
+    LookupResult lookupResult =
+        new LookupResult(
+            PREVIOUS, null, null, false, singletonList(A_RECORD), Collections.emptyList());
+    assertEquals(singletonList(A_RECORD), lookupResult.getRecords());
   }
 
   @Test
   void getAliases() {
     Name name = Name.fromConstantString("b.");
-    Record record = new ARecord(name, DClass.IN, 0, InetAddress.getLoopbackAddress());
-    LookupResult lookupResult = new LookupResult(singletonList(record), singletonList(name));
+    Record aRecord = new ARecord(name, DClass.IN, 0, InetAddress.getLoopbackAddress());
+    LookupResult lookupResult =
+        new LookupResult(PREVIOUS, null, null, false, singletonList(aRecord), singletonList(name));
     assertEquals(singletonList(name), lookupResult.getAliases());
   }
+
+  @ParameterizedTest
+  @ValueSource(booleans = {false, true})
+  void isAuthenticated(boolean isAuthenticated) {
+    LookupResult lookupResult =
+        new LookupResult(
+            new LookupResult(isAuthenticated),
+            null,
+            null,
+            isAuthenticated,
+            singletonList(A_RECORD),
+            Collections.emptyList());
+    assertEquals(isAuthenticated, lookupResult.isAuthenticated());
+  }
+
+  @ParameterizedTest
+  @ValueSource(booleans = {false, true})
+  void isAuthenticatedRequiresAllForTrue(boolean isAuthenticated) {
+    Name nameA = Name.fromConstantString("a.");
+    Name nameB = Name.fromConstantString("b.");
+    Record cname = new CNAMERecord(nameA, DClass.IN, 0, nameB);
+    Record a = new ARecord(nameB, DClass.IN, 0, InetAddress.getLoopbackAddress());
+    LookupResult lookupResult1 = new LookupResult(isAuthenticated);
+    LookupResult lookupResult2 =
+        new LookupResult(lookupResult1, cname, null, true, singletonList(a), singletonList(nameA));
+    assertEquals(isAuthenticated, lookupResult2.isAuthenticated());
+  }
 }
diff --git a/src/test/java/org/xbill/DNS/lookup/LookupSessionTest.java b/src/test/java/org/xbill/DNS/lookup/LookupSessionTest.java
index 8fafe5d72..77ec7769a 100644
--- a/src/test/java/org/xbill/DNS/lookup/LookupSessionTest.java
+++ b/src/test/java/org/xbill/DNS/lookup/LookupSessionTest.java
@@ -3,13 +3,19 @@
 
 import static java.lang.String.format;
 import static java.util.Arrays.asList;
+import static java.util.Collections.emptyList;
 import static java.util.Collections.singletonList;
+import static org.assertj.core.api.Assertions.assertThat;
+import static org.assertj.core.api.Assertions.assertThatThrownBy;
+import static org.junit.jupiter.api.Assertions.assertAll;
 import static org.junit.jupiter.api.Assertions.assertEquals;
-import static org.junit.jupiter.api.Assertions.assertThrows;
+import static org.junit.jupiter.api.Assertions.assertTrue;
 import static org.mockito.ArgumentMatchers.any;
 import static org.mockito.ArgumentMatchers.anyInt;
 import static org.mockito.Mockito.inOrder;
+import static org.mockito.Mockito.lenient;
 import static org.mockito.Mockito.mock;
+import static org.mockito.Mockito.spy;
 import static org.mockito.Mockito.times;
 import static org.mockito.Mockito.verify;
 import static org.mockito.Mockito.verifyNoMoreInteractions;
@@ -19,9 +25,11 @@
 import static org.xbill.DNS.LookupTest.LONG_LABEL;
 import static org.xbill.DNS.LookupTest.answer;
 import static org.xbill.DNS.LookupTest.fail;
+import static org.xbill.DNS.LookupTest.multiAnswer;
 import static org.xbill.DNS.Type.A;
 import static org.xbill.DNS.Type.AAAA;
 import static org.xbill.DNS.Type.CNAME;
+import static org.xbill.DNS.Type.DNAME;
 import static org.xbill.DNS.Type.MX;
 
 import java.io.IOException;
@@ -43,10 +51,10 @@
 import org.junit.jupiter.api.BeforeEach;
 import org.junit.jupiter.api.Test;
 import org.junit.jupiter.api.extension.ExtendWith;
-import org.junit.jupiter.api.function.Executable;
 import org.junit.jupiter.api.io.TempDir;
 import org.junit.jupiter.params.ParameterizedTest;
 import org.junit.jupiter.params.provider.CsvSource;
+import org.junit.jupiter.params.provider.EnumSource;
 import org.junit.jupiter.params.provider.ValueSource;
 import org.mockito.ArgumentCaptor;
 import org.mockito.InOrder;
@@ -69,6 +77,7 @@
 import org.xbill.DNS.Section;
 import org.xbill.DNS.SetResponse;
 import org.xbill.DNS.Type;
+import org.xbill.DNS.WireParseException;
 import org.xbill.DNS.hosts.HostsFileParser;
 
 @ExtendWith(MockitoExtension.class)
@@ -79,13 +88,15 @@ class LookupSessionTest {
 
   private static final ARecord LOOPBACK_A =
       new ARecord(DUMMY_NAME, IN, 3600, InetAddress.getLoopbackAddress());
+  private static final ARecord EXAMPLE_A = (ARecord) LOOPBACK_A.withName(name("example.com."));
   private static final AAAARecord LOOPBACK_AAAA;
+  private static final String INVALID_SERVER_RESPONSE_MESSAGE = "refusing to return it";
   private HostsFileParser lookupSessionTestHostsFileParser;
 
   static {
-    AAAARecord record = null;
+    AAAARecord aaaaRecord = null;
     try {
-      record =
+      aaaaRecord =
           new AAAARecord(
               DUMMY_NAME,
               IN,
@@ -95,7 +106,7 @@ record =
       // cannot happen
     }
 
-    LOOPBACK_AAAA = record;
+    LOOPBACK_AAAA = aaaaRecord;
   }
 
   @BeforeEach
@@ -123,6 +134,37 @@ void lookupAsync_absoluteQuery() throws InterruptedException, ExecutionException
     verify(mockResolver).sendAsync(any(), any(Executor.class));
   }
 
+  @ParameterizedTest
+  @CsvSource(
+      value = {
+        "true,REMOVE",
+        "true,THROW",
+        "false,REMOVE",
+        "false,THROW",
+      })
+  void lookupAsync_absoluteQueryNoExtra(boolean useCache, IrrelevantRecordMode mode)
+      throws ExecutionException, InterruptedException {
+    wireUpMockResolver(
+        mockResolver, query -> multiAnswer(query, name -> new Record[] {LOOPBACK_A, EXAMPLE_A}));
+
+    LookupSession lookupSession = lookupSession(useCache).irrelevantRecordMode(mode).build();
+    CompletableFuture<LookupResult> future =
+        lookupSession.lookupAsync(name("a.b."), A, IN).toCompletableFuture();
+    if (mode == IrrelevantRecordMode.THROW) {
+      assertThatThrownBy(future::get)
+          .cause()
+          .isInstanceOf(LookupFailedException.class)
+          .hasMessageContaining(INVALID_SERVER_RESPONSE_MESSAGE);
+    } else {
+      LookupResult result = future.get();
+      assertThat(result.getAliases()).isEmpty();
+      assertThat(result.getRecords()).containsExactly(LOOPBACK_A.withName(name("a.b.")));
+    }
+
+    assertCacheUnused(useCache, mode, lookupSession);
+    verify(mockResolver).sendAsync(any(), any(Executor.class));
+  }
+
   @Test
   void lookupAsync_absoluteQuery_defaultClass() throws InterruptedException, ExecutionException {
     wireUpMockResolver(mockResolver, query -> answer(query, name -> LOOPBACK_A));
@@ -159,10 +201,14 @@ void lookupAsync_absoluteQueryWithFailedHosts() throws IOException {
     when(mockHosts.getAddressForHost(any(), anyInt())).thenThrow(IOException.class);
     LookupSession lookupSession =
         LookupSession.builder().resolver(mockResolver).hostsFileParser(mockHosts).build();
-    CompletionStage<LookupResult> resultFuture =
-        lookupSession.lookupAsync(name("kubernetes.docker.internal."), A, IN);
 
-    assertThrowsCause(NoSuchDomainException.class, () -> resultFuture.toCompletableFuture().get());
+    assertThatThrownBy(
+            lookupSession
+                    .lookupAsync(name("kubernetes.docker.internal."), A, IN)
+                    .toCompletableFuture()
+                ::get)
+        .cause()
+        .isInstanceOf(NoSuchDomainException.class);
   }
 
   @Test
@@ -173,10 +219,14 @@ void lookupAsync_absoluteQueryWithHostsInvalidType() {
             .resolver(mockResolver)
             .hostsFileParser(lookupSessionTestHostsFileParser)
             .build();
-    CompletionStage<LookupResult> resultFuture =
-        lookupSession.lookupAsync(name("kubernetes.docker.internal."), MX, IN);
 
-    assertThrowsCause(NoSuchDomainException.class, () -> resultFuture.toCompletableFuture().get());
+    assertThatThrownBy(
+            lookupSession
+                    .lookupAsync(name("kubernetes.docker.internal."), MX, IN)
+                    .toCompletableFuture()
+                ::get)
+        .cause()
+        .isInstanceOf(NoSuchDomainException.class);
     verify(mockResolver).sendAsync(any(), any(Executor.class));
   }
 
@@ -354,11 +404,12 @@ void lookupAsync_searchPathWithCacheMissAndHit() throws InterruptedException, Ex
     when(mockCache.lookupRecords(name("host.tld."), A, Credibility.NORMAL))
         .thenReturn(mock(SetResponse.class));
 
-    SetResponse second = mock(SetResponse.class);
-    when(second.isSuccessful()).thenReturn(true);
-    when(second.answers())
+    SetResponse anotherTldResponse = mock(SetResponse.class);
+    when(anotherTldResponse.isSuccessful()).thenReturn(true);
+    when(anotherTldResponse.answers())
         .thenReturn(singletonList(new RRset(LOOPBACK_A.withName(name("another.tld.")))));
-    when(mockCache.lookupRecords(name("another.tld."), A, Credibility.NORMAL)).thenReturn(second);
+    when(mockCache.lookupRecords(name("another.tld."), A, Credibility.NORMAL))
+        .thenReturn(anotherTldResponse);
 
     LookupSession lookupSession =
         LookupSession.builder()
@@ -431,11 +482,7 @@ void lookupAsync_twoCnameRedirectMultipleQueries(boolean useCache) throws Except
         };
     wireUpMockResolver(mockResolver, q -> answer(q, nameToRecord));
 
-    LookupSession lookupSession =
-        useCache
-            ? LookupSession.builder().cache(new Cache()).resolver(mockResolver).build()
-            : LookupSession.builder().resolver(mockResolver).build();
-
+    LookupSession lookupSession = lookupSession(useCache).build();
     CompletionStage<LookupResult> resultFuture = lookupSession.lookupAsync(name("cname.a."), A, IN);
 
     LookupResult result = resultFuture.toCompletableFuture().get();
@@ -443,17 +490,26 @@ void lookupAsync_twoCnameRedirectMultipleQueries(boolean useCache) throws Except
     assertEquals(
         Stream.of(name("cname.a."), name("cname.b.")).collect(Collectors.toList()),
         result.getAliases());
+    if (useCache) {
+      assertEquals(3, lookupSession.getCache(IN).getSize());
+    }
     verify(mockResolver, times(3)).sendAsync(any(), any(Executor.class));
   }
 
   @ParameterizedTest
-  @CsvSource({
-    "false,false",
-    "true,false",
-    "false,true",
-    "true,true",
-  })
-  void lookupAsync_twoDnameRedirectOneQuery(boolean useCache, boolean includeSyntheticCnames)
+  @CsvSource(
+      value = {
+        "true,true,REMOVE",
+        "true,true,THROW",
+        "true,false,REMOVE",
+        "true,false,THROW",
+        "false,false,REMOVE",
+        "false,false,THROW",
+        "false,true,REMOVE",
+        "false,true,THROW",
+      })
+  void lookupAsync_twoDnameRedirectOneQuery(
+      boolean useCache, boolean includeSyntheticCnames, IrrelevantRecordMode mode)
       throws Exception {
     wireUpMockResolver(
         mockResolver,
@@ -473,11 +529,7 @@ void lookupAsync_twoDnameRedirectOneQuery(boolean useCache, boolean includeSynth
           return answer;
         });
 
-    LookupSession lookupSession =
-        useCache
-            ? LookupSession.builder().cache(new Cache()).resolver(mockResolver).build()
-            : LookupSession.builder().resolver(mockResolver).build();
-
+    LookupSession lookupSession = lookupSession(useCache).irrelevantRecordMode(mode).build();
     CompletionStage<LookupResult> resultFuture =
         lookupSession.lookupAsync(name("www.example.org."), A, IN);
 
@@ -487,6 +539,9 @@ void lookupAsync_twoDnameRedirectOneQuery(boolean useCache, boolean includeSynth
         Stream.of(name("www.example.org."), name("www.example.net."), name("www.example.com."))
             .collect(Collectors.toList()),
         result.getAliases());
+    if (useCache) {
+      assertEquals(4 + (includeSyntheticCnames ? 2 : 0), lookupSession.getCache(IN).getSize());
+    }
     verify(mockResolver, times(1)).sendAsync(any(), any(Executor.class));
   }
 
@@ -504,11 +559,7 @@ void lookupAsync_twoCnameRedirectOneQuery(boolean useCache) throws Exception {
           return answer;
         });
 
-    LookupSession lookupSession =
-        useCache
-            ? LookupSession.builder().cache(new Cache()).resolver(mockResolver).build()
-            : LookupSession.builder().resolver(mockResolver).build();
-
+    LookupSession lookupSession = lookupSession(useCache).build();
     CompletionStage<LookupResult> resultFuture = lookupSession.lookupAsync(name("cname.a."), A, IN);
 
     LookupResult result = resultFuture.toCompletableFuture().get();
@@ -544,11 +595,7 @@ void lookupAsync_twoCnameRedirectIncompleteResponse(boolean useCache, int firstR
           return answer;
         });
 
-    LookupSession lookupSession =
-        useCache
-            ? LookupSession.builder().cache(new Cache()).resolver(mockResolver).build()
-            : LookupSession.builder().resolver(mockResolver).build();
-
+    LookupSession lookupSession = lookupSession(useCache).build();
     CompletionStage<LookupResult> resultFuture = lookupSession.lookupAsync(name("cname.a."), A, IN);
 
     LookupResult result = resultFuture.toCompletableFuture().get();
@@ -556,6 +603,9 @@ void lookupAsync_twoCnameRedirectIncompleteResponse(boolean useCache, int firstR
     assertEquals(
         Stream.of(name("cname.a."), name("cname.b.")).collect(Collectors.toList()),
         result.getAliases());
+    if (useCache) {
+      assertEquals(3, lookupSession.getCache(IN).getSize());
+    }
     verify(mockResolver, times(2)).sendAsync(any(), any(Executor.class));
   }
 
@@ -600,50 +650,190 @@ void lookupAsync_simpleCnameRedirect(boolean useCache, String rcode, String type
           }
         });
 
-    LookupSession lookupSession =
-        useCache
-            ? LookupSession.builder().cache(new Cache()).resolver(mockResolver).build()
-            : LookupSession.builder().resolver(mockResolver).build();
-
-    CompletionStage<LookupResult> resultFuture =
-        lookupSession.lookupAsync(name("cname.r."), Type.value(type), IN);
+    LookupSession lookupSession = lookupSession(useCache).build();
+    CompletableFuture<LookupResult> future =
+        lookupSession.lookupAsync(name("cname.r."), Type.value(type), IN).toCompletableFuture();
 
-    CompletableFuture<LookupResult> future = resultFuture.toCompletableFuture();
     if (rcode.equals("NXDOMAIN")) {
-      assertThrowsCause(NoSuchDomainException.class, future::get);
+      assertThatThrownBy(future::get).cause().isInstanceOf(NoSuchDomainException.class);
     } else {
       LookupResult result = future.get();
-      assertEquals(0, result.getRecords().size());
+      assertThat(result.getRecords()).isEmpty();
     }
     verify(mockResolver, times(2)).sendAsync(any(), any(Executor.class));
   }
 
   @Test
   void lookupAsync_simpleCnameRedirect() throws Exception {
+    Name cname = name("cname.r.");
+    Name target = name("a.b.");
     Function<Name, Record> nameToRecord =
-        name -> name("cname.r.").equals(name) ? cname("cname.r.", "a.b.") : LOOPBACK_A;
+        name -> cname.equals(name) ? cname(cname, target) : LOOPBACK_A;
     wireUpMockResolver(mockResolver, q -> answer(q, nameToRecord));
 
     LookupSession lookupSession = LookupSession.builder().resolver(mockResolver).build();
 
-    CompletionStage<LookupResult> resultFuture = lookupSession.lookupAsync(name("cname.r."), A, IN);
+    CompletionStage<LookupResult> resultFuture = lookupSession.lookupAsync(cname, A, IN);
 
     LookupResult result = resultFuture.toCompletableFuture().get();
     assertEquals(singletonList(LOOPBACK_A.withName(name("a.b."))), result.getRecords());
-    assertEquals(singletonList(name("cname.r.")), result.getAliases());
+    assertEquals(singletonList(cname), result.getAliases());
+    verify(mockResolver, times(2)).sendAsync(any(), any(Executor.class));
+  }
+
+  @ParameterizedTest
+  @EnumSource(value = IrrelevantRecordMode.class)
+  void lookupAsync_simpleCnameRedirectNoExtra(IrrelevantRecordMode mode)
+      throws ExecutionException, InterruptedException {
+    Name query = name("cname.r.");
+    Name target = name("a.b.");
+    Function<Name, Record[]> nameToRecord =
+        name ->
+            query.equals(name)
+                ? new Record[] {cname(query, target)}
+                : new Record[] {
+                  LOOPBACK_A, EXAMPLE_A,
+                };
+    wireUpMockResolver(mockResolver, q -> multiAnswer(q, nameToRecord));
+
+    LookupSession lookupSession =
+        LookupSession.builder().resolver(mockResolver).irrelevantRecordMode(mode).build();
+
+    CompletableFuture<LookupResult> f =
+        lookupSession.lookupAsync(query, A, IN).toCompletableFuture();
+    if (mode == IrrelevantRecordMode.REMOVE) {
+      LookupResult result = f.get();
+      assertThat(result.getRecords()).hasSize(1).containsExactly(LOOPBACK_A.withName(target));
+    } else {
+      assertThatThrownBy(f::get)
+          .cause()
+          .isInstanceOf(LookupFailedException.class)
+          .hasMessageContaining(INVALID_SERVER_RESPONSE_MESSAGE)
+          .rootCause()
+          .isInstanceOf(WireParseException.class);
+    }
+
     verify(mockResolver, times(2)).sendAsync(any(), any(Executor.class));
   }
 
+  @Test
+  void lookupAsync_cnameQuery() throws Exception {
+    Name query = name("cname.r.");
+    CNAMERecord response = cname(query, "a.b.");
+    Function<Name, Record> nameToRecord = name -> query.equals(name) ? response : LOOPBACK_A;
+    wireUpMockResolver(mockResolver, q -> answer(q, nameToRecord));
+
+    LookupSession lookupSession = LookupSession.builder().resolver(mockResolver).build();
+
+    CompletionStage<LookupResult> resultFuture = lookupSession.lookupAsync(query, CNAME, IN);
+
+    LookupResult result = resultFuture.toCompletableFuture().get();
+    assertEquals(singletonList(response), result.getRecords());
+    assertEquals(emptyList(), result.getAliases());
+    verify(mockResolver, times(1)).sendAsync(any(), any(Executor.class));
+  }
+
+  @Test
+  void lookupAsync_dnameQuery() throws Exception {
+    Name query = name("dname.r.");
+    DNAMERecord response = dname(query, "a.b.");
+    Function<Name, Record> nameToRecord = name -> name.equals(query) ? response : LOOPBACK_A;
+    wireUpMockResolver(mockResolver, q -> answer(q, nameToRecord));
+
+    LookupSession lookupSession = LookupSession.builder().resolver(mockResolver).build();
+
+    CompletionStage<LookupResult> resultFuture = lookupSession.lookupAsync(query, DNAME, IN);
+
+    LookupResult result = resultFuture.toCompletableFuture().get();
+    assertEquals(singletonList(response), result.getRecords());
+    assertEquals(emptyList(), result.getAliases());
+    verify(mockResolver, times(1)).sendAsync(any(), any(Executor.class));
+  }
+
+  @ParameterizedTest
+  @CsvSource(
+      value = {
+        "true,REMOVE",
+        "true,THROW",
+        "false,REMOVE",
+        "false,THROW",
+      })
+  void lookupAsync_cnameQueryExtra(boolean useCache, IrrelevantRecordMode mode)
+      throws ExecutionException, InterruptedException {
+    Name query = name("cname.r.");
+    Name target = name("a.b.");
+    CNAMERecord response1 = cname(query, target);
+    CNAMERecord response2 = cname(name("additional.r."), target);
+    Function<Name, Record[]> nameToRecord =
+        name ->
+            query.equals(name) ? new Record[] {response1, response2} : new Record[] {LOOPBACK_A};
+    wireUpMockResolver(mockResolver, q -> multiAnswer(q, nameToRecord));
+
+    LookupSession lookupSession = lookupSession(useCache, mode).build();
+    CompletableFuture<LookupResult> future =
+        lookupSession.lookupAsync(query, CNAME, IN).toCompletableFuture();
+    if (mode == IrrelevantRecordMode.THROW) {
+      assertThatThrownBy(future::get)
+          .cause()
+          .isInstanceOf(LookupFailedException.class)
+          .hasMessageContaining(INVALID_SERVER_RESPONSE_MESSAGE);
+    } else {
+      LookupResult result = future.get();
+      assertThat(result.getAliases()).isEmpty();
+      assertThat(result.getRecords()).containsExactly(cname(query, target));
+    }
+
+    assertCacheUnused(useCache, mode, lookupSession);
+    verify(mockResolver, times(1)).sendAsync(any(), any(Executor.class));
+  }
+
+  @ParameterizedTest
+  @CsvSource(
+      value = {
+        "true,REMOVE",
+        "true,THROW",
+        "false,REMOVE",
+        "false,THROW",
+      })
+  void lookupAsync_dnameQueryExtra(boolean useCache, IrrelevantRecordMode mode)
+      throws ExecutionException, InterruptedException {
+    Name query = name("cname.r.");
+    Name target = name("a.b.");
+    DNAMERecord response1 = dname(query, target);
+    DNAMERecord response2 = dname(name("additional.r."), target);
+    Function<Name, Record[]> nameToRecord =
+        name ->
+            query.equals(name) ? new Record[] {response1, response2} : new Record[] {LOOPBACK_A};
+    wireUpMockResolver(mockResolver, q -> multiAnswer(q, nameToRecord));
+
+    LookupSession lookupSession = lookupSession(useCache, mode).build();
+    CompletableFuture<LookupResult> future =
+        lookupSession.lookupAsync(query, DNAME, IN).toCompletableFuture();
+    if (mode == IrrelevantRecordMode.THROW) {
+      assertThatThrownBy(future::get)
+          .cause()
+          .isInstanceOf(LookupFailedException.class)
+          .hasMessageContaining(INVALID_SERVER_RESPONSE_MESSAGE);
+    } else {
+      LookupResult result = future.get();
+      assertThat(result.getAliases()).isEmpty();
+      assertThat(result.getRecords()).containsExactly(response1);
+    }
+
+    assertCacheUnused(useCache, mode, lookupSession);
+    verify(mockResolver, times(1)).sendAsync(any(), any(Executor.class));
+  }
+
   @Test
   void lookupAsync_simpleDnameRedirect() throws Exception {
+    Name query = name("x.y.to.dname.");
     Function<Name, Record> nameToRecord =
-        n -> name("x.y.to.dname.").equals(n) ? dname("to.dname.", "to.a.") : LOOPBACK_A;
+        name -> name.equals(query) ? dname("to.dname.", "to.a.") : LOOPBACK_A;
     wireUpMockResolver(mockResolver, q -> answer(q, nameToRecord));
 
     LookupSession lookupSession = LookupSession.builder().resolver(mockResolver).build();
 
-    CompletionStage<LookupResult> resultFuture =
-        lookupSession.lookupAsync(name("x.y.to.dname."), A, IN);
+    CompletionStage<LookupResult> resultFuture = lookupSession.lookupAsync(query, A, IN);
 
     LookupResult result = resultFuture.toCompletableFuture().get();
     assertEquals(singletonList(LOOPBACK_A.withName(name("x.y.to.a."))), result.getRecords());
@@ -651,23 +841,252 @@ void lookupAsync_simpleDnameRedirect() throws Exception {
   }
 
   @Test
-  void lookupAsync_redirectLoop() {
-    Function<Name, Record> nameToRecord =
-        name -> name("a.b.").equals(name) ? cname("a.", "b.") : cname("b.", "a.");
-    wireUpMockResolver(mockResolver, q -> answer(q, nameToRecord));
+  void lookupAsync_simpleDnameRedirectSynthesizedCname() throws Exception {
+    Name query = name("x.y.example.org.");
+    wireUpMockResolver(
+        mockResolver,
+        q ->
+            multiAnswer(
+                q,
+                name ->
+                    new Record[] {
+                      dname("example.org.", "example.net."),
+                      cname("x.y.example.org.", "x.y.example.net."),
+                      LOOPBACK_A.withName(name("x.y.example.net.")),
+                    }));
+
+    LookupSession lookupSession = LookupSession.builder().resolver(mockResolver).build();
+
+    CompletionStage<LookupResult> resultFuture = lookupSession.lookupAsync(query, A, IN);
+
+    LookupResult result = resultFuture.toCompletableFuture().get();
+    assertEquals(singletonList(LOOPBACK_A.withName(name("x.y.example.net."))), result.getRecords());
+    assertEquals(singletonList(name("x.y.example.org.")), result.getAliases());
+    verify(mockResolver, times(1)).sendAsync(any(), any(Executor.class));
+  }
+
+  @ParameterizedTest
+  @CsvSource(
+      value = {
+        "x.y.example.com.,x.y.example.org.,REMOVE",
+        "x.y.example.com.,x.y.example.org.,THROW",
+        "x.y.example.org.,x.y.example.com.,REMOVE",
+        "x.y.example.org.,x.y.example.com.,THROW",
+      })
+  void lookupAsync_simpleDnameRedirectWrongSynthesizedCname(
+      String from, String to, IrrelevantRecordMode mode)
+      throws ExecutionException, InterruptedException {
+    Name query = name("x.y.example.org.");
+    wireUpMockResolver(
+        mockResolver,
+        q ->
+            multiAnswer(
+                q,
+                name ->
+                    new Record[] {
+                      // Correct
+                      dname("example.org.", "example.net."),
+                      // Extra and wrong
+                      cname(from, to),
+                      // Correct
+                      LOOPBACK_A.withName(name("x.y.example.net.")),
+                      // Extra and wrong
+                      LOOPBACK_A.withName(name(to)),
+                    }));
 
     LookupSession lookupSession =
-        LookupSession.builder().resolver(mockResolver).maxRedirects(2).build();
+        LookupSession.builder().resolver(mockResolver).irrelevantRecordMode(mode).build();
+
+    CompletableFuture<LookupResult> future =
+        lookupSession.lookupAsync(query, A, IN).toCompletableFuture();
+    if (mode == IrrelevantRecordMode.THROW) {
+      assertThatThrownBy(future::get)
+          .cause()
+          .isInstanceOf(LookupFailedException.class)
+          .hasMessageContaining(INVALID_SERVER_RESPONSE_MESSAGE);
+    } else {
+      LookupResult result = future.get();
+      assertThat(result.getAliases()).containsExactly(name("x.y.example.org."));
+      assertThat(result.getRecords())
+          .containsExactly(LOOPBACK_A.withName(name("x.y.example.net.")));
+    }
+    verify(mockResolver, times(1)).sendAsync(any(), any(Executor.class));
+  }
 
-    CompletionStage<LookupResult> resultFuture =
-        lookupSession.lookupAsync(name("first.example.com."), A, IN);
+  @ParameterizedTest
+  @CsvSource(
+      value = {
+        "true,REMOVE",
+        "true,THROW",
+        "false,REMOVE",
+        "false,THROW",
+      })
+  void lookupAsync_simpleDnameRedirectNoExtra(boolean useCache, IrrelevantRecordMode mode)
+      throws ExecutionException, InterruptedException {
+    Name queryName = name("x.y.to.dname.");
+    wireUpMockResolver(
+        mockResolver,
+        question ->
+            multiAnswer(
+                question,
+                name ->
+                    name.equals(queryName)
+                        ? new Record[] {dname("to.dname.", "to.a.")}
+                        : new Record[] {
+                          // LOOPBACK_A will be transformed to 'x.y.to.a.'
+                          LOOPBACK_A, EXAMPLE_A,
+                        }));
+
+    LookupSession lookupSession = lookupSession(useCache, mode).build();
+    CompletableFuture<LookupResult> future =
+        lookupSession.lookupAsync(queryName, A, IN).toCompletableFuture();
+    if (mode == IrrelevantRecordMode.THROW) {
+      assertThatThrownBy(future::get)
+          .cause()
+          .isInstanceOf(LookupFailedException.class)
+          .hasMessageContaining(INVALID_SERVER_RESPONSE_MESSAGE);
+    } else {
+      LookupResult result = future.get();
+      assertAll(
+          () -> {
+            assertThat(result.getAliases()).containsExactly(name("x.y.to.dname."));
+            assertThat(result.getRecords()).containsExactly(LOOPBACK_A.withName(name("x.y.to.a.")));
+          });
+    }
 
-    assertThrowsCause(
-        RedirectOverflowException.class, () -> resultFuture.toCompletableFuture().get());
-    verify(mockResolver, times(3)).sendAsync(any(), any(Executor.class));
+    if (useCache && mode == IrrelevantRecordMode.THROW) {
+      // Verify that the invalid response didn't end up in the cache
+      Cache cache = lookupSession.getCache(IN);
+      verify(cache, times(1)).addMessage(any(Message.class));
+      assertEquals(1, cache.getSize());
+      assertTrue(cache.lookupRecords(name("example.com."), A, Credibility.NORMAL).isUnknown());
+    }
+
+    verify(mockResolver, times(2)).sendAsync(any(), any(Executor.class));
   }
 
   @ParameterizedTest
+  @CsvSource(
+      value = {
+        "true,REMOVE",
+        "true,THROW",
+        "false,REMOVE",
+        "false,THROW",
+      })
+  void lookupAsync_simpleCnameWrongInitial(boolean useCache, IrrelevantRecordMode mode)
+      throws ExecutionException, InterruptedException {
+    Name query = name("first.example.com.");
+    wireUpMockResolver(mockResolver, q -> answer(q, name -> cname("a.", "b.")));
+
+    LookupSession lookupSession = lookupSession(useCache).irrelevantRecordMode(mode).build();
+    CompletableFuture<LookupResult> future =
+        lookupSession.lookupAsync(query, A, IN).toCompletableFuture();
+    if (mode == IrrelevantRecordMode.THROW) {
+      assertThatThrownBy(future::get)
+          .cause()
+          .isInstanceOf(LookupFailedException.class)
+          .hasMessageContaining(INVALID_SERVER_RESPONSE_MESSAGE);
+    } else {
+      LookupResult result = future.get();
+      assertThat(result.getAliases()).isEmpty();
+      assertThat(result.getRecords()).isEmpty();
+    }
+
+    assertCacheUnused(useCache, mode, lookupSession);
+
+    verify(mockResolver, times(1)).sendAsync(any(), any(Executor.class));
+  }
+
+  @ParameterizedTest
+  @CsvSource(
+      value = {
+        "true,REMOVE",
+        "true,THROW",
+        "false,REMOVE",
+        "false,THROW",
+      })
+  void lookupAsync_simpleDnameWrongInitial(boolean useCache, IrrelevantRecordMode mode)
+      throws ExecutionException, InterruptedException {
+    Name query = name("first.example.com.");
+    wireUpMockResolver(mockResolver, q -> answer(q, name -> dname("a.", "b.")));
+
+    LookupSession lookupSession =
+        lookupSession(useCache, mode == IrrelevantRecordMode.THROW)
+            .irrelevantRecordMode(mode)
+            .build();
+
+    CompletableFuture<LookupResult> future =
+        lookupSession.lookupAsync(query, A, IN).toCompletableFuture();
+    if (mode == IrrelevantRecordMode.THROW) {
+      assertThatThrownBy(future::get)
+          .cause()
+          .isInstanceOf(LookupFailedException.class)
+          .hasMessageContaining(INVALID_SERVER_RESPONSE_MESSAGE);
+    } else {
+      LookupResult result = future.get();
+      assertThat(result.getAliases()).isEmpty();
+      assertThat(result.getRecords()).isEmpty();
+    }
+
+    assertCacheUnused(useCache, mode, lookupSession);
+    verify(mockResolver, times(1)).sendAsync(any(), any(Executor.class));
+  }
+
+  private static void assertCacheUnused(
+      boolean useCache, IrrelevantRecordMode mode, LookupSession lookupSession) {
+    if (useCache && mode == IrrelevantRecordMode.THROW) {
+      // Verify that the invalid response didn't end up in the cache
+      Cache cache = lookupSession.getCache(IN);
+      verify(cache, times(0)).addMessage(any(Message.class));
+      assertEquals(0, cache.getSize());
+    }
+  }
+
+  @ParameterizedTest
+  @CsvSource(
+      value = {
+        "3,REMOVE",
+        "3,THROW",
+        "4,REMOVE",
+        "4,THROW",
+      })
+  void lookupAsync_redirectLoop(int maxRedirects, IrrelevantRecordMode mode) {
+    CNAMERecord cnameA = cname("a.", "b.");
+    CNAMERecord cnameB = cname("b.", "c.");
+    CNAMERecord cnameC = cname("c.", "d.");
+    CNAMERecord cnameD = cname("d.", "a.");
+    Function<Name, Record> nameToRecord =
+        name -> {
+          if (name.equals(cnameA.getName())) {
+            return cnameA;
+          } else if (name.equals(cnameB.getName())) {
+            return cnameB;
+          } else if (name.equals(cnameC.getName())) {
+            return cnameC;
+          } else if (name.equals(cnameD.getName())) {
+            return cnameD;
+          } else {
+            throw new RuntimeException("Unexpected query");
+          }
+        };
+    wireUpMockResolver(mockResolver, q -> answer(q, nameToRecord));
+    LookupSession lookupSession =
+        LookupSession.builder()
+            .maxRedirects(maxRedirects)
+            .resolver(mockResolver)
+            .irrelevantRecordMode(mode)
+            .build();
+
+    Class<? extends Throwable> expected =
+        maxRedirects == 3 ? RedirectOverflowException.class : RedirectLoopException.class;
+    assertThatThrownBy(
+            lookupSession.lookupAsync(cnameA.getName(), A, IN).toCompletableFuture()::get)
+        .cause()
+        .isInstanceOf(expected);
+    verify(mockResolver, times(maxRedirects)).sendAsync(any(), any(Executor.class));
+  }
+
+  @ParameterizedTest(name = "maxRedirects={0}")
   @ValueSource(ints = {3, 4})
   void lookupAsync_redirectLoopOneAnswer(int maxRedirects) {
     wireUpMockResolver(
@@ -685,10 +1104,11 @@ void lookupAsync_redirectLoopOneAnswer(int maxRedirects) {
     LookupSession lookupSession =
         LookupSession.builder().resolver(mockResolver).maxRedirects(maxRedirects).build();
 
-    CompletionStage<LookupResult> resultFuture = lookupSession.lookupAsync(name("a."), A, IN);
-
-    assertThrowsCause(
-        RedirectOverflowException.class, () -> resultFuture.toCompletableFuture().get());
+    Class<? extends Throwable> expected =
+        maxRedirects == 3 ? RedirectOverflowException.class : RedirectLoopException.class;
+    assertThatThrownBy(lookupSession.lookupAsync(name("a."), A, IN).toCompletableFuture()::get)
+        .cause()
+        .isInstanceOf(expected);
     verify(mockResolver, times(1)).sendAsync(any(), any(Executor.class));
   }
 
@@ -700,7 +1120,7 @@ void lookupAsync_NODATA() throws ExecutionException, InterruptedException {
     CompletionStage<LookupResult> resultFuture = lookupSession.lookupAsync(name("a.b."), A, IN);
 
     LookupResult result = resultFuture.toCompletableFuture().get();
-    assertEquals(0, result.getRecords().size());
+    assertThat(result.getRecords()).isEmpty();
     verify(mockResolver).sendAsync(any(), any(Executor.class));
   }
 
@@ -709,9 +1129,9 @@ void lookupAsync_NXDOMAIN() {
     wireUpMockResolver(mockResolver, q -> fail(q, Rcode.NXDOMAIN));
 
     LookupSession lookupSession = LookupSession.builder().resolver(mockResolver).build();
-    CompletionStage<LookupResult> resultFuture = lookupSession.lookupAsync(name("a.b."), A, IN);
-
-    assertThrowsCause(NoSuchDomainException.class, () -> resultFuture.toCompletableFuture().get());
+    assertThatThrownBy(lookupSession.lookupAsync(name("a.b."), A, IN).toCompletableFuture()::get)
+        .cause()
+        .isInstanceOf(NoSuchDomainException.class);
     verify(mockResolver).sendAsync(any(), any(Executor.class));
   }
 
@@ -720,9 +1140,9 @@ void lookupAsync_SERVFAIL() {
     wireUpMockResolver(mockResolver, q -> fail(q, Rcode.SERVFAIL));
 
     LookupSession lookupSession = LookupSession.builder().resolver(mockResolver).build();
-    CompletionStage<LookupResult> resultFuture = lookupSession.lookupAsync(name("a.b."), A, IN);
-
-    assertThrowsCause(ServerFailedException.class, () -> resultFuture.toCompletableFuture().get());
+    assertThatThrownBy(lookupSession.lookupAsync(name("a.b."), A, IN).toCompletableFuture()::get)
+        .cause()
+        .isInstanceOf(ServerFailedException.class);
     verify(mockResolver).sendAsync(any(), any(Executor.class));
   }
 
@@ -731,9 +1151,9 @@ void lookupAsync_unknownFailure() {
     wireUpMockResolver(mockResolver, q -> fail(q, Rcode.NOTIMP));
 
     LookupSession lookupSession = LookupSession.builder().resolver(mockResolver).build();
-    CompletionStage<LookupResult> resultFuture = lookupSession.lookupAsync(name("a.b."), A, IN);
-
-    assertThrowsCause(LookupFailedException.class, () -> resultFuture.toCompletableFuture().get());
+    assertThatThrownBy(lookupSession.lookupAsync(name("a.b."), A, IN).toCompletableFuture()::get)
+        .cause()
+        .isInstanceOf(LookupFailedException.class);
     verify(mockResolver).sendAsync(any(), any(Executor.class));
   }
 
@@ -742,9 +1162,9 @@ void lookupAsync_NXRRSET() {
     wireUpMockResolver(mockResolver, q -> fail(q, Rcode.NXRRSET));
 
     LookupSession lookupSession = LookupSession.builder().resolver(mockResolver).build();
-    CompletionStage<LookupResult> resultFuture = lookupSession.lookupAsync(name("a.b."), A, IN);
-
-    assertThrowsCause(NoSuchRRSetException.class, () -> resultFuture.toCompletableFuture().get());
+    assertThatThrownBy(lookupSession.lookupAsync(name("a.b."), A, IN).toCompletableFuture()::get)
+        .cause()
+        .isInstanceOf(NoSuchRRSetException.class);
     verify(mockResolver).sendAsync(any(), any(Executor.class));
   }
 
@@ -755,36 +1175,35 @@ void lookupAsync_TooLongNameDNAME() {
 
     LookupSession lookupSession = LookupSession.builder().resolver(mockResolver).build();
     Name toLookup = name(format("%s.%s.%s.to.dname.", LONG_LABEL, LONG_LABEL, LONG_LABEL));
-    CompletionStage<LookupResult> resultFuture = lookupSession.lookupAsync(toLookup, A, IN);
-
-    assertThrowsCause(
-        InvalidZoneDataException.class, () -> resultFuture.toCompletableFuture().get());
+    assertThatThrownBy(lookupSession.lookupAsync(toLookup, A, IN).toCompletableFuture()::get)
+        .cause()
+        .isInstanceOf(InvalidZoneDataException.class);
     verify(mockResolver).sendAsync(any(), any(Executor.class));
   }
 
   @Test
-  void lookupAsync_MultipleCNAMEs() {
+  void lookupAsync_MultipleCNAMEs() throws ExecutionException, InterruptedException {
+    Record testQuestion = Record.newRecord(name("a.b."), A, IN);
     // According to https://docstore.mik.ua/orelly/networking_2ndEd/dns/ch10_07.htm this is
-    // apparently something that BIND 4 did.
-    wireUpMockResolver(mockResolver, LookupSessionTest::multipleCNAMEs);
+    // apparently something that BIND 4 / BIND 9 before 9.1 could do.
+    wireUpMockResolver(
+        mockResolver,
+        query -> {
+          Message answer = new Message(query.getHeader().getID());
+          answer.addRecord(testQuestion, Section.QUESTION);
+          answer.addRecord(cname(testQuestion.getName(), "target1."), Section.ANSWER);
+          answer.addRecord(cname(testQuestion.getName(), "target2."), Section.ANSWER);
+          return answer;
+        });
 
     LookupSession lookupSession = LookupSession.builder().resolver(mockResolver).build();
-    CompletionStage<LookupResult> resultFuture = lookupSession.lookupAsync(name("a.b."), A, IN);
+    LookupResult result = lookupSession.lookupAsync(testQuestion).toCompletableFuture().get();
 
-    assertThrowsCause(
-        InvalidZoneDataException.class, () -> resultFuture.toCompletableFuture().get());
-    verify(mockResolver).sendAsync(any(), any(Executor.class));
-  }
+    assertTrue(result.getRecords().isEmpty());
+    assertThat(result.getAliases()).containsExactly(testQuestion.getName());
 
-  private static Message multipleCNAMEs(Message query) {
-    Message answer = new Message(query.getHeader().getID());
-    Record question = query.getQuestion();
-    answer.addRecord(question, Section.QUESTION);
-    answer.addRecord(
-        new CNAMERecord(question.getName(), CNAME, IN, name("target1.")), Section.ANSWER);
-    answer.addRecord(
-        new CNAMERecord(question.getName(), CNAME, IN, name("target2.")), Section.ANSWER);
-    return answer;
+    // Two invocations as the result doesn't include an actual answer
+    verify(mockResolver, times(2)).sendAsync(any(), any(Executor.class));
   }
 
   @Test
@@ -803,12 +1222,11 @@ void lookupAsync_searchAppended() throws Exception {
     ArgumentCaptor<Message> messageCaptor = ArgumentCaptor.forClass(Message.class);
     verify(mockResolver).sendAsync(messageCaptor.capture(), any(Executor.class));
 
-    assertEquals(
-        Record.newRecord(name("host.example.com."), Type.A, DClass.IN, 0L),
-        messageCaptor.getValue().getSection(Section.QUESTION).get(0));
+    assertThat(messageCaptor.getValue().getSection(Section.QUESTION))
+        .containsExactly(Record.newRecord(name("host.example.com."), Type.A, DClass.IN, 0L));
 
-    assertEquals(
-        singletonList(LOOPBACK_A.withName(name("host.example.com."))), lookupResult.getRecords());
+    assertThat(lookupResult.getRecords())
+        .containsExactly(LOOPBACK_A.withName(name("host.example.com.")));
   }
 
   @Test
@@ -981,22 +1399,68 @@ void expandName_ndotsMoreThanOne() {
   }
 
   private static CNAMERecord cname(String name, String target) {
-    return new CNAMERecord(name(name), IN, 0, name(target));
+    return cname(name(name), name(target));
   }
 
   @SuppressWarnings("SameParameterValue")
+  private static CNAMERecord cname(Name name, String target) {
+    return cname(name, name(target));
+  }
+
+  private static CNAMERecord cname(Name name, Name target) {
+    return new CNAMERecord(name, IN, 120, target);
+  }
+
   private static DNAMERecord dname(String name, String target) {
-    return new DNAMERecord(name(name), IN, 0, name(target));
+    return dname(name(name), name(target));
+  }
+
+  @SuppressWarnings("SameParameterValue")
+  private static DNAMERecord dname(Name name, String target) {
+    return dname(name, name(target));
+  }
+
+  private static DNAMERecord dname(Name name, Name target) {
+    return new DNAMERecord(name, IN, 120, target);
   }
 
   private static Name name(String name) {
     return Name.fromConstantString(name);
   }
 
-  @SuppressWarnings("SameParameterValue")
-  private <T extends Throwable> void assertThrowsCause(Class<T> ex, Executable executable) {
-    Throwable outerException = assertThrows(Throwable.class, executable);
-    assertEquals(ex, outerException.getCause().getClass());
+  private LookupSession.LookupSessionBuilder lookupSession(boolean useCache) {
+    return lookupSession(useCache, false);
+  }
+
+  private LookupSession.LookupSessionBuilder lookupSession(
+      boolean useCache, IrrelevantRecordMode mode) {
+    return lookupSession(useCache, mode, false);
+  }
+
+  private LookupSession.LookupSessionBuilder lookupSession(boolean useCache, boolean throwOnUse) {
+    return lookupSession(useCache, IrrelevantRecordMode.REMOVE, throwOnUse);
+  }
+
+  private LookupSession.LookupSessionBuilder lookupSession(
+      boolean useCache, IrrelevantRecordMode mode, boolean throwOnUse) {
+    LookupSession.LookupSessionBuilder builder =
+        LookupSession.builder().resolver(mockResolver).irrelevantRecordMode(mode);
+    if (useCache) {
+      Cache cache = spy(new Cache());
+      builder.cache(cache);
+      if (throwOnUse) {
+        lenient()
+            .doThrow(new RuntimeException("Unexpected addMessage"))
+            .when(cache)
+            .addMessage(any(Message.class));
+        lenient()
+            .doThrow(new RuntimeException("Unexpected addRecord"))
+            .when(cache)
+            .addRecord(any(Record.class), anyInt());
+      }
+    }
+
+    return builder;
   }
 
   private void wireUpMockResolver(Resolver mockResolver, Function<Message, Message> handler) {
diff --git a/src/test/java/org/xbill/DNS/utils/Base16Test.java b/src/test/java/org/xbill/DNS/utils/Base16Test.java
index 657a9f6f3..f1fbf61bf 100644
--- a/src/test/java/org/xbill/DNS/utils/Base16Test.java
+++ b/src/test/java/org/xbill/DNS/utils/Base16Test.java
@@ -35,10 +35,14 @@
 //
 package org.xbill.DNS.utils;
 
+import static org.junit.jupiter.api.Assertions.assertArrayEquals;
 import static org.junit.jupiter.api.Assertions.assertEquals;
 import static org.junit.jupiter.api.Assertions.assertNull;
 
 import org.junit.jupiter.api.Test;
+import org.junit.jupiter.params.ParameterizedTest;
+import org.junit.jupiter.params.provider.CsvSource;
+import org.junit.jupiter.params.provider.ValueSource;
 
 class Base16Test {
   @Test
@@ -47,25 +51,15 @@ void toString_emptyArray() {
     assertEquals("", out);
   }
 
-  @Test
-  void toString_singleByte1() {
-    byte[] data = {(byte) 1};
-    String out = base16.toString(data);
-    assertEquals("01", out);
-  }
-
-  @Test
-  void toString_singleByte2() {
-    byte[] data = {(byte) 16};
+  @ParameterizedTest
+  @CsvSource(
+      value = {
+        "0,00", "1,01", "16,10", "255,FF",
+      })
+  void toString_singleByte(int b, String hex) {
+    byte[] data = {(byte) b};
     String out = base16.toString(data);
-    assertEquals("10", out);
-  }
-
-  @Test
-  void toString_singleByte3() {
-    byte[] data = {(byte) 255};
-    String out = base16.toString(data);
-    assertEquals("FF", out);
+    assertEquals(hex, out);
   }
 
   @Test
@@ -77,11 +71,15 @@ void toString_array1() {
 
   @Test
   void fromString_emptyString() {
-    String data = "";
-    byte[] out = base16.fromString(data);
+    byte[] out = base16.fromString("");
     assertEquals(0, out.length);
   }
 
+  @Test
+  void fromString_null() {
+    assertNull(base16.fromString(null));
+  }
+
   @Test
   void fromString_invalidStringLength() {
     String data = "1";
@@ -89,24 +87,34 @@ void fromString_invalidStringLength() {
     assertNull(out);
   }
 
-  @Test
-  void fromString_nonHexChars() {
-    String data = "GG";
+  @ParameterizedTest
+  @ValueSource(
+      strings = {
+        "0102030405060708090A0B0C0D0E0F",
+        "0102030405060708090a0B0c0D0e0F",
+        "010203040506070809 0a\n0B\t0c0D0e0F",
+      })
+  void fromString_normal(String data) {
+    byte[] out = base16.fromString(data);
+    byte[] exp = {1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15};
+    assertArrayEquals(exp, out);
+  }
+
+  @ParameterizedTest
+  @ValueSource(
+      strings = {
+        "01$02@030405060708090a0B0c0D0e0F",
+        "GG#!*^",
+      })
+  void fromString_invalid(String data) {
     byte[] out = base16.fromString(data);
-    /*
-     * the output is basically encoded as (-1<<4) + -1, not sure
-     * we want an assertion for this.
-     */
+    assertNull(out);
   }
 
   @Test
-  void fromString_normal() {
-    String data = "0102030405060708090A0B0C0D0E0F";
+  void fromString_Utf8Bom() {
+    String data = "EFBFBF";
     byte[] out = base16.fromString(data);
-    byte[] exp = {1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15};
-    assertEquals(exp.length, out.length);
-    for (int i = 0; i < exp.length; ++i) {
-      assertEquals(exp[i], out[i]);
-    }
+    assertArrayEquals(new byte[] {(byte) 0xEF, (byte) 0xBF, (byte) 0xBF}, out);
   }
 }
diff --git a/src/test/java/org/xbill/DNS/utils/BaseUtilsTest.java b/src/test/java/org/xbill/DNS/utils/BaseUtilsTest.java
new file mode 100644
index 000000000..e31b32c22
--- /dev/null
+++ b/src/test/java/org/xbill/DNS/utils/BaseUtilsTest.java
@@ -0,0 +1,39 @@
+// SPDX-License-Identifier: BSD-3-Clause
+package org.xbill.DNS.utils;
+
+import static org.junit.jupiter.api.Assertions.assertEquals;
+import static org.junit.jupiter.api.Assertions.assertTrue;
+
+import org.junit.jupiter.params.ParameterizedTest;
+import org.junit.jupiter.params.provider.ValueSource;
+
+public class BaseUtilsTest {
+  @ParameterizedTest
+  @ValueSource(ints = {8, 10, 24, 63, 64, 65})
+  void testWrapLines(int lineLength) {
+    String toWrap = String.format("%0" + ((lineLength * 3) + 5) + "d", 0);
+    String out = BaseUtils.wrapLines(toWrap, lineLength, "", false);
+    String[] lines = out.split("\n");
+    assertEquals(4, lines.length);
+    assertEquals(5, lines[3].length());
+  }
+
+  @ParameterizedTest
+  @ValueSource(ints = {8, 10, 24, 63, 64, 65})
+  void testWrapLinesEndsWith(int lineLength) {
+    String toWrap = String.format("%0" + ((lineLength * 3) + 5) + "d", 0);
+    String out = BaseUtils.wrapLines(toWrap, lineLength, "", true);
+    assertEquals(')', out.charAt(out.length() - 1));
+  }
+
+  @ParameterizedTest
+  @ValueSource(ints = {8, 10, 24, 63, 64, 65})
+  void testWrapLinesPrefix(int lineLength) {
+    String toWrap = String.format("%0" + ((lineLength * 3) + 5) + "d", 0);
+    String out = BaseUtils.wrapLines(toWrap, lineLength, "\t", false);
+    String[] lines = out.split("\n");
+    for (String line : lines) {
+      assertTrue(line.startsWith("\t"), "Line start with prefix");
+    }
+  }
+}
diff --git a/src/test/resources/example.com.conf b/src/test/resources/example.com.conf
new file mode 100644
index 000000000..53bb578d8
--- /dev/null
+++ b/src/test/resources/example.com.conf
@@ -0,0 +1,17 @@
+$ORIGIN example.com.     ; designates the start of this zone file in the namespace
+$TTL 3600                ; default expiration time (in seconds) of all RRs without their own TTL value
+example.com.  IN  SOA   ns.example.com. username.example.com. ( 2020091025 7200 3600 1209600 3600 )
+example.com.  IN  NS    ns                    ; ns.example.com is a nameserver for example.com
+example.com.  IN  NS    ns.somewhere.example. ; ns.somewhere.example is a backup nameserver for example.com
+example.com.  IN  MX    10 mail.example.com.  ; mail.example.com is the mailserver for example.com
+@             IN  MX    20 mail2.example.com. ; equivalent to above line, "@" represents zone origin
+@             IN  MX    50 mail3              ; equivalent to above line, but using a relative host name
+example.com.  IN  A     192.0.2.1             ; IPv4 address for example.com
+              IN  AAAA  2001:db8:10::1        ; IPv6 address for example.com
+ns            IN  A     192.0.2.2             ; IPv4 address for ns.example.com
+              IN  AAAA  2001:db8:10::2        ; IPv6 address for ns.example.com
+www           IN  CNAME example.com.          ; www.example.com is an alias for example.com
+wwwtest       IN  CNAME www                   ; wwwtest.example.com is another alias for www.example.com
+mail          IN  A     192.0.2.3             ; IPv4 address for mail.example.com
+mail2         IN  A     192.0.2.4             ; IPv4 address for mail2.example.com
+mail3         IN  A     192.0.2.5             ; IPv4 address for mail3.example.com
diff --git a/src/test/resources/jnamed.conf b/src/test/resources/jnamed.conf
new file mode 100644
index 000000000..93d5e74b6
--- /dev/null
+++ b/src/test/resources/jnamed.conf
@@ -0,0 +1,3 @@
+primary example.com example.com.conf
+key hmac-md5 example.com ZXhhbXBsZQ==
+port 1234
diff --git a/src/test/resources/keys/Knsec3.ingotronic.ch.+007+16758.private b/src/test/resources/keys/Knsec3.ingotronic.ch.+007+16758.private
new file mode 100644
index 000000000..7639a0cff
--- /dev/null
+++ b/src/test/resources/keys/Knsec3.ingotronic.ch.+007+16758.private
@@ -0,0 +1,13 @@
+Private-key-format: v1.3
+Algorithm: 7 (NSEC3RSASHA1)
+Modulus: oG4lN/2gbJ5MfduJSQAUuuxiuSh1fUftKey6LhewMcUIG+zldhpwduzQmDT87nUo+OY2ePAxbxJLIOQqphD725gB/YRD+mcP9UZCqdXZzDRXCT+3QTZXgVQKO7imcCjLNkVlcazV5Ztf0le775vQDOn4AKrrjzmokvMeFYOIis+gr9K91sVVEriz6c88ksfc0YFu13PqQ+rtoVZgEygZ4Bl03XCxClw1ZSjl46Zoljnecxzv6sOkDJiUx78UrBJl1fZkN3rdCxroibgVVQmr+dYuru2VD+ZaSzXm4NNDInL85Z8DQgII7g30V6X2tOEk2klYTM4JuW9nIGjLjTmRmQ==
+PublicExponent: AQAB
+PrivateExponent: jxbOoWrYrChghxzJDNBCrRnrT8QzTmNZt7wJrtS39RwMiIO5gaZBSwEbZ7ZTJghfW+hRC3sITE3frl1zYJzjVk/07n4K94r248gf60TutkC0pG4s78AdOh+P5QZjhMQNw8EPot0KBnmXdI+F80dgwDPqXAYWha9imHa5DW082ri9dVB3Li1Z3BVMSZCH4urQq8XZRWqXw3CPSuWhKhWq+8vkE/jm+4QRIGumd4wkwdktPghl9mdm9N8uLqLd8qpJzGI40RFeSYzSpBWaMClxzaaS5gOm2ageB2KVMDq2wdCCBKVRyQpI4dHKvuRk5a+Z8m3Boi41mrK79pujbLqvgQ==
+Prime1: 0+sT4VN8sT3/N4xtgukMQU5TBTyU+l3HNSw/rFM5sainiIb4bKzJwlZ/WWAuVfyOE/EFtonu60isJe0ZQqd7jSATQ8W4fKDfeaaLHfkaQVMg247qRrXscYaIs9zOgDVqUu9kLQXoiJl5YwD1eq9in7KdD7z0EM/R0ECehqK6iqk=
+Prime2: wc1DoXpBTdKeBi/E5iYeaapwCTsiOEw8LEYHxZkJckUj+dGY+5aM3xUAI2BWcwD34bA7MrWBGKjZLhyItgnuahIHfVRrbDkCbpcKMywTos0tS/UcyX7PBXYMEl7/BjPrsZTmmjThukNbWs4uclnaBSO3ExDHRtxhBWnYXw9+lXE=
+Exponent1: b08fXxASA6rTveKVttgf5sF0G+EJQ0Q0mTpHq4T/XdB/RtfV7ocHZns2YsSBMgr4uYK0hH+Ira67NSSHSxpba/H4DHXzBAsftm8CzViFMOCv9oLnjQKLUcnfTdHh6TelRDCXhop+7BjoyFa9mZY7kDQqCRUvgREXXHJEkeUxZBk=
+Exponent2: piubHpzV26WIq2NQH8p1b0Kdd7zFVaJAQfH1/f5/NASGmVCXLLlkpm66RJr45PjikhfqWkt4mq1EMp5ytiuDyl0VIOg+h3fGVw6Yx1G2sHPer+9GNJrPZS5XoXTkk+v23rf+liBbn7rbXNvGxXO3VYrPEcDkLSUO53Ze+PsvHXE=
+Coefficient: hEg3DZhCgtU4qj6r7CfDrg+p04iKb95MPCe+G3WiBTkRKmbe1KjBmOfg2+ibrs3qxSenx6BXzRpO+kfapEfoPHYMr8j6VWKd6WOnsWRQze7mvu0F0IGSWJWQATaPLP+kM2peC5bXQTGqyR+Igp1TfcQlrwR3taB9WP/xbx91Gh4=
+Created: 20130326204908
+Publish: 20130326204908
+Activate: 20130326204908
diff --git a/src/test/resources/keys/Knsec3.ingotronic.ch.+007+62417.private b/src/test/resources/keys/Knsec3.ingotronic.ch.+007+62417.private
new file mode 100644
index 000000000..b6db60868
--- /dev/null
+++ b/src/test/resources/keys/Knsec3.ingotronic.ch.+007+62417.private
@@ -0,0 +1,13 @@
+Private-key-format: v1.3
+Algorithm: 7 (NSEC3RSASHA1)
+Modulus: xwBbGRNUZnpQCnRUSjMCVikBGFuHpjq1g6XoWDdR4E0UW0ND19MQS3U2RudH27wqSlU3prrtq+ViJQ3V6AOoTDMNTtHVHD79RJ2GbaGo4BGaa7cMGCONf+JeNkvK/fXRw4YUln+yZyh2UMvikMACg/GH+qzooQFpPSxzUpZwarc=
+PublicExponent: AQAB
+PrivateExponent: VHcxM4aB13FpEdbohAn8nueOoHERNZxLuRIteWwZo5Pz5Py7Cht7GhwpKpU2ae0HIj/jfDBxevnE26dwuKb8woN1uCpUC3NhXr3yMWl+4oF080JHUcygWKclxfdJOjSUe2wHdQeSIoFq0V4lReXouyDFC5+q5OkSEmU3RW17hFE=
+Prime1: 5J6mAhSOzhlsKDPFiF0o1ch7YqhkQqr3JtKL4rEPNDon0QpJ7zhj5Dy5sg3vR5PmQ8mWc47EUznb2IsJOrV82Q==
+Prime2: 3tWgR6f7hf6BadHZG5Dw1QcK8VBUYR5Eq/0SwPE0bxcUO/dzZpn3AyEOl9KynSyFBOwUr2JOGTwOwXjjMFaqDw==
+Exponent1: XBjxJUtkz+/72yIoBCwLRDv0QKU3Zof68n/E7HiJeG+pFJQBfsYHr60q3WixqPMSwuIVos2zlxdq0gwIlsb/2Q==
+Exponent2: Uk6X4D/U8N5b0MlZJwx3WEg8q3ufXyv984ULu0actnfQ2oGBF6HBEl/QcxW5McLy8yl8TnfCHyIG1UGgsQch0w==
+Coefficient: YksGgB9xHXtFsUcA+UhxA4i6NDqfMu7jGzzcbKTVhG85hHtvnxXCP4wPzFF2Z0ew0m0V4OiOR4zk2iuKUjIHMQ==
+Created: 20130326204904
+Publish: 20130326204904
+Activate: 20130326204904
diff --git a/src/test/resources/messages.properties b/src/test/resources/messages.properties
new file mode 100644
index 000000000..a1d0401ff
--- /dev/null
+++ b/src/test/resources/messages.properties
@@ -0,0 +1,2 @@
+test.noparam=no parameters
+test.withparam=parameter: {0}
diff --git a/src/test/resources/recordings/org_xbill_DNS_dnssec_TestAlgorithmSupport/testAlgIsUnknown_eccgost b/src/test/resources/recordings/org_xbill_DNS_dnssec_TestAlgorithmSupport/testAlgIsUnknown_eccgost
new file mode 100644
index 000000000..d5066df85
--- /dev/null
+++ b/src/test/resources/recordings/org_xbill_DNS_dnssec_TestAlgorithmSupport/testAlgIsUnknown_eccgost
@@ -0,0 +1,139 @@
+#Date: 2015-01-06T22:35:00+01:00
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 50990
+;; flags: qr aa rd ra cd ; qd: 1 an: 2 au: 2 ad: 3 
+;; QUESTIONS:
+;;	eccgost.ingotronic.ch., type = A, class = IN
+
+;; ANSWERS:
+eccgost.ingotronic.ch.	300	IN	A	127.0.0.1
+eccgost.ingotronic.ch.	300	IN	RRSIG	A 12 3 300 20150125012943 20141226003214 33696 eccgost.ingotronic.ch. JUSb1od8YDPsNsSyXQCbXN4VGkjuHRxvlGAv3K4FA6mz4x4SQRlsD5GEYIpVMqeJft84sp3wB806CD11Z096tg==
+
+;; AUTHORITY RECORDS:
+eccgost.ingotronic.ch.	300	IN	NS	ns1.ingotronic.ch.
+eccgost.ingotronic.ch.	300	IN	RRSIG	NS 12 3 300 20150125002026 20141226001257 33696 eccgost.ingotronic.ch. Wb6NEY7OcsBWbCLqis1YAuetf8+/WpJ/VqxndICaKU/1uLU6EznMuIUwUQ/vAXPJCagGvtGuMIU72AUiBExAPA==
+
+;; ADDITIONAL RECORDS:
+ns1.ingotronic.ch.	300	IN	A	62.192.5.131
+ns1.ingotronic.ch.	300	IN	RRSIG	A 5 3 300 20150125005754 20141226001054 17430 ingotronic.ch. fNG1RZM53pXwBxruHNaSZszxVzNLoCq8VZsTjAzYH2vSLzHXYVGJFTLIeY0K9APAdyJU8WuwmABmn7XY0Kg39kRG77uoFlqUws2PdTz2QKOwJGZY7W88Ak2Y9lkDBcK8o3wJHVptrT8R7p/1U7UfjF0kqPUkakk2B0EbFWdagFg=
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 507 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 6159
+;; flags: qr rd ra ad cd ; qd: 1 an: 4 au: 0 ad: 1 
+;; QUESTIONS:
+;;	., type = DNSKEY, class = IN
+
+;; ANSWERS:
+.			87373	IN	DNSKEY	256 3 8 AwEAAe3fSrbLBy3LOS7pnxEUhvPZTE2H5dIGsI/UfruI/nOEvWWa/PSX2BFedBkEqOlYdjdNF2f+6lmfk2Od/xu0v5bVqxFE+/24v3hZSlWBxvXzPTAGHrbW/IJYEPqlzVOAS4XdUgHg0N7IbLywNHMvB+Yf+Nm6ctyXXFLV4WTNnzs7
+.			87373	IN	DNSKEY	256 3 8 AwEAAaPD7Y7XIi1MOEREJNTrRhyqsY3gff6JWzg+XCbqut1sbcbvqyssHw8DT1AkRaAC92pO8xuyq5QEgEPL1IHfABLwpwXI5gTj4gdwi86bpkmlWs9fRpnn4DPDCTdrnxIejJXgClHikLJF3u3CdpNCMijq4CKdQbMlRZ3avv+G7rh7
+.			87373	IN	DNSKEY	257 3 8 AwEAAagAIKlVZrpC6Ia7gEzahOR+9W29euxhJhVVLOyQbSEW0O8gcCjFFVQUTf6v58fLjwBd0YI0EzrAcQqBGCzh/RStIoO8g0NfnfL2MTJRkxoXbfDaUeVPQuYEhg37NZWAJQ9VnMVDxP/VHL496M/QZxkjf5/Efucp2gaDX6RS6CXpoY68LsvPVjR0ZSwzz1apAzvN9dlzEheX7ICJBBtuA6G3LQpzW5hOA2hzCTMjJPJ8LbqF6dsV6DoBQzgul0sGIcGOYl7OyQdXfZ57relSQageu+ipAdTTJ25AsRTAoub8ONGcLmqrAmRLKBP1dfwhYB4N7knNnulqQxA+Uk1ihz0=
+.			87373	IN	RRSIG	DNSKEY 8 0 172800 20150115235959 20150101000000 19036 . i8cAxD2pvQi1oAyvQxRpDfFlbqPzW+69QQEsDwE1eWOm5AtawO9U7lmsGps7sy/fVNvl1ljKBj4Djp9pb3U2FLogjiIlW0cDAkPmLlG9t+b/pjEfBNlhjANUVN06pvQVAfm+LcF26EaWT6FlISBqb6jSy4BHRa3Bdc4Sx7+pRSYSqVVvYxLkfAWsKPqGkvWhebJDndJJV9syXQXgZ+v/uJ+6XOS43xkAdeL8iBzIs/FlwMTfh3tVe3d0lb65IBBLlCzeQuetX+0Vu1YFcnD0mHc/wS2ZnAV5toAFmyVQBoY/XAZiZeaOkcROJ6Zmqezy7liwK7BqsYyAZntMhk8lbg==
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 883 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 12005
+;; flags: qr rd ra ad cd ; qd: 1 an: 2 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ch., type = DS, class = IN
+
+;; ANSWERS:
+ch.			973	IN	DS	46375 8 2 8F96646FC68BB7E4AF4C0750A6096FBC0D4ECDA3D3FA6DA06FDDB42EE50C6CF3
+ch.			973	IN	RRSIG	DS 8 1 86400 20150112170000 20150105160000 16665 . thY7xYWBBxiBjqbQIb9fAG4TmQgnziwM7q6P1T3/ITxmECdvOCQnnZA3uD7qmN8uM0HudsD7+y+zgD3rsH4RSTKdL4kHSI0OnCxToMTvklghEgFDezqIRm8NkWdI2H4Stwrj20nYKSpLQxPI2EE54gs18P3KyO8bAUYv8Qx73xU=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 238 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 55502
+;; flags: qr rd ra ad cd ; qd: 1 an: 4 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ch., type = DNSKEY, class = IN
+
+;; ANSWERS:
+ch.			974	IN	DNSKEY	256 3 8 AwEAAcsg0kY6fw1wzYMhSAKTy+Y2JzAst66P/1odp9NECJJHbU8f4nwziI3onoFSBV0ZiSZhY1aH5dhdDZ7BkrqhVXSrZPAz0CvzjIxmB1gSOf9DeZvjQvoy97HqYolxsf+B3QQv2RKBT67elF5+JisKg3/dQISelKn8LhabSoVrMlD1
+ch.			974	IN	DNSKEY	257 3 8 AwEAAb7GhhZ8IAy/AhwmSms5DeQK5ad09wIIplEpYoiAIYXPtJvT1ReFzyfTp/2YP+g/PWDwHPh4qKAHa9x0VgbIQcGAeNakmfkAdWEmCnca323/SAml3mwfaX62G7/uYWae5zh8QTxZKNd+K1yZ5x0IxnI31chSl5xymRbTEHYZDKwSIRFM3fTxUMt93WFaBVWELReYotJBr++rvAWdnlay5TPBTvheLBkaiqtgM4GP8HK07Y+86lsZnEsj5K3G1KTV5SPpa82rqYAwxG9VKbmSE/6/kBR5jJHjt1rRt5Oe7v18aEtw0YCEN4vxq+KuvMoNVqXUsE9LBwHJD+QNwi6wmB0=
+ch.			974	IN	DNSKEY	256 3 8 AwEAAcSLdT0fEmcFmLpeUkAJoeVaHKiu+nbuc43fWlqaCRVf8t2HA4uWxOk0O5ci9nrFTc8nq8oa5fk5Cj7CHh4yrX9qUCfTdIWTyp8BDEdJpS+Dyb0u9wQuVj+nQMj4fLzdQf4TJs3/qxuiLr3nL1UUwlhhXeqSqGVb7p3mtB5HJ8ad
+ch.			974	IN	RRSIG	DNSKEY 8 1 86400 20150127100909 20141212090909 46375 ch. bT8q0FWyeMH0SulNo6UdIIgZYNATwYsee2bikq2Gh339Bufma8eaqWIPYT3XKmxYPBFOw0bVl+kLZxTwbR1CFoCDXoP+qgQhh4mf9qkNiv2CDSc+0FE3FRREn+DAhYTUEuB58FPiPakFB8s8O7T+k2qhDae7jy4/y7Jl1lnjaBY8s7bzOUPhF0KKCNZmvoKwtL23ZdVeTSV1xM3jkiNnpzBKbcoSWECSGJVp1SE0BnRXdwQP41YTXFZ0310YjaTAUCC5qbMIWdEkHjfdSQtKBImnc85mkapq9w++XQ4zhauPWBtrPV3CcoCahjUaWdjrKVkibomlJZaN8MEO23CfQw==
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 893 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 28480
+;; flags: qr rd ra cd ; qd: 1 an: 3 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ingotronic.ch., type = DS, class = IN
+
+;; ANSWERS:
+ingotronic.ch.		3582	IN	DS	6031 5 1 733D0218B571CD617B1A7493564B9FC4F12ADE82
+ingotronic.ch.		3582	IN	DS	6031 5 2 4A948F2FDADA24686E473EDAC00DCF972584C75E3FAA92C2021B6221449FF87E
+ingotronic.ch.		3582	IN	RRSIG	DS 8 2 3600 20150129033614 20150105123019 60789 ch. rVPJP2HhzW7OkroK2axFj5Lb4iVWCH8Fp/Iq1rF952NDo72b8RiKje2RaAKJAGQ+wd0YgE+PAej04GCmkhlDJA/zvPeeTxuhy3HbJzReMlQ7fjyH+wW1hli+FuIYvogXWf7nO/9VyPORt8X/f/pjrOr3Vlj9sGLN8TGYpEuVSw4=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 288 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 53132
+;; flags: qr aa rd ra cd ; qd: 1 an: 4 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ingotronic.ch., type = DNSKEY, class = IN
+
+;; ANSWERS:
+ingotronic.ch.		300	IN	DNSKEY	257 3 5 AwEAAeA1vzmjaB+eBAcvhzpKEgAEFpvQ1rg4uKDW6MsQtacKoqBpgyep2+LuWotz5p/xYxj3NGsArwN8Ad5cY0FHRr8miTT0elOv6nvlqGIfRuhj/BXAQ1x4ihpSFslHw0lJMYFwxsUZWpUyjWX/nv1xRZMMwF46gui0N4OEbyTYusCk77D+A71k+K0EAitFIbIH4GCUKmH1H7HmXhSVH9bN/n7KEGwW32lmsuuUcJoRKDkcUvbMXY/9Xoa2quERrUg/rBbDUHowRPjYDS5GzY1+f4YY8s40BufGiqyUTKKXL953MVFK8gmezXA0hbmrnZ7CBOw/7238mORAdzExaX8n7CE=
+ingotronic.ch.		300	IN	DNSKEY	256 3 5 AwEAAZ2Xh77GFzpEDx7EHYxShqltHgkiG+BOjBGifEmnJhQSdE5/yNSLFNcdhZZ8HUPxYnaedTqJcFFg4AzUsQklF/fECegTJdZjaj2WoL0/I8K7HMfY/hVuRZUWPNglYi8agJRX6gdkFTCpUNI7stpgKqxtzUJhhw15uG/lKMplwqUr
+ingotronic.ch.		300	IN	RRSIG	DNSKEY 5 2 300 20150125003700 20141226001657 6031 ingotronic.ch. rs1QlP2SlSpA2ELbzwg3DgWLzXWL3Lpv6CUJE2Q0qH2Zp7Qdy3cD+ZEtNh9v24Qv1M6JJ3zFt8mmZoCeW2ycuMbJCqBkW9CBuwF+VznZvZY2MxwPipvhvEEGP//0M8YAZJ66yQPDv3PTdAP8FYbIrJyvY44vwyncwbslpfHT9jAsrbfr3vuMuWps86dnP462q+0s1TxBfqi8mzo3gdavjHKWVNwohLahLKT+tWeu6DSzQv0YwMjwtkLgF7QRgx3ctIIkloOrnx9nHH1N6y+hxEB89fOlyVDjHhgL5uVtsD5fEdT0FJ2Gc/2nShEMMqIwr1/J9kUq1mNySff/uEe65Q==
+ingotronic.ch.		300	IN	RRSIG	DNSKEY 5 2 300 20150125003700 20141226001657 17430 ingotronic.ch. mEwZjhQqeWksWD0TCnNBrtce4YkWJL3edqL6PvAUu8Fn+Ih437kEs3+pqdkgRsdYQ9HW+lBm/8pWwJlNAv0bi9NykItXMwAUFtncgq+6Pnh3iAM972GXSa5VV4LcGQ5b8CBdHCHiEKDqyPv5Hr5QfYL/FQaWlcNRh4QZZlZNPFA=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 940 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 3317
+;; flags: qr aa rd ra cd ; qd: 1 an: 3 au: 0 ad: 1 
+;; QUESTIONS:
+;;	eccgost.ingotronic.ch., type = DS, class = IN
+
+;; ANSWERS:
+eccgost.ingotronic.ch.	300	IN	DS	22754 12 1 2757C751309FCDD6982EFD25AE24AFC4AE5352AF
+eccgost.ingotronic.ch.	300	IN	DS	22754 12 2 B5A1A00DF6234B3C33B1EFE43134EF5B7462C0F48FE4845746F2278912F6C9AD
+eccgost.ingotronic.ch.	300	IN	RRSIG	DS 5 3 300 20150125021136 20141226011244 17430 ingotronic.ch. K2CW7aMJbah4NiqK5McbSlYbLCJRtmkV4wMk5737D2a0B/N+xXB3yrahz3M/KdPQTLBw5gbHCnT4T/PobqvM8wPqsKZELoHsrYZX8nmvB+wPbZPK9nbkuc2G47iKqqhepY8jmfB6O9ekGS4L/5WA4RCpulki7QVmMKorJTc+NjQ=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 307 bytes
+
+###############################################
+
diff --git a/src/test/resources/recordings/org_xbill_DNS_dnssec_TestAlgorithmSupport/testAlgIsUnknown_rsamd5 b/src/test/resources/recordings/org_xbill_DNS_dnssec_TestAlgorithmSupport/testAlgIsUnknown_rsamd5
new file mode 100644
index 000000000..f32e12387
--- /dev/null
+++ b/src/test/resources/recordings/org_xbill_DNS_dnssec_TestAlgorithmSupport/testAlgIsUnknown_rsamd5
@@ -0,0 +1,139 @@
+#Date: 2015-01-06T22:35:01+01:00
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 6805
+;; flags: qr aa rd ra cd ; qd: 1 an: 2 au: 2 ad: 3 
+;; QUESTIONS:
+;;	rsamd5.ingotronic.ch., type = A, class = IN
+
+;; ANSWERS:
+rsamd5.ingotronic.ch.	300	IN	A	127.0.0.1
+rsamd5.ingotronic.ch.	300	IN	RRSIG	A 1 3 300 20150125010114 20141226001233 43856 rsamd5.ingotronic.ch. Rqgpczk/xOePnjzbdQX0FNdDH/71yhj3XvkQhcONHgpOojXys2az/WzeITHxxvMgYjfA0y8IYsgP/lNeLSEY5Bh4QLTsUc+vpRhz1nZa3gbNWtgRnFj0HYOM1yEsOaZMXUcDuycd3kgq9SVxqEO3r5yF5VbmntPymno92+OfX9M=
+
+;; AUTHORITY RECORDS:
+rsamd5.ingotronic.ch.	300	IN	NS	ns1.ingotronic.ch.
+rsamd5.ingotronic.ch.	300	IN	RRSIG	NS 1 3 300 20150125010114 20141226001233 43856 rsamd5.ingotronic.ch. pYkIFh3yaO4yZvqL6fE6Bpgv8g8EiwaKyTb0rGKm8ign8f3PlOG+16mYt+Zn3qzihXiiGVtwpz1h7pf1A6BIx7wScnBfePWSvlu07NIfpbEmDEZRYXxNR12emOjGzgLhUnTQmpK3j6PFn8Gs2/H/kB1kIfM6bf/2/5hIRFVvsmM=
+
+;; ADDITIONAL RECORDS:
+ns1.ingotronic.ch.	300	IN	A	62.192.5.131
+ns1.ingotronic.ch.	300	IN	RRSIG	A 5 3 300 20150125005754 20141226001054 17430 ingotronic.ch. fNG1RZM53pXwBxruHNaSZszxVzNLoCq8VZsTjAzYH2vSLzHXYVGJFTLIeY0K9APAdyJU8WuwmABmn7XY0Kg39kRG77uoFlqUws2PdTz2QKOwJGZY7W88Ak2Y9lkDBcK8o3wJHVptrT8R7p/1U7UfjF0kqPUkakk2B0EbFWdagFg=
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 632 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 33880
+;; flags: qr rd ra ad cd ; qd: 1 an: 4 au: 0 ad: 1 
+;; QUESTIONS:
+;;	., type = DNSKEY, class = IN
+
+;; ANSWERS:
+.			87372	IN	DNSKEY	256 3 8 AwEAAaPD7Y7XIi1MOEREJNTrRhyqsY3gff6JWzg+XCbqut1sbcbvqyssHw8DT1AkRaAC92pO8xuyq5QEgEPL1IHfABLwpwXI5gTj4gdwi86bpkmlWs9fRpnn4DPDCTdrnxIejJXgClHikLJF3u3CdpNCMijq4CKdQbMlRZ3avv+G7rh7
+.			87372	IN	DNSKEY	257 3 8 AwEAAagAIKlVZrpC6Ia7gEzahOR+9W29euxhJhVVLOyQbSEW0O8gcCjFFVQUTf6v58fLjwBd0YI0EzrAcQqBGCzh/RStIoO8g0NfnfL2MTJRkxoXbfDaUeVPQuYEhg37NZWAJQ9VnMVDxP/VHL496M/QZxkjf5/Efucp2gaDX6RS6CXpoY68LsvPVjR0ZSwzz1apAzvN9dlzEheX7ICJBBtuA6G3LQpzW5hOA2hzCTMjJPJ8LbqF6dsV6DoBQzgul0sGIcGOYl7OyQdXfZ57relSQageu+ipAdTTJ25AsRTAoub8ONGcLmqrAmRLKBP1dfwhYB4N7knNnulqQxA+Uk1ihz0=
+.			87372	IN	DNSKEY	256 3 8 AwEAAe3fSrbLBy3LOS7pnxEUhvPZTE2H5dIGsI/UfruI/nOEvWWa/PSX2BFedBkEqOlYdjdNF2f+6lmfk2Od/xu0v5bVqxFE+/24v3hZSlWBxvXzPTAGHrbW/IJYEPqlzVOAS4XdUgHg0N7IbLywNHMvB+Yf+Nm6ctyXXFLV4WTNnzs7
+.			87372	IN	RRSIG	DNSKEY 8 0 172800 20150115235959 20150101000000 19036 . i8cAxD2pvQi1oAyvQxRpDfFlbqPzW+69QQEsDwE1eWOm5AtawO9U7lmsGps7sy/fVNvl1ljKBj4Djp9pb3U2FLogjiIlW0cDAkPmLlG9t+b/pjEfBNlhjANUVN06pvQVAfm+LcF26EaWT6FlISBqb6jSy4BHRa3Bdc4Sx7+pRSYSqVVvYxLkfAWsKPqGkvWhebJDndJJV9syXQXgZ+v/uJ+6XOS43xkAdeL8iBzIs/FlwMTfh3tVe3d0lb65IBBLlCzeQuetX+0Vu1YFcnD0mHc/wS2ZnAV5toAFmyVQBoY/XAZiZeaOkcROJ6Zmqezy7liwK7BqsYyAZntMhk8lbg==
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 883 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 1473
+;; flags: qr rd ra ad cd ; qd: 1 an: 2 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ch., type = DS, class = IN
+
+;; ANSWERS:
+ch.			972	IN	DS	46375 8 2 8F96646FC68BB7E4AF4C0750A6096FBC0D4ECDA3D3FA6DA06FDDB42EE50C6CF3
+ch.			972	IN	RRSIG	DS 8 1 86400 20150112170000 20150105160000 16665 . thY7xYWBBxiBjqbQIb9fAG4TmQgnziwM7q6P1T3/ITxmECdvOCQnnZA3uD7qmN8uM0HudsD7+y+zgD3rsH4RSTKdL4kHSI0OnCxToMTvklghEgFDezqIRm8NkWdI2H4Stwrj20nYKSpLQxPI2EE54gs18P3KyO8bAUYv8Qx73xU=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 238 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 25499
+;; flags: qr rd ra ad cd ; qd: 1 an: 4 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ch., type = DNSKEY, class = IN
+
+;; ANSWERS:
+ch.			973	IN	DNSKEY	256 3 8 AwEAAcSLdT0fEmcFmLpeUkAJoeVaHKiu+nbuc43fWlqaCRVf8t2HA4uWxOk0O5ci9nrFTc8nq8oa5fk5Cj7CHh4yrX9qUCfTdIWTyp8BDEdJpS+Dyb0u9wQuVj+nQMj4fLzdQf4TJs3/qxuiLr3nL1UUwlhhXeqSqGVb7p3mtB5HJ8ad
+ch.			973	IN	DNSKEY	256 3 8 AwEAAcsg0kY6fw1wzYMhSAKTy+Y2JzAst66P/1odp9NECJJHbU8f4nwziI3onoFSBV0ZiSZhY1aH5dhdDZ7BkrqhVXSrZPAz0CvzjIxmB1gSOf9DeZvjQvoy97HqYolxsf+B3QQv2RKBT67elF5+JisKg3/dQISelKn8LhabSoVrMlD1
+ch.			973	IN	DNSKEY	257 3 8 AwEAAb7GhhZ8IAy/AhwmSms5DeQK5ad09wIIplEpYoiAIYXPtJvT1ReFzyfTp/2YP+g/PWDwHPh4qKAHa9x0VgbIQcGAeNakmfkAdWEmCnca323/SAml3mwfaX62G7/uYWae5zh8QTxZKNd+K1yZ5x0IxnI31chSl5xymRbTEHYZDKwSIRFM3fTxUMt93WFaBVWELReYotJBr++rvAWdnlay5TPBTvheLBkaiqtgM4GP8HK07Y+86lsZnEsj5K3G1KTV5SPpa82rqYAwxG9VKbmSE/6/kBR5jJHjt1rRt5Oe7v18aEtw0YCEN4vxq+KuvMoNVqXUsE9LBwHJD+QNwi6wmB0=
+ch.			973	IN	RRSIG	DNSKEY 8 1 86400 20150127100909 20141212090909 46375 ch. bT8q0FWyeMH0SulNo6UdIIgZYNATwYsee2bikq2Gh339Bufma8eaqWIPYT3XKmxYPBFOw0bVl+kLZxTwbR1CFoCDXoP+qgQhh4mf9qkNiv2CDSc+0FE3FRREn+DAhYTUEuB58FPiPakFB8s8O7T+k2qhDae7jy4/y7Jl1lnjaBY8s7bzOUPhF0KKCNZmvoKwtL23ZdVeTSV1xM3jkiNnpzBKbcoSWECSGJVp1SE0BnRXdwQP41YTXFZ0310YjaTAUCC5qbMIWdEkHjfdSQtKBImnc85mkapq9w++XQ4zhauPWBtrPV3CcoCahjUaWdjrKVkibomlJZaN8MEO23CfQw==
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 893 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 38713
+;; flags: qr rd ra cd ; qd: 1 an: 3 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ingotronic.ch., type = DS, class = IN
+
+;; ANSWERS:
+ingotronic.ch.		3581	IN	DS	6031 5 2 4A948F2FDADA24686E473EDAC00DCF972584C75E3FAA92C2021B6221449FF87E
+ingotronic.ch.		3581	IN	DS	6031 5 1 733D0218B571CD617B1A7493564B9FC4F12ADE82
+ingotronic.ch.		3581	IN	RRSIG	DS 8 2 3600 20150129033614 20150105123019 60789 ch. rVPJP2HhzW7OkroK2axFj5Lb4iVWCH8Fp/Iq1rF952NDo72b8RiKje2RaAKJAGQ+wd0YgE+PAej04GCmkhlDJA/zvPeeTxuhy3HbJzReMlQ7fjyH+wW1hli+FuIYvogXWf7nO/9VyPORt8X/f/pjrOr3Vlj9sGLN8TGYpEuVSw4=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 288 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 13332
+;; flags: qr aa rd ra cd ; qd: 1 an: 4 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ingotronic.ch., type = DNSKEY, class = IN
+
+;; ANSWERS:
+ingotronic.ch.		300	IN	DNSKEY	256 3 5 AwEAAZ2Xh77GFzpEDx7EHYxShqltHgkiG+BOjBGifEmnJhQSdE5/yNSLFNcdhZZ8HUPxYnaedTqJcFFg4AzUsQklF/fECegTJdZjaj2WoL0/I8K7HMfY/hVuRZUWPNglYi8agJRX6gdkFTCpUNI7stpgKqxtzUJhhw15uG/lKMplwqUr
+ingotronic.ch.		300	IN	DNSKEY	257 3 5 AwEAAeA1vzmjaB+eBAcvhzpKEgAEFpvQ1rg4uKDW6MsQtacKoqBpgyep2+LuWotz5p/xYxj3NGsArwN8Ad5cY0FHRr8miTT0elOv6nvlqGIfRuhj/BXAQ1x4ihpSFslHw0lJMYFwxsUZWpUyjWX/nv1xRZMMwF46gui0N4OEbyTYusCk77D+A71k+K0EAitFIbIH4GCUKmH1H7HmXhSVH9bN/n7KEGwW32lmsuuUcJoRKDkcUvbMXY/9Xoa2quERrUg/rBbDUHowRPjYDS5GzY1+f4YY8s40BufGiqyUTKKXL953MVFK8gmezXA0hbmrnZ7CBOw/7238mORAdzExaX8n7CE=
+ingotronic.ch.		300	IN	RRSIG	DNSKEY 5 2 300 20150125003700 20141226001657 6031 ingotronic.ch. rs1QlP2SlSpA2ELbzwg3DgWLzXWL3Lpv6CUJE2Q0qH2Zp7Qdy3cD+ZEtNh9v24Qv1M6JJ3zFt8mmZoCeW2ycuMbJCqBkW9CBuwF+VznZvZY2MxwPipvhvEEGP//0M8YAZJ66yQPDv3PTdAP8FYbIrJyvY44vwyncwbslpfHT9jAsrbfr3vuMuWps86dnP462q+0s1TxBfqi8mzo3gdavjHKWVNwohLahLKT+tWeu6DSzQv0YwMjwtkLgF7QRgx3ctIIkloOrnx9nHH1N6y+hxEB89fOlyVDjHhgL5uVtsD5fEdT0FJ2Gc/2nShEMMqIwr1/J9kUq1mNySff/uEe65Q==
+ingotronic.ch.		300	IN	RRSIG	DNSKEY 5 2 300 20150125003700 20141226001657 17430 ingotronic.ch. mEwZjhQqeWksWD0TCnNBrtce4YkWJL3edqL6PvAUu8Fn+Ih437kEs3+pqdkgRsdYQ9HW+lBm/8pWwJlNAv0bi9NykItXMwAUFtncgq+6Pnh3iAM972GXSa5VV4LcGQ5b8CBdHCHiEKDqyPv5Hr5QfYL/FQaWlcNRh4QZZlZNPFA=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 940 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 30570
+;; flags: qr aa rd ra cd ; qd: 1 an: 3 au: 0 ad: 1 
+;; QUESTIONS:
+;;	rsamd5.ingotronic.ch., type = DS, class = IN
+
+;; ANSWERS:
+rsamd5.ingotronic.ch.	300	IN	DS	58016 1 1 A1A8915F892FD435738A21E8440586B40C8502D0
+rsamd5.ingotronic.ch.	300	IN	DS	58016 1 2 622EA4C1715DDCB15A3177F6A5A04861AB32FCFB8493F90BD4964F3639DB9FDD
+rsamd5.ingotronic.ch.	300	IN	RRSIG	DS 5 3 300 20150125011134 20141226002644 17430 ingotronic.ch. ZHiH7NTk5zR3Ir9mjNcJL2x7Tasgj3yE1uaG71EdRtwubvShh4kLkFmER5YQqeUrXBvx5Pog+uHcK+WyX+7YD2GvQycFDheLPCB6BakK1nHid/JbzjXOtXhYCPh557tuZSzF7eLyZ+MhPMkvBJVG4NAGKaN85Dtavxn8JBn8QoQ=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 306 bytes
+
+###############################################
+
diff --git a/src/test/resources/recordings/org_xbill_DNS_dnssec_TestAlgorithmSupport/testDigestIdIsUnknown b/src/test/resources/recordings/org_xbill_DNS_dnssec_TestAlgorithmSupport/testDigestIdIsUnknown
new file mode 100644
index 000000000..0ce723ede
--- /dev/null
+++ b/src/test/resources/recordings/org_xbill_DNS_dnssec_TestAlgorithmSupport/testDigestIdIsUnknown
@@ -0,0 +1,158 @@
+#Date: 2015-01-06T22:35:01+01:00
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 30764
+;; flags: qr aa rd ra cd ; qd: 1 an: 2 au: 2 ad: 3 
+;; QUESTIONS:
+;;	unknown-alg.ingotronic.ch., type = A, class = IN
+
+;; ANSWERS:
+unknown-alg.ingotronic.ch.	300	IN	A	127.0.0.1
+unknown-alg.ingotronic.ch.	300	IN	RRSIG	A 5 3 300 20150125010525 20141226010202 45093 unknown-alg.ingotronic.ch. MfedDEmkPC40ZTJzk7UMmnTqSUBwm/36FsPEnJ+xYSkserwjRJRcvWg3YobqlS/i9ZxKqZzvuXIumImOV1CXvf5ZzfDq2ioqUmtR0Nmvzg93lAahTMjgZd5UK5HSHADwsQq5IjreVyTE5lWc+7S22NgJhAcLZuG9sw+gCBxQK0o=
+
+;; AUTHORITY RECORDS:
+unknown-alg.ingotronic.ch.	300	IN	NS	ns1.ingotronic.ch.
+unknown-alg.ingotronic.ch.	300	IN	RRSIG	NS 5 3 300 20150125000404 20141225232910 45093 unknown-alg.ingotronic.ch. lAhLOlkWySteesEUHzS5wFe4QTyQI1UfvT5sHvGK/1VSLKPkGUGBGYtDVptRxJKoYSU9/nwt4HvtLfwx8X8YxqEkFTxOcHAUpWrGlSTI4fgr/TH7TTr8EWaWK450U5hfZMWMcFIoW6PAi9kl9DjhGJ9fMT/y8G0iKK6i6xTVAf0=
+
+;; ADDITIONAL RECORDS:
+ns1.ingotronic.ch.	300	IN	A	62.192.5.131
+ns1.ingotronic.ch.	300	IN	RRSIG	A 5 3 300 20150125005754 20141226001054 17430 ingotronic.ch. fNG1RZM53pXwBxruHNaSZszxVzNLoCq8VZsTjAzYH2vSLzHXYVGJFTLIeY0K9APAdyJU8WuwmABmn7XY0Kg39kRG77uoFlqUws2PdTz2QKOwJGZY7W88Ak2Y9lkDBcK8o3wJHVptrT8R7p/1U7UfjF0kqPUkakk2B0EbFWdagFg=
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 647 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 1445
+;; flags: qr rd ra ad cd ; qd: 1 an: 4 au: 0 ad: 1 
+;; QUESTIONS:
+;;	., type = DNSKEY, class = IN
+
+;; ANSWERS:
+.			87373	IN	DNSKEY	256 3 8 AwEAAaPD7Y7XIi1MOEREJNTrRhyqsY3gff6JWzg+XCbqut1sbcbvqyssHw8DT1AkRaAC92pO8xuyq5QEgEPL1IHfABLwpwXI5gTj4gdwi86bpkmlWs9fRpnn4DPDCTdrnxIejJXgClHikLJF3u3CdpNCMijq4CKdQbMlRZ3avv+G7rh7
+.			87373	IN	DNSKEY	257 3 8 AwEAAagAIKlVZrpC6Ia7gEzahOR+9W29euxhJhVVLOyQbSEW0O8gcCjFFVQUTf6v58fLjwBd0YI0EzrAcQqBGCzh/RStIoO8g0NfnfL2MTJRkxoXbfDaUeVPQuYEhg37NZWAJQ9VnMVDxP/VHL496M/QZxkjf5/Efucp2gaDX6RS6CXpoY68LsvPVjR0ZSwzz1apAzvN9dlzEheX7ICJBBtuA6G3LQpzW5hOA2hzCTMjJPJ8LbqF6dsV6DoBQzgul0sGIcGOYl7OyQdXfZ57relSQageu+ipAdTTJ25AsRTAoub8ONGcLmqrAmRLKBP1dfwhYB4N7knNnulqQxA+Uk1ihz0=
+.			87373	IN	DNSKEY	256 3 8 AwEAAe3fSrbLBy3LOS7pnxEUhvPZTE2H5dIGsI/UfruI/nOEvWWa/PSX2BFedBkEqOlYdjdNF2f+6lmfk2Od/xu0v5bVqxFE+/24v3hZSlWBxvXzPTAGHrbW/IJYEPqlzVOAS4XdUgHg0N7IbLywNHMvB+Yf+Nm6ctyXXFLV4WTNnzs7
+.			87373	IN	RRSIG	DNSKEY 8 0 172800 20150115235959 20150101000000 19036 . i8cAxD2pvQi1oAyvQxRpDfFlbqPzW+69QQEsDwE1eWOm5AtawO9U7lmsGps7sy/fVNvl1ljKBj4Djp9pb3U2FLogjiIlW0cDAkPmLlG9t+b/pjEfBNlhjANUVN06pvQVAfm+LcF26EaWT6FlISBqb6jSy4BHRa3Bdc4Sx7+pRSYSqVVvYxLkfAWsKPqGkvWhebJDndJJV9syXQXgZ+v/uJ+6XOS43xkAdeL8iBzIs/FlwMTfh3tVe3d0lb65IBBLlCzeQuetX+0Vu1YFcnD0mHc/wS2ZnAV5toAFmyVQBoY/XAZiZeaOkcROJ6Zmqezy7liwK7BqsYyAZntMhk8lbg==
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 883 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 23102
+;; flags: qr rd ra ad cd ; qd: 1 an: 2 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ch., type = DS, class = IN
+
+;; ANSWERS:
+ch.			973	IN	DS	46375 8 2 8F96646FC68BB7E4AF4C0750A6096FBC0D4ECDA3D3FA6DA06FDDB42EE50C6CF3
+ch.			973	IN	RRSIG	DS 8 1 86400 20150112170000 20150105160000 16665 . thY7xYWBBxiBjqbQIb9fAG4TmQgnziwM7q6P1T3/ITxmECdvOCQnnZA3uD7qmN8uM0HudsD7+y+zgD3rsH4RSTKdL4kHSI0OnCxToMTvklghEgFDezqIRm8NkWdI2H4Stwrj20nYKSpLQxPI2EE54gs18P3KyO8bAUYv8Qx73xU=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 238 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 15112
+;; flags: qr rd ra ad cd ; qd: 1 an: 4 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ch., type = DNSKEY, class = IN
+
+;; ANSWERS:
+ch.			974	IN	DNSKEY	256 3 8 AwEAAcSLdT0fEmcFmLpeUkAJoeVaHKiu+nbuc43fWlqaCRVf8t2HA4uWxOk0O5ci9nrFTc8nq8oa5fk5Cj7CHh4yrX9qUCfTdIWTyp8BDEdJpS+Dyb0u9wQuVj+nQMj4fLzdQf4TJs3/qxuiLr3nL1UUwlhhXeqSqGVb7p3mtB5HJ8ad
+ch.			974	IN	DNSKEY	256 3 8 AwEAAcsg0kY6fw1wzYMhSAKTy+Y2JzAst66P/1odp9NECJJHbU8f4nwziI3onoFSBV0ZiSZhY1aH5dhdDZ7BkrqhVXSrZPAz0CvzjIxmB1gSOf9DeZvjQvoy97HqYolxsf+B3QQv2RKBT67elF5+JisKg3/dQISelKn8LhabSoVrMlD1
+ch.			974	IN	DNSKEY	257 3 8 AwEAAb7GhhZ8IAy/AhwmSms5DeQK5ad09wIIplEpYoiAIYXPtJvT1ReFzyfTp/2YP+g/PWDwHPh4qKAHa9x0VgbIQcGAeNakmfkAdWEmCnca323/SAml3mwfaX62G7/uYWae5zh8QTxZKNd+K1yZ5x0IxnI31chSl5xymRbTEHYZDKwSIRFM3fTxUMt93WFaBVWELReYotJBr++rvAWdnlay5TPBTvheLBkaiqtgM4GP8HK07Y+86lsZnEsj5K3G1KTV5SPpa82rqYAwxG9VKbmSE/6/kBR5jJHjt1rRt5Oe7v18aEtw0YCEN4vxq+KuvMoNVqXUsE9LBwHJD+QNwi6wmB0=
+ch.			974	IN	RRSIG	DNSKEY 8 1 86400 20150127100909 20141212090909 46375 ch. bT8q0FWyeMH0SulNo6UdIIgZYNATwYsee2bikq2Gh339Bufma8eaqWIPYT3XKmxYPBFOw0bVl+kLZxTwbR1CFoCDXoP+qgQhh4mf9qkNiv2CDSc+0FE3FRREn+DAhYTUEuB58FPiPakFB8s8O7T+k2qhDae7jy4/y7Jl1lnjaBY8s7bzOUPhF0KKCNZmvoKwtL23ZdVeTSV1xM3jkiNnpzBKbcoSWECSGJVp1SE0BnRXdwQP41YTXFZ0310YjaTAUCC5qbMIWdEkHjfdSQtKBImnc85mkapq9w++XQ4zhauPWBtrPV3CcoCahjUaWdjrKVkibomlJZaN8MEO23CfQw==
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 893 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 58003
+;; flags: qr rd ra cd ; qd: 1 an: 3 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ingotronic.ch., type = DS, class = IN
+
+;; ANSWERS:
+ingotronic.ch.		3581	IN	DS	6031 5 1 733D0218B571CD617B1A7493564B9FC4F12ADE82
+ingotronic.ch.		3581	IN	DS	6031 5 2 4A948F2FDADA24686E473EDAC00DCF972584C75E3FAA92C2021B6221449FF87E
+ingotronic.ch.		3581	IN	RRSIG	DS 8 2 3600 20150129033614 20150105123019 60789 ch. rVPJP2HhzW7OkroK2axFj5Lb4iVWCH8Fp/Iq1rF952NDo72b8RiKje2RaAKJAGQ+wd0YgE+PAej04GCmkhlDJA/zvPeeTxuhy3HbJzReMlQ7fjyH+wW1hli+FuIYvogXWf7nO/9VyPORt8X/f/pjrOr3Vlj9sGLN8TGYpEuVSw4=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 288 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 8761
+;; flags: qr aa rd ra cd ; qd: 1 an: 4 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ingotronic.ch., type = DNSKEY, class = IN
+
+;; ANSWERS:
+ingotronic.ch.		300	IN	DNSKEY	256 3 5 AwEAAZ2Xh77GFzpEDx7EHYxShqltHgkiG+BOjBGifEmnJhQSdE5/yNSLFNcdhZZ8HUPxYnaedTqJcFFg4AzUsQklF/fECegTJdZjaj2WoL0/I8K7HMfY/hVuRZUWPNglYi8agJRX6gdkFTCpUNI7stpgKqxtzUJhhw15uG/lKMplwqUr
+ingotronic.ch.		300	IN	DNSKEY	257 3 5 AwEAAeA1vzmjaB+eBAcvhzpKEgAEFpvQ1rg4uKDW6MsQtacKoqBpgyep2+LuWotz5p/xYxj3NGsArwN8Ad5cY0FHRr8miTT0elOv6nvlqGIfRuhj/BXAQ1x4ihpSFslHw0lJMYFwxsUZWpUyjWX/nv1xRZMMwF46gui0N4OEbyTYusCk77D+A71k+K0EAitFIbIH4GCUKmH1H7HmXhSVH9bN/n7KEGwW32lmsuuUcJoRKDkcUvbMXY/9Xoa2quERrUg/rBbDUHowRPjYDS5GzY1+f4YY8s40BufGiqyUTKKXL953MVFK8gmezXA0hbmrnZ7CBOw/7238mORAdzExaX8n7CE=
+ingotronic.ch.		300	IN	RRSIG	DNSKEY 5 2 300 20150125003700 20141226001657 6031 ingotronic.ch. rs1QlP2SlSpA2ELbzwg3DgWLzXWL3Lpv6CUJE2Q0qH2Zp7Qdy3cD+ZEtNh9v24Qv1M6JJ3zFt8mmZoCeW2ycuMbJCqBkW9CBuwF+VznZvZY2MxwPipvhvEEGP//0M8YAZJ66yQPDv3PTdAP8FYbIrJyvY44vwyncwbslpfHT9jAsrbfr3vuMuWps86dnP462q+0s1TxBfqi8mzo3gdavjHKWVNwohLahLKT+tWeu6DSzQv0YwMjwtkLgF7QRgx3ctIIkloOrnx9nHH1N6y+hxEB89fOlyVDjHhgL5uVtsD5fEdT0FJ2Gc/2nShEMMqIwr1/J9kUq1mNySff/uEe65Q==
+ingotronic.ch.		300	IN	RRSIG	DNSKEY 5 2 300 20150125003700 20141226001657 17430 ingotronic.ch. mEwZjhQqeWksWD0TCnNBrtce4YkWJL3edqL6PvAUu8Fn+Ih437kEs3+pqdkgRsdYQ9HW+lBm/8pWwJlNAv0bi9NykItXMwAUFtncgq+6Pnh3iAM972GXSa5VV4LcGQ5b8CBdHCHiEKDqyPv5Hr5QfYL/FQaWlcNRh4QZZlZNPFA=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 940 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 27464
+;; flags: qr aa rd ra cd ; qd: 1 an: 2 au: 0 ad: 1 
+;; QUESTIONS:
+;;	unknown-alg.ingotronic.ch., type = DS, class = IN
+
+;; ANSWERS:
+unknown-alg.ingotronic.ch.	300	IN	DS	57133 5 123 88911F5CF5E92199654F89E46D36A5A394D248FE
+unknown-alg.ingotronic.ch.	300	IN	RRSIG	DS 5 3 300 20150125004144 20141226003211 17430 ingotronic.ch. CyQezuOmPS6VRuWmsFsLYTwDwwG0SQmo1VgtvsUbaYFaRT+iQNOyibvTfM7vVtUqFSim/zhfabcIvdzUqC3mJ84L2Ac7BfAVhdIr5k+uLE+Sabe1Ch/RWp5jREyLap+gN8UsjlP98VXN9wfaSd6wLDP5K088o0z/zDmBeLpwZl8=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 263 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 43836
+;; flags: qr aa rd ra cd ; qd: 1 an: 4 au: 0 ad: 1 
+;; QUESTIONS:
+;;	unknown-alg.ingotronic.ch., type = DNSKEY, class = IN
+
+;; ANSWERS:
+unknown-alg.ingotronic.ch.	300	IN	DNSKEY	256 3 5 AwEAAb9q2O44+pGOH5jdPSJEryG9ngMwwQ2093jn4EkJYcci/I6uhFsORcif6bMtxTIOUt8mUCowNcENj8oJ8l/eS8Ndaj6jTywYwG94OEEdTRy0XqbGV/x0n24U3pQe76A4jBJYgLk6hOISGcGcvKpkOSzc1ZjUsnJCWGTXVZA9oBsJ
+unknown-alg.ingotronic.ch.	300	IN	DNSKEY	257 3 5 AwEAAc7dNVEcGlIIucOGhtuBhYPOf/cZPFOokelc/hrubwt8uvMgs4wn76kc9esnjh5Z2DcyJCJwQuy3FLb3L00n8RaM37FSaH7azMnWqhULBS+hszS4XoJXu97B1D/KulTJaVsejBoAUnHToJ0aB90Kx+rk6EIxTjh0O/xOypKOoG1irRRf4Yh4SYMhZomaazZPRQYkRj6Va7VIPLif31qIPJl+L6q1njcJHcibS7H/cF2nvD4DD4CnRgGZXvKr5mxizz3YpJCHwo0nkqjBASdyfSSi6BKh4C8AR6yo9rIJpxYMA3ee7xRVC7p9/TOp2kO0XEJnlMP1/mMoV0TxcaCc2N8=
+unknown-alg.ingotronic.ch.	300	IN	RRSIG	DNSKEY 5 3 300 20150125005501 20141226002719 45093 unknown-alg.ingotronic.ch. nX6941AOHtN+glWVvCZae2LD4Hhm2/oOZAak9jksXYcH+W57Y0lab+AtQRWHV9LeuqjerO/iNx6Q8Zmiyk4TBgYJj+9y4klAEijAlhDCu2yAoU1zQwwbW4oiPex7m/krJIwV3J+DKJgiYbDprswMjzW+7YR4zKlSBp3aJ90WCfo=
+unknown-alg.ingotronic.ch.	300	IN	RRSIG	DNSKEY 5 3 300 20150125005501 20141226002719 57133 unknown-alg.ingotronic.ch. xm1WcmGCfR0V4h/6dyIAkicrySw8QktabT5ltsW4kq3ylI8ubo3ebe39hHdni2wV+wm+eFRG71XCeO/CV+neaJ8oLnNScKTDz35rAw1g+CTVLAS6MK7Y/bxLBOhvLLfJwir0KNmNleNGtSGByQ9AD8CzWhrmUIsszMQq3vpY2/zLqF5O++y9mYoLBNWw0g+DaPeu5TdmWQlL4B5z+I1nYi80LccBIxTkhq9Mu2lEhTLgIzj9GVYnzgJSTuSGnStEkSdCN/AJ1rNPWziOXIKilFF06z18bohAVbLzA44BR5khNmzT2HV4CK3KVIome9PJuSAwEM0N0jyUhgONxXRigQ==
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 976 bytes
+
+###############################################
+
diff --git a/src/test/resources/recordings/org_xbill_DNS_dnssec_TestAlgorithmSupport/testEd_ed25519 b/src/test/resources/recordings/org_xbill_DNS_dnssec_TestAlgorithmSupport/testEd_ed25519
new file mode 100644
index 000000000..312bfd74b
--- /dev/null
+++ b/src/test/resources/recordings/org_xbill_DNS_dnssec_TestAlgorithmSupport/testEd_ed25519
@@ -0,0 +1,112 @@
+#Date: 2020-01-26T20:03:58+01:00
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 28087
+;; flags: qr rd ra cd ; qd: 1 an: 2 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ed25519.nl., type = A, class = IN
+
+;; ANSWERS:
+ed25519.nl.		3403	IN	RRSIG	A 15 2 3600 20200206000000 20200116000000 27662 ed25519.nl. o0g+PTzmqA+LqRcoR3qduXimU1u5/oMXJGIHOv9aq5+7sdz5Lz6V5Z+lUZyUFDUCGg+k1I0aT5mW3JwuVVi6Cw==
+ed25519.nl.		3403	IN	A	77.72.150.82
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS512	OPT	 ; payload 512, xrcode 0, version 0, flags 32768
+
+;; Message size: 161 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 54587
+;; flags: qr rd ra ad cd ; qd: 1 an: 3 au: 0 ad: 1 
+;; QUESTIONS:
+;;	., type = DNSKEY, class = IN
+
+;; ANSWERS:
+.			7303	IN	DNSKEY	257 3 8 AwEAAaz/tAm8yTn4Mfeh5eyI96WSVexTBAvkMgJzkKTOiW1vkIbzxeF3+/4RgWOq7HrxRixHlFlExOLAJr5emLvN7SWXgnLh4+B5xQlNVz8Og8kvArMtNROxVQuCaSnIDdD5LKyWbRd2n9WGe2R8PzgCmr3EgVLrjyBxWezF0jLHwVN8efS3rCj/EWgvIWgb9tarpVUDK/b58Da+sqqls3eNbuv7pr+eoZG+SrDK6nWeL3c6H5Apxz7LjVc1uTIdsIXxuOLYA4/ilBmSVIzuDWfdRUfhHdY6+cn8HFRm+2hM8AnXGXws9555KrUB5qihylGa8subX2Nn6UwNR1AkUTV74bU=
+.			7303	IN	DNSKEY	256 3 8 AwEAAeN+h0loXPKt7lFdW2zKIDkVHyJ1aYGUVE1dMNBlRH3kTn40JKcHiPOs+fy0OFVCBwoKa1s9qZtdyP1UC0hgKoldj3oELK1yLI5MUbTMcNkWbBMRuxRz/CgZJu3IxcmuZWZMbn4LQDMj5YeiUiuWns5vipFGWWpyPyozQXmenSWOK2GJOwcm7I/DyHVtVdztTvqiHqzy2aRoxwPhmEuAoYzzuNJJw6JNEnXaN/7l2TIciskFyPVPBFZYHnk+1ma906dfehIR190z3lh1ZESL2Yy3VIE2QGpRU6Px4ydH5sXxZ2wSMgqNNga4kjnfM1msBqk3EI48RvTTkuV0yb1eFuU=
+.			7303	IN	RRSIG	DNSKEY 8 0 172800 20200211000000 20200121000000 20326 . UaaPoqlBlRixcabCWMJ9jVvevx+Sp8W5rMt06Tozfg/gefIspEKxw4fx22mRaAQZzdHq9Lt+Who4YpUX95CDrgDYtYJ9NOyICRNlWnY9FNqOW0AreCmEK0qqS52xYb72hJYpFrCILGLD6jl4Ar0LFi29iXnVLQ99+SvD8PPHHkEiIu1WhlES7taEavtbKijyjLYXwagQxSQCzMgkbWN1+S78kJGZEMaBODTZuiiGIw5Jy3OPAQxHQyLTElR5ZuEg59/sSnTCEfmoXcxG9/g6O1qWs6d9hDVadKfXhHr8OTXGoB25Ttp3CyZGdSqRkCwwJpWJ9SlaL+khcJoLFqwm8w==
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS512	OPT	 ; payload 512, xrcode 0, version 0, flags 32768
+
+;; Message size: 864 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 43154
+;; flags: qr rd ra ad cd ; qd: 1 an: 2 au: 0 ad: 1 
+;; QUESTIONS:
+;;	nl., type = DS, class = IN
+
+;; ANSWERS:
+nl.			8754	IN	DS	34112 8 2 3C5B5F9B3557455C50751A9BE9EBE9238C88E19F5F07F930976917B51B95CD22
+nl.			8754	IN	RRSIG	DS 8 1 86400 20200207050000 20200125040000 33853 . s8pLNGhOt2S56ZmFJCUFjh72+nDKMxDBU5mH9GUBwsuJFmFs0aCBvAE8nPkU6lUN3d+UYJg9n8PEq0KP7Ea9v+HTnbDftKbQMbyL2tYhlP1+3CXwwozmD+1keq0AyFY6k7yj/d/ETcQYbmvz4Gudm0uJ4z+s1EDaGlLsXl4D7jFPhs117ASUBKFcphKEg3nKOhId04qOMf7ULz9evHggCPs9NCls+XHomo6HTSW+ZsoAi31ShiDnxnMU85nyst1sAT3xPsUZs/9TgFvmosPEUjkWtOUhypN6MYAS/kDbGECw41iEb1R4HRh2hOEhj7TLOpn2HfqC1pUrKRY7Ap7RSw==
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS512	OPT	 ; payload 512, xrcode 0, version 0, flags 32768
+
+;; Message size: 366 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 27023
+;; flags: qr rd ra cd ; qd: 1 an: 3 au: 0 ad: 1 
+;; QUESTIONS:
+;;	nl., type = DNSKEY, class = IN
+
+;; ANSWERS:
+nl.			3529	IN	DNSKEY	256 3 8 AwEAAdDXROYhplVlInShki5RxTj7vFwqk8grVOHwUjwUlvsKBJUknF1PN1TWpHoXvWFXDTviW7jVgPx6RH2I4b/Iq30zHgPxJYT3EtpTzRbX2F1WS5n31r8BrQc3V1LdCGknhpAw6c7SAntrZ6m6nkgDn6z0ySnWri659CjxUgsHCBmD
+nl.			3529	IN	DNSKEY	257 3 8 AwEAAcb+4kIsKoZM+3ZZpU9kzxrzw30e3b+L0KZeX+aAS3eM+Q+q27Jw0NZ3dqsPSif61GjRW6apjDZ9Ciab3oyEu7IpihVrw94DTjWZTVViZAijAIHwKUzY0YjkT3RvN+xgpw4uZs1SnqCZxYko+15esteKXW/nJpde0d9OeFFBaS2WTCycK+A6gd9DsOw91Y7Z2vrR/2g9N9dMIVq9neB1/KXXm4MttLqJyxRWZNAFTyLGQKzPpQDp9s3qowV2+pcHOh6lUTEeOWiAtotJ/5WyO91viZ5tBfClsyGpggBTaeUQ7T5adhAtX6nRkhePyAtQgCCf63ZpHyoyxvbkDM7yuA0=
+nl.			3529	IN	RRSIG	DNSKEY 8 1 3600 20200202095410 20200119113801 34112 nl. YGz3Y0XlKlWblNFPyt/T1cFUJkyB/mSLr9qWloZOUI4yyG/HqHU1aaS51UppjcGnAmCvcIYJ0tC8aNwEb+PW82czWJKX01A/493jQvCFPawqSFJWEFmiIdd7GVghAL5HFkZPyN1zeB/cYO3Y+/1UccY/r3QHlKmNpspJ7OoVo5/gcGvpE3vej5/DKDz/jiSo9wyEvLY09Ifpdsg03yJXCGMgD7kPDkPtnPWNNbUzmLiZbI0O4ePGS7q3G7Ink381KVS6f+3Dyjl0LQtEGEmyYglBl3w4DNAwlTvb7m5HEMarPYCs2Hy9zumSEoxNRpOhCSC3eNFuIT+4+cvzKEFOIw==
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS512	OPT	 ; payload 512, xrcode 0, version 0, flags 32768
+
+;; Message size: 745 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 41875
+;; flags: qr rd ra cd ; qd: 1 an: 2 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ed25519.nl., type = DS, class = IN
+
+;; ANSWERS:
+ed25519.nl.		3599	IN	DS	45515 15 2 1579CE721A8ADF5EF5222D48D6065FDD06E7BCE5C0154EC3EF1F30CC0D06EAAA
+ed25519.nl.		3599	IN	RRSIG	DS 8 2 3600 20200206093417 20200123053802 63744 nl. NhT3bOB2OFPf2tm8uG4QbbZVn/zwZRbHtOIcXc+hAUwZWKD3ZS5u+2gYEDwvG6G2hCtgcpIQZLAlnrlUs2j6EqSIbGJcof9fX+P3p3MMkvLZO3Sf17qOBETeVMsFSQPEdEyFInJWi4UxnJrjWpiLtdaxDJXIOJ0CDU2w6MfasHg=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS512	OPT	 ; payload 512, xrcode 0, version 0, flags 32768
+
+;; Message size: 249 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 54226
+;; flags: qr rd ra cd ; qd: 1 an: 3 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ed25519.nl., type = DNSKEY, class = IN
+
+;; ANSWERS:
+ed25519.nl.		3599	IN	RRSIG	DNSKEY 15 2 3600 20200206000000 20200116000000 45515 ed25519.nl. J/S+wT1KqCBWpzHtiJKhJ+YWx498lhTnvIcvKL/+eyAooKRbVrF/gXCAZpiL1hS7visl+Vw4fjTnnKnZn8BgDQ==
+ed25519.nl.		3599	IN	DNSKEY	256 3 15 2tstZAjgmlDTePn0NVXrAHBJmg84LoaFVxzLl1anjGI=
+ed25519.nl.		3599	IN	DNSKEY	257 3 15 m1NELLVVQKl4fHVn/KKdeNO0PrYKGT3IGbYseT8XcKo=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS512	OPT	 ; payload 512, xrcode 0, version 0, flags 32768
+
+;; Message size: 241 bytes
+
+###############################################
+
diff --git a/src/test/resources/recordings/org_xbill_DNS_dnssec_TestAlgorithmSupport/testEd_ed448 b/src/test/resources/recordings/org_xbill_DNS_dnssec_TestAlgorithmSupport/testEd_ed448
new file mode 100644
index 000000000..c90dbe818
--- /dev/null
+++ b/src/test/resources/recordings/org_xbill_DNS_dnssec_TestAlgorithmSupport/testEd_ed448
@@ -0,0 +1,111 @@
+#Date: 2020-01-26T20:06:39+01:00
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 38495
+;; flags: qr rd ra cd ; qd: 1 an: 2 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ed448.nl., type = A, class = IN
+
+;; ANSWERS:
+ed448.nl.		3599	IN	A	45.150.156.16
+ed448.nl.		3599	IN	RRSIG	A 16 2 3600 20200206000000 20200116000000 24480 ed448.nl. bvKGWUiNDA3bFq0ECVF+/BGtNrNZUmgvDVKtLwrBWJTd+du2exCuUWfZNW72QxIDwJxPcnbCAiwAhOXjdzWGZH5Rtyqrz+bOELH4VISCA3dTGleofgZpWBBwuzWAWd8A5hCm35eei6ffo0BCIlmFSSwA
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS512	OPT	 ; payload 512, xrcode 0, version 0, flags 32768
+
+;; Message size: 207 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 59993
+;; flags: qr rd ra ad cd ; qd: 1 an: 3 au: 0 ad: 1 
+;; QUESTIONS:
+;;	., type = DNSKEY, class = IN
+
+;; ANSWERS:
+.			7127	IN	DNSKEY	257 3 8 AwEAAaz/tAm8yTn4Mfeh5eyI96WSVexTBAvkMgJzkKTOiW1vkIbzxeF3+/4RgWOq7HrxRixHlFlExOLAJr5emLvN7SWXgnLh4+B5xQlNVz8Og8kvArMtNROxVQuCaSnIDdD5LKyWbRd2n9WGe2R8PzgCmr3EgVLrjyBxWezF0jLHwVN8efS3rCj/EWgvIWgb9tarpVUDK/b58Da+sqqls3eNbuv7pr+eoZG+SrDK6nWeL3c6H5Apxz7LjVc1uTIdsIXxuOLYA4/ilBmSVIzuDWfdRUfhHdY6+cn8HFRm+2hM8AnXGXws9555KrUB5qihylGa8subX2Nn6UwNR1AkUTV74bU=
+.			7127	IN	DNSKEY	256 3 8 AwEAAeN+h0loXPKt7lFdW2zKIDkVHyJ1aYGUVE1dMNBlRH3kTn40JKcHiPOs+fy0OFVCBwoKa1s9qZtdyP1UC0hgKoldj3oELK1yLI5MUbTMcNkWbBMRuxRz/CgZJu3IxcmuZWZMbn4LQDMj5YeiUiuWns5vipFGWWpyPyozQXmenSWOK2GJOwcm7I/DyHVtVdztTvqiHqzy2aRoxwPhmEuAoYzzuNJJw6JNEnXaN/7l2TIciskFyPVPBFZYHnk+1ma906dfehIR190z3lh1ZESL2Yy3VIE2QGpRU6Px4ydH5sXxZ2wSMgqNNga4kjnfM1msBqk3EI48RvTTkuV0yb1eFuU=
+.			7127	IN	RRSIG	DNSKEY 8 0 172800 20200211000000 20200121000000 20326 . UaaPoqlBlRixcabCWMJ9jVvevx+Sp8W5rMt06Tozfg/gefIspEKxw4fx22mRaAQZzdHq9Lt+Who4YpUX95CDrgDYtYJ9NOyICRNlWnY9FNqOW0AreCmEK0qqS52xYb72hJYpFrCILGLD6jl4Ar0LFi29iXnVLQ99+SvD8PPHHkEiIu1WhlES7taEavtbKijyjLYXwagQxSQCzMgkbWN1+S78kJGZEMaBODTZuiiGIw5Jy3OPAQxHQyLTElR5ZuEg59/sSnTCEfmoXcxG9/g6O1qWs6d9hDVadKfXhHr8OTXGoB25Ttp3CyZGdSqRkCwwJpWJ9SlaL+khcJoLFqwm8w==
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS512	OPT	 ; payload 512, xrcode 0, version 0, flags 32768
+
+;; Message size: 864 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 53319
+;; flags: qr rd ra ad cd ; qd: 1 an: 2 au: 0 ad: 1 
+;; QUESTIONS:
+;;	nl., type = DS, class = IN
+
+;; ANSWERS:
+nl.			23199	IN	DS	34112 8 2 3C5B5F9B3557455C50751A9BE9EBE9238C88E19F5F07F930976917B51B95CD22
+nl.			23199	IN	RRSIG	DS 8 1 86400 20200207200000 20200125190000 33853 . Uoj2zHzh4QFG8bFVuEz2M6KIkNDoVxcFsTlPgc9r/jcrHtmDD19FDzQxulwjsSTvg6Y55lknUriMR9A6gFbMKxVdqA1KNa7WqU3RhKvlztBK0BRnK3vYnA0FqxiuCkbckiSRJjkxGe2nLaehxP4Jkg2/1o+AvB1+8lBteKhclV4yfpMnAqdGKYvrNoFIzV90BHMLqs3nqHOg4N0LHzfFhyD7WUHp1/qAVxVD0Q7U2TfpRxWW8hoUZixl3maAcwLFoMCmwIGm9KdaynvwYNt91wfRWp2LLZ5aRDsvBeaHiTI9K1cUU007rKU9jORc7U8C43RJL4DL8afQLF4pingKgQ==
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS512	OPT	 ; payload 512, xrcode 0, version 0, flags 32768
+
+;; Message size: 366 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 22319
+;; flags: qr rd ra ad cd ; qd: 1 an: 3 au: 0 ad: 1 
+;; QUESTIONS:
+;;	nl., type = DNSKEY, class = IN
+
+;; ANSWERS:
+nl.			3511	IN	DNSKEY	257 3 8 AwEAAcb+4kIsKoZM+3ZZpU9kzxrzw30e3b+L0KZeX+aAS3eM+Q+q27Jw0NZ3dqsPSif61GjRW6apjDZ9Ciab3oyEu7IpihVrw94DTjWZTVViZAijAIHwKUzY0YjkT3RvN+xgpw4uZs1SnqCZxYko+15esteKXW/nJpde0d9OeFFBaS2WTCycK+A6gd9DsOw91Y7Z2vrR/2g9N9dMIVq9neB1/KXXm4MttLqJyxRWZNAFTyLGQKzPpQDp9s3qowV2+pcHOh6lUTEeOWiAtotJ/5WyO91viZ5tBfClsyGpggBTaeUQ7T5adhAtX6nRkhePyAtQgCCf63ZpHyoyxvbkDM7yuA0=
+nl.			3511	IN	DNSKEY	256 3 8 AwEAAdDXROYhplVlInShki5RxTj7vFwqk8grVOHwUjwUlvsKBJUknF1PN1TWpHoXvWFXDTviW7jVgPx6RH2I4b/Iq30zHgPxJYT3EtpTzRbX2F1WS5n31r8BrQc3V1LdCGknhpAw6c7SAntrZ6m6nkgDn6z0ySnWri659CjxUgsHCBmD
+nl.			3511	IN	RRSIG	DNSKEY 8 1 3600 20200202095410 20200119113801 34112 nl. YGz3Y0XlKlWblNFPyt/T1cFUJkyB/mSLr9qWloZOUI4yyG/HqHU1aaS51UppjcGnAmCvcIYJ0tC8aNwEb+PW82czWJKX01A/493jQvCFPawqSFJWEFmiIdd7GVghAL5HFkZPyN1zeB/cYO3Y+/1UccY/r3QHlKmNpspJ7OoVo5/gcGvpE3vej5/DKDz/jiSo9wyEvLY09Ifpdsg03yJXCGMgD7kPDkPtnPWNNbUzmLiZbI0O4ePGS7q3G7Ink381KVS6f+3Dyjl0LQtEGEmyYglBl3w4DNAwlTvb7m5HEMarPYCs2Hy9zumSEoxNRpOhCSC3eNFuIT+4+cvzKEFOIw==
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS512	OPT	 ; payload 512, xrcode 0, version 0, flags 32768
+
+;; Message size: 745 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 31479
+;; flags: qr rd ra cd ; qd: 1 an: 2 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ed448.nl., type = DS, class = IN
+
+;; ANSWERS:
+ed448.nl.		3599	IN	DS	24480 16 2 85B885E4BC43270BDAA46860687D8F62D9BEEF1C6E9BEF21A7D80DC18A7943ED
+ed448.nl.		3599	IN	RRSIG	DS 8 2 3600 20200207144247 20200124023802 63744 nl. iBuueusdnKMiKRoiWXOi+ikw4gAkowyAspPklGY1t7U8nO8j+gxT3ooMBd9MdTFslgO7JVqIXUzdYZltUYgw4QsbOIPHZgJRKqsDk/e1PGd14OicoIi4U9QAvxDoiVs4JI7+u3sCi7IRKf2Bjov+3K7QWhKIftyjLaHZUhf9vcE=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS512	OPT	 ; payload 512, xrcode 0, version 0, flags 32768
+
+;; Message size: 247 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 50838
+;; flags: qr rd ra cd ; qd: 1 an: 2 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ed448.nl., type = DNSKEY, class = IN
+
+;; ANSWERS:
+ed448.nl.		1799	IN	DNSKEY	257 3 16 8pYFjTum61L0k+q8HiIkEPipTTbuYnZceMVTJvqMZbhZdwzpkiYHRBHcVxmnOp1RJsGyt6I0myOA
+ed448.nl.		1799	IN	RRSIG	DNSKEY 16 2 1800 20200206000000 20200116000000 24480 ed448.nl. hMzUYoP9CvlqYajBDuODCxSpsouc96EG5A0aYTt78vhcRAuO7SP1n+AkqujGycZoCLNEt3IWONiAXOfAoGAPw3ZRh8W/ECqvX8fleB6UHlZKxrh8WPWn/wLZ2tsnBLXSnUGLypjFb5eqIeY6eUUB0CMA
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS512	OPT	 ; payload 512, xrcode 0, version 0, flags 32768
+
+;; Message size: 264 bytes
+
+###############################################
+
diff --git a/src/test/resources/recordings/org_xbill_DNS_dnssec_TestBogusReasonMessage/testLongBogusReasonIsSplitCorrectly b/src/test/resources/recordings/org_xbill_DNS_dnssec_TestBogusReasonMessage/testLongBogusReasonIsSplitCorrectly
new file mode 100644
index 000000000..b837e997f
--- /dev/null
+++ b/src/test/resources/recordings/org_xbill_DNS_dnssec_TestBogusReasonMessage/testLongBogusReasonIsSplitCorrectly
@@ -0,0 +1,121 @@
+#Date: 2016-06-07T23:59:45+02:00
+;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 31158
+;; flags: qr rd ra ad cd ; qd: 1 an: 0 au: 4 ad: 1 
+;; QUESTIONS:
+;;	01234567890123456789012345678901234567890123456789.01234567890123456789012345678901234567890123456789.01234567890123456789012345678901234567890123456789.01234567890123456789012345678901234567890123456789.isc.org., type = A, class = IN
+
+;; ANSWERS:
+
+;; AUTHORITY RECORDS:
+isc.org.		1163	IN	SOA	ns-int.isc.org. hostmaster.isc.org. 2016060700 7200 3600 24796800 3600
+isc.org.		1163	IN	RRSIG	SOA 5 2 7200 20160706234032 20160606234032 13953 isc.org. bX2SRqyh180R4DME+cdbFM+brddgfJfjDOniLnuKQCeMfWgXWh9ckkYISKglhXW+UCx377dsN1W07tYSHgc5lONcE4dxGftKsKk5yl6JRS9cC/JhIFuO/4kN8yZ1+ZnT1LQvprd/sFJtwABpFOyp/kG1MXnWArkPd6Twz7/9o+w=
+isc.org.		2962	IN	NSEC	01234567890123456789012345678901234567890123456789.01234567890123456789012345678901234567890123456789.01234567890123456789012345678901234567890123456789.01234567890123456789012345678901234567890123456789.isc.org. A NS SOA MX TXT AAAA NAPTR RRSIG NSEC DNSKEY SPF
+isc.org.		2962	IN	RRSIG	NSEC 5 2 3600 20160706234032 20160606234032 13953 isc.org. fnOJeQG2vOwrERAPIqAenLOosbIBT7UvmxOV8Az2ExOhlGxP2CEqZEc5NPVbidq4oZC2kHyG7x31D6LBJXeXgOuanv+uqPNe9UIiUhdj+Egf8FEWIOKp8nxgjQGiGSNbQenWjeWoR91sReFEU+Pn7NPlEI072MzEESOT8oVucx8=
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS512	OPT	 ; payload 512, xrcode 0, version 0, flags 32768
+
+;; Message size: 681 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 34586
+;; flags: qr rd ra ad cd ; qd: 1 an: 3 au: 0 ad: 1 
+;; QUESTIONS:
+;;	., type = DNSKEY, class = IN
+
+;; ANSWERS:
+.			5080	IN	DNSKEY	257 3 8 AwEAAagAIKlVZrpC6Ia7gEzahOR+9W29euxhJhVVLOyQbSEW0O8gcCjFFVQUTf6v58fLjwBd0YI0EzrAcQqBGCzh/RStIoO8g0NfnfL2MTJRkxoXbfDaUeVPQuYEhg37NZWAJQ9VnMVDxP/VHL496M/QZxkjf5/Efucp2gaDX6RS6CXpoY68LsvPVjR0ZSwzz1apAzvN9dlzEheX7ICJBBtuA6G3LQpzW5hOA2hzCTMjJPJ8LbqF6dsV6DoBQzgul0sGIcGOYl7OyQdXfZ57relSQageu+ipAdTTJ25AsRTAoub8ONGcLmqrAmRLKBP1dfwhYB4N7knNnulqQxA+Uk1ihz0=
+.			5080	IN	DNSKEY	256 3 8 AwEAAarQO0FTE/l6LEKFlZllJIwXuLGd3q5d8S8NH+ntOeIMN81A5wAI18g3u9w/esNkThwgXTEa2mX1iOPdTcl3yRleAExxF22lEU2E0GKY2XdYr/BxP5fojJAPRgtEGDl72NSwSnD2/a8uPNirAJZoab36Hlw41QxEl7bmCo0280mt
+.			5080	IN	RRSIG	DNSKEY 8 0 172800 20160614235959 20160531000000 19036 . d6grk7MW27La3d35wcURuLnP5cRhM8OmrQxkuwhKg7riaG52E/1qMt9rrDz29EBWuBbiFnnsCrsteUcTQTThV0y6Uw0Iw/jdcm9LjLg1t2eTTm8JbS4sb0WWzkLecc9d+RMjuvyHa/wrJOpZSqwUloSOPnlg1/QqBBmQeNFS7lM5gcdvTGDVpP7Q4xXKgg/VxkXuBAepkTEnMxtD5ACJg28t4Eb+Sxe1AMX7N2YQ1rVuj1Z3b9mLFvLc/4u++/i2C/KZfTvmG1ev3S4ydwg1HNVqKEwj4d8iQO0TmZRzBmCdhVho8wHWez+3h3A9hUe+uo05kFY/a1ibs75AZKRCbg==
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS512	OPT	 ; payload 512, xrcode 0, version 0, flags 32768
+
+;; Message size: 736 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 3573
+;; flags: qr rd ra ad cd ; qd: 1 an: 3 au: 0 ad: 1 
+;; QUESTIONS:
+;;	org., type = DS, class = IN
+
+;; ANSWERS:
+org.			4955	IN	DS	9795 7 1 364DFAB3DAF254CAB477B5675B10766DDAA24982
+org.			4955	IN	DS	9795 7 2 3922B31B6F3A4EA92B19EB7B52120F031FD8E05FF0B03BAFCF9F891BFE7FF8E5
+org.			4955	IN	RRSIG	DS 8 1 86400 20160617050000 20160607040000 60615 . Jq5yKki+K/BbgXUQYgUK7dSNWM+VXY96ZGHZt3CZSgL+nOGY1T8jMf7QXJYJ0z+G8qv3JhiofeX00QeOfTQDzXOFCXPto66SvAfHs0uVrC41pmxyQCBJOMkn6Z7LN6f4D+MFDD+gJii5bGbNh3pxe0WKTpg/Lr93s++CgprDFGY=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS512	OPT	 ; payload 512, xrcode 0, version 0, flags 32768
+
+;; Message size: 275 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 29457
+;; flags: qr rd ra ad cd ; qd: 1 an: 7 au: 0 ad: 1 
+;; QUESTIONS:
+;;	org., type = DNSKEY, class = IN
+
+;; ANSWERS:
+org.			364	IN	DNSKEY	256 3 7 AwEAAZ+JwpM2QvhT/1EXUPyoiythOolQZGOkjyBZs95c0nXZkz4pcah/s8WWkRgyrr+peLc1P5yoBwWR10/avmNIPfgeRuwKROdCtt+pe0DME9aZIpRGA7CJY18pJR94Zb+sB5ms4CQsOE67wSZZYZt7FSVNmmVHju8vTCDlqWh22m//
+org.			364	IN	DNSKEY	256 3 7 AwEAAebZOMc2aV6wi03zOgdiQhZqTbD043sXt5xRsTPn9vxukojZcsa6cOIrfqPb3l57m7u5H3r8inU8QbsC/aAYV7EOeSGNcK/lQepKSR+rlvq+7iMXoXVa9dL1tRpHDjNLp6QW+ly/jbfe5nzhptfbiiq3o/uSICf7SxF+Ho+vp4MD
+org.			364	IN	DNSKEY	257 3 7 AwEAAZTjbIO5kIpxWUtyXc8avsKyHIIZ+LjC2Dv8naO+Tz6X2fqzDC1bdq7HlZwtkaqTkMVVJ+8gE9FIreGJ4c8G1GdbjQgbP1OyYIG7OHTc4hv5T2NlyWr6k6QFz98Q4zwFIGTFVvwBhmrMDYsOTtXakK6QwHovA1+83BsUACxlidpwB0hQacbD6x+I2RCDzYuTzj64Jv0/9XsX6AYV3ebcgn4hL1jIR2eJYyXlrAoWxdzxcW//5yeL5RVWuhRxejmnSVnCuxkfS4AQ485KH2tpdbWcCopLJZs6tw8q3jWcpTGzdh/v3xdYfNpQNcPImFlxAun3BtORPA2r8ti6MNoJEHU=
+org.			364	IN	DNSKEY	257 3 7 AwEAAcMnWBKLuvG/LwnPVykcmpvnntwxfshHlHRhlY0F3oz8AMcuF8gw9McCw+BoC2YxWaiTpNPuxjSNhUlBtcJmcdkz3/r7PIn0oDf14ept1Y9pdPh8SbIBIWx50ZPfVRlj8oQXv2Y6yKiQik7bi3MT37zMRU2kw2oy3cgrsGAzGN4s/C6SFYon5N1Q2O4hGDbeOq538kATOy0GFELjuauV9guX/431msYu4Rgb5lLuQ3Mx5FSIxXpI/RaAn2mhM4nEZ/5IeRPKZVGydcuLBS8GZlxW4qbb8MgRZ8bwMg0pqWRHmhirGmJIt3UuzvN1pSFBfX7ysI9PPhSnwXCNDXk0kk0=
+org.			364	IN	RRSIG	DNSKEY 7 1 900 20160622150242 20160601140242 9795 org. MoLhr1SsXAwR4JWiAVjbBTlPB5v3V4AGi4N8CRNgeHLcy5YhMezA10sOGNaGMxbrNlgP/lLEAblAG2OUfH2b6B6JbZ8+mGdKjxT12fKwMa3YfQ42DlYHRnDolokGdm0geL2nN3CXIU+2BTDhbIe7Y+NVVuWV+0s9SetcWMNpHkBm8kPUoHJQS/uaw9EOJ5aM1whTcvEaH+Lbk0Fp0wBleN7ERv7NwPPA+9h5PF682ZoKk2/vzRaqThRgIx/h231rw6xkcciCsDMj3/urcq1m7BoW1wWK08lteHAAjcDwdnQmeVKSIAvWRa6qYby9rQ4Mu6ORMLr7Cc4Jwec7SolvNA==
+org.			364	IN	RRSIG	DNSKEY 7 1 900 20160622150242 20160601140242 12510 org. Rlq5SzA2zA9H61D1s7dG+J+zIUNd+r8j8HznA1z83xanFmJ/19hCtaMLWtbOgtC5eg1r1kPFY1Ddjl1s0IRHXhTFm5c7YQjYFVNrHsEA7pOcdwv2hltbQKjTgT/PfOu59RMt2NVMWPAffem0FyDlNIKbsctOe5y8Ot0wXIRugvU=
+org.			364	IN	RRSIG	DNSKEY 7 1 900 20160622150242 20160601140242 17883 org. UrU+wrSQCkm3pVjB4YwRMwI0axgfDfwbFjJkNUG7aE8lW/wvzHX60sq7aS8NQRNqQdiR/7PAs5NZF0kuRULiT+61GVBnEVGi71SrKZayhEuINxNjh3Tu22ogzTRLAAKfm/iHWH3awDPemIM6jqSQGRHEw88gm5Kl7qP1WboQ92pkqJjXSrQmbbsSbyvdRoey2k8/oMkCaG9UVmaxWNA/9zUIOg57gscaG2bqVlE0c7xQSKC4NhuF0ns2S6xcpkl73MS7ZuN6rDhccDJbqH5VZ+QtVUn44mDe5o5Yvon0iPIz0N0mjgPPCCuBT/rVbEYFRZ/PMlyi7GQOVnwZO18Sfg==
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS512	OPT	 ; payload 512, xrcode 0, version 0, flags 32768
+
+;; Message size: 1625 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 44585
+;; flags: qr rd ra cd ; qd: 1 an: 3 au: 0 ad: 1 
+;; QUESTIONS:
+;;	isc.org., type = DS, class = IN
+
+;; ANSWERS:
+isc.org.		14922	IN	DS	12892 5 1 982113D08B4C6A1D9F6AEE1E2237AEF69F3F9759
+isc.org.		14922	IN	DS	12892 5 2 F1E184C0E1D615D20EB3C223ACED3B03C773DD952D5F0EB5C777586DE18DA6B5
+isc.org.		14922	IN	RRSIG	DS 7 2 86400 20160622150242 20160601140242 12510 org. KafYznIS4q2FxkDTTZpw4iCsXIO/Nx2xD9oHVwKLSD3CL8Wp/Yn3fEeUfcmwsmiA81hSN1afBuQfhCH6FY78uGYOyyx5AX9Q/Qp0JY/sKUyp6z2TODSf314Nwuy21yOD1fll4VrS4OgqtND2y0Q9d8F1A+whyJd90b7IFdvmbSs=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS512	OPT	 ; payload 512, xrcode 0, version 0, flags 32768
+
+;; Message size: 283 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 45223
+;; flags: qr rd ra ad cd ; qd: 1 an: 4 au: 0 ad: 1 
+;; QUESTIONS:
+;;	isc.org., type = DNSKEY, class = IN
+
+;; ANSWERS:
+isc.org.		166	IN	DNSKEY	256 3 5 AwEAAbiHaDVOPBsWPvRvtfYF2AeL4NOBf+mDktCFtaxdf7h7dHBzXAW86vMMvs8CbH5Qs5gJJT4vsRYh4lUtMJLBP8TMkAkhqm+57IKvQmsLCXgBFthgy1kq01GkgiwAysf0LL1N/yR0+GEfMsmjhDxRWb1lHl1O+blG2/l52vyZ060T
+isc.org.		166	IN	DNSKEY	257 3 5 BEAAAAOhHQDBrhQbtphgq2wQUpEQ5t4DtUHxoMVFu2hWLDMvoOMRXjGrhhCeFvAZih7yJHf8ZGfW6hd38hXG/xylYCO6Krpbdojwx8YMXLA5/kA+u50WIL8ZR1R6KTbsYVMf/Qx5RiNbPClw+vT+U8eXEJmO20jIS1ULgqy347cBB1zMnnz/4LJpA0da9CbKj3A254T515sNIMcwsB8/2+2E63/zZrQzBkj0BrN/9Bexjpiks3jRhZatEsXn3dTy47R09Uix5WcJt+xzqZ7+ysyLKOOedS39Z7SDmsn2eA0FKtQpwA6LXeG2w+jxmw3oA8lVUgEf/rzeC/bByBNsO70aEFTd
+isc.org.		166	IN	RRSIG	DNSKEY 5 2 7200 20160706230738 20160606230738 12892 isc.org. Ah/AXCKOGFp0EsnM605S/56wK2z7ihmIIBufPdeVzikvR/P6kmctyfUnT8gpEFAyveT8tZtLJM3OCsjvaMSh/SVZ84T4ICvDCuG8YuzWkJS6WYh1QiAZFhrC2IRhXfdbtodL0iy7kse8MsmU5fLJS2t65UGlRioCQ3ji7GCNllHeVqzW5Xj7rKBTZqj/juoHCPSmSNsTpvIBJdHCVT4mjJexlBAMyOdpXLcs9Td5OSahO+gpD6fbb0MCG7EN5B9xaqVVr4Bawdk8eu5t/sZqbdU7VZUWwIP+i93CpIQnI2eKq2VIKslrxSycyVWJz1WBqOu6Dle8dYiu11dS+W02+w==
+isc.org.		166	IN	RRSIG	DNSKEY 5 2 7200 20160706230738 20160606230738 13953 isc.org. PbpBZU66p3fkgeLbVhRjChbNPxXVotQPs09nXOnVLiPHi0L16oqzpyAiPYDXxLZV1D+g7rUofvzU+dqD8toPXS9wXAlMk7yOuni7a0yopYyFcGGE3HUMOJAlO7RQSFNgUbebxS+h8y57jB932JjqVjGoDlfd227DqfBhlpl1o3Q=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS512	OPT	 ; payload 512, xrcode 0, version 0, flags 32768
+
+;; Message size: 923 bytes
+
+###############################################
+
diff --git a/src/test/resources/recordings/org_xbill_DNS_dnssec_TestCNames/testCNameToExternalUnsignedVoid b/src/test/resources/recordings/org_xbill_DNS_dnssec_TestCNames/testCNameToExternalUnsignedVoid
new file mode 100644
index 000000000..11351f8d8
--- /dev/null
+++ b/src/test/resources/recordings/org_xbill_DNS_dnssec_TestCNames/testCNameToExternalUnsignedVoid
@@ -0,0 +1,103 @@
+#Date: 2015-01-06T22:34:53+01:00
+;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 19653
+;; flags: qr rd ra cd ; qd: 1 an: 1 au: 6 ad: 1 
+;; QUESTIONS:
+;;	cvoid.dnssectest.jitsi.net., type = A, class = IN
+
+;; ANSWERS:
+cvoid.dnssectest.jitsi.net.	10800	IN	CNAME	void.invalid.example.
+
+;; AUTHORITY RECORDS:
+.			10800	IN	SOA	a.root-servers.net. nstld.verisign-grs.com. 2015010601 1800 900 604800 86400
+.			10800	IN	RRSIG	SOA 8 0 86400 20150113170000 20150106160000 16665 . R9ZOwEb5fodQQNRl4WvguyqEzOxdNPQ18nI+0R5sB2JSqG4Qz45SwW+vfnFCF01UW43/GdEfGOScrYVP2UBM8F2WOM+tHMZN0t9BbP9uszTWhzdYNCl3UKYYJiB59b8HIhKXlERPVfW2UEgIiI2VajShJnUv67W8gQO56hgTNEE=
+.			10800	IN	RRSIG	NSEC 8 0 86400 20150113170000 20150106160000 16665 . wlEpGn1C8YZzJjIrlJp/GSud5FuLAZZj9C54DrKEl9gELWeIFJgLwkI1tcH4EhabbsNScB7SPOmVmnLkuM4Q6yJkmI1HXeBrddxniI2YEw+m9++/i19AqfDxuVYs52peKxXdEZ/sIS5JtDz3bdB44IAp2k1ue780z0xRV796vUk=
+.			10800	IN	NSEC	abogado. NS SOA RRSIG NSEC DNSKEY
+everbank.		10800	IN	RRSIG	NSEC 8 1 86400 20150113170000 20150106160000 16665 . QZcGZd7ZHWpt4cbDBq4y27PePP+BswDry6qVkqNkuNRd8MSHh74SvwbhyWmqjLR0agHYPOT7+gG/6hZmJ2n6EHCXAngQYWxgO6I0acqbkbEC8Ecf3WN1VUT0PD0cntMFaJUAAA0W/hcINLYMd/K8QT5SVgnfmkkZdhjqBW0fmlA=
+everbank.		10800	IN	NSEC	exchange. NS DS RRSIG NSEC
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 703 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 30978
+;; flags: qr rd ra ad cd ; qd: 1 an: 4 au: 0 ad: 1 
+;; QUESTIONS:
+;;	., type = DNSKEY, class = IN
+
+;; ANSWERS:
+.			87381	IN	DNSKEY	256 3 8 AwEAAe3fSrbLBy3LOS7pnxEUhvPZTE2H5dIGsI/UfruI/nOEvWWa/PSX2BFedBkEqOlYdjdNF2f+6lmfk2Od/xu0v5bVqxFE+/24v3hZSlWBxvXzPTAGHrbW/IJYEPqlzVOAS4XdUgHg0N7IbLywNHMvB+Yf+Nm6ctyXXFLV4WTNnzs7
+.			87381	IN	DNSKEY	257 3 8 AwEAAagAIKlVZrpC6Ia7gEzahOR+9W29euxhJhVVLOyQbSEW0O8gcCjFFVQUTf6v58fLjwBd0YI0EzrAcQqBGCzh/RStIoO8g0NfnfL2MTJRkxoXbfDaUeVPQuYEhg37NZWAJQ9VnMVDxP/VHL496M/QZxkjf5/Efucp2gaDX6RS6CXpoY68LsvPVjR0ZSwzz1apAzvN9dlzEheX7ICJBBtuA6G3LQpzW5hOA2hzCTMjJPJ8LbqF6dsV6DoBQzgul0sGIcGOYl7OyQdXfZ57relSQageu+ipAdTTJ25AsRTAoub8ONGcLmqrAmRLKBP1dfwhYB4N7knNnulqQxA+Uk1ihz0=
+.			87381	IN	DNSKEY	256 3 8 AwEAAaPD7Y7XIi1MOEREJNTrRhyqsY3gff6JWzg+XCbqut1sbcbvqyssHw8DT1AkRaAC92pO8xuyq5QEgEPL1IHfABLwpwXI5gTj4gdwi86bpkmlWs9fRpnn4DPDCTdrnxIejJXgClHikLJF3u3CdpNCMijq4CKdQbMlRZ3avv+G7rh7
+.			87381	IN	RRSIG	DNSKEY 8 0 172800 20150115235959 20150101000000 19036 . i8cAxD2pvQi1oAyvQxRpDfFlbqPzW+69QQEsDwE1eWOm5AtawO9U7lmsGps7sy/fVNvl1ljKBj4Djp9pb3U2FLogjiIlW0cDAkPmLlG9t+b/pjEfBNlhjANUVN06pvQVAfm+LcF26EaWT6FlISBqb6jSy4BHRa3Bdc4Sx7+pRSYSqVVvYxLkfAWsKPqGkvWhebJDndJJV9syXQXgZ+v/uJ+6XOS43xkAdeL8iBzIs/FlwMTfh3tVe3d0lb65IBBLlCzeQuetX+0Vu1YFcnD0mHc/wS2ZnAV5toAFmyVQBoY/XAZiZeaOkcROJ6Zmqezy7liwK7BqsYyAZntMhk8lbg==
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 883 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 43389
+;; flags: qr rd ra cd ; qd: 1 an: 2 au: 0 ad: 1 
+;; QUESTIONS:
+;;	net., type = DS, class = IN
+
+;; ANSWERS:
+net.			1016	IN	DS	35886 8 2 7862B27F5F516EBE19680444D4CE5E762981931842C465F00236401D8BD973EE
+net.			1016	IN	RRSIG	DS 8 1 86400 20150112170000 20150105160000 16665 . lvtZMm89bm5FBumG9OVTrChfGK7FuHkqEBDxT4QsR4IRE1frrHGyUSF1P9FjIpvE20dHjRvkl0llLTPNfQB97T/0QSKXVO1+mK+jM57AHPUbYZczgJ4iD4owxv50G8viJx58PSg3pGOP32CyJbgjKUxk5zbLKRnojuHT7FwdB+A=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 239 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 30421
+;; flags: qr rd ra cd ; qd: 1 an: 3 au: 0 ad: 1 
+;; QUESTIONS:
+;;	net., type = DNSKEY, class = IN
+
+;; ANSWERS:
+net.			1016	IN	DNSKEY	257 3 8 AQOYBnzqWXIEj6mlgXg4LWC0HP2n8eK8XqgHlmJ/69iuIHsa1TrHDG6TcOra/pyeGKwH0nKZhTmXSuUFGh9BCNiwVDuyyb6OBGy2Nte9Kr8NwWg4q+zhSoOf4D+gC9dEzg0yFdwT0DKEvmNPt0K4jbQDS4Yimb+uPKuF6yieWWrPYYCrv8C9KC8JMze2uT6NuWBfsl2fDUoV4l65qMww06D7n+p7RbdwWkAZ0fA63mXVXBZF6kpDtsYD7SUB9jhhfLQE/r85bvg3FaSs5Wi2BaqN06SzGWI1DHu7axthIOeHwg00zxlhTpoYCH0ldoQz+S65zWYi/fRJiyLSBb6JZOvn
+net.			1016	IN	DNSKEY	256 3 8 AQPOLFKjvGKxyqclqQ0cOL99u9IQcUcMvVOpEgMC1lbsK7juIO5jeXF10hH2PhYdZF4HvPtHetU1P5cozol6ExskddyUw33MHIMIll3ryQhsN3MWRmmMZpj2gZhKsQQ+NJ81MxfYT40W6rQkVQ7t7J3+PQsPoEUXfFDxtzIBO5OgeQ==
+net.			1016	IN	RRSIG	DNSKEY 8 1 86400 20150111173857 20150104173357 35886 net. Ds4nPxTvsyrzL3G1+8lFLawSR9pyq1zbdvJdq2VL3SMjnarPdBdHD09A8WC5k21mm1yp9Yl4cgTP5Eb1PVOxhvcvrgMbHOdkDB5ZJP0sk6jwkTEY/abUDqC8nBdbbwVLGLhkfZCNEHPn2aYGNi2eBWRruzRS9cjAZlM0KbkPXNya+Xq0KkjsIaozkgaoDvmtqDmHoAZwxRVHryvIcB2iMAJjsLtfBR9uENb93D3fN8L+/EGkjuoyA6NEHWW3AeiTc5CK3cuF0RXrRVlC2ZlrNaBe9c2rurZDL8VHZGx/D2TIj7EcHU1Gb4Hxyb8xQYecG6PvmE5+cMYoOo7N0rCOhA==
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 743 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 22947
+;; flags: qr rd ra cd ; qd: 1 an: 0 au: 6 ad: 1 
+;; QUESTIONS:
+;;	jitsi.net., type = DS, class = IN
+
+;; ANSWERS:
+
+;; AUTHORITY RECORDS:
+net.			900	IN	SOA	a.gtld-servers.net. nstld.verisign-grs.com. 1420580071 1800 900 604800 86400
+net.			900	IN	RRSIG	SOA 8 1 900 20150113213431 20150106202431 6647 net. Oo+RNWfHsZh3xLf6tXP6fvy2NVGDm83QCNw6K0k5IWv68Qlq9O9JKGbyH38fsBe9yce5KXSbMP3x/STDNNQBMuF6bqtSmFntJ04IydrFXruUQ7ZYCOXOA+qIYEH7Uaoz8GAJ2g/VCngUJQRsJVbMC1p11WlbVSufCbKRmxLjHh8=
+A1RT98BS5QGC9NFI51S9HCI47ULJG6JH.net.	900	IN	RRSIG	NSEC3 8 2 86400 20150112060337 20150105045337 6647 net. S5luUHZNIAKGwCaXJrR3iMPf7zy8F01LXnIm69iMeH4iu7DjtAeYCDFk4yFch5mbuzhIbk4I3MEK2C4B6kQsQtaEO/qCbhT5JLyD0of5WDuvBumLz54RYHhv0gCSzzHt17+VM1suO58R9ciU1E/ZK7aqe55vnOFdySU9J5GtAbM=
+A1RT98BS5QGC9NFI51S9HCI47ULJG6JH.net.	900	IN	NSEC3	1 1 0 - A1RUUFFJKCT2Q54P78F8EJGJ8JBK7I8B NS SOA RRSIG DNSKEY NSEC3PARAM
+BJLKS9K921PG1IINN15L0VRSEDGACIMT.net.	900	IN	RRSIG	NSEC3 8 2 86400 20150113060049 20150106045049 6647 net. vK/ekvWS+rAvJSO7MOPHSC48Dl1YEFB+9lPVij54nZgeDUva84SSATqCuzzM3feJYzATYNuqmeROq3vM2QOtbbuIltKIfryUmzo83+Im7ZLXh6lW53j0l4zsUmBvPaj4l8JJzpdrbqf7WB75664ANzv2wwXSWpV/F9PJYqVe+Hk=
+BJLKS9K921PG1IINN15L0VRSEDGACIMT.net.	900	IN	NSEC3	1 1 0 - BJM99D76H567GQKJV87VAIPCTVI7SD7A NS DS RRSIG
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 759 bytes
+
+###############################################
+
diff --git a/src/test/resources/recordings/org_xbill_DNS_dnssec_TestCNames/testCNameToInvalidSigned b/src/test/resources/recordings/org_xbill_DNS_dnssec_TestCNames/testCNameToInvalidSigned
new file mode 100644
index 000000000..e7341aac6
--- /dev/null
+++ b/src/test/resources/recordings/org_xbill_DNS_dnssec_TestCNames/testCNameToInvalidSigned
@@ -0,0 +1,236 @@
+#Date: 2015-01-06T22:34:58+01:00
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 51540
+;; flags: qr aa rd ra cd ; qd: 1 an: 5 au: 6 ad: 11 
+;; QUESTIONS:
+;;	cfailed.ingotronic.ch., type = A, class = IN
+
+;; ANSWERS:
+cfailed.ingotronic.ch.	300	IN	CNAME	www.dnssec-failed.org.
+cfailed.ingotronic.ch.	300	IN	RRSIG	CNAME 5 3 300 20150125010136 20141226005030 17430 ingotronic.ch. mgZy6VoaP0RNTOyEsr9QFpUoWSSCbuMi5SsJHqF/GE9q7ejF2SBBslVCufhRDrHFZHL2MO7NZGIpaYr3qQTBEuciPaNetBszGJS740pWwbz7pVENXsDUKbOr0Nyeai2aWh8EKuhk2kzAFCTguZe9w+oOZPEQYKTIHjvE5gLA7bA=
+www.dnssec-failed.org.	7200	IN	A	69.252.193.191
+www.dnssec-failed.org.	7200	IN	A	68.87.109.242
+www.dnssec-failed.org.	7200	IN	RRSIG	A 5 3 7200 20150109165051 20150102134551 41118 dnssec-failed.org. JYn9DWTh8isQjK7Xbc6b85MY4Sf4ZI4HQCatS5pN0zsEYjMVcwsv+hLxPwvAVpyDb/Ew4g9Vhuph/1/3DUmfOHRMJWe8bliRSVx+zsJGwGKf6wY+XkXmnSfNwYAzgO8nONVvhUUfFdZC+PDggQei5tlnnVh+HhFOlrfJK6baM14=
+
+;; AUTHORITY RECORDS:
+dnssec-failed.org.	1024	IN	NS	dns101.comcast.net.
+dnssec-failed.org.	1024	IN	NS	dns105.comcast.net.
+dnssec-failed.org.	1024	IN	NS	dns103.comcast.net.
+dnssec-failed.org.	1024	IN	NS	dns104.comcast.net.
+dnssec-failed.org.	1024	IN	NS	dns102.comcast.net.
+dnssec-failed.org.	1024	IN	RRSIG	NS 5 2 7200 20150109165051 20150102134551 41118 dnssec-failed.org. KgBDFY0Fmua62wqbOFEEYUmqRm89/8PNWce1Gpp1BclSvzBSe4+sId64tRlKxuCKY5SJU9X3XJhWQGSokNFyZPhcxjB1HmrA0YKArrzV1gJk/07uCQQt4vhLN98abxFJ0NcY/5MsXmeRPrMrbvQSV1Mzb+WSQi6nyNfWiaH22ts=
+
+;; ADDITIONAL RECORDS:
+dns101.comcast.net.	87424	IN	A	69.252.250.103
+dns101.comcast.net.	87424	IN	AAAA	2001:558:fe23:8:69:252:250:103
+dns102.comcast.net.	87424	IN	A	68.87.85.132
+dns102.comcast.net.	87424	IN	AAAA	2001:558:1004:7:68:87:85:132
+dns103.comcast.net.	87424	IN	A	68.87.76.228
+dns103.comcast.net.	87424	IN	AAAA	2001:558:1014:c:68:87:76:228
+dns104.comcast.net.	87424	IN	A	68.87.68.244
+dns104.comcast.net.	87424	IN	AAAA	2001:558:100a:5:68:87:68:244
+dns105.comcast.net.	87424	IN	A	68.87.72.244
+dns105.comcast.net.	87424	IN	AAAA	2001:558:100e:5:68:87:72:244
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 980 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 46886
+;; flags: qr rd ra ad cd ; qd: 1 an: 4 au: 0 ad: 1 
+;; QUESTIONS:
+;;	., type = DNSKEY, class = IN
+
+;; ANSWERS:
+.			87376	IN	DNSKEY	257 3 8 AwEAAagAIKlVZrpC6Ia7gEzahOR+9W29euxhJhVVLOyQbSEW0O8gcCjFFVQUTf6v58fLjwBd0YI0EzrAcQqBGCzh/RStIoO8g0NfnfL2MTJRkxoXbfDaUeVPQuYEhg37NZWAJQ9VnMVDxP/VHL496M/QZxkjf5/Efucp2gaDX6RS6CXpoY68LsvPVjR0ZSwzz1apAzvN9dlzEheX7ICJBBtuA6G3LQpzW5hOA2hzCTMjJPJ8LbqF6dsV6DoBQzgul0sGIcGOYl7OyQdXfZ57relSQageu+ipAdTTJ25AsRTAoub8ONGcLmqrAmRLKBP1dfwhYB4N7knNnulqQxA+Uk1ihz0=
+.			87376	IN	DNSKEY	256 3 8 AwEAAaPD7Y7XIi1MOEREJNTrRhyqsY3gff6JWzg+XCbqut1sbcbvqyssHw8DT1AkRaAC92pO8xuyq5QEgEPL1IHfABLwpwXI5gTj4gdwi86bpkmlWs9fRpnn4DPDCTdrnxIejJXgClHikLJF3u3CdpNCMijq4CKdQbMlRZ3avv+G7rh7
+.			87376	IN	DNSKEY	256 3 8 AwEAAe3fSrbLBy3LOS7pnxEUhvPZTE2H5dIGsI/UfruI/nOEvWWa/PSX2BFedBkEqOlYdjdNF2f+6lmfk2Od/xu0v5bVqxFE+/24v3hZSlWBxvXzPTAGHrbW/IJYEPqlzVOAS4XdUgHg0N7IbLywNHMvB+Yf+Nm6ctyXXFLV4WTNnzs7
+.			87376	IN	RRSIG	DNSKEY 8 0 172800 20150115235959 20150101000000 19036 . i8cAxD2pvQi1oAyvQxRpDfFlbqPzW+69QQEsDwE1eWOm5AtawO9U7lmsGps7sy/fVNvl1ljKBj4Djp9pb3U2FLogjiIlW0cDAkPmLlG9t+b/pjEfBNlhjANUVN06pvQVAfm+LcF26EaWT6FlISBqb6jSy4BHRa3Bdc4Sx7+pRSYSqVVvYxLkfAWsKPqGkvWhebJDndJJV9syXQXgZ+v/uJ+6XOS43xkAdeL8iBzIs/FlwMTfh3tVe3d0lb65IBBLlCzeQuetX+0Vu1YFcnD0mHc/wS2ZnAV5toAFmyVQBoY/XAZiZeaOkcROJ6Zmqezy7liwK7BqsYyAZntMhk8lbg==
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 883 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 13800
+;; flags: qr rd ra ad cd ; qd: 1 an: 2 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ch., type = DS, class = IN
+
+;; ANSWERS:
+ch.			976	IN	DS	46375 8 2 8F96646FC68BB7E4AF4C0750A6096FBC0D4ECDA3D3FA6DA06FDDB42EE50C6CF3
+ch.			976	IN	RRSIG	DS 8 1 86400 20150112170000 20150105160000 16665 . thY7xYWBBxiBjqbQIb9fAG4TmQgnziwM7q6P1T3/ITxmECdvOCQnnZA3uD7qmN8uM0HudsD7+y+zgD3rsH4RSTKdL4kHSI0OnCxToMTvklghEgFDezqIRm8NkWdI2H4Stwrj20nYKSpLQxPI2EE54gs18P3KyO8bAUYv8Qx73xU=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 238 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 31528
+;; flags: qr rd ra ad cd ; qd: 1 an: 4 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ch., type = DNSKEY, class = IN
+
+;; ANSWERS:
+ch.			976	IN	DNSKEY	257 3 8 AwEAAb7GhhZ8IAy/AhwmSms5DeQK5ad09wIIplEpYoiAIYXPtJvT1ReFzyfTp/2YP+g/PWDwHPh4qKAHa9x0VgbIQcGAeNakmfkAdWEmCnca323/SAml3mwfaX62G7/uYWae5zh8QTxZKNd+K1yZ5x0IxnI31chSl5xymRbTEHYZDKwSIRFM3fTxUMt93WFaBVWELReYotJBr++rvAWdnlay5TPBTvheLBkaiqtgM4GP8HK07Y+86lsZnEsj5K3G1KTV5SPpa82rqYAwxG9VKbmSE/6/kBR5jJHjt1rRt5Oe7v18aEtw0YCEN4vxq+KuvMoNVqXUsE9LBwHJD+QNwi6wmB0=
+ch.			976	IN	DNSKEY	256 3 8 AwEAAcsg0kY6fw1wzYMhSAKTy+Y2JzAst66P/1odp9NECJJHbU8f4nwziI3onoFSBV0ZiSZhY1aH5dhdDZ7BkrqhVXSrZPAz0CvzjIxmB1gSOf9DeZvjQvoy97HqYolxsf+B3QQv2RKBT67elF5+JisKg3/dQISelKn8LhabSoVrMlD1
+ch.			976	IN	DNSKEY	256 3 8 AwEAAcSLdT0fEmcFmLpeUkAJoeVaHKiu+nbuc43fWlqaCRVf8t2HA4uWxOk0O5ci9nrFTc8nq8oa5fk5Cj7CHh4yrX9qUCfTdIWTyp8BDEdJpS+Dyb0u9wQuVj+nQMj4fLzdQf4TJs3/qxuiLr3nL1UUwlhhXeqSqGVb7p3mtB5HJ8ad
+ch.			976	IN	RRSIG	DNSKEY 8 1 86400 20150127100909 20141212090909 46375 ch. bT8q0FWyeMH0SulNo6UdIIgZYNATwYsee2bikq2Gh339Bufma8eaqWIPYT3XKmxYPBFOw0bVl+kLZxTwbR1CFoCDXoP+qgQhh4mf9qkNiv2CDSc+0FE3FRREn+DAhYTUEuB58FPiPakFB8s8O7T+k2qhDae7jy4/y7Jl1lnjaBY8s7bzOUPhF0KKCNZmvoKwtL23ZdVeTSV1xM3jkiNnpzBKbcoSWECSGJVp1SE0BnRXdwQP41YTXFZ0310YjaTAUCC5qbMIWdEkHjfdSQtKBImnc85mkapq9w++XQ4zhauPWBtrPV3CcoCahjUaWdjrKVkibomlJZaN8MEO23CfQw==
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 893 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 39803
+;; flags: qr rd ra cd ; qd: 1 an: 3 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ingotronic.ch., type = DS, class = IN
+
+;; ANSWERS:
+ingotronic.ch.		3584	IN	DS	6031 5 1 733D0218B571CD617B1A7493564B9FC4F12ADE82
+ingotronic.ch.		3584	IN	DS	6031 5 2 4A948F2FDADA24686E473EDAC00DCF972584C75E3FAA92C2021B6221449FF87E
+ingotronic.ch.		3584	IN	RRSIG	DS 8 2 3600 20150129033614 20150105123019 60789 ch. rVPJP2HhzW7OkroK2axFj5Lb4iVWCH8Fp/Iq1rF952NDo72b8RiKje2RaAKJAGQ+wd0YgE+PAej04GCmkhlDJA/zvPeeTxuhy3HbJzReMlQ7fjyH+wW1hli+FuIYvogXWf7nO/9VyPORt8X/f/pjrOr3Vlj9sGLN8TGYpEuVSw4=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 288 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 8543
+;; flags: qr aa rd ra cd ; qd: 1 an: 4 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ingotronic.ch., type = DNSKEY, class = IN
+
+;; ANSWERS:
+ingotronic.ch.		300	IN	DNSKEY	256 3 5 AwEAAZ2Xh77GFzpEDx7EHYxShqltHgkiG+BOjBGifEmnJhQSdE5/yNSLFNcdhZZ8HUPxYnaedTqJcFFg4AzUsQklF/fECegTJdZjaj2WoL0/I8K7HMfY/hVuRZUWPNglYi8agJRX6gdkFTCpUNI7stpgKqxtzUJhhw15uG/lKMplwqUr
+ingotronic.ch.		300	IN	DNSKEY	257 3 5 AwEAAeA1vzmjaB+eBAcvhzpKEgAEFpvQ1rg4uKDW6MsQtacKoqBpgyep2+LuWotz5p/xYxj3NGsArwN8Ad5cY0FHRr8miTT0elOv6nvlqGIfRuhj/BXAQ1x4ihpSFslHw0lJMYFwxsUZWpUyjWX/nv1xRZMMwF46gui0N4OEbyTYusCk77D+A71k+K0EAitFIbIH4GCUKmH1H7HmXhSVH9bN/n7KEGwW32lmsuuUcJoRKDkcUvbMXY/9Xoa2quERrUg/rBbDUHowRPjYDS5GzY1+f4YY8s40BufGiqyUTKKXL953MVFK8gmezXA0hbmrnZ7CBOw/7238mORAdzExaX8n7CE=
+ingotronic.ch.		300	IN	RRSIG	DNSKEY 5 2 300 20150125003700 20141226001657 6031 ingotronic.ch. rs1QlP2SlSpA2ELbzwg3DgWLzXWL3Lpv6CUJE2Q0qH2Zp7Qdy3cD+ZEtNh9v24Qv1M6JJ3zFt8mmZoCeW2ycuMbJCqBkW9CBuwF+VznZvZY2MxwPipvhvEEGP//0M8YAZJ66yQPDv3PTdAP8FYbIrJyvY44vwyncwbslpfHT9jAsrbfr3vuMuWps86dnP462q+0s1TxBfqi8mzo3gdavjHKWVNwohLahLKT+tWeu6DSzQv0YwMjwtkLgF7QRgx3ctIIkloOrnx9nHH1N6y+hxEB89fOlyVDjHhgL5uVtsD5fEdT0FJ2Gc/2nShEMMqIwr1/J9kUq1mNySff/uEe65Q==
+ingotronic.ch.		300	IN	RRSIG	DNSKEY 5 2 300 20150125003700 20141226001657 17430 ingotronic.ch. mEwZjhQqeWksWD0TCnNBrtce4YkWJL3edqL6PvAUu8Fn+Ih437kEs3+pqdkgRsdYQ9HW+lBm/8pWwJlNAv0bi9NykItXMwAUFtncgq+6Pnh3iAM972GXSa5VV4LcGQ5b8CBdHCHiEKDqyPv5Hr5QfYL/FQaWlcNRh4QZZlZNPFA=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 940 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 22565
+;; flags: qr rd ra ad cd ; qd: 1 an: 4 au: 0 ad: 1 
+;; QUESTIONS:
+;;	., type = DNSKEY, class = IN
+
+;; ANSWERS:
+.			87375	IN	DNSKEY	257 3 8 AwEAAagAIKlVZrpC6Ia7gEzahOR+9W29euxhJhVVLOyQbSEW0O8gcCjFFVQUTf6v58fLjwBd0YI0EzrAcQqBGCzh/RStIoO8g0NfnfL2MTJRkxoXbfDaUeVPQuYEhg37NZWAJQ9VnMVDxP/VHL496M/QZxkjf5/Efucp2gaDX6RS6CXpoY68LsvPVjR0ZSwzz1apAzvN9dlzEheX7ICJBBtuA6G3LQpzW5hOA2hzCTMjJPJ8LbqF6dsV6DoBQzgul0sGIcGOYl7OyQdXfZ57relSQageu+ipAdTTJ25AsRTAoub8ONGcLmqrAmRLKBP1dfwhYB4N7knNnulqQxA+Uk1ihz0=
+.			87375	IN	DNSKEY	256 3 8 AwEAAaPD7Y7XIi1MOEREJNTrRhyqsY3gff6JWzg+XCbqut1sbcbvqyssHw8DT1AkRaAC92pO8xuyq5QEgEPL1IHfABLwpwXI5gTj4gdwi86bpkmlWs9fRpnn4DPDCTdrnxIejJXgClHikLJF3u3CdpNCMijq4CKdQbMlRZ3avv+G7rh7
+.			87375	IN	DNSKEY	256 3 8 AwEAAe3fSrbLBy3LOS7pnxEUhvPZTE2H5dIGsI/UfruI/nOEvWWa/PSX2BFedBkEqOlYdjdNF2f+6lmfk2Od/xu0v5bVqxFE+/24v3hZSlWBxvXzPTAGHrbW/IJYEPqlzVOAS4XdUgHg0N7IbLywNHMvB+Yf+Nm6ctyXXFLV4WTNnzs7
+.			87375	IN	RRSIG	DNSKEY 8 0 172800 20150115235959 20150101000000 19036 . i8cAxD2pvQi1oAyvQxRpDfFlbqPzW+69QQEsDwE1eWOm5AtawO9U7lmsGps7sy/fVNvl1ljKBj4Djp9pb3U2FLogjiIlW0cDAkPmLlG9t+b/pjEfBNlhjANUVN06pvQVAfm+LcF26EaWT6FlISBqb6jSy4BHRa3Bdc4Sx7+pRSYSqVVvYxLkfAWsKPqGkvWhebJDndJJV9syXQXgZ+v/uJ+6XOS43xkAdeL8iBzIs/FlwMTfh3tVe3d0lb65IBBLlCzeQuetX+0Vu1YFcnD0mHc/wS2ZnAV5toAFmyVQBoY/XAZiZeaOkcROJ6Zmqezy7liwK7BqsYyAZntMhk8lbg==
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 883 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 40773
+;; flags: qr rd ra cd ; qd: 1 an: 3 au: 0 ad: 1 
+;; QUESTIONS:
+;;	org., type = DS, class = IN
+
+;; ANSWERS:
+org.			1024	IN	DS	21366 7 1 E6C1716CFB6BDC84E84CE1AB5510DAC69173B5B2
+org.			1024	IN	DS	21366 7 2 96EEB2FFD9B00CD4694E78278B5EFDAB0A80446567B69F634DA078F0D90F01BA
+org.			1024	IN	RRSIG	DS 8 1 86400 20150112170000 20150105160000 16665 . TeNrVbBDgqdrbpdIweTad3yMLn+APxxlDpr717kqNgkOc8OxLFE/pFGzfSCYfc5hlMNB/nY1XhIJbWwvd26xOjwcB1rK3yo/Cfa5Pt4P+qV45QYW2JlatQVQPHtgMOf1KvUzXy4DlKzE5yHvHNGscfMOgIDeyWyDS8XwdrEIRR0=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 275 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 5431
+;; flags: qr rd ra cd ; qd: 1 an: 7 au: 0 ad: 1 
+;; QUESTIONS:
+;;	org., type = DNSKEY, class = IN
+
+;; ANSWERS:
+org.			900	IN	DNSKEY	257 3 7 AwEAAYpYfj3aaRzzkxWQqMdl7YExY81NdYSv+qayuZDodnZ9IMh0bwMcYaVUdzNAbVeJ8gd6jq1sR3VvP/SR36mmGssbV4Udl5ORDtqiZP2TDNDHxEnKKTX+jWfytZeT7d3AbSzBKC0v7uZrM6M2eoJnl6id66rEUmQC2p9DrrDg9F6tXC9CD/zC7/y+BNNpiOdnM5DXk7HhZm7ra9E7ltL13h2mx7kEgU8e6npJlCoXjraIBgUDthYs48W/sdTDLu7N59rjCG+bpil+c8oZ9f7NR3qmSTpTP1m86RqUQnVErifrH8KjDqL+3wzUdF5ACkYwt1XhPVPU+wSIlzbaAQN49PU=
+org.			900	IN	DNSKEY	256 3 7 AwEAAXTZXCkp3UaDofhKlicjaZR/XeMFVkRSXRZsYP9OBRFZB44675hHORNE+QAijMdWOQeQt1SUWGyeJ5SHPVirGVxt9wCCqOeMTx7WvImZAKuqUl9H5N3Wn6FRidaub7d76IjxKZbkAHhGSJSzRTuuHbyjtrJVGcJ18kZHELyIsqZ3
+org.			900	IN	DNSKEY	257 3 7 AwEAAZTjbIO5kIpxWUtyXc8avsKyHIIZ+LjC2Dv8naO+Tz6X2fqzDC1bdq7HlZwtkaqTkMVVJ+8gE9FIreGJ4c8G1GdbjQgbP1OyYIG7OHTc4hv5T2NlyWr6k6QFz98Q4zwFIGTFVvwBhmrMDYsOTtXakK6QwHovA1+83BsUACxlidpwB0hQacbD6x+I2RCDzYuTzj64Jv0/9XsX6AYV3ebcgn4hL1jIR2eJYyXlrAoWxdzxcW//5yeL5RVWuhRxejmnSVnCuxkfS4AQ485KH2tpdbWcCopLJZs6tw8q3jWcpTGzdh/v3xdYfNpQNcPImFlxAun3BtORPA2r8ti6MNoJEHU=
+org.			900	IN	DNSKEY	256 3 7 AwEAAawm+6jDEf5ymhSAeQKaJrF0FTdqp4T0F1SE/KSFEcd/MUaBW0J8NyrJZXQJ0I3KpvXJSk3b0Z3X8StBpngUWOa9/iePG5WaR8Edj0JENd6Cy1R7WawrtYAfQ1AWnvGTbvf0rFa2GcMfhyNKeY8UO5TWKECE4AF4C+LlGe12TICh
+org.			900	IN	RRSIG	DNSKEY 7 1 900 20150126170632 20150105160632 9795 org. b4jnXExJ1MgfUZffo8HVtxJ73qdbrustN+U6GBtgZLNEpdDgdpf9d4unRp/tqzDFoW0QuEoYOBatPCtpX3Re12/FQ+lWkfOAatcJMYMcW7kU2q86muY44W4p1BK/DxVb2zQHJ4AO7h22dH+TcM8J3WlGrlHYy/6k+emWPC7NpumCF3ctR/w26rAU4sv0lKuPvQSr9mOf3PyX29tz61lSfu4lAcymB6vh7B3D6TMkpHyobOAD67Ne59V1IgeeHXakURM8g0P0HMg87GT4GXwqo9+Aj7oWAq9D8iIIqelOLiijKys5jTzgdbOxM2vVn+l175xJybUzrJI0huJ9zKNCvg==
+org.			900	IN	RRSIG	DNSKEY 7 1 900 20150126170632 20150105160632 21366 org. Edm9U+AtUcNeh2NXrWaLbfNYSRJovpziT1YcCphKGmdluvZPQk6rQAv1Y+2JBhE9Xmb37cY07lr7XHHfYxLWyhrPkpaKCX4ogqhGRylamy5R8BptqvVFhMTRUUHnK4tHvfYXqbtKuh9H84giLWMQIE2ZzQC9UqTvAIrc4FVUVIuwrNR7k6N96yy68feZnH8wcY+/RkyxoxMhcbMxXnZl2V9XP7xUxwtkULQBL1fq7IHI4jmlNyrdLzZltEgMIgtTK5HpgKaDborfoAcGBYnXxiC5RkAwHH81LAlT/BbK9shiWAI+yDhakLsIpl5ajUcTcbRBtLBBMkY6+4nAnXlSfg==
+org.			900	IN	RRSIG	DNSKEY 7 1 900 20150126170632 20150105160632 53348 org. dAW5DYEjkxzfeM83ZCupwRh50L29jdR+dWkZYgt5GLDsYnyJDmRvjnHiHvJXVlHygvytafDMNK1MBlBODwHTBU/O7u7jLMbKvDU26bJpjm7cBJEtdUny3Bfckfr+VnxmT6UgmWLy1Cu8vuMOQS0t0fIMUs7fF2gJcD2bpcX85iY=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 1625 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 31541
+;; flags: qr rd ra cd ; qd: 1 an: 3 au: 0 ad: 1 
+;; QUESTIONS:
+;;	dnssec-failed.org., type = DS, class = IN
+
+;; ANSWERS:
+dnssec-failed.org.	1025	IN	DS	106 5 1 4F219DCE274F820EA81EA1150638DABE21EB27FC
+dnssec-failed.org.	1025	IN	DS	106 5 2 AE3424C9B171AF3B202203767E5703426130D76EF6847175F2EED355F86EF1CE
+dnssec-failed.org.	1025	IN	RRSIG	DS 7 2 86400 20150126170632 20150105160632 53348 org. fl/vMVXfynaiQTcME5ZuX+yIcMFidX9ykMnK8jBHug/BQW1OvqwxknH3q1UemVhS94KnQxNG+mQmEpHUX1BcQkHt57BFlreS0ZmDJpLvCeyT/6yG5jtNLBL3Vcyc1Bwq5OegPd7A7qaCQWaeXYOTBJsVbCZRLMfsh3mq1vBasOQ=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 293 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 59607
+;; flags: qr rd ra cd ; qd: 1 an: 4 au: 0 ad: 1 
+;; QUESTIONS:
+;;	dnssec-failed.org., type = DNSKEY, class = IN
+
+;; ANSWERS:
+dnssec-failed.org.	3600	IN	DNSKEY	257 3 5 AwEAAb/f/pB/FLWoYp3j+HtldGkbUMT6caAw2rej0DZkgXVFOKn4PWi3BYjCozjEqxeramt+9b1SMuOSJ8vGKWr0YKrfyfJigsVxpsMgJ7QWcxeMACjC/oM8BPjDFBby/CgQQE63nPVX2SfDWCRhEhTOnsPZpKJvq66IHF/w+3u0IpyeplQWvO+HJ9OQPOQrstM7d/IPa7yKEtqS2nhBT0GWX2/GYhT6oE7F4vc2VF9f6MjpB/pWPzkcx636YaxG9P0QRBvzdD/Wztcbz1Scgxw5sUlIkQAzWV1mJfvXF+7NqzGcc94/kMt1VUzN2kYASRyn1ALiFPfNLz4VMUvSw5fpNS0=
+dnssec-failed.org.	3600	IN	DNSKEY	256 3 5 AwEAAcedvQhRqSGpERVGT4afbPjTQmRm0qipv7iYmE6L2h1toIyjdb4/qScsYfY/C29k8aGe3qdW8zMFP/Py1Lo4EZaH5oX46HsmRkb1muYZ3vGXkm3Bj9/tlrUAcmMg4VV3e68sLkhS78uMZP7cUYe72Dem89g8YdzjV64DaHzSPYXR
+dnssec-failed.org.	3600	IN	RRSIG	DNSKEY 5 2 3600 20150109165051 20150102134551 41118 dnssec-failed.org. qnYEEspPHJthzgVkUk5IcR9Qr/8obR6wmFdHRmh01zz6q543ZMts4ItbMIVsRwHptIcw1M5vkUD0AhtM5rbwSyPOOa1jeL7WraFv6wHEruFAm2uQSiy/L525TB4/zTwML98jkICzdWVDhocV+PZjrLGRq2za7tT1mAX601rav4E=
+dnssec-failed.org.	3600	IN	RRSIG	DNSKEY 5 2 3600 20150207135051 20141010095051 29521 dnssec-failed.org. MbRITRRHKnev1/LFG00Lfcy0DsTbCsoch5KzuNFaWu91k35zB0fxhQqwOhgsOT4nR5P/MmxYxIYp2/u5D4quq4OmkeaQCN4f9YcGXVqTj9k27m0p/1ibRPEILVzIovSplOGzOSjJMl+Vv75dB2SdEF6mBadl5oE+S/+6ZSAKJX+cRUnr4ENkAGHCoCfQ6l2juMz9KWNFrf4ym4dPbZ6DNCu31AskjqRehP7HcSstW9sg1gYXZ0Jm0oPkahHqWDMFwCr/em5BSTY+WK+ligc1OFOFkEYh9/HwIDxz4sJMeCxiTJ81xi6vTz9Llyz+pehMgxeco74gSSWS1pXE6/jhvw==
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 952 bytes
+
+###############################################
+
diff --git a/src/test/resources/recordings/org_xbill_DNS_dnssec_TestCNames/testCNameToInvalidSignedNsec3 b/src/test/resources/recordings/org_xbill_DNS_dnssec_TestCNames/testCNameToInvalidSignedNsec3
new file mode 100644
index 000000000..9b4f151b4
--- /dev/null
+++ b/src/test/resources/recordings/org_xbill_DNS_dnssec_TestCNames/testCNameToInvalidSignedNsec3
@@ -0,0 +1,275 @@
+#Date: 2015-01-06T22:34:58+01:00
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 57536
+;; flags: qr aa rd ra cd ; qd: 1 an: 5 au: 6 ad: 11 
+;; QUESTIONS:
+;;	cfailed.nsec3.ingotronic.ch., type = A, class = IN
+
+;; ANSWERS:
+cfailed.nsec3.ingotronic.ch.	300	IN	CNAME	www.dnssec-failed.org.
+cfailed.nsec3.ingotronic.ch.	300	IN	RRSIG	CNAME 7 4 300 20150125010458 20141226002309 62417 nsec3.ingotronic.ch. XR45/Bj0H6L9GlqNLpgkmym00VqRQmuKINZ1aER3OR4OEiW2XMgKu6ta73sMYYIgr1lZv1Gz73WCFlfXU0pOOkS30y0nsVgOq2oshbHc7fJaPb5UXygCBR1o/zNMYUhX4Ebc63eh9qsNb62f2cJlm4EBHN83P1IR5ezFOuS/W1o=
+www.dnssec-failed.org.	7199	IN	A	68.87.109.242
+www.dnssec-failed.org.	7199	IN	A	69.252.193.191
+www.dnssec-failed.org.	7199	IN	RRSIG	A 5 3 7200 20150109165051 20150102134551 41118 dnssec-failed.org. JYn9DWTh8isQjK7Xbc6b85MY4Sf4ZI4HQCatS5pN0zsEYjMVcwsv+hLxPwvAVpyDb/Ew4g9Vhuph/1/3DUmfOHRMJWe8bliRSVx+zsJGwGKf6wY+XkXmnSfNwYAzgO8nONVvhUUfFdZC+PDggQei5tlnnVh+HhFOlrfJK6baM14=
+
+;; AUTHORITY RECORDS:
+dnssec-failed.org.	1023	IN	NS	dns105.comcast.net.
+dnssec-failed.org.	1023	IN	NS	dns102.comcast.net.
+dnssec-failed.org.	1023	IN	NS	dns101.comcast.net.
+dnssec-failed.org.	1023	IN	NS	dns103.comcast.net.
+dnssec-failed.org.	1023	IN	NS	dns104.comcast.net.
+dnssec-failed.org.	1023	IN	RRSIG	NS 5 2 7200 20150109165051 20150102134551 41118 dnssec-failed.org. KgBDFY0Fmua62wqbOFEEYUmqRm89/8PNWce1Gpp1BclSvzBSe4+sId64tRlKxuCKY5SJU9X3XJhWQGSokNFyZPhcxjB1HmrA0YKArrzV1gJk/07uCQQt4vhLN98abxFJ0NcY/5MsXmeRPrMrbvQSV1Mzb+WSQi6nyNfWiaH22ts=
+
+;; ADDITIONAL RECORDS:
+dns101.comcast.net.	87423	IN	A	69.252.250.103
+dns101.comcast.net.	87423	IN	AAAA	2001:558:fe23:8:69:252:250:103
+dns102.comcast.net.	87423	IN	A	68.87.85.132
+dns102.comcast.net.	87423	IN	AAAA	2001:558:1004:7:68:87:85:132
+dns103.comcast.net.	87423	IN	A	68.87.76.228
+dns103.comcast.net.	87423	IN	AAAA	2001:558:1014:c:68:87:76:228
+dns104.comcast.net.	87423	IN	A	68.87.68.244
+dns104.comcast.net.	87423	IN	AAAA	2001:558:100a:5:68:87:68:244
+dns105.comcast.net.	87423	IN	A	68.87.72.244
+dns105.comcast.net.	87423	IN	AAAA	2001:558:100e:5:68:87:72:244
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 992 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 50511
+;; flags: qr rd ra ad cd ; qd: 1 an: 4 au: 0 ad: 1 
+;; QUESTIONS:
+;;	., type = DNSKEY, class = IN
+
+;; ANSWERS:
+.			87375	IN	DNSKEY	257 3 8 AwEAAagAIKlVZrpC6Ia7gEzahOR+9W29euxhJhVVLOyQbSEW0O8gcCjFFVQUTf6v58fLjwBd0YI0EzrAcQqBGCzh/RStIoO8g0NfnfL2MTJRkxoXbfDaUeVPQuYEhg37NZWAJQ9VnMVDxP/VHL496M/QZxkjf5/Efucp2gaDX6RS6CXpoY68LsvPVjR0ZSwzz1apAzvN9dlzEheX7ICJBBtuA6G3LQpzW5hOA2hzCTMjJPJ8LbqF6dsV6DoBQzgul0sGIcGOYl7OyQdXfZ57relSQageu+ipAdTTJ25AsRTAoub8ONGcLmqrAmRLKBP1dfwhYB4N7knNnulqQxA+Uk1ihz0=
+.			87375	IN	DNSKEY	256 3 8 AwEAAe3fSrbLBy3LOS7pnxEUhvPZTE2H5dIGsI/UfruI/nOEvWWa/PSX2BFedBkEqOlYdjdNF2f+6lmfk2Od/xu0v5bVqxFE+/24v3hZSlWBxvXzPTAGHrbW/IJYEPqlzVOAS4XdUgHg0N7IbLywNHMvB+Yf+Nm6ctyXXFLV4WTNnzs7
+.			87375	IN	DNSKEY	256 3 8 AwEAAaPD7Y7XIi1MOEREJNTrRhyqsY3gff6JWzg+XCbqut1sbcbvqyssHw8DT1AkRaAC92pO8xuyq5QEgEPL1IHfABLwpwXI5gTj4gdwi86bpkmlWs9fRpnn4DPDCTdrnxIejJXgClHikLJF3u3CdpNCMijq4CKdQbMlRZ3avv+G7rh7
+.			87375	IN	RRSIG	DNSKEY 8 0 172800 20150115235959 20150101000000 19036 . i8cAxD2pvQi1oAyvQxRpDfFlbqPzW+69QQEsDwE1eWOm5AtawO9U7lmsGps7sy/fVNvl1ljKBj4Djp9pb3U2FLogjiIlW0cDAkPmLlG9t+b/pjEfBNlhjANUVN06pvQVAfm+LcF26EaWT6FlISBqb6jSy4BHRa3Bdc4Sx7+pRSYSqVVvYxLkfAWsKPqGkvWhebJDndJJV9syXQXgZ+v/uJ+6XOS43xkAdeL8iBzIs/FlwMTfh3tVe3d0lb65IBBLlCzeQuetX+0Vu1YFcnD0mHc/wS2ZnAV5toAFmyVQBoY/XAZiZeaOkcROJ6Zmqezy7liwK7BqsYyAZntMhk8lbg==
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 883 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 43188
+;; flags: qr rd ra ad cd ; qd: 1 an: 2 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ch., type = DS, class = IN
+
+;; ANSWERS:
+ch.			975	IN	DS	46375 8 2 8F96646FC68BB7E4AF4C0750A6096FBC0D4ECDA3D3FA6DA06FDDB42EE50C6CF3
+ch.			975	IN	RRSIG	DS 8 1 86400 20150112170000 20150105160000 16665 . thY7xYWBBxiBjqbQIb9fAG4TmQgnziwM7q6P1T3/ITxmECdvOCQnnZA3uD7qmN8uM0HudsD7+y+zgD3rsH4RSTKdL4kHSI0OnCxToMTvklghEgFDezqIRm8NkWdI2H4Stwrj20nYKSpLQxPI2EE54gs18P3KyO8bAUYv8Qx73xU=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 238 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 49410
+;; flags: qr rd ra ad cd ; qd: 1 an: 4 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ch., type = DNSKEY, class = IN
+
+;; ANSWERS:
+ch.			976	IN	DNSKEY	256 3 8 AwEAAcsg0kY6fw1wzYMhSAKTy+Y2JzAst66P/1odp9NECJJHbU8f4nwziI3onoFSBV0ZiSZhY1aH5dhdDZ7BkrqhVXSrZPAz0CvzjIxmB1gSOf9DeZvjQvoy97HqYolxsf+B3QQv2RKBT67elF5+JisKg3/dQISelKn8LhabSoVrMlD1
+ch.			976	IN	DNSKEY	257 3 8 AwEAAb7GhhZ8IAy/AhwmSms5DeQK5ad09wIIplEpYoiAIYXPtJvT1ReFzyfTp/2YP+g/PWDwHPh4qKAHa9x0VgbIQcGAeNakmfkAdWEmCnca323/SAml3mwfaX62G7/uYWae5zh8QTxZKNd+K1yZ5x0IxnI31chSl5xymRbTEHYZDKwSIRFM3fTxUMt93WFaBVWELReYotJBr++rvAWdnlay5TPBTvheLBkaiqtgM4GP8HK07Y+86lsZnEsj5K3G1KTV5SPpa82rqYAwxG9VKbmSE/6/kBR5jJHjt1rRt5Oe7v18aEtw0YCEN4vxq+KuvMoNVqXUsE9LBwHJD+QNwi6wmB0=
+ch.			976	IN	DNSKEY	256 3 8 AwEAAcSLdT0fEmcFmLpeUkAJoeVaHKiu+nbuc43fWlqaCRVf8t2HA4uWxOk0O5ci9nrFTc8nq8oa5fk5Cj7CHh4yrX9qUCfTdIWTyp8BDEdJpS+Dyb0u9wQuVj+nQMj4fLzdQf4TJs3/qxuiLr3nL1UUwlhhXeqSqGVb7p3mtB5HJ8ad
+ch.			976	IN	RRSIG	DNSKEY 8 1 86400 20150127100909 20141212090909 46375 ch. bT8q0FWyeMH0SulNo6UdIIgZYNATwYsee2bikq2Gh339Bufma8eaqWIPYT3XKmxYPBFOw0bVl+kLZxTwbR1CFoCDXoP+qgQhh4mf9qkNiv2CDSc+0FE3FRREn+DAhYTUEuB58FPiPakFB8s8O7T+k2qhDae7jy4/y7Jl1lnjaBY8s7bzOUPhF0KKCNZmvoKwtL23ZdVeTSV1xM3jkiNnpzBKbcoSWECSGJVp1SE0BnRXdwQP41YTXFZ0310YjaTAUCC5qbMIWdEkHjfdSQtKBImnc85mkapq9w++XQ4zhauPWBtrPV3CcoCahjUaWdjrKVkibomlJZaN8MEO23CfQw==
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 893 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 19603
+;; flags: qr rd ra cd ; qd: 1 an: 3 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ingotronic.ch., type = DS, class = IN
+
+;; ANSWERS:
+ingotronic.ch.		3584	IN	DS	6031 5 1 733D0218B571CD617B1A7493564B9FC4F12ADE82
+ingotronic.ch.		3584	IN	DS	6031 5 2 4A948F2FDADA24686E473EDAC00DCF972584C75E3FAA92C2021B6221449FF87E
+ingotronic.ch.		3584	IN	RRSIG	DS 8 2 3600 20150129033614 20150105123019 60789 ch. rVPJP2HhzW7OkroK2axFj5Lb4iVWCH8Fp/Iq1rF952NDo72b8RiKje2RaAKJAGQ+wd0YgE+PAej04GCmkhlDJA/zvPeeTxuhy3HbJzReMlQ7fjyH+wW1hli+FuIYvogXWf7nO/9VyPORt8X/f/pjrOr3Vlj9sGLN8TGYpEuVSw4=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 288 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 29571
+;; flags: qr aa rd ra cd ; qd: 1 an: 4 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ingotronic.ch., type = DNSKEY, class = IN
+
+;; ANSWERS:
+ingotronic.ch.		300	IN	DNSKEY	256 3 5 AwEAAZ2Xh77GFzpEDx7EHYxShqltHgkiG+BOjBGifEmnJhQSdE5/yNSLFNcdhZZ8HUPxYnaedTqJcFFg4AzUsQklF/fECegTJdZjaj2WoL0/I8K7HMfY/hVuRZUWPNglYi8agJRX6gdkFTCpUNI7stpgKqxtzUJhhw15uG/lKMplwqUr
+ingotronic.ch.		300	IN	DNSKEY	257 3 5 AwEAAeA1vzmjaB+eBAcvhzpKEgAEFpvQ1rg4uKDW6MsQtacKoqBpgyep2+LuWotz5p/xYxj3NGsArwN8Ad5cY0FHRr8miTT0elOv6nvlqGIfRuhj/BXAQ1x4ihpSFslHw0lJMYFwxsUZWpUyjWX/nv1xRZMMwF46gui0N4OEbyTYusCk77D+A71k+K0EAitFIbIH4GCUKmH1H7HmXhSVH9bN/n7KEGwW32lmsuuUcJoRKDkcUvbMXY/9Xoa2quERrUg/rBbDUHowRPjYDS5GzY1+f4YY8s40BufGiqyUTKKXL953MVFK8gmezXA0hbmrnZ7CBOw/7238mORAdzExaX8n7CE=
+ingotronic.ch.		300	IN	RRSIG	DNSKEY 5 2 300 20150125003700 20141226001657 6031 ingotronic.ch. rs1QlP2SlSpA2ELbzwg3DgWLzXWL3Lpv6CUJE2Q0qH2Zp7Qdy3cD+ZEtNh9v24Qv1M6JJ3zFt8mmZoCeW2ycuMbJCqBkW9CBuwF+VznZvZY2MxwPipvhvEEGP//0M8YAZJ66yQPDv3PTdAP8FYbIrJyvY44vwyncwbslpfHT9jAsrbfr3vuMuWps86dnP462q+0s1TxBfqi8mzo3gdavjHKWVNwohLahLKT+tWeu6DSzQv0YwMjwtkLgF7QRgx3ctIIkloOrnx9nHH1N6y+hxEB89fOlyVDjHhgL5uVtsD5fEdT0FJ2Gc/2nShEMMqIwr1/J9kUq1mNySff/uEe65Q==
+ingotronic.ch.		300	IN	RRSIG	DNSKEY 5 2 300 20150125003700 20141226001657 17430 ingotronic.ch. mEwZjhQqeWksWD0TCnNBrtce4YkWJL3edqL6PvAUu8Fn+Ih437kEs3+pqdkgRsdYQ9HW+lBm/8pWwJlNAv0bi9NykItXMwAUFtncgq+6Pnh3iAM972GXSa5VV4LcGQ5b8CBdHCHiEKDqyPv5Hr5QfYL/FQaWlcNRh4QZZlZNPFA=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 940 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 14282
+;; flags: qr aa rd ra cd ; qd: 1 an: 3 au: 0 ad: 1 
+;; QUESTIONS:
+;;	nsec3.ingotronic.ch., type = DS, class = IN
+
+;; ANSWERS:
+nsec3.ingotronic.ch.	300	IN	DS	16758 7 1 1720FF268E09A2CB63805EC8782D10AAD20E12A5
+nsec3.ingotronic.ch.	300	IN	DS	16758 7 2 3C8DC02750A1636F829B45D6E6D642866768A9CD40A013AD9D25AB63734FFA13
+nsec3.ingotronic.ch.	300	IN	RRSIG	DS 5 3 300 20150125011134 20141226002644 17430 ingotronic.ch. hNurzlGhlyHbSgezPDuhIrtN9ZMsMXZbKGc7HD5rUuM88wD3fM97NxdzF+2Hi1USvBZ5GsQv63L+lAzf+mFPBoPIFHtTiAv8up7kQKRKmi/EzzkCYd/CC4UYdDZbaUyv7esh7spSOGwjPJNdK831p+MgltoWaYtnSGVMgOKk5mc=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 305 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 16947
+;; flags: qr aa rd ra cd ; qd: 1 an: 4 au: 0 ad: 1 
+;; QUESTIONS:
+;;	nsec3.ingotronic.ch., type = DNSKEY, class = IN
+
+;; ANSWERS:
+nsec3.ingotronic.ch.	300	IN	DNSKEY	256 3 7 AwEAAccAWxkTVGZ6UAp0VEozAlYpARhbh6Y6tYOl6Fg3UeBNFFtDQ9fTEEt1NkbnR9u8KkpVN6a67avlYiUN1egDqEwzDU7R1Rw+/USdhm2hqOARmmu3DBgjjX/iXjZLyv310cOGFJZ/smcodlDL4pDAAoPxh/qs6KEBaT0sc1KWcGq3
+nsec3.ingotronic.ch.	300	IN	DNSKEY	257 3 7 AwEAAaBuJTf9oGyeTH3biUkAFLrsYrkodX1H7Snsui4XsDHFCBvs5XYacHbs0Jg0/O51KPjmNnjwMW8SSyDkKqYQ+9uYAf2EQ/pnD/VGQqnV2cw0Vwk/t0E2V4FUCju4pnAoyzZFZXGs1eWbX9JXu++b0Azp+ACq6485qJLzHhWDiIrPoK/SvdbFVRK4s+nPPJLH3NGBbtdz6kPq7aFWYBMoGeAZdN1wsQpcNWUo5eOmaJY53nMc7+rDpAyYlMe/FKwSZdX2ZDd63Qsa6Im4FVUJq/nWLq7tlQ/mWks15uDTQyJy/OWfA0ICCO4N9Fel9rThJNpJWEzOCblvZyBoy405kZk=
+nsec3.ingotronic.ch.	300	IN	RRSIG	DNSKEY 7 3 300 20150125001457 20141226000444 16758 nsec3.ingotronic.ch. mXi1ylDi8XkRPup+YlT8GPdYE+P7gb6+/VdAwtodI916IzrkGkOHOTLbnrbAqqJOh0HxVCYXdxovmEcbJKUFKwplrQg3XD7/9Sq4pKU1MhMFEGrm/QPkM4u0mgjQwyToDLGuPHuFyur3FSjO/n54uGhAEft9JOFk/WKtWdCnm2LLyQrpC6herA3efFaI8kZhdoEY02AwihWVJxHasmz7lOoKRgNrkfELU+fN4+V7ISsRfJMyZc6q5PuNeG6vFD0uNE8tpdLJCSMurKYVpelvYqzFIcRTYcIjXwmS+L3DGjupqWMzFZVmpQM62JG3KCCD0ffpnNb0nWoSoHwpSeh/3Q==
+nsec3.ingotronic.ch.	300	IN	RRSIG	DNSKEY 7 3 300 20150125001457 20141226000444 62417 nsec3.ingotronic.ch. PyCrf8T5dAfJzapb1p+kcTALPjDuD2niSaXXo0KeHAunT+6gJicLML2S/ZpiYr7X7Ma4Z0TYqE02qH6pcLYNnSgv9BE8sZO0nRtPekSyTy5nLi4hFADYhjb3UjaB85qmQZcqm64vC/CJhWO4t6Eixg/5MYALw+Qdy5Fo0qy/U5E=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 958 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 54802
+;; flags: qr rd ra ad cd ; qd: 1 an: 4 au: 0 ad: 1 
+;; QUESTIONS:
+;;	., type = DNSKEY, class = IN
+
+;; ANSWERS:
+.			87375	IN	DNSKEY	257 3 8 AwEAAagAIKlVZrpC6Ia7gEzahOR+9W29euxhJhVVLOyQbSEW0O8gcCjFFVQUTf6v58fLjwBd0YI0EzrAcQqBGCzh/RStIoO8g0NfnfL2MTJRkxoXbfDaUeVPQuYEhg37NZWAJQ9VnMVDxP/VHL496M/QZxkjf5/Efucp2gaDX6RS6CXpoY68LsvPVjR0ZSwzz1apAzvN9dlzEheX7ICJBBtuA6G3LQpzW5hOA2hzCTMjJPJ8LbqF6dsV6DoBQzgul0sGIcGOYl7OyQdXfZ57relSQageu+ipAdTTJ25AsRTAoub8ONGcLmqrAmRLKBP1dfwhYB4N7knNnulqQxA+Uk1ihz0=
+.			87375	IN	DNSKEY	256 3 8 AwEAAaPD7Y7XIi1MOEREJNTrRhyqsY3gff6JWzg+XCbqut1sbcbvqyssHw8DT1AkRaAC92pO8xuyq5QEgEPL1IHfABLwpwXI5gTj4gdwi86bpkmlWs9fRpnn4DPDCTdrnxIejJXgClHikLJF3u3CdpNCMijq4CKdQbMlRZ3avv+G7rh7
+.			87375	IN	DNSKEY	256 3 8 AwEAAe3fSrbLBy3LOS7pnxEUhvPZTE2H5dIGsI/UfruI/nOEvWWa/PSX2BFedBkEqOlYdjdNF2f+6lmfk2Od/xu0v5bVqxFE+/24v3hZSlWBxvXzPTAGHrbW/IJYEPqlzVOAS4XdUgHg0N7IbLywNHMvB+Yf+Nm6ctyXXFLV4WTNnzs7
+.			87375	IN	RRSIG	DNSKEY 8 0 172800 20150115235959 20150101000000 19036 . i8cAxD2pvQi1oAyvQxRpDfFlbqPzW+69QQEsDwE1eWOm5AtawO9U7lmsGps7sy/fVNvl1ljKBj4Djp9pb3U2FLogjiIlW0cDAkPmLlG9t+b/pjEfBNlhjANUVN06pvQVAfm+LcF26EaWT6FlISBqb6jSy4BHRa3Bdc4Sx7+pRSYSqVVvYxLkfAWsKPqGkvWhebJDndJJV9syXQXgZ+v/uJ+6XOS43xkAdeL8iBzIs/FlwMTfh3tVe3d0lb65IBBLlCzeQuetX+0Vu1YFcnD0mHc/wS2ZnAV5toAFmyVQBoY/XAZiZeaOkcROJ6Zmqezy7liwK7BqsYyAZntMhk8lbg==
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 883 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 19703
+;; flags: qr rd ra cd ; qd: 1 an: 3 au: 0 ad: 1 
+;; QUESTIONS:
+;;	org., type = DS, class = IN
+
+;; ANSWERS:
+org.			1023	IN	DS	21366 7 1 E6C1716CFB6BDC84E84CE1AB5510DAC69173B5B2
+org.			1023	IN	DS	21366 7 2 96EEB2FFD9B00CD4694E78278B5EFDAB0A80446567B69F634DA078F0D90F01BA
+org.			1023	IN	RRSIG	DS 8 1 86400 20150112170000 20150105160000 16665 . TeNrVbBDgqdrbpdIweTad3yMLn+APxxlDpr717kqNgkOc8OxLFE/pFGzfSCYfc5hlMNB/nY1XhIJbWwvd26xOjwcB1rK3yo/Cfa5Pt4P+qV45QYW2JlatQVQPHtgMOf1KvUzXy4DlKzE5yHvHNGscfMOgIDeyWyDS8XwdrEIRR0=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 275 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 10916
+;; flags: qr rd ra cd ; qd: 1 an: 7 au: 0 ad: 1 
+;; QUESTIONS:
+;;	org., type = DNSKEY, class = IN
+
+;; ANSWERS:
+org.			899	IN	DNSKEY	257 3 7 AwEAAZTjbIO5kIpxWUtyXc8avsKyHIIZ+LjC2Dv8naO+Tz6X2fqzDC1bdq7HlZwtkaqTkMVVJ+8gE9FIreGJ4c8G1GdbjQgbP1OyYIG7OHTc4hv5T2NlyWr6k6QFz98Q4zwFIGTFVvwBhmrMDYsOTtXakK6QwHovA1+83BsUACxlidpwB0hQacbD6x+I2RCDzYuTzj64Jv0/9XsX6AYV3ebcgn4hL1jIR2eJYyXlrAoWxdzxcW//5yeL5RVWuhRxejmnSVnCuxkfS4AQ485KH2tpdbWcCopLJZs6tw8q3jWcpTGzdh/v3xdYfNpQNcPImFlxAun3BtORPA2r8ti6MNoJEHU=
+org.			899	IN	DNSKEY	257 3 7 AwEAAYpYfj3aaRzzkxWQqMdl7YExY81NdYSv+qayuZDodnZ9IMh0bwMcYaVUdzNAbVeJ8gd6jq1sR3VvP/SR36mmGssbV4Udl5ORDtqiZP2TDNDHxEnKKTX+jWfytZeT7d3AbSzBKC0v7uZrM6M2eoJnl6id66rEUmQC2p9DrrDg9F6tXC9CD/zC7/y+BNNpiOdnM5DXk7HhZm7ra9E7ltL13h2mx7kEgU8e6npJlCoXjraIBgUDthYs48W/sdTDLu7N59rjCG+bpil+c8oZ9f7NR3qmSTpTP1m86RqUQnVErifrH8KjDqL+3wzUdF5ACkYwt1XhPVPU+wSIlzbaAQN49PU=
+org.			899	IN	DNSKEY	256 3 7 AwEAAXTZXCkp3UaDofhKlicjaZR/XeMFVkRSXRZsYP9OBRFZB44675hHORNE+QAijMdWOQeQt1SUWGyeJ5SHPVirGVxt9wCCqOeMTx7WvImZAKuqUl9H5N3Wn6FRidaub7d76IjxKZbkAHhGSJSzRTuuHbyjtrJVGcJ18kZHELyIsqZ3
+org.			899	IN	DNSKEY	256 3 7 AwEAAawm+6jDEf5ymhSAeQKaJrF0FTdqp4T0F1SE/KSFEcd/MUaBW0J8NyrJZXQJ0I3KpvXJSk3b0Z3X8StBpngUWOa9/iePG5WaR8Edj0JENd6Cy1R7WawrtYAfQ1AWnvGTbvf0rFa2GcMfhyNKeY8UO5TWKECE4AF4C+LlGe12TICh
+org.			899	IN	RRSIG	DNSKEY 7 1 900 20150126170632 20150105160632 9795 org. b4jnXExJ1MgfUZffo8HVtxJ73qdbrustN+U6GBtgZLNEpdDgdpf9d4unRp/tqzDFoW0QuEoYOBatPCtpX3Re12/FQ+lWkfOAatcJMYMcW7kU2q86muY44W4p1BK/DxVb2zQHJ4AO7h22dH+TcM8J3WlGrlHYy/6k+emWPC7NpumCF3ctR/w26rAU4sv0lKuPvQSr9mOf3PyX29tz61lSfu4lAcymB6vh7B3D6TMkpHyobOAD67Ne59V1IgeeHXakURM8g0P0HMg87GT4GXwqo9+Aj7oWAq9D8iIIqelOLiijKys5jTzgdbOxM2vVn+l175xJybUzrJI0huJ9zKNCvg==
+org.			899	IN	RRSIG	DNSKEY 7 1 900 20150126170632 20150105160632 21366 org. Edm9U+AtUcNeh2NXrWaLbfNYSRJovpziT1YcCphKGmdluvZPQk6rQAv1Y+2JBhE9Xmb37cY07lr7XHHfYxLWyhrPkpaKCX4ogqhGRylamy5R8BptqvVFhMTRUUHnK4tHvfYXqbtKuh9H84giLWMQIE2ZzQC9UqTvAIrc4FVUVIuwrNR7k6N96yy68feZnH8wcY+/RkyxoxMhcbMxXnZl2V9XP7xUxwtkULQBL1fq7IHI4jmlNyrdLzZltEgMIgtTK5HpgKaDborfoAcGBYnXxiC5RkAwHH81LAlT/BbK9shiWAI+yDhakLsIpl5ajUcTcbRBtLBBMkY6+4nAnXlSfg==
+org.			899	IN	RRSIG	DNSKEY 7 1 900 20150126170632 20150105160632 53348 org. dAW5DYEjkxzfeM83ZCupwRh50L29jdR+dWkZYgt5GLDsYnyJDmRvjnHiHvJXVlHygvytafDMNK1MBlBODwHTBU/O7u7jLMbKvDU26bJpjm7cBJEtdUny3Bfckfr+VnxmT6UgmWLy1Cu8vuMOQS0t0fIMUs7fF2gJcD2bpcX85iY=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 1625 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 43081
+;; flags: qr rd ra cd ; qd: 1 an: 3 au: 0 ad: 1 
+;; QUESTIONS:
+;;	dnssec-failed.org., type = DS, class = IN
+
+;; ANSWERS:
+dnssec-failed.org.	1024	IN	DS	106 5 1 4F219DCE274F820EA81EA1150638DABE21EB27FC
+dnssec-failed.org.	1024	IN	DS	106 5 2 AE3424C9B171AF3B202203767E5703426130D76EF6847175F2EED355F86EF1CE
+dnssec-failed.org.	1024	IN	RRSIG	DS 7 2 86400 20150126170632 20150105160632 53348 org. fl/vMVXfynaiQTcME5ZuX+yIcMFidX9ykMnK8jBHug/BQW1OvqwxknH3q1UemVhS94KnQxNG+mQmEpHUX1BcQkHt57BFlreS0ZmDJpLvCeyT/6yG5jtNLBL3Vcyc1Bwq5OegPd7A7qaCQWaeXYOTBJsVbCZRLMfsh3mq1vBasOQ=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 293 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 54857
+;; flags: qr rd ra cd ; qd: 1 an: 4 au: 0 ad: 1 
+;; QUESTIONS:
+;;	dnssec-failed.org., type = DNSKEY, class = IN
+
+;; ANSWERS:
+dnssec-failed.org.	3599	IN	DNSKEY	257 3 5 AwEAAb/f/pB/FLWoYp3j+HtldGkbUMT6caAw2rej0DZkgXVFOKn4PWi3BYjCozjEqxeramt+9b1SMuOSJ8vGKWr0YKrfyfJigsVxpsMgJ7QWcxeMACjC/oM8BPjDFBby/CgQQE63nPVX2SfDWCRhEhTOnsPZpKJvq66IHF/w+3u0IpyeplQWvO+HJ9OQPOQrstM7d/IPa7yKEtqS2nhBT0GWX2/GYhT6oE7F4vc2VF9f6MjpB/pWPzkcx636YaxG9P0QRBvzdD/Wztcbz1Scgxw5sUlIkQAzWV1mJfvXF+7NqzGcc94/kMt1VUzN2kYASRyn1ALiFPfNLz4VMUvSw5fpNS0=
+dnssec-failed.org.	3599	IN	DNSKEY	256 3 5 AwEAAcedvQhRqSGpERVGT4afbPjTQmRm0qipv7iYmE6L2h1toIyjdb4/qScsYfY/C29k8aGe3qdW8zMFP/Py1Lo4EZaH5oX46HsmRkb1muYZ3vGXkm3Bj9/tlrUAcmMg4VV3e68sLkhS78uMZP7cUYe72Dem89g8YdzjV64DaHzSPYXR
+dnssec-failed.org.	3599	IN	RRSIG	DNSKEY 5 2 3600 20150109165051 20150102134551 41118 dnssec-failed.org. qnYEEspPHJthzgVkUk5IcR9Qr/8obR6wmFdHRmh01zz6q543ZMts4ItbMIVsRwHptIcw1M5vkUD0AhtM5rbwSyPOOa1jeL7WraFv6wHEruFAm2uQSiy/L525TB4/zTwML98jkICzdWVDhocV+PZjrLGRq2za7tT1mAX601rav4E=
+dnssec-failed.org.	3599	IN	RRSIG	DNSKEY 5 2 3600 20150207135051 20141010095051 29521 dnssec-failed.org. MbRITRRHKnev1/LFG00Lfcy0DsTbCsoch5KzuNFaWu91k35zB0fxhQqwOhgsOT4nR5P/MmxYxIYp2/u5D4quq4OmkeaQCN4f9YcGXVqTj9k27m0p/1ibRPEILVzIovSplOGzOSjJMl+Vv75dB2SdEF6mBadl5oE+S/+6ZSAKJX+cRUnr4ENkAGHCoCfQ6l2juMz9KWNFrf4ym4dPbZ6DNCu31AskjqRehP7HcSstW9sg1gYXZ0Jm0oPkahHqWDMFwCr/em5BSTY+WK+ligc1OFOFkEYh9/HwIDxz4sJMeCxiTJ81xi6vTz9Llyz+pehMgxeco74gSSWS1pXE6/jhvw==
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 952 bytes
+
+###############################################
+
diff --git a/src/test/resources/recordings/org_xbill_DNS_dnssec_TestCNames/testCNameToSignedA b/src/test/resources/recordings/org_xbill_DNS_dnssec_TestCNames/testCNameToSignedA
new file mode 100644
index 000000000..c2f0a963e
--- /dev/null
+++ b/src/test/resources/recordings/org_xbill_DNS_dnssec_TestCNames/testCNameToSignedA
@@ -0,0 +1,122 @@
+#Date: 2015-01-06T22:34:57+01:00
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 52495
+;; flags: qr aa rd ra cd ; qd: 1 an: 4 au: 2 ad: 3 
+;; QUESTIONS:
+;;	csigned.ingotronic.ch., type = A, class = IN
+
+;; ANSWERS:
+csigned.ingotronic.ch.	300	IN	CNAME	www.ingotronic.ch.
+csigned.ingotronic.ch.	300	IN	RRSIG	CNAME 5 3 300 20150125005754 20141226001054 17430 ingotronic.ch. ZBVECD9hhC0kSJPnvROZVE5bcN7mtDOuoYEJeTJZzuVU9ipLU7QljKmz4Lxhqq/MbdkpkR9Q2IgTjoDfVFbgZeattaQxjytAmKawXSFD6MzGEC2+JxE0+d1Q0N/1i+fH4EiIFpAZ3QDJjB6DIVb2cwX6TKGeETib2eB9g6aL+Dc=
+www.ingotronic.ch.	300	IN	A	127.0.0.1
+www.ingotronic.ch.	300	IN	RRSIG	A 5 3 300 20150125012443 20141226010256 17430 ingotronic.ch. hkD2bkHZKHoJX8cg69j6l1JXE7iYlVFc0iMo3/3hcq4TqieiT2El/9DLfMSxa7XyB/HRDG5Ul61E56pwlCDdxkwemtAuTzjCpqAtvQ5l5OEtTM4i6nijKBkRRzHjh99qDI1jh9GFv3jkTk5m7iaMQemUB4VTjKGLcZHXvWmQLbg=
+
+;; AUTHORITY RECORDS:
+ingotronic.ch.		300	IN	NS	ns1.ingotronic.ch.
+ingotronic.ch.		300	IN	RRSIG	NS 5 2 300 20150125000532 20141225234703 17430 ingotronic.ch. VuzVJM3McSHlcdngCG/G23zCikq8tXE0CZV2ZSgUFXXFMIEoM6PMi1QRQ/8VF3tee4WGpRx2jhtkui0wFRFfwIhW7G1uPDT4qogaR3KLIyuCEsMxhRH3WJZNrLmLqlSBGvd9OBJwbmryqm3Zzqvrk+E+rh8OJeifnBBpHAX4eHg=
+
+;; ADDITIONAL RECORDS:
+ns1.ingotronic.ch.	300	IN	A	62.192.5.131
+ns1.ingotronic.ch.	300	IN	RRSIG	A 5 3 300 20150125005754 20141226001054 17430 ingotronic.ch. fNG1RZM53pXwBxruHNaSZszxVzNLoCq8VZsTjAzYH2vSLzHXYVGJFTLIeY0K9APAdyJU8WuwmABmn7XY0Kg39kRG77uoFlqUws2PdTz2QKOwJGZY7W88Ak2Y9lkDBcK8o3wJHVptrT8R7p/1U7UfjF0kqPUkakk2B0EbFWdagFg=
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 810 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 35772
+;; flags: qr rd ra ad cd ; qd: 1 an: 4 au: 0 ad: 1 
+;; QUESTIONS:
+;;	., type = DNSKEY, class = IN
+
+;; ANSWERS:
+.			87376	IN	DNSKEY	257 3 8 AwEAAagAIKlVZrpC6Ia7gEzahOR+9W29euxhJhVVLOyQbSEW0O8gcCjFFVQUTf6v58fLjwBd0YI0EzrAcQqBGCzh/RStIoO8g0NfnfL2MTJRkxoXbfDaUeVPQuYEhg37NZWAJQ9VnMVDxP/VHL496M/QZxkjf5/Efucp2gaDX6RS6CXpoY68LsvPVjR0ZSwzz1apAzvN9dlzEheX7ICJBBtuA6G3LQpzW5hOA2hzCTMjJPJ8LbqF6dsV6DoBQzgul0sGIcGOYl7OyQdXfZ57relSQageu+ipAdTTJ25AsRTAoub8ONGcLmqrAmRLKBP1dfwhYB4N7knNnulqQxA+Uk1ihz0=
+.			87376	IN	DNSKEY	256 3 8 AwEAAe3fSrbLBy3LOS7pnxEUhvPZTE2H5dIGsI/UfruI/nOEvWWa/PSX2BFedBkEqOlYdjdNF2f+6lmfk2Od/xu0v5bVqxFE+/24v3hZSlWBxvXzPTAGHrbW/IJYEPqlzVOAS4XdUgHg0N7IbLywNHMvB+Yf+Nm6ctyXXFLV4WTNnzs7
+.			87376	IN	DNSKEY	256 3 8 AwEAAaPD7Y7XIi1MOEREJNTrRhyqsY3gff6JWzg+XCbqut1sbcbvqyssHw8DT1AkRaAC92pO8xuyq5QEgEPL1IHfABLwpwXI5gTj4gdwi86bpkmlWs9fRpnn4DPDCTdrnxIejJXgClHikLJF3u3CdpNCMijq4CKdQbMlRZ3avv+G7rh7
+.			87376	IN	RRSIG	DNSKEY 8 0 172800 20150115235959 20150101000000 19036 . i8cAxD2pvQi1oAyvQxRpDfFlbqPzW+69QQEsDwE1eWOm5AtawO9U7lmsGps7sy/fVNvl1ljKBj4Djp9pb3U2FLogjiIlW0cDAkPmLlG9t+b/pjEfBNlhjANUVN06pvQVAfm+LcF26EaWT6FlISBqb6jSy4BHRa3Bdc4Sx7+pRSYSqVVvYxLkfAWsKPqGkvWhebJDndJJV9syXQXgZ+v/uJ+6XOS43xkAdeL8iBzIs/FlwMTfh3tVe3d0lb65IBBLlCzeQuetX+0Vu1YFcnD0mHc/wS2ZnAV5toAFmyVQBoY/XAZiZeaOkcROJ6Zmqezy7liwK7BqsYyAZntMhk8lbg==
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 883 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 30053
+;; flags: qr rd ra ad cd ; qd: 1 an: 2 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ch., type = DS, class = IN
+
+;; ANSWERS:
+ch.			976	IN	DS	46375 8 2 8F96646FC68BB7E4AF4C0750A6096FBC0D4ECDA3D3FA6DA06FDDB42EE50C6CF3
+ch.			976	IN	RRSIG	DS 8 1 86400 20150112170000 20150105160000 16665 . thY7xYWBBxiBjqbQIb9fAG4TmQgnziwM7q6P1T3/ITxmECdvOCQnnZA3uD7qmN8uM0HudsD7+y+zgD3rsH4RSTKdL4kHSI0OnCxToMTvklghEgFDezqIRm8NkWdI2H4Stwrj20nYKSpLQxPI2EE54gs18P3KyO8bAUYv8Qx73xU=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 238 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 61795
+;; flags: qr rd ra ad cd ; qd: 1 an: 4 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ch., type = DNSKEY, class = IN
+
+;; ANSWERS:
+ch.			977	IN	DNSKEY	257 3 8 AwEAAb7GhhZ8IAy/AhwmSms5DeQK5ad09wIIplEpYoiAIYXPtJvT1ReFzyfTp/2YP+g/PWDwHPh4qKAHa9x0VgbIQcGAeNakmfkAdWEmCnca323/SAml3mwfaX62G7/uYWae5zh8QTxZKNd+K1yZ5x0IxnI31chSl5xymRbTEHYZDKwSIRFM3fTxUMt93WFaBVWELReYotJBr++rvAWdnlay5TPBTvheLBkaiqtgM4GP8HK07Y+86lsZnEsj5K3G1KTV5SPpa82rqYAwxG9VKbmSE/6/kBR5jJHjt1rRt5Oe7v18aEtw0YCEN4vxq+KuvMoNVqXUsE9LBwHJD+QNwi6wmB0=
+ch.			977	IN	DNSKEY	256 3 8 AwEAAcsg0kY6fw1wzYMhSAKTy+Y2JzAst66P/1odp9NECJJHbU8f4nwziI3onoFSBV0ZiSZhY1aH5dhdDZ7BkrqhVXSrZPAz0CvzjIxmB1gSOf9DeZvjQvoy97HqYolxsf+B3QQv2RKBT67elF5+JisKg3/dQISelKn8LhabSoVrMlD1
+ch.			977	IN	DNSKEY	256 3 8 AwEAAcSLdT0fEmcFmLpeUkAJoeVaHKiu+nbuc43fWlqaCRVf8t2HA4uWxOk0O5ci9nrFTc8nq8oa5fk5Cj7CHh4yrX9qUCfTdIWTyp8BDEdJpS+Dyb0u9wQuVj+nQMj4fLzdQf4TJs3/qxuiLr3nL1UUwlhhXeqSqGVb7p3mtB5HJ8ad
+ch.			977	IN	RRSIG	DNSKEY 8 1 86400 20150127100909 20141212090909 46375 ch. bT8q0FWyeMH0SulNo6UdIIgZYNATwYsee2bikq2Gh339Bufma8eaqWIPYT3XKmxYPBFOw0bVl+kLZxTwbR1CFoCDXoP+qgQhh4mf9qkNiv2CDSc+0FE3FRREn+DAhYTUEuB58FPiPakFB8s8O7T+k2qhDae7jy4/y7Jl1lnjaBY8s7bzOUPhF0KKCNZmvoKwtL23ZdVeTSV1xM3jkiNnpzBKbcoSWECSGJVp1SE0BnRXdwQP41YTXFZ0310YjaTAUCC5qbMIWdEkHjfdSQtKBImnc85mkapq9w++XQ4zhauPWBtrPV3CcoCahjUaWdjrKVkibomlJZaN8MEO23CfQw==
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 893 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 42380
+;; flags: qr rd ra cd ; qd: 1 an: 3 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ingotronic.ch., type = DS, class = IN
+
+;; ANSWERS:
+ingotronic.ch.		3585	IN	DS	6031 5 1 733D0218B571CD617B1A7493564B9FC4F12ADE82
+ingotronic.ch.		3585	IN	DS	6031 5 2 4A948F2FDADA24686E473EDAC00DCF972584C75E3FAA92C2021B6221449FF87E
+ingotronic.ch.		3585	IN	RRSIG	DS 8 2 3600 20150129033614 20150105123019 60789 ch. rVPJP2HhzW7OkroK2axFj5Lb4iVWCH8Fp/Iq1rF952NDo72b8RiKje2RaAKJAGQ+wd0YgE+PAej04GCmkhlDJA/zvPeeTxuhy3HbJzReMlQ7fjyH+wW1hli+FuIYvogXWf7nO/9VyPORt8X/f/pjrOr3Vlj9sGLN8TGYpEuVSw4=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 288 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 45992
+;; flags: qr aa rd ra cd ; qd: 1 an: 4 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ingotronic.ch., type = DNSKEY, class = IN
+
+;; ANSWERS:
+ingotronic.ch.		300	IN	DNSKEY	256 3 5 AwEAAZ2Xh77GFzpEDx7EHYxShqltHgkiG+BOjBGifEmnJhQSdE5/yNSLFNcdhZZ8HUPxYnaedTqJcFFg4AzUsQklF/fECegTJdZjaj2WoL0/I8K7HMfY/hVuRZUWPNglYi8agJRX6gdkFTCpUNI7stpgKqxtzUJhhw15uG/lKMplwqUr
+ingotronic.ch.		300	IN	DNSKEY	257 3 5 AwEAAeA1vzmjaB+eBAcvhzpKEgAEFpvQ1rg4uKDW6MsQtacKoqBpgyep2+LuWotz5p/xYxj3NGsArwN8Ad5cY0FHRr8miTT0elOv6nvlqGIfRuhj/BXAQ1x4ihpSFslHw0lJMYFwxsUZWpUyjWX/nv1xRZMMwF46gui0N4OEbyTYusCk77D+A71k+K0EAitFIbIH4GCUKmH1H7HmXhSVH9bN/n7KEGwW32lmsuuUcJoRKDkcUvbMXY/9Xoa2quERrUg/rBbDUHowRPjYDS5GzY1+f4YY8s40BufGiqyUTKKXL953MVFK8gmezXA0hbmrnZ7CBOw/7238mORAdzExaX8n7CE=
+ingotronic.ch.		300	IN	RRSIG	DNSKEY 5 2 300 20150125003700 20141226001657 6031 ingotronic.ch. rs1QlP2SlSpA2ELbzwg3DgWLzXWL3Lpv6CUJE2Q0qH2Zp7Qdy3cD+ZEtNh9v24Qv1M6JJ3zFt8mmZoCeW2ycuMbJCqBkW9CBuwF+VznZvZY2MxwPipvhvEEGP//0M8YAZJ66yQPDv3PTdAP8FYbIrJyvY44vwyncwbslpfHT9jAsrbfr3vuMuWps86dnP462q+0s1TxBfqi8mzo3gdavjHKWVNwohLahLKT+tWeu6DSzQv0YwMjwtkLgF7QRgx3ctIIkloOrnx9nHH1N6y+hxEB89fOlyVDjHhgL5uVtsD5fEdT0FJ2Gc/2nShEMMqIwr1/J9kUq1mNySff/uEe65Q==
+ingotronic.ch.		300	IN	RRSIG	DNSKEY 5 2 300 20150125003700 20141226001657 17430 ingotronic.ch. mEwZjhQqeWksWD0TCnNBrtce4YkWJL3edqL6PvAUu8Fn+Ih437kEs3+pqdkgRsdYQ9HW+lBm/8pWwJlNAv0bi9NykItXMwAUFtncgq+6Pnh3iAM972GXSa5VV4LcGQ5b8CBdHCHiEKDqyPv5Hr5QfYL/FQaWlcNRh4QZZlZNPFA=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 940 bytes
+
+###############################################
+
diff --git a/src/test/resources/recordings/org_xbill_DNS_dnssec_TestCNames/testCNameToSignedAExternal b/src/test/resources/recordings/org_xbill_DNS_dnssec_TestCNames/testCNameToSignedAExternal
new file mode 100644
index 000000000..55f11bec5
--- /dev/null
+++ b/src/test/resources/recordings/org_xbill_DNS_dnssec_TestCNames/testCNameToSignedAExternal
@@ -0,0 +1,234 @@
+#Date: 2015-01-06T22:35:00+01:00
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 28485
+;; flags: qr aa rd ra cd ; qd: 1 an: 4 au: 5 ad: 11 
+;; QUESTIONS:
+;;	csext.ingotronic.ch., type = A, class = IN
+
+;; ANSWERS:
+csext.ingotronic.ch.	300	IN	CNAME	www.isc.org.
+csext.ingotronic.ch.	300	IN	RRSIG	CNAME 5 3 300 20150125021136 20141226011244 17430 ingotronic.ch. dtPhpp6j05dVvEsL1y2sAM58ZmRapjsRhiej8KRdJcCOdGw2OFhSYrHdYgW74hTKEEZztJ2d/9iDUv+pOcu2+chBgs2NVokLtuqLnVvRm7OdaekT3RXDZfNfhSYwWukBzl6/oewu5KyeNnOAuDAWLlbTpgCZFCGbnNMVKe2exnU=
+www.isc.org.		60	IN	A	149.20.64.69
+www.isc.org.		60	IN	RRSIG	A 5 3 60 20150204233244 20150105233244 4521 isc.org. qX9Fqzc+cUB7TUgdAPDQztt+3L7A2TxqVPTGZht3gKb1oBizum2zL3Le6lSO/DI2b526/n+l6gyT7ZtSL058wmEWhXeFlurPojBEBCWYLBkJ7OBLTqMSKzVNN1zpdUIs2RA8QqLOhSWeFkBw0bcJaDnRC2uKr0513aMVJfk5uA8=
+
+;; AUTHORITY RECORDS:
+isc.org.		1027	IN	NS	ord.sns-pb.isc.org.
+isc.org.		1027	IN	NS	sfba.sns-pb.isc.org.
+isc.org.		1027	IN	NS	ns.isc.afilias-nst.info.
+isc.org.		1027	IN	NS	ams.sns-pb.isc.org.
+isc.org.		1027	IN	RRSIG	NS 5 2 7200 20150204233244 20150105233244 4521 isc.org. Olb3QQHiezY6ysFepLUtePsgyVqXgECmLMROkbaAJT5ndTyoMHy4NaX/zFc63LtvzilrS59l9x719c4Pcm37zuEEdKB1IdjtxYKzKqmCzJZ5GuSZ6XgLO2DPWoF2ws+1BVPJL2myZdoBeEu+cUxCLTsETOloSl9Jz5livJ+Xbxo=
+
+;; ADDITIONAL RECORDS:
+ns.isc.afilias-nst.info.	1027	IN	A	199.254.63.254
+ns.isc.afilias-nst.info.	1027	IN	AAAA	2001:500:2c:0:0:0:0:254
+ams.sns-pb.isc.org.	1027	IN	A	199.6.1.30
+ams.sns-pb.isc.org.	1027	IN	AAAA	2001:500:60:0:0:0:0:30
+ord.sns-pb.isc.org.	1027	IN	A	199.6.0.30
+ord.sns-pb.isc.org.	1027	IN	AAAA	2001:500:71:0:0:0:0:30
+sfba.sns-pb.isc.org.	1027	IN	A	149.20.64.3
+sfba.sns-pb.isc.org.	1027	IN	AAAA	2001:4f8:0:2:0:0:0:19
+ams.sns-pb.isc.org.	7200	IN	RRSIG	A 5 4 7200 20150204233244 20150105233244 4521 isc.org. SEjuacdGLjteFKFrB0UTyTcEjEP/VtAKeNWD6DqXLA4839PAk17M1qzCf13uKBGwtb9e1xr3U/GDlIhspbSkSNOIWBzfkKiM8PXQ9kZZuYaPrrz2sz5CzzyzThkz4bq4BicQwKNi/aD/ljLaCIWZDXfZwJabo0Uz+G3QlIq18YE=
+ams.sns-pb.isc.org.	7200	IN	RRSIG	AAAA 5 4 7200 20150204233244 20150105233244 4521 isc.org. EGLJUSGvW1gxEUglZKYLS2NmlJsPNzZQFZSORxTKIXqgF+0A2fZpk+/vkGwxiwqkOsV5Tu7kXUFzC7fIWEI7VDn/L8XKLz575upoMoGvA3bAZ/7VWXjLSXbyTFrDTP9GKSA4knIRtrIsOY+dKieSwIGV6sykBYA8ONMpPcj0sCY=
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 1205 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 57660
+;; flags: qr rd ra ad cd ; qd: 1 an: 4 au: 0 ad: 1 
+;; QUESTIONS:
+;;	., type = DNSKEY, class = IN
+
+;; ANSWERS:
+.			87374	IN	DNSKEY	257 3 8 AwEAAagAIKlVZrpC6Ia7gEzahOR+9W29euxhJhVVLOyQbSEW0O8gcCjFFVQUTf6v58fLjwBd0YI0EzrAcQqBGCzh/RStIoO8g0NfnfL2MTJRkxoXbfDaUeVPQuYEhg37NZWAJQ9VnMVDxP/VHL496M/QZxkjf5/Efucp2gaDX6RS6CXpoY68LsvPVjR0ZSwzz1apAzvN9dlzEheX7ICJBBtuA6G3LQpzW5hOA2hzCTMjJPJ8LbqF6dsV6DoBQzgul0sGIcGOYl7OyQdXfZ57relSQageu+ipAdTTJ25AsRTAoub8ONGcLmqrAmRLKBP1dfwhYB4N7knNnulqQxA+Uk1ihz0=
+.			87374	IN	DNSKEY	256 3 8 AwEAAe3fSrbLBy3LOS7pnxEUhvPZTE2H5dIGsI/UfruI/nOEvWWa/PSX2BFedBkEqOlYdjdNF2f+6lmfk2Od/xu0v5bVqxFE+/24v3hZSlWBxvXzPTAGHrbW/IJYEPqlzVOAS4XdUgHg0N7IbLywNHMvB+Yf+Nm6ctyXXFLV4WTNnzs7
+.			87374	IN	DNSKEY	256 3 8 AwEAAaPD7Y7XIi1MOEREJNTrRhyqsY3gff6JWzg+XCbqut1sbcbvqyssHw8DT1AkRaAC92pO8xuyq5QEgEPL1IHfABLwpwXI5gTj4gdwi86bpkmlWs9fRpnn4DPDCTdrnxIejJXgClHikLJF3u3CdpNCMijq4CKdQbMlRZ3avv+G7rh7
+.			87374	IN	RRSIG	DNSKEY 8 0 172800 20150115235959 20150101000000 19036 . i8cAxD2pvQi1oAyvQxRpDfFlbqPzW+69QQEsDwE1eWOm5AtawO9U7lmsGps7sy/fVNvl1ljKBj4Djp9pb3U2FLogjiIlW0cDAkPmLlG9t+b/pjEfBNlhjANUVN06pvQVAfm+LcF26EaWT6FlISBqb6jSy4BHRa3Bdc4Sx7+pRSYSqVVvYxLkfAWsKPqGkvWhebJDndJJV9syXQXgZ+v/uJ+6XOS43xkAdeL8iBzIs/FlwMTfh3tVe3d0lb65IBBLlCzeQuetX+0Vu1YFcnD0mHc/wS2ZnAV5toAFmyVQBoY/XAZiZeaOkcROJ6Zmqezy7liwK7BqsYyAZntMhk8lbg==
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 883 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 19501
+;; flags: qr rd ra ad cd ; qd: 1 an: 2 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ch., type = DS, class = IN
+
+;; ANSWERS:
+ch.			974	IN	DS	46375 8 2 8F96646FC68BB7E4AF4C0750A6096FBC0D4ECDA3D3FA6DA06FDDB42EE50C6CF3
+ch.			974	IN	RRSIG	DS 8 1 86400 20150112170000 20150105160000 16665 . thY7xYWBBxiBjqbQIb9fAG4TmQgnziwM7q6P1T3/ITxmECdvOCQnnZA3uD7qmN8uM0HudsD7+y+zgD3rsH4RSTKdL4kHSI0OnCxToMTvklghEgFDezqIRm8NkWdI2H4Stwrj20nYKSpLQxPI2EE54gs18P3KyO8bAUYv8Qx73xU=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 238 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 46749
+;; flags: qr rd ra ad cd ; qd: 1 an: 4 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ch., type = DNSKEY, class = IN
+
+;; ANSWERS:
+ch.			975	IN	DNSKEY	256 3 8 AwEAAcsg0kY6fw1wzYMhSAKTy+Y2JzAst66P/1odp9NECJJHbU8f4nwziI3onoFSBV0ZiSZhY1aH5dhdDZ7BkrqhVXSrZPAz0CvzjIxmB1gSOf9DeZvjQvoy97HqYolxsf+B3QQv2RKBT67elF5+JisKg3/dQISelKn8LhabSoVrMlD1
+ch.			975	IN	DNSKEY	257 3 8 AwEAAb7GhhZ8IAy/AhwmSms5DeQK5ad09wIIplEpYoiAIYXPtJvT1ReFzyfTp/2YP+g/PWDwHPh4qKAHa9x0VgbIQcGAeNakmfkAdWEmCnca323/SAml3mwfaX62G7/uYWae5zh8QTxZKNd+K1yZ5x0IxnI31chSl5xymRbTEHYZDKwSIRFM3fTxUMt93WFaBVWELReYotJBr++rvAWdnlay5TPBTvheLBkaiqtgM4GP8HK07Y+86lsZnEsj5K3G1KTV5SPpa82rqYAwxG9VKbmSE/6/kBR5jJHjt1rRt5Oe7v18aEtw0YCEN4vxq+KuvMoNVqXUsE9LBwHJD+QNwi6wmB0=
+ch.			975	IN	DNSKEY	256 3 8 AwEAAcSLdT0fEmcFmLpeUkAJoeVaHKiu+nbuc43fWlqaCRVf8t2HA4uWxOk0O5ci9nrFTc8nq8oa5fk5Cj7CHh4yrX9qUCfTdIWTyp8BDEdJpS+Dyb0u9wQuVj+nQMj4fLzdQf4TJs3/qxuiLr3nL1UUwlhhXeqSqGVb7p3mtB5HJ8ad
+ch.			975	IN	RRSIG	DNSKEY 8 1 86400 20150127100909 20141212090909 46375 ch. bT8q0FWyeMH0SulNo6UdIIgZYNATwYsee2bikq2Gh339Bufma8eaqWIPYT3XKmxYPBFOw0bVl+kLZxTwbR1CFoCDXoP+qgQhh4mf9qkNiv2CDSc+0FE3FRREn+DAhYTUEuB58FPiPakFB8s8O7T+k2qhDae7jy4/y7Jl1lnjaBY8s7bzOUPhF0KKCNZmvoKwtL23ZdVeTSV1xM3jkiNnpzBKbcoSWECSGJVp1SE0BnRXdwQP41YTXFZ0310YjaTAUCC5qbMIWdEkHjfdSQtKBImnc85mkapq9w++XQ4zhauPWBtrPV3CcoCahjUaWdjrKVkibomlJZaN8MEO23CfQw==
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 893 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 3597
+;; flags: qr rd ra cd ; qd: 1 an: 3 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ingotronic.ch., type = DS, class = IN
+
+;; ANSWERS:
+ingotronic.ch.		3582	IN	DS	6031 5 1 733D0218B571CD617B1A7493564B9FC4F12ADE82
+ingotronic.ch.		3582	IN	DS	6031 5 2 4A948F2FDADA24686E473EDAC00DCF972584C75E3FAA92C2021B6221449FF87E
+ingotronic.ch.		3582	IN	RRSIG	DS 8 2 3600 20150129033614 20150105123019 60789 ch. rVPJP2HhzW7OkroK2axFj5Lb4iVWCH8Fp/Iq1rF952NDo72b8RiKje2RaAKJAGQ+wd0YgE+PAej04GCmkhlDJA/zvPeeTxuhy3HbJzReMlQ7fjyH+wW1hli+FuIYvogXWf7nO/9VyPORt8X/f/pjrOr3Vlj9sGLN8TGYpEuVSw4=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 288 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 53222
+;; flags: qr aa rd ra cd ; qd: 1 an: 4 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ingotronic.ch., type = DNSKEY, class = IN
+
+;; ANSWERS:
+ingotronic.ch.		300	IN	DNSKEY	256 3 5 AwEAAZ2Xh77GFzpEDx7EHYxShqltHgkiG+BOjBGifEmnJhQSdE5/yNSLFNcdhZZ8HUPxYnaedTqJcFFg4AzUsQklF/fECegTJdZjaj2WoL0/I8K7HMfY/hVuRZUWPNglYi8agJRX6gdkFTCpUNI7stpgKqxtzUJhhw15uG/lKMplwqUr
+ingotronic.ch.		300	IN	DNSKEY	257 3 5 AwEAAeA1vzmjaB+eBAcvhzpKEgAEFpvQ1rg4uKDW6MsQtacKoqBpgyep2+LuWotz5p/xYxj3NGsArwN8Ad5cY0FHRr8miTT0elOv6nvlqGIfRuhj/BXAQ1x4ihpSFslHw0lJMYFwxsUZWpUyjWX/nv1xRZMMwF46gui0N4OEbyTYusCk77D+A71k+K0EAitFIbIH4GCUKmH1H7HmXhSVH9bN/n7KEGwW32lmsuuUcJoRKDkcUvbMXY/9Xoa2quERrUg/rBbDUHowRPjYDS5GzY1+f4YY8s40BufGiqyUTKKXL953MVFK8gmezXA0hbmrnZ7CBOw/7238mORAdzExaX8n7CE=
+ingotronic.ch.		300	IN	RRSIG	DNSKEY 5 2 300 20150125003700 20141226001657 6031 ingotronic.ch. rs1QlP2SlSpA2ELbzwg3DgWLzXWL3Lpv6CUJE2Q0qH2Zp7Qdy3cD+ZEtNh9v24Qv1M6JJ3zFt8mmZoCeW2ycuMbJCqBkW9CBuwF+VznZvZY2MxwPipvhvEEGP//0M8YAZJ66yQPDv3PTdAP8FYbIrJyvY44vwyncwbslpfHT9jAsrbfr3vuMuWps86dnP462q+0s1TxBfqi8mzo3gdavjHKWVNwohLahLKT+tWeu6DSzQv0YwMjwtkLgF7QRgx3ctIIkloOrnx9nHH1N6y+hxEB89fOlyVDjHhgL5uVtsD5fEdT0FJ2Gc/2nShEMMqIwr1/J9kUq1mNySff/uEe65Q==
+ingotronic.ch.		300	IN	RRSIG	DNSKEY 5 2 300 20150125003700 20141226001657 17430 ingotronic.ch. mEwZjhQqeWksWD0TCnNBrtce4YkWJL3edqL6PvAUu8Fn+Ih437kEs3+pqdkgRsdYQ9HW+lBm/8pWwJlNAv0bi9NykItXMwAUFtncgq+6Pnh3iAM972GXSa5VV4LcGQ5b8CBdHCHiEKDqyPv5Hr5QfYL/FQaWlcNRh4QZZlZNPFA=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 940 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 15854
+;; flags: qr rd ra ad cd ; qd: 1 an: 4 au: 0 ad: 1 
+;; QUESTIONS:
+;;	., type = DNSKEY, class = IN
+
+;; ANSWERS:
+.			87373	IN	DNSKEY	256 3 8 AwEAAaPD7Y7XIi1MOEREJNTrRhyqsY3gff6JWzg+XCbqut1sbcbvqyssHw8DT1AkRaAC92pO8xuyq5QEgEPL1IHfABLwpwXI5gTj4gdwi86bpkmlWs9fRpnn4DPDCTdrnxIejJXgClHikLJF3u3CdpNCMijq4CKdQbMlRZ3avv+G7rh7
+.			87373	IN	DNSKEY	256 3 8 AwEAAe3fSrbLBy3LOS7pnxEUhvPZTE2H5dIGsI/UfruI/nOEvWWa/PSX2BFedBkEqOlYdjdNF2f+6lmfk2Od/xu0v5bVqxFE+/24v3hZSlWBxvXzPTAGHrbW/IJYEPqlzVOAS4XdUgHg0N7IbLywNHMvB+Yf+Nm6ctyXXFLV4WTNnzs7
+.			87373	IN	DNSKEY	257 3 8 AwEAAagAIKlVZrpC6Ia7gEzahOR+9W29euxhJhVVLOyQbSEW0O8gcCjFFVQUTf6v58fLjwBd0YI0EzrAcQqBGCzh/RStIoO8g0NfnfL2MTJRkxoXbfDaUeVPQuYEhg37NZWAJQ9VnMVDxP/VHL496M/QZxkjf5/Efucp2gaDX6RS6CXpoY68LsvPVjR0ZSwzz1apAzvN9dlzEheX7ICJBBtuA6G3LQpzW5hOA2hzCTMjJPJ8LbqF6dsV6DoBQzgul0sGIcGOYl7OyQdXfZ57relSQageu+ipAdTTJ25AsRTAoub8ONGcLmqrAmRLKBP1dfwhYB4N7knNnulqQxA+Uk1ihz0=
+.			87373	IN	RRSIG	DNSKEY 8 0 172800 20150115235959 20150101000000 19036 . i8cAxD2pvQi1oAyvQxRpDfFlbqPzW+69QQEsDwE1eWOm5AtawO9U7lmsGps7sy/fVNvl1ljKBj4Djp9pb3U2FLogjiIlW0cDAkPmLlG9t+b/pjEfBNlhjANUVN06pvQVAfm+LcF26EaWT6FlISBqb6jSy4BHRa3Bdc4Sx7+pRSYSqVVvYxLkfAWsKPqGkvWhebJDndJJV9syXQXgZ+v/uJ+6XOS43xkAdeL8iBzIs/FlwMTfh3tVe3d0lb65IBBLlCzeQuetX+0Vu1YFcnD0mHc/wS2ZnAV5toAFmyVQBoY/XAZiZeaOkcROJ6Zmqezy7liwK7BqsYyAZntMhk8lbg==
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 883 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 55128
+;; flags: qr rd ra cd ; qd: 1 an: 3 au: 0 ad: 1 
+;; QUESTIONS:
+;;	org., type = DS, class = IN
+
+;; ANSWERS:
+org.			1022	IN	DS	21366 7 2 96EEB2FFD9B00CD4694E78278B5EFDAB0A80446567B69F634DA078F0D90F01BA
+org.			1022	IN	DS	21366 7 1 E6C1716CFB6BDC84E84CE1AB5510DAC69173B5B2
+org.			1022	IN	RRSIG	DS 8 1 86400 20150112170000 20150105160000 16665 . TeNrVbBDgqdrbpdIweTad3yMLn+APxxlDpr717kqNgkOc8OxLFE/pFGzfSCYfc5hlMNB/nY1XhIJbWwvd26xOjwcB1rK3yo/Cfa5Pt4P+qV45QYW2JlatQVQPHtgMOf1KvUzXy4DlKzE5yHvHNGscfMOgIDeyWyDS8XwdrEIRR0=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 275 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 39672
+;; flags: qr rd ra cd ; qd: 1 an: 7 au: 0 ad: 1 
+;; QUESTIONS:
+;;	org., type = DNSKEY, class = IN
+
+;; ANSWERS:
+org.			898	IN	DNSKEY	256 3 7 AwEAAXTZXCkp3UaDofhKlicjaZR/XeMFVkRSXRZsYP9OBRFZB44675hHORNE+QAijMdWOQeQt1SUWGyeJ5SHPVirGVxt9wCCqOeMTx7WvImZAKuqUl9H5N3Wn6FRidaub7d76IjxKZbkAHhGSJSzRTuuHbyjtrJVGcJ18kZHELyIsqZ3
+org.			898	IN	DNSKEY	257 3 7 AwEAAYpYfj3aaRzzkxWQqMdl7YExY81NdYSv+qayuZDodnZ9IMh0bwMcYaVUdzNAbVeJ8gd6jq1sR3VvP/SR36mmGssbV4Udl5ORDtqiZP2TDNDHxEnKKTX+jWfytZeT7d3AbSzBKC0v7uZrM6M2eoJnl6id66rEUmQC2p9DrrDg9F6tXC9CD/zC7/y+BNNpiOdnM5DXk7HhZm7ra9E7ltL13h2mx7kEgU8e6npJlCoXjraIBgUDthYs48W/sdTDLu7N59rjCG+bpil+c8oZ9f7NR3qmSTpTP1m86RqUQnVErifrH8KjDqL+3wzUdF5ACkYwt1XhPVPU+wSIlzbaAQN49PU=
+org.			898	IN	DNSKEY	257 3 7 AwEAAZTjbIO5kIpxWUtyXc8avsKyHIIZ+LjC2Dv8naO+Tz6X2fqzDC1bdq7HlZwtkaqTkMVVJ+8gE9FIreGJ4c8G1GdbjQgbP1OyYIG7OHTc4hv5T2NlyWr6k6QFz98Q4zwFIGTFVvwBhmrMDYsOTtXakK6QwHovA1+83BsUACxlidpwB0hQacbD6x+I2RCDzYuTzj64Jv0/9XsX6AYV3ebcgn4hL1jIR2eJYyXlrAoWxdzxcW//5yeL5RVWuhRxejmnSVnCuxkfS4AQ485KH2tpdbWcCopLJZs6tw8q3jWcpTGzdh/v3xdYfNpQNcPImFlxAun3BtORPA2r8ti6MNoJEHU=
+org.			898	IN	DNSKEY	256 3 7 AwEAAawm+6jDEf5ymhSAeQKaJrF0FTdqp4T0F1SE/KSFEcd/MUaBW0J8NyrJZXQJ0I3KpvXJSk3b0Z3X8StBpngUWOa9/iePG5WaR8Edj0JENd6Cy1R7WawrtYAfQ1AWnvGTbvf0rFa2GcMfhyNKeY8UO5TWKECE4AF4C+LlGe12TICh
+org.			898	IN	RRSIG	DNSKEY 7 1 900 20150126170632 20150105160632 9795 org. b4jnXExJ1MgfUZffo8HVtxJ73qdbrustN+U6GBtgZLNEpdDgdpf9d4unRp/tqzDFoW0QuEoYOBatPCtpX3Re12/FQ+lWkfOAatcJMYMcW7kU2q86muY44W4p1BK/DxVb2zQHJ4AO7h22dH+TcM8J3WlGrlHYy/6k+emWPC7NpumCF3ctR/w26rAU4sv0lKuPvQSr9mOf3PyX29tz61lSfu4lAcymB6vh7B3D6TMkpHyobOAD67Ne59V1IgeeHXakURM8g0P0HMg87GT4GXwqo9+Aj7oWAq9D8iIIqelOLiijKys5jTzgdbOxM2vVn+l175xJybUzrJI0huJ9zKNCvg==
+org.			898	IN	RRSIG	DNSKEY 7 1 900 20150126170632 20150105160632 21366 org. Edm9U+AtUcNeh2NXrWaLbfNYSRJovpziT1YcCphKGmdluvZPQk6rQAv1Y+2JBhE9Xmb37cY07lr7XHHfYxLWyhrPkpaKCX4ogqhGRylamy5R8BptqvVFhMTRUUHnK4tHvfYXqbtKuh9H84giLWMQIE2ZzQC9UqTvAIrc4FVUVIuwrNR7k6N96yy68feZnH8wcY+/RkyxoxMhcbMxXnZl2V9XP7xUxwtkULQBL1fq7IHI4jmlNyrdLzZltEgMIgtTK5HpgKaDborfoAcGBYnXxiC5RkAwHH81LAlT/BbK9shiWAI+yDhakLsIpl5ajUcTcbRBtLBBMkY6+4nAnXlSfg==
+org.			898	IN	RRSIG	DNSKEY 7 1 900 20150126170632 20150105160632 53348 org. dAW5DYEjkxzfeM83ZCupwRh50L29jdR+dWkZYgt5GLDsYnyJDmRvjnHiHvJXVlHygvytafDMNK1MBlBODwHTBU/O7u7jLMbKvDU26bJpjm7cBJEtdUny3Bfckfr+VnxmT6UgmWLy1Cu8vuMOQS0t0fIMUs7fF2gJcD2bpcX85iY=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 1625 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 10645
+;; flags: qr rd ra cd ; qd: 1 an: 3 au: 0 ad: 1 
+;; QUESTIONS:
+;;	isc.org., type = DS, class = IN
+
+;; ANSWERS:
+isc.org.		1027	IN	DS	12892 5 1 982113D08B4C6A1D9F6AEE1E2237AEF69F3F9759
+isc.org.		1027	IN	DS	12892 5 2 F1E184C0E1D615D20EB3C223ACED3B03C773DD952D5F0EB5C777586DE18DA6B5
+isc.org.		1027	IN	RRSIG	DS 7 2 86400 20150122163315 20150101153315 53348 org. mpNwUFgIi/ahCYVkPlQuyJ+AY6BGiRaLD4cRwBIBNnaGVeR5vHNrGPrOX32mfS38tegrfNjJS4y3icwavPeubuZwGKIja8CBRGhzzFj6JZgydRJpJ+lkKws6+vDhjQ3A8+VerV0TNs8IWXSBa+Vl4Gv+0bX5NlM4RF/7Kyd7lJA=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 283 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 61039
+;; flags: qr rd ra cd ; qd: 1 an: 4 au: 0 ad: 1 
+;; QUESTIONS:
+;;	isc.org., type = DNSKEY, class = IN
+
+;; ANSWERS:
+isc.org.		7200	IN	DNSKEY	257 3 5 BEAAAAOhHQDBrhQbtphgq2wQUpEQ5t4DtUHxoMVFu2hWLDMvoOMRXjGrhhCeFvAZih7yJHf8ZGfW6hd38hXG/xylYCO6Krpbdojwx8YMXLA5/kA+u50WIL8ZR1R6KTbsYVMf/Qx5RiNbPClw+vT+U8eXEJmO20jIS1ULgqy347cBB1zMnnz/4LJpA0da9CbKj3A254T515sNIMcwsB8/2+2E63/zZrQzBkj0BrN/9Bexjpiks3jRhZatEsXn3dTy47R09Uix5WcJt+xzqZ7+ysyLKOOedS39Z7SDmsn2eA0FKtQpwA6LXeG2w+jxmw3oA8lVUgEf/rzeC/bByBNsO70aEFTd
+isc.org.		7200	IN	DNSKEY	256 3 5 AwEAAbJpDF4RemdHHE/HrJJhR3zpzAQ6zsHqFv0i4lCWTUf4sX+cq3vSu7fKO4QJtm97S1sbcnmHonVE3QPzLOsqsY630Wy5JzrPK3gUvQLgfIsovo2v+dosITL8WbvjU1mEXhIwfuuBhYmYSKySZ0X9gpHGhdxRd+J8M7riPfN7kHLP
+isc.org.		7200	IN	RRSIG	DNSKEY 5 2 7200 20150204230128 20150105230128 4521 isc.org. F7Lm/p8NrLlHT1rzV09lYxakAu7fGcY9sRnZ2uLlq9d3SpXIXGUuudPg61sd1GdqrRRKiRwfXvNsmvpNL2t8B1/k3gpNUT9V/+SBkI99PKNSkXijVToCebFkCIjqgyjPXkXXFB28E8ZhUDjjYp1LAVMGsfBEnaw7NeHg4MQ3v10=
+isc.org.		7200	IN	RRSIG	DNSKEY 5 2 7200 20150204230128 20150105230128 12892 isc.org. KFk6zXeVu/lULIjwpu5pzRonoksbZMC0Y0qr5K7SpzZK0P/pG4iEzDdSVHA8st+QxNxQ7O4aypeo2jxiJT61OfRzUhjKwopTPVRiiREDV7DFU/fEkgCYXWPlOP7w/An0NzIPc5OLxCDovQefKKgrJaA0hjrd+bTeINgLGdmra+b4FCgYusIZ9Cp+iNs/dByc6cGexce0a0JCyu/vBLnjzo0byjckZm/iiL4BPwtqlaV+NyXFgjucAoqegpSoUpAz1ozCNz9CcJ4yfA9HpWdiWLpYdO3hMt8kHJbk2DxJNkkLRdOP6ZES+3RBUgMgo0FnIYCrVC8QYYQGTO8f2cdfBw==
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 923 bytes
+
+###############################################
+
diff --git a/src/test/resources/recordings/org_xbill_DNS_dnssec_TestCNames/testCNameToSignedMX b/src/test/resources/recordings/org_xbill_DNS_dnssec_TestCNames/testCNameToSignedMX
new file mode 100644
index 000000000..7b5e97a8e
--- /dev/null
+++ b/src/test/resources/recordings/org_xbill_DNS_dnssec_TestCNames/testCNameToSignedMX
@@ -0,0 +1,120 @@
+#Date: 2015-01-06T22:34:59+01:00
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 55073
+;; flags: qr aa rd ra cd ; qd: 1 an: 2 au: 4 ad: 1 
+;; QUESTIONS:
+;;	csigned.ingotronic.ch., type = MX, class = IN
+
+;; ANSWERS:
+csigned.ingotronic.ch.	300	IN	CNAME	www.ingotronic.ch.
+csigned.ingotronic.ch.	300	IN	RRSIG	CNAME 5 3 300 20150125005754 20141226001054 17430 ingotronic.ch. ZBVECD9hhC0kSJPnvROZVE5bcN7mtDOuoYEJeTJZzuVU9ipLU7QljKmz4Lxhqq/MbdkpkR9Q2IgTjoDfVFbgZeattaQxjytAmKawXSFD6MzGEC2+JxE0+d1Q0N/1i+fH4EiIFpAZ3QDJjB6DIVb2cwX6TKGeETib2eB9g6aL+Dc=
+
+;; AUTHORITY RECORDS:
+ingotronic.ch.		300	IN	SOA	ns1.ingotronic.ch. admin.ingotronic.ch. 2013032762 300 60 864000 300
+ingotronic.ch.		300	IN	RRSIG	SOA 5 2 300 20150125021244 20141226011244 17430 ingotronic.ch. WDLpp9G0P/rlMBfpFn9sAfpEFoBnQfwyGSXbGCc/LG1FSkJoKLDQYDY696scLNsJgkrzZeJrl0oSSvA8AvRUhYRrmuqWMxTVFgYlRwPwqEMCKUqiVhKGVF4NYemoBiUQC4nJwBZd57xKCiF4AQ4CodBtiZxefJFAlTNE0g2yxtM=
+www.ingotronic.ch.	300	IN	NSEC	z.ingotronic.ch. A AAAA RRSIG NSEC
+www.ingotronic.ch.	300	IN	RRSIG	NSEC 5 3 300 20150125012443 20141226010256 17430 ingotronic.ch. fMbLmn92jrN7YeM4XWcq7/kKLiPB3Ll4yQSLiPRWQw79ZVeNJMkqEqdstEnnTyKu/hAId6YpvMKsJnIfCTVyoO75i6CaEKXOpvf9AT7TstEUj0YKjp4vWvcNs2F2144nrnqnaVFX8ZTxnUV50R+/AsqtKA+2/Tky6SlNhzeWVMI=
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 670 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 4926
+;; flags: qr rd ra ad cd ; qd: 1 an: 4 au: 0 ad: 1 
+;; QUESTIONS:
+;;	., type = DNSKEY, class = IN
+
+;; ANSWERS:
+.			87374	IN	DNSKEY	257 3 8 AwEAAagAIKlVZrpC6Ia7gEzahOR+9W29euxhJhVVLOyQbSEW0O8gcCjFFVQUTf6v58fLjwBd0YI0EzrAcQqBGCzh/RStIoO8g0NfnfL2MTJRkxoXbfDaUeVPQuYEhg37NZWAJQ9VnMVDxP/VHL496M/QZxkjf5/Efucp2gaDX6RS6CXpoY68LsvPVjR0ZSwzz1apAzvN9dlzEheX7ICJBBtuA6G3LQpzW5hOA2hzCTMjJPJ8LbqF6dsV6DoBQzgul0sGIcGOYl7OyQdXfZ57relSQageu+ipAdTTJ25AsRTAoub8ONGcLmqrAmRLKBP1dfwhYB4N7knNnulqQxA+Uk1ihz0=
+.			87374	IN	DNSKEY	256 3 8 AwEAAe3fSrbLBy3LOS7pnxEUhvPZTE2H5dIGsI/UfruI/nOEvWWa/PSX2BFedBkEqOlYdjdNF2f+6lmfk2Od/xu0v5bVqxFE+/24v3hZSlWBxvXzPTAGHrbW/IJYEPqlzVOAS4XdUgHg0N7IbLywNHMvB+Yf+Nm6ctyXXFLV4WTNnzs7
+.			87374	IN	DNSKEY	256 3 8 AwEAAaPD7Y7XIi1MOEREJNTrRhyqsY3gff6JWzg+XCbqut1sbcbvqyssHw8DT1AkRaAC92pO8xuyq5QEgEPL1IHfABLwpwXI5gTj4gdwi86bpkmlWs9fRpnn4DPDCTdrnxIejJXgClHikLJF3u3CdpNCMijq4CKdQbMlRZ3avv+G7rh7
+.			87374	IN	RRSIG	DNSKEY 8 0 172800 20150115235959 20150101000000 19036 . i8cAxD2pvQi1oAyvQxRpDfFlbqPzW+69QQEsDwE1eWOm5AtawO9U7lmsGps7sy/fVNvl1ljKBj4Djp9pb3U2FLogjiIlW0cDAkPmLlG9t+b/pjEfBNlhjANUVN06pvQVAfm+LcF26EaWT6FlISBqb6jSy4BHRa3Bdc4Sx7+pRSYSqVVvYxLkfAWsKPqGkvWhebJDndJJV9syXQXgZ+v/uJ+6XOS43xkAdeL8iBzIs/FlwMTfh3tVe3d0lb65IBBLlCzeQuetX+0Vu1YFcnD0mHc/wS2ZnAV5toAFmyVQBoY/XAZiZeaOkcROJ6Zmqezy7liwK7BqsYyAZntMhk8lbg==
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 883 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 65501
+;; flags: qr rd ra ad cd ; qd: 1 an: 2 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ch., type = DS, class = IN
+
+;; ANSWERS:
+ch.			974	IN	DS	46375 8 2 8F96646FC68BB7E4AF4C0750A6096FBC0D4ECDA3D3FA6DA06FDDB42EE50C6CF3
+ch.			974	IN	RRSIG	DS 8 1 86400 20150112170000 20150105160000 16665 . thY7xYWBBxiBjqbQIb9fAG4TmQgnziwM7q6P1T3/ITxmECdvOCQnnZA3uD7qmN8uM0HudsD7+y+zgD3rsH4RSTKdL4kHSI0OnCxToMTvklghEgFDezqIRm8NkWdI2H4Stwrj20nYKSpLQxPI2EE54gs18P3KyO8bAUYv8Qx73xU=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 238 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 20356
+;; flags: qr rd ra ad cd ; qd: 1 an: 4 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ch., type = DNSKEY, class = IN
+
+;; ANSWERS:
+ch.			975	IN	DNSKEY	257 3 8 AwEAAb7GhhZ8IAy/AhwmSms5DeQK5ad09wIIplEpYoiAIYXPtJvT1ReFzyfTp/2YP+g/PWDwHPh4qKAHa9x0VgbIQcGAeNakmfkAdWEmCnca323/SAml3mwfaX62G7/uYWae5zh8QTxZKNd+K1yZ5x0IxnI31chSl5xymRbTEHYZDKwSIRFM3fTxUMt93WFaBVWELReYotJBr++rvAWdnlay5TPBTvheLBkaiqtgM4GP8HK07Y+86lsZnEsj5K3G1KTV5SPpa82rqYAwxG9VKbmSE/6/kBR5jJHjt1rRt5Oe7v18aEtw0YCEN4vxq+KuvMoNVqXUsE9LBwHJD+QNwi6wmB0=
+ch.			975	IN	DNSKEY	256 3 8 AwEAAcsg0kY6fw1wzYMhSAKTy+Y2JzAst66P/1odp9NECJJHbU8f4nwziI3onoFSBV0ZiSZhY1aH5dhdDZ7BkrqhVXSrZPAz0CvzjIxmB1gSOf9DeZvjQvoy97HqYolxsf+B3QQv2RKBT67elF5+JisKg3/dQISelKn8LhabSoVrMlD1
+ch.			975	IN	DNSKEY	256 3 8 AwEAAcSLdT0fEmcFmLpeUkAJoeVaHKiu+nbuc43fWlqaCRVf8t2HA4uWxOk0O5ci9nrFTc8nq8oa5fk5Cj7CHh4yrX9qUCfTdIWTyp8BDEdJpS+Dyb0u9wQuVj+nQMj4fLzdQf4TJs3/qxuiLr3nL1UUwlhhXeqSqGVb7p3mtB5HJ8ad
+ch.			975	IN	RRSIG	DNSKEY 8 1 86400 20150127100909 20141212090909 46375 ch. bT8q0FWyeMH0SulNo6UdIIgZYNATwYsee2bikq2Gh339Bufma8eaqWIPYT3XKmxYPBFOw0bVl+kLZxTwbR1CFoCDXoP+qgQhh4mf9qkNiv2CDSc+0FE3FRREn+DAhYTUEuB58FPiPakFB8s8O7T+k2qhDae7jy4/y7Jl1lnjaBY8s7bzOUPhF0KKCNZmvoKwtL23ZdVeTSV1xM3jkiNnpzBKbcoSWECSGJVp1SE0BnRXdwQP41YTXFZ0310YjaTAUCC5qbMIWdEkHjfdSQtKBImnc85mkapq9w++XQ4zhauPWBtrPV3CcoCahjUaWdjrKVkibomlJZaN8MEO23CfQw==
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 893 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 52970
+;; flags: qr rd ra cd ; qd: 1 an: 3 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ingotronic.ch., type = DS, class = IN
+
+;; ANSWERS:
+ingotronic.ch.		3583	IN	DS	6031 5 2 4A948F2FDADA24686E473EDAC00DCF972584C75E3FAA92C2021B6221449FF87E
+ingotronic.ch.		3583	IN	DS	6031 5 1 733D0218B571CD617B1A7493564B9FC4F12ADE82
+ingotronic.ch.		3583	IN	RRSIG	DS 8 2 3600 20150129033614 20150105123019 60789 ch. rVPJP2HhzW7OkroK2axFj5Lb4iVWCH8Fp/Iq1rF952NDo72b8RiKje2RaAKJAGQ+wd0YgE+PAej04GCmkhlDJA/zvPeeTxuhy3HbJzReMlQ7fjyH+wW1hli+FuIYvogXWf7nO/9VyPORt8X/f/pjrOr3Vlj9sGLN8TGYpEuVSw4=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 288 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 24421
+;; flags: qr aa rd ra cd ; qd: 1 an: 4 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ingotronic.ch., type = DNSKEY, class = IN
+
+;; ANSWERS:
+ingotronic.ch.		300	IN	DNSKEY	257 3 5 AwEAAeA1vzmjaB+eBAcvhzpKEgAEFpvQ1rg4uKDW6MsQtacKoqBpgyep2+LuWotz5p/xYxj3NGsArwN8Ad5cY0FHRr8miTT0elOv6nvlqGIfRuhj/BXAQ1x4ihpSFslHw0lJMYFwxsUZWpUyjWX/nv1xRZMMwF46gui0N4OEbyTYusCk77D+A71k+K0EAitFIbIH4GCUKmH1H7HmXhSVH9bN/n7KEGwW32lmsuuUcJoRKDkcUvbMXY/9Xoa2quERrUg/rBbDUHowRPjYDS5GzY1+f4YY8s40BufGiqyUTKKXL953MVFK8gmezXA0hbmrnZ7CBOw/7238mORAdzExaX8n7CE=
+ingotronic.ch.		300	IN	DNSKEY	256 3 5 AwEAAZ2Xh77GFzpEDx7EHYxShqltHgkiG+BOjBGifEmnJhQSdE5/yNSLFNcdhZZ8HUPxYnaedTqJcFFg4AzUsQklF/fECegTJdZjaj2WoL0/I8K7HMfY/hVuRZUWPNglYi8agJRX6gdkFTCpUNI7stpgKqxtzUJhhw15uG/lKMplwqUr
+ingotronic.ch.		300	IN	RRSIG	DNSKEY 5 2 300 20150125003700 20141226001657 6031 ingotronic.ch. rs1QlP2SlSpA2ELbzwg3DgWLzXWL3Lpv6CUJE2Q0qH2Zp7Qdy3cD+ZEtNh9v24Qv1M6JJ3zFt8mmZoCeW2ycuMbJCqBkW9CBuwF+VznZvZY2MxwPipvhvEEGP//0M8YAZJ66yQPDv3PTdAP8FYbIrJyvY44vwyncwbslpfHT9jAsrbfr3vuMuWps86dnP462q+0s1TxBfqi8mzo3gdavjHKWVNwohLahLKT+tWeu6DSzQv0YwMjwtkLgF7QRgx3ctIIkloOrnx9nHH1N6y+hxEB89fOlyVDjHhgL5uVtsD5fEdT0FJ2Gc/2nShEMMqIwr1/J9kUq1mNySff/uEe65Q==
+ingotronic.ch.		300	IN	RRSIG	DNSKEY 5 2 300 20150125003700 20141226001657 17430 ingotronic.ch. mEwZjhQqeWksWD0TCnNBrtce4YkWJL3edqL6PvAUu8Fn+Ih437kEs3+pqdkgRsdYQ9HW+lBm/8pWwJlNAv0bi9NykItXMwAUFtncgq+6Pnh3iAM972GXSa5VV4LcGQ5b8CBdHCHiEKDqyPv5Hr5QfYL/FQaWlcNRh4QZZlZNPFA=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 940 bytes
+
+###############################################
+
diff --git a/src/test/resources/recordings/org_xbill_DNS_dnssec_TestCNames/testCNameToSignedNsec3 b/src/test/resources/recordings/org_xbill_DNS_dnssec_TestCNames/testCNameToSignedNsec3
new file mode 100644
index 000000000..65621b682
--- /dev/null
+++ b/src/test/resources/recordings/org_xbill_DNS_dnssec_TestCNames/testCNameToSignedNsec3
@@ -0,0 +1,161 @@
+#Date: 2015-01-06T22:34:57+01:00
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 18324
+;; flags: qr aa rd ra cd ; qd: 1 an: 4 au: 2 ad: 3 
+;; QUESTIONS:
+;;	csigned.nsec3.ingotronic.ch., type = A, class = IN
+
+;; ANSWERS:
+csigned.nsec3.ingotronic.ch.	300	IN	CNAME	www.ingotronic.ch.
+csigned.nsec3.ingotronic.ch.	300	IN	RRSIG	CNAME 7 4 300 20150125000452 20141225235516 62417 nsec3.ingotronic.ch. BaI9bT+Df9JqQuHHfPrcDsghZm7o1CCRXla/uzgUOBcCggW5Bk90hlXm0ih7ZIzmk764zHWNOcMJoBrCQ7XcFVIWVp+YUUVqCM6LmqPkz6rXwmeNpAS2mc04cjEg/DGEMTVo3IJLVW+kv7orci9AdWpaaZCC9oKz7aX68AlJyPc=
+www.ingotronic.ch.	300	IN	A	127.0.0.1
+www.ingotronic.ch.	300	IN	RRSIG	A 5 3 300 20150125012443 20141226010256 17430 ingotronic.ch. hkD2bkHZKHoJX8cg69j6l1JXE7iYlVFc0iMo3/3hcq4TqieiT2El/9DLfMSxa7XyB/HRDG5Ul61E56pwlCDdxkwemtAuTzjCpqAtvQ5l5OEtTM4i6nijKBkRRzHjh99qDI1jh9GFv3jkTk5m7iaMQemUB4VTjKGLcZHXvWmQLbg=
+
+;; AUTHORITY RECORDS:
+ingotronic.ch.		300	IN	NS	ns1.ingotronic.ch.
+ingotronic.ch.		300	IN	RRSIG	NS 5 2 300 20150125000532 20141225234703 17430 ingotronic.ch. VuzVJM3McSHlcdngCG/G23zCikq8tXE0CZV2ZSgUFXXFMIEoM6PMi1QRQ/8VF3tee4WGpRx2jhtkui0wFRFfwIhW7G1uPDT4qogaR3KLIyuCEsMxhRH3WJZNrLmLqlSBGvd9OBJwbmryqm3Zzqvrk+E+rh8OJeifnBBpHAX4eHg=
+
+;; ADDITIONAL RECORDS:
+ns1.ingotronic.ch.	300	IN	A	62.192.5.131
+ns1.ingotronic.ch.	300	IN	RRSIG	A 5 3 300 20150125005754 20141226001054 17430 ingotronic.ch. fNG1RZM53pXwBxruHNaSZszxVzNLoCq8VZsTjAzYH2vSLzHXYVGJFTLIeY0K9APAdyJU8WuwmABmn7XY0Kg39kRG77uoFlqUws2PdTz2QKOwJGZY7W88Ak2Y9lkDBcK8o3wJHVptrT8R7p/1U7UfjF0kqPUkakk2B0EbFWdagFg=
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 822 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 10716
+;; flags: qr rd ra ad cd ; qd: 1 an: 4 au: 0 ad: 1 
+;; QUESTIONS:
+;;	., type = DNSKEY, class = IN
+
+;; ANSWERS:
+.			87376	IN	DNSKEY	256 3 8 AwEAAe3fSrbLBy3LOS7pnxEUhvPZTE2H5dIGsI/UfruI/nOEvWWa/PSX2BFedBkEqOlYdjdNF2f+6lmfk2Od/xu0v5bVqxFE+/24v3hZSlWBxvXzPTAGHrbW/IJYEPqlzVOAS4XdUgHg0N7IbLywNHMvB+Yf+Nm6ctyXXFLV4WTNnzs7
+.			87376	IN	DNSKEY	256 3 8 AwEAAaPD7Y7XIi1MOEREJNTrRhyqsY3gff6JWzg+XCbqut1sbcbvqyssHw8DT1AkRaAC92pO8xuyq5QEgEPL1IHfABLwpwXI5gTj4gdwi86bpkmlWs9fRpnn4DPDCTdrnxIejJXgClHikLJF3u3CdpNCMijq4CKdQbMlRZ3avv+G7rh7
+.			87376	IN	DNSKEY	257 3 8 AwEAAagAIKlVZrpC6Ia7gEzahOR+9W29euxhJhVVLOyQbSEW0O8gcCjFFVQUTf6v58fLjwBd0YI0EzrAcQqBGCzh/RStIoO8g0NfnfL2MTJRkxoXbfDaUeVPQuYEhg37NZWAJQ9VnMVDxP/VHL496M/QZxkjf5/Efucp2gaDX6RS6CXpoY68LsvPVjR0ZSwzz1apAzvN9dlzEheX7ICJBBtuA6G3LQpzW5hOA2hzCTMjJPJ8LbqF6dsV6DoBQzgul0sGIcGOYl7OyQdXfZ57relSQageu+ipAdTTJ25AsRTAoub8ONGcLmqrAmRLKBP1dfwhYB4N7knNnulqQxA+Uk1ihz0=
+.			87376	IN	RRSIG	DNSKEY 8 0 172800 20150115235959 20150101000000 19036 . i8cAxD2pvQi1oAyvQxRpDfFlbqPzW+69QQEsDwE1eWOm5AtawO9U7lmsGps7sy/fVNvl1ljKBj4Djp9pb3U2FLogjiIlW0cDAkPmLlG9t+b/pjEfBNlhjANUVN06pvQVAfm+LcF26EaWT6FlISBqb6jSy4BHRa3Bdc4Sx7+pRSYSqVVvYxLkfAWsKPqGkvWhebJDndJJV9syXQXgZ+v/uJ+6XOS43xkAdeL8iBzIs/FlwMTfh3tVe3d0lb65IBBLlCzeQuetX+0Vu1YFcnD0mHc/wS2ZnAV5toAFmyVQBoY/XAZiZeaOkcROJ6Zmqezy7liwK7BqsYyAZntMhk8lbg==
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 883 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 47183
+;; flags: qr rd ra ad cd ; qd: 1 an: 2 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ch., type = DS, class = IN
+
+;; ANSWERS:
+ch.			976	IN	DS	46375 8 2 8F96646FC68BB7E4AF4C0750A6096FBC0D4ECDA3D3FA6DA06FDDB42EE50C6CF3
+ch.			976	IN	RRSIG	DS 8 1 86400 20150112170000 20150105160000 16665 . thY7xYWBBxiBjqbQIb9fAG4TmQgnziwM7q6P1T3/ITxmECdvOCQnnZA3uD7qmN8uM0HudsD7+y+zgD3rsH4RSTKdL4kHSI0OnCxToMTvklghEgFDezqIRm8NkWdI2H4Stwrj20nYKSpLQxPI2EE54gs18P3KyO8bAUYv8Qx73xU=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 238 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 24709
+;; flags: qr rd ra ad cd ; qd: 1 an: 4 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ch., type = DNSKEY, class = IN
+
+;; ANSWERS:
+ch.			977	IN	DNSKEY	257 3 8 AwEAAb7GhhZ8IAy/AhwmSms5DeQK5ad09wIIplEpYoiAIYXPtJvT1ReFzyfTp/2YP+g/PWDwHPh4qKAHa9x0VgbIQcGAeNakmfkAdWEmCnca323/SAml3mwfaX62G7/uYWae5zh8QTxZKNd+K1yZ5x0IxnI31chSl5xymRbTEHYZDKwSIRFM3fTxUMt93WFaBVWELReYotJBr++rvAWdnlay5TPBTvheLBkaiqtgM4GP8HK07Y+86lsZnEsj5K3G1KTV5SPpa82rqYAwxG9VKbmSE/6/kBR5jJHjt1rRt5Oe7v18aEtw0YCEN4vxq+KuvMoNVqXUsE9LBwHJD+QNwi6wmB0=
+ch.			977	IN	DNSKEY	256 3 8 AwEAAcSLdT0fEmcFmLpeUkAJoeVaHKiu+nbuc43fWlqaCRVf8t2HA4uWxOk0O5ci9nrFTc8nq8oa5fk5Cj7CHh4yrX9qUCfTdIWTyp8BDEdJpS+Dyb0u9wQuVj+nQMj4fLzdQf4TJs3/qxuiLr3nL1UUwlhhXeqSqGVb7p3mtB5HJ8ad
+ch.			977	IN	DNSKEY	256 3 8 AwEAAcsg0kY6fw1wzYMhSAKTy+Y2JzAst66P/1odp9NECJJHbU8f4nwziI3onoFSBV0ZiSZhY1aH5dhdDZ7BkrqhVXSrZPAz0CvzjIxmB1gSOf9DeZvjQvoy97HqYolxsf+B3QQv2RKBT67elF5+JisKg3/dQISelKn8LhabSoVrMlD1
+ch.			977	IN	RRSIG	DNSKEY 8 1 86400 20150127100909 20141212090909 46375 ch. bT8q0FWyeMH0SulNo6UdIIgZYNATwYsee2bikq2Gh339Bufma8eaqWIPYT3XKmxYPBFOw0bVl+kLZxTwbR1CFoCDXoP+qgQhh4mf9qkNiv2CDSc+0FE3FRREn+DAhYTUEuB58FPiPakFB8s8O7T+k2qhDae7jy4/y7Jl1lnjaBY8s7bzOUPhF0KKCNZmvoKwtL23ZdVeTSV1xM3jkiNnpzBKbcoSWECSGJVp1SE0BnRXdwQP41YTXFZ0310YjaTAUCC5qbMIWdEkHjfdSQtKBImnc85mkapq9w++XQ4zhauPWBtrPV3CcoCahjUaWdjrKVkibomlJZaN8MEO23CfQw==
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 893 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 44808
+;; flags: qr rd ra cd ; qd: 1 an: 3 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ingotronic.ch., type = DS, class = IN
+
+;; ANSWERS:
+ingotronic.ch.		3585	IN	DS	6031 5 2 4A948F2FDADA24686E473EDAC00DCF972584C75E3FAA92C2021B6221449FF87E
+ingotronic.ch.		3585	IN	DS	6031 5 1 733D0218B571CD617B1A7493564B9FC4F12ADE82
+ingotronic.ch.		3585	IN	RRSIG	DS 8 2 3600 20150129033614 20150105123019 60789 ch. rVPJP2HhzW7OkroK2axFj5Lb4iVWCH8Fp/Iq1rF952NDo72b8RiKje2RaAKJAGQ+wd0YgE+PAej04GCmkhlDJA/zvPeeTxuhy3HbJzReMlQ7fjyH+wW1hli+FuIYvogXWf7nO/9VyPORt8X/f/pjrOr3Vlj9sGLN8TGYpEuVSw4=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 288 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 43983
+;; flags: qr aa rd ra cd ; qd: 1 an: 4 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ingotronic.ch., type = DNSKEY, class = IN
+
+;; ANSWERS:
+ingotronic.ch.		300	IN	DNSKEY	256 3 5 AwEAAZ2Xh77GFzpEDx7EHYxShqltHgkiG+BOjBGifEmnJhQSdE5/yNSLFNcdhZZ8HUPxYnaedTqJcFFg4AzUsQklF/fECegTJdZjaj2WoL0/I8K7HMfY/hVuRZUWPNglYi8agJRX6gdkFTCpUNI7stpgKqxtzUJhhw15uG/lKMplwqUr
+ingotronic.ch.		300	IN	DNSKEY	257 3 5 AwEAAeA1vzmjaB+eBAcvhzpKEgAEFpvQ1rg4uKDW6MsQtacKoqBpgyep2+LuWotz5p/xYxj3NGsArwN8Ad5cY0FHRr8miTT0elOv6nvlqGIfRuhj/BXAQ1x4ihpSFslHw0lJMYFwxsUZWpUyjWX/nv1xRZMMwF46gui0N4OEbyTYusCk77D+A71k+K0EAitFIbIH4GCUKmH1H7HmXhSVH9bN/n7KEGwW32lmsuuUcJoRKDkcUvbMXY/9Xoa2quERrUg/rBbDUHowRPjYDS5GzY1+f4YY8s40BufGiqyUTKKXL953MVFK8gmezXA0hbmrnZ7CBOw/7238mORAdzExaX8n7CE=
+ingotronic.ch.		300	IN	RRSIG	DNSKEY 5 2 300 20150125003700 20141226001657 6031 ingotronic.ch. rs1QlP2SlSpA2ELbzwg3DgWLzXWL3Lpv6CUJE2Q0qH2Zp7Qdy3cD+ZEtNh9v24Qv1M6JJ3zFt8mmZoCeW2ycuMbJCqBkW9CBuwF+VznZvZY2MxwPipvhvEEGP//0M8YAZJ66yQPDv3PTdAP8FYbIrJyvY44vwyncwbslpfHT9jAsrbfr3vuMuWps86dnP462q+0s1TxBfqi8mzo3gdavjHKWVNwohLahLKT+tWeu6DSzQv0YwMjwtkLgF7QRgx3ctIIkloOrnx9nHH1N6y+hxEB89fOlyVDjHhgL5uVtsD5fEdT0FJ2Gc/2nShEMMqIwr1/J9kUq1mNySff/uEe65Q==
+ingotronic.ch.		300	IN	RRSIG	DNSKEY 5 2 300 20150125003700 20141226001657 17430 ingotronic.ch. mEwZjhQqeWksWD0TCnNBrtce4YkWJL3edqL6PvAUu8Fn+Ih437kEs3+pqdkgRsdYQ9HW+lBm/8pWwJlNAv0bi9NykItXMwAUFtncgq+6Pnh3iAM972GXSa5VV4LcGQ5b8CBdHCHiEKDqyPv5Hr5QfYL/FQaWlcNRh4QZZlZNPFA=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 940 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 59500
+;; flags: qr aa rd ra cd ; qd: 1 an: 3 au: 0 ad: 1 
+;; QUESTIONS:
+;;	nsec3.ingotronic.ch., type = DS, class = IN
+
+;; ANSWERS:
+nsec3.ingotronic.ch.	300	IN	DS	16758 7 1 1720FF268E09A2CB63805EC8782D10AAD20E12A5
+nsec3.ingotronic.ch.	300	IN	DS	16758 7 2 3C8DC02750A1636F829B45D6E6D642866768A9CD40A013AD9D25AB63734FFA13
+nsec3.ingotronic.ch.	300	IN	RRSIG	DS 5 3 300 20150125011134 20141226002644 17430 ingotronic.ch. hNurzlGhlyHbSgezPDuhIrtN9ZMsMXZbKGc7HD5rUuM88wD3fM97NxdzF+2Hi1USvBZ5GsQv63L+lAzf+mFPBoPIFHtTiAv8up7kQKRKmi/EzzkCYd/CC4UYdDZbaUyv7esh7spSOGwjPJNdK831p+MgltoWaYtnSGVMgOKk5mc=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 305 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 23927
+;; flags: qr aa rd ra cd ; qd: 1 an: 4 au: 0 ad: 1 
+;; QUESTIONS:
+;;	nsec3.ingotronic.ch., type = DNSKEY, class = IN
+
+;; ANSWERS:
+nsec3.ingotronic.ch.	300	IN	DNSKEY	257 3 7 AwEAAaBuJTf9oGyeTH3biUkAFLrsYrkodX1H7Snsui4XsDHFCBvs5XYacHbs0Jg0/O51KPjmNnjwMW8SSyDkKqYQ+9uYAf2EQ/pnD/VGQqnV2cw0Vwk/t0E2V4FUCju4pnAoyzZFZXGs1eWbX9JXu++b0Azp+ACq6485qJLzHhWDiIrPoK/SvdbFVRK4s+nPPJLH3NGBbtdz6kPq7aFWYBMoGeAZdN1wsQpcNWUo5eOmaJY53nMc7+rDpAyYlMe/FKwSZdX2ZDd63Qsa6Im4FVUJq/nWLq7tlQ/mWks15uDTQyJy/OWfA0ICCO4N9Fel9rThJNpJWEzOCblvZyBoy405kZk=
+nsec3.ingotronic.ch.	300	IN	DNSKEY	256 3 7 AwEAAccAWxkTVGZ6UAp0VEozAlYpARhbh6Y6tYOl6Fg3UeBNFFtDQ9fTEEt1NkbnR9u8KkpVN6a67avlYiUN1egDqEwzDU7R1Rw+/USdhm2hqOARmmu3DBgjjX/iXjZLyv310cOGFJZ/smcodlDL4pDAAoPxh/qs6KEBaT0sc1KWcGq3
+nsec3.ingotronic.ch.	300	IN	RRSIG	DNSKEY 7 3 300 20150125001457 20141226000444 16758 nsec3.ingotronic.ch. mXi1ylDi8XkRPup+YlT8GPdYE+P7gb6+/VdAwtodI916IzrkGkOHOTLbnrbAqqJOh0HxVCYXdxovmEcbJKUFKwplrQg3XD7/9Sq4pKU1MhMFEGrm/QPkM4u0mgjQwyToDLGuPHuFyur3FSjO/n54uGhAEft9JOFk/WKtWdCnm2LLyQrpC6herA3efFaI8kZhdoEY02AwihWVJxHasmz7lOoKRgNrkfELU+fN4+V7ISsRfJMyZc6q5PuNeG6vFD0uNE8tpdLJCSMurKYVpelvYqzFIcRTYcIjXwmS+L3DGjupqWMzFZVmpQM62JG3KCCD0ffpnNb0nWoSoHwpSeh/3Q==
+nsec3.ingotronic.ch.	300	IN	RRSIG	DNSKEY 7 3 300 20150125001457 20141226000444 62417 nsec3.ingotronic.ch. PyCrf8T5dAfJzapb1p+kcTALPjDuD2niSaXXo0KeHAunT+6gJicLML2S/ZpiYr7X7Ma4Z0TYqE02qH6pcLYNnSgv9BE8sZO0nRtPekSyTy5nLi4hFADYhjb3UjaB85qmQZcqm64vC/CJhWO4t6Eixg/5MYALw+Qdy5Fo0qy/U5E=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 958 bytes
+
+###############################################
+
diff --git a/src/test/resources/recordings/org_xbill_DNS_dnssec_TestCNames/testCNameToSubSigned b/src/test/resources/recordings/org_xbill_DNS_dnssec_TestCNames/testCNameToSubSigned
new file mode 100644
index 000000000..fe50b755e
--- /dev/null
+++ b/src/test/resources/recordings/org_xbill_DNS_dnssec_TestCNames/testCNameToSubSigned
@@ -0,0 +1,258 @@
+#Date: 2015-01-06T22:34:55+01:00
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 20853
+;; flags: qr aa rd ra cd ; qd: 1 an: 4 au: 2 ad: 3 
+;; QUESTIONS:
+;;	cssub.ingotronic.ch., type = A, class = IN
+
+;; ANSWERS:
+cssub.ingotronic.ch.	300	IN	CNAME	www.nsec3.ingotronic.ch.
+cssub.ingotronic.ch.	300	IN	RRSIG	CNAME 5 3 300 20150125005754 20141226001054 17430 ingotronic.ch. Xmz99ucY+QTITwoo0KkCpZqmxqJp67uxfAvpOTSviID9cdQCs/LX8H5cPPOrgCxRIutuZczRKoSwt/w49Z3Kd9B2HrOfU3TY6pa7cXnG6vzV4Er/RKxdsIQJWCnzaF734FLn906exR7Cyznm+wSuubJvAiz0LMvC+SjJ9IynVx0=
+www.nsec3.ingotronic.ch.	300	IN	A	127.0.0.1
+www.nsec3.ingotronic.ch.	300	IN	RRSIG	A 7 4 300 20150125011553 20141226004758 62417 nsec3.ingotronic.ch. jQhCY33aj9YTcCTHgl71PhM02o2LL6tdTy5M8TQw/Kt8D7wHxjVpu75eT9XEaM3abIqvygero5hCxyPW6IfF+FKmdx3MNigQiaB2sKu2XDNmFMbaucmVAWDRDMRY1BFavjz316JSb0rXX3XcS/ixbj9+jAm9lCXROcuzmOPB7vw=
+
+;; AUTHORITY RECORDS:
+nsec3.ingotronic.ch.	300	IN	NS	ns1.ingotronic.ch.
+nsec3.ingotronic.ch.	300	IN	RRSIG	NS 7 3 300 20150125010458 20141226002309 62417 nsec3.ingotronic.ch. fl2Q0YQQ1TduolGLyQx8vGqSApoBbb6A+go5SLFBYQobrPfO/rb+SM8JvnlzNX/Xa7dRhDYrnfBTFUm1mCur9aIi34gu5UwDNQvt/GXY5dC3+DEy/28bTZ43UuCs+qGH9u9leFwGX4neFNl0s5B4RpxBN4is8dXMUvOda6QcsOw=
+
+;; ADDITIONAL RECORDS:
+ns1.ingotronic.ch.	300	IN	A	62.192.5.131
+ns1.ingotronic.ch.	300	IN	RRSIG	A 5 3 300 20150125005754 20141226001054 17430 ingotronic.ch. fNG1RZM53pXwBxruHNaSZszxVzNLoCq8VZsTjAzYH2vSLzHXYVGJFTLIeY0K9APAdyJU8WuwmABmn7XY0Kg39kRG77uoFlqUws2PdTz2QKOwJGZY7W88Ak2Y9lkDBcK8o3wJHVptrT8R7p/1U7UfjF0kqPUkakk2B0EbFWdagFg=
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 826 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 24439
+;; flags: qr rd ra ad cd ; qd: 1 an: 4 au: 0 ad: 1 
+;; QUESTIONS:
+;;	., type = DNSKEY, class = IN
+
+;; ANSWERS:
+.			87379	IN	DNSKEY	257 3 8 AwEAAagAIKlVZrpC6Ia7gEzahOR+9W29euxhJhVVLOyQbSEW0O8gcCjFFVQUTf6v58fLjwBd0YI0EzrAcQqBGCzh/RStIoO8g0NfnfL2MTJRkxoXbfDaUeVPQuYEhg37NZWAJQ9VnMVDxP/VHL496M/QZxkjf5/Efucp2gaDX6RS6CXpoY68LsvPVjR0ZSwzz1apAzvN9dlzEheX7ICJBBtuA6G3LQpzW5hOA2hzCTMjJPJ8LbqF6dsV6DoBQzgul0sGIcGOYl7OyQdXfZ57relSQageu+ipAdTTJ25AsRTAoub8ONGcLmqrAmRLKBP1dfwhYB4N7knNnulqQxA+Uk1ihz0=
+.			87379	IN	DNSKEY	256 3 8 AwEAAe3fSrbLBy3LOS7pnxEUhvPZTE2H5dIGsI/UfruI/nOEvWWa/PSX2BFedBkEqOlYdjdNF2f+6lmfk2Od/xu0v5bVqxFE+/24v3hZSlWBxvXzPTAGHrbW/IJYEPqlzVOAS4XdUgHg0N7IbLywNHMvB+Yf+Nm6ctyXXFLV4WTNnzs7
+.			87379	IN	DNSKEY	256 3 8 AwEAAaPD7Y7XIi1MOEREJNTrRhyqsY3gff6JWzg+XCbqut1sbcbvqyssHw8DT1AkRaAC92pO8xuyq5QEgEPL1IHfABLwpwXI5gTj4gdwi86bpkmlWs9fRpnn4DPDCTdrnxIejJXgClHikLJF3u3CdpNCMijq4CKdQbMlRZ3avv+G7rh7
+.			87379	IN	RRSIG	DNSKEY 8 0 172800 20150115235959 20150101000000 19036 . i8cAxD2pvQi1oAyvQxRpDfFlbqPzW+69QQEsDwE1eWOm5AtawO9U7lmsGps7sy/fVNvl1ljKBj4Djp9pb3U2FLogjiIlW0cDAkPmLlG9t+b/pjEfBNlhjANUVN06pvQVAfm+LcF26EaWT6FlISBqb6jSy4BHRa3Bdc4Sx7+pRSYSqVVvYxLkfAWsKPqGkvWhebJDndJJV9syXQXgZ+v/uJ+6XOS43xkAdeL8iBzIs/FlwMTfh3tVe3d0lb65IBBLlCzeQuetX+0Vu1YFcnD0mHc/wS2ZnAV5toAFmyVQBoY/XAZiZeaOkcROJ6Zmqezy7liwK7BqsYyAZntMhk8lbg==
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 883 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 548
+;; flags: qr rd ra ad cd ; qd: 1 an: 2 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ch., type = DS, class = IN
+
+;; ANSWERS:
+ch.			978	IN	DS	46375 8 2 8F96646FC68BB7E4AF4C0750A6096FBC0D4ECDA3D3FA6DA06FDDB42EE50C6CF3
+ch.			978	IN	RRSIG	DS 8 1 86400 20150112170000 20150105160000 16665 . thY7xYWBBxiBjqbQIb9fAG4TmQgnziwM7q6P1T3/ITxmECdvOCQnnZA3uD7qmN8uM0HudsD7+y+zgD3rsH4RSTKdL4kHSI0OnCxToMTvklghEgFDezqIRm8NkWdI2H4Stwrj20nYKSpLQxPI2EE54gs18P3KyO8bAUYv8Qx73xU=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 238 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 32630
+;; flags: qr rd ra ad cd ; qd: 1 an: 4 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ch., type = DNSKEY, class = IN
+
+;; ANSWERS:
+ch.			979	IN	DNSKEY	256 3 8 AwEAAcSLdT0fEmcFmLpeUkAJoeVaHKiu+nbuc43fWlqaCRVf8t2HA4uWxOk0O5ci9nrFTc8nq8oa5fk5Cj7CHh4yrX9qUCfTdIWTyp8BDEdJpS+Dyb0u9wQuVj+nQMj4fLzdQf4TJs3/qxuiLr3nL1UUwlhhXeqSqGVb7p3mtB5HJ8ad
+ch.			979	IN	DNSKEY	256 3 8 AwEAAcsg0kY6fw1wzYMhSAKTy+Y2JzAst66P/1odp9NECJJHbU8f4nwziI3onoFSBV0ZiSZhY1aH5dhdDZ7BkrqhVXSrZPAz0CvzjIxmB1gSOf9DeZvjQvoy97HqYolxsf+B3QQv2RKBT67elF5+JisKg3/dQISelKn8LhabSoVrMlD1
+ch.			979	IN	DNSKEY	257 3 8 AwEAAb7GhhZ8IAy/AhwmSms5DeQK5ad09wIIplEpYoiAIYXPtJvT1ReFzyfTp/2YP+g/PWDwHPh4qKAHa9x0VgbIQcGAeNakmfkAdWEmCnca323/SAml3mwfaX62G7/uYWae5zh8QTxZKNd+K1yZ5x0IxnI31chSl5xymRbTEHYZDKwSIRFM3fTxUMt93WFaBVWELReYotJBr++rvAWdnlay5TPBTvheLBkaiqtgM4GP8HK07Y+86lsZnEsj5K3G1KTV5SPpa82rqYAwxG9VKbmSE/6/kBR5jJHjt1rRt5Oe7v18aEtw0YCEN4vxq+KuvMoNVqXUsE9LBwHJD+QNwi6wmB0=
+ch.			979	IN	RRSIG	DNSKEY 8 1 86400 20150127100909 20141212090909 46375 ch. bT8q0FWyeMH0SulNo6UdIIgZYNATwYsee2bikq2Gh339Bufma8eaqWIPYT3XKmxYPBFOw0bVl+kLZxTwbR1CFoCDXoP+qgQhh4mf9qkNiv2CDSc+0FE3FRREn+DAhYTUEuB58FPiPakFB8s8O7T+k2qhDae7jy4/y7Jl1lnjaBY8s7bzOUPhF0KKCNZmvoKwtL23ZdVeTSV1xM3jkiNnpzBKbcoSWECSGJVp1SE0BnRXdwQP41YTXFZ0310YjaTAUCC5qbMIWdEkHjfdSQtKBImnc85mkapq9w++XQ4zhauPWBtrPV3CcoCahjUaWdjrKVkibomlJZaN8MEO23CfQw==
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 893 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 26037
+;; flags: qr rd ra cd ; qd: 1 an: 3 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ingotronic.ch., type = DS, class = IN
+
+;; ANSWERS:
+ingotronic.ch.		3587	IN	DS	6031 5 2 4A948F2FDADA24686E473EDAC00DCF972584C75E3FAA92C2021B6221449FF87E
+ingotronic.ch.		3587	IN	DS	6031 5 1 733D0218B571CD617B1A7493564B9FC4F12ADE82
+ingotronic.ch.		3587	IN	RRSIG	DS 8 2 3600 20150129033614 20150105123019 60789 ch. rVPJP2HhzW7OkroK2axFj5Lb4iVWCH8Fp/Iq1rF952NDo72b8RiKje2RaAKJAGQ+wd0YgE+PAej04GCmkhlDJA/zvPeeTxuhy3HbJzReMlQ7fjyH+wW1hli+FuIYvogXWf7nO/9VyPORt8X/f/pjrOr3Vlj9sGLN8TGYpEuVSw4=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 288 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 53160
+;; flags: qr aa rd ra cd ; qd: 1 an: 4 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ingotronic.ch., type = DNSKEY, class = IN
+
+;; ANSWERS:
+ingotronic.ch.		300	IN	DNSKEY	256 3 5 AwEAAZ2Xh77GFzpEDx7EHYxShqltHgkiG+BOjBGifEmnJhQSdE5/yNSLFNcdhZZ8HUPxYnaedTqJcFFg4AzUsQklF/fECegTJdZjaj2WoL0/I8K7HMfY/hVuRZUWPNglYi8agJRX6gdkFTCpUNI7stpgKqxtzUJhhw15uG/lKMplwqUr
+ingotronic.ch.		300	IN	DNSKEY	257 3 5 AwEAAeA1vzmjaB+eBAcvhzpKEgAEFpvQ1rg4uKDW6MsQtacKoqBpgyep2+LuWotz5p/xYxj3NGsArwN8Ad5cY0FHRr8miTT0elOv6nvlqGIfRuhj/BXAQ1x4ihpSFslHw0lJMYFwxsUZWpUyjWX/nv1xRZMMwF46gui0N4OEbyTYusCk77D+A71k+K0EAitFIbIH4GCUKmH1H7HmXhSVH9bN/n7KEGwW32lmsuuUcJoRKDkcUvbMXY/9Xoa2quERrUg/rBbDUHowRPjYDS5GzY1+f4YY8s40BufGiqyUTKKXL953MVFK8gmezXA0hbmrnZ7CBOw/7238mORAdzExaX8n7CE=
+ingotronic.ch.		300	IN	RRSIG	DNSKEY 5 2 300 20150125003700 20141226001657 6031 ingotronic.ch. rs1QlP2SlSpA2ELbzwg3DgWLzXWL3Lpv6CUJE2Q0qH2Zp7Qdy3cD+ZEtNh9v24Qv1M6JJ3zFt8mmZoCeW2ycuMbJCqBkW9CBuwF+VznZvZY2MxwPipvhvEEGP//0M8YAZJ66yQPDv3PTdAP8FYbIrJyvY44vwyncwbslpfHT9jAsrbfr3vuMuWps86dnP462q+0s1TxBfqi8mzo3gdavjHKWVNwohLahLKT+tWeu6DSzQv0YwMjwtkLgF7QRgx3ctIIkloOrnx9nHH1N6y+hxEB89fOlyVDjHhgL5uVtsD5fEdT0FJ2Gc/2nShEMMqIwr1/J9kUq1mNySff/uEe65Q==
+ingotronic.ch.		300	IN	RRSIG	DNSKEY 5 2 300 20150125003700 20141226001657 17430 ingotronic.ch. mEwZjhQqeWksWD0TCnNBrtce4YkWJL3edqL6PvAUu8Fn+Ih437kEs3+pqdkgRsdYQ9HW+lBm/8pWwJlNAv0bi9NykItXMwAUFtncgq+6Pnh3iAM972GXSa5VV4LcGQ5b8CBdHCHiEKDqyPv5Hr5QfYL/FQaWlcNRh4QZZlZNPFA=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 940 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 56207
+;; flags: qr rd ra ad cd ; qd: 1 an: 4 au: 0 ad: 1 
+;; QUESTIONS:
+;;	., type = DNSKEY, class = IN
+
+;; ANSWERS:
+.			87378	IN	DNSKEY	256 3 8 AwEAAe3fSrbLBy3LOS7pnxEUhvPZTE2H5dIGsI/UfruI/nOEvWWa/PSX2BFedBkEqOlYdjdNF2f+6lmfk2Od/xu0v5bVqxFE+/24v3hZSlWBxvXzPTAGHrbW/IJYEPqlzVOAS4XdUgHg0N7IbLywNHMvB+Yf+Nm6ctyXXFLV4WTNnzs7
+.			87378	IN	DNSKEY	256 3 8 AwEAAaPD7Y7XIi1MOEREJNTrRhyqsY3gff6JWzg+XCbqut1sbcbvqyssHw8DT1AkRaAC92pO8xuyq5QEgEPL1IHfABLwpwXI5gTj4gdwi86bpkmlWs9fRpnn4DPDCTdrnxIejJXgClHikLJF3u3CdpNCMijq4CKdQbMlRZ3avv+G7rh7
+.			87378	IN	DNSKEY	257 3 8 AwEAAagAIKlVZrpC6Ia7gEzahOR+9W29euxhJhVVLOyQbSEW0O8gcCjFFVQUTf6v58fLjwBd0YI0EzrAcQqBGCzh/RStIoO8g0NfnfL2MTJRkxoXbfDaUeVPQuYEhg37NZWAJQ9VnMVDxP/VHL496M/QZxkjf5/Efucp2gaDX6RS6CXpoY68LsvPVjR0ZSwzz1apAzvN9dlzEheX7ICJBBtuA6G3LQpzW5hOA2hzCTMjJPJ8LbqF6dsV6DoBQzgul0sGIcGOYl7OyQdXfZ57relSQageu+ipAdTTJ25AsRTAoub8ONGcLmqrAmRLKBP1dfwhYB4N7knNnulqQxA+Uk1ihz0=
+.			87378	IN	RRSIG	DNSKEY 8 0 172800 20150115235959 20150101000000 19036 . i8cAxD2pvQi1oAyvQxRpDfFlbqPzW+69QQEsDwE1eWOm5AtawO9U7lmsGps7sy/fVNvl1ljKBj4Djp9pb3U2FLogjiIlW0cDAkPmLlG9t+b/pjEfBNlhjANUVN06pvQVAfm+LcF26EaWT6FlISBqb6jSy4BHRa3Bdc4Sx7+pRSYSqVVvYxLkfAWsKPqGkvWhebJDndJJV9syXQXgZ+v/uJ+6XOS43xkAdeL8iBzIs/FlwMTfh3tVe3d0lb65IBBLlCzeQuetX+0Vu1YFcnD0mHc/wS2ZnAV5toAFmyVQBoY/XAZiZeaOkcROJ6Zmqezy7liwK7BqsYyAZntMhk8lbg==
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 883 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 36556
+;; flags: qr rd ra ad cd ; qd: 1 an: 2 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ch., type = DS, class = IN
+
+;; ANSWERS:
+ch.			978	IN	DS	46375 8 2 8F96646FC68BB7E4AF4C0750A6096FBC0D4ECDA3D3FA6DA06FDDB42EE50C6CF3
+ch.			978	IN	RRSIG	DS 8 1 86400 20150112170000 20150105160000 16665 . thY7xYWBBxiBjqbQIb9fAG4TmQgnziwM7q6P1T3/ITxmECdvOCQnnZA3uD7qmN8uM0HudsD7+y+zgD3rsH4RSTKdL4kHSI0OnCxToMTvklghEgFDezqIRm8NkWdI2H4Stwrj20nYKSpLQxPI2EE54gs18P3KyO8bAUYv8Qx73xU=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 238 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 36210
+;; flags: qr rd ra ad cd ; qd: 1 an: 4 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ch., type = DNSKEY, class = IN
+
+;; ANSWERS:
+ch.			979	IN	DNSKEY	256 3 8 AwEAAcsg0kY6fw1wzYMhSAKTy+Y2JzAst66P/1odp9NECJJHbU8f4nwziI3onoFSBV0ZiSZhY1aH5dhdDZ7BkrqhVXSrZPAz0CvzjIxmB1gSOf9DeZvjQvoy97HqYolxsf+B3QQv2RKBT67elF5+JisKg3/dQISelKn8LhabSoVrMlD1
+ch.			979	IN	DNSKEY	257 3 8 AwEAAb7GhhZ8IAy/AhwmSms5DeQK5ad09wIIplEpYoiAIYXPtJvT1ReFzyfTp/2YP+g/PWDwHPh4qKAHa9x0VgbIQcGAeNakmfkAdWEmCnca323/SAml3mwfaX62G7/uYWae5zh8QTxZKNd+K1yZ5x0IxnI31chSl5xymRbTEHYZDKwSIRFM3fTxUMt93WFaBVWELReYotJBr++rvAWdnlay5TPBTvheLBkaiqtgM4GP8HK07Y+86lsZnEsj5K3G1KTV5SPpa82rqYAwxG9VKbmSE/6/kBR5jJHjt1rRt5Oe7v18aEtw0YCEN4vxq+KuvMoNVqXUsE9LBwHJD+QNwi6wmB0=
+ch.			979	IN	DNSKEY	256 3 8 AwEAAcSLdT0fEmcFmLpeUkAJoeVaHKiu+nbuc43fWlqaCRVf8t2HA4uWxOk0O5ci9nrFTc8nq8oa5fk5Cj7CHh4yrX9qUCfTdIWTyp8BDEdJpS+Dyb0u9wQuVj+nQMj4fLzdQf4TJs3/qxuiLr3nL1UUwlhhXeqSqGVb7p3mtB5HJ8ad
+ch.			979	IN	RRSIG	DNSKEY 8 1 86400 20150127100909 20141212090909 46375 ch. bT8q0FWyeMH0SulNo6UdIIgZYNATwYsee2bikq2Gh339Bufma8eaqWIPYT3XKmxYPBFOw0bVl+kLZxTwbR1CFoCDXoP+qgQhh4mf9qkNiv2CDSc+0FE3FRREn+DAhYTUEuB58FPiPakFB8s8O7T+k2qhDae7jy4/y7Jl1lnjaBY8s7bzOUPhF0KKCNZmvoKwtL23ZdVeTSV1xM3jkiNnpzBKbcoSWECSGJVp1SE0BnRXdwQP41YTXFZ0310YjaTAUCC5qbMIWdEkHjfdSQtKBImnc85mkapq9w++XQ4zhauPWBtrPV3CcoCahjUaWdjrKVkibomlJZaN8MEO23CfQw==
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 893 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 32040
+;; flags: qr rd ra cd ; qd: 1 an: 3 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ingotronic.ch., type = DS, class = IN
+
+;; ANSWERS:
+ingotronic.ch.		3587	IN	DS	6031 5 2 4A948F2FDADA24686E473EDAC00DCF972584C75E3FAA92C2021B6221449FF87E
+ingotronic.ch.		3587	IN	DS	6031 5 1 733D0218B571CD617B1A7493564B9FC4F12ADE82
+ingotronic.ch.		3587	IN	RRSIG	DS 8 2 3600 20150129033614 20150105123019 60789 ch. rVPJP2HhzW7OkroK2axFj5Lb4iVWCH8Fp/Iq1rF952NDo72b8RiKje2RaAKJAGQ+wd0YgE+PAej04GCmkhlDJA/zvPeeTxuhy3HbJzReMlQ7fjyH+wW1hli+FuIYvogXWf7nO/9VyPORt8X/f/pjrOr3Vlj9sGLN8TGYpEuVSw4=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 288 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 13921
+;; flags: qr aa rd ra cd ; qd: 1 an: 4 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ingotronic.ch., type = DNSKEY, class = IN
+
+;; ANSWERS:
+ingotronic.ch.		300	IN	DNSKEY	256 3 5 AwEAAZ2Xh77GFzpEDx7EHYxShqltHgkiG+BOjBGifEmnJhQSdE5/yNSLFNcdhZZ8HUPxYnaedTqJcFFg4AzUsQklF/fECegTJdZjaj2WoL0/I8K7HMfY/hVuRZUWPNglYi8agJRX6gdkFTCpUNI7stpgKqxtzUJhhw15uG/lKMplwqUr
+ingotronic.ch.		300	IN	DNSKEY	257 3 5 AwEAAeA1vzmjaB+eBAcvhzpKEgAEFpvQ1rg4uKDW6MsQtacKoqBpgyep2+LuWotz5p/xYxj3NGsArwN8Ad5cY0FHRr8miTT0elOv6nvlqGIfRuhj/BXAQ1x4ihpSFslHw0lJMYFwxsUZWpUyjWX/nv1xRZMMwF46gui0N4OEbyTYusCk77D+A71k+K0EAitFIbIH4GCUKmH1H7HmXhSVH9bN/n7KEGwW32lmsuuUcJoRKDkcUvbMXY/9Xoa2quERrUg/rBbDUHowRPjYDS5GzY1+f4YY8s40BufGiqyUTKKXL953MVFK8gmezXA0hbmrnZ7CBOw/7238mORAdzExaX8n7CE=
+ingotronic.ch.		300	IN	RRSIG	DNSKEY 5 2 300 20150125003700 20141226001657 6031 ingotronic.ch. rs1QlP2SlSpA2ELbzwg3DgWLzXWL3Lpv6CUJE2Q0qH2Zp7Qdy3cD+ZEtNh9v24Qv1M6JJ3zFt8mmZoCeW2ycuMbJCqBkW9CBuwF+VznZvZY2MxwPipvhvEEGP//0M8YAZJ66yQPDv3PTdAP8FYbIrJyvY44vwyncwbslpfHT9jAsrbfr3vuMuWps86dnP462q+0s1TxBfqi8mzo3gdavjHKWVNwohLahLKT+tWeu6DSzQv0YwMjwtkLgF7QRgx3ctIIkloOrnx9nHH1N6y+hxEB89fOlyVDjHhgL5uVtsD5fEdT0FJ2Gc/2nShEMMqIwr1/J9kUq1mNySff/uEe65Q==
+ingotronic.ch.		300	IN	RRSIG	DNSKEY 5 2 300 20150125003700 20141226001657 17430 ingotronic.ch. mEwZjhQqeWksWD0TCnNBrtce4YkWJL3edqL6PvAUu8Fn+Ih437kEs3+pqdkgRsdYQ9HW+lBm/8pWwJlNAv0bi9NykItXMwAUFtncgq+6Pnh3iAM972GXSa5VV4LcGQ5b8CBdHCHiEKDqyPv5Hr5QfYL/FQaWlcNRh4QZZlZNPFA=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 940 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 984
+;; flags: qr aa rd ra cd ; qd: 1 an: 3 au: 0 ad: 1 
+;; QUESTIONS:
+;;	nsec3.ingotronic.ch., type = DS, class = IN
+
+;; ANSWERS:
+nsec3.ingotronic.ch.	300	IN	DS	16758 7 1 1720FF268E09A2CB63805EC8782D10AAD20E12A5
+nsec3.ingotronic.ch.	300	IN	DS	16758 7 2 3C8DC02750A1636F829B45D6E6D642866768A9CD40A013AD9D25AB63734FFA13
+nsec3.ingotronic.ch.	300	IN	RRSIG	DS 5 3 300 20150125011134 20141226002644 17430 ingotronic.ch. hNurzlGhlyHbSgezPDuhIrtN9ZMsMXZbKGc7HD5rUuM88wD3fM97NxdzF+2Hi1USvBZ5GsQv63L+lAzf+mFPBoPIFHtTiAv8up7kQKRKmi/EzzkCYd/CC4UYdDZbaUyv7esh7spSOGwjPJNdK831p+MgltoWaYtnSGVMgOKk5mc=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 305 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 62463
+;; flags: qr aa rd ra cd ; qd: 1 an: 4 au: 0 ad: 1 
+;; QUESTIONS:
+;;	nsec3.ingotronic.ch., type = DNSKEY, class = IN
+
+;; ANSWERS:
+nsec3.ingotronic.ch.	300	IN	DNSKEY	256 3 7 AwEAAccAWxkTVGZ6UAp0VEozAlYpARhbh6Y6tYOl6Fg3UeBNFFtDQ9fTEEt1NkbnR9u8KkpVN6a67avlYiUN1egDqEwzDU7R1Rw+/USdhm2hqOARmmu3DBgjjX/iXjZLyv310cOGFJZ/smcodlDL4pDAAoPxh/qs6KEBaT0sc1KWcGq3
+nsec3.ingotronic.ch.	300	IN	DNSKEY	257 3 7 AwEAAaBuJTf9oGyeTH3biUkAFLrsYrkodX1H7Snsui4XsDHFCBvs5XYacHbs0Jg0/O51KPjmNnjwMW8SSyDkKqYQ+9uYAf2EQ/pnD/VGQqnV2cw0Vwk/t0E2V4FUCju4pnAoyzZFZXGs1eWbX9JXu++b0Azp+ACq6485qJLzHhWDiIrPoK/SvdbFVRK4s+nPPJLH3NGBbtdz6kPq7aFWYBMoGeAZdN1wsQpcNWUo5eOmaJY53nMc7+rDpAyYlMe/FKwSZdX2ZDd63Qsa6Im4FVUJq/nWLq7tlQ/mWks15uDTQyJy/OWfA0ICCO4N9Fel9rThJNpJWEzOCblvZyBoy405kZk=
+nsec3.ingotronic.ch.	300	IN	RRSIG	DNSKEY 7 3 300 20150125001457 20141226000444 16758 nsec3.ingotronic.ch. mXi1ylDi8XkRPup+YlT8GPdYE+P7gb6+/VdAwtodI916IzrkGkOHOTLbnrbAqqJOh0HxVCYXdxovmEcbJKUFKwplrQg3XD7/9Sq4pKU1MhMFEGrm/QPkM4u0mgjQwyToDLGuPHuFyur3FSjO/n54uGhAEft9JOFk/WKtWdCnm2LLyQrpC6herA3efFaI8kZhdoEY02AwihWVJxHasmz7lOoKRgNrkfELU+fN4+V7ISsRfJMyZc6q5PuNeG6vFD0uNE8tpdLJCSMurKYVpelvYqzFIcRTYcIjXwmS+L3DGjupqWMzFZVmpQM62JG3KCCD0ffpnNb0nWoSoHwpSeh/3Q==
+nsec3.ingotronic.ch.	300	IN	RRSIG	DNSKEY 7 3 300 20150125001457 20141226000444 62417 nsec3.ingotronic.ch. PyCrf8T5dAfJzapb1p+kcTALPjDuD2niSaXXo0KeHAunT+6gJicLML2S/ZpiYr7X7Ma4Z0TYqE02qH6pcLYNnSgv9BE8sZO0nRtPekSyTy5nLi4hFADYhjb3UjaB85qmQZcqm64vC/CJhWO4t6Eixg/5MYALw+Qdy5Fo0qy/U5E=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 958 bytes
+
+###############################################
+
diff --git a/src/test/resources/recordings/org_xbill_DNS_dnssec_TestCNames/testCNameToUnsignedA b/src/test/resources/recordings/org_xbill_DNS_dnssec_TestCNames/testCNameToUnsignedA
new file mode 100644
index 000000000..ef79a546d
--- /dev/null
+++ b/src/test/resources/recordings/org_xbill_DNS_dnssec_TestCNames/testCNameToUnsignedA
@@ -0,0 +1,205 @@
+#Date: 2015-01-06T22:34:54+01:00
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 37558
+;; flags: qr aa rd ra cd ; qd: 1 an: 3 au: 3 ad: 6 
+;; QUESTIONS:
+;;	cunsinged.ingotronic.ch., type = A, class = IN
+
+;; ANSWERS:
+cunsinged.ingotronic.ch.	300	IN	CNAME	www.20min.ch.
+cunsinged.ingotronic.ch.	300	IN	RRSIG	CNAME 5 3 300 20150125005754 20141226001054 17430 ingotronic.ch. Oq75+uqbjTpblXzShoTm9TUViMxIS/iTdyGSi9tc4dsF/EKBtw0GyBjZA4iHNDkBPVudQ0u+aN9Zh+Mr+OgqyylCtfKKYRDRGYbPhkjs+EufU2FBoxYfPeMeaDTYXhN+prj9lla6IUkEsxZX+8SZlw/+GlJ0nVIDeN00L3U8y6Y=
+www.20min.ch.		599	IN	A	83.140.105.62
+
+;; AUTHORITY RECORDS:
+20min.ch.		3599	IN	NS	robotns2.second-ns.de.
+20min.ch.		3599	IN	NS	robotns3.second-ns.com.
+20min.ch.		3599	IN	NS	ns1.first-ns.de.
+
+;; ADDITIONAL RECORDS:
+ns1.first-ns.de.	600	IN	A	213.239.242.238
+ns1.first-ns.de.	299	IN	AAAA	2a01:4f8:0:a101:0:0:a:1
+robotns2.second-ns.de.	1016	IN	A	213.133.105.6
+robotns3.second-ns.com.	7199	IN	A	193.47.99.3
+robotns3.second-ns.com.	599	IN	AAAA	2a00:1158:4:0:0:0:add:a3
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 467 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 18340
+;; flags: qr rd ra ad cd ; qd: 1 an: 4 au: 0 ad: 1 
+;; QUESTIONS:
+;;	., type = DNSKEY, class = IN
+
+;; ANSWERS:
+.			87379	IN	DNSKEY	256 3 8 AwEAAaPD7Y7XIi1MOEREJNTrRhyqsY3gff6JWzg+XCbqut1sbcbvqyssHw8DT1AkRaAC92pO8xuyq5QEgEPL1IHfABLwpwXI5gTj4gdwi86bpkmlWs9fRpnn4DPDCTdrnxIejJXgClHikLJF3u3CdpNCMijq4CKdQbMlRZ3avv+G7rh7
+.			87379	IN	DNSKEY	257 3 8 AwEAAagAIKlVZrpC6Ia7gEzahOR+9W29euxhJhVVLOyQbSEW0O8gcCjFFVQUTf6v58fLjwBd0YI0EzrAcQqBGCzh/RStIoO8g0NfnfL2MTJRkxoXbfDaUeVPQuYEhg37NZWAJQ9VnMVDxP/VHL496M/QZxkjf5/Efucp2gaDX6RS6CXpoY68LsvPVjR0ZSwzz1apAzvN9dlzEheX7ICJBBtuA6G3LQpzW5hOA2hzCTMjJPJ8LbqF6dsV6DoBQzgul0sGIcGOYl7OyQdXfZ57relSQageu+ipAdTTJ25AsRTAoub8ONGcLmqrAmRLKBP1dfwhYB4N7knNnulqQxA+Uk1ihz0=
+.			87379	IN	DNSKEY	256 3 8 AwEAAe3fSrbLBy3LOS7pnxEUhvPZTE2H5dIGsI/UfruI/nOEvWWa/PSX2BFedBkEqOlYdjdNF2f+6lmfk2Od/xu0v5bVqxFE+/24v3hZSlWBxvXzPTAGHrbW/IJYEPqlzVOAS4XdUgHg0N7IbLywNHMvB+Yf+Nm6ctyXXFLV4WTNnzs7
+.			87379	IN	RRSIG	DNSKEY 8 0 172800 20150115235959 20150101000000 19036 . i8cAxD2pvQi1oAyvQxRpDfFlbqPzW+69QQEsDwE1eWOm5AtawO9U7lmsGps7sy/fVNvl1ljKBj4Djp9pb3U2FLogjiIlW0cDAkPmLlG9t+b/pjEfBNlhjANUVN06pvQVAfm+LcF26EaWT6FlISBqb6jSy4BHRa3Bdc4Sx7+pRSYSqVVvYxLkfAWsKPqGkvWhebJDndJJV9syXQXgZ+v/uJ+6XOS43xkAdeL8iBzIs/FlwMTfh3tVe3d0lb65IBBLlCzeQuetX+0Vu1YFcnD0mHc/wS2ZnAV5toAFmyVQBoY/XAZiZeaOkcROJ6Zmqezy7liwK7BqsYyAZntMhk8lbg==
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 883 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 37899
+;; flags: qr rd ra ad cd ; qd: 1 an: 2 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ch., type = DS, class = IN
+
+;; ANSWERS:
+ch.			979	IN	DS	46375 8 2 8F96646FC68BB7E4AF4C0750A6096FBC0D4ECDA3D3FA6DA06FDDB42EE50C6CF3
+ch.			979	IN	RRSIG	DS 8 1 86400 20150112170000 20150105160000 16665 . thY7xYWBBxiBjqbQIb9fAG4TmQgnziwM7q6P1T3/ITxmECdvOCQnnZA3uD7qmN8uM0HudsD7+y+zgD3rsH4RSTKdL4kHSI0OnCxToMTvklghEgFDezqIRm8NkWdI2H4Stwrj20nYKSpLQxPI2EE54gs18P3KyO8bAUYv8Qx73xU=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 238 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 64743
+;; flags: qr rd ra ad cd ; qd: 1 an: 4 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ch., type = DNSKEY, class = IN
+
+;; ANSWERS:
+ch.			980	IN	DNSKEY	257 3 8 AwEAAb7GhhZ8IAy/AhwmSms5DeQK5ad09wIIplEpYoiAIYXPtJvT1ReFzyfTp/2YP+g/PWDwHPh4qKAHa9x0VgbIQcGAeNakmfkAdWEmCnca323/SAml3mwfaX62G7/uYWae5zh8QTxZKNd+K1yZ5x0IxnI31chSl5xymRbTEHYZDKwSIRFM3fTxUMt93WFaBVWELReYotJBr++rvAWdnlay5TPBTvheLBkaiqtgM4GP8HK07Y+86lsZnEsj5K3G1KTV5SPpa82rqYAwxG9VKbmSE/6/kBR5jJHjt1rRt5Oe7v18aEtw0YCEN4vxq+KuvMoNVqXUsE9LBwHJD+QNwi6wmB0=
+ch.			980	IN	DNSKEY	256 3 8 AwEAAcsg0kY6fw1wzYMhSAKTy+Y2JzAst66P/1odp9NECJJHbU8f4nwziI3onoFSBV0ZiSZhY1aH5dhdDZ7BkrqhVXSrZPAz0CvzjIxmB1gSOf9DeZvjQvoy97HqYolxsf+B3QQv2RKBT67elF5+JisKg3/dQISelKn8LhabSoVrMlD1
+ch.			980	IN	DNSKEY	256 3 8 AwEAAcSLdT0fEmcFmLpeUkAJoeVaHKiu+nbuc43fWlqaCRVf8t2HA4uWxOk0O5ci9nrFTc8nq8oa5fk5Cj7CHh4yrX9qUCfTdIWTyp8BDEdJpS+Dyb0u9wQuVj+nQMj4fLzdQf4TJs3/qxuiLr3nL1UUwlhhXeqSqGVb7p3mtB5HJ8ad
+ch.			980	IN	RRSIG	DNSKEY 8 1 86400 20150127100909 20141212090909 46375 ch. bT8q0FWyeMH0SulNo6UdIIgZYNATwYsee2bikq2Gh339Bufma8eaqWIPYT3XKmxYPBFOw0bVl+kLZxTwbR1CFoCDXoP+qgQhh4mf9qkNiv2CDSc+0FE3FRREn+DAhYTUEuB58FPiPakFB8s8O7T+k2qhDae7jy4/y7Jl1lnjaBY8s7bzOUPhF0KKCNZmvoKwtL23ZdVeTSV1xM3jkiNnpzBKbcoSWECSGJVp1SE0BnRXdwQP41YTXFZ0310YjaTAUCC5qbMIWdEkHjfdSQtKBImnc85mkapq9w++XQ4zhauPWBtrPV3CcoCahjUaWdjrKVkibomlJZaN8MEO23CfQw==
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 893 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 61336
+;; flags: qr rd ra cd ; qd: 1 an: 3 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ingotronic.ch., type = DS, class = IN
+
+;; ANSWERS:
+ingotronic.ch.		3588	IN	DS	6031 5 1 733D0218B571CD617B1A7493564B9FC4F12ADE82
+ingotronic.ch.		3588	IN	DS	6031 5 2 4A948F2FDADA24686E473EDAC00DCF972584C75E3FAA92C2021B6221449FF87E
+ingotronic.ch.		3588	IN	RRSIG	DS 8 2 3600 20150129033614 20150105123019 60789 ch. rVPJP2HhzW7OkroK2axFj5Lb4iVWCH8Fp/Iq1rF952NDo72b8RiKje2RaAKJAGQ+wd0YgE+PAej04GCmkhlDJA/zvPeeTxuhy3HbJzReMlQ7fjyH+wW1hli+FuIYvogXWf7nO/9VyPORt8X/f/pjrOr3Vlj9sGLN8TGYpEuVSw4=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 288 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 18907
+;; flags: qr aa rd ra cd ; qd: 1 an: 4 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ingotronic.ch., type = DNSKEY, class = IN
+
+;; ANSWERS:
+ingotronic.ch.		300	IN	DNSKEY	257 3 5 AwEAAeA1vzmjaB+eBAcvhzpKEgAEFpvQ1rg4uKDW6MsQtacKoqBpgyep2+LuWotz5p/xYxj3NGsArwN8Ad5cY0FHRr8miTT0elOv6nvlqGIfRuhj/BXAQ1x4ihpSFslHw0lJMYFwxsUZWpUyjWX/nv1xRZMMwF46gui0N4OEbyTYusCk77D+A71k+K0EAitFIbIH4GCUKmH1H7HmXhSVH9bN/n7KEGwW32lmsuuUcJoRKDkcUvbMXY/9Xoa2quERrUg/rBbDUHowRPjYDS5GzY1+f4YY8s40BufGiqyUTKKXL953MVFK8gmezXA0hbmrnZ7CBOw/7238mORAdzExaX8n7CE=
+ingotronic.ch.		300	IN	DNSKEY	256 3 5 AwEAAZ2Xh77GFzpEDx7EHYxShqltHgkiG+BOjBGifEmnJhQSdE5/yNSLFNcdhZZ8HUPxYnaedTqJcFFg4AzUsQklF/fECegTJdZjaj2WoL0/I8K7HMfY/hVuRZUWPNglYi8agJRX6gdkFTCpUNI7stpgKqxtzUJhhw15uG/lKMplwqUr
+ingotronic.ch.		300	IN	RRSIG	DNSKEY 5 2 300 20150125003700 20141226001657 6031 ingotronic.ch. rs1QlP2SlSpA2ELbzwg3DgWLzXWL3Lpv6CUJE2Q0qH2Zp7Qdy3cD+ZEtNh9v24Qv1M6JJ3zFt8mmZoCeW2ycuMbJCqBkW9CBuwF+VznZvZY2MxwPipvhvEEGP//0M8YAZJ66yQPDv3PTdAP8FYbIrJyvY44vwyncwbslpfHT9jAsrbfr3vuMuWps86dnP462q+0s1TxBfqi8mzo3gdavjHKWVNwohLahLKT+tWeu6DSzQv0YwMjwtkLgF7QRgx3ctIIkloOrnx9nHH1N6y+hxEB89fOlyVDjHhgL5uVtsD5fEdT0FJ2Gc/2nShEMMqIwr1/J9kUq1mNySff/uEe65Q==
+ingotronic.ch.		300	IN	RRSIG	DNSKEY 5 2 300 20150125003700 20141226001657 17430 ingotronic.ch. mEwZjhQqeWksWD0TCnNBrtce4YkWJL3edqL6PvAUu8Fn+Ih437kEs3+pqdkgRsdYQ9HW+lBm/8pWwJlNAv0bi9NykItXMwAUFtncgq+6Pnh3iAM972GXSa5VV4LcGQ5b8CBdHCHiEKDqyPv5Hr5QfYL/FQaWlcNRh4QZZlZNPFA=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 940 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 43839
+;; flags: qr rd ra ad cd ; qd: 1 an: 4 au: 0 ad: 1 
+;; QUESTIONS:
+;;	., type = DNSKEY, class = IN
+
+;; ANSWERS:
+.			87379	IN	DNSKEY	256 3 8 AwEAAe3fSrbLBy3LOS7pnxEUhvPZTE2H5dIGsI/UfruI/nOEvWWa/PSX2BFedBkEqOlYdjdNF2f+6lmfk2Od/xu0v5bVqxFE+/24v3hZSlWBxvXzPTAGHrbW/IJYEPqlzVOAS4XdUgHg0N7IbLywNHMvB+Yf+Nm6ctyXXFLV4WTNnzs7
+.			87379	IN	DNSKEY	257 3 8 AwEAAagAIKlVZrpC6Ia7gEzahOR+9W29euxhJhVVLOyQbSEW0O8gcCjFFVQUTf6v58fLjwBd0YI0EzrAcQqBGCzh/RStIoO8g0NfnfL2MTJRkxoXbfDaUeVPQuYEhg37NZWAJQ9VnMVDxP/VHL496M/QZxkjf5/Efucp2gaDX6RS6CXpoY68LsvPVjR0ZSwzz1apAzvN9dlzEheX7ICJBBtuA6G3LQpzW5hOA2hzCTMjJPJ8LbqF6dsV6DoBQzgul0sGIcGOYl7OyQdXfZ57relSQageu+ipAdTTJ25AsRTAoub8ONGcLmqrAmRLKBP1dfwhYB4N7knNnulqQxA+Uk1ihz0=
+.			87379	IN	DNSKEY	256 3 8 AwEAAaPD7Y7XIi1MOEREJNTrRhyqsY3gff6JWzg+XCbqut1sbcbvqyssHw8DT1AkRaAC92pO8xuyq5QEgEPL1IHfABLwpwXI5gTj4gdwi86bpkmlWs9fRpnn4DPDCTdrnxIejJXgClHikLJF3u3CdpNCMijq4CKdQbMlRZ3avv+G7rh7
+.			87379	IN	RRSIG	DNSKEY 8 0 172800 20150115235959 20150101000000 19036 . i8cAxD2pvQi1oAyvQxRpDfFlbqPzW+69QQEsDwE1eWOm5AtawO9U7lmsGps7sy/fVNvl1ljKBj4Djp9pb3U2FLogjiIlW0cDAkPmLlG9t+b/pjEfBNlhjANUVN06pvQVAfm+LcF26EaWT6FlISBqb6jSy4BHRa3Bdc4Sx7+pRSYSqVVvYxLkfAWsKPqGkvWhebJDndJJV9syXQXgZ+v/uJ+6XOS43xkAdeL8iBzIs/FlwMTfh3tVe3d0lb65IBBLlCzeQuetX+0Vu1YFcnD0mHc/wS2ZnAV5toAFmyVQBoY/XAZiZeaOkcROJ6Zmqezy7liwK7BqsYyAZntMhk8lbg==
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 883 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 45479
+;; flags: qr rd ra ad cd ; qd: 1 an: 2 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ch., type = DS, class = IN
+
+;; ANSWERS:
+ch.			979	IN	DS	46375 8 2 8F96646FC68BB7E4AF4C0750A6096FBC0D4ECDA3D3FA6DA06FDDB42EE50C6CF3
+ch.			979	IN	RRSIG	DS 8 1 86400 20150112170000 20150105160000 16665 . thY7xYWBBxiBjqbQIb9fAG4TmQgnziwM7q6P1T3/ITxmECdvOCQnnZA3uD7qmN8uM0HudsD7+y+zgD3rsH4RSTKdL4kHSI0OnCxToMTvklghEgFDezqIRm8NkWdI2H4Stwrj20nYKSpLQxPI2EE54gs18P3KyO8bAUYv8Qx73xU=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 238 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 5536
+;; flags: qr rd ra ad cd ; qd: 1 an: 4 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ch., type = DNSKEY, class = IN
+
+;; ANSWERS:
+ch.			980	IN	DNSKEY	256 3 8 AwEAAcSLdT0fEmcFmLpeUkAJoeVaHKiu+nbuc43fWlqaCRVf8t2HA4uWxOk0O5ci9nrFTc8nq8oa5fk5Cj7CHh4yrX9qUCfTdIWTyp8BDEdJpS+Dyb0u9wQuVj+nQMj4fLzdQf4TJs3/qxuiLr3nL1UUwlhhXeqSqGVb7p3mtB5HJ8ad
+ch.			980	IN	DNSKEY	256 3 8 AwEAAcsg0kY6fw1wzYMhSAKTy+Y2JzAst66P/1odp9NECJJHbU8f4nwziI3onoFSBV0ZiSZhY1aH5dhdDZ7BkrqhVXSrZPAz0CvzjIxmB1gSOf9DeZvjQvoy97HqYolxsf+B3QQv2RKBT67elF5+JisKg3/dQISelKn8LhabSoVrMlD1
+ch.			980	IN	DNSKEY	257 3 8 AwEAAb7GhhZ8IAy/AhwmSms5DeQK5ad09wIIplEpYoiAIYXPtJvT1ReFzyfTp/2YP+g/PWDwHPh4qKAHa9x0VgbIQcGAeNakmfkAdWEmCnca323/SAml3mwfaX62G7/uYWae5zh8QTxZKNd+K1yZ5x0IxnI31chSl5xymRbTEHYZDKwSIRFM3fTxUMt93WFaBVWELReYotJBr++rvAWdnlay5TPBTvheLBkaiqtgM4GP8HK07Y+86lsZnEsj5K3G1KTV5SPpa82rqYAwxG9VKbmSE/6/kBR5jJHjt1rRt5Oe7v18aEtw0YCEN4vxq+KuvMoNVqXUsE9LBwHJD+QNwi6wmB0=
+ch.			980	IN	RRSIG	DNSKEY 8 1 86400 20150127100909 20141212090909 46375 ch. bT8q0FWyeMH0SulNo6UdIIgZYNATwYsee2bikq2Gh339Bufma8eaqWIPYT3XKmxYPBFOw0bVl+kLZxTwbR1CFoCDXoP+qgQhh4mf9qkNiv2CDSc+0FE3FRREn+DAhYTUEuB58FPiPakFB8s8O7T+k2qhDae7jy4/y7Jl1lnjaBY8s7bzOUPhF0KKCNZmvoKwtL23ZdVeTSV1xM3jkiNnpzBKbcoSWECSGJVp1SE0BnRXdwQP41YTXFZ0310YjaTAUCC5qbMIWdEkHjfdSQtKBImnc85mkapq9w++XQ4zhauPWBtrPV3CcoCahjUaWdjrKVkibomlJZaN8MEO23CfQw==
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 893 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 20532
+;; flags: qr rd ra cd ; qd: 1 an: 0 au: 6 ad: 1 
+;; QUESTIONS:
+;;	20min.ch., type = DS, class = IN
+
+;; ANSWERS:
+
+;; AUTHORITY RECORDS:
+ch.			3600	IN	SOA	a.nic.ch. helpdesk.nic.ch. 2015010622 900 600 1123200 3600
+ch.			3600	IN	RRSIG	SOA 8 1 3600 20150205202115 20150106200400 60789 ch. gXFznlMM50NpTnKf/1GIa8PJjARc4OUJVjVzicybnZieYvXA1bXo9NnFabfSV8+ePmuvKlph1mdmXi4RWeCy75fT2DdWorJpW9/riW+4z0usW0fHNo5d7SLdxuUJGZCd22VM4y1F79crVmAftifagcsKmvDE0B8HrZ/8sH0Y6uQ=
+E5N5J3RCG0FLHRQLGU5G3IN5ROJNRL21.ch.	3600	IN	RRSIG	NSEC3 8 2 3600 20150124000839 20150105123019 60789 ch. HznmGWxQqbLUD5mjv8FHCwSfsNZ0fk4X6vtgyFTA81rVSQs4mUfoopvrBrYHGB0iKz/eeRCgHisH99L7uw/dWUy8h9pTQM4UFmspLjTiVHDNad6COrKnFFywV8E7CwibCd+qcdo4yGME3TbVkH1BbSvzQrUKKKe5eO/hleMvhSk=
+E5N5J3RCG0FLHRQLGU5G3IN5ROJNRL21.ch.	3600	IN	NSEC3	1 1 2 A170C978 E5PB8JRENAJFIO1LLO9ELPG39F787FOL NS DS RRSIG
+G6DPGFANFNS93LVDHH7362IPSUN8DK5T.ch.	3600	IN	RRSIG	NSEC3 8 2 3600 20150124064109 20150105123019 60789 ch. pvd/nB3QKjTbLpxM9H9xcJIwmLnNAJPsXMffmjtAjTbceZ7IfpQHmguLPyJS7awSyEOTAhKmpeaT7m4iHhFm1/X4ybZmUvRSexqskgmGzqK+39cjaPrxc+ghdiUgFSjxv36PhoyM5gYnclTqpwGuFR00HK3av9vnnEKEY7zWtmM=
+G6DPGFANFNS93LVDHH7362IPSUN8DK5T.ch.	3600	IN	NSEC3	1 1 2 A170C978 G6DQNPQ9VP0U8F95714HO3575MPP42V1 NS SOA RRSIG DNSKEY NSEC3PARAM
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 741 bytes
+
+###############################################
+
diff --git a/src/test/resources/recordings/org_xbill_DNS_dnssec_TestCNames/testCNameToUnsignedMX b/src/test/resources/recordings/org_xbill_DNS_dnssec_TestCNames/testCNameToUnsignedMX
new file mode 100644
index 000000000..5a0659f3d
--- /dev/null
+++ b/src/test/resources/recordings/org_xbill_DNS_dnssec_TestCNames/testCNameToUnsignedMX
@@ -0,0 +1,197 @@
+#Date: 2015-01-06T22:34:54+01:00
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 20119
+;; flags: qr aa rd ra cd ; qd: 1 an: 2 au: 1 ad: 1 
+;; QUESTIONS:
+;;	cunsinged.ingotronic.ch., type = MX, class = IN
+
+;; ANSWERS:
+cunsinged.ingotronic.ch.	300	IN	CNAME	www.20min.ch.
+cunsinged.ingotronic.ch.	300	IN	RRSIG	CNAME 5 3 300 20150125005754 20141226001054 17430 ingotronic.ch. Oq75+uqbjTpblXzShoTm9TUViMxIS/iTdyGSi9tc4dsF/EKBtw0GyBjZA4iHNDkBPVudQ0u+aN9Zh+Mr+OgqyylCtfKKYRDRGYbPhkjs+EufU2FBoxYfPeMeaDTYXhN+prj9lla6IUkEsxZX+8SZlw/+GlJ0nVIDeN00L3U8y6Y=
+
+;; AUTHORITY RECORDS:
+20min.ch.		300	IN	SOA	ns1.first-ns.de. postmaster.20min.ch. 2014121100 600 600 86400 600
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 311 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 30770
+;; flags: qr rd ra ad cd ; qd: 1 an: 4 au: 0 ad: 1 
+;; QUESTIONS:
+;;	., type = DNSKEY, class = IN
+
+;; ANSWERS:
+.			87379	IN	DNSKEY	257 3 8 AwEAAagAIKlVZrpC6Ia7gEzahOR+9W29euxhJhVVLOyQbSEW0O8gcCjFFVQUTf6v58fLjwBd0YI0EzrAcQqBGCzh/RStIoO8g0NfnfL2MTJRkxoXbfDaUeVPQuYEhg37NZWAJQ9VnMVDxP/VHL496M/QZxkjf5/Efucp2gaDX6RS6CXpoY68LsvPVjR0ZSwzz1apAzvN9dlzEheX7ICJBBtuA6G3LQpzW5hOA2hzCTMjJPJ8LbqF6dsV6DoBQzgul0sGIcGOYl7OyQdXfZ57relSQageu+ipAdTTJ25AsRTAoub8ONGcLmqrAmRLKBP1dfwhYB4N7knNnulqQxA+Uk1ihz0=
+.			87379	IN	DNSKEY	256 3 8 AwEAAaPD7Y7XIi1MOEREJNTrRhyqsY3gff6JWzg+XCbqut1sbcbvqyssHw8DT1AkRaAC92pO8xuyq5QEgEPL1IHfABLwpwXI5gTj4gdwi86bpkmlWs9fRpnn4DPDCTdrnxIejJXgClHikLJF3u3CdpNCMijq4CKdQbMlRZ3avv+G7rh7
+.			87379	IN	DNSKEY	256 3 8 AwEAAe3fSrbLBy3LOS7pnxEUhvPZTE2H5dIGsI/UfruI/nOEvWWa/PSX2BFedBkEqOlYdjdNF2f+6lmfk2Od/xu0v5bVqxFE+/24v3hZSlWBxvXzPTAGHrbW/IJYEPqlzVOAS4XdUgHg0N7IbLywNHMvB+Yf+Nm6ctyXXFLV4WTNnzs7
+.			87379	IN	RRSIG	DNSKEY 8 0 172800 20150115235959 20150101000000 19036 . i8cAxD2pvQi1oAyvQxRpDfFlbqPzW+69QQEsDwE1eWOm5AtawO9U7lmsGps7sy/fVNvl1ljKBj4Djp9pb3U2FLogjiIlW0cDAkPmLlG9t+b/pjEfBNlhjANUVN06pvQVAfm+LcF26EaWT6FlISBqb6jSy4BHRa3Bdc4Sx7+pRSYSqVVvYxLkfAWsKPqGkvWhebJDndJJV9syXQXgZ+v/uJ+6XOS43xkAdeL8iBzIs/FlwMTfh3tVe3d0lb65IBBLlCzeQuetX+0Vu1YFcnD0mHc/wS2ZnAV5toAFmyVQBoY/XAZiZeaOkcROJ6Zmqezy7liwK7BqsYyAZntMhk8lbg==
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 883 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 16869
+;; flags: qr rd ra ad cd ; qd: 1 an: 2 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ch., type = DS, class = IN
+
+;; ANSWERS:
+ch.			979	IN	DS	46375 8 2 8F96646FC68BB7E4AF4C0750A6096FBC0D4ECDA3D3FA6DA06FDDB42EE50C6CF3
+ch.			979	IN	RRSIG	DS 8 1 86400 20150112170000 20150105160000 16665 . thY7xYWBBxiBjqbQIb9fAG4TmQgnziwM7q6P1T3/ITxmECdvOCQnnZA3uD7qmN8uM0HudsD7+y+zgD3rsH4RSTKdL4kHSI0OnCxToMTvklghEgFDezqIRm8NkWdI2H4Stwrj20nYKSpLQxPI2EE54gs18P3KyO8bAUYv8Qx73xU=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 238 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 35599
+;; flags: qr rd ra ad cd ; qd: 1 an: 4 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ch., type = DNSKEY, class = IN
+
+;; ANSWERS:
+ch.			980	IN	DNSKEY	257 3 8 AwEAAb7GhhZ8IAy/AhwmSms5DeQK5ad09wIIplEpYoiAIYXPtJvT1ReFzyfTp/2YP+g/PWDwHPh4qKAHa9x0VgbIQcGAeNakmfkAdWEmCnca323/SAml3mwfaX62G7/uYWae5zh8QTxZKNd+K1yZ5x0IxnI31chSl5xymRbTEHYZDKwSIRFM3fTxUMt93WFaBVWELReYotJBr++rvAWdnlay5TPBTvheLBkaiqtgM4GP8HK07Y+86lsZnEsj5K3G1KTV5SPpa82rqYAwxG9VKbmSE/6/kBR5jJHjt1rRt5Oe7v18aEtw0YCEN4vxq+KuvMoNVqXUsE9LBwHJD+QNwi6wmB0=
+ch.			980	IN	DNSKEY	256 3 8 AwEAAcsg0kY6fw1wzYMhSAKTy+Y2JzAst66P/1odp9NECJJHbU8f4nwziI3onoFSBV0ZiSZhY1aH5dhdDZ7BkrqhVXSrZPAz0CvzjIxmB1gSOf9DeZvjQvoy97HqYolxsf+B3QQv2RKBT67elF5+JisKg3/dQISelKn8LhabSoVrMlD1
+ch.			980	IN	DNSKEY	256 3 8 AwEAAcSLdT0fEmcFmLpeUkAJoeVaHKiu+nbuc43fWlqaCRVf8t2HA4uWxOk0O5ci9nrFTc8nq8oa5fk5Cj7CHh4yrX9qUCfTdIWTyp8BDEdJpS+Dyb0u9wQuVj+nQMj4fLzdQf4TJs3/qxuiLr3nL1UUwlhhXeqSqGVb7p3mtB5HJ8ad
+ch.			980	IN	RRSIG	DNSKEY 8 1 86400 20150127100909 20141212090909 46375 ch. bT8q0FWyeMH0SulNo6UdIIgZYNATwYsee2bikq2Gh339Bufma8eaqWIPYT3XKmxYPBFOw0bVl+kLZxTwbR1CFoCDXoP+qgQhh4mf9qkNiv2CDSc+0FE3FRREn+DAhYTUEuB58FPiPakFB8s8O7T+k2qhDae7jy4/y7Jl1lnjaBY8s7bzOUPhF0KKCNZmvoKwtL23ZdVeTSV1xM3jkiNnpzBKbcoSWECSGJVp1SE0BnRXdwQP41YTXFZ0310YjaTAUCC5qbMIWdEkHjfdSQtKBImnc85mkapq9w++XQ4zhauPWBtrPV3CcoCahjUaWdjrKVkibomlJZaN8MEO23CfQw==
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 893 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 35095
+;; flags: qr rd ra cd ; qd: 1 an: 3 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ingotronic.ch., type = DS, class = IN
+
+;; ANSWERS:
+ingotronic.ch.		3588	IN	DS	6031 5 2 4A948F2FDADA24686E473EDAC00DCF972584C75E3FAA92C2021B6221449FF87E
+ingotronic.ch.		3588	IN	DS	6031 5 1 733D0218B571CD617B1A7493564B9FC4F12ADE82
+ingotronic.ch.		3588	IN	RRSIG	DS 8 2 3600 20150129033614 20150105123019 60789 ch. rVPJP2HhzW7OkroK2axFj5Lb4iVWCH8Fp/Iq1rF952NDo72b8RiKje2RaAKJAGQ+wd0YgE+PAej04GCmkhlDJA/zvPeeTxuhy3HbJzReMlQ7fjyH+wW1hli+FuIYvogXWf7nO/9VyPORt8X/f/pjrOr3Vlj9sGLN8TGYpEuVSw4=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 288 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 23106
+;; flags: qr aa rd ra cd ; qd: 1 an: 4 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ingotronic.ch., type = DNSKEY, class = IN
+
+;; ANSWERS:
+ingotronic.ch.		300	IN	DNSKEY	256 3 5 AwEAAZ2Xh77GFzpEDx7EHYxShqltHgkiG+BOjBGifEmnJhQSdE5/yNSLFNcdhZZ8HUPxYnaedTqJcFFg4AzUsQklF/fECegTJdZjaj2WoL0/I8K7HMfY/hVuRZUWPNglYi8agJRX6gdkFTCpUNI7stpgKqxtzUJhhw15uG/lKMplwqUr
+ingotronic.ch.		300	IN	DNSKEY	257 3 5 AwEAAeA1vzmjaB+eBAcvhzpKEgAEFpvQ1rg4uKDW6MsQtacKoqBpgyep2+LuWotz5p/xYxj3NGsArwN8Ad5cY0FHRr8miTT0elOv6nvlqGIfRuhj/BXAQ1x4ihpSFslHw0lJMYFwxsUZWpUyjWX/nv1xRZMMwF46gui0N4OEbyTYusCk77D+A71k+K0EAitFIbIH4GCUKmH1H7HmXhSVH9bN/n7KEGwW32lmsuuUcJoRKDkcUvbMXY/9Xoa2quERrUg/rBbDUHowRPjYDS5GzY1+f4YY8s40BufGiqyUTKKXL953MVFK8gmezXA0hbmrnZ7CBOw/7238mORAdzExaX8n7CE=
+ingotronic.ch.		300	IN	RRSIG	DNSKEY 5 2 300 20150125003700 20141226001657 6031 ingotronic.ch. rs1QlP2SlSpA2ELbzwg3DgWLzXWL3Lpv6CUJE2Q0qH2Zp7Qdy3cD+ZEtNh9v24Qv1M6JJ3zFt8mmZoCeW2ycuMbJCqBkW9CBuwF+VznZvZY2MxwPipvhvEEGP//0M8YAZJ66yQPDv3PTdAP8FYbIrJyvY44vwyncwbslpfHT9jAsrbfr3vuMuWps86dnP462q+0s1TxBfqi8mzo3gdavjHKWVNwohLahLKT+tWeu6DSzQv0YwMjwtkLgF7QRgx3ctIIkloOrnx9nHH1N6y+hxEB89fOlyVDjHhgL5uVtsD5fEdT0FJ2Gc/2nShEMMqIwr1/J9kUq1mNySff/uEe65Q==
+ingotronic.ch.		300	IN	RRSIG	DNSKEY 5 2 300 20150125003700 20141226001657 17430 ingotronic.ch. mEwZjhQqeWksWD0TCnNBrtce4YkWJL3edqL6PvAUu8Fn+Ih437kEs3+pqdkgRsdYQ9HW+lBm/8pWwJlNAv0bi9NykItXMwAUFtncgq+6Pnh3iAM972GXSa5VV4LcGQ5b8CBdHCHiEKDqyPv5Hr5QfYL/FQaWlcNRh4QZZlZNPFA=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 940 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 24914
+;; flags: qr rd ra ad cd ; qd: 1 an: 4 au: 0 ad: 1 
+;; QUESTIONS:
+;;	., type = DNSKEY, class = IN
+
+;; ANSWERS:
+.			87379	IN	DNSKEY	256 3 8 AwEAAaPD7Y7XIi1MOEREJNTrRhyqsY3gff6JWzg+XCbqut1sbcbvqyssHw8DT1AkRaAC92pO8xuyq5QEgEPL1IHfABLwpwXI5gTj4gdwi86bpkmlWs9fRpnn4DPDCTdrnxIejJXgClHikLJF3u3CdpNCMijq4CKdQbMlRZ3avv+G7rh7
+.			87379	IN	DNSKEY	256 3 8 AwEAAe3fSrbLBy3LOS7pnxEUhvPZTE2H5dIGsI/UfruI/nOEvWWa/PSX2BFedBkEqOlYdjdNF2f+6lmfk2Od/xu0v5bVqxFE+/24v3hZSlWBxvXzPTAGHrbW/IJYEPqlzVOAS4XdUgHg0N7IbLywNHMvB+Yf+Nm6ctyXXFLV4WTNnzs7
+.			87379	IN	DNSKEY	257 3 8 AwEAAagAIKlVZrpC6Ia7gEzahOR+9W29euxhJhVVLOyQbSEW0O8gcCjFFVQUTf6v58fLjwBd0YI0EzrAcQqBGCzh/RStIoO8g0NfnfL2MTJRkxoXbfDaUeVPQuYEhg37NZWAJQ9VnMVDxP/VHL496M/QZxkjf5/Efucp2gaDX6RS6CXpoY68LsvPVjR0ZSwzz1apAzvN9dlzEheX7ICJBBtuA6G3LQpzW5hOA2hzCTMjJPJ8LbqF6dsV6DoBQzgul0sGIcGOYl7OyQdXfZ57relSQageu+ipAdTTJ25AsRTAoub8ONGcLmqrAmRLKBP1dfwhYB4N7knNnulqQxA+Uk1ihz0=
+.			87379	IN	RRSIG	DNSKEY 8 0 172800 20150115235959 20150101000000 19036 . i8cAxD2pvQi1oAyvQxRpDfFlbqPzW+69QQEsDwE1eWOm5AtawO9U7lmsGps7sy/fVNvl1ljKBj4Djp9pb3U2FLogjiIlW0cDAkPmLlG9t+b/pjEfBNlhjANUVN06pvQVAfm+LcF26EaWT6FlISBqb6jSy4BHRa3Bdc4Sx7+pRSYSqVVvYxLkfAWsKPqGkvWhebJDndJJV9syXQXgZ+v/uJ+6XOS43xkAdeL8iBzIs/FlwMTfh3tVe3d0lb65IBBLlCzeQuetX+0Vu1YFcnD0mHc/wS2ZnAV5toAFmyVQBoY/XAZiZeaOkcROJ6Zmqezy7liwK7BqsYyAZntMhk8lbg==
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 883 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 26910
+;; flags: qr rd ra ad cd ; qd: 1 an: 2 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ch., type = DS, class = IN
+
+;; ANSWERS:
+ch.			979	IN	DS	46375 8 2 8F96646FC68BB7E4AF4C0750A6096FBC0D4ECDA3D3FA6DA06FDDB42EE50C6CF3
+ch.			979	IN	RRSIG	DS 8 1 86400 20150112170000 20150105160000 16665 . thY7xYWBBxiBjqbQIb9fAG4TmQgnziwM7q6P1T3/ITxmECdvOCQnnZA3uD7qmN8uM0HudsD7+y+zgD3rsH4RSTKdL4kHSI0OnCxToMTvklghEgFDezqIRm8NkWdI2H4Stwrj20nYKSpLQxPI2EE54gs18P3KyO8bAUYv8Qx73xU=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 238 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 48955
+;; flags: qr rd ra ad cd ; qd: 1 an: 4 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ch., type = DNSKEY, class = IN
+
+;; ANSWERS:
+ch.			980	IN	DNSKEY	256 3 8 AwEAAcSLdT0fEmcFmLpeUkAJoeVaHKiu+nbuc43fWlqaCRVf8t2HA4uWxOk0O5ci9nrFTc8nq8oa5fk5Cj7CHh4yrX9qUCfTdIWTyp8BDEdJpS+Dyb0u9wQuVj+nQMj4fLzdQf4TJs3/qxuiLr3nL1UUwlhhXeqSqGVb7p3mtB5HJ8ad
+ch.			980	IN	DNSKEY	257 3 8 AwEAAb7GhhZ8IAy/AhwmSms5DeQK5ad09wIIplEpYoiAIYXPtJvT1ReFzyfTp/2YP+g/PWDwHPh4qKAHa9x0VgbIQcGAeNakmfkAdWEmCnca323/SAml3mwfaX62G7/uYWae5zh8QTxZKNd+K1yZ5x0IxnI31chSl5xymRbTEHYZDKwSIRFM3fTxUMt93WFaBVWELReYotJBr++rvAWdnlay5TPBTvheLBkaiqtgM4GP8HK07Y+86lsZnEsj5K3G1KTV5SPpa82rqYAwxG9VKbmSE/6/kBR5jJHjt1rRt5Oe7v18aEtw0YCEN4vxq+KuvMoNVqXUsE9LBwHJD+QNwi6wmB0=
+ch.			980	IN	DNSKEY	256 3 8 AwEAAcsg0kY6fw1wzYMhSAKTy+Y2JzAst66P/1odp9NECJJHbU8f4nwziI3onoFSBV0ZiSZhY1aH5dhdDZ7BkrqhVXSrZPAz0CvzjIxmB1gSOf9DeZvjQvoy97HqYolxsf+B3QQv2RKBT67elF5+JisKg3/dQISelKn8LhabSoVrMlD1
+ch.			980	IN	RRSIG	DNSKEY 8 1 86400 20150127100909 20141212090909 46375 ch. bT8q0FWyeMH0SulNo6UdIIgZYNATwYsee2bikq2Gh339Bufma8eaqWIPYT3XKmxYPBFOw0bVl+kLZxTwbR1CFoCDXoP+qgQhh4mf9qkNiv2CDSc+0FE3FRREn+DAhYTUEuB58FPiPakFB8s8O7T+k2qhDae7jy4/y7Jl1lnjaBY8s7bzOUPhF0KKCNZmvoKwtL23ZdVeTSV1xM3jkiNnpzBKbcoSWECSGJVp1SE0BnRXdwQP41YTXFZ0310YjaTAUCC5qbMIWdEkHjfdSQtKBImnc85mkapq9w++XQ4zhauPWBtrPV3CcoCahjUaWdjrKVkibomlJZaN8MEO23CfQw==
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 893 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 9000
+;; flags: qr rd ra cd ; qd: 1 an: 0 au: 6 ad: 1 
+;; QUESTIONS:
+;;	20min.ch., type = DS, class = IN
+
+;; ANSWERS:
+
+;; AUTHORITY RECORDS:
+ch.			3600	IN	SOA	a.nic.ch. helpdesk.nic.ch. 2015010622 900 600 1123200 3600
+ch.			3600	IN	RRSIG	SOA 8 1 3600 20150205202115 20150106200400 60789 ch. gXFznlMM50NpTnKf/1GIa8PJjARc4OUJVjVzicybnZieYvXA1bXo9NnFabfSV8+ePmuvKlph1mdmXi4RWeCy75fT2DdWorJpW9/riW+4z0usW0fHNo5d7SLdxuUJGZCd22VM4y1F79crVmAftifagcsKmvDE0B8HrZ/8sH0Y6uQ=
+E5N5J3RCG0FLHRQLGU5G3IN5ROJNRL21.ch.	3600	IN	RRSIG	NSEC3 8 2 3600 20150124000839 20150105123019 60789 ch. HznmGWxQqbLUD5mjv8FHCwSfsNZ0fk4X6vtgyFTA81rVSQs4mUfoopvrBrYHGB0iKz/eeRCgHisH99L7uw/dWUy8h9pTQM4UFmspLjTiVHDNad6COrKnFFywV8E7CwibCd+qcdo4yGME3TbVkH1BbSvzQrUKKKe5eO/hleMvhSk=
+E5N5J3RCG0FLHRQLGU5G3IN5ROJNRL21.ch.	3600	IN	NSEC3	1 1 2 A170C978 E5PB8JRENAJFIO1LLO9ELPG39F787FOL NS DS RRSIG
+G6DPGFANFNS93LVDHH7362IPSUN8DK5T.ch.	3600	IN	RRSIG	NSEC3 8 2 3600 20150124064109 20150105123019 60789 ch. pvd/nB3QKjTbLpxM9H9xcJIwmLnNAJPsXMffmjtAjTbceZ7IfpQHmguLPyJS7awSyEOTAhKmpeaT7m4iHhFm1/X4ybZmUvRSexqskgmGzqK+39cjaPrxc+ghdiUgFSjxv36PhoyM5gYnclTqpwGuFR00HK3av9vnnEKEY7zWtmM=
+G6DPGFANFNS93LVDHH7362IPSUN8DK5T.ch.	3600	IN	NSEC3	1 1 2 A170C978 G6DQNPQ9VP0U8F95714HO3575MPP42V1 NS SOA RRSIG DNSKEY NSEC3PARAM
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 741 bytes
+
+###############################################
+
diff --git a/src/test/resources/recordings/org_xbill_DNS_dnssec_TestCNames/testCNameToUnsignedNsec3 b/src/test/resources/recordings/org_xbill_DNS_dnssec_TestCNames/testCNameToUnsignedNsec3
new file mode 100644
index 000000000..fd36d1cb2
--- /dev/null
+++ b/src/test/resources/recordings/org_xbill_DNS_dnssec_TestCNames/testCNameToUnsignedNsec3
@@ -0,0 +1,240 @@
+#Date: 2015-01-06T22:34:53+01:00
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 30287
+;; flags: qr aa rd ra cd ; qd: 1 an: 3 au: 3 ad: 2 
+;; QUESTIONS:
+;;	cunsinged.nsec3.ingotronic.ch., type = A, class = IN
+
+;; ANSWERS:
+cunsinged.nsec3.ingotronic.ch.	300	IN	CNAME	www.20min.ch.
+cunsinged.nsec3.ingotronic.ch.	300	IN	RRSIG	CNAME 7 4 300 20150125000452 20141225235516 62417 nsec3.ingotronic.ch. rIfDPrgT5aS2eL0ZibS5jElaEZviflBjmKuzikS3r9/QXm+Ad/gO7+/cVdCjK98p4JOWW+RxowOQsL97bPhtmNQZiqUr1agKe3nLLqQw6Y+3hT74BZEcEHmi0xvzdS4syt4BdiiWkf9U7LnLZBvC4sK4d2gG1/apDJi1mOThcDw=
+www.20min.ch.		600	IN	A	83.140.105.62
+
+;; AUTHORITY RECORDS:
+20min.ch.		3600	IN	NS	ns1.first-ns.de.
+20min.ch.		3600	IN	NS	robotns2.second-ns.de.
+20min.ch.		3600	IN	NS	robotns3.second-ns.com.
+
+;; ADDITIONAL RECORDS:
+robotns2.second-ns.de.	1017	IN	A	213.133.105.6
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 391 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 35001
+;; flags: qr rd ra ad cd ; qd: 1 an: 4 au: 0 ad: 1 
+;; QUESTIONS:
+;;	., type = DNSKEY, class = IN
+
+;; ANSWERS:
+.			87380	IN	DNSKEY	256 3 8 AwEAAe3fSrbLBy3LOS7pnxEUhvPZTE2H5dIGsI/UfruI/nOEvWWa/PSX2BFedBkEqOlYdjdNF2f+6lmfk2Od/xu0v5bVqxFE+/24v3hZSlWBxvXzPTAGHrbW/IJYEPqlzVOAS4XdUgHg0N7IbLywNHMvB+Yf+Nm6ctyXXFLV4WTNnzs7
+.			87380	IN	DNSKEY	257 3 8 AwEAAagAIKlVZrpC6Ia7gEzahOR+9W29euxhJhVVLOyQbSEW0O8gcCjFFVQUTf6v58fLjwBd0YI0EzrAcQqBGCzh/RStIoO8g0NfnfL2MTJRkxoXbfDaUeVPQuYEhg37NZWAJQ9VnMVDxP/VHL496M/QZxkjf5/Efucp2gaDX6RS6CXpoY68LsvPVjR0ZSwzz1apAzvN9dlzEheX7ICJBBtuA6G3LQpzW5hOA2hzCTMjJPJ8LbqF6dsV6DoBQzgul0sGIcGOYl7OyQdXfZ57relSQageu+ipAdTTJ25AsRTAoub8ONGcLmqrAmRLKBP1dfwhYB4N7knNnulqQxA+Uk1ihz0=
+.			87380	IN	DNSKEY	256 3 8 AwEAAaPD7Y7XIi1MOEREJNTrRhyqsY3gff6JWzg+XCbqut1sbcbvqyssHw8DT1AkRaAC92pO8xuyq5QEgEPL1IHfABLwpwXI5gTj4gdwi86bpkmlWs9fRpnn4DPDCTdrnxIejJXgClHikLJF3u3CdpNCMijq4CKdQbMlRZ3avv+G7rh7
+.			87380	IN	RRSIG	DNSKEY 8 0 172800 20150115235959 20150101000000 19036 . i8cAxD2pvQi1oAyvQxRpDfFlbqPzW+69QQEsDwE1eWOm5AtawO9U7lmsGps7sy/fVNvl1ljKBj4Djp9pb3U2FLogjiIlW0cDAkPmLlG9t+b/pjEfBNlhjANUVN06pvQVAfm+LcF26EaWT6FlISBqb6jSy4BHRa3Bdc4Sx7+pRSYSqVVvYxLkfAWsKPqGkvWhebJDndJJV9syXQXgZ+v/uJ+6XOS43xkAdeL8iBzIs/FlwMTfh3tVe3d0lb65IBBLlCzeQuetX+0Vu1YFcnD0mHc/wS2ZnAV5toAFmyVQBoY/XAZiZeaOkcROJ6Zmqezy7liwK7BqsYyAZntMhk8lbg==
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 883 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 37625
+;; flags: qr rd ra ad cd ; qd: 1 an: 2 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ch., type = DS, class = IN
+
+;; ANSWERS:
+ch.			980	IN	DS	46375 8 2 8F96646FC68BB7E4AF4C0750A6096FBC0D4ECDA3D3FA6DA06FDDB42EE50C6CF3
+ch.			980	IN	RRSIG	DS 8 1 86400 20150112170000 20150105160000 16665 . thY7xYWBBxiBjqbQIb9fAG4TmQgnziwM7q6P1T3/ITxmECdvOCQnnZA3uD7qmN8uM0HudsD7+y+zgD3rsH4RSTKdL4kHSI0OnCxToMTvklghEgFDezqIRm8NkWdI2H4Stwrj20nYKSpLQxPI2EE54gs18P3KyO8bAUYv8Qx73xU=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 238 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 31241
+;; flags: qr rd ra ad cd ; qd: 1 an: 4 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ch., type = DNSKEY, class = IN
+
+;; ANSWERS:
+ch.			981	IN	DNSKEY	256 3 8 AwEAAcsg0kY6fw1wzYMhSAKTy+Y2JzAst66P/1odp9NECJJHbU8f4nwziI3onoFSBV0ZiSZhY1aH5dhdDZ7BkrqhVXSrZPAz0CvzjIxmB1gSOf9DeZvjQvoy97HqYolxsf+B3QQv2RKBT67elF5+JisKg3/dQISelKn8LhabSoVrMlD1
+ch.			981	IN	DNSKEY	256 3 8 AwEAAcSLdT0fEmcFmLpeUkAJoeVaHKiu+nbuc43fWlqaCRVf8t2HA4uWxOk0O5ci9nrFTc8nq8oa5fk5Cj7CHh4yrX9qUCfTdIWTyp8BDEdJpS+Dyb0u9wQuVj+nQMj4fLzdQf4TJs3/qxuiLr3nL1UUwlhhXeqSqGVb7p3mtB5HJ8ad
+ch.			981	IN	DNSKEY	257 3 8 AwEAAb7GhhZ8IAy/AhwmSms5DeQK5ad09wIIplEpYoiAIYXPtJvT1ReFzyfTp/2YP+g/PWDwHPh4qKAHa9x0VgbIQcGAeNakmfkAdWEmCnca323/SAml3mwfaX62G7/uYWae5zh8QTxZKNd+K1yZ5x0IxnI31chSl5xymRbTEHYZDKwSIRFM3fTxUMt93WFaBVWELReYotJBr++rvAWdnlay5TPBTvheLBkaiqtgM4GP8HK07Y+86lsZnEsj5K3G1KTV5SPpa82rqYAwxG9VKbmSE/6/kBR5jJHjt1rRt5Oe7v18aEtw0YCEN4vxq+KuvMoNVqXUsE9LBwHJD+QNwi6wmB0=
+ch.			981	IN	RRSIG	DNSKEY 8 1 86400 20150127100909 20141212090909 46375 ch. bT8q0FWyeMH0SulNo6UdIIgZYNATwYsee2bikq2Gh339Bufma8eaqWIPYT3XKmxYPBFOw0bVl+kLZxTwbR1CFoCDXoP+qgQhh4mf9qkNiv2CDSc+0FE3FRREn+DAhYTUEuB58FPiPakFB8s8O7T+k2qhDae7jy4/y7Jl1lnjaBY8s7bzOUPhF0KKCNZmvoKwtL23ZdVeTSV1xM3jkiNnpzBKbcoSWECSGJVp1SE0BnRXdwQP41YTXFZ0310YjaTAUCC5qbMIWdEkHjfdSQtKBImnc85mkapq9w++XQ4zhauPWBtrPV3CcoCahjUaWdjrKVkibomlJZaN8MEO23CfQw==
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 893 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 14796
+;; flags: qr rd ra cd ; qd: 1 an: 3 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ingotronic.ch., type = DS, class = IN
+
+;; ANSWERS:
+ingotronic.ch.		3589	IN	DS	6031 5 2 4A948F2FDADA24686E473EDAC00DCF972584C75E3FAA92C2021B6221449FF87E
+ingotronic.ch.		3589	IN	DS	6031 5 1 733D0218B571CD617B1A7493564B9FC4F12ADE82
+ingotronic.ch.		3589	IN	RRSIG	DS 8 2 3600 20150129033614 20150105123019 60789 ch. rVPJP2HhzW7OkroK2axFj5Lb4iVWCH8Fp/Iq1rF952NDo72b8RiKje2RaAKJAGQ+wd0YgE+PAej04GCmkhlDJA/zvPeeTxuhy3HbJzReMlQ7fjyH+wW1hli+FuIYvogXWf7nO/9VyPORt8X/f/pjrOr3Vlj9sGLN8TGYpEuVSw4=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 288 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 47626
+;; flags: qr aa rd ra cd ; qd: 1 an: 4 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ingotronic.ch., type = DNSKEY, class = IN
+
+;; ANSWERS:
+ingotronic.ch.		300	IN	DNSKEY	257 3 5 AwEAAeA1vzmjaB+eBAcvhzpKEgAEFpvQ1rg4uKDW6MsQtacKoqBpgyep2+LuWotz5p/xYxj3NGsArwN8Ad5cY0FHRr8miTT0elOv6nvlqGIfRuhj/BXAQ1x4ihpSFslHw0lJMYFwxsUZWpUyjWX/nv1xRZMMwF46gui0N4OEbyTYusCk77D+A71k+K0EAitFIbIH4GCUKmH1H7HmXhSVH9bN/n7KEGwW32lmsuuUcJoRKDkcUvbMXY/9Xoa2quERrUg/rBbDUHowRPjYDS5GzY1+f4YY8s40BufGiqyUTKKXL953MVFK8gmezXA0hbmrnZ7CBOw/7238mORAdzExaX8n7CE=
+ingotronic.ch.		300	IN	DNSKEY	256 3 5 AwEAAZ2Xh77GFzpEDx7EHYxShqltHgkiG+BOjBGifEmnJhQSdE5/yNSLFNcdhZZ8HUPxYnaedTqJcFFg4AzUsQklF/fECegTJdZjaj2WoL0/I8K7HMfY/hVuRZUWPNglYi8agJRX6gdkFTCpUNI7stpgKqxtzUJhhw15uG/lKMplwqUr
+ingotronic.ch.		300	IN	RRSIG	DNSKEY 5 2 300 20150125003700 20141226001657 6031 ingotronic.ch. rs1QlP2SlSpA2ELbzwg3DgWLzXWL3Lpv6CUJE2Q0qH2Zp7Qdy3cD+ZEtNh9v24Qv1M6JJ3zFt8mmZoCeW2ycuMbJCqBkW9CBuwF+VznZvZY2MxwPipvhvEEGP//0M8YAZJ66yQPDv3PTdAP8FYbIrJyvY44vwyncwbslpfHT9jAsrbfr3vuMuWps86dnP462q+0s1TxBfqi8mzo3gdavjHKWVNwohLahLKT+tWeu6DSzQv0YwMjwtkLgF7QRgx3ctIIkloOrnx9nHH1N6y+hxEB89fOlyVDjHhgL5uVtsD5fEdT0FJ2Gc/2nShEMMqIwr1/J9kUq1mNySff/uEe65Q==
+ingotronic.ch.		300	IN	RRSIG	DNSKEY 5 2 300 20150125003700 20141226001657 17430 ingotronic.ch. mEwZjhQqeWksWD0TCnNBrtce4YkWJL3edqL6PvAUu8Fn+Ih437kEs3+pqdkgRsdYQ9HW+lBm/8pWwJlNAv0bi9NykItXMwAUFtncgq+6Pnh3iAM972GXSa5VV4LcGQ5b8CBdHCHiEKDqyPv5Hr5QfYL/FQaWlcNRh4QZZlZNPFA=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 940 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 22107
+;; flags: qr aa rd ra cd ; qd: 1 an: 3 au: 0 ad: 1 
+;; QUESTIONS:
+;;	nsec3.ingotronic.ch., type = DS, class = IN
+
+;; ANSWERS:
+nsec3.ingotronic.ch.	300	IN	DS	16758 7 2 3C8DC02750A1636F829B45D6E6D642866768A9CD40A013AD9D25AB63734FFA13
+nsec3.ingotronic.ch.	300	IN	DS	16758 7 1 1720FF268E09A2CB63805EC8782D10AAD20E12A5
+nsec3.ingotronic.ch.	300	IN	RRSIG	DS 5 3 300 20150125011134 20141226002644 17430 ingotronic.ch. hNurzlGhlyHbSgezPDuhIrtN9ZMsMXZbKGc7HD5rUuM88wD3fM97NxdzF+2Hi1USvBZ5GsQv63L+lAzf+mFPBoPIFHtTiAv8up7kQKRKmi/EzzkCYd/CC4UYdDZbaUyv7esh7spSOGwjPJNdK831p+MgltoWaYtnSGVMgOKk5mc=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 305 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 34962
+;; flags: qr aa rd ra cd ; qd: 1 an: 4 au: 0 ad: 1 
+;; QUESTIONS:
+;;	nsec3.ingotronic.ch., type = DNSKEY, class = IN
+
+;; ANSWERS:
+nsec3.ingotronic.ch.	300	IN	DNSKEY	257 3 7 AwEAAaBuJTf9oGyeTH3biUkAFLrsYrkodX1H7Snsui4XsDHFCBvs5XYacHbs0Jg0/O51KPjmNnjwMW8SSyDkKqYQ+9uYAf2EQ/pnD/VGQqnV2cw0Vwk/t0E2V4FUCju4pnAoyzZFZXGs1eWbX9JXu++b0Azp+ACq6485qJLzHhWDiIrPoK/SvdbFVRK4s+nPPJLH3NGBbtdz6kPq7aFWYBMoGeAZdN1wsQpcNWUo5eOmaJY53nMc7+rDpAyYlMe/FKwSZdX2ZDd63Qsa6Im4FVUJq/nWLq7tlQ/mWks15uDTQyJy/OWfA0ICCO4N9Fel9rThJNpJWEzOCblvZyBoy405kZk=
+nsec3.ingotronic.ch.	300	IN	DNSKEY	256 3 7 AwEAAccAWxkTVGZ6UAp0VEozAlYpARhbh6Y6tYOl6Fg3UeBNFFtDQ9fTEEt1NkbnR9u8KkpVN6a67avlYiUN1egDqEwzDU7R1Rw+/USdhm2hqOARmmu3DBgjjX/iXjZLyv310cOGFJZ/smcodlDL4pDAAoPxh/qs6KEBaT0sc1KWcGq3
+nsec3.ingotronic.ch.	300	IN	RRSIG	DNSKEY 7 3 300 20150125001457 20141226000444 16758 nsec3.ingotronic.ch. mXi1ylDi8XkRPup+YlT8GPdYE+P7gb6+/VdAwtodI916IzrkGkOHOTLbnrbAqqJOh0HxVCYXdxovmEcbJKUFKwplrQg3XD7/9Sq4pKU1MhMFEGrm/QPkM4u0mgjQwyToDLGuPHuFyur3FSjO/n54uGhAEft9JOFk/WKtWdCnm2LLyQrpC6herA3efFaI8kZhdoEY02AwihWVJxHasmz7lOoKRgNrkfELU+fN4+V7ISsRfJMyZc6q5PuNeG6vFD0uNE8tpdLJCSMurKYVpelvYqzFIcRTYcIjXwmS+L3DGjupqWMzFZVmpQM62JG3KCCD0ffpnNb0nWoSoHwpSeh/3Q==
+nsec3.ingotronic.ch.	300	IN	RRSIG	DNSKEY 7 3 300 20150125001457 20141226000444 62417 nsec3.ingotronic.ch. PyCrf8T5dAfJzapb1p+kcTALPjDuD2niSaXXo0KeHAunT+6gJicLML2S/ZpiYr7X7Ma4Z0TYqE02qH6pcLYNnSgv9BE8sZO0nRtPekSyTy5nLi4hFADYhjb3UjaB85qmQZcqm64vC/CJhWO4t6Eixg/5MYALw+Qdy5Fo0qy/U5E=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 958 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 11098
+;; flags: qr rd ra ad cd ; qd: 1 an: 4 au: 0 ad: 1 
+;; QUESTIONS:
+;;	., type = DNSKEY, class = IN
+
+;; ANSWERS:
+.			87380	IN	DNSKEY	256 3 8 AwEAAaPD7Y7XIi1MOEREJNTrRhyqsY3gff6JWzg+XCbqut1sbcbvqyssHw8DT1AkRaAC92pO8xuyq5QEgEPL1IHfABLwpwXI5gTj4gdwi86bpkmlWs9fRpnn4DPDCTdrnxIejJXgClHikLJF3u3CdpNCMijq4CKdQbMlRZ3avv+G7rh7
+.			87380	IN	DNSKEY	256 3 8 AwEAAe3fSrbLBy3LOS7pnxEUhvPZTE2H5dIGsI/UfruI/nOEvWWa/PSX2BFedBkEqOlYdjdNF2f+6lmfk2Od/xu0v5bVqxFE+/24v3hZSlWBxvXzPTAGHrbW/IJYEPqlzVOAS4XdUgHg0N7IbLywNHMvB+Yf+Nm6ctyXXFLV4WTNnzs7
+.			87380	IN	DNSKEY	257 3 8 AwEAAagAIKlVZrpC6Ia7gEzahOR+9W29euxhJhVVLOyQbSEW0O8gcCjFFVQUTf6v58fLjwBd0YI0EzrAcQqBGCzh/RStIoO8g0NfnfL2MTJRkxoXbfDaUeVPQuYEhg37NZWAJQ9VnMVDxP/VHL496M/QZxkjf5/Efucp2gaDX6RS6CXpoY68LsvPVjR0ZSwzz1apAzvN9dlzEheX7ICJBBtuA6G3LQpzW5hOA2hzCTMjJPJ8LbqF6dsV6DoBQzgul0sGIcGOYl7OyQdXfZ57relSQageu+ipAdTTJ25AsRTAoub8ONGcLmqrAmRLKBP1dfwhYB4N7knNnulqQxA+Uk1ihz0=
+.			87380	IN	RRSIG	DNSKEY 8 0 172800 20150115235959 20150101000000 19036 . i8cAxD2pvQi1oAyvQxRpDfFlbqPzW+69QQEsDwE1eWOm5AtawO9U7lmsGps7sy/fVNvl1ljKBj4Djp9pb3U2FLogjiIlW0cDAkPmLlG9t+b/pjEfBNlhjANUVN06pvQVAfm+LcF26EaWT6FlISBqb6jSy4BHRa3Bdc4Sx7+pRSYSqVVvYxLkfAWsKPqGkvWhebJDndJJV9syXQXgZ+v/uJ+6XOS43xkAdeL8iBzIs/FlwMTfh3tVe3d0lb65IBBLlCzeQuetX+0Vu1YFcnD0mHc/wS2ZnAV5toAFmyVQBoY/XAZiZeaOkcROJ6Zmqezy7liwK7BqsYyAZntMhk8lbg==
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 883 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 14971
+;; flags: qr rd ra ad cd ; qd: 1 an: 2 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ch., type = DS, class = IN
+
+;; ANSWERS:
+ch.			980	IN	DS	46375 8 2 8F96646FC68BB7E4AF4C0750A6096FBC0D4ECDA3D3FA6DA06FDDB42EE50C6CF3
+ch.			980	IN	RRSIG	DS 8 1 86400 20150112170000 20150105160000 16665 . thY7xYWBBxiBjqbQIb9fAG4TmQgnziwM7q6P1T3/ITxmECdvOCQnnZA3uD7qmN8uM0HudsD7+y+zgD3rsH4RSTKdL4kHSI0OnCxToMTvklghEgFDezqIRm8NkWdI2H4Stwrj20nYKSpLQxPI2EE54gs18P3KyO8bAUYv8Qx73xU=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 238 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 17809
+;; flags: qr rd ra ad cd ; qd: 1 an: 4 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ch., type = DNSKEY, class = IN
+
+;; ANSWERS:
+ch.			980	IN	DNSKEY	256 3 8 AwEAAcSLdT0fEmcFmLpeUkAJoeVaHKiu+nbuc43fWlqaCRVf8t2HA4uWxOk0O5ci9nrFTc8nq8oa5fk5Cj7CHh4yrX9qUCfTdIWTyp8BDEdJpS+Dyb0u9wQuVj+nQMj4fLzdQf4TJs3/qxuiLr3nL1UUwlhhXeqSqGVb7p3mtB5HJ8ad
+ch.			980	IN	DNSKEY	256 3 8 AwEAAcsg0kY6fw1wzYMhSAKTy+Y2JzAst66P/1odp9NECJJHbU8f4nwziI3onoFSBV0ZiSZhY1aH5dhdDZ7BkrqhVXSrZPAz0CvzjIxmB1gSOf9DeZvjQvoy97HqYolxsf+B3QQv2RKBT67elF5+JisKg3/dQISelKn8LhabSoVrMlD1
+ch.			980	IN	DNSKEY	257 3 8 AwEAAb7GhhZ8IAy/AhwmSms5DeQK5ad09wIIplEpYoiAIYXPtJvT1ReFzyfTp/2YP+g/PWDwHPh4qKAHa9x0VgbIQcGAeNakmfkAdWEmCnca323/SAml3mwfaX62G7/uYWae5zh8QTxZKNd+K1yZ5x0IxnI31chSl5xymRbTEHYZDKwSIRFM3fTxUMt93WFaBVWELReYotJBr++rvAWdnlay5TPBTvheLBkaiqtgM4GP8HK07Y+86lsZnEsj5K3G1KTV5SPpa82rqYAwxG9VKbmSE/6/kBR5jJHjt1rRt5Oe7v18aEtw0YCEN4vxq+KuvMoNVqXUsE9LBwHJD+QNwi6wmB0=
+ch.			980	IN	RRSIG	DNSKEY 8 1 86400 20150127100909 20141212090909 46375 ch. bT8q0FWyeMH0SulNo6UdIIgZYNATwYsee2bikq2Gh339Bufma8eaqWIPYT3XKmxYPBFOw0bVl+kLZxTwbR1CFoCDXoP+qgQhh4mf9qkNiv2CDSc+0FE3FRREn+DAhYTUEuB58FPiPakFB8s8O7T+k2qhDae7jy4/y7Jl1lnjaBY8s7bzOUPhF0KKCNZmvoKwtL23ZdVeTSV1xM3jkiNnpzBKbcoSWECSGJVp1SE0BnRXdwQP41YTXFZ0310YjaTAUCC5qbMIWdEkHjfdSQtKBImnc85mkapq9w++XQ4zhauPWBtrPV3CcoCahjUaWdjrKVkibomlJZaN8MEO23CfQw==
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 893 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 51464
+;; flags: qr rd ra cd ; qd: 1 an: 0 au: 6 ad: 1 
+;; QUESTIONS:
+;;	20min.ch., type = DS, class = IN
+
+;; ANSWERS:
+
+;; AUTHORITY RECORDS:
+ch.			3600	IN	SOA	a.nic.ch. helpdesk.nic.ch. 2015010622 900 600 1123200 3600
+ch.			3600	IN	RRSIG	SOA 8 1 3600 20150205202115 20150106200400 60789 ch. gXFznlMM50NpTnKf/1GIa8PJjARc4OUJVjVzicybnZieYvXA1bXo9NnFabfSV8+ePmuvKlph1mdmXi4RWeCy75fT2DdWorJpW9/riW+4z0usW0fHNo5d7SLdxuUJGZCd22VM4y1F79crVmAftifagcsKmvDE0B8HrZ/8sH0Y6uQ=
+E5N5J3RCG0FLHRQLGU5G3IN5ROJNRL21.ch.	3600	IN	RRSIG	NSEC3 8 2 3600 20150124000839 20150105123019 60789 ch. HznmGWxQqbLUD5mjv8FHCwSfsNZ0fk4X6vtgyFTA81rVSQs4mUfoopvrBrYHGB0iKz/eeRCgHisH99L7uw/dWUy8h9pTQM4UFmspLjTiVHDNad6COrKnFFywV8E7CwibCd+qcdo4yGME3TbVkH1BbSvzQrUKKKe5eO/hleMvhSk=
+E5N5J3RCG0FLHRQLGU5G3IN5ROJNRL21.ch.	3600	IN	NSEC3	1 1 2 A170C978 E5PB8JRENAJFIO1LLO9ELPG39F787FOL NS DS RRSIG
+G6DPGFANFNS93LVDHH7362IPSUN8DK5T.ch.	3600	IN	RRSIG	NSEC3 8 2 3600 20150124064109 20150105123019 60789 ch. pvd/nB3QKjTbLpxM9H9xcJIwmLnNAJPsXMffmjtAjTbceZ7IfpQHmguLPyJS7awSyEOTAhKmpeaT7m4iHhFm1/X4ybZmUvRSexqskgmGzqK+39cjaPrxc+ghdiUgFSjxv36PhoyM5gYnclTqpwGuFR00HK3av9vnnEKEY7zWtmM=
+G6DPGFANFNS93LVDHH7362IPSUN8DK5T.ch.	3600	IN	NSEC3	1 1 2 A170C978 G6DQNPQ9VP0U8F95714HO3575MPP42V1 NS SOA RRSIG DNSKEY NSEC3PARAM
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 741 bytes
+
+###############################################
+
diff --git a/src/test/resources/recordings/org_xbill_DNS_dnssec_TestCNames/testCNameToUnsignedVoid b/src/test/resources/recordings/org_xbill_DNS_dnssec_TestCNames/testCNameToUnsignedVoid
new file mode 100644
index 000000000..a7f0a45e4
--- /dev/null
+++ b/src/test/resources/recordings/org_xbill_DNS_dnssec_TestCNames/testCNameToUnsignedVoid
@@ -0,0 +1,234 @@
+#Date: 2015-01-06T22:34:56+01:00
+;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 16068
+;; flags: qr aa rd ra cd ; qd: 1 an: 2 au: 1 ad: 1 
+;; QUESTIONS:
+;;	cvoid4.ingotronic.ch., type = A, class = IN
+
+;; ANSWERS:
+cvoid4.ingotronic.ch.	300	IN	CNAME	gibtsnicht.unsigned.ingotronic.ch.
+cvoid4.ingotronic.ch.	300	IN	RRSIG	CNAME 5 3 300 20150125010026 20141226003834 17430 ingotronic.ch. GJPzgBVNBOn1X/aX0VhnWdpr3eVFvil6+z2nyPo1ikIdf1hKkpt7uhC7NRpUM9+4Kapxjs+n3Om45LwXtnPrKQ4hYIJFjRoPwBgg+SZN5bFC38e1zSdZnhlSG5CVvz/E2Ga/9/Hoks87s7l3UPfW9/60GO9KTOwnr++PhL8RBa8=
+
+;; AUTHORITY RECORDS:
+unsigned.ingotronic.ch.	300	IN	SOA	ns1.ingotronic.ch. admin.ingotronic.ch. 2013032601 300 60 864000 300
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 302 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 13057
+;; flags: qr rd ra ad cd ; qd: 1 an: 4 au: 0 ad: 1 
+;; QUESTIONS:
+;;	., type = DNSKEY, class = IN
+
+;; ANSWERS:
+.			87377	IN	DNSKEY	257 3 8 AwEAAagAIKlVZrpC6Ia7gEzahOR+9W29euxhJhVVLOyQbSEW0O8gcCjFFVQUTf6v58fLjwBd0YI0EzrAcQqBGCzh/RStIoO8g0NfnfL2MTJRkxoXbfDaUeVPQuYEhg37NZWAJQ9VnMVDxP/VHL496M/QZxkjf5/Efucp2gaDX6RS6CXpoY68LsvPVjR0ZSwzz1apAzvN9dlzEheX7ICJBBtuA6G3LQpzW5hOA2hzCTMjJPJ8LbqF6dsV6DoBQzgul0sGIcGOYl7OyQdXfZ57relSQageu+ipAdTTJ25AsRTAoub8ONGcLmqrAmRLKBP1dfwhYB4N7knNnulqQxA+Uk1ihz0=
+.			87377	IN	DNSKEY	256 3 8 AwEAAe3fSrbLBy3LOS7pnxEUhvPZTE2H5dIGsI/UfruI/nOEvWWa/PSX2BFedBkEqOlYdjdNF2f+6lmfk2Od/xu0v5bVqxFE+/24v3hZSlWBxvXzPTAGHrbW/IJYEPqlzVOAS4XdUgHg0N7IbLywNHMvB+Yf+Nm6ctyXXFLV4WTNnzs7
+.			87377	IN	DNSKEY	256 3 8 AwEAAaPD7Y7XIi1MOEREJNTrRhyqsY3gff6JWzg+XCbqut1sbcbvqyssHw8DT1AkRaAC92pO8xuyq5QEgEPL1IHfABLwpwXI5gTj4gdwi86bpkmlWs9fRpnn4DPDCTdrnxIejJXgClHikLJF3u3CdpNCMijq4CKdQbMlRZ3avv+G7rh7
+.			87377	IN	RRSIG	DNSKEY 8 0 172800 20150115235959 20150101000000 19036 . i8cAxD2pvQi1oAyvQxRpDfFlbqPzW+69QQEsDwE1eWOm5AtawO9U7lmsGps7sy/fVNvl1ljKBj4Djp9pb3U2FLogjiIlW0cDAkPmLlG9t+b/pjEfBNlhjANUVN06pvQVAfm+LcF26EaWT6FlISBqb6jSy4BHRa3Bdc4Sx7+pRSYSqVVvYxLkfAWsKPqGkvWhebJDndJJV9syXQXgZ+v/uJ+6XOS43xkAdeL8iBzIs/FlwMTfh3tVe3d0lb65IBBLlCzeQuetX+0Vu1YFcnD0mHc/wS2ZnAV5toAFmyVQBoY/XAZiZeaOkcROJ6Zmqezy7liwK7BqsYyAZntMhk8lbg==
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 883 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 54555
+;; flags: qr rd ra ad cd ; qd: 1 an: 2 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ch., type = DS, class = IN
+
+;; ANSWERS:
+ch.			977	IN	DS	46375 8 2 8F96646FC68BB7E4AF4C0750A6096FBC0D4ECDA3D3FA6DA06FDDB42EE50C6CF3
+ch.			977	IN	RRSIG	DS 8 1 86400 20150112170000 20150105160000 16665 . thY7xYWBBxiBjqbQIb9fAG4TmQgnziwM7q6P1T3/ITxmECdvOCQnnZA3uD7qmN8uM0HudsD7+y+zgD3rsH4RSTKdL4kHSI0OnCxToMTvklghEgFDezqIRm8NkWdI2H4Stwrj20nYKSpLQxPI2EE54gs18P3KyO8bAUYv8Qx73xU=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 238 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 62611
+;; flags: qr rd ra ad cd ; qd: 1 an: 4 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ch., type = DNSKEY, class = IN
+
+;; ANSWERS:
+ch.			978	IN	DNSKEY	257 3 8 AwEAAb7GhhZ8IAy/AhwmSms5DeQK5ad09wIIplEpYoiAIYXPtJvT1ReFzyfTp/2YP+g/PWDwHPh4qKAHa9x0VgbIQcGAeNakmfkAdWEmCnca323/SAml3mwfaX62G7/uYWae5zh8QTxZKNd+K1yZ5x0IxnI31chSl5xymRbTEHYZDKwSIRFM3fTxUMt93WFaBVWELReYotJBr++rvAWdnlay5TPBTvheLBkaiqtgM4GP8HK07Y+86lsZnEsj5K3G1KTV5SPpa82rqYAwxG9VKbmSE/6/kBR5jJHjt1rRt5Oe7v18aEtw0YCEN4vxq+KuvMoNVqXUsE9LBwHJD+QNwi6wmB0=
+ch.			978	IN	DNSKEY	256 3 8 AwEAAcsg0kY6fw1wzYMhSAKTy+Y2JzAst66P/1odp9NECJJHbU8f4nwziI3onoFSBV0ZiSZhY1aH5dhdDZ7BkrqhVXSrZPAz0CvzjIxmB1gSOf9DeZvjQvoy97HqYolxsf+B3QQv2RKBT67elF5+JisKg3/dQISelKn8LhabSoVrMlD1
+ch.			978	IN	DNSKEY	256 3 8 AwEAAcSLdT0fEmcFmLpeUkAJoeVaHKiu+nbuc43fWlqaCRVf8t2HA4uWxOk0O5ci9nrFTc8nq8oa5fk5Cj7CHh4yrX9qUCfTdIWTyp8BDEdJpS+Dyb0u9wQuVj+nQMj4fLzdQf4TJs3/qxuiLr3nL1UUwlhhXeqSqGVb7p3mtB5HJ8ad
+ch.			978	IN	RRSIG	DNSKEY 8 1 86400 20150127100909 20141212090909 46375 ch. bT8q0FWyeMH0SulNo6UdIIgZYNATwYsee2bikq2Gh339Bufma8eaqWIPYT3XKmxYPBFOw0bVl+kLZxTwbR1CFoCDXoP+qgQhh4mf9qkNiv2CDSc+0FE3FRREn+DAhYTUEuB58FPiPakFB8s8O7T+k2qhDae7jy4/y7Jl1lnjaBY8s7bzOUPhF0KKCNZmvoKwtL23ZdVeTSV1xM3jkiNnpzBKbcoSWECSGJVp1SE0BnRXdwQP41YTXFZ0310YjaTAUCC5qbMIWdEkHjfdSQtKBImnc85mkapq9w++XQ4zhauPWBtrPV3CcoCahjUaWdjrKVkibomlJZaN8MEO23CfQw==
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 893 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 9284
+;; flags: qr rd ra cd ; qd: 1 an: 3 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ingotronic.ch., type = DS, class = IN
+
+;; ANSWERS:
+ingotronic.ch.		3586	IN	DS	6031 5 1 733D0218B571CD617B1A7493564B9FC4F12ADE82
+ingotronic.ch.		3586	IN	DS	6031 5 2 4A948F2FDADA24686E473EDAC00DCF972584C75E3FAA92C2021B6221449FF87E
+ingotronic.ch.		3586	IN	RRSIG	DS 8 2 3600 20150129033614 20150105123019 60789 ch. rVPJP2HhzW7OkroK2axFj5Lb4iVWCH8Fp/Iq1rF952NDo72b8RiKje2RaAKJAGQ+wd0YgE+PAej04GCmkhlDJA/zvPeeTxuhy3HbJzReMlQ7fjyH+wW1hli+FuIYvogXWf7nO/9VyPORt8X/f/pjrOr3Vlj9sGLN8TGYpEuVSw4=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 288 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 24290
+;; flags: qr aa rd ra cd ; qd: 1 an: 4 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ingotronic.ch., type = DNSKEY, class = IN
+
+;; ANSWERS:
+ingotronic.ch.		300	IN	DNSKEY	257 3 5 AwEAAeA1vzmjaB+eBAcvhzpKEgAEFpvQ1rg4uKDW6MsQtacKoqBpgyep2+LuWotz5p/xYxj3NGsArwN8Ad5cY0FHRr8miTT0elOv6nvlqGIfRuhj/BXAQ1x4ihpSFslHw0lJMYFwxsUZWpUyjWX/nv1xRZMMwF46gui0N4OEbyTYusCk77D+A71k+K0EAitFIbIH4GCUKmH1H7HmXhSVH9bN/n7KEGwW32lmsuuUcJoRKDkcUvbMXY/9Xoa2quERrUg/rBbDUHowRPjYDS5GzY1+f4YY8s40BufGiqyUTKKXL953MVFK8gmezXA0hbmrnZ7CBOw/7238mORAdzExaX8n7CE=
+ingotronic.ch.		300	IN	DNSKEY	256 3 5 AwEAAZ2Xh77GFzpEDx7EHYxShqltHgkiG+BOjBGifEmnJhQSdE5/yNSLFNcdhZZ8HUPxYnaedTqJcFFg4AzUsQklF/fECegTJdZjaj2WoL0/I8K7HMfY/hVuRZUWPNglYi8agJRX6gdkFTCpUNI7stpgKqxtzUJhhw15uG/lKMplwqUr
+ingotronic.ch.		300	IN	RRSIG	DNSKEY 5 2 300 20150125003700 20141226001657 6031 ingotronic.ch. rs1QlP2SlSpA2ELbzwg3DgWLzXWL3Lpv6CUJE2Q0qH2Zp7Qdy3cD+ZEtNh9v24Qv1M6JJ3zFt8mmZoCeW2ycuMbJCqBkW9CBuwF+VznZvZY2MxwPipvhvEEGP//0M8YAZJ66yQPDv3PTdAP8FYbIrJyvY44vwyncwbslpfHT9jAsrbfr3vuMuWps86dnP462q+0s1TxBfqi8mzo3gdavjHKWVNwohLahLKT+tWeu6DSzQv0YwMjwtkLgF7QRgx3ctIIkloOrnx9nHH1N6y+hxEB89fOlyVDjHhgL5uVtsD5fEdT0FJ2Gc/2nShEMMqIwr1/J9kUq1mNySff/uEe65Q==
+ingotronic.ch.		300	IN	RRSIG	DNSKEY 5 2 300 20150125003700 20141226001657 17430 ingotronic.ch. mEwZjhQqeWksWD0TCnNBrtce4YkWJL3edqL6PvAUu8Fn+Ih437kEs3+pqdkgRsdYQ9HW+lBm/8pWwJlNAv0bi9NykItXMwAUFtncgq+6Pnh3iAM972GXSa5VV4LcGQ5b8CBdHCHiEKDqyPv5Hr5QfYL/FQaWlcNRh4QZZlZNPFA=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 940 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 1013
+;; flags: qr rd ra ad cd ; qd: 1 an: 4 au: 0 ad: 1 
+;; QUESTIONS:
+;;	., type = DNSKEY, class = IN
+
+;; ANSWERS:
+.			87377	IN	DNSKEY	256 3 8 AwEAAaPD7Y7XIi1MOEREJNTrRhyqsY3gff6JWzg+XCbqut1sbcbvqyssHw8DT1AkRaAC92pO8xuyq5QEgEPL1IHfABLwpwXI5gTj4gdwi86bpkmlWs9fRpnn4DPDCTdrnxIejJXgClHikLJF3u3CdpNCMijq4CKdQbMlRZ3avv+G7rh7
+.			87377	IN	DNSKEY	257 3 8 AwEAAagAIKlVZrpC6Ia7gEzahOR+9W29euxhJhVVLOyQbSEW0O8gcCjFFVQUTf6v58fLjwBd0YI0EzrAcQqBGCzh/RStIoO8g0NfnfL2MTJRkxoXbfDaUeVPQuYEhg37NZWAJQ9VnMVDxP/VHL496M/QZxkjf5/Efucp2gaDX6RS6CXpoY68LsvPVjR0ZSwzz1apAzvN9dlzEheX7ICJBBtuA6G3LQpzW5hOA2hzCTMjJPJ8LbqF6dsV6DoBQzgul0sGIcGOYl7OyQdXfZ57relSQageu+ipAdTTJ25AsRTAoub8ONGcLmqrAmRLKBP1dfwhYB4N7knNnulqQxA+Uk1ihz0=
+.			87377	IN	DNSKEY	256 3 8 AwEAAe3fSrbLBy3LOS7pnxEUhvPZTE2H5dIGsI/UfruI/nOEvWWa/PSX2BFedBkEqOlYdjdNF2f+6lmfk2Od/xu0v5bVqxFE+/24v3hZSlWBxvXzPTAGHrbW/IJYEPqlzVOAS4XdUgHg0N7IbLywNHMvB+Yf+Nm6ctyXXFLV4WTNnzs7
+.			87377	IN	RRSIG	DNSKEY 8 0 172800 20150115235959 20150101000000 19036 . i8cAxD2pvQi1oAyvQxRpDfFlbqPzW+69QQEsDwE1eWOm5AtawO9U7lmsGps7sy/fVNvl1ljKBj4Djp9pb3U2FLogjiIlW0cDAkPmLlG9t+b/pjEfBNlhjANUVN06pvQVAfm+LcF26EaWT6FlISBqb6jSy4BHRa3Bdc4Sx7+pRSYSqVVvYxLkfAWsKPqGkvWhebJDndJJV9syXQXgZ+v/uJ+6XOS43xkAdeL8iBzIs/FlwMTfh3tVe3d0lb65IBBLlCzeQuetX+0Vu1YFcnD0mHc/wS2ZnAV5toAFmyVQBoY/XAZiZeaOkcROJ6Zmqezy7liwK7BqsYyAZntMhk8lbg==
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 883 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 38352
+;; flags: qr rd ra ad cd ; qd: 1 an: 2 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ch., type = DS, class = IN
+
+;; ANSWERS:
+ch.			977	IN	DS	46375 8 2 8F96646FC68BB7E4AF4C0750A6096FBC0D4ECDA3D3FA6DA06FDDB42EE50C6CF3
+ch.			977	IN	RRSIG	DS 8 1 86400 20150112170000 20150105160000 16665 . thY7xYWBBxiBjqbQIb9fAG4TmQgnziwM7q6P1T3/ITxmECdvOCQnnZA3uD7qmN8uM0HudsD7+y+zgD3rsH4RSTKdL4kHSI0OnCxToMTvklghEgFDezqIRm8NkWdI2H4Stwrj20nYKSpLQxPI2EE54gs18P3KyO8bAUYv8Qx73xU=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 238 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 46761
+;; flags: qr rd ra ad cd ; qd: 1 an: 4 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ch., type = DNSKEY, class = IN
+
+;; ANSWERS:
+ch.			978	IN	DNSKEY	256 3 8 AwEAAcSLdT0fEmcFmLpeUkAJoeVaHKiu+nbuc43fWlqaCRVf8t2HA4uWxOk0O5ci9nrFTc8nq8oa5fk5Cj7CHh4yrX9qUCfTdIWTyp8BDEdJpS+Dyb0u9wQuVj+nQMj4fLzdQf4TJs3/qxuiLr3nL1UUwlhhXeqSqGVb7p3mtB5HJ8ad
+ch.			978	IN	DNSKEY	257 3 8 AwEAAb7GhhZ8IAy/AhwmSms5DeQK5ad09wIIplEpYoiAIYXPtJvT1ReFzyfTp/2YP+g/PWDwHPh4qKAHa9x0VgbIQcGAeNakmfkAdWEmCnca323/SAml3mwfaX62G7/uYWae5zh8QTxZKNd+K1yZ5x0IxnI31chSl5xymRbTEHYZDKwSIRFM3fTxUMt93WFaBVWELReYotJBr++rvAWdnlay5TPBTvheLBkaiqtgM4GP8HK07Y+86lsZnEsj5K3G1KTV5SPpa82rqYAwxG9VKbmSE/6/kBR5jJHjt1rRt5Oe7v18aEtw0YCEN4vxq+KuvMoNVqXUsE9LBwHJD+QNwi6wmB0=
+ch.			978	IN	DNSKEY	256 3 8 AwEAAcsg0kY6fw1wzYMhSAKTy+Y2JzAst66P/1odp9NECJJHbU8f4nwziI3onoFSBV0ZiSZhY1aH5dhdDZ7BkrqhVXSrZPAz0CvzjIxmB1gSOf9DeZvjQvoy97HqYolxsf+B3QQv2RKBT67elF5+JisKg3/dQISelKn8LhabSoVrMlD1
+ch.			978	IN	RRSIG	DNSKEY 8 1 86400 20150127100909 20141212090909 46375 ch. bT8q0FWyeMH0SulNo6UdIIgZYNATwYsee2bikq2Gh339Bufma8eaqWIPYT3XKmxYPBFOw0bVl+kLZxTwbR1CFoCDXoP+qgQhh4mf9qkNiv2CDSc+0FE3FRREn+DAhYTUEuB58FPiPakFB8s8O7T+k2qhDae7jy4/y7Jl1lnjaBY8s7bzOUPhF0KKCNZmvoKwtL23ZdVeTSV1xM3jkiNnpzBKbcoSWECSGJVp1SE0BnRXdwQP41YTXFZ0310YjaTAUCC5qbMIWdEkHjfdSQtKBImnc85mkapq9w++XQ4zhauPWBtrPV3CcoCahjUaWdjrKVkibomlJZaN8MEO23CfQw==
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 893 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 56933
+;; flags: qr rd ra cd ; qd: 1 an: 3 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ingotronic.ch., type = DS, class = IN
+
+;; ANSWERS:
+ingotronic.ch.		3586	IN	DS	6031 5 1 733D0218B571CD617B1A7493564B9FC4F12ADE82
+ingotronic.ch.		3586	IN	DS	6031 5 2 4A948F2FDADA24686E473EDAC00DCF972584C75E3FAA92C2021B6221449FF87E
+ingotronic.ch.		3586	IN	RRSIG	DS 8 2 3600 20150129033614 20150105123019 60789 ch. rVPJP2HhzW7OkroK2axFj5Lb4iVWCH8Fp/Iq1rF952NDo72b8RiKje2RaAKJAGQ+wd0YgE+PAej04GCmkhlDJA/zvPeeTxuhy3HbJzReMlQ7fjyH+wW1hli+FuIYvogXWf7nO/9VyPORt8X/f/pjrOr3Vlj9sGLN8TGYpEuVSw4=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 288 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 32818
+;; flags: qr aa rd ra cd ; qd: 1 an: 4 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ingotronic.ch., type = DNSKEY, class = IN
+
+;; ANSWERS:
+ingotronic.ch.		300	IN	DNSKEY	257 3 5 AwEAAeA1vzmjaB+eBAcvhzpKEgAEFpvQ1rg4uKDW6MsQtacKoqBpgyep2+LuWotz5p/xYxj3NGsArwN8Ad5cY0FHRr8miTT0elOv6nvlqGIfRuhj/BXAQ1x4ihpSFslHw0lJMYFwxsUZWpUyjWX/nv1xRZMMwF46gui0N4OEbyTYusCk77D+A71k+K0EAitFIbIH4GCUKmH1H7HmXhSVH9bN/n7KEGwW32lmsuuUcJoRKDkcUvbMXY/9Xoa2quERrUg/rBbDUHowRPjYDS5GzY1+f4YY8s40BufGiqyUTKKXL953MVFK8gmezXA0hbmrnZ7CBOw/7238mORAdzExaX8n7CE=
+ingotronic.ch.		300	IN	DNSKEY	256 3 5 AwEAAZ2Xh77GFzpEDx7EHYxShqltHgkiG+BOjBGifEmnJhQSdE5/yNSLFNcdhZZ8HUPxYnaedTqJcFFg4AzUsQklF/fECegTJdZjaj2WoL0/I8K7HMfY/hVuRZUWPNglYi8agJRX6gdkFTCpUNI7stpgKqxtzUJhhw15uG/lKMplwqUr
+ingotronic.ch.		300	IN	RRSIG	DNSKEY 5 2 300 20150125003700 20141226001657 6031 ingotronic.ch. rs1QlP2SlSpA2ELbzwg3DgWLzXWL3Lpv6CUJE2Q0qH2Zp7Qdy3cD+ZEtNh9v24Qv1M6JJ3zFt8mmZoCeW2ycuMbJCqBkW9CBuwF+VznZvZY2MxwPipvhvEEGP//0M8YAZJ66yQPDv3PTdAP8FYbIrJyvY44vwyncwbslpfHT9jAsrbfr3vuMuWps86dnP462q+0s1TxBfqi8mzo3gdavjHKWVNwohLahLKT+tWeu6DSzQv0YwMjwtkLgF7QRgx3ctIIkloOrnx9nHH1N6y+hxEB89fOlyVDjHhgL5uVtsD5fEdT0FJ2Gc/2nShEMMqIwr1/J9kUq1mNySff/uEe65Q==
+ingotronic.ch.		300	IN	RRSIG	DNSKEY 5 2 300 20150125003700 20141226001657 17430 ingotronic.ch. mEwZjhQqeWksWD0TCnNBrtce4YkWJL3edqL6PvAUu8Fn+Ih437kEs3+pqdkgRsdYQ9HW+lBm/8pWwJlNAv0bi9NykItXMwAUFtncgq+6Pnh3iAM972GXSa5VV4LcGQ5b8CBdHCHiEKDqyPv5Hr5QfYL/FQaWlcNRh4QZZlZNPFA=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 940 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 13560
+;; flags: qr aa rd ra cd ; qd: 1 an: 0 au: 4 ad: 1 
+;; QUESTIONS:
+;;	unsigned.ingotronic.ch., type = DS, class = IN
+
+;; ANSWERS:
+
+;; AUTHORITY RECORDS:
+ingotronic.ch.		300	IN	SOA	ns1.ingotronic.ch. admin.ingotronic.ch. 2013032762 300 60 864000 300
+ingotronic.ch.		300	IN	RRSIG	SOA 5 2 300 20150125021244 20141226011244 17430 ingotronic.ch. WDLpp9G0P/rlMBfpFn9sAfpEFoBnQfwyGSXbGCc/LG1FSkJoKLDQYDY696scLNsJgkrzZeJrl0oSSvA8AvRUhYRrmuqWMxTVFgYlRwPwqEMCKUqiVhKGVF4NYemoBiUQC4nJwBZd57xKCiF4AQ4CodBtiZxefJFAlTNE0g2yxtM=
+unsigned.ingotronic.ch.	300	IN	NSEC	v.ingotronic.ch. NS RRSIG NSEC
+unsigned.ingotronic.ch.	300	IN	RRSIG	NSEC 5 3 300 20150125004144 20141226003211 17430 ingotronic.ch. VsO/22QJi2Ny+QZBukileDIUc4/DqPdZwNssNbylPAscz0IBrLt9zKDcI26NSMqhFRFXIZqBXJScmKJseKB+wQUscwKK5kkzUIXK/SPbLQ8MLnOUKIXUgURDKDCp6W8eHoa/51dOS0Vb1woxmzN1kQnjTTUoW5z1igN7RcYCuGQ=
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 480 bytes
+
+###############################################
+
diff --git a/src/test/resources/recordings/org_xbill_DNS_dnssec_TestCNames/testCNameToVoidExternalInvalidTld b/src/test/resources/recordings/org_xbill_DNS_dnssec_TestCNames/testCNameToVoidExternalInvalidTld
new file mode 100644
index 000000000..94a244486
--- /dev/null
+++ b/src/test/resources/recordings/org_xbill_DNS_dnssec_TestCNames/testCNameToVoidExternalInvalidTld
@@ -0,0 +1,122 @@
+#Date: 2015-01-06T22:34:59+01:00
+;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 6215
+;; flags: qr aa rd ra cd ; qd: 1 an: 2 au: 6 ad: 1 
+;; QUESTIONS:
+;;	cvoidext1.ingotronic.ch., type = A, class = IN
+
+;; ANSWERS:
+cvoidext1.ingotronic.ch.	300	IN	CNAME	example.invalid.
+cvoidext1.ingotronic.ch.	300	IN	RRSIG	CNAME 5 3 300 20150125010026 20141226003834 17430 ingotronic.ch. Xav60pS0YfajeVhUHndHfm+x6EwR84QywbttguX6n0aZIeh/wI4Hq9DBwGJXi69Q8yzLlnS8hL2UXKewYs4lPds0hYNDj6I01nxtUbZvsi+DDLnkQsdJ7pgWQh8L9zPDIMxOk2E6fcKD5M9DOV1ARfcXKwxUQX6cpy5xwp7/NGU=
+
+;; AUTHORITY RECORDS:
+.			10800	IN	SOA	a.root-servers.net. nstld.verisign-grs.com. 2015010601 1800 900 604800 86400
+.			10800	IN	RRSIG	SOA 8 0 86400 20150113170000 20150106160000 16665 . R9ZOwEb5fodQQNRl4WvguyqEzOxdNPQ18nI+0R5sB2JSqG4Qz45SwW+vfnFCF01UW43/GdEfGOScrYVP2UBM8F2WOM+tHMZN0t9BbP9uszTWhzdYNCl3UKYYJiB59b8HIhKXlERPVfW2UEgIiI2VajShJnUv67W8gQO56hgTNEE=
+.			10800	IN	RRSIG	NSEC 8 0 86400 20150113170000 20150106160000 16665 . wlEpGn1C8YZzJjIrlJp/GSud5FuLAZZj9C54DrKEl9gELWeIFJgLwkI1tcH4EhabbsNScB7SPOmVmnLkuM4Q6yJkmI1HXeBrddxniI2YEw+m9++/i19AqfDxuVYs52peKxXdEZ/sIS5JtDz3bdB44IAp2k1ue780z0xRV796vUk=
+.			10800	IN	NSEC	abogado. NS SOA RRSIG NSEC DNSKEY
+international.		10800	IN	RRSIG	NSEC 8 1 86400 20150113170000 20150106160000 16665 . Bd+SEFOjCmN5pg924EOfuq15E0haMqLhX0Li2V3KDfosFYoA81Vs8Okg7Jvc5KJn1eRu4HnZlz81bIYZ9Kt5bJGoFie+5iCcnlZPBQhKTYN5M80/BepNJyrcvocFvgRDaEYv1si1cxRpLGMYDTVHHkykSNjygRTuVdP/JZ/A9LA=
+international.		10800	IN	NSEC	investments. NS DS RRSIG NSEC
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 879 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 40638
+;; flags: qr rd ra ad cd ; qd: 1 an: 4 au: 0 ad: 1 
+;; QUESTIONS:
+;;	., type = DNSKEY, class = IN
+
+;; ANSWERS:
+.			87374	IN	DNSKEY	256 3 8 AwEAAe3fSrbLBy3LOS7pnxEUhvPZTE2H5dIGsI/UfruI/nOEvWWa/PSX2BFedBkEqOlYdjdNF2f+6lmfk2Od/xu0v5bVqxFE+/24v3hZSlWBxvXzPTAGHrbW/IJYEPqlzVOAS4XdUgHg0N7IbLywNHMvB+Yf+Nm6ctyXXFLV4WTNnzs7
+.			87374	IN	DNSKEY	256 3 8 AwEAAaPD7Y7XIi1MOEREJNTrRhyqsY3gff6JWzg+XCbqut1sbcbvqyssHw8DT1AkRaAC92pO8xuyq5QEgEPL1IHfABLwpwXI5gTj4gdwi86bpkmlWs9fRpnn4DPDCTdrnxIejJXgClHikLJF3u3CdpNCMijq4CKdQbMlRZ3avv+G7rh7
+.			87374	IN	DNSKEY	257 3 8 AwEAAagAIKlVZrpC6Ia7gEzahOR+9W29euxhJhVVLOyQbSEW0O8gcCjFFVQUTf6v58fLjwBd0YI0EzrAcQqBGCzh/RStIoO8g0NfnfL2MTJRkxoXbfDaUeVPQuYEhg37NZWAJQ9VnMVDxP/VHL496M/QZxkjf5/Efucp2gaDX6RS6CXpoY68LsvPVjR0ZSwzz1apAzvN9dlzEheX7ICJBBtuA6G3LQpzW5hOA2hzCTMjJPJ8LbqF6dsV6DoBQzgul0sGIcGOYl7OyQdXfZ57relSQageu+ipAdTTJ25AsRTAoub8ONGcLmqrAmRLKBP1dfwhYB4N7knNnulqQxA+Uk1ihz0=
+.			87374	IN	RRSIG	DNSKEY 8 0 172800 20150115235959 20150101000000 19036 . i8cAxD2pvQi1oAyvQxRpDfFlbqPzW+69QQEsDwE1eWOm5AtawO9U7lmsGps7sy/fVNvl1ljKBj4Djp9pb3U2FLogjiIlW0cDAkPmLlG9t+b/pjEfBNlhjANUVN06pvQVAfm+LcF26EaWT6FlISBqb6jSy4BHRa3Bdc4Sx7+pRSYSqVVvYxLkfAWsKPqGkvWhebJDndJJV9syXQXgZ+v/uJ+6XOS43xkAdeL8iBzIs/FlwMTfh3tVe3d0lb65IBBLlCzeQuetX+0Vu1YFcnD0mHc/wS2ZnAV5toAFmyVQBoY/XAZiZeaOkcROJ6Zmqezy7liwK7BqsYyAZntMhk8lbg==
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 883 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 38951
+;; flags: qr rd ra ad cd ; qd: 1 an: 2 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ch., type = DS, class = IN
+
+;; ANSWERS:
+ch.			974	IN	DS	46375 8 2 8F96646FC68BB7E4AF4C0750A6096FBC0D4ECDA3D3FA6DA06FDDB42EE50C6CF3
+ch.			974	IN	RRSIG	DS 8 1 86400 20150112170000 20150105160000 16665 . thY7xYWBBxiBjqbQIb9fAG4TmQgnziwM7q6P1T3/ITxmECdvOCQnnZA3uD7qmN8uM0HudsD7+y+zgD3rsH4RSTKdL4kHSI0OnCxToMTvklghEgFDezqIRm8NkWdI2H4Stwrj20nYKSpLQxPI2EE54gs18P3KyO8bAUYv8Qx73xU=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 238 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 7331
+;; flags: qr rd ra ad cd ; qd: 1 an: 4 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ch., type = DNSKEY, class = IN
+
+;; ANSWERS:
+ch.			975	IN	DNSKEY	257 3 8 AwEAAb7GhhZ8IAy/AhwmSms5DeQK5ad09wIIplEpYoiAIYXPtJvT1ReFzyfTp/2YP+g/PWDwHPh4qKAHa9x0VgbIQcGAeNakmfkAdWEmCnca323/SAml3mwfaX62G7/uYWae5zh8QTxZKNd+K1yZ5x0IxnI31chSl5xymRbTEHYZDKwSIRFM3fTxUMt93WFaBVWELReYotJBr++rvAWdnlay5TPBTvheLBkaiqtgM4GP8HK07Y+86lsZnEsj5K3G1KTV5SPpa82rqYAwxG9VKbmSE/6/kBR5jJHjt1rRt5Oe7v18aEtw0YCEN4vxq+KuvMoNVqXUsE9LBwHJD+QNwi6wmB0=
+ch.			975	IN	DNSKEY	256 3 8 AwEAAcSLdT0fEmcFmLpeUkAJoeVaHKiu+nbuc43fWlqaCRVf8t2HA4uWxOk0O5ci9nrFTc8nq8oa5fk5Cj7CHh4yrX9qUCfTdIWTyp8BDEdJpS+Dyb0u9wQuVj+nQMj4fLzdQf4TJs3/qxuiLr3nL1UUwlhhXeqSqGVb7p3mtB5HJ8ad
+ch.			975	IN	DNSKEY	256 3 8 AwEAAcsg0kY6fw1wzYMhSAKTy+Y2JzAst66P/1odp9NECJJHbU8f4nwziI3onoFSBV0ZiSZhY1aH5dhdDZ7BkrqhVXSrZPAz0CvzjIxmB1gSOf9DeZvjQvoy97HqYolxsf+B3QQv2RKBT67elF5+JisKg3/dQISelKn8LhabSoVrMlD1
+ch.			975	IN	RRSIG	DNSKEY 8 1 86400 20150127100909 20141212090909 46375 ch. bT8q0FWyeMH0SulNo6UdIIgZYNATwYsee2bikq2Gh339Bufma8eaqWIPYT3XKmxYPBFOw0bVl+kLZxTwbR1CFoCDXoP+qgQhh4mf9qkNiv2CDSc+0FE3FRREn+DAhYTUEuB58FPiPakFB8s8O7T+k2qhDae7jy4/y7Jl1lnjaBY8s7bzOUPhF0KKCNZmvoKwtL23ZdVeTSV1xM3jkiNnpzBKbcoSWECSGJVp1SE0BnRXdwQP41YTXFZ0310YjaTAUCC5qbMIWdEkHjfdSQtKBImnc85mkapq9w++XQ4zhauPWBtrPV3CcoCahjUaWdjrKVkibomlJZaN8MEO23CfQw==
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 893 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 27566
+;; flags: qr rd ra cd ; qd: 1 an: 3 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ingotronic.ch., type = DS, class = IN
+
+;; ANSWERS:
+ingotronic.ch.		3583	IN	DS	6031 5 1 733D0218B571CD617B1A7493564B9FC4F12ADE82
+ingotronic.ch.		3583	IN	DS	6031 5 2 4A948F2FDADA24686E473EDAC00DCF972584C75E3FAA92C2021B6221449FF87E
+ingotronic.ch.		3583	IN	RRSIG	DS 8 2 3600 20150129033614 20150105123019 60789 ch. rVPJP2HhzW7OkroK2axFj5Lb4iVWCH8Fp/Iq1rF952NDo72b8RiKje2RaAKJAGQ+wd0YgE+PAej04GCmkhlDJA/zvPeeTxuhy3HbJzReMlQ7fjyH+wW1hli+FuIYvogXWf7nO/9VyPORt8X/f/pjrOr3Vlj9sGLN8TGYpEuVSw4=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 288 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 9517
+;; flags: qr aa rd ra cd ; qd: 1 an: 4 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ingotronic.ch., type = DNSKEY, class = IN
+
+;; ANSWERS:
+ingotronic.ch.		300	IN	DNSKEY	256 3 5 AwEAAZ2Xh77GFzpEDx7EHYxShqltHgkiG+BOjBGifEmnJhQSdE5/yNSLFNcdhZZ8HUPxYnaedTqJcFFg4AzUsQklF/fECegTJdZjaj2WoL0/I8K7HMfY/hVuRZUWPNglYi8agJRX6gdkFTCpUNI7stpgKqxtzUJhhw15uG/lKMplwqUr
+ingotronic.ch.		300	IN	DNSKEY	257 3 5 AwEAAeA1vzmjaB+eBAcvhzpKEgAEFpvQ1rg4uKDW6MsQtacKoqBpgyep2+LuWotz5p/xYxj3NGsArwN8Ad5cY0FHRr8miTT0elOv6nvlqGIfRuhj/BXAQ1x4ihpSFslHw0lJMYFwxsUZWpUyjWX/nv1xRZMMwF46gui0N4OEbyTYusCk77D+A71k+K0EAitFIbIH4GCUKmH1H7HmXhSVH9bN/n7KEGwW32lmsuuUcJoRKDkcUvbMXY/9Xoa2quERrUg/rBbDUHowRPjYDS5GzY1+f4YY8s40BufGiqyUTKKXL953MVFK8gmezXA0hbmrnZ7CBOw/7238mORAdzExaX8n7CE=
+ingotronic.ch.		300	IN	RRSIG	DNSKEY 5 2 300 20150125003700 20141226001657 6031 ingotronic.ch. rs1QlP2SlSpA2ELbzwg3DgWLzXWL3Lpv6CUJE2Q0qH2Zp7Qdy3cD+ZEtNh9v24Qv1M6JJ3zFt8mmZoCeW2ycuMbJCqBkW9CBuwF+VznZvZY2MxwPipvhvEEGP//0M8YAZJ66yQPDv3PTdAP8FYbIrJyvY44vwyncwbslpfHT9jAsrbfr3vuMuWps86dnP462q+0s1TxBfqi8mzo3gdavjHKWVNwohLahLKT+tWeu6DSzQv0YwMjwtkLgF7QRgx3ctIIkloOrnx9nHH1N6y+hxEB89fOlyVDjHhgL5uVtsD5fEdT0FJ2Gc/2nShEMMqIwr1/J9kUq1mNySff/uEe65Q==
+ingotronic.ch.		300	IN	RRSIG	DNSKEY 5 2 300 20150125003700 20141226001657 17430 ingotronic.ch. mEwZjhQqeWksWD0TCnNBrtce4YkWJL3edqL6PvAUu8Fn+Ih437kEs3+pqdkgRsdYQ9HW+lBm/8pWwJlNAv0bi9NykItXMwAUFtncgq+6Pnh3iAM972GXSa5VV4LcGQ5b8CBdHCHiEKDqyPv5Hr5QfYL/FQaWlcNRh4QZZlZNPFA=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 940 bytes
+
+###############################################
+
diff --git a/src/test/resources/recordings/org_xbill_DNS_dnssec_TestCNames/testCNameToVoidExternalValidTld b/src/test/resources/recordings/org_xbill_DNS_dnssec_TestCNames/testCNameToVoidExternalValidTld
new file mode 100644
index 000000000..818fc5a87
--- /dev/null
+++ b/src/test/resources/recordings/org_xbill_DNS_dnssec_TestCNames/testCNameToVoidExternalValidTld
@@ -0,0 +1,182 @@
+#Date: 2015-01-06T22:34:57+01:00
+;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 46204
+;; flags: qr aa rd ra cd ; qd: 1 an: 2 au: 8 ad: 1 
+;; QUESTIONS:
+;;	cvoidext2.ingotronic.ch., type = A, class = IN
+
+;; ANSWERS:
+cvoidext2.ingotronic.ch.	300	IN	CNAME	asdfasdfasdfasdfasdlallala.cz.
+cvoidext2.ingotronic.ch.	300	IN	RRSIG	CNAME 5 3 300 20150125010026 20141226003834 17430 ingotronic.ch. gmo4G24J9Mvp33WaOCGbCb458CVIs/4I4Y3LKckPljSGiABf/yaQGvS9l3IzJPQnYSX8YQ4DIqlk7eusuJQY0fy2aAdOm04FwmwqUwyTmsAZLFVj3QTdKegKd5Dn6X3dkn0tey+B+f9vvAC7463cXnFBV/IH/FarIrI6k9ojzKY=
+
+;; AUTHORITY RECORDS:
+cz.			900	IN	SOA	a.ns.nic.cz. hostmaster.nic.cz. 1420578481 900 300 604800 900
+cz.			900	IN	RRSIG	SOA 10 1 18000 20150120004808 20150106200801 12305 cz. wlLCApKp0+5n0FCqFyBqMMhIT3Ed0PZL096UZE52b6kbc1vlZMrJTVegCNAfqHA5lncr5IDiH74MRycOHXrASZbjRkrSlD/65Q6078U0eyUeMfkdTGtpbG4O9MIoYz2ZOYA+cm46kihukqqyL8TYW4k6tPPz38wM0ZtOOm6os68=
+38GIO0D33Q2JTSPH3U5Q11N5T26Q7Q4K.cz.	900	IN	RRSIG	NSEC3 10 2 900 20150115154919 20150103133802 12305 cz. PJPc+o6k8nLCNnQLA7TsWdzq48+QO864/hWGqVRSCi9ukLgGDMKqv+jElAfWaUEC5+VjcqVFbPN4axf3f3YrujByVEeEh7w4xyszNT1PXuW8aRzxQY25w56qZg/0RS7u3iPqTTXD326C0YSviz9U+cUS01SDDG/VykuYNZ4HFW0=
+38GIO0D33Q2JTSPH3U5Q11N5T26Q7Q4K.cz.	900	IN	NSEC3	1 0 10 67B58E8C9BC9DB56 38GKDLFFUNLEL0AGNO2LSLVJVKI68LAG NS
+8EFHGTJ1KPPOHHCDUN98RE9MQIJPGRTJ.cz.	900	IN	RRSIG	NSEC3 10 2 900 20150116070317 20150102073803 12305 cz. zOjazMb7y7VNKVJ0lV/GZWqzuQry0BGluA0L/r3jclBMei61EOK5OzZYz8w/rWbvYVD0bbRoicE2xnkfzABZU94vz+b62jYZQCbMymg53rYv3fiqIsxryxpZFxT/uJaHKpjN0qFUFbeWF6zSdx5LuH2d7dKK0GvQHm75YKljoXw=
+8EFHGTJ1KPPOHHCDUN98RE9MQIJPGRTJ.cz.	900	IN	NSEC3	1 0 10 67B58E8C9BC9DB56 8EFJ4IJ3TL227ELEVRADBRR79O7OI5GU NS DS RRSIG
+FT1N74TQU0J7F46PTJVFUISFDM2FASQ9.cz.	900	IN	RRSIG	NSEC3 10 2 900 20150116012634 20150103003759 12305 cz. DuInt8AROXCbNdXO8QTeha9mLCaa/yw+6OhWNrRf65ZduFNSz+HVsAOK2XTmDoLUbrqGWzVSLS+ICJHYld40A8ApKEziLg5Kml5sLdZqQ/B3eFKAlCs085ZVqTRn7CtcSNFlO99nbcrLFum7Bd791XqNObAUuWULgEoknq/CqVc=
+FT1N74TQU0J7F46PTJVFUISFDM2FASQ9.cz.	900	IN	NSEC3	1 0 10 67B58E8C9BC9DB56 FT1N8G39QDVVI8P5NMEPU90HLCN2JE96 NS SOA RRSIG DNSKEY NSEC3PARAM
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 1229 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 4951
+;; flags: qr rd ra ad cd ; qd: 1 an: 4 au: 0 ad: 1 
+;; QUESTIONS:
+;;	., type = DNSKEY, class = IN
+
+;; ANSWERS:
+.			87377	IN	DNSKEY	256 3 8 AwEAAe3fSrbLBy3LOS7pnxEUhvPZTE2H5dIGsI/UfruI/nOEvWWa/PSX2BFedBkEqOlYdjdNF2f+6lmfk2Od/xu0v5bVqxFE+/24v3hZSlWBxvXzPTAGHrbW/IJYEPqlzVOAS4XdUgHg0N7IbLywNHMvB+Yf+Nm6ctyXXFLV4WTNnzs7
+.			87377	IN	DNSKEY	256 3 8 AwEAAaPD7Y7XIi1MOEREJNTrRhyqsY3gff6JWzg+XCbqut1sbcbvqyssHw8DT1AkRaAC92pO8xuyq5QEgEPL1IHfABLwpwXI5gTj4gdwi86bpkmlWs9fRpnn4DPDCTdrnxIejJXgClHikLJF3u3CdpNCMijq4CKdQbMlRZ3avv+G7rh7
+.			87377	IN	DNSKEY	257 3 8 AwEAAagAIKlVZrpC6Ia7gEzahOR+9W29euxhJhVVLOyQbSEW0O8gcCjFFVQUTf6v58fLjwBd0YI0EzrAcQqBGCzh/RStIoO8g0NfnfL2MTJRkxoXbfDaUeVPQuYEhg37NZWAJQ9VnMVDxP/VHL496M/QZxkjf5/Efucp2gaDX6RS6CXpoY68LsvPVjR0ZSwzz1apAzvN9dlzEheX7ICJBBtuA6G3LQpzW5hOA2hzCTMjJPJ8LbqF6dsV6DoBQzgul0sGIcGOYl7OyQdXfZ57relSQageu+ipAdTTJ25AsRTAoub8ONGcLmqrAmRLKBP1dfwhYB4N7knNnulqQxA+Uk1ihz0=
+.			87377	IN	RRSIG	DNSKEY 8 0 172800 20150115235959 20150101000000 19036 . i8cAxD2pvQi1oAyvQxRpDfFlbqPzW+69QQEsDwE1eWOm5AtawO9U7lmsGps7sy/fVNvl1ljKBj4Djp9pb3U2FLogjiIlW0cDAkPmLlG9t+b/pjEfBNlhjANUVN06pvQVAfm+LcF26EaWT6FlISBqb6jSy4BHRa3Bdc4Sx7+pRSYSqVVvYxLkfAWsKPqGkvWhebJDndJJV9syXQXgZ+v/uJ+6XOS43xkAdeL8iBzIs/FlwMTfh3tVe3d0lb65IBBLlCzeQuetX+0Vu1YFcnD0mHc/wS2ZnAV5toAFmyVQBoY/XAZiZeaOkcROJ6Zmqezy7liwK7BqsYyAZntMhk8lbg==
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 883 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 30086
+;; flags: qr rd ra ad cd ; qd: 1 an: 2 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ch., type = DS, class = IN
+
+;; ANSWERS:
+ch.			977	IN	DS	46375 8 2 8F96646FC68BB7E4AF4C0750A6096FBC0D4ECDA3D3FA6DA06FDDB42EE50C6CF3
+ch.			977	IN	RRSIG	DS 8 1 86400 20150112170000 20150105160000 16665 . thY7xYWBBxiBjqbQIb9fAG4TmQgnziwM7q6P1T3/ITxmECdvOCQnnZA3uD7qmN8uM0HudsD7+y+zgD3rsH4RSTKdL4kHSI0OnCxToMTvklghEgFDezqIRm8NkWdI2H4Stwrj20nYKSpLQxPI2EE54gs18P3KyO8bAUYv8Qx73xU=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 238 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 44855
+;; flags: qr rd ra ad cd ; qd: 1 an: 4 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ch., type = DNSKEY, class = IN
+
+;; ANSWERS:
+ch.			978	IN	DNSKEY	257 3 8 AwEAAb7GhhZ8IAy/AhwmSms5DeQK5ad09wIIplEpYoiAIYXPtJvT1ReFzyfTp/2YP+g/PWDwHPh4qKAHa9x0VgbIQcGAeNakmfkAdWEmCnca323/SAml3mwfaX62G7/uYWae5zh8QTxZKNd+K1yZ5x0IxnI31chSl5xymRbTEHYZDKwSIRFM3fTxUMt93WFaBVWELReYotJBr++rvAWdnlay5TPBTvheLBkaiqtgM4GP8HK07Y+86lsZnEsj5K3G1KTV5SPpa82rqYAwxG9VKbmSE/6/kBR5jJHjt1rRt5Oe7v18aEtw0YCEN4vxq+KuvMoNVqXUsE9LBwHJD+QNwi6wmB0=
+ch.			978	IN	DNSKEY	256 3 8 AwEAAcSLdT0fEmcFmLpeUkAJoeVaHKiu+nbuc43fWlqaCRVf8t2HA4uWxOk0O5ci9nrFTc8nq8oa5fk5Cj7CHh4yrX9qUCfTdIWTyp8BDEdJpS+Dyb0u9wQuVj+nQMj4fLzdQf4TJs3/qxuiLr3nL1UUwlhhXeqSqGVb7p3mtB5HJ8ad
+ch.			978	IN	DNSKEY	256 3 8 AwEAAcsg0kY6fw1wzYMhSAKTy+Y2JzAst66P/1odp9NECJJHbU8f4nwziI3onoFSBV0ZiSZhY1aH5dhdDZ7BkrqhVXSrZPAz0CvzjIxmB1gSOf9DeZvjQvoy97HqYolxsf+B3QQv2RKBT67elF5+JisKg3/dQISelKn8LhabSoVrMlD1
+ch.			978	IN	RRSIG	DNSKEY 8 1 86400 20150127100909 20141212090909 46375 ch. bT8q0FWyeMH0SulNo6UdIIgZYNATwYsee2bikq2Gh339Bufma8eaqWIPYT3XKmxYPBFOw0bVl+kLZxTwbR1CFoCDXoP+qgQhh4mf9qkNiv2CDSc+0FE3FRREn+DAhYTUEuB58FPiPakFB8s8O7T+k2qhDae7jy4/y7Jl1lnjaBY8s7bzOUPhF0KKCNZmvoKwtL23ZdVeTSV1xM3jkiNnpzBKbcoSWECSGJVp1SE0BnRXdwQP41YTXFZ0310YjaTAUCC5qbMIWdEkHjfdSQtKBImnc85mkapq9w++XQ4zhauPWBtrPV3CcoCahjUaWdjrKVkibomlJZaN8MEO23CfQw==
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 893 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 30639
+;; flags: qr rd ra cd ; qd: 1 an: 3 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ingotronic.ch., type = DS, class = IN
+
+;; ANSWERS:
+ingotronic.ch.		3586	IN	DS	6031 5 1 733D0218B571CD617B1A7493564B9FC4F12ADE82
+ingotronic.ch.		3586	IN	DS	6031 5 2 4A948F2FDADA24686E473EDAC00DCF972584C75E3FAA92C2021B6221449FF87E
+ingotronic.ch.		3586	IN	RRSIG	DS 8 2 3600 20150129033614 20150105123019 60789 ch. rVPJP2HhzW7OkroK2axFj5Lb4iVWCH8Fp/Iq1rF952NDo72b8RiKje2RaAKJAGQ+wd0YgE+PAej04GCmkhlDJA/zvPeeTxuhy3HbJzReMlQ7fjyH+wW1hli+FuIYvogXWf7nO/9VyPORt8X/f/pjrOr3Vlj9sGLN8TGYpEuVSw4=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 288 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 59579
+;; flags: qr aa rd ra cd ; qd: 1 an: 4 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ingotronic.ch., type = DNSKEY, class = IN
+
+;; ANSWERS:
+ingotronic.ch.		300	IN	DNSKEY	256 3 5 AwEAAZ2Xh77GFzpEDx7EHYxShqltHgkiG+BOjBGifEmnJhQSdE5/yNSLFNcdhZZ8HUPxYnaedTqJcFFg4AzUsQklF/fECegTJdZjaj2WoL0/I8K7HMfY/hVuRZUWPNglYi8agJRX6gdkFTCpUNI7stpgKqxtzUJhhw15uG/lKMplwqUr
+ingotronic.ch.		300	IN	DNSKEY	257 3 5 AwEAAeA1vzmjaB+eBAcvhzpKEgAEFpvQ1rg4uKDW6MsQtacKoqBpgyep2+LuWotz5p/xYxj3NGsArwN8Ad5cY0FHRr8miTT0elOv6nvlqGIfRuhj/BXAQ1x4ihpSFslHw0lJMYFwxsUZWpUyjWX/nv1xRZMMwF46gui0N4OEbyTYusCk77D+A71k+K0EAitFIbIH4GCUKmH1H7HmXhSVH9bN/n7KEGwW32lmsuuUcJoRKDkcUvbMXY/9Xoa2quERrUg/rBbDUHowRPjYDS5GzY1+f4YY8s40BufGiqyUTKKXL953MVFK8gmezXA0hbmrnZ7CBOw/7238mORAdzExaX8n7CE=
+ingotronic.ch.		300	IN	RRSIG	DNSKEY 5 2 300 20150125003700 20141226001657 6031 ingotronic.ch. rs1QlP2SlSpA2ELbzwg3DgWLzXWL3Lpv6CUJE2Q0qH2Zp7Qdy3cD+ZEtNh9v24Qv1M6JJ3zFt8mmZoCeW2ycuMbJCqBkW9CBuwF+VznZvZY2MxwPipvhvEEGP//0M8YAZJ66yQPDv3PTdAP8FYbIrJyvY44vwyncwbslpfHT9jAsrbfr3vuMuWps86dnP462q+0s1TxBfqi8mzo3gdavjHKWVNwohLahLKT+tWeu6DSzQv0YwMjwtkLgF7QRgx3ctIIkloOrnx9nHH1N6y+hxEB89fOlyVDjHhgL5uVtsD5fEdT0FJ2Gc/2nShEMMqIwr1/J9kUq1mNySff/uEe65Q==
+ingotronic.ch.		300	IN	RRSIG	DNSKEY 5 2 300 20150125003700 20141226001657 17430 ingotronic.ch. mEwZjhQqeWksWD0TCnNBrtce4YkWJL3edqL6PvAUu8Fn+Ih437kEs3+pqdkgRsdYQ9HW+lBm/8pWwJlNAv0bi9NykItXMwAUFtncgq+6Pnh3iAM972GXSa5VV4LcGQ5b8CBdHCHiEKDqyPv5Hr5QfYL/FQaWlcNRh4QZZlZNPFA=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 940 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 14960
+;; flags: qr rd ra ad cd ; qd: 1 an: 4 au: 0 ad: 1 
+;; QUESTIONS:
+;;	., type = DNSKEY, class = IN
+
+;; ANSWERS:
+.			87376	IN	DNSKEY	256 3 8 AwEAAaPD7Y7XIi1MOEREJNTrRhyqsY3gff6JWzg+XCbqut1sbcbvqyssHw8DT1AkRaAC92pO8xuyq5QEgEPL1IHfABLwpwXI5gTj4gdwi86bpkmlWs9fRpnn4DPDCTdrnxIejJXgClHikLJF3u3CdpNCMijq4CKdQbMlRZ3avv+G7rh7
+.			87376	IN	DNSKEY	257 3 8 AwEAAagAIKlVZrpC6Ia7gEzahOR+9W29euxhJhVVLOyQbSEW0O8gcCjFFVQUTf6v58fLjwBd0YI0EzrAcQqBGCzh/RStIoO8g0NfnfL2MTJRkxoXbfDaUeVPQuYEhg37NZWAJQ9VnMVDxP/VHL496M/QZxkjf5/Efucp2gaDX6RS6CXpoY68LsvPVjR0ZSwzz1apAzvN9dlzEheX7ICJBBtuA6G3LQpzW5hOA2hzCTMjJPJ8LbqF6dsV6DoBQzgul0sGIcGOYl7OyQdXfZ57relSQageu+ipAdTTJ25AsRTAoub8ONGcLmqrAmRLKBP1dfwhYB4N7knNnulqQxA+Uk1ihz0=
+.			87376	IN	DNSKEY	256 3 8 AwEAAe3fSrbLBy3LOS7pnxEUhvPZTE2H5dIGsI/UfruI/nOEvWWa/PSX2BFedBkEqOlYdjdNF2f+6lmfk2Od/xu0v5bVqxFE+/24v3hZSlWBxvXzPTAGHrbW/IJYEPqlzVOAS4XdUgHg0N7IbLywNHMvB+Yf+Nm6ctyXXFLV4WTNnzs7
+.			87376	IN	RRSIG	DNSKEY 8 0 172800 20150115235959 20150101000000 19036 . i8cAxD2pvQi1oAyvQxRpDfFlbqPzW+69QQEsDwE1eWOm5AtawO9U7lmsGps7sy/fVNvl1ljKBj4Djp9pb3U2FLogjiIlW0cDAkPmLlG9t+b/pjEfBNlhjANUVN06pvQVAfm+LcF26EaWT6FlISBqb6jSy4BHRa3Bdc4Sx7+pRSYSqVVvYxLkfAWsKPqGkvWhebJDndJJV9syXQXgZ+v/uJ+6XOS43xkAdeL8iBzIs/FlwMTfh3tVe3d0lb65IBBLlCzeQuetX+0Vu1YFcnD0mHc/wS2ZnAV5toAFmyVQBoY/XAZiZeaOkcROJ6Zmqezy7liwK7BqsYyAZntMhk8lbg==
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 883 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 43914
+;; flags: qr rd ra cd ; qd: 1 an: 2 au: 0 ad: 1 
+;; QUESTIONS:
+;;	cz., type = DS, class = IN
+
+;; ANSWERS:
+cz.			1022	IN	DS	54576 10 2 397E50C85EDE9CDE33F363A9E66FD1B216D788F8DD438A57A423A386869C8F06
+cz.			1022	IN	RRSIG	DS 8 1 86400 20150112170000 20150105160000 16665 . usdJcSrC+uZEPY8AbHtkDdbuhCaz7ZGrKWHYZG3lixlcaEACfpf2Wl4Tz55FvIgCXKII9B6PUJ9umfupy+XOMvBUsjI8aD/Of8bEBWQ2QS35GOt8YMoyf5lI+nZT0hte/cY3Dgq0Vo2zHvvdrPC2kfgy0i/h4IMxLYWghQeCg1M=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 238 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 23832
+;; flags: qr rd ra cd ; qd: 1 an: 4 au: 0 ad: 1 
+;; QUESTIONS:
+;;	cz., type = DNSKEY, class = IN
+
+;; ANSWERS:
+cz.			18000	IN	DNSKEY	257 3 10 AwEAAay0hi4HN2r/BqMQTpIPIVDyjmyF+9ZWvr5Lewx+q+947o/GrRv4FGFfkZxf9CFfYVUf0jG5Yq4i06pGVNwJl81HS9Ux2oeHRXUvgtLnl5HeRVLL+zgI5byx9HSNr4bPO8ZEn5OjoayhkNyGSFr4VWrzQk/K02vLP4d1cCEzUQy30eyZto2/tG5ZwCU/iRkS1PJOcOW98hiFIfFDZv1XjbEpqEYhT2PATs6rt+BKwSHKGISmg1PNdg+y0rItemYMWr1f9BGAdtTWoPCPCYPjOZMPoIyA4tMscD+ww54Jf/QNoHccY4hO1yHiuAXG7SUn8jo0IKQ9W7JJxES0aqFCX/0=
+cz.			18000	IN	DNSKEY	256 3 10 AwEAAd3ZDGaLTUBExTP4AxFwNmoNUbi/VuWW5/vdee9lnZynOe6QoXfw8+yxwAKEB1IMrPxXVcc1PIHSecFQYcm5ydYAFo2FD0x+NAk+7quCmepMjuWEo1qRMxlgVMxBjWCCOUM+zhGfkq/6u0GEEHzonevsRMazhkIbIZUWQmBMvUu7
+cz.			18000	IN	RRSIG	DNSKEY 10 1 18000 20150116000000 20150102000000 54576 cz. Ghsts1kWqYSQ72PDf49ItDFLQjTGoTK6JA9Ogf/efflU6ZltiuuXVd17oKI15HPk1hjL/n9HNRiIf1htUpdA9vmUbYKfrjVp2MJXHIGNniH1vWU3cFxReh2dxMspUDTyK64LwBBbBIBmEWY7jadtzsvjdHXx1eqngN3e4WUPGS58JoSXVv1d38vcTZ1jYLWmOlnHrCvZEwj9t53Lq1Ln/fra2Ft3cfgO6i0P6qtBht/amX7kX1BAV0l6lO+fy0PXXbXWoTMRDIruId/8N0ND7FZolH+XBxSW9clDHzPx9ivkJsxKB3rHO8vNOVWcHyKyKacpW2O8FFUee5PLlCu+6g==
+cz.			18000	IN	RRSIG	DNSKEY 10 1 18000 20150119154437 20150106200801 12305 cz. P48hNLytBKd+6k+EnJuE5W24xWSmxqjCvQy6M4UwDACyMyxDMZP4DmWuRgb+g/2OjpfSdGFvNTPSrTKAx3sOMynqLMJzYWRb5bRf2lPEIeHQH2Eeo9wvwh14uakw6HzHcNovak21iVTNoN61vmYR5QT1RyuBwYgFBGgUbMeiYpc=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 907 bytes
+
+###############################################
+
diff --git a/src/test/resources/recordings/org_xbill_DNS_dnssec_TestCNames/testCNameToVoidNsec3 b/src/test/resources/recordings/org_xbill_DNS_dnssec_TestCNames/testCNameToVoidNsec3
new file mode 100644
index 000000000..210ec0d07
--- /dev/null
+++ b/src/test/resources/recordings/org_xbill_DNS_dnssec_TestCNames/testCNameToVoidNsec3
@@ -0,0 +1,163 @@
+#Date: 2015-01-06T22:34:53+01:00
+;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 10111
+;; flags: qr aa rd ra cd ; qd: 1 an: 2 au: 8 ad: 1 
+;; QUESTIONS:
+;;	cvoid.nsec3.ingotronic.ch., type = A, class = IN
+
+;; ANSWERS:
+cvoid.nsec3.ingotronic.ch.	300	IN	CNAME	gibtsnicht.nsec3.ingotronic.ch.
+cvoid.nsec3.ingotronic.ch.	300	IN	RRSIG	CNAME 7 4 300 20150125001848 20141225235834 62417 nsec3.ingotronic.ch. wkUoPvwxbSBQwn6foMsFYdPuGZNnmi1qKWN7sEtcuI4Hu17Gfjm7oBMpbj5fbaKETl83sqAAPQThWAeoYCM0DDhxyI114F6/fb52HLYgGFNLdMP3T75nHZiIcH8A2Z5t9DmqTEPmuSU3sZRCPYI7kfBXGHM1vb0gcLptQn5Zh20=
+
+;; AUTHORITY RECORDS:
+nsec3.ingotronic.ch.	300	IN	SOA	ns1.ingotronic.ch. admin.ingotronic.ch. 2013032932 300 60 864000 300
+nsec3.ingotronic.ch.	300	IN	RRSIG	SOA 7 3 300 20150201003516 20150101233516 62417 nsec3.ingotronic.ch. RMXaAZCkydysBpA4+LWD2frs4CZH2FBxafAolq7MOG62Sw3ellwNcSIh2naMasviin2DU2BAzIYyFUqKJDbUqzTxZQjsM6d5LtgFy5iTNmWum6FnFP5Fz73Zs/9Q0LNEstR82MRRL8EDElADhFySAReavyT/vlSTScQGxx6slyQ=
+NTV3QJT4VQDVBPB6BNOVM40NMKJ3H29P.nsec3.ingotronic.ch.	300	IN	NSEC3	1 0 10 1234 O275F9OLQ9HNCER7U4SMD4V8AG7IPML9 A NS SOA RRSIG DNSKEY NSEC3PARAM
+NTV3QJT4VQDVBPB6BNOVM40NMKJ3H29P.nsec3.ingotronic.ch.	300	IN	RRSIG	NSEC3 7 4 300 20150131235629 20150101233516 62417 nsec3.ingotronic.ch. xccCvQs/b3ndBUo6J2FbaCzDMg+LB1e4OWeI29VTBWcmfbuD3rZvneRdbA9B5AluJH1ar10xxdrt/+RSuhSWC70LswkdPDg4vshmCZMDeMCOJYFEkGR0UgcZUMynU6EewEDLVLgYtBkJmspeuZNMBMPk/ZUOolCElrkHfbUA1Cc=
+UDUMPS9J6F8348HFHH2FAED6I9DDE0U6.nsec3.ingotronic.ch.	300	IN	NSEC3	1 0 10 1234 0UPHA6GQV03I7D8EJUDKC30I0C6I1G1Q
+UDUMPS9J6F8348HFHH2FAED6I9DDE0U6.nsec3.ingotronic.ch.	300	IN	RRSIG	NSEC3 7 4 300 20150125005926 20141226002759 62417 nsec3.ingotronic.ch. XV2q9ufbwzauD/tmjb2EKsNBF+kHQYL0/MNb6ivY1oH9Q2hzQNPUuHkUl1db2erDFodPvspmDk6p6WOXoV6wmmaYhN+JI1TQKYYThsnKC1bkt1h6QyjwsDc12d8HVHOopvoXpaYWoV4bbghsAylGVqRjEYyt8JtR3BPfphehloU=
+L40SJG7ANKROIHCT5RA6C8CTKJ91CD3N.nsec3.ingotronic.ch.	300	IN	NSEC3	1 0 10 1234 ND3HQPFBN314KVB64L6T40JF75US8HKT
+L40SJG7ANKROIHCT5RA6C8CTKJ91CD3N.nsec3.ingotronic.ch.	300	IN	RRSIG	NSEC3 7 4 300 20150125005926 20141226002759 62417 nsec3.ingotronic.ch. v6NHEWwb2KxRGRPshC2KFoxJs4Mis3OmvncJmn5bIWBnzeTY4x75tsE4zlVPx9rp0rjmOAQsYn4KGtIFPUShDHNHy45qoOtKkvRzRgByx4K2l5Rq9OizQVYsEUUScXEYATilaDU9whifF0vPk7YPwFGRmiY3prCGAvY/jH4hQUM=
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 1248 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 32391
+;; flags: qr rd ra ad cd ; qd: 1 an: 4 au: 0 ad: 1 
+;; QUESTIONS:
+;;	., type = DNSKEY, class = IN
+
+;; ANSWERS:
+.			87380	IN	DNSKEY	256 3 8 AwEAAe3fSrbLBy3LOS7pnxEUhvPZTE2H5dIGsI/UfruI/nOEvWWa/PSX2BFedBkEqOlYdjdNF2f+6lmfk2Od/xu0v5bVqxFE+/24v3hZSlWBxvXzPTAGHrbW/IJYEPqlzVOAS4XdUgHg0N7IbLywNHMvB+Yf+Nm6ctyXXFLV4WTNnzs7
+.			87380	IN	DNSKEY	257 3 8 AwEAAagAIKlVZrpC6Ia7gEzahOR+9W29euxhJhVVLOyQbSEW0O8gcCjFFVQUTf6v58fLjwBd0YI0EzrAcQqBGCzh/RStIoO8g0NfnfL2MTJRkxoXbfDaUeVPQuYEhg37NZWAJQ9VnMVDxP/VHL496M/QZxkjf5/Efucp2gaDX6RS6CXpoY68LsvPVjR0ZSwzz1apAzvN9dlzEheX7ICJBBtuA6G3LQpzW5hOA2hzCTMjJPJ8LbqF6dsV6DoBQzgul0sGIcGOYl7OyQdXfZ57relSQageu+ipAdTTJ25AsRTAoub8ONGcLmqrAmRLKBP1dfwhYB4N7knNnulqQxA+Uk1ihz0=
+.			87380	IN	DNSKEY	256 3 8 AwEAAaPD7Y7XIi1MOEREJNTrRhyqsY3gff6JWzg+XCbqut1sbcbvqyssHw8DT1AkRaAC92pO8xuyq5QEgEPL1IHfABLwpwXI5gTj4gdwi86bpkmlWs9fRpnn4DPDCTdrnxIejJXgClHikLJF3u3CdpNCMijq4CKdQbMlRZ3avv+G7rh7
+.			87380	IN	RRSIG	DNSKEY 8 0 172800 20150115235959 20150101000000 19036 . i8cAxD2pvQi1oAyvQxRpDfFlbqPzW+69QQEsDwE1eWOm5AtawO9U7lmsGps7sy/fVNvl1ljKBj4Djp9pb3U2FLogjiIlW0cDAkPmLlG9t+b/pjEfBNlhjANUVN06pvQVAfm+LcF26EaWT6FlISBqb6jSy4BHRa3Bdc4Sx7+pRSYSqVVvYxLkfAWsKPqGkvWhebJDndJJV9syXQXgZ+v/uJ+6XOS43xkAdeL8iBzIs/FlwMTfh3tVe3d0lb65IBBLlCzeQuetX+0Vu1YFcnD0mHc/wS2ZnAV5toAFmyVQBoY/XAZiZeaOkcROJ6Zmqezy7liwK7BqsYyAZntMhk8lbg==
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 883 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 55778
+;; flags: qr rd ra ad cd ; qd: 1 an: 2 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ch., type = DS, class = IN
+
+;; ANSWERS:
+ch.			980	IN	DS	46375 8 2 8F96646FC68BB7E4AF4C0750A6096FBC0D4ECDA3D3FA6DA06FDDB42EE50C6CF3
+ch.			980	IN	RRSIG	DS 8 1 86400 20150112170000 20150105160000 16665 . thY7xYWBBxiBjqbQIb9fAG4TmQgnziwM7q6P1T3/ITxmECdvOCQnnZA3uD7qmN8uM0HudsD7+y+zgD3rsH4RSTKdL4kHSI0OnCxToMTvklghEgFDezqIRm8NkWdI2H4Stwrj20nYKSpLQxPI2EE54gs18P3KyO8bAUYv8Qx73xU=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 238 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 33974
+;; flags: qr rd ra ad cd ; qd: 1 an: 4 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ch., type = DNSKEY, class = IN
+
+;; ANSWERS:
+ch.			981	IN	DNSKEY	256 3 8 AwEAAcSLdT0fEmcFmLpeUkAJoeVaHKiu+nbuc43fWlqaCRVf8t2HA4uWxOk0O5ci9nrFTc8nq8oa5fk5Cj7CHh4yrX9qUCfTdIWTyp8BDEdJpS+Dyb0u9wQuVj+nQMj4fLzdQf4TJs3/qxuiLr3nL1UUwlhhXeqSqGVb7p3mtB5HJ8ad
+ch.			981	IN	DNSKEY	256 3 8 AwEAAcsg0kY6fw1wzYMhSAKTy+Y2JzAst66P/1odp9NECJJHbU8f4nwziI3onoFSBV0ZiSZhY1aH5dhdDZ7BkrqhVXSrZPAz0CvzjIxmB1gSOf9DeZvjQvoy97HqYolxsf+B3QQv2RKBT67elF5+JisKg3/dQISelKn8LhabSoVrMlD1
+ch.			981	IN	DNSKEY	257 3 8 AwEAAb7GhhZ8IAy/AhwmSms5DeQK5ad09wIIplEpYoiAIYXPtJvT1ReFzyfTp/2YP+g/PWDwHPh4qKAHa9x0VgbIQcGAeNakmfkAdWEmCnca323/SAml3mwfaX62G7/uYWae5zh8QTxZKNd+K1yZ5x0IxnI31chSl5xymRbTEHYZDKwSIRFM3fTxUMt93WFaBVWELReYotJBr++rvAWdnlay5TPBTvheLBkaiqtgM4GP8HK07Y+86lsZnEsj5K3G1KTV5SPpa82rqYAwxG9VKbmSE/6/kBR5jJHjt1rRt5Oe7v18aEtw0YCEN4vxq+KuvMoNVqXUsE9LBwHJD+QNwi6wmB0=
+ch.			981	IN	RRSIG	DNSKEY 8 1 86400 20150127100909 20141212090909 46375 ch. bT8q0FWyeMH0SulNo6UdIIgZYNATwYsee2bikq2Gh339Bufma8eaqWIPYT3XKmxYPBFOw0bVl+kLZxTwbR1CFoCDXoP+qgQhh4mf9qkNiv2CDSc+0FE3FRREn+DAhYTUEuB58FPiPakFB8s8O7T+k2qhDae7jy4/y7Jl1lnjaBY8s7bzOUPhF0KKCNZmvoKwtL23ZdVeTSV1xM3jkiNnpzBKbcoSWECSGJVp1SE0BnRXdwQP41YTXFZ0310YjaTAUCC5qbMIWdEkHjfdSQtKBImnc85mkapq9w++XQ4zhauPWBtrPV3CcoCahjUaWdjrKVkibomlJZaN8MEO23CfQw==
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 893 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 45078
+;; flags: qr rd ra cd ; qd: 1 an: 3 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ingotronic.ch., type = DS, class = IN
+
+;; ANSWERS:
+ingotronic.ch.		3589	IN	DS	6031 5 1 733D0218B571CD617B1A7493564B9FC4F12ADE82
+ingotronic.ch.		3589	IN	DS	6031 5 2 4A948F2FDADA24686E473EDAC00DCF972584C75E3FAA92C2021B6221449FF87E
+ingotronic.ch.		3589	IN	RRSIG	DS 8 2 3600 20150129033614 20150105123019 60789 ch. rVPJP2HhzW7OkroK2axFj5Lb4iVWCH8Fp/Iq1rF952NDo72b8RiKje2RaAKJAGQ+wd0YgE+PAej04GCmkhlDJA/zvPeeTxuhy3HbJzReMlQ7fjyH+wW1hli+FuIYvogXWf7nO/9VyPORt8X/f/pjrOr3Vlj9sGLN8TGYpEuVSw4=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 288 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 13899
+;; flags: qr aa rd ra cd ; qd: 1 an: 4 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ingotronic.ch., type = DNSKEY, class = IN
+
+;; ANSWERS:
+ingotronic.ch.		300	IN	DNSKEY	257 3 5 AwEAAeA1vzmjaB+eBAcvhzpKEgAEFpvQ1rg4uKDW6MsQtacKoqBpgyep2+LuWotz5p/xYxj3NGsArwN8Ad5cY0FHRr8miTT0elOv6nvlqGIfRuhj/BXAQ1x4ihpSFslHw0lJMYFwxsUZWpUyjWX/nv1xRZMMwF46gui0N4OEbyTYusCk77D+A71k+K0EAitFIbIH4GCUKmH1H7HmXhSVH9bN/n7KEGwW32lmsuuUcJoRKDkcUvbMXY/9Xoa2quERrUg/rBbDUHowRPjYDS5GzY1+f4YY8s40BufGiqyUTKKXL953MVFK8gmezXA0hbmrnZ7CBOw/7238mORAdzExaX8n7CE=
+ingotronic.ch.		300	IN	DNSKEY	256 3 5 AwEAAZ2Xh77GFzpEDx7EHYxShqltHgkiG+BOjBGifEmnJhQSdE5/yNSLFNcdhZZ8HUPxYnaedTqJcFFg4AzUsQklF/fECegTJdZjaj2WoL0/I8K7HMfY/hVuRZUWPNglYi8agJRX6gdkFTCpUNI7stpgKqxtzUJhhw15uG/lKMplwqUr
+ingotronic.ch.		300	IN	RRSIG	DNSKEY 5 2 300 20150125003700 20141226001657 6031 ingotronic.ch. rs1QlP2SlSpA2ELbzwg3DgWLzXWL3Lpv6CUJE2Q0qH2Zp7Qdy3cD+ZEtNh9v24Qv1M6JJ3zFt8mmZoCeW2ycuMbJCqBkW9CBuwF+VznZvZY2MxwPipvhvEEGP//0M8YAZJ66yQPDv3PTdAP8FYbIrJyvY44vwyncwbslpfHT9jAsrbfr3vuMuWps86dnP462q+0s1TxBfqi8mzo3gdavjHKWVNwohLahLKT+tWeu6DSzQv0YwMjwtkLgF7QRgx3ctIIkloOrnx9nHH1N6y+hxEB89fOlyVDjHhgL5uVtsD5fEdT0FJ2Gc/2nShEMMqIwr1/J9kUq1mNySff/uEe65Q==
+ingotronic.ch.		300	IN	RRSIG	DNSKEY 5 2 300 20150125003700 20141226001657 17430 ingotronic.ch. mEwZjhQqeWksWD0TCnNBrtce4YkWJL3edqL6PvAUu8Fn+Ih437kEs3+pqdkgRsdYQ9HW+lBm/8pWwJlNAv0bi9NykItXMwAUFtncgq+6Pnh3iAM972GXSa5VV4LcGQ5b8CBdHCHiEKDqyPv5Hr5QfYL/FQaWlcNRh4QZZlZNPFA=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 940 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 52296
+;; flags: qr aa rd ra cd ; qd: 1 an: 3 au: 0 ad: 1 
+;; QUESTIONS:
+;;	nsec3.ingotronic.ch., type = DS, class = IN
+
+;; ANSWERS:
+nsec3.ingotronic.ch.	300	IN	DS	16758 7 2 3C8DC02750A1636F829B45D6E6D642866768A9CD40A013AD9D25AB63734FFA13
+nsec3.ingotronic.ch.	300	IN	DS	16758 7 1 1720FF268E09A2CB63805EC8782D10AAD20E12A5
+nsec3.ingotronic.ch.	300	IN	RRSIG	DS 5 3 300 20150125011134 20141226002644 17430 ingotronic.ch. hNurzlGhlyHbSgezPDuhIrtN9ZMsMXZbKGc7HD5rUuM88wD3fM97NxdzF+2Hi1USvBZ5GsQv63L+lAzf+mFPBoPIFHtTiAv8up7kQKRKmi/EzzkCYd/CC4UYdDZbaUyv7esh7spSOGwjPJNdK831p+MgltoWaYtnSGVMgOKk5mc=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 305 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 58137
+;; flags: qr aa rd ra cd ; qd: 1 an: 4 au: 0 ad: 1 
+;; QUESTIONS:
+;;	nsec3.ingotronic.ch., type = DNSKEY, class = IN
+
+;; ANSWERS:
+nsec3.ingotronic.ch.	300	IN	DNSKEY	257 3 7 AwEAAaBuJTf9oGyeTH3biUkAFLrsYrkodX1H7Snsui4XsDHFCBvs5XYacHbs0Jg0/O51KPjmNnjwMW8SSyDkKqYQ+9uYAf2EQ/pnD/VGQqnV2cw0Vwk/t0E2V4FUCju4pnAoyzZFZXGs1eWbX9JXu++b0Azp+ACq6485qJLzHhWDiIrPoK/SvdbFVRK4s+nPPJLH3NGBbtdz6kPq7aFWYBMoGeAZdN1wsQpcNWUo5eOmaJY53nMc7+rDpAyYlMe/FKwSZdX2ZDd63Qsa6Im4FVUJq/nWLq7tlQ/mWks15uDTQyJy/OWfA0ICCO4N9Fel9rThJNpJWEzOCblvZyBoy405kZk=
+nsec3.ingotronic.ch.	300	IN	DNSKEY	256 3 7 AwEAAccAWxkTVGZ6UAp0VEozAlYpARhbh6Y6tYOl6Fg3UeBNFFtDQ9fTEEt1NkbnR9u8KkpVN6a67avlYiUN1egDqEwzDU7R1Rw+/USdhm2hqOARmmu3DBgjjX/iXjZLyv310cOGFJZ/smcodlDL4pDAAoPxh/qs6KEBaT0sc1KWcGq3
+nsec3.ingotronic.ch.	300	IN	RRSIG	DNSKEY 7 3 300 20150125001457 20141226000444 16758 nsec3.ingotronic.ch. mXi1ylDi8XkRPup+YlT8GPdYE+P7gb6+/VdAwtodI916IzrkGkOHOTLbnrbAqqJOh0HxVCYXdxovmEcbJKUFKwplrQg3XD7/9Sq4pKU1MhMFEGrm/QPkM4u0mgjQwyToDLGuPHuFyur3FSjO/n54uGhAEft9JOFk/WKtWdCnm2LLyQrpC6herA3efFaI8kZhdoEY02AwihWVJxHasmz7lOoKRgNrkfELU+fN4+V7ISsRfJMyZc6q5PuNeG6vFD0uNE8tpdLJCSMurKYVpelvYqzFIcRTYcIjXwmS+L3DGjupqWMzFZVmpQM62JG3KCCD0ffpnNb0nWoSoHwpSeh/3Q==
+nsec3.ingotronic.ch.	300	IN	RRSIG	DNSKEY 7 3 300 20150125001457 20141226000444 62417 nsec3.ingotronic.ch. PyCrf8T5dAfJzapb1p+kcTALPjDuD2niSaXXo0KeHAunT+6gJicLML2S/ZpiYr7X7Ma4Z0TYqE02qH6pcLYNnSgv9BE8sZO0nRtPekSyTy5nLi4hFADYhjb3UjaB85qmQZcqm64vC/CJhWO4t6Eixg/5MYALw+Qdy5Fo0qy/U5E=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 958 bytes
+
+###############################################
+
diff --git a/src/test/resources/recordings/org_xbill_DNS_dnssec_TestCNames/testCNameToVoid_1 b/src/test/resources/recordings/org_xbill_DNS_dnssec_TestCNames/testCNameToVoid_1
new file mode 100644
index 000000000..dbe48177d
--- /dev/null
+++ b/src/test/resources/recordings/org_xbill_DNS_dnssec_TestCNames/testCNameToVoid_1
@@ -0,0 +1,122 @@
+#Date: 2015-01-06T22:34:55+01:00
+;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 61136
+;; flags: qr aa rd ra cd ; qd: 1 an: 2 au: 6 ad: 1 
+;; QUESTIONS:
+;;	cvoid1.ingotronic.ch., type = A, class = IN
+
+;; ANSWERS:
+cvoid1.ingotronic.ch.	300	IN	CNAME	gibtsnicht.ingotronic.ch.
+cvoid1.ingotronic.ch.	300	IN	RRSIG	CNAME 5 3 300 20150125000532 20141225234703 17430 ingotronic.ch. bjZ5dgY+WNUzgkbA9Bvgz9Ux6lQxEVWzrtnkByK7C6itvwG3pS1LcxOCPi79a5PQqbGm1S4axCsEHtZkoZWWU2OEUvfiqJtATnxBGlb43q0eP8wQhmxMSqSC5DNedShLeT5v1hhvCyyJ7lEpMKwI1ROc/MMtFzvlWHKCqb81lxQ=
+
+;; AUTHORITY RECORDS:
+ingotronic.ch.		300	IN	SOA	ns1.ingotronic.ch. admin.ingotronic.ch. 2013032762 300 60 864000 300
+ingotronic.ch.		300	IN	RRSIG	SOA 5 2 300 20150125021244 20141226011244 17430 ingotronic.ch. WDLpp9G0P/rlMBfpFn9sAfpEFoBnQfwyGSXbGCc/LG1FSkJoKLDQYDY696scLNsJgkrzZeJrl0oSSvA8AvRUhYRrmuqWMxTVFgYlRwPwqEMCKUqiVhKGVF4NYemoBiUQC4nJwBZd57xKCiF4AQ4CodBtiZxefJFAlTNE0g2yxtM=
+ingotronic.ch.		300	IN	NSEC	alias.ingotronic.ch. A NS SOA RRSIG NSEC DNSKEY
+ingotronic.ch.		300	IN	RRSIG	NSEC 5 2 300 20150125000532 20141225234703 17430 ingotronic.ch. en5BaZ6zWqEvoUFUDPm5g1pjz7THXBv/1kjKtV2tS+7xh0BtkLEzlA9n/H66ZZAX2EIh7vXj12xVJKOuEuM0o1mJwKsBaLQuTra60/zYAUIddwUOCzI3zzjiRFklPyHSnLkGoBODZcvehnsTzTPyBxkfoouleqpj7gN5jOSBL8M=
+eccgost.ingotronic.ch.	300	IN	NSEC	invalid.ingotronic.ch. NS DS RRSIG NSEC
+eccgost.ingotronic.ch.	300	IN	RRSIG	NSEC 5 3 300 20150125021136 20141226011244 17430 ingotronic.ch. lsX44/1144d1nG80WVhDnZCiywh+KTNqj9oEECk3GifEjOWNTJDTfbBnrGbdc7BIWs1mZmcPKFVfQB39QunMyzNQi4Wzjor3U1FPbXhUTn/g9fMul37g1aR00hUfS2Jo49vfDZEMZWp7th9ZFc+hlr8uWISceul5OJRq4SyMbzs=
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 905 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 16825
+;; flags: qr rd ra ad cd ; qd: 1 an: 4 au: 0 ad: 1 
+;; QUESTIONS:
+;;	., type = DNSKEY, class = IN
+
+;; ANSWERS:
+.			87378	IN	DNSKEY	256 3 8 AwEAAe3fSrbLBy3LOS7pnxEUhvPZTE2H5dIGsI/UfruI/nOEvWWa/PSX2BFedBkEqOlYdjdNF2f+6lmfk2Od/xu0v5bVqxFE+/24v3hZSlWBxvXzPTAGHrbW/IJYEPqlzVOAS4XdUgHg0N7IbLywNHMvB+Yf+Nm6ctyXXFLV4WTNnzs7
+.			87378	IN	DNSKEY	257 3 8 AwEAAagAIKlVZrpC6Ia7gEzahOR+9W29euxhJhVVLOyQbSEW0O8gcCjFFVQUTf6v58fLjwBd0YI0EzrAcQqBGCzh/RStIoO8g0NfnfL2MTJRkxoXbfDaUeVPQuYEhg37NZWAJQ9VnMVDxP/VHL496M/QZxkjf5/Efucp2gaDX6RS6CXpoY68LsvPVjR0ZSwzz1apAzvN9dlzEheX7ICJBBtuA6G3LQpzW5hOA2hzCTMjJPJ8LbqF6dsV6DoBQzgul0sGIcGOYl7OyQdXfZ57relSQageu+ipAdTTJ25AsRTAoub8ONGcLmqrAmRLKBP1dfwhYB4N7knNnulqQxA+Uk1ihz0=
+.			87378	IN	DNSKEY	256 3 8 AwEAAaPD7Y7XIi1MOEREJNTrRhyqsY3gff6JWzg+XCbqut1sbcbvqyssHw8DT1AkRaAC92pO8xuyq5QEgEPL1IHfABLwpwXI5gTj4gdwi86bpkmlWs9fRpnn4DPDCTdrnxIejJXgClHikLJF3u3CdpNCMijq4CKdQbMlRZ3avv+G7rh7
+.			87378	IN	RRSIG	DNSKEY 8 0 172800 20150115235959 20150101000000 19036 . i8cAxD2pvQi1oAyvQxRpDfFlbqPzW+69QQEsDwE1eWOm5AtawO9U7lmsGps7sy/fVNvl1ljKBj4Djp9pb3U2FLogjiIlW0cDAkPmLlG9t+b/pjEfBNlhjANUVN06pvQVAfm+LcF26EaWT6FlISBqb6jSy4BHRa3Bdc4Sx7+pRSYSqVVvYxLkfAWsKPqGkvWhebJDndJJV9syXQXgZ+v/uJ+6XOS43xkAdeL8iBzIs/FlwMTfh3tVe3d0lb65IBBLlCzeQuetX+0Vu1YFcnD0mHc/wS2ZnAV5toAFmyVQBoY/XAZiZeaOkcROJ6Zmqezy7liwK7BqsYyAZntMhk8lbg==
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 883 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 29298
+;; flags: qr rd ra ad cd ; qd: 1 an: 2 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ch., type = DS, class = IN
+
+;; ANSWERS:
+ch.			978	IN	DS	46375 8 2 8F96646FC68BB7E4AF4C0750A6096FBC0D4ECDA3D3FA6DA06FDDB42EE50C6CF3
+ch.			978	IN	RRSIG	DS 8 1 86400 20150112170000 20150105160000 16665 . thY7xYWBBxiBjqbQIb9fAG4TmQgnziwM7q6P1T3/ITxmECdvOCQnnZA3uD7qmN8uM0HudsD7+y+zgD3rsH4RSTKdL4kHSI0OnCxToMTvklghEgFDezqIRm8NkWdI2H4Stwrj20nYKSpLQxPI2EE54gs18P3KyO8bAUYv8Qx73xU=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 238 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 33412
+;; flags: qr rd ra ad cd ; qd: 1 an: 4 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ch., type = DNSKEY, class = IN
+
+;; ANSWERS:
+ch.			979	IN	DNSKEY	257 3 8 AwEAAb7GhhZ8IAy/AhwmSms5DeQK5ad09wIIplEpYoiAIYXPtJvT1ReFzyfTp/2YP+g/PWDwHPh4qKAHa9x0VgbIQcGAeNakmfkAdWEmCnca323/SAml3mwfaX62G7/uYWae5zh8QTxZKNd+K1yZ5x0IxnI31chSl5xymRbTEHYZDKwSIRFM3fTxUMt93WFaBVWELReYotJBr++rvAWdnlay5TPBTvheLBkaiqtgM4GP8HK07Y+86lsZnEsj5K3G1KTV5SPpa82rqYAwxG9VKbmSE/6/kBR5jJHjt1rRt5Oe7v18aEtw0YCEN4vxq+KuvMoNVqXUsE9LBwHJD+QNwi6wmB0=
+ch.			979	IN	DNSKEY	256 3 8 AwEAAcSLdT0fEmcFmLpeUkAJoeVaHKiu+nbuc43fWlqaCRVf8t2HA4uWxOk0O5ci9nrFTc8nq8oa5fk5Cj7CHh4yrX9qUCfTdIWTyp8BDEdJpS+Dyb0u9wQuVj+nQMj4fLzdQf4TJs3/qxuiLr3nL1UUwlhhXeqSqGVb7p3mtB5HJ8ad
+ch.			979	IN	DNSKEY	256 3 8 AwEAAcsg0kY6fw1wzYMhSAKTy+Y2JzAst66P/1odp9NECJJHbU8f4nwziI3onoFSBV0ZiSZhY1aH5dhdDZ7BkrqhVXSrZPAz0CvzjIxmB1gSOf9DeZvjQvoy97HqYolxsf+B3QQv2RKBT67elF5+JisKg3/dQISelKn8LhabSoVrMlD1
+ch.			979	IN	RRSIG	DNSKEY 8 1 86400 20150127100909 20141212090909 46375 ch. bT8q0FWyeMH0SulNo6UdIIgZYNATwYsee2bikq2Gh339Bufma8eaqWIPYT3XKmxYPBFOw0bVl+kLZxTwbR1CFoCDXoP+qgQhh4mf9qkNiv2CDSc+0FE3FRREn+DAhYTUEuB58FPiPakFB8s8O7T+k2qhDae7jy4/y7Jl1lnjaBY8s7bzOUPhF0KKCNZmvoKwtL23ZdVeTSV1xM3jkiNnpzBKbcoSWECSGJVp1SE0BnRXdwQP41YTXFZ0310YjaTAUCC5qbMIWdEkHjfdSQtKBImnc85mkapq9w++XQ4zhauPWBtrPV3CcoCahjUaWdjrKVkibomlJZaN8MEO23CfQw==
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 893 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 13219
+;; flags: qr rd ra cd ; qd: 1 an: 3 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ingotronic.ch., type = DS, class = IN
+
+;; ANSWERS:
+ingotronic.ch.		3587	IN	DS	6031 5 1 733D0218B571CD617B1A7493564B9FC4F12ADE82
+ingotronic.ch.		3587	IN	DS	6031 5 2 4A948F2FDADA24686E473EDAC00DCF972584C75E3FAA92C2021B6221449FF87E
+ingotronic.ch.		3587	IN	RRSIG	DS 8 2 3600 20150129033614 20150105123019 60789 ch. rVPJP2HhzW7OkroK2axFj5Lb4iVWCH8Fp/Iq1rF952NDo72b8RiKje2RaAKJAGQ+wd0YgE+PAej04GCmkhlDJA/zvPeeTxuhy3HbJzReMlQ7fjyH+wW1hli+FuIYvogXWf7nO/9VyPORt8X/f/pjrOr3Vlj9sGLN8TGYpEuVSw4=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 288 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 54010
+;; flags: qr aa rd ra cd ; qd: 1 an: 4 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ingotronic.ch., type = DNSKEY, class = IN
+
+;; ANSWERS:
+ingotronic.ch.		300	IN	DNSKEY	256 3 5 AwEAAZ2Xh77GFzpEDx7EHYxShqltHgkiG+BOjBGifEmnJhQSdE5/yNSLFNcdhZZ8HUPxYnaedTqJcFFg4AzUsQklF/fECegTJdZjaj2WoL0/I8K7HMfY/hVuRZUWPNglYi8agJRX6gdkFTCpUNI7stpgKqxtzUJhhw15uG/lKMplwqUr
+ingotronic.ch.		300	IN	DNSKEY	257 3 5 AwEAAeA1vzmjaB+eBAcvhzpKEgAEFpvQ1rg4uKDW6MsQtacKoqBpgyep2+LuWotz5p/xYxj3NGsArwN8Ad5cY0FHRr8miTT0elOv6nvlqGIfRuhj/BXAQ1x4ihpSFslHw0lJMYFwxsUZWpUyjWX/nv1xRZMMwF46gui0N4OEbyTYusCk77D+A71k+K0EAitFIbIH4GCUKmH1H7HmXhSVH9bN/n7KEGwW32lmsuuUcJoRKDkcUvbMXY/9Xoa2quERrUg/rBbDUHowRPjYDS5GzY1+f4YY8s40BufGiqyUTKKXL953MVFK8gmezXA0hbmrnZ7CBOw/7238mORAdzExaX8n7CE=
+ingotronic.ch.		300	IN	RRSIG	DNSKEY 5 2 300 20150125003700 20141226001657 6031 ingotronic.ch. rs1QlP2SlSpA2ELbzwg3DgWLzXWL3Lpv6CUJE2Q0qH2Zp7Qdy3cD+ZEtNh9v24Qv1M6JJ3zFt8mmZoCeW2ycuMbJCqBkW9CBuwF+VznZvZY2MxwPipvhvEEGP//0M8YAZJ66yQPDv3PTdAP8FYbIrJyvY44vwyncwbslpfHT9jAsrbfr3vuMuWps86dnP462q+0s1TxBfqi8mzo3gdavjHKWVNwohLahLKT+tWeu6DSzQv0YwMjwtkLgF7QRgx3ctIIkloOrnx9nHH1N6y+hxEB89fOlyVDjHhgL5uVtsD5fEdT0FJ2Gc/2nShEMMqIwr1/J9kUq1mNySff/uEe65Q==
+ingotronic.ch.		300	IN	RRSIG	DNSKEY 5 2 300 20150125003700 20141226001657 17430 ingotronic.ch. mEwZjhQqeWksWD0TCnNBrtce4YkWJL3edqL6PvAUu8Fn+Ih437kEs3+pqdkgRsdYQ9HW+lBm/8pWwJlNAv0bi9NykItXMwAUFtncgq+6Pnh3iAM972GXSa5VV4LcGQ5b8CBdHCHiEKDqyPv5Hr5QfYL/FQaWlcNRh4QZZlZNPFA=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 940 bytes
+
+###############################################
+
diff --git a/src/test/resources/recordings/org_xbill_DNS_dnssec_TestCNames/testCNameToVoid_2 b/src/test/resources/recordings/org_xbill_DNS_dnssec_TestCNames/testCNameToVoid_2
new file mode 100644
index 000000000..b018677c1
--- /dev/null
+++ b/src/test/resources/recordings/org_xbill_DNS_dnssec_TestCNames/testCNameToVoid_2
@@ -0,0 +1,124 @@
+#Date: 2015-01-06T22:34:56+01:00
+;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 34279
+;; flags: qr aa rd ra cd ; qd: 1 an: 4 au: 6 ad: 1 
+;; QUESTIONS:
+;;	cvoid2.ingotronic.ch., type = A, class = IN
+
+;; ANSWERS:
+cvoid2.ingotronic.ch.	300	IN	CNAME	cvoid1.ingotronic.ch.
+cvoid2.ingotronic.ch.	300	IN	RRSIG	CNAME 5 3 300 20150125010026 20141226003834 17430 ingotronic.ch. TXsbQfrVD9b/bdPeIpYrLFxPxiihDhWpASKTwlH2qdJq1jj95azjtUKXDaiY5NQHey83W4Z3cS37stNAc/K2Du8novIqfXesZqf7g/1kYl1Yd/WXnU8h3ImPBrx4uGj1mv5K31cxpdfRp5EP73rarc2rgzO+pnCoKV7ofSXXYOo=
+cvoid1.ingotronic.ch.	300	IN	CNAME	gibtsnicht.ingotronic.ch.
+cvoid1.ingotronic.ch.	300	IN	RRSIG	CNAME 5 3 300 20150125000532 20141225234703 17430 ingotronic.ch. bjZ5dgY+WNUzgkbA9Bvgz9Ux6lQxEVWzrtnkByK7C6itvwG3pS1LcxOCPi79a5PQqbGm1S4axCsEHtZkoZWWU2OEUvfiqJtATnxBGlb43q0eP8wQhmxMSqSC5DNedShLeT5v1hhvCyyJ7lEpMKwI1ROc/MMtFzvlWHKCqb81lxQ=
+
+;; AUTHORITY RECORDS:
+ingotronic.ch.		300	IN	SOA	ns1.ingotronic.ch. admin.ingotronic.ch. 2013032762 300 60 864000 300
+ingotronic.ch.		300	IN	RRSIG	SOA 5 2 300 20150125021244 20141226011244 17430 ingotronic.ch. WDLpp9G0P/rlMBfpFn9sAfpEFoBnQfwyGSXbGCc/LG1FSkJoKLDQYDY696scLNsJgkrzZeJrl0oSSvA8AvRUhYRrmuqWMxTVFgYlRwPwqEMCKUqiVhKGVF4NYemoBiUQC4nJwBZd57xKCiF4AQ4CodBtiZxefJFAlTNE0g2yxtM=
+ingotronic.ch.		300	IN	NSEC	alias.ingotronic.ch. A NS SOA RRSIG NSEC DNSKEY
+ingotronic.ch.		300	IN	RRSIG	NSEC 5 2 300 20150125000532 20141225234703 17430 ingotronic.ch. en5BaZ6zWqEvoUFUDPm5g1pjz7THXBv/1kjKtV2tS+7xh0BtkLEzlA9n/H66ZZAX2EIh7vXj12xVJKOuEuM0o1mJwKsBaLQuTra60/zYAUIddwUOCzI3zzjiRFklPyHSnLkGoBODZcvehnsTzTPyBxkfoouleqpj7gN5jOSBL8M=
+eccgost.ingotronic.ch.	300	IN	NSEC	invalid.ingotronic.ch. NS DS RRSIG NSEC
+eccgost.ingotronic.ch.	300	IN	RRSIG	NSEC 5 3 300 20150125021136 20141226011244 17430 ingotronic.ch. lsX44/1144d1nG80WVhDnZCiywh+KTNqj9oEECk3GifEjOWNTJDTfbBnrGbdc7BIWs1mZmcPKFVfQB39QunMyzNQi4Wzjor3U1FPbXhUTn/g9fMul37g1aR00hUfS2Jo49vfDZEMZWp7th9ZFc+hlr8uWISceul5OJRq4SyMbzs=
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 1099 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 59670
+;; flags: qr rd ra ad cd ; qd: 1 an: 4 au: 0 ad: 1 
+;; QUESTIONS:
+;;	., type = DNSKEY, class = IN
+
+;; ANSWERS:
+.			87378	IN	DNSKEY	256 3 8 AwEAAe3fSrbLBy3LOS7pnxEUhvPZTE2H5dIGsI/UfruI/nOEvWWa/PSX2BFedBkEqOlYdjdNF2f+6lmfk2Od/xu0v5bVqxFE+/24v3hZSlWBxvXzPTAGHrbW/IJYEPqlzVOAS4XdUgHg0N7IbLywNHMvB+Yf+Nm6ctyXXFLV4WTNnzs7
+.			87378	IN	DNSKEY	256 3 8 AwEAAaPD7Y7XIi1MOEREJNTrRhyqsY3gff6JWzg+XCbqut1sbcbvqyssHw8DT1AkRaAC92pO8xuyq5QEgEPL1IHfABLwpwXI5gTj4gdwi86bpkmlWs9fRpnn4DPDCTdrnxIejJXgClHikLJF3u3CdpNCMijq4CKdQbMlRZ3avv+G7rh7
+.			87378	IN	DNSKEY	257 3 8 AwEAAagAIKlVZrpC6Ia7gEzahOR+9W29euxhJhVVLOyQbSEW0O8gcCjFFVQUTf6v58fLjwBd0YI0EzrAcQqBGCzh/RStIoO8g0NfnfL2MTJRkxoXbfDaUeVPQuYEhg37NZWAJQ9VnMVDxP/VHL496M/QZxkjf5/Efucp2gaDX6RS6CXpoY68LsvPVjR0ZSwzz1apAzvN9dlzEheX7ICJBBtuA6G3LQpzW5hOA2hzCTMjJPJ8LbqF6dsV6DoBQzgul0sGIcGOYl7OyQdXfZ57relSQageu+ipAdTTJ25AsRTAoub8ONGcLmqrAmRLKBP1dfwhYB4N7knNnulqQxA+Uk1ihz0=
+.			87378	IN	RRSIG	DNSKEY 8 0 172800 20150115235959 20150101000000 19036 . i8cAxD2pvQi1oAyvQxRpDfFlbqPzW+69QQEsDwE1eWOm5AtawO9U7lmsGps7sy/fVNvl1ljKBj4Djp9pb3U2FLogjiIlW0cDAkPmLlG9t+b/pjEfBNlhjANUVN06pvQVAfm+LcF26EaWT6FlISBqb6jSy4BHRa3Bdc4Sx7+pRSYSqVVvYxLkfAWsKPqGkvWhebJDndJJV9syXQXgZ+v/uJ+6XOS43xkAdeL8iBzIs/FlwMTfh3tVe3d0lb65IBBLlCzeQuetX+0Vu1YFcnD0mHc/wS2ZnAV5toAFmyVQBoY/XAZiZeaOkcROJ6Zmqezy7liwK7BqsYyAZntMhk8lbg==
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 883 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 6373
+;; flags: qr rd ra ad cd ; qd: 1 an: 2 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ch., type = DS, class = IN
+
+;; ANSWERS:
+ch.			978	IN	DS	46375 8 2 8F96646FC68BB7E4AF4C0750A6096FBC0D4ECDA3D3FA6DA06FDDB42EE50C6CF3
+ch.			978	IN	RRSIG	DS 8 1 86400 20150112170000 20150105160000 16665 . thY7xYWBBxiBjqbQIb9fAG4TmQgnziwM7q6P1T3/ITxmECdvOCQnnZA3uD7qmN8uM0HudsD7+y+zgD3rsH4RSTKdL4kHSI0OnCxToMTvklghEgFDezqIRm8NkWdI2H4Stwrj20nYKSpLQxPI2EE54gs18P3KyO8bAUYv8Qx73xU=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 238 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 48616
+;; flags: qr rd ra ad cd ; qd: 1 an: 4 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ch., type = DNSKEY, class = IN
+
+;; ANSWERS:
+ch.			979	IN	DNSKEY	256 3 8 AwEAAcsg0kY6fw1wzYMhSAKTy+Y2JzAst66P/1odp9NECJJHbU8f4nwziI3onoFSBV0ZiSZhY1aH5dhdDZ7BkrqhVXSrZPAz0CvzjIxmB1gSOf9DeZvjQvoy97HqYolxsf+B3QQv2RKBT67elF5+JisKg3/dQISelKn8LhabSoVrMlD1
+ch.			979	IN	DNSKEY	256 3 8 AwEAAcSLdT0fEmcFmLpeUkAJoeVaHKiu+nbuc43fWlqaCRVf8t2HA4uWxOk0O5ci9nrFTc8nq8oa5fk5Cj7CHh4yrX9qUCfTdIWTyp8BDEdJpS+Dyb0u9wQuVj+nQMj4fLzdQf4TJs3/qxuiLr3nL1UUwlhhXeqSqGVb7p3mtB5HJ8ad
+ch.			979	IN	DNSKEY	257 3 8 AwEAAb7GhhZ8IAy/AhwmSms5DeQK5ad09wIIplEpYoiAIYXPtJvT1ReFzyfTp/2YP+g/PWDwHPh4qKAHa9x0VgbIQcGAeNakmfkAdWEmCnca323/SAml3mwfaX62G7/uYWae5zh8QTxZKNd+K1yZ5x0IxnI31chSl5xymRbTEHYZDKwSIRFM3fTxUMt93WFaBVWELReYotJBr++rvAWdnlay5TPBTvheLBkaiqtgM4GP8HK07Y+86lsZnEsj5K3G1KTV5SPpa82rqYAwxG9VKbmSE/6/kBR5jJHjt1rRt5Oe7v18aEtw0YCEN4vxq+KuvMoNVqXUsE9LBwHJD+QNwi6wmB0=
+ch.			979	IN	RRSIG	DNSKEY 8 1 86400 20150127100909 20141212090909 46375 ch. bT8q0FWyeMH0SulNo6UdIIgZYNATwYsee2bikq2Gh339Bufma8eaqWIPYT3XKmxYPBFOw0bVl+kLZxTwbR1CFoCDXoP+qgQhh4mf9qkNiv2CDSc+0FE3FRREn+DAhYTUEuB58FPiPakFB8s8O7T+k2qhDae7jy4/y7Jl1lnjaBY8s7bzOUPhF0KKCNZmvoKwtL23ZdVeTSV1xM3jkiNnpzBKbcoSWECSGJVp1SE0BnRXdwQP41YTXFZ0310YjaTAUCC5qbMIWdEkHjfdSQtKBImnc85mkapq9w++XQ4zhauPWBtrPV3CcoCahjUaWdjrKVkibomlJZaN8MEO23CfQw==
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 893 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 14302
+;; flags: qr rd ra cd ; qd: 1 an: 3 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ingotronic.ch., type = DS, class = IN
+
+;; ANSWERS:
+ingotronic.ch.		3587	IN	DS	6031 5 1 733D0218B571CD617B1A7493564B9FC4F12ADE82
+ingotronic.ch.		3587	IN	DS	6031 5 2 4A948F2FDADA24686E473EDAC00DCF972584C75E3FAA92C2021B6221449FF87E
+ingotronic.ch.		3587	IN	RRSIG	DS 8 2 3600 20150129033614 20150105123019 60789 ch. rVPJP2HhzW7OkroK2axFj5Lb4iVWCH8Fp/Iq1rF952NDo72b8RiKje2RaAKJAGQ+wd0YgE+PAej04GCmkhlDJA/zvPeeTxuhy3HbJzReMlQ7fjyH+wW1hli+FuIYvogXWf7nO/9VyPORt8X/f/pjrOr3Vlj9sGLN8TGYpEuVSw4=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 288 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 60529
+;; flags: qr aa rd ra cd ; qd: 1 an: 4 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ingotronic.ch., type = DNSKEY, class = IN
+
+;; ANSWERS:
+ingotronic.ch.		300	IN	DNSKEY	256 3 5 AwEAAZ2Xh77GFzpEDx7EHYxShqltHgkiG+BOjBGifEmnJhQSdE5/yNSLFNcdhZZ8HUPxYnaedTqJcFFg4AzUsQklF/fECegTJdZjaj2WoL0/I8K7HMfY/hVuRZUWPNglYi8agJRX6gdkFTCpUNI7stpgKqxtzUJhhw15uG/lKMplwqUr
+ingotronic.ch.		300	IN	DNSKEY	257 3 5 AwEAAeA1vzmjaB+eBAcvhzpKEgAEFpvQ1rg4uKDW6MsQtacKoqBpgyep2+LuWotz5p/xYxj3NGsArwN8Ad5cY0FHRr8miTT0elOv6nvlqGIfRuhj/BXAQ1x4ihpSFslHw0lJMYFwxsUZWpUyjWX/nv1xRZMMwF46gui0N4OEbyTYusCk77D+A71k+K0EAitFIbIH4GCUKmH1H7HmXhSVH9bN/n7KEGwW32lmsuuUcJoRKDkcUvbMXY/9Xoa2quERrUg/rBbDUHowRPjYDS5GzY1+f4YY8s40BufGiqyUTKKXL953MVFK8gmezXA0hbmrnZ7CBOw/7238mORAdzExaX8n7CE=
+ingotronic.ch.		300	IN	RRSIG	DNSKEY 5 2 300 20150125003700 20141226001657 6031 ingotronic.ch. rs1QlP2SlSpA2ELbzwg3DgWLzXWL3Lpv6CUJE2Q0qH2Zp7Qdy3cD+ZEtNh9v24Qv1M6JJ3zFt8mmZoCeW2ycuMbJCqBkW9CBuwF+VznZvZY2MxwPipvhvEEGP//0M8YAZJ66yQPDv3PTdAP8FYbIrJyvY44vwyncwbslpfHT9jAsrbfr3vuMuWps86dnP462q+0s1TxBfqi8mzo3gdavjHKWVNwohLahLKT+tWeu6DSzQv0YwMjwtkLgF7QRgx3ctIIkloOrnx9nHH1N6y+hxEB89fOlyVDjHhgL5uVtsD5fEdT0FJ2Gc/2nShEMMqIwr1/J9kUq1mNySff/uEe65Q==
+ingotronic.ch.		300	IN	RRSIG	DNSKEY 5 2 300 20150125003700 20141226001657 17430 ingotronic.ch. mEwZjhQqeWksWD0TCnNBrtce4YkWJL3edqL6PvAUu8Fn+Ih437kEs3+pqdkgRsdYQ9HW+lBm/8pWwJlNAv0bi9NykItXMwAUFtncgq+6Pnh3iAM972GXSa5VV4LcGQ5b8CBdHCHiEKDqyPv5Hr5QfYL/FQaWlcNRh4QZZlZNPFA=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 940 bytes
+
+###############################################
+
diff --git a/src/test/resources/recordings/org_xbill_DNS_dnssec_TestCNames/testCNameToVoid_3 b/src/test/resources/recordings/org_xbill_DNS_dnssec_TestCNames/testCNameToVoid_3
new file mode 100644
index 000000000..9cca46d2b
--- /dev/null
+++ b/src/test/resources/recordings/org_xbill_DNS_dnssec_TestCNames/testCNameToVoid_3
@@ -0,0 +1,126 @@
+#Date: 2015-01-06T22:34:56+01:00
+;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 59635
+;; flags: qr aa rd ra cd ; qd: 1 an: 6 au: 6 ad: 1 
+;; QUESTIONS:
+;;	cvoid3.ingotronic.ch., type = A, class = IN
+
+;; ANSWERS:
+cvoid3.ingotronic.ch.	300	IN	CNAME	cvoid2.ingotronic.ch.
+cvoid3.ingotronic.ch.	300	IN	RRSIG	CNAME 5 3 300 20150125010026 20141226003834 17430 ingotronic.ch. Hu0GdbBDRA0DKRD4+sXTmQepSP4MiNAgYgD31P0HsW90u7EMg/urDVtDR4SGRQjgAJek5+YtYWoVD3Daqzbu5F6lJp8BATK7BcMbERdTv3R+3jnBbElA8sxyHUXBnMjuj6P1ifjFEN8cnS7zCVEDGZdKZN58TOCpNtuHAzl1J8A=
+cvoid2.ingotronic.ch.	300	IN	CNAME	cvoid1.ingotronic.ch.
+cvoid2.ingotronic.ch.	300	IN	RRSIG	CNAME 5 3 300 20150125010026 20141226003834 17430 ingotronic.ch. TXsbQfrVD9b/bdPeIpYrLFxPxiihDhWpASKTwlH2qdJq1jj95azjtUKXDaiY5NQHey83W4Z3cS37stNAc/K2Du8novIqfXesZqf7g/1kYl1Yd/WXnU8h3ImPBrx4uGj1mv5K31cxpdfRp5EP73rarc2rgzO+pnCoKV7ofSXXYOo=
+cvoid1.ingotronic.ch.	300	IN	CNAME	gibtsnicht.ingotronic.ch.
+cvoid1.ingotronic.ch.	300	IN	RRSIG	CNAME 5 3 300 20150125000532 20141225234703 17430 ingotronic.ch. bjZ5dgY+WNUzgkbA9Bvgz9Ux6lQxEVWzrtnkByK7C6itvwG3pS1LcxOCPi79a5PQqbGm1S4axCsEHtZkoZWWU2OEUvfiqJtATnxBGlb43q0eP8wQhmxMSqSC5DNedShLeT5v1hhvCyyJ7lEpMKwI1ROc/MMtFzvlWHKCqb81lxQ=
+
+;; AUTHORITY RECORDS:
+ingotronic.ch.		300	IN	SOA	ns1.ingotronic.ch. admin.ingotronic.ch. 2013032762 300 60 864000 300
+ingotronic.ch.		300	IN	RRSIG	SOA 5 2 300 20150125021244 20141226011244 17430 ingotronic.ch. WDLpp9G0P/rlMBfpFn9sAfpEFoBnQfwyGSXbGCc/LG1FSkJoKLDQYDY696scLNsJgkrzZeJrl0oSSvA8AvRUhYRrmuqWMxTVFgYlRwPwqEMCKUqiVhKGVF4NYemoBiUQC4nJwBZd57xKCiF4AQ4CodBtiZxefJFAlTNE0g2yxtM=
+ingotronic.ch.		300	IN	NSEC	alias.ingotronic.ch. A NS SOA RRSIG NSEC DNSKEY
+ingotronic.ch.		300	IN	RRSIG	NSEC 5 2 300 20150125000532 20141225234703 17430 ingotronic.ch. en5BaZ6zWqEvoUFUDPm5g1pjz7THXBv/1kjKtV2tS+7xh0BtkLEzlA9n/H66ZZAX2EIh7vXj12xVJKOuEuM0o1mJwKsBaLQuTra60/zYAUIddwUOCzI3zzjiRFklPyHSnLkGoBODZcvehnsTzTPyBxkfoouleqpj7gN5jOSBL8M=
+eccgost.ingotronic.ch.	300	IN	NSEC	invalid.ingotronic.ch. NS DS RRSIG NSEC
+eccgost.ingotronic.ch.	300	IN	RRSIG	NSEC 5 3 300 20150125021136 20141226011244 17430 ingotronic.ch. lsX44/1144d1nG80WVhDnZCiywh+KTNqj9oEECk3GifEjOWNTJDTfbBnrGbdc7BIWs1mZmcPKFVfQB39QunMyzNQi4Wzjor3U1FPbXhUTn/g9fMul37g1aR00hUfS2Jo49vfDZEMZWp7th9ZFc+hlr8uWISceul5OJRq4SyMbzs=
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 1293 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 39640
+;; flags: qr rd ra ad cd ; qd: 1 an: 4 au: 0 ad: 1 
+;; QUESTIONS:
+;;	., type = DNSKEY, class = IN
+
+;; ANSWERS:
+.			87377	IN	DNSKEY	257 3 8 AwEAAagAIKlVZrpC6Ia7gEzahOR+9W29euxhJhVVLOyQbSEW0O8gcCjFFVQUTf6v58fLjwBd0YI0EzrAcQqBGCzh/RStIoO8g0NfnfL2MTJRkxoXbfDaUeVPQuYEhg37NZWAJQ9VnMVDxP/VHL496M/QZxkjf5/Efucp2gaDX6RS6CXpoY68LsvPVjR0ZSwzz1apAzvN9dlzEheX7ICJBBtuA6G3LQpzW5hOA2hzCTMjJPJ8LbqF6dsV6DoBQzgul0sGIcGOYl7OyQdXfZ57relSQageu+ipAdTTJ25AsRTAoub8ONGcLmqrAmRLKBP1dfwhYB4N7knNnulqQxA+Uk1ihz0=
+.			87377	IN	DNSKEY	256 3 8 AwEAAe3fSrbLBy3LOS7pnxEUhvPZTE2H5dIGsI/UfruI/nOEvWWa/PSX2BFedBkEqOlYdjdNF2f+6lmfk2Od/xu0v5bVqxFE+/24v3hZSlWBxvXzPTAGHrbW/IJYEPqlzVOAS4XdUgHg0N7IbLywNHMvB+Yf+Nm6ctyXXFLV4WTNnzs7
+.			87377	IN	DNSKEY	256 3 8 AwEAAaPD7Y7XIi1MOEREJNTrRhyqsY3gff6JWzg+XCbqut1sbcbvqyssHw8DT1AkRaAC92pO8xuyq5QEgEPL1IHfABLwpwXI5gTj4gdwi86bpkmlWs9fRpnn4DPDCTdrnxIejJXgClHikLJF3u3CdpNCMijq4CKdQbMlRZ3avv+G7rh7
+.			87377	IN	RRSIG	DNSKEY 8 0 172800 20150115235959 20150101000000 19036 . i8cAxD2pvQi1oAyvQxRpDfFlbqPzW+69QQEsDwE1eWOm5AtawO9U7lmsGps7sy/fVNvl1ljKBj4Djp9pb3U2FLogjiIlW0cDAkPmLlG9t+b/pjEfBNlhjANUVN06pvQVAfm+LcF26EaWT6FlISBqb6jSy4BHRa3Bdc4Sx7+pRSYSqVVvYxLkfAWsKPqGkvWhebJDndJJV9syXQXgZ+v/uJ+6XOS43xkAdeL8iBzIs/FlwMTfh3tVe3d0lb65IBBLlCzeQuetX+0Vu1YFcnD0mHc/wS2ZnAV5toAFmyVQBoY/XAZiZeaOkcROJ6Zmqezy7liwK7BqsYyAZntMhk8lbg==
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 883 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 10842
+;; flags: qr rd ra ad cd ; qd: 1 an: 2 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ch., type = DS, class = IN
+
+;; ANSWERS:
+ch.			977	IN	DS	46375 8 2 8F96646FC68BB7E4AF4C0750A6096FBC0D4ECDA3D3FA6DA06FDDB42EE50C6CF3
+ch.			977	IN	RRSIG	DS 8 1 86400 20150112170000 20150105160000 16665 . thY7xYWBBxiBjqbQIb9fAG4TmQgnziwM7q6P1T3/ITxmECdvOCQnnZA3uD7qmN8uM0HudsD7+y+zgD3rsH4RSTKdL4kHSI0OnCxToMTvklghEgFDezqIRm8NkWdI2H4Stwrj20nYKSpLQxPI2EE54gs18P3KyO8bAUYv8Qx73xU=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 238 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 34860
+;; flags: qr rd ra ad cd ; qd: 1 an: 4 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ch., type = DNSKEY, class = IN
+
+;; ANSWERS:
+ch.			978	IN	DNSKEY	256 3 8 AwEAAcsg0kY6fw1wzYMhSAKTy+Y2JzAst66P/1odp9NECJJHbU8f4nwziI3onoFSBV0ZiSZhY1aH5dhdDZ7BkrqhVXSrZPAz0CvzjIxmB1gSOf9DeZvjQvoy97HqYolxsf+B3QQv2RKBT67elF5+JisKg3/dQISelKn8LhabSoVrMlD1
+ch.			978	IN	DNSKEY	256 3 8 AwEAAcSLdT0fEmcFmLpeUkAJoeVaHKiu+nbuc43fWlqaCRVf8t2HA4uWxOk0O5ci9nrFTc8nq8oa5fk5Cj7CHh4yrX9qUCfTdIWTyp8BDEdJpS+Dyb0u9wQuVj+nQMj4fLzdQf4TJs3/qxuiLr3nL1UUwlhhXeqSqGVb7p3mtB5HJ8ad
+ch.			978	IN	DNSKEY	257 3 8 AwEAAb7GhhZ8IAy/AhwmSms5DeQK5ad09wIIplEpYoiAIYXPtJvT1ReFzyfTp/2YP+g/PWDwHPh4qKAHa9x0VgbIQcGAeNakmfkAdWEmCnca323/SAml3mwfaX62G7/uYWae5zh8QTxZKNd+K1yZ5x0IxnI31chSl5xymRbTEHYZDKwSIRFM3fTxUMt93WFaBVWELReYotJBr++rvAWdnlay5TPBTvheLBkaiqtgM4GP8HK07Y+86lsZnEsj5K3G1KTV5SPpa82rqYAwxG9VKbmSE/6/kBR5jJHjt1rRt5Oe7v18aEtw0YCEN4vxq+KuvMoNVqXUsE9LBwHJD+QNwi6wmB0=
+ch.			978	IN	RRSIG	DNSKEY 8 1 86400 20150127100909 20141212090909 46375 ch. bT8q0FWyeMH0SulNo6UdIIgZYNATwYsee2bikq2Gh339Bufma8eaqWIPYT3XKmxYPBFOw0bVl+kLZxTwbR1CFoCDXoP+qgQhh4mf9qkNiv2CDSc+0FE3FRREn+DAhYTUEuB58FPiPakFB8s8O7T+k2qhDae7jy4/y7Jl1lnjaBY8s7bzOUPhF0KKCNZmvoKwtL23ZdVeTSV1xM3jkiNnpzBKbcoSWECSGJVp1SE0BnRXdwQP41YTXFZ0310YjaTAUCC5qbMIWdEkHjfdSQtKBImnc85mkapq9w++XQ4zhauPWBtrPV3CcoCahjUaWdjrKVkibomlJZaN8MEO23CfQw==
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 893 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 34516
+;; flags: qr rd ra cd ; qd: 1 an: 3 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ingotronic.ch., type = DS, class = IN
+
+;; ANSWERS:
+ingotronic.ch.		3586	IN	DS	6031 5 1 733D0218B571CD617B1A7493564B9FC4F12ADE82
+ingotronic.ch.		3586	IN	DS	6031 5 2 4A948F2FDADA24686E473EDAC00DCF972584C75E3FAA92C2021B6221449FF87E
+ingotronic.ch.		3586	IN	RRSIG	DS 8 2 3600 20150129033614 20150105123019 60789 ch. rVPJP2HhzW7OkroK2axFj5Lb4iVWCH8Fp/Iq1rF952NDo72b8RiKje2RaAKJAGQ+wd0YgE+PAej04GCmkhlDJA/zvPeeTxuhy3HbJzReMlQ7fjyH+wW1hli+FuIYvogXWf7nO/9VyPORt8X/f/pjrOr3Vlj9sGLN8TGYpEuVSw4=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 288 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 50866
+;; flags: qr aa rd ra cd ; qd: 1 an: 4 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ingotronic.ch., type = DNSKEY, class = IN
+
+;; ANSWERS:
+ingotronic.ch.		300	IN	DNSKEY	256 3 5 AwEAAZ2Xh77GFzpEDx7EHYxShqltHgkiG+BOjBGifEmnJhQSdE5/yNSLFNcdhZZ8HUPxYnaedTqJcFFg4AzUsQklF/fECegTJdZjaj2WoL0/I8K7HMfY/hVuRZUWPNglYi8agJRX6gdkFTCpUNI7stpgKqxtzUJhhw15uG/lKMplwqUr
+ingotronic.ch.		300	IN	DNSKEY	257 3 5 AwEAAeA1vzmjaB+eBAcvhzpKEgAEFpvQ1rg4uKDW6MsQtacKoqBpgyep2+LuWotz5p/xYxj3NGsArwN8Ad5cY0FHRr8miTT0elOv6nvlqGIfRuhj/BXAQ1x4ihpSFslHw0lJMYFwxsUZWpUyjWX/nv1xRZMMwF46gui0N4OEbyTYusCk77D+A71k+K0EAitFIbIH4GCUKmH1H7HmXhSVH9bN/n7KEGwW32lmsuuUcJoRKDkcUvbMXY/9Xoa2quERrUg/rBbDUHowRPjYDS5GzY1+f4YY8s40BufGiqyUTKKXL953MVFK8gmezXA0hbmrnZ7CBOw/7238mORAdzExaX8n7CE=
+ingotronic.ch.		300	IN	RRSIG	DNSKEY 5 2 300 20150125003700 20141226001657 6031 ingotronic.ch. rs1QlP2SlSpA2ELbzwg3DgWLzXWL3Lpv6CUJE2Q0qH2Zp7Qdy3cD+ZEtNh9v24Qv1M6JJ3zFt8mmZoCeW2ycuMbJCqBkW9CBuwF+VznZvZY2MxwPipvhvEEGP//0M8YAZJ66yQPDv3PTdAP8FYbIrJyvY44vwyncwbslpfHT9jAsrbfr3vuMuWps86dnP462q+0s1TxBfqi8mzo3gdavjHKWVNwohLahLKT+tWeu6DSzQv0YwMjwtkLgF7QRgx3ctIIkloOrnx9nHH1N6y+hxEB89fOlyVDjHhgL5uVtsD5fEdT0FJ2Gc/2nShEMMqIwr1/J9kUq1mNySff/uEe65Q==
+ingotronic.ch.		300	IN	RRSIG	DNSKEY 5 2 300 20150125003700 20141226001657 17430 ingotronic.ch. mEwZjhQqeWksWD0TCnNBrtce4YkWJL3edqL6PvAUu8Fn+Ih437kEs3+pqdkgRsdYQ9HW+lBm/8pWwJlNAv0bi9NykItXMwAUFtncgq+6Pnh3iAM972GXSa5VV4LcGQ5b8CBdHCHiEKDqyPv5Hr5QfYL/FQaWlcNRh4QZZlZNPFA=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 940 bytes
+
+###############################################
+
diff --git a/src/test/resources/recordings/org_xbill_DNS_dnssec_TestDNames/testDNameChain b/src/test/resources/recordings/org_xbill_DNS_dnssec_TestDNames/testDNameChain
new file mode 100644
index 000000000..c570c0e8e
--- /dev/null
+++ b/src/test/resources/recordings/org_xbill_DNS_dnssec_TestDNames/testDNameChain
@@ -0,0 +1,165 @@
+#Date: 2015-01-06T22:35:18+01:00
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 44507
+;; flags: qr aa rd ra cd ; qd: 1 an: 8 au: 2 ad: 3 
+;; QUESTIONS:
+;;	www.alias.nsec3.ingotronic.ch., type = A, class = IN
+
+;; ANSWERS:
+alias.nsec3.ingotronic.ch.	300	IN	DNAME	alias.ingotronic.ch.
+alias.nsec3.ingotronic.ch.	300	IN	RRSIG	DNAME 7 4 300 20150125010458 20141226002309 62417 nsec3.ingotronic.ch. eYGi6EDpW/j20NoDaULrBkHTSTJhk45F8wsIRmGvmbdodQtvXH5Ax8kReCg3BxlkVnL+I4aQL4GrNFUU9F05JgIXHhDyW7ZixGVtj1rz2jCYHFYiQZC6RZSntnoUKdhcbgs/KI5ffIoFFMzrFfT8Aw6lUpBti0HRtnOdtepBHSc=
+www.alias.nsec3.ingotronic.ch.	300	IN	CNAME	www.alias.ingotronic.ch.
+alias.ingotronic.ch.	300	IN	DNAME	ingotronic.ch.
+alias.ingotronic.ch.	300	IN	RRSIG	DNAME 5 3 300 20150125000532 20141225234703 17430 ingotronic.ch. GzAO4/bVZ3twjJhR1z1uujUYNI35rtGJi3jlDY6kbwQcaZeiu8WSeln5L90FijEVFVsXsv5rVvOZXAiXk5FP5jZgGg/A6H1iN8nNsVNSzc8XNWBd+Wv4+x0aQKZvcAD++Pcn3EW3nCEcHNdvnqVsjXbtdTJOiPYrvm/iC3QduCI=
+www.alias.ingotronic.ch.	300	IN	CNAME	www.ingotronic.ch.
+www.ingotronic.ch.	300	IN	A	127.0.0.1
+www.ingotronic.ch.	300	IN	RRSIG	A 5 3 300 20150125012443 20141226010256 17430 ingotronic.ch. hkD2bkHZKHoJX8cg69j6l1JXE7iYlVFc0iMo3/3hcq4TqieiT2El/9DLfMSxa7XyB/HRDG5Ul61E56pwlCDdxkwemtAuTzjCpqAtvQ5l5OEtTM4i6nijKBkRRzHjh99qDI1jh9GFv3jkTk5m7iaMQemUB4VTjKGLcZHXvWmQLbg=
+
+;; AUTHORITY RECORDS:
+ingotronic.ch.		300	IN	NS	ns1.ingotronic.ch.
+ingotronic.ch.		300	IN	RRSIG	NS 5 2 300 20150125000532 20141225234703 17430 ingotronic.ch. VuzVJM3McSHlcdngCG/G23zCikq8tXE0CZV2ZSgUFXXFMIEoM6PMi1QRQ/8VF3tee4WGpRx2jhtkui0wFRFfwIhW7G1uPDT4qogaR3KLIyuCEsMxhRH3WJZNrLmLqlSBGvd9OBJwbmryqm3Zzqvrk+E+rh8OJeifnBBpHAX4eHg=
+
+;; ADDITIONAL RECORDS:
+ns1.ingotronic.ch.	300	IN	A	62.192.5.131
+ns1.ingotronic.ch.	300	IN	RRSIG	A 5 3 300 20150125005754 20141226001054 17430 ingotronic.ch. fNG1RZM53pXwBxruHNaSZszxVzNLoCq8VZsTjAzYH2vSLzHXYVGJFTLIeY0K9APAdyJU8WuwmABmn7XY0Kg39kRG77uoFlqUws2PdTz2QKOwJGZY7W88Ak2Y9lkDBcK8o3wJHVptrT8R7p/1U7UfjF0kqPUkakk2B0EbFWdagFg=
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 1075 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 59638
+;; flags: qr rd ra ad cd ; qd: 1 an: 4 au: 0 ad: 1 
+;; QUESTIONS:
+;;	., type = DNSKEY, class = IN
+
+;; ANSWERS:
+.			87355	IN	DNSKEY	256 3 8 AwEAAaPD7Y7XIi1MOEREJNTrRhyqsY3gff6JWzg+XCbqut1sbcbvqyssHw8DT1AkRaAC92pO8xuyq5QEgEPL1IHfABLwpwXI5gTj4gdwi86bpkmlWs9fRpnn4DPDCTdrnxIejJXgClHikLJF3u3CdpNCMijq4CKdQbMlRZ3avv+G7rh7
+.			87355	IN	DNSKEY	257 3 8 AwEAAagAIKlVZrpC6Ia7gEzahOR+9W29euxhJhVVLOyQbSEW0O8gcCjFFVQUTf6v58fLjwBd0YI0EzrAcQqBGCzh/RStIoO8g0NfnfL2MTJRkxoXbfDaUeVPQuYEhg37NZWAJQ9VnMVDxP/VHL496M/QZxkjf5/Efucp2gaDX6RS6CXpoY68LsvPVjR0ZSwzz1apAzvN9dlzEheX7ICJBBtuA6G3LQpzW5hOA2hzCTMjJPJ8LbqF6dsV6DoBQzgul0sGIcGOYl7OyQdXfZ57relSQageu+ipAdTTJ25AsRTAoub8ONGcLmqrAmRLKBP1dfwhYB4N7knNnulqQxA+Uk1ihz0=
+.			87355	IN	DNSKEY	256 3 8 AwEAAe3fSrbLBy3LOS7pnxEUhvPZTE2H5dIGsI/UfruI/nOEvWWa/PSX2BFedBkEqOlYdjdNF2f+6lmfk2Od/xu0v5bVqxFE+/24v3hZSlWBxvXzPTAGHrbW/IJYEPqlzVOAS4XdUgHg0N7IbLywNHMvB+Yf+Nm6ctyXXFLV4WTNnzs7
+.			87355	IN	RRSIG	DNSKEY 8 0 172800 20150115235959 20150101000000 19036 . i8cAxD2pvQi1oAyvQxRpDfFlbqPzW+69QQEsDwE1eWOm5AtawO9U7lmsGps7sy/fVNvl1ljKBj4Djp9pb3U2FLogjiIlW0cDAkPmLlG9t+b/pjEfBNlhjANUVN06pvQVAfm+LcF26EaWT6FlISBqb6jSy4BHRa3Bdc4Sx7+pRSYSqVVvYxLkfAWsKPqGkvWhebJDndJJV9syXQXgZ+v/uJ+6XOS43xkAdeL8iBzIs/FlwMTfh3tVe3d0lb65IBBLlCzeQuetX+0Vu1YFcnD0mHc/wS2ZnAV5toAFmyVQBoY/XAZiZeaOkcROJ6Zmqezy7liwK7BqsYyAZntMhk8lbg==
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 883 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 1139
+;; flags: qr rd ra ad cd ; qd: 1 an: 2 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ch., type = DS, class = IN
+
+;; ANSWERS:
+ch.			955	IN	DS	46375 8 2 8F96646FC68BB7E4AF4C0750A6096FBC0D4ECDA3D3FA6DA06FDDB42EE50C6CF3
+ch.			955	IN	RRSIG	DS 8 1 86400 20150112170000 20150105160000 16665 . thY7xYWBBxiBjqbQIb9fAG4TmQgnziwM7q6P1T3/ITxmECdvOCQnnZA3uD7qmN8uM0HudsD7+y+zgD3rsH4RSTKdL4kHSI0OnCxToMTvklghEgFDezqIRm8NkWdI2H4Stwrj20nYKSpLQxPI2EE54gs18P3KyO8bAUYv8Qx73xU=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 238 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 28751
+;; flags: qr rd ra ad cd ; qd: 1 an: 4 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ch., type = DNSKEY, class = IN
+
+;; ANSWERS:
+ch.			956	IN	DNSKEY	257 3 8 AwEAAb7GhhZ8IAy/AhwmSms5DeQK5ad09wIIplEpYoiAIYXPtJvT1ReFzyfTp/2YP+g/PWDwHPh4qKAHa9x0VgbIQcGAeNakmfkAdWEmCnca323/SAml3mwfaX62G7/uYWae5zh8QTxZKNd+K1yZ5x0IxnI31chSl5xymRbTEHYZDKwSIRFM3fTxUMt93WFaBVWELReYotJBr++rvAWdnlay5TPBTvheLBkaiqtgM4GP8HK07Y+86lsZnEsj5K3G1KTV5SPpa82rqYAwxG9VKbmSE/6/kBR5jJHjt1rRt5Oe7v18aEtw0YCEN4vxq+KuvMoNVqXUsE9LBwHJD+QNwi6wmB0=
+ch.			956	IN	DNSKEY	256 3 8 AwEAAcsg0kY6fw1wzYMhSAKTy+Y2JzAst66P/1odp9NECJJHbU8f4nwziI3onoFSBV0ZiSZhY1aH5dhdDZ7BkrqhVXSrZPAz0CvzjIxmB1gSOf9DeZvjQvoy97HqYolxsf+B3QQv2RKBT67elF5+JisKg3/dQISelKn8LhabSoVrMlD1
+ch.			956	IN	DNSKEY	256 3 8 AwEAAcSLdT0fEmcFmLpeUkAJoeVaHKiu+nbuc43fWlqaCRVf8t2HA4uWxOk0O5ci9nrFTc8nq8oa5fk5Cj7CHh4yrX9qUCfTdIWTyp8BDEdJpS+Dyb0u9wQuVj+nQMj4fLzdQf4TJs3/qxuiLr3nL1UUwlhhXeqSqGVb7p3mtB5HJ8ad
+ch.			956	IN	RRSIG	DNSKEY 8 1 86400 20150127100909 20141212090909 46375 ch. bT8q0FWyeMH0SulNo6UdIIgZYNATwYsee2bikq2Gh339Bufma8eaqWIPYT3XKmxYPBFOw0bVl+kLZxTwbR1CFoCDXoP+qgQhh4mf9qkNiv2CDSc+0FE3FRREn+DAhYTUEuB58FPiPakFB8s8O7T+k2qhDae7jy4/y7Jl1lnjaBY8s7bzOUPhF0KKCNZmvoKwtL23ZdVeTSV1xM3jkiNnpzBKbcoSWECSGJVp1SE0BnRXdwQP41YTXFZ0310YjaTAUCC5qbMIWdEkHjfdSQtKBImnc85mkapq9w++XQ4zhauPWBtrPV3CcoCahjUaWdjrKVkibomlJZaN8MEO23CfQw==
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 893 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 45226
+;; flags: qr rd ra cd ; qd: 1 an: 3 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ingotronic.ch., type = DS, class = IN
+
+;; ANSWERS:
+ingotronic.ch.		3564	IN	DS	6031 5 1 733D0218B571CD617B1A7493564B9FC4F12ADE82
+ingotronic.ch.		3564	IN	DS	6031 5 2 4A948F2FDADA24686E473EDAC00DCF972584C75E3FAA92C2021B6221449FF87E
+ingotronic.ch.		3564	IN	RRSIG	DS 8 2 3600 20150129033614 20150105123019 60789 ch. rVPJP2HhzW7OkroK2axFj5Lb4iVWCH8Fp/Iq1rF952NDo72b8RiKje2RaAKJAGQ+wd0YgE+PAej04GCmkhlDJA/zvPeeTxuhy3HbJzReMlQ7fjyH+wW1hli+FuIYvogXWf7nO/9VyPORt8X/f/pjrOr3Vlj9sGLN8TGYpEuVSw4=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 288 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 40277
+;; flags: qr aa rd ra cd ; qd: 1 an: 4 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ingotronic.ch., type = DNSKEY, class = IN
+
+;; ANSWERS:
+ingotronic.ch.		300	IN	DNSKEY	257 3 5 AwEAAeA1vzmjaB+eBAcvhzpKEgAEFpvQ1rg4uKDW6MsQtacKoqBpgyep2+LuWotz5p/xYxj3NGsArwN8Ad5cY0FHRr8miTT0elOv6nvlqGIfRuhj/BXAQ1x4ihpSFslHw0lJMYFwxsUZWpUyjWX/nv1xRZMMwF46gui0N4OEbyTYusCk77D+A71k+K0EAitFIbIH4GCUKmH1H7HmXhSVH9bN/n7KEGwW32lmsuuUcJoRKDkcUvbMXY/9Xoa2quERrUg/rBbDUHowRPjYDS5GzY1+f4YY8s40BufGiqyUTKKXL953MVFK8gmezXA0hbmrnZ7CBOw/7238mORAdzExaX8n7CE=
+ingotronic.ch.		300	IN	DNSKEY	256 3 5 AwEAAZ2Xh77GFzpEDx7EHYxShqltHgkiG+BOjBGifEmnJhQSdE5/yNSLFNcdhZZ8HUPxYnaedTqJcFFg4AzUsQklF/fECegTJdZjaj2WoL0/I8K7HMfY/hVuRZUWPNglYi8agJRX6gdkFTCpUNI7stpgKqxtzUJhhw15uG/lKMplwqUr
+ingotronic.ch.		300	IN	RRSIG	DNSKEY 5 2 300 20150125003700 20141226001657 6031 ingotronic.ch. rs1QlP2SlSpA2ELbzwg3DgWLzXWL3Lpv6CUJE2Q0qH2Zp7Qdy3cD+ZEtNh9v24Qv1M6JJ3zFt8mmZoCeW2ycuMbJCqBkW9CBuwF+VznZvZY2MxwPipvhvEEGP//0M8YAZJ66yQPDv3PTdAP8FYbIrJyvY44vwyncwbslpfHT9jAsrbfr3vuMuWps86dnP462q+0s1TxBfqi8mzo3gdavjHKWVNwohLahLKT+tWeu6DSzQv0YwMjwtkLgF7QRgx3ctIIkloOrnx9nHH1N6y+hxEB89fOlyVDjHhgL5uVtsD5fEdT0FJ2Gc/2nShEMMqIwr1/J9kUq1mNySff/uEe65Q==
+ingotronic.ch.		300	IN	RRSIG	DNSKEY 5 2 300 20150125003700 20141226001657 17430 ingotronic.ch. mEwZjhQqeWksWD0TCnNBrtce4YkWJL3edqL6PvAUu8Fn+Ih437kEs3+pqdkgRsdYQ9HW+lBm/8pWwJlNAv0bi9NykItXMwAUFtncgq+6Pnh3iAM972GXSa5VV4LcGQ5b8CBdHCHiEKDqyPv5Hr5QfYL/FQaWlcNRh4QZZlZNPFA=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 940 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 48824
+;; flags: qr aa rd ra cd ; qd: 1 an: 3 au: 0 ad: 1 
+;; QUESTIONS:
+;;	nsec3.ingotronic.ch., type = DS, class = IN
+
+;; ANSWERS:
+nsec3.ingotronic.ch.	300	IN	DS	16758 7 2 3C8DC02750A1636F829B45D6E6D642866768A9CD40A013AD9D25AB63734FFA13
+nsec3.ingotronic.ch.	300	IN	DS	16758 7 1 1720FF268E09A2CB63805EC8782D10AAD20E12A5
+nsec3.ingotronic.ch.	300	IN	RRSIG	DS 5 3 300 20150125011134 20141226002644 17430 ingotronic.ch. hNurzlGhlyHbSgezPDuhIrtN9ZMsMXZbKGc7HD5rUuM88wD3fM97NxdzF+2Hi1USvBZ5GsQv63L+lAzf+mFPBoPIFHtTiAv8up7kQKRKmi/EzzkCYd/CC4UYdDZbaUyv7esh7spSOGwjPJNdK831p+MgltoWaYtnSGVMgOKk5mc=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 305 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 39526
+;; flags: qr aa rd ra cd ; qd: 1 an: 4 au: 0 ad: 1 
+;; QUESTIONS:
+;;	nsec3.ingotronic.ch., type = DNSKEY, class = IN
+
+;; ANSWERS:
+nsec3.ingotronic.ch.	300	IN	DNSKEY	257 3 7 AwEAAaBuJTf9oGyeTH3biUkAFLrsYrkodX1H7Snsui4XsDHFCBvs5XYacHbs0Jg0/O51KPjmNnjwMW8SSyDkKqYQ+9uYAf2EQ/pnD/VGQqnV2cw0Vwk/t0E2V4FUCju4pnAoyzZFZXGs1eWbX9JXu++b0Azp+ACq6485qJLzHhWDiIrPoK/SvdbFVRK4s+nPPJLH3NGBbtdz6kPq7aFWYBMoGeAZdN1wsQpcNWUo5eOmaJY53nMc7+rDpAyYlMe/FKwSZdX2ZDd63Qsa6Im4FVUJq/nWLq7tlQ/mWks15uDTQyJy/OWfA0ICCO4N9Fel9rThJNpJWEzOCblvZyBoy405kZk=
+nsec3.ingotronic.ch.	300	IN	DNSKEY	256 3 7 AwEAAccAWxkTVGZ6UAp0VEozAlYpARhbh6Y6tYOl6Fg3UeBNFFtDQ9fTEEt1NkbnR9u8KkpVN6a67avlYiUN1egDqEwzDU7R1Rw+/USdhm2hqOARmmu3DBgjjX/iXjZLyv310cOGFJZ/smcodlDL4pDAAoPxh/qs6KEBaT0sc1KWcGq3
+nsec3.ingotronic.ch.	300	IN	RRSIG	DNSKEY 7 3 300 20150125001457 20141226000444 16758 nsec3.ingotronic.ch. mXi1ylDi8XkRPup+YlT8GPdYE+P7gb6+/VdAwtodI916IzrkGkOHOTLbnrbAqqJOh0HxVCYXdxovmEcbJKUFKwplrQg3XD7/9Sq4pKU1MhMFEGrm/QPkM4u0mgjQwyToDLGuPHuFyur3FSjO/n54uGhAEft9JOFk/WKtWdCnm2LLyQrpC6herA3efFaI8kZhdoEY02AwihWVJxHasmz7lOoKRgNrkfELU+fN4+V7ISsRfJMyZc6q5PuNeG6vFD0uNE8tpdLJCSMurKYVpelvYqzFIcRTYcIjXwmS+L3DGjupqWMzFZVmpQM62JG3KCCD0ffpnNb0nWoSoHwpSeh/3Q==
+nsec3.ingotronic.ch.	300	IN	RRSIG	DNSKEY 7 3 300 20150125001457 20141226000444 62417 nsec3.ingotronic.ch. PyCrf8T5dAfJzapb1p+kcTALPjDuD2niSaXXo0KeHAunT+6gJicLML2S/ZpiYr7X7Ma4Z0TYqE02qH6pcLYNnSgv9BE8sZO0nRtPekSyTy5nLi4hFADYhjb3UjaB85qmQZcqm64vC/CJhWO4t6Eixg/5MYALw+Qdy5Fo0qy/U5E=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 958 bytes
+
+###############################################
+
diff --git a/src/test/resources/recordings/org_xbill_DNS_dnssec_TestDNames/testDNameDirectQueryIsValid b/src/test/resources/recordings/org_xbill_DNS_dnssec_TestDNames/testDNameDirectQueryIsValid
new file mode 100644
index 000000000..e734ecd3a
--- /dev/null
+++ b/src/test/resources/recordings/org_xbill_DNS_dnssec_TestDNames/testDNameDirectQueryIsValid
@@ -0,0 +1,120 @@
+#Date: 2015-01-06T22:35:18+01:00
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 46984
+;; flags: qr aa rd ra cd ; qd: 1 an: 2 au: 2 ad: 3 
+;; QUESTIONS:
+;;	alias.ingotronic.ch., type = DNAME, class = IN
+
+;; ANSWERS:
+alias.ingotronic.ch.	300	IN	DNAME	ingotronic.ch.
+alias.ingotronic.ch.	300	IN	RRSIG	DNAME 5 3 300 20150125000532 20141225234703 17430 ingotronic.ch. GzAO4/bVZ3twjJhR1z1uujUYNI35rtGJi3jlDY6kbwQcaZeiu8WSeln5L90FijEVFVsXsv5rVvOZXAiXk5FP5jZgGg/A6H1iN8nNsVNSzc8XNWBd+Wv4+x0aQKZvcAD++Pcn3EW3nCEcHNdvnqVsjXbtdTJOiPYrvm/iC3QduCI=
+
+;; AUTHORITY RECORDS:
+ingotronic.ch.		300	IN	NS	ns1.ingotronic.ch.
+ingotronic.ch.		300	IN	RRSIG	NS 5 2 300 20150125000532 20141225234703 17430 ingotronic.ch. VuzVJM3McSHlcdngCG/G23zCikq8tXE0CZV2ZSgUFXXFMIEoM6PMi1QRQ/8VF3tee4WGpRx2jhtkui0wFRFfwIhW7G1uPDT4qogaR3KLIyuCEsMxhRH3WJZNrLmLqlSBGvd9OBJwbmryqm3Zzqvrk+E+rh8OJeifnBBpHAX4eHg=
+
+;; ADDITIONAL RECORDS:
+ns1.ingotronic.ch.	300	IN	A	62.192.5.131
+ns1.ingotronic.ch.	300	IN	RRSIG	A 5 3 300 20150125005754 20141226001054 17430 ingotronic.ch. fNG1RZM53pXwBxruHNaSZszxVzNLoCq8VZsTjAzYH2vSLzHXYVGJFTLIeY0K9APAdyJU8WuwmABmn7XY0Kg39kRG77uoFlqUws2PdTz2QKOwJGZY7W88Ak2Y9lkDBcK8o3wJHVptrT8R7p/1U7UfjF0kqPUkakk2B0EbFWdagFg=
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 628 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 36002
+;; flags: qr rd ra ad cd ; qd: 1 an: 4 au: 0 ad: 1 
+;; QUESTIONS:
+;;	., type = DNSKEY, class = IN
+
+;; ANSWERS:
+.			87355	IN	DNSKEY	256 3 8 AwEAAe3fSrbLBy3LOS7pnxEUhvPZTE2H5dIGsI/UfruI/nOEvWWa/PSX2BFedBkEqOlYdjdNF2f+6lmfk2Od/xu0v5bVqxFE+/24v3hZSlWBxvXzPTAGHrbW/IJYEPqlzVOAS4XdUgHg0N7IbLywNHMvB+Yf+Nm6ctyXXFLV4WTNnzs7
+.			87355	IN	DNSKEY	256 3 8 AwEAAaPD7Y7XIi1MOEREJNTrRhyqsY3gff6JWzg+XCbqut1sbcbvqyssHw8DT1AkRaAC92pO8xuyq5QEgEPL1IHfABLwpwXI5gTj4gdwi86bpkmlWs9fRpnn4DPDCTdrnxIejJXgClHikLJF3u3CdpNCMijq4CKdQbMlRZ3avv+G7rh7
+.			87355	IN	DNSKEY	257 3 8 AwEAAagAIKlVZrpC6Ia7gEzahOR+9W29euxhJhVVLOyQbSEW0O8gcCjFFVQUTf6v58fLjwBd0YI0EzrAcQqBGCzh/RStIoO8g0NfnfL2MTJRkxoXbfDaUeVPQuYEhg37NZWAJQ9VnMVDxP/VHL496M/QZxkjf5/Efucp2gaDX6RS6CXpoY68LsvPVjR0ZSwzz1apAzvN9dlzEheX7ICJBBtuA6G3LQpzW5hOA2hzCTMjJPJ8LbqF6dsV6DoBQzgul0sGIcGOYl7OyQdXfZ57relSQageu+ipAdTTJ25AsRTAoub8ONGcLmqrAmRLKBP1dfwhYB4N7knNnulqQxA+Uk1ihz0=
+.			87355	IN	RRSIG	DNSKEY 8 0 172800 20150115235959 20150101000000 19036 . i8cAxD2pvQi1oAyvQxRpDfFlbqPzW+69QQEsDwE1eWOm5AtawO9U7lmsGps7sy/fVNvl1ljKBj4Djp9pb3U2FLogjiIlW0cDAkPmLlG9t+b/pjEfBNlhjANUVN06pvQVAfm+LcF26EaWT6FlISBqb6jSy4BHRa3Bdc4Sx7+pRSYSqVVvYxLkfAWsKPqGkvWhebJDndJJV9syXQXgZ+v/uJ+6XOS43xkAdeL8iBzIs/FlwMTfh3tVe3d0lb65IBBLlCzeQuetX+0Vu1YFcnD0mHc/wS2ZnAV5toAFmyVQBoY/XAZiZeaOkcROJ6Zmqezy7liwK7BqsYyAZntMhk8lbg==
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 883 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 16893
+;; flags: qr rd ra ad cd ; qd: 1 an: 2 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ch., type = DS, class = IN
+
+;; ANSWERS:
+ch.			955	IN	DS	46375 8 2 8F96646FC68BB7E4AF4C0750A6096FBC0D4ECDA3D3FA6DA06FDDB42EE50C6CF3
+ch.			955	IN	RRSIG	DS 8 1 86400 20150112170000 20150105160000 16665 . thY7xYWBBxiBjqbQIb9fAG4TmQgnziwM7q6P1T3/ITxmECdvOCQnnZA3uD7qmN8uM0HudsD7+y+zgD3rsH4RSTKdL4kHSI0OnCxToMTvklghEgFDezqIRm8NkWdI2H4Stwrj20nYKSpLQxPI2EE54gs18P3KyO8bAUYv8Qx73xU=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 238 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 52063
+;; flags: qr rd ra ad cd ; qd: 1 an: 4 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ch., type = DNSKEY, class = IN
+
+;; ANSWERS:
+ch.			956	IN	DNSKEY	256 3 8 AwEAAcSLdT0fEmcFmLpeUkAJoeVaHKiu+nbuc43fWlqaCRVf8t2HA4uWxOk0O5ci9nrFTc8nq8oa5fk5Cj7CHh4yrX9qUCfTdIWTyp8BDEdJpS+Dyb0u9wQuVj+nQMj4fLzdQf4TJs3/qxuiLr3nL1UUwlhhXeqSqGVb7p3mtB5HJ8ad
+ch.			956	IN	DNSKEY	256 3 8 AwEAAcsg0kY6fw1wzYMhSAKTy+Y2JzAst66P/1odp9NECJJHbU8f4nwziI3onoFSBV0ZiSZhY1aH5dhdDZ7BkrqhVXSrZPAz0CvzjIxmB1gSOf9DeZvjQvoy97HqYolxsf+B3QQv2RKBT67elF5+JisKg3/dQISelKn8LhabSoVrMlD1
+ch.			956	IN	DNSKEY	257 3 8 AwEAAb7GhhZ8IAy/AhwmSms5DeQK5ad09wIIplEpYoiAIYXPtJvT1ReFzyfTp/2YP+g/PWDwHPh4qKAHa9x0VgbIQcGAeNakmfkAdWEmCnca323/SAml3mwfaX62G7/uYWae5zh8QTxZKNd+K1yZ5x0IxnI31chSl5xymRbTEHYZDKwSIRFM3fTxUMt93WFaBVWELReYotJBr++rvAWdnlay5TPBTvheLBkaiqtgM4GP8HK07Y+86lsZnEsj5K3G1KTV5SPpa82rqYAwxG9VKbmSE/6/kBR5jJHjt1rRt5Oe7v18aEtw0YCEN4vxq+KuvMoNVqXUsE9LBwHJD+QNwi6wmB0=
+ch.			956	IN	RRSIG	DNSKEY 8 1 86400 20150127100909 20141212090909 46375 ch. bT8q0FWyeMH0SulNo6UdIIgZYNATwYsee2bikq2Gh339Bufma8eaqWIPYT3XKmxYPBFOw0bVl+kLZxTwbR1CFoCDXoP+qgQhh4mf9qkNiv2CDSc+0FE3FRREn+DAhYTUEuB58FPiPakFB8s8O7T+k2qhDae7jy4/y7Jl1lnjaBY8s7bzOUPhF0KKCNZmvoKwtL23ZdVeTSV1xM3jkiNnpzBKbcoSWECSGJVp1SE0BnRXdwQP41YTXFZ0310YjaTAUCC5qbMIWdEkHjfdSQtKBImnc85mkapq9w++XQ4zhauPWBtrPV3CcoCahjUaWdjrKVkibomlJZaN8MEO23CfQw==
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 893 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 54102
+;; flags: qr rd ra cd ; qd: 1 an: 3 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ingotronic.ch., type = DS, class = IN
+
+;; ANSWERS:
+ingotronic.ch.		3564	IN	DS	6031 5 1 733D0218B571CD617B1A7493564B9FC4F12ADE82
+ingotronic.ch.		3564	IN	DS	6031 5 2 4A948F2FDADA24686E473EDAC00DCF972584C75E3FAA92C2021B6221449FF87E
+ingotronic.ch.		3564	IN	RRSIG	DS 8 2 3600 20150129033614 20150105123019 60789 ch. rVPJP2HhzW7OkroK2axFj5Lb4iVWCH8Fp/Iq1rF952NDo72b8RiKje2RaAKJAGQ+wd0YgE+PAej04GCmkhlDJA/zvPeeTxuhy3HbJzReMlQ7fjyH+wW1hli+FuIYvogXWf7nO/9VyPORt8X/f/pjrOr3Vlj9sGLN8TGYpEuVSw4=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 288 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 52299
+;; flags: qr aa rd ra cd ; qd: 1 an: 4 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ingotronic.ch., type = DNSKEY, class = IN
+
+;; ANSWERS:
+ingotronic.ch.		300	IN	DNSKEY	256 3 5 AwEAAZ2Xh77GFzpEDx7EHYxShqltHgkiG+BOjBGifEmnJhQSdE5/yNSLFNcdhZZ8HUPxYnaedTqJcFFg4AzUsQklF/fECegTJdZjaj2WoL0/I8K7HMfY/hVuRZUWPNglYi8agJRX6gdkFTCpUNI7stpgKqxtzUJhhw15uG/lKMplwqUr
+ingotronic.ch.		300	IN	DNSKEY	257 3 5 AwEAAeA1vzmjaB+eBAcvhzpKEgAEFpvQ1rg4uKDW6MsQtacKoqBpgyep2+LuWotz5p/xYxj3NGsArwN8Ad5cY0FHRr8miTT0elOv6nvlqGIfRuhj/BXAQ1x4ihpSFslHw0lJMYFwxsUZWpUyjWX/nv1xRZMMwF46gui0N4OEbyTYusCk77D+A71k+K0EAitFIbIH4GCUKmH1H7HmXhSVH9bN/n7KEGwW32lmsuuUcJoRKDkcUvbMXY/9Xoa2quERrUg/rBbDUHowRPjYDS5GzY1+f4YY8s40BufGiqyUTKKXL953MVFK8gmezXA0hbmrnZ7CBOw/7238mORAdzExaX8n7CE=
+ingotronic.ch.		300	IN	RRSIG	DNSKEY 5 2 300 20150125003700 20141226001657 6031 ingotronic.ch. rs1QlP2SlSpA2ELbzwg3DgWLzXWL3Lpv6CUJE2Q0qH2Zp7Qdy3cD+ZEtNh9v24Qv1M6JJ3zFt8mmZoCeW2ycuMbJCqBkW9CBuwF+VznZvZY2MxwPipvhvEEGP//0M8YAZJ66yQPDv3PTdAP8FYbIrJyvY44vwyncwbslpfHT9jAsrbfr3vuMuWps86dnP462q+0s1TxBfqi8mzo3gdavjHKWVNwohLahLKT+tWeu6DSzQv0YwMjwtkLgF7QRgx3ctIIkloOrnx9nHH1N6y+hxEB89fOlyVDjHhgL5uVtsD5fEdT0FJ2Gc/2nShEMMqIwr1/J9kUq1mNySff/uEe65Q==
+ingotronic.ch.		300	IN	RRSIG	DNSKEY 5 2 300 20150125003700 20141226001657 17430 ingotronic.ch. mEwZjhQqeWksWD0TCnNBrtce4YkWJL3edqL6PvAUu8Fn+Ih437kEs3+pqdkgRsdYQ9HW+lBm/8pWwJlNAv0bi9NykItXMwAUFtncgq+6Pnh3iAM972GXSa5VV4LcGQ5b8CBdHCHiEKDqyPv5Hr5QfYL/FQaWlcNRh4QZZlZNPFA=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 940 bytes
+
+###############################################
+
diff --git a/src/test/resources/recordings/org_xbill_DNS_dnssec_TestDNames/testDNameInNsecIsUnderstood_Rfc6672_5_3_4_1 b/src/test/resources/recordings/org_xbill_DNS_dnssec_TestDNames/testDNameInNsecIsUnderstood_Rfc6672_5_3_4_1
new file mode 100644
index 000000000..d59718dc5
--- /dev/null
+++ b/src/test/resources/recordings/org_xbill_DNS_dnssec_TestDNames/testDNameInNsecIsUnderstood_Rfc6672_5_3_4_1
@@ -0,0 +1,215 @@
+#Date: 2015-01-06T22:35:17+01:00
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 54975
+;; flags: qr aa rd ra cd ; qd: 1 an: 0 au: 4 ad: 1 
+;; QUESTIONS:
+;;	alias.ingotronic.ch., type = NS, class = IN
+
+;; ANSWERS:
+
+;; AUTHORITY RECORDS:
+ingotronic.ch.		300	IN	SOA	ns1.ingotronic.ch. admin.ingotronic.ch. 2013032762 300 60 864000 300
+ingotronic.ch.		300	IN	RRSIG	SOA 5 2 300 20150125021244 20141226011244 17430 ingotronic.ch. WDLpp9G0P/rlMBfpFn9sAfpEFoBnQfwyGSXbGCc/LG1FSkJoKLDQYDY696scLNsJgkrzZeJrl0oSSvA8AvRUhYRrmuqWMxTVFgYlRwPwqEMCKUqiVhKGVF4NYemoBiUQC4nJwBZd57xKCiF4AQ4CodBtiZxefJFAlTNE0g2yxtM=
+alias.ingotronic.ch.	300	IN	NSEC	a.b.ingotronic.ch. DNAME RRSIG NSEC
+alias.ingotronic.ch.	300	IN	RRSIG	NSEC 5 3 300 20150125000532 20141225234703 17430 ingotronic.ch. mS+nh5skTxhOBdJlkwSGdrmhuA5FC9Am9emIhyIViET/1BoKotmbzLtfaBXAh2gRhcfDr+4OJJ6oyUcdMn/m4YG8NUsf4rAL92/YyxocUoF/oS8ZZv/BPXplCH5J4hsac+heElbPJ29v0kFVujErTaX/Ev0lYsUNI+9OmCrlQpk=
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 479 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 63210
+;; flags: qr rd ra ad cd ; qd: 1 an: 4 au: 0 ad: 1 
+;; QUESTIONS:
+;;	., type = DNSKEY, class = IN
+
+;; ANSWERS:
+.			87356	IN	DNSKEY	256 3 8 AwEAAaPD7Y7XIi1MOEREJNTrRhyqsY3gff6JWzg+XCbqut1sbcbvqyssHw8DT1AkRaAC92pO8xuyq5QEgEPL1IHfABLwpwXI5gTj4gdwi86bpkmlWs9fRpnn4DPDCTdrnxIejJXgClHikLJF3u3CdpNCMijq4CKdQbMlRZ3avv+G7rh7
+.			87356	IN	DNSKEY	257 3 8 AwEAAagAIKlVZrpC6Ia7gEzahOR+9W29euxhJhVVLOyQbSEW0O8gcCjFFVQUTf6v58fLjwBd0YI0EzrAcQqBGCzh/RStIoO8g0NfnfL2MTJRkxoXbfDaUeVPQuYEhg37NZWAJQ9VnMVDxP/VHL496M/QZxkjf5/Efucp2gaDX6RS6CXpoY68LsvPVjR0ZSwzz1apAzvN9dlzEheX7ICJBBtuA6G3LQpzW5hOA2hzCTMjJPJ8LbqF6dsV6DoBQzgul0sGIcGOYl7OyQdXfZ57relSQageu+ipAdTTJ25AsRTAoub8ONGcLmqrAmRLKBP1dfwhYB4N7knNnulqQxA+Uk1ihz0=
+.			87356	IN	DNSKEY	256 3 8 AwEAAe3fSrbLBy3LOS7pnxEUhvPZTE2H5dIGsI/UfruI/nOEvWWa/PSX2BFedBkEqOlYdjdNF2f+6lmfk2Od/xu0v5bVqxFE+/24v3hZSlWBxvXzPTAGHrbW/IJYEPqlzVOAS4XdUgHg0N7IbLywNHMvB+Yf+Nm6ctyXXFLV4WTNnzs7
+.			87356	IN	RRSIG	DNSKEY 8 0 172800 20150115235959 20150101000000 19036 . i8cAxD2pvQi1oAyvQxRpDfFlbqPzW+69QQEsDwE1eWOm5AtawO9U7lmsGps7sy/fVNvl1ljKBj4Djp9pb3U2FLogjiIlW0cDAkPmLlG9t+b/pjEfBNlhjANUVN06pvQVAfm+LcF26EaWT6FlISBqb6jSy4BHRa3Bdc4Sx7+pRSYSqVVvYxLkfAWsKPqGkvWhebJDndJJV9syXQXgZ+v/uJ+6XOS43xkAdeL8iBzIs/FlwMTfh3tVe3d0lb65IBBLlCzeQuetX+0Vu1YFcnD0mHc/wS2ZnAV5toAFmyVQBoY/XAZiZeaOkcROJ6Zmqezy7liwK7BqsYyAZntMhk8lbg==
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 883 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 43121
+;; flags: qr rd ra ad cd ; qd: 1 an: 2 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ch., type = DS, class = IN
+
+;; ANSWERS:
+ch.			956	IN	DS	46375 8 2 8F96646FC68BB7E4AF4C0750A6096FBC0D4ECDA3D3FA6DA06FDDB42EE50C6CF3
+ch.			956	IN	RRSIG	DS 8 1 86400 20150112170000 20150105160000 16665 . thY7xYWBBxiBjqbQIb9fAG4TmQgnziwM7q6P1T3/ITxmECdvOCQnnZA3uD7qmN8uM0HudsD7+y+zgD3rsH4RSTKdL4kHSI0OnCxToMTvklghEgFDezqIRm8NkWdI2H4Stwrj20nYKSpLQxPI2EE54gs18P3KyO8bAUYv8Qx73xU=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 238 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 13758
+;; flags: qr rd ra ad cd ; qd: 1 an: 4 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ch., type = DNSKEY, class = IN
+
+;; ANSWERS:
+ch.			957	IN	DNSKEY	257 3 8 AwEAAb7GhhZ8IAy/AhwmSms5DeQK5ad09wIIplEpYoiAIYXPtJvT1ReFzyfTp/2YP+g/PWDwHPh4qKAHa9x0VgbIQcGAeNakmfkAdWEmCnca323/SAml3mwfaX62G7/uYWae5zh8QTxZKNd+K1yZ5x0IxnI31chSl5xymRbTEHYZDKwSIRFM3fTxUMt93WFaBVWELReYotJBr++rvAWdnlay5TPBTvheLBkaiqtgM4GP8HK07Y+86lsZnEsj5K3G1KTV5SPpa82rqYAwxG9VKbmSE/6/kBR5jJHjt1rRt5Oe7v18aEtw0YCEN4vxq+KuvMoNVqXUsE9LBwHJD+QNwi6wmB0=
+ch.			957	IN	DNSKEY	256 3 8 AwEAAcsg0kY6fw1wzYMhSAKTy+Y2JzAst66P/1odp9NECJJHbU8f4nwziI3onoFSBV0ZiSZhY1aH5dhdDZ7BkrqhVXSrZPAz0CvzjIxmB1gSOf9DeZvjQvoy97HqYolxsf+B3QQv2RKBT67elF5+JisKg3/dQISelKn8LhabSoVrMlD1
+ch.			957	IN	DNSKEY	256 3 8 AwEAAcSLdT0fEmcFmLpeUkAJoeVaHKiu+nbuc43fWlqaCRVf8t2HA4uWxOk0O5ci9nrFTc8nq8oa5fk5Cj7CHh4yrX9qUCfTdIWTyp8BDEdJpS+Dyb0u9wQuVj+nQMj4fLzdQf4TJs3/qxuiLr3nL1UUwlhhXeqSqGVb7p3mtB5HJ8ad
+ch.			957	IN	RRSIG	DNSKEY 8 1 86400 20150127100909 20141212090909 46375 ch. bT8q0FWyeMH0SulNo6UdIIgZYNATwYsee2bikq2Gh339Bufma8eaqWIPYT3XKmxYPBFOw0bVl+kLZxTwbR1CFoCDXoP+qgQhh4mf9qkNiv2CDSc+0FE3FRREn+DAhYTUEuB58FPiPakFB8s8O7T+k2qhDae7jy4/y7Jl1lnjaBY8s7bzOUPhF0KKCNZmvoKwtL23ZdVeTSV1xM3jkiNnpzBKbcoSWECSGJVp1SE0BnRXdwQP41YTXFZ0310YjaTAUCC5qbMIWdEkHjfdSQtKBImnc85mkapq9w++XQ4zhauPWBtrPV3CcoCahjUaWdjrKVkibomlJZaN8MEO23CfQw==
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 893 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 49588
+;; flags: qr rd ra cd ; qd: 1 an: 3 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ingotronic.ch., type = DS, class = IN
+
+;; ANSWERS:
+ingotronic.ch.		3565	IN	DS	6031 5 2 4A948F2FDADA24686E473EDAC00DCF972584C75E3FAA92C2021B6221449FF87E
+ingotronic.ch.		3565	IN	DS	6031 5 1 733D0218B571CD617B1A7493564B9FC4F12ADE82
+ingotronic.ch.		3565	IN	RRSIG	DS 8 2 3600 20150129033614 20150105123019 60789 ch. rVPJP2HhzW7OkroK2axFj5Lb4iVWCH8Fp/Iq1rF952NDo72b8RiKje2RaAKJAGQ+wd0YgE+PAej04GCmkhlDJA/zvPeeTxuhy3HbJzReMlQ7fjyH+wW1hli+FuIYvogXWf7nO/9VyPORt8X/f/pjrOr3Vlj9sGLN8TGYpEuVSw4=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 288 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 2484
+;; flags: qr aa rd ra cd ; qd: 1 an: 4 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ingotronic.ch., type = DNSKEY, class = IN
+
+;; ANSWERS:
+ingotronic.ch.		300	IN	DNSKEY	257 3 5 AwEAAeA1vzmjaB+eBAcvhzpKEgAEFpvQ1rg4uKDW6MsQtacKoqBpgyep2+LuWotz5p/xYxj3NGsArwN8Ad5cY0FHRr8miTT0elOv6nvlqGIfRuhj/BXAQ1x4ihpSFslHw0lJMYFwxsUZWpUyjWX/nv1xRZMMwF46gui0N4OEbyTYusCk77D+A71k+K0EAitFIbIH4GCUKmH1H7HmXhSVH9bN/n7KEGwW32lmsuuUcJoRKDkcUvbMXY/9Xoa2quERrUg/rBbDUHowRPjYDS5GzY1+f4YY8s40BufGiqyUTKKXL953MVFK8gmezXA0hbmrnZ7CBOw/7238mORAdzExaX8n7CE=
+ingotronic.ch.		300	IN	DNSKEY	256 3 5 AwEAAZ2Xh77GFzpEDx7EHYxShqltHgkiG+BOjBGifEmnJhQSdE5/yNSLFNcdhZZ8HUPxYnaedTqJcFFg4AzUsQklF/fECegTJdZjaj2WoL0/I8K7HMfY/hVuRZUWPNglYi8agJRX6gdkFTCpUNI7stpgKqxtzUJhhw15uG/lKMplwqUr
+ingotronic.ch.		300	IN	RRSIG	DNSKEY 5 2 300 20150125003700 20141226001657 6031 ingotronic.ch. rs1QlP2SlSpA2ELbzwg3DgWLzXWL3Lpv6CUJE2Q0qH2Zp7Qdy3cD+ZEtNh9v24Qv1M6JJ3zFt8mmZoCeW2ycuMbJCqBkW9CBuwF+VznZvZY2MxwPipvhvEEGP//0M8YAZJ66yQPDv3PTdAP8FYbIrJyvY44vwyncwbslpfHT9jAsrbfr3vuMuWps86dnP462q+0s1TxBfqi8mzo3gdavjHKWVNwohLahLKT+tWeu6DSzQv0YwMjwtkLgF7QRgx3ctIIkloOrnx9nHH1N6y+hxEB89fOlyVDjHhgL5uVtsD5fEdT0FJ2Gc/2nShEMMqIwr1/J9kUq1mNySff/uEe65Q==
+ingotronic.ch.		300	IN	RRSIG	DNSKEY 5 2 300 20150125003700 20141226001657 17430 ingotronic.ch. mEwZjhQqeWksWD0TCnNBrtce4YkWJL3edqL6PvAUu8Fn+Ih437kEs3+pqdkgRsdYQ9HW+lBm/8pWwJlNAv0bi9NykItXMwAUFtncgq+6Pnh3iAM972GXSa5VV4LcGQ5b8CBdHCHiEKDqyPv5Hr5QfYL/FQaWlcNRh4QZZlZNPFA=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 940 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 34069
+;; flags: qr rd ra ad cd ; qd: 1 an: 4 au: 0 ad: 1 
+;; QUESTIONS:
+;;	., type = DNSKEY, class = IN
+
+;; ANSWERS:
+.			87356	IN	DNSKEY	256 3 8 AwEAAe3fSrbLBy3LOS7pnxEUhvPZTE2H5dIGsI/UfruI/nOEvWWa/PSX2BFedBkEqOlYdjdNF2f+6lmfk2Od/xu0v5bVqxFE+/24v3hZSlWBxvXzPTAGHrbW/IJYEPqlzVOAS4XdUgHg0N7IbLywNHMvB+Yf+Nm6ctyXXFLV4WTNnzs7
+.			87356	IN	DNSKEY	257 3 8 AwEAAagAIKlVZrpC6Ia7gEzahOR+9W29euxhJhVVLOyQbSEW0O8gcCjFFVQUTf6v58fLjwBd0YI0EzrAcQqBGCzh/RStIoO8g0NfnfL2MTJRkxoXbfDaUeVPQuYEhg37NZWAJQ9VnMVDxP/VHL496M/QZxkjf5/Efucp2gaDX6RS6CXpoY68LsvPVjR0ZSwzz1apAzvN9dlzEheX7ICJBBtuA6G3LQpzW5hOA2hzCTMjJPJ8LbqF6dsV6DoBQzgul0sGIcGOYl7OyQdXfZ57relSQageu+ipAdTTJ25AsRTAoub8ONGcLmqrAmRLKBP1dfwhYB4N7knNnulqQxA+Uk1ihz0=
+.			87356	IN	DNSKEY	256 3 8 AwEAAaPD7Y7XIi1MOEREJNTrRhyqsY3gff6JWzg+XCbqut1sbcbvqyssHw8DT1AkRaAC92pO8xuyq5QEgEPL1IHfABLwpwXI5gTj4gdwi86bpkmlWs9fRpnn4DPDCTdrnxIejJXgClHikLJF3u3CdpNCMijq4CKdQbMlRZ3avv+G7rh7
+.			87356	IN	RRSIG	DNSKEY 8 0 172800 20150115235959 20150101000000 19036 . i8cAxD2pvQi1oAyvQxRpDfFlbqPzW+69QQEsDwE1eWOm5AtawO9U7lmsGps7sy/fVNvl1ljKBj4Djp9pb3U2FLogjiIlW0cDAkPmLlG9t+b/pjEfBNlhjANUVN06pvQVAfm+LcF26EaWT6FlISBqb6jSy4BHRa3Bdc4Sx7+pRSYSqVVvYxLkfAWsKPqGkvWhebJDndJJV9syXQXgZ+v/uJ+6XOS43xkAdeL8iBzIs/FlwMTfh3tVe3d0lb65IBBLlCzeQuetX+0Vu1YFcnD0mHc/wS2ZnAV5toAFmyVQBoY/XAZiZeaOkcROJ6Zmqezy7liwK7BqsYyAZntMhk8lbg==
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 883 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 4828
+;; flags: qr rd ra ad cd ; qd: 1 an: 2 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ch., type = DS, class = IN
+
+;; ANSWERS:
+ch.			956	IN	DS	46375 8 2 8F96646FC68BB7E4AF4C0750A6096FBC0D4ECDA3D3FA6DA06FDDB42EE50C6CF3
+ch.			956	IN	RRSIG	DS 8 1 86400 20150112170000 20150105160000 16665 . thY7xYWBBxiBjqbQIb9fAG4TmQgnziwM7q6P1T3/ITxmECdvOCQnnZA3uD7qmN8uM0HudsD7+y+zgD3rsH4RSTKdL4kHSI0OnCxToMTvklghEgFDezqIRm8NkWdI2H4Stwrj20nYKSpLQxPI2EE54gs18P3KyO8bAUYv8Qx73xU=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 238 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 61240
+;; flags: qr rd ra ad cd ; qd: 1 an: 4 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ch., type = DNSKEY, class = IN
+
+;; ANSWERS:
+ch.			957	IN	DNSKEY	257 3 8 AwEAAb7GhhZ8IAy/AhwmSms5DeQK5ad09wIIplEpYoiAIYXPtJvT1ReFzyfTp/2YP+g/PWDwHPh4qKAHa9x0VgbIQcGAeNakmfkAdWEmCnca323/SAml3mwfaX62G7/uYWae5zh8QTxZKNd+K1yZ5x0IxnI31chSl5xymRbTEHYZDKwSIRFM3fTxUMt93WFaBVWELReYotJBr++rvAWdnlay5TPBTvheLBkaiqtgM4GP8HK07Y+86lsZnEsj5K3G1KTV5SPpa82rqYAwxG9VKbmSE/6/kBR5jJHjt1rRt5Oe7v18aEtw0YCEN4vxq+KuvMoNVqXUsE9LBwHJD+QNwi6wmB0=
+ch.			957	IN	DNSKEY	256 3 8 AwEAAcSLdT0fEmcFmLpeUkAJoeVaHKiu+nbuc43fWlqaCRVf8t2HA4uWxOk0O5ci9nrFTc8nq8oa5fk5Cj7CHh4yrX9qUCfTdIWTyp8BDEdJpS+Dyb0u9wQuVj+nQMj4fLzdQf4TJs3/qxuiLr3nL1UUwlhhXeqSqGVb7p3mtB5HJ8ad
+ch.			957	IN	DNSKEY	256 3 8 AwEAAcsg0kY6fw1wzYMhSAKTy+Y2JzAst66P/1odp9NECJJHbU8f4nwziI3onoFSBV0ZiSZhY1aH5dhdDZ7BkrqhVXSrZPAz0CvzjIxmB1gSOf9DeZvjQvoy97HqYolxsf+B3QQv2RKBT67elF5+JisKg3/dQISelKn8LhabSoVrMlD1
+ch.			957	IN	RRSIG	DNSKEY 8 1 86400 20150127100909 20141212090909 46375 ch. bT8q0FWyeMH0SulNo6UdIIgZYNATwYsee2bikq2Gh339Bufma8eaqWIPYT3XKmxYPBFOw0bVl+kLZxTwbR1CFoCDXoP+qgQhh4mf9qkNiv2CDSc+0FE3FRREn+DAhYTUEuB58FPiPakFB8s8O7T+k2qhDae7jy4/y7Jl1lnjaBY8s7bzOUPhF0KKCNZmvoKwtL23ZdVeTSV1xM3jkiNnpzBKbcoSWECSGJVp1SE0BnRXdwQP41YTXFZ0310YjaTAUCC5qbMIWdEkHjfdSQtKBImnc85mkapq9w++XQ4zhauPWBtrPV3CcoCahjUaWdjrKVkibomlJZaN8MEO23CfQw==
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 893 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 11851
+;; flags: qr rd ra cd ; qd: 1 an: 3 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ingotronic.ch., type = DS, class = IN
+
+;; ANSWERS:
+ingotronic.ch.		3564	IN	DS	6031 5 2 4A948F2FDADA24686E473EDAC00DCF972584C75E3FAA92C2021B6221449FF87E
+ingotronic.ch.		3564	IN	DS	6031 5 1 733D0218B571CD617B1A7493564B9FC4F12ADE82
+ingotronic.ch.		3564	IN	RRSIG	DS 8 2 3600 20150129033614 20150105123019 60789 ch. rVPJP2HhzW7OkroK2axFj5Lb4iVWCH8Fp/Iq1rF952NDo72b8RiKje2RaAKJAGQ+wd0YgE+PAej04GCmkhlDJA/zvPeeTxuhy3HbJzReMlQ7fjyH+wW1hli+FuIYvogXWf7nO/9VyPORt8X/f/pjrOr3Vlj9sGLN8TGYpEuVSw4=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 288 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 51177
+;; flags: qr aa rd ra cd ; qd: 1 an: 4 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ingotronic.ch., type = DNSKEY, class = IN
+
+;; ANSWERS:
+ingotronic.ch.		300	IN	DNSKEY	257 3 5 AwEAAeA1vzmjaB+eBAcvhzpKEgAEFpvQ1rg4uKDW6MsQtacKoqBpgyep2+LuWotz5p/xYxj3NGsArwN8Ad5cY0FHRr8miTT0elOv6nvlqGIfRuhj/BXAQ1x4ihpSFslHw0lJMYFwxsUZWpUyjWX/nv1xRZMMwF46gui0N4OEbyTYusCk77D+A71k+K0EAitFIbIH4GCUKmH1H7HmXhSVH9bN/n7KEGwW32lmsuuUcJoRKDkcUvbMXY/9Xoa2quERrUg/rBbDUHowRPjYDS5GzY1+f4YY8s40BufGiqyUTKKXL953MVFK8gmezXA0hbmrnZ7CBOw/7238mORAdzExaX8n7CE=
+ingotronic.ch.		300	IN	DNSKEY	256 3 5 AwEAAZ2Xh77GFzpEDx7EHYxShqltHgkiG+BOjBGifEmnJhQSdE5/yNSLFNcdhZZ8HUPxYnaedTqJcFFg4AzUsQklF/fECegTJdZjaj2WoL0/I8K7HMfY/hVuRZUWPNglYi8agJRX6gdkFTCpUNI7stpgKqxtzUJhhw15uG/lKMplwqUr
+ingotronic.ch.		300	IN	RRSIG	DNSKEY 5 2 300 20150125003700 20141226001657 6031 ingotronic.ch. rs1QlP2SlSpA2ELbzwg3DgWLzXWL3Lpv6CUJE2Q0qH2Zp7Qdy3cD+ZEtNh9v24Qv1M6JJ3zFt8mmZoCeW2ycuMbJCqBkW9CBuwF+VznZvZY2MxwPipvhvEEGP//0M8YAZJ66yQPDv3PTdAP8FYbIrJyvY44vwyncwbslpfHT9jAsrbfr3vuMuWps86dnP462q+0s1TxBfqi8mzo3gdavjHKWVNwohLahLKT+tWeu6DSzQv0YwMjwtkLgF7QRgx3ctIIkloOrnx9nHH1N6y+hxEB89fOlyVDjHhgL5uVtsD5fEdT0FJ2Gc/2nShEMMqIwr1/J9kUq1mNySff/uEe65Q==
+ingotronic.ch.		300	IN	RRSIG	DNSKEY 5 2 300 20150125003700 20141226001657 17430 ingotronic.ch. mEwZjhQqeWksWD0TCnNBrtce4YkWJL3edqL6PvAUu8Fn+Ih437kEs3+pqdkgRsdYQ9HW+lBm/8pWwJlNAv0bi9NykItXMwAUFtncgq+6Pnh3iAM972GXSa5VV4LcGQ5b8CBdHCHiEKDqyPv5Hr5QfYL/FQaWlcNRh4QZZlZNPFA=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 940 bytes
+
+###############################################
+
diff --git a/src/test/resources/recordings/org_xbill_DNS_dnssec_TestDNames/testDNameToExistingIsValid b/src/test/resources/recordings/org_xbill_DNS_dnssec_TestDNames/testDNameToExistingIsValid
new file mode 100644
index 000000000..cc278235e
--- /dev/null
+++ b/src/test/resources/recordings/org_xbill_DNS_dnssec_TestDNames/testDNameToExistingIsValid
@@ -0,0 +1,123 @@
+#Date: 2015-01-06T22:35:18+01:00
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 38821
+;; flags: qr aa rd ra cd ; qd: 1 an: 5 au: 2 ad: 3 
+;; QUESTIONS:
+;;	www.alias.ingotronic.ch., type = A, class = IN
+
+;; ANSWERS:
+alias.ingotronic.ch.	300	IN	DNAME	ingotronic.ch.
+alias.ingotronic.ch.	300	IN	RRSIG	DNAME 5 3 300 20150125000532 20141225234703 17430 ingotronic.ch. GzAO4/bVZ3twjJhR1z1uujUYNI35rtGJi3jlDY6kbwQcaZeiu8WSeln5L90FijEVFVsXsv5rVvOZXAiXk5FP5jZgGg/A6H1iN8nNsVNSzc8XNWBd+Wv4+x0aQKZvcAD++Pcn3EW3nCEcHNdvnqVsjXbtdTJOiPYrvm/iC3QduCI=
+www.alias.ingotronic.ch.	300	IN	CNAME	www.ingotronic.ch.
+www.ingotronic.ch.	300	IN	A	127.0.0.1
+www.ingotronic.ch.	300	IN	RRSIG	A 5 3 300 20150125012443 20141226010256 17430 ingotronic.ch. hkD2bkHZKHoJX8cg69j6l1JXE7iYlVFc0iMo3/3hcq4TqieiT2El/9DLfMSxa7XyB/HRDG5Ul61E56pwlCDdxkwemtAuTzjCpqAtvQ5l5OEtTM4i6nijKBkRRzHjh99qDI1jh9GFv3jkTk5m7iaMQemUB4VTjKGLcZHXvWmQLbg=
+
+;; AUTHORITY RECORDS:
+ingotronic.ch.		300	IN	NS	ns1.ingotronic.ch.
+ingotronic.ch.		300	IN	RRSIG	NS 5 2 300 20150125000532 20141225234703 17430 ingotronic.ch. VuzVJM3McSHlcdngCG/G23zCikq8tXE0CZV2ZSgUFXXFMIEoM6PMi1QRQ/8VF3tee4WGpRx2jhtkui0wFRFfwIhW7G1uPDT4qogaR3KLIyuCEsMxhRH3WJZNrLmLqlSBGvd9OBJwbmryqm3Zzqvrk+E+rh8OJeifnBBpHAX4eHg=
+
+;; ADDITIONAL RECORDS:
+ns1.ingotronic.ch.	300	IN	A	62.192.5.131
+ns1.ingotronic.ch.	300	IN	RRSIG	A 5 3 300 20150125005754 20141226001054 17430 ingotronic.ch. fNG1RZM53pXwBxruHNaSZszxVzNLoCq8VZsTjAzYH2vSLzHXYVGJFTLIeY0K9APAdyJU8WuwmABmn7XY0Kg39kRG77uoFlqUws2PdTz2QKOwJGZY7W88Ak2Y9lkDBcK8o3wJHVptrT8R7p/1U7UfjF0kqPUkakk2B0EbFWdagFg=
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 839 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 1484
+;; flags: qr rd ra ad cd ; qd: 1 an: 4 au: 0 ad: 1 
+;; QUESTIONS:
+;;	., type = DNSKEY, class = IN
+
+;; ANSWERS:
+.			87355	IN	DNSKEY	256 3 8 AwEAAe3fSrbLBy3LOS7pnxEUhvPZTE2H5dIGsI/UfruI/nOEvWWa/PSX2BFedBkEqOlYdjdNF2f+6lmfk2Od/xu0v5bVqxFE+/24v3hZSlWBxvXzPTAGHrbW/IJYEPqlzVOAS4XdUgHg0N7IbLywNHMvB+Yf+Nm6ctyXXFLV4WTNnzs7
+.			87355	IN	DNSKEY	257 3 8 AwEAAagAIKlVZrpC6Ia7gEzahOR+9W29euxhJhVVLOyQbSEW0O8gcCjFFVQUTf6v58fLjwBd0YI0EzrAcQqBGCzh/RStIoO8g0NfnfL2MTJRkxoXbfDaUeVPQuYEhg37NZWAJQ9VnMVDxP/VHL496M/QZxkjf5/Efucp2gaDX6RS6CXpoY68LsvPVjR0ZSwzz1apAzvN9dlzEheX7ICJBBtuA6G3LQpzW5hOA2hzCTMjJPJ8LbqF6dsV6DoBQzgul0sGIcGOYl7OyQdXfZ57relSQageu+ipAdTTJ25AsRTAoub8ONGcLmqrAmRLKBP1dfwhYB4N7knNnulqQxA+Uk1ihz0=
+.			87355	IN	DNSKEY	256 3 8 AwEAAaPD7Y7XIi1MOEREJNTrRhyqsY3gff6JWzg+XCbqut1sbcbvqyssHw8DT1AkRaAC92pO8xuyq5QEgEPL1IHfABLwpwXI5gTj4gdwi86bpkmlWs9fRpnn4DPDCTdrnxIejJXgClHikLJF3u3CdpNCMijq4CKdQbMlRZ3avv+G7rh7
+.			87355	IN	RRSIG	DNSKEY 8 0 172800 20150115235959 20150101000000 19036 . i8cAxD2pvQi1oAyvQxRpDfFlbqPzW+69QQEsDwE1eWOm5AtawO9U7lmsGps7sy/fVNvl1ljKBj4Djp9pb3U2FLogjiIlW0cDAkPmLlG9t+b/pjEfBNlhjANUVN06pvQVAfm+LcF26EaWT6FlISBqb6jSy4BHRa3Bdc4Sx7+pRSYSqVVvYxLkfAWsKPqGkvWhebJDndJJV9syXQXgZ+v/uJ+6XOS43xkAdeL8iBzIs/FlwMTfh3tVe3d0lb65IBBLlCzeQuetX+0Vu1YFcnD0mHc/wS2ZnAV5toAFmyVQBoY/XAZiZeaOkcROJ6Zmqezy7liwK7BqsYyAZntMhk8lbg==
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 883 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 32079
+;; flags: qr rd ra ad cd ; qd: 1 an: 2 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ch., type = DS, class = IN
+
+;; ANSWERS:
+ch.			955	IN	DS	46375 8 2 8F96646FC68BB7E4AF4C0750A6096FBC0D4ECDA3D3FA6DA06FDDB42EE50C6CF3
+ch.			955	IN	RRSIG	DS 8 1 86400 20150112170000 20150105160000 16665 . thY7xYWBBxiBjqbQIb9fAG4TmQgnziwM7q6P1T3/ITxmECdvOCQnnZA3uD7qmN8uM0HudsD7+y+zgD3rsH4RSTKdL4kHSI0OnCxToMTvklghEgFDezqIRm8NkWdI2H4Stwrj20nYKSpLQxPI2EE54gs18P3KyO8bAUYv8Qx73xU=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 238 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 20143
+;; flags: qr rd ra ad cd ; qd: 1 an: 4 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ch., type = DNSKEY, class = IN
+
+;; ANSWERS:
+ch.			956	IN	DNSKEY	257 3 8 AwEAAb7GhhZ8IAy/AhwmSms5DeQK5ad09wIIplEpYoiAIYXPtJvT1ReFzyfTp/2YP+g/PWDwHPh4qKAHa9x0VgbIQcGAeNakmfkAdWEmCnca323/SAml3mwfaX62G7/uYWae5zh8QTxZKNd+K1yZ5x0IxnI31chSl5xymRbTEHYZDKwSIRFM3fTxUMt93WFaBVWELReYotJBr++rvAWdnlay5TPBTvheLBkaiqtgM4GP8HK07Y+86lsZnEsj5K3G1KTV5SPpa82rqYAwxG9VKbmSE/6/kBR5jJHjt1rRt5Oe7v18aEtw0YCEN4vxq+KuvMoNVqXUsE9LBwHJD+QNwi6wmB0=
+ch.			956	IN	DNSKEY	256 3 8 AwEAAcSLdT0fEmcFmLpeUkAJoeVaHKiu+nbuc43fWlqaCRVf8t2HA4uWxOk0O5ci9nrFTc8nq8oa5fk5Cj7CHh4yrX9qUCfTdIWTyp8BDEdJpS+Dyb0u9wQuVj+nQMj4fLzdQf4TJs3/qxuiLr3nL1UUwlhhXeqSqGVb7p3mtB5HJ8ad
+ch.			956	IN	DNSKEY	256 3 8 AwEAAcsg0kY6fw1wzYMhSAKTy+Y2JzAst66P/1odp9NECJJHbU8f4nwziI3onoFSBV0ZiSZhY1aH5dhdDZ7BkrqhVXSrZPAz0CvzjIxmB1gSOf9DeZvjQvoy97HqYolxsf+B3QQv2RKBT67elF5+JisKg3/dQISelKn8LhabSoVrMlD1
+ch.			956	IN	RRSIG	DNSKEY 8 1 86400 20150127100909 20141212090909 46375 ch. bT8q0FWyeMH0SulNo6UdIIgZYNATwYsee2bikq2Gh339Bufma8eaqWIPYT3XKmxYPBFOw0bVl+kLZxTwbR1CFoCDXoP+qgQhh4mf9qkNiv2CDSc+0FE3FRREn+DAhYTUEuB58FPiPakFB8s8O7T+k2qhDae7jy4/y7Jl1lnjaBY8s7bzOUPhF0KKCNZmvoKwtL23ZdVeTSV1xM3jkiNnpzBKbcoSWECSGJVp1SE0BnRXdwQP41YTXFZ0310YjaTAUCC5qbMIWdEkHjfdSQtKBImnc85mkapq9w++XQ4zhauPWBtrPV3CcoCahjUaWdjrKVkibomlJZaN8MEO23CfQw==
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 893 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 47237
+;; flags: qr rd ra cd ; qd: 1 an: 3 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ingotronic.ch., type = DS, class = IN
+
+;; ANSWERS:
+ingotronic.ch.		3564	IN	DS	6031 5 1 733D0218B571CD617B1A7493564B9FC4F12ADE82
+ingotronic.ch.		3564	IN	DS	6031 5 2 4A948F2FDADA24686E473EDAC00DCF972584C75E3FAA92C2021B6221449FF87E
+ingotronic.ch.		3564	IN	RRSIG	DS 8 2 3600 20150129033614 20150105123019 60789 ch. rVPJP2HhzW7OkroK2axFj5Lb4iVWCH8Fp/Iq1rF952NDo72b8RiKje2RaAKJAGQ+wd0YgE+PAej04GCmkhlDJA/zvPeeTxuhy3HbJzReMlQ7fjyH+wW1hli+FuIYvogXWf7nO/9VyPORt8X/f/pjrOr3Vlj9sGLN8TGYpEuVSw4=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 288 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 23654
+;; flags: qr aa rd ra cd ; qd: 1 an: 4 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ingotronic.ch., type = DNSKEY, class = IN
+
+;; ANSWERS:
+ingotronic.ch.		300	IN	DNSKEY	257 3 5 AwEAAeA1vzmjaB+eBAcvhzpKEgAEFpvQ1rg4uKDW6MsQtacKoqBpgyep2+LuWotz5p/xYxj3NGsArwN8Ad5cY0FHRr8miTT0elOv6nvlqGIfRuhj/BXAQ1x4ihpSFslHw0lJMYFwxsUZWpUyjWX/nv1xRZMMwF46gui0N4OEbyTYusCk77D+A71k+K0EAitFIbIH4GCUKmH1H7HmXhSVH9bN/n7KEGwW32lmsuuUcJoRKDkcUvbMXY/9Xoa2quERrUg/rBbDUHowRPjYDS5GzY1+f4YY8s40BufGiqyUTKKXL953MVFK8gmezXA0hbmrnZ7CBOw/7238mORAdzExaX8n7CE=
+ingotronic.ch.		300	IN	DNSKEY	256 3 5 AwEAAZ2Xh77GFzpEDx7EHYxShqltHgkiG+BOjBGifEmnJhQSdE5/yNSLFNcdhZZ8HUPxYnaedTqJcFFg4AzUsQklF/fECegTJdZjaj2WoL0/I8K7HMfY/hVuRZUWPNglYi8agJRX6gdkFTCpUNI7stpgKqxtzUJhhw15uG/lKMplwqUr
+ingotronic.ch.		300	IN	RRSIG	DNSKEY 5 2 300 20150125003700 20141226001657 6031 ingotronic.ch. rs1QlP2SlSpA2ELbzwg3DgWLzXWL3Lpv6CUJE2Q0qH2Zp7Qdy3cD+ZEtNh9v24Qv1M6JJ3zFt8mmZoCeW2ycuMbJCqBkW9CBuwF+VznZvZY2MxwPipvhvEEGP//0M8YAZJ66yQPDv3PTdAP8FYbIrJyvY44vwyncwbslpfHT9jAsrbfr3vuMuWps86dnP462q+0s1TxBfqi8mzo3gdavjHKWVNwohLahLKT+tWeu6DSzQv0YwMjwtkLgF7QRgx3ctIIkloOrnx9nHH1N6y+hxEB89fOlyVDjHhgL5uVtsD5fEdT0FJ2Gc/2nShEMMqIwr1/J9kUq1mNySff/uEe65Q==
+ingotronic.ch.		300	IN	RRSIG	DNSKEY 5 2 300 20150125003700 20141226001657 17430 ingotronic.ch. mEwZjhQqeWksWD0TCnNBrtce4YkWJL3edqL6PvAUu8Fn+Ih437kEs3+pqdkgRsdYQ9HW+lBm/8pWwJlNAv0bi9NykItXMwAUFtncgq+6Pnh3iAM972GXSa5VV4LcGQ5b8CBdHCHiEKDqyPv5Hr5QfYL/FQaWlcNRh4QZZlZNPFA=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 940 bytes
+
+###############################################
+
diff --git a/src/test/resources/recordings/org_xbill_DNS_dnssec_TestDNames/testDNameToExternal b/src/test/resources/recordings/org_xbill_DNS_dnssec_TestDNames/testDNameToExternal
new file mode 100644
index 000000000..187ce6540
--- /dev/null
+++ b/src/test/resources/recordings/org_xbill_DNS_dnssec_TestDNames/testDNameToExternal
@@ -0,0 +1,235 @@
+#Date: 2015-01-06T22:35:19+01:00
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 47623
+;; flags: qr aa rd ra cd ; qd: 1 an: 5 au: 5 ad: 11 
+;; QUESTIONS:
+;;	www.isc.ingotronic.ch., type = A, class = IN
+
+;; ANSWERS:
+isc.ingotronic.ch.	300	IN	DNAME	isc.org.
+isc.ingotronic.ch.	300	IN	RRSIG	DNAME 5 3 300 20150125010136 20141226005030 17430 ingotronic.ch. Lq+1VhRumvgwRCg2inz0FZkNn28FaHbc2lfie4WJ6ScNxtvGmQwaVc7nGt5xcxQEZZc609yr+kEuYEHMckSiCoEY6jy7/qI9e2vGYe1UGzT2bbjWZ6j/v40kE7x/dWybFAcpaWJyi6x+Nx6n3EsNe30TqPLO9kGzuumYDHNnVMs=
+www.isc.ingotronic.ch.	300	IN	CNAME	www.isc.org.
+www.isc.org.		41	IN	A	149.20.64.69
+www.isc.org.		41	IN	RRSIG	A 5 3 60 20150204233244 20150105233244 4521 isc.org. qX9Fqzc+cUB7TUgdAPDQztt+3L7A2TxqVPTGZht3gKb1oBizum2zL3Le6lSO/DI2b526/n+l6gyT7ZtSL058wmEWhXeFlurPojBEBCWYLBkJ7OBLTqMSKzVNN1zpdUIs2RA8QqLOhSWeFkBw0bcJaDnRC2uKr0513aMVJfk5uA8=
+
+;; AUTHORITY RECORDS:
+isc.org.		1008	IN	NS	ns.isc.afilias-nst.info.
+isc.org.		1008	IN	NS	ord.sns-pb.isc.org.
+isc.org.		1008	IN	NS	sfba.sns-pb.isc.org.
+isc.org.		1008	IN	NS	ams.sns-pb.isc.org.
+isc.org.		1008	IN	RRSIG	NS 5 2 7200 20150204233244 20150105233244 4521 isc.org. Olb3QQHiezY6ysFepLUtePsgyVqXgECmLMROkbaAJT5ndTyoMHy4NaX/zFc63LtvzilrS59l9x719c4Pcm37zuEEdKB1IdjtxYKzKqmCzJZ5GuSZ6XgLO2DPWoF2ws+1BVPJL2myZdoBeEu+cUxCLTsETOloSl9Jz5livJ+Xbxo=
+
+;; ADDITIONAL RECORDS:
+ns.isc.afilias-nst.info.	1008	IN	A	199.254.63.254
+ns.isc.afilias-nst.info.	1008	IN	AAAA	2001:500:2c:0:0:0:0:254
+ams.sns-pb.isc.org.	1008	IN	A	199.6.1.30
+ams.sns-pb.isc.org.	1008	IN	AAAA	2001:500:60:0:0:0:0:30
+ord.sns-pb.isc.org.	1008	IN	A	199.6.0.30
+ord.sns-pb.isc.org.	1008	IN	AAAA	2001:500:71:0:0:0:0:30
+sfba.sns-pb.isc.org.	1008	IN	A	149.20.64.3
+sfba.sns-pb.isc.org.	1008	IN	AAAA	2001:4f8:0:2:0:0:0:19
+ams.sns-pb.isc.org.	7181	IN	RRSIG	A 5 4 7200 20150204233244 20150105233244 4521 isc.org. SEjuacdGLjteFKFrB0UTyTcEjEP/VtAKeNWD6DqXLA4839PAk17M1qzCf13uKBGwtb9e1xr3U/GDlIhspbSkSNOIWBzfkKiM8PXQ9kZZuYaPrrz2sz5CzzyzThkz4bq4BicQwKNi/aD/ljLaCIWZDXfZwJabo0Uz+G3QlIq18YE=
+ams.sns-pb.isc.org.	7181	IN	RRSIG	AAAA 5 4 7200 20150204233244 20150105233244 4521 isc.org. EGLJUSGvW1gxEUglZKYLS2NmlJsPNzZQFZSORxTKIXqgF+0A2fZpk+/vkGwxiwqkOsV5Tu7kXUFzC7fIWEI7VDn/L8XKLz575upoMoGvA3bAZ/7VWXjLSXbyTFrDTP9GKSA4knIRtrIsOY+dKieSwIGV6sykBYA8ONMpPcj0sCY=
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 1221 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 21621
+;; flags: qr rd ra ad cd ; qd: 1 an: 4 au: 0 ad: 1 
+;; QUESTIONS:
+;;	., type = DNSKEY, class = IN
+
+;; ANSWERS:
+.			87355	IN	DNSKEY	256 3 8 AwEAAe3fSrbLBy3LOS7pnxEUhvPZTE2H5dIGsI/UfruI/nOEvWWa/PSX2BFedBkEqOlYdjdNF2f+6lmfk2Od/xu0v5bVqxFE+/24v3hZSlWBxvXzPTAGHrbW/IJYEPqlzVOAS4XdUgHg0N7IbLywNHMvB+Yf+Nm6ctyXXFLV4WTNnzs7
+.			87355	IN	DNSKEY	257 3 8 AwEAAagAIKlVZrpC6Ia7gEzahOR+9W29euxhJhVVLOyQbSEW0O8gcCjFFVQUTf6v58fLjwBd0YI0EzrAcQqBGCzh/RStIoO8g0NfnfL2MTJRkxoXbfDaUeVPQuYEhg37NZWAJQ9VnMVDxP/VHL496M/QZxkjf5/Efucp2gaDX6RS6CXpoY68LsvPVjR0ZSwzz1apAzvN9dlzEheX7ICJBBtuA6G3LQpzW5hOA2hzCTMjJPJ8LbqF6dsV6DoBQzgul0sGIcGOYl7OyQdXfZ57relSQageu+ipAdTTJ25AsRTAoub8ONGcLmqrAmRLKBP1dfwhYB4N7knNnulqQxA+Uk1ihz0=
+.			87355	IN	DNSKEY	256 3 8 AwEAAaPD7Y7XIi1MOEREJNTrRhyqsY3gff6JWzg+XCbqut1sbcbvqyssHw8DT1AkRaAC92pO8xuyq5QEgEPL1IHfABLwpwXI5gTj4gdwi86bpkmlWs9fRpnn4DPDCTdrnxIejJXgClHikLJF3u3CdpNCMijq4CKdQbMlRZ3avv+G7rh7
+.			87355	IN	RRSIG	DNSKEY 8 0 172800 20150115235959 20150101000000 19036 . i8cAxD2pvQi1oAyvQxRpDfFlbqPzW+69QQEsDwE1eWOm5AtawO9U7lmsGps7sy/fVNvl1ljKBj4Djp9pb3U2FLogjiIlW0cDAkPmLlG9t+b/pjEfBNlhjANUVN06pvQVAfm+LcF26EaWT6FlISBqb6jSy4BHRa3Bdc4Sx7+pRSYSqVVvYxLkfAWsKPqGkvWhebJDndJJV9syXQXgZ+v/uJ+6XOS43xkAdeL8iBzIs/FlwMTfh3tVe3d0lb65IBBLlCzeQuetX+0Vu1YFcnD0mHc/wS2ZnAV5toAFmyVQBoY/XAZiZeaOkcROJ6Zmqezy7liwK7BqsYyAZntMhk8lbg==
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 883 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 41228
+;; flags: qr rd ra ad cd ; qd: 1 an: 2 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ch., type = DS, class = IN
+
+;; ANSWERS:
+ch.			955	IN	DS	46375 8 2 8F96646FC68BB7E4AF4C0750A6096FBC0D4ECDA3D3FA6DA06FDDB42EE50C6CF3
+ch.			955	IN	RRSIG	DS 8 1 86400 20150112170000 20150105160000 16665 . thY7xYWBBxiBjqbQIb9fAG4TmQgnziwM7q6P1T3/ITxmECdvOCQnnZA3uD7qmN8uM0HudsD7+y+zgD3rsH4RSTKdL4kHSI0OnCxToMTvklghEgFDezqIRm8NkWdI2H4Stwrj20nYKSpLQxPI2EE54gs18P3KyO8bAUYv8Qx73xU=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 238 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 25460
+;; flags: qr rd ra ad cd ; qd: 1 an: 4 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ch., type = DNSKEY, class = IN
+
+;; ANSWERS:
+ch.			955	IN	DNSKEY	257 3 8 AwEAAb7GhhZ8IAy/AhwmSms5DeQK5ad09wIIplEpYoiAIYXPtJvT1ReFzyfTp/2YP+g/PWDwHPh4qKAHa9x0VgbIQcGAeNakmfkAdWEmCnca323/SAml3mwfaX62G7/uYWae5zh8QTxZKNd+K1yZ5x0IxnI31chSl5xymRbTEHYZDKwSIRFM3fTxUMt93WFaBVWELReYotJBr++rvAWdnlay5TPBTvheLBkaiqtgM4GP8HK07Y+86lsZnEsj5K3G1KTV5SPpa82rqYAwxG9VKbmSE/6/kBR5jJHjt1rRt5Oe7v18aEtw0YCEN4vxq+KuvMoNVqXUsE9LBwHJD+QNwi6wmB0=
+ch.			955	IN	DNSKEY	256 3 8 AwEAAcsg0kY6fw1wzYMhSAKTy+Y2JzAst66P/1odp9NECJJHbU8f4nwziI3onoFSBV0ZiSZhY1aH5dhdDZ7BkrqhVXSrZPAz0CvzjIxmB1gSOf9DeZvjQvoy97HqYolxsf+B3QQv2RKBT67elF5+JisKg3/dQISelKn8LhabSoVrMlD1
+ch.			955	IN	DNSKEY	256 3 8 AwEAAcSLdT0fEmcFmLpeUkAJoeVaHKiu+nbuc43fWlqaCRVf8t2HA4uWxOk0O5ci9nrFTc8nq8oa5fk5Cj7CHh4yrX9qUCfTdIWTyp8BDEdJpS+Dyb0u9wQuVj+nQMj4fLzdQf4TJs3/qxuiLr3nL1UUwlhhXeqSqGVb7p3mtB5HJ8ad
+ch.			955	IN	RRSIG	DNSKEY 8 1 86400 20150127100909 20141212090909 46375 ch. bT8q0FWyeMH0SulNo6UdIIgZYNATwYsee2bikq2Gh339Bufma8eaqWIPYT3XKmxYPBFOw0bVl+kLZxTwbR1CFoCDXoP+qgQhh4mf9qkNiv2CDSc+0FE3FRREn+DAhYTUEuB58FPiPakFB8s8O7T+k2qhDae7jy4/y7Jl1lnjaBY8s7bzOUPhF0KKCNZmvoKwtL23ZdVeTSV1xM3jkiNnpzBKbcoSWECSGJVp1SE0BnRXdwQP41YTXFZ0310YjaTAUCC5qbMIWdEkHjfdSQtKBImnc85mkapq9w++XQ4zhauPWBtrPV3CcoCahjUaWdjrKVkibomlJZaN8MEO23CfQw==
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 893 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 29897
+;; flags: qr rd ra cd ; qd: 1 an: 3 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ingotronic.ch., type = DS, class = IN
+
+;; ANSWERS:
+ingotronic.ch.		3563	IN	DS	6031 5 1 733D0218B571CD617B1A7493564B9FC4F12ADE82
+ingotronic.ch.		3563	IN	DS	6031 5 2 4A948F2FDADA24686E473EDAC00DCF972584C75E3FAA92C2021B6221449FF87E
+ingotronic.ch.		3563	IN	RRSIG	DS 8 2 3600 20150129033614 20150105123019 60789 ch. rVPJP2HhzW7OkroK2axFj5Lb4iVWCH8Fp/Iq1rF952NDo72b8RiKje2RaAKJAGQ+wd0YgE+PAej04GCmkhlDJA/zvPeeTxuhy3HbJzReMlQ7fjyH+wW1hli+FuIYvogXWf7nO/9VyPORt8X/f/pjrOr3Vlj9sGLN8TGYpEuVSw4=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 288 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 46136
+;; flags: qr aa rd ra cd ; qd: 1 an: 4 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ingotronic.ch., type = DNSKEY, class = IN
+
+;; ANSWERS:
+ingotronic.ch.		300	IN	DNSKEY	257 3 5 AwEAAeA1vzmjaB+eBAcvhzpKEgAEFpvQ1rg4uKDW6MsQtacKoqBpgyep2+LuWotz5p/xYxj3NGsArwN8Ad5cY0FHRr8miTT0elOv6nvlqGIfRuhj/BXAQ1x4ihpSFslHw0lJMYFwxsUZWpUyjWX/nv1xRZMMwF46gui0N4OEbyTYusCk77D+A71k+K0EAitFIbIH4GCUKmH1H7HmXhSVH9bN/n7KEGwW32lmsuuUcJoRKDkcUvbMXY/9Xoa2quERrUg/rBbDUHowRPjYDS5GzY1+f4YY8s40BufGiqyUTKKXL953MVFK8gmezXA0hbmrnZ7CBOw/7238mORAdzExaX8n7CE=
+ingotronic.ch.		300	IN	DNSKEY	256 3 5 AwEAAZ2Xh77GFzpEDx7EHYxShqltHgkiG+BOjBGifEmnJhQSdE5/yNSLFNcdhZZ8HUPxYnaedTqJcFFg4AzUsQklF/fECegTJdZjaj2WoL0/I8K7HMfY/hVuRZUWPNglYi8agJRX6gdkFTCpUNI7stpgKqxtzUJhhw15uG/lKMplwqUr
+ingotronic.ch.		300	IN	RRSIG	DNSKEY 5 2 300 20150125003700 20141226001657 6031 ingotronic.ch. rs1QlP2SlSpA2ELbzwg3DgWLzXWL3Lpv6CUJE2Q0qH2Zp7Qdy3cD+ZEtNh9v24Qv1M6JJ3zFt8mmZoCeW2ycuMbJCqBkW9CBuwF+VznZvZY2MxwPipvhvEEGP//0M8YAZJ66yQPDv3PTdAP8FYbIrJyvY44vwyncwbslpfHT9jAsrbfr3vuMuWps86dnP462q+0s1TxBfqi8mzo3gdavjHKWVNwohLahLKT+tWeu6DSzQv0YwMjwtkLgF7QRgx3ctIIkloOrnx9nHH1N6y+hxEB89fOlyVDjHhgL5uVtsD5fEdT0FJ2Gc/2nShEMMqIwr1/J9kUq1mNySff/uEe65Q==
+ingotronic.ch.		300	IN	RRSIG	DNSKEY 5 2 300 20150125003700 20141226001657 17430 ingotronic.ch. mEwZjhQqeWksWD0TCnNBrtce4YkWJL3edqL6PvAUu8Fn+Ih437kEs3+pqdkgRsdYQ9HW+lBm/8pWwJlNAv0bi9NykItXMwAUFtncgq+6Pnh3iAM972GXSa5VV4LcGQ5b8CBdHCHiEKDqyPv5Hr5QfYL/FQaWlcNRh4QZZlZNPFA=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 940 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 50984
+;; flags: qr rd ra ad cd ; qd: 1 an: 4 au: 0 ad: 1 
+;; QUESTIONS:
+;;	., type = DNSKEY, class = IN
+
+;; ANSWERS:
+.			87354	IN	DNSKEY	256 3 8 AwEAAaPD7Y7XIi1MOEREJNTrRhyqsY3gff6JWzg+XCbqut1sbcbvqyssHw8DT1AkRaAC92pO8xuyq5QEgEPL1IHfABLwpwXI5gTj4gdwi86bpkmlWs9fRpnn4DPDCTdrnxIejJXgClHikLJF3u3CdpNCMijq4CKdQbMlRZ3avv+G7rh7
+.			87354	IN	DNSKEY	257 3 8 AwEAAagAIKlVZrpC6Ia7gEzahOR+9W29euxhJhVVLOyQbSEW0O8gcCjFFVQUTf6v58fLjwBd0YI0EzrAcQqBGCzh/RStIoO8g0NfnfL2MTJRkxoXbfDaUeVPQuYEhg37NZWAJQ9VnMVDxP/VHL496M/QZxkjf5/Efucp2gaDX6RS6CXpoY68LsvPVjR0ZSwzz1apAzvN9dlzEheX7ICJBBtuA6G3LQpzW5hOA2hzCTMjJPJ8LbqF6dsV6DoBQzgul0sGIcGOYl7OyQdXfZ57relSQageu+ipAdTTJ25AsRTAoub8ONGcLmqrAmRLKBP1dfwhYB4N7knNnulqQxA+Uk1ihz0=
+.			87354	IN	DNSKEY	256 3 8 AwEAAe3fSrbLBy3LOS7pnxEUhvPZTE2H5dIGsI/UfruI/nOEvWWa/PSX2BFedBkEqOlYdjdNF2f+6lmfk2Od/xu0v5bVqxFE+/24v3hZSlWBxvXzPTAGHrbW/IJYEPqlzVOAS4XdUgHg0N7IbLywNHMvB+Yf+Nm6ctyXXFLV4WTNnzs7
+.			87354	IN	RRSIG	DNSKEY 8 0 172800 20150115235959 20150101000000 19036 . i8cAxD2pvQi1oAyvQxRpDfFlbqPzW+69QQEsDwE1eWOm5AtawO9U7lmsGps7sy/fVNvl1ljKBj4Djp9pb3U2FLogjiIlW0cDAkPmLlG9t+b/pjEfBNlhjANUVN06pvQVAfm+LcF26EaWT6FlISBqb6jSy4BHRa3Bdc4Sx7+pRSYSqVVvYxLkfAWsKPqGkvWhebJDndJJV9syXQXgZ+v/uJ+6XOS43xkAdeL8iBzIs/FlwMTfh3tVe3d0lb65IBBLlCzeQuetX+0Vu1YFcnD0mHc/wS2ZnAV5toAFmyVQBoY/XAZiZeaOkcROJ6Zmqezy7liwK7BqsYyAZntMhk8lbg==
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 883 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 38781
+;; flags: qr rd ra cd ; qd: 1 an: 3 au: 0 ad: 1 
+;; QUESTIONS:
+;;	org., type = DS, class = IN
+
+;; ANSWERS:
+org.			1003	IN	DS	21366 7 2 96EEB2FFD9B00CD4694E78278B5EFDAB0A80446567B69F634DA078F0D90F01BA
+org.			1003	IN	DS	21366 7 1 E6C1716CFB6BDC84E84CE1AB5510DAC69173B5B2
+org.			1003	IN	RRSIG	DS 8 1 86400 20150112170000 20150105160000 16665 . TeNrVbBDgqdrbpdIweTad3yMLn+APxxlDpr717kqNgkOc8OxLFE/pFGzfSCYfc5hlMNB/nY1XhIJbWwvd26xOjwcB1rK3yo/Cfa5Pt4P+qV45QYW2JlatQVQPHtgMOf1KvUzXy4DlKzE5yHvHNGscfMOgIDeyWyDS8XwdrEIRR0=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 275 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 14080
+;; flags: qr rd ra cd ; qd: 1 an: 7 au: 0 ad: 1 
+;; QUESTIONS:
+;;	org., type = DNSKEY, class = IN
+
+;; ANSWERS:
+org.			879	IN	DNSKEY	256 3 7 AwEAAawm+6jDEf5ymhSAeQKaJrF0FTdqp4T0F1SE/KSFEcd/MUaBW0J8NyrJZXQJ0I3KpvXJSk3b0Z3X8StBpngUWOa9/iePG5WaR8Edj0JENd6Cy1R7WawrtYAfQ1AWnvGTbvf0rFa2GcMfhyNKeY8UO5TWKECE4AF4C+LlGe12TICh
+org.			879	IN	DNSKEY	257 3 7 AwEAAZTjbIO5kIpxWUtyXc8avsKyHIIZ+LjC2Dv8naO+Tz6X2fqzDC1bdq7HlZwtkaqTkMVVJ+8gE9FIreGJ4c8G1GdbjQgbP1OyYIG7OHTc4hv5T2NlyWr6k6QFz98Q4zwFIGTFVvwBhmrMDYsOTtXakK6QwHovA1+83BsUACxlidpwB0hQacbD6x+I2RCDzYuTzj64Jv0/9XsX6AYV3ebcgn4hL1jIR2eJYyXlrAoWxdzxcW//5yeL5RVWuhRxejmnSVnCuxkfS4AQ485KH2tpdbWcCopLJZs6tw8q3jWcpTGzdh/v3xdYfNpQNcPImFlxAun3BtORPA2r8ti6MNoJEHU=
+org.			879	IN	DNSKEY	256 3 7 AwEAAXTZXCkp3UaDofhKlicjaZR/XeMFVkRSXRZsYP9OBRFZB44675hHORNE+QAijMdWOQeQt1SUWGyeJ5SHPVirGVxt9wCCqOeMTx7WvImZAKuqUl9H5N3Wn6FRidaub7d76IjxKZbkAHhGSJSzRTuuHbyjtrJVGcJ18kZHELyIsqZ3
+org.			879	IN	DNSKEY	257 3 7 AwEAAYpYfj3aaRzzkxWQqMdl7YExY81NdYSv+qayuZDodnZ9IMh0bwMcYaVUdzNAbVeJ8gd6jq1sR3VvP/SR36mmGssbV4Udl5ORDtqiZP2TDNDHxEnKKTX+jWfytZeT7d3AbSzBKC0v7uZrM6M2eoJnl6id66rEUmQC2p9DrrDg9F6tXC9CD/zC7/y+BNNpiOdnM5DXk7HhZm7ra9E7ltL13h2mx7kEgU8e6npJlCoXjraIBgUDthYs48W/sdTDLu7N59rjCG+bpil+c8oZ9f7NR3qmSTpTP1m86RqUQnVErifrH8KjDqL+3wzUdF5ACkYwt1XhPVPU+wSIlzbaAQN49PU=
+org.			879	IN	RRSIG	DNSKEY 7 1 900 20150126170632 20150105160632 9795 org. b4jnXExJ1MgfUZffo8HVtxJ73qdbrustN+U6GBtgZLNEpdDgdpf9d4unRp/tqzDFoW0QuEoYOBatPCtpX3Re12/FQ+lWkfOAatcJMYMcW7kU2q86muY44W4p1BK/DxVb2zQHJ4AO7h22dH+TcM8J3WlGrlHYy/6k+emWPC7NpumCF3ctR/w26rAU4sv0lKuPvQSr9mOf3PyX29tz61lSfu4lAcymB6vh7B3D6TMkpHyobOAD67Ne59V1IgeeHXakURM8g0P0HMg87GT4GXwqo9+Aj7oWAq9D8iIIqelOLiijKys5jTzgdbOxM2vVn+l175xJybUzrJI0huJ9zKNCvg==
+org.			879	IN	RRSIG	DNSKEY 7 1 900 20150126170632 20150105160632 21366 org. Edm9U+AtUcNeh2NXrWaLbfNYSRJovpziT1YcCphKGmdluvZPQk6rQAv1Y+2JBhE9Xmb37cY07lr7XHHfYxLWyhrPkpaKCX4ogqhGRylamy5R8BptqvVFhMTRUUHnK4tHvfYXqbtKuh9H84giLWMQIE2ZzQC9UqTvAIrc4FVUVIuwrNR7k6N96yy68feZnH8wcY+/RkyxoxMhcbMxXnZl2V9XP7xUxwtkULQBL1fq7IHI4jmlNyrdLzZltEgMIgtTK5HpgKaDborfoAcGBYnXxiC5RkAwHH81LAlT/BbK9shiWAI+yDhakLsIpl5ajUcTcbRBtLBBMkY6+4nAnXlSfg==
+org.			879	IN	RRSIG	DNSKEY 7 1 900 20150126170632 20150105160632 53348 org. dAW5DYEjkxzfeM83ZCupwRh50L29jdR+dWkZYgt5GLDsYnyJDmRvjnHiHvJXVlHygvytafDMNK1MBlBODwHTBU/O7u7jLMbKvDU26bJpjm7cBJEtdUny3Bfckfr+VnxmT6UgmWLy1Cu8vuMOQS0t0fIMUs7fF2gJcD2bpcX85iY=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 1625 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 48402
+;; flags: qr rd ra cd ; qd: 1 an: 3 au: 0 ad: 1 
+;; QUESTIONS:
+;;	isc.org., type = DS, class = IN
+
+;; ANSWERS:
+isc.org.		1008	IN	DS	12892 5 2 F1E184C0E1D615D20EB3C223ACED3B03C773DD952D5F0EB5C777586DE18DA6B5
+isc.org.		1008	IN	DS	12892 5 1 982113D08B4C6A1D9F6AEE1E2237AEF69F3F9759
+isc.org.		1008	IN	RRSIG	DS 7 2 86400 20150122163315 20150101153315 53348 org. mpNwUFgIi/ahCYVkPlQuyJ+AY6BGiRaLD4cRwBIBNnaGVeR5vHNrGPrOX32mfS38tegrfNjJS4y3icwavPeubuZwGKIja8CBRGhzzFj6JZgydRJpJ+lkKws6+vDhjQ3A8+VerV0TNs8IWXSBa+Vl4Gv+0bX5NlM4RF/7Kyd7lJA=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 283 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 58766
+;; flags: qr rd ra cd ; qd: 1 an: 4 au: 0 ad: 1 
+;; QUESTIONS:
+;;	isc.org., type = DNSKEY, class = IN
+
+;; ANSWERS:
+isc.org.		7181	IN	DNSKEY	257 3 5 BEAAAAOhHQDBrhQbtphgq2wQUpEQ5t4DtUHxoMVFu2hWLDMvoOMRXjGrhhCeFvAZih7yJHf8ZGfW6hd38hXG/xylYCO6Krpbdojwx8YMXLA5/kA+u50WIL8ZR1R6KTbsYVMf/Qx5RiNbPClw+vT+U8eXEJmO20jIS1ULgqy347cBB1zMnnz/4LJpA0da9CbKj3A254T515sNIMcwsB8/2+2E63/zZrQzBkj0BrN/9Bexjpiks3jRhZatEsXn3dTy47R09Uix5WcJt+xzqZ7+ysyLKOOedS39Z7SDmsn2eA0FKtQpwA6LXeG2w+jxmw3oA8lVUgEf/rzeC/bByBNsO70aEFTd
+isc.org.		7181	IN	DNSKEY	256 3 5 AwEAAbJpDF4RemdHHE/HrJJhR3zpzAQ6zsHqFv0i4lCWTUf4sX+cq3vSu7fKO4QJtm97S1sbcnmHonVE3QPzLOsqsY630Wy5JzrPK3gUvQLgfIsovo2v+dosITL8WbvjU1mEXhIwfuuBhYmYSKySZ0X9gpHGhdxRd+J8M7riPfN7kHLP
+isc.org.		7181	IN	RRSIG	DNSKEY 5 2 7200 20150204230128 20150105230128 4521 isc.org. F7Lm/p8NrLlHT1rzV09lYxakAu7fGcY9sRnZ2uLlq9d3SpXIXGUuudPg61sd1GdqrRRKiRwfXvNsmvpNL2t8B1/k3gpNUT9V/+SBkI99PKNSkXijVToCebFkCIjqgyjPXkXXFB28E8ZhUDjjYp1LAVMGsfBEnaw7NeHg4MQ3v10=
+isc.org.		7181	IN	RRSIG	DNSKEY 5 2 7200 20150204230128 20150105230128 12892 isc.org. KFk6zXeVu/lULIjwpu5pzRonoksbZMC0Y0qr5K7SpzZK0P/pG4iEzDdSVHA8st+QxNxQ7O4aypeo2jxiJT61OfRzUhjKwopTPVRiiREDV7DFU/fEkgCYXWPlOP7w/An0NzIPc5OLxCDovQefKKgrJaA0hjrd+bTeINgLGdmra+b4FCgYusIZ9Cp+iNs/dByc6cGexce0a0JCyu/vBLnjzo0byjckZm/iiL4BPwtqlaV+NyXFgjucAoqegpSoUpAz1ozCNz9CcJ4yfA9HpWdiWLpYdO3hMt8kHJbk2DxJNkkLRdOP6ZES+3RBUgMgo0FnIYCrVC8QYYQGTO8f2cdfBw==
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 923 bytes
+
+###############################################
+
diff --git a/src/test/resources/recordings/org_xbill_DNS_dnssec_TestDNames/testDNameToNoDataIsValid b/src/test/resources/recordings/org_xbill_DNS_dnssec_TestDNames/testDNameToNoDataIsValid
new file mode 100644
index 000000000..15e91df4e
--- /dev/null
+++ b/src/test/resources/recordings/org_xbill_DNS_dnssec_TestDNames/testDNameToNoDataIsValid
@@ -0,0 +1,121 @@
+#Date: 2015-01-06T22:35:14+01:00
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 20564
+;; flags: qr aa rd ra cd ; qd: 1 an: 3 au: 4 ad: 1 
+;; QUESTIONS:
+;;	www.alias.ingotronic.ch., type = MX, class = IN
+
+;; ANSWERS:
+alias.ingotronic.ch.	300	IN	DNAME	ingotronic.ch.
+alias.ingotronic.ch.	300	IN	RRSIG	DNAME 5 3 300 20150125000532 20141225234703 17430 ingotronic.ch. GzAO4/bVZ3twjJhR1z1uujUYNI35rtGJi3jlDY6kbwQcaZeiu8WSeln5L90FijEVFVsXsv5rVvOZXAiXk5FP5jZgGg/A6H1iN8nNsVNSzc8XNWBd+Wv4+x0aQKZvcAD++Pcn3EW3nCEcHNdvnqVsjXbtdTJOiPYrvm/iC3QduCI=
+www.alias.ingotronic.ch.	300	IN	CNAME	www.ingotronic.ch.
+
+;; AUTHORITY RECORDS:
+ingotronic.ch.		300	IN	SOA	ns1.ingotronic.ch. admin.ingotronic.ch. 2013032762 300 60 864000 300
+ingotronic.ch.		300	IN	RRSIG	SOA 5 2 300 20150125021244 20141226011244 17430 ingotronic.ch. WDLpp9G0P/rlMBfpFn9sAfpEFoBnQfwyGSXbGCc/LG1FSkJoKLDQYDY696scLNsJgkrzZeJrl0oSSvA8AvRUhYRrmuqWMxTVFgYlRwPwqEMCKUqiVhKGVF4NYemoBiUQC4nJwBZd57xKCiF4AQ4CodBtiZxefJFAlTNE0g2yxtM=
+www.ingotronic.ch.	300	IN	NSEC	z.ingotronic.ch. A AAAA RRSIG NSEC
+www.ingotronic.ch.	300	IN	RRSIG	NSEC 5 3 300 20150125012443 20141226010256 17430 ingotronic.ch. fMbLmn92jrN7YeM4XWcq7/kKLiPB3Ll4yQSLiPRWQw79ZVeNJMkqEqdstEnnTyKu/hAId6YpvMKsJnIfCTVyoO75i6CaEKXOpvf9AT7TstEUj0YKjp4vWvcNs2F2144nrnqnaVFX8ZTxnUV50R+/AsqtKA+2/Tky6SlNhzeWVMI=
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 699 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 12186
+;; flags: qr rd ra ad cd ; qd: 1 an: 4 au: 0 ad: 1 
+;; QUESTIONS:
+;;	., type = DNSKEY, class = IN
+
+;; ANSWERS:
+.			87359	IN	DNSKEY	256 3 8 AwEAAaPD7Y7XIi1MOEREJNTrRhyqsY3gff6JWzg+XCbqut1sbcbvqyssHw8DT1AkRaAC92pO8xuyq5QEgEPL1IHfABLwpwXI5gTj4gdwi86bpkmlWs9fRpnn4DPDCTdrnxIejJXgClHikLJF3u3CdpNCMijq4CKdQbMlRZ3avv+G7rh7
+.			87359	IN	DNSKEY	257 3 8 AwEAAagAIKlVZrpC6Ia7gEzahOR+9W29euxhJhVVLOyQbSEW0O8gcCjFFVQUTf6v58fLjwBd0YI0EzrAcQqBGCzh/RStIoO8g0NfnfL2MTJRkxoXbfDaUeVPQuYEhg37NZWAJQ9VnMVDxP/VHL496M/QZxkjf5/Efucp2gaDX6RS6CXpoY68LsvPVjR0ZSwzz1apAzvN9dlzEheX7ICJBBtuA6G3LQpzW5hOA2hzCTMjJPJ8LbqF6dsV6DoBQzgul0sGIcGOYl7OyQdXfZ57relSQageu+ipAdTTJ25AsRTAoub8ONGcLmqrAmRLKBP1dfwhYB4N7knNnulqQxA+Uk1ihz0=
+.			87359	IN	DNSKEY	256 3 8 AwEAAe3fSrbLBy3LOS7pnxEUhvPZTE2H5dIGsI/UfruI/nOEvWWa/PSX2BFedBkEqOlYdjdNF2f+6lmfk2Od/xu0v5bVqxFE+/24v3hZSlWBxvXzPTAGHrbW/IJYEPqlzVOAS4XdUgHg0N7IbLywNHMvB+Yf+Nm6ctyXXFLV4WTNnzs7
+.			87359	IN	RRSIG	DNSKEY 8 0 172800 20150115235959 20150101000000 19036 . i8cAxD2pvQi1oAyvQxRpDfFlbqPzW+69QQEsDwE1eWOm5AtawO9U7lmsGps7sy/fVNvl1ljKBj4Djp9pb3U2FLogjiIlW0cDAkPmLlG9t+b/pjEfBNlhjANUVN06pvQVAfm+LcF26EaWT6FlISBqb6jSy4BHRa3Bdc4Sx7+pRSYSqVVvYxLkfAWsKPqGkvWhebJDndJJV9syXQXgZ+v/uJ+6XOS43xkAdeL8iBzIs/FlwMTfh3tVe3d0lb65IBBLlCzeQuetX+0Vu1YFcnD0mHc/wS2ZnAV5toAFmyVQBoY/XAZiZeaOkcROJ6Zmqezy7liwK7BqsYyAZntMhk8lbg==
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 883 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 60111
+;; flags: qr rd ra ad cd ; qd: 1 an: 2 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ch., type = DS, class = IN
+
+;; ANSWERS:
+ch.			959	IN	DS	46375 8 2 8F96646FC68BB7E4AF4C0750A6096FBC0D4ECDA3D3FA6DA06FDDB42EE50C6CF3
+ch.			959	IN	RRSIG	DS 8 1 86400 20150112170000 20150105160000 16665 . thY7xYWBBxiBjqbQIb9fAG4TmQgnziwM7q6P1T3/ITxmECdvOCQnnZA3uD7qmN8uM0HudsD7+y+zgD3rsH4RSTKdL4kHSI0OnCxToMTvklghEgFDezqIRm8NkWdI2H4Stwrj20nYKSpLQxPI2EE54gs18P3KyO8bAUYv8Qx73xU=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 238 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 24158
+;; flags: qr rd ra ad cd ; qd: 1 an: 4 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ch., type = DNSKEY, class = IN
+
+;; ANSWERS:
+ch.			960	IN	DNSKEY	256 3 8 AwEAAcSLdT0fEmcFmLpeUkAJoeVaHKiu+nbuc43fWlqaCRVf8t2HA4uWxOk0O5ci9nrFTc8nq8oa5fk5Cj7CHh4yrX9qUCfTdIWTyp8BDEdJpS+Dyb0u9wQuVj+nQMj4fLzdQf4TJs3/qxuiLr3nL1UUwlhhXeqSqGVb7p3mtB5HJ8ad
+ch.			960	IN	DNSKEY	256 3 8 AwEAAcsg0kY6fw1wzYMhSAKTy+Y2JzAst66P/1odp9NECJJHbU8f4nwziI3onoFSBV0ZiSZhY1aH5dhdDZ7BkrqhVXSrZPAz0CvzjIxmB1gSOf9DeZvjQvoy97HqYolxsf+B3QQv2RKBT67elF5+JisKg3/dQISelKn8LhabSoVrMlD1
+ch.			960	IN	DNSKEY	257 3 8 AwEAAb7GhhZ8IAy/AhwmSms5DeQK5ad09wIIplEpYoiAIYXPtJvT1ReFzyfTp/2YP+g/PWDwHPh4qKAHa9x0VgbIQcGAeNakmfkAdWEmCnca323/SAml3mwfaX62G7/uYWae5zh8QTxZKNd+K1yZ5x0IxnI31chSl5xymRbTEHYZDKwSIRFM3fTxUMt93WFaBVWELReYotJBr++rvAWdnlay5TPBTvheLBkaiqtgM4GP8HK07Y+86lsZnEsj5K3G1KTV5SPpa82rqYAwxG9VKbmSE/6/kBR5jJHjt1rRt5Oe7v18aEtw0YCEN4vxq+KuvMoNVqXUsE9LBwHJD+QNwi6wmB0=
+ch.			960	IN	RRSIG	DNSKEY 8 1 86400 20150127100909 20141212090909 46375 ch. bT8q0FWyeMH0SulNo6UdIIgZYNATwYsee2bikq2Gh339Bufma8eaqWIPYT3XKmxYPBFOw0bVl+kLZxTwbR1CFoCDXoP+qgQhh4mf9qkNiv2CDSc+0FE3FRREn+DAhYTUEuB58FPiPakFB8s8O7T+k2qhDae7jy4/y7Jl1lnjaBY8s7bzOUPhF0KKCNZmvoKwtL23ZdVeTSV1xM3jkiNnpzBKbcoSWECSGJVp1SE0BnRXdwQP41YTXFZ0310YjaTAUCC5qbMIWdEkHjfdSQtKBImnc85mkapq9w++XQ4zhauPWBtrPV3CcoCahjUaWdjrKVkibomlJZaN8MEO23CfQw==
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 893 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 19242
+;; flags: qr rd ra cd ; qd: 1 an: 3 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ingotronic.ch., type = DS, class = IN
+
+;; ANSWERS:
+ingotronic.ch.		3568	IN	DS	6031 5 1 733D0218B571CD617B1A7493564B9FC4F12ADE82
+ingotronic.ch.		3568	IN	DS	6031 5 2 4A948F2FDADA24686E473EDAC00DCF972584C75E3FAA92C2021B6221449FF87E
+ingotronic.ch.		3568	IN	RRSIG	DS 8 2 3600 20150129033614 20150105123019 60789 ch. rVPJP2HhzW7OkroK2axFj5Lb4iVWCH8Fp/Iq1rF952NDo72b8RiKje2RaAKJAGQ+wd0YgE+PAej04GCmkhlDJA/zvPeeTxuhy3HbJzReMlQ7fjyH+wW1hli+FuIYvogXWf7nO/9VyPORt8X/f/pjrOr3Vlj9sGLN8TGYpEuVSw4=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 288 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 60231
+;; flags: qr aa rd ra cd ; qd: 1 an: 4 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ingotronic.ch., type = DNSKEY, class = IN
+
+;; ANSWERS:
+ingotronic.ch.		300	IN	DNSKEY	257 3 5 AwEAAeA1vzmjaB+eBAcvhzpKEgAEFpvQ1rg4uKDW6MsQtacKoqBpgyep2+LuWotz5p/xYxj3NGsArwN8Ad5cY0FHRr8miTT0elOv6nvlqGIfRuhj/BXAQ1x4ihpSFslHw0lJMYFwxsUZWpUyjWX/nv1xRZMMwF46gui0N4OEbyTYusCk77D+A71k+K0EAitFIbIH4GCUKmH1H7HmXhSVH9bN/n7KEGwW32lmsuuUcJoRKDkcUvbMXY/9Xoa2quERrUg/rBbDUHowRPjYDS5GzY1+f4YY8s40BufGiqyUTKKXL953MVFK8gmezXA0hbmrnZ7CBOw/7238mORAdzExaX8n7CE=
+ingotronic.ch.		300	IN	DNSKEY	256 3 5 AwEAAZ2Xh77GFzpEDx7EHYxShqltHgkiG+BOjBGifEmnJhQSdE5/yNSLFNcdhZZ8HUPxYnaedTqJcFFg4AzUsQklF/fECegTJdZjaj2WoL0/I8K7HMfY/hVuRZUWPNglYi8agJRX6gdkFTCpUNI7stpgKqxtzUJhhw15uG/lKMplwqUr
+ingotronic.ch.		300	IN	RRSIG	DNSKEY 5 2 300 20150125003700 20141226001657 6031 ingotronic.ch. rs1QlP2SlSpA2ELbzwg3DgWLzXWL3Lpv6CUJE2Q0qH2Zp7Qdy3cD+ZEtNh9v24Qv1M6JJ3zFt8mmZoCeW2ycuMbJCqBkW9CBuwF+VznZvZY2MxwPipvhvEEGP//0M8YAZJ66yQPDv3PTdAP8FYbIrJyvY44vwyncwbslpfHT9jAsrbfr3vuMuWps86dnP462q+0s1TxBfqi8mzo3gdavjHKWVNwohLahLKT+tWeu6DSzQv0YwMjwtkLgF7QRgx3ctIIkloOrnx9nHH1N6y+hxEB89fOlyVDjHhgL5uVtsD5fEdT0FJ2Gc/2nShEMMqIwr1/J9kUq1mNySff/uEe65Q==
+ingotronic.ch.		300	IN	RRSIG	DNSKEY 5 2 300 20150125003700 20141226001657 17430 ingotronic.ch. mEwZjhQqeWksWD0TCnNBrtce4YkWJL3edqL6PvAUu8Fn+Ih437kEs3+pqdkgRsdYQ9HW+lBm/8pWwJlNAv0bi9NykItXMwAUFtncgq+6Pnh3iAM972GXSa5VV4LcGQ5b8CBdHCHiEKDqyPv5Hr5QfYL/FQaWlcNRh4QZZlZNPFA=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 940 bytes
+
+###############################################
+
diff --git a/src/test/resources/recordings/org_xbill_DNS_dnssec_TestDNames/testDNameToNxDomainIsValid b/src/test/resources/recordings/org_xbill_DNS_dnssec_TestDNames/testDNameToNxDomainIsValid
new file mode 100644
index 000000000..d6784a4f8
--- /dev/null
+++ b/src/test/resources/recordings/org_xbill_DNS_dnssec_TestDNames/testDNameToNxDomainIsValid
@@ -0,0 +1,123 @@
+#Date: 2015-01-06T22:35:15+01:00
+;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 49797
+;; flags: qr aa rd ra cd ; qd: 1 an: 3 au: 6 ad: 1 
+;; QUESTIONS:
+;;	x.alias.ingotronic.ch., type = A, class = IN
+
+;; ANSWERS:
+alias.ingotronic.ch.	300	IN	DNAME	ingotronic.ch.
+alias.ingotronic.ch.	300	IN	RRSIG	DNAME 5 3 300 20150125000532 20141225234703 17430 ingotronic.ch. GzAO4/bVZ3twjJhR1z1uujUYNI35rtGJi3jlDY6kbwQcaZeiu8WSeln5L90FijEVFVsXsv5rVvOZXAiXk5FP5jZgGg/A6H1iN8nNsVNSzc8XNWBd+Wv4+x0aQKZvcAD++Pcn3EW3nCEcHNdvnqVsjXbtdTJOiPYrvm/iC3QduCI=
+x.alias.ingotronic.ch.	300	IN	CNAME	x.ingotronic.ch.
+
+;; AUTHORITY RECORDS:
+ingotronic.ch.		300	IN	SOA	ns1.ingotronic.ch. admin.ingotronic.ch. 2013032762 300 60 864000 300
+ingotronic.ch.		300	IN	RRSIG	SOA 5 2 300 20150125021244 20141226011244 17430 ingotronic.ch. WDLpp9G0P/rlMBfpFn9sAfpEFoBnQfwyGSXbGCc/LG1FSkJoKLDQYDY696scLNsJgkrzZeJrl0oSSvA8AvRUhYRrmuqWMxTVFgYlRwPwqEMCKUqiVhKGVF4NYemoBiUQC4nJwBZd57xKCiF4AQ4CodBtiZxefJFAlTNE0g2yxtM=
+ingotronic.ch.		300	IN	NSEC	alias.ingotronic.ch. A NS SOA RRSIG NSEC DNSKEY
+ingotronic.ch.		300	IN	RRSIG	NSEC 5 2 300 20150125000532 20141225234703 17430 ingotronic.ch. en5BaZ6zWqEvoUFUDPm5g1pjz7THXBv/1kjKtV2tS+7xh0BtkLEzlA9n/H66ZZAX2EIh7vXj12xVJKOuEuM0o1mJwKsBaLQuTra60/zYAUIddwUOCzI3zzjiRFklPyHSnLkGoBODZcvehnsTzTPyBxkfoouleqpj7gN5jOSBL8M=
+www.ingotronic.ch.	300	IN	NSEC	z.ingotronic.ch. A AAAA RRSIG NSEC
+www.ingotronic.ch.	300	IN	RRSIG	NSEC 5 3 300 20150125012443 20141226010256 17430 ingotronic.ch. fMbLmn92jrN7YeM4XWcq7/kKLiPB3Ll4yQSLiPRWQw79ZVeNJMkqEqdstEnnTyKu/hAId6YpvMKsJnIfCTVyoO75i6CaEKXOpvf9AT7TstEUj0YKjp4vWvcNs2F2144nrnqnaVFX8ZTxnUV50R+/AsqtKA+2/Tky6SlNhzeWVMI=
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 914 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 64372
+;; flags: qr rd ra ad cd ; qd: 1 an: 4 au: 0 ad: 1 
+;; QUESTIONS:
+;;	., type = DNSKEY, class = IN
+
+;; ANSWERS:
+.			87358	IN	DNSKEY	256 3 8 AwEAAaPD7Y7XIi1MOEREJNTrRhyqsY3gff6JWzg+XCbqut1sbcbvqyssHw8DT1AkRaAC92pO8xuyq5QEgEPL1IHfABLwpwXI5gTj4gdwi86bpkmlWs9fRpnn4DPDCTdrnxIejJXgClHikLJF3u3CdpNCMijq4CKdQbMlRZ3avv+G7rh7
+.			87358	IN	DNSKEY	256 3 8 AwEAAe3fSrbLBy3LOS7pnxEUhvPZTE2H5dIGsI/UfruI/nOEvWWa/PSX2BFedBkEqOlYdjdNF2f+6lmfk2Od/xu0v5bVqxFE+/24v3hZSlWBxvXzPTAGHrbW/IJYEPqlzVOAS4XdUgHg0N7IbLywNHMvB+Yf+Nm6ctyXXFLV4WTNnzs7
+.			87358	IN	DNSKEY	257 3 8 AwEAAagAIKlVZrpC6Ia7gEzahOR+9W29euxhJhVVLOyQbSEW0O8gcCjFFVQUTf6v58fLjwBd0YI0EzrAcQqBGCzh/RStIoO8g0NfnfL2MTJRkxoXbfDaUeVPQuYEhg37NZWAJQ9VnMVDxP/VHL496M/QZxkjf5/Efucp2gaDX6RS6CXpoY68LsvPVjR0ZSwzz1apAzvN9dlzEheX7ICJBBtuA6G3LQpzW5hOA2hzCTMjJPJ8LbqF6dsV6DoBQzgul0sGIcGOYl7OyQdXfZ57relSQageu+ipAdTTJ25AsRTAoub8ONGcLmqrAmRLKBP1dfwhYB4N7knNnulqQxA+Uk1ihz0=
+.			87358	IN	RRSIG	DNSKEY 8 0 172800 20150115235959 20150101000000 19036 . i8cAxD2pvQi1oAyvQxRpDfFlbqPzW+69QQEsDwE1eWOm5AtawO9U7lmsGps7sy/fVNvl1ljKBj4Djp9pb3U2FLogjiIlW0cDAkPmLlG9t+b/pjEfBNlhjANUVN06pvQVAfm+LcF26EaWT6FlISBqb6jSy4BHRa3Bdc4Sx7+pRSYSqVVvYxLkfAWsKPqGkvWhebJDndJJV9syXQXgZ+v/uJ+6XOS43xkAdeL8iBzIs/FlwMTfh3tVe3d0lb65IBBLlCzeQuetX+0Vu1YFcnD0mHc/wS2ZnAV5toAFmyVQBoY/XAZiZeaOkcROJ6Zmqezy7liwK7BqsYyAZntMhk8lbg==
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 883 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 36440
+;; flags: qr rd ra ad cd ; qd: 1 an: 2 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ch., type = DS, class = IN
+
+;; ANSWERS:
+ch.			958	IN	DS	46375 8 2 8F96646FC68BB7E4AF4C0750A6096FBC0D4ECDA3D3FA6DA06FDDB42EE50C6CF3
+ch.			958	IN	RRSIG	DS 8 1 86400 20150112170000 20150105160000 16665 . thY7xYWBBxiBjqbQIb9fAG4TmQgnziwM7q6P1T3/ITxmECdvOCQnnZA3uD7qmN8uM0HudsD7+y+zgD3rsH4RSTKdL4kHSI0OnCxToMTvklghEgFDezqIRm8NkWdI2H4Stwrj20nYKSpLQxPI2EE54gs18P3KyO8bAUYv8Qx73xU=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 238 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 58358
+;; flags: qr rd ra ad cd ; qd: 1 an: 4 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ch., type = DNSKEY, class = IN
+
+;; ANSWERS:
+ch.			959	IN	DNSKEY	256 3 8 AwEAAcsg0kY6fw1wzYMhSAKTy+Y2JzAst66P/1odp9NECJJHbU8f4nwziI3onoFSBV0ZiSZhY1aH5dhdDZ7BkrqhVXSrZPAz0CvzjIxmB1gSOf9DeZvjQvoy97HqYolxsf+B3QQv2RKBT67elF5+JisKg3/dQISelKn8LhabSoVrMlD1
+ch.			959	IN	DNSKEY	256 3 8 AwEAAcSLdT0fEmcFmLpeUkAJoeVaHKiu+nbuc43fWlqaCRVf8t2HA4uWxOk0O5ci9nrFTc8nq8oa5fk5Cj7CHh4yrX9qUCfTdIWTyp8BDEdJpS+Dyb0u9wQuVj+nQMj4fLzdQf4TJs3/qxuiLr3nL1UUwlhhXeqSqGVb7p3mtB5HJ8ad
+ch.			959	IN	DNSKEY	257 3 8 AwEAAb7GhhZ8IAy/AhwmSms5DeQK5ad09wIIplEpYoiAIYXPtJvT1ReFzyfTp/2YP+g/PWDwHPh4qKAHa9x0VgbIQcGAeNakmfkAdWEmCnca323/SAml3mwfaX62G7/uYWae5zh8QTxZKNd+K1yZ5x0IxnI31chSl5xymRbTEHYZDKwSIRFM3fTxUMt93WFaBVWELReYotJBr++rvAWdnlay5TPBTvheLBkaiqtgM4GP8HK07Y+86lsZnEsj5K3G1KTV5SPpa82rqYAwxG9VKbmSE/6/kBR5jJHjt1rRt5Oe7v18aEtw0YCEN4vxq+KuvMoNVqXUsE9LBwHJD+QNwi6wmB0=
+ch.			959	IN	RRSIG	DNSKEY 8 1 86400 20150127100909 20141212090909 46375 ch. bT8q0FWyeMH0SulNo6UdIIgZYNATwYsee2bikq2Gh339Bufma8eaqWIPYT3XKmxYPBFOw0bVl+kLZxTwbR1CFoCDXoP+qgQhh4mf9qkNiv2CDSc+0FE3FRREn+DAhYTUEuB58FPiPakFB8s8O7T+k2qhDae7jy4/y7Jl1lnjaBY8s7bzOUPhF0KKCNZmvoKwtL23ZdVeTSV1xM3jkiNnpzBKbcoSWECSGJVp1SE0BnRXdwQP41YTXFZ0310YjaTAUCC5qbMIWdEkHjfdSQtKBImnc85mkapq9w++XQ4zhauPWBtrPV3CcoCahjUaWdjrKVkibomlJZaN8MEO23CfQw==
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 893 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 4469
+;; flags: qr rd ra cd ; qd: 1 an: 3 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ingotronic.ch., type = DS, class = IN
+
+;; ANSWERS:
+ingotronic.ch.		3567	IN	DS	6031 5 2 4A948F2FDADA24686E473EDAC00DCF972584C75E3FAA92C2021B6221449FF87E
+ingotronic.ch.		3567	IN	DS	6031 5 1 733D0218B571CD617B1A7493564B9FC4F12ADE82
+ingotronic.ch.		3567	IN	RRSIG	DS 8 2 3600 20150129033614 20150105123019 60789 ch. rVPJP2HhzW7OkroK2axFj5Lb4iVWCH8Fp/Iq1rF952NDo72b8RiKje2RaAKJAGQ+wd0YgE+PAej04GCmkhlDJA/zvPeeTxuhy3HbJzReMlQ7fjyH+wW1hli+FuIYvogXWf7nO/9VyPORt8X/f/pjrOr3Vlj9sGLN8TGYpEuVSw4=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 288 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 61514
+;; flags: qr aa rd ra cd ; qd: 1 an: 4 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ingotronic.ch., type = DNSKEY, class = IN
+
+;; ANSWERS:
+ingotronic.ch.		300	IN	DNSKEY	256 3 5 AwEAAZ2Xh77GFzpEDx7EHYxShqltHgkiG+BOjBGifEmnJhQSdE5/yNSLFNcdhZZ8HUPxYnaedTqJcFFg4AzUsQklF/fECegTJdZjaj2WoL0/I8K7HMfY/hVuRZUWPNglYi8agJRX6gdkFTCpUNI7stpgKqxtzUJhhw15uG/lKMplwqUr
+ingotronic.ch.		300	IN	DNSKEY	257 3 5 AwEAAeA1vzmjaB+eBAcvhzpKEgAEFpvQ1rg4uKDW6MsQtacKoqBpgyep2+LuWotz5p/xYxj3NGsArwN8Ad5cY0FHRr8miTT0elOv6nvlqGIfRuhj/BXAQ1x4ihpSFslHw0lJMYFwxsUZWpUyjWX/nv1xRZMMwF46gui0N4OEbyTYusCk77D+A71k+K0EAitFIbIH4GCUKmH1H7HmXhSVH9bN/n7KEGwW32lmsuuUcJoRKDkcUvbMXY/9Xoa2quERrUg/rBbDUHowRPjYDS5GzY1+f4YY8s40BufGiqyUTKKXL953MVFK8gmezXA0hbmrnZ7CBOw/7238mORAdzExaX8n7CE=
+ingotronic.ch.		300	IN	RRSIG	DNSKEY 5 2 300 20150125003700 20141226001657 6031 ingotronic.ch. rs1QlP2SlSpA2ELbzwg3DgWLzXWL3Lpv6CUJE2Q0qH2Zp7Qdy3cD+ZEtNh9v24Qv1M6JJ3zFt8mmZoCeW2ycuMbJCqBkW9CBuwF+VznZvZY2MxwPipvhvEEGP//0M8YAZJ66yQPDv3PTdAP8FYbIrJyvY44vwyncwbslpfHT9jAsrbfr3vuMuWps86dnP462q+0s1TxBfqi8mzo3gdavjHKWVNwohLahLKT+tWeu6DSzQv0YwMjwtkLgF7QRgx3ctIIkloOrnx9nHH1N6y+hxEB89fOlyVDjHhgL5uVtsD5fEdT0FJ2Gc/2nShEMMqIwr1/J9kUq1mNySff/uEe65Q==
+ingotronic.ch.		300	IN	RRSIG	DNSKEY 5 2 300 20150125003700 20141226001657 17430 ingotronic.ch. mEwZjhQqeWksWD0TCnNBrtce4YkWJL3edqL6PvAUu8Fn+Ih437kEs3+pqdkgRsdYQ9HW+lBm/8pWwJlNAv0bi9NykItXMwAUFtncgq+6Pnh3iAM972GXSa5VV4LcGQ5b8CBdHCHiEKDqyPv5Hr5QfYL/FQaWlcNRh4QZZlZNPFA=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 940 bytes
+
+###############################################
+
diff --git a/src/test/resources/recordings/org_xbill_DNS_dnssec_TestDNames/testDNameWithFakedCnameIsInvalid b/src/test/resources/recordings/org_xbill_DNS_dnssec_TestDNames/testDNameWithFakedCnameIsInvalid
new file mode 100644
index 000000000..040e37371
--- /dev/null
+++ b/src/test/resources/recordings/org_xbill_DNS_dnssec_TestDNames/testDNameWithFakedCnameIsInvalid
@@ -0,0 +1,220 @@
+#Date: 2015-01-06T22:35:15+01:00
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 59873
+;; flags: qr aa rd ra cd ; qd: 1 an: 5 au: 2 ad: 3 
+;; QUESTIONS:
+;;	www.alias.ingotronic.ch., type = A, class = IN
+
+;; ANSWERS:
+alias.ingotronic.ch.	300	IN	DNAME	ingotronic.ch.
+alias.ingotronic.ch.	300	IN	RRSIG	DNAME 5 3 300 20150125000532 20141225234703 17430 ingotronic.ch. GzAO4/bVZ3twjJhR1z1uujUYNI35rtGJi3jlDY6kbwQcaZeiu8WSeln5L90FijEVFVsXsv5rVvOZXAiXk5FP5jZgGg/A6H1iN8nNsVNSzc8XNWBd+Wv4+x0aQKZvcAD++Pcn3EW3nCEcHNdvnqVsjXbtdTJOiPYrvm/iC3QduCI=
+www.alias.ingotronic.ch.	300	IN	CNAME	www.ingotronic.ch.
+www.ingotronic.ch.	300	IN	A	127.0.0.1
+www.ingotronic.ch.	300	IN	RRSIG	A 5 3 300 20150125012443 20141226010256 17430 ingotronic.ch. hkD2bkHZKHoJX8cg69j6l1JXE7iYlVFc0iMo3/3hcq4TqieiT2El/9DLfMSxa7XyB/HRDG5Ul61E56pwlCDdxkwemtAuTzjCpqAtvQ5l5OEtTM4i6nijKBkRRzHjh99qDI1jh9GFv3jkTk5m7iaMQemUB4VTjKGLcZHXvWmQLbg=
+
+;; AUTHORITY RECORDS:
+ingotronic.ch.		300	IN	NS	ns1.ingotronic.ch.
+ingotronic.ch.		300	IN	RRSIG	NS 5 2 300 20150125000532 20141225234703 17430 ingotronic.ch. VuzVJM3McSHlcdngCG/G23zCikq8tXE0CZV2ZSgUFXXFMIEoM6PMi1QRQ/8VF3tee4WGpRx2jhtkui0wFRFfwIhW7G1uPDT4qogaR3KLIyuCEsMxhRH3WJZNrLmLqlSBGvd9OBJwbmryqm3Zzqvrk+E+rh8OJeifnBBpHAX4eHg=
+
+;; ADDITIONAL RECORDS:
+ns1.ingotronic.ch.	300	IN	A	62.192.5.131
+ns1.ingotronic.ch.	300	IN	RRSIG	A 5 3 300 20150125005754 20141226001054 17430 ingotronic.ch. fNG1RZM53pXwBxruHNaSZszxVzNLoCq8VZsTjAzYH2vSLzHXYVGJFTLIeY0K9APAdyJU8WuwmABmn7XY0Kg39kRG77uoFlqUws2PdTz2QKOwJGZY7W88Ak2Y9lkDBcK8o3wJHVptrT8R7p/1U7UfjF0kqPUkakk2B0EbFWdagFg=
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 839 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 32717
+;; flags: qr rd ra ad cd ; qd: 1 an: 4 au: 0 ad: 1 
+;; QUESTIONS:
+;;	., type = DNSKEY, class = IN
+
+;; ANSWERS:
+.			87358	IN	DNSKEY	256 3 8 AwEAAe3fSrbLBy3LOS7pnxEUhvPZTE2H5dIGsI/UfruI/nOEvWWa/PSX2BFedBkEqOlYdjdNF2f+6lmfk2Od/xu0v5bVqxFE+/24v3hZSlWBxvXzPTAGHrbW/IJYEPqlzVOAS4XdUgHg0N7IbLywNHMvB+Yf+Nm6ctyXXFLV4WTNnzs7
+.			87358	IN	DNSKEY	256 3 8 AwEAAaPD7Y7XIi1MOEREJNTrRhyqsY3gff6JWzg+XCbqut1sbcbvqyssHw8DT1AkRaAC92pO8xuyq5QEgEPL1IHfABLwpwXI5gTj4gdwi86bpkmlWs9fRpnn4DPDCTdrnxIejJXgClHikLJF3u3CdpNCMijq4CKdQbMlRZ3avv+G7rh7
+.			87358	IN	DNSKEY	257 3 8 AwEAAagAIKlVZrpC6Ia7gEzahOR+9W29euxhJhVVLOyQbSEW0O8gcCjFFVQUTf6v58fLjwBd0YI0EzrAcQqBGCzh/RStIoO8g0NfnfL2MTJRkxoXbfDaUeVPQuYEhg37NZWAJQ9VnMVDxP/VHL496M/QZxkjf5/Efucp2gaDX6RS6CXpoY68LsvPVjR0ZSwzz1apAzvN9dlzEheX7ICJBBtuA6G3LQpzW5hOA2hzCTMjJPJ8LbqF6dsV6DoBQzgul0sGIcGOYl7OyQdXfZ57relSQageu+ipAdTTJ25AsRTAoub8ONGcLmqrAmRLKBP1dfwhYB4N7knNnulqQxA+Uk1ihz0=
+.			87358	IN	RRSIG	DNSKEY 8 0 172800 20150115235959 20150101000000 19036 . i8cAxD2pvQi1oAyvQxRpDfFlbqPzW+69QQEsDwE1eWOm5AtawO9U7lmsGps7sy/fVNvl1ljKBj4Djp9pb3U2FLogjiIlW0cDAkPmLlG9t+b/pjEfBNlhjANUVN06pvQVAfm+LcF26EaWT6FlISBqb6jSy4BHRa3Bdc4Sx7+pRSYSqVVvYxLkfAWsKPqGkvWhebJDndJJV9syXQXgZ+v/uJ+6XOS43xkAdeL8iBzIs/FlwMTfh3tVe3d0lb65IBBLlCzeQuetX+0Vu1YFcnD0mHc/wS2ZnAV5toAFmyVQBoY/XAZiZeaOkcROJ6Zmqezy7liwK7BqsYyAZntMhk8lbg==
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 883 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 22278
+;; flags: qr rd ra ad cd ; qd: 1 an: 2 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ch., type = DS, class = IN
+
+;; ANSWERS:
+ch.			958	IN	DS	46375 8 2 8F96646FC68BB7E4AF4C0750A6096FBC0D4ECDA3D3FA6DA06FDDB42EE50C6CF3
+ch.			958	IN	RRSIG	DS 8 1 86400 20150112170000 20150105160000 16665 . thY7xYWBBxiBjqbQIb9fAG4TmQgnziwM7q6P1T3/ITxmECdvOCQnnZA3uD7qmN8uM0HudsD7+y+zgD3rsH4RSTKdL4kHSI0OnCxToMTvklghEgFDezqIRm8NkWdI2H4Stwrj20nYKSpLQxPI2EE54gs18P3KyO8bAUYv8Qx73xU=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 238 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 39399
+;; flags: qr rd ra ad cd ; qd: 1 an: 4 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ch., type = DNSKEY, class = IN
+
+;; ANSWERS:
+ch.			959	IN	DNSKEY	256 3 8 AwEAAcSLdT0fEmcFmLpeUkAJoeVaHKiu+nbuc43fWlqaCRVf8t2HA4uWxOk0O5ci9nrFTc8nq8oa5fk5Cj7CHh4yrX9qUCfTdIWTyp8BDEdJpS+Dyb0u9wQuVj+nQMj4fLzdQf4TJs3/qxuiLr3nL1UUwlhhXeqSqGVb7p3mtB5HJ8ad
+ch.			959	IN	DNSKEY	257 3 8 AwEAAb7GhhZ8IAy/AhwmSms5DeQK5ad09wIIplEpYoiAIYXPtJvT1ReFzyfTp/2YP+g/PWDwHPh4qKAHa9x0VgbIQcGAeNakmfkAdWEmCnca323/SAml3mwfaX62G7/uYWae5zh8QTxZKNd+K1yZ5x0IxnI31chSl5xymRbTEHYZDKwSIRFM3fTxUMt93WFaBVWELReYotJBr++rvAWdnlay5TPBTvheLBkaiqtgM4GP8HK07Y+86lsZnEsj5K3G1KTV5SPpa82rqYAwxG9VKbmSE/6/kBR5jJHjt1rRt5Oe7v18aEtw0YCEN4vxq+KuvMoNVqXUsE9LBwHJD+QNwi6wmB0=
+ch.			959	IN	DNSKEY	256 3 8 AwEAAcsg0kY6fw1wzYMhSAKTy+Y2JzAst66P/1odp9NECJJHbU8f4nwziI3onoFSBV0ZiSZhY1aH5dhdDZ7BkrqhVXSrZPAz0CvzjIxmB1gSOf9DeZvjQvoy97HqYolxsf+B3QQv2RKBT67elF5+JisKg3/dQISelKn8LhabSoVrMlD1
+ch.			959	IN	RRSIG	DNSKEY 8 1 86400 20150127100909 20141212090909 46375 ch. bT8q0FWyeMH0SulNo6UdIIgZYNATwYsee2bikq2Gh339Bufma8eaqWIPYT3XKmxYPBFOw0bVl+kLZxTwbR1CFoCDXoP+qgQhh4mf9qkNiv2CDSc+0FE3FRREn+DAhYTUEuB58FPiPakFB8s8O7T+k2qhDae7jy4/y7Jl1lnjaBY8s7bzOUPhF0KKCNZmvoKwtL23ZdVeTSV1xM3jkiNnpzBKbcoSWECSGJVp1SE0BnRXdwQP41YTXFZ0310YjaTAUCC5qbMIWdEkHjfdSQtKBImnc85mkapq9w++XQ4zhauPWBtrPV3CcoCahjUaWdjrKVkibomlJZaN8MEO23CfQw==
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 893 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 30642
+;; flags: qr rd ra cd ; qd: 1 an: 3 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ingotronic.ch., type = DS, class = IN
+
+;; ANSWERS:
+ingotronic.ch.		3567	IN	DS	6031 5 2 4A948F2FDADA24686E473EDAC00DCF972584C75E3FAA92C2021B6221449FF87E
+ingotronic.ch.		3567	IN	DS	6031 5 1 733D0218B571CD617B1A7493564B9FC4F12ADE82
+ingotronic.ch.		3567	IN	RRSIG	DS 8 2 3600 20150129033614 20150105123019 60789 ch. rVPJP2HhzW7OkroK2axFj5Lb4iVWCH8Fp/Iq1rF952NDo72b8RiKje2RaAKJAGQ+wd0YgE+PAej04GCmkhlDJA/zvPeeTxuhy3HbJzReMlQ7fjyH+wW1hli+FuIYvogXWf7nO/9VyPORt8X/f/pjrOr3Vlj9sGLN8TGYpEuVSw4=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 288 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 634
+;; flags: qr aa rd ra cd ; qd: 1 an: 4 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ingotronic.ch., type = DNSKEY, class = IN
+
+;; ANSWERS:
+ingotronic.ch.		300	IN	DNSKEY	256 3 5 AwEAAZ2Xh77GFzpEDx7EHYxShqltHgkiG+BOjBGifEmnJhQSdE5/yNSLFNcdhZZ8HUPxYnaedTqJcFFg4AzUsQklF/fECegTJdZjaj2WoL0/I8K7HMfY/hVuRZUWPNglYi8agJRX6gdkFTCpUNI7stpgKqxtzUJhhw15uG/lKMplwqUr
+ingotronic.ch.		300	IN	DNSKEY	257 3 5 AwEAAeA1vzmjaB+eBAcvhzpKEgAEFpvQ1rg4uKDW6MsQtacKoqBpgyep2+LuWotz5p/xYxj3NGsArwN8Ad5cY0FHRr8miTT0elOv6nvlqGIfRuhj/BXAQ1x4ihpSFslHw0lJMYFwxsUZWpUyjWX/nv1xRZMMwF46gui0N4OEbyTYusCk77D+A71k+K0EAitFIbIH4GCUKmH1H7HmXhSVH9bN/n7KEGwW32lmsuuUcJoRKDkcUvbMXY/9Xoa2quERrUg/rBbDUHowRPjYDS5GzY1+f4YY8s40BufGiqyUTKKXL953MVFK8gmezXA0hbmrnZ7CBOw/7238mORAdzExaX8n7CE=
+ingotronic.ch.		300	IN	RRSIG	DNSKEY 5 2 300 20150125003700 20141226001657 6031 ingotronic.ch. rs1QlP2SlSpA2ELbzwg3DgWLzXWL3Lpv6CUJE2Q0qH2Zp7Qdy3cD+ZEtNh9v24Qv1M6JJ3zFt8mmZoCeW2ycuMbJCqBkW9CBuwF+VznZvZY2MxwPipvhvEEGP//0M8YAZJ66yQPDv3PTdAP8FYbIrJyvY44vwyncwbslpfHT9jAsrbfr3vuMuWps86dnP462q+0s1TxBfqi8mzo3gdavjHKWVNwohLahLKT+tWeu6DSzQv0YwMjwtkLgF7QRgx3ctIIkloOrnx9nHH1N6y+hxEB89fOlyVDjHhgL5uVtsD5fEdT0FJ2Gc/2nShEMMqIwr1/J9kUq1mNySff/uEe65Q==
+ingotronic.ch.		300	IN	RRSIG	DNSKEY 5 2 300 20150125003700 20141226001657 17430 ingotronic.ch. mEwZjhQqeWksWD0TCnNBrtce4YkWJL3edqL6PvAUu8Fn+Ih437kEs3+pqdkgRsdYQ9HW+lBm/8pWwJlNAv0bi9NykItXMwAUFtncgq+6Pnh3iAM972GXSa5VV4LcGQ5b8CBdHCHiEKDqyPv5Hr5QfYL/FQaWlcNRh4QZZlZNPFA=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 940 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 21603
+;; flags: qr rd ra ad cd ; qd: 1 an: 4 au: 0 ad: 1 
+;; QUESTIONS:
+;;	., type = DNSKEY, class = IN
+
+;; ANSWERS:
+.			87358	IN	DNSKEY	256 3 8 AwEAAaPD7Y7XIi1MOEREJNTrRhyqsY3gff6JWzg+XCbqut1sbcbvqyssHw8DT1AkRaAC92pO8xuyq5QEgEPL1IHfABLwpwXI5gTj4gdwi86bpkmlWs9fRpnn4DPDCTdrnxIejJXgClHikLJF3u3CdpNCMijq4CKdQbMlRZ3avv+G7rh7
+.			87358	IN	DNSKEY	256 3 8 AwEAAe3fSrbLBy3LOS7pnxEUhvPZTE2H5dIGsI/UfruI/nOEvWWa/PSX2BFedBkEqOlYdjdNF2f+6lmfk2Od/xu0v5bVqxFE+/24v3hZSlWBxvXzPTAGHrbW/IJYEPqlzVOAS4XdUgHg0N7IbLywNHMvB+Yf+Nm6ctyXXFLV4WTNnzs7
+.			87358	IN	DNSKEY	257 3 8 AwEAAagAIKlVZrpC6Ia7gEzahOR+9W29euxhJhVVLOyQbSEW0O8gcCjFFVQUTf6v58fLjwBd0YI0EzrAcQqBGCzh/RStIoO8g0NfnfL2MTJRkxoXbfDaUeVPQuYEhg37NZWAJQ9VnMVDxP/VHL496M/QZxkjf5/Efucp2gaDX6RS6CXpoY68LsvPVjR0ZSwzz1apAzvN9dlzEheX7ICJBBtuA6G3LQpzW5hOA2hzCTMjJPJ8LbqF6dsV6DoBQzgul0sGIcGOYl7OyQdXfZ57relSQageu+ipAdTTJ25AsRTAoub8ONGcLmqrAmRLKBP1dfwhYB4N7knNnulqQxA+Uk1ihz0=
+.			87358	IN	RRSIG	DNSKEY 8 0 172800 20150115235959 20150101000000 19036 . i8cAxD2pvQi1oAyvQxRpDfFlbqPzW+69QQEsDwE1eWOm5AtawO9U7lmsGps7sy/fVNvl1ljKBj4Djp9pb3U2FLogjiIlW0cDAkPmLlG9t+b/pjEfBNlhjANUVN06pvQVAfm+LcF26EaWT6FlISBqb6jSy4BHRa3Bdc4Sx7+pRSYSqVVvYxLkfAWsKPqGkvWhebJDndJJV9syXQXgZ+v/uJ+6XOS43xkAdeL8iBzIs/FlwMTfh3tVe3d0lb65IBBLlCzeQuetX+0Vu1YFcnD0mHc/wS2ZnAV5toAFmyVQBoY/XAZiZeaOkcROJ6Zmqezy7liwK7BqsYyAZntMhk8lbg==
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 883 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 64817
+;; flags: qr rd ra ad cd ; qd: 1 an: 2 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ch., type = DS, class = IN
+
+;; ANSWERS:
+ch.			958	IN	DS	46375 8 2 8F96646FC68BB7E4AF4C0750A6096FBC0D4ECDA3D3FA6DA06FDDB42EE50C6CF3
+ch.			958	IN	RRSIG	DS 8 1 86400 20150112170000 20150105160000 16665 . thY7xYWBBxiBjqbQIb9fAG4TmQgnziwM7q6P1T3/ITxmECdvOCQnnZA3uD7qmN8uM0HudsD7+y+zgD3rsH4RSTKdL4kHSI0OnCxToMTvklghEgFDezqIRm8NkWdI2H4Stwrj20nYKSpLQxPI2EE54gs18P3KyO8bAUYv8Qx73xU=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 238 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 11560
+;; flags: qr rd ra ad cd ; qd: 1 an: 4 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ch., type = DNSKEY, class = IN
+
+;; ANSWERS:
+ch.			959	IN	DNSKEY	257 3 8 AwEAAb7GhhZ8IAy/AhwmSms5DeQK5ad09wIIplEpYoiAIYXPtJvT1ReFzyfTp/2YP+g/PWDwHPh4qKAHa9x0VgbIQcGAeNakmfkAdWEmCnca323/SAml3mwfaX62G7/uYWae5zh8QTxZKNd+K1yZ5x0IxnI31chSl5xymRbTEHYZDKwSIRFM3fTxUMt93WFaBVWELReYotJBr++rvAWdnlay5TPBTvheLBkaiqtgM4GP8HK07Y+86lsZnEsj5K3G1KTV5SPpa82rqYAwxG9VKbmSE/6/kBR5jJHjt1rRt5Oe7v18aEtw0YCEN4vxq+KuvMoNVqXUsE9LBwHJD+QNwi6wmB0=
+ch.			959	IN	DNSKEY	256 3 8 AwEAAcsg0kY6fw1wzYMhSAKTy+Y2JzAst66P/1odp9NECJJHbU8f4nwziI3onoFSBV0ZiSZhY1aH5dhdDZ7BkrqhVXSrZPAz0CvzjIxmB1gSOf9DeZvjQvoy97HqYolxsf+B3QQv2RKBT67elF5+JisKg3/dQISelKn8LhabSoVrMlD1
+ch.			959	IN	DNSKEY	256 3 8 AwEAAcSLdT0fEmcFmLpeUkAJoeVaHKiu+nbuc43fWlqaCRVf8t2HA4uWxOk0O5ci9nrFTc8nq8oa5fk5Cj7CHh4yrX9qUCfTdIWTyp8BDEdJpS+Dyb0u9wQuVj+nQMj4fLzdQf4TJs3/qxuiLr3nL1UUwlhhXeqSqGVb7p3mtB5HJ8ad
+ch.			959	IN	RRSIG	DNSKEY 8 1 86400 20150127100909 20141212090909 46375 ch. bT8q0FWyeMH0SulNo6UdIIgZYNATwYsee2bikq2Gh339Bufma8eaqWIPYT3XKmxYPBFOw0bVl+kLZxTwbR1CFoCDXoP+qgQhh4mf9qkNiv2CDSc+0FE3FRREn+DAhYTUEuB58FPiPakFB8s8O7T+k2qhDae7jy4/y7Jl1lnjaBY8s7bzOUPhF0KKCNZmvoKwtL23ZdVeTSV1xM3jkiNnpzBKbcoSWECSGJVp1SE0BnRXdwQP41YTXFZ0310YjaTAUCC5qbMIWdEkHjfdSQtKBImnc85mkapq9w++XQ4zhauPWBtrPV3CcoCahjUaWdjrKVkibomlJZaN8MEO23CfQw==
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 893 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 24579
+;; flags: qr rd ra cd ; qd: 1 an: 3 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ingotronic.ch., type = DS, class = IN
+
+;; ANSWERS:
+ingotronic.ch.		3567	IN	DS	6031 5 1 733D0218B571CD617B1A7493564B9FC4F12ADE82
+ingotronic.ch.		3567	IN	DS	6031 5 2 4A948F2FDADA24686E473EDAC00DCF972584C75E3FAA92C2021B6221449FF87E
+ingotronic.ch.		3567	IN	RRSIG	DS 8 2 3600 20150129033614 20150105123019 60789 ch. rVPJP2HhzW7OkroK2axFj5Lb4iVWCH8Fp/Iq1rF952NDo72b8RiKje2RaAKJAGQ+wd0YgE+PAej04GCmkhlDJA/zvPeeTxuhy3HbJzReMlQ7fjyH+wW1hli+FuIYvogXWf7nO/9VyPORt8X/f/pjrOr3Vlj9sGLN8TGYpEuVSw4=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 288 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 3482
+;; flags: qr aa rd ra cd ; qd: 1 an: 4 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ingotronic.ch., type = DNSKEY, class = IN
+
+;; ANSWERS:
+ingotronic.ch.		300	IN	DNSKEY	256 3 5 AwEAAZ2Xh77GFzpEDx7EHYxShqltHgkiG+BOjBGifEmnJhQSdE5/yNSLFNcdhZZ8HUPxYnaedTqJcFFg4AzUsQklF/fECegTJdZjaj2WoL0/I8K7HMfY/hVuRZUWPNglYi8agJRX6gdkFTCpUNI7stpgKqxtzUJhhw15uG/lKMplwqUr
+ingotronic.ch.		300	IN	DNSKEY	257 3 5 AwEAAeA1vzmjaB+eBAcvhzpKEgAEFpvQ1rg4uKDW6MsQtacKoqBpgyep2+LuWotz5p/xYxj3NGsArwN8Ad5cY0FHRr8miTT0elOv6nvlqGIfRuhj/BXAQ1x4ihpSFslHw0lJMYFwxsUZWpUyjWX/nv1xRZMMwF46gui0N4OEbyTYusCk77D+A71k+K0EAitFIbIH4GCUKmH1H7HmXhSVH9bN/n7KEGwW32lmsuuUcJoRKDkcUvbMXY/9Xoa2quERrUg/rBbDUHowRPjYDS5GzY1+f4YY8s40BufGiqyUTKKXL953MVFK8gmezXA0hbmrnZ7CBOw/7238mORAdzExaX8n7CE=
+ingotronic.ch.		300	IN	RRSIG	DNSKEY 5 2 300 20150125003700 20141226001657 6031 ingotronic.ch. rs1QlP2SlSpA2ELbzwg3DgWLzXWL3Lpv6CUJE2Q0qH2Zp7Qdy3cD+ZEtNh9v24Qv1M6JJ3zFt8mmZoCeW2ycuMbJCqBkW9CBuwF+VznZvZY2MxwPipvhvEEGP//0M8YAZJ66yQPDv3PTdAP8FYbIrJyvY44vwyncwbslpfHT9jAsrbfr3vuMuWps86dnP462q+0s1TxBfqi8mzo3gdavjHKWVNwohLahLKT+tWeu6DSzQv0YwMjwtkLgF7QRgx3ctIIkloOrnx9nHH1N6y+hxEB89fOlyVDjHhgL5uVtsD5fEdT0FJ2Gc/2nShEMMqIwr1/J9kUq1mNySff/uEe65Q==
+ingotronic.ch.		300	IN	RRSIG	DNSKEY 5 2 300 20150125003700 20141226001657 17430 ingotronic.ch. mEwZjhQqeWksWD0TCnNBrtce4YkWJL3edqL6PvAUu8Fn+Ih437kEs3+pqdkgRsdYQ9HW+lBm/8pWwJlNAv0bi9NykItXMwAUFtncgq+6Pnh3iAM972GXSa5VV4LcGQ5b8CBdHCHiEKDqyPv5Hr5QfYL/FQaWlcNRh4QZZlZNPFA=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 940 bytes
+
+###############################################
+
diff --git a/src/test/resources/recordings/org_xbill_DNS_dnssec_TestDNames/testDNameWithMultipleCnamesIsInvalid b/src/test/resources/recordings/org_xbill_DNS_dnssec_TestDNames/testDNameWithMultipleCnamesIsInvalid
new file mode 100644
index 000000000..081386efc
--- /dev/null
+++ b/src/test/resources/recordings/org_xbill_DNS_dnssec_TestDNames/testDNameWithMultipleCnamesIsInvalid
@@ -0,0 +1,220 @@
+#Date: 2015-01-06T22:35:14+01:00
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 49996
+;; flags: qr aa rd ra cd ; qd: 1 an: 5 au: 2 ad: 3 
+;; QUESTIONS:
+;;	www.alias.ingotronic.ch., type = A, class = IN
+
+;; ANSWERS:
+alias.ingotronic.ch.	300	IN	DNAME	ingotronic.ch.
+alias.ingotronic.ch.	300	IN	RRSIG	DNAME 5 3 300 20150125000532 20141225234703 17430 ingotronic.ch. GzAO4/bVZ3twjJhR1z1uujUYNI35rtGJi3jlDY6kbwQcaZeiu8WSeln5L90FijEVFVsXsv5rVvOZXAiXk5FP5jZgGg/A6H1iN8nNsVNSzc8XNWBd+Wv4+x0aQKZvcAD++Pcn3EW3nCEcHNdvnqVsjXbtdTJOiPYrvm/iC3QduCI=
+www.alias.ingotronic.ch.	300	IN	CNAME	www.ingotronic.ch.
+www.ingotronic.ch.	300	IN	A	127.0.0.1
+www.ingotronic.ch.	300	IN	RRSIG	A 5 3 300 20150125012443 20141226010256 17430 ingotronic.ch. hkD2bkHZKHoJX8cg69j6l1JXE7iYlVFc0iMo3/3hcq4TqieiT2El/9DLfMSxa7XyB/HRDG5Ul61E56pwlCDdxkwemtAuTzjCpqAtvQ5l5OEtTM4i6nijKBkRRzHjh99qDI1jh9GFv3jkTk5m7iaMQemUB4VTjKGLcZHXvWmQLbg=
+
+;; AUTHORITY RECORDS:
+ingotronic.ch.		300	IN	NS	ns1.ingotronic.ch.
+ingotronic.ch.		300	IN	RRSIG	NS 5 2 300 20150125000532 20141225234703 17430 ingotronic.ch. VuzVJM3McSHlcdngCG/G23zCikq8tXE0CZV2ZSgUFXXFMIEoM6PMi1QRQ/8VF3tee4WGpRx2jhtkui0wFRFfwIhW7G1uPDT4qogaR3KLIyuCEsMxhRH3WJZNrLmLqlSBGvd9OBJwbmryqm3Zzqvrk+E+rh8OJeifnBBpHAX4eHg=
+
+;; ADDITIONAL RECORDS:
+ns1.ingotronic.ch.	300	IN	A	62.192.5.131
+ns1.ingotronic.ch.	300	IN	RRSIG	A 5 3 300 20150125005754 20141226001054 17430 ingotronic.ch. fNG1RZM53pXwBxruHNaSZszxVzNLoCq8VZsTjAzYH2vSLzHXYVGJFTLIeY0K9APAdyJU8WuwmABmn7XY0Kg39kRG77uoFlqUws2PdTz2QKOwJGZY7W88Ak2Y9lkDBcK8o3wJHVptrT8R7p/1U7UfjF0kqPUkakk2B0EbFWdagFg=
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 839 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 25388
+;; flags: qr rd ra ad cd ; qd: 1 an: 4 au: 0 ad: 1 
+;; QUESTIONS:
+;;	., type = DNSKEY, class = IN
+
+;; ANSWERS:
+.			87359	IN	DNSKEY	257 3 8 AwEAAagAIKlVZrpC6Ia7gEzahOR+9W29euxhJhVVLOyQbSEW0O8gcCjFFVQUTf6v58fLjwBd0YI0EzrAcQqBGCzh/RStIoO8g0NfnfL2MTJRkxoXbfDaUeVPQuYEhg37NZWAJQ9VnMVDxP/VHL496M/QZxkjf5/Efucp2gaDX6RS6CXpoY68LsvPVjR0ZSwzz1apAzvN9dlzEheX7ICJBBtuA6G3LQpzW5hOA2hzCTMjJPJ8LbqF6dsV6DoBQzgul0sGIcGOYl7OyQdXfZ57relSQageu+ipAdTTJ25AsRTAoub8ONGcLmqrAmRLKBP1dfwhYB4N7knNnulqQxA+Uk1ihz0=
+.			87359	IN	DNSKEY	256 3 8 AwEAAe3fSrbLBy3LOS7pnxEUhvPZTE2H5dIGsI/UfruI/nOEvWWa/PSX2BFedBkEqOlYdjdNF2f+6lmfk2Od/xu0v5bVqxFE+/24v3hZSlWBxvXzPTAGHrbW/IJYEPqlzVOAS4XdUgHg0N7IbLywNHMvB+Yf+Nm6ctyXXFLV4WTNnzs7
+.			87359	IN	DNSKEY	256 3 8 AwEAAaPD7Y7XIi1MOEREJNTrRhyqsY3gff6JWzg+XCbqut1sbcbvqyssHw8DT1AkRaAC92pO8xuyq5QEgEPL1IHfABLwpwXI5gTj4gdwi86bpkmlWs9fRpnn4DPDCTdrnxIejJXgClHikLJF3u3CdpNCMijq4CKdQbMlRZ3avv+G7rh7
+.			87359	IN	RRSIG	DNSKEY 8 0 172800 20150115235959 20150101000000 19036 . i8cAxD2pvQi1oAyvQxRpDfFlbqPzW+69QQEsDwE1eWOm5AtawO9U7lmsGps7sy/fVNvl1ljKBj4Djp9pb3U2FLogjiIlW0cDAkPmLlG9t+b/pjEfBNlhjANUVN06pvQVAfm+LcF26EaWT6FlISBqb6jSy4BHRa3Bdc4Sx7+pRSYSqVVvYxLkfAWsKPqGkvWhebJDndJJV9syXQXgZ+v/uJ+6XOS43xkAdeL8iBzIs/FlwMTfh3tVe3d0lb65IBBLlCzeQuetX+0Vu1YFcnD0mHc/wS2ZnAV5toAFmyVQBoY/XAZiZeaOkcROJ6Zmqezy7liwK7BqsYyAZntMhk8lbg==
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 883 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 64749
+;; flags: qr rd ra ad cd ; qd: 1 an: 2 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ch., type = DS, class = IN
+
+;; ANSWERS:
+ch.			959	IN	DS	46375 8 2 8F96646FC68BB7E4AF4C0750A6096FBC0D4ECDA3D3FA6DA06FDDB42EE50C6CF3
+ch.			959	IN	RRSIG	DS 8 1 86400 20150112170000 20150105160000 16665 . thY7xYWBBxiBjqbQIb9fAG4TmQgnziwM7q6P1T3/ITxmECdvOCQnnZA3uD7qmN8uM0HudsD7+y+zgD3rsH4RSTKdL4kHSI0OnCxToMTvklghEgFDezqIRm8NkWdI2H4Stwrj20nYKSpLQxPI2EE54gs18P3KyO8bAUYv8Qx73xU=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 238 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 55977
+;; flags: qr rd ra ad cd ; qd: 1 an: 4 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ch., type = DNSKEY, class = IN
+
+;; ANSWERS:
+ch.			960	IN	DNSKEY	256 3 8 AwEAAcSLdT0fEmcFmLpeUkAJoeVaHKiu+nbuc43fWlqaCRVf8t2HA4uWxOk0O5ci9nrFTc8nq8oa5fk5Cj7CHh4yrX9qUCfTdIWTyp8BDEdJpS+Dyb0u9wQuVj+nQMj4fLzdQf4TJs3/qxuiLr3nL1UUwlhhXeqSqGVb7p3mtB5HJ8ad
+ch.			960	IN	DNSKEY	256 3 8 AwEAAcsg0kY6fw1wzYMhSAKTy+Y2JzAst66P/1odp9NECJJHbU8f4nwziI3onoFSBV0ZiSZhY1aH5dhdDZ7BkrqhVXSrZPAz0CvzjIxmB1gSOf9DeZvjQvoy97HqYolxsf+B3QQv2RKBT67elF5+JisKg3/dQISelKn8LhabSoVrMlD1
+ch.			960	IN	DNSKEY	257 3 8 AwEAAb7GhhZ8IAy/AhwmSms5DeQK5ad09wIIplEpYoiAIYXPtJvT1ReFzyfTp/2YP+g/PWDwHPh4qKAHa9x0VgbIQcGAeNakmfkAdWEmCnca323/SAml3mwfaX62G7/uYWae5zh8QTxZKNd+K1yZ5x0IxnI31chSl5xymRbTEHYZDKwSIRFM3fTxUMt93WFaBVWELReYotJBr++rvAWdnlay5TPBTvheLBkaiqtgM4GP8HK07Y+86lsZnEsj5K3G1KTV5SPpa82rqYAwxG9VKbmSE/6/kBR5jJHjt1rRt5Oe7v18aEtw0YCEN4vxq+KuvMoNVqXUsE9LBwHJD+QNwi6wmB0=
+ch.			960	IN	RRSIG	DNSKEY 8 1 86400 20150127100909 20141212090909 46375 ch. bT8q0FWyeMH0SulNo6UdIIgZYNATwYsee2bikq2Gh339Bufma8eaqWIPYT3XKmxYPBFOw0bVl+kLZxTwbR1CFoCDXoP+qgQhh4mf9qkNiv2CDSc+0FE3FRREn+DAhYTUEuB58FPiPakFB8s8O7T+k2qhDae7jy4/y7Jl1lnjaBY8s7bzOUPhF0KKCNZmvoKwtL23ZdVeTSV1xM3jkiNnpzBKbcoSWECSGJVp1SE0BnRXdwQP41YTXFZ0310YjaTAUCC5qbMIWdEkHjfdSQtKBImnc85mkapq9w++XQ4zhauPWBtrPV3CcoCahjUaWdjrKVkibomlJZaN8MEO23CfQw==
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 893 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 25126
+;; flags: qr rd ra cd ; qd: 1 an: 3 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ingotronic.ch., type = DS, class = IN
+
+;; ANSWERS:
+ingotronic.ch.		3568	IN	DS	6031 5 2 4A948F2FDADA24686E473EDAC00DCF972584C75E3FAA92C2021B6221449FF87E
+ingotronic.ch.		3568	IN	DS	6031 5 1 733D0218B571CD617B1A7493564B9FC4F12ADE82
+ingotronic.ch.		3568	IN	RRSIG	DS 8 2 3600 20150129033614 20150105123019 60789 ch. rVPJP2HhzW7OkroK2axFj5Lb4iVWCH8Fp/Iq1rF952NDo72b8RiKje2RaAKJAGQ+wd0YgE+PAej04GCmkhlDJA/zvPeeTxuhy3HbJzReMlQ7fjyH+wW1hli+FuIYvogXWf7nO/9VyPORt8X/f/pjrOr3Vlj9sGLN8TGYpEuVSw4=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 288 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 46256
+;; flags: qr aa rd ra cd ; qd: 1 an: 4 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ingotronic.ch., type = DNSKEY, class = IN
+
+;; ANSWERS:
+ingotronic.ch.		300	IN	DNSKEY	257 3 5 AwEAAeA1vzmjaB+eBAcvhzpKEgAEFpvQ1rg4uKDW6MsQtacKoqBpgyep2+LuWotz5p/xYxj3NGsArwN8Ad5cY0FHRr8miTT0elOv6nvlqGIfRuhj/BXAQ1x4ihpSFslHw0lJMYFwxsUZWpUyjWX/nv1xRZMMwF46gui0N4OEbyTYusCk77D+A71k+K0EAitFIbIH4GCUKmH1H7HmXhSVH9bN/n7KEGwW32lmsuuUcJoRKDkcUvbMXY/9Xoa2quERrUg/rBbDUHowRPjYDS5GzY1+f4YY8s40BufGiqyUTKKXL953MVFK8gmezXA0hbmrnZ7CBOw/7238mORAdzExaX8n7CE=
+ingotronic.ch.		300	IN	DNSKEY	256 3 5 AwEAAZ2Xh77GFzpEDx7EHYxShqltHgkiG+BOjBGifEmnJhQSdE5/yNSLFNcdhZZ8HUPxYnaedTqJcFFg4AzUsQklF/fECegTJdZjaj2WoL0/I8K7HMfY/hVuRZUWPNglYi8agJRX6gdkFTCpUNI7stpgKqxtzUJhhw15uG/lKMplwqUr
+ingotronic.ch.		300	IN	RRSIG	DNSKEY 5 2 300 20150125003700 20141226001657 6031 ingotronic.ch. rs1QlP2SlSpA2ELbzwg3DgWLzXWL3Lpv6CUJE2Q0qH2Zp7Qdy3cD+ZEtNh9v24Qv1M6JJ3zFt8mmZoCeW2ycuMbJCqBkW9CBuwF+VznZvZY2MxwPipvhvEEGP//0M8YAZJ66yQPDv3PTdAP8FYbIrJyvY44vwyncwbslpfHT9jAsrbfr3vuMuWps86dnP462q+0s1TxBfqi8mzo3gdavjHKWVNwohLahLKT+tWeu6DSzQv0YwMjwtkLgF7QRgx3ctIIkloOrnx9nHH1N6y+hxEB89fOlyVDjHhgL5uVtsD5fEdT0FJ2Gc/2nShEMMqIwr1/J9kUq1mNySff/uEe65Q==
+ingotronic.ch.		300	IN	RRSIG	DNSKEY 5 2 300 20150125003700 20141226001657 17430 ingotronic.ch. mEwZjhQqeWksWD0TCnNBrtce4YkWJL3edqL6PvAUu8Fn+Ih437kEs3+pqdkgRsdYQ9HW+lBm/8pWwJlNAv0bi9NykItXMwAUFtncgq+6Pnh3iAM972GXSa5VV4LcGQ5b8CBdHCHiEKDqyPv5Hr5QfYL/FQaWlcNRh4QZZlZNPFA=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 940 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 51913
+;; flags: qr rd ra ad cd ; qd: 1 an: 4 au: 0 ad: 1 
+;; QUESTIONS:
+;;	., type = DNSKEY, class = IN
+
+;; ANSWERS:
+.			87359	IN	DNSKEY	256 3 8 AwEAAe3fSrbLBy3LOS7pnxEUhvPZTE2H5dIGsI/UfruI/nOEvWWa/PSX2BFedBkEqOlYdjdNF2f+6lmfk2Od/xu0v5bVqxFE+/24v3hZSlWBxvXzPTAGHrbW/IJYEPqlzVOAS4XdUgHg0N7IbLywNHMvB+Yf+Nm6ctyXXFLV4WTNnzs7
+.			87359	IN	DNSKEY	257 3 8 AwEAAagAIKlVZrpC6Ia7gEzahOR+9W29euxhJhVVLOyQbSEW0O8gcCjFFVQUTf6v58fLjwBd0YI0EzrAcQqBGCzh/RStIoO8g0NfnfL2MTJRkxoXbfDaUeVPQuYEhg37NZWAJQ9VnMVDxP/VHL496M/QZxkjf5/Efucp2gaDX6RS6CXpoY68LsvPVjR0ZSwzz1apAzvN9dlzEheX7ICJBBtuA6G3LQpzW5hOA2hzCTMjJPJ8LbqF6dsV6DoBQzgul0sGIcGOYl7OyQdXfZ57relSQageu+ipAdTTJ25AsRTAoub8ONGcLmqrAmRLKBP1dfwhYB4N7knNnulqQxA+Uk1ihz0=
+.			87359	IN	DNSKEY	256 3 8 AwEAAaPD7Y7XIi1MOEREJNTrRhyqsY3gff6JWzg+XCbqut1sbcbvqyssHw8DT1AkRaAC92pO8xuyq5QEgEPL1IHfABLwpwXI5gTj4gdwi86bpkmlWs9fRpnn4DPDCTdrnxIejJXgClHikLJF3u3CdpNCMijq4CKdQbMlRZ3avv+G7rh7
+.			87359	IN	RRSIG	DNSKEY 8 0 172800 20150115235959 20150101000000 19036 . i8cAxD2pvQi1oAyvQxRpDfFlbqPzW+69QQEsDwE1eWOm5AtawO9U7lmsGps7sy/fVNvl1ljKBj4Djp9pb3U2FLogjiIlW0cDAkPmLlG9t+b/pjEfBNlhjANUVN06pvQVAfm+LcF26EaWT6FlISBqb6jSy4BHRa3Bdc4Sx7+pRSYSqVVvYxLkfAWsKPqGkvWhebJDndJJV9syXQXgZ+v/uJ+6XOS43xkAdeL8iBzIs/FlwMTfh3tVe3d0lb65IBBLlCzeQuetX+0Vu1YFcnD0mHc/wS2ZnAV5toAFmyVQBoY/XAZiZeaOkcROJ6Zmqezy7liwK7BqsYyAZntMhk8lbg==
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 883 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 50080
+;; flags: qr rd ra ad cd ; qd: 1 an: 2 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ch., type = DS, class = IN
+
+;; ANSWERS:
+ch.			959	IN	DS	46375 8 2 8F96646FC68BB7E4AF4C0750A6096FBC0D4ECDA3D3FA6DA06FDDB42EE50C6CF3
+ch.			959	IN	RRSIG	DS 8 1 86400 20150112170000 20150105160000 16665 . thY7xYWBBxiBjqbQIb9fAG4TmQgnziwM7q6P1T3/ITxmECdvOCQnnZA3uD7qmN8uM0HudsD7+y+zgD3rsH4RSTKdL4kHSI0OnCxToMTvklghEgFDezqIRm8NkWdI2H4Stwrj20nYKSpLQxPI2EE54gs18P3KyO8bAUYv8Qx73xU=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 238 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 34534
+;; flags: qr rd ra ad cd ; qd: 1 an: 4 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ch., type = DNSKEY, class = IN
+
+;; ANSWERS:
+ch.			960	IN	DNSKEY	256 3 8 AwEAAcsg0kY6fw1wzYMhSAKTy+Y2JzAst66P/1odp9NECJJHbU8f4nwziI3onoFSBV0ZiSZhY1aH5dhdDZ7BkrqhVXSrZPAz0CvzjIxmB1gSOf9DeZvjQvoy97HqYolxsf+B3QQv2RKBT67elF5+JisKg3/dQISelKn8LhabSoVrMlD1
+ch.			960	IN	DNSKEY	256 3 8 AwEAAcSLdT0fEmcFmLpeUkAJoeVaHKiu+nbuc43fWlqaCRVf8t2HA4uWxOk0O5ci9nrFTc8nq8oa5fk5Cj7CHh4yrX9qUCfTdIWTyp8BDEdJpS+Dyb0u9wQuVj+nQMj4fLzdQf4TJs3/qxuiLr3nL1UUwlhhXeqSqGVb7p3mtB5HJ8ad
+ch.			960	IN	DNSKEY	257 3 8 AwEAAb7GhhZ8IAy/AhwmSms5DeQK5ad09wIIplEpYoiAIYXPtJvT1ReFzyfTp/2YP+g/PWDwHPh4qKAHa9x0VgbIQcGAeNakmfkAdWEmCnca323/SAml3mwfaX62G7/uYWae5zh8QTxZKNd+K1yZ5x0IxnI31chSl5xymRbTEHYZDKwSIRFM3fTxUMt93WFaBVWELReYotJBr++rvAWdnlay5TPBTvheLBkaiqtgM4GP8HK07Y+86lsZnEsj5K3G1KTV5SPpa82rqYAwxG9VKbmSE/6/kBR5jJHjt1rRt5Oe7v18aEtw0YCEN4vxq+KuvMoNVqXUsE9LBwHJD+QNwi6wmB0=
+ch.			960	IN	RRSIG	DNSKEY 8 1 86400 20150127100909 20141212090909 46375 ch. bT8q0FWyeMH0SulNo6UdIIgZYNATwYsee2bikq2Gh339Bufma8eaqWIPYT3XKmxYPBFOw0bVl+kLZxTwbR1CFoCDXoP+qgQhh4mf9qkNiv2CDSc+0FE3FRREn+DAhYTUEuB58FPiPakFB8s8O7T+k2qhDae7jy4/y7Jl1lnjaBY8s7bzOUPhF0KKCNZmvoKwtL23ZdVeTSV1xM3jkiNnpzBKbcoSWECSGJVp1SE0BnRXdwQP41YTXFZ0310YjaTAUCC5qbMIWdEkHjfdSQtKBImnc85mkapq9w++XQ4zhauPWBtrPV3CcoCahjUaWdjrKVkibomlJZaN8MEO23CfQw==
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 893 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 31593
+;; flags: qr rd ra cd ; qd: 1 an: 3 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ingotronic.ch., type = DS, class = IN
+
+;; ANSWERS:
+ingotronic.ch.		3568	IN	DS	6031 5 1 733D0218B571CD617B1A7493564B9FC4F12ADE82
+ingotronic.ch.		3568	IN	DS	6031 5 2 4A948F2FDADA24686E473EDAC00DCF972584C75E3FAA92C2021B6221449FF87E
+ingotronic.ch.		3568	IN	RRSIG	DS 8 2 3600 20150129033614 20150105123019 60789 ch. rVPJP2HhzW7OkroK2axFj5Lb4iVWCH8Fp/Iq1rF952NDo72b8RiKje2RaAKJAGQ+wd0YgE+PAej04GCmkhlDJA/zvPeeTxuhy3HbJzReMlQ7fjyH+wW1hli+FuIYvogXWf7nO/9VyPORt8X/f/pjrOr3Vlj9sGLN8TGYpEuVSw4=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 288 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 43999
+;; flags: qr aa rd ra cd ; qd: 1 an: 4 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ingotronic.ch., type = DNSKEY, class = IN
+
+;; ANSWERS:
+ingotronic.ch.		300	IN	DNSKEY	256 3 5 AwEAAZ2Xh77GFzpEDx7EHYxShqltHgkiG+BOjBGifEmnJhQSdE5/yNSLFNcdhZZ8HUPxYnaedTqJcFFg4AzUsQklF/fECegTJdZjaj2WoL0/I8K7HMfY/hVuRZUWPNglYi8agJRX6gdkFTCpUNI7stpgKqxtzUJhhw15uG/lKMplwqUr
+ingotronic.ch.		300	IN	DNSKEY	257 3 5 AwEAAeA1vzmjaB+eBAcvhzpKEgAEFpvQ1rg4uKDW6MsQtacKoqBpgyep2+LuWotz5p/xYxj3NGsArwN8Ad5cY0FHRr8miTT0elOv6nvlqGIfRuhj/BXAQ1x4ihpSFslHw0lJMYFwxsUZWpUyjWX/nv1xRZMMwF46gui0N4OEbyTYusCk77D+A71k+K0EAitFIbIH4GCUKmH1H7HmXhSVH9bN/n7KEGwW32lmsuuUcJoRKDkcUvbMXY/9Xoa2quERrUg/rBbDUHowRPjYDS5GzY1+f4YY8s40BufGiqyUTKKXL953MVFK8gmezXA0hbmrnZ7CBOw/7238mORAdzExaX8n7CE=
+ingotronic.ch.		300	IN	RRSIG	DNSKEY 5 2 300 20150125003700 20141226001657 6031 ingotronic.ch. rs1QlP2SlSpA2ELbzwg3DgWLzXWL3Lpv6CUJE2Q0qH2Zp7Qdy3cD+ZEtNh9v24Qv1M6JJ3zFt8mmZoCeW2ycuMbJCqBkW9CBuwF+VznZvZY2MxwPipvhvEEGP//0M8YAZJ66yQPDv3PTdAP8FYbIrJyvY44vwyncwbslpfHT9jAsrbfr3vuMuWps86dnP462q+0s1TxBfqi8mzo3gdavjHKWVNwohLahLKT+tWeu6DSzQv0YwMjwtkLgF7QRgx3ctIIkloOrnx9nHH1N6y+hxEB89fOlyVDjHhgL5uVtsD5fEdT0FJ2Gc/2nShEMMqIwr1/J9kUq1mNySff/uEe65Q==
+ingotronic.ch.		300	IN	RRSIG	DNSKEY 5 2 300 20150125003700 20141226001657 17430 ingotronic.ch. mEwZjhQqeWksWD0TCnNBrtce4YkWJL3edqL6PvAUu8Fn+Ih437kEs3+pqdkgRsdYQ9HW+lBm/8pWwJlNAv0bi9NykItXMwAUFtncgq+6Pnh3iAM972GXSa5VV4LcGQ5b8CBdHCHiEKDqyPv5Hr5QfYL/FQaWlcNRh4QZZlZNPFA=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 940 bytes
+
+###############################################
+
diff --git a/src/test/resources/recordings/org_xbill_DNS_dnssec_TestDNames/testDNameWithNoCnameIsValid b/src/test/resources/recordings/org_xbill_DNS_dnssec_TestDNames/testDNameWithNoCnameIsValid
new file mode 100644
index 000000000..c72454d1c
--- /dev/null
+++ b/src/test/resources/recordings/org_xbill_DNS_dnssec_TestDNames/testDNameWithNoCnameIsValid
@@ -0,0 +1,433 @@
+#Date: 2015-01-06T22:35:16+01:00
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 13618
+;; flags: qr aa rd ra cd ; qd: 1 an: 5 au: 5 ad: 11 
+;; QUESTIONS:
+;;	www.isc.ingotronic.ch., type = A, class = IN
+
+;; ANSWERS:
+isc.ingotronic.ch.	300	IN	DNAME	isc.org.
+isc.ingotronic.ch.	300	IN	RRSIG	DNAME 5 3 300 20150125010136 20141226005030 17430 ingotronic.ch. Lq+1VhRumvgwRCg2inz0FZkNn28FaHbc2lfie4WJ6ScNxtvGmQwaVc7nGt5xcxQEZZc609yr+kEuYEHMckSiCoEY6jy7/qI9e2vGYe1UGzT2bbjWZ6j/v40kE7x/dWybFAcpaWJyi6x+Nx6n3EsNe30TqPLO9kGzuumYDHNnVMs=
+www.isc.ingotronic.ch.	300	IN	CNAME	www.isc.org.
+www.isc.org.		44	IN	A	149.20.64.69
+www.isc.org.		44	IN	RRSIG	A 5 3 60 20150204233244 20150105233244 4521 isc.org. qX9Fqzc+cUB7TUgdAPDQztt+3L7A2TxqVPTGZht3gKb1oBizum2zL3Le6lSO/DI2b526/n+l6gyT7ZtSL058wmEWhXeFlurPojBEBCWYLBkJ7OBLTqMSKzVNN1zpdUIs2RA8QqLOhSWeFkBw0bcJaDnRC2uKr0513aMVJfk5uA8=
+
+;; AUTHORITY RECORDS:
+isc.org.		1011	IN	NS	ord.sns-pb.isc.org.
+isc.org.		1011	IN	NS	ns.isc.afilias-nst.info.
+isc.org.		1011	IN	NS	sfba.sns-pb.isc.org.
+isc.org.		1011	IN	NS	ams.sns-pb.isc.org.
+isc.org.		1011	IN	RRSIG	NS 5 2 7200 20150204233244 20150105233244 4521 isc.org. Olb3QQHiezY6ysFepLUtePsgyVqXgECmLMROkbaAJT5ndTyoMHy4NaX/zFc63LtvzilrS59l9x719c4Pcm37zuEEdKB1IdjtxYKzKqmCzJZ5GuSZ6XgLO2DPWoF2ws+1BVPJL2myZdoBeEu+cUxCLTsETOloSl9Jz5livJ+Xbxo=
+
+;; ADDITIONAL RECORDS:
+ns.isc.afilias-nst.info.	1011	IN	A	199.254.63.254
+ns.isc.afilias-nst.info.	1011	IN	AAAA	2001:500:2c:0:0:0:0:254
+ams.sns-pb.isc.org.	1011	IN	A	199.6.1.30
+ams.sns-pb.isc.org.	1011	IN	AAAA	2001:500:60:0:0:0:0:30
+ord.sns-pb.isc.org.	1011	IN	A	199.6.0.30
+ord.sns-pb.isc.org.	1011	IN	AAAA	2001:500:71:0:0:0:0:30
+sfba.sns-pb.isc.org.	1011	IN	A	149.20.64.3
+sfba.sns-pb.isc.org.	1011	IN	AAAA	2001:4f8:0:2:0:0:0:19
+ams.sns-pb.isc.org.	7184	IN	RRSIG	A 5 4 7200 20150204233244 20150105233244 4521 isc.org. SEjuacdGLjteFKFrB0UTyTcEjEP/VtAKeNWD6DqXLA4839PAk17M1qzCf13uKBGwtb9e1xr3U/GDlIhspbSkSNOIWBzfkKiM8PXQ9kZZuYaPrrz2sz5CzzyzThkz4bq4BicQwKNi/aD/ljLaCIWZDXfZwJabo0Uz+G3QlIq18YE=
+ams.sns-pb.isc.org.	7184	IN	RRSIG	AAAA 5 4 7200 20150204233244 20150105233244 4521 isc.org. EGLJUSGvW1gxEUglZKYLS2NmlJsPNzZQFZSORxTKIXqgF+0A2fZpk+/vkGwxiwqkOsV5Tu7kXUFzC7fIWEI7VDn/L8XKLz575upoMoGvA3bAZ/7VWXjLSXbyTFrDTP9GKSA4knIRtrIsOY+dKieSwIGV6sykBYA8ONMpPcj0sCY=
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 1221 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 32562
+;; flags: qr rd ra ad cd ; qd: 1 an: 4 au: 0 ad: 1 
+;; QUESTIONS:
+;;	., type = DNSKEY, class = IN
+
+;; ANSWERS:
+.			87358	IN	DNSKEY	256 3 8 AwEAAaPD7Y7XIi1MOEREJNTrRhyqsY3gff6JWzg+XCbqut1sbcbvqyssHw8DT1AkRaAC92pO8xuyq5QEgEPL1IHfABLwpwXI5gTj4gdwi86bpkmlWs9fRpnn4DPDCTdrnxIejJXgClHikLJF3u3CdpNCMijq4CKdQbMlRZ3avv+G7rh7
+.			87358	IN	DNSKEY	256 3 8 AwEAAe3fSrbLBy3LOS7pnxEUhvPZTE2H5dIGsI/UfruI/nOEvWWa/PSX2BFedBkEqOlYdjdNF2f+6lmfk2Od/xu0v5bVqxFE+/24v3hZSlWBxvXzPTAGHrbW/IJYEPqlzVOAS4XdUgHg0N7IbLywNHMvB+Yf+Nm6ctyXXFLV4WTNnzs7
+.			87358	IN	DNSKEY	257 3 8 AwEAAagAIKlVZrpC6Ia7gEzahOR+9W29euxhJhVVLOyQbSEW0O8gcCjFFVQUTf6v58fLjwBd0YI0EzrAcQqBGCzh/RStIoO8g0NfnfL2MTJRkxoXbfDaUeVPQuYEhg37NZWAJQ9VnMVDxP/VHL496M/QZxkjf5/Efucp2gaDX6RS6CXpoY68LsvPVjR0ZSwzz1apAzvN9dlzEheX7ICJBBtuA6G3LQpzW5hOA2hzCTMjJPJ8LbqF6dsV6DoBQzgul0sGIcGOYl7OyQdXfZ57relSQageu+ipAdTTJ25AsRTAoub8ONGcLmqrAmRLKBP1dfwhYB4N7knNnulqQxA+Uk1ihz0=
+.			87358	IN	RRSIG	DNSKEY 8 0 172800 20150115235959 20150101000000 19036 . i8cAxD2pvQi1oAyvQxRpDfFlbqPzW+69QQEsDwE1eWOm5AtawO9U7lmsGps7sy/fVNvl1ljKBj4Djp9pb3U2FLogjiIlW0cDAkPmLlG9t+b/pjEfBNlhjANUVN06pvQVAfm+LcF26EaWT6FlISBqb6jSy4BHRa3Bdc4Sx7+pRSYSqVVvYxLkfAWsKPqGkvWhebJDndJJV9syXQXgZ+v/uJ+6XOS43xkAdeL8iBzIs/FlwMTfh3tVe3d0lb65IBBLlCzeQuetX+0Vu1YFcnD0mHc/wS2ZnAV5toAFmyVQBoY/XAZiZeaOkcROJ6Zmqezy7liwK7BqsYyAZntMhk8lbg==
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 883 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 51051
+;; flags: qr rd ra ad cd ; qd: 1 an: 2 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ch., type = DS, class = IN
+
+;; ANSWERS:
+ch.			958	IN	DS	46375 8 2 8F96646FC68BB7E4AF4C0750A6096FBC0D4ECDA3D3FA6DA06FDDB42EE50C6CF3
+ch.			958	IN	RRSIG	DS 8 1 86400 20150112170000 20150105160000 16665 . thY7xYWBBxiBjqbQIb9fAG4TmQgnziwM7q6P1T3/ITxmECdvOCQnnZA3uD7qmN8uM0HudsD7+y+zgD3rsH4RSTKdL4kHSI0OnCxToMTvklghEgFDezqIRm8NkWdI2H4Stwrj20nYKSpLQxPI2EE54gs18P3KyO8bAUYv8Qx73xU=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 238 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 19837
+;; flags: qr rd ra ad cd ; qd: 1 an: 4 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ch., type = DNSKEY, class = IN
+
+;; ANSWERS:
+ch.			959	IN	DNSKEY	257 3 8 AwEAAb7GhhZ8IAy/AhwmSms5DeQK5ad09wIIplEpYoiAIYXPtJvT1ReFzyfTp/2YP+g/PWDwHPh4qKAHa9x0VgbIQcGAeNakmfkAdWEmCnca323/SAml3mwfaX62G7/uYWae5zh8QTxZKNd+K1yZ5x0IxnI31chSl5xymRbTEHYZDKwSIRFM3fTxUMt93WFaBVWELReYotJBr++rvAWdnlay5TPBTvheLBkaiqtgM4GP8HK07Y+86lsZnEsj5K3G1KTV5SPpa82rqYAwxG9VKbmSE/6/kBR5jJHjt1rRt5Oe7v18aEtw0YCEN4vxq+KuvMoNVqXUsE9LBwHJD+QNwi6wmB0=
+ch.			959	IN	DNSKEY	256 3 8 AwEAAcSLdT0fEmcFmLpeUkAJoeVaHKiu+nbuc43fWlqaCRVf8t2HA4uWxOk0O5ci9nrFTc8nq8oa5fk5Cj7CHh4yrX9qUCfTdIWTyp8BDEdJpS+Dyb0u9wQuVj+nQMj4fLzdQf4TJs3/qxuiLr3nL1UUwlhhXeqSqGVb7p3mtB5HJ8ad
+ch.			959	IN	DNSKEY	256 3 8 AwEAAcsg0kY6fw1wzYMhSAKTy+Y2JzAst66P/1odp9NECJJHbU8f4nwziI3onoFSBV0ZiSZhY1aH5dhdDZ7BkrqhVXSrZPAz0CvzjIxmB1gSOf9DeZvjQvoy97HqYolxsf+B3QQv2RKBT67elF5+JisKg3/dQISelKn8LhabSoVrMlD1
+ch.			959	IN	RRSIG	DNSKEY 8 1 86400 20150127100909 20141212090909 46375 ch. bT8q0FWyeMH0SulNo6UdIIgZYNATwYsee2bikq2Gh339Bufma8eaqWIPYT3XKmxYPBFOw0bVl+kLZxTwbR1CFoCDXoP+qgQhh4mf9qkNiv2CDSc+0FE3FRREn+DAhYTUEuB58FPiPakFB8s8O7T+k2qhDae7jy4/y7Jl1lnjaBY8s7bzOUPhF0KKCNZmvoKwtL23ZdVeTSV1xM3jkiNnpzBKbcoSWECSGJVp1SE0BnRXdwQP41YTXFZ0310YjaTAUCC5qbMIWdEkHjfdSQtKBImnc85mkapq9w++XQ4zhauPWBtrPV3CcoCahjUaWdjrKVkibomlJZaN8MEO23CfQw==
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 893 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 24177
+;; flags: qr rd ra cd ; qd: 1 an: 3 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ingotronic.ch., type = DS, class = IN
+
+;; ANSWERS:
+ingotronic.ch.		3567	IN	DS	6031 5 1 733D0218B571CD617B1A7493564B9FC4F12ADE82
+ingotronic.ch.		3567	IN	DS	6031 5 2 4A948F2FDADA24686E473EDAC00DCF972584C75E3FAA92C2021B6221449FF87E
+ingotronic.ch.		3567	IN	RRSIG	DS 8 2 3600 20150129033614 20150105123019 60789 ch. rVPJP2HhzW7OkroK2axFj5Lb4iVWCH8Fp/Iq1rF952NDo72b8RiKje2RaAKJAGQ+wd0YgE+PAej04GCmkhlDJA/zvPeeTxuhy3HbJzReMlQ7fjyH+wW1hli+FuIYvogXWf7nO/9VyPORt8X/f/pjrOr3Vlj9sGLN8TGYpEuVSw4=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 288 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 9736
+;; flags: qr aa rd ra cd ; qd: 1 an: 4 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ingotronic.ch., type = DNSKEY, class = IN
+
+;; ANSWERS:
+ingotronic.ch.		300	IN	DNSKEY	257 3 5 AwEAAeA1vzmjaB+eBAcvhzpKEgAEFpvQ1rg4uKDW6MsQtacKoqBpgyep2+LuWotz5p/xYxj3NGsArwN8Ad5cY0FHRr8miTT0elOv6nvlqGIfRuhj/BXAQ1x4ihpSFslHw0lJMYFwxsUZWpUyjWX/nv1xRZMMwF46gui0N4OEbyTYusCk77D+A71k+K0EAitFIbIH4GCUKmH1H7HmXhSVH9bN/n7KEGwW32lmsuuUcJoRKDkcUvbMXY/9Xoa2quERrUg/rBbDUHowRPjYDS5GzY1+f4YY8s40BufGiqyUTKKXL953MVFK8gmezXA0hbmrnZ7CBOw/7238mORAdzExaX8n7CE=
+ingotronic.ch.		300	IN	DNSKEY	256 3 5 AwEAAZ2Xh77GFzpEDx7EHYxShqltHgkiG+BOjBGifEmnJhQSdE5/yNSLFNcdhZZ8HUPxYnaedTqJcFFg4AzUsQklF/fECegTJdZjaj2WoL0/I8K7HMfY/hVuRZUWPNglYi8agJRX6gdkFTCpUNI7stpgKqxtzUJhhw15uG/lKMplwqUr
+ingotronic.ch.		300	IN	RRSIG	DNSKEY 5 2 300 20150125003700 20141226001657 6031 ingotronic.ch. rs1QlP2SlSpA2ELbzwg3DgWLzXWL3Lpv6CUJE2Q0qH2Zp7Qdy3cD+ZEtNh9v24Qv1M6JJ3zFt8mmZoCeW2ycuMbJCqBkW9CBuwF+VznZvZY2MxwPipvhvEEGP//0M8YAZJ66yQPDv3PTdAP8FYbIrJyvY44vwyncwbslpfHT9jAsrbfr3vuMuWps86dnP462q+0s1TxBfqi8mzo3gdavjHKWVNwohLahLKT+tWeu6DSzQv0YwMjwtkLgF7QRgx3ctIIkloOrnx9nHH1N6y+hxEB89fOlyVDjHhgL5uVtsD5fEdT0FJ2Gc/2nShEMMqIwr1/J9kUq1mNySff/uEe65Q==
+ingotronic.ch.		300	IN	RRSIG	DNSKEY 5 2 300 20150125003700 20141226001657 17430 ingotronic.ch. mEwZjhQqeWksWD0TCnNBrtce4YkWJL3edqL6PvAUu8Fn+Ih437kEs3+pqdkgRsdYQ9HW+lBm/8pWwJlNAv0bi9NykItXMwAUFtncgq+6Pnh3iAM972GXSa5VV4LcGQ5b8CBdHCHiEKDqyPv5Hr5QfYL/FQaWlcNRh4QZZlZNPFA=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 940 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 27756
+;; flags: qr rd ra ad cd ; qd: 1 an: 4 au: 0 ad: 1 
+;; QUESTIONS:
+;;	., type = DNSKEY, class = IN
+
+;; ANSWERS:
+.			87357	IN	DNSKEY	257 3 8 AwEAAagAIKlVZrpC6Ia7gEzahOR+9W29euxhJhVVLOyQbSEW0O8gcCjFFVQUTf6v58fLjwBd0YI0EzrAcQqBGCzh/RStIoO8g0NfnfL2MTJRkxoXbfDaUeVPQuYEhg37NZWAJQ9VnMVDxP/VHL496M/QZxkjf5/Efucp2gaDX6RS6CXpoY68LsvPVjR0ZSwzz1apAzvN9dlzEheX7ICJBBtuA6G3LQpzW5hOA2hzCTMjJPJ8LbqF6dsV6DoBQzgul0sGIcGOYl7OyQdXfZ57relSQageu+ipAdTTJ25AsRTAoub8ONGcLmqrAmRLKBP1dfwhYB4N7knNnulqQxA+Uk1ihz0=
+.			87357	IN	DNSKEY	256 3 8 AwEAAaPD7Y7XIi1MOEREJNTrRhyqsY3gff6JWzg+XCbqut1sbcbvqyssHw8DT1AkRaAC92pO8xuyq5QEgEPL1IHfABLwpwXI5gTj4gdwi86bpkmlWs9fRpnn4DPDCTdrnxIejJXgClHikLJF3u3CdpNCMijq4CKdQbMlRZ3avv+G7rh7
+.			87357	IN	DNSKEY	256 3 8 AwEAAe3fSrbLBy3LOS7pnxEUhvPZTE2H5dIGsI/UfruI/nOEvWWa/PSX2BFedBkEqOlYdjdNF2f+6lmfk2Od/xu0v5bVqxFE+/24v3hZSlWBxvXzPTAGHrbW/IJYEPqlzVOAS4XdUgHg0N7IbLywNHMvB+Yf+Nm6ctyXXFLV4WTNnzs7
+.			87357	IN	RRSIG	DNSKEY 8 0 172800 20150115235959 20150101000000 19036 . i8cAxD2pvQi1oAyvQxRpDfFlbqPzW+69QQEsDwE1eWOm5AtawO9U7lmsGps7sy/fVNvl1ljKBj4Djp9pb3U2FLogjiIlW0cDAkPmLlG9t+b/pjEfBNlhjANUVN06pvQVAfm+LcF26EaWT6FlISBqb6jSy4BHRa3Bdc4Sx7+pRSYSqVVvYxLkfAWsKPqGkvWhebJDndJJV9syXQXgZ+v/uJ+6XOS43xkAdeL8iBzIs/FlwMTfh3tVe3d0lb65IBBLlCzeQuetX+0Vu1YFcnD0mHc/wS2ZnAV5toAFmyVQBoY/XAZiZeaOkcROJ6Zmqezy7liwK7BqsYyAZntMhk8lbg==
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 883 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 7390
+;; flags: qr rd ra cd ; qd: 1 an: 3 au: 0 ad: 1 
+;; QUESTIONS:
+;;	org., type = DS, class = IN
+
+;; ANSWERS:
+org.			1006	IN	DS	21366 7 1 E6C1716CFB6BDC84E84CE1AB5510DAC69173B5B2
+org.			1006	IN	DS	21366 7 2 96EEB2FFD9B00CD4694E78278B5EFDAB0A80446567B69F634DA078F0D90F01BA
+org.			1006	IN	RRSIG	DS 8 1 86400 20150112170000 20150105160000 16665 . TeNrVbBDgqdrbpdIweTad3yMLn+APxxlDpr717kqNgkOc8OxLFE/pFGzfSCYfc5hlMNB/nY1XhIJbWwvd26xOjwcB1rK3yo/Cfa5Pt4P+qV45QYW2JlatQVQPHtgMOf1KvUzXy4DlKzE5yHvHNGscfMOgIDeyWyDS8XwdrEIRR0=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 275 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 34399
+;; flags: qr rd ra cd ; qd: 1 an: 7 au: 0 ad: 1 
+;; QUESTIONS:
+;;	org., type = DNSKEY, class = IN
+
+;; ANSWERS:
+org.			882	IN	DNSKEY	257 3 7 AwEAAYpYfj3aaRzzkxWQqMdl7YExY81NdYSv+qayuZDodnZ9IMh0bwMcYaVUdzNAbVeJ8gd6jq1sR3VvP/SR36mmGssbV4Udl5ORDtqiZP2TDNDHxEnKKTX+jWfytZeT7d3AbSzBKC0v7uZrM6M2eoJnl6id66rEUmQC2p9DrrDg9F6tXC9CD/zC7/y+BNNpiOdnM5DXk7HhZm7ra9E7ltL13h2mx7kEgU8e6npJlCoXjraIBgUDthYs48W/sdTDLu7N59rjCG+bpil+c8oZ9f7NR3qmSTpTP1m86RqUQnVErifrH8KjDqL+3wzUdF5ACkYwt1XhPVPU+wSIlzbaAQN49PU=
+org.			882	IN	DNSKEY	257 3 7 AwEAAZTjbIO5kIpxWUtyXc8avsKyHIIZ+LjC2Dv8naO+Tz6X2fqzDC1bdq7HlZwtkaqTkMVVJ+8gE9FIreGJ4c8G1GdbjQgbP1OyYIG7OHTc4hv5T2NlyWr6k6QFz98Q4zwFIGTFVvwBhmrMDYsOTtXakK6QwHovA1+83BsUACxlidpwB0hQacbD6x+I2RCDzYuTzj64Jv0/9XsX6AYV3ebcgn4hL1jIR2eJYyXlrAoWxdzxcW//5yeL5RVWuhRxejmnSVnCuxkfS4AQ485KH2tpdbWcCopLJZs6tw8q3jWcpTGzdh/v3xdYfNpQNcPImFlxAun3BtORPA2r8ti6MNoJEHU=
+org.			882	IN	DNSKEY	256 3 7 AwEAAawm+6jDEf5ymhSAeQKaJrF0FTdqp4T0F1SE/KSFEcd/MUaBW0J8NyrJZXQJ0I3KpvXJSk3b0Z3X8StBpngUWOa9/iePG5WaR8Edj0JENd6Cy1R7WawrtYAfQ1AWnvGTbvf0rFa2GcMfhyNKeY8UO5TWKECE4AF4C+LlGe12TICh
+org.			882	IN	DNSKEY	256 3 7 AwEAAXTZXCkp3UaDofhKlicjaZR/XeMFVkRSXRZsYP9OBRFZB44675hHORNE+QAijMdWOQeQt1SUWGyeJ5SHPVirGVxt9wCCqOeMTx7WvImZAKuqUl9H5N3Wn6FRidaub7d76IjxKZbkAHhGSJSzRTuuHbyjtrJVGcJ18kZHELyIsqZ3
+org.			882	IN	RRSIG	DNSKEY 7 1 900 20150126170632 20150105160632 9795 org. b4jnXExJ1MgfUZffo8HVtxJ73qdbrustN+U6GBtgZLNEpdDgdpf9d4unRp/tqzDFoW0QuEoYOBatPCtpX3Re12/FQ+lWkfOAatcJMYMcW7kU2q86muY44W4p1BK/DxVb2zQHJ4AO7h22dH+TcM8J3WlGrlHYy/6k+emWPC7NpumCF3ctR/w26rAU4sv0lKuPvQSr9mOf3PyX29tz61lSfu4lAcymB6vh7B3D6TMkpHyobOAD67Ne59V1IgeeHXakURM8g0P0HMg87GT4GXwqo9+Aj7oWAq9D8iIIqelOLiijKys5jTzgdbOxM2vVn+l175xJybUzrJI0huJ9zKNCvg==
+org.			882	IN	RRSIG	DNSKEY 7 1 900 20150126170632 20150105160632 21366 org. Edm9U+AtUcNeh2NXrWaLbfNYSRJovpziT1YcCphKGmdluvZPQk6rQAv1Y+2JBhE9Xmb37cY07lr7XHHfYxLWyhrPkpaKCX4ogqhGRylamy5R8BptqvVFhMTRUUHnK4tHvfYXqbtKuh9H84giLWMQIE2ZzQC9UqTvAIrc4FVUVIuwrNR7k6N96yy68feZnH8wcY+/RkyxoxMhcbMxXnZl2V9XP7xUxwtkULQBL1fq7IHI4jmlNyrdLzZltEgMIgtTK5HpgKaDborfoAcGBYnXxiC5RkAwHH81LAlT/BbK9shiWAI+yDhakLsIpl5ajUcTcbRBtLBBMkY6+4nAnXlSfg==
+org.			882	IN	RRSIG	DNSKEY 7 1 900 20150126170632 20150105160632 53348 org. dAW5DYEjkxzfeM83ZCupwRh50L29jdR+dWkZYgt5GLDsYnyJDmRvjnHiHvJXVlHygvytafDMNK1MBlBODwHTBU/O7u7jLMbKvDU26bJpjm7cBJEtdUny3Bfckfr+VnxmT6UgmWLy1Cu8vuMOQS0t0fIMUs7fF2gJcD2bpcX85iY=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 1625 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 29726
+;; flags: qr rd ra cd ; qd: 1 an: 3 au: 0 ad: 1 
+;; QUESTIONS:
+;;	isc.org., type = DS, class = IN
+
+;; ANSWERS:
+isc.org.		1011	IN	DS	12892 5 1 982113D08B4C6A1D9F6AEE1E2237AEF69F3F9759
+isc.org.		1011	IN	DS	12892 5 2 F1E184C0E1D615D20EB3C223ACED3B03C773DD952D5F0EB5C777586DE18DA6B5
+isc.org.		1011	IN	RRSIG	DS 7 2 86400 20150122163315 20150101153315 53348 org. mpNwUFgIi/ahCYVkPlQuyJ+AY6BGiRaLD4cRwBIBNnaGVeR5vHNrGPrOX32mfS38tegrfNjJS4y3icwavPeubuZwGKIja8CBRGhzzFj6JZgydRJpJ+lkKws6+vDhjQ3A8+VerV0TNs8IWXSBa+Vl4Gv+0bX5NlM4RF/7Kyd7lJA=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 283 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 43826
+;; flags: qr rd ra cd ; qd: 1 an: 4 au: 0 ad: 1 
+;; QUESTIONS:
+;;	isc.org., type = DNSKEY, class = IN
+
+;; ANSWERS:
+isc.org.		7184	IN	DNSKEY	257 3 5 BEAAAAOhHQDBrhQbtphgq2wQUpEQ5t4DtUHxoMVFu2hWLDMvoOMRXjGrhhCeFvAZih7yJHf8ZGfW6hd38hXG/xylYCO6Krpbdojwx8YMXLA5/kA+u50WIL8ZR1R6KTbsYVMf/Qx5RiNbPClw+vT+U8eXEJmO20jIS1ULgqy347cBB1zMnnz/4LJpA0da9CbKj3A254T515sNIMcwsB8/2+2E63/zZrQzBkj0BrN/9Bexjpiks3jRhZatEsXn3dTy47R09Uix5WcJt+xzqZ7+ysyLKOOedS39Z7SDmsn2eA0FKtQpwA6LXeG2w+jxmw3oA8lVUgEf/rzeC/bByBNsO70aEFTd
+isc.org.		7184	IN	DNSKEY	256 3 5 AwEAAbJpDF4RemdHHE/HrJJhR3zpzAQ6zsHqFv0i4lCWTUf4sX+cq3vSu7fKO4QJtm97S1sbcnmHonVE3QPzLOsqsY630Wy5JzrPK3gUvQLgfIsovo2v+dosITL8WbvjU1mEXhIwfuuBhYmYSKySZ0X9gpHGhdxRd+J8M7riPfN7kHLP
+isc.org.		7184	IN	RRSIG	DNSKEY 5 2 7200 20150204230128 20150105230128 4521 isc.org. F7Lm/p8NrLlHT1rzV09lYxakAu7fGcY9sRnZ2uLlq9d3SpXIXGUuudPg61sd1GdqrRRKiRwfXvNsmvpNL2t8B1/k3gpNUT9V/+SBkI99PKNSkXijVToCebFkCIjqgyjPXkXXFB28E8ZhUDjjYp1LAVMGsfBEnaw7NeHg4MQ3v10=
+isc.org.		7184	IN	RRSIG	DNSKEY 5 2 7200 20150204230128 20150105230128 12892 isc.org. KFk6zXeVu/lULIjwpu5pzRonoksbZMC0Y0qr5K7SpzZK0P/pG4iEzDdSVHA8st+QxNxQ7O4aypeo2jxiJT61OfRzUhjKwopTPVRiiREDV7DFU/fEkgCYXWPlOP7w/An0NzIPc5OLxCDovQefKKgrJaA0hjrd+bTeINgLGdmra+b4FCgYusIZ9Cp+iNs/dByc6cGexce0a0JCyu/vBLnjzo0byjckZm/iiL4BPwtqlaV+NyXFgjucAoqegpSoUpAz1ozCNz9CcJ4yfA9HpWdiWLpYdO3hMt8kHJbk2DxJNkkLRdOP6ZES+3RBUgMgo0FnIYCrVC8QYYQGTO8f2cdfBw==
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 923 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 62271
+;; flags: qr rd ra ad cd ; qd: 1 an: 4 au: 0 ad: 1 
+;; QUESTIONS:
+;;	., type = DNSKEY, class = IN
+
+;; ANSWERS:
+.			87357	IN	DNSKEY	256 3 8 AwEAAaPD7Y7XIi1MOEREJNTrRhyqsY3gff6JWzg+XCbqut1sbcbvqyssHw8DT1AkRaAC92pO8xuyq5QEgEPL1IHfABLwpwXI5gTj4gdwi86bpkmlWs9fRpnn4DPDCTdrnxIejJXgClHikLJF3u3CdpNCMijq4CKdQbMlRZ3avv+G7rh7
+.			87357	IN	DNSKEY	256 3 8 AwEAAe3fSrbLBy3LOS7pnxEUhvPZTE2H5dIGsI/UfruI/nOEvWWa/PSX2BFedBkEqOlYdjdNF2f+6lmfk2Od/xu0v5bVqxFE+/24v3hZSlWBxvXzPTAGHrbW/IJYEPqlzVOAS4XdUgHg0N7IbLywNHMvB+Yf+Nm6ctyXXFLV4WTNnzs7
+.			87357	IN	DNSKEY	257 3 8 AwEAAagAIKlVZrpC6Ia7gEzahOR+9W29euxhJhVVLOyQbSEW0O8gcCjFFVQUTf6v58fLjwBd0YI0EzrAcQqBGCzh/RStIoO8g0NfnfL2MTJRkxoXbfDaUeVPQuYEhg37NZWAJQ9VnMVDxP/VHL496M/QZxkjf5/Efucp2gaDX6RS6CXpoY68LsvPVjR0ZSwzz1apAzvN9dlzEheX7ICJBBtuA6G3LQpzW5hOA2hzCTMjJPJ8LbqF6dsV6DoBQzgul0sGIcGOYl7OyQdXfZ57relSQageu+ipAdTTJ25AsRTAoub8ONGcLmqrAmRLKBP1dfwhYB4N7knNnulqQxA+Uk1ihz0=
+.			87357	IN	RRSIG	DNSKEY 8 0 172800 20150115235959 20150101000000 19036 . i8cAxD2pvQi1oAyvQxRpDfFlbqPzW+69QQEsDwE1eWOm5AtawO9U7lmsGps7sy/fVNvl1ljKBj4Djp9pb3U2FLogjiIlW0cDAkPmLlG9t+b/pjEfBNlhjANUVN06pvQVAfm+LcF26EaWT6FlISBqb6jSy4BHRa3Bdc4Sx7+pRSYSqVVvYxLkfAWsKPqGkvWhebJDndJJV9syXQXgZ+v/uJ+6XOS43xkAdeL8iBzIs/FlwMTfh3tVe3d0lb65IBBLlCzeQuetX+0Vu1YFcnD0mHc/wS2ZnAV5toAFmyVQBoY/XAZiZeaOkcROJ6Zmqezy7liwK7BqsYyAZntMhk8lbg==
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 883 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 46846
+;; flags: qr rd ra ad cd ; qd: 1 an: 2 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ch., type = DS, class = IN
+
+;; ANSWERS:
+ch.			957	IN	DS	46375 8 2 8F96646FC68BB7E4AF4C0750A6096FBC0D4ECDA3D3FA6DA06FDDB42EE50C6CF3
+ch.			957	IN	RRSIG	DS 8 1 86400 20150112170000 20150105160000 16665 . thY7xYWBBxiBjqbQIb9fAG4TmQgnziwM7q6P1T3/ITxmECdvOCQnnZA3uD7qmN8uM0HudsD7+y+zgD3rsH4RSTKdL4kHSI0OnCxToMTvklghEgFDezqIRm8NkWdI2H4Stwrj20nYKSpLQxPI2EE54gs18P3KyO8bAUYv8Qx73xU=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 238 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 18781
+;; flags: qr rd ra ad cd ; qd: 1 an: 4 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ch., type = DNSKEY, class = IN
+
+;; ANSWERS:
+ch.			958	IN	DNSKEY	257 3 8 AwEAAb7GhhZ8IAy/AhwmSms5DeQK5ad09wIIplEpYoiAIYXPtJvT1ReFzyfTp/2YP+g/PWDwHPh4qKAHa9x0VgbIQcGAeNakmfkAdWEmCnca323/SAml3mwfaX62G7/uYWae5zh8QTxZKNd+K1yZ5x0IxnI31chSl5xymRbTEHYZDKwSIRFM3fTxUMt93WFaBVWELReYotJBr++rvAWdnlay5TPBTvheLBkaiqtgM4GP8HK07Y+86lsZnEsj5K3G1KTV5SPpa82rqYAwxG9VKbmSE/6/kBR5jJHjt1rRt5Oe7v18aEtw0YCEN4vxq+KuvMoNVqXUsE9LBwHJD+QNwi6wmB0=
+ch.			958	IN	DNSKEY	256 3 8 AwEAAcsg0kY6fw1wzYMhSAKTy+Y2JzAst66P/1odp9NECJJHbU8f4nwziI3onoFSBV0ZiSZhY1aH5dhdDZ7BkrqhVXSrZPAz0CvzjIxmB1gSOf9DeZvjQvoy97HqYolxsf+B3QQv2RKBT67elF5+JisKg3/dQISelKn8LhabSoVrMlD1
+ch.			958	IN	DNSKEY	256 3 8 AwEAAcSLdT0fEmcFmLpeUkAJoeVaHKiu+nbuc43fWlqaCRVf8t2HA4uWxOk0O5ci9nrFTc8nq8oa5fk5Cj7CHh4yrX9qUCfTdIWTyp8BDEdJpS+Dyb0u9wQuVj+nQMj4fLzdQf4TJs3/qxuiLr3nL1UUwlhhXeqSqGVb7p3mtB5HJ8ad
+ch.			958	IN	RRSIG	DNSKEY 8 1 86400 20150127100909 20141212090909 46375 ch. bT8q0FWyeMH0SulNo6UdIIgZYNATwYsee2bikq2Gh339Bufma8eaqWIPYT3XKmxYPBFOw0bVl+kLZxTwbR1CFoCDXoP+qgQhh4mf9qkNiv2CDSc+0FE3FRREn+DAhYTUEuB58FPiPakFB8s8O7T+k2qhDae7jy4/y7Jl1lnjaBY8s7bzOUPhF0KKCNZmvoKwtL23ZdVeTSV1xM3jkiNnpzBKbcoSWECSGJVp1SE0BnRXdwQP41YTXFZ0310YjaTAUCC5qbMIWdEkHjfdSQtKBImnc85mkapq9w++XQ4zhauPWBtrPV3CcoCahjUaWdjrKVkibomlJZaN8MEO23CfQw==
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 893 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 5666
+;; flags: qr rd ra cd ; qd: 1 an: 3 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ingotronic.ch., type = DS, class = IN
+
+;; ANSWERS:
+ingotronic.ch.		3566	IN	DS	6031 5 1 733D0218B571CD617B1A7493564B9FC4F12ADE82
+ingotronic.ch.		3566	IN	DS	6031 5 2 4A948F2FDADA24686E473EDAC00DCF972584C75E3FAA92C2021B6221449FF87E
+ingotronic.ch.		3566	IN	RRSIG	DS 8 2 3600 20150129033614 20150105123019 60789 ch. rVPJP2HhzW7OkroK2axFj5Lb4iVWCH8Fp/Iq1rF952NDo72b8RiKje2RaAKJAGQ+wd0YgE+PAej04GCmkhlDJA/zvPeeTxuhy3HbJzReMlQ7fjyH+wW1hli+FuIYvogXWf7nO/9VyPORt8X/f/pjrOr3Vlj9sGLN8TGYpEuVSw4=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 288 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 16375
+;; flags: qr aa rd ra cd ; qd: 1 an: 4 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ingotronic.ch., type = DNSKEY, class = IN
+
+;; ANSWERS:
+ingotronic.ch.		300	IN	DNSKEY	256 3 5 AwEAAZ2Xh77GFzpEDx7EHYxShqltHgkiG+BOjBGifEmnJhQSdE5/yNSLFNcdhZZ8HUPxYnaedTqJcFFg4AzUsQklF/fECegTJdZjaj2WoL0/I8K7HMfY/hVuRZUWPNglYi8agJRX6gdkFTCpUNI7stpgKqxtzUJhhw15uG/lKMplwqUr
+ingotronic.ch.		300	IN	DNSKEY	257 3 5 AwEAAeA1vzmjaB+eBAcvhzpKEgAEFpvQ1rg4uKDW6MsQtacKoqBpgyep2+LuWotz5p/xYxj3NGsArwN8Ad5cY0FHRr8miTT0elOv6nvlqGIfRuhj/BXAQ1x4ihpSFslHw0lJMYFwxsUZWpUyjWX/nv1xRZMMwF46gui0N4OEbyTYusCk77D+A71k+K0EAitFIbIH4GCUKmH1H7HmXhSVH9bN/n7KEGwW32lmsuuUcJoRKDkcUvbMXY/9Xoa2quERrUg/rBbDUHowRPjYDS5GzY1+f4YY8s40BufGiqyUTKKXL953MVFK8gmezXA0hbmrnZ7CBOw/7238mORAdzExaX8n7CE=
+ingotronic.ch.		300	IN	RRSIG	DNSKEY 5 2 300 20150125003700 20141226001657 6031 ingotronic.ch. rs1QlP2SlSpA2ELbzwg3DgWLzXWL3Lpv6CUJE2Q0qH2Zp7Qdy3cD+ZEtNh9v24Qv1M6JJ3zFt8mmZoCeW2ycuMbJCqBkW9CBuwF+VznZvZY2MxwPipvhvEEGP//0M8YAZJ66yQPDv3PTdAP8FYbIrJyvY44vwyncwbslpfHT9jAsrbfr3vuMuWps86dnP462q+0s1TxBfqi8mzo3gdavjHKWVNwohLahLKT+tWeu6DSzQv0YwMjwtkLgF7QRgx3ctIIkloOrnx9nHH1N6y+hxEB89fOlyVDjHhgL5uVtsD5fEdT0FJ2Gc/2nShEMMqIwr1/J9kUq1mNySff/uEe65Q==
+ingotronic.ch.		300	IN	RRSIG	DNSKEY 5 2 300 20150125003700 20141226001657 17430 ingotronic.ch. mEwZjhQqeWksWD0TCnNBrtce4YkWJL3edqL6PvAUu8Fn+Ih437kEs3+pqdkgRsdYQ9HW+lBm/8pWwJlNAv0bi9NykItXMwAUFtncgq+6Pnh3iAM972GXSa5VV4LcGQ5b8CBdHCHiEKDqyPv5Hr5QfYL/FQaWlcNRh4QZZlZNPFA=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 940 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 29069
+;; flags: qr rd ra ad cd ; qd: 1 an: 4 au: 0 ad: 1 
+;; QUESTIONS:
+;;	., type = DNSKEY, class = IN
+
+;; ANSWERS:
+.			87357	IN	DNSKEY	257 3 8 AwEAAagAIKlVZrpC6Ia7gEzahOR+9W29euxhJhVVLOyQbSEW0O8gcCjFFVQUTf6v58fLjwBd0YI0EzrAcQqBGCzh/RStIoO8g0NfnfL2MTJRkxoXbfDaUeVPQuYEhg37NZWAJQ9VnMVDxP/VHL496M/QZxkjf5/Efucp2gaDX6RS6CXpoY68LsvPVjR0ZSwzz1apAzvN9dlzEheX7ICJBBtuA6G3LQpzW5hOA2hzCTMjJPJ8LbqF6dsV6DoBQzgul0sGIcGOYl7OyQdXfZ57relSQageu+ipAdTTJ25AsRTAoub8ONGcLmqrAmRLKBP1dfwhYB4N7knNnulqQxA+Uk1ihz0=
+.			87357	IN	DNSKEY	256 3 8 AwEAAaPD7Y7XIi1MOEREJNTrRhyqsY3gff6JWzg+XCbqut1sbcbvqyssHw8DT1AkRaAC92pO8xuyq5QEgEPL1IHfABLwpwXI5gTj4gdwi86bpkmlWs9fRpnn4DPDCTdrnxIejJXgClHikLJF3u3CdpNCMijq4CKdQbMlRZ3avv+G7rh7
+.			87357	IN	DNSKEY	256 3 8 AwEAAe3fSrbLBy3LOS7pnxEUhvPZTE2H5dIGsI/UfruI/nOEvWWa/PSX2BFedBkEqOlYdjdNF2f+6lmfk2Od/xu0v5bVqxFE+/24v3hZSlWBxvXzPTAGHrbW/IJYEPqlzVOAS4XdUgHg0N7IbLywNHMvB+Yf+Nm6ctyXXFLV4WTNnzs7
+.			87357	IN	RRSIG	DNSKEY 8 0 172800 20150115235959 20150101000000 19036 . i8cAxD2pvQi1oAyvQxRpDfFlbqPzW+69QQEsDwE1eWOm5AtawO9U7lmsGps7sy/fVNvl1ljKBj4Djp9pb3U2FLogjiIlW0cDAkPmLlG9t+b/pjEfBNlhjANUVN06pvQVAfm+LcF26EaWT6FlISBqb6jSy4BHRa3Bdc4Sx7+pRSYSqVVvYxLkfAWsKPqGkvWhebJDndJJV9syXQXgZ+v/uJ+6XOS43xkAdeL8iBzIs/FlwMTfh3tVe3d0lb65IBBLlCzeQuetX+0Vu1YFcnD0mHc/wS2ZnAV5toAFmyVQBoY/XAZiZeaOkcROJ6Zmqezy7liwK7BqsYyAZntMhk8lbg==
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 883 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 39361
+;; flags: qr rd ra cd ; qd: 1 an: 3 au: 0 ad: 1 
+;; QUESTIONS:
+;;	org., type = DS, class = IN
+
+;; ANSWERS:
+org.			1006	IN	DS	21366 7 1 E6C1716CFB6BDC84E84CE1AB5510DAC69173B5B2
+org.			1006	IN	DS	21366 7 2 96EEB2FFD9B00CD4694E78278B5EFDAB0A80446567B69F634DA078F0D90F01BA
+org.			1006	IN	RRSIG	DS 8 1 86400 20150112170000 20150105160000 16665 . TeNrVbBDgqdrbpdIweTad3yMLn+APxxlDpr717kqNgkOc8OxLFE/pFGzfSCYfc5hlMNB/nY1XhIJbWwvd26xOjwcB1rK3yo/Cfa5Pt4P+qV45QYW2JlatQVQPHtgMOf1KvUzXy4DlKzE5yHvHNGscfMOgIDeyWyDS8XwdrEIRR0=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 275 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 52936
+;; flags: qr rd ra cd ; qd: 1 an: 7 au: 0 ad: 1 
+;; QUESTIONS:
+;;	org., type = DNSKEY, class = IN
+
+;; ANSWERS:
+org.			882	IN	DNSKEY	256 3 7 AwEAAawm+6jDEf5ymhSAeQKaJrF0FTdqp4T0F1SE/KSFEcd/MUaBW0J8NyrJZXQJ0I3KpvXJSk3b0Z3X8StBpngUWOa9/iePG5WaR8Edj0JENd6Cy1R7WawrtYAfQ1AWnvGTbvf0rFa2GcMfhyNKeY8UO5TWKECE4AF4C+LlGe12TICh
+org.			882	IN	DNSKEY	257 3 7 AwEAAZTjbIO5kIpxWUtyXc8avsKyHIIZ+LjC2Dv8naO+Tz6X2fqzDC1bdq7HlZwtkaqTkMVVJ+8gE9FIreGJ4c8G1GdbjQgbP1OyYIG7OHTc4hv5T2NlyWr6k6QFz98Q4zwFIGTFVvwBhmrMDYsOTtXakK6QwHovA1+83BsUACxlidpwB0hQacbD6x+I2RCDzYuTzj64Jv0/9XsX6AYV3ebcgn4hL1jIR2eJYyXlrAoWxdzxcW//5yeL5RVWuhRxejmnSVnCuxkfS4AQ485KH2tpdbWcCopLJZs6tw8q3jWcpTGzdh/v3xdYfNpQNcPImFlxAun3BtORPA2r8ti6MNoJEHU=
+org.			882	IN	DNSKEY	256 3 7 AwEAAXTZXCkp3UaDofhKlicjaZR/XeMFVkRSXRZsYP9OBRFZB44675hHORNE+QAijMdWOQeQt1SUWGyeJ5SHPVirGVxt9wCCqOeMTx7WvImZAKuqUl9H5N3Wn6FRidaub7d76IjxKZbkAHhGSJSzRTuuHbyjtrJVGcJ18kZHELyIsqZ3
+org.			882	IN	DNSKEY	257 3 7 AwEAAYpYfj3aaRzzkxWQqMdl7YExY81NdYSv+qayuZDodnZ9IMh0bwMcYaVUdzNAbVeJ8gd6jq1sR3VvP/SR36mmGssbV4Udl5ORDtqiZP2TDNDHxEnKKTX+jWfytZeT7d3AbSzBKC0v7uZrM6M2eoJnl6id66rEUmQC2p9DrrDg9F6tXC9CD/zC7/y+BNNpiOdnM5DXk7HhZm7ra9E7ltL13h2mx7kEgU8e6npJlCoXjraIBgUDthYs48W/sdTDLu7N59rjCG+bpil+c8oZ9f7NR3qmSTpTP1m86RqUQnVErifrH8KjDqL+3wzUdF5ACkYwt1XhPVPU+wSIlzbaAQN49PU=
+org.			882	IN	RRSIG	DNSKEY 7 1 900 20150126170632 20150105160632 9795 org. b4jnXExJ1MgfUZffo8HVtxJ73qdbrustN+U6GBtgZLNEpdDgdpf9d4unRp/tqzDFoW0QuEoYOBatPCtpX3Re12/FQ+lWkfOAatcJMYMcW7kU2q86muY44W4p1BK/DxVb2zQHJ4AO7h22dH+TcM8J3WlGrlHYy/6k+emWPC7NpumCF3ctR/w26rAU4sv0lKuPvQSr9mOf3PyX29tz61lSfu4lAcymB6vh7B3D6TMkpHyobOAD67Ne59V1IgeeHXakURM8g0P0HMg87GT4GXwqo9+Aj7oWAq9D8iIIqelOLiijKys5jTzgdbOxM2vVn+l175xJybUzrJI0huJ9zKNCvg==
+org.			882	IN	RRSIG	DNSKEY 7 1 900 20150126170632 20150105160632 21366 org. Edm9U+AtUcNeh2NXrWaLbfNYSRJovpziT1YcCphKGmdluvZPQk6rQAv1Y+2JBhE9Xmb37cY07lr7XHHfYxLWyhrPkpaKCX4ogqhGRylamy5R8BptqvVFhMTRUUHnK4tHvfYXqbtKuh9H84giLWMQIE2ZzQC9UqTvAIrc4FVUVIuwrNR7k6N96yy68feZnH8wcY+/RkyxoxMhcbMxXnZl2V9XP7xUxwtkULQBL1fq7IHI4jmlNyrdLzZltEgMIgtTK5HpgKaDborfoAcGBYnXxiC5RkAwHH81LAlT/BbK9shiWAI+yDhakLsIpl5ajUcTcbRBtLBBMkY6+4nAnXlSfg==
+org.			882	IN	RRSIG	DNSKEY 7 1 900 20150126170632 20150105160632 53348 org. dAW5DYEjkxzfeM83ZCupwRh50L29jdR+dWkZYgt5GLDsYnyJDmRvjnHiHvJXVlHygvytafDMNK1MBlBODwHTBU/O7u7jLMbKvDU26bJpjm7cBJEtdUny3Bfckfr+VnxmT6UgmWLy1Cu8vuMOQS0t0fIMUs7fF2gJcD2bpcX85iY=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 1625 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 34869
+;; flags: qr rd ra cd ; qd: 1 an: 3 au: 0 ad: 1 
+;; QUESTIONS:
+;;	isc.org., type = DS, class = IN
+
+;; ANSWERS:
+isc.org.		1011	IN	DS	12892 5 1 982113D08B4C6A1D9F6AEE1E2237AEF69F3F9759
+isc.org.		1011	IN	DS	12892 5 2 F1E184C0E1D615D20EB3C223ACED3B03C773DD952D5F0EB5C777586DE18DA6B5
+isc.org.		1011	IN	RRSIG	DS 7 2 86400 20150122163315 20150101153315 53348 org. mpNwUFgIi/ahCYVkPlQuyJ+AY6BGiRaLD4cRwBIBNnaGVeR5vHNrGPrOX32mfS38tegrfNjJS4y3icwavPeubuZwGKIja8CBRGhzzFj6JZgydRJpJ+lkKws6+vDhjQ3A8+VerV0TNs8IWXSBa+Vl4Gv+0bX5NlM4RF/7Kyd7lJA=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 283 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 53707
+;; flags: qr rd ra cd ; qd: 1 an: 4 au: 0 ad: 1 
+;; QUESTIONS:
+;;	isc.org., type = DNSKEY, class = IN
+
+;; ANSWERS:
+isc.org.		7184	IN	DNSKEY	256 3 5 AwEAAbJpDF4RemdHHE/HrJJhR3zpzAQ6zsHqFv0i4lCWTUf4sX+cq3vSu7fKO4QJtm97S1sbcnmHonVE3QPzLOsqsY630Wy5JzrPK3gUvQLgfIsovo2v+dosITL8WbvjU1mEXhIwfuuBhYmYSKySZ0X9gpHGhdxRd+J8M7riPfN7kHLP
+isc.org.		7184	IN	DNSKEY	257 3 5 BEAAAAOhHQDBrhQbtphgq2wQUpEQ5t4DtUHxoMVFu2hWLDMvoOMRXjGrhhCeFvAZih7yJHf8ZGfW6hd38hXG/xylYCO6Krpbdojwx8YMXLA5/kA+u50WIL8ZR1R6KTbsYVMf/Qx5RiNbPClw+vT+U8eXEJmO20jIS1ULgqy347cBB1zMnnz/4LJpA0da9CbKj3A254T515sNIMcwsB8/2+2E63/zZrQzBkj0BrN/9Bexjpiks3jRhZatEsXn3dTy47R09Uix5WcJt+xzqZ7+ysyLKOOedS39Z7SDmsn2eA0FKtQpwA6LXeG2w+jxmw3oA8lVUgEf/rzeC/bByBNsO70aEFTd
+isc.org.		7184	IN	RRSIG	DNSKEY 5 2 7200 20150204230128 20150105230128 4521 isc.org. F7Lm/p8NrLlHT1rzV09lYxakAu7fGcY9sRnZ2uLlq9d3SpXIXGUuudPg61sd1GdqrRRKiRwfXvNsmvpNL2t8B1/k3gpNUT9V/+SBkI99PKNSkXijVToCebFkCIjqgyjPXkXXFB28E8ZhUDjjYp1LAVMGsfBEnaw7NeHg4MQ3v10=
+isc.org.		7184	IN	RRSIG	DNSKEY 5 2 7200 20150204230128 20150105230128 12892 isc.org. KFk6zXeVu/lULIjwpu5pzRonoksbZMC0Y0qr5K7SpzZK0P/pG4iEzDdSVHA8st+QxNxQ7O4aypeo2jxiJT61OfRzUhjKwopTPVRiiREDV7DFU/fEkgCYXWPlOP7w/An0NzIPc5OLxCDovQefKKgrJaA0hjrd+bTeINgLGdmra+b4FCgYusIZ9Cp+iNs/dByc6cGexce0a0JCyu/vBLnjzo0byjckZm/iiL4BPwtqlaV+NyXFgjucAoqegpSoUpAz1ozCNz9CcJ4yfA9HpWdiWLpYdO3hMt8kHJbk2DxJNkkLRdOP6ZES+3RBUgMgo0FnIYCrVC8QYYQGTO8f2cdfBw==
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 923 bytes
+
+###############################################
+
diff --git a/src/test/resources/recordings/org_xbill_DNS_dnssec_TestDNames/testDNameWithTooLongCnameIsInvalid b/src/test/resources/recordings/org_xbill_DNS_dnssec_TestDNames/testDNameWithTooLongCnameIsInvalid
new file mode 100644
index 000000000..efe469e21
--- /dev/null
+++ b/src/test/resources/recordings/org_xbill_DNS_dnssec_TestDNames/testDNameWithTooLongCnameIsInvalid
@@ -0,0 +1,356 @@
+#Date: 2015-01-06T22:35:17+01:00
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 59527
+;; flags: qr aa rd ra cd ; qd: 1 an: 5 au: 2 ad: 3 
+;; QUESTIONS:
+;;	www.n3.ingotronic.ch., type = A, class = IN
+
+;; ANSWERS:
+n3.ingotronic.ch.	300	IN	DNAME	nsec3.ingotronic.ch.
+n3.ingotronic.ch.	300	IN	RRSIG	DNAME 5 3 300 20150125005754 20141226001054 17430 ingotronic.ch. Ww/ymB77saHhLbwoTg5cVq5O/hr0Iqbutn/L/JJUUNeeS1ZTTmTaL93mfVKllO2p23j0hWg7aVLvGnKIfk8+FYQH6YVFoqVActac0vuTwCuJSX5EdeV5OhevQXCIoGcI93lt3WN29C9FYI1/o5z8vk9iZtw1kJ+tOrUcSKlgfiU=
+www.n3.ingotronic.ch.	300	IN	CNAME	www.nsec3.ingotronic.ch.
+www.nsec3.ingotronic.ch.	300	IN	A	127.0.0.1
+www.nsec3.ingotronic.ch.	300	IN	RRSIG	A 7 4 300 20150125011553 20141226004758 62417 nsec3.ingotronic.ch. jQhCY33aj9YTcCTHgl71PhM02o2LL6tdTy5M8TQw/Kt8D7wHxjVpu75eT9XEaM3abIqvygero5hCxyPW6IfF+FKmdx3MNigQiaB2sKu2XDNmFMbaucmVAWDRDMRY1BFavjz316JSb0rXX3XcS/ixbj9+jAm9lCXROcuzmOPB7vw=
+
+;; AUTHORITY RECORDS:
+nsec3.ingotronic.ch.	300	IN	NS	ns1.ingotronic.ch.
+nsec3.ingotronic.ch.	300	IN	RRSIG	NS 7 3 300 20150125010458 20141226002309 62417 nsec3.ingotronic.ch. fl2Q0YQQ1TduolGLyQx8vGqSApoBbb6A+go5SLFBYQobrPfO/rb+SM8JvnlzNX/Xa7dRhDYrnfBTFUm1mCur9aIi34gu5UwDNQvt/GXY5dC3+DEy/28bTZ43UuCs+qGH9u9leFwGX4neFNl0s5B4RpxBN4is8dXMUvOda6QcsOw=
+
+;; ADDITIONAL RECORDS:
+ns1.ingotronic.ch.	300	IN	A	62.192.5.131
+ns1.ingotronic.ch.	300	IN	RRSIG	A 5 3 300 20150125005754 20141226001054 17430 ingotronic.ch. fNG1RZM53pXwBxruHNaSZszxVzNLoCq8VZsTjAzYH2vSLzHXYVGJFTLIeY0K9APAdyJU8WuwmABmn7XY0Kg39kRG77uoFlqUws2PdTz2QKOwJGZY7W88Ak2Y9lkDBcK8o3wJHVptrT8R7p/1U7UfjF0kqPUkakk2B0EbFWdagFg=
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 854 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 35467
+;; flags: qr rd ra ad cd ; qd: 1 an: 4 au: 0 ad: 1 
+;; QUESTIONS:
+;;	., type = DNSKEY, class = IN
+
+;; ANSWERS:
+.			87357	IN	DNSKEY	256 3 8 AwEAAaPD7Y7XIi1MOEREJNTrRhyqsY3gff6JWzg+XCbqut1sbcbvqyssHw8DT1AkRaAC92pO8xuyq5QEgEPL1IHfABLwpwXI5gTj4gdwi86bpkmlWs9fRpnn4DPDCTdrnxIejJXgClHikLJF3u3CdpNCMijq4CKdQbMlRZ3avv+G7rh7
+.			87357	IN	DNSKEY	257 3 8 AwEAAagAIKlVZrpC6Ia7gEzahOR+9W29euxhJhVVLOyQbSEW0O8gcCjFFVQUTf6v58fLjwBd0YI0EzrAcQqBGCzh/RStIoO8g0NfnfL2MTJRkxoXbfDaUeVPQuYEhg37NZWAJQ9VnMVDxP/VHL496M/QZxkjf5/Efucp2gaDX6RS6CXpoY68LsvPVjR0ZSwzz1apAzvN9dlzEheX7ICJBBtuA6G3LQpzW5hOA2hzCTMjJPJ8LbqF6dsV6DoBQzgul0sGIcGOYl7OyQdXfZ57relSQageu+ipAdTTJ25AsRTAoub8ONGcLmqrAmRLKBP1dfwhYB4N7knNnulqQxA+Uk1ihz0=
+.			87357	IN	DNSKEY	256 3 8 AwEAAe3fSrbLBy3LOS7pnxEUhvPZTE2H5dIGsI/UfruI/nOEvWWa/PSX2BFedBkEqOlYdjdNF2f+6lmfk2Od/xu0v5bVqxFE+/24v3hZSlWBxvXzPTAGHrbW/IJYEPqlzVOAS4XdUgHg0N7IbLywNHMvB+Yf+Nm6ctyXXFLV4WTNnzs7
+.			87357	IN	RRSIG	DNSKEY 8 0 172800 20150115235959 20150101000000 19036 . i8cAxD2pvQi1oAyvQxRpDfFlbqPzW+69QQEsDwE1eWOm5AtawO9U7lmsGps7sy/fVNvl1ljKBj4Djp9pb3U2FLogjiIlW0cDAkPmLlG9t+b/pjEfBNlhjANUVN06pvQVAfm+LcF26EaWT6FlISBqb6jSy4BHRa3Bdc4Sx7+pRSYSqVVvYxLkfAWsKPqGkvWhebJDndJJV9syXQXgZ+v/uJ+6XOS43xkAdeL8iBzIs/FlwMTfh3tVe3d0lb65IBBLlCzeQuetX+0Vu1YFcnD0mHc/wS2ZnAV5toAFmyVQBoY/XAZiZeaOkcROJ6Zmqezy7liwK7BqsYyAZntMhk8lbg==
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 883 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 47591
+;; flags: qr rd ra ad cd ; qd: 1 an: 2 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ch., type = DS, class = IN
+
+;; ANSWERS:
+ch.			957	IN	DS	46375 8 2 8F96646FC68BB7E4AF4C0750A6096FBC0D4ECDA3D3FA6DA06FDDB42EE50C6CF3
+ch.			957	IN	RRSIG	DS 8 1 86400 20150112170000 20150105160000 16665 . thY7xYWBBxiBjqbQIb9fAG4TmQgnziwM7q6P1T3/ITxmECdvOCQnnZA3uD7qmN8uM0HudsD7+y+zgD3rsH4RSTKdL4kHSI0OnCxToMTvklghEgFDezqIRm8NkWdI2H4Stwrj20nYKSpLQxPI2EE54gs18P3KyO8bAUYv8Qx73xU=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 238 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 49208
+;; flags: qr rd ra ad cd ; qd: 1 an: 4 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ch., type = DNSKEY, class = IN
+
+;; ANSWERS:
+ch.			958	IN	DNSKEY	256 3 8 AwEAAcSLdT0fEmcFmLpeUkAJoeVaHKiu+nbuc43fWlqaCRVf8t2HA4uWxOk0O5ci9nrFTc8nq8oa5fk5Cj7CHh4yrX9qUCfTdIWTyp8BDEdJpS+Dyb0u9wQuVj+nQMj4fLzdQf4TJs3/qxuiLr3nL1UUwlhhXeqSqGVb7p3mtB5HJ8ad
+ch.			958	IN	DNSKEY	256 3 8 AwEAAcsg0kY6fw1wzYMhSAKTy+Y2JzAst66P/1odp9NECJJHbU8f4nwziI3onoFSBV0ZiSZhY1aH5dhdDZ7BkrqhVXSrZPAz0CvzjIxmB1gSOf9DeZvjQvoy97HqYolxsf+B3QQv2RKBT67elF5+JisKg3/dQISelKn8LhabSoVrMlD1
+ch.			958	IN	DNSKEY	257 3 8 AwEAAb7GhhZ8IAy/AhwmSms5DeQK5ad09wIIplEpYoiAIYXPtJvT1ReFzyfTp/2YP+g/PWDwHPh4qKAHa9x0VgbIQcGAeNakmfkAdWEmCnca323/SAml3mwfaX62G7/uYWae5zh8QTxZKNd+K1yZ5x0IxnI31chSl5xymRbTEHYZDKwSIRFM3fTxUMt93WFaBVWELReYotJBr++rvAWdnlay5TPBTvheLBkaiqtgM4GP8HK07Y+86lsZnEsj5K3G1KTV5SPpa82rqYAwxG9VKbmSE/6/kBR5jJHjt1rRt5Oe7v18aEtw0YCEN4vxq+KuvMoNVqXUsE9LBwHJD+QNwi6wmB0=
+ch.			958	IN	RRSIG	DNSKEY 8 1 86400 20150127100909 20141212090909 46375 ch. bT8q0FWyeMH0SulNo6UdIIgZYNATwYsee2bikq2Gh339Bufma8eaqWIPYT3XKmxYPBFOw0bVl+kLZxTwbR1CFoCDXoP+qgQhh4mf9qkNiv2CDSc+0FE3FRREn+DAhYTUEuB58FPiPakFB8s8O7T+k2qhDae7jy4/y7Jl1lnjaBY8s7bzOUPhF0KKCNZmvoKwtL23ZdVeTSV1xM3jkiNnpzBKbcoSWECSGJVp1SE0BnRXdwQP41YTXFZ0310YjaTAUCC5qbMIWdEkHjfdSQtKBImnc85mkapq9w++XQ4zhauPWBtrPV3CcoCahjUaWdjrKVkibomlJZaN8MEO23CfQw==
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 893 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 58278
+;; flags: qr rd ra cd ; qd: 1 an: 3 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ingotronic.ch., type = DS, class = IN
+
+;; ANSWERS:
+ingotronic.ch.		3565	IN	DS	6031 5 1 733D0218B571CD617B1A7493564B9FC4F12ADE82
+ingotronic.ch.		3565	IN	DS	6031 5 2 4A948F2FDADA24686E473EDAC00DCF972584C75E3FAA92C2021B6221449FF87E
+ingotronic.ch.		3565	IN	RRSIG	DS 8 2 3600 20150129033614 20150105123019 60789 ch. rVPJP2HhzW7OkroK2axFj5Lb4iVWCH8Fp/Iq1rF952NDo72b8RiKje2RaAKJAGQ+wd0YgE+PAej04GCmkhlDJA/zvPeeTxuhy3HbJzReMlQ7fjyH+wW1hli+FuIYvogXWf7nO/9VyPORt8X/f/pjrOr3Vlj9sGLN8TGYpEuVSw4=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 288 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 13703
+;; flags: qr aa rd ra cd ; qd: 1 an: 4 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ingotronic.ch., type = DNSKEY, class = IN
+
+;; ANSWERS:
+ingotronic.ch.		300	IN	DNSKEY	256 3 5 AwEAAZ2Xh77GFzpEDx7EHYxShqltHgkiG+BOjBGifEmnJhQSdE5/yNSLFNcdhZZ8HUPxYnaedTqJcFFg4AzUsQklF/fECegTJdZjaj2WoL0/I8K7HMfY/hVuRZUWPNglYi8agJRX6gdkFTCpUNI7stpgKqxtzUJhhw15uG/lKMplwqUr
+ingotronic.ch.		300	IN	DNSKEY	257 3 5 AwEAAeA1vzmjaB+eBAcvhzpKEgAEFpvQ1rg4uKDW6MsQtacKoqBpgyep2+LuWotz5p/xYxj3NGsArwN8Ad5cY0FHRr8miTT0elOv6nvlqGIfRuhj/BXAQ1x4ihpSFslHw0lJMYFwxsUZWpUyjWX/nv1xRZMMwF46gui0N4OEbyTYusCk77D+A71k+K0EAitFIbIH4GCUKmH1H7HmXhSVH9bN/n7KEGwW32lmsuuUcJoRKDkcUvbMXY/9Xoa2quERrUg/rBbDUHowRPjYDS5GzY1+f4YY8s40BufGiqyUTKKXL953MVFK8gmezXA0hbmrnZ7CBOw/7238mORAdzExaX8n7CE=
+ingotronic.ch.		300	IN	RRSIG	DNSKEY 5 2 300 20150125003700 20141226001657 6031 ingotronic.ch. rs1QlP2SlSpA2ELbzwg3DgWLzXWL3Lpv6CUJE2Q0qH2Zp7Qdy3cD+ZEtNh9v24Qv1M6JJ3zFt8mmZoCeW2ycuMbJCqBkW9CBuwF+VznZvZY2MxwPipvhvEEGP//0M8YAZJ66yQPDv3PTdAP8FYbIrJyvY44vwyncwbslpfHT9jAsrbfr3vuMuWps86dnP462q+0s1TxBfqi8mzo3gdavjHKWVNwohLahLKT+tWeu6DSzQv0YwMjwtkLgF7QRgx3ctIIkloOrnx9nHH1N6y+hxEB89fOlyVDjHhgL5uVtsD5fEdT0FJ2Gc/2nShEMMqIwr1/J9kUq1mNySff/uEe65Q==
+ingotronic.ch.		300	IN	RRSIG	DNSKEY 5 2 300 20150125003700 20141226001657 17430 ingotronic.ch. mEwZjhQqeWksWD0TCnNBrtce4YkWJL3edqL6PvAUu8Fn+Ih437kEs3+pqdkgRsdYQ9HW+lBm/8pWwJlNAv0bi9NykItXMwAUFtncgq+6Pnh3iAM972GXSa5VV4LcGQ5b8CBdHCHiEKDqyPv5Hr5QfYL/FQaWlcNRh4QZZlZNPFA=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 940 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 35066
+;; flags: qr rd ra ad cd ; qd: 1 an: 4 au: 0 ad: 1 
+;; QUESTIONS:
+;;	., type = DNSKEY, class = IN
+
+;; ANSWERS:
+.			87356	IN	DNSKEY	257 3 8 AwEAAagAIKlVZrpC6Ia7gEzahOR+9W29euxhJhVVLOyQbSEW0O8gcCjFFVQUTf6v58fLjwBd0YI0EzrAcQqBGCzh/RStIoO8g0NfnfL2MTJRkxoXbfDaUeVPQuYEhg37NZWAJQ9VnMVDxP/VHL496M/QZxkjf5/Efucp2gaDX6RS6CXpoY68LsvPVjR0ZSwzz1apAzvN9dlzEheX7ICJBBtuA6G3LQpzW5hOA2hzCTMjJPJ8LbqF6dsV6DoBQzgul0sGIcGOYl7OyQdXfZ57relSQageu+ipAdTTJ25AsRTAoub8ONGcLmqrAmRLKBP1dfwhYB4N7knNnulqQxA+Uk1ihz0=
+.			87356	IN	DNSKEY	256 3 8 AwEAAe3fSrbLBy3LOS7pnxEUhvPZTE2H5dIGsI/UfruI/nOEvWWa/PSX2BFedBkEqOlYdjdNF2f+6lmfk2Od/xu0v5bVqxFE+/24v3hZSlWBxvXzPTAGHrbW/IJYEPqlzVOAS4XdUgHg0N7IbLywNHMvB+Yf+Nm6ctyXXFLV4WTNnzs7
+.			87356	IN	DNSKEY	256 3 8 AwEAAaPD7Y7XIi1MOEREJNTrRhyqsY3gff6JWzg+XCbqut1sbcbvqyssHw8DT1AkRaAC92pO8xuyq5QEgEPL1IHfABLwpwXI5gTj4gdwi86bpkmlWs9fRpnn4DPDCTdrnxIejJXgClHikLJF3u3CdpNCMijq4CKdQbMlRZ3avv+G7rh7
+.			87356	IN	RRSIG	DNSKEY 8 0 172800 20150115235959 20150101000000 19036 . i8cAxD2pvQi1oAyvQxRpDfFlbqPzW+69QQEsDwE1eWOm5AtawO9U7lmsGps7sy/fVNvl1ljKBj4Djp9pb3U2FLogjiIlW0cDAkPmLlG9t+b/pjEfBNlhjANUVN06pvQVAfm+LcF26EaWT6FlISBqb6jSy4BHRa3Bdc4Sx7+pRSYSqVVvYxLkfAWsKPqGkvWhebJDndJJV9syXQXgZ+v/uJ+6XOS43xkAdeL8iBzIs/FlwMTfh3tVe3d0lb65IBBLlCzeQuetX+0Vu1YFcnD0mHc/wS2ZnAV5toAFmyVQBoY/XAZiZeaOkcROJ6Zmqezy7liwK7BqsYyAZntMhk8lbg==
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 883 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 18452
+;; flags: qr rd ra ad cd ; qd: 1 an: 2 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ch., type = DS, class = IN
+
+;; ANSWERS:
+ch.			956	IN	DS	46375 8 2 8F96646FC68BB7E4AF4C0750A6096FBC0D4ECDA3D3FA6DA06FDDB42EE50C6CF3
+ch.			956	IN	RRSIG	DS 8 1 86400 20150112170000 20150105160000 16665 . thY7xYWBBxiBjqbQIb9fAG4TmQgnziwM7q6P1T3/ITxmECdvOCQnnZA3uD7qmN8uM0HudsD7+y+zgD3rsH4RSTKdL4kHSI0OnCxToMTvklghEgFDezqIRm8NkWdI2H4Stwrj20nYKSpLQxPI2EE54gs18P3KyO8bAUYv8Qx73xU=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 238 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 38903
+;; flags: qr rd ra ad cd ; qd: 1 an: 4 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ch., type = DNSKEY, class = IN
+
+;; ANSWERS:
+ch.			957	IN	DNSKEY	256 3 8 AwEAAcSLdT0fEmcFmLpeUkAJoeVaHKiu+nbuc43fWlqaCRVf8t2HA4uWxOk0O5ci9nrFTc8nq8oa5fk5Cj7CHh4yrX9qUCfTdIWTyp8BDEdJpS+Dyb0u9wQuVj+nQMj4fLzdQf4TJs3/qxuiLr3nL1UUwlhhXeqSqGVb7p3mtB5HJ8ad
+ch.			957	IN	DNSKEY	257 3 8 AwEAAb7GhhZ8IAy/AhwmSms5DeQK5ad09wIIplEpYoiAIYXPtJvT1ReFzyfTp/2YP+g/PWDwHPh4qKAHa9x0VgbIQcGAeNakmfkAdWEmCnca323/SAml3mwfaX62G7/uYWae5zh8QTxZKNd+K1yZ5x0IxnI31chSl5xymRbTEHYZDKwSIRFM3fTxUMt93WFaBVWELReYotJBr++rvAWdnlay5TPBTvheLBkaiqtgM4GP8HK07Y+86lsZnEsj5K3G1KTV5SPpa82rqYAwxG9VKbmSE/6/kBR5jJHjt1rRt5Oe7v18aEtw0YCEN4vxq+KuvMoNVqXUsE9LBwHJD+QNwi6wmB0=
+ch.			957	IN	DNSKEY	256 3 8 AwEAAcsg0kY6fw1wzYMhSAKTy+Y2JzAst66P/1odp9NECJJHbU8f4nwziI3onoFSBV0ZiSZhY1aH5dhdDZ7BkrqhVXSrZPAz0CvzjIxmB1gSOf9DeZvjQvoy97HqYolxsf+B3QQv2RKBT67elF5+JisKg3/dQISelKn8LhabSoVrMlD1
+ch.			957	IN	RRSIG	DNSKEY 8 1 86400 20150127100909 20141212090909 46375 ch. bT8q0FWyeMH0SulNo6UdIIgZYNATwYsee2bikq2Gh339Bufma8eaqWIPYT3XKmxYPBFOw0bVl+kLZxTwbR1CFoCDXoP+qgQhh4mf9qkNiv2CDSc+0FE3FRREn+DAhYTUEuB58FPiPakFB8s8O7T+k2qhDae7jy4/y7Jl1lnjaBY8s7bzOUPhF0KKCNZmvoKwtL23ZdVeTSV1xM3jkiNnpzBKbcoSWECSGJVp1SE0BnRXdwQP41YTXFZ0310YjaTAUCC5qbMIWdEkHjfdSQtKBImnc85mkapq9w++XQ4zhauPWBtrPV3CcoCahjUaWdjrKVkibomlJZaN8MEO23CfQw==
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 893 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 3695
+;; flags: qr rd ra cd ; qd: 1 an: 3 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ingotronic.ch., type = DS, class = IN
+
+;; ANSWERS:
+ingotronic.ch.		3565	IN	DS	6031 5 1 733D0218B571CD617B1A7493564B9FC4F12ADE82
+ingotronic.ch.		3565	IN	DS	6031 5 2 4A948F2FDADA24686E473EDAC00DCF972584C75E3FAA92C2021B6221449FF87E
+ingotronic.ch.		3565	IN	RRSIG	DS 8 2 3600 20150129033614 20150105123019 60789 ch. rVPJP2HhzW7OkroK2axFj5Lb4iVWCH8Fp/Iq1rF952NDo72b8RiKje2RaAKJAGQ+wd0YgE+PAej04GCmkhlDJA/zvPeeTxuhy3HbJzReMlQ7fjyH+wW1hli+FuIYvogXWf7nO/9VyPORt8X/f/pjrOr3Vlj9sGLN8TGYpEuVSw4=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 288 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 60056
+;; flags: qr aa rd ra cd ; qd: 1 an: 4 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ingotronic.ch., type = DNSKEY, class = IN
+
+;; ANSWERS:
+ingotronic.ch.		300	IN	DNSKEY	257 3 5 AwEAAeA1vzmjaB+eBAcvhzpKEgAEFpvQ1rg4uKDW6MsQtacKoqBpgyep2+LuWotz5p/xYxj3NGsArwN8Ad5cY0FHRr8miTT0elOv6nvlqGIfRuhj/BXAQ1x4ihpSFslHw0lJMYFwxsUZWpUyjWX/nv1xRZMMwF46gui0N4OEbyTYusCk77D+A71k+K0EAitFIbIH4GCUKmH1H7HmXhSVH9bN/n7KEGwW32lmsuuUcJoRKDkcUvbMXY/9Xoa2quERrUg/rBbDUHowRPjYDS5GzY1+f4YY8s40BufGiqyUTKKXL953MVFK8gmezXA0hbmrnZ7CBOw/7238mORAdzExaX8n7CE=
+ingotronic.ch.		300	IN	DNSKEY	256 3 5 AwEAAZ2Xh77GFzpEDx7EHYxShqltHgkiG+BOjBGifEmnJhQSdE5/yNSLFNcdhZZ8HUPxYnaedTqJcFFg4AzUsQklF/fECegTJdZjaj2WoL0/I8K7HMfY/hVuRZUWPNglYi8agJRX6gdkFTCpUNI7stpgKqxtzUJhhw15uG/lKMplwqUr
+ingotronic.ch.		300	IN	RRSIG	DNSKEY 5 2 300 20150125003700 20141226001657 6031 ingotronic.ch. rs1QlP2SlSpA2ELbzwg3DgWLzXWL3Lpv6CUJE2Q0qH2Zp7Qdy3cD+ZEtNh9v24Qv1M6JJ3zFt8mmZoCeW2ycuMbJCqBkW9CBuwF+VznZvZY2MxwPipvhvEEGP//0M8YAZJ66yQPDv3PTdAP8FYbIrJyvY44vwyncwbslpfHT9jAsrbfr3vuMuWps86dnP462q+0s1TxBfqi8mzo3gdavjHKWVNwohLahLKT+tWeu6DSzQv0YwMjwtkLgF7QRgx3ctIIkloOrnx9nHH1N6y+hxEB89fOlyVDjHhgL5uVtsD5fEdT0FJ2Gc/2nShEMMqIwr1/J9kUq1mNySff/uEe65Q==
+ingotronic.ch.		300	IN	RRSIG	DNSKEY 5 2 300 20150125003700 20141226001657 17430 ingotronic.ch. mEwZjhQqeWksWD0TCnNBrtce4YkWJL3edqL6PvAUu8Fn+Ih437kEs3+pqdkgRsdYQ9HW+lBm/8pWwJlNAv0bi9NykItXMwAUFtncgq+6Pnh3iAM972GXSa5VV4LcGQ5b8CBdHCHiEKDqyPv5Hr5QfYL/FQaWlcNRh4QZZlZNPFA=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 940 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 6716
+;; flags: qr aa rd ra cd ; qd: 1 an: 3 au: 0 ad: 1 
+;; QUESTIONS:
+;;	nsec3.ingotronic.ch., type = DS, class = IN
+
+;; ANSWERS:
+nsec3.ingotronic.ch.	300	IN	DS	16758 7 1 1720FF268E09A2CB63805EC8782D10AAD20E12A5
+nsec3.ingotronic.ch.	300	IN	DS	16758 7 2 3C8DC02750A1636F829B45D6E6D642866768A9CD40A013AD9D25AB63734FFA13
+nsec3.ingotronic.ch.	300	IN	RRSIG	DS 5 3 300 20150125011134 20141226002644 17430 ingotronic.ch. hNurzlGhlyHbSgezPDuhIrtN9ZMsMXZbKGc7HD5rUuM88wD3fM97NxdzF+2Hi1USvBZ5GsQv63L+lAzf+mFPBoPIFHtTiAv8up7kQKRKmi/EzzkCYd/CC4UYdDZbaUyv7esh7spSOGwjPJNdK831p+MgltoWaYtnSGVMgOKk5mc=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 305 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 4224
+;; flags: qr aa rd ra cd ; qd: 1 an: 4 au: 0 ad: 1 
+;; QUESTIONS:
+;;	nsec3.ingotronic.ch., type = DNSKEY, class = IN
+
+;; ANSWERS:
+nsec3.ingotronic.ch.	300	IN	DNSKEY	256 3 7 AwEAAccAWxkTVGZ6UAp0VEozAlYpARhbh6Y6tYOl6Fg3UeBNFFtDQ9fTEEt1NkbnR9u8KkpVN6a67avlYiUN1egDqEwzDU7R1Rw+/USdhm2hqOARmmu3DBgjjX/iXjZLyv310cOGFJZ/smcodlDL4pDAAoPxh/qs6KEBaT0sc1KWcGq3
+nsec3.ingotronic.ch.	300	IN	DNSKEY	257 3 7 AwEAAaBuJTf9oGyeTH3biUkAFLrsYrkodX1H7Snsui4XsDHFCBvs5XYacHbs0Jg0/O51KPjmNnjwMW8SSyDkKqYQ+9uYAf2EQ/pnD/VGQqnV2cw0Vwk/t0E2V4FUCju4pnAoyzZFZXGs1eWbX9JXu++b0Azp+ACq6485qJLzHhWDiIrPoK/SvdbFVRK4s+nPPJLH3NGBbtdz6kPq7aFWYBMoGeAZdN1wsQpcNWUo5eOmaJY53nMc7+rDpAyYlMe/FKwSZdX2ZDd63Qsa6Im4FVUJq/nWLq7tlQ/mWks15uDTQyJy/OWfA0ICCO4N9Fel9rThJNpJWEzOCblvZyBoy405kZk=
+nsec3.ingotronic.ch.	300	IN	RRSIG	DNSKEY 7 3 300 20150125001457 20141226000444 16758 nsec3.ingotronic.ch. mXi1ylDi8XkRPup+YlT8GPdYE+P7gb6+/VdAwtodI916IzrkGkOHOTLbnrbAqqJOh0HxVCYXdxovmEcbJKUFKwplrQg3XD7/9Sq4pKU1MhMFEGrm/QPkM4u0mgjQwyToDLGuPHuFyur3FSjO/n54uGhAEft9JOFk/WKtWdCnm2LLyQrpC6herA3efFaI8kZhdoEY02AwihWVJxHasmz7lOoKRgNrkfELU+fN4+V7ISsRfJMyZc6q5PuNeG6vFD0uNE8tpdLJCSMurKYVpelvYqzFIcRTYcIjXwmS+L3DGjupqWMzFZVmpQM62JG3KCCD0ffpnNb0nWoSoHwpSeh/3Q==
+nsec3.ingotronic.ch.	300	IN	RRSIG	DNSKEY 7 3 300 20150125001457 20141226000444 62417 nsec3.ingotronic.ch. PyCrf8T5dAfJzapb1p+kcTALPjDuD2niSaXXo0KeHAunT+6gJicLML2S/ZpiYr7X7Ma4Z0TYqE02qH6pcLYNnSgv9BE8sZO0nRtPekSyTy5nLi4hFADYhjb3UjaB85qmQZcqm64vC/CJhWO4t6Eixg/5MYALw+Qdy5Fo0qy/U5E=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 958 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 7930
+;; flags: qr rd ra ad cd ; qd: 1 an: 4 au: 0 ad: 1 
+;; QUESTIONS:
+;;	., type = DNSKEY, class = IN
+
+;; ANSWERS:
+.			87356	IN	DNSKEY	257 3 8 AwEAAagAIKlVZrpC6Ia7gEzahOR+9W29euxhJhVVLOyQbSEW0O8gcCjFFVQUTf6v58fLjwBd0YI0EzrAcQqBGCzh/RStIoO8g0NfnfL2MTJRkxoXbfDaUeVPQuYEhg37NZWAJQ9VnMVDxP/VHL496M/QZxkjf5/Efucp2gaDX6RS6CXpoY68LsvPVjR0ZSwzz1apAzvN9dlzEheX7ICJBBtuA6G3LQpzW5hOA2hzCTMjJPJ8LbqF6dsV6DoBQzgul0sGIcGOYl7OyQdXfZ57relSQageu+ipAdTTJ25AsRTAoub8ONGcLmqrAmRLKBP1dfwhYB4N7knNnulqQxA+Uk1ihz0=
+.			87356	IN	DNSKEY	256 3 8 AwEAAe3fSrbLBy3LOS7pnxEUhvPZTE2H5dIGsI/UfruI/nOEvWWa/PSX2BFedBkEqOlYdjdNF2f+6lmfk2Od/xu0v5bVqxFE+/24v3hZSlWBxvXzPTAGHrbW/IJYEPqlzVOAS4XdUgHg0N7IbLywNHMvB+Yf+Nm6ctyXXFLV4WTNnzs7
+.			87356	IN	DNSKEY	256 3 8 AwEAAaPD7Y7XIi1MOEREJNTrRhyqsY3gff6JWzg+XCbqut1sbcbvqyssHw8DT1AkRaAC92pO8xuyq5QEgEPL1IHfABLwpwXI5gTj4gdwi86bpkmlWs9fRpnn4DPDCTdrnxIejJXgClHikLJF3u3CdpNCMijq4CKdQbMlRZ3avv+G7rh7
+.			87356	IN	RRSIG	DNSKEY 8 0 172800 20150115235959 20150101000000 19036 . i8cAxD2pvQi1oAyvQxRpDfFlbqPzW+69QQEsDwE1eWOm5AtawO9U7lmsGps7sy/fVNvl1ljKBj4Djp9pb3U2FLogjiIlW0cDAkPmLlG9t+b/pjEfBNlhjANUVN06pvQVAfm+LcF26EaWT6FlISBqb6jSy4BHRa3Bdc4Sx7+pRSYSqVVvYxLkfAWsKPqGkvWhebJDndJJV9syXQXgZ+v/uJ+6XOS43xkAdeL8iBzIs/FlwMTfh3tVe3d0lb65IBBLlCzeQuetX+0Vu1YFcnD0mHc/wS2ZnAV5toAFmyVQBoY/XAZiZeaOkcROJ6Zmqezy7liwK7BqsYyAZntMhk8lbg==
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 883 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 16079
+;; flags: qr rd ra ad cd ; qd: 1 an: 2 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ch., type = DS, class = IN
+
+;; ANSWERS:
+ch.			956	IN	DS	46375 8 2 8F96646FC68BB7E4AF4C0750A6096FBC0D4ECDA3D3FA6DA06FDDB42EE50C6CF3
+ch.			956	IN	RRSIG	DS 8 1 86400 20150112170000 20150105160000 16665 . thY7xYWBBxiBjqbQIb9fAG4TmQgnziwM7q6P1T3/ITxmECdvOCQnnZA3uD7qmN8uM0HudsD7+y+zgD3rsH4RSTKdL4kHSI0OnCxToMTvklghEgFDezqIRm8NkWdI2H4Stwrj20nYKSpLQxPI2EE54gs18P3KyO8bAUYv8Qx73xU=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 238 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 33342
+;; flags: qr rd ra ad cd ; qd: 1 an: 4 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ch., type = DNSKEY, class = IN
+
+;; ANSWERS:
+ch.			957	IN	DNSKEY	256 3 8 AwEAAcsg0kY6fw1wzYMhSAKTy+Y2JzAst66P/1odp9NECJJHbU8f4nwziI3onoFSBV0ZiSZhY1aH5dhdDZ7BkrqhVXSrZPAz0CvzjIxmB1gSOf9DeZvjQvoy97HqYolxsf+B3QQv2RKBT67elF5+JisKg3/dQISelKn8LhabSoVrMlD1
+ch.			957	IN	DNSKEY	257 3 8 AwEAAb7GhhZ8IAy/AhwmSms5DeQK5ad09wIIplEpYoiAIYXPtJvT1ReFzyfTp/2YP+g/PWDwHPh4qKAHa9x0VgbIQcGAeNakmfkAdWEmCnca323/SAml3mwfaX62G7/uYWae5zh8QTxZKNd+K1yZ5x0IxnI31chSl5xymRbTEHYZDKwSIRFM3fTxUMt93WFaBVWELReYotJBr++rvAWdnlay5TPBTvheLBkaiqtgM4GP8HK07Y+86lsZnEsj5K3G1KTV5SPpa82rqYAwxG9VKbmSE/6/kBR5jJHjt1rRt5Oe7v18aEtw0YCEN4vxq+KuvMoNVqXUsE9LBwHJD+QNwi6wmB0=
+ch.			957	IN	DNSKEY	256 3 8 AwEAAcSLdT0fEmcFmLpeUkAJoeVaHKiu+nbuc43fWlqaCRVf8t2HA4uWxOk0O5ci9nrFTc8nq8oa5fk5Cj7CHh4yrX9qUCfTdIWTyp8BDEdJpS+Dyb0u9wQuVj+nQMj4fLzdQf4TJs3/qxuiLr3nL1UUwlhhXeqSqGVb7p3mtB5HJ8ad
+ch.			957	IN	RRSIG	DNSKEY 8 1 86400 20150127100909 20141212090909 46375 ch. bT8q0FWyeMH0SulNo6UdIIgZYNATwYsee2bikq2Gh339Bufma8eaqWIPYT3XKmxYPBFOw0bVl+kLZxTwbR1CFoCDXoP+qgQhh4mf9qkNiv2CDSc+0FE3FRREn+DAhYTUEuB58FPiPakFB8s8O7T+k2qhDae7jy4/y7Jl1lnjaBY8s7bzOUPhF0KKCNZmvoKwtL23ZdVeTSV1xM3jkiNnpzBKbcoSWECSGJVp1SE0BnRXdwQP41YTXFZ0310YjaTAUCC5qbMIWdEkHjfdSQtKBImnc85mkapq9w++XQ4zhauPWBtrPV3CcoCahjUaWdjrKVkibomlJZaN8MEO23CfQw==
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 893 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 60462
+;; flags: qr rd ra cd ; qd: 1 an: 3 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ingotronic.ch., type = DS, class = IN
+
+;; ANSWERS:
+ingotronic.ch.		3565	IN	DS	6031 5 2 4A948F2FDADA24686E473EDAC00DCF972584C75E3FAA92C2021B6221449FF87E
+ingotronic.ch.		3565	IN	DS	6031 5 1 733D0218B571CD617B1A7493564B9FC4F12ADE82
+ingotronic.ch.		3565	IN	RRSIG	DS 8 2 3600 20150129033614 20150105123019 60789 ch. rVPJP2HhzW7OkroK2axFj5Lb4iVWCH8Fp/Iq1rF952NDo72b8RiKje2RaAKJAGQ+wd0YgE+PAej04GCmkhlDJA/zvPeeTxuhy3HbJzReMlQ7fjyH+wW1hli+FuIYvogXWf7nO/9VyPORt8X/f/pjrOr3Vlj9sGLN8TGYpEuVSw4=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 288 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 41420
+;; flags: qr aa rd ra cd ; qd: 1 an: 4 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ingotronic.ch., type = DNSKEY, class = IN
+
+;; ANSWERS:
+ingotronic.ch.		300	IN	DNSKEY	256 3 5 AwEAAZ2Xh77GFzpEDx7EHYxShqltHgkiG+BOjBGifEmnJhQSdE5/yNSLFNcdhZZ8HUPxYnaedTqJcFFg4AzUsQklF/fECegTJdZjaj2WoL0/I8K7HMfY/hVuRZUWPNglYi8agJRX6gdkFTCpUNI7stpgKqxtzUJhhw15uG/lKMplwqUr
+ingotronic.ch.		300	IN	DNSKEY	257 3 5 AwEAAeA1vzmjaB+eBAcvhzpKEgAEFpvQ1rg4uKDW6MsQtacKoqBpgyep2+LuWotz5p/xYxj3NGsArwN8Ad5cY0FHRr8miTT0elOv6nvlqGIfRuhj/BXAQ1x4ihpSFslHw0lJMYFwxsUZWpUyjWX/nv1xRZMMwF46gui0N4OEbyTYusCk77D+A71k+K0EAitFIbIH4GCUKmH1H7HmXhSVH9bN/n7KEGwW32lmsuuUcJoRKDkcUvbMXY/9Xoa2quERrUg/rBbDUHowRPjYDS5GzY1+f4YY8s40BufGiqyUTKKXL953MVFK8gmezXA0hbmrnZ7CBOw/7238mORAdzExaX8n7CE=
+ingotronic.ch.		300	IN	RRSIG	DNSKEY 5 2 300 20150125003700 20141226001657 6031 ingotronic.ch. rs1QlP2SlSpA2ELbzwg3DgWLzXWL3Lpv6CUJE2Q0qH2Zp7Qdy3cD+ZEtNh9v24Qv1M6JJ3zFt8mmZoCeW2ycuMbJCqBkW9CBuwF+VznZvZY2MxwPipvhvEEGP//0M8YAZJ66yQPDv3PTdAP8FYbIrJyvY44vwyncwbslpfHT9jAsrbfr3vuMuWps86dnP462q+0s1TxBfqi8mzo3gdavjHKWVNwohLahLKT+tWeu6DSzQv0YwMjwtkLgF7QRgx3ctIIkloOrnx9nHH1N6y+hxEB89fOlyVDjHhgL5uVtsD5fEdT0FJ2Gc/2nShEMMqIwr1/J9kUq1mNySff/uEe65Q==
+ingotronic.ch.		300	IN	RRSIG	DNSKEY 5 2 300 20150125003700 20141226001657 17430 ingotronic.ch. mEwZjhQqeWksWD0TCnNBrtce4YkWJL3edqL6PvAUu8Fn+Ih437kEs3+pqdkgRsdYQ9HW+lBm/8pWwJlNAv0bi9NykItXMwAUFtncgq+6Pnh3iAM972GXSa5VV4LcGQ5b8CBdHCHiEKDqyPv5Hr5QfYL/FQaWlcNRh4QZZlZNPFA=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 940 bytes
+
+###############################################
+
diff --git a/src/test/resources/recordings/org_xbill_DNS_dnssec_TestInvalid/testInvalid_bogussig.dnssec b/src/test/resources/recordings/org_xbill_DNS_dnssec_TestInvalid/testInvalid_bogussig.dnssec
new file mode 100644
index 000000000..0068a1319
--- /dev/null
+++ b/src/test/resources/recordings/org_xbill_DNS_dnssec_TestInvalid/testInvalid_bogussig.dnssec
@@ -0,0 +1,173 @@
+#Date: 2013-08-21T00:06:14+02:00
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 20364
+;; flags: qr rd ra cd ; qd: 1 an: 2 au: 2 ad: 5 
+;; QUESTIONS:
+;;	bogussig.dnssec.tjeb.nl., type = A, class = IN
+
+;; ANSWERS:
+bogussig.dnssec.tjeb.nl.	285	IN	A	178.18.82.80
+bogussig.dnssec.tjeb.nl.	285	IN	RRSIG	A 5 4 600 20200101000000 20120627091948 23637 bogussig.dnssec.tjeb.nl. C8Qxh6KKVmO0ZwHvdlQUnWXOJNTGZYgHsXyGwgdU+yjQJp0zdbQF8InG4fEw3yVRgtRVW2b3IFiFimAOj8797IT4+QiAEb+JWoC27QrX/+iE6IqWpogbhiKm223w0shjo349ELzdXjNIxTquNYCSM9zYGfmJlT1OmYvh1LLyj/g=
+
+;; AUTHORITY RECORDS:
+bogussig.dnssec.tjeb.nl.	285	IN	NS	ns2.tjeb.nl.
+bogussig.dnssec.tjeb.nl.	285	IN	RRSIG	NS 5 4 600 20200101000000 20120627091948 23637 bogussig.dnssec.tjeb.nl. kDOnemdOfAsiN4wjgAQ2b/4v3jcFGgBQrRQNvkhL29OOekdiJYDf2XlvY6CVyrqKRx5oFSu29tbIj6UDAsU6ObQu13JfYZ0FZqQyVjMjCNFUlZnGui7VVyPgi2rb3gKjWlX+FQhFYz1t8jtsopksMUGUVAI+oG61u3vaY0OUh/c=
+
+;; ADDITIONAL RECORDS:
+ns2.tjeb.nl.		555	IN	A	195.169.221.157
+ns2.tjeb.nl.		555	IN	AAAA	2001:470:1f15:17ba:0:0:0:53
+ns2.tjeb.nl.		556	IN	RRSIG	A 8 3 3600 20130917053510 20130818045138 11499 tjeb.nl. pXJsbRFz7VdvCiKPuElW08X+THHEwYrSFmKl1qd4N7xaQQl9rwmnN48mfqz3ZsChbJdPKsJJ2xSIj9+PcJoXm1RX8TMZoHpCOGDAbZPfEMTgCpnRkfNTMEYgpH9y8pqV49w88ertZfbx5S8FMa7JmEr5y9axzNyW/x0ln3FnGyI=
+ns2.tjeb.nl.		556	IN	RRSIG	AAAA 8 3 3600 20130828183606 20130729175112 11499 tjeb.nl. 4ObrppiU3IGWmXezHtz7x3rVnkEZfhAxej2lo2zhg58UYIZqFN3WhvQS/iST1wP5jdqtCmhUMBAc1yQmGMyXFINbBHVlckyI7DrZt4vPOlTBkVqWqJIwi8mwZ3Tp//hFcRXqhvfGOj2K8x+4mnnRvnLNBKf/r/MW6E5R5R8+nZs=
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 830 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 36619
+;; flags: qr rd ra ad cd ; qd: 1 an: 3 au: 0 ad: 1 
+;; QUESTIONS:
+;;	., type = DNSKEY, class = IN
+
+;; ANSWERS:
+.			138548	IN	DNSKEY	257 3 8 AwEAAagAIKlVZrpC6Ia7gEzahOR+9W29euxhJhVVLOyQbSEW0O8gcCjFFVQUTf6v58fLjwBd0YI0EzrAcQqBGCzh/RStIoO8g0NfnfL2MTJRkxoXbfDaUeVPQuYEhg37NZWAJQ9VnMVDxP/VHL496M/QZxkjf5/Efucp2gaDX6RS6CXpoY68LsvPVjR0ZSwzz1apAzvN9dlzEheX7ICJBBtuA6G3LQpzW5hOA2hzCTMjJPJ8LbqF6dsV6DoBQzgul0sGIcGOYl7OyQdXfZ57relSQageu+ipAdTTJ25AsRTAoub8ONGcLmqrAmRLKBP1dfwhYB4N7knNnulqQxA+Uk1ihz0=
+.			138548	IN	DNSKEY	256 3 8 AwEAAcFTyWsmpTs49Q0FKVepUqft+7+c3elhdsfh+amh+orgWLcitLM1bBBiWe6eymWW0EakLZAG4tej28tyx4f+j37Q9VX+m5NAhO/Y0riQonVWfzxLGymx3Ti5x/x7VKvF5Y5hf5OWv2J7pvEumYFFCtu4glit9T9J85+i3UgqSHqf
+.			138548	IN	RRSIG	DNSKEY 8 0 172800 20130903235959 20130820000000 19036 . fGmWbtROfDQ5bFTrhIQDesRvY2viY1/7Qzg7WHHH8g78QONdl33t10P9rSHwjN2JdgZ3Jbnwu/2LOFCKpwV5Ei5w9A3oUW5jcq/wnC/oKSVfvoHJ4zzJ/11KCMi1sGVUwHRf2BeNMvf8Kjpb59oUMx85NjWkIxlZYZDsC/cemeRcm1aaYrzIAS+rxck8Wmx9+1cEz/KF/w2C0sZSiMJL52Jda5XBv/24obY1NLlUHTNIQVxktAS6e5bPtHNve4zbb0YGI0QUbtIO6Bh56CoE5vnHo5bDdBY6Kdo9VOlZd4AGm1Nw9z2HLyftJanqGd495azQ6uLV6x9QN6LZ4WBVwg==
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 736 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 7247
+;; flags: qr rd ra cd ; qd: 1 an: 2 au: 0 ad: 1 
+;; QUESTIONS:
+;;	nl., type = DS, class = IN
+
+;; ANSWERS:
+nl.			83355	IN	DS	21362 8 2 881D17ECCD7FD67F1086247611CCB7FB8646E82D0074AA91E980B016FD3EDE98
+nl.			83355	IN	RRSIG	DS 8 1 86400 20130827000000 20130819230000 49656 . LeBOQAStOr5mLRIDTX893FlBFMKap/amWnaHKgKs6ip/B93jAuoPXJggBPnGGvFrVEuTK8JJOi55FHOEOvKjzg6qDswY+DbqGIdmYOD/SaXv0FqF/iuAbrrNaYXj50MexeHKgExNcEd5mrFk9eQh5T5w7QLjeQG9InVTvoXK5G0=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 238 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 38189
+;; flags: qr rd ra cd ; qd: 1 an: 3 au: 0 ad: 1 
+;; QUESTIONS:
+;;	nl., type = DNSKEY, class = IN
+
+;; ANSWERS:
+nl.			4155	IN	DNSKEY	257 3 8 AwEAAbgqMqYHpmZrqQd3zFNOzYv2lw8bWBnrtK9TjlwK/ZBYMwKGR6TNbmMuwdjebpIE2vFxTHGLQfb2PmUJpazAGkG0fUaqrjuIU99Qbe5hwLYXqyGe2Mm+ZNRsomBxhluR/ky/XX4V1TjTqeXYH4gkzEs7I6og5IE0tKyhhpU38XHtuFVj7uunIAWGn5g9tZ0ZNnv8CkwLE5hLmRf+AoNTd483ZBX4FUT32KbF6XV3ikctXbsMe2GqGlIf0gMqJQbNvYf1NuNMbxauh9YavEQ0yaavI1hz5eLMJRruq4wDTyRnMJHupxY69oZZ9IbIsEf0FurtaA7fXrAxqcfEfARr4b0=
+nl.			4155	IN	DNSKEY	256 3 8 AwEAAaq7dp+Ez3A1naHOO0A1zAIfcRtGzYRSptT7NOxuw9mKNXf3Z0258r+l4ghNYbnf5ZhAUUMrah7ydNBu5gz9z1y+hJFhm7cPl13rtYmhbMcQoF89ERdCD586HFtgE1RCggGRy/cxp+VDG7N3gheAjbSdAChMSPE2sGC11CFPuEx7
+nl.			4155	IN	RRSIG	DNSKEY 8 1 7200 20130902072242 20130819161003 21362 nl. MB0vdAiJIq7TAfodDKy5uGVu0idlJ49vIFs7pDBWvcSfv/7aUohEODQ/b9m0QrZacJz/yssm/pgLyQJckdsyfCWxJ71F2XnJmoZwTRtBVWSArbuDqZx2sisGljn46C5PokGNTVz7stMpLgrp2UBtbkKIUcFxVOkP1aMoAEC2te7EG68Cl/uaAJsphxgU4TyccSJes1QxEwAXpra/apnk/I35Cx67NJzVXOitTSmIh6qI6fjlDIxX30PUyyZsW5bcjJc41wCRpzpFy5d5GCrwqfPLM9ycDcL2LTp5JtGAldzMZ72Jyr6bzVAc7/8DkB4m5EgGjQ8EnbqKcs2aI+XpcQ==
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 745 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 29247
+;; flags: qr rd ra cd ; qd: 1 an: 2 au: 0 ad: 1 
+;; QUESTIONS:
+;;	tjeb.nl., type = DS, class = IN
+
+;; ANSWERS:
+tjeb.nl.		4155	IN	DS	17992 8 2 764501411DE58E8618945054A3F620B36202E115D015A7773F4B78E0F952CECA
+tjeb.nl.		4155	IN	RRSIG	DS 8 2 7200 20130830191348 20130816101003 11604 nl. EJl0DMR81ffQRZAcB0wLXtNsUwNtcXkri9GHO8GkjZtlrzhk6jODf1xwFmD7vFCGMBcXqqHZYYWs5IjYUrrdrtFq6ePKfKc1pHs51EoTJdJvjLlShDWN2U9FTfXLjMiVpyL4d3o3ZaPPSQiqiaZINneqzDVyXXan9o8PMBbW7Sg=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 246 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 64862
+;; flags: qr rd ra cd ; qd: 1 an: 4 au: 0 ad: 1 
+;; QUESTIONS:
+;;	tjeb.nl., type = DNSKEY, class = IN
+
+;; ANSWERS:
+tjeb.nl.		555	IN	DNSKEY	256 3 8 AwEAAee4BKqSMI/wEKdLXQyn+TzOjEMWG5IXy+WRGw+6MiKrbLit60eJxNXszf/zR55UUtMqP76lAFkFwZgpmUs6ac3pYOTUYRVFjjG1/hnUF1/thd9uZLe1E3gwa5m6dcOHaspG5xYsJ2wEBmYj1z1xTh70892PwxVR9R9GMKh4YyNt
+tjeb.nl.		555	IN	DNSKEY	257 3 8 AwEAAcHR47QfC0dlPEQkAsKRh3VYFvUKlIerSdlT7HBS3/NOQ6ghVs9uYskdbs2pLSRbu4CSu6X0MgKZO0lxoJhi6FqBa33Oc0Mmp/dd6AW4pNdZa4icP6fKT+HcPbLU9dUsrjDo13iXgUy3gls5BLG9KnTaLzWs9KmxTInBUHFLjZa70Fl+ILNfJ/e1D6eX3C104nmGSWpO6OB+nQDz46ra23eGJ7EeNAu1/uhPcqeXg3HWKjqHTzQW5XxVyMhdXx/ILC3SZhsqNqlkKZjmmHbg7V1+iograUg1XEaxaOE25W9jrzvQnMxlZT8I9LTyyi1YArvxMCTcGkNWRi4Ca4/HEDs=
+tjeb.nl.		555	IN	RRSIG	DNSKEY 8 2 3600 20130917040339 20130818034238 11499 tjeb.nl. ocva2TybPLT8eY4pSxeawEpQ0AM7rvqdGwA3msbiwgPWpW/VfgPWBiN5cZg6PDQA2+Z+BWuK1qgCGFcGEwcWdQ9hm0AsT9pFD8xAFCyNNxYxRiMRFiDop33ZpE2N4S5ukfVVbPa1YHVZ2qzW+RZbb7HjYg4xOJiQKhNuaUEK1b8=
+tjeb.nl.		555	IN	RRSIG	DNSKEY 8 2 3600 20130917040339 20130818034238 17992 tjeb.nl. iqa2i2rUfeHGNHYlkbeSBfULinAmRg9qcsCzTdzlv7MhI0EJZn9LXOlpVA8fi1a1plpIub7qFt5Uu1fzatmlZU48RBxFGINQO4Ad0SKqDFg0WdbwMjwvFJxRmqFvsLhm4eZhOxRx5bCpa/UtTawzY2D5IGH7GGdn8pA0Fa1Dvv32Fw4eNjlcq/Y5xEs1j1ar/qDcG9EyG00O0L+DEc4TREXpPe+PoZkMoRL+glC8IqZ3jJc56O8wugzvJomZNFiaLXGmr2H/XMayhLVpm7ncTeaDknK7aJu0Z/jnATjoc9nyP8t2/Rcw53781pDP1sJlSmfVn/Xpz/MAfY6HQSTPOg==
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 922 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 14587
+;; flags: qr rd ra cd ; qd: 1 an: 2 au: 0 ad: 1 
+;; QUESTIONS:
+;;	dnssec.tjeb.nl., type = DS, class = IN
+
+;; ANSWERS:
+dnssec.tjeb.nl.		555	IN	DS	8340 5 1 5733A59841EA708AE9223822124B07B555E17332
+dnssec.tjeb.nl.		555	IN	RRSIG	DS 8 3 3600 20130917051704 20130818051644 11499 tjeb.nl. WfurllImGCRujmNfI0ZBtJrmQgSo/68lGSTo95J8YBIm2W9iUqsFI+LwKj3F2QEwz3SsJ2c1mDWiAvkptSq9LgqdLgBJpjDtHNg7fGHdZyvffjlj/+I4ePZG+7Lk5mpNmUmkhx8tgDJiCHMTgfjPl4nAjPxdUPjD59GStEKBT2E=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 246 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 52275
+;; flags: qr rd ra cd ; qd: 1 an: 2 au: 0 ad: 1 
+;; QUESTIONS:
+;;	dnssec.tjeb.nl., type = DNSKEY, class = IN
+
+;; ANSWERS:
+dnssec.tjeb.nl.		556	IN	DNSKEY	256 3 5 AwEAAdSl9MRil0yoBBkAGGHhxJIRyB//+lfi+ftbTh3a3pDoukvRahssEOKRjiNfmaoQRHbZA4HTqWxIHlu0CzhOc/e5phBPY2oEnGWKmFQRihJVYd2lwjwCTZNKHUz0PhN6PBM8/xlFAyBWduM1ldZf7sge2rod3xx8mZjhVekRnw+P
+dnssec.tjeb.nl.		556	IN	RRSIG	DNSKEY 5 3 3600 20150101000000 20120726165632 8340 dnssec.tjeb.nl. EcmwD5XSZMN8hc1opbI+0+x/6gQ5OukiFl746FJLBM9fUdcYb7A3GnJ9qyWRqvaEPSq2FuzfE2zmW7+YQRHlUxP/INk2ffjDJJwcrIUtgbJv8J+ztWl0L5crReEL5eYpgetG4xgGDT19W+Bd0EHg2YP3o1VHJvV8qzDQxam2NKI=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 365 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 40156
+;; flags: qr rd ra cd ; qd: 1 an: 2 au: 0 ad: 1 
+;; QUESTIONS:
+;;	bogussig.dnssec.tjeb.nl., type = DS, class = IN
+
+;; ANSWERS:
+bogussig.dnssec.tjeb.nl.	285	IN	DS	23637 5 1 AC0EEB922A964D8C78B37851CC8AAE1692886BC6
+bogussig.dnssec.tjeb.nl.	285	IN	RRSIG	DS 5 4 600 20150101000000 20120726165632 8340 dnssec.tjeb.nl. DIBZxWmoKj9j/GyxWzBLNejuSvhk0nrb5yfihYTu0ZgQJtDlhSfTE1j9RkAfwlq8+nPwBqjpEIbe931cqpEZDE28CyeiIV18A5Dqo0/gHBkZu9RBl0+JIYW0U1VJZBA00fB476rlnbYslaylXbykxG1KHTcuLWqvO99z7lsEfVM=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 262 bytes
+
+###############################################
+
diff --git a/src/test/resources/recordings/org_xbill_DNS_dnssec_TestInvalid/testInvalid_bogussig.nsec3 b/src/test/resources/recordings/org_xbill_DNS_dnssec_TestInvalid/testInvalid_bogussig.nsec3
new file mode 100644
index 000000000..b992f6bbc
--- /dev/null
+++ b/src/test/resources/recordings/org_xbill_DNS_dnssec_TestInvalid/testInvalid_bogussig.nsec3
@@ -0,0 +1,174 @@
+#Date: 2013-08-21T00:06:16+02:00
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 7880
+;; flags: qr rd ra cd ; qd: 1 an: 2 au: 2 ad: 5 
+;; QUESTIONS:
+;;	bogussig.nsec3.tjeb.nl., type = A, class = IN
+
+;; ANSWERS:
+bogussig.nsec3.tjeb.nl.	285	IN	A	178.18.82.80
+bogussig.nsec3.tjeb.nl.	285	IN	RRSIG	A 7 4 600 20150101000000 20110520094958 32453 bogussig.nsec3.tjeb.nl. W8LMPVphiwjNEnlmk0zTZTNg6c4MhplKjtqhHnt1d2Td8KBpzBLEU+egiq4IDvOWK42Jko5TCCI50y5Un1eX0O7pa+v2m5anAOOY452gBH1H8rY2sVTxtWSCzcq5T2MmF7QChDt10PlbCC1liL4VBugOLJ1FDywuQLpnazvPOIo=
+
+;; AUTHORITY RECORDS:
+bogussig.nsec3.tjeb.nl.	285	IN	NS	ns2.tjeb.nl.
+bogussig.nsec3.tjeb.nl.	285	IN	RRSIG	NS 7 4 600 20150101000000 20110520094958 32453 bogussig.nsec3.tjeb.nl. 3W61pFbwMuNT2GZHgIODVnE7GKKMgmiJzpAKpIfeFCE2rQxIYLGtPYcyB1PHEKiVn/+oXg3B0KfRYGCGfS0jWeT9wo4V/e53UdzOIlEAWLFLPPHqjOhTQ7htSNc18ZwD+tsYgoj6vdIfT49TLvLZQqe2jCKJ0rir9a/Kx7yHN0M=
+
+;; ADDITIONAL RECORDS:
+ns2.tjeb.nl.		553	IN	A	195.169.221.157
+ns2.tjeb.nl.		553	IN	AAAA	2001:470:1f15:17ba:0:0:0:53
+ns2.tjeb.nl.		554	IN	RRSIG	A 8 3 3600 20130917053510 20130818045138 11499 tjeb.nl. pXJsbRFz7VdvCiKPuElW08X+THHEwYrSFmKl1qd4N7xaQQl9rwmnN48mfqz3ZsChbJdPKsJJ2xSIj9+PcJoXm1RX8TMZoHpCOGDAbZPfEMTgCpnRkfNTMEYgpH9y8pqV49w88ertZfbx5S8FMa7JmEr5y9axzNyW/x0ln3FnGyI=
+ns2.tjeb.nl.		554	IN	RRSIG	AAAA 8 3 3600 20130828183606 20130729175112 11499 tjeb.nl. 4ObrppiU3IGWmXezHtz7x3rVnkEZfhAxej2lo2zhg58UYIZqFN3WhvQS/iST1wP5jdqtCmhUMBAc1yQmGMyXFINbBHVlckyI7DrZt4vPOlTBkVqWqJIwi8mwZ3Tp//hFcRXqhvfGOj2K8x+4mnnRvnLNBKf/r/MW6E5R5R8+nZs=
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 827 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 13757
+;; flags: qr rd ra ad cd ; qd: 1 an: 3 au: 0 ad: 1 
+;; QUESTIONS:
+;;	., type = DNSKEY, class = IN
+
+;; ANSWERS:
+.			138546	IN	DNSKEY	257 3 8 AwEAAagAIKlVZrpC6Ia7gEzahOR+9W29euxhJhVVLOyQbSEW0O8gcCjFFVQUTf6v58fLjwBd0YI0EzrAcQqBGCzh/RStIoO8g0NfnfL2MTJRkxoXbfDaUeVPQuYEhg37NZWAJQ9VnMVDxP/VHL496M/QZxkjf5/Efucp2gaDX6RS6CXpoY68LsvPVjR0ZSwzz1apAzvN9dlzEheX7ICJBBtuA6G3LQpzW5hOA2hzCTMjJPJ8LbqF6dsV6DoBQzgul0sGIcGOYl7OyQdXfZ57relSQageu+ipAdTTJ25AsRTAoub8ONGcLmqrAmRLKBP1dfwhYB4N7knNnulqQxA+Uk1ihz0=
+.			138546	IN	DNSKEY	256 3 8 AwEAAcFTyWsmpTs49Q0FKVepUqft+7+c3elhdsfh+amh+orgWLcitLM1bBBiWe6eymWW0EakLZAG4tej28tyx4f+j37Q9VX+m5NAhO/Y0riQonVWfzxLGymx3Ti5x/x7VKvF5Y5hf5OWv2J7pvEumYFFCtu4glit9T9J85+i3UgqSHqf
+.			138546	IN	RRSIG	DNSKEY 8 0 172800 20130903235959 20130820000000 19036 . fGmWbtROfDQ5bFTrhIQDesRvY2viY1/7Qzg7WHHH8g78QONdl33t10P9rSHwjN2JdgZ3Jbnwu/2LOFCKpwV5Ei5w9A3oUW5jcq/wnC/oKSVfvoHJ4zzJ/11KCMi1sGVUwHRf2BeNMvf8Kjpb59oUMx85NjWkIxlZYZDsC/cemeRcm1aaYrzIAS+rxck8Wmx9+1cEz/KF/w2C0sZSiMJL52Jda5XBv/24obY1NLlUHTNIQVxktAS6e5bPtHNve4zbb0YGI0QUbtIO6Bh56CoE5vnHo5bDdBY6Kdo9VOlZd4AGm1Nw9z2HLyftJanqGd495azQ6uLV6x9QN6LZ4WBVwg==
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 736 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 48548
+;; flags: qr rd ra cd ; qd: 1 an: 2 au: 0 ad: 1 
+;; QUESTIONS:
+;;	nl., type = DS, class = IN
+
+;; ANSWERS:
+nl.			83353	IN	DS	21362 8 2 881D17ECCD7FD67F1086247611CCB7FB8646E82D0074AA91E980B016FD3EDE98
+nl.			83353	IN	RRSIG	DS 8 1 86400 20130827000000 20130819230000 49656 . LeBOQAStOr5mLRIDTX893FlBFMKap/amWnaHKgKs6ip/B93jAuoPXJggBPnGGvFrVEuTK8JJOi55FHOEOvKjzg6qDswY+DbqGIdmYOD/SaXv0FqF/iuAbrrNaYXj50MexeHKgExNcEd5mrFk9eQh5T5w7QLjeQG9InVTvoXK5G0=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 238 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 7166
+;; flags: qr rd ra cd ; qd: 1 an: 3 au: 0 ad: 1 
+;; QUESTIONS:
+;;	nl., type = DNSKEY, class = IN
+
+;; ANSWERS:
+nl.			4153	IN	DNSKEY	257 3 8 AwEAAbgqMqYHpmZrqQd3zFNOzYv2lw8bWBnrtK9TjlwK/ZBYMwKGR6TNbmMuwdjebpIE2vFxTHGLQfb2PmUJpazAGkG0fUaqrjuIU99Qbe5hwLYXqyGe2Mm+ZNRsomBxhluR/ky/XX4V1TjTqeXYH4gkzEs7I6og5IE0tKyhhpU38XHtuFVj7uunIAWGn5g9tZ0ZNnv8CkwLE5hLmRf+AoNTd483ZBX4FUT32KbF6XV3ikctXbsMe2GqGlIf0gMqJQbNvYf1NuNMbxauh9YavEQ0yaavI1hz5eLMJRruq4wDTyRnMJHupxY69oZZ9IbIsEf0FurtaA7fXrAxqcfEfARr4b0=
+nl.			4153	IN	DNSKEY	256 3 8 AwEAAaq7dp+Ez3A1naHOO0A1zAIfcRtGzYRSptT7NOxuw9mKNXf3Z0258r+l4ghNYbnf5ZhAUUMrah7ydNBu5gz9z1y+hJFhm7cPl13rtYmhbMcQoF89ERdCD586HFtgE1RCggGRy/cxp+VDG7N3gheAjbSdAChMSPE2sGC11CFPuEx7
+nl.			4153	IN	RRSIG	DNSKEY 8 1 7200 20130902072242 20130819161003 21362 nl. MB0vdAiJIq7TAfodDKy5uGVu0idlJ49vIFs7pDBWvcSfv/7aUohEODQ/b9m0QrZacJz/yssm/pgLyQJckdsyfCWxJ71F2XnJmoZwTRtBVWSArbuDqZx2sisGljn46C5PokGNTVz7stMpLgrp2UBtbkKIUcFxVOkP1aMoAEC2te7EG68Cl/uaAJsphxgU4TyccSJes1QxEwAXpra/apnk/I35Cx67NJzVXOitTSmIh6qI6fjlDIxX30PUyyZsW5bcjJc41wCRpzpFy5d5GCrwqfPLM9ycDcL2LTp5JtGAldzMZ72Jyr6bzVAc7/8DkB4m5EgGjQ8EnbqKcs2aI+XpcQ==
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 745 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 54240
+;; flags: qr rd ra cd ; qd: 1 an: 2 au: 0 ad: 1 
+;; QUESTIONS:
+;;	tjeb.nl., type = DS, class = IN
+
+;; ANSWERS:
+tjeb.nl.		4153	IN	DS	17992 8 2 764501411DE58E8618945054A3F620B36202E115D015A7773F4B78E0F952CECA
+tjeb.nl.		4153	IN	RRSIG	DS 8 2 7200 20130830191348 20130816101003 11604 nl. EJl0DMR81ffQRZAcB0wLXtNsUwNtcXkri9GHO8GkjZtlrzhk6jODf1xwFmD7vFCGMBcXqqHZYYWs5IjYUrrdrtFq6ePKfKc1pHs51EoTJdJvjLlShDWN2U9FTfXLjMiVpyL4d3o3ZaPPSQiqiaZINneqzDVyXXan9o8PMBbW7Sg=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 246 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 27859
+;; flags: qr rd ra cd ; qd: 1 an: 4 au: 0 ad: 1 
+;; QUESTIONS:
+;;	tjeb.nl., type = DNSKEY, class = IN
+
+;; ANSWERS:
+tjeb.nl.		553	IN	DNSKEY	256 3 8 AwEAAee4BKqSMI/wEKdLXQyn+TzOjEMWG5IXy+WRGw+6MiKrbLit60eJxNXszf/zR55UUtMqP76lAFkFwZgpmUs6ac3pYOTUYRVFjjG1/hnUF1/thd9uZLe1E3gwa5m6dcOHaspG5xYsJ2wEBmYj1z1xTh70892PwxVR9R9GMKh4YyNt
+tjeb.nl.		553	IN	DNSKEY	257 3 8 AwEAAcHR47QfC0dlPEQkAsKRh3VYFvUKlIerSdlT7HBS3/NOQ6ghVs9uYskdbs2pLSRbu4CSu6X0MgKZO0lxoJhi6FqBa33Oc0Mmp/dd6AW4pNdZa4icP6fKT+HcPbLU9dUsrjDo13iXgUy3gls5BLG9KnTaLzWs9KmxTInBUHFLjZa70Fl+ILNfJ/e1D6eX3C104nmGSWpO6OB+nQDz46ra23eGJ7EeNAu1/uhPcqeXg3HWKjqHTzQW5XxVyMhdXx/ILC3SZhsqNqlkKZjmmHbg7V1+iograUg1XEaxaOE25W9jrzvQnMxlZT8I9LTyyi1YArvxMCTcGkNWRi4Ca4/HEDs=
+tjeb.nl.		553	IN	RRSIG	DNSKEY 8 2 3600 20130917040339 20130818034238 11499 tjeb.nl. ocva2TybPLT8eY4pSxeawEpQ0AM7rvqdGwA3msbiwgPWpW/VfgPWBiN5cZg6PDQA2+Z+BWuK1qgCGFcGEwcWdQ9hm0AsT9pFD8xAFCyNNxYxRiMRFiDop33ZpE2N4S5ukfVVbPa1YHVZ2qzW+RZbb7HjYg4xOJiQKhNuaUEK1b8=
+tjeb.nl.		553	IN	RRSIG	DNSKEY 8 2 3600 20130917040339 20130818034238 17992 tjeb.nl. iqa2i2rUfeHGNHYlkbeSBfULinAmRg9qcsCzTdzlv7MhI0EJZn9LXOlpVA8fi1a1plpIub7qFt5Uu1fzatmlZU48RBxFGINQO4Ad0SKqDFg0WdbwMjwvFJxRmqFvsLhm4eZhOxRx5bCpa/UtTawzY2D5IGH7GGdn8pA0Fa1Dvv32Fw4eNjlcq/Y5xEs1j1ar/qDcG9EyG00O0L+DEc4TREXpPe+PoZkMoRL+glC8IqZ3jJc56O8wugzvJomZNFiaLXGmr2H/XMayhLVpm7ncTeaDknK7aJu0Z/jnATjoc9nyP8t2/Rcw53781pDP1sJlSmfVn/Xpz/MAfY6HQSTPOg==
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 922 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 5375
+;; flags: qr rd ra cd ; qd: 1 an: 3 au: 0 ad: 1 
+;; QUESTIONS:
+;;	nsec3.tjeb.nl., type = DS, class = IN
+
+;; ANSWERS:
+nsec3.tjeb.nl.		554	IN	DS	33022 7 1 A9BBB2B6B619282B263474B19BDBA7A724A11F9E
+nsec3.tjeb.nl.		554	IN	DS	21665 7 2 40B5D47EC3AD05AF64CA91478408DE035AA64F7CAF7FC372958C80033B330377
+nsec3.tjeb.nl.		554	IN	RRSIG	DS 8 3 3600 20130917053510 20130818045138 11499 tjeb.nl. SXiF+5inBiEVdfFredApgDrdJ/qu6/sjIQ1Ek4M+ldzrgfjtG+HDFTH3A+cs79Mfeq62yUuQpYLGrkZ5Ok9G/4j7lhzdIGX7VZqOqA5TecpjtnATvHaUH1+3nhHYTMCZbDe4wMzsMBnjcNLVbTq+t+UhLKhiq6nsI4xt8TA4fVQ=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 293 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 4198
+;; flags: qr rd ra cd ; qd: 1 an: 2 au: 0 ad: 1 
+;; QUESTIONS:
+;;	nsec3.tjeb.nl., type = DNSKEY, class = IN
+
+;; ANSWERS:
+nsec3.tjeb.nl.		554	IN	DNSKEY	256 3 7 AwEAAdWgR6bilcX8UdjeVDenTLcnR6AsrSYXpYccj8QF103GPzDkoLLkh9KS4/obiRYs8BRGotSZK7QT1Ew/xWml425bR0JzOgajHF0Au01M/TtvLSA/Vf4jFqXfFwSBCMWtZGbspSj3SEiILaHmdsyfS0KpqJwF8f+hnOdwmHYEmMkh
+nsec3.tjeb.nl.		554	IN	RRSIG	DNSKEY 7 3 3600 20160101000000 20120416140921 21665 nsec3.tjeb.nl. B/gmYobsGg2zcwEwkTHrYp3xt3claIM4YFKJiqZk3A9H4thBv+9kjmlF9Mt1PHAHtbxAmtYOyuPLuFGLbNWn/qCgjP6ShKHInY5nJMqTsL1Sf3kGhxcKsHR4wUjFKg0eyaFUel1Dm88W6yeWhMWj6vAz0C+LtT/mZnJabN4WQnY=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 363 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 58727
+;; flags: qr rd ra cd ; qd: 1 an: 2 au: 0 ad: 1 
+;; QUESTIONS:
+;;	bogussig.nsec3.tjeb.nl., type = DS, class = IN
+
+;; ANSWERS:
+bogussig.nsec3.tjeb.nl.	556	IN	DS	32453 7 1 9866886BAB4AC1F8701687E488220437741B870E
+bogussig.nsec3.tjeb.nl.	556	IN	RRSIG	DS 7 4 3600 20160101000000 20120416140921 21665 nsec3.tjeb.nl. ZETBW1W1Gx3VPNcH18KWJhlZ8QGQec+JRB9u+WGdp/rIq+6780iPUdXeXakqKyJGXcZd8jFo1YZ5otGbyaPxyxOX5qQmjEo22TcUZgfsUYCm5/BfKaIVq5tyRsT3qBGP1K3MelDZ8ahATQPXFHUnqKJ4RV4AnLk6e9V5rj6z4sI=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 260 bytes
+
+###############################################
+
diff --git a/src/test/resources/recordings/org_xbill_DNS_dnssec_TestInvalid/testInvalid_sigexpired.dnssec b/src/test/resources/recordings/org_xbill_DNS_dnssec_TestInvalid/testInvalid_sigexpired.dnssec
new file mode 100644
index 000000000..0d7d4b13d
--- /dev/null
+++ b/src/test/resources/recordings/org_xbill_DNS_dnssec_TestInvalid/testInvalid_sigexpired.dnssec
@@ -0,0 +1,173 @@
+#Date: 2013-08-21T00:06:15+02:00
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 63037
+;; flags: qr rd ra cd ; qd: 1 an: 2 au: 2 ad: 5 
+;; QUESTIONS:
+;;	sigexpired.dnssec.tjeb.nl., type = A, class = IN
+
+;; ANSWERS:
+sigexpired.dnssec.tjeb.nl.	285	IN	A	178.18.82.80
+sigexpired.dnssec.tjeb.nl.	285	IN	RRSIG	A 5 4 600 20110628091948 20100628091948 47010 sigexpired.dnssec.tjeb.nl. VHpZcN2Pu+/anXg/DSHObQ0Rb+Xg9mPjSUccXvZhQiQ7KpIRFsV+c28fQG/KRp7upnQlzF0x0OG9aVijIeiuxzyymh1rG+EkmUL9d1kYiWrlASBClAh7MNXoQAD+7hndHYDm/xT6WXtgFIbrfUx/OhF/MbTtGn1BLGc2912Qs/c=
+
+;; AUTHORITY RECORDS:
+sigexpired.dnssec.tjeb.nl.	285	IN	NS	ns2.tjeb.nl.
+sigexpired.dnssec.tjeb.nl.	285	IN	RRSIG	NS 5 4 600 20110628091948 20100628091948 47010 sigexpired.dnssec.tjeb.nl. PhOlt2TSE6gJdgPgyDsrVGXDsEg/0oeCHnYj99Nkaz5KhTYRnrFJUjcKWh4uDGzwxINxdgiesmwgPMO/EKabIhZRv8K6O6kmRHrPdH4ZLNFKVT5Ly+zTGS5dFQSoVv3Flb016vIGSDZxdcFAhVdzqm0rZg1CNkJdvcVPACwASFg=
+
+;; ADDITIONAL RECORDS:
+ns2.tjeb.nl.		554	IN	A	195.169.221.157
+ns2.tjeb.nl.		554	IN	AAAA	2001:470:1f15:17ba:0:0:0:53
+ns2.tjeb.nl.		555	IN	RRSIG	A 8 3 3600 20130917053510 20130818045138 11499 tjeb.nl. pXJsbRFz7VdvCiKPuElW08X+THHEwYrSFmKl1qd4N7xaQQl9rwmnN48mfqz3ZsChbJdPKsJJ2xSIj9+PcJoXm1RX8TMZoHpCOGDAbZPfEMTgCpnRkfNTMEYgpH9y8pqV49w88ertZfbx5S8FMa7JmEr5y9axzNyW/x0ln3FnGyI=
+ns2.tjeb.nl.		555	IN	RRSIG	AAAA 8 3 3600 20130828183606 20130729175112 11499 tjeb.nl. 4ObrppiU3IGWmXezHtz7x3rVnkEZfhAxej2lo2zhg58UYIZqFN3WhvQS/iST1wP5jdqtCmhUMBAc1yQmGMyXFINbBHVlckyI7DrZt4vPOlTBkVqWqJIwi8mwZ3Tp//hFcRXqhvfGOj2K8x+4mnnRvnLNBKf/r/MW6E5R5R8+nZs=
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 836 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 22753
+;; flags: qr rd ra ad cd ; qd: 1 an: 3 au: 0 ad: 1 
+;; QUESTIONS:
+;;	., type = DNSKEY, class = IN
+
+;; ANSWERS:
+.			138547	IN	DNSKEY	256 3 8 AwEAAcFTyWsmpTs49Q0FKVepUqft+7+c3elhdsfh+amh+orgWLcitLM1bBBiWe6eymWW0EakLZAG4tej28tyx4f+j37Q9VX+m5NAhO/Y0riQonVWfzxLGymx3Ti5x/x7VKvF5Y5hf5OWv2J7pvEumYFFCtu4glit9T9J85+i3UgqSHqf
+.			138547	IN	DNSKEY	257 3 8 AwEAAagAIKlVZrpC6Ia7gEzahOR+9W29euxhJhVVLOyQbSEW0O8gcCjFFVQUTf6v58fLjwBd0YI0EzrAcQqBGCzh/RStIoO8g0NfnfL2MTJRkxoXbfDaUeVPQuYEhg37NZWAJQ9VnMVDxP/VHL496M/QZxkjf5/Efucp2gaDX6RS6CXpoY68LsvPVjR0ZSwzz1apAzvN9dlzEheX7ICJBBtuA6G3LQpzW5hOA2hzCTMjJPJ8LbqF6dsV6DoBQzgul0sGIcGOYl7OyQdXfZ57relSQageu+ipAdTTJ25AsRTAoub8ONGcLmqrAmRLKBP1dfwhYB4N7knNnulqQxA+Uk1ihz0=
+.			138547	IN	RRSIG	DNSKEY 8 0 172800 20130903235959 20130820000000 19036 . fGmWbtROfDQ5bFTrhIQDesRvY2viY1/7Qzg7WHHH8g78QONdl33t10P9rSHwjN2JdgZ3Jbnwu/2LOFCKpwV5Ei5w9A3oUW5jcq/wnC/oKSVfvoHJ4zzJ/11KCMi1sGVUwHRf2BeNMvf8Kjpb59oUMx85NjWkIxlZYZDsC/cemeRcm1aaYrzIAS+rxck8Wmx9+1cEz/KF/w2C0sZSiMJL52Jda5XBv/24obY1NLlUHTNIQVxktAS6e5bPtHNve4zbb0YGI0QUbtIO6Bh56CoE5vnHo5bDdBY6Kdo9VOlZd4AGm1Nw9z2HLyftJanqGd495azQ6uLV6x9QN6LZ4WBVwg==
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 736 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 59940
+;; flags: qr rd ra cd ; qd: 1 an: 2 au: 0 ad: 1 
+;; QUESTIONS:
+;;	nl., type = DS, class = IN
+
+;; ANSWERS:
+nl.			83354	IN	DS	21362 8 2 881D17ECCD7FD67F1086247611CCB7FB8646E82D0074AA91E980B016FD3EDE98
+nl.			83354	IN	RRSIG	DS 8 1 86400 20130827000000 20130819230000 49656 . LeBOQAStOr5mLRIDTX893FlBFMKap/amWnaHKgKs6ip/B93jAuoPXJggBPnGGvFrVEuTK8JJOi55FHOEOvKjzg6qDswY+DbqGIdmYOD/SaXv0FqF/iuAbrrNaYXj50MexeHKgExNcEd5mrFk9eQh5T5w7QLjeQG9InVTvoXK5G0=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 238 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 29772
+;; flags: qr rd ra cd ; qd: 1 an: 3 au: 0 ad: 1 
+;; QUESTIONS:
+;;	nl., type = DNSKEY, class = IN
+
+;; ANSWERS:
+nl.			4154	IN	DNSKEY	257 3 8 AwEAAbgqMqYHpmZrqQd3zFNOzYv2lw8bWBnrtK9TjlwK/ZBYMwKGR6TNbmMuwdjebpIE2vFxTHGLQfb2PmUJpazAGkG0fUaqrjuIU99Qbe5hwLYXqyGe2Mm+ZNRsomBxhluR/ky/XX4V1TjTqeXYH4gkzEs7I6og5IE0tKyhhpU38XHtuFVj7uunIAWGn5g9tZ0ZNnv8CkwLE5hLmRf+AoNTd483ZBX4FUT32KbF6XV3ikctXbsMe2GqGlIf0gMqJQbNvYf1NuNMbxauh9YavEQ0yaavI1hz5eLMJRruq4wDTyRnMJHupxY69oZZ9IbIsEf0FurtaA7fXrAxqcfEfARr4b0=
+nl.			4154	IN	DNSKEY	256 3 8 AwEAAaq7dp+Ez3A1naHOO0A1zAIfcRtGzYRSptT7NOxuw9mKNXf3Z0258r+l4ghNYbnf5ZhAUUMrah7ydNBu5gz9z1y+hJFhm7cPl13rtYmhbMcQoF89ERdCD586HFtgE1RCggGRy/cxp+VDG7N3gheAjbSdAChMSPE2sGC11CFPuEx7
+nl.			4154	IN	RRSIG	DNSKEY 8 1 7200 20130902072242 20130819161003 21362 nl. MB0vdAiJIq7TAfodDKy5uGVu0idlJ49vIFs7pDBWvcSfv/7aUohEODQ/b9m0QrZacJz/yssm/pgLyQJckdsyfCWxJ71F2XnJmoZwTRtBVWSArbuDqZx2sisGljn46C5PokGNTVz7stMpLgrp2UBtbkKIUcFxVOkP1aMoAEC2te7EG68Cl/uaAJsphxgU4TyccSJes1QxEwAXpra/apnk/I35Cx67NJzVXOitTSmIh6qI6fjlDIxX30PUyyZsW5bcjJc41wCRpzpFy5d5GCrwqfPLM9ycDcL2LTp5JtGAldzMZ72Jyr6bzVAc7/8DkB4m5EgGjQ8EnbqKcs2aI+XpcQ==
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 745 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 5661
+;; flags: qr rd ra cd ; qd: 1 an: 2 au: 0 ad: 1 
+;; QUESTIONS:
+;;	tjeb.nl., type = DS, class = IN
+
+;; ANSWERS:
+tjeb.nl.		4154	IN	DS	17992 8 2 764501411DE58E8618945054A3F620B36202E115D015A7773F4B78E0F952CECA
+tjeb.nl.		4154	IN	RRSIG	DS 8 2 7200 20130830191348 20130816101003 11604 nl. EJl0DMR81ffQRZAcB0wLXtNsUwNtcXkri9GHO8GkjZtlrzhk6jODf1xwFmD7vFCGMBcXqqHZYYWs5IjYUrrdrtFq6ePKfKc1pHs51EoTJdJvjLlShDWN2U9FTfXLjMiVpyL4d3o3ZaPPSQiqiaZINneqzDVyXXan9o8PMBbW7Sg=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 246 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 32649
+;; flags: qr rd ra cd ; qd: 1 an: 4 au: 0 ad: 1 
+;; QUESTIONS:
+;;	tjeb.nl., type = DNSKEY, class = IN
+
+;; ANSWERS:
+tjeb.nl.		554	IN	DNSKEY	256 3 8 AwEAAee4BKqSMI/wEKdLXQyn+TzOjEMWG5IXy+WRGw+6MiKrbLit60eJxNXszf/zR55UUtMqP76lAFkFwZgpmUs6ac3pYOTUYRVFjjG1/hnUF1/thd9uZLe1E3gwa5m6dcOHaspG5xYsJ2wEBmYj1z1xTh70892PwxVR9R9GMKh4YyNt
+tjeb.nl.		554	IN	DNSKEY	257 3 8 AwEAAcHR47QfC0dlPEQkAsKRh3VYFvUKlIerSdlT7HBS3/NOQ6ghVs9uYskdbs2pLSRbu4CSu6X0MgKZO0lxoJhi6FqBa33Oc0Mmp/dd6AW4pNdZa4icP6fKT+HcPbLU9dUsrjDo13iXgUy3gls5BLG9KnTaLzWs9KmxTInBUHFLjZa70Fl+ILNfJ/e1D6eX3C104nmGSWpO6OB+nQDz46ra23eGJ7EeNAu1/uhPcqeXg3HWKjqHTzQW5XxVyMhdXx/ILC3SZhsqNqlkKZjmmHbg7V1+iograUg1XEaxaOE25W9jrzvQnMxlZT8I9LTyyi1YArvxMCTcGkNWRi4Ca4/HEDs=
+tjeb.nl.		554	IN	RRSIG	DNSKEY 8 2 3600 20130917040339 20130818034238 11499 tjeb.nl. ocva2TybPLT8eY4pSxeawEpQ0AM7rvqdGwA3msbiwgPWpW/VfgPWBiN5cZg6PDQA2+Z+BWuK1qgCGFcGEwcWdQ9hm0AsT9pFD8xAFCyNNxYxRiMRFiDop33ZpE2N4S5ukfVVbPa1YHVZ2qzW+RZbb7HjYg4xOJiQKhNuaUEK1b8=
+tjeb.nl.		554	IN	RRSIG	DNSKEY 8 2 3600 20130917040339 20130818034238 17992 tjeb.nl. iqa2i2rUfeHGNHYlkbeSBfULinAmRg9qcsCzTdzlv7MhI0EJZn9LXOlpVA8fi1a1plpIub7qFt5Uu1fzatmlZU48RBxFGINQO4Ad0SKqDFg0WdbwMjwvFJxRmqFvsLhm4eZhOxRx5bCpa/UtTawzY2D5IGH7GGdn8pA0Fa1Dvv32Fw4eNjlcq/Y5xEs1j1ar/qDcG9EyG00O0L+DEc4TREXpPe+PoZkMoRL+glC8IqZ3jJc56O8wugzvJomZNFiaLXGmr2H/XMayhLVpm7ncTeaDknK7aJu0Z/jnATjoc9nyP8t2/Rcw53781pDP1sJlSmfVn/Xpz/MAfY6HQSTPOg==
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 922 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 5928
+;; flags: qr rd ra cd ; qd: 1 an: 2 au: 0 ad: 1 
+;; QUESTIONS:
+;;	dnssec.tjeb.nl., type = DS, class = IN
+
+;; ANSWERS:
+dnssec.tjeb.nl.		554	IN	DS	8340 5 1 5733A59841EA708AE9223822124B07B555E17332
+dnssec.tjeb.nl.		554	IN	RRSIG	DS 8 3 3600 20130917051704 20130818051644 11499 tjeb.nl. WfurllImGCRujmNfI0ZBtJrmQgSo/68lGSTo95J8YBIm2W9iUqsFI+LwKj3F2QEwz3SsJ2c1mDWiAvkptSq9LgqdLgBJpjDtHNg7fGHdZyvffjlj/+I4ePZG+7Lk5mpNmUmkhx8tgDJiCHMTgfjPl4nAjPxdUPjD59GStEKBT2E=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 246 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 33538
+;; flags: qr rd ra cd ; qd: 1 an: 2 au: 0 ad: 1 
+;; QUESTIONS:
+;;	dnssec.tjeb.nl., type = DNSKEY, class = IN
+
+;; ANSWERS:
+dnssec.tjeb.nl.		555	IN	DNSKEY	256 3 5 AwEAAdSl9MRil0yoBBkAGGHhxJIRyB//+lfi+ftbTh3a3pDoukvRahssEOKRjiNfmaoQRHbZA4HTqWxIHlu0CzhOc/e5phBPY2oEnGWKmFQRihJVYd2lwjwCTZNKHUz0PhN6PBM8/xlFAyBWduM1ldZf7sge2rod3xx8mZjhVekRnw+P
+dnssec.tjeb.nl.		555	IN	RRSIG	DNSKEY 5 3 3600 20150101000000 20120726165632 8340 dnssec.tjeb.nl. EcmwD5XSZMN8hc1opbI+0+x/6gQ5OukiFl746FJLBM9fUdcYb7A3GnJ9qyWRqvaEPSq2FuzfE2zmW7+YQRHlUxP/INk2ffjDJJwcrIUtgbJv8J+ztWl0L5crReEL5eYpgetG4xgGDT19W+Bd0EHg2YP3o1VHJvV8qzDQxam2NKI=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 365 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 33840
+;; flags: qr rd ra cd ; qd: 1 an: 2 au: 0 ad: 1 
+;; QUESTIONS:
+;;	sigexpired.dnssec.tjeb.nl., type = DS, class = IN
+
+;; ANSWERS:
+sigexpired.dnssec.tjeb.nl.	285	IN	DS	47010 5 1 674BE2F020B2D307E0505E844840DD63ACB17CB8
+sigexpired.dnssec.tjeb.nl.	285	IN	RRSIG	DS 5 4 600 20110727165632 20100727165632 8340 dnssec.tjeb.nl. UIFRltFjBk5gEHjQ4OM9Quv/cuPkVYkPc0wjbmb2LoDHBGZ0MDJb6Ch1he7RxeDOe6KQ/m1PM2IoG57n+5kl6UXj/J8rmJw45ODrSVMNdAZZHJ4UUqx4CNzv4BlGnQc1x6qHHn/mPHF96Ma+anGBzi4/fk99dbqh3WJJ1uUM8u0=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 264 bytes
+
+###############################################
+
diff --git a/src/test/resources/recordings/org_xbill_DNS_dnssec_TestInvalid/testInvalid_sigexpired.nsec3 b/src/test/resources/recordings/org_xbill_DNS_dnssec_TestInvalid/testInvalid_sigexpired.nsec3
new file mode 100644
index 000000000..146e4928b
--- /dev/null
+++ b/src/test/resources/recordings/org_xbill_DNS_dnssec_TestInvalid/testInvalid_sigexpired.nsec3
@@ -0,0 +1,174 @@
+#Date: 2013-08-21T00:06:16+02:00
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 2078
+;; flags: qr rd ra cd ; qd: 1 an: 2 au: 2 ad: 5 
+;; QUESTIONS:
+;;	sigexpired.nsec3.tjeb.nl., type = A, class = IN
+
+;; ANSWERS:
+sigexpired.nsec3.tjeb.nl.	286	IN	A	178.18.82.80
+sigexpired.nsec3.tjeb.nl.	286	IN	RRSIG	A 7 4 600 20100520094957 20090520094957 22928 sigexpired.nsec3.tjeb.nl. DsCkOAQ7CZhHBao7r2AU9x705AqbCEJ5b0J+zEKzNEjC7pDvy7RrBcwgvKhiwhNblvBvPU6LXl11qKddb0mHSRrR5neJ3LXiAEeig4TAT+IsFk79XJl6TAcCTAXYPbpYf8cbtgYbyAOTS9JDmej4aKP4B8vpB0cXRlWmWKj/8NU=
+
+;; AUTHORITY RECORDS:
+sigexpired.nsec3.tjeb.nl.	286	IN	NS	ns2.tjeb.nl.
+sigexpired.nsec3.tjeb.nl.	286	IN	RRSIG	NS 7 4 600 20100520094957 20090520094957 22928 sigexpired.nsec3.tjeb.nl. HxSs03s9vuL+e5DYiRrFBGi7N6fOrzwZVPvJLFcjHEJ6P1u6vtspNFoOc2HOxAetdxHeUdrPCxvrvrbnQLW4u6oobu0N7zKtF+lytCbDVyl2gUYADayf3XnG4uxUolUkU8QZuOYiLPkTNzL3k+PjAzqsCmUeNwdUbeJLOKFcD8Q=
+
+;; ADDITIONAL RECORDS:
+ns2.tjeb.nl.		554	IN	A	195.169.221.157
+ns2.tjeb.nl.		554	IN	AAAA	2001:470:1f15:17ba:0:0:0:53
+ns2.tjeb.nl.		555	IN	RRSIG	A 8 3 3600 20130917053510 20130818045138 11499 tjeb.nl. pXJsbRFz7VdvCiKPuElW08X+THHEwYrSFmKl1qd4N7xaQQl9rwmnN48mfqz3ZsChbJdPKsJJ2xSIj9+PcJoXm1RX8TMZoHpCOGDAbZPfEMTgCpnRkfNTMEYgpH9y8pqV49w88ertZfbx5S8FMa7JmEr5y9axzNyW/x0ln3FnGyI=
+ns2.tjeb.nl.		555	IN	RRSIG	AAAA 8 3 3600 20130828183606 20130729175112 11499 tjeb.nl. 4ObrppiU3IGWmXezHtz7x3rVnkEZfhAxej2lo2zhg58UYIZqFN3WhvQS/iST1wP5jdqtCmhUMBAc1yQmGMyXFINbBHVlckyI7DrZt4vPOlTBkVqWqJIwi8mwZ3Tp//hFcRXqhvfGOj2K8x+4mnnRvnLNBKf/r/MW6E5R5R8+nZs=
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 833 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 54087
+;; flags: qr rd ra ad cd ; qd: 1 an: 3 au: 0 ad: 1 
+;; QUESTIONS:
+;;	., type = DNSKEY, class = IN
+
+;; ANSWERS:
+.			138547	IN	DNSKEY	257 3 8 AwEAAagAIKlVZrpC6Ia7gEzahOR+9W29euxhJhVVLOyQbSEW0O8gcCjFFVQUTf6v58fLjwBd0YI0EzrAcQqBGCzh/RStIoO8g0NfnfL2MTJRkxoXbfDaUeVPQuYEhg37NZWAJQ9VnMVDxP/VHL496M/QZxkjf5/Efucp2gaDX6RS6CXpoY68LsvPVjR0ZSwzz1apAzvN9dlzEheX7ICJBBtuA6G3LQpzW5hOA2hzCTMjJPJ8LbqF6dsV6DoBQzgul0sGIcGOYl7OyQdXfZ57relSQageu+ipAdTTJ25AsRTAoub8ONGcLmqrAmRLKBP1dfwhYB4N7knNnulqQxA+Uk1ihz0=
+.			138547	IN	DNSKEY	256 3 8 AwEAAcFTyWsmpTs49Q0FKVepUqft+7+c3elhdsfh+amh+orgWLcitLM1bBBiWe6eymWW0EakLZAG4tej28tyx4f+j37Q9VX+m5NAhO/Y0riQonVWfzxLGymx3Ti5x/x7VKvF5Y5hf5OWv2J7pvEumYFFCtu4glit9T9J85+i3UgqSHqf
+.			138547	IN	RRSIG	DNSKEY 8 0 172800 20130903235959 20130820000000 19036 . fGmWbtROfDQ5bFTrhIQDesRvY2viY1/7Qzg7WHHH8g78QONdl33t10P9rSHwjN2JdgZ3Jbnwu/2LOFCKpwV5Ei5w9A3oUW5jcq/wnC/oKSVfvoHJ4zzJ/11KCMi1sGVUwHRf2BeNMvf8Kjpb59oUMx85NjWkIxlZYZDsC/cemeRcm1aaYrzIAS+rxck8Wmx9+1cEz/KF/w2C0sZSiMJL52Jda5XBv/24obY1NLlUHTNIQVxktAS6e5bPtHNve4zbb0YGI0QUbtIO6Bh56CoE5vnHo5bDdBY6Kdo9VOlZd4AGm1Nw9z2HLyftJanqGd495azQ6uLV6x9QN6LZ4WBVwg==
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 736 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 11045
+;; flags: qr rd ra cd ; qd: 1 an: 2 au: 0 ad: 1 
+;; QUESTIONS:
+;;	nl., type = DS, class = IN
+
+;; ANSWERS:
+nl.			83354	IN	DS	21362 8 2 881D17ECCD7FD67F1086247611CCB7FB8646E82D0074AA91E980B016FD3EDE98
+nl.			83354	IN	RRSIG	DS 8 1 86400 20130827000000 20130819230000 49656 . LeBOQAStOr5mLRIDTX893FlBFMKap/amWnaHKgKs6ip/B93jAuoPXJggBPnGGvFrVEuTK8JJOi55FHOEOvKjzg6qDswY+DbqGIdmYOD/SaXv0FqF/iuAbrrNaYXj50MexeHKgExNcEd5mrFk9eQh5T5w7QLjeQG9InVTvoXK5G0=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 238 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 13198
+;; flags: qr rd ra cd ; qd: 1 an: 3 au: 0 ad: 1 
+;; QUESTIONS:
+;;	nl., type = DNSKEY, class = IN
+
+;; ANSWERS:
+nl.			4154	IN	DNSKEY	256 3 8 AwEAAaq7dp+Ez3A1naHOO0A1zAIfcRtGzYRSptT7NOxuw9mKNXf3Z0258r+l4ghNYbnf5ZhAUUMrah7ydNBu5gz9z1y+hJFhm7cPl13rtYmhbMcQoF89ERdCD586HFtgE1RCggGRy/cxp+VDG7N3gheAjbSdAChMSPE2sGC11CFPuEx7
+nl.			4154	IN	DNSKEY	257 3 8 AwEAAbgqMqYHpmZrqQd3zFNOzYv2lw8bWBnrtK9TjlwK/ZBYMwKGR6TNbmMuwdjebpIE2vFxTHGLQfb2PmUJpazAGkG0fUaqrjuIU99Qbe5hwLYXqyGe2Mm+ZNRsomBxhluR/ky/XX4V1TjTqeXYH4gkzEs7I6og5IE0tKyhhpU38XHtuFVj7uunIAWGn5g9tZ0ZNnv8CkwLE5hLmRf+AoNTd483ZBX4FUT32KbF6XV3ikctXbsMe2GqGlIf0gMqJQbNvYf1NuNMbxauh9YavEQ0yaavI1hz5eLMJRruq4wDTyRnMJHupxY69oZZ9IbIsEf0FurtaA7fXrAxqcfEfARr4b0=
+nl.			4154	IN	RRSIG	DNSKEY 8 1 7200 20130902072242 20130819161003 21362 nl. MB0vdAiJIq7TAfodDKy5uGVu0idlJ49vIFs7pDBWvcSfv/7aUohEODQ/b9m0QrZacJz/yssm/pgLyQJckdsyfCWxJ71F2XnJmoZwTRtBVWSArbuDqZx2sisGljn46C5PokGNTVz7stMpLgrp2UBtbkKIUcFxVOkP1aMoAEC2te7EG68Cl/uaAJsphxgU4TyccSJes1QxEwAXpra/apnk/I35Cx67NJzVXOitTSmIh6qI6fjlDIxX30PUyyZsW5bcjJc41wCRpzpFy5d5GCrwqfPLM9ycDcL2LTp5JtGAldzMZ72Jyr6bzVAc7/8DkB4m5EgGjQ8EnbqKcs2aI+XpcQ==
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 745 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 38179
+;; flags: qr rd ra cd ; qd: 1 an: 2 au: 0 ad: 1 
+;; QUESTIONS:
+;;	tjeb.nl., type = DS, class = IN
+
+;; ANSWERS:
+tjeb.nl.		4153	IN	DS	17992 8 2 764501411DE58E8618945054A3F620B36202E115D015A7773F4B78E0F952CECA
+tjeb.nl.		4153	IN	RRSIG	DS 8 2 7200 20130830191348 20130816101003 11604 nl. EJl0DMR81ffQRZAcB0wLXtNsUwNtcXkri9GHO8GkjZtlrzhk6jODf1xwFmD7vFCGMBcXqqHZYYWs5IjYUrrdrtFq6ePKfKc1pHs51EoTJdJvjLlShDWN2U9FTfXLjMiVpyL4d3o3ZaPPSQiqiaZINneqzDVyXXan9o8PMBbW7Sg=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 246 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 5863
+;; flags: qr rd ra cd ; qd: 1 an: 4 au: 0 ad: 1 
+;; QUESTIONS:
+;;	tjeb.nl., type = DNSKEY, class = IN
+
+;; ANSWERS:
+tjeb.nl.		553	IN	DNSKEY	256 3 8 AwEAAee4BKqSMI/wEKdLXQyn+TzOjEMWG5IXy+WRGw+6MiKrbLit60eJxNXszf/zR55UUtMqP76lAFkFwZgpmUs6ac3pYOTUYRVFjjG1/hnUF1/thd9uZLe1E3gwa5m6dcOHaspG5xYsJ2wEBmYj1z1xTh70892PwxVR9R9GMKh4YyNt
+tjeb.nl.		553	IN	DNSKEY	257 3 8 AwEAAcHR47QfC0dlPEQkAsKRh3VYFvUKlIerSdlT7HBS3/NOQ6ghVs9uYskdbs2pLSRbu4CSu6X0MgKZO0lxoJhi6FqBa33Oc0Mmp/dd6AW4pNdZa4icP6fKT+HcPbLU9dUsrjDo13iXgUy3gls5BLG9KnTaLzWs9KmxTInBUHFLjZa70Fl+ILNfJ/e1D6eX3C104nmGSWpO6OB+nQDz46ra23eGJ7EeNAu1/uhPcqeXg3HWKjqHTzQW5XxVyMhdXx/ILC3SZhsqNqlkKZjmmHbg7V1+iograUg1XEaxaOE25W9jrzvQnMxlZT8I9LTyyi1YArvxMCTcGkNWRi4Ca4/HEDs=
+tjeb.nl.		553	IN	RRSIG	DNSKEY 8 2 3600 20130917040339 20130818034238 11499 tjeb.nl. ocva2TybPLT8eY4pSxeawEpQ0AM7rvqdGwA3msbiwgPWpW/VfgPWBiN5cZg6PDQA2+Z+BWuK1qgCGFcGEwcWdQ9hm0AsT9pFD8xAFCyNNxYxRiMRFiDop33ZpE2N4S5ukfVVbPa1YHVZ2qzW+RZbb7HjYg4xOJiQKhNuaUEK1b8=
+tjeb.nl.		553	IN	RRSIG	DNSKEY 8 2 3600 20130917040339 20130818034238 17992 tjeb.nl. iqa2i2rUfeHGNHYlkbeSBfULinAmRg9qcsCzTdzlv7MhI0EJZn9LXOlpVA8fi1a1plpIub7qFt5Uu1fzatmlZU48RBxFGINQO4Ad0SKqDFg0WdbwMjwvFJxRmqFvsLhm4eZhOxRx5bCpa/UtTawzY2D5IGH7GGdn8pA0Fa1Dvv32Fw4eNjlcq/Y5xEs1j1ar/qDcG9EyG00O0L+DEc4TREXpPe+PoZkMoRL+glC8IqZ3jJc56O8wugzvJomZNFiaLXGmr2H/XMayhLVpm7ncTeaDknK7aJu0Z/jnATjoc9nyP8t2/Rcw53781pDP1sJlSmfVn/Xpz/MAfY6HQSTPOg==
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 922 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 25050
+;; flags: qr rd ra cd ; qd: 1 an: 3 au: 0 ad: 1 
+;; QUESTIONS:
+;;	nsec3.tjeb.nl., type = DS, class = IN
+
+;; ANSWERS:
+nsec3.tjeb.nl.		554	IN	DS	33022 7 1 A9BBB2B6B619282B263474B19BDBA7A724A11F9E
+nsec3.tjeb.nl.		554	IN	DS	21665 7 2 40B5D47EC3AD05AF64CA91478408DE035AA64F7CAF7FC372958C80033B330377
+nsec3.tjeb.nl.		554	IN	RRSIG	DS 8 3 3600 20130917053510 20130818045138 11499 tjeb.nl. SXiF+5inBiEVdfFredApgDrdJ/qu6/sjIQ1Ek4M+ldzrgfjtG+HDFTH3A+cs79Mfeq62yUuQpYLGrkZ5Ok9G/4j7lhzdIGX7VZqOqA5TecpjtnATvHaUH1+3nhHYTMCZbDe4wMzsMBnjcNLVbTq+t+UhLKhiq6nsI4xt8TA4fVQ=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 293 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 5411
+;; flags: qr rd ra cd ; qd: 1 an: 2 au: 0 ad: 1 
+;; QUESTIONS:
+;;	nsec3.tjeb.nl., type = DNSKEY, class = IN
+
+;; ANSWERS:
+nsec3.tjeb.nl.		554	IN	DNSKEY	256 3 7 AwEAAdWgR6bilcX8UdjeVDenTLcnR6AsrSYXpYccj8QF103GPzDkoLLkh9KS4/obiRYs8BRGotSZK7QT1Ew/xWml425bR0JzOgajHF0Au01M/TtvLSA/Vf4jFqXfFwSBCMWtZGbspSj3SEiILaHmdsyfS0KpqJwF8f+hnOdwmHYEmMkh
+nsec3.tjeb.nl.		554	IN	RRSIG	DNSKEY 7 3 3600 20160101000000 20120416140921 21665 nsec3.tjeb.nl. B/gmYobsGg2zcwEwkTHrYp3xt3claIM4YFKJiqZk3A9H4thBv+9kjmlF9Mt1PHAHtbxAmtYOyuPLuFGLbNWn/qCgjP6ShKHInY5nJMqTsL1Sf3kGhxcKsHR4wUjFKg0eyaFUel1Dm88W6yeWhMWj6vAz0C+LtT/mZnJabN4WQnY=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 363 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 62061
+;; flags: qr rd ra cd ; qd: 1 an: 2 au: 0 ad: 1 
+;; QUESTIONS:
+;;	sigexpired.nsec3.tjeb.nl., type = DS, class = IN
+
+;; ANSWERS:
+sigexpired.nsec3.tjeb.nl.	556	IN	DS	22928 7 1 E6E3CB649AB6A75A3CC63DA102F732209ACC3446
+sigexpired.nsec3.tjeb.nl.	556	IN	RRSIG	DS 7 4 3600 20110417140921 20100417140921 21665 nsec3.tjeb.nl. vYYJzFbjol1BQVj+ERludhem01UT1DTMGvcjicDluoMXivinuXFB9QX+Ke5AZscUiRFHpkwJHEC5t66Z+2GUHGxIA2/p8bym2pnrVFUq2e/rZS4wr3Ge2BKkerwLDpxmHd8VBnxodFlk6b4GqUJymAQf6PUfkAf6RBYdASEdBbY=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 262 bytes
+
+###############################################
+
diff --git a/src/test/resources/recordings/org_xbill_DNS_dnssec_TestInvalid/testInvalid_unknownalgorithm.dnssec b/src/test/resources/recordings/org_xbill_DNS_dnssec_TestInvalid/testInvalid_unknownalgorithm.dnssec
new file mode 100644
index 000000000..37ab1cfed
--- /dev/null
+++ b/src/test/resources/recordings/org_xbill_DNS_dnssec_TestInvalid/testInvalid_unknownalgorithm.dnssec
@@ -0,0 +1,173 @@
+#Date: 2013-08-21T00:06:15+02:00
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 61852
+;; flags: qr rd ra cd ; qd: 1 an: 2 au: 2 ad: 5 
+;; QUESTIONS:
+;;	unknownalgorithm.dnssec.tjeb.nl., type = A, class = IN
+
+;; ANSWERS:
+unknownalgorithm.dnssec.tjeb.nl.	285	IN	A	178.18.82.80
+unknownalgorithm.dnssec.tjeb.nl.	285	IN	RRSIG	A 200 4 600 20200101000000 20120627091948 53226 unknownalgorithm.dnssec.tjeb.nl. tQyez4lEr7JzTX72UeaYwUFE5oogVrrQm2VGn3D70LP8oiIuWs8DH4NPBg2dkMcamTiDSH+BoVrk+SWCfJ4xMoolWhrzqioLIHuypSEfM6OkjxH6/0XluyecbBbAPbSvm4K/uREHglmskcg5qDdfX5rc34lyhjwE7ymYRPnwAEo=
+
+;; AUTHORITY RECORDS:
+unknownalgorithm.dnssec.tjeb.nl.	285	IN	NS	ns2.tjeb.nl.
+unknownalgorithm.dnssec.tjeb.nl.	285	IN	RRSIG	NS 200 4 600 20200101000000 20120627091948 53226 unknownalgorithm.dnssec.tjeb.nl. NgvVRuG8jngOxSehdNhwpMRreJ2GhosG7Jq9hhwn6T2y3JtPGdPnZ2YLivP78cDuAVF6VV7WzbaHxWnuBegAfzKU2kSl1x885AboLQ3jniRchSUfgoWKSJWXhDtXcGL6fwWqXeA3Er4ww8E72FAVKczuexhIa1Sv2pr2AdLTROA=
+
+;; ADDITIONAL RECORDS:
+ns2.tjeb.nl.		554	IN	A	195.169.221.157
+ns2.tjeb.nl.		554	IN	AAAA	2001:470:1f15:17ba:0:0:0:53
+ns2.tjeb.nl.		555	IN	RRSIG	A 8 3 3600 20130917053510 20130818045138 11499 tjeb.nl. pXJsbRFz7VdvCiKPuElW08X+THHEwYrSFmKl1qd4N7xaQQl9rwmnN48mfqz3ZsChbJdPKsJJ2xSIj9+PcJoXm1RX8TMZoHpCOGDAbZPfEMTgCpnRkfNTMEYgpH9y8pqV49w88ertZfbx5S8FMa7JmEr5y9axzNyW/x0ln3FnGyI=
+ns2.tjeb.nl.		555	IN	RRSIG	AAAA 8 3 3600 20130828183606 20130729175112 11499 tjeb.nl. 4ObrppiU3IGWmXezHtz7x3rVnkEZfhAxej2lo2zhg58UYIZqFN3WhvQS/iST1wP5jdqtCmhUMBAc1yQmGMyXFINbBHVlckyI7DrZt4vPOlTBkVqWqJIwi8mwZ3Tp//hFcRXqhvfGOj2K8x+4mnnRvnLNBKf/r/MW6E5R5R8+nZs=
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 854 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 33817
+;; flags: qr rd ra ad cd ; qd: 1 an: 3 au: 0 ad: 1 
+;; QUESTIONS:
+;;	., type = DNSKEY, class = IN
+
+;; ANSWERS:
+.			138547	IN	DNSKEY	256 3 8 AwEAAcFTyWsmpTs49Q0FKVepUqft+7+c3elhdsfh+amh+orgWLcitLM1bBBiWe6eymWW0EakLZAG4tej28tyx4f+j37Q9VX+m5NAhO/Y0riQonVWfzxLGymx3Ti5x/x7VKvF5Y5hf5OWv2J7pvEumYFFCtu4glit9T9J85+i3UgqSHqf
+.			138547	IN	DNSKEY	257 3 8 AwEAAagAIKlVZrpC6Ia7gEzahOR+9W29euxhJhVVLOyQbSEW0O8gcCjFFVQUTf6v58fLjwBd0YI0EzrAcQqBGCzh/RStIoO8g0NfnfL2MTJRkxoXbfDaUeVPQuYEhg37NZWAJQ9VnMVDxP/VHL496M/QZxkjf5/Efucp2gaDX6RS6CXpoY68LsvPVjR0ZSwzz1apAzvN9dlzEheX7ICJBBtuA6G3LQpzW5hOA2hzCTMjJPJ8LbqF6dsV6DoBQzgul0sGIcGOYl7OyQdXfZ57relSQageu+ipAdTTJ25AsRTAoub8ONGcLmqrAmRLKBP1dfwhYB4N7knNnulqQxA+Uk1ihz0=
+.			138547	IN	RRSIG	DNSKEY 8 0 172800 20130903235959 20130820000000 19036 . fGmWbtROfDQ5bFTrhIQDesRvY2viY1/7Qzg7WHHH8g78QONdl33t10P9rSHwjN2JdgZ3Jbnwu/2LOFCKpwV5Ei5w9A3oUW5jcq/wnC/oKSVfvoHJ4zzJ/11KCMi1sGVUwHRf2BeNMvf8Kjpb59oUMx85NjWkIxlZYZDsC/cemeRcm1aaYrzIAS+rxck8Wmx9+1cEz/KF/w2C0sZSiMJL52Jda5XBv/24obY1NLlUHTNIQVxktAS6e5bPtHNve4zbb0YGI0QUbtIO6Bh56CoE5vnHo5bDdBY6Kdo9VOlZd4AGm1Nw9z2HLyftJanqGd495azQ6uLV6x9QN6LZ4WBVwg==
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 736 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 39454
+;; flags: qr rd ra cd ; qd: 1 an: 2 au: 0 ad: 1 
+;; QUESTIONS:
+;;	nl., type = DS, class = IN
+
+;; ANSWERS:
+nl.			83354	IN	DS	21362 8 2 881D17ECCD7FD67F1086247611CCB7FB8646E82D0074AA91E980B016FD3EDE98
+nl.			83354	IN	RRSIG	DS 8 1 86400 20130827000000 20130819230000 49656 . LeBOQAStOr5mLRIDTX893FlBFMKap/amWnaHKgKs6ip/B93jAuoPXJggBPnGGvFrVEuTK8JJOi55FHOEOvKjzg6qDswY+DbqGIdmYOD/SaXv0FqF/iuAbrrNaYXj50MexeHKgExNcEd5mrFk9eQh5T5w7QLjeQG9InVTvoXK5G0=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 238 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 49985
+;; flags: qr rd ra cd ; qd: 1 an: 3 au: 0 ad: 1 
+;; QUESTIONS:
+;;	nl., type = DNSKEY, class = IN
+
+;; ANSWERS:
+nl.			4154	IN	DNSKEY	256 3 8 AwEAAaq7dp+Ez3A1naHOO0A1zAIfcRtGzYRSptT7NOxuw9mKNXf3Z0258r+l4ghNYbnf5ZhAUUMrah7ydNBu5gz9z1y+hJFhm7cPl13rtYmhbMcQoF89ERdCD586HFtgE1RCggGRy/cxp+VDG7N3gheAjbSdAChMSPE2sGC11CFPuEx7
+nl.			4154	IN	DNSKEY	257 3 8 AwEAAbgqMqYHpmZrqQd3zFNOzYv2lw8bWBnrtK9TjlwK/ZBYMwKGR6TNbmMuwdjebpIE2vFxTHGLQfb2PmUJpazAGkG0fUaqrjuIU99Qbe5hwLYXqyGe2Mm+ZNRsomBxhluR/ky/XX4V1TjTqeXYH4gkzEs7I6og5IE0tKyhhpU38XHtuFVj7uunIAWGn5g9tZ0ZNnv8CkwLE5hLmRf+AoNTd483ZBX4FUT32KbF6XV3ikctXbsMe2GqGlIf0gMqJQbNvYf1NuNMbxauh9YavEQ0yaavI1hz5eLMJRruq4wDTyRnMJHupxY69oZZ9IbIsEf0FurtaA7fXrAxqcfEfARr4b0=
+nl.			4154	IN	RRSIG	DNSKEY 8 1 7200 20130902072242 20130819161003 21362 nl. MB0vdAiJIq7TAfodDKy5uGVu0idlJ49vIFs7pDBWvcSfv/7aUohEODQ/b9m0QrZacJz/yssm/pgLyQJckdsyfCWxJ71F2XnJmoZwTRtBVWSArbuDqZx2sisGljn46C5PokGNTVz7stMpLgrp2UBtbkKIUcFxVOkP1aMoAEC2te7EG68Cl/uaAJsphxgU4TyccSJes1QxEwAXpra/apnk/I35Cx67NJzVXOitTSmIh6qI6fjlDIxX30PUyyZsW5bcjJc41wCRpzpFy5d5GCrwqfPLM9ycDcL2LTp5JtGAldzMZ72Jyr6bzVAc7/8DkB4m5EgGjQ8EnbqKcs2aI+XpcQ==
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 745 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 47474
+;; flags: qr rd ra cd ; qd: 1 an: 2 au: 0 ad: 1 
+;; QUESTIONS:
+;;	tjeb.nl., type = DS, class = IN
+
+;; ANSWERS:
+tjeb.nl.		4154	IN	DS	17992 8 2 764501411DE58E8618945054A3F620B36202E115D015A7773F4B78E0F952CECA
+tjeb.nl.		4154	IN	RRSIG	DS 8 2 7200 20130830191348 20130816101003 11604 nl. EJl0DMR81ffQRZAcB0wLXtNsUwNtcXkri9GHO8GkjZtlrzhk6jODf1xwFmD7vFCGMBcXqqHZYYWs5IjYUrrdrtFq6ePKfKc1pHs51EoTJdJvjLlShDWN2U9FTfXLjMiVpyL4d3o3ZaPPSQiqiaZINneqzDVyXXan9o8PMBbW7Sg=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 246 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 12203
+;; flags: qr rd ra cd ; qd: 1 an: 4 au: 0 ad: 1 
+;; QUESTIONS:
+;;	tjeb.nl., type = DNSKEY, class = IN
+
+;; ANSWERS:
+tjeb.nl.		554	IN	DNSKEY	257 3 8 AwEAAcHR47QfC0dlPEQkAsKRh3VYFvUKlIerSdlT7HBS3/NOQ6ghVs9uYskdbs2pLSRbu4CSu6X0MgKZO0lxoJhi6FqBa33Oc0Mmp/dd6AW4pNdZa4icP6fKT+HcPbLU9dUsrjDo13iXgUy3gls5BLG9KnTaLzWs9KmxTInBUHFLjZa70Fl+ILNfJ/e1D6eX3C104nmGSWpO6OB+nQDz46ra23eGJ7EeNAu1/uhPcqeXg3HWKjqHTzQW5XxVyMhdXx/ILC3SZhsqNqlkKZjmmHbg7V1+iograUg1XEaxaOE25W9jrzvQnMxlZT8I9LTyyi1YArvxMCTcGkNWRi4Ca4/HEDs=
+tjeb.nl.		554	IN	DNSKEY	256 3 8 AwEAAee4BKqSMI/wEKdLXQyn+TzOjEMWG5IXy+WRGw+6MiKrbLit60eJxNXszf/zR55UUtMqP76lAFkFwZgpmUs6ac3pYOTUYRVFjjG1/hnUF1/thd9uZLe1E3gwa5m6dcOHaspG5xYsJ2wEBmYj1z1xTh70892PwxVR9R9GMKh4YyNt
+tjeb.nl.		554	IN	RRSIG	DNSKEY 8 2 3600 20130917040339 20130818034238 11499 tjeb.nl. ocva2TybPLT8eY4pSxeawEpQ0AM7rvqdGwA3msbiwgPWpW/VfgPWBiN5cZg6PDQA2+Z+BWuK1qgCGFcGEwcWdQ9hm0AsT9pFD8xAFCyNNxYxRiMRFiDop33ZpE2N4S5ukfVVbPa1YHVZ2qzW+RZbb7HjYg4xOJiQKhNuaUEK1b8=
+tjeb.nl.		554	IN	RRSIG	DNSKEY 8 2 3600 20130917040339 20130818034238 17992 tjeb.nl. iqa2i2rUfeHGNHYlkbeSBfULinAmRg9qcsCzTdzlv7MhI0EJZn9LXOlpVA8fi1a1plpIub7qFt5Uu1fzatmlZU48RBxFGINQO4Ad0SKqDFg0WdbwMjwvFJxRmqFvsLhm4eZhOxRx5bCpa/UtTawzY2D5IGH7GGdn8pA0Fa1Dvv32Fw4eNjlcq/Y5xEs1j1ar/qDcG9EyG00O0L+DEc4TREXpPe+PoZkMoRL+glC8IqZ3jJc56O8wugzvJomZNFiaLXGmr2H/XMayhLVpm7ncTeaDknK7aJu0Z/jnATjoc9nyP8t2/Rcw53781pDP1sJlSmfVn/Xpz/MAfY6HQSTPOg==
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 922 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 29046
+;; flags: qr rd ra cd ; qd: 1 an: 2 au: 0 ad: 1 
+;; QUESTIONS:
+;;	dnssec.tjeb.nl., type = DS, class = IN
+
+;; ANSWERS:
+dnssec.tjeb.nl.		554	IN	DS	8340 5 1 5733A59841EA708AE9223822124B07B555E17332
+dnssec.tjeb.nl.		554	IN	RRSIG	DS 8 3 3600 20130917051704 20130818051644 11499 tjeb.nl. WfurllImGCRujmNfI0ZBtJrmQgSo/68lGSTo95J8YBIm2W9iUqsFI+LwKj3F2QEwz3SsJ2c1mDWiAvkptSq9LgqdLgBJpjDtHNg7fGHdZyvffjlj/+I4ePZG+7Lk5mpNmUmkhx8tgDJiCHMTgfjPl4nAjPxdUPjD59GStEKBT2E=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 246 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 32116
+;; flags: qr rd ra cd ; qd: 1 an: 2 au: 0 ad: 1 
+;; QUESTIONS:
+;;	dnssec.tjeb.nl., type = DNSKEY, class = IN
+
+;; ANSWERS:
+dnssec.tjeb.nl.		555	IN	DNSKEY	256 3 5 AwEAAdSl9MRil0yoBBkAGGHhxJIRyB//+lfi+ftbTh3a3pDoukvRahssEOKRjiNfmaoQRHbZA4HTqWxIHlu0CzhOc/e5phBPY2oEnGWKmFQRihJVYd2lwjwCTZNKHUz0PhN6PBM8/xlFAyBWduM1ldZf7sge2rod3xx8mZjhVekRnw+P
+dnssec.tjeb.nl.		555	IN	RRSIG	DNSKEY 5 3 3600 20150101000000 20120726165632 8340 dnssec.tjeb.nl. EcmwD5XSZMN8hc1opbI+0+x/6gQ5OukiFl746FJLBM9fUdcYb7A3GnJ9qyWRqvaEPSq2FuzfE2zmW7+YQRHlUxP/INk2ffjDJJwcrIUtgbJv8J+ztWl0L5crReEL5eYpgetG4xgGDT19W+Bd0EHg2YP3o1VHJvV8qzDQxam2NKI=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 365 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 50593
+;; flags: qr rd ra cd ; qd: 1 an: 2 au: 0 ad: 1 
+;; QUESTIONS:
+;;	unknownalgorithm.dnssec.tjeb.nl., type = DS, class = IN
+
+;; ANSWERS:
+unknownalgorithm.dnssec.tjeb.nl.	285	IN	DS	53226 5 1 C7D58D23493A940041658E85BDBC03E2ED9F2690
+unknownalgorithm.dnssec.tjeb.nl.	285	IN	RRSIG	DS 200 4 600 20150101000000 20120726165632 8340 dnssec.tjeb.nl. bew64pyLZ5sNhEybacmvNhcs7iU1HI42SXctSdv54jdrRacG5U9kXGLubDx23xKX4ffXAefTyDL+frfRBFp7LF1Jw3CesZvnrJA4iwNi4tA+CtqNEPegnWm2HHPbelcuwxkCx0VLBzdKsm96kqezM8awljFZEl/PUik3PUhk6CY=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 270 bytes
+
+###############################################
+
diff --git a/src/test/resources/recordings/org_xbill_DNS_dnssec_TestInvalid/testInvalid_unknownalgorithm.nsec3 b/src/test/resources/recordings/org_xbill_DNS_dnssec_TestInvalid/testInvalid_unknownalgorithm.nsec3
new file mode 100644
index 000000000..de639da12
--- /dev/null
+++ b/src/test/resources/recordings/org_xbill_DNS_dnssec_TestInvalid/testInvalid_unknownalgorithm.nsec3
@@ -0,0 +1,174 @@
+#Date: 2013-08-21T00:06:16+02:00
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 21525
+;; flags: qr rd ra cd ; qd: 1 an: 2 au: 2 ad: 5 
+;; QUESTIONS:
+;;	unknownalgorithm.nsec3.tjeb.nl., type = A, class = IN
+
+;; ANSWERS:
+unknownalgorithm.nsec3.tjeb.nl.	285	IN	A	178.18.82.80
+unknownalgorithm.nsec3.tjeb.nl.	285	IN	RRSIG	A 200 4 600 20150101000000 20110520094958 39629 unknownalgorithm.nsec3.tjeb.nl. xI243fqO7RkuWgmyiK9OSNUQ45hOGGZmm1N+J6xwi3V8QkQtmWHpOgmtbMS/A3OTOwFb6vd2VV+LrARLZYY/lRou+vkVrL0vLxcageOJmEkedI8S8HP/U/g4VSJj3uMlxqgLOxeCAGXmqFxljMH5tPuicjzUiVnc/c0SKj8O0vs=
+
+;; AUTHORITY RECORDS:
+unknownalgorithm.nsec3.tjeb.nl.	285	IN	NS	ns2.tjeb.nl.
+unknownalgorithm.nsec3.tjeb.nl.	285	IN	RRSIG	NS 200 4 600 20150101000000 20110520094958 39629 unknownalgorithm.nsec3.tjeb.nl. pMcWMv8kW8AyLrvwGDVea3wpxee84EPZn4cmNJISZhWInbxZo8BtOtJHSpwWbY5Nh1Z0qd0tJrhBI7Ek3Lszda/2Tz/PEh9WUXEyPQ67CgZW7l/NH1xZPEfP4Q0883j+t25F7bhXgdW8qHpXPpkKy9TjxiR7alQ4l5WNIDtI2k8=
+
+;; ADDITIONAL RECORDS:
+ns2.tjeb.nl.		554	IN	A	195.169.221.157
+ns2.tjeb.nl.		554	IN	AAAA	2001:470:1f15:17ba:0:0:0:53
+ns2.tjeb.nl.		555	IN	RRSIG	A 8 3 3600 20130917053510 20130818045138 11499 tjeb.nl. pXJsbRFz7VdvCiKPuElW08X+THHEwYrSFmKl1qd4N7xaQQl9rwmnN48mfqz3ZsChbJdPKsJJ2xSIj9+PcJoXm1RX8TMZoHpCOGDAbZPfEMTgCpnRkfNTMEYgpH9y8pqV49w88ertZfbx5S8FMa7JmEr5y9axzNyW/x0ln3FnGyI=
+ns2.tjeb.nl.		555	IN	RRSIG	AAAA 8 3 3600 20130828183606 20130729175112 11499 tjeb.nl. 4ObrppiU3IGWmXezHtz7x3rVnkEZfhAxej2lo2zhg58UYIZqFN3WhvQS/iST1wP5jdqtCmhUMBAc1yQmGMyXFINbBHVlckyI7DrZt4vPOlTBkVqWqJIwi8mwZ3Tp//hFcRXqhvfGOj2K8x+4mnnRvnLNBKf/r/MW6E5R5R8+nZs=
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 851 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 29473
+;; flags: qr rd ra ad cd ; qd: 1 an: 3 au: 0 ad: 1 
+;; QUESTIONS:
+;;	., type = DNSKEY, class = IN
+
+;; ANSWERS:
+.			138547	IN	DNSKEY	256 3 8 AwEAAcFTyWsmpTs49Q0FKVepUqft+7+c3elhdsfh+amh+orgWLcitLM1bBBiWe6eymWW0EakLZAG4tej28tyx4f+j37Q9VX+m5NAhO/Y0riQonVWfzxLGymx3Ti5x/x7VKvF5Y5hf5OWv2J7pvEumYFFCtu4glit9T9J85+i3UgqSHqf
+.			138547	IN	DNSKEY	257 3 8 AwEAAagAIKlVZrpC6Ia7gEzahOR+9W29euxhJhVVLOyQbSEW0O8gcCjFFVQUTf6v58fLjwBd0YI0EzrAcQqBGCzh/RStIoO8g0NfnfL2MTJRkxoXbfDaUeVPQuYEhg37NZWAJQ9VnMVDxP/VHL496M/QZxkjf5/Efucp2gaDX6RS6CXpoY68LsvPVjR0ZSwzz1apAzvN9dlzEheX7ICJBBtuA6G3LQpzW5hOA2hzCTMjJPJ8LbqF6dsV6DoBQzgul0sGIcGOYl7OyQdXfZ57relSQageu+ipAdTTJ25AsRTAoub8ONGcLmqrAmRLKBP1dfwhYB4N7knNnulqQxA+Uk1ihz0=
+.			138547	IN	RRSIG	DNSKEY 8 0 172800 20130903235959 20130820000000 19036 . fGmWbtROfDQ5bFTrhIQDesRvY2viY1/7Qzg7WHHH8g78QONdl33t10P9rSHwjN2JdgZ3Jbnwu/2LOFCKpwV5Ei5w9A3oUW5jcq/wnC/oKSVfvoHJ4zzJ/11KCMi1sGVUwHRf2BeNMvf8Kjpb59oUMx85NjWkIxlZYZDsC/cemeRcm1aaYrzIAS+rxck8Wmx9+1cEz/KF/w2C0sZSiMJL52Jda5XBv/24obY1NLlUHTNIQVxktAS6e5bPtHNve4zbb0YGI0QUbtIO6Bh56CoE5vnHo5bDdBY6Kdo9VOlZd4AGm1Nw9z2HLyftJanqGd495azQ6uLV6x9QN6LZ4WBVwg==
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 736 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 36416
+;; flags: qr rd ra cd ; qd: 1 an: 2 au: 0 ad: 1 
+;; QUESTIONS:
+;;	nl., type = DS, class = IN
+
+;; ANSWERS:
+nl.			83354	IN	DS	21362 8 2 881D17ECCD7FD67F1086247611CCB7FB8646E82D0074AA91E980B016FD3EDE98
+nl.			83354	IN	RRSIG	DS 8 1 86400 20130827000000 20130819230000 49656 . LeBOQAStOr5mLRIDTX893FlBFMKap/amWnaHKgKs6ip/B93jAuoPXJggBPnGGvFrVEuTK8JJOi55FHOEOvKjzg6qDswY+DbqGIdmYOD/SaXv0FqF/iuAbrrNaYXj50MexeHKgExNcEd5mrFk9eQh5T5w7QLjeQG9InVTvoXK5G0=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 238 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 4465
+;; flags: qr rd ra cd ; qd: 1 an: 3 au: 0 ad: 1 
+;; QUESTIONS:
+;;	nl., type = DNSKEY, class = IN
+
+;; ANSWERS:
+nl.			4154	IN	DNSKEY	256 3 8 AwEAAaq7dp+Ez3A1naHOO0A1zAIfcRtGzYRSptT7NOxuw9mKNXf3Z0258r+l4ghNYbnf5ZhAUUMrah7ydNBu5gz9z1y+hJFhm7cPl13rtYmhbMcQoF89ERdCD586HFtgE1RCggGRy/cxp+VDG7N3gheAjbSdAChMSPE2sGC11CFPuEx7
+nl.			4154	IN	DNSKEY	257 3 8 AwEAAbgqMqYHpmZrqQd3zFNOzYv2lw8bWBnrtK9TjlwK/ZBYMwKGR6TNbmMuwdjebpIE2vFxTHGLQfb2PmUJpazAGkG0fUaqrjuIU99Qbe5hwLYXqyGe2Mm+ZNRsomBxhluR/ky/XX4V1TjTqeXYH4gkzEs7I6og5IE0tKyhhpU38XHtuFVj7uunIAWGn5g9tZ0ZNnv8CkwLE5hLmRf+AoNTd483ZBX4FUT32KbF6XV3ikctXbsMe2GqGlIf0gMqJQbNvYf1NuNMbxauh9YavEQ0yaavI1hz5eLMJRruq4wDTyRnMJHupxY69oZZ9IbIsEf0FurtaA7fXrAxqcfEfARr4b0=
+nl.			4154	IN	RRSIG	DNSKEY 8 1 7200 20130902072242 20130819161003 21362 nl. MB0vdAiJIq7TAfodDKy5uGVu0idlJ49vIFs7pDBWvcSfv/7aUohEODQ/b9m0QrZacJz/yssm/pgLyQJckdsyfCWxJ71F2XnJmoZwTRtBVWSArbuDqZx2sisGljn46C5PokGNTVz7stMpLgrp2UBtbkKIUcFxVOkP1aMoAEC2te7EG68Cl/uaAJsphxgU4TyccSJes1QxEwAXpra/apnk/I35Cx67NJzVXOitTSmIh6qI6fjlDIxX30PUyyZsW5bcjJc41wCRpzpFy5d5GCrwqfPLM9ycDcL2LTp5JtGAldzMZ72Jyr6bzVAc7/8DkB4m5EgGjQ8EnbqKcs2aI+XpcQ==
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 745 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 37669
+;; flags: qr rd ra cd ; qd: 1 an: 2 au: 0 ad: 1 
+;; QUESTIONS:
+;;	tjeb.nl., type = DS, class = IN
+
+;; ANSWERS:
+tjeb.nl.		4154	IN	DS	17992 8 2 764501411DE58E8618945054A3F620B36202E115D015A7773F4B78E0F952CECA
+tjeb.nl.		4154	IN	RRSIG	DS 8 2 7200 20130830191348 20130816101003 11604 nl. EJl0DMR81ffQRZAcB0wLXtNsUwNtcXkri9GHO8GkjZtlrzhk6jODf1xwFmD7vFCGMBcXqqHZYYWs5IjYUrrdrtFq6ePKfKc1pHs51EoTJdJvjLlShDWN2U9FTfXLjMiVpyL4d3o3ZaPPSQiqiaZINneqzDVyXXan9o8PMBbW7Sg=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 246 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 31112
+;; flags: qr rd ra cd ; qd: 1 an: 4 au: 0 ad: 1 
+;; QUESTIONS:
+;;	tjeb.nl., type = DNSKEY, class = IN
+
+;; ANSWERS:
+tjeb.nl.		554	IN	DNSKEY	257 3 8 AwEAAcHR47QfC0dlPEQkAsKRh3VYFvUKlIerSdlT7HBS3/NOQ6ghVs9uYskdbs2pLSRbu4CSu6X0MgKZO0lxoJhi6FqBa33Oc0Mmp/dd6AW4pNdZa4icP6fKT+HcPbLU9dUsrjDo13iXgUy3gls5BLG9KnTaLzWs9KmxTInBUHFLjZa70Fl+ILNfJ/e1D6eX3C104nmGSWpO6OB+nQDz46ra23eGJ7EeNAu1/uhPcqeXg3HWKjqHTzQW5XxVyMhdXx/ILC3SZhsqNqlkKZjmmHbg7V1+iograUg1XEaxaOE25W9jrzvQnMxlZT8I9LTyyi1YArvxMCTcGkNWRi4Ca4/HEDs=
+tjeb.nl.		554	IN	DNSKEY	256 3 8 AwEAAee4BKqSMI/wEKdLXQyn+TzOjEMWG5IXy+WRGw+6MiKrbLit60eJxNXszf/zR55UUtMqP76lAFkFwZgpmUs6ac3pYOTUYRVFjjG1/hnUF1/thd9uZLe1E3gwa5m6dcOHaspG5xYsJ2wEBmYj1z1xTh70892PwxVR9R9GMKh4YyNt
+tjeb.nl.		554	IN	RRSIG	DNSKEY 8 2 3600 20130917040339 20130818034238 11499 tjeb.nl. ocva2TybPLT8eY4pSxeawEpQ0AM7rvqdGwA3msbiwgPWpW/VfgPWBiN5cZg6PDQA2+Z+BWuK1qgCGFcGEwcWdQ9hm0AsT9pFD8xAFCyNNxYxRiMRFiDop33ZpE2N4S5ukfVVbPa1YHVZ2qzW+RZbb7HjYg4xOJiQKhNuaUEK1b8=
+tjeb.nl.		554	IN	RRSIG	DNSKEY 8 2 3600 20130917040339 20130818034238 17992 tjeb.nl. iqa2i2rUfeHGNHYlkbeSBfULinAmRg9qcsCzTdzlv7MhI0EJZn9LXOlpVA8fi1a1plpIub7qFt5Uu1fzatmlZU48RBxFGINQO4Ad0SKqDFg0WdbwMjwvFJxRmqFvsLhm4eZhOxRx5bCpa/UtTawzY2D5IGH7GGdn8pA0Fa1Dvv32Fw4eNjlcq/Y5xEs1j1ar/qDcG9EyG00O0L+DEc4TREXpPe+PoZkMoRL+glC8IqZ3jJc56O8wugzvJomZNFiaLXGmr2H/XMayhLVpm7ncTeaDknK7aJu0Z/jnATjoc9nyP8t2/Rcw53781pDP1sJlSmfVn/Xpz/MAfY6HQSTPOg==
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 922 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 62047
+;; flags: qr rd ra cd ; qd: 1 an: 3 au: 0 ad: 1 
+;; QUESTIONS:
+;;	nsec3.tjeb.nl., type = DS, class = IN
+
+;; ANSWERS:
+nsec3.tjeb.nl.		555	IN	DS	21665 7 2 40B5D47EC3AD05AF64CA91478408DE035AA64F7CAF7FC372958C80033B330377
+nsec3.tjeb.nl.		555	IN	DS	33022 7 1 A9BBB2B6B619282B263474B19BDBA7A724A11F9E
+nsec3.tjeb.nl.		555	IN	RRSIG	DS 8 3 3600 20130917053510 20130818045138 11499 tjeb.nl. SXiF+5inBiEVdfFredApgDrdJ/qu6/sjIQ1Ek4M+ldzrgfjtG+HDFTH3A+cs79Mfeq62yUuQpYLGrkZ5Ok9G/4j7lhzdIGX7VZqOqA5TecpjtnATvHaUH1+3nhHYTMCZbDe4wMzsMBnjcNLVbTq+t+UhLKhiq6nsI4xt8TA4fVQ=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 293 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 9653
+;; flags: qr rd ra cd ; qd: 1 an: 2 au: 0 ad: 1 
+;; QUESTIONS:
+;;	nsec3.tjeb.nl., type = DNSKEY, class = IN
+
+;; ANSWERS:
+nsec3.tjeb.nl.		555	IN	DNSKEY	256 3 7 AwEAAdWgR6bilcX8UdjeVDenTLcnR6AsrSYXpYccj8QF103GPzDkoLLkh9KS4/obiRYs8BRGotSZK7QT1Ew/xWml425bR0JzOgajHF0Au01M/TtvLSA/Vf4jFqXfFwSBCMWtZGbspSj3SEiILaHmdsyfS0KpqJwF8f+hnOdwmHYEmMkh
+nsec3.tjeb.nl.		555	IN	RRSIG	DNSKEY 7 3 3600 20160101000000 20120416140921 21665 nsec3.tjeb.nl. B/gmYobsGg2zcwEwkTHrYp3xt3claIM4YFKJiqZk3A9H4thBv+9kjmlF9Mt1PHAHtbxAmtYOyuPLuFGLbNWn/qCgjP6ShKHInY5nJMqTsL1Sf3kGhxcKsHR4wUjFKg0eyaFUel1Dm88W6yeWhMWj6vAz0C+LtT/mZnJabN4WQnY=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 363 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 38423
+;; flags: qr rd ra cd ; qd: 1 an: 2 au: 0 ad: 1 
+;; QUESTIONS:
+;;	unknownalgorithm.nsec3.tjeb.nl., type = DS, class = IN
+
+;; ANSWERS:
+unknownalgorithm.nsec3.tjeb.nl.	557	IN	DS	39629 7 1 7C7A8C7309C1B974A6C00E8418BB3DE40F21CADB
+unknownalgorithm.nsec3.tjeb.nl.	557	IN	RRSIG	DS 200 4 3600 20160101000000 20120416140921 21665 nsec3.tjeb.nl. MCAkQ9lrNsU9jIlMgTk4/qAQLMKKr/nvWm7zd2PIZVyLJGXEJjSydol6Tczvgdz3VyZy0+6UP9JyEGt1TVcLbQr36SpLdxbxlyKf4I4A1d3mpL2QwKKnojGWwbtx8R7i1Ktw8JAsHsGLfFUe+THUL87HBjk1Vuly9+FzKNP1qHI=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 268 bytes
+
+###############################################
+
diff --git a/src/test/resources/recordings/org_xbill_DNS_dnssec_TestInvalid/testModifiedSignature b/src/test/resources/recordings/org_xbill_DNS_dnssec_TestInvalid/testModifiedSignature
new file mode 100644
index 000000000..b885bb06d
--- /dev/null
+++ b/src/test/resources/recordings/org_xbill_DNS_dnssec_TestInvalid/testModifiedSignature
@@ -0,0 +1,97 @@
+#Date: 2013-08-21T00:06:16+02:00
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 39790
+;; flags: qr rd ra ad cd ; qd: 1 an: 3 au: 0 ad: 1 
+;; QUESTIONS:
+;;	., type = DNSKEY, class = IN
+
+;; ANSWERS:
+.			138546	IN	DNSKEY	256 3 8 AwEAAcFTyWsmpTs49Q0FKVepUqft+7+c3elhdsfh+amh+orgWLcitLM1bBBiWe6eymWW0EakLZAG4tej28tyx4f+j37Q9VX+m5NAhO/Y0riQonVWfzxLGymx3Ti5x/x7VKvF5Y5hf5OWv2J7pvEumYFFCtu4glit9T9J85+i3UgqSHqf
+.			138546	IN	DNSKEY	257 3 8 AwEAAagAIKlVZrpC6Ia7gEzahOR+9W29euxhJhVVLOyQbSEW0O8gcCjFFVQUTf6v58fLjwBd0YI0EzrAcQqBGCzh/RStIoO8g0NfnfL2MTJRkxoXbfDaUeVPQuYEhg37NZWAJQ9VnMVDxP/VHL496M/QZxkjf5/Efucp2gaDX6RS6CXpoY68LsvPVjR0ZSwzz1apAzvN9dlzEheX7ICJBBtuA6G3LQpzW5hOA2hzCTMjJPJ8LbqF6dsV6DoBQzgul0sGIcGOYl7OyQdXfZ57relSQageu+ipAdTTJ25AsRTAoub8ONGcLmqrAmRLKBP1dfwhYB4N7knNnulqQxA+Uk1ihz0=
+.			138546	IN	RRSIG	DNSKEY 8 0 172800 20130903235959 20130820000000 19036 . fGmWbtROfDQ5bFTrhIQDesRvY2viY1/7Qzg7WHHH8g78QONdl33t10P9rSHwjN2JdgZ3Jbnwu/2LOFCKpwV5Ei5w9A3oUW5jcq/wnC/oKSVfvoHJ4zzJ/11KCMi1sGVUwHRf2BeNMvf8Kjpb59oUMx85NjWkIxlZYZDsC/cemeRcm1aaYrzIAS+rxck8Wmx9+1cEz/KF/w2C0sZSiMJL52Jda5XBv/24obY1NLlUHTNIQVxktAS6e5bPtHNve4zbb0YGI0QUbtIO6Bh56CoE5vnHo5bDdBY6Kdo9VOlZd4AGm1Nw9z2HLyftJanqGd495azQ6uLV6x9QN6LZ4WBVwg==
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 736 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 39048
+;; flags: qr rd ra ad cd ; qd: 1 an: 2 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ch., type = DS, class = IN
+
+;; ANSWERS:
+ch.			83338	IN	DS	22072 8 2 94E4C1E425B28150D8DD7C974E27E1A933C1D4B51E535177B52DFF3F807A8C94
+ch.			83338	IN	RRSIG	DS 8 1 86400 20130827000000 20130819230000 49656 . AuYFxV0Za5X6pLHTPxpmX8PBV8yODP6t5xcqlXSm9WNXjdpHs927Aa8mTgTtNOrtXWgTBQNhBhjrg1KxmV9To7eolWAgnLa6ZYM6FjO4PWkJxWye0UzufBCpjU5hIZ8P2E7BUyD+pFfO07+dr+44dXfV0eYiGYlyWQiO7SalOiE=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 238 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 5703
+;; flags: qr rd ra ad cd ; qd: 1 an: 4 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ch., type = DNSKEY, class = IN
+
+;; ANSWERS:
+ch.			83338	IN	DNSKEY	256 3 8 AwEAAbxjQGBSu3RdzMwH7MD1o5nuv3PZ+iGBPIX+sHKLTOVOzp0xGho//69OLYfJj8B5Fm5Id7IicmSb67qAkkOZHYqSVyjkbsF2FeNVj7lFhCGnQ4EcjFdU/vlbL49z34ILXVEQBHl3vMS40i9py9BoJ4XJIy0I+vKqO2DyvxGEx+j1
+ch.			83338	IN	DNSKEY	257 3 8 AwEAAeP0/M59JL65K0YWD0W+8k8x1T79hM4W2pi7cx0CxQULRd3udQnf/8ymUbKsPfVDMCXLQwW2evWHRu4B/OKnkRzDQsev7prdJ5UxAHWF4oFsWpGYx+A7WbqllTlmMFkV8bNz6TW6Trl4+RaLirt3ofRUFrJKyKCyNCKkxbtpFO6p6vP5K8V3CW854NndF3D/Xjz0s3nwd3dLwW3XVqi705mhJBvCSeorgsKMcY3PCBG6U5Twj/akb6P8I2nmoGsrIbtmvGk191zV5o4i8RTjk5DI6FcO5GL0J1w9sAiVYfXlN8wdyr90kqO6MGcvSQEItJCTaljyRT53bekbUhdRE50=
+ch.			83338	IN	DNSKEY	256 3 8 AwEAAaANwH4naX1c6xHWHYuFVHa7PLc9n7BPL8J3sa2LqKuQvQ1aTu3hIYAsO6c5wlDp4Pgw8HejPdEZC/VRBtHkXeWfe84IJ2731IQYjQGyD4rKq/L9VjD9bMlSjj6RtI7t4ItzEPlsSEEmEtXFLt8IDzq0xc2tQcec9PsfvvV5jIWN
+ch.			83338	IN	RRSIG	DNSKEY 8 1 86400 20131004100909 20130819090909 22072 ch. Nwqv4Ibx3E8+0xjeHocT6/hNGB99sxwpA3Nnan82YRcwpc73M0B8xlvUb+tzsIHvbQVCL83MWWtBfwRsbd9a32eqHvCdzk7wdmgnc4e+vO2QBDrpqy/AXN4+urBK7iuueNy0yUpqjRlIoBE4Ku1Qo1HYQpKu1vUa29w9qMrvTjDIRudy5yJ4YHFYjWF25d80W8coIh00KL2IjAbeZXRYFaaMP9Vw7NQN3qNM64/6FWvGEtD3QNt3Xf86C4m27Antn+na6K3iGT+doMME2kFYJaGwOrHBlE9F3MqWMtRI4McMTnkc052MaOVGKvvtDzmpQBcNQTrrMO4rSC6OofBPBw==
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 893 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 39975
+;; flags: qr rd ra cd ; qd: 1 an: 3 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ingotronic.ch., type = DS, class = IN
+
+;; ANSWERS:
+ingotronic.ch.		539	IN	DS	6031 5 1 733D0218B571CD617B1A7493564B9FC4F12ADE82
+ingotronic.ch.		539	IN	DS	6031 5 2 4A948F2FDADA24686E473EDAC00DCF972584C75E3FAA92C2021B6221449FF87E
+ingotronic.ch.		539	IN	RRSIG	DS 8 2 3600 20130909002703 20130813122537 51783 ch. Ke4stscv7T3wI6xZa7YsiGpmKhs7b8yPTL/HnIuwVnkIdhQfBB7lbXxdxEyLTLq04dmfiC03EtXCAZSHYovU5sE7O3UA11g7bSljxBLSmuCS6h4es2DMIwNWBexGiIkHAtoCL6zedfjGkexz3IYhMA96OfH+ft2nt4ykuDsXXB8=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 288 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 44453
+;; flags: qr aa rd ra cd ; qd: 1 an: 4 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ingotronic.ch., type = DNSKEY, class = IN
+
+;; ANSWERS:
+ingotronic.ch.		300	IN	DNSKEY	257 3 5 AwEAAeA1vzmjaB+eBAcvhzpKEgAEFpvQ1rg4uKDW6MsQtacKoqBpgyep2+LuWotz5p/xYxj3NGsArwN8Ad5cY0FHRr8miTT0elOv6nvlqGIfRuhj/BXAQ1x4ihpSFslHw0lJMYFwxsUZWpUyjWX/nv1xRZMMwF46gui0N4OEbyTYusCk77D+A71k+K0EAitFIbIH4GCUKmH1H7HmXhSVH9bN/n7KEGwW32lmsuuUcJoRKDkcUvbMXY/9Xoa2quERrUg/rBbDUHowRPjYDS5GzY1+f4YY8s40BufGiqyUTKKXL953MVFK8gmezXA0hbmrnZ7CBOw/7238mORAdzExaX8n7CE=
+ingotronic.ch.		300	IN	DNSKEY	256 3 5 AwEAAZ2Xh77GFzpEDx7EHYxShqltHgkiG+BOjBGifEmnJhQSdE5/yNSLFNcdhZZ8HUPxYnaedTqJcFFg4AzUsQklF/fECegTJdZjaj2WoL0/I8K7HMfY/hVuRZUWPNglYi8agJRX6gdkFTCpUNI7stpgKqxtzUJhhw15uG/lKMplwqUr
+ingotronic.ch.		300	IN	RRSIG	DNSKEY 5 2 300 20130908212226 20130809202226 6031 ingotronic.ch. w8yqzYuixi+QI+UMdX3dVJVYynpp+d1wL8PwlqNMjL2dTsHxD6xSFefo+Zxxl2cte2soXuzU1pL5HiM34RgQL577FyVOInxfTpUEztG+z+PNS1xXBmHfGek9T70doaUwtdcP++V93H2Z9vG1dmgk0NYTKrKEYV30m0F4LUtWOMvnnZ50bIFi/PZAPAn1UJXK6m/A/tLfsECM4/YcZCE/R+Ce2wTKK0cmzFq0qo+QjznktvQr7BolDTjXb3TSssMwsB97RRfaRo6zZ4AMOa4ipCnd3IJBrCADzXtaGjp2ErfhwVxJCp9p+UVDqlYyMwEZO3MqJqpybzbvuQzNEOLVtw==
+ingotronic.ch.		300	IN	RRSIG	DNSKEY 5 2 300 20130908212226 20130809202226 17430 ingotronic.ch. Zv2um4K6MF35IV252+eZDTSpN/BF0ElGZXfVhrORtxgHLBaFQUGIAOvi7b6PlQTlMVhkaEQxwgxZSS1b81KqXeuqFC+Z9QUaX5N+A9c2klwOBV+njdktH6zi75bWWCnSN33wZsw1uOKgNEVSpF509GQq+2yUoJU7PHycmG4z0Y8=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 940 bytes
+
+###############################################
+
diff --git a/src/test/resources/recordings/org_xbill_DNS_dnssec_TestInvalid/testReturnOriginalRcodeIfPrimaryQueryFails b/src/test/resources/recordings/org_xbill_DNS_dnssec_TestInvalid/testReturnOriginalRcodeIfPrimaryQueryFails
new file mode 100644
index 000000000..b061e00c8
--- /dev/null
+++ b/src/test/resources/recordings/org_xbill_DNS_dnssec_TestInvalid/testReturnOriginalRcodeIfPrimaryQueryFails
@@ -0,0 +1 @@
+#Date: 2013-08-21T00:06:16+02:00
diff --git a/src/test/resources/recordings/org_xbill_DNS_dnssec_TestInvalid/testReturnServfailIfIntermediateQueryFails b/src/test/resources/recordings/org_xbill_DNS_dnssec_TestInvalid/testReturnServfailIfIntermediateQueryFails
new file mode 100644
index 000000000..488c7db99
--- /dev/null
+++ b/src/test/resources/recordings/org_xbill_DNS_dnssec_TestInvalid/testReturnServfailIfIntermediateQueryFails
@@ -0,0 +1,42 @@
+#Date: 2013-08-21T00:06:15+02:00
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 25326
+;; flags: qr aa rd ra cd ; qd: 1 an: 2 au: 2 ad: 3 
+;; QUESTIONS:
+;;	www.ingotronic.ch., type = A, class = IN
+
+;; ANSWERS:
+www.ingotronic.ch.	300	IN	A	127.0.0.1
+www.ingotronic.ch.	300	IN	RRSIG	A 5 3 300 20130908204313 20130809202226 17430 ingotronic.ch. OMZ2Z5XSFruxd0jBCyT1wYKzlz6aw2Ui2XmbBxp3Bom26n7UiEdjeGlTkoLce5gxsKaAgPuBLGy6MauZz9wLomlsMphsRAP7Y/U1c5UuKKFjF49cRSu/DTS9OstJ3YNIeoABphfPCMn6dOqBIJyjVHJybiBx2ZBROHdaC4cB1KM=
+
+;; AUTHORITY RECORDS:
+ingotronic.ch.		300	IN	NS	ns1.ingotronic.ch.
+ingotronic.ch.		300	IN	RRSIG	NS 5 2 300 20130908202801 20130809202226 17430 ingotronic.ch. nYQXAE0xrUBWGMWP1cq+xhTFdD91xm2yfuP8SyjL9fI/0ixcW/fJs0PPPdLkStz3ZTGk/rO6alU64HCecshJdLLdwmjNH6cEt9LkudHA4/8TT0fMR7E3elzbYZPIK7iYEsjcfRKey02Hmq+Y+k3W4+lc2uFOlbNr02HfOwH7SDc=
+
+;; ADDITIONAL RECORDS:
+ns1.ingotronic.ch.	300	IN	A	62.192.5.131
+ns1.ingotronic.ch.	300	IN	RRSIG	A 5 3 300 20130908205459 20130809202226 17430 ingotronic.ch. cQ+BxomTy6psnCbedHYgSECQGeRaKghNGOpsFX1ra+WC6MZKdQWAiG/fRn/yU6L4bE1pi1FfFIfAWu79KWfQIbVhOSFUjcpqw/D3lwXtGVk9fjiNCSZN9vsoe6iXLoJtvd1hN/PeHUZAWRdJSkGH9EHEzsWfoki6+kryBYDFDyM=
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 615 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 47195
+;; flags: qr rd ra ad cd ; qd: 1 an: 3 au: 0 ad: 1 
+;; QUESTIONS:
+;;	., type = DNSKEY, class = IN
+
+;; ANSWERS:
+.			138548	IN	DNSKEY	257 3 8 AwEAAagAIKlVZrpC6Ia7gEzahOR+9W29euxhJhVVLOyQbSEW0O8gcCjFFVQUTf6v58fLjwBd0YI0EzrAcQqBGCzh/RStIoO8g0NfnfL2MTJRkxoXbfDaUeVPQuYEhg37NZWAJQ9VnMVDxP/VHL496M/QZxkjf5/Efucp2gaDX6RS6CXpoY68LsvPVjR0ZSwzz1apAzvN9dlzEheX7ICJBBtuA6G3LQpzW5hOA2hzCTMjJPJ8LbqF6dsV6DoBQzgul0sGIcGOYl7OyQdXfZ57relSQageu+ipAdTTJ25AsRTAoub8ONGcLmqrAmRLKBP1dfwhYB4N7knNnulqQxA+Uk1ihz0=
+.			138548	IN	DNSKEY	256 3 8 AwEAAcFTyWsmpTs49Q0FKVepUqft+7+c3elhdsfh+amh+orgWLcitLM1bBBiWe6eymWW0EakLZAG4tej28tyx4f+j37Q9VX+m5NAhO/Y0riQonVWfzxLGymx3Ti5x/x7VKvF5Y5hf5OWv2J7pvEumYFFCtu4glit9T9J85+i3UgqSHqf
+.			138548	IN	RRSIG	DNSKEY 8 0 172800 20130903235959 20130820000000 19036 . fGmWbtROfDQ5bFTrhIQDesRvY2viY1/7Qzg7WHHH8g78QONdl33t10P9rSHwjN2JdgZ3Jbnwu/2LOFCKpwV5Ei5w9A3oUW5jcq/wnC/oKSVfvoHJ4zzJ/11KCMi1sGVUwHRf2BeNMvf8Kjpb59oUMx85NjWkIxlZYZDsC/cemeRcm1aaYrzIAS+rxck8Wmx9+1cEz/KF/w2C0sZSiMJL52Jda5XBv/24obY1NLlUHTNIQVxktAS6e5bPtHNve4zbb0YGI0QUbtIO6Bh56CoE5vnHo5bDdBY6Kdo9VOlZd4AGm1Nw9z2HLyftJanqGd495azQ6uLV6x9QN6LZ4WBVwg==
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 736 bytes
+
+###############################################
+
diff --git a/src/test/resources/recordings/org_xbill_DNS_dnssec_TestInvalid/testSignedBelowUnsignedBelowSigned b/src/test/resources/recordings/org_xbill_DNS_dnssec_TestInvalid/testSignedBelowUnsignedBelowSigned
new file mode 100644
index 000000000..62a67bc00
--- /dev/null
+++ b/src/test/resources/recordings/org_xbill_DNS_dnssec_TestInvalid/testSignedBelowUnsignedBelowSigned
@@ -0,0 +1,247 @@
+#Date: 2013-08-21T00:06:14+02:00
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 48748
+;; flags: qr rd ra cd ; qd: 1 an: 2 au: 2 ad: 5 
+;; QUESTIONS:
+;;	ok.nods.ok.dnssec.tjeb.nl., type = A, class = IN
+
+;; ANSWERS:
+ok.nods.ok.dnssec.tjeb.nl.	285	IN	A	178.18.82.80
+ok.nods.ok.dnssec.tjeb.nl.	285	IN	RRSIG	A 5 6 600 20200101000000 20120627091943 54150 ok.nods.ok.dnssec.tjeb.nl. NF+Z/ab5m254P22XCo4QA0ErU5mo/ELn1g+hX5gmEzS0A/1tbWxJlgZ3vWrNyBghE8Q2nm6Lw2hRKIGzUB8S7i6B10HMZNDMcdXcOG0sUArHlhkfCSGS81y+8Ry/45lyn4QYPNDlziaUt/6IeBwXPvjmaEfd3c13d0AF5qTz7H0=
+
+;; AUTHORITY RECORDS:
+ok.nods.ok.dnssec.tjeb.nl.	285	IN	NS	ns2.tjeb.nl.
+ok.nods.ok.dnssec.tjeb.nl.	285	IN	RRSIG	NS 5 6 600 20200101000000 20120627091943 54150 ok.nods.ok.dnssec.tjeb.nl. ddy2V0LFPwH96h3Mfg1OsPkuTxlGiJXquPvBuJmpXnM50LPWsUnCn42idMZgVQTePqA+GSCO3P5ql5Flwc/hDCPCOMsOOudEBtMu1jDDoyjrZdpb3tp0x0elrG6Ux8WB5EUKRVeTMcpoGTt0uO0s4KOYUYKgSRv45mHkNffdUag=
+
+;; ADDITIONAL RECORDS:
+ns2.tjeb.nl.		555	IN	A	195.169.221.157
+ns2.tjeb.nl.		555	IN	AAAA	2001:470:1f15:17ba:0:0:0:53
+ns2.tjeb.nl.		556	IN	RRSIG	A 8 3 3600 20130917053510 20130818045138 11499 tjeb.nl. pXJsbRFz7VdvCiKPuElW08X+THHEwYrSFmKl1qd4N7xaQQl9rwmnN48mfqz3ZsChbJdPKsJJ2xSIj9+PcJoXm1RX8TMZoHpCOGDAbZPfEMTgCpnRkfNTMEYgpH9y8pqV49w88ertZfbx5S8FMa7JmEr5y9axzNyW/x0ln3FnGyI=
+ns2.tjeb.nl.		556	IN	RRSIG	AAAA 8 3 3600 20130828183606 20130729175112 11499 tjeb.nl. 4ObrppiU3IGWmXezHtz7x3rVnkEZfhAxej2lo2zhg58UYIZqFN3WhvQS/iST1wP5jdqtCmhUMBAc1yQmGMyXFINbBHVlckyI7DrZt4vPOlTBkVqWqJIwi8mwZ3Tp//hFcRXqhvfGOj2K8x+4mnnRvnLNBKf/r/MW6E5R5R8+nZs=
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 836 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 19875
+;; flags: qr rd ra ad cd ; qd: 1 an: 3 au: 0 ad: 1 
+;; QUESTIONS:
+;;	., type = DNSKEY, class = IN
+
+;; ANSWERS:
+.			138548	IN	DNSKEY	256 3 8 AwEAAcFTyWsmpTs49Q0FKVepUqft+7+c3elhdsfh+amh+orgWLcitLM1bBBiWe6eymWW0EakLZAG4tej28tyx4f+j37Q9VX+m5NAhO/Y0riQonVWfzxLGymx3Ti5x/x7VKvF5Y5hf5OWv2J7pvEumYFFCtu4glit9T9J85+i3UgqSHqf
+.			138548	IN	DNSKEY	257 3 8 AwEAAagAIKlVZrpC6Ia7gEzahOR+9W29euxhJhVVLOyQbSEW0O8gcCjFFVQUTf6v58fLjwBd0YI0EzrAcQqBGCzh/RStIoO8g0NfnfL2MTJRkxoXbfDaUeVPQuYEhg37NZWAJQ9VnMVDxP/VHL496M/QZxkjf5/Efucp2gaDX6RS6CXpoY68LsvPVjR0ZSwzz1apAzvN9dlzEheX7ICJBBtuA6G3LQpzW5hOA2hzCTMjJPJ8LbqF6dsV6DoBQzgul0sGIcGOYl7OyQdXfZ57relSQageu+ipAdTTJ25AsRTAoub8ONGcLmqrAmRLKBP1dfwhYB4N7knNnulqQxA+Uk1ihz0=
+.			138548	IN	RRSIG	DNSKEY 8 0 172800 20130903235959 20130820000000 19036 . fGmWbtROfDQ5bFTrhIQDesRvY2viY1/7Qzg7WHHH8g78QONdl33t10P9rSHwjN2JdgZ3Jbnwu/2LOFCKpwV5Ei5w9A3oUW5jcq/wnC/oKSVfvoHJ4zzJ/11KCMi1sGVUwHRf2BeNMvf8Kjpb59oUMx85NjWkIxlZYZDsC/cemeRcm1aaYrzIAS+rxck8Wmx9+1cEz/KF/w2C0sZSiMJL52Jda5XBv/24obY1NLlUHTNIQVxktAS6e5bPtHNve4zbb0YGI0QUbtIO6Bh56CoE5vnHo5bDdBY6Kdo9VOlZd4AGm1Nw9z2HLyftJanqGd495azQ6uLV6x9QN6LZ4WBVwg==
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 736 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 63605
+;; flags: qr rd ra cd ; qd: 1 an: 2 au: 0 ad: 1 
+;; QUESTIONS:
+;;	nl., type = DS, class = IN
+
+;; ANSWERS:
+nl.			83355	IN	DS	21362 8 2 881D17ECCD7FD67F1086247611CCB7FB8646E82D0074AA91E980B016FD3EDE98
+nl.			83355	IN	RRSIG	DS 8 1 86400 20130827000000 20130819230000 49656 . LeBOQAStOr5mLRIDTX893FlBFMKap/amWnaHKgKs6ip/B93jAuoPXJggBPnGGvFrVEuTK8JJOi55FHOEOvKjzg6qDswY+DbqGIdmYOD/SaXv0FqF/iuAbrrNaYXj50MexeHKgExNcEd5mrFk9eQh5T5w7QLjeQG9InVTvoXK5G0=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 238 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 50819
+;; flags: qr rd ra cd ; qd: 1 an: 3 au: 0 ad: 1 
+;; QUESTIONS:
+;;	nl., type = DNSKEY, class = IN
+
+;; ANSWERS:
+nl.			4155	IN	DNSKEY	256 3 8 AwEAAaq7dp+Ez3A1naHOO0A1zAIfcRtGzYRSptT7NOxuw9mKNXf3Z0258r+l4ghNYbnf5ZhAUUMrah7ydNBu5gz9z1y+hJFhm7cPl13rtYmhbMcQoF89ERdCD586HFtgE1RCggGRy/cxp+VDG7N3gheAjbSdAChMSPE2sGC11CFPuEx7
+nl.			4155	IN	DNSKEY	257 3 8 AwEAAbgqMqYHpmZrqQd3zFNOzYv2lw8bWBnrtK9TjlwK/ZBYMwKGR6TNbmMuwdjebpIE2vFxTHGLQfb2PmUJpazAGkG0fUaqrjuIU99Qbe5hwLYXqyGe2Mm+ZNRsomBxhluR/ky/XX4V1TjTqeXYH4gkzEs7I6og5IE0tKyhhpU38XHtuFVj7uunIAWGn5g9tZ0ZNnv8CkwLE5hLmRf+AoNTd483ZBX4FUT32KbF6XV3ikctXbsMe2GqGlIf0gMqJQbNvYf1NuNMbxauh9YavEQ0yaavI1hz5eLMJRruq4wDTyRnMJHupxY69oZZ9IbIsEf0FurtaA7fXrAxqcfEfARr4b0=
+nl.			4155	IN	RRSIG	DNSKEY 8 1 7200 20130902072242 20130819161003 21362 nl. MB0vdAiJIq7TAfodDKy5uGVu0idlJ49vIFs7pDBWvcSfv/7aUohEODQ/b9m0QrZacJz/yssm/pgLyQJckdsyfCWxJ71F2XnJmoZwTRtBVWSArbuDqZx2sisGljn46C5PokGNTVz7stMpLgrp2UBtbkKIUcFxVOkP1aMoAEC2te7EG68Cl/uaAJsphxgU4TyccSJes1QxEwAXpra/apnk/I35Cx67NJzVXOitTSmIh6qI6fjlDIxX30PUyyZsW5bcjJc41wCRpzpFy5d5GCrwqfPLM9ycDcL2LTp5JtGAldzMZ72Jyr6bzVAc7/8DkB4m5EgGjQ8EnbqKcs2aI+XpcQ==
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 745 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 38082
+;; flags: qr rd ra cd ; qd: 1 an: 2 au: 0 ad: 1 
+;; QUESTIONS:
+;;	tjeb.nl., type = DS, class = IN
+
+;; ANSWERS:
+tjeb.nl.		4155	IN	DS	17992 8 2 764501411DE58E8618945054A3F620B36202E115D015A7773F4B78E0F952CECA
+tjeb.nl.		4155	IN	RRSIG	DS 8 2 7200 20130830191348 20130816101003 11604 nl. EJl0DMR81ffQRZAcB0wLXtNsUwNtcXkri9GHO8GkjZtlrzhk6jODf1xwFmD7vFCGMBcXqqHZYYWs5IjYUrrdrtFq6ePKfKc1pHs51EoTJdJvjLlShDWN2U9FTfXLjMiVpyL4d3o3ZaPPSQiqiaZINneqzDVyXXan9o8PMBbW7Sg=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 246 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 63327
+;; flags: qr rd ra cd ; qd: 1 an: 4 au: 0 ad: 1 
+;; QUESTIONS:
+;;	tjeb.nl., type = DNSKEY, class = IN
+
+;; ANSWERS:
+tjeb.nl.		555	IN	DNSKEY	257 3 8 AwEAAcHR47QfC0dlPEQkAsKRh3VYFvUKlIerSdlT7HBS3/NOQ6ghVs9uYskdbs2pLSRbu4CSu6X0MgKZO0lxoJhi6FqBa33Oc0Mmp/dd6AW4pNdZa4icP6fKT+HcPbLU9dUsrjDo13iXgUy3gls5BLG9KnTaLzWs9KmxTInBUHFLjZa70Fl+ILNfJ/e1D6eX3C104nmGSWpO6OB+nQDz46ra23eGJ7EeNAu1/uhPcqeXg3HWKjqHTzQW5XxVyMhdXx/ILC3SZhsqNqlkKZjmmHbg7V1+iograUg1XEaxaOE25W9jrzvQnMxlZT8I9LTyyi1YArvxMCTcGkNWRi4Ca4/HEDs=
+tjeb.nl.		555	IN	DNSKEY	256 3 8 AwEAAee4BKqSMI/wEKdLXQyn+TzOjEMWG5IXy+WRGw+6MiKrbLit60eJxNXszf/zR55UUtMqP76lAFkFwZgpmUs6ac3pYOTUYRVFjjG1/hnUF1/thd9uZLe1E3gwa5m6dcOHaspG5xYsJ2wEBmYj1z1xTh70892PwxVR9R9GMKh4YyNt
+tjeb.nl.		555	IN	RRSIG	DNSKEY 8 2 3600 20130917040339 20130818034238 11499 tjeb.nl. ocva2TybPLT8eY4pSxeawEpQ0AM7rvqdGwA3msbiwgPWpW/VfgPWBiN5cZg6PDQA2+Z+BWuK1qgCGFcGEwcWdQ9hm0AsT9pFD8xAFCyNNxYxRiMRFiDop33ZpE2N4S5ukfVVbPa1YHVZ2qzW+RZbb7HjYg4xOJiQKhNuaUEK1b8=
+tjeb.nl.		555	IN	RRSIG	DNSKEY 8 2 3600 20130917040339 20130818034238 17992 tjeb.nl. iqa2i2rUfeHGNHYlkbeSBfULinAmRg9qcsCzTdzlv7MhI0EJZn9LXOlpVA8fi1a1plpIub7qFt5Uu1fzatmlZU48RBxFGINQO4Ad0SKqDFg0WdbwMjwvFJxRmqFvsLhm4eZhOxRx5bCpa/UtTawzY2D5IGH7GGdn8pA0Fa1Dvv32Fw4eNjlcq/Y5xEs1j1ar/qDcG9EyG00O0L+DEc4TREXpPe+PoZkMoRL+glC8IqZ3jJc56O8wugzvJomZNFiaLXGmr2H/XMayhLVpm7ncTeaDknK7aJu0Z/jnATjoc9nyP8t2/Rcw53781pDP1sJlSmfVn/Xpz/MAfY6HQSTPOg==
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 922 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 39828
+;; flags: qr rd ra cd ; qd: 1 an: 2 au: 0 ad: 1 
+;; QUESTIONS:
+;;	dnssec.tjeb.nl., type = DS, class = IN
+
+;; ANSWERS:
+dnssec.tjeb.nl.		555	IN	DS	8340 5 1 5733A59841EA708AE9223822124B07B555E17332
+dnssec.tjeb.nl.		555	IN	RRSIG	DS 8 3 3600 20130917051704 20130818051644 11499 tjeb.nl. WfurllImGCRujmNfI0ZBtJrmQgSo/68lGSTo95J8YBIm2W9iUqsFI+LwKj3F2QEwz3SsJ2c1mDWiAvkptSq9LgqdLgBJpjDtHNg7fGHdZyvffjlj/+I4ePZG+7Lk5mpNmUmkhx8tgDJiCHMTgfjPl4nAjPxdUPjD59GStEKBT2E=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 246 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 58984
+;; flags: qr rd ra cd ; qd: 1 an: 2 au: 0 ad: 1 
+;; QUESTIONS:
+;;	dnssec.tjeb.nl., type = DNSKEY, class = IN
+
+;; ANSWERS:
+dnssec.tjeb.nl.		556	IN	DNSKEY	256 3 5 AwEAAdSl9MRil0yoBBkAGGHhxJIRyB//+lfi+ftbTh3a3pDoukvRahssEOKRjiNfmaoQRHbZA4HTqWxIHlu0CzhOc/e5phBPY2oEnGWKmFQRihJVYd2lwjwCTZNKHUz0PhN6PBM8/xlFAyBWduM1ldZf7sge2rod3xx8mZjhVekRnw+P
+dnssec.tjeb.nl.		556	IN	RRSIG	DNSKEY 5 3 3600 20150101000000 20120726165632 8340 dnssec.tjeb.nl. EcmwD5XSZMN8hc1opbI+0+x/6gQ5OukiFl746FJLBM9fUdcYb7A3GnJ9qyWRqvaEPSq2FuzfE2zmW7+YQRHlUxP/INk2ffjDJJwcrIUtgbJv8J+ztWl0L5crReEL5eYpgetG4xgGDT19W+Bd0EHg2YP3o1VHJvV8qzDQxam2NKI=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 365 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 41324
+;; flags: qr rd ra cd ; qd: 1 an: 2 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ok.dnssec.tjeb.nl., type = DS, class = IN
+
+;; ANSWERS:
+ok.dnssec.tjeb.nl.	285	IN	DS	59280 5 1 C13C96F9AF5D63E74B3E21A04C46EEC14640A84C
+ok.dnssec.tjeb.nl.	285	IN	RRSIG	DS 5 4 600 20150101000000 20120726165632 8340 dnssec.tjeb.nl. DbBJPY8+fItE/VoXXLXyWjyD7VX7Vfv2FsI9BQMbFqrPAcugotIPASV1HDoiZNlXd8314McC7baonMe1gADqhPRC5HQxaji/1ED7gQzF/dSKQdpiippDyAkwcLEOIhKKqpHACSp+QEzx8hoXZeJgOPqZo2NTMDHOfMiVmP+NVo8=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 256 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 42335
+;; flags: qr rd ra cd ; qd: 1 an: 2 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ok.dnssec.tjeb.nl., type = DNSKEY, class = IN
+
+;; ANSWERS:
+ok.dnssec.tjeb.nl.	556	IN	DNSKEY	256 3 5 AwEAAbqTfqZ3Mpwo2fZXfYN9+oLix0Au2ZyRfGjHKPgMCVDb94X7q6FWkrg01uxbcvfin9jvAzU5dG9SWh/S01NuXrthRbirLGngd4j0woNdQgRQZu3O8LhmUxTRobCFu+nkEOAOB6osS+yON0+3rATgAQxDsFJq+osg29CrzcrYhBBp
+ok.dnssec.tjeb.nl.	556	IN	RRSIG	DNSKEY 5 4 3600 20200101000000 20120627091948 59280 ok.dnssec.tjeb.nl. f8cF15NA+XEHUu8m5UzGLt5hhId4Bl2JKakjORGW3ayRdBUCvyMSk7FcJly6KUMpypxVmO/IpzIdiR8DGjFSlRsPF8gL/N9P9JfWAlmaYCDeSEdcaR57sL4KpDned9KgmVa7YKclj/wk/j9KK4ecDmsiPj9x6GH7a9WFI1oskRs=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 371 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 26534
+;; flags: qr rd ra cd ; qd: 1 an: 2 au: 0 ad: 1 
+;; QUESTIONS:
+;;	nods.ok.dnssec.tjeb.nl., type = DS, class = IN
+
+;; ANSWERS:
+nods.ok.dnssec.tjeb.nl.	285	IN	DS	18237 5 1 ED4130C00847B64B527F416D56308C0EFD0C09A1
+nods.ok.dnssec.tjeb.nl.	285	IN	RRSIG	DS 5 5 600 20200101000000 20120627091948 59280 ok.dnssec.tjeb.nl. AsDYw6FRuvPc/OUSf8yE0ZJuE2eoEa9N97qj4vMDNEJ6cRIhf6wl57V0ssndUnjXQ7ShiLDXXIiOnqkj+sHrCRms6btKR5aZyiFUF/D2nVG51E7kz/Z3FhsgTZpwFGDQkNX/uY376Em1u0Vl6oAhRsSs8dxw5cM1OcKQW529fYo=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 264 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 28097
+;; flags: qr rd ra cd ; qd: 1 an: 2 au: 0 ad: 1 
+;; QUESTIONS:
+;;	nods.ok.dnssec.tjeb.nl., type = DNSKEY, class = IN
+
+;; ANSWERS:
+nods.ok.dnssec.tjeb.nl.	556	IN	DNSKEY	256 3 5 AwEAAdmebhaUlvVyYVAyXq692krRBhj3DXq1EkLXujtwEKw+4dGgL2UZJSyeziBhiaunAq0PVE2hQwABuiw+d7NGNuRsIL4tUanzxN3AKWhOnFAKCqvpd+5b+USbVPbcmkbZsNNMAal9+W9yaPp+MqZXPZX+hW6YCJhLBzybxI4f5KN9
+nods.ok.dnssec.tjeb.nl.	556	IN	RRSIG	DNSKEY 5 5 3600 20200101000000 20120627091947 18237 nods.ok.dnssec.tjeb.nl. 0oNDvs/odYESMMuURD7XVXH5ryciZzjhDBT0FUL4tJYBHR9RbfDib3ehBKL+ZkLsCE4k/UbbkIfrs3XyZt7+Z1ZUqururAFY36jXLWnd5INHO9PPXDvQkUYGuFLj0+OQRT+TJYMqTRJZ1vNUqlQHje8J8MMgiKQFu6VTF9xLaKU=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 381 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 33309
+;; flags: qr rd ra cd ; qd: 1 an: 0 au: 4 ad: 1 
+;; QUESTIONS:
+;;	ok.nods.ok.dnssec.tjeb.nl., type = DS, class = IN
+
+;; ANSWERS:
+
+;; AUTHORITY RECORDS:
+ok.nods.ok.dnssec.tjeb.nl.	285	IN	RRSIG	NSEC 5 6 18000 20200101000000 20120627091947 18237 nods.ok.dnssec.tjeb.nl. avkoLWRhNaE1eIS7kOqAzCtgAQk9HjAL0HEUl2idwJ/nmw1Mh4cal/34iEeTTJQ1LeclkAdiuv3doyl2vahhaovge+R0cY+Yw5N6qf86fyRIq7B0BK6iFXAQ4UZLDWf2dXv70Bwp/RywN2EMTnGJ7XOTP5kQqpV8pYAtauA2RpA=
+ok.nods.ok.dnssec.tjeb.nl.	285	IN	NSEC	sigexpired.nods.ok.dnssec.tjeb.nl. NS RRSIG NSEC
+nods.ok.dnssec.tjeb.nl.	285	IN	SOA	ns2.tjeb.nl. tjeb.tjeb.nl. 2005080901 28800 7200 604800 18000
+nods.ok.dnssec.tjeb.nl.	285	IN	RRSIG	SOA 5 5 600 20200101000000 20120627091947 18237 nods.ok.dnssec.tjeb.nl. vEkdhN9MjgTnql2TOq8/g7lrTHTGSGTdsc2/zu2wzzizyajH8Nn1k6i7TjTiefxUZ8u7T/uSopVmavBwR/C/cG8YPJ2QEcTSmEh0gVin4rkzLAwkAABV0mCVPd5MAg5lJSim8Q3U37p/WKlB4U/s3yE3VJjOM170SXJFuY9XZCQ=
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 518 bytes
+
+###############################################
+
diff --git a/src/test/resources/recordings/org_xbill_DNS_dnssec_TestInvalid/testSignedBelowUnsignedBelowSignedNsec3 b/src/test/resources/recordings/org_xbill_DNS_dnssec_TestInvalid/testSignedBelowUnsignedBelowSignedNsec3
new file mode 100644
index 000000000..aba1833db
--- /dev/null
+++ b/src/test/resources/recordings/org_xbill_DNS_dnssec_TestInvalid/testSignedBelowUnsignedBelowSignedNsec3
@@ -0,0 +1,248 @@
+#Date: 2013-08-21T00:06:15+02:00
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 40631
+;; flags: qr rd ra cd ; qd: 1 an: 2 au: 2 ad: 5 
+;; QUESTIONS:
+;;	ok.nods.ok.Nsec3.tjeb.nl., type = A, class = IN
+
+;; ANSWERS:
+ok.nods.ok.Nsec3.tjeb.nl.	285	IN	A	178.18.82.80
+ok.nods.ok.Nsec3.tjeb.nl.	285	IN	RRSIG	A 7 6 600 20150101000000 20110520094930 51119 ok.nods.ok.nsec3.tjeb.nl. ANNO/Gps0zLNrGo3D/SU1x5S2q2tuuIjd3fqqjj3JUDXNVzu9V2cC2Bt/BnpnF5QXfPO+qmnfk6Y63zpV4I3NN4/R3PaY3WXkyS+UsUDPtrt0mnsyNLnVJbp0cUbCHi2CuwIVaWFVtnfHIKk/DyDajfOtc5q77b+jKqAwrlN+I0=
+
+;; AUTHORITY RECORDS:
+ok.nods.ok.nsec3.tjeb.nl.	285	IN	NS	ns2.tjeb.nl.
+ok.nods.ok.nsec3.tjeb.nl.	285	IN	RRSIG	NS 7 6 600 20150101000000 20110520094930 51119 ok.nods.ok.nsec3.tjeb.nl. Ihi9NiaUENtDnd7QRfk+rVpu+u28TYt/ABUJcDOwhBMGunMryv6xa0+QgTL5MTP2qA2Tx7E3EBK/aJq+Ll9oOX6ZnDJ4McAA9HMk4AK2mNy43uU77WIkW17pwyTxh5sCJTx5AJ3V2TB9dWBtjuCWbFfBYCUXMQgenftrKinNUTM=
+
+;; ADDITIONAL RECORDS:
+ns2.tjeb.nl.		554	IN	A	195.169.221.157
+ns2.tjeb.nl.		554	IN	AAAA	2001:470:1f15:17ba:0:0:0:53
+ns2.tjeb.nl.		555	IN	RRSIG	A 8 3 3600 20130917053510 20130818045138 11499 tjeb.nl. pXJsbRFz7VdvCiKPuElW08X+THHEwYrSFmKl1qd4N7xaQQl9rwmnN48mfqz3ZsChbJdPKsJJ2xSIj9+PcJoXm1RX8TMZoHpCOGDAbZPfEMTgCpnRkfNTMEYgpH9y8pqV49w88ertZfbx5S8FMa7JmEr5y9axzNyW/x0ln3FnGyI=
+ns2.tjeb.nl.		555	IN	RRSIG	AAAA 8 3 3600 20130828183606 20130729175112 11499 tjeb.nl. 4ObrppiU3IGWmXezHtz7x3rVnkEZfhAxej2lo2zhg58UYIZqFN3WhvQS/iST1wP5jdqtCmhUMBAc1yQmGMyXFINbBHVlckyI7DrZt4vPOlTBkVqWqJIwi8mwZ3Tp//hFcRXqhvfGOj2K8x+4mnnRvnLNBKf/r/MW6E5R5R8+nZs=
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 833 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 63252
+;; flags: qr rd ra ad cd ; qd: 1 an: 3 au: 0 ad: 1 
+;; QUESTIONS:
+;;	., type = DNSKEY, class = IN
+
+;; ANSWERS:
+.			138547	IN	DNSKEY	257 3 8 AwEAAagAIKlVZrpC6Ia7gEzahOR+9W29euxhJhVVLOyQbSEW0O8gcCjFFVQUTf6v58fLjwBd0YI0EzrAcQqBGCzh/RStIoO8g0NfnfL2MTJRkxoXbfDaUeVPQuYEhg37NZWAJQ9VnMVDxP/VHL496M/QZxkjf5/Efucp2gaDX6RS6CXpoY68LsvPVjR0ZSwzz1apAzvN9dlzEheX7ICJBBtuA6G3LQpzW5hOA2hzCTMjJPJ8LbqF6dsV6DoBQzgul0sGIcGOYl7OyQdXfZ57relSQageu+ipAdTTJ25AsRTAoub8ONGcLmqrAmRLKBP1dfwhYB4N7knNnulqQxA+Uk1ihz0=
+.			138547	IN	DNSKEY	256 3 8 AwEAAcFTyWsmpTs49Q0FKVepUqft+7+c3elhdsfh+amh+orgWLcitLM1bBBiWe6eymWW0EakLZAG4tej28tyx4f+j37Q9VX+m5NAhO/Y0riQonVWfzxLGymx3Ti5x/x7VKvF5Y5hf5OWv2J7pvEumYFFCtu4glit9T9J85+i3UgqSHqf
+.			138547	IN	RRSIG	DNSKEY 8 0 172800 20130903235959 20130820000000 19036 . fGmWbtROfDQ5bFTrhIQDesRvY2viY1/7Qzg7WHHH8g78QONdl33t10P9rSHwjN2JdgZ3Jbnwu/2LOFCKpwV5Ei5w9A3oUW5jcq/wnC/oKSVfvoHJ4zzJ/11KCMi1sGVUwHRf2BeNMvf8Kjpb59oUMx85NjWkIxlZYZDsC/cemeRcm1aaYrzIAS+rxck8Wmx9+1cEz/KF/w2C0sZSiMJL52Jda5XBv/24obY1NLlUHTNIQVxktAS6e5bPtHNve4zbb0YGI0QUbtIO6Bh56CoE5vnHo5bDdBY6Kdo9VOlZd4AGm1Nw9z2HLyftJanqGd495azQ6uLV6x9QN6LZ4WBVwg==
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 736 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 6681
+;; flags: qr rd ra cd ; qd: 1 an: 2 au: 0 ad: 1 
+;; QUESTIONS:
+;;	nl., type = DS, class = IN
+
+;; ANSWERS:
+nl.			83354	IN	DS	21362 8 2 881D17ECCD7FD67F1086247611CCB7FB8646E82D0074AA91E980B016FD3EDE98
+nl.			83354	IN	RRSIG	DS 8 1 86400 20130827000000 20130819230000 49656 . LeBOQAStOr5mLRIDTX893FlBFMKap/amWnaHKgKs6ip/B93jAuoPXJggBPnGGvFrVEuTK8JJOi55FHOEOvKjzg6qDswY+DbqGIdmYOD/SaXv0FqF/iuAbrrNaYXj50MexeHKgExNcEd5mrFk9eQh5T5w7QLjeQG9InVTvoXK5G0=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 238 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 8159
+;; flags: qr rd ra cd ; qd: 1 an: 3 au: 0 ad: 1 
+;; QUESTIONS:
+;;	nl., type = DNSKEY, class = IN
+
+;; ANSWERS:
+nl.			4154	IN	DNSKEY	256 3 8 AwEAAaq7dp+Ez3A1naHOO0A1zAIfcRtGzYRSptT7NOxuw9mKNXf3Z0258r+l4ghNYbnf5ZhAUUMrah7ydNBu5gz9z1y+hJFhm7cPl13rtYmhbMcQoF89ERdCD586HFtgE1RCggGRy/cxp+VDG7N3gheAjbSdAChMSPE2sGC11CFPuEx7
+nl.			4154	IN	DNSKEY	257 3 8 AwEAAbgqMqYHpmZrqQd3zFNOzYv2lw8bWBnrtK9TjlwK/ZBYMwKGR6TNbmMuwdjebpIE2vFxTHGLQfb2PmUJpazAGkG0fUaqrjuIU99Qbe5hwLYXqyGe2Mm+ZNRsomBxhluR/ky/XX4V1TjTqeXYH4gkzEs7I6og5IE0tKyhhpU38XHtuFVj7uunIAWGn5g9tZ0ZNnv8CkwLE5hLmRf+AoNTd483ZBX4FUT32KbF6XV3ikctXbsMe2GqGlIf0gMqJQbNvYf1NuNMbxauh9YavEQ0yaavI1hz5eLMJRruq4wDTyRnMJHupxY69oZZ9IbIsEf0FurtaA7fXrAxqcfEfARr4b0=
+nl.			4154	IN	RRSIG	DNSKEY 8 1 7200 20130902072242 20130819161003 21362 nl. MB0vdAiJIq7TAfodDKy5uGVu0idlJ49vIFs7pDBWvcSfv/7aUohEODQ/b9m0QrZacJz/yssm/pgLyQJckdsyfCWxJ71F2XnJmoZwTRtBVWSArbuDqZx2sisGljn46C5PokGNTVz7stMpLgrp2UBtbkKIUcFxVOkP1aMoAEC2te7EG68Cl/uaAJsphxgU4TyccSJes1QxEwAXpra/apnk/I35Cx67NJzVXOitTSmIh6qI6fjlDIxX30PUyyZsW5bcjJc41wCRpzpFy5d5GCrwqfPLM9ycDcL2LTp5JtGAldzMZ72Jyr6bzVAc7/8DkB4m5EgGjQ8EnbqKcs2aI+XpcQ==
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 745 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 11951
+;; flags: qr rd ra cd ; qd: 1 an: 2 au: 0 ad: 1 
+;; QUESTIONS:
+;;	tjeb.nl., type = DS, class = IN
+
+;; ANSWERS:
+tjeb.nl.		4154	IN	DS	17992 8 2 764501411DE58E8618945054A3F620B36202E115D015A7773F4B78E0F952CECA
+tjeb.nl.		4154	IN	RRSIG	DS 8 2 7200 20130830191348 20130816101003 11604 nl. EJl0DMR81ffQRZAcB0wLXtNsUwNtcXkri9GHO8GkjZtlrzhk6jODf1xwFmD7vFCGMBcXqqHZYYWs5IjYUrrdrtFq6ePKfKc1pHs51EoTJdJvjLlShDWN2U9FTfXLjMiVpyL4d3o3ZaPPSQiqiaZINneqzDVyXXan9o8PMBbW7Sg=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 246 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 14217
+;; flags: qr rd ra cd ; qd: 1 an: 4 au: 0 ad: 1 
+;; QUESTIONS:
+;;	tjeb.nl., type = DNSKEY, class = IN
+
+;; ANSWERS:
+tjeb.nl.		554	IN	DNSKEY	257 3 8 AwEAAcHR47QfC0dlPEQkAsKRh3VYFvUKlIerSdlT7HBS3/NOQ6ghVs9uYskdbs2pLSRbu4CSu6X0MgKZO0lxoJhi6FqBa33Oc0Mmp/dd6AW4pNdZa4icP6fKT+HcPbLU9dUsrjDo13iXgUy3gls5BLG9KnTaLzWs9KmxTInBUHFLjZa70Fl+ILNfJ/e1D6eX3C104nmGSWpO6OB+nQDz46ra23eGJ7EeNAu1/uhPcqeXg3HWKjqHTzQW5XxVyMhdXx/ILC3SZhsqNqlkKZjmmHbg7V1+iograUg1XEaxaOE25W9jrzvQnMxlZT8I9LTyyi1YArvxMCTcGkNWRi4Ca4/HEDs=
+tjeb.nl.		554	IN	DNSKEY	256 3 8 AwEAAee4BKqSMI/wEKdLXQyn+TzOjEMWG5IXy+WRGw+6MiKrbLit60eJxNXszf/zR55UUtMqP76lAFkFwZgpmUs6ac3pYOTUYRVFjjG1/hnUF1/thd9uZLe1E3gwa5m6dcOHaspG5xYsJ2wEBmYj1z1xTh70892PwxVR9R9GMKh4YyNt
+tjeb.nl.		554	IN	RRSIG	DNSKEY 8 2 3600 20130917040339 20130818034238 11499 tjeb.nl. ocva2TybPLT8eY4pSxeawEpQ0AM7rvqdGwA3msbiwgPWpW/VfgPWBiN5cZg6PDQA2+Z+BWuK1qgCGFcGEwcWdQ9hm0AsT9pFD8xAFCyNNxYxRiMRFiDop33ZpE2N4S5ukfVVbPa1YHVZ2qzW+RZbb7HjYg4xOJiQKhNuaUEK1b8=
+tjeb.nl.		554	IN	RRSIG	DNSKEY 8 2 3600 20130917040339 20130818034238 17992 tjeb.nl. iqa2i2rUfeHGNHYlkbeSBfULinAmRg9qcsCzTdzlv7MhI0EJZn9LXOlpVA8fi1a1plpIub7qFt5Uu1fzatmlZU48RBxFGINQO4Ad0SKqDFg0WdbwMjwvFJxRmqFvsLhm4eZhOxRx5bCpa/UtTawzY2D5IGH7GGdn8pA0Fa1Dvv32Fw4eNjlcq/Y5xEs1j1ar/qDcG9EyG00O0L+DEc4TREXpPe+PoZkMoRL+glC8IqZ3jJc56O8wugzvJomZNFiaLXGmr2H/XMayhLVpm7ncTeaDknK7aJu0Z/jnATjoc9nyP8t2/Rcw53781pDP1sJlSmfVn/Xpz/MAfY6HQSTPOg==
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 922 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 36588
+;; flags: qr rd ra cd ; qd: 1 an: 3 au: 0 ad: 1 
+;; QUESTIONS:
+;;	nsec3.tjeb.nl., type = DS, class = IN
+
+;; ANSWERS:
+nsec3.tjeb.nl.		555	IN	DS	21665 7 2 40B5D47EC3AD05AF64CA91478408DE035AA64F7CAF7FC372958C80033B330377
+nsec3.tjeb.nl.		555	IN	DS	33022 7 1 A9BBB2B6B619282B263474B19BDBA7A724A11F9E
+nsec3.tjeb.nl.		555	IN	RRSIG	DS 8 3 3600 20130917053510 20130818045138 11499 tjeb.nl. SXiF+5inBiEVdfFredApgDrdJ/qu6/sjIQ1Ek4M+ldzrgfjtG+HDFTH3A+cs79Mfeq62yUuQpYLGrkZ5Ok9G/4j7lhzdIGX7VZqOqA5TecpjtnATvHaUH1+3nhHYTMCZbDe4wMzsMBnjcNLVbTq+t+UhLKhiq6nsI4xt8TA4fVQ=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 293 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 19122
+;; flags: qr rd ra cd ; qd: 1 an: 2 au: 0 ad: 1 
+;; QUESTIONS:
+;;	nsec3.tjeb.nl., type = DNSKEY, class = IN
+
+;; ANSWERS:
+nsec3.tjeb.nl.		555	IN	DNSKEY	256 3 7 AwEAAdWgR6bilcX8UdjeVDenTLcnR6AsrSYXpYccj8QF103GPzDkoLLkh9KS4/obiRYs8BRGotSZK7QT1Ew/xWml425bR0JzOgajHF0Au01M/TtvLSA/Vf4jFqXfFwSBCMWtZGbspSj3SEiILaHmdsyfS0KpqJwF8f+hnOdwmHYEmMkh
+nsec3.tjeb.nl.		555	IN	RRSIG	DNSKEY 7 3 3600 20160101000000 20120416140921 21665 nsec3.tjeb.nl. B/gmYobsGg2zcwEwkTHrYp3xt3claIM4YFKJiqZk3A9H4thBv+9kjmlF9Mt1PHAHtbxAmtYOyuPLuFGLbNWn/qCgjP6ShKHInY5nJMqTsL1Sf3kGhxcKsHR4wUjFKg0eyaFUel1Dm88W6yeWhMWj6vAz0C+LtT/mZnJabN4WQnY=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 363 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 28799
+;; flags: qr rd ra cd ; qd: 1 an: 2 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ok.nsec3.tjeb.nl., type = DS, class = IN
+
+;; ANSWERS:
+ok.nsec3.tjeb.nl.	556	IN	DS	29015 7 1 CC9E46C7B681556F305BFA23D28B76B2FD4645C9
+ok.nsec3.tjeb.nl.	556	IN	RRSIG	DS 7 4 3600 20160101000000 20120416140921 21665 nsec3.tjeb.nl. a8SDAhKngJlF4ev6aNMn/N7shOW2NRBTHw89Gwh2uVImoac3BHj1jVoHBj0DLB/5wRdJOoRCXnHf0mjs00fvmnc4iKmth32/rptNr4edHDvlXnHtVyOXM0fb2fbFzoTy4bZhwWZL/diw7wPZ8DMPSElp90FaC1lziTzUqZzDGwE=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 254 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 6209
+;; flags: qr rd ra cd ; qd: 1 an: 2 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ok.nsec3.tjeb.nl., type = DNSKEY, class = IN
+
+;; ANSWERS:
+ok.nsec3.tjeb.nl.	556	IN	DNSKEY	256 3 7 AwEAAceWOJhsrAn2TBLPwK/Bi+PK0QG2yxRsuhaq/wRTr33WEjJ9b3xc0CDfiqqyGxUZ/TUpj6nSYWGYiijQdTQpE7SPDWfJdqKF49OHbfYu9pcOztuLhhXME7iqWB0E0L8aaIe+iT8sVWh0DMBMQxnn16YT6p2lpOhoLmXvX9BEtY8B
+ok.nsec3.tjeb.nl.	556	IN	RRSIG	DNSKEY 7 4 3600 20150101000000 20110520094959 29015 ok.nsec3.tjeb.nl. N7cMAbsKLWn2vIHcCrwSHYpQwIcwPvTTrUE0G6FmTHZZtaCvn4aJI48G0IkSxwdXqRkdo2QnFOwYb+909yR4bFVbkW18s1sjLrkoCX//+qC3HJUhqPg0NE930JlaMgB05gsdUKvsgnix4QbJeV+wDmX5A6fDqsMYzzTM9nJDC14=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 369 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 21311
+;; flags: qr rd ra cd ; qd: 1 an: 2 au: 0 ad: 1 
+;; QUESTIONS:
+;;	nods.ok.nsec3.tjeb.nl., type = DS, class = IN
+
+;; ANSWERS:
+nods.ok.nsec3.tjeb.nl.	556	IN	DS	55175 7 1 A568CC122F255DB28A2D3722F73A3B0806F518F6
+nods.ok.nsec3.tjeb.nl.	556	IN	RRSIG	DS 7 5 3600 20150101000000 20110520094959 29015 ok.nsec3.tjeb.nl. By8MnTo378q+EuGJn0nHqXvUCKFlTuGZ0A7e2Cj8Obn4uXlYHH3jthhqHTkdnHaKEUleUQPahceiw/LOtDl/6NIawJhU/XsHeAISQSwtIFEDh+Et2PbiUm7ctJzc8/RI5JZUOdmigDp16MosJgaZtqQ/jrrXgmVuNUoyKjMSDh4=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 262 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 51720
+;; flags: qr rd ra cd ; qd: 1 an: 2 au: 0 ad: 1 
+;; QUESTIONS:
+;;	nods.ok.nsec3.tjeb.nl., type = DNSKEY, class = IN
+
+;; ANSWERS:
+nods.ok.nsec3.tjeb.nl.	556	IN	DNSKEY	256 3 7 AwEAAcdRLBNRBImIcppogur+tBYqebD1/4o1NUlZUzCrd3l/zK6QNpCz0l0xFzIaHmUanzvRqvU3EBWv38V2Y4/o5JBmNQFsAdvGCa9PrA7qUcSLUhf8sQyZZ+H1C5lbsLkQeIHpt4v+lUSrCyqR0YxIpuOTmy5ndlkft8ZVnhpB6sRp
+nods.ok.nsec3.tjeb.nl.	556	IN	RRSIG	DNSKEY 7 5 3600 20150101000000 20110520094954 55175 nods.ok.nsec3.tjeb.nl. RDrU5bY24bqgA2yYFSe9RNNvOOy7KTb0GczvmG04hOgh3HprehZUqe57stXjNRvFCPNadAYvyXWXzr6Jwwardsq/yHx4Wc+Eg7FI3SKi9s4xfqQMznmhNReTbaOM9axhvh+Kjhhr0wd4ahTxUeR4RI7Ptt08S4YZR6xETg25Fes=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 379 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 60428
+;; flags: qr rd ra cd ; qd: 1 an: 0 au: 4 ad: 1 
+;; QUESTIONS:
+;;	ok.nods.ok.nsec3.tjeb.nl., type = DS, class = IN
+
+;; ANSWERS:
+
+;; AUTHORITY RECORDS:
+nods.ok.nsec3.tjeb.nl.	285	IN	SOA	ns2.tjeb.nl. tjeb.tjeb.nl. 2005080901 28800 7200 604800 18000
+nods.ok.nsec3.tjeb.nl.	285	IN	RRSIG	SOA 7 5 600 20150101000000 20110520094954 55175 nods.ok.nsec3.tjeb.nl. gvLwLEFhql1MoJQ5H3jEJbW55lvuzEhOfr6lbps+lCXu3LDLDf65DqFp059Irel6Yhm8aG18wy0bEed4FR9bFf/QrIgwVHPurGwdt9jEgKX32ymzLraCrtjuHVs3lQ5n4TDtNg8j4anoE5rPhzdhfxXto6kCrFUmp8prrdNrC44=
+0QUE97DEAJOCAN6U144OOGAVCOPGSPJ3.nods.ok.nsec3.tjeb.nl.	285	IN	RRSIG	NSEC3 7 6 18000 20150101000000 20110520094954 55175 nods.ok.nsec3.tjeb.nl. gR78M3VVulOpbrZ7htYu0cteB0o09MkaenWab8DWL1Jkzyp+oVPmvPcDZ6PpTW4JPtBG95BXCk9as0ULf/bQg0YNFk2Dos05nNQNIS/S51lRRjj2BSINUVvV+9xmnMqPt6RixC+4jPIGJgh3cpVxOW9wOj/oOc2i+PevNPLmjDM=
+0QUE97DEAJOCAN6U144OOGAVCOPGSPJ3.nods.ok.nsec3.tjeb.nl.	285	IN	NSEC3	1 0 5 BEEF 6K87EVMP3OJ1N6STBBL5QGG00SSCMK23 NS
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 536 bytes
+
+###############################################
+
diff --git a/src/test/resources/recordings/org_xbill_DNS_dnssec_TestInvalid/testUnsignedThatMustBeSigned b/src/test/resources/recordings/org_xbill_DNS_dnssec_TestInvalid/testUnsignedThatMustBeSigned
new file mode 100644
index 000000000..8a6e594b6
--- /dev/null
+++ b/src/test/resources/recordings/org_xbill_DNS_dnssec_TestInvalid/testUnsignedThatMustBeSigned
@@ -0,0 +1,117 @@
+#Date: 2013-08-21T00:06:15+02:00
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 56424
+;; flags: qr rd ra ad cd ; qd: 1 an: 3 au: 0 ad: 1 
+;; QUESTIONS:
+;;	., type = DNSKEY, class = IN
+
+;; ANSWERS:
+.			138548	IN	DNSKEY	256 3 8 AwEAAcFTyWsmpTs49Q0FKVepUqft+7+c3elhdsfh+amh+orgWLcitLM1bBBiWe6eymWW0EakLZAG4tej28tyx4f+j37Q9VX+m5NAhO/Y0riQonVWfzxLGymx3Ti5x/x7VKvF5Y5hf5OWv2J7pvEumYFFCtu4glit9T9J85+i3UgqSHqf
+.			138548	IN	DNSKEY	257 3 8 AwEAAagAIKlVZrpC6Ia7gEzahOR+9W29euxhJhVVLOyQbSEW0O8gcCjFFVQUTf6v58fLjwBd0YI0EzrAcQqBGCzh/RStIoO8g0NfnfL2MTJRkxoXbfDaUeVPQuYEhg37NZWAJQ9VnMVDxP/VHL496M/QZxkjf5/Efucp2gaDX6RS6CXpoY68LsvPVjR0ZSwzz1apAzvN9dlzEheX7ICJBBtuA6G3LQpzW5hOA2hzCTMjJPJ8LbqF6dsV6DoBQzgul0sGIcGOYl7OyQdXfZ57relSQageu+ipAdTTJ25AsRTAoub8ONGcLmqrAmRLKBP1dfwhYB4N7knNnulqQxA+Uk1ihz0=
+.			138548	IN	RRSIG	DNSKEY 8 0 172800 20130903235959 20130820000000 19036 . fGmWbtROfDQ5bFTrhIQDesRvY2viY1/7Qzg7WHHH8g78QONdl33t10P9rSHwjN2JdgZ3Jbnwu/2LOFCKpwV5Ei5w9A3oUW5jcq/wnC/oKSVfvoHJ4zzJ/11KCMi1sGVUwHRf2BeNMvf8Kjpb59oUMx85NjWkIxlZYZDsC/cemeRcm1aaYrzIAS+rxck8Wmx9+1cEz/KF/w2C0sZSiMJL52Jda5XBv/24obY1NLlUHTNIQVxktAS6e5bPtHNve4zbb0YGI0QUbtIO6Bh56CoE5vnHo5bDdBY6Kdo9VOlZd4AGm1Nw9z2HLyftJanqGd495azQ6uLV6x9QN6LZ4WBVwg==
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 736 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 60938
+;; flags: qr rd ra ad cd ; qd: 1 an: 2 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ch., type = DS, class = IN
+
+;; ANSWERS:
+ch.			83340	IN	DS	22072 8 2 94E4C1E425B28150D8DD7C974E27E1A933C1D4B51E535177B52DFF3F807A8C94
+ch.			83340	IN	RRSIG	DS 8 1 86400 20130827000000 20130819230000 49656 . AuYFxV0Za5X6pLHTPxpmX8PBV8yODP6t5xcqlXSm9WNXjdpHs927Aa8mTgTtNOrtXWgTBQNhBhjrg1KxmV9To7eolWAgnLa6ZYM6FjO4PWkJxWye0UzufBCpjU5hIZ8P2E7BUyD+pFfO07+dr+44dXfV0eYiGYlyWQiO7SalOiE=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 238 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 47777
+;; flags: qr rd ra ad cd ; qd: 1 an: 4 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ch., type = DNSKEY, class = IN
+
+;; ANSWERS:
+ch.			83340	IN	DNSKEY	257 3 8 AwEAAeP0/M59JL65K0YWD0W+8k8x1T79hM4W2pi7cx0CxQULRd3udQnf/8ymUbKsPfVDMCXLQwW2evWHRu4B/OKnkRzDQsev7prdJ5UxAHWF4oFsWpGYx+A7WbqllTlmMFkV8bNz6TW6Trl4+RaLirt3ofRUFrJKyKCyNCKkxbtpFO6p6vP5K8V3CW854NndF3D/Xjz0s3nwd3dLwW3XVqi705mhJBvCSeorgsKMcY3PCBG6U5Twj/akb6P8I2nmoGsrIbtmvGk191zV5o4i8RTjk5DI6FcO5GL0J1w9sAiVYfXlN8wdyr90kqO6MGcvSQEItJCTaljyRT53bekbUhdRE50=
+ch.			83340	IN	DNSKEY	256 3 8 AwEAAaANwH4naX1c6xHWHYuFVHa7PLc9n7BPL8J3sa2LqKuQvQ1aTu3hIYAsO6c5wlDp4Pgw8HejPdEZC/VRBtHkXeWfe84IJ2731IQYjQGyD4rKq/L9VjD9bMlSjj6RtI7t4ItzEPlsSEEmEtXFLt8IDzq0xc2tQcec9PsfvvV5jIWN
+ch.			83340	IN	DNSKEY	256 3 8 AwEAAbxjQGBSu3RdzMwH7MD1o5nuv3PZ+iGBPIX+sHKLTOVOzp0xGho//69OLYfJj8B5Fm5Id7IicmSb67qAkkOZHYqSVyjkbsF2FeNVj7lFhCGnQ4EcjFdU/vlbL49z34ILXVEQBHl3vMS40i9py9BoJ4XJIy0I+vKqO2DyvxGEx+j1
+ch.			83340	IN	RRSIG	DNSKEY 8 1 86400 20131004100909 20130819090909 22072 ch. Nwqv4Ibx3E8+0xjeHocT6/hNGB99sxwpA3Nnan82YRcwpc73M0B8xlvUb+tzsIHvbQVCL83MWWtBfwRsbd9a32eqHvCdzk7wdmgnc4e+vO2QBDrpqy/AXN4+urBK7iuueNy0yUpqjRlIoBE4Ku1Qo1HYQpKu1vUa29w9qMrvTjDIRudy5yJ4YHFYjWF25d80W8coIh00KL2IjAbeZXRYFaaMP9Vw7NQN3qNM64/6FWvGEtD3QNt3Xf86C4m27Antn+na6K3iGT+doMME2kFYJaGwOrHBlE9F3MqWMtRI4McMTnkc052MaOVGKvvtDzmpQBcNQTrrMO4rSC6OofBPBw==
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 893 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 50312
+;; flags: qr rd ra cd ; qd: 1 an: 3 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ingotronic.ch., type = DS, class = IN
+
+;; ANSWERS:
+ingotronic.ch.		541	IN	DS	6031 5 1 733D0218B571CD617B1A7493564B9FC4F12ADE82
+ingotronic.ch.		541	IN	DS	6031 5 2 4A948F2FDADA24686E473EDAC00DCF972584C75E3FAA92C2021B6221449FF87E
+ingotronic.ch.		541	IN	RRSIG	DS 8 2 3600 20130909002703 20130813122537 51783 ch. Ke4stscv7T3wI6xZa7YsiGpmKhs7b8yPTL/HnIuwVnkIdhQfBB7lbXxdxEyLTLq04dmfiC03EtXCAZSHYovU5sE7O3UA11g7bSljxBLSmuCS6h4es2DMIwNWBexGiIkHAtoCL6zedfjGkexz3IYhMA96OfH+ft2nt4ykuDsXXB8=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 288 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 22330
+;; flags: qr aa rd ra cd ; qd: 1 an: 4 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ingotronic.ch., type = DNSKEY, class = IN
+
+;; ANSWERS:
+ingotronic.ch.		300	IN	DNSKEY	256 3 5 AwEAAZ2Xh77GFzpEDx7EHYxShqltHgkiG+BOjBGifEmnJhQSdE5/yNSLFNcdhZZ8HUPxYnaedTqJcFFg4AzUsQklF/fECegTJdZjaj2WoL0/I8K7HMfY/hVuRZUWPNglYi8agJRX6gdkFTCpUNI7stpgKqxtzUJhhw15uG/lKMplwqUr
+ingotronic.ch.		300	IN	DNSKEY	257 3 5 AwEAAeA1vzmjaB+eBAcvhzpKEgAEFpvQ1rg4uKDW6MsQtacKoqBpgyep2+LuWotz5p/xYxj3NGsArwN8Ad5cY0FHRr8miTT0elOv6nvlqGIfRuhj/BXAQ1x4ihpSFslHw0lJMYFwxsUZWpUyjWX/nv1xRZMMwF46gui0N4OEbyTYusCk77D+A71k+K0EAitFIbIH4GCUKmH1H7HmXhSVH9bN/n7KEGwW32lmsuuUcJoRKDkcUvbMXY/9Xoa2quERrUg/rBbDUHowRPjYDS5GzY1+f4YY8s40BufGiqyUTKKXL953MVFK8gmezXA0hbmrnZ7CBOw/7238mORAdzExaX8n7CE=
+ingotronic.ch.		300	IN	RRSIG	DNSKEY 5 2 300 20130908212226 20130809202226 6031 ingotronic.ch. w8yqzYuixi+QI+UMdX3dVJVYynpp+d1wL8PwlqNMjL2dTsHxD6xSFefo+Zxxl2cte2soXuzU1pL5HiM34RgQL577FyVOInxfTpUEztG+z+PNS1xXBmHfGek9T70doaUwtdcP++V93H2Z9vG1dmgk0NYTKrKEYV30m0F4LUtWOMvnnZ50bIFi/PZAPAn1UJXK6m/A/tLfsECM4/YcZCE/R+Ce2wTKK0cmzFq0qo+QjznktvQr7BolDTjXb3TSssMwsB97RRfaRo6zZ4AMOa4ipCnd3IJBrCADzXtaGjp2ErfhwVxJCp9p+UVDqlYyMwEZO3MqJqpybzbvuQzNEOLVtw==
+ingotronic.ch.		300	IN	RRSIG	DNSKEY 5 2 300 20130908212226 20130809202226 17430 ingotronic.ch. Zv2um4K6MF35IV252+eZDTSpN/BF0ElGZXfVhrORtxgHLBaFQUGIAOvi7b6PlQTlMVhkaEQxwgxZSS1b81KqXeuqFC+Z9QUaX5N+A9c2klwOBV+njdktH6zi75bWWCnSN33wZsw1uOKgNEVSpF509GQq+2yUoJU7PHycmG4z0Y8=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 940 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 27567
+;; flags: qr aa rd ra cd ; qd: 1 an: 0 au: 4 ad: 1 
+;; QUESTIONS:
+;;	www.ingotronic.ch., type = DS, class = IN
+
+;; ANSWERS:
+
+;; AUTHORITY RECORDS:
+ingotronic.ch.		300	IN	SOA	ns1.ingotronic.ch. admin.ingotronic.ch. 2013032613 300 60 864000 300
+ingotronic.ch.		300	IN	RRSIG	SOA 5 2 300 20130908212440 20130809202440 17430 ingotronic.ch. Bv0THQWBGQh8Ymi6eLS7EIv8qA70/FmPrECD8ewe3nySf1N54/UqC++kOoIuG9sHoKNmSKl8SjoaYTulbVt0pUQROPKJh76eCAbfuusbY10dHWB4cZWYSY4NBW1z9twi9UfHHWhzeZloL/ILQG/eqVJAeKhlqwvhIzWzy2c1mWE=
+www.ingotronic.ch.	300	IN	NSEC	z.ingotronic.ch. A AAAA RRSIG NSEC
+www.ingotronic.ch.	300	IN	RRSIG	NSEC 5 3 300 20130908204313 20130809202226 17430 ingotronic.ch. D355Ot7NsJvQ0ED1dl4jSvr9Mxe2XnXwoXoF3d+dX5fikfJ5dnAH4txuGyAbVYchwmTmNpwdP2sPwPI/SBR9Ta7XuunxSfEUwibllU4GkktHNIBOzvH9fKZqqkpMfzIyxgthtEFr5WsKZACqKm02nykyoWIvbe2Ck3HVcscXVbY=
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 475 bytes
+
+###############################################
+
diff --git a/src/test/resources/recordings/org_xbill_DNS_dnssec_TestKeyCacheUsage/testUnsigned b/src/test/resources/recordings/org_xbill_DNS_dnssec_TestKeyCacheUsage/testUnsigned
new file mode 100644
index 000000000..e6e34bef8
--- /dev/null
+++ b/src/test/resources/recordings/org_xbill_DNS_dnssec_TestKeyCacheUsage/testUnsigned
@@ -0,0 +1,158 @@
+#Date: 2015-01-06T22:35:11+01:00
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 1856
+;; flags: qr aa rd ra cd ; qd: 1 an: 1 au: 1 ad: 3 
+;; QUESTIONS:
+;;	www.unsigned.ingotronic.ch., type = A, class = IN
+
+;; ANSWERS:
+www.unsigned.ingotronic.ch.	300	IN	A	127.0.0.1
+
+;; AUTHORITY RECORDS:
+unsigned.ingotronic.ch.	300	IN	NS	ns1.ingotronic.ch.
+
+;; ADDITIONAL RECORDS:
+ns1.ingotronic.ch.	300	IN	A	62.192.5.131
+ns1.ingotronic.ch.	300	IN	RRSIG	A 5 3 300 20150125005754 20141226001054 17430 ingotronic.ch. fNG1RZM53pXwBxruHNaSZszxVzNLoCq8VZsTjAzYH2vSLzHXYVGJFTLIeY0K9APAdyJU8WuwmABmn7XY0Kg39kRG77uoFlqUws2PdTz2QKOwJGZY7W88Ak2Y9lkDBcK8o3wJHVptrT8R7p/1U7UfjF0kqPUkakk2B0EbFWdagFg=
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 278 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 38534
+;; flags: qr rd ra ad cd ; qd: 1 an: 4 au: 0 ad: 1 
+;; QUESTIONS:
+;;	., type = DNSKEY, class = IN
+
+;; ANSWERS:
+.			87363	IN	DNSKEY	256 3 8 AwEAAaPD7Y7XIi1MOEREJNTrRhyqsY3gff6JWzg+XCbqut1sbcbvqyssHw8DT1AkRaAC92pO8xuyq5QEgEPL1IHfABLwpwXI5gTj4gdwi86bpkmlWs9fRpnn4DPDCTdrnxIejJXgClHikLJF3u3CdpNCMijq4CKdQbMlRZ3avv+G7rh7
+.			87363	IN	DNSKEY	256 3 8 AwEAAe3fSrbLBy3LOS7pnxEUhvPZTE2H5dIGsI/UfruI/nOEvWWa/PSX2BFedBkEqOlYdjdNF2f+6lmfk2Od/xu0v5bVqxFE+/24v3hZSlWBxvXzPTAGHrbW/IJYEPqlzVOAS4XdUgHg0N7IbLywNHMvB+Yf+Nm6ctyXXFLV4WTNnzs7
+.			87363	IN	DNSKEY	257 3 8 AwEAAagAIKlVZrpC6Ia7gEzahOR+9W29euxhJhVVLOyQbSEW0O8gcCjFFVQUTf6v58fLjwBd0YI0EzrAcQqBGCzh/RStIoO8g0NfnfL2MTJRkxoXbfDaUeVPQuYEhg37NZWAJQ9VnMVDxP/VHL496M/QZxkjf5/Efucp2gaDX6RS6CXpoY68LsvPVjR0ZSwzz1apAzvN9dlzEheX7ICJBBtuA6G3LQpzW5hOA2hzCTMjJPJ8LbqF6dsV6DoBQzgul0sGIcGOYl7OyQdXfZ57relSQageu+ipAdTTJ25AsRTAoub8ONGcLmqrAmRLKBP1dfwhYB4N7knNnulqQxA+Uk1ihz0=
+.			87363	IN	RRSIG	DNSKEY 8 0 172800 20150115235959 20150101000000 19036 . i8cAxD2pvQi1oAyvQxRpDfFlbqPzW+69QQEsDwE1eWOm5AtawO9U7lmsGps7sy/fVNvl1ljKBj4Djp9pb3U2FLogjiIlW0cDAkPmLlG9t+b/pjEfBNlhjANUVN06pvQVAfm+LcF26EaWT6FlISBqb6jSy4BHRa3Bdc4Sx7+pRSYSqVVvYxLkfAWsKPqGkvWhebJDndJJV9syXQXgZ+v/uJ+6XOS43xkAdeL8iBzIs/FlwMTfh3tVe3d0lb65IBBLlCzeQuetX+0Vu1YFcnD0mHc/wS2ZnAV5toAFmyVQBoY/XAZiZeaOkcROJ6Zmqezy7liwK7BqsYyAZntMhk8lbg==
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 883 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 61854
+;; flags: qr rd ra ad cd ; qd: 1 an: 2 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ch., type = DS, class = IN
+
+;; ANSWERS:
+ch.			963	IN	DS	46375 8 2 8F96646FC68BB7E4AF4C0750A6096FBC0D4ECDA3D3FA6DA06FDDB42EE50C6CF3
+ch.			963	IN	RRSIG	DS 8 1 86400 20150112170000 20150105160000 16665 . thY7xYWBBxiBjqbQIb9fAG4TmQgnziwM7q6P1T3/ITxmECdvOCQnnZA3uD7qmN8uM0HudsD7+y+zgD3rsH4RSTKdL4kHSI0OnCxToMTvklghEgFDezqIRm8NkWdI2H4Stwrj20nYKSpLQxPI2EE54gs18P3KyO8bAUYv8Qx73xU=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 238 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 48752
+;; flags: qr rd ra ad cd ; qd: 1 an: 4 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ch., type = DNSKEY, class = IN
+
+;; ANSWERS:
+ch.			964	IN	DNSKEY	257 3 8 AwEAAb7GhhZ8IAy/AhwmSms5DeQK5ad09wIIplEpYoiAIYXPtJvT1ReFzyfTp/2YP+g/PWDwHPh4qKAHa9x0VgbIQcGAeNakmfkAdWEmCnca323/SAml3mwfaX62G7/uYWae5zh8QTxZKNd+K1yZ5x0IxnI31chSl5xymRbTEHYZDKwSIRFM3fTxUMt93WFaBVWELReYotJBr++rvAWdnlay5TPBTvheLBkaiqtgM4GP8HK07Y+86lsZnEsj5K3G1KTV5SPpa82rqYAwxG9VKbmSE/6/kBR5jJHjt1rRt5Oe7v18aEtw0YCEN4vxq+KuvMoNVqXUsE9LBwHJD+QNwi6wmB0=
+ch.			964	IN	DNSKEY	256 3 8 AwEAAcSLdT0fEmcFmLpeUkAJoeVaHKiu+nbuc43fWlqaCRVf8t2HA4uWxOk0O5ci9nrFTc8nq8oa5fk5Cj7CHh4yrX9qUCfTdIWTyp8BDEdJpS+Dyb0u9wQuVj+nQMj4fLzdQf4TJs3/qxuiLr3nL1UUwlhhXeqSqGVb7p3mtB5HJ8ad
+ch.			964	IN	DNSKEY	256 3 8 AwEAAcsg0kY6fw1wzYMhSAKTy+Y2JzAst66P/1odp9NECJJHbU8f4nwziI3onoFSBV0ZiSZhY1aH5dhdDZ7BkrqhVXSrZPAz0CvzjIxmB1gSOf9DeZvjQvoy97HqYolxsf+B3QQv2RKBT67elF5+JisKg3/dQISelKn8LhabSoVrMlD1
+ch.			964	IN	RRSIG	DNSKEY 8 1 86400 20150127100909 20141212090909 46375 ch. bT8q0FWyeMH0SulNo6UdIIgZYNATwYsee2bikq2Gh339Bufma8eaqWIPYT3XKmxYPBFOw0bVl+kLZxTwbR1CFoCDXoP+qgQhh4mf9qkNiv2CDSc+0FE3FRREn+DAhYTUEuB58FPiPakFB8s8O7T+k2qhDae7jy4/y7Jl1lnjaBY8s7bzOUPhF0KKCNZmvoKwtL23ZdVeTSV1xM3jkiNnpzBKbcoSWECSGJVp1SE0BnRXdwQP41YTXFZ0310YjaTAUCC5qbMIWdEkHjfdSQtKBImnc85mkapq9w++XQ4zhauPWBtrPV3CcoCahjUaWdjrKVkibomlJZaN8MEO23CfQw==
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 893 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 23116
+;; flags: qr rd ra cd ; qd: 1 an: 3 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ingotronic.ch., type = DS, class = IN
+
+;; ANSWERS:
+ingotronic.ch.		3572	IN	DS	6031 5 1 733D0218B571CD617B1A7493564B9FC4F12ADE82
+ingotronic.ch.		3572	IN	DS	6031 5 2 4A948F2FDADA24686E473EDAC00DCF972584C75E3FAA92C2021B6221449FF87E
+ingotronic.ch.		3572	IN	RRSIG	DS 8 2 3600 20150129033614 20150105123019 60789 ch. rVPJP2HhzW7OkroK2axFj5Lb4iVWCH8Fp/Iq1rF952NDo72b8RiKje2RaAKJAGQ+wd0YgE+PAej04GCmkhlDJA/zvPeeTxuhy3HbJzReMlQ7fjyH+wW1hli+FuIYvogXWf7nO/9VyPORt8X/f/pjrOr3Vlj9sGLN8TGYpEuVSw4=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 288 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 39476
+;; flags: qr aa rd ra cd ; qd: 1 an: 4 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ingotronic.ch., type = DNSKEY, class = IN
+
+;; ANSWERS:
+ingotronic.ch.		300	IN	DNSKEY	257 3 5 AwEAAeA1vzmjaB+eBAcvhzpKEgAEFpvQ1rg4uKDW6MsQtacKoqBpgyep2+LuWotz5p/xYxj3NGsArwN8Ad5cY0FHRr8miTT0elOv6nvlqGIfRuhj/BXAQ1x4ihpSFslHw0lJMYFwxsUZWpUyjWX/nv1xRZMMwF46gui0N4OEbyTYusCk77D+A71k+K0EAitFIbIH4GCUKmH1H7HmXhSVH9bN/n7KEGwW32lmsuuUcJoRKDkcUvbMXY/9Xoa2quERrUg/rBbDUHowRPjYDS5GzY1+f4YY8s40BufGiqyUTKKXL953MVFK8gmezXA0hbmrnZ7CBOw/7238mORAdzExaX8n7CE=
+ingotronic.ch.		300	IN	DNSKEY	256 3 5 AwEAAZ2Xh77GFzpEDx7EHYxShqltHgkiG+BOjBGifEmnJhQSdE5/yNSLFNcdhZZ8HUPxYnaedTqJcFFg4AzUsQklF/fECegTJdZjaj2WoL0/I8K7HMfY/hVuRZUWPNglYi8agJRX6gdkFTCpUNI7stpgKqxtzUJhhw15uG/lKMplwqUr
+ingotronic.ch.		300	IN	RRSIG	DNSKEY 5 2 300 20150125003700 20141226001657 6031 ingotronic.ch. rs1QlP2SlSpA2ELbzwg3DgWLzXWL3Lpv6CUJE2Q0qH2Zp7Qdy3cD+ZEtNh9v24Qv1M6JJ3zFt8mmZoCeW2ycuMbJCqBkW9CBuwF+VznZvZY2MxwPipvhvEEGP//0M8YAZJ66yQPDv3PTdAP8FYbIrJyvY44vwyncwbslpfHT9jAsrbfr3vuMuWps86dnP462q+0s1TxBfqi8mzo3gdavjHKWVNwohLahLKT+tWeu6DSzQv0YwMjwtkLgF7QRgx3ctIIkloOrnx9nHH1N6y+hxEB89fOlyVDjHhgL5uVtsD5fEdT0FJ2Gc/2nShEMMqIwr1/J9kUq1mNySff/uEe65Q==
+ingotronic.ch.		300	IN	RRSIG	DNSKEY 5 2 300 20150125003700 20141226001657 17430 ingotronic.ch. mEwZjhQqeWksWD0TCnNBrtce4YkWJL3edqL6PvAUu8Fn+Ih437kEs3+pqdkgRsdYQ9HW+lBm/8pWwJlNAv0bi9NykItXMwAUFtncgq+6Pnh3iAM972GXSa5VV4LcGQ5b8CBdHCHiEKDqyPv5Hr5QfYL/FQaWlcNRh4QZZlZNPFA=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 940 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 45944
+;; flags: qr aa rd ra cd ; qd: 1 an: 0 au: 4 ad: 1 
+;; QUESTIONS:
+;;	unsigned.ingotronic.ch., type = DS, class = IN
+
+;; ANSWERS:
+
+;; AUTHORITY RECORDS:
+ingotronic.ch.		300	IN	SOA	ns1.ingotronic.ch. admin.ingotronic.ch. 2013032762 300 60 864000 300
+ingotronic.ch.		300	IN	RRSIG	SOA 5 2 300 20150125021244 20141226011244 17430 ingotronic.ch. WDLpp9G0P/rlMBfpFn9sAfpEFoBnQfwyGSXbGCc/LG1FSkJoKLDQYDY696scLNsJgkrzZeJrl0oSSvA8AvRUhYRrmuqWMxTVFgYlRwPwqEMCKUqiVhKGVF4NYemoBiUQC4nJwBZd57xKCiF4AQ4CodBtiZxefJFAlTNE0g2yxtM=
+unsigned.ingotronic.ch.	300	IN	NSEC	v.ingotronic.ch. NS RRSIG NSEC
+unsigned.ingotronic.ch.	300	IN	RRSIG	NSEC 5 3 300 20150125004144 20141226003211 17430 ingotronic.ch. VsO/22QJi2Ny+QZBukileDIUc4/DqPdZwNssNbylPAscz0IBrLt9zKDcI26NSMqhFRFXIZqBXJScmKJseKB+wQUscwKK5kkzUIXK/SPbLQ8MLnOUKIXUgURDKDCp6W8eHoa/51dOS0Vb1woxmzN1kQnjTTUoW5z1igN7RcYCuGQ=
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 480 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 51417
+;; flags: qr aa rd ra cd ; qd: 1 an: 1 au: 1 ad: 3 
+;; QUESTIONS:
+;;	www.unsigned.ingotronic.ch., type = A, class = IN
+
+;; ANSWERS:
+www.unsigned.ingotronic.ch.	300	IN	A	127.0.0.1
+
+;; AUTHORITY RECORDS:
+unsigned.ingotronic.ch.	300	IN	NS	ns1.ingotronic.ch.
+
+;; ADDITIONAL RECORDS:
+ns1.ingotronic.ch.	300	IN	A	62.192.5.131
+ns1.ingotronic.ch.	300	IN	RRSIG	A 5 3 300 20150125005754 20141226001054 17430 ingotronic.ch. fNG1RZM53pXwBxruHNaSZszxVzNLoCq8VZsTjAzYH2vSLzHXYVGJFTLIeY0K9APAdyJU8WuwmABmn7XY0Kg39kRG77uoFlqUws2PdTz2QKOwJGZY7W88Ak2Y9lkDBcK8o3wJHVptrT8R7p/1U7UfjF0kqPUkakk2B0EbFWdagFg=
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 278 bytes
+
+###############################################
+
diff --git a/src/test/resources/recordings/org_xbill_DNS_dnssec_TestNSEC3NoData/testNoDSProofCanExistForRoot b/src/test/resources/recordings/org_xbill_DNS_dnssec_TestNSEC3NoData/testNoDSProofCanExistForRoot
new file mode 100644
index 000000000..1e7a7b7a6
--- /dev/null
+++ b/src/test/resources/recordings/org_xbill_DNS_dnssec_TestNSEC3NoData/testNoDSProofCanExistForRoot
@@ -0,0 +1,38 @@
+#Date: 2014-01-28T22:39:20+01:00
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 48189
+;; flags: qr aa rd ra ; qd: 1 an: 0 au: 8 ad: 1 
+;; QUESTIONS:
+;;  ., type = DS, class = IN
+
+;; ANSWERS:
+
+;; AUTHORITY RECORDS:
+;hash(.) -> hash(a.)
+;key is the same as for nsec3.ingotronic.ch.
+79anvqbpbhcdqbbli9adpmg4p0sof39o. 300 IN NSEC3 1 0 10 1234 9umm3m67j29mljvnfbcqa4prsu1gir2r NS SOA RRSIG
+79anvqbpbhcdqbbli9adpmg4p0sof39o.   300 IN  RRSIG   NSEC3 7 1 300 20140215011722 20140116005424 16758 . BbqCmb/7I8FMxVbQuOTQ7+Yfpw/1NTNlL29y3AWu4GRh+v3Mrh13PqsS+pwEgBtHTQ2uUCMil+1kiUs2qNCnbz7N5gV3RNtiNZOW9dltU3B2gSwFuX4UKPdCuIrHTBeIVZo7IsSYZSL2/GZ3ECdwbL28KRtvvp1l7uOeHuDdmeIJm47XyowM9v+x1/iCch6GoDzw5XcuXFoEfT+4sXQdhxGneab64alYo49kSf1+lt0pwNTJOtNcyAHvrnsLO/g3Kk5cfR2MNw7ubVyJRicCYO82252LoXITZ/q2Y6k+OCquo5kmc0OLeijZySYF54xFyg2zlcv54j70c/wI9xle7g==
+
+;; ADDITIONAL RECORDS:
+.           32768   CLASS4096   OPT  ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 1051 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 60551
+;; flags: qr rd ra ad cd ; qd: 1 an: 3 au: 0 ad: 1 
+;; QUESTIONS:
+;;  ., type = DNSKEY, class = IN
+
+;; ANSWERS:
+.    300 IN  DNSKEY  257 3 7 AwEAAaBuJTf9oGyeTH3biUkAFLrsYrkodX1H7Snsui4XsDHFCBvs5XYacHbs0Jg0/O51KPjmNnjwMW8SSyDkKqYQ+9uYAf2EQ/pnD/VGQqnV2cw0Vwk/t0E2V4FUCju4pnAoyzZFZXGs1eWbX9JXu++b0Azp+ACq6485qJLzHhWDiIrPoK/SvdbFVRK4s+nPPJLH3NGBbtdz6kPq7aFWYBMoGeAZdN1wsQpcNWUo5eOmaJY53nMc7+rDpAyYlMe/FKwSZdX2ZDd63Qsa6Im4FVUJq/nWLq7tlQ/mWks15uDTQyJy/OWfA0ICCO4N9Fel9rThJNpJWEzOCblvZyBoy405kZk=
+.           300 IN  RRSIG   DNSKEY 7 0 300 20140215011722 20140116005424 16758 . dFPeCHbVNX/k3Hx9XKC6T0WaboXStOxprTqqc8DQSvTTaUrazAwc41/ty1LMdgrcU1JpvZmB3UzLoQcFoYaMQKOcQyPm4GCABMzl0xNTWAOjYURIZggEIEuu61p4j0y4nc52CnRbLxgjUsQOAvPzgDyJHnQ7eSOnz9tZSrpyTmtzU/szKm623cH+7DkguG1QpbWCNl4cTjyqDPwefsdE82u/8PAQ0ANR/hy5sZ4IOwdOas/H1oYCMIc0y9IEtlYO0LPiOv9rx/UmgH64tuuLmmgiIGZXqExsh1XEsQqakCQ33Ux4+p1MCQl3uM/6WvGdJkKNR7/n4kktQy2BxF3ONA==
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.           32768   CLASS4096   OPT  ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 736 bytes
+
+###############################################
diff --git a/src/test/resources/recordings/org_xbill_DNS_dnssec_TestNSEC3NoData/testNodataApexNsec3ProofInsecureDelegation b/src/test/resources/recordings/org_xbill_DNS_dnssec_TestNSEC3NoData/testNodataApexNsec3ProofInsecureDelegation
new file mode 100644
index 000000000..56d439691
--- /dev/null
+++ b/src/test/resources/recordings/org_xbill_DNS_dnssec_TestNSEC3NoData/testNodataApexNsec3ProofInsecureDelegation
@@ -0,0 +1,158 @@
+#Date: 2014-01-28T22:39:20+01:00
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 48189
+;; flags: qr aa rd ra ; qd: 1 an: 0 au: 8 ad: 1 
+;; QUESTIONS:
+;;  sub.nsec3.ingotronic.ch., type = A, class = IN
+
+;; ANSWERS:
+
+;; AUTHORITY RECORDS:
+nsec3.ingotronic.ch.    300 IN  SOA ns1.ingotronic.ch. admin.ingotronic.ch. 2013032736 300 60 864000 300
+nsec3.ingotronic.ch.    300 IN  RRSIG   SOA 7 3 300 20140215042629 20140116032629 62417 nsec3.ingotronic.ch. DaTlmlI5j/Y1XJZtij2jplUmwYCcfcUr7O0fzFwUoP7y/3gjaqeT8YyhD1JJP2Agf1ZwEh2q12lD3ZiYp9RvOmkreWQiDv8zUbykBwNpY9w2ur6qgEZWtLQgB+BqdYUeAVV+EOOq+RfVSZzee+z9E+Pf/sEV4kXTbRTwGS+4XmM=
+
+;hash(sub.nsec3.ingotronic.ch.), taken from parent zone and removed the DS
+5RFQOLI81S6LKQTUG5HLI19UVJNKUL3H.nsec3.ingotronic.ch. 300 IN NSEC3 1 0 10 1234 74SO0776K6C87EPASDU8QK8SROIK00KK NS RRSIG
+5RFQOLI81S6LKQTUG5HLI19UVJNKUL3H.nsec3.ingotronic.ch.   300 IN  RRSIG   NSEC3 7 4 300 20140215042629 20140116032629 62417 nsec3.ingotronic.ch. fjiw9C0JFM8mA45Wzu+0H4SMe7CIce05bKuTvXUMI6RY164xMRgU0a9mQpk++Upksk/eAnexzA/TlqYQISGg+/JWV/js5xUNc6jYVWUmy84wGPq2vSrC3uoLwBZgvmNjAJlEHMFFx3XX9ihS4+KhgFM66s5pqLiIAshPwe6wsqU=
+
+;; ADDITIONAL RECORDS:
+.           32768   CLASS4096   OPT  ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 1051 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 60551
+;; flags: qr rd ra ad cd ; qd: 1 an: 3 au: 0 ad: 1 
+;; QUESTIONS:
+;;	., type = DNSKEY, class = IN
+
+;; ANSWERS:
+.			61065	IN	DNSKEY	256 3 8 AwEAAb8sU6pbYMWRbkRnEuEZw9NSir707TkOcF+UL1XiK4NDJOvXRyX195Am5dQ7bRnnuySZ3daf37vvjUUhuIWUAQ4stht8nJfYxVQXDYjSpGH5I6Hf/0CZEoNP6cNvrQ7AFmKkmv00xWExKQjbvnRPI4bqpMwtHVzn6WybBZ6kuqED
+.			61065	IN	DNSKEY	257 3 8 AwEAAagAIKlVZrpC6Ia7gEzahOR+9W29euxhJhVVLOyQbSEW0O8gcCjFFVQUTf6v58fLjwBd0YI0EzrAcQqBGCzh/RStIoO8g0NfnfL2MTJRkxoXbfDaUeVPQuYEhg37NZWAJQ9VnMVDxP/VHL496M/QZxkjf5/Efucp2gaDX6RS6CXpoY68LsvPVjR0ZSwzz1apAzvN9dlzEheX7ICJBBtuA6G3LQpzW5hOA2hzCTMjJPJ8LbqF6dsV6DoBQzgul0sGIcGOYl7OyQdXfZ57relSQageu+ipAdTTJ25AsRTAoub8ONGcLmqrAmRLKBP1dfwhYB4N7knNnulqQxA+Uk1ihz0=
+.			61065	IN	RRSIG	DNSKEY 8 0 172800 20140204235959 20140121000000 19036 . naUK900bmMkwXGEUg2wDRHVLN5vPQCU5l9LE3ZwiShbOze9KpWtFCluZ8v2G6Xlm35vNK+sq4B/UV/PVS9f4FhLgfQKJSThpAT8CqMOdvLgu+sTQ4bp+ve1h9sK3T20xjs3khQ16D4mDNUK+sdGEHpBJu7RlBGlprD9Xa8yE8CSkR/WFDm91wIU7AoTdqCz9Lkb1TFavj8SrSjQXYt/H+xwy8VzKxfxL/f9Lm70bfLmW8ZVRKjT12cbs+7TxG4IwP/W0TiTq7oa2fDESKJq3mAHOTifHl3cTG5DO7nldesDPcxWD4UZxYMz1teSlKSNgQGdcUVHIeMkhh1pBnfnCBA==
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 736 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 10015
+;; flags: qr rd ra ad cd ; qd: 1 an: 2 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ch., type = DS, class = IN
+
+;; ANSWERS:
+ch.			824	IN	DS	24859 8 2 9AFD21261EAF98AFD7E24E89BE6B25767F93EB401C6C3DF21342F40EE82DCCF0
+ch.			824	IN	RRSIG	DS 8 1 86400 20140203000000 20140126230000 33655 . vdEmh6O0rGMUcX5EDZtUAT/D7jadckSXdN9YILrNJZj32Xl7BwJOzvvI2nXngmG/o6KdxMqh+Cldp0alYKUvWXX3A16xIp89aLkxlyBWM84t1Bt8V0XPHFZJDCznfVvYhFYG0tnUpABg6F3rGiDwk2woCmFPTeZMjPgWk4p2IDI=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 238 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 46537
+;; flags: qr rd ra ad cd ; qd: 1 an: 4 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ch., type = DNSKEY, class = IN
+
+;; ANSWERS:
+ch.			824	IN	DNSKEY	257 3 8 AwEAAb5bW5/VfwMAh4475ab4xxrFwc7RIbAoKOABByzbIDMODUlQz1MQLlrI/z4SYANynrDCevw2f1f2ROUzriZpqwqiTN2w3K3GJrk7yZ+1e8OhI2uaGsxKVnTyxKiyzPlC9OLilEsZ4oLGoUIksfJgdDY9+Nj1971H1XS1eDNViJ6kSxgnbxH5tnHl5s75Wfzq8GxSyMu5KxoYbCGT/mvU5ZyZccULQUe/f11FE5JazLf9TgtyDSyWdCFRWl6mdIAR7lVCY82jtN0+Mhzp1PYF/YK3IReKs9P0vijM8qYDXem0NNSzse9lk7SiJWc02vVo/QmfxqTVkNrv2Fcg7fUoiCk=
+ch.			824	IN	DNSKEY	256 3 8 AwEAAfRZWbfzfBEayMyl/GmDY+e9zmYPNLVlfss3/eUxwnsfh704epy8rVQ6pJuVU0ihFWHTp583ZvWy73ZrVrtXwXbpa3z4+84vhxXDshHG6W67/XEThG0zQY/zFwopIQC+/LLhn7NAR5SZghdqS7+d4EoW52BZtGW/hZIyGuiWZynZ
+ch.			824	IN	DNSKEY	256 3 8 AwEAAcbnjesseojqOqAWrNxHDr7aw4jwJkQGfFtWdtr0KQEQApS112QmhbWIZ1yHS8IWbAd4jVGRFQqJ4KZoFW6HdgKfXcfrBQ5QXVfi0gyyZjzwAteOGxAH8NtuqbOwkhT3efDtntJcY+wQIwL5QQKKX/Aw2CvxhmUQxHCNhvsD2HPH
+ch.			824	IN	RRSIG	DNSKEY 8 1 86400 20140303100909 20140116090909 24859 ch. F/gnqCvTxFwFFkUX/YEP4ifda8rSrU1DWEJKrj3lnobrd7LJQJRYwanOXbF0YRbNJWPsDXvw2v8/m9NggNy9EL7/iwR9TB2eNwwDAoZsrDitvmVFWm4ewueWNlXy63P96CyzeiTx37uxh59+PpC/w6+Z8Eb/ce6K714NW5PGg3ZM1ABNVt3VSv1WpbnOHdUKp0WHQtvUxSUh1EBN9OZAi9OsO/e44VmAEICA2qqVYcUR3hdiVBTCn0M+g+afXhTmavsUVSzeEdVtHpRLV7q1rIM2woWFmnhG27VGE+Fx5D7wwj9aC09vr4xADdmlTa05taoX0OKKqO5X1j/kT38SAg==
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 893 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 47971
+;; flags: qr rd ra cd ; qd: 1 an: 3 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ingotronic.ch., type = DS, class = IN
+
+;; ANSWERS:
+ingotronic.ch.		2355	IN	DS	6031 5 2 4A948F2FDADA24686E473EDAC00DCF972584C75E3FAA92C2021B6221449FF87E
+ingotronic.ch.		2355	IN	DS	6031 5 1 733D0218B571CD617B1A7493564B9FC4F12ADE82
+ingotronic.ch.		2355	IN	RRSIG	DS 8 2 3600 20140227194545 20140128190342 47694 ch. fI4xUfXJ/4RwPi0CQUX12gHlmSAh6NLE9AXNRFXv0JX2Jhprq1rwLnbCxZsdU0N27dHSIFeeOSb3b02EdaBKKtBAPegXOIYX67siXHhRnykXjqX0tuHDPWYPeegh7UttVLWi0ZHeBJ6YagYW+9Cu3EyoAhVt5V72rgKzB6cKWK0=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 288 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 48551
+;; flags: qr aa rd ra cd ; qd: 1 an: 4 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ingotronic.ch., type = DNSKEY, class = IN
+
+;; ANSWERS:
+ingotronic.ch.		300	IN	DNSKEY	256 3 5 AwEAAZ2Xh77GFzpEDx7EHYxShqltHgkiG+BOjBGifEmnJhQSdE5/yNSLFNcdhZZ8HUPxYnaedTqJcFFg4AzUsQklF/fECegTJdZjaj2WoL0/I8K7HMfY/hVuRZUWPNglYi8agJRX6gdkFTCpUNI7stpgKqxtzUJhhw15uG/lKMplwqUr
+ingotronic.ch.		300	IN	DNSKEY	257 3 5 AwEAAeA1vzmjaB+eBAcvhzpKEgAEFpvQ1rg4uKDW6MsQtacKoqBpgyep2+LuWotz5p/xYxj3NGsArwN8Ad5cY0FHRr8miTT0elOv6nvlqGIfRuhj/BXAQ1x4ihpSFslHw0lJMYFwxsUZWpUyjWX/nv1xRZMMwF46gui0N4OEbyTYusCk77D+A71k+K0EAitFIbIH4GCUKmH1H7HmXhSVH9bN/n7KEGwW32lmsuuUcJoRKDkcUvbMXY/9Xoa2quERrUg/rBbDUHowRPjYDS5GzY1+f4YY8s40BufGiqyUTKKXL953MVFK8gmezXA0hbmrnZ7CBOw/7238mORAdzExaX8n7CE=
+ingotronic.ch.		300	IN	RRSIG	DNSKEY 5 2 300 20140218124422 20140119114422 6031 ingotronic.ch. ToVAQwGYFHE7lkZGc3b42RmbJxQgkCq0U/GBj/thBklPY+6ljKhNSKBSXbM6rFpMHGoWC2WAXlDLTLRZJT1mBziFDd2YXyxRItr+oj+FK2zGEYM5+JEUG/TW1XS7LH5y8Uj8RaJuXi76OUYtBG+r0KFidH+ix3dlxg/O43epn8nf3wMwnrJL7EddjuMGSujFjoIM+Fy0CKvu+R5RFyIQn2V7E2Y/ZoSzEn7Ey27IYRc1EiskzUz94opbIQHx0/YkngZpDOSs9P2d8FX7rJVBjy7pxvS6IA8EPytJMEwAEw4agaq9nCEc7M0rdN0knv81qTLZWF/p47m2X13yTGrhOw==
+ingotronic.ch.		300	IN	RRSIG	DNSKEY 5 2 300 20140218124422 20140119114422 17430 ingotronic.ch. dW820FCc9H0HzcOEihkrGq7W5Cm8y0FXg4xcMWaobHzsX3jI5ResccGi9UnNclE6pXAnu4E7w7d8tOEdih+Eb8rt67eaXOIBReWynMaHkVpAbRASiil755vnCE3SsXathrunUVpRB3QkIVqRhTLGzM+LANC3H8jVXhGVRVy8Dog=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 940 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 25297
+;; flags: qr aa rd ra cd ; qd: 1 an: 3 au: 0 ad: 1 
+;; QUESTIONS:
+;;	nsec3.ingotronic.ch., type = DS, class = IN
+
+;; ANSWERS:
+nsec3.ingotronic.ch.	300	IN	DS	16758 7 1 1720FF268E09A2CB63805EC8782D10AAD20E12A5
+nsec3.ingotronic.ch.	300	IN	DS	16758 7 2 3C8DC02750A1636F829B45D6E6D642866768A9CD40A013AD9D25AB63734FFA13
+nsec3.ingotronic.ch.	300	IN	RRSIG	DS 5 3 300 20140218125024 20140119120700 17430 ingotronic.ch. JE66mSXrbaDE2usJScL/GXUxTXRn+GeO+Fi/iJyajr09aVnqTqd7UEN9eq454rLozFAv4dV3vKQywOI7BDMkM+OfVYQKy/Kro7CcvNpcuo+Tg8kX8ttl1a6C9kjy75wHh09X62TmKhA1a5bksHMs/P3SCTG87cXllmTpot3KlUE=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 305 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 57018
+;; flags: qr aa rd ra cd ; qd: 1 an: 4 au: 0 ad: 1 
+;; QUESTIONS:
+;;	nsec3.ingotronic.ch., type = DNSKEY, class = IN
+
+;; ANSWERS:
+nsec3.ingotronic.ch.	300	IN	DNSKEY	256 3 7 AwEAAccAWxkTVGZ6UAp0VEozAlYpARhbh6Y6tYOl6Fg3UeBNFFtDQ9fTEEt1NkbnR9u8KkpVN6a67avlYiUN1egDqEwzDU7R1Rw+/USdhm2hqOARmmu3DBgjjX/iXjZLyv310cOGFJZ/smcodlDL4pDAAoPxh/qs6KEBaT0sc1KWcGq3
+nsec3.ingotronic.ch.	300	IN	DNSKEY	257 3 7 AwEAAaBuJTf9oGyeTH3biUkAFLrsYrkodX1H7Snsui4XsDHFCBvs5XYacHbs0Jg0/O51KPjmNnjwMW8SSyDkKqYQ+9uYAf2EQ/pnD/VGQqnV2cw0Vwk/t0E2V4FUCju4pnAoyzZFZXGs1eWbX9JXu++b0Azp+ACq6485qJLzHhWDiIrPoK/SvdbFVRK4s+nPPJLH3NGBbtdz6kPq7aFWYBMoGeAZdN1wsQpcNWUo5eOmaJY53nMc7+rDpAyYlMe/FKwSZdX2ZDd63Qsa6Im4FVUJq/nWLq7tlQ/mWks15uDTQyJy/OWfA0ICCO4N9Fel9rThJNpJWEzOCblvZyBoy405kZk=
+nsec3.ingotronic.ch.	300	IN	RRSIG	DNSKEY 7 3 300 20140215023510 20140116021800 16758 nsec3.ingotronic.ch. RT1Lj82phLAEt5Ck6F/vg6VYvgT7Loy7sixOoZC13YCU7tJqe9lZEWWQuDATlvUdMeyApDXjDj0Czy2cDlCxPrtpZANm+/GWGn67+t8MUC2r8rgbVvFWjHFmMrb9nMLsdOajF5m7A9cnPIpFfng7uUqlpBZ7UvvBGtBOy6sRxErdxzr2KY+2B2dLyfGw7z9e04J9F75AC+jdL1Z+R0CSkaYJoroun53OULF8xhNOB9D4pbKx/fcVxVuNx2L8KcpDn2EsHGSkM4eIUo7l3kYx3f4OV0HFIL0pwByqDvc+66HCEcS5OBlEM+Z5EDKS1DGY3DE85RFZpu4sIShqffRB4A==
+nsec3.ingotronic.ch.	300	IN	RRSIG	DNSKEY 7 3 300 20140215023510 20140116021800 62417 nsec3.ingotronic.ch. iGelQHd9Eqam20YcJGFoOLn6DTQgkCts5nJrRLRYuDndGNUOcpTt0EcPImOGiDYEk+0TiXXF3jfbKYaZtncsKvwE50m41E4osqdIA/rpJU9GFWwGgQ2EX5uizunyxEM/YzTgjr9+heIW9+MtgPV1NZRp8HPN3Tq96j3VI3lCQxs=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 958 bytes
+
+###############################################
+
diff --git a/src/test/resources/recordings/org_xbill_DNS_dnssec_TestNSEC3NoData/testNodataApexNsec3WithSOAValid b/src/test/resources/recordings/org_xbill_DNS_dnssec_TestNSEC3NoData/testNodataApexNsec3WithSOAValid
new file mode 100644
index 000000000..b8b733c32
--- /dev/null
+++ b/src/test/resources/recordings/org_xbill_DNS_dnssec_TestNSEC3NoData/testNodataApexNsec3WithSOAValid
@@ -0,0 +1,158 @@
+#Date: 2014-01-28T22:39:20+01:00
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 48189
+;; flags: qr aa rd ra ; qd: 1 an: 0 au: 8 ad: 1 
+;; QUESTIONS:
+;;  sub.nsec3.ingotronic.ch., type = A, class = IN
+
+;; ANSWERS:
+
+;; AUTHORITY RECORDS:
+nsec3.ingotronic.ch.    300 IN  SOA ns1.ingotronic.ch. admin.ingotronic.ch. 2013032736 300 60 864000 300
+nsec3.ingotronic.ch.    300 IN  RRSIG   SOA 7 3 300 20140215042629 20140116032629 62417 nsec3.ingotronic.ch. DaTlmlI5j/Y1XJZtij2jplUmwYCcfcUr7O0fzFwUoP7y/3gjaqeT8YyhD1JJP2Agf1ZwEh2q12lD3ZiYp9RvOmkreWQiDv8zUbykBwNpY9w2ur6qgEZWtLQgB+BqdYUeAVV+EOOq+RfVSZzee+z9E+Pf/sEV4kXTbRTwGS+4XmM=
+
+;hash(sub.nsec3.ingotronic.ch.), taken from parent zone and added a SOA, which makes this repsonse actually valid again
+5RFQOLI81S6LKQTUG5HLI19UVJNKUL3H.nsec3.ingotronic.ch. 300 IN NSEC3 1 0 10 1234 74SO0776K6C87EPASDU8QK8SROIK00KK NS DS SOA RRSIG
+5RFQOLI81S6LKQTUG5HLI19UVJNKUL3H.nsec3.ingotronic.ch.   300 IN  RRSIG   NSEC3 7 4 300 20140215042629 20140116032629 62417 nsec3.ingotronic.ch. hDh7ATOdwszkVQCMmbGXPdQu5j24W1SLVRU5ZcwsqPPkRYmgUUsCqchpaHNV216S1Q0PYkdDWiuoCv26fkNVIRIydNlGC+kw567qlq520En2dFdVlTf4FFjADglWbCDjHBYagSx6e/y1ekDsvtPLDxi80M9wFruAhNLXlFd1KsE=
+
+;; ADDITIONAL RECORDS:
+.           32768   CLASS4096   OPT  ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 1051 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 60551
+;; flags: qr rd ra ad cd ; qd: 1 an: 3 au: 0 ad: 1 
+;; QUESTIONS:
+;;	., type = DNSKEY, class = IN
+
+;; ANSWERS:
+.			61065	IN	DNSKEY	256 3 8 AwEAAb8sU6pbYMWRbkRnEuEZw9NSir707TkOcF+UL1XiK4NDJOvXRyX195Am5dQ7bRnnuySZ3daf37vvjUUhuIWUAQ4stht8nJfYxVQXDYjSpGH5I6Hf/0CZEoNP6cNvrQ7AFmKkmv00xWExKQjbvnRPI4bqpMwtHVzn6WybBZ6kuqED
+.			61065	IN	DNSKEY	257 3 8 AwEAAagAIKlVZrpC6Ia7gEzahOR+9W29euxhJhVVLOyQbSEW0O8gcCjFFVQUTf6v58fLjwBd0YI0EzrAcQqBGCzh/RStIoO8g0NfnfL2MTJRkxoXbfDaUeVPQuYEhg37NZWAJQ9VnMVDxP/VHL496M/QZxkjf5/Efucp2gaDX6RS6CXpoY68LsvPVjR0ZSwzz1apAzvN9dlzEheX7ICJBBtuA6G3LQpzW5hOA2hzCTMjJPJ8LbqF6dsV6DoBQzgul0sGIcGOYl7OyQdXfZ57relSQageu+ipAdTTJ25AsRTAoub8ONGcLmqrAmRLKBP1dfwhYB4N7knNnulqQxA+Uk1ihz0=
+.			61065	IN	RRSIG	DNSKEY 8 0 172800 20140204235959 20140121000000 19036 . naUK900bmMkwXGEUg2wDRHVLN5vPQCU5l9LE3ZwiShbOze9KpWtFCluZ8v2G6Xlm35vNK+sq4B/UV/PVS9f4FhLgfQKJSThpAT8CqMOdvLgu+sTQ4bp+ve1h9sK3T20xjs3khQ16D4mDNUK+sdGEHpBJu7RlBGlprD9Xa8yE8CSkR/WFDm91wIU7AoTdqCz9Lkb1TFavj8SrSjQXYt/H+xwy8VzKxfxL/f9Lm70bfLmW8ZVRKjT12cbs+7TxG4IwP/W0TiTq7oa2fDESKJq3mAHOTifHl3cTG5DO7nldesDPcxWD4UZxYMz1teSlKSNgQGdcUVHIeMkhh1pBnfnCBA==
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 736 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 10015
+;; flags: qr rd ra ad cd ; qd: 1 an: 2 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ch., type = DS, class = IN
+
+;; ANSWERS:
+ch.			824	IN	DS	24859 8 2 9AFD21261EAF98AFD7E24E89BE6B25767F93EB401C6C3DF21342F40EE82DCCF0
+ch.			824	IN	RRSIG	DS 8 1 86400 20140203000000 20140126230000 33655 . vdEmh6O0rGMUcX5EDZtUAT/D7jadckSXdN9YILrNJZj32Xl7BwJOzvvI2nXngmG/o6KdxMqh+Cldp0alYKUvWXX3A16xIp89aLkxlyBWM84t1Bt8V0XPHFZJDCznfVvYhFYG0tnUpABg6F3rGiDwk2woCmFPTeZMjPgWk4p2IDI=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 238 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 46537
+;; flags: qr rd ra ad cd ; qd: 1 an: 4 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ch., type = DNSKEY, class = IN
+
+;; ANSWERS:
+ch.			824	IN	DNSKEY	257 3 8 AwEAAb5bW5/VfwMAh4475ab4xxrFwc7RIbAoKOABByzbIDMODUlQz1MQLlrI/z4SYANynrDCevw2f1f2ROUzriZpqwqiTN2w3K3GJrk7yZ+1e8OhI2uaGsxKVnTyxKiyzPlC9OLilEsZ4oLGoUIksfJgdDY9+Nj1971H1XS1eDNViJ6kSxgnbxH5tnHl5s75Wfzq8GxSyMu5KxoYbCGT/mvU5ZyZccULQUe/f11FE5JazLf9TgtyDSyWdCFRWl6mdIAR7lVCY82jtN0+Mhzp1PYF/YK3IReKs9P0vijM8qYDXem0NNSzse9lk7SiJWc02vVo/QmfxqTVkNrv2Fcg7fUoiCk=
+ch.			824	IN	DNSKEY	256 3 8 AwEAAfRZWbfzfBEayMyl/GmDY+e9zmYPNLVlfss3/eUxwnsfh704epy8rVQ6pJuVU0ihFWHTp583ZvWy73ZrVrtXwXbpa3z4+84vhxXDshHG6W67/XEThG0zQY/zFwopIQC+/LLhn7NAR5SZghdqS7+d4EoW52BZtGW/hZIyGuiWZynZ
+ch.			824	IN	DNSKEY	256 3 8 AwEAAcbnjesseojqOqAWrNxHDr7aw4jwJkQGfFtWdtr0KQEQApS112QmhbWIZ1yHS8IWbAd4jVGRFQqJ4KZoFW6HdgKfXcfrBQ5QXVfi0gyyZjzwAteOGxAH8NtuqbOwkhT3efDtntJcY+wQIwL5QQKKX/Aw2CvxhmUQxHCNhvsD2HPH
+ch.			824	IN	RRSIG	DNSKEY 8 1 86400 20140303100909 20140116090909 24859 ch. F/gnqCvTxFwFFkUX/YEP4ifda8rSrU1DWEJKrj3lnobrd7LJQJRYwanOXbF0YRbNJWPsDXvw2v8/m9NggNy9EL7/iwR9TB2eNwwDAoZsrDitvmVFWm4ewueWNlXy63P96CyzeiTx37uxh59+PpC/w6+Z8Eb/ce6K714NW5PGg3ZM1ABNVt3VSv1WpbnOHdUKp0WHQtvUxSUh1EBN9OZAi9OsO/e44VmAEICA2qqVYcUR3hdiVBTCn0M+g+afXhTmavsUVSzeEdVtHpRLV7q1rIM2woWFmnhG27VGE+Fx5D7wwj9aC09vr4xADdmlTa05taoX0OKKqO5X1j/kT38SAg==
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 893 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 47971
+;; flags: qr rd ra cd ; qd: 1 an: 3 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ingotronic.ch., type = DS, class = IN
+
+;; ANSWERS:
+ingotronic.ch.		2355	IN	DS	6031 5 2 4A948F2FDADA24686E473EDAC00DCF972584C75E3FAA92C2021B6221449FF87E
+ingotronic.ch.		2355	IN	DS	6031 5 1 733D0218B571CD617B1A7493564B9FC4F12ADE82
+ingotronic.ch.		2355	IN	RRSIG	DS 8 2 3600 20140227194545 20140128190342 47694 ch. fI4xUfXJ/4RwPi0CQUX12gHlmSAh6NLE9AXNRFXv0JX2Jhprq1rwLnbCxZsdU0N27dHSIFeeOSb3b02EdaBKKtBAPegXOIYX67siXHhRnykXjqX0tuHDPWYPeegh7UttVLWi0ZHeBJ6YagYW+9Cu3EyoAhVt5V72rgKzB6cKWK0=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 288 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 48551
+;; flags: qr aa rd ra cd ; qd: 1 an: 4 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ingotronic.ch., type = DNSKEY, class = IN
+
+;; ANSWERS:
+ingotronic.ch.		300	IN	DNSKEY	256 3 5 AwEAAZ2Xh77GFzpEDx7EHYxShqltHgkiG+BOjBGifEmnJhQSdE5/yNSLFNcdhZZ8HUPxYnaedTqJcFFg4AzUsQklF/fECegTJdZjaj2WoL0/I8K7HMfY/hVuRZUWPNglYi8agJRX6gdkFTCpUNI7stpgKqxtzUJhhw15uG/lKMplwqUr
+ingotronic.ch.		300	IN	DNSKEY	257 3 5 AwEAAeA1vzmjaB+eBAcvhzpKEgAEFpvQ1rg4uKDW6MsQtacKoqBpgyep2+LuWotz5p/xYxj3NGsArwN8Ad5cY0FHRr8miTT0elOv6nvlqGIfRuhj/BXAQ1x4ihpSFslHw0lJMYFwxsUZWpUyjWX/nv1xRZMMwF46gui0N4OEbyTYusCk77D+A71k+K0EAitFIbIH4GCUKmH1H7HmXhSVH9bN/n7KEGwW32lmsuuUcJoRKDkcUvbMXY/9Xoa2quERrUg/rBbDUHowRPjYDS5GzY1+f4YY8s40BufGiqyUTKKXL953MVFK8gmezXA0hbmrnZ7CBOw/7238mORAdzExaX8n7CE=
+ingotronic.ch.		300	IN	RRSIG	DNSKEY 5 2 300 20140218124422 20140119114422 6031 ingotronic.ch. ToVAQwGYFHE7lkZGc3b42RmbJxQgkCq0U/GBj/thBklPY+6ljKhNSKBSXbM6rFpMHGoWC2WAXlDLTLRZJT1mBziFDd2YXyxRItr+oj+FK2zGEYM5+JEUG/TW1XS7LH5y8Uj8RaJuXi76OUYtBG+r0KFidH+ix3dlxg/O43epn8nf3wMwnrJL7EddjuMGSujFjoIM+Fy0CKvu+R5RFyIQn2V7E2Y/ZoSzEn7Ey27IYRc1EiskzUz94opbIQHx0/YkngZpDOSs9P2d8FX7rJVBjy7pxvS6IA8EPytJMEwAEw4agaq9nCEc7M0rdN0knv81qTLZWF/p47m2X13yTGrhOw==
+ingotronic.ch.		300	IN	RRSIG	DNSKEY 5 2 300 20140218124422 20140119114422 17430 ingotronic.ch. dW820FCc9H0HzcOEihkrGq7W5Cm8y0FXg4xcMWaobHzsX3jI5ResccGi9UnNclE6pXAnu4E7w7d8tOEdih+Eb8rt67eaXOIBReWynMaHkVpAbRASiil755vnCE3SsXathrunUVpRB3QkIVqRhTLGzM+LANC3H8jVXhGVRVy8Dog=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 940 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 25297
+;; flags: qr aa rd ra cd ; qd: 1 an: 3 au: 0 ad: 1 
+;; QUESTIONS:
+;;	nsec3.ingotronic.ch., type = DS, class = IN
+
+;; ANSWERS:
+nsec3.ingotronic.ch.	300	IN	DS	16758 7 1 1720FF268E09A2CB63805EC8782D10AAD20E12A5
+nsec3.ingotronic.ch.	300	IN	DS	16758 7 2 3C8DC02750A1636F829B45D6E6D642866768A9CD40A013AD9D25AB63734FFA13
+nsec3.ingotronic.ch.	300	IN	RRSIG	DS 5 3 300 20140218125024 20140119120700 17430 ingotronic.ch. JE66mSXrbaDE2usJScL/GXUxTXRn+GeO+Fi/iJyajr09aVnqTqd7UEN9eq454rLozFAv4dV3vKQywOI7BDMkM+OfVYQKy/Kro7CcvNpcuo+Tg8kX8ttl1a6C9kjy75wHh09X62TmKhA1a5bksHMs/P3SCTG87cXllmTpot3KlUE=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 305 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 57018
+;; flags: qr aa rd ra cd ; qd: 1 an: 4 au: 0 ad: 1 
+;; QUESTIONS:
+;;	nsec3.ingotronic.ch., type = DNSKEY, class = IN
+
+;; ANSWERS:
+nsec3.ingotronic.ch.	300	IN	DNSKEY	256 3 7 AwEAAccAWxkTVGZ6UAp0VEozAlYpARhbh6Y6tYOl6Fg3UeBNFFtDQ9fTEEt1NkbnR9u8KkpVN6a67avlYiUN1egDqEwzDU7R1Rw+/USdhm2hqOARmmu3DBgjjX/iXjZLyv310cOGFJZ/smcodlDL4pDAAoPxh/qs6KEBaT0sc1KWcGq3
+nsec3.ingotronic.ch.	300	IN	DNSKEY	257 3 7 AwEAAaBuJTf9oGyeTH3biUkAFLrsYrkodX1H7Snsui4XsDHFCBvs5XYacHbs0Jg0/O51KPjmNnjwMW8SSyDkKqYQ+9uYAf2EQ/pnD/VGQqnV2cw0Vwk/t0E2V4FUCju4pnAoyzZFZXGs1eWbX9JXu++b0Azp+ACq6485qJLzHhWDiIrPoK/SvdbFVRK4s+nPPJLH3NGBbtdz6kPq7aFWYBMoGeAZdN1wsQpcNWUo5eOmaJY53nMc7+rDpAyYlMe/FKwSZdX2ZDd63Qsa6Im4FVUJq/nWLq7tlQ/mWks15uDTQyJy/OWfA0ICCO4N9Fel9rThJNpJWEzOCblvZyBoy405kZk=
+nsec3.ingotronic.ch.	300	IN	RRSIG	DNSKEY 7 3 300 20140215023510 20140116021800 16758 nsec3.ingotronic.ch. RT1Lj82phLAEt5Ck6F/vg6VYvgT7Loy7sixOoZC13YCU7tJqe9lZEWWQuDATlvUdMeyApDXjDj0Czy2cDlCxPrtpZANm+/GWGn67+t8MUC2r8rgbVvFWjHFmMrb9nMLsdOajF5m7A9cnPIpFfng7uUqlpBZ7UvvBGtBOy6sRxErdxzr2KY+2B2dLyfGw7z9e04J9F75AC+jdL1Z+R0CSkaYJoroun53OULF8xhNOB9D4pbKx/fcVxVuNx2L8KcpDn2EsHGSkM4eIUo7l3kYx3f4OV0HFIL0pwByqDvc+66HCEcS5OBlEM+Z5EDKS1DGY3DE85RFZpu4sIShqffRB4A==
+nsec3.ingotronic.ch.	300	IN	RRSIG	DNSKEY 7 3 300 20140215023510 20140116021800 62417 nsec3.ingotronic.ch. iGelQHd9Eqam20YcJGFoOLn6DTQgkCts5nJrRLRYuDndGNUOcpTt0EcPImOGiDYEk+0TiXXF3jfbKYaZtncsKvwE50m41E4osqdIA/rpJU9GFWwGgQ2EX5uizunyxEM/YzTgjr9+heIW9+MtgPV1NZRp8HPN3Tq96j3VI3lCQxs=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 958 bytes
+
+###############################################
+
diff --git a/src/test/resources/recordings/org_xbill_DNS_dnssec_TestNSEC3NoData/testNodataNsec3ForDSMustNotHaveSOA b/src/test/resources/recordings/org_xbill_DNS_dnssec_TestNSEC3NoData/testNodataNsec3ForDSMustNotHaveSOA
new file mode 100644
index 000000000..2df05dceb
--- /dev/null
+++ b/src/test/resources/recordings/org_xbill_DNS_dnssec_TestNSEC3NoData/testNodataNsec3ForDSMustNotHaveSOA
@@ -0,0 +1,38 @@
+#Date: 2014-01-28T22:39:20+01:00
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 48189
+;; flags: qr aa rd ra ; qd: 1 an: 0 au: 8 ad: 1 
+;; QUESTIONS:
+;;  bogus., type = DS, class = IN
+
+;; ANSWERS:
+
+;; AUTHORITY RECORDS:
+;hash(bogus.) -> hash(cogus.)
+;key is the same as for nsec3.ingotronic.ch.
+uroghcuh4jsasbi1f0ompeqpo1fgssvn.bogus. 300 IN NSEC3 1 0 10 1234 k0uipho2c78uta6m47n625jfjbl776m3 NS RRSIG
+uroghcuh4jsasbi1f0ompeqpo1fgssvn.bogus. 300 IN  RRSIG   NSEC3 7 2 300 20140215011722 20140116005424 16758 bogus. D0q5h55pyybGzHMyxnHeFnchmmrEi1mZMuirbvZ/FgSZXN8zp0H5KW4FmOXMNMQwXLwXyYceymusBcGymM1DT3WeJWhds5LG1rqxvjk24Vbvaf/te+Q7aGxIXiEn3l5t3uHEM8m1Z0bc0wURzRLRLjhvaMXFUA06HaORYnEXlRmr3sl5d3BeQIoKtIgOWsdPB6Dk66saDFBAGc/EcWwmwHB6d+SKt1dUcYXYRPbIFL5Xx8EM4PKBE2dhiKi/2SYqQSx8pa8jtxBbBdpx6c/PchRA1zZ1w9V6TtIANSq2Hxrcj8Ey5nmeoR6M1p6r0Wtg46e0EJg0EGYB/rcrGlKilw==
+
+;; ADDITIONAL RECORDS:
+.           32768   CLASS4096   OPT  ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 1051 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 60551
+;; flags: qr rd ra ad cd ; qd: 1 an: 3 au: 0 ad: 1 
+;; QUESTIONS:
+;;  bogus., type = DNSKEY, class = IN
+
+;; ANSWERS:
+bogus.    300 IN  DNSKEY  257 3 7 AwEAAaBuJTf9oGyeTH3biUkAFLrsYrkodX1H7Snsui4XsDHFCBvs5XYacHbs0Jg0/O51KPjmNnjwMW8SSyDkKqYQ+9uYAf2EQ/pnD/VGQqnV2cw0Vwk/t0E2V4FUCju4pnAoyzZFZXGs1eWbX9JXu++b0Azp+ACq6485qJLzHhWDiIrPoK/SvdbFVRK4s+nPPJLH3NGBbtdz6kPq7aFWYBMoGeAZdN1wsQpcNWUo5eOmaJY53nMc7+rDpAyYlMe/FKwSZdX2ZDd63Qsa6Im4FVUJq/nWLq7tlQ/mWks15uDTQyJy/OWfA0ICCO4N9Fel9rThJNpJWEzOCblvZyBoy405kZk=
+bogus.          300 IN  RRSIG   DNSKEY 7 1 300 20140215011722 20140116005424 16758 bogus. cN174LuYu9b/3QYN/5gA1ByWEjXPRFjIUVdGG1hidB4rPuqzWsvI0tOZ7vcQTC9Lagm9IpEYdczyAZWOJZyb727xYqqAQKsLKy/rzdqsD/ICzX0bs6GDA356dYECzW9eR4SqpX3xtMmttYC4lZ140IcZ6hacUqsjMqsxAfHlBbbyaJIf7QUyagwzG87GRgI42/bv0dL69t+CwfoQu2hR1GUcpUOxqEVUz2oPXy+/Cii3fiL8uJ/e65x/QDlMqTpHQ8f/IqLcYPxs364fitgnvwo7j8nDDORgvNuyGYf6lkuMnlRO70IhFBdjG4wmd8lU3fERLhHPFlLOy9g/lbnivw==
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.           32768   CLASS4096   OPT  ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 736 bytes
+
+###############################################
diff --git a/src/test/resources/recordings/org_xbill_DNS_dnssec_TestNSEC3NoData/testNodataNsec3_1 b/src/test/resources/recordings/org_xbill_DNS_dnssec_TestNSEC3NoData/testNodataNsec3_1
new file mode 100644
index 000000000..1b67cdf1e
--- /dev/null
+++ b/src/test/resources/recordings/org_xbill_DNS_dnssec_TestNSEC3NoData/testNodataNsec3_1
@@ -0,0 +1,158 @@
+#Date: 2014-01-28T22:39:20+01:00
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 38248
+;; flags: qr aa rd ra cd ; qd: 1 an: 0 au: 4 ad: 1 
+;; QUESTIONS:
+;;	www.nsec3.ingotronic.ch., type = MX, class = IN
+
+;; ANSWERS:
+
+;; AUTHORITY RECORDS:
+nsec3.ingotronic.ch.	300	IN	SOA	ns1.ingotronic.ch. admin.ingotronic.ch. 2013032736 300 60 864000 300
+nsec3.ingotronic.ch.	300	IN	RRSIG	SOA 7 3 300 20140215042629 20140116032629 62417 nsec3.ingotronic.ch. DaTlmlI5j/Y1XJZtij2jplUmwYCcfcUr7O0fzFwUoP7y/3gjaqeT8YyhD1JJP2Agf1ZwEh2q12lD3ZiYp9RvOmkreWQiDv8zUbykBwNpY9w2ur6qgEZWtLQgB+BqdYUeAVV+EOOq+RfVSZzee+z9E+Pf/sEV4kXTbRTwGS+4XmM=
+7L2K0NAC88UN3IJV0404HF7PM543BN3F.nsec3.ingotronic.ch.	300	IN	NSEC3	1 0 10 1234 810L2KR9HCVTELBLO8GQM0EMIM8KD01E CNAME RRSIG
+;                                                                                                                    ^^^^^
+;                                                                                                                    Replaced from "A AAAA" and manually resigned
+7L2K0NAC88UN3IJV0404HF7PM543BN3F.nsec3.ingotronic.ch.   300 IN  RRSIG   NSEC3 7 4 300 20140215011722 20140116005424 62417 nsec3.ingotronic.ch. fjkZKkZ/QS3fr27G/YL502r/m5yvAj1H5DozJMFJ1uFbyUO/gTP6L1GF3pijt4BjcqbMz7h3uMUikcDEW+ieAy7G4k0y5uU0quHPJvP7pbslCvEs516UIiAvzKsbK7LTn1Dv4Wau0UkImiWXZwx666M6SNh/etebNngPr0ZwGe4=
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 537 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 60551
+;; flags: qr rd ra ad cd ; qd: 1 an: 3 au: 0 ad: 1 
+;; QUESTIONS:
+;;	., type = DNSKEY, class = IN
+
+;; ANSWERS:
+.			61065	IN	DNSKEY	256 3 8 AwEAAb8sU6pbYMWRbkRnEuEZw9NSir707TkOcF+UL1XiK4NDJOvXRyX195Am5dQ7bRnnuySZ3daf37vvjUUhuIWUAQ4stht8nJfYxVQXDYjSpGH5I6Hf/0CZEoNP6cNvrQ7AFmKkmv00xWExKQjbvnRPI4bqpMwtHVzn6WybBZ6kuqED
+.			61065	IN	DNSKEY	257 3 8 AwEAAagAIKlVZrpC6Ia7gEzahOR+9W29euxhJhVVLOyQbSEW0O8gcCjFFVQUTf6v58fLjwBd0YI0EzrAcQqBGCzh/RStIoO8g0NfnfL2MTJRkxoXbfDaUeVPQuYEhg37NZWAJQ9VnMVDxP/VHL496M/QZxkjf5/Efucp2gaDX6RS6CXpoY68LsvPVjR0ZSwzz1apAzvN9dlzEheX7ICJBBtuA6G3LQpzW5hOA2hzCTMjJPJ8LbqF6dsV6DoBQzgul0sGIcGOYl7OyQdXfZ57relSQageu+ipAdTTJ25AsRTAoub8ONGcLmqrAmRLKBP1dfwhYB4N7knNnulqQxA+Uk1ihz0=
+.			61065	IN	RRSIG	DNSKEY 8 0 172800 20140204235959 20140121000000 19036 . naUK900bmMkwXGEUg2wDRHVLN5vPQCU5l9LE3ZwiShbOze9KpWtFCluZ8v2G6Xlm35vNK+sq4B/UV/PVS9f4FhLgfQKJSThpAT8CqMOdvLgu+sTQ4bp+ve1h9sK3T20xjs3khQ16D4mDNUK+sdGEHpBJu7RlBGlprD9Xa8yE8CSkR/WFDm91wIU7AoTdqCz9Lkb1TFavj8SrSjQXYt/H+xwy8VzKxfxL/f9Lm70bfLmW8ZVRKjT12cbs+7TxG4IwP/W0TiTq7oa2fDESKJq3mAHOTifHl3cTG5DO7nldesDPcxWD4UZxYMz1teSlKSNgQGdcUVHIeMkhh1pBnfnCBA==
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 736 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 10015
+;; flags: qr rd ra ad cd ; qd: 1 an: 2 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ch., type = DS, class = IN
+
+;; ANSWERS:
+ch.			824	IN	DS	24859 8 2 9AFD21261EAF98AFD7E24E89BE6B25767F93EB401C6C3DF21342F40EE82DCCF0
+ch.			824	IN	RRSIG	DS 8 1 86400 20140203000000 20140126230000 33655 . vdEmh6O0rGMUcX5EDZtUAT/D7jadckSXdN9YILrNJZj32Xl7BwJOzvvI2nXngmG/o6KdxMqh+Cldp0alYKUvWXX3A16xIp89aLkxlyBWM84t1Bt8V0XPHFZJDCznfVvYhFYG0tnUpABg6F3rGiDwk2woCmFPTeZMjPgWk4p2IDI=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 238 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 46537
+;; flags: qr rd ra ad cd ; qd: 1 an: 4 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ch., type = DNSKEY, class = IN
+
+;; ANSWERS:
+ch.			824	IN	DNSKEY	257 3 8 AwEAAb5bW5/VfwMAh4475ab4xxrFwc7RIbAoKOABByzbIDMODUlQz1MQLlrI/z4SYANynrDCevw2f1f2ROUzriZpqwqiTN2w3K3GJrk7yZ+1e8OhI2uaGsxKVnTyxKiyzPlC9OLilEsZ4oLGoUIksfJgdDY9+Nj1971H1XS1eDNViJ6kSxgnbxH5tnHl5s75Wfzq8GxSyMu5KxoYbCGT/mvU5ZyZccULQUe/f11FE5JazLf9TgtyDSyWdCFRWl6mdIAR7lVCY82jtN0+Mhzp1PYF/YK3IReKs9P0vijM8qYDXem0NNSzse9lk7SiJWc02vVo/QmfxqTVkNrv2Fcg7fUoiCk=
+ch.			824	IN	DNSKEY	256 3 8 AwEAAfRZWbfzfBEayMyl/GmDY+e9zmYPNLVlfss3/eUxwnsfh704epy8rVQ6pJuVU0ihFWHTp583ZvWy73ZrVrtXwXbpa3z4+84vhxXDshHG6W67/XEThG0zQY/zFwopIQC+/LLhn7NAR5SZghdqS7+d4EoW52BZtGW/hZIyGuiWZynZ
+ch.			824	IN	DNSKEY	256 3 8 AwEAAcbnjesseojqOqAWrNxHDr7aw4jwJkQGfFtWdtr0KQEQApS112QmhbWIZ1yHS8IWbAd4jVGRFQqJ4KZoFW6HdgKfXcfrBQ5QXVfi0gyyZjzwAteOGxAH8NtuqbOwkhT3efDtntJcY+wQIwL5QQKKX/Aw2CvxhmUQxHCNhvsD2HPH
+ch.			824	IN	RRSIG	DNSKEY 8 1 86400 20140303100909 20140116090909 24859 ch. F/gnqCvTxFwFFkUX/YEP4ifda8rSrU1DWEJKrj3lnobrd7LJQJRYwanOXbF0YRbNJWPsDXvw2v8/m9NggNy9EL7/iwR9TB2eNwwDAoZsrDitvmVFWm4ewueWNlXy63P96CyzeiTx37uxh59+PpC/w6+Z8Eb/ce6K714NW5PGg3ZM1ABNVt3VSv1WpbnOHdUKp0WHQtvUxSUh1EBN9OZAi9OsO/e44VmAEICA2qqVYcUR3hdiVBTCn0M+g+afXhTmavsUVSzeEdVtHpRLV7q1rIM2woWFmnhG27VGE+Fx5D7wwj9aC09vr4xADdmlTa05taoX0OKKqO5X1j/kT38SAg==
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 893 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 47971
+;; flags: qr rd ra cd ; qd: 1 an: 3 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ingotronic.ch., type = DS, class = IN
+
+;; ANSWERS:
+ingotronic.ch.		2355	IN	DS	6031 5 2 4A948F2FDADA24686E473EDAC00DCF972584C75E3FAA92C2021B6221449FF87E
+ingotronic.ch.		2355	IN	DS	6031 5 1 733D0218B571CD617B1A7493564B9FC4F12ADE82
+ingotronic.ch.		2355	IN	RRSIG	DS 8 2 3600 20140227194545 20140128190342 47694 ch. fI4xUfXJ/4RwPi0CQUX12gHlmSAh6NLE9AXNRFXv0JX2Jhprq1rwLnbCxZsdU0N27dHSIFeeOSb3b02EdaBKKtBAPegXOIYX67siXHhRnykXjqX0tuHDPWYPeegh7UttVLWi0ZHeBJ6YagYW+9Cu3EyoAhVt5V72rgKzB6cKWK0=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 288 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 48551
+;; flags: qr aa rd ra cd ; qd: 1 an: 4 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ingotronic.ch., type = DNSKEY, class = IN
+
+;; ANSWERS:
+ingotronic.ch.		300	IN	DNSKEY	256 3 5 AwEAAZ2Xh77GFzpEDx7EHYxShqltHgkiG+BOjBGifEmnJhQSdE5/yNSLFNcdhZZ8HUPxYnaedTqJcFFg4AzUsQklF/fECegTJdZjaj2WoL0/I8K7HMfY/hVuRZUWPNglYi8agJRX6gdkFTCpUNI7stpgKqxtzUJhhw15uG/lKMplwqUr
+ingotronic.ch.		300	IN	DNSKEY	257 3 5 AwEAAeA1vzmjaB+eBAcvhzpKEgAEFpvQ1rg4uKDW6MsQtacKoqBpgyep2+LuWotz5p/xYxj3NGsArwN8Ad5cY0FHRr8miTT0elOv6nvlqGIfRuhj/BXAQ1x4ihpSFslHw0lJMYFwxsUZWpUyjWX/nv1xRZMMwF46gui0N4OEbyTYusCk77D+A71k+K0EAitFIbIH4GCUKmH1H7HmXhSVH9bN/n7KEGwW32lmsuuUcJoRKDkcUvbMXY/9Xoa2quERrUg/rBbDUHowRPjYDS5GzY1+f4YY8s40BufGiqyUTKKXL953MVFK8gmezXA0hbmrnZ7CBOw/7238mORAdzExaX8n7CE=
+ingotronic.ch.		300	IN	RRSIG	DNSKEY 5 2 300 20140218124422 20140119114422 6031 ingotronic.ch. ToVAQwGYFHE7lkZGc3b42RmbJxQgkCq0U/GBj/thBklPY+6ljKhNSKBSXbM6rFpMHGoWC2WAXlDLTLRZJT1mBziFDd2YXyxRItr+oj+FK2zGEYM5+JEUG/TW1XS7LH5y8Uj8RaJuXi76OUYtBG+r0KFidH+ix3dlxg/O43epn8nf3wMwnrJL7EddjuMGSujFjoIM+Fy0CKvu+R5RFyIQn2V7E2Y/ZoSzEn7Ey27IYRc1EiskzUz94opbIQHx0/YkngZpDOSs9P2d8FX7rJVBjy7pxvS6IA8EPytJMEwAEw4agaq9nCEc7M0rdN0knv81qTLZWF/p47m2X13yTGrhOw==
+ingotronic.ch.		300	IN	RRSIG	DNSKEY 5 2 300 20140218124422 20140119114422 17430 ingotronic.ch. dW820FCc9H0HzcOEihkrGq7W5Cm8y0FXg4xcMWaobHzsX3jI5ResccGi9UnNclE6pXAnu4E7w7d8tOEdih+Eb8rt67eaXOIBReWynMaHkVpAbRASiil755vnCE3SsXathrunUVpRB3QkIVqRhTLGzM+LANC3H8jVXhGVRVy8Dog=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 940 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 25297
+;; flags: qr aa rd ra cd ; qd: 1 an: 3 au: 0 ad: 1 
+;; QUESTIONS:
+;;	nsec3.ingotronic.ch., type = DS, class = IN
+
+;; ANSWERS:
+nsec3.ingotronic.ch.	300	IN	DS	16758 7 1 1720FF268E09A2CB63805EC8782D10AAD20E12A5
+nsec3.ingotronic.ch.	300	IN	DS	16758 7 2 3C8DC02750A1636F829B45D6E6D642866768A9CD40A013AD9D25AB63734FFA13
+nsec3.ingotronic.ch.	300	IN	RRSIG	DS 5 3 300 20140218125024 20140119120700 17430 ingotronic.ch. JE66mSXrbaDE2usJScL/GXUxTXRn+GeO+Fi/iJyajr09aVnqTqd7UEN9eq454rLozFAv4dV3vKQywOI7BDMkM+OfVYQKy/Kro7CcvNpcuo+Tg8kX8ttl1a6C9kjy75wHh09X62TmKhA1a5bksHMs/P3SCTG87cXllmTpot3KlUE=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 305 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 57018
+;; flags: qr aa rd ra cd ; qd: 1 an: 4 au: 0 ad: 1 
+;; QUESTIONS:
+;;	nsec3.ingotronic.ch., type = DNSKEY, class = IN
+
+;; ANSWERS:
+nsec3.ingotronic.ch.	300	IN	DNSKEY	256 3 7 AwEAAccAWxkTVGZ6UAp0VEozAlYpARhbh6Y6tYOl6Fg3UeBNFFtDQ9fTEEt1NkbnR9u8KkpVN6a67avlYiUN1egDqEwzDU7R1Rw+/USdhm2hqOARmmu3DBgjjX/iXjZLyv310cOGFJZ/smcodlDL4pDAAoPxh/qs6KEBaT0sc1KWcGq3
+nsec3.ingotronic.ch.	300	IN	DNSKEY	257 3 7 AwEAAaBuJTf9oGyeTH3biUkAFLrsYrkodX1H7Snsui4XsDHFCBvs5XYacHbs0Jg0/O51KPjmNnjwMW8SSyDkKqYQ+9uYAf2EQ/pnD/VGQqnV2cw0Vwk/t0E2V4FUCju4pnAoyzZFZXGs1eWbX9JXu++b0Azp+ACq6485qJLzHhWDiIrPoK/SvdbFVRK4s+nPPJLH3NGBbtdz6kPq7aFWYBMoGeAZdN1wsQpcNWUo5eOmaJY53nMc7+rDpAyYlMe/FKwSZdX2ZDd63Qsa6Im4FVUJq/nWLq7tlQ/mWks15uDTQyJy/OWfA0ICCO4N9Fel9rThJNpJWEzOCblvZyBoy405kZk=
+nsec3.ingotronic.ch.	300	IN	RRSIG	DNSKEY 7 3 300 20140215023510 20140116021800 16758 nsec3.ingotronic.ch. RT1Lj82phLAEt5Ck6F/vg6VYvgT7Loy7sixOoZC13YCU7tJqe9lZEWWQuDATlvUdMeyApDXjDj0Czy2cDlCxPrtpZANm+/GWGn67+t8MUC2r8rgbVvFWjHFmMrb9nMLsdOajF5m7A9cnPIpFfng7uUqlpBZ7UvvBGtBOy6sRxErdxzr2KY+2B2dLyfGw7z9e04J9F75AC+jdL1Z+R0CSkaYJoroun53OULF8xhNOB9D4pbKx/fcVxVuNx2L8KcpDn2EsHGSkM4eIUo7l3kYx3f4OV0HFIL0pwByqDvc+66HCEcS5OBlEM+Z5EDKS1DGY3DE85RFZpu4sIShqffRB4A==
+nsec3.ingotronic.ch.	300	IN	RRSIG	DNSKEY 7 3 300 20140215023510 20140116021800 62417 nsec3.ingotronic.ch. iGelQHd9Eqam20YcJGFoOLn6DTQgkCts5nJrRLRYuDndGNUOcpTt0EcPImOGiDYEk+0TiXXF3jfbKYaZtncsKvwE50m41E4osqdIA/rpJU9GFWwGgQ2EX5uizunyxEM/YzTgjr9+heIW9+MtgPV1NZRp8HPN3Tq96j3VI3lCQxs=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 958 bytes
+
+###############################################
+
diff --git a/src/test/resources/recordings/org_xbill_DNS_dnssec_TestNSEC3NoData/testNodataNsec3_2 b/src/test/resources/recordings/org_xbill_DNS_dnssec_TestNSEC3NoData/testNodataNsec3_2
new file mode 100644
index 000000000..23f0d0bbc
--- /dev/null
+++ b/src/test/resources/recordings/org_xbill_DNS_dnssec_TestNSEC3NoData/testNodataNsec3_2
@@ -0,0 +1,158 @@
+#Date: 2014-01-28T22:39:20+01:00
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 48189
+;; flags: qr aa rd ra ; qd: 1 an: 0 au: 8 ad: 1 
+;; QUESTIONS:
+;;  sub.nsec3.ingotronic.ch., type = A, class = IN
+
+;; ANSWERS:
+
+;; AUTHORITY RECORDS:
+nsec3.ingotronic.ch.    300 IN  SOA ns1.ingotronic.ch. admin.ingotronic.ch. 2013032736 300 60 864000 300
+nsec3.ingotronic.ch.    300 IN  RRSIG   SOA 7 3 300 20140215042629 20140116032629 62417 nsec3.ingotronic.ch. DaTlmlI5j/Y1XJZtij2jplUmwYCcfcUr7O0fzFwUoP7y/3gjaqeT8YyhD1JJP2Agf1ZwEh2q12lD3ZiYp9RvOmkreWQiDv8zUbykBwNpY9w2ur6qgEZWtLQgB+BqdYUeAVV+EOOq+RfVSZzee+z9E+Pf/sEV4kXTbRTwGS+4XmM=
+
+;hash(sub.nsec3.ingotronic.ch.), taken from parent zone
+5RFQOLI81S6LKQTUG5HLI19UVJNKUL3H.nsec3.ingotronic.ch. 300 IN NSEC3 1 0 10 1234 74SO0776K6C87EPASDU8QK8SROIK00KK NS DS RRSIG
+5RFQOLI81S6LKQTUG5HLI19UVJNKUL3H.nsec3.ingotronic.ch.   300 IN  RRSIG   NSEC3 7 4 300 20140215011722 20140116005424 62417 nsec3.ingotronic.ch. uen8Xh6XJzE+0Xw3vTOCt9w8B5TQ4w7VyLZtUIZaXkq2kS4xpwIiEw5YgrvR0YdlffhZi2IncBm9mxK7utPfz4GDyHurOZWQXzZS1umh8C0YiLwMjP7RybYakurL6BAJHh685XBTyVkUmbxcZ0udVvIwhvzqTamMj+0m04S20+4=
+
+;; ADDITIONAL RECORDS:
+.           32768   CLASS4096   OPT  ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 1051 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 60551
+;; flags: qr rd ra ad cd ; qd: 1 an: 3 au: 0 ad: 1 
+;; QUESTIONS:
+;;	., type = DNSKEY, class = IN
+
+;; ANSWERS:
+.			61065	IN	DNSKEY	256 3 8 AwEAAb8sU6pbYMWRbkRnEuEZw9NSir707TkOcF+UL1XiK4NDJOvXRyX195Am5dQ7bRnnuySZ3daf37vvjUUhuIWUAQ4stht8nJfYxVQXDYjSpGH5I6Hf/0CZEoNP6cNvrQ7AFmKkmv00xWExKQjbvnRPI4bqpMwtHVzn6WybBZ6kuqED
+.			61065	IN	DNSKEY	257 3 8 AwEAAagAIKlVZrpC6Ia7gEzahOR+9W29euxhJhVVLOyQbSEW0O8gcCjFFVQUTf6v58fLjwBd0YI0EzrAcQqBGCzh/RStIoO8g0NfnfL2MTJRkxoXbfDaUeVPQuYEhg37NZWAJQ9VnMVDxP/VHL496M/QZxkjf5/Efucp2gaDX6RS6CXpoY68LsvPVjR0ZSwzz1apAzvN9dlzEheX7ICJBBtuA6G3LQpzW5hOA2hzCTMjJPJ8LbqF6dsV6DoBQzgul0sGIcGOYl7OyQdXfZ57relSQageu+ipAdTTJ25AsRTAoub8ONGcLmqrAmRLKBP1dfwhYB4N7knNnulqQxA+Uk1ihz0=
+.			61065	IN	RRSIG	DNSKEY 8 0 172800 20140204235959 20140121000000 19036 . naUK900bmMkwXGEUg2wDRHVLN5vPQCU5l9LE3ZwiShbOze9KpWtFCluZ8v2G6Xlm35vNK+sq4B/UV/PVS9f4FhLgfQKJSThpAT8CqMOdvLgu+sTQ4bp+ve1h9sK3T20xjs3khQ16D4mDNUK+sdGEHpBJu7RlBGlprD9Xa8yE8CSkR/WFDm91wIU7AoTdqCz9Lkb1TFavj8SrSjQXYt/H+xwy8VzKxfxL/f9Lm70bfLmW8ZVRKjT12cbs+7TxG4IwP/W0TiTq7oa2fDESKJq3mAHOTifHl3cTG5DO7nldesDPcxWD4UZxYMz1teSlKSNgQGdcUVHIeMkhh1pBnfnCBA==
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 736 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 10015
+;; flags: qr rd ra ad cd ; qd: 1 an: 2 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ch., type = DS, class = IN
+
+;; ANSWERS:
+ch.			824	IN	DS	24859 8 2 9AFD21261EAF98AFD7E24E89BE6B25767F93EB401C6C3DF21342F40EE82DCCF0
+ch.			824	IN	RRSIG	DS 8 1 86400 20140203000000 20140126230000 33655 . vdEmh6O0rGMUcX5EDZtUAT/D7jadckSXdN9YILrNJZj32Xl7BwJOzvvI2nXngmG/o6KdxMqh+Cldp0alYKUvWXX3A16xIp89aLkxlyBWM84t1Bt8V0XPHFZJDCznfVvYhFYG0tnUpABg6F3rGiDwk2woCmFPTeZMjPgWk4p2IDI=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 238 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 46537
+;; flags: qr rd ra ad cd ; qd: 1 an: 4 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ch., type = DNSKEY, class = IN
+
+;; ANSWERS:
+ch.			824	IN	DNSKEY	257 3 8 AwEAAb5bW5/VfwMAh4475ab4xxrFwc7RIbAoKOABByzbIDMODUlQz1MQLlrI/z4SYANynrDCevw2f1f2ROUzriZpqwqiTN2w3K3GJrk7yZ+1e8OhI2uaGsxKVnTyxKiyzPlC9OLilEsZ4oLGoUIksfJgdDY9+Nj1971H1XS1eDNViJ6kSxgnbxH5tnHl5s75Wfzq8GxSyMu5KxoYbCGT/mvU5ZyZccULQUe/f11FE5JazLf9TgtyDSyWdCFRWl6mdIAR7lVCY82jtN0+Mhzp1PYF/YK3IReKs9P0vijM8qYDXem0NNSzse9lk7SiJWc02vVo/QmfxqTVkNrv2Fcg7fUoiCk=
+ch.			824	IN	DNSKEY	256 3 8 AwEAAfRZWbfzfBEayMyl/GmDY+e9zmYPNLVlfss3/eUxwnsfh704epy8rVQ6pJuVU0ihFWHTp583ZvWy73ZrVrtXwXbpa3z4+84vhxXDshHG6W67/XEThG0zQY/zFwopIQC+/LLhn7NAR5SZghdqS7+d4EoW52BZtGW/hZIyGuiWZynZ
+ch.			824	IN	DNSKEY	256 3 8 AwEAAcbnjesseojqOqAWrNxHDr7aw4jwJkQGfFtWdtr0KQEQApS112QmhbWIZ1yHS8IWbAd4jVGRFQqJ4KZoFW6HdgKfXcfrBQ5QXVfi0gyyZjzwAteOGxAH8NtuqbOwkhT3efDtntJcY+wQIwL5QQKKX/Aw2CvxhmUQxHCNhvsD2HPH
+ch.			824	IN	RRSIG	DNSKEY 8 1 86400 20140303100909 20140116090909 24859 ch. F/gnqCvTxFwFFkUX/YEP4ifda8rSrU1DWEJKrj3lnobrd7LJQJRYwanOXbF0YRbNJWPsDXvw2v8/m9NggNy9EL7/iwR9TB2eNwwDAoZsrDitvmVFWm4ewueWNlXy63P96CyzeiTx37uxh59+PpC/w6+Z8Eb/ce6K714NW5PGg3ZM1ABNVt3VSv1WpbnOHdUKp0WHQtvUxSUh1EBN9OZAi9OsO/e44VmAEICA2qqVYcUR3hdiVBTCn0M+g+afXhTmavsUVSzeEdVtHpRLV7q1rIM2woWFmnhG27VGE+Fx5D7wwj9aC09vr4xADdmlTa05taoX0OKKqO5X1j/kT38SAg==
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 893 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 47971
+;; flags: qr rd ra cd ; qd: 1 an: 3 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ingotronic.ch., type = DS, class = IN
+
+;; ANSWERS:
+ingotronic.ch.		2355	IN	DS	6031 5 2 4A948F2FDADA24686E473EDAC00DCF972584C75E3FAA92C2021B6221449FF87E
+ingotronic.ch.		2355	IN	DS	6031 5 1 733D0218B571CD617B1A7493564B9FC4F12ADE82
+ingotronic.ch.		2355	IN	RRSIG	DS 8 2 3600 20140227194545 20140128190342 47694 ch. fI4xUfXJ/4RwPi0CQUX12gHlmSAh6NLE9AXNRFXv0JX2Jhprq1rwLnbCxZsdU0N27dHSIFeeOSb3b02EdaBKKtBAPegXOIYX67siXHhRnykXjqX0tuHDPWYPeegh7UttVLWi0ZHeBJ6YagYW+9Cu3EyoAhVt5V72rgKzB6cKWK0=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 288 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 48551
+;; flags: qr aa rd ra cd ; qd: 1 an: 4 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ingotronic.ch., type = DNSKEY, class = IN
+
+;; ANSWERS:
+ingotronic.ch.		300	IN	DNSKEY	256 3 5 AwEAAZ2Xh77GFzpEDx7EHYxShqltHgkiG+BOjBGifEmnJhQSdE5/yNSLFNcdhZZ8HUPxYnaedTqJcFFg4AzUsQklF/fECegTJdZjaj2WoL0/I8K7HMfY/hVuRZUWPNglYi8agJRX6gdkFTCpUNI7stpgKqxtzUJhhw15uG/lKMplwqUr
+ingotronic.ch.		300	IN	DNSKEY	257 3 5 AwEAAeA1vzmjaB+eBAcvhzpKEgAEFpvQ1rg4uKDW6MsQtacKoqBpgyep2+LuWotz5p/xYxj3NGsArwN8Ad5cY0FHRr8miTT0elOv6nvlqGIfRuhj/BXAQ1x4ihpSFslHw0lJMYFwxsUZWpUyjWX/nv1xRZMMwF46gui0N4OEbyTYusCk77D+A71k+K0EAitFIbIH4GCUKmH1H7HmXhSVH9bN/n7KEGwW32lmsuuUcJoRKDkcUvbMXY/9Xoa2quERrUg/rBbDUHowRPjYDS5GzY1+f4YY8s40BufGiqyUTKKXL953MVFK8gmezXA0hbmrnZ7CBOw/7238mORAdzExaX8n7CE=
+ingotronic.ch.		300	IN	RRSIG	DNSKEY 5 2 300 20140218124422 20140119114422 6031 ingotronic.ch. ToVAQwGYFHE7lkZGc3b42RmbJxQgkCq0U/GBj/thBklPY+6ljKhNSKBSXbM6rFpMHGoWC2WAXlDLTLRZJT1mBziFDd2YXyxRItr+oj+FK2zGEYM5+JEUG/TW1XS7LH5y8Uj8RaJuXi76OUYtBG+r0KFidH+ix3dlxg/O43epn8nf3wMwnrJL7EddjuMGSujFjoIM+Fy0CKvu+R5RFyIQn2V7E2Y/ZoSzEn7Ey27IYRc1EiskzUz94opbIQHx0/YkngZpDOSs9P2d8FX7rJVBjy7pxvS6IA8EPytJMEwAEw4agaq9nCEc7M0rdN0knv81qTLZWF/p47m2X13yTGrhOw==
+ingotronic.ch.		300	IN	RRSIG	DNSKEY 5 2 300 20140218124422 20140119114422 17430 ingotronic.ch. dW820FCc9H0HzcOEihkrGq7W5Cm8y0FXg4xcMWaobHzsX3jI5ResccGi9UnNclE6pXAnu4E7w7d8tOEdih+Eb8rt67eaXOIBReWynMaHkVpAbRASiil755vnCE3SsXathrunUVpRB3QkIVqRhTLGzM+LANC3H8jVXhGVRVy8Dog=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 940 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 25297
+;; flags: qr aa rd ra cd ; qd: 1 an: 3 au: 0 ad: 1 
+;; QUESTIONS:
+;;	nsec3.ingotronic.ch., type = DS, class = IN
+
+;; ANSWERS:
+nsec3.ingotronic.ch.	300	IN	DS	16758 7 1 1720FF268E09A2CB63805EC8782D10AAD20E12A5
+nsec3.ingotronic.ch.	300	IN	DS	16758 7 2 3C8DC02750A1636F829B45D6E6D642866768A9CD40A013AD9D25AB63734FFA13
+nsec3.ingotronic.ch.	300	IN	RRSIG	DS 5 3 300 20140218125024 20140119120700 17430 ingotronic.ch. JE66mSXrbaDE2usJScL/GXUxTXRn+GeO+Fi/iJyajr09aVnqTqd7UEN9eq454rLozFAv4dV3vKQywOI7BDMkM+OfVYQKy/Kro7CcvNpcuo+Tg8kX8ttl1a6C9kjy75wHh09X62TmKhA1a5bksHMs/P3SCTG87cXllmTpot3KlUE=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 305 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 57018
+;; flags: qr aa rd ra cd ; qd: 1 an: 4 au: 0 ad: 1 
+;; QUESTIONS:
+;;	nsec3.ingotronic.ch., type = DNSKEY, class = IN
+
+;; ANSWERS:
+nsec3.ingotronic.ch.	300	IN	DNSKEY	256 3 7 AwEAAccAWxkTVGZ6UAp0VEozAlYpARhbh6Y6tYOl6Fg3UeBNFFtDQ9fTEEt1NkbnR9u8KkpVN6a67avlYiUN1egDqEwzDU7R1Rw+/USdhm2hqOARmmu3DBgjjX/iXjZLyv310cOGFJZ/smcodlDL4pDAAoPxh/qs6KEBaT0sc1KWcGq3
+nsec3.ingotronic.ch.	300	IN	DNSKEY	257 3 7 AwEAAaBuJTf9oGyeTH3biUkAFLrsYrkodX1H7Snsui4XsDHFCBvs5XYacHbs0Jg0/O51KPjmNnjwMW8SSyDkKqYQ+9uYAf2EQ/pnD/VGQqnV2cw0Vwk/t0E2V4FUCju4pnAoyzZFZXGs1eWbX9JXu++b0Azp+ACq6485qJLzHhWDiIrPoK/SvdbFVRK4s+nPPJLH3NGBbtdz6kPq7aFWYBMoGeAZdN1wsQpcNWUo5eOmaJY53nMc7+rDpAyYlMe/FKwSZdX2ZDd63Qsa6Im4FVUJq/nWLq7tlQ/mWks15uDTQyJy/OWfA0ICCO4N9Fel9rThJNpJWEzOCblvZyBoy405kZk=
+nsec3.ingotronic.ch.	300	IN	RRSIG	DNSKEY 7 3 300 20140215023510 20140116021800 16758 nsec3.ingotronic.ch. RT1Lj82phLAEt5Ck6F/vg6VYvgT7Loy7sixOoZC13YCU7tJqe9lZEWWQuDATlvUdMeyApDXjDj0Czy2cDlCxPrtpZANm+/GWGn67+t8MUC2r8rgbVvFWjHFmMrb9nMLsdOajF5m7A9cnPIpFfng7uUqlpBZ7UvvBGtBOy6sRxErdxzr2KY+2B2dLyfGw7z9e04J9F75AC+jdL1Z+R0CSkaYJoroun53OULF8xhNOB9D4pbKx/fcVxVuNx2L8KcpDn2EsHGSkM4eIUo7l3kYx3f4OV0HFIL0pwByqDvc+66HCEcS5OBlEM+Z5EDKS1DGY3DE85RFZpu4sIShqffRB4A==
+nsec3.ingotronic.ch.	300	IN	RRSIG	DNSKEY 7 3 300 20140215023510 20140116021800 62417 nsec3.ingotronic.ch. iGelQHd9Eqam20YcJGFoOLn6DTQgkCts5nJrRLRYuDndGNUOcpTt0EcPImOGiDYEk+0TiXXF3jfbKYaZtncsKvwE50m41E4osqdIA/rpJU9GFWwGgQ2EX5uizunyxEM/YzTgjr9+heIW9+MtgPV1NZRp8HPN3Tq96j3VI3lCQxs=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 958 bytes
+
+###############################################
+
diff --git a/src/test/resources/recordings/org_xbill_DNS_dnssec_TestNSEC3NoData/testNodataNsec3_3 b/src/test/resources/recordings/org_xbill_DNS_dnssec_TestNSEC3NoData/testNodataNsec3_3
new file mode 100644
index 000000000..604bc5a04
--- /dev/null
+++ b/src/test/resources/recordings/org_xbill_DNS_dnssec_TestNSEC3NoData/testNodataNsec3_3
@@ -0,0 +1,158 @@
+#Date: 2014-01-28T22:39:20+01:00
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 48189
+;; flags: qr aa rd ra ; qd: 1 an: 0 au: 8 ad: 1 
+;; QUESTIONS:
+;;  sub.nsec3.ingotronic.ch., type = DS, class = IN
+
+;; ANSWERS:
+
+;; AUTHORITY RECORDS:
+nsec3.ingotronic.ch.    300 IN  SOA ns1.ingotronic.ch. admin.ingotronic.ch. 2013032736 300 60 864000 300
+nsec3.ingotronic.ch.    300 IN  RRSIG   SOA 7 3 300 20140215042629 20140116032629 62417 nsec3.ingotronic.ch. DaTlmlI5j/Y1XJZtij2jplUmwYCcfcUr7O0fzFwUoP7y/3gjaqeT8YyhD1JJP2Agf1ZwEh2q12lD3ZiYp9RvOmkreWQiDv8zUbykBwNpY9w2ur6qgEZWtLQgB+BqdYUeAVV+EOOq+RfVSZzee+z9E+Pf/sEV4kXTbRTwGS+4XmM=
+
+;hash(sub.nsec3.ingotronic.ch.), taken from parent zone
+5RFQOLI81S6LKQTUG5HLI19UVJNKUL3H.nsec3.ingotronic.ch. 300 IN NSEC3 1 0 10 1234 74SO0776K6C87EPASDU8QK8SROIK00KK NS SOA RRSIG
+5RFQOLI81S6LKQTUG5HLI19UVJNKUL3H.nsec3.ingotronic.ch.   300 IN  RRSIG   NSEC3 7 4 300 20140215011722 20140116005424 62417 nsec3.ingotronic.ch. FdU0H+o81azPLo4Enzj5BZHEeU/kKDIQiPQ/UIWB0NO5VDDNqn4eH+3klmMtElS0nhi/0PDN14SrPVPUaRYO9E9kw4/9XEaHmO5nn0uqYF5tERlgx3uJmJ/89Pg8Ai1bQkLi+FpeOS/Vvnj73GYy+eOItcRfatv67wY57eRQA6w=
+
+;; ADDITIONAL RECORDS:
+.           32768   CLASS4096   OPT  ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 1051 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 60551
+;; flags: qr rd ra ad cd ; qd: 1 an: 3 au: 0 ad: 1 
+;; QUESTIONS:
+;;	., type = DNSKEY, class = IN
+
+;; ANSWERS:
+.			61065	IN	DNSKEY	256 3 8 AwEAAb8sU6pbYMWRbkRnEuEZw9NSir707TkOcF+UL1XiK4NDJOvXRyX195Am5dQ7bRnnuySZ3daf37vvjUUhuIWUAQ4stht8nJfYxVQXDYjSpGH5I6Hf/0CZEoNP6cNvrQ7AFmKkmv00xWExKQjbvnRPI4bqpMwtHVzn6WybBZ6kuqED
+.			61065	IN	DNSKEY	257 3 8 AwEAAagAIKlVZrpC6Ia7gEzahOR+9W29euxhJhVVLOyQbSEW0O8gcCjFFVQUTf6v58fLjwBd0YI0EzrAcQqBGCzh/RStIoO8g0NfnfL2MTJRkxoXbfDaUeVPQuYEhg37NZWAJQ9VnMVDxP/VHL496M/QZxkjf5/Efucp2gaDX6RS6CXpoY68LsvPVjR0ZSwzz1apAzvN9dlzEheX7ICJBBtuA6G3LQpzW5hOA2hzCTMjJPJ8LbqF6dsV6DoBQzgul0sGIcGOYl7OyQdXfZ57relSQageu+ipAdTTJ25AsRTAoub8ONGcLmqrAmRLKBP1dfwhYB4N7knNnulqQxA+Uk1ihz0=
+.			61065	IN	RRSIG	DNSKEY 8 0 172800 20140204235959 20140121000000 19036 . naUK900bmMkwXGEUg2wDRHVLN5vPQCU5l9LE3ZwiShbOze9KpWtFCluZ8v2G6Xlm35vNK+sq4B/UV/PVS9f4FhLgfQKJSThpAT8CqMOdvLgu+sTQ4bp+ve1h9sK3T20xjs3khQ16D4mDNUK+sdGEHpBJu7RlBGlprD9Xa8yE8CSkR/WFDm91wIU7AoTdqCz9Lkb1TFavj8SrSjQXYt/H+xwy8VzKxfxL/f9Lm70bfLmW8ZVRKjT12cbs+7TxG4IwP/W0TiTq7oa2fDESKJq3mAHOTifHl3cTG5DO7nldesDPcxWD4UZxYMz1teSlKSNgQGdcUVHIeMkhh1pBnfnCBA==
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 736 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 10015
+;; flags: qr rd ra ad cd ; qd: 1 an: 2 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ch., type = DS, class = IN
+
+;; ANSWERS:
+ch.			824	IN	DS	24859 8 2 9AFD21261EAF98AFD7E24E89BE6B25767F93EB401C6C3DF21342F40EE82DCCF0
+ch.			824	IN	RRSIG	DS 8 1 86400 20140203000000 20140126230000 33655 . vdEmh6O0rGMUcX5EDZtUAT/D7jadckSXdN9YILrNJZj32Xl7BwJOzvvI2nXngmG/o6KdxMqh+Cldp0alYKUvWXX3A16xIp89aLkxlyBWM84t1Bt8V0XPHFZJDCznfVvYhFYG0tnUpABg6F3rGiDwk2woCmFPTeZMjPgWk4p2IDI=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 238 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 46537
+;; flags: qr rd ra ad cd ; qd: 1 an: 4 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ch., type = DNSKEY, class = IN
+
+;; ANSWERS:
+ch.			824	IN	DNSKEY	257 3 8 AwEAAb5bW5/VfwMAh4475ab4xxrFwc7RIbAoKOABByzbIDMODUlQz1MQLlrI/z4SYANynrDCevw2f1f2ROUzriZpqwqiTN2w3K3GJrk7yZ+1e8OhI2uaGsxKVnTyxKiyzPlC9OLilEsZ4oLGoUIksfJgdDY9+Nj1971H1XS1eDNViJ6kSxgnbxH5tnHl5s75Wfzq8GxSyMu5KxoYbCGT/mvU5ZyZccULQUe/f11FE5JazLf9TgtyDSyWdCFRWl6mdIAR7lVCY82jtN0+Mhzp1PYF/YK3IReKs9P0vijM8qYDXem0NNSzse9lk7SiJWc02vVo/QmfxqTVkNrv2Fcg7fUoiCk=
+ch.			824	IN	DNSKEY	256 3 8 AwEAAfRZWbfzfBEayMyl/GmDY+e9zmYPNLVlfss3/eUxwnsfh704epy8rVQ6pJuVU0ihFWHTp583ZvWy73ZrVrtXwXbpa3z4+84vhxXDshHG6W67/XEThG0zQY/zFwopIQC+/LLhn7NAR5SZghdqS7+d4EoW52BZtGW/hZIyGuiWZynZ
+ch.			824	IN	DNSKEY	256 3 8 AwEAAcbnjesseojqOqAWrNxHDr7aw4jwJkQGfFtWdtr0KQEQApS112QmhbWIZ1yHS8IWbAd4jVGRFQqJ4KZoFW6HdgKfXcfrBQ5QXVfi0gyyZjzwAteOGxAH8NtuqbOwkhT3efDtntJcY+wQIwL5QQKKX/Aw2CvxhmUQxHCNhvsD2HPH
+ch.			824	IN	RRSIG	DNSKEY 8 1 86400 20140303100909 20140116090909 24859 ch. F/gnqCvTxFwFFkUX/YEP4ifda8rSrU1DWEJKrj3lnobrd7LJQJRYwanOXbF0YRbNJWPsDXvw2v8/m9NggNy9EL7/iwR9TB2eNwwDAoZsrDitvmVFWm4ewueWNlXy63P96CyzeiTx37uxh59+PpC/w6+Z8Eb/ce6K714NW5PGg3ZM1ABNVt3VSv1WpbnOHdUKp0WHQtvUxSUh1EBN9OZAi9OsO/e44VmAEICA2qqVYcUR3hdiVBTCn0M+g+afXhTmavsUVSzeEdVtHpRLV7q1rIM2woWFmnhG27VGE+Fx5D7wwj9aC09vr4xADdmlTa05taoX0OKKqO5X1j/kT38SAg==
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 893 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 47971
+;; flags: qr rd ra cd ; qd: 1 an: 3 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ingotronic.ch., type = DS, class = IN
+
+;; ANSWERS:
+ingotronic.ch.		2355	IN	DS	6031 5 2 4A948F2FDADA24686E473EDAC00DCF972584C75E3FAA92C2021B6221449FF87E
+ingotronic.ch.		2355	IN	DS	6031 5 1 733D0218B571CD617B1A7493564B9FC4F12ADE82
+ingotronic.ch.		2355	IN	RRSIG	DS 8 2 3600 20140227194545 20140128190342 47694 ch. fI4xUfXJ/4RwPi0CQUX12gHlmSAh6NLE9AXNRFXv0JX2Jhprq1rwLnbCxZsdU0N27dHSIFeeOSb3b02EdaBKKtBAPegXOIYX67siXHhRnykXjqX0tuHDPWYPeegh7UttVLWi0ZHeBJ6YagYW+9Cu3EyoAhVt5V72rgKzB6cKWK0=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 288 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 48551
+;; flags: qr aa rd ra cd ; qd: 1 an: 4 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ingotronic.ch., type = DNSKEY, class = IN
+
+;; ANSWERS:
+ingotronic.ch.		300	IN	DNSKEY	256 3 5 AwEAAZ2Xh77GFzpEDx7EHYxShqltHgkiG+BOjBGifEmnJhQSdE5/yNSLFNcdhZZ8HUPxYnaedTqJcFFg4AzUsQklF/fECegTJdZjaj2WoL0/I8K7HMfY/hVuRZUWPNglYi8agJRX6gdkFTCpUNI7stpgKqxtzUJhhw15uG/lKMplwqUr
+ingotronic.ch.		300	IN	DNSKEY	257 3 5 AwEAAeA1vzmjaB+eBAcvhzpKEgAEFpvQ1rg4uKDW6MsQtacKoqBpgyep2+LuWotz5p/xYxj3NGsArwN8Ad5cY0FHRr8miTT0elOv6nvlqGIfRuhj/BXAQ1x4ihpSFslHw0lJMYFwxsUZWpUyjWX/nv1xRZMMwF46gui0N4OEbyTYusCk77D+A71k+K0EAitFIbIH4GCUKmH1H7HmXhSVH9bN/n7KEGwW32lmsuuUcJoRKDkcUvbMXY/9Xoa2quERrUg/rBbDUHowRPjYDS5GzY1+f4YY8s40BufGiqyUTKKXL953MVFK8gmezXA0hbmrnZ7CBOw/7238mORAdzExaX8n7CE=
+ingotronic.ch.		300	IN	RRSIG	DNSKEY 5 2 300 20140218124422 20140119114422 6031 ingotronic.ch. ToVAQwGYFHE7lkZGc3b42RmbJxQgkCq0U/GBj/thBklPY+6ljKhNSKBSXbM6rFpMHGoWC2WAXlDLTLRZJT1mBziFDd2YXyxRItr+oj+FK2zGEYM5+JEUG/TW1XS7LH5y8Uj8RaJuXi76OUYtBG+r0KFidH+ix3dlxg/O43epn8nf3wMwnrJL7EddjuMGSujFjoIM+Fy0CKvu+R5RFyIQn2V7E2Y/ZoSzEn7Ey27IYRc1EiskzUz94opbIQHx0/YkngZpDOSs9P2d8FX7rJVBjy7pxvS6IA8EPytJMEwAEw4agaq9nCEc7M0rdN0knv81qTLZWF/p47m2X13yTGrhOw==
+ingotronic.ch.		300	IN	RRSIG	DNSKEY 5 2 300 20140218124422 20140119114422 17430 ingotronic.ch. dW820FCc9H0HzcOEihkrGq7W5Cm8y0FXg4xcMWaobHzsX3jI5ResccGi9UnNclE6pXAnu4E7w7d8tOEdih+Eb8rt67eaXOIBReWynMaHkVpAbRASiil755vnCE3SsXathrunUVpRB3QkIVqRhTLGzM+LANC3H8jVXhGVRVy8Dog=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 940 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 25297
+;; flags: qr aa rd ra cd ; qd: 1 an: 3 au: 0 ad: 1 
+;; QUESTIONS:
+;;	nsec3.ingotronic.ch., type = DS, class = IN
+
+;; ANSWERS:
+nsec3.ingotronic.ch.	300	IN	DS	16758 7 1 1720FF268E09A2CB63805EC8782D10AAD20E12A5
+nsec3.ingotronic.ch.	300	IN	DS	16758 7 2 3C8DC02750A1636F829B45D6E6D642866768A9CD40A013AD9D25AB63734FFA13
+nsec3.ingotronic.ch.	300	IN	RRSIG	DS 5 3 300 20140218125024 20140119120700 17430 ingotronic.ch. JE66mSXrbaDE2usJScL/GXUxTXRn+GeO+Fi/iJyajr09aVnqTqd7UEN9eq454rLozFAv4dV3vKQywOI7BDMkM+OfVYQKy/Kro7CcvNpcuo+Tg8kX8ttl1a6C9kjy75wHh09X62TmKhA1a5bksHMs/P3SCTG87cXllmTpot3KlUE=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 305 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 57018
+;; flags: qr aa rd ra cd ; qd: 1 an: 4 au: 0 ad: 1 
+;; QUESTIONS:
+;;	nsec3.ingotronic.ch., type = DNSKEY, class = IN
+
+;; ANSWERS:
+nsec3.ingotronic.ch.	300	IN	DNSKEY	256 3 7 AwEAAccAWxkTVGZ6UAp0VEozAlYpARhbh6Y6tYOl6Fg3UeBNFFtDQ9fTEEt1NkbnR9u8KkpVN6a67avlYiUN1egDqEwzDU7R1Rw+/USdhm2hqOARmmu3DBgjjX/iXjZLyv310cOGFJZ/smcodlDL4pDAAoPxh/qs6KEBaT0sc1KWcGq3
+nsec3.ingotronic.ch.	300	IN	DNSKEY	257 3 7 AwEAAaBuJTf9oGyeTH3biUkAFLrsYrkodX1H7Snsui4XsDHFCBvs5XYacHbs0Jg0/O51KPjmNnjwMW8SSyDkKqYQ+9uYAf2EQ/pnD/VGQqnV2cw0Vwk/t0E2V4FUCju4pnAoyzZFZXGs1eWbX9JXu++b0Azp+ACq6485qJLzHhWDiIrPoK/SvdbFVRK4s+nPPJLH3NGBbtdz6kPq7aFWYBMoGeAZdN1wsQpcNWUo5eOmaJY53nMc7+rDpAyYlMe/FKwSZdX2ZDd63Qsa6Im4FVUJq/nWLq7tlQ/mWks15uDTQyJy/OWfA0ICCO4N9Fel9rThJNpJWEzOCblvZyBoy405kZk=
+nsec3.ingotronic.ch.	300	IN	RRSIG	DNSKEY 7 3 300 20140215023510 20140116021800 16758 nsec3.ingotronic.ch. RT1Lj82phLAEt5Ck6F/vg6VYvgT7Loy7sixOoZC13YCU7tJqe9lZEWWQuDATlvUdMeyApDXjDj0Czy2cDlCxPrtpZANm+/GWGn67+t8MUC2r8rgbVvFWjHFmMrb9nMLsdOajF5m7A9cnPIpFfng7uUqlpBZ7UvvBGtBOy6sRxErdxzr2KY+2B2dLyfGw7z9e04J9F75AC+jdL1Z+R0CSkaYJoroun53OULF8xhNOB9D4pbKx/fcVxVuNx2L8KcpDn2EsHGSkM4eIUo7l3kYx3f4OV0HFIL0pwByqDvc+66HCEcS5OBlEM+Z5EDKS1DGY3DE85RFZpu4sIShqffRB4A==
+nsec3.ingotronic.ch.	300	IN	RRSIG	DNSKEY 7 3 300 20140215023510 20140116021800 62417 nsec3.ingotronic.ch. iGelQHd9Eqam20YcJGFoOLn6DTQgkCts5nJrRLRYuDndGNUOcpTt0EcPImOGiDYEk+0TiXXF3jfbKYaZtncsKvwE50m41E4osqdIA/rpJU9GFWwGgQ2EX5uizunyxEM/YzTgjr9+heIW9+MtgPV1NZRp8HPN3Tq96j3VI3lCQxs=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 958 bytes
+
+###############################################
+
diff --git a/src/test/resources/recordings/org_xbill_DNS_dnssec_TestNSEC3NoData/testNodataNsec3_4 b/src/test/resources/recordings/org_xbill_DNS_dnssec_TestNSEC3NoData/testNodataNsec3_4
new file mode 100644
index 000000000..db7fcabd7
--- /dev/null
+++ b/src/test/resources/recordings/org_xbill_DNS_dnssec_TestNSEC3NoData/testNodataNsec3_4
@@ -0,0 +1,197 @@
+#Date: 2013-08-04T20:43:22+02:00
+
+# This is data for a constructed test: when a zone switches from signed to
+# unsigned AND a resolver incorrectly returns data from the delegation point
+# (instead of from the delegated child), the zone must be treated as insecure
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 52489
+;; flags: qr rd ra ad cd ; qd: 1 an: 3 au: 0 ad: 1 
+;; QUESTIONS:
+;;  ., type = DNSKEY, class = IN
+
+;; ANSWERS:
+.           162318  IN  DNSKEY  257 3 8 AwEAAagAIKlVZrpC6Ia7gEzahOR+9W29euxhJhVVLOyQbSEW0O8gcCjFFVQUTf6v58fLjwBd0YI0EzrAcQqBGCzh/RStIoO8g0NfnfL2MTJRkxoXbfDaUeVPQuYEhg37NZWAJQ9VnMVDxP/VHL496M/QZxkjf5/Efucp2gaDX6RS6CXpoY68LsvPVjR0ZSwzz1apAzvN9dlzEheX7ICJBBtuA6G3LQpzW5hOA2hzCTMjJPJ8LbqF6dsV6DoBQzgul0sGIcGOYl7OyQdXfZ57relSQageu+ipAdTTJ25AsRTAoub8ONGcLmqrAmRLKBP1dfwhYB4N7knNnulqQxA+Uk1ihz0=
+.           162318  IN  DNSKEY  256 3 8 AwEAAcFTyWsmpTs49Q0FKVepUqft+7+c3elhdsfh+amh+orgWLcitLM1bBBiWe6eymWW0EakLZAG4tej28tyx4f+j37Q9VX+m5NAhO/Y0riQonVWfzxLGymx3Ti5x/x7VKvF5Y5hf5OWv2J7pvEumYFFCtu4glit9T9J85+i3UgqSHqf
+.           162318  IN  RRSIG   DNSKEY 8 0 172800 20130814235959 20130731000000 19036 . UUzEZTh+YdFwAThMqKdbiTJYoOYY2FoAwFanVv47w2lc9NTTz7Fb6wtnj/rb47ZtAdIGcBAlh5AWz1UisSIxW1f3bLXdHyaS6YlAZ8shdw5VMktJXrFlnnu8ibOdA8yADMuLvUARHknh9Ri78Po4CwvEdMA+FYha1YyHgm7j0DeqI2ZuRNhXqjF6p+u4Z9zqXjIDq29pog2eZI0NDUQ0EMpLpDuo0PdbbGh7QRiRjeSJ/Oqfb6FrWCn4J14NS6CctKRaumyHiN+SsGx/W+fCsODLkRb0WAVaAIytzNYT8R666eui0c7hnI4imUDUOC0unyj/396zZ1YWHCUgAyJIGg==
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.           32768   CLASS4096   OPT  ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 736 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 63054
+;; flags: qr rd ra ad cd ; qd: 1 an: 2 au: 0 ad: 1 
+;; QUESTIONS:
+;;  ch., type = DS, class = IN
+
+;; ANSWERS:
+ch.         75918   IN  DS  22072 8 2 94E4C1E425B28150D8DD7C974E27E1A933C1D4B51E535177B52DFF3F807A8C94
+ch.         75918   IN  RRSIG   DS 8 1 86400 20130811000000 20130803230000 49656 . oyIAnRmpT1taLwIrZg0/WV3iqMBiWSNjIAXWZkoO9wp+cr0kMeVcrhrXYHAOTqGsL301YtMAT43BAPq9Cq0CZ4sD5K6OFOzo284SigLicuuWo0eEakJFdeYObB/+9wOERyN4iMVryjIl7GMz3D+UgLWrYMWWDDyVbmAm7ZY/3zs=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.           32768   CLASS4096   OPT  ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 238 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 1681
+;; flags: qr rd ra ad cd ; qd: 1 an: 4 au: 0 ad: 1 
+;; QUESTIONS:
+;;  ch., type = DNSKEY, class = IN
+
+;; ANSWERS:
+ch.         75919   IN  DNSKEY  257 3 8 AwEAAeP0/M59JL65K0YWD0W+8k8x1T79hM4W2pi7cx0CxQULRd3udQnf/8ymUbKsPfVDMCXLQwW2evWHRu4B/OKnkRzDQsev7prdJ5UxAHWF4oFsWpGYx+A7WbqllTlmMFkV8bNz6TW6Trl4+RaLirt3ofRUFrJKyKCyNCKkxbtpFO6p6vP5K8V3CW854NndF3D/Xjz0s3nwd3dLwW3XVqi705mhJBvCSeorgsKMcY3PCBG6U5Twj/akb6P8I2nmoGsrIbtmvGk191zV5o4i8RTjk5DI6FcO5GL0J1w9sAiVYfXlN8wdyr90kqO6MGcvSQEItJCTaljyRT53bekbUhdRE50=
+ch.         75919   IN  DNSKEY  256 3 8 AwEAAaANwH4naX1c6xHWHYuFVHa7PLc9n7BPL8J3sa2LqKuQvQ1aTu3hIYAsO6c5wlDp4Pgw8HejPdEZC/VRBtHkXeWfe84IJ2731IQYjQGyD4rKq/L9VjD9bMlSjj6RtI7t4ItzEPlsSEEmEtXFLt8IDzq0xc2tQcec9PsfvvV5jIWN
+ch.         75919   IN  DNSKEY  256 3 8 AwEAAdmE6uljIBh3EdgS3jWT87HtnwhYwP/9/ciJH87VtWMSR8jtMqbr2CFWRFdO9sTIuQ27sOwYe24TXbHt2TBUR4EBiDuzVD+Oj7ikYK1hM0LslL0fYfCJZKVM2SCHnsdh2ExZda/o0v+HtVtRdL7MbTADGue+xGQg6MzvavRd8D2p
+ch.         75919   IN  RRSIG   DNSKEY 8 1 86400 20130904100909 20130720090909 22072 ch. 1DIfkQfa6JMWoGs+y6vAwZ4F9Vf698b3hOpSgw3/Y3cdF/GqINRDQqiMi8OzGX5wV38QrBIG4wTCqHLB51VlHh2MHhU6F45eR/oA62LP6mmdIEuuG6hv2RuUj9S09r3eedr34ETjv8mRkydqekOFDqJaDG8t+B5EVku/94FU81x0pma05wEOvl5+IWQ62YqVuuzqd+Zz8+bObx5X74VAATC053XSftqbih0NJ65dWptOyyqs7MCvTXVpyWf5ipkfULexCWi9pjY7EuviTcJjdhwndiURl+uwMyzfMmf5XBREvJE03t/Cd1Xp9Ee3Iot2rXOpbQ83tUw3xqsgtGkfMg==
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.           32768   CLASS4096   OPT  ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 893 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 34393
+;; flags: qr rd ra cd ; qd: 1 an: 3 au: 0 ad: 1 
+;; QUESTIONS:
+;;  ingotronic.ch., type = DS, class = IN
+
+;; ANSWERS:
+ingotronic.ch.      3583    IN  DS  6031 5 1 733D0218B571CD617B1A7493564B9FC4F12ADE82
+ingotronic.ch.      3583    IN  DS  6031 5 2 4A948F2FDADA24686E473EDAC00DCF972584C75E3FAA92C2021B6221449FF87E
+ingotronic.ch.      3583    IN  RRSIG   DS 8 2 3600 20130831110238 20130801120230 27249 ch. rhEK+na/h6EbbDBbOCBb2igPPPnkwKqKsJ1tAn11PLrrOoXkJs3Ke9LM/y6vxebH03H4gCJtS8VAavyzKWM7tzeraZP1oWlK6g855PeAwGyGYxtT6JVvwlwaFXQqLVoLNJy60eTobRQyKy0OqdDRHm0W/frnPPkM/zXLTr5g9pY=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.           32768   CLASS4096   OPT  ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 288 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 40418
+;; flags: qr aa rd ra cd ; qd: 1 an: 4 au: 0 ad: 1 
+;; QUESTIONS:
+;;  ingotronic.ch., type = DNSKEY, class = IN
+
+;; ANSWERS:
+ingotronic.ch.      300 IN  DNSKEY  256 3 5 AwEAAZ2Xh77GFzpEDx7EHYxShqltHgkiG+BOjBGifEmnJhQSdE5/yNSLFNcdhZZ8HUPxYnaedTqJcFFg4AzUsQklF/fECegTJdZjaj2WoL0/I8K7HMfY/hVuRZUWPNglYi8agJRX6gdkFTCpUNI7stpgKqxtzUJhhw15uG/lKMplwqUr
+ingotronic.ch.      300 IN  DNSKEY  257 3 5 AwEAAeA1vzmjaB+eBAcvhzpKEgAEFpvQ1rg4uKDW6MsQtacKoqBpgyep2+LuWotz5p/xYxj3NGsArwN8Ad5cY0FHRr8miTT0elOv6nvlqGIfRuhj/BXAQ1x4ihpSFslHw0lJMYFwxsUZWpUyjWX/nv1xRZMMwF46gui0N4OEbyTYusCk77D+A71k+K0EAitFIbIH4GCUKmH1H7HmXhSVH9bN/n7KEGwW32lmsuuUcJoRKDkcUvbMXY/9Xoa2quERrUg/rBbDUHowRPjYDS5GzY1+f4YY8s40BufGiqyUTKKXL953MVFK8gmezXA0hbmrnZ7CBOw/7238mORAdzExaX8n7CE=
+ingotronic.ch.      300 IN  RRSIG   DNSKEY 5 2 300 20130902082432 20130803075649 6031 ingotronic.ch. XYDiDlvzokZfrlCk+ZfvBof8cbStGsDqd8YCOtBf/rvnAOWTdV1LGQ1LxE64udTObpKM/+oRgCWFcULnajdwljH2vRw6ZnY/VQAE3QmyNNQHTCQYfOkoYGzUrOQZ9QwTFQaP7FXc/kx0pJwvswhg/cC1WFy/PEM3ydfzYBTSthFxs2G5ZbONUR30jVRq1fjBkjh/+ev6HQZAy8MfIZRM8AvIWEJUOEYJuP8pkwbJaE2Mp70aA6SYULVLLTY9g0LxwtLnv9SpdEOr4w2nz6BQ195BG4Ky6t5vQya2J3LAcpxovooopUMLfM3Tvwarr4Otz2HVAzn95UmA36h5Yvo+WA==
+ingotronic.ch.      300 IN  RRSIG   DNSKEY 5 2 300 20130902082432 20130803075649 17430 ingotronic.ch. jwsrJ+V3kqYu2PTsgEokovbFlT+kLgTCPrw5iVXy5F+iTnwxUt5Mq+RkJ58nuKGdqjLTGZIjSybO1vVRdrMU7xyby17pSI1wc0TE5yeJnXhQQgYLh074bPvVfL4vzslX8Ab8U+JL5zo0/PnrVZhswjJLsrddpzlgGbkTQmcgKiM=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.           32768   CLASS4096   OPT  ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 940 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 30648
+;; flags: qr aa rd ra cd ; qd: 1 an: 3 au: 0 ad: 1 
+;; QUESTIONS:
+;;  nsec3.ingotronic.ch., type = DS, class = IN
+
+;; ANSWERS:
+nsec3.ingotronic.ch.    300 IN  DS  16758 7 2 3C8DC02750A1636F829B45D6E6D642866768A9CD40A013AD9D25AB63734FFA13
+nsec3.ingotronic.ch.    300 IN  DS  16758 7 1 1720FF268E09A2CB63805EC8782D10AAD20E12A5
+nsec3.ingotronic.ch.    300 IN  RRSIG   DS 5 3 300 20130902081456 20130803072435 17430 ingotronic.ch. ma2SzHd/Al7dZdivV0/D0M616DPN5bYQmUJMERLum+Dhw38Rl2/KbeBUiFsfamyBFsNLuG272Q35rZlOn62tmko/ysg7vttsZwqDsXXurAz53k4+7OISHYJ2kDFaLRxa5rGoKreCQ+YmiCMGGKtuFTtyoZb36Sl3cXbAKJRhIL0=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.           32768   CLASS4096   OPT  ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 305 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 11577
+;; flags: qr aa rd ra cd ; qd: 1 an: 4 au: 0 ad: 1 
+;; QUESTIONS:
+;;  nsec3.ingotronic.ch., type = DNSKEY, class = IN
+
+;; ANSWERS:
+nsec3.ingotronic.ch.    300 IN  DNSKEY  256 3 7 AwEAAccAWxkTVGZ6UAp0VEozAlYpARhbh6Y6tYOl6Fg3UeBNFFtDQ9fTEEt1NkbnR9u8KkpVN6a67avlYiUN1egDqEwzDU7R1Rw+/USdhm2hqOARmmu3DBgjjX/iXjZLyv310cOGFJZ/smcodlDL4pDAAoPxh/qs6KEBaT0sc1KWcGq3
+nsec3.ingotronic.ch.    300 IN  DNSKEY  257 3 7 AwEAAaBuJTf9oGyeTH3biUkAFLrsYrkodX1H7Snsui4XsDHFCBvs5XYacHbs0Jg0/O51KPjmNnjwMW8SSyDkKqYQ+9uYAf2EQ/pnD/VGQqnV2cw0Vwk/t0E2V4FUCju4pnAoyzZFZXGs1eWbX9JXu++b0Azp+ACq6485qJLzHhWDiIrPoK/SvdbFVRK4s+nPPJLH3NGBbtdz6kPq7aFWYBMoGeAZdN1wsQpcNWUo5eOmaJY53nMc7+rDpAyYlMe/FKwSZdX2ZDd63Qsa6Im4FVUJq/nWLq7tlQ/mWks15uDTQyJy/OWfA0ICCO4N9Fel9rThJNpJWEzOCblvZyBoy405kZk=
+nsec3.ingotronic.ch.    300 IN  RRSIG   DNSKEY 7 3 300 20130903154645 20130804144645 16758 nsec3.ingotronic.ch. emr2IJwIyRsu/o9tX2w3PLYc1Z4u3quRUBfbrWgTbMe02YpCDieyp7+f/IxmRspKvUpEIp+c0pcpIj0oHNL0ve2rfq9n5WPpwaYaJ3KycCFWF+iWwEAzzOyNdxdLwqsLdhN5rTX1lNTexak0czJXa7XXqiqdqLnfFr+xz610UfZ0R/dZdbdwsoUBrGd9bfTg6RCDzO2YJf6TKCT6Yn1s3fDnRYgb8RGCVOO0S6r38hqXxEqLoaNVnj8Qjd3pi1PpKnZf6/xrhV1+cJRoUtl7G1gK9aXwkn93KNqurrvialvw/0vP7OM1+WJauq2mXcdFQ8huQmCHRlm9QRWreorPxQ==
+nsec3.ingotronic.ch.    300 IN  RRSIG   DNSKEY 7 3 300 20130903154645 20130804144645 62417 nsec3.ingotronic.ch. kMYZ2Xsa+n2x9vmiOYIIZqBp5S5IIeZVd6CmQNWY0UeztIhAH1xM2XEAXPbAZ5GqXjwtvWIir4+5S/U0IS4PwNOcTmysOX/jrsZVDDwpoidBoxTjnvD30pqTH9RkuiK9t5FpQYxNLmF8B6T4hK01g+OXC80QzBX4LEu8O4KDJ+8=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.           32768   CLASS4096   OPT  ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 958 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 14675
+;; flags: qr aa rd ra cd ; qd: 1 an: 0 au: 1 ad: 1 
+;; QUESTIONS:
+;;  a.unsigned.nsec3.ingotronic.ch., type = A, class = IN
+
+;; ANSWERS:
+
+;; AUTHORITY RECORDS:
+S4K4EKRNHMVOBS9FF9M8V911BVL7NDUF.nsec3.ingotronic.ch.   300 IN  NSEC3   1 0 10 1234 S5OG9G30J61V17I3RN5MPOG1VDUL8TMS NS
+S4K4EKRNHMVOBS9FF9M8V911BVL7NDUF.nsec3.ingotronic.ch.   300 IN  RRSIG   NSEC3 7 4 300 20130903151143 20130804144753 62417 nsec3.ingotronic.ch. sgwh2RSVYzkVYQJUNd7y/yZZRIMpkscaTgKPFxBSSx+R0Qtl8gfCicRtM4C0XRtPEQdxXLAWGnh1YsqBASpMFNw6nlDBWNQpe6ctBLPLTLcNkCu6Yxi4Y6ouYAHlt/8rJy29mgyqZ1ViOVRAds+Oloomjvg/JDbiOZKw4c/Rsq4=
+
+;; ADDITIONAL RECORDS:
+.           32768   CLASS4096   OPT  ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 105 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 14675
+;; flags: qr aa rd ra cd ; qd: 1 an: 0 au: 1 ad: 1 
+;; QUESTIONS:
+;;  unsigned.nsec3.ingotronic.ch., type = DS, class = IN
+
+;; ANSWERS:
+unsigned.nsec3.ingotronic.ch. 300     DS      23829 7 1 902429770AEE28DCBC72350E8BC260AFF4F239C5
+unsigned.nsec3.ingotronic.ch. 300     DS      23829 7 2 20B0949D09A8FE56C33BE9835B46DE749598FFE20AB4897A1D2ACCCC94A96DF7
+unsigned.nsec3.ingotronic.ch. 300     RRSIG   DS 7 4 300 20130903175754 20130804175754 62417 nsec3.ingotronic.ch. uERbvGIS0r3tBJy3rGBFc21bE6ySOCE48zhxgM0mJHj3Y4UzGuhSK14cR0cZpCcZXAIvSlYBsJ7UQOu4U6Flf6Ep/Wzm7iitfOvGYfROFrbHVLsDwH06l08UueFSQK8TfueiNo9D+glxhqercts30j6ZEYwcDXE+HcHnQrR7k+o=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.           32768   CLASS4096   OPT  ; payload 4096, xrcode 0, version 0, flags 32768
+
+
+###############################################
+
+# constructed response here: the NSEC3 is from the delegating zone for the
+# child zone
+# hash(n=unsigned.nsec3.ingotronic.ch.,it=10,s=1234)=s4k4ekrnhmvobs9ff9m8v911bvl7nduf
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 14675
+;; flags: qr aa rd ra cd ; qd: 1 an: 0 au: 1 ad: 1 
+;; QUESTIONS:
+;;  a.unsigned.nsec3.ingotronic.ch., type = DS, class = IN
+
+;; ANSWERS:
+
+;; AUTHORITY RECORDS:
+S4K4EKRNHMVOBS9FF9M8V911BVL7NDUF.nsec3.ingotronic.ch.   300 IN  NSEC3   1 0 10 1234 S5OG9G30J61V17I3RN5MPOG1VDUL8TMS NS
+S4K4EKRNHMVOBS9FF9M8V911BVL7NDUF.nsec3.ingotronic.ch.   300 IN  RRSIG   NSEC3 7 4 300 20130903151143 20130804144753 62417 nsec3.ingotronic.ch. sgwh2RSVYzkVYQJUNd7y/yZZRIMpkscaTgKPFxBSSx+R0Qtl8gfCicRtM4C0XRtPEQdxXLAWGnh1YsqBASpMFNw6nlDBWNQpe6ctBLPLTLcNkCu6Yxi4Y6ouYAHlt/8rJy29mgyqZ1ViOVRAds+Oloomjvg/JDbiOZKw4c/Rsq4=
+
+;; ADDITIONAL RECORDS:
+.           32768   CLASS4096   OPT  ; payload 4096, xrcode 0, version 0, flags 32768
+
+
+###############################################
diff --git a/src/test/resources/recordings/org_xbill_DNS_dnssec_TestNSEC3NoData/testNsec3ClosestEncloserIsInsecureDelegation b/src/test/resources/recordings/org_xbill_DNS_dnssec_TestNSEC3NoData/testNsec3ClosestEncloserIsInsecureDelegation
new file mode 100644
index 000000000..736649770
--- /dev/null
+++ b/src/test/resources/recordings/org_xbill_DNS_dnssec_TestNSEC3NoData/testNsec3ClosestEncloserIsInsecureDelegation
@@ -0,0 +1,197 @@
+#Date: 2013-08-04T20:43:22+02:00
+
+# This is data for a constructed test: when a zone switches from signed to
+# unsigned AND a resolver incorrectly returns data from the delegation point
+# (instead of from the delegated child), the zone must be treated as insecure
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 52489
+;; flags: qr rd ra ad cd ; qd: 1 an: 3 au: 0 ad: 1 
+;; QUESTIONS:
+;;  ., type = DNSKEY, class = IN
+
+;; ANSWERS:
+.           162318  IN  DNSKEY  257 3 8 AwEAAagAIKlVZrpC6Ia7gEzahOR+9W29euxhJhVVLOyQbSEW0O8gcCjFFVQUTf6v58fLjwBd0YI0EzrAcQqBGCzh/RStIoO8g0NfnfL2MTJRkxoXbfDaUeVPQuYEhg37NZWAJQ9VnMVDxP/VHL496M/QZxkjf5/Efucp2gaDX6RS6CXpoY68LsvPVjR0ZSwzz1apAzvN9dlzEheX7ICJBBtuA6G3LQpzW5hOA2hzCTMjJPJ8LbqF6dsV6DoBQzgul0sGIcGOYl7OyQdXfZ57relSQageu+ipAdTTJ25AsRTAoub8ONGcLmqrAmRLKBP1dfwhYB4N7knNnulqQxA+Uk1ihz0=
+.           162318  IN  DNSKEY  256 3 8 AwEAAcFTyWsmpTs49Q0FKVepUqft+7+c3elhdsfh+amh+orgWLcitLM1bBBiWe6eymWW0EakLZAG4tej28tyx4f+j37Q9VX+m5NAhO/Y0riQonVWfzxLGymx3Ti5x/x7VKvF5Y5hf5OWv2J7pvEumYFFCtu4glit9T9J85+i3UgqSHqf
+.           162318  IN  RRSIG   DNSKEY 8 0 172800 20130814235959 20130731000000 19036 . UUzEZTh+YdFwAThMqKdbiTJYoOYY2FoAwFanVv47w2lc9NTTz7Fb6wtnj/rb47ZtAdIGcBAlh5AWz1UisSIxW1f3bLXdHyaS6YlAZ8shdw5VMktJXrFlnnu8ibOdA8yADMuLvUARHknh9Ri78Po4CwvEdMA+FYha1YyHgm7j0DeqI2ZuRNhXqjF6p+u4Z9zqXjIDq29pog2eZI0NDUQ0EMpLpDuo0PdbbGh7QRiRjeSJ/Oqfb6FrWCn4J14NS6CctKRaumyHiN+SsGx/W+fCsODLkRb0WAVaAIytzNYT8R666eui0c7hnI4imUDUOC0unyj/396zZ1YWHCUgAyJIGg==
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.           32768   CLASS4096   OPT  ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 736 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 63054
+;; flags: qr rd ra ad cd ; qd: 1 an: 2 au: 0 ad: 1 
+;; QUESTIONS:
+;;  ch., type = DS, class = IN
+
+;; ANSWERS:
+ch.         75918   IN  DS  22072 8 2 94E4C1E425B28150D8DD7C974E27E1A933C1D4B51E535177B52DFF3F807A8C94
+ch.         75918   IN  RRSIG   DS 8 1 86400 20130811000000 20130803230000 49656 . oyIAnRmpT1taLwIrZg0/WV3iqMBiWSNjIAXWZkoO9wp+cr0kMeVcrhrXYHAOTqGsL301YtMAT43BAPq9Cq0CZ4sD5K6OFOzo284SigLicuuWo0eEakJFdeYObB/+9wOERyN4iMVryjIl7GMz3D+UgLWrYMWWDDyVbmAm7ZY/3zs=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.           32768   CLASS4096   OPT  ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 238 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 1681
+;; flags: qr rd ra ad cd ; qd: 1 an: 4 au: 0 ad: 1 
+;; QUESTIONS:
+;;  ch., type = DNSKEY, class = IN
+
+;; ANSWERS:
+ch.         75919   IN  DNSKEY  257 3 8 AwEAAeP0/M59JL65K0YWD0W+8k8x1T79hM4W2pi7cx0CxQULRd3udQnf/8ymUbKsPfVDMCXLQwW2evWHRu4B/OKnkRzDQsev7prdJ5UxAHWF4oFsWpGYx+A7WbqllTlmMFkV8bNz6TW6Trl4+RaLirt3ofRUFrJKyKCyNCKkxbtpFO6p6vP5K8V3CW854NndF3D/Xjz0s3nwd3dLwW3XVqi705mhJBvCSeorgsKMcY3PCBG6U5Twj/akb6P8I2nmoGsrIbtmvGk191zV5o4i8RTjk5DI6FcO5GL0J1w9sAiVYfXlN8wdyr90kqO6MGcvSQEItJCTaljyRT53bekbUhdRE50=
+ch.         75919   IN  DNSKEY  256 3 8 AwEAAaANwH4naX1c6xHWHYuFVHa7PLc9n7BPL8J3sa2LqKuQvQ1aTu3hIYAsO6c5wlDp4Pgw8HejPdEZC/VRBtHkXeWfe84IJ2731IQYjQGyD4rKq/L9VjD9bMlSjj6RtI7t4ItzEPlsSEEmEtXFLt8IDzq0xc2tQcec9PsfvvV5jIWN
+ch.         75919   IN  DNSKEY  256 3 8 AwEAAdmE6uljIBh3EdgS3jWT87HtnwhYwP/9/ciJH87VtWMSR8jtMqbr2CFWRFdO9sTIuQ27sOwYe24TXbHt2TBUR4EBiDuzVD+Oj7ikYK1hM0LslL0fYfCJZKVM2SCHnsdh2ExZda/o0v+HtVtRdL7MbTADGue+xGQg6MzvavRd8D2p
+ch.         75919   IN  RRSIG   DNSKEY 8 1 86400 20130904100909 20130720090909 22072 ch. 1DIfkQfa6JMWoGs+y6vAwZ4F9Vf698b3hOpSgw3/Y3cdF/GqINRDQqiMi8OzGX5wV38QrBIG4wTCqHLB51VlHh2MHhU6F45eR/oA62LP6mmdIEuuG6hv2RuUj9S09r3eedr34ETjv8mRkydqekOFDqJaDG8t+B5EVku/94FU81x0pma05wEOvl5+IWQ62YqVuuzqd+Zz8+bObx5X74VAATC053XSftqbih0NJ65dWptOyyqs7MCvTXVpyWf5ipkfULexCWi9pjY7EuviTcJjdhwndiURl+uwMyzfMmf5XBREvJE03t/Cd1Xp9Ee3Iot2rXOpbQ83tUw3xqsgtGkfMg==
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.           32768   CLASS4096   OPT  ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 893 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 34393
+;; flags: qr rd ra cd ; qd: 1 an: 3 au: 0 ad: 1 
+;; QUESTIONS:
+;;  ingotronic.ch., type = DS, class = IN
+
+;; ANSWERS:
+ingotronic.ch.      3583    IN  DS  6031 5 1 733D0218B571CD617B1A7493564B9FC4F12ADE82
+ingotronic.ch.      3583    IN  DS  6031 5 2 4A948F2FDADA24686E473EDAC00DCF972584C75E3FAA92C2021B6221449FF87E
+ingotronic.ch.      3583    IN  RRSIG   DS 8 2 3600 20130831110238 20130801120230 27249 ch. rhEK+na/h6EbbDBbOCBb2igPPPnkwKqKsJ1tAn11PLrrOoXkJs3Ke9LM/y6vxebH03H4gCJtS8VAavyzKWM7tzeraZP1oWlK6g855PeAwGyGYxtT6JVvwlwaFXQqLVoLNJy60eTobRQyKy0OqdDRHm0W/frnPPkM/zXLTr5g9pY=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.           32768   CLASS4096   OPT  ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 288 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 40418
+;; flags: qr aa rd ra cd ; qd: 1 an: 4 au: 0 ad: 1 
+;; QUESTIONS:
+;;  ingotronic.ch., type = DNSKEY, class = IN
+
+;; ANSWERS:
+ingotronic.ch.      300 IN  DNSKEY  256 3 5 AwEAAZ2Xh77GFzpEDx7EHYxShqltHgkiG+BOjBGifEmnJhQSdE5/yNSLFNcdhZZ8HUPxYnaedTqJcFFg4AzUsQklF/fECegTJdZjaj2WoL0/I8K7HMfY/hVuRZUWPNglYi8agJRX6gdkFTCpUNI7stpgKqxtzUJhhw15uG/lKMplwqUr
+ingotronic.ch.      300 IN  DNSKEY  257 3 5 AwEAAeA1vzmjaB+eBAcvhzpKEgAEFpvQ1rg4uKDW6MsQtacKoqBpgyep2+LuWotz5p/xYxj3NGsArwN8Ad5cY0FHRr8miTT0elOv6nvlqGIfRuhj/BXAQ1x4ihpSFslHw0lJMYFwxsUZWpUyjWX/nv1xRZMMwF46gui0N4OEbyTYusCk77D+A71k+K0EAitFIbIH4GCUKmH1H7HmXhSVH9bN/n7KEGwW32lmsuuUcJoRKDkcUvbMXY/9Xoa2quERrUg/rBbDUHowRPjYDS5GzY1+f4YY8s40BufGiqyUTKKXL953MVFK8gmezXA0hbmrnZ7CBOw/7238mORAdzExaX8n7CE=
+ingotronic.ch.      300 IN  RRSIG   DNSKEY 5 2 300 20130902082432 20130803075649 6031 ingotronic.ch. XYDiDlvzokZfrlCk+ZfvBof8cbStGsDqd8YCOtBf/rvnAOWTdV1LGQ1LxE64udTObpKM/+oRgCWFcULnajdwljH2vRw6ZnY/VQAE3QmyNNQHTCQYfOkoYGzUrOQZ9QwTFQaP7FXc/kx0pJwvswhg/cC1WFy/PEM3ydfzYBTSthFxs2G5ZbONUR30jVRq1fjBkjh/+ev6HQZAy8MfIZRM8AvIWEJUOEYJuP8pkwbJaE2Mp70aA6SYULVLLTY9g0LxwtLnv9SpdEOr4w2nz6BQ195BG4Ky6t5vQya2J3LAcpxovooopUMLfM3Tvwarr4Otz2HVAzn95UmA36h5Yvo+WA==
+ingotronic.ch.      300 IN  RRSIG   DNSKEY 5 2 300 20130902082432 20130803075649 17430 ingotronic.ch. jwsrJ+V3kqYu2PTsgEokovbFlT+kLgTCPrw5iVXy5F+iTnwxUt5Mq+RkJ58nuKGdqjLTGZIjSybO1vVRdrMU7xyby17pSI1wc0TE5yeJnXhQQgYLh074bPvVfL4vzslX8Ab8U+JL5zo0/PnrVZhswjJLsrddpzlgGbkTQmcgKiM=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.           32768   CLASS4096   OPT  ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 940 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 30648
+;; flags: qr aa rd ra cd ; qd: 1 an: 3 au: 0 ad: 1 
+;; QUESTIONS:
+;;  nsec3.ingotronic.ch., type = DS, class = IN
+
+;; ANSWERS:
+nsec3.ingotronic.ch.    300 IN  DS  16758 7 2 3C8DC02750A1636F829B45D6E6D642866768A9CD40A013AD9D25AB63734FFA13
+nsec3.ingotronic.ch.    300 IN  DS  16758 7 1 1720FF268E09A2CB63805EC8782D10AAD20E12A5
+nsec3.ingotronic.ch.    300 IN  RRSIG   DS 5 3 300 20130902081456 20130803072435 17430 ingotronic.ch. ma2SzHd/Al7dZdivV0/D0M616DPN5bYQmUJMERLum+Dhw38Rl2/KbeBUiFsfamyBFsNLuG272Q35rZlOn62tmko/ysg7vttsZwqDsXXurAz53k4+7OISHYJ2kDFaLRxa5rGoKreCQ+YmiCMGGKtuFTtyoZb36Sl3cXbAKJRhIL0=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.           32768   CLASS4096   OPT  ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 305 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 11577
+;; flags: qr aa rd ra cd ; qd: 1 an: 4 au: 0 ad: 1 
+;; QUESTIONS:
+;;  nsec3.ingotronic.ch., type = DNSKEY, class = IN
+
+;; ANSWERS:
+nsec3.ingotronic.ch.    300 IN  DNSKEY  256 3 7 AwEAAccAWxkTVGZ6UAp0VEozAlYpARhbh6Y6tYOl6Fg3UeBNFFtDQ9fTEEt1NkbnR9u8KkpVN6a67avlYiUN1egDqEwzDU7R1Rw+/USdhm2hqOARmmu3DBgjjX/iXjZLyv310cOGFJZ/smcodlDL4pDAAoPxh/qs6KEBaT0sc1KWcGq3
+nsec3.ingotronic.ch.    300 IN  DNSKEY  257 3 7 AwEAAaBuJTf9oGyeTH3biUkAFLrsYrkodX1H7Snsui4XsDHFCBvs5XYacHbs0Jg0/O51KPjmNnjwMW8SSyDkKqYQ+9uYAf2EQ/pnD/VGQqnV2cw0Vwk/t0E2V4FUCju4pnAoyzZFZXGs1eWbX9JXu++b0Azp+ACq6485qJLzHhWDiIrPoK/SvdbFVRK4s+nPPJLH3NGBbtdz6kPq7aFWYBMoGeAZdN1wsQpcNWUo5eOmaJY53nMc7+rDpAyYlMe/FKwSZdX2ZDd63Qsa6Im4FVUJq/nWLq7tlQ/mWks15uDTQyJy/OWfA0ICCO4N9Fel9rThJNpJWEzOCblvZyBoy405kZk=
+nsec3.ingotronic.ch.    300 IN  RRSIG   DNSKEY 7 3 300 20130903154645 20130804144645 16758 nsec3.ingotronic.ch. emr2IJwIyRsu/o9tX2w3PLYc1Z4u3quRUBfbrWgTbMe02YpCDieyp7+f/IxmRspKvUpEIp+c0pcpIj0oHNL0ve2rfq9n5WPpwaYaJ3KycCFWF+iWwEAzzOyNdxdLwqsLdhN5rTX1lNTexak0czJXa7XXqiqdqLnfFr+xz610UfZ0R/dZdbdwsoUBrGd9bfTg6RCDzO2YJf6TKCT6Yn1s3fDnRYgb8RGCVOO0S6r38hqXxEqLoaNVnj8Qjd3pi1PpKnZf6/xrhV1+cJRoUtl7G1gK9aXwkn93KNqurrvialvw/0vP7OM1+WJauq2mXcdFQ8huQmCHRlm9QRWreorPxQ==
+nsec3.ingotronic.ch.    300 IN  RRSIG   DNSKEY 7 3 300 20130903154645 20130804144645 62417 nsec3.ingotronic.ch. kMYZ2Xsa+n2x9vmiOYIIZqBp5S5IIeZVd6CmQNWY0UeztIhAH1xM2XEAXPbAZ5GqXjwtvWIir4+5S/U0IS4PwNOcTmysOX/jrsZVDDwpoidBoxTjnvD30pqTH9RkuiK9t5FpQYxNLmF8B6T4hK01g+OXC80QzBX4LEu8O4KDJ+8=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.           32768   CLASS4096   OPT  ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 958 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 14675
+;; flags: qr aa rd ra cd ; qd: 1 an: 0 au: 1 ad: 1 
+;; QUESTIONS:
+;;  a.unsigned.nsec3.ingotronic.ch., type = A, class = IN
+
+;; ANSWERS:
+
+;; AUTHORITY RECORDS:
+S4K4EKRNHMVOBS9FF9M8V911BVL7NDUF.nsec3.ingotronic.ch.   300 IN  NSEC3   1 0 10 1234 S5OG9G30J61V17I3RN5MPOG1VDUL8TMS NS
+S4K4EKRNHMVOBS9FF9M8V911BVL7NDUF.nsec3.ingotronic.ch.   300 IN  RRSIG   NSEC3 7 4 300 20130903151143 20130804144753 62417 nsec3.ingotronic.ch. sgwh2RSVYzkVYQJUNd7y/yZZRIMpkscaTgKPFxBSSx+R0Qtl8gfCicRtM4C0XRtPEQdxXLAWGnh1YsqBASpMFNw6nlDBWNQpe6ctBLPLTLcNkCu6Yxi4Y6ouYAHlt/8rJy29mgyqZ1ViOVRAds+Oloomjvg/JDbiOZKw4c/Rsq4=
+
+;; ADDITIONAL RECORDS:
+.           32768   CLASS4096   OPT  ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 105 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 14675
+;; flags: qr aa rd ra cd ; qd: 1 an: 0 au: 1 ad: 1 
+;; QUESTIONS:
+;;  unsigned.nsec3.ingotronic.ch., type = DS, class = IN
+
+;; ANSWERS:
+unsigned.nsec3.ingotronic.ch. 300     DS      23829 7 1 902429770AEE28DCBC72350E8BC260AFF4F239C5
+unsigned.nsec3.ingotronic.ch. 300     DS      23829 7 2 20B0949D09A8FE56C33BE9835B46DE749598FFE20AB4897A1D2ACCCC94A96DF7
+unsigned.nsec3.ingotronic.ch. 300     RRSIG   DS 7 4 300 20130903175754 20130804175754 62417 nsec3.ingotronic.ch. uERbvGIS0r3tBJy3rGBFc21bE6ySOCE48zhxgM0mJHj3Y4UzGuhSK14cR0cZpCcZXAIvSlYBsJ7UQOu4U6Flf6Ep/Wzm7iitfOvGYfROFrbHVLsDwH06l08UueFSQK8TfueiNo9D+glxhqercts30j6ZEYwcDXE+HcHnQrR7k+o=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.           32768   CLASS4096   OPT  ; payload 4096, xrcode 0, version 0, flags 32768
+
+
+###############################################
+
+# constructed response here: the NSEC3 is from the delegating zone for the
+# child zone
+# hash(n=unsigned.nsec3.ingotronic.ch.,it=10,s=1234)=s4k4ekrnhmvobs9ff9m8v911bvl7nduf
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 14675
+;; flags: qr aa rd ra cd ; qd: 1 an: 0 au: 1 ad: 1 
+;; QUESTIONS:
+;;  a.unsigned.nsec3.ingotronic.ch., type = A, class = IN
+
+;; ANSWERS:
+
+;; AUTHORITY RECORDS:
+S4K4EKRNHMVOBS9FF9M8V911BVL7NDUF.nsec3.ingotronic.ch.   300 IN  NSEC3   1 0 10 1234 S5OG9G30J61V17I3RN5MPOG1VDUL8TMS NS
+S4K4EKRNHMVOBS9FF9M8V911BVL7NDUF.nsec3.ingotronic.ch.   300 IN  RRSIG   NSEC3 7 4 300 20130903151143 20130804144753 62417 nsec3.ingotronic.ch. sgwh2RSVYzkVYQJUNd7y/yZZRIMpkscaTgKPFxBSSx+R0Qtl8gfCicRtM4C0XRtPEQdxXLAWGnh1YsqBASpMFNw6nlDBWNQpe6ctBLPLTLcNkCu6Yxi4Y6ouYAHlt/8rJy29mgyqZ1ViOVRAds+Oloomjvg/JDbiOZKw4c/Rsq4=
+
+;; ADDITIONAL RECORDS:
+.           32768   CLASS4096   OPT  ; payload 4096, xrcode 0, version 0, flags 32768
+
+
+###############################################
diff --git a/src/test/resources/recordings/org_xbill_DNS_dnssec_TestNoData/testFakedNoDataNsec3WithNsecs b/src/test/resources/recordings/org_xbill_DNS_dnssec_TestNoData/testFakedNoDataNsec3WithNsecs
new file mode 100644
index 000000000..2455dbcb3
--- /dev/null
+++ b/src/test/resources/recordings/org_xbill_DNS_dnssec_TestNoData/testFakedNoDataNsec3WithNsecs
@@ -0,0 +1,293 @@
+#Date: 2015-01-06T22:35:09+01:00
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 25734
+;; flags: qr aa rd ra cd ; qd: 1 an: 0 au: 4 ad: 1 
+;; QUESTIONS:
+;;	www.nsec3.ingotronic.ch., type = MX, class = IN
+
+;; ANSWERS:
+
+;; AUTHORITY RECORDS:
+nsec3.ingotronic.ch.	300	IN	SOA	ns1.ingotronic.ch. admin.ingotronic.ch. 2013032932 300 60 864000 300
+nsec3.ingotronic.ch.	300	IN	RRSIG	SOA 7 3 300 20150201003516 20150101233516 62417 nsec3.ingotronic.ch. RMXaAZCkydysBpA4+LWD2frs4CZH2FBxafAolq7MOG62Sw3ellwNcSIh2naMasviin2DU2BAzIYyFUqKJDbUqzTxZQjsM6d5LtgFy5iTNmWum6FnFP5Fz73Zs/9Q0LNEstR82MRRL8EDElADhFySAReavyT/vlSTScQGxx6slyQ=
+7L2K0NAC88UN3IJV0404HF7PM543BN3F.nsec3.ingotronic.ch.	300	IN	NSEC3	1 0 10 1234 810L2KR9HCVTELBLO8GQM0EMIM8KD01E A AAAA RRSIG
+7L2K0NAC88UN3IJV0404HF7PM543BN3F.nsec3.ingotronic.ch.	300	IN	RRSIG	NSEC3 7 4 300 20150125000452 20141225235516 62417 nsec3.ingotronic.ch. hOo4U9QFigY0lLf6UzA/WlwjZsXfs5EZdfiumlAHv2H/I81TiWBtKQhOvMyVUOFq1dMq44JnO2KJEEuPRKKNPiER4a3Y/kzpjscW+yfUWjOzOmZX4d2p9ustljj125/PVUwAOeCP7a8fFZMG/7Xughx49B4WFsDrIUEbMsw3Iqo=
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 537 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 20135
+;; flags: qr rd ra ad cd ; qd: 1 an: 4 au: 0 ad: 1 
+;; QUESTIONS:
+;;	., type = DNSKEY, class = IN
+
+;; ANSWERS:
+.			87364	IN	DNSKEY	256 3 8 AwEAAe3fSrbLBy3LOS7pnxEUhvPZTE2H5dIGsI/UfruI/nOEvWWa/PSX2BFedBkEqOlYdjdNF2f+6lmfk2Od/xu0v5bVqxFE+/24v3hZSlWBxvXzPTAGHrbW/IJYEPqlzVOAS4XdUgHg0N7IbLywNHMvB+Yf+Nm6ctyXXFLV4WTNnzs7
+.			87364	IN	DNSKEY	257 3 8 AwEAAagAIKlVZrpC6Ia7gEzahOR+9W29euxhJhVVLOyQbSEW0O8gcCjFFVQUTf6v58fLjwBd0YI0EzrAcQqBGCzh/RStIoO8g0NfnfL2MTJRkxoXbfDaUeVPQuYEhg37NZWAJQ9VnMVDxP/VHL496M/QZxkjf5/Efucp2gaDX6RS6CXpoY68LsvPVjR0ZSwzz1apAzvN9dlzEheX7ICJBBtuA6G3LQpzW5hOA2hzCTMjJPJ8LbqF6dsV6DoBQzgul0sGIcGOYl7OyQdXfZ57relSQageu+ipAdTTJ25AsRTAoub8ONGcLmqrAmRLKBP1dfwhYB4N7knNnulqQxA+Uk1ihz0=
+.			87364	IN	DNSKEY	256 3 8 AwEAAaPD7Y7XIi1MOEREJNTrRhyqsY3gff6JWzg+XCbqut1sbcbvqyssHw8DT1AkRaAC92pO8xuyq5QEgEPL1IHfABLwpwXI5gTj4gdwi86bpkmlWs9fRpnn4DPDCTdrnxIejJXgClHikLJF3u3CdpNCMijq4CKdQbMlRZ3avv+G7rh7
+.			87364	IN	RRSIG	DNSKEY 8 0 172800 20150115235959 20150101000000 19036 . i8cAxD2pvQi1oAyvQxRpDfFlbqPzW+69QQEsDwE1eWOm5AtawO9U7lmsGps7sy/fVNvl1ljKBj4Djp9pb3U2FLogjiIlW0cDAkPmLlG9t+b/pjEfBNlhjANUVN06pvQVAfm+LcF26EaWT6FlISBqb6jSy4BHRa3Bdc4Sx7+pRSYSqVVvYxLkfAWsKPqGkvWhebJDndJJV9syXQXgZ+v/uJ+6XOS43xkAdeL8iBzIs/FlwMTfh3tVe3d0lb65IBBLlCzeQuetX+0Vu1YFcnD0mHc/wS2ZnAV5toAFmyVQBoY/XAZiZeaOkcROJ6Zmqezy7liwK7BqsYyAZntMhk8lbg==
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 883 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 16754
+;; flags: qr rd ra ad cd ; qd: 1 an: 2 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ch., type = DS, class = IN
+
+;; ANSWERS:
+ch.			964	IN	DS	46375 8 2 8F96646FC68BB7E4AF4C0750A6096FBC0D4ECDA3D3FA6DA06FDDB42EE50C6CF3
+ch.			964	IN	RRSIG	DS 8 1 86400 20150112170000 20150105160000 16665 . thY7xYWBBxiBjqbQIb9fAG4TmQgnziwM7q6P1T3/ITxmECdvOCQnnZA3uD7qmN8uM0HudsD7+y+zgD3rsH4RSTKdL4kHSI0OnCxToMTvklghEgFDezqIRm8NkWdI2H4Stwrj20nYKSpLQxPI2EE54gs18P3KyO8bAUYv8Qx73xU=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 238 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 6044
+;; flags: qr rd ra ad cd ; qd: 1 an: 4 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ch., type = DNSKEY, class = IN
+
+;; ANSWERS:
+ch.			965	IN	DNSKEY	257 3 8 AwEAAb7GhhZ8IAy/AhwmSms5DeQK5ad09wIIplEpYoiAIYXPtJvT1ReFzyfTp/2YP+g/PWDwHPh4qKAHa9x0VgbIQcGAeNakmfkAdWEmCnca323/SAml3mwfaX62G7/uYWae5zh8QTxZKNd+K1yZ5x0IxnI31chSl5xymRbTEHYZDKwSIRFM3fTxUMt93WFaBVWELReYotJBr++rvAWdnlay5TPBTvheLBkaiqtgM4GP8HK07Y+86lsZnEsj5K3G1KTV5SPpa82rqYAwxG9VKbmSE/6/kBR5jJHjt1rRt5Oe7v18aEtw0YCEN4vxq+KuvMoNVqXUsE9LBwHJD+QNwi6wmB0=
+ch.			965	IN	DNSKEY	256 3 8 AwEAAcSLdT0fEmcFmLpeUkAJoeVaHKiu+nbuc43fWlqaCRVf8t2HA4uWxOk0O5ci9nrFTc8nq8oa5fk5Cj7CHh4yrX9qUCfTdIWTyp8BDEdJpS+Dyb0u9wQuVj+nQMj4fLzdQf4TJs3/qxuiLr3nL1UUwlhhXeqSqGVb7p3mtB5HJ8ad
+ch.			965	IN	DNSKEY	256 3 8 AwEAAcsg0kY6fw1wzYMhSAKTy+Y2JzAst66P/1odp9NECJJHbU8f4nwziI3onoFSBV0ZiSZhY1aH5dhdDZ7BkrqhVXSrZPAz0CvzjIxmB1gSOf9DeZvjQvoy97HqYolxsf+B3QQv2RKBT67elF5+JisKg3/dQISelKn8LhabSoVrMlD1
+ch.			965	IN	RRSIG	DNSKEY 8 1 86400 20150127100909 20141212090909 46375 ch. bT8q0FWyeMH0SulNo6UdIIgZYNATwYsee2bikq2Gh339Bufma8eaqWIPYT3XKmxYPBFOw0bVl+kLZxTwbR1CFoCDXoP+qgQhh4mf9qkNiv2CDSc+0FE3FRREn+DAhYTUEuB58FPiPakFB8s8O7T+k2qhDae7jy4/y7Jl1lnjaBY8s7bzOUPhF0KKCNZmvoKwtL23ZdVeTSV1xM3jkiNnpzBKbcoSWECSGJVp1SE0BnRXdwQP41YTXFZ0310YjaTAUCC5qbMIWdEkHjfdSQtKBImnc85mkapq9w++XQ4zhauPWBtrPV3CcoCahjUaWdjrKVkibomlJZaN8MEO23CfQw==
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 893 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 60471
+;; flags: qr rd ra cd ; qd: 1 an: 3 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ingotronic.ch., type = DS, class = IN
+
+;; ANSWERS:
+ingotronic.ch.		3573	IN	DS	6031 5 2 4A948F2FDADA24686E473EDAC00DCF972584C75E3FAA92C2021B6221449FF87E
+ingotronic.ch.		3573	IN	DS	6031 5 1 733D0218B571CD617B1A7493564B9FC4F12ADE82
+ingotronic.ch.		3573	IN	RRSIG	DS 8 2 3600 20150129033614 20150105123019 60789 ch. rVPJP2HhzW7OkroK2axFj5Lb4iVWCH8Fp/Iq1rF952NDo72b8RiKje2RaAKJAGQ+wd0YgE+PAej04GCmkhlDJA/zvPeeTxuhy3HbJzReMlQ7fjyH+wW1hli+FuIYvogXWf7nO/9VyPORt8X/f/pjrOr3Vlj9sGLN8TGYpEuVSw4=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 288 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 17951
+;; flags: qr aa rd ra cd ; qd: 1 an: 4 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ingotronic.ch., type = DNSKEY, class = IN
+
+;; ANSWERS:
+ingotronic.ch.		300	IN	DNSKEY	256 3 5 AwEAAZ2Xh77GFzpEDx7EHYxShqltHgkiG+BOjBGifEmnJhQSdE5/yNSLFNcdhZZ8HUPxYnaedTqJcFFg4AzUsQklF/fECegTJdZjaj2WoL0/I8K7HMfY/hVuRZUWPNglYi8agJRX6gdkFTCpUNI7stpgKqxtzUJhhw15uG/lKMplwqUr
+ingotronic.ch.		300	IN	DNSKEY	257 3 5 AwEAAeA1vzmjaB+eBAcvhzpKEgAEFpvQ1rg4uKDW6MsQtacKoqBpgyep2+LuWotz5p/xYxj3NGsArwN8Ad5cY0FHRr8miTT0elOv6nvlqGIfRuhj/BXAQ1x4ihpSFslHw0lJMYFwxsUZWpUyjWX/nv1xRZMMwF46gui0N4OEbyTYusCk77D+A71k+K0EAitFIbIH4GCUKmH1H7HmXhSVH9bN/n7KEGwW32lmsuuUcJoRKDkcUvbMXY/9Xoa2quERrUg/rBbDUHowRPjYDS5GzY1+f4YY8s40BufGiqyUTKKXL953MVFK8gmezXA0hbmrnZ7CBOw/7238mORAdzExaX8n7CE=
+ingotronic.ch.		300	IN	RRSIG	DNSKEY 5 2 300 20150125003700 20141226001657 6031 ingotronic.ch. rs1QlP2SlSpA2ELbzwg3DgWLzXWL3Lpv6CUJE2Q0qH2Zp7Qdy3cD+ZEtNh9v24Qv1M6JJ3zFt8mmZoCeW2ycuMbJCqBkW9CBuwF+VznZvZY2MxwPipvhvEEGP//0M8YAZJ66yQPDv3PTdAP8FYbIrJyvY44vwyncwbslpfHT9jAsrbfr3vuMuWps86dnP462q+0s1TxBfqi8mzo3gdavjHKWVNwohLahLKT+tWeu6DSzQv0YwMjwtkLgF7QRgx3ctIIkloOrnx9nHH1N6y+hxEB89fOlyVDjHhgL5uVtsD5fEdT0FJ2Gc/2nShEMMqIwr1/J9kUq1mNySff/uEe65Q==
+ingotronic.ch.		300	IN	RRSIG	DNSKEY 5 2 300 20150125003700 20141226001657 17430 ingotronic.ch. mEwZjhQqeWksWD0TCnNBrtce4YkWJL3edqL6PvAUu8Fn+Ih437kEs3+pqdkgRsdYQ9HW+lBm/8pWwJlNAv0bi9NykItXMwAUFtncgq+6Pnh3iAM972GXSa5VV4LcGQ5b8CBdHCHiEKDqyPv5Hr5QfYL/FQaWlcNRh4QZZlZNPFA=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 940 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 16136
+;; flags: qr aa rd ra cd ; qd: 1 an: 3 au: 0 ad: 1 
+;; QUESTIONS:
+;;	nsec3.ingotronic.ch., type = DS, class = IN
+
+;; ANSWERS:
+nsec3.ingotronic.ch.	300	IN	DS	16758 7 1 1720FF268E09A2CB63805EC8782D10AAD20E12A5
+nsec3.ingotronic.ch.	300	IN	DS	16758 7 2 3C8DC02750A1636F829B45D6E6D642866768A9CD40A013AD9D25AB63734FFA13
+nsec3.ingotronic.ch.	300	IN	RRSIG	DS 5 3 300 20150125011134 20141226002644 17430 ingotronic.ch. hNurzlGhlyHbSgezPDuhIrtN9ZMsMXZbKGc7HD5rUuM88wD3fM97NxdzF+2Hi1USvBZ5GsQv63L+lAzf+mFPBoPIFHtTiAv8up7kQKRKmi/EzzkCYd/CC4UYdDZbaUyv7esh7spSOGwjPJNdK831p+MgltoWaYtnSGVMgOKk5mc=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 305 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 40073
+;; flags: qr aa rd ra cd ; qd: 1 an: 4 au: 0 ad: 1 
+;; QUESTIONS:
+;;	nsec3.ingotronic.ch., type = DNSKEY, class = IN
+
+;; ANSWERS:
+nsec3.ingotronic.ch.	300	IN	DNSKEY	257 3 7 AwEAAaBuJTf9oGyeTH3biUkAFLrsYrkodX1H7Snsui4XsDHFCBvs5XYacHbs0Jg0/O51KPjmNnjwMW8SSyDkKqYQ+9uYAf2EQ/pnD/VGQqnV2cw0Vwk/t0E2V4FUCju4pnAoyzZFZXGs1eWbX9JXu++b0Azp+ACq6485qJLzHhWDiIrPoK/SvdbFVRK4s+nPPJLH3NGBbtdz6kPq7aFWYBMoGeAZdN1wsQpcNWUo5eOmaJY53nMc7+rDpAyYlMe/FKwSZdX2ZDd63Qsa6Im4FVUJq/nWLq7tlQ/mWks15uDTQyJy/OWfA0ICCO4N9Fel9rThJNpJWEzOCblvZyBoy405kZk=
+nsec3.ingotronic.ch.	300	IN	DNSKEY	256 3 7 AwEAAccAWxkTVGZ6UAp0VEozAlYpARhbh6Y6tYOl6Fg3UeBNFFtDQ9fTEEt1NkbnR9u8KkpVN6a67avlYiUN1egDqEwzDU7R1Rw+/USdhm2hqOARmmu3DBgjjX/iXjZLyv310cOGFJZ/smcodlDL4pDAAoPxh/qs6KEBaT0sc1KWcGq3
+nsec3.ingotronic.ch.	300	IN	RRSIG	DNSKEY 7 3 300 20150125001457 20141226000444 16758 nsec3.ingotronic.ch. mXi1ylDi8XkRPup+YlT8GPdYE+P7gb6+/VdAwtodI916IzrkGkOHOTLbnrbAqqJOh0HxVCYXdxovmEcbJKUFKwplrQg3XD7/9Sq4pKU1MhMFEGrm/QPkM4u0mgjQwyToDLGuPHuFyur3FSjO/n54uGhAEft9JOFk/WKtWdCnm2LLyQrpC6herA3efFaI8kZhdoEY02AwihWVJxHasmz7lOoKRgNrkfELU+fN4+V7ISsRfJMyZc6q5PuNeG6vFD0uNE8tpdLJCSMurKYVpelvYqzFIcRTYcIjXwmS+L3DGjupqWMzFZVmpQM62JG3KCCD0ffpnNb0nWoSoHwpSeh/3Q==
+nsec3.ingotronic.ch.	300	IN	RRSIG	DNSKEY 7 3 300 20150125001457 20141226000444 62417 nsec3.ingotronic.ch. PyCrf8T5dAfJzapb1p+kcTALPjDuD2niSaXXo0KeHAunT+6gJicLML2S/ZpiYr7X7Ma4Z0TYqE02qH6pcLYNnSgv9BE8sZO0nRtPekSyTy5nLi4hFADYhjb3UjaB85qmQZcqm64vC/CJhWO4t6Eixg/5MYALw+Qdy5Fo0qy/U5E=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 958 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 36997
+;; flags: qr rd ra ad cd ; qd: 1 an: 4 au: 0 ad: 1 
+;; QUESTIONS:
+;;	., type = DNSKEY, class = IN
+
+;; ANSWERS:
+.			87364	IN	DNSKEY	256 3 8 AwEAAe3fSrbLBy3LOS7pnxEUhvPZTE2H5dIGsI/UfruI/nOEvWWa/PSX2BFedBkEqOlYdjdNF2f+6lmfk2Od/xu0v5bVqxFE+/24v3hZSlWBxvXzPTAGHrbW/IJYEPqlzVOAS4XdUgHg0N7IbLywNHMvB+Yf+Nm6ctyXXFLV4WTNnzs7
+.			87364	IN	DNSKEY	256 3 8 AwEAAaPD7Y7XIi1MOEREJNTrRhyqsY3gff6JWzg+XCbqut1sbcbvqyssHw8DT1AkRaAC92pO8xuyq5QEgEPL1IHfABLwpwXI5gTj4gdwi86bpkmlWs9fRpnn4DPDCTdrnxIejJXgClHikLJF3u3CdpNCMijq4CKdQbMlRZ3avv+G7rh7
+.			87364	IN	DNSKEY	257 3 8 AwEAAagAIKlVZrpC6Ia7gEzahOR+9W29euxhJhVVLOyQbSEW0O8gcCjFFVQUTf6v58fLjwBd0YI0EzrAcQqBGCzh/RStIoO8g0NfnfL2MTJRkxoXbfDaUeVPQuYEhg37NZWAJQ9VnMVDxP/VHL496M/QZxkjf5/Efucp2gaDX6RS6CXpoY68LsvPVjR0ZSwzz1apAzvN9dlzEheX7ICJBBtuA6G3LQpzW5hOA2hzCTMjJPJ8LbqF6dsV6DoBQzgul0sGIcGOYl7OyQdXfZ57relSQageu+ipAdTTJ25AsRTAoub8ONGcLmqrAmRLKBP1dfwhYB4N7knNnulqQxA+Uk1ihz0=
+.			87364	IN	RRSIG	DNSKEY 8 0 172800 20150115235959 20150101000000 19036 . i8cAxD2pvQi1oAyvQxRpDfFlbqPzW+69QQEsDwE1eWOm5AtawO9U7lmsGps7sy/fVNvl1ljKBj4Djp9pb3U2FLogjiIlW0cDAkPmLlG9t+b/pjEfBNlhjANUVN06pvQVAfm+LcF26EaWT6FlISBqb6jSy4BHRa3Bdc4Sx7+pRSYSqVVvYxLkfAWsKPqGkvWhebJDndJJV9syXQXgZ+v/uJ+6XOS43xkAdeL8iBzIs/FlwMTfh3tVe3d0lb65IBBLlCzeQuetX+0Vu1YFcnD0mHc/wS2ZnAV5toAFmyVQBoY/XAZiZeaOkcROJ6Zmqezy7liwK7BqsYyAZntMhk8lbg==
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 883 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 49791
+;; flags: qr rd ra ad cd ; qd: 1 an: 2 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ch., type = DS, class = IN
+
+;; ANSWERS:
+ch.			964	IN	DS	46375 8 2 8F96646FC68BB7E4AF4C0750A6096FBC0D4ECDA3D3FA6DA06FDDB42EE50C6CF3
+ch.			964	IN	RRSIG	DS 8 1 86400 20150112170000 20150105160000 16665 . thY7xYWBBxiBjqbQIb9fAG4TmQgnziwM7q6P1T3/ITxmECdvOCQnnZA3uD7qmN8uM0HudsD7+y+zgD3rsH4RSTKdL4kHSI0OnCxToMTvklghEgFDezqIRm8NkWdI2H4Stwrj20nYKSpLQxPI2EE54gs18P3KyO8bAUYv8Qx73xU=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 238 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 8607
+;; flags: qr rd ra ad cd ; qd: 1 an: 4 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ch., type = DNSKEY, class = IN
+
+;; ANSWERS:
+ch.			964	IN	DNSKEY	257 3 8 AwEAAb7GhhZ8IAy/AhwmSms5DeQK5ad09wIIplEpYoiAIYXPtJvT1ReFzyfTp/2YP+g/PWDwHPh4qKAHa9x0VgbIQcGAeNakmfkAdWEmCnca323/SAml3mwfaX62G7/uYWae5zh8QTxZKNd+K1yZ5x0IxnI31chSl5xymRbTEHYZDKwSIRFM3fTxUMt93WFaBVWELReYotJBr++rvAWdnlay5TPBTvheLBkaiqtgM4GP8HK07Y+86lsZnEsj5K3G1KTV5SPpa82rqYAwxG9VKbmSE/6/kBR5jJHjt1rRt5Oe7v18aEtw0YCEN4vxq+KuvMoNVqXUsE9LBwHJD+QNwi6wmB0=
+ch.			964	IN	DNSKEY	256 3 8 AwEAAcSLdT0fEmcFmLpeUkAJoeVaHKiu+nbuc43fWlqaCRVf8t2HA4uWxOk0O5ci9nrFTc8nq8oa5fk5Cj7CHh4yrX9qUCfTdIWTyp8BDEdJpS+Dyb0u9wQuVj+nQMj4fLzdQf4TJs3/qxuiLr3nL1UUwlhhXeqSqGVb7p3mtB5HJ8ad
+ch.			964	IN	DNSKEY	256 3 8 AwEAAcsg0kY6fw1wzYMhSAKTy+Y2JzAst66P/1odp9NECJJHbU8f4nwziI3onoFSBV0ZiSZhY1aH5dhdDZ7BkrqhVXSrZPAz0CvzjIxmB1gSOf9DeZvjQvoy97HqYolxsf+B3QQv2RKBT67elF5+JisKg3/dQISelKn8LhabSoVrMlD1
+ch.			964	IN	RRSIG	DNSKEY 8 1 86400 20150127100909 20141212090909 46375 ch. bT8q0FWyeMH0SulNo6UdIIgZYNATwYsee2bikq2Gh339Bufma8eaqWIPYT3XKmxYPBFOw0bVl+kLZxTwbR1CFoCDXoP+qgQhh4mf9qkNiv2CDSc+0FE3FRREn+DAhYTUEuB58FPiPakFB8s8O7T+k2qhDae7jy4/y7Jl1lnjaBY8s7bzOUPhF0KKCNZmvoKwtL23ZdVeTSV1xM3jkiNnpzBKbcoSWECSGJVp1SE0BnRXdwQP41YTXFZ0310YjaTAUCC5qbMIWdEkHjfdSQtKBImnc85mkapq9w++XQ4zhauPWBtrPV3CcoCahjUaWdjrKVkibomlJZaN8MEO23CfQw==
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 893 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 534
+;; flags: qr rd ra cd ; qd: 1 an: 3 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ingotronic.ch., type = DS, class = IN
+
+;; ANSWERS:
+ingotronic.ch.		3572	IN	DS	6031 5 2 4A948F2FDADA24686E473EDAC00DCF972584C75E3FAA92C2021B6221449FF87E
+ingotronic.ch.		3572	IN	DS	6031 5 1 733D0218B571CD617B1A7493564B9FC4F12ADE82
+ingotronic.ch.		3572	IN	RRSIG	DS 8 2 3600 20150129033614 20150105123019 60789 ch. rVPJP2HhzW7OkroK2axFj5Lb4iVWCH8Fp/Iq1rF952NDo72b8RiKje2RaAKJAGQ+wd0YgE+PAej04GCmkhlDJA/zvPeeTxuhy3HbJzReMlQ7fjyH+wW1hli+FuIYvogXWf7nO/9VyPORt8X/f/pjrOr3Vlj9sGLN8TGYpEuVSw4=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 288 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 33596
+;; flags: qr aa rd ra cd ; qd: 1 an: 4 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ingotronic.ch., type = DNSKEY, class = IN
+
+;; ANSWERS:
+ingotronic.ch.		300	IN	DNSKEY	257 3 5 AwEAAeA1vzmjaB+eBAcvhzpKEgAEFpvQ1rg4uKDW6MsQtacKoqBpgyep2+LuWotz5p/xYxj3NGsArwN8Ad5cY0FHRr8miTT0elOv6nvlqGIfRuhj/BXAQ1x4ihpSFslHw0lJMYFwxsUZWpUyjWX/nv1xRZMMwF46gui0N4OEbyTYusCk77D+A71k+K0EAitFIbIH4GCUKmH1H7HmXhSVH9bN/n7KEGwW32lmsuuUcJoRKDkcUvbMXY/9Xoa2quERrUg/rBbDUHowRPjYDS5GzY1+f4YY8s40BufGiqyUTKKXL953MVFK8gmezXA0hbmrnZ7CBOw/7238mORAdzExaX8n7CE=
+ingotronic.ch.		300	IN	DNSKEY	256 3 5 AwEAAZ2Xh77GFzpEDx7EHYxShqltHgkiG+BOjBGifEmnJhQSdE5/yNSLFNcdhZZ8HUPxYnaedTqJcFFg4AzUsQklF/fECegTJdZjaj2WoL0/I8K7HMfY/hVuRZUWPNglYi8agJRX6gdkFTCpUNI7stpgKqxtzUJhhw15uG/lKMplwqUr
+ingotronic.ch.		300	IN	RRSIG	DNSKEY 5 2 300 20150125003700 20141226001657 6031 ingotronic.ch. rs1QlP2SlSpA2ELbzwg3DgWLzXWL3Lpv6CUJE2Q0qH2Zp7Qdy3cD+ZEtNh9v24Qv1M6JJ3zFt8mmZoCeW2ycuMbJCqBkW9CBuwF+VznZvZY2MxwPipvhvEEGP//0M8YAZJ66yQPDv3PTdAP8FYbIrJyvY44vwyncwbslpfHT9jAsrbfr3vuMuWps86dnP462q+0s1TxBfqi8mzo3gdavjHKWVNwohLahLKT+tWeu6DSzQv0YwMjwtkLgF7QRgx3ctIIkloOrnx9nHH1N6y+hxEB89fOlyVDjHhgL5uVtsD5fEdT0FJ2Gc/2nShEMMqIwr1/J9kUq1mNySff/uEe65Q==
+ingotronic.ch.		300	IN	RRSIG	DNSKEY 5 2 300 20150125003700 20141226001657 17430 ingotronic.ch. mEwZjhQqeWksWD0TCnNBrtce4YkWJL3edqL6PvAUu8Fn+Ih437kEs3+pqdkgRsdYQ9HW+lBm/8pWwJlNAv0bi9NykItXMwAUFtncgq+6Pnh3iAM972GXSa5VV4LcGQ5b8CBdHCHiEKDqyPv5Hr5QfYL/FQaWlcNRh4QZZlZNPFA=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 940 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 33074
+;; flags: qr aa rd ra cd ; qd: 1 an: 3 au: 0 ad: 1 
+;; QUESTIONS:
+;;	nsec3.ingotronic.ch., type = DS, class = IN
+
+;; ANSWERS:
+nsec3.ingotronic.ch.	300	IN	DS	16758 7 1 1720FF268E09A2CB63805EC8782D10AAD20E12A5
+nsec3.ingotronic.ch.	300	IN	DS	16758 7 2 3C8DC02750A1636F829B45D6E6D642866768A9CD40A013AD9D25AB63734FFA13
+nsec3.ingotronic.ch.	300	IN	RRSIG	DS 5 3 300 20150125011134 20141226002644 17430 ingotronic.ch. hNurzlGhlyHbSgezPDuhIrtN9ZMsMXZbKGc7HD5rUuM88wD3fM97NxdzF+2Hi1USvBZ5GsQv63L+lAzf+mFPBoPIFHtTiAv8up7kQKRKmi/EzzkCYd/CC4UYdDZbaUyv7esh7spSOGwjPJNdK831p+MgltoWaYtnSGVMgOKk5mc=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 305 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 40277
+;; flags: qr aa rd ra cd ; qd: 1 an: 4 au: 0 ad: 1 
+;; QUESTIONS:
+;;	nsec3.ingotronic.ch., type = DNSKEY, class = IN
+
+;; ANSWERS:
+nsec3.ingotronic.ch.	300	IN	DNSKEY	257 3 7 AwEAAaBuJTf9oGyeTH3biUkAFLrsYrkodX1H7Snsui4XsDHFCBvs5XYacHbs0Jg0/O51KPjmNnjwMW8SSyDkKqYQ+9uYAf2EQ/pnD/VGQqnV2cw0Vwk/t0E2V4FUCju4pnAoyzZFZXGs1eWbX9JXu++b0Azp+ACq6485qJLzHhWDiIrPoK/SvdbFVRK4s+nPPJLH3NGBbtdz6kPq7aFWYBMoGeAZdN1wsQpcNWUo5eOmaJY53nMc7+rDpAyYlMe/FKwSZdX2ZDd63Qsa6Im4FVUJq/nWLq7tlQ/mWks15uDTQyJy/OWfA0ICCO4N9Fel9rThJNpJWEzOCblvZyBoy405kZk=
+nsec3.ingotronic.ch.	300	IN	DNSKEY	256 3 7 AwEAAccAWxkTVGZ6UAp0VEozAlYpARhbh6Y6tYOl6Fg3UeBNFFtDQ9fTEEt1NkbnR9u8KkpVN6a67avlYiUN1egDqEwzDU7R1Rw+/USdhm2hqOARmmu3DBgjjX/iXjZLyv310cOGFJZ/smcodlDL4pDAAoPxh/qs6KEBaT0sc1KWcGq3
+nsec3.ingotronic.ch.	300	IN	RRSIG	DNSKEY 7 3 300 20150125001457 20141226000444 16758 nsec3.ingotronic.ch. mXi1ylDi8XkRPup+YlT8GPdYE+P7gb6+/VdAwtodI916IzrkGkOHOTLbnrbAqqJOh0HxVCYXdxovmEcbJKUFKwplrQg3XD7/9Sq4pKU1MhMFEGrm/QPkM4u0mgjQwyToDLGuPHuFyur3FSjO/n54uGhAEft9JOFk/WKtWdCnm2LLyQrpC6herA3efFaI8kZhdoEY02AwihWVJxHasmz7lOoKRgNrkfELU+fN4+V7ISsRfJMyZc6q5PuNeG6vFD0uNE8tpdLJCSMurKYVpelvYqzFIcRTYcIjXwmS+L3DGjupqWMzFZVmpQM62JG3KCCD0ffpnNb0nWoSoHwpSeh/3Q==
+nsec3.ingotronic.ch.	300	IN	RRSIG	DNSKEY 7 3 300 20150125001457 20141226000444 62417 nsec3.ingotronic.ch. PyCrf8T5dAfJzapb1p+kcTALPjDuD2niSaXXo0KeHAunT+6gJicLML2S/ZpiYr7X7Ma4Z0TYqE02qH6pcLYNnSgv9BE8sZO0nRtPekSyTy5nLi4hFADYhjb3UjaB85qmQZcqm64vC/CJhWO4t6Eixg/5MYALw+Qdy5Fo0qy/U5E=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 958 bytes
+
+###############################################
+
diff --git a/src/test/resources/recordings/org_xbill_DNS_dnssec_TestNoData/testFakedNoDataNsec3WithoutNsecs b/src/test/resources/recordings/org_xbill_DNS_dnssec_TestNoData/testFakedNoDataNsec3WithoutNsecs
new file mode 100644
index 000000000..41b280d98
--- /dev/null
+++ b/src/test/resources/recordings/org_xbill_DNS_dnssec_TestNoData/testFakedNoDataNsec3WithoutNsecs
@@ -0,0 +1,295 @@
+#Date: 2015-01-06T22:35:10+01:00
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 18486
+;; flags: qr aa rd ra cd ; qd: 1 an: 2 au: 2 ad: 3 
+;; QUESTIONS:
+;;	www.nsec3.ingotronic.ch., type = A, class = IN
+
+;; ANSWERS:
+www.nsec3.ingotronic.ch.	300	IN	A	127.0.0.1
+www.nsec3.ingotronic.ch.	300	IN	RRSIG	A 7 4 300 20150125011553 20141226004758 62417 nsec3.ingotronic.ch. jQhCY33aj9YTcCTHgl71PhM02o2LL6tdTy5M8TQw/Kt8D7wHxjVpu75eT9XEaM3abIqvygero5hCxyPW6IfF+FKmdx3MNigQiaB2sKu2XDNmFMbaucmVAWDRDMRY1BFavjz316JSb0rXX3XcS/ixbj9+jAm9lCXROcuzmOPB7vw=
+
+;; AUTHORITY RECORDS:
+nsec3.ingotronic.ch.	300	IN	NS	ns1.ingotronic.ch.
+nsec3.ingotronic.ch.	300	IN	RRSIG	NS 7 3 300 20150125010458 20141226002309 62417 nsec3.ingotronic.ch. fl2Q0YQQ1TduolGLyQx8vGqSApoBbb6A+go5SLFBYQobrPfO/rb+SM8JvnlzNX/Xa7dRhDYrnfBTFUm1mCur9aIi34gu5UwDNQvt/GXY5dC3+DEy/28bTZ43UuCs+qGH9u9leFwGX4neFNl0s5B4RpxBN4is8dXMUvOda6QcsOw=
+
+;; ADDITIONAL RECORDS:
+ns1.ingotronic.ch.	300	IN	A	62.192.5.131
+ns1.ingotronic.ch.	300	IN	RRSIG	A 5 3 300 20150125005754 20141226001054 17430 ingotronic.ch. fNG1RZM53pXwBxruHNaSZszxVzNLoCq8VZsTjAzYH2vSLzHXYVGJFTLIeY0K9APAdyJU8WuwmABmn7XY0Kg39kRG77uoFlqUws2PdTz2QKOwJGZY7W88Ak2Y9lkDBcK8o3wJHVptrT8R7p/1U7UfjF0kqPUkakk2B0EbFWdagFg=
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 633 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 23218
+;; flags: qr rd ra ad cd ; qd: 1 an: 4 au: 0 ad: 1 
+;; QUESTIONS:
+;;	., type = DNSKEY, class = IN
+
+;; ANSWERS:
+.			87363	IN	DNSKEY	256 3 8 AwEAAe3fSrbLBy3LOS7pnxEUhvPZTE2H5dIGsI/UfruI/nOEvWWa/PSX2BFedBkEqOlYdjdNF2f+6lmfk2Od/xu0v5bVqxFE+/24v3hZSlWBxvXzPTAGHrbW/IJYEPqlzVOAS4XdUgHg0N7IbLywNHMvB+Yf+Nm6ctyXXFLV4WTNnzs7
+.			87363	IN	DNSKEY	256 3 8 AwEAAaPD7Y7XIi1MOEREJNTrRhyqsY3gff6JWzg+XCbqut1sbcbvqyssHw8DT1AkRaAC92pO8xuyq5QEgEPL1IHfABLwpwXI5gTj4gdwi86bpkmlWs9fRpnn4DPDCTdrnxIejJXgClHikLJF3u3CdpNCMijq4CKdQbMlRZ3avv+G7rh7
+.			87363	IN	DNSKEY	257 3 8 AwEAAagAIKlVZrpC6Ia7gEzahOR+9W29euxhJhVVLOyQbSEW0O8gcCjFFVQUTf6v58fLjwBd0YI0EzrAcQqBGCzh/RStIoO8g0NfnfL2MTJRkxoXbfDaUeVPQuYEhg37NZWAJQ9VnMVDxP/VHL496M/QZxkjf5/Efucp2gaDX6RS6CXpoY68LsvPVjR0ZSwzz1apAzvN9dlzEheX7ICJBBtuA6G3LQpzW5hOA2hzCTMjJPJ8LbqF6dsV6DoBQzgul0sGIcGOYl7OyQdXfZ57relSQageu+ipAdTTJ25AsRTAoub8ONGcLmqrAmRLKBP1dfwhYB4N7knNnulqQxA+Uk1ihz0=
+.			87363	IN	RRSIG	DNSKEY 8 0 172800 20150115235959 20150101000000 19036 . i8cAxD2pvQi1oAyvQxRpDfFlbqPzW+69QQEsDwE1eWOm5AtawO9U7lmsGps7sy/fVNvl1ljKBj4Djp9pb3U2FLogjiIlW0cDAkPmLlG9t+b/pjEfBNlhjANUVN06pvQVAfm+LcF26EaWT6FlISBqb6jSy4BHRa3Bdc4Sx7+pRSYSqVVvYxLkfAWsKPqGkvWhebJDndJJV9syXQXgZ+v/uJ+6XOS43xkAdeL8iBzIs/FlwMTfh3tVe3d0lb65IBBLlCzeQuetX+0Vu1YFcnD0mHc/wS2ZnAV5toAFmyVQBoY/XAZiZeaOkcROJ6Zmqezy7liwK7BqsYyAZntMhk8lbg==
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 883 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 56313
+;; flags: qr rd ra ad cd ; qd: 1 an: 2 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ch., type = DS, class = IN
+
+;; ANSWERS:
+ch.			963	IN	DS	46375 8 2 8F96646FC68BB7E4AF4C0750A6096FBC0D4ECDA3D3FA6DA06FDDB42EE50C6CF3
+ch.			963	IN	RRSIG	DS 8 1 86400 20150112170000 20150105160000 16665 . thY7xYWBBxiBjqbQIb9fAG4TmQgnziwM7q6P1T3/ITxmECdvOCQnnZA3uD7qmN8uM0HudsD7+y+zgD3rsH4RSTKdL4kHSI0OnCxToMTvklghEgFDezqIRm8NkWdI2H4Stwrj20nYKSpLQxPI2EE54gs18P3KyO8bAUYv8Qx73xU=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 238 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 32662
+;; flags: qr rd ra ad cd ; qd: 1 an: 4 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ch., type = DNSKEY, class = IN
+
+;; ANSWERS:
+ch.			964	IN	DNSKEY	256 3 8 AwEAAcsg0kY6fw1wzYMhSAKTy+Y2JzAst66P/1odp9NECJJHbU8f4nwziI3onoFSBV0ZiSZhY1aH5dhdDZ7BkrqhVXSrZPAz0CvzjIxmB1gSOf9DeZvjQvoy97HqYolxsf+B3QQv2RKBT67elF5+JisKg3/dQISelKn8LhabSoVrMlD1
+ch.			964	IN	DNSKEY	256 3 8 AwEAAcSLdT0fEmcFmLpeUkAJoeVaHKiu+nbuc43fWlqaCRVf8t2HA4uWxOk0O5ci9nrFTc8nq8oa5fk5Cj7CHh4yrX9qUCfTdIWTyp8BDEdJpS+Dyb0u9wQuVj+nQMj4fLzdQf4TJs3/qxuiLr3nL1UUwlhhXeqSqGVb7p3mtB5HJ8ad
+ch.			964	IN	DNSKEY	257 3 8 AwEAAb7GhhZ8IAy/AhwmSms5DeQK5ad09wIIplEpYoiAIYXPtJvT1ReFzyfTp/2YP+g/PWDwHPh4qKAHa9x0VgbIQcGAeNakmfkAdWEmCnca323/SAml3mwfaX62G7/uYWae5zh8QTxZKNd+K1yZ5x0IxnI31chSl5xymRbTEHYZDKwSIRFM3fTxUMt93WFaBVWELReYotJBr++rvAWdnlay5TPBTvheLBkaiqtgM4GP8HK07Y+86lsZnEsj5K3G1KTV5SPpa82rqYAwxG9VKbmSE/6/kBR5jJHjt1rRt5Oe7v18aEtw0YCEN4vxq+KuvMoNVqXUsE9LBwHJD+QNwi6wmB0=
+ch.			964	IN	RRSIG	DNSKEY 8 1 86400 20150127100909 20141212090909 46375 ch. bT8q0FWyeMH0SulNo6UdIIgZYNATwYsee2bikq2Gh339Bufma8eaqWIPYT3XKmxYPBFOw0bVl+kLZxTwbR1CFoCDXoP+qgQhh4mf9qkNiv2CDSc+0FE3FRREn+DAhYTUEuB58FPiPakFB8s8O7T+k2qhDae7jy4/y7Jl1lnjaBY8s7bzOUPhF0KKCNZmvoKwtL23ZdVeTSV1xM3jkiNnpzBKbcoSWECSGJVp1SE0BnRXdwQP41YTXFZ0310YjaTAUCC5qbMIWdEkHjfdSQtKBImnc85mkapq9w++XQ4zhauPWBtrPV3CcoCahjUaWdjrKVkibomlJZaN8MEO23CfQw==
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 893 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 64353
+;; flags: qr rd ra cd ; qd: 1 an: 3 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ingotronic.ch., type = DS, class = IN
+
+;; ANSWERS:
+ingotronic.ch.		3572	IN	DS	6031 5 1 733D0218B571CD617B1A7493564B9FC4F12ADE82
+ingotronic.ch.		3572	IN	DS	6031 5 2 4A948F2FDADA24686E473EDAC00DCF972584C75E3FAA92C2021B6221449FF87E
+ingotronic.ch.		3572	IN	RRSIG	DS 8 2 3600 20150129033614 20150105123019 60789 ch. rVPJP2HhzW7OkroK2axFj5Lb4iVWCH8Fp/Iq1rF952NDo72b8RiKje2RaAKJAGQ+wd0YgE+PAej04GCmkhlDJA/zvPeeTxuhy3HbJzReMlQ7fjyH+wW1hli+FuIYvogXWf7nO/9VyPORt8X/f/pjrOr3Vlj9sGLN8TGYpEuVSw4=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 288 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 13626
+;; flags: qr aa rd ra cd ; qd: 1 an: 4 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ingotronic.ch., type = DNSKEY, class = IN
+
+;; ANSWERS:
+ingotronic.ch.		300	IN	DNSKEY	256 3 5 AwEAAZ2Xh77GFzpEDx7EHYxShqltHgkiG+BOjBGifEmnJhQSdE5/yNSLFNcdhZZ8HUPxYnaedTqJcFFg4AzUsQklF/fECegTJdZjaj2WoL0/I8K7HMfY/hVuRZUWPNglYi8agJRX6gdkFTCpUNI7stpgKqxtzUJhhw15uG/lKMplwqUr
+ingotronic.ch.		300	IN	DNSKEY	257 3 5 AwEAAeA1vzmjaB+eBAcvhzpKEgAEFpvQ1rg4uKDW6MsQtacKoqBpgyep2+LuWotz5p/xYxj3NGsArwN8Ad5cY0FHRr8miTT0elOv6nvlqGIfRuhj/BXAQ1x4ihpSFslHw0lJMYFwxsUZWpUyjWX/nv1xRZMMwF46gui0N4OEbyTYusCk77D+A71k+K0EAitFIbIH4GCUKmH1H7HmXhSVH9bN/n7KEGwW32lmsuuUcJoRKDkcUvbMXY/9Xoa2quERrUg/rBbDUHowRPjYDS5GzY1+f4YY8s40BufGiqyUTKKXL953MVFK8gmezXA0hbmrnZ7CBOw/7238mORAdzExaX8n7CE=
+ingotronic.ch.		300	IN	RRSIG	DNSKEY 5 2 300 20150125003700 20141226001657 6031 ingotronic.ch. rs1QlP2SlSpA2ELbzwg3DgWLzXWL3Lpv6CUJE2Q0qH2Zp7Qdy3cD+ZEtNh9v24Qv1M6JJ3zFt8mmZoCeW2ycuMbJCqBkW9CBuwF+VznZvZY2MxwPipvhvEEGP//0M8YAZJ66yQPDv3PTdAP8FYbIrJyvY44vwyncwbslpfHT9jAsrbfr3vuMuWps86dnP462q+0s1TxBfqi8mzo3gdavjHKWVNwohLahLKT+tWeu6DSzQv0YwMjwtkLgF7QRgx3ctIIkloOrnx9nHH1N6y+hxEB89fOlyVDjHhgL5uVtsD5fEdT0FJ2Gc/2nShEMMqIwr1/J9kUq1mNySff/uEe65Q==
+ingotronic.ch.		300	IN	RRSIG	DNSKEY 5 2 300 20150125003700 20141226001657 17430 ingotronic.ch. mEwZjhQqeWksWD0TCnNBrtce4YkWJL3edqL6PvAUu8Fn+Ih437kEs3+pqdkgRsdYQ9HW+lBm/8pWwJlNAv0bi9NykItXMwAUFtncgq+6Pnh3iAM972GXSa5VV4LcGQ5b8CBdHCHiEKDqyPv5Hr5QfYL/FQaWlcNRh4QZZlZNPFA=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 940 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 48927
+;; flags: qr aa rd ra cd ; qd: 1 an: 3 au: 0 ad: 1 
+;; QUESTIONS:
+;;	nsec3.ingotronic.ch., type = DS, class = IN
+
+;; ANSWERS:
+nsec3.ingotronic.ch.	300	IN	DS	16758 7 1 1720FF268E09A2CB63805EC8782D10AAD20E12A5
+nsec3.ingotronic.ch.	300	IN	DS	16758 7 2 3C8DC02750A1636F829B45D6E6D642866768A9CD40A013AD9D25AB63734FFA13
+nsec3.ingotronic.ch.	300	IN	RRSIG	DS 5 3 300 20150125011134 20141226002644 17430 ingotronic.ch. hNurzlGhlyHbSgezPDuhIrtN9ZMsMXZbKGc7HD5rUuM88wD3fM97NxdzF+2Hi1USvBZ5GsQv63L+lAzf+mFPBoPIFHtTiAv8up7kQKRKmi/EzzkCYd/CC4UYdDZbaUyv7esh7spSOGwjPJNdK831p+MgltoWaYtnSGVMgOKk5mc=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 305 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 49642
+;; flags: qr aa rd ra cd ; qd: 1 an: 4 au: 0 ad: 1 
+;; QUESTIONS:
+;;	nsec3.ingotronic.ch., type = DNSKEY, class = IN
+
+;; ANSWERS:
+nsec3.ingotronic.ch.	300	IN	DNSKEY	256 3 7 AwEAAccAWxkTVGZ6UAp0VEozAlYpARhbh6Y6tYOl6Fg3UeBNFFtDQ9fTEEt1NkbnR9u8KkpVN6a67avlYiUN1egDqEwzDU7R1Rw+/USdhm2hqOARmmu3DBgjjX/iXjZLyv310cOGFJZ/smcodlDL4pDAAoPxh/qs6KEBaT0sc1KWcGq3
+nsec3.ingotronic.ch.	300	IN	DNSKEY	257 3 7 AwEAAaBuJTf9oGyeTH3biUkAFLrsYrkodX1H7Snsui4XsDHFCBvs5XYacHbs0Jg0/O51KPjmNnjwMW8SSyDkKqYQ+9uYAf2EQ/pnD/VGQqnV2cw0Vwk/t0E2V4FUCju4pnAoyzZFZXGs1eWbX9JXu++b0Azp+ACq6485qJLzHhWDiIrPoK/SvdbFVRK4s+nPPJLH3NGBbtdz6kPq7aFWYBMoGeAZdN1wsQpcNWUo5eOmaJY53nMc7+rDpAyYlMe/FKwSZdX2ZDd63Qsa6Im4FVUJq/nWLq7tlQ/mWks15uDTQyJy/OWfA0ICCO4N9Fel9rThJNpJWEzOCblvZyBoy405kZk=
+nsec3.ingotronic.ch.	300	IN	RRSIG	DNSKEY 7 3 300 20150125001457 20141226000444 16758 nsec3.ingotronic.ch. mXi1ylDi8XkRPup+YlT8GPdYE+P7gb6+/VdAwtodI916IzrkGkOHOTLbnrbAqqJOh0HxVCYXdxovmEcbJKUFKwplrQg3XD7/9Sq4pKU1MhMFEGrm/QPkM4u0mgjQwyToDLGuPHuFyur3FSjO/n54uGhAEft9JOFk/WKtWdCnm2LLyQrpC6herA3efFaI8kZhdoEY02AwihWVJxHasmz7lOoKRgNrkfELU+fN4+V7ISsRfJMyZc6q5PuNeG6vFD0uNE8tpdLJCSMurKYVpelvYqzFIcRTYcIjXwmS+L3DGjupqWMzFZVmpQM62JG3KCCD0ffpnNb0nWoSoHwpSeh/3Q==
+nsec3.ingotronic.ch.	300	IN	RRSIG	DNSKEY 7 3 300 20150125001457 20141226000444 62417 nsec3.ingotronic.ch. PyCrf8T5dAfJzapb1p+kcTALPjDuD2niSaXXo0KeHAunT+6gJicLML2S/ZpiYr7X7Ma4Z0TYqE02qH6pcLYNnSgv9BE8sZO0nRtPekSyTy5nLi4hFADYhjb3UjaB85qmQZcqm64vC/CJhWO4t6Eixg/5MYALw+Qdy5Fo0qy/U5E=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 958 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 25015
+;; flags: qr rd ra ad cd ; qd: 1 an: 4 au: 0 ad: 1 
+;; QUESTIONS:
+;;	., type = DNSKEY, class = IN
+
+;; ANSWERS:
+.			87363	IN	DNSKEY	257 3 8 AwEAAagAIKlVZrpC6Ia7gEzahOR+9W29euxhJhVVLOyQbSEW0O8gcCjFFVQUTf6v58fLjwBd0YI0EzrAcQqBGCzh/RStIoO8g0NfnfL2MTJRkxoXbfDaUeVPQuYEhg37NZWAJQ9VnMVDxP/VHL496M/QZxkjf5/Efucp2gaDX6RS6CXpoY68LsvPVjR0ZSwzz1apAzvN9dlzEheX7ICJBBtuA6G3LQpzW5hOA2hzCTMjJPJ8LbqF6dsV6DoBQzgul0sGIcGOYl7OyQdXfZ57relSQageu+ipAdTTJ25AsRTAoub8ONGcLmqrAmRLKBP1dfwhYB4N7knNnulqQxA+Uk1ihz0=
+.			87363	IN	DNSKEY	256 3 8 AwEAAe3fSrbLBy3LOS7pnxEUhvPZTE2H5dIGsI/UfruI/nOEvWWa/PSX2BFedBkEqOlYdjdNF2f+6lmfk2Od/xu0v5bVqxFE+/24v3hZSlWBxvXzPTAGHrbW/IJYEPqlzVOAS4XdUgHg0N7IbLywNHMvB+Yf+Nm6ctyXXFLV4WTNnzs7
+.			87363	IN	DNSKEY	256 3 8 AwEAAaPD7Y7XIi1MOEREJNTrRhyqsY3gff6JWzg+XCbqut1sbcbvqyssHw8DT1AkRaAC92pO8xuyq5QEgEPL1IHfABLwpwXI5gTj4gdwi86bpkmlWs9fRpnn4DPDCTdrnxIejJXgClHikLJF3u3CdpNCMijq4CKdQbMlRZ3avv+G7rh7
+.			87363	IN	RRSIG	DNSKEY 8 0 172800 20150115235959 20150101000000 19036 . i8cAxD2pvQi1oAyvQxRpDfFlbqPzW+69QQEsDwE1eWOm5AtawO9U7lmsGps7sy/fVNvl1ljKBj4Djp9pb3U2FLogjiIlW0cDAkPmLlG9t+b/pjEfBNlhjANUVN06pvQVAfm+LcF26EaWT6FlISBqb6jSy4BHRa3Bdc4Sx7+pRSYSqVVvYxLkfAWsKPqGkvWhebJDndJJV9syXQXgZ+v/uJ+6XOS43xkAdeL8iBzIs/FlwMTfh3tVe3d0lb65IBBLlCzeQuetX+0Vu1YFcnD0mHc/wS2ZnAV5toAFmyVQBoY/XAZiZeaOkcROJ6Zmqezy7liwK7BqsYyAZntMhk8lbg==
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 883 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 34587
+;; flags: qr rd ra ad cd ; qd: 1 an: 2 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ch., type = DS, class = IN
+
+;; ANSWERS:
+ch.			963	IN	DS	46375 8 2 8F96646FC68BB7E4AF4C0750A6096FBC0D4ECDA3D3FA6DA06FDDB42EE50C6CF3
+ch.			963	IN	RRSIG	DS 8 1 86400 20150112170000 20150105160000 16665 . thY7xYWBBxiBjqbQIb9fAG4TmQgnziwM7q6P1T3/ITxmECdvOCQnnZA3uD7qmN8uM0HudsD7+y+zgD3rsH4RSTKdL4kHSI0OnCxToMTvklghEgFDezqIRm8NkWdI2H4Stwrj20nYKSpLQxPI2EE54gs18P3KyO8bAUYv8Qx73xU=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 238 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 19027
+;; flags: qr rd ra ad cd ; qd: 1 an: 4 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ch., type = DNSKEY, class = IN
+
+;; ANSWERS:
+ch.			964	IN	DNSKEY	256 3 8 AwEAAcSLdT0fEmcFmLpeUkAJoeVaHKiu+nbuc43fWlqaCRVf8t2HA4uWxOk0O5ci9nrFTc8nq8oa5fk5Cj7CHh4yrX9qUCfTdIWTyp8BDEdJpS+Dyb0u9wQuVj+nQMj4fLzdQf4TJs3/qxuiLr3nL1UUwlhhXeqSqGVb7p3mtB5HJ8ad
+ch.			964	IN	DNSKEY	257 3 8 AwEAAb7GhhZ8IAy/AhwmSms5DeQK5ad09wIIplEpYoiAIYXPtJvT1ReFzyfTp/2YP+g/PWDwHPh4qKAHa9x0VgbIQcGAeNakmfkAdWEmCnca323/SAml3mwfaX62G7/uYWae5zh8QTxZKNd+K1yZ5x0IxnI31chSl5xymRbTEHYZDKwSIRFM3fTxUMt93WFaBVWELReYotJBr++rvAWdnlay5TPBTvheLBkaiqtgM4GP8HK07Y+86lsZnEsj5K3G1KTV5SPpa82rqYAwxG9VKbmSE/6/kBR5jJHjt1rRt5Oe7v18aEtw0YCEN4vxq+KuvMoNVqXUsE9LBwHJD+QNwi6wmB0=
+ch.			964	IN	DNSKEY	256 3 8 AwEAAcsg0kY6fw1wzYMhSAKTy+Y2JzAst66P/1odp9NECJJHbU8f4nwziI3onoFSBV0ZiSZhY1aH5dhdDZ7BkrqhVXSrZPAz0CvzjIxmB1gSOf9DeZvjQvoy97HqYolxsf+B3QQv2RKBT67elF5+JisKg3/dQISelKn8LhabSoVrMlD1
+ch.			964	IN	RRSIG	DNSKEY 8 1 86400 20150127100909 20141212090909 46375 ch. bT8q0FWyeMH0SulNo6UdIIgZYNATwYsee2bikq2Gh339Bufma8eaqWIPYT3XKmxYPBFOw0bVl+kLZxTwbR1CFoCDXoP+qgQhh4mf9qkNiv2CDSc+0FE3FRREn+DAhYTUEuB58FPiPakFB8s8O7T+k2qhDae7jy4/y7Jl1lnjaBY8s7bzOUPhF0KKCNZmvoKwtL23ZdVeTSV1xM3jkiNnpzBKbcoSWECSGJVp1SE0BnRXdwQP41YTXFZ0310YjaTAUCC5qbMIWdEkHjfdSQtKBImnc85mkapq9w++XQ4zhauPWBtrPV3CcoCahjUaWdjrKVkibomlJZaN8MEO23CfQw==
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 893 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 6277
+;; flags: qr rd ra cd ; qd: 1 an: 3 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ingotronic.ch., type = DS, class = IN
+
+;; ANSWERS:
+ingotronic.ch.		3572	IN	DS	6031 5 2 4A948F2FDADA24686E473EDAC00DCF972584C75E3FAA92C2021B6221449FF87E
+ingotronic.ch.		3572	IN	DS	6031 5 1 733D0218B571CD617B1A7493564B9FC4F12ADE82
+ingotronic.ch.		3572	IN	RRSIG	DS 8 2 3600 20150129033614 20150105123019 60789 ch. rVPJP2HhzW7OkroK2axFj5Lb4iVWCH8Fp/Iq1rF952NDo72b8RiKje2RaAKJAGQ+wd0YgE+PAej04GCmkhlDJA/zvPeeTxuhy3HbJzReMlQ7fjyH+wW1hli+FuIYvogXWf7nO/9VyPORt8X/f/pjrOr3Vlj9sGLN8TGYpEuVSw4=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 288 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 26423
+;; flags: qr aa rd ra cd ; qd: 1 an: 4 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ingotronic.ch., type = DNSKEY, class = IN
+
+;; ANSWERS:
+ingotronic.ch.		300	IN	DNSKEY	257 3 5 AwEAAeA1vzmjaB+eBAcvhzpKEgAEFpvQ1rg4uKDW6MsQtacKoqBpgyep2+LuWotz5p/xYxj3NGsArwN8Ad5cY0FHRr8miTT0elOv6nvlqGIfRuhj/BXAQ1x4ihpSFslHw0lJMYFwxsUZWpUyjWX/nv1xRZMMwF46gui0N4OEbyTYusCk77D+A71k+K0EAitFIbIH4GCUKmH1H7HmXhSVH9bN/n7KEGwW32lmsuuUcJoRKDkcUvbMXY/9Xoa2quERrUg/rBbDUHowRPjYDS5GzY1+f4YY8s40BufGiqyUTKKXL953MVFK8gmezXA0hbmrnZ7CBOw/7238mORAdzExaX8n7CE=
+ingotronic.ch.		300	IN	DNSKEY	256 3 5 AwEAAZ2Xh77GFzpEDx7EHYxShqltHgkiG+BOjBGifEmnJhQSdE5/yNSLFNcdhZZ8HUPxYnaedTqJcFFg4AzUsQklF/fECegTJdZjaj2WoL0/I8K7HMfY/hVuRZUWPNglYi8agJRX6gdkFTCpUNI7stpgKqxtzUJhhw15uG/lKMplwqUr
+ingotronic.ch.		300	IN	RRSIG	DNSKEY 5 2 300 20150125003700 20141226001657 6031 ingotronic.ch. rs1QlP2SlSpA2ELbzwg3DgWLzXWL3Lpv6CUJE2Q0qH2Zp7Qdy3cD+ZEtNh9v24Qv1M6JJ3zFt8mmZoCeW2ycuMbJCqBkW9CBuwF+VznZvZY2MxwPipvhvEEGP//0M8YAZJ66yQPDv3PTdAP8FYbIrJyvY44vwyncwbslpfHT9jAsrbfr3vuMuWps86dnP462q+0s1TxBfqi8mzo3gdavjHKWVNwohLahLKT+tWeu6DSzQv0YwMjwtkLgF7QRgx3ctIIkloOrnx9nHH1N6y+hxEB89fOlyVDjHhgL5uVtsD5fEdT0FJ2Gc/2nShEMMqIwr1/J9kUq1mNySff/uEe65Q==
+ingotronic.ch.		300	IN	RRSIG	DNSKEY 5 2 300 20150125003700 20141226001657 17430 ingotronic.ch. mEwZjhQqeWksWD0TCnNBrtce4YkWJL3edqL6PvAUu8Fn+Ih437kEs3+pqdkgRsdYQ9HW+lBm/8pWwJlNAv0bi9NykItXMwAUFtncgq+6Pnh3iAM972GXSa5VV4LcGQ5b8CBdHCHiEKDqyPv5Hr5QfYL/FQaWlcNRh4QZZlZNPFA=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 940 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 58434
+;; flags: qr aa rd ra cd ; qd: 1 an: 3 au: 0 ad: 1 
+;; QUESTIONS:
+;;	nsec3.ingotronic.ch., type = DS, class = IN
+
+;; ANSWERS:
+nsec3.ingotronic.ch.	300	IN	DS	16758 7 1 1720FF268E09A2CB63805EC8782D10AAD20E12A5
+nsec3.ingotronic.ch.	300	IN	DS	16758 7 2 3C8DC02750A1636F829B45D6E6D642866768A9CD40A013AD9D25AB63734FFA13
+nsec3.ingotronic.ch.	300	IN	RRSIG	DS 5 3 300 20150125011134 20141226002644 17430 ingotronic.ch. hNurzlGhlyHbSgezPDuhIrtN9ZMsMXZbKGc7HD5rUuM88wD3fM97NxdzF+2Hi1USvBZ5GsQv63L+lAzf+mFPBoPIFHtTiAv8up7kQKRKmi/EzzkCYd/CC4UYdDZbaUyv7esh7spSOGwjPJNdK831p+MgltoWaYtnSGVMgOKk5mc=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 305 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 7700
+;; flags: qr aa rd ra cd ; qd: 1 an: 4 au: 0 ad: 1 
+;; QUESTIONS:
+;;	nsec3.ingotronic.ch., type = DNSKEY, class = IN
+
+;; ANSWERS:
+nsec3.ingotronic.ch.	300	IN	DNSKEY	257 3 7 AwEAAaBuJTf9oGyeTH3biUkAFLrsYrkodX1H7Snsui4XsDHFCBvs5XYacHbs0Jg0/O51KPjmNnjwMW8SSyDkKqYQ+9uYAf2EQ/pnD/VGQqnV2cw0Vwk/t0E2V4FUCju4pnAoyzZFZXGs1eWbX9JXu++b0Azp+ACq6485qJLzHhWDiIrPoK/SvdbFVRK4s+nPPJLH3NGBbtdz6kPq7aFWYBMoGeAZdN1wsQpcNWUo5eOmaJY53nMc7+rDpAyYlMe/FKwSZdX2ZDd63Qsa6Im4FVUJq/nWLq7tlQ/mWks15uDTQyJy/OWfA0ICCO4N9Fel9rThJNpJWEzOCblvZyBoy405kZk=
+nsec3.ingotronic.ch.	300	IN	DNSKEY	256 3 7 AwEAAccAWxkTVGZ6UAp0VEozAlYpARhbh6Y6tYOl6Fg3UeBNFFtDQ9fTEEt1NkbnR9u8KkpVN6a67avlYiUN1egDqEwzDU7R1Rw+/USdhm2hqOARmmu3DBgjjX/iXjZLyv310cOGFJZ/smcodlDL4pDAAoPxh/qs6KEBaT0sc1KWcGq3
+nsec3.ingotronic.ch.	300	IN	RRSIG	DNSKEY 7 3 300 20150125001457 20141226000444 16758 nsec3.ingotronic.ch. mXi1ylDi8XkRPup+YlT8GPdYE+P7gb6+/VdAwtodI916IzrkGkOHOTLbnrbAqqJOh0HxVCYXdxovmEcbJKUFKwplrQg3XD7/9Sq4pKU1MhMFEGrm/QPkM4u0mgjQwyToDLGuPHuFyur3FSjO/n54uGhAEft9JOFk/WKtWdCnm2LLyQrpC6herA3efFaI8kZhdoEY02AwihWVJxHasmz7lOoKRgNrkfELU+fN4+V7ISsRfJMyZc6q5PuNeG6vFD0uNE8tpdLJCSMurKYVpelvYqzFIcRTYcIjXwmS+L3DGjupqWMzFZVmpQM62JG3KCCD0ffpnNb0nWoSoHwpSeh/3Q==
+nsec3.ingotronic.ch.	300	IN	RRSIG	DNSKEY 7 3 300 20150125001457 20141226000444 62417 nsec3.ingotronic.ch. PyCrf8T5dAfJzapb1p+kcTALPjDuD2niSaXXo0KeHAunT+6gJicLML2S/ZpiYr7X7Ma4Z0TYqE02qH6pcLYNnSgv9BE8sZO0nRtPekSyTy5nLi4hFADYhjb3UjaB85qmQZcqm64vC/CJhWO4t6Eixg/5MYALw+Qdy5Fo0qy/U5E=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 958 bytes
+
+###############################################
+
diff --git a/src/test/resources/recordings/org_xbill_DNS_dnssec_TestNonExistence/testDoubleLabelABelowSignedBeforeZoneNsec3 b/src/test/resources/recordings/org_xbill_DNS_dnssec_TestNonExistence/testDoubleLabelABelowSignedBeforeZoneNsec3
new file mode 100644
index 000000000..8540859e9
--- /dev/null
+++ b/src/test/resources/recordings/org_xbill_DNS_dnssec_TestNonExistence/testDoubleLabelABelowSignedBeforeZoneNsec3
@@ -0,0 +1,161 @@
+#Date: 2015-01-06T22:34:45+01:00
+;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 7362
+;; flags: qr aa rd ra cd ; qd: 1 an: 0 au: 8 ad: 1 
+;; QUESTIONS:
+;;	alias.1gibtsnicht.nsec3.ingotronic.ch., type = A, class = IN
+
+;; ANSWERS:
+
+;; AUTHORITY RECORDS:
+nsec3.ingotronic.ch.	300	IN	SOA	ns1.ingotronic.ch. admin.ingotronic.ch. 2013032932 300 60 864000 300
+nsec3.ingotronic.ch.	300	IN	RRSIG	SOA 7 3 300 20150201003516 20150101233516 62417 nsec3.ingotronic.ch. RMXaAZCkydysBpA4+LWD2frs4CZH2FBxafAolq7MOG62Sw3ellwNcSIh2naMasviin2DU2BAzIYyFUqKJDbUqzTxZQjsM6d5LtgFy5iTNmWum6FnFP5Fz73Zs/9Q0LNEstR82MRRL8EDElADhFySAReavyT/vlSTScQGxx6slyQ=
+NTV3QJT4VQDVBPB6BNOVM40NMKJ3H29P.nsec3.ingotronic.ch.	300	IN	NSEC3	1 0 10 1234 O275F9OLQ9HNCER7U4SMD4V8AG7IPML9 A NS SOA RRSIG DNSKEY NSEC3PARAM
+NTV3QJT4VQDVBPB6BNOVM40NMKJ3H29P.nsec3.ingotronic.ch.	300	IN	RRSIG	NSEC3 7 4 300 20150131235629 20150101233516 62417 nsec3.ingotronic.ch. xccCvQs/b3ndBUo6J2FbaCzDMg+LB1e4OWeI29VTBWcmfbuD3rZvneRdbA9B5AluJH1ar10xxdrt/+RSuhSWC70LswkdPDg4vshmCZMDeMCOJYFEkGR0UgcZUMynU6EewEDLVLgYtBkJmspeuZNMBMPk/ZUOolCElrkHfbUA1Cc=
+UDUMPS9J6F8348HFHH2FAED6I9DDE0U6.nsec3.ingotronic.ch.	300	IN	NSEC3	1 0 10 1234 0UPHA6GQV03I7D8EJUDKC30I0C6I1G1Q
+UDUMPS9J6F8348HFHH2FAED6I9DDE0U6.nsec3.ingotronic.ch.	300	IN	RRSIG	NSEC3 7 4 300 20150125005926 20141226002759 62417 nsec3.ingotronic.ch. XV2q9ufbwzauD/tmjb2EKsNBF+kHQYL0/MNb6ivY1oH9Q2hzQNPUuHkUl1db2erDFodPvspmDk6p6WOXoV6wmmaYhN+JI1TQKYYThsnKC1bkt1h6QyjwsDc12d8HVHOopvoXpaYWoV4bbghsAylGVqRjEYyt8JtR3BPfphehloU=
+L40SJG7ANKROIHCT5RA6C8CTKJ91CD3N.nsec3.ingotronic.ch.	300	IN	NSEC3	1 0 10 1234 ND3HQPFBN314KVB64L6T40JF75US8HKT
+L40SJG7ANKROIHCT5RA6C8CTKJ91CD3N.nsec3.ingotronic.ch.	300	IN	RRSIG	NSEC3 7 4 300 20150125005926 20141226002759 62417 nsec3.ingotronic.ch. v6NHEWwb2KxRGRPshC2KFoxJs4Mis3OmvncJmn5bIWBnzeTY4x75tsE4zlVPx9rp0rjmOAQsYn4KGtIFPUShDHNHy45qoOtKkvRzRgByx4K2l5Rq9OizQVYsEUUScXEYATilaDU9whifF0vPk7YPwFGRmiY3prCGAvY/jH4hQUM=
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 1056 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 56361
+;; flags: qr rd ra ad cd ; qd: 1 an: 4 au: 0 ad: 1 
+;; QUESTIONS:
+;;	., type = DNSKEY, class = IN
+
+;; ANSWERS:
+.			87388	IN	DNSKEY	256 3 8 AwEAAe3fSrbLBy3LOS7pnxEUhvPZTE2H5dIGsI/UfruI/nOEvWWa/PSX2BFedBkEqOlYdjdNF2f+6lmfk2Od/xu0v5bVqxFE+/24v3hZSlWBxvXzPTAGHrbW/IJYEPqlzVOAS4XdUgHg0N7IbLywNHMvB+Yf+Nm6ctyXXFLV4WTNnzs7
+.			87388	IN	DNSKEY	256 3 8 AwEAAaPD7Y7XIi1MOEREJNTrRhyqsY3gff6JWzg+XCbqut1sbcbvqyssHw8DT1AkRaAC92pO8xuyq5QEgEPL1IHfABLwpwXI5gTj4gdwi86bpkmlWs9fRpnn4DPDCTdrnxIejJXgClHikLJF3u3CdpNCMijq4CKdQbMlRZ3avv+G7rh7
+.			87388	IN	DNSKEY	257 3 8 AwEAAagAIKlVZrpC6Ia7gEzahOR+9W29euxhJhVVLOyQbSEW0O8gcCjFFVQUTf6v58fLjwBd0YI0EzrAcQqBGCzh/RStIoO8g0NfnfL2MTJRkxoXbfDaUeVPQuYEhg37NZWAJQ9VnMVDxP/VHL496M/QZxkjf5/Efucp2gaDX6RS6CXpoY68LsvPVjR0ZSwzz1apAzvN9dlzEheX7ICJBBtuA6G3LQpzW5hOA2hzCTMjJPJ8LbqF6dsV6DoBQzgul0sGIcGOYl7OyQdXfZ57relSQageu+ipAdTTJ25AsRTAoub8ONGcLmqrAmRLKBP1dfwhYB4N7knNnulqQxA+Uk1ihz0=
+.			87388	IN	RRSIG	DNSKEY 8 0 172800 20150115235959 20150101000000 19036 . i8cAxD2pvQi1oAyvQxRpDfFlbqPzW+69QQEsDwE1eWOm5AtawO9U7lmsGps7sy/fVNvl1ljKBj4Djp9pb3U2FLogjiIlW0cDAkPmLlG9t+b/pjEfBNlhjANUVN06pvQVAfm+LcF26EaWT6FlISBqb6jSy4BHRa3Bdc4Sx7+pRSYSqVVvYxLkfAWsKPqGkvWhebJDndJJV9syXQXgZ+v/uJ+6XOS43xkAdeL8iBzIs/FlwMTfh3tVe3d0lb65IBBLlCzeQuetX+0Vu1YFcnD0mHc/wS2ZnAV5toAFmyVQBoY/XAZiZeaOkcROJ6Zmqezy7liwK7BqsYyAZntMhk8lbg==
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 883 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 10038
+;; flags: qr rd ra ad cd ; qd: 1 an: 2 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ch., type = DS, class = IN
+
+;; ANSWERS:
+ch.			988	IN	DS	46375 8 2 8F96646FC68BB7E4AF4C0750A6096FBC0D4ECDA3D3FA6DA06FDDB42EE50C6CF3
+ch.			988	IN	RRSIG	DS 8 1 86400 20150112170000 20150105160000 16665 . thY7xYWBBxiBjqbQIb9fAG4TmQgnziwM7q6P1T3/ITxmECdvOCQnnZA3uD7qmN8uM0HudsD7+y+zgD3rsH4RSTKdL4kHSI0OnCxToMTvklghEgFDezqIRm8NkWdI2H4Stwrj20nYKSpLQxPI2EE54gs18P3KyO8bAUYv8Qx73xU=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 238 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 8248
+;; flags: qr rd ra ad cd ; qd: 1 an: 4 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ch., type = DNSKEY, class = IN
+
+;; ANSWERS:
+ch.			989	IN	DNSKEY	257 3 8 AwEAAb7GhhZ8IAy/AhwmSms5DeQK5ad09wIIplEpYoiAIYXPtJvT1ReFzyfTp/2YP+g/PWDwHPh4qKAHa9x0VgbIQcGAeNakmfkAdWEmCnca323/SAml3mwfaX62G7/uYWae5zh8QTxZKNd+K1yZ5x0IxnI31chSl5xymRbTEHYZDKwSIRFM3fTxUMt93WFaBVWELReYotJBr++rvAWdnlay5TPBTvheLBkaiqtgM4GP8HK07Y+86lsZnEsj5K3G1KTV5SPpa82rqYAwxG9VKbmSE/6/kBR5jJHjt1rRt5Oe7v18aEtw0YCEN4vxq+KuvMoNVqXUsE9LBwHJD+QNwi6wmB0=
+ch.			989	IN	DNSKEY	256 3 8 AwEAAcSLdT0fEmcFmLpeUkAJoeVaHKiu+nbuc43fWlqaCRVf8t2HA4uWxOk0O5ci9nrFTc8nq8oa5fk5Cj7CHh4yrX9qUCfTdIWTyp8BDEdJpS+Dyb0u9wQuVj+nQMj4fLzdQf4TJs3/qxuiLr3nL1UUwlhhXeqSqGVb7p3mtB5HJ8ad
+ch.			989	IN	DNSKEY	256 3 8 AwEAAcsg0kY6fw1wzYMhSAKTy+Y2JzAst66P/1odp9NECJJHbU8f4nwziI3onoFSBV0ZiSZhY1aH5dhdDZ7BkrqhVXSrZPAz0CvzjIxmB1gSOf9DeZvjQvoy97HqYolxsf+B3QQv2RKBT67elF5+JisKg3/dQISelKn8LhabSoVrMlD1
+ch.			989	IN	RRSIG	DNSKEY 8 1 86400 20150127100909 20141212090909 46375 ch. bT8q0FWyeMH0SulNo6UdIIgZYNATwYsee2bikq2Gh339Bufma8eaqWIPYT3XKmxYPBFOw0bVl+kLZxTwbR1CFoCDXoP+qgQhh4mf9qkNiv2CDSc+0FE3FRREn+DAhYTUEuB58FPiPakFB8s8O7T+k2qhDae7jy4/y7Jl1lnjaBY8s7bzOUPhF0KKCNZmvoKwtL23ZdVeTSV1xM3jkiNnpzBKbcoSWECSGJVp1SE0BnRXdwQP41YTXFZ0310YjaTAUCC5qbMIWdEkHjfdSQtKBImnc85mkapq9w++XQ4zhauPWBtrPV3CcoCahjUaWdjrKVkibomlJZaN8MEO23CfQw==
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 893 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 60008
+;; flags: qr rd ra cd ; qd: 1 an: 3 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ingotronic.ch., type = DS, class = IN
+
+;; ANSWERS:
+ingotronic.ch.		3597	IN	DS	6031 5 2 4A948F2FDADA24686E473EDAC00DCF972584C75E3FAA92C2021B6221449FF87E
+ingotronic.ch.		3597	IN	DS	6031 5 1 733D0218B571CD617B1A7493564B9FC4F12ADE82
+ingotronic.ch.		3597	IN	RRSIG	DS 8 2 3600 20150129033614 20150105123019 60789 ch. rVPJP2HhzW7OkroK2axFj5Lb4iVWCH8Fp/Iq1rF952NDo72b8RiKje2RaAKJAGQ+wd0YgE+PAej04GCmkhlDJA/zvPeeTxuhy3HbJzReMlQ7fjyH+wW1hli+FuIYvogXWf7nO/9VyPORt8X/f/pjrOr3Vlj9sGLN8TGYpEuVSw4=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 288 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 36858
+;; flags: qr aa rd ra cd ; qd: 1 an: 4 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ingotronic.ch., type = DNSKEY, class = IN
+
+;; ANSWERS:
+ingotronic.ch.		300	IN	DNSKEY	257 3 5 AwEAAeA1vzmjaB+eBAcvhzpKEgAEFpvQ1rg4uKDW6MsQtacKoqBpgyep2+LuWotz5p/xYxj3NGsArwN8Ad5cY0FHRr8miTT0elOv6nvlqGIfRuhj/BXAQ1x4ihpSFslHw0lJMYFwxsUZWpUyjWX/nv1xRZMMwF46gui0N4OEbyTYusCk77D+A71k+K0EAitFIbIH4GCUKmH1H7HmXhSVH9bN/n7KEGwW32lmsuuUcJoRKDkcUvbMXY/9Xoa2quERrUg/rBbDUHowRPjYDS5GzY1+f4YY8s40BufGiqyUTKKXL953MVFK8gmezXA0hbmrnZ7CBOw/7238mORAdzExaX8n7CE=
+ingotronic.ch.		300	IN	DNSKEY	256 3 5 AwEAAZ2Xh77GFzpEDx7EHYxShqltHgkiG+BOjBGifEmnJhQSdE5/yNSLFNcdhZZ8HUPxYnaedTqJcFFg4AzUsQklF/fECegTJdZjaj2WoL0/I8K7HMfY/hVuRZUWPNglYi8agJRX6gdkFTCpUNI7stpgKqxtzUJhhw15uG/lKMplwqUr
+ingotronic.ch.		300	IN	RRSIG	DNSKEY 5 2 300 20150125003700 20141226001657 6031 ingotronic.ch. rs1QlP2SlSpA2ELbzwg3DgWLzXWL3Lpv6CUJE2Q0qH2Zp7Qdy3cD+ZEtNh9v24Qv1M6JJ3zFt8mmZoCeW2ycuMbJCqBkW9CBuwF+VznZvZY2MxwPipvhvEEGP//0M8YAZJ66yQPDv3PTdAP8FYbIrJyvY44vwyncwbslpfHT9jAsrbfr3vuMuWps86dnP462q+0s1TxBfqi8mzo3gdavjHKWVNwohLahLKT+tWeu6DSzQv0YwMjwtkLgF7QRgx3ctIIkloOrnx9nHH1N6y+hxEB89fOlyVDjHhgL5uVtsD5fEdT0FJ2Gc/2nShEMMqIwr1/J9kUq1mNySff/uEe65Q==
+ingotronic.ch.		300	IN	RRSIG	DNSKEY 5 2 300 20150125003700 20141226001657 17430 ingotronic.ch. mEwZjhQqeWksWD0TCnNBrtce4YkWJL3edqL6PvAUu8Fn+Ih437kEs3+pqdkgRsdYQ9HW+lBm/8pWwJlNAv0bi9NykItXMwAUFtncgq+6Pnh3iAM972GXSa5VV4LcGQ5b8CBdHCHiEKDqyPv5Hr5QfYL/FQaWlcNRh4QZZlZNPFA=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 940 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 8889
+;; flags: qr aa rd ra cd ; qd: 1 an: 3 au: 0 ad: 1 
+;; QUESTIONS:
+;;	nsec3.ingotronic.ch., type = DS, class = IN
+
+;; ANSWERS:
+nsec3.ingotronic.ch.	300	IN	DS	16758 7 1 1720FF268E09A2CB63805EC8782D10AAD20E12A5
+nsec3.ingotronic.ch.	300	IN	DS	16758 7 2 3C8DC02750A1636F829B45D6E6D642866768A9CD40A013AD9D25AB63734FFA13
+nsec3.ingotronic.ch.	300	IN	RRSIG	DS 5 3 300 20150125011134 20141226002644 17430 ingotronic.ch. hNurzlGhlyHbSgezPDuhIrtN9ZMsMXZbKGc7HD5rUuM88wD3fM97NxdzF+2Hi1USvBZ5GsQv63L+lAzf+mFPBoPIFHtTiAv8up7kQKRKmi/EzzkCYd/CC4UYdDZbaUyv7esh7spSOGwjPJNdK831p+MgltoWaYtnSGVMgOKk5mc=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 305 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 12982
+;; flags: qr aa rd ra cd ; qd: 1 an: 4 au: 0 ad: 1 
+;; QUESTIONS:
+;;	nsec3.ingotronic.ch., type = DNSKEY, class = IN
+
+;; ANSWERS:
+nsec3.ingotronic.ch.	300	IN	DNSKEY	257 3 7 AwEAAaBuJTf9oGyeTH3biUkAFLrsYrkodX1H7Snsui4XsDHFCBvs5XYacHbs0Jg0/O51KPjmNnjwMW8SSyDkKqYQ+9uYAf2EQ/pnD/VGQqnV2cw0Vwk/t0E2V4FUCju4pnAoyzZFZXGs1eWbX9JXu++b0Azp+ACq6485qJLzHhWDiIrPoK/SvdbFVRK4s+nPPJLH3NGBbtdz6kPq7aFWYBMoGeAZdN1wsQpcNWUo5eOmaJY53nMc7+rDpAyYlMe/FKwSZdX2ZDd63Qsa6Im4FVUJq/nWLq7tlQ/mWks15uDTQyJy/OWfA0ICCO4N9Fel9rThJNpJWEzOCblvZyBoy405kZk=
+nsec3.ingotronic.ch.	300	IN	DNSKEY	256 3 7 AwEAAccAWxkTVGZ6UAp0VEozAlYpARhbh6Y6tYOl6Fg3UeBNFFtDQ9fTEEt1NkbnR9u8KkpVN6a67avlYiUN1egDqEwzDU7R1Rw+/USdhm2hqOARmmu3DBgjjX/iXjZLyv310cOGFJZ/smcodlDL4pDAAoPxh/qs6KEBaT0sc1KWcGq3
+nsec3.ingotronic.ch.	300	IN	RRSIG	DNSKEY 7 3 300 20150125001457 20141226000444 16758 nsec3.ingotronic.ch. mXi1ylDi8XkRPup+YlT8GPdYE+P7gb6+/VdAwtodI916IzrkGkOHOTLbnrbAqqJOh0HxVCYXdxovmEcbJKUFKwplrQg3XD7/9Sq4pKU1MhMFEGrm/QPkM4u0mgjQwyToDLGuPHuFyur3FSjO/n54uGhAEft9JOFk/WKtWdCnm2LLyQrpC6herA3efFaI8kZhdoEY02AwihWVJxHasmz7lOoKRgNrkfELU+fN4+V7ISsRfJMyZc6q5PuNeG6vFD0uNE8tpdLJCSMurKYVpelvYqzFIcRTYcIjXwmS+L3DGjupqWMzFZVmpQM62JG3KCCD0ffpnNb0nWoSoHwpSeh/3Q==
+nsec3.ingotronic.ch.	300	IN	RRSIG	DNSKEY 7 3 300 20150125001457 20141226000444 62417 nsec3.ingotronic.ch. PyCrf8T5dAfJzapb1p+kcTALPjDuD2niSaXXo0KeHAunT+6gJicLML2S/ZpiYr7X7Ma4Z0TYqE02qH6pcLYNnSgv9BE8sZO0nRtPekSyTy5nLi4hFADYhjb3UjaB85qmQZcqm64vC/CJhWO4t6Eixg/5MYALw+Qdy5Fo0qy/U5E=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 958 bytes
+
+###############################################
+
diff --git a/src/test/resources/recordings/org_xbill_DNS_dnssec_TestNonExistence/testDoubleLabelABelowSignedNsec3MissingNsec3 b/src/test/resources/recordings/org_xbill_DNS_dnssec_TestNonExistence/testDoubleLabelABelowSignedNsec3MissingNsec3
new file mode 100644
index 000000000..ad3fab6e0
--- /dev/null
+++ b/src/test/resources/recordings/org_xbill_DNS_dnssec_TestNonExistence/testDoubleLabelABelowSignedNsec3MissingNsec3
@@ -0,0 +1,297 @@
+#Date: 2015-01-06T22:34:46+01:00
+;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 56602
+;; flags: qr aa rd ra cd ; qd: 1 an: 0 au: 8 ad: 1 
+;; QUESTIONS:
+;;	gibtsnicht.gibtsnicht.nsec3.ingotronic.ch., type = A, class = IN
+
+;; ANSWERS:
+
+;; AUTHORITY RECORDS:
+nsec3.ingotronic.ch.	300	IN	SOA	ns1.ingotronic.ch. admin.ingotronic.ch. 2013032932 300 60 864000 300
+nsec3.ingotronic.ch.	300	IN	RRSIG	SOA 7 3 300 20150201003516 20150101233516 62417 nsec3.ingotronic.ch. RMXaAZCkydysBpA4+LWD2frs4CZH2FBxafAolq7MOG62Sw3ellwNcSIh2naMasviin2DU2BAzIYyFUqKJDbUqzTxZQjsM6d5LtgFy5iTNmWum6FnFP5Fz73Zs/9Q0LNEstR82MRRL8EDElADhFySAReavyT/vlSTScQGxx6slyQ=
+NTV3QJT4VQDVBPB6BNOVM40NMKJ3H29P.nsec3.ingotronic.ch.	300	IN	NSEC3	1 0 10 1234 O275F9OLQ9HNCER7U4SMD4V8AG7IPML9 A NS SOA RRSIG DNSKEY NSEC3PARAM
+NTV3QJT4VQDVBPB6BNOVM40NMKJ3H29P.nsec3.ingotronic.ch.	300	IN	RRSIG	NSEC3 7 4 300 20150131235629 20150101233516 62417 nsec3.ingotronic.ch. xccCvQs/b3ndBUo6J2FbaCzDMg+LB1e4OWeI29VTBWcmfbuD3rZvneRdbA9B5AluJH1ar10xxdrt/+RSuhSWC70LswkdPDg4vshmCZMDeMCOJYFEkGR0UgcZUMynU6EewEDLVLgYtBkJmspeuZNMBMPk/ZUOolCElrkHfbUA1Cc=
+UDUMPS9J6F8348HFHH2FAED6I9DDE0U6.nsec3.ingotronic.ch.	300	IN	NSEC3	1 0 10 1234 0UPHA6GQV03I7D8EJUDKC30I0C6I1G1Q
+UDUMPS9J6F8348HFHH2FAED6I9DDE0U6.nsec3.ingotronic.ch.	300	IN	RRSIG	NSEC3 7 4 300 20150125005926 20141226002759 62417 nsec3.ingotronic.ch. XV2q9ufbwzauD/tmjb2EKsNBF+kHQYL0/MNb6ivY1oH9Q2hzQNPUuHkUl1db2erDFodPvspmDk6p6WOXoV6wmmaYhN+JI1TQKYYThsnKC1bkt1h6QyjwsDc12d8HVHOopvoXpaYWoV4bbghsAylGVqRjEYyt8JtR3BPfphehloU=
+L40SJG7ANKROIHCT5RA6C8CTKJ91CD3N.nsec3.ingotronic.ch.	300	IN	NSEC3	1 0 10 1234 ND3HQPFBN314KVB64L6T40JF75US8HKT
+L40SJG7ANKROIHCT5RA6C8CTKJ91CD3N.nsec3.ingotronic.ch.	300	IN	RRSIG	NSEC3 7 4 300 20150125005926 20141226002759 62417 nsec3.ingotronic.ch. v6NHEWwb2KxRGRPshC2KFoxJs4Mis3OmvncJmn5bIWBnzeTY4x75tsE4zlVPx9rp0rjmOAQsYn4KGtIFPUShDHNHy45qoOtKkvRzRgByx4K2l5Rq9OizQVYsEUUScXEYATilaDU9whifF0vPk7YPwFGRmiY3prCGAvY/jH4hQUM=
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 1060 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 27538
+;; flags: qr rd ra ad cd ; qd: 1 an: 4 au: 0 ad: 1 
+;; QUESTIONS:
+;;	., type = DNSKEY, class = IN
+
+;; ANSWERS:
+.			87387	IN	DNSKEY	256 3 8 AwEAAaPD7Y7XIi1MOEREJNTrRhyqsY3gff6JWzg+XCbqut1sbcbvqyssHw8DT1AkRaAC92pO8xuyq5QEgEPL1IHfABLwpwXI5gTj4gdwi86bpkmlWs9fRpnn4DPDCTdrnxIejJXgClHikLJF3u3CdpNCMijq4CKdQbMlRZ3avv+G7rh7
+.			87387	IN	DNSKEY	256 3 8 AwEAAe3fSrbLBy3LOS7pnxEUhvPZTE2H5dIGsI/UfruI/nOEvWWa/PSX2BFedBkEqOlYdjdNF2f+6lmfk2Od/xu0v5bVqxFE+/24v3hZSlWBxvXzPTAGHrbW/IJYEPqlzVOAS4XdUgHg0N7IbLywNHMvB+Yf+Nm6ctyXXFLV4WTNnzs7
+.			87387	IN	DNSKEY	257 3 8 AwEAAagAIKlVZrpC6Ia7gEzahOR+9W29euxhJhVVLOyQbSEW0O8gcCjFFVQUTf6v58fLjwBd0YI0EzrAcQqBGCzh/RStIoO8g0NfnfL2MTJRkxoXbfDaUeVPQuYEhg37NZWAJQ9VnMVDxP/VHL496M/QZxkjf5/Efucp2gaDX6RS6CXpoY68LsvPVjR0ZSwzz1apAzvN9dlzEheX7ICJBBtuA6G3LQpzW5hOA2hzCTMjJPJ8LbqF6dsV6DoBQzgul0sGIcGOYl7OyQdXfZ57relSQageu+ipAdTTJ25AsRTAoub8ONGcLmqrAmRLKBP1dfwhYB4N7knNnulqQxA+Uk1ihz0=
+.			87387	IN	RRSIG	DNSKEY 8 0 172800 20150115235959 20150101000000 19036 . i8cAxD2pvQi1oAyvQxRpDfFlbqPzW+69QQEsDwE1eWOm5AtawO9U7lmsGps7sy/fVNvl1ljKBj4Djp9pb3U2FLogjiIlW0cDAkPmLlG9t+b/pjEfBNlhjANUVN06pvQVAfm+LcF26EaWT6FlISBqb6jSy4BHRa3Bdc4Sx7+pRSYSqVVvYxLkfAWsKPqGkvWhebJDndJJV9syXQXgZ+v/uJ+6XOS43xkAdeL8iBzIs/FlwMTfh3tVe3d0lb65IBBLlCzeQuetX+0Vu1YFcnD0mHc/wS2ZnAV5toAFmyVQBoY/XAZiZeaOkcROJ6Zmqezy7liwK7BqsYyAZntMhk8lbg==
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 883 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 17381
+;; flags: qr rd ra ad cd ; qd: 1 an: 2 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ch., type = DS, class = IN
+
+;; ANSWERS:
+ch.			987	IN	DS	46375 8 2 8F96646FC68BB7E4AF4C0750A6096FBC0D4ECDA3D3FA6DA06FDDB42EE50C6CF3
+ch.			987	IN	RRSIG	DS 8 1 86400 20150112170000 20150105160000 16665 . thY7xYWBBxiBjqbQIb9fAG4TmQgnziwM7q6P1T3/ITxmECdvOCQnnZA3uD7qmN8uM0HudsD7+y+zgD3rsH4RSTKdL4kHSI0OnCxToMTvklghEgFDezqIRm8NkWdI2H4Stwrj20nYKSpLQxPI2EE54gs18P3KyO8bAUYv8Qx73xU=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 238 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 42716
+;; flags: qr rd ra ad cd ; qd: 1 an: 4 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ch., type = DNSKEY, class = IN
+
+;; ANSWERS:
+ch.			988	IN	DNSKEY	256 3 8 AwEAAcSLdT0fEmcFmLpeUkAJoeVaHKiu+nbuc43fWlqaCRVf8t2HA4uWxOk0O5ci9nrFTc8nq8oa5fk5Cj7CHh4yrX9qUCfTdIWTyp8BDEdJpS+Dyb0u9wQuVj+nQMj4fLzdQf4TJs3/qxuiLr3nL1UUwlhhXeqSqGVb7p3mtB5HJ8ad
+ch.			988	IN	DNSKEY	256 3 8 AwEAAcsg0kY6fw1wzYMhSAKTy+Y2JzAst66P/1odp9NECJJHbU8f4nwziI3onoFSBV0ZiSZhY1aH5dhdDZ7BkrqhVXSrZPAz0CvzjIxmB1gSOf9DeZvjQvoy97HqYolxsf+B3QQv2RKBT67elF5+JisKg3/dQISelKn8LhabSoVrMlD1
+ch.			988	IN	DNSKEY	257 3 8 AwEAAb7GhhZ8IAy/AhwmSms5DeQK5ad09wIIplEpYoiAIYXPtJvT1ReFzyfTp/2YP+g/PWDwHPh4qKAHa9x0VgbIQcGAeNakmfkAdWEmCnca323/SAml3mwfaX62G7/uYWae5zh8QTxZKNd+K1yZ5x0IxnI31chSl5xymRbTEHYZDKwSIRFM3fTxUMt93WFaBVWELReYotJBr++rvAWdnlay5TPBTvheLBkaiqtgM4GP8HK07Y+86lsZnEsj5K3G1KTV5SPpa82rqYAwxG9VKbmSE/6/kBR5jJHjt1rRt5Oe7v18aEtw0YCEN4vxq+KuvMoNVqXUsE9LBwHJD+QNwi6wmB0=
+ch.			988	IN	RRSIG	DNSKEY 8 1 86400 20150127100909 20141212090909 46375 ch. bT8q0FWyeMH0SulNo6UdIIgZYNATwYsee2bikq2Gh339Bufma8eaqWIPYT3XKmxYPBFOw0bVl+kLZxTwbR1CFoCDXoP+qgQhh4mf9qkNiv2CDSc+0FE3FRREn+DAhYTUEuB58FPiPakFB8s8O7T+k2qhDae7jy4/y7Jl1lnjaBY8s7bzOUPhF0KKCNZmvoKwtL23ZdVeTSV1xM3jkiNnpzBKbcoSWECSGJVp1SE0BnRXdwQP41YTXFZ0310YjaTAUCC5qbMIWdEkHjfdSQtKBImnc85mkapq9w++XQ4zhauPWBtrPV3CcoCahjUaWdjrKVkibomlJZaN8MEO23CfQw==
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 893 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 4183
+;; flags: qr rd ra cd ; qd: 1 an: 3 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ingotronic.ch., type = DS, class = IN
+
+;; ANSWERS:
+ingotronic.ch.		3596	IN	DS	6031 5 2 4A948F2FDADA24686E473EDAC00DCF972584C75E3FAA92C2021B6221449FF87E
+ingotronic.ch.		3596	IN	DS	6031 5 1 733D0218B571CD617B1A7493564B9FC4F12ADE82
+ingotronic.ch.		3596	IN	RRSIG	DS 8 2 3600 20150129033614 20150105123019 60789 ch. rVPJP2HhzW7OkroK2axFj5Lb4iVWCH8Fp/Iq1rF952NDo72b8RiKje2RaAKJAGQ+wd0YgE+PAej04GCmkhlDJA/zvPeeTxuhy3HbJzReMlQ7fjyH+wW1hli+FuIYvogXWf7nO/9VyPORt8X/f/pjrOr3Vlj9sGLN8TGYpEuVSw4=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 288 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 13829
+;; flags: qr aa rd ra cd ; qd: 1 an: 4 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ingotronic.ch., type = DNSKEY, class = IN
+
+;; ANSWERS:
+ingotronic.ch.		300	IN	DNSKEY	257 3 5 AwEAAeA1vzmjaB+eBAcvhzpKEgAEFpvQ1rg4uKDW6MsQtacKoqBpgyep2+LuWotz5p/xYxj3NGsArwN8Ad5cY0FHRr8miTT0elOv6nvlqGIfRuhj/BXAQ1x4ihpSFslHw0lJMYFwxsUZWpUyjWX/nv1xRZMMwF46gui0N4OEbyTYusCk77D+A71k+K0EAitFIbIH4GCUKmH1H7HmXhSVH9bN/n7KEGwW32lmsuuUcJoRKDkcUvbMXY/9Xoa2quERrUg/rBbDUHowRPjYDS5GzY1+f4YY8s40BufGiqyUTKKXL953MVFK8gmezXA0hbmrnZ7CBOw/7238mORAdzExaX8n7CE=
+ingotronic.ch.		300	IN	DNSKEY	256 3 5 AwEAAZ2Xh77GFzpEDx7EHYxShqltHgkiG+BOjBGifEmnJhQSdE5/yNSLFNcdhZZ8HUPxYnaedTqJcFFg4AzUsQklF/fECegTJdZjaj2WoL0/I8K7HMfY/hVuRZUWPNglYi8agJRX6gdkFTCpUNI7stpgKqxtzUJhhw15uG/lKMplwqUr
+ingotronic.ch.		300	IN	RRSIG	DNSKEY 5 2 300 20150125003700 20141226001657 6031 ingotronic.ch. rs1QlP2SlSpA2ELbzwg3DgWLzXWL3Lpv6CUJE2Q0qH2Zp7Qdy3cD+ZEtNh9v24Qv1M6JJ3zFt8mmZoCeW2ycuMbJCqBkW9CBuwF+VznZvZY2MxwPipvhvEEGP//0M8YAZJ66yQPDv3PTdAP8FYbIrJyvY44vwyncwbslpfHT9jAsrbfr3vuMuWps86dnP462q+0s1TxBfqi8mzo3gdavjHKWVNwohLahLKT+tWeu6DSzQv0YwMjwtkLgF7QRgx3ctIIkloOrnx9nHH1N6y+hxEB89fOlyVDjHhgL5uVtsD5fEdT0FJ2Gc/2nShEMMqIwr1/J9kUq1mNySff/uEe65Q==
+ingotronic.ch.		300	IN	RRSIG	DNSKEY 5 2 300 20150125003700 20141226001657 17430 ingotronic.ch. mEwZjhQqeWksWD0TCnNBrtce4YkWJL3edqL6PvAUu8Fn+Ih437kEs3+pqdkgRsdYQ9HW+lBm/8pWwJlNAv0bi9NykItXMwAUFtncgq+6Pnh3iAM972GXSa5VV4LcGQ5b8CBdHCHiEKDqyPv5Hr5QfYL/FQaWlcNRh4QZZlZNPFA=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 940 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 8061
+;; flags: qr aa rd ra cd ; qd: 1 an: 3 au: 0 ad: 1 
+;; QUESTIONS:
+;;	nsec3.ingotronic.ch., type = DS, class = IN
+
+;; ANSWERS:
+nsec3.ingotronic.ch.	300	IN	DS	16758 7 1 1720FF268E09A2CB63805EC8782D10AAD20E12A5
+nsec3.ingotronic.ch.	300	IN	DS	16758 7 2 3C8DC02750A1636F829B45D6E6D642866768A9CD40A013AD9D25AB63734FFA13
+nsec3.ingotronic.ch.	300	IN	RRSIG	DS 5 3 300 20150125011134 20141226002644 17430 ingotronic.ch. hNurzlGhlyHbSgezPDuhIrtN9ZMsMXZbKGc7HD5rUuM88wD3fM97NxdzF+2Hi1USvBZ5GsQv63L+lAzf+mFPBoPIFHtTiAv8up7kQKRKmi/EzzkCYd/CC4UYdDZbaUyv7esh7spSOGwjPJNdK831p+MgltoWaYtnSGVMgOKk5mc=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 305 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 35158
+;; flags: qr aa rd ra cd ; qd: 1 an: 4 au: 0 ad: 1 
+;; QUESTIONS:
+;;	nsec3.ingotronic.ch., type = DNSKEY, class = IN
+
+;; ANSWERS:
+nsec3.ingotronic.ch.	300	IN	DNSKEY	256 3 7 AwEAAccAWxkTVGZ6UAp0VEozAlYpARhbh6Y6tYOl6Fg3UeBNFFtDQ9fTEEt1NkbnR9u8KkpVN6a67avlYiUN1egDqEwzDU7R1Rw+/USdhm2hqOARmmu3DBgjjX/iXjZLyv310cOGFJZ/smcodlDL4pDAAoPxh/qs6KEBaT0sc1KWcGq3
+nsec3.ingotronic.ch.	300	IN	DNSKEY	257 3 7 AwEAAaBuJTf9oGyeTH3biUkAFLrsYrkodX1H7Snsui4XsDHFCBvs5XYacHbs0Jg0/O51KPjmNnjwMW8SSyDkKqYQ+9uYAf2EQ/pnD/VGQqnV2cw0Vwk/t0E2V4FUCju4pnAoyzZFZXGs1eWbX9JXu++b0Azp+ACq6485qJLzHhWDiIrPoK/SvdbFVRK4s+nPPJLH3NGBbtdz6kPq7aFWYBMoGeAZdN1wsQpcNWUo5eOmaJY53nMc7+rDpAyYlMe/FKwSZdX2ZDd63Qsa6Im4FVUJq/nWLq7tlQ/mWks15uDTQyJy/OWfA0ICCO4N9Fel9rThJNpJWEzOCblvZyBoy405kZk=
+nsec3.ingotronic.ch.	300	IN	RRSIG	DNSKEY 7 3 300 20150125001457 20141226000444 16758 nsec3.ingotronic.ch. mXi1ylDi8XkRPup+YlT8GPdYE+P7gb6+/VdAwtodI916IzrkGkOHOTLbnrbAqqJOh0HxVCYXdxovmEcbJKUFKwplrQg3XD7/9Sq4pKU1MhMFEGrm/QPkM4u0mgjQwyToDLGuPHuFyur3FSjO/n54uGhAEft9JOFk/WKtWdCnm2LLyQrpC6herA3efFaI8kZhdoEY02AwihWVJxHasmz7lOoKRgNrkfELU+fN4+V7ISsRfJMyZc6q5PuNeG6vFD0uNE8tpdLJCSMurKYVpelvYqzFIcRTYcIjXwmS+L3DGjupqWMzFZVmpQM62JG3KCCD0ffpnNb0nWoSoHwpSeh/3Q==
+nsec3.ingotronic.ch.	300	IN	RRSIG	DNSKEY 7 3 300 20150125001457 20141226000444 62417 nsec3.ingotronic.ch. PyCrf8T5dAfJzapb1p+kcTALPjDuD2niSaXXo0KeHAunT+6gJicLML2S/ZpiYr7X7Ma4Z0TYqE02qH6pcLYNnSgv9BE8sZO0nRtPekSyTy5nLi4hFADYhjb3UjaB85qmQZcqm64vC/CJhWO4t6Eixg/5MYALw+Qdy5Fo0qy/U5E=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 958 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 25776
+;; flags: qr rd ra ad cd ; qd: 1 an: 4 au: 0 ad: 1 
+;; QUESTIONS:
+;;	., type = DNSKEY, class = IN
+
+;; ANSWERS:
+.			87387	IN	DNSKEY	256 3 8 AwEAAe3fSrbLBy3LOS7pnxEUhvPZTE2H5dIGsI/UfruI/nOEvWWa/PSX2BFedBkEqOlYdjdNF2f+6lmfk2Od/xu0v5bVqxFE+/24v3hZSlWBxvXzPTAGHrbW/IJYEPqlzVOAS4XdUgHg0N7IbLywNHMvB+Yf+Nm6ctyXXFLV4WTNnzs7
+.			87387	IN	DNSKEY	257 3 8 AwEAAagAIKlVZrpC6Ia7gEzahOR+9W29euxhJhVVLOyQbSEW0O8gcCjFFVQUTf6v58fLjwBd0YI0EzrAcQqBGCzh/RStIoO8g0NfnfL2MTJRkxoXbfDaUeVPQuYEhg37NZWAJQ9VnMVDxP/VHL496M/QZxkjf5/Efucp2gaDX6RS6CXpoY68LsvPVjR0ZSwzz1apAzvN9dlzEheX7ICJBBtuA6G3LQpzW5hOA2hzCTMjJPJ8LbqF6dsV6DoBQzgul0sGIcGOYl7OyQdXfZ57relSQageu+ipAdTTJ25AsRTAoub8ONGcLmqrAmRLKBP1dfwhYB4N7knNnulqQxA+Uk1ihz0=
+.			87387	IN	DNSKEY	256 3 8 AwEAAaPD7Y7XIi1MOEREJNTrRhyqsY3gff6JWzg+XCbqut1sbcbvqyssHw8DT1AkRaAC92pO8xuyq5QEgEPL1IHfABLwpwXI5gTj4gdwi86bpkmlWs9fRpnn4DPDCTdrnxIejJXgClHikLJF3u3CdpNCMijq4CKdQbMlRZ3avv+G7rh7
+.			87387	IN	RRSIG	DNSKEY 8 0 172800 20150115235959 20150101000000 19036 . i8cAxD2pvQi1oAyvQxRpDfFlbqPzW+69QQEsDwE1eWOm5AtawO9U7lmsGps7sy/fVNvl1ljKBj4Djp9pb3U2FLogjiIlW0cDAkPmLlG9t+b/pjEfBNlhjANUVN06pvQVAfm+LcF26EaWT6FlISBqb6jSy4BHRa3Bdc4Sx7+pRSYSqVVvYxLkfAWsKPqGkvWhebJDndJJV9syXQXgZ+v/uJ+6XOS43xkAdeL8iBzIs/FlwMTfh3tVe3d0lb65IBBLlCzeQuetX+0Vu1YFcnD0mHc/wS2ZnAV5toAFmyVQBoY/XAZiZeaOkcROJ6Zmqezy7liwK7BqsYyAZntMhk8lbg==
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 883 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 42269
+;; flags: qr rd ra ad cd ; qd: 1 an: 2 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ch., type = DS, class = IN
+
+;; ANSWERS:
+ch.			987	IN	DS	46375 8 2 8F96646FC68BB7E4AF4C0750A6096FBC0D4ECDA3D3FA6DA06FDDB42EE50C6CF3
+ch.			987	IN	RRSIG	DS 8 1 86400 20150112170000 20150105160000 16665 . thY7xYWBBxiBjqbQIb9fAG4TmQgnziwM7q6P1T3/ITxmECdvOCQnnZA3uD7qmN8uM0HudsD7+y+zgD3rsH4RSTKdL4kHSI0OnCxToMTvklghEgFDezqIRm8NkWdI2H4Stwrj20nYKSpLQxPI2EE54gs18P3KyO8bAUYv8Qx73xU=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 238 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 6552
+;; flags: qr rd ra ad cd ; qd: 1 an: 4 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ch., type = DNSKEY, class = IN
+
+;; ANSWERS:
+ch.			987	IN	DNSKEY	256 3 8 AwEAAcsg0kY6fw1wzYMhSAKTy+Y2JzAst66P/1odp9NECJJHbU8f4nwziI3onoFSBV0ZiSZhY1aH5dhdDZ7BkrqhVXSrZPAz0CvzjIxmB1gSOf9DeZvjQvoy97HqYolxsf+B3QQv2RKBT67elF5+JisKg3/dQISelKn8LhabSoVrMlD1
+ch.			987	IN	DNSKEY	257 3 8 AwEAAb7GhhZ8IAy/AhwmSms5DeQK5ad09wIIplEpYoiAIYXPtJvT1ReFzyfTp/2YP+g/PWDwHPh4qKAHa9x0VgbIQcGAeNakmfkAdWEmCnca323/SAml3mwfaX62G7/uYWae5zh8QTxZKNd+K1yZ5x0IxnI31chSl5xymRbTEHYZDKwSIRFM3fTxUMt93WFaBVWELReYotJBr++rvAWdnlay5TPBTvheLBkaiqtgM4GP8HK07Y+86lsZnEsj5K3G1KTV5SPpa82rqYAwxG9VKbmSE/6/kBR5jJHjt1rRt5Oe7v18aEtw0YCEN4vxq+KuvMoNVqXUsE9LBwHJD+QNwi6wmB0=
+ch.			987	IN	DNSKEY	256 3 8 AwEAAcSLdT0fEmcFmLpeUkAJoeVaHKiu+nbuc43fWlqaCRVf8t2HA4uWxOk0O5ci9nrFTc8nq8oa5fk5Cj7CHh4yrX9qUCfTdIWTyp8BDEdJpS+Dyb0u9wQuVj+nQMj4fLzdQf4TJs3/qxuiLr3nL1UUwlhhXeqSqGVb7p3mtB5HJ8ad
+ch.			987	IN	RRSIG	DNSKEY 8 1 86400 20150127100909 20141212090909 46375 ch. bT8q0FWyeMH0SulNo6UdIIgZYNATwYsee2bikq2Gh339Bufma8eaqWIPYT3XKmxYPBFOw0bVl+kLZxTwbR1CFoCDXoP+qgQhh4mf9qkNiv2CDSc+0FE3FRREn+DAhYTUEuB58FPiPakFB8s8O7T+k2qhDae7jy4/y7Jl1lnjaBY8s7bzOUPhF0KKCNZmvoKwtL23ZdVeTSV1xM3jkiNnpzBKbcoSWECSGJVp1SE0BnRXdwQP41YTXFZ0310YjaTAUCC5qbMIWdEkHjfdSQtKBImnc85mkapq9w++XQ4zhauPWBtrPV3CcoCahjUaWdjrKVkibomlJZaN8MEO23CfQw==
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 893 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 15230
+;; flags: qr rd ra cd ; qd: 1 an: 3 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ingotronic.ch., type = DS, class = IN
+
+;; ANSWERS:
+ingotronic.ch.		3595	IN	DS	6031 5 2 4A948F2FDADA24686E473EDAC00DCF972584C75E3FAA92C2021B6221449FF87E
+ingotronic.ch.		3595	IN	DS	6031 5 1 733D0218B571CD617B1A7493564B9FC4F12ADE82
+ingotronic.ch.		3595	IN	RRSIG	DS 8 2 3600 20150129033614 20150105123019 60789 ch. rVPJP2HhzW7OkroK2axFj5Lb4iVWCH8Fp/Iq1rF952NDo72b8RiKje2RaAKJAGQ+wd0YgE+PAej04GCmkhlDJA/zvPeeTxuhy3HbJzReMlQ7fjyH+wW1hli+FuIYvogXWf7nO/9VyPORt8X/f/pjrOr3Vlj9sGLN8TGYpEuVSw4=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 288 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 57871
+;; flags: qr aa rd ra cd ; qd: 1 an: 4 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ingotronic.ch., type = DNSKEY, class = IN
+
+;; ANSWERS:
+ingotronic.ch.		300	IN	DNSKEY	257 3 5 AwEAAeA1vzmjaB+eBAcvhzpKEgAEFpvQ1rg4uKDW6MsQtacKoqBpgyep2+LuWotz5p/xYxj3NGsArwN8Ad5cY0FHRr8miTT0elOv6nvlqGIfRuhj/BXAQ1x4ihpSFslHw0lJMYFwxsUZWpUyjWX/nv1xRZMMwF46gui0N4OEbyTYusCk77D+A71k+K0EAitFIbIH4GCUKmH1H7HmXhSVH9bN/n7KEGwW32lmsuuUcJoRKDkcUvbMXY/9Xoa2quERrUg/rBbDUHowRPjYDS5GzY1+f4YY8s40BufGiqyUTKKXL953MVFK8gmezXA0hbmrnZ7CBOw/7238mORAdzExaX8n7CE=
+ingotronic.ch.		300	IN	DNSKEY	256 3 5 AwEAAZ2Xh77GFzpEDx7EHYxShqltHgkiG+BOjBGifEmnJhQSdE5/yNSLFNcdhZZ8HUPxYnaedTqJcFFg4AzUsQklF/fECegTJdZjaj2WoL0/I8K7HMfY/hVuRZUWPNglYi8agJRX6gdkFTCpUNI7stpgKqxtzUJhhw15uG/lKMplwqUr
+ingotronic.ch.		300	IN	RRSIG	DNSKEY 5 2 300 20150125003700 20141226001657 6031 ingotronic.ch. rs1QlP2SlSpA2ELbzwg3DgWLzXWL3Lpv6CUJE2Q0qH2Zp7Qdy3cD+ZEtNh9v24Qv1M6JJ3zFt8mmZoCeW2ycuMbJCqBkW9CBuwF+VznZvZY2MxwPipvhvEEGP//0M8YAZJ66yQPDv3PTdAP8FYbIrJyvY44vwyncwbslpfHT9jAsrbfr3vuMuWps86dnP462q+0s1TxBfqi8mzo3gdavjHKWVNwohLahLKT+tWeu6DSzQv0YwMjwtkLgF7QRgx3ctIIkloOrnx9nHH1N6y+hxEB89fOlyVDjHhgL5uVtsD5fEdT0FJ2Gc/2nShEMMqIwr1/J9kUq1mNySff/uEe65Q==
+ingotronic.ch.		300	IN	RRSIG	DNSKEY 5 2 300 20150125003700 20141226001657 17430 ingotronic.ch. mEwZjhQqeWksWD0TCnNBrtce4YkWJL3edqL6PvAUu8Fn+Ih437kEs3+pqdkgRsdYQ9HW+lBm/8pWwJlNAv0bi9NykItXMwAUFtncgq+6Pnh3iAM972GXSa5VV4LcGQ5b8CBdHCHiEKDqyPv5Hr5QfYL/FQaWlcNRh4QZZlZNPFA=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 940 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 60830
+;; flags: qr aa rd ra cd ; qd: 1 an: 3 au: 0 ad: 1 
+;; QUESTIONS:
+;;	nsec3.ingotronic.ch., type = DS, class = IN
+
+;; ANSWERS:
+nsec3.ingotronic.ch.	300	IN	DS	16758 7 2 3C8DC02750A1636F829B45D6E6D642866768A9CD40A013AD9D25AB63734FFA13
+nsec3.ingotronic.ch.	300	IN	DS	16758 7 1 1720FF268E09A2CB63805EC8782D10AAD20E12A5
+nsec3.ingotronic.ch.	300	IN	RRSIG	DS 5 3 300 20150125011134 20141226002644 17430 ingotronic.ch. hNurzlGhlyHbSgezPDuhIrtN9ZMsMXZbKGc7HD5rUuM88wD3fM97NxdzF+2Hi1USvBZ5GsQv63L+lAzf+mFPBoPIFHtTiAv8up7kQKRKmi/EzzkCYd/CC4UYdDZbaUyv7esh7spSOGwjPJNdK831p+MgltoWaYtnSGVMgOKk5mc=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 305 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 6067
+;; flags: qr aa rd ra cd ; qd: 1 an: 4 au: 0 ad: 1 
+;; QUESTIONS:
+;;	nsec3.ingotronic.ch., type = DNSKEY, class = IN
+
+;; ANSWERS:
+nsec3.ingotronic.ch.	300	IN	DNSKEY	257 3 7 AwEAAaBuJTf9oGyeTH3biUkAFLrsYrkodX1H7Snsui4XsDHFCBvs5XYacHbs0Jg0/O51KPjmNnjwMW8SSyDkKqYQ+9uYAf2EQ/pnD/VGQqnV2cw0Vwk/t0E2V4FUCju4pnAoyzZFZXGs1eWbX9JXu++b0Azp+ACq6485qJLzHhWDiIrPoK/SvdbFVRK4s+nPPJLH3NGBbtdz6kPq7aFWYBMoGeAZdN1wsQpcNWUo5eOmaJY53nMc7+rDpAyYlMe/FKwSZdX2ZDd63Qsa6Im4FVUJq/nWLq7tlQ/mWks15uDTQyJy/OWfA0ICCO4N9Fel9rThJNpJWEzOCblvZyBoy405kZk=
+nsec3.ingotronic.ch.	300	IN	DNSKEY	256 3 7 AwEAAccAWxkTVGZ6UAp0VEozAlYpARhbh6Y6tYOl6Fg3UeBNFFtDQ9fTEEt1NkbnR9u8KkpVN6a67avlYiUN1egDqEwzDU7R1Rw+/USdhm2hqOARmmu3DBgjjX/iXjZLyv310cOGFJZ/smcodlDL4pDAAoPxh/qs6KEBaT0sc1KWcGq3
+nsec3.ingotronic.ch.	300	IN	RRSIG	DNSKEY 7 3 300 20150125001457 20141226000444 16758 nsec3.ingotronic.ch. mXi1ylDi8XkRPup+YlT8GPdYE+P7gb6+/VdAwtodI916IzrkGkOHOTLbnrbAqqJOh0HxVCYXdxovmEcbJKUFKwplrQg3XD7/9Sq4pKU1MhMFEGrm/QPkM4u0mgjQwyToDLGuPHuFyur3FSjO/n54uGhAEft9JOFk/WKtWdCnm2LLyQrpC6herA3efFaI8kZhdoEY02AwihWVJxHasmz7lOoKRgNrkfELU+fN4+V7ISsRfJMyZc6q5PuNeG6vFD0uNE8tpdLJCSMurKYVpelvYqzFIcRTYcIjXwmS+L3DGjupqWMzFZVmpQM62JG3KCCD0ffpnNb0nWoSoHwpSeh/3Q==
+nsec3.ingotronic.ch.	300	IN	RRSIG	DNSKEY 7 3 300 20150125001457 20141226000444 62417 nsec3.ingotronic.ch. PyCrf8T5dAfJzapb1p+kcTALPjDuD2niSaXXo0KeHAunT+6gJicLML2S/ZpiYr7X7Ma4Z0TYqE02qH6pcLYNnSgv9BE8sZO0nRtPekSyTy5nLi4hFADYhjb3UjaB85qmQZcqm64vC/CJhWO4t6Eixg/5MYALw+Qdy5Fo0qy/U5E=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 958 bytes
+
+###############################################
+
diff --git a/src/test/resources/recordings/org_xbill_DNS_dnssec_TestNonExistence/testNoDataOnENT b/src/test/resources/recordings/org_xbill_DNS_dnssec_TestNonExistence/testNoDataOnENT
new file mode 100644
index 000000000..903bb3871
--- /dev/null
+++ b/src/test/resources/recordings/org_xbill_DNS_dnssec_TestNonExistence/testNoDataOnENT
@@ -0,0 +1,118 @@
+#Date: 2015-01-06T22:34:45+01:00
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 25863
+;; flags: qr aa rd ra cd ; qd: 1 an: 0 au: 4 ad: 1 
+;; QUESTIONS:
+;;	b.ingotronic.ch., type = A, class = IN
+
+;; ANSWERS:
+
+;; AUTHORITY RECORDS:
+ingotronic.ch.		300	IN	SOA	ns1.ingotronic.ch. admin.ingotronic.ch. 2013032762 300 60 864000 300
+ingotronic.ch.		300	IN	RRSIG	SOA 5 2 300 20150125021244 20141226011244 17430 ingotronic.ch. WDLpp9G0P/rlMBfpFn9sAfpEFoBnQfwyGSXbGCc/LG1FSkJoKLDQYDY696scLNsJgkrzZeJrl0oSSvA8AvRUhYRrmuqWMxTVFgYlRwPwqEMCKUqiVhKGVF4NYemoBiUQC4nJwBZd57xKCiF4AQ4CodBtiZxefJFAlTNE0g2yxtM=
+alias.ingotronic.ch.	300	IN	NSEC	a.b.ingotronic.ch. DNAME RRSIG NSEC
+alias.ingotronic.ch.	300	IN	RRSIG	NSEC 5 3 300 20150125000532 20141225234703 17430 ingotronic.ch. mS+nh5skTxhOBdJlkwSGdrmhuA5FC9Am9emIhyIViET/1BoKotmbzLtfaBXAh2gRhcfDr+4OJJ6oyUcdMn/m4YG8NUsf4rAL92/YyxocUoF/oS8ZZv/BPXplCH5J4hsac+heElbPJ29v0kFVujErTaX/Ev0lYsUNI+9OmCrlQpk=
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 481 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 1668
+;; flags: qr rd ra ad cd ; qd: 1 an: 4 au: 0 ad: 1 
+;; QUESTIONS:
+;;	., type = DNSKEY, class = IN
+
+;; ANSWERS:
+.			87389	IN	DNSKEY	256 3 8 AwEAAe3fSrbLBy3LOS7pnxEUhvPZTE2H5dIGsI/UfruI/nOEvWWa/PSX2BFedBkEqOlYdjdNF2f+6lmfk2Od/xu0v5bVqxFE+/24v3hZSlWBxvXzPTAGHrbW/IJYEPqlzVOAS4XdUgHg0N7IbLywNHMvB+Yf+Nm6ctyXXFLV4WTNnzs7
+.			87389	IN	DNSKEY	257 3 8 AwEAAagAIKlVZrpC6Ia7gEzahOR+9W29euxhJhVVLOyQbSEW0O8gcCjFFVQUTf6v58fLjwBd0YI0EzrAcQqBGCzh/RStIoO8g0NfnfL2MTJRkxoXbfDaUeVPQuYEhg37NZWAJQ9VnMVDxP/VHL496M/QZxkjf5/Efucp2gaDX6RS6CXpoY68LsvPVjR0ZSwzz1apAzvN9dlzEheX7ICJBBtuA6G3LQpzW5hOA2hzCTMjJPJ8LbqF6dsV6DoBQzgul0sGIcGOYl7OyQdXfZ57relSQageu+ipAdTTJ25AsRTAoub8ONGcLmqrAmRLKBP1dfwhYB4N7knNnulqQxA+Uk1ihz0=
+.			87389	IN	DNSKEY	256 3 8 AwEAAaPD7Y7XIi1MOEREJNTrRhyqsY3gff6JWzg+XCbqut1sbcbvqyssHw8DT1AkRaAC92pO8xuyq5QEgEPL1IHfABLwpwXI5gTj4gdwi86bpkmlWs9fRpnn4DPDCTdrnxIejJXgClHikLJF3u3CdpNCMijq4CKdQbMlRZ3avv+G7rh7
+.			87389	IN	RRSIG	DNSKEY 8 0 172800 20150115235959 20150101000000 19036 . i8cAxD2pvQi1oAyvQxRpDfFlbqPzW+69QQEsDwE1eWOm5AtawO9U7lmsGps7sy/fVNvl1ljKBj4Djp9pb3U2FLogjiIlW0cDAkPmLlG9t+b/pjEfBNlhjANUVN06pvQVAfm+LcF26EaWT6FlISBqb6jSy4BHRa3Bdc4Sx7+pRSYSqVVvYxLkfAWsKPqGkvWhebJDndJJV9syXQXgZ+v/uJ+6XOS43xkAdeL8iBzIs/FlwMTfh3tVe3d0lb65IBBLlCzeQuetX+0Vu1YFcnD0mHc/wS2ZnAV5toAFmyVQBoY/XAZiZeaOkcROJ6Zmqezy7liwK7BqsYyAZntMhk8lbg==
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 883 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 19837
+;; flags: qr rd ra ad cd ; qd: 1 an: 2 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ch., type = DS, class = IN
+
+;; ANSWERS:
+ch.			988	IN	DS	46375 8 2 8F96646FC68BB7E4AF4C0750A6096FBC0D4ECDA3D3FA6DA06FDDB42EE50C6CF3
+ch.			988	IN	RRSIG	DS 8 1 86400 20150112170000 20150105160000 16665 . thY7xYWBBxiBjqbQIb9fAG4TmQgnziwM7q6P1T3/ITxmECdvOCQnnZA3uD7qmN8uM0HudsD7+y+zgD3rsH4RSTKdL4kHSI0OnCxToMTvklghEgFDezqIRm8NkWdI2H4Stwrj20nYKSpLQxPI2EE54gs18P3KyO8bAUYv8Qx73xU=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 238 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 28569
+;; flags: qr rd ra ad cd ; qd: 1 an: 4 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ch., type = DNSKEY, class = IN
+
+;; ANSWERS:
+ch.			989	IN	DNSKEY	256 3 8 AwEAAcsg0kY6fw1wzYMhSAKTy+Y2JzAst66P/1odp9NECJJHbU8f4nwziI3onoFSBV0ZiSZhY1aH5dhdDZ7BkrqhVXSrZPAz0CvzjIxmB1gSOf9DeZvjQvoy97HqYolxsf+B3QQv2RKBT67elF5+JisKg3/dQISelKn8LhabSoVrMlD1
+ch.			989	IN	DNSKEY	256 3 8 AwEAAcSLdT0fEmcFmLpeUkAJoeVaHKiu+nbuc43fWlqaCRVf8t2HA4uWxOk0O5ci9nrFTc8nq8oa5fk5Cj7CHh4yrX9qUCfTdIWTyp8BDEdJpS+Dyb0u9wQuVj+nQMj4fLzdQf4TJs3/qxuiLr3nL1UUwlhhXeqSqGVb7p3mtB5HJ8ad
+ch.			989	IN	DNSKEY	257 3 8 AwEAAb7GhhZ8IAy/AhwmSms5DeQK5ad09wIIplEpYoiAIYXPtJvT1ReFzyfTp/2YP+g/PWDwHPh4qKAHa9x0VgbIQcGAeNakmfkAdWEmCnca323/SAml3mwfaX62G7/uYWae5zh8QTxZKNd+K1yZ5x0IxnI31chSl5xymRbTEHYZDKwSIRFM3fTxUMt93WFaBVWELReYotJBr++rvAWdnlay5TPBTvheLBkaiqtgM4GP8HK07Y+86lsZnEsj5K3G1KTV5SPpa82rqYAwxG9VKbmSE/6/kBR5jJHjt1rRt5Oe7v18aEtw0YCEN4vxq+KuvMoNVqXUsE9LBwHJD+QNwi6wmB0=
+ch.			989	IN	RRSIG	DNSKEY 8 1 86400 20150127100909 20141212090909 46375 ch. bT8q0FWyeMH0SulNo6UdIIgZYNATwYsee2bikq2Gh339Bufma8eaqWIPYT3XKmxYPBFOw0bVl+kLZxTwbR1CFoCDXoP+qgQhh4mf9qkNiv2CDSc+0FE3FRREn+DAhYTUEuB58FPiPakFB8s8O7T+k2qhDae7jy4/y7Jl1lnjaBY8s7bzOUPhF0KKCNZmvoKwtL23ZdVeTSV1xM3jkiNnpzBKbcoSWECSGJVp1SE0BnRXdwQP41YTXFZ0310YjaTAUCC5qbMIWdEkHjfdSQtKBImnc85mkapq9w++XQ4zhauPWBtrPV3CcoCahjUaWdjrKVkibomlJZaN8MEO23CfQw==
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 893 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 17551
+;; flags: qr rd ra cd ; qd: 1 an: 3 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ingotronic.ch., type = DS, class = IN
+
+;; ANSWERS:
+ingotronic.ch.		3597	IN	DS	6031 5 2 4A948F2FDADA24686E473EDAC00DCF972584C75E3FAA92C2021B6221449FF87E
+ingotronic.ch.		3597	IN	DS	6031 5 1 733D0218B571CD617B1A7493564B9FC4F12ADE82
+ingotronic.ch.		3597	IN	RRSIG	DS 8 2 3600 20150129033614 20150105123019 60789 ch. rVPJP2HhzW7OkroK2axFj5Lb4iVWCH8Fp/Iq1rF952NDo72b8RiKje2RaAKJAGQ+wd0YgE+PAej04GCmkhlDJA/zvPeeTxuhy3HbJzReMlQ7fjyH+wW1hli+FuIYvogXWf7nO/9VyPORt8X/f/pjrOr3Vlj9sGLN8TGYpEuVSw4=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 288 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 3475
+;; flags: qr aa rd ra cd ; qd: 1 an: 4 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ingotronic.ch., type = DNSKEY, class = IN
+
+;; ANSWERS:
+ingotronic.ch.		300	IN	DNSKEY	257 3 5 AwEAAeA1vzmjaB+eBAcvhzpKEgAEFpvQ1rg4uKDW6MsQtacKoqBpgyep2+LuWotz5p/xYxj3NGsArwN8Ad5cY0FHRr8miTT0elOv6nvlqGIfRuhj/BXAQ1x4ihpSFslHw0lJMYFwxsUZWpUyjWX/nv1xRZMMwF46gui0N4OEbyTYusCk77D+A71k+K0EAitFIbIH4GCUKmH1H7HmXhSVH9bN/n7KEGwW32lmsuuUcJoRKDkcUvbMXY/9Xoa2quERrUg/rBbDUHowRPjYDS5GzY1+f4YY8s40BufGiqyUTKKXL953MVFK8gmezXA0hbmrnZ7CBOw/7238mORAdzExaX8n7CE=
+ingotronic.ch.		300	IN	DNSKEY	256 3 5 AwEAAZ2Xh77GFzpEDx7EHYxShqltHgkiG+BOjBGifEmnJhQSdE5/yNSLFNcdhZZ8HUPxYnaedTqJcFFg4AzUsQklF/fECegTJdZjaj2WoL0/I8K7HMfY/hVuRZUWPNglYi8agJRX6gdkFTCpUNI7stpgKqxtzUJhhw15uG/lKMplwqUr
+ingotronic.ch.		300	IN	RRSIG	DNSKEY 5 2 300 20150125003700 20141226001657 6031 ingotronic.ch. rs1QlP2SlSpA2ELbzwg3DgWLzXWL3Lpv6CUJE2Q0qH2Zp7Qdy3cD+ZEtNh9v24Qv1M6JJ3zFt8mmZoCeW2ycuMbJCqBkW9CBuwF+VznZvZY2MxwPipvhvEEGP//0M8YAZJ66yQPDv3PTdAP8FYbIrJyvY44vwyncwbslpfHT9jAsrbfr3vuMuWps86dnP462q+0s1TxBfqi8mzo3gdavjHKWVNwohLahLKT+tWeu6DSzQv0YwMjwtkLgF7QRgx3ctIIkloOrnx9nHH1N6y+hxEB89fOlyVDjHhgL5uVtsD5fEdT0FJ2Gc/2nShEMMqIwr1/J9kUq1mNySff/uEe65Q==
+ingotronic.ch.		300	IN	RRSIG	DNSKEY 5 2 300 20150125003700 20141226001657 17430 ingotronic.ch. mEwZjhQqeWksWD0TCnNBrtce4YkWJL3edqL6PvAUu8Fn+Ih437kEs3+pqdkgRsdYQ9HW+lBm/8pWwJlNAv0bi9NykItXMwAUFtncgq+6Pnh3iAM972GXSa5VV4LcGQ5b8CBdHCHiEKDqyPv5Hr5QfYL/FQaWlcNRh4QZZlZNPFA=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 940 bytes
+
+###############################################
+
diff --git a/src/test/resources/recordings/org_xbill_DNS_dnssec_TestNonExistence/testNoDataWithInvalidNsecSignature b/src/test/resources/recordings/org_xbill_DNS_dnssec_TestNonExistence/testNoDataWithInvalidNsecSignature
new file mode 100644
index 000000000..717907ef0
--- /dev/null
+++ b/src/test/resources/recordings/org_xbill_DNS_dnssec_TestNonExistence/testNoDataWithInvalidNsecSignature
@@ -0,0 +1,215 @@
+#Date: 2015-01-06T22:34:43+01:00
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 65247
+;; flags: qr aa rd ra cd ; qd: 1 an: 0 au: 4 ad: 1 
+;; QUESTIONS:
+;;	www.ingotronic.ch., type = MX, class = IN
+
+;; ANSWERS:
+
+;; AUTHORITY RECORDS:
+ingotronic.ch.		300	IN	SOA	ns1.ingotronic.ch. admin.ingotronic.ch. 2013032762 300 60 864000 300
+ingotronic.ch.		300	IN	RRSIG	SOA 5 2 300 20150125021244 20141226011244 17430 ingotronic.ch. WDLpp9G0P/rlMBfpFn9sAfpEFoBnQfwyGSXbGCc/LG1FSkJoKLDQYDY696scLNsJgkrzZeJrl0oSSvA8AvRUhYRrmuqWMxTVFgYlRwPwqEMCKUqiVhKGVF4NYemoBiUQC4nJwBZd57xKCiF4AQ4CodBtiZxefJFAlTNE0g2yxtM=
+www.ingotronic.ch.	300	IN	NSEC	z.ingotronic.ch. A AAAA RRSIG NSEC
+www.ingotronic.ch.	300	IN	RRSIG	NSEC 5 3 300 20150125012443 20141226010256 17430 ingotronic.ch. fMbLmn92jrN7YeM4XWcq7/kKLiPB3Ll4yQSLiPRWQw79ZVeNJMkqEqdstEnnTyKu/hAId6YpvMKsJnIfCTVyoO75i6CaEKXOpvf9AT7TstEUj0YKjp4vWvcNs2F2144nrnqnaVFX8ZTxnUV50R+/AsqtKA+2/Tky6SlNhzeWVMI=
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 475 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 10629
+;; flags: qr rd ra ad cd ; qd: 1 an: 4 au: 0 ad: 1 
+;; QUESTIONS:
+;;	., type = DNSKEY, class = IN
+
+;; ANSWERS:
+.			87391	IN	DNSKEY	256 3 8 AwEAAe3fSrbLBy3LOS7pnxEUhvPZTE2H5dIGsI/UfruI/nOEvWWa/PSX2BFedBkEqOlYdjdNF2f+6lmfk2Od/xu0v5bVqxFE+/24v3hZSlWBxvXzPTAGHrbW/IJYEPqlzVOAS4XdUgHg0N7IbLywNHMvB+Yf+Nm6ctyXXFLV4WTNnzs7
+.			87391	IN	DNSKEY	256 3 8 AwEAAaPD7Y7XIi1MOEREJNTrRhyqsY3gff6JWzg+XCbqut1sbcbvqyssHw8DT1AkRaAC92pO8xuyq5QEgEPL1IHfABLwpwXI5gTj4gdwi86bpkmlWs9fRpnn4DPDCTdrnxIejJXgClHikLJF3u3CdpNCMijq4CKdQbMlRZ3avv+G7rh7
+.			87391	IN	DNSKEY	257 3 8 AwEAAagAIKlVZrpC6Ia7gEzahOR+9W29euxhJhVVLOyQbSEW0O8gcCjFFVQUTf6v58fLjwBd0YI0EzrAcQqBGCzh/RStIoO8g0NfnfL2MTJRkxoXbfDaUeVPQuYEhg37NZWAJQ9VnMVDxP/VHL496M/QZxkjf5/Efucp2gaDX6RS6CXpoY68LsvPVjR0ZSwzz1apAzvN9dlzEheX7ICJBBtuA6G3LQpzW5hOA2hzCTMjJPJ8LbqF6dsV6DoBQzgul0sGIcGOYl7OyQdXfZ57relSQageu+ipAdTTJ25AsRTAoub8ONGcLmqrAmRLKBP1dfwhYB4N7knNnulqQxA+Uk1ihz0=
+.			87391	IN	RRSIG	DNSKEY 8 0 172800 20150115235959 20150101000000 19036 . i8cAxD2pvQi1oAyvQxRpDfFlbqPzW+69QQEsDwE1eWOm5AtawO9U7lmsGps7sy/fVNvl1ljKBj4Djp9pb3U2FLogjiIlW0cDAkPmLlG9t+b/pjEfBNlhjANUVN06pvQVAfm+LcF26EaWT6FlISBqb6jSy4BHRa3Bdc4Sx7+pRSYSqVVvYxLkfAWsKPqGkvWhebJDndJJV9syXQXgZ+v/uJ+6XOS43xkAdeL8iBzIs/FlwMTfh3tVe3d0lb65IBBLlCzeQuetX+0Vu1YFcnD0mHc/wS2ZnAV5toAFmyVQBoY/XAZiZeaOkcROJ6Zmqezy7liwK7BqsYyAZntMhk8lbg==
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 883 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 35482
+;; flags: qr rd ra ad cd ; qd: 1 an: 2 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ch., type = DS, class = IN
+
+;; ANSWERS:
+ch.			991	IN	DS	46375 8 2 8F96646FC68BB7E4AF4C0750A6096FBC0D4ECDA3D3FA6DA06FDDB42EE50C6CF3
+ch.			991	IN	RRSIG	DS 8 1 86400 20150112170000 20150105160000 16665 . thY7xYWBBxiBjqbQIb9fAG4TmQgnziwM7q6P1T3/ITxmECdvOCQnnZA3uD7qmN8uM0HudsD7+y+zgD3rsH4RSTKdL4kHSI0OnCxToMTvklghEgFDezqIRm8NkWdI2H4Stwrj20nYKSpLQxPI2EE54gs18P3KyO8bAUYv8Qx73xU=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 238 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 12915
+;; flags: qr rd ra ad cd ; qd: 1 an: 4 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ch., type = DNSKEY, class = IN
+
+;; ANSWERS:
+ch.			992	IN	DNSKEY	256 3 8 AwEAAcsg0kY6fw1wzYMhSAKTy+Y2JzAst66P/1odp9NECJJHbU8f4nwziI3onoFSBV0ZiSZhY1aH5dhdDZ7BkrqhVXSrZPAz0CvzjIxmB1gSOf9DeZvjQvoy97HqYolxsf+B3QQv2RKBT67elF5+JisKg3/dQISelKn8LhabSoVrMlD1
+ch.			992	IN	DNSKEY	257 3 8 AwEAAb7GhhZ8IAy/AhwmSms5DeQK5ad09wIIplEpYoiAIYXPtJvT1ReFzyfTp/2YP+g/PWDwHPh4qKAHa9x0VgbIQcGAeNakmfkAdWEmCnca323/SAml3mwfaX62G7/uYWae5zh8QTxZKNd+K1yZ5x0IxnI31chSl5xymRbTEHYZDKwSIRFM3fTxUMt93WFaBVWELReYotJBr++rvAWdnlay5TPBTvheLBkaiqtgM4GP8HK07Y+86lsZnEsj5K3G1KTV5SPpa82rqYAwxG9VKbmSE/6/kBR5jJHjt1rRt5Oe7v18aEtw0YCEN4vxq+KuvMoNVqXUsE9LBwHJD+QNwi6wmB0=
+ch.			992	IN	DNSKEY	256 3 8 AwEAAcSLdT0fEmcFmLpeUkAJoeVaHKiu+nbuc43fWlqaCRVf8t2HA4uWxOk0O5ci9nrFTc8nq8oa5fk5Cj7CHh4yrX9qUCfTdIWTyp8BDEdJpS+Dyb0u9wQuVj+nQMj4fLzdQf4TJs3/qxuiLr3nL1UUwlhhXeqSqGVb7p3mtB5HJ8ad
+ch.			992	IN	RRSIG	DNSKEY 8 1 86400 20150127100909 20141212090909 46375 ch. bT8q0FWyeMH0SulNo6UdIIgZYNATwYsee2bikq2Gh339Bufma8eaqWIPYT3XKmxYPBFOw0bVl+kLZxTwbR1CFoCDXoP+qgQhh4mf9qkNiv2CDSc+0FE3FRREn+DAhYTUEuB58FPiPakFB8s8O7T+k2qhDae7jy4/y7Jl1lnjaBY8s7bzOUPhF0KKCNZmvoKwtL23ZdVeTSV1xM3jkiNnpzBKbcoSWECSGJVp1SE0BnRXdwQP41YTXFZ0310YjaTAUCC5qbMIWdEkHjfdSQtKBImnc85mkapq9w++XQ4zhauPWBtrPV3CcoCahjUaWdjrKVkibomlJZaN8MEO23CfQw==
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 893 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 59605
+;; flags: qr rd ra cd ; qd: 1 an: 3 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ingotronic.ch., type = DS, class = IN
+
+;; ANSWERS:
+ingotronic.ch.		3600	IN	DS	6031 5 1 733D0218B571CD617B1A7493564B9FC4F12ADE82
+ingotronic.ch.		3600	IN	DS	6031 5 2 4A948F2FDADA24686E473EDAC00DCF972584C75E3FAA92C2021B6221449FF87E
+ingotronic.ch.		3600	IN	RRSIG	DS 8 2 3600 20150129033614 20150105123019 60789 ch. rVPJP2HhzW7OkroK2axFj5Lb4iVWCH8Fp/Iq1rF952NDo72b8RiKje2RaAKJAGQ+wd0YgE+PAej04GCmkhlDJA/zvPeeTxuhy3HbJzReMlQ7fjyH+wW1hli+FuIYvogXWf7nO/9VyPORt8X/f/pjrOr3Vlj9sGLN8TGYpEuVSw4=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 288 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 21625
+;; flags: qr aa rd ra cd ; qd: 1 an: 4 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ingotronic.ch., type = DNSKEY, class = IN
+
+;; ANSWERS:
+ingotronic.ch.		300	IN	DNSKEY	256 3 5 AwEAAZ2Xh77GFzpEDx7EHYxShqltHgkiG+BOjBGifEmnJhQSdE5/yNSLFNcdhZZ8HUPxYnaedTqJcFFg4AzUsQklF/fECegTJdZjaj2WoL0/I8K7HMfY/hVuRZUWPNglYi8agJRX6gdkFTCpUNI7stpgKqxtzUJhhw15uG/lKMplwqUr
+ingotronic.ch.		300	IN	DNSKEY	257 3 5 AwEAAeA1vzmjaB+eBAcvhzpKEgAEFpvQ1rg4uKDW6MsQtacKoqBpgyep2+LuWotz5p/xYxj3NGsArwN8Ad5cY0FHRr8miTT0elOv6nvlqGIfRuhj/BXAQ1x4ihpSFslHw0lJMYFwxsUZWpUyjWX/nv1xRZMMwF46gui0N4OEbyTYusCk77D+A71k+K0EAitFIbIH4GCUKmH1H7HmXhSVH9bN/n7KEGwW32lmsuuUcJoRKDkcUvbMXY/9Xoa2quERrUg/rBbDUHowRPjYDS5GzY1+f4YY8s40BufGiqyUTKKXL953MVFK8gmezXA0hbmrnZ7CBOw/7238mORAdzExaX8n7CE=
+ingotronic.ch.		300	IN	RRSIG	DNSKEY 5 2 300 20150125003700 20141226001657 6031 ingotronic.ch. rs1QlP2SlSpA2ELbzwg3DgWLzXWL3Lpv6CUJE2Q0qH2Zp7Qdy3cD+ZEtNh9v24Qv1M6JJ3zFt8mmZoCeW2ycuMbJCqBkW9CBuwF+VznZvZY2MxwPipvhvEEGP//0M8YAZJ66yQPDv3PTdAP8FYbIrJyvY44vwyncwbslpfHT9jAsrbfr3vuMuWps86dnP462q+0s1TxBfqi8mzo3gdavjHKWVNwohLahLKT+tWeu6DSzQv0YwMjwtkLgF7QRgx3ctIIkloOrnx9nHH1N6y+hxEB89fOlyVDjHhgL5uVtsD5fEdT0FJ2Gc/2nShEMMqIwr1/J9kUq1mNySff/uEe65Q==
+ingotronic.ch.		300	IN	RRSIG	DNSKEY 5 2 300 20150125003700 20141226001657 17430 ingotronic.ch. mEwZjhQqeWksWD0TCnNBrtce4YkWJL3edqL6PvAUu8Fn+Ih437kEs3+pqdkgRsdYQ9HW+lBm/8pWwJlNAv0bi9NykItXMwAUFtncgq+6Pnh3iAM972GXSa5VV4LcGQ5b8CBdHCHiEKDqyPv5Hr5QfYL/FQaWlcNRh4QZZlZNPFA=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 940 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 5462
+;; flags: qr rd ra ad cd ; qd: 1 an: 4 au: 0 ad: 1 
+;; QUESTIONS:
+;;	., type = DNSKEY, class = IN
+
+;; ANSWERS:
+.			87390	IN	DNSKEY	256 3 8 AwEAAe3fSrbLBy3LOS7pnxEUhvPZTE2H5dIGsI/UfruI/nOEvWWa/PSX2BFedBkEqOlYdjdNF2f+6lmfk2Od/xu0v5bVqxFE+/24v3hZSlWBxvXzPTAGHrbW/IJYEPqlzVOAS4XdUgHg0N7IbLywNHMvB+Yf+Nm6ctyXXFLV4WTNnzs7
+.			87390	IN	DNSKEY	256 3 8 AwEAAaPD7Y7XIi1MOEREJNTrRhyqsY3gff6JWzg+XCbqut1sbcbvqyssHw8DT1AkRaAC92pO8xuyq5QEgEPL1IHfABLwpwXI5gTj4gdwi86bpkmlWs9fRpnn4DPDCTdrnxIejJXgClHikLJF3u3CdpNCMijq4CKdQbMlRZ3avv+G7rh7
+.			87390	IN	DNSKEY	257 3 8 AwEAAagAIKlVZrpC6Ia7gEzahOR+9W29euxhJhVVLOyQbSEW0O8gcCjFFVQUTf6v58fLjwBd0YI0EzrAcQqBGCzh/RStIoO8g0NfnfL2MTJRkxoXbfDaUeVPQuYEhg37NZWAJQ9VnMVDxP/VHL496M/QZxkjf5/Efucp2gaDX6RS6CXpoY68LsvPVjR0ZSwzz1apAzvN9dlzEheX7ICJBBtuA6G3LQpzW5hOA2hzCTMjJPJ8LbqF6dsV6DoBQzgul0sGIcGOYl7OyQdXfZ57relSQageu+ipAdTTJ25AsRTAoub8ONGcLmqrAmRLKBP1dfwhYB4N7knNnulqQxA+Uk1ihz0=
+.			87390	IN	RRSIG	DNSKEY 8 0 172800 20150115235959 20150101000000 19036 . i8cAxD2pvQi1oAyvQxRpDfFlbqPzW+69QQEsDwE1eWOm5AtawO9U7lmsGps7sy/fVNvl1ljKBj4Djp9pb3U2FLogjiIlW0cDAkPmLlG9t+b/pjEfBNlhjANUVN06pvQVAfm+LcF26EaWT6FlISBqb6jSy4BHRa3Bdc4Sx7+pRSYSqVVvYxLkfAWsKPqGkvWhebJDndJJV9syXQXgZ+v/uJ+6XOS43xkAdeL8iBzIs/FlwMTfh3tVe3d0lb65IBBLlCzeQuetX+0Vu1YFcnD0mHc/wS2ZnAV5toAFmyVQBoY/XAZiZeaOkcROJ6Zmqezy7liwK7BqsYyAZntMhk8lbg==
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 883 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 239
+;; flags: qr rd ra ad cd ; qd: 1 an: 2 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ch., type = DS, class = IN
+
+;; ANSWERS:
+ch.			990	IN	DS	46375 8 2 8F96646FC68BB7E4AF4C0750A6096FBC0D4ECDA3D3FA6DA06FDDB42EE50C6CF3
+ch.			990	IN	RRSIG	DS 8 1 86400 20150112170000 20150105160000 16665 . thY7xYWBBxiBjqbQIb9fAG4TmQgnziwM7q6P1T3/ITxmECdvOCQnnZA3uD7qmN8uM0HudsD7+y+zgD3rsH4RSTKdL4kHSI0OnCxToMTvklghEgFDezqIRm8NkWdI2H4Stwrj20nYKSpLQxPI2EE54gs18P3KyO8bAUYv8Qx73xU=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 238 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 17622
+;; flags: qr rd ra ad cd ; qd: 1 an: 4 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ch., type = DNSKEY, class = IN
+
+;; ANSWERS:
+ch.			991	IN	DNSKEY	257 3 8 AwEAAb7GhhZ8IAy/AhwmSms5DeQK5ad09wIIplEpYoiAIYXPtJvT1ReFzyfTp/2YP+g/PWDwHPh4qKAHa9x0VgbIQcGAeNakmfkAdWEmCnca323/SAml3mwfaX62G7/uYWae5zh8QTxZKNd+K1yZ5x0IxnI31chSl5xymRbTEHYZDKwSIRFM3fTxUMt93WFaBVWELReYotJBr++rvAWdnlay5TPBTvheLBkaiqtgM4GP8HK07Y+86lsZnEsj5K3G1KTV5SPpa82rqYAwxG9VKbmSE/6/kBR5jJHjt1rRt5Oe7v18aEtw0YCEN4vxq+KuvMoNVqXUsE9LBwHJD+QNwi6wmB0=
+ch.			991	IN	DNSKEY	256 3 8 AwEAAcSLdT0fEmcFmLpeUkAJoeVaHKiu+nbuc43fWlqaCRVf8t2HA4uWxOk0O5ci9nrFTc8nq8oa5fk5Cj7CHh4yrX9qUCfTdIWTyp8BDEdJpS+Dyb0u9wQuVj+nQMj4fLzdQf4TJs3/qxuiLr3nL1UUwlhhXeqSqGVb7p3mtB5HJ8ad
+ch.			991	IN	DNSKEY	256 3 8 AwEAAcsg0kY6fw1wzYMhSAKTy+Y2JzAst66P/1odp9NECJJHbU8f4nwziI3onoFSBV0ZiSZhY1aH5dhdDZ7BkrqhVXSrZPAz0CvzjIxmB1gSOf9DeZvjQvoy97HqYolxsf+B3QQv2RKBT67elF5+JisKg3/dQISelKn8LhabSoVrMlD1
+ch.			991	IN	RRSIG	DNSKEY 8 1 86400 20150127100909 20141212090909 46375 ch. bT8q0FWyeMH0SulNo6UdIIgZYNATwYsee2bikq2Gh339Bufma8eaqWIPYT3XKmxYPBFOw0bVl+kLZxTwbR1CFoCDXoP+qgQhh4mf9qkNiv2CDSc+0FE3FRREn+DAhYTUEuB58FPiPakFB8s8O7T+k2qhDae7jy4/y7Jl1lnjaBY8s7bzOUPhF0KKCNZmvoKwtL23ZdVeTSV1xM3jkiNnpzBKbcoSWECSGJVp1SE0BnRXdwQP41YTXFZ0310YjaTAUCC5qbMIWdEkHjfdSQtKBImnc85mkapq9w++XQ4zhauPWBtrPV3CcoCahjUaWdjrKVkibomlJZaN8MEO23CfQw==
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 893 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 27845
+;; flags: qr rd ra cd ; qd: 1 an: 3 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ingotronic.ch., type = DS, class = IN
+
+;; ANSWERS:
+ingotronic.ch.		3599	IN	DS	6031 5 2 4A948F2FDADA24686E473EDAC00DCF972584C75E3FAA92C2021B6221449FF87E
+ingotronic.ch.		3599	IN	DS	6031 5 1 733D0218B571CD617B1A7493564B9FC4F12ADE82
+ingotronic.ch.		3599	IN	RRSIG	DS 8 2 3600 20150129033614 20150105123019 60789 ch. rVPJP2HhzW7OkroK2axFj5Lb4iVWCH8Fp/Iq1rF952NDo72b8RiKje2RaAKJAGQ+wd0YgE+PAej04GCmkhlDJA/zvPeeTxuhy3HbJzReMlQ7fjyH+wW1hli+FuIYvogXWf7nO/9VyPORt8X/f/pjrOr3Vlj9sGLN8TGYpEuVSw4=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 288 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 17702
+;; flags: qr aa rd ra cd ; qd: 1 an: 4 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ingotronic.ch., type = DNSKEY, class = IN
+
+;; ANSWERS:
+ingotronic.ch.		300	IN	DNSKEY	257 3 5 AwEAAeA1vzmjaB+eBAcvhzpKEgAEFpvQ1rg4uKDW6MsQtacKoqBpgyep2+LuWotz5p/xYxj3NGsArwN8Ad5cY0FHRr8miTT0elOv6nvlqGIfRuhj/BXAQ1x4ihpSFslHw0lJMYFwxsUZWpUyjWX/nv1xRZMMwF46gui0N4OEbyTYusCk77D+A71k+K0EAitFIbIH4GCUKmH1H7HmXhSVH9bN/n7KEGwW32lmsuuUcJoRKDkcUvbMXY/9Xoa2quERrUg/rBbDUHowRPjYDS5GzY1+f4YY8s40BufGiqyUTKKXL953MVFK8gmezXA0hbmrnZ7CBOw/7238mORAdzExaX8n7CE=
+ingotronic.ch.		300	IN	DNSKEY	256 3 5 AwEAAZ2Xh77GFzpEDx7EHYxShqltHgkiG+BOjBGifEmnJhQSdE5/yNSLFNcdhZZ8HUPxYnaedTqJcFFg4AzUsQklF/fECegTJdZjaj2WoL0/I8K7HMfY/hVuRZUWPNglYi8agJRX6gdkFTCpUNI7stpgKqxtzUJhhw15uG/lKMplwqUr
+ingotronic.ch.		300	IN	RRSIG	DNSKEY 5 2 300 20150125003700 20141226001657 6031 ingotronic.ch. rs1QlP2SlSpA2ELbzwg3DgWLzXWL3Lpv6CUJE2Q0qH2Zp7Qdy3cD+ZEtNh9v24Qv1M6JJ3zFt8mmZoCeW2ycuMbJCqBkW9CBuwF+VznZvZY2MxwPipvhvEEGP//0M8YAZJ66yQPDv3PTdAP8FYbIrJyvY44vwyncwbslpfHT9jAsrbfr3vuMuWps86dnP462q+0s1TxBfqi8mzo3gdavjHKWVNwohLahLKT+tWeu6DSzQv0YwMjwtkLgF7QRgx3ctIIkloOrnx9nHH1N6y+hxEB89fOlyVDjHhgL5uVtsD5fEdT0FJ2Gc/2nShEMMqIwr1/J9kUq1mNySff/uEe65Q==
+ingotronic.ch.		300	IN	RRSIG	DNSKEY 5 2 300 20150125003700 20141226001657 17430 ingotronic.ch. mEwZjhQqeWksWD0TCnNBrtce4YkWJL3edqL6PvAUu8Fn+Ih437kEs3+pqdkgRsdYQ9HW+lBm/8pWwJlNAv0bi9NykItXMwAUFtncgq+6Pnh3iAM972GXSa5VV4LcGQ5b8CBdHCHiEKDqyPv5Hr5QfYL/FQaWlcNRh4QZZlZNPFA=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 940 bytes
+
+###############################################
+
diff --git a/src/test/resources/recordings/org_xbill_DNS_dnssec_TestNonExistence/testNonExisting_1 b/src/test/resources/recordings/org_xbill_DNS_dnssec_TestNonExistence/testNonExisting_1
new file mode 100644
index 000000000..f9fe4b0b4
--- /dev/null
+++ b/src/test/resources/recordings/org_xbill_DNS_dnssec_TestNonExistence/testNonExisting_1
@@ -0,0 +1,43 @@
+#Date: 2015-01-06T22:34:46+01:00
+;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 32300
+;; flags: qr rd ra cd ; qd: 1 an: 0 au: 6 ad: 1 
+;; QUESTIONS:
+;;	gibtsnicht., type = A, class = IN
+
+;; ANSWERS:
+
+;; AUTHORITY RECORDS:
+.			10800	IN	SOA	a.root-servers.net. nstld.verisign-grs.com. 2015010601 1800 900 604800 86400
+.			10800	IN	RRSIG	SOA 8 0 86400 20150113170000 20150106160000 16665 . R9ZOwEb5fodQQNRl4WvguyqEzOxdNPQ18nI+0R5sB2JSqG4Qz45SwW+vfnFCF01UW43/GdEfGOScrYVP2UBM8F2WOM+tHMZN0t9BbP9uszTWhzdYNCl3UKYYJiB59b8HIhKXlERPVfW2UEgIiI2VajShJnUv67W8gQO56hgTNEE=
+.			10800	IN	RRSIG	NSEC 8 0 86400 20150113170000 20150106160000 16665 . wlEpGn1C8YZzJjIrlJp/GSud5FuLAZZj9C54DrKEl9gELWeIFJgLwkI1tcH4EhabbsNScB7SPOmVmnLkuM4Q6yJkmI1HXeBrddxniI2YEw+m9++/i19AqfDxuVYs52peKxXdEZ/sIS5JtDz3bdB44IAp2k1ue780z0xRV796vUk=
+.			10800	IN	NSEC	abogado. NS SOA RRSIG NSEC DNSKEY
+gi.			10800	IN	RRSIG	NSEC 8 1 86400 20150113170000 20150106160000 16665 . jvKrJLijjO866a3A9fkv130tf/UsyS0FgH+k9afhIaNcvTzEwUeVP8+RosGM/b8BWhgASmx2ONSl+BD1LIH1JRkUXKZRVbItdDE27gdKQHTHORYybBDTiHHhnMet1vsceRvN77TAvrdFhm9RYFehZ3ddkQDvy8IACiA5PMhLyQg=
+gi.			10800	IN	NSEC	gift. NS DS RRSIG NSEC
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 646 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 36258
+;; flags: qr rd ra ad cd ; qd: 1 an: 4 au: 0 ad: 1 
+;; QUESTIONS:
+;;	., type = DNSKEY, class = IN
+
+;; ANSWERS:
+.			87387	IN	DNSKEY	256 3 8 AwEAAe3fSrbLBy3LOS7pnxEUhvPZTE2H5dIGsI/UfruI/nOEvWWa/PSX2BFedBkEqOlYdjdNF2f+6lmfk2Od/xu0v5bVqxFE+/24v3hZSlWBxvXzPTAGHrbW/IJYEPqlzVOAS4XdUgHg0N7IbLywNHMvB+Yf+Nm6ctyXXFLV4WTNnzs7
+.			87387	IN	DNSKEY	256 3 8 AwEAAaPD7Y7XIi1MOEREJNTrRhyqsY3gff6JWzg+XCbqut1sbcbvqyssHw8DT1AkRaAC92pO8xuyq5QEgEPL1IHfABLwpwXI5gTj4gdwi86bpkmlWs9fRpnn4DPDCTdrnxIejJXgClHikLJF3u3CdpNCMijq4CKdQbMlRZ3avv+G7rh7
+.			87387	IN	DNSKEY	257 3 8 AwEAAagAIKlVZrpC6Ia7gEzahOR+9W29euxhJhVVLOyQbSEW0O8gcCjFFVQUTf6v58fLjwBd0YI0EzrAcQqBGCzh/RStIoO8g0NfnfL2MTJRkxoXbfDaUeVPQuYEhg37NZWAJQ9VnMVDxP/VHL496M/QZxkjf5/Efucp2gaDX6RS6CXpoY68LsvPVjR0ZSwzz1apAzvN9dlzEheX7ICJBBtuA6G3LQpzW5hOA2hzCTMjJPJ8LbqF6dsV6DoBQzgul0sGIcGOYl7OyQdXfZ57relSQageu+ipAdTTJ25AsRTAoub8ONGcLmqrAmRLKBP1dfwhYB4N7knNnulqQxA+Uk1ihz0=
+.			87387	IN	RRSIG	DNSKEY 8 0 172800 20150115235959 20150101000000 19036 . i8cAxD2pvQi1oAyvQxRpDfFlbqPzW+69QQEsDwE1eWOm5AtawO9U7lmsGps7sy/fVNvl1ljKBj4Djp9pb3U2FLogjiIlW0cDAkPmLlG9t+b/pjEfBNlhjANUVN06pvQVAfm+LcF26EaWT6FlISBqb6jSy4BHRa3Bdc4Sx7+pRSYSqVVvYxLkfAWsKPqGkvWhebJDndJJV9syXQXgZ+v/uJ+6XOS43xkAdeL8iBzIs/FlwMTfh3tVe3d0lb65IBBLlCzeQuetX+0Vu1YFcnD0mHc/wS2ZnAV5toAFmyVQBoY/XAZiZeaOkcROJ6Zmqezy7liwK7BqsYyAZntMhk8lbg==
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 883 bytes
+
+###############################################
+
diff --git a/src/test/resources/recordings/org_xbill_DNS_dnssec_TestNonExistence/testNonExisting_2 b/src/test/resources/recordings/org_xbill_DNS_dnssec_TestNonExistence/testNonExisting_2
new file mode 100644
index 000000000..0c5908dda
--- /dev/null
+++ b/src/test/resources/recordings/org_xbill_DNS_dnssec_TestNonExistence/testNonExisting_2
@@ -0,0 +1,120 @@
+#Date: 2015-01-06T22:34:47+01:00
+;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 19015
+;; flags: qr aa rd ra cd ; qd: 1 an: 0 au: 6 ad: 1 
+;; QUESTIONS:
+;;	gibtsnicht.ingotronic.ch., type = A, class = IN
+
+;; ANSWERS:
+
+;; AUTHORITY RECORDS:
+ingotronic.ch.		300	IN	SOA	ns1.ingotronic.ch. admin.ingotronic.ch. 2013032762 300 60 864000 300
+ingotronic.ch.		300	IN	RRSIG	SOA 5 2 300 20150125021244 20141226011244 17430 ingotronic.ch. WDLpp9G0P/rlMBfpFn9sAfpEFoBnQfwyGSXbGCc/LG1FSkJoKLDQYDY696scLNsJgkrzZeJrl0oSSvA8AvRUhYRrmuqWMxTVFgYlRwPwqEMCKUqiVhKGVF4NYemoBiUQC4nJwBZd57xKCiF4AQ4CodBtiZxefJFAlTNE0g2yxtM=
+ingotronic.ch.		300	IN	NSEC	alias.ingotronic.ch. A NS SOA RRSIG NSEC DNSKEY
+ingotronic.ch.		300	IN	RRSIG	NSEC 5 2 300 20150125000532 20141225234703 17430 ingotronic.ch. en5BaZ6zWqEvoUFUDPm5g1pjz7THXBv/1kjKtV2tS+7xh0BtkLEzlA9n/H66ZZAX2EIh7vXj12xVJKOuEuM0o1mJwKsBaLQuTra60/zYAUIddwUOCzI3zzjiRFklPyHSnLkGoBODZcvehnsTzTPyBxkfoouleqpj7gN5jOSBL8M=
+eccgost.ingotronic.ch.	300	IN	NSEC	invalid.ingotronic.ch. NS DS RRSIG NSEC
+eccgost.ingotronic.ch.	300	IN	RRSIG	NSEC 5 3 300 20150125021136 20141226011244 17430 ingotronic.ch. lsX44/1144d1nG80WVhDnZCiywh+KTNqj9oEECk3GifEjOWNTJDTfbBnrGbdc7BIWs1mZmcPKFVfQB39QunMyzNQi4Wzjor3U1FPbXhUTn/g9fMul37g1aR00hUfS2Jo49vfDZEMZWp7th9ZFc+hlr8uWISceul5OJRq4SyMbzs=
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 711 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 61810
+;; flags: qr rd ra ad cd ; qd: 1 an: 4 au: 0 ad: 1 
+;; QUESTIONS:
+;;	., type = DNSKEY, class = IN
+
+;; ANSWERS:
+.			87386	IN	DNSKEY	257 3 8 AwEAAagAIKlVZrpC6Ia7gEzahOR+9W29euxhJhVVLOyQbSEW0O8gcCjFFVQUTf6v58fLjwBd0YI0EzrAcQqBGCzh/RStIoO8g0NfnfL2MTJRkxoXbfDaUeVPQuYEhg37NZWAJQ9VnMVDxP/VHL496M/QZxkjf5/Efucp2gaDX6RS6CXpoY68LsvPVjR0ZSwzz1apAzvN9dlzEheX7ICJBBtuA6G3LQpzW5hOA2hzCTMjJPJ8LbqF6dsV6DoBQzgul0sGIcGOYl7OyQdXfZ57relSQageu+ipAdTTJ25AsRTAoub8ONGcLmqrAmRLKBP1dfwhYB4N7knNnulqQxA+Uk1ihz0=
+.			87386	IN	DNSKEY	256 3 8 AwEAAe3fSrbLBy3LOS7pnxEUhvPZTE2H5dIGsI/UfruI/nOEvWWa/PSX2BFedBkEqOlYdjdNF2f+6lmfk2Od/xu0v5bVqxFE+/24v3hZSlWBxvXzPTAGHrbW/IJYEPqlzVOAS4XdUgHg0N7IbLywNHMvB+Yf+Nm6ctyXXFLV4WTNnzs7
+.			87386	IN	DNSKEY	256 3 8 AwEAAaPD7Y7XIi1MOEREJNTrRhyqsY3gff6JWzg+XCbqut1sbcbvqyssHw8DT1AkRaAC92pO8xuyq5QEgEPL1IHfABLwpwXI5gTj4gdwi86bpkmlWs9fRpnn4DPDCTdrnxIejJXgClHikLJF3u3CdpNCMijq4CKdQbMlRZ3avv+G7rh7
+.			87386	IN	RRSIG	DNSKEY 8 0 172800 20150115235959 20150101000000 19036 . i8cAxD2pvQi1oAyvQxRpDfFlbqPzW+69QQEsDwE1eWOm5AtawO9U7lmsGps7sy/fVNvl1ljKBj4Djp9pb3U2FLogjiIlW0cDAkPmLlG9t+b/pjEfBNlhjANUVN06pvQVAfm+LcF26EaWT6FlISBqb6jSy4BHRa3Bdc4Sx7+pRSYSqVVvYxLkfAWsKPqGkvWhebJDndJJV9syXQXgZ+v/uJ+6XOS43xkAdeL8iBzIs/FlwMTfh3tVe3d0lb65IBBLlCzeQuetX+0Vu1YFcnD0mHc/wS2ZnAV5toAFmyVQBoY/XAZiZeaOkcROJ6Zmqezy7liwK7BqsYyAZntMhk8lbg==
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 883 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 38737
+;; flags: qr rd ra ad cd ; qd: 1 an: 2 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ch., type = DS, class = IN
+
+;; ANSWERS:
+ch.			986	IN	DS	46375 8 2 8F96646FC68BB7E4AF4C0750A6096FBC0D4ECDA3D3FA6DA06FDDB42EE50C6CF3
+ch.			986	IN	RRSIG	DS 8 1 86400 20150112170000 20150105160000 16665 . thY7xYWBBxiBjqbQIb9fAG4TmQgnziwM7q6P1T3/ITxmECdvOCQnnZA3uD7qmN8uM0HudsD7+y+zgD3rsH4RSTKdL4kHSI0OnCxToMTvklghEgFDezqIRm8NkWdI2H4Stwrj20nYKSpLQxPI2EE54gs18P3KyO8bAUYv8Qx73xU=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 238 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 12449
+;; flags: qr rd ra ad cd ; qd: 1 an: 4 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ch., type = DNSKEY, class = IN
+
+;; ANSWERS:
+ch.			987	IN	DNSKEY	257 3 8 AwEAAb7GhhZ8IAy/AhwmSms5DeQK5ad09wIIplEpYoiAIYXPtJvT1ReFzyfTp/2YP+g/PWDwHPh4qKAHa9x0VgbIQcGAeNakmfkAdWEmCnca323/SAml3mwfaX62G7/uYWae5zh8QTxZKNd+K1yZ5x0IxnI31chSl5xymRbTEHYZDKwSIRFM3fTxUMt93WFaBVWELReYotJBr++rvAWdnlay5TPBTvheLBkaiqtgM4GP8HK07Y+86lsZnEsj5K3G1KTV5SPpa82rqYAwxG9VKbmSE/6/kBR5jJHjt1rRt5Oe7v18aEtw0YCEN4vxq+KuvMoNVqXUsE9LBwHJD+QNwi6wmB0=
+ch.			987	IN	DNSKEY	256 3 8 AwEAAcSLdT0fEmcFmLpeUkAJoeVaHKiu+nbuc43fWlqaCRVf8t2HA4uWxOk0O5ci9nrFTc8nq8oa5fk5Cj7CHh4yrX9qUCfTdIWTyp8BDEdJpS+Dyb0u9wQuVj+nQMj4fLzdQf4TJs3/qxuiLr3nL1UUwlhhXeqSqGVb7p3mtB5HJ8ad
+ch.			987	IN	DNSKEY	256 3 8 AwEAAcsg0kY6fw1wzYMhSAKTy+Y2JzAst66P/1odp9NECJJHbU8f4nwziI3onoFSBV0ZiSZhY1aH5dhdDZ7BkrqhVXSrZPAz0CvzjIxmB1gSOf9DeZvjQvoy97HqYolxsf+B3QQv2RKBT67elF5+JisKg3/dQISelKn8LhabSoVrMlD1
+ch.			987	IN	RRSIG	DNSKEY 8 1 86400 20150127100909 20141212090909 46375 ch. bT8q0FWyeMH0SulNo6UdIIgZYNATwYsee2bikq2Gh339Bufma8eaqWIPYT3XKmxYPBFOw0bVl+kLZxTwbR1CFoCDXoP+qgQhh4mf9qkNiv2CDSc+0FE3FRREn+DAhYTUEuB58FPiPakFB8s8O7T+k2qhDae7jy4/y7Jl1lnjaBY8s7bzOUPhF0KKCNZmvoKwtL23ZdVeTSV1xM3jkiNnpzBKbcoSWECSGJVp1SE0BnRXdwQP41YTXFZ0310YjaTAUCC5qbMIWdEkHjfdSQtKBImnc85mkapq9w++XQ4zhauPWBtrPV3CcoCahjUaWdjrKVkibomlJZaN8MEO23CfQw==
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 893 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 3260
+;; flags: qr rd ra cd ; qd: 1 an: 3 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ingotronic.ch., type = DS, class = IN
+
+;; ANSWERS:
+ingotronic.ch.		3595	IN	DS	6031 5 1 733D0218B571CD617B1A7493564B9FC4F12ADE82
+ingotronic.ch.		3595	IN	DS	6031 5 2 4A948F2FDADA24686E473EDAC00DCF972584C75E3FAA92C2021B6221449FF87E
+ingotronic.ch.		3595	IN	RRSIG	DS 8 2 3600 20150129033614 20150105123019 60789 ch. rVPJP2HhzW7OkroK2axFj5Lb4iVWCH8Fp/Iq1rF952NDo72b8RiKje2RaAKJAGQ+wd0YgE+PAej04GCmkhlDJA/zvPeeTxuhy3HbJzReMlQ7fjyH+wW1hli+FuIYvogXWf7nO/9VyPORt8X/f/pjrOr3Vlj9sGLN8TGYpEuVSw4=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 288 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 41331
+;; flags: qr aa rd ra cd ; qd: 1 an: 4 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ingotronic.ch., type = DNSKEY, class = IN
+
+;; ANSWERS:
+ingotronic.ch.		300	IN	DNSKEY	257 3 5 AwEAAeA1vzmjaB+eBAcvhzpKEgAEFpvQ1rg4uKDW6MsQtacKoqBpgyep2+LuWotz5p/xYxj3NGsArwN8Ad5cY0FHRr8miTT0elOv6nvlqGIfRuhj/BXAQ1x4ihpSFslHw0lJMYFwxsUZWpUyjWX/nv1xRZMMwF46gui0N4OEbyTYusCk77D+A71k+K0EAitFIbIH4GCUKmH1H7HmXhSVH9bN/n7KEGwW32lmsuuUcJoRKDkcUvbMXY/9Xoa2quERrUg/rBbDUHowRPjYDS5GzY1+f4YY8s40BufGiqyUTKKXL953MVFK8gmezXA0hbmrnZ7CBOw/7238mORAdzExaX8n7CE=
+ingotronic.ch.		300	IN	DNSKEY	256 3 5 AwEAAZ2Xh77GFzpEDx7EHYxShqltHgkiG+BOjBGifEmnJhQSdE5/yNSLFNcdhZZ8HUPxYnaedTqJcFFg4AzUsQklF/fECegTJdZjaj2WoL0/I8K7HMfY/hVuRZUWPNglYi8agJRX6gdkFTCpUNI7stpgKqxtzUJhhw15uG/lKMplwqUr
+ingotronic.ch.		300	IN	RRSIG	DNSKEY 5 2 300 20150125003700 20141226001657 6031 ingotronic.ch. rs1QlP2SlSpA2ELbzwg3DgWLzXWL3Lpv6CUJE2Q0qH2Zp7Qdy3cD+ZEtNh9v24Qv1M6JJ3zFt8mmZoCeW2ycuMbJCqBkW9CBuwF+VznZvZY2MxwPipvhvEEGP//0M8YAZJ66yQPDv3PTdAP8FYbIrJyvY44vwyncwbslpfHT9jAsrbfr3vuMuWps86dnP462q+0s1TxBfqi8mzo3gdavjHKWVNwohLahLKT+tWeu6DSzQv0YwMjwtkLgF7QRgx3ctIIkloOrnx9nHH1N6y+hxEB89fOlyVDjHhgL5uVtsD5fEdT0FJ2Gc/2nShEMMqIwr1/J9kUq1mNySff/uEe65Q==
+ingotronic.ch.		300	IN	RRSIG	DNSKEY 5 2 300 20150125003700 20141226001657 17430 ingotronic.ch. mEwZjhQqeWksWD0TCnNBrtce4YkWJL3edqL6PvAUu8Fn+Ih437kEs3+pqdkgRsdYQ9HW+lBm/8pWwJlNAv0bi9NykItXMwAUFtncgq+6Pnh3iAM972GXSa5VV4LcGQ5b8CBdHCHiEKDqyPv5Hr5QfYL/FQaWlcNRh4QZZlZNPFA=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 940 bytes
+
+###############################################
+
diff --git a/src/test/resources/recordings/org_xbill_DNS_dnssec_TestNonExistence/testNonExisting_3 b/src/test/resources/recordings/org_xbill_DNS_dnssec_TestNonExistence/testNonExisting_3
new file mode 100644
index 000000000..edf53cd38
--- /dev/null
+++ b/src/test/resources/recordings/org_xbill_DNS_dnssec_TestNonExistence/testNonExisting_3
@@ -0,0 +1,161 @@
+#Date: 2015-01-06T22:34:45+01:00
+;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 61261
+;; flags: qr aa rd ra cd ; qd: 1 an: 0 au: 8 ad: 1 
+;; QUESTIONS:
+;;	gibtsnicht.nsec3.ingotronic.ch., type = A, class = IN
+
+;; ANSWERS:
+
+;; AUTHORITY RECORDS:
+nsec3.ingotronic.ch.	300	IN	SOA	ns1.ingotronic.ch. admin.ingotronic.ch. 2013032932 300 60 864000 300
+nsec3.ingotronic.ch.	300	IN	RRSIG	SOA 7 3 300 20150201003516 20150101233516 62417 nsec3.ingotronic.ch. RMXaAZCkydysBpA4+LWD2frs4CZH2FBxafAolq7MOG62Sw3ellwNcSIh2naMasviin2DU2BAzIYyFUqKJDbUqzTxZQjsM6d5LtgFy5iTNmWum6FnFP5Fz73Zs/9Q0LNEstR82MRRL8EDElADhFySAReavyT/vlSTScQGxx6slyQ=
+NTV3QJT4VQDVBPB6BNOVM40NMKJ3H29P.nsec3.ingotronic.ch.	300	IN	NSEC3	1 0 10 1234 O275F9OLQ9HNCER7U4SMD4V8AG7IPML9 A NS SOA RRSIG DNSKEY NSEC3PARAM
+NTV3QJT4VQDVBPB6BNOVM40NMKJ3H29P.nsec3.ingotronic.ch.	300	IN	RRSIG	NSEC3 7 4 300 20150131235629 20150101233516 62417 nsec3.ingotronic.ch. xccCvQs/b3ndBUo6J2FbaCzDMg+LB1e4OWeI29VTBWcmfbuD3rZvneRdbA9B5AluJH1ar10xxdrt/+RSuhSWC70LswkdPDg4vshmCZMDeMCOJYFEkGR0UgcZUMynU6EewEDLVLgYtBkJmspeuZNMBMPk/ZUOolCElrkHfbUA1Cc=
+UDUMPS9J6F8348HFHH2FAED6I9DDE0U6.nsec3.ingotronic.ch.	300	IN	NSEC3	1 0 10 1234 0UPHA6GQV03I7D8EJUDKC30I0C6I1G1Q
+UDUMPS9J6F8348HFHH2FAED6I9DDE0U6.nsec3.ingotronic.ch.	300	IN	RRSIG	NSEC3 7 4 300 20150125005926 20141226002759 62417 nsec3.ingotronic.ch. XV2q9ufbwzauD/tmjb2EKsNBF+kHQYL0/MNb6ivY1oH9Q2hzQNPUuHkUl1db2erDFodPvspmDk6p6WOXoV6wmmaYhN+JI1TQKYYThsnKC1bkt1h6QyjwsDc12d8HVHOopvoXpaYWoV4bbghsAylGVqRjEYyt8JtR3BPfphehloU=
+L40SJG7ANKROIHCT5RA6C8CTKJ91CD3N.nsec3.ingotronic.ch.	300	IN	NSEC3	1 0 10 1234 ND3HQPFBN314KVB64L6T40JF75US8HKT
+L40SJG7ANKROIHCT5RA6C8CTKJ91CD3N.nsec3.ingotronic.ch.	300	IN	RRSIG	NSEC3 7 4 300 20150125005926 20141226002759 62417 nsec3.ingotronic.ch. v6NHEWwb2KxRGRPshC2KFoxJs4Mis3OmvncJmn5bIWBnzeTY4x75tsE4zlVPx9rp0rjmOAQsYn4KGtIFPUShDHNHy45qoOtKkvRzRgByx4K2l5Rq9OizQVYsEUUScXEYATilaDU9whifF0vPk7YPwFGRmiY3prCGAvY/jH4hQUM=
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 1049 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 45173
+;; flags: qr rd ra ad cd ; qd: 1 an: 4 au: 0 ad: 1 
+;; QUESTIONS:
+;;	., type = DNSKEY, class = IN
+
+;; ANSWERS:
+.			87388	IN	DNSKEY	256 3 8 AwEAAaPD7Y7XIi1MOEREJNTrRhyqsY3gff6JWzg+XCbqut1sbcbvqyssHw8DT1AkRaAC92pO8xuyq5QEgEPL1IHfABLwpwXI5gTj4gdwi86bpkmlWs9fRpnn4DPDCTdrnxIejJXgClHikLJF3u3CdpNCMijq4CKdQbMlRZ3avv+G7rh7
+.			87388	IN	DNSKEY	256 3 8 AwEAAe3fSrbLBy3LOS7pnxEUhvPZTE2H5dIGsI/UfruI/nOEvWWa/PSX2BFedBkEqOlYdjdNF2f+6lmfk2Od/xu0v5bVqxFE+/24v3hZSlWBxvXzPTAGHrbW/IJYEPqlzVOAS4XdUgHg0N7IbLywNHMvB+Yf+Nm6ctyXXFLV4WTNnzs7
+.			87388	IN	DNSKEY	257 3 8 AwEAAagAIKlVZrpC6Ia7gEzahOR+9W29euxhJhVVLOyQbSEW0O8gcCjFFVQUTf6v58fLjwBd0YI0EzrAcQqBGCzh/RStIoO8g0NfnfL2MTJRkxoXbfDaUeVPQuYEhg37NZWAJQ9VnMVDxP/VHL496M/QZxkjf5/Efucp2gaDX6RS6CXpoY68LsvPVjR0ZSwzz1apAzvN9dlzEheX7ICJBBtuA6G3LQpzW5hOA2hzCTMjJPJ8LbqF6dsV6DoBQzgul0sGIcGOYl7OyQdXfZ57relSQageu+ipAdTTJ25AsRTAoub8ONGcLmqrAmRLKBP1dfwhYB4N7knNnulqQxA+Uk1ihz0=
+.			87388	IN	RRSIG	DNSKEY 8 0 172800 20150115235959 20150101000000 19036 . i8cAxD2pvQi1oAyvQxRpDfFlbqPzW+69QQEsDwE1eWOm5AtawO9U7lmsGps7sy/fVNvl1ljKBj4Djp9pb3U2FLogjiIlW0cDAkPmLlG9t+b/pjEfBNlhjANUVN06pvQVAfm+LcF26EaWT6FlISBqb6jSy4BHRa3Bdc4Sx7+pRSYSqVVvYxLkfAWsKPqGkvWhebJDndJJV9syXQXgZ+v/uJ+6XOS43xkAdeL8iBzIs/FlwMTfh3tVe3d0lb65IBBLlCzeQuetX+0Vu1YFcnD0mHc/wS2ZnAV5toAFmyVQBoY/XAZiZeaOkcROJ6Zmqezy7liwK7BqsYyAZntMhk8lbg==
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 883 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 43258
+;; flags: qr rd ra ad cd ; qd: 1 an: 2 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ch., type = DS, class = IN
+
+;; ANSWERS:
+ch.			988	IN	DS	46375 8 2 8F96646FC68BB7E4AF4C0750A6096FBC0D4ECDA3D3FA6DA06FDDB42EE50C6CF3
+ch.			988	IN	RRSIG	DS 8 1 86400 20150112170000 20150105160000 16665 . thY7xYWBBxiBjqbQIb9fAG4TmQgnziwM7q6P1T3/ITxmECdvOCQnnZA3uD7qmN8uM0HudsD7+y+zgD3rsH4RSTKdL4kHSI0OnCxToMTvklghEgFDezqIRm8NkWdI2H4Stwrj20nYKSpLQxPI2EE54gs18P3KyO8bAUYv8Qx73xU=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 238 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 36397
+;; flags: qr rd ra ad cd ; qd: 1 an: 4 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ch., type = DNSKEY, class = IN
+
+;; ANSWERS:
+ch.			989	IN	DNSKEY	256 3 8 AwEAAcsg0kY6fw1wzYMhSAKTy+Y2JzAst66P/1odp9NECJJHbU8f4nwziI3onoFSBV0ZiSZhY1aH5dhdDZ7BkrqhVXSrZPAz0CvzjIxmB1gSOf9DeZvjQvoy97HqYolxsf+B3QQv2RKBT67elF5+JisKg3/dQISelKn8LhabSoVrMlD1
+ch.			989	IN	DNSKEY	257 3 8 AwEAAb7GhhZ8IAy/AhwmSms5DeQK5ad09wIIplEpYoiAIYXPtJvT1ReFzyfTp/2YP+g/PWDwHPh4qKAHa9x0VgbIQcGAeNakmfkAdWEmCnca323/SAml3mwfaX62G7/uYWae5zh8QTxZKNd+K1yZ5x0IxnI31chSl5xymRbTEHYZDKwSIRFM3fTxUMt93WFaBVWELReYotJBr++rvAWdnlay5TPBTvheLBkaiqtgM4GP8HK07Y+86lsZnEsj5K3G1KTV5SPpa82rqYAwxG9VKbmSE/6/kBR5jJHjt1rRt5Oe7v18aEtw0YCEN4vxq+KuvMoNVqXUsE9LBwHJD+QNwi6wmB0=
+ch.			989	IN	DNSKEY	256 3 8 AwEAAcSLdT0fEmcFmLpeUkAJoeVaHKiu+nbuc43fWlqaCRVf8t2HA4uWxOk0O5ci9nrFTc8nq8oa5fk5Cj7CHh4yrX9qUCfTdIWTyp8BDEdJpS+Dyb0u9wQuVj+nQMj4fLzdQf4TJs3/qxuiLr3nL1UUwlhhXeqSqGVb7p3mtB5HJ8ad
+ch.			989	IN	RRSIG	DNSKEY 8 1 86400 20150127100909 20141212090909 46375 ch. bT8q0FWyeMH0SulNo6UdIIgZYNATwYsee2bikq2Gh339Bufma8eaqWIPYT3XKmxYPBFOw0bVl+kLZxTwbR1CFoCDXoP+qgQhh4mf9qkNiv2CDSc+0FE3FRREn+DAhYTUEuB58FPiPakFB8s8O7T+k2qhDae7jy4/y7Jl1lnjaBY8s7bzOUPhF0KKCNZmvoKwtL23ZdVeTSV1xM3jkiNnpzBKbcoSWECSGJVp1SE0BnRXdwQP41YTXFZ0310YjaTAUCC5qbMIWdEkHjfdSQtKBImnc85mkapq9w++XQ4zhauPWBtrPV3CcoCahjUaWdjrKVkibomlJZaN8MEO23CfQw==
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 893 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 9276
+;; flags: qr rd ra cd ; qd: 1 an: 3 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ingotronic.ch., type = DS, class = IN
+
+;; ANSWERS:
+ingotronic.ch.		3597	IN	DS	6031 5 1 733D0218B571CD617B1A7493564B9FC4F12ADE82
+ingotronic.ch.		3597	IN	DS	6031 5 2 4A948F2FDADA24686E473EDAC00DCF972584C75E3FAA92C2021B6221449FF87E
+ingotronic.ch.		3597	IN	RRSIG	DS 8 2 3600 20150129033614 20150105123019 60789 ch. rVPJP2HhzW7OkroK2axFj5Lb4iVWCH8Fp/Iq1rF952NDo72b8RiKje2RaAKJAGQ+wd0YgE+PAej04GCmkhlDJA/zvPeeTxuhy3HbJzReMlQ7fjyH+wW1hli+FuIYvogXWf7nO/9VyPORt8X/f/pjrOr3Vlj9sGLN8TGYpEuVSw4=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 288 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 49214
+;; flags: qr aa rd ra cd ; qd: 1 an: 4 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ingotronic.ch., type = DNSKEY, class = IN
+
+;; ANSWERS:
+ingotronic.ch.		300	IN	DNSKEY	256 3 5 AwEAAZ2Xh77GFzpEDx7EHYxShqltHgkiG+BOjBGifEmnJhQSdE5/yNSLFNcdhZZ8HUPxYnaedTqJcFFg4AzUsQklF/fECegTJdZjaj2WoL0/I8K7HMfY/hVuRZUWPNglYi8agJRX6gdkFTCpUNI7stpgKqxtzUJhhw15uG/lKMplwqUr
+ingotronic.ch.		300	IN	DNSKEY	257 3 5 AwEAAeA1vzmjaB+eBAcvhzpKEgAEFpvQ1rg4uKDW6MsQtacKoqBpgyep2+LuWotz5p/xYxj3NGsArwN8Ad5cY0FHRr8miTT0elOv6nvlqGIfRuhj/BXAQ1x4ihpSFslHw0lJMYFwxsUZWpUyjWX/nv1xRZMMwF46gui0N4OEbyTYusCk77D+A71k+K0EAitFIbIH4GCUKmH1H7HmXhSVH9bN/n7KEGwW32lmsuuUcJoRKDkcUvbMXY/9Xoa2quERrUg/rBbDUHowRPjYDS5GzY1+f4YY8s40BufGiqyUTKKXL953MVFK8gmezXA0hbmrnZ7CBOw/7238mORAdzExaX8n7CE=
+ingotronic.ch.		300	IN	RRSIG	DNSKEY 5 2 300 20150125003700 20141226001657 6031 ingotronic.ch. rs1QlP2SlSpA2ELbzwg3DgWLzXWL3Lpv6CUJE2Q0qH2Zp7Qdy3cD+ZEtNh9v24Qv1M6JJ3zFt8mmZoCeW2ycuMbJCqBkW9CBuwF+VznZvZY2MxwPipvhvEEGP//0M8YAZJ66yQPDv3PTdAP8FYbIrJyvY44vwyncwbslpfHT9jAsrbfr3vuMuWps86dnP462q+0s1TxBfqi8mzo3gdavjHKWVNwohLahLKT+tWeu6DSzQv0YwMjwtkLgF7QRgx3ctIIkloOrnx9nHH1N6y+hxEB89fOlyVDjHhgL5uVtsD5fEdT0FJ2Gc/2nShEMMqIwr1/J9kUq1mNySff/uEe65Q==
+ingotronic.ch.		300	IN	RRSIG	DNSKEY 5 2 300 20150125003700 20141226001657 17430 ingotronic.ch. mEwZjhQqeWksWD0TCnNBrtce4YkWJL3edqL6PvAUu8Fn+Ih437kEs3+pqdkgRsdYQ9HW+lBm/8pWwJlNAv0bi9NykItXMwAUFtncgq+6Pnh3iAM972GXSa5VV4LcGQ5b8CBdHCHiEKDqyPv5Hr5QfYL/FQaWlcNRh4QZZlZNPFA=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 940 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 64194
+;; flags: qr aa rd ra cd ; qd: 1 an: 3 au: 0 ad: 1 
+;; QUESTIONS:
+;;	nsec3.ingotronic.ch., type = DS, class = IN
+
+;; ANSWERS:
+nsec3.ingotronic.ch.	300	IN	DS	16758 7 1 1720FF268E09A2CB63805EC8782D10AAD20E12A5
+nsec3.ingotronic.ch.	300	IN	DS	16758 7 2 3C8DC02750A1636F829B45D6E6D642866768A9CD40A013AD9D25AB63734FFA13
+nsec3.ingotronic.ch.	300	IN	RRSIG	DS 5 3 300 20150125011134 20141226002644 17430 ingotronic.ch. hNurzlGhlyHbSgezPDuhIrtN9ZMsMXZbKGc7HD5rUuM88wD3fM97NxdzF+2Hi1USvBZ5GsQv63L+lAzf+mFPBoPIFHtTiAv8up7kQKRKmi/EzzkCYd/CC4UYdDZbaUyv7esh7spSOGwjPJNdK831p+MgltoWaYtnSGVMgOKk5mc=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 305 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 51334
+;; flags: qr aa rd ra cd ; qd: 1 an: 4 au: 0 ad: 1 
+;; QUESTIONS:
+;;	nsec3.ingotronic.ch., type = DNSKEY, class = IN
+
+;; ANSWERS:
+nsec3.ingotronic.ch.	300	IN	DNSKEY	257 3 7 AwEAAaBuJTf9oGyeTH3biUkAFLrsYrkodX1H7Snsui4XsDHFCBvs5XYacHbs0Jg0/O51KPjmNnjwMW8SSyDkKqYQ+9uYAf2EQ/pnD/VGQqnV2cw0Vwk/t0E2V4FUCju4pnAoyzZFZXGs1eWbX9JXu++b0Azp+ACq6485qJLzHhWDiIrPoK/SvdbFVRK4s+nPPJLH3NGBbtdz6kPq7aFWYBMoGeAZdN1wsQpcNWUo5eOmaJY53nMc7+rDpAyYlMe/FKwSZdX2ZDd63Qsa6Im4FVUJq/nWLq7tlQ/mWks15uDTQyJy/OWfA0ICCO4N9Fel9rThJNpJWEzOCblvZyBoy405kZk=
+nsec3.ingotronic.ch.	300	IN	DNSKEY	256 3 7 AwEAAccAWxkTVGZ6UAp0VEozAlYpARhbh6Y6tYOl6Fg3UeBNFFtDQ9fTEEt1NkbnR9u8KkpVN6a67avlYiUN1egDqEwzDU7R1Rw+/USdhm2hqOARmmu3DBgjjX/iXjZLyv310cOGFJZ/smcodlDL4pDAAoPxh/qs6KEBaT0sc1KWcGq3
+nsec3.ingotronic.ch.	300	IN	RRSIG	DNSKEY 7 3 300 20150125001457 20141226000444 16758 nsec3.ingotronic.ch. mXi1ylDi8XkRPup+YlT8GPdYE+P7gb6+/VdAwtodI916IzrkGkOHOTLbnrbAqqJOh0HxVCYXdxovmEcbJKUFKwplrQg3XD7/9Sq4pKU1MhMFEGrm/QPkM4u0mgjQwyToDLGuPHuFyur3FSjO/n54uGhAEft9JOFk/WKtWdCnm2LLyQrpC6herA3efFaI8kZhdoEY02AwihWVJxHasmz7lOoKRgNrkfELU+fN4+V7ISsRfJMyZc6q5PuNeG6vFD0uNE8tpdLJCSMurKYVpelvYqzFIcRTYcIjXwmS+L3DGjupqWMzFZVmpQM62JG3KCCD0ffpnNb0nWoSoHwpSeh/3Q==
+nsec3.ingotronic.ch.	300	IN	RRSIG	DNSKEY 7 3 300 20150125001457 20141226000444 62417 nsec3.ingotronic.ch. PyCrf8T5dAfJzapb1p+kcTALPjDuD2niSaXXo0KeHAunT+6gJicLML2S/ZpiYr7X7Ma4Z0TYqE02qH6pcLYNnSgv9BE8sZO0nRtPekSyTy5nLi4hFADYhjb3UjaB85qmQZcqm64vC/CJhWO4t6Eixg/5MYALw+Qdy5Fo0qy/U5E=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 958 bytes
+
+###############################################
+
diff --git a/src/test/resources/recordings/org_xbill_DNS_dnssec_TestNonExistence/testNonExisting_4 b/src/test/resources/recordings/org_xbill_DNS_dnssec_TestNonExistence/testNonExisting_4
new file mode 100644
index 000000000..e02b7389f
--- /dev/null
+++ b/src/test/resources/recordings/org_xbill_DNS_dnssec_TestNonExistence/testNonExisting_4
@@ -0,0 +1,120 @@
+#Date: 2015-01-06T22:34:44+01:00
+;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 59323
+;; flags: qr aa rd ra cd ; qd: 1 an: 0 au: 6 ad: 1 
+;; QUESTIONS:
+;;	gibtsnicht.gibtsnicht.ingotronic.ch., type = A, class = IN
+
+;; ANSWERS:
+
+;; AUTHORITY RECORDS:
+ingotronic.ch.		300	IN	SOA	ns1.ingotronic.ch. admin.ingotronic.ch. 2013032762 300 60 864000 300
+ingotronic.ch.		300	IN	RRSIG	SOA 5 2 300 20150125021244 20141226011244 17430 ingotronic.ch. WDLpp9G0P/rlMBfpFn9sAfpEFoBnQfwyGSXbGCc/LG1FSkJoKLDQYDY696scLNsJgkrzZeJrl0oSSvA8AvRUhYRrmuqWMxTVFgYlRwPwqEMCKUqiVhKGVF4NYemoBiUQC4nJwBZd57xKCiF4AQ4CodBtiZxefJFAlTNE0g2yxtM=
+ingotronic.ch.		300	IN	NSEC	alias.ingotronic.ch. A NS SOA RRSIG NSEC DNSKEY
+ingotronic.ch.		300	IN	RRSIG	NSEC 5 2 300 20150125000532 20141225234703 17430 ingotronic.ch. en5BaZ6zWqEvoUFUDPm5g1pjz7THXBv/1kjKtV2tS+7xh0BtkLEzlA9n/H66ZZAX2EIh7vXj12xVJKOuEuM0o1mJwKsBaLQuTra60/zYAUIddwUOCzI3zzjiRFklPyHSnLkGoBODZcvehnsTzTPyBxkfoouleqpj7gN5jOSBL8M=
+eccgost.ingotronic.ch.	300	IN	NSEC	invalid.ingotronic.ch. NS DS RRSIG NSEC
+eccgost.ingotronic.ch.	300	IN	RRSIG	NSEC 5 3 300 20150125021136 20141226011244 17430 ingotronic.ch. lsX44/1144d1nG80WVhDnZCiywh+KTNqj9oEECk3GifEjOWNTJDTfbBnrGbdc7BIWs1mZmcPKFVfQB39QunMyzNQi4Wzjor3U1FPbXhUTn/g9fMul37g1aR00hUfS2Jo49vfDZEMZWp7th9ZFc+hlr8uWISceul5OJRq4SyMbzs=
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 722 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 32975
+;; flags: qr rd ra ad cd ; qd: 1 an: 4 au: 0 ad: 1 
+;; QUESTIONS:
+;;	., type = DNSKEY, class = IN
+
+;; ANSWERS:
+.			87389	IN	DNSKEY	256 3 8 AwEAAaPD7Y7XIi1MOEREJNTrRhyqsY3gff6JWzg+XCbqut1sbcbvqyssHw8DT1AkRaAC92pO8xuyq5QEgEPL1IHfABLwpwXI5gTj4gdwi86bpkmlWs9fRpnn4DPDCTdrnxIejJXgClHikLJF3u3CdpNCMijq4CKdQbMlRZ3avv+G7rh7
+.			87389	IN	DNSKEY	257 3 8 AwEAAagAIKlVZrpC6Ia7gEzahOR+9W29euxhJhVVLOyQbSEW0O8gcCjFFVQUTf6v58fLjwBd0YI0EzrAcQqBGCzh/RStIoO8g0NfnfL2MTJRkxoXbfDaUeVPQuYEhg37NZWAJQ9VnMVDxP/VHL496M/QZxkjf5/Efucp2gaDX6RS6CXpoY68LsvPVjR0ZSwzz1apAzvN9dlzEheX7ICJBBtuA6G3LQpzW5hOA2hzCTMjJPJ8LbqF6dsV6DoBQzgul0sGIcGOYl7OyQdXfZ57relSQageu+ipAdTTJ25AsRTAoub8ONGcLmqrAmRLKBP1dfwhYB4N7knNnulqQxA+Uk1ihz0=
+.			87389	IN	DNSKEY	256 3 8 AwEAAe3fSrbLBy3LOS7pnxEUhvPZTE2H5dIGsI/UfruI/nOEvWWa/PSX2BFedBkEqOlYdjdNF2f+6lmfk2Od/xu0v5bVqxFE+/24v3hZSlWBxvXzPTAGHrbW/IJYEPqlzVOAS4XdUgHg0N7IbLywNHMvB+Yf+Nm6ctyXXFLV4WTNnzs7
+.			87389	IN	RRSIG	DNSKEY 8 0 172800 20150115235959 20150101000000 19036 . i8cAxD2pvQi1oAyvQxRpDfFlbqPzW+69QQEsDwE1eWOm5AtawO9U7lmsGps7sy/fVNvl1ljKBj4Djp9pb3U2FLogjiIlW0cDAkPmLlG9t+b/pjEfBNlhjANUVN06pvQVAfm+LcF26EaWT6FlISBqb6jSy4BHRa3Bdc4Sx7+pRSYSqVVvYxLkfAWsKPqGkvWhebJDndJJV9syXQXgZ+v/uJ+6XOS43xkAdeL8iBzIs/FlwMTfh3tVe3d0lb65IBBLlCzeQuetX+0Vu1YFcnD0mHc/wS2ZnAV5toAFmyVQBoY/XAZiZeaOkcROJ6Zmqezy7liwK7BqsYyAZntMhk8lbg==
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 883 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 62255
+;; flags: qr rd ra ad cd ; qd: 1 an: 2 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ch., type = DS, class = IN
+
+;; ANSWERS:
+ch.			989	IN	DS	46375 8 2 8F96646FC68BB7E4AF4C0750A6096FBC0D4ECDA3D3FA6DA06FDDB42EE50C6CF3
+ch.			989	IN	RRSIG	DS 8 1 86400 20150112170000 20150105160000 16665 . thY7xYWBBxiBjqbQIb9fAG4TmQgnziwM7q6P1T3/ITxmECdvOCQnnZA3uD7qmN8uM0HudsD7+y+zgD3rsH4RSTKdL4kHSI0OnCxToMTvklghEgFDezqIRm8NkWdI2H4Stwrj20nYKSpLQxPI2EE54gs18P3KyO8bAUYv8Qx73xU=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 238 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 42506
+;; flags: qr rd ra ad cd ; qd: 1 an: 4 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ch., type = DNSKEY, class = IN
+
+;; ANSWERS:
+ch.			990	IN	DNSKEY	257 3 8 AwEAAb7GhhZ8IAy/AhwmSms5DeQK5ad09wIIplEpYoiAIYXPtJvT1ReFzyfTp/2YP+g/PWDwHPh4qKAHa9x0VgbIQcGAeNakmfkAdWEmCnca323/SAml3mwfaX62G7/uYWae5zh8QTxZKNd+K1yZ5x0IxnI31chSl5xymRbTEHYZDKwSIRFM3fTxUMt93WFaBVWELReYotJBr++rvAWdnlay5TPBTvheLBkaiqtgM4GP8HK07Y+86lsZnEsj5K3G1KTV5SPpa82rqYAwxG9VKbmSE/6/kBR5jJHjt1rRt5Oe7v18aEtw0YCEN4vxq+KuvMoNVqXUsE9LBwHJD+QNwi6wmB0=
+ch.			990	IN	DNSKEY	256 3 8 AwEAAcSLdT0fEmcFmLpeUkAJoeVaHKiu+nbuc43fWlqaCRVf8t2HA4uWxOk0O5ci9nrFTc8nq8oa5fk5Cj7CHh4yrX9qUCfTdIWTyp8BDEdJpS+Dyb0u9wQuVj+nQMj4fLzdQf4TJs3/qxuiLr3nL1UUwlhhXeqSqGVb7p3mtB5HJ8ad
+ch.			990	IN	DNSKEY	256 3 8 AwEAAcsg0kY6fw1wzYMhSAKTy+Y2JzAst66P/1odp9NECJJHbU8f4nwziI3onoFSBV0ZiSZhY1aH5dhdDZ7BkrqhVXSrZPAz0CvzjIxmB1gSOf9DeZvjQvoy97HqYolxsf+B3QQv2RKBT67elF5+JisKg3/dQISelKn8LhabSoVrMlD1
+ch.			990	IN	RRSIG	DNSKEY 8 1 86400 20150127100909 20141212090909 46375 ch. bT8q0FWyeMH0SulNo6UdIIgZYNATwYsee2bikq2Gh339Bufma8eaqWIPYT3XKmxYPBFOw0bVl+kLZxTwbR1CFoCDXoP+qgQhh4mf9qkNiv2CDSc+0FE3FRREn+DAhYTUEuB58FPiPakFB8s8O7T+k2qhDae7jy4/y7Jl1lnjaBY8s7bzOUPhF0KKCNZmvoKwtL23ZdVeTSV1xM3jkiNnpzBKbcoSWECSGJVp1SE0BnRXdwQP41YTXFZ0310YjaTAUCC5qbMIWdEkHjfdSQtKBImnc85mkapq9w++XQ4zhauPWBtrPV3CcoCahjUaWdjrKVkibomlJZaN8MEO23CfQw==
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 893 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 20975
+;; flags: qr rd ra cd ; qd: 1 an: 3 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ingotronic.ch., type = DS, class = IN
+
+;; ANSWERS:
+ingotronic.ch.		3598	IN	DS	6031 5 2 4A948F2FDADA24686E473EDAC00DCF972584C75E3FAA92C2021B6221449FF87E
+ingotronic.ch.		3598	IN	DS	6031 5 1 733D0218B571CD617B1A7493564B9FC4F12ADE82
+ingotronic.ch.		3598	IN	RRSIG	DS 8 2 3600 20150129033614 20150105123019 60789 ch. rVPJP2HhzW7OkroK2axFj5Lb4iVWCH8Fp/Iq1rF952NDo72b8RiKje2RaAKJAGQ+wd0YgE+PAej04GCmkhlDJA/zvPeeTxuhy3HbJzReMlQ7fjyH+wW1hli+FuIYvogXWf7nO/9VyPORt8X/f/pjrOr3Vlj9sGLN8TGYpEuVSw4=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 288 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 53458
+;; flags: qr aa rd ra cd ; qd: 1 an: 4 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ingotronic.ch., type = DNSKEY, class = IN
+
+;; ANSWERS:
+ingotronic.ch.		300	IN	DNSKEY	257 3 5 AwEAAeA1vzmjaB+eBAcvhzpKEgAEFpvQ1rg4uKDW6MsQtacKoqBpgyep2+LuWotz5p/xYxj3NGsArwN8Ad5cY0FHRr8miTT0elOv6nvlqGIfRuhj/BXAQ1x4ihpSFslHw0lJMYFwxsUZWpUyjWX/nv1xRZMMwF46gui0N4OEbyTYusCk77D+A71k+K0EAitFIbIH4GCUKmH1H7HmXhSVH9bN/n7KEGwW32lmsuuUcJoRKDkcUvbMXY/9Xoa2quERrUg/rBbDUHowRPjYDS5GzY1+f4YY8s40BufGiqyUTKKXL953MVFK8gmezXA0hbmrnZ7CBOw/7238mORAdzExaX8n7CE=
+ingotronic.ch.		300	IN	DNSKEY	256 3 5 AwEAAZ2Xh77GFzpEDx7EHYxShqltHgkiG+BOjBGifEmnJhQSdE5/yNSLFNcdhZZ8HUPxYnaedTqJcFFg4AzUsQklF/fECegTJdZjaj2WoL0/I8K7HMfY/hVuRZUWPNglYi8agJRX6gdkFTCpUNI7stpgKqxtzUJhhw15uG/lKMplwqUr
+ingotronic.ch.		300	IN	RRSIG	DNSKEY 5 2 300 20150125003700 20141226001657 6031 ingotronic.ch. rs1QlP2SlSpA2ELbzwg3DgWLzXWL3Lpv6CUJE2Q0qH2Zp7Qdy3cD+ZEtNh9v24Qv1M6JJ3zFt8mmZoCeW2ycuMbJCqBkW9CBuwF+VznZvZY2MxwPipvhvEEGP//0M8YAZJ66yQPDv3PTdAP8FYbIrJyvY44vwyncwbslpfHT9jAsrbfr3vuMuWps86dnP462q+0s1TxBfqi8mzo3gdavjHKWVNwohLahLKT+tWeu6DSzQv0YwMjwtkLgF7QRgx3ctIIkloOrnx9nHH1N6y+hxEB89fOlyVDjHhgL5uVtsD5fEdT0FJ2Gc/2nShEMMqIwr1/J9kUq1mNySff/uEe65Q==
+ingotronic.ch.		300	IN	RRSIG	DNSKEY 5 2 300 20150125003700 20141226001657 17430 ingotronic.ch. mEwZjhQqeWksWD0TCnNBrtce4YkWJL3edqL6PvAUu8Fn+Ih437kEs3+pqdkgRsdYQ9HW+lBm/8pWwJlNAv0bi9NykItXMwAUFtncgq+6Pnh3iAM972GXSa5VV4LcGQ5b8CBdHCHiEKDqyPv5Hr5QfYL/FQaWlcNRh4QZZlZNPFA=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 940 bytes
+
+###############################################
+
diff --git a/src/test/resources/recordings/org_xbill_DNS_dnssec_TestNonExistence/testNonExisting_5 b/src/test/resources/recordings/org_xbill_DNS_dnssec_TestNonExistence/testNonExisting_5
new file mode 100644
index 000000000..fc1a1d098
--- /dev/null
+++ b/src/test/resources/recordings/org_xbill_DNS_dnssec_TestNonExistence/testNonExisting_5
@@ -0,0 +1,161 @@
+#Date: 2015-01-06T22:34:43+01:00
+;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 7636
+;; flags: qr aa rd ra cd ; qd: 1 an: 0 au: 8 ad: 1 
+;; QUESTIONS:
+;;	gibtsnicht.gibtsnicht.nsec3.ingotronic.ch., type = A, class = IN
+
+;; ANSWERS:
+
+;; AUTHORITY RECORDS:
+nsec3.ingotronic.ch.	300	IN	SOA	ns1.ingotronic.ch. admin.ingotronic.ch. 2013032932 300 60 864000 300
+nsec3.ingotronic.ch.	300	IN	RRSIG	SOA 7 3 300 20150201003516 20150101233516 62417 nsec3.ingotronic.ch. RMXaAZCkydysBpA4+LWD2frs4CZH2FBxafAolq7MOG62Sw3ellwNcSIh2naMasviin2DU2BAzIYyFUqKJDbUqzTxZQjsM6d5LtgFy5iTNmWum6FnFP5Fz73Zs/9Q0LNEstR82MRRL8EDElADhFySAReavyT/vlSTScQGxx6slyQ=
+NTV3QJT4VQDVBPB6BNOVM40NMKJ3H29P.nsec3.ingotronic.ch.	300	IN	NSEC3	1 0 10 1234 O275F9OLQ9HNCER7U4SMD4V8AG7IPML9 A NS SOA RRSIG DNSKEY NSEC3PARAM
+NTV3QJT4VQDVBPB6BNOVM40NMKJ3H29P.nsec3.ingotronic.ch.	300	IN	RRSIG	NSEC3 7 4 300 20150131235629 20150101233516 62417 nsec3.ingotronic.ch. xccCvQs/b3ndBUo6J2FbaCzDMg+LB1e4OWeI29VTBWcmfbuD3rZvneRdbA9B5AluJH1ar10xxdrt/+RSuhSWC70LswkdPDg4vshmCZMDeMCOJYFEkGR0UgcZUMynU6EewEDLVLgYtBkJmspeuZNMBMPk/ZUOolCElrkHfbUA1Cc=
+UDUMPS9J6F8348HFHH2FAED6I9DDE0U6.nsec3.ingotronic.ch.	300	IN	NSEC3	1 0 10 1234 0UPHA6GQV03I7D8EJUDKC30I0C6I1G1Q
+UDUMPS9J6F8348HFHH2FAED6I9DDE0U6.nsec3.ingotronic.ch.	300	IN	RRSIG	NSEC3 7 4 300 20150125005926 20141226002759 62417 nsec3.ingotronic.ch. XV2q9ufbwzauD/tmjb2EKsNBF+kHQYL0/MNb6ivY1oH9Q2hzQNPUuHkUl1db2erDFodPvspmDk6p6WOXoV6wmmaYhN+JI1TQKYYThsnKC1bkt1h6QyjwsDc12d8HVHOopvoXpaYWoV4bbghsAylGVqRjEYyt8JtR3BPfphehloU=
+L40SJG7ANKROIHCT5RA6C8CTKJ91CD3N.nsec3.ingotronic.ch.	300	IN	NSEC3	1 0 10 1234 ND3HQPFBN314KVB64L6T40JF75US8HKT
+L40SJG7ANKROIHCT5RA6C8CTKJ91CD3N.nsec3.ingotronic.ch.	300	IN	RRSIG	NSEC3 7 4 300 20150125005926 20141226002759 62417 nsec3.ingotronic.ch. v6NHEWwb2KxRGRPshC2KFoxJs4Mis3OmvncJmn5bIWBnzeTY4x75tsE4zlVPx9rp0rjmOAQsYn4KGtIFPUShDHNHy45qoOtKkvRzRgByx4K2l5Rq9OizQVYsEUUScXEYATilaDU9whifF0vPk7YPwFGRmiY3prCGAvY/jH4hQUM=
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 1060 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 26832
+;; flags: qr rd ra ad cd ; qd: 1 an: 4 au: 0 ad: 1 
+;; QUESTIONS:
+;;	., type = DNSKEY, class = IN
+
+;; ANSWERS:
+.			87390	IN	DNSKEY	257 3 8 AwEAAagAIKlVZrpC6Ia7gEzahOR+9W29euxhJhVVLOyQbSEW0O8gcCjFFVQUTf6v58fLjwBd0YI0EzrAcQqBGCzh/RStIoO8g0NfnfL2MTJRkxoXbfDaUeVPQuYEhg37NZWAJQ9VnMVDxP/VHL496M/QZxkjf5/Efucp2gaDX6RS6CXpoY68LsvPVjR0ZSwzz1apAzvN9dlzEheX7ICJBBtuA6G3LQpzW5hOA2hzCTMjJPJ8LbqF6dsV6DoBQzgul0sGIcGOYl7OyQdXfZ57relSQageu+ipAdTTJ25AsRTAoub8ONGcLmqrAmRLKBP1dfwhYB4N7knNnulqQxA+Uk1ihz0=
+.			87390	IN	DNSKEY	256 3 8 AwEAAaPD7Y7XIi1MOEREJNTrRhyqsY3gff6JWzg+XCbqut1sbcbvqyssHw8DT1AkRaAC92pO8xuyq5QEgEPL1IHfABLwpwXI5gTj4gdwi86bpkmlWs9fRpnn4DPDCTdrnxIejJXgClHikLJF3u3CdpNCMijq4CKdQbMlRZ3avv+G7rh7
+.			87390	IN	DNSKEY	256 3 8 AwEAAe3fSrbLBy3LOS7pnxEUhvPZTE2H5dIGsI/UfruI/nOEvWWa/PSX2BFedBkEqOlYdjdNF2f+6lmfk2Od/xu0v5bVqxFE+/24v3hZSlWBxvXzPTAGHrbW/IJYEPqlzVOAS4XdUgHg0N7IbLywNHMvB+Yf+Nm6ctyXXFLV4WTNnzs7
+.			87390	IN	RRSIG	DNSKEY 8 0 172800 20150115235959 20150101000000 19036 . i8cAxD2pvQi1oAyvQxRpDfFlbqPzW+69QQEsDwE1eWOm5AtawO9U7lmsGps7sy/fVNvl1ljKBj4Djp9pb3U2FLogjiIlW0cDAkPmLlG9t+b/pjEfBNlhjANUVN06pvQVAfm+LcF26EaWT6FlISBqb6jSy4BHRa3Bdc4Sx7+pRSYSqVVvYxLkfAWsKPqGkvWhebJDndJJV9syXQXgZ+v/uJ+6XOS43xkAdeL8iBzIs/FlwMTfh3tVe3d0lb65IBBLlCzeQuetX+0Vu1YFcnD0mHc/wS2ZnAV5toAFmyVQBoY/XAZiZeaOkcROJ6Zmqezy7liwK7BqsYyAZntMhk8lbg==
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 883 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 6927
+;; flags: qr rd ra ad cd ; qd: 1 an: 2 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ch., type = DS, class = IN
+
+;; ANSWERS:
+ch.			990	IN	DS	46375 8 2 8F96646FC68BB7E4AF4C0750A6096FBC0D4ECDA3D3FA6DA06FDDB42EE50C6CF3
+ch.			990	IN	RRSIG	DS 8 1 86400 20150112170000 20150105160000 16665 . thY7xYWBBxiBjqbQIb9fAG4TmQgnziwM7q6P1T3/ITxmECdvOCQnnZA3uD7qmN8uM0HudsD7+y+zgD3rsH4RSTKdL4kHSI0OnCxToMTvklghEgFDezqIRm8NkWdI2H4Stwrj20nYKSpLQxPI2EE54gs18P3KyO8bAUYv8Qx73xU=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 238 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 34194
+;; flags: qr rd ra ad cd ; qd: 1 an: 4 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ch., type = DNSKEY, class = IN
+
+;; ANSWERS:
+ch.			991	IN	DNSKEY	257 3 8 AwEAAb7GhhZ8IAy/AhwmSms5DeQK5ad09wIIplEpYoiAIYXPtJvT1ReFzyfTp/2YP+g/PWDwHPh4qKAHa9x0VgbIQcGAeNakmfkAdWEmCnca323/SAml3mwfaX62G7/uYWae5zh8QTxZKNd+K1yZ5x0IxnI31chSl5xymRbTEHYZDKwSIRFM3fTxUMt93WFaBVWELReYotJBr++rvAWdnlay5TPBTvheLBkaiqtgM4GP8HK07Y+86lsZnEsj5K3G1KTV5SPpa82rqYAwxG9VKbmSE/6/kBR5jJHjt1rRt5Oe7v18aEtw0YCEN4vxq+KuvMoNVqXUsE9LBwHJD+QNwi6wmB0=
+ch.			991	IN	DNSKEY	256 3 8 AwEAAcsg0kY6fw1wzYMhSAKTy+Y2JzAst66P/1odp9NECJJHbU8f4nwziI3onoFSBV0ZiSZhY1aH5dhdDZ7BkrqhVXSrZPAz0CvzjIxmB1gSOf9DeZvjQvoy97HqYolxsf+B3QQv2RKBT67elF5+JisKg3/dQISelKn8LhabSoVrMlD1
+ch.			991	IN	DNSKEY	256 3 8 AwEAAcSLdT0fEmcFmLpeUkAJoeVaHKiu+nbuc43fWlqaCRVf8t2HA4uWxOk0O5ci9nrFTc8nq8oa5fk5Cj7CHh4yrX9qUCfTdIWTyp8BDEdJpS+Dyb0u9wQuVj+nQMj4fLzdQf4TJs3/qxuiLr3nL1UUwlhhXeqSqGVb7p3mtB5HJ8ad
+ch.			991	IN	RRSIG	DNSKEY 8 1 86400 20150127100909 20141212090909 46375 ch. bT8q0FWyeMH0SulNo6UdIIgZYNATwYsee2bikq2Gh339Bufma8eaqWIPYT3XKmxYPBFOw0bVl+kLZxTwbR1CFoCDXoP+qgQhh4mf9qkNiv2CDSc+0FE3FRREn+DAhYTUEuB58FPiPakFB8s8O7T+k2qhDae7jy4/y7Jl1lnjaBY8s7bzOUPhF0KKCNZmvoKwtL23ZdVeTSV1xM3jkiNnpzBKbcoSWECSGJVp1SE0BnRXdwQP41YTXFZ0310YjaTAUCC5qbMIWdEkHjfdSQtKBImnc85mkapq9w++XQ4zhauPWBtrPV3CcoCahjUaWdjrKVkibomlJZaN8MEO23CfQw==
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 893 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 20509
+;; flags: qr rd ra cd ; qd: 1 an: 3 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ingotronic.ch., type = DS, class = IN
+
+;; ANSWERS:
+ingotronic.ch.		3599	IN	DS	6031 5 1 733D0218B571CD617B1A7493564B9FC4F12ADE82
+ingotronic.ch.		3599	IN	DS	6031 5 2 4A948F2FDADA24686E473EDAC00DCF972584C75E3FAA92C2021B6221449FF87E
+ingotronic.ch.		3599	IN	RRSIG	DS 8 2 3600 20150129033614 20150105123019 60789 ch. rVPJP2HhzW7OkroK2axFj5Lb4iVWCH8Fp/Iq1rF952NDo72b8RiKje2RaAKJAGQ+wd0YgE+PAej04GCmkhlDJA/zvPeeTxuhy3HbJzReMlQ7fjyH+wW1hli+FuIYvogXWf7nO/9VyPORt8X/f/pjrOr3Vlj9sGLN8TGYpEuVSw4=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 288 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 7967
+;; flags: qr aa rd ra cd ; qd: 1 an: 4 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ingotronic.ch., type = DNSKEY, class = IN
+
+;; ANSWERS:
+ingotronic.ch.		300	IN	DNSKEY	257 3 5 AwEAAeA1vzmjaB+eBAcvhzpKEgAEFpvQ1rg4uKDW6MsQtacKoqBpgyep2+LuWotz5p/xYxj3NGsArwN8Ad5cY0FHRr8miTT0elOv6nvlqGIfRuhj/BXAQ1x4ihpSFslHw0lJMYFwxsUZWpUyjWX/nv1xRZMMwF46gui0N4OEbyTYusCk77D+A71k+K0EAitFIbIH4GCUKmH1H7HmXhSVH9bN/n7KEGwW32lmsuuUcJoRKDkcUvbMXY/9Xoa2quERrUg/rBbDUHowRPjYDS5GzY1+f4YY8s40BufGiqyUTKKXL953MVFK8gmezXA0hbmrnZ7CBOw/7238mORAdzExaX8n7CE=
+ingotronic.ch.		300	IN	DNSKEY	256 3 5 AwEAAZ2Xh77GFzpEDx7EHYxShqltHgkiG+BOjBGifEmnJhQSdE5/yNSLFNcdhZZ8HUPxYnaedTqJcFFg4AzUsQklF/fECegTJdZjaj2WoL0/I8K7HMfY/hVuRZUWPNglYi8agJRX6gdkFTCpUNI7stpgKqxtzUJhhw15uG/lKMplwqUr
+ingotronic.ch.		300	IN	RRSIG	DNSKEY 5 2 300 20150125003700 20141226001657 6031 ingotronic.ch. rs1QlP2SlSpA2ELbzwg3DgWLzXWL3Lpv6CUJE2Q0qH2Zp7Qdy3cD+ZEtNh9v24Qv1M6JJ3zFt8mmZoCeW2ycuMbJCqBkW9CBuwF+VznZvZY2MxwPipvhvEEGP//0M8YAZJ66yQPDv3PTdAP8FYbIrJyvY44vwyncwbslpfHT9jAsrbfr3vuMuWps86dnP462q+0s1TxBfqi8mzo3gdavjHKWVNwohLahLKT+tWeu6DSzQv0YwMjwtkLgF7QRgx3ctIIkloOrnx9nHH1N6y+hxEB89fOlyVDjHhgL5uVtsD5fEdT0FJ2Gc/2nShEMMqIwr1/J9kUq1mNySff/uEe65Q==
+ingotronic.ch.		300	IN	RRSIG	DNSKEY 5 2 300 20150125003700 20141226001657 17430 ingotronic.ch. mEwZjhQqeWksWD0TCnNBrtce4YkWJL3edqL6PvAUu8Fn+Ih437kEs3+pqdkgRsdYQ9HW+lBm/8pWwJlNAv0bi9NykItXMwAUFtncgq+6Pnh3iAM972GXSa5VV4LcGQ5b8CBdHCHiEKDqyPv5Hr5QfYL/FQaWlcNRh4QZZlZNPFA=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 940 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 32230
+;; flags: qr aa rd ra cd ; qd: 1 an: 3 au: 0 ad: 1 
+;; QUESTIONS:
+;;	nsec3.ingotronic.ch., type = DS, class = IN
+
+;; ANSWERS:
+nsec3.ingotronic.ch.	300	IN	DS	16758 7 1 1720FF268E09A2CB63805EC8782D10AAD20E12A5
+nsec3.ingotronic.ch.	300	IN	DS	16758 7 2 3C8DC02750A1636F829B45D6E6D642866768A9CD40A013AD9D25AB63734FFA13
+nsec3.ingotronic.ch.	300	IN	RRSIG	DS 5 3 300 20150125011134 20141226002644 17430 ingotronic.ch. hNurzlGhlyHbSgezPDuhIrtN9ZMsMXZbKGc7HD5rUuM88wD3fM97NxdzF+2Hi1USvBZ5GsQv63L+lAzf+mFPBoPIFHtTiAv8up7kQKRKmi/EzzkCYd/CC4UYdDZbaUyv7esh7spSOGwjPJNdK831p+MgltoWaYtnSGVMgOKk5mc=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 305 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 3112
+;; flags: qr aa rd ra cd ; qd: 1 an: 4 au: 0 ad: 1 
+;; QUESTIONS:
+;;	nsec3.ingotronic.ch., type = DNSKEY, class = IN
+
+;; ANSWERS:
+nsec3.ingotronic.ch.	300	IN	DNSKEY	257 3 7 AwEAAaBuJTf9oGyeTH3biUkAFLrsYrkodX1H7Snsui4XsDHFCBvs5XYacHbs0Jg0/O51KPjmNnjwMW8SSyDkKqYQ+9uYAf2EQ/pnD/VGQqnV2cw0Vwk/t0E2V4FUCju4pnAoyzZFZXGs1eWbX9JXu++b0Azp+ACq6485qJLzHhWDiIrPoK/SvdbFVRK4s+nPPJLH3NGBbtdz6kPq7aFWYBMoGeAZdN1wsQpcNWUo5eOmaJY53nMc7+rDpAyYlMe/FKwSZdX2ZDd63Qsa6Im4FVUJq/nWLq7tlQ/mWks15uDTQyJy/OWfA0ICCO4N9Fel9rThJNpJWEzOCblvZyBoy405kZk=
+nsec3.ingotronic.ch.	300	IN	DNSKEY	256 3 7 AwEAAccAWxkTVGZ6UAp0VEozAlYpARhbh6Y6tYOl6Fg3UeBNFFtDQ9fTEEt1NkbnR9u8KkpVN6a67avlYiUN1egDqEwzDU7R1Rw+/USdhm2hqOARmmu3DBgjjX/iXjZLyv310cOGFJZ/smcodlDL4pDAAoPxh/qs6KEBaT0sc1KWcGq3
+nsec3.ingotronic.ch.	300	IN	RRSIG	DNSKEY 7 3 300 20150125001457 20141226000444 16758 nsec3.ingotronic.ch. mXi1ylDi8XkRPup+YlT8GPdYE+P7gb6+/VdAwtodI916IzrkGkOHOTLbnrbAqqJOh0HxVCYXdxovmEcbJKUFKwplrQg3XD7/9Sq4pKU1MhMFEGrm/QPkM4u0mgjQwyToDLGuPHuFyur3FSjO/n54uGhAEft9JOFk/WKtWdCnm2LLyQrpC6herA3efFaI8kZhdoEY02AwihWVJxHasmz7lOoKRgNrkfELU+fN4+V7ISsRfJMyZc6q5PuNeG6vFD0uNE8tpdLJCSMurKYVpelvYqzFIcRTYcIjXwmS+L3DGjupqWMzFZVmpQM62JG3KCCD0ffpnNb0nWoSoHwpSeh/3Q==
+nsec3.ingotronic.ch.	300	IN	RRSIG	DNSKEY 7 3 300 20150125001457 20141226000444 62417 nsec3.ingotronic.ch. PyCrf8T5dAfJzapb1p+kcTALPjDuD2niSaXXo0KeHAunT+6gJicLML2S/ZpiYr7X7Ma4Z0TYqE02qH6pcLYNnSgv9BE8sZO0nRtPekSyTy5nLi4hFADYhjb3UjaB85qmQZcqm64vC/CJhWO4t6Eixg/5MYALw+Qdy5Fo0qy/U5E=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 958 bytes
+
+###############################################
+
diff --git a/src/test/resources/recordings/org_xbill_DNS_dnssec_TestNonExistence/testNxDomainWithInvalidNsecSignature b/src/test/resources/recordings/org_xbill_DNS_dnssec_TestNonExistence/testNxDomainWithInvalidNsecSignature
new file mode 100644
index 000000000..194e908c7
--- /dev/null
+++ b/src/test/resources/recordings/org_xbill_DNS_dnssec_TestNonExistence/testNxDomainWithInvalidNsecSignature
@@ -0,0 +1,217 @@
+#Date: 2015-01-06T22:34:44+01:00
+;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 12938
+;; flags: qr aa rd ra cd ; qd: 1 an: 0 au: 6 ad: 1 
+;; QUESTIONS:
+;;	x.ingotronic.ch., type = A, class = IN
+
+;; ANSWERS:
+
+;; AUTHORITY RECORDS:
+ingotronic.ch.		300	IN	SOA	ns1.ingotronic.ch. admin.ingotronic.ch. 2013032762 300 60 864000 300
+ingotronic.ch.		300	IN	RRSIG	SOA 5 2 300 20150125021244 20141226011244 17430 ingotronic.ch. WDLpp9G0P/rlMBfpFn9sAfpEFoBnQfwyGSXbGCc/LG1FSkJoKLDQYDY696scLNsJgkrzZeJrl0oSSvA8AvRUhYRrmuqWMxTVFgYlRwPwqEMCKUqiVhKGVF4NYemoBiUQC4nJwBZd57xKCiF4AQ4CodBtiZxefJFAlTNE0g2yxtM=
+ingotronic.ch.		300	IN	NSEC	alias.ingotronic.ch. A NS SOA RRSIG NSEC DNSKEY
+ingotronic.ch.		300	IN	RRSIG	NSEC 5 2 300 20150125000532 20141225234703 17430 ingotronic.ch. en5BaZ6zWqEvoUFUDPm5g1pjz7THXBv/1kjKtV2tS+7xh0BtkLEzlA9n/H66ZZAX2EIh7vXj12xVJKOuEuM0o1mJwKsBaLQuTra60/zYAUIddwUOCzI3zzjiRFklPyHSnLkGoBODZcvehnsTzTPyBxkfoouleqpj7gN5jOSBL8M=
+www.ingotronic.ch.	300	IN	NSEC	z.ingotronic.ch. A AAAA RRSIG NSEC
+www.ingotronic.ch.	300	IN	RRSIG	NSEC 5 3 300 20150125012443 20141226010256 17430 ingotronic.ch. fMbLmn92jrN7YeM4XWcq7/kKLiPB3Ll4yQSLiPRWQw79ZVeNJMkqEqdstEnnTyKu/hAId6YpvMKsJnIfCTVyoO75i6CaEKXOpvf9AT7TstEUj0YKjp4vWvcNs2F2144nrnqnaVFX8ZTxnUV50R+/AsqtKA+2/Tky6SlNhzeWVMI=
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 692 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 40248
+;; flags: qr rd ra ad cd ; qd: 1 an: 4 au: 0 ad: 1 
+;; QUESTIONS:
+;;	., type = DNSKEY, class = IN
+
+;; ANSWERS:
+.			87390	IN	DNSKEY	256 3 8 AwEAAe3fSrbLBy3LOS7pnxEUhvPZTE2H5dIGsI/UfruI/nOEvWWa/PSX2BFedBkEqOlYdjdNF2f+6lmfk2Od/xu0v5bVqxFE+/24v3hZSlWBxvXzPTAGHrbW/IJYEPqlzVOAS4XdUgHg0N7IbLywNHMvB+Yf+Nm6ctyXXFLV4WTNnzs7
+.			87390	IN	DNSKEY	257 3 8 AwEAAagAIKlVZrpC6Ia7gEzahOR+9W29euxhJhVVLOyQbSEW0O8gcCjFFVQUTf6v58fLjwBd0YI0EzrAcQqBGCzh/RStIoO8g0NfnfL2MTJRkxoXbfDaUeVPQuYEhg37NZWAJQ9VnMVDxP/VHL496M/QZxkjf5/Efucp2gaDX6RS6CXpoY68LsvPVjR0ZSwzz1apAzvN9dlzEheX7ICJBBtuA6G3LQpzW5hOA2hzCTMjJPJ8LbqF6dsV6DoBQzgul0sGIcGOYl7OyQdXfZ57relSQageu+ipAdTTJ25AsRTAoub8ONGcLmqrAmRLKBP1dfwhYB4N7knNnulqQxA+Uk1ihz0=
+.			87390	IN	DNSKEY	256 3 8 AwEAAaPD7Y7XIi1MOEREJNTrRhyqsY3gff6JWzg+XCbqut1sbcbvqyssHw8DT1AkRaAC92pO8xuyq5QEgEPL1IHfABLwpwXI5gTj4gdwi86bpkmlWs9fRpnn4DPDCTdrnxIejJXgClHikLJF3u3CdpNCMijq4CKdQbMlRZ3avv+G7rh7
+.			87390	IN	RRSIG	DNSKEY 8 0 172800 20150115235959 20150101000000 19036 . i8cAxD2pvQi1oAyvQxRpDfFlbqPzW+69QQEsDwE1eWOm5AtawO9U7lmsGps7sy/fVNvl1ljKBj4Djp9pb3U2FLogjiIlW0cDAkPmLlG9t+b/pjEfBNlhjANUVN06pvQVAfm+LcF26EaWT6FlISBqb6jSy4BHRa3Bdc4Sx7+pRSYSqVVvYxLkfAWsKPqGkvWhebJDndJJV9syXQXgZ+v/uJ+6XOS43xkAdeL8iBzIs/FlwMTfh3tVe3d0lb65IBBLlCzeQuetX+0Vu1YFcnD0mHc/wS2ZnAV5toAFmyVQBoY/XAZiZeaOkcROJ6Zmqezy7liwK7BqsYyAZntMhk8lbg==
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 883 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 21278
+;; flags: qr rd ra ad cd ; qd: 1 an: 2 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ch., type = DS, class = IN
+
+;; ANSWERS:
+ch.			989	IN	DS	46375 8 2 8F96646FC68BB7E4AF4C0750A6096FBC0D4ECDA3D3FA6DA06FDDB42EE50C6CF3
+ch.			989	IN	RRSIG	DS 8 1 86400 20150112170000 20150105160000 16665 . thY7xYWBBxiBjqbQIb9fAG4TmQgnziwM7q6P1T3/ITxmECdvOCQnnZA3uD7qmN8uM0HudsD7+y+zgD3rsH4RSTKdL4kHSI0OnCxToMTvklghEgFDezqIRm8NkWdI2H4Stwrj20nYKSpLQxPI2EE54gs18P3KyO8bAUYv8Qx73xU=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 238 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 9749
+;; flags: qr rd ra ad cd ; qd: 1 an: 4 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ch., type = DNSKEY, class = IN
+
+;; ANSWERS:
+ch.			990	IN	DNSKEY	257 3 8 AwEAAb7GhhZ8IAy/AhwmSms5DeQK5ad09wIIplEpYoiAIYXPtJvT1ReFzyfTp/2YP+g/PWDwHPh4qKAHa9x0VgbIQcGAeNakmfkAdWEmCnca323/SAml3mwfaX62G7/uYWae5zh8QTxZKNd+K1yZ5x0IxnI31chSl5xymRbTEHYZDKwSIRFM3fTxUMt93WFaBVWELReYotJBr++rvAWdnlay5TPBTvheLBkaiqtgM4GP8HK07Y+86lsZnEsj5K3G1KTV5SPpa82rqYAwxG9VKbmSE/6/kBR5jJHjt1rRt5Oe7v18aEtw0YCEN4vxq+KuvMoNVqXUsE9LBwHJD+QNwi6wmB0=
+ch.			990	IN	DNSKEY	256 3 8 AwEAAcSLdT0fEmcFmLpeUkAJoeVaHKiu+nbuc43fWlqaCRVf8t2HA4uWxOk0O5ci9nrFTc8nq8oa5fk5Cj7CHh4yrX9qUCfTdIWTyp8BDEdJpS+Dyb0u9wQuVj+nQMj4fLzdQf4TJs3/qxuiLr3nL1UUwlhhXeqSqGVb7p3mtB5HJ8ad
+ch.			990	IN	DNSKEY	256 3 8 AwEAAcsg0kY6fw1wzYMhSAKTy+Y2JzAst66P/1odp9NECJJHbU8f4nwziI3onoFSBV0ZiSZhY1aH5dhdDZ7BkrqhVXSrZPAz0CvzjIxmB1gSOf9DeZvjQvoy97HqYolxsf+B3QQv2RKBT67elF5+JisKg3/dQISelKn8LhabSoVrMlD1
+ch.			990	IN	RRSIG	DNSKEY 8 1 86400 20150127100909 20141212090909 46375 ch. bT8q0FWyeMH0SulNo6UdIIgZYNATwYsee2bikq2Gh339Bufma8eaqWIPYT3XKmxYPBFOw0bVl+kLZxTwbR1CFoCDXoP+qgQhh4mf9qkNiv2CDSc+0FE3FRREn+DAhYTUEuB58FPiPakFB8s8O7T+k2qhDae7jy4/y7Jl1lnjaBY8s7bzOUPhF0KKCNZmvoKwtL23ZdVeTSV1xM3jkiNnpzBKbcoSWECSGJVp1SE0BnRXdwQP41YTXFZ0310YjaTAUCC5qbMIWdEkHjfdSQtKBImnc85mkapq9w++XQ4zhauPWBtrPV3CcoCahjUaWdjrKVkibomlJZaN8MEO23CfQw==
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 893 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 20291
+;; flags: qr rd ra cd ; qd: 1 an: 3 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ingotronic.ch., type = DS, class = IN
+
+;; ANSWERS:
+ingotronic.ch.		3598	IN	DS	6031 5 1 733D0218B571CD617B1A7493564B9FC4F12ADE82
+ingotronic.ch.		3598	IN	DS	6031 5 2 4A948F2FDADA24686E473EDAC00DCF972584C75E3FAA92C2021B6221449FF87E
+ingotronic.ch.		3598	IN	RRSIG	DS 8 2 3600 20150129033614 20150105123019 60789 ch. rVPJP2HhzW7OkroK2axFj5Lb4iVWCH8Fp/Iq1rF952NDo72b8RiKje2RaAKJAGQ+wd0YgE+PAej04GCmkhlDJA/zvPeeTxuhy3HbJzReMlQ7fjyH+wW1hli+FuIYvogXWf7nO/9VyPORt8X/f/pjrOr3Vlj9sGLN8TGYpEuVSw4=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 288 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 62908
+;; flags: qr aa rd ra cd ; qd: 1 an: 4 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ingotronic.ch., type = DNSKEY, class = IN
+
+;; ANSWERS:
+ingotronic.ch.		300	IN	DNSKEY	257 3 5 AwEAAeA1vzmjaB+eBAcvhzpKEgAEFpvQ1rg4uKDW6MsQtacKoqBpgyep2+LuWotz5p/xYxj3NGsArwN8Ad5cY0FHRr8miTT0elOv6nvlqGIfRuhj/BXAQ1x4ihpSFslHw0lJMYFwxsUZWpUyjWX/nv1xRZMMwF46gui0N4OEbyTYusCk77D+A71k+K0EAitFIbIH4GCUKmH1H7HmXhSVH9bN/n7KEGwW32lmsuuUcJoRKDkcUvbMXY/9Xoa2quERrUg/rBbDUHowRPjYDS5GzY1+f4YY8s40BufGiqyUTKKXL953MVFK8gmezXA0hbmrnZ7CBOw/7238mORAdzExaX8n7CE=
+ingotronic.ch.		300	IN	DNSKEY	256 3 5 AwEAAZ2Xh77GFzpEDx7EHYxShqltHgkiG+BOjBGifEmnJhQSdE5/yNSLFNcdhZZ8HUPxYnaedTqJcFFg4AzUsQklF/fECegTJdZjaj2WoL0/I8K7HMfY/hVuRZUWPNglYi8agJRX6gdkFTCpUNI7stpgKqxtzUJhhw15uG/lKMplwqUr
+ingotronic.ch.		300	IN	RRSIG	DNSKEY 5 2 300 20150125003700 20141226001657 6031 ingotronic.ch. rs1QlP2SlSpA2ELbzwg3DgWLzXWL3Lpv6CUJE2Q0qH2Zp7Qdy3cD+ZEtNh9v24Qv1M6JJ3zFt8mmZoCeW2ycuMbJCqBkW9CBuwF+VznZvZY2MxwPipvhvEEGP//0M8YAZJ66yQPDv3PTdAP8FYbIrJyvY44vwyncwbslpfHT9jAsrbfr3vuMuWps86dnP462q+0s1TxBfqi8mzo3gdavjHKWVNwohLahLKT+tWeu6DSzQv0YwMjwtkLgF7QRgx3ctIIkloOrnx9nHH1N6y+hxEB89fOlyVDjHhgL5uVtsD5fEdT0FJ2Gc/2nShEMMqIwr1/J9kUq1mNySff/uEe65Q==
+ingotronic.ch.		300	IN	RRSIG	DNSKEY 5 2 300 20150125003700 20141226001657 17430 ingotronic.ch. mEwZjhQqeWksWD0TCnNBrtce4YkWJL3edqL6PvAUu8Fn+Ih437kEs3+pqdkgRsdYQ9HW+lBm/8pWwJlNAv0bi9NykItXMwAUFtncgq+6Pnh3iAM972GXSa5VV4LcGQ5b8CBdHCHiEKDqyPv5Hr5QfYL/FQaWlcNRh4QZZlZNPFA=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 940 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 40211
+;; flags: qr rd ra ad cd ; qd: 1 an: 4 au: 0 ad: 1 
+;; QUESTIONS:
+;;	., type = DNSKEY, class = IN
+
+;; ANSWERS:
+.			87389	IN	DNSKEY	257 3 8 AwEAAagAIKlVZrpC6Ia7gEzahOR+9W29euxhJhVVLOyQbSEW0O8gcCjFFVQUTf6v58fLjwBd0YI0EzrAcQqBGCzh/RStIoO8g0NfnfL2MTJRkxoXbfDaUeVPQuYEhg37NZWAJQ9VnMVDxP/VHL496M/QZxkjf5/Efucp2gaDX6RS6CXpoY68LsvPVjR0ZSwzz1apAzvN9dlzEheX7ICJBBtuA6G3LQpzW5hOA2hzCTMjJPJ8LbqF6dsV6DoBQzgul0sGIcGOYl7OyQdXfZ57relSQageu+ipAdTTJ25AsRTAoub8ONGcLmqrAmRLKBP1dfwhYB4N7knNnulqQxA+Uk1ihz0=
+.			87389	IN	DNSKEY	256 3 8 AwEAAe3fSrbLBy3LOS7pnxEUhvPZTE2H5dIGsI/UfruI/nOEvWWa/PSX2BFedBkEqOlYdjdNF2f+6lmfk2Od/xu0v5bVqxFE+/24v3hZSlWBxvXzPTAGHrbW/IJYEPqlzVOAS4XdUgHg0N7IbLywNHMvB+Yf+Nm6ctyXXFLV4WTNnzs7
+.			87389	IN	DNSKEY	256 3 8 AwEAAaPD7Y7XIi1MOEREJNTrRhyqsY3gff6JWzg+XCbqut1sbcbvqyssHw8DT1AkRaAC92pO8xuyq5QEgEPL1IHfABLwpwXI5gTj4gdwi86bpkmlWs9fRpnn4DPDCTdrnxIejJXgClHikLJF3u3CdpNCMijq4CKdQbMlRZ3avv+G7rh7
+.			87389	IN	RRSIG	DNSKEY 8 0 172800 20150115235959 20150101000000 19036 . i8cAxD2pvQi1oAyvQxRpDfFlbqPzW+69QQEsDwE1eWOm5AtawO9U7lmsGps7sy/fVNvl1ljKBj4Djp9pb3U2FLogjiIlW0cDAkPmLlG9t+b/pjEfBNlhjANUVN06pvQVAfm+LcF26EaWT6FlISBqb6jSy4BHRa3Bdc4Sx7+pRSYSqVVvYxLkfAWsKPqGkvWhebJDndJJV9syXQXgZ+v/uJ+6XOS43xkAdeL8iBzIs/FlwMTfh3tVe3d0lb65IBBLlCzeQuetX+0Vu1YFcnD0mHc/wS2ZnAV5toAFmyVQBoY/XAZiZeaOkcROJ6Zmqezy7liwK7BqsYyAZntMhk8lbg==
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 883 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 25429
+;; flags: qr rd ra ad cd ; qd: 1 an: 2 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ch., type = DS, class = IN
+
+;; ANSWERS:
+ch.			989	IN	DS	46375 8 2 8F96646FC68BB7E4AF4C0750A6096FBC0D4ECDA3D3FA6DA06FDDB42EE50C6CF3
+ch.			989	IN	RRSIG	DS 8 1 86400 20150112170000 20150105160000 16665 . thY7xYWBBxiBjqbQIb9fAG4TmQgnziwM7q6P1T3/ITxmECdvOCQnnZA3uD7qmN8uM0HudsD7+y+zgD3rsH4RSTKdL4kHSI0OnCxToMTvklghEgFDezqIRm8NkWdI2H4Stwrj20nYKSpLQxPI2EE54gs18P3KyO8bAUYv8Qx73xU=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 238 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 742
+;; flags: qr rd ra ad cd ; qd: 1 an: 4 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ch., type = DNSKEY, class = IN
+
+;; ANSWERS:
+ch.			990	IN	DNSKEY	257 3 8 AwEAAb7GhhZ8IAy/AhwmSms5DeQK5ad09wIIplEpYoiAIYXPtJvT1ReFzyfTp/2YP+g/PWDwHPh4qKAHa9x0VgbIQcGAeNakmfkAdWEmCnca323/SAml3mwfaX62G7/uYWae5zh8QTxZKNd+K1yZ5x0IxnI31chSl5xymRbTEHYZDKwSIRFM3fTxUMt93WFaBVWELReYotJBr++rvAWdnlay5TPBTvheLBkaiqtgM4GP8HK07Y+86lsZnEsj5K3G1KTV5SPpa82rqYAwxG9VKbmSE/6/kBR5jJHjt1rRt5Oe7v18aEtw0YCEN4vxq+KuvMoNVqXUsE9LBwHJD+QNwi6wmB0=
+ch.			990	IN	DNSKEY	256 3 8 AwEAAcsg0kY6fw1wzYMhSAKTy+Y2JzAst66P/1odp9NECJJHbU8f4nwziI3onoFSBV0ZiSZhY1aH5dhdDZ7BkrqhVXSrZPAz0CvzjIxmB1gSOf9DeZvjQvoy97HqYolxsf+B3QQv2RKBT67elF5+JisKg3/dQISelKn8LhabSoVrMlD1
+ch.			990	IN	DNSKEY	256 3 8 AwEAAcSLdT0fEmcFmLpeUkAJoeVaHKiu+nbuc43fWlqaCRVf8t2HA4uWxOk0O5ci9nrFTc8nq8oa5fk5Cj7CHh4yrX9qUCfTdIWTyp8BDEdJpS+Dyb0u9wQuVj+nQMj4fLzdQf4TJs3/qxuiLr3nL1UUwlhhXeqSqGVb7p3mtB5HJ8ad
+ch.			990	IN	RRSIG	DNSKEY 8 1 86400 20150127100909 20141212090909 46375 ch. bT8q0FWyeMH0SulNo6UdIIgZYNATwYsee2bikq2Gh339Bufma8eaqWIPYT3XKmxYPBFOw0bVl+kLZxTwbR1CFoCDXoP+qgQhh4mf9qkNiv2CDSc+0FE3FRREn+DAhYTUEuB58FPiPakFB8s8O7T+k2qhDae7jy4/y7Jl1lnjaBY8s7bzOUPhF0KKCNZmvoKwtL23ZdVeTSV1xM3jkiNnpzBKbcoSWECSGJVp1SE0BnRXdwQP41YTXFZ0310YjaTAUCC5qbMIWdEkHjfdSQtKBImnc85mkapq9w++XQ4zhauPWBtrPV3CcoCahjUaWdjrKVkibomlJZaN8MEO23CfQw==
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 893 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 6866
+;; flags: qr rd ra cd ; qd: 1 an: 3 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ingotronic.ch., type = DS, class = IN
+
+;; ANSWERS:
+ingotronic.ch.		3598	IN	DS	6031 5 1 733D0218B571CD617B1A7493564B9FC4F12ADE82
+ingotronic.ch.		3598	IN	DS	6031 5 2 4A948F2FDADA24686E473EDAC00DCF972584C75E3FAA92C2021B6221449FF87E
+ingotronic.ch.		3598	IN	RRSIG	DS 8 2 3600 20150129033614 20150105123019 60789 ch. rVPJP2HhzW7OkroK2axFj5Lb4iVWCH8Fp/Iq1rF952NDo72b8RiKje2RaAKJAGQ+wd0YgE+PAej04GCmkhlDJA/zvPeeTxuhy3HbJzReMlQ7fjyH+wW1hli+FuIYvogXWf7nO/9VyPORt8X/f/pjrOr3Vlj9sGLN8TGYpEuVSw4=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 288 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 4819
+;; flags: qr aa rd ra cd ; qd: 1 an: 4 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ingotronic.ch., type = DNSKEY, class = IN
+
+;; ANSWERS:
+ingotronic.ch.		300	IN	DNSKEY	257 3 5 AwEAAeA1vzmjaB+eBAcvhzpKEgAEFpvQ1rg4uKDW6MsQtacKoqBpgyep2+LuWotz5p/xYxj3NGsArwN8Ad5cY0FHRr8miTT0elOv6nvlqGIfRuhj/BXAQ1x4ihpSFslHw0lJMYFwxsUZWpUyjWX/nv1xRZMMwF46gui0N4OEbyTYusCk77D+A71k+K0EAitFIbIH4GCUKmH1H7HmXhSVH9bN/n7KEGwW32lmsuuUcJoRKDkcUvbMXY/9Xoa2quERrUg/rBbDUHowRPjYDS5GzY1+f4YY8s40BufGiqyUTKKXL953MVFK8gmezXA0hbmrnZ7CBOw/7238mORAdzExaX8n7CE=
+ingotronic.ch.		300	IN	DNSKEY	256 3 5 AwEAAZ2Xh77GFzpEDx7EHYxShqltHgkiG+BOjBGifEmnJhQSdE5/yNSLFNcdhZZ8HUPxYnaedTqJcFFg4AzUsQklF/fECegTJdZjaj2WoL0/I8K7HMfY/hVuRZUWPNglYi8agJRX6gdkFTCpUNI7stpgKqxtzUJhhw15uG/lKMplwqUr
+ingotronic.ch.		300	IN	RRSIG	DNSKEY 5 2 300 20150125003700 20141226001657 6031 ingotronic.ch. rs1QlP2SlSpA2ELbzwg3DgWLzXWL3Lpv6CUJE2Q0qH2Zp7Qdy3cD+ZEtNh9v24Qv1M6JJ3zFt8mmZoCeW2ycuMbJCqBkW9CBuwF+VznZvZY2MxwPipvhvEEGP//0M8YAZJ66yQPDv3PTdAP8FYbIrJyvY44vwyncwbslpfHT9jAsrbfr3vuMuWps86dnP462q+0s1TxBfqi8mzo3gdavjHKWVNwohLahLKT+tWeu6DSzQv0YwMjwtkLgF7QRgx3ctIIkloOrnx9nHH1N6y+hxEB89fOlyVDjHhgL5uVtsD5fEdT0FJ2Gc/2nShEMMqIwr1/J9kUq1mNySff/uEe65Q==
+ingotronic.ch.		300	IN	RRSIG	DNSKEY 5 2 300 20150125003700 20141226001657 17430 ingotronic.ch. mEwZjhQqeWksWD0TCnNBrtce4YkWJL3edqL6PvAUu8Fn+Ih437kEs3+pqdkgRsdYQ9HW+lBm/8pWwJlNAv0bi9NykItXMwAUFtncgq+6Pnh3iAM972GXSa5VV4LcGQ5b8CBdHCHiEKDqyPv5Hr5QfYL/FQaWlcNRh4QZZlZNPFA=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 940 bytes
+
+###############################################
+
diff --git a/src/test/resources/recordings/org_xbill_DNS_dnssec_TestNonExistence/testSignedNodata_1 b/src/test/resources/recordings/org_xbill_DNS_dnssec_TestNonExistence/testSignedNodata_1
new file mode 100644
index 000000000..7a17fde9d
--- /dev/null
+++ b/src/test/resources/recordings/org_xbill_DNS_dnssec_TestNonExistence/testSignedNodata_1
@@ -0,0 +1,118 @@
+#Date: 2015-01-06T22:34:46+01:00
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 55491
+;; flags: qr aa rd ra cd ; qd: 1 an: 0 au: 4 ad: 1 
+;; QUESTIONS:
+;;	www.ingotronic.ch., type = MX, class = IN
+
+;; ANSWERS:
+
+;; AUTHORITY RECORDS:
+ingotronic.ch.		300	IN	SOA	ns1.ingotronic.ch. admin.ingotronic.ch. 2013032762 300 60 864000 300
+ingotronic.ch.		300	IN	RRSIG	SOA 5 2 300 20150125021244 20141226011244 17430 ingotronic.ch. WDLpp9G0P/rlMBfpFn9sAfpEFoBnQfwyGSXbGCc/LG1FSkJoKLDQYDY696scLNsJgkrzZeJrl0oSSvA8AvRUhYRrmuqWMxTVFgYlRwPwqEMCKUqiVhKGVF4NYemoBiUQC4nJwBZd57xKCiF4AQ4CodBtiZxefJFAlTNE0g2yxtM=
+www.ingotronic.ch.	300	IN	NSEC	z.ingotronic.ch. A AAAA RRSIG NSEC
+www.ingotronic.ch.	300	IN	RRSIG	NSEC 5 3 300 20150125012443 20141226010256 17430 ingotronic.ch. fMbLmn92jrN7YeM4XWcq7/kKLiPB3Ll4yQSLiPRWQw79ZVeNJMkqEqdstEnnTyKu/hAId6YpvMKsJnIfCTVyoO75i6CaEKXOpvf9AT7TstEUj0YKjp4vWvcNs2F2144nrnqnaVFX8ZTxnUV50R+/AsqtKA+2/Tky6SlNhzeWVMI=
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 475 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 50097
+;; flags: qr rd ra ad cd ; qd: 1 an: 4 au: 0 ad: 1 
+;; QUESTIONS:
+;;	., type = DNSKEY, class = IN
+
+;; ANSWERS:
+.			87387	IN	DNSKEY	256 3 8 AwEAAaPD7Y7XIi1MOEREJNTrRhyqsY3gff6JWzg+XCbqut1sbcbvqyssHw8DT1AkRaAC92pO8xuyq5QEgEPL1IHfABLwpwXI5gTj4gdwi86bpkmlWs9fRpnn4DPDCTdrnxIejJXgClHikLJF3u3CdpNCMijq4CKdQbMlRZ3avv+G7rh7
+.			87387	IN	DNSKEY	256 3 8 AwEAAe3fSrbLBy3LOS7pnxEUhvPZTE2H5dIGsI/UfruI/nOEvWWa/PSX2BFedBkEqOlYdjdNF2f+6lmfk2Od/xu0v5bVqxFE+/24v3hZSlWBxvXzPTAGHrbW/IJYEPqlzVOAS4XdUgHg0N7IbLywNHMvB+Yf+Nm6ctyXXFLV4WTNnzs7
+.			87387	IN	DNSKEY	257 3 8 AwEAAagAIKlVZrpC6Ia7gEzahOR+9W29euxhJhVVLOyQbSEW0O8gcCjFFVQUTf6v58fLjwBd0YI0EzrAcQqBGCzh/RStIoO8g0NfnfL2MTJRkxoXbfDaUeVPQuYEhg37NZWAJQ9VnMVDxP/VHL496M/QZxkjf5/Efucp2gaDX6RS6CXpoY68LsvPVjR0ZSwzz1apAzvN9dlzEheX7ICJBBtuA6G3LQpzW5hOA2hzCTMjJPJ8LbqF6dsV6DoBQzgul0sGIcGOYl7OyQdXfZ57relSQageu+ipAdTTJ25AsRTAoub8ONGcLmqrAmRLKBP1dfwhYB4N7knNnulqQxA+Uk1ihz0=
+.			87387	IN	RRSIG	DNSKEY 8 0 172800 20150115235959 20150101000000 19036 . i8cAxD2pvQi1oAyvQxRpDfFlbqPzW+69QQEsDwE1eWOm5AtawO9U7lmsGps7sy/fVNvl1ljKBj4Djp9pb3U2FLogjiIlW0cDAkPmLlG9t+b/pjEfBNlhjANUVN06pvQVAfm+LcF26EaWT6FlISBqb6jSy4BHRa3Bdc4Sx7+pRSYSqVVvYxLkfAWsKPqGkvWhebJDndJJV9syXQXgZ+v/uJ+6XOS43xkAdeL8iBzIs/FlwMTfh3tVe3d0lb65IBBLlCzeQuetX+0Vu1YFcnD0mHc/wS2ZnAV5toAFmyVQBoY/XAZiZeaOkcROJ6Zmqezy7liwK7BqsYyAZntMhk8lbg==
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 883 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 21262
+;; flags: qr rd ra ad cd ; qd: 1 an: 2 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ch., type = DS, class = IN
+
+;; ANSWERS:
+ch.			987	IN	DS	46375 8 2 8F96646FC68BB7E4AF4C0750A6096FBC0D4ECDA3D3FA6DA06FDDB42EE50C6CF3
+ch.			987	IN	RRSIG	DS 8 1 86400 20150112170000 20150105160000 16665 . thY7xYWBBxiBjqbQIb9fAG4TmQgnziwM7q6P1T3/ITxmECdvOCQnnZA3uD7qmN8uM0HudsD7+y+zgD3rsH4RSTKdL4kHSI0OnCxToMTvklghEgFDezqIRm8NkWdI2H4Stwrj20nYKSpLQxPI2EE54gs18P3KyO8bAUYv8Qx73xU=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 238 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 221
+;; flags: qr rd ra ad cd ; qd: 1 an: 4 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ch., type = DNSKEY, class = IN
+
+;; ANSWERS:
+ch.			988	IN	DNSKEY	256 3 8 AwEAAcsg0kY6fw1wzYMhSAKTy+Y2JzAst66P/1odp9NECJJHbU8f4nwziI3onoFSBV0ZiSZhY1aH5dhdDZ7BkrqhVXSrZPAz0CvzjIxmB1gSOf9DeZvjQvoy97HqYolxsf+B3QQv2RKBT67elF5+JisKg3/dQISelKn8LhabSoVrMlD1
+ch.			988	IN	DNSKEY	257 3 8 AwEAAb7GhhZ8IAy/AhwmSms5DeQK5ad09wIIplEpYoiAIYXPtJvT1ReFzyfTp/2YP+g/PWDwHPh4qKAHa9x0VgbIQcGAeNakmfkAdWEmCnca323/SAml3mwfaX62G7/uYWae5zh8QTxZKNd+K1yZ5x0IxnI31chSl5xymRbTEHYZDKwSIRFM3fTxUMt93WFaBVWELReYotJBr++rvAWdnlay5TPBTvheLBkaiqtgM4GP8HK07Y+86lsZnEsj5K3G1KTV5SPpa82rqYAwxG9VKbmSE/6/kBR5jJHjt1rRt5Oe7v18aEtw0YCEN4vxq+KuvMoNVqXUsE9LBwHJD+QNwi6wmB0=
+ch.			988	IN	DNSKEY	256 3 8 AwEAAcSLdT0fEmcFmLpeUkAJoeVaHKiu+nbuc43fWlqaCRVf8t2HA4uWxOk0O5ci9nrFTc8nq8oa5fk5Cj7CHh4yrX9qUCfTdIWTyp8BDEdJpS+Dyb0u9wQuVj+nQMj4fLzdQf4TJs3/qxuiLr3nL1UUwlhhXeqSqGVb7p3mtB5HJ8ad
+ch.			988	IN	RRSIG	DNSKEY 8 1 86400 20150127100909 20141212090909 46375 ch. bT8q0FWyeMH0SulNo6UdIIgZYNATwYsee2bikq2Gh339Bufma8eaqWIPYT3XKmxYPBFOw0bVl+kLZxTwbR1CFoCDXoP+qgQhh4mf9qkNiv2CDSc+0FE3FRREn+DAhYTUEuB58FPiPakFB8s8O7T+k2qhDae7jy4/y7Jl1lnjaBY8s7bzOUPhF0KKCNZmvoKwtL23ZdVeTSV1xM3jkiNnpzBKbcoSWECSGJVp1SE0BnRXdwQP41YTXFZ0310YjaTAUCC5qbMIWdEkHjfdSQtKBImnc85mkapq9w++XQ4zhauPWBtrPV3CcoCahjUaWdjrKVkibomlJZaN8MEO23CfQw==
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 893 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 23462
+;; flags: qr rd ra cd ; qd: 1 an: 3 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ingotronic.ch., type = DS, class = IN
+
+;; ANSWERS:
+ingotronic.ch.		3596	IN	DS	6031 5 2 4A948F2FDADA24686E473EDAC00DCF972584C75E3FAA92C2021B6221449FF87E
+ingotronic.ch.		3596	IN	DS	6031 5 1 733D0218B571CD617B1A7493564B9FC4F12ADE82
+ingotronic.ch.		3596	IN	RRSIG	DS 8 2 3600 20150129033614 20150105123019 60789 ch. rVPJP2HhzW7OkroK2axFj5Lb4iVWCH8Fp/Iq1rF952NDo72b8RiKje2RaAKJAGQ+wd0YgE+PAej04GCmkhlDJA/zvPeeTxuhy3HbJzReMlQ7fjyH+wW1hli+FuIYvogXWf7nO/9VyPORt8X/f/pjrOr3Vlj9sGLN8TGYpEuVSw4=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 288 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 14899
+;; flags: qr aa rd ra cd ; qd: 1 an: 4 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ingotronic.ch., type = DNSKEY, class = IN
+
+;; ANSWERS:
+ingotronic.ch.		300	IN	DNSKEY	257 3 5 AwEAAeA1vzmjaB+eBAcvhzpKEgAEFpvQ1rg4uKDW6MsQtacKoqBpgyep2+LuWotz5p/xYxj3NGsArwN8Ad5cY0FHRr8miTT0elOv6nvlqGIfRuhj/BXAQ1x4ihpSFslHw0lJMYFwxsUZWpUyjWX/nv1xRZMMwF46gui0N4OEbyTYusCk77D+A71k+K0EAitFIbIH4GCUKmH1H7HmXhSVH9bN/n7KEGwW32lmsuuUcJoRKDkcUvbMXY/9Xoa2quERrUg/rBbDUHowRPjYDS5GzY1+f4YY8s40BufGiqyUTKKXL953MVFK8gmezXA0hbmrnZ7CBOw/7238mORAdzExaX8n7CE=
+ingotronic.ch.		300	IN	DNSKEY	256 3 5 AwEAAZ2Xh77GFzpEDx7EHYxShqltHgkiG+BOjBGifEmnJhQSdE5/yNSLFNcdhZZ8HUPxYnaedTqJcFFg4AzUsQklF/fECegTJdZjaj2WoL0/I8K7HMfY/hVuRZUWPNglYi8agJRX6gdkFTCpUNI7stpgKqxtzUJhhw15uG/lKMplwqUr
+ingotronic.ch.		300	IN	RRSIG	DNSKEY 5 2 300 20150125003700 20141226001657 6031 ingotronic.ch. rs1QlP2SlSpA2ELbzwg3DgWLzXWL3Lpv6CUJE2Q0qH2Zp7Qdy3cD+ZEtNh9v24Qv1M6JJ3zFt8mmZoCeW2ycuMbJCqBkW9CBuwF+VznZvZY2MxwPipvhvEEGP//0M8YAZJ66yQPDv3PTdAP8FYbIrJyvY44vwyncwbslpfHT9jAsrbfr3vuMuWps86dnP462q+0s1TxBfqi8mzo3gdavjHKWVNwohLahLKT+tWeu6DSzQv0YwMjwtkLgF7QRgx3ctIIkloOrnx9nHH1N6y+hxEB89fOlyVDjHhgL5uVtsD5fEdT0FJ2Gc/2nShEMMqIwr1/J9kUq1mNySff/uEe65Q==
+ingotronic.ch.		300	IN	RRSIG	DNSKEY 5 2 300 20150125003700 20141226001657 17430 ingotronic.ch. mEwZjhQqeWksWD0TCnNBrtce4YkWJL3edqL6PvAUu8Fn+Ih437kEs3+pqdkgRsdYQ9HW+lBm/8pWwJlNAv0bi9NykItXMwAUFtncgq+6Pnh3iAM972GXSa5VV4LcGQ5b8CBdHCHiEKDqyPv5Hr5QfYL/FQaWlcNRh4QZZlZNPFA=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 940 bytes
+
+###############################################
+
diff --git a/src/test/resources/recordings/org_xbill_DNS_dnssec_TestNonExistence/testSignedNodata_2 b/src/test/resources/recordings/org_xbill_DNS_dnssec_TestNonExistence/testSignedNodata_2
new file mode 100644
index 000000000..ae556d7cd
--- /dev/null
+++ b/src/test/resources/recordings/org_xbill_DNS_dnssec_TestNonExistence/testSignedNodata_2
@@ -0,0 +1,157 @@
+#Date: 2015-01-06T22:34:46+01:00
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 20397
+;; flags: qr aa rd ra cd ; qd: 1 an: 0 au: 4 ad: 1 
+;; QUESTIONS:
+;;	www.nsec3.ingotronic.ch., type = MX, class = IN
+
+;; ANSWERS:
+
+;; AUTHORITY RECORDS:
+nsec3.ingotronic.ch.	300	IN	SOA	ns1.ingotronic.ch. admin.ingotronic.ch. 2013032932 300 60 864000 300
+nsec3.ingotronic.ch.	300	IN	RRSIG	SOA 7 3 300 20150201003516 20150101233516 62417 nsec3.ingotronic.ch. RMXaAZCkydysBpA4+LWD2frs4CZH2FBxafAolq7MOG62Sw3ellwNcSIh2naMasviin2DU2BAzIYyFUqKJDbUqzTxZQjsM6d5LtgFy5iTNmWum6FnFP5Fz73Zs/9Q0LNEstR82MRRL8EDElADhFySAReavyT/vlSTScQGxx6slyQ=
+7L2K0NAC88UN3IJV0404HF7PM543BN3F.nsec3.ingotronic.ch.	300	IN	NSEC3	1 0 10 1234 810L2KR9HCVTELBLO8GQM0EMIM8KD01E A AAAA RRSIG
+7L2K0NAC88UN3IJV0404HF7PM543BN3F.nsec3.ingotronic.ch.	300	IN	RRSIG	NSEC3 7 4 300 20150125000452 20141225235516 62417 nsec3.ingotronic.ch. hOo4U9QFigY0lLf6UzA/WlwjZsXfs5EZdfiumlAHv2H/I81TiWBtKQhOvMyVUOFq1dMq44JnO2KJEEuPRKKNPiER4a3Y/kzpjscW+yfUWjOzOmZX4d2p9ustljj125/PVUwAOeCP7a8fFZMG/7Xughx49B4WFsDrIUEbMsw3Iqo=
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 537 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 13329
+;; flags: qr rd ra ad cd ; qd: 1 an: 4 au: 0 ad: 1 
+;; QUESTIONS:
+;;	., type = DNSKEY, class = IN
+
+;; ANSWERS:
+.			87388	IN	DNSKEY	256 3 8 AwEAAe3fSrbLBy3LOS7pnxEUhvPZTE2H5dIGsI/UfruI/nOEvWWa/PSX2BFedBkEqOlYdjdNF2f+6lmfk2Od/xu0v5bVqxFE+/24v3hZSlWBxvXzPTAGHrbW/IJYEPqlzVOAS4XdUgHg0N7IbLywNHMvB+Yf+Nm6ctyXXFLV4WTNnzs7
+.			87388	IN	DNSKEY	256 3 8 AwEAAaPD7Y7XIi1MOEREJNTrRhyqsY3gff6JWzg+XCbqut1sbcbvqyssHw8DT1AkRaAC92pO8xuyq5QEgEPL1IHfABLwpwXI5gTj4gdwi86bpkmlWs9fRpnn4DPDCTdrnxIejJXgClHikLJF3u3CdpNCMijq4CKdQbMlRZ3avv+G7rh7
+.			87388	IN	DNSKEY	257 3 8 AwEAAagAIKlVZrpC6Ia7gEzahOR+9W29euxhJhVVLOyQbSEW0O8gcCjFFVQUTf6v58fLjwBd0YI0EzrAcQqBGCzh/RStIoO8g0NfnfL2MTJRkxoXbfDaUeVPQuYEhg37NZWAJQ9VnMVDxP/VHL496M/QZxkjf5/Efucp2gaDX6RS6CXpoY68LsvPVjR0ZSwzz1apAzvN9dlzEheX7ICJBBtuA6G3LQpzW5hOA2hzCTMjJPJ8LbqF6dsV6DoBQzgul0sGIcGOYl7OyQdXfZ57relSQageu+ipAdTTJ25AsRTAoub8ONGcLmqrAmRLKBP1dfwhYB4N7knNnulqQxA+Uk1ihz0=
+.			87388	IN	RRSIG	DNSKEY 8 0 172800 20150115235959 20150101000000 19036 . i8cAxD2pvQi1oAyvQxRpDfFlbqPzW+69QQEsDwE1eWOm5AtawO9U7lmsGps7sy/fVNvl1ljKBj4Djp9pb3U2FLogjiIlW0cDAkPmLlG9t+b/pjEfBNlhjANUVN06pvQVAfm+LcF26EaWT6FlISBqb6jSy4BHRa3Bdc4Sx7+pRSYSqVVvYxLkfAWsKPqGkvWhebJDndJJV9syXQXgZ+v/uJ+6XOS43xkAdeL8iBzIs/FlwMTfh3tVe3d0lb65IBBLlCzeQuetX+0Vu1YFcnD0mHc/wS2ZnAV5toAFmyVQBoY/XAZiZeaOkcROJ6Zmqezy7liwK7BqsYyAZntMhk8lbg==
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 883 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 27135
+;; flags: qr rd ra ad cd ; qd: 1 an: 2 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ch., type = DS, class = IN
+
+;; ANSWERS:
+ch.			988	IN	DS	46375 8 2 8F96646FC68BB7E4AF4C0750A6096FBC0D4ECDA3D3FA6DA06FDDB42EE50C6CF3
+ch.			988	IN	RRSIG	DS 8 1 86400 20150112170000 20150105160000 16665 . thY7xYWBBxiBjqbQIb9fAG4TmQgnziwM7q6P1T3/ITxmECdvOCQnnZA3uD7qmN8uM0HudsD7+y+zgD3rsH4RSTKdL4kHSI0OnCxToMTvklghEgFDezqIRm8NkWdI2H4Stwrj20nYKSpLQxPI2EE54gs18P3KyO8bAUYv8Qx73xU=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 238 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 14048
+;; flags: qr rd ra ad cd ; qd: 1 an: 4 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ch., type = DNSKEY, class = IN
+
+;; ANSWERS:
+ch.			989	IN	DNSKEY	256 3 8 AwEAAcsg0kY6fw1wzYMhSAKTy+Y2JzAst66P/1odp9NECJJHbU8f4nwziI3onoFSBV0ZiSZhY1aH5dhdDZ7BkrqhVXSrZPAz0CvzjIxmB1gSOf9DeZvjQvoy97HqYolxsf+B3QQv2RKBT67elF5+JisKg3/dQISelKn8LhabSoVrMlD1
+ch.			989	IN	DNSKEY	257 3 8 AwEAAb7GhhZ8IAy/AhwmSms5DeQK5ad09wIIplEpYoiAIYXPtJvT1ReFzyfTp/2YP+g/PWDwHPh4qKAHa9x0VgbIQcGAeNakmfkAdWEmCnca323/SAml3mwfaX62G7/uYWae5zh8QTxZKNd+K1yZ5x0IxnI31chSl5xymRbTEHYZDKwSIRFM3fTxUMt93WFaBVWELReYotJBr++rvAWdnlay5TPBTvheLBkaiqtgM4GP8HK07Y+86lsZnEsj5K3G1KTV5SPpa82rqYAwxG9VKbmSE/6/kBR5jJHjt1rRt5Oe7v18aEtw0YCEN4vxq+KuvMoNVqXUsE9LBwHJD+QNwi6wmB0=
+ch.			989	IN	DNSKEY	256 3 8 AwEAAcSLdT0fEmcFmLpeUkAJoeVaHKiu+nbuc43fWlqaCRVf8t2HA4uWxOk0O5ci9nrFTc8nq8oa5fk5Cj7CHh4yrX9qUCfTdIWTyp8BDEdJpS+Dyb0u9wQuVj+nQMj4fLzdQf4TJs3/qxuiLr3nL1UUwlhhXeqSqGVb7p3mtB5HJ8ad
+ch.			989	IN	RRSIG	DNSKEY 8 1 86400 20150127100909 20141212090909 46375 ch. bT8q0FWyeMH0SulNo6UdIIgZYNATwYsee2bikq2Gh339Bufma8eaqWIPYT3XKmxYPBFOw0bVl+kLZxTwbR1CFoCDXoP+qgQhh4mf9qkNiv2CDSc+0FE3FRREn+DAhYTUEuB58FPiPakFB8s8O7T+k2qhDae7jy4/y7Jl1lnjaBY8s7bzOUPhF0KKCNZmvoKwtL23ZdVeTSV1xM3jkiNnpzBKbcoSWECSGJVp1SE0BnRXdwQP41YTXFZ0310YjaTAUCC5qbMIWdEkHjfdSQtKBImnc85mkapq9w++XQ4zhauPWBtrPV3CcoCahjUaWdjrKVkibomlJZaN8MEO23CfQw==
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 893 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 6090
+;; flags: qr rd ra cd ; qd: 1 an: 3 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ingotronic.ch., type = DS, class = IN
+
+;; ANSWERS:
+ingotronic.ch.		3596	IN	DS	6031 5 1 733D0218B571CD617B1A7493564B9FC4F12ADE82
+ingotronic.ch.		3596	IN	DS	6031 5 2 4A948F2FDADA24686E473EDAC00DCF972584C75E3FAA92C2021B6221449FF87E
+ingotronic.ch.		3596	IN	RRSIG	DS 8 2 3600 20150129033614 20150105123019 60789 ch. rVPJP2HhzW7OkroK2axFj5Lb4iVWCH8Fp/Iq1rF952NDo72b8RiKje2RaAKJAGQ+wd0YgE+PAej04GCmkhlDJA/zvPeeTxuhy3HbJzReMlQ7fjyH+wW1hli+FuIYvogXWf7nO/9VyPORt8X/f/pjrOr3Vlj9sGLN8TGYpEuVSw4=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 288 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 8413
+;; flags: qr aa rd ra cd ; qd: 1 an: 4 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ingotronic.ch., type = DNSKEY, class = IN
+
+;; ANSWERS:
+ingotronic.ch.		300	IN	DNSKEY	256 3 5 AwEAAZ2Xh77GFzpEDx7EHYxShqltHgkiG+BOjBGifEmnJhQSdE5/yNSLFNcdhZZ8HUPxYnaedTqJcFFg4AzUsQklF/fECegTJdZjaj2WoL0/I8K7HMfY/hVuRZUWPNglYi8agJRX6gdkFTCpUNI7stpgKqxtzUJhhw15uG/lKMplwqUr
+ingotronic.ch.		300	IN	DNSKEY	257 3 5 AwEAAeA1vzmjaB+eBAcvhzpKEgAEFpvQ1rg4uKDW6MsQtacKoqBpgyep2+LuWotz5p/xYxj3NGsArwN8Ad5cY0FHRr8miTT0elOv6nvlqGIfRuhj/BXAQ1x4ihpSFslHw0lJMYFwxsUZWpUyjWX/nv1xRZMMwF46gui0N4OEbyTYusCk77D+A71k+K0EAitFIbIH4GCUKmH1H7HmXhSVH9bN/n7KEGwW32lmsuuUcJoRKDkcUvbMXY/9Xoa2quERrUg/rBbDUHowRPjYDS5GzY1+f4YY8s40BufGiqyUTKKXL953MVFK8gmezXA0hbmrnZ7CBOw/7238mORAdzExaX8n7CE=
+ingotronic.ch.		300	IN	RRSIG	DNSKEY 5 2 300 20150125003700 20141226001657 6031 ingotronic.ch. rs1QlP2SlSpA2ELbzwg3DgWLzXWL3Lpv6CUJE2Q0qH2Zp7Qdy3cD+ZEtNh9v24Qv1M6JJ3zFt8mmZoCeW2ycuMbJCqBkW9CBuwF+VznZvZY2MxwPipvhvEEGP//0M8YAZJ66yQPDv3PTdAP8FYbIrJyvY44vwyncwbslpfHT9jAsrbfr3vuMuWps86dnP462q+0s1TxBfqi8mzo3gdavjHKWVNwohLahLKT+tWeu6DSzQv0YwMjwtkLgF7QRgx3ctIIkloOrnx9nHH1N6y+hxEB89fOlyVDjHhgL5uVtsD5fEdT0FJ2Gc/2nShEMMqIwr1/J9kUq1mNySff/uEe65Q==
+ingotronic.ch.		300	IN	RRSIG	DNSKEY 5 2 300 20150125003700 20141226001657 17430 ingotronic.ch. mEwZjhQqeWksWD0TCnNBrtce4YkWJL3edqL6PvAUu8Fn+Ih437kEs3+pqdkgRsdYQ9HW+lBm/8pWwJlNAv0bi9NykItXMwAUFtncgq+6Pnh3iAM972GXSa5VV4LcGQ5b8CBdHCHiEKDqyPv5Hr5QfYL/FQaWlcNRh4QZZlZNPFA=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 940 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 63148
+;; flags: qr aa rd ra cd ; qd: 1 an: 3 au: 0 ad: 1 
+;; QUESTIONS:
+;;	nsec3.ingotronic.ch., type = DS, class = IN
+
+;; ANSWERS:
+nsec3.ingotronic.ch.	300	IN	DS	16758 7 1 1720FF268E09A2CB63805EC8782D10AAD20E12A5
+nsec3.ingotronic.ch.	300	IN	DS	16758 7 2 3C8DC02750A1636F829B45D6E6D642866768A9CD40A013AD9D25AB63734FFA13
+nsec3.ingotronic.ch.	300	IN	RRSIG	DS 5 3 300 20150125011134 20141226002644 17430 ingotronic.ch. hNurzlGhlyHbSgezPDuhIrtN9ZMsMXZbKGc7HD5rUuM88wD3fM97NxdzF+2Hi1USvBZ5GsQv63L+lAzf+mFPBoPIFHtTiAv8up7kQKRKmi/EzzkCYd/CC4UYdDZbaUyv7esh7spSOGwjPJNdK831p+MgltoWaYtnSGVMgOKk5mc=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 305 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 46698
+;; flags: qr aa rd ra cd ; qd: 1 an: 4 au: 0 ad: 1 
+;; QUESTIONS:
+;;	nsec3.ingotronic.ch., type = DNSKEY, class = IN
+
+;; ANSWERS:
+nsec3.ingotronic.ch.	300	IN	DNSKEY	256 3 7 AwEAAccAWxkTVGZ6UAp0VEozAlYpARhbh6Y6tYOl6Fg3UeBNFFtDQ9fTEEt1NkbnR9u8KkpVN6a67avlYiUN1egDqEwzDU7R1Rw+/USdhm2hqOARmmu3DBgjjX/iXjZLyv310cOGFJZ/smcodlDL4pDAAoPxh/qs6KEBaT0sc1KWcGq3
+nsec3.ingotronic.ch.	300	IN	DNSKEY	257 3 7 AwEAAaBuJTf9oGyeTH3biUkAFLrsYrkodX1H7Snsui4XsDHFCBvs5XYacHbs0Jg0/O51KPjmNnjwMW8SSyDkKqYQ+9uYAf2EQ/pnD/VGQqnV2cw0Vwk/t0E2V4FUCju4pnAoyzZFZXGs1eWbX9JXu++b0Azp+ACq6485qJLzHhWDiIrPoK/SvdbFVRK4s+nPPJLH3NGBbtdz6kPq7aFWYBMoGeAZdN1wsQpcNWUo5eOmaJY53nMc7+rDpAyYlMe/FKwSZdX2ZDd63Qsa6Im4FVUJq/nWLq7tlQ/mWks15uDTQyJy/OWfA0ICCO4N9Fel9rThJNpJWEzOCblvZyBoy405kZk=
+nsec3.ingotronic.ch.	300	IN	RRSIG	DNSKEY 7 3 300 20150125001457 20141226000444 16758 nsec3.ingotronic.ch. mXi1ylDi8XkRPup+YlT8GPdYE+P7gb6+/VdAwtodI916IzrkGkOHOTLbnrbAqqJOh0HxVCYXdxovmEcbJKUFKwplrQg3XD7/9Sq4pKU1MhMFEGrm/QPkM4u0mgjQwyToDLGuPHuFyur3FSjO/n54uGhAEft9JOFk/WKtWdCnm2LLyQrpC6herA3efFaI8kZhdoEY02AwihWVJxHasmz7lOoKRgNrkfELU+fN4+V7ISsRfJMyZc6q5PuNeG6vFD0uNE8tpdLJCSMurKYVpelvYqzFIcRTYcIjXwmS+L3DGjupqWMzFZVmpQM62JG3KCCD0ffpnNb0nWoSoHwpSeh/3Q==
+nsec3.ingotronic.ch.	300	IN	RRSIG	DNSKEY 7 3 300 20150125001457 20141226000444 62417 nsec3.ingotronic.ch. PyCrf8T5dAfJzapb1p+kcTALPjDuD2niSaXXo0KeHAunT+6gJicLML2S/ZpiYr7X7Ma4Z0TYqE02qH6pcLYNnSgv9BE8sZO0nRtPekSyTy5nLi4hFADYhjb3UjaB85qmQZcqm64vC/CJhWO4t6Eixg/5MYALw+Qdy5Fo0qy/U5E=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 958 bytes
+
+###############################################
+
diff --git a/src/test/resources/recordings/org_xbill_DNS_dnssec_TestNonExistence/testSignedNodata_3 b/src/test/resources/recordings/org_xbill_DNS_dnssec_TestNonExistence/testSignedNodata_3
new file mode 100644
index 000000000..4431522ea
--- /dev/null
+++ b/src/test/resources/recordings/org_xbill_DNS_dnssec_TestNonExistence/testSignedNodata_3
@@ -0,0 +1,118 @@
+#Date: 2015-01-06T22:34:44+01:00
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 21797
+;; flags: qr aa rd ra cd ; qd: 1 an: 0 au: 4 ad: 1 
+;; QUESTIONS:
+;;	a.b.ingotronic.ch., type = MX, class = IN
+
+;; ANSWERS:
+
+;; AUTHORITY RECORDS:
+ingotronic.ch.		300	IN	SOA	ns1.ingotronic.ch. admin.ingotronic.ch. 2013032762 300 60 864000 300
+ingotronic.ch.		300	IN	RRSIG	SOA 5 2 300 20150125021244 20141226011244 17430 ingotronic.ch. WDLpp9G0P/rlMBfpFn9sAfpEFoBnQfwyGSXbGCc/LG1FSkJoKLDQYDY696scLNsJgkrzZeJrl0oSSvA8AvRUhYRrmuqWMxTVFgYlRwPwqEMCKUqiVhKGVF4NYemoBiUQC4nJwBZd57xKCiF4AQ4CodBtiZxefJFAlTNE0g2yxtM=
+a.b.ingotronic.ch.	300	IN	NSEC	*.c.ingotronic.ch. A RRSIG NSEC
+a.b.ingotronic.ch.	300	IN	RRSIG	NSEC 5 4 300 20150125000532 20141225234703 17430 ingotronic.ch. HMCFItkk6JIV9hcHJ+p+OO5CI8B7H4fWy6w8kMfKPA/Z/lUcjlSKSexxd4ppubXfaVDhTW5j3Nd0rEpKbxztd9MZGVbvk7LJibvpD4ACR0xSmE69fyjrxrN/uDPYVPL5uOTklgDAlinQS3E6KulWr5iST9H4gmhfrk5MpvK4fcc=
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 477 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 3215
+;; flags: qr rd ra ad cd ; qd: 1 an: 4 au: 0 ad: 1 
+;; QUESTIONS:
+;;	., type = DNSKEY, class = IN
+
+;; ANSWERS:
+.			87389	IN	DNSKEY	256 3 8 AwEAAaPD7Y7XIi1MOEREJNTrRhyqsY3gff6JWzg+XCbqut1sbcbvqyssHw8DT1AkRaAC92pO8xuyq5QEgEPL1IHfABLwpwXI5gTj4gdwi86bpkmlWs9fRpnn4DPDCTdrnxIejJXgClHikLJF3u3CdpNCMijq4CKdQbMlRZ3avv+G7rh7
+.			87389	IN	DNSKEY	256 3 8 AwEAAe3fSrbLBy3LOS7pnxEUhvPZTE2H5dIGsI/UfruI/nOEvWWa/PSX2BFedBkEqOlYdjdNF2f+6lmfk2Od/xu0v5bVqxFE+/24v3hZSlWBxvXzPTAGHrbW/IJYEPqlzVOAS4XdUgHg0N7IbLywNHMvB+Yf+Nm6ctyXXFLV4WTNnzs7
+.			87389	IN	DNSKEY	257 3 8 AwEAAagAIKlVZrpC6Ia7gEzahOR+9W29euxhJhVVLOyQbSEW0O8gcCjFFVQUTf6v58fLjwBd0YI0EzrAcQqBGCzh/RStIoO8g0NfnfL2MTJRkxoXbfDaUeVPQuYEhg37NZWAJQ9VnMVDxP/VHL496M/QZxkjf5/Efucp2gaDX6RS6CXpoY68LsvPVjR0ZSwzz1apAzvN9dlzEheX7ICJBBtuA6G3LQpzW5hOA2hzCTMjJPJ8LbqF6dsV6DoBQzgul0sGIcGOYl7OyQdXfZ57relSQageu+ipAdTTJ25AsRTAoub8ONGcLmqrAmRLKBP1dfwhYB4N7knNnulqQxA+Uk1ihz0=
+.			87389	IN	RRSIG	DNSKEY 8 0 172800 20150115235959 20150101000000 19036 . i8cAxD2pvQi1oAyvQxRpDfFlbqPzW+69QQEsDwE1eWOm5AtawO9U7lmsGps7sy/fVNvl1ljKBj4Djp9pb3U2FLogjiIlW0cDAkPmLlG9t+b/pjEfBNlhjANUVN06pvQVAfm+LcF26EaWT6FlISBqb6jSy4BHRa3Bdc4Sx7+pRSYSqVVvYxLkfAWsKPqGkvWhebJDndJJV9syXQXgZ+v/uJ+6XOS43xkAdeL8iBzIs/FlwMTfh3tVe3d0lb65IBBLlCzeQuetX+0Vu1YFcnD0mHc/wS2ZnAV5toAFmyVQBoY/XAZiZeaOkcROJ6Zmqezy7liwK7BqsYyAZntMhk8lbg==
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 883 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 19457
+;; flags: qr rd ra ad cd ; qd: 1 an: 2 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ch., type = DS, class = IN
+
+;; ANSWERS:
+ch.			989	IN	DS	46375 8 2 8F96646FC68BB7E4AF4C0750A6096FBC0D4ECDA3D3FA6DA06FDDB42EE50C6CF3
+ch.			989	IN	RRSIG	DS 8 1 86400 20150112170000 20150105160000 16665 . thY7xYWBBxiBjqbQIb9fAG4TmQgnziwM7q6P1T3/ITxmECdvOCQnnZA3uD7qmN8uM0HudsD7+y+zgD3rsH4RSTKdL4kHSI0OnCxToMTvklghEgFDezqIRm8NkWdI2H4Stwrj20nYKSpLQxPI2EE54gs18P3KyO8bAUYv8Qx73xU=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 238 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 13543
+;; flags: qr rd ra ad cd ; qd: 1 an: 4 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ch., type = DNSKEY, class = IN
+
+;; ANSWERS:
+ch.			990	IN	DNSKEY	257 3 8 AwEAAb7GhhZ8IAy/AhwmSms5DeQK5ad09wIIplEpYoiAIYXPtJvT1ReFzyfTp/2YP+g/PWDwHPh4qKAHa9x0VgbIQcGAeNakmfkAdWEmCnca323/SAml3mwfaX62G7/uYWae5zh8QTxZKNd+K1yZ5x0IxnI31chSl5xymRbTEHYZDKwSIRFM3fTxUMt93WFaBVWELReYotJBr++rvAWdnlay5TPBTvheLBkaiqtgM4GP8HK07Y+86lsZnEsj5K3G1KTV5SPpa82rqYAwxG9VKbmSE/6/kBR5jJHjt1rRt5Oe7v18aEtw0YCEN4vxq+KuvMoNVqXUsE9LBwHJD+QNwi6wmB0=
+ch.			990	IN	DNSKEY	256 3 8 AwEAAcSLdT0fEmcFmLpeUkAJoeVaHKiu+nbuc43fWlqaCRVf8t2HA4uWxOk0O5ci9nrFTc8nq8oa5fk5Cj7CHh4yrX9qUCfTdIWTyp8BDEdJpS+Dyb0u9wQuVj+nQMj4fLzdQf4TJs3/qxuiLr3nL1UUwlhhXeqSqGVb7p3mtB5HJ8ad
+ch.			990	IN	DNSKEY	256 3 8 AwEAAcsg0kY6fw1wzYMhSAKTy+Y2JzAst66P/1odp9NECJJHbU8f4nwziI3onoFSBV0ZiSZhY1aH5dhdDZ7BkrqhVXSrZPAz0CvzjIxmB1gSOf9DeZvjQvoy97HqYolxsf+B3QQv2RKBT67elF5+JisKg3/dQISelKn8LhabSoVrMlD1
+ch.			990	IN	RRSIG	DNSKEY 8 1 86400 20150127100909 20141212090909 46375 ch. bT8q0FWyeMH0SulNo6UdIIgZYNATwYsee2bikq2Gh339Bufma8eaqWIPYT3XKmxYPBFOw0bVl+kLZxTwbR1CFoCDXoP+qgQhh4mf9qkNiv2CDSc+0FE3FRREn+DAhYTUEuB58FPiPakFB8s8O7T+k2qhDae7jy4/y7Jl1lnjaBY8s7bzOUPhF0KKCNZmvoKwtL23ZdVeTSV1xM3jkiNnpzBKbcoSWECSGJVp1SE0BnRXdwQP41YTXFZ0310YjaTAUCC5qbMIWdEkHjfdSQtKBImnc85mkapq9w++XQ4zhauPWBtrPV3CcoCahjUaWdjrKVkibomlJZaN8MEO23CfQw==
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 893 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 44836
+;; flags: qr rd ra cd ; qd: 1 an: 3 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ingotronic.ch., type = DS, class = IN
+
+;; ANSWERS:
+ingotronic.ch.		3598	IN	DS	6031 5 1 733D0218B571CD617B1A7493564B9FC4F12ADE82
+ingotronic.ch.		3598	IN	DS	6031 5 2 4A948F2FDADA24686E473EDAC00DCF972584C75E3FAA92C2021B6221449FF87E
+ingotronic.ch.		3598	IN	RRSIG	DS 8 2 3600 20150129033614 20150105123019 60789 ch. rVPJP2HhzW7OkroK2axFj5Lb4iVWCH8Fp/Iq1rF952NDo72b8RiKje2RaAKJAGQ+wd0YgE+PAej04GCmkhlDJA/zvPeeTxuhy3HbJzReMlQ7fjyH+wW1hli+FuIYvogXWf7nO/9VyPORt8X/f/pjrOr3Vlj9sGLN8TGYpEuVSw4=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 288 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 26288
+;; flags: qr aa rd ra cd ; qd: 1 an: 4 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ingotronic.ch., type = DNSKEY, class = IN
+
+;; ANSWERS:
+ingotronic.ch.		300	IN	DNSKEY	257 3 5 AwEAAeA1vzmjaB+eBAcvhzpKEgAEFpvQ1rg4uKDW6MsQtacKoqBpgyep2+LuWotz5p/xYxj3NGsArwN8Ad5cY0FHRr8miTT0elOv6nvlqGIfRuhj/BXAQ1x4ihpSFslHw0lJMYFwxsUZWpUyjWX/nv1xRZMMwF46gui0N4OEbyTYusCk77D+A71k+K0EAitFIbIH4GCUKmH1H7HmXhSVH9bN/n7KEGwW32lmsuuUcJoRKDkcUvbMXY/9Xoa2quERrUg/rBbDUHowRPjYDS5GzY1+f4YY8s40BufGiqyUTKKXL953MVFK8gmezXA0hbmrnZ7CBOw/7238mORAdzExaX8n7CE=
+ingotronic.ch.		300	IN	DNSKEY	256 3 5 AwEAAZ2Xh77GFzpEDx7EHYxShqltHgkiG+BOjBGifEmnJhQSdE5/yNSLFNcdhZZ8HUPxYnaedTqJcFFg4AzUsQklF/fECegTJdZjaj2WoL0/I8K7HMfY/hVuRZUWPNglYi8agJRX6gdkFTCpUNI7stpgKqxtzUJhhw15uG/lKMplwqUr
+ingotronic.ch.		300	IN	RRSIG	DNSKEY 5 2 300 20150125003700 20141226001657 6031 ingotronic.ch. rs1QlP2SlSpA2ELbzwg3DgWLzXWL3Lpv6CUJE2Q0qH2Zp7Qdy3cD+ZEtNh9v24Qv1M6JJ3zFt8mmZoCeW2ycuMbJCqBkW9CBuwF+VznZvZY2MxwPipvhvEEGP//0M8YAZJ66yQPDv3PTdAP8FYbIrJyvY44vwyncwbslpfHT9jAsrbfr3vuMuWps86dnP462q+0s1TxBfqi8mzo3gdavjHKWVNwohLahLKT+tWeu6DSzQv0YwMjwtkLgF7QRgx3ctIIkloOrnx9nHH1N6y+hxEB89fOlyVDjHhgL5uVtsD5fEdT0FJ2Gc/2nShEMMqIwr1/J9kUq1mNySff/uEe65Q==
+ingotronic.ch.		300	IN	RRSIG	DNSKEY 5 2 300 20150125003700 20141226001657 17430 ingotronic.ch. mEwZjhQqeWksWD0TCnNBrtce4YkWJL3edqL6PvAUu8Fn+Ih437kEs3+pqdkgRsdYQ9HW+lBm/8pWwJlNAv0bi9NykItXMwAUFtncgq+6Pnh3iAM972GXSa5VV4LcGQ5b8CBdHCHiEKDqyPv5Hr5QfYL/FQaWlcNRh4QZZlZNPFA=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 940 bytes
+
+###############################################
+
diff --git a/src/test/resources/recordings/org_xbill_DNS_dnssec_TestNonExistence/testSignedNodata_4 b/src/test/resources/recordings/org_xbill_DNS_dnssec_TestNonExistence/testSignedNodata_4
new file mode 100644
index 000000000..8fc98ee17
--- /dev/null
+++ b/src/test/resources/recordings/org_xbill_DNS_dnssec_TestNonExistence/testSignedNodata_4
@@ -0,0 +1,157 @@
+#Date: 2015-01-06T22:34:42+01:00
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 19002
+;; flags: qr aa rd ra cd ; qd: 1 an: 0 au: 4 ad: 1 
+;; QUESTIONS:
+;;	a.b.nsec3.ingotronic.ch., type = MX, class = IN
+
+;; ANSWERS:
+
+;; AUTHORITY RECORDS:
+nsec3.ingotronic.ch.	300	IN	SOA	ns1.ingotronic.ch. admin.ingotronic.ch. 2013032932 300 60 864000 300
+nsec3.ingotronic.ch.	300	IN	RRSIG	SOA 7 3 300 20150201003516 20150101233516 62417 nsec3.ingotronic.ch. RMXaAZCkydysBpA4+LWD2frs4CZH2FBxafAolq7MOG62Sw3ellwNcSIh2naMasviin2DU2BAzIYyFUqKJDbUqzTxZQjsM6d5LtgFy5iTNmWum6FnFP5Fz73Zs/9Q0LNEstR82MRRL8EDElADhFySAReavyT/vlSTScQGxx6slyQ=
+4FQSC7ORQNKH924CH6L2DOAISKM28080.nsec3.ingotronic.ch.	300	IN	NSEC3	1 0 10 1234 5RFQOLI81S6LKQTUG5HLI19UVJNKUL3H A RRSIG
+4FQSC7ORQNKH924CH6L2DOAISKM28080.nsec3.ingotronic.ch.	300	IN	RRSIG	NSEC3 7 4 300 20150125000452 20141225235516 62417 nsec3.ingotronic.ch. CqoGO4BUVNtHXxUXDPRCTvVPGnqBDwrO8Uyw1NKGELf71x5TKQKFZCBmlT8G/aRgK5fu7xor/zldHS+6yR7nfHEwdW2Y+GzpUawe8ul8nL+Z8DNDFTuCxJtnoP82X0u/EsaT63RVPZAP94jFlvOpzr9NN/De33EcNdl7B/EB/J0=
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 537 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 30530
+;; flags: qr rd ra ad cd ; qd: 1 an: 4 au: 0 ad: 1 
+;; QUESTIONS:
+;;	., type = DNSKEY, class = IN
+
+;; ANSWERS:
+.			87391	IN	DNSKEY	256 3 8 AwEAAe3fSrbLBy3LOS7pnxEUhvPZTE2H5dIGsI/UfruI/nOEvWWa/PSX2BFedBkEqOlYdjdNF2f+6lmfk2Od/xu0v5bVqxFE+/24v3hZSlWBxvXzPTAGHrbW/IJYEPqlzVOAS4XdUgHg0N7IbLywNHMvB+Yf+Nm6ctyXXFLV4WTNnzs7
+.			87391	IN	DNSKEY	257 3 8 AwEAAagAIKlVZrpC6Ia7gEzahOR+9W29euxhJhVVLOyQbSEW0O8gcCjFFVQUTf6v58fLjwBd0YI0EzrAcQqBGCzh/RStIoO8g0NfnfL2MTJRkxoXbfDaUeVPQuYEhg37NZWAJQ9VnMVDxP/VHL496M/QZxkjf5/Efucp2gaDX6RS6CXpoY68LsvPVjR0ZSwzz1apAzvN9dlzEheX7ICJBBtuA6G3LQpzW5hOA2hzCTMjJPJ8LbqF6dsV6DoBQzgul0sGIcGOYl7OyQdXfZ57relSQageu+ipAdTTJ25AsRTAoub8ONGcLmqrAmRLKBP1dfwhYB4N7knNnulqQxA+Uk1ihz0=
+.			87391	IN	DNSKEY	256 3 8 AwEAAaPD7Y7XIi1MOEREJNTrRhyqsY3gff6JWzg+XCbqut1sbcbvqyssHw8DT1AkRaAC92pO8xuyq5QEgEPL1IHfABLwpwXI5gTj4gdwi86bpkmlWs9fRpnn4DPDCTdrnxIejJXgClHikLJF3u3CdpNCMijq4CKdQbMlRZ3avv+G7rh7
+.			87391	IN	RRSIG	DNSKEY 8 0 172800 20150115235959 20150101000000 19036 . i8cAxD2pvQi1oAyvQxRpDfFlbqPzW+69QQEsDwE1eWOm5AtawO9U7lmsGps7sy/fVNvl1ljKBj4Djp9pb3U2FLogjiIlW0cDAkPmLlG9t+b/pjEfBNlhjANUVN06pvQVAfm+LcF26EaWT6FlISBqb6jSy4BHRa3Bdc4Sx7+pRSYSqVVvYxLkfAWsKPqGkvWhebJDndJJV9syXQXgZ+v/uJ+6XOS43xkAdeL8iBzIs/FlwMTfh3tVe3d0lb65IBBLlCzeQuetX+0Vu1YFcnD0mHc/wS2ZnAV5toAFmyVQBoY/XAZiZeaOkcROJ6Zmqezy7liwK7BqsYyAZntMhk8lbg==
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 883 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 5039
+;; flags: qr rd ra ad cd ; qd: 1 an: 2 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ch., type = DS, class = IN
+
+;; ANSWERS:
+ch.			991	IN	DS	46375 8 2 8F96646FC68BB7E4AF4C0750A6096FBC0D4ECDA3D3FA6DA06FDDB42EE50C6CF3
+ch.			991	IN	RRSIG	DS 8 1 86400 20150112170000 20150105160000 16665 . thY7xYWBBxiBjqbQIb9fAG4TmQgnziwM7q6P1T3/ITxmECdvOCQnnZA3uD7qmN8uM0HudsD7+y+zgD3rsH4RSTKdL4kHSI0OnCxToMTvklghEgFDezqIRm8NkWdI2H4Stwrj20nYKSpLQxPI2EE54gs18P3KyO8bAUYv8Qx73xU=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 238 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 9676
+;; flags: qr rd ra ad cd ; qd: 1 an: 4 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ch., type = DNSKEY, class = IN
+
+;; ANSWERS:
+ch.			992	IN	DNSKEY	257 3 8 AwEAAb7GhhZ8IAy/AhwmSms5DeQK5ad09wIIplEpYoiAIYXPtJvT1ReFzyfTp/2YP+g/PWDwHPh4qKAHa9x0VgbIQcGAeNakmfkAdWEmCnca323/SAml3mwfaX62G7/uYWae5zh8QTxZKNd+K1yZ5x0IxnI31chSl5xymRbTEHYZDKwSIRFM3fTxUMt93WFaBVWELReYotJBr++rvAWdnlay5TPBTvheLBkaiqtgM4GP8HK07Y+86lsZnEsj5K3G1KTV5SPpa82rqYAwxG9VKbmSE/6/kBR5jJHjt1rRt5Oe7v18aEtw0YCEN4vxq+KuvMoNVqXUsE9LBwHJD+QNwi6wmB0=
+ch.			992	IN	DNSKEY	256 3 8 AwEAAcsg0kY6fw1wzYMhSAKTy+Y2JzAst66P/1odp9NECJJHbU8f4nwziI3onoFSBV0ZiSZhY1aH5dhdDZ7BkrqhVXSrZPAz0CvzjIxmB1gSOf9DeZvjQvoy97HqYolxsf+B3QQv2RKBT67elF5+JisKg3/dQISelKn8LhabSoVrMlD1
+ch.			992	IN	DNSKEY	256 3 8 AwEAAcSLdT0fEmcFmLpeUkAJoeVaHKiu+nbuc43fWlqaCRVf8t2HA4uWxOk0O5ci9nrFTc8nq8oa5fk5Cj7CHh4yrX9qUCfTdIWTyp8BDEdJpS+Dyb0u9wQuVj+nQMj4fLzdQf4TJs3/qxuiLr3nL1UUwlhhXeqSqGVb7p3mtB5HJ8ad
+ch.			992	IN	RRSIG	DNSKEY 8 1 86400 20150127100909 20141212090909 46375 ch. bT8q0FWyeMH0SulNo6UdIIgZYNATwYsee2bikq2Gh339Bufma8eaqWIPYT3XKmxYPBFOw0bVl+kLZxTwbR1CFoCDXoP+qgQhh4mf9qkNiv2CDSc+0FE3FRREn+DAhYTUEuB58FPiPakFB8s8O7T+k2qhDae7jy4/y7Jl1lnjaBY8s7bzOUPhF0KKCNZmvoKwtL23ZdVeTSV1xM3jkiNnpzBKbcoSWECSGJVp1SE0BnRXdwQP41YTXFZ0310YjaTAUCC5qbMIWdEkHjfdSQtKBImnc85mkapq9w++XQ4zhauPWBtrPV3CcoCahjUaWdjrKVkibomlJZaN8MEO23CfQw==
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 893 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 52839
+;; flags: qr rd ra cd ; qd: 1 an: 3 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ingotronic.ch., type = DS, class = IN
+
+;; ANSWERS:
+ingotronic.ch.		3600	IN	DS	6031 5 2 4A948F2FDADA24686E473EDAC00DCF972584C75E3FAA92C2021B6221449FF87E
+ingotronic.ch.		3600	IN	DS	6031 5 1 733D0218B571CD617B1A7493564B9FC4F12ADE82
+ingotronic.ch.		3600	IN	RRSIG	DS 8 2 3600 20150129033614 20150105123019 60789 ch. rVPJP2HhzW7OkroK2axFj5Lb4iVWCH8Fp/Iq1rF952NDo72b8RiKje2RaAKJAGQ+wd0YgE+PAej04GCmkhlDJA/zvPeeTxuhy3HbJzReMlQ7fjyH+wW1hli+FuIYvogXWf7nO/9VyPORt8X/f/pjrOr3Vlj9sGLN8TGYpEuVSw4=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 288 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 34478
+;; flags: qr aa rd ra cd ; qd: 1 an: 4 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ingotronic.ch., type = DNSKEY, class = IN
+
+;; ANSWERS:
+ingotronic.ch.		300	IN	DNSKEY	256 3 5 AwEAAZ2Xh77GFzpEDx7EHYxShqltHgkiG+BOjBGifEmnJhQSdE5/yNSLFNcdhZZ8HUPxYnaedTqJcFFg4AzUsQklF/fECegTJdZjaj2WoL0/I8K7HMfY/hVuRZUWPNglYi8agJRX6gdkFTCpUNI7stpgKqxtzUJhhw15uG/lKMplwqUr
+ingotronic.ch.		300	IN	DNSKEY	257 3 5 AwEAAeA1vzmjaB+eBAcvhzpKEgAEFpvQ1rg4uKDW6MsQtacKoqBpgyep2+LuWotz5p/xYxj3NGsArwN8Ad5cY0FHRr8miTT0elOv6nvlqGIfRuhj/BXAQ1x4ihpSFslHw0lJMYFwxsUZWpUyjWX/nv1xRZMMwF46gui0N4OEbyTYusCk77D+A71k+K0EAitFIbIH4GCUKmH1H7HmXhSVH9bN/n7KEGwW32lmsuuUcJoRKDkcUvbMXY/9Xoa2quERrUg/rBbDUHowRPjYDS5GzY1+f4YY8s40BufGiqyUTKKXL953MVFK8gmezXA0hbmrnZ7CBOw/7238mORAdzExaX8n7CE=
+ingotronic.ch.		300	IN	RRSIG	DNSKEY 5 2 300 20150125003700 20141226001657 6031 ingotronic.ch. rs1QlP2SlSpA2ELbzwg3DgWLzXWL3Lpv6CUJE2Q0qH2Zp7Qdy3cD+ZEtNh9v24Qv1M6JJ3zFt8mmZoCeW2ycuMbJCqBkW9CBuwF+VznZvZY2MxwPipvhvEEGP//0M8YAZJ66yQPDv3PTdAP8FYbIrJyvY44vwyncwbslpfHT9jAsrbfr3vuMuWps86dnP462q+0s1TxBfqi8mzo3gdavjHKWVNwohLahLKT+tWeu6DSzQv0YwMjwtkLgF7QRgx3ctIIkloOrnx9nHH1N6y+hxEB89fOlyVDjHhgL5uVtsD5fEdT0FJ2Gc/2nShEMMqIwr1/J9kUq1mNySff/uEe65Q==
+ingotronic.ch.		300	IN	RRSIG	DNSKEY 5 2 300 20150125003700 20141226001657 17430 ingotronic.ch. mEwZjhQqeWksWD0TCnNBrtce4YkWJL3edqL6PvAUu8Fn+Ih437kEs3+pqdkgRsdYQ9HW+lBm/8pWwJlNAv0bi9NykItXMwAUFtncgq+6Pnh3iAM972GXSa5VV4LcGQ5b8CBdHCHiEKDqyPv5Hr5QfYL/FQaWlcNRh4QZZlZNPFA=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 940 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 58519
+;; flags: qr aa rd ra cd ; qd: 1 an: 3 au: 0 ad: 1 
+;; QUESTIONS:
+;;	nsec3.ingotronic.ch., type = DS, class = IN
+
+;; ANSWERS:
+nsec3.ingotronic.ch.	300	IN	DS	16758 7 1 1720FF268E09A2CB63805EC8782D10AAD20E12A5
+nsec3.ingotronic.ch.	300	IN	DS	16758 7 2 3C8DC02750A1636F829B45D6E6D642866768A9CD40A013AD9D25AB63734FFA13
+nsec3.ingotronic.ch.	300	IN	RRSIG	DS 5 3 300 20150125011134 20141226002644 17430 ingotronic.ch. hNurzlGhlyHbSgezPDuhIrtN9ZMsMXZbKGc7HD5rUuM88wD3fM97NxdzF+2Hi1USvBZ5GsQv63L+lAzf+mFPBoPIFHtTiAv8up7kQKRKmi/EzzkCYd/CC4UYdDZbaUyv7esh7spSOGwjPJNdK831p+MgltoWaYtnSGVMgOKk5mc=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 305 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 59867
+;; flags: qr aa rd ra cd ; qd: 1 an: 4 au: 0 ad: 1 
+;; QUESTIONS:
+;;	nsec3.ingotronic.ch., type = DNSKEY, class = IN
+
+;; ANSWERS:
+nsec3.ingotronic.ch.	300	IN	DNSKEY	256 3 7 AwEAAccAWxkTVGZ6UAp0VEozAlYpARhbh6Y6tYOl6Fg3UeBNFFtDQ9fTEEt1NkbnR9u8KkpVN6a67avlYiUN1egDqEwzDU7R1Rw+/USdhm2hqOARmmu3DBgjjX/iXjZLyv310cOGFJZ/smcodlDL4pDAAoPxh/qs6KEBaT0sc1KWcGq3
+nsec3.ingotronic.ch.	300	IN	DNSKEY	257 3 7 AwEAAaBuJTf9oGyeTH3biUkAFLrsYrkodX1H7Snsui4XsDHFCBvs5XYacHbs0Jg0/O51KPjmNnjwMW8SSyDkKqYQ+9uYAf2EQ/pnD/VGQqnV2cw0Vwk/t0E2V4FUCju4pnAoyzZFZXGs1eWbX9JXu++b0Azp+ACq6485qJLzHhWDiIrPoK/SvdbFVRK4s+nPPJLH3NGBbtdz6kPq7aFWYBMoGeAZdN1wsQpcNWUo5eOmaJY53nMc7+rDpAyYlMe/FKwSZdX2ZDd63Qsa6Im4FVUJq/nWLq7tlQ/mWks15uDTQyJy/OWfA0ICCO4N9Fel9rThJNpJWEzOCblvZyBoy405kZk=
+nsec3.ingotronic.ch.	300	IN	RRSIG	DNSKEY 7 3 300 20150125001457 20141226000444 16758 nsec3.ingotronic.ch. mXi1ylDi8XkRPup+YlT8GPdYE+P7gb6+/VdAwtodI916IzrkGkOHOTLbnrbAqqJOh0HxVCYXdxovmEcbJKUFKwplrQg3XD7/9Sq4pKU1MhMFEGrm/QPkM4u0mgjQwyToDLGuPHuFyur3FSjO/n54uGhAEft9JOFk/WKtWdCnm2LLyQrpC6herA3efFaI8kZhdoEY02AwihWVJxHasmz7lOoKRgNrkfELU+fN4+V7ISsRfJMyZc6q5PuNeG6vFD0uNE8tpdLJCSMurKYVpelvYqzFIcRTYcIjXwmS+L3DGjupqWMzFZVmpQM62JG3KCCD0ffpnNb0nWoSoHwpSeh/3Q==
+nsec3.ingotronic.ch.	300	IN	RRSIG	DNSKEY 7 3 300 20150125001457 20141226000444 62417 nsec3.ingotronic.ch. PyCrf8T5dAfJzapb1p+kcTALPjDuD2niSaXXo0KeHAunT+6gJicLML2S/ZpiYr7X7Ma4Z0TYqE02qH6pcLYNnSgv9BE8sZO0nRtPekSyTy5nLi4hFADYhjb3UjaB85qmQZcqm64vC/CJhWO4t6Eixg/5MYALw+Qdy5Fo0qy/U5E=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 958 bytes
+
+###############################################
+
diff --git a/src/test/resources/recordings/org_xbill_DNS_dnssec_TestNonExistence/testSignedNodata_5 b/src/test/resources/recordings/org_xbill_DNS_dnssec_TestNonExistence/testSignedNodata_5
new file mode 100644
index 000000000..62cb0d755
--- /dev/null
+++ b/src/test/resources/recordings/org_xbill_DNS_dnssec_TestNonExistence/testSignedNodata_5
@@ -0,0 +1,120 @@
+#Date: 2015-01-06T22:34:43+01:00
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 47937
+;; flags: qr aa rd ra cd ; qd: 1 an: 0 au: 6 ad: 1 
+;; QUESTIONS:
+;;	b.d.ingotronic.ch., type = MX, class = IN
+
+;; ANSWERS:
+
+;; AUTHORITY RECORDS:
+ingotronic.ch.		300	IN	SOA	ns1.ingotronic.ch. admin.ingotronic.ch. 2013032762 300 60 864000 300
+ingotronic.ch.		300	IN	RRSIG	SOA 5 2 300 20150125021244 20141226011244 17430 ingotronic.ch. WDLpp9G0P/rlMBfpFn9sAfpEFoBnQfwyGSXbGCc/LG1FSkJoKLDQYDY696scLNsJgkrzZeJrl0oSSvA8AvRUhYRrmuqWMxTVFgYlRwPwqEMCKUqiVhKGVF4NYemoBiUQC4nJwBZd57xKCiF4AQ4CodBtiZxefJFAlTNE0g2yxtM=
+a.d.ingotronic.ch.	300	IN	NSEC	a.e.ingotronic.ch. A RRSIG NSEC
+a.d.ingotronic.ch.	300	IN	RRSIG	NSEC 5 4 300 20150125011134 20141226002644 17430 ingotronic.ch. Xlth6wbhlD20uaeZZWKeREQgQBsYN6ztO8zPCWCeklur7YQ3X3aZJGhiNqPPhrdP2g9VEadeFQjCI5eGslXFoJtRPqAVswbk2K0wD8NSeoKRAXhW3N91AQodcalgOhiX5yuqST6gLxJl3WXgwUDvco+JvrfSFWV8FLwZ3RQ/26U=
+*.d.ingotronic.ch.	300	IN	NSEC	a.d.ingotronic.ch. A RRSIG NSEC
+*.d.ingotronic.ch.	300	IN	RRSIG	NSEC 5 3 300 20150125012443 20141226010256 17430 ingotronic.ch. CYABmp/vM/1o6z+h7pehEcE6wLRMeRBmWuVD0f2f+nynCX/DQyncjlyDcBc1SiQBuz5BQQz6fN8/vHjpAQXDpdOpftz/YLMME29g87c9APFRzhcU3imp87hFUKyaTBJ4VD9oLZ7NcTvsSnbvnn4pykZTUVI87jIt13zQuAdBPTs=
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 693 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 2900
+;; flags: qr rd ra ad cd ; qd: 1 an: 4 au: 0 ad: 1 
+;; QUESTIONS:
+;;	., type = DNSKEY, class = IN
+
+;; ANSWERS:
+.			87390	IN	DNSKEY	256 3 8 AwEAAaPD7Y7XIi1MOEREJNTrRhyqsY3gff6JWzg+XCbqut1sbcbvqyssHw8DT1AkRaAC92pO8xuyq5QEgEPL1IHfABLwpwXI5gTj4gdwi86bpkmlWs9fRpnn4DPDCTdrnxIejJXgClHikLJF3u3CdpNCMijq4CKdQbMlRZ3avv+G7rh7
+.			87390	IN	DNSKEY	256 3 8 AwEAAe3fSrbLBy3LOS7pnxEUhvPZTE2H5dIGsI/UfruI/nOEvWWa/PSX2BFedBkEqOlYdjdNF2f+6lmfk2Od/xu0v5bVqxFE+/24v3hZSlWBxvXzPTAGHrbW/IJYEPqlzVOAS4XdUgHg0N7IbLywNHMvB+Yf+Nm6ctyXXFLV4WTNnzs7
+.			87390	IN	DNSKEY	257 3 8 AwEAAagAIKlVZrpC6Ia7gEzahOR+9W29euxhJhVVLOyQbSEW0O8gcCjFFVQUTf6v58fLjwBd0YI0EzrAcQqBGCzh/RStIoO8g0NfnfL2MTJRkxoXbfDaUeVPQuYEhg37NZWAJQ9VnMVDxP/VHL496M/QZxkjf5/Efucp2gaDX6RS6CXpoY68LsvPVjR0ZSwzz1apAzvN9dlzEheX7ICJBBtuA6G3LQpzW5hOA2hzCTMjJPJ8LbqF6dsV6DoBQzgul0sGIcGOYl7OyQdXfZ57relSQageu+ipAdTTJ25AsRTAoub8ONGcLmqrAmRLKBP1dfwhYB4N7knNnulqQxA+Uk1ihz0=
+.			87390	IN	RRSIG	DNSKEY 8 0 172800 20150115235959 20150101000000 19036 . i8cAxD2pvQi1oAyvQxRpDfFlbqPzW+69QQEsDwE1eWOm5AtawO9U7lmsGps7sy/fVNvl1ljKBj4Djp9pb3U2FLogjiIlW0cDAkPmLlG9t+b/pjEfBNlhjANUVN06pvQVAfm+LcF26EaWT6FlISBqb6jSy4BHRa3Bdc4Sx7+pRSYSqVVvYxLkfAWsKPqGkvWhebJDndJJV9syXQXgZ+v/uJ+6XOS43xkAdeL8iBzIs/FlwMTfh3tVe3d0lb65IBBLlCzeQuetX+0Vu1YFcnD0mHc/wS2ZnAV5toAFmyVQBoY/XAZiZeaOkcROJ6Zmqezy7liwK7BqsYyAZntMhk8lbg==
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 883 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 63505
+;; flags: qr rd ra ad cd ; qd: 1 an: 2 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ch., type = DS, class = IN
+
+;; ANSWERS:
+ch.			990	IN	DS	46375 8 2 8F96646FC68BB7E4AF4C0750A6096FBC0D4ECDA3D3FA6DA06FDDB42EE50C6CF3
+ch.			990	IN	RRSIG	DS 8 1 86400 20150112170000 20150105160000 16665 . thY7xYWBBxiBjqbQIb9fAG4TmQgnziwM7q6P1T3/ITxmECdvOCQnnZA3uD7qmN8uM0HudsD7+y+zgD3rsH4RSTKdL4kHSI0OnCxToMTvklghEgFDezqIRm8NkWdI2H4Stwrj20nYKSpLQxPI2EE54gs18P3KyO8bAUYv8Qx73xU=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 238 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 45285
+;; flags: qr rd ra ad cd ; qd: 1 an: 4 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ch., type = DNSKEY, class = IN
+
+;; ANSWERS:
+ch.			991	IN	DNSKEY	257 3 8 AwEAAb7GhhZ8IAy/AhwmSms5DeQK5ad09wIIplEpYoiAIYXPtJvT1ReFzyfTp/2YP+g/PWDwHPh4qKAHa9x0VgbIQcGAeNakmfkAdWEmCnca323/SAml3mwfaX62G7/uYWae5zh8QTxZKNd+K1yZ5x0IxnI31chSl5xymRbTEHYZDKwSIRFM3fTxUMt93WFaBVWELReYotJBr++rvAWdnlay5TPBTvheLBkaiqtgM4GP8HK07Y+86lsZnEsj5K3G1KTV5SPpa82rqYAwxG9VKbmSE/6/kBR5jJHjt1rRt5Oe7v18aEtw0YCEN4vxq+KuvMoNVqXUsE9LBwHJD+QNwi6wmB0=
+ch.			991	IN	DNSKEY	256 3 8 AwEAAcsg0kY6fw1wzYMhSAKTy+Y2JzAst66P/1odp9NECJJHbU8f4nwziI3onoFSBV0ZiSZhY1aH5dhdDZ7BkrqhVXSrZPAz0CvzjIxmB1gSOf9DeZvjQvoy97HqYolxsf+B3QQv2RKBT67elF5+JisKg3/dQISelKn8LhabSoVrMlD1
+ch.			991	IN	DNSKEY	256 3 8 AwEAAcSLdT0fEmcFmLpeUkAJoeVaHKiu+nbuc43fWlqaCRVf8t2HA4uWxOk0O5ci9nrFTc8nq8oa5fk5Cj7CHh4yrX9qUCfTdIWTyp8BDEdJpS+Dyb0u9wQuVj+nQMj4fLzdQf4TJs3/qxuiLr3nL1UUwlhhXeqSqGVb7p3mtB5HJ8ad
+ch.			991	IN	RRSIG	DNSKEY 8 1 86400 20150127100909 20141212090909 46375 ch. bT8q0FWyeMH0SulNo6UdIIgZYNATwYsee2bikq2Gh339Bufma8eaqWIPYT3XKmxYPBFOw0bVl+kLZxTwbR1CFoCDXoP+qgQhh4mf9qkNiv2CDSc+0FE3FRREn+DAhYTUEuB58FPiPakFB8s8O7T+k2qhDae7jy4/y7Jl1lnjaBY8s7bzOUPhF0KKCNZmvoKwtL23ZdVeTSV1xM3jkiNnpzBKbcoSWECSGJVp1SE0BnRXdwQP41YTXFZ0310YjaTAUCC5qbMIWdEkHjfdSQtKBImnc85mkapq9w++XQ4zhauPWBtrPV3CcoCahjUaWdjrKVkibomlJZaN8MEO23CfQw==
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 893 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 40411
+;; flags: qr rd ra cd ; qd: 1 an: 3 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ingotronic.ch., type = DS, class = IN
+
+;; ANSWERS:
+ingotronic.ch.		3599	IN	DS	6031 5 1 733D0218B571CD617B1A7493564B9FC4F12ADE82
+ingotronic.ch.		3599	IN	DS	6031 5 2 4A948F2FDADA24686E473EDAC00DCF972584C75E3FAA92C2021B6221449FF87E
+ingotronic.ch.		3599	IN	RRSIG	DS 8 2 3600 20150129033614 20150105123019 60789 ch. rVPJP2HhzW7OkroK2axFj5Lb4iVWCH8Fp/Iq1rF952NDo72b8RiKje2RaAKJAGQ+wd0YgE+PAej04GCmkhlDJA/zvPeeTxuhy3HbJzReMlQ7fjyH+wW1hli+FuIYvogXWf7nO/9VyPORt8X/f/pjrOr3Vlj9sGLN8TGYpEuVSw4=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 288 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 9413
+;; flags: qr aa rd ra cd ; qd: 1 an: 4 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ingotronic.ch., type = DNSKEY, class = IN
+
+;; ANSWERS:
+ingotronic.ch.		300	IN	DNSKEY	256 3 5 AwEAAZ2Xh77GFzpEDx7EHYxShqltHgkiG+BOjBGifEmnJhQSdE5/yNSLFNcdhZZ8HUPxYnaedTqJcFFg4AzUsQklF/fECegTJdZjaj2WoL0/I8K7HMfY/hVuRZUWPNglYi8agJRX6gdkFTCpUNI7stpgKqxtzUJhhw15uG/lKMplwqUr
+ingotronic.ch.		300	IN	DNSKEY	257 3 5 AwEAAeA1vzmjaB+eBAcvhzpKEgAEFpvQ1rg4uKDW6MsQtacKoqBpgyep2+LuWotz5p/xYxj3NGsArwN8Ad5cY0FHRr8miTT0elOv6nvlqGIfRuhj/BXAQ1x4ihpSFslHw0lJMYFwxsUZWpUyjWX/nv1xRZMMwF46gui0N4OEbyTYusCk77D+A71k+K0EAitFIbIH4GCUKmH1H7HmXhSVH9bN/n7KEGwW32lmsuuUcJoRKDkcUvbMXY/9Xoa2quERrUg/rBbDUHowRPjYDS5GzY1+f4YY8s40BufGiqyUTKKXL953MVFK8gmezXA0hbmrnZ7CBOw/7238mORAdzExaX8n7CE=
+ingotronic.ch.		300	IN	RRSIG	DNSKEY 5 2 300 20150125003700 20141226001657 6031 ingotronic.ch. rs1QlP2SlSpA2ELbzwg3DgWLzXWL3Lpv6CUJE2Q0qH2Zp7Qdy3cD+ZEtNh9v24Qv1M6JJ3zFt8mmZoCeW2ycuMbJCqBkW9CBuwF+VznZvZY2MxwPipvhvEEGP//0M8YAZJ66yQPDv3PTdAP8FYbIrJyvY44vwyncwbslpfHT9jAsrbfr3vuMuWps86dnP462q+0s1TxBfqi8mzo3gdavjHKWVNwohLahLKT+tWeu6DSzQv0YwMjwtkLgF7QRgx3ctIIkloOrnx9nHH1N6y+hxEB89fOlyVDjHhgL5uVtsD5fEdT0FJ2Gc/2nShEMMqIwr1/J9kUq1mNySff/uEe65Q==
+ingotronic.ch.		300	IN	RRSIG	DNSKEY 5 2 300 20150125003700 20141226001657 17430 ingotronic.ch. mEwZjhQqeWksWD0TCnNBrtce4YkWJL3edqL6PvAUu8Fn+Ih437kEs3+pqdkgRsdYQ9HW+lBm/8pWwJlNAv0bi9NykItXMwAUFtncgq+6Pnh3iAM972GXSa5VV4LcGQ5b8CBdHCHiEKDqyPv5Hr5QfYL/FQaWlcNRh4QZZlZNPFA=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 940 bytes
+
+###############################################
+
diff --git a/src/test/resources/recordings/org_xbill_DNS_dnssec_TestNonExistence/testSignedNodata_6 b/src/test/resources/recordings/org_xbill_DNS_dnssec_TestNonExistence/testSignedNodata_6
new file mode 100644
index 000000000..2642d093f
--- /dev/null
+++ b/src/test/resources/recordings/org_xbill_DNS_dnssec_TestNonExistence/testSignedNodata_6
@@ -0,0 +1,161 @@
+#Date: 2015-01-06T22:34:42+01:00
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 55533
+;; flags: qr aa rd ra cd ; qd: 1 an: 0 au: 8 ad: 1 
+;; QUESTIONS:
+;;	b.d.nsec3.ingotronic.ch., type = MX, class = IN
+
+;; ANSWERS:
+
+;; AUTHORITY RECORDS:
+944O996IVI1HPK8C89UTQR054EFGQF8T.nsec3.ingotronic.ch.	300	IN	NSEC3	1 0 10 1234 BIKV50K9D505ABGB6K0F3JPQ62P5MGMI
+944O996IVI1HPK8C89UTQR054EFGQF8T.nsec3.ingotronic.ch.	300	IN	RRSIG	NSEC3 7 4 300 20150125000452 20141225235516 62417 nsec3.ingotronic.ch. ggw9BV94fHJY0yfaqkdoAbh5CZiU99hSi5Y22hccMNzh8wPffhH+wEyuTj9OwKpiw6HCX6wFIKniTxeLlUeTtHvreBBgiaAGPqvNDCzn4lAwsIMSd8P9+fmrChoioqqJ4sBhWUCHRfwg0qqzpRC/PhOGaa3/7XZwYpnK/vgu2og=
+810L2KR9HCVTELBLO8GQM0EMIM8KD01E.nsec3.ingotronic.ch.	300	IN	NSEC3	1 0 10 1234 8VOO8LLV6NQKGVAP6LG1M4QMLMOS8LMK CNAME RRSIG
+810L2KR9HCVTELBLO8GQM0EMIM8KD01E.nsec3.ingotronic.ch.	300	IN	RRSIG	NSEC3 7 4 300 20150125010458 20141226002309 62417 nsec3.ingotronic.ch. oVpQ8URiobH7xZcbioe1KuVi7wDEvJDLlS1vN4phMRXDhe8JwA6iGHi8jq+iOT4FkzhO9LTsFJJEI6Nj509+1X2zvRwAfYauanMdXog5vh5d7WF+/Q3LxbybKeol0HvIrJGXeoVnaFJAh8WvMWwnb1tM6mHp1GKtWoWiH8pv6+0=
+74SO0776K6C87EPASDU8QK8SROIK00KK.nsec3.ingotronic.ch.	300	IN	NSEC3	1 0 10 1234 7L2K0NAC88UN3IJV0404HF7PM543BN3F A RRSIG
+74SO0776K6C87EPASDU8QK8SROIK00KK.nsec3.ingotronic.ch.	300	IN	RRSIG	NSEC3 7 4 300 20150125001457 20141226000444 62417 nsec3.ingotronic.ch. LgiRXOhpvpRNy0EsyYBIIjHyl8J32vg+EqLB2BMsfxWO311YP3lME0gp8PN4p0Qo/ZIE1Q/V+LFElSSvwroBsIB+/qFjdf4tj022dRDxvkRdEPgo6oO/xqK1rTOUkvPZRfpHuhZbZ0m/j8v2+RyfPLrM2x3ebzcSNT6tDIpL6+A=
+nsec3.ingotronic.ch.	300	IN	SOA	ns1.ingotronic.ch. admin.ingotronic.ch. 2013032932 300 60 864000 300
+nsec3.ingotronic.ch.	300	IN	RRSIG	SOA 7 3 300 20150201003516 20150101233516 62417 nsec3.ingotronic.ch. RMXaAZCkydysBpA4+LWD2frs4CZH2FBxafAolq7MOG62Sw3ellwNcSIh2naMasviin2DU2BAzIYyFUqKJDbUqzTxZQjsM6d5LtgFy5iTNmWum6FnFP5Fz73Zs/9Q0LNEstR82MRRL8EDElADhFySAReavyT/vlSTScQGxx6slyQ=
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 1049 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 56181
+;; flags: qr rd ra ad cd ; qd: 1 an: 4 au: 0 ad: 1 
+;; QUESTIONS:
+;;	., type = DNSKEY, class = IN
+
+;; ANSWERS:
+.			87391	IN	DNSKEY	256 3 8 AwEAAaPD7Y7XIi1MOEREJNTrRhyqsY3gff6JWzg+XCbqut1sbcbvqyssHw8DT1AkRaAC92pO8xuyq5QEgEPL1IHfABLwpwXI5gTj4gdwi86bpkmlWs9fRpnn4DPDCTdrnxIejJXgClHikLJF3u3CdpNCMijq4CKdQbMlRZ3avv+G7rh7
+.			87391	IN	DNSKEY	256 3 8 AwEAAe3fSrbLBy3LOS7pnxEUhvPZTE2H5dIGsI/UfruI/nOEvWWa/PSX2BFedBkEqOlYdjdNF2f+6lmfk2Od/xu0v5bVqxFE+/24v3hZSlWBxvXzPTAGHrbW/IJYEPqlzVOAS4XdUgHg0N7IbLywNHMvB+Yf+Nm6ctyXXFLV4WTNnzs7
+.			87391	IN	DNSKEY	257 3 8 AwEAAagAIKlVZrpC6Ia7gEzahOR+9W29euxhJhVVLOyQbSEW0O8gcCjFFVQUTf6v58fLjwBd0YI0EzrAcQqBGCzh/RStIoO8g0NfnfL2MTJRkxoXbfDaUeVPQuYEhg37NZWAJQ9VnMVDxP/VHL496M/QZxkjf5/Efucp2gaDX6RS6CXpoY68LsvPVjR0ZSwzz1apAzvN9dlzEheX7ICJBBtuA6G3LQpzW5hOA2hzCTMjJPJ8LbqF6dsV6DoBQzgul0sGIcGOYl7OyQdXfZ57relSQageu+ipAdTTJ25AsRTAoub8ONGcLmqrAmRLKBP1dfwhYB4N7knNnulqQxA+Uk1ihz0=
+.			87391	IN	RRSIG	DNSKEY 8 0 172800 20150115235959 20150101000000 19036 . i8cAxD2pvQi1oAyvQxRpDfFlbqPzW+69QQEsDwE1eWOm5AtawO9U7lmsGps7sy/fVNvl1ljKBj4Djp9pb3U2FLogjiIlW0cDAkPmLlG9t+b/pjEfBNlhjANUVN06pvQVAfm+LcF26EaWT6FlISBqb6jSy4BHRa3Bdc4Sx7+pRSYSqVVvYxLkfAWsKPqGkvWhebJDndJJV9syXQXgZ+v/uJ+6XOS43xkAdeL8iBzIs/FlwMTfh3tVe3d0lb65IBBLlCzeQuetX+0Vu1YFcnD0mHc/wS2ZnAV5toAFmyVQBoY/XAZiZeaOkcROJ6Zmqezy7liwK7BqsYyAZntMhk8lbg==
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 883 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 48499
+;; flags: qr rd ra ad cd ; qd: 1 an: 2 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ch., type = DS, class = IN
+
+;; ANSWERS:
+ch.			991	IN	DS	46375 8 2 8F96646FC68BB7E4AF4C0750A6096FBC0D4ECDA3D3FA6DA06FDDB42EE50C6CF3
+ch.			991	IN	RRSIG	DS 8 1 86400 20150112170000 20150105160000 16665 . thY7xYWBBxiBjqbQIb9fAG4TmQgnziwM7q6P1T3/ITxmECdvOCQnnZA3uD7qmN8uM0HudsD7+y+zgD3rsH4RSTKdL4kHSI0OnCxToMTvklghEgFDezqIRm8NkWdI2H4Stwrj20nYKSpLQxPI2EE54gs18P3KyO8bAUYv8Qx73xU=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 238 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 22381
+;; flags: qr rd ra ad cd ; qd: 1 an: 4 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ch., type = DNSKEY, class = IN
+
+;; ANSWERS:
+ch.			992	IN	DNSKEY	256 3 8 AwEAAcSLdT0fEmcFmLpeUkAJoeVaHKiu+nbuc43fWlqaCRVf8t2HA4uWxOk0O5ci9nrFTc8nq8oa5fk5Cj7CHh4yrX9qUCfTdIWTyp8BDEdJpS+Dyb0u9wQuVj+nQMj4fLzdQf4TJs3/qxuiLr3nL1UUwlhhXeqSqGVb7p3mtB5HJ8ad
+ch.			992	IN	DNSKEY	257 3 8 AwEAAb7GhhZ8IAy/AhwmSms5DeQK5ad09wIIplEpYoiAIYXPtJvT1ReFzyfTp/2YP+g/PWDwHPh4qKAHa9x0VgbIQcGAeNakmfkAdWEmCnca323/SAml3mwfaX62G7/uYWae5zh8QTxZKNd+K1yZ5x0IxnI31chSl5xymRbTEHYZDKwSIRFM3fTxUMt93WFaBVWELReYotJBr++rvAWdnlay5TPBTvheLBkaiqtgM4GP8HK07Y+86lsZnEsj5K3G1KTV5SPpa82rqYAwxG9VKbmSE/6/kBR5jJHjt1rRt5Oe7v18aEtw0YCEN4vxq+KuvMoNVqXUsE9LBwHJD+QNwi6wmB0=
+ch.			992	IN	DNSKEY	256 3 8 AwEAAcsg0kY6fw1wzYMhSAKTy+Y2JzAst66P/1odp9NECJJHbU8f4nwziI3onoFSBV0ZiSZhY1aH5dhdDZ7BkrqhVXSrZPAz0CvzjIxmB1gSOf9DeZvjQvoy97HqYolxsf+B3QQv2RKBT67elF5+JisKg3/dQISelKn8LhabSoVrMlD1
+ch.			992	IN	RRSIG	DNSKEY 8 1 86400 20150127100909 20141212090909 46375 ch. bT8q0FWyeMH0SulNo6UdIIgZYNATwYsee2bikq2Gh339Bufma8eaqWIPYT3XKmxYPBFOw0bVl+kLZxTwbR1CFoCDXoP+qgQhh4mf9qkNiv2CDSc+0FE3FRREn+DAhYTUEuB58FPiPakFB8s8O7T+k2qhDae7jy4/y7Jl1lnjaBY8s7bzOUPhF0KKCNZmvoKwtL23ZdVeTSV1xM3jkiNnpzBKbcoSWECSGJVp1SE0BnRXdwQP41YTXFZ0310YjaTAUCC5qbMIWdEkHjfdSQtKBImnc85mkapq9w++XQ4zhauPWBtrPV3CcoCahjUaWdjrKVkibomlJZaN8MEO23CfQw==
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 893 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 58697
+;; flags: qr rd ra cd ; qd: 1 an: 3 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ingotronic.ch., type = DS, class = IN
+
+;; ANSWERS:
+ingotronic.ch.		3600	IN	DS	6031 5 1 733D0218B571CD617B1A7493564B9FC4F12ADE82
+ingotronic.ch.		3600	IN	DS	6031 5 2 4A948F2FDADA24686E473EDAC00DCF972584C75E3FAA92C2021B6221449FF87E
+ingotronic.ch.		3600	IN	RRSIG	DS 8 2 3600 20150129033614 20150105123019 60789 ch. rVPJP2HhzW7OkroK2axFj5Lb4iVWCH8Fp/Iq1rF952NDo72b8RiKje2RaAKJAGQ+wd0YgE+PAej04GCmkhlDJA/zvPeeTxuhy3HbJzReMlQ7fjyH+wW1hli+FuIYvogXWf7nO/9VyPORt8X/f/pjrOr3Vlj9sGLN8TGYpEuVSw4=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 288 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 15181
+;; flags: qr aa rd ra cd ; qd: 1 an: 4 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ingotronic.ch., type = DNSKEY, class = IN
+
+;; ANSWERS:
+ingotronic.ch.		300	IN	DNSKEY	256 3 5 AwEAAZ2Xh77GFzpEDx7EHYxShqltHgkiG+BOjBGifEmnJhQSdE5/yNSLFNcdhZZ8HUPxYnaedTqJcFFg4AzUsQklF/fECegTJdZjaj2WoL0/I8K7HMfY/hVuRZUWPNglYi8agJRX6gdkFTCpUNI7stpgKqxtzUJhhw15uG/lKMplwqUr
+ingotronic.ch.		300	IN	DNSKEY	257 3 5 AwEAAeA1vzmjaB+eBAcvhzpKEgAEFpvQ1rg4uKDW6MsQtacKoqBpgyep2+LuWotz5p/xYxj3NGsArwN8Ad5cY0FHRr8miTT0elOv6nvlqGIfRuhj/BXAQ1x4ihpSFslHw0lJMYFwxsUZWpUyjWX/nv1xRZMMwF46gui0N4OEbyTYusCk77D+A71k+K0EAitFIbIH4GCUKmH1H7HmXhSVH9bN/n7KEGwW32lmsuuUcJoRKDkcUvbMXY/9Xoa2quERrUg/rBbDUHowRPjYDS5GzY1+f4YY8s40BufGiqyUTKKXL953MVFK8gmezXA0hbmrnZ7CBOw/7238mORAdzExaX8n7CE=
+ingotronic.ch.		300	IN	RRSIG	DNSKEY 5 2 300 20150125003700 20141226001657 6031 ingotronic.ch. rs1QlP2SlSpA2ELbzwg3DgWLzXWL3Lpv6CUJE2Q0qH2Zp7Qdy3cD+ZEtNh9v24Qv1M6JJ3zFt8mmZoCeW2ycuMbJCqBkW9CBuwF+VznZvZY2MxwPipvhvEEGP//0M8YAZJ66yQPDv3PTdAP8FYbIrJyvY44vwyncwbslpfHT9jAsrbfr3vuMuWps86dnP462q+0s1TxBfqi8mzo3gdavjHKWVNwohLahLKT+tWeu6DSzQv0YwMjwtkLgF7QRgx3ctIIkloOrnx9nHH1N6y+hxEB89fOlyVDjHhgL5uVtsD5fEdT0FJ2Gc/2nShEMMqIwr1/J9kUq1mNySff/uEe65Q==
+ingotronic.ch.		300	IN	RRSIG	DNSKEY 5 2 300 20150125003700 20141226001657 17430 ingotronic.ch. mEwZjhQqeWksWD0TCnNBrtce4YkWJL3edqL6PvAUu8Fn+Ih437kEs3+pqdkgRsdYQ9HW+lBm/8pWwJlNAv0bi9NykItXMwAUFtncgq+6Pnh3iAM972GXSa5VV4LcGQ5b8CBdHCHiEKDqyPv5Hr5QfYL/FQaWlcNRh4QZZlZNPFA=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 940 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 40988
+;; flags: qr aa rd ra cd ; qd: 1 an: 3 au: 0 ad: 1 
+;; QUESTIONS:
+;;	nsec3.ingotronic.ch., type = DS, class = IN
+
+;; ANSWERS:
+nsec3.ingotronic.ch.	300	IN	DS	16758 7 1 1720FF268E09A2CB63805EC8782D10AAD20E12A5
+nsec3.ingotronic.ch.	300	IN	DS	16758 7 2 3C8DC02750A1636F829B45D6E6D642866768A9CD40A013AD9D25AB63734FFA13
+nsec3.ingotronic.ch.	300	IN	RRSIG	DS 5 3 300 20150125011134 20141226002644 17430 ingotronic.ch. hNurzlGhlyHbSgezPDuhIrtN9ZMsMXZbKGc7HD5rUuM88wD3fM97NxdzF+2Hi1USvBZ5GsQv63L+lAzf+mFPBoPIFHtTiAv8up7kQKRKmi/EzzkCYd/CC4UYdDZbaUyv7esh7spSOGwjPJNdK831p+MgltoWaYtnSGVMgOKk5mc=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 305 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 13710
+;; flags: qr aa rd ra cd ; qd: 1 an: 4 au: 0 ad: 1 
+;; QUESTIONS:
+;;	nsec3.ingotronic.ch., type = DNSKEY, class = IN
+
+;; ANSWERS:
+nsec3.ingotronic.ch.	300	IN	DNSKEY	256 3 7 AwEAAccAWxkTVGZ6UAp0VEozAlYpARhbh6Y6tYOl6Fg3UeBNFFtDQ9fTEEt1NkbnR9u8KkpVN6a67avlYiUN1egDqEwzDU7R1Rw+/USdhm2hqOARmmu3DBgjjX/iXjZLyv310cOGFJZ/smcodlDL4pDAAoPxh/qs6KEBaT0sc1KWcGq3
+nsec3.ingotronic.ch.	300	IN	DNSKEY	257 3 7 AwEAAaBuJTf9oGyeTH3biUkAFLrsYrkodX1H7Snsui4XsDHFCBvs5XYacHbs0Jg0/O51KPjmNnjwMW8SSyDkKqYQ+9uYAf2EQ/pnD/VGQqnV2cw0Vwk/t0E2V4FUCju4pnAoyzZFZXGs1eWbX9JXu++b0Azp+ACq6485qJLzHhWDiIrPoK/SvdbFVRK4s+nPPJLH3NGBbtdz6kPq7aFWYBMoGeAZdN1wsQpcNWUo5eOmaJY53nMc7+rDpAyYlMe/FKwSZdX2ZDd63Qsa6Im4FVUJq/nWLq7tlQ/mWks15uDTQyJy/OWfA0ICCO4N9Fel9rThJNpJWEzOCblvZyBoy405kZk=
+nsec3.ingotronic.ch.	300	IN	RRSIG	DNSKEY 7 3 300 20150125001457 20141226000444 16758 nsec3.ingotronic.ch. mXi1ylDi8XkRPup+YlT8GPdYE+P7gb6+/VdAwtodI916IzrkGkOHOTLbnrbAqqJOh0HxVCYXdxovmEcbJKUFKwplrQg3XD7/9Sq4pKU1MhMFEGrm/QPkM4u0mgjQwyToDLGuPHuFyur3FSjO/n54uGhAEft9JOFk/WKtWdCnm2LLyQrpC6herA3efFaI8kZhdoEY02AwihWVJxHasmz7lOoKRgNrkfELU+fN4+V7ISsRfJMyZc6q5PuNeG6vFD0uNE8tpdLJCSMurKYVpelvYqzFIcRTYcIjXwmS+L3DGjupqWMzFZVmpQM62JG3KCCD0ffpnNb0nWoSoHwpSeh/3Q==
+nsec3.ingotronic.ch.	300	IN	RRSIG	DNSKEY 7 3 300 20150125001457 20141226000444 62417 nsec3.ingotronic.ch. PyCrf8T5dAfJzapb1p+kcTALPjDuD2niSaXXo0KeHAunT+6gJicLML2S/ZpiYr7X7Ma4Z0TYqE02qH6pcLYNnSgv9BE8sZO0nRtPekSyTy5nLi4hFADYhjb3UjaB85qmQZcqm64vC/CJhWO4t6Eixg/5MYALw+Qdy5Fo0qy/U5E=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 958 bytes
+
+###############################################
+
diff --git a/src/test/resources/recordings/org_xbill_DNS_dnssec_TestNsec3ValUtils/testInvalidIterationCountMarksInsecure b/src/test/resources/recordings/org_xbill_DNS_dnssec_TestNsec3ValUtils/testInvalidIterationCountMarksInsecure
new file mode 100644
index 000000000..120484232
--- /dev/null
+++ b/src/test/resources/recordings/org_xbill_DNS_dnssec_TestNsec3ValUtils/testInvalidIterationCountMarksInsecure
@@ -0,0 +1,161 @@
+#Date: 2015-01-06T22:35:30+01:00
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 55905
+;; flags: qr aa rd ra cd ; qd: 1 an: 2 au: 4 ad: 3 
+;; QUESTIONS:
+;;	www.wc.nsec3.ingotronic.ch., type = A, class = IN
+
+;; ANSWERS:
+www.wc.nsec3.ingotronic.ch.	300	IN	A	127.0.0.2
+www.wc.nsec3.ingotronic.ch.	300	IN	RRSIG	A 7 4 300 20150125011553 20141226004758 62417 nsec3.ingotronic.ch. dIDse8tpnBhl5X20CZ5c8rO8cuj9dKMeA/qiyQYEqEFp1QnnVawapqDh1pCrJhBxcKnT7THqKSP6XpDIQA70jcHSecAVRqBZBA2coWZTSOi3dnsARJfIueh8kpsmtYsn6ejuG+7sroQKH9Niu4xoi433ez7Anr9itet9kAP9dmA=
+
+;; AUTHORITY RECORDS:
+nsec3.ingotronic.ch.	300	IN	NS	ns1.ingotronic.ch.
+nsec3.ingotronic.ch.	300	IN	RRSIG	NS 7 3 300 20150125010458 20141226002309 62417 nsec3.ingotronic.ch. fl2Q0YQQ1TduolGLyQx8vGqSApoBbb6A+go5SLFBYQobrPfO/rb+SM8JvnlzNX/Xa7dRhDYrnfBTFUm1mCur9aIi34gu5UwDNQvt/GXY5dC3+DEy/28bTZ43UuCs+qGH9u9leFwGX4neFNl0s5B4RpxBN4is8dXMUvOda6QcsOw=
+2HKTRIEPNUPMRM91OD7L5M677RDC4DFD.nsec3.ingotronic.ch.	300	IN	NSEC3	1 0 10 1234 4FQSC7ORQNKH924CH6L2DOAISKM28080 CNAME RRSIG
+2HKTRIEPNUPMRM91OD7L5M677RDC4DFD.nsec3.ingotronic.ch.	300	IN	RRSIG	NSEC3 7 4 300 20150125011553 20141226004758 62417 nsec3.ingotronic.ch. BXhW2wGFkkGdsdGKqFMr9QqwGrtCA56D8CH/CKjOn51Udirm6asczVWIVStM0no1VIZNAa3oF6F/RzcDVKtkJTw4KHrSX5LHiWW19pyB1fql2krTQ3Zfr0mZsUb/JMf2/yPqXQu9QYN8XrlicZ60LwFWFRNO2gscMqgHnNtdidk=
+
+;; ADDITIONAL RECORDS:
+ns1.ingotronic.ch.	300	IN	A	62.192.5.131
+ns1.ingotronic.ch.	300	IN	RRSIG	A 5 3 300 20150125005754 20141226001054 17430 ingotronic.ch. fNG1RZM53pXwBxruHNaSZszxVzNLoCq8VZsTjAzYH2vSLzHXYVGJFTLIeY0K9APAdyJU8WuwmABmn7XY0Kg39kRG77uoFlqUws2PdTz2QKOwJGZY7W88Ak2Y9lkDBcK8o3wJHVptrT8R7p/1U7UfjF0kqPUkakk2B0EbFWdagFg=
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 896 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 7035
+;; flags: qr rd ra ad cd ; qd: 1 an: 4 au: 0 ad: 1 
+;; QUESTIONS:
+;;	., type = DNSKEY, class = IN
+
+;; ANSWERS:
+.			87343	IN	DNSKEY	257 3 8 AwEAAagAIKlVZrpC6Ia7gEzahOR+9W29euxhJhVVLOyQbSEW0O8gcCjFFVQUTf6v58fLjwBd0YI0EzrAcQqBGCzh/RStIoO8g0NfnfL2MTJRkxoXbfDaUeVPQuYEhg37NZWAJQ9VnMVDxP/VHL496M/QZxkjf5/Efucp2gaDX6RS6CXpoY68LsvPVjR0ZSwzz1apAzvN9dlzEheX7ICJBBtuA6G3LQpzW5hOA2hzCTMjJPJ8LbqF6dsV6DoBQzgul0sGIcGOYl7OyQdXfZ57relSQageu+ipAdTTJ25AsRTAoub8ONGcLmqrAmRLKBP1dfwhYB4N7knNnulqQxA+Uk1ihz0=
+.			87343	IN	DNSKEY	256 3 8 AwEAAaPD7Y7XIi1MOEREJNTrRhyqsY3gff6JWzg+XCbqut1sbcbvqyssHw8DT1AkRaAC92pO8xuyq5QEgEPL1IHfABLwpwXI5gTj4gdwi86bpkmlWs9fRpnn4DPDCTdrnxIejJXgClHikLJF3u3CdpNCMijq4CKdQbMlRZ3avv+G7rh7
+.			87343	IN	DNSKEY	256 3 8 AwEAAe3fSrbLBy3LOS7pnxEUhvPZTE2H5dIGsI/UfruI/nOEvWWa/PSX2BFedBkEqOlYdjdNF2f+6lmfk2Od/xu0v5bVqxFE+/24v3hZSlWBxvXzPTAGHrbW/IJYEPqlzVOAS4XdUgHg0N7IbLywNHMvB+Yf+Nm6ctyXXFLV4WTNnzs7
+.			87343	IN	RRSIG	DNSKEY 8 0 172800 20150115235959 20150101000000 19036 . i8cAxD2pvQi1oAyvQxRpDfFlbqPzW+69QQEsDwE1eWOm5AtawO9U7lmsGps7sy/fVNvl1ljKBj4Djp9pb3U2FLogjiIlW0cDAkPmLlG9t+b/pjEfBNlhjANUVN06pvQVAfm+LcF26EaWT6FlISBqb6jSy4BHRa3Bdc4Sx7+pRSYSqVVvYxLkfAWsKPqGkvWhebJDndJJV9syXQXgZ+v/uJ+6XOS43xkAdeL8iBzIs/FlwMTfh3tVe3d0lb65IBBLlCzeQuetX+0Vu1YFcnD0mHc/wS2ZnAV5toAFmyVQBoY/XAZiZeaOkcROJ6Zmqezy7liwK7BqsYyAZntMhk8lbg==
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 883 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 44863
+;; flags: qr rd ra ad cd ; qd: 1 an: 2 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ch., type = DS, class = IN
+
+;; ANSWERS:
+ch.			943	IN	DS	46375 8 2 8F96646FC68BB7E4AF4C0750A6096FBC0D4ECDA3D3FA6DA06FDDB42EE50C6CF3
+ch.			943	IN	RRSIG	DS 8 1 86400 20150112170000 20150105160000 16665 . thY7xYWBBxiBjqbQIb9fAG4TmQgnziwM7q6P1T3/ITxmECdvOCQnnZA3uD7qmN8uM0HudsD7+y+zgD3rsH4RSTKdL4kHSI0OnCxToMTvklghEgFDezqIRm8NkWdI2H4Stwrj20nYKSpLQxPI2EE54gs18P3KyO8bAUYv8Qx73xU=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 238 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 13081
+;; flags: qr rd ra ad cd ; qd: 1 an: 4 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ch., type = DNSKEY, class = IN
+
+;; ANSWERS:
+ch.			944	IN	DNSKEY	256 3 8 AwEAAcSLdT0fEmcFmLpeUkAJoeVaHKiu+nbuc43fWlqaCRVf8t2HA4uWxOk0O5ci9nrFTc8nq8oa5fk5Cj7CHh4yrX9qUCfTdIWTyp8BDEdJpS+Dyb0u9wQuVj+nQMj4fLzdQf4TJs3/qxuiLr3nL1UUwlhhXeqSqGVb7p3mtB5HJ8ad
+ch.			944	IN	DNSKEY	257 3 8 AwEAAb7GhhZ8IAy/AhwmSms5DeQK5ad09wIIplEpYoiAIYXPtJvT1ReFzyfTp/2YP+g/PWDwHPh4qKAHa9x0VgbIQcGAeNakmfkAdWEmCnca323/SAml3mwfaX62G7/uYWae5zh8QTxZKNd+K1yZ5x0IxnI31chSl5xymRbTEHYZDKwSIRFM3fTxUMt93WFaBVWELReYotJBr++rvAWdnlay5TPBTvheLBkaiqtgM4GP8HK07Y+86lsZnEsj5K3G1KTV5SPpa82rqYAwxG9VKbmSE/6/kBR5jJHjt1rRt5Oe7v18aEtw0YCEN4vxq+KuvMoNVqXUsE9LBwHJD+QNwi6wmB0=
+ch.			944	IN	DNSKEY	256 3 8 AwEAAcsg0kY6fw1wzYMhSAKTy+Y2JzAst66P/1odp9NECJJHbU8f4nwziI3onoFSBV0ZiSZhY1aH5dhdDZ7BkrqhVXSrZPAz0CvzjIxmB1gSOf9DeZvjQvoy97HqYolxsf+B3QQv2RKBT67elF5+JisKg3/dQISelKn8LhabSoVrMlD1
+ch.			944	IN	RRSIG	DNSKEY 8 1 86400 20150127100909 20141212090909 46375 ch. bT8q0FWyeMH0SulNo6UdIIgZYNATwYsee2bikq2Gh339Bufma8eaqWIPYT3XKmxYPBFOw0bVl+kLZxTwbR1CFoCDXoP+qgQhh4mf9qkNiv2CDSc+0FE3FRREn+DAhYTUEuB58FPiPakFB8s8O7T+k2qhDae7jy4/y7Jl1lnjaBY8s7bzOUPhF0KKCNZmvoKwtL23ZdVeTSV1xM3jkiNnpzBKbcoSWECSGJVp1SE0BnRXdwQP41YTXFZ0310YjaTAUCC5qbMIWdEkHjfdSQtKBImnc85mkapq9w++XQ4zhauPWBtrPV3CcoCahjUaWdjrKVkibomlJZaN8MEO23CfQw==
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 893 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 12443
+;; flags: qr rd ra cd ; qd: 1 an: 3 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ingotronic.ch., type = DS, class = IN
+
+;; ANSWERS:
+ingotronic.ch.		3552	IN	DS	6031 5 2 4A948F2FDADA24686E473EDAC00DCF972584C75E3FAA92C2021B6221449FF87E
+ingotronic.ch.		3552	IN	DS	6031 5 1 733D0218B571CD617B1A7493564B9FC4F12ADE82
+ingotronic.ch.		3552	IN	RRSIG	DS 8 2 3600 20150129033614 20150105123019 60789 ch. rVPJP2HhzW7OkroK2axFj5Lb4iVWCH8Fp/Iq1rF952NDo72b8RiKje2RaAKJAGQ+wd0YgE+PAej04GCmkhlDJA/zvPeeTxuhy3HbJzReMlQ7fjyH+wW1hli+FuIYvogXWf7nO/9VyPORt8X/f/pjrOr3Vlj9sGLN8TGYpEuVSw4=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 288 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 6113
+;; flags: qr aa rd ra cd ; qd: 1 an: 4 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ingotronic.ch., type = DNSKEY, class = IN
+
+;; ANSWERS:
+ingotronic.ch.		300	IN	DNSKEY	257 3 5 AwEAAeA1vzmjaB+eBAcvhzpKEgAEFpvQ1rg4uKDW6MsQtacKoqBpgyep2+LuWotz5p/xYxj3NGsArwN8Ad5cY0FHRr8miTT0elOv6nvlqGIfRuhj/BXAQ1x4ihpSFslHw0lJMYFwxsUZWpUyjWX/nv1xRZMMwF46gui0N4OEbyTYusCk77D+A71k+K0EAitFIbIH4GCUKmH1H7HmXhSVH9bN/n7KEGwW32lmsuuUcJoRKDkcUvbMXY/9Xoa2quERrUg/rBbDUHowRPjYDS5GzY1+f4YY8s40BufGiqyUTKKXL953MVFK8gmezXA0hbmrnZ7CBOw/7238mORAdzExaX8n7CE=
+ingotronic.ch.		300	IN	DNSKEY	256 3 5 AwEAAZ2Xh77GFzpEDx7EHYxShqltHgkiG+BOjBGifEmnJhQSdE5/yNSLFNcdhZZ8HUPxYnaedTqJcFFg4AzUsQklF/fECegTJdZjaj2WoL0/I8K7HMfY/hVuRZUWPNglYi8agJRX6gdkFTCpUNI7stpgKqxtzUJhhw15uG/lKMplwqUr
+ingotronic.ch.		300	IN	RRSIG	DNSKEY 5 2 300 20150125003700 20141226001657 6031 ingotronic.ch. rs1QlP2SlSpA2ELbzwg3DgWLzXWL3Lpv6CUJE2Q0qH2Zp7Qdy3cD+ZEtNh9v24Qv1M6JJ3zFt8mmZoCeW2ycuMbJCqBkW9CBuwF+VznZvZY2MxwPipvhvEEGP//0M8YAZJ66yQPDv3PTdAP8FYbIrJyvY44vwyncwbslpfHT9jAsrbfr3vuMuWps86dnP462q+0s1TxBfqi8mzo3gdavjHKWVNwohLahLKT+tWeu6DSzQv0YwMjwtkLgF7QRgx3ctIIkloOrnx9nHH1N6y+hxEB89fOlyVDjHhgL5uVtsD5fEdT0FJ2Gc/2nShEMMqIwr1/J9kUq1mNySff/uEe65Q==
+ingotronic.ch.		300	IN	RRSIG	DNSKEY 5 2 300 20150125003700 20141226001657 17430 ingotronic.ch. mEwZjhQqeWksWD0TCnNBrtce4YkWJL3edqL6PvAUu8Fn+Ih437kEs3+pqdkgRsdYQ9HW+lBm/8pWwJlNAv0bi9NykItXMwAUFtncgq+6Pnh3iAM972GXSa5VV4LcGQ5b8CBdHCHiEKDqyPv5Hr5QfYL/FQaWlcNRh4QZZlZNPFA=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 940 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 41147
+;; flags: qr aa rd ra cd ; qd: 1 an: 3 au: 0 ad: 1 
+;; QUESTIONS:
+;;	nsec3.ingotronic.ch., type = DS, class = IN
+
+;; ANSWERS:
+nsec3.ingotronic.ch.	300	IN	DS	16758 7 2 3C8DC02750A1636F829B45D6E6D642866768A9CD40A013AD9D25AB63734FFA13
+nsec3.ingotronic.ch.	300	IN	DS	16758 7 1 1720FF268E09A2CB63805EC8782D10AAD20E12A5
+nsec3.ingotronic.ch.	300	IN	RRSIG	DS 5 3 300 20150125011134 20141226002644 17430 ingotronic.ch. hNurzlGhlyHbSgezPDuhIrtN9ZMsMXZbKGc7HD5rUuM88wD3fM97NxdzF+2Hi1USvBZ5GsQv63L+lAzf+mFPBoPIFHtTiAv8up7kQKRKmi/EzzkCYd/CC4UYdDZbaUyv7esh7spSOGwjPJNdK831p+MgltoWaYtnSGVMgOKk5mc=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 305 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 28760
+;; flags: qr aa rd ra cd ; qd: 1 an: 4 au: 0 ad: 1 
+;; QUESTIONS:
+;;	nsec3.ingotronic.ch., type = DNSKEY, class = IN
+
+;; ANSWERS:
+nsec3.ingotronic.ch.	300	IN	DNSKEY	256 3 7 AwEAAccAWxkTVGZ6UAp0VEozAlYpARhbh6Y6tYOl6Fg3UeBNFFtDQ9fTEEt1NkbnR9u8KkpVN6a67avlYiUN1egDqEwzDU7R1Rw+/USdhm2hqOARmmu3DBgjjX/iXjZLyv310cOGFJZ/smcodlDL4pDAAoPxh/qs6KEBaT0sc1KWcGq3
+nsec3.ingotronic.ch.	300	IN	DNSKEY	257 3 7 AwEAAaBuJTf9oGyeTH3biUkAFLrsYrkodX1H7Snsui4XsDHFCBvs5XYacHbs0Jg0/O51KPjmNnjwMW8SSyDkKqYQ+9uYAf2EQ/pnD/VGQqnV2cw0Vwk/t0E2V4FUCju4pnAoyzZFZXGs1eWbX9JXu++b0Azp+ACq6485qJLzHhWDiIrPoK/SvdbFVRK4s+nPPJLH3NGBbtdz6kPq7aFWYBMoGeAZdN1wsQpcNWUo5eOmaJY53nMc7+rDpAyYlMe/FKwSZdX2ZDd63Qsa6Im4FVUJq/nWLq7tlQ/mWks15uDTQyJy/OWfA0ICCO4N9Fel9rThJNpJWEzOCblvZyBoy405kZk=
+nsec3.ingotronic.ch.	300	IN	RRSIG	DNSKEY 7 3 300 20150125001457 20141226000444 16758 nsec3.ingotronic.ch. mXi1ylDi8XkRPup+YlT8GPdYE+P7gb6+/VdAwtodI916IzrkGkOHOTLbnrbAqqJOh0HxVCYXdxovmEcbJKUFKwplrQg3XD7/9Sq4pKU1MhMFEGrm/QPkM4u0mgjQwyToDLGuPHuFyur3FSjO/n54uGhAEft9JOFk/WKtWdCnm2LLyQrpC6herA3efFaI8kZhdoEY02AwihWVJxHasmz7lOoKRgNrkfELU+fN4+V7ISsRfJMyZc6q5PuNeG6vFD0uNE8tpdLJCSMurKYVpelvYqzFIcRTYcIjXwmS+L3DGjupqWMzFZVmpQM62JG3KCCD0ffpnNb0nWoSoHwpSeh/3Q==
+nsec3.ingotronic.ch.	300	IN	RRSIG	DNSKEY 7 3 300 20150125001457 20141226000444 62417 nsec3.ingotronic.ch. PyCrf8T5dAfJzapb1p+kcTALPjDuD2niSaXXo0KeHAunT+6gJicLML2S/ZpiYr7X7Ma4Z0TYqE02qH6pcLYNnSgv9BE8sZO0nRtPekSyTy5nLi4hFADYhjb3UjaB85qmQZcqm64vC/CJhWO4t6Eixg/5MYALw+Qdy5Fo0qy/U5E=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 958 bytes
+
+###############################################
+
diff --git a/src/test/resources/recordings/org_xbill_DNS_dnssec_TestNsec3ValUtils/testNsec3ClosestEncloserIsDelegation b/src/test/resources/recordings/org_xbill_DNS_dnssec_TestNsec3ValUtils/testNsec3ClosestEncloserIsDelegation
new file mode 100644
index 000000000..c29d41842
--- /dev/null
+++ b/src/test/resources/recordings/org_xbill_DNS_dnssec_TestNsec3ValUtils/testNsec3ClosestEncloserIsDelegation
@@ -0,0 +1,535 @@
+#Date: 2015-01-06T22:35:28+01:00
+;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 4332
+;; flags: qr aa rd ra cd ; qd: 1 an: 0 au: 8 ad: 1 
+;; QUESTIONS:
+;;	9.nsec3.ingotronic.ch., type = A, class = IN
+
+;; ANSWERS:
+
+;; AUTHORITY RECORDS:
+nsec3.ingotronic.ch.	300	IN	SOA	ns1.ingotronic.ch. admin.ingotronic.ch. 2013032932 300 60 864000 300
+nsec3.ingotronic.ch.	300	IN	RRSIG	SOA 7 3 300 20150201003516 20150101233516 62417 nsec3.ingotronic.ch. RMXaAZCkydysBpA4+LWD2frs4CZH2FBxafAolq7MOG62Sw3ellwNcSIh2naMasviin2DU2BAzIYyFUqKJDbUqzTxZQjsM6d5LtgFy5iTNmWum6FnFP5Fz73Zs/9Q0LNEstR82MRRL8EDElADhFySAReavyT/vlSTScQGxx6slyQ=
+NTV3QJT4VQDVBPB6BNOVM40NMKJ3H29P.nsec3.ingotronic.ch.	300	IN	NSEC3	1 0 10 1234 O275F9OLQ9HNCER7U4SMD4V8AG7IPML9 A NS SOA RRSIG DNSKEY NSEC3PARAM
+NTV3QJT4VQDVBPB6BNOVM40NMKJ3H29P.nsec3.ingotronic.ch.	300	IN	RRSIG	NSEC3 7 4 300 20150131235629 20150101233516 62417 nsec3.ingotronic.ch. xccCvQs/b3ndBUo6J2FbaCzDMg+LB1e4OWeI29VTBWcmfbuD3rZvneRdbA9B5AluJH1ar10xxdrt/+RSuhSWC70LswkdPDg4vshmCZMDeMCOJYFEkGR0UgcZUMynU6EewEDLVLgYtBkJmspeuZNMBMPk/ZUOolCElrkHfbUA1Cc=
+5RFQOLI81S6LKQTUG5HLI19UVJNKUL3H.nsec3.ingotronic.ch.	300	IN	NSEC3	1 0 10 1234 74SO0776K6C87EPASDU8QK8SROIK00KK NS DS RRSIG
+5RFQOLI81S6LKQTUG5HLI19UVJNKUL3H.nsec3.ingotronic.ch.	300	IN	RRSIG	NSEC3 7 4 300 20150125000452 20141225235516 62417 nsec3.ingotronic.ch. Fj0oqoPcn/OEnskMdbw0fTkESOsr6nyhXAqiB0BrGv+PIQEeYPguOFDKvV5CkHaoX+R1OrLHnbc3TFrgopy8cA/Uo3+YxNhIJn6tnm9ynyw7n6RoqWNsY6SYiCwM44Ea4sW7xcMmz8YUiPAJe+NrJYVoFnGjRbRWhLqI+q1iU3M=
+L40SJG7ANKROIHCT5RA6C8CTKJ91CD3N.nsec3.ingotronic.ch.	300	IN	NSEC3	1 0 10 1234 ND3HQPFBN314KVB64L6T40JF75US8HKT
+L40SJG7ANKROIHCT5RA6C8CTKJ91CD3N.nsec3.ingotronic.ch.	300	IN	RRSIG	NSEC3 7 4 300 20150125005926 20141226002759 62417 nsec3.ingotronic.ch. v6NHEWwb2KxRGRPshC2KFoxJs4Mis3OmvncJmn5bIWBnzeTY4x75tsE4zlVPx9rp0rjmOAQsYn4KGtIFPUShDHNHy45qoOtKkvRzRgByx4K2l5Rq9OizQVYsEUUScXEYATilaDU9whifF0vPk7YPwFGRmiY3prCGAvY/jH4hQUM=
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 1048 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 52037
+;; flags: qr rd ra ad cd ; qd: 1 an: 4 au: 0 ad: 1 
+;; QUESTIONS:
+;;	., type = DNSKEY, class = IN
+
+;; ANSWERS:
+.			87345	IN	DNSKEY	257 3 8 AwEAAagAIKlVZrpC6Ia7gEzahOR+9W29euxhJhVVLOyQbSEW0O8gcCjFFVQUTf6v58fLjwBd0YI0EzrAcQqBGCzh/RStIoO8g0NfnfL2MTJRkxoXbfDaUeVPQuYEhg37NZWAJQ9VnMVDxP/VHL496M/QZxkjf5/Efucp2gaDX6RS6CXpoY68LsvPVjR0ZSwzz1apAzvN9dlzEheX7ICJBBtuA6G3LQpzW5hOA2hzCTMjJPJ8LbqF6dsV6DoBQzgul0sGIcGOYl7OyQdXfZ57relSQageu+ipAdTTJ25AsRTAoub8ONGcLmqrAmRLKBP1dfwhYB4N7knNnulqQxA+Uk1ihz0=
+.			87345	IN	DNSKEY	256 3 8 AwEAAaPD7Y7XIi1MOEREJNTrRhyqsY3gff6JWzg+XCbqut1sbcbvqyssHw8DT1AkRaAC92pO8xuyq5QEgEPL1IHfABLwpwXI5gTj4gdwi86bpkmlWs9fRpnn4DPDCTdrnxIejJXgClHikLJF3u3CdpNCMijq4CKdQbMlRZ3avv+G7rh7
+.			87345	IN	DNSKEY	256 3 8 AwEAAe3fSrbLBy3LOS7pnxEUhvPZTE2H5dIGsI/UfruI/nOEvWWa/PSX2BFedBkEqOlYdjdNF2f+6lmfk2Od/xu0v5bVqxFE+/24v3hZSlWBxvXzPTAGHrbW/IJYEPqlzVOAS4XdUgHg0N7IbLywNHMvB+Yf+Nm6ctyXXFLV4WTNnzs7
+.			87345	IN	RRSIG	DNSKEY 8 0 172800 20150115235959 20150101000000 19036 . i8cAxD2pvQi1oAyvQxRpDfFlbqPzW+69QQEsDwE1eWOm5AtawO9U7lmsGps7sy/fVNvl1ljKBj4Djp9pb3U2FLogjiIlW0cDAkPmLlG9t+b/pjEfBNlhjANUVN06pvQVAfm+LcF26EaWT6FlISBqb6jSy4BHRa3Bdc4Sx7+pRSYSqVVvYxLkfAWsKPqGkvWhebJDndJJV9syXQXgZ+v/uJ+6XOS43xkAdeL8iBzIs/FlwMTfh3tVe3d0lb65IBBLlCzeQuetX+0Vu1YFcnD0mHc/wS2ZnAV5toAFmyVQBoY/XAZiZeaOkcROJ6Zmqezy7liwK7BqsYyAZntMhk8lbg==
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 883 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 8702
+;; flags: qr rd ra ad cd ; qd: 1 an: 2 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ch., type = DS, class = IN
+
+;; ANSWERS:
+ch.			945	IN	DS	46375 8 2 8F96646FC68BB7E4AF4C0750A6096FBC0D4ECDA3D3FA6DA06FDDB42EE50C6CF3
+ch.			945	IN	RRSIG	DS 8 1 86400 20150112170000 20150105160000 16665 . thY7xYWBBxiBjqbQIb9fAG4TmQgnziwM7q6P1T3/ITxmECdvOCQnnZA3uD7qmN8uM0HudsD7+y+zgD3rsH4RSTKdL4kHSI0OnCxToMTvklghEgFDezqIRm8NkWdI2H4Stwrj20nYKSpLQxPI2EE54gs18P3KyO8bAUYv8Qx73xU=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 238 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 51929
+;; flags: qr rd ra ad cd ; qd: 1 an: 4 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ch., type = DNSKEY, class = IN
+
+;; ANSWERS:
+ch.			946	IN	DNSKEY	257 3 8 AwEAAb7GhhZ8IAy/AhwmSms5DeQK5ad09wIIplEpYoiAIYXPtJvT1ReFzyfTp/2YP+g/PWDwHPh4qKAHa9x0VgbIQcGAeNakmfkAdWEmCnca323/SAml3mwfaX62G7/uYWae5zh8QTxZKNd+K1yZ5x0IxnI31chSl5xymRbTEHYZDKwSIRFM3fTxUMt93WFaBVWELReYotJBr++rvAWdnlay5TPBTvheLBkaiqtgM4GP8HK07Y+86lsZnEsj5K3G1KTV5SPpa82rqYAwxG9VKbmSE/6/kBR5jJHjt1rRt5Oe7v18aEtw0YCEN4vxq+KuvMoNVqXUsE9LBwHJD+QNwi6wmB0=
+ch.			946	IN	DNSKEY	256 3 8 AwEAAcsg0kY6fw1wzYMhSAKTy+Y2JzAst66P/1odp9NECJJHbU8f4nwziI3onoFSBV0ZiSZhY1aH5dhdDZ7BkrqhVXSrZPAz0CvzjIxmB1gSOf9DeZvjQvoy97HqYolxsf+B3QQv2RKBT67elF5+JisKg3/dQISelKn8LhabSoVrMlD1
+ch.			946	IN	DNSKEY	256 3 8 AwEAAcSLdT0fEmcFmLpeUkAJoeVaHKiu+nbuc43fWlqaCRVf8t2HA4uWxOk0O5ci9nrFTc8nq8oa5fk5Cj7CHh4yrX9qUCfTdIWTyp8BDEdJpS+Dyb0u9wQuVj+nQMj4fLzdQf4TJs3/qxuiLr3nL1UUwlhhXeqSqGVb7p3mtB5HJ8ad
+ch.			946	IN	RRSIG	DNSKEY 8 1 86400 20150127100909 20141212090909 46375 ch. bT8q0FWyeMH0SulNo6UdIIgZYNATwYsee2bikq2Gh339Bufma8eaqWIPYT3XKmxYPBFOw0bVl+kLZxTwbR1CFoCDXoP+qgQhh4mf9qkNiv2CDSc+0FE3FRREn+DAhYTUEuB58FPiPakFB8s8O7T+k2qhDae7jy4/y7Jl1lnjaBY8s7bzOUPhF0KKCNZmvoKwtL23ZdVeTSV1xM3jkiNnpzBKbcoSWECSGJVp1SE0BnRXdwQP41YTXFZ0310YjaTAUCC5qbMIWdEkHjfdSQtKBImnc85mkapq9w++XQ4zhauPWBtrPV3CcoCahjUaWdjrKVkibomlJZaN8MEO23CfQw==
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 893 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 20671
+;; flags: qr rd ra cd ; qd: 1 an: 3 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ingotronic.ch., type = DS, class = IN
+
+;; ANSWERS:
+ingotronic.ch.		3554	IN	DS	6031 5 1 733D0218B571CD617B1A7493564B9FC4F12ADE82
+ingotronic.ch.		3554	IN	DS	6031 5 2 4A948F2FDADA24686E473EDAC00DCF972584C75E3FAA92C2021B6221449FF87E
+ingotronic.ch.		3554	IN	RRSIG	DS 8 2 3600 20150129033614 20150105123019 60789 ch. rVPJP2HhzW7OkroK2axFj5Lb4iVWCH8Fp/Iq1rF952NDo72b8RiKje2RaAKJAGQ+wd0YgE+PAej04GCmkhlDJA/zvPeeTxuhy3HbJzReMlQ7fjyH+wW1hli+FuIYvogXWf7nO/9VyPORt8X/f/pjrOr3Vlj9sGLN8TGYpEuVSw4=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 288 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 65359
+;; flags: qr aa rd ra cd ; qd: 1 an: 4 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ingotronic.ch., type = DNSKEY, class = IN
+
+;; ANSWERS:
+ingotronic.ch.		300	IN	DNSKEY	256 3 5 AwEAAZ2Xh77GFzpEDx7EHYxShqltHgkiG+BOjBGifEmnJhQSdE5/yNSLFNcdhZZ8HUPxYnaedTqJcFFg4AzUsQklF/fECegTJdZjaj2WoL0/I8K7HMfY/hVuRZUWPNglYi8agJRX6gdkFTCpUNI7stpgKqxtzUJhhw15uG/lKMplwqUr
+ingotronic.ch.		300	IN	DNSKEY	257 3 5 AwEAAeA1vzmjaB+eBAcvhzpKEgAEFpvQ1rg4uKDW6MsQtacKoqBpgyep2+LuWotz5p/xYxj3NGsArwN8Ad5cY0FHRr8miTT0elOv6nvlqGIfRuhj/BXAQ1x4ihpSFslHw0lJMYFwxsUZWpUyjWX/nv1xRZMMwF46gui0N4OEbyTYusCk77D+A71k+K0EAitFIbIH4GCUKmH1H7HmXhSVH9bN/n7KEGwW32lmsuuUcJoRKDkcUvbMXY/9Xoa2quERrUg/rBbDUHowRPjYDS5GzY1+f4YY8s40BufGiqyUTKKXL953MVFK8gmezXA0hbmrnZ7CBOw/7238mORAdzExaX8n7CE=
+ingotronic.ch.		300	IN	RRSIG	DNSKEY 5 2 300 20150125003700 20141226001657 6031 ingotronic.ch. rs1QlP2SlSpA2ELbzwg3DgWLzXWL3Lpv6CUJE2Q0qH2Zp7Qdy3cD+ZEtNh9v24Qv1M6JJ3zFt8mmZoCeW2ycuMbJCqBkW9CBuwF+VznZvZY2MxwPipvhvEEGP//0M8YAZJ66yQPDv3PTdAP8FYbIrJyvY44vwyncwbslpfHT9jAsrbfr3vuMuWps86dnP462q+0s1TxBfqi8mzo3gdavjHKWVNwohLahLKT+tWeu6DSzQv0YwMjwtkLgF7QRgx3ctIIkloOrnx9nHH1N6y+hxEB89fOlyVDjHhgL5uVtsD5fEdT0FJ2Gc/2nShEMMqIwr1/J9kUq1mNySff/uEe65Q==
+ingotronic.ch.		300	IN	RRSIG	DNSKEY 5 2 300 20150125003700 20141226001657 17430 ingotronic.ch. mEwZjhQqeWksWD0TCnNBrtce4YkWJL3edqL6PvAUu8Fn+Ih437kEs3+pqdkgRsdYQ9HW+lBm/8pWwJlNAv0bi9NykItXMwAUFtncgq+6Pnh3iAM972GXSa5VV4LcGQ5b8CBdHCHiEKDqyPv5Hr5QfYL/FQaWlcNRh4QZZlZNPFA=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 940 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 8194
+;; flags: qr aa rd ra cd ; qd: 1 an: 3 au: 0 ad: 1 
+;; QUESTIONS:
+;;	nsec3.ingotronic.ch., type = DS, class = IN
+
+;; ANSWERS:
+nsec3.ingotronic.ch.	300	IN	DS	16758 7 2 3C8DC02750A1636F829B45D6E6D642866768A9CD40A013AD9D25AB63734FFA13
+nsec3.ingotronic.ch.	300	IN	DS	16758 7 1 1720FF268E09A2CB63805EC8782D10AAD20E12A5
+nsec3.ingotronic.ch.	300	IN	RRSIG	DS 5 3 300 20150125011134 20141226002644 17430 ingotronic.ch. hNurzlGhlyHbSgezPDuhIrtN9ZMsMXZbKGc7HD5rUuM88wD3fM97NxdzF+2Hi1USvBZ5GsQv63L+lAzf+mFPBoPIFHtTiAv8up7kQKRKmi/EzzkCYd/CC4UYdDZbaUyv7esh7spSOGwjPJNdK831p+MgltoWaYtnSGVMgOKk5mc=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 305 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 59006
+;; flags: qr aa rd ra cd ; qd: 1 an: 4 au: 0 ad: 1 
+;; QUESTIONS:
+;;	nsec3.ingotronic.ch., type = DNSKEY, class = IN
+
+;; ANSWERS:
+nsec3.ingotronic.ch.	300	IN	DNSKEY	256 3 7 AwEAAccAWxkTVGZ6UAp0VEozAlYpARhbh6Y6tYOl6Fg3UeBNFFtDQ9fTEEt1NkbnR9u8KkpVN6a67avlYiUN1egDqEwzDU7R1Rw+/USdhm2hqOARmmu3DBgjjX/iXjZLyv310cOGFJZ/smcodlDL4pDAAoPxh/qs6KEBaT0sc1KWcGq3
+nsec3.ingotronic.ch.	300	IN	DNSKEY	257 3 7 AwEAAaBuJTf9oGyeTH3biUkAFLrsYrkodX1H7Snsui4XsDHFCBvs5XYacHbs0Jg0/O51KPjmNnjwMW8SSyDkKqYQ+9uYAf2EQ/pnD/VGQqnV2cw0Vwk/t0E2V4FUCju4pnAoyzZFZXGs1eWbX9JXu++b0Azp+ACq6485qJLzHhWDiIrPoK/SvdbFVRK4s+nPPJLH3NGBbtdz6kPq7aFWYBMoGeAZdN1wsQpcNWUo5eOmaJY53nMc7+rDpAyYlMe/FKwSZdX2ZDd63Qsa6Im4FVUJq/nWLq7tlQ/mWks15uDTQyJy/OWfA0ICCO4N9Fel9rThJNpJWEzOCblvZyBoy405kZk=
+nsec3.ingotronic.ch.	300	IN	RRSIG	DNSKEY 7 3 300 20150125001457 20141226000444 16758 nsec3.ingotronic.ch. mXi1ylDi8XkRPup+YlT8GPdYE+P7gb6+/VdAwtodI916IzrkGkOHOTLbnrbAqqJOh0HxVCYXdxovmEcbJKUFKwplrQg3XD7/9Sq4pKU1MhMFEGrm/QPkM4u0mgjQwyToDLGuPHuFyur3FSjO/n54uGhAEft9JOFk/WKtWdCnm2LLyQrpC6herA3efFaI8kZhdoEY02AwihWVJxHasmz7lOoKRgNrkfELU+fN4+V7ISsRfJMyZc6q5PuNeG6vFD0uNE8tpdLJCSMurKYVpelvYqzFIcRTYcIjXwmS+L3DGjupqWMzFZVmpQM62JG3KCCD0ffpnNb0nWoSoHwpSeh/3Q==
+nsec3.ingotronic.ch.	300	IN	RRSIG	DNSKEY 7 3 300 20150125001457 20141226000444 62417 nsec3.ingotronic.ch. PyCrf8T5dAfJzapb1p+kcTALPjDuD2niSaXXo0KeHAunT+6gJicLML2S/ZpiYr7X7Ma4Z0TYqE02qH6pcLYNnSgv9BE8sZO0nRtPekSyTy5nLi4hFADYhjb3UjaB85qmQZcqm64vC/CJhWO4t6Eixg/5MYALw+Qdy5Fo0qy/U5E=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 958 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 12595
+;; flags: qr aa rd ra cd ; qd: 1 an: 0 au: 8 ad: 1 
+;; QUESTIONS:
+;;	a.sub.nsec3.ingotronic.ch., type = A, class = IN
+
+;; ANSWERS:
+
+;; AUTHORITY RECORDS:
+sub.nsec3.ingotronic.ch.	300	IN	SOA	ns1.ingotronic.ch. admin.ingotronic.ch. 2013032916 300 60 864000 300
+sub.nsec3.ingotronic.ch.	300	IN	RRSIG	SOA 7 4 300 20150125015740 20141226005740 47588 sub.nsec3.ingotronic.ch. Bf4LTgw0NTtweK4jIpwJHZ1TXexTWKUsBz2jG0/tMeTkcIZOUNVFrOxBfSG6/bMDUA3jSbz5jJ1m9s65BST+KkUqQX+vcRTWQAZT3Hrl3Si82mC1pxOB/84yyR1C0AYrgx9LA+XMsXP1asYWpIHMK+r8A5SVkOyH4lbhqOieEi4=
+8N8QLBCUIH7R2BG7DMCJ5AEE63K4KVUA.sub.nsec3.ingotronic.ch.	300	IN	NSEC3	1 0 11 4321 8Q9N8IJMR07MUTMO8TDS0N9UEQA8QVD9 A NS SOA RRSIG DNSKEY NSEC3PARAM
+8N8QLBCUIH7R2BG7DMCJ5AEE63K4KVUA.sub.nsec3.ingotronic.ch.	300	IN	RRSIG	NSEC3 7 5 300 20150125013111 20141226005322 47588 sub.nsec3.ingotronic.ch. le09pR2JyiMdQqnRMEzP8x0R4TM2GEjW4KQ3H/rwewL6FZYuTUUtby44kqCAVS9pZ+bxKtT0A7F5RG06S2fwSx5OP62O6OFQoz/qmjc4ecsaciSMX+Rh3BbVSy8NyHoy0v2G9kAijyXrdz9xBSm/nRoS74RjL2mu7TPw/PTM3mI=
+0NEGNVKPNDG8COAS7H0J86LJOO3HD9DA.sub.nsec3.ingotronic.ch.	300	IN	NSEC3	1 0 11 4321 4IGI4A0AMGQ33TEQ30KODCUNR3GUQ9PM A RRSIG
+0NEGNVKPNDG8COAS7H0J86LJOO3HD9DA.sub.nsec3.ingotronic.ch.	300	IN	RRSIG	NSEC3 7 5 300 20150125010632 20141226002446 47588 sub.nsec3.ingotronic.ch. UTxl/DGaYhwIhPk3igVHrExeG7bWR9/rSEOa+qmijHN2h/MnA7vf40Egh1kzCE5IEMlWbJTyH7SQtcIBO+QNY5wcZIs1ROhGsLQCK03d8MhYZeWw16+8kPpnwV1ZskVVHJ355Sm6iMumxEPmjEzhpxeDAQ3A9SHBBBHPZ0gk0Ew=
+DFLBG9075O3J47SUNJOFNAMQIE6355M6.sub.nsec3.ingotronic.ch.	300	IN	NSEC3	1 0 11 4321 FF6HDF6NIR1O4UO4N6BO1NT1P5BLEM45 A RRSIG
+DFLBG9075O3J47SUNJOFNAMQIE6355M6.sub.nsec3.ingotronic.ch.	300	IN	RRSIG	NSEC3 7 5 300 20150125011509 20141226005740 47588 sub.nsec3.ingotronic.ch. LOf771yhl0XefM1p1t99S7KH4hiQaT78qev2VFkdgv9WN/w2JrZOkO0bx5ikNzt2MuELtdh8IDTP9KdRss9XsSEr7AIkKg0CN3oG6xxKgt+rrY5O+GfbvrgBFhn7H4JGTBlacnAnoMjreyCSxNtE1bHSIZOHOevkxZ4voFIQ0OQ=
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 1076 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 13990
+;; flags: qr rd ra ad cd ; qd: 1 an: 4 au: 0 ad: 1 
+;; QUESTIONS:
+;;	., type = DNSKEY, class = IN
+
+;; ANSWERS:
+.			87345	IN	DNSKEY	256 3 8 AwEAAe3fSrbLBy3LOS7pnxEUhvPZTE2H5dIGsI/UfruI/nOEvWWa/PSX2BFedBkEqOlYdjdNF2f+6lmfk2Od/xu0v5bVqxFE+/24v3hZSlWBxvXzPTAGHrbW/IJYEPqlzVOAS4XdUgHg0N7IbLywNHMvB+Yf+Nm6ctyXXFLV4WTNnzs7
+.			87345	IN	DNSKEY	257 3 8 AwEAAagAIKlVZrpC6Ia7gEzahOR+9W29euxhJhVVLOyQbSEW0O8gcCjFFVQUTf6v58fLjwBd0YI0EzrAcQqBGCzh/RStIoO8g0NfnfL2MTJRkxoXbfDaUeVPQuYEhg37NZWAJQ9VnMVDxP/VHL496M/QZxkjf5/Efucp2gaDX6RS6CXpoY68LsvPVjR0ZSwzz1apAzvN9dlzEheX7ICJBBtuA6G3LQpzW5hOA2hzCTMjJPJ8LbqF6dsV6DoBQzgul0sGIcGOYl7OyQdXfZ57relSQageu+ipAdTTJ25AsRTAoub8ONGcLmqrAmRLKBP1dfwhYB4N7knNnulqQxA+Uk1ihz0=
+.			87345	IN	DNSKEY	256 3 8 AwEAAaPD7Y7XIi1MOEREJNTrRhyqsY3gff6JWzg+XCbqut1sbcbvqyssHw8DT1AkRaAC92pO8xuyq5QEgEPL1IHfABLwpwXI5gTj4gdwi86bpkmlWs9fRpnn4DPDCTdrnxIejJXgClHikLJF3u3CdpNCMijq4CKdQbMlRZ3avv+G7rh7
+.			87345	IN	RRSIG	DNSKEY 8 0 172800 20150115235959 20150101000000 19036 . i8cAxD2pvQi1oAyvQxRpDfFlbqPzW+69QQEsDwE1eWOm5AtawO9U7lmsGps7sy/fVNvl1ljKBj4Djp9pb3U2FLogjiIlW0cDAkPmLlG9t+b/pjEfBNlhjANUVN06pvQVAfm+LcF26EaWT6FlISBqb6jSy4BHRa3Bdc4Sx7+pRSYSqVVvYxLkfAWsKPqGkvWhebJDndJJV9syXQXgZ+v/uJ+6XOS43xkAdeL8iBzIs/FlwMTfh3tVe3d0lb65IBBLlCzeQuetX+0Vu1YFcnD0mHc/wS2ZnAV5toAFmyVQBoY/XAZiZeaOkcROJ6Zmqezy7liwK7BqsYyAZntMhk8lbg==
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 883 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 22861
+;; flags: qr rd ra ad cd ; qd: 1 an: 2 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ch., type = DS, class = IN
+
+;; ANSWERS:
+ch.			945	IN	DS	46375 8 2 8F96646FC68BB7E4AF4C0750A6096FBC0D4ECDA3D3FA6DA06FDDB42EE50C6CF3
+ch.			945	IN	RRSIG	DS 8 1 86400 20150112170000 20150105160000 16665 . thY7xYWBBxiBjqbQIb9fAG4TmQgnziwM7q6P1T3/ITxmECdvOCQnnZA3uD7qmN8uM0HudsD7+y+zgD3rsH4RSTKdL4kHSI0OnCxToMTvklghEgFDezqIRm8NkWdI2H4Stwrj20nYKSpLQxPI2EE54gs18P3KyO8bAUYv8Qx73xU=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 238 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 62841
+;; flags: qr rd ra ad cd ; qd: 1 an: 4 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ch., type = DNSKEY, class = IN
+
+;; ANSWERS:
+ch.			946	IN	DNSKEY	256 3 8 AwEAAcSLdT0fEmcFmLpeUkAJoeVaHKiu+nbuc43fWlqaCRVf8t2HA4uWxOk0O5ci9nrFTc8nq8oa5fk5Cj7CHh4yrX9qUCfTdIWTyp8BDEdJpS+Dyb0u9wQuVj+nQMj4fLzdQf4TJs3/qxuiLr3nL1UUwlhhXeqSqGVb7p3mtB5HJ8ad
+ch.			946	IN	DNSKEY	257 3 8 AwEAAb7GhhZ8IAy/AhwmSms5DeQK5ad09wIIplEpYoiAIYXPtJvT1ReFzyfTp/2YP+g/PWDwHPh4qKAHa9x0VgbIQcGAeNakmfkAdWEmCnca323/SAml3mwfaX62G7/uYWae5zh8QTxZKNd+K1yZ5x0IxnI31chSl5xymRbTEHYZDKwSIRFM3fTxUMt93WFaBVWELReYotJBr++rvAWdnlay5TPBTvheLBkaiqtgM4GP8HK07Y+86lsZnEsj5K3G1KTV5SPpa82rqYAwxG9VKbmSE/6/kBR5jJHjt1rRt5Oe7v18aEtw0YCEN4vxq+KuvMoNVqXUsE9LBwHJD+QNwi6wmB0=
+ch.			946	IN	DNSKEY	256 3 8 AwEAAcsg0kY6fw1wzYMhSAKTy+Y2JzAst66P/1odp9NECJJHbU8f4nwziI3onoFSBV0ZiSZhY1aH5dhdDZ7BkrqhVXSrZPAz0CvzjIxmB1gSOf9DeZvjQvoy97HqYolxsf+B3QQv2RKBT67elF5+JisKg3/dQISelKn8LhabSoVrMlD1
+ch.			946	IN	RRSIG	DNSKEY 8 1 86400 20150127100909 20141212090909 46375 ch. bT8q0FWyeMH0SulNo6UdIIgZYNATwYsee2bikq2Gh339Bufma8eaqWIPYT3XKmxYPBFOw0bVl+kLZxTwbR1CFoCDXoP+qgQhh4mf9qkNiv2CDSc+0FE3FRREn+DAhYTUEuB58FPiPakFB8s8O7T+k2qhDae7jy4/y7Jl1lnjaBY8s7bzOUPhF0KKCNZmvoKwtL23ZdVeTSV1xM3jkiNnpzBKbcoSWECSGJVp1SE0BnRXdwQP41YTXFZ0310YjaTAUCC5qbMIWdEkHjfdSQtKBImnc85mkapq9w++XQ4zhauPWBtrPV3CcoCahjUaWdjrKVkibomlJZaN8MEO23CfQw==
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 893 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 7825
+;; flags: qr rd ra cd ; qd: 1 an: 3 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ingotronic.ch., type = DS, class = IN
+
+;; ANSWERS:
+ingotronic.ch.		3554	IN	DS	6031 5 1 733D0218B571CD617B1A7493564B9FC4F12ADE82
+ingotronic.ch.		3554	IN	DS	6031 5 2 4A948F2FDADA24686E473EDAC00DCF972584C75E3FAA92C2021B6221449FF87E
+ingotronic.ch.		3554	IN	RRSIG	DS 8 2 3600 20150129033614 20150105123019 60789 ch. rVPJP2HhzW7OkroK2axFj5Lb4iVWCH8Fp/Iq1rF952NDo72b8RiKje2RaAKJAGQ+wd0YgE+PAej04GCmkhlDJA/zvPeeTxuhy3HbJzReMlQ7fjyH+wW1hli+FuIYvogXWf7nO/9VyPORt8X/f/pjrOr3Vlj9sGLN8TGYpEuVSw4=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 288 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 54026
+;; flags: qr aa rd ra cd ; qd: 1 an: 4 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ingotronic.ch., type = DNSKEY, class = IN
+
+;; ANSWERS:
+ingotronic.ch.		300	IN	DNSKEY	257 3 5 AwEAAeA1vzmjaB+eBAcvhzpKEgAEFpvQ1rg4uKDW6MsQtacKoqBpgyep2+LuWotz5p/xYxj3NGsArwN8Ad5cY0FHRr8miTT0elOv6nvlqGIfRuhj/BXAQ1x4ihpSFslHw0lJMYFwxsUZWpUyjWX/nv1xRZMMwF46gui0N4OEbyTYusCk77D+A71k+K0EAitFIbIH4GCUKmH1H7HmXhSVH9bN/n7KEGwW32lmsuuUcJoRKDkcUvbMXY/9Xoa2quERrUg/rBbDUHowRPjYDS5GzY1+f4YY8s40BufGiqyUTKKXL953MVFK8gmezXA0hbmrnZ7CBOw/7238mORAdzExaX8n7CE=
+ingotronic.ch.		300	IN	DNSKEY	256 3 5 AwEAAZ2Xh77GFzpEDx7EHYxShqltHgkiG+BOjBGifEmnJhQSdE5/yNSLFNcdhZZ8HUPxYnaedTqJcFFg4AzUsQklF/fECegTJdZjaj2WoL0/I8K7HMfY/hVuRZUWPNglYi8agJRX6gdkFTCpUNI7stpgKqxtzUJhhw15uG/lKMplwqUr
+ingotronic.ch.		300	IN	RRSIG	DNSKEY 5 2 300 20150125003700 20141226001657 6031 ingotronic.ch. rs1QlP2SlSpA2ELbzwg3DgWLzXWL3Lpv6CUJE2Q0qH2Zp7Qdy3cD+ZEtNh9v24Qv1M6JJ3zFt8mmZoCeW2ycuMbJCqBkW9CBuwF+VznZvZY2MxwPipvhvEEGP//0M8YAZJ66yQPDv3PTdAP8FYbIrJyvY44vwyncwbslpfHT9jAsrbfr3vuMuWps86dnP462q+0s1TxBfqi8mzo3gdavjHKWVNwohLahLKT+tWeu6DSzQv0YwMjwtkLgF7QRgx3ctIIkloOrnx9nHH1N6y+hxEB89fOlyVDjHhgL5uVtsD5fEdT0FJ2Gc/2nShEMMqIwr1/J9kUq1mNySff/uEe65Q==
+ingotronic.ch.		300	IN	RRSIG	DNSKEY 5 2 300 20150125003700 20141226001657 17430 ingotronic.ch. mEwZjhQqeWksWD0TCnNBrtce4YkWJL3edqL6PvAUu8Fn+Ih437kEs3+pqdkgRsdYQ9HW+lBm/8pWwJlNAv0bi9NykItXMwAUFtncgq+6Pnh3iAM972GXSa5VV4LcGQ5b8CBdHCHiEKDqyPv5Hr5QfYL/FQaWlcNRh4QZZlZNPFA=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 940 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 8144
+;; flags: qr aa rd ra cd ; qd: 1 an: 3 au: 0 ad: 1 
+;; QUESTIONS:
+;;	nsec3.ingotronic.ch., type = DS, class = IN
+
+;; ANSWERS:
+nsec3.ingotronic.ch.	300	IN	DS	16758 7 1 1720FF268E09A2CB63805EC8782D10AAD20E12A5
+nsec3.ingotronic.ch.	300	IN	DS	16758 7 2 3C8DC02750A1636F829B45D6E6D642866768A9CD40A013AD9D25AB63734FFA13
+nsec3.ingotronic.ch.	300	IN	RRSIG	DS 5 3 300 20150125011134 20141226002644 17430 ingotronic.ch. hNurzlGhlyHbSgezPDuhIrtN9ZMsMXZbKGc7HD5rUuM88wD3fM97NxdzF+2Hi1USvBZ5GsQv63L+lAzf+mFPBoPIFHtTiAv8up7kQKRKmi/EzzkCYd/CC4UYdDZbaUyv7esh7spSOGwjPJNdK831p+MgltoWaYtnSGVMgOKk5mc=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 305 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 65284
+;; flags: qr aa rd ra cd ; qd: 1 an: 4 au: 0 ad: 1 
+;; QUESTIONS:
+;;	nsec3.ingotronic.ch., type = DNSKEY, class = IN
+
+;; ANSWERS:
+nsec3.ingotronic.ch.	300	IN	DNSKEY	256 3 7 AwEAAccAWxkTVGZ6UAp0VEozAlYpARhbh6Y6tYOl6Fg3UeBNFFtDQ9fTEEt1NkbnR9u8KkpVN6a67avlYiUN1egDqEwzDU7R1Rw+/USdhm2hqOARmmu3DBgjjX/iXjZLyv310cOGFJZ/smcodlDL4pDAAoPxh/qs6KEBaT0sc1KWcGq3
+nsec3.ingotronic.ch.	300	IN	DNSKEY	257 3 7 AwEAAaBuJTf9oGyeTH3biUkAFLrsYrkodX1H7Snsui4XsDHFCBvs5XYacHbs0Jg0/O51KPjmNnjwMW8SSyDkKqYQ+9uYAf2EQ/pnD/VGQqnV2cw0Vwk/t0E2V4FUCju4pnAoyzZFZXGs1eWbX9JXu++b0Azp+ACq6485qJLzHhWDiIrPoK/SvdbFVRK4s+nPPJLH3NGBbtdz6kPq7aFWYBMoGeAZdN1wsQpcNWUo5eOmaJY53nMc7+rDpAyYlMe/FKwSZdX2ZDd63Qsa6Im4FVUJq/nWLq7tlQ/mWks15uDTQyJy/OWfA0ICCO4N9Fel9rThJNpJWEzOCblvZyBoy405kZk=
+nsec3.ingotronic.ch.	300	IN	RRSIG	DNSKEY 7 3 300 20150125001457 20141226000444 16758 nsec3.ingotronic.ch. mXi1ylDi8XkRPup+YlT8GPdYE+P7gb6+/VdAwtodI916IzrkGkOHOTLbnrbAqqJOh0HxVCYXdxovmEcbJKUFKwplrQg3XD7/9Sq4pKU1MhMFEGrm/QPkM4u0mgjQwyToDLGuPHuFyur3FSjO/n54uGhAEft9JOFk/WKtWdCnm2LLyQrpC6herA3efFaI8kZhdoEY02AwihWVJxHasmz7lOoKRgNrkfELU+fN4+V7ISsRfJMyZc6q5PuNeG6vFD0uNE8tpdLJCSMurKYVpelvYqzFIcRTYcIjXwmS+L3DGjupqWMzFZVmpQM62JG3KCCD0ffpnNb0nWoSoHwpSeh/3Q==
+nsec3.ingotronic.ch.	300	IN	RRSIG	DNSKEY 7 3 300 20150125001457 20141226000444 62417 nsec3.ingotronic.ch. PyCrf8T5dAfJzapb1p+kcTALPjDuD2niSaXXo0KeHAunT+6gJicLML2S/ZpiYr7X7Ma4Z0TYqE02qH6pcLYNnSgv9BE8sZO0nRtPekSyTy5nLi4hFADYhjb3UjaB85qmQZcqm64vC/CJhWO4t6Eixg/5MYALw+Qdy5Fo0qy/U5E=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 958 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 2523
+;; flags: qr aa rd ra cd ; qd: 1 an: 3 au: 0 ad: 1 
+;; QUESTIONS:
+;;	sub.nsec3.ingotronic.ch., type = DS, class = IN
+
+;; ANSWERS:
+sub.nsec3.ingotronic.ch.	300	IN	DS	14583 7 2 450CACC87D02E5FF421230909AA852C6FDD2687F884AA44254DD94DA85535077
+sub.nsec3.ingotronic.ch.	300	IN	DS	14583 7 1 D51C5631497C1D29CA98691288D65554DC02748E
+sub.nsec3.ingotronic.ch.	300	IN	RRSIG	DS 7 4 300 20150125011553 20141226004758 62417 nsec3.ingotronic.ch. YaXJXminnSCzuVyXM/bgnRohbK4kN+wMi8/14ahyigDbBktZ0TWNv3PaYXRE5TFRrnmFRka0TEeCcU4HjQv1goi7BHXvn9VtoAlsi2NrboZOTYt5vo4cFhyPkBPajJWfKtQE4W4AW2CdW6736gKzevMGsJza0ZE+phasic+lwnY=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 315 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 21959
+;; flags: qr aa rd ra cd ; qd: 1 an: 4 au: 0 ad: 1 
+;; QUESTIONS:
+;;	sub.nsec3.ingotronic.ch., type = DNSKEY, class = IN
+
+;; ANSWERS:
+sub.nsec3.ingotronic.ch.	300	IN	DNSKEY	256 3 7 AwEAAaxrudePJ21EN1RmgBFOZJG5tL4EBLzvqDwCasrBCCd7A/4cXJ2hGXpWhfmGi6Jw0aE2H9DSQf3Tpky1gIijeq/bwfxT4QIbrfqOn9Qoo0eVhJ5eLadg91vD9zPu9LrsV66dn8WIoeHyXOW6jTweKRVvTg0y3RMgofQwKj4ZLQuD
+sub.nsec3.ingotronic.ch.	300	IN	DNSKEY	257 3 7 AwEAAfbT4DoA+kmKQSfhaS4IkklDaqgrxdD3OlrG9dctyUcoxignP3hChGSj9cX+ojrGakS4rI6H7oQVhPAdL2ZOr3mcrKgj52kwD+aAsW19nhS4aEahbseRm8Sq3ebt1zefQRezLrDC+3BPzeCMmuZe53bEN01BQpLwJHz86gtibPZ/xFkmSPIXK5AiqqGTULJRKFm8IqNVKvEwZ+OCiT5NH+Wfzidd+DfRjAD/N5TalP863+nZhp5TdoIPcQfxqrsYyv//UewvC/sijmw1uljwXncRNCA8nMKWKZwPFqJft7pGepRPvojSAmnPZjpHhZh+tHYMk4GQpACDJSF+9uCoOXM=
+sub.nsec3.ingotronic.ch.	300	IN	RRSIG	DNSKEY 7 4 300 20150125004357 20141226000657 14583 sub.nsec3.ingotronic.ch. QbclcvQd9lPzpy8w1Z7g9jSeIHGMAwnHYf1wsi9w/dFaxOWnqKZxSkjbxu8JPq8WzDhGnXlCD/wksK7oAnvr1IStV4jSjh3JQ0JHlvy30c6n2ZEgN1Y6OlUTIH88eaEFEt8zykZKhMNPZcfhh+hqC7hl0oUzgZcA42Tn/U6JNz+DWfQBSJBmAUgzgQFcTnJkR/U9BRoCe19isbBXG2HwrmDNl3PYTudkeJTOEXSuKcTAUdV6twuZ7y+j7uWeqCkXRw9WBzAOQ/bH4x1JSGKt6OZOG5wJ2cdhBVHuR9hLfIJJau8ZgnKjKI2MQ3WWF23ZDMCBILsp3KFPUKEy3tZMKA==
+sub.nsec3.ingotronic.ch.	300	IN	RRSIG	DNSKEY 7 4 300 20150125004357 20141226000657 47588 sub.nsec3.ingotronic.ch. KAsXqPyHIH2Y/iV8QR5JQ/EfUrVfxNeoaTYINar0gtvk84VThpsS/8lhpdwU9NbukXUyD0QZfQm+nF+WIFs4mYPU06tW2Nn0CHiPwBXdA8ZaApVasxbtCmk//BQi9LlRyMriylPUIZeUMLyTTisIffIdTuLBf9xhaYe81uZmpB8=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 970 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 40054
+;; flags: qr rd ra ad cd ; qd: 1 an: 4 au: 0 ad: 1 
+;; QUESTIONS:
+;;	., type = DNSKEY, class = IN
+
+;; ANSWERS:
+.			87344	IN	DNSKEY	257 3 8 AwEAAagAIKlVZrpC6Ia7gEzahOR+9W29euxhJhVVLOyQbSEW0O8gcCjFFVQUTf6v58fLjwBd0YI0EzrAcQqBGCzh/RStIoO8g0NfnfL2MTJRkxoXbfDaUeVPQuYEhg37NZWAJQ9VnMVDxP/VHL496M/QZxkjf5/Efucp2gaDX6RS6CXpoY68LsvPVjR0ZSwzz1apAzvN9dlzEheX7ICJBBtuA6G3LQpzW5hOA2hzCTMjJPJ8LbqF6dsV6DoBQzgul0sGIcGOYl7OyQdXfZ57relSQageu+ipAdTTJ25AsRTAoub8ONGcLmqrAmRLKBP1dfwhYB4N7knNnulqQxA+Uk1ihz0=
+.			87344	IN	DNSKEY	256 3 8 AwEAAe3fSrbLBy3LOS7pnxEUhvPZTE2H5dIGsI/UfruI/nOEvWWa/PSX2BFedBkEqOlYdjdNF2f+6lmfk2Od/xu0v5bVqxFE+/24v3hZSlWBxvXzPTAGHrbW/IJYEPqlzVOAS4XdUgHg0N7IbLywNHMvB+Yf+Nm6ctyXXFLV4WTNnzs7
+.			87344	IN	DNSKEY	256 3 8 AwEAAaPD7Y7XIi1MOEREJNTrRhyqsY3gff6JWzg+XCbqut1sbcbvqyssHw8DT1AkRaAC92pO8xuyq5QEgEPL1IHfABLwpwXI5gTj4gdwi86bpkmlWs9fRpnn4DPDCTdrnxIejJXgClHikLJF3u3CdpNCMijq4CKdQbMlRZ3avv+G7rh7
+.			87344	IN	RRSIG	DNSKEY 8 0 172800 20150115235959 20150101000000 19036 . i8cAxD2pvQi1oAyvQxRpDfFlbqPzW+69QQEsDwE1eWOm5AtawO9U7lmsGps7sy/fVNvl1ljKBj4Djp9pb3U2FLogjiIlW0cDAkPmLlG9t+b/pjEfBNlhjANUVN06pvQVAfm+LcF26EaWT6FlISBqb6jSy4BHRa3Bdc4Sx7+pRSYSqVVvYxLkfAWsKPqGkvWhebJDndJJV9syXQXgZ+v/uJ+6XOS43xkAdeL8iBzIs/FlwMTfh3tVe3d0lb65IBBLlCzeQuetX+0Vu1YFcnD0mHc/wS2ZnAV5toAFmyVQBoY/XAZiZeaOkcROJ6Zmqezy7liwK7BqsYyAZntMhk8lbg==
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 883 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 49011
+;; flags: qr rd ra ad cd ; qd: 1 an: 2 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ch., type = DS, class = IN
+
+;; ANSWERS:
+ch.			944	IN	DS	46375 8 2 8F96646FC68BB7E4AF4C0750A6096FBC0D4ECDA3D3FA6DA06FDDB42EE50C6CF3
+ch.			944	IN	RRSIG	DS 8 1 86400 20150112170000 20150105160000 16665 . thY7xYWBBxiBjqbQIb9fAG4TmQgnziwM7q6P1T3/ITxmECdvOCQnnZA3uD7qmN8uM0HudsD7+y+zgD3rsH4RSTKdL4kHSI0OnCxToMTvklghEgFDezqIRm8NkWdI2H4Stwrj20nYKSpLQxPI2EE54gs18P3KyO8bAUYv8Qx73xU=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 238 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 19308
+;; flags: qr rd ra ad cd ; qd: 1 an: 4 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ch., type = DNSKEY, class = IN
+
+;; ANSWERS:
+ch.			945	IN	DNSKEY	257 3 8 AwEAAb7GhhZ8IAy/AhwmSms5DeQK5ad09wIIplEpYoiAIYXPtJvT1ReFzyfTp/2YP+g/PWDwHPh4qKAHa9x0VgbIQcGAeNakmfkAdWEmCnca323/SAml3mwfaX62G7/uYWae5zh8QTxZKNd+K1yZ5x0IxnI31chSl5xymRbTEHYZDKwSIRFM3fTxUMt93WFaBVWELReYotJBr++rvAWdnlay5TPBTvheLBkaiqtgM4GP8HK07Y+86lsZnEsj5K3G1KTV5SPpa82rqYAwxG9VKbmSE/6/kBR5jJHjt1rRt5Oe7v18aEtw0YCEN4vxq+KuvMoNVqXUsE9LBwHJD+QNwi6wmB0=
+ch.			945	IN	DNSKEY	256 3 8 AwEAAcsg0kY6fw1wzYMhSAKTy+Y2JzAst66P/1odp9NECJJHbU8f4nwziI3onoFSBV0ZiSZhY1aH5dhdDZ7BkrqhVXSrZPAz0CvzjIxmB1gSOf9DeZvjQvoy97HqYolxsf+B3QQv2RKBT67elF5+JisKg3/dQISelKn8LhabSoVrMlD1
+ch.			945	IN	DNSKEY	256 3 8 AwEAAcSLdT0fEmcFmLpeUkAJoeVaHKiu+nbuc43fWlqaCRVf8t2HA4uWxOk0O5ci9nrFTc8nq8oa5fk5Cj7CHh4yrX9qUCfTdIWTyp8BDEdJpS+Dyb0u9wQuVj+nQMj4fLzdQf4TJs3/qxuiLr3nL1UUwlhhXeqSqGVb7p3mtB5HJ8ad
+ch.			945	IN	RRSIG	DNSKEY 8 1 86400 20150127100909 20141212090909 46375 ch. bT8q0FWyeMH0SulNo6UdIIgZYNATwYsee2bikq2Gh339Bufma8eaqWIPYT3XKmxYPBFOw0bVl+kLZxTwbR1CFoCDXoP+qgQhh4mf9qkNiv2CDSc+0FE3FRREn+DAhYTUEuB58FPiPakFB8s8O7T+k2qhDae7jy4/y7Jl1lnjaBY8s7bzOUPhF0KKCNZmvoKwtL23ZdVeTSV1xM3jkiNnpzBKbcoSWECSGJVp1SE0BnRXdwQP41YTXFZ0310YjaTAUCC5qbMIWdEkHjfdSQtKBImnc85mkapq9w++XQ4zhauPWBtrPV3CcoCahjUaWdjrKVkibomlJZaN8MEO23CfQw==
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 893 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 5655
+;; flags: qr rd ra cd ; qd: 1 an: 3 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ingotronic.ch., type = DS, class = IN
+
+;; ANSWERS:
+ingotronic.ch.		3553	IN	DS	6031 5 2 4A948F2FDADA24686E473EDAC00DCF972584C75E3FAA92C2021B6221449FF87E
+ingotronic.ch.		3553	IN	DS	6031 5 1 733D0218B571CD617B1A7493564B9FC4F12ADE82
+ingotronic.ch.		3553	IN	RRSIG	DS 8 2 3600 20150129033614 20150105123019 60789 ch. rVPJP2HhzW7OkroK2axFj5Lb4iVWCH8Fp/Iq1rF952NDo72b8RiKje2RaAKJAGQ+wd0YgE+PAej04GCmkhlDJA/zvPeeTxuhy3HbJzReMlQ7fjyH+wW1hli+FuIYvogXWf7nO/9VyPORt8X/f/pjrOr3Vlj9sGLN8TGYpEuVSw4=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 288 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 7346
+;; flags: qr aa rd ra cd ; qd: 1 an: 4 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ingotronic.ch., type = DNSKEY, class = IN
+
+;; ANSWERS:
+ingotronic.ch.		300	IN	DNSKEY	257 3 5 AwEAAeA1vzmjaB+eBAcvhzpKEgAEFpvQ1rg4uKDW6MsQtacKoqBpgyep2+LuWotz5p/xYxj3NGsArwN8Ad5cY0FHRr8miTT0elOv6nvlqGIfRuhj/BXAQ1x4ihpSFslHw0lJMYFwxsUZWpUyjWX/nv1xRZMMwF46gui0N4OEbyTYusCk77D+A71k+K0EAitFIbIH4GCUKmH1H7HmXhSVH9bN/n7KEGwW32lmsuuUcJoRKDkcUvbMXY/9Xoa2quERrUg/rBbDUHowRPjYDS5GzY1+f4YY8s40BufGiqyUTKKXL953MVFK8gmezXA0hbmrnZ7CBOw/7238mORAdzExaX8n7CE=
+ingotronic.ch.		300	IN	DNSKEY	256 3 5 AwEAAZ2Xh77GFzpEDx7EHYxShqltHgkiG+BOjBGifEmnJhQSdE5/yNSLFNcdhZZ8HUPxYnaedTqJcFFg4AzUsQklF/fECegTJdZjaj2WoL0/I8K7HMfY/hVuRZUWPNglYi8agJRX6gdkFTCpUNI7stpgKqxtzUJhhw15uG/lKMplwqUr
+ingotronic.ch.		300	IN	RRSIG	DNSKEY 5 2 300 20150125003700 20141226001657 6031 ingotronic.ch. rs1QlP2SlSpA2ELbzwg3DgWLzXWL3Lpv6CUJE2Q0qH2Zp7Qdy3cD+ZEtNh9v24Qv1M6JJ3zFt8mmZoCeW2ycuMbJCqBkW9CBuwF+VznZvZY2MxwPipvhvEEGP//0M8YAZJ66yQPDv3PTdAP8FYbIrJyvY44vwyncwbslpfHT9jAsrbfr3vuMuWps86dnP462q+0s1TxBfqi8mzo3gdavjHKWVNwohLahLKT+tWeu6DSzQv0YwMjwtkLgF7QRgx3ctIIkloOrnx9nHH1N6y+hxEB89fOlyVDjHhgL5uVtsD5fEdT0FJ2Gc/2nShEMMqIwr1/J9kUq1mNySff/uEe65Q==
+ingotronic.ch.		300	IN	RRSIG	DNSKEY 5 2 300 20150125003700 20141226001657 17430 ingotronic.ch. mEwZjhQqeWksWD0TCnNBrtce4YkWJL3edqL6PvAUu8Fn+Ih437kEs3+pqdkgRsdYQ9HW+lBm/8pWwJlNAv0bi9NykItXMwAUFtncgq+6Pnh3iAM972GXSa5VV4LcGQ5b8CBdHCHiEKDqyPv5Hr5QfYL/FQaWlcNRh4QZZlZNPFA=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 940 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 61808
+;; flags: qr aa rd ra cd ; qd: 1 an: 3 au: 0 ad: 1 
+;; QUESTIONS:
+;;	nsec3.ingotronic.ch., type = DS, class = IN
+
+;; ANSWERS:
+nsec3.ingotronic.ch.	300	IN	DS	16758 7 2 3C8DC02750A1636F829B45D6E6D642866768A9CD40A013AD9D25AB63734FFA13
+nsec3.ingotronic.ch.	300	IN	DS	16758 7 1 1720FF268E09A2CB63805EC8782D10AAD20E12A5
+nsec3.ingotronic.ch.	300	IN	RRSIG	DS 5 3 300 20150125011134 20141226002644 17430 ingotronic.ch. hNurzlGhlyHbSgezPDuhIrtN9ZMsMXZbKGc7HD5rUuM88wD3fM97NxdzF+2Hi1USvBZ5GsQv63L+lAzf+mFPBoPIFHtTiAv8up7kQKRKmi/EzzkCYd/CC4UYdDZbaUyv7esh7spSOGwjPJNdK831p+MgltoWaYtnSGVMgOKk5mc=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 305 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 23642
+;; flags: qr aa rd ra cd ; qd: 1 an: 4 au: 0 ad: 1 
+;; QUESTIONS:
+;;	nsec3.ingotronic.ch., type = DNSKEY, class = IN
+
+;; ANSWERS:
+nsec3.ingotronic.ch.	300	IN	DNSKEY	257 3 7 AwEAAaBuJTf9oGyeTH3biUkAFLrsYrkodX1H7Snsui4XsDHFCBvs5XYacHbs0Jg0/O51KPjmNnjwMW8SSyDkKqYQ+9uYAf2EQ/pnD/VGQqnV2cw0Vwk/t0E2V4FUCju4pnAoyzZFZXGs1eWbX9JXu++b0Azp+ACq6485qJLzHhWDiIrPoK/SvdbFVRK4s+nPPJLH3NGBbtdz6kPq7aFWYBMoGeAZdN1wsQpcNWUo5eOmaJY53nMc7+rDpAyYlMe/FKwSZdX2ZDd63Qsa6Im4FVUJq/nWLq7tlQ/mWks15uDTQyJy/OWfA0ICCO4N9Fel9rThJNpJWEzOCblvZyBoy405kZk=
+nsec3.ingotronic.ch.	300	IN	DNSKEY	256 3 7 AwEAAccAWxkTVGZ6UAp0VEozAlYpARhbh6Y6tYOl6Fg3UeBNFFtDQ9fTEEt1NkbnR9u8KkpVN6a67avlYiUN1egDqEwzDU7R1Rw+/USdhm2hqOARmmu3DBgjjX/iXjZLyv310cOGFJZ/smcodlDL4pDAAoPxh/qs6KEBaT0sc1KWcGq3
+nsec3.ingotronic.ch.	300	IN	RRSIG	DNSKEY 7 3 300 20150125001457 20141226000444 16758 nsec3.ingotronic.ch. mXi1ylDi8XkRPup+YlT8GPdYE+P7gb6+/VdAwtodI916IzrkGkOHOTLbnrbAqqJOh0HxVCYXdxovmEcbJKUFKwplrQg3XD7/9Sq4pKU1MhMFEGrm/QPkM4u0mgjQwyToDLGuPHuFyur3FSjO/n54uGhAEft9JOFk/WKtWdCnm2LLyQrpC6herA3efFaI8kZhdoEY02AwihWVJxHasmz7lOoKRgNrkfELU+fN4+V7ISsRfJMyZc6q5PuNeG6vFD0uNE8tpdLJCSMurKYVpelvYqzFIcRTYcIjXwmS+L3DGjupqWMzFZVmpQM62JG3KCCD0ffpnNb0nWoSoHwpSeh/3Q==
+nsec3.ingotronic.ch.	300	IN	RRSIG	DNSKEY 7 3 300 20150125001457 20141226000444 62417 nsec3.ingotronic.ch. PyCrf8T5dAfJzapb1p+kcTALPjDuD2niSaXXo0KeHAunT+6gJicLML2S/ZpiYr7X7Ma4Z0TYqE02qH6pcLYNnSgv9BE8sZO0nRtPekSyTy5nLi4hFADYhjb3UjaB85qmQZcqm64vC/CJhWO4t6Eixg/5MYALw+Qdy5Fo0qy/U5E=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 958 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 13871
+;; flags: qr aa rd ra cd ; qd: 1 an: 3 au: 0 ad: 1 
+;; QUESTIONS:
+;;	sub.nsec3.ingotronic.ch., type = DS, class = IN
+
+;; ANSWERS:
+sub.nsec3.ingotronic.ch.	300	IN	DS	14583 7 2 450CACC87D02E5FF421230909AA852C6FDD2687F884AA44254DD94DA85535077
+sub.nsec3.ingotronic.ch.	300	IN	DS	14583 7 1 D51C5631497C1D29CA98691288D65554DC02748E
+sub.nsec3.ingotronic.ch.	300	IN	RRSIG	DS 7 4 300 20150125011553 20141226004758 62417 nsec3.ingotronic.ch. YaXJXminnSCzuVyXM/bgnRohbK4kN+wMi8/14ahyigDbBktZ0TWNv3PaYXRE5TFRrnmFRka0TEeCcU4HjQv1goi7BHXvn9VtoAlsi2NrboZOTYt5vo4cFhyPkBPajJWfKtQE4W4AW2CdW6736gKzevMGsJza0ZE+phasic+lwnY=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 315 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 39441
+;; flags: qr aa rd ra cd ; qd: 1 an: 4 au: 0 ad: 1 
+;; QUESTIONS:
+;;	sub.nsec3.ingotronic.ch., type = DNSKEY, class = IN
+
+;; ANSWERS:
+sub.nsec3.ingotronic.ch.	300	IN	DNSKEY	257 3 7 AwEAAfbT4DoA+kmKQSfhaS4IkklDaqgrxdD3OlrG9dctyUcoxignP3hChGSj9cX+ojrGakS4rI6H7oQVhPAdL2ZOr3mcrKgj52kwD+aAsW19nhS4aEahbseRm8Sq3ebt1zefQRezLrDC+3BPzeCMmuZe53bEN01BQpLwJHz86gtibPZ/xFkmSPIXK5AiqqGTULJRKFm8IqNVKvEwZ+OCiT5NH+Wfzidd+DfRjAD/N5TalP863+nZhp5TdoIPcQfxqrsYyv//UewvC/sijmw1uljwXncRNCA8nMKWKZwPFqJft7pGepRPvojSAmnPZjpHhZh+tHYMk4GQpACDJSF+9uCoOXM=
+sub.nsec3.ingotronic.ch.	300	IN	DNSKEY	256 3 7 AwEAAaxrudePJ21EN1RmgBFOZJG5tL4EBLzvqDwCasrBCCd7A/4cXJ2hGXpWhfmGi6Jw0aE2H9DSQf3Tpky1gIijeq/bwfxT4QIbrfqOn9Qoo0eVhJ5eLadg91vD9zPu9LrsV66dn8WIoeHyXOW6jTweKRVvTg0y3RMgofQwKj4ZLQuD
+sub.nsec3.ingotronic.ch.	300	IN	RRSIG	DNSKEY 7 4 300 20150125004357 20141226000657 14583 sub.nsec3.ingotronic.ch. QbclcvQd9lPzpy8w1Z7g9jSeIHGMAwnHYf1wsi9w/dFaxOWnqKZxSkjbxu8JPq8WzDhGnXlCD/wksK7oAnvr1IStV4jSjh3JQ0JHlvy30c6n2ZEgN1Y6OlUTIH88eaEFEt8zykZKhMNPZcfhh+hqC7hl0oUzgZcA42Tn/U6JNz+DWfQBSJBmAUgzgQFcTnJkR/U9BRoCe19isbBXG2HwrmDNl3PYTudkeJTOEXSuKcTAUdV6twuZ7y+j7uWeqCkXRw9WBzAOQ/bH4x1JSGKt6OZOG5wJ2cdhBVHuR9hLfIJJau8ZgnKjKI2MQ3WWF23ZDMCBILsp3KFPUKEy3tZMKA==
+sub.nsec3.ingotronic.ch.	300	IN	RRSIG	DNSKEY 7 4 300 20150125004357 20141226000657 47588 sub.nsec3.ingotronic.ch. KAsXqPyHIH2Y/iV8QR5JQ/EfUrVfxNeoaTYINar0gtvk84VThpsS/8lhpdwU9NbukXUyD0QZfQm+nF+WIFs4mYPU06tW2Nn0CHiPwBXdA8ZaApVasxbtCmk//BQi9LlRyMriylPUIZeUMLyTTisIffIdTuLBf9xhaYe81uZmpB8=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 970 bytes
+
+###############################################
+
diff --git a/src/test/resources/recordings/org_xbill_DNS_dnssec_TestNsec3ValUtils/testNsec3ClosestEncloserIsInsecureDelegation b/src/test/resources/recordings/org_xbill_DNS_dnssec_TestNsec3ValUtils/testNsec3ClosestEncloserIsInsecureDelegation
new file mode 100644
index 000000000..42e525f34
--- /dev/null
+++ b/src/test/resources/recordings/org_xbill_DNS_dnssec_TestNsec3ValUtils/testNsec3ClosestEncloserIsInsecureDelegation
@@ -0,0 +1,197 @@
+#Date: 2013-08-04T20:43:22+02:00
+
+# This is data for a constructed test: when a zone switches from signed to
+# unsigned AND a resolver incorrectly returns data from the delegation point
+# (instead of from the delegated child), the zone must be treated as insecure
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 52489
+;; flags: qr rd ra ad cd ; qd: 1 an: 3 au: 0 ad: 1 
+;; QUESTIONS:
+;;  ., type = DNSKEY, class = IN
+
+;; ANSWERS:
+.           162318  IN  DNSKEY  257 3 8 AwEAAagAIKlVZrpC6Ia7gEzahOR+9W29euxhJhVVLOyQbSEW0O8gcCjFFVQUTf6v58fLjwBd0YI0EzrAcQqBGCzh/RStIoO8g0NfnfL2MTJRkxoXbfDaUeVPQuYEhg37NZWAJQ9VnMVDxP/VHL496M/QZxkjf5/Efucp2gaDX6RS6CXpoY68LsvPVjR0ZSwzz1apAzvN9dlzEheX7ICJBBtuA6G3LQpzW5hOA2hzCTMjJPJ8LbqF6dsV6DoBQzgul0sGIcGOYl7OyQdXfZ57relSQageu+ipAdTTJ25AsRTAoub8ONGcLmqrAmRLKBP1dfwhYB4N7knNnulqQxA+Uk1ihz0=
+.           162318  IN  DNSKEY  256 3 8 AwEAAcFTyWsmpTs49Q0FKVepUqft+7+c3elhdsfh+amh+orgWLcitLM1bBBiWe6eymWW0EakLZAG4tej28tyx4f+j37Q9VX+m5NAhO/Y0riQonVWfzxLGymx3Ti5x/x7VKvF5Y5hf5OWv2J7pvEumYFFCtu4glit9T9J85+i3UgqSHqf
+.           162318  IN  RRSIG   DNSKEY 8 0 172800 20130814235959 20130731000000 19036 . UUzEZTh+YdFwAThMqKdbiTJYoOYY2FoAwFanVv47w2lc9NTTz7Fb6wtnj/rb47ZtAdIGcBAlh5AWz1UisSIxW1f3bLXdHyaS6YlAZ8shdw5VMktJXrFlnnu8ibOdA8yADMuLvUARHknh9Ri78Po4CwvEdMA+FYha1YyHgm7j0DeqI2ZuRNhXqjF6p+u4Z9zqXjIDq29pog2eZI0NDUQ0EMpLpDuo0PdbbGh7QRiRjeSJ/Oqfb6FrWCn4J14NS6CctKRaumyHiN+SsGx/W+fCsODLkRb0WAVaAIytzNYT8R666eui0c7hnI4imUDUOC0unyj/396zZ1YWHCUgAyJIGg==
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.           32768   CLASS4096   OPT  ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 736 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 63054
+;; flags: qr rd ra ad cd ; qd: 1 an: 2 au: 0 ad: 1 
+;; QUESTIONS:
+;;  ch., type = DS, class = IN
+
+;; ANSWERS:
+ch.         75918   IN  DS  22072 8 2 94E4C1E425B28150D8DD7C974E27E1A933C1D4B51E535177B52DFF3F807A8C94
+ch.         75918   IN  RRSIG   DS 8 1 86400 20130811000000 20130803230000 49656 . oyIAnRmpT1taLwIrZg0/WV3iqMBiWSNjIAXWZkoO9wp+cr0kMeVcrhrXYHAOTqGsL301YtMAT43BAPq9Cq0CZ4sD5K6OFOzo284SigLicuuWo0eEakJFdeYObB/+9wOERyN4iMVryjIl7GMz3D+UgLWrYMWWDDyVbmAm7ZY/3zs=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.           32768   CLASS4096   OPT  ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 238 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 1681
+;; flags: qr rd ra ad cd ; qd: 1 an: 4 au: 0 ad: 1 
+;; QUESTIONS:
+;;  ch., type = DNSKEY, class = IN
+
+;; ANSWERS:
+ch.         75919   IN  DNSKEY  257 3 8 AwEAAeP0/M59JL65K0YWD0W+8k8x1T79hM4W2pi7cx0CxQULRd3udQnf/8ymUbKsPfVDMCXLQwW2evWHRu4B/OKnkRzDQsev7prdJ5UxAHWF4oFsWpGYx+A7WbqllTlmMFkV8bNz6TW6Trl4+RaLirt3ofRUFrJKyKCyNCKkxbtpFO6p6vP5K8V3CW854NndF3D/Xjz0s3nwd3dLwW3XVqi705mhJBvCSeorgsKMcY3PCBG6U5Twj/akb6P8I2nmoGsrIbtmvGk191zV5o4i8RTjk5DI6FcO5GL0J1w9sAiVYfXlN8wdyr90kqO6MGcvSQEItJCTaljyRT53bekbUhdRE50=
+ch.         75919   IN  DNSKEY  256 3 8 AwEAAaANwH4naX1c6xHWHYuFVHa7PLc9n7BPL8J3sa2LqKuQvQ1aTu3hIYAsO6c5wlDp4Pgw8HejPdEZC/VRBtHkXeWfe84IJ2731IQYjQGyD4rKq/L9VjD9bMlSjj6RtI7t4ItzEPlsSEEmEtXFLt8IDzq0xc2tQcec9PsfvvV5jIWN
+ch.         75919   IN  DNSKEY  256 3 8 AwEAAdmE6uljIBh3EdgS3jWT87HtnwhYwP/9/ciJH87VtWMSR8jtMqbr2CFWRFdO9sTIuQ27sOwYe24TXbHt2TBUR4EBiDuzVD+Oj7ikYK1hM0LslL0fYfCJZKVM2SCHnsdh2ExZda/o0v+HtVtRdL7MbTADGue+xGQg6MzvavRd8D2p
+ch.         75919   IN  RRSIG   DNSKEY 8 1 86400 20130904100909 20130720090909 22072 ch. 1DIfkQfa6JMWoGs+y6vAwZ4F9Vf698b3hOpSgw3/Y3cdF/GqINRDQqiMi8OzGX5wV38QrBIG4wTCqHLB51VlHh2MHhU6F45eR/oA62LP6mmdIEuuG6hv2RuUj9S09r3eedr34ETjv8mRkydqekOFDqJaDG8t+B5EVku/94FU81x0pma05wEOvl5+IWQ62YqVuuzqd+Zz8+bObx5X74VAATC053XSftqbih0NJ65dWptOyyqs7MCvTXVpyWf5ipkfULexCWi9pjY7EuviTcJjdhwndiURl+uwMyzfMmf5XBREvJE03t/Cd1Xp9Ee3Iot2rXOpbQ83tUw3xqsgtGkfMg==
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.           32768   CLASS4096   OPT  ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 893 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 34393
+;; flags: qr rd ra cd ; qd: 1 an: 3 au: 0 ad: 1 
+;; QUESTIONS:
+;;  ingotronic.ch., type = DS, class = IN
+
+;; ANSWERS:
+ingotronic.ch.      3583    IN  DS  6031 5 1 733D0218B571CD617B1A7493564B9FC4F12ADE82
+ingotronic.ch.      3583    IN  DS  6031 5 2 4A948F2FDADA24686E473EDAC00DCF972584C75E3FAA92C2021B6221449FF87E
+ingotronic.ch.      3583    IN  RRSIG   DS 8 2 3600 20130831110238 20130801120230 27249 ch. rhEK+na/h6EbbDBbOCBb2igPPPnkwKqKsJ1tAn11PLrrOoXkJs3Ke9LM/y6vxebH03H4gCJtS8VAavyzKWM7tzeraZP1oWlK6g855PeAwGyGYxtT6JVvwlwaFXQqLVoLNJy60eTobRQyKy0OqdDRHm0W/frnPPkM/zXLTr5g9pY=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.           32768   CLASS4096   OPT  ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 288 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 40418
+;; flags: qr aa rd ra cd ; qd: 1 an: 4 au: 0 ad: 1 
+;; QUESTIONS:
+;;  ingotronic.ch., type = DNSKEY, class = IN
+
+;; ANSWERS:
+ingotronic.ch.      300 IN  DNSKEY  256 3 5 AwEAAZ2Xh77GFzpEDx7EHYxShqltHgkiG+BOjBGifEmnJhQSdE5/yNSLFNcdhZZ8HUPxYnaedTqJcFFg4AzUsQklF/fECegTJdZjaj2WoL0/I8K7HMfY/hVuRZUWPNglYi8agJRX6gdkFTCpUNI7stpgKqxtzUJhhw15uG/lKMplwqUr
+ingotronic.ch.      300 IN  DNSKEY  257 3 5 AwEAAeA1vzmjaB+eBAcvhzpKEgAEFpvQ1rg4uKDW6MsQtacKoqBpgyep2+LuWotz5p/xYxj3NGsArwN8Ad5cY0FHRr8miTT0elOv6nvlqGIfRuhj/BXAQ1x4ihpSFslHw0lJMYFwxsUZWpUyjWX/nv1xRZMMwF46gui0N4OEbyTYusCk77D+A71k+K0EAitFIbIH4GCUKmH1H7HmXhSVH9bN/n7KEGwW32lmsuuUcJoRKDkcUvbMXY/9Xoa2quERrUg/rBbDUHowRPjYDS5GzY1+f4YY8s40BufGiqyUTKKXL953MVFK8gmezXA0hbmrnZ7CBOw/7238mORAdzExaX8n7CE=
+ingotronic.ch.      300 IN  RRSIG   DNSKEY 5 2 300 20130902082432 20130803075649 6031 ingotronic.ch. XYDiDlvzokZfrlCk+ZfvBof8cbStGsDqd8YCOtBf/rvnAOWTdV1LGQ1LxE64udTObpKM/+oRgCWFcULnajdwljH2vRw6ZnY/VQAE3QmyNNQHTCQYfOkoYGzUrOQZ9QwTFQaP7FXc/kx0pJwvswhg/cC1WFy/PEM3ydfzYBTSthFxs2G5ZbONUR30jVRq1fjBkjh/+ev6HQZAy8MfIZRM8AvIWEJUOEYJuP8pkwbJaE2Mp70aA6SYULVLLTY9g0LxwtLnv9SpdEOr4w2nz6BQ195BG4Ky6t5vQya2J3LAcpxovooopUMLfM3Tvwarr4Otz2HVAzn95UmA36h5Yvo+WA==
+ingotronic.ch.      300 IN  RRSIG   DNSKEY 5 2 300 20130902082432 20130803075649 17430 ingotronic.ch. jwsrJ+V3kqYu2PTsgEokovbFlT+kLgTCPrw5iVXy5F+iTnwxUt5Mq+RkJ58nuKGdqjLTGZIjSybO1vVRdrMU7xyby17pSI1wc0TE5yeJnXhQQgYLh074bPvVfL4vzslX8Ab8U+JL5zo0/PnrVZhswjJLsrddpzlgGbkTQmcgKiM=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.           32768   CLASS4096   OPT  ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 940 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 30648
+;; flags: qr aa rd ra cd ; qd: 1 an: 3 au: 0 ad: 1 
+;; QUESTIONS:
+;;  nsec3.ingotronic.ch., type = DS, class = IN
+
+;; ANSWERS:
+nsec3.ingotronic.ch.    300 IN  DS  16758 7 2 3C8DC02750A1636F829B45D6E6D642866768A9CD40A013AD9D25AB63734FFA13
+nsec3.ingotronic.ch.    300 IN  DS  16758 7 1 1720FF268E09A2CB63805EC8782D10AAD20E12A5
+nsec3.ingotronic.ch.    300 IN  RRSIG   DS 5 3 300 20130902081456 20130803072435 17430 ingotronic.ch. ma2SzHd/Al7dZdivV0/D0M616DPN5bYQmUJMERLum+Dhw38Rl2/KbeBUiFsfamyBFsNLuG272Q35rZlOn62tmko/ysg7vttsZwqDsXXurAz53k4+7OISHYJ2kDFaLRxa5rGoKreCQ+YmiCMGGKtuFTtyoZb36Sl3cXbAKJRhIL0=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.           32768   CLASS4096   OPT  ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 305 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 11577
+;; flags: qr aa rd ra cd ; qd: 1 an: 4 au: 0 ad: 1 
+;; QUESTIONS:
+;;  nsec3.ingotronic.ch., type = DNSKEY, class = IN
+
+;; ANSWERS:
+nsec3.ingotronic.ch.    300 IN  DNSKEY  256 3 7 AwEAAccAWxkTVGZ6UAp0VEozAlYpARhbh6Y6tYOl6Fg3UeBNFFtDQ9fTEEt1NkbnR9u8KkpVN6a67avlYiUN1egDqEwzDU7R1Rw+/USdhm2hqOARmmu3DBgjjX/iXjZLyv310cOGFJZ/smcodlDL4pDAAoPxh/qs6KEBaT0sc1KWcGq3
+nsec3.ingotronic.ch.    300 IN  DNSKEY  257 3 7 AwEAAaBuJTf9oGyeTH3biUkAFLrsYrkodX1H7Snsui4XsDHFCBvs5XYacHbs0Jg0/O51KPjmNnjwMW8SSyDkKqYQ+9uYAf2EQ/pnD/VGQqnV2cw0Vwk/t0E2V4FUCju4pnAoyzZFZXGs1eWbX9JXu++b0Azp+ACq6485qJLzHhWDiIrPoK/SvdbFVRK4s+nPPJLH3NGBbtdz6kPq7aFWYBMoGeAZdN1wsQpcNWUo5eOmaJY53nMc7+rDpAyYlMe/FKwSZdX2ZDd63Qsa6Im4FVUJq/nWLq7tlQ/mWks15uDTQyJy/OWfA0ICCO4N9Fel9rThJNpJWEzOCblvZyBoy405kZk=
+nsec3.ingotronic.ch.    300 IN  RRSIG   DNSKEY 7 3 300 20130903154645 20130804144645 16758 nsec3.ingotronic.ch. emr2IJwIyRsu/o9tX2w3PLYc1Z4u3quRUBfbrWgTbMe02YpCDieyp7+f/IxmRspKvUpEIp+c0pcpIj0oHNL0ve2rfq9n5WPpwaYaJ3KycCFWF+iWwEAzzOyNdxdLwqsLdhN5rTX1lNTexak0czJXa7XXqiqdqLnfFr+xz610UfZ0R/dZdbdwsoUBrGd9bfTg6RCDzO2YJf6TKCT6Yn1s3fDnRYgb8RGCVOO0S6r38hqXxEqLoaNVnj8Qjd3pi1PpKnZf6/xrhV1+cJRoUtl7G1gK9aXwkn93KNqurrvialvw/0vP7OM1+WJauq2mXcdFQ8huQmCHRlm9QRWreorPxQ==
+nsec3.ingotronic.ch.    300 IN  RRSIG   DNSKEY 7 3 300 20130903154645 20130804144645 62417 nsec3.ingotronic.ch. kMYZ2Xsa+n2x9vmiOYIIZqBp5S5IIeZVd6CmQNWY0UeztIhAH1xM2XEAXPbAZ5GqXjwtvWIir4+5S/U0IS4PwNOcTmysOX/jrsZVDDwpoidBoxTjnvD30pqTH9RkuiK9t5FpQYxNLmF8B6T4hK01g+OXC80QzBX4LEu8O4KDJ+8=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.           32768   CLASS4096   OPT  ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 958 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 14675
+;; flags: qr aa rd ra cd ; qd: 1 an: 0 au: 1 ad: 1 
+;; QUESTIONS:
+;;  a.unsigned.nsec3.ingotronic.ch., type = A, class = IN
+
+;; ANSWERS:
+
+;; AUTHORITY RECORDS:
+S4K4EKRNHMVOBS9FF9M8V911BVL7NDUF.nsec3.ingotronic.ch.   300 IN  NSEC3   1 0 10 1234 S5OG9G30J61V17I3RN5MPOG1VDUL8TMS NS
+S4K4EKRNHMVOBS9FF9M8V911BVL7NDUF.nsec3.ingotronic.ch.   300 IN  RRSIG   NSEC3 7 4 300 20130903151143 20130804144753 62417 nsec3.ingotronic.ch. sgwh2RSVYzkVYQJUNd7y/yZZRIMpkscaTgKPFxBSSx+R0Qtl8gfCicRtM4C0XRtPEQdxXLAWGnh1YsqBASpMFNw6nlDBWNQpe6ctBLPLTLcNkCu6Yxi4Y6ouYAHlt/8rJy29mgyqZ1ViOVRAds+Oloomjvg/JDbiOZKw4c/Rsq4=
+
+;; ADDITIONAL RECORDS:
+.           32768   CLASS4096   OPT  ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 105 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 14675
+;; flags: qr aa rd ra cd ; qd: 1 an: 0 au: 1 ad: 1 
+;; QUESTIONS:
+;;  unsigned.nsec3.ingotronic.ch., type = DS, class = IN
+
+;; ANSWERS:
+unsigned.nsec3.ingotronic.ch. 300     DS      23829 7 1 902429770AEE28DCBC72350E8BC260AFF4F239C5
+unsigned.nsec3.ingotronic.ch. 300     DS      23829 7 2 20B0949D09A8FE56C33BE9835B46DE749598FFE20AB4897A1D2ACCCC94A96DF7
+unsigned.nsec3.ingotronic.ch. 300     RRSIG   DS 7 4 300 20130903175754 20130804175754 62417 nsec3.ingotronic.ch. uERbvGIS0r3tBJy3rGBFc21bE6ySOCE48zhxgM0mJHj3Y4UzGuhSK14cR0cZpCcZXAIvSlYBsJ7UQOu4U6Flf6Ep/Wzm7iitfOvGYfROFrbHVLsDwH06l08UueFSQK8TfueiNo9D+glxhqercts30j6ZEYwcDXE+HcHnQrR7k+o=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.           32768   CLASS4096   OPT  ; payload 4096, xrcode 0, version 0, flags 32768
+
+
+###############################################
+
+# constructed response here: the NSEC3 is from the delegating zone for the
+# child zone
+# hash(n=unsigned.nsec3.ingotronic.ch.,it=10,s=1234)=s4k4ekrnhmvobs9ff9m8v911bvl7nduf
+
+;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 14675
+;; flags: qr aa rd ra cd ; qd: 1 an: 0 au: 1 ad: 1 
+;; QUESTIONS:
+;;  a.unsigned.nsec3.ingotronic.ch., type = A, class = IN
+
+;; ANSWERS:
+
+;; AUTHORITY RECORDS:
+S4K4EKRNHMVOBS9FF9M8V911BVL7NDUF.nsec3.ingotronic.ch.   300 IN  NSEC3   1 0 10 1234 S5OG9G30J61V17I3RN5MPOG1VDUL8TMS NS
+S4K4EKRNHMVOBS9FF9M8V911BVL7NDUF.nsec3.ingotronic.ch.   300 IN  RRSIG   NSEC3 7 4 300 20130903151143 20130804144753 62417 nsec3.ingotronic.ch. sgwh2RSVYzkVYQJUNd7y/yZZRIMpkscaTgKPFxBSSx+R0Qtl8gfCicRtM4C0XRtPEQdxXLAWGnh1YsqBASpMFNw6nlDBWNQpe6ctBLPLTLcNkCu6Yxi4Y6ouYAHlt/8rJy29mgyqZ1ViOVRAds+Oloomjvg/JDbiOZKw4c/Rsq4=
+
+;; ADDITIONAL RECORDS:
+.           32768   CLASS4096   OPT  ; payload 4096, xrcode 0, version 0, flags 32768
+
+
+###############################################
diff --git a/src/test/resources/recordings/org_xbill_DNS_dnssec_TestNsec3ValUtils/testNsec3NodataChangedToNxdomainIsBogus b/src/test/resources/recordings/org_xbill_DNS_dnssec_TestNsec3ValUtils/testNsec3NodataChangedToNxdomainIsBogus
new file mode 100644
index 000000000..bc96bb340
--- /dev/null
+++ b/src/test/resources/recordings/org_xbill_DNS_dnssec_TestNsec3ValUtils/testNsec3NodataChangedToNxdomainIsBogus
@@ -0,0 +1,293 @@
+#Date: 2015-01-06T22:35:29+01:00
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 4070
+;; flags: qr aa rd ra cd ; qd: 1 an: 0 au: 4 ad: 1 
+;; QUESTIONS:
+;;	a.b.nsec3.ingotronic.ch., type = MX, class = IN
+
+;; ANSWERS:
+
+;; AUTHORITY RECORDS:
+nsec3.ingotronic.ch.	300	IN	SOA	ns1.ingotronic.ch. admin.ingotronic.ch. 2013032932 300 60 864000 300
+nsec3.ingotronic.ch.	300	IN	RRSIG	SOA 7 3 300 20150201003516 20150101233516 62417 nsec3.ingotronic.ch. RMXaAZCkydysBpA4+LWD2frs4CZH2FBxafAolq7MOG62Sw3ellwNcSIh2naMasviin2DU2BAzIYyFUqKJDbUqzTxZQjsM6d5LtgFy5iTNmWum6FnFP5Fz73Zs/9Q0LNEstR82MRRL8EDElADhFySAReavyT/vlSTScQGxx6slyQ=
+4FQSC7ORQNKH924CH6L2DOAISKM28080.nsec3.ingotronic.ch.	300	IN	NSEC3	1 0 10 1234 5RFQOLI81S6LKQTUG5HLI19UVJNKUL3H A RRSIG
+4FQSC7ORQNKH924CH6L2DOAISKM28080.nsec3.ingotronic.ch.	300	IN	RRSIG	NSEC3 7 4 300 20150125000452 20141225235516 62417 nsec3.ingotronic.ch. CqoGO4BUVNtHXxUXDPRCTvVPGnqBDwrO8Uyw1NKGELf71x5TKQKFZCBmlT8G/aRgK5fu7xor/zldHS+6yR7nfHEwdW2Y+GzpUawe8ul8nL+Z8DNDFTuCxJtnoP82X0u/EsaT63RVPZAP94jFlvOpzr9NN/De33EcNdl7B/EB/J0=
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 537 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 56602
+;; flags: qr rd ra ad cd ; qd: 1 an: 4 au: 0 ad: 1 
+;; QUESTIONS:
+;;	., type = DNSKEY, class = IN
+
+;; ANSWERS:
+.			87344	IN	DNSKEY	256 3 8 AwEAAe3fSrbLBy3LOS7pnxEUhvPZTE2H5dIGsI/UfruI/nOEvWWa/PSX2BFedBkEqOlYdjdNF2f+6lmfk2Od/xu0v5bVqxFE+/24v3hZSlWBxvXzPTAGHrbW/IJYEPqlzVOAS4XdUgHg0N7IbLywNHMvB+Yf+Nm6ctyXXFLV4WTNnzs7
+.			87344	IN	DNSKEY	256 3 8 AwEAAaPD7Y7XIi1MOEREJNTrRhyqsY3gff6JWzg+XCbqut1sbcbvqyssHw8DT1AkRaAC92pO8xuyq5QEgEPL1IHfABLwpwXI5gTj4gdwi86bpkmlWs9fRpnn4DPDCTdrnxIejJXgClHikLJF3u3CdpNCMijq4CKdQbMlRZ3avv+G7rh7
+.			87344	IN	DNSKEY	257 3 8 AwEAAagAIKlVZrpC6Ia7gEzahOR+9W29euxhJhVVLOyQbSEW0O8gcCjFFVQUTf6v58fLjwBd0YI0EzrAcQqBGCzh/RStIoO8g0NfnfL2MTJRkxoXbfDaUeVPQuYEhg37NZWAJQ9VnMVDxP/VHL496M/QZxkjf5/Efucp2gaDX6RS6CXpoY68LsvPVjR0ZSwzz1apAzvN9dlzEheX7ICJBBtuA6G3LQpzW5hOA2hzCTMjJPJ8LbqF6dsV6DoBQzgul0sGIcGOYl7OyQdXfZ57relSQageu+ipAdTTJ25AsRTAoub8ONGcLmqrAmRLKBP1dfwhYB4N7knNnulqQxA+Uk1ihz0=
+.			87344	IN	RRSIG	DNSKEY 8 0 172800 20150115235959 20150101000000 19036 . i8cAxD2pvQi1oAyvQxRpDfFlbqPzW+69QQEsDwE1eWOm5AtawO9U7lmsGps7sy/fVNvl1ljKBj4Djp9pb3U2FLogjiIlW0cDAkPmLlG9t+b/pjEfBNlhjANUVN06pvQVAfm+LcF26EaWT6FlISBqb6jSy4BHRa3Bdc4Sx7+pRSYSqVVvYxLkfAWsKPqGkvWhebJDndJJV9syXQXgZ+v/uJ+6XOS43xkAdeL8iBzIs/FlwMTfh3tVe3d0lb65IBBLlCzeQuetX+0Vu1YFcnD0mHc/wS2ZnAV5toAFmyVQBoY/XAZiZeaOkcROJ6Zmqezy7liwK7BqsYyAZntMhk8lbg==
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 883 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 12984
+;; flags: qr rd ra ad cd ; qd: 1 an: 2 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ch., type = DS, class = IN
+
+;; ANSWERS:
+ch.			944	IN	DS	46375 8 2 8F96646FC68BB7E4AF4C0750A6096FBC0D4ECDA3D3FA6DA06FDDB42EE50C6CF3
+ch.			944	IN	RRSIG	DS 8 1 86400 20150112170000 20150105160000 16665 . thY7xYWBBxiBjqbQIb9fAG4TmQgnziwM7q6P1T3/ITxmECdvOCQnnZA3uD7qmN8uM0HudsD7+y+zgD3rsH4RSTKdL4kHSI0OnCxToMTvklghEgFDezqIRm8NkWdI2H4Stwrj20nYKSpLQxPI2EE54gs18P3KyO8bAUYv8Qx73xU=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 238 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 38377
+;; flags: qr rd ra ad cd ; qd: 1 an: 4 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ch., type = DNSKEY, class = IN
+
+;; ANSWERS:
+ch.			945	IN	DNSKEY	256 3 8 AwEAAcSLdT0fEmcFmLpeUkAJoeVaHKiu+nbuc43fWlqaCRVf8t2HA4uWxOk0O5ci9nrFTc8nq8oa5fk5Cj7CHh4yrX9qUCfTdIWTyp8BDEdJpS+Dyb0u9wQuVj+nQMj4fLzdQf4TJs3/qxuiLr3nL1UUwlhhXeqSqGVb7p3mtB5HJ8ad
+ch.			945	IN	DNSKEY	257 3 8 AwEAAb7GhhZ8IAy/AhwmSms5DeQK5ad09wIIplEpYoiAIYXPtJvT1ReFzyfTp/2YP+g/PWDwHPh4qKAHa9x0VgbIQcGAeNakmfkAdWEmCnca323/SAml3mwfaX62G7/uYWae5zh8QTxZKNd+K1yZ5x0IxnI31chSl5xymRbTEHYZDKwSIRFM3fTxUMt93WFaBVWELReYotJBr++rvAWdnlay5TPBTvheLBkaiqtgM4GP8HK07Y+86lsZnEsj5K3G1KTV5SPpa82rqYAwxG9VKbmSE/6/kBR5jJHjt1rRt5Oe7v18aEtw0YCEN4vxq+KuvMoNVqXUsE9LBwHJD+QNwi6wmB0=
+ch.			945	IN	DNSKEY	256 3 8 AwEAAcsg0kY6fw1wzYMhSAKTy+Y2JzAst66P/1odp9NECJJHbU8f4nwziI3onoFSBV0ZiSZhY1aH5dhdDZ7BkrqhVXSrZPAz0CvzjIxmB1gSOf9DeZvjQvoy97HqYolxsf+B3QQv2RKBT67elF5+JisKg3/dQISelKn8LhabSoVrMlD1
+ch.			945	IN	RRSIG	DNSKEY 8 1 86400 20150127100909 20141212090909 46375 ch. bT8q0FWyeMH0SulNo6UdIIgZYNATwYsee2bikq2Gh339Bufma8eaqWIPYT3XKmxYPBFOw0bVl+kLZxTwbR1CFoCDXoP+qgQhh4mf9qkNiv2CDSc+0FE3FRREn+DAhYTUEuB58FPiPakFB8s8O7T+k2qhDae7jy4/y7Jl1lnjaBY8s7bzOUPhF0KKCNZmvoKwtL23ZdVeTSV1xM3jkiNnpzBKbcoSWECSGJVp1SE0BnRXdwQP41YTXFZ0310YjaTAUCC5qbMIWdEkHjfdSQtKBImnc85mkapq9w++XQ4zhauPWBtrPV3CcoCahjUaWdjrKVkibomlJZaN8MEO23CfQw==
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 893 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 43754
+;; flags: qr rd ra cd ; qd: 1 an: 3 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ingotronic.ch., type = DS, class = IN
+
+;; ANSWERS:
+ingotronic.ch.		3553	IN	DS	6031 5 2 4A948F2FDADA24686E473EDAC00DCF972584C75E3FAA92C2021B6221449FF87E
+ingotronic.ch.		3553	IN	DS	6031 5 1 733D0218B571CD617B1A7493564B9FC4F12ADE82
+ingotronic.ch.		3553	IN	RRSIG	DS 8 2 3600 20150129033614 20150105123019 60789 ch. rVPJP2HhzW7OkroK2axFj5Lb4iVWCH8Fp/Iq1rF952NDo72b8RiKje2RaAKJAGQ+wd0YgE+PAej04GCmkhlDJA/zvPeeTxuhy3HbJzReMlQ7fjyH+wW1hli+FuIYvogXWf7nO/9VyPORt8X/f/pjrOr3Vlj9sGLN8TGYpEuVSw4=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 288 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 10069
+;; flags: qr aa rd ra cd ; qd: 1 an: 4 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ingotronic.ch., type = DNSKEY, class = IN
+
+;; ANSWERS:
+ingotronic.ch.		300	IN	DNSKEY	257 3 5 AwEAAeA1vzmjaB+eBAcvhzpKEgAEFpvQ1rg4uKDW6MsQtacKoqBpgyep2+LuWotz5p/xYxj3NGsArwN8Ad5cY0FHRr8miTT0elOv6nvlqGIfRuhj/BXAQ1x4ihpSFslHw0lJMYFwxsUZWpUyjWX/nv1xRZMMwF46gui0N4OEbyTYusCk77D+A71k+K0EAitFIbIH4GCUKmH1H7HmXhSVH9bN/n7KEGwW32lmsuuUcJoRKDkcUvbMXY/9Xoa2quERrUg/rBbDUHowRPjYDS5GzY1+f4YY8s40BufGiqyUTKKXL953MVFK8gmezXA0hbmrnZ7CBOw/7238mORAdzExaX8n7CE=
+ingotronic.ch.		300	IN	DNSKEY	256 3 5 AwEAAZ2Xh77GFzpEDx7EHYxShqltHgkiG+BOjBGifEmnJhQSdE5/yNSLFNcdhZZ8HUPxYnaedTqJcFFg4AzUsQklF/fECegTJdZjaj2WoL0/I8K7HMfY/hVuRZUWPNglYi8agJRX6gdkFTCpUNI7stpgKqxtzUJhhw15uG/lKMplwqUr
+ingotronic.ch.		300	IN	RRSIG	DNSKEY 5 2 300 20150125003700 20141226001657 6031 ingotronic.ch. rs1QlP2SlSpA2ELbzwg3DgWLzXWL3Lpv6CUJE2Q0qH2Zp7Qdy3cD+ZEtNh9v24Qv1M6JJ3zFt8mmZoCeW2ycuMbJCqBkW9CBuwF+VznZvZY2MxwPipvhvEEGP//0M8YAZJ66yQPDv3PTdAP8FYbIrJyvY44vwyncwbslpfHT9jAsrbfr3vuMuWps86dnP462q+0s1TxBfqi8mzo3gdavjHKWVNwohLahLKT+tWeu6DSzQv0YwMjwtkLgF7QRgx3ctIIkloOrnx9nHH1N6y+hxEB89fOlyVDjHhgL5uVtsD5fEdT0FJ2Gc/2nShEMMqIwr1/J9kUq1mNySff/uEe65Q==
+ingotronic.ch.		300	IN	RRSIG	DNSKEY 5 2 300 20150125003700 20141226001657 17430 ingotronic.ch. mEwZjhQqeWksWD0TCnNBrtce4YkWJL3edqL6PvAUu8Fn+Ih437kEs3+pqdkgRsdYQ9HW+lBm/8pWwJlNAv0bi9NykItXMwAUFtncgq+6Pnh3iAM972GXSa5VV4LcGQ5b8CBdHCHiEKDqyPv5Hr5QfYL/FQaWlcNRh4QZZlZNPFA=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 940 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 38115
+;; flags: qr aa rd ra cd ; qd: 1 an: 3 au: 0 ad: 1 
+;; QUESTIONS:
+;;	nsec3.ingotronic.ch., type = DS, class = IN
+
+;; ANSWERS:
+nsec3.ingotronic.ch.	300	IN	DS	16758 7 1 1720FF268E09A2CB63805EC8782D10AAD20E12A5
+nsec3.ingotronic.ch.	300	IN	DS	16758 7 2 3C8DC02750A1636F829B45D6E6D642866768A9CD40A013AD9D25AB63734FFA13
+nsec3.ingotronic.ch.	300	IN	RRSIG	DS 5 3 300 20150125011134 20141226002644 17430 ingotronic.ch. hNurzlGhlyHbSgezPDuhIrtN9ZMsMXZbKGc7HD5rUuM88wD3fM97NxdzF+2Hi1USvBZ5GsQv63L+lAzf+mFPBoPIFHtTiAv8up7kQKRKmi/EzzkCYd/CC4UYdDZbaUyv7esh7spSOGwjPJNdK831p+MgltoWaYtnSGVMgOKk5mc=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 305 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 25812
+;; flags: qr aa rd ra cd ; qd: 1 an: 4 au: 0 ad: 1 
+;; QUESTIONS:
+;;	nsec3.ingotronic.ch., type = DNSKEY, class = IN
+
+;; ANSWERS:
+nsec3.ingotronic.ch.	300	IN	DNSKEY	257 3 7 AwEAAaBuJTf9oGyeTH3biUkAFLrsYrkodX1H7Snsui4XsDHFCBvs5XYacHbs0Jg0/O51KPjmNnjwMW8SSyDkKqYQ+9uYAf2EQ/pnD/VGQqnV2cw0Vwk/t0E2V4FUCju4pnAoyzZFZXGs1eWbX9JXu++b0Azp+ACq6485qJLzHhWDiIrPoK/SvdbFVRK4s+nPPJLH3NGBbtdz6kPq7aFWYBMoGeAZdN1wsQpcNWUo5eOmaJY53nMc7+rDpAyYlMe/FKwSZdX2ZDd63Qsa6Im4FVUJq/nWLq7tlQ/mWks15uDTQyJy/OWfA0ICCO4N9Fel9rThJNpJWEzOCblvZyBoy405kZk=
+nsec3.ingotronic.ch.	300	IN	DNSKEY	256 3 7 AwEAAccAWxkTVGZ6UAp0VEozAlYpARhbh6Y6tYOl6Fg3UeBNFFtDQ9fTEEt1NkbnR9u8KkpVN6a67avlYiUN1egDqEwzDU7R1Rw+/USdhm2hqOARmmu3DBgjjX/iXjZLyv310cOGFJZ/smcodlDL4pDAAoPxh/qs6KEBaT0sc1KWcGq3
+nsec3.ingotronic.ch.	300	IN	RRSIG	DNSKEY 7 3 300 20150125001457 20141226000444 16758 nsec3.ingotronic.ch. mXi1ylDi8XkRPup+YlT8GPdYE+P7gb6+/VdAwtodI916IzrkGkOHOTLbnrbAqqJOh0HxVCYXdxovmEcbJKUFKwplrQg3XD7/9Sq4pKU1MhMFEGrm/QPkM4u0mgjQwyToDLGuPHuFyur3FSjO/n54uGhAEft9JOFk/WKtWdCnm2LLyQrpC6herA3efFaI8kZhdoEY02AwihWVJxHasmz7lOoKRgNrkfELU+fN4+V7ISsRfJMyZc6q5PuNeG6vFD0uNE8tpdLJCSMurKYVpelvYqzFIcRTYcIjXwmS+L3DGjupqWMzFZVmpQM62JG3KCCD0ffpnNb0nWoSoHwpSeh/3Q==
+nsec3.ingotronic.ch.	300	IN	RRSIG	DNSKEY 7 3 300 20150125001457 20141226000444 62417 nsec3.ingotronic.ch. PyCrf8T5dAfJzapb1p+kcTALPjDuD2niSaXXo0KeHAunT+6gJicLML2S/ZpiYr7X7Ma4Z0TYqE02qH6pcLYNnSgv9BE8sZO0nRtPekSyTy5nLi4hFADYhjb3UjaB85qmQZcqm64vC/CJhWO4t6Eixg/5MYALw+Qdy5Fo0qy/U5E=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 958 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 56275
+;; flags: qr rd ra ad cd ; qd: 1 an: 4 au: 0 ad: 1 
+;; QUESTIONS:
+;;	., type = DNSKEY, class = IN
+
+;; ANSWERS:
+.			87344	IN	DNSKEY	256 3 8 AwEAAaPD7Y7XIi1MOEREJNTrRhyqsY3gff6JWzg+XCbqut1sbcbvqyssHw8DT1AkRaAC92pO8xuyq5QEgEPL1IHfABLwpwXI5gTj4gdwi86bpkmlWs9fRpnn4DPDCTdrnxIejJXgClHikLJF3u3CdpNCMijq4CKdQbMlRZ3avv+G7rh7
+.			87344	IN	DNSKEY	256 3 8 AwEAAe3fSrbLBy3LOS7pnxEUhvPZTE2H5dIGsI/UfruI/nOEvWWa/PSX2BFedBkEqOlYdjdNF2f+6lmfk2Od/xu0v5bVqxFE+/24v3hZSlWBxvXzPTAGHrbW/IJYEPqlzVOAS4XdUgHg0N7IbLywNHMvB+Yf+Nm6ctyXXFLV4WTNnzs7
+.			87344	IN	DNSKEY	257 3 8 AwEAAagAIKlVZrpC6Ia7gEzahOR+9W29euxhJhVVLOyQbSEW0O8gcCjFFVQUTf6v58fLjwBd0YI0EzrAcQqBGCzh/RStIoO8g0NfnfL2MTJRkxoXbfDaUeVPQuYEhg37NZWAJQ9VnMVDxP/VHL496M/QZxkjf5/Efucp2gaDX6RS6CXpoY68LsvPVjR0ZSwzz1apAzvN9dlzEheX7ICJBBtuA6G3LQpzW5hOA2hzCTMjJPJ8LbqF6dsV6DoBQzgul0sGIcGOYl7OyQdXfZ57relSQageu+ipAdTTJ25AsRTAoub8ONGcLmqrAmRLKBP1dfwhYB4N7knNnulqQxA+Uk1ihz0=
+.			87344	IN	RRSIG	DNSKEY 8 0 172800 20150115235959 20150101000000 19036 . i8cAxD2pvQi1oAyvQxRpDfFlbqPzW+69QQEsDwE1eWOm5AtawO9U7lmsGps7sy/fVNvl1ljKBj4Djp9pb3U2FLogjiIlW0cDAkPmLlG9t+b/pjEfBNlhjANUVN06pvQVAfm+LcF26EaWT6FlISBqb6jSy4BHRa3Bdc4Sx7+pRSYSqVVvYxLkfAWsKPqGkvWhebJDndJJV9syXQXgZ+v/uJ+6XOS43xkAdeL8iBzIs/FlwMTfh3tVe3d0lb65IBBLlCzeQuetX+0Vu1YFcnD0mHc/wS2ZnAV5toAFmyVQBoY/XAZiZeaOkcROJ6Zmqezy7liwK7BqsYyAZntMhk8lbg==
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 883 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 43002
+;; flags: qr rd ra ad cd ; qd: 1 an: 2 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ch., type = DS, class = IN
+
+;; ANSWERS:
+ch.			944	IN	DS	46375 8 2 8F96646FC68BB7E4AF4C0750A6096FBC0D4ECDA3D3FA6DA06FDDB42EE50C6CF3
+ch.			944	IN	RRSIG	DS 8 1 86400 20150112170000 20150105160000 16665 . thY7xYWBBxiBjqbQIb9fAG4TmQgnziwM7q6P1T3/ITxmECdvOCQnnZA3uD7qmN8uM0HudsD7+y+zgD3rsH4RSTKdL4kHSI0OnCxToMTvklghEgFDezqIRm8NkWdI2H4Stwrj20nYKSpLQxPI2EE54gs18P3KyO8bAUYv8Qx73xU=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 238 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 4041
+;; flags: qr rd ra ad cd ; qd: 1 an: 4 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ch., type = DNSKEY, class = IN
+
+;; ANSWERS:
+ch.			944	IN	DNSKEY	256 3 8 AwEAAcSLdT0fEmcFmLpeUkAJoeVaHKiu+nbuc43fWlqaCRVf8t2HA4uWxOk0O5ci9nrFTc8nq8oa5fk5Cj7CHh4yrX9qUCfTdIWTyp8BDEdJpS+Dyb0u9wQuVj+nQMj4fLzdQf4TJs3/qxuiLr3nL1UUwlhhXeqSqGVb7p3mtB5HJ8ad
+ch.			944	IN	DNSKEY	256 3 8 AwEAAcsg0kY6fw1wzYMhSAKTy+Y2JzAst66P/1odp9NECJJHbU8f4nwziI3onoFSBV0ZiSZhY1aH5dhdDZ7BkrqhVXSrZPAz0CvzjIxmB1gSOf9DeZvjQvoy97HqYolxsf+B3QQv2RKBT67elF5+JisKg3/dQISelKn8LhabSoVrMlD1
+ch.			944	IN	DNSKEY	257 3 8 AwEAAb7GhhZ8IAy/AhwmSms5DeQK5ad09wIIplEpYoiAIYXPtJvT1ReFzyfTp/2YP+g/PWDwHPh4qKAHa9x0VgbIQcGAeNakmfkAdWEmCnca323/SAml3mwfaX62G7/uYWae5zh8QTxZKNd+K1yZ5x0IxnI31chSl5xymRbTEHYZDKwSIRFM3fTxUMt93WFaBVWELReYotJBr++rvAWdnlay5TPBTvheLBkaiqtgM4GP8HK07Y+86lsZnEsj5K3G1KTV5SPpa82rqYAwxG9VKbmSE/6/kBR5jJHjt1rRt5Oe7v18aEtw0YCEN4vxq+KuvMoNVqXUsE9LBwHJD+QNwi6wmB0=
+ch.			944	IN	RRSIG	DNSKEY 8 1 86400 20150127100909 20141212090909 46375 ch. bT8q0FWyeMH0SulNo6UdIIgZYNATwYsee2bikq2Gh339Bufma8eaqWIPYT3XKmxYPBFOw0bVl+kLZxTwbR1CFoCDXoP+qgQhh4mf9qkNiv2CDSc+0FE3FRREn+DAhYTUEuB58FPiPakFB8s8O7T+k2qhDae7jy4/y7Jl1lnjaBY8s7bzOUPhF0KKCNZmvoKwtL23ZdVeTSV1xM3jkiNnpzBKbcoSWECSGJVp1SE0BnRXdwQP41YTXFZ0310YjaTAUCC5qbMIWdEkHjfdSQtKBImnc85mkapq9w++XQ4zhauPWBtrPV3CcoCahjUaWdjrKVkibomlJZaN8MEO23CfQw==
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 893 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 1277
+;; flags: qr rd ra cd ; qd: 1 an: 3 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ingotronic.ch., type = DS, class = IN
+
+;; ANSWERS:
+ingotronic.ch.		3552	IN	DS	6031 5 1 733D0218B571CD617B1A7493564B9FC4F12ADE82
+ingotronic.ch.		3552	IN	DS	6031 5 2 4A948F2FDADA24686E473EDAC00DCF972584C75E3FAA92C2021B6221449FF87E
+ingotronic.ch.		3552	IN	RRSIG	DS 8 2 3600 20150129033614 20150105123019 60789 ch. rVPJP2HhzW7OkroK2axFj5Lb4iVWCH8Fp/Iq1rF952NDo72b8RiKje2RaAKJAGQ+wd0YgE+PAej04GCmkhlDJA/zvPeeTxuhy3HbJzReMlQ7fjyH+wW1hli+FuIYvogXWf7nO/9VyPORt8X/f/pjrOr3Vlj9sGLN8TGYpEuVSw4=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 288 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 3516
+;; flags: qr aa rd ra cd ; qd: 1 an: 4 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ingotronic.ch., type = DNSKEY, class = IN
+
+;; ANSWERS:
+ingotronic.ch.		300	IN	DNSKEY	257 3 5 AwEAAeA1vzmjaB+eBAcvhzpKEgAEFpvQ1rg4uKDW6MsQtacKoqBpgyep2+LuWotz5p/xYxj3NGsArwN8Ad5cY0FHRr8miTT0elOv6nvlqGIfRuhj/BXAQ1x4ihpSFslHw0lJMYFwxsUZWpUyjWX/nv1xRZMMwF46gui0N4OEbyTYusCk77D+A71k+K0EAitFIbIH4GCUKmH1H7HmXhSVH9bN/n7KEGwW32lmsuuUcJoRKDkcUvbMXY/9Xoa2quERrUg/rBbDUHowRPjYDS5GzY1+f4YY8s40BufGiqyUTKKXL953MVFK8gmezXA0hbmrnZ7CBOw/7238mORAdzExaX8n7CE=
+ingotronic.ch.		300	IN	DNSKEY	256 3 5 AwEAAZ2Xh77GFzpEDx7EHYxShqltHgkiG+BOjBGifEmnJhQSdE5/yNSLFNcdhZZ8HUPxYnaedTqJcFFg4AzUsQklF/fECegTJdZjaj2WoL0/I8K7HMfY/hVuRZUWPNglYi8agJRX6gdkFTCpUNI7stpgKqxtzUJhhw15uG/lKMplwqUr
+ingotronic.ch.		300	IN	RRSIG	DNSKEY 5 2 300 20150125003700 20141226001657 6031 ingotronic.ch. rs1QlP2SlSpA2ELbzwg3DgWLzXWL3Lpv6CUJE2Q0qH2Zp7Qdy3cD+ZEtNh9v24Qv1M6JJ3zFt8mmZoCeW2ycuMbJCqBkW9CBuwF+VznZvZY2MxwPipvhvEEGP//0M8YAZJ66yQPDv3PTdAP8FYbIrJyvY44vwyncwbslpfHT9jAsrbfr3vuMuWps86dnP462q+0s1TxBfqi8mzo3gdavjHKWVNwohLahLKT+tWeu6DSzQv0YwMjwtkLgF7QRgx3ctIIkloOrnx9nHH1N6y+hxEB89fOlyVDjHhgL5uVtsD5fEdT0FJ2Gc/2nShEMMqIwr1/J9kUq1mNySff/uEe65Q==
+ingotronic.ch.		300	IN	RRSIG	DNSKEY 5 2 300 20150125003700 20141226001657 17430 ingotronic.ch. mEwZjhQqeWksWD0TCnNBrtce4YkWJL3edqL6PvAUu8Fn+Ih437kEs3+pqdkgRsdYQ9HW+lBm/8pWwJlNAv0bi9NykItXMwAUFtncgq+6Pnh3iAM972GXSa5VV4LcGQ5b8CBdHCHiEKDqyPv5Hr5QfYL/FQaWlcNRh4QZZlZNPFA=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 940 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 25335
+;; flags: qr aa rd ra cd ; qd: 1 an: 3 au: 0 ad: 1 
+;; QUESTIONS:
+;;	nsec3.ingotronic.ch., type = DS, class = IN
+
+;; ANSWERS:
+nsec3.ingotronic.ch.	300	IN	DS	16758 7 2 3C8DC02750A1636F829B45D6E6D642866768A9CD40A013AD9D25AB63734FFA13
+nsec3.ingotronic.ch.	300	IN	DS	16758 7 1 1720FF268E09A2CB63805EC8782D10AAD20E12A5
+nsec3.ingotronic.ch.	300	IN	RRSIG	DS 5 3 300 20150125011134 20141226002644 17430 ingotronic.ch. hNurzlGhlyHbSgezPDuhIrtN9ZMsMXZbKGc7HD5rUuM88wD3fM97NxdzF+2Hi1USvBZ5GsQv63L+lAzf+mFPBoPIFHtTiAv8up7kQKRKmi/EzzkCYd/CC4UYdDZbaUyv7esh7spSOGwjPJNdK831p+MgltoWaYtnSGVMgOKk5mc=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 305 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 44320
+;; flags: qr aa rd ra cd ; qd: 1 an: 4 au: 0 ad: 1 
+;; QUESTIONS:
+;;	nsec3.ingotronic.ch., type = DNSKEY, class = IN
+
+;; ANSWERS:
+nsec3.ingotronic.ch.	300	IN	DNSKEY	256 3 7 AwEAAccAWxkTVGZ6UAp0VEozAlYpARhbh6Y6tYOl6Fg3UeBNFFtDQ9fTEEt1NkbnR9u8KkpVN6a67avlYiUN1egDqEwzDU7R1Rw+/USdhm2hqOARmmu3DBgjjX/iXjZLyv310cOGFJZ/smcodlDL4pDAAoPxh/qs6KEBaT0sc1KWcGq3
+nsec3.ingotronic.ch.	300	IN	DNSKEY	257 3 7 AwEAAaBuJTf9oGyeTH3biUkAFLrsYrkodX1H7Snsui4XsDHFCBvs5XYacHbs0Jg0/O51KPjmNnjwMW8SSyDkKqYQ+9uYAf2EQ/pnD/VGQqnV2cw0Vwk/t0E2V4FUCju4pnAoyzZFZXGs1eWbX9JXu++b0Azp+ACq6485qJLzHhWDiIrPoK/SvdbFVRK4s+nPPJLH3NGBbtdz6kPq7aFWYBMoGeAZdN1wsQpcNWUo5eOmaJY53nMc7+rDpAyYlMe/FKwSZdX2ZDd63Qsa6Im4FVUJq/nWLq7tlQ/mWks15uDTQyJy/OWfA0ICCO4N9Fel9rThJNpJWEzOCblvZyBoy405kZk=
+nsec3.ingotronic.ch.	300	IN	RRSIG	DNSKEY 7 3 300 20150125001457 20141226000444 16758 nsec3.ingotronic.ch. mXi1ylDi8XkRPup+YlT8GPdYE+P7gb6+/VdAwtodI916IzrkGkOHOTLbnrbAqqJOh0HxVCYXdxovmEcbJKUFKwplrQg3XD7/9Sq4pKU1MhMFEGrm/QPkM4u0mgjQwyToDLGuPHuFyur3FSjO/n54uGhAEft9JOFk/WKtWdCnm2LLyQrpC6herA3efFaI8kZhdoEY02AwihWVJxHasmz7lOoKRgNrkfELU+fN4+V7ISsRfJMyZc6q5PuNeG6vFD0uNE8tpdLJCSMurKYVpelvYqzFIcRTYcIjXwmS+L3DGjupqWMzFZVmpQM62JG3KCCD0ffpnNb0nWoSoHwpSeh/3Q==
+nsec3.ingotronic.ch.	300	IN	RRSIG	DNSKEY 7 3 300 20150125001457 20141226000444 62417 nsec3.ingotronic.ch. PyCrf8T5dAfJzapb1p+kcTALPjDuD2niSaXXo0KeHAunT+6gJicLML2S/ZpiYr7X7Ma4Z0TYqE02qH6pcLYNnSgv9BE8sZO0nRtPekSyTy5nLi4hFADYhjb3UjaB85qmQZcqm64vC/CJhWO4t6Eixg/5MYALw+Qdy5Fo0qy/U5E=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 958 bytes
+
+###############################################
+
diff --git a/src/test/resources/recordings/org_xbill_DNS_dnssec_TestNsec3ValUtils/testNsec3WithoutClosestEncloser b/src/test/resources/recordings/org_xbill_DNS_dnssec_TestNsec3ValUtils/testNsec3WithoutClosestEncloser
new file mode 100644
index 000000000..d267da478
--- /dev/null
+++ b/src/test/resources/recordings/org_xbill_DNS_dnssec_TestNsec3ValUtils/testNsec3WithoutClosestEncloser
@@ -0,0 +1,297 @@
+#Date: 2015-01-06T22:35:28+01:00
+;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 10035
+;; flags: qr aa rd ra cd ; qd: 1 an: 0 au: 8 ad: 1 
+;; QUESTIONS:
+;;	gibtsnicht.gibtsnicht.nsec3.ingotronic.ch., type = A, class = IN
+
+;; ANSWERS:
+
+;; AUTHORITY RECORDS:
+nsec3.ingotronic.ch.	300	IN	SOA	ns1.ingotronic.ch. admin.ingotronic.ch. 2013032932 300 60 864000 300
+nsec3.ingotronic.ch.	300	IN	RRSIG	SOA 7 3 300 20150201003516 20150101233516 62417 nsec3.ingotronic.ch. RMXaAZCkydysBpA4+LWD2frs4CZH2FBxafAolq7MOG62Sw3ellwNcSIh2naMasviin2DU2BAzIYyFUqKJDbUqzTxZQjsM6d5LtgFy5iTNmWum6FnFP5Fz73Zs/9Q0LNEstR82MRRL8EDElADhFySAReavyT/vlSTScQGxx6slyQ=
+NTV3QJT4VQDVBPB6BNOVM40NMKJ3H29P.nsec3.ingotronic.ch.	300	IN	NSEC3	1 0 10 1234 O275F9OLQ9HNCER7U4SMD4V8AG7IPML9 A NS SOA RRSIG DNSKEY NSEC3PARAM
+NTV3QJT4VQDVBPB6BNOVM40NMKJ3H29P.nsec3.ingotronic.ch.	300	IN	RRSIG	NSEC3 7 4 300 20150131235629 20150101233516 62417 nsec3.ingotronic.ch. xccCvQs/b3ndBUo6J2FbaCzDMg+LB1e4OWeI29VTBWcmfbuD3rZvneRdbA9B5AluJH1ar10xxdrt/+RSuhSWC70LswkdPDg4vshmCZMDeMCOJYFEkGR0UgcZUMynU6EewEDLVLgYtBkJmspeuZNMBMPk/ZUOolCElrkHfbUA1Cc=
+UDUMPS9J6F8348HFHH2FAED6I9DDE0U6.nsec3.ingotronic.ch.	300	IN	NSEC3	1 0 10 1234 0UPHA6GQV03I7D8EJUDKC30I0C6I1G1Q
+UDUMPS9J6F8348HFHH2FAED6I9DDE0U6.nsec3.ingotronic.ch.	300	IN	RRSIG	NSEC3 7 4 300 20150125005926 20141226002759 62417 nsec3.ingotronic.ch. XV2q9ufbwzauD/tmjb2EKsNBF+kHQYL0/MNb6ivY1oH9Q2hzQNPUuHkUl1db2erDFodPvspmDk6p6WOXoV6wmmaYhN+JI1TQKYYThsnKC1bkt1h6QyjwsDc12d8HVHOopvoXpaYWoV4bbghsAylGVqRjEYyt8JtR3BPfphehloU=
+L40SJG7ANKROIHCT5RA6C8CTKJ91CD3N.nsec3.ingotronic.ch.	300	IN	NSEC3	1 0 10 1234 ND3HQPFBN314KVB64L6T40JF75US8HKT
+L40SJG7ANKROIHCT5RA6C8CTKJ91CD3N.nsec3.ingotronic.ch.	300	IN	RRSIG	NSEC3 7 4 300 20150125005926 20141226002759 62417 nsec3.ingotronic.ch. v6NHEWwb2KxRGRPshC2KFoxJs4Mis3OmvncJmn5bIWBnzeTY4x75tsE4zlVPx9rp0rjmOAQsYn4KGtIFPUShDHNHy45qoOtKkvRzRgByx4K2l5Rq9OizQVYsEUUScXEYATilaDU9whifF0vPk7YPwFGRmiY3prCGAvY/jH4hQUM=
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 1060 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 48118
+;; flags: qr rd ra ad cd ; qd: 1 an: 4 au: 0 ad: 1 
+;; QUESTIONS:
+;;	., type = DNSKEY, class = IN
+
+;; ANSWERS:
+.			87346	IN	DNSKEY	256 3 8 AwEAAaPD7Y7XIi1MOEREJNTrRhyqsY3gff6JWzg+XCbqut1sbcbvqyssHw8DT1AkRaAC92pO8xuyq5QEgEPL1IHfABLwpwXI5gTj4gdwi86bpkmlWs9fRpnn4DPDCTdrnxIejJXgClHikLJF3u3CdpNCMijq4CKdQbMlRZ3avv+G7rh7
+.			87346	IN	DNSKEY	256 3 8 AwEAAe3fSrbLBy3LOS7pnxEUhvPZTE2H5dIGsI/UfruI/nOEvWWa/PSX2BFedBkEqOlYdjdNF2f+6lmfk2Od/xu0v5bVqxFE+/24v3hZSlWBxvXzPTAGHrbW/IJYEPqlzVOAS4XdUgHg0N7IbLywNHMvB+Yf+Nm6ctyXXFLV4WTNnzs7
+.			87346	IN	DNSKEY	257 3 8 AwEAAagAIKlVZrpC6Ia7gEzahOR+9W29euxhJhVVLOyQbSEW0O8gcCjFFVQUTf6v58fLjwBd0YI0EzrAcQqBGCzh/RStIoO8g0NfnfL2MTJRkxoXbfDaUeVPQuYEhg37NZWAJQ9VnMVDxP/VHL496M/QZxkjf5/Efucp2gaDX6RS6CXpoY68LsvPVjR0ZSwzz1apAzvN9dlzEheX7ICJBBtuA6G3LQpzW5hOA2hzCTMjJPJ8LbqF6dsV6DoBQzgul0sGIcGOYl7OyQdXfZ57relSQageu+ipAdTTJ25AsRTAoub8ONGcLmqrAmRLKBP1dfwhYB4N7knNnulqQxA+Uk1ihz0=
+.			87346	IN	RRSIG	DNSKEY 8 0 172800 20150115235959 20150101000000 19036 . i8cAxD2pvQi1oAyvQxRpDfFlbqPzW+69QQEsDwE1eWOm5AtawO9U7lmsGps7sy/fVNvl1ljKBj4Djp9pb3U2FLogjiIlW0cDAkPmLlG9t+b/pjEfBNlhjANUVN06pvQVAfm+LcF26EaWT6FlISBqb6jSy4BHRa3Bdc4Sx7+pRSYSqVVvYxLkfAWsKPqGkvWhebJDndJJV9syXQXgZ+v/uJ+6XOS43xkAdeL8iBzIs/FlwMTfh3tVe3d0lb65IBBLlCzeQuetX+0Vu1YFcnD0mHc/wS2ZnAV5toAFmyVQBoY/XAZiZeaOkcROJ6Zmqezy7liwK7BqsYyAZntMhk8lbg==
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 883 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 30744
+;; flags: qr rd ra ad cd ; qd: 1 an: 2 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ch., type = DS, class = IN
+
+;; ANSWERS:
+ch.			946	IN	DS	46375 8 2 8F96646FC68BB7E4AF4C0750A6096FBC0D4ECDA3D3FA6DA06FDDB42EE50C6CF3
+ch.			946	IN	RRSIG	DS 8 1 86400 20150112170000 20150105160000 16665 . thY7xYWBBxiBjqbQIb9fAG4TmQgnziwM7q6P1T3/ITxmECdvOCQnnZA3uD7qmN8uM0HudsD7+y+zgD3rsH4RSTKdL4kHSI0OnCxToMTvklghEgFDezqIRm8NkWdI2H4Stwrj20nYKSpLQxPI2EE54gs18P3KyO8bAUYv8Qx73xU=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 238 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 54353
+;; flags: qr rd ra ad cd ; qd: 1 an: 4 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ch., type = DNSKEY, class = IN
+
+;; ANSWERS:
+ch.			946	IN	DNSKEY	256 3 8 AwEAAcSLdT0fEmcFmLpeUkAJoeVaHKiu+nbuc43fWlqaCRVf8t2HA4uWxOk0O5ci9nrFTc8nq8oa5fk5Cj7CHh4yrX9qUCfTdIWTyp8BDEdJpS+Dyb0u9wQuVj+nQMj4fLzdQf4TJs3/qxuiLr3nL1UUwlhhXeqSqGVb7p3mtB5HJ8ad
+ch.			946	IN	DNSKEY	257 3 8 AwEAAb7GhhZ8IAy/AhwmSms5DeQK5ad09wIIplEpYoiAIYXPtJvT1ReFzyfTp/2YP+g/PWDwHPh4qKAHa9x0VgbIQcGAeNakmfkAdWEmCnca323/SAml3mwfaX62G7/uYWae5zh8QTxZKNd+K1yZ5x0IxnI31chSl5xymRbTEHYZDKwSIRFM3fTxUMt93WFaBVWELReYotJBr++rvAWdnlay5TPBTvheLBkaiqtgM4GP8HK07Y+86lsZnEsj5K3G1KTV5SPpa82rqYAwxG9VKbmSE/6/kBR5jJHjt1rRt5Oe7v18aEtw0YCEN4vxq+KuvMoNVqXUsE9LBwHJD+QNwi6wmB0=
+ch.			946	IN	DNSKEY	256 3 8 AwEAAcsg0kY6fw1wzYMhSAKTy+Y2JzAst66P/1odp9NECJJHbU8f4nwziI3onoFSBV0ZiSZhY1aH5dhdDZ7BkrqhVXSrZPAz0CvzjIxmB1gSOf9DeZvjQvoy97HqYolxsf+B3QQv2RKBT67elF5+JisKg3/dQISelKn8LhabSoVrMlD1
+ch.			946	IN	RRSIG	DNSKEY 8 1 86400 20150127100909 20141212090909 46375 ch. bT8q0FWyeMH0SulNo6UdIIgZYNATwYsee2bikq2Gh339Bufma8eaqWIPYT3XKmxYPBFOw0bVl+kLZxTwbR1CFoCDXoP+qgQhh4mf9qkNiv2CDSc+0FE3FRREn+DAhYTUEuB58FPiPakFB8s8O7T+k2qhDae7jy4/y7Jl1lnjaBY8s7bzOUPhF0KKCNZmvoKwtL23ZdVeTSV1xM3jkiNnpzBKbcoSWECSGJVp1SE0BnRXdwQP41YTXFZ0310YjaTAUCC5qbMIWdEkHjfdSQtKBImnc85mkapq9w++XQ4zhauPWBtrPV3CcoCahjUaWdjrKVkibomlJZaN8MEO23CfQw==
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 893 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 39530
+;; flags: qr rd ra cd ; qd: 1 an: 3 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ingotronic.ch., type = DS, class = IN
+
+;; ANSWERS:
+ingotronic.ch.		3554	IN	DS	6031 5 2 4A948F2FDADA24686E473EDAC00DCF972584C75E3FAA92C2021B6221449FF87E
+ingotronic.ch.		3554	IN	DS	6031 5 1 733D0218B571CD617B1A7493564B9FC4F12ADE82
+ingotronic.ch.		3554	IN	RRSIG	DS 8 2 3600 20150129033614 20150105123019 60789 ch. rVPJP2HhzW7OkroK2axFj5Lb4iVWCH8Fp/Iq1rF952NDo72b8RiKje2RaAKJAGQ+wd0YgE+PAej04GCmkhlDJA/zvPeeTxuhy3HbJzReMlQ7fjyH+wW1hli+FuIYvogXWf7nO/9VyPORt8X/f/pjrOr3Vlj9sGLN8TGYpEuVSw4=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 288 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 14008
+;; flags: qr aa rd ra cd ; qd: 1 an: 4 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ingotronic.ch., type = DNSKEY, class = IN
+
+;; ANSWERS:
+ingotronic.ch.		300	IN	DNSKEY	256 3 5 AwEAAZ2Xh77GFzpEDx7EHYxShqltHgkiG+BOjBGifEmnJhQSdE5/yNSLFNcdhZZ8HUPxYnaedTqJcFFg4AzUsQklF/fECegTJdZjaj2WoL0/I8K7HMfY/hVuRZUWPNglYi8agJRX6gdkFTCpUNI7stpgKqxtzUJhhw15uG/lKMplwqUr
+ingotronic.ch.		300	IN	DNSKEY	257 3 5 AwEAAeA1vzmjaB+eBAcvhzpKEgAEFpvQ1rg4uKDW6MsQtacKoqBpgyep2+LuWotz5p/xYxj3NGsArwN8Ad5cY0FHRr8miTT0elOv6nvlqGIfRuhj/BXAQ1x4ihpSFslHw0lJMYFwxsUZWpUyjWX/nv1xRZMMwF46gui0N4OEbyTYusCk77D+A71k+K0EAitFIbIH4GCUKmH1H7HmXhSVH9bN/n7KEGwW32lmsuuUcJoRKDkcUvbMXY/9Xoa2quERrUg/rBbDUHowRPjYDS5GzY1+f4YY8s40BufGiqyUTKKXL953MVFK8gmezXA0hbmrnZ7CBOw/7238mORAdzExaX8n7CE=
+ingotronic.ch.		300	IN	RRSIG	DNSKEY 5 2 300 20150125003700 20141226001657 6031 ingotronic.ch. rs1QlP2SlSpA2ELbzwg3DgWLzXWL3Lpv6CUJE2Q0qH2Zp7Qdy3cD+ZEtNh9v24Qv1M6JJ3zFt8mmZoCeW2ycuMbJCqBkW9CBuwF+VznZvZY2MxwPipvhvEEGP//0M8YAZJ66yQPDv3PTdAP8FYbIrJyvY44vwyncwbslpfHT9jAsrbfr3vuMuWps86dnP462q+0s1TxBfqi8mzo3gdavjHKWVNwohLahLKT+tWeu6DSzQv0YwMjwtkLgF7QRgx3ctIIkloOrnx9nHH1N6y+hxEB89fOlyVDjHhgL5uVtsD5fEdT0FJ2Gc/2nShEMMqIwr1/J9kUq1mNySff/uEe65Q==
+ingotronic.ch.		300	IN	RRSIG	DNSKEY 5 2 300 20150125003700 20141226001657 17430 ingotronic.ch. mEwZjhQqeWksWD0TCnNBrtce4YkWJL3edqL6PvAUu8Fn+Ih437kEs3+pqdkgRsdYQ9HW+lBm/8pWwJlNAv0bi9NykItXMwAUFtncgq+6Pnh3iAM972GXSa5VV4LcGQ5b8CBdHCHiEKDqyPv5Hr5QfYL/FQaWlcNRh4QZZlZNPFA=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 940 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 26735
+;; flags: qr aa rd ra cd ; qd: 1 an: 3 au: 0 ad: 1 
+;; QUESTIONS:
+;;	nsec3.ingotronic.ch., type = DS, class = IN
+
+;; ANSWERS:
+nsec3.ingotronic.ch.	300	IN	DS	16758 7 1 1720FF268E09A2CB63805EC8782D10AAD20E12A5
+nsec3.ingotronic.ch.	300	IN	DS	16758 7 2 3C8DC02750A1636F829B45D6E6D642866768A9CD40A013AD9D25AB63734FFA13
+nsec3.ingotronic.ch.	300	IN	RRSIG	DS 5 3 300 20150125011134 20141226002644 17430 ingotronic.ch. hNurzlGhlyHbSgezPDuhIrtN9ZMsMXZbKGc7HD5rUuM88wD3fM97NxdzF+2Hi1USvBZ5GsQv63L+lAzf+mFPBoPIFHtTiAv8up7kQKRKmi/EzzkCYd/CC4UYdDZbaUyv7esh7spSOGwjPJNdK831p+MgltoWaYtnSGVMgOKk5mc=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 305 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 46506
+;; flags: qr aa rd ra cd ; qd: 1 an: 4 au: 0 ad: 1 
+;; QUESTIONS:
+;;	nsec3.ingotronic.ch., type = DNSKEY, class = IN
+
+;; ANSWERS:
+nsec3.ingotronic.ch.	300	IN	DNSKEY	257 3 7 AwEAAaBuJTf9oGyeTH3biUkAFLrsYrkodX1H7Snsui4XsDHFCBvs5XYacHbs0Jg0/O51KPjmNnjwMW8SSyDkKqYQ+9uYAf2EQ/pnD/VGQqnV2cw0Vwk/t0E2V4FUCju4pnAoyzZFZXGs1eWbX9JXu++b0Azp+ACq6485qJLzHhWDiIrPoK/SvdbFVRK4s+nPPJLH3NGBbtdz6kPq7aFWYBMoGeAZdN1wsQpcNWUo5eOmaJY53nMc7+rDpAyYlMe/FKwSZdX2ZDd63Qsa6Im4FVUJq/nWLq7tlQ/mWks15uDTQyJy/OWfA0ICCO4N9Fel9rThJNpJWEzOCblvZyBoy405kZk=
+nsec3.ingotronic.ch.	300	IN	DNSKEY	256 3 7 AwEAAccAWxkTVGZ6UAp0VEozAlYpARhbh6Y6tYOl6Fg3UeBNFFtDQ9fTEEt1NkbnR9u8KkpVN6a67avlYiUN1egDqEwzDU7R1Rw+/USdhm2hqOARmmu3DBgjjX/iXjZLyv310cOGFJZ/smcodlDL4pDAAoPxh/qs6KEBaT0sc1KWcGq3
+nsec3.ingotronic.ch.	300	IN	RRSIG	DNSKEY 7 3 300 20150125001457 20141226000444 16758 nsec3.ingotronic.ch. mXi1ylDi8XkRPup+YlT8GPdYE+P7gb6+/VdAwtodI916IzrkGkOHOTLbnrbAqqJOh0HxVCYXdxovmEcbJKUFKwplrQg3XD7/9Sq4pKU1MhMFEGrm/QPkM4u0mgjQwyToDLGuPHuFyur3FSjO/n54uGhAEft9JOFk/WKtWdCnm2LLyQrpC6herA3efFaI8kZhdoEY02AwihWVJxHasmz7lOoKRgNrkfELU+fN4+V7ISsRfJMyZc6q5PuNeG6vFD0uNE8tpdLJCSMurKYVpelvYqzFIcRTYcIjXwmS+L3DGjupqWMzFZVmpQM62JG3KCCD0ffpnNb0nWoSoHwpSeh/3Q==
+nsec3.ingotronic.ch.	300	IN	RRSIG	DNSKEY 7 3 300 20150125001457 20141226000444 62417 nsec3.ingotronic.ch. PyCrf8T5dAfJzapb1p+kcTALPjDuD2niSaXXo0KeHAunT+6gJicLML2S/ZpiYr7X7Ma4Z0TYqE02qH6pcLYNnSgv9BE8sZO0nRtPekSyTy5nLi4hFADYhjb3UjaB85qmQZcqm64vC/CJhWO4t6Eixg/5MYALw+Qdy5Fo0qy/U5E=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 958 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 51992
+;; flags: qr rd ra ad cd ; qd: 1 an: 4 au: 0 ad: 1 
+;; QUESTIONS:
+;;	., type = DNSKEY, class = IN
+
+;; ANSWERS:
+.			87345	IN	DNSKEY	257 3 8 AwEAAagAIKlVZrpC6Ia7gEzahOR+9W29euxhJhVVLOyQbSEW0O8gcCjFFVQUTf6v58fLjwBd0YI0EzrAcQqBGCzh/RStIoO8g0NfnfL2MTJRkxoXbfDaUeVPQuYEhg37NZWAJQ9VnMVDxP/VHL496M/QZxkjf5/Efucp2gaDX6RS6CXpoY68LsvPVjR0ZSwzz1apAzvN9dlzEheX7ICJBBtuA6G3LQpzW5hOA2hzCTMjJPJ8LbqF6dsV6DoBQzgul0sGIcGOYl7OyQdXfZ57relSQageu+ipAdTTJ25AsRTAoub8ONGcLmqrAmRLKBP1dfwhYB4N7knNnulqQxA+Uk1ihz0=
+.			87345	IN	DNSKEY	256 3 8 AwEAAaPD7Y7XIi1MOEREJNTrRhyqsY3gff6JWzg+XCbqut1sbcbvqyssHw8DT1AkRaAC92pO8xuyq5QEgEPL1IHfABLwpwXI5gTj4gdwi86bpkmlWs9fRpnn4DPDCTdrnxIejJXgClHikLJF3u3CdpNCMijq4CKdQbMlRZ3avv+G7rh7
+.			87345	IN	DNSKEY	256 3 8 AwEAAe3fSrbLBy3LOS7pnxEUhvPZTE2H5dIGsI/UfruI/nOEvWWa/PSX2BFedBkEqOlYdjdNF2f+6lmfk2Od/xu0v5bVqxFE+/24v3hZSlWBxvXzPTAGHrbW/IJYEPqlzVOAS4XdUgHg0N7IbLywNHMvB+Yf+Nm6ctyXXFLV4WTNnzs7
+.			87345	IN	RRSIG	DNSKEY 8 0 172800 20150115235959 20150101000000 19036 . i8cAxD2pvQi1oAyvQxRpDfFlbqPzW+69QQEsDwE1eWOm5AtawO9U7lmsGps7sy/fVNvl1ljKBj4Djp9pb3U2FLogjiIlW0cDAkPmLlG9t+b/pjEfBNlhjANUVN06pvQVAfm+LcF26EaWT6FlISBqb6jSy4BHRa3Bdc4Sx7+pRSYSqVVvYxLkfAWsKPqGkvWhebJDndJJV9syXQXgZ+v/uJ+6XOS43xkAdeL8iBzIs/FlwMTfh3tVe3d0lb65IBBLlCzeQuetX+0Vu1YFcnD0mHc/wS2ZnAV5toAFmyVQBoY/XAZiZeaOkcROJ6Zmqezy7liwK7BqsYyAZntMhk8lbg==
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 883 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 56174
+;; flags: qr rd ra ad cd ; qd: 1 an: 2 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ch., type = DS, class = IN
+
+;; ANSWERS:
+ch.			945	IN	DS	46375 8 2 8F96646FC68BB7E4AF4C0750A6096FBC0D4ECDA3D3FA6DA06FDDB42EE50C6CF3
+ch.			945	IN	RRSIG	DS 8 1 86400 20150112170000 20150105160000 16665 . thY7xYWBBxiBjqbQIb9fAG4TmQgnziwM7q6P1T3/ITxmECdvOCQnnZA3uD7qmN8uM0HudsD7+y+zgD3rsH4RSTKdL4kHSI0OnCxToMTvklghEgFDezqIRm8NkWdI2H4Stwrj20nYKSpLQxPI2EE54gs18P3KyO8bAUYv8Qx73xU=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 238 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 29049
+;; flags: qr rd ra ad cd ; qd: 1 an: 4 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ch., type = DNSKEY, class = IN
+
+;; ANSWERS:
+ch.			946	IN	DNSKEY	257 3 8 AwEAAb7GhhZ8IAy/AhwmSms5DeQK5ad09wIIplEpYoiAIYXPtJvT1ReFzyfTp/2YP+g/PWDwHPh4qKAHa9x0VgbIQcGAeNakmfkAdWEmCnca323/SAml3mwfaX62G7/uYWae5zh8QTxZKNd+K1yZ5x0IxnI31chSl5xymRbTEHYZDKwSIRFM3fTxUMt93WFaBVWELReYotJBr++rvAWdnlay5TPBTvheLBkaiqtgM4GP8HK07Y+86lsZnEsj5K3G1KTV5SPpa82rqYAwxG9VKbmSE/6/kBR5jJHjt1rRt5Oe7v18aEtw0YCEN4vxq+KuvMoNVqXUsE9LBwHJD+QNwi6wmB0=
+ch.			946	IN	DNSKEY	256 3 8 AwEAAcsg0kY6fw1wzYMhSAKTy+Y2JzAst66P/1odp9NECJJHbU8f4nwziI3onoFSBV0ZiSZhY1aH5dhdDZ7BkrqhVXSrZPAz0CvzjIxmB1gSOf9DeZvjQvoy97HqYolxsf+B3QQv2RKBT67elF5+JisKg3/dQISelKn8LhabSoVrMlD1
+ch.			946	IN	DNSKEY	256 3 8 AwEAAcSLdT0fEmcFmLpeUkAJoeVaHKiu+nbuc43fWlqaCRVf8t2HA4uWxOk0O5ci9nrFTc8nq8oa5fk5Cj7CHh4yrX9qUCfTdIWTyp8BDEdJpS+Dyb0u9wQuVj+nQMj4fLzdQf4TJs3/qxuiLr3nL1UUwlhhXeqSqGVb7p3mtB5HJ8ad
+ch.			946	IN	RRSIG	DNSKEY 8 1 86400 20150127100909 20141212090909 46375 ch. bT8q0FWyeMH0SulNo6UdIIgZYNATwYsee2bikq2Gh339Bufma8eaqWIPYT3XKmxYPBFOw0bVl+kLZxTwbR1CFoCDXoP+qgQhh4mf9qkNiv2CDSc+0FE3FRREn+DAhYTUEuB58FPiPakFB8s8O7T+k2qhDae7jy4/y7Jl1lnjaBY8s7bzOUPhF0KKCNZmvoKwtL23ZdVeTSV1xM3jkiNnpzBKbcoSWECSGJVp1SE0BnRXdwQP41YTXFZ0310YjaTAUCC5qbMIWdEkHjfdSQtKBImnc85mkapq9w++XQ4zhauPWBtrPV3CcoCahjUaWdjrKVkibomlJZaN8MEO23CfQw==
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 893 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 11093
+;; flags: qr rd ra cd ; qd: 1 an: 3 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ingotronic.ch., type = DS, class = IN
+
+;; ANSWERS:
+ingotronic.ch.		3554	IN	DS	6031 5 2 4A948F2FDADA24686E473EDAC00DCF972584C75E3FAA92C2021B6221449FF87E
+ingotronic.ch.		3554	IN	DS	6031 5 1 733D0218B571CD617B1A7493564B9FC4F12ADE82
+ingotronic.ch.		3554	IN	RRSIG	DS 8 2 3600 20150129033614 20150105123019 60789 ch. rVPJP2HhzW7OkroK2axFj5Lb4iVWCH8Fp/Iq1rF952NDo72b8RiKje2RaAKJAGQ+wd0YgE+PAej04GCmkhlDJA/zvPeeTxuhy3HbJzReMlQ7fjyH+wW1hli+FuIYvogXWf7nO/9VyPORt8X/f/pjrOr3Vlj9sGLN8TGYpEuVSw4=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 288 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 907
+;; flags: qr aa rd ra cd ; qd: 1 an: 4 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ingotronic.ch., type = DNSKEY, class = IN
+
+;; ANSWERS:
+ingotronic.ch.		300	IN	DNSKEY	257 3 5 AwEAAeA1vzmjaB+eBAcvhzpKEgAEFpvQ1rg4uKDW6MsQtacKoqBpgyep2+LuWotz5p/xYxj3NGsArwN8Ad5cY0FHRr8miTT0elOv6nvlqGIfRuhj/BXAQ1x4ihpSFslHw0lJMYFwxsUZWpUyjWX/nv1xRZMMwF46gui0N4OEbyTYusCk77D+A71k+K0EAitFIbIH4GCUKmH1H7HmXhSVH9bN/n7KEGwW32lmsuuUcJoRKDkcUvbMXY/9Xoa2quERrUg/rBbDUHowRPjYDS5GzY1+f4YY8s40BufGiqyUTKKXL953MVFK8gmezXA0hbmrnZ7CBOw/7238mORAdzExaX8n7CE=
+ingotronic.ch.		300	IN	DNSKEY	256 3 5 AwEAAZ2Xh77GFzpEDx7EHYxShqltHgkiG+BOjBGifEmnJhQSdE5/yNSLFNcdhZZ8HUPxYnaedTqJcFFg4AzUsQklF/fECegTJdZjaj2WoL0/I8K7HMfY/hVuRZUWPNglYi8agJRX6gdkFTCpUNI7stpgKqxtzUJhhw15uG/lKMplwqUr
+ingotronic.ch.		300	IN	RRSIG	DNSKEY 5 2 300 20150125003700 20141226001657 6031 ingotronic.ch. rs1QlP2SlSpA2ELbzwg3DgWLzXWL3Lpv6CUJE2Q0qH2Zp7Qdy3cD+ZEtNh9v24Qv1M6JJ3zFt8mmZoCeW2ycuMbJCqBkW9CBuwF+VznZvZY2MxwPipvhvEEGP//0M8YAZJ66yQPDv3PTdAP8FYbIrJyvY44vwyncwbslpfHT9jAsrbfr3vuMuWps86dnP462q+0s1TxBfqi8mzo3gdavjHKWVNwohLahLKT+tWeu6DSzQv0YwMjwtkLgF7QRgx3ctIIkloOrnx9nHH1N6y+hxEB89fOlyVDjHhgL5uVtsD5fEdT0FJ2Gc/2nShEMMqIwr1/J9kUq1mNySff/uEe65Q==
+ingotronic.ch.		300	IN	RRSIG	DNSKEY 5 2 300 20150125003700 20141226001657 17430 ingotronic.ch. mEwZjhQqeWksWD0TCnNBrtce4YkWJL3edqL6PvAUu8Fn+Ih437kEs3+pqdkgRsdYQ9HW+lBm/8pWwJlNAv0bi9NykItXMwAUFtncgq+6Pnh3iAM972GXSa5VV4LcGQ5b8CBdHCHiEKDqyPv5Hr5QfYL/FQaWlcNRh4QZZlZNPFA=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 940 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 977
+;; flags: qr aa rd ra cd ; qd: 1 an: 3 au: 0 ad: 1 
+;; QUESTIONS:
+;;	nsec3.ingotronic.ch., type = DS, class = IN
+
+;; ANSWERS:
+nsec3.ingotronic.ch.	300	IN	DS	16758 7 2 3C8DC02750A1636F829B45D6E6D642866768A9CD40A013AD9D25AB63734FFA13
+nsec3.ingotronic.ch.	300	IN	DS	16758 7 1 1720FF268E09A2CB63805EC8782D10AAD20E12A5
+nsec3.ingotronic.ch.	300	IN	RRSIG	DS 5 3 300 20150125011134 20141226002644 17430 ingotronic.ch. hNurzlGhlyHbSgezPDuhIrtN9ZMsMXZbKGc7HD5rUuM88wD3fM97NxdzF+2Hi1USvBZ5GsQv63L+lAzf+mFPBoPIFHtTiAv8up7kQKRKmi/EzzkCYd/CC4UYdDZbaUyv7esh7spSOGwjPJNdK831p+MgltoWaYtnSGVMgOKk5mc=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 305 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 37865
+;; flags: qr aa rd ra cd ; qd: 1 an: 4 au: 0 ad: 1 
+;; QUESTIONS:
+;;	nsec3.ingotronic.ch., type = DNSKEY, class = IN
+
+;; ANSWERS:
+nsec3.ingotronic.ch.	300	IN	DNSKEY	257 3 7 AwEAAaBuJTf9oGyeTH3biUkAFLrsYrkodX1H7Snsui4XsDHFCBvs5XYacHbs0Jg0/O51KPjmNnjwMW8SSyDkKqYQ+9uYAf2EQ/pnD/VGQqnV2cw0Vwk/t0E2V4FUCju4pnAoyzZFZXGs1eWbX9JXu++b0Azp+ACq6485qJLzHhWDiIrPoK/SvdbFVRK4s+nPPJLH3NGBbtdz6kPq7aFWYBMoGeAZdN1wsQpcNWUo5eOmaJY53nMc7+rDpAyYlMe/FKwSZdX2ZDd63Qsa6Im4FVUJq/nWLq7tlQ/mWks15uDTQyJy/OWfA0ICCO4N9Fel9rThJNpJWEzOCblvZyBoy405kZk=
+nsec3.ingotronic.ch.	300	IN	DNSKEY	256 3 7 AwEAAccAWxkTVGZ6UAp0VEozAlYpARhbh6Y6tYOl6Fg3UeBNFFtDQ9fTEEt1NkbnR9u8KkpVN6a67avlYiUN1egDqEwzDU7R1Rw+/USdhm2hqOARmmu3DBgjjX/iXjZLyv310cOGFJZ/smcodlDL4pDAAoPxh/qs6KEBaT0sc1KWcGq3
+nsec3.ingotronic.ch.	300	IN	RRSIG	DNSKEY 7 3 300 20150125001457 20141226000444 16758 nsec3.ingotronic.ch. mXi1ylDi8XkRPup+YlT8GPdYE+P7gb6+/VdAwtodI916IzrkGkOHOTLbnrbAqqJOh0HxVCYXdxovmEcbJKUFKwplrQg3XD7/9Sq4pKU1MhMFEGrm/QPkM4u0mgjQwyToDLGuPHuFyur3FSjO/n54uGhAEft9JOFk/WKtWdCnm2LLyQrpC6herA3efFaI8kZhdoEY02AwihWVJxHasmz7lOoKRgNrkfELU+fN4+V7ISsRfJMyZc6q5PuNeG6vFD0uNE8tpdLJCSMurKYVpelvYqzFIcRTYcIjXwmS+L3DGjupqWMzFZVmpQM62JG3KCCD0ffpnNb0nWoSoHwpSeh/3Q==
+nsec3.ingotronic.ch.	300	IN	RRSIG	DNSKEY 7 3 300 20150125001457 20141226000444 62417 nsec3.ingotronic.ch. PyCrf8T5dAfJzapb1p+kcTALPjDuD2niSaXXo0KeHAunT+6gJicLML2S/ZpiYr7X7Ma4Z0TYqE02qH6pcLYNnSgv9BE8sZO0nRtPekSyTy5nLi4hFADYhjb3UjaB85qmQZcqm64vC/CJhWO4t6Eixg/5MYALw+Qdy5Fo0qy/U5E=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 958 bytes
+
+###############################################
+
diff --git a/src/test/resources/recordings/org_xbill_DNS_dnssec_TestNsec3ValUtils/testNsecEcdsa256 b/src/test/resources/recordings/org_xbill_DNS_dnssec_TestNsec3ValUtils/testNsecEcdsa256
new file mode 100644
index 000000000..c7dfe7398
--- /dev/null
+++ b/src/test/resources/recordings/org_xbill_DNS_dnssec_TestNsec3ValUtils/testNsecEcdsa256
@@ -0,0 +1,161 @@
+#Date: 2015-01-06T22:35:30+01:00
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 12560
+;; flags: qr aa rd ra cd ; qd: 1 an: 2 au: 4 ad: 3 
+;; QUESTIONS:
+;;	www.wc.nsec3-ecdsa256.ingotronic.ch., type = A, class = IN
+
+;; ANSWERS:
+www.wc.nsec3-ecdsa256.ingotronic.ch.	300	IN	A	127.0.0.2
+www.wc.nsec3-ecdsa256.ingotronic.ch.	300	IN	RRSIG	A 13 4 300 20150125011638 20141226004859 11718 nsec3-ecdsa256.ingotronic.ch. hGzbQF4VEX6ElyuHpiWGZjbn3w4Kgs8JSd4gF1WhP1a6R+dXuV8MQiM6QGANd2w1ZsyTNcG48Oh6uDXbaydGNQ==
+
+;; AUTHORITY RECORDS:
+nsec3-ecdsa256.ingotronic.ch.	300	IN	NS	ns1.ingotronic.ch.
+nsec3-ecdsa256.ingotronic.ch.	300	IN	RRSIG	NS 13 3 300 20150125011658 20141226003607 11718 nsec3-ecdsa256.ingotronic.ch. +4TGfjT5xeiYyaO4djJ7l8UieBWAS6xItC8o4gbz7aquazQs1soT+rAw1g+3c4K7XBc9BSfXwS4z0rqKpJ2IhA==
+10VLR9985NIK55R4PDCL4C86BA92RJKP.nsec3-ecdsa256.ingotronic.ch.	300	IN	NSEC3	1 0 10 1234 31LKSGKTRGKLURR153AK64J90ET1Q7VS
+10VLR9985NIK55R4PDCL4C86BA92RJKP.nsec3-ecdsa256.ingotronic.ch.	300	IN	RRSIG	NSEC3 13 4 300 20150125004222 20141226002655 11718 nsec3-ecdsa256.ingotronic.ch. o0DVYmgeaLhxcKdd5OwIV+aqYjiLwiqVh2AHUy8/GrvdegZSMuI8i7rzuxzmMvchyWYc+aqiIsdF5HfkbBeX+g==
+
+;; ADDITIONAL RECORDS:
+ns1.ingotronic.ch.	300	IN	A	62.192.5.131
+ns1.ingotronic.ch.	300	IN	RRSIG	A 5 3 300 20150125005754 20141226001054 17430 ingotronic.ch. fNG1RZM53pXwBxruHNaSZszxVzNLoCq8VZsTjAzYH2vSLzHXYVGJFTLIeY0K9APAdyJU8WuwmABmn7XY0Kg39kRG77uoFlqUws2PdTz2QKOwJGZY7W88Ak2Y9lkDBcK8o3wJHVptrT8R7p/1U7UfjF0kqPUkakk2B0EbFWdagFg=
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 732 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 54921
+;; flags: qr rd ra ad cd ; qd: 1 an: 4 au: 0 ad: 1 
+;; QUESTIONS:
+;;	., type = DNSKEY, class = IN
+
+;; ANSWERS:
+.			87343	IN	DNSKEY	257 3 8 AwEAAagAIKlVZrpC6Ia7gEzahOR+9W29euxhJhVVLOyQbSEW0O8gcCjFFVQUTf6v58fLjwBd0YI0EzrAcQqBGCzh/RStIoO8g0NfnfL2MTJRkxoXbfDaUeVPQuYEhg37NZWAJQ9VnMVDxP/VHL496M/QZxkjf5/Efucp2gaDX6RS6CXpoY68LsvPVjR0ZSwzz1apAzvN9dlzEheX7ICJBBtuA6G3LQpzW5hOA2hzCTMjJPJ8LbqF6dsV6DoBQzgul0sGIcGOYl7OyQdXfZ57relSQageu+ipAdTTJ25AsRTAoub8ONGcLmqrAmRLKBP1dfwhYB4N7knNnulqQxA+Uk1ihz0=
+.			87343	IN	DNSKEY	256 3 8 AwEAAe3fSrbLBy3LOS7pnxEUhvPZTE2H5dIGsI/UfruI/nOEvWWa/PSX2BFedBkEqOlYdjdNF2f+6lmfk2Od/xu0v5bVqxFE+/24v3hZSlWBxvXzPTAGHrbW/IJYEPqlzVOAS4XdUgHg0N7IbLywNHMvB+Yf+Nm6ctyXXFLV4WTNnzs7
+.			87343	IN	DNSKEY	256 3 8 AwEAAaPD7Y7XIi1MOEREJNTrRhyqsY3gff6JWzg+XCbqut1sbcbvqyssHw8DT1AkRaAC92pO8xuyq5QEgEPL1IHfABLwpwXI5gTj4gdwi86bpkmlWs9fRpnn4DPDCTdrnxIejJXgClHikLJF3u3CdpNCMijq4CKdQbMlRZ3avv+G7rh7
+.			87343	IN	RRSIG	DNSKEY 8 0 172800 20150115235959 20150101000000 19036 . i8cAxD2pvQi1oAyvQxRpDfFlbqPzW+69QQEsDwE1eWOm5AtawO9U7lmsGps7sy/fVNvl1ljKBj4Djp9pb3U2FLogjiIlW0cDAkPmLlG9t+b/pjEfBNlhjANUVN06pvQVAfm+LcF26EaWT6FlISBqb6jSy4BHRa3Bdc4Sx7+pRSYSqVVvYxLkfAWsKPqGkvWhebJDndJJV9syXQXgZ+v/uJ+6XOS43xkAdeL8iBzIs/FlwMTfh3tVe3d0lb65IBBLlCzeQuetX+0Vu1YFcnD0mHc/wS2ZnAV5toAFmyVQBoY/XAZiZeaOkcROJ6Zmqezy7liwK7BqsYyAZntMhk8lbg==
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 883 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 18027
+;; flags: qr rd ra ad cd ; qd: 1 an: 2 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ch., type = DS, class = IN
+
+;; ANSWERS:
+ch.			943	IN	DS	46375 8 2 8F96646FC68BB7E4AF4C0750A6096FBC0D4ECDA3D3FA6DA06FDDB42EE50C6CF3
+ch.			943	IN	RRSIG	DS 8 1 86400 20150112170000 20150105160000 16665 . thY7xYWBBxiBjqbQIb9fAG4TmQgnziwM7q6P1T3/ITxmECdvOCQnnZA3uD7qmN8uM0HudsD7+y+zgD3rsH4RSTKdL4kHSI0OnCxToMTvklghEgFDezqIRm8NkWdI2H4Stwrj20nYKSpLQxPI2EE54gs18P3KyO8bAUYv8Qx73xU=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 238 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 53874
+;; flags: qr rd ra ad cd ; qd: 1 an: 4 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ch., type = DNSKEY, class = IN
+
+;; ANSWERS:
+ch.			944	IN	DNSKEY	256 3 8 AwEAAcsg0kY6fw1wzYMhSAKTy+Y2JzAst66P/1odp9NECJJHbU8f4nwziI3onoFSBV0ZiSZhY1aH5dhdDZ7BkrqhVXSrZPAz0CvzjIxmB1gSOf9DeZvjQvoy97HqYolxsf+B3QQv2RKBT67elF5+JisKg3/dQISelKn8LhabSoVrMlD1
+ch.			944	IN	DNSKEY	257 3 8 AwEAAb7GhhZ8IAy/AhwmSms5DeQK5ad09wIIplEpYoiAIYXPtJvT1ReFzyfTp/2YP+g/PWDwHPh4qKAHa9x0VgbIQcGAeNakmfkAdWEmCnca323/SAml3mwfaX62G7/uYWae5zh8QTxZKNd+K1yZ5x0IxnI31chSl5xymRbTEHYZDKwSIRFM3fTxUMt93WFaBVWELReYotJBr++rvAWdnlay5TPBTvheLBkaiqtgM4GP8HK07Y+86lsZnEsj5K3G1KTV5SPpa82rqYAwxG9VKbmSE/6/kBR5jJHjt1rRt5Oe7v18aEtw0YCEN4vxq+KuvMoNVqXUsE9LBwHJD+QNwi6wmB0=
+ch.			944	IN	DNSKEY	256 3 8 AwEAAcSLdT0fEmcFmLpeUkAJoeVaHKiu+nbuc43fWlqaCRVf8t2HA4uWxOk0O5ci9nrFTc8nq8oa5fk5Cj7CHh4yrX9qUCfTdIWTyp8BDEdJpS+Dyb0u9wQuVj+nQMj4fLzdQf4TJs3/qxuiLr3nL1UUwlhhXeqSqGVb7p3mtB5HJ8ad
+ch.			944	IN	RRSIG	DNSKEY 8 1 86400 20150127100909 20141212090909 46375 ch. bT8q0FWyeMH0SulNo6UdIIgZYNATwYsee2bikq2Gh339Bufma8eaqWIPYT3XKmxYPBFOw0bVl+kLZxTwbR1CFoCDXoP+qgQhh4mf9qkNiv2CDSc+0FE3FRREn+DAhYTUEuB58FPiPakFB8s8O7T+k2qhDae7jy4/y7Jl1lnjaBY8s7bzOUPhF0KKCNZmvoKwtL23ZdVeTSV1xM3jkiNnpzBKbcoSWECSGJVp1SE0BnRXdwQP41YTXFZ0310YjaTAUCC5qbMIWdEkHjfdSQtKBImnc85mkapq9w++XQ4zhauPWBtrPV3CcoCahjUaWdjrKVkibomlJZaN8MEO23CfQw==
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 893 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 54600
+;; flags: qr rd ra cd ; qd: 1 an: 3 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ingotronic.ch., type = DS, class = IN
+
+;; ANSWERS:
+ingotronic.ch.		3552	IN	DS	6031 5 1 733D0218B571CD617B1A7493564B9FC4F12ADE82
+ingotronic.ch.		3552	IN	DS	6031 5 2 4A948F2FDADA24686E473EDAC00DCF972584C75E3FAA92C2021B6221449FF87E
+ingotronic.ch.		3552	IN	RRSIG	DS 8 2 3600 20150129033614 20150105123019 60789 ch. rVPJP2HhzW7OkroK2axFj5Lb4iVWCH8Fp/Iq1rF952NDo72b8RiKje2RaAKJAGQ+wd0YgE+PAej04GCmkhlDJA/zvPeeTxuhy3HbJzReMlQ7fjyH+wW1hli+FuIYvogXWf7nO/9VyPORt8X/f/pjrOr3Vlj9sGLN8TGYpEuVSw4=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 288 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 20701
+;; flags: qr aa rd ra cd ; qd: 1 an: 4 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ingotronic.ch., type = DNSKEY, class = IN
+
+;; ANSWERS:
+ingotronic.ch.		300	IN	DNSKEY	256 3 5 AwEAAZ2Xh77GFzpEDx7EHYxShqltHgkiG+BOjBGifEmnJhQSdE5/yNSLFNcdhZZ8HUPxYnaedTqJcFFg4AzUsQklF/fECegTJdZjaj2WoL0/I8K7HMfY/hVuRZUWPNglYi8agJRX6gdkFTCpUNI7stpgKqxtzUJhhw15uG/lKMplwqUr
+ingotronic.ch.		300	IN	DNSKEY	257 3 5 AwEAAeA1vzmjaB+eBAcvhzpKEgAEFpvQ1rg4uKDW6MsQtacKoqBpgyep2+LuWotz5p/xYxj3NGsArwN8Ad5cY0FHRr8miTT0elOv6nvlqGIfRuhj/BXAQ1x4ihpSFslHw0lJMYFwxsUZWpUyjWX/nv1xRZMMwF46gui0N4OEbyTYusCk77D+A71k+K0EAitFIbIH4GCUKmH1H7HmXhSVH9bN/n7KEGwW32lmsuuUcJoRKDkcUvbMXY/9Xoa2quERrUg/rBbDUHowRPjYDS5GzY1+f4YY8s40BufGiqyUTKKXL953MVFK8gmezXA0hbmrnZ7CBOw/7238mORAdzExaX8n7CE=
+ingotronic.ch.		300	IN	RRSIG	DNSKEY 5 2 300 20150125003700 20141226001657 6031 ingotronic.ch. rs1QlP2SlSpA2ELbzwg3DgWLzXWL3Lpv6CUJE2Q0qH2Zp7Qdy3cD+ZEtNh9v24Qv1M6JJ3zFt8mmZoCeW2ycuMbJCqBkW9CBuwF+VznZvZY2MxwPipvhvEEGP//0M8YAZJ66yQPDv3PTdAP8FYbIrJyvY44vwyncwbslpfHT9jAsrbfr3vuMuWps86dnP462q+0s1TxBfqi8mzo3gdavjHKWVNwohLahLKT+tWeu6DSzQv0YwMjwtkLgF7QRgx3ctIIkloOrnx9nHH1N6y+hxEB89fOlyVDjHhgL5uVtsD5fEdT0FJ2Gc/2nShEMMqIwr1/J9kUq1mNySff/uEe65Q==
+ingotronic.ch.		300	IN	RRSIG	DNSKEY 5 2 300 20150125003700 20141226001657 17430 ingotronic.ch. mEwZjhQqeWksWD0TCnNBrtce4YkWJL3edqL6PvAUu8Fn+Ih437kEs3+pqdkgRsdYQ9HW+lBm/8pWwJlNAv0bi9NykItXMwAUFtncgq+6Pnh3iAM972GXSa5VV4LcGQ5b8CBdHCHiEKDqyPv5Hr5QfYL/FQaWlcNRh4QZZlZNPFA=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 940 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 16374
+;; flags: qr aa rd ra cd ; qd: 1 an: 3 au: 0 ad: 1 
+;; QUESTIONS:
+;;	nsec3-ecdsa256.ingotronic.ch., type = DS, class = IN
+
+;; ANSWERS:
+nsec3-ecdsa256.ingotronic.ch.	300	IN	DS	24801 13 2 88CCE5FCE4A356E10AD5ECA8EEED7EC8814277CE4791A94FE1A49B50BBB948FF
+nsec3-ecdsa256.ingotronic.ch.	300	IN	DS	24801 13 1 7E9B512FE0840FB596EA82894BA7FF4A7B052732
+nsec3-ecdsa256.ingotronic.ch.	300	IN	RRSIG	DS 5 3 300 20150125004144 20141226003211 17430 ingotronic.ch. f57P+OkQdUyTus3thb8doi0qQ3whVRetDl6Sj2joISJ+Hmc+uG5Vzw8GAbLow3yumIHMGg6D59h/IKbJi5BA6F/ivr+LxWUm3XbJhLhNZpN3Pn8w0FuciH5Afu8gp0ohzA2Jc1n6vNF1DF5KUMqyUUm/lJLlDHAH7qCSvcHt7mo=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 314 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 27735
+;; flags: qr aa rd ra cd ; qd: 1 an: 4 au: 0 ad: 1 
+;; QUESTIONS:
+;;	nsec3-ecdsa256.ingotronic.ch., type = DNSKEY, class = IN
+
+;; ANSWERS:
+nsec3-ecdsa256.ingotronic.ch.	300	IN	DNSKEY	256 3 13 TMiIf94UMj0oa7VwU25gnE4rxFs2nO/eSHFrR/juBKbk+bCgLHM4rKH4VvssNHmn5vvsvjuZtMtePwuS2YIm6w==
+nsec3-ecdsa256.ingotronic.ch.	300	IN	DNSKEY	257 3 13 Ten7/v9T+PaV9C9wWvFfxE/Yl9KVCMSWd+2a/hqDyNtywhcxr0yVBB9/QmM9Fl1vgaac6bZgGNEZWXptv1FXaQ==
+nsec3-ecdsa256.ingotronic.ch.	300	IN	RRSIG	DNSKEY 13 3 300 20150125011658 20141226003607 11718 nsec3-ecdsa256.ingotronic.ch. Q4P4J3hiheLNMFxvOP9wKMwmtPT+0khpAmNZKh6sF68/O/S7TTAnpI8Ku13fNvJYFwL9buEl5aPe3tRAZHmZBw==
+nsec3-ecdsa256.ingotronic.ch.	300	IN	RRSIG	DNSKEY 13 3 300 20150125011658 20141226003607 24801 nsec3-ecdsa256.ingotronic.ch. hXrbEWZUZlmf+sjRg0jx/sbolBLZ3Trd+F4Pf2iy9DTkCPSrHzWKKOoie/ovF1QLLETxmbqrXHSZBuJamlpoIg==
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 465 bytes
+
+###############################################
+
diff --git a/src/test/resources/recordings/org_xbill_DNS_dnssec_TestNsec3ValUtils/testNsecEcdsa384 b/src/test/resources/recordings/org_xbill_DNS_dnssec_TestNsec3ValUtils/testNsecEcdsa384
new file mode 100644
index 000000000..76618b0c6
--- /dev/null
+++ b/src/test/resources/recordings/org_xbill_DNS_dnssec_TestNsec3ValUtils/testNsecEcdsa384
@@ -0,0 +1,161 @@
+#Date: 2015-01-06T22:35:31+01:00
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 21233
+;; flags: qr aa rd ra cd ; qd: 1 an: 2 au: 4 ad: 3 
+;; QUESTIONS:
+;;	www.wc.nsec3-ecdsa384.ingotronic.ch., type = A, class = IN
+
+;; ANSWERS:
+www.wc.nsec3-ecdsa384.ingotronic.ch.	300	IN	A	127.0.0.2
+www.wc.nsec3-ecdsa384.ingotronic.ch.	300	IN	RRSIG	A 14 4 300 20150125000743 20141225234740 39491 nsec3-ecdsa384.ingotronic.ch. Yd8elljgUjLfYSy0rY7gBfttrig42BNNzSm1WhS5bmHzmJylFnRVM25b91yqAW2ccinrOcaNdIDE5bX9WXUPumLHJc5X/Kn1GIHCcQScoC0tr8BTD4526o79lVuVnTc4
+
+;; AUTHORITY RECORDS:
+nsec3-ecdsa384.ingotronic.ch.	300	IN	NS	ns1.ingotronic.ch.
+nsec3-ecdsa384.ingotronic.ch.	300	IN	RRSIG	NS 14 3 300 20150125005853 20141226004214 39491 nsec3-ecdsa384.ingotronic.ch. KIiuzqJsmy8xRJqdd7IvpBjQiUqiEPz5XxySWS8slHB3hmhW9fsdzjfHA15Z22lUoRIXYXGATOjZxfBntPPvtQ47TNq8qaxt8xxAkXNM9Xr/3kdMYctelGRW4Bu5Lzeo
+BJF4RC63JPAP9OEN6NMVFBLTG3RT824D.nsec3-ecdsa384.ingotronic.ch.	300	IN	NSEC3	1 0 10 1234 EHFCGCNSUDQECLCVFJAKPSAPU6IJGP5D CNAME RRSIG
+BJF4RC63JPAP9OEN6NMVFBLTG3RT824D.nsec3-ecdsa384.ingotronic.ch.	300	IN	RRSIG	NSEC3 14 4 300 20150125010505 20141226003022 39491 nsec3-ecdsa384.ingotronic.ch. nFYeW0c9S2OoiCWVishsl58AtLOYUSwDkNPpPaDYQm1i+Q0UdGOXnk+Yw9MiXj7wcvl1jaAkbMLAn6WaRocOdAQl2S7l2QN/6ZdX02y6yJPfRDIShYW2b+WSrbEG/fsr
+
+;; ADDITIONAL RECORDS:
+ns1.ingotronic.ch.	300	IN	A	62.192.5.131
+ns1.ingotronic.ch.	300	IN	RRSIG	A 5 3 300 20150125005754 20141226001054 17430 ingotronic.ch. fNG1RZM53pXwBxruHNaSZszxVzNLoCq8VZsTjAzYH2vSLzHXYVGJFTLIeY0K9APAdyJU8WuwmABmn7XY0Kg39kRG77uoFlqUws2PdTz2QKOwJGZY7W88Ak2Y9lkDBcK8o3wJHVptrT8R7p/1U7UfjF0kqPUkakk2B0EbFWdagFg=
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 836 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 38908
+;; flags: qr rd ra ad cd ; qd: 1 an: 4 au: 0 ad: 1 
+;; QUESTIONS:
+;;	., type = DNSKEY, class = IN
+
+;; ANSWERS:
+.			87342	IN	DNSKEY	256 3 8 AwEAAaPD7Y7XIi1MOEREJNTrRhyqsY3gff6JWzg+XCbqut1sbcbvqyssHw8DT1AkRaAC92pO8xuyq5QEgEPL1IHfABLwpwXI5gTj4gdwi86bpkmlWs9fRpnn4DPDCTdrnxIejJXgClHikLJF3u3CdpNCMijq4CKdQbMlRZ3avv+G7rh7
+.			87342	IN	DNSKEY	257 3 8 AwEAAagAIKlVZrpC6Ia7gEzahOR+9W29euxhJhVVLOyQbSEW0O8gcCjFFVQUTf6v58fLjwBd0YI0EzrAcQqBGCzh/RStIoO8g0NfnfL2MTJRkxoXbfDaUeVPQuYEhg37NZWAJQ9VnMVDxP/VHL496M/QZxkjf5/Efucp2gaDX6RS6CXpoY68LsvPVjR0ZSwzz1apAzvN9dlzEheX7ICJBBtuA6G3LQpzW5hOA2hzCTMjJPJ8LbqF6dsV6DoBQzgul0sGIcGOYl7OyQdXfZ57relSQageu+ipAdTTJ25AsRTAoub8ONGcLmqrAmRLKBP1dfwhYB4N7knNnulqQxA+Uk1ihz0=
+.			87342	IN	DNSKEY	256 3 8 AwEAAe3fSrbLBy3LOS7pnxEUhvPZTE2H5dIGsI/UfruI/nOEvWWa/PSX2BFedBkEqOlYdjdNF2f+6lmfk2Od/xu0v5bVqxFE+/24v3hZSlWBxvXzPTAGHrbW/IJYEPqlzVOAS4XdUgHg0N7IbLywNHMvB+Yf+Nm6ctyXXFLV4WTNnzs7
+.			87342	IN	RRSIG	DNSKEY 8 0 172800 20150115235959 20150101000000 19036 . i8cAxD2pvQi1oAyvQxRpDfFlbqPzW+69QQEsDwE1eWOm5AtawO9U7lmsGps7sy/fVNvl1ljKBj4Djp9pb3U2FLogjiIlW0cDAkPmLlG9t+b/pjEfBNlhjANUVN06pvQVAfm+LcF26EaWT6FlISBqb6jSy4BHRa3Bdc4Sx7+pRSYSqVVvYxLkfAWsKPqGkvWhebJDndJJV9syXQXgZ+v/uJ+6XOS43xkAdeL8iBzIs/FlwMTfh3tVe3d0lb65IBBLlCzeQuetX+0Vu1YFcnD0mHc/wS2ZnAV5toAFmyVQBoY/XAZiZeaOkcROJ6Zmqezy7liwK7BqsYyAZntMhk8lbg==
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 883 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 9434
+;; flags: qr rd ra ad cd ; qd: 1 an: 2 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ch., type = DS, class = IN
+
+;; ANSWERS:
+ch.			942	IN	DS	46375 8 2 8F96646FC68BB7E4AF4C0750A6096FBC0D4ECDA3D3FA6DA06FDDB42EE50C6CF3
+ch.			942	IN	RRSIG	DS 8 1 86400 20150112170000 20150105160000 16665 . thY7xYWBBxiBjqbQIb9fAG4TmQgnziwM7q6P1T3/ITxmECdvOCQnnZA3uD7qmN8uM0HudsD7+y+zgD3rsH4RSTKdL4kHSI0OnCxToMTvklghEgFDezqIRm8NkWdI2H4Stwrj20nYKSpLQxPI2EE54gs18P3KyO8bAUYv8Qx73xU=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 238 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 53000
+;; flags: qr rd ra ad cd ; qd: 1 an: 4 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ch., type = DNSKEY, class = IN
+
+;; ANSWERS:
+ch.			943	IN	DNSKEY	256 3 8 AwEAAcsg0kY6fw1wzYMhSAKTy+Y2JzAst66P/1odp9NECJJHbU8f4nwziI3onoFSBV0ZiSZhY1aH5dhdDZ7BkrqhVXSrZPAz0CvzjIxmB1gSOf9DeZvjQvoy97HqYolxsf+B3QQv2RKBT67elF5+JisKg3/dQISelKn8LhabSoVrMlD1
+ch.			943	IN	DNSKEY	257 3 8 AwEAAb7GhhZ8IAy/AhwmSms5DeQK5ad09wIIplEpYoiAIYXPtJvT1ReFzyfTp/2YP+g/PWDwHPh4qKAHa9x0VgbIQcGAeNakmfkAdWEmCnca323/SAml3mwfaX62G7/uYWae5zh8QTxZKNd+K1yZ5x0IxnI31chSl5xymRbTEHYZDKwSIRFM3fTxUMt93WFaBVWELReYotJBr++rvAWdnlay5TPBTvheLBkaiqtgM4GP8HK07Y+86lsZnEsj5K3G1KTV5SPpa82rqYAwxG9VKbmSE/6/kBR5jJHjt1rRt5Oe7v18aEtw0YCEN4vxq+KuvMoNVqXUsE9LBwHJD+QNwi6wmB0=
+ch.			943	IN	DNSKEY	256 3 8 AwEAAcSLdT0fEmcFmLpeUkAJoeVaHKiu+nbuc43fWlqaCRVf8t2HA4uWxOk0O5ci9nrFTc8nq8oa5fk5Cj7CHh4yrX9qUCfTdIWTyp8BDEdJpS+Dyb0u9wQuVj+nQMj4fLzdQf4TJs3/qxuiLr3nL1UUwlhhXeqSqGVb7p3mtB5HJ8ad
+ch.			943	IN	RRSIG	DNSKEY 8 1 86400 20150127100909 20141212090909 46375 ch. bT8q0FWyeMH0SulNo6UdIIgZYNATwYsee2bikq2Gh339Bufma8eaqWIPYT3XKmxYPBFOw0bVl+kLZxTwbR1CFoCDXoP+qgQhh4mf9qkNiv2CDSc+0FE3FRREn+DAhYTUEuB58FPiPakFB8s8O7T+k2qhDae7jy4/y7Jl1lnjaBY8s7bzOUPhF0KKCNZmvoKwtL23ZdVeTSV1xM3jkiNnpzBKbcoSWECSGJVp1SE0BnRXdwQP41YTXFZ0310YjaTAUCC5qbMIWdEkHjfdSQtKBImnc85mkapq9w++XQ4zhauPWBtrPV3CcoCahjUaWdjrKVkibomlJZaN8MEO23CfQw==
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 893 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 13857
+;; flags: qr rd ra cd ; qd: 1 an: 3 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ingotronic.ch., type = DS, class = IN
+
+;; ANSWERS:
+ingotronic.ch.		3551	IN	DS	6031 5 2 4A948F2FDADA24686E473EDAC00DCF972584C75E3FAA92C2021B6221449FF87E
+ingotronic.ch.		3551	IN	DS	6031 5 1 733D0218B571CD617B1A7493564B9FC4F12ADE82
+ingotronic.ch.		3551	IN	RRSIG	DS 8 2 3600 20150129033614 20150105123019 60789 ch. rVPJP2HhzW7OkroK2axFj5Lb4iVWCH8Fp/Iq1rF952NDo72b8RiKje2RaAKJAGQ+wd0YgE+PAej04GCmkhlDJA/zvPeeTxuhy3HbJzReMlQ7fjyH+wW1hli+FuIYvogXWf7nO/9VyPORt8X/f/pjrOr3Vlj9sGLN8TGYpEuVSw4=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 288 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 18602
+;; flags: qr aa rd ra cd ; qd: 1 an: 4 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ingotronic.ch., type = DNSKEY, class = IN
+
+;; ANSWERS:
+ingotronic.ch.		300	IN	DNSKEY	257 3 5 AwEAAeA1vzmjaB+eBAcvhzpKEgAEFpvQ1rg4uKDW6MsQtacKoqBpgyep2+LuWotz5p/xYxj3NGsArwN8Ad5cY0FHRr8miTT0elOv6nvlqGIfRuhj/BXAQ1x4ihpSFslHw0lJMYFwxsUZWpUyjWX/nv1xRZMMwF46gui0N4OEbyTYusCk77D+A71k+K0EAitFIbIH4GCUKmH1H7HmXhSVH9bN/n7KEGwW32lmsuuUcJoRKDkcUvbMXY/9Xoa2quERrUg/rBbDUHowRPjYDS5GzY1+f4YY8s40BufGiqyUTKKXL953MVFK8gmezXA0hbmrnZ7CBOw/7238mORAdzExaX8n7CE=
+ingotronic.ch.		300	IN	DNSKEY	256 3 5 AwEAAZ2Xh77GFzpEDx7EHYxShqltHgkiG+BOjBGifEmnJhQSdE5/yNSLFNcdhZZ8HUPxYnaedTqJcFFg4AzUsQklF/fECegTJdZjaj2WoL0/I8K7HMfY/hVuRZUWPNglYi8agJRX6gdkFTCpUNI7stpgKqxtzUJhhw15uG/lKMplwqUr
+ingotronic.ch.		300	IN	RRSIG	DNSKEY 5 2 300 20150125003700 20141226001657 6031 ingotronic.ch. rs1QlP2SlSpA2ELbzwg3DgWLzXWL3Lpv6CUJE2Q0qH2Zp7Qdy3cD+ZEtNh9v24Qv1M6JJ3zFt8mmZoCeW2ycuMbJCqBkW9CBuwF+VznZvZY2MxwPipvhvEEGP//0M8YAZJ66yQPDv3PTdAP8FYbIrJyvY44vwyncwbslpfHT9jAsrbfr3vuMuWps86dnP462q+0s1TxBfqi8mzo3gdavjHKWVNwohLahLKT+tWeu6DSzQv0YwMjwtkLgF7QRgx3ctIIkloOrnx9nHH1N6y+hxEB89fOlyVDjHhgL5uVtsD5fEdT0FJ2Gc/2nShEMMqIwr1/J9kUq1mNySff/uEe65Q==
+ingotronic.ch.		300	IN	RRSIG	DNSKEY 5 2 300 20150125003700 20141226001657 17430 ingotronic.ch. mEwZjhQqeWksWD0TCnNBrtce4YkWJL3edqL6PvAUu8Fn+Ih437kEs3+pqdkgRsdYQ9HW+lBm/8pWwJlNAv0bi9NykItXMwAUFtncgq+6Pnh3iAM972GXSa5VV4LcGQ5b8CBdHCHiEKDqyPv5Hr5QfYL/FQaWlcNRh4QZZlZNPFA=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 940 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 27656
+;; flags: qr aa rd ra cd ; qd: 1 an: 3 au: 0 ad: 1 
+;; QUESTIONS:
+;;	nsec3-ecdsa384.ingotronic.ch., type = DS, class = IN
+
+;; ANSWERS:
+nsec3-ecdsa384.ingotronic.ch.	300	IN	DS	899 14 2 A5F35102F5DF2856F2003049D030740D4BAD1EEC72ACCC3402C279F873A34B5A
+nsec3-ecdsa384.ingotronic.ch.	300	IN	DS	899 14 1 29AA736895A3A3F8B3C5C0309C017EFF90FEB343
+nsec3-ecdsa384.ingotronic.ch.	300	IN	RRSIG	DS 5 3 300 20150125011134 20141226002644 17430 ingotronic.ch. hJVcDnmPA0OetM2f8sbWmQXhvu0GfKQhR57a3OIMZwJRDScZ/hl15v2jMzPvekB+4hHn8Zf9akDzkrUcLFbCL+5VzXuXtjRElLHVvRN//8+xb5FF3gfKXy9SvrGnYsm8ZDjih1zS9mCI1n+krAdw2nDcOwWD6HCPW96yEtFocas=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 314 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 28870
+;; flags: qr aa rd ra cd ; qd: 1 an: 4 au: 0 ad: 1 
+;; QUESTIONS:
+;;	nsec3-ecdsa384.ingotronic.ch., type = DNSKEY, class = IN
+
+;; ANSWERS:
+nsec3-ecdsa384.ingotronic.ch.	300	IN	DNSKEY	256 3 14 68j+WI9Rs6vK68I0R3UqfzqUhloOrZFI6fn6AHRpPdinUmZ63ATp6K4jED8Bea7d6/96/vKCl6aUo8as7sNxtVcE7x93Htsz7JEV7a3tUtkam3C9YuC3m8+VdF35agSL
+nsec3-ecdsa384.ingotronic.ch.	300	IN	DNSKEY	257 3 14 hQcr8vExudFuOusjGrfTC5V4JecOJQ2/ahtNRqTpIVafQG+iZ9aiOeaHRmw6oIB7E/LJKtXr99PQwA4fqrxXlEbc+OhG8iSNgYD9LoG2psmpeoqyVsOY2bYmBw7XD2/c
+nsec3-ecdsa384.ingotronic.ch.	300	IN	RRSIG	DNSKEY 14 3 300 20150125002339 20141225233316 899 nsec3-ecdsa384.ingotronic.ch. PO4InPbCNmcJ77b4heo/zQhqPx4/92RhBRDquDDp8TKYb57F86lZLnJX+YSnLx4ZTs/eCaWBwNBTiqN+XUKINBETCC2SD8ygYGmofmUANU9bZoOmB0DQ5xH+cpSuMUAR
+nsec3-ecdsa384.ingotronic.ch.	300	IN	RRSIG	DNSKEY 14 3 300 20150125002339 20141225233316 39491 nsec3-ecdsa384.ingotronic.ch. DVa/mHiv5pYDvzC6jHY0d6i8gfKAZGzFttXizD2y9supRNiII5Ji9COjQ43aG7mcO2DI9VgUoRcd+XKdC5Nn/0t2y80G7Y3YsNpgZ4sKbxaHahxEZAxIqAUST1Rb3+Gy
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 593 bytes
+
+###############################################
+
diff --git a/src/test/resources/recordings/org_xbill_DNS_dnssec_TestNsec3ValUtils/testTooLargeIterationCountMustThrow b/src/test/resources/recordings/org_xbill_DNS_dnssec_TestNsec3ValUtils/testTooLargeIterationCountMustThrow
new file mode 100644
index 000000000..c3ac89419
--- /dev/null
+++ b/src/test/resources/recordings/org_xbill_DNS_dnssec_TestNsec3ValUtils/testTooLargeIterationCountMustThrow
@@ -0,0 +1 @@
+#Date: 2015-01-06T22:35:28+01:00
diff --git a/src/test/resources/recordings/org_xbill_DNS_dnssec_TestNsec3ValUtilsPublicKeyLoading/testPublicKeyLoadingException b/src/test/resources/recordings/org_xbill_DNS_dnssec_TestNsec3ValUtilsPublicKeyLoading/testPublicKeyLoadingException
new file mode 100644
index 000000000..c5db4bfe6
--- /dev/null
+++ b/src/test/resources/recordings/org_xbill_DNS_dnssec_TestNsec3ValUtilsPublicKeyLoading/testPublicKeyLoadingException
@@ -0,0 +1,161 @@
+#Date: 2015-01-06T22:35:27+01:00
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 7616
+;; flags: qr aa rd ra cd ; qd: 1 an: 2 au: 4 ad: 3 
+;; QUESTIONS:
+;;	www.wc.nsec3.ingotronic.ch., type = A, class = IN
+
+;; ANSWERS:
+www.wc.nsec3.ingotronic.ch.	300	IN	A	127.0.0.2
+www.wc.nsec3.ingotronic.ch.	300	IN	RRSIG	A 7 4 300 20150125011553 20141226004758 62417 nsec3.ingotronic.ch. dIDse8tpnBhl5X20CZ5c8rO8cuj9dKMeA/qiyQYEqEFp1QnnVawapqDh1pCrJhBxcKnT7THqKSP6XpDIQA70jcHSecAVRqBZBA2coWZTSOi3dnsARJfIueh8kpsmtYsn6ejuG+7sroQKH9Niu4xoi433ez7Anr9itet9kAP9dmA=
+
+;; AUTHORITY RECORDS:
+nsec3.ingotronic.ch.	300	IN	NS	ns1.ingotronic.ch.
+nsec3.ingotronic.ch.	300	IN	RRSIG	NS 7 3 300 20150125010458 20141226002309 62417 nsec3.ingotronic.ch. fl2Q0YQQ1TduolGLyQx8vGqSApoBbb6A+go5SLFBYQobrPfO/rb+SM8JvnlzNX/Xa7dRhDYrnfBTFUm1mCur9aIi34gu5UwDNQvt/GXY5dC3+DEy/28bTZ43UuCs+qGH9u9leFwGX4neFNl0s5B4RpxBN4is8dXMUvOda6QcsOw=
+2HKTRIEPNUPMRM91OD7L5M677RDC4DFD.nsec3.ingotronic.ch.	300	IN	NSEC3	1 0 10 1234 4FQSC7ORQNKH924CH6L2DOAISKM28080 CNAME RRSIG
+2HKTRIEPNUPMRM91OD7L5M677RDC4DFD.nsec3.ingotronic.ch.	300	IN	RRSIG	NSEC3 7 4 300 20150125011553 20141226004758 62417 nsec3.ingotronic.ch. BXhW2wGFkkGdsdGKqFMr9QqwGrtCA56D8CH/CKjOn51Udirm6asczVWIVStM0no1VIZNAa3oF6F/RzcDVKtkJTw4KHrSX5LHiWW19pyB1fql2krTQ3Zfr0mZsUb/JMf2/yPqXQu9QYN8XrlicZ60LwFWFRNO2gscMqgHnNtdidk=
+
+;; ADDITIONAL RECORDS:
+ns1.ingotronic.ch.	300	IN	A	62.192.5.131
+ns1.ingotronic.ch.	300	IN	RRSIG	A 5 3 300 20150125005754 20141226001054 17430 ingotronic.ch. fNG1RZM53pXwBxruHNaSZszxVzNLoCq8VZsTjAzYH2vSLzHXYVGJFTLIeY0K9APAdyJU8WuwmABmn7XY0Kg39kRG77uoFlqUws2PdTz2QKOwJGZY7W88Ak2Y9lkDBcK8o3wJHVptrT8R7p/1U7UfjF0kqPUkakk2B0EbFWdagFg=
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 896 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 56906
+;; flags: qr rd ra ad cd ; qd: 1 an: 4 au: 0 ad: 1 
+;; QUESTIONS:
+;;	., type = DNSKEY, class = IN
+
+;; ANSWERS:
+.			87346	IN	DNSKEY	256 3 8 AwEAAe3fSrbLBy3LOS7pnxEUhvPZTE2H5dIGsI/UfruI/nOEvWWa/PSX2BFedBkEqOlYdjdNF2f+6lmfk2Od/xu0v5bVqxFE+/24v3hZSlWBxvXzPTAGHrbW/IJYEPqlzVOAS4XdUgHg0N7IbLywNHMvB+Yf+Nm6ctyXXFLV4WTNnzs7
+.			87346	IN	DNSKEY	257 3 8 AwEAAagAIKlVZrpC6Ia7gEzahOR+9W29euxhJhVVLOyQbSEW0O8gcCjFFVQUTf6v58fLjwBd0YI0EzrAcQqBGCzh/RStIoO8g0NfnfL2MTJRkxoXbfDaUeVPQuYEhg37NZWAJQ9VnMVDxP/VHL496M/QZxkjf5/Efucp2gaDX6RS6CXpoY68LsvPVjR0ZSwzz1apAzvN9dlzEheX7ICJBBtuA6G3LQpzW5hOA2hzCTMjJPJ8LbqF6dsV6DoBQzgul0sGIcGOYl7OyQdXfZ57relSQageu+ipAdTTJ25AsRTAoub8ONGcLmqrAmRLKBP1dfwhYB4N7knNnulqQxA+Uk1ihz0=
+.			87346	IN	DNSKEY	256 3 8 AwEAAaPD7Y7XIi1MOEREJNTrRhyqsY3gff6JWzg+XCbqut1sbcbvqyssHw8DT1AkRaAC92pO8xuyq5QEgEPL1IHfABLwpwXI5gTj4gdwi86bpkmlWs9fRpnn4DPDCTdrnxIejJXgClHikLJF3u3CdpNCMijq4CKdQbMlRZ3avv+G7rh7
+.			87346	IN	RRSIG	DNSKEY 8 0 172800 20150115235959 20150101000000 19036 . i8cAxD2pvQi1oAyvQxRpDfFlbqPzW+69QQEsDwE1eWOm5AtawO9U7lmsGps7sy/fVNvl1ljKBj4Djp9pb3U2FLogjiIlW0cDAkPmLlG9t+b/pjEfBNlhjANUVN06pvQVAfm+LcF26EaWT6FlISBqb6jSy4BHRa3Bdc4Sx7+pRSYSqVVvYxLkfAWsKPqGkvWhebJDndJJV9syXQXgZ+v/uJ+6XOS43xkAdeL8iBzIs/FlwMTfh3tVe3d0lb65IBBLlCzeQuetX+0Vu1YFcnD0mHc/wS2ZnAV5toAFmyVQBoY/XAZiZeaOkcROJ6Zmqezy7liwK7BqsYyAZntMhk8lbg==
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 883 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 62181
+;; flags: qr rd ra ad cd ; qd: 1 an: 2 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ch., type = DS, class = IN
+
+;; ANSWERS:
+ch.			946	IN	DS	46375 8 2 8F96646FC68BB7E4AF4C0750A6096FBC0D4ECDA3D3FA6DA06FDDB42EE50C6CF3
+ch.			946	IN	RRSIG	DS 8 1 86400 20150112170000 20150105160000 16665 . thY7xYWBBxiBjqbQIb9fAG4TmQgnziwM7q6P1T3/ITxmECdvOCQnnZA3uD7qmN8uM0HudsD7+y+zgD3rsH4RSTKdL4kHSI0OnCxToMTvklghEgFDezqIRm8NkWdI2H4Stwrj20nYKSpLQxPI2EE54gs18P3KyO8bAUYv8Qx73xU=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 238 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 64065
+;; flags: qr rd ra ad cd ; qd: 1 an: 4 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ch., type = DNSKEY, class = IN
+
+;; ANSWERS:
+ch.			947	IN	DNSKEY	256 3 8 AwEAAcsg0kY6fw1wzYMhSAKTy+Y2JzAst66P/1odp9NECJJHbU8f4nwziI3onoFSBV0ZiSZhY1aH5dhdDZ7BkrqhVXSrZPAz0CvzjIxmB1gSOf9DeZvjQvoy97HqYolxsf+B3QQv2RKBT67elF5+JisKg3/dQISelKn8LhabSoVrMlD1
+ch.			947	IN	DNSKEY	257 3 8 AwEAAb7GhhZ8IAy/AhwmSms5DeQK5ad09wIIplEpYoiAIYXPtJvT1ReFzyfTp/2YP+g/PWDwHPh4qKAHa9x0VgbIQcGAeNakmfkAdWEmCnca323/SAml3mwfaX62G7/uYWae5zh8QTxZKNd+K1yZ5x0IxnI31chSl5xymRbTEHYZDKwSIRFM3fTxUMt93WFaBVWELReYotJBr++rvAWdnlay5TPBTvheLBkaiqtgM4GP8HK07Y+86lsZnEsj5K3G1KTV5SPpa82rqYAwxG9VKbmSE/6/kBR5jJHjt1rRt5Oe7v18aEtw0YCEN4vxq+KuvMoNVqXUsE9LBwHJD+QNwi6wmB0=
+ch.			947	IN	DNSKEY	256 3 8 AwEAAcSLdT0fEmcFmLpeUkAJoeVaHKiu+nbuc43fWlqaCRVf8t2HA4uWxOk0O5ci9nrFTc8nq8oa5fk5Cj7CHh4yrX9qUCfTdIWTyp8BDEdJpS+Dyb0u9wQuVj+nQMj4fLzdQf4TJs3/qxuiLr3nL1UUwlhhXeqSqGVb7p3mtB5HJ8ad
+ch.			947	IN	RRSIG	DNSKEY 8 1 86400 20150127100909 20141212090909 46375 ch. bT8q0FWyeMH0SulNo6UdIIgZYNATwYsee2bikq2Gh339Bufma8eaqWIPYT3XKmxYPBFOw0bVl+kLZxTwbR1CFoCDXoP+qgQhh4mf9qkNiv2CDSc+0FE3FRREn+DAhYTUEuB58FPiPakFB8s8O7T+k2qhDae7jy4/y7Jl1lnjaBY8s7bzOUPhF0KKCNZmvoKwtL23ZdVeTSV1xM3jkiNnpzBKbcoSWECSGJVp1SE0BnRXdwQP41YTXFZ0310YjaTAUCC5qbMIWdEkHjfdSQtKBImnc85mkapq9w++XQ4zhauPWBtrPV3CcoCahjUaWdjrKVkibomlJZaN8MEO23CfQw==
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 893 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 41647
+;; flags: qr rd ra cd ; qd: 1 an: 3 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ingotronic.ch., type = DS, class = IN
+
+;; ANSWERS:
+ingotronic.ch.		3555	IN	DS	6031 5 2 4A948F2FDADA24686E473EDAC00DCF972584C75E3FAA92C2021B6221449FF87E
+ingotronic.ch.		3555	IN	DS	6031 5 1 733D0218B571CD617B1A7493564B9FC4F12ADE82
+ingotronic.ch.		3555	IN	RRSIG	DS 8 2 3600 20150129033614 20150105123019 60789 ch. rVPJP2HhzW7OkroK2axFj5Lb4iVWCH8Fp/Iq1rF952NDo72b8RiKje2RaAKJAGQ+wd0YgE+PAej04GCmkhlDJA/zvPeeTxuhy3HbJzReMlQ7fjyH+wW1hli+FuIYvogXWf7nO/9VyPORt8X/f/pjrOr3Vlj9sGLN8TGYpEuVSw4=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 288 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 38680
+;; flags: qr aa rd ra cd ; qd: 1 an: 4 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ingotronic.ch., type = DNSKEY, class = IN
+
+;; ANSWERS:
+ingotronic.ch.		300	IN	DNSKEY	257 3 5 AwEAAeA1vzmjaB+eBAcvhzpKEgAEFpvQ1rg4uKDW6MsQtacKoqBpgyep2+LuWotz5p/xYxj3NGsArwN8Ad5cY0FHRr8miTT0elOv6nvlqGIfRuhj/BXAQ1x4ihpSFslHw0lJMYFwxsUZWpUyjWX/nv1xRZMMwF46gui0N4OEbyTYusCk77D+A71k+K0EAitFIbIH4GCUKmH1H7HmXhSVH9bN/n7KEGwW32lmsuuUcJoRKDkcUvbMXY/9Xoa2quERrUg/rBbDUHowRPjYDS5GzY1+f4YY8s40BufGiqyUTKKXL953MVFK8gmezXA0hbmrnZ7CBOw/7238mORAdzExaX8n7CE=
+ingotronic.ch.		300	IN	DNSKEY	256 3 5 AwEAAZ2Xh77GFzpEDx7EHYxShqltHgkiG+BOjBGifEmnJhQSdE5/yNSLFNcdhZZ8HUPxYnaedTqJcFFg4AzUsQklF/fECegTJdZjaj2WoL0/I8K7HMfY/hVuRZUWPNglYi8agJRX6gdkFTCpUNI7stpgKqxtzUJhhw15uG/lKMplwqUr
+ingotronic.ch.		300	IN	RRSIG	DNSKEY 5 2 300 20150125003700 20141226001657 6031 ingotronic.ch. rs1QlP2SlSpA2ELbzwg3DgWLzXWL3Lpv6CUJE2Q0qH2Zp7Qdy3cD+ZEtNh9v24Qv1M6JJ3zFt8mmZoCeW2ycuMbJCqBkW9CBuwF+VznZvZY2MxwPipvhvEEGP//0M8YAZJ66yQPDv3PTdAP8FYbIrJyvY44vwyncwbslpfHT9jAsrbfr3vuMuWps86dnP462q+0s1TxBfqi8mzo3gdavjHKWVNwohLahLKT+tWeu6DSzQv0YwMjwtkLgF7QRgx3ctIIkloOrnx9nHH1N6y+hxEB89fOlyVDjHhgL5uVtsD5fEdT0FJ2Gc/2nShEMMqIwr1/J9kUq1mNySff/uEe65Q==
+ingotronic.ch.		300	IN	RRSIG	DNSKEY 5 2 300 20150125003700 20141226001657 17430 ingotronic.ch. mEwZjhQqeWksWD0TCnNBrtce4YkWJL3edqL6PvAUu8Fn+Ih437kEs3+pqdkgRsdYQ9HW+lBm/8pWwJlNAv0bi9NykItXMwAUFtncgq+6Pnh3iAM972GXSa5VV4LcGQ5b8CBdHCHiEKDqyPv5Hr5QfYL/FQaWlcNRh4QZZlZNPFA=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 940 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 21506
+;; flags: qr aa rd ra cd ; qd: 1 an: 3 au: 0 ad: 1 
+;; QUESTIONS:
+;;	nsec3.ingotronic.ch., type = DS, class = IN
+
+;; ANSWERS:
+nsec3.ingotronic.ch.	300	IN	DS	16758 7 2 3C8DC02750A1636F829B45D6E6D642866768A9CD40A013AD9D25AB63734FFA13
+nsec3.ingotronic.ch.	300	IN	DS	16758 7 1 1720FF268E09A2CB63805EC8782D10AAD20E12A5
+nsec3.ingotronic.ch.	300	IN	RRSIG	DS 5 3 300 20150125011134 20141226002644 17430 ingotronic.ch. hNurzlGhlyHbSgezPDuhIrtN9ZMsMXZbKGc7HD5rUuM88wD3fM97NxdzF+2Hi1USvBZ5GsQv63L+lAzf+mFPBoPIFHtTiAv8up7kQKRKmi/EzzkCYd/CC4UYdDZbaUyv7esh7spSOGwjPJNdK831p+MgltoWaYtnSGVMgOKk5mc=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 305 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 34837
+;; flags: qr aa rd ra cd ; qd: 1 an: 4 au: 0 ad: 1 
+;; QUESTIONS:
+;;	nsec3.ingotronic.ch., type = DNSKEY, class = IN
+
+;; ANSWERS:
+nsec3.ingotronic.ch.	300	IN	DNSKEY	256 3 7 AwEAAccAWxkTVGZ6UAp0VEozAlYpARhbh6Y6tYOl6Fg3UeBNFFtDQ9fTEEt1NkbnR9u8KkpVN6a67avlYiUN1egDqEwzDU7R1Rw+/USdhm2hqOARmmu3DBgjjX/iXjZLyv310cOGFJZ/smcodlDL4pDAAoPxh/qs6KEBaT0sc1KWcGq3
+nsec3.ingotronic.ch.	300	IN	DNSKEY	257 3 7 AwEAAaBuJTf9oGyeTH3biUkAFLrsYrkodX1H7Snsui4XsDHFCBvs5XYacHbs0Jg0/O51KPjmNnjwMW8SSyDkKqYQ+9uYAf2EQ/pnD/VGQqnV2cw0Vwk/t0E2V4FUCju4pnAoyzZFZXGs1eWbX9JXu++b0Azp+ACq6485qJLzHhWDiIrPoK/SvdbFVRK4s+nPPJLH3NGBbtdz6kPq7aFWYBMoGeAZdN1wsQpcNWUo5eOmaJY53nMc7+rDpAyYlMe/FKwSZdX2ZDd63Qsa6Im4FVUJq/nWLq7tlQ/mWks15uDTQyJy/OWfA0ICCO4N9Fel9rThJNpJWEzOCblvZyBoy405kZk=
+nsec3.ingotronic.ch.	300	IN	RRSIG	DNSKEY 7 3 300 20150125001457 20141226000444 16758 nsec3.ingotronic.ch. mXi1ylDi8XkRPup+YlT8GPdYE+P7gb6+/VdAwtodI916IzrkGkOHOTLbnrbAqqJOh0HxVCYXdxovmEcbJKUFKwplrQg3XD7/9Sq4pKU1MhMFEGrm/QPkM4u0mgjQwyToDLGuPHuFyur3FSjO/n54uGhAEft9JOFk/WKtWdCnm2LLyQrpC6herA3efFaI8kZhdoEY02AwihWVJxHasmz7lOoKRgNrkfELU+fN4+V7ISsRfJMyZc6q5PuNeG6vFD0uNE8tpdLJCSMurKYVpelvYqzFIcRTYcIjXwmS+L3DGjupqWMzFZVmpQM62JG3KCCD0ffpnNb0nWoSoHwpSeh/3Q==
+nsec3.ingotronic.ch.	300	IN	RRSIG	DNSKEY 7 3 300 20150125001457 20141226000444 62417 nsec3.ingotronic.ch. PyCrf8T5dAfJzapb1p+kcTALPjDuD2niSaXXo0KeHAunT+6gJicLML2S/ZpiYr7X7Ma4Z0TYqE02qH6pcLYNnSgv9BE8sZO0nRtPekSyTy5nLi4hFADYhjb3UjaB85qmQZcqm64vC/CJhWO4t6Eixg/5MYALw+Qdy5Fo0qy/U5E=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 958 bytes
+
+###############################################
+
diff --git a/src/test/resources/recordings/org_xbill_DNS_dnssec_TestPartiallyInvalid/testValidExising b/src/test/resources/recordings/org_xbill_DNS_dnssec_TestPartiallyInvalid/testValidExising
new file mode 100644
index 000000000..26639e8b8
--- /dev/null
+++ b/src/test/resources/recordings/org_xbill_DNS_dnssec_TestPartiallyInvalid/testValidExising
@@ -0,0 +1,159 @@
+#Date: 2015-01-06T22:35:11+01:00
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 16004
+;; flags: qr aa rd ra cd ; qd: 1 an: 2 au: 2 ad: 3 
+;; QUESTIONS:
+;;	www.partial.ingotronic.ch., type = A, class = IN
+
+;; ANSWERS:
+www.partial.ingotronic.ch.	300	IN	A	127.0.0.1
+www.partial.ingotronic.ch.	300	IN	RRSIG	A 5 4 300 20150131215743 20150101214134 10287 partial.ingotronic.ch. OYNYXjNIKxup6LLAt9ljYbOHYRlXIUSaYg14UkTpjyQmqRTnlbIz+4S+n8l57liP8YbTY2mnl2x91JpHb4Zr/Ctzw35tVACfosuteELaGEgdcf6xplDVIKQtAQwm1vuZBCYNgGT2Zg3qPypqWndIpZu3bWZZlBaXgyCzyURBdWk=
+
+;; AUTHORITY RECORDS:
+partial.ingotronic.ch.	300	IN	NS	ns1.ingotronic.ch.
+partial.ingotronic.ch.	300	IN	RRSIG	NS 5 3 300 20150131215743 20150101214134 10287 partial.ingotronic.ch. d+G3QpjVut5sxsMrjk+Cvgu06jVN7SCMZnGD3EmcoBKXTK9CUyF0Gmt4oYl1OxEKEUslunt7JOZGqSo078xNr3KzfSis53mrMqbUmc4QEhi+Y6zGjEXAKWLoIn76GO26ee+E/sE1wiy9150hV3Wcbd5Ctrk5sxQzwYJMo4K+ErM=
+
+;; ADDITIONAL RECORDS:
+ns1.ingotronic.ch.	300	IN	A	62.192.5.131
+ns1.ingotronic.ch.	300	IN	RRSIG	A 5 3 300 20150125005754 20141226001054 17430 ingotronic.ch. fNG1RZM53pXwBxruHNaSZszxVzNLoCq8VZsTjAzYH2vSLzHXYVGJFTLIeY0K9APAdyJU8WuwmABmn7XY0Kg39kRG77uoFlqUws2PdTz2QKOwJGZY7W88Ak2Y9lkDBcK8o3wJHVptrT8R7p/1U7UfjF0kqPUkakk2B0EbFWdagFg=
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 639 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 40355
+;; flags: qr rd ra ad cd ; qd: 1 an: 4 au: 0 ad: 1 
+;; QUESTIONS:
+;;	., type = DNSKEY, class = IN
+
+;; ANSWERS:
+.			87362	IN	DNSKEY	257 3 8 AwEAAagAIKlVZrpC6Ia7gEzahOR+9W29euxhJhVVLOyQbSEW0O8gcCjFFVQUTf6v58fLjwBd0YI0EzrAcQqBGCzh/RStIoO8g0NfnfL2MTJRkxoXbfDaUeVPQuYEhg37NZWAJQ9VnMVDxP/VHL496M/QZxkjf5/Efucp2gaDX6RS6CXpoY68LsvPVjR0ZSwzz1apAzvN9dlzEheX7ICJBBtuA6G3LQpzW5hOA2hzCTMjJPJ8LbqF6dsV6DoBQzgul0sGIcGOYl7OyQdXfZ57relSQageu+ipAdTTJ25AsRTAoub8ONGcLmqrAmRLKBP1dfwhYB4N7knNnulqQxA+Uk1ihz0=
+.			87362	IN	DNSKEY	256 3 8 AwEAAe3fSrbLBy3LOS7pnxEUhvPZTE2H5dIGsI/UfruI/nOEvWWa/PSX2BFedBkEqOlYdjdNF2f+6lmfk2Od/xu0v5bVqxFE+/24v3hZSlWBxvXzPTAGHrbW/IJYEPqlzVOAS4XdUgHg0N7IbLywNHMvB+Yf+Nm6ctyXXFLV4WTNnzs7
+.			87362	IN	DNSKEY	256 3 8 AwEAAaPD7Y7XIi1MOEREJNTrRhyqsY3gff6JWzg+XCbqut1sbcbvqyssHw8DT1AkRaAC92pO8xuyq5QEgEPL1IHfABLwpwXI5gTj4gdwi86bpkmlWs9fRpnn4DPDCTdrnxIejJXgClHikLJF3u3CdpNCMijq4CKdQbMlRZ3avv+G7rh7
+.			87362	IN	RRSIG	DNSKEY 8 0 172800 20150115235959 20150101000000 19036 . i8cAxD2pvQi1oAyvQxRpDfFlbqPzW+69QQEsDwE1eWOm5AtawO9U7lmsGps7sy/fVNvl1ljKBj4Djp9pb3U2FLogjiIlW0cDAkPmLlG9t+b/pjEfBNlhjANUVN06pvQVAfm+LcF26EaWT6FlISBqb6jSy4BHRa3Bdc4Sx7+pRSYSqVVvYxLkfAWsKPqGkvWhebJDndJJV9syXQXgZ+v/uJ+6XOS43xkAdeL8iBzIs/FlwMTfh3tVe3d0lb65IBBLlCzeQuetX+0Vu1YFcnD0mHc/wS2ZnAV5toAFmyVQBoY/XAZiZeaOkcROJ6Zmqezy7liwK7BqsYyAZntMhk8lbg==
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 883 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 4739
+;; flags: qr rd ra ad cd ; qd: 1 an: 2 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ch., type = DS, class = IN
+
+;; ANSWERS:
+ch.			962	IN	DS	46375 8 2 8F96646FC68BB7E4AF4C0750A6096FBC0D4ECDA3D3FA6DA06FDDB42EE50C6CF3
+ch.			962	IN	RRSIG	DS 8 1 86400 20150112170000 20150105160000 16665 . thY7xYWBBxiBjqbQIb9fAG4TmQgnziwM7q6P1T3/ITxmECdvOCQnnZA3uD7qmN8uM0HudsD7+y+zgD3rsH4RSTKdL4kHSI0OnCxToMTvklghEgFDezqIRm8NkWdI2H4Stwrj20nYKSpLQxPI2EE54gs18P3KyO8bAUYv8Qx73xU=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 238 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 65018
+;; flags: qr rd ra ad cd ; qd: 1 an: 4 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ch., type = DNSKEY, class = IN
+
+;; ANSWERS:
+ch.			963	IN	DNSKEY	257 3 8 AwEAAb7GhhZ8IAy/AhwmSms5DeQK5ad09wIIplEpYoiAIYXPtJvT1ReFzyfTp/2YP+g/PWDwHPh4qKAHa9x0VgbIQcGAeNakmfkAdWEmCnca323/SAml3mwfaX62G7/uYWae5zh8QTxZKNd+K1yZ5x0IxnI31chSl5xymRbTEHYZDKwSIRFM3fTxUMt93WFaBVWELReYotJBr++rvAWdnlay5TPBTvheLBkaiqtgM4GP8HK07Y+86lsZnEsj5K3G1KTV5SPpa82rqYAwxG9VKbmSE/6/kBR5jJHjt1rRt5Oe7v18aEtw0YCEN4vxq+KuvMoNVqXUsE9LBwHJD+QNwi6wmB0=
+ch.			963	IN	DNSKEY	256 3 8 AwEAAcSLdT0fEmcFmLpeUkAJoeVaHKiu+nbuc43fWlqaCRVf8t2HA4uWxOk0O5ci9nrFTc8nq8oa5fk5Cj7CHh4yrX9qUCfTdIWTyp8BDEdJpS+Dyb0u9wQuVj+nQMj4fLzdQf4TJs3/qxuiLr3nL1UUwlhhXeqSqGVb7p3mtB5HJ8ad
+ch.			963	IN	DNSKEY	256 3 8 AwEAAcsg0kY6fw1wzYMhSAKTy+Y2JzAst66P/1odp9NECJJHbU8f4nwziI3onoFSBV0ZiSZhY1aH5dhdDZ7BkrqhVXSrZPAz0CvzjIxmB1gSOf9DeZvjQvoy97HqYolxsf+B3QQv2RKBT67elF5+JisKg3/dQISelKn8LhabSoVrMlD1
+ch.			963	IN	RRSIG	DNSKEY 8 1 86400 20150127100909 20141212090909 46375 ch. bT8q0FWyeMH0SulNo6UdIIgZYNATwYsee2bikq2Gh339Bufma8eaqWIPYT3XKmxYPBFOw0bVl+kLZxTwbR1CFoCDXoP+qgQhh4mf9qkNiv2CDSc+0FE3FRREn+DAhYTUEuB58FPiPakFB8s8O7T+k2qhDae7jy4/y7Jl1lnjaBY8s7bzOUPhF0KKCNZmvoKwtL23ZdVeTSV1xM3jkiNnpzBKbcoSWECSGJVp1SE0BnRXdwQP41YTXFZ0310YjaTAUCC5qbMIWdEkHjfdSQtKBImnc85mkapq9w++XQ4zhauPWBtrPV3CcoCahjUaWdjrKVkibomlJZaN8MEO23CfQw==
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 893 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 60585
+;; flags: qr rd ra cd ; qd: 1 an: 3 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ingotronic.ch., type = DS, class = IN
+
+;; ANSWERS:
+ingotronic.ch.		3571	IN	DS	6031 5 2 4A948F2FDADA24686E473EDAC00DCF972584C75E3FAA92C2021B6221449FF87E
+ingotronic.ch.		3571	IN	DS	6031 5 1 733D0218B571CD617B1A7493564B9FC4F12ADE82
+ingotronic.ch.		3571	IN	RRSIG	DS 8 2 3600 20150129033614 20150105123019 60789 ch. rVPJP2HhzW7OkroK2axFj5Lb4iVWCH8Fp/Iq1rF952NDo72b8RiKje2RaAKJAGQ+wd0YgE+PAej04GCmkhlDJA/zvPeeTxuhy3HbJzReMlQ7fjyH+wW1hli+FuIYvogXWf7nO/9VyPORt8X/f/pjrOr3Vlj9sGLN8TGYpEuVSw4=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 288 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 43956
+;; flags: qr aa rd ra cd ; qd: 1 an: 4 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ingotronic.ch., type = DNSKEY, class = IN
+
+;; ANSWERS:
+ingotronic.ch.		300	IN	DNSKEY	257 3 5 AwEAAeA1vzmjaB+eBAcvhzpKEgAEFpvQ1rg4uKDW6MsQtacKoqBpgyep2+LuWotz5p/xYxj3NGsArwN8Ad5cY0FHRr8miTT0elOv6nvlqGIfRuhj/BXAQ1x4ihpSFslHw0lJMYFwxsUZWpUyjWX/nv1xRZMMwF46gui0N4OEbyTYusCk77D+A71k+K0EAitFIbIH4GCUKmH1H7HmXhSVH9bN/n7KEGwW32lmsuuUcJoRKDkcUvbMXY/9Xoa2quERrUg/rBbDUHowRPjYDS5GzY1+f4YY8s40BufGiqyUTKKXL953MVFK8gmezXA0hbmrnZ7CBOw/7238mORAdzExaX8n7CE=
+ingotronic.ch.		300	IN	DNSKEY	256 3 5 AwEAAZ2Xh77GFzpEDx7EHYxShqltHgkiG+BOjBGifEmnJhQSdE5/yNSLFNcdhZZ8HUPxYnaedTqJcFFg4AzUsQklF/fECegTJdZjaj2WoL0/I8K7HMfY/hVuRZUWPNglYi8agJRX6gdkFTCpUNI7stpgKqxtzUJhhw15uG/lKMplwqUr
+ingotronic.ch.		300	IN	RRSIG	DNSKEY 5 2 300 20150125003700 20141226001657 6031 ingotronic.ch. rs1QlP2SlSpA2ELbzwg3DgWLzXWL3Lpv6CUJE2Q0qH2Zp7Qdy3cD+ZEtNh9v24Qv1M6JJ3zFt8mmZoCeW2ycuMbJCqBkW9CBuwF+VznZvZY2MxwPipvhvEEGP//0M8YAZJ66yQPDv3PTdAP8FYbIrJyvY44vwyncwbslpfHT9jAsrbfr3vuMuWps86dnP462q+0s1TxBfqi8mzo3gdavjHKWVNwohLahLKT+tWeu6DSzQv0YwMjwtkLgF7QRgx3ctIIkloOrnx9nHH1N6y+hxEB89fOlyVDjHhgL5uVtsD5fEdT0FJ2Gc/2nShEMMqIwr1/J9kUq1mNySff/uEe65Q==
+ingotronic.ch.		300	IN	RRSIG	DNSKEY 5 2 300 20150125003700 20141226001657 17430 ingotronic.ch. mEwZjhQqeWksWD0TCnNBrtce4YkWJL3edqL6PvAUu8Fn+Ih437kEs3+pqdkgRsdYQ9HW+lBm/8pWwJlNAv0bi9NykItXMwAUFtncgq+6Pnh3iAM972GXSa5VV4LcGQ5b8CBdHCHiEKDqyPv5Hr5QfYL/FQaWlcNRh4QZZlZNPFA=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 940 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 28869
+;; flags: qr aa rd ra cd ; qd: 1 an: 3 au: 0 ad: 1 
+;; QUESTIONS:
+;;	partial.ingotronic.ch., type = DS, class = IN
+
+;; ANSWERS:
+partial.ingotronic.ch.	300	IN	DS	13138 5 1 8FF29061811A3FADE7757B05CE3AD82B6086D1DD
+partial.ingotronic.ch.	300	IN	DS	13138 5 2 394763F1A8678BB4F411ECD5D9C49FA071C253C9D834F6160667B853A6B7C4B9
+partial.ingotronic.ch.	300	IN	RRSIG	DS 5 3 300 20150125004144 20141226003211 17430 ingotronic.ch. GMEz0/NesDaxYzP4XHC5owCth8S713p6ltAYBi2azla5dWomDM80ptsptRLL85LP/pRUL/VHrSGLMOKjH2pFDzZzFfFoBSMK2LFol/E+hBg7gMEovDkaORsqfoVslloq6v+D/o3i2Qxs2GNRSiXjx7ghCYP8kN0qLCWDAcejHgw=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 307 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 27071
+;; flags: qr aa rd ra cd ; qd: 1 an: 4 au: 0 ad: 1 
+;; QUESTIONS:
+;;	partial.ingotronic.ch., type = DNSKEY, class = IN
+
+;; ANSWERS:
+partial.ingotronic.ch.	300	IN	DNSKEY	256 3 5 AwEAAZpJkpX2HWKaFlYyWe6ZFKl0EJ1SKDcOJpa2KpxY7LXNHgh2M48YGvns4rVWfwcdxlYBC8I0g9sp6+I3leShroDO+khZg7j3sCsljmxPynWQ2MT6vDexl1a85MDj7U27s16EhGbjfDyHZkLR/0VT17Vaw+cQu5gPtSN767suaRR3
+partial.ingotronic.ch.	300	IN	DNSKEY	257 3 5 AwEAAdFaXI5Oh7YBgtdA3Lt1q3wvDAwTs/dqhZEWrRyFtudddJAof4IJa4lmheaUzxaDDtrRB9D5UGuhA9SQTxJTJWogsN5KJH0dBr/8MiL/H6CZHGXGzs1nCDiiyzq/AL/dyYJrRD+AOHqzXmuW7wjjvaWgGRDTYJ2pvCujpv/UPJ6Z1yo1Xz/zLhRgsv7SDjDapfh93ZuzH8tFei8Z06jm+j2Wt/Izj9P0chRwUOP2pjgD9fNVv9yNh2ktEGwnKR/N/tqmI6xyNed2x5Xupw/flckUTisx4O/JcfcjutczA8p5Bwl1+atwfZX3Fc6fkPJNeY7DS/6/bK+YNDngXAD0oP8=
+partial.ingotronic.ch.	300	IN	RRSIG	DNSKEY 5 3 300 20150131221503 20150101221029 10287 partial.ingotronic.ch. ErXJpzUqhyN/3lF6d+cQ9d4wXQ7iD10483V4dbuoli5mZjZWdODzxrOIdrD+s5JUGw0ZDlpuVobDGzah9aPKZzrsZkdn2+D1AmOd0g0yybrkq+aDVf5u9HfLzcjwta9ZZILaZh1fy8lMue+saVrQ6ApVqwX95IDtqmhZ99mUEa0=
+partial.ingotronic.ch.	300	IN	RRSIG	DNSKEY 5 3 300 20150131221503 20150101221029 13138 partial.ingotronic.ch. qgUereTamIG/Wy59QOglwGVSPwGtaR8zbdFpgGtyvLo1AgxqWp0ndkhaMfUp/PtRHe/4YlpCD3UYqC0xd06znt6gKUDygZEz6uxF9r1jXaj8kVXPkubMm0BB/BY1rxMV0LvtN3CcAlA1Ma6aaszSG8QczWSIOOpgKyRmg+OqV9eT157+YBlkB4tdBYitxApZfMbvUdMBtoS5bGHiUkjfIvim1OWq4rDq48rflI9A6u+39ahp1th5UvTyA5N5xoyWinheK6QJsXL6mSfchukg7JylebvuVTkvuM7/mgFLIFrow2vYWFL4NTjbu0EhJVedTEp9ENBMpGtxeFwyQ/P0oQ==
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 964 bytes
+
+###############################################
+
diff --git a/src/test/resources/recordings/org_xbill_DNS_dnssec_TestPartiallyInvalid/testValidExisingNoType b/src/test/resources/recordings/org_xbill_DNS_dnssec_TestPartiallyInvalid/testValidExisingNoType
new file mode 100644
index 000000000..607f12513
--- /dev/null
+++ b/src/test/resources/recordings/org_xbill_DNS_dnssec_TestPartiallyInvalid/testValidExisingNoType
@@ -0,0 +1,157 @@
+#Date: 2015-01-06T22:35:11+01:00
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 5930
+;; flags: qr aa rd ra cd ; qd: 1 an: 0 au: 4 ad: 1 
+;; QUESTIONS:
+;;	www.partial.ingotronic.ch., type = MX, class = IN
+
+;; ANSWERS:
+
+;; AUTHORITY RECORDS:
+partial.ingotronic.ch.	300	IN	SOA	ns1.ingotronic.ch. admin.ingotronic.ch. 2013032732 300 60 864000 300
+partial.ingotronic.ch.	300	IN	RRSIG	SOA 5 3 300 20150131234913 20150101224913 10287 partial.ingotronic.ch. j9iaBtgpVcN1UdJRxfBoPmITC25ul+di6s0SZrDz/+tKZtJa2Pt5OEMuZwyPyoTXLxOw95/fsRBBEe7ltdU832BQbc7bc26y6lJRB8xYwtyr4ponxairB2qafUtJge50Euik5B5hvPEtJ0Uaqah9Tgd6jIk3FOZjr+eOS+3/Uus=
+www.partial.ingotronic.ch.	300	IN	NSEC	partial.ingotronic.ch. A AAAA RRSIG NSEC
+www.partial.ingotronic.ch.	300	IN	RRSIG	NSEC 5 4 300 20150131215743 20150101214134 10287 partial.ingotronic.ch. eNizfw2eY5+3HBTqj3MHCS4N9oHo+wILp/SjEY2YVOvgWb9TafylcSQzcKV493wr/OLQYChAZylaXUwZEfKVXI5CM9kpksSOj4QqwP2IOiVBaYYCbycLhWOwZEADpDO9L1bQbpM1IW0EGrtOhwnAc1t9FX+3ihgq5R02OHMXXnk=
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 505 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 45090
+;; flags: qr rd ra ad cd ; qd: 1 an: 4 au: 0 ad: 1 
+;; QUESTIONS:
+;;	., type = DNSKEY, class = IN
+
+;; ANSWERS:
+.			87362	IN	DNSKEY	256 3 8 AwEAAaPD7Y7XIi1MOEREJNTrRhyqsY3gff6JWzg+XCbqut1sbcbvqyssHw8DT1AkRaAC92pO8xuyq5QEgEPL1IHfABLwpwXI5gTj4gdwi86bpkmlWs9fRpnn4DPDCTdrnxIejJXgClHikLJF3u3CdpNCMijq4CKdQbMlRZ3avv+G7rh7
+.			87362	IN	DNSKEY	257 3 8 AwEAAagAIKlVZrpC6Ia7gEzahOR+9W29euxhJhVVLOyQbSEW0O8gcCjFFVQUTf6v58fLjwBd0YI0EzrAcQqBGCzh/RStIoO8g0NfnfL2MTJRkxoXbfDaUeVPQuYEhg37NZWAJQ9VnMVDxP/VHL496M/QZxkjf5/Efucp2gaDX6RS6CXpoY68LsvPVjR0ZSwzz1apAzvN9dlzEheX7ICJBBtuA6G3LQpzW5hOA2hzCTMjJPJ8LbqF6dsV6DoBQzgul0sGIcGOYl7OyQdXfZ57relSQageu+ipAdTTJ25AsRTAoub8ONGcLmqrAmRLKBP1dfwhYB4N7knNnulqQxA+Uk1ihz0=
+.			87362	IN	DNSKEY	256 3 8 AwEAAe3fSrbLBy3LOS7pnxEUhvPZTE2H5dIGsI/UfruI/nOEvWWa/PSX2BFedBkEqOlYdjdNF2f+6lmfk2Od/xu0v5bVqxFE+/24v3hZSlWBxvXzPTAGHrbW/IJYEPqlzVOAS4XdUgHg0N7IbLywNHMvB+Yf+Nm6ctyXXFLV4WTNnzs7
+.			87362	IN	RRSIG	DNSKEY 8 0 172800 20150115235959 20150101000000 19036 . i8cAxD2pvQi1oAyvQxRpDfFlbqPzW+69QQEsDwE1eWOm5AtawO9U7lmsGps7sy/fVNvl1ljKBj4Djp9pb3U2FLogjiIlW0cDAkPmLlG9t+b/pjEfBNlhjANUVN06pvQVAfm+LcF26EaWT6FlISBqb6jSy4BHRa3Bdc4Sx7+pRSYSqVVvYxLkfAWsKPqGkvWhebJDndJJV9syXQXgZ+v/uJ+6XOS43xkAdeL8iBzIs/FlwMTfh3tVe3d0lb65IBBLlCzeQuetX+0Vu1YFcnD0mHc/wS2ZnAV5toAFmyVQBoY/XAZiZeaOkcROJ6Zmqezy7liwK7BqsYyAZntMhk8lbg==
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 883 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 9660
+;; flags: qr rd ra ad cd ; qd: 1 an: 2 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ch., type = DS, class = IN
+
+;; ANSWERS:
+ch.			962	IN	DS	46375 8 2 8F96646FC68BB7E4AF4C0750A6096FBC0D4ECDA3D3FA6DA06FDDB42EE50C6CF3
+ch.			962	IN	RRSIG	DS 8 1 86400 20150112170000 20150105160000 16665 . thY7xYWBBxiBjqbQIb9fAG4TmQgnziwM7q6P1T3/ITxmECdvOCQnnZA3uD7qmN8uM0HudsD7+y+zgD3rsH4RSTKdL4kHSI0OnCxToMTvklghEgFDezqIRm8NkWdI2H4Stwrj20nYKSpLQxPI2EE54gs18P3KyO8bAUYv8Qx73xU=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 238 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 59668
+;; flags: qr rd ra ad cd ; qd: 1 an: 4 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ch., type = DNSKEY, class = IN
+
+;; ANSWERS:
+ch.			963	IN	DNSKEY	256 3 8 AwEAAcsg0kY6fw1wzYMhSAKTy+Y2JzAst66P/1odp9NECJJHbU8f4nwziI3onoFSBV0ZiSZhY1aH5dhdDZ7BkrqhVXSrZPAz0CvzjIxmB1gSOf9DeZvjQvoy97HqYolxsf+B3QQv2RKBT67elF5+JisKg3/dQISelKn8LhabSoVrMlD1
+ch.			963	IN	DNSKEY	257 3 8 AwEAAb7GhhZ8IAy/AhwmSms5DeQK5ad09wIIplEpYoiAIYXPtJvT1ReFzyfTp/2YP+g/PWDwHPh4qKAHa9x0VgbIQcGAeNakmfkAdWEmCnca323/SAml3mwfaX62G7/uYWae5zh8QTxZKNd+K1yZ5x0IxnI31chSl5xymRbTEHYZDKwSIRFM3fTxUMt93WFaBVWELReYotJBr++rvAWdnlay5TPBTvheLBkaiqtgM4GP8HK07Y+86lsZnEsj5K3G1KTV5SPpa82rqYAwxG9VKbmSE/6/kBR5jJHjt1rRt5Oe7v18aEtw0YCEN4vxq+KuvMoNVqXUsE9LBwHJD+QNwi6wmB0=
+ch.			963	IN	DNSKEY	256 3 8 AwEAAcSLdT0fEmcFmLpeUkAJoeVaHKiu+nbuc43fWlqaCRVf8t2HA4uWxOk0O5ci9nrFTc8nq8oa5fk5Cj7CHh4yrX9qUCfTdIWTyp8BDEdJpS+Dyb0u9wQuVj+nQMj4fLzdQf4TJs3/qxuiLr3nL1UUwlhhXeqSqGVb7p3mtB5HJ8ad
+ch.			963	IN	RRSIG	DNSKEY 8 1 86400 20150127100909 20141212090909 46375 ch. bT8q0FWyeMH0SulNo6UdIIgZYNATwYsee2bikq2Gh339Bufma8eaqWIPYT3XKmxYPBFOw0bVl+kLZxTwbR1CFoCDXoP+qgQhh4mf9qkNiv2CDSc+0FE3FRREn+DAhYTUEuB58FPiPakFB8s8O7T+k2qhDae7jy4/y7Jl1lnjaBY8s7bzOUPhF0KKCNZmvoKwtL23ZdVeTSV1xM3jkiNnpzBKbcoSWECSGJVp1SE0BnRXdwQP41YTXFZ0310YjaTAUCC5qbMIWdEkHjfdSQtKBImnc85mkapq9w++XQ4zhauPWBtrPV3CcoCahjUaWdjrKVkibomlJZaN8MEO23CfQw==
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 893 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 1543
+;; flags: qr rd ra cd ; qd: 1 an: 3 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ingotronic.ch., type = DS, class = IN
+
+;; ANSWERS:
+ingotronic.ch.		3571	IN	DS	6031 5 2 4A948F2FDADA24686E473EDAC00DCF972584C75E3FAA92C2021B6221449FF87E
+ingotronic.ch.		3571	IN	DS	6031 5 1 733D0218B571CD617B1A7493564B9FC4F12ADE82
+ingotronic.ch.		3571	IN	RRSIG	DS 8 2 3600 20150129033614 20150105123019 60789 ch. rVPJP2HhzW7OkroK2axFj5Lb4iVWCH8Fp/Iq1rF952NDo72b8RiKje2RaAKJAGQ+wd0YgE+PAej04GCmkhlDJA/zvPeeTxuhy3HbJzReMlQ7fjyH+wW1hli+FuIYvogXWf7nO/9VyPORt8X/f/pjrOr3Vlj9sGLN8TGYpEuVSw4=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 288 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 17828
+;; flags: qr aa rd ra cd ; qd: 1 an: 4 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ingotronic.ch., type = DNSKEY, class = IN
+
+;; ANSWERS:
+ingotronic.ch.		300	IN	DNSKEY	256 3 5 AwEAAZ2Xh77GFzpEDx7EHYxShqltHgkiG+BOjBGifEmnJhQSdE5/yNSLFNcdhZZ8HUPxYnaedTqJcFFg4AzUsQklF/fECegTJdZjaj2WoL0/I8K7HMfY/hVuRZUWPNglYi8agJRX6gdkFTCpUNI7stpgKqxtzUJhhw15uG/lKMplwqUr
+ingotronic.ch.		300	IN	DNSKEY	257 3 5 AwEAAeA1vzmjaB+eBAcvhzpKEgAEFpvQ1rg4uKDW6MsQtacKoqBpgyep2+LuWotz5p/xYxj3NGsArwN8Ad5cY0FHRr8miTT0elOv6nvlqGIfRuhj/BXAQ1x4ihpSFslHw0lJMYFwxsUZWpUyjWX/nv1xRZMMwF46gui0N4OEbyTYusCk77D+A71k+K0EAitFIbIH4GCUKmH1H7HmXhSVH9bN/n7KEGwW32lmsuuUcJoRKDkcUvbMXY/9Xoa2quERrUg/rBbDUHowRPjYDS5GzY1+f4YY8s40BufGiqyUTKKXL953MVFK8gmezXA0hbmrnZ7CBOw/7238mORAdzExaX8n7CE=
+ingotronic.ch.		300	IN	RRSIG	DNSKEY 5 2 300 20150125003700 20141226001657 6031 ingotronic.ch. rs1QlP2SlSpA2ELbzwg3DgWLzXWL3Lpv6CUJE2Q0qH2Zp7Qdy3cD+ZEtNh9v24Qv1M6JJ3zFt8mmZoCeW2ycuMbJCqBkW9CBuwF+VznZvZY2MxwPipvhvEEGP//0M8YAZJ66yQPDv3PTdAP8FYbIrJyvY44vwyncwbslpfHT9jAsrbfr3vuMuWps86dnP462q+0s1TxBfqi8mzo3gdavjHKWVNwohLahLKT+tWeu6DSzQv0YwMjwtkLgF7QRgx3ctIIkloOrnx9nHH1N6y+hxEB89fOlyVDjHhgL5uVtsD5fEdT0FJ2Gc/2nShEMMqIwr1/J9kUq1mNySff/uEe65Q==
+ingotronic.ch.		300	IN	RRSIG	DNSKEY 5 2 300 20150125003700 20141226001657 17430 ingotronic.ch. mEwZjhQqeWksWD0TCnNBrtce4YkWJL3edqL6PvAUu8Fn+Ih437kEs3+pqdkgRsdYQ9HW+lBm/8pWwJlNAv0bi9NykItXMwAUFtncgq+6Pnh3iAM972GXSa5VV4LcGQ5b8CBdHCHiEKDqyPv5Hr5QfYL/FQaWlcNRh4QZZlZNPFA=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 940 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 22934
+;; flags: qr aa rd ra cd ; qd: 1 an: 3 au: 0 ad: 1 
+;; QUESTIONS:
+;;	partial.ingotronic.ch., type = DS, class = IN
+
+;; ANSWERS:
+partial.ingotronic.ch.	300	IN	DS	13138 5 1 8FF29061811A3FADE7757B05CE3AD82B6086D1DD
+partial.ingotronic.ch.	300	IN	DS	13138 5 2 394763F1A8678BB4F411ECD5D9C49FA071C253C9D834F6160667B853A6B7C4B9
+partial.ingotronic.ch.	300	IN	RRSIG	DS 5 3 300 20150125004144 20141226003211 17430 ingotronic.ch. GMEz0/NesDaxYzP4XHC5owCth8S713p6ltAYBi2azla5dWomDM80ptsptRLL85LP/pRUL/VHrSGLMOKjH2pFDzZzFfFoBSMK2LFol/E+hBg7gMEovDkaORsqfoVslloq6v+D/o3i2Qxs2GNRSiXjx7ghCYP8kN0qLCWDAcejHgw=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 307 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 16901
+;; flags: qr aa rd ra cd ; qd: 1 an: 4 au: 0 ad: 1 
+;; QUESTIONS:
+;;	partial.ingotronic.ch., type = DNSKEY, class = IN
+
+;; ANSWERS:
+partial.ingotronic.ch.	300	IN	DNSKEY	256 3 5 AwEAAZpJkpX2HWKaFlYyWe6ZFKl0EJ1SKDcOJpa2KpxY7LXNHgh2M48YGvns4rVWfwcdxlYBC8I0g9sp6+I3leShroDO+khZg7j3sCsljmxPynWQ2MT6vDexl1a85MDj7U27s16EhGbjfDyHZkLR/0VT17Vaw+cQu5gPtSN767suaRR3
+partial.ingotronic.ch.	300	IN	DNSKEY	257 3 5 AwEAAdFaXI5Oh7YBgtdA3Lt1q3wvDAwTs/dqhZEWrRyFtudddJAof4IJa4lmheaUzxaDDtrRB9D5UGuhA9SQTxJTJWogsN5KJH0dBr/8MiL/H6CZHGXGzs1nCDiiyzq/AL/dyYJrRD+AOHqzXmuW7wjjvaWgGRDTYJ2pvCujpv/UPJ6Z1yo1Xz/zLhRgsv7SDjDapfh93ZuzH8tFei8Z06jm+j2Wt/Izj9P0chRwUOP2pjgD9fNVv9yNh2ktEGwnKR/N/tqmI6xyNed2x5Xupw/flckUTisx4O/JcfcjutczA8p5Bwl1+atwfZX3Fc6fkPJNeY7DS/6/bK+YNDngXAD0oP8=
+partial.ingotronic.ch.	300	IN	RRSIG	DNSKEY 5 3 300 20150131221503 20150101221029 10287 partial.ingotronic.ch. ErXJpzUqhyN/3lF6d+cQ9d4wXQ7iD10483V4dbuoli5mZjZWdODzxrOIdrD+s5JUGw0ZDlpuVobDGzah9aPKZzrsZkdn2+D1AmOd0g0yybrkq+aDVf5u9HfLzcjwta9ZZILaZh1fy8lMue+saVrQ6ApVqwX95IDtqmhZ99mUEa0=
+partial.ingotronic.ch.	300	IN	RRSIG	DNSKEY 5 3 300 20150131221503 20150101221029 13138 partial.ingotronic.ch. qgUereTamIG/Wy59QOglwGVSPwGtaR8zbdFpgGtyvLo1AgxqWp0ndkhaMfUp/PtRHe/4YlpCD3UYqC0xd06znt6gKUDygZEz6uxF9r1jXaj8kVXPkubMm0BB/BY1rxMV0LvtN3CcAlA1Ma6aaszSG8QczWSIOOpgKyRmg+OqV9eT157+YBlkB4tdBYitxApZfMbvUdMBtoS5bGHiUkjfIvim1OWq4rDq48rflI9A6u+39ahp1th5UvTyA5N5xoyWinheK6QJsXL6mSfchukg7JylebvuVTkvuM7/mgFLIFrow2vYWFL4NTjbu0EhJVedTEp9ENBMpGtxeFwyQ/P0oQ==
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 964 bytes
+
+###############################################
+
diff --git a/src/test/resources/recordings/org_xbill_DNS_dnssec_TestPartiallyInvalid/testValidNonExising b/src/test/resources/recordings/org_xbill_DNS_dnssec_TestPartiallyInvalid/testValidNonExising
new file mode 100644
index 000000000..7e45eb44a
--- /dev/null
+++ b/src/test/resources/recordings/org_xbill_DNS_dnssec_TestPartiallyInvalid/testValidNonExising
@@ -0,0 +1,159 @@
+#Date: 2015-01-06T22:35:12+01:00
+;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 33483
+;; flags: qr aa rd ra cd ; qd: 1 an: 0 au: 6 ad: 1 
+;; QUESTIONS:
+;;	www.gibtsnicht.partial.ingotronic.ch., type = A, class = IN
+
+;; ANSWERS:
+
+;; AUTHORITY RECORDS:
+partial.ingotronic.ch.	300	IN	SOA	ns1.ingotronic.ch. admin.ingotronic.ch. 2013032732 300 60 864000 300
+partial.ingotronic.ch.	300	IN	RRSIG	SOA 5 3 300 20150131234913 20150101224913 10287 partial.ingotronic.ch. j9iaBtgpVcN1UdJRxfBoPmITC25ul+di6s0SZrDz/+tKZtJa2Pt5OEMuZwyPyoTXLxOw95/fsRBBEe7ltdU832BQbc7bc26y6lJRB8xYwtyr4ponxairB2qafUtJge50Euik5B5hvPEtJ0Uaqah9Tgd6jIk3FOZjr+eOS+3/Uus=
+partial.ingotronic.ch.	300	IN	NSEC	a.b.partial.ingotronic.ch. A NS SOA RRSIG NSEC DNSKEY
+partial.ingotronic.ch.	300	IN	RRSIG	NSEC 5 3 300 20150114201832 20141215193100 10287 partial.ingotronic.ch. lPXkSiRb1MAI4Vvl7B21CPy5VLsoBwsNA5n6daRwUxXgMcQTgoeQF+/pU7ljIRr/8Ha3jIDBPIDMnH3t/UL2+9fTe0kch9EjeWTy4eTGJAwNZri6IwEnpAecFtWllSJKcFq6oYv7BK6hFfnDeRr95LOtFSqhdTXydPC+MtmN3YM=
+a.d.partial.ingotronic.ch.	300	IN	NSEC	www.partial.ingotronic.ch. A RRSIG NSEC
+a.d.partial.ingotronic.ch.	300	IN	RRSIG	NSEC 5 5 300 20150131215743 20150101214134 10287 partial.ingotronic.ch. JLvNDN5napvCnhCvMYMA4bB/q/odOgHEUR1YDMvYGJDhjToN+ciwjuiiXYcSqHmF7fRQxi6c04eoq0sCgC+cM1Gpnw/JJPzOO6WoT3+gf3XGmdIg7n0Kp9W0/GIwkWp1h6/f3JDig/XY/1bJL9307VyWsc/Bq25O1u8h0gosTUw=
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 753 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 38613
+;; flags: qr rd ra ad cd ; qd: 1 an: 4 au: 0 ad: 1 
+;; QUESTIONS:
+;;	., type = DNSKEY, class = IN
+
+;; ANSWERS:
+.			87362	IN	DNSKEY	257 3 8 AwEAAagAIKlVZrpC6Ia7gEzahOR+9W29euxhJhVVLOyQbSEW0O8gcCjFFVQUTf6v58fLjwBd0YI0EzrAcQqBGCzh/RStIoO8g0NfnfL2MTJRkxoXbfDaUeVPQuYEhg37NZWAJQ9VnMVDxP/VHL496M/QZxkjf5/Efucp2gaDX6RS6CXpoY68LsvPVjR0ZSwzz1apAzvN9dlzEheX7ICJBBtuA6G3LQpzW5hOA2hzCTMjJPJ8LbqF6dsV6DoBQzgul0sGIcGOYl7OyQdXfZ57relSQageu+ipAdTTJ25AsRTAoub8ONGcLmqrAmRLKBP1dfwhYB4N7knNnulqQxA+Uk1ihz0=
+.			87362	IN	DNSKEY	256 3 8 AwEAAaPD7Y7XIi1MOEREJNTrRhyqsY3gff6JWzg+XCbqut1sbcbvqyssHw8DT1AkRaAC92pO8xuyq5QEgEPL1IHfABLwpwXI5gTj4gdwi86bpkmlWs9fRpnn4DPDCTdrnxIejJXgClHikLJF3u3CdpNCMijq4CKdQbMlRZ3avv+G7rh7
+.			87362	IN	DNSKEY	256 3 8 AwEAAe3fSrbLBy3LOS7pnxEUhvPZTE2H5dIGsI/UfruI/nOEvWWa/PSX2BFedBkEqOlYdjdNF2f+6lmfk2Od/xu0v5bVqxFE+/24v3hZSlWBxvXzPTAGHrbW/IJYEPqlzVOAS4XdUgHg0N7IbLywNHMvB+Yf+Nm6ctyXXFLV4WTNnzs7
+.			87362	IN	RRSIG	DNSKEY 8 0 172800 20150115235959 20150101000000 19036 . i8cAxD2pvQi1oAyvQxRpDfFlbqPzW+69QQEsDwE1eWOm5AtawO9U7lmsGps7sy/fVNvl1ljKBj4Djp9pb3U2FLogjiIlW0cDAkPmLlG9t+b/pjEfBNlhjANUVN06pvQVAfm+LcF26EaWT6FlISBqb6jSy4BHRa3Bdc4Sx7+pRSYSqVVvYxLkfAWsKPqGkvWhebJDndJJV9syXQXgZ+v/uJ+6XOS43xkAdeL8iBzIs/FlwMTfh3tVe3d0lb65IBBLlCzeQuetX+0Vu1YFcnD0mHc/wS2ZnAV5toAFmyVQBoY/XAZiZeaOkcROJ6Zmqezy7liwK7BqsYyAZntMhk8lbg==
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 883 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 30892
+;; flags: qr rd ra ad cd ; qd: 1 an: 2 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ch., type = DS, class = IN
+
+;; ANSWERS:
+ch.			962	IN	DS	46375 8 2 8F96646FC68BB7E4AF4C0750A6096FBC0D4ECDA3D3FA6DA06FDDB42EE50C6CF3
+ch.			962	IN	RRSIG	DS 8 1 86400 20150112170000 20150105160000 16665 . thY7xYWBBxiBjqbQIb9fAG4TmQgnziwM7q6P1T3/ITxmECdvOCQnnZA3uD7qmN8uM0HudsD7+y+zgD3rsH4RSTKdL4kHSI0OnCxToMTvklghEgFDezqIRm8NkWdI2H4Stwrj20nYKSpLQxPI2EE54gs18P3KyO8bAUYv8Qx73xU=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 238 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 50832
+;; flags: qr rd ra ad cd ; qd: 1 an: 4 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ch., type = DNSKEY, class = IN
+
+;; ANSWERS:
+ch.			963	IN	DNSKEY	256 3 8 AwEAAcsg0kY6fw1wzYMhSAKTy+Y2JzAst66P/1odp9NECJJHbU8f4nwziI3onoFSBV0ZiSZhY1aH5dhdDZ7BkrqhVXSrZPAz0CvzjIxmB1gSOf9DeZvjQvoy97HqYolxsf+B3QQv2RKBT67elF5+JisKg3/dQISelKn8LhabSoVrMlD1
+ch.			963	IN	DNSKEY	256 3 8 AwEAAcSLdT0fEmcFmLpeUkAJoeVaHKiu+nbuc43fWlqaCRVf8t2HA4uWxOk0O5ci9nrFTc8nq8oa5fk5Cj7CHh4yrX9qUCfTdIWTyp8BDEdJpS+Dyb0u9wQuVj+nQMj4fLzdQf4TJs3/qxuiLr3nL1UUwlhhXeqSqGVb7p3mtB5HJ8ad
+ch.			963	IN	DNSKEY	257 3 8 AwEAAb7GhhZ8IAy/AhwmSms5DeQK5ad09wIIplEpYoiAIYXPtJvT1ReFzyfTp/2YP+g/PWDwHPh4qKAHa9x0VgbIQcGAeNakmfkAdWEmCnca323/SAml3mwfaX62G7/uYWae5zh8QTxZKNd+K1yZ5x0IxnI31chSl5xymRbTEHYZDKwSIRFM3fTxUMt93WFaBVWELReYotJBr++rvAWdnlay5TPBTvheLBkaiqtgM4GP8HK07Y+86lsZnEsj5K3G1KTV5SPpa82rqYAwxG9VKbmSE/6/kBR5jJHjt1rRt5Oe7v18aEtw0YCEN4vxq+KuvMoNVqXUsE9LBwHJD+QNwi6wmB0=
+ch.			963	IN	RRSIG	DNSKEY 8 1 86400 20150127100909 20141212090909 46375 ch. bT8q0FWyeMH0SulNo6UdIIgZYNATwYsee2bikq2Gh339Bufma8eaqWIPYT3XKmxYPBFOw0bVl+kLZxTwbR1CFoCDXoP+qgQhh4mf9qkNiv2CDSc+0FE3FRREn+DAhYTUEuB58FPiPakFB8s8O7T+k2qhDae7jy4/y7Jl1lnjaBY8s7bzOUPhF0KKCNZmvoKwtL23ZdVeTSV1xM3jkiNnpzBKbcoSWECSGJVp1SE0BnRXdwQP41YTXFZ0310YjaTAUCC5qbMIWdEkHjfdSQtKBImnc85mkapq9w++XQ4zhauPWBtrPV3CcoCahjUaWdjrKVkibomlJZaN8MEO23CfQw==
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 893 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 57379
+;; flags: qr rd ra cd ; qd: 1 an: 3 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ingotronic.ch., type = DS, class = IN
+
+;; ANSWERS:
+ingotronic.ch.		3571	IN	DS	6031 5 1 733D0218B571CD617B1A7493564B9FC4F12ADE82
+ingotronic.ch.		3571	IN	DS	6031 5 2 4A948F2FDADA24686E473EDAC00DCF972584C75E3FAA92C2021B6221449FF87E
+ingotronic.ch.		3571	IN	RRSIG	DS 8 2 3600 20150129033614 20150105123019 60789 ch. rVPJP2HhzW7OkroK2axFj5Lb4iVWCH8Fp/Iq1rF952NDo72b8RiKje2RaAKJAGQ+wd0YgE+PAej04GCmkhlDJA/zvPeeTxuhy3HbJzReMlQ7fjyH+wW1hli+FuIYvogXWf7nO/9VyPORt8X/f/pjrOr3Vlj9sGLN8TGYpEuVSw4=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 288 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 44173
+;; flags: qr aa rd ra cd ; qd: 1 an: 4 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ingotronic.ch., type = DNSKEY, class = IN
+
+;; ANSWERS:
+ingotronic.ch.		300	IN	DNSKEY	256 3 5 AwEAAZ2Xh77GFzpEDx7EHYxShqltHgkiG+BOjBGifEmnJhQSdE5/yNSLFNcdhZZ8HUPxYnaedTqJcFFg4AzUsQklF/fECegTJdZjaj2WoL0/I8K7HMfY/hVuRZUWPNglYi8agJRX6gdkFTCpUNI7stpgKqxtzUJhhw15uG/lKMplwqUr
+ingotronic.ch.		300	IN	DNSKEY	257 3 5 AwEAAeA1vzmjaB+eBAcvhzpKEgAEFpvQ1rg4uKDW6MsQtacKoqBpgyep2+LuWotz5p/xYxj3NGsArwN8Ad5cY0FHRr8miTT0elOv6nvlqGIfRuhj/BXAQ1x4ihpSFslHw0lJMYFwxsUZWpUyjWX/nv1xRZMMwF46gui0N4OEbyTYusCk77D+A71k+K0EAitFIbIH4GCUKmH1H7HmXhSVH9bN/n7KEGwW32lmsuuUcJoRKDkcUvbMXY/9Xoa2quERrUg/rBbDUHowRPjYDS5GzY1+f4YY8s40BufGiqyUTKKXL953MVFK8gmezXA0hbmrnZ7CBOw/7238mORAdzExaX8n7CE=
+ingotronic.ch.		300	IN	RRSIG	DNSKEY 5 2 300 20150125003700 20141226001657 6031 ingotronic.ch. rs1QlP2SlSpA2ELbzwg3DgWLzXWL3Lpv6CUJE2Q0qH2Zp7Qdy3cD+ZEtNh9v24Qv1M6JJ3zFt8mmZoCeW2ycuMbJCqBkW9CBuwF+VznZvZY2MxwPipvhvEEGP//0M8YAZJ66yQPDv3PTdAP8FYbIrJyvY44vwyncwbslpfHT9jAsrbfr3vuMuWps86dnP462q+0s1TxBfqi8mzo3gdavjHKWVNwohLahLKT+tWeu6DSzQv0YwMjwtkLgF7QRgx3ctIIkloOrnx9nHH1N6y+hxEB89fOlyVDjHhgL5uVtsD5fEdT0FJ2Gc/2nShEMMqIwr1/J9kUq1mNySff/uEe65Q==
+ingotronic.ch.		300	IN	RRSIG	DNSKEY 5 2 300 20150125003700 20141226001657 17430 ingotronic.ch. mEwZjhQqeWksWD0TCnNBrtce4YkWJL3edqL6PvAUu8Fn+Ih437kEs3+pqdkgRsdYQ9HW+lBm/8pWwJlNAv0bi9NykItXMwAUFtncgq+6Pnh3iAM972GXSa5VV4LcGQ5b8CBdHCHiEKDqyPv5Hr5QfYL/FQaWlcNRh4QZZlZNPFA=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 940 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 46232
+;; flags: qr aa rd ra cd ; qd: 1 an: 3 au: 0 ad: 1 
+;; QUESTIONS:
+;;	partial.ingotronic.ch., type = DS, class = IN
+
+;; ANSWERS:
+partial.ingotronic.ch.	300	IN	DS	13138 5 2 394763F1A8678BB4F411ECD5D9C49FA071C253C9D834F6160667B853A6B7C4B9
+partial.ingotronic.ch.	300	IN	DS	13138 5 1 8FF29061811A3FADE7757B05CE3AD82B6086D1DD
+partial.ingotronic.ch.	300	IN	RRSIG	DS 5 3 300 20150125004144 20141226003211 17430 ingotronic.ch. GMEz0/NesDaxYzP4XHC5owCth8S713p6ltAYBi2azla5dWomDM80ptsptRLL85LP/pRUL/VHrSGLMOKjH2pFDzZzFfFoBSMK2LFol/E+hBg7gMEovDkaORsqfoVslloq6v+D/o3i2Qxs2GNRSiXjx7ghCYP8kN0qLCWDAcejHgw=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 307 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 16111
+;; flags: qr aa rd ra cd ; qd: 1 an: 4 au: 0 ad: 1 
+;; QUESTIONS:
+;;	partial.ingotronic.ch., type = DNSKEY, class = IN
+
+;; ANSWERS:
+partial.ingotronic.ch.	300	IN	DNSKEY	257 3 5 AwEAAdFaXI5Oh7YBgtdA3Lt1q3wvDAwTs/dqhZEWrRyFtudddJAof4IJa4lmheaUzxaDDtrRB9D5UGuhA9SQTxJTJWogsN5KJH0dBr/8MiL/H6CZHGXGzs1nCDiiyzq/AL/dyYJrRD+AOHqzXmuW7wjjvaWgGRDTYJ2pvCujpv/UPJ6Z1yo1Xz/zLhRgsv7SDjDapfh93ZuzH8tFei8Z06jm+j2Wt/Izj9P0chRwUOP2pjgD9fNVv9yNh2ktEGwnKR/N/tqmI6xyNed2x5Xupw/flckUTisx4O/JcfcjutczA8p5Bwl1+atwfZX3Fc6fkPJNeY7DS/6/bK+YNDngXAD0oP8=
+partial.ingotronic.ch.	300	IN	DNSKEY	256 3 5 AwEAAZpJkpX2HWKaFlYyWe6ZFKl0EJ1SKDcOJpa2KpxY7LXNHgh2M48YGvns4rVWfwcdxlYBC8I0g9sp6+I3leShroDO+khZg7j3sCsljmxPynWQ2MT6vDexl1a85MDj7U27s16EhGbjfDyHZkLR/0VT17Vaw+cQu5gPtSN767suaRR3
+partial.ingotronic.ch.	300	IN	RRSIG	DNSKEY 5 3 300 20150131221503 20150101221029 10287 partial.ingotronic.ch. ErXJpzUqhyN/3lF6d+cQ9d4wXQ7iD10483V4dbuoli5mZjZWdODzxrOIdrD+s5JUGw0ZDlpuVobDGzah9aPKZzrsZkdn2+D1AmOd0g0yybrkq+aDVf5u9HfLzcjwta9ZZILaZh1fy8lMue+saVrQ6ApVqwX95IDtqmhZ99mUEa0=
+partial.ingotronic.ch.	300	IN	RRSIG	DNSKEY 5 3 300 20150131221503 20150101221029 13138 partial.ingotronic.ch. qgUereTamIG/Wy59QOglwGVSPwGtaR8zbdFpgGtyvLo1AgxqWp0ndkhaMfUp/PtRHe/4YlpCD3UYqC0xd06znt6gKUDygZEz6uxF9r1jXaj8kVXPkubMm0BB/BY1rxMV0LvtN3CcAlA1Ma6aaszSG8QczWSIOOpgKyRmg+OqV9eT157+YBlkB4tdBYitxApZfMbvUdMBtoS5bGHiUkjfIvim1OWq4rDq48rflI9A6u+39ahp1th5UvTyA5N5xoyWinheK6QJsXL6mSfchukg7JylebvuVTkvuM7/mgFLIFrow2vYWFL4NTjbu0EhJVedTEp9ENBMpGtxeFwyQ/P0oQ==
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 964 bytes
+
+###############################################
+
diff --git a/src/test/resources/recordings/org_xbill_DNS_dnssec_TestPositive/testCDonQueryDoesntDoAnything b/src/test/resources/recordings/org_xbill_DNS_dnssec_TestPositive/testCDonQueryDoesntDoAnything
new file mode 100644
index 000000000..4da76fbc1
--- /dev/null
+++ b/src/test/resources/recordings/org_xbill_DNS_dnssec_TestPositive/testCDonQueryDoesntDoAnything
@@ -0,0 +1,120 @@
+#Date: 2015-01-06T22:35:26+01:00
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 53070
+;; flags: qr aa rd ra cd ; qd: 1 an: 2 au: 2 ad: 3 
+;; QUESTIONS:
+;;	www.ingotronic.ch., type = A, class = IN
+
+;; ANSWERS:
+www.ingotronic.ch.	300	IN	A	127.0.0.1
+www.ingotronic.ch.	300	IN	RRSIG	A 5 3 300 20150125012443 20141226010256 17430 ingotronic.ch. hkD2bkHZKHoJX8cg69j6l1JXE7iYlVFc0iMo3/3hcq4TqieiT2El/9DLfMSxa7XyB/HRDG5Ul61E56pwlCDdxkwemtAuTzjCpqAtvQ5l5OEtTM4i6nijKBkRRzHjh99qDI1jh9GFv3jkTk5m7iaMQemUB4VTjKGLcZHXvWmQLbg=
+
+;; AUTHORITY RECORDS:
+ingotronic.ch.		300	IN	NS	ns1.ingotronic.ch.
+ingotronic.ch.		300	IN	RRSIG	NS 5 2 300 20150125000532 20141225234703 17430 ingotronic.ch. VuzVJM3McSHlcdngCG/G23zCikq8tXE0CZV2ZSgUFXXFMIEoM6PMi1QRQ/8VF3tee4WGpRx2jhtkui0wFRFfwIhW7G1uPDT4qogaR3KLIyuCEsMxhRH3WJZNrLmLqlSBGvd9OBJwbmryqm3Zzqvrk+E+rh8OJeifnBBpHAX4eHg=
+
+;; ADDITIONAL RECORDS:
+ns1.ingotronic.ch.	300	IN	A	62.192.5.131
+ns1.ingotronic.ch.	300	IN	RRSIG	A 5 3 300 20150125005754 20141226001054 17430 ingotronic.ch. fNG1RZM53pXwBxruHNaSZszxVzNLoCq8VZsTjAzYH2vSLzHXYVGJFTLIeY0K9APAdyJU8WuwmABmn7XY0Kg39kRG77uoFlqUws2PdTz2QKOwJGZY7W88Ak2Y9lkDBcK8o3wJHVptrT8R7p/1U7UfjF0kqPUkakk2B0EbFWdagFg=
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 615 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 44772
+;; flags: qr rd ra ad cd ; qd: 1 an: 4 au: 0 ad: 1 
+;; QUESTIONS:
+;;	., type = DNSKEY, class = IN
+
+;; ANSWERS:
+.			87347	IN	DNSKEY	256 3 8 AwEAAaPD7Y7XIi1MOEREJNTrRhyqsY3gff6JWzg+XCbqut1sbcbvqyssHw8DT1AkRaAC92pO8xuyq5QEgEPL1IHfABLwpwXI5gTj4gdwi86bpkmlWs9fRpnn4DPDCTdrnxIejJXgClHikLJF3u3CdpNCMijq4CKdQbMlRZ3avv+G7rh7
+.			87347	IN	DNSKEY	256 3 8 AwEAAe3fSrbLBy3LOS7pnxEUhvPZTE2H5dIGsI/UfruI/nOEvWWa/PSX2BFedBkEqOlYdjdNF2f+6lmfk2Od/xu0v5bVqxFE+/24v3hZSlWBxvXzPTAGHrbW/IJYEPqlzVOAS4XdUgHg0N7IbLywNHMvB+Yf+Nm6ctyXXFLV4WTNnzs7
+.			87347	IN	DNSKEY	257 3 8 AwEAAagAIKlVZrpC6Ia7gEzahOR+9W29euxhJhVVLOyQbSEW0O8gcCjFFVQUTf6v58fLjwBd0YI0EzrAcQqBGCzh/RStIoO8g0NfnfL2MTJRkxoXbfDaUeVPQuYEhg37NZWAJQ9VnMVDxP/VHL496M/QZxkjf5/Efucp2gaDX6RS6CXpoY68LsvPVjR0ZSwzz1apAzvN9dlzEheX7ICJBBtuA6G3LQpzW5hOA2hzCTMjJPJ8LbqF6dsV6DoBQzgul0sGIcGOYl7OyQdXfZ57relSQageu+ipAdTTJ25AsRTAoub8ONGcLmqrAmRLKBP1dfwhYB4N7knNnulqQxA+Uk1ihz0=
+.			87347	IN	RRSIG	DNSKEY 8 0 172800 20150115235959 20150101000000 19036 . i8cAxD2pvQi1oAyvQxRpDfFlbqPzW+69QQEsDwE1eWOm5AtawO9U7lmsGps7sy/fVNvl1ljKBj4Djp9pb3U2FLogjiIlW0cDAkPmLlG9t+b/pjEfBNlhjANUVN06pvQVAfm+LcF26EaWT6FlISBqb6jSy4BHRa3Bdc4Sx7+pRSYSqVVvYxLkfAWsKPqGkvWhebJDndJJV9syXQXgZ+v/uJ+6XOS43xkAdeL8iBzIs/FlwMTfh3tVe3d0lb65IBBLlCzeQuetX+0Vu1YFcnD0mHc/wS2ZnAV5toAFmyVQBoY/XAZiZeaOkcROJ6Zmqezy7liwK7BqsYyAZntMhk8lbg==
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 883 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 59154
+;; flags: qr rd ra ad cd ; qd: 1 an: 2 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ch., type = DS, class = IN
+
+;; ANSWERS:
+ch.			947	IN	DS	46375 8 2 8F96646FC68BB7E4AF4C0750A6096FBC0D4ECDA3D3FA6DA06FDDB42EE50C6CF3
+ch.			947	IN	RRSIG	DS 8 1 86400 20150112170000 20150105160000 16665 . thY7xYWBBxiBjqbQIb9fAG4TmQgnziwM7q6P1T3/ITxmECdvOCQnnZA3uD7qmN8uM0HudsD7+y+zgD3rsH4RSTKdL4kHSI0OnCxToMTvklghEgFDezqIRm8NkWdI2H4Stwrj20nYKSpLQxPI2EE54gs18P3KyO8bAUYv8Qx73xU=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 238 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 51168
+;; flags: qr rd ra ad cd ; qd: 1 an: 4 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ch., type = DNSKEY, class = IN
+
+;; ANSWERS:
+ch.			948	IN	DNSKEY	256 3 8 AwEAAcsg0kY6fw1wzYMhSAKTy+Y2JzAst66P/1odp9NECJJHbU8f4nwziI3onoFSBV0ZiSZhY1aH5dhdDZ7BkrqhVXSrZPAz0CvzjIxmB1gSOf9DeZvjQvoy97HqYolxsf+B3QQv2RKBT67elF5+JisKg3/dQISelKn8LhabSoVrMlD1
+ch.			948	IN	DNSKEY	257 3 8 AwEAAb7GhhZ8IAy/AhwmSms5DeQK5ad09wIIplEpYoiAIYXPtJvT1ReFzyfTp/2YP+g/PWDwHPh4qKAHa9x0VgbIQcGAeNakmfkAdWEmCnca323/SAml3mwfaX62G7/uYWae5zh8QTxZKNd+K1yZ5x0IxnI31chSl5xymRbTEHYZDKwSIRFM3fTxUMt93WFaBVWELReYotJBr++rvAWdnlay5TPBTvheLBkaiqtgM4GP8HK07Y+86lsZnEsj5K3G1KTV5SPpa82rqYAwxG9VKbmSE/6/kBR5jJHjt1rRt5Oe7v18aEtw0YCEN4vxq+KuvMoNVqXUsE9LBwHJD+QNwi6wmB0=
+ch.			948	IN	DNSKEY	256 3 8 AwEAAcSLdT0fEmcFmLpeUkAJoeVaHKiu+nbuc43fWlqaCRVf8t2HA4uWxOk0O5ci9nrFTc8nq8oa5fk5Cj7CHh4yrX9qUCfTdIWTyp8BDEdJpS+Dyb0u9wQuVj+nQMj4fLzdQf4TJs3/qxuiLr3nL1UUwlhhXeqSqGVb7p3mtB5HJ8ad
+ch.			948	IN	RRSIG	DNSKEY 8 1 86400 20150127100909 20141212090909 46375 ch. bT8q0FWyeMH0SulNo6UdIIgZYNATwYsee2bikq2Gh339Bufma8eaqWIPYT3XKmxYPBFOw0bVl+kLZxTwbR1CFoCDXoP+qgQhh4mf9qkNiv2CDSc+0FE3FRREn+DAhYTUEuB58FPiPakFB8s8O7T+k2qhDae7jy4/y7Jl1lnjaBY8s7bzOUPhF0KKCNZmvoKwtL23ZdVeTSV1xM3jkiNnpzBKbcoSWECSGJVp1SE0BnRXdwQP41YTXFZ0310YjaTAUCC5qbMIWdEkHjfdSQtKBImnc85mkapq9w++XQ4zhauPWBtrPV3CcoCahjUaWdjrKVkibomlJZaN8MEO23CfQw==
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 893 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 48789
+;; flags: qr rd ra cd ; qd: 1 an: 3 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ingotronic.ch., type = DS, class = IN
+
+;; ANSWERS:
+ingotronic.ch.		3556	IN	DS	6031 5 2 4A948F2FDADA24686E473EDAC00DCF972584C75E3FAA92C2021B6221449FF87E
+ingotronic.ch.		3556	IN	DS	6031 5 1 733D0218B571CD617B1A7493564B9FC4F12ADE82
+ingotronic.ch.		3556	IN	RRSIG	DS 8 2 3600 20150129033614 20150105123019 60789 ch. rVPJP2HhzW7OkroK2axFj5Lb4iVWCH8Fp/Iq1rF952NDo72b8RiKje2RaAKJAGQ+wd0YgE+PAej04GCmkhlDJA/zvPeeTxuhy3HbJzReMlQ7fjyH+wW1hli+FuIYvogXWf7nO/9VyPORt8X/f/pjrOr3Vlj9sGLN8TGYpEuVSw4=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 288 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 43654
+;; flags: qr aa rd ra cd ; qd: 1 an: 4 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ingotronic.ch., type = DNSKEY, class = IN
+
+;; ANSWERS:
+ingotronic.ch.		300	IN	DNSKEY	256 3 5 AwEAAZ2Xh77GFzpEDx7EHYxShqltHgkiG+BOjBGifEmnJhQSdE5/yNSLFNcdhZZ8HUPxYnaedTqJcFFg4AzUsQklF/fECegTJdZjaj2WoL0/I8K7HMfY/hVuRZUWPNglYi8agJRX6gdkFTCpUNI7stpgKqxtzUJhhw15uG/lKMplwqUr
+ingotronic.ch.		300	IN	DNSKEY	257 3 5 AwEAAeA1vzmjaB+eBAcvhzpKEgAEFpvQ1rg4uKDW6MsQtacKoqBpgyep2+LuWotz5p/xYxj3NGsArwN8Ad5cY0FHRr8miTT0elOv6nvlqGIfRuhj/BXAQ1x4ihpSFslHw0lJMYFwxsUZWpUyjWX/nv1xRZMMwF46gui0N4OEbyTYusCk77D+A71k+K0EAitFIbIH4GCUKmH1H7HmXhSVH9bN/n7KEGwW32lmsuuUcJoRKDkcUvbMXY/9Xoa2quERrUg/rBbDUHowRPjYDS5GzY1+f4YY8s40BufGiqyUTKKXL953MVFK8gmezXA0hbmrnZ7CBOw/7238mORAdzExaX8n7CE=
+ingotronic.ch.		300	IN	RRSIG	DNSKEY 5 2 300 20150125003700 20141226001657 6031 ingotronic.ch. rs1QlP2SlSpA2ELbzwg3DgWLzXWL3Lpv6CUJE2Q0qH2Zp7Qdy3cD+ZEtNh9v24Qv1M6JJ3zFt8mmZoCeW2ycuMbJCqBkW9CBuwF+VznZvZY2MxwPipvhvEEGP//0M8YAZJ66yQPDv3PTdAP8FYbIrJyvY44vwyncwbslpfHT9jAsrbfr3vuMuWps86dnP462q+0s1TxBfqi8mzo3gdavjHKWVNwohLahLKT+tWeu6DSzQv0YwMjwtkLgF7QRgx3ctIIkloOrnx9nHH1N6y+hxEB89fOlyVDjHhgL5uVtsD5fEdT0FJ2Gc/2nShEMMqIwr1/J9kUq1mNySff/uEe65Q==
+ingotronic.ch.		300	IN	RRSIG	DNSKEY 5 2 300 20150125003700 20141226001657 17430 ingotronic.ch. mEwZjhQqeWksWD0TCnNBrtce4YkWJL3edqL6PvAUu8Fn+Ih437kEs3+pqdkgRsdYQ9HW+lBm/8pWwJlNAv0bi9NykItXMwAUFtncgq+6Pnh3iAM972GXSa5VV4LcGQ5b8CBdHCHiEKDqyPv5Hr5QfYL/FQaWlcNRh4QZZlZNPFA=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 940 bytes
+
+###############################################
+
diff --git a/src/test/resources/recordings/org_xbill_DNS_dnssec_TestPositive/testValidAnswerToDifferentQueryTypeIsBogus b/src/test/resources/recordings/org_xbill_DNS_dnssec_TestPositive/testValidAnswerToDifferentQueryTypeIsBogus
new file mode 100644
index 000000000..dce835bad
--- /dev/null
+++ b/src/test/resources/recordings/org_xbill_DNS_dnssec_TestPositive/testValidAnswerToDifferentQueryTypeIsBogus
@@ -0,0 +1,120 @@
+#Date: 2015-01-06T22:35:26+01:00
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 17080
+;; flags: qr aa rd ra cd ; qd: 1 an: 2 au: 2 ad: 3 
+;; QUESTIONS:
+;;	www.ingotronic.ch., type = A, class = IN
+
+;; ANSWERS:
+www.ingotronic.ch.	300	IN	A	127.0.0.1
+www.ingotronic.ch.	300	IN	RRSIG	A 5 3 300 20150125012443 20141226010256 17430 ingotronic.ch. hkD2bkHZKHoJX8cg69j6l1JXE7iYlVFc0iMo3/3hcq4TqieiT2El/9DLfMSxa7XyB/HRDG5Ul61E56pwlCDdxkwemtAuTzjCpqAtvQ5l5OEtTM4i6nijKBkRRzHjh99qDI1jh9GFv3jkTk5m7iaMQemUB4VTjKGLcZHXvWmQLbg=
+
+;; AUTHORITY RECORDS:
+ingotronic.ch.		300	IN	NS	ns1.ingotronic.ch.
+ingotronic.ch.		300	IN	RRSIG	NS 5 2 300 20150125000532 20141225234703 17430 ingotronic.ch. VuzVJM3McSHlcdngCG/G23zCikq8tXE0CZV2ZSgUFXXFMIEoM6PMi1QRQ/8VF3tee4WGpRx2jhtkui0wFRFfwIhW7G1uPDT4qogaR3KLIyuCEsMxhRH3WJZNrLmLqlSBGvd9OBJwbmryqm3Zzqvrk+E+rh8OJeifnBBpHAX4eHg=
+
+;; ADDITIONAL RECORDS:
+ns1.ingotronic.ch.	300	IN	A	62.192.5.131
+ns1.ingotronic.ch.	300	IN	RRSIG	A 5 3 300 20150125005754 20141226001054 17430 ingotronic.ch. fNG1RZM53pXwBxruHNaSZszxVzNLoCq8VZsTjAzYH2vSLzHXYVGJFTLIeY0K9APAdyJU8WuwmABmn7XY0Kg39kRG77uoFlqUws2PdTz2QKOwJGZY7W88Ak2Y9lkDBcK8o3wJHVptrT8R7p/1U7UfjF0kqPUkakk2B0EbFWdagFg=
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 615 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 11713
+;; flags: qr rd ra ad cd ; qd: 1 an: 4 au: 0 ad: 1 
+;; QUESTIONS:
+;;	., type = DNSKEY, class = IN
+
+;; ANSWERS:
+.			87347	IN	DNSKEY	256 3 8 AwEAAe3fSrbLBy3LOS7pnxEUhvPZTE2H5dIGsI/UfruI/nOEvWWa/PSX2BFedBkEqOlYdjdNF2f+6lmfk2Od/xu0v5bVqxFE+/24v3hZSlWBxvXzPTAGHrbW/IJYEPqlzVOAS4XdUgHg0N7IbLywNHMvB+Yf+Nm6ctyXXFLV4WTNnzs7
+.			87347	IN	DNSKEY	256 3 8 AwEAAaPD7Y7XIi1MOEREJNTrRhyqsY3gff6JWzg+XCbqut1sbcbvqyssHw8DT1AkRaAC92pO8xuyq5QEgEPL1IHfABLwpwXI5gTj4gdwi86bpkmlWs9fRpnn4DPDCTdrnxIejJXgClHikLJF3u3CdpNCMijq4CKdQbMlRZ3avv+G7rh7
+.			87347	IN	DNSKEY	257 3 8 AwEAAagAIKlVZrpC6Ia7gEzahOR+9W29euxhJhVVLOyQbSEW0O8gcCjFFVQUTf6v58fLjwBd0YI0EzrAcQqBGCzh/RStIoO8g0NfnfL2MTJRkxoXbfDaUeVPQuYEhg37NZWAJQ9VnMVDxP/VHL496M/QZxkjf5/Efucp2gaDX6RS6CXpoY68LsvPVjR0ZSwzz1apAzvN9dlzEheX7ICJBBtuA6G3LQpzW5hOA2hzCTMjJPJ8LbqF6dsV6DoBQzgul0sGIcGOYl7OyQdXfZ57relSQageu+ipAdTTJ25AsRTAoub8ONGcLmqrAmRLKBP1dfwhYB4N7knNnulqQxA+Uk1ihz0=
+.			87347	IN	RRSIG	DNSKEY 8 0 172800 20150115235959 20150101000000 19036 . i8cAxD2pvQi1oAyvQxRpDfFlbqPzW+69QQEsDwE1eWOm5AtawO9U7lmsGps7sy/fVNvl1ljKBj4Djp9pb3U2FLogjiIlW0cDAkPmLlG9t+b/pjEfBNlhjANUVN06pvQVAfm+LcF26EaWT6FlISBqb6jSy4BHRa3Bdc4Sx7+pRSYSqVVvYxLkfAWsKPqGkvWhebJDndJJV9syXQXgZ+v/uJ+6XOS43xkAdeL8iBzIs/FlwMTfh3tVe3d0lb65IBBLlCzeQuetX+0Vu1YFcnD0mHc/wS2ZnAV5toAFmyVQBoY/XAZiZeaOkcROJ6Zmqezy7liwK7BqsYyAZntMhk8lbg==
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 883 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 41417
+;; flags: qr rd ra ad cd ; qd: 1 an: 2 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ch., type = DS, class = IN
+
+;; ANSWERS:
+ch.			947	IN	DS	46375 8 2 8F96646FC68BB7E4AF4C0750A6096FBC0D4ECDA3D3FA6DA06FDDB42EE50C6CF3
+ch.			947	IN	RRSIG	DS 8 1 86400 20150112170000 20150105160000 16665 . thY7xYWBBxiBjqbQIb9fAG4TmQgnziwM7q6P1T3/ITxmECdvOCQnnZA3uD7qmN8uM0HudsD7+y+zgD3rsH4RSTKdL4kHSI0OnCxToMTvklghEgFDezqIRm8NkWdI2H4Stwrj20nYKSpLQxPI2EE54gs18P3KyO8bAUYv8Qx73xU=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 238 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 37187
+;; flags: qr rd ra ad cd ; qd: 1 an: 4 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ch., type = DNSKEY, class = IN
+
+;; ANSWERS:
+ch.			948	IN	DNSKEY	256 3 8 AwEAAcSLdT0fEmcFmLpeUkAJoeVaHKiu+nbuc43fWlqaCRVf8t2HA4uWxOk0O5ci9nrFTc8nq8oa5fk5Cj7CHh4yrX9qUCfTdIWTyp8BDEdJpS+Dyb0u9wQuVj+nQMj4fLzdQf4TJs3/qxuiLr3nL1UUwlhhXeqSqGVb7p3mtB5HJ8ad
+ch.			948	IN	DNSKEY	256 3 8 AwEAAcsg0kY6fw1wzYMhSAKTy+Y2JzAst66P/1odp9NECJJHbU8f4nwziI3onoFSBV0ZiSZhY1aH5dhdDZ7BkrqhVXSrZPAz0CvzjIxmB1gSOf9DeZvjQvoy97HqYolxsf+B3QQv2RKBT67elF5+JisKg3/dQISelKn8LhabSoVrMlD1
+ch.			948	IN	DNSKEY	257 3 8 AwEAAb7GhhZ8IAy/AhwmSms5DeQK5ad09wIIplEpYoiAIYXPtJvT1ReFzyfTp/2YP+g/PWDwHPh4qKAHa9x0VgbIQcGAeNakmfkAdWEmCnca323/SAml3mwfaX62G7/uYWae5zh8QTxZKNd+K1yZ5x0IxnI31chSl5xymRbTEHYZDKwSIRFM3fTxUMt93WFaBVWELReYotJBr++rvAWdnlay5TPBTvheLBkaiqtgM4GP8HK07Y+86lsZnEsj5K3G1KTV5SPpa82rqYAwxG9VKbmSE/6/kBR5jJHjt1rRt5Oe7v18aEtw0YCEN4vxq+KuvMoNVqXUsE9LBwHJD+QNwi6wmB0=
+ch.			948	IN	RRSIG	DNSKEY 8 1 86400 20150127100909 20141212090909 46375 ch. bT8q0FWyeMH0SulNo6UdIIgZYNATwYsee2bikq2Gh339Bufma8eaqWIPYT3XKmxYPBFOw0bVl+kLZxTwbR1CFoCDXoP+qgQhh4mf9qkNiv2CDSc+0FE3FRREn+DAhYTUEuB58FPiPakFB8s8O7T+k2qhDae7jy4/y7Jl1lnjaBY8s7bzOUPhF0KKCNZmvoKwtL23ZdVeTSV1xM3jkiNnpzBKbcoSWECSGJVp1SE0BnRXdwQP41YTXFZ0310YjaTAUCC5qbMIWdEkHjfdSQtKBImnc85mkapq9w++XQ4zhauPWBtrPV3CcoCahjUaWdjrKVkibomlJZaN8MEO23CfQw==
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 893 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 11702
+;; flags: qr rd ra cd ; qd: 1 an: 3 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ingotronic.ch., type = DS, class = IN
+
+;; ANSWERS:
+ingotronic.ch.		3556	IN	DS	6031 5 1 733D0218B571CD617B1A7493564B9FC4F12ADE82
+ingotronic.ch.		3556	IN	DS	6031 5 2 4A948F2FDADA24686E473EDAC00DCF972584C75E3FAA92C2021B6221449FF87E
+ingotronic.ch.		3556	IN	RRSIG	DS 8 2 3600 20150129033614 20150105123019 60789 ch. rVPJP2HhzW7OkroK2axFj5Lb4iVWCH8Fp/Iq1rF952NDo72b8RiKje2RaAKJAGQ+wd0YgE+PAej04GCmkhlDJA/zvPeeTxuhy3HbJzReMlQ7fjyH+wW1hli+FuIYvogXWf7nO/9VyPORt8X/f/pjrOr3Vlj9sGLN8TGYpEuVSw4=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 288 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 51726
+;; flags: qr aa rd ra cd ; qd: 1 an: 4 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ingotronic.ch., type = DNSKEY, class = IN
+
+;; ANSWERS:
+ingotronic.ch.		300	IN	DNSKEY	257 3 5 AwEAAeA1vzmjaB+eBAcvhzpKEgAEFpvQ1rg4uKDW6MsQtacKoqBpgyep2+LuWotz5p/xYxj3NGsArwN8Ad5cY0FHRr8miTT0elOv6nvlqGIfRuhj/BXAQ1x4ihpSFslHw0lJMYFwxsUZWpUyjWX/nv1xRZMMwF46gui0N4OEbyTYusCk77D+A71k+K0EAitFIbIH4GCUKmH1H7HmXhSVH9bN/n7KEGwW32lmsuuUcJoRKDkcUvbMXY/9Xoa2quERrUg/rBbDUHowRPjYDS5GzY1+f4YY8s40BufGiqyUTKKXL953MVFK8gmezXA0hbmrnZ7CBOw/7238mORAdzExaX8n7CE=
+ingotronic.ch.		300	IN	DNSKEY	256 3 5 AwEAAZ2Xh77GFzpEDx7EHYxShqltHgkiG+BOjBGifEmnJhQSdE5/yNSLFNcdhZZ8HUPxYnaedTqJcFFg4AzUsQklF/fECegTJdZjaj2WoL0/I8K7HMfY/hVuRZUWPNglYi8agJRX6gdkFTCpUNI7stpgKqxtzUJhhw15uG/lKMplwqUr
+ingotronic.ch.		300	IN	RRSIG	DNSKEY 5 2 300 20150125003700 20141226001657 6031 ingotronic.ch. rs1QlP2SlSpA2ELbzwg3DgWLzXWL3Lpv6CUJE2Q0qH2Zp7Qdy3cD+ZEtNh9v24Qv1M6JJ3zFt8mmZoCeW2ycuMbJCqBkW9CBuwF+VznZvZY2MxwPipvhvEEGP//0M8YAZJ66yQPDv3PTdAP8FYbIrJyvY44vwyncwbslpfHT9jAsrbfr3vuMuWps86dnP462q+0s1TxBfqi8mzo3gdavjHKWVNwohLahLKT+tWeu6DSzQv0YwMjwtkLgF7QRgx3ctIIkloOrnx9nHH1N6y+hxEB89fOlyVDjHhgL5uVtsD5fEdT0FJ2Gc/2nShEMMqIwr1/J9kUq1mNySff/uEe65Q==
+ingotronic.ch.		300	IN	RRSIG	DNSKEY 5 2 300 20150125003700 20141226001657 17430 ingotronic.ch. mEwZjhQqeWksWD0TCnNBrtce4YkWJL3edqL6PvAUu8Fn+Ih437kEs3+pqdkgRsdYQ9HW+lBm/8pWwJlNAv0bi9NykItXMwAUFtncgq+6Pnh3iAM972GXSa5VV4LcGQ5b8CBdHCHiEKDqyPv5Hr5QfYL/FQaWlcNRh4QZZlZNPFA=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 940 bytes
+
+###############################################
+
diff --git a/src/test/resources/recordings/org_xbill_DNS_dnssec_TestPositive/testValidExising b/src/test/resources/recordings/org_xbill_DNS_dnssec_TestPositive/testValidExising
new file mode 100644
index 000000000..bcd49eb7b
--- /dev/null
+++ b/src/test/resources/recordings/org_xbill_DNS_dnssec_TestPositive/testValidExising
@@ -0,0 +1,120 @@
+#Date: 2015-01-06T22:35:26+01:00
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 416
+;; flags: qr aa rd ra cd ; qd: 1 an: 2 au: 2 ad: 3 
+;; QUESTIONS:
+;;	www.ingotronic.ch., type = A, class = IN
+
+;; ANSWERS:
+www.ingotronic.ch.	300	IN	A	127.0.0.1
+www.ingotronic.ch.	300	IN	RRSIG	A 5 3 300 20150125012443 20141226010256 17430 ingotronic.ch. hkD2bkHZKHoJX8cg69j6l1JXE7iYlVFc0iMo3/3hcq4TqieiT2El/9DLfMSxa7XyB/HRDG5Ul61E56pwlCDdxkwemtAuTzjCpqAtvQ5l5OEtTM4i6nijKBkRRzHjh99qDI1jh9GFv3jkTk5m7iaMQemUB4VTjKGLcZHXvWmQLbg=
+
+;; AUTHORITY RECORDS:
+ingotronic.ch.		300	IN	NS	ns1.ingotronic.ch.
+ingotronic.ch.		300	IN	RRSIG	NS 5 2 300 20150125000532 20141225234703 17430 ingotronic.ch. VuzVJM3McSHlcdngCG/G23zCikq8tXE0CZV2ZSgUFXXFMIEoM6PMi1QRQ/8VF3tee4WGpRx2jhtkui0wFRFfwIhW7G1uPDT4qogaR3KLIyuCEsMxhRH3WJZNrLmLqlSBGvd9OBJwbmryqm3Zzqvrk+E+rh8OJeifnBBpHAX4eHg=
+
+;; ADDITIONAL RECORDS:
+ns1.ingotronic.ch.	300	IN	A	62.192.5.131
+ns1.ingotronic.ch.	300	IN	RRSIG	A 5 3 300 20150125005754 20141226001054 17430 ingotronic.ch. fNG1RZM53pXwBxruHNaSZszxVzNLoCq8VZsTjAzYH2vSLzHXYVGJFTLIeY0K9APAdyJU8WuwmABmn7XY0Kg39kRG77uoFlqUws2PdTz2QKOwJGZY7W88Ak2Y9lkDBcK8o3wJHVptrT8R7p/1U7UfjF0kqPUkakk2B0EbFWdagFg=
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 615 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 8443
+;; flags: qr rd ra ad cd ; qd: 1 an: 4 au: 0 ad: 1 
+;; QUESTIONS:
+;;	., type = DNSKEY, class = IN
+
+;; ANSWERS:
+.			87348	IN	DNSKEY	256 3 8 AwEAAaPD7Y7XIi1MOEREJNTrRhyqsY3gff6JWzg+XCbqut1sbcbvqyssHw8DT1AkRaAC92pO8xuyq5QEgEPL1IHfABLwpwXI5gTj4gdwi86bpkmlWs9fRpnn4DPDCTdrnxIejJXgClHikLJF3u3CdpNCMijq4CKdQbMlRZ3avv+G7rh7
+.			87348	IN	DNSKEY	257 3 8 AwEAAagAIKlVZrpC6Ia7gEzahOR+9W29euxhJhVVLOyQbSEW0O8gcCjFFVQUTf6v58fLjwBd0YI0EzrAcQqBGCzh/RStIoO8g0NfnfL2MTJRkxoXbfDaUeVPQuYEhg37NZWAJQ9VnMVDxP/VHL496M/QZxkjf5/Efucp2gaDX6RS6CXpoY68LsvPVjR0ZSwzz1apAzvN9dlzEheX7ICJBBtuA6G3LQpzW5hOA2hzCTMjJPJ8LbqF6dsV6DoBQzgul0sGIcGOYl7OyQdXfZ57relSQageu+ipAdTTJ25AsRTAoub8ONGcLmqrAmRLKBP1dfwhYB4N7knNnulqQxA+Uk1ihz0=
+.			87348	IN	DNSKEY	256 3 8 AwEAAe3fSrbLBy3LOS7pnxEUhvPZTE2H5dIGsI/UfruI/nOEvWWa/PSX2BFedBkEqOlYdjdNF2f+6lmfk2Od/xu0v5bVqxFE+/24v3hZSlWBxvXzPTAGHrbW/IJYEPqlzVOAS4XdUgHg0N7IbLywNHMvB+Yf+Nm6ctyXXFLV4WTNnzs7
+.			87348	IN	RRSIG	DNSKEY 8 0 172800 20150115235959 20150101000000 19036 . i8cAxD2pvQi1oAyvQxRpDfFlbqPzW+69QQEsDwE1eWOm5AtawO9U7lmsGps7sy/fVNvl1ljKBj4Djp9pb3U2FLogjiIlW0cDAkPmLlG9t+b/pjEfBNlhjANUVN06pvQVAfm+LcF26EaWT6FlISBqb6jSy4BHRa3Bdc4Sx7+pRSYSqVVvYxLkfAWsKPqGkvWhebJDndJJV9syXQXgZ+v/uJ+6XOS43xkAdeL8iBzIs/FlwMTfh3tVe3d0lb65IBBLlCzeQuetX+0Vu1YFcnD0mHc/wS2ZnAV5toAFmyVQBoY/XAZiZeaOkcROJ6Zmqezy7liwK7BqsYyAZntMhk8lbg==
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 883 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 57680
+;; flags: qr rd ra ad cd ; qd: 1 an: 2 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ch., type = DS, class = IN
+
+;; ANSWERS:
+ch.			948	IN	DS	46375 8 2 8F96646FC68BB7E4AF4C0750A6096FBC0D4ECDA3D3FA6DA06FDDB42EE50C6CF3
+ch.			948	IN	RRSIG	DS 8 1 86400 20150112170000 20150105160000 16665 . thY7xYWBBxiBjqbQIb9fAG4TmQgnziwM7q6P1T3/ITxmECdvOCQnnZA3uD7qmN8uM0HudsD7+y+zgD3rsH4RSTKdL4kHSI0OnCxToMTvklghEgFDezqIRm8NkWdI2H4Stwrj20nYKSpLQxPI2EE54gs18P3KyO8bAUYv8Qx73xU=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 238 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 6455
+;; flags: qr rd ra ad cd ; qd: 1 an: 4 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ch., type = DNSKEY, class = IN
+
+;; ANSWERS:
+ch.			948	IN	DNSKEY	256 3 8 AwEAAcsg0kY6fw1wzYMhSAKTy+Y2JzAst66P/1odp9NECJJHbU8f4nwziI3onoFSBV0ZiSZhY1aH5dhdDZ7BkrqhVXSrZPAz0CvzjIxmB1gSOf9DeZvjQvoy97HqYolxsf+B3QQv2RKBT67elF5+JisKg3/dQISelKn8LhabSoVrMlD1
+ch.			948	IN	DNSKEY	256 3 8 AwEAAcSLdT0fEmcFmLpeUkAJoeVaHKiu+nbuc43fWlqaCRVf8t2HA4uWxOk0O5ci9nrFTc8nq8oa5fk5Cj7CHh4yrX9qUCfTdIWTyp8BDEdJpS+Dyb0u9wQuVj+nQMj4fLzdQf4TJs3/qxuiLr3nL1UUwlhhXeqSqGVb7p3mtB5HJ8ad
+ch.			948	IN	DNSKEY	257 3 8 AwEAAb7GhhZ8IAy/AhwmSms5DeQK5ad09wIIplEpYoiAIYXPtJvT1ReFzyfTp/2YP+g/PWDwHPh4qKAHa9x0VgbIQcGAeNakmfkAdWEmCnca323/SAml3mwfaX62G7/uYWae5zh8QTxZKNd+K1yZ5x0IxnI31chSl5xymRbTEHYZDKwSIRFM3fTxUMt93WFaBVWELReYotJBr++rvAWdnlay5TPBTvheLBkaiqtgM4GP8HK07Y+86lsZnEsj5K3G1KTV5SPpa82rqYAwxG9VKbmSE/6/kBR5jJHjt1rRt5Oe7v18aEtw0YCEN4vxq+KuvMoNVqXUsE9LBwHJD+QNwi6wmB0=
+ch.			948	IN	RRSIG	DNSKEY 8 1 86400 20150127100909 20141212090909 46375 ch. bT8q0FWyeMH0SulNo6UdIIgZYNATwYsee2bikq2Gh339Bufma8eaqWIPYT3XKmxYPBFOw0bVl+kLZxTwbR1CFoCDXoP+qgQhh4mf9qkNiv2CDSc+0FE3FRREn+DAhYTUEuB58FPiPakFB8s8O7T+k2qhDae7jy4/y7Jl1lnjaBY8s7bzOUPhF0KKCNZmvoKwtL23ZdVeTSV1xM3jkiNnpzBKbcoSWECSGJVp1SE0BnRXdwQP41YTXFZ0310YjaTAUCC5qbMIWdEkHjfdSQtKBImnc85mkapq9w++XQ4zhauPWBtrPV3CcoCahjUaWdjrKVkibomlJZaN8MEO23CfQw==
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 893 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 45403
+;; flags: qr rd ra cd ; qd: 1 an: 3 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ingotronic.ch., type = DS, class = IN
+
+;; ANSWERS:
+ingotronic.ch.		3556	IN	DS	6031 5 1 733D0218B571CD617B1A7493564B9FC4F12ADE82
+ingotronic.ch.		3556	IN	DS	6031 5 2 4A948F2FDADA24686E473EDAC00DCF972584C75E3FAA92C2021B6221449FF87E
+ingotronic.ch.		3556	IN	RRSIG	DS 8 2 3600 20150129033614 20150105123019 60789 ch. rVPJP2HhzW7OkroK2axFj5Lb4iVWCH8Fp/Iq1rF952NDo72b8RiKje2RaAKJAGQ+wd0YgE+PAej04GCmkhlDJA/zvPeeTxuhy3HbJzReMlQ7fjyH+wW1hli+FuIYvogXWf7nO/9VyPORt8X/f/pjrOr3Vlj9sGLN8TGYpEuVSw4=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 288 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 5657
+;; flags: qr aa rd ra cd ; qd: 1 an: 4 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ingotronic.ch., type = DNSKEY, class = IN
+
+;; ANSWERS:
+ingotronic.ch.		300	IN	DNSKEY	257 3 5 AwEAAeA1vzmjaB+eBAcvhzpKEgAEFpvQ1rg4uKDW6MsQtacKoqBpgyep2+LuWotz5p/xYxj3NGsArwN8Ad5cY0FHRr8miTT0elOv6nvlqGIfRuhj/BXAQ1x4ihpSFslHw0lJMYFwxsUZWpUyjWX/nv1xRZMMwF46gui0N4OEbyTYusCk77D+A71k+K0EAitFIbIH4GCUKmH1H7HmXhSVH9bN/n7KEGwW32lmsuuUcJoRKDkcUvbMXY/9Xoa2quERrUg/rBbDUHowRPjYDS5GzY1+f4YY8s40BufGiqyUTKKXL953MVFK8gmezXA0hbmrnZ7CBOw/7238mORAdzExaX8n7CE=
+ingotronic.ch.		300	IN	DNSKEY	256 3 5 AwEAAZ2Xh77GFzpEDx7EHYxShqltHgkiG+BOjBGifEmnJhQSdE5/yNSLFNcdhZZ8HUPxYnaedTqJcFFg4AzUsQklF/fECegTJdZjaj2WoL0/I8K7HMfY/hVuRZUWPNglYi8agJRX6gdkFTCpUNI7stpgKqxtzUJhhw15uG/lKMplwqUr
+ingotronic.ch.		300	IN	RRSIG	DNSKEY 5 2 300 20150125003700 20141226001657 6031 ingotronic.ch. rs1QlP2SlSpA2ELbzwg3DgWLzXWL3Lpv6CUJE2Q0qH2Zp7Qdy3cD+ZEtNh9v24Qv1M6JJ3zFt8mmZoCeW2ycuMbJCqBkW9CBuwF+VznZvZY2MxwPipvhvEEGP//0M8YAZJ66yQPDv3PTdAP8FYbIrJyvY44vwyncwbslpfHT9jAsrbfr3vuMuWps86dnP462q+0s1TxBfqi8mzo3gdavjHKWVNwohLahLKT+tWeu6DSzQv0YwMjwtkLgF7QRgx3ctIIkloOrnx9nHH1N6y+hxEB89fOlyVDjHhgL5uVtsD5fEdT0FJ2Gc/2nShEMMqIwr1/J9kUq1mNySff/uEe65Q==
+ingotronic.ch.		300	IN	RRSIG	DNSKEY 5 2 300 20150125003700 20141226001657 17430 ingotronic.ch. mEwZjhQqeWksWD0TCnNBrtce4YkWJL3edqL6PvAUu8Fn+Ih437kEs3+pqdkgRsdYQ9HW+lBm/8pWwJlNAv0bi9NykItXMwAUFtncgq+6Pnh3iAM972GXSa5VV4LcGQ5b8CBdHCHiEKDqyPv5Hr5QfYL/FQaWlcNRh4QZZlZNPFA=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 940 bytes
+
+###############################################
+
diff --git a/src/test/resources/recordings/org_xbill_DNS_dnssec_TestPositive/testValidNonExising b/src/test/resources/recordings/org_xbill_DNS_dnssec_TestPositive/testValidNonExising
new file mode 100644
index 000000000..f6c12ddcd
--- /dev/null
+++ b/src/test/resources/recordings/org_xbill_DNS_dnssec_TestPositive/testValidNonExising
@@ -0,0 +1,128 @@
+#Date: 2015-01-06T22:35:26+01:00
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 17546
+;; flags: qr aa rd ra cd ; qd: 1 an: 12 au: 0 ad: 3 
+;; QUESTIONS:
+;;	ingotronic.ch., type = ANY, class = IN
+
+;; ANSWERS:
+ingotronic.ch.		300	IN	RRSIG	NSEC 5 2 300 20150125000532 20141225234703 17430 ingotronic.ch. en5BaZ6zWqEvoUFUDPm5g1pjz7THXBv/1kjKtV2tS+7xh0BtkLEzlA9n/H66ZZAX2EIh7vXj12xVJKOuEuM0o1mJwKsBaLQuTra60/zYAUIddwUOCzI3zzjiRFklPyHSnLkGoBODZcvehnsTzTPyBxkfoouleqpj7gN5jOSBL8M=
+ingotronic.ch.		300	IN	NSEC	alias.ingotronic.ch. A NS SOA RRSIG NSEC DNSKEY
+ingotronic.ch.		300	IN	SOA	ns1.ingotronic.ch. admin.ingotronic.ch. 2013032762 300 60 864000 300
+ingotronic.ch.		300	IN	NS	ns1.ingotronic.ch.
+ingotronic.ch.		300	IN	A	127.0.0.1
+ingotronic.ch.		300	IN	DNSKEY	257 3 5 AwEAAeA1vzmjaB+eBAcvhzpKEgAEFpvQ1rg4uKDW6MsQtacKoqBpgyep2+LuWotz5p/xYxj3NGsArwN8Ad5cY0FHRr8miTT0elOv6nvlqGIfRuhj/BXAQ1x4ihpSFslHw0lJMYFwxsUZWpUyjWX/nv1xRZMMwF46gui0N4OEbyTYusCk77D+A71k+K0EAitFIbIH4GCUKmH1H7HmXhSVH9bN/n7KEGwW32lmsuuUcJoRKDkcUvbMXY/9Xoa2quERrUg/rBbDUHowRPjYDS5GzY1+f4YY8s40BufGiqyUTKKXL953MVFK8gmezXA0hbmrnZ7CBOw/7238mORAdzExaX8n7CE=
+ingotronic.ch.		300	IN	DNSKEY	256 3 5 AwEAAZ2Xh77GFzpEDx7EHYxShqltHgkiG+BOjBGifEmnJhQSdE5/yNSLFNcdhZZ8HUPxYnaedTqJcFFg4AzUsQklF/fECegTJdZjaj2WoL0/I8K7HMfY/hVuRZUWPNglYi8agJRX6gdkFTCpUNI7stpgKqxtzUJhhw15uG/lKMplwqUr
+ingotronic.ch.		300	IN	RRSIG	DNSKEY 5 2 300 20150125003700 20141226001657 6031 ingotronic.ch. rs1QlP2SlSpA2ELbzwg3DgWLzXWL3Lpv6CUJE2Q0qH2Zp7Qdy3cD+ZEtNh9v24Qv1M6JJ3zFt8mmZoCeW2ycuMbJCqBkW9CBuwF+VznZvZY2MxwPipvhvEEGP//0M8YAZJ66yQPDv3PTdAP8FYbIrJyvY44vwyncwbslpfHT9jAsrbfr3vuMuWps86dnP462q+0s1TxBfqi8mzo3gdavjHKWVNwohLahLKT+tWeu6DSzQv0YwMjwtkLgF7QRgx3ctIIkloOrnx9nHH1N6y+hxEB89fOlyVDjHhgL5uVtsD5fEdT0FJ2Gc/2nShEMMqIwr1/J9kUq1mNySff/uEe65Q==
+ingotronic.ch.		300	IN	RRSIG	DNSKEY 5 2 300 20150125003700 20141226001657 17430 ingotronic.ch. mEwZjhQqeWksWD0TCnNBrtce4YkWJL3edqL6PvAUu8Fn+Ih437kEs3+pqdkgRsdYQ9HW+lBm/8pWwJlNAv0bi9NykItXMwAUFtncgq+6Pnh3iAM972GXSa5VV4LcGQ5b8CBdHCHiEKDqyPv5Hr5QfYL/FQaWlcNRh4QZZlZNPFA=
+ingotronic.ch.		300	IN	RRSIG	SOA 5 2 300 20150125021244 20141226011244 17430 ingotronic.ch. WDLpp9G0P/rlMBfpFn9sAfpEFoBnQfwyGSXbGCc/LG1FSkJoKLDQYDY696scLNsJgkrzZeJrl0oSSvA8AvRUhYRrmuqWMxTVFgYlRwPwqEMCKUqiVhKGVF4NYemoBiUQC4nJwBZd57xKCiF4AQ4CodBtiZxefJFAlTNE0g2yxtM=
+ingotronic.ch.		300	IN	RRSIG	A 5 2 300 20150125000532 20141225234703 17430 ingotronic.ch. GTY5ES29arEKcafghM9Ui3mdS+cS3vTtQ6ROJhCg5Lv+oaYMiMPhljJ1K5hF8r4Hpukc7ZyTf6bAez3/r2VlhMU5Q7qrx148sk63vgm8qaA3/78UKs3Fib1Z8D2fCmPHz3hmpKe/jtwX/nnyf5qhP7lpPy30QnjsjAD1xbQd1f8=
+ingotronic.ch.		300	IN	RRSIG	NS 5 2 300 20150125000532 20141225234703 17430 ingotronic.ch. VuzVJM3McSHlcdngCG/G23zCikq8tXE0CZV2ZSgUFXXFMIEoM6PMi1QRQ/8VF3tee4WGpRx2jhtkui0wFRFfwIhW7G1uPDT4qogaR3KLIyuCEsMxhRH3WJZNrLmLqlSBGvd9OBJwbmryqm3Zzqvrk+E+rh8OJeifnBBpHAX4eHg=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+ns1.ingotronic.ch.	300	IN	A	62.192.5.131
+ns1.ingotronic.ch.	300	IN	RRSIG	A 5 3 300 20150125005754 20141226001054 17430 ingotronic.ch. fNG1RZM53pXwBxruHNaSZszxVzNLoCq8VZsTjAzYH2vSLzHXYVGJFTLIeY0K9APAdyJU8WuwmABmn7XY0Kg39kRG77uoFlqUws2PdTz2QKOwJGZY7W88Ak2Y9lkDBcK8o3wJHVptrT8R7p/1U7UfjF0kqPUkakk2B0EbFWdagFg=
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 1939 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 35981
+;; flags: qr rd ra ad cd ; qd: 1 an: 4 au: 0 ad: 1 
+;; QUESTIONS:
+;;	., type = DNSKEY, class = IN
+
+;; ANSWERS:
+.			87347	IN	DNSKEY	256 3 8 AwEAAe3fSrbLBy3LOS7pnxEUhvPZTE2H5dIGsI/UfruI/nOEvWWa/PSX2BFedBkEqOlYdjdNF2f+6lmfk2Od/xu0v5bVqxFE+/24v3hZSlWBxvXzPTAGHrbW/IJYEPqlzVOAS4XdUgHg0N7IbLywNHMvB+Yf+Nm6ctyXXFLV4WTNnzs7
+.			87347	IN	DNSKEY	256 3 8 AwEAAaPD7Y7XIi1MOEREJNTrRhyqsY3gff6JWzg+XCbqut1sbcbvqyssHw8DT1AkRaAC92pO8xuyq5QEgEPL1IHfABLwpwXI5gTj4gdwi86bpkmlWs9fRpnn4DPDCTdrnxIejJXgClHikLJF3u3CdpNCMijq4CKdQbMlRZ3avv+G7rh7
+.			87347	IN	DNSKEY	257 3 8 AwEAAagAIKlVZrpC6Ia7gEzahOR+9W29euxhJhVVLOyQbSEW0O8gcCjFFVQUTf6v58fLjwBd0YI0EzrAcQqBGCzh/RStIoO8g0NfnfL2MTJRkxoXbfDaUeVPQuYEhg37NZWAJQ9VnMVDxP/VHL496M/QZxkjf5/Efucp2gaDX6RS6CXpoY68LsvPVjR0ZSwzz1apAzvN9dlzEheX7ICJBBtuA6G3LQpzW5hOA2hzCTMjJPJ8LbqF6dsV6DoBQzgul0sGIcGOYl7OyQdXfZ57relSQageu+ipAdTTJ25AsRTAoub8ONGcLmqrAmRLKBP1dfwhYB4N7knNnulqQxA+Uk1ihz0=
+.			87347	IN	RRSIG	DNSKEY 8 0 172800 20150115235959 20150101000000 19036 . i8cAxD2pvQi1oAyvQxRpDfFlbqPzW+69QQEsDwE1eWOm5AtawO9U7lmsGps7sy/fVNvl1ljKBj4Djp9pb3U2FLogjiIlW0cDAkPmLlG9t+b/pjEfBNlhjANUVN06pvQVAfm+LcF26EaWT6FlISBqb6jSy4BHRa3Bdc4Sx7+pRSYSqVVvYxLkfAWsKPqGkvWhebJDndJJV9syXQXgZ+v/uJ+6XOS43xkAdeL8iBzIs/FlwMTfh3tVe3d0lb65IBBLlCzeQuetX+0Vu1YFcnD0mHc/wS2ZnAV5toAFmyVQBoY/XAZiZeaOkcROJ6Zmqezy7liwK7BqsYyAZntMhk8lbg==
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 883 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 2430
+;; flags: qr rd ra ad cd ; qd: 1 an: 2 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ch., type = DS, class = IN
+
+;; ANSWERS:
+ch.			947	IN	DS	46375 8 2 8F96646FC68BB7E4AF4C0750A6096FBC0D4ECDA3D3FA6DA06FDDB42EE50C6CF3
+ch.			947	IN	RRSIG	DS 8 1 86400 20150112170000 20150105160000 16665 . thY7xYWBBxiBjqbQIb9fAG4TmQgnziwM7q6P1T3/ITxmECdvOCQnnZA3uD7qmN8uM0HudsD7+y+zgD3rsH4RSTKdL4kHSI0OnCxToMTvklghEgFDezqIRm8NkWdI2H4Stwrj20nYKSpLQxPI2EE54gs18P3KyO8bAUYv8Qx73xU=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 238 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 21918
+;; flags: qr rd ra ad cd ; qd: 1 an: 4 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ch., type = DNSKEY, class = IN
+
+;; ANSWERS:
+ch.			948	IN	DNSKEY	256 3 8 AwEAAcSLdT0fEmcFmLpeUkAJoeVaHKiu+nbuc43fWlqaCRVf8t2HA4uWxOk0O5ci9nrFTc8nq8oa5fk5Cj7CHh4yrX9qUCfTdIWTyp8BDEdJpS+Dyb0u9wQuVj+nQMj4fLzdQf4TJs3/qxuiLr3nL1UUwlhhXeqSqGVb7p3mtB5HJ8ad
+ch.			948	IN	DNSKEY	256 3 8 AwEAAcsg0kY6fw1wzYMhSAKTy+Y2JzAst66P/1odp9NECJJHbU8f4nwziI3onoFSBV0ZiSZhY1aH5dhdDZ7BkrqhVXSrZPAz0CvzjIxmB1gSOf9DeZvjQvoy97HqYolxsf+B3QQv2RKBT67elF5+JisKg3/dQISelKn8LhabSoVrMlD1
+ch.			948	IN	DNSKEY	257 3 8 AwEAAb7GhhZ8IAy/AhwmSms5DeQK5ad09wIIplEpYoiAIYXPtJvT1ReFzyfTp/2YP+g/PWDwHPh4qKAHa9x0VgbIQcGAeNakmfkAdWEmCnca323/SAml3mwfaX62G7/uYWae5zh8QTxZKNd+K1yZ5x0IxnI31chSl5xymRbTEHYZDKwSIRFM3fTxUMt93WFaBVWELReYotJBr++rvAWdnlay5TPBTvheLBkaiqtgM4GP8HK07Y+86lsZnEsj5K3G1KTV5SPpa82rqYAwxG9VKbmSE/6/kBR5jJHjt1rRt5Oe7v18aEtw0YCEN4vxq+KuvMoNVqXUsE9LBwHJD+QNwi6wmB0=
+ch.			948	IN	RRSIG	DNSKEY 8 1 86400 20150127100909 20141212090909 46375 ch. bT8q0FWyeMH0SulNo6UdIIgZYNATwYsee2bikq2Gh339Bufma8eaqWIPYT3XKmxYPBFOw0bVl+kLZxTwbR1CFoCDXoP+qgQhh4mf9qkNiv2CDSc+0FE3FRREn+DAhYTUEuB58FPiPakFB8s8O7T+k2qhDae7jy4/y7Jl1lnjaBY8s7bzOUPhF0KKCNZmvoKwtL23ZdVeTSV1xM3jkiNnpzBKbcoSWECSGJVp1SE0BnRXdwQP41YTXFZ0310YjaTAUCC5qbMIWdEkHjfdSQtKBImnc85mkapq9w++XQ4zhauPWBtrPV3CcoCahjUaWdjrKVkibomlJZaN8MEO23CfQw==
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 893 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 43744
+;; flags: qr rd ra cd ; qd: 1 an: 3 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ingotronic.ch., type = DS, class = IN
+
+;; ANSWERS:
+ingotronic.ch.		3556	IN	DS	6031 5 2 4A948F2FDADA24686E473EDAC00DCF972584C75E3FAA92C2021B6221449FF87E
+ingotronic.ch.		3556	IN	DS	6031 5 1 733D0218B571CD617B1A7493564B9FC4F12ADE82
+ingotronic.ch.		3556	IN	RRSIG	DS 8 2 3600 20150129033614 20150105123019 60789 ch. rVPJP2HhzW7OkroK2axFj5Lb4iVWCH8Fp/Iq1rF952NDo72b8RiKje2RaAKJAGQ+wd0YgE+PAej04GCmkhlDJA/zvPeeTxuhy3HbJzReMlQ7fjyH+wW1hli+FuIYvogXWf7nO/9VyPORt8X/f/pjrOr3Vlj9sGLN8TGYpEuVSw4=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 288 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 18065
+;; flags: qr aa rd ra cd ; qd: 1 an: 4 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ingotronic.ch., type = DNSKEY, class = IN
+
+;; ANSWERS:
+ingotronic.ch.		300	IN	DNSKEY	256 3 5 AwEAAZ2Xh77GFzpEDx7EHYxShqltHgkiG+BOjBGifEmnJhQSdE5/yNSLFNcdhZZ8HUPxYnaedTqJcFFg4AzUsQklF/fECegTJdZjaj2WoL0/I8K7HMfY/hVuRZUWPNglYi8agJRX6gdkFTCpUNI7stpgKqxtzUJhhw15uG/lKMplwqUr
+ingotronic.ch.		300	IN	DNSKEY	257 3 5 AwEAAeA1vzmjaB+eBAcvhzpKEgAEFpvQ1rg4uKDW6MsQtacKoqBpgyep2+LuWotz5p/xYxj3NGsArwN8Ad5cY0FHRr8miTT0elOv6nvlqGIfRuhj/BXAQ1x4ihpSFslHw0lJMYFwxsUZWpUyjWX/nv1xRZMMwF46gui0N4OEbyTYusCk77D+A71k+K0EAitFIbIH4GCUKmH1H7HmXhSVH9bN/n7KEGwW32lmsuuUcJoRKDkcUvbMXY/9Xoa2quERrUg/rBbDUHowRPjYDS5GzY1+f4YY8s40BufGiqyUTKKXL953MVFK8gmezXA0hbmrnZ7CBOw/7238mORAdzExaX8n7CE=
+ingotronic.ch.		300	IN	RRSIG	DNSKEY 5 2 300 20150125003700 20141226001657 6031 ingotronic.ch. rs1QlP2SlSpA2ELbzwg3DgWLzXWL3Lpv6CUJE2Q0qH2Zp7Qdy3cD+ZEtNh9v24Qv1M6JJ3zFt8mmZoCeW2ycuMbJCqBkW9CBuwF+VznZvZY2MxwPipvhvEEGP//0M8YAZJ66yQPDv3PTdAP8FYbIrJyvY44vwyncwbslpfHT9jAsrbfr3vuMuWps86dnP462q+0s1TxBfqi8mzo3gdavjHKWVNwohLahLKT+tWeu6DSzQv0YwMjwtkLgF7QRgx3ctIIkloOrnx9nHH1N6y+hxEB89fOlyVDjHhgL5uVtsD5fEdT0FJ2Gc/2nShEMMqIwr1/J9kUq1mNySff/uEe65Q==
+ingotronic.ch.		300	IN	RRSIG	DNSKEY 5 2 300 20150125003700 20141226001657 17430 ingotronic.ch. mEwZjhQqeWksWD0TCnNBrtce4YkWJL3edqL6PvAUu8Fn+Ih437kEs3+pqdkgRsdYQ9HW+lBm/8pWwJlNAv0bi9NykItXMwAUFtncgq+6Pnh3iAM972GXSa5VV4LcGQ5b8CBdHCHiEKDqyPv5Hr5QfYL/FQaWlcNRh4QZZlZNPFA=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 940 bytes
+
+###############################################
+
diff --git a/src/test/resources/recordings/org_xbill_DNS_dnssec_TestPriming/testDnskeyPrimeResponseWithEmptyAnswerIsBad b/src/test/resources/recordings/org_xbill_DNS_dnssec_TestPriming/testDnskeyPrimeResponseWithEmptyAnswerIsBad
new file mode 100644
index 000000000..42b6e2fa6
--- /dev/null
+++ b/src/test/resources/recordings/org_xbill_DNS_dnssec_TestPriming/testDnskeyPrimeResponseWithEmptyAnswerIsBad
@@ -0,0 +1,23 @@
+#Date: 2015-01-06T22:34:53+01:00
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 57078
+;; flags: qr aa rd ra cd ; qd: 1 an: 2 au: 2 ad: 3 
+;; QUESTIONS:
+;;	www.ingotronic.ch., type = A, class = IN
+
+;; ANSWERS:
+www.ingotronic.ch.	300	IN	A	127.0.0.1
+www.ingotronic.ch.	300	IN	RRSIG	A 5 3 300 20150125012443 20141226010256 17430 ingotronic.ch. hkD2bkHZKHoJX8cg69j6l1JXE7iYlVFc0iMo3/3hcq4TqieiT2El/9DLfMSxa7XyB/HRDG5Ul61E56pwlCDdxkwemtAuTzjCpqAtvQ5l5OEtTM4i6nijKBkRRzHjh99qDI1jh9GFv3jkTk5m7iaMQemUB4VTjKGLcZHXvWmQLbg=
+
+;; AUTHORITY RECORDS:
+ingotronic.ch.		300	IN	NS	ns1.ingotronic.ch.
+ingotronic.ch.		300	IN	RRSIG	NS 5 2 300 20150125000532 20141225234703 17430 ingotronic.ch. VuzVJM3McSHlcdngCG/G23zCikq8tXE0CZV2ZSgUFXXFMIEoM6PMi1QRQ/8VF3tee4WGpRx2jhtkui0wFRFfwIhW7G1uPDT4qogaR3KLIyuCEsMxhRH3WJZNrLmLqlSBGvd9OBJwbmryqm3Zzqvrk+E+rh8OJeifnBBpHAX4eHg=
+
+;; ADDITIONAL RECORDS:
+ns1.ingotronic.ch.	300	IN	A	62.192.5.131
+ns1.ingotronic.ch.	300	IN	RRSIG	A 5 3 300 20150125005754 20141226001054 17430 ingotronic.ch. fNG1RZM53pXwBxruHNaSZszxVzNLoCq8VZsTjAzYH2vSLzHXYVGJFTLIeY0K9APAdyJU8WuwmABmn7XY0Kg39kRG77uoFlqUws2PdTz2QKOwJGZY7W88Ak2Y9lkDBcK8o3wJHVptrT8R7p/1U7UfjF0kqPUkakk2B0EbFWdagFg=
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 615 bytes
+
+###############################################
+
diff --git a/src/test/resources/recordings/org_xbill_DNS_dnssec_TestPriming/testDnskeyPrimeResponseWithInvalidSignatureIsBad b/src/test/resources/recordings/org_xbill_DNS_dnssec_TestPriming/testDnskeyPrimeResponseWithInvalidSignatureIsBad
new file mode 100644
index 000000000..e9916759d
--- /dev/null
+++ b/src/test/resources/recordings/org_xbill_DNS_dnssec_TestPriming/testDnskeyPrimeResponseWithInvalidSignatureIsBad
@@ -0,0 +1,63 @@
+#Date: 2015-01-06T22:34:51+01:00
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 58452
+;; flags: qr rd ra ad cd ; qd: 1 an: 4 au: 0 ad: 1 
+;; QUESTIONS:
+;;	., type = DNSKEY, class = IN
+
+;; ANSWERS:
+.			87382	IN	DNSKEY	257 3 8 AwEAAagAIKlVZrpC6Ia7gEzahOR+9W29euxhJhVVLOyQbSEW0O8gcCjFFVQUTf6v58fLjwBd0YI0EzrAcQqBGCzh/RStIoO8g0NfnfL2MTJRkxoXbfDaUeVPQuYEhg37NZWAJQ9VnMVDxP/VHL496M/QZxkjf5/Efucp2gaDX6RS6CXpoY68LsvPVjR0ZSwzz1apAzvN9dlzEheX7ICJBBtuA6G3LQpzW5hOA2hzCTMjJPJ8LbqF6dsV6DoBQzgul0sGIcGOYl7OyQdXfZ57relSQageu+ipAdTTJ25AsRTAoub8ONGcLmqrAmRLKBP1dfwhYB4N7knNnulqQxA+Uk1ihz0=
+.			87382	IN	DNSKEY	256 3 8 AwEAAe3fSrbLBy3LOS7pnxEUhvPZTE2H5dIGsI/UfruI/nOEvWWa/PSX2BFedBkEqOlYdjdNF2f+6lmfk2Od/xu0v5bVqxFE+/24v3hZSlWBxvXzPTAGHrbW/IJYEPqlzVOAS4XdUgHg0N7IbLywNHMvB+Yf+Nm6ctyXXFLV4WTNnzs7
+.			87382	IN	DNSKEY	256 3 8 AwEAAaPD7Y7XIi1MOEREJNTrRhyqsY3gff6JWzg+XCbqut1sbcbvqyssHw8DT1AkRaAC92pO8xuyq5QEgEPL1IHfABLwpwXI5gTj4gdwi86bpkmlWs9fRpnn4DPDCTdrnxIejJXgClHikLJF3u3CdpNCMijq4CKdQbMlRZ3avv+G7rh7
+.			87382	IN	RRSIG	DNSKEY 8 0 172800 20150115235959 20150101000000 19036 . i8cAxD2pvQi1oAyvQxRpDfFlbqPzW+69QQEsDwE1eWOm5AtawO9U7lmsGps7sy/fVNvl1ljKBj4Djp9pb3U2FLogjiIlW0cDAkPmLlG9t+b/pjEfBNlhjANUVN06pvQVAfm+LcF26EaWT6FlISBqb6jSy4BHRa3Bdc4Sx7+pRSYSqVVvYxLkfAWsKPqGkvWhebJDndJJV9syXQXgZ+v/uJ+6XOS43xkAdeL8iBzIs/FlwMTfh3tVe3d0lb65IBBLlCzeQuetX+0Vu1YFcnD0mHc/wS2ZnAV5toAFmyVQBoY/XAZiZeaOkcROJ6Zmqezy7liwK7BqsYyAZntMhk8lbg==
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 883 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 30876
+;; flags: qr rd ra ad cd ; qd: 1 an: 4 au: 0 ad: 1 
+;; QUESTIONS:
+;;	., type = DNSKEY, class = IN
+
+;; ANSWERS:
+.			87382	IN	DNSKEY	256 3 8 AwEAAe3fSrbLBy3LOS7pnxEUhvPZTE2H5dIGsI/UfruI/nOEvWWa/PSX2BFedBkEqOlYdjdNF2f+6lmfk2Od/xu0v5bVqxFE+/24v3hZSlWBxvXzPTAGHrbW/IJYEPqlzVOAS4XdUgHg0N7IbLywNHMvB+Yf+Nm6ctyXXFLV4WTNnzs7
+.			87382	IN	DNSKEY	257 3 8 AwEAAagAIKlVZrpC6Ia7gEzahOR+9W29euxhJhVVLOyQbSEW0O8gcCjFFVQUTf6v58fLjwBd0YI0EzrAcQqBGCzh/RStIoO8g0NfnfL2MTJRkxoXbfDaUeVPQuYEhg37NZWAJQ9VnMVDxP/VHL496M/QZxkjf5/Efucp2gaDX6RS6CXpoY68LsvPVjR0ZSwzz1apAzvN9dlzEheX7ICJBBtuA6G3LQpzW5hOA2hzCTMjJPJ8LbqF6dsV6DoBQzgul0sGIcGOYl7OyQdXfZ57relSQageu+ipAdTTJ25AsRTAoub8ONGcLmqrAmRLKBP1dfwhYB4N7knNnulqQxA+Uk1ihz0=
+.			87382	IN	DNSKEY	256 3 8 AwEAAaPD7Y7XIi1MOEREJNTrRhyqsY3gff6JWzg+XCbqut1sbcbvqyssHw8DT1AkRaAC92pO8xuyq5QEgEPL1IHfABLwpwXI5gTj4gdwi86bpkmlWs9fRpnn4DPDCTdrnxIejJXgClHikLJF3u3CdpNCMijq4CKdQbMlRZ3avv+G7rh7
+.			87382	IN	RRSIG	DNSKEY 8 0 172800 20150115235959 20150101000000 19036 . i8cAxD2pvQi1oAyvQxRpDfFlbqPzW+69QQEsDwE1eWOm5AtawO9U7lmsGps7sy/fVNvl1ljKBj4Djp9pb3U2FLogjiIlW0cDAkPmLlG9t+b/pjEfBNlhjANUVN06pvQVAfm+LcF26EaWT6FlISBqb6jSy4BHRa3Bdc4Sx7+pRSYSqVVvYxLkfAWsKPqGkvWhebJDndJJV9syXQXgZ+v/uJ+6XOS43xkAdeL8iBzIs/FlwMTfh3tVe3d0lb65IBBLlCzeQuetX+0Vu1YFcnD0mHc/wS2ZnAV5toAFmyVQBoY/XAZiZeaOkcROJ6Zmqezy7liwK7BqsYyAZntMhk8lbg==
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 883 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 60920
+;; flags: qr aa rd ra cd ; qd: 1 an: 2 au: 2 ad: 3 
+;; QUESTIONS:
+;;	www.ingotronic.ch., type = A, class = IN
+
+;; ANSWERS:
+www.ingotronic.ch.	300	IN	A	127.0.0.1
+www.ingotronic.ch.	300	IN	RRSIG	A 5 3 300 20150125012443 20141226010256 17430 ingotronic.ch. hkD2bkHZKHoJX8cg69j6l1JXE7iYlVFc0iMo3/3hcq4TqieiT2El/9DLfMSxa7XyB/HRDG5Ul61E56pwlCDdxkwemtAuTzjCpqAtvQ5l5OEtTM4i6nijKBkRRzHjh99qDI1jh9GFv3jkTk5m7iaMQemUB4VTjKGLcZHXvWmQLbg=
+
+;; AUTHORITY RECORDS:
+ingotronic.ch.		300	IN	NS	ns1.ingotronic.ch.
+ingotronic.ch.		300	IN	RRSIG	NS 5 2 300 20150125000532 20141225234703 17430 ingotronic.ch. VuzVJM3McSHlcdngCG/G23zCikq8tXE0CZV2ZSgUFXXFMIEoM6PMi1QRQ/8VF3tee4WGpRx2jhtkui0wFRFfwIhW7G1uPDT4qogaR3KLIyuCEsMxhRH3WJZNrLmLqlSBGvd9OBJwbmryqm3Zzqvrk+E+rh8OJeifnBBpHAX4eHg=
+
+;; ADDITIONAL RECORDS:
+ns1.ingotronic.ch.	300	IN	A	62.192.5.131
+ns1.ingotronic.ch.	300	IN	RRSIG	A 5 3 300 20150125005754 20141226001054 17430 ingotronic.ch. fNG1RZM53pXwBxruHNaSZszxVzNLoCq8VZsTjAzYH2vSLzHXYVGJFTLIeY0K9APAdyJU8WuwmABmn7XY0Kg39kRG77uoFlqUws2PdTz2QKOwJGZY7W88Ak2Y9lkDBcK8o3wJHVptrT8R7p/1U7UfjF0kqPUkakk2B0EbFWdagFg=
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 615 bytes
+
+###############################################
+
diff --git a/src/test/resources/recordings/org_xbill_DNS_dnssec_TestPriming/testDnskeyPrimeResponseWithMismatchedAlgorithmIsBad b/src/test/resources/recordings/org_xbill_DNS_dnssec_TestPriming/testDnskeyPrimeResponseWithMismatchedAlgorithmIsBad
new file mode 100644
index 000000000..d9b90e6ce
--- /dev/null
+++ b/src/test/resources/recordings/org_xbill_DNS_dnssec_TestPriming/testDnskeyPrimeResponseWithMismatchedAlgorithmIsBad
@@ -0,0 +1,43 @@
+#Date: 2015-01-06T22:34:52+01:00
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 23439
+;; flags: qr aa rd ra cd ; qd: 1 an: 2 au: 2 ad: 3 
+;; QUESTIONS:
+;;	www.ingotronic.ch., type = A, class = IN
+
+;; ANSWERS:
+www.ingotronic.ch.	300	IN	A	127.0.0.1
+www.ingotronic.ch.	300	IN	RRSIG	A 5 3 300 20150125012443 20141226010256 17430 ingotronic.ch. hkD2bkHZKHoJX8cg69j6l1JXE7iYlVFc0iMo3/3hcq4TqieiT2El/9DLfMSxa7XyB/HRDG5Ul61E56pwlCDdxkwemtAuTzjCpqAtvQ5l5OEtTM4i6nijKBkRRzHjh99qDI1jh9GFv3jkTk5m7iaMQemUB4VTjKGLcZHXvWmQLbg=
+
+;; AUTHORITY RECORDS:
+ingotronic.ch.		300	IN	NS	ns1.ingotronic.ch.
+ingotronic.ch.		300	IN	RRSIG	NS 5 2 300 20150125000532 20141225234703 17430 ingotronic.ch. VuzVJM3McSHlcdngCG/G23zCikq8tXE0CZV2ZSgUFXXFMIEoM6PMi1QRQ/8VF3tee4WGpRx2jhtkui0wFRFfwIhW7G1uPDT4qogaR3KLIyuCEsMxhRH3WJZNrLmLqlSBGvd9OBJwbmryqm3Zzqvrk+E+rh8OJeifnBBpHAX4eHg=
+
+;; ADDITIONAL RECORDS:
+ns1.ingotronic.ch.	300	IN	A	62.192.5.131
+ns1.ingotronic.ch.	300	IN	RRSIG	A 5 3 300 20150125005754 20141226001054 17430 ingotronic.ch. fNG1RZM53pXwBxruHNaSZszxVzNLoCq8VZsTjAzYH2vSLzHXYVGJFTLIeY0K9APAdyJU8WuwmABmn7XY0Kg39kRG77uoFlqUws2PdTz2QKOwJGZY7W88Ak2Y9lkDBcK8o3wJHVptrT8R7p/1U7UfjF0kqPUkakk2B0EbFWdagFg=
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 615 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 59888
+;; flags: qr rd ra ad cd ; qd: 1 an: 4 au: 0 ad: 1 
+;; QUESTIONS:
+;;	., type = DNSKEY, class = IN
+
+;; ANSWERS:
+.			87381	IN	DNSKEY	256 3 8 AwEAAaPD7Y7XIi1MOEREJNTrRhyqsY3gff6JWzg+XCbqut1sbcbvqyssHw8DT1AkRaAC92pO8xuyq5QEgEPL1IHfABLwpwXI5gTj4gdwi86bpkmlWs9fRpnn4DPDCTdrnxIejJXgClHikLJF3u3CdpNCMijq4CKdQbMlRZ3avv+G7rh7
+.			87381	IN	DNSKEY	256 3 8 AwEAAe3fSrbLBy3LOS7pnxEUhvPZTE2H5dIGsI/UfruI/nOEvWWa/PSX2BFedBkEqOlYdjdNF2f+6lmfk2Od/xu0v5bVqxFE+/24v3hZSlWBxvXzPTAGHrbW/IJYEPqlzVOAS4XdUgHg0N7IbLywNHMvB+Yf+Nm6ctyXXFLV4WTNnzs7
+.			87381	IN	DNSKEY	257 3 8 AwEAAagAIKlVZrpC6Ia7gEzahOR+9W29euxhJhVVLOyQbSEW0O8gcCjFFVQUTf6v58fLjwBd0YI0EzrAcQqBGCzh/RStIoO8g0NfnfL2MTJRkxoXbfDaUeVPQuYEhg37NZWAJQ9VnMVDxP/VHL496M/QZxkjf5/Efucp2gaDX6RS6CXpoY68LsvPVjR0ZSwzz1apAzvN9dlzEheX7ICJBBtuA6G3LQpzW5hOA2hzCTMjJPJ8LbqF6dsV6DoBQzgul0sGIcGOYl7OyQdXfZ57relSQageu+ipAdTTJ25AsRTAoub8ONGcLmqrAmRLKBP1dfwhYB4N7knNnulqQxA+Uk1ihz0=
+.			87381	IN	RRSIG	DNSKEY 8 0 172800 20150115235959 20150101000000 19036 . i8cAxD2pvQi1oAyvQxRpDfFlbqPzW+69QQEsDwE1eWOm5AtawO9U7lmsGps7sy/fVNvl1ljKBj4Djp9pb3U2FLogjiIlW0cDAkPmLlG9t+b/pjEfBNlhjANUVN06pvQVAfm+LcF26EaWT6FlISBqb6jSy4BHRa3Bdc4Sx7+pRSYSqVVvYxLkfAWsKPqGkvWhebJDndJJV9syXQXgZ+v/uJ+6XOS43xkAdeL8iBzIs/FlwMTfh3tVe3d0lb65IBBLlCzeQuetX+0Vu1YFcnD0mHc/wS2ZnAV5toAFmyVQBoY/XAZiZeaOkcROJ6Zmqezy7liwK7BqsYyAZntMhk8lbg==
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 883 bytes
+
+###############################################
+
diff --git a/src/test/resources/recordings/org_xbill_DNS_dnssec_TestPriming/testDnskeyPrimeResponseWithMismatchedFootprintIsBad b/src/test/resources/recordings/org_xbill_DNS_dnssec_TestPriming/testDnskeyPrimeResponseWithMismatchedFootprintIsBad
new file mode 100644
index 000000000..9b1bb7e73
--- /dev/null
+++ b/src/test/resources/recordings/org_xbill_DNS_dnssec_TestPriming/testDnskeyPrimeResponseWithMismatchedFootprintIsBad
@@ -0,0 +1,43 @@
+#Date: 2015-01-06T22:34:51+01:00
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 42047
+;; flags: qr aa rd ra cd ; qd: 1 an: 2 au: 2 ad: 3 
+;; QUESTIONS:
+;;	www.ingotronic.ch., type = A, class = IN
+
+;; ANSWERS:
+www.ingotronic.ch.	300	IN	A	127.0.0.1
+www.ingotronic.ch.	300	IN	RRSIG	A 5 3 300 20150125012443 20141226010256 17430 ingotronic.ch. hkD2bkHZKHoJX8cg69j6l1JXE7iYlVFc0iMo3/3hcq4TqieiT2El/9DLfMSxa7XyB/HRDG5Ul61E56pwlCDdxkwemtAuTzjCpqAtvQ5l5OEtTM4i6nijKBkRRzHjh99qDI1jh9GFv3jkTk5m7iaMQemUB4VTjKGLcZHXvWmQLbg=
+
+;; AUTHORITY RECORDS:
+ingotronic.ch.		300	IN	NS	ns1.ingotronic.ch.
+ingotronic.ch.		300	IN	RRSIG	NS 5 2 300 20150125000532 20141225234703 17430 ingotronic.ch. VuzVJM3McSHlcdngCG/G23zCikq8tXE0CZV2ZSgUFXXFMIEoM6PMi1QRQ/8VF3tee4WGpRx2jhtkui0wFRFfwIhW7G1uPDT4qogaR3KLIyuCEsMxhRH3WJZNrLmLqlSBGvd9OBJwbmryqm3Zzqvrk+E+rh8OJeifnBBpHAX4eHg=
+
+;; ADDITIONAL RECORDS:
+ns1.ingotronic.ch.	300	IN	A	62.192.5.131
+ns1.ingotronic.ch.	300	IN	RRSIG	A 5 3 300 20150125005754 20141226001054 17430 ingotronic.ch. fNG1RZM53pXwBxruHNaSZszxVzNLoCq8VZsTjAzYH2vSLzHXYVGJFTLIeY0K9APAdyJU8WuwmABmn7XY0Kg39kRG77uoFlqUws2PdTz2QKOwJGZY7W88Ak2Y9lkDBcK8o3wJHVptrT8R7p/1U7UfjF0kqPUkakk2B0EbFWdagFg=
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 615 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 46248
+;; flags: qr rd ra ad cd ; qd: 1 an: 4 au: 0 ad: 1 
+;; QUESTIONS:
+;;	., type = DNSKEY, class = IN
+
+;; ANSWERS:
+.			87382	IN	DNSKEY	257 3 8 AwEAAagAIKlVZrpC6Ia7gEzahOR+9W29euxhJhVVLOyQbSEW0O8gcCjFFVQUTf6v58fLjwBd0YI0EzrAcQqBGCzh/RStIoO8g0NfnfL2MTJRkxoXbfDaUeVPQuYEhg37NZWAJQ9VnMVDxP/VHL496M/QZxkjf5/Efucp2gaDX6RS6CXpoY68LsvPVjR0ZSwzz1apAzvN9dlzEheX7ICJBBtuA6G3LQpzW5hOA2hzCTMjJPJ8LbqF6dsV6DoBQzgul0sGIcGOYl7OyQdXfZ57relSQageu+ipAdTTJ25AsRTAoub8ONGcLmqrAmRLKBP1dfwhYB4N7knNnulqQxA+Uk1ihz0=
+.			87382	IN	DNSKEY	256 3 8 AwEAAe3fSrbLBy3LOS7pnxEUhvPZTE2H5dIGsI/UfruI/nOEvWWa/PSX2BFedBkEqOlYdjdNF2f+6lmfk2Od/xu0v5bVqxFE+/24v3hZSlWBxvXzPTAGHrbW/IJYEPqlzVOAS4XdUgHg0N7IbLywNHMvB+Yf+Nm6ctyXXFLV4WTNnzs7
+.			87382	IN	DNSKEY	256 3 8 AwEAAaPD7Y7XIi1MOEREJNTrRhyqsY3gff6JWzg+XCbqut1sbcbvqyssHw8DT1AkRaAC92pO8xuyq5QEgEPL1IHfABLwpwXI5gTj4gdwi86bpkmlWs9fRpnn4DPDCTdrnxIejJXgClHikLJF3u3CdpNCMijq4CKdQbMlRZ3avv+G7rh7
+.			87382	IN	RRSIG	DNSKEY 8 0 172800 20150115235959 20150101000000 19036 . i8cAxD2pvQi1oAyvQxRpDfFlbqPzW+69QQEsDwE1eWOm5AtawO9U7lmsGps7sy/fVNvl1ljKBj4Djp9pb3U2FLogjiIlW0cDAkPmLlG9t+b/pjEfBNlhjANUVN06pvQVAfm+LcF26EaWT6FlISBqb6jSy4BHRa3Bdc4Sx7+pRSYSqVVvYxLkfAWsKPqGkvWhebJDndJJV9syXQXgZ+v/uJ+6XOS43xkAdeL8iBzIs/FlwMTfh3tVe3d0lb65IBBLlCzeQuetX+0Vu1YFcnD0mHc/wS2ZnAV5toAFmyVQBoY/XAZiZeaOkcROJ6Zmqezy7liwK7BqsYyAZntMhk8lbg==
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 883 bytes
+
+###############################################
+
diff --git a/src/test/resources/recordings/org_xbill_DNS_dnssec_TestPriming/testDnskeyPrimeResponseWithWeirdHashIsBad b/src/test/resources/recordings/org_xbill_DNS_dnssec_TestPriming/testDnskeyPrimeResponseWithWeirdHashIsBad
new file mode 100644
index 000000000..0550f9c8e
--- /dev/null
+++ b/src/test/resources/recordings/org_xbill_DNS_dnssec_TestPriming/testDnskeyPrimeResponseWithWeirdHashIsBad
@@ -0,0 +1,43 @@
+#Date: 2015-01-06T22:34:50+01:00
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 53507
+;; flags: qr aa rd ra cd ; qd: 1 an: 2 au: 2 ad: 3 
+;; QUESTIONS:
+;;	www.ingotronic.ch., type = A, class = IN
+
+;; ANSWERS:
+www.ingotronic.ch.	300	IN	A	127.0.0.1
+www.ingotronic.ch.	300	IN	RRSIG	A 5 3 300 20150125012443 20141226010256 17430 ingotronic.ch. hkD2bkHZKHoJX8cg69j6l1JXE7iYlVFc0iMo3/3hcq4TqieiT2El/9DLfMSxa7XyB/HRDG5Ul61E56pwlCDdxkwemtAuTzjCpqAtvQ5l5OEtTM4i6nijKBkRRzHjh99qDI1jh9GFv3jkTk5m7iaMQemUB4VTjKGLcZHXvWmQLbg=
+
+;; AUTHORITY RECORDS:
+ingotronic.ch.		300	IN	NS	ns1.ingotronic.ch.
+ingotronic.ch.		300	IN	RRSIG	NS 5 2 300 20150125000532 20141225234703 17430 ingotronic.ch. VuzVJM3McSHlcdngCG/G23zCikq8tXE0CZV2ZSgUFXXFMIEoM6PMi1QRQ/8VF3tee4WGpRx2jhtkui0wFRFfwIhW7G1uPDT4qogaR3KLIyuCEsMxhRH3WJZNrLmLqlSBGvd9OBJwbmryqm3Zzqvrk+E+rh8OJeifnBBpHAX4eHg=
+
+;; ADDITIONAL RECORDS:
+ns1.ingotronic.ch.	300	IN	A	62.192.5.131
+ns1.ingotronic.ch.	300	IN	RRSIG	A 5 3 300 20150125005754 20141226001054 17430 ingotronic.ch. fNG1RZM53pXwBxruHNaSZszxVzNLoCq8VZsTjAzYH2vSLzHXYVGJFTLIeY0K9APAdyJU8WuwmABmn7XY0Kg39kRG77uoFlqUws2PdTz2QKOwJGZY7W88Ak2Y9lkDBcK8o3wJHVptrT8R7p/1U7UfjF0kqPUkakk2B0EbFWdagFg=
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 615 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 31035
+;; flags: qr rd ra ad cd ; qd: 1 an: 4 au: 0 ad: 1 
+;; QUESTIONS:
+;;	., type = DNSKEY, class = IN
+
+;; ANSWERS:
+.			87383	IN	DNSKEY	257 3 8 AwEAAagAIKlVZrpC6Ia7gEzahOR+9W29euxhJhVVLOyQbSEW0O8gcCjFFVQUTf6v58fLjwBd0YI0EzrAcQqBGCzh/RStIoO8g0NfnfL2MTJRkxoXbfDaUeVPQuYEhg37NZWAJQ9VnMVDxP/VHL496M/QZxkjf5/Efucp2gaDX6RS6CXpoY68LsvPVjR0ZSwzz1apAzvN9dlzEheX7ICJBBtuA6G3LQpzW5hOA2hzCTMjJPJ8LbqF6dsV6DoBQzgul0sGIcGOYl7OyQdXfZ57relSQageu+ipAdTTJ25AsRTAoub8ONGcLmqrAmRLKBP1dfwhYB4N7knNnulqQxA+Uk1ihz0=
+.			87383	IN	DNSKEY	256 3 8 AwEAAaPD7Y7XIi1MOEREJNTrRhyqsY3gff6JWzg+XCbqut1sbcbvqyssHw8DT1AkRaAC92pO8xuyq5QEgEPL1IHfABLwpwXI5gTj4gdwi86bpkmlWs9fRpnn4DPDCTdrnxIejJXgClHikLJF3u3CdpNCMijq4CKdQbMlRZ3avv+G7rh7
+.			87383	IN	DNSKEY	256 3 8 AwEAAe3fSrbLBy3LOS7pnxEUhvPZTE2H5dIGsI/UfruI/nOEvWWa/PSX2BFedBkEqOlYdjdNF2f+6lmfk2Od/xu0v5bVqxFE+/24v3hZSlWBxvXzPTAGHrbW/IJYEPqlzVOAS4XdUgHg0N7IbLywNHMvB+Yf+Nm6ctyXXFLV4WTNnzs7
+.			87383	IN	RRSIG	DNSKEY 8 0 172800 20150115235959 20150101000000 19036 . i8cAxD2pvQi1oAyvQxRpDfFlbqPzW+69QQEsDwE1eWOm5AtawO9U7lmsGps7sy/fVNvl1ljKBj4Djp9pb3U2FLogjiIlW0cDAkPmLlG9t+b/pjEfBNlhjANUVN06pvQVAfm+LcF26EaWT6FlISBqb6jSy4BHRa3Bdc4Sx7+pRSYSqVVvYxLkfAWsKPqGkvWhebJDndJJV9syXQXgZ+v/uJ+6XOS43xkAdeL8iBzIs/FlwMTfh3tVe3d0lb65IBBLlCzeQuetX+0Vu1YFcnD0mHc/wS2ZnAV5toAFmyVQBoY/XAZiZeaOkcROJ6Zmqezy7liwK7BqsYyAZntMhk8lbg==
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 883 bytes
+
+###############################################
+
diff --git a/src/test/resources/recordings/org_xbill_DNS_dnssec_TestPriming/testDsNoDataWhenNsecIsFromChildApex b/src/test/resources/recordings/org_xbill_DNS_dnssec_TestPriming/testDsNoDataWhenNsecIsFromChildApex
new file mode 100644
index 000000000..a98526d0f
--- /dev/null
+++ b/src/test/resources/recordings/org_xbill_DNS_dnssec_TestPriming/testDsNoDataWhenNsecIsFromChildApex
@@ -0,0 +1,276 @@
+#Date: 2015-01-06T22:34:51+01:00
+;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 7434
+;; flags: qr aa rd ra cd ; qd: 1 an: 0 au: 4 ad: 1 
+;; QUESTIONS:
+;;	1.sub.ingotronic.ch., type = NSEC, class = IN
+
+;; ANSWERS:
+
+;; AUTHORITY RECORDS:
+sub.ingotronic.ch.	300	IN	SOA	ns1.ingotronic.ch. admin.ingotronic.ch. 2013032794 300 60 864000 300
+sub.ingotronic.ch.	300	IN	RRSIG	SOA 5 3 300 20150201081246 20150102071246 3600 sub.ingotronic.ch. iyj09Qcj7m6Eec8MbAZiQW0sPEzTCtrulsANwrkOvg6wMTcKZt+EDaGRxdp0+6PcAURD60WP5PdKojY2qqN0th49nxA02e7d8xqlYDlD4B3svbviaf16p5AT012mFQ7JUSNQMgkj/4HznmfQtvpKjX+GHvlCBKKXbBKPFXKu77w=
+sub.ingotronic.ch.	300	IN	NSEC	alias.sub.ingotronic.ch. A NS SOA RRSIG NSEC DNSKEY
+sub.ingotronic.ch.	300	IN	RRSIG	NSEC 5 3 300 20150201075325 20150102071246 3600 sub.ingotronic.ch. Mm93ERE64aeLL7go+Dc0oamkdUWUAFe0zWDP1yYv1Zo+bVlk8WPxGdaT7soi/42qJZ27KMuYJBDgyy2GaapMbTgtLUcIwIp8fCtweVwoOSMs4jHCCmGNX6imjQR/xzx9Df0xYBYJNm3glN8qawn06tgpiG9zOqIQUcURr2E5lbo=
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 494 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 39413
+;; flags: qr rd ra ad cd ; qd: 1 an: 4 au: 0 ad: 1 
+;; QUESTIONS:
+;;	., type = DNSKEY, class = IN
+
+;; ANSWERS:
+.			87382	IN	DNSKEY	256 3 8 AwEAAaPD7Y7XIi1MOEREJNTrRhyqsY3gff6JWzg+XCbqut1sbcbvqyssHw8DT1AkRaAC92pO8xuyq5QEgEPL1IHfABLwpwXI5gTj4gdwi86bpkmlWs9fRpnn4DPDCTdrnxIejJXgClHikLJF3u3CdpNCMijq4CKdQbMlRZ3avv+G7rh7
+.			87382	IN	DNSKEY	257 3 8 AwEAAagAIKlVZrpC6Ia7gEzahOR+9W29euxhJhVVLOyQbSEW0O8gcCjFFVQUTf6v58fLjwBd0YI0EzrAcQqBGCzh/RStIoO8g0NfnfL2MTJRkxoXbfDaUeVPQuYEhg37NZWAJQ9VnMVDxP/VHL496M/QZxkjf5/Efucp2gaDX6RS6CXpoY68LsvPVjR0ZSwzz1apAzvN9dlzEheX7ICJBBtuA6G3LQpzW5hOA2hzCTMjJPJ8LbqF6dsV6DoBQzgul0sGIcGOYl7OyQdXfZ57relSQageu+ipAdTTJ25AsRTAoub8ONGcLmqrAmRLKBP1dfwhYB4N7knNnulqQxA+Uk1ihz0=
+.			87382	IN	DNSKEY	256 3 8 AwEAAe3fSrbLBy3LOS7pnxEUhvPZTE2H5dIGsI/UfruI/nOEvWWa/PSX2BFedBkEqOlYdjdNF2f+6lmfk2Od/xu0v5bVqxFE+/24v3hZSlWBxvXzPTAGHrbW/IJYEPqlzVOAS4XdUgHg0N7IbLywNHMvB+Yf+Nm6ctyXXFLV4WTNnzs7
+.			87382	IN	RRSIG	DNSKEY 8 0 172800 20150115235959 20150101000000 19036 . i8cAxD2pvQi1oAyvQxRpDfFlbqPzW+69QQEsDwE1eWOm5AtawO9U7lmsGps7sy/fVNvl1ljKBj4Djp9pb3U2FLogjiIlW0cDAkPmLlG9t+b/pjEfBNlhjANUVN06pvQVAfm+LcF26EaWT6FlISBqb6jSy4BHRa3Bdc4Sx7+pRSYSqVVvYxLkfAWsKPqGkvWhebJDndJJV9syXQXgZ+v/uJ+6XOS43xkAdeL8iBzIs/FlwMTfh3tVe3d0lb65IBBLlCzeQuetX+0Vu1YFcnD0mHc/wS2ZnAV5toAFmyVQBoY/XAZiZeaOkcROJ6Zmqezy7liwK7BqsYyAZntMhk8lbg==
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 883 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 409
+;; flags: qr rd ra ad cd ; qd: 1 an: 2 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ch., type = DS, class = IN
+
+;; ANSWERS:
+ch.			982	IN	DS	46375 8 2 8F96646FC68BB7E4AF4C0750A6096FBC0D4ECDA3D3FA6DA06FDDB42EE50C6CF3
+ch.			982	IN	RRSIG	DS 8 1 86400 20150112170000 20150105160000 16665 . thY7xYWBBxiBjqbQIb9fAG4TmQgnziwM7q6P1T3/ITxmECdvOCQnnZA3uD7qmN8uM0HudsD7+y+zgD3rsH4RSTKdL4kHSI0OnCxToMTvklghEgFDezqIRm8NkWdI2H4Stwrj20nYKSpLQxPI2EE54gs18P3KyO8bAUYv8Qx73xU=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 238 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 55860
+;; flags: qr rd ra ad cd ; qd: 1 an: 4 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ch., type = DNSKEY, class = IN
+
+;; ANSWERS:
+ch.			983	IN	DNSKEY	256 3 8 AwEAAcSLdT0fEmcFmLpeUkAJoeVaHKiu+nbuc43fWlqaCRVf8t2HA4uWxOk0O5ci9nrFTc8nq8oa5fk5Cj7CHh4yrX9qUCfTdIWTyp8BDEdJpS+Dyb0u9wQuVj+nQMj4fLzdQf4TJs3/qxuiLr3nL1UUwlhhXeqSqGVb7p3mtB5HJ8ad
+ch.			983	IN	DNSKEY	256 3 8 AwEAAcsg0kY6fw1wzYMhSAKTy+Y2JzAst66P/1odp9NECJJHbU8f4nwziI3onoFSBV0ZiSZhY1aH5dhdDZ7BkrqhVXSrZPAz0CvzjIxmB1gSOf9DeZvjQvoy97HqYolxsf+B3QQv2RKBT67elF5+JisKg3/dQISelKn8LhabSoVrMlD1
+ch.			983	IN	DNSKEY	257 3 8 AwEAAb7GhhZ8IAy/AhwmSms5DeQK5ad09wIIplEpYoiAIYXPtJvT1ReFzyfTp/2YP+g/PWDwHPh4qKAHa9x0VgbIQcGAeNakmfkAdWEmCnca323/SAml3mwfaX62G7/uYWae5zh8QTxZKNd+K1yZ5x0IxnI31chSl5xymRbTEHYZDKwSIRFM3fTxUMt93WFaBVWELReYotJBr++rvAWdnlay5TPBTvheLBkaiqtgM4GP8HK07Y+86lsZnEsj5K3G1KTV5SPpa82rqYAwxG9VKbmSE/6/kBR5jJHjt1rRt5Oe7v18aEtw0YCEN4vxq+KuvMoNVqXUsE9LBwHJD+QNwi6wmB0=
+ch.			983	IN	RRSIG	DNSKEY 8 1 86400 20150127100909 20141212090909 46375 ch. bT8q0FWyeMH0SulNo6UdIIgZYNATwYsee2bikq2Gh339Bufma8eaqWIPYT3XKmxYPBFOw0bVl+kLZxTwbR1CFoCDXoP+qgQhh4mf9qkNiv2CDSc+0FE3FRREn+DAhYTUEuB58FPiPakFB8s8O7T+k2qhDae7jy4/y7Jl1lnjaBY8s7bzOUPhF0KKCNZmvoKwtL23ZdVeTSV1xM3jkiNnpzBKbcoSWECSGJVp1SE0BnRXdwQP41YTXFZ0310YjaTAUCC5qbMIWdEkHjfdSQtKBImnc85mkapq9w++XQ4zhauPWBtrPV3CcoCahjUaWdjrKVkibomlJZaN8MEO23CfQw==
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 893 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 32310
+;; flags: qr rd ra cd ; qd: 1 an: 3 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ingotronic.ch., type = DS, class = IN
+
+;; ANSWERS:
+ingotronic.ch.		3591	IN	DS	6031 5 1 733D0218B571CD617B1A7493564B9FC4F12ADE82
+ingotronic.ch.		3591	IN	DS	6031 5 2 4A948F2FDADA24686E473EDAC00DCF972584C75E3FAA92C2021B6221449FF87E
+ingotronic.ch.		3591	IN	RRSIG	DS 8 2 3600 20150129033614 20150105123019 60789 ch. rVPJP2HhzW7OkroK2axFj5Lb4iVWCH8Fp/Iq1rF952NDo72b8RiKje2RaAKJAGQ+wd0YgE+PAej04GCmkhlDJA/zvPeeTxuhy3HbJzReMlQ7fjyH+wW1hli+FuIYvogXWf7nO/9VyPORt8X/f/pjrOr3Vlj9sGLN8TGYpEuVSw4=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 288 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 23793
+;; flags: qr aa rd ra cd ; qd: 1 an: 4 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ingotronic.ch., type = DNSKEY, class = IN
+
+;; ANSWERS:
+ingotronic.ch.		300	IN	DNSKEY	256 3 5 AwEAAZ2Xh77GFzpEDx7EHYxShqltHgkiG+BOjBGifEmnJhQSdE5/yNSLFNcdhZZ8HUPxYnaedTqJcFFg4AzUsQklF/fECegTJdZjaj2WoL0/I8K7HMfY/hVuRZUWPNglYi8agJRX6gdkFTCpUNI7stpgKqxtzUJhhw15uG/lKMplwqUr
+ingotronic.ch.		300	IN	DNSKEY	257 3 5 AwEAAeA1vzmjaB+eBAcvhzpKEgAEFpvQ1rg4uKDW6MsQtacKoqBpgyep2+LuWotz5p/xYxj3NGsArwN8Ad5cY0FHRr8miTT0elOv6nvlqGIfRuhj/BXAQ1x4ihpSFslHw0lJMYFwxsUZWpUyjWX/nv1xRZMMwF46gui0N4OEbyTYusCk77D+A71k+K0EAitFIbIH4GCUKmH1H7HmXhSVH9bN/n7KEGwW32lmsuuUcJoRKDkcUvbMXY/9Xoa2quERrUg/rBbDUHowRPjYDS5GzY1+f4YY8s40BufGiqyUTKKXL953MVFK8gmezXA0hbmrnZ7CBOw/7238mORAdzExaX8n7CE=
+ingotronic.ch.		300	IN	RRSIG	DNSKEY 5 2 300 20150125003700 20141226001657 6031 ingotronic.ch. rs1QlP2SlSpA2ELbzwg3DgWLzXWL3Lpv6CUJE2Q0qH2Zp7Qdy3cD+ZEtNh9v24Qv1M6JJ3zFt8mmZoCeW2ycuMbJCqBkW9CBuwF+VznZvZY2MxwPipvhvEEGP//0M8YAZJ66yQPDv3PTdAP8FYbIrJyvY44vwyncwbslpfHT9jAsrbfr3vuMuWps86dnP462q+0s1TxBfqi8mzo3gdavjHKWVNwohLahLKT+tWeu6DSzQv0YwMjwtkLgF7QRgx3ctIIkloOrnx9nHH1N6y+hxEB89fOlyVDjHhgL5uVtsD5fEdT0FJ2Gc/2nShEMMqIwr1/J9kUq1mNySff/uEe65Q==
+ingotronic.ch.		300	IN	RRSIG	DNSKEY 5 2 300 20150125003700 20141226001657 17430 ingotronic.ch. mEwZjhQqeWksWD0TCnNBrtce4YkWJL3edqL6PvAUu8Fn+Ih437kEs3+pqdkgRsdYQ9HW+lBm/8pWwJlNAv0bi9NykItXMwAUFtncgq+6Pnh3iAM972GXSa5VV4LcGQ5b8CBdHCHiEKDqyPv5Hr5QfYL/FQaWlcNRh4QZZlZNPFA=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 940 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 49730
+;; flags: qr aa rd ra cd ; qd: 1 an: 3 au: 0 ad: 1 
+;; QUESTIONS:
+;;	sub.ingotronic.ch., type = DS, class = IN
+
+;; ANSWERS:
+sub.ingotronic.ch.	300	IN	DS	42976 5 1 E638863370B9DE424C31CA03B99CCED96027B88C
+sub.ingotronic.ch.	300	IN	DS	42976 5 2 C54339C4B4EAACF8643D8FAE6C57836F8207F8D82088F1C51AF100123D2A42EF
+sub.ingotronic.ch.	300	IN	RRSIG	DS 5 3 300 20150125004144 20141226003211 17430 ingotronic.ch. m1gkZjYlA6aeCibofiRybFhOLgRvP+UG5nzWjH4yfzjPnfODRqo8TkEbRc1wUS1etARSq9TrsCjlWSKdn3JBdQfi0uGa27lLproj6oHi1+enh+OKIjFRxScP1bPPcbCALRFOeIp9JA1TEAGsyn+pWSwRF/wpEfrTTbOj94tsxX0=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 303 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 52421
+;; flags: qr aa rd ra cd ; qd: 1 an: 4 au: 0 ad: 1 
+;; QUESTIONS:
+;;	sub.ingotronic.ch., type = DNSKEY, class = IN
+
+;; ANSWERS:
+sub.ingotronic.ch.	300	IN	DNSKEY	257 3 5 AwEAAbVAfHflzOy0uICze0QDBfbrZrU1UN1LNc5D987u8qhP9Vz2pd4yb3rSLOuH9hG7ouAkI63qmtmq6TP71jRXyHr4F9/ZbD3hzhCkyXdo+KaPO70VXWtdIZUom5WuA92pzTB/WuiaWJ217SUeRXU9e4NwrpbDINd6sXcb+sBEFDRt0d/VbwAxa7vo8fl5qOmr/PzD7FoKFTnTWTfUduRsHMdlyYY+j8JfikDdTdeRuYuHzUCO3q3BcUEHrBnKE87JtEM0TQnDSe9OaLFxYARq+LMdHY2P/OZP8nWStSnB8d3E7Sc/FEOQZ9xKkmh1japxgoStjcnBKvz53DmwIXcvcRc=
+sub.ingotronic.ch.	300	IN	DNSKEY	256 3 5 AwEAAcsnnxVGj8qUAxBox/LKOrpdJG0S8Zfn/mMl+f52Odke62Et5blo+jrbXiOWa6+AlASOMYprqpaZ32b16UvtsuqruErqwy+M427TVTmG6LXEDe7rCNrJF0tIesQpwkA8WjlTRE2bcVHTwARL//smGhTlE9WTPAQGDdXyTUWYr1rX
+sub.ingotronic.ch.	300	IN	RRSIG	DNSKEY 5 3 300 20150131230442 20150101222529 3600 sub.ingotronic.ch. mPYA7Wo+MdzLLleV32ZvynRVzdnL97XgGqzeUPiI7LSXfaSEOtpoE3GeosbLIjGmZ42wLTYOXWm4YS/Mb9ctQGuNPQRMgQbVPkv/aOO6tX+Vqq1XJkKgdb7dRdvvs4jzjIOH/a++OpUy0EBKKioAkwKCrcTNqLkRQ0IkTyoaaCA=
+sub.ingotronic.ch.	300	IN	RRSIG	DNSKEY 5 3 300 20150131230442 20150101222529 42976 sub.ingotronic.ch. Z2/JMubvx8hgfIzmvmXVSfe/qCbZZ3XlJsj3ZrAa8+izrRODKYrGVOtJ+ONPOwid6NQN40yizJoxNFfvkDDqUiZJO6vpb9FmStj034RD1hfC/7qsLoCdOLkLoQwrQDoYTIwLywpsduCW83JzbGBzzCkC9+aoFPVXIkcGUqoQCdYB5OXzF9/2uWq8tD7AQ6t5MzPeMJC+VcNOjqBPRkunl27yUreNt1Nb65C38S72DAJNzAZIZqj1A8jZ6tk0fdixmZ+KWelP8S9SW2TpeGxwJ4kbHJJ+vSo7dkqRtnIYv4GPW6Xp3GH1oErTMGeqp9mquQ6n6jWP6ejlwc6puMxjNQ==
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 952 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 31198
+;; flags: qr aa rd ra cd ; qd: 1 an: 2 au: 2 ad: 3 
+;; QUESTIONS:
+;;	sub.ingotronic.ch., type = A, class = IN
+
+;; ANSWERS:
+sub.ingotronic.ch.	300	IN	A	127.0.0.1
+sub.ingotronic.ch.	300	IN	RRSIG	A 5 3 300 20150131215757 20150101212100 3600 sub.ingotronic.ch. n5sXfpaxmFD6fFEvMEW+DwUJSP3yshFzkbc6idvWENf2b7F90jp093w4y0YkYsG5fWroQvHCJAMnXbawOEfFWquLhVJc8HHvZDXUeQb55rFYg8qYd1fOoP7/Z5hbwBNLSCGn3JPjCRXVfnEa58lKARgr+KZ1gqI/2Dm+jOoZ2Uc=
+
+;; AUTHORITY RECORDS:
+sub.ingotronic.ch.	300	IN	NS	ns1.ingotronic.ch.
+sub.ingotronic.ch.	300	IN	RRSIG	NS 5 3 300 20150131215757 20150101212100 3600 sub.ingotronic.ch. sXlfjCvwDECHOum9PfpnP+/d7A1MntO1H4jYBpsFvQru3YoR02TghQhoReszEeds39AUWJFT8u9Bk+OrKUS+Ubi6i+wbaiKFpoRHdzWDN3YFu3flRx+2chdVl9KkGywcYBi2j51iDWjKbWoCE3E1t7OoA/DBqSACyeLLsolagpY=
+
+;; ADDITIONAL RECORDS:
+ns1.ingotronic.ch.	300	IN	A	62.192.5.131
+ns1.ingotronic.ch.	300	IN	RRSIG	A 5 3 300 20150125005754 20141226001054 17430 ingotronic.ch. fNG1RZM53pXwBxruHNaSZszxVzNLoCq8VZsTjAzYH2vSLzHXYVGJFTLIeY0K9APAdyJU8WuwmABmn7XY0Kg39kRG77uoFlqUws2PdTz2QKOwJGZY7W88Ak2Y9lkDBcK8o3wJHVptrT8R7p/1U7UfjF0kqPUkakk2B0EbFWdagFg=
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 623 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 12532
+;; flags: qr rd ra ad cd ; qd: 1 an: 4 au: 0 ad: 1 
+;; QUESTIONS:
+;;	., type = DNSKEY, class = IN
+
+;; ANSWERS:
+.			87382	IN	DNSKEY	257 3 8 AwEAAagAIKlVZrpC6Ia7gEzahOR+9W29euxhJhVVLOyQbSEW0O8gcCjFFVQUTf6v58fLjwBd0YI0EzrAcQqBGCzh/RStIoO8g0NfnfL2MTJRkxoXbfDaUeVPQuYEhg37NZWAJQ9VnMVDxP/VHL496M/QZxkjf5/Efucp2gaDX6RS6CXpoY68LsvPVjR0ZSwzz1apAzvN9dlzEheX7ICJBBtuA6G3LQpzW5hOA2hzCTMjJPJ8LbqF6dsV6DoBQzgul0sGIcGOYl7OyQdXfZ57relSQageu+ipAdTTJ25AsRTAoub8ONGcLmqrAmRLKBP1dfwhYB4N7knNnulqQxA+Uk1ihz0=
+.			87382	IN	DNSKEY	256 3 8 AwEAAaPD7Y7XIi1MOEREJNTrRhyqsY3gff6JWzg+XCbqut1sbcbvqyssHw8DT1AkRaAC92pO8xuyq5QEgEPL1IHfABLwpwXI5gTj4gdwi86bpkmlWs9fRpnn4DPDCTdrnxIejJXgClHikLJF3u3CdpNCMijq4CKdQbMlRZ3avv+G7rh7
+.			87382	IN	DNSKEY	256 3 8 AwEAAe3fSrbLBy3LOS7pnxEUhvPZTE2H5dIGsI/UfruI/nOEvWWa/PSX2BFedBkEqOlYdjdNF2f+6lmfk2Od/xu0v5bVqxFE+/24v3hZSlWBxvXzPTAGHrbW/IJYEPqlzVOAS4XdUgHg0N7IbLywNHMvB+Yf+Nm6ctyXXFLV4WTNnzs7
+.			87382	IN	RRSIG	DNSKEY 8 0 172800 20150115235959 20150101000000 19036 . i8cAxD2pvQi1oAyvQxRpDfFlbqPzW+69QQEsDwE1eWOm5AtawO9U7lmsGps7sy/fVNvl1ljKBj4Djp9pb3U2FLogjiIlW0cDAkPmLlG9t+b/pjEfBNlhjANUVN06pvQVAfm+LcF26EaWT6FlISBqb6jSy4BHRa3Bdc4Sx7+pRSYSqVVvYxLkfAWsKPqGkvWhebJDndJJV9syXQXgZ+v/uJ+6XOS43xkAdeL8iBzIs/FlwMTfh3tVe3d0lb65IBBLlCzeQuetX+0Vu1YFcnD0mHc/wS2ZnAV5toAFmyVQBoY/XAZiZeaOkcROJ6Zmqezy7liwK7BqsYyAZntMhk8lbg==
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 883 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 27836
+;; flags: qr rd ra ad cd ; qd: 1 an: 2 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ch., type = DS, class = IN
+
+;; ANSWERS:
+ch.			982	IN	DS	46375 8 2 8F96646FC68BB7E4AF4C0750A6096FBC0D4ECDA3D3FA6DA06FDDB42EE50C6CF3
+ch.			982	IN	RRSIG	DS 8 1 86400 20150112170000 20150105160000 16665 . thY7xYWBBxiBjqbQIb9fAG4TmQgnziwM7q6P1T3/ITxmECdvOCQnnZA3uD7qmN8uM0HudsD7+y+zgD3rsH4RSTKdL4kHSI0OnCxToMTvklghEgFDezqIRm8NkWdI2H4Stwrj20nYKSpLQxPI2EE54gs18P3KyO8bAUYv8Qx73xU=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 238 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 39901
+;; flags: qr rd ra ad cd ; qd: 1 an: 4 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ch., type = DNSKEY, class = IN
+
+;; ANSWERS:
+ch.			983	IN	DNSKEY	256 3 8 AwEAAcSLdT0fEmcFmLpeUkAJoeVaHKiu+nbuc43fWlqaCRVf8t2HA4uWxOk0O5ci9nrFTc8nq8oa5fk5Cj7CHh4yrX9qUCfTdIWTyp8BDEdJpS+Dyb0u9wQuVj+nQMj4fLzdQf4TJs3/qxuiLr3nL1UUwlhhXeqSqGVb7p3mtB5HJ8ad
+ch.			983	IN	DNSKEY	256 3 8 AwEAAcsg0kY6fw1wzYMhSAKTy+Y2JzAst66P/1odp9NECJJHbU8f4nwziI3onoFSBV0ZiSZhY1aH5dhdDZ7BkrqhVXSrZPAz0CvzjIxmB1gSOf9DeZvjQvoy97HqYolxsf+B3QQv2RKBT67elF5+JisKg3/dQISelKn8LhabSoVrMlD1
+ch.			983	IN	DNSKEY	257 3 8 AwEAAb7GhhZ8IAy/AhwmSms5DeQK5ad09wIIplEpYoiAIYXPtJvT1ReFzyfTp/2YP+g/PWDwHPh4qKAHa9x0VgbIQcGAeNakmfkAdWEmCnca323/SAml3mwfaX62G7/uYWae5zh8QTxZKNd+K1yZ5x0IxnI31chSl5xymRbTEHYZDKwSIRFM3fTxUMt93WFaBVWELReYotJBr++rvAWdnlay5TPBTvheLBkaiqtgM4GP8HK07Y+86lsZnEsj5K3G1KTV5SPpa82rqYAwxG9VKbmSE/6/kBR5jJHjt1rRt5Oe7v18aEtw0YCEN4vxq+KuvMoNVqXUsE9LBwHJD+QNwi6wmB0=
+ch.			983	IN	RRSIG	DNSKEY 8 1 86400 20150127100909 20141212090909 46375 ch. bT8q0FWyeMH0SulNo6UdIIgZYNATwYsee2bikq2Gh339Bufma8eaqWIPYT3XKmxYPBFOw0bVl+kLZxTwbR1CFoCDXoP+qgQhh4mf9qkNiv2CDSc+0FE3FRREn+DAhYTUEuB58FPiPakFB8s8O7T+k2qhDae7jy4/y7Jl1lnjaBY8s7bzOUPhF0KKCNZmvoKwtL23ZdVeTSV1xM3jkiNnpzBKbcoSWECSGJVp1SE0BnRXdwQP41YTXFZ0310YjaTAUCC5qbMIWdEkHjfdSQtKBImnc85mkapq9w++XQ4zhauPWBtrPV3CcoCahjUaWdjrKVkibomlJZaN8MEO23CfQw==
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 893 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 45415
+;; flags: qr rd ra cd ; qd: 1 an: 3 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ingotronic.ch., type = DS, class = IN
+
+;; ANSWERS:
+ingotronic.ch.		3590	IN	DS	6031 5 2 4A948F2FDADA24686E473EDAC00DCF972584C75E3FAA92C2021B6221449FF87E
+ingotronic.ch.		3590	IN	DS	6031 5 1 733D0218B571CD617B1A7493564B9FC4F12ADE82
+ingotronic.ch.		3590	IN	RRSIG	DS 8 2 3600 20150129033614 20150105123019 60789 ch. rVPJP2HhzW7OkroK2axFj5Lb4iVWCH8Fp/Iq1rF952NDo72b8RiKje2RaAKJAGQ+wd0YgE+PAej04GCmkhlDJA/zvPeeTxuhy3HbJzReMlQ7fjyH+wW1hli+FuIYvogXWf7nO/9VyPORt8X/f/pjrOr3Vlj9sGLN8TGYpEuVSw4=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 288 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 9413
+;; flags: qr aa rd ra cd ; qd: 1 an: 4 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ingotronic.ch., type = DNSKEY, class = IN
+
+;; ANSWERS:
+ingotronic.ch.		300	IN	DNSKEY	256 3 5 AwEAAZ2Xh77GFzpEDx7EHYxShqltHgkiG+BOjBGifEmnJhQSdE5/yNSLFNcdhZZ8HUPxYnaedTqJcFFg4AzUsQklF/fECegTJdZjaj2WoL0/I8K7HMfY/hVuRZUWPNglYi8agJRX6gdkFTCpUNI7stpgKqxtzUJhhw15uG/lKMplwqUr
+ingotronic.ch.		300	IN	DNSKEY	257 3 5 AwEAAeA1vzmjaB+eBAcvhzpKEgAEFpvQ1rg4uKDW6MsQtacKoqBpgyep2+LuWotz5p/xYxj3NGsArwN8Ad5cY0FHRr8miTT0elOv6nvlqGIfRuhj/BXAQ1x4ihpSFslHw0lJMYFwxsUZWpUyjWX/nv1xRZMMwF46gui0N4OEbyTYusCk77D+A71k+K0EAitFIbIH4GCUKmH1H7HmXhSVH9bN/n7KEGwW32lmsuuUcJoRKDkcUvbMXY/9Xoa2quERrUg/rBbDUHowRPjYDS5GzY1+f4YY8s40BufGiqyUTKKXL953MVFK8gmezXA0hbmrnZ7CBOw/7238mORAdzExaX8n7CE=
+ingotronic.ch.		300	IN	RRSIG	DNSKEY 5 2 300 20150125003700 20141226001657 6031 ingotronic.ch. rs1QlP2SlSpA2ELbzwg3DgWLzXWL3Lpv6CUJE2Q0qH2Zp7Qdy3cD+ZEtNh9v24Qv1M6JJ3zFt8mmZoCeW2ycuMbJCqBkW9CBuwF+VznZvZY2MxwPipvhvEEGP//0M8YAZJ66yQPDv3PTdAP8FYbIrJyvY44vwyncwbslpfHT9jAsrbfr3vuMuWps86dnP462q+0s1TxBfqi8mzo3gdavjHKWVNwohLahLKT+tWeu6DSzQv0YwMjwtkLgF7QRgx3ctIIkloOrnx9nHH1N6y+hxEB89fOlyVDjHhgL5uVtsD5fEdT0FJ2Gc/2nShEMMqIwr1/J9kUq1mNySff/uEe65Q==
+ingotronic.ch.		300	IN	RRSIG	DNSKEY 5 2 300 20150125003700 20141226001657 17430 ingotronic.ch. mEwZjhQqeWksWD0TCnNBrtce4YkWJL3edqL6PvAUu8Fn+Ih437kEs3+pqdkgRsdYQ9HW+lBm/8pWwJlNAv0bi9NykItXMwAUFtncgq+6Pnh3iAM972GXSa5VV4LcGQ5b8CBdHCHiEKDqyPv5Hr5QfYL/FQaWlcNRh4QZZlZNPFA=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 940 bytes
+
+###############################################
+
diff --git a/src/test/resources/recordings/org_xbill_DNS_dnssec_TestPriming/testDsNoDataWhenNsecOnEntIsBad b/src/test/resources/recordings/org_xbill_DNS_dnssec_TestPriming/testDsNoDataWhenNsecOnEntIsBad
new file mode 100644
index 000000000..81fd3c985
--- /dev/null
+++ b/src/test/resources/recordings/org_xbill_DNS_dnssec_TestPriming/testDsNoDataWhenNsecOnEntIsBad
@@ -0,0 +1,235 @@
+#Date: 2015-01-06T22:34:52+01:00
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 3444
+;; flags: qr aa rd ra cd ; qd: 1 an: 0 au: 4 ad: 1 
+;; QUESTIONS:
+;;	e.ingotronic.ch., type = DS, class = IN
+
+;; ANSWERS:
+
+;; AUTHORITY RECORDS:
+ingotronic.ch.		300	IN	SOA	ns1.ingotronic.ch. admin.ingotronic.ch. 2013032762 300 60 864000 300
+ingotronic.ch.		300	IN	RRSIG	SOA 5 2 300 20150125021244 20141226011244 17430 ingotronic.ch. WDLpp9G0P/rlMBfpFn9sAfpEFoBnQfwyGSXbGCc/LG1FSkJoKLDQYDY696scLNsJgkrzZeJrl0oSSvA8AvRUhYRrmuqWMxTVFgYlRwPwqEMCKUqiVhKGVF4NYemoBiUQC4nJwBZd57xKCiF4AQ4CodBtiZxefJFAlTNE0g2yxtM=
+a.d.ingotronic.ch.	300	IN	NSEC	a.e.ingotronic.ch. A RRSIG NSEC
+a.d.ingotronic.ch.	300	IN	RRSIG	NSEC 5 4 300 20150125011134 20141226002644 17430 ingotronic.ch. Xlth6wbhlD20uaeZZWKeREQgQBsYN6ztO8zPCWCeklur7YQ3X3aZJGhiNqPPhrdP2g9VEadeFQjCI5eGslXFoJtRPqAVswbk2K0wD8NSeoKRAXhW3N91AQodcalgOhiX5yuqST6gLxJl3WXgwUDvco+JvrfSFWV8FLwZ3RQ/26U=
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 479 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 45334
+;; flags: qr rd ra ad cd ; qd: 1 an: 4 au: 0 ad: 1 
+;; QUESTIONS:
+;;	., type = DNSKEY, class = IN
+
+;; ANSWERS:
+.			87381	IN	DNSKEY	256 3 8 AwEAAaPD7Y7XIi1MOEREJNTrRhyqsY3gff6JWzg+XCbqut1sbcbvqyssHw8DT1AkRaAC92pO8xuyq5QEgEPL1IHfABLwpwXI5gTj4gdwi86bpkmlWs9fRpnn4DPDCTdrnxIejJXgClHikLJF3u3CdpNCMijq4CKdQbMlRZ3avv+G7rh7
+.			87381	IN	DNSKEY	257 3 8 AwEAAagAIKlVZrpC6Ia7gEzahOR+9W29euxhJhVVLOyQbSEW0O8gcCjFFVQUTf6v58fLjwBd0YI0EzrAcQqBGCzh/RStIoO8g0NfnfL2MTJRkxoXbfDaUeVPQuYEhg37NZWAJQ9VnMVDxP/VHL496M/QZxkjf5/Efucp2gaDX6RS6CXpoY68LsvPVjR0ZSwzz1apAzvN9dlzEheX7ICJBBtuA6G3LQpzW5hOA2hzCTMjJPJ8LbqF6dsV6DoBQzgul0sGIcGOYl7OyQdXfZ57relSQageu+ipAdTTJ25AsRTAoub8ONGcLmqrAmRLKBP1dfwhYB4N7knNnulqQxA+Uk1ihz0=
+.			87381	IN	DNSKEY	256 3 8 AwEAAe3fSrbLBy3LOS7pnxEUhvPZTE2H5dIGsI/UfruI/nOEvWWa/PSX2BFedBkEqOlYdjdNF2f+6lmfk2Od/xu0v5bVqxFE+/24v3hZSlWBxvXzPTAGHrbW/IJYEPqlzVOAS4XdUgHg0N7IbLywNHMvB+Yf+Nm6ctyXXFLV4WTNnzs7
+.			87381	IN	RRSIG	DNSKEY 8 0 172800 20150115235959 20150101000000 19036 . i8cAxD2pvQi1oAyvQxRpDfFlbqPzW+69QQEsDwE1eWOm5AtawO9U7lmsGps7sy/fVNvl1ljKBj4Djp9pb3U2FLogjiIlW0cDAkPmLlG9t+b/pjEfBNlhjANUVN06pvQVAfm+LcF26EaWT6FlISBqb6jSy4BHRa3Bdc4Sx7+pRSYSqVVvYxLkfAWsKPqGkvWhebJDndJJV9syXQXgZ+v/uJ+6XOS43xkAdeL8iBzIs/FlwMTfh3tVe3d0lb65IBBLlCzeQuetX+0Vu1YFcnD0mHc/wS2ZnAV5toAFmyVQBoY/XAZiZeaOkcROJ6Zmqezy7liwK7BqsYyAZntMhk8lbg==
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 883 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 28115
+;; flags: qr rd ra ad cd ; qd: 1 an: 2 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ch., type = DS, class = IN
+
+;; ANSWERS:
+ch.			981	IN	DS	46375 8 2 8F96646FC68BB7E4AF4C0750A6096FBC0D4ECDA3D3FA6DA06FDDB42EE50C6CF3
+ch.			981	IN	RRSIG	DS 8 1 86400 20150112170000 20150105160000 16665 . thY7xYWBBxiBjqbQIb9fAG4TmQgnziwM7q6P1T3/ITxmECdvOCQnnZA3uD7qmN8uM0HudsD7+y+zgD3rsH4RSTKdL4kHSI0OnCxToMTvklghEgFDezqIRm8NkWdI2H4Stwrj20nYKSpLQxPI2EE54gs18P3KyO8bAUYv8Qx73xU=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 238 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 8220
+;; flags: qr rd ra ad cd ; qd: 1 an: 4 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ch., type = DNSKEY, class = IN
+
+;; ANSWERS:
+ch.			982	IN	DNSKEY	257 3 8 AwEAAb7GhhZ8IAy/AhwmSms5DeQK5ad09wIIplEpYoiAIYXPtJvT1ReFzyfTp/2YP+g/PWDwHPh4qKAHa9x0VgbIQcGAeNakmfkAdWEmCnca323/SAml3mwfaX62G7/uYWae5zh8QTxZKNd+K1yZ5x0IxnI31chSl5xymRbTEHYZDKwSIRFM3fTxUMt93WFaBVWELReYotJBr++rvAWdnlay5TPBTvheLBkaiqtgM4GP8HK07Y+86lsZnEsj5K3G1KTV5SPpa82rqYAwxG9VKbmSE/6/kBR5jJHjt1rRt5Oe7v18aEtw0YCEN4vxq+KuvMoNVqXUsE9LBwHJD+QNwi6wmB0=
+ch.			982	IN	DNSKEY	256 3 8 AwEAAcsg0kY6fw1wzYMhSAKTy+Y2JzAst66P/1odp9NECJJHbU8f4nwziI3onoFSBV0ZiSZhY1aH5dhdDZ7BkrqhVXSrZPAz0CvzjIxmB1gSOf9DeZvjQvoy97HqYolxsf+B3QQv2RKBT67elF5+JisKg3/dQISelKn8LhabSoVrMlD1
+ch.			982	IN	DNSKEY	256 3 8 AwEAAcSLdT0fEmcFmLpeUkAJoeVaHKiu+nbuc43fWlqaCRVf8t2HA4uWxOk0O5ci9nrFTc8nq8oa5fk5Cj7CHh4yrX9qUCfTdIWTyp8BDEdJpS+Dyb0u9wQuVj+nQMj4fLzdQf4TJs3/qxuiLr3nL1UUwlhhXeqSqGVb7p3mtB5HJ8ad
+ch.			982	IN	RRSIG	DNSKEY 8 1 86400 20150127100909 20141212090909 46375 ch. bT8q0FWyeMH0SulNo6UdIIgZYNATwYsee2bikq2Gh339Bufma8eaqWIPYT3XKmxYPBFOw0bVl+kLZxTwbR1CFoCDXoP+qgQhh4mf9qkNiv2CDSc+0FE3FRREn+DAhYTUEuB58FPiPakFB8s8O7T+k2qhDae7jy4/y7Jl1lnjaBY8s7bzOUPhF0KKCNZmvoKwtL23ZdVeTSV1xM3jkiNnpzBKbcoSWECSGJVp1SE0BnRXdwQP41YTXFZ0310YjaTAUCC5qbMIWdEkHjfdSQtKBImnc85mkapq9w++XQ4zhauPWBtrPV3CcoCahjUaWdjrKVkibomlJZaN8MEO23CfQw==
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 893 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 12780
+;; flags: qr rd ra cd ; qd: 1 an: 3 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ingotronic.ch., type = DS, class = IN
+
+;; ANSWERS:
+ingotronic.ch.		3590	IN	DS	6031 5 2 4A948F2FDADA24686E473EDAC00DCF972584C75E3FAA92C2021B6221449FF87E
+ingotronic.ch.		3590	IN	DS	6031 5 1 733D0218B571CD617B1A7493564B9FC4F12ADE82
+ingotronic.ch.		3590	IN	RRSIG	DS 8 2 3600 20150129033614 20150105123019 60789 ch. rVPJP2HhzW7OkroK2axFj5Lb4iVWCH8Fp/Iq1rF952NDo72b8RiKje2RaAKJAGQ+wd0YgE+PAej04GCmkhlDJA/zvPeeTxuhy3HbJzReMlQ7fjyH+wW1hli+FuIYvogXWf7nO/9VyPORt8X/f/pjrOr3Vlj9sGLN8TGYpEuVSw4=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 288 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 57848
+;; flags: qr aa rd ra cd ; qd: 1 an: 4 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ingotronic.ch., type = DNSKEY, class = IN
+
+;; ANSWERS:
+ingotronic.ch.		300	IN	DNSKEY	257 3 5 AwEAAeA1vzmjaB+eBAcvhzpKEgAEFpvQ1rg4uKDW6MsQtacKoqBpgyep2+LuWotz5p/xYxj3NGsArwN8Ad5cY0FHRr8miTT0elOv6nvlqGIfRuhj/BXAQ1x4ihpSFslHw0lJMYFwxsUZWpUyjWX/nv1xRZMMwF46gui0N4OEbyTYusCk77D+A71k+K0EAitFIbIH4GCUKmH1H7HmXhSVH9bN/n7KEGwW32lmsuuUcJoRKDkcUvbMXY/9Xoa2quERrUg/rBbDUHowRPjYDS5GzY1+f4YY8s40BufGiqyUTKKXL953MVFK8gmezXA0hbmrnZ7CBOw/7238mORAdzExaX8n7CE=
+ingotronic.ch.		300	IN	DNSKEY	256 3 5 AwEAAZ2Xh77GFzpEDx7EHYxShqltHgkiG+BOjBGifEmnJhQSdE5/yNSLFNcdhZZ8HUPxYnaedTqJcFFg4AzUsQklF/fECegTJdZjaj2WoL0/I8K7HMfY/hVuRZUWPNglYi8agJRX6gdkFTCpUNI7stpgKqxtzUJhhw15uG/lKMplwqUr
+ingotronic.ch.		300	IN	RRSIG	DNSKEY 5 2 300 20150125003700 20141226001657 6031 ingotronic.ch. rs1QlP2SlSpA2ELbzwg3DgWLzXWL3Lpv6CUJE2Q0qH2Zp7Qdy3cD+ZEtNh9v24Qv1M6JJ3zFt8mmZoCeW2ycuMbJCqBkW9CBuwF+VznZvZY2MxwPipvhvEEGP//0M8YAZJ66yQPDv3PTdAP8FYbIrJyvY44vwyncwbslpfHT9jAsrbfr3vuMuWps86dnP462q+0s1TxBfqi8mzo3gdavjHKWVNwohLahLKT+tWeu6DSzQv0YwMjwtkLgF7QRgx3ctIIkloOrnx9nHH1N6y+hxEB89fOlyVDjHhgL5uVtsD5fEdT0FJ2Gc/2nShEMMqIwr1/J9kUq1mNySff/uEe65Q==
+ingotronic.ch.		300	IN	RRSIG	DNSKEY 5 2 300 20150125003700 20141226001657 17430 ingotronic.ch. mEwZjhQqeWksWD0TCnNBrtce4YkWJL3edqL6PvAUu8Fn+Ih437kEs3+pqdkgRsdYQ9HW+lBm/8pWwJlNAv0bi9NykItXMwAUFtncgq+6Pnh3iAM972GXSa5VV4LcGQ5b8CBdHCHiEKDqyPv5Hr5QfYL/FQaWlcNRh4QZZlZNPFA=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 940 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 46058
+;; flags: qr aa rd ra cd ; qd: 1 an: 1 au: 1 ad: 3 
+;; QUESTIONS:
+;;	a.e.ingotronic.ch., type = A, class = IN
+
+;; ANSWERS:
+a.e.ingotronic.ch.	300	IN	A	127.0.0.1
+
+;; AUTHORITY RECORDS:
+a.e.ingotronic.ch.	300	IN	NS	ns1.ingotronic.ch.
+
+;; ADDITIONAL RECORDS:
+ns1.ingotronic.ch.	300	IN	A	62.192.5.131
+ns1.ingotronic.ch.	300	IN	RRSIG	A 5 3 300 20150125005754 20141226001054 17430 ingotronic.ch. fNG1RZM53pXwBxruHNaSZszxVzNLoCq8VZsTjAzYH2vSLzHXYVGJFTLIeY0K9APAdyJU8WuwmABmn7XY0Kg39kRG77uoFlqUws2PdTz2QKOwJGZY7W88Ak2Y9lkDBcK8o3wJHVptrT8R7p/1U7UfjF0kqPUkakk2B0EbFWdagFg=
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 269 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 42039
+;; flags: qr rd ra ad cd ; qd: 1 an: 4 au: 0 ad: 1 
+;; QUESTIONS:
+;;	., type = DNSKEY, class = IN
+
+;; ANSWERS:
+.			87381	IN	DNSKEY	257 3 8 AwEAAagAIKlVZrpC6Ia7gEzahOR+9W29euxhJhVVLOyQbSEW0O8gcCjFFVQUTf6v58fLjwBd0YI0EzrAcQqBGCzh/RStIoO8g0NfnfL2MTJRkxoXbfDaUeVPQuYEhg37NZWAJQ9VnMVDxP/VHL496M/QZxkjf5/Efucp2gaDX6RS6CXpoY68LsvPVjR0ZSwzz1apAzvN9dlzEheX7ICJBBtuA6G3LQpzW5hOA2hzCTMjJPJ8LbqF6dsV6DoBQzgul0sGIcGOYl7OyQdXfZ57relSQageu+ipAdTTJ25AsRTAoub8ONGcLmqrAmRLKBP1dfwhYB4N7knNnulqQxA+Uk1ihz0=
+.			87381	IN	DNSKEY	256 3 8 AwEAAaPD7Y7XIi1MOEREJNTrRhyqsY3gff6JWzg+XCbqut1sbcbvqyssHw8DT1AkRaAC92pO8xuyq5QEgEPL1IHfABLwpwXI5gTj4gdwi86bpkmlWs9fRpnn4DPDCTdrnxIejJXgClHikLJF3u3CdpNCMijq4CKdQbMlRZ3avv+G7rh7
+.			87381	IN	DNSKEY	256 3 8 AwEAAe3fSrbLBy3LOS7pnxEUhvPZTE2H5dIGsI/UfruI/nOEvWWa/PSX2BFedBkEqOlYdjdNF2f+6lmfk2Od/xu0v5bVqxFE+/24v3hZSlWBxvXzPTAGHrbW/IJYEPqlzVOAS4XdUgHg0N7IbLywNHMvB+Yf+Nm6ctyXXFLV4WTNnzs7
+.			87381	IN	RRSIG	DNSKEY 8 0 172800 20150115235959 20150101000000 19036 . i8cAxD2pvQi1oAyvQxRpDfFlbqPzW+69QQEsDwE1eWOm5AtawO9U7lmsGps7sy/fVNvl1ljKBj4Djp9pb3U2FLogjiIlW0cDAkPmLlG9t+b/pjEfBNlhjANUVN06pvQVAfm+LcF26EaWT6FlISBqb6jSy4BHRa3Bdc4Sx7+pRSYSqVVvYxLkfAWsKPqGkvWhebJDndJJV9syXQXgZ+v/uJ+6XOS43xkAdeL8iBzIs/FlwMTfh3tVe3d0lb65IBBLlCzeQuetX+0Vu1YFcnD0mHc/wS2ZnAV5toAFmyVQBoY/XAZiZeaOkcROJ6Zmqezy7liwK7BqsYyAZntMhk8lbg==
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 883 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 44314
+;; flags: qr rd ra ad cd ; qd: 1 an: 2 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ch., type = DS, class = IN
+
+;; ANSWERS:
+ch.			981	IN	DS	46375 8 2 8F96646FC68BB7E4AF4C0750A6096FBC0D4ECDA3D3FA6DA06FDDB42EE50C6CF3
+ch.			981	IN	RRSIG	DS 8 1 86400 20150112170000 20150105160000 16665 . thY7xYWBBxiBjqbQIb9fAG4TmQgnziwM7q6P1T3/ITxmECdvOCQnnZA3uD7qmN8uM0HudsD7+y+zgD3rsH4RSTKdL4kHSI0OnCxToMTvklghEgFDezqIRm8NkWdI2H4Stwrj20nYKSpLQxPI2EE54gs18P3KyO8bAUYv8Qx73xU=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 238 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 56200
+;; flags: qr rd ra ad cd ; qd: 1 an: 4 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ch., type = DNSKEY, class = IN
+
+;; ANSWERS:
+ch.			982	IN	DNSKEY	257 3 8 AwEAAb7GhhZ8IAy/AhwmSms5DeQK5ad09wIIplEpYoiAIYXPtJvT1ReFzyfTp/2YP+g/PWDwHPh4qKAHa9x0VgbIQcGAeNakmfkAdWEmCnca323/SAml3mwfaX62G7/uYWae5zh8QTxZKNd+K1yZ5x0IxnI31chSl5xymRbTEHYZDKwSIRFM3fTxUMt93WFaBVWELReYotJBr++rvAWdnlay5TPBTvheLBkaiqtgM4GP8HK07Y+86lsZnEsj5K3G1KTV5SPpa82rqYAwxG9VKbmSE/6/kBR5jJHjt1rRt5Oe7v18aEtw0YCEN4vxq+KuvMoNVqXUsE9LBwHJD+QNwi6wmB0=
+ch.			982	IN	DNSKEY	256 3 8 AwEAAcsg0kY6fw1wzYMhSAKTy+Y2JzAst66P/1odp9NECJJHbU8f4nwziI3onoFSBV0ZiSZhY1aH5dhdDZ7BkrqhVXSrZPAz0CvzjIxmB1gSOf9DeZvjQvoy97HqYolxsf+B3QQv2RKBT67elF5+JisKg3/dQISelKn8LhabSoVrMlD1
+ch.			982	IN	DNSKEY	256 3 8 AwEAAcSLdT0fEmcFmLpeUkAJoeVaHKiu+nbuc43fWlqaCRVf8t2HA4uWxOk0O5ci9nrFTc8nq8oa5fk5Cj7CHh4yrX9qUCfTdIWTyp8BDEdJpS+Dyb0u9wQuVj+nQMj4fLzdQf4TJs3/qxuiLr3nL1UUwlhhXeqSqGVb7p3mtB5HJ8ad
+ch.			982	IN	RRSIG	DNSKEY 8 1 86400 20150127100909 20141212090909 46375 ch. bT8q0FWyeMH0SulNo6UdIIgZYNATwYsee2bikq2Gh339Bufma8eaqWIPYT3XKmxYPBFOw0bVl+kLZxTwbR1CFoCDXoP+qgQhh4mf9qkNiv2CDSc+0FE3FRREn+DAhYTUEuB58FPiPakFB8s8O7T+k2qhDae7jy4/y7Jl1lnjaBY8s7bzOUPhF0KKCNZmvoKwtL23ZdVeTSV1xM3jkiNnpzBKbcoSWECSGJVp1SE0BnRXdwQP41YTXFZ0310YjaTAUCC5qbMIWdEkHjfdSQtKBImnc85mkapq9w++XQ4zhauPWBtrPV3CcoCahjUaWdjrKVkibomlJZaN8MEO23CfQw==
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 893 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 56568
+;; flags: qr rd ra cd ; qd: 1 an: 3 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ingotronic.ch., type = DS, class = IN
+
+;; ANSWERS:
+ingotronic.ch.		3590	IN	DS	6031 5 1 733D0218B571CD617B1A7493564B9FC4F12ADE82
+ingotronic.ch.		3590	IN	DS	6031 5 2 4A948F2FDADA24686E473EDAC00DCF972584C75E3FAA92C2021B6221449FF87E
+ingotronic.ch.		3590	IN	RRSIG	DS 8 2 3600 20150129033614 20150105123019 60789 ch. rVPJP2HhzW7OkroK2axFj5Lb4iVWCH8Fp/Iq1rF952NDo72b8RiKje2RaAKJAGQ+wd0YgE+PAej04GCmkhlDJA/zvPeeTxuhy3HbJzReMlQ7fjyH+wW1hli+FuIYvogXWf7nO/9VyPORt8X/f/pjrOr3Vlj9sGLN8TGYpEuVSw4=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 288 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 57563
+;; flags: qr aa rd ra cd ; qd: 1 an: 4 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ingotronic.ch., type = DNSKEY, class = IN
+
+;; ANSWERS:
+ingotronic.ch.		300	IN	DNSKEY	257 3 5 AwEAAeA1vzmjaB+eBAcvhzpKEgAEFpvQ1rg4uKDW6MsQtacKoqBpgyep2+LuWotz5p/xYxj3NGsArwN8Ad5cY0FHRr8miTT0elOv6nvlqGIfRuhj/BXAQ1x4ihpSFslHw0lJMYFwxsUZWpUyjWX/nv1xRZMMwF46gui0N4OEbyTYusCk77D+A71k+K0EAitFIbIH4GCUKmH1H7HmXhSVH9bN/n7KEGwW32lmsuuUcJoRKDkcUvbMXY/9Xoa2quERrUg/rBbDUHowRPjYDS5GzY1+f4YY8s40BufGiqyUTKKXL953MVFK8gmezXA0hbmrnZ7CBOw/7238mORAdzExaX8n7CE=
+ingotronic.ch.		300	IN	DNSKEY	256 3 5 AwEAAZ2Xh77GFzpEDx7EHYxShqltHgkiG+BOjBGifEmnJhQSdE5/yNSLFNcdhZZ8HUPxYnaedTqJcFFg4AzUsQklF/fECegTJdZjaj2WoL0/I8K7HMfY/hVuRZUWPNglYi8agJRX6gdkFTCpUNI7stpgKqxtzUJhhw15uG/lKMplwqUr
+ingotronic.ch.		300	IN	RRSIG	DNSKEY 5 2 300 20150125003700 20141226001657 6031 ingotronic.ch. rs1QlP2SlSpA2ELbzwg3DgWLzXWL3Lpv6CUJE2Q0qH2Zp7Qdy3cD+ZEtNh9v24Qv1M6JJ3zFt8mmZoCeW2ycuMbJCqBkW9CBuwF+VznZvZY2MxwPipvhvEEGP//0M8YAZJ66yQPDv3PTdAP8FYbIrJyvY44vwyncwbslpfHT9jAsrbfr3vuMuWps86dnP462q+0s1TxBfqi8mzo3gdavjHKWVNwohLahLKT+tWeu6DSzQv0YwMjwtkLgF7QRgx3ctIIkloOrnx9nHH1N6y+hxEB89fOlyVDjHhgL5uVtsD5fEdT0FJ2Gc/2nShEMMqIwr1/J9kUq1mNySff/uEe65Q==
+ingotronic.ch.		300	IN	RRSIG	DNSKEY 5 2 300 20150125003700 20141226001657 17430 ingotronic.ch. mEwZjhQqeWksWD0TCnNBrtce4YkWJL3edqL6PvAUu8Fn+Ih437kEs3+pqdkgRsdYQ9HW+lBm/8pWwJlNAv0bi9NykItXMwAUFtncgq+6Pnh3iAM972GXSa5VV4LcGQ5b8CBdHCHiEKDqyPv5Hr5QfYL/FQaWlcNRh4QZZlZNPFA=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 940 bytes
+
+###############################################
+
diff --git a/src/test/resources/recordings/org_xbill_DNS_dnssec_TestPriming/testDsNoDataWhenOnInsecureDelegationWithWrongNsec b/src/test/resources/recordings/org_xbill_DNS_dnssec_TestPriming/testDsNoDataWhenOnInsecureDelegationWithWrongNsec
new file mode 100644
index 000000000..249ab3e5a
--- /dev/null
+++ b/src/test/resources/recordings/org_xbill_DNS_dnssec_TestPriming/testDsNoDataWhenOnInsecureDelegationWithWrongNsec
@@ -0,0 +1,237 @@
+#Date: 2015-01-06T22:34:51+01:00
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 54648
+;; flags: qr aa rd ra cd ; qd: 1 an: 2 au: 2 ad: 3 
+;; QUESTIONS:
+;;	alias.ingotronic.ch., type = NSEC, class = IN
+
+;; ANSWERS:
+alias.ingotronic.ch.	300	IN	NSEC	a.b.ingotronic.ch. DNAME RRSIG NSEC
+alias.ingotronic.ch.	300	IN	RRSIG	NSEC 5 3 300 20150125000532 20141225234703 17430 ingotronic.ch. mS+nh5skTxhOBdJlkwSGdrmhuA5FC9Am9emIhyIViET/1BoKotmbzLtfaBXAh2gRhcfDr+4OJJ6oyUcdMn/m4YG8NUsf4rAL92/YyxocUoF/oS8ZZv/BPXplCH5J4hsac+heElbPJ29v0kFVujErTaX/Ev0lYsUNI+9OmCrlQpk=
+
+;; AUTHORITY RECORDS:
+ingotronic.ch.		300	IN	NS	ns1.ingotronic.ch.
+ingotronic.ch.		300	IN	RRSIG	NS 5 2 300 20150125000532 20141225234703 17430 ingotronic.ch. VuzVJM3McSHlcdngCG/G23zCikq8tXE0CZV2ZSgUFXXFMIEoM6PMi1QRQ/8VF3tee4WGpRx2jhtkui0wFRFfwIhW7G1uPDT4qogaR3KLIyuCEsMxhRH3WJZNrLmLqlSBGvd9OBJwbmryqm3Zzqvrk+E+rh8OJeifnBBpHAX4eHg=
+
+;; ADDITIONAL RECORDS:
+ns1.ingotronic.ch.	300	IN	A	62.192.5.131
+ns1.ingotronic.ch.	300	IN	RRSIG	A 5 3 300 20150125005754 20141226001054 17430 ingotronic.ch. fNG1RZM53pXwBxruHNaSZszxVzNLoCq8VZsTjAzYH2vSLzHXYVGJFTLIeY0K9APAdyJU8WuwmABmn7XY0Kg39kRG77uoFlqUws2PdTz2QKOwJGZY7W88Ak2Y9lkDBcK8o3wJHVptrT8R7p/1U7UfjF0kqPUkakk2B0EbFWdagFg=
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 640 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 1473
+;; flags: qr rd ra ad cd ; qd: 1 an: 4 au: 0 ad: 1 
+;; QUESTIONS:
+;;	., type = DNSKEY, class = IN
+
+;; ANSWERS:
+.			87383	IN	DNSKEY	256 3 8 AwEAAaPD7Y7XIi1MOEREJNTrRhyqsY3gff6JWzg+XCbqut1sbcbvqyssHw8DT1AkRaAC92pO8xuyq5QEgEPL1IHfABLwpwXI5gTj4gdwi86bpkmlWs9fRpnn4DPDCTdrnxIejJXgClHikLJF3u3CdpNCMijq4CKdQbMlRZ3avv+G7rh7
+.			87383	IN	DNSKEY	257 3 8 AwEAAagAIKlVZrpC6Ia7gEzahOR+9W29euxhJhVVLOyQbSEW0O8gcCjFFVQUTf6v58fLjwBd0YI0EzrAcQqBGCzh/RStIoO8g0NfnfL2MTJRkxoXbfDaUeVPQuYEhg37NZWAJQ9VnMVDxP/VHL496M/QZxkjf5/Efucp2gaDX6RS6CXpoY68LsvPVjR0ZSwzz1apAzvN9dlzEheX7ICJBBtuA6G3LQpzW5hOA2hzCTMjJPJ8LbqF6dsV6DoBQzgul0sGIcGOYl7OyQdXfZ57relSQageu+ipAdTTJ25AsRTAoub8ONGcLmqrAmRLKBP1dfwhYB4N7knNnulqQxA+Uk1ihz0=
+.			87383	IN	DNSKEY	256 3 8 AwEAAe3fSrbLBy3LOS7pnxEUhvPZTE2H5dIGsI/UfruI/nOEvWWa/PSX2BFedBkEqOlYdjdNF2f+6lmfk2Od/xu0v5bVqxFE+/24v3hZSlWBxvXzPTAGHrbW/IJYEPqlzVOAS4XdUgHg0N7IbLywNHMvB+Yf+Nm6ctyXXFLV4WTNnzs7
+.			87383	IN	RRSIG	DNSKEY 8 0 172800 20150115235959 20150101000000 19036 . i8cAxD2pvQi1oAyvQxRpDfFlbqPzW+69QQEsDwE1eWOm5AtawO9U7lmsGps7sy/fVNvl1ljKBj4Djp9pb3U2FLogjiIlW0cDAkPmLlG9t+b/pjEfBNlhjANUVN06pvQVAfm+LcF26EaWT6FlISBqb6jSy4BHRa3Bdc4Sx7+pRSYSqVVvYxLkfAWsKPqGkvWhebJDndJJV9syXQXgZ+v/uJ+6XOS43xkAdeL8iBzIs/FlwMTfh3tVe3d0lb65IBBLlCzeQuetX+0Vu1YFcnD0mHc/wS2ZnAV5toAFmyVQBoY/XAZiZeaOkcROJ6Zmqezy7liwK7BqsYyAZntMhk8lbg==
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 883 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 12527
+;; flags: qr rd ra ad cd ; qd: 1 an: 2 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ch., type = DS, class = IN
+
+;; ANSWERS:
+ch.			983	IN	DS	46375 8 2 8F96646FC68BB7E4AF4C0750A6096FBC0D4ECDA3D3FA6DA06FDDB42EE50C6CF3
+ch.			983	IN	RRSIG	DS 8 1 86400 20150112170000 20150105160000 16665 . thY7xYWBBxiBjqbQIb9fAG4TmQgnziwM7q6P1T3/ITxmECdvOCQnnZA3uD7qmN8uM0HudsD7+y+zgD3rsH4RSTKdL4kHSI0OnCxToMTvklghEgFDezqIRm8NkWdI2H4Stwrj20nYKSpLQxPI2EE54gs18P3KyO8bAUYv8Qx73xU=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 238 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 45087
+;; flags: qr rd ra ad cd ; qd: 1 an: 4 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ch., type = DNSKEY, class = IN
+
+;; ANSWERS:
+ch.			984	IN	DNSKEY	256 3 8 AwEAAcSLdT0fEmcFmLpeUkAJoeVaHKiu+nbuc43fWlqaCRVf8t2HA4uWxOk0O5ci9nrFTc8nq8oa5fk5Cj7CHh4yrX9qUCfTdIWTyp8BDEdJpS+Dyb0u9wQuVj+nQMj4fLzdQf4TJs3/qxuiLr3nL1UUwlhhXeqSqGVb7p3mtB5HJ8ad
+ch.			984	IN	DNSKEY	256 3 8 AwEAAcsg0kY6fw1wzYMhSAKTy+Y2JzAst66P/1odp9NECJJHbU8f4nwziI3onoFSBV0ZiSZhY1aH5dhdDZ7BkrqhVXSrZPAz0CvzjIxmB1gSOf9DeZvjQvoy97HqYolxsf+B3QQv2RKBT67elF5+JisKg3/dQISelKn8LhabSoVrMlD1
+ch.			984	IN	DNSKEY	257 3 8 AwEAAb7GhhZ8IAy/AhwmSms5DeQK5ad09wIIplEpYoiAIYXPtJvT1ReFzyfTp/2YP+g/PWDwHPh4qKAHa9x0VgbIQcGAeNakmfkAdWEmCnca323/SAml3mwfaX62G7/uYWae5zh8QTxZKNd+K1yZ5x0IxnI31chSl5xymRbTEHYZDKwSIRFM3fTxUMt93WFaBVWELReYotJBr++rvAWdnlay5TPBTvheLBkaiqtgM4GP8HK07Y+86lsZnEsj5K3G1KTV5SPpa82rqYAwxG9VKbmSE/6/kBR5jJHjt1rRt5Oe7v18aEtw0YCEN4vxq+KuvMoNVqXUsE9LBwHJD+QNwi6wmB0=
+ch.			984	IN	RRSIG	DNSKEY 8 1 86400 20150127100909 20141212090909 46375 ch. bT8q0FWyeMH0SulNo6UdIIgZYNATwYsee2bikq2Gh339Bufma8eaqWIPYT3XKmxYPBFOw0bVl+kLZxTwbR1CFoCDXoP+qgQhh4mf9qkNiv2CDSc+0FE3FRREn+DAhYTUEuB58FPiPakFB8s8O7T+k2qhDae7jy4/y7Jl1lnjaBY8s7bzOUPhF0KKCNZmvoKwtL23ZdVeTSV1xM3jkiNnpzBKbcoSWECSGJVp1SE0BnRXdwQP41YTXFZ0310YjaTAUCC5qbMIWdEkHjfdSQtKBImnc85mkapq9w++XQ4zhauPWBtrPV3CcoCahjUaWdjrKVkibomlJZaN8MEO23CfQw==
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 893 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 10272
+;; flags: qr rd ra cd ; qd: 1 an: 3 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ingotronic.ch., type = DS, class = IN
+
+;; ANSWERS:
+ingotronic.ch.		3592	IN	DS	6031 5 2 4A948F2FDADA24686E473EDAC00DCF972584C75E3FAA92C2021B6221449FF87E
+ingotronic.ch.		3592	IN	DS	6031 5 1 733D0218B571CD617B1A7493564B9FC4F12ADE82
+ingotronic.ch.		3592	IN	RRSIG	DS 8 2 3600 20150129033614 20150105123019 60789 ch. rVPJP2HhzW7OkroK2axFj5Lb4iVWCH8Fp/Iq1rF952NDo72b8RiKje2RaAKJAGQ+wd0YgE+PAej04GCmkhlDJA/zvPeeTxuhy3HbJzReMlQ7fjyH+wW1hli+FuIYvogXWf7nO/9VyPORt8X/f/pjrOr3Vlj9sGLN8TGYpEuVSw4=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 288 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 19066
+;; flags: qr aa rd ra cd ; qd: 1 an: 4 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ingotronic.ch., type = DNSKEY, class = IN
+
+;; ANSWERS:
+ingotronic.ch.		300	IN	DNSKEY	256 3 5 AwEAAZ2Xh77GFzpEDx7EHYxShqltHgkiG+BOjBGifEmnJhQSdE5/yNSLFNcdhZZ8HUPxYnaedTqJcFFg4AzUsQklF/fECegTJdZjaj2WoL0/I8K7HMfY/hVuRZUWPNglYi8agJRX6gdkFTCpUNI7stpgKqxtzUJhhw15uG/lKMplwqUr
+ingotronic.ch.		300	IN	DNSKEY	257 3 5 AwEAAeA1vzmjaB+eBAcvhzpKEgAEFpvQ1rg4uKDW6MsQtacKoqBpgyep2+LuWotz5p/xYxj3NGsArwN8Ad5cY0FHRr8miTT0elOv6nvlqGIfRuhj/BXAQ1x4ihpSFslHw0lJMYFwxsUZWpUyjWX/nv1xRZMMwF46gui0N4OEbyTYusCk77D+A71k+K0EAitFIbIH4GCUKmH1H7HmXhSVH9bN/n7KEGwW32lmsuuUcJoRKDkcUvbMXY/9Xoa2quERrUg/rBbDUHowRPjYDS5GzY1+f4YY8s40BufGiqyUTKKXL953MVFK8gmezXA0hbmrnZ7CBOw/7238mORAdzExaX8n7CE=
+ingotronic.ch.		300	IN	RRSIG	DNSKEY 5 2 300 20150125003700 20141226001657 6031 ingotronic.ch. rs1QlP2SlSpA2ELbzwg3DgWLzXWL3Lpv6CUJE2Q0qH2Zp7Qdy3cD+ZEtNh9v24Qv1M6JJ3zFt8mmZoCeW2ycuMbJCqBkW9CBuwF+VznZvZY2MxwPipvhvEEGP//0M8YAZJ66yQPDv3PTdAP8FYbIrJyvY44vwyncwbslpfHT9jAsrbfr3vuMuWps86dnP462q+0s1TxBfqi8mzo3gdavjHKWVNwohLahLKT+tWeu6DSzQv0YwMjwtkLgF7QRgx3ctIIkloOrnx9nHH1N6y+hxEB89fOlyVDjHhgL5uVtsD5fEdT0FJ2Gc/2nShEMMqIwr1/J9kUq1mNySff/uEe65Q==
+ingotronic.ch.		300	IN	RRSIG	DNSKEY 5 2 300 20150125003700 20141226001657 17430 ingotronic.ch. mEwZjhQqeWksWD0TCnNBrtce4YkWJL3edqL6PvAUu8Fn+Ih437kEs3+pqdkgRsdYQ9HW+lBm/8pWwJlNAv0bi9NykItXMwAUFtncgq+6Pnh3iAM972GXSa5VV4LcGQ5b8CBdHCHiEKDqyPv5Hr5QfYL/FQaWlcNRh4QZZlZNPFA=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 940 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 40136
+;; flags: qr aa rd ra cd ; qd: 1 an: 1 au: 1 ad: 3 
+;; QUESTIONS:
+;;	www.unsigned.ingotronic.ch., type = A, class = IN
+
+;; ANSWERS:
+www.unsigned.ingotronic.ch.	300	IN	A	127.0.0.1
+
+;; AUTHORITY RECORDS:
+unsigned.ingotronic.ch.	300	IN	NS	ns1.ingotronic.ch.
+
+;; ADDITIONAL RECORDS:
+ns1.ingotronic.ch.	300	IN	A	62.192.5.131
+ns1.ingotronic.ch.	300	IN	RRSIG	A 5 3 300 20150125005754 20141226001054 17430 ingotronic.ch. fNG1RZM53pXwBxruHNaSZszxVzNLoCq8VZsTjAzYH2vSLzHXYVGJFTLIeY0K9APAdyJU8WuwmABmn7XY0Kg39kRG77uoFlqUws2PdTz2QKOwJGZY7W88Ak2Y9lkDBcK8o3wJHVptrT8R7p/1U7UfjF0kqPUkakk2B0EbFWdagFg=
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 278 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 8431
+;; flags: qr rd ra ad cd ; qd: 1 an: 4 au: 0 ad: 1 
+;; QUESTIONS:
+;;	., type = DNSKEY, class = IN
+
+;; ANSWERS:
+.			87382	IN	DNSKEY	256 3 8 AwEAAe3fSrbLBy3LOS7pnxEUhvPZTE2H5dIGsI/UfruI/nOEvWWa/PSX2BFedBkEqOlYdjdNF2f+6lmfk2Od/xu0v5bVqxFE+/24v3hZSlWBxvXzPTAGHrbW/IJYEPqlzVOAS4XdUgHg0N7IbLywNHMvB+Yf+Nm6ctyXXFLV4WTNnzs7
+.			87382	IN	DNSKEY	256 3 8 AwEAAaPD7Y7XIi1MOEREJNTrRhyqsY3gff6JWzg+XCbqut1sbcbvqyssHw8DT1AkRaAC92pO8xuyq5QEgEPL1IHfABLwpwXI5gTj4gdwi86bpkmlWs9fRpnn4DPDCTdrnxIejJXgClHikLJF3u3CdpNCMijq4CKdQbMlRZ3avv+G7rh7
+.			87382	IN	DNSKEY	257 3 8 AwEAAagAIKlVZrpC6Ia7gEzahOR+9W29euxhJhVVLOyQbSEW0O8gcCjFFVQUTf6v58fLjwBd0YI0EzrAcQqBGCzh/RStIoO8g0NfnfL2MTJRkxoXbfDaUeVPQuYEhg37NZWAJQ9VnMVDxP/VHL496M/QZxkjf5/Efucp2gaDX6RS6CXpoY68LsvPVjR0ZSwzz1apAzvN9dlzEheX7ICJBBtuA6G3LQpzW5hOA2hzCTMjJPJ8LbqF6dsV6DoBQzgul0sGIcGOYl7OyQdXfZ57relSQageu+ipAdTTJ25AsRTAoub8ONGcLmqrAmRLKBP1dfwhYB4N7knNnulqQxA+Uk1ihz0=
+.			87382	IN	RRSIG	DNSKEY 8 0 172800 20150115235959 20150101000000 19036 . i8cAxD2pvQi1oAyvQxRpDfFlbqPzW+69QQEsDwE1eWOm5AtawO9U7lmsGps7sy/fVNvl1ljKBj4Djp9pb3U2FLogjiIlW0cDAkPmLlG9t+b/pjEfBNlhjANUVN06pvQVAfm+LcF26EaWT6FlISBqb6jSy4BHRa3Bdc4Sx7+pRSYSqVVvYxLkfAWsKPqGkvWhebJDndJJV9syXQXgZ+v/uJ+6XOS43xkAdeL8iBzIs/FlwMTfh3tVe3d0lb65IBBLlCzeQuetX+0Vu1YFcnD0mHc/wS2ZnAV5toAFmyVQBoY/XAZiZeaOkcROJ6Zmqezy7liwK7BqsYyAZntMhk8lbg==
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 883 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 19263
+;; flags: qr rd ra ad cd ; qd: 1 an: 2 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ch., type = DS, class = IN
+
+;; ANSWERS:
+ch.			982	IN	DS	46375 8 2 8F96646FC68BB7E4AF4C0750A6096FBC0D4ECDA3D3FA6DA06FDDB42EE50C6CF3
+ch.			982	IN	RRSIG	DS 8 1 86400 20150112170000 20150105160000 16665 . thY7xYWBBxiBjqbQIb9fAG4TmQgnziwM7q6P1T3/ITxmECdvOCQnnZA3uD7qmN8uM0HudsD7+y+zgD3rsH4RSTKdL4kHSI0OnCxToMTvklghEgFDezqIRm8NkWdI2H4Stwrj20nYKSpLQxPI2EE54gs18P3KyO8bAUYv8Qx73xU=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 238 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 2609
+;; flags: qr rd ra ad cd ; qd: 1 an: 4 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ch., type = DNSKEY, class = IN
+
+;; ANSWERS:
+ch.			983	IN	DNSKEY	257 3 8 AwEAAb7GhhZ8IAy/AhwmSms5DeQK5ad09wIIplEpYoiAIYXPtJvT1ReFzyfTp/2YP+g/PWDwHPh4qKAHa9x0VgbIQcGAeNakmfkAdWEmCnca323/SAml3mwfaX62G7/uYWae5zh8QTxZKNd+K1yZ5x0IxnI31chSl5xymRbTEHYZDKwSIRFM3fTxUMt93WFaBVWELReYotJBr++rvAWdnlay5TPBTvheLBkaiqtgM4GP8HK07Y+86lsZnEsj5K3G1KTV5SPpa82rqYAwxG9VKbmSE/6/kBR5jJHjt1rRt5Oe7v18aEtw0YCEN4vxq+KuvMoNVqXUsE9LBwHJD+QNwi6wmB0=
+ch.			983	IN	DNSKEY	256 3 8 AwEAAcSLdT0fEmcFmLpeUkAJoeVaHKiu+nbuc43fWlqaCRVf8t2HA4uWxOk0O5ci9nrFTc8nq8oa5fk5Cj7CHh4yrX9qUCfTdIWTyp8BDEdJpS+Dyb0u9wQuVj+nQMj4fLzdQf4TJs3/qxuiLr3nL1UUwlhhXeqSqGVb7p3mtB5HJ8ad
+ch.			983	IN	DNSKEY	256 3 8 AwEAAcsg0kY6fw1wzYMhSAKTy+Y2JzAst66P/1odp9NECJJHbU8f4nwziI3onoFSBV0ZiSZhY1aH5dhdDZ7BkrqhVXSrZPAz0CvzjIxmB1gSOf9DeZvjQvoy97HqYolxsf+B3QQv2RKBT67elF5+JisKg3/dQISelKn8LhabSoVrMlD1
+ch.			983	IN	RRSIG	DNSKEY 8 1 86400 20150127100909 20141212090909 46375 ch. bT8q0FWyeMH0SulNo6UdIIgZYNATwYsee2bikq2Gh339Bufma8eaqWIPYT3XKmxYPBFOw0bVl+kLZxTwbR1CFoCDXoP+qgQhh4mf9qkNiv2CDSc+0FE3FRREn+DAhYTUEuB58FPiPakFB8s8O7T+k2qhDae7jy4/y7Jl1lnjaBY8s7bzOUPhF0KKCNZmvoKwtL23ZdVeTSV1xM3jkiNnpzBKbcoSWECSGJVp1SE0BnRXdwQP41YTXFZ0310YjaTAUCC5qbMIWdEkHjfdSQtKBImnc85mkapq9w++XQ4zhauPWBtrPV3CcoCahjUaWdjrKVkibomlJZaN8MEO23CfQw==
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 893 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 29809
+;; flags: qr rd ra cd ; qd: 1 an: 3 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ingotronic.ch., type = DS, class = IN
+
+;; ANSWERS:
+ingotronic.ch.		3591	IN	DS	6031 5 2 4A948F2FDADA24686E473EDAC00DCF972584C75E3FAA92C2021B6221449FF87E
+ingotronic.ch.		3591	IN	DS	6031 5 1 733D0218B571CD617B1A7493564B9FC4F12ADE82
+ingotronic.ch.		3591	IN	RRSIG	DS 8 2 3600 20150129033614 20150105123019 60789 ch. rVPJP2HhzW7OkroK2axFj5Lb4iVWCH8Fp/Iq1rF952NDo72b8RiKje2RaAKJAGQ+wd0YgE+PAej04GCmkhlDJA/zvPeeTxuhy3HbJzReMlQ7fjyH+wW1hli+FuIYvogXWf7nO/9VyPORt8X/f/pjrOr3Vlj9sGLN8TGYpEuVSw4=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 288 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 43821
+;; flags: qr aa rd ra cd ; qd: 1 an: 4 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ingotronic.ch., type = DNSKEY, class = IN
+
+;; ANSWERS:
+ingotronic.ch.		300	IN	DNSKEY	256 3 5 AwEAAZ2Xh77GFzpEDx7EHYxShqltHgkiG+BOjBGifEmnJhQSdE5/yNSLFNcdhZZ8HUPxYnaedTqJcFFg4AzUsQklF/fECegTJdZjaj2WoL0/I8K7HMfY/hVuRZUWPNglYi8agJRX6gdkFTCpUNI7stpgKqxtzUJhhw15uG/lKMplwqUr
+ingotronic.ch.		300	IN	DNSKEY	257 3 5 AwEAAeA1vzmjaB+eBAcvhzpKEgAEFpvQ1rg4uKDW6MsQtacKoqBpgyep2+LuWotz5p/xYxj3NGsArwN8Ad5cY0FHRr8miTT0elOv6nvlqGIfRuhj/BXAQ1x4ihpSFslHw0lJMYFwxsUZWpUyjWX/nv1xRZMMwF46gui0N4OEbyTYusCk77D+A71k+K0EAitFIbIH4GCUKmH1H7HmXhSVH9bN/n7KEGwW32lmsuuUcJoRKDkcUvbMXY/9Xoa2quERrUg/rBbDUHowRPjYDS5GzY1+f4YY8s40BufGiqyUTKKXL953MVFK8gmezXA0hbmrnZ7CBOw/7238mORAdzExaX8n7CE=
+ingotronic.ch.		300	IN	RRSIG	DNSKEY 5 2 300 20150125003700 20141226001657 6031 ingotronic.ch. rs1QlP2SlSpA2ELbzwg3DgWLzXWL3Lpv6CUJE2Q0qH2Zp7Qdy3cD+ZEtNh9v24Qv1M6JJ3zFt8mmZoCeW2ycuMbJCqBkW9CBuwF+VznZvZY2MxwPipvhvEEGP//0M8YAZJ66yQPDv3PTdAP8FYbIrJyvY44vwyncwbslpfHT9jAsrbfr3vuMuWps86dnP462q+0s1TxBfqi8mzo3gdavjHKWVNwohLahLKT+tWeu6DSzQv0YwMjwtkLgF7QRgx3ctIIkloOrnx9nHH1N6y+hxEB89fOlyVDjHhgL5uVtsD5fEdT0FJ2Gc/2nShEMMqIwr1/J9kUq1mNySff/uEe65Q==
+ingotronic.ch.		300	IN	RRSIG	DNSKEY 5 2 300 20150125003700 20141226001657 17430 ingotronic.ch. mEwZjhQqeWksWD0TCnNBrtce4YkWJL3edqL6PvAUu8Fn+Ih437kEs3+pqdkgRsdYQ9HW+lBm/8pWwJlNAv0bi9NykItXMwAUFtncgq+6Pnh3iAM972GXSa5VV4LcGQ5b8CBdHCHiEKDqyPv5Hr5QfYL/FQaWlcNRh4QZZlZNPFA=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 940 bytes
+
+###############################################
+
diff --git a/src/test/resources/recordings/org_xbill_DNS_dnssec_TestPriming/testDsPrimeResponseWithEmptyAnswerIsBad b/src/test/resources/recordings/org_xbill_DNS_dnssec_TestPriming/testDsPrimeResponseWithEmptyAnswerIsBad
new file mode 100644
index 000000000..774c3059e
--- /dev/null
+++ b/src/test/resources/recordings/org_xbill_DNS_dnssec_TestPriming/testDsPrimeResponseWithEmptyAnswerIsBad
@@ -0,0 +1,43 @@
+#Date: 2015-01-06T22:34:50+01:00
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 45525
+;; flags: qr aa rd ra cd ; qd: 1 an: 2 au: 2 ad: 3 
+;; QUESTIONS:
+;;	www.ingotronic.ch., type = A, class = IN
+
+;; ANSWERS:
+www.ingotronic.ch.	300	IN	A	127.0.0.1
+www.ingotronic.ch.	300	IN	RRSIG	A 5 3 300 20150125012443 20141226010256 17430 ingotronic.ch. hkD2bkHZKHoJX8cg69j6l1JXE7iYlVFc0iMo3/3hcq4TqieiT2El/9DLfMSxa7XyB/HRDG5Ul61E56pwlCDdxkwemtAuTzjCpqAtvQ5l5OEtTM4i6nijKBkRRzHjh99qDI1jh9GFv3jkTk5m7iaMQemUB4VTjKGLcZHXvWmQLbg=
+
+;; AUTHORITY RECORDS:
+ingotronic.ch.		300	IN	NS	ns1.ingotronic.ch.
+ingotronic.ch.		300	IN	RRSIG	NS 5 2 300 20150125000532 20141225234703 17430 ingotronic.ch. VuzVJM3McSHlcdngCG/G23zCikq8tXE0CZV2ZSgUFXXFMIEoM6PMi1QRQ/8VF3tee4WGpRx2jhtkui0wFRFfwIhW7G1uPDT4qogaR3KLIyuCEsMxhRH3WJZNrLmLqlSBGvd9OBJwbmryqm3Zzqvrk+E+rh8OJeifnBBpHAX4eHg=
+
+;; ADDITIONAL RECORDS:
+ns1.ingotronic.ch.	300	IN	A	62.192.5.131
+ns1.ingotronic.ch.	300	IN	RRSIG	A 5 3 300 20150125005754 20141226001054 17430 ingotronic.ch. fNG1RZM53pXwBxruHNaSZszxVzNLoCq8VZsTjAzYH2vSLzHXYVGJFTLIeY0K9APAdyJU8WuwmABmn7XY0Kg39kRG77uoFlqUws2PdTz2QKOwJGZY7W88Ak2Y9lkDBcK8o3wJHVptrT8R7p/1U7UfjF0kqPUkakk2B0EbFWdagFg=
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 615 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 54828
+;; flags: qr rd ra ad cd ; qd: 1 an: 4 au: 0 ad: 1 
+;; QUESTIONS:
+;;	., type = DNSKEY, class = IN
+
+;; ANSWERS:
+.			87383	IN	DNSKEY	256 3 8 AwEAAe3fSrbLBy3LOS7pnxEUhvPZTE2H5dIGsI/UfruI/nOEvWWa/PSX2BFedBkEqOlYdjdNF2f+6lmfk2Od/xu0v5bVqxFE+/24v3hZSlWBxvXzPTAGHrbW/IJYEPqlzVOAS4XdUgHg0N7IbLywNHMvB+Yf+Nm6ctyXXFLV4WTNnzs7
+.			87383	IN	DNSKEY	257 3 8 AwEAAagAIKlVZrpC6Ia7gEzahOR+9W29euxhJhVVLOyQbSEW0O8gcCjFFVQUTf6v58fLjwBd0YI0EzrAcQqBGCzh/RStIoO8g0NfnfL2MTJRkxoXbfDaUeVPQuYEhg37NZWAJQ9VnMVDxP/VHL496M/QZxkjf5/Efucp2gaDX6RS6CXpoY68LsvPVjR0ZSwzz1apAzvN9dlzEheX7ICJBBtuA6G3LQpzW5hOA2hzCTMjJPJ8LbqF6dsV6DoBQzgul0sGIcGOYl7OyQdXfZ57relSQageu+ipAdTTJ25AsRTAoub8ONGcLmqrAmRLKBP1dfwhYB4N7knNnulqQxA+Uk1ihz0=
+.			87383	IN	DNSKEY	256 3 8 AwEAAaPD7Y7XIi1MOEREJNTrRhyqsY3gff6JWzg+XCbqut1sbcbvqyssHw8DT1AkRaAC92pO8xuyq5QEgEPL1IHfABLwpwXI5gTj4gdwi86bpkmlWs9fRpnn4DPDCTdrnxIejJXgClHikLJF3u3CdpNCMijq4CKdQbMlRZ3avv+G7rh7
+.			87383	IN	RRSIG	DNSKEY 8 0 172800 20150115235959 20150101000000 19036 . i8cAxD2pvQi1oAyvQxRpDfFlbqPzW+69QQEsDwE1eWOm5AtawO9U7lmsGps7sy/fVNvl1ljKBj4Djp9pb3U2FLogjiIlW0cDAkPmLlG9t+b/pjEfBNlhjANUVN06pvQVAfm+LcF26EaWT6FlISBqb6jSy4BHRa3Bdc4Sx7+pRSYSqVVvYxLkfAWsKPqGkvWhebJDndJJV9syXQXgZ+v/uJ+6XOS43xkAdeL8iBzIs/FlwMTfh3tVe3d0lb65IBBLlCzeQuetX+0Vu1YFcnD0mHc/wS2ZnAV5toAFmyVQBoY/XAZiZeaOkcROJ6Zmqezy7liwK7BqsYyAZntMhk8lbg==
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 883 bytes
+
+###############################################
+
diff --git a/src/test/resources/recordings/org_xbill_DNS_dnssec_TestPriming/testDsPrimeResponseWithNxDomainForTld b/src/test/resources/recordings/org_xbill_DNS_dnssec_TestPriming/testDsPrimeResponseWithNxDomainForTld
new file mode 100644
index 000000000..1a4c6802f
--- /dev/null
+++ b/src/test/resources/recordings/org_xbill_DNS_dnssec_TestPriming/testDsPrimeResponseWithNxDomainForTld
@@ -0,0 +1,43 @@
+#Date: 2015-01-06T22:34:53+01:00
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 28876
+;; flags: qr aa rd ra cd ; qd: 1 an: 2 au: 2 ad: 3 
+;; QUESTIONS:
+;;	www.ingotronic.ch., type = A, class = IN
+
+;; ANSWERS:
+www.ingotronic.ch.	300	IN	A	127.0.0.1
+www.ingotronic.ch.	300	IN	RRSIG	A 5 3 300 20150125012443 20141226010256 17430 ingotronic.ch. hkD2bkHZKHoJX8cg69j6l1JXE7iYlVFc0iMo3/3hcq4TqieiT2El/9DLfMSxa7XyB/HRDG5Ul61E56pwlCDdxkwemtAuTzjCpqAtvQ5l5OEtTM4i6nijKBkRRzHjh99qDI1jh9GFv3jkTk5m7iaMQemUB4VTjKGLcZHXvWmQLbg=
+
+;; AUTHORITY RECORDS:
+ingotronic.ch.		300	IN	NS	ns1.ingotronic.ch.
+ingotronic.ch.		300	IN	RRSIG	NS 5 2 300 20150125000532 20141225234703 17430 ingotronic.ch. VuzVJM3McSHlcdngCG/G23zCikq8tXE0CZV2ZSgUFXXFMIEoM6PMi1QRQ/8VF3tee4WGpRx2jhtkui0wFRFfwIhW7G1uPDT4qogaR3KLIyuCEsMxhRH3WJZNrLmLqlSBGvd9OBJwbmryqm3Zzqvrk+E+rh8OJeifnBBpHAX4eHg=
+
+;; ADDITIONAL RECORDS:
+ns1.ingotronic.ch.	300	IN	A	62.192.5.131
+ns1.ingotronic.ch.	300	IN	RRSIG	A 5 3 300 20150125005754 20141226001054 17430 ingotronic.ch. fNG1RZM53pXwBxruHNaSZszxVzNLoCq8VZsTjAzYH2vSLzHXYVGJFTLIeY0K9APAdyJU8WuwmABmn7XY0Kg39kRG77uoFlqUws2PdTz2QKOwJGZY7W88Ak2Y9lkDBcK8o3wJHVptrT8R7p/1U7UfjF0kqPUkakk2B0EbFWdagFg=
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 615 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 21203
+;; flags: qr rd ra ad cd ; qd: 1 an: 4 au: 0 ad: 1 
+;; QUESTIONS:
+;;	., type = DNSKEY, class = IN
+
+;; ANSWERS:
+.			87381	IN	DNSKEY	256 3 8 AwEAAaPD7Y7XIi1MOEREJNTrRhyqsY3gff6JWzg+XCbqut1sbcbvqyssHw8DT1AkRaAC92pO8xuyq5QEgEPL1IHfABLwpwXI5gTj4gdwi86bpkmlWs9fRpnn4DPDCTdrnxIejJXgClHikLJF3u3CdpNCMijq4CKdQbMlRZ3avv+G7rh7
+.			87381	IN	DNSKEY	256 3 8 AwEAAe3fSrbLBy3LOS7pnxEUhvPZTE2H5dIGsI/UfruI/nOEvWWa/PSX2BFedBkEqOlYdjdNF2f+6lmfk2Od/xu0v5bVqxFE+/24v3hZSlWBxvXzPTAGHrbW/IJYEPqlzVOAS4XdUgHg0N7IbLywNHMvB+Yf+Nm6ctyXXFLV4WTNnzs7
+.			87381	IN	DNSKEY	257 3 8 AwEAAagAIKlVZrpC6Ia7gEzahOR+9W29euxhJhVVLOyQbSEW0O8gcCjFFVQUTf6v58fLjwBd0YI0EzrAcQqBGCzh/RStIoO8g0NfnfL2MTJRkxoXbfDaUeVPQuYEhg37NZWAJQ9VnMVDxP/VHL496M/QZxkjf5/Efucp2gaDX6RS6CXpoY68LsvPVjR0ZSwzz1apAzvN9dlzEheX7ICJBBtuA6G3LQpzW5hOA2hzCTMjJPJ8LbqF6dsV6DoBQzgul0sGIcGOYl7OyQdXfZ57relSQageu+ipAdTTJ25AsRTAoub8ONGcLmqrAmRLKBP1dfwhYB4N7knNnulqQxA+Uk1ihz0=
+.			87381	IN	RRSIG	DNSKEY 8 0 172800 20150115235959 20150101000000 19036 . i8cAxD2pvQi1oAyvQxRpDfFlbqPzW+69QQEsDwE1eWOm5AtawO9U7lmsGps7sy/fVNvl1ljKBj4Djp9pb3U2FLogjiIlW0cDAkPmLlG9t+b/pjEfBNlhjANUVN06pvQVAfm+LcF26EaWT6FlISBqb6jSy4BHRa3Bdc4Sx7+pRSYSqVVvYxLkfAWsKPqGkvWhebJDndJJV9syXQXgZ+v/uJ+6XOS43xkAdeL8iBzIs/FlwMTfh3tVe3d0lb65IBBLlCzeQuetX+0Vu1YFcnD0mHc/wS2ZnAV5toAFmyVQBoY/XAZiZeaOkcROJ6Zmqezy7liwK7BqsYyAZntMhk8lbg==
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 883 bytes
+
+###############################################
+
diff --git a/src/test/resources/recordings/org_xbill_DNS_dnssec_TestPriming/testRootDnskeyPrimeResponseWithNxDomainIsBad b/src/test/resources/recordings/org_xbill_DNS_dnssec_TestPriming/testRootDnskeyPrimeResponseWithNxDomainIsBad
new file mode 100644
index 000000000..73a40852f
--- /dev/null
+++ b/src/test/resources/recordings/org_xbill_DNS_dnssec_TestPriming/testRootDnskeyPrimeResponseWithNxDomainIsBad
@@ -0,0 +1,23 @@
+#Date: 2015-01-06T22:34:51+01:00
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 24908
+;; flags: qr aa rd ra cd ; qd: 1 an: 2 au: 2 ad: 3 
+;; QUESTIONS:
+;;	www.ingotronic.ch., type = A, class = IN
+
+;; ANSWERS:
+www.ingotronic.ch.	300	IN	A	127.0.0.1
+www.ingotronic.ch.	300	IN	RRSIG	A 5 3 300 20150125012443 20141226010256 17430 ingotronic.ch. hkD2bkHZKHoJX8cg69j6l1JXE7iYlVFc0iMo3/3hcq4TqieiT2El/9DLfMSxa7XyB/HRDG5Ul61E56pwlCDdxkwemtAuTzjCpqAtvQ5l5OEtTM4i6nijKBkRRzHjh99qDI1jh9GFv3jkTk5m7iaMQemUB4VTjKGLcZHXvWmQLbg=
+
+;; AUTHORITY RECORDS:
+ingotronic.ch.		300	IN	NS	ns1.ingotronic.ch.
+ingotronic.ch.		300	IN	RRSIG	NS 5 2 300 20150125000532 20141225234703 17430 ingotronic.ch. VuzVJM3McSHlcdngCG/G23zCikq8tXE0CZV2ZSgUFXXFMIEoM6PMi1QRQ/8VF3tee4WGpRx2jhtkui0wFRFfwIhW7G1uPDT4qogaR3KLIyuCEsMxhRH3WJZNrLmLqlSBGvd9OBJwbmryqm3Zzqvrk+E+rh8OJeifnBBpHAX4eHg=
+
+;; ADDITIONAL RECORDS:
+ns1.ingotronic.ch.	300	IN	A	62.192.5.131
+ns1.ingotronic.ch.	300	IN	RRSIG	A 5 3 300 20150125005754 20141226001054 17430 ingotronic.ch. fNG1RZM53pXwBxruHNaSZszxVzNLoCq8VZsTjAzYH2vSLzHXYVGJFTLIeY0K9APAdyJU8WuwmABmn7XY0Kg39kRG77uoFlqUws2PdTz2QKOwJGZY7W88Ak2Y9lkDBcK8o3wJHVptrT8R7p/1U7UfjF0kqPUkakk2B0EbFWdagFg=
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 615 bytes
+
+###############################################
+
diff --git a/src/test/resources/recordings/org_xbill_DNS_dnssec_TestTrustAnchorLoading/testInitializingWithEmptyConfigDoesNotFail b/src/test/resources/recordings/org_xbill_DNS_dnssec_TestTrustAnchorLoading/testInitializingWithEmptyConfigDoesNotFail
new file mode 100644
index 000000000..6404d40e6
--- /dev/null
+++ b/src/test/resources/recordings/org_xbill_DNS_dnssec_TestTrustAnchorLoading/testInitializingWithEmptyConfigDoesNotFail
@@ -0,0 +1 @@
+#Date: 2015-01-06T22:35:27+01:00
diff --git a/src/test/resources/recordings/org_xbill_DNS_dnssec_TestTrustAnchorLoading/testInitializingWithNonExistingFileThrows b/src/test/resources/recordings/org_xbill_DNS_dnssec_TestTrustAnchorLoading/testInitializingWithNonExistingFileThrows
new file mode 100644
index 000000000..6404d40e6
--- /dev/null
+++ b/src/test/resources/recordings/org_xbill_DNS_dnssec_TestTrustAnchorLoading/testInitializingWithNonExistingFileThrows
@@ -0,0 +1 @@
+#Date: 2015-01-06T22:35:27+01:00
diff --git a/src/test/resources/recordings/org_xbill_DNS_dnssec_TestTrustAnchorLoading/testInsecureWithEmptyTrustAnchor b/src/test/resources/recordings/org_xbill_DNS_dnssec_TestTrustAnchorLoading/testInsecureWithEmptyTrustAnchor
new file mode 100644
index 000000000..1c151a9c1
--- /dev/null
+++ b/src/test/resources/recordings/org_xbill_DNS_dnssec_TestTrustAnchorLoading/testInsecureWithEmptyTrustAnchor
@@ -0,0 +1,23 @@
+#Date: 2015-01-06T22:35:27+01:00
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 33750
+;; flags: qr aa rd ra cd ; qd: 1 an: 2 au: 2 ad: 3 
+;; QUESTIONS:
+;;	www.ingotronic.ch., type = A, class = IN
+
+;; ANSWERS:
+www.ingotronic.ch.	300	IN	A	127.0.0.1
+www.ingotronic.ch.	300	IN	RRSIG	A 5 3 300 20150125012443 20141226010256 17430 ingotronic.ch. hkD2bkHZKHoJX8cg69j6l1JXE7iYlVFc0iMo3/3hcq4TqieiT2El/9DLfMSxa7XyB/HRDG5Ul61E56pwlCDdxkwemtAuTzjCpqAtvQ5l5OEtTM4i6nijKBkRRzHjh99qDI1jh9GFv3jkTk5m7iaMQemUB4VTjKGLcZHXvWmQLbg=
+
+;; AUTHORITY RECORDS:
+ingotronic.ch.		300	IN	NS	ns1.ingotronic.ch.
+ingotronic.ch.		300	IN	RRSIG	NS 5 2 300 20150125000532 20141225234703 17430 ingotronic.ch. VuzVJM3McSHlcdngCG/G23zCikq8tXE0CZV2ZSgUFXXFMIEoM6PMi1QRQ/8VF3tee4WGpRx2jhtkui0wFRFfwIhW7G1uPDT4qogaR3KLIyuCEsMxhRH3WJZNrLmLqlSBGvd9OBJwbmryqm3Zzqvrk+E+rh8OJeifnBBpHAX4eHg=
+
+;; ADDITIONAL RECORDS:
+ns1.ingotronic.ch.	300	IN	A	62.192.5.131
+ns1.ingotronic.ch.	300	IN	RRSIG	A 5 3 300 20150125005754 20141226001054 17430 ingotronic.ch. fNG1RZM53pXwBxruHNaSZszxVzNLoCq8VZsTjAzYH2vSLzHXYVGJFTLIeY0K9APAdyJU8WuwmABmn7XY0Kg39kRG77uoFlqUws2PdTz2QKOwJGZY7W88Ak2Y9lkDBcK8o3wJHVptrT8R7p/1U7UfjF0kqPUkakk2B0EbFWdagFg=
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 615 bytes
+
+###############################################
+
diff --git a/src/test/resources/recordings/org_xbill_DNS_dnssec_TestTrustAnchorLoading/testLoadEmptyTrustAnchors b/src/test/resources/recordings/org_xbill_DNS_dnssec_TestTrustAnchorLoading/testLoadEmptyTrustAnchors
new file mode 100644
index 000000000..6404d40e6
--- /dev/null
+++ b/src/test/resources/recordings/org_xbill_DNS_dnssec_TestTrustAnchorLoading/testLoadEmptyTrustAnchors
@@ -0,0 +1 @@
+#Date: 2015-01-06T22:35:27+01:00
diff --git a/src/test/resources/recordings/org_xbill_DNS_dnssec_TestTrustAnchorLoading/testLoadRootTrustAnchorWithDNSKEY b/src/test/resources/recordings/org_xbill_DNS_dnssec_TestTrustAnchorLoading/testLoadRootTrustAnchorWithDNSKEY
new file mode 100644
index 000000000..bf5ce0ec1
--- /dev/null
+++ b/src/test/resources/recordings/org_xbill_DNS_dnssec_TestTrustAnchorLoading/testLoadRootTrustAnchorWithDNSKEY
@@ -0,0 +1,160 @@
+#Date: 2015-01-06T22:35:27+01:00
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 40286
+;; flags: qr rd ra ad cd ; qd: 1 an: 4 au: 0 ad: 1 
+;; QUESTIONS:
+;;	., type = DNSKEY, class = IN
+
+;; ANSWERS:
+.			87346	IN	DNSKEY	257 3 8 AwEAAagAIKlVZrpC6Ia7gEzahOR+9W29euxhJhVVLOyQbSEW0O8gcCjFFVQUTf6v58fLjwBd0YI0EzrAcQqBGCzh/RStIoO8g0NfnfL2MTJRkxoXbfDaUeVPQuYEhg37NZWAJQ9VnMVDxP/VHL496M/QZxkjf5/Efucp2gaDX6RS6CXpoY68LsvPVjR0ZSwzz1apAzvN9dlzEheX7ICJBBtuA6G3LQpzW5hOA2hzCTMjJPJ8LbqF6dsV6DoBQzgul0sGIcGOYl7OyQdXfZ57relSQageu+ipAdTTJ25AsRTAoub8ONGcLmqrAmRLKBP1dfwhYB4N7knNnulqQxA+Uk1ihz0=
+.			87346	IN	DNSKEY	256 3 8 AwEAAe3fSrbLBy3LOS7pnxEUhvPZTE2H5dIGsI/UfruI/nOEvWWa/PSX2BFedBkEqOlYdjdNF2f+6lmfk2Od/xu0v5bVqxFE+/24v3hZSlWBxvXzPTAGHrbW/IJYEPqlzVOAS4XdUgHg0N7IbLywNHMvB+Yf+Nm6ctyXXFLV4WTNnzs7
+.			87346	IN	DNSKEY	256 3 8 AwEAAaPD7Y7XIi1MOEREJNTrRhyqsY3gff6JWzg+XCbqut1sbcbvqyssHw8DT1AkRaAC92pO8xuyq5QEgEPL1IHfABLwpwXI5gTj4gdwi86bpkmlWs9fRpnn4DPDCTdrnxIejJXgClHikLJF3u3CdpNCMijq4CKdQbMlRZ3avv+G7rh7
+.			87346	IN	RRSIG	DNSKEY 8 0 172800 20150115235959 20150101000000 19036 . i8cAxD2pvQi1oAyvQxRpDfFlbqPzW+69QQEsDwE1eWOm5AtawO9U7lmsGps7sy/fVNvl1ljKBj4Djp9pb3U2FLogjiIlW0cDAkPmLlG9t+b/pjEfBNlhjANUVN06pvQVAfm+LcF26EaWT6FlISBqb6jSy4BHRa3Bdc4Sx7+pRSYSqVVvYxLkfAWsKPqGkvWhebJDndJJV9syXQXgZ+v/uJ+6XOS43xkAdeL8iBzIs/FlwMTfh3tVe3d0lb65IBBLlCzeQuetX+0Vu1YFcnD0mHc/wS2ZnAV5toAFmyVQBoY/XAZiZeaOkcROJ6Zmqezy7liwK7BqsYyAZntMhk8lbg==
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 883 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 46375
+;; flags: qr rd ra ad cd ; qd: 1 an: 4 au: 0 ad: 1 
+;; QUESTIONS:
+;;	., type = DNSKEY, class = IN
+
+;; ANSWERS:
+.			87346	IN	DNSKEY	257 3 8 AwEAAagAIKlVZrpC6Ia7gEzahOR+9W29euxhJhVVLOyQbSEW0O8gcCjFFVQUTf6v58fLjwBd0YI0EzrAcQqBGCzh/RStIoO8g0NfnfL2MTJRkxoXbfDaUeVPQuYEhg37NZWAJQ9VnMVDxP/VHL496M/QZxkjf5/Efucp2gaDX6RS6CXpoY68LsvPVjR0ZSwzz1apAzvN9dlzEheX7ICJBBtuA6G3LQpzW5hOA2hzCTMjJPJ8LbqF6dsV6DoBQzgul0sGIcGOYl7OyQdXfZ57relSQageu+ipAdTTJ25AsRTAoub8ONGcLmqrAmRLKBP1dfwhYB4N7knNnulqQxA+Uk1ihz0=
+.			87346	IN	DNSKEY	256 3 8 AwEAAaPD7Y7XIi1MOEREJNTrRhyqsY3gff6JWzg+XCbqut1sbcbvqyssHw8DT1AkRaAC92pO8xuyq5QEgEPL1IHfABLwpwXI5gTj4gdwi86bpkmlWs9fRpnn4DPDCTdrnxIejJXgClHikLJF3u3CdpNCMijq4CKdQbMlRZ3avv+G7rh7
+.			87346	IN	DNSKEY	256 3 8 AwEAAe3fSrbLBy3LOS7pnxEUhvPZTE2H5dIGsI/UfruI/nOEvWWa/PSX2BFedBkEqOlYdjdNF2f+6lmfk2Od/xu0v5bVqxFE+/24v3hZSlWBxvXzPTAGHrbW/IJYEPqlzVOAS4XdUgHg0N7IbLywNHMvB+Yf+Nm6ctyXXFLV4WTNnzs7
+.			87346	IN	RRSIG	DNSKEY 8 0 172800 20150115235959 20150101000000 19036 . i8cAxD2pvQi1oAyvQxRpDfFlbqPzW+69QQEsDwE1eWOm5AtawO9U7lmsGps7sy/fVNvl1ljKBj4Djp9pb3U2FLogjiIlW0cDAkPmLlG9t+b/pjEfBNlhjANUVN06pvQVAfm+LcF26EaWT6FlISBqb6jSy4BHRa3Bdc4Sx7+pRSYSqVVvYxLkfAWsKPqGkvWhebJDndJJV9syXQXgZ+v/uJ+6XOS43xkAdeL8iBzIs/FlwMTfh3tVe3d0lb65IBBLlCzeQuetX+0Vu1YFcnD0mHc/wS2ZnAV5toAFmyVQBoY/XAZiZeaOkcROJ6Zmqezy7liwK7BqsYyAZntMhk8lbg==
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 883 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 46387
+;; flags: qr aa rd ra cd ; qd: 1 an: 2 au: 2 ad: 3 
+;; QUESTIONS:
+;;	www.ingotronic.ch., type = A, class = IN
+
+;; ANSWERS:
+www.ingotronic.ch.	300	IN	A	127.0.0.1
+www.ingotronic.ch.	300	IN	RRSIG	A 5 3 300 20150125012443 20141226010256 17430 ingotronic.ch. hkD2bkHZKHoJX8cg69j6l1JXE7iYlVFc0iMo3/3hcq4TqieiT2El/9DLfMSxa7XyB/HRDG5Ul61E56pwlCDdxkwemtAuTzjCpqAtvQ5l5OEtTM4i6nijKBkRRzHjh99qDI1jh9GFv3jkTk5m7iaMQemUB4VTjKGLcZHXvWmQLbg=
+
+;; AUTHORITY RECORDS:
+ingotronic.ch.		300	IN	NS	ns1.ingotronic.ch.
+ingotronic.ch.		300	IN	RRSIG	NS 5 2 300 20150125000532 20141225234703 17430 ingotronic.ch. VuzVJM3McSHlcdngCG/G23zCikq8tXE0CZV2ZSgUFXXFMIEoM6PMi1QRQ/8VF3tee4WGpRx2jhtkui0wFRFfwIhW7G1uPDT4qogaR3KLIyuCEsMxhRH3WJZNrLmLqlSBGvd9OBJwbmryqm3Zzqvrk+E+rh8OJeifnBBpHAX4eHg=
+
+;; ADDITIONAL RECORDS:
+ns1.ingotronic.ch.	300	IN	A	62.192.5.131
+ns1.ingotronic.ch.	300	IN	RRSIG	A 5 3 300 20150125005754 20141226001054 17430 ingotronic.ch. fNG1RZM53pXwBxruHNaSZszxVzNLoCq8VZsTjAzYH2vSLzHXYVGJFTLIeY0K9APAdyJU8WuwmABmn7XY0Kg39kRG77uoFlqUws2PdTz2QKOwJGZY7W88Ak2Y9lkDBcK8o3wJHVptrT8R7p/1U7UfjF0kqPUkakk2B0EbFWdagFg=
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 615 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 32118
+;; flags: qr rd ra ad cd ; qd: 1 an: 4 au: 0 ad: 1 
+;; QUESTIONS:
+;;	., type = DNSKEY, class = IN
+
+;; ANSWERS:
+.			87346	IN	DNSKEY	256 3 8 AwEAAe3fSrbLBy3LOS7pnxEUhvPZTE2H5dIGsI/UfruI/nOEvWWa/PSX2BFedBkEqOlYdjdNF2f+6lmfk2Od/xu0v5bVqxFE+/24v3hZSlWBxvXzPTAGHrbW/IJYEPqlzVOAS4XdUgHg0N7IbLywNHMvB+Yf+Nm6ctyXXFLV4WTNnzs7
+.			87346	IN	DNSKEY	257 3 8 AwEAAagAIKlVZrpC6Ia7gEzahOR+9W29euxhJhVVLOyQbSEW0O8gcCjFFVQUTf6v58fLjwBd0YI0EzrAcQqBGCzh/RStIoO8g0NfnfL2MTJRkxoXbfDaUeVPQuYEhg37NZWAJQ9VnMVDxP/VHL496M/QZxkjf5/Efucp2gaDX6RS6CXpoY68LsvPVjR0ZSwzz1apAzvN9dlzEheX7ICJBBtuA6G3LQpzW5hOA2hzCTMjJPJ8LbqF6dsV6DoBQzgul0sGIcGOYl7OyQdXfZ57relSQageu+ipAdTTJ25AsRTAoub8ONGcLmqrAmRLKBP1dfwhYB4N7knNnulqQxA+Uk1ihz0=
+.			87346	IN	DNSKEY	256 3 8 AwEAAaPD7Y7XIi1MOEREJNTrRhyqsY3gff6JWzg+XCbqut1sbcbvqyssHw8DT1AkRaAC92pO8xuyq5QEgEPL1IHfABLwpwXI5gTj4gdwi86bpkmlWs9fRpnn4DPDCTdrnxIejJXgClHikLJF3u3CdpNCMijq4CKdQbMlRZ3avv+G7rh7
+.			87346	IN	RRSIG	DNSKEY 8 0 172800 20150115235959 20150101000000 19036 . i8cAxD2pvQi1oAyvQxRpDfFlbqPzW+69QQEsDwE1eWOm5AtawO9U7lmsGps7sy/fVNvl1ljKBj4Djp9pb3U2FLogjiIlW0cDAkPmLlG9t+b/pjEfBNlhjANUVN06pvQVAfm+LcF26EaWT6FlISBqb6jSy4BHRa3Bdc4Sx7+pRSYSqVVvYxLkfAWsKPqGkvWhebJDndJJV9syXQXgZ+v/uJ+6XOS43xkAdeL8iBzIs/FlwMTfh3tVe3d0lb65IBBLlCzeQuetX+0Vu1YFcnD0mHc/wS2ZnAV5toAFmyVQBoY/XAZiZeaOkcROJ6Zmqezy7liwK7BqsYyAZntMhk8lbg==
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 883 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 2082
+;; flags: qr rd ra ad cd ; qd: 1 an: 2 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ch., type = DS, class = IN
+
+;; ANSWERS:
+ch.			946	IN	DS	46375 8 2 8F96646FC68BB7E4AF4C0750A6096FBC0D4ECDA3D3FA6DA06FDDB42EE50C6CF3
+ch.			946	IN	RRSIG	DS 8 1 86400 20150112170000 20150105160000 16665 . thY7xYWBBxiBjqbQIb9fAG4TmQgnziwM7q6P1T3/ITxmECdvOCQnnZA3uD7qmN8uM0HudsD7+y+zgD3rsH4RSTKdL4kHSI0OnCxToMTvklghEgFDezqIRm8NkWdI2H4Stwrj20nYKSpLQxPI2EE54gs18P3KyO8bAUYv8Qx73xU=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 238 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 29359
+;; flags: qr rd ra ad cd ; qd: 1 an: 4 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ch., type = DNSKEY, class = IN
+
+;; ANSWERS:
+ch.			947	IN	DNSKEY	257 3 8 AwEAAb7GhhZ8IAy/AhwmSms5DeQK5ad09wIIplEpYoiAIYXPtJvT1ReFzyfTp/2YP+g/PWDwHPh4qKAHa9x0VgbIQcGAeNakmfkAdWEmCnca323/SAml3mwfaX62G7/uYWae5zh8QTxZKNd+K1yZ5x0IxnI31chSl5xymRbTEHYZDKwSIRFM3fTxUMt93WFaBVWELReYotJBr++rvAWdnlay5TPBTvheLBkaiqtgM4GP8HK07Y+86lsZnEsj5K3G1KTV5SPpa82rqYAwxG9VKbmSE/6/kBR5jJHjt1rRt5Oe7v18aEtw0YCEN4vxq+KuvMoNVqXUsE9LBwHJD+QNwi6wmB0=
+ch.			947	IN	DNSKEY	256 3 8 AwEAAcsg0kY6fw1wzYMhSAKTy+Y2JzAst66P/1odp9NECJJHbU8f4nwziI3onoFSBV0ZiSZhY1aH5dhdDZ7BkrqhVXSrZPAz0CvzjIxmB1gSOf9DeZvjQvoy97HqYolxsf+B3QQv2RKBT67elF5+JisKg3/dQISelKn8LhabSoVrMlD1
+ch.			947	IN	DNSKEY	256 3 8 AwEAAcSLdT0fEmcFmLpeUkAJoeVaHKiu+nbuc43fWlqaCRVf8t2HA4uWxOk0O5ci9nrFTc8nq8oa5fk5Cj7CHh4yrX9qUCfTdIWTyp8BDEdJpS+Dyb0u9wQuVj+nQMj4fLzdQf4TJs3/qxuiLr3nL1UUwlhhXeqSqGVb7p3mtB5HJ8ad
+ch.			947	IN	RRSIG	DNSKEY 8 1 86400 20150127100909 20141212090909 46375 ch. bT8q0FWyeMH0SulNo6UdIIgZYNATwYsee2bikq2Gh339Bufma8eaqWIPYT3XKmxYPBFOw0bVl+kLZxTwbR1CFoCDXoP+qgQhh4mf9qkNiv2CDSc+0FE3FRREn+DAhYTUEuB58FPiPakFB8s8O7T+k2qhDae7jy4/y7Jl1lnjaBY8s7bzOUPhF0KKCNZmvoKwtL23ZdVeTSV1xM3jkiNnpzBKbcoSWECSGJVp1SE0BnRXdwQP41YTXFZ0310YjaTAUCC5qbMIWdEkHjfdSQtKBImnc85mkapq9w++XQ4zhauPWBtrPV3CcoCahjUaWdjrKVkibomlJZaN8MEO23CfQw==
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 893 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 60271
+;; flags: qr rd ra cd ; qd: 1 an: 3 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ingotronic.ch., type = DS, class = IN
+
+;; ANSWERS:
+ingotronic.ch.		3555	IN	DS	6031 5 2 4A948F2FDADA24686E473EDAC00DCF972584C75E3FAA92C2021B6221449FF87E
+ingotronic.ch.		3555	IN	DS	6031 5 1 733D0218B571CD617B1A7493564B9FC4F12ADE82
+ingotronic.ch.		3555	IN	RRSIG	DS 8 2 3600 20150129033614 20150105123019 60789 ch. rVPJP2HhzW7OkroK2axFj5Lb4iVWCH8Fp/Iq1rF952NDo72b8RiKje2RaAKJAGQ+wd0YgE+PAej04GCmkhlDJA/zvPeeTxuhy3HbJzReMlQ7fjyH+wW1hli+FuIYvogXWf7nO/9VyPORt8X/f/pjrOr3Vlj9sGLN8TGYpEuVSw4=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 288 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 32326
+;; flags: qr aa rd ra cd ; qd: 1 an: 4 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ingotronic.ch., type = DNSKEY, class = IN
+
+;; ANSWERS:
+ingotronic.ch.		300	IN	DNSKEY	256 3 5 AwEAAZ2Xh77GFzpEDx7EHYxShqltHgkiG+BOjBGifEmnJhQSdE5/yNSLFNcdhZZ8HUPxYnaedTqJcFFg4AzUsQklF/fECegTJdZjaj2WoL0/I8K7HMfY/hVuRZUWPNglYi8agJRX6gdkFTCpUNI7stpgKqxtzUJhhw15uG/lKMplwqUr
+ingotronic.ch.		300	IN	DNSKEY	257 3 5 AwEAAeA1vzmjaB+eBAcvhzpKEgAEFpvQ1rg4uKDW6MsQtacKoqBpgyep2+LuWotz5p/xYxj3NGsArwN8Ad5cY0FHRr8miTT0elOv6nvlqGIfRuhj/BXAQ1x4ihpSFslHw0lJMYFwxsUZWpUyjWX/nv1xRZMMwF46gui0N4OEbyTYusCk77D+A71k+K0EAitFIbIH4GCUKmH1H7HmXhSVH9bN/n7KEGwW32lmsuuUcJoRKDkcUvbMXY/9Xoa2quERrUg/rBbDUHowRPjYDS5GzY1+f4YY8s40BufGiqyUTKKXL953MVFK8gmezXA0hbmrnZ7CBOw/7238mORAdzExaX8n7CE=
+ingotronic.ch.		300	IN	RRSIG	DNSKEY 5 2 300 20150125003700 20141226001657 6031 ingotronic.ch. rs1QlP2SlSpA2ELbzwg3DgWLzXWL3Lpv6CUJE2Q0qH2Zp7Qdy3cD+ZEtNh9v24Qv1M6JJ3zFt8mmZoCeW2ycuMbJCqBkW9CBuwF+VznZvZY2MxwPipvhvEEGP//0M8YAZJ66yQPDv3PTdAP8FYbIrJyvY44vwyncwbslpfHT9jAsrbfr3vuMuWps86dnP462q+0s1TxBfqi8mzo3gdavjHKWVNwohLahLKT+tWeu6DSzQv0YwMjwtkLgF7QRgx3ctIIkloOrnx9nHH1N6y+hxEB89fOlyVDjHhgL5uVtsD5fEdT0FJ2Gc/2nShEMMqIwr1/J9kUq1mNySff/uEe65Q==
+ingotronic.ch.		300	IN	RRSIG	DNSKEY 5 2 300 20150125003700 20141226001657 17430 ingotronic.ch. mEwZjhQqeWksWD0TCnNBrtce4YkWJL3edqL6PvAUu8Fn+Ih437kEs3+pqdkgRsdYQ9HW+lBm/8pWwJlNAv0bi9NykItXMwAUFtncgq+6Pnh3iAM972GXSa5VV4LcGQ5b8CBdHCHiEKDqyPv5Hr5QfYL/FQaWlcNRh4QZZlZNPFA=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 940 bytes
+
+###############################################
+
diff --git a/src/test/resources/recordings/org_xbill_DNS_dnssec_TestTrustAnchorLoading/testLoadRootTrustAnchorWithInvalidDNSKEY b/src/test/resources/recordings/org_xbill_DNS_dnssec_TestTrustAnchorLoading/testLoadRootTrustAnchorWithInvalidDNSKEY
new file mode 100644
index 000000000..821f94804
--- /dev/null
+++ b/src/test/resources/recordings/org_xbill_DNS_dnssec_TestTrustAnchorLoading/testLoadRootTrustAnchorWithInvalidDNSKEY
@@ -0,0 +1,43 @@
+#Date: 2015-01-06T22:35:27+01:00
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 6910
+;; flags: qr aa rd ra cd ; qd: 1 an: 2 au: 2 ad: 3 
+;; QUESTIONS:
+;;	www.ingotronic.ch., type = A, class = IN
+
+;; ANSWERS:
+www.ingotronic.ch.	300	IN	A	127.0.0.1
+www.ingotronic.ch.	300	IN	RRSIG	A 5 3 300 20150125012443 20141226010256 17430 ingotronic.ch. hkD2bkHZKHoJX8cg69j6l1JXE7iYlVFc0iMo3/3hcq4TqieiT2El/9DLfMSxa7XyB/HRDG5Ul61E56pwlCDdxkwemtAuTzjCpqAtvQ5l5OEtTM4i6nijKBkRRzHjh99qDI1jh9GFv3jkTk5m7iaMQemUB4VTjKGLcZHXvWmQLbg=
+
+;; AUTHORITY RECORDS:
+ingotronic.ch.		300	IN	NS	ns1.ingotronic.ch.
+ingotronic.ch.		300	IN	RRSIG	NS 5 2 300 20150125000532 20141225234703 17430 ingotronic.ch. VuzVJM3McSHlcdngCG/G23zCikq8tXE0CZV2ZSgUFXXFMIEoM6PMi1QRQ/8VF3tee4WGpRx2jhtkui0wFRFfwIhW7G1uPDT4qogaR3KLIyuCEsMxhRH3WJZNrLmLqlSBGvd9OBJwbmryqm3Zzqvrk+E+rh8OJeifnBBpHAX4eHg=
+
+;; ADDITIONAL RECORDS:
+ns1.ingotronic.ch.	300	IN	A	62.192.5.131
+ns1.ingotronic.ch.	300	IN	RRSIG	A 5 3 300 20150125005754 20141226001054 17430 ingotronic.ch. fNG1RZM53pXwBxruHNaSZszxVzNLoCq8VZsTjAzYH2vSLzHXYVGJFTLIeY0K9APAdyJU8WuwmABmn7XY0Kg39kRG77uoFlqUws2PdTz2QKOwJGZY7W88Ak2Y9lkDBcK8o3wJHVptrT8R7p/1U7UfjF0kqPUkakk2B0EbFWdagFg=
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 615 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 53829
+;; flags: qr rd ra ad cd ; qd: 1 an: 4 au: 0 ad: 1 
+;; QUESTIONS:
+;;	., type = DNSKEY, class = IN
+
+;; ANSWERS:
+.			87346	IN	DNSKEY	257 3 8 AwEAAagAIKlVZrpC6Ia7gEzahOR+9W29euxhJhVVLOyQbSEW0O8gcCjFFVQUTf6v58fLjwBd0YI0EzrAcQqBGCzh/RStIoO8g0NfnfL2MTJRkxoXbfDaUeVPQuYEhg37NZWAJQ9VnMVDxP/VHL496M/QZxkjf5/Efucp2gaDX6RS6CXpoY68LsvPVjR0ZSwzz1apAzvN9dlzEheX7ICJBBtuA6G3LQpzW5hOA2hzCTMjJPJ8LbqF6dsV6DoBQzgul0sGIcGOYl7OyQdXfZ57relSQageu+ipAdTTJ25AsRTAoub8ONGcLmqrAmRLKBP1dfwhYB4N7knNnulqQxA+Uk1ihz0=
+.			87346	IN	DNSKEY	256 3 8 AwEAAaPD7Y7XIi1MOEREJNTrRhyqsY3gff6JWzg+XCbqut1sbcbvqyssHw8DT1AkRaAC92pO8xuyq5QEgEPL1IHfABLwpwXI5gTj4gdwi86bpkmlWs9fRpnn4DPDCTdrnxIejJXgClHikLJF3u3CdpNCMijq4CKdQbMlRZ3avv+G7rh7
+.			87346	IN	DNSKEY	256 3 8 AwEAAe3fSrbLBy3LOS7pnxEUhvPZTE2H5dIGsI/UfruI/nOEvWWa/PSX2BFedBkEqOlYdjdNF2f+6lmfk2Od/xu0v5bVqxFE+/24v3hZSlWBxvXzPTAGHrbW/IJYEPqlzVOAS4XdUgHg0N7IbLywNHMvB+Yf+Nm6ctyXXFLV4WTNnzs7
+.			87346	IN	RRSIG	DNSKEY 8 0 172800 20150115235959 20150101000000 19036 . i8cAxD2pvQi1oAyvQxRpDfFlbqPzW+69QQEsDwE1eWOm5AtawO9U7lmsGps7sy/fVNvl1ljKBj4Djp9pb3U2FLogjiIlW0cDAkPmLlG9t+b/pjEfBNlhjANUVN06pvQVAfm+LcF26EaWT6FlISBqb6jSy4BHRa3Bdc4Sx7+pRSYSqVVvYxLkfAWsKPqGkvWhebJDndJJV9syXQXgZ+v/uJ+6XOS43xkAdeL8iBzIs/FlwMTfh3tVe3d0lb65IBBLlCzeQuetX+0Vu1YFcnD0mHc/wS2ZnAV5toAFmyVQBoY/XAZiZeaOkcROJ6Zmqezy7liwK7BqsYyAZntMhk8lbg==
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 883 bytes
+
+###############################################
+
diff --git a/src/test/resources/recordings/org_xbill_DNS_dnssec_TestTrustAnchorLoading/testLoadRootTrustAnchorWithInvalidDS b/src/test/resources/recordings/org_xbill_DNS_dnssec_TestTrustAnchorLoading/testLoadRootTrustAnchorWithInvalidDS
new file mode 100644
index 000000000..2663e46c7
--- /dev/null
+++ b/src/test/resources/recordings/org_xbill_DNS_dnssec_TestTrustAnchorLoading/testLoadRootTrustAnchorWithInvalidDS
@@ -0,0 +1,43 @@
+#Date: 2015-01-06T22:35:27+01:00
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 198
+;; flags: qr aa rd ra cd ; qd: 1 an: 2 au: 2 ad: 3 
+;; QUESTIONS:
+;;	www.ingotronic.ch., type = A, class = IN
+
+;; ANSWERS:
+www.ingotronic.ch.	300	IN	A	127.0.0.1
+www.ingotronic.ch.	300	IN	RRSIG	A 5 3 300 20150125012443 20141226010256 17430 ingotronic.ch. hkD2bkHZKHoJX8cg69j6l1JXE7iYlVFc0iMo3/3hcq4TqieiT2El/9DLfMSxa7XyB/HRDG5Ul61E56pwlCDdxkwemtAuTzjCpqAtvQ5l5OEtTM4i6nijKBkRRzHjh99qDI1jh9GFv3jkTk5m7iaMQemUB4VTjKGLcZHXvWmQLbg=
+
+;; AUTHORITY RECORDS:
+ingotronic.ch.		300	IN	NS	ns1.ingotronic.ch.
+ingotronic.ch.		300	IN	RRSIG	NS 5 2 300 20150125000532 20141225234703 17430 ingotronic.ch. VuzVJM3McSHlcdngCG/G23zCikq8tXE0CZV2ZSgUFXXFMIEoM6PMi1QRQ/8VF3tee4WGpRx2jhtkui0wFRFfwIhW7G1uPDT4qogaR3KLIyuCEsMxhRH3WJZNrLmLqlSBGvd9OBJwbmryqm3Zzqvrk+E+rh8OJeifnBBpHAX4eHg=
+
+;; ADDITIONAL RECORDS:
+ns1.ingotronic.ch.	300	IN	A	62.192.5.131
+ns1.ingotronic.ch.	300	IN	RRSIG	A 5 3 300 20150125005754 20141226001054 17430 ingotronic.ch. fNG1RZM53pXwBxruHNaSZszxVzNLoCq8VZsTjAzYH2vSLzHXYVGJFTLIeY0K9APAdyJU8WuwmABmn7XY0Kg39kRG77uoFlqUws2PdTz2QKOwJGZY7W88Ak2Y9lkDBcK8o3wJHVptrT8R7p/1U7UfjF0kqPUkakk2B0EbFWdagFg=
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 615 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 7218
+;; flags: qr rd ra ad cd ; qd: 1 an: 4 au: 0 ad: 1 
+;; QUESTIONS:
+;;	., type = DNSKEY, class = IN
+
+;; ANSWERS:
+.			87346	IN	DNSKEY	256 3 8 AwEAAaPD7Y7XIi1MOEREJNTrRhyqsY3gff6JWzg+XCbqut1sbcbvqyssHw8DT1AkRaAC92pO8xuyq5QEgEPL1IHfABLwpwXI5gTj4gdwi86bpkmlWs9fRpnn4DPDCTdrnxIejJXgClHikLJF3u3CdpNCMijq4CKdQbMlRZ3avv+G7rh7
+.			87346	IN	DNSKEY	256 3 8 AwEAAe3fSrbLBy3LOS7pnxEUhvPZTE2H5dIGsI/UfruI/nOEvWWa/PSX2BFedBkEqOlYdjdNF2f+6lmfk2Od/xu0v5bVqxFE+/24v3hZSlWBxvXzPTAGHrbW/IJYEPqlzVOAS4XdUgHg0N7IbLywNHMvB+Yf+Nm6ctyXXFLV4WTNnzs7
+.			87346	IN	DNSKEY	257 3 8 AwEAAagAIKlVZrpC6Ia7gEzahOR+9W29euxhJhVVLOyQbSEW0O8gcCjFFVQUTf6v58fLjwBd0YI0EzrAcQqBGCzh/RStIoO8g0NfnfL2MTJRkxoXbfDaUeVPQuYEhg37NZWAJQ9VnMVDxP/VHL496M/QZxkjf5/Efucp2gaDX6RS6CXpoY68LsvPVjR0ZSwzz1apAzvN9dlzEheX7ICJBBtuA6G3LQpzW5hOA2hzCTMjJPJ8LbqF6dsV6DoBQzgul0sGIcGOYl7OyQdXfZ57relSQageu+ipAdTTJ25AsRTAoub8ONGcLmqrAmRLKBP1dfwhYB4N7knNnulqQxA+Uk1ihz0=
+.			87346	IN	RRSIG	DNSKEY 8 0 172800 20150115235959 20150101000000 19036 . i8cAxD2pvQi1oAyvQxRpDfFlbqPzW+69QQEsDwE1eWOm5AtawO9U7lmsGps7sy/fVNvl1ljKBj4Djp9pb3U2FLogjiIlW0cDAkPmLlG9t+b/pjEfBNlhjANUVN06pvQVAfm+LcF26EaWT6FlISBqb6jSy4BHRa3Bdc4Sx7+pRSYSqVVvYxLkfAWsKPqGkvWhebJDndJJV9syXQXgZ+v/uJ+6XOS43xkAdeL8iBzIs/FlwMTfh3tVe3d0lb65IBBLlCzeQuetX+0Vu1YFcnD0mHc/wS2ZnAV5toAFmyVQBoY/XAZiZeaOkcROJ6Zmqezy7liwK7BqsYyAZntMhk8lbg==
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 883 bytes
+
+###############################################
+
diff --git a/src/test/resources/recordings/org_xbill_DNS_dnssec_TestTrustAnchorLoading/testLoadRootTrustAnchors b/src/test/resources/recordings/org_xbill_DNS_dnssec_TestTrustAnchorLoading/testLoadRootTrustAnchors
new file mode 100644
index 000000000..6404d40e6
--- /dev/null
+++ b/src/test/resources/recordings/org_xbill_DNS_dnssec_TestTrustAnchorLoading/testLoadRootTrustAnchors
@@ -0,0 +1 @@
+#Date: 2015-01-06T22:35:27+01:00
diff --git a/src/test/resources/recordings/org_xbill_DNS_dnssec_TestTrustAnchorLoading/testLoadRootTrustAnchorsAlongWithGarbage b/src/test/resources/recordings/org_xbill_DNS_dnssec_TestTrustAnchorLoading/testLoadRootTrustAnchorsAlongWithGarbage
new file mode 100644
index 000000000..6404d40e6
--- /dev/null
+++ b/src/test/resources/recordings/org_xbill_DNS_dnssec_TestTrustAnchorLoading/testLoadRootTrustAnchorsAlongWithGarbage
@@ -0,0 +1 @@
+#Date: 2015-01-06T22:35:27+01:00
diff --git a/src/test/resources/recordings/org_xbill_DNS_dnssec_TestTrustAnchorLoading/testLoadRootTrustAnchorsFromFile b/src/test/resources/recordings/org_xbill_DNS_dnssec_TestTrustAnchorLoading/testLoadRootTrustAnchorsFromFile
new file mode 100644
index 000000000..6404d40e6
--- /dev/null
+++ b/src/test/resources/recordings/org_xbill_DNS_dnssec_TestTrustAnchorLoading/testLoadRootTrustAnchorsFromFile
@@ -0,0 +1 @@
+#Date: 2015-01-06T22:35:27+01:00
diff --git a/src/test/resources/recordings/org_xbill_DNS_dnssec_TestUnsigned/testUnsignedBelowSignedTldNsec3NoOptOut b/src/test/resources/recordings/org_xbill_DNS_dnssec_TestUnsigned/testUnsignedBelowSignedTldNsec3NoOptOut
new file mode 100644
index 000000000..26699db52
--- /dev/null
+++ b/src/test/resources/recordings/org_xbill_DNS_dnssec_TestUnsigned/testUnsignedBelowSignedTldNsec3NoOptOut
@@ -0,0 +1,106 @@
+#Date: 2015-01-06T22:35:06+01:00
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 9484
+;; flags: qr rd ra cd ; qd: 1 an: 1 au: 3 ad: 6 
+;; QUESTIONS:
+;;	20min.ch., type = A, class = IN
+
+;; ANSWERS:
+20min.ch.		300	IN	A	83.140.105.62
+
+;; AUTHORITY RECORDS:
+20min.ch.		3587	IN	NS	ns1.first-ns.de.
+20min.ch.		3587	IN	NS	robotns2.second-ns.de.
+20min.ch.		3587	IN	NS	robotns3.second-ns.com.
+
+;; ADDITIONAL RECORDS:
+ns1.first-ns.de.	588	IN	A	213.239.242.238
+ns1.first-ns.de.	287	IN	AAAA	2a01:4f8:0:a101:0:0:a:1
+robotns2.second-ns.de.	1004	IN	A	213.133.105.6
+robotns3.second-ns.com.	7187	IN	A	193.47.99.3
+robotns3.second-ns.com.	587	IN	AAAA	2a00:1158:4:0:0:0:add:a3
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 255 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 30662
+;; flags: qr rd ra ad cd ; qd: 1 an: 4 au: 0 ad: 1 
+;; QUESTIONS:
+;;	., type = DNSKEY, class = IN
+
+;; ANSWERS:
+.			87367	IN	DNSKEY	256 3 8 AwEAAaPD7Y7XIi1MOEREJNTrRhyqsY3gff6JWzg+XCbqut1sbcbvqyssHw8DT1AkRaAC92pO8xuyq5QEgEPL1IHfABLwpwXI5gTj4gdwi86bpkmlWs9fRpnn4DPDCTdrnxIejJXgClHikLJF3u3CdpNCMijq4CKdQbMlRZ3avv+G7rh7
+.			87367	IN	DNSKEY	257 3 8 AwEAAagAIKlVZrpC6Ia7gEzahOR+9W29euxhJhVVLOyQbSEW0O8gcCjFFVQUTf6v58fLjwBd0YI0EzrAcQqBGCzh/RStIoO8g0NfnfL2MTJRkxoXbfDaUeVPQuYEhg37NZWAJQ9VnMVDxP/VHL496M/QZxkjf5/Efucp2gaDX6RS6CXpoY68LsvPVjR0ZSwzz1apAzvN9dlzEheX7ICJBBtuA6G3LQpzW5hOA2hzCTMjJPJ8LbqF6dsV6DoBQzgul0sGIcGOYl7OyQdXfZ57relSQageu+ipAdTTJ25AsRTAoub8ONGcLmqrAmRLKBP1dfwhYB4N7knNnulqQxA+Uk1ihz0=
+.			87367	IN	DNSKEY	256 3 8 AwEAAe3fSrbLBy3LOS7pnxEUhvPZTE2H5dIGsI/UfruI/nOEvWWa/PSX2BFedBkEqOlYdjdNF2f+6lmfk2Od/xu0v5bVqxFE+/24v3hZSlWBxvXzPTAGHrbW/IJYEPqlzVOAS4XdUgHg0N7IbLywNHMvB+Yf+Nm6ctyXXFLV4WTNnzs7
+.			87367	IN	RRSIG	DNSKEY 8 0 172800 20150115235959 20150101000000 19036 . i8cAxD2pvQi1oAyvQxRpDfFlbqPzW+69QQEsDwE1eWOm5AtawO9U7lmsGps7sy/fVNvl1ljKBj4Djp9pb3U2FLogjiIlW0cDAkPmLlG9t+b/pjEfBNlhjANUVN06pvQVAfm+LcF26EaWT6FlISBqb6jSy4BHRa3Bdc4Sx7+pRSYSqVVvYxLkfAWsKPqGkvWhebJDndJJV9syXQXgZ+v/uJ+6XOS43xkAdeL8iBzIs/FlwMTfh3tVe3d0lb65IBBLlCzeQuetX+0Vu1YFcnD0mHc/wS2ZnAV5toAFmyVQBoY/XAZiZeaOkcROJ6Zmqezy7liwK7BqsYyAZntMhk8lbg==
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 883 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 23607
+;; flags: qr rd ra ad cd ; qd: 1 an: 2 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ch., type = DS, class = IN
+
+;; ANSWERS:
+ch.			967	IN	DS	46375 8 2 8F96646FC68BB7E4AF4C0750A6096FBC0D4ECDA3D3FA6DA06FDDB42EE50C6CF3
+ch.			967	IN	RRSIG	DS 8 1 86400 20150112170000 20150105160000 16665 . thY7xYWBBxiBjqbQIb9fAG4TmQgnziwM7q6P1T3/ITxmECdvOCQnnZA3uD7qmN8uM0HudsD7+y+zgD3rsH4RSTKdL4kHSI0OnCxToMTvklghEgFDezqIRm8NkWdI2H4Stwrj20nYKSpLQxPI2EE54gs18P3KyO8bAUYv8Qx73xU=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 238 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 979
+;; flags: qr rd ra ad cd ; qd: 1 an: 4 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ch., type = DNSKEY, class = IN
+
+;; ANSWERS:
+ch.			968	IN	DNSKEY	256 3 8 AwEAAcSLdT0fEmcFmLpeUkAJoeVaHKiu+nbuc43fWlqaCRVf8t2HA4uWxOk0O5ci9nrFTc8nq8oa5fk5Cj7CHh4yrX9qUCfTdIWTyp8BDEdJpS+Dyb0u9wQuVj+nQMj4fLzdQf4TJs3/qxuiLr3nL1UUwlhhXeqSqGVb7p3mtB5HJ8ad
+ch.			968	IN	DNSKEY	257 3 8 AwEAAb7GhhZ8IAy/AhwmSms5DeQK5ad09wIIplEpYoiAIYXPtJvT1ReFzyfTp/2YP+g/PWDwHPh4qKAHa9x0VgbIQcGAeNakmfkAdWEmCnca323/SAml3mwfaX62G7/uYWae5zh8QTxZKNd+K1yZ5x0IxnI31chSl5xymRbTEHYZDKwSIRFM3fTxUMt93WFaBVWELReYotJBr++rvAWdnlay5TPBTvheLBkaiqtgM4GP8HK07Y+86lsZnEsj5K3G1KTV5SPpa82rqYAwxG9VKbmSE/6/kBR5jJHjt1rRt5Oe7v18aEtw0YCEN4vxq+KuvMoNVqXUsE9LBwHJD+QNwi6wmB0=
+ch.			968	IN	DNSKEY	256 3 8 AwEAAcsg0kY6fw1wzYMhSAKTy+Y2JzAst66P/1odp9NECJJHbU8f4nwziI3onoFSBV0ZiSZhY1aH5dhdDZ7BkrqhVXSrZPAz0CvzjIxmB1gSOf9DeZvjQvoy97HqYolxsf+B3QQv2RKBT67elF5+JisKg3/dQISelKn8LhabSoVrMlD1
+ch.			968	IN	RRSIG	DNSKEY 8 1 86400 20150127100909 20141212090909 46375 ch. bT8q0FWyeMH0SulNo6UdIIgZYNATwYsee2bikq2Gh339Bufma8eaqWIPYT3XKmxYPBFOw0bVl+kLZxTwbR1CFoCDXoP+qgQhh4mf9qkNiv2CDSc+0FE3FRREn+DAhYTUEuB58FPiPakFB8s8O7T+k2qhDae7jy4/y7Jl1lnjaBY8s7bzOUPhF0KKCNZmvoKwtL23ZdVeTSV1xM3jkiNnpzBKbcoSWECSGJVp1SE0BnRXdwQP41YTXFZ0310YjaTAUCC5qbMIWdEkHjfdSQtKBImnc85mkapq9w++XQ4zhauPWBtrPV3CcoCahjUaWdjrKVkibomlJZaN8MEO23CfQw==
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 893 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 57818
+;; flags: qr rd ra cd ; qd: 1 an: 0 au: 6 ad: 1 
+;; QUESTIONS:
+;;	20min.ch., type = DS, class = IN
+
+;; ANSWERS:
+
+;; AUTHORITY RECORDS:
+ch.			3588	IN	SOA	a.nic.ch. helpdesk.nic.ch. 2015010622 900 600 1123200 3600
+ch.			3588	IN	RRSIG	SOA 8 1 3600 20150205202115 20150106200400 60789 ch. gXFznlMM50NpTnKf/1GIa8PJjARc4OUJVjVzicybnZieYvXA1bXo9NnFabfSV8+ePmuvKlph1mdmXi4RWeCy75fT2DdWorJpW9/riW+4z0usW0fHNo5d7SLdxuUJGZCd22VM4y1F79crVmAftifagcsKmvDE0B8HrZ/8sH0Y6uQ=
+E5N5J3RCG0FLHRQLGU5G3IN5ROJNRL21.ch.	3588	IN	RRSIG	NSEC3 8 2 3600 20150124000839 20150105123019 60789 ch. HznmGWxQqbLUD5mjv8FHCwSfsNZ0fk4X6vtgyFTA81rVSQs4mUfoopvrBrYHGB0iKz/eeRCgHisH99L7uw/dWUy8h9pTQM4UFmspLjTiVHDNad6COrKnFFywV8E7CwibCd+qcdo4yGME3TbVkH1BbSvzQrUKKKe5eO/hleMvhSk=
+E5N5J3RCG0FLHRQLGU5G3IN5ROJNRL21.ch.	3588	IN	NSEC3	1 1 2 A170C978 E5PB8JRENAJFIO1LLO9ELPG39F787FOL NS DS RRSIG
+G6DPGFANFNS93LVDHH7362IPSUN8DK5T.ch.	3588	IN	RRSIG	NSEC3 8 2 3600 20150124064109 20150105123019 60789 ch. pvd/nB3QKjTbLpxM9H9xcJIwmLnNAJPsXMffmjtAjTbceZ7IfpQHmguLPyJS7awSyEOTAhKmpeaT7m4iHhFm1/X4ybZmUvRSexqskgmGzqK+39cjaPrxc+ghdiUgFSjxv36PhoyM5gYnclTqpwGuFR00HK3av9vnnEKEY7zWtmM=
+G6DPGFANFNS93LVDHH7362IPSUN8DK5T.ch.	3588	IN	NSEC3	1 1 2 A170C978 G6DQNPQ9VP0U8F95714HO3575MPP42V1 NS SOA RRSIG DNSKEY NSEC3PARAM
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 741 bytes
+
+###############################################
+
diff --git a/src/test/resources/recordings/org_xbill_DNS_dnssec_TestUnsigned/testUnsignedBelowSignedTldNsec3OptOut b/src/test/resources/recordings/org_xbill_DNS_dnssec_TestUnsigned/testUnsignedBelowSignedTldNsec3OptOut
new file mode 100644
index 000000000..d0507d386
--- /dev/null
+++ b/src/test/resources/recordings/org_xbill_DNS_dnssec_TestUnsigned/testUnsignedBelowSignedTldNsec3OptOut
@@ -0,0 +1,110 @@
+#Date: 2015-01-06T22:35:06+01:00
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 15612
+;; flags: qr rd ra cd ; qd: 1 an: 3 au: 5 ad: 7 
+;; QUESTIONS:
+;;	yahoo.com., type = A, class = IN
+
+;; ANSWERS:
+yahoo.com.		1800	IN	A	98.138.253.109
+yahoo.com.		1800	IN	A	206.190.36.45
+yahoo.com.		1800	IN	A	98.139.183.24
+
+;; AUTHORITY RECORDS:
+yahoo.com.		87436	IN	NS	ns1.yahoo.com.
+yahoo.com.		87436	IN	NS	ns5.yahoo.com.
+yahoo.com.		87436	IN	NS	ns2.yahoo.com.
+yahoo.com.		87436	IN	NS	ns4.yahoo.com.
+yahoo.com.		87436	IN	NS	ns3.yahoo.com.
+
+;; ADDITIONAL RECORDS:
+ns1.yahoo.com.		87436	IN	A	68.180.131.16
+ns2.yahoo.com.		87436	IN	A	68.142.255.16
+ns3.yahoo.com.		87436	IN	A	203.84.221.53
+ns3.yahoo.com.		1800	IN	AAAA	2406:8600:b8:fe03:0:0:0:1003
+ns4.yahoo.com.		87436	IN	A	98.138.11.157
+ns5.yahoo.com.		87436	IN	A	119.160.247.124
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 284 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 38276
+;; flags: qr rd ra ad cd ; qd: 1 an: 4 au: 0 ad: 1 
+;; QUESTIONS:
+;;	., type = DNSKEY, class = IN
+
+;; ANSWERS:
+.			87368	IN	DNSKEY	256 3 8 AwEAAaPD7Y7XIi1MOEREJNTrRhyqsY3gff6JWzg+XCbqut1sbcbvqyssHw8DT1AkRaAC92pO8xuyq5QEgEPL1IHfABLwpwXI5gTj4gdwi86bpkmlWs9fRpnn4DPDCTdrnxIejJXgClHikLJF3u3CdpNCMijq4CKdQbMlRZ3avv+G7rh7
+.			87368	IN	DNSKEY	257 3 8 AwEAAagAIKlVZrpC6Ia7gEzahOR+9W29euxhJhVVLOyQbSEW0O8gcCjFFVQUTf6v58fLjwBd0YI0EzrAcQqBGCzh/RStIoO8g0NfnfL2MTJRkxoXbfDaUeVPQuYEhg37NZWAJQ9VnMVDxP/VHL496M/QZxkjf5/Efucp2gaDX6RS6CXpoY68LsvPVjR0ZSwzz1apAzvN9dlzEheX7ICJBBtuA6G3LQpzW5hOA2hzCTMjJPJ8LbqF6dsV6DoBQzgul0sGIcGOYl7OyQdXfZ57relSQageu+ipAdTTJ25AsRTAoub8ONGcLmqrAmRLKBP1dfwhYB4N7knNnulqQxA+Uk1ihz0=
+.			87368	IN	DNSKEY	256 3 8 AwEAAe3fSrbLBy3LOS7pnxEUhvPZTE2H5dIGsI/UfruI/nOEvWWa/PSX2BFedBkEqOlYdjdNF2f+6lmfk2Od/xu0v5bVqxFE+/24v3hZSlWBxvXzPTAGHrbW/IJYEPqlzVOAS4XdUgHg0N7IbLywNHMvB+Yf+Nm6ctyXXFLV4WTNnzs7
+.			87368	IN	RRSIG	DNSKEY 8 0 172800 20150115235959 20150101000000 19036 . i8cAxD2pvQi1oAyvQxRpDfFlbqPzW+69QQEsDwE1eWOm5AtawO9U7lmsGps7sy/fVNvl1ljKBj4Djp9pb3U2FLogjiIlW0cDAkPmLlG9t+b/pjEfBNlhjANUVN06pvQVAfm+LcF26EaWT6FlISBqb6jSy4BHRa3Bdc4Sx7+pRSYSqVVvYxLkfAWsKPqGkvWhebJDndJJV9syXQXgZ+v/uJ+6XOS43xkAdeL8iBzIs/FlwMTfh3tVe3d0lb65IBBLlCzeQuetX+0Vu1YFcnD0mHc/wS2ZnAV5toAFmyVQBoY/XAZiZeaOkcROJ6Zmqezy7liwK7BqsYyAZntMhk8lbg==
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 883 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 50370
+;; flags: qr rd ra cd ; qd: 1 an: 2 au: 0 ad: 1 
+;; QUESTIONS:
+;;	com., type = DS, class = IN
+
+;; ANSWERS:
+com.			1036	IN	DS	30909 8 2 E2D3C916F6DEEAC73294E8268FB5885044A833FC5459588F4A9184CFC41A5766
+com.			1036	IN	RRSIG	DS 8 1 86400 20150112170000 20150105160000 16665 . EdNGsG+8slVhJncXMIfcIv5EWXpnDNbGHFHGO2qo64xZ7i8v3dMN0f2vvzNBMufCttyxWAC44s0fHzP24IuuLzTQRyPb4x7/xOXPNM/GsDSEWRrSxXD9wxswpa7XdD8gxqlrrLIlFkOJ59R88L/haMC7dzG0uo9lvE3r8fcynp4=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 239 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 40305
+;; flags: qr rd ra cd ; qd: 1 an: 3 au: 0 ad: 1 
+;; QUESTIONS:
+;;	com., type = DNSKEY, class = IN
+
+;; ANSWERS:
+com.			1037	IN	DNSKEY	257 3 8 AQPDzldNmMvZFX4NcNJ0uEnKDg7tmv/F3MyQR0lpBmVcNcsIszxNFxsBfKNW9JYCYqpik8366LE7VbIcNRzfp2h9OO8HRl+H+E08zauK8k7evWEmu/6od+2boggPoiEfGNyvNPaSI7FOIroDsnw/taggzHRX1Z7SOiOiPWPNIwSUyWOZ79VmcQ1GLkC6NlYvG3HwYmynQv6oFwGv/KELSw7ZSdrbTQ0HXvZbqMUI7BaMskmvgm1G7oKZ1YiF7O9ioVNc0+7ASbqmZN7Z98EGU/Qh2K/BgUe8Hs0XVcdPKrtyYnoQHd2ynKPcMMlTEih2/2HDHjRPJ2aywIpKNnv4oPo/
+com.			1037	IN	DNSKEY	256 3 8 AQOzd48WKiAn+RyfIqkS/ZqQTguv/+dbIENccl9CWvJ8Sx7cLc29uZtDkHjmvqhgI6eKwt1sOhDQdyB6saNImQnG5z6ZoILNlW4h1ljy2LEi16WDf93iQnLekcW3Pr8b0YjmJZu6DXKUrcU1uBYtsULaHpa4ERUJFePn3dmX+2brVQ==
+com.			1037	IN	RRSIG	DNSKEY 8 1 86400 20150108192533 20150101192033 30909 com. qZxb8vx3uSMQJMcx9hLn6OyDBcq67tkDsvcE5Tk3y8UOiJghAJW/4zlyji1C8yQzACqcXtE8g21u3BGyGIhLIDG+v6kaOeqKrWGQfvqer8ihd0NpwuOguV4g68ZcE0qFgFYHNKcpqnxAgIYkcoRda+2tPxcCLTPzEPPyEY0pHX9zC2HL88EneK4xP3qn5YIRDbFfHdDXMU61uXh9p4ASRTpy1l+pKnSf2c/LoUBJyPdFjUw2lQPMHZSNo7qjTkJxv1Mn2WSp8rO+xknqQu12zqihIb40KIyZHPgQ5wCCCT70kf3RmKEqmH1F6T7AWT9oBAzuD192ACyRJSXm5KdW1Q==
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 743 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 12758
+;; flags: qr rd ra cd ; qd: 1 an: 0 au: 6 ad: 1 
+;; QUESTIONS:
+;;	yahoo.com., type = DS, class = IN
+
+;; ANSWERS:
+
+;; AUTHORITY RECORDS:
+com.			900	IN	SOA	a.gtld-servers.net. nstld.verisign-grs.com. 1420580086 1800 900 604800 86400
+com.			900	IN	RRSIG	SOA 8 1 900 20150113213446 20150106202446 48758 com. qu8Cf1ULvc3Iziz9agwXZMNlbG29SEJLVSkeqoiH7KHk4BOu/VroRuYnSnO3XYfHmUfcb4iOulUFxywVWrKr+3WnDWI9K9W9ColDY1RQHuiZNV+V3wGmdf+LSXPiGgCT5INi3aCgCz7ASWee82D6uHg5DroaYqkd1mRHz4djry0=
+CK0POJMG874LJREF7EFN8430QVIT8BSM.com.	900	IN	RRSIG	NSEC3 8 2 86400 20150112055507 20150105044507 48758 com. jxmK9TYR0jbMXKL6irMe5NSnXv8TA54f3OnR6Z6FsGAYufuJ5GD38pHzAet0qkn+Bj4qH/mMsAH+McuXXpsLjQqOLI3Vi+ezSyiibgMDWMCx4485rFnoyWuv7P85jjDf0RI/Vi3KhJ2Eo7c7YGLwBeNlf7Rf+mOtsE+Pe/rwWO4=
+CK0POJMG874LJREF7EFN8430QVIT8BSM.com.	900	IN	NSEC3	1 1 0 - CK0QFMDQRCSRU0651QLVA1JQB21IF7UR NS SOA RRSIG DNSKEY NSEC3PARAM
+GPIKIEOSOPL79LLAGN0NKTKIIIG03PO1.com.	900	IN	RRSIG	NSEC3 8 2 86400 20150112051957 20150105040957 48758 com. nG70oihFwICnzK+GXlNIWLTNPpD05C6aWAWUC5rdBhGY/JkNWSdIk2+Gokv+BkNChaIixEO32hsmuLd5frh4E3UtJ1fhiIjX8Ty5FUAT5FM8URfy2nOxlgtp+/qhpM0Fl6YebYWBvjS87gT0m3ihpwyUX5Cc9TDfX/WRxEeYF94=
+GPIKIEOSOPL79LLAGN0NKTKIIIG03PO1.com.	900	IN	NSEC3	1 1 0 - GPIPCMMD0H5PRLQHL08EAICA0CBFSUMP NS DS RRSIG
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 759 bytes
+
+###############################################
+
diff --git a/src/test/resources/recordings/org_xbill_DNS_dnssec_TestUnsigned/testUnsignedBelowSignedZoneBind b/src/test/resources/recordings/org_xbill_DNS_dnssec_TestUnsigned/testUnsignedBelowSignedZoneBind
new file mode 100644
index 000000000..4a2f726f4
--- /dev/null
+++ b/src/test/resources/recordings/org_xbill_DNS_dnssec_TestUnsigned/testUnsignedBelowSignedZoneBind
@@ -0,0 +1,138 @@
+#Date: 2015-01-06T22:35:05+01:00
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 56956
+;; flags: qr aa rd ra cd ; qd: 1 an: 1 au: 1 ad: 3 
+;; QUESTIONS:
+;;	www.unsigned.ingotronic.ch., type = A, class = IN
+
+;; ANSWERS:
+www.unsigned.ingotronic.ch.	300	IN	A	127.0.0.1
+
+;; AUTHORITY RECORDS:
+unsigned.ingotronic.ch.	300	IN	NS	ns1.ingotronic.ch.
+
+;; ADDITIONAL RECORDS:
+ns1.ingotronic.ch.	300	IN	A	62.192.5.131
+ns1.ingotronic.ch.	300	IN	RRSIG	A 5 3 300 20150125005754 20141226001054 17430 ingotronic.ch. fNG1RZM53pXwBxruHNaSZszxVzNLoCq8VZsTjAzYH2vSLzHXYVGJFTLIeY0K9APAdyJU8WuwmABmn7XY0Kg39kRG77uoFlqUws2PdTz2QKOwJGZY7W88Ak2Y9lkDBcK8o3wJHVptrT8R7p/1U7UfjF0kqPUkakk2B0EbFWdagFg=
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 278 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 4514
+;; flags: qr rd ra ad cd ; qd: 1 an: 4 au: 0 ad: 1 
+;; QUESTIONS:
+;;	., type = DNSKEY, class = IN
+
+;; ANSWERS:
+.			87368	IN	DNSKEY	256 3 8 AwEAAaPD7Y7XIi1MOEREJNTrRhyqsY3gff6JWzg+XCbqut1sbcbvqyssHw8DT1AkRaAC92pO8xuyq5QEgEPL1IHfABLwpwXI5gTj4gdwi86bpkmlWs9fRpnn4DPDCTdrnxIejJXgClHikLJF3u3CdpNCMijq4CKdQbMlRZ3avv+G7rh7
+.			87368	IN	DNSKEY	256 3 8 AwEAAe3fSrbLBy3LOS7pnxEUhvPZTE2H5dIGsI/UfruI/nOEvWWa/PSX2BFedBkEqOlYdjdNF2f+6lmfk2Od/xu0v5bVqxFE+/24v3hZSlWBxvXzPTAGHrbW/IJYEPqlzVOAS4XdUgHg0N7IbLywNHMvB+Yf+Nm6ctyXXFLV4WTNnzs7
+.			87368	IN	DNSKEY	257 3 8 AwEAAagAIKlVZrpC6Ia7gEzahOR+9W29euxhJhVVLOyQbSEW0O8gcCjFFVQUTf6v58fLjwBd0YI0EzrAcQqBGCzh/RStIoO8g0NfnfL2MTJRkxoXbfDaUeVPQuYEhg37NZWAJQ9VnMVDxP/VHL496M/QZxkjf5/Efucp2gaDX6RS6CXpoY68LsvPVjR0ZSwzz1apAzvN9dlzEheX7ICJBBtuA6G3LQpzW5hOA2hzCTMjJPJ8LbqF6dsV6DoBQzgul0sGIcGOYl7OyQdXfZ57relSQageu+ipAdTTJ25AsRTAoub8ONGcLmqrAmRLKBP1dfwhYB4N7knNnulqQxA+Uk1ihz0=
+.			87368	IN	RRSIG	DNSKEY 8 0 172800 20150115235959 20150101000000 19036 . i8cAxD2pvQi1oAyvQxRpDfFlbqPzW+69QQEsDwE1eWOm5AtawO9U7lmsGps7sy/fVNvl1ljKBj4Djp9pb3U2FLogjiIlW0cDAkPmLlG9t+b/pjEfBNlhjANUVN06pvQVAfm+LcF26EaWT6FlISBqb6jSy4BHRa3Bdc4Sx7+pRSYSqVVvYxLkfAWsKPqGkvWhebJDndJJV9syXQXgZ+v/uJ+6XOS43xkAdeL8iBzIs/FlwMTfh3tVe3d0lb65IBBLlCzeQuetX+0Vu1YFcnD0mHc/wS2ZnAV5toAFmyVQBoY/XAZiZeaOkcROJ6Zmqezy7liwK7BqsYyAZntMhk8lbg==
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 883 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 41695
+;; flags: qr rd ra ad cd ; qd: 1 an: 2 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ch., type = DS, class = IN
+
+;; ANSWERS:
+ch.			968	IN	DS	46375 8 2 8F96646FC68BB7E4AF4C0750A6096FBC0D4ECDA3D3FA6DA06FDDB42EE50C6CF3
+ch.			968	IN	RRSIG	DS 8 1 86400 20150112170000 20150105160000 16665 . thY7xYWBBxiBjqbQIb9fAG4TmQgnziwM7q6P1T3/ITxmECdvOCQnnZA3uD7qmN8uM0HudsD7+y+zgD3rsH4RSTKdL4kHSI0OnCxToMTvklghEgFDezqIRm8NkWdI2H4Stwrj20nYKSpLQxPI2EE54gs18P3KyO8bAUYv8Qx73xU=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 238 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 39298
+;; flags: qr rd ra ad cd ; qd: 1 an: 4 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ch., type = DNSKEY, class = IN
+
+;; ANSWERS:
+ch.			969	IN	DNSKEY	257 3 8 AwEAAb7GhhZ8IAy/AhwmSms5DeQK5ad09wIIplEpYoiAIYXPtJvT1ReFzyfTp/2YP+g/PWDwHPh4qKAHa9x0VgbIQcGAeNakmfkAdWEmCnca323/SAml3mwfaX62G7/uYWae5zh8QTxZKNd+K1yZ5x0IxnI31chSl5xymRbTEHYZDKwSIRFM3fTxUMt93WFaBVWELReYotJBr++rvAWdnlay5TPBTvheLBkaiqtgM4GP8HK07Y+86lsZnEsj5K3G1KTV5SPpa82rqYAwxG9VKbmSE/6/kBR5jJHjt1rRt5Oe7v18aEtw0YCEN4vxq+KuvMoNVqXUsE9LBwHJD+QNwi6wmB0=
+ch.			969	IN	DNSKEY	256 3 8 AwEAAcSLdT0fEmcFmLpeUkAJoeVaHKiu+nbuc43fWlqaCRVf8t2HA4uWxOk0O5ci9nrFTc8nq8oa5fk5Cj7CHh4yrX9qUCfTdIWTyp8BDEdJpS+Dyb0u9wQuVj+nQMj4fLzdQf4TJs3/qxuiLr3nL1UUwlhhXeqSqGVb7p3mtB5HJ8ad
+ch.			969	IN	DNSKEY	256 3 8 AwEAAcsg0kY6fw1wzYMhSAKTy+Y2JzAst66P/1odp9NECJJHbU8f4nwziI3onoFSBV0ZiSZhY1aH5dhdDZ7BkrqhVXSrZPAz0CvzjIxmB1gSOf9DeZvjQvoy97HqYolxsf+B3QQv2RKBT67elF5+JisKg3/dQISelKn8LhabSoVrMlD1
+ch.			969	IN	RRSIG	DNSKEY 8 1 86400 20150127100909 20141212090909 46375 ch. bT8q0FWyeMH0SulNo6UdIIgZYNATwYsee2bikq2Gh339Bufma8eaqWIPYT3XKmxYPBFOw0bVl+kLZxTwbR1CFoCDXoP+qgQhh4mf9qkNiv2CDSc+0FE3FRREn+DAhYTUEuB58FPiPakFB8s8O7T+k2qhDae7jy4/y7Jl1lnjaBY8s7bzOUPhF0KKCNZmvoKwtL23ZdVeTSV1xM3jkiNnpzBKbcoSWECSGJVp1SE0BnRXdwQP41YTXFZ0310YjaTAUCC5qbMIWdEkHjfdSQtKBImnc85mkapq9w++XQ4zhauPWBtrPV3CcoCahjUaWdjrKVkibomlJZaN8MEO23CfQw==
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 893 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 30277
+;; flags: qr rd ra cd ; qd: 1 an: 3 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ingotronic.ch., type = DS, class = IN
+
+;; ANSWERS:
+ingotronic.ch.		3577	IN	DS	6031 5 1 733D0218B571CD617B1A7493564B9FC4F12ADE82
+ingotronic.ch.		3577	IN	DS	6031 5 2 4A948F2FDADA24686E473EDAC00DCF972584C75E3FAA92C2021B6221449FF87E
+ingotronic.ch.		3577	IN	RRSIG	DS 8 2 3600 20150129033614 20150105123019 60789 ch. rVPJP2HhzW7OkroK2axFj5Lb4iVWCH8Fp/Iq1rF952NDo72b8RiKje2RaAKJAGQ+wd0YgE+PAej04GCmkhlDJA/zvPeeTxuhy3HbJzReMlQ7fjyH+wW1hli+FuIYvogXWf7nO/9VyPORt8X/f/pjrOr3Vlj9sGLN8TGYpEuVSw4=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 288 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 29421
+;; flags: qr aa rd ra cd ; qd: 1 an: 4 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ingotronic.ch., type = DNSKEY, class = IN
+
+;; ANSWERS:
+ingotronic.ch.		300	IN	DNSKEY	256 3 5 AwEAAZ2Xh77GFzpEDx7EHYxShqltHgkiG+BOjBGifEmnJhQSdE5/yNSLFNcdhZZ8HUPxYnaedTqJcFFg4AzUsQklF/fECegTJdZjaj2WoL0/I8K7HMfY/hVuRZUWPNglYi8agJRX6gdkFTCpUNI7stpgKqxtzUJhhw15uG/lKMplwqUr
+ingotronic.ch.		300	IN	DNSKEY	257 3 5 AwEAAeA1vzmjaB+eBAcvhzpKEgAEFpvQ1rg4uKDW6MsQtacKoqBpgyep2+LuWotz5p/xYxj3NGsArwN8Ad5cY0FHRr8miTT0elOv6nvlqGIfRuhj/BXAQ1x4ihpSFslHw0lJMYFwxsUZWpUyjWX/nv1xRZMMwF46gui0N4OEbyTYusCk77D+A71k+K0EAitFIbIH4GCUKmH1H7HmXhSVH9bN/n7KEGwW32lmsuuUcJoRKDkcUvbMXY/9Xoa2quERrUg/rBbDUHowRPjYDS5GzY1+f4YY8s40BufGiqyUTKKXL953MVFK8gmezXA0hbmrnZ7CBOw/7238mORAdzExaX8n7CE=
+ingotronic.ch.		300	IN	RRSIG	DNSKEY 5 2 300 20150125003700 20141226001657 6031 ingotronic.ch. rs1QlP2SlSpA2ELbzwg3DgWLzXWL3Lpv6CUJE2Q0qH2Zp7Qdy3cD+ZEtNh9v24Qv1M6JJ3zFt8mmZoCeW2ycuMbJCqBkW9CBuwF+VznZvZY2MxwPipvhvEEGP//0M8YAZJ66yQPDv3PTdAP8FYbIrJyvY44vwyncwbslpfHT9jAsrbfr3vuMuWps86dnP462q+0s1TxBfqi8mzo3gdavjHKWVNwohLahLKT+tWeu6DSzQv0YwMjwtkLgF7QRgx3ctIIkloOrnx9nHH1N6y+hxEB89fOlyVDjHhgL5uVtsD5fEdT0FJ2Gc/2nShEMMqIwr1/J9kUq1mNySff/uEe65Q==
+ingotronic.ch.		300	IN	RRSIG	DNSKEY 5 2 300 20150125003700 20141226001657 17430 ingotronic.ch. mEwZjhQqeWksWD0TCnNBrtce4YkWJL3edqL6PvAUu8Fn+Ih437kEs3+pqdkgRsdYQ9HW+lBm/8pWwJlNAv0bi9NykItXMwAUFtncgq+6Pnh3iAM972GXSa5VV4LcGQ5b8CBdHCHiEKDqyPv5Hr5QfYL/FQaWlcNRh4QZZlZNPFA=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 940 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 64953
+;; flags: qr aa rd ra cd ; qd: 1 an: 0 au: 4 ad: 1 
+;; QUESTIONS:
+;;	unsigned.ingotronic.ch., type = DS, class = IN
+
+;; ANSWERS:
+
+;; AUTHORITY RECORDS:
+ingotronic.ch.		300	IN	SOA	ns1.ingotronic.ch. admin.ingotronic.ch. 2013032762 300 60 864000 300
+ingotronic.ch.		300	IN	RRSIG	SOA 5 2 300 20150125021244 20141226011244 17430 ingotronic.ch. WDLpp9G0P/rlMBfpFn9sAfpEFoBnQfwyGSXbGCc/LG1FSkJoKLDQYDY696scLNsJgkrzZeJrl0oSSvA8AvRUhYRrmuqWMxTVFgYlRwPwqEMCKUqiVhKGVF4NYemoBiUQC4nJwBZd57xKCiF4AQ4CodBtiZxefJFAlTNE0g2yxtM=
+unsigned.ingotronic.ch.	300	IN	NSEC	v.ingotronic.ch. NS RRSIG NSEC
+unsigned.ingotronic.ch.	300	IN	RRSIG	NSEC 5 3 300 20150125004144 20141226003211 17430 ingotronic.ch. VsO/22QJi2Ny+QZBukileDIUc4/DqPdZwNssNbylPAscz0IBrLt9zKDcI26NSMqhFRFXIZqBXJScmKJseKB+wQUscwKK5kkzUIXK/SPbLQ8MLnOUKIXUgURDKDCp6W8eHoa/51dOS0Vb1woxmzN1kQnjTTUoW5z1igN7RcYCuGQ=
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 480 bytes
+
+###############################################
+
diff --git a/src/test/resources/recordings/org_xbill_DNS_dnssec_TestUnsigned/testUnsignedBelowUnsignedZone b/src/test/resources/recordings/org_xbill_DNS_dnssec_TestUnsigned/testUnsignedBelowUnsignedZone
new file mode 100644
index 000000000..ed479f06d
--- /dev/null
+++ b/src/test/resources/recordings/org_xbill_DNS_dnssec_TestUnsigned/testUnsignedBelowUnsignedZone
@@ -0,0 +1,138 @@
+#Date: 2015-01-06T22:35:06+01:00
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 65513
+;; flags: qr aa rd ra cd ; qd: 1 an: 1 au: 1 ad: 3 
+;; QUESTIONS:
+;;	www.sub.unsigned.ingotronic.ch., type = A, class = IN
+
+;; ANSWERS:
+www.sub.unsigned.ingotronic.ch.	300	IN	A	127.0.0.1
+
+;; AUTHORITY RECORDS:
+sub.unsigned.ingotronic.ch.	300	IN	NS	ns1.ingotronic.ch.
+
+;; ADDITIONAL RECORDS:
+ns1.ingotronic.ch.	300	IN	A	62.192.5.131
+ns1.ingotronic.ch.	300	IN	RRSIG	A 5 3 300 20150125005754 20141226001054 17430 ingotronic.ch. fNG1RZM53pXwBxruHNaSZszxVzNLoCq8VZsTjAzYH2vSLzHXYVGJFTLIeY0K9APAdyJU8WuwmABmn7XY0Kg39kRG77uoFlqUws2PdTz2QKOwJGZY7W88Ak2Y9lkDBcK8o3wJHVptrT8R7p/1U7UfjF0kqPUkakk2B0EbFWdagFg=
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 282 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 6175
+;; flags: qr rd ra ad cd ; qd: 1 an: 4 au: 0 ad: 1 
+;; QUESTIONS:
+;;	., type = DNSKEY, class = IN
+
+;; ANSWERS:
+.			87367	IN	DNSKEY	256 3 8 AwEAAe3fSrbLBy3LOS7pnxEUhvPZTE2H5dIGsI/UfruI/nOEvWWa/PSX2BFedBkEqOlYdjdNF2f+6lmfk2Od/xu0v5bVqxFE+/24v3hZSlWBxvXzPTAGHrbW/IJYEPqlzVOAS4XdUgHg0N7IbLywNHMvB+Yf+Nm6ctyXXFLV4WTNnzs7
+.			87367	IN	DNSKEY	256 3 8 AwEAAaPD7Y7XIi1MOEREJNTrRhyqsY3gff6JWzg+XCbqut1sbcbvqyssHw8DT1AkRaAC92pO8xuyq5QEgEPL1IHfABLwpwXI5gTj4gdwi86bpkmlWs9fRpnn4DPDCTdrnxIejJXgClHikLJF3u3CdpNCMijq4CKdQbMlRZ3avv+G7rh7
+.			87367	IN	DNSKEY	257 3 8 AwEAAagAIKlVZrpC6Ia7gEzahOR+9W29euxhJhVVLOyQbSEW0O8gcCjFFVQUTf6v58fLjwBd0YI0EzrAcQqBGCzh/RStIoO8g0NfnfL2MTJRkxoXbfDaUeVPQuYEhg37NZWAJQ9VnMVDxP/VHL496M/QZxkjf5/Efucp2gaDX6RS6CXpoY68LsvPVjR0ZSwzz1apAzvN9dlzEheX7ICJBBtuA6G3LQpzW5hOA2hzCTMjJPJ8LbqF6dsV6DoBQzgul0sGIcGOYl7OyQdXfZ57relSQageu+ipAdTTJ25AsRTAoub8ONGcLmqrAmRLKBP1dfwhYB4N7knNnulqQxA+Uk1ihz0=
+.			87367	IN	RRSIG	DNSKEY 8 0 172800 20150115235959 20150101000000 19036 . i8cAxD2pvQi1oAyvQxRpDfFlbqPzW+69QQEsDwE1eWOm5AtawO9U7lmsGps7sy/fVNvl1ljKBj4Djp9pb3U2FLogjiIlW0cDAkPmLlG9t+b/pjEfBNlhjANUVN06pvQVAfm+LcF26EaWT6FlISBqb6jSy4BHRa3Bdc4Sx7+pRSYSqVVvYxLkfAWsKPqGkvWhebJDndJJV9syXQXgZ+v/uJ+6XOS43xkAdeL8iBzIs/FlwMTfh3tVe3d0lb65IBBLlCzeQuetX+0Vu1YFcnD0mHc/wS2ZnAV5toAFmyVQBoY/XAZiZeaOkcROJ6Zmqezy7liwK7BqsYyAZntMhk8lbg==
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 883 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 15153
+;; flags: qr rd ra ad cd ; qd: 1 an: 2 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ch., type = DS, class = IN
+
+;; ANSWERS:
+ch.			967	IN	DS	46375 8 2 8F96646FC68BB7E4AF4C0750A6096FBC0D4ECDA3D3FA6DA06FDDB42EE50C6CF3
+ch.			967	IN	RRSIG	DS 8 1 86400 20150112170000 20150105160000 16665 . thY7xYWBBxiBjqbQIb9fAG4TmQgnziwM7q6P1T3/ITxmECdvOCQnnZA3uD7qmN8uM0HudsD7+y+zgD3rsH4RSTKdL4kHSI0OnCxToMTvklghEgFDezqIRm8NkWdI2H4Stwrj20nYKSpLQxPI2EE54gs18P3KyO8bAUYv8Qx73xU=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 238 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 13386
+;; flags: qr rd ra ad cd ; qd: 1 an: 4 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ch., type = DNSKEY, class = IN
+
+;; ANSWERS:
+ch.			968	IN	DNSKEY	257 3 8 AwEAAb7GhhZ8IAy/AhwmSms5DeQK5ad09wIIplEpYoiAIYXPtJvT1ReFzyfTp/2YP+g/PWDwHPh4qKAHa9x0VgbIQcGAeNakmfkAdWEmCnca323/SAml3mwfaX62G7/uYWae5zh8QTxZKNd+K1yZ5x0IxnI31chSl5xymRbTEHYZDKwSIRFM3fTxUMt93WFaBVWELReYotJBr++rvAWdnlay5TPBTvheLBkaiqtgM4GP8HK07Y+86lsZnEsj5K3G1KTV5SPpa82rqYAwxG9VKbmSE/6/kBR5jJHjt1rRt5Oe7v18aEtw0YCEN4vxq+KuvMoNVqXUsE9LBwHJD+QNwi6wmB0=
+ch.			968	IN	DNSKEY	256 3 8 AwEAAcSLdT0fEmcFmLpeUkAJoeVaHKiu+nbuc43fWlqaCRVf8t2HA4uWxOk0O5ci9nrFTc8nq8oa5fk5Cj7CHh4yrX9qUCfTdIWTyp8BDEdJpS+Dyb0u9wQuVj+nQMj4fLzdQf4TJs3/qxuiLr3nL1UUwlhhXeqSqGVb7p3mtB5HJ8ad
+ch.			968	IN	DNSKEY	256 3 8 AwEAAcsg0kY6fw1wzYMhSAKTy+Y2JzAst66P/1odp9NECJJHbU8f4nwziI3onoFSBV0ZiSZhY1aH5dhdDZ7BkrqhVXSrZPAz0CvzjIxmB1gSOf9DeZvjQvoy97HqYolxsf+B3QQv2RKBT67elF5+JisKg3/dQISelKn8LhabSoVrMlD1
+ch.			968	IN	RRSIG	DNSKEY 8 1 86400 20150127100909 20141212090909 46375 ch. bT8q0FWyeMH0SulNo6UdIIgZYNATwYsee2bikq2Gh339Bufma8eaqWIPYT3XKmxYPBFOw0bVl+kLZxTwbR1CFoCDXoP+qgQhh4mf9qkNiv2CDSc+0FE3FRREn+DAhYTUEuB58FPiPakFB8s8O7T+k2qhDae7jy4/y7Jl1lnjaBY8s7bzOUPhF0KKCNZmvoKwtL23ZdVeTSV1xM3jkiNnpzBKbcoSWECSGJVp1SE0BnRXdwQP41YTXFZ0310YjaTAUCC5qbMIWdEkHjfdSQtKBImnc85mkapq9w++XQ4zhauPWBtrPV3CcoCahjUaWdjrKVkibomlJZaN8MEO23CfQw==
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 893 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 43748
+;; flags: qr rd ra cd ; qd: 1 an: 3 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ingotronic.ch., type = DS, class = IN
+
+;; ANSWERS:
+ingotronic.ch.		3576	IN	DS	6031 5 1 733D0218B571CD617B1A7493564B9FC4F12ADE82
+ingotronic.ch.		3576	IN	DS	6031 5 2 4A948F2FDADA24686E473EDAC00DCF972584C75E3FAA92C2021B6221449FF87E
+ingotronic.ch.		3576	IN	RRSIG	DS 8 2 3600 20150129033614 20150105123019 60789 ch. rVPJP2HhzW7OkroK2axFj5Lb4iVWCH8Fp/Iq1rF952NDo72b8RiKje2RaAKJAGQ+wd0YgE+PAej04GCmkhlDJA/zvPeeTxuhy3HbJzReMlQ7fjyH+wW1hli+FuIYvogXWf7nO/9VyPORt8X/f/pjrOr3Vlj9sGLN8TGYpEuVSw4=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 288 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 40343
+;; flags: qr aa rd ra cd ; qd: 1 an: 4 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ingotronic.ch., type = DNSKEY, class = IN
+
+;; ANSWERS:
+ingotronic.ch.		300	IN	DNSKEY	256 3 5 AwEAAZ2Xh77GFzpEDx7EHYxShqltHgkiG+BOjBGifEmnJhQSdE5/yNSLFNcdhZZ8HUPxYnaedTqJcFFg4AzUsQklF/fECegTJdZjaj2WoL0/I8K7HMfY/hVuRZUWPNglYi8agJRX6gdkFTCpUNI7stpgKqxtzUJhhw15uG/lKMplwqUr
+ingotronic.ch.		300	IN	DNSKEY	257 3 5 AwEAAeA1vzmjaB+eBAcvhzpKEgAEFpvQ1rg4uKDW6MsQtacKoqBpgyep2+LuWotz5p/xYxj3NGsArwN8Ad5cY0FHRr8miTT0elOv6nvlqGIfRuhj/BXAQ1x4ihpSFslHw0lJMYFwxsUZWpUyjWX/nv1xRZMMwF46gui0N4OEbyTYusCk77D+A71k+K0EAitFIbIH4GCUKmH1H7HmXhSVH9bN/n7KEGwW32lmsuuUcJoRKDkcUvbMXY/9Xoa2quERrUg/rBbDUHowRPjYDS5GzY1+f4YY8s40BufGiqyUTKKXL953MVFK8gmezXA0hbmrnZ7CBOw/7238mORAdzExaX8n7CE=
+ingotronic.ch.		300	IN	RRSIG	DNSKEY 5 2 300 20150125003700 20141226001657 6031 ingotronic.ch. rs1QlP2SlSpA2ELbzwg3DgWLzXWL3Lpv6CUJE2Q0qH2Zp7Qdy3cD+ZEtNh9v24Qv1M6JJ3zFt8mmZoCeW2ycuMbJCqBkW9CBuwF+VznZvZY2MxwPipvhvEEGP//0M8YAZJ66yQPDv3PTdAP8FYbIrJyvY44vwyncwbslpfHT9jAsrbfr3vuMuWps86dnP462q+0s1TxBfqi8mzo3gdavjHKWVNwohLahLKT+tWeu6DSzQv0YwMjwtkLgF7QRgx3ctIIkloOrnx9nHH1N6y+hxEB89fOlyVDjHhgL5uVtsD5fEdT0FJ2Gc/2nShEMMqIwr1/J9kUq1mNySff/uEe65Q==
+ingotronic.ch.		300	IN	RRSIG	DNSKEY 5 2 300 20150125003700 20141226001657 17430 ingotronic.ch. mEwZjhQqeWksWD0TCnNBrtce4YkWJL3edqL6PvAUu8Fn+Ih437kEs3+pqdkgRsdYQ9HW+lBm/8pWwJlNAv0bi9NykItXMwAUFtncgq+6Pnh3iAM972GXSa5VV4LcGQ5b8CBdHCHiEKDqyPv5Hr5QfYL/FQaWlcNRh4QZZlZNPFA=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 940 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 33055
+;; flags: qr aa rd ra cd ; qd: 1 an: 0 au: 4 ad: 1 
+;; QUESTIONS:
+;;	unsigned.ingotronic.ch., type = DS, class = IN
+
+;; ANSWERS:
+
+;; AUTHORITY RECORDS:
+ingotronic.ch.		300	IN	SOA	ns1.ingotronic.ch. admin.ingotronic.ch. 2013032762 300 60 864000 300
+ingotronic.ch.		300	IN	RRSIG	SOA 5 2 300 20150125021244 20141226011244 17430 ingotronic.ch. WDLpp9G0P/rlMBfpFn9sAfpEFoBnQfwyGSXbGCc/LG1FSkJoKLDQYDY696scLNsJgkrzZeJrl0oSSvA8AvRUhYRrmuqWMxTVFgYlRwPwqEMCKUqiVhKGVF4NYemoBiUQC4nJwBZd57xKCiF4AQ4CodBtiZxefJFAlTNE0g2yxtM=
+unsigned.ingotronic.ch.	300	IN	NSEC	v.ingotronic.ch. NS RRSIG NSEC
+unsigned.ingotronic.ch.	300	IN	RRSIG	NSEC 5 3 300 20150125004144 20141226003211 17430 ingotronic.ch. VsO/22QJi2Ny+QZBukileDIUc4/DqPdZwNssNbylPAscz0IBrLt9zKDcI26NSMqhFRFXIZqBXJScmKJseKB+wQUscwKK5kkzUIXK/SPbLQ8MLnOUKIXUgURDKDCp6W8eHoa/51dOS0Vb1woxmzN1kQnjTTUoW5z1igN7RcYCuGQ=
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 480 bytes
+
+###############################################
+
diff --git a/src/test/resources/recordings/org_xbill_DNS_dnssec_TestValUtils/testAtLeastOneDigestSupportedWithOnlyNonDSRecords b/src/test/resources/recordings/org_xbill_DNS_dnssec_TestValUtils/testAtLeastOneDigestSupportedWithOnlyNonDSRecords
new file mode 100644
index 000000000..fcd07f72d
--- /dev/null
+++ b/src/test/resources/recordings/org_xbill_DNS_dnssec_TestValUtils/testAtLeastOneDigestSupportedWithOnlyNonDSRecords
@@ -0,0 +1 @@
+#Date: 2015-01-06T22:35:25+01:00
diff --git a/src/test/resources/recordings/org_xbill_DNS_dnssec_TestValUtils/testAtLeastOneSupportedAlgorithmWithOnlyNonDSRecords b/src/test/resources/recordings/org_xbill_DNS_dnssec_TestValUtils/testAtLeastOneSupportedAlgorithmWithOnlyNonDSRecords
new file mode 100644
index 000000000..f29ef16e1
--- /dev/null
+++ b/src/test/resources/recordings/org_xbill_DNS_dnssec_TestValUtils/testAtLeastOneSupportedAlgorithmWithOnlyNonDSRecords
@@ -0,0 +1 @@
+#Date: 2015-01-06T22:35:21+01:00
diff --git a/src/test/resources/recordings/org_xbill_DNS_dnssec_TestValUtils/testDsNoDataWhenNsecProvesDs b/src/test/resources/recordings/org_xbill_DNS_dnssec_TestValUtils/testDsNoDataWhenNsecProvesDs
new file mode 100644
index 000000000..d2184c3d7
--- /dev/null
+++ b/src/test/resources/recordings/org_xbill_DNS_dnssec_TestValUtils/testDsNoDataWhenNsecProvesDs
@@ -0,0 +1,239 @@
+#Date: 2015-01-06T22:35:21+01:00
+;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 2340
+;; flags: qr aa rd ra cd ; qd: 1 an: 0 au: 6 ad: 1 
+;; QUESTIONS:
+;;	sub1.ingotronic.ch., type = NSEC, class = IN
+
+;; ANSWERS:
+
+;; AUTHORITY RECORDS:
+ingotronic.ch.		300	IN	SOA	ns1.ingotronic.ch. admin.ingotronic.ch. 2013032762 300 60 864000 300
+ingotronic.ch.		300	IN	RRSIG	SOA 5 2 300 20150125021244 20141226011244 17430 ingotronic.ch. WDLpp9G0P/rlMBfpFn9sAfpEFoBnQfwyGSXbGCc/LG1FSkJoKLDQYDY696scLNsJgkrzZeJrl0oSSvA8AvRUhYRrmuqWMxTVFgYlRwPwqEMCKUqiVhKGVF4NYemoBiUQC4nJwBZd57xKCiF4AQ4CodBtiZxefJFAlTNE0g2yxtM=
+ingotronic.ch.		300	IN	NSEC	alias.ingotronic.ch. A NS SOA RRSIG NSEC DNSKEY
+ingotronic.ch.		300	IN	RRSIG	NSEC 5 2 300 20150125000532 20141225234703 17430 ingotronic.ch. en5BaZ6zWqEvoUFUDPm5g1pjz7THXBv/1kjKtV2tS+7xh0BtkLEzlA9n/H66ZZAX2EIh7vXj12xVJKOuEuM0o1mJwKsBaLQuTra60/zYAUIddwUOCzI3zzjiRFklPyHSnLkGoBODZcvehnsTzTPyBxkfoouleqpj7gN5jOSBL8M=
+sub.ingotronic.ch.	300	IN	NSEC	unknown-alg.ingotronic.ch. NS DS RRSIG NSEC
+sub.ingotronic.ch.	300	IN	RRSIG	NSEC 5 3 300 20150125004144 20141226003211 17430 ingotronic.ch. bNZQZZypKi/2MlAYJ6h0W69GSCLxnkvq4cXdR5oBfvcGlvP5AMnuqqY0HwjByPHqg8TMn/lrlpoXPODAjeAadRD73F3GD1YgyWDr1eCeSGCIHisadDYpzdeqgQNHxYbz2UMtB5d/6Q/C4yyzWuxk3Rpwg+bV77yYlOjDxgVYMhg=
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 705 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 41220
+;; flags: qr rd ra ad cd ; qd: 1 an: 4 au: 0 ad: 1 
+;; QUESTIONS:
+;;	., type = DNSKEY, class = IN
+
+;; ANSWERS:
+.			87352	IN	DNSKEY	256 3 8 AwEAAaPD7Y7XIi1MOEREJNTrRhyqsY3gff6JWzg+XCbqut1sbcbvqyssHw8DT1AkRaAC92pO8xuyq5QEgEPL1IHfABLwpwXI5gTj4gdwi86bpkmlWs9fRpnn4DPDCTdrnxIejJXgClHikLJF3u3CdpNCMijq4CKdQbMlRZ3avv+G7rh7
+.			87352	IN	DNSKEY	257 3 8 AwEAAagAIKlVZrpC6Ia7gEzahOR+9W29euxhJhVVLOyQbSEW0O8gcCjFFVQUTf6v58fLjwBd0YI0EzrAcQqBGCzh/RStIoO8g0NfnfL2MTJRkxoXbfDaUeVPQuYEhg37NZWAJQ9VnMVDxP/VHL496M/QZxkjf5/Efucp2gaDX6RS6CXpoY68LsvPVjR0ZSwzz1apAzvN9dlzEheX7ICJBBtuA6G3LQpzW5hOA2hzCTMjJPJ8LbqF6dsV6DoBQzgul0sGIcGOYl7OyQdXfZ57relSQageu+ipAdTTJ25AsRTAoub8ONGcLmqrAmRLKBP1dfwhYB4N7knNnulqQxA+Uk1ihz0=
+.			87352	IN	DNSKEY	256 3 8 AwEAAe3fSrbLBy3LOS7pnxEUhvPZTE2H5dIGsI/UfruI/nOEvWWa/PSX2BFedBkEqOlYdjdNF2f+6lmfk2Od/xu0v5bVqxFE+/24v3hZSlWBxvXzPTAGHrbW/IJYEPqlzVOAS4XdUgHg0N7IbLywNHMvB+Yf+Nm6ctyXXFLV4WTNnzs7
+.			87352	IN	RRSIG	DNSKEY 8 0 172800 20150115235959 20150101000000 19036 . i8cAxD2pvQi1oAyvQxRpDfFlbqPzW+69QQEsDwE1eWOm5AtawO9U7lmsGps7sy/fVNvl1ljKBj4Djp9pb3U2FLogjiIlW0cDAkPmLlG9t+b/pjEfBNlhjANUVN06pvQVAfm+LcF26EaWT6FlISBqb6jSy4BHRa3Bdc4Sx7+pRSYSqVVvYxLkfAWsKPqGkvWhebJDndJJV9syXQXgZ+v/uJ+6XOS43xkAdeL8iBzIs/FlwMTfh3tVe3d0lb65IBBLlCzeQuetX+0Vu1YFcnD0mHc/wS2ZnAV5toAFmyVQBoY/XAZiZeaOkcROJ6Zmqezy7liwK7BqsYyAZntMhk8lbg==
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 883 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 28241
+;; flags: qr rd ra ad cd ; qd: 1 an: 2 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ch., type = DS, class = IN
+
+;; ANSWERS:
+ch.			952	IN	DS	46375 8 2 8F96646FC68BB7E4AF4C0750A6096FBC0D4ECDA3D3FA6DA06FDDB42EE50C6CF3
+ch.			952	IN	RRSIG	DS 8 1 86400 20150112170000 20150105160000 16665 . thY7xYWBBxiBjqbQIb9fAG4TmQgnziwM7q6P1T3/ITxmECdvOCQnnZA3uD7qmN8uM0HudsD7+y+zgD3rsH4RSTKdL4kHSI0OnCxToMTvklghEgFDezqIRm8NkWdI2H4Stwrj20nYKSpLQxPI2EE54gs18P3KyO8bAUYv8Qx73xU=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 238 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 39612
+;; flags: qr rd ra ad cd ; qd: 1 an: 4 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ch., type = DNSKEY, class = IN
+
+;; ANSWERS:
+ch.			953	IN	DNSKEY	256 3 8 AwEAAcSLdT0fEmcFmLpeUkAJoeVaHKiu+nbuc43fWlqaCRVf8t2HA4uWxOk0O5ci9nrFTc8nq8oa5fk5Cj7CHh4yrX9qUCfTdIWTyp8BDEdJpS+Dyb0u9wQuVj+nQMj4fLzdQf4TJs3/qxuiLr3nL1UUwlhhXeqSqGVb7p3mtB5HJ8ad
+ch.			953	IN	DNSKEY	256 3 8 AwEAAcsg0kY6fw1wzYMhSAKTy+Y2JzAst66P/1odp9NECJJHbU8f4nwziI3onoFSBV0ZiSZhY1aH5dhdDZ7BkrqhVXSrZPAz0CvzjIxmB1gSOf9DeZvjQvoy97HqYolxsf+B3QQv2RKBT67elF5+JisKg3/dQISelKn8LhabSoVrMlD1
+ch.			953	IN	DNSKEY	257 3 8 AwEAAb7GhhZ8IAy/AhwmSms5DeQK5ad09wIIplEpYoiAIYXPtJvT1ReFzyfTp/2YP+g/PWDwHPh4qKAHa9x0VgbIQcGAeNakmfkAdWEmCnca323/SAml3mwfaX62G7/uYWae5zh8QTxZKNd+K1yZ5x0IxnI31chSl5xymRbTEHYZDKwSIRFM3fTxUMt93WFaBVWELReYotJBr++rvAWdnlay5TPBTvheLBkaiqtgM4GP8HK07Y+86lsZnEsj5K3G1KTV5SPpa82rqYAwxG9VKbmSE/6/kBR5jJHjt1rRt5Oe7v18aEtw0YCEN4vxq+KuvMoNVqXUsE9LBwHJD+QNwi6wmB0=
+ch.			953	IN	RRSIG	DNSKEY 8 1 86400 20150127100909 20141212090909 46375 ch. bT8q0FWyeMH0SulNo6UdIIgZYNATwYsee2bikq2Gh339Bufma8eaqWIPYT3XKmxYPBFOw0bVl+kLZxTwbR1CFoCDXoP+qgQhh4mf9qkNiv2CDSc+0FE3FRREn+DAhYTUEuB58FPiPakFB8s8O7T+k2qhDae7jy4/y7Jl1lnjaBY8s7bzOUPhF0KKCNZmvoKwtL23ZdVeTSV1xM3jkiNnpzBKbcoSWECSGJVp1SE0BnRXdwQP41YTXFZ0310YjaTAUCC5qbMIWdEkHjfdSQtKBImnc85mkapq9w++XQ4zhauPWBtrPV3CcoCahjUaWdjrKVkibomlJZaN8MEO23CfQw==
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 893 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 32740
+;; flags: qr rd ra cd ; qd: 1 an: 3 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ingotronic.ch., type = DS, class = IN
+
+;; ANSWERS:
+ingotronic.ch.		3561	IN	DS	6031 5 2 4A948F2FDADA24686E473EDAC00DCF972584C75E3FAA92C2021B6221449FF87E
+ingotronic.ch.		3561	IN	DS	6031 5 1 733D0218B571CD617B1A7493564B9FC4F12ADE82
+ingotronic.ch.		3561	IN	RRSIG	DS 8 2 3600 20150129033614 20150105123019 60789 ch. rVPJP2HhzW7OkroK2axFj5Lb4iVWCH8Fp/Iq1rF952NDo72b8RiKje2RaAKJAGQ+wd0YgE+PAej04GCmkhlDJA/zvPeeTxuhy3HbJzReMlQ7fjyH+wW1hli+FuIYvogXWf7nO/9VyPORt8X/f/pjrOr3Vlj9sGLN8TGYpEuVSw4=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 288 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 17983
+;; flags: qr aa rd ra cd ; qd: 1 an: 4 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ingotronic.ch., type = DNSKEY, class = IN
+
+;; ANSWERS:
+ingotronic.ch.		300	IN	DNSKEY	256 3 5 AwEAAZ2Xh77GFzpEDx7EHYxShqltHgkiG+BOjBGifEmnJhQSdE5/yNSLFNcdhZZ8HUPxYnaedTqJcFFg4AzUsQklF/fECegTJdZjaj2WoL0/I8K7HMfY/hVuRZUWPNglYi8agJRX6gdkFTCpUNI7stpgKqxtzUJhhw15uG/lKMplwqUr
+ingotronic.ch.		300	IN	DNSKEY	257 3 5 AwEAAeA1vzmjaB+eBAcvhzpKEgAEFpvQ1rg4uKDW6MsQtacKoqBpgyep2+LuWotz5p/xYxj3NGsArwN8Ad5cY0FHRr8miTT0elOv6nvlqGIfRuhj/BXAQ1x4ihpSFslHw0lJMYFwxsUZWpUyjWX/nv1xRZMMwF46gui0N4OEbyTYusCk77D+A71k+K0EAitFIbIH4GCUKmH1H7HmXhSVH9bN/n7KEGwW32lmsuuUcJoRKDkcUvbMXY/9Xoa2quERrUg/rBbDUHowRPjYDS5GzY1+f4YY8s40BufGiqyUTKKXL953MVFK8gmezXA0hbmrnZ7CBOw/7238mORAdzExaX8n7CE=
+ingotronic.ch.		300	IN	RRSIG	DNSKEY 5 2 300 20150125003700 20141226001657 6031 ingotronic.ch. rs1QlP2SlSpA2ELbzwg3DgWLzXWL3Lpv6CUJE2Q0qH2Zp7Qdy3cD+ZEtNh9v24Qv1M6JJ3zFt8mmZoCeW2ycuMbJCqBkW9CBuwF+VznZvZY2MxwPipvhvEEGP//0M8YAZJ66yQPDv3PTdAP8FYbIrJyvY44vwyncwbslpfHT9jAsrbfr3vuMuWps86dnP462q+0s1TxBfqi8mzo3gdavjHKWVNwohLahLKT+tWeu6DSzQv0YwMjwtkLgF7QRgx3ctIIkloOrnx9nHH1N6y+hxEB89fOlyVDjHhgL5uVtsD5fEdT0FJ2Gc/2nShEMMqIwr1/J9kUq1mNySff/uEe65Q==
+ingotronic.ch.		300	IN	RRSIG	DNSKEY 5 2 300 20150125003700 20141226001657 17430 ingotronic.ch. mEwZjhQqeWksWD0TCnNBrtce4YkWJL3edqL6PvAUu8Fn+Ih437kEs3+pqdkgRsdYQ9HW+lBm/8pWwJlNAv0bi9NykItXMwAUFtncgq+6Pnh3iAM972GXSa5VV4LcGQ5b8CBdHCHiEKDqyPv5Hr5QfYL/FQaWlcNRh4QZZlZNPFA=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 940 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 14892
+;; flags: qr aa rd ra cd ; qd: 1 an: 2 au: 2 ad: 3 
+;; QUESTIONS:
+;;	sub.ingotronic.ch., type = A, class = IN
+
+;; ANSWERS:
+sub.ingotronic.ch.	300	IN	A	127.0.0.1
+sub.ingotronic.ch.	300	IN	RRSIG	A 5 3 300 20150131215757 20150101212100 3600 sub.ingotronic.ch. n5sXfpaxmFD6fFEvMEW+DwUJSP3yshFzkbc6idvWENf2b7F90jp093w4y0YkYsG5fWroQvHCJAMnXbawOEfFWquLhVJc8HHvZDXUeQb55rFYg8qYd1fOoP7/Z5hbwBNLSCGn3JPjCRXVfnEa58lKARgr+KZ1gqI/2Dm+jOoZ2Uc=
+
+;; AUTHORITY RECORDS:
+sub.ingotronic.ch.	300	IN	NS	ns1.ingotronic.ch.
+sub.ingotronic.ch.	300	IN	RRSIG	NS 5 3 300 20150131215757 20150101212100 3600 sub.ingotronic.ch. sXlfjCvwDECHOum9PfpnP+/d7A1MntO1H4jYBpsFvQru3YoR02TghQhoReszEeds39AUWJFT8u9Bk+OrKUS+Ubi6i+wbaiKFpoRHdzWDN3YFu3flRx+2chdVl9KkGywcYBi2j51iDWjKbWoCE3E1t7OoA/DBqSACyeLLsolagpY=
+
+;; ADDITIONAL RECORDS:
+ns1.ingotronic.ch.	300	IN	A	62.192.5.131
+ns1.ingotronic.ch.	300	IN	RRSIG	A 5 3 300 20150125005754 20141226001054 17430 ingotronic.ch. fNG1RZM53pXwBxruHNaSZszxVzNLoCq8VZsTjAzYH2vSLzHXYVGJFTLIeY0K9APAdyJU8WuwmABmn7XY0Kg39kRG77uoFlqUws2PdTz2QKOwJGZY7W88Ak2Y9lkDBcK8o3wJHVptrT8R7p/1U7UfjF0kqPUkakk2B0EbFWdagFg=
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 623 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 25278
+;; flags: qr rd ra ad cd ; qd: 1 an: 4 au: 0 ad: 1 
+;; QUESTIONS:
+;;	., type = DNSKEY, class = IN
+
+;; ANSWERS:
+.			87352	IN	DNSKEY	256 3 8 AwEAAaPD7Y7XIi1MOEREJNTrRhyqsY3gff6JWzg+XCbqut1sbcbvqyssHw8DT1AkRaAC92pO8xuyq5QEgEPL1IHfABLwpwXI5gTj4gdwi86bpkmlWs9fRpnn4DPDCTdrnxIejJXgClHikLJF3u3CdpNCMijq4CKdQbMlRZ3avv+G7rh7
+.			87352	IN	DNSKEY	257 3 8 AwEAAagAIKlVZrpC6Ia7gEzahOR+9W29euxhJhVVLOyQbSEW0O8gcCjFFVQUTf6v58fLjwBd0YI0EzrAcQqBGCzh/RStIoO8g0NfnfL2MTJRkxoXbfDaUeVPQuYEhg37NZWAJQ9VnMVDxP/VHL496M/QZxkjf5/Efucp2gaDX6RS6CXpoY68LsvPVjR0ZSwzz1apAzvN9dlzEheX7ICJBBtuA6G3LQpzW5hOA2hzCTMjJPJ8LbqF6dsV6DoBQzgul0sGIcGOYl7OyQdXfZ57relSQageu+ipAdTTJ25AsRTAoub8ONGcLmqrAmRLKBP1dfwhYB4N7knNnulqQxA+Uk1ihz0=
+.			87352	IN	DNSKEY	256 3 8 AwEAAe3fSrbLBy3LOS7pnxEUhvPZTE2H5dIGsI/UfruI/nOEvWWa/PSX2BFedBkEqOlYdjdNF2f+6lmfk2Od/xu0v5bVqxFE+/24v3hZSlWBxvXzPTAGHrbW/IJYEPqlzVOAS4XdUgHg0N7IbLywNHMvB+Yf+Nm6ctyXXFLV4WTNnzs7
+.			87352	IN	RRSIG	DNSKEY 8 0 172800 20150115235959 20150101000000 19036 . i8cAxD2pvQi1oAyvQxRpDfFlbqPzW+69QQEsDwE1eWOm5AtawO9U7lmsGps7sy/fVNvl1ljKBj4Djp9pb3U2FLogjiIlW0cDAkPmLlG9t+b/pjEfBNlhjANUVN06pvQVAfm+LcF26EaWT6FlISBqb6jSy4BHRa3Bdc4Sx7+pRSYSqVVvYxLkfAWsKPqGkvWhebJDndJJV9syXQXgZ+v/uJ+6XOS43xkAdeL8iBzIs/FlwMTfh3tVe3d0lb65IBBLlCzeQuetX+0Vu1YFcnD0mHc/wS2ZnAV5toAFmyVQBoY/XAZiZeaOkcROJ6Zmqezy7liwK7BqsYyAZntMhk8lbg==
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 883 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 22717
+;; flags: qr rd ra ad cd ; qd: 1 an: 2 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ch., type = DS, class = IN
+
+;; ANSWERS:
+ch.			952	IN	DS	46375 8 2 8F96646FC68BB7E4AF4C0750A6096FBC0D4ECDA3D3FA6DA06FDDB42EE50C6CF3
+ch.			952	IN	RRSIG	DS 8 1 86400 20150112170000 20150105160000 16665 . thY7xYWBBxiBjqbQIb9fAG4TmQgnziwM7q6P1T3/ITxmECdvOCQnnZA3uD7qmN8uM0HudsD7+y+zgD3rsH4RSTKdL4kHSI0OnCxToMTvklghEgFDezqIRm8NkWdI2H4Stwrj20nYKSpLQxPI2EE54gs18P3KyO8bAUYv8Qx73xU=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 238 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 54290
+;; flags: qr rd ra ad cd ; qd: 1 an: 4 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ch., type = DNSKEY, class = IN
+
+;; ANSWERS:
+ch.			953	IN	DNSKEY	256 3 8 AwEAAcsg0kY6fw1wzYMhSAKTy+Y2JzAst66P/1odp9NECJJHbU8f4nwziI3onoFSBV0ZiSZhY1aH5dhdDZ7BkrqhVXSrZPAz0CvzjIxmB1gSOf9DeZvjQvoy97HqYolxsf+B3QQv2RKBT67elF5+JisKg3/dQISelKn8LhabSoVrMlD1
+ch.			953	IN	DNSKEY	257 3 8 AwEAAb7GhhZ8IAy/AhwmSms5DeQK5ad09wIIplEpYoiAIYXPtJvT1ReFzyfTp/2YP+g/PWDwHPh4qKAHa9x0VgbIQcGAeNakmfkAdWEmCnca323/SAml3mwfaX62G7/uYWae5zh8QTxZKNd+K1yZ5x0IxnI31chSl5xymRbTEHYZDKwSIRFM3fTxUMt93WFaBVWELReYotJBr++rvAWdnlay5TPBTvheLBkaiqtgM4GP8HK07Y+86lsZnEsj5K3G1KTV5SPpa82rqYAwxG9VKbmSE/6/kBR5jJHjt1rRt5Oe7v18aEtw0YCEN4vxq+KuvMoNVqXUsE9LBwHJD+QNwi6wmB0=
+ch.			953	IN	DNSKEY	256 3 8 AwEAAcSLdT0fEmcFmLpeUkAJoeVaHKiu+nbuc43fWlqaCRVf8t2HA4uWxOk0O5ci9nrFTc8nq8oa5fk5Cj7CHh4yrX9qUCfTdIWTyp8BDEdJpS+Dyb0u9wQuVj+nQMj4fLzdQf4TJs3/qxuiLr3nL1UUwlhhXeqSqGVb7p3mtB5HJ8ad
+ch.			953	IN	RRSIG	DNSKEY 8 1 86400 20150127100909 20141212090909 46375 ch. bT8q0FWyeMH0SulNo6UdIIgZYNATwYsee2bikq2Gh339Bufma8eaqWIPYT3XKmxYPBFOw0bVl+kLZxTwbR1CFoCDXoP+qgQhh4mf9qkNiv2CDSc+0FE3FRREn+DAhYTUEuB58FPiPakFB8s8O7T+k2qhDae7jy4/y7Jl1lnjaBY8s7bzOUPhF0KKCNZmvoKwtL23ZdVeTSV1xM3jkiNnpzBKbcoSWECSGJVp1SE0BnRXdwQP41YTXFZ0310YjaTAUCC5qbMIWdEkHjfdSQtKBImnc85mkapq9w++XQ4zhauPWBtrPV3CcoCahjUaWdjrKVkibomlJZaN8MEO23CfQw==
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 893 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 49739
+;; flags: qr rd ra cd ; qd: 1 an: 3 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ingotronic.ch., type = DS, class = IN
+
+;; ANSWERS:
+ingotronic.ch.		3561	IN	DS	6031 5 1 733D0218B571CD617B1A7493564B9FC4F12ADE82
+ingotronic.ch.		3561	IN	DS	6031 5 2 4A948F2FDADA24686E473EDAC00DCF972584C75E3FAA92C2021B6221449FF87E
+ingotronic.ch.		3561	IN	RRSIG	DS 8 2 3600 20150129033614 20150105123019 60789 ch. rVPJP2HhzW7OkroK2axFj5Lb4iVWCH8Fp/Iq1rF952NDo72b8RiKje2RaAKJAGQ+wd0YgE+PAej04GCmkhlDJA/zvPeeTxuhy3HbJzReMlQ7fjyH+wW1hli+FuIYvogXWf7nO/9VyPORt8X/f/pjrOr3Vlj9sGLN8TGYpEuVSw4=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 288 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 4917
+;; flags: qr aa rd ra cd ; qd: 1 an: 4 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ingotronic.ch., type = DNSKEY, class = IN
+
+;; ANSWERS:
+ingotronic.ch.		300	IN	DNSKEY	257 3 5 AwEAAeA1vzmjaB+eBAcvhzpKEgAEFpvQ1rg4uKDW6MsQtacKoqBpgyep2+LuWotz5p/xYxj3NGsArwN8Ad5cY0FHRr8miTT0elOv6nvlqGIfRuhj/BXAQ1x4ihpSFslHw0lJMYFwxsUZWpUyjWX/nv1xRZMMwF46gui0N4OEbyTYusCk77D+A71k+K0EAitFIbIH4GCUKmH1H7HmXhSVH9bN/n7KEGwW32lmsuuUcJoRKDkcUvbMXY/9Xoa2quERrUg/rBbDUHowRPjYDS5GzY1+f4YY8s40BufGiqyUTKKXL953MVFK8gmezXA0hbmrnZ7CBOw/7238mORAdzExaX8n7CE=
+ingotronic.ch.		300	IN	DNSKEY	256 3 5 AwEAAZ2Xh77GFzpEDx7EHYxShqltHgkiG+BOjBGifEmnJhQSdE5/yNSLFNcdhZZ8HUPxYnaedTqJcFFg4AzUsQklF/fECegTJdZjaj2WoL0/I8K7HMfY/hVuRZUWPNglYi8agJRX6gdkFTCpUNI7stpgKqxtzUJhhw15uG/lKMplwqUr
+ingotronic.ch.		300	IN	RRSIG	DNSKEY 5 2 300 20150125003700 20141226001657 6031 ingotronic.ch. rs1QlP2SlSpA2ELbzwg3DgWLzXWL3Lpv6CUJE2Q0qH2Zp7Qdy3cD+ZEtNh9v24Qv1M6JJ3zFt8mmZoCeW2ycuMbJCqBkW9CBuwF+VznZvZY2MxwPipvhvEEGP//0M8YAZJ66yQPDv3PTdAP8FYbIrJyvY44vwyncwbslpfHT9jAsrbfr3vuMuWps86dnP462q+0s1TxBfqi8mzo3gdavjHKWVNwohLahLKT+tWeu6DSzQv0YwMjwtkLgF7QRgx3ctIIkloOrnx9nHH1N6y+hxEB89fOlyVDjHhgL5uVtsD5fEdT0FJ2Gc/2nShEMMqIwr1/J9kUq1mNySff/uEe65Q==
+ingotronic.ch.		300	IN	RRSIG	DNSKEY 5 2 300 20150125003700 20141226001657 17430 ingotronic.ch. mEwZjhQqeWksWD0TCnNBrtce4YkWJL3edqL6PvAUu8Fn+Ih437kEs3+pqdkgRsdYQ9HW+lBm/8pWwJlNAv0bi9NykItXMwAUFtncgq+6Pnh3iAM972GXSa5VV4LcGQ5b8CBdHCHiEKDqyPv5Hr5QfYL/FQaWlcNRh4QZZlZNPFA=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 940 bytes
+
+###############################################
+
diff --git a/src/test/resources/recordings/org_xbill_DNS_dnssec_TestValUtils/testHasSignedNsecsWithoutSignedSigsReturnsFalse b/src/test/resources/recordings/org_xbill_DNS_dnssec_TestValUtils/testHasSignedNsecsWithoutSignedSigsReturnsFalse
new file mode 100644
index 000000000..f29ef16e1
--- /dev/null
+++ b/src/test/resources/recordings/org_xbill_DNS_dnssec_TestValUtils/testHasSignedNsecsWithoutSignedSigsReturnsFalse
@@ -0,0 +1 @@
+#Date: 2015-01-06T22:35:21+01:00
diff --git a/src/test/resources/recordings/org_xbill_DNS_dnssec_TestValUtils/testLongestCommonNameRootIsRoot b/src/test/resources/recordings/org_xbill_DNS_dnssec_TestValUtils/testLongestCommonNameRootIsRoot
new file mode 100644
index 000000000..d6a19e510
--- /dev/null
+++ b/src/test/resources/recordings/org_xbill_DNS_dnssec_TestValUtils/testLongestCommonNameRootIsRoot
@@ -0,0 +1 @@
+#Date: 2015-01-06T22:35:24+01:00
diff --git a/src/test/resources/recordings/org_xbill_DNS_dnssec_TestValUtils/testNameErrorWhenNsecIsLastAndQnameBefore b/src/test/resources/recordings/org_xbill_DNS_dnssec_TestValUtils/testNameErrorWhenNsecIsLastAndQnameBefore
new file mode 100644
index 000000000..56fe87cf2
--- /dev/null
+++ b/src/test/resources/recordings/org_xbill_DNS_dnssec_TestValUtils/testNameErrorWhenNsecIsLastAndQnameBefore
@@ -0,0 +1,217 @@
+#Date: 2015-01-06T22:35:21+01:00
+;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 62178
+;; flags: qr aa rd ra cd ; qd: 1 an: 0 au: 6 ad: 1 
+;; QUESTIONS:
+;;	zz.ingotronic.ch., type = NSEC, class = IN
+
+;; ANSWERS:
+
+;; AUTHORITY RECORDS:
+ingotronic.ch.		300	IN	SOA	ns1.ingotronic.ch. admin.ingotronic.ch. 2013032762 300 60 864000 300
+ingotronic.ch.		300	IN	RRSIG	SOA 5 2 300 20150125021244 20141226011244 17430 ingotronic.ch. WDLpp9G0P/rlMBfpFn9sAfpEFoBnQfwyGSXbGCc/LG1FSkJoKLDQYDY696scLNsJgkrzZeJrl0oSSvA8AvRUhYRrmuqWMxTVFgYlRwPwqEMCKUqiVhKGVF4NYemoBiUQC4nJwBZd57xKCiF4AQ4CodBtiZxefJFAlTNE0g2yxtM=
+ingotronic.ch.		300	IN	NSEC	alias.ingotronic.ch. A NS SOA RRSIG NSEC DNSKEY
+ingotronic.ch.		300	IN	RRSIG	NSEC 5 2 300 20150125000532 20141225234703 17430 ingotronic.ch. en5BaZ6zWqEvoUFUDPm5g1pjz7THXBv/1kjKtV2tS+7xh0BtkLEzlA9n/H66ZZAX2EIh7vXj12xVJKOuEuM0o1mJwKsBaLQuTra60/zYAUIddwUOCzI3zzjiRFklPyHSnLkGoBODZcvehnsTzTPyBxkfoouleqpj7gN5jOSBL8M=
+z.ingotronic.ch.	300	IN	NSEC	ingotronic.ch. A RRSIG NSEC
+z.ingotronic.ch.	300	IN	RRSIG	NSEC 5 3 300 20150125012443 20141226010256 17430 ingotronic.ch. GGnZrgc0Q9aUOAh8w4G7j9GS2G2WcY16ZpETaX5J5x6ZshQGBgKzXDGo2A42YFLalrRas5h44O9qPMIWzwWlZMOB8vEoD+cWSjrBv/gQwzrCyxkBp4v3TLE9lFpvWwTqdKZO0MjrV37IRW91EFR4Mg2Nfb1CVDQaj67CT2ldYdo=
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 689 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 19186
+;; flags: qr rd ra ad cd ; qd: 1 an: 4 au: 0 ad: 1 
+;; QUESTIONS:
+;;	., type = DNSKEY, class = IN
+
+;; ANSWERS:
+.			87352	IN	DNSKEY	257 3 8 AwEAAagAIKlVZrpC6Ia7gEzahOR+9W29euxhJhVVLOyQbSEW0O8gcCjFFVQUTf6v58fLjwBd0YI0EzrAcQqBGCzh/RStIoO8g0NfnfL2MTJRkxoXbfDaUeVPQuYEhg37NZWAJQ9VnMVDxP/VHL496M/QZxkjf5/Efucp2gaDX6RS6CXpoY68LsvPVjR0ZSwzz1apAzvN9dlzEheX7ICJBBtuA6G3LQpzW5hOA2hzCTMjJPJ8LbqF6dsV6DoBQzgul0sGIcGOYl7OyQdXfZ57relSQageu+ipAdTTJ25AsRTAoub8ONGcLmqrAmRLKBP1dfwhYB4N7knNnulqQxA+Uk1ihz0=
+.			87352	IN	DNSKEY	256 3 8 AwEAAaPD7Y7XIi1MOEREJNTrRhyqsY3gff6JWzg+XCbqut1sbcbvqyssHw8DT1AkRaAC92pO8xuyq5QEgEPL1IHfABLwpwXI5gTj4gdwi86bpkmlWs9fRpnn4DPDCTdrnxIejJXgClHikLJF3u3CdpNCMijq4CKdQbMlRZ3avv+G7rh7
+.			87352	IN	DNSKEY	256 3 8 AwEAAe3fSrbLBy3LOS7pnxEUhvPZTE2H5dIGsI/UfruI/nOEvWWa/PSX2BFedBkEqOlYdjdNF2f+6lmfk2Od/xu0v5bVqxFE+/24v3hZSlWBxvXzPTAGHrbW/IJYEPqlzVOAS4XdUgHg0N7IbLywNHMvB+Yf+Nm6ctyXXFLV4WTNnzs7
+.			87352	IN	RRSIG	DNSKEY 8 0 172800 20150115235959 20150101000000 19036 . i8cAxD2pvQi1oAyvQxRpDfFlbqPzW+69QQEsDwE1eWOm5AtawO9U7lmsGps7sy/fVNvl1ljKBj4Djp9pb3U2FLogjiIlW0cDAkPmLlG9t+b/pjEfBNlhjANUVN06pvQVAfm+LcF26EaWT6FlISBqb6jSy4BHRa3Bdc4Sx7+pRSYSqVVvYxLkfAWsKPqGkvWhebJDndJJV9syXQXgZ+v/uJ+6XOS43xkAdeL8iBzIs/FlwMTfh3tVe3d0lb65IBBLlCzeQuetX+0Vu1YFcnD0mHc/wS2ZnAV5toAFmyVQBoY/XAZiZeaOkcROJ6Zmqezy7liwK7BqsYyAZntMhk8lbg==
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 883 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 46485
+;; flags: qr rd ra ad cd ; qd: 1 an: 2 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ch., type = DS, class = IN
+
+;; ANSWERS:
+ch.			952	IN	DS	46375 8 2 8F96646FC68BB7E4AF4C0750A6096FBC0D4ECDA3D3FA6DA06FDDB42EE50C6CF3
+ch.			952	IN	RRSIG	DS 8 1 86400 20150112170000 20150105160000 16665 . thY7xYWBBxiBjqbQIb9fAG4TmQgnziwM7q6P1T3/ITxmECdvOCQnnZA3uD7qmN8uM0HudsD7+y+zgD3rsH4RSTKdL4kHSI0OnCxToMTvklghEgFDezqIRm8NkWdI2H4Stwrj20nYKSpLQxPI2EE54gs18P3KyO8bAUYv8Qx73xU=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 238 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 54965
+;; flags: qr rd ra ad cd ; qd: 1 an: 4 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ch., type = DNSKEY, class = IN
+
+;; ANSWERS:
+ch.			953	IN	DNSKEY	256 3 8 AwEAAcsg0kY6fw1wzYMhSAKTy+Y2JzAst66P/1odp9NECJJHbU8f4nwziI3onoFSBV0ZiSZhY1aH5dhdDZ7BkrqhVXSrZPAz0CvzjIxmB1gSOf9DeZvjQvoy97HqYolxsf+B3QQv2RKBT67elF5+JisKg3/dQISelKn8LhabSoVrMlD1
+ch.			953	IN	DNSKEY	256 3 8 AwEAAcSLdT0fEmcFmLpeUkAJoeVaHKiu+nbuc43fWlqaCRVf8t2HA4uWxOk0O5ci9nrFTc8nq8oa5fk5Cj7CHh4yrX9qUCfTdIWTyp8BDEdJpS+Dyb0u9wQuVj+nQMj4fLzdQf4TJs3/qxuiLr3nL1UUwlhhXeqSqGVb7p3mtB5HJ8ad
+ch.			953	IN	DNSKEY	257 3 8 AwEAAb7GhhZ8IAy/AhwmSms5DeQK5ad09wIIplEpYoiAIYXPtJvT1ReFzyfTp/2YP+g/PWDwHPh4qKAHa9x0VgbIQcGAeNakmfkAdWEmCnca323/SAml3mwfaX62G7/uYWae5zh8QTxZKNd+K1yZ5x0IxnI31chSl5xymRbTEHYZDKwSIRFM3fTxUMt93WFaBVWELReYotJBr++rvAWdnlay5TPBTvheLBkaiqtgM4GP8HK07Y+86lsZnEsj5K3G1KTV5SPpa82rqYAwxG9VKbmSE/6/kBR5jJHjt1rRt5Oe7v18aEtw0YCEN4vxq+KuvMoNVqXUsE9LBwHJD+QNwi6wmB0=
+ch.			953	IN	RRSIG	DNSKEY 8 1 86400 20150127100909 20141212090909 46375 ch. bT8q0FWyeMH0SulNo6UdIIgZYNATwYsee2bikq2Gh339Bufma8eaqWIPYT3XKmxYPBFOw0bVl+kLZxTwbR1CFoCDXoP+qgQhh4mf9qkNiv2CDSc+0FE3FRREn+DAhYTUEuB58FPiPakFB8s8O7T+k2qhDae7jy4/y7Jl1lnjaBY8s7bzOUPhF0KKCNZmvoKwtL23ZdVeTSV1xM3jkiNnpzBKbcoSWECSGJVp1SE0BnRXdwQP41YTXFZ0310YjaTAUCC5qbMIWdEkHjfdSQtKBImnc85mkapq9w++XQ4zhauPWBtrPV3CcoCahjUaWdjrKVkibomlJZaN8MEO23CfQw==
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 893 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 18838
+;; flags: qr rd ra cd ; qd: 1 an: 3 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ingotronic.ch., type = DS, class = IN
+
+;; ANSWERS:
+ingotronic.ch.		3561	IN	DS	6031 5 1 733D0218B571CD617B1A7493564B9FC4F12ADE82
+ingotronic.ch.		3561	IN	DS	6031 5 2 4A948F2FDADA24686E473EDAC00DCF972584C75E3FAA92C2021B6221449FF87E
+ingotronic.ch.		3561	IN	RRSIG	DS 8 2 3600 20150129033614 20150105123019 60789 ch. rVPJP2HhzW7OkroK2axFj5Lb4iVWCH8Fp/Iq1rF952NDo72b8RiKje2RaAKJAGQ+wd0YgE+PAej04GCmkhlDJA/zvPeeTxuhy3HbJzReMlQ7fjyH+wW1hli+FuIYvogXWf7nO/9VyPORt8X/f/pjrOr3Vlj9sGLN8TGYpEuVSw4=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 288 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 26238
+;; flags: qr aa rd ra cd ; qd: 1 an: 4 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ingotronic.ch., type = DNSKEY, class = IN
+
+;; ANSWERS:
+ingotronic.ch.		300	IN	DNSKEY	256 3 5 AwEAAZ2Xh77GFzpEDx7EHYxShqltHgkiG+BOjBGifEmnJhQSdE5/yNSLFNcdhZZ8HUPxYnaedTqJcFFg4AzUsQklF/fECegTJdZjaj2WoL0/I8K7HMfY/hVuRZUWPNglYi8agJRX6gdkFTCpUNI7stpgKqxtzUJhhw15uG/lKMplwqUr
+ingotronic.ch.		300	IN	DNSKEY	257 3 5 AwEAAeA1vzmjaB+eBAcvhzpKEgAEFpvQ1rg4uKDW6MsQtacKoqBpgyep2+LuWotz5p/xYxj3NGsArwN8Ad5cY0FHRr8miTT0elOv6nvlqGIfRuhj/BXAQ1x4ihpSFslHw0lJMYFwxsUZWpUyjWX/nv1xRZMMwF46gui0N4OEbyTYusCk77D+A71k+K0EAitFIbIH4GCUKmH1H7HmXhSVH9bN/n7KEGwW32lmsuuUcJoRKDkcUvbMXY/9Xoa2quERrUg/rBbDUHowRPjYDS5GzY1+f4YY8s40BufGiqyUTKKXL953MVFK8gmezXA0hbmrnZ7CBOw/7238mORAdzExaX8n7CE=
+ingotronic.ch.		300	IN	RRSIG	DNSKEY 5 2 300 20150125003700 20141226001657 6031 ingotronic.ch. rs1QlP2SlSpA2ELbzwg3DgWLzXWL3Lpv6CUJE2Q0qH2Zp7Qdy3cD+ZEtNh9v24Qv1M6JJ3zFt8mmZoCeW2ycuMbJCqBkW9CBuwF+VznZvZY2MxwPipvhvEEGP//0M8YAZJ66yQPDv3PTdAP8FYbIrJyvY44vwyncwbslpfHT9jAsrbfr3vuMuWps86dnP462q+0s1TxBfqi8mzo3gdavjHKWVNwohLahLKT+tWeu6DSzQv0YwMjwtkLgF7QRgx3ctIIkloOrnx9nHH1N6y+hxEB89fOlyVDjHhgL5uVtsD5fEdT0FJ2Gc/2nShEMMqIwr1/J9kUq1mNySff/uEe65Q==
+ingotronic.ch.		300	IN	RRSIG	DNSKEY 5 2 300 20150125003700 20141226001657 17430 ingotronic.ch. mEwZjhQqeWksWD0TCnNBrtce4YkWJL3edqL6PvAUu8Fn+Ih437kEs3+pqdkgRsdYQ9HW+lBm/8pWwJlNAv0bi9NykItXMwAUFtncgq+6Pnh3iAM972GXSa5VV4LcGQ5b8CBdHCHiEKDqyPv5Hr5QfYL/FQaWlcNRh4QZZlZNPFA=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 940 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 57008
+;; flags: qr rd ra ad cd ; qd: 1 an: 4 au: 0 ad: 1 
+;; QUESTIONS:
+;;	., type = DNSKEY, class = IN
+
+;; ANSWERS:
+.			87352	IN	DNSKEY	256 3 8 AwEAAaPD7Y7XIi1MOEREJNTrRhyqsY3gff6JWzg+XCbqut1sbcbvqyssHw8DT1AkRaAC92pO8xuyq5QEgEPL1IHfABLwpwXI5gTj4gdwi86bpkmlWs9fRpnn4DPDCTdrnxIejJXgClHikLJF3u3CdpNCMijq4CKdQbMlRZ3avv+G7rh7
+.			87352	IN	DNSKEY	257 3 8 AwEAAagAIKlVZrpC6Ia7gEzahOR+9W29euxhJhVVLOyQbSEW0O8gcCjFFVQUTf6v58fLjwBd0YI0EzrAcQqBGCzh/RStIoO8g0NfnfL2MTJRkxoXbfDaUeVPQuYEhg37NZWAJQ9VnMVDxP/VHL496M/QZxkjf5/Efucp2gaDX6RS6CXpoY68LsvPVjR0ZSwzz1apAzvN9dlzEheX7ICJBBtuA6G3LQpzW5hOA2hzCTMjJPJ8LbqF6dsV6DoBQzgul0sGIcGOYl7OyQdXfZ57relSQageu+ipAdTTJ25AsRTAoub8ONGcLmqrAmRLKBP1dfwhYB4N7knNnulqQxA+Uk1ihz0=
+.			87352	IN	DNSKEY	256 3 8 AwEAAe3fSrbLBy3LOS7pnxEUhvPZTE2H5dIGsI/UfruI/nOEvWWa/PSX2BFedBkEqOlYdjdNF2f+6lmfk2Od/xu0v5bVqxFE+/24v3hZSlWBxvXzPTAGHrbW/IJYEPqlzVOAS4XdUgHg0N7IbLywNHMvB+Yf+Nm6ctyXXFLV4WTNnzs7
+.			87352	IN	RRSIG	DNSKEY 8 0 172800 20150115235959 20150101000000 19036 . i8cAxD2pvQi1oAyvQxRpDfFlbqPzW+69QQEsDwE1eWOm5AtawO9U7lmsGps7sy/fVNvl1ljKBj4Djp9pb3U2FLogjiIlW0cDAkPmLlG9t+b/pjEfBNlhjANUVN06pvQVAfm+LcF26EaWT6FlISBqb6jSy4BHRa3Bdc4Sx7+pRSYSqVVvYxLkfAWsKPqGkvWhebJDndJJV9syXQXgZ+v/uJ+6XOS43xkAdeL8iBzIs/FlwMTfh3tVe3d0lb65IBBLlCzeQuetX+0Vu1YFcnD0mHc/wS2ZnAV5toAFmyVQBoY/XAZiZeaOkcROJ6Zmqezy7liwK7BqsYyAZntMhk8lbg==
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 883 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 44823
+;; flags: qr rd ra ad cd ; qd: 1 an: 2 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ch., type = DS, class = IN
+
+;; ANSWERS:
+ch.			952	IN	DS	46375 8 2 8F96646FC68BB7E4AF4C0750A6096FBC0D4ECDA3D3FA6DA06FDDB42EE50C6CF3
+ch.			952	IN	RRSIG	DS 8 1 86400 20150112170000 20150105160000 16665 . thY7xYWBBxiBjqbQIb9fAG4TmQgnziwM7q6P1T3/ITxmECdvOCQnnZA3uD7qmN8uM0HudsD7+y+zgD3rsH4RSTKdL4kHSI0OnCxToMTvklghEgFDezqIRm8NkWdI2H4Stwrj20nYKSpLQxPI2EE54gs18P3KyO8bAUYv8Qx73xU=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 238 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 29043
+;; flags: qr rd ra ad cd ; qd: 1 an: 4 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ch., type = DNSKEY, class = IN
+
+;; ANSWERS:
+ch.			953	IN	DNSKEY	257 3 8 AwEAAb7GhhZ8IAy/AhwmSms5DeQK5ad09wIIplEpYoiAIYXPtJvT1ReFzyfTp/2YP+g/PWDwHPh4qKAHa9x0VgbIQcGAeNakmfkAdWEmCnca323/SAml3mwfaX62G7/uYWae5zh8QTxZKNd+K1yZ5x0IxnI31chSl5xymRbTEHYZDKwSIRFM3fTxUMt93WFaBVWELReYotJBr++rvAWdnlay5TPBTvheLBkaiqtgM4GP8HK07Y+86lsZnEsj5K3G1KTV5SPpa82rqYAwxG9VKbmSE/6/kBR5jJHjt1rRt5Oe7v18aEtw0YCEN4vxq+KuvMoNVqXUsE9LBwHJD+QNwi6wmB0=
+ch.			953	IN	DNSKEY	256 3 8 AwEAAcSLdT0fEmcFmLpeUkAJoeVaHKiu+nbuc43fWlqaCRVf8t2HA4uWxOk0O5ci9nrFTc8nq8oa5fk5Cj7CHh4yrX9qUCfTdIWTyp8BDEdJpS+Dyb0u9wQuVj+nQMj4fLzdQf4TJs3/qxuiLr3nL1UUwlhhXeqSqGVb7p3mtB5HJ8ad
+ch.			953	IN	DNSKEY	256 3 8 AwEAAcsg0kY6fw1wzYMhSAKTy+Y2JzAst66P/1odp9NECJJHbU8f4nwziI3onoFSBV0ZiSZhY1aH5dhdDZ7BkrqhVXSrZPAz0CvzjIxmB1gSOf9DeZvjQvoy97HqYolxsf+B3QQv2RKBT67elF5+JisKg3/dQISelKn8LhabSoVrMlD1
+ch.			953	IN	RRSIG	DNSKEY 8 1 86400 20150127100909 20141212090909 46375 ch. bT8q0FWyeMH0SulNo6UdIIgZYNATwYsee2bikq2Gh339Bufma8eaqWIPYT3XKmxYPBFOw0bVl+kLZxTwbR1CFoCDXoP+qgQhh4mf9qkNiv2CDSc+0FE3FRREn+DAhYTUEuB58FPiPakFB8s8O7T+k2qhDae7jy4/y7Jl1lnjaBY8s7bzOUPhF0KKCNZmvoKwtL23ZdVeTSV1xM3jkiNnpzBKbcoSWECSGJVp1SE0BnRXdwQP41YTXFZ0310YjaTAUCC5qbMIWdEkHjfdSQtKBImnc85mkapq9w++XQ4zhauPWBtrPV3CcoCahjUaWdjrKVkibomlJZaN8MEO23CfQw==
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 893 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 62522
+;; flags: qr rd ra cd ; qd: 1 an: 3 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ingotronic.ch., type = DS, class = IN
+
+;; ANSWERS:
+ingotronic.ch.		3561	IN	DS	6031 5 1 733D0218B571CD617B1A7493564B9FC4F12ADE82
+ingotronic.ch.		3561	IN	DS	6031 5 2 4A948F2FDADA24686E473EDAC00DCF972584C75E3FAA92C2021B6221449FF87E
+ingotronic.ch.		3561	IN	RRSIG	DS 8 2 3600 20150129033614 20150105123019 60789 ch. rVPJP2HhzW7OkroK2axFj5Lb4iVWCH8Fp/Iq1rF952NDo72b8RiKje2RaAKJAGQ+wd0YgE+PAej04GCmkhlDJA/zvPeeTxuhy3HbJzReMlQ7fjyH+wW1hli+FuIYvogXWf7nO/9VyPORt8X/f/pjrOr3Vlj9sGLN8TGYpEuVSw4=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 288 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 24379
+;; flags: qr aa rd ra cd ; qd: 1 an: 4 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ingotronic.ch., type = DNSKEY, class = IN
+
+;; ANSWERS:
+ingotronic.ch.		300	IN	DNSKEY	256 3 5 AwEAAZ2Xh77GFzpEDx7EHYxShqltHgkiG+BOjBGifEmnJhQSdE5/yNSLFNcdhZZ8HUPxYnaedTqJcFFg4AzUsQklF/fECegTJdZjaj2WoL0/I8K7HMfY/hVuRZUWPNglYi8agJRX6gdkFTCpUNI7stpgKqxtzUJhhw15uG/lKMplwqUr
+ingotronic.ch.		300	IN	DNSKEY	257 3 5 AwEAAeA1vzmjaB+eBAcvhzpKEgAEFpvQ1rg4uKDW6MsQtacKoqBpgyep2+LuWotz5p/xYxj3NGsArwN8Ad5cY0FHRr8miTT0elOv6nvlqGIfRuhj/BXAQ1x4ihpSFslHw0lJMYFwxsUZWpUyjWX/nv1xRZMMwF46gui0N4OEbyTYusCk77D+A71k+K0EAitFIbIH4GCUKmH1H7HmXhSVH9bN/n7KEGwW32lmsuuUcJoRKDkcUvbMXY/9Xoa2quERrUg/rBbDUHowRPjYDS5GzY1+f4YY8s40BufGiqyUTKKXL953MVFK8gmezXA0hbmrnZ7CBOw/7238mORAdzExaX8n7CE=
+ingotronic.ch.		300	IN	RRSIG	DNSKEY 5 2 300 20150125003700 20141226001657 6031 ingotronic.ch. rs1QlP2SlSpA2ELbzwg3DgWLzXWL3Lpv6CUJE2Q0qH2Zp7Qdy3cD+ZEtNh9v24Qv1M6JJ3zFt8mmZoCeW2ycuMbJCqBkW9CBuwF+VznZvZY2MxwPipvhvEEGP//0M8YAZJ66yQPDv3PTdAP8FYbIrJyvY44vwyncwbslpfHT9jAsrbfr3vuMuWps86dnP462q+0s1TxBfqi8mzo3gdavjHKWVNwohLahLKT+tWeu6DSzQv0YwMjwtkLgF7QRgx3ctIIkloOrnx9nHH1N6y+hxEB89fOlyVDjHhgL5uVtsD5fEdT0FJ2Gc/2nShEMMqIwr1/J9kUq1mNySff/uEe65Q==
+ingotronic.ch.		300	IN	RRSIG	DNSKEY 5 2 300 20150125003700 20141226001657 17430 ingotronic.ch. mEwZjhQqeWksWD0TCnNBrtce4YkWJL3edqL6PvAUu8Fn+Ih437kEs3+pqdkgRsdYQ9HW+lBm/8pWwJlNAv0bi9NykItXMwAUFtncgq+6Pnh3iAM972GXSa5VV4LcGQ5b8CBdHCHiEKDqyPv5Hr5QfYL/FQaWlcNRh4QZZlZNPFA=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 940 bytes
+
+###############################################
+
diff --git a/src/test/resources/recordings/org_xbill_DNS_dnssec_TestValUtils/testNameErrorWhenNsecIsLastAndQnameDifferentDomain b/src/test/resources/recordings/org_xbill_DNS_dnssec_TestValUtils/testNameErrorWhenNsecIsLastAndQnameDifferentDomain
new file mode 100644
index 000000000..652c4b6ce
--- /dev/null
+++ b/src/test/resources/recordings/org_xbill_DNS_dnssec_TestValUtils/testNameErrorWhenNsecIsLastAndQnameDifferentDomain
@@ -0,0 +1,217 @@
+#Date: 2015-01-06T22:35:20+01:00
+;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 3858
+;; flags: qr aa rd ra cd ; qd: 1 an: 0 au: 6 ad: 1 
+;; QUESTIONS:
+;;	zz.ingotronic.ch., type = NSEC, class = IN
+
+;; ANSWERS:
+
+;; AUTHORITY RECORDS:
+ingotronic.ch.		300	IN	SOA	ns1.ingotronic.ch. admin.ingotronic.ch. 2013032762 300 60 864000 300
+ingotronic.ch.		300	IN	RRSIG	SOA 5 2 300 20150125021244 20141226011244 17430 ingotronic.ch. WDLpp9G0P/rlMBfpFn9sAfpEFoBnQfwyGSXbGCc/LG1FSkJoKLDQYDY696scLNsJgkrzZeJrl0oSSvA8AvRUhYRrmuqWMxTVFgYlRwPwqEMCKUqiVhKGVF4NYemoBiUQC4nJwBZd57xKCiF4AQ4CodBtiZxefJFAlTNE0g2yxtM=
+ingotronic.ch.		300	IN	NSEC	alias.ingotronic.ch. A NS SOA RRSIG NSEC DNSKEY
+ingotronic.ch.		300	IN	RRSIG	NSEC 5 2 300 20150125000532 20141225234703 17430 ingotronic.ch. en5BaZ6zWqEvoUFUDPm5g1pjz7THXBv/1kjKtV2tS+7xh0BtkLEzlA9n/H66ZZAX2EIh7vXj12xVJKOuEuM0o1mJwKsBaLQuTra60/zYAUIddwUOCzI3zzjiRFklPyHSnLkGoBODZcvehnsTzTPyBxkfoouleqpj7gN5jOSBL8M=
+z.ingotronic.ch.	300	IN	NSEC	ingotronic.ch. A RRSIG NSEC
+z.ingotronic.ch.	300	IN	RRSIG	NSEC 5 3 300 20150125012443 20141226010256 17430 ingotronic.ch. GGnZrgc0Q9aUOAh8w4G7j9GS2G2WcY16ZpETaX5J5x6ZshQGBgKzXDGo2A42YFLalrRas5h44O9qPMIWzwWlZMOB8vEoD+cWSjrBv/gQwzrCyxkBp4v3TLE9lFpvWwTqdKZO0MjrV37IRW91EFR4Mg2Nfb1CVDQaj67CT2ldYdo=
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 689 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 2610
+;; flags: qr rd ra ad cd ; qd: 1 an: 4 au: 0 ad: 1 
+;; QUESTIONS:
+;;	., type = DNSKEY, class = IN
+
+;; ANSWERS:
+.			87353	IN	DNSKEY	256 3 8 AwEAAaPD7Y7XIi1MOEREJNTrRhyqsY3gff6JWzg+XCbqut1sbcbvqyssHw8DT1AkRaAC92pO8xuyq5QEgEPL1IHfABLwpwXI5gTj4gdwi86bpkmlWs9fRpnn4DPDCTdrnxIejJXgClHikLJF3u3CdpNCMijq4CKdQbMlRZ3avv+G7rh7
+.			87353	IN	DNSKEY	257 3 8 AwEAAagAIKlVZrpC6Ia7gEzahOR+9W29euxhJhVVLOyQbSEW0O8gcCjFFVQUTf6v58fLjwBd0YI0EzrAcQqBGCzh/RStIoO8g0NfnfL2MTJRkxoXbfDaUeVPQuYEhg37NZWAJQ9VnMVDxP/VHL496M/QZxkjf5/Efucp2gaDX6RS6CXpoY68LsvPVjR0ZSwzz1apAzvN9dlzEheX7ICJBBtuA6G3LQpzW5hOA2hzCTMjJPJ8LbqF6dsV6DoBQzgul0sGIcGOYl7OyQdXfZ57relSQageu+ipAdTTJ25AsRTAoub8ONGcLmqrAmRLKBP1dfwhYB4N7knNnulqQxA+Uk1ihz0=
+.			87353	IN	DNSKEY	256 3 8 AwEAAe3fSrbLBy3LOS7pnxEUhvPZTE2H5dIGsI/UfruI/nOEvWWa/PSX2BFedBkEqOlYdjdNF2f+6lmfk2Od/xu0v5bVqxFE+/24v3hZSlWBxvXzPTAGHrbW/IJYEPqlzVOAS4XdUgHg0N7IbLywNHMvB+Yf+Nm6ctyXXFLV4WTNnzs7
+.			87353	IN	RRSIG	DNSKEY 8 0 172800 20150115235959 20150101000000 19036 . i8cAxD2pvQi1oAyvQxRpDfFlbqPzW+69QQEsDwE1eWOm5AtawO9U7lmsGps7sy/fVNvl1ljKBj4Djp9pb3U2FLogjiIlW0cDAkPmLlG9t+b/pjEfBNlhjANUVN06pvQVAfm+LcF26EaWT6FlISBqb6jSy4BHRa3Bdc4Sx7+pRSYSqVVvYxLkfAWsKPqGkvWhebJDndJJV9syXQXgZ+v/uJ+6XOS43xkAdeL8iBzIs/FlwMTfh3tVe3d0lb65IBBLlCzeQuetX+0Vu1YFcnD0mHc/wS2ZnAV5toAFmyVQBoY/XAZiZeaOkcROJ6Zmqezy7liwK7BqsYyAZntMhk8lbg==
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 883 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 41375
+;; flags: qr rd ra ad cd ; qd: 1 an: 2 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ch., type = DS, class = IN
+
+;; ANSWERS:
+ch.			953	IN	DS	46375 8 2 8F96646FC68BB7E4AF4C0750A6096FBC0D4ECDA3D3FA6DA06FDDB42EE50C6CF3
+ch.			953	IN	RRSIG	DS 8 1 86400 20150112170000 20150105160000 16665 . thY7xYWBBxiBjqbQIb9fAG4TmQgnziwM7q6P1T3/ITxmECdvOCQnnZA3uD7qmN8uM0HudsD7+y+zgD3rsH4RSTKdL4kHSI0OnCxToMTvklghEgFDezqIRm8NkWdI2H4Stwrj20nYKSpLQxPI2EE54gs18P3KyO8bAUYv8Qx73xU=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 238 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 28417
+;; flags: qr rd ra ad cd ; qd: 1 an: 4 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ch., type = DNSKEY, class = IN
+
+;; ANSWERS:
+ch.			954	IN	DNSKEY	256 3 8 AwEAAcsg0kY6fw1wzYMhSAKTy+Y2JzAst66P/1odp9NECJJHbU8f4nwziI3onoFSBV0ZiSZhY1aH5dhdDZ7BkrqhVXSrZPAz0CvzjIxmB1gSOf9DeZvjQvoy97HqYolxsf+B3QQv2RKBT67elF5+JisKg3/dQISelKn8LhabSoVrMlD1
+ch.			954	IN	DNSKEY	256 3 8 AwEAAcSLdT0fEmcFmLpeUkAJoeVaHKiu+nbuc43fWlqaCRVf8t2HA4uWxOk0O5ci9nrFTc8nq8oa5fk5Cj7CHh4yrX9qUCfTdIWTyp8BDEdJpS+Dyb0u9wQuVj+nQMj4fLzdQf4TJs3/qxuiLr3nL1UUwlhhXeqSqGVb7p3mtB5HJ8ad
+ch.			954	IN	DNSKEY	257 3 8 AwEAAb7GhhZ8IAy/AhwmSms5DeQK5ad09wIIplEpYoiAIYXPtJvT1ReFzyfTp/2YP+g/PWDwHPh4qKAHa9x0VgbIQcGAeNakmfkAdWEmCnca323/SAml3mwfaX62G7/uYWae5zh8QTxZKNd+K1yZ5x0IxnI31chSl5xymRbTEHYZDKwSIRFM3fTxUMt93WFaBVWELReYotJBr++rvAWdnlay5TPBTvheLBkaiqtgM4GP8HK07Y+86lsZnEsj5K3G1KTV5SPpa82rqYAwxG9VKbmSE/6/kBR5jJHjt1rRt5Oe7v18aEtw0YCEN4vxq+KuvMoNVqXUsE9LBwHJD+QNwi6wmB0=
+ch.			954	IN	RRSIG	DNSKEY 8 1 86400 20150127100909 20141212090909 46375 ch. bT8q0FWyeMH0SulNo6UdIIgZYNATwYsee2bikq2Gh339Bufma8eaqWIPYT3XKmxYPBFOw0bVl+kLZxTwbR1CFoCDXoP+qgQhh4mf9qkNiv2CDSc+0FE3FRREn+DAhYTUEuB58FPiPakFB8s8O7T+k2qhDae7jy4/y7Jl1lnjaBY8s7bzOUPhF0KKCNZmvoKwtL23ZdVeTSV1xM3jkiNnpzBKbcoSWECSGJVp1SE0BnRXdwQP41YTXFZ0310YjaTAUCC5qbMIWdEkHjfdSQtKBImnc85mkapq9w++XQ4zhauPWBtrPV3CcoCahjUaWdjrKVkibomlJZaN8MEO23CfQw==
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 893 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 7903
+;; flags: qr rd ra cd ; qd: 1 an: 3 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ingotronic.ch., type = DS, class = IN
+
+;; ANSWERS:
+ingotronic.ch.		3562	IN	DS	6031 5 2 4A948F2FDADA24686E473EDAC00DCF972584C75E3FAA92C2021B6221449FF87E
+ingotronic.ch.		3562	IN	DS	6031 5 1 733D0218B571CD617B1A7493564B9FC4F12ADE82
+ingotronic.ch.		3562	IN	RRSIG	DS 8 2 3600 20150129033614 20150105123019 60789 ch. rVPJP2HhzW7OkroK2axFj5Lb4iVWCH8Fp/Iq1rF952NDo72b8RiKje2RaAKJAGQ+wd0YgE+PAej04GCmkhlDJA/zvPeeTxuhy3HbJzReMlQ7fjyH+wW1hli+FuIYvogXWf7nO/9VyPORt8X/f/pjrOr3Vlj9sGLN8TGYpEuVSw4=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 288 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 25373
+;; flags: qr aa rd ra cd ; qd: 1 an: 4 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ingotronic.ch., type = DNSKEY, class = IN
+
+;; ANSWERS:
+ingotronic.ch.		300	IN	DNSKEY	257 3 5 AwEAAeA1vzmjaB+eBAcvhzpKEgAEFpvQ1rg4uKDW6MsQtacKoqBpgyep2+LuWotz5p/xYxj3NGsArwN8Ad5cY0FHRr8miTT0elOv6nvlqGIfRuhj/BXAQ1x4ihpSFslHw0lJMYFwxsUZWpUyjWX/nv1xRZMMwF46gui0N4OEbyTYusCk77D+A71k+K0EAitFIbIH4GCUKmH1H7HmXhSVH9bN/n7KEGwW32lmsuuUcJoRKDkcUvbMXY/9Xoa2quERrUg/rBbDUHowRPjYDS5GzY1+f4YY8s40BufGiqyUTKKXL953MVFK8gmezXA0hbmrnZ7CBOw/7238mORAdzExaX8n7CE=
+ingotronic.ch.		300	IN	DNSKEY	256 3 5 AwEAAZ2Xh77GFzpEDx7EHYxShqltHgkiG+BOjBGifEmnJhQSdE5/yNSLFNcdhZZ8HUPxYnaedTqJcFFg4AzUsQklF/fECegTJdZjaj2WoL0/I8K7HMfY/hVuRZUWPNglYi8agJRX6gdkFTCpUNI7stpgKqxtzUJhhw15uG/lKMplwqUr
+ingotronic.ch.		300	IN	RRSIG	DNSKEY 5 2 300 20150125003700 20141226001657 6031 ingotronic.ch. rs1QlP2SlSpA2ELbzwg3DgWLzXWL3Lpv6CUJE2Q0qH2Zp7Qdy3cD+ZEtNh9v24Qv1M6JJ3zFt8mmZoCeW2ycuMbJCqBkW9CBuwF+VznZvZY2MxwPipvhvEEGP//0M8YAZJ66yQPDv3PTdAP8FYbIrJyvY44vwyncwbslpfHT9jAsrbfr3vuMuWps86dnP462q+0s1TxBfqi8mzo3gdavjHKWVNwohLahLKT+tWeu6DSzQv0YwMjwtkLgF7QRgx3ctIIkloOrnx9nHH1N6y+hxEB89fOlyVDjHhgL5uVtsD5fEdT0FJ2Gc/2nShEMMqIwr1/J9kUq1mNySff/uEe65Q==
+ingotronic.ch.		300	IN	RRSIG	DNSKEY 5 2 300 20150125003700 20141226001657 17430 ingotronic.ch. mEwZjhQqeWksWD0TCnNBrtce4YkWJL3edqL6PvAUu8Fn+Ih437kEs3+pqdkgRsdYQ9HW+lBm/8pWwJlNAv0bi9NykItXMwAUFtncgq+6Pnh3iAM972GXSa5VV4LcGQ5b8CBdHCHiEKDqyPv5Hr5QfYL/FQaWlcNRh4QZZlZNPFA=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 940 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 32204
+;; flags: qr rd ra ad cd ; qd: 1 an: 4 au: 0 ad: 1 
+;; QUESTIONS:
+;;	., type = DNSKEY, class = IN
+
+;; ANSWERS:
+.			87353	IN	DNSKEY	256 3 8 AwEAAe3fSrbLBy3LOS7pnxEUhvPZTE2H5dIGsI/UfruI/nOEvWWa/PSX2BFedBkEqOlYdjdNF2f+6lmfk2Od/xu0v5bVqxFE+/24v3hZSlWBxvXzPTAGHrbW/IJYEPqlzVOAS4XdUgHg0N7IbLywNHMvB+Yf+Nm6ctyXXFLV4WTNnzs7
+.			87353	IN	DNSKEY	257 3 8 AwEAAagAIKlVZrpC6Ia7gEzahOR+9W29euxhJhVVLOyQbSEW0O8gcCjFFVQUTf6v58fLjwBd0YI0EzrAcQqBGCzh/RStIoO8g0NfnfL2MTJRkxoXbfDaUeVPQuYEhg37NZWAJQ9VnMVDxP/VHL496M/QZxkjf5/Efucp2gaDX6RS6CXpoY68LsvPVjR0ZSwzz1apAzvN9dlzEheX7ICJBBtuA6G3LQpzW5hOA2hzCTMjJPJ8LbqF6dsV6DoBQzgul0sGIcGOYl7OyQdXfZ57relSQageu+ipAdTTJ25AsRTAoub8ONGcLmqrAmRLKBP1dfwhYB4N7knNnulqQxA+Uk1ihz0=
+.			87353	IN	DNSKEY	256 3 8 AwEAAaPD7Y7XIi1MOEREJNTrRhyqsY3gff6JWzg+XCbqut1sbcbvqyssHw8DT1AkRaAC92pO8xuyq5QEgEPL1IHfABLwpwXI5gTj4gdwi86bpkmlWs9fRpnn4DPDCTdrnxIejJXgClHikLJF3u3CdpNCMijq4CKdQbMlRZ3avv+G7rh7
+.			87353	IN	RRSIG	DNSKEY 8 0 172800 20150115235959 20150101000000 19036 . i8cAxD2pvQi1oAyvQxRpDfFlbqPzW+69QQEsDwE1eWOm5AtawO9U7lmsGps7sy/fVNvl1ljKBj4Djp9pb3U2FLogjiIlW0cDAkPmLlG9t+b/pjEfBNlhjANUVN06pvQVAfm+LcF26EaWT6FlISBqb6jSy4BHRa3Bdc4Sx7+pRSYSqVVvYxLkfAWsKPqGkvWhebJDndJJV9syXQXgZ+v/uJ+6XOS43xkAdeL8iBzIs/FlwMTfh3tVe3d0lb65IBBLlCzeQuetX+0Vu1YFcnD0mHc/wS2ZnAV5toAFmyVQBoY/XAZiZeaOkcROJ6Zmqezy7liwK7BqsYyAZntMhk8lbg==
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 883 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 47679
+;; flags: qr rd ra ad cd ; qd: 1 an: 2 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ch., type = DS, class = IN
+
+;; ANSWERS:
+ch.			953	IN	DS	46375 8 2 8F96646FC68BB7E4AF4C0750A6096FBC0D4ECDA3D3FA6DA06FDDB42EE50C6CF3
+ch.			953	IN	RRSIG	DS 8 1 86400 20150112170000 20150105160000 16665 . thY7xYWBBxiBjqbQIb9fAG4TmQgnziwM7q6P1T3/ITxmECdvOCQnnZA3uD7qmN8uM0HudsD7+y+zgD3rsH4RSTKdL4kHSI0OnCxToMTvklghEgFDezqIRm8NkWdI2H4Stwrj20nYKSpLQxPI2EE54gs18P3KyO8bAUYv8Qx73xU=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 238 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 14319
+;; flags: qr rd ra ad cd ; qd: 1 an: 4 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ch., type = DNSKEY, class = IN
+
+;; ANSWERS:
+ch.			954	IN	DNSKEY	257 3 8 AwEAAb7GhhZ8IAy/AhwmSms5DeQK5ad09wIIplEpYoiAIYXPtJvT1ReFzyfTp/2YP+g/PWDwHPh4qKAHa9x0VgbIQcGAeNakmfkAdWEmCnca323/SAml3mwfaX62G7/uYWae5zh8QTxZKNd+K1yZ5x0IxnI31chSl5xymRbTEHYZDKwSIRFM3fTxUMt93WFaBVWELReYotJBr++rvAWdnlay5TPBTvheLBkaiqtgM4GP8HK07Y+86lsZnEsj5K3G1KTV5SPpa82rqYAwxG9VKbmSE/6/kBR5jJHjt1rRt5Oe7v18aEtw0YCEN4vxq+KuvMoNVqXUsE9LBwHJD+QNwi6wmB0=
+ch.			954	IN	DNSKEY	256 3 8 AwEAAcsg0kY6fw1wzYMhSAKTy+Y2JzAst66P/1odp9NECJJHbU8f4nwziI3onoFSBV0ZiSZhY1aH5dhdDZ7BkrqhVXSrZPAz0CvzjIxmB1gSOf9DeZvjQvoy97HqYolxsf+B3QQv2RKBT67elF5+JisKg3/dQISelKn8LhabSoVrMlD1
+ch.			954	IN	DNSKEY	256 3 8 AwEAAcSLdT0fEmcFmLpeUkAJoeVaHKiu+nbuc43fWlqaCRVf8t2HA4uWxOk0O5ci9nrFTc8nq8oa5fk5Cj7CHh4yrX9qUCfTdIWTyp8BDEdJpS+Dyb0u9wQuVj+nQMj4fLzdQf4TJs3/qxuiLr3nL1UUwlhhXeqSqGVb7p3mtB5HJ8ad
+ch.			954	IN	RRSIG	DNSKEY 8 1 86400 20150127100909 20141212090909 46375 ch. bT8q0FWyeMH0SulNo6UdIIgZYNATwYsee2bikq2Gh339Bufma8eaqWIPYT3XKmxYPBFOw0bVl+kLZxTwbR1CFoCDXoP+qgQhh4mf9qkNiv2CDSc+0FE3FRREn+DAhYTUEuB58FPiPakFB8s8O7T+k2qhDae7jy4/y7Jl1lnjaBY8s7bzOUPhF0KKCNZmvoKwtL23ZdVeTSV1xM3jkiNnpzBKbcoSWECSGJVp1SE0BnRXdwQP41YTXFZ0310YjaTAUCC5qbMIWdEkHjfdSQtKBImnc85mkapq9w++XQ4zhauPWBtrPV3CcoCahjUaWdjrKVkibomlJZaN8MEO23CfQw==
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 893 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 59925
+;; flags: qr rd ra cd ; qd: 1 an: 3 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ingotronic.ch., type = DS, class = IN
+
+;; ANSWERS:
+ingotronic.ch.		3562	IN	DS	6031 5 2 4A948F2FDADA24686E473EDAC00DCF972584C75E3FAA92C2021B6221449FF87E
+ingotronic.ch.		3562	IN	DS	6031 5 1 733D0218B571CD617B1A7493564B9FC4F12ADE82
+ingotronic.ch.		3562	IN	RRSIG	DS 8 2 3600 20150129033614 20150105123019 60789 ch. rVPJP2HhzW7OkroK2axFj5Lb4iVWCH8Fp/Iq1rF952NDo72b8RiKje2RaAKJAGQ+wd0YgE+PAej04GCmkhlDJA/zvPeeTxuhy3HbJzReMlQ7fjyH+wW1hli+FuIYvogXWf7nO/9VyPORt8X/f/pjrOr3Vlj9sGLN8TGYpEuVSw4=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 288 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 34298
+;; flags: qr aa rd ra cd ; qd: 1 an: 4 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ingotronic.ch., type = DNSKEY, class = IN
+
+;; ANSWERS:
+ingotronic.ch.		300	IN	DNSKEY	257 3 5 AwEAAeA1vzmjaB+eBAcvhzpKEgAEFpvQ1rg4uKDW6MsQtacKoqBpgyep2+LuWotz5p/xYxj3NGsArwN8Ad5cY0FHRr8miTT0elOv6nvlqGIfRuhj/BXAQ1x4ihpSFslHw0lJMYFwxsUZWpUyjWX/nv1xRZMMwF46gui0N4OEbyTYusCk77D+A71k+K0EAitFIbIH4GCUKmH1H7HmXhSVH9bN/n7KEGwW32lmsuuUcJoRKDkcUvbMXY/9Xoa2quERrUg/rBbDUHowRPjYDS5GzY1+f4YY8s40BufGiqyUTKKXL953MVFK8gmezXA0hbmrnZ7CBOw/7238mORAdzExaX8n7CE=
+ingotronic.ch.		300	IN	DNSKEY	256 3 5 AwEAAZ2Xh77GFzpEDx7EHYxShqltHgkiG+BOjBGifEmnJhQSdE5/yNSLFNcdhZZ8HUPxYnaedTqJcFFg4AzUsQklF/fECegTJdZjaj2WoL0/I8K7HMfY/hVuRZUWPNglYi8agJRX6gdkFTCpUNI7stpgKqxtzUJhhw15uG/lKMplwqUr
+ingotronic.ch.		300	IN	RRSIG	DNSKEY 5 2 300 20150125003700 20141226001657 6031 ingotronic.ch. rs1QlP2SlSpA2ELbzwg3DgWLzXWL3Lpv6CUJE2Q0qH2Zp7Qdy3cD+ZEtNh9v24Qv1M6JJ3zFt8mmZoCeW2ycuMbJCqBkW9CBuwF+VznZvZY2MxwPipvhvEEGP//0M8YAZJ66yQPDv3PTdAP8FYbIrJyvY44vwyncwbslpfHT9jAsrbfr3vuMuWps86dnP462q+0s1TxBfqi8mzo3gdavjHKWVNwohLahLKT+tWeu6DSzQv0YwMjwtkLgF7QRgx3ctIIkloOrnx9nHH1N6y+hxEB89fOlyVDjHhgL5uVtsD5fEdT0FJ2Gc/2nShEMMqIwr1/J9kUq1mNySff/uEe65Q==
+ingotronic.ch.		300	IN	RRSIG	DNSKEY 5 2 300 20150125003700 20141226001657 17430 ingotronic.ch. mEwZjhQqeWksWD0TCnNBrtce4YkWJL3edqL6PvAUu8Fn+Ih437kEs3+pqdkgRsdYQ9HW+lBm/8pWwJlNAv0bi9NykItXMwAUFtncgq+6Pnh3iAM972GXSa5VV4LcGQ5b8CBdHCHiEKDqyPv5Hr5QfYL/FQaWlcNRh4QZZlZNPFA=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 940 bytes
+
+###############################################
+
diff --git a/src/test/resources/recordings/org_xbill_DNS_dnssec_TestValUtils/testNameErrorWhenNsecIsLastAndQnameIsZoneApex b/src/test/resources/recordings/org_xbill_DNS_dnssec_TestValUtils/testNameErrorWhenNsecIsLastAndQnameIsZoneApex
new file mode 100644
index 000000000..cfb02359f
--- /dev/null
+++ b/src/test/resources/recordings/org_xbill_DNS_dnssec_TestValUtils/testNameErrorWhenNsecIsLastAndQnameIsZoneApex
@@ -0,0 +1,217 @@
+#Date: 2015-01-06T22:35:25+01:00
+;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 46196
+;; flags: qr aa rd ra cd ; qd: 1 an: 0 au: 6 ad: 1 
+;; QUESTIONS:
+;;	zz.ingotronic.ch., type = NSEC, class = IN
+
+;; ANSWERS:
+
+;; AUTHORITY RECORDS:
+ingotronic.ch.		300	IN	SOA	ns1.ingotronic.ch. admin.ingotronic.ch. 2013032762 300 60 864000 300
+ingotronic.ch.		300	IN	RRSIG	SOA 5 2 300 20150125021244 20141226011244 17430 ingotronic.ch. WDLpp9G0P/rlMBfpFn9sAfpEFoBnQfwyGSXbGCc/LG1FSkJoKLDQYDY696scLNsJgkrzZeJrl0oSSvA8AvRUhYRrmuqWMxTVFgYlRwPwqEMCKUqiVhKGVF4NYemoBiUQC4nJwBZd57xKCiF4AQ4CodBtiZxefJFAlTNE0g2yxtM=
+ingotronic.ch.		300	IN	NSEC	alias.ingotronic.ch. A NS SOA RRSIG NSEC DNSKEY
+ingotronic.ch.		300	IN	RRSIG	NSEC 5 2 300 20150125000532 20141225234703 17430 ingotronic.ch. en5BaZ6zWqEvoUFUDPm5g1pjz7THXBv/1kjKtV2tS+7xh0BtkLEzlA9n/H66ZZAX2EIh7vXj12xVJKOuEuM0o1mJwKsBaLQuTra60/zYAUIddwUOCzI3zzjiRFklPyHSnLkGoBODZcvehnsTzTPyBxkfoouleqpj7gN5jOSBL8M=
+z.ingotronic.ch.	300	IN	NSEC	ingotronic.ch. A RRSIG NSEC
+z.ingotronic.ch.	300	IN	RRSIG	NSEC 5 3 300 20150125012443 20141226010256 17430 ingotronic.ch. GGnZrgc0Q9aUOAh8w4G7j9GS2G2WcY16ZpETaX5J5x6ZshQGBgKzXDGo2A42YFLalrRas5h44O9qPMIWzwWlZMOB8vEoD+cWSjrBv/gQwzrCyxkBp4v3TLE9lFpvWwTqdKZO0MjrV37IRW91EFR4Mg2Nfb1CVDQaj67CT2ldYdo=
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 689 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 46226
+;; flags: qr rd ra ad cd ; qd: 1 an: 4 au: 0 ad: 1 
+;; QUESTIONS:
+;;	., type = DNSKEY, class = IN
+
+;; ANSWERS:
+.			87348	IN	DNSKEY	256 3 8 AwEAAe3fSrbLBy3LOS7pnxEUhvPZTE2H5dIGsI/UfruI/nOEvWWa/PSX2BFedBkEqOlYdjdNF2f+6lmfk2Od/xu0v5bVqxFE+/24v3hZSlWBxvXzPTAGHrbW/IJYEPqlzVOAS4XdUgHg0N7IbLywNHMvB+Yf+Nm6ctyXXFLV4WTNnzs7
+.			87348	IN	DNSKEY	257 3 8 AwEAAagAIKlVZrpC6Ia7gEzahOR+9W29euxhJhVVLOyQbSEW0O8gcCjFFVQUTf6v58fLjwBd0YI0EzrAcQqBGCzh/RStIoO8g0NfnfL2MTJRkxoXbfDaUeVPQuYEhg37NZWAJQ9VnMVDxP/VHL496M/QZxkjf5/Efucp2gaDX6RS6CXpoY68LsvPVjR0ZSwzz1apAzvN9dlzEheX7ICJBBtuA6G3LQpzW5hOA2hzCTMjJPJ8LbqF6dsV6DoBQzgul0sGIcGOYl7OyQdXfZ57relSQageu+ipAdTTJ25AsRTAoub8ONGcLmqrAmRLKBP1dfwhYB4N7knNnulqQxA+Uk1ihz0=
+.			87348	IN	DNSKEY	256 3 8 AwEAAaPD7Y7XIi1MOEREJNTrRhyqsY3gff6JWzg+XCbqut1sbcbvqyssHw8DT1AkRaAC92pO8xuyq5QEgEPL1IHfABLwpwXI5gTj4gdwi86bpkmlWs9fRpnn4DPDCTdrnxIejJXgClHikLJF3u3CdpNCMijq4CKdQbMlRZ3avv+G7rh7
+.			87348	IN	RRSIG	DNSKEY 8 0 172800 20150115235959 20150101000000 19036 . i8cAxD2pvQi1oAyvQxRpDfFlbqPzW+69QQEsDwE1eWOm5AtawO9U7lmsGps7sy/fVNvl1ljKBj4Djp9pb3U2FLogjiIlW0cDAkPmLlG9t+b/pjEfBNlhjANUVN06pvQVAfm+LcF26EaWT6FlISBqb6jSy4BHRa3Bdc4Sx7+pRSYSqVVvYxLkfAWsKPqGkvWhebJDndJJV9syXQXgZ+v/uJ+6XOS43xkAdeL8iBzIs/FlwMTfh3tVe3d0lb65IBBLlCzeQuetX+0Vu1YFcnD0mHc/wS2ZnAV5toAFmyVQBoY/XAZiZeaOkcROJ6Zmqezy7liwK7BqsYyAZntMhk8lbg==
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 883 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 14685
+;; flags: qr rd ra ad cd ; qd: 1 an: 2 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ch., type = DS, class = IN
+
+;; ANSWERS:
+ch.			948	IN	DS	46375 8 2 8F96646FC68BB7E4AF4C0750A6096FBC0D4ECDA3D3FA6DA06FDDB42EE50C6CF3
+ch.			948	IN	RRSIG	DS 8 1 86400 20150112170000 20150105160000 16665 . thY7xYWBBxiBjqbQIb9fAG4TmQgnziwM7q6P1T3/ITxmECdvOCQnnZA3uD7qmN8uM0HudsD7+y+zgD3rsH4RSTKdL4kHSI0OnCxToMTvklghEgFDezqIRm8NkWdI2H4Stwrj20nYKSpLQxPI2EE54gs18P3KyO8bAUYv8Qx73xU=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 238 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 64652
+;; flags: qr rd ra ad cd ; qd: 1 an: 4 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ch., type = DNSKEY, class = IN
+
+;; ANSWERS:
+ch.			949	IN	DNSKEY	256 3 8 AwEAAcSLdT0fEmcFmLpeUkAJoeVaHKiu+nbuc43fWlqaCRVf8t2HA4uWxOk0O5ci9nrFTc8nq8oa5fk5Cj7CHh4yrX9qUCfTdIWTyp8BDEdJpS+Dyb0u9wQuVj+nQMj4fLzdQf4TJs3/qxuiLr3nL1UUwlhhXeqSqGVb7p3mtB5HJ8ad
+ch.			949	IN	DNSKEY	257 3 8 AwEAAb7GhhZ8IAy/AhwmSms5DeQK5ad09wIIplEpYoiAIYXPtJvT1ReFzyfTp/2YP+g/PWDwHPh4qKAHa9x0VgbIQcGAeNakmfkAdWEmCnca323/SAml3mwfaX62G7/uYWae5zh8QTxZKNd+K1yZ5x0IxnI31chSl5xymRbTEHYZDKwSIRFM3fTxUMt93WFaBVWELReYotJBr++rvAWdnlay5TPBTvheLBkaiqtgM4GP8HK07Y+86lsZnEsj5K3G1KTV5SPpa82rqYAwxG9VKbmSE/6/kBR5jJHjt1rRt5Oe7v18aEtw0YCEN4vxq+KuvMoNVqXUsE9LBwHJD+QNwi6wmB0=
+ch.			949	IN	DNSKEY	256 3 8 AwEAAcsg0kY6fw1wzYMhSAKTy+Y2JzAst66P/1odp9NECJJHbU8f4nwziI3onoFSBV0ZiSZhY1aH5dhdDZ7BkrqhVXSrZPAz0CvzjIxmB1gSOf9DeZvjQvoy97HqYolxsf+B3QQv2RKBT67elF5+JisKg3/dQISelKn8LhabSoVrMlD1
+ch.			949	IN	RRSIG	DNSKEY 8 1 86400 20150127100909 20141212090909 46375 ch. bT8q0FWyeMH0SulNo6UdIIgZYNATwYsee2bikq2Gh339Bufma8eaqWIPYT3XKmxYPBFOw0bVl+kLZxTwbR1CFoCDXoP+qgQhh4mf9qkNiv2CDSc+0FE3FRREn+DAhYTUEuB58FPiPakFB8s8O7T+k2qhDae7jy4/y7Jl1lnjaBY8s7bzOUPhF0KKCNZmvoKwtL23ZdVeTSV1xM3jkiNnpzBKbcoSWECSGJVp1SE0BnRXdwQP41YTXFZ0310YjaTAUCC5qbMIWdEkHjfdSQtKBImnc85mkapq9w++XQ4zhauPWBtrPV3CcoCahjUaWdjrKVkibomlJZaN8MEO23CfQw==
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 893 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 11788
+;; flags: qr rd ra cd ; qd: 1 an: 3 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ingotronic.ch., type = DS, class = IN
+
+;; ANSWERS:
+ingotronic.ch.		3557	IN	DS	6031 5 2 4A948F2FDADA24686E473EDAC00DCF972584C75E3FAA92C2021B6221449FF87E
+ingotronic.ch.		3557	IN	DS	6031 5 1 733D0218B571CD617B1A7493564B9FC4F12ADE82
+ingotronic.ch.		3557	IN	RRSIG	DS 8 2 3600 20150129033614 20150105123019 60789 ch. rVPJP2HhzW7OkroK2axFj5Lb4iVWCH8Fp/Iq1rF952NDo72b8RiKje2RaAKJAGQ+wd0YgE+PAej04GCmkhlDJA/zvPeeTxuhy3HbJzReMlQ7fjyH+wW1hli+FuIYvogXWf7nO/9VyPORt8X/f/pjrOr3Vlj9sGLN8TGYpEuVSw4=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 288 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 55534
+;; flags: qr aa rd ra cd ; qd: 1 an: 4 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ingotronic.ch., type = DNSKEY, class = IN
+
+;; ANSWERS:
+ingotronic.ch.		300	IN	DNSKEY	256 3 5 AwEAAZ2Xh77GFzpEDx7EHYxShqltHgkiG+BOjBGifEmnJhQSdE5/yNSLFNcdhZZ8HUPxYnaedTqJcFFg4AzUsQklF/fECegTJdZjaj2WoL0/I8K7HMfY/hVuRZUWPNglYi8agJRX6gdkFTCpUNI7stpgKqxtzUJhhw15uG/lKMplwqUr
+ingotronic.ch.		300	IN	DNSKEY	257 3 5 AwEAAeA1vzmjaB+eBAcvhzpKEgAEFpvQ1rg4uKDW6MsQtacKoqBpgyep2+LuWotz5p/xYxj3NGsArwN8Ad5cY0FHRr8miTT0elOv6nvlqGIfRuhj/BXAQ1x4ihpSFslHw0lJMYFwxsUZWpUyjWX/nv1xRZMMwF46gui0N4OEbyTYusCk77D+A71k+K0EAitFIbIH4GCUKmH1H7HmXhSVH9bN/n7KEGwW32lmsuuUcJoRKDkcUvbMXY/9Xoa2quERrUg/rBbDUHowRPjYDS5GzY1+f4YY8s40BufGiqyUTKKXL953MVFK8gmezXA0hbmrnZ7CBOw/7238mORAdzExaX8n7CE=
+ingotronic.ch.		300	IN	RRSIG	DNSKEY 5 2 300 20150125003700 20141226001657 6031 ingotronic.ch. rs1QlP2SlSpA2ELbzwg3DgWLzXWL3Lpv6CUJE2Q0qH2Zp7Qdy3cD+ZEtNh9v24Qv1M6JJ3zFt8mmZoCeW2ycuMbJCqBkW9CBuwF+VznZvZY2MxwPipvhvEEGP//0M8YAZJ66yQPDv3PTdAP8FYbIrJyvY44vwyncwbslpfHT9jAsrbfr3vuMuWps86dnP462q+0s1TxBfqi8mzo3gdavjHKWVNwohLahLKT+tWeu6DSzQv0YwMjwtkLgF7QRgx3ctIIkloOrnx9nHH1N6y+hxEB89fOlyVDjHhgL5uVtsD5fEdT0FJ2Gc/2nShEMMqIwr1/J9kUq1mNySff/uEe65Q==
+ingotronic.ch.		300	IN	RRSIG	DNSKEY 5 2 300 20150125003700 20141226001657 17430 ingotronic.ch. mEwZjhQqeWksWD0TCnNBrtce4YkWJL3edqL6PvAUu8Fn+Ih437kEs3+pqdkgRsdYQ9HW+lBm/8pWwJlNAv0bi9NykItXMwAUFtncgq+6Pnh3iAM972GXSa5VV4LcGQ5b8CBdHCHiEKDqyPv5Hr5QfYL/FQaWlcNRh4QZZlZNPFA=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 940 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 2043
+;; flags: qr rd ra ad cd ; qd: 1 an: 4 au: 0 ad: 1 
+;; QUESTIONS:
+;;	., type = DNSKEY, class = IN
+
+;; ANSWERS:
+.			87348	IN	DNSKEY	256 3 8 AwEAAaPD7Y7XIi1MOEREJNTrRhyqsY3gff6JWzg+XCbqut1sbcbvqyssHw8DT1AkRaAC92pO8xuyq5QEgEPL1IHfABLwpwXI5gTj4gdwi86bpkmlWs9fRpnn4DPDCTdrnxIejJXgClHikLJF3u3CdpNCMijq4CKdQbMlRZ3avv+G7rh7
+.			87348	IN	DNSKEY	256 3 8 AwEAAe3fSrbLBy3LOS7pnxEUhvPZTE2H5dIGsI/UfruI/nOEvWWa/PSX2BFedBkEqOlYdjdNF2f+6lmfk2Od/xu0v5bVqxFE+/24v3hZSlWBxvXzPTAGHrbW/IJYEPqlzVOAS4XdUgHg0N7IbLywNHMvB+Yf+Nm6ctyXXFLV4WTNnzs7
+.			87348	IN	DNSKEY	257 3 8 AwEAAagAIKlVZrpC6Ia7gEzahOR+9W29euxhJhVVLOyQbSEW0O8gcCjFFVQUTf6v58fLjwBd0YI0EzrAcQqBGCzh/RStIoO8g0NfnfL2MTJRkxoXbfDaUeVPQuYEhg37NZWAJQ9VnMVDxP/VHL496M/QZxkjf5/Efucp2gaDX6RS6CXpoY68LsvPVjR0ZSwzz1apAzvN9dlzEheX7ICJBBtuA6G3LQpzW5hOA2hzCTMjJPJ8LbqF6dsV6DoBQzgul0sGIcGOYl7OyQdXfZ57relSQageu+ipAdTTJ25AsRTAoub8ONGcLmqrAmRLKBP1dfwhYB4N7knNnulqQxA+Uk1ihz0=
+.			87348	IN	RRSIG	DNSKEY 8 0 172800 20150115235959 20150101000000 19036 . i8cAxD2pvQi1oAyvQxRpDfFlbqPzW+69QQEsDwE1eWOm5AtawO9U7lmsGps7sy/fVNvl1ljKBj4Djp9pb3U2FLogjiIlW0cDAkPmLlG9t+b/pjEfBNlhjANUVN06pvQVAfm+LcF26EaWT6FlISBqb6jSy4BHRa3Bdc4Sx7+pRSYSqVVvYxLkfAWsKPqGkvWhebJDndJJV9syXQXgZ+v/uJ+6XOS43xkAdeL8iBzIs/FlwMTfh3tVe3d0lb65IBBLlCzeQuetX+0Vu1YFcnD0mHc/wS2ZnAV5toAFmyVQBoY/XAZiZeaOkcROJ6Zmqezy7liwK7BqsYyAZntMhk8lbg==
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 883 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 58372
+;; flags: qr rd ra ad cd ; qd: 1 an: 2 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ch., type = DS, class = IN
+
+;; ANSWERS:
+ch.			948	IN	DS	46375 8 2 8F96646FC68BB7E4AF4C0750A6096FBC0D4ECDA3D3FA6DA06FDDB42EE50C6CF3
+ch.			948	IN	RRSIG	DS 8 1 86400 20150112170000 20150105160000 16665 . thY7xYWBBxiBjqbQIb9fAG4TmQgnziwM7q6P1T3/ITxmECdvOCQnnZA3uD7qmN8uM0HudsD7+y+zgD3rsH4RSTKdL4kHSI0OnCxToMTvklghEgFDezqIRm8NkWdI2H4Stwrj20nYKSpLQxPI2EE54gs18P3KyO8bAUYv8Qx73xU=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 238 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 49750
+;; flags: qr rd ra ad cd ; qd: 1 an: 4 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ch., type = DNSKEY, class = IN
+
+;; ANSWERS:
+ch.			949	IN	DNSKEY	256 3 8 AwEAAcSLdT0fEmcFmLpeUkAJoeVaHKiu+nbuc43fWlqaCRVf8t2HA4uWxOk0O5ci9nrFTc8nq8oa5fk5Cj7CHh4yrX9qUCfTdIWTyp8BDEdJpS+Dyb0u9wQuVj+nQMj4fLzdQf4TJs3/qxuiLr3nL1UUwlhhXeqSqGVb7p3mtB5HJ8ad
+ch.			949	IN	DNSKEY	257 3 8 AwEAAb7GhhZ8IAy/AhwmSms5DeQK5ad09wIIplEpYoiAIYXPtJvT1ReFzyfTp/2YP+g/PWDwHPh4qKAHa9x0VgbIQcGAeNakmfkAdWEmCnca323/SAml3mwfaX62G7/uYWae5zh8QTxZKNd+K1yZ5x0IxnI31chSl5xymRbTEHYZDKwSIRFM3fTxUMt93WFaBVWELReYotJBr++rvAWdnlay5TPBTvheLBkaiqtgM4GP8HK07Y+86lsZnEsj5K3G1KTV5SPpa82rqYAwxG9VKbmSE/6/kBR5jJHjt1rRt5Oe7v18aEtw0YCEN4vxq+KuvMoNVqXUsE9LBwHJD+QNwi6wmB0=
+ch.			949	IN	DNSKEY	256 3 8 AwEAAcsg0kY6fw1wzYMhSAKTy+Y2JzAst66P/1odp9NECJJHbU8f4nwziI3onoFSBV0ZiSZhY1aH5dhdDZ7BkrqhVXSrZPAz0CvzjIxmB1gSOf9DeZvjQvoy97HqYolxsf+B3QQv2RKBT67elF5+JisKg3/dQISelKn8LhabSoVrMlD1
+ch.			949	IN	RRSIG	DNSKEY 8 1 86400 20150127100909 20141212090909 46375 ch. bT8q0FWyeMH0SulNo6UdIIgZYNATwYsee2bikq2Gh339Bufma8eaqWIPYT3XKmxYPBFOw0bVl+kLZxTwbR1CFoCDXoP+qgQhh4mf9qkNiv2CDSc+0FE3FRREn+DAhYTUEuB58FPiPakFB8s8O7T+k2qhDae7jy4/y7Jl1lnjaBY8s7bzOUPhF0KKCNZmvoKwtL23ZdVeTSV1xM3jkiNnpzBKbcoSWECSGJVp1SE0BnRXdwQP41YTXFZ0310YjaTAUCC5qbMIWdEkHjfdSQtKBImnc85mkapq9w++XQ4zhauPWBtrPV3CcoCahjUaWdjrKVkibomlJZaN8MEO23CfQw==
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 893 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 17160
+;; flags: qr rd ra cd ; qd: 1 an: 3 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ingotronic.ch., type = DS, class = IN
+
+;; ANSWERS:
+ingotronic.ch.		3557	IN	DS	6031 5 2 4A948F2FDADA24686E473EDAC00DCF972584C75E3FAA92C2021B6221449FF87E
+ingotronic.ch.		3557	IN	DS	6031 5 1 733D0218B571CD617B1A7493564B9FC4F12ADE82
+ingotronic.ch.		3557	IN	RRSIG	DS 8 2 3600 20150129033614 20150105123019 60789 ch. rVPJP2HhzW7OkroK2axFj5Lb4iVWCH8Fp/Iq1rF952NDo72b8RiKje2RaAKJAGQ+wd0YgE+PAej04GCmkhlDJA/zvPeeTxuhy3HbJzReMlQ7fjyH+wW1hli+FuIYvogXWf7nO/9VyPORt8X/f/pjrOr3Vlj9sGLN8TGYpEuVSw4=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 288 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 13681
+;; flags: qr aa rd ra cd ; qd: 1 an: 4 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ingotronic.ch., type = DNSKEY, class = IN
+
+;; ANSWERS:
+ingotronic.ch.		300	IN	DNSKEY	257 3 5 AwEAAeA1vzmjaB+eBAcvhzpKEgAEFpvQ1rg4uKDW6MsQtacKoqBpgyep2+LuWotz5p/xYxj3NGsArwN8Ad5cY0FHRr8miTT0elOv6nvlqGIfRuhj/BXAQ1x4ihpSFslHw0lJMYFwxsUZWpUyjWX/nv1xRZMMwF46gui0N4OEbyTYusCk77D+A71k+K0EAitFIbIH4GCUKmH1H7HmXhSVH9bN/n7KEGwW32lmsuuUcJoRKDkcUvbMXY/9Xoa2quERrUg/rBbDUHowRPjYDS5GzY1+f4YY8s40BufGiqyUTKKXL953MVFK8gmezXA0hbmrnZ7CBOw/7238mORAdzExaX8n7CE=
+ingotronic.ch.		300	IN	DNSKEY	256 3 5 AwEAAZ2Xh77GFzpEDx7EHYxShqltHgkiG+BOjBGifEmnJhQSdE5/yNSLFNcdhZZ8HUPxYnaedTqJcFFg4AzUsQklF/fECegTJdZjaj2WoL0/I8K7HMfY/hVuRZUWPNglYi8agJRX6gdkFTCpUNI7stpgKqxtzUJhhw15uG/lKMplwqUr
+ingotronic.ch.		300	IN	RRSIG	DNSKEY 5 2 300 20150125003700 20141226001657 6031 ingotronic.ch. rs1QlP2SlSpA2ELbzwg3DgWLzXWL3Lpv6CUJE2Q0qH2Zp7Qdy3cD+ZEtNh9v24Qv1M6JJ3zFt8mmZoCeW2ycuMbJCqBkW9CBuwF+VznZvZY2MxwPipvhvEEGP//0M8YAZJ66yQPDv3PTdAP8FYbIrJyvY44vwyncwbslpfHT9jAsrbfr3vuMuWps86dnP462q+0s1TxBfqi8mzo3gdavjHKWVNwohLahLKT+tWeu6DSzQv0YwMjwtkLgF7QRgx3ctIIkloOrnx9nHH1N6y+hxEB89fOlyVDjHhgL5uVtsD5fEdT0FJ2Gc/2nShEMMqIwr1/J9kUq1mNySff/uEe65Q==
+ingotronic.ch.		300	IN	RRSIG	DNSKEY 5 2 300 20150125003700 20141226001657 17430 ingotronic.ch. mEwZjhQqeWksWD0TCnNBrtce4YkWJL3edqL6PvAUu8Fn+Ih437kEs3+pqdkgRsdYQ9HW+lBm/8pWwJlNAv0bi9NykItXMwAUFtncgq+6Pnh3iAM972GXSa5VV4LcGQ5b8CBdHCHiEKDqyPv5Hr5QfYL/FQaWlcNRh4QZZlZNPFA=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 940 bytes
+
+###############################################
+
diff --git a/src/test/resources/recordings/org_xbill_DNS_dnssec_TestValUtils/testNameErrorWhenNsecIsNotFromApex b/src/test/resources/recordings/org_xbill_DNS_dnssec_TestValUtils/testNameErrorWhenNsecIsNotFromApex
new file mode 100644
index 000000000..195cf70bd
--- /dev/null
+++ b/src/test/resources/recordings/org_xbill_DNS_dnssec_TestValUtils/testNameErrorWhenNsecIsNotFromApex
@@ -0,0 +1,118 @@
+#Date: 2015-01-06T22:35:22+01:00
+;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 22814
+;; flags: qr aa rd ra cd ; qd: 1 an: 0 au: 4 ad: 1 
+;; QUESTIONS:
+;;	1.www.ingotronic.ch., type = A, class = IN
+
+;; ANSWERS:
+
+;; AUTHORITY RECORDS:
+ingotronic.ch.		300	IN	SOA	ns1.ingotronic.ch. admin.ingotronic.ch. 2013032762 300 60 864000 300
+ingotronic.ch.		300	IN	RRSIG	SOA 5 2 300 20150125021244 20141226011244 17430 ingotronic.ch. WDLpp9G0P/rlMBfpFn9sAfpEFoBnQfwyGSXbGCc/LG1FSkJoKLDQYDY696scLNsJgkrzZeJrl0oSSvA8AvRUhYRrmuqWMxTVFgYlRwPwqEMCKUqiVhKGVF4NYemoBiUQC4nJwBZd57xKCiF4AQ4CodBtiZxefJFAlTNE0g2yxtM=
+www.ingotronic.ch.	300	IN	NSEC	z.ingotronic.ch. A AAAA RRSIG NSEC
+www.ingotronic.ch.	300	IN	RRSIG	NSEC 5 3 300 20150125012443 20141226010256 17430 ingotronic.ch. fMbLmn92jrN7YeM4XWcq7/kKLiPB3Ll4yQSLiPRWQw79ZVeNJMkqEqdstEnnTyKu/hAId6YpvMKsJnIfCTVyoO75i6CaEKXOpvf9AT7TstEUj0YKjp4vWvcNs2F2144nrnqnaVFX8ZTxnUV50R+/AsqtKA+2/Tky6SlNhzeWVMI=
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 477 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 53508
+;; flags: qr rd ra ad cd ; qd: 1 an: 4 au: 0 ad: 1 
+;; QUESTIONS:
+;;	., type = DNSKEY, class = IN
+
+;; ANSWERS:
+.			87351	IN	DNSKEY	256 3 8 AwEAAaPD7Y7XIi1MOEREJNTrRhyqsY3gff6JWzg+XCbqut1sbcbvqyssHw8DT1AkRaAC92pO8xuyq5QEgEPL1IHfABLwpwXI5gTj4gdwi86bpkmlWs9fRpnn4DPDCTdrnxIejJXgClHikLJF3u3CdpNCMijq4CKdQbMlRZ3avv+G7rh7
+.			87351	IN	DNSKEY	256 3 8 AwEAAe3fSrbLBy3LOS7pnxEUhvPZTE2H5dIGsI/UfruI/nOEvWWa/PSX2BFedBkEqOlYdjdNF2f+6lmfk2Od/xu0v5bVqxFE+/24v3hZSlWBxvXzPTAGHrbW/IJYEPqlzVOAS4XdUgHg0N7IbLywNHMvB+Yf+Nm6ctyXXFLV4WTNnzs7
+.			87351	IN	DNSKEY	257 3 8 AwEAAagAIKlVZrpC6Ia7gEzahOR+9W29euxhJhVVLOyQbSEW0O8gcCjFFVQUTf6v58fLjwBd0YI0EzrAcQqBGCzh/RStIoO8g0NfnfL2MTJRkxoXbfDaUeVPQuYEhg37NZWAJQ9VnMVDxP/VHL496M/QZxkjf5/Efucp2gaDX6RS6CXpoY68LsvPVjR0ZSwzz1apAzvN9dlzEheX7ICJBBtuA6G3LQpzW5hOA2hzCTMjJPJ8LbqF6dsV6DoBQzgul0sGIcGOYl7OyQdXfZ57relSQageu+ipAdTTJ25AsRTAoub8ONGcLmqrAmRLKBP1dfwhYB4N7knNnulqQxA+Uk1ihz0=
+.			87351	IN	RRSIG	DNSKEY 8 0 172800 20150115235959 20150101000000 19036 . i8cAxD2pvQi1oAyvQxRpDfFlbqPzW+69QQEsDwE1eWOm5AtawO9U7lmsGps7sy/fVNvl1ljKBj4Djp9pb3U2FLogjiIlW0cDAkPmLlG9t+b/pjEfBNlhjANUVN06pvQVAfm+LcF26EaWT6FlISBqb6jSy4BHRa3Bdc4Sx7+pRSYSqVVvYxLkfAWsKPqGkvWhebJDndJJV9syXQXgZ+v/uJ+6XOS43xkAdeL8iBzIs/FlwMTfh3tVe3d0lb65IBBLlCzeQuetX+0Vu1YFcnD0mHc/wS2ZnAV5toAFmyVQBoY/XAZiZeaOkcROJ6Zmqezy7liwK7BqsYyAZntMhk8lbg==
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 883 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 36666
+;; flags: qr rd ra ad cd ; qd: 1 an: 2 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ch., type = DS, class = IN
+
+;; ANSWERS:
+ch.			951	IN	DS	46375 8 2 8F96646FC68BB7E4AF4C0750A6096FBC0D4ECDA3D3FA6DA06FDDB42EE50C6CF3
+ch.			951	IN	RRSIG	DS 8 1 86400 20150112170000 20150105160000 16665 . thY7xYWBBxiBjqbQIb9fAG4TmQgnziwM7q6P1T3/ITxmECdvOCQnnZA3uD7qmN8uM0HudsD7+y+zgD3rsH4RSTKdL4kHSI0OnCxToMTvklghEgFDezqIRm8NkWdI2H4Stwrj20nYKSpLQxPI2EE54gs18P3KyO8bAUYv8Qx73xU=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 238 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 23619
+;; flags: qr rd ra ad cd ; qd: 1 an: 4 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ch., type = DNSKEY, class = IN
+
+;; ANSWERS:
+ch.			952	IN	DNSKEY	256 3 8 AwEAAcsg0kY6fw1wzYMhSAKTy+Y2JzAst66P/1odp9NECJJHbU8f4nwziI3onoFSBV0ZiSZhY1aH5dhdDZ7BkrqhVXSrZPAz0CvzjIxmB1gSOf9DeZvjQvoy97HqYolxsf+B3QQv2RKBT67elF5+JisKg3/dQISelKn8LhabSoVrMlD1
+ch.			952	IN	DNSKEY	257 3 8 AwEAAb7GhhZ8IAy/AhwmSms5DeQK5ad09wIIplEpYoiAIYXPtJvT1ReFzyfTp/2YP+g/PWDwHPh4qKAHa9x0VgbIQcGAeNakmfkAdWEmCnca323/SAml3mwfaX62G7/uYWae5zh8QTxZKNd+K1yZ5x0IxnI31chSl5xymRbTEHYZDKwSIRFM3fTxUMt93WFaBVWELReYotJBr++rvAWdnlay5TPBTvheLBkaiqtgM4GP8HK07Y+86lsZnEsj5K3G1KTV5SPpa82rqYAwxG9VKbmSE/6/kBR5jJHjt1rRt5Oe7v18aEtw0YCEN4vxq+KuvMoNVqXUsE9LBwHJD+QNwi6wmB0=
+ch.			952	IN	DNSKEY	256 3 8 AwEAAcSLdT0fEmcFmLpeUkAJoeVaHKiu+nbuc43fWlqaCRVf8t2HA4uWxOk0O5ci9nrFTc8nq8oa5fk5Cj7CHh4yrX9qUCfTdIWTyp8BDEdJpS+Dyb0u9wQuVj+nQMj4fLzdQf4TJs3/qxuiLr3nL1UUwlhhXeqSqGVb7p3mtB5HJ8ad
+ch.			952	IN	RRSIG	DNSKEY 8 1 86400 20150127100909 20141212090909 46375 ch. bT8q0FWyeMH0SulNo6UdIIgZYNATwYsee2bikq2Gh339Bufma8eaqWIPYT3XKmxYPBFOw0bVl+kLZxTwbR1CFoCDXoP+qgQhh4mf9qkNiv2CDSc+0FE3FRREn+DAhYTUEuB58FPiPakFB8s8O7T+k2qhDae7jy4/y7Jl1lnjaBY8s7bzOUPhF0KKCNZmvoKwtL23ZdVeTSV1xM3jkiNnpzBKbcoSWECSGJVp1SE0BnRXdwQP41YTXFZ0310YjaTAUCC5qbMIWdEkHjfdSQtKBImnc85mkapq9w++XQ4zhauPWBtrPV3CcoCahjUaWdjrKVkibomlJZaN8MEO23CfQw==
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 893 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 14849
+;; flags: qr rd ra cd ; qd: 1 an: 3 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ingotronic.ch., type = DS, class = IN
+
+;; ANSWERS:
+ingotronic.ch.		3560	IN	DS	6031 5 1 733D0218B571CD617B1A7493564B9FC4F12ADE82
+ingotronic.ch.		3560	IN	DS	6031 5 2 4A948F2FDADA24686E473EDAC00DCF972584C75E3FAA92C2021B6221449FF87E
+ingotronic.ch.		3560	IN	RRSIG	DS 8 2 3600 20150129033614 20150105123019 60789 ch. rVPJP2HhzW7OkroK2axFj5Lb4iVWCH8Fp/Iq1rF952NDo72b8RiKje2RaAKJAGQ+wd0YgE+PAej04GCmkhlDJA/zvPeeTxuhy3HbJzReMlQ7fjyH+wW1hli+FuIYvogXWf7nO/9VyPORt8X/f/pjrOr3Vlj9sGLN8TGYpEuVSw4=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 288 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 44885
+;; flags: qr aa rd ra cd ; qd: 1 an: 4 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ingotronic.ch., type = DNSKEY, class = IN
+
+;; ANSWERS:
+ingotronic.ch.		300	IN	DNSKEY	256 3 5 AwEAAZ2Xh77GFzpEDx7EHYxShqltHgkiG+BOjBGifEmnJhQSdE5/yNSLFNcdhZZ8HUPxYnaedTqJcFFg4AzUsQklF/fECegTJdZjaj2WoL0/I8K7HMfY/hVuRZUWPNglYi8agJRX6gdkFTCpUNI7stpgKqxtzUJhhw15uG/lKMplwqUr
+ingotronic.ch.		300	IN	DNSKEY	257 3 5 AwEAAeA1vzmjaB+eBAcvhzpKEgAEFpvQ1rg4uKDW6MsQtacKoqBpgyep2+LuWotz5p/xYxj3NGsArwN8Ad5cY0FHRr8miTT0elOv6nvlqGIfRuhj/BXAQ1x4ihpSFslHw0lJMYFwxsUZWpUyjWX/nv1xRZMMwF46gui0N4OEbyTYusCk77D+A71k+K0EAitFIbIH4GCUKmH1H7HmXhSVH9bN/n7KEGwW32lmsuuUcJoRKDkcUvbMXY/9Xoa2quERrUg/rBbDUHowRPjYDS5GzY1+f4YY8s40BufGiqyUTKKXL953MVFK8gmezXA0hbmrnZ7CBOw/7238mORAdzExaX8n7CE=
+ingotronic.ch.		300	IN	RRSIG	DNSKEY 5 2 300 20150125003700 20141226001657 6031 ingotronic.ch. rs1QlP2SlSpA2ELbzwg3DgWLzXWL3Lpv6CUJE2Q0qH2Zp7Qdy3cD+ZEtNh9v24Qv1M6JJ3zFt8mmZoCeW2ycuMbJCqBkW9CBuwF+VznZvZY2MxwPipvhvEEGP//0M8YAZJ66yQPDv3PTdAP8FYbIrJyvY44vwyncwbslpfHT9jAsrbfr3vuMuWps86dnP462q+0s1TxBfqi8mzo3gdavjHKWVNwohLahLKT+tWeu6DSzQv0YwMjwtkLgF7QRgx3ctIIkloOrnx9nHH1N6y+hxEB89fOlyVDjHhgL5uVtsD5fEdT0FJ2Gc/2nShEMMqIwr1/J9kUq1mNySff/uEe65Q==
+ingotronic.ch.		300	IN	RRSIG	DNSKEY 5 2 300 20150125003700 20141226001657 17430 ingotronic.ch. mEwZjhQqeWksWD0TCnNBrtce4YkWJL3edqL6PvAUu8Fn+Ih437kEs3+pqdkgRsdYQ9HW+lBm/8pWwJlNAv0bi9NykItXMwAUFtncgq+6Pnh3iAM972GXSa5VV4LcGQ5b8CBdHCHiEKDqyPv5Hr5QfYL/FQaWlcNRh4QZZlZNPFA=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 940 bytes
+
+###############################################
+
diff --git a/src/test/resources/recordings/org_xbill_DNS_dnssec_TestValUtils/testNameErrorWhenResultIsFromDelegationPoint b/src/test/resources/recordings/org_xbill_DNS_dnssec_TestValUtils/testNameErrorWhenResultIsFromDelegationPoint
new file mode 100644
index 000000000..ca7e65cb6
--- /dev/null
+++ b/src/test/resources/recordings/org_xbill_DNS_dnssec_TestValUtils/testNameErrorWhenResultIsFromDelegationPoint
@@ -0,0 +1,217 @@
+#Date: 2015-01-06T22:35:24+01:00
+;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 6532
+;; flags: qr aa rd ra cd ; qd: 1 an: 0 au: 6 ad: 1 
+;; QUESTIONS:
+;;	sub1.ingotronic.ch., type = NSEC, class = IN
+
+;; ANSWERS:
+
+;; AUTHORITY RECORDS:
+ingotronic.ch.		300	IN	SOA	ns1.ingotronic.ch. admin.ingotronic.ch. 2013032762 300 60 864000 300
+ingotronic.ch.		300	IN	RRSIG	SOA 5 2 300 20150125021244 20141226011244 17430 ingotronic.ch. WDLpp9G0P/rlMBfpFn9sAfpEFoBnQfwyGSXbGCc/LG1FSkJoKLDQYDY696scLNsJgkrzZeJrl0oSSvA8AvRUhYRrmuqWMxTVFgYlRwPwqEMCKUqiVhKGVF4NYemoBiUQC4nJwBZd57xKCiF4AQ4CodBtiZxefJFAlTNE0g2yxtM=
+ingotronic.ch.		300	IN	NSEC	alias.ingotronic.ch. A NS SOA RRSIG NSEC DNSKEY
+ingotronic.ch.		300	IN	RRSIG	NSEC 5 2 300 20150125000532 20141225234703 17430 ingotronic.ch. en5BaZ6zWqEvoUFUDPm5g1pjz7THXBv/1kjKtV2tS+7xh0BtkLEzlA9n/H66ZZAX2EIh7vXj12xVJKOuEuM0o1mJwKsBaLQuTra60/zYAUIddwUOCzI3zzjiRFklPyHSnLkGoBODZcvehnsTzTPyBxkfoouleqpj7gN5jOSBL8M=
+sub.ingotronic.ch.	300	IN	NSEC	unknown-alg.ingotronic.ch. NS DS RRSIG NSEC
+sub.ingotronic.ch.	300	IN	RRSIG	NSEC 5 3 300 20150125004144 20141226003211 17430 ingotronic.ch. bNZQZZypKi/2MlAYJ6h0W69GSCLxnkvq4cXdR5oBfvcGlvP5AMnuqqY0HwjByPHqg8TMn/lrlpoXPODAjeAadRD73F3GD1YgyWDr1eCeSGCIHisadDYpzdeqgQNHxYbz2UMtB5d/6Q/C4yyzWuxk3Rpwg+bV77yYlOjDxgVYMhg=
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 705 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 31146
+;; flags: qr rd ra ad cd ; qd: 1 an: 4 au: 0 ad: 1 
+;; QUESTIONS:
+;;	., type = DNSKEY, class = IN
+
+;; ANSWERS:
+.			87349	IN	DNSKEY	256 3 8 AwEAAaPD7Y7XIi1MOEREJNTrRhyqsY3gff6JWzg+XCbqut1sbcbvqyssHw8DT1AkRaAC92pO8xuyq5QEgEPL1IHfABLwpwXI5gTj4gdwi86bpkmlWs9fRpnn4DPDCTdrnxIejJXgClHikLJF3u3CdpNCMijq4CKdQbMlRZ3avv+G7rh7
+.			87349	IN	DNSKEY	257 3 8 AwEAAagAIKlVZrpC6Ia7gEzahOR+9W29euxhJhVVLOyQbSEW0O8gcCjFFVQUTf6v58fLjwBd0YI0EzrAcQqBGCzh/RStIoO8g0NfnfL2MTJRkxoXbfDaUeVPQuYEhg37NZWAJQ9VnMVDxP/VHL496M/QZxkjf5/Efucp2gaDX6RS6CXpoY68LsvPVjR0ZSwzz1apAzvN9dlzEheX7ICJBBtuA6G3LQpzW5hOA2hzCTMjJPJ8LbqF6dsV6DoBQzgul0sGIcGOYl7OyQdXfZ57relSQageu+ipAdTTJ25AsRTAoub8ONGcLmqrAmRLKBP1dfwhYB4N7knNnulqQxA+Uk1ihz0=
+.			87349	IN	DNSKEY	256 3 8 AwEAAe3fSrbLBy3LOS7pnxEUhvPZTE2H5dIGsI/UfruI/nOEvWWa/PSX2BFedBkEqOlYdjdNF2f+6lmfk2Od/xu0v5bVqxFE+/24v3hZSlWBxvXzPTAGHrbW/IJYEPqlzVOAS4XdUgHg0N7IbLywNHMvB+Yf+Nm6ctyXXFLV4WTNnzs7
+.			87349	IN	RRSIG	DNSKEY 8 0 172800 20150115235959 20150101000000 19036 . i8cAxD2pvQi1oAyvQxRpDfFlbqPzW+69QQEsDwE1eWOm5AtawO9U7lmsGps7sy/fVNvl1ljKBj4Djp9pb3U2FLogjiIlW0cDAkPmLlG9t+b/pjEfBNlhjANUVN06pvQVAfm+LcF26EaWT6FlISBqb6jSy4BHRa3Bdc4Sx7+pRSYSqVVvYxLkfAWsKPqGkvWhebJDndJJV9syXQXgZ+v/uJ+6XOS43xkAdeL8iBzIs/FlwMTfh3tVe3d0lb65IBBLlCzeQuetX+0Vu1YFcnD0mHc/wS2ZnAV5toAFmyVQBoY/XAZiZeaOkcROJ6Zmqezy7liwK7BqsYyAZntMhk8lbg==
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 883 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 16372
+;; flags: qr rd ra ad cd ; qd: 1 an: 2 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ch., type = DS, class = IN
+
+;; ANSWERS:
+ch.			949	IN	DS	46375 8 2 8F96646FC68BB7E4AF4C0750A6096FBC0D4ECDA3D3FA6DA06FDDB42EE50C6CF3
+ch.			949	IN	RRSIG	DS 8 1 86400 20150112170000 20150105160000 16665 . thY7xYWBBxiBjqbQIb9fAG4TmQgnziwM7q6P1T3/ITxmECdvOCQnnZA3uD7qmN8uM0HudsD7+y+zgD3rsH4RSTKdL4kHSI0OnCxToMTvklghEgFDezqIRm8NkWdI2H4Stwrj20nYKSpLQxPI2EE54gs18P3KyO8bAUYv8Qx73xU=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 238 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 39104
+;; flags: qr rd ra ad cd ; qd: 1 an: 4 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ch., type = DNSKEY, class = IN
+
+;; ANSWERS:
+ch.			950	IN	DNSKEY	257 3 8 AwEAAb7GhhZ8IAy/AhwmSms5DeQK5ad09wIIplEpYoiAIYXPtJvT1ReFzyfTp/2YP+g/PWDwHPh4qKAHa9x0VgbIQcGAeNakmfkAdWEmCnca323/SAml3mwfaX62G7/uYWae5zh8QTxZKNd+K1yZ5x0IxnI31chSl5xymRbTEHYZDKwSIRFM3fTxUMt93WFaBVWELReYotJBr++rvAWdnlay5TPBTvheLBkaiqtgM4GP8HK07Y+86lsZnEsj5K3G1KTV5SPpa82rqYAwxG9VKbmSE/6/kBR5jJHjt1rRt5Oe7v18aEtw0YCEN4vxq+KuvMoNVqXUsE9LBwHJD+QNwi6wmB0=
+ch.			950	IN	DNSKEY	256 3 8 AwEAAcSLdT0fEmcFmLpeUkAJoeVaHKiu+nbuc43fWlqaCRVf8t2HA4uWxOk0O5ci9nrFTc8nq8oa5fk5Cj7CHh4yrX9qUCfTdIWTyp8BDEdJpS+Dyb0u9wQuVj+nQMj4fLzdQf4TJs3/qxuiLr3nL1UUwlhhXeqSqGVb7p3mtB5HJ8ad
+ch.			950	IN	DNSKEY	256 3 8 AwEAAcsg0kY6fw1wzYMhSAKTy+Y2JzAst66P/1odp9NECJJHbU8f4nwziI3onoFSBV0ZiSZhY1aH5dhdDZ7BkrqhVXSrZPAz0CvzjIxmB1gSOf9DeZvjQvoy97HqYolxsf+B3QQv2RKBT67elF5+JisKg3/dQISelKn8LhabSoVrMlD1
+ch.			950	IN	RRSIG	DNSKEY 8 1 86400 20150127100909 20141212090909 46375 ch. bT8q0FWyeMH0SulNo6UdIIgZYNATwYsee2bikq2Gh339Bufma8eaqWIPYT3XKmxYPBFOw0bVl+kLZxTwbR1CFoCDXoP+qgQhh4mf9qkNiv2CDSc+0FE3FRREn+DAhYTUEuB58FPiPakFB8s8O7T+k2qhDae7jy4/y7Jl1lnjaBY8s7bzOUPhF0KKCNZmvoKwtL23ZdVeTSV1xM3jkiNnpzBKbcoSWECSGJVp1SE0BnRXdwQP41YTXFZ0310YjaTAUCC5qbMIWdEkHjfdSQtKBImnc85mkapq9w++XQ4zhauPWBtrPV3CcoCahjUaWdjrKVkibomlJZaN8MEO23CfQw==
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 893 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 6834
+;; flags: qr rd ra cd ; qd: 1 an: 3 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ingotronic.ch., type = DS, class = IN
+
+;; ANSWERS:
+ingotronic.ch.		3558	IN	DS	6031 5 1 733D0218B571CD617B1A7493564B9FC4F12ADE82
+ingotronic.ch.		3558	IN	DS	6031 5 2 4A948F2FDADA24686E473EDAC00DCF972584C75E3FAA92C2021B6221449FF87E
+ingotronic.ch.		3558	IN	RRSIG	DS 8 2 3600 20150129033614 20150105123019 60789 ch. rVPJP2HhzW7OkroK2axFj5Lb4iVWCH8Fp/Iq1rF952NDo72b8RiKje2RaAKJAGQ+wd0YgE+PAej04GCmkhlDJA/zvPeeTxuhy3HbJzReMlQ7fjyH+wW1hli+FuIYvogXWf7nO/9VyPORt8X/f/pjrOr3Vlj9sGLN8TGYpEuVSw4=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 288 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 3299
+;; flags: qr aa rd ra cd ; qd: 1 an: 4 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ingotronic.ch., type = DNSKEY, class = IN
+
+;; ANSWERS:
+ingotronic.ch.		300	IN	DNSKEY	257 3 5 AwEAAeA1vzmjaB+eBAcvhzpKEgAEFpvQ1rg4uKDW6MsQtacKoqBpgyep2+LuWotz5p/xYxj3NGsArwN8Ad5cY0FHRr8miTT0elOv6nvlqGIfRuhj/BXAQ1x4ihpSFslHw0lJMYFwxsUZWpUyjWX/nv1xRZMMwF46gui0N4OEbyTYusCk77D+A71k+K0EAitFIbIH4GCUKmH1H7HmXhSVH9bN/n7KEGwW32lmsuuUcJoRKDkcUvbMXY/9Xoa2quERrUg/rBbDUHowRPjYDS5GzY1+f4YY8s40BufGiqyUTKKXL953MVFK8gmezXA0hbmrnZ7CBOw/7238mORAdzExaX8n7CE=
+ingotronic.ch.		300	IN	DNSKEY	256 3 5 AwEAAZ2Xh77GFzpEDx7EHYxShqltHgkiG+BOjBGifEmnJhQSdE5/yNSLFNcdhZZ8HUPxYnaedTqJcFFg4AzUsQklF/fECegTJdZjaj2WoL0/I8K7HMfY/hVuRZUWPNglYi8agJRX6gdkFTCpUNI7stpgKqxtzUJhhw15uG/lKMplwqUr
+ingotronic.ch.		300	IN	RRSIG	DNSKEY 5 2 300 20150125003700 20141226001657 6031 ingotronic.ch. rs1QlP2SlSpA2ELbzwg3DgWLzXWL3Lpv6CUJE2Q0qH2Zp7Qdy3cD+ZEtNh9v24Qv1M6JJ3zFt8mmZoCeW2ycuMbJCqBkW9CBuwF+VznZvZY2MxwPipvhvEEGP//0M8YAZJ66yQPDv3PTdAP8FYbIrJyvY44vwyncwbslpfHT9jAsrbfr3vuMuWps86dnP462q+0s1TxBfqi8mzo3gdavjHKWVNwohLahLKT+tWeu6DSzQv0YwMjwtkLgF7QRgx3ctIIkloOrnx9nHH1N6y+hxEB89fOlyVDjHhgL5uVtsD5fEdT0FJ2Gc/2nShEMMqIwr1/J9kUq1mNySff/uEe65Q==
+ingotronic.ch.		300	IN	RRSIG	DNSKEY 5 2 300 20150125003700 20141226001657 17430 ingotronic.ch. mEwZjhQqeWksWD0TCnNBrtce4YkWJL3edqL6PvAUu8Fn+Ih437kEs3+pqdkgRsdYQ9HW+lBm/8pWwJlNAv0bi9NykItXMwAUFtncgq+6Pnh3iAM972GXSa5VV4LcGQ5b8CBdHCHiEKDqyPv5Hr5QfYL/FQaWlcNRh4QZZlZNPFA=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 940 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 55115
+;; flags: qr rd ra ad cd ; qd: 1 an: 4 au: 0 ad: 1 
+;; QUESTIONS:
+;;	., type = DNSKEY, class = IN
+
+;; ANSWERS:
+.			87349	IN	DNSKEY	256 3 8 AwEAAe3fSrbLBy3LOS7pnxEUhvPZTE2H5dIGsI/UfruI/nOEvWWa/PSX2BFedBkEqOlYdjdNF2f+6lmfk2Od/xu0v5bVqxFE+/24v3hZSlWBxvXzPTAGHrbW/IJYEPqlzVOAS4XdUgHg0N7IbLywNHMvB+Yf+Nm6ctyXXFLV4WTNnzs7
+.			87349	IN	DNSKEY	256 3 8 AwEAAaPD7Y7XIi1MOEREJNTrRhyqsY3gff6JWzg+XCbqut1sbcbvqyssHw8DT1AkRaAC92pO8xuyq5QEgEPL1IHfABLwpwXI5gTj4gdwi86bpkmlWs9fRpnn4DPDCTdrnxIejJXgClHikLJF3u3CdpNCMijq4CKdQbMlRZ3avv+G7rh7
+.			87349	IN	DNSKEY	257 3 8 AwEAAagAIKlVZrpC6Ia7gEzahOR+9W29euxhJhVVLOyQbSEW0O8gcCjFFVQUTf6v58fLjwBd0YI0EzrAcQqBGCzh/RStIoO8g0NfnfL2MTJRkxoXbfDaUeVPQuYEhg37NZWAJQ9VnMVDxP/VHL496M/QZxkjf5/Efucp2gaDX6RS6CXpoY68LsvPVjR0ZSwzz1apAzvN9dlzEheX7ICJBBtuA6G3LQpzW5hOA2hzCTMjJPJ8LbqF6dsV6DoBQzgul0sGIcGOYl7OyQdXfZ57relSQageu+ipAdTTJ25AsRTAoub8ONGcLmqrAmRLKBP1dfwhYB4N7knNnulqQxA+Uk1ihz0=
+.			87349	IN	RRSIG	DNSKEY 8 0 172800 20150115235959 20150101000000 19036 . i8cAxD2pvQi1oAyvQxRpDfFlbqPzW+69QQEsDwE1eWOm5AtawO9U7lmsGps7sy/fVNvl1ljKBj4Djp9pb3U2FLogjiIlW0cDAkPmLlG9t+b/pjEfBNlhjANUVN06pvQVAfm+LcF26EaWT6FlISBqb6jSy4BHRa3Bdc4Sx7+pRSYSqVVvYxLkfAWsKPqGkvWhebJDndJJV9syXQXgZ+v/uJ+6XOS43xkAdeL8iBzIs/FlwMTfh3tVe3d0lb65IBBLlCzeQuetX+0Vu1YFcnD0mHc/wS2ZnAV5toAFmyVQBoY/XAZiZeaOkcROJ6Zmqezy7liwK7BqsYyAZntMhk8lbg==
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 883 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 17514
+;; flags: qr rd ra ad cd ; qd: 1 an: 2 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ch., type = DS, class = IN
+
+;; ANSWERS:
+ch.			949	IN	DS	46375 8 2 8F96646FC68BB7E4AF4C0750A6096FBC0D4ECDA3D3FA6DA06FDDB42EE50C6CF3
+ch.			949	IN	RRSIG	DS 8 1 86400 20150112170000 20150105160000 16665 . thY7xYWBBxiBjqbQIb9fAG4TmQgnziwM7q6P1T3/ITxmECdvOCQnnZA3uD7qmN8uM0HudsD7+y+zgD3rsH4RSTKdL4kHSI0OnCxToMTvklghEgFDezqIRm8NkWdI2H4Stwrj20nYKSpLQxPI2EE54gs18P3KyO8bAUYv8Qx73xU=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 238 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 53512
+;; flags: qr rd ra ad cd ; qd: 1 an: 4 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ch., type = DNSKEY, class = IN
+
+;; ANSWERS:
+ch.			950	IN	DNSKEY	256 3 8 AwEAAcSLdT0fEmcFmLpeUkAJoeVaHKiu+nbuc43fWlqaCRVf8t2HA4uWxOk0O5ci9nrFTc8nq8oa5fk5Cj7CHh4yrX9qUCfTdIWTyp8BDEdJpS+Dyb0u9wQuVj+nQMj4fLzdQf4TJs3/qxuiLr3nL1UUwlhhXeqSqGVb7p3mtB5HJ8ad
+ch.			950	IN	DNSKEY	257 3 8 AwEAAb7GhhZ8IAy/AhwmSms5DeQK5ad09wIIplEpYoiAIYXPtJvT1ReFzyfTp/2YP+g/PWDwHPh4qKAHa9x0VgbIQcGAeNakmfkAdWEmCnca323/SAml3mwfaX62G7/uYWae5zh8QTxZKNd+K1yZ5x0IxnI31chSl5xymRbTEHYZDKwSIRFM3fTxUMt93WFaBVWELReYotJBr++rvAWdnlay5TPBTvheLBkaiqtgM4GP8HK07Y+86lsZnEsj5K3G1KTV5SPpa82rqYAwxG9VKbmSE/6/kBR5jJHjt1rRt5Oe7v18aEtw0YCEN4vxq+KuvMoNVqXUsE9LBwHJD+QNwi6wmB0=
+ch.			950	IN	DNSKEY	256 3 8 AwEAAcsg0kY6fw1wzYMhSAKTy+Y2JzAst66P/1odp9NECJJHbU8f4nwziI3onoFSBV0ZiSZhY1aH5dhdDZ7BkrqhVXSrZPAz0CvzjIxmB1gSOf9DeZvjQvoy97HqYolxsf+B3QQv2RKBT67elF5+JisKg3/dQISelKn8LhabSoVrMlD1
+ch.			950	IN	RRSIG	DNSKEY 8 1 86400 20150127100909 20141212090909 46375 ch. bT8q0FWyeMH0SulNo6UdIIgZYNATwYsee2bikq2Gh339Bufma8eaqWIPYT3XKmxYPBFOw0bVl+kLZxTwbR1CFoCDXoP+qgQhh4mf9qkNiv2CDSc+0FE3FRREn+DAhYTUEuB58FPiPakFB8s8O7T+k2qhDae7jy4/y7Jl1lnjaBY8s7bzOUPhF0KKCNZmvoKwtL23ZdVeTSV1xM3jkiNnpzBKbcoSWECSGJVp1SE0BnRXdwQP41YTXFZ0310YjaTAUCC5qbMIWdEkHjfdSQtKBImnc85mkapq9w++XQ4zhauPWBtrPV3CcoCahjUaWdjrKVkibomlJZaN8MEO23CfQw==
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 893 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 38139
+;; flags: qr rd ra cd ; qd: 1 an: 3 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ingotronic.ch., type = DS, class = IN
+
+;; ANSWERS:
+ingotronic.ch.		3558	IN	DS	6031 5 1 733D0218B571CD617B1A7493564B9FC4F12ADE82
+ingotronic.ch.		3558	IN	DS	6031 5 2 4A948F2FDADA24686E473EDAC00DCF972584C75E3FAA92C2021B6221449FF87E
+ingotronic.ch.		3558	IN	RRSIG	DS 8 2 3600 20150129033614 20150105123019 60789 ch. rVPJP2HhzW7OkroK2axFj5Lb4iVWCH8Fp/Iq1rF952NDo72b8RiKje2RaAKJAGQ+wd0YgE+PAej04GCmkhlDJA/zvPeeTxuhy3HbJzReMlQ7fjyH+wW1hli+FuIYvogXWf7nO/9VyPORt8X/f/pjrOr3Vlj9sGLN8TGYpEuVSw4=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 288 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 29757
+;; flags: qr aa rd ra cd ; qd: 1 an: 4 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ingotronic.ch., type = DNSKEY, class = IN
+
+;; ANSWERS:
+ingotronic.ch.		300	IN	DNSKEY	256 3 5 AwEAAZ2Xh77GFzpEDx7EHYxShqltHgkiG+BOjBGifEmnJhQSdE5/yNSLFNcdhZZ8HUPxYnaedTqJcFFg4AzUsQklF/fECegTJdZjaj2WoL0/I8K7HMfY/hVuRZUWPNglYi8agJRX6gdkFTCpUNI7stpgKqxtzUJhhw15uG/lKMplwqUr
+ingotronic.ch.		300	IN	DNSKEY	257 3 5 AwEAAeA1vzmjaB+eBAcvhzpKEgAEFpvQ1rg4uKDW6MsQtacKoqBpgyep2+LuWotz5p/xYxj3NGsArwN8Ad5cY0FHRr8miTT0elOv6nvlqGIfRuhj/BXAQ1x4ihpSFslHw0lJMYFwxsUZWpUyjWX/nv1xRZMMwF46gui0N4OEbyTYusCk77D+A71k+K0EAitFIbIH4GCUKmH1H7HmXhSVH9bN/n7KEGwW32lmsuuUcJoRKDkcUvbMXY/9Xoa2quERrUg/rBbDUHowRPjYDS5GzY1+f4YY8s40BufGiqyUTKKXL953MVFK8gmezXA0hbmrnZ7CBOw/7238mORAdzExaX8n7CE=
+ingotronic.ch.		300	IN	RRSIG	DNSKEY 5 2 300 20150125003700 20141226001657 6031 ingotronic.ch. rs1QlP2SlSpA2ELbzwg3DgWLzXWL3Lpv6CUJE2Q0qH2Zp7Qdy3cD+ZEtNh9v24Qv1M6JJ3zFt8mmZoCeW2ycuMbJCqBkW9CBuwF+VznZvZY2MxwPipvhvEEGP//0M8YAZJ66yQPDv3PTdAP8FYbIrJyvY44vwyncwbslpfHT9jAsrbfr3vuMuWps86dnP462q+0s1TxBfqi8mzo3gdavjHKWVNwohLahLKT+tWeu6DSzQv0YwMjwtkLgF7QRgx3ctIIkloOrnx9nHH1N6y+hxEB89fOlyVDjHhgL5uVtsD5fEdT0FJ2Gc/2nShEMMqIwr1/J9kUq1mNySff/uEe65Q==
+ingotronic.ch.		300	IN	RRSIG	DNSKEY 5 2 300 20150125003700 20141226001657 17430 ingotronic.ch. mEwZjhQqeWksWD0TCnNBrtce4YkWJL3edqL6PvAUu8Fn+Ih437kEs3+pqdkgRsdYQ9HW+lBm/8pWwJlNAv0bi9NykItXMwAUFtncgq+6Pnh3iAM972GXSa5VV4LcGQ5b8CBdHCHiEKDqyPv5Hr5QfYL/FQaWlcNRh4QZZlZNPFA=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 940 bytes
+
+###############################################
+
diff --git a/src/test/resources/recordings/org_xbill_DNS_dnssec_TestValUtils/testNoDataOfDSForRoot b/src/test/resources/recordings/org_xbill_DNS_dnssec_TestValUtils/testNoDataOfDSForRoot
new file mode 100644
index 000000000..a7d447378
--- /dev/null
+++ b/src/test/resources/recordings/org_xbill_DNS_dnssec_TestValUtils/testNoDataOfDSForRoot
@@ -0,0 +1,41 @@
+#Date: 2015-01-06T22:35:22+01:00
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 57811
+;; flags: qr rd ra cd ; qd: 1 an: 0 au: 4 ad: 1 
+;; QUESTIONS:
+;;	., type = DS, class = IN
+
+;; ANSWERS:
+
+;; AUTHORITY RECORDS:
+.			10800	IN	SOA	a.root-servers.net. nstld.verisign-grs.com. 2015010601 1800 900 604800 86400
+.			10800	IN	RRSIG	SOA 8 0 86400 20150113170000 20150106160000 16665 . R9ZOwEb5fodQQNRl4WvguyqEzOxdNPQ18nI+0R5sB2JSqG4Qz45SwW+vfnFCF01UW43/GdEfGOScrYVP2UBM8F2WOM+tHMZN0t9BbP9uszTWhzdYNCl3UKYYJiB59b8HIhKXlERPVfW2UEgIiI2VajShJnUv67W8gQO56hgTNEE=
+.			10800	IN	RRSIG	NSEC 8 0 86400 20150113170000 20150106160000 16665 . wlEpGn1C8YZzJjIrlJp/GSud5FuLAZZj9C54DrKEl9gELWeIFJgLwkI1tcH4EhabbsNScB7SPOmVmnLkuM4Q6yJkmI1HXeBrddxniI2YEw+m9++/i19AqfDxuVYs52peKxXdEZ/sIS5JtDz3bdB44IAp2k1ue780z0xRV796vUk=
+.			10800	IN	NSEC	abogado. NS SOA RRSIG NSEC DNSKEY
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 448 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 65502
+;; flags: qr rd ra ad cd ; qd: 1 an: 4 au: 0 ad: 1 
+;; QUESTIONS:
+;;	., type = DNSKEY, class = IN
+
+;; ANSWERS:
+.			87351	IN	DNSKEY	256 3 8 AwEAAe3fSrbLBy3LOS7pnxEUhvPZTE2H5dIGsI/UfruI/nOEvWWa/PSX2BFedBkEqOlYdjdNF2f+6lmfk2Od/xu0v5bVqxFE+/24v3hZSlWBxvXzPTAGHrbW/IJYEPqlzVOAS4XdUgHg0N7IbLywNHMvB+Yf+Nm6ctyXXFLV4WTNnzs7
+.			87351	IN	DNSKEY	257 3 8 AwEAAagAIKlVZrpC6Ia7gEzahOR+9W29euxhJhVVLOyQbSEW0O8gcCjFFVQUTf6v58fLjwBd0YI0EzrAcQqBGCzh/RStIoO8g0NfnfL2MTJRkxoXbfDaUeVPQuYEhg37NZWAJQ9VnMVDxP/VHL496M/QZxkjf5/Efucp2gaDX6RS6CXpoY68LsvPVjR0ZSwzz1apAzvN9dlzEheX7ICJBBtuA6G3LQpzW5hOA2hzCTMjJPJ8LbqF6dsV6DoBQzgul0sGIcGOYl7OyQdXfZ57relSQageu+ipAdTTJ25AsRTAoub8ONGcLmqrAmRLKBP1dfwhYB4N7knNnulqQxA+Uk1ihz0=
+.			87351	IN	DNSKEY	256 3 8 AwEAAaPD7Y7XIi1MOEREJNTrRhyqsY3gff6JWzg+XCbqut1sbcbvqyssHw8DT1AkRaAC92pO8xuyq5QEgEPL1IHfABLwpwXI5gTj4gdwi86bpkmlWs9fRpnn4DPDCTdrnxIejJXgClHikLJF3u3CdpNCMijq4CKdQbMlRZ3avv+G7rh7
+.			87351	IN	RRSIG	DNSKEY 8 0 172800 20150115235959 20150101000000 19036 . i8cAxD2pvQi1oAyvQxRpDfFlbqPzW+69QQEsDwE1eWOm5AtawO9U7lmsGps7sy/fVNvl1ljKBj4Djp9pb3U2FLogjiIlW0cDAkPmLlG9t+b/pjEfBNlhjANUVN06pvQVAfm+LcF26EaWT6FlISBqb6jSy4BHRa3Bdc4Sx7+pRSYSqVVvYxLkfAWsKPqGkvWhebJDndJJV9syXQXgZ+v/uJ+6XOS43xkAdeL8iBzIs/FlwMTfh3tVe3d0lb65IBBLlCzeQuetX+0Vu1YFcnD0mHc/wS2ZnAV5toAFmyVQBoY/XAZiZeaOkcROJ6Zmqezy7liwK7BqsYyAZntMhk8lbg==
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 883 bytes
+
+###############################################
+
diff --git a/src/test/resources/recordings/org_xbill_DNS_dnssec_TestValUtils/testNoDataOnEntWithWrongNsec b/src/test/resources/recordings/org_xbill_DNS_dnssec_TestValUtils/testNoDataOnEntWithWrongNsec
new file mode 100644
index 000000000..7e3aa9a09
--- /dev/null
+++ b/src/test/resources/recordings/org_xbill_DNS_dnssec_TestValUtils/testNoDataOnEntWithWrongNsec
@@ -0,0 +1,217 @@
+#Date: 2015-01-06T22:35:23+01:00
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 3464
+;; flags: qr aa rd ra cd ; qd: 1 an: 2 au: 2 ad: 3 
+;; QUESTIONS:
+;;	alias.ingotronic.ch., type = NSEC, class = IN
+
+;; ANSWERS:
+alias.ingotronic.ch.	300	IN	NSEC	a.b.ingotronic.ch. DNAME RRSIG NSEC
+alias.ingotronic.ch.	300	IN	RRSIG	NSEC 5 3 300 20150125000532 20141225234703 17430 ingotronic.ch. mS+nh5skTxhOBdJlkwSGdrmhuA5FC9Am9emIhyIViET/1BoKotmbzLtfaBXAh2gRhcfDr+4OJJ6oyUcdMn/m4YG8NUsf4rAL92/YyxocUoF/oS8ZZv/BPXplCH5J4hsac+heElbPJ29v0kFVujErTaX/Ev0lYsUNI+9OmCrlQpk=
+
+;; AUTHORITY RECORDS:
+ingotronic.ch.		300	IN	NS	ns1.ingotronic.ch.
+ingotronic.ch.		300	IN	RRSIG	NS 5 2 300 20150125000532 20141225234703 17430 ingotronic.ch. VuzVJM3McSHlcdngCG/G23zCikq8tXE0CZV2ZSgUFXXFMIEoM6PMi1QRQ/8VF3tee4WGpRx2jhtkui0wFRFfwIhW7G1uPDT4qogaR3KLIyuCEsMxhRH3WJZNrLmLqlSBGvd9OBJwbmryqm3Zzqvrk+E+rh8OJeifnBBpHAX4eHg=
+
+;; ADDITIONAL RECORDS:
+ns1.ingotronic.ch.	300	IN	A	62.192.5.131
+ns1.ingotronic.ch.	300	IN	RRSIG	A 5 3 300 20150125005754 20141226001054 17430 ingotronic.ch. fNG1RZM53pXwBxruHNaSZszxVzNLoCq8VZsTjAzYH2vSLzHXYVGJFTLIeY0K9APAdyJU8WuwmABmn7XY0Kg39kRG77uoFlqUws2PdTz2QKOwJGZY7W88Ak2Y9lkDBcK8o3wJHVptrT8R7p/1U7UfjF0kqPUkakk2B0EbFWdagFg=
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 640 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 53101
+;; flags: qr rd ra ad cd ; qd: 1 an: 4 au: 0 ad: 1 
+;; QUESTIONS:
+;;	., type = DNSKEY, class = IN
+
+;; ANSWERS:
+.			87350	IN	DNSKEY	257 3 8 AwEAAagAIKlVZrpC6Ia7gEzahOR+9W29euxhJhVVLOyQbSEW0O8gcCjFFVQUTf6v58fLjwBd0YI0EzrAcQqBGCzh/RStIoO8g0NfnfL2MTJRkxoXbfDaUeVPQuYEhg37NZWAJQ9VnMVDxP/VHL496M/QZxkjf5/Efucp2gaDX6RS6CXpoY68LsvPVjR0ZSwzz1apAzvN9dlzEheX7ICJBBtuA6G3LQpzW5hOA2hzCTMjJPJ8LbqF6dsV6DoBQzgul0sGIcGOYl7OyQdXfZ57relSQageu+ipAdTTJ25AsRTAoub8ONGcLmqrAmRLKBP1dfwhYB4N7knNnulqQxA+Uk1ihz0=
+.			87350	IN	DNSKEY	256 3 8 AwEAAe3fSrbLBy3LOS7pnxEUhvPZTE2H5dIGsI/UfruI/nOEvWWa/PSX2BFedBkEqOlYdjdNF2f+6lmfk2Od/xu0v5bVqxFE+/24v3hZSlWBxvXzPTAGHrbW/IJYEPqlzVOAS4XdUgHg0N7IbLywNHMvB+Yf+Nm6ctyXXFLV4WTNnzs7
+.			87350	IN	DNSKEY	256 3 8 AwEAAaPD7Y7XIi1MOEREJNTrRhyqsY3gff6JWzg+XCbqut1sbcbvqyssHw8DT1AkRaAC92pO8xuyq5QEgEPL1IHfABLwpwXI5gTj4gdwi86bpkmlWs9fRpnn4DPDCTdrnxIejJXgClHikLJF3u3CdpNCMijq4CKdQbMlRZ3avv+G7rh7
+.			87350	IN	RRSIG	DNSKEY 8 0 172800 20150115235959 20150101000000 19036 . i8cAxD2pvQi1oAyvQxRpDfFlbqPzW+69QQEsDwE1eWOm5AtawO9U7lmsGps7sy/fVNvl1ljKBj4Djp9pb3U2FLogjiIlW0cDAkPmLlG9t+b/pjEfBNlhjANUVN06pvQVAfm+LcF26EaWT6FlISBqb6jSy4BHRa3Bdc4Sx7+pRSYSqVVvYxLkfAWsKPqGkvWhebJDndJJV9syXQXgZ+v/uJ+6XOS43xkAdeL8iBzIs/FlwMTfh3tVe3d0lb65IBBLlCzeQuetX+0Vu1YFcnD0mHc/wS2ZnAV5toAFmyVQBoY/XAZiZeaOkcROJ6Zmqezy7liwK7BqsYyAZntMhk8lbg==
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 883 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 30899
+;; flags: qr rd ra ad cd ; qd: 1 an: 2 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ch., type = DS, class = IN
+
+;; ANSWERS:
+ch.			950	IN	DS	46375 8 2 8F96646FC68BB7E4AF4C0750A6096FBC0D4ECDA3D3FA6DA06FDDB42EE50C6CF3
+ch.			950	IN	RRSIG	DS 8 1 86400 20150112170000 20150105160000 16665 . thY7xYWBBxiBjqbQIb9fAG4TmQgnziwM7q6P1T3/ITxmECdvOCQnnZA3uD7qmN8uM0HudsD7+y+zgD3rsH4RSTKdL4kHSI0OnCxToMTvklghEgFDezqIRm8NkWdI2H4Stwrj20nYKSpLQxPI2EE54gs18P3KyO8bAUYv8Qx73xU=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 238 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 8785
+;; flags: qr rd ra ad cd ; qd: 1 an: 4 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ch., type = DNSKEY, class = IN
+
+;; ANSWERS:
+ch.			951	IN	DNSKEY	257 3 8 AwEAAb7GhhZ8IAy/AhwmSms5DeQK5ad09wIIplEpYoiAIYXPtJvT1ReFzyfTp/2YP+g/PWDwHPh4qKAHa9x0VgbIQcGAeNakmfkAdWEmCnca323/SAml3mwfaX62G7/uYWae5zh8QTxZKNd+K1yZ5x0IxnI31chSl5xymRbTEHYZDKwSIRFM3fTxUMt93WFaBVWELReYotJBr++rvAWdnlay5TPBTvheLBkaiqtgM4GP8HK07Y+86lsZnEsj5K3G1KTV5SPpa82rqYAwxG9VKbmSE/6/kBR5jJHjt1rRt5Oe7v18aEtw0YCEN4vxq+KuvMoNVqXUsE9LBwHJD+QNwi6wmB0=
+ch.			951	IN	DNSKEY	256 3 8 AwEAAcSLdT0fEmcFmLpeUkAJoeVaHKiu+nbuc43fWlqaCRVf8t2HA4uWxOk0O5ci9nrFTc8nq8oa5fk5Cj7CHh4yrX9qUCfTdIWTyp8BDEdJpS+Dyb0u9wQuVj+nQMj4fLzdQf4TJs3/qxuiLr3nL1UUwlhhXeqSqGVb7p3mtB5HJ8ad
+ch.			951	IN	DNSKEY	256 3 8 AwEAAcsg0kY6fw1wzYMhSAKTy+Y2JzAst66P/1odp9NECJJHbU8f4nwziI3onoFSBV0ZiSZhY1aH5dhdDZ7BkrqhVXSrZPAz0CvzjIxmB1gSOf9DeZvjQvoy97HqYolxsf+B3QQv2RKBT67elF5+JisKg3/dQISelKn8LhabSoVrMlD1
+ch.			951	IN	RRSIG	DNSKEY 8 1 86400 20150127100909 20141212090909 46375 ch. bT8q0FWyeMH0SulNo6UdIIgZYNATwYsee2bikq2Gh339Bufma8eaqWIPYT3XKmxYPBFOw0bVl+kLZxTwbR1CFoCDXoP+qgQhh4mf9qkNiv2CDSc+0FE3FRREn+DAhYTUEuB58FPiPakFB8s8O7T+k2qhDae7jy4/y7Jl1lnjaBY8s7bzOUPhF0KKCNZmvoKwtL23ZdVeTSV1xM3jkiNnpzBKbcoSWECSGJVp1SE0BnRXdwQP41YTXFZ0310YjaTAUCC5qbMIWdEkHjfdSQtKBImnc85mkapq9w++XQ4zhauPWBtrPV3CcoCahjUaWdjrKVkibomlJZaN8MEO23CfQw==
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 893 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 18505
+;; flags: qr rd ra cd ; qd: 1 an: 3 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ingotronic.ch., type = DS, class = IN
+
+;; ANSWERS:
+ingotronic.ch.		3559	IN	DS	6031 5 2 4A948F2FDADA24686E473EDAC00DCF972584C75E3FAA92C2021B6221449FF87E
+ingotronic.ch.		3559	IN	DS	6031 5 1 733D0218B571CD617B1A7493564B9FC4F12ADE82
+ingotronic.ch.		3559	IN	RRSIG	DS 8 2 3600 20150129033614 20150105123019 60789 ch. rVPJP2HhzW7OkroK2axFj5Lb4iVWCH8Fp/Iq1rF952NDo72b8RiKje2RaAKJAGQ+wd0YgE+PAej04GCmkhlDJA/zvPeeTxuhy3HbJzReMlQ7fjyH+wW1hli+FuIYvogXWf7nO/9VyPORt8X/f/pjrOr3Vlj9sGLN8TGYpEuVSw4=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 288 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 8855
+;; flags: qr aa rd ra cd ; qd: 1 an: 4 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ingotronic.ch., type = DNSKEY, class = IN
+
+;; ANSWERS:
+ingotronic.ch.		300	IN	DNSKEY	256 3 5 AwEAAZ2Xh77GFzpEDx7EHYxShqltHgkiG+BOjBGifEmnJhQSdE5/yNSLFNcdhZZ8HUPxYnaedTqJcFFg4AzUsQklF/fECegTJdZjaj2WoL0/I8K7HMfY/hVuRZUWPNglYi8agJRX6gdkFTCpUNI7stpgKqxtzUJhhw15uG/lKMplwqUr
+ingotronic.ch.		300	IN	DNSKEY	257 3 5 AwEAAeA1vzmjaB+eBAcvhzpKEgAEFpvQ1rg4uKDW6MsQtacKoqBpgyep2+LuWotz5p/xYxj3NGsArwN8Ad5cY0FHRr8miTT0elOv6nvlqGIfRuhj/BXAQ1x4ihpSFslHw0lJMYFwxsUZWpUyjWX/nv1xRZMMwF46gui0N4OEbyTYusCk77D+A71k+K0EAitFIbIH4GCUKmH1H7HmXhSVH9bN/n7KEGwW32lmsuuUcJoRKDkcUvbMXY/9Xoa2quERrUg/rBbDUHowRPjYDS5GzY1+f4YY8s40BufGiqyUTKKXL953MVFK8gmezXA0hbmrnZ7CBOw/7238mORAdzExaX8n7CE=
+ingotronic.ch.		300	IN	RRSIG	DNSKEY 5 2 300 20150125003700 20141226001657 6031 ingotronic.ch. rs1QlP2SlSpA2ELbzwg3DgWLzXWL3Lpv6CUJE2Q0qH2Zp7Qdy3cD+ZEtNh9v24Qv1M6JJ3zFt8mmZoCeW2ycuMbJCqBkW9CBuwF+VznZvZY2MxwPipvhvEEGP//0M8YAZJ66yQPDv3PTdAP8FYbIrJyvY44vwyncwbslpfHT9jAsrbfr3vuMuWps86dnP462q+0s1TxBfqi8mzo3gdavjHKWVNwohLahLKT+tWeu6DSzQv0YwMjwtkLgF7QRgx3ctIIkloOrnx9nHH1N6y+hxEB89fOlyVDjHhgL5uVtsD5fEdT0FJ2Gc/2nShEMMqIwr1/J9kUq1mNySff/uEe65Q==
+ingotronic.ch.		300	IN	RRSIG	DNSKEY 5 2 300 20150125003700 20141226001657 17430 ingotronic.ch. mEwZjhQqeWksWD0TCnNBrtce4YkWJL3edqL6PvAUu8Fn+Ih437kEs3+pqdkgRsdYQ9HW+lBm/8pWwJlNAv0bi9NykItXMwAUFtncgq+6Pnh3iAM972GXSa5VV4LcGQ5b8CBdHCHiEKDqyPv5Hr5QfYL/FQaWlcNRh4QZZlZNPFA=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 940 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 41255
+;; flags: qr rd ra ad cd ; qd: 1 an: 4 au: 0 ad: 1 
+;; QUESTIONS:
+;;	., type = DNSKEY, class = IN
+
+;; ANSWERS:
+.			87350	IN	DNSKEY	256 3 8 AwEAAe3fSrbLBy3LOS7pnxEUhvPZTE2H5dIGsI/UfruI/nOEvWWa/PSX2BFedBkEqOlYdjdNF2f+6lmfk2Od/xu0v5bVqxFE+/24v3hZSlWBxvXzPTAGHrbW/IJYEPqlzVOAS4XdUgHg0N7IbLywNHMvB+Yf+Nm6ctyXXFLV4WTNnzs7
+.			87350	IN	DNSKEY	256 3 8 AwEAAaPD7Y7XIi1MOEREJNTrRhyqsY3gff6JWzg+XCbqut1sbcbvqyssHw8DT1AkRaAC92pO8xuyq5QEgEPL1IHfABLwpwXI5gTj4gdwi86bpkmlWs9fRpnn4DPDCTdrnxIejJXgClHikLJF3u3CdpNCMijq4CKdQbMlRZ3avv+G7rh7
+.			87350	IN	DNSKEY	257 3 8 AwEAAagAIKlVZrpC6Ia7gEzahOR+9W29euxhJhVVLOyQbSEW0O8gcCjFFVQUTf6v58fLjwBd0YI0EzrAcQqBGCzh/RStIoO8g0NfnfL2MTJRkxoXbfDaUeVPQuYEhg37NZWAJQ9VnMVDxP/VHL496M/QZxkjf5/Efucp2gaDX6RS6CXpoY68LsvPVjR0ZSwzz1apAzvN9dlzEheX7ICJBBtuA6G3LQpzW5hOA2hzCTMjJPJ8LbqF6dsV6DoBQzgul0sGIcGOYl7OyQdXfZ57relSQageu+ipAdTTJ25AsRTAoub8ONGcLmqrAmRLKBP1dfwhYB4N7knNnulqQxA+Uk1ihz0=
+.			87350	IN	RRSIG	DNSKEY 8 0 172800 20150115235959 20150101000000 19036 . i8cAxD2pvQi1oAyvQxRpDfFlbqPzW+69QQEsDwE1eWOm5AtawO9U7lmsGps7sy/fVNvl1ljKBj4Djp9pb3U2FLogjiIlW0cDAkPmLlG9t+b/pjEfBNlhjANUVN06pvQVAfm+LcF26EaWT6FlISBqb6jSy4BHRa3Bdc4Sx7+pRSYSqVVvYxLkfAWsKPqGkvWhebJDndJJV9syXQXgZ+v/uJ+6XOS43xkAdeL8iBzIs/FlwMTfh3tVe3d0lb65IBBLlCzeQuetX+0Vu1YFcnD0mHc/wS2ZnAV5toAFmyVQBoY/XAZiZeaOkcROJ6Zmqezy7liwK7BqsYyAZntMhk8lbg==
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 883 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 43022
+;; flags: qr rd ra ad cd ; qd: 1 an: 2 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ch., type = DS, class = IN
+
+;; ANSWERS:
+ch.			950	IN	DS	46375 8 2 8F96646FC68BB7E4AF4C0750A6096FBC0D4ECDA3D3FA6DA06FDDB42EE50C6CF3
+ch.			950	IN	RRSIG	DS 8 1 86400 20150112170000 20150105160000 16665 . thY7xYWBBxiBjqbQIb9fAG4TmQgnziwM7q6P1T3/ITxmECdvOCQnnZA3uD7qmN8uM0HudsD7+y+zgD3rsH4RSTKdL4kHSI0OnCxToMTvklghEgFDezqIRm8NkWdI2H4Stwrj20nYKSpLQxPI2EE54gs18P3KyO8bAUYv8Qx73xU=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 238 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 46782
+;; flags: qr rd ra ad cd ; qd: 1 an: 4 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ch., type = DNSKEY, class = IN
+
+;; ANSWERS:
+ch.			951	IN	DNSKEY	256 3 8 AwEAAcSLdT0fEmcFmLpeUkAJoeVaHKiu+nbuc43fWlqaCRVf8t2HA4uWxOk0O5ci9nrFTc8nq8oa5fk5Cj7CHh4yrX9qUCfTdIWTyp8BDEdJpS+Dyb0u9wQuVj+nQMj4fLzdQf4TJs3/qxuiLr3nL1UUwlhhXeqSqGVb7p3mtB5HJ8ad
+ch.			951	IN	DNSKEY	256 3 8 AwEAAcsg0kY6fw1wzYMhSAKTy+Y2JzAst66P/1odp9NECJJHbU8f4nwziI3onoFSBV0ZiSZhY1aH5dhdDZ7BkrqhVXSrZPAz0CvzjIxmB1gSOf9DeZvjQvoy97HqYolxsf+B3QQv2RKBT67elF5+JisKg3/dQISelKn8LhabSoVrMlD1
+ch.			951	IN	DNSKEY	257 3 8 AwEAAb7GhhZ8IAy/AhwmSms5DeQK5ad09wIIplEpYoiAIYXPtJvT1ReFzyfTp/2YP+g/PWDwHPh4qKAHa9x0VgbIQcGAeNakmfkAdWEmCnca323/SAml3mwfaX62G7/uYWae5zh8QTxZKNd+K1yZ5x0IxnI31chSl5xymRbTEHYZDKwSIRFM3fTxUMt93WFaBVWELReYotJBr++rvAWdnlay5TPBTvheLBkaiqtgM4GP8HK07Y+86lsZnEsj5K3G1KTV5SPpa82rqYAwxG9VKbmSE/6/kBR5jJHjt1rRt5Oe7v18aEtw0YCEN4vxq+KuvMoNVqXUsE9LBwHJD+QNwi6wmB0=
+ch.			951	IN	RRSIG	DNSKEY 8 1 86400 20150127100909 20141212090909 46375 ch. bT8q0FWyeMH0SulNo6UdIIgZYNATwYsee2bikq2Gh339Bufma8eaqWIPYT3XKmxYPBFOw0bVl+kLZxTwbR1CFoCDXoP+qgQhh4mf9qkNiv2CDSc+0FE3FRREn+DAhYTUEuB58FPiPakFB8s8O7T+k2qhDae7jy4/y7Jl1lnjaBY8s7bzOUPhF0KKCNZmvoKwtL23ZdVeTSV1xM3jkiNnpzBKbcoSWECSGJVp1SE0BnRXdwQP41YTXFZ0310YjaTAUCC5qbMIWdEkHjfdSQtKBImnc85mkapq9w++XQ4zhauPWBtrPV3CcoCahjUaWdjrKVkibomlJZaN8MEO23CfQw==
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 893 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 9216
+;; flags: qr rd ra cd ; qd: 1 an: 3 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ingotronic.ch., type = DS, class = IN
+
+;; ANSWERS:
+ingotronic.ch.		3559	IN	DS	6031 5 1 733D0218B571CD617B1A7493564B9FC4F12ADE82
+ingotronic.ch.		3559	IN	DS	6031 5 2 4A948F2FDADA24686E473EDAC00DCF972584C75E3FAA92C2021B6221449FF87E
+ingotronic.ch.		3559	IN	RRSIG	DS 8 2 3600 20150129033614 20150105123019 60789 ch. rVPJP2HhzW7OkroK2axFj5Lb4iVWCH8Fp/Iq1rF952NDo72b8RiKje2RaAKJAGQ+wd0YgE+PAej04GCmkhlDJA/zvPeeTxuhy3HbJzReMlQ7fjyH+wW1hli+FuIYvogXWf7nO/9VyPORt8X/f/pjrOr3Vlj9sGLN8TGYpEuVSw4=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 288 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 20989
+;; flags: qr aa rd ra cd ; qd: 1 an: 4 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ingotronic.ch., type = DNSKEY, class = IN
+
+;; ANSWERS:
+ingotronic.ch.		300	IN	DNSKEY	257 3 5 AwEAAeA1vzmjaB+eBAcvhzpKEgAEFpvQ1rg4uKDW6MsQtacKoqBpgyep2+LuWotz5p/xYxj3NGsArwN8Ad5cY0FHRr8miTT0elOv6nvlqGIfRuhj/BXAQ1x4ihpSFslHw0lJMYFwxsUZWpUyjWX/nv1xRZMMwF46gui0N4OEbyTYusCk77D+A71k+K0EAitFIbIH4GCUKmH1H7HmXhSVH9bN/n7KEGwW32lmsuuUcJoRKDkcUvbMXY/9Xoa2quERrUg/rBbDUHowRPjYDS5GzY1+f4YY8s40BufGiqyUTKKXL953MVFK8gmezXA0hbmrnZ7CBOw/7238mORAdzExaX8n7CE=
+ingotronic.ch.		300	IN	DNSKEY	256 3 5 AwEAAZ2Xh77GFzpEDx7EHYxShqltHgkiG+BOjBGifEmnJhQSdE5/yNSLFNcdhZZ8HUPxYnaedTqJcFFg4AzUsQklF/fECegTJdZjaj2WoL0/I8K7HMfY/hVuRZUWPNglYi8agJRX6gdkFTCpUNI7stpgKqxtzUJhhw15uG/lKMplwqUr
+ingotronic.ch.		300	IN	RRSIG	DNSKEY 5 2 300 20150125003700 20141226001657 6031 ingotronic.ch. rs1QlP2SlSpA2ELbzwg3DgWLzXWL3Lpv6CUJE2Q0qH2Zp7Qdy3cD+ZEtNh9v24Qv1M6JJ3zFt8mmZoCeW2ycuMbJCqBkW9CBuwF+VznZvZY2MxwPipvhvEEGP//0M8YAZJ66yQPDv3PTdAP8FYbIrJyvY44vwyncwbslpfHT9jAsrbfr3vuMuWps86dnP462q+0s1TxBfqi8mzo3gdavjHKWVNwohLahLKT+tWeu6DSzQv0YwMjwtkLgF7QRgx3ctIIkloOrnx9nHH1N6y+hxEB89fOlyVDjHhgL5uVtsD5fEdT0FJ2Gc/2nShEMMqIwr1/J9kUq1mNySff/uEe65Q==
+ingotronic.ch.		300	IN	RRSIG	DNSKEY 5 2 300 20150125003700 20141226001657 17430 ingotronic.ch. mEwZjhQqeWksWD0TCnNBrtce4YkWJL3edqL6PvAUu8Fn+Ih437kEs3+pqdkgRsdYQ9HW+lBm/8pWwJlNAv0bi9NykItXMwAUFtncgq+6Pnh3iAM972GXSa5VV4LcGQ5b8CBdHCHiEKDqyPv5Hr5QfYL/FQaWlcNRh4QZZlZNPFA=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 940 bytes
+
+###############################################
+
diff --git a/src/test/resources/recordings/org_xbill_DNS_dnssec_TestValUtils/testNoDataWhenDSResultIsFromChild b/src/test/resources/recordings/org_xbill_DNS_dnssec_TestValUtils/testNoDataWhenDSResultIsFromChild
new file mode 100644
index 000000000..67e087f24
--- /dev/null
+++ b/src/test/resources/recordings/org_xbill_DNS_dnssec_TestValUtils/testNoDataWhenDSResultIsFromChild
@@ -0,0 +1,157 @@
+#Date: 2015-01-06T22:35:20+01:00
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 6051
+;; flags: qr aa rd ra cd ; qd: 1 an: 0 au: 4 ad: 1 
+;; QUESTIONS:
+;;	samekey.ingotronic.ch., type = MX, class = IN
+
+;; ANSWERS:
+
+;; AUTHORITY RECORDS:
+samekey.ingotronic.ch.	300	IN	SOA	ns1.ingotronic.ch. admin.ingotronic.ch. 2013032788 300 60 864000 300
+samekey.ingotronic.ch.	300	IN	RRSIG	SOA 5 3 300 20150205115016 20150106105016 17430 samekey.ingotronic.ch. QbR6Z1is3E2h59dciJcIMGEwjq6FT42BIWdZJx2yThVOEEkcqBRX3UrXsWeeByMoyj2zIvlje8zCTFIQWT5zG/4gvt6x1VAQjDL+SJ7ZzNMBUoX42ySyH1vCosPXCwUGpjp2ODNXMBVQ67+llUi+JC+jg6L3CLa3EP4K4fobRgA=
+samekey.ingotronic.ch.	300	IN	NSEC	alias.samekey.ingotronic.ch. A NS SOA RRSIG NSEC DNSKEY
+samekey.ingotronic.ch.	300	IN	RRSIG	NSEC 5 3 300 20150205112840 20150106102924 17430 samekey.ingotronic.ch. NSvTE2dxRxxbqpxBcLZw3UKLiK/GZhSnHIm8f7OV1oNepPdYEhKQ1h0ou/KCl4QlJ3pqJq/phwqpssclEcA3bebi5IBp7uDTU1s1lAvvBg0XtGd5Sody9LelOObAhNFAeBy8f7PyA3ORIstEBf2bJCJ5X/UmMcexq3G/RS+wMpc=
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 508 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 51124
+;; flags: qr rd ra ad cd ; qd: 1 an: 4 au: 0 ad: 1 
+;; QUESTIONS:
+;;	., type = DNSKEY, class = IN
+
+;; ANSWERS:
+.			87353	IN	DNSKEY	257 3 8 AwEAAagAIKlVZrpC6Ia7gEzahOR+9W29euxhJhVVLOyQbSEW0O8gcCjFFVQUTf6v58fLjwBd0YI0EzrAcQqBGCzh/RStIoO8g0NfnfL2MTJRkxoXbfDaUeVPQuYEhg37NZWAJQ9VnMVDxP/VHL496M/QZxkjf5/Efucp2gaDX6RS6CXpoY68LsvPVjR0ZSwzz1apAzvN9dlzEheX7ICJBBtuA6G3LQpzW5hOA2hzCTMjJPJ8LbqF6dsV6DoBQzgul0sGIcGOYl7OyQdXfZ57relSQageu+ipAdTTJ25AsRTAoub8ONGcLmqrAmRLKBP1dfwhYB4N7knNnulqQxA+Uk1ihz0=
+.			87353	IN	DNSKEY	256 3 8 AwEAAaPD7Y7XIi1MOEREJNTrRhyqsY3gff6JWzg+XCbqut1sbcbvqyssHw8DT1AkRaAC92pO8xuyq5QEgEPL1IHfABLwpwXI5gTj4gdwi86bpkmlWs9fRpnn4DPDCTdrnxIejJXgClHikLJF3u3CdpNCMijq4CKdQbMlRZ3avv+G7rh7
+.			87353	IN	DNSKEY	256 3 8 AwEAAe3fSrbLBy3LOS7pnxEUhvPZTE2H5dIGsI/UfruI/nOEvWWa/PSX2BFedBkEqOlYdjdNF2f+6lmfk2Od/xu0v5bVqxFE+/24v3hZSlWBxvXzPTAGHrbW/IJYEPqlzVOAS4XdUgHg0N7IbLywNHMvB+Yf+Nm6ctyXXFLV4WTNnzs7
+.			87353	IN	RRSIG	DNSKEY 8 0 172800 20150115235959 20150101000000 19036 . i8cAxD2pvQi1oAyvQxRpDfFlbqPzW+69QQEsDwE1eWOm5AtawO9U7lmsGps7sy/fVNvl1ljKBj4Djp9pb3U2FLogjiIlW0cDAkPmLlG9t+b/pjEfBNlhjANUVN06pvQVAfm+LcF26EaWT6FlISBqb6jSy4BHRa3Bdc4Sx7+pRSYSqVVvYxLkfAWsKPqGkvWhebJDndJJV9syXQXgZ+v/uJ+6XOS43xkAdeL8iBzIs/FlwMTfh3tVe3d0lb65IBBLlCzeQuetX+0Vu1YFcnD0mHc/wS2ZnAV5toAFmyVQBoY/XAZiZeaOkcROJ6Zmqezy7liwK7BqsYyAZntMhk8lbg==
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 883 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 35150
+;; flags: qr rd ra ad cd ; qd: 1 an: 2 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ch., type = DS, class = IN
+
+;; ANSWERS:
+ch.			953	IN	DS	46375 8 2 8F96646FC68BB7E4AF4C0750A6096FBC0D4ECDA3D3FA6DA06FDDB42EE50C6CF3
+ch.			953	IN	RRSIG	DS 8 1 86400 20150112170000 20150105160000 16665 . thY7xYWBBxiBjqbQIb9fAG4TmQgnziwM7q6P1T3/ITxmECdvOCQnnZA3uD7qmN8uM0HudsD7+y+zgD3rsH4RSTKdL4kHSI0OnCxToMTvklghEgFDezqIRm8NkWdI2H4Stwrj20nYKSpLQxPI2EE54gs18P3KyO8bAUYv8Qx73xU=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 238 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 63134
+;; flags: qr rd ra ad cd ; qd: 1 an: 4 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ch., type = DNSKEY, class = IN
+
+;; ANSWERS:
+ch.			954	IN	DNSKEY	256 3 8 AwEAAcsg0kY6fw1wzYMhSAKTy+Y2JzAst66P/1odp9NECJJHbU8f4nwziI3onoFSBV0ZiSZhY1aH5dhdDZ7BkrqhVXSrZPAz0CvzjIxmB1gSOf9DeZvjQvoy97HqYolxsf+B3QQv2RKBT67elF5+JisKg3/dQISelKn8LhabSoVrMlD1
+ch.			954	IN	DNSKEY	257 3 8 AwEAAb7GhhZ8IAy/AhwmSms5DeQK5ad09wIIplEpYoiAIYXPtJvT1ReFzyfTp/2YP+g/PWDwHPh4qKAHa9x0VgbIQcGAeNakmfkAdWEmCnca323/SAml3mwfaX62G7/uYWae5zh8QTxZKNd+K1yZ5x0IxnI31chSl5xymRbTEHYZDKwSIRFM3fTxUMt93WFaBVWELReYotJBr++rvAWdnlay5TPBTvheLBkaiqtgM4GP8HK07Y+86lsZnEsj5K3G1KTV5SPpa82rqYAwxG9VKbmSE/6/kBR5jJHjt1rRt5Oe7v18aEtw0YCEN4vxq+KuvMoNVqXUsE9LBwHJD+QNwi6wmB0=
+ch.			954	IN	DNSKEY	256 3 8 AwEAAcSLdT0fEmcFmLpeUkAJoeVaHKiu+nbuc43fWlqaCRVf8t2HA4uWxOk0O5ci9nrFTc8nq8oa5fk5Cj7CHh4yrX9qUCfTdIWTyp8BDEdJpS+Dyb0u9wQuVj+nQMj4fLzdQf4TJs3/qxuiLr3nL1UUwlhhXeqSqGVb7p3mtB5HJ8ad
+ch.			954	IN	RRSIG	DNSKEY 8 1 86400 20150127100909 20141212090909 46375 ch. bT8q0FWyeMH0SulNo6UdIIgZYNATwYsee2bikq2Gh339Bufma8eaqWIPYT3XKmxYPBFOw0bVl+kLZxTwbR1CFoCDXoP+qgQhh4mf9qkNiv2CDSc+0FE3FRREn+DAhYTUEuB58FPiPakFB8s8O7T+k2qhDae7jy4/y7Jl1lnjaBY8s7bzOUPhF0KKCNZmvoKwtL23ZdVeTSV1xM3jkiNnpzBKbcoSWECSGJVp1SE0BnRXdwQP41YTXFZ0310YjaTAUCC5qbMIWdEkHjfdSQtKBImnc85mkapq9w++XQ4zhauPWBtrPV3CcoCahjUaWdjrKVkibomlJZaN8MEO23CfQw==
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 893 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 35961
+;; flags: qr rd ra cd ; qd: 1 an: 3 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ingotronic.ch., type = DS, class = IN
+
+;; ANSWERS:
+ingotronic.ch.		3562	IN	DS	6031 5 2 4A948F2FDADA24686E473EDAC00DCF972584C75E3FAA92C2021B6221449FF87E
+ingotronic.ch.		3562	IN	DS	6031 5 1 733D0218B571CD617B1A7493564B9FC4F12ADE82
+ingotronic.ch.		3562	IN	RRSIG	DS 8 2 3600 20150129033614 20150105123019 60789 ch. rVPJP2HhzW7OkroK2axFj5Lb4iVWCH8Fp/Iq1rF952NDo72b8RiKje2RaAKJAGQ+wd0YgE+PAej04GCmkhlDJA/zvPeeTxuhy3HbJzReMlQ7fjyH+wW1hli+FuIYvogXWf7nO/9VyPORt8X/f/pjrOr3Vlj9sGLN8TGYpEuVSw4=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 288 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 40209
+;; flags: qr aa rd ra cd ; qd: 1 an: 4 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ingotronic.ch., type = DNSKEY, class = IN
+
+;; ANSWERS:
+ingotronic.ch.		300	IN	DNSKEY	257 3 5 AwEAAeA1vzmjaB+eBAcvhzpKEgAEFpvQ1rg4uKDW6MsQtacKoqBpgyep2+LuWotz5p/xYxj3NGsArwN8Ad5cY0FHRr8miTT0elOv6nvlqGIfRuhj/BXAQ1x4ihpSFslHw0lJMYFwxsUZWpUyjWX/nv1xRZMMwF46gui0N4OEbyTYusCk77D+A71k+K0EAitFIbIH4GCUKmH1H7HmXhSVH9bN/n7KEGwW32lmsuuUcJoRKDkcUvbMXY/9Xoa2quERrUg/rBbDUHowRPjYDS5GzY1+f4YY8s40BufGiqyUTKKXL953MVFK8gmezXA0hbmrnZ7CBOw/7238mORAdzExaX8n7CE=
+ingotronic.ch.		300	IN	DNSKEY	256 3 5 AwEAAZ2Xh77GFzpEDx7EHYxShqltHgkiG+BOjBGifEmnJhQSdE5/yNSLFNcdhZZ8HUPxYnaedTqJcFFg4AzUsQklF/fECegTJdZjaj2WoL0/I8K7HMfY/hVuRZUWPNglYi8agJRX6gdkFTCpUNI7stpgKqxtzUJhhw15uG/lKMplwqUr
+ingotronic.ch.		300	IN	RRSIG	DNSKEY 5 2 300 20150125003700 20141226001657 6031 ingotronic.ch. rs1QlP2SlSpA2ELbzwg3DgWLzXWL3Lpv6CUJE2Q0qH2Zp7Qdy3cD+ZEtNh9v24Qv1M6JJ3zFt8mmZoCeW2ycuMbJCqBkW9CBuwF+VznZvZY2MxwPipvhvEEGP//0M8YAZJ66yQPDv3PTdAP8FYbIrJyvY44vwyncwbslpfHT9jAsrbfr3vuMuWps86dnP462q+0s1TxBfqi8mzo3gdavjHKWVNwohLahLKT+tWeu6DSzQv0YwMjwtkLgF7QRgx3ctIIkloOrnx9nHH1N6y+hxEB89fOlyVDjHhgL5uVtsD5fEdT0FJ2Gc/2nShEMMqIwr1/J9kUq1mNySff/uEe65Q==
+ingotronic.ch.		300	IN	RRSIG	DNSKEY 5 2 300 20150125003700 20141226001657 17430 ingotronic.ch. mEwZjhQqeWksWD0TCnNBrtce4YkWJL3edqL6PvAUu8Fn+Ih437kEs3+pqdkgRsdYQ9HW+lBm/8pWwJlNAv0bi9NykItXMwAUFtncgq+6Pnh3iAM972GXSa5VV4LcGQ5b8CBdHCHiEKDqyPv5Hr5QfYL/FQaWlcNRh4QZZlZNPFA=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 940 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 57689
+;; flags: qr aa rd ra cd ; qd: 1 an: 3 au: 0 ad: 1 
+;; QUESTIONS:
+;;	samekey.ingotronic.ch., type = DS, class = IN
+
+;; ANSWERS:
+samekey.ingotronic.ch.	300	IN	DS	6031 5 2 DAFB8A4B65418C56F9BC6DE782EAE8C65F5F710A7AAA4E70A36E3E263028F01D
+samekey.ingotronic.ch.	300	IN	DS	6031 5 1 730C461CC98117784DC920C4FB19D284F22C1D64
+samekey.ingotronic.ch.	300	IN	RRSIG	DS 5 3 300 20150125021136 20141226011244 17430 ingotronic.ch. ABaSrSVKd/CoCD9HiieVOpexP9iUHLXFtrAG+1Q7iju4potpve5C30V9+XJoVsLhArQ90QcDspN95U45Qks4+r8S2MezBDM7jV5B34VGkrWb8+AltxqFg4bIl2VhGiwInW6KKVO161ZS76x5x2ssWhJzY8G8uC0LIxe10N7AfDc=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 307 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 57832
+;; flags: qr aa rd ra cd ; qd: 1 an: 4 au: 0 ad: 1 
+;; QUESTIONS:
+;;	samekey.ingotronic.ch., type = DNSKEY, class = IN
+
+;; ANSWERS:
+samekey.ingotronic.ch.	300	IN	DNSKEY	257 3 5 AwEAAeA1vzmjaB+eBAcvhzpKEgAEFpvQ1rg4uKDW6MsQtacKoqBpgyep2+LuWotz5p/xYxj3NGsArwN8Ad5cY0FHRr8miTT0elOv6nvlqGIfRuhj/BXAQ1x4ihpSFslHw0lJMYFwxsUZWpUyjWX/nv1xRZMMwF46gui0N4OEbyTYusCk77D+A71k+K0EAitFIbIH4GCUKmH1H7HmXhSVH9bN/n7KEGwW32lmsuuUcJoRKDkcUvbMXY/9Xoa2quERrUg/rBbDUHowRPjYDS5GzY1+f4YY8s40BufGiqyUTKKXL953MVFK8gmezXA0hbmrnZ7CBOw/7238mORAdzExaX8n7CE=
+samekey.ingotronic.ch.	300	IN	DNSKEY	256 3 5 AwEAAZ2Xh77GFzpEDx7EHYxShqltHgkiG+BOjBGifEmnJhQSdE5/yNSLFNcdhZZ8HUPxYnaedTqJcFFg4AzUsQklF/fECegTJdZjaj2WoL0/I8K7HMfY/hVuRZUWPNglYi8agJRX6gdkFTCpUNI7stpgKqxtzUJhhw15uG/lKMplwqUr
+samekey.ingotronic.ch.	300	IN	RRSIG	DNSKEY 5 3 300 20150205095731 20150106090229 6031 samekey.ingotronic.ch. LuUccRlxgSN+RaFn1OXEFuDOelKnTj40UbXtTRU3DSvw5CSIsFYW5tz2qFMc9TKdyfXct4tCs1IbaxOxDn2S7gLGC0fSQJhR5QJBt//+d9/bPsrbzWdbX1VjGjK0Ei/BQYlybmda7mIhZgdT6PzXu00zR9wenJuUBETR7Iq0j2JSaFdD/NOxDKrMybH6sioa/D/iUV7tCCgNStppcpCE4QHK9ZZLtmwdPe0ai1zpFlJIAqclJeYANoQuul/MbR5QlPz64oVYq30kHK/OMd9sJTOtpcYqBCaknUygHuWOEzzVz8w1pd6XVFknzOiduFRO5eMJ0Epmme2QSOxNPbKSSg==
+samekey.ingotronic.ch.	300	IN	RRSIG	DNSKEY 5 3 300 20150205095731 20150106090229 17430 samekey.ingotronic.ch. Nnz0tzShNXJ5ypcEiLZ4Ky/dY2JULHptYl6G2wWkjZ2R98N3wDJkXQQN2XolOGwBmNyfdMAcI8AVL9SD1oRUmWPnj4yFBu5uS4qR037DsJYEz6pq4t8U0P7O+8Pnkvq/tFMLXE9E17CoWfLRhrqTq7U5kYYn/x0yIXpY0S6M1bA=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 964 bytes
+
+###############################################
+
diff --git a/src/test/resources/recordings/org_xbill_DNS_dnssec_TestValUtils/testNoDataWhenNsecHasCname b/src/test/resources/recordings/org_xbill_DNS_dnssec_TestValUtils/testNoDataWhenNsecHasCname
new file mode 100644
index 000000000..e9230ae3e
--- /dev/null
+++ b/src/test/resources/recordings/org_xbill_DNS_dnssec_TestValUtils/testNoDataWhenNsecHasCname
@@ -0,0 +1,217 @@
+#Date: 2015-01-06T22:35:23+01:00
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 50344
+;; flags: qr aa rd ra cd ; qd: 1 an: 2 au: 2 ad: 3 
+;; QUESTIONS:
+;;	csigned.ingotronic.ch., type = NSEC, class = IN
+
+;; ANSWERS:
+csigned.ingotronic.ch.	300	IN	NSEC	cssub.ingotronic.ch. CNAME RRSIG NSEC
+csigned.ingotronic.ch.	300	IN	RRSIG	NSEC 5 3 300 20150125000532 20141225234703 17430 ingotronic.ch. BCAjQxw7Hn8eMh8JNtWlHkprUpQPqCMa9Xca1SQTbgrkuKU6wPOd0tyvqZQZwXh90x54t/Z3OjFvT25Iqf3RSJ5T/1iJHUwdOlB5yHqc/c7E8yUs1cqSNf6ccXotsFJzXTLlpmrPzP7mjG5lpyGcN/hmXVWiMcq4SCeapRI19C4=
+
+;; AUTHORITY RECORDS:
+ingotronic.ch.		300	IN	NS	ns1.ingotronic.ch.
+ingotronic.ch.		300	IN	RRSIG	NS 5 2 300 20150125000532 20141225234703 17430 ingotronic.ch. VuzVJM3McSHlcdngCG/G23zCikq8tXE0CZV2ZSgUFXXFMIEoM6PMi1QRQ/8VF3tee4WGpRx2jhtkui0wFRFfwIhW7G1uPDT4qogaR3KLIyuCEsMxhRH3WJZNrLmLqlSBGvd9OBJwbmryqm3Zzqvrk+E+rh8OJeifnBBpHAX4eHg=
+
+;; ADDITIONAL RECORDS:
+ns1.ingotronic.ch.	300	IN	A	62.192.5.131
+ns1.ingotronic.ch.	300	IN	RRSIG	A 5 3 300 20150125005754 20141226001054 17430 ingotronic.ch. fNG1RZM53pXwBxruHNaSZszxVzNLoCq8VZsTjAzYH2vSLzHXYVGJFTLIeY0K9APAdyJU8WuwmABmn7XY0Kg39kRG77uoFlqUws2PdTz2QKOwJGZY7W88Ak2Y9lkDBcK8o3wJHVptrT8R7p/1U7UfjF0kqPUkakk2B0EbFWdagFg=
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 644 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 38761
+;; flags: qr rd ra ad cd ; qd: 1 an: 4 au: 0 ad: 1 
+;; QUESTIONS:
+;;	., type = DNSKEY, class = IN
+
+;; ANSWERS:
+.			87350	IN	DNSKEY	257 3 8 AwEAAagAIKlVZrpC6Ia7gEzahOR+9W29euxhJhVVLOyQbSEW0O8gcCjFFVQUTf6v58fLjwBd0YI0EzrAcQqBGCzh/RStIoO8g0NfnfL2MTJRkxoXbfDaUeVPQuYEhg37NZWAJQ9VnMVDxP/VHL496M/QZxkjf5/Efucp2gaDX6RS6CXpoY68LsvPVjR0ZSwzz1apAzvN9dlzEheX7ICJBBtuA6G3LQpzW5hOA2hzCTMjJPJ8LbqF6dsV6DoBQzgul0sGIcGOYl7OyQdXfZ57relSQageu+ipAdTTJ25AsRTAoub8ONGcLmqrAmRLKBP1dfwhYB4N7knNnulqQxA+Uk1ihz0=
+.			87350	IN	DNSKEY	256 3 8 AwEAAaPD7Y7XIi1MOEREJNTrRhyqsY3gff6JWzg+XCbqut1sbcbvqyssHw8DT1AkRaAC92pO8xuyq5QEgEPL1IHfABLwpwXI5gTj4gdwi86bpkmlWs9fRpnn4DPDCTdrnxIejJXgClHikLJF3u3CdpNCMijq4CKdQbMlRZ3avv+G7rh7
+.			87350	IN	DNSKEY	256 3 8 AwEAAe3fSrbLBy3LOS7pnxEUhvPZTE2H5dIGsI/UfruI/nOEvWWa/PSX2BFedBkEqOlYdjdNF2f+6lmfk2Od/xu0v5bVqxFE+/24v3hZSlWBxvXzPTAGHrbW/IJYEPqlzVOAS4XdUgHg0N7IbLywNHMvB+Yf+Nm6ctyXXFLV4WTNnzs7
+.			87350	IN	RRSIG	DNSKEY 8 0 172800 20150115235959 20150101000000 19036 . i8cAxD2pvQi1oAyvQxRpDfFlbqPzW+69QQEsDwE1eWOm5AtawO9U7lmsGps7sy/fVNvl1ljKBj4Djp9pb3U2FLogjiIlW0cDAkPmLlG9t+b/pjEfBNlhjANUVN06pvQVAfm+LcF26EaWT6FlISBqb6jSy4BHRa3Bdc4Sx7+pRSYSqVVvYxLkfAWsKPqGkvWhebJDndJJV9syXQXgZ+v/uJ+6XOS43xkAdeL8iBzIs/FlwMTfh3tVe3d0lb65IBBLlCzeQuetX+0Vu1YFcnD0mHc/wS2ZnAV5toAFmyVQBoY/XAZiZeaOkcROJ6Zmqezy7liwK7BqsYyAZntMhk8lbg==
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 883 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 7194
+;; flags: qr rd ra ad cd ; qd: 1 an: 2 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ch., type = DS, class = IN
+
+;; ANSWERS:
+ch.			950	IN	DS	46375 8 2 8F96646FC68BB7E4AF4C0750A6096FBC0D4ECDA3D3FA6DA06FDDB42EE50C6CF3
+ch.			950	IN	RRSIG	DS 8 1 86400 20150112170000 20150105160000 16665 . thY7xYWBBxiBjqbQIb9fAG4TmQgnziwM7q6P1T3/ITxmECdvOCQnnZA3uD7qmN8uM0HudsD7+y+zgD3rsH4RSTKdL4kHSI0OnCxToMTvklghEgFDezqIRm8NkWdI2H4Stwrj20nYKSpLQxPI2EE54gs18P3KyO8bAUYv8Qx73xU=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 238 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 39259
+;; flags: qr rd ra ad cd ; qd: 1 an: 4 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ch., type = DNSKEY, class = IN
+
+;; ANSWERS:
+ch.			951	IN	DNSKEY	256 3 8 AwEAAcsg0kY6fw1wzYMhSAKTy+Y2JzAst66P/1odp9NECJJHbU8f4nwziI3onoFSBV0ZiSZhY1aH5dhdDZ7BkrqhVXSrZPAz0CvzjIxmB1gSOf9DeZvjQvoy97HqYolxsf+B3QQv2RKBT67elF5+JisKg3/dQISelKn8LhabSoVrMlD1
+ch.			951	IN	DNSKEY	257 3 8 AwEAAb7GhhZ8IAy/AhwmSms5DeQK5ad09wIIplEpYoiAIYXPtJvT1ReFzyfTp/2YP+g/PWDwHPh4qKAHa9x0VgbIQcGAeNakmfkAdWEmCnca323/SAml3mwfaX62G7/uYWae5zh8QTxZKNd+K1yZ5x0IxnI31chSl5xymRbTEHYZDKwSIRFM3fTxUMt93WFaBVWELReYotJBr++rvAWdnlay5TPBTvheLBkaiqtgM4GP8HK07Y+86lsZnEsj5K3G1KTV5SPpa82rqYAwxG9VKbmSE/6/kBR5jJHjt1rRt5Oe7v18aEtw0YCEN4vxq+KuvMoNVqXUsE9LBwHJD+QNwi6wmB0=
+ch.			951	IN	DNSKEY	256 3 8 AwEAAcSLdT0fEmcFmLpeUkAJoeVaHKiu+nbuc43fWlqaCRVf8t2HA4uWxOk0O5ci9nrFTc8nq8oa5fk5Cj7CHh4yrX9qUCfTdIWTyp8BDEdJpS+Dyb0u9wQuVj+nQMj4fLzdQf4TJs3/qxuiLr3nL1UUwlhhXeqSqGVb7p3mtB5HJ8ad
+ch.			951	IN	RRSIG	DNSKEY 8 1 86400 20150127100909 20141212090909 46375 ch. bT8q0FWyeMH0SulNo6UdIIgZYNATwYsee2bikq2Gh339Bufma8eaqWIPYT3XKmxYPBFOw0bVl+kLZxTwbR1CFoCDXoP+qgQhh4mf9qkNiv2CDSc+0FE3FRREn+DAhYTUEuB58FPiPakFB8s8O7T+k2qhDae7jy4/y7Jl1lnjaBY8s7bzOUPhF0KKCNZmvoKwtL23ZdVeTSV1xM3jkiNnpzBKbcoSWECSGJVp1SE0BnRXdwQP41YTXFZ0310YjaTAUCC5qbMIWdEkHjfdSQtKBImnc85mkapq9w++XQ4zhauPWBtrPV3CcoCahjUaWdjrKVkibomlJZaN8MEO23CfQw==
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 893 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 29906
+;; flags: qr rd ra cd ; qd: 1 an: 3 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ingotronic.ch., type = DS, class = IN
+
+;; ANSWERS:
+ingotronic.ch.		3559	IN	DS	6031 5 1 733D0218B571CD617B1A7493564B9FC4F12ADE82
+ingotronic.ch.		3559	IN	DS	6031 5 2 4A948F2FDADA24686E473EDAC00DCF972584C75E3FAA92C2021B6221449FF87E
+ingotronic.ch.		3559	IN	RRSIG	DS 8 2 3600 20150129033614 20150105123019 60789 ch. rVPJP2HhzW7OkroK2axFj5Lb4iVWCH8Fp/Iq1rF952NDo72b8RiKje2RaAKJAGQ+wd0YgE+PAej04GCmkhlDJA/zvPeeTxuhy3HbJzReMlQ7fjyH+wW1hli+FuIYvogXWf7nO/9VyPORt8X/f/pjrOr3Vlj9sGLN8TGYpEuVSw4=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 288 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 44555
+;; flags: qr aa rd ra cd ; qd: 1 an: 4 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ingotronic.ch., type = DNSKEY, class = IN
+
+;; ANSWERS:
+ingotronic.ch.		300	IN	DNSKEY	257 3 5 AwEAAeA1vzmjaB+eBAcvhzpKEgAEFpvQ1rg4uKDW6MsQtacKoqBpgyep2+LuWotz5p/xYxj3NGsArwN8Ad5cY0FHRr8miTT0elOv6nvlqGIfRuhj/BXAQ1x4ihpSFslHw0lJMYFwxsUZWpUyjWX/nv1xRZMMwF46gui0N4OEbyTYusCk77D+A71k+K0EAitFIbIH4GCUKmH1H7HmXhSVH9bN/n7KEGwW32lmsuuUcJoRKDkcUvbMXY/9Xoa2quERrUg/rBbDUHowRPjYDS5GzY1+f4YY8s40BufGiqyUTKKXL953MVFK8gmezXA0hbmrnZ7CBOw/7238mORAdzExaX8n7CE=
+ingotronic.ch.		300	IN	DNSKEY	256 3 5 AwEAAZ2Xh77GFzpEDx7EHYxShqltHgkiG+BOjBGifEmnJhQSdE5/yNSLFNcdhZZ8HUPxYnaedTqJcFFg4AzUsQklF/fECegTJdZjaj2WoL0/I8K7HMfY/hVuRZUWPNglYi8agJRX6gdkFTCpUNI7stpgKqxtzUJhhw15uG/lKMplwqUr
+ingotronic.ch.		300	IN	RRSIG	DNSKEY 5 2 300 20150125003700 20141226001657 6031 ingotronic.ch. rs1QlP2SlSpA2ELbzwg3DgWLzXWL3Lpv6CUJE2Q0qH2Zp7Qdy3cD+ZEtNh9v24Qv1M6JJ3zFt8mmZoCeW2ycuMbJCqBkW9CBuwF+VznZvZY2MxwPipvhvEEGP//0M8YAZJ66yQPDv3PTdAP8FYbIrJyvY44vwyncwbslpfHT9jAsrbfr3vuMuWps86dnP462q+0s1TxBfqi8mzo3gdavjHKWVNwohLahLKT+tWeu6DSzQv0YwMjwtkLgF7QRgx3ctIIkloOrnx9nHH1N6y+hxEB89fOlyVDjHhgL5uVtsD5fEdT0FJ2Gc/2nShEMMqIwr1/J9kUq1mNySff/uEe65Q==
+ingotronic.ch.		300	IN	RRSIG	DNSKEY 5 2 300 20150125003700 20141226001657 17430 ingotronic.ch. mEwZjhQqeWksWD0TCnNBrtce4YkWJL3edqL6PvAUu8Fn+Ih437kEs3+pqdkgRsdYQ9HW+lBm/8pWwJlNAv0bi9NykItXMwAUFtncgq+6Pnh3iAM972GXSa5VV4LcGQ5b8CBdHCHiEKDqyPv5Hr5QfYL/FQaWlcNRh4QZZlZNPFA=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 940 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 53393
+;; flags: qr rd ra ad cd ; qd: 1 an: 4 au: 0 ad: 1 
+;; QUESTIONS:
+;;	., type = DNSKEY, class = IN
+
+;; ANSWERS:
+.			87350	IN	DNSKEY	256 3 8 AwEAAaPD7Y7XIi1MOEREJNTrRhyqsY3gff6JWzg+XCbqut1sbcbvqyssHw8DT1AkRaAC92pO8xuyq5QEgEPL1IHfABLwpwXI5gTj4gdwi86bpkmlWs9fRpnn4DPDCTdrnxIejJXgClHikLJF3u3CdpNCMijq4CKdQbMlRZ3avv+G7rh7
+.			87350	IN	DNSKEY	256 3 8 AwEAAe3fSrbLBy3LOS7pnxEUhvPZTE2H5dIGsI/UfruI/nOEvWWa/PSX2BFedBkEqOlYdjdNF2f+6lmfk2Od/xu0v5bVqxFE+/24v3hZSlWBxvXzPTAGHrbW/IJYEPqlzVOAS4XdUgHg0N7IbLywNHMvB+Yf+Nm6ctyXXFLV4WTNnzs7
+.			87350	IN	DNSKEY	257 3 8 AwEAAagAIKlVZrpC6Ia7gEzahOR+9W29euxhJhVVLOyQbSEW0O8gcCjFFVQUTf6v58fLjwBd0YI0EzrAcQqBGCzh/RStIoO8g0NfnfL2MTJRkxoXbfDaUeVPQuYEhg37NZWAJQ9VnMVDxP/VHL496M/QZxkjf5/Efucp2gaDX6RS6CXpoY68LsvPVjR0ZSwzz1apAzvN9dlzEheX7ICJBBtuA6G3LQpzW5hOA2hzCTMjJPJ8LbqF6dsV6DoBQzgul0sGIcGOYl7OyQdXfZ57relSQageu+ipAdTTJ25AsRTAoub8ONGcLmqrAmRLKBP1dfwhYB4N7knNnulqQxA+Uk1ihz0=
+.			87350	IN	RRSIG	DNSKEY 8 0 172800 20150115235959 20150101000000 19036 . i8cAxD2pvQi1oAyvQxRpDfFlbqPzW+69QQEsDwE1eWOm5AtawO9U7lmsGps7sy/fVNvl1ljKBj4Djp9pb3U2FLogjiIlW0cDAkPmLlG9t+b/pjEfBNlhjANUVN06pvQVAfm+LcF26EaWT6FlISBqb6jSy4BHRa3Bdc4Sx7+pRSYSqVVvYxLkfAWsKPqGkvWhebJDndJJV9syXQXgZ+v/uJ+6XOS43xkAdeL8iBzIs/FlwMTfh3tVe3d0lb65IBBLlCzeQuetX+0Vu1YFcnD0mHc/wS2ZnAV5toAFmyVQBoY/XAZiZeaOkcROJ6Zmqezy7liwK7BqsYyAZntMhk8lbg==
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 883 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 59544
+;; flags: qr rd ra ad cd ; qd: 1 an: 2 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ch., type = DS, class = IN
+
+;; ANSWERS:
+ch.			950	IN	DS	46375 8 2 8F96646FC68BB7E4AF4C0750A6096FBC0D4ECDA3D3FA6DA06FDDB42EE50C6CF3
+ch.			950	IN	RRSIG	DS 8 1 86400 20150112170000 20150105160000 16665 . thY7xYWBBxiBjqbQIb9fAG4TmQgnziwM7q6P1T3/ITxmECdvOCQnnZA3uD7qmN8uM0HudsD7+y+zgD3rsH4RSTKdL4kHSI0OnCxToMTvklghEgFDezqIRm8NkWdI2H4Stwrj20nYKSpLQxPI2EE54gs18P3KyO8bAUYv8Qx73xU=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 238 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 21621
+;; flags: qr rd ra ad cd ; qd: 1 an: 4 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ch., type = DNSKEY, class = IN
+
+;; ANSWERS:
+ch.			951	IN	DNSKEY	257 3 8 AwEAAb7GhhZ8IAy/AhwmSms5DeQK5ad09wIIplEpYoiAIYXPtJvT1ReFzyfTp/2YP+g/PWDwHPh4qKAHa9x0VgbIQcGAeNakmfkAdWEmCnca323/SAml3mwfaX62G7/uYWae5zh8QTxZKNd+K1yZ5x0IxnI31chSl5xymRbTEHYZDKwSIRFM3fTxUMt93WFaBVWELReYotJBr++rvAWdnlay5TPBTvheLBkaiqtgM4GP8HK07Y+86lsZnEsj5K3G1KTV5SPpa82rqYAwxG9VKbmSE/6/kBR5jJHjt1rRt5Oe7v18aEtw0YCEN4vxq+KuvMoNVqXUsE9LBwHJD+QNwi6wmB0=
+ch.			951	IN	DNSKEY	256 3 8 AwEAAcSLdT0fEmcFmLpeUkAJoeVaHKiu+nbuc43fWlqaCRVf8t2HA4uWxOk0O5ci9nrFTc8nq8oa5fk5Cj7CHh4yrX9qUCfTdIWTyp8BDEdJpS+Dyb0u9wQuVj+nQMj4fLzdQf4TJs3/qxuiLr3nL1UUwlhhXeqSqGVb7p3mtB5HJ8ad
+ch.			951	IN	DNSKEY	256 3 8 AwEAAcsg0kY6fw1wzYMhSAKTy+Y2JzAst66P/1odp9NECJJHbU8f4nwziI3onoFSBV0ZiSZhY1aH5dhdDZ7BkrqhVXSrZPAz0CvzjIxmB1gSOf9DeZvjQvoy97HqYolxsf+B3QQv2RKBT67elF5+JisKg3/dQISelKn8LhabSoVrMlD1
+ch.			951	IN	RRSIG	DNSKEY 8 1 86400 20150127100909 20141212090909 46375 ch. bT8q0FWyeMH0SulNo6UdIIgZYNATwYsee2bikq2Gh339Bufma8eaqWIPYT3XKmxYPBFOw0bVl+kLZxTwbR1CFoCDXoP+qgQhh4mf9qkNiv2CDSc+0FE3FRREn+DAhYTUEuB58FPiPakFB8s8O7T+k2qhDae7jy4/y7Jl1lnjaBY8s7bzOUPhF0KKCNZmvoKwtL23ZdVeTSV1xM3jkiNnpzBKbcoSWECSGJVp1SE0BnRXdwQP41YTXFZ0310YjaTAUCC5qbMIWdEkHjfdSQtKBImnc85mkapq9w++XQ4zhauPWBtrPV3CcoCahjUaWdjrKVkibomlJZaN8MEO23CfQw==
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 893 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 21667
+;; flags: qr rd ra cd ; qd: 1 an: 3 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ingotronic.ch., type = DS, class = IN
+
+;; ANSWERS:
+ingotronic.ch.		3559	IN	DS	6031 5 2 4A948F2FDADA24686E473EDAC00DCF972584C75E3FAA92C2021B6221449FF87E
+ingotronic.ch.		3559	IN	DS	6031 5 1 733D0218B571CD617B1A7493564B9FC4F12ADE82
+ingotronic.ch.		3559	IN	RRSIG	DS 8 2 3600 20150129033614 20150105123019 60789 ch. rVPJP2HhzW7OkroK2axFj5Lb4iVWCH8Fp/Iq1rF952NDo72b8RiKje2RaAKJAGQ+wd0YgE+PAej04GCmkhlDJA/zvPeeTxuhy3HbJzReMlQ7fjyH+wW1hli+FuIYvogXWf7nO/9VyPORt8X/f/pjrOr3Vlj9sGLN8TGYpEuVSw4=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 288 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 13905
+;; flags: qr aa rd ra cd ; qd: 1 an: 4 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ingotronic.ch., type = DNSKEY, class = IN
+
+;; ANSWERS:
+ingotronic.ch.		300	IN	DNSKEY	257 3 5 AwEAAeA1vzmjaB+eBAcvhzpKEgAEFpvQ1rg4uKDW6MsQtacKoqBpgyep2+LuWotz5p/xYxj3NGsArwN8Ad5cY0FHRr8miTT0elOv6nvlqGIfRuhj/BXAQ1x4ihpSFslHw0lJMYFwxsUZWpUyjWX/nv1xRZMMwF46gui0N4OEbyTYusCk77D+A71k+K0EAitFIbIH4GCUKmH1H7HmXhSVH9bN/n7KEGwW32lmsuuUcJoRKDkcUvbMXY/9Xoa2quERrUg/rBbDUHowRPjYDS5GzY1+f4YY8s40BufGiqyUTKKXL953MVFK8gmezXA0hbmrnZ7CBOw/7238mORAdzExaX8n7CE=
+ingotronic.ch.		300	IN	DNSKEY	256 3 5 AwEAAZ2Xh77GFzpEDx7EHYxShqltHgkiG+BOjBGifEmnJhQSdE5/yNSLFNcdhZZ8HUPxYnaedTqJcFFg4AzUsQklF/fECegTJdZjaj2WoL0/I8K7HMfY/hVuRZUWPNglYi8agJRX6gdkFTCpUNI7stpgKqxtzUJhhw15uG/lKMplwqUr
+ingotronic.ch.		300	IN	RRSIG	DNSKEY 5 2 300 20150125003700 20141226001657 6031 ingotronic.ch. rs1QlP2SlSpA2ELbzwg3DgWLzXWL3Lpv6CUJE2Q0qH2Zp7Qdy3cD+ZEtNh9v24Qv1M6JJ3zFt8mmZoCeW2ycuMbJCqBkW9CBuwF+VznZvZY2MxwPipvhvEEGP//0M8YAZJ66yQPDv3PTdAP8FYbIrJyvY44vwyncwbslpfHT9jAsrbfr3vuMuWps86dnP462q+0s1TxBfqi8mzo3gdavjHKWVNwohLahLKT+tWeu6DSzQv0YwMjwtkLgF7QRgx3ctIIkloOrnx9nHH1N6y+hxEB89fOlyVDjHhgL5uVtsD5fEdT0FJ2Gc/2nShEMMqIwr1/J9kUq1mNySff/uEe65Q==
+ingotronic.ch.		300	IN	RRSIG	DNSKEY 5 2 300 20150125003700 20141226001657 17430 ingotronic.ch. mEwZjhQqeWksWD0TCnNBrtce4YkWJL3edqL6PvAUu8Fn+Ih437kEs3+pqdkgRsdYQ9HW+lBm/8pWwJlNAv0bi9NykItXMwAUFtncgq+6Pnh3iAM972GXSa5VV4LcGQ5b8CBdHCHiEKDqyPv5Hr5QfYL/FQaWlcNRh4QZZlZNPFA=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 940 bytes
+
+###############################################
+
diff --git a/src/test/resources/recordings/org_xbill_DNS_dnssec_TestValUtils/testNoDataWhenNsecProvesExistence b/src/test/resources/recordings/org_xbill_DNS_dnssec_TestValUtils/testNoDataWhenNsecProvesExistence
new file mode 100644
index 000000000..16d480986
--- /dev/null
+++ b/src/test/resources/recordings/org_xbill_DNS_dnssec_TestValUtils/testNoDataWhenNsecProvesExistence
@@ -0,0 +1,217 @@
+#Date: 2015-01-06T22:35:25+01:00
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 41730
+;; flags: qr aa rd ra cd ; qd: 1 an: 2 au: 2 ad: 3 
+;; QUESTIONS:
+;;	www.ingotronic.ch., type = NSEC, class = IN
+
+;; ANSWERS:
+www.ingotronic.ch.	300	IN	NSEC	z.ingotronic.ch. A AAAA RRSIG NSEC
+www.ingotronic.ch.	300	IN	RRSIG	NSEC 5 3 300 20150125012443 20141226010256 17430 ingotronic.ch. fMbLmn92jrN7YeM4XWcq7/kKLiPB3Ll4yQSLiPRWQw79ZVeNJMkqEqdstEnnTyKu/hAId6YpvMKsJnIfCTVyoO75i6CaEKXOpvf9AT7TstEUj0YKjp4vWvcNs2F2144nrnqnaVFX8ZTxnUV50R+/AsqtKA+2/Tky6SlNhzeWVMI=
+
+;; AUTHORITY RECORDS:
+ingotronic.ch.		300	IN	NS	ns1.ingotronic.ch.
+ingotronic.ch.		300	IN	RRSIG	NS 5 2 300 20150125000532 20141225234703 17430 ingotronic.ch. VuzVJM3McSHlcdngCG/G23zCikq8tXE0CZV2ZSgUFXXFMIEoM6PMi1QRQ/8VF3tee4WGpRx2jhtkui0wFRFfwIhW7G1uPDT4qogaR3KLIyuCEsMxhRH3WJZNrLmLqlSBGvd9OBJwbmryqm3Zzqvrk+E+rh8OJeifnBBpHAX4eHg=
+
+;; ADDITIONAL RECORDS:
+ns1.ingotronic.ch.	300	IN	A	62.192.5.131
+ns1.ingotronic.ch.	300	IN	RRSIG	A 5 3 300 20150125005754 20141226001054 17430 ingotronic.ch. fNG1RZM53pXwBxruHNaSZszxVzNLoCq8VZsTjAzYH2vSLzHXYVGJFTLIeY0K9APAdyJU8WuwmABmn7XY0Kg39kRG77uoFlqUws2PdTz2QKOwJGZY7W88Ak2Y9lkDBcK8o3wJHVptrT8R7p/1U7UfjF0kqPUkakk2B0EbFWdagFg=
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 636 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 8881
+;; flags: qr rd ra ad cd ; qd: 1 an: 4 au: 0 ad: 1 
+;; QUESTIONS:
+;;	., type = DNSKEY, class = IN
+
+;; ANSWERS:
+.			87348	IN	DNSKEY	256 3 8 AwEAAe3fSrbLBy3LOS7pnxEUhvPZTE2H5dIGsI/UfruI/nOEvWWa/PSX2BFedBkEqOlYdjdNF2f+6lmfk2Od/xu0v5bVqxFE+/24v3hZSlWBxvXzPTAGHrbW/IJYEPqlzVOAS4XdUgHg0N7IbLywNHMvB+Yf+Nm6ctyXXFLV4WTNnzs7
+.			87348	IN	DNSKEY	257 3 8 AwEAAagAIKlVZrpC6Ia7gEzahOR+9W29euxhJhVVLOyQbSEW0O8gcCjFFVQUTf6v58fLjwBd0YI0EzrAcQqBGCzh/RStIoO8g0NfnfL2MTJRkxoXbfDaUeVPQuYEhg37NZWAJQ9VnMVDxP/VHL496M/QZxkjf5/Efucp2gaDX6RS6CXpoY68LsvPVjR0ZSwzz1apAzvN9dlzEheX7ICJBBtuA6G3LQpzW5hOA2hzCTMjJPJ8LbqF6dsV6DoBQzgul0sGIcGOYl7OyQdXfZ57relSQageu+ipAdTTJ25AsRTAoub8ONGcLmqrAmRLKBP1dfwhYB4N7knNnulqQxA+Uk1ihz0=
+.			87348	IN	DNSKEY	256 3 8 AwEAAaPD7Y7XIi1MOEREJNTrRhyqsY3gff6JWzg+XCbqut1sbcbvqyssHw8DT1AkRaAC92pO8xuyq5QEgEPL1IHfABLwpwXI5gTj4gdwi86bpkmlWs9fRpnn4DPDCTdrnxIejJXgClHikLJF3u3CdpNCMijq4CKdQbMlRZ3avv+G7rh7
+.			87348	IN	RRSIG	DNSKEY 8 0 172800 20150115235959 20150101000000 19036 . i8cAxD2pvQi1oAyvQxRpDfFlbqPzW+69QQEsDwE1eWOm5AtawO9U7lmsGps7sy/fVNvl1ljKBj4Djp9pb3U2FLogjiIlW0cDAkPmLlG9t+b/pjEfBNlhjANUVN06pvQVAfm+LcF26EaWT6FlISBqb6jSy4BHRa3Bdc4Sx7+pRSYSqVVvYxLkfAWsKPqGkvWhebJDndJJV9syXQXgZ+v/uJ+6XOS43xkAdeL8iBzIs/FlwMTfh3tVe3d0lb65IBBLlCzeQuetX+0Vu1YFcnD0mHc/wS2ZnAV5toAFmyVQBoY/XAZiZeaOkcROJ6Zmqezy7liwK7BqsYyAZntMhk8lbg==
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 883 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 59326
+;; flags: qr rd ra ad cd ; qd: 1 an: 2 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ch., type = DS, class = IN
+
+;; ANSWERS:
+ch.			948	IN	DS	46375 8 2 8F96646FC68BB7E4AF4C0750A6096FBC0D4ECDA3D3FA6DA06FDDB42EE50C6CF3
+ch.			948	IN	RRSIG	DS 8 1 86400 20150112170000 20150105160000 16665 . thY7xYWBBxiBjqbQIb9fAG4TmQgnziwM7q6P1T3/ITxmECdvOCQnnZA3uD7qmN8uM0HudsD7+y+zgD3rsH4RSTKdL4kHSI0OnCxToMTvklghEgFDezqIRm8NkWdI2H4Stwrj20nYKSpLQxPI2EE54gs18P3KyO8bAUYv8Qx73xU=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 238 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 48712
+;; flags: qr rd ra ad cd ; qd: 1 an: 4 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ch., type = DNSKEY, class = IN
+
+;; ANSWERS:
+ch.			949	IN	DNSKEY	257 3 8 AwEAAb7GhhZ8IAy/AhwmSms5DeQK5ad09wIIplEpYoiAIYXPtJvT1ReFzyfTp/2YP+g/PWDwHPh4qKAHa9x0VgbIQcGAeNakmfkAdWEmCnca323/SAml3mwfaX62G7/uYWae5zh8QTxZKNd+K1yZ5x0IxnI31chSl5xymRbTEHYZDKwSIRFM3fTxUMt93WFaBVWELReYotJBr++rvAWdnlay5TPBTvheLBkaiqtgM4GP8HK07Y+86lsZnEsj5K3G1KTV5SPpa82rqYAwxG9VKbmSE/6/kBR5jJHjt1rRt5Oe7v18aEtw0YCEN4vxq+KuvMoNVqXUsE9LBwHJD+QNwi6wmB0=
+ch.			949	IN	DNSKEY	256 3 8 AwEAAcSLdT0fEmcFmLpeUkAJoeVaHKiu+nbuc43fWlqaCRVf8t2HA4uWxOk0O5ci9nrFTc8nq8oa5fk5Cj7CHh4yrX9qUCfTdIWTyp8BDEdJpS+Dyb0u9wQuVj+nQMj4fLzdQf4TJs3/qxuiLr3nL1UUwlhhXeqSqGVb7p3mtB5HJ8ad
+ch.			949	IN	DNSKEY	256 3 8 AwEAAcsg0kY6fw1wzYMhSAKTy+Y2JzAst66P/1odp9NECJJHbU8f4nwziI3onoFSBV0ZiSZhY1aH5dhdDZ7BkrqhVXSrZPAz0CvzjIxmB1gSOf9DeZvjQvoy97HqYolxsf+B3QQv2RKBT67elF5+JisKg3/dQISelKn8LhabSoVrMlD1
+ch.			949	IN	RRSIG	DNSKEY 8 1 86400 20150127100909 20141212090909 46375 ch. bT8q0FWyeMH0SulNo6UdIIgZYNATwYsee2bikq2Gh339Bufma8eaqWIPYT3XKmxYPBFOw0bVl+kLZxTwbR1CFoCDXoP+qgQhh4mf9qkNiv2CDSc+0FE3FRREn+DAhYTUEuB58FPiPakFB8s8O7T+k2qhDae7jy4/y7Jl1lnjaBY8s7bzOUPhF0KKCNZmvoKwtL23ZdVeTSV1xM3jkiNnpzBKbcoSWECSGJVp1SE0BnRXdwQP41YTXFZ0310YjaTAUCC5qbMIWdEkHjfdSQtKBImnc85mkapq9w++XQ4zhauPWBtrPV3CcoCahjUaWdjrKVkibomlJZaN8MEO23CfQw==
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 893 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 54200
+;; flags: qr rd ra cd ; qd: 1 an: 3 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ingotronic.ch., type = DS, class = IN
+
+;; ANSWERS:
+ingotronic.ch.		3557	IN	DS	6031 5 1 733D0218B571CD617B1A7493564B9FC4F12ADE82
+ingotronic.ch.		3557	IN	DS	6031 5 2 4A948F2FDADA24686E473EDAC00DCF972584C75E3FAA92C2021B6221449FF87E
+ingotronic.ch.		3557	IN	RRSIG	DS 8 2 3600 20150129033614 20150105123019 60789 ch. rVPJP2HhzW7OkroK2axFj5Lb4iVWCH8Fp/Iq1rF952NDo72b8RiKje2RaAKJAGQ+wd0YgE+PAej04GCmkhlDJA/zvPeeTxuhy3HbJzReMlQ7fjyH+wW1hli+FuIYvogXWf7nO/9VyPORt8X/f/pjrOr3Vlj9sGLN8TGYpEuVSw4=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 288 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 27755
+;; flags: qr aa rd ra cd ; qd: 1 an: 4 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ingotronic.ch., type = DNSKEY, class = IN
+
+;; ANSWERS:
+ingotronic.ch.		300	IN	DNSKEY	257 3 5 AwEAAeA1vzmjaB+eBAcvhzpKEgAEFpvQ1rg4uKDW6MsQtacKoqBpgyep2+LuWotz5p/xYxj3NGsArwN8Ad5cY0FHRr8miTT0elOv6nvlqGIfRuhj/BXAQ1x4ihpSFslHw0lJMYFwxsUZWpUyjWX/nv1xRZMMwF46gui0N4OEbyTYusCk77D+A71k+K0EAitFIbIH4GCUKmH1H7HmXhSVH9bN/n7KEGwW32lmsuuUcJoRKDkcUvbMXY/9Xoa2quERrUg/rBbDUHowRPjYDS5GzY1+f4YY8s40BufGiqyUTKKXL953MVFK8gmezXA0hbmrnZ7CBOw/7238mORAdzExaX8n7CE=
+ingotronic.ch.		300	IN	DNSKEY	256 3 5 AwEAAZ2Xh77GFzpEDx7EHYxShqltHgkiG+BOjBGifEmnJhQSdE5/yNSLFNcdhZZ8HUPxYnaedTqJcFFg4AzUsQklF/fECegTJdZjaj2WoL0/I8K7HMfY/hVuRZUWPNglYi8agJRX6gdkFTCpUNI7stpgKqxtzUJhhw15uG/lKMplwqUr
+ingotronic.ch.		300	IN	RRSIG	DNSKEY 5 2 300 20150125003700 20141226001657 6031 ingotronic.ch. rs1QlP2SlSpA2ELbzwg3DgWLzXWL3Lpv6CUJE2Q0qH2Zp7Qdy3cD+ZEtNh9v24Qv1M6JJ3zFt8mmZoCeW2ycuMbJCqBkW9CBuwF+VznZvZY2MxwPipvhvEEGP//0M8YAZJ66yQPDv3PTdAP8FYbIrJyvY44vwyncwbslpfHT9jAsrbfr3vuMuWps86dnP462q+0s1TxBfqi8mzo3gdavjHKWVNwohLahLKT+tWeu6DSzQv0YwMjwtkLgF7QRgx3ctIIkloOrnx9nHH1N6y+hxEB89fOlyVDjHhgL5uVtsD5fEdT0FJ2Gc/2nShEMMqIwr1/J9kUq1mNySff/uEe65Q==
+ingotronic.ch.		300	IN	RRSIG	DNSKEY 5 2 300 20150125003700 20141226001657 17430 ingotronic.ch. mEwZjhQqeWksWD0TCnNBrtce4YkWJL3edqL6PvAUu8Fn+Ih437kEs3+pqdkgRsdYQ9HW+lBm/8pWwJlNAv0bi9NykItXMwAUFtncgq+6Pnh3iAM972GXSa5VV4LcGQ5b8CBdHCHiEKDqyPv5Hr5QfYL/FQaWlcNRh4QZZlZNPFA=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 940 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 48898
+;; flags: qr rd ra ad cd ; qd: 1 an: 4 au: 0 ad: 1 
+;; QUESTIONS:
+;;	., type = DNSKEY, class = IN
+
+;; ANSWERS:
+.			87348	IN	DNSKEY	256 3 8 AwEAAaPD7Y7XIi1MOEREJNTrRhyqsY3gff6JWzg+XCbqut1sbcbvqyssHw8DT1AkRaAC92pO8xuyq5QEgEPL1IHfABLwpwXI5gTj4gdwi86bpkmlWs9fRpnn4DPDCTdrnxIejJXgClHikLJF3u3CdpNCMijq4CKdQbMlRZ3avv+G7rh7
+.			87348	IN	DNSKEY	257 3 8 AwEAAagAIKlVZrpC6Ia7gEzahOR+9W29euxhJhVVLOyQbSEW0O8gcCjFFVQUTf6v58fLjwBd0YI0EzrAcQqBGCzh/RStIoO8g0NfnfL2MTJRkxoXbfDaUeVPQuYEhg37NZWAJQ9VnMVDxP/VHL496M/QZxkjf5/Efucp2gaDX6RS6CXpoY68LsvPVjR0ZSwzz1apAzvN9dlzEheX7ICJBBtuA6G3LQpzW5hOA2hzCTMjJPJ8LbqF6dsV6DoBQzgul0sGIcGOYl7OyQdXfZ57relSQageu+ipAdTTJ25AsRTAoub8ONGcLmqrAmRLKBP1dfwhYB4N7knNnulqQxA+Uk1ihz0=
+.			87348	IN	DNSKEY	256 3 8 AwEAAe3fSrbLBy3LOS7pnxEUhvPZTE2H5dIGsI/UfruI/nOEvWWa/PSX2BFedBkEqOlYdjdNF2f+6lmfk2Od/xu0v5bVqxFE+/24v3hZSlWBxvXzPTAGHrbW/IJYEPqlzVOAS4XdUgHg0N7IbLywNHMvB+Yf+Nm6ctyXXFLV4WTNnzs7
+.			87348	IN	RRSIG	DNSKEY 8 0 172800 20150115235959 20150101000000 19036 . i8cAxD2pvQi1oAyvQxRpDfFlbqPzW+69QQEsDwE1eWOm5AtawO9U7lmsGps7sy/fVNvl1ljKBj4Djp9pb3U2FLogjiIlW0cDAkPmLlG9t+b/pjEfBNlhjANUVN06pvQVAfm+LcF26EaWT6FlISBqb6jSy4BHRa3Bdc4Sx7+pRSYSqVVvYxLkfAWsKPqGkvWhebJDndJJV9syXQXgZ+v/uJ+6XOS43xkAdeL8iBzIs/FlwMTfh3tVe3d0lb65IBBLlCzeQuetX+0Vu1YFcnD0mHc/wS2ZnAV5toAFmyVQBoY/XAZiZeaOkcROJ6Zmqezy7liwK7BqsYyAZntMhk8lbg==
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 883 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 10818
+;; flags: qr rd ra ad cd ; qd: 1 an: 2 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ch., type = DS, class = IN
+
+;; ANSWERS:
+ch.			948	IN	DS	46375 8 2 8F96646FC68BB7E4AF4C0750A6096FBC0D4ECDA3D3FA6DA06FDDB42EE50C6CF3
+ch.			948	IN	RRSIG	DS 8 1 86400 20150112170000 20150105160000 16665 . thY7xYWBBxiBjqbQIb9fAG4TmQgnziwM7q6P1T3/ITxmECdvOCQnnZA3uD7qmN8uM0HudsD7+y+zgD3rsH4RSTKdL4kHSI0OnCxToMTvklghEgFDezqIRm8NkWdI2H4Stwrj20nYKSpLQxPI2EE54gs18P3KyO8bAUYv8Qx73xU=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 238 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 44946
+;; flags: qr rd ra ad cd ; qd: 1 an: 4 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ch., type = DNSKEY, class = IN
+
+;; ANSWERS:
+ch.			949	IN	DNSKEY	257 3 8 AwEAAb7GhhZ8IAy/AhwmSms5DeQK5ad09wIIplEpYoiAIYXPtJvT1ReFzyfTp/2YP+g/PWDwHPh4qKAHa9x0VgbIQcGAeNakmfkAdWEmCnca323/SAml3mwfaX62G7/uYWae5zh8QTxZKNd+K1yZ5x0IxnI31chSl5xymRbTEHYZDKwSIRFM3fTxUMt93WFaBVWELReYotJBr++rvAWdnlay5TPBTvheLBkaiqtgM4GP8HK07Y+86lsZnEsj5K3G1KTV5SPpa82rqYAwxG9VKbmSE/6/kBR5jJHjt1rRt5Oe7v18aEtw0YCEN4vxq+KuvMoNVqXUsE9LBwHJD+QNwi6wmB0=
+ch.			949	IN	DNSKEY	256 3 8 AwEAAcsg0kY6fw1wzYMhSAKTy+Y2JzAst66P/1odp9NECJJHbU8f4nwziI3onoFSBV0ZiSZhY1aH5dhdDZ7BkrqhVXSrZPAz0CvzjIxmB1gSOf9DeZvjQvoy97HqYolxsf+B3QQv2RKBT67elF5+JisKg3/dQISelKn8LhabSoVrMlD1
+ch.			949	IN	DNSKEY	256 3 8 AwEAAcSLdT0fEmcFmLpeUkAJoeVaHKiu+nbuc43fWlqaCRVf8t2HA4uWxOk0O5ci9nrFTc8nq8oa5fk5Cj7CHh4yrX9qUCfTdIWTyp8BDEdJpS+Dyb0u9wQuVj+nQMj4fLzdQf4TJs3/qxuiLr3nL1UUwlhhXeqSqGVb7p3mtB5HJ8ad
+ch.			949	IN	RRSIG	DNSKEY 8 1 86400 20150127100909 20141212090909 46375 ch. bT8q0FWyeMH0SulNo6UdIIgZYNATwYsee2bikq2Gh339Bufma8eaqWIPYT3XKmxYPBFOw0bVl+kLZxTwbR1CFoCDXoP+qgQhh4mf9qkNiv2CDSc+0FE3FRREn+DAhYTUEuB58FPiPakFB8s8O7T+k2qhDae7jy4/y7Jl1lnjaBY8s7bzOUPhF0KKCNZmvoKwtL23ZdVeTSV1xM3jkiNnpzBKbcoSWECSGJVp1SE0BnRXdwQP41YTXFZ0310YjaTAUCC5qbMIWdEkHjfdSQtKBImnc85mkapq9w++XQ4zhauPWBtrPV3CcoCahjUaWdjrKVkibomlJZaN8MEO23CfQw==
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 893 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 50782
+;; flags: qr rd ra cd ; qd: 1 an: 3 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ingotronic.ch., type = DS, class = IN
+
+;; ANSWERS:
+ingotronic.ch.		3557	IN	DS	6031 5 1 733D0218B571CD617B1A7493564B9FC4F12ADE82
+ingotronic.ch.		3557	IN	DS	6031 5 2 4A948F2FDADA24686E473EDAC00DCF972584C75E3FAA92C2021B6221449FF87E
+ingotronic.ch.		3557	IN	RRSIG	DS 8 2 3600 20150129033614 20150105123019 60789 ch. rVPJP2HhzW7OkroK2axFj5Lb4iVWCH8Fp/Iq1rF952NDo72b8RiKje2RaAKJAGQ+wd0YgE+PAej04GCmkhlDJA/zvPeeTxuhy3HbJzReMlQ7fjyH+wW1hli+FuIYvogXWf7nO/9VyPORt8X/f/pjrOr3Vlj9sGLN8TGYpEuVSw4=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 288 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 8263
+;; flags: qr aa rd ra cd ; qd: 1 an: 4 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ingotronic.ch., type = DNSKEY, class = IN
+
+;; ANSWERS:
+ingotronic.ch.		300	IN	DNSKEY	257 3 5 AwEAAeA1vzmjaB+eBAcvhzpKEgAEFpvQ1rg4uKDW6MsQtacKoqBpgyep2+LuWotz5p/xYxj3NGsArwN8Ad5cY0FHRr8miTT0elOv6nvlqGIfRuhj/BXAQ1x4ihpSFslHw0lJMYFwxsUZWpUyjWX/nv1xRZMMwF46gui0N4OEbyTYusCk77D+A71k+K0EAitFIbIH4GCUKmH1H7HmXhSVH9bN/n7KEGwW32lmsuuUcJoRKDkcUvbMXY/9Xoa2quERrUg/rBbDUHowRPjYDS5GzY1+f4YY8s40BufGiqyUTKKXL953MVFK8gmezXA0hbmrnZ7CBOw/7238mORAdzExaX8n7CE=
+ingotronic.ch.		300	IN	DNSKEY	256 3 5 AwEAAZ2Xh77GFzpEDx7EHYxShqltHgkiG+BOjBGifEmnJhQSdE5/yNSLFNcdhZZ8HUPxYnaedTqJcFFg4AzUsQklF/fECegTJdZjaj2WoL0/I8K7HMfY/hVuRZUWPNglYi8agJRX6gdkFTCpUNI7stpgKqxtzUJhhw15uG/lKMplwqUr
+ingotronic.ch.		300	IN	RRSIG	DNSKEY 5 2 300 20150125003700 20141226001657 6031 ingotronic.ch. rs1QlP2SlSpA2ELbzwg3DgWLzXWL3Lpv6CUJE2Q0qH2Zp7Qdy3cD+ZEtNh9v24Qv1M6JJ3zFt8mmZoCeW2ycuMbJCqBkW9CBuwF+VznZvZY2MxwPipvhvEEGP//0M8YAZJ66yQPDv3PTdAP8FYbIrJyvY44vwyncwbslpfHT9jAsrbfr3vuMuWps86dnP462q+0s1TxBfqi8mzo3gdavjHKWVNwohLahLKT+tWeu6DSzQv0YwMjwtkLgF7QRgx3ctIIkloOrnx9nHH1N6y+hxEB89fOlyVDjHhgL5uVtsD5fEdT0FJ2Gc/2nShEMMqIwr1/J9kUq1mNySff/uEe65Q==
+ingotronic.ch.		300	IN	RRSIG	DNSKEY 5 2 300 20150125003700 20141226001657 17430 ingotronic.ch. mEwZjhQqeWksWD0TCnNBrtce4YkWJL3edqL6PvAUu8Fn+Ih437kEs3+pqdkgRsdYQ9HW+lBm/8pWwJlNAv0bi9NykItXMwAUFtncgq+6Pnh3iAM972GXSa5VV4LcGQ5b8CBdHCHiEKDqyPv5Hr5QfYL/FQaWlcNRh4QZZlZNPFA=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 940 bytes
+
+###############################################
+
diff --git a/src/test/resources/recordings/org_xbill_DNS_dnssec_TestValUtils/testNoDataWhenResultIsFromDelegationPoint b/src/test/resources/recordings/org_xbill_DNS_dnssec_TestValUtils/testNoDataWhenResultIsFromDelegationPoint
new file mode 100644
index 000000000..9cd1d0f95
--- /dev/null
+++ b/src/test/resources/recordings/org_xbill_DNS_dnssec_TestValUtils/testNoDataWhenResultIsFromDelegationPoint
@@ -0,0 +1,373 @@
+#Date: 2015-01-06T22:35:22+01:00
+;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 57267
+;; flags: qr aa rd ra cd ; qd: 1 an: 0 au: 6 ad: 1 
+;; QUESTIONS:
+;;	t.ingotronic.ch., type = A, class = IN
+
+;; ANSWERS:
+
+;; AUTHORITY RECORDS:
+ingotronic.ch.		300	IN	SOA	ns1.ingotronic.ch. admin.ingotronic.ch. 2013032762 300 60 864000 300
+ingotronic.ch.		300	IN	RRSIG	SOA 5 2 300 20150125021244 20141226011244 17430 ingotronic.ch. WDLpp9G0P/rlMBfpFn9sAfpEFoBnQfwyGSXbGCc/LG1FSkJoKLDQYDY696scLNsJgkrzZeJrl0oSSvA8AvRUhYRrmuqWMxTVFgYlRwPwqEMCKUqiVhKGVF4NYemoBiUQC4nJwBZd57xKCiF4AQ4CodBtiZxefJFAlTNE0g2yxtM=
+ingotronic.ch.		300	IN	NSEC	alias.ingotronic.ch. A NS SOA RRSIG NSEC DNSKEY
+ingotronic.ch.		300	IN	RRSIG	NSEC 5 2 300 20150125000532 20141225234703 17430 ingotronic.ch. en5BaZ6zWqEvoUFUDPm5g1pjz7THXBv/1kjKtV2tS+7xh0BtkLEzlA9n/H66ZZAX2EIh7vXj12xVJKOuEuM0o1mJwKsBaLQuTra60/zYAUIddwUOCzI3zzjiRFklPyHSnLkGoBODZcvehnsTzTPyBxkfoouleqpj7gN5jOSBL8M=
+sub.ingotronic.ch.	300	IN	NSEC	unknown-alg.ingotronic.ch. NS DS RRSIG NSEC
+sub.ingotronic.ch.	300	IN	RRSIG	NSEC 5 3 300 20150125004144 20141226003211 17430 ingotronic.ch. bNZQZZypKi/2MlAYJ6h0W69GSCLxnkvq4cXdR5oBfvcGlvP5AMnuqqY0HwjByPHqg8TMn/lrlpoXPODAjeAadRD73F3GD1YgyWDr1eCeSGCIHisadDYpzdeqgQNHxYbz2UMtB5d/6Q/C4yyzWuxk3Rpwg+bV77yYlOjDxgVYMhg=
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 702 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 8953
+;; flags: qr rd ra ad cd ; qd: 1 an: 4 au: 0 ad: 1 
+;; QUESTIONS:
+;;	., type = DNSKEY, class = IN
+
+;; ANSWERS:
+.			87351	IN	DNSKEY	256 3 8 AwEAAaPD7Y7XIi1MOEREJNTrRhyqsY3gff6JWzg+XCbqut1sbcbvqyssHw8DT1AkRaAC92pO8xuyq5QEgEPL1IHfABLwpwXI5gTj4gdwi86bpkmlWs9fRpnn4DPDCTdrnxIejJXgClHikLJF3u3CdpNCMijq4CKdQbMlRZ3avv+G7rh7
+.			87351	IN	DNSKEY	256 3 8 AwEAAe3fSrbLBy3LOS7pnxEUhvPZTE2H5dIGsI/UfruI/nOEvWWa/PSX2BFedBkEqOlYdjdNF2f+6lmfk2Od/xu0v5bVqxFE+/24v3hZSlWBxvXzPTAGHrbW/IJYEPqlzVOAS4XdUgHg0N7IbLywNHMvB+Yf+Nm6ctyXXFLV4WTNnzs7
+.			87351	IN	DNSKEY	257 3 8 AwEAAagAIKlVZrpC6Ia7gEzahOR+9W29euxhJhVVLOyQbSEW0O8gcCjFFVQUTf6v58fLjwBd0YI0EzrAcQqBGCzh/RStIoO8g0NfnfL2MTJRkxoXbfDaUeVPQuYEhg37NZWAJQ9VnMVDxP/VHL496M/QZxkjf5/Efucp2gaDX6RS6CXpoY68LsvPVjR0ZSwzz1apAzvN9dlzEheX7ICJBBtuA6G3LQpzW5hOA2hzCTMjJPJ8LbqF6dsV6DoBQzgul0sGIcGOYl7OyQdXfZ57relSQageu+ipAdTTJ25AsRTAoub8ONGcLmqrAmRLKBP1dfwhYB4N7knNnulqQxA+Uk1ihz0=
+.			87351	IN	RRSIG	DNSKEY 8 0 172800 20150115235959 20150101000000 19036 . i8cAxD2pvQi1oAyvQxRpDfFlbqPzW+69QQEsDwE1eWOm5AtawO9U7lmsGps7sy/fVNvl1ljKBj4Djp9pb3U2FLogjiIlW0cDAkPmLlG9t+b/pjEfBNlhjANUVN06pvQVAfm+LcF26EaWT6FlISBqb6jSy4BHRa3Bdc4Sx7+pRSYSqVVvYxLkfAWsKPqGkvWhebJDndJJV9syXQXgZ+v/uJ+6XOS43xkAdeL8iBzIs/FlwMTfh3tVe3d0lb65IBBLlCzeQuetX+0Vu1YFcnD0mHc/wS2ZnAV5toAFmyVQBoY/XAZiZeaOkcROJ6Zmqezy7liwK7BqsYyAZntMhk8lbg==
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 883 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 17144
+;; flags: qr rd ra ad cd ; qd: 1 an: 2 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ch., type = DS, class = IN
+
+;; ANSWERS:
+ch.			951	IN	DS	46375 8 2 8F96646FC68BB7E4AF4C0750A6096FBC0D4ECDA3D3FA6DA06FDDB42EE50C6CF3
+ch.			951	IN	RRSIG	DS 8 1 86400 20150112170000 20150105160000 16665 . thY7xYWBBxiBjqbQIb9fAG4TmQgnziwM7q6P1T3/ITxmECdvOCQnnZA3uD7qmN8uM0HudsD7+y+zgD3rsH4RSTKdL4kHSI0OnCxToMTvklghEgFDezqIRm8NkWdI2H4Stwrj20nYKSpLQxPI2EE54gs18P3KyO8bAUYv8Qx73xU=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 238 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 3356
+;; flags: qr rd ra ad cd ; qd: 1 an: 4 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ch., type = DNSKEY, class = IN
+
+;; ANSWERS:
+ch.			952	IN	DNSKEY	256 3 8 AwEAAcsg0kY6fw1wzYMhSAKTy+Y2JzAst66P/1odp9NECJJHbU8f4nwziI3onoFSBV0ZiSZhY1aH5dhdDZ7BkrqhVXSrZPAz0CvzjIxmB1gSOf9DeZvjQvoy97HqYolxsf+B3QQv2RKBT67elF5+JisKg3/dQISelKn8LhabSoVrMlD1
+ch.			952	IN	DNSKEY	257 3 8 AwEAAb7GhhZ8IAy/AhwmSms5DeQK5ad09wIIplEpYoiAIYXPtJvT1ReFzyfTp/2YP+g/PWDwHPh4qKAHa9x0VgbIQcGAeNakmfkAdWEmCnca323/SAml3mwfaX62G7/uYWae5zh8QTxZKNd+K1yZ5x0IxnI31chSl5xymRbTEHYZDKwSIRFM3fTxUMt93WFaBVWELReYotJBr++rvAWdnlay5TPBTvheLBkaiqtgM4GP8HK07Y+86lsZnEsj5K3G1KTV5SPpa82rqYAwxG9VKbmSE/6/kBR5jJHjt1rRt5Oe7v18aEtw0YCEN4vxq+KuvMoNVqXUsE9LBwHJD+QNwi6wmB0=
+ch.			952	IN	DNSKEY	256 3 8 AwEAAcSLdT0fEmcFmLpeUkAJoeVaHKiu+nbuc43fWlqaCRVf8t2HA4uWxOk0O5ci9nrFTc8nq8oa5fk5Cj7CHh4yrX9qUCfTdIWTyp8BDEdJpS+Dyb0u9wQuVj+nQMj4fLzdQf4TJs3/qxuiLr3nL1UUwlhhXeqSqGVb7p3mtB5HJ8ad
+ch.			952	IN	RRSIG	DNSKEY 8 1 86400 20150127100909 20141212090909 46375 ch. bT8q0FWyeMH0SulNo6UdIIgZYNATwYsee2bikq2Gh339Bufma8eaqWIPYT3XKmxYPBFOw0bVl+kLZxTwbR1CFoCDXoP+qgQhh4mf9qkNiv2CDSc+0FE3FRREn+DAhYTUEuB58FPiPakFB8s8O7T+k2qhDae7jy4/y7Jl1lnjaBY8s7bzOUPhF0KKCNZmvoKwtL23ZdVeTSV1xM3jkiNnpzBKbcoSWECSGJVp1SE0BnRXdwQP41YTXFZ0310YjaTAUCC5qbMIWdEkHjfdSQtKBImnc85mkapq9w++XQ4zhauPWBtrPV3CcoCahjUaWdjrKVkibomlJZaN8MEO23CfQw==
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 893 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 62665
+;; flags: qr rd ra cd ; qd: 1 an: 3 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ingotronic.ch., type = DS, class = IN
+
+;; ANSWERS:
+ingotronic.ch.		3560	IN	DS	6031 5 2 4A948F2FDADA24686E473EDAC00DCF972584C75E3FAA92C2021B6221449FF87E
+ingotronic.ch.		3560	IN	DS	6031 5 1 733D0218B571CD617B1A7493564B9FC4F12ADE82
+ingotronic.ch.		3560	IN	RRSIG	DS 8 2 3600 20150129033614 20150105123019 60789 ch. rVPJP2HhzW7OkroK2axFj5Lb4iVWCH8Fp/Iq1rF952NDo72b8RiKje2RaAKJAGQ+wd0YgE+PAej04GCmkhlDJA/zvPeeTxuhy3HbJzReMlQ7fjyH+wW1hli+FuIYvogXWf7nO/9VyPORt8X/f/pjrOr3Vlj9sGLN8TGYpEuVSw4=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 288 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 43084
+;; flags: qr aa rd ra cd ; qd: 1 an: 4 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ingotronic.ch., type = DNSKEY, class = IN
+
+;; ANSWERS:
+ingotronic.ch.		300	IN	DNSKEY	256 3 5 AwEAAZ2Xh77GFzpEDx7EHYxShqltHgkiG+BOjBGifEmnJhQSdE5/yNSLFNcdhZZ8HUPxYnaedTqJcFFg4AzUsQklF/fECegTJdZjaj2WoL0/I8K7HMfY/hVuRZUWPNglYi8agJRX6gdkFTCpUNI7stpgKqxtzUJhhw15uG/lKMplwqUr
+ingotronic.ch.		300	IN	DNSKEY	257 3 5 AwEAAeA1vzmjaB+eBAcvhzpKEgAEFpvQ1rg4uKDW6MsQtacKoqBpgyep2+LuWotz5p/xYxj3NGsArwN8Ad5cY0FHRr8miTT0elOv6nvlqGIfRuhj/BXAQ1x4ihpSFslHw0lJMYFwxsUZWpUyjWX/nv1xRZMMwF46gui0N4OEbyTYusCk77D+A71k+K0EAitFIbIH4GCUKmH1H7HmXhSVH9bN/n7KEGwW32lmsuuUcJoRKDkcUvbMXY/9Xoa2quERrUg/rBbDUHowRPjYDS5GzY1+f4YY8s40BufGiqyUTKKXL953MVFK8gmezXA0hbmrnZ7CBOw/7238mORAdzExaX8n7CE=
+ingotronic.ch.		300	IN	RRSIG	DNSKEY 5 2 300 20150125003700 20141226001657 6031 ingotronic.ch. rs1QlP2SlSpA2ELbzwg3DgWLzXWL3Lpv6CUJE2Q0qH2Zp7Qdy3cD+ZEtNh9v24Qv1M6JJ3zFt8mmZoCeW2ycuMbJCqBkW9CBuwF+VznZvZY2MxwPipvhvEEGP//0M8YAZJ66yQPDv3PTdAP8FYbIrJyvY44vwyncwbslpfHT9jAsrbfr3vuMuWps86dnP462q+0s1TxBfqi8mzo3gdavjHKWVNwohLahLKT+tWeu6DSzQv0YwMjwtkLgF7QRgx3ctIIkloOrnx9nHH1N6y+hxEB89fOlyVDjHhgL5uVtsD5fEdT0FJ2Gc/2nShEMMqIwr1/J9kUq1mNySff/uEe65Q==
+ingotronic.ch.		300	IN	RRSIG	DNSKEY 5 2 300 20150125003700 20141226001657 17430 ingotronic.ch. mEwZjhQqeWksWD0TCnNBrtce4YkWJL3edqL6PvAUu8Fn+Ih437kEs3+pqdkgRsdYQ9HW+lBm/8pWwJlNAv0bi9NykItXMwAUFtncgq+6Pnh3iAM972GXSa5VV4LcGQ5b8CBdHCHiEKDqyPv5Hr5QfYL/FQaWlcNRh4QZZlZNPFA=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 940 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 48797
+;; flags: qr aa rd ra cd ; qd: 1 an: 0 au: 4 ad: 1 
+;; QUESTIONS:
+;;	sub.ingotronic.ch., type = MX, class = IN
+
+;; ANSWERS:
+
+;; AUTHORITY RECORDS:
+sub.ingotronic.ch.	300	IN	SOA	ns1.ingotronic.ch. admin.ingotronic.ch. 2013032794 300 60 864000 300
+sub.ingotronic.ch.	300	IN	RRSIG	SOA 5 3 300 20150201081246 20150102071246 3600 sub.ingotronic.ch. iyj09Qcj7m6Eec8MbAZiQW0sPEzTCtrulsANwrkOvg6wMTcKZt+EDaGRxdp0+6PcAURD60WP5PdKojY2qqN0th49nxA02e7d8xqlYDlD4B3svbviaf16p5AT012mFQ7JUSNQMgkj/4HznmfQtvpKjX+GHvlCBKKXbBKPFXKu77w=
+sub.ingotronic.ch.	300	IN	NSEC	alias.sub.ingotronic.ch. A NS SOA RRSIG NSEC DNSKEY
+sub.ingotronic.ch.	300	IN	RRSIG	NSEC 5 3 300 20150201075325 20150102071246 3600 sub.ingotronic.ch. Mm93ERE64aeLL7go+Dc0oamkdUWUAFe0zWDP1yYv1Zo+bVlk8WPxGdaT7soi/42qJZ27KMuYJBDgyy2GaapMbTgtLUcIwIp8fCtweVwoOSMs4jHCCmGNX6imjQR/xzx9Df0xYBYJNm3glN8qawn06tgpiG9zOqIQUcURr2E5lbo=
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 492 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 49848
+;; flags: qr rd ra ad cd ; qd: 1 an: 4 au: 0 ad: 1 
+;; QUESTIONS:
+;;	., type = DNSKEY, class = IN
+
+;; ANSWERS:
+.			87351	IN	DNSKEY	257 3 8 AwEAAagAIKlVZrpC6Ia7gEzahOR+9W29euxhJhVVLOyQbSEW0O8gcCjFFVQUTf6v58fLjwBd0YI0EzrAcQqBGCzh/RStIoO8g0NfnfL2MTJRkxoXbfDaUeVPQuYEhg37NZWAJQ9VnMVDxP/VHL496M/QZxkjf5/Efucp2gaDX6RS6CXpoY68LsvPVjR0ZSwzz1apAzvN9dlzEheX7ICJBBtuA6G3LQpzW5hOA2hzCTMjJPJ8LbqF6dsV6DoBQzgul0sGIcGOYl7OyQdXfZ57relSQageu+ipAdTTJ25AsRTAoub8ONGcLmqrAmRLKBP1dfwhYB4N7knNnulqQxA+Uk1ihz0=
+.			87351	IN	DNSKEY	256 3 8 AwEAAe3fSrbLBy3LOS7pnxEUhvPZTE2H5dIGsI/UfruI/nOEvWWa/PSX2BFedBkEqOlYdjdNF2f+6lmfk2Od/xu0v5bVqxFE+/24v3hZSlWBxvXzPTAGHrbW/IJYEPqlzVOAS4XdUgHg0N7IbLywNHMvB+Yf+Nm6ctyXXFLV4WTNnzs7
+.			87351	IN	DNSKEY	256 3 8 AwEAAaPD7Y7XIi1MOEREJNTrRhyqsY3gff6JWzg+XCbqut1sbcbvqyssHw8DT1AkRaAC92pO8xuyq5QEgEPL1IHfABLwpwXI5gTj4gdwi86bpkmlWs9fRpnn4DPDCTdrnxIejJXgClHikLJF3u3CdpNCMijq4CKdQbMlRZ3avv+G7rh7
+.			87351	IN	RRSIG	DNSKEY 8 0 172800 20150115235959 20150101000000 19036 . i8cAxD2pvQi1oAyvQxRpDfFlbqPzW+69QQEsDwE1eWOm5AtawO9U7lmsGps7sy/fVNvl1ljKBj4Djp9pb3U2FLogjiIlW0cDAkPmLlG9t+b/pjEfBNlhjANUVN06pvQVAfm+LcF26EaWT6FlISBqb6jSy4BHRa3Bdc4Sx7+pRSYSqVVvYxLkfAWsKPqGkvWhebJDndJJV9syXQXgZ+v/uJ+6XOS43xkAdeL8iBzIs/FlwMTfh3tVe3d0lb65IBBLlCzeQuetX+0Vu1YFcnD0mHc/wS2ZnAV5toAFmyVQBoY/XAZiZeaOkcROJ6Zmqezy7liwK7BqsYyAZntMhk8lbg==
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 883 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 14757
+;; flags: qr rd ra ad cd ; qd: 1 an: 2 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ch., type = DS, class = IN
+
+;; ANSWERS:
+ch.			951	IN	DS	46375 8 2 8F96646FC68BB7E4AF4C0750A6096FBC0D4ECDA3D3FA6DA06FDDB42EE50C6CF3
+ch.			951	IN	RRSIG	DS 8 1 86400 20150112170000 20150105160000 16665 . thY7xYWBBxiBjqbQIb9fAG4TmQgnziwM7q6P1T3/ITxmECdvOCQnnZA3uD7qmN8uM0HudsD7+y+zgD3rsH4RSTKdL4kHSI0OnCxToMTvklghEgFDezqIRm8NkWdI2H4Stwrj20nYKSpLQxPI2EE54gs18P3KyO8bAUYv8Qx73xU=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 238 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 38755
+;; flags: qr rd ra ad cd ; qd: 1 an: 4 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ch., type = DNSKEY, class = IN
+
+;; ANSWERS:
+ch.			952	IN	DNSKEY	256 3 8 AwEAAcsg0kY6fw1wzYMhSAKTy+Y2JzAst66P/1odp9NECJJHbU8f4nwziI3onoFSBV0ZiSZhY1aH5dhdDZ7BkrqhVXSrZPAz0CvzjIxmB1gSOf9DeZvjQvoy97HqYolxsf+B3QQv2RKBT67elF5+JisKg3/dQISelKn8LhabSoVrMlD1
+ch.			952	IN	DNSKEY	257 3 8 AwEAAb7GhhZ8IAy/AhwmSms5DeQK5ad09wIIplEpYoiAIYXPtJvT1ReFzyfTp/2YP+g/PWDwHPh4qKAHa9x0VgbIQcGAeNakmfkAdWEmCnca323/SAml3mwfaX62G7/uYWae5zh8QTxZKNd+K1yZ5x0IxnI31chSl5xymRbTEHYZDKwSIRFM3fTxUMt93WFaBVWELReYotJBr++rvAWdnlay5TPBTvheLBkaiqtgM4GP8HK07Y+86lsZnEsj5K3G1KTV5SPpa82rqYAwxG9VKbmSE/6/kBR5jJHjt1rRt5Oe7v18aEtw0YCEN4vxq+KuvMoNVqXUsE9LBwHJD+QNwi6wmB0=
+ch.			952	IN	DNSKEY	256 3 8 AwEAAcSLdT0fEmcFmLpeUkAJoeVaHKiu+nbuc43fWlqaCRVf8t2HA4uWxOk0O5ci9nrFTc8nq8oa5fk5Cj7CHh4yrX9qUCfTdIWTyp8BDEdJpS+Dyb0u9wQuVj+nQMj4fLzdQf4TJs3/qxuiLr3nL1UUwlhhXeqSqGVb7p3mtB5HJ8ad
+ch.			952	IN	RRSIG	DNSKEY 8 1 86400 20150127100909 20141212090909 46375 ch. bT8q0FWyeMH0SulNo6UdIIgZYNATwYsee2bikq2Gh339Bufma8eaqWIPYT3XKmxYPBFOw0bVl+kLZxTwbR1CFoCDXoP+qgQhh4mf9qkNiv2CDSc+0FE3FRREn+DAhYTUEuB58FPiPakFB8s8O7T+k2qhDae7jy4/y7Jl1lnjaBY8s7bzOUPhF0KKCNZmvoKwtL23ZdVeTSV1xM3jkiNnpzBKbcoSWECSGJVp1SE0BnRXdwQP41YTXFZ0310YjaTAUCC5qbMIWdEkHjfdSQtKBImnc85mkapq9w++XQ4zhauPWBtrPV3CcoCahjUaWdjrKVkibomlJZaN8MEO23CfQw==
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 893 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 45312
+;; flags: qr rd ra cd ; qd: 1 an: 3 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ingotronic.ch., type = DS, class = IN
+
+;; ANSWERS:
+ingotronic.ch.		3560	IN	DS	6031 5 1 733D0218B571CD617B1A7493564B9FC4F12ADE82
+ingotronic.ch.		3560	IN	DS	6031 5 2 4A948F2FDADA24686E473EDAC00DCF972584C75E3FAA92C2021B6221449FF87E
+ingotronic.ch.		3560	IN	RRSIG	DS 8 2 3600 20150129033614 20150105123019 60789 ch. rVPJP2HhzW7OkroK2axFj5Lb4iVWCH8Fp/Iq1rF952NDo72b8RiKje2RaAKJAGQ+wd0YgE+PAej04GCmkhlDJA/zvPeeTxuhy3HbJzReMlQ7fjyH+wW1hli+FuIYvogXWf7nO/9VyPORt8X/f/pjrOr3Vlj9sGLN8TGYpEuVSw4=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 288 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 36026
+;; flags: qr aa rd ra cd ; qd: 1 an: 4 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ingotronic.ch., type = DNSKEY, class = IN
+
+;; ANSWERS:
+ingotronic.ch.		300	IN	DNSKEY	256 3 5 AwEAAZ2Xh77GFzpEDx7EHYxShqltHgkiG+BOjBGifEmnJhQSdE5/yNSLFNcdhZZ8HUPxYnaedTqJcFFg4AzUsQklF/fECegTJdZjaj2WoL0/I8K7HMfY/hVuRZUWPNglYi8agJRX6gdkFTCpUNI7stpgKqxtzUJhhw15uG/lKMplwqUr
+ingotronic.ch.		300	IN	DNSKEY	257 3 5 AwEAAeA1vzmjaB+eBAcvhzpKEgAEFpvQ1rg4uKDW6MsQtacKoqBpgyep2+LuWotz5p/xYxj3NGsArwN8Ad5cY0FHRr8miTT0elOv6nvlqGIfRuhj/BXAQ1x4ihpSFslHw0lJMYFwxsUZWpUyjWX/nv1xRZMMwF46gui0N4OEbyTYusCk77D+A71k+K0EAitFIbIH4GCUKmH1H7HmXhSVH9bN/n7KEGwW32lmsuuUcJoRKDkcUvbMXY/9Xoa2quERrUg/rBbDUHowRPjYDS5GzY1+f4YY8s40BufGiqyUTKKXL953MVFK8gmezXA0hbmrnZ7CBOw/7238mORAdzExaX8n7CE=
+ingotronic.ch.		300	IN	RRSIG	DNSKEY 5 2 300 20150125003700 20141226001657 6031 ingotronic.ch. rs1QlP2SlSpA2ELbzwg3DgWLzXWL3Lpv6CUJE2Q0qH2Zp7Qdy3cD+ZEtNh9v24Qv1M6JJ3zFt8mmZoCeW2ycuMbJCqBkW9CBuwF+VznZvZY2MxwPipvhvEEGP//0M8YAZJ66yQPDv3PTdAP8FYbIrJyvY44vwyncwbslpfHT9jAsrbfr3vuMuWps86dnP462q+0s1TxBfqi8mzo3gdavjHKWVNwohLahLKT+tWeu6DSzQv0YwMjwtkLgF7QRgx3ctIIkloOrnx9nHH1N6y+hxEB89fOlyVDjHhgL5uVtsD5fEdT0FJ2Gc/2nShEMMqIwr1/J9kUq1mNySff/uEe65Q==
+ingotronic.ch.		300	IN	RRSIG	DNSKEY 5 2 300 20150125003700 20141226001657 17430 ingotronic.ch. mEwZjhQqeWksWD0TCnNBrtce4YkWJL3edqL6PvAUu8Fn+Ih437kEs3+pqdkgRsdYQ9HW+lBm/8pWwJlNAv0bi9NykItXMwAUFtncgq+6Pnh3iAM972GXSa5VV4LcGQ5b8CBdHCHiEKDqyPv5Hr5QfYL/FQaWlcNRh4QZZlZNPFA=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 940 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 55654
+;; flags: qr aa rd ra cd ; qd: 1 an: 3 au: 0 ad: 1 
+;; QUESTIONS:
+;;	sub.ingotronic.ch., type = DS, class = IN
+
+;; ANSWERS:
+sub.ingotronic.ch.	300	IN	DS	42976 5 2 C54339C4B4EAACF8643D8FAE6C57836F8207F8D82088F1C51AF100123D2A42EF
+sub.ingotronic.ch.	300	IN	DS	42976 5 1 E638863370B9DE424C31CA03B99CCED96027B88C
+sub.ingotronic.ch.	300	IN	RRSIG	DS 5 3 300 20150125004144 20141226003211 17430 ingotronic.ch. m1gkZjYlA6aeCibofiRybFhOLgRvP+UG5nzWjH4yfzjPnfODRqo8TkEbRc1wUS1etARSq9TrsCjlWSKdn3JBdQfi0uGa27lLproj6oHi1+enh+OKIjFRxScP1bPPcbCALRFOeIp9JA1TEAGsyn+pWSwRF/wpEfrTTbOj94tsxX0=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 303 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 7891
+;; flags: qr aa rd ra cd ; qd: 1 an: 4 au: 0 ad: 1 
+;; QUESTIONS:
+;;	sub.ingotronic.ch., type = DNSKEY, class = IN
+
+;; ANSWERS:
+sub.ingotronic.ch.	300	IN	DNSKEY	257 3 5 AwEAAbVAfHflzOy0uICze0QDBfbrZrU1UN1LNc5D987u8qhP9Vz2pd4yb3rSLOuH9hG7ouAkI63qmtmq6TP71jRXyHr4F9/ZbD3hzhCkyXdo+KaPO70VXWtdIZUom5WuA92pzTB/WuiaWJ217SUeRXU9e4NwrpbDINd6sXcb+sBEFDRt0d/VbwAxa7vo8fl5qOmr/PzD7FoKFTnTWTfUduRsHMdlyYY+j8JfikDdTdeRuYuHzUCO3q3BcUEHrBnKE87JtEM0TQnDSe9OaLFxYARq+LMdHY2P/OZP8nWStSnB8d3E7Sc/FEOQZ9xKkmh1japxgoStjcnBKvz53DmwIXcvcRc=
+sub.ingotronic.ch.	300	IN	DNSKEY	256 3 5 AwEAAcsnnxVGj8qUAxBox/LKOrpdJG0S8Zfn/mMl+f52Odke62Et5blo+jrbXiOWa6+AlASOMYprqpaZ32b16UvtsuqruErqwy+M427TVTmG6LXEDe7rCNrJF0tIesQpwkA8WjlTRE2bcVHTwARL//smGhTlE9WTPAQGDdXyTUWYr1rX
+sub.ingotronic.ch.	300	IN	RRSIG	DNSKEY 5 3 300 20150131230442 20150101222529 3600 sub.ingotronic.ch. mPYA7Wo+MdzLLleV32ZvynRVzdnL97XgGqzeUPiI7LSXfaSEOtpoE3GeosbLIjGmZ42wLTYOXWm4YS/Mb9ctQGuNPQRMgQbVPkv/aOO6tX+Vqq1XJkKgdb7dRdvvs4jzjIOH/a++OpUy0EBKKioAkwKCrcTNqLkRQ0IkTyoaaCA=
+sub.ingotronic.ch.	300	IN	RRSIG	DNSKEY 5 3 300 20150131230442 20150101222529 42976 sub.ingotronic.ch. Z2/JMubvx8hgfIzmvmXVSfe/qCbZZ3XlJsj3ZrAa8+izrRODKYrGVOtJ+ONPOwid6NQN40yizJoxNFfvkDDqUiZJO6vpb9FmStj034RD1hfC/7qsLoCdOLkLoQwrQDoYTIwLywpsduCW83JzbGBzzCkC9+aoFPVXIkcGUqoQCdYB5OXzF9/2uWq8tD7AQ6t5MzPeMJC+VcNOjqBPRkunl27yUreNt1Nb65C38S72DAJNzAZIZqj1A8jZ6tk0fdixmZ+KWelP8S9SW2TpeGxwJ4kbHJJ+vSo7dkqRtnIYv4GPW6Xp3GH1oErTMGeqp9mquQ6n6jWP6ejlwc6puMxjNQ==
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 952 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 41767
+;; flags: qr rd ra ad cd ; qd: 1 an: 4 au: 0 ad: 1 
+;; QUESTIONS:
+;;	., type = DNSKEY, class = IN
+
+;; ANSWERS:
+.			87351	IN	DNSKEY	257 3 8 AwEAAagAIKlVZrpC6Ia7gEzahOR+9W29euxhJhVVLOyQbSEW0O8gcCjFFVQUTf6v58fLjwBd0YI0EzrAcQqBGCzh/RStIoO8g0NfnfL2MTJRkxoXbfDaUeVPQuYEhg37NZWAJQ9VnMVDxP/VHL496M/QZxkjf5/Efucp2gaDX6RS6CXpoY68LsvPVjR0ZSwzz1apAzvN9dlzEheX7ICJBBtuA6G3LQpzW5hOA2hzCTMjJPJ8LbqF6dsV6DoBQzgul0sGIcGOYl7OyQdXfZ57relSQageu+ipAdTTJ25AsRTAoub8ONGcLmqrAmRLKBP1dfwhYB4N7knNnulqQxA+Uk1ihz0=
+.			87351	IN	DNSKEY	256 3 8 AwEAAe3fSrbLBy3LOS7pnxEUhvPZTE2H5dIGsI/UfruI/nOEvWWa/PSX2BFedBkEqOlYdjdNF2f+6lmfk2Od/xu0v5bVqxFE+/24v3hZSlWBxvXzPTAGHrbW/IJYEPqlzVOAS4XdUgHg0N7IbLywNHMvB+Yf+Nm6ctyXXFLV4WTNnzs7
+.			87351	IN	DNSKEY	256 3 8 AwEAAaPD7Y7XIi1MOEREJNTrRhyqsY3gff6JWzg+XCbqut1sbcbvqyssHw8DT1AkRaAC92pO8xuyq5QEgEPL1IHfABLwpwXI5gTj4gdwi86bpkmlWs9fRpnn4DPDCTdrnxIejJXgClHikLJF3u3CdpNCMijq4CKdQbMlRZ3avv+G7rh7
+.			87351	IN	RRSIG	DNSKEY 8 0 172800 20150115235959 20150101000000 19036 . i8cAxD2pvQi1oAyvQxRpDfFlbqPzW+69QQEsDwE1eWOm5AtawO9U7lmsGps7sy/fVNvl1ljKBj4Djp9pb3U2FLogjiIlW0cDAkPmLlG9t+b/pjEfBNlhjANUVN06pvQVAfm+LcF26EaWT6FlISBqb6jSy4BHRa3Bdc4Sx7+pRSYSqVVvYxLkfAWsKPqGkvWhebJDndJJV9syXQXgZ+v/uJ+6XOS43xkAdeL8iBzIs/FlwMTfh3tVe3d0lb65IBBLlCzeQuetX+0Vu1YFcnD0mHc/wS2ZnAV5toAFmyVQBoY/XAZiZeaOkcROJ6Zmqezy7liwK7BqsYyAZntMhk8lbg==
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 883 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 49409
+;; flags: qr rd ra ad cd ; qd: 1 an: 2 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ch., type = DS, class = IN
+
+;; ANSWERS:
+ch.			951	IN	DS	46375 8 2 8F96646FC68BB7E4AF4C0750A6096FBC0D4ECDA3D3FA6DA06FDDB42EE50C6CF3
+ch.			951	IN	RRSIG	DS 8 1 86400 20150112170000 20150105160000 16665 . thY7xYWBBxiBjqbQIb9fAG4TmQgnziwM7q6P1T3/ITxmECdvOCQnnZA3uD7qmN8uM0HudsD7+y+zgD3rsH4RSTKdL4kHSI0OnCxToMTvklghEgFDezqIRm8NkWdI2H4Stwrj20nYKSpLQxPI2EE54gs18P3KyO8bAUYv8Qx73xU=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 238 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 35186
+;; flags: qr rd ra ad cd ; qd: 1 an: 4 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ch., type = DNSKEY, class = IN
+
+;; ANSWERS:
+ch.			951	IN	DNSKEY	257 3 8 AwEAAb7GhhZ8IAy/AhwmSms5DeQK5ad09wIIplEpYoiAIYXPtJvT1ReFzyfTp/2YP+g/PWDwHPh4qKAHa9x0VgbIQcGAeNakmfkAdWEmCnca323/SAml3mwfaX62G7/uYWae5zh8QTxZKNd+K1yZ5x0IxnI31chSl5xymRbTEHYZDKwSIRFM3fTxUMt93WFaBVWELReYotJBr++rvAWdnlay5TPBTvheLBkaiqtgM4GP8HK07Y+86lsZnEsj5K3G1KTV5SPpa82rqYAwxG9VKbmSE/6/kBR5jJHjt1rRt5Oe7v18aEtw0YCEN4vxq+KuvMoNVqXUsE9LBwHJD+QNwi6wmB0=
+ch.			951	IN	DNSKEY	256 3 8 AwEAAcSLdT0fEmcFmLpeUkAJoeVaHKiu+nbuc43fWlqaCRVf8t2HA4uWxOk0O5ci9nrFTc8nq8oa5fk5Cj7CHh4yrX9qUCfTdIWTyp8BDEdJpS+Dyb0u9wQuVj+nQMj4fLzdQf4TJs3/qxuiLr3nL1UUwlhhXeqSqGVb7p3mtB5HJ8ad
+ch.			951	IN	DNSKEY	256 3 8 AwEAAcsg0kY6fw1wzYMhSAKTy+Y2JzAst66P/1odp9NECJJHbU8f4nwziI3onoFSBV0ZiSZhY1aH5dhdDZ7BkrqhVXSrZPAz0CvzjIxmB1gSOf9DeZvjQvoy97HqYolxsf+B3QQv2RKBT67elF5+JisKg3/dQISelKn8LhabSoVrMlD1
+ch.			951	IN	RRSIG	DNSKEY 8 1 86400 20150127100909 20141212090909 46375 ch. bT8q0FWyeMH0SulNo6UdIIgZYNATwYsee2bikq2Gh339Bufma8eaqWIPYT3XKmxYPBFOw0bVl+kLZxTwbR1CFoCDXoP+qgQhh4mf9qkNiv2CDSc+0FE3FRREn+DAhYTUEuB58FPiPakFB8s8O7T+k2qhDae7jy4/y7Jl1lnjaBY8s7bzOUPhF0KKCNZmvoKwtL23ZdVeTSV1xM3jkiNnpzBKbcoSWECSGJVp1SE0BnRXdwQP41YTXFZ0310YjaTAUCC5qbMIWdEkHjfdSQtKBImnc85mkapq9w++XQ4zhauPWBtrPV3CcoCahjUaWdjrKVkibomlJZaN8MEO23CfQw==
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 893 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 23542
+;; flags: qr rd ra cd ; qd: 1 an: 3 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ingotronic.ch., type = DS, class = IN
+
+;; ANSWERS:
+ingotronic.ch.		3559	IN	DS	6031 5 1 733D0218B571CD617B1A7493564B9FC4F12ADE82
+ingotronic.ch.		3559	IN	DS	6031 5 2 4A948F2FDADA24686E473EDAC00DCF972584C75E3FAA92C2021B6221449FF87E
+ingotronic.ch.		3559	IN	RRSIG	DS 8 2 3600 20150129033614 20150105123019 60789 ch. rVPJP2HhzW7OkroK2axFj5Lb4iVWCH8Fp/Iq1rF952NDo72b8RiKje2RaAKJAGQ+wd0YgE+PAej04GCmkhlDJA/zvPeeTxuhy3HbJzReMlQ7fjyH+wW1hli+FuIYvogXWf7nO/9VyPORt8X/f/pjrOr3Vlj9sGLN8TGYpEuVSw4=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 288 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 19631
+;; flags: qr aa rd ra cd ; qd: 1 an: 4 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ingotronic.ch., type = DNSKEY, class = IN
+
+;; ANSWERS:
+ingotronic.ch.		300	IN	DNSKEY	256 3 5 AwEAAZ2Xh77GFzpEDx7EHYxShqltHgkiG+BOjBGifEmnJhQSdE5/yNSLFNcdhZZ8HUPxYnaedTqJcFFg4AzUsQklF/fECegTJdZjaj2WoL0/I8K7HMfY/hVuRZUWPNglYi8agJRX6gdkFTCpUNI7stpgKqxtzUJhhw15uG/lKMplwqUr
+ingotronic.ch.		300	IN	DNSKEY	257 3 5 AwEAAeA1vzmjaB+eBAcvhzpKEgAEFpvQ1rg4uKDW6MsQtacKoqBpgyep2+LuWotz5p/xYxj3NGsArwN8Ad5cY0FHRr8miTT0elOv6nvlqGIfRuhj/BXAQ1x4ihpSFslHw0lJMYFwxsUZWpUyjWX/nv1xRZMMwF46gui0N4OEbyTYusCk77D+A71k+K0EAitFIbIH4GCUKmH1H7HmXhSVH9bN/n7KEGwW32lmsuuUcJoRKDkcUvbMXY/9Xoa2quERrUg/rBbDUHowRPjYDS5GzY1+f4YY8s40BufGiqyUTKKXL953MVFK8gmezXA0hbmrnZ7CBOw/7238mORAdzExaX8n7CE=
+ingotronic.ch.		300	IN	RRSIG	DNSKEY 5 2 300 20150125003700 20141226001657 6031 ingotronic.ch. rs1QlP2SlSpA2ELbzwg3DgWLzXWL3Lpv6CUJE2Q0qH2Zp7Qdy3cD+ZEtNh9v24Qv1M6JJ3zFt8mmZoCeW2ycuMbJCqBkW9CBuwF+VznZvZY2MxwPipvhvEEGP//0M8YAZJ66yQPDv3PTdAP8FYbIrJyvY44vwyncwbslpfHT9jAsrbfr3vuMuWps86dnP462q+0s1TxBfqi8mzo3gdavjHKWVNwohLahLKT+tWeu6DSzQv0YwMjwtkLgF7QRgx3ctIIkloOrnx9nHH1N6y+hxEB89fOlyVDjHhgL5uVtsD5fEdT0FJ2Gc/2nShEMMqIwr1/J9kUq1mNySff/uEe65Q==
+ingotronic.ch.		300	IN	RRSIG	DNSKEY 5 2 300 20150125003700 20141226001657 17430 ingotronic.ch. mEwZjhQqeWksWD0TCnNBrtce4YkWJL3edqL6PvAUu8Fn+Ih437kEs3+pqdkgRsdYQ9HW+lBm/8pWwJlNAv0bi9NykItXMwAUFtncgq+6Pnh3iAM972GXSa5VV4LcGQ5b8CBdHCHiEKDqyPv5Hr5QfYL/FQaWlcNRh4QZZlZNPFA=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 940 bytes
+
+###############################################
+
diff --git a/src/test/resources/recordings/org_xbill_DNS_dnssec_TestValUtils/testNoDataWhenWcNsecIsForDifferentName b/src/test/resources/recordings/org_xbill_DNS_dnssec_TestValUtils/testNoDataWhenWcNsecIsForDifferentName
new file mode 100644
index 000000000..f7d3a99d9
--- /dev/null
+++ b/src/test/resources/recordings/org_xbill_DNS_dnssec_TestValUtils/testNoDataWhenWcNsecIsForDifferentName
@@ -0,0 +1,217 @@
+#Date: 2015-01-06T22:35:19+01:00
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 53349
+;; flags: qr aa rd ra cd ; qd: 1 an: 2 au: 2 ad: 3 
+;; QUESTIONS:
+;;	*.c.ingotronic.ch., type = NSEC, class = IN
+
+;; ANSWERS:
+*.c.ingotronic.ch.	300	IN	NSEC	cfailed.ingotronic.ch. A RRSIG NSEC
+*.c.ingotronic.ch.	300	IN	RRSIG	NSEC 5 3 300 20150125000532 20141225234703 17430 ingotronic.ch. Lf7FP3WsqHc3SUznxjp367ehSI5mcUE7OzvHQj68BfC77FPylpt3YLtyirEZVjVKPjQ6maarQakizn6u7KFf1jFr2kGpS1rZCvyfAxGX6wwIZK/Wf0lfhP0IquQd+kX2OlmRbbemFI/lFG72NAcB+19t8tcwV5k6ADkxC2L6o/4=
+
+;; AUTHORITY RECORDS:
+ingotronic.ch.		300	IN	NS	ns1.ingotronic.ch.
+ingotronic.ch.		300	IN	RRSIG	NS 5 2 300 20150125000532 20141225234703 17430 ingotronic.ch. VuzVJM3McSHlcdngCG/G23zCikq8tXE0CZV2ZSgUFXXFMIEoM6PMi1QRQ/8VF3tee4WGpRx2jhtkui0wFRFfwIhW7G1uPDT4qogaR3KLIyuCEsMxhRH3WJZNrLmLqlSBGvd9OBJwbmryqm3Zzqvrk+E+rh8OJeifnBBpHAX4eHg=
+
+;; ADDITIONAL RECORDS:
+ns1.ingotronic.ch.	300	IN	A	62.192.5.131
+ns1.ingotronic.ch.	300	IN	RRSIG	A 5 3 300 20150125005754 20141226001054 17430 ingotronic.ch. fNG1RZM53pXwBxruHNaSZszxVzNLoCq8VZsTjAzYH2vSLzHXYVGJFTLIeY0K9APAdyJU8WuwmABmn7XY0Kg39kRG77uoFlqUws2PdTz2QKOwJGZY7W88Ak2Y9lkDBcK8o3wJHVptrT8R7p/1U7UfjF0kqPUkakk2B0EbFWdagFg=
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 642 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 28003
+;; flags: qr rd ra ad cd ; qd: 1 an: 4 au: 0 ad: 1 
+;; QUESTIONS:
+;;	., type = DNSKEY, class = IN
+
+;; ANSWERS:
+.			87354	IN	DNSKEY	257 3 8 AwEAAagAIKlVZrpC6Ia7gEzahOR+9W29euxhJhVVLOyQbSEW0O8gcCjFFVQUTf6v58fLjwBd0YI0EzrAcQqBGCzh/RStIoO8g0NfnfL2MTJRkxoXbfDaUeVPQuYEhg37NZWAJQ9VnMVDxP/VHL496M/QZxkjf5/Efucp2gaDX6RS6CXpoY68LsvPVjR0ZSwzz1apAzvN9dlzEheX7ICJBBtuA6G3LQpzW5hOA2hzCTMjJPJ8LbqF6dsV6DoBQzgul0sGIcGOYl7OyQdXfZ57relSQageu+ipAdTTJ25AsRTAoub8ONGcLmqrAmRLKBP1dfwhYB4N7knNnulqQxA+Uk1ihz0=
+.			87354	IN	DNSKEY	256 3 8 AwEAAaPD7Y7XIi1MOEREJNTrRhyqsY3gff6JWzg+XCbqut1sbcbvqyssHw8DT1AkRaAC92pO8xuyq5QEgEPL1IHfABLwpwXI5gTj4gdwi86bpkmlWs9fRpnn4DPDCTdrnxIejJXgClHikLJF3u3CdpNCMijq4CKdQbMlRZ3avv+G7rh7
+.			87354	IN	DNSKEY	256 3 8 AwEAAe3fSrbLBy3LOS7pnxEUhvPZTE2H5dIGsI/UfruI/nOEvWWa/PSX2BFedBkEqOlYdjdNF2f+6lmfk2Od/xu0v5bVqxFE+/24v3hZSlWBxvXzPTAGHrbW/IJYEPqlzVOAS4XdUgHg0N7IbLywNHMvB+Yf+Nm6ctyXXFLV4WTNnzs7
+.			87354	IN	RRSIG	DNSKEY 8 0 172800 20150115235959 20150101000000 19036 . i8cAxD2pvQi1oAyvQxRpDfFlbqPzW+69QQEsDwE1eWOm5AtawO9U7lmsGps7sy/fVNvl1ljKBj4Djp9pb3U2FLogjiIlW0cDAkPmLlG9t+b/pjEfBNlhjANUVN06pvQVAfm+LcF26EaWT6FlISBqb6jSy4BHRa3Bdc4Sx7+pRSYSqVVvYxLkfAWsKPqGkvWhebJDndJJV9syXQXgZ+v/uJ+6XOS43xkAdeL8iBzIs/FlwMTfh3tVe3d0lb65IBBLlCzeQuetX+0Vu1YFcnD0mHc/wS2ZnAV5toAFmyVQBoY/XAZiZeaOkcROJ6Zmqezy7liwK7BqsYyAZntMhk8lbg==
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 883 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 3842
+;; flags: qr rd ra ad cd ; qd: 1 an: 2 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ch., type = DS, class = IN
+
+;; ANSWERS:
+ch.			954	IN	DS	46375 8 2 8F96646FC68BB7E4AF4C0750A6096FBC0D4ECDA3D3FA6DA06FDDB42EE50C6CF3
+ch.			954	IN	RRSIG	DS 8 1 86400 20150112170000 20150105160000 16665 . thY7xYWBBxiBjqbQIb9fAG4TmQgnziwM7q6P1T3/ITxmECdvOCQnnZA3uD7qmN8uM0HudsD7+y+zgD3rsH4RSTKdL4kHSI0OnCxToMTvklghEgFDezqIRm8NkWdI2H4Stwrj20nYKSpLQxPI2EE54gs18P3KyO8bAUYv8Qx73xU=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 238 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 64566
+;; flags: qr rd ra ad cd ; qd: 1 an: 4 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ch., type = DNSKEY, class = IN
+
+;; ANSWERS:
+ch.			955	IN	DNSKEY	256 3 8 AwEAAcsg0kY6fw1wzYMhSAKTy+Y2JzAst66P/1odp9NECJJHbU8f4nwziI3onoFSBV0ZiSZhY1aH5dhdDZ7BkrqhVXSrZPAz0CvzjIxmB1gSOf9DeZvjQvoy97HqYolxsf+B3QQv2RKBT67elF5+JisKg3/dQISelKn8LhabSoVrMlD1
+ch.			955	IN	DNSKEY	257 3 8 AwEAAb7GhhZ8IAy/AhwmSms5DeQK5ad09wIIplEpYoiAIYXPtJvT1ReFzyfTp/2YP+g/PWDwHPh4qKAHa9x0VgbIQcGAeNakmfkAdWEmCnca323/SAml3mwfaX62G7/uYWae5zh8QTxZKNd+K1yZ5x0IxnI31chSl5xymRbTEHYZDKwSIRFM3fTxUMt93WFaBVWELReYotJBr++rvAWdnlay5TPBTvheLBkaiqtgM4GP8HK07Y+86lsZnEsj5K3G1KTV5SPpa82rqYAwxG9VKbmSE/6/kBR5jJHjt1rRt5Oe7v18aEtw0YCEN4vxq+KuvMoNVqXUsE9LBwHJD+QNwi6wmB0=
+ch.			955	IN	DNSKEY	256 3 8 AwEAAcSLdT0fEmcFmLpeUkAJoeVaHKiu+nbuc43fWlqaCRVf8t2HA4uWxOk0O5ci9nrFTc8nq8oa5fk5Cj7CHh4yrX9qUCfTdIWTyp8BDEdJpS+Dyb0u9wQuVj+nQMj4fLzdQf4TJs3/qxuiLr3nL1UUwlhhXeqSqGVb7p3mtB5HJ8ad
+ch.			955	IN	RRSIG	DNSKEY 8 1 86400 20150127100909 20141212090909 46375 ch. bT8q0FWyeMH0SulNo6UdIIgZYNATwYsee2bikq2Gh339Bufma8eaqWIPYT3XKmxYPBFOw0bVl+kLZxTwbR1CFoCDXoP+qgQhh4mf9qkNiv2CDSc+0FE3FRREn+DAhYTUEuB58FPiPakFB8s8O7T+k2qhDae7jy4/y7Jl1lnjaBY8s7bzOUPhF0KKCNZmvoKwtL23ZdVeTSV1xM3jkiNnpzBKbcoSWECSGJVp1SE0BnRXdwQP41YTXFZ0310YjaTAUCC5qbMIWdEkHjfdSQtKBImnc85mkapq9w++XQ4zhauPWBtrPV3CcoCahjUaWdjrKVkibomlJZaN8MEO23CfQw==
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 893 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 53409
+;; flags: qr rd ra cd ; qd: 1 an: 3 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ingotronic.ch., type = DS, class = IN
+
+;; ANSWERS:
+ingotronic.ch.		3563	IN	DS	6031 5 2 4A948F2FDADA24686E473EDAC00DCF972584C75E3FAA92C2021B6221449FF87E
+ingotronic.ch.		3563	IN	DS	6031 5 1 733D0218B571CD617B1A7493564B9FC4F12ADE82
+ingotronic.ch.		3563	IN	RRSIG	DS 8 2 3600 20150129033614 20150105123019 60789 ch. rVPJP2HhzW7OkroK2axFj5Lb4iVWCH8Fp/Iq1rF952NDo72b8RiKje2RaAKJAGQ+wd0YgE+PAej04GCmkhlDJA/zvPeeTxuhy3HbJzReMlQ7fjyH+wW1hli+FuIYvogXWf7nO/9VyPORt8X/f/pjrOr3Vlj9sGLN8TGYpEuVSw4=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 288 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 18388
+;; flags: qr aa rd ra cd ; qd: 1 an: 4 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ingotronic.ch., type = DNSKEY, class = IN
+
+;; ANSWERS:
+ingotronic.ch.		300	IN	DNSKEY	257 3 5 AwEAAeA1vzmjaB+eBAcvhzpKEgAEFpvQ1rg4uKDW6MsQtacKoqBpgyep2+LuWotz5p/xYxj3NGsArwN8Ad5cY0FHRr8miTT0elOv6nvlqGIfRuhj/BXAQ1x4ihpSFslHw0lJMYFwxsUZWpUyjWX/nv1xRZMMwF46gui0N4OEbyTYusCk77D+A71k+K0EAitFIbIH4GCUKmH1H7HmXhSVH9bN/n7KEGwW32lmsuuUcJoRKDkcUvbMXY/9Xoa2quERrUg/rBbDUHowRPjYDS5GzY1+f4YY8s40BufGiqyUTKKXL953MVFK8gmezXA0hbmrnZ7CBOw/7238mORAdzExaX8n7CE=
+ingotronic.ch.		300	IN	DNSKEY	256 3 5 AwEAAZ2Xh77GFzpEDx7EHYxShqltHgkiG+BOjBGifEmnJhQSdE5/yNSLFNcdhZZ8HUPxYnaedTqJcFFg4AzUsQklF/fECegTJdZjaj2WoL0/I8K7HMfY/hVuRZUWPNglYi8agJRX6gdkFTCpUNI7stpgKqxtzUJhhw15uG/lKMplwqUr
+ingotronic.ch.		300	IN	RRSIG	DNSKEY 5 2 300 20150125003700 20141226001657 6031 ingotronic.ch. rs1QlP2SlSpA2ELbzwg3DgWLzXWL3Lpv6CUJE2Q0qH2Zp7Qdy3cD+ZEtNh9v24Qv1M6JJ3zFt8mmZoCeW2ycuMbJCqBkW9CBuwF+VznZvZY2MxwPipvhvEEGP//0M8YAZJ66yQPDv3PTdAP8FYbIrJyvY44vwyncwbslpfHT9jAsrbfr3vuMuWps86dnP462q+0s1TxBfqi8mzo3gdavjHKWVNwohLahLKT+tWeu6DSzQv0YwMjwtkLgF7QRgx3ctIIkloOrnx9nHH1N6y+hxEB89fOlyVDjHhgL5uVtsD5fEdT0FJ2Gc/2nShEMMqIwr1/J9kUq1mNySff/uEe65Q==
+ingotronic.ch.		300	IN	RRSIG	DNSKEY 5 2 300 20150125003700 20141226001657 17430 ingotronic.ch. mEwZjhQqeWksWD0TCnNBrtce4YkWJL3edqL6PvAUu8Fn+Ih437kEs3+pqdkgRsdYQ9HW+lBm/8pWwJlNAv0bi9NykItXMwAUFtncgq+6Pnh3iAM972GXSa5VV4LcGQ5b8CBdHCHiEKDqyPv5Hr5QfYL/FQaWlcNRh4QZZlZNPFA=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 940 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 40922
+;; flags: qr rd ra ad cd ; qd: 1 an: 4 au: 0 ad: 1 
+;; QUESTIONS:
+;;	., type = DNSKEY, class = IN
+
+;; ANSWERS:
+.			87354	IN	DNSKEY	256 3 8 AwEAAe3fSrbLBy3LOS7pnxEUhvPZTE2H5dIGsI/UfruI/nOEvWWa/PSX2BFedBkEqOlYdjdNF2f+6lmfk2Od/xu0v5bVqxFE+/24v3hZSlWBxvXzPTAGHrbW/IJYEPqlzVOAS4XdUgHg0N7IbLywNHMvB+Yf+Nm6ctyXXFLV4WTNnzs7
+.			87354	IN	DNSKEY	257 3 8 AwEAAagAIKlVZrpC6Ia7gEzahOR+9W29euxhJhVVLOyQbSEW0O8gcCjFFVQUTf6v58fLjwBd0YI0EzrAcQqBGCzh/RStIoO8g0NfnfL2MTJRkxoXbfDaUeVPQuYEhg37NZWAJQ9VnMVDxP/VHL496M/QZxkjf5/Efucp2gaDX6RS6CXpoY68LsvPVjR0ZSwzz1apAzvN9dlzEheX7ICJBBtuA6G3LQpzW5hOA2hzCTMjJPJ8LbqF6dsV6DoBQzgul0sGIcGOYl7OyQdXfZ57relSQageu+ipAdTTJ25AsRTAoub8ONGcLmqrAmRLKBP1dfwhYB4N7knNnulqQxA+Uk1ihz0=
+.			87354	IN	DNSKEY	256 3 8 AwEAAaPD7Y7XIi1MOEREJNTrRhyqsY3gff6JWzg+XCbqut1sbcbvqyssHw8DT1AkRaAC92pO8xuyq5QEgEPL1IHfABLwpwXI5gTj4gdwi86bpkmlWs9fRpnn4DPDCTdrnxIejJXgClHikLJF3u3CdpNCMijq4CKdQbMlRZ3avv+G7rh7
+.			87354	IN	RRSIG	DNSKEY 8 0 172800 20150115235959 20150101000000 19036 . i8cAxD2pvQi1oAyvQxRpDfFlbqPzW+69QQEsDwE1eWOm5AtawO9U7lmsGps7sy/fVNvl1ljKBj4Djp9pb3U2FLogjiIlW0cDAkPmLlG9t+b/pjEfBNlhjANUVN06pvQVAfm+LcF26EaWT6FlISBqb6jSy4BHRa3Bdc4Sx7+pRSYSqVVvYxLkfAWsKPqGkvWhebJDndJJV9syXQXgZ+v/uJ+6XOS43xkAdeL8iBzIs/FlwMTfh3tVe3d0lb65IBBLlCzeQuetX+0Vu1YFcnD0mHc/wS2ZnAV5toAFmyVQBoY/XAZiZeaOkcROJ6Zmqezy7liwK7BqsYyAZntMhk8lbg==
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 883 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 2222
+;; flags: qr rd ra ad cd ; qd: 1 an: 2 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ch., type = DS, class = IN
+
+;; ANSWERS:
+ch.			954	IN	DS	46375 8 2 8F96646FC68BB7E4AF4C0750A6096FBC0D4ECDA3D3FA6DA06FDDB42EE50C6CF3
+ch.			954	IN	RRSIG	DS 8 1 86400 20150112170000 20150105160000 16665 . thY7xYWBBxiBjqbQIb9fAG4TmQgnziwM7q6P1T3/ITxmECdvOCQnnZA3uD7qmN8uM0HudsD7+y+zgD3rsH4RSTKdL4kHSI0OnCxToMTvklghEgFDezqIRm8NkWdI2H4Stwrj20nYKSpLQxPI2EE54gs18P3KyO8bAUYv8Qx73xU=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 238 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 2371
+;; flags: qr rd ra ad cd ; qd: 1 an: 4 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ch., type = DNSKEY, class = IN
+
+;; ANSWERS:
+ch.			955	IN	DNSKEY	256 3 8 AwEAAcsg0kY6fw1wzYMhSAKTy+Y2JzAst66P/1odp9NECJJHbU8f4nwziI3onoFSBV0ZiSZhY1aH5dhdDZ7BkrqhVXSrZPAz0CvzjIxmB1gSOf9DeZvjQvoy97HqYolxsf+B3QQv2RKBT67elF5+JisKg3/dQISelKn8LhabSoVrMlD1
+ch.			955	IN	DNSKEY	256 3 8 AwEAAcSLdT0fEmcFmLpeUkAJoeVaHKiu+nbuc43fWlqaCRVf8t2HA4uWxOk0O5ci9nrFTc8nq8oa5fk5Cj7CHh4yrX9qUCfTdIWTyp8BDEdJpS+Dyb0u9wQuVj+nQMj4fLzdQf4TJs3/qxuiLr3nL1UUwlhhXeqSqGVb7p3mtB5HJ8ad
+ch.			955	IN	DNSKEY	257 3 8 AwEAAb7GhhZ8IAy/AhwmSms5DeQK5ad09wIIplEpYoiAIYXPtJvT1ReFzyfTp/2YP+g/PWDwHPh4qKAHa9x0VgbIQcGAeNakmfkAdWEmCnca323/SAml3mwfaX62G7/uYWae5zh8QTxZKNd+K1yZ5x0IxnI31chSl5xymRbTEHYZDKwSIRFM3fTxUMt93WFaBVWELReYotJBr++rvAWdnlay5TPBTvheLBkaiqtgM4GP8HK07Y+86lsZnEsj5K3G1KTV5SPpa82rqYAwxG9VKbmSE/6/kBR5jJHjt1rRt5Oe7v18aEtw0YCEN4vxq+KuvMoNVqXUsE9LBwHJD+QNwi6wmB0=
+ch.			955	IN	RRSIG	DNSKEY 8 1 86400 20150127100909 20141212090909 46375 ch. bT8q0FWyeMH0SulNo6UdIIgZYNATwYsee2bikq2Gh339Bufma8eaqWIPYT3XKmxYPBFOw0bVl+kLZxTwbR1CFoCDXoP+qgQhh4mf9qkNiv2CDSc+0FE3FRREn+DAhYTUEuB58FPiPakFB8s8O7T+k2qhDae7jy4/y7Jl1lnjaBY8s7bzOUPhF0KKCNZmvoKwtL23ZdVeTSV1xM3jkiNnpzBKbcoSWECSGJVp1SE0BnRXdwQP41YTXFZ0310YjaTAUCC5qbMIWdEkHjfdSQtKBImnc85mkapq9w++XQ4zhauPWBtrPV3CcoCahjUaWdjrKVkibomlJZaN8MEO23CfQw==
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 893 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 39664
+;; flags: qr rd ra cd ; qd: 1 an: 3 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ingotronic.ch., type = DS, class = IN
+
+;; ANSWERS:
+ingotronic.ch.		3563	IN	DS	6031 5 1 733D0218B571CD617B1A7493564B9FC4F12ADE82
+ingotronic.ch.		3563	IN	DS	6031 5 2 4A948F2FDADA24686E473EDAC00DCF972584C75E3FAA92C2021B6221449FF87E
+ingotronic.ch.		3563	IN	RRSIG	DS 8 2 3600 20150129033614 20150105123019 60789 ch. rVPJP2HhzW7OkroK2axFj5Lb4iVWCH8Fp/Iq1rF952NDo72b8RiKje2RaAKJAGQ+wd0YgE+PAej04GCmkhlDJA/zvPeeTxuhy3HbJzReMlQ7fjyH+wW1hli+FuIYvogXWf7nO/9VyPORt8X/f/pjrOr3Vlj9sGLN8TGYpEuVSw4=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 288 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 2175
+;; flags: qr aa rd ra cd ; qd: 1 an: 4 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ingotronic.ch., type = DNSKEY, class = IN
+
+;; ANSWERS:
+ingotronic.ch.		300	IN	DNSKEY	256 3 5 AwEAAZ2Xh77GFzpEDx7EHYxShqltHgkiG+BOjBGifEmnJhQSdE5/yNSLFNcdhZZ8HUPxYnaedTqJcFFg4AzUsQklF/fECegTJdZjaj2WoL0/I8K7HMfY/hVuRZUWPNglYi8agJRX6gdkFTCpUNI7stpgKqxtzUJhhw15uG/lKMplwqUr
+ingotronic.ch.		300	IN	DNSKEY	257 3 5 AwEAAeA1vzmjaB+eBAcvhzpKEgAEFpvQ1rg4uKDW6MsQtacKoqBpgyep2+LuWotz5p/xYxj3NGsArwN8Ad5cY0FHRr8miTT0elOv6nvlqGIfRuhj/BXAQ1x4ihpSFslHw0lJMYFwxsUZWpUyjWX/nv1xRZMMwF46gui0N4OEbyTYusCk77D+A71k+K0EAitFIbIH4GCUKmH1H7HmXhSVH9bN/n7KEGwW32lmsuuUcJoRKDkcUvbMXY/9Xoa2quERrUg/rBbDUHowRPjYDS5GzY1+f4YY8s40BufGiqyUTKKXL953MVFK8gmezXA0hbmrnZ7CBOw/7238mORAdzExaX8n7CE=
+ingotronic.ch.		300	IN	RRSIG	DNSKEY 5 2 300 20150125003700 20141226001657 6031 ingotronic.ch. rs1QlP2SlSpA2ELbzwg3DgWLzXWL3Lpv6CUJE2Q0qH2Zp7Qdy3cD+ZEtNh9v24Qv1M6JJ3zFt8mmZoCeW2ycuMbJCqBkW9CBuwF+VznZvZY2MxwPipvhvEEGP//0M8YAZJ66yQPDv3PTdAP8FYbIrJyvY44vwyncwbslpfHT9jAsrbfr3vuMuWps86dnP462q+0s1TxBfqi8mzo3gdavjHKWVNwohLahLKT+tWeu6DSzQv0YwMjwtkLgF7QRgx3ctIIkloOrnx9nHH1N6y+hxEB89fOlyVDjHhgL5uVtsD5fEdT0FJ2Gc/2nShEMMqIwr1/J9kUq1mNySff/uEe65Q==
+ingotronic.ch.		300	IN	RRSIG	DNSKEY 5 2 300 20150125003700 20141226001657 17430 ingotronic.ch. mEwZjhQqeWksWD0TCnNBrtce4YkWJL3edqL6PvAUu8Fn+Ih437kEs3+pqdkgRsdYQ9HW+lBm/8pWwJlNAv0bi9NykItXMwAUFtncgq+6Pnh3iAM972GXSa5VV4LcGQ5b8CBdHCHiEKDqyPv5Hr5QfYL/FQaWlcNRh4QZZlZNPFA=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 940 bytes
+
+###############################################
+
diff --git a/src/test/resources/recordings/org_xbill_DNS_dnssec_TestValUtils/testNoDataWhenWcNsecProvesCname b/src/test/resources/recordings/org_xbill_DNS_dnssec_TestValUtils/testNoDataWhenWcNsecProvesCname
new file mode 100644
index 000000000..1eeccc116
--- /dev/null
+++ b/src/test/resources/recordings/org_xbill_DNS_dnssec_TestValUtils/testNoDataWhenWcNsecProvesCname
@@ -0,0 +1,217 @@
+#Date: 2015-01-06T22:35:20+01:00
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 16955
+;; flags: qr aa rd ra cd ; qd: 1 an: 2 au: 2 ad: 3 
+;; QUESTIONS:
+;;	*.cwv.ingotronic.ch., type = NSEC, class = IN
+
+;; ANSWERS:
+*.cwv.ingotronic.ch.	300	IN	NSEC	*.d.ingotronic.ch. CNAME RRSIG NSEC
+*.cwv.ingotronic.ch.	300	IN	RRSIG	NSEC 5 3 300 20150125021136 20141226011244 17430 ingotronic.ch. BCuqOula4CbP7OMTfAcntmW8o/Irr0N4NOcG7h7AH+Z+1YBJmITWukLUL8iEmC5UnEXTi807YiCnv0Fp2qKyIxSO7x4Kfpb/smHQC1zgeCdfkiyXOIj9iePyizW0/7jJTTY0DQzDF0fPe5t393eS4qSDiwHSnFqsDN+jKPtR5A0=
+
+;; AUTHORITY RECORDS:
+ingotronic.ch.		300	IN	NS	ns1.ingotronic.ch.
+ingotronic.ch.		300	IN	RRSIG	NS 5 2 300 20150125000532 20141225234703 17430 ingotronic.ch. VuzVJM3McSHlcdngCG/G23zCikq8tXE0CZV2ZSgUFXXFMIEoM6PMi1QRQ/8VF3tee4WGpRx2jhtkui0wFRFfwIhW7G1uPDT4qogaR3KLIyuCEsMxhRH3WJZNrLmLqlSBGvd9OBJwbmryqm3Zzqvrk+E+rh8OJeifnBBpHAX4eHg=
+
+;; ADDITIONAL RECORDS:
+ns1.ingotronic.ch.	300	IN	A	62.192.5.131
+ns1.ingotronic.ch.	300	IN	RRSIG	A 5 3 300 20150125005754 20141226001054 17430 ingotronic.ch. fNG1RZM53pXwBxruHNaSZszxVzNLoCq8VZsTjAzYH2vSLzHXYVGJFTLIeY0K9APAdyJU8WuwmABmn7XY0Kg39kRG77uoFlqUws2PdTz2QKOwJGZY7W88Ak2Y9lkDBcK8o3wJHVptrT8R7p/1U7UfjF0kqPUkakk2B0EbFWdagFg=
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 640 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 7189
+;; flags: qr rd ra ad cd ; qd: 1 an: 4 au: 0 ad: 1 
+;; QUESTIONS:
+;;	., type = DNSKEY, class = IN
+
+;; ANSWERS:
+.			87354	IN	DNSKEY	257 3 8 AwEAAagAIKlVZrpC6Ia7gEzahOR+9W29euxhJhVVLOyQbSEW0O8gcCjFFVQUTf6v58fLjwBd0YI0EzrAcQqBGCzh/RStIoO8g0NfnfL2MTJRkxoXbfDaUeVPQuYEhg37NZWAJQ9VnMVDxP/VHL496M/QZxkjf5/Efucp2gaDX6RS6CXpoY68LsvPVjR0ZSwzz1apAzvN9dlzEheX7ICJBBtuA6G3LQpzW5hOA2hzCTMjJPJ8LbqF6dsV6DoBQzgul0sGIcGOYl7OyQdXfZ57relSQageu+ipAdTTJ25AsRTAoub8ONGcLmqrAmRLKBP1dfwhYB4N7knNnulqQxA+Uk1ihz0=
+.			87354	IN	DNSKEY	256 3 8 AwEAAe3fSrbLBy3LOS7pnxEUhvPZTE2H5dIGsI/UfruI/nOEvWWa/PSX2BFedBkEqOlYdjdNF2f+6lmfk2Od/xu0v5bVqxFE+/24v3hZSlWBxvXzPTAGHrbW/IJYEPqlzVOAS4XdUgHg0N7IbLywNHMvB+Yf+Nm6ctyXXFLV4WTNnzs7
+.			87354	IN	DNSKEY	256 3 8 AwEAAaPD7Y7XIi1MOEREJNTrRhyqsY3gff6JWzg+XCbqut1sbcbvqyssHw8DT1AkRaAC92pO8xuyq5QEgEPL1IHfABLwpwXI5gTj4gdwi86bpkmlWs9fRpnn4DPDCTdrnxIejJXgClHikLJF3u3CdpNCMijq4CKdQbMlRZ3avv+G7rh7
+.			87354	IN	RRSIG	DNSKEY 8 0 172800 20150115235959 20150101000000 19036 . i8cAxD2pvQi1oAyvQxRpDfFlbqPzW+69QQEsDwE1eWOm5AtawO9U7lmsGps7sy/fVNvl1ljKBj4Djp9pb3U2FLogjiIlW0cDAkPmLlG9t+b/pjEfBNlhjANUVN06pvQVAfm+LcF26EaWT6FlISBqb6jSy4BHRa3Bdc4Sx7+pRSYSqVVvYxLkfAWsKPqGkvWhebJDndJJV9syXQXgZ+v/uJ+6XOS43xkAdeL8iBzIs/FlwMTfh3tVe3d0lb65IBBLlCzeQuetX+0Vu1YFcnD0mHc/wS2ZnAV5toAFmyVQBoY/XAZiZeaOkcROJ6Zmqezy7liwK7BqsYyAZntMhk8lbg==
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 883 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 24849
+;; flags: qr rd ra ad cd ; qd: 1 an: 2 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ch., type = DS, class = IN
+
+;; ANSWERS:
+ch.			954	IN	DS	46375 8 2 8F96646FC68BB7E4AF4C0750A6096FBC0D4ECDA3D3FA6DA06FDDB42EE50C6CF3
+ch.			954	IN	RRSIG	DS 8 1 86400 20150112170000 20150105160000 16665 . thY7xYWBBxiBjqbQIb9fAG4TmQgnziwM7q6P1T3/ITxmECdvOCQnnZA3uD7qmN8uM0HudsD7+y+zgD3rsH4RSTKdL4kHSI0OnCxToMTvklghEgFDezqIRm8NkWdI2H4Stwrj20nYKSpLQxPI2EE54gs18P3KyO8bAUYv8Qx73xU=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 238 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 49755
+;; flags: qr rd ra ad cd ; qd: 1 an: 4 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ch., type = DNSKEY, class = IN
+
+;; ANSWERS:
+ch.			955	IN	DNSKEY	256 3 8 AwEAAcsg0kY6fw1wzYMhSAKTy+Y2JzAst66P/1odp9NECJJHbU8f4nwziI3onoFSBV0ZiSZhY1aH5dhdDZ7BkrqhVXSrZPAz0CvzjIxmB1gSOf9DeZvjQvoy97HqYolxsf+B3QQv2RKBT67elF5+JisKg3/dQISelKn8LhabSoVrMlD1
+ch.			955	IN	DNSKEY	256 3 8 AwEAAcSLdT0fEmcFmLpeUkAJoeVaHKiu+nbuc43fWlqaCRVf8t2HA4uWxOk0O5ci9nrFTc8nq8oa5fk5Cj7CHh4yrX9qUCfTdIWTyp8BDEdJpS+Dyb0u9wQuVj+nQMj4fLzdQf4TJs3/qxuiLr3nL1UUwlhhXeqSqGVb7p3mtB5HJ8ad
+ch.			955	IN	DNSKEY	257 3 8 AwEAAb7GhhZ8IAy/AhwmSms5DeQK5ad09wIIplEpYoiAIYXPtJvT1ReFzyfTp/2YP+g/PWDwHPh4qKAHa9x0VgbIQcGAeNakmfkAdWEmCnca323/SAml3mwfaX62G7/uYWae5zh8QTxZKNd+K1yZ5x0IxnI31chSl5xymRbTEHYZDKwSIRFM3fTxUMt93WFaBVWELReYotJBr++rvAWdnlay5TPBTvheLBkaiqtgM4GP8HK07Y+86lsZnEsj5K3G1KTV5SPpa82rqYAwxG9VKbmSE/6/kBR5jJHjt1rRt5Oe7v18aEtw0YCEN4vxq+KuvMoNVqXUsE9LBwHJD+QNwi6wmB0=
+ch.			955	IN	RRSIG	DNSKEY 8 1 86400 20150127100909 20141212090909 46375 ch. bT8q0FWyeMH0SulNo6UdIIgZYNATwYsee2bikq2Gh339Bufma8eaqWIPYT3XKmxYPBFOw0bVl+kLZxTwbR1CFoCDXoP+qgQhh4mf9qkNiv2CDSc+0FE3FRREn+DAhYTUEuB58FPiPakFB8s8O7T+k2qhDae7jy4/y7Jl1lnjaBY8s7bzOUPhF0KKCNZmvoKwtL23ZdVeTSV1xM3jkiNnpzBKbcoSWECSGJVp1SE0BnRXdwQP41YTXFZ0310YjaTAUCC5qbMIWdEkHjfdSQtKBImnc85mkapq9w++XQ4zhauPWBtrPV3CcoCahjUaWdjrKVkibomlJZaN8MEO23CfQw==
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 893 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 37764
+;; flags: qr rd ra cd ; qd: 1 an: 3 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ingotronic.ch., type = DS, class = IN
+
+;; ANSWERS:
+ingotronic.ch.		3562	IN	DS	6031 5 2 4A948F2FDADA24686E473EDAC00DCF972584C75E3FAA92C2021B6221449FF87E
+ingotronic.ch.		3562	IN	DS	6031 5 1 733D0218B571CD617B1A7493564B9FC4F12ADE82
+ingotronic.ch.		3562	IN	RRSIG	DS 8 2 3600 20150129033614 20150105123019 60789 ch. rVPJP2HhzW7OkroK2axFj5Lb4iVWCH8Fp/Iq1rF952NDo72b8RiKje2RaAKJAGQ+wd0YgE+PAej04GCmkhlDJA/zvPeeTxuhy3HbJzReMlQ7fjyH+wW1hli+FuIYvogXWf7nO/9VyPORt8X/f/pjrOr3Vlj9sGLN8TGYpEuVSw4=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 288 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 58114
+;; flags: qr aa rd ra cd ; qd: 1 an: 4 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ingotronic.ch., type = DNSKEY, class = IN
+
+;; ANSWERS:
+ingotronic.ch.		300	IN	DNSKEY	257 3 5 AwEAAeA1vzmjaB+eBAcvhzpKEgAEFpvQ1rg4uKDW6MsQtacKoqBpgyep2+LuWotz5p/xYxj3NGsArwN8Ad5cY0FHRr8miTT0elOv6nvlqGIfRuhj/BXAQ1x4ihpSFslHw0lJMYFwxsUZWpUyjWX/nv1xRZMMwF46gui0N4OEbyTYusCk77D+A71k+K0EAitFIbIH4GCUKmH1H7HmXhSVH9bN/n7KEGwW32lmsuuUcJoRKDkcUvbMXY/9Xoa2quERrUg/rBbDUHowRPjYDS5GzY1+f4YY8s40BufGiqyUTKKXL953MVFK8gmezXA0hbmrnZ7CBOw/7238mORAdzExaX8n7CE=
+ingotronic.ch.		300	IN	DNSKEY	256 3 5 AwEAAZ2Xh77GFzpEDx7EHYxShqltHgkiG+BOjBGifEmnJhQSdE5/yNSLFNcdhZZ8HUPxYnaedTqJcFFg4AzUsQklF/fECegTJdZjaj2WoL0/I8K7HMfY/hVuRZUWPNglYi8agJRX6gdkFTCpUNI7stpgKqxtzUJhhw15uG/lKMplwqUr
+ingotronic.ch.		300	IN	RRSIG	DNSKEY 5 2 300 20150125003700 20141226001657 6031 ingotronic.ch. rs1QlP2SlSpA2ELbzwg3DgWLzXWL3Lpv6CUJE2Q0qH2Zp7Qdy3cD+ZEtNh9v24Qv1M6JJ3zFt8mmZoCeW2ycuMbJCqBkW9CBuwF+VznZvZY2MxwPipvhvEEGP//0M8YAZJ66yQPDv3PTdAP8FYbIrJyvY44vwyncwbslpfHT9jAsrbfr3vuMuWps86dnP462q+0s1TxBfqi8mzo3gdavjHKWVNwohLahLKT+tWeu6DSzQv0YwMjwtkLgF7QRgx3ctIIkloOrnx9nHH1N6y+hxEB89fOlyVDjHhgL5uVtsD5fEdT0FJ2Gc/2nShEMMqIwr1/J9kUq1mNySff/uEe65Q==
+ingotronic.ch.		300	IN	RRSIG	DNSKEY 5 2 300 20150125003700 20141226001657 17430 ingotronic.ch. mEwZjhQqeWksWD0TCnNBrtce4YkWJL3edqL6PvAUu8Fn+Ih437kEs3+pqdkgRsdYQ9HW+lBm/8pWwJlNAv0bi9NykItXMwAUFtncgq+6Pnh3iAM972GXSa5VV4LcGQ5b8CBdHCHiEKDqyPv5Hr5QfYL/FQaWlcNRh4QZZlZNPFA=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 940 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 48146
+;; flags: qr rd ra ad cd ; qd: 1 an: 4 au: 0 ad: 1 
+;; QUESTIONS:
+;;	., type = DNSKEY, class = IN
+
+;; ANSWERS:
+.			87353	IN	DNSKEY	256 3 8 AwEAAe3fSrbLBy3LOS7pnxEUhvPZTE2H5dIGsI/UfruI/nOEvWWa/PSX2BFedBkEqOlYdjdNF2f+6lmfk2Od/xu0v5bVqxFE+/24v3hZSlWBxvXzPTAGHrbW/IJYEPqlzVOAS4XdUgHg0N7IbLywNHMvB+Yf+Nm6ctyXXFLV4WTNnzs7
+.			87353	IN	DNSKEY	256 3 8 AwEAAaPD7Y7XIi1MOEREJNTrRhyqsY3gff6JWzg+XCbqut1sbcbvqyssHw8DT1AkRaAC92pO8xuyq5QEgEPL1IHfABLwpwXI5gTj4gdwi86bpkmlWs9fRpnn4DPDCTdrnxIejJXgClHikLJF3u3CdpNCMijq4CKdQbMlRZ3avv+G7rh7
+.			87353	IN	DNSKEY	257 3 8 AwEAAagAIKlVZrpC6Ia7gEzahOR+9W29euxhJhVVLOyQbSEW0O8gcCjFFVQUTf6v58fLjwBd0YI0EzrAcQqBGCzh/RStIoO8g0NfnfL2MTJRkxoXbfDaUeVPQuYEhg37NZWAJQ9VnMVDxP/VHL496M/QZxkjf5/Efucp2gaDX6RS6CXpoY68LsvPVjR0ZSwzz1apAzvN9dlzEheX7ICJBBtuA6G3LQpzW5hOA2hzCTMjJPJ8LbqF6dsV6DoBQzgul0sGIcGOYl7OyQdXfZ57relSQageu+ipAdTTJ25AsRTAoub8ONGcLmqrAmRLKBP1dfwhYB4N7knNnulqQxA+Uk1ihz0=
+.			87353	IN	RRSIG	DNSKEY 8 0 172800 20150115235959 20150101000000 19036 . i8cAxD2pvQi1oAyvQxRpDfFlbqPzW+69QQEsDwE1eWOm5AtawO9U7lmsGps7sy/fVNvl1ljKBj4Djp9pb3U2FLogjiIlW0cDAkPmLlG9t+b/pjEfBNlhjANUVN06pvQVAfm+LcF26EaWT6FlISBqb6jSy4BHRa3Bdc4Sx7+pRSYSqVVvYxLkfAWsKPqGkvWhebJDndJJV9syXQXgZ+v/uJ+6XOS43xkAdeL8iBzIs/FlwMTfh3tVe3d0lb65IBBLlCzeQuetX+0Vu1YFcnD0mHc/wS2ZnAV5toAFmyVQBoY/XAZiZeaOkcROJ6Zmqezy7liwK7BqsYyAZntMhk8lbg==
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 883 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 59133
+;; flags: qr rd ra ad cd ; qd: 1 an: 2 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ch., type = DS, class = IN
+
+;; ANSWERS:
+ch.			953	IN	DS	46375 8 2 8F96646FC68BB7E4AF4C0750A6096FBC0D4ECDA3D3FA6DA06FDDB42EE50C6CF3
+ch.			953	IN	RRSIG	DS 8 1 86400 20150112170000 20150105160000 16665 . thY7xYWBBxiBjqbQIb9fAG4TmQgnziwM7q6P1T3/ITxmECdvOCQnnZA3uD7qmN8uM0HudsD7+y+zgD3rsH4RSTKdL4kHSI0OnCxToMTvklghEgFDezqIRm8NkWdI2H4Stwrj20nYKSpLQxPI2EE54gs18P3KyO8bAUYv8Qx73xU=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 238 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 61813
+;; flags: qr rd ra ad cd ; qd: 1 an: 4 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ch., type = DNSKEY, class = IN
+
+;; ANSWERS:
+ch.			954	IN	DNSKEY	256 3 8 AwEAAcSLdT0fEmcFmLpeUkAJoeVaHKiu+nbuc43fWlqaCRVf8t2HA4uWxOk0O5ci9nrFTc8nq8oa5fk5Cj7CHh4yrX9qUCfTdIWTyp8BDEdJpS+Dyb0u9wQuVj+nQMj4fLzdQf4TJs3/qxuiLr3nL1UUwlhhXeqSqGVb7p3mtB5HJ8ad
+ch.			954	IN	DNSKEY	256 3 8 AwEAAcsg0kY6fw1wzYMhSAKTy+Y2JzAst66P/1odp9NECJJHbU8f4nwziI3onoFSBV0ZiSZhY1aH5dhdDZ7BkrqhVXSrZPAz0CvzjIxmB1gSOf9DeZvjQvoy97HqYolxsf+B3QQv2RKBT67elF5+JisKg3/dQISelKn8LhabSoVrMlD1
+ch.			954	IN	DNSKEY	257 3 8 AwEAAb7GhhZ8IAy/AhwmSms5DeQK5ad09wIIplEpYoiAIYXPtJvT1ReFzyfTp/2YP+g/PWDwHPh4qKAHa9x0VgbIQcGAeNakmfkAdWEmCnca323/SAml3mwfaX62G7/uYWae5zh8QTxZKNd+K1yZ5x0IxnI31chSl5xymRbTEHYZDKwSIRFM3fTxUMt93WFaBVWELReYotJBr++rvAWdnlay5TPBTvheLBkaiqtgM4GP8HK07Y+86lsZnEsj5K3G1KTV5SPpa82rqYAwxG9VKbmSE/6/kBR5jJHjt1rRt5Oe7v18aEtw0YCEN4vxq+KuvMoNVqXUsE9LBwHJD+QNwi6wmB0=
+ch.			954	IN	RRSIG	DNSKEY 8 1 86400 20150127100909 20141212090909 46375 ch. bT8q0FWyeMH0SulNo6UdIIgZYNATwYsee2bikq2Gh339Bufma8eaqWIPYT3XKmxYPBFOw0bVl+kLZxTwbR1CFoCDXoP+qgQhh4mf9qkNiv2CDSc+0FE3FRREn+DAhYTUEuB58FPiPakFB8s8O7T+k2qhDae7jy4/y7Jl1lnjaBY8s7bzOUPhF0KKCNZmvoKwtL23ZdVeTSV1xM3jkiNnpzBKbcoSWECSGJVp1SE0BnRXdwQP41YTXFZ0310YjaTAUCC5qbMIWdEkHjfdSQtKBImnc85mkapq9w++XQ4zhauPWBtrPV3CcoCahjUaWdjrKVkibomlJZaN8MEO23CfQw==
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 893 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 12624
+;; flags: qr rd ra cd ; qd: 1 an: 3 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ingotronic.ch., type = DS, class = IN
+
+;; ANSWERS:
+ingotronic.ch.		3562	IN	DS	6031 5 2 4A948F2FDADA24686E473EDAC00DCF972584C75E3FAA92C2021B6221449FF87E
+ingotronic.ch.		3562	IN	DS	6031 5 1 733D0218B571CD617B1A7493564B9FC4F12ADE82
+ingotronic.ch.		3562	IN	RRSIG	DS 8 2 3600 20150129033614 20150105123019 60789 ch. rVPJP2HhzW7OkroK2axFj5Lb4iVWCH8Fp/Iq1rF952NDo72b8RiKje2RaAKJAGQ+wd0YgE+PAej04GCmkhlDJA/zvPeeTxuhy3HbJzReMlQ7fjyH+wW1hli+FuIYvogXWf7nO/9VyPORt8X/f/pjrOr3Vlj9sGLN8TGYpEuVSw4=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 288 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 55368
+;; flags: qr aa rd ra cd ; qd: 1 an: 4 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ingotronic.ch., type = DNSKEY, class = IN
+
+;; ANSWERS:
+ingotronic.ch.		300	IN	DNSKEY	257 3 5 AwEAAeA1vzmjaB+eBAcvhzpKEgAEFpvQ1rg4uKDW6MsQtacKoqBpgyep2+LuWotz5p/xYxj3NGsArwN8Ad5cY0FHRr8miTT0elOv6nvlqGIfRuhj/BXAQ1x4ihpSFslHw0lJMYFwxsUZWpUyjWX/nv1xRZMMwF46gui0N4OEbyTYusCk77D+A71k+K0EAitFIbIH4GCUKmH1H7HmXhSVH9bN/n7KEGwW32lmsuuUcJoRKDkcUvbMXY/9Xoa2quERrUg/rBbDUHowRPjYDS5GzY1+f4YY8s40BufGiqyUTKKXL953MVFK8gmezXA0hbmrnZ7CBOw/7238mORAdzExaX8n7CE=
+ingotronic.ch.		300	IN	DNSKEY	256 3 5 AwEAAZ2Xh77GFzpEDx7EHYxShqltHgkiG+BOjBGifEmnJhQSdE5/yNSLFNcdhZZ8HUPxYnaedTqJcFFg4AzUsQklF/fECegTJdZjaj2WoL0/I8K7HMfY/hVuRZUWPNglYi8agJRX6gdkFTCpUNI7stpgKqxtzUJhhw15uG/lKMplwqUr
+ingotronic.ch.		300	IN	RRSIG	DNSKEY 5 2 300 20150125003700 20141226001657 6031 ingotronic.ch. rs1QlP2SlSpA2ELbzwg3DgWLzXWL3Lpv6CUJE2Q0qH2Zp7Qdy3cD+ZEtNh9v24Qv1M6JJ3zFt8mmZoCeW2ycuMbJCqBkW9CBuwF+VznZvZY2MxwPipvhvEEGP//0M8YAZJ66yQPDv3PTdAP8FYbIrJyvY44vwyncwbslpfHT9jAsrbfr3vuMuWps86dnP462q+0s1TxBfqi8mzo3gdavjHKWVNwohLahLKT+tWeu6DSzQv0YwMjwtkLgF7QRgx3ctIIkloOrnx9nHH1N6y+hxEB89fOlyVDjHhgL5uVtsD5fEdT0FJ2Gc/2nShEMMqIwr1/J9kUq1mNySff/uEe65Q==
+ingotronic.ch.		300	IN	RRSIG	DNSKEY 5 2 300 20150125003700 20141226001657 17430 ingotronic.ch. mEwZjhQqeWksWD0TCnNBrtce4YkWJL3edqL6PvAUu8Fn+Ih437kEs3+pqdkgRsdYQ9HW+lBm/8pWwJlNAv0bi9NykItXMwAUFtncgq+6Pnh3iAM972GXSa5VV4LcGQ5b8CBdHCHiEKDqyPv5Hr5QfYL/FQaWlcNRh4QZZlZNPFA=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 940 bytes
+
+###############################################
+
diff --git a/src/test/resources/recordings/org_xbill_DNS_dnssec_TestValUtils/testNoDataWhenWcNsecProvesType b/src/test/resources/recordings/org_xbill_DNS_dnssec_TestValUtils/testNoDataWhenWcNsecProvesType
new file mode 100644
index 000000000..2c185a86d
--- /dev/null
+++ b/src/test/resources/recordings/org_xbill_DNS_dnssec_TestValUtils/testNoDataWhenWcNsecProvesType
@@ -0,0 +1,217 @@
+#Date: 2015-01-06T22:35:24+01:00
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 54210
+;; flags: qr aa rd ra cd ; qd: 1 an: 2 au: 2 ad: 3 
+;; QUESTIONS:
+;;	*.c.ingotronic.ch., type = NSEC, class = IN
+
+;; ANSWERS:
+*.c.ingotronic.ch.	300	IN	NSEC	cfailed.ingotronic.ch. A RRSIG NSEC
+*.c.ingotronic.ch.	300	IN	RRSIG	NSEC 5 3 300 20150125000532 20141225234703 17430 ingotronic.ch. Lf7FP3WsqHc3SUznxjp367ehSI5mcUE7OzvHQj68BfC77FPylpt3YLtyirEZVjVKPjQ6maarQakizn6u7KFf1jFr2kGpS1rZCvyfAxGX6wwIZK/Wf0lfhP0IquQd+kX2OlmRbbemFI/lFG72NAcB+19t8tcwV5k6ADkxC2L6o/4=
+
+;; AUTHORITY RECORDS:
+ingotronic.ch.		300	IN	NS	ns1.ingotronic.ch.
+ingotronic.ch.		300	IN	RRSIG	NS 5 2 300 20150125000532 20141225234703 17430 ingotronic.ch. VuzVJM3McSHlcdngCG/G23zCikq8tXE0CZV2ZSgUFXXFMIEoM6PMi1QRQ/8VF3tee4WGpRx2jhtkui0wFRFfwIhW7G1uPDT4qogaR3KLIyuCEsMxhRH3WJZNrLmLqlSBGvd9OBJwbmryqm3Zzqvrk+E+rh8OJeifnBBpHAX4eHg=
+
+;; ADDITIONAL RECORDS:
+ns1.ingotronic.ch.	300	IN	A	62.192.5.131
+ns1.ingotronic.ch.	300	IN	RRSIG	A 5 3 300 20150125005754 20141226001054 17430 ingotronic.ch. fNG1RZM53pXwBxruHNaSZszxVzNLoCq8VZsTjAzYH2vSLzHXYVGJFTLIeY0K9APAdyJU8WuwmABmn7XY0Kg39kRG77uoFlqUws2PdTz2QKOwJGZY7W88Ak2Y9lkDBcK8o3wJHVptrT8R7p/1U7UfjF0kqPUkakk2B0EbFWdagFg=
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 642 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 39900
+;; flags: qr rd ra ad cd ; qd: 1 an: 4 au: 0 ad: 1 
+;; QUESTIONS:
+;;	., type = DNSKEY, class = IN
+
+;; ANSWERS:
+.			87349	IN	DNSKEY	257 3 8 AwEAAagAIKlVZrpC6Ia7gEzahOR+9W29euxhJhVVLOyQbSEW0O8gcCjFFVQUTf6v58fLjwBd0YI0EzrAcQqBGCzh/RStIoO8g0NfnfL2MTJRkxoXbfDaUeVPQuYEhg37NZWAJQ9VnMVDxP/VHL496M/QZxkjf5/Efucp2gaDX6RS6CXpoY68LsvPVjR0ZSwzz1apAzvN9dlzEheX7ICJBBtuA6G3LQpzW5hOA2hzCTMjJPJ8LbqF6dsV6DoBQzgul0sGIcGOYl7OyQdXfZ57relSQageu+ipAdTTJ25AsRTAoub8ONGcLmqrAmRLKBP1dfwhYB4N7knNnulqQxA+Uk1ihz0=
+.			87349	IN	DNSKEY	256 3 8 AwEAAaPD7Y7XIi1MOEREJNTrRhyqsY3gff6JWzg+XCbqut1sbcbvqyssHw8DT1AkRaAC92pO8xuyq5QEgEPL1IHfABLwpwXI5gTj4gdwi86bpkmlWs9fRpnn4DPDCTdrnxIejJXgClHikLJF3u3CdpNCMijq4CKdQbMlRZ3avv+G7rh7
+.			87349	IN	DNSKEY	256 3 8 AwEAAe3fSrbLBy3LOS7pnxEUhvPZTE2H5dIGsI/UfruI/nOEvWWa/PSX2BFedBkEqOlYdjdNF2f+6lmfk2Od/xu0v5bVqxFE+/24v3hZSlWBxvXzPTAGHrbW/IJYEPqlzVOAS4XdUgHg0N7IbLywNHMvB+Yf+Nm6ctyXXFLV4WTNnzs7
+.			87349	IN	RRSIG	DNSKEY 8 0 172800 20150115235959 20150101000000 19036 . i8cAxD2pvQi1oAyvQxRpDfFlbqPzW+69QQEsDwE1eWOm5AtawO9U7lmsGps7sy/fVNvl1ljKBj4Djp9pb3U2FLogjiIlW0cDAkPmLlG9t+b/pjEfBNlhjANUVN06pvQVAfm+LcF26EaWT6FlISBqb6jSy4BHRa3Bdc4Sx7+pRSYSqVVvYxLkfAWsKPqGkvWhebJDndJJV9syXQXgZ+v/uJ+6XOS43xkAdeL8iBzIs/FlwMTfh3tVe3d0lb65IBBLlCzeQuetX+0Vu1YFcnD0mHc/wS2ZnAV5toAFmyVQBoY/XAZiZeaOkcROJ6Zmqezy7liwK7BqsYyAZntMhk8lbg==
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 883 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 12390
+;; flags: qr rd ra ad cd ; qd: 1 an: 2 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ch., type = DS, class = IN
+
+;; ANSWERS:
+ch.			949	IN	DS	46375 8 2 8F96646FC68BB7E4AF4C0750A6096FBC0D4ECDA3D3FA6DA06FDDB42EE50C6CF3
+ch.			949	IN	RRSIG	DS 8 1 86400 20150112170000 20150105160000 16665 . thY7xYWBBxiBjqbQIb9fAG4TmQgnziwM7q6P1T3/ITxmECdvOCQnnZA3uD7qmN8uM0HudsD7+y+zgD3rsH4RSTKdL4kHSI0OnCxToMTvklghEgFDezqIRm8NkWdI2H4Stwrj20nYKSpLQxPI2EE54gs18P3KyO8bAUYv8Qx73xU=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 238 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 21937
+;; flags: qr rd ra ad cd ; qd: 1 an: 4 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ch., type = DNSKEY, class = IN
+
+;; ANSWERS:
+ch.			950	IN	DNSKEY	257 3 8 AwEAAb7GhhZ8IAy/AhwmSms5DeQK5ad09wIIplEpYoiAIYXPtJvT1ReFzyfTp/2YP+g/PWDwHPh4qKAHa9x0VgbIQcGAeNakmfkAdWEmCnca323/SAml3mwfaX62G7/uYWae5zh8QTxZKNd+K1yZ5x0IxnI31chSl5xymRbTEHYZDKwSIRFM3fTxUMt93WFaBVWELReYotJBr++rvAWdnlay5TPBTvheLBkaiqtgM4GP8HK07Y+86lsZnEsj5K3G1KTV5SPpa82rqYAwxG9VKbmSE/6/kBR5jJHjt1rRt5Oe7v18aEtw0YCEN4vxq+KuvMoNVqXUsE9LBwHJD+QNwi6wmB0=
+ch.			950	IN	DNSKEY	256 3 8 AwEAAcsg0kY6fw1wzYMhSAKTy+Y2JzAst66P/1odp9NECJJHbU8f4nwziI3onoFSBV0ZiSZhY1aH5dhdDZ7BkrqhVXSrZPAz0CvzjIxmB1gSOf9DeZvjQvoy97HqYolxsf+B3QQv2RKBT67elF5+JisKg3/dQISelKn8LhabSoVrMlD1
+ch.			950	IN	DNSKEY	256 3 8 AwEAAcSLdT0fEmcFmLpeUkAJoeVaHKiu+nbuc43fWlqaCRVf8t2HA4uWxOk0O5ci9nrFTc8nq8oa5fk5Cj7CHh4yrX9qUCfTdIWTyp8BDEdJpS+Dyb0u9wQuVj+nQMj4fLzdQf4TJs3/qxuiLr3nL1UUwlhhXeqSqGVb7p3mtB5HJ8ad
+ch.			950	IN	RRSIG	DNSKEY 8 1 86400 20150127100909 20141212090909 46375 ch. bT8q0FWyeMH0SulNo6UdIIgZYNATwYsee2bikq2Gh339Bufma8eaqWIPYT3XKmxYPBFOw0bVl+kLZxTwbR1CFoCDXoP+qgQhh4mf9qkNiv2CDSc+0FE3FRREn+DAhYTUEuB58FPiPakFB8s8O7T+k2qhDae7jy4/y7Jl1lnjaBY8s7bzOUPhF0KKCNZmvoKwtL23ZdVeTSV1xM3jkiNnpzBKbcoSWECSGJVp1SE0BnRXdwQP41YTXFZ0310YjaTAUCC5qbMIWdEkHjfdSQtKBImnc85mkapq9w++XQ4zhauPWBtrPV3CcoCahjUaWdjrKVkibomlJZaN8MEO23CfQw==
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 893 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 52675
+;; flags: qr rd ra cd ; qd: 1 an: 3 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ingotronic.ch., type = DS, class = IN
+
+;; ANSWERS:
+ingotronic.ch.		3558	IN	DS	6031 5 2 4A948F2FDADA24686E473EDAC00DCF972584C75E3FAA92C2021B6221449FF87E
+ingotronic.ch.		3558	IN	DS	6031 5 1 733D0218B571CD617B1A7493564B9FC4F12ADE82
+ingotronic.ch.		3558	IN	RRSIG	DS 8 2 3600 20150129033614 20150105123019 60789 ch. rVPJP2HhzW7OkroK2axFj5Lb4iVWCH8Fp/Iq1rF952NDo72b8RiKje2RaAKJAGQ+wd0YgE+PAej04GCmkhlDJA/zvPeeTxuhy3HbJzReMlQ7fjyH+wW1hli+FuIYvogXWf7nO/9VyPORt8X/f/pjrOr3Vlj9sGLN8TGYpEuVSw4=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 288 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 27862
+;; flags: qr aa rd ra cd ; qd: 1 an: 4 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ingotronic.ch., type = DNSKEY, class = IN
+
+;; ANSWERS:
+ingotronic.ch.		300	IN	DNSKEY	256 3 5 AwEAAZ2Xh77GFzpEDx7EHYxShqltHgkiG+BOjBGifEmnJhQSdE5/yNSLFNcdhZZ8HUPxYnaedTqJcFFg4AzUsQklF/fECegTJdZjaj2WoL0/I8K7HMfY/hVuRZUWPNglYi8agJRX6gdkFTCpUNI7stpgKqxtzUJhhw15uG/lKMplwqUr
+ingotronic.ch.		300	IN	DNSKEY	257 3 5 AwEAAeA1vzmjaB+eBAcvhzpKEgAEFpvQ1rg4uKDW6MsQtacKoqBpgyep2+LuWotz5p/xYxj3NGsArwN8Ad5cY0FHRr8miTT0elOv6nvlqGIfRuhj/BXAQ1x4ihpSFslHw0lJMYFwxsUZWpUyjWX/nv1xRZMMwF46gui0N4OEbyTYusCk77D+A71k+K0EAitFIbIH4GCUKmH1H7HmXhSVH9bN/n7KEGwW32lmsuuUcJoRKDkcUvbMXY/9Xoa2quERrUg/rBbDUHowRPjYDS5GzY1+f4YY8s40BufGiqyUTKKXL953MVFK8gmezXA0hbmrnZ7CBOw/7238mORAdzExaX8n7CE=
+ingotronic.ch.		300	IN	RRSIG	DNSKEY 5 2 300 20150125003700 20141226001657 6031 ingotronic.ch. rs1QlP2SlSpA2ELbzwg3DgWLzXWL3Lpv6CUJE2Q0qH2Zp7Qdy3cD+ZEtNh9v24Qv1M6JJ3zFt8mmZoCeW2ycuMbJCqBkW9CBuwF+VznZvZY2MxwPipvhvEEGP//0M8YAZJ66yQPDv3PTdAP8FYbIrJyvY44vwyncwbslpfHT9jAsrbfr3vuMuWps86dnP462q+0s1TxBfqi8mzo3gdavjHKWVNwohLahLKT+tWeu6DSzQv0YwMjwtkLgF7QRgx3ctIIkloOrnx9nHH1N6y+hxEB89fOlyVDjHhgL5uVtsD5fEdT0FJ2Gc/2nShEMMqIwr1/J9kUq1mNySff/uEe65Q==
+ingotronic.ch.		300	IN	RRSIG	DNSKEY 5 2 300 20150125003700 20141226001657 17430 ingotronic.ch. mEwZjhQqeWksWD0TCnNBrtce4YkWJL3edqL6PvAUu8Fn+Ih437kEs3+pqdkgRsdYQ9HW+lBm/8pWwJlNAv0bi9NykItXMwAUFtncgq+6Pnh3iAM972GXSa5VV4LcGQ5b8CBdHCHiEKDqyPv5Hr5QfYL/FQaWlcNRh4QZZlZNPFA=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 940 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 59857
+;; flags: qr rd ra ad cd ; qd: 1 an: 4 au: 0 ad: 1 
+;; QUESTIONS:
+;;	., type = DNSKEY, class = IN
+
+;; ANSWERS:
+.			87349	IN	DNSKEY	256 3 8 AwEAAe3fSrbLBy3LOS7pnxEUhvPZTE2H5dIGsI/UfruI/nOEvWWa/PSX2BFedBkEqOlYdjdNF2f+6lmfk2Od/xu0v5bVqxFE+/24v3hZSlWBxvXzPTAGHrbW/IJYEPqlzVOAS4XdUgHg0N7IbLywNHMvB+Yf+Nm6ctyXXFLV4WTNnzs7
+.			87349	IN	DNSKEY	257 3 8 AwEAAagAIKlVZrpC6Ia7gEzahOR+9W29euxhJhVVLOyQbSEW0O8gcCjFFVQUTf6v58fLjwBd0YI0EzrAcQqBGCzh/RStIoO8g0NfnfL2MTJRkxoXbfDaUeVPQuYEhg37NZWAJQ9VnMVDxP/VHL496M/QZxkjf5/Efucp2gaDX6RS6CXpoY68LsvPVjR0ZSwzz1apAzvN9dlzEheX7ICJBBtuA6G3LQpzW5hOA2hzCTMjJPJ8LbqF6dsV6DoBQzgul0sGIcGOYl7OyQdXfZ57relSQageu+ipAdTTJ25AsRTAoub8ONGcLmqrAmRLKBP1dfwhYB4N7knNnulqQxA+Uk1ihz0=
+.			87349	IN	DNSKEY	256 3 8 AwEAAaPD7Y7XIi1MOEREJNTrRhyqsY3gff6JWzg+XCbqut1sbcbvqyssHw8DT1AkRaAC92pO8xuyq5QEgEPL1IHfABLwpwXI5gTj4gdwi86bpkmlWs9fRpnn4DPDCTdrnxIejJXgClHikLJF3u3CdpNCMijq4CKdQbMlRZ3avv+G7rh7
+.			87349	IN	RRSIG	DNSKEY 8 0 172800 20150115235959 20150101000000 19036 . i8cAxD2pvQi1oAyvQxRpDfFlbqPzW+69QQEsDwE1eWOm5AtawO9U7lmsGps7sy/fVNvl1ljKBj4Djp9pb3U2FLogjiIlW0cDAkPmLlG9t+b/pjEfBNlhjANUVN06pvQVAfm+LcF26EaWT6FlISBqb6jSy4BHRa3Bdc4Sx7+pRSYSqVVvYxLkfAWsKPqGkvWhebJDndJJV9syXQXgZ+v/uJ+6XOS43xkAdeL8iBzIs/FlwMTfh3tVe3d0lb65IBBLlCzeQuetX+0Vu1YFcnD0mHc/wS2ZnAV5toAFmyVQBoY/XAZiZeaOkcROJ6Zmqezy7liwK7BqsYyAZntMhk8lbg==
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 883 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 58740
+;; flags: qr rd ra ad cd ; qd: 1 an: 2 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ch., type = DS, class = IN
+
+;; ANSWERS:
+ch.			949	IN	DS	46375 8 2 8F96646FC68BB7E4AF4C0750A6096FBC0D4ECDA3D3FA6DA06FDDB42EE50C6CF3
+ch.			949	IN	RRSIG	DS 8 1 86400 20150112170000 20150105160000 16665 . thY7xYWBBxiBjqbQIb9fAG4TmQgnziwM7q6P1T3/ITxmECdvOCQnnZA3uD7qmN8uM0HudsD7+y+zgD3rsH4RSTKdL4kHSI0OnCxToMTvklghEgFDezqIRm8NkWdI2H4Stwrj20nYKSpLQxPI2EE54gs18P3KyO8bAUYv8Qx73xU=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 238 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 33518
+;; flags: qr rd ra ad cd ; qd: 1 an: 4 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ch., type = DNSKEY, class = IN
+
+;; ANSWERS:
+ch.			950	IN	DNSKEY	256 3 8 AwEAAcSLdT0fEmcFmLpeUkAJoeVaHKiu+nbuc43fWlqaCRVf8t2HA4uWxOk0O5ci9nrFTc8nq8oa5fk5Cj7CHh4yrX9qUCfTdIWTyp8BDEdJpS+Dyb0u9wQuVj+nQMj4fLzdQf4TJs3/qxuiLr3nL1UUwlhhXeqSqGVb7p3mtB5HJ8ad
+ch.			950	IN	DNSKEY	256 3 8 AwEAAcsg0kY6fw1wzYMhSAKTy+Y2JzAst66P/1odp9NECJJHbU8f4nwziI3onoFSBV0ZiSZhY1aH5dhdDZ7BkrqhVXSrZPAz0CvzjIxmB1gSOf9DeZvjQvoy97HqYolxsf+B3QQv2RKBT67elF5+JisKg3/dQISelKn8LhabSoVrMlD1
+ch.			950	IN	DNSKEY	257 3 8 AwEAAb7GhhZ8IAy/AhwmSms5DeQK5ad09wIIplEpYoiAIYXPtJvT1ReFzyfTp/2YP+g/PWDwHPh4qKAHa9x0VgbIQcGAeNakmfkAdWEmCnca323/SAml3mwfaX62G7/uYWae5zh8QTxZKNd+K1yZ5x0IxnI31chSl5xymRbTEHYZDKwSIRFM3fTxUMt93WFaBVWELReYotJBr++rvAWdnlay5TPBTvheLBkaiqtgM4GP8HK07Y+86lsZnEsj5K3G1KTV5SPpa82rqYAwxG9VKbmSE/6/kBR5jJHjt1rRt5Oe7v18aEtw0YCEN4vxq+KuvMoNVqXUsE9LBwHJD+QNwi6wmB0=
+ch.			950	IN	RRSIG	DNSKEY 8 1 86400 20150127100909 20141212090909 46375 ch. bT8q0FWyeMH0SulNo6UdIIgZYNATwYsee2bikq2Gh339Bufma8eaqWIPYT3XKmxYPBFOw0bVl+kLZxTwbR1CFoCDXoP+qgQhh4mf9qkNiv2CDSc+0FE3FRREn+DAhYTUEuB58FPiPakFB8s8O7T+k2qhDae7jy4/y7Jl1lnjaBY8s7bzOUPhF0KKCNZmvoKwtL23ZdVeTSV1xM3jkiNnpzBKbcoSWECSGJVp1SE0BnRXdwQP41YTXFZ0310YjaTAUCC5qbMIWdEkHjfdSQtKBImnc85mkapq9w++XQ4zhauPWBtrPV3CcoCahjUaWdjrKVkibomlJZaN8MEO23CfQw==
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 893 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 60752
+;; flags: qr rd ra cd ; qd: 1 an: 3 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ingotronic.ch., type = DS, class = IN
+
+;; ANSWERS:
+ingotronic.ch.		3558	IN	DS	6031 5 1 733D0218B571CD617B1A7493564B9FC4F12ADE82
+ingotronic.ch.		3558	IN	DS	6031 5 2 4A948F2FDADA24686E473EDAC00DCF972584C75E3FAA92C2021B6221449FF87E
+ingotronic.ch.		3558	IN	RRSIG	DS 8 2 3600 20150129033614 20150105123019 60789 ch. rVPJP2HhzW7OkroK2axFj5Lb4iVWCH8Fp/Iq1rF952NDo72b8RiKje2RaAKJAGQ+wd0YgE+PAej04GCmkhlDJA/zvPeeTxuhy3HbJzReMlQ7fjyH+wW1hli+FuIYvogXWf7nO/9VyPORt8X/f/pjrOr3Vlj9sGLN8TGYpEuVSw4=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 288 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 35134
+;; flags: qr aa rd ra cd ; qd: 1 an: 4 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ingotronic.ch., type = DNSKEY, class = IN
+
+;; ANSWERS:
+ingotronic.ch.		300	IN	DNSKEY	257 3 5 AwEAAeA1vzmjaB+eBAcvhzpKEgAEFpvQ1rg4uKDW6MsQtacKoqBpgyep2+LuWotz5p/xYxj3NGsArwN8Ad5cY0FHRr8miTT0elOv6nvlqGIfRuhj/BXAQ1x4ihpSFslHw0lJMYFwxsUZWpUyjWX/nv1xRZMMwF46gui0N4OEbyTYusCk77D+A71k+K0EAitFIbIH4GCUKmH1H7HmXhSVH9bN/n7KEGwW32lmsuuUcJoRKDkcUvbMXY/9Xoa2quERrUg/rBbDUHowRPjYDS5GzY1+f4YY8s40BufGiqyUTKKXL953MVFK8gmezXA0hbmrnZ7CBOw/7238mORAdzExaX8n7CE=
+ingotronic.ch.		300	IN	DNSKEY	256 3 5 AwEAAZ2Xh77GFzpEDx7EHYxShqltHgkiG+BOjBGifEmnJhQSdE5/yNSLFNcdhZZ8HUPxYnaedTqJcFFg4AzUsQklF/fECegTJdZjaj2WoL0/I8K7HMfY/hVuRZUWPNglYi8agJRX6gdkFTCpUNI7stpgKqxtzUJhhw15uG/lKMplwqUr
+ingotronic.ch.		300	IN	RRSIG	DNSKEY 5 2 300 20150125003700 20141226001657 6031 ingotronic.ch. rs1QlP2SlSpA2ELbzwg3DgWLzXWL3Lpv6CUJE2Q0qH2Zp7Qdy3cD+ZEtNh9v24Qv1M6JJ3zFt8mmZoCeW2ycuMbJCqBkW9CBuwF+VznZvZY2MxwPipvhvEEGP//0M8YAZJ66yQPDv3PTdAP8FYbIrJyvY44vwyncwbslpfHT9jAsrbfr3vuMuWps86dnP462q+0s1TxBfqi8mzo3gdavjHKWVNwohLahLKT+tWeu6DSzQv0YwMjwtkLgF7QRgx3ctIIkloOrnx9nHH1N6y+hxEB89fOlyVDjHhgL5uVtsD5fEdT0FJ2Gc/2nShEMMqIwr1/J9kUq1mNySff/uEe65Q==
+ingotronic.ch.		300	IN	RRSIG	DNSKEY 5 2 300 20150125003700 20141226001657 17430 ingotronic.ch. mEwZjhQqeWksWD0TCnNBrtce4YkWJL3edqL6PvAUu8Fn+Ih437kEs3+pqdkgRsdYQ9HW+lBm/8pWwJlNAv0bi9NykItXMwAUFtncgq+6Pnh3iAM972GXSa5VV4LcGQ5b8CBdHCHiEKDqyPv5Hr5QfYL/FQaWlcNRh4QZZlZNPFA=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 940 bytes
+
+###############################################
+
diff --git a/src/test/resources/recordings/org_xbill_DNS_dnssec_TestValUtils/testNsecProvesNoDS b/src/test/resources/recordings/org_xbill_DNS_dnssec_TestValUtils/testNsecProvesNoDS
new file mode 100644
index 000000000..4c9809e7f
--- /dev/null
+++ b/src/test/resources/recordings/org_xbill_DNS_dnssec_TestValUtils/testNsecProvesNoDS
@@ -0,0 +1 @@
+#Date: 2015-01-06T22:35:22+01:00
diff --git a/src/test/resources/recordings/org_xbill_DNS_dnssec_TestValUtils/testNsecProvesNoDSWithDSPresentForRoot b/src/test/resources/recordings/org_xbill_DNS_dnssec_TestValUtils/testNsecProvesNoDSWithDSPresentForRoot
new file mode 100644
index 000000000..4c9809e7f
--- /dev/null
+++ b/src/test/resources/recordings/org_xbill_DNS_dnssec_TestValUtils/testNsecProvesNoDSWithDSPresentForRoot
@@ -0,0 +1 @@
+#Date: 2015-01-06T22:35:22+01:00
diff --git a/src/test/resources/recordings/org_xbill_DNS_dnssec_TestValUtils/testNsecProvesNoDSWithSOAForNonRoot b/src/test/resources/recordings/org_xbill_DNS_dnssec_TestValUtils/testNsecProvesNoDSWithSOAForNonRoot
new file mode 100644
index 000000000..f29ef16e1
--- /dev/null
+++ b/src/test/resources/recordings/org_xbill_DNS_dnssec_TestValUtils/testNsecProvesNoDSWithSOAForNonRoot
@@ -0,0 +1 @@
+#Date: 2015-01-06T22:35:21+01:00
diff --git a/src/test/resources/recordings/org_xbill_DNS_dnssec_TestWildcard/testDsNodataFromWildcardNsecChild b/src/test/resources/recordings/org_xbill_DNS_dnssec_TestWildcard/testDsNodataFromWildcardNsecChild
new file mode 100644
index 000000000..cf479c051
--- /dev/null
+++ b/src/test/resources/recordings/org_xbill_DNS_dnssec_TestWildcard/testDsNodataFromWildcardNsecChild
@@ -0,0 +1,158 @@
+#Date: 2015-01-06T22:35:05+01:00
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 30309
+;; flags: qr rd ra ad cd ; qd: 1 an: 4 au: 0 ad: 1 
+;; QUESTIONS:
+;;	., type = DNSKEY, class = IN
+
+;; ANSWERS:
+.			87368	IN	DNSKEY	256 3 8 AwEAAaPD7Y7XIi1MOEREJNTrRhyqsY3gff6JWzg+XCbqut1sbcbvqyssHw8DT1AkRaAC92pO8xuyq5QEgEPL1IHfABLwpwXI5gTj4gdwi86bpkmlWs9fRpnn4DPDCTdrnxIejJXgClHikLJF3u3CdpNCMijq4CKdQbMlRZ3avv+G7rh7
+.			87368	IN	DNSKEY	256 3 8 AwEAAe3fSrbLBy3LOS7pnxEUhvPZTE2H5dIGsI/UfruI/nOEvWWa/PSX2BFedBkEqOlYdjdNF2f+6lmfk2Od/xu0v5bVqxFE+/24v3hZSlWBxvXzPTAGHrbW/IJYEPqlzVOAS4XdUgHg0N7IbLywNHMvB+Yf+Nm6ctyXXFLV4WTNnzs7
+.			87368	IN	DNSKEY	257 3 8 AwEAAagAIKlVZrpC6Ia7gEzahOR+9W29euxhJhVVLOyQbSEW0O8gcCjFFVQUTf6v58fLjwBd0YI0EzrAcQqBGCzh/RStIoO8g0NfnfL2MTJRkxoXbfDaUeVPQuYEhg37NZWAJQ9VnMVDxP/VHL496M/QZxkjf5/Efucp2gaDX6RS6CXpoY68LsvPVjR0ZSwzz1apAzvN9dlzEheX7ICJBBtuA6G3LQpzW5hOA2hzCTMjJPJ8LbqF6dsV6DoBQzgul0sGIcGOYl7OyQdXfZ57relSQageu+ipAdTTJ25AsRTAoub8ONGcLmqrAmRLKBP1dfwhYB4N7knNnulqQxA+Uk1ihz0=
+.			87368	IN	RRSIG	DNSKEY 8 0 172800 20150115235959 20150101000000 19036 . i8cAxD2pvQi1oAyvQxRpDfFlbqPzW+69QQEsDwE1eWOm5AtawO9U7lmsGps7sy/fVNvl1ljKBj4Djp9pb3U2FLogjiIlW0cDAkPmLlG9t+b/pjEfBNlhjANUVN06pvQVAfm+LcF26EaWT6FlISBqb6jSy4BHRa3Bdc4Sx7+pRSYSqVVvYxLkfAWsKPqGkvWhebJDndJJV9syXQXgZ+v/uJ+6XOS43xkAdeL8iBzIs/FlwMTfh3tVe3d0lb65IBBLlCzeQuetX+0Vu1YFcnD0mHc/wS2ZnAV5toAFmyVQBoY/XAZiZeaOkcROJ6Zmqezy7liwK7BqsYyAZntMhk8lbg==
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 883 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 51543
+;; flags: qr rd ra ad cd ; qd: 1 an: 2 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ch., type = DS, class = IN
+
+;; ANSWERS:
+ch.			968	IN	DS	46375 8 2 8F96646FC68BB7E4AF4C0750A6096FBC0D4ECDA3D3FA6DA06FDDB42EE50C6CF3
+ch.			968	IN	RRSIG	DS 8 1 86400 20150112170000 20150105160000 16665 . thY7xYWBBxiBjqbQIb9fAG4TmQgnziwM7q6P1T3/ITxmECdvOCQnnZA3uD7qmN8uM0HudsD7+y+zgD3rsH4RSTKdL4kHSI0OnCxToMTvklghEgFDezqIRm8NkWdI2H4Stwrj20nYKSpLQxPI2EE54gs18P3KyO8bAUYv8Qx73xU=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 238 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 29661
+;; flags: qr rd ra ad cd ; qd: 1 an: 4 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ch., type = DNSKEY, class = IN
+
+;; ANSWERS:
+ch.			969	IN	DNSKEY	257 3 8 AwEAAb7GhhZ8IAy/AhwmSms5DeQK5ad09wIIplEpYoiAIYXPtJvT1ReFzyfTp/2YP+g/PWDwHPh4qKAHa9x0VgbIQcGAeNakmfkAdWEmCnca323/SAml3mwfaX62G7/uYWae5zh8QTxZKNd+K1yZ5x0IxnI31chSl5xymRbTEHYZDKwSIRFM3fTxUMt93WFaBVWELReYotJBr++rvAWdnlay5TPBTvheLBkaiqtgM4GP8HK07Y+86lsZnEsj5K3G1KTV5SPpa82rqYAwxG9VKbmSE/6/kBR5jJHjt1rRt5Oe7v18aEtw0YCEN4vxq+KuvMoNVqXUsE9LBwHJD+QNwi6wmB0=
+ch.			969	IN	DNSKEY	256 3 8 AwEAAcSLdT0fEmcFmLpeUkAJoeVaHKiu+nbuc43fWlqaCRVf8t2HA4uWxOk0O5ci9nrFTc8nq8oa5fk5Cj7CHh4yrX9qUCfTdIWTyp8BDEdJpS+Dyb0u9wQuVj+nQMj4fLzdQf4TJs3/qxuiLr3nL1UUwlhhXeqSqGVb7p3mtB5HJ8ad
+ch.			969	IN	DNSKEY	256 3 8 AwEAAcsg0kY6fw1wzYMhSAKTy+Y2JzAst66P/1odp9NECJJHbU8f4nwziI3onoFSBV0ZiSZhY1aH5dhdDZ7BkrqhVXSrZPAz0CvzjIxmB1gSOf9DeZvjQvoy97HqYolxsf+B3QQv2RKBT67elF5+JisKg3/dQISelKn8LhabSoVrMlD1
+ch.			969	IN	RRSIG	DNSKEY 8 1 86400 20150127100909 20141212090909 46375 ch. bT8q0FWyeMH0SulNo6UdIIgZYNATwYsee2bikq2Gh339Bufma8eaqWIPYT3XKmxYPBFOw0bVl+kLZxTwbR1CFoCDXoP+qgQhh4mf9qkNiv2CDSc+0FE3FRREn+DAhYTUEuB58FPiPakFB8s8O7T+k2qhDae7jy4/y7Jl1lnjaBY8s7bzOUPhF0KKCNZmvoKwtL23ZdVeTSV1xM3jkiNnpzBKbcoSWECSGJVp1SE0BnRXdwQP41YTXFZ0310YjaTAUCC5qbMIWdEkHjfdSQtKBImnc85mkapq9w++XQ4zhauPWBtrPV3CcoCahjUaWdjrKVkibomlJZaN8MEO23CfQw==
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 893 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 10556
+;; flags: qr rd ra cd ; qd: 1 an: 3 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ingotronic.ch., type = DS, class = IN
+
+;; ANSWERS:
+ingotronic.ch.		3577	IN	DS	6031 5 1 733D0218B571CD617B1A7493564B9FC4F12ADE82
+ingotronic.ch.		3577	IN	DS	6031 5 2 4A948F2FDADA24686E473EDAC00DCF972584C75E3FAA92C2021B6221449FF87E
+ingotronic.ch.		3577	IN	RRSIG	DS 8 2 3600 20150129033614 20150105123019 60789 ch. rVPJP2HhzW7OkroK2axFj5Lb4iVWCH8Fp/Iq1rF952NDo72b8RiKje2RaAKJAGQ+wd0YgE+PAej04GCmkhlDJA/zvPeeTxuhy3HbJzReMlQ7fjyH+wW1hli+FuIYvogXWf7nO/9VyPORt8X/f/pjrOr3Vlj9sGLN8TGYpEuVSw4=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 288 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 55011
+;; flags: qr aa rd ra cd ; qd: 1 an: 4 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ingotronic.ch., type = DNSKEY, class = IN
+
+;; ANSWERS:
+ingotronic.ch.		300	IN	DNSKEY	256 3 5 AwEAAZ2Xh77GFzpEDx7EHYxShqltHgkiG+BOjBGifEmnJhQSdE5/yNSLFNcdhZZ8HUPxYnaedTqJcFFg4AzUsQklF/fECegTJdZjaj2WoL0/I8K7HMfY/hVuRZUWPNglYi8agJRX6gdkFTCpUNI7stpgKqxtzUJhhw15uG/lKMplwqUr
+ingotronic.ch.		300	IN	DNSKEY	257 3 5 AwEAAeA1vzmjaB+eBAcvhzpKEgAEFpvQ1rg4uKDW6MsQtacKoqBpgyep2+LuWotz5p/xYxj3NGsArwN8Ad5cY0FHRr8miTT0elOv6nvlqGIfRuhj/BXAQ1x4ihpSFslHw0lJMYFwxsUZWpUyjWX/nv1xRZMMwF46gui0N4OEbyTYusCk77D+A71k+K0EAitFIbIH4GCUKmH1H7HmXhSVH9bN/n7KEGwW32lmsuuUcJoRKDkcUvbMXY/9Xoa2quERrUg/rBbDUHowRPjYDS5GzY1+f4YY8s40BufGiqyUTKKXL953MVFK8gmezXA0hbmrnZ7CBOw/7238mORAdzExaX8n7CE=
+ingotronic.ch.		300	IN	RRSIG	DNSKEY 5 2 300 20150125003700 20141226001657 6031 ingotronic.ch. rs1QlP2SlSpA2ELbzwg3DgWLzXWL3Lpv6CUJE2Q0qH2Zp7Qdy3cD+ZEtNh9v24Qv1M6JJ3zFt8mmZoCeW2ycuMbJCqBkW9CBuwF+VznZvZY2MxwPipvhvEEGP//0M8YAZJ66yQPDv3PTdAP8FYbIrJyvY44vwyncwbslpfHT9jAsrbfr3vuMuWps86dnP462q+0s1TxBfqi8mzo3gdavjHKWVNwohLahLKT+tWeu6DSzQv0YwMjwtkLgF7QRgx3ctIIkloOrnx9nHH1N6y+hxEB89fOlyVDjHhgL5uVtsD5fEdT0FJ2Gc/2nShEMMqIwr1/J9kUq1mNySff/uEe65Q==
+ingotronic.ch.		300	IN	RRSIG	DNSKEY 5 2 300 20150125003700 20141226001657 17430 ingotronic.ch. mEwZjhQqeWksWD0TCnNBrtce4YkWJL3edqL6PvAUu8Fn+Ih437kEs3+pqdkgRsdYQ9HW+lBm/8pWwJlNAv0bi9NykItXMwAUFtncgq+6Pnh3iAM972GXSa5VV4LcGQ5b8CBdHCHiEKDqyPv5Hr5QfYL/FQaWlcNRh4QZZlZNPFA=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 940 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 60076
+;; flags: qr aa rd ra cd ; qd: 1 an: 0 au: 4 ad: 1 
+;; QUESTIONS:
+;;	c.ingotronic.ch., type = DS, class = IN
+
+;; ANSWERS:
+
+;; AUTHORITY RECORDS:
+ingotronic.ch.		300	IN	SOA	ns1.ingotronic.ch. admin.ingotronic.ch. 2013032762 300 60 864000 300
+ingotronic.ch.		300	IN	RRSIG	SOA 5 2 300 20150125021244 20141226011244 17430 ingotronic.ch. WDLpp9G0P/rlMBfpFn9sAfpEFoBnQfwyGSXbGCc/LG1FSkJoKLDQYDY696scLNsJgkrzZeJrl0oSSvA8AvRUhYRrmuqWMxTVFgYlRwPwqEMCKUqiVhKGVF4NYemoBiUQC4nJwBZd57xKCiF4AQ4CodBtiZxefJFAlTNE0g2yxtM=
+a.b.ingotronic.ch.	300	IN	NSEC	*.c.ingotronic.ch. A RRSIG NSEC
+a.b.ingotronic.ch.	300	IN	RRSIG	NSEC 5 4 300 20150125000532 20141225234703 17430 ingotronic.ch. HMCFItkk6JIV9hcHJ+p+OO5CI8B7H4fWy6w8kMfKPA/Z/lUcjlSKSexxd4ppubXfaVDhTW5j3Nd0rEpKbxztd9MZGVbvk7LJibvpD4ACR0xSmE69fyjrxrN/uDPYVPL5uOTklgDAlinQS3E6KulWr5iST9H4gmhfrk5MpvK4fcc=
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 479 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 60766
+;; flags: qr aa rd ra cd ; qd: 1 an: 0 au: 4 ad: 1 
+;; QUESTIONS:
+;;	x.c.ingotronic.ch., type = DS, class = IN
+
+;; ANSWERS:
+
+;; AUTHORITY RECORDS:
+ingotronic.ch.		300	IN	SOA	ns1.ingotronic.ch. admin.ingotronic.ch. 2013032762 300 60 864000 300
+ingotronic.ch.		300	IN	RRSIG	SOA 5 2 300 20150125021244 20141226011244 17430 ingotronic.ch. WDLpp9G0P/rlMBfpFn9sAfpEFoBnQfwyGSXbGCc/LG1FSkJoKLDQYDY696scLNsJgkrzZeJrl0oSSvA8AvRUhYRrmuqWMxTVFgYlRwPwqEMCKUqiVhKGVF4NYemoBiUQC4nJwBZd57xKCiF4AQ4CodBtiZxefJFAlTNE0g2yxtM=
+*.c.ingotronic.ch.	300	IN	NSEC	cfailed.ingotronic.ch. A RRSIG NSEC
+*.c.ingotronic.ch.	300	IN	RRSIG	NSEC 5 3 300 20150125000532 20141225234703 17430 ingotronic.ch. Lf7FP3WsqHc3SUznxjp367ehSI5mcUE7OzvHQj68BfC77FPylpt3YLtyirEZVjVKPjQ6maarQakizn6u7KFf1jFr2kGpS1rZCvyfAxGX6wwIZK/Wf0lfhP0IquQd+kX2OlmRbbemFI/lFG72NAcB+19t8tcwV5k6ADkxC2L6o/4=
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 483 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 8878
+;; flags: qr aa rd ra cd ; qd: 1 an: 0 au: 4 ad: 1 
+;; QUESTIONS:
+;;	www.x.c.ingotronic.ch., type = DS, class = IN
+
+;; ANSWERS:
+
+;; AUTHORITY RECORDS:
+ingotronic.ch.		300	IN	SOA	ns1.ingotronic.ch. admin.ingotronic.ch. 2013032762 300 60 864000 300
+ingotronic.ch.		300	IN	RRSIG	SOA 5 2 300 20150125021244 20141226011244 17430 ingotronic.ch. WDLpp9G0P/rlMBfpFn9sAfpEFoBnQfwyGSXbGCc/LG1FSkJoKLDQYDY696scLNsJgkrzZeJrl0oSSvA8AvRUhYRrmuqWMxTVFgYlRwPwqEMCKUqiVhKGVF4NYemoBiUQC4nJwBZd57xKCiF4AQ4CodBtiZxefJFAlTNE0g2yxtM=
+*.c.ingotronic.ch.	300	IN	NSEC	cfailed.ingotronic.ch. A RRSIG NSEC
+*.c.ingotronic.ch.	300	IN	RRSIG	NSEC 5 3 300 20150125000532 20141225234703 17430 ingotronic.ch. Lf7FP3WsqHc3SUznxjp367ehSI5mcUE7OzvHQj68BfC77FPylpt3YLtyirEZVjVKPjQ6maarQakizn6u7KFf1jFr2kGpS1rZCvyfAxGX6wwIZK/Wf0lfhP0IquQd+kX2OlmRbbemFI/lFG72NAcB+19t8tcwV5k6ADkxC2L6o/4=
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 487 bytes
+
+###############################################
+
diff --git a/src/test/resources/recordings/org_xbill_DNS_dnssec_TestWildcard/testDsNodataFromWildcardNsecCovered b/src/test/resources/recordings/org_xbill_DNS_dnssec_TestWildcard/testDsNodataFromWildcardNsecCovered
new file mode 100644
index 000000000..1163207ec
--- /dev/null
+++ b/src/test/resources/recordings/org_xbill_DNS_dnssec_TestWildcard/testDsNodataFromWildcardNsecCovered
@@ -0,0 +1,120 @@
+#Date: 2015-01-06T22:35:03+01:00
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 50725
+;; flags: qr rd ra ad cd ; qd: 1 an: 4 au: 0 ad: 1 
+;; QUESTIONS:
+;;	., type = DNSKEY, class = IN
+
+;; ANSWERS:
+.			87370	IN	DNSKEY	256 3 8 AwEAAe3fSrbLBy3LOS7pnxEUhvPZTE2H5dIGsI/UfruI/nOEvWWa/PSX2BFedBkEqOlYdjdNF2f+6lmfk2Od/xu0v5bVqxFE+/24v3hZSlWBxvXzPTAGHrbW/IJYEPqlzVOAS4XdUgHg0N7IbLywNHMvB+Yf+Nm6ctyXXFLV4WTNnzs7
+.			87370	IN	DNSKEY	256 3 8 AwEAAaPD7Y7XIi1MOEREJNTrRhyqsY3gff6JWzg+XCbqut1sbcbvqyssHw8DT1AkRaAC92pO8xuyq5QEgEPL1IHfABLwpwXI5gTj4gdwi86bpkmlWs9fRpnn4DPDCTdrnxIejJXgClHikLJF3u3CdpNCMijq4CKdQbMlRZ3avv+G7rh7
+.			87370	IN	DNSKEY	257 3 8 AwEAAagAIKlVZrpC6Ia7gEzahOR+9W29euxhJhVVLOyQbSEW0O8gcCjFFVQUTf6v58fLjwBd0YI0EzrAcQqBGCzh/RStIoO8g0NfnfL2MTJRkxoXbfDaUeVPQuYEhg37NZWAJQ9VnMVDxP/VHL496M/QZxkjf5/Efucp2gaDX6RS6CXpoY68LsvPVjR0ZSwzz1apAzvN9dlzEheX7ICJBBtuA6G3LQpzW5hOA2hzCTMjJPJ8LbqF6dsV6DoBQzgul0sGIcGOYl7OyQdXfZ57relSQageu+ipAdTTJ25AsRTAoub8ONGcLmqrAmRLKBP1dfwhYB4N7knNnulqQxA+Uk1ihz0=
+.			87370	IN	RRSIG	DNSKEY 8 0 172800 20150115235959 20150101000000 19036 . i8cAxD2pvQi1oAyvQxRpDfFlbqPzW+69QQEsDwE1eWOm5AtawO9U7lmsGps7sy/fVNvl1ljKBj4Djp9pb3U2FLogjiIlW0cDAkPmLlG9t+b/pjEfBNlhjANUVN06pvQVAfm+LcF26EaWT6FlISBqb6jSy4BHRa3Bdc4Sx7+pRSYSqVVvYxLkfAWsKPqGkvWhebJDndJJV9syXQXgZ+v/uJ+6XOS43xkAdeL8iBzIs/FlwMTfh3tVe3d0lb65IBBLlCzeQuetX+0Vu1YFcnD0mHc/wS2ZnAV5toAFmyVQBoY/XAZiZeaOkcROJ6Zmqezy7liwK7BqsYyAZntMhk8lbg==
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 883 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 29961
+;; flags: qr rd ra ad cd ; qd: 1 an: 2 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ch., type = DS, class = IN
+
+;; ANSWERS:
+ch.			970	IN	DS	46375 8 2 8F96646FC68BB7E4AF4C0750A6096FBC0D4ECDA3D3FA6DA06FDDB42EE50C6CF3
+ch.			970	IN	RRSIG	DS 8 1 86400 20150112170000 20150105160000 16665 . thY7xYWBBxiBjqbQIb9fAG4TmQgnziwM7q6P1T3/ITxmECdvOCQnnZA3uD7qmN8uM0HudsD7+y+zgD3rsH4RSTKdL4kHSI0OnCxToMTvklghEgFDezqIRm8NkWdI2H4Stwrj20nYKSpLQxPI2EE54gs18P3KyO8bAUYv8Qx73xU=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 238 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 35385
+;; flags: qr rd ra ad cd ; qd: 1 an: 4 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ch., type = DNSKEY, class = IN
+
+;; ANSWERS:
+ch.			971	IN	DNSKEY	256 3 8 AwEAAcsg0kY6fw1wzYMhSAKTy+Y2JzAst66P/1odp9NECJJHbU8f4nwziI3onoFSBV0ZiSZhY1aH5dhdDZ7BkrqhVXSrZPAz0CvzjIxmB1gSOf9DeZvjQvoy97HqYolxsf+B3QQv2RKBT67elF5+JisKg3/dQISelKn8LhabSoVrMlD1
+ch.			971	IN	DNSKEY	257 3 8 AwEAAb7GhhZ8IAy/AhwmSms5DeQK5ad09wIIplEpYoiAIYXPtJvT1ReFzyfTp/2YP+g/PWDwHPh4qKAHa9x0VgbIQcGAeNakmfkAdWEmCnca323/SAml3mwfaX62G7/uYWae5zh8QTxZKNd+K1yZ5x0IxnI31chSl5xymRbTEHYZDKwSIRFM3fTxUMt93WFaBVWELReYotJBr++rvAWdnlay5TPBTvheLBkaiqtgM4GP8HK07Y+86lsZnEsj5K3G1KTV5SPpa82rqYAwxG9VKbmSE/6/kBR5jJHjt1rRt5Oe7v18aEtw0YCEN4vxq+KuvMoNVqXUsE9LBwHJD+QNwi6wmB0=
+ch.			971	IN	DNSKEY	256 3 8 AwEAAcSLdT0fEmcFmLpeUkAJoeVaHKiu+nbuc43fWlqaCRVf8t2HA4uWxOk0O5ci9nrFTc8nq8oa5fk5Cj7CHh4yrX9qUCfTdIWTyp8BDEdJpS+Dyb0u9wQuVj+nQMj4fLzdQf4TJs3/qxuiLr3nL1UUwlhhXeqSqGVb7p3mtB5HJ8ad
+ch.			971	IN	RRSIG	DNSKEY 8 1 86400 20150127100909 20141212090909 46375 ch. bT8q0FWyeMH0SulNo6UdIIgZYNATwYsee2bikq2Gh339Bufma8eaqWIPYT3XKmxYPBFOw0bVl+kLZxTwbR1CFoCDXoP+qgQhh4mf9qkNiv2CDSc+0FE3FRREn+DAhYTUEuB58FPiPakFB8s8O7T+k2qhDae7jy4/y7Jl1lnjaBY8s7bzOUPhF0KKCNZmvoKwtL23ZdVeTSV1xM3jkiNnpzBKbcoSWECSGJVp1SE0BnRXdwQP41YTXFZ0310YjaTAUCC5qbMIWdEkHjfdSQtKBImnc85mkapq9w++XQ4zhauPWBtrPV3CcoCahjUaWdjrKVkibomlJZaN8MEO23CfQw==
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 893 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 20327
+;; flags: qr rd ra cd ; qd: 1 an: 3 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ingotronic.ch., type = DS, class = IN
+
+;; ANSWERS:
+ingotronic.ch.		3579	IN	DS	6031 5 2 4A948F2FDADA24686E473EDAC00DCF972584C75E3FAA92C2021B6221449FF87E
+ingotronic.ch.		3579	IN	DS	6031 5 1 733D0218B571CD617B1A7493564B9FC4F12ADE82
+ingotronic.ch.		3579	IN	RRSIG	DS 8 2 3600 20150129033614 20150105123019 60789 ch. rVPJP2HhzW7OkroK2axFj5Lb4iVWCH8Fp/Iq1rF952NDo72b8RiKje2RaAKJAGQ+wd0YgE+PAej04GCmkhlDJA/zvPeeTxuhy3HbJzReMlQ7fjyH+wW1hli+FuIYvogXWf7nO/9VyPORt8X/f/pjrOr3Vlj9sGLN8TGYpEuVSw4=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 288 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 47920
+;; flags: qr aa rd ra cd ; qd: 1 an: 4 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ingotronic.ch., type = DNSKEY, class = IN
+
+;; ANSWERS:
+ingotronic.ch.		300	IN	DNSKEY	256 3 5 AwEAAZ2Xh77GFzpEDx7EHYxShqltHgkiG+BOjBGifEmnJhQSdE5/yNSLFNcdhZZ8HUPxYnaedTqJcFFg4AzUsQklF/fECegTJdZjaj2WoL0/I8K7HMfY/hVuRZUWPNglYi8agJRX6gdkFTCpUNI7stpgKqxtzUJhhw15uG/lKMplwqUr
+ingotronic.ch.		300	IN	DNSKEY	257 3 5 AwEAAeA1vzmjaB+eBAcvhzpKEgAEFpvQ1rg4uKDW6MsQtacKoqBpgyep2+LuWotz5p/xYxj3NGsArwN8Ad5cY0FHRr8miTT0elOv6nvlqGIfRuhj/BXAQ1x4ihpSFslHw0lJMYFwxsUZWpUyjWX/nv1xRZMMwF46gui0N4OEbyTYusCk77D+A71k+K0EAitFIbIH4GCUKmH1H7HmXhSVH9bN/n7KEGwW32lmsuuUcJoRKDkcUvbMXY/9Xoa2quERrUg/rBbDUHowRPjYDS5GzY1+f4YY8s40BufGiqyUTKKXL953MVFK8gmezXA0hbmrnZ7CBOw/7238mORAdzExaX8n7CE=
+ingotronic.ch.		300	IN	RRSIG	DNSKEY 5 2 300 20150125003700 20141226001657 6031 ingotronic.ch. rs1QlP2SlSpA2ELbzwg3DgWLzXWL3Lpv6CUJE2Q0qH2Zp7Qdy3cD+ZEtNh9v24Qv1M6JJ3zFt8mmZoCeW2ycuMbJCqBkW9CBuwF+VznZvZY2MxwPipvhvEEGP//0M8YAZJ66yQPDv3PTdAP8FYbIrJyvY44vwyncwbslpfHT9jAsrbfr3vuMuWps86dnP462q+0s1TxBfqi8mzo3gdavjHKWVNwohLahLKT+tWeu6DSzQv0YwMjwtkLgF7QRgx3ctIIkloOrnx9nHH1N6y+hxEB89fOlyVDjHhgL5uVtsD5fEdT0FJ2Gc/2nShEMMqIwr1/J9kUq1mNySff/uEe65Q==
+ingotronic.ch.		300	IN	RRSIG	DNSKEY 5 2 300 20150125003700 20141226001657 17430 ingotronic.ch. mEwZjhQqeWksWD0TCnNBrtce4YkWJL3edqL6PvAUu8Fn+Ih437kEs3+pqdkgRsdYQ9HW+lBm/8pWwJlNAv0bi9NykItXMwAUFtncgq+6Pnh3iAM972GXSa5VV4LcGQ5b8CBdHCHiEKDqyPv5Hr5QfYL/FQaWlcNRh4QZZlZNPFA=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 940 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 20309
+;; flags: qr aa rd ra cd ; qd: 1 an: 0 au: 6 ad: 1 
+;; QUESTIONS:
+;;	ce.ingotronic.ch., type = DS, class = IN
+
+;; ANSWERS:
+
+;; AUTHORITY RECORDS:
+ingotronic.ch.		300	IN	SOA	ns1.ingotronic.ch. admin.ingotronic.ch. 2013032762 300 60 864000 300
+ingotronic.ch.		300	IN	RRSIG	SOA 5 2 300 20150125021244 20141226011244 17430 ingotronic.ch. WDLpp9G0P/rlMBfpFn9sAfpEFoBnQfwyGSXbGCc/LG1FSkJoKLDQYDY696scLNsJgkrzZeJrl0oSSvA8AvRUhYRrmuqWMxTVFgYlRwPwqEMCKUqiVhKGVF4NYemoBiUQC4nJwBZd57xKCiF4AQ4CodBtiZxefJFAlTNE0g2yxtM=
+ingotronic.ch.		300	IN	NSEC	alias.ingotronic.ch. A NS SOA RRSIG NSEC DNSKEY
+ingotronic.ch.		300	IN	RRSIG	NSEC 5 2 300 20150125000532 20141225234703 17430 ingotronic.ch. en5BaZ6zWqEvoUFUDPm5g1pjz7THXBv/1kjKtV2tS+7xh0BtkLEzlA9n/H66ZZAX2EIh7vXj12xVJKOuEuM0o1mJwKsBaLQuTra60/zYAUIddwUOCzI3zzjiRFklPyHSnLkGoBODZcvehnsTzTPyBxkfoouleqpj7gN5jOSBL8M=
+*.c.ingotronic.ch.	300	IN	NSEC	cfailed.ingotronic.ch. A RRSIG NSEC
+*.c.ingotronic.ch.	300	IN	RRSIG	NSEC 5 3 300 20150125000532 20141225234703 17430 ingotronic.ch. Lf7FP3WsqHc3SUznxjp367ehSI5mcUE7OzvHQj68BfC77FPylpt3YLtyirEZVjVKPjQ6maarQakizn6u7KFf1jFr2kGpS1rZCvyfAxGX6wwIZK/Wf0lfhP0IquQd+kX2OlmRbbemFI/lFG72NAcB+19t8tcwV5k6ADkxC2L6o/4=
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 699 bytes
+
+###############################################
+
diff --git a/src/test/resources/recordings/org_xbill_DNS_dnssec_TestWildcard/testLabelCountInSignaturesNotAllSame b/src/test/resources/recordings/org_xbill_DNS_dnssec_TestWildcard/testLabelCountInSignaturesNotAllSame
new file mode 100644
index 000000000..5942bea3b
--- /dev/null
+++ b/src/test/resources/recordings/org_xbill_DNS_dnssec_TestWildcard/testLabelCountInSignaturesNotAllSame
@@ -0,0 +1,298 @@
+#Date: 2015-01-06T22:35:02+01:00
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 6386
+;; flags: qr aa rd ra cd ; qd: 1 an: 2 au: 4 ad: 3 
+;; QUESTIONS:
+;;	b.d.nsec3.ingotronic.ch., type = A, class = IN
+
+;; ANSWERS:
+b.d.nsec3.ingotronic.ch.	300	IN	A	127.0.0.1
+b.d.nsec3.ingotronic.ch.    300 IN  RRSIG   A 7 5 300 20150125011553 20141226004758 62417 nsec3.ingotronic.ch. vYIVCLyXQa6nNezkqsRtXFfx5Ne/9O665IJRyIn5InKvS1YQ16rEbSAitkDNRU8rdYrojjbl0ZZD6VNh21UwM2QOpM+I/Fv8VXTLSOUD24unM3NjPUMI6sLk+25EFGjEqv+IConZgmMylZwqdtocH8gOXid1IYVsU1u6x47GsLs=
+b.d.nsec3.ingotronic.ch.	300	IN	RRSIG	A 7 4 300 20150125011553 20141226004758 62417 nsec3.ingotronic.ch. eTKm2GV3eV5Y8U6GoqwV+r3ddroqbgszQ6ffKiDPOSnPjgBQ5NP0MgR4ZC8iP7yp/ycVAx8BsnCwUfv1CDIZ1eeOAFRDmOiUlU3NqUA+Lklz+HLkK67P9w8WKcVkn079CPyPvp6Z0VNHq1o3WhRhVWzRYK2BMvZhqT2anYe8uQY=
+
+;; AUTHORITY RECORDS:
+nsec3.ingotronic.ch.	300	IN	NS	ns1.ingotronic.ch.
+nsec3.ingotronic.ch.	300	IN	RRSIG	NS 7 3 300 20150125010458 20141226002309 62417 nsec3.ingotronic.ch. fl2Q0YQQ1TduolGLyQx8vGqSApoBbb6A+go5SLFBYQobrPfO/rb+SM8JvnlzNX/Xa7dRhDYrnfBTFUm1mCur9aIi34gu5UwDNQvt/GXY5dC3+DEy/28bTZ43UuCs+qGH9u9leFwGX4neFNl0s5B4RpxBN4is8dXMUvOda6QcsOw=
+810L2KR9HCVTELBLO8GQM0EMIM8KD01E.nsec3.ingotronic.ch.	300	IN	NSEC3	1 0 10 1234 8VOO8LLV6NQKGVAP6LG1M4QMLMOS8LMK CNAME RRSIG
+810L2KR9HCVTELBLO8GQM0EMIM8KD01E.nsec3.ingotronic.ch.	300	IN	RRSIG	NSEC3 7 4 300 20150125010458 20141226002309 62417 nsec3.ingotronic.ch. oVpQ8URiobH7xZcbioe1KuVi7wDEvJDLlS1vN4phMRXDhe8JwA6iGHi8jq+iOT4FkzhO9LTsFJJEI6Nj509+1X2zvRwAfYauanMdXog5vh5d7WF+/Q3LxbybKeol0HvIrJGXeoVnaFJAh8WvMWwnb1tM6mHp1GKtWoWiH8pv6+0=
+
+;; ADDITIONAL RECORDS:
+ns1.ingotronic.ch.	300	IN	A	62.192.5.131
+ns1.ingotronic.ch.	300	IN	RRSIG	A 5 3 300 20150125005754 20141226001054 17430 ingotronic.ch. fNG1RZM53pXwBxruHNaSZszxVzNLoCq8VZsTjAzYH2vSLzHXYVGJFTLIeY0K9APAdyJU8WuwmABmn7XY0Kg39kRG77uoFlqUws2PdTz2QKOwJGZY7W88Ak2Y9lkDBcK8o3wJHVptrT8R7p/1U7UfjF0kqPUkakk2B0EbFWdagFg=
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 893 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 29930
+;; flags: qr rd ra ad cd ; qd: 1 an: 4 au: 0 ad: 1 
+;; QUESTIONS:
+;;	., type = DNSKEY, class = IN
+
+;; ANSWERS:
+.			87371	IN	DNSKEY	257 3 8 AwEAAagAIKlVZrpC6Ia7gEzahOR+9W29euxhJhVVLOyQbSEW0O8gcCjFFVQUTf6v58fLjwBd0YI0EzrAcQqBGCzh/RStIoO8g0NfnfL2MTJRkxoXbfDaUeVPQuYEhg37NZWAJQ9VnMVDxP/VHL496M/QZxkjf5/Efucp2gaDX6RS6CXpoY68LsvPVjR0ZSwzz1apAzvN9dlzEheX7ICJBBtuA6G3LQpzW5hOA2hzCTMjJPJ8LbqF6dsV6DoBQzgul0sGIcGOYl7OyQdXfZ57relSQageu+ipAdTTJ25AsRTAoub8ONGcLmqrAmRLKBP1dfwhYB4N7knNnulqQxA+Uk1ihz0=
+.			87371	IN	DNSKEY	256 3 8 AwEAAaPD7Y7XIi1MOEREJNTrRhyqsY3gff6JWzg+XCbqut1sbcbvqyssHw8DT1AkRaAC92pO8xuyq5QEgEPL1IHfABLwpwXI5gTj4gdwi86bpkmlWs9fRpnn4DPDCTdrnxIejJXgClHikLJF3u3CdpNCMijq4CKdQbMlRZ3avv+G7rh7
+.			87371	IN	DNSKEY	256 3 8 AwEAAe3fSrbLBy3LOS7pnxEUhvPZTE2H5dIGsI/UfruI/nOEvWWa/PSX2BFedBkEqOlYdjdNF2f+6lmfk2Od/xu0v5bVqxFE+/24v3hZSlWBxvXzPTAGHrbW/IJYEPqlzVOAS4XdUgHg0N7IbLywNHMvB+Yf+Nm6ctyXXFLV4WTNnzs7
+.			87371	IN	RRSIG	DNSKEY 8 0 172800 20150115235959 20150101000000 19036 . i8cAxD2pvQi1oAyvQxRpDfFlbqPzW+69QQEsDwE1eWOm5AtawO9U7lmsGps7sy/fVNvl1ljKBj4Djp9pb3U2FLogjiIlW0cDAkPmLlG9t+b/pjEfBNlhjANUVN06pvQVAfm+LcF26EaWT6FlISBqb6jSy4BHRa3Bdc4Sx7+pRSYSqVVvYxLkfAWsKPqGkvWhebJDndJJV9syXQXgZ+v/uJ+6XOS43xkAdeL8iBzIs/FlwMTfh3tVe3d0lb65IBBLlCzeQuetX+0Vu1YFcnD0mHc/wS2ZnAV5toAFmyVQBoY/XAZiZeaOkcROJ6Zmqezy7liwK7BqsYyAZntMhk8lbg==
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 883 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 12727
+;; flags: qr rd ra ad cd ; qd: 1 an: 2 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ch., type = DS, class = IN
+
+;; ANSWERS:
+ch.			971	IN	DS	46375 8 2 8F96646FC68BB7E4AF4C0750A6096FBC0D4ECDA3D3FA6DA06FDDB42EE50C6CF3
+ch.			971	IN	RRSIG	DS 8 1 86400 20150112170000 20150105160000 16665 . thY7xYWBBxiBjqbQIb9fAG4TmQgnziwM7q6P1T3/ITxmECdvOCQnnZA3uD7qmN8uM0HudsD7+y+zgD3rsH4RSTKdL4kHSI0OnCxToMTvklghEgFDezqIRm8NkWdI2H4Stwrj20nYKSpLQxPI2EE54gs18P3KyO8bAUYv8Qx73xU=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 238 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 14423
+;; flags: qr rd ra ad cd ; qd: 1 an: 4 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ch., type = DNSKEY, class = IN
+
+;; ANSWERS:
+ch.			972	IN	DNSKEY	257 3 8 AwEAAb7GhhZ8IAy/AhwmSms5DeQK5ad09wIIplEpYoiAIYXPtJvT1ReFzyfTp/2YP+g/PWDwHPh4qKAHa9x0VgbIQcGAeNakmfkAdWEmCnca323/SAml3mwfaX62G7/uYWae5zh8QTxZKNd+K1yZ5x0IxnI31chSl5xymRbTEHYZDKwSIRFM3fTxUMt93WFaBVWELReYotJBr++rvAWdnlay5TPBTvheLBkaiqtgM4GP8HK07Y+86lsZnEsj5K3G1KTV5SPpa82rqYAwxG9VKbmSE/6/kBR5jJHjt1rRt5Oe7v18aEtw0YCEN4vxq+KuvMoNVqXUsE9LBwHJD+QNwi6wmB0=
+ch.			972	IN	DNSKEY	256 3 8 AwEAAcSLdT0fEmcFmLpeUkAJoeVaHKiu+nbuc43fWlqaCRVf8t2HA4uWxOk0O5ci9nrFTc8nq8oa5fk5Cj7CHh4yrX9qUCfTdIWTyp8BDEdJpS+Dyb0u9wQuVj+nQMj4fLzdQf4TJs3/qxuiLr3nL1UUwlhhXeqSqGVb7p3mtB5HJ8ad
+ch.			972	IN	DNSKEY	256 3 8 AwEAAcsg0kY6fw1wzYMhSAKTy+Y2JzAst66P/1odp9NECJJHbU8f4nwziI3onoFSBV0ZiSZhY1aH5dhdDZ7BkrqhVXSrZPAz0CvzjIxmB1gSOf9DeZvjQvoy97HqYolxsf+B3QQv2RKBT67elF5+JisKg3/dQISelKn8LhabSoVrMlD1
+ch.			972	IN	RRSIG	DNSKEY 8 1 86400 20150127100909 20141212090909 46375 ch. bT8q0FWyeMH0SulNo6UdIIgZYNATwYsee2bikq2Gh339Bufma8eaqWIPYT3XKmxYPBFOw0bVl+kLZxTwbR1CFoCDXoP+qgQhh4mf9qkNiv2CDSc+0FE3FRREn+DAhYTUEuB58FPiPakFB8s8O7T+k2qhDae7jy4/y7Jl1lnjaBY8s7bzOUPhF0KKCNZmvoKwtL23ZdVeTSV1xM3jkiNnpzBKbcoSWECSGJVp1SE0BnRXdwQP41YTXFZ0310YjaTAUCC5qbMIWdEkHjfdSQtKBImnc85mkapq9w++XQ4zhauPWBtrPV3CcoCahjUaWdjrKVkibomlJZaN8MEO23CfQw==
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 893 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 57122
+;; flags: qr rd ra cd ; qd: 1 an: 3 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ingotronic.ch., type = DS, class = IN
+
+;; ANSWERS:
+ingotronic.ch.		3580	IN	DS	6031 5 1 733D0218B571CD617B1A7493564B9FC4F12ADE82
+ingotronic.ch.		3580	IN	DS	6031 5 2 4A948F2FDADA24686E473EDAC00DCF972584C75E3FAA92C2021B6221449FF87E
+ingotronic.ch.		3580	IN	RRSIG	DS 8 2 3600 20150129033614 20150105123019 60789 ch. rVPJP2HhzW7OkroK2axFj5Lb4iVWCH8Fp/Iq1rF952NDo72b8RiKje2RaAKJAGQ+wd0YgE+PAej04GCmkhlDJA/zvPeeTxuhy3HbJzReMlQ7fjyH+wW1hli+FuIYvogXWf7nO/9VyPORt8X/f/pjrOr3Vlj9sGLN8TGYpEuVSw4=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 288 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 12690
+;; flags: qr aa rd ra cd ; qd: 1 an: 4 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ingotronic.ch., type = DNSKEY, class = IN
+
+;; ANSWERS:
+ingotronic.ch.		300	IN	DNSKEY	257 3 5 AwEAAeA1vzmjaB+eBAcvhzpKEgAEFpvQ1rg4uKDW6MsQtacKoqBpgyep2+LuWotz5p/xYxj3NGsArwN8Ad5cY0FHRr8miTT0elOv6nvlqGIfRuhj/BXAQ1x4ihpSFslHw0lJMYFwxsUZWpUyjWX/nv1xRZMMwF46gui0N4OEbyTYusCk77D+A71k+K0EAitFIbIH4GCUKmH1H7HmXhSVH9bN/n7KEGwW32lmsuuUcJoRKDkcUvbMXY/9Xoa2quERrUg/rBbDUHowRPjYDS5GzY1+f4YY8s40BufGiqyUTKKXL953MVFK8gmezXA0hbmrnZ7CBOw/7238mORAdzExaX8n7CE=
+ingotronic.ch.		300	IN	DNSKEY	256 3 5 AwEAAZ2Xh77GFzpEDx7EHYxShqltHgkiG+BOjBGifEmnJhQSdE5/yNSLFNcdhZZ8HUPxYnaedTqJcFFg4AzUsQklF/fECegTJdZjaj2WoL0/I8K7HMfY/hVuRZUWPNglYi8agJRX6gdkFTCpUNI7stpgKqxtzUJhhw15uG/lKMplwqUr
+ingotronic.ch.		300	IN	RRSIG	DNSKEY 5 2 300 20150125003700 20141226001657 6031 ingotronic.ch. rs1QlP2SlSpA2ELbzwg3DgWLzXWL3Lpv6CUJE2Q0qH2Zp7Qdy3cD+ZEtNh9v24Qv1M6JJ3zFt8mmZoCeW2ycuMbJCqBkW9CBuwF+VznZvZY2MxwPipvhvEEGP//0M8YAZJ66yQPDv3PTdAP8FYbIrJyvY44vwyncwbslpfHT9jAsrbfr3vuMuWps86dnP462q+0s1TxBfqi8mzo3gdavjHKWVNwohLahLKT+tWeu6DSzQv0YwMjwtkLgF7QRgx3ctIIkloOrnx9nHH1N6y+hxEB89fOlyVDjHhgL5uVtsD5fEdT0FJ2Gc/2nShEMMqIwr1/J9kUq1mNySff/uEe65Q==
+ingotronic.ch.		300	IN	RRSIG	DNSKEY 5 2 300 20150125003700 20141226001657 17430 ingotronic.ch. mEwZjhQqeWksWD0TCnNBrtce4YkWJL3edqL6PvAUu8Fn+Ih437kEs3+pqdkgRsdYQ9HW+lBm/8pWwJlNAv0bi9NykItXMwAUFtncgq+6Pnh3iAM972GXSa5VV4LcGQ5b8CBdHCHiEKDqyPv5Hr5QfYL/FQaWlcNRh4QZZlZNPFA=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 940 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 18356
+;; flags: qr aa rd ra cd ; qd: 1 an: 3 au: 0 ad: 1 
+;; QUESTIONS:
+;;	nsec3.ingotronic.ch., type = DS, class = IN
+
+;; ANSWERS:
+nsec3.ingotronic.ch.	300	IN	DS	16758 7 2 3C8DC02750A1636F829B45D6E6D642866768A9CD40A013AD9D25AB63734FFA13
+nsec3.ingotronic.ch.	300	IN	DS	16758 7 1 1720FF268E09A2CB63805EC8782D10AAD20E12A5
+nsec3.ingotronic.ch.	300	IN	RRSIG	DS 5 3 300 20150125011134 20141226002644 17430 ingotronic.ch. hNurzlGhlyHbSgezPDuhIrtN9ZMsMXZbKGc7HD5rUuM88wD3fM97NxdzF+2Hi1USvBZ5GsQv63L+lAzf+mFPBoPIFHtTiAv8up7kQKRKmi/EzzkCYd/CC4UYdDZbaUyv7esh7spSOGwjPJNdK831p+MgltoWaYtnSGVMgOKk5mc=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 305 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 21569
+;; flags: qr aa rd ra cd ; qd: 1 an: 4 au: 0 ad: 1 
+;; QUESTIONS:
+;;	nsec3.ingotronic.ch., type = DNSKEY, class = IN
+
+;; ANSWERS:
+nsec3.ingotronic.ch.	300	IN	DNSKEY	257 3 7 AwEAAaBuJTf9oGyeTH3biUkAFLrsYrkodX1H7Snsui4XsDHFCBvs5XYacHbs0Jg0/O51KPjmNnjwMW8SSyDkKqYQ+9uYAf2EQ/pnD/VGQqnV2cw0Vwk/t0E2V4FUCju4pnAoyzZFZXGs1eWbX9JXu++b0Azp+ACq6485qJLzHhWDiIrPoK/SvdbFVRK4s+nPPJLH3NGBbtdz6kPq7aFWYBMoGeAZdN1wsQpcNWUo5eOmaJY53nMc7+rDpAyYlMe/FKwSZdX2ZDd63Qsa6Im4FVUJq/nWLq7tlQ/mWks15uDTQyJy/OWfA0ICCO4N9Fel9rThJNpJWEzOCblvZyBoy405kZk=
+nsec3.ingotronic.ch.	300	IN	DNSKEY	256 3 7 AwEAAccAWxkTVGZ6UAp0VEozAlYpARhbh6Y6tYOl6Fg3UeBNFFtDQ9fTEEt1NkbnR9u8KkpVN6a67avlYiUN1egDqEwzDU7R1Rw+/USdhm2hqOARmmu3DBgjjX/iXjZLyv310cOGFJZ/smcodlDL4pDAAoPxh/qs6KEBaT0sc1KWcGq3
+nsec3.ingotronic.ch.	300	IN	RRSIG	DNSKEY 7 3 300 20150125001457 20141226000444 16758 nsec3.ingotronic.ch. mXi1ylDi8XkRPup+YlT8GPdYE+P7gb6+/VdAwtodI916IzrkGkOHOTLbnrbAqqJOh0HxVCYXdxovmEcbJKUFKwplrQg3XD7/9Sq4pKU1MhMFEGrm/QPkM4u0mgjQwyToDLGuPHuFyur3FSjO/n54uGhAEft9JOFk/WKtWdCnm2LLyQrpC6herA3efFaI8kZhdoEY02AwihWVJxHasmz7lOoKRgNrkfELU+fN4+V7ISsRfJMyZc6q5PuNeG6vFD0uNE8tpdLJCSMurKYVpelvYqzFIcRTYcIjXwmS+L3DGjupqWMzFZVmpQM62JG3KCCD0ffpnNb0nWoSoHwpSeh/3Q==
+nsec3.ingotronic.ch.	300	IN	RRSIG	DNSKEY 7 3 300 20150125001457 20141226000444 62417 nsec3.ingotronic.ch. PyCrf8T5dAfJzapb1p+kcTALPjDuD2niSaXXo0KeHAunT+6gJicLML2S/ZpiYr7X7Ma4Z0TYqE02qH6pcLYNnSgv9BE8sZO0nRtPekSyTy5nLi4hFADYhjb3UjaB85qmQZcqm64vC/CJhWO4t6Eixg/5MYALw+Qdy5Fo0qy/U5E=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 958 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 53334
+;; flags: qr rd ra ad cd ; qd: 1 an: 4 au: 0 ad: 1 
+;; QUESTIONS:
+;;	., type = DNSKEY, class = IN
+
+;; ANSWERS:
+.			87371	IN	DNSKEY	257 3 8 AwEAAagAIKlVZrpC6Ia7gEzahOR+9W29euxhJhVVLOyQbSEW0O8gcCjFFVQUTf6v58fLjwBd0YI0EzrAcQqBGCzh/RStIoO8g0NfnfL2MTJRkxoXbfDaUeVPQuYEhg37NZWAJQ9VnMVDxP/VHL496M/QZxkjf5/Efucp2gaDX6RS6CXpoY68LsvPVjR0ZSwzz1apAzvN9dlzEheX7ICJBBtuA6G3LQpzW5hOA2hzCTMjJPJ8LbqF6dsV6DoBQzgul0sGIcGOYl7OyQdXfZ57relSQageu+ipAdTTJ25AsRTAoub8ONGcLmqrAmRLKBP1dfwhYB4N7knNnulqQxA+Uk1ihz0=
+.			87371	IN	DNSKEY	256 3 8 AwEAAe3fSrbLBy3LOS7pnxEUhvPZTE2H5dIGsI/UfruI/nOEvWWa/PSX2BFedBkEqOlYdjdNF2f+6lmfk2Od/xu0v5bVqxFE+/24v3hZSlWBxvXzPTAGHrbW/IJYEPqlzVOAS4XdUgHg0N7IbLywNHMvB+Yf+Nm6ctyXXFLV4WTNnzs7
+.			87371	IN	DNSKEY	256 3 8 AwEAAaPD7Y7XIi1MOEREJNTrRhyqsY3gff6JWzg+XCbqut1sbcbvqyssHw8DT1AkRaAC92pO8xuyq5QEgEPL1IHfABLwpwXI5gTj4gdwi86bpkmlWs9fRpnn4DPDCTdrnxIejJXgClHikLJF3u3CdpNCMijq4CKdQbMlRZ3avv+G7rh7
+.			87371	IN	RRSIG	DNSKEY 8 0 172800 20150115235959 20150101000000 19036 . i8cAxD2pvQi1oAyvQxRpDfFlbqPzW+69QQEsDwE1eWOm5AtawO9U7lmsGps7sy/fVNvl1ljKBj4Djp9pb3U2FLogjiIlW0cDAkPmLlG9t+b/pjEfBNlhjANUVN06pvQVAfm+LcF26EaWT6FlISBqb6jSy4BHRa3Bdc4Sx7+pRSYSqVVvYxLkfAWsKPqGkvWhebJDndJJV9syXQXgZ+v/uJ+6XOS43xkAdeL8iBzIs/FlwMTfh3tVe3d0lb65IBBLlCzeQuetX+0Vu1YFcnD0mHc/wS2ZnAV5toAFmyVQBoY/XAZiZeaOkcROJ6Zmqezy7liwK7BqsYyAZntMhk8lbg==
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 883 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 33527
+;; flags: qr rd ra ad cd ; qd: 1 an: 2 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ch., type = DS, class = IN
+
+;; ANSWERS:
+ch.			971	IN	DS	46375 8 2 8F96646FC68BB7E4AF4C0750A6096FBC0D4ECDA3D3FA6DA06FDDB42EE50C6CF3
+ch.			971	IN	RRSIG	DS 8 1 86400 20150112170000 20150105160000 16665 . thY7xYWBBxiBjqbQIb9fAG4TmQgnziwM7q6P1T3/ITxmECdvOCQnnZA3uD7qmN8uM0HudsD7+y+zgD3rsH4RSTKdL4kHSI0OnCxToMTvklghEgFDezqIRm8NkWdI2H4Stwrj20nYKSpLQxPI2EE54gs18P3KyO8bAUYv8Qx73xU=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 238 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 17311
+;; flags: qr rd ra ad cd ; qd: 1 an: 4 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ch., type = DNSKEY, class = IN
+
+;; ANSWERS:
+ch.			972	IN	DNSKEY	256 3 8 AwEAAcsg0kY6fw1wzYMhSAKTy+Y2JzAst66P/1odp9NECJJHbU8f4nwziI3onoFSBV0ZiSZhY1aH5dhdDZ7BkrqhVXSrZPAz0CvzjIxmB1gSOf9DeZvjQvoy97HqYolxsf+B3QQv2RKBT67elF5+JisKg3/dQISelKn8LhabSoVrMlD1
+ch.			972	IN	DNSKEY	257 3 8 AwEAAb7GhhZ8IAy/AhwmSms5DeQK5ad09wIIplEpYoiAIYXPtJvT1ReFzyfTp/2YP+g/PWDwHPh4qKAHa9x0VgbIQcGAeNakmfkAdWEmCnca323/SAml3mwfaX62G7/uYWae5zh8QTxZKNd+K1yZ5x0IxnI31chSl5xymRbTEHYZDKwSIRFM3fTxUMt93WFaBVWELReYotJBr++rvAWdnlay5TPBTvheLBkaiqtgM4GP8HK07Y+86lsZnEsj5K3G1KTV5SPpa82rqYAwxG9VKbmSE/6/kBR5jJHjt1rRt5Oe7v18aEtw0YCEN4vxq+KuvMoNVqXUsE9LBwHJD+QNwi6wmB0=
+ch.			972	IN	DNSKEY	256 3 8 AwEAAcSLdT0fEmcFmLpeUkAJoeVaHKiu+nbuc43fWlqaCRVf8t2HA4uWxOk0O5ci9nrFTc8nq8oa5fk5Cj7CHh4yrX9qUCfTdIWTyp8BDEdJpS+Dyb0u9wQuVj+nQMj4fLzdQf4TJs3/qxuiLr3nL1UUwlhhXeqSqGVb7p3mtB5HJ8ad
+ch.			972	IN	RRSIG	DNSKEY 8 1 86400 20150127100909 20141212090909 46375 ch. bT8q0FWyeMH0SulNo6UdIIgZYNATwYsee2bikq2Gh339Bufma8eaqWIPYT3XKmxYPBFOw0bVl+kLZxTwbR1CFoCDXoP+qgQhh4mf9qkNiv2CDSc+0FE3FRREn+DAhYTUEuB58FPiPakFB8s8O7T+k2qhDae7jy4/y7Jl1lnjaBY8s7bzOUPhF0KKCNZmvoKwtL23ZdVeTSV1xM3jkiNnpzBKbcoSWECSGJVp1SE0BnRXdwQP41YTXFZ0310YjaTAUCC5qbMIWdEkHjfdSQtKBImnc85mkapq9w++XQ4zhauPWBtrPV3CcoCahjUaWdjrKVkibomlJZaN8MEO23CfQw==
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 893 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 51328
+;; flags: qr rd ra cd ; qd: 1 an: 3 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ingotronic.ch., type = DS, class = IN
+
+;; ANSWERS:
+ingotronic.ch.		3580	IN	DS	6031 5 1 733D0218B571CD617B1A7493564B9FC4F12ADE82
+ingotronic.ch.		3580	IN	DS	6031 5 2 4A948F2FDADA24686E473EDAC00DCF972584C75E3FAA92C2021B6221449FF87E
+ingotronic.ch.		3580	IN	RRSIG	DS 8 2 3600 20150129033614 20150105123019 60789 ch. rVPJP2HhzW7OkroK2axFj5Lb4iVWCH8Fp/Iq1rF952NDo72b8RiKje2RaAKJAGQ+wd0YgE+PAej04GCmkhlDJA/zvPeeTxuhy3HbJzReMlQ7fjyH+wW1hli+FuIYvogXWf7nO/9VyPORt8X/f/pjrOr3Vlj9sGLN8TGYpEuVSw4=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 288 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 6320
+;; flags: qr aa rd ra cd ; qd: 1 an: 4 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ingotronic.ch., type = DNSKEY, class = IN
+
+;; ANSWERS:
+ingotronic.ch.		300	IN	DNSKEY	256 3 5 AwEAAZ2Xh77GFzpEDx7EHYxShqltHgkiG+BOjBGifEmnJhQSdE5/yNSLFNcdhZZ8HUPxYnaedTqJcFFg4AzUsQklF/fECegTJdZjaj2WoL0/I8K7HMfY/hVuRZUWPNglYi8agJRX6gdkFTCpUNI7stpgKqxtzUJhhw15uG/lKMplwqUr
+ingotronic.ch.		300	IN	DNSKEY	257 3 5 AwEAAeA1vzmjaB+eBAcvhzpKEgAEFpvQ1rg4uKDW6MsQtacKoqBpgyep2+LuWotz5p/xYxj3NGsArwN8Ad5cY0FHRr8miTT0elOv6nvlqGIfRuhj/BXAQ1x4ihpSFslHw0lJMYFwxsUZWpUyjWX/nv1xRZMMwF46gui0N4OEbyTYusCk77D+A71k+K0EAitFIbIH4GCUKmH1H7HmXhSVH9bN/n7KEGwW32lmsuuUcJoRKDkcUvbMXY/9Xoa2quERrUg/rBbDUHowRPjYDS5GzY1+f4YY8s40BufGiqyUTKKXL953MVFK8gmezXA0hbmrnZ7CBOw/7238mORAdzExaX8n7CE=
+ingotronic.ch.		300	IN	RRSIG	DNSKEY 5 2 300 20150125003700 20141226001657 6031 ingotronic.ch. rs1QlP2SlSpA2ELbzwg3DgWLzXWL3Lpv6CUJE2Q0qH2Zp7Qdy3cD+ZEtNh9v24Qv1M6JJ3zFt8mmZoCeW2ycuMbJCqBkW9CBuwF+VznZvZY2MxwPipvhvEEGP//0M8YAZJ66yQPDv3PTdAP8FYbIrJyvY44vwyncwbslpfHT9jAsrbfr3vuMuWps86dnP462q+0s1TxBfqi8mzo3gdavjHKWVNwohLahLKT+tWeu6DSzQv0YwMjwtkLgF7QRgx3ctIIkloOrnx9nHH1N6y+hxEB89fOlyVDjHhgL5uVtsD5fEdT0FJ2Gc/2nShEMMqIwr1/J9kUq1mNySff/uEe65Q==
+ingotronic.ch.		300	IN	RRSIG	DNSKEY 5 2 300 20150125003700 20141226001657 17430 ingotronic.ch. mEwZjhQqeWksWD0TCnNBrtce4YkWJL3edqL6PvAUu8Fn+Ih437kEs3+pqdkgRsdYQ9HW+lBm/8pWwJlNAv0bi9NykItXMwAUFtncgq+6Pnh3iAM972GXSa5VV4LcGQ5b8CBdHCHiEKDqyPv5Hr5QfYL/FQaWlcNRh4QZZlZNPFA=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 940 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 43131
+;; flags: qr aa rd ra cd ; qd: 1 an: 3 au: 0 ad: 1 
+;; QUESTIONS:
+;;	nsec3.ingotronic.ch., type = DS, class = IN
+
+;; ANSWERS:
+nsec3.ingotronic.ch.	300	IN	DS	16758 7 1 1720FF268E09A2CB63805EC8782D10AAD20E12A5
+nsec3.ingotronic.ch.	300	IN	DS	16758 7 2 3C8DC02750A1636F829B45D6E6D642866768A9CD40A013AD9D25AB63734FFA13
+nsec3.ingotronic.ch.	300	IN	RRSIG	DS 5 3 300 20150125011134 20141226002644 17430 ingotronic.ch. hNurzlGhlyHbSgezPDuhIrtN9ZMsMXZbKGc7HD5rUuM88wD3fM97NxdzF+2Hi1USvBZ5GsQv63L+lAzf+mFPBoPIFHtTiAv8up7kQKRKmi/EzzkCYd/CC4UYdDZbaUyv7esh7spSOGwjPJNdK831p+MgltoWaYtnSGVMgOKk5mc=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 305 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 52988
+;; flags: qr aa rd ra cd ; qd: 1 an: 4 au: 0 ad: 1 
+;; QUESTIONS:
+;;	nsec3.ingotronic.ch., type = DNSKEY, class = IN
+
+;; ANSWERS:
+nsec3.ingotronic.ch.	300	IN	DNSKEY	256 3 7 AwEAAccAWxkTVGZ6UAp0VEozAlYpARhbh6Y6tYOl6Fg3UeBNFFtDQ9fTEEt1NkbnR9u8KkpVN6a67avlYiUN1egDqEwzDU7R1Rw+/USdhm2hqOARmmu3DBgjjX/iXjZLyv310cOGFJZ/smcodlDL4pDAAoPxh/qs6KEBaT0sc1KWcGq3
+nsec3.ingotronic.ch.	300	IN	DNSKEY	257 3 7 AwEAAaBuJTf9oGyeTH3biUkAFLrsYrkodX1H7Snsui4XsDHFCBvs5XYacHbs0Jg0/O51KPjmNnjwMW8SSyDkKqYQ+9uYAf2EQ/pnD/VGQqnV2cw0Vwk/t0E2V4FUCju4pnAoyzZFZXGs1eWbX9JXu++b0Azp+ACq6485qJLzHhWDiIrPoK/SvdbFVRK4s+nPPJLH3NGBbtdz6kPq7aFWYBMoGeAZdN1wsQpcNWUo5eOmaJY53nMc7+rDpAyYlMe/FKwSZdX2ZDd63Qsa6Im4FVUJq/nWLq7tlQ/mWks15uDTQyJy/OWfA0ICCO4N9Fel9rThJNpJWEzOCblvZyBoy405kZk=
+nsec3.ingotronic.ch.	300	IN	RRSIG	DNSKEY 7 3 300 20150125001457 20141226000444 16758 nsec3.ingotronic.ch. mXi1ylDi8XkRPup+YlT8GPdYE+P7gb6+/VdAwtodI916IzrkGkOHOTLbnrbAqqJOh0HxVCYXdxovmEcbJKUFKwplrQg3XD7/9Sq4pKU1MhMFEGrm/QPkM4u0mgjQwyToDLGuPHuFyur3FSjO/n54uGhAEft9JOFk/WKtWdCnm2LLyQrpC6herA3efFaI8kZhdoEY02AwihWVJxHasmz7lOoKRgNrkfELU+fN4+V7ISsRfJMyZc6q5PuNeG6vFD0uNE8tpdLJCSMurKYVpelvYqzFIcRTYcIjXwmS+L3DGjupqWMzFZVmpQM62JG3KCCD0ffpnNb0nWoSoHwpSeh/3Q==
+nsec3.ingotronic.ch.	300	IN	RRSIG	DNSKEY 7 3 300 20150125001457 20141226000444 62417 nsec3.ingotronic.ch. PyCrf8T5dAfJzapb1p+kcTALPjDuD2niSaXXo0KeHAunT+6gJicLML2S/ZpiYr7X7Ma4Z0TYqE02qH6pcLYNnSgv9BE8sZO0nRtPekSyTy5nLi4hFADYhjb3UjaB85qmQZcqm64vC/CJhWO4t6Eixg/5MYALw+Qdy5Fo0qy/U5E=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 958 bytes
+
+###############################################
+
diff --git a/src/test/resources/recordings/org_xbill_DNS_dnssec_TestWildcard/testNameNotExpandedFromWildcardWhenNonWildcardExists b/src/test/resources/recordings/org_xbill_DNS_dnssec_TestWildcard/testNameNotExpandedFromWildcardWhenNonWildcardExists
new file mode 100644
index 000000000..ec55eeac7
--- /dev/null
+++ b/src/test/resources/recordings/org_xbill_DNS_dnssec_TestWildcard/testNameNotExpandedFromWildcardWhenNonWildcardExists
@@ -0,0 +1,219 @@
+#Date: 2015-01-06T22:35:03+01:00
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 5694
+;; flags: qr aa rd ra cd ; qd: 1 an: 2 au: 4 ad: 3 
+;; QUESTIONS:
+;;	b.d.ingotronic.ch., type = A, class = IN
+
+;; ANSWERS:
+b.d.ingotronic.ch.	300	IN	A	127.0.0.2
+b.d.ingotronic.ch.	300	IN	RRSIG	A 5 3 300 20150125012443 20141226010256 17430 ingotronic.ch. R/R9YKXD6MKoCLSiSyedgPvCyz4vC5twiGXU0ho/612q1zukfCBpfehpthnlhaers9I+3sQZKsRjUYq2e7hs+5pawLne4wxlAJUVR8qZ/u3U0zZlDLFyswQQebTUfx5cUn1r5xWTMsODa/Za3QcxaNWRBlX7SQmP4CaHVD8BlsY=
+
+;; AUTHORITY RECORDS:
+ingotronic.ch.		300	IN	NS	ns1.ingotronic.ch.
+ingotronic.ch.		300	IN	RRSIG	NS 5 2 300 20150125000532 20141225234703 17430 ingotronic.ch. VuzVJM3McSHlcdngCG/G23zCikq8tXE0CZV2ZSgUFXXFMIEoM6PMi1QRQ/8VF3tee4WGpRx2jhtkui0wFRFfwIhW7G1uPDT4qogaR3KLIyuCEsMxhRH3WJZNrLmLqlSBGvd9OBJwbmryqm3Zzqvrk+E+rh8OJeifnBBpHAX4eHg=
+a.d.ingotronic.ch.	300	IN	NSEC	a.e.ingotronic.ch. A RRSIG NSEC
+a.d.ingotronic.ch.	300	IN	RRSIG	NSEC 5 4 300 20150125011134 20141226002644 17430 ingotronic.ch. Xlth6wbhlD20uaeZZWKeREQgQBsYN6ztO8zPCWCeklur7YQ3X3aZJGhiNqPPhrdP2g9VEadeFQjCI5eGslXFoJtRPqAVswbk2K0wD8NSeoKRAXhW3N91AQodcalgOhiX5yuqST6gLxJl3WXgwUDvco+JvrfSFWV8FLwZ3RQ/26U=
+
+;; ADDITIONAL RECORDS:
+ns1.ingotronic.ch.	300	IN	A	62.192.5.131
+ns1.ingotronic.ch.	300	IN	RRSIG	A 5 3 300 20150125005754 20141226001054 17430 ingotronic.ch. fNG1RZM53pXwBxruHNaSZszxVzNLoCq8VZsTjAzYH2vSLzHXYVGJFTLIeY0K9APAdyJU8WuwmABmn7XY0Kg39kRG77uoFlqUws2PdTz2QKOwJGZY7W88Ak2Y9lkDBcK8o3wJHVptrT8R7p/1U7UfjF0kqPUkakk2B0EbFWdagFg=
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 829 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 56054
+;; flags: qr rd ra ad cd ; qd: 1 an: 4 au: 0 ad: 1 
+;; QUESTIONS:
+;;	., type = DNSKEY, class = IN
+
+;; ANSWERS:
+.			87370	IN	DNSKEY	256 3 8 AwEAAaPD7Y7XIi1MOEREJNTrRhyqsY3gff6JWzg+XCbqut1sbcbvqyssHw8DT1AkRaAC92pO8xuyq5QEgEPL1IHfABLwpwXI5gTj4gdwi86bpkmlWs9fRpnn4DPDCTdrnxIejJXgClHikLJF3u3CdpNCMijq4CKdQbMlRZ3avv+G7rh7
+.			87370	IN	DNSKEY	256 3 8 AwEAAe3fSrbLBy3LOS7pnxEUhvPZTE2H5dIGsI/UfruI/nOEvWWa/PSX2BFedBkEqOlYdjdNF2f+6lmfk2Od/xu0v5bVqxFE+/24v3hZSlWBxvXzPTAGHrbW/IJYEPqlzVOAS4XdUgHg0N7IbLywNHMvB+Yf+Nm6ctyXXFLV4WTNnzs7
+.			87370	IN	DNSKEY	257 3 8 AwEAAagAIKlVZrpC6Ia7gEzahOR+9W29euxhJhVVLOyQbSEW0O8gcCjFFVQUTf6v58fLjwBd0YI0EzrAcQqBGCzh/RStIoO8g0NfnfL2MTJRkxoXbfDaUeVPQuYEhg37NZWAJQ9VnMVDxP/VHL496M/QZxkjf5/Efucp2gaDX6RS6CXpoY68LsvPVjR0ZSwzz1apAzvN9dlzEheX7ICJBBtuA6G3LQpzW5hOA2hzCTMjJPJ8LbqF6dsV6DoBQzgul0sGIcGOYl7OyQdXfZ57relSQageu+ipAdTTJ25AsRTAoub8ONGcLmqrAmRLKBP1dfwhYB4N7knNnulqQxA+Uk1ihz0=
+.			87370	IN	RRSIG	DNSKEY 8 0 172800 20150115235959 20150101000000 19036 . i8cAxD2pvQi1oAyvQxRpDfFlbqPzW+69QQEsDwE1eWOm5AtawO9U7lmsGps7sy/fVNvl1ljKBj4Djp9pb3U2FLogjiIlW0cDAkPmLlG9t+b/pjEfBNlhjANUVN06pvQVAfm+LcF26EaWT6FlISBqb6jSy4BHRa3Bdc4Sx7+pRSYSqVVvYxLkfAWsKPqGkvWhebJDndJJV9syXQXgZ+v/uJ+6XOS43xkAdeL8iBzIs/FlwMTfh3tVe3d0lb65IBBLlCzeQuetX+0Vu1YFcnD0mHc/wS2ZnAV5toAFmyVQBoY/XAZiZeaOkcROJ6Zmqezy7liwK7BqsYyAZntMhk8lbg==
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 883 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 2068
+;; flags: qr rd ra ad cd ; qd: 1 an: 2 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ch., type = DS, class = IN
+
+;; ANSWERS:
+ch.			970	IN	DS	46375 8 2 8F96646FC68BB7E4AF4C0750A6096FBC0D4ECDA3D3FA6DA06FDDB42EE50C6CF3
+ch.			970	IN	RRSIG	DS 8 1 86400 20150112170000 20150105160000 16665 . thY7xYWBBxiBjqbQIb9fAG4TmQgnziwM7q6P1T3/ITxmECdvOCQnnZA3uD7qmN8uM0HudsD7+y+zgD3rsH4RSTKdL4kHSI0OnCxToMTvklghEgFDezqIRm8NkWdI2H4Stwrj20nYKSpLQxPI2EE54gs18P3KyO8bAUYv8Qx73xU=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 238 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 30440
+;; flags: qr rd ra ad cd ; qd: 1 an: 4 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ch., type = DNSKEY, class = IN
+
+;; ANSWERS:
+ch.			971	IN	DNSKEY	257 3 8 AwEAAb7GhhZ8IAy/AhwmSms5DeQK5ad09wIIplEpYoiAIYXPtJvT1ReFzyfTp/2YP+g/PWDwHPh4qKAHa9x0VgbIQcGAeNakmfkAdWEmCnca323/SAml3mwfaX62G7/uYWae5zh8QTxZKNd+K1yZ5x0IxnI31chSl5xymRbTEHYZDKwSIRFM3fTxUMt93WFaBVWELReYotJBr++rvAWdnlay5TPBTvheLBkaiqtgM4GP8HK07Y+86lsZnEsj5K3G1KTV5SPpa82rqYAwxG9VKbmSE/6/kBR5jJHjt1rRt5Oe7v18aEtw0YCEN4vxq+KuvMoNVqXUsE9LBwHJD+QNwi6wmB0=
+ch.			971	IN	DNSKEY	256 3 8 AwEAAcsg0kY6fw1wzYMhSAKTy+Y2JzAst66P/1odp9NECJJHbU8f4nwziI3onoFSBV0ZiSZhY1aH5dhdDZ7BkrqhVXSrZPAz0CvzjIxmB1gSOf9DeZvjQvoy97HqYolxsf+B3QQv2RKBT67elF5+JisKg3/dQISelKn8LhabSoVrMlD1
+ch.			971	IN	DNSKEY	256 3 8 AwEAAcSLdT0fEmcFmLpeUkAJoeVaHKiu+nbuc43fWlqaCRVf8t2HA4uWxOk0O5ci9nrFTc8nq8oa5fk5Cj7CHh4yrX9qUCfTdIWTyp8BDEdJpS+Dyb0u9wQuVj+nQMj4fLzdQf4TJs3/qxuiLr3nL1UUwlhhXeqSqGVb7p3mtB5HJ8ad
+ch.			971	IN	RRSIG	DNSKEY 8 1 86400 20150127100909 20141212090909 46375 ch. bT8q0FWyeMH0SulNo6UdIIgZYNATwYsee2bikq2Gh339Bufma8eaqWIPYT3XKmxYPBFOw0bVl+kLZxTwbR1CFoCDXoP+qgQhh4mf9qkNiv2CDSc+0FE3FRREn+DAhYTUEuB58FPiPakFB8s8O7T+k2qhDae7jy4/y7Jl1lnjaBY8s7bzOUPhF0KKCNZmvoKwtL23ZdVeTSV1xM3jkiNnpzBKbcoSWECSGJVp1SE0BnRXdwQP41YTXFZ0310YjaTAUCC5qbMIWdEkHjfdSQtKBImnc85mkapq9w++XQ4zhauPWBtrPV3CcoCahjUaWdjrKVkibomlJZaN8MEO23CfQw==
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 893 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 39575
+;; flags: qr rd ra cd ; qd: 1 an: 3 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ingotronic.ch., type = DS, class = IN
+
+;; ANSWERS:
+ingotronic.ch.		3579	IN	DS	6031 5 1 733D0218B571CD617B1A7493564B9FC4F12ADE82
+ingotronic.ch.		3579	IN	DS	6031 5 2 4A948F2FDADA24686E473EDAC00DCF972584C75E3FAA92C2021B6221449FF87E
+ingotronic.ch.		3579	IN	RRSIG	DS 8 2 3600 20150129033614 20150105123019 60789 ch. rVPJP2HhzW7OkroK2axFj5Lb4iVWCH8Fp/Iq1rF952NDo72b8RiKje2RaAKJAGQ+wd0YgE+PAej04GCmkhlDJA/zvPeeTxuhy3HbJzReMlQ7fjyH+wW1hli+FuIYvogXWf7nO/9VyPORt8X/f/pjrOr3Vlj9sGLN8TGYpEuVSw4=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 288 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 13421
+;; flags: qr aa rd ra cd ; qd: 1 an: 4 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ingotronic.ch., type = DNSKEY, class = IN
+
+;; ANSWERS:
+ingotronic.ch.		300	IN	DNSKEY	257 3 5 AwEAAeA1vzmjaB+eBAcvhzpKEgAEFpvQ1rg4uKDW6MsQtacKoqBpgyep2+LuWotz5p/xYxj3NGsArwN8Ad5cY0FHRr8miTT0elOv6nvlqGIfRuhj/BXAQ1x4ihpSFslHw0lJMYFwxsUZWpUyjWX/nv1xRZMMwF46gui0N4OEbyTYusCk77D+A71k+K0EAitFIbIH4GCUKmH1H7HmXhSVH9bN/n7KEGwW32lmsuuUcJoRKDkcUvbMXY/9Xoa2quERrUg/rBbDUHowRPjYDS5GzY1+f4YY8s40BufGiqyUTKKXL953MVFK8gmezXA0hbmrnZ7CBOw/7238mORAdzExaX8n7CE=
+ingotronic.ch.		300	IN	DNSKEY	256 3 5 AwEAAZ2Xh77GFzpEDx7EHYxShqltHgkiG+BOjBGifEmnJhQSdE5/yNSLFNcdhZZ8HUPxYnaedTqJcFFg4AzUsQklF/fECegTJdZjaj2WoL0/I8K7HMfY/hVuRZUWPNglYi8agJRX6gdkFTCpUNI7stpgKqxtzUJhhw15uG/lKMplwqUr
+ingotronic.ch.		300	IN	RRSIG	DNSKEY 5 2 300 20150125003700 20141226001657 6031 ingotronic.ch. rs1QlP2SlSpA2ELbzwg3DgWLzXWL3Lpv6CUJE2Q0qH2Zp7Qdy3cD+ZEtNh9v24Qv1M6JJ3zFt8mmZoCeW2ycuMbJCqBkW9CBuwF+VznZvZY2MxwPipvhvEEGP//0M8YAZJ66yQPDv3PTdAP8FYbIrJyvY44vwyncwbslpfHT9jAsrbfr3vuMuWps86dnP462q+0s1TxBfqi8mzo3gdavjHKWVNwohLahLKT+tWeu6DSzQv0YwMjwtkLgF7QRgx3ctIIkloOrnx9nHH1N6y+hxEB89fOlyVDjHhgL5uVtsD5fEdT0FJ2Gc/2nShEMMqIwr1/J9kUq1mNySff/uEe65Q==
+ingotronic.ch.		300	IN	RRSIG	DNSKEY 5 2 300 20150125003700 20141226001657 17430 ingotronic.ch. mEwZjhQqeWksWD0TCnNBrtce4YkWJL3edqL6PvAUu8Fn+Ih437kEs3+pqdkgRsdYQ9HW+lBm/8pWwJlNAv0bi9NykItXMwAUFtncgq+6Pnh3iAM972GXSa5VV4LcGQ5b8CBdHCHiEKDqyPv5Hr5QfYL/FQaWlcNRh4QZZlZNPFA=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 940 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 472
+;; flags: qr rd ra ad cd ; qd: 1 an: 4 au: 0 ad: 1 
+;; QUESTIONS:
+;;	., type = DNSKEY, class = IN
+
+;; ANSWERS:
+.			87370	IN	DNSKEY	256 3 8 AwEAAaPD7Y7XIi1MOEREJNTrRhyqsY3gff6JWzg+XCbqut1sbcbvqyssHw8DT1AkRaAC92pO8xuyq5QEgEPL1IHfABLwpwXI5gTj4gdwi86bpkmlWs9fRpnn4DPDCTdrnxIejJXgClHikLJF3u3CdpNCMijq4CKdQbMlRZ3avv+G7rh7
+.			87370	IN	DNSKEY	256 3 8 AwEAAe3fSrbLBy3LOS7pnxEUhvPZTE2H5dIGsI/UfruI/nOEvWWa/PSX2BFedBkEqOlYdjdNF2f+6lmfk2Od/xu0v5bVqxFE+/24v3hZSlWBxvXzPTAGHrbW/IJYEPqlzVOAS4XdUgHg0N7IbLywNHMvB+Yf+Nm6ctyXXFLV4WTNnzs7
+.			87370	IN	DNSKEY	257 3 8 AwEAAagAIKlVZrpC6Ia7gEzahOR+9W29euxhJhVVLOyQbSEW0O8gcCjFFVQUTf6v58fLjwBd0YI0EzrAcQqBGCzh/RStIoO8g0NfnfL2MTJRkxoXbfDaUeVPQuYEhg37NZWAJQ9VnMVDxP/VHL496M/QZxkjf5/Efucp2gaDX6RS6CXpoY68LsvPVjR0ZSwzz1apAzvN9dlzEheX7ICJBBtuA6G3LQpzW5hOA2hzCTMjJPJ8LbqF6dsV6DoBQzgul0sGIcGOYl7OyQdXfZ57relSQageu+ipAdTTJ25AsRTAoub8ONGcLmqrAmRLKBP1dfwhYB4N7knNnulqQxA+Uk1ihz0=
+.			87370	IN	RRSIG	DNSKEY 8 0 172800 20150115235959 20150101000000 19036 . i8cAxD2pvQi1oAyvQxRpDfFlbqPzW+69QQEsDwE1eWOm5AtawO9U7lmsGps7sy/fVNvl1ljKBj4Djp9pb3U2FLogjiIlW0cDAkPmLlG9t+b/pjEfBNlhjANUVN06pvQVAfm+LcF26EaWT6FlISBqb6jSy4BHRa3Bdc4Sx7+pRSYSqVVvYxLkfAWsKPqGkvWhebJDndJJV9syXQXgZ+v/uJ+6XOS43xkAdeL8iBzIs/FlwMTfh3tVe3d0lb65IBBLlCzeQuetX+0Vu1YFcnD0mHc/wS2ZnAV5toAFmyVQBoY/XAZiZeaOkcROJ6Zmqezy7liwK7BqsYyAZntMhk8lbg==
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 883 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 52500
+;; flags: qr rd ra ad cd ; qd: 1 an: 2 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ch., type = DS, class = IN
+
+;; ANSWERS:
+ch.			970	IN	DS	46375 8 2 8F96646FC68BB7E4AF4C0750A6096FBC0D4ECDA3D3FA6DA06FDDB42EE50C6CF3
+ch.			970	IN	RRSIG	DS 8 1 86400 20150112170000 20150105160000 16665 . thY7xYWBBxiBjqbQIb9fAG4TmQgnziwM7q6P1T3/ITxmECdvOCQnnZA3uD7qmN8uM0HudsD7+y+zgD3rsH4RSTKdL4kHSI0OnCxToMTvklghEgFDezqIRm8NkWdI2H4Stwrj20nYKSpLQxPI2EE54gs18P3KyO8bAUYv8Qx73xU=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 238 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 3503
+;; flags: qr rd ra ad cd ; qd: 1 an: 4 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ch., type = DNSKEY, class = IN
+
+;; ANSWERS:
+ch.			971	IN	DNSKEY	257 3 8 AwEAAb7GhhZ8IAy/AhwmSms5DeQK5ad09wIIplEpYoiAIYXPtJvT1ReFzyfTp/2YP+g/PWDwHPh4qKAHa9x0VgbIQcGAeNakmfkAdWEmCnca323/SAml3mwfaX62G7/uYWae5zh8QTxZKNd+K1yZ5x0IxnI31chSl5xymRbTEHYZDKwSIRFM3fTxUMt93WFaBVWELReYotJBr++rvAWdnlay5TPBTvheLBkaiqtgM4GP8HK07Y+86lsZnEsj5K3G1KTV5SPpa82rqYAwxG9VKbmSE/6/kBR5jJHjt1rRt5Oe7v18aEtw0YCEN4vxq+KuvMoNVqXUsE9LBwHJD+QNwi6wmB0=
+ch.			971	IN	DNSKEY	256 3 8 AwEAAcsg0kY6fw1wzYMhSAKTy+Y2JzAst66P/1odp9NECJJHbU8f4nwziI3onoFSBV0ZiSZhY1aH5dhdDZ7BkrqhVXSrZPAz0CvzjIxmB1gSOf9DeZvjQvoy97HqYolxsf+B3QQv2RKBT67elF5+JisKg3/dQISelKn8LhabSoVrMlD1
+ch.			971	IN	DNSKEY	256 3 8 AwEAAcSLdT0fEmcFmLpeUkAJoeVaHKiu+nbuc43fWlqaCRVf8t2HA4uWxOk0O5ci9nrFTc8nq8oa5fk5Cj7CHh4yrX9qUCfTdIWTyp8BDEdJpS+Dyb0u9wQuVj+nQMj4fLzdQf4TJs3/qxuiLr3nL1UUwlhhXeqSqGVb7p3mtB5HJ8ad
+ch.			971	IN	RRSIG	DNSKEY 8 1 86400 20150127100909 20141212090909 46375 ch. bT8q0FWyeMH0SulNo6UdIIgZYNATwYsee2bikq2Gh339Bufma8eaqWIPYT3XKmxYPBFOw0bVl+kLZxTwbR1CFoCDXoP+qgQhh4mf9qkNiv2CDSc+0FE3FRREn+DAhYTUEuB58FPiPakFB8s8O7T+k2qhDae7jy4/y7Jl1lnjaBY8s7bzOUPhF0KKCNZmvoKwtL23ZdVeTSV1xM3jkiNnpzBKbcoSWECSGJVp1SE0BnRXdwQP41YTXFZ0310YjaTAUCC5qbMIWdEkHjfdSQtKBImnc85mkapq9w++XQ4zhauPWBtrPV3CcoCahjUaWdjrKVkibomlJZaN8MEO23CfQw==
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 893 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 61608
+;; flags: qr rd ra cd ; qd: 1 an: 3 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ingotronic.ch., type = DS, class = IN
+
+;; ANSWERS:
+ingotronic.ch.		3578	IN	DS	6031 5 1 733D0218B571CD617B1A7493564B9FC4F12ADE82
+ingotronic.ch.		3578	IN	DS	6031 5 2 4A948F2FDADA24686E473EDAC00DCF972584C75E3FAA92C2021B6221449FF87E
+ingotronic.ch.		3578	IN	RRSIG	DS 8 2 3600 20150129033614 20150105123019 60789 ch. rVPJP2HhzW7OkroK2axFj5Lb4iVWCH8Fp/Iq1rF952NDo72b8RiKje2RaAKJAGQ+wd0YgE+PAej04GCmkhlDJA/zvPeeTxuhy3HbJzReMlQ7fjyH+wW1hli+FuIYvogXWf7nO/9VyPORt8X/f/pjrOr3Vlj9sGLN8TGYpEuVSw4=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 288 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 16525
+;; flags: qr aa rd ra cd ; qd: 1 an: 4 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ingotronic.ch., type = DNSKEY, class = IN
+
+;; ANSWERS:
+ingotronic.ch.		300	IN	DNSKEY	256 3 5 AwEAAZ2Xh77GFzpEDx7EHYxShqltHgkiG+BOjBGifEmnJhQSdE5/yNSLFNcdhZZ8HUPxYnaedTqJcFFg4AzUsQklF/fECegTJdZjaj2WoL0/I8K7HMfY/hVuRZUWPNglYi8agJRX6gdkFTCpUNI7stpgKqxtzUJhhw15uG/lKMplwqUr
+ingotronic.ch.		300	IN	DNSKEY	257 3 5 AwEAAeA1vzmjaB+eBAcvhzpKEgAEFpvQ1rg4uKDW6MsQtacKoqBpgyep2+LuWotz5p/xYxj3NGsArwN8Ad5cY0FHRr8miTT0elOv6nvlqGIfRuhj/BXAQ1x4ihpSFslHw0lJMYFwxsUZWpUyjWX/nv1xRZMMwF46gui0N4OEbyTYusCk77D+A71k+K0EAitFIbIH4GCUKmH1H7HmXhSVH9bN/n7KEGwW32lmsuuUcJoRKDkcUvbMXY/9Xoa2quERrUg/rBbDUHowRPjYDS5GzY1+f4YY8s40BufGiqyUTKKXL953MVFK8gmezXA0hbmrnZ7CBOw/7238mORAdzExaX8n7CE=
+ingotronic.ch.		300	IN	RRSIG	DNSKEY 5 2 300 20150125003700 20141226001657 6031 ingotronic.ch. rs1QlP2SlSpA2ELbzwg3DgWLzXWL3Lpv6CUJE2Q0qH2Zp7Qdy3cD+ZEtNh9v24Qv1M6JJ3zFt8mmZoCeW2ycuMbJCqBkW9CBuwF+VznZvZY2MxwPipvhvEEGP//0M8YAZJ66yQPDv3PTdAP8FYbIrJyvY44vwyncwbslpfHT9jAsrbfr3vuMuWps86dnP462q+0s1TxBfqi8mzo3gdavjHKWVNwohLahLKT+tWeu6DSzQv0YwMjwtkLgF7QRgx3ctIIkloOrnx9nHH1N6y+hxEB89fOlyVDjHhgL5uVtsD5fEdT0FJ2Gc/2nShEMMqIwr1/J9kUq1mNySff/uEe65Q==
+ingotronic.ch.		300	IN	RRSIG	DNSKEY 5 2 300 20150125003700 20141226001657 17430 ingotronic.ch. mEwZjhQqeWksWD0TCnNBrtce4YkWJL3edqL6PvAUu8Fn+Ih437kEs3+pqdkgRsdYQ9HW+lBm/8pWwJlNAv0bi9NykItXMwAUFtncgq+6Pnh3iAM972GXSa5VV4LcGQ5b8CBdHCHiEKDqyPv5Hr5QfYL/FQaWlcNRh4QZZlZNPFA=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 940 bytes
+
+###############################################
+
diff --git a/src/test/resources/recordings/org_xbill_DNS_dnssec_TestWildcard/testNameNotExpandedFromWildcardWhenNonWildcardExistsNsec3 b/src/test/resources/recordings/org_xbill_DNS_dnssec_TestWildcard/testNameNotExpandedFromWildcardWhenNonWildcardExistsNsec3
new file mode 100644
index 000000000..d32d948c8
--- /dev/null
+++ b/src/test/resources/recordings/org_xbill_DNS_dnssec_TestWildcard/testNameNotExpandedFromWildcardWhenNonWildcardExistsNsec3
@@ -0,0 +1,297 @@
+#Date: 2015-01-06T22:35:02+01:00
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 6386
+;; flags: qr aa rd ra cd ; qd: 1 an: 2 au: 4 ad: 3 
+;; QUESTIONS:
+;;	b.d.nsec3.ingotronic.ch., type = A, class = IN
+
+;; ANSWERS:
+b.d.nsec3.ingotronic.ch.	300	IN	A	127.0.0.1
+b.d.nsec3.ingotronic.ch.	300	IN	RRSIG	A 7 4 300 20150125011553 20141226004758 62417 nsec3.ingotronic.ch. eTKm2GV3eV5Y8U6GoqwV+r3ddroqbgszQ6ffKiDPOSnPjgBQ5NP0MgR4ZC8iP7yp/ycVAx8BsnCwUfv1CDIZ1eeOAFRDmOiUlU3NqUA+Lklz+HLkK67P9w8WKcVkn079CPyPvp6Z0VNHq1o3WhRhVWzRYK2BMvZhqT2anYe8uQY=
+
+;; AUTHORITY RECORDS:
+nsec3.ingotronic.ch.	300	IN	NS	ns1.ingotronic.ch.
+nsec3.ingotronic.ch.	300	IN	RRSIG	NS 7 3 300 20150125010458 20141226002309 62417 nsec3.ingotronic.ch. fl2Q0YQQ1TduolGLyQx8vGqSApoBbb6A+go5SLFBYQobrPfO/rb+SM8JvnlzNX/Xa7dRhDYrnfBTFUm1mCur9aIi34gu5UwDNQvt/GXY5dC3+DEy/28bTZ43UuCs+qGH9u9leFwGX4neFNl0s5B4RpxBN4is8dXMUvOda6QcsOw=
+810L2KR9HCVTELBLO8GQM0EMIM8KD01E.nsec3.ingotronic.ch.	300	IN	NSEC3	1 0 10 1234 8VOO8LLV6NQKGVAP6LG1M4QMLMOS8LMK CNAME RRSIG
+810L2KR9HCVTELBLO8GQM0EMIM8KD01E.nsec3.ingotronic.ch.	300	IN	RRSIG	NSEC3 7 4 300 20150125010458 20141226002309 62417 nsec3.ingotronic.ch. oVpQ8URiobH7xZcbioe1KuVi7wDEvJDLlS1vN4phMRXDhe8JwA6iGHi8jq+iOT4FkzhO9LTsFJJEI6Nj509+1X2zvRwAfYauanMdXog5vh5d7WF+/Q3LxbybKeol0HvIrJGXeoVnaFJAh8WvMWwnb1tM6mHp1GKtWoWiH8pv6+0=
+
+;; ADDITIONAL RECORDS:
+ns1.ingotronic.ch.	300	IN	A	62.192.5.131
+ns1.ingotronic.ch.	300	IN	RRSIG	A 5 3 300 20150125005754 20141226001054 17430 ingotronic.ch. fNG1RZM53pXwBxruHNaSZszxVzNLoCq8VZsTjAzYH2vSLzHXYVGJFTLIeY0K9APAdyJU8WuwmABmn7XY0Kg39kRG77uoFlqUws2PdTz2QKOwJGZY7W88Ak2Y9lkDBcK8o3wJHVptrT8R7p/1U7UfjF0kqPUkakk2B0EbFWdagFg=
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 893 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 29930
+;; flags: qr rd ra ad cd ; qd: 1 an: 4 au: 0 ad: 1 
+;; QUESTIONS:
+;;	., type = DNSKEY, class = IN
+
+;; ANSWERS:
+.			87371	IN	DNSKEY	257 3 8 AwEAAagAIKlVZrpC6Ia7gEzahOR+9W29euxhJhVVLOyQbSEW0O8gcCjFFVQUTf6v58fLjwBd0YI0EzrAcQqBGCzh/RStIoO8g0NfnfL2MTJRkxoXbfDaUeVPQuYEhg37NZWAJQ9VnMVDxP/VHL496M/QZxkjf5/Efucp2gaDX6RS6CXpoY68LsvPVjR0ZSwzz1apAzvN9dlzEheX7ICJBBtuA6G3LQpzW5hOA2hzCTMjJPJ8LbqF6dsV6DoBQzgul0sGIcGOYl7OyQdXfZ57relSQageu+ipAdTTJ25AsRTAoub8ONGcLmqrAmRLKBP1dfwhYB4N7knNnulqQxA+Uk1ihz0=
+.			87371	IN	DNSKEY	256 3 8 AwEAAaPD7Y7XIi1MOEREJNTrRhyqsY3gff6JWzg+XCbqut1sbcbvqyssHw8DT1AkRaAC92pO8xuyq5QEgEPL1IHfABLwpwXI5gTj4gdwi86bpkmlWs9fRpnn4DPDCTdrnxIejJXgClHikLJF3u3CdpNCMijq4CKdQbMlRZ3avv+G7rh7
+.			87371	IN	DNSKEY	256 3 8 AwEAAe3fSrbLBy3LOS7pnxEUhvPZTE2H5dIGsI/UfruI/nOEvWWa/PSX2BFedBkEqOlYdjdNF2f+6lmfk2Od/xu0v5bVqxFE+/24v3hZSlWBxvXzPTAGHrbW/IJYEPqlzVOAS4XdUgHg0N7IbLywNHMvB+Yf+Nm6ctyXXFLV4WTNnzs7
+.			87371	IN	RRSIG	DNSKEY 8 0 172800 20150115235959 20150101000000 19036 . i8cAxD2pvQi1oAyvQxRpDfFlbqPzW+69QQEsDwE1eWOm5AtawO9U7lmsGps7sy/fVNvl1ljKBj4Djp9pb3U2FLogjiIlW0cDAkPmLlG9t+b/pjEfBNlhjANUVN06pvQVAfm+LcF26EaWT6FlISBqb6jSy4BHRa3Bdc4Sx7+pRSYSqVVvYxLkfAWsKPqGkvWhebJDndJJV9syXQXgZ+v/uJ+6XOS43xkAdeL8iBzIs/FlwMTfh3tVe3d0lb65IBBLlCzeQuetX+0Vu1YFcnD0mHc/wS2ZnAV5toAFmyVQBoY/XAZiZeaOkcROJ6Zmqezy7liwK7BqsYyAZntMhk8lbg==
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 883 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 12727
+;; flags: qr rd ra ad cd ; qd: 1 an: 2 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ch., type = DS, class = IN
+
+;; ANSWERS:
+ch.			971	IN	DS	46375 8 2 8F96646FC68BB7E4AF4C0750A6096FBC0D4ECDA3D3FA6DA06FDDB42EE50C6CF3
+ch.			971	IN	RRSIG	DS 8 1 86400 20150112170000 20150105160000 16665 . thY7xYWBBxiBjqbQIb9fAG4TmQgnziwM7q6P1T3/ITxmECdvOCQnnZA3uD7qmN8uM0HudsD7+y+zgD3rsH4RSTKdL4kHSI0OnCxToMTvklghEgFDezqIRm8NkWdI2H4Stwrj20nYKSpLQxPI2EE54gs18P3KyO8bAUYv8Qx73xU=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 238 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 14423
+;; flags: qr rd ra ad cd ; qd: 1 an: 4 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ch., type = DNSKEY, class = IN
+
+;; ANSWERS:
+ch.			972	IN	DNSKEY	257 3 8 AwEAAb7GhhZ8IAy/AhwmSms5DeQK5ad09wIIplEpYoiAIYXPtJvT1ReFzyfTp/2YP+g/PWDwHPh4qKAHa9x0VgbIQcGAeNakmfkAdWEmCnca323/SAml3mwfaX62G7/uYWae5zh8QTxZKNd+K1yZ5x0IxnI31chSl5xymRbTEHYZDKwSIRFM3fTxUMt93WFaBVWELReYotJBr++rvAWdnlay5TPBTvheLBkaiqtgM4GP8HK07Y+86lsZnEsj5K3G1KTV5SPpa82rqYAwxG9VKbmSE/6/kBR5jJHjt1rRt5Oe7v18aEtw0YCEN4vxq+KuvMoNVqXUsE9LBwHJD+QNwi6wmB0=
+ch.			972	IN	DNSKEY	256 3 8 AwEAAcSLdT0fEmcFmLpeUkAJoeVaHKiu+nbuc43fWlqaCRVf8t2HA4uWxOk0O5ci9nrFTc8nq8oa5fk5Cj7CHh4yrX9qUCfTdIWTyp8BDEdJpS+Dyb0u9wQuVj+nQMj4fLzdQf4TJs3/qxuiLr3nL1UUwlhhXeqSqGVb7p3mtB5HJ8ad
+ch.			972	IN	DNSKEY	256 3 8 AwEAAcsg0kY6fw1wzYMhSAKTy+Y2JzAst66P/1odp9NECJJHbU8f4nwziI3onoFSBV0ZiSZhY1aH5dhdDZ7BkrqhVXSrZPAz0CvzjIxmB1gSOf9DeZvjQvoy97HqYolxsf+B3QQv2RKBT67elF5+JisKg3/dQISelKn8LhabSoVrMlD1
+ch.			972	IN	RRSIG	DNSKEY 8 1 86400 20150127100909 20141212090909 46375 ch. bT8q0FWyeMH0SulNo6UdIIgZYNATwYsee2bikq2Gh339Bufma8eaqWIPYT3XKmxYPBFOw0bVl+kLZxTwbR1CFoCDXoP+qgQhh4mf9qkNiv2CDSc+0FE3FRREn+DAhYTUEuB58FPiPakFB8s8O7T+k2qhDae7jy4/y7Jl1lnjaBY8s7bzOUPhF0KKCNZmvoKwtL23ZdVeTSV1xM3jkiNnpzBKbcoSWECSGJVp1SE0BnRXdwQP41YTXFZ0310YjaTAUCC5qbMIWdEkHjfdSQtKBImnc85mkapq9w++XQ4zhauPWBtrPV3CcoCahjUaWdjrKVkibomlJZaN8MEO23CfQw==
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 893 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 57122
+;; flags: qr rd ra cd ; qd: 1 an: 3 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ingotronic.ch., type = DS, class = IN
+
+;; ANSWERS:
+ingotronic.ch.		3580	IN	DS	6031 5 1 733D0218B571CD617B1A7493564B9FC4F12ADE82
+ingotronic.ch.		3580	IN	DS	6031 5 2 4A948F2FDADA24686E473EDAC00DCF972584C75E3FAA92C2021B6221449FF87E
+ingotronic.ch.		3580	IN	RRSIG	DS 8 2 3600 20150129033614 20150105123019 60789 ch. rVPJP2HhzW7OkroK2axFj5Lb4iVWCH8Fp/Iq1rF952NDo72b8RiKje2RaAKJAGQ+wd0YgE+PAej04GCmkhlDJA/zvPeeTxuhy3HbJzReMlQ7fjyH+wW1hli+FuIYvogXWf7nO/9VyPORt8X/f/pjrOr3Vlj9sGLN8TGYpEuVSw4=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 288 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 12690
+;; flags: qr aa rd ra cd ; qd: 1 an: 4 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ingotronic.ch., type = DNSKEY, class = IN
+
+;; ANSWERS:
+ingotronic.ch.		300	IN	DNSKEY	257 3 5 AwEAAeA1vzmjaB+eBAcvhzpKEgAEFpvQ1rg4uKDW6MsQtacKoqBpgyep2+LuWotz5p/xYxj3NGsArwN8Ad5cY0FHRr8miTT0elOv6nvlqGIfRuhj/BXAQ1x4ihpSFslHw0lJMYFwxsUZWpUyjWX/nv1xRZMMwF46gui0N4OEbyTYusCk77D+A71k+K0EAitFIbIH4GCUKmH1H7HmXhSVH9bN/n7KEGwW32lmsuuUcJoRKDkcUvbMXY/9Xoa2quERrUg/rBbDUHowRPjYDS5GzY1+f4YY8s40BufGiqyUTKKXL953MVFK8gmezXA0hbmrnZ7CBOw/7238mORAdzExaX8n7CE=
+ingotronic.ch.		300	IN	DNSKEY	256 3 5 AwEAAZ2Xh77GFzpEDx7EHYxShqltHgkiG+BOjBGifEmnJhQSdE5/yNSLFNcdhZZ8HUPxYnaedTqJcFFg4AzUsQklF/fECegTJdZjaj2WoL0/I8K7HMfY/hVuRZUWPNglYi8agJRX6gdkFTCpUNI7stpgKqxtzUJhhw15uG/lKMplwqUr
+ingotronic.ch.		300	IN	RRSIG	DNSKEY 5 2 300 20150125003700 20141226001657 6031 ingotronic.ch. rs1QlP2SlSpA2ELbzwg3DgWLzXWL3Lpv6CUJE2Q0qH2Zp7Qdy3cD+ZEtNh9v24Qv1M6JJ3zFt8mmZoCeW2ycuMbJCqBkW9CBuwF+VznZvZY2MxwPipvhvEEGP//0M8YAZJ66yQPDv3PTdAP8FYbIrJyvY44vwyncwbslpfHT9jAsrbfr3vuMuWps86dnP462q+0s1TxBfqi8mzo3gdavjHKWVNwohLahLKT+tWeu6DSzQv0YwMjwtkLgF7QRgx3ctIIkloOrnx9nHH1N6y+hxEB89fOlyVDjHhgL5uVtsD5fEdT0FJ2Gc/2nShEMMqIwr1/J9kUq1mNySff/uEe65Q==
+ingotronic.ch.		300	IN	RRSIG	DNSKEY 5 2 300 20150125003700 20141226001657 17430 ingotronic.ch. mEwZjhQqeWksWD0TCnNBrtce4YkWJL3edqL6PvAUu8Fn+Ih437kEs3+pqdkgRsdYQ9HW+lBm/8pWwJlNAv0bi9NykItXMwAUFtncgq+6Pnh3iAM972GXSa5VV4LcGQ5b8CBdHCHiEKDqyPv5Hr5QfYL/FQaWlcNRh4QZZlZNPFA=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 940 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 18356
+;; flags: qr aa rd ra cd ; qd: 1 an: 3 au: 0 ad: 1 
+;; QUESTIONS:
+;;	nsec3.ingotronic.ch., type = DS, class = IN
+
+;; ANSWERS:
+nsec3.ingotronic.ch.	300	IN	DS	16758 7 2 3C8DC02750A1636F829B45D6E6D642866768A9CD40A013AD9D25AB63734FFA13
+nsec3.ingotronic.ch.	300	IN	DS	16758 7 1 1720FF268E09A2CB63805EC8782D10AAD20E12A5
+nsec3.ingotronic.ch.	300	IN	RRSIG	DS 5 3 300 20150125011134 20141226002644 17430 ingotronic.ch. hNurzlGhlyHbSgezPDuhIrtN9ZMsMXZbKGc7HD5rUuM88wD3fM97NxdzF+2Hi1USvBZ5GsQv63L+lAzf+mFPBoPIFHtTiAv8up7kQKRKmi/EzzkCYd/CC4UYdDZbaUyv7esh7spSOGwjPJNdK831p+MgltoWaYtnSGVMgOKk5mc=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 305 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 21569
+;; flags: qr aa rd ra cd ; qd: 1 an: 4 au: 0 ad: 1 
+;; QUESTIONS:
+;;	nsec3.ingotronic.ch., type = DNSKEY, class = IN
+
+;; ANSWERS:
+nsec3.ingotronic.ch.	300	IN	DNSKEY	257 3 7 AwEAAaBuJTf9oGyeTH3biUkAFLrsYrkodX1H7Snsui4XsDHFCBvs5XYacHbs0Jg0/O51KPjmNnjwMW8SSyDkKqYQ+9uYAf2EQ/pnD/VGQqnV2cw0Vwk/t0E2V4FUCju4pnAoyzZFZXGs1eWbX9JXu++b0Azp+ACq6485qJLzHhWDiIrPoK/SvdbFVRK4s+nPPJLH3NGBbtdz6kPq7aFWYBMoGeAZdN1wsQpcNWUo5eOmaJY53nMc7+rDpAyYlMe/FKwSZdX2ZDd63Qsa6Im4FVUJq/nWLq7tlQ/mWks15uDTQyJy/OWfA0ICCO4N9Fel9rThJNpJWEzOCblvZyBoy405kZk=
+nsec3.ingotronic.ch.	300	IN	DNSKEY	256 3 7 AwEAAccAWxkTVGZ6UAp0VEozAlYpARhbh6Y6tYOl6Fg3UeBNFFtDQ9fTEEt1NkbnR9u8KkpVN6a67avlYiUN1egDqEwzDU7R1Rw+/USdhm2hqOARmmu3DBgjjX/iXjZLyv310cOGFJZ/smcodlDL4pDAAoPxh/qs6KEBaT0sc1KWcGq3
+nsec3.ingotronic.ch.	300	IN	RRSIG	DNSKEY 7 3 300 20150125001457 20141226000444 16758 nsec3.ingotronic.ch. mXi1ylDi8XkRPup+YlT8GPdYE+P7gb6+/VdAwtodI916IzrkGkOHOTLbnrbAqqJOh0HxVCYXdxovmEcbJKUFKwplrQg3XD7/9Sq4pKU1MhMFEGrm/QPkM4u0mgjQwyToDLGuPHuFyur3FSjO/n54uGhAEft9JOFk/WKtWdCnm2LLyQrpC6herA3efFaI8kZhdoEY02AwihWVJxHasmz7lOoKRgNrkfELU+fN4+V7ISsRfJMyZc6q5PuNeG6vFD0uNE8tpdLJCSMurKYVpelvYqzFIcRTYcIjXwmS+L3DGjupqWMzFZVmpQM62JG3KCCD0ffpnNb0nWoSoHwpSeh/3Q==
+nsec3.ingotronic.ch.	300	IN	RRSIG	DNSKEY 7 3 300 20150125001457 20141226000444 62417 nsec3.ingotronic.ch. PyCrf8T5dAfJzapb1p+kcTALPjDuD2niSaXXo0KeHAunT+6gJicLML2S/ZpiYr7X7Ma4Z0TYqE02qH6pcLYNnSgv9BE8sZO0nRtPekSyTy5nLi4hFADYhjb3UjaB85qmQZcqm64vC/CJhWO4t6Eixg/5MYALw+Qdy5Fo0qy/U5E=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 958 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 53334
+;; flags: qr rd ra ad cd ; qd: 1 an: 4 au: 0 ad: 1 
+;; QUESTIONS:
+;;	., type = DNSKEY, class = IN
+
+;; ANSWERS:
+.			87371	IN	DNSKEY	257 3 8 AwEAAagAIKlVZrpC6Ia7gEzahOR+9W29euxhJhVVLOyQbSEW0O8gcCjFFVQUTf6v58fLjwBd0YI0EzrAcQqBGCzh/RStIoO8g0NfnfL2MTJRkxoXbfDaUeVPQuYEhg37NZWAJQ9VnMVDxP/VHL496M/QZxkjf5/Efucp2gaDX6RS6CXpoY68LsvPVjR0ZSwzz1apAzvN9dlzEheX7ICJBBtuA6G3LQpzW5hOA2hzCTMjJPJ8LbqF6dsV6DoBQzgul0sGIcGOYl7OyQdXfZ57relSQageu+ipAdTTJ25AsRTAoub8ONGcLmqrAmRLKBP1dfwhYB4N7knNnulqQxA+Uk1ihz0=
+.			87371	IN	DNSKEY	256 3 8 AwEAAe3fSrbLBy3LOS7pnxEUhvPZTE2H5dIGsI/UfruI/nOEvWWa/PSX2BFedBkEqOlYdjdNF2f+6lmfk2Od/xu0v5bVqxFE+/24v3hZSlWBxvXzPTAGHrbW/IJYEPqlzVOAS4XdUgHg0N7IbLywNHMvB+Yf+Nm6ctyXXFLV4WTNnzs7
+.			87371	IN	DNSKEY	256 3 8 AwEAAaPD7Y7XIi1MOEREJNTrRhyqsY3gff6JWzg+XCbqut1sbcbvqyssHw8DT1AkRaAC92pO8xuyq5QEgEPL1IHfABLwpwXI5gTj4gdwi86bpkmlWs9fRpnn4DPDCTdrnxIejJXgClHikLJF3u3CdpNCMijq4CKdQbMlRZ3avv+G7rh7
+.			87371	IN	RRSIG	DNSKEY 8 0 172800 20150115235959 20150101000000 19036 . i8cAxD2pvQi1oAyvQxRpDfFlbqPzW+69QQEsDwE1eWOm5AtawO9U7lmsGps7sy/fVNvl1ljKBj4Djp9pb3U2FLogjiIlW0cDAkPmLlG9t+b/pjEfBNlhjANUVN06pvQVAfm+LcF26EaWT6FlISBqb6jSy4BHRa3Bdc4Sx7+pRSYSqVVvYxLkfAWsKPqGkvWhebJDndJJV9syXQXgZ+v/uJ+6XOS43xkAdeL8iBzIs/FlwMTfh3tVe3d0lb65IBBLlCzeQuetX+0Vu1YFcnD0mHc/wS2ZnAV5toAFmyVQBoY/XAZiZeaOkcROJ6Zmqezy7liwK7BqsYyAZntMhk8lbg==
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 883 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 33527
+;; flags: qr rd ra ad cd ; qd: 1 an: 2 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ch., type = DS, class = IN
+
+;; ANSWERS:
+ch.			971	IN	DS	46375 8 2 8F96646FC68BB7E4AF4C0750A6096FBC0D4ECDA3D3FA6DA06FDDB42EE50C6CF3
+ch.			971	IN	RRSIG	DS 8 1 86400 20150112170000 20150105160000 16665 . thY7xYWBBxiBjqbQIb9fAG4TmQgnziwM7q6P1T3/ITxmECdvOCQnnZA3uD7qmN8uM0HudsD7+y+zgD3rsH4RSTKdL4kHSI0OnCxToMTvklghEgFDezqIRm8NkWdI2H4Stwrj20nYKSpLQxPI2EE54gs18P3KyO8bAUYv8Qx73xU=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 238 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 17311
+;; flags: qr rd ra ad cd ; qd: 1 an: 4 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ch., type = DNSKEY, class = IN
+
+;; ANSWERS:
+ch.			972	IN	DNSKEY	256 3 8 AwEAAcsg0kY6fw1wzYMhSAKTy+Y2JzAst66P/1odp9NECJJHbU8f4nwziI3onoFSBV0ZiSZhY1aH5dhdDZ7BkrqhVXSrZPAz0CvzjIxmB1gSOf9DeZvjQvoy97HqYolxsf+B3QQv2RKBT67elF5+JisKg3/dQISelKn8LhabSoVrMlD1
+ch.			972	IN	DNSKEY	257 3 8 AwEAAb7GhhZ8IAy/AhwmSms5DeQK5ad09wIIplEpYoiAIYXPtJvT1ReFzyfTp/2YP+g/PWDwHPh4qKAHa9x0VgbIQcGAeNakmfkAdWEmCnca323/SAml3mwfaX62G7/uYWae5zh8QTxZKNd+K1yZ5x0IxnI31chSl5xymRbTEHYZDKwSIRFM3fTxUMt93WFaBVWELReYotJBr++rvAWdnlay5TPBTvheLBkaiqtgM4GP8HK07Y+86lsZnEsj5K3G1KTV5SPpa82rqYAwxG9VKbmSE/6/kBR5jJHjt1rRt5Oe7v18aEtw0YCEN4vxq+KuvMoNVqXUsE9LBwHJD+QNwi6wmB0=
+ch.			972	IN	DNSKEY	256 3 8 AwEAAcSLdT0fEmcFmLpeUkAJoeVaHKiu+nbuc43fWlqaCRVf8t2HA4uWxOk0O5ci9nrFTc8nq8oa5fk5Cj7CHh4yrX9qUCfTdIWTyp8BDEdJpS+Dyb0u9wQuVj+nQMj4fLzdQf4TJs3/qxuiLr3nL1UUwlhhXeqSqGVb7p3mtB5HJ8ad
+ch.			972	IN	RRSIG	DNSKEY 8 1 86400 20150127100909 20141212090909 46375 ch. bT8q0FWyeMH0SulNo6UdIIgZYNATwYsee2bikq2Gh339Bufma8eaqWIPYT3XKmxYPBFOw0bVl+kLZxTwbR1CFoCDXoP+qgQhh4mf9qkNiv2CDSc+0FE3FRREn+DAhYTUEuB58FPiPakFB8s8O7T+k2qhDae7jy4/y7Jl1lnjaBY8s7bzOUPhF0KKCNZmvoKwtL23ZdVeTSV1xM3jkiNnpzBKbcoSWECSGJVp1SE0BnRXdwQP41YTXFZ0310YjaTAUCC5qbMIWdEkHjfdSQtKBImnc85mkapq9w++XQ4zhauPWBtrPV3CcoCahjUaWdjrKVkibomlJZaN8MEO23CfQw==
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 893 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 51328
+;; flags: qr rd ra cd ; qd: 1 an: 3 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ingotronic.ch., type = DS, class = IN
+
+;; ANSWERS:
+ingotronic.ch.		3580	IN	DS	6031 5 1 733D0218B571CD617B1A7493564B9FC4F12ADE82
+ingotronic.ch.		3580	IN	DS	6031 5 2 4A948F2FDADA24686E473EDAC00DCF972584C75E3FAA92C2021B6221449FF87E
+ingotronic.ch.		3580	IN	RRSIG	DS 8 2 3600 20150129033614 20150105123019 60789 ch. rVPJP2HhzW7OkroK2axFj5Lb4iVWCH8Fp/Iq1rF952NDo72b8RiKje2RaAKJAGQ+wd0YgE+PAej04GCmkhlDJA/zvPeeTxuhy3HbJzReMlQ7fjyH+wW1hli+FuIYvogXWf7nO/9VyPORt8X/f/pjrOr3Vlj9sGLN8TGYpEuVSw4=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 288 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 6320
+;; flags: qr aa rd ra cd ; qd: 1 an: 4 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ingotronic.ch., type = DNSKEY, class = IN
+
+;; ANSWERS:
+ingotronic.ch.		300	IN	DNSKEY	256 3 5 AwEAAZ2Xh77GFzpEDx7EHYxShqltHgkiG+BOjBGifEmnJhQSdE5/yNSLFNcdhZZ8HUPxYnaedTqJcFFg4AzUsQklF/fECegTJdZjaj2WoL0/I8K7HMfY/hVuRZUWPNglYi8agJRX6gdkFTCpUNI7stpgKqxtzUJhhw15uG/lKMplwqUr
+ingotronic.ch.		300	IN	DNSKEY	257 3 5 AwEAAeA1vzmjaB+eBAcvhzpKEgAEFpvQ1rg4uKDW6MsQtacKoqBpgyep2+LuWotz5p/xYxj3NGsArwN8Ad5cY0FHRr8miTT0elOv6nvlqGIfRuhj/BXAQ1x4ihpSFslHw0lJMYFwxsUZWpUyjWX/nv1xRZMMwF46gui0N4OEbyTYusCk77D+A71k+K0EAitFIbIH4GCUKmH1H7HmXhSVH9bN/n7KEGwW32lmsuuUcJoRKDkcUvbMXY/9Xoa2quERrUg/rBbDUHowRPjYDS5GzY1+f4YY8s40BufGiqyUTKKXL953MVFK8gmezXA0hbmrnZ7CBOw/7238mORAdzExaX8n7CE=
+ingotronic.ch.		300	IN	RRSIG	DNSKEY 5 2 300 20150125003700 20141226001657 6031 ingotronic.ch. rs1QlP2SlSpA2ELbzwg3DgWLzXWL3Lpv6CUJE2Q0qH2Zp7Qdy3cD+ZEtNh9v24Qv1M6JJ3zFt8mmZoCeW2ycuMbJCqBkW9CBuwF+VznZvZY2MxwPipvhvEEGP//0M8YAZJ66yQPDv3PTdAP8FYbIrJyvY44vwyncwbslpfHT9jAsrbfr3vuMuWps86dnP462q+0s1TxBfqi8mzo3gdavjHKWVNwohLahLKT+tWeu6DSzQv0YwMjwtkLgF7QRgx3ctIIkloOrnx9nHH1N6y+hxEB89fOlyVDjHhgL5uVtsD5fEdT0FJ2Gc/2nShEMMqIwr1/J9kUq1mNySff/uEe65Q==
+ingotronic.ch.		300	IN	RRSIG	DNSKEY 5 2 300 20150125003700 20141226001657 17430 ingotronic.ch. mEwZjhQqeWksWD0TCnNBrtce4YkWJL3edqL6PvAUu8Fn+Ih437kEs3+pqdkgRsdYQ9HW+lBm/8pWwJlNAv0bi9NykItXMwAUFtncgq+6Pnh3iAM972GXSa5VV4LcGQ5b8CBdHCHiEKDqyPv5Hr5QfYL/FQaWlcNRh4QZZlZNPFA=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 940 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 43131
+;; flags: qr aa rd ra cd ; qd: 1 an: 3 au: 0 ad: 1 
+;; QUESTIONS:
+;;	nsec3.ingotronic.ch., type = DS, class = IN
+
+;; ANSWERS:
+nsec3.ingotronic.ch.	300	IN	DS	16758 7 1 1720FF268E09A2CB63805EC8782D10AAD20E12A5
+nsec3.ingotronic.ch.	300	IN	DS	16758 7 2 3C8DC02750A1636F829B45D6E6D642866768A9CD40A013AD9D25AB63734FFA13
+nsec3.ingotronic.ch.	300	IN	RRSIG	DS 5 3 300 20150125011134 20141226002644 17430 ingotronic.ch. hNurzlGhlyHbSgezPDuhIrtN9ZMsMXZbKGc7HD5rUuM88wD3fM97NxdzF+2Hi1USvBZ5GsQv63L+lAzf+mFPBoPIFHtTiAv8up7kQKRKmi/EzzkCYd/CC4UYdDZbaUyv7esh7spSOGwjPJNdK831p+MgltoWaYtnSGVMgOKk5mc=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 305 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 52988
+;; flags: qr aa rd ra cd ; qd: 1 an: 4 au: 0 ad: 1 
+;; QUESTIONS:
+;;	nsec3.ingotronic.ch., type = DNSKEY, class = IN
+
+;; ANSWERS:
+nsec3.ingotronic.ch.	300	IN	DNSKEY	256 3 7 AwEAAccAWxkTVGZ6UAp0VEozAlYpARhbh6Y6tYOl6Fg3UeBNFFtDQ9fTEEt1NkbnR9u8KkpVN6a67avlYiUN1egDqEwzDU7R1Rw+/USdhm2hqOARmmu3DBgjjX/iXjZLyv310cOGFJZ/smcodlDL4pDAAoPxh/qs6KEBaT0sc1KWcGq3
+nsec3.ingotronic.ch.	300	IN	DNSKEY	257 3 7 AwEAAaBuJTf9oGyeTH3biUkAFLrsYrkodX1H7Snsui4XsDHFCBvs5XYacHbs0Jg0/O51KPjmNnjwMW8SSyDkKqYQ+9uYAf2EQ/pnD/VGQqnV2cw0Vwk/t0E2V4FUCju4pnAoyzZFZXGs1eWbX9JXu++b0Azp+ACq6485qJLzHhWDiIrPoK/SvdbFVRK4s+nPPJLH3NGBbtdz6kPq7aFWYBMoGeAZdN1wsQpcNWUo5eOmaJY53nMc7+rDpAyYlMe/FKwSZdX2ZDd63Qsa6Im4FVUJq/nWLq7tlQ/mWks15uDTQyJy/OWfA0ICCO4N9Fel9rThJNpJWEzOCblvZyBoy405kZk=
+nsec3.ingotronic.ch.	300	IN	RRSIG	DNSKEY 7 3 300 20150125001457 20141226000444 16758 nsec3.ingotronic.ch. mXi1ylDi8XkRPup+YlT8GPdYE+P7gb6+/VdAwtodI916IzrkGkOHOTLbnrbAqqJOh0HxVCYXdxovmEcbJKUFKwplrQg3XD7/9Sq4pKU1MhMFEGrm/QPkM4u0mgjQwyToDLGuPHuFyur3FSjO/n54uGhAEft9JOFk/WKtWdCnm2LLyQrpC6herA3efFaI8kZhdoEY02AwihWVJxHasmz7lOoKRgNrkfELU+fN4+V7ISsRfJMyZc6q5PuNeG6vFD0uNE8tpdLJCSMurKYVpelvYqzFIcRTYcIjXwmS+L3DGjupqWMzFZVmpQM62JG3KCCD0ffpnNb0nWoSoHwpSeh/3Q==
+nsec3.ingotronic.ch.	300	IN	RRSIG	DNSKEY 7 3 300 20150125001457 20141226000444 62417 nsec3.ingotronic.ch. PyCrf8T5dAfJzapb1p+kcTALPjDuD2niSaXXo0KeHAunT+6gJicLML2S/ZpiYr7X7Ma4Z0TYqE02qH6pcLYNnSgv9BE8sZO0nRtPekSyTy5nLi4hFADYhjb3UjaB85qmQZcqm64vC/CJhWO4t6Eixg/5MYALw+Qdy5Fo0qy/U5E=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 958 bytes
+
+###############################################
+
diff --git a/src/test/resources/recordings/org_xbill_DNS_dnssec_TestWildcard/testNodataWilcardWithoutCe b/src/test/resources/recordings/org_xbill_DNS_dnssec_TestWildcard/testNodataWilcardWithoutCe
new file mode 100644
index 000000000..58500bb3e
--- /dev/null
+++ b/src/test/resources/recordings/org_xbill_DNS_dnssec_TestWildcard/testNodataWilcardWithoutCe
@@ -0,0 +1,217 @@
+#Date: 2015-01-06T22:35:02+01:00
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 19025
+;; flags: qr aa rd ra cd ; qd: 1 an: 0 au: 6 ad: 1 
+;; QUESTIONS:
+;;	\001.c.ingotronic.ch., type = MX, class = IN
+
+;; ANSWERS:
+
+;; AUTHORITY RECORDS:
+ingotronic.ch.		300	IN	SOA	ns1.ingotronic.ch. admin.ingotronic.ch. 2013032762 300 60 864000 300
+ingotronic.ch.		300	IN	RRSIG	SOA 5 2 300 20150125021244 20141226011244 17430 ingotronic.ch. WDLpp9G0P/rlMBfpFn9sAfpEFoBnQfwyGSXbGCc/LG1FSkJoKLDQYDY696scLNsJgkrzZeJrl0oSSvA8AvRUhYRrmuqWMxTVFgYlRwPwqEMCKUqiVhKGVF4NYemoBiUQC4nJwBZd57xKCiF4AQ4CodBtiZxefJFAlTNE0g2yxtM=
+a.b.ingotronic.ch.	300	IN	NSEC	*.c.ingotronic.ch. A RRSIG NSEC
+a.b.ingotronic.ch.	300	IN	RRSIG	NSEC 5 4 300 20150125000532 20141225234703 17430 ingotronic.ch. HMCFItkk6JIV9hcHJ+p+OO5CI8B7H4fWy6w8kMfKPA/Z/lUcjlSKSexxd4ppubXfaVDhTW5j3Nd0rEpKbxztd9MZGVbvk7LJibvpD4ACR0xSmE69fyjrxrN/uDPYVPL5uOTklgDAlinQS3E6KulWr5iST9H4gmhfrk5MpvK4fcc=
+*.c.ingotronic.ch.	300	IN	NSEC	cfailed.ingotronic.ch. A RRSIG NSEC
+*.c.ingotronic.ch.	300	IN	RRSIG	NSEC 5 3 300 20150125000532 20141225234703 17430 ingotronic.ch. Lf7FP3WsqHc3SUznxjp367ehSI5mcUE7OzvHQj68BfC77FPylpt3YLtyirEZVjVKPjQ6maarQakizn6u7KFf1jFr2kGpS1rZCvyfAxGX6wwIZK/Wf0lfhP0IquQd+kX2OlmRbbemFI/lFG72NAcB+19t8tcwV5k6ADkxC2L6o/4=
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 697 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 43123
+;; flags: qr rd ra ad cd ; qd: 1 an: 4 au: 0 ad: 1 
+;; QUESTIONS:
+;;	., type = DNSKEY, class = IN
+
+;; ANSWERS:
+.			87372	IN	DNSKEY	257 3 8 AwEAAagAIKlVZrpC6Ia7gEzahOR+9W29euxhJhVVLOyQbSEW0O8gcCjFFVQUTf6v58fLjwBd0YI0EzrAcQqBGCzh/RStIoO8g0NfnfL2MTJRkxoXbfDaUeVPQuYEhg37NZWAJQ9VnMVDxP/VHL496M/QZxkjf5/Efucp2gaDX6RS6CXpoY68LsvPVjR0ZSwzz1apAzvN9dlzEheX7ICJBBtuA6G3LQpzW5hOA2hzCTMjJPJ8LbqF6dsV6DoBQzgul0sGIcGOYl7OyQdXfZ57relSQageu+ipAdTTJ25AsRTAoub8ONGcLmqrAmRLKBP1dfwhYB4N7knNnulqQxA+Uk1ihz0=
+.			87372	IN	DNSKEY	256 3 8 AwEAAaPD7Y7XIi1MOEREJNTrRhyqsY3gff6JWzg+XCbqut1sbcbvqyssHw8DT1AkRaAC92pO8xuyq5QEgEPL1IHfABLwpwXI5gTj4gdwi86bpkmlWs9fRpnn4DPDCTdrnxIejJXgClHikLJF3u3CdpNCMijq4CKdQbMlRZ3avv+G7rh7
+.			87372	IN	DNSKEY	256 3 8 AwEAAe3fSrbLBy3LOS7pnxEUhvPZTE2H5dIGsI/UfruI/nOEvWWa/PSX2BFedBkEqOlYdjdNF2f+6lmfk2Od/xu0v5bVqxFE+/24v3hZSlWBxvXzPTAGHrbW/IJYEPqlzVOAS4XdUgHg0N7IbLywNHMvB+Yf+Nm6ctyXXFLV4WTNnzs7
+.			87372	IN	RRSIG	DNSKEY 8 0 172800 20150115235959 20150101000000 19036 . i8cAxD2pvQi1oAyvQxRpDfFlbqPzW+69QQEsDwE1eWOm5AtawO9U7lmsGps7sy/fVNvl1ljKBj4Djp9pb3U2FLogjiIlW0cDAkPmLlG9t+b/pjEfBNlhjANUVN06pvQVAfm+LcF26EaWT6FlISBqb6jSy4BHRa3Bdc4Sx7+pRSYSqVVvYxLkfAWsKPqGkvWhebJDndJJV9syXQXgZ+v/uJ+6XOS43xkAdeL8iBzIs/FlwMTfh3tVe3d0lb65IBBLlCzeQuetX+0Vu1YFcnD0mHc/wS2ZnAV5toAFmyVQBoY/XAZiZeaOkcROJ6Zmqezy7liwK7BqsYyAZntMhk8lbg==
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 883 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 9093
+;; flags: qr rd ra ad cd ; qd: 1 an: 2 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ch., type = DS, class = IN
+
+;; ANSWERS:
+ch.			972	IN	DS	46375 8 2 8F96646FC68BB7E4AF4C0750A6096FBC0D4ECDA3D3FA6DA06FDDB42EE50C6CF3
+ch.			972	IN	RRSIG	DS 8 1 86400 20150112170000 20150105160000 16665 . thY7xYWBBxiBjqbQIb9fAG4TmQgnziwM7q6P1T3/ITxmECdvOCQnnZA3uD7qmN8uM0HudsD7+y+zgD3rsH4RSTKdL4kHSI0OnCxToMTvklghEgFDezqIRm8NkWdI2H4Stwrj20nYKSpLQxPI2EE54gs18P3KyO8bAUYv8Qx73xU=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 238 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 5
+;; flags: qr rd ra ad cd ; qd: 1 an: 4 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ch., type = DNSKEY, class = IN
+
+;; ANSWERS:
+ch.			972	IN	DNSKEY	256 3 8 AwEAAcsg0kY6fw1wzYMhSAKTy+Y2JzAst66P/1odp9NECJJHbU8f4nwziI3onoFSBV0ZiSZhY1aH5dhdDZ7BkrqhVXSrZPAz0CvzjIxmB1gSOf9DeZvjQvoy97HqYolxsf+B3QQv2RKBT67elF5+JisKg3/dQISelKn8LhabSoVrMlD1
+ch.			972	IN	DNSKEY	256 3 8 AwEAAcSLdT0fEmcFmLpeUkAJoeVaHKiu+nbuc43fWlqaCRVf8t2HA4uWxOk0O5ci9nrFTc8nq8oa5fk5Cj7CHh4yrX9qUCfTdIWTyp8BDEdJpS+Dyb0u9wQuVj+nQMj4fLzdQf4TJs3/qxuiLr3nL1UUwlhhXeqSqGVb7p3mtB5HJ8ad
+ch.			972	IN	DNSKEY	257 3 8 AwEAAb7GhhZ8IAy/AhwmSms5DeQK5ad09wIIplEpYoiAIYXPtJvT1ReFzyfTp/2YP+g/PWDwHPh4qKAHa9x0VgbIQcGAeNakmfkAdWEmCnca323/SAml3mwfaX62G7/uYWae5zh8QTxZKNd+K1yZ5x0IxnI31chSl5xymRbTEHYZDKwSIRFM3fTxUMt93WFaBVWELReYotJBr++rvAWdnlay5TPBTvheLBkaiqtgM4GP8HK07Y+86lsZnEsj5K3G1KTV5SPpa82rqYAwxG9VKbmSE/6/kBR5jJHjt1rRt5Oe7v18aEtw0YCEN4vxq+KuvMoNVqXUsE9LBwHJD+QNwi6wmB0=
+ch.			972	IN	RRSIG	DNSKEY 8 1 86400 20150127100909 20141212090909 46375 ch. bT8q0FWyeMH0SulNo6UdIIgZYNATwYsee2bikq2Gh339Bufma8eaqWIPYT3XKmxYPBFOw0bVl+kLZxTwbR1CFoCDXoP+qgQhh4mf9qkNiv2CDSc+0FE3FRREn+DAhYTUEuB58FPiPakFB8s8O7T+k2qhDae7jy4/y7Jl1lnjaBY8s7bzOUPhF0KKCNZmvoKwtL23ZdVeTSV1xM3jkiNnpzBKbcoSWECSGJVp1SE0BnRXdwQP41YTXFZ0310YjaTAUCC5qbMIWdEkHjfdSQtKBImnc85mkapq9w++XQ4zhauPWBtrPV3CcoCahjUaWdjrKVkibomlJZaN8MEO23CfQw==
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 893 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 11698
+;; flags: qr rd ra cd ; qd: 1 an: 3 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ingotronic.ch., type = DS, class = IN
+
+;; ANSWERS:
+ingotronic.ch.		3580	IN	DS	6031 5 1 733D0218B571CD617B1A7493564B9FC4F12ADE82
+ingotronic.ch.		3580	IN	DS	6031 5 2 4A948F2FDADA24686E473EDAC00DCF972584C75E3FAA92C2021B6221449FF87E
+ingotronic.ch.		3580	IN	RRSIG	DS 8 2 3600 20150129033614 20150105123019 60789 ch. rVPJP2HhzW7OkroK2axFj5Lb4iVWCH8Fp/Iq1rF952NDo72b8RiKje2RaAKJAGQ+wd0YgE+PAej04GCmkhlDJA/zvPeeTxuhy3HbJzReMlQ7fjyH+wW1hli+FuIYvogXWf7nO/9VyPORt8X/f/pjrOr3Vlj9sGLN8TGYpEuVSw4=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 288 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 46520
+;; flags: qr aa rd ra cd ; qd: 1 an: 4 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ingotronic.ch., type = DNSKEY, class = IN
+
+;; ANSWERS:
+ingotronic.ch.		300	IN	DNSKEY	257 3 5 AwEAAeA1vzmjaB+eBAcvhzpKEgAEFpvQ1rg4uKDW6MsQtacKoqBpgyep2+LuWotz5p/xYxj3NGsArwN8Ad5cY0FHRr8miTT0elOv6nvlqGIfRuhj/BXAQ1x4ihpSFslHw0lJMYFwxsUZWpUyjWX/nv1xRZMMwF46gui0N4OEbyTYusCk77D+A71k+K0EAitFIbIH4GCUKmH1H7HmXhSVH9bN/n7KEGwW32lmsuuUcJoRKDkcUvbMXY/9Xoa2quERrUg/rBbDUHowRPjYDS5GzY1+f4YY8s40BufGiqyUTKKXL953MVFK8gmezXA0hbmrnZ7CBOw/7238mORAdzExaX8n7CE=
+ingotronic.ch.		300	IN	DNSKEY	256 3 5 AwEAAZ2Xh77GFzpEDx7EHYxShqltHgkiG+BOjBGifEmnJhQSdE5/yNSLFNcdhZZ8HUPxYnaedTqJcFFg4AzUsQklF/fECegTJdZjaj2WoL0/I8K7HMfY/hVuRZUWPNglYi8agJRX6gdkFTCpUNI7stpgKqxtzUJhhw15uG/lKMplwqUr
+ingotronic.ch.		300	IN	RRSIG	DNSKEY 5 2 300 20150125003700 20141226001657 6031 ingotronic.ch. rs1QlP2SlSpA2ELbzwg3DgWLzXWL3Lpv6CUJE2Q0qH2Zp7Qdy3cD+ZEtNh9v24Qv1M6JJ3zFt8mmZoCeW2ycuMbJCqBkW9CBuwF+VznZvZY2MxwPipvhvEEGP//0M8YAZJ66yQPDv3PTdAP8FYbIrJyvY44vwyncwbslpfHT9jAsrbfr3vuMuWps86dnP462q+0s1TxBfqi8mzo3gdavjHKWVNwohLahLKT+tWeu6DSzQv0YwMjwtkLgF7QRgx3ctIIkloOrnx9nHH1N6y+hxEB89fOlyVDjHhgL5uVtsD5fEdT0FJ2Gc/2nShEMMqIwr1/J9kUq1mNySff/uEe65Q==
+ingotronic.ch.		300	IN	RRSIG	DNSKEY 5 2 300 20150125003700 20141226001657 17430 ingotronic.ch. mEwZjhQqeWksWD0TCnNBrtce4YkWJL3edqL6PvAUu8Fn+Ih437kEs3+pqdkgRsdYQ9HW+lBm/8pWwJlNAv0bi9NykItXMwAUFtncgq+6Pnh3iAM972GXSa5VV4LcGQ5b8CBdHCHiEKDqyPv5Hr5QfYL/FQaWlcNRh4QZZlZNPFA=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 940 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 30476
+;; flags: qr rd ra ad cd ; qd: 1 an: 4 au: 0 ad: 1 
+;; QUESTIONS:
+;;	., type = DNSKEY, class = IN
+
+;; ANSWERS:
+.			87371	IN	DNSKEY	257 3 8 AwEAAagAIKlVZrpC6Ia7gEzahOR+9W29euxhJhVVLOyQbSEW0O8gcCjFFVQUTf6v58fLjwBd0YI0EzrAcQqBGCzh/RStIoO8g0NfnfL2MTJRkxoXbfDaUeVPQuYEhg37NZWAJQ9VnMVDxP/VHL496M/QZxkjf5/Efucp2gaDX6RS6CXpoY68LsvPVjR0ZSwzz1apAzvN9dlzEheX7ICJBBtuA6G3LQpzW5hOA2hzCTMjJPJ8LbqF6dsV6DoBQzgul0sGIcGOYl7OyQdXfZ57relSQageu+ipAdTTJ25AsRTAoub8ONGcLmqrAmRLKBP1dfwhYB4N7knNnulqQxA+Uk1ihz0=
+.			87371	IN	DNSKEY	256 3 8 AwEAAaPD7Y7XIi1MOEREJNTrRhyqsY3gff6JWzg+XCbqut1sbcbvqyssHw8DT1AkRaAC92pO8xuyq5QEgEPL1IHfABLwpwXI5gTj4gdwi86bpkmlWs9fRpnn4DPDCTdrnxIejJXgClHikLJF3u3CdpNCMijq4CKdQbMlRZ3avv+G7rh7
+.			87371	IN	DNSKEY	256 3 8 AwEAAe3fSrbLBy3LOS7pnxEUhvPZTE2H5dIGsI/UfruI/nOEvWWa/PSX2BFedBkEqOlYdjdNF2f+6lmfk2Od/xu0v5bVqxFE+/24v3hZSlWBxvXzPTAGHrbW/IJYEPqlzVOAS4XdUgHg0N7IbLywNHMvB+Yf+Nm6ctyXXFLV4WTNnzs7
+.			87371	IN	RRSIG	DNSKEY 8 0 172800 20150115235959 20150101000000 19036 . i8cAxD2pvQi1oAyvQxRpDfFlbqPzW+69QQEsDwE1eWOm5AtawO9U7lmsGps7sy/fVNvl1ljKBj4Djp9pb3U2FLogjiIlW0cDAkPmLlG9t+b/pjEfBNlhjANUVN06pvQVAfm+LcF26EaWT6FlISBqb6jSy4BHRa3Bdc4Sx7+pRSYSqVVvYxLkfAWsKPqGkvWhebJDndJJV9syXQXgZ+v/uJ+6XOS43xkAdeL8iBzIs/FlwMTfh3tVe3d0lb65IBBLlCzeQuetX+0Vu1YFcnD0mHc/wS2ZnAV5toAFmyVQBoY/XAZiZeaOkcROJ6Zmqezy7liwK7BqsYyAZntMhk8lbg==
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 883 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 2117
+;; flags: qr rd ra ad cd ; qd: 1 an: 2 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ch., type = DS, class = IN
+
+;; ANSWERS:
+ch.			971	IN	DS	46375 8 2 8F96646FC68BB7E4AF4C0750A6096FBC0D4ECDA3D3FA6DA06FDDB42EE50C6CF3
+ch.			971	IN	RRSIG	DS 8 1 86400 20150112170000 20150105160000 16665 . thY7xYWBBxiBjqbQIb9fAG4TmQgnziwM7q6P1T3/ITxmECdvOCQnnZA3uD7qmN8uM0HudsD7+y+zgD3rsH4RSTKdL4kHSI0OnCxToMTvklghEgFDezqIRm8NkWdI2H4Stwrj20nYKSpLQxPI2EE54gs18P3KyO8bAUYv8Qx73xU=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 238 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 46135
+;; flags: qr rd ra ad cd ; qd: 1 an: 4 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ch., type = DNSKEY, class = IN
+
+;; ANSWERS:
+ch.			972	IN	DNSKEY	256 3 8 AwEAAcsg0kY6fw1wzYMhSAKTy+Y2JzAst66P/1odp9NECJJHbU8f4nwziI3onoFSBV0ZiSZhY1aH5dhdDZ7BkrqhVXSrZPAz0CvzjIxmB1gSOf9DeZvjQvoy97HqYolxsf+B3QQv2RKBT67elF5+JisKg3/dQISelKn8LhabSoVrMlD1
+ch.			972	IN	DNSKEY	257 3 8 AwEAAb7GhhZ8IAy/AhwmSms5DeQK5ad09wIIplEpYoiAIYXPtJvT1ReFzyfTp/2YP+g/PWDwHPh4qKAHa9x0VgbIQcGAeNakmfkAdWEmCnca323/SAml3mwfaX62G7/uYWae5zh8QTxZKNd+K1yZ5x0IxnI31chSl5xymRbTEHYZDKwSIRFM3fTxUMt93WFaBVWELReYotJBr++rvAWdnlay5TPBTvheLBkaiqtgM4GP8HK07Y+86lsZnEsj5K3G1KTV5SPpa82rqYAwxG9VKbmSE/6/kBR5jJHjt1rRt5Oe7v18aEtw0YCEN4vxq+KuvMoNVqXUsE9LBwHJD+QNwi6wmB0=
+ch.			972	IN	DNSKEY	256 3 8 AwEAAcSLdT0fEmcFmLpeUkAJoeVaHKiu+nbuc43fWlqaCRVf8t2HA4uWxOk0O5ci9nrFTc8nq8oa5fk5Cj7CHh4yrX9qUCfTdIWTyp8BDEdJpS+Dyb0u9wQuVj+nQMj4fLzdQf4TJs3/qxuiLr3nL1UUwlhhXeqSqGVb7p3mtB5HJ8ad
+ch.			972	IN	RRSIG	DNSKEY 8 1 86400 20150127100909 20141212090909 46375 ch. bT8q0FWyeMH0SulNo6UdIIgZYNATwYsee2bikq2Gh339Bufma8eaqWIPYT3XKmxYPBFOw0bVl+kLZxTwbR1CFoCDXoP+qgQhh4mf9qkNiv2CDSc+0FE3FRREn+DAhYTUEuB58FPiPakFB8s8O7T+k2qhDae7jy4/y7Jl1lnjaBY8s7bzOUPhF0KKCNZmvoKwtL23ZdVeTSV1xM3jkiNnpzBKbcoSWECSGJVp1SE0BnRXdwQP41YTXFZ0310YjaTAUCC5qbMIWdEkHjfdSQtKBImnc85mkapq9w++XQ4zhauPWBtrPV3CcoCahjUaWdjrKVkibomlJZaN8MEO23CfQw==
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 893 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 9267
+;; flags: qr rd ra cd ; qd: 1 an: 3 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ingotronic.ch., type = DS, class = IN
+
+;; ANSWERS:
+ingotronic.ch.		3580	IN	DS	6031 5 2 4A948F2FDADA24686E473EDAC00DCF972584C75E3FAA92C2021B6221449FF87E
+ingotronic.ch.		3580	IN	DS	6031 5 1 733D0218B571CD617B1A7493564B9FC4F12ADE82
+ingotronic.ch.		3580	IN	RRSIG	DS 8 2 3600 20150129033614 20150105123019 60789 ch. rVPJP2HhzW7OkroK2axFj5Lb4iVWCH8Fp/Iq1rF952NDo72b8RiKje2RaAKJAGQ+wd0YgE+PAej04GCmkhlDJA/zvPeeTxuhy3HbJzReMlQ7fjyH+wW1hli+FuIYvogXWf7nO/9VyPORt8X/f/pjrOr3Vlj9sGLN8TGYpEuVSw4=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 288 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 23660
+;; flags: qr aa rd ra cd ; qd: 1 an: 4 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ingotronic.ch., type = DNSKEY, class = IN
+
+;; ANSWERS:
+ingotronic.ch.		300	IN	DNSKEY	256 3 5 AwEAAZ2Xh77GFzpEDx7EHYxShqltHgkiG+BOjBGifEmnJhQSdE5/yNSLFNcdhZZ8HUPxYnaedTqJcFFg4AzUsQklF/fECegTJdZjaj2WoL0/I8K7HMfY/hVuRZUWPNglYi8agJRX6gdkFTCpUNI7stpgKqxtzUJhhw15uG/lKMplwqUr
+ingotronic.ch.		300	IN	DNSKEY	257 3 5 AwEAAeA1vzmjaB+eBAcvhzpKEgAEFpvQ1rg4uKDW6MsQtacKoqBpgyep2+LuWotz5p/xYxj3NGsArwN8Ad5cY0FHRr8miTT0elOv6nvlqGIfRuhj/BXAQ1x4ihpSFslHw0lJMYFwxsUZWpUyjWX/nv1xRZMMwF46gui0N4OEbyTYusCk77D+A71k+K0EAitFIbIH4GCUKmH1H7HmXhSVH9bN/n7KEGwW32lmsuuUcJoRKDkcUvbMXY/9Xoa2quERrUg/rBbDUHowRPjYDS5GzY1+f4YY8s40BufGiqyUTKKXL953MVFK8gmezXA0hbmrnZ7CBOw/7238mORAdzExaX8n7CE=
+ingotronic.ch.		300	IN	RRSIG	DNSKEY 5 2 300 20150125003700 20141226001657 6031 ingotronic.ch. rs1QlP2SlSpA2ELbzwg3DgWLzXWL3Lpv6CUJE2Q0qH2Zp7Qdy3cD+ZEtNh9v24Qv1M6JJ3zFt8mmZoCeW2ycuMbJCqBkW9CBuwF+VznZvZY2MxwPipvhvEEGP//0M8YAZJ66yQPDv3PTdAP8FYbIrJyvY44vwyncwbslpfHT9jAsrbfr3vuMuWps86dnP462q+0s1TxBfqi8mzo3gdavjHKWVNwohLahLKT+tWeu6DSzQv0YwMjwtkLgF7QRgx3ctIIkloOrnx9nHH1N6y+hxEB89fOlyVDjHhgL5uVtsD5fEdT0FJ2Gc/2nShEMMqIwr1/J9kUq1mNySff/uEe65Q==
+ingotronic.ch.		300	IN	RRSIG	DNSKEY 5 2 300 20150125003700 20141226001657 17430 ingotronic.ch. mEwZjhQqeWksWD0TCnNBrtce4YkWJL3edqL6PvAUu8Fn+Ih437kEs3+pqdkgRsdYQ9HW+lBm/8pWwJlNAv0bi9NykItXMwAUFtncgq+6Pnh3iAM972GXSa5VV4LcGQ5b8CBdHCHiEKDqyPv5Hr5QfYL/FQaWlcNRh4QZZlZNPFA=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 940 bytes
+
+###############################################
+
diff --git a/src/test/resources/recordings/org_xbill_DNS_dnssec_TestWildcard/testPositiveWithInvalidNsecSignature b/src/test/resources/recordings/org_xbill_DNS_dnssec_TestWildcard/testPositiveWithInvalidNsecSignature
new file mode 100644
index 000000000..1f9f86940
--- /dev/null
+++ b/src/test/resources/recordings/org_xbill_DNS_dnssec_TestWildcard/testPositiveWithInvalidNsecSignature
@@ -0,0 +1,219 @@
+#Date: 2015-01-06T22:35:04+01:00
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 52897
+;; flags: qr aa rd ra cd ; qd: 1 an: 2 au: 4 ad: 3 
+;; QUESTIONS:
+;;	a.c.ingotronic.ch., type = A, class = IN
+
+;; ANSWERS:
+a.c.ingotronic.ch.	300	IN	A	127.0.0.2
+a.c.ingotronic.ch.	300	IN	RRSIG	A 5 3 300 20150125000532 20141225234703 17430 ingotronic.ch. geU9+RShND1QSzoFR2S1RAJxA6G4xzDzW7bzjFlzYdsFS22qF7sfkO09No9Dh8GaaYNZSyJ00y6ldeO+jWrqeulgP99ogJcdC9vGnzYJxgl6T1BPzKOMtLg/peXAqARBK1NyDgLTjNSmVPVda5Xpe6aAZDOr1elE464SkEMiQHg=
+
+;; AUTHORITY RECORDS:
+ingotronic.ch.		300	IN	NS	ns1.ingotronic.ch.
+ingotronic.ch.		300	IN	RRSIG	NS 5 2 300 20150125000532 20141225234703 17430 ingotronic.ch. VuzVJM3McSHlcdngCG/G23zCikq8tXE0CZV2ZSgUFXXFMIEoM6PMi1QRQ/8VF3tee4WGpRx2jhtkui0wFRFfwIhW7G1uPDT4qogaR3KLIyuCEsMxhRH3WJZNrLmLqlSBGvd9OBJwbmryqm3Zzqvrk+E+rh8OJeifnBBpHAX4eHg=
+*.c.ingotronic.ch.	300	IN	NSEC	cfailed.ingotronic.ch. A RRSIG NSEC
+*.c.ingotronic.ch.	300	IN	RRSIG	NSEC 5 3 300 20150125000532 20141225234703 17430 ingotronic.ch. Lf7FP3WsqHc3SUznxjp367ehSI5mcUE7OzvHQj68BfC77FPylpt3YLtyirEZVjVKPjQ6maarQakizn6u7KFf1jFr2kGpS1rZCvyfAxGX6wwIZK/Wf0lfhP0IquQd+kX2OlmRbbemFI/lFG72NAcB+19t8tcwV5k6ADkxC2L6o/4=
+
+;; ADDITIONAL RECORDS:
+ns1.ingotronic.ch.	300	IN	A	62.192.5.131
+ns1.ingotronic.ch.	300	IN	RRSIG	A 5 3 300 20150125005754 20141226001054 17430 ingotronic.ch. fNG1RZM53pXwBxruHNaSZszxVzNLoCq8VZsTjAzYH2vSLzHXYVGJFTLIeY0K9APAdyJU8WuwmABmn7XY0Kg39kRG77uoFlqUws2PdTz2QKOwJGZY7W88Ak2Y9lkDBcK8o3wJHVptrT8R7p/1U7UfjF0kqPUkakk2B0EbFWdagFg=
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 833 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 23232
+;; flags: qr rd ra ad cd ; qd: 1 an: 4 au: 0 ad: 1 
+;; QUESTIONS:
+;;	., type = DNSKEY, class = IN
+
+;; ANSWERS:
+.			87369	IN	DNSKEY	257 3 8 AwEAAagAIKlVZrpC6Ia7gEzahOR+9W29euxhJhVVLOyQbSEW0O8gcCjFFVQUTf6v58fLjwBd0YI0EzrAcQqBGCzh/RStIoO8g0NfnfL2MTJRkxoXbfDaUeVPQuYEhg37NZWAJQ9VnMVDxP/VHL496M/QZxkjf5/Efucp2gaDX6RS6CXpoY68LsvPVjR0ZSwzz1apAzvN9dlzEheX7ICJBBtuA6G3LQpzW5hOA2hzCTMjJPJ8LbqF6dsV6DoBQzgul0sGIcGOYl7OyQdXfZ57relSQageu+ipAdTTJ25AsRTAoub8ONGcLmqrAmRLKBP1dfwhYB4N7knNnulqQxA+Uk1ihz0=
+.			87369	IN	DNSKEY	256 3 8 AwEAAe3fSrbLBy3LOS7pnxEUhvPZTE2H5dIGsI/UfruI/nOEvWWa/PSX2BFedBkEqOlYdjdNF2f+6lmfk2Od/xu0v5bVqxFE+/24v3hZSlWBxvXzPTAGHrbW/IJYEPqlzVOAS4XdUgHg0N7IbLywNHMvB+Yf+Nm6ctyXXFLV4WTNnzs7
+.			87369	IN	DNSKEY	256 3 8 AwEAAaPD7Y7XIi1MOEREJNTrRhyqsY3gff6JWzg+XCbqut1sbcbvqyssHw8DT1AkRaAC92pO8xuyq5QEgEPL1IHfABLwpwXI5gTj4gdwi86bpkmlWs9fRpnn4DPDCTdrnxIejJXgClHikLJF3u3CdpNCMijq4CKdQbMlRZ3avv+G7rh7
+.			87369	IN	RRSIG	DNSKEY 8 0 172800 20150115235959 20150101000000 19036 . i8cAxD2pvQi1oAyvQxRpDfFlbqPzW+69QQEsDwE1eWOm5AtawO9U7lmsGps7sy/fVNvl1ljKBj4Djp9pb3U2FLogjiIlW0cDAkPmLlG9t+b/pjEfBNlhjANUVN06pvQVAfm+LcF26EaWT6FlISBqb6jSy4BHRa3Bdc4Sx7+pRSYSqVVvYxLkfAWsKPqGkvWhebJDndJJV9syXQXgZ+v/uJ+6XOS43xkAdeL8iBzIs/FlwMTfh3tVe3d0lb65IBBLlCzeQuetX+0Vu1YFcnD0mHc/wS2ZnAV5toAFmyVQBoY/XAZiZeaOkcROJ6Zmqezy7liwK7BqsYyAZntMhk8lbg==
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 883 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 15202
+;; flags: qr rd ra ad cd ; qd: 1 an: 2 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ch., type = DS, class = IN
+
+;; ANSWERS:
+ch.			969	IN	DS	46375 8 2 8F96646FC68BB7E4AF4C0750A6096FBC0D4ECDA3D3FA6DA06FDDB42EE50C6CF3
+ch.			969	IN	RRSIG	DS 8 1 86400 20150112170000 20150105160000 16665 . thY7xYWBBxiBjqbQIb9fAG4TmQgnziwM7q6P1T3/ITxmECdvOCQnnZA3uD7qmN8uM0HudsD7+y+zgD3rsH4RSTKdL4kHSI0OnCxToMTvklghEgFDezqIRm8NkWdI2H4Stwrj20nYKSpLQxPI2EE54gs18P3KyO8bAUYv8Qx73xU=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 238 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 46342
+;; flags: qr rd ra ad cd ; qd: 1 an: 4 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ch., type = DNSKEY, class = IN
+
+;; ANSWERS:
+ch.			970	IN	DNSKEY	256 3 8 AwEAAcsg0kY6fw1wzYMhSAKTy+Y2JzAst66P/1odp9NECJJHbU8f4nwziI3onoFSBV0ZiSZhY1aH5dhdDZ7BkrqhVXSrZPAz0CvzjIxmB1gSOf9DeZvjQvoy97HqYolxsf+B3QQv2RKBT67elF5+JisKg3/dQISelKn8LhabSoVrMlD1
+ch.			970	IN	DNSKEY	256 3 8 AwEAAcSLdT0fEmcFmLpeUkAJoeVaHKiu+nbuc43fWlqaCRVf8t2HA4uWxOk0O5ci9nrFTc8nq8oa5fk5Cj7CHh4yrX9qUCfTdIWTyp8BDEdJpS+Dyb0u9wQuVj+nQMj4fLzdQf4TJs3/qxuiLr3nL1UUwlhhXeqSqGVb7p3mtB5HJ8ad
+ch.			970	IN	DNSKEY	257 3 8 AwEAAb7GhhZ8IAy/AhwmSms5DeQK5ad09wIIplEpYoiAIYXPtJvT1ReFzyfTp/2YP+g/PWDwHPh4qKAHa9x0VgbIQcGAeNakmfkAdWEmCnca323/SAml3mwfaX62G7/uYWae5zh8QTxZKNd+K1yZ5x0IxnI31chSl5xymRbTEHYZDKwSIRFM3fTxUMt93WFaBVWELReYotJBr++rvAWdnlay5TPBTvheLBkaiqtgM4GP8HK07Y+86lsZnEsj5K3G1KTV5SPpa82rqYAwxG9VKbmSE/6/kBR5jJHjt1rRt5Oe7v18aEtw0YCEN4vxq+KuvMoNVqXUsE9LBwHJD+QNwi6wmB0=
+ch.			970	IN	RRSIG	DNSKEY 8 1 86400 20150127100909 20141212090909 46375 ch. bT8q0FWyeMH0SulNo6UdIIgZYNATwYsee2bikq2Gh339Bufma8eaqWIPYT3XKmxYPBFOw0bVl+kLZxTwbR1CFoCDXoP+qgQhh4mf9qkNiv2CDSc+0FE3FRREn+DAhYTUEuB58FPiPakFB8s8O7T+k2qhDae7jy4/y7Jl1lnjaBY8s7bzOUPhF0KKCNZmvoKwtL23ZdVeTSV1xM3jkiNnpzBKbcoSWECSGJVp1SE0BnRXdwQP41YTXFZ0310YjaTAUCC5qbMIWdEkHjfdSQtKBImnc85mkapq9w++XQ4zhauPWBtrPV3CcoCahjUaWdjrKVkibomlJZaN8MEO23CfQw==
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 893 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 32974
+;; flags: qr rd ra cd ; qd: 1 an: 3 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ingotronic.ch., type = DS, class = IN
+
+;; ANSWERS:
+ingotronic.ch.		3578	IN	DS	6031 5 1 733D0218B571CD617B1A7493564B9FC4F12ADE82
+ingotronic.ch.		3578	IN	DS	6031 5 2 4A948F2FDADA24686E473EDAC00DCF972584C75E3FAA92C2021B6221449FF87E
+ingotronic.ch.		3578	IN	RRSIG	DS 8 2 3600 20150129033614 20150105123019 60789 ch. rVPJP2HhzW7OkroK2axFj5Lb4iVWCH8Fp/Iq1rF952NDo72b8RiKje2RaAKJAGQ+wd0YgE+PAej04GCmkhlDJA/zvPeeTxuhy3HbJzReMlQ7fjyH+wW1hli+FuIYvogXWf7nO/9VyPORt8X/f/pjrOr3Vlj9sGLN8TGYpEuVSw4=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 288 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 51129
+;; flags: qr aa rd ra cd ; qd: 1 an: 4 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ingotronic.ch., type = DNSKEY, class = IN
+
+;; ANSWERS:
+ingotronic.ch.		300	IN	DNSKEY	257 3 5 AwEAAeA1vzmjaB+eBAcvhzpKEgAEFpvQ1rg4uKDW6MsQtacKoqBpgyep2+LuWotz5p/xYxj3NGsArwN8Ad5cY0FHRr8miTT0elOv6nvlqGIfRuhj/BXAQ1x4ihpSFslHw0lJMYFwxsUZWpUyjWX/nv1xRZMMwF46gui0N4OEbyTYusCk77D+A71k+K0EAitFIbIH4GCUKmH1H7HmXhSVH9bN/n7KEGwW32lmsuuUcJoRKDkcUvbMXY/9Xoa2quERrUg/rBbDUHowRPjYDS5GzY1+f4YY8s40BufGiqyUTKKXL953MVFK8gmezXA0hbmrnZ7CBOw/7238mORAdzExaX8n7CE=
+ingotronic.ch.		300	IN	DNSKEY	256 3 5 AwEAAZ2Xh77GFzpEDx7EHYxShqltHgkiG+BOjBGifEmnJhQSdE5/yNSLFNcdhZZ8HUPxYnaedTqJcFFg4AzUsQklF/fECegTJdZjaj2WoL0/I8K7HMfY/hVuRZUWPNglYi8agJRX6gdkFTCpUNI7stpgKqxtzUJhhw15uG/lKMplwqUr
+ingotronic.ch.		300	IN	RRSIG	DNSKEY 5 2 300 20150125003700 20141226001657 6031 ingotronic.ch. rs1QlP2SlSpA2ELbzwg3DgWLzXWL3Lpv6CUJE2Q0qH2Zp7Qdy3cD+ZEtNh9v24Qv1M6JJ3zFt8mmZoCeW2ycuMbJCqBkW9CBuwF+VznZvZY2MxwPipvhvEEGP//0M8YAZJ66yQPDv3PTdAP8FYbIrJyvY44vwyncwbslpfHT9jAsrbfr3vuMuWps86dnP462q+0s1TxBfqi8mzo3gdavjHKWVNwohLahLKT+tWeu6DSzQv0YwMjwtkLgF7QRgx3ctIIkloOrnx9nHH1N6y+hxEB89fOlyVDjHhgL5uVtsD5fEdT0FJ2Gc/2nShEMMqIwr1/J9kUq1mNySff/uEe65Q==
+ingotronic.ch.		300	IN	RRSIG	DNSKEY 5 2 300 20150125003700 20141226001657 17430 ingotronic.ch. mEwZjhQqeWksWD0TCnNBrtce4YkWJL3edqL6PvAUu8Fn+Ih437kEs3+pqdkgRsdYQ9HW+lBm/8pWwJlNAv0bi9NykItXMwAUFtncgq+6Pnh3iAM972GXSa5VV4LcGQ5b8CBdHCHiEKDqyPv5Hr5QfYL/FQaWlcNRh4QZZlZNPFA=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 940 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 56199
+;; flags: qr rd ra ad cd ; qd: 1 an: 4 au: 0 ad: 1 
+;; QUESTIONS:
+;;	., type = DNSKEY, class = IN
+
+;; ANSWERS:
+.			87369	IN	DNSKEY	257 3 8 AwEAAagAIKlVZrpC6Ia7gEzahOR+9W29euxhJhVVLOyQbSEW0O8gcCjFFVQUTf6v58fLjwBd0YI0EzrAcQqBGCzh/RStIoO8g0NfnfL2MTJRkxoXbfDaUeVPQuYEhg37NZWAJQ9VnMVDxP/VHL496M/QZxkjf5/Efucp2gaDX6RS6CXpoY68LsvPVjR0ZSwzz1apAzvN9dlzEheX7ICJBBtuA6G3LQpzW5hOA2hzCTMjJPJ8LbqF6dsV6DoBQzgul0sGIcGOYl7OyQdXfZ57relSQageu+ipAdTTJ25AsRTAoub8ONGcLmqrAmRLKBP1dfwhYB4N7knNnulqQxA+Uk1ihz0=
+.			87369	IN	DNSKEY	256 3 8 AwEAAaPD7Y7XIi1MOEREJNTrRhyqsY3gff6JWzg+XCbqut1sbcbvqyssHw8DT1AkRaAC92pO8xuyq5QEgEPL1IHfABLwpwXI5gTj4gdwi86bpkmlWs9fRpnn4DPDCTdrnxIejJXgClHikLJF3u3CdpNCMijq4CKdQbMlRZ3avv+G7rh7
+.			87369	IN	DNSKEY	256 3 8 AwEAAe3fSrbLBy3LOS7pnxEUhvPZTE2H5dIGsI/UfruI/nOEvWWa/PSX2BFedBkEqOlYdjdNF2f+6lmfk2Od/xu0v5bVqxFE+/24v3hZSlWBxvXzPTAGHrbW/IJYEPqlzVOAS4XdUgHg0N7IbLywNHMvB+Yf+Nm6ctyXXFLV4WTNnzs7
+.			87369	IN	RRSIG	DNSKEY 8 0 172800 20150115235959 20150101000000 19036 . i8cAxD2pvQi1oAyvQxRpDfFlbqPzW+69QQEsDwE1eWOm5AtawO9U7lmsGps7sy/fVNvl1ljKBj4Djp9pb3U2FLogjiIlW0cDAkPmLlG9t+b/pjEfBNlhjANUVN06pvQVAfm+LcF26EaWT6FlISBqb6jSy4BHRa3Bdc4Sx7+pRSYSqVVvYxLkfAWsKPqGkvWhebJDndJJV9syXQXgZ+v/uJ+6XOS43xkAdeL8iBzIs/FlwMTfh3tVe3d0lb65IBBLlCzeQuetX+0Vu1YFcnD0mHc/wS2ZnAV5toAFmyVQBoY/XAZiZeaOkcROJ6Zmqezy7liwK7BqsYyAZntMhk8lbg==
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 883 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 36411
+;; flags: qr rd ra ad cd ; qd: 1 an: 2 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ch., type = DS, class = IN
+
+;; ANSWERS:
+ch.			969	IN	DS	46375 8 2 8F96646FC68BB7E4AF4C0750A6096FBC0D4ECDA3D3FA6DA06FDDB42EE50C6CF3
+ch.			969	IN	RRSIG	DS 8 1 86400 20150112170000 20150105160000 16665 . thY7xYWBBxiBjqbQIb9fAG4TmQgnziwM7q6P1T3/ITxmECdvOCQnnZA3uD7qmN8uM0HudsD7+y+zgD3rsH4RSTKdL4kHSI0OnCxToMTvklghEgFDezqIRm8NkWdI2H4Stwrj20nYKSpLQxPI2EE54gs18P3KyO8bAUYv8Qx73xU=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 238 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 21233
+;; flags: qr rd ra ad cd ; qd: 1 an: 4 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ch., type = DNSKEY, class = IN
+
+;; ANSWERS:
+ch.			970	IN	DNSKEY	257 3 8 AwEAAb7GhhZ8IAy/AhwmSms5DeQK5ad09wIIplEpYoiAIYXPtJvT1ReFzyfTp/2YP+g/PWDwHPh4qKAHa9x0VgbIQcGAeNakmfkAdWEmCnca323/SAml3mwfaX62G7/uYWae5zh8QTxZKNd+K1yZ5x0IxnI31chSl5xymRbTEHYZDKwSIRFM3fTxUMt93WFaBVWELReYotJBr++rvAWdnlay5TPBTvheLBkaiqtgM4GP8HK07Y+86lsZnEsj5K3G1KTV5SPpa82rqYAwxG9VKbmSE/6/kBR5jJHjt1rRt5Oe7v18aEtw0YCEN4vxq+KuvMoNVqXUsE9LBwHJD+QNwi6wmB0=
+ch.			970	IN	DNSKEY	256 3 8 AwEAAcsg0kY6fw1wzYMhSAKTy+Y2JzAst66P/1odp9NECJJHbU8f4nwziI3onoFSBV0ZiSZhY1aH5dhdDZ7BkrqhVXSrZPAz0CvzjIxmB1gSOf9DeZvjQvoy97HqYolxsf+B3QQv2RKBT67elF5+JisKg3/dQISelKn8LhabSoVrMlD1
+ch.			970	IN	DNSKEY	256 3 8 AwEAAcSLdT0fEmcFmLpeUkAJoeVaHKiu+nbuc43fWlqaCRVf8t2HA4uWxOk0O5ci9nrFTc8nq8oa5fk5Cj7CHh4yrX9qUCfTdIWTyp8BDEdJpS+Dyb0u9wQuVj+nQMj4fLzdQf4TJs3/qxuiLr3nL1UUwlhhXeqSqGVb7p3mtB5HJ8ad
+ch.			970	IN	RRSIG	DNSKEY 8 1 86400 20150127100909 20141212090909 46375 ch. bT8q0FWyeMH0SulNo6UdIIgZYNATwYsee2bikq2Gh339Bufma8eaqWIPYT3XKmxYPBFOw0bVl+kLZxTwbR1CFoCDXoP+qgQhh4mf9qkNiv2CDSc+0FE3FRREn+DAhYTUEuB58FPiPakFB8s8O7T+k2qhDae7jy4/y7Jl1lnjaBY8s7bzOUPhF0KKCNZmvoKwtL23ZdVeTSV1xM3jkiNnpzBKbcoSWECSGJVp1SE0BnRXdwQP41YTXFZ0310YjaTAUCC5qbMIWdEkHjfdSQtKBImnc85mkapq9w++XQ4zhauPWBtrPV3CcoCahjUaWdjrKVkibomlJZaN8MEO23CfQw==
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 893 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 42201
+;; flags: qr rd ra cd ; qd: 1 an: 3 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ingotronic.ch., type = DS, class = IN
+
+;; ANSWERS:
+ingotronic.ch.		3578	IN	DS	6031 5 2 4A948F2FDADA24686E473EDAC00DCF972584C75E3FAA92C2021B6221449FF87E
+ingotronic.ch.		3578	IN	DS	6031 5 1 733D0218B571CD617B1A7493564B9FC4F12ADE82
+ingotronic.ch.		3578	IN	RRSIG	DS 8 2 3600 20150129033614 20150105123019 60789 ch. rVPJP2HhzW7OkroK2axFj5Lb4iVWCH8Fp/Iq1rF952NDo72b8RiKje2RaAKJAGQ+wd0YgE+PAej04GCmkhlDJA/zvPeeTxuhy3HbJzReMlQ7fjyH+wW1hli+FuIYvogXWf7nO/9VyPORt8X/f/pjrOr3Vlj9sGLN8TGYpEuVSw4=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 288 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 52631
+;; flags: qr aa rd ra cd ; qd: 1 an: 4 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ingotronic.ch., type = DNSKEY, class = IN
+
+;; ANSWERS:
+ingotronic.ch.		300	IN	DNSKEY	256 3 5 AwEAAZ2Xh77GFzpEDx7EHYxShqltHgkiG+BOjBGifEmnJhQSdE5/yNSLFNcdhZZ8HUPxYnaedTqJcFFg4AzUsQklF/fECegTJdZjaj2WoL0/I8K7HMfY/hVuRZUWPNglYi8agJRX6gdkFTCpUNI7stpgKqxtzUJhhw15uG/lKMplwqUr
+ingotronic.ch.		300	IN	DNSKEY	257 3 5 AwEAAeA1vzmjaB+eBAcvhzpKEgAEFpvQ1rg4uKDW6MsQtacKoqBpgyep2+LuWotz5p/xYxj3NGsArwN8Ad5cY0FHRr8miTT0elOv6nvlqGIfRuhj/BXAQ1x4ihpSFslHw0lJMYFwxsUZWpUyjWX/nv1xRZMMwF46gui0N4OEbyTYusCk77D+A71k+K0EAitFIbIH4GCUKmH1H7HmXhSVH9bN/n7KEGwW32lmsuuUcJoRKDkcUvbMXY/9Xoa2quERrUg/rBbDUHowRPjYDS5GzY1+f4YY8s40BufGiqyUTKKXL953MVFK8gmezXA0hbmrnZ7CBOw/7238mORAdzExaX8n7CE=
+ingotronic.ch.		300	IN	RRSIG	DNSKEY 5 2 300 20150125003700 20141226001657 6031 ingotronic.ch. rs1QlP2SlSpA2ELbzwg3DgWLzXWL3Lpv6CUJE2Q0qH2Zp7Qdy3cD+ZEtNh9v24Qv1M6JJ3zFt8mmZoCeW2ycuMbJCqBkW9CBuwF+VznZvZY2MxwPipvhvEEGP//0M8YAZJ66yQPDv3PTdAP8FYbIrJyvY44vwyncwbslpfHT9jAsrbfr3vuMuWps86dnP462q+0s1TxBfqi8mzo3gdavjHKWVNwohLahLKT+tWeu6DSzQv0YwMjwtkLgF7QRgx3ctIIkloOrnx9nHH1N6y+hxEB89fOlyVDjHhgL5uVtsD5fEdT0FJ2Gc/2nShEMMqIwr1/J9kUq1mNySff/uEe65Q==
+ingotronic.ch.		300	IN	RRSIG	DNSKEY 5 2 300 20150125003700 20141226001657 17430 ingotronic.ch. mEwZjhQqeWksWD0TCnNBrtce4YkWJL3edqL6PvAUu8Fn+Ih437kEs3+pqdkgRsdYQ9HW+lBm/8pWwJlNAv0bi9NykItXMwAUFtncgq+6Pnh3iAM972GXSa5VV4LcGQ5b8CBdHCHiEKDqyPv5Hr5QfYL/FQaWlcNRh4QZZlZNPFA=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 940 bytes
+
+###############################################
+
diff --git a/src/test/resources/recordings/org_xbill_DNS_dnssec_TestWildcard/testSynthesisUsesCorrectWildcard b/src/test/resources/recordings/org_xbill_DNS_dnssec_TestWildcard/testSynthesisUsesCorrectWildcard
new file mode 100644
index 000000000..e7fcd9161
--- /dev/null
+++ b/src/test/resources/recordings/org_xbill_DNS_dnssec_TestWildcard/testSynthesisUsesCorrectWildcard
@@ -0,0 +1,219 @@
+#Date: 2015-01-06T22:35:03+01:00
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 11754
+;; flags: qr aa rd ra cd ; qd: 1 an: 2 au: 4 ad: 3 
+;; QUESTIONS:
+;;	a.wc.ingotronic.ch., type = A, class = IN
+
+;; ANSWERS:
+a.wc.ingotronic.ch.	300	IN	A	127.0.0.2
+a.wc.ingotronic.ch.	300	IN	RRSIG	A 5 3 300 20150125011134 20141226002644 17430 ingotronic.ch. XZpNDVyI2aAxNL0fMgxbKCHH6iFYitqUSc6KETJARx12GJt/0fkas+y6YRfS5oz4pBi8dsnlb/rjsDYoQ6aG6hCvAKnqSmZFO27Zp39AR6Uf+UMTR2H4tAgpvTm5tFBPh9POiH/e9YzGacKrXNkOZETXYdwzV7RQ0Ct9Gt2qLEw=
+
+;; AUTHORITY RECORDS:
+ingotronic.ch.		300	IN	NS	ns1.ingotronic.ch.
+ingotronic.ch.		300	IN	RRSIG	NS 5 2 300 20150125000532 20141225234703 17430 ingotronic.ch. VuzVJM3McSHlcdngCG/G23zCikq8tXE0CZV2ZSgUFXXFMIEoM6PMi1QRQ/8VF3tee4WGpRx2jhtkui0wFRFfwIhW7G1uPDT4qogaR3KLIyuCEsMxhRH3WJZNrLmLqlSBGvd9OBJwbmryqm3Zzqvrk+E+rh8OJeifnBBpHAX4eHg=
+*.wc.ingotronic.ch.	300	IN	NSEC	*.sub.wc.ingotronic.ch. A RRSIG NSEC
+*.wc.ingotronic.ch.	300	IN	RRSIG	NSEC 5 3 300 20150125011134 20141226002644 17430 ingotronic.ch. ReylzrruAa2BPfMdmDkTLgj/cLWzXR7V22zk/LPIChZUI7K8JIZHUzFA2XO6Cho+Dj3SGEXlwwgncN6RNImAthvYh1SMfj6GjM7beo7g5WBbJrwkAnrR/G/LIXj4D0xhcX3yFrDVt9Xp1wSqrJmurvodjkbo/8m8O4yhZFSiuWM=
+
+;; ADDITIONAL RECORDS:
+ns1.ingotronic.ch.	300	IN	A	62.192.5.131
+ns1.ingotronic.ch.	300	IN	RRSIG	A 5 3 300 20150125005754 20141226001054 17430 ingotronic.ch. fNG1RZM53pXwBxruHNaSZszxVzNLoCq8VZsTjAzYH2vSLzHXYVGJFTLIeY0K9APAdyJU8WuwmABmn7XY0Kg39kRG77uoFlqUws2PdTz2QKOwJGZY7W88Ak2Y9lkDBcK8o3wJHVptrT8R7p/1U7UfjF0kqPUkakk2B0EbFWdagFg=
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 835 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 255
+;; flags: qr rd ra ad cd ; qd: 1 an: 4 au: 0 ad: 1 
+;; QUESTIONS:
+;;	., type = DNSKEY, class = IN
+
+;; ANSWERS:
+.			87371	IN	DNSKEY	256 3 8 AwEAAe3fSrbLBy3LOS7pnxEUhvPZTE2H5dIGsI/UfruI/nOEvWWa/PSX2BFedBkEqOlYdjdNF2f+6lmfk2Od/xu0v5bVqxFE+/24v3hZSlWBxvXzPTAGHrbW/IJYEPqlzVOAS4XdUgHg0N7IbLywNHMvB+Yf+Nm6ctyXXFLV4WTNnzs7
+.			87371	IN	DNSKEY	256 3 8 AwEAAaPD7Y7XIi1MOEREJNTrRhyqsY3gff6JWzg+XCbqut1sbcbvqyssHw8DT1AkRaAC92pO8xuyq5QEgEPL1IHfABLwpwXI5gTj4gdwi86bpkmlWs9fRpnn4DPDCTdrnxIejJXgClHikLJF3u3CdpNCMijq4CKdQbMlRZ3avv+G7rh7
+.			87371	IN	DNSKEY	257 3 8 AwEAAagAIKlVZrpC6Ia7gEzahOR+9W29euxhJhVVLOyQbSEW0O8gcCjFFVQUTf6v58fLjwBd0YI0EzrAcQqBGCzh/RStIoO8g0NfnfL2MTJRkxoXbfDaUeVPQuYEhg37NZWAJQ9VnMVDxP/VHL496M/QZxkjf5/Efucp2gaDX6RS6CXpoY68LsvPVjR0ZSwzz1apAzvN9dlzEheX7ICJBBtuA6G3LQpzW5hOA2hzCTMjJPJ8LbqF6dsV6DoBQzgul0sGIcGOYl7OyQdXfZ57relSQageu+ipAdTTJ25AsRTAoub8ONGcLmqrAmRLKBP1dfwhYB4N7knNnulqQxA+Uk1ihz0=
+.			87371	IN	RRSIG	DNSKEY 8 0 172800 20150115235959 20150101000000 19036 . i8cAxD2pvQi1oAyvQxRpDfFlbqPzW+69QQEsDwE1eWOm5AtawO9U7lmsGps7sy/fVNvl1ljKBj4Djp9pb3U2FLogjiIlW0cDAkPmLlG9t+b/pjEfBNlhjANUVN06pvQVAfm+LcF26EaWT6FlISBqb6jSy4BHRa3Bdc4Sx7+pRSYSqVVvYxLkfAWsKPqGkvWhebJDndJJV9syXQXgZ+v/uJ+6XOS43xkAdeL8iBzIs/FlwMTfh3tVe3d0lb65IBBLlCzeQuetX+0Vu1YFcnD0mHc/wS2ZnAV5toAFmyVQBoY/XAZiZeaOkcROJ6Zmqezy7liwK7BqsYyAZntMhk8lbg==
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 883 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 2733
+;; flags: qr rd ra ad cd ; qd: 1 an: 2 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ch., type = DS, class = IN
+
+;; ANSWERS:
+ch.			970	IN	DS	46375 8 2 8F96646FC68BB7E4AF4C0750A6096FBC0D4ECDA3D3FA6DA06FDDB42EE50C6CF3
+ch.			970	IN	RRSIG	DS 8 1 86400 20150112170000 20150105160000 16665 . thY7xYWBBxiBjqbQIb9fAG4TmQgnziwM7q6P1T3/ITxmECdvOCQnnZA3uD7qmN8uM0HudsD7+y+zgD3rsH4RSTKdL4kHSI0OnCxToMTvklghEgFDezqIRm8NkWdI2H4Stwrj20nYKSpLQxPI2EE54gs18P3KyO8bAUYv8Qx73xU=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 238 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 30372
+;; flags: qr rd ra ad cd ; qd: 1 an: 4 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ch., type = DNSKEY, class = IN
+
+;; ANSWERS:
+ch.			971	IN	DNSKEY	256 3 8 AwEAAcSLdT0fEmcFmLpeUkAJoeVaHKiu+nbuc43fWlqaCRVf8t2HA4uWxOk0O5ci9nrFTc8nq8oa5fk5Cj7CHh4yrX9qUCfTdIWTyp8BDEdJpS+Dyb0u9wQuVj+nQMj4fLzdQf4TJs3/qxuiLr3nL1UUwlhhXeqSqGVb7p3mtB5HJ8ad
+ch.			971	IN	DNSKEY	256 3 8 AwEAAcsg0kY6fw1wzYMhSAKTy+Y2JzAst66P/1odp9NECJJHbU8f4nwziI3onoFSBV0ZiSZhY1aH5dhdDZ7BkrqhVXSrZPAz0CvzjIxmB1gSOf9DeZvjQvoy97HqYolxsf+B3QQv2RKBT67elF5+JisKg3/dQISelKn8LhabSoVrMlD1
+ch.			971	IN	DNSKEY	257 3 8 AwEAAb7GhhZ8IAy/AhwmSms5DeQK5ad09wIIplEpYoiAIYXPtJvT1ReFzyfTp/2YP+g/PWDwHPh4qKAHa9x0VgbIQcGAeNakmfkAdWEmCnca323/SAml3mwfaX62G7/uYWae5zh8QTxZKNd+K1yZ5x0IxnI31chSl5xymRbTEHYZDKwSIRFM3fTxUMt93WFaBVWELReYotJBr++rvAWdnlay5TPBTvheLBkaiqtgM4GP8HK07Y+86lsZnEsj5K3G1KTV5SPpa82rqYAwxG9VKbmSE/6/kBR5jJHjt1rRt5Oe7v18aEtw0YCEN4vxq+KuvMoNVqXUsE9LBwHJD+QNwi6wmB0=
+ch.			971	IN	RRSIG	DNSKEY 8 1 86400 20150127100909 20141212090909 46375 ch. bT8q0FWyeMH0SulNo6UdIIgZYNATwYsee2bikq2Gh339Bufma8eaqWIPYT3XKmxYPBFOw0bVl+kLZxTwbR1CFoCDXoP+qgQhh4mf9qkNiv2CDSc+0FE3FRREn+DAhYTUEuB58FPiPakFB8s8O7T+k2qhDae7jy4/y7Jl1lnjaBY8s7bzOUPhF0KKCNZmvoKwtL23ZdVeTSV1xM3jkiNnpzBKbcoSWECSGJVp1SE0BnRXdwQP41YTXFZ0310YjaTAUCC5qbMIWdEkHjfdSQtKBImnc85mkapq9w++XQ4zhauPWBtrPV3CcoCahjUaWdjrKVkibomlJZaN8MEO23CfQw==
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 893 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 18005
+;; flags: qr rd ra cd ; qd: 1 an: 3 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ingotronic.ch., type = DS, class = IN
+
+;; ANSWERS:
+ingotronic.ch.		3579	IN	DS	6031 5 2 4A948F2FDADA24686E473EDAC00DCF972584C75E3FAA92C2021B6221449FF87E
+ingotronic.ch.		3579	IN	DS	6031 5 1 733D0218B571CD617B1A7493564B9FC4F12ADE82
+ingotronic.ch.		3579	IN	RRSIG	DS 8 2 3600 20150129033614 20150105123019 60789 ch. rVPJP2HhzW7OkroK2axFj5Lb4iVWCH8Fp/Iq1rF952NDo72b8RiKje2RaAKJAGQ+wd0YgE+PAej04GCmkhlDJA/zvPeeTxuhy3HbJzReMlQ7fjyH+wW1hli+FuIYvogXWf7nO/9VyPORt8X/f/pjrOr3Vlj9sGLN8TGYpEuVSw4=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 288 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 35032
+;; flags: qr aa rd ra cd ; qd: 1 an: 4 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ingotronic.ch., type = DNSKEY, class = IN
+
+;; ANSWERS:
+ingotronic.ch.		300	IN	DNSKEY	257 3 5 AwEAAeA1vzmjaB+eBAcvhzpKEgAEFpvQ1rg4uKDW6MsQtacKoqBpgyep2+LuWotz5p/xYxj3NGsArwN8Ad5cY0FHRr8miTT0elOv6nvlqGIfRuhj/BXAQ1x4ihpSFslHw0lJMYFwxsUZWpUyjWX/nv1xRZMMwF46gui0N4OEbyTYusCk77D+A71k+K0EAitFIbIH4GCUKmH1H7HmXhSVH9bN/n7KEGwW32lmsuuUcJoRKDkcUvbMXY/9Xoa2quERrUg/rBbDUHowRPjYDS5GzY1+f4YY8s40BufGiqyUTKKXL953MVFK8gmezXA0hbmrnZ7CBOw/7238mORAdzExaX8n7CE=
+ingotronic.ch.		300	IN	DNSKEY	256 3 5 AwEAAZ2Xh77GFzpEDx7EHYxShqltHgkiG+BOjBGifEmnJhQSdE5/yNSLFNcdhZZ8HUPxYnaedTqJcFFg4AzUsQklF/fECegTJdZjaj2WoL0/I8K7HMfY/hVuRZUWPNglYi8agJRX6gdkFTCpUNI7stpgKqxtzUJhhw15uG/lKMplwqUr
+ingotronic.ch.		300	IN	RRSIG	DNSKEY 5 2 300 20150125003700 20141226001657 6031 ingotronic.ch. rs1QlP2SlSpA2ELbzwg3DgWLzXWL3Lpv6CUJE2Q0qH2Zp7Qdy3cD+ZEtNh9v24Qv1M6JJ3zFt8mmZoCeW2ycuMbJCqBkW9CBuwF+VznZvZY2MxwPipvhvEEGP//0M8YAZJ66yQPDv3PTdAP8FYbIrJyvY44vwyncwbslpfHT9jAsrbfr3vuMuWps86dnP462q+0s1TxBfqi8mzo3gdavjHKWVNwohLahLKT+tWeu6DSzQv0YwMjwtkLgF7QRgx3ctIIkloOrnx9nHH1N6y+hxEB89fOlyVDjHhgL5uVtsD5fEdT0FJ2Gc/2nShEMMqIwr1/J9kUq1mNySff/uEe65Q==
+ingotronic.ch.		300	IN	RRSIG	DNSKEY 5 2 300 20150125003700 20141226001657 17430 ingotronic.ch. mEwZjhQqeWksWD0TCnNBrtce4YkWJL3edqL6PvAUu8Fn+Ih437kEs3+pqdkgRsdYQ9HW+lBm/8pWwJlNAv0bi9NykItXMwAUFtncgq+6Pnh3iAM972GXSa5VV4LcGQ5b8CBdHCHiEKDqyPv5Hr5QfYL/FQaWlcNRh4QZZlZNPFA=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 940 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 4440
+;; flags: qr rd ra ad cd ; qd: 1 an: 4 au: 0 ad: 1 
+;; QUESTIONS:
+;;	., type = DNSKEY, class = IN
+
+;; ANSWERS:
+.			87370	IN	DNSKEY	257 3 8 AwEAAagAIKlVZrpC6Ia7gEzahOR+9W29euxhJhVVLOyQbSEW0O8gcCjFFVQUTf6v58fLjwBd0YI0EzrAcQqBGCzh/RStIoO8g0NfnfL2MTJRkxoXbfDaUeVPQuYEhg37NZWAJQ9VnMVDxP/VHL496M/QZxkjf5/Efucp2gaDX6RS6CXpoY68LsvPVjR0ZSwzz1apAzvN9dlzEheX7ICJBBtuA6G3LQpzW5hOA2hzCTMjJPJ8LbqF6dsV6DoBQzgul0sGIcGOYl7OyQdXfZ57relSQageu+ipAdTTJ25AsRTAoub8ONGcLmqrAmRLKBP1dfwhYB4N7knNnulqQxA+Uk1ihz0=
+.			87370	IN	DNSKEY	256 3 8 AwEAAaPD7Y7XIi1MOEREJNTrRhyqsY3gff6JWzg+XCbqut1sbcbvqyssHw8DT1AkRaAC92pO8xuyq5QEgEPL1IHfABLwpwXI5gTj4gdwi86bpkmlWs9fRpnn4DPDCTdrnxIejJXgClHikLJF3u3CdpNCMijq4CKdQbMlRZ3avv+G7rh7
+.			87370	IN	DNSKEY	256 3 8 AwEAAe3fSrbLBy3LOS7pnxEUhvPZTE2H5dIGsI/UfruI/nOEvWWa/PSX2BFedBkEqOlYdjdNF2f+6lmfk2Od/xu0v5bVqxFE+/24v3hZSlWBxvXzPTAGHrbW/IJYEPqlzVOAS4XdUgHg0N7IbLywNHMvB+Yf+Nm6ctyXXFLV4WTNnzs7
+.			87370	IN	RRSIG	DNSKEY 8 0 172800 20150115235959 20150101000000 19036 . i8cAxD2pvQi1oAyvQxRpDfFlbqPzW+69QQEsDwE1eWOm5AtawO9U7lmsGps7sy/fVNvl1ljKBj4Djp9pb3U2FLogjiIlW0cDAkPmLlG9t+b/pjEfBNlhjANUVN06pvQVAfm+LcF26EaWT6FlISBqb6jSy4BHRa3Bdc4Sx7+pRSYSqVVvYxLkfAWsKPqGkvWhebJDndJJV9syXQXgZ+v/uJ+6XOS43xkAdeL8iBzIs/FlwMTfh3tVe3d0lb65IBBLlCzeQuetX+0Vu1YFcnD0mHc/wS2ZnAV5toAFmyVQBoY/XAZiZeaOkcROJ6Zmqezy7liwK7BqsYyAZntMhk8lbg==
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 883 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 24442
+;; flags: qr rd ra ad cd ; qd: 1 an: 2 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ch., type = DS, class = IN
+
+;; ANSWERS:
+ch.			970	IN	DS	46375 8 2 8F96646FC68BB7E4AF4C0750A6096FBC0D4ECDA3D3FA6DA06FDDB42EE50C6CF3
+ch.			970	IN	RRSIG	DS 8 1 86400 20150112170000 20150105160000 16665 . thY7xYWBBxiBjqbQIb9fAG4TmQgnziwM7q6P1T3/ITxmECdvOCQnnZA3uD7qmN8uM0HudsD7+y+zgD3rsH4RSTKdL4kHSI0OnCxToMTvklghEgFDezqIRm8NkWdI2H4Stwrj20nYKSpLQxPI2EE54gs18P3KyO8bAUYv8Qx73xU=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 238 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 49540
+;; flags: qr rd ra ad cd ; qd: 1 an: 4 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ch., type = DNSKEY, class = IN
+
+;; ANSWERS:
+ch.			971	IN	DNSKEY	256 3 8 AwEAAcSLdT0fEmcFmLpeUkAJoeVaHKiu+nbuc43fWlqaCRVf8t2HA4uWxOk0O5ci9nrFTc8nq8oa5fk5Cj7CHh4yrX9qUCfTdIWTyp8BDEdJpS+Dyb0u9wQuVj+nQMj4fLzdQf4TJs3/qxuiLr3nL1UUwlhhXeqSqGVb7p3mtB5HJ8ad
+ch.			971	IN	DNSKEY	256 3 8 AwEAAcsg0kY6fw1wzYMhSAKTy+Y2JzAst66P/1odp9NECJJHbU8f4nwziI3onoFSBV0ZiSZhY1aH5dhdDZ7BkrqhVXSrZPAz0CvzjIxmB1gSOf9DeZvjQvoy97HqYolxsf+B3QQv2RKBT67elF5+JisKg3/dQISelKn8LhabSoVrMlD1
+ch.			971	IN	DNSKEY	257 3 8 AwEAAb7GhhZ8IAy/AhwmSms5DeQK5ad09wIIplEpYoiAIYXPtJvT1ReFzyfTp/2YP+g/PWDwHPh4qKAHa9x0VgbIQcGAeNakmfkAdWEmCnca323/SAml3mwfaX62G7/uYWae5zh8QTxZKNd+K1yZ5x0IxnI31chSl5xymRbTEHYZDKwSIRFM3fTxUMt93WFaBVWELReYotJBr++rvAWdnlay5TPBTvheLBkaiqtgM4GP8HK07Y+86lsZnEsj5K3G1KTV5SPpa82rqYAwxG9VKbmSE/6/kBR5jJHjt1rRt5Oe7v18aEtw0YCEN4vxq+KuvMoNVqXUsE9LBwHJD+QNwi6wmB0=
+ch.			971	IN	RRSIG	DNSKEY 8 1 86400 20150127100909 20141212090909 46375 ch. bT8q0FWyeMH0SulNo6UdIIgZYNATwYsee2bikq2Gh339Bufma8eaqWIPYT3XKmxYPBFOw0bVl+kLZxTwbR1CFoCDXoP+qgQhh4mf9qkNiv2CDSc+0FE3FRREn+DAhYTUEuB58FPiPakFB8s8O7T+k2qhDae7jy4/y7Jl1lnjaBY8s7bzOUPhF0KKCNZmvoKwtL23ZdVeTSV1xM3jkiNnpzBKbcoSWECSGJVp1SE0BnRXdwQP41YTXFZ0310YjaTAUCC5qbMIWdEkHjfdSQtKBImnc85mkapq9w++XQ4zhauPWBtrPV3CcoCahjUaWdjrKVkibomlJZaN8MEO23CfQw==
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 893 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 12172
+;; flags: qr rd ra cd ; qd: 1 an: 3 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ingotronic.ch., type = DS, class = IN
+
+;; ANSWERS:
+ingotronic.ch.		3579	IN	DS	6031 5 2 4A948F2FDADA24686E473EDAC00DCF972584C75E3FAA92C2021B6221449FF87E
+ingotronic.ch.		3579	IN	DS	6031 5 1 733D0218B571CD617B1A7493564B9FC4F12ADE82
+ingotronic.ch.		3579	IN	RRSIG	DS 8 2 3600 20150129033614 20150105123019 60789 ch. rVPJP2HhzW7OkroK2axFj5Lb4iVWCH8Fp/Iq1rF952NDo72b8RiKje2RaAKJAGQ+wd0YgE+PAej04GCmkhlDJA/zvPeeTxuhy3HbJzReMlQ7fjyH+wW1hli+FuIYvogXWf7nO/9VyPORt8X/f/pjrOr3Vlj9sGLN8TGYpEuVSw4=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 288 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 53492
+;; flags: qr aa rd ra cd ; qd: 1 an: 4 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ingotronic.ch., type = DNSKEY, class = IN
+
+;; ANSWERS:
+ingotronic.ch.		300	IN	DNSKEY	257 3 5 AwEAAeA1vzmjaB+eBAcvhzpKEgAEFpvQ1rg4uKDW6MsQtacKoqBpgyep2+LuWotz5p/xYxj3NGsArwN8Ad5cY0FHRr8miTT0elOv6nvlqGIfRuhj/BXAQ1x4ihpSFslHw0lJMYFwxsUZWpUyjWX/nv1xRZMMwF46gui0N4OEbyTYusCk77D+A71k+K0EAitFIbIH4GCUKmH1H7HmXhSVH9bN/n7KEGwW32lmsuuUcJoRKDkcUvbMXY/9Xoa2quERrUg/rBbDUHowRPjYDS5GzY1+f4YY8s40BufGiqyUTKKXL953MVFK8gmezXA0hbmrnZ7CBOw/7238mORAdzExaX8n7CE=
+ingotronic.ch.		300	IN	DNSKEY	256 3 5 AwEAAZ2Xh77GFzpEDx7EHYxShqltHgkiG+BOjBGifEmnJhQSdE5/yNSLFNcdhZZ8HUPxYnaedTqJcFFg4AzUsQklF/fECegTJdZjaj2WoL0/I8K7HMfY/hVuRZUWPNglYi8agJRX6gdkFTCpUNI7stpgKqxtzUJhhw15uG/lKMplwqUr
+ingotronic.ch.		300	IN	RRSIG	DNSKEY 5 2 300 20150125003700 20141226001657 6031 ingotronic.ch. rs1QlP2SlSpA2ELbzwg3DgWLzXWL3Lpv6CUJE2Q0qH2Zp7Qdy3cD+ZEtNh9v24Qv1M6JJ3zFt8mmZoCeW2ycuMbJCqBkW9CBuwF+VznZvZY2MxwPipvhvEEGP//0M8YAZJ66yQPDv3PTdAP8FYbIrJyvY44vwyncwbslpfHT9jAsrbfr3vuMuWps86dnP462q+0s1TxBfqi8mzo3gdavjHKWVNwohLahLKT+tWeu6DSzQv0YwMjwtkLgF7QRgx3ctIIkloOrnx9nHH1N6y+hxEB89fOlyVDjHhgL5uVtsD5fEdT0FJ2Gc/2nShEMMqIwr1/J9kUq1mNySff/uEe65Q==
+ingotronic.ch.		300	IN	RRSIG	DNSKEY 5 2 300 20150125003700 20141226001657 17430 ingotronic.ch. mEwZjhQqeWksWD0TCnNBrtce4YkWJL3edqL6PvAUu8Fn+Ih437kEs3+pqdkgRsdYQ9HW+lBm/8pWwJlNAv0bi9NykItXMwAUFtncgq+6Pnh3iAM972GXSa5VV4LcGQ5b8CBdHCHiEKDqyPv5Hr5QfYL/FQaWlcNRh4QZZlZNPFA=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 940 bytes
+
+###############################################
+
diff --git a/src/test/resources/recordings/org_xbill_DNS_dnssec_TestWildcard/testSynthesisUsesCorrectWildcardNodata b/src/test/resources/recordings/org_xbill_DNS_dnssec_TestWildcard/testSynthesisUsesCorrectWildcardNodata
new file mode 100644
index 000000000..1d52cd885
--- /dev/null
+++ b/src/test/resources/recordings/org_xbill_DNS_dnssec_TestWildcard/testSynthesisUsesCorrectWildcardNodata
@@ -0,0 +1,215 @@
+#Date: 2015-01-06T22:35:01+01:00
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 575
+;; flags: qr aa rd ra cd ; qd: 1 an: 0 au: 4 ad: 1 
+;; QUESTIONS:
+;;	a.wc.ingotronic.ch., type = MX, class = IN
+
+;; ANSWERS:
+
+;; AUTHORITY RECORDS:
+ingotronic.ch.		300	IN	SOA	ns1.ingotronic.ch. admin.ingotronic.ch. 2013032762 300 60 864000 300
+ingotronic.ch.		300	IN	RRSIG	SOA 5 2 300 20150125021244 20141226011244 17430 ingotronic.ch. WDLpp9G0P/rlMBfpFn9sAfpEFoBnQfwyGSXbGCc/LG1FSkJoKLDQYDY696scLNsJgkrzZeJrl0oSSvA8AvRUhYRrmuqWMxTVFgYlRwPwqEMCKUqiVhKGVF4NYemoBiUQC4nJwBZd57xKCiF4AQ4CodBtiZxefJFAlTNE0g2yxtM=
+*.wc.ingotronic.ch.	300	IN	NSEC	*.sub.wc.ingotronic.ch. A RRSIG NSEC
+*.wc.ingotronic.ch.	300	IN	RRSIG	NSEC 5 3 300 20150125011134 20141226002644 17430 ingotronic.ch. ReylzrruAa2BPfMdmDkTLgj/cLWzXR7V22zk/LPIChZUI7K8JIZHUzFA2XO6Cho+Dj3SGEXlwwgncN6RNImAthvYh1SMfj6GjM7beo7g5WBbJrwkAnrR/G/LIXj4D0xhcX3yFrDVt9Xp1wSqrJmurvodjkbo/8m8O4yhZFSiuWM=
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 485 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 52336
+;; flags: qr rd ra ad cd ; qd: 1 an: 4 au: 0 ad: 1 
+;; QUESTIONS:
+;;	., type = DNSKEY, class = IN
+
+;; ANSWERS:
+.			87372	IN	DNSKEY	256 3 8 AwEAAe3fSrbLBy3LOS7pnxEUhvPZTE2H5dIGsI/UfruI/nOEvWWa/PSX2BFedBkEqOlYdjdNF2f+6lmfk2Od/xu0v5bVqxFE+/24v3hZSlWBxvXzPTAGHrbW/IJYEPqlzVOAS4XdUgHg0N7IbLywNHMvB+Yf+Nm6ctyXXFLV4WTNnzs7
+.			87372	IN	DNSKEY	257 3 8 AwEAAagAIKlVZrpC6Ia7gEzahOR+9W29euxhJhVVLOyQbSEW0O8gcCjFFVQUTf6v58fLjwBd0YI0EzrAcQqBGCzh/RStIoO8g0NfnfL2MTJRkxoXbfDaUeVPQuYEhg37NZWAJQ9VnMVDxP/VHL496M/QZxkjf5/Efucp2gaDX6RS6CXpoY68LsvPVjR0ZSwzz1apAzvN9dlzEheX7ICJBBtuA6G3LQpzW5hOA2hzCTMjJPJ8LbqF6dsV6DoBQzgul0sGIcGOYl7OyQdXfZ57relSQageu+ipAdTTJ25AsRTAoub8ONGcLmqrAmRLKBP1dfwhYB4N7knNnulqQxA+Uk1ihz0=
+.			87372	IN	DNSKEY	256 3 8 AwEAAaPD7Y7XIi1MOEREJNTrRhyqsY3gff6JWzg+XCbqut1sbcbvqyssHw8DT1AkRaAC92pO8xuyq5QEgEPL1IHfABLwpwXI5gTj4gdwi86bpkmlWs9fRpnn4DPDCTdrnxIejJXgClHikLJF3u3CdpNCMijq4CKdQbMlRZ3avv+G7rh7
+.			87372	IN	RRSIG	DNSKEY 8 0 172800 20150115235959 20150101000000 19036 . i8cAxD2pvQi1oAyvQxRpDfFlbqPzW+69QQEsDwE1eWOm5AtawO9U7lmsGps7sy/fVNvl1ljKBj4Djp9pb3U2FLogjiIlW0cDAkPmLlG9t+b/pjEfBNlhjANUVN06pvQVAfm+LcF26EaWT6FlISBqb6jSy4BHRa3Bdc4Sx7+pRSYSqVVvYxLkfAWsKPqGkvWhebJDndJJV9syXQXgZ+v/uJ+6XOS43xkAdeL8iBzIs/FlwMTfh3tVe3d0lb65IBBLlCzeQuetX+0Vu1YFcnD0mHc/wS2ZnAV5toAFmyVQBoY/XAZiZeaOkcROJ6Zmqezy7liwK7BqsYyAZntMhk8lbg==
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 883 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 19347
+;; flags: qr rd ra ad cd ; qd: 1 an: 2 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ch., type = DS, class = IN
+
+;; ANSWERS:
+ch.			972	IN	DS	46375 8 2 8F96646FC68BB7E4AF4C0750A6096FBC0D4ECDA3D3FA6DA06FDDB42EE50C6CF3
+ch.			972	IN	RRSIG	DS 8 1 86400 20150112170000 20150105160000 16665 . thY7xYWBBxiBjqbQIb9fAG4TmQgnziwM7q6P1T3/ITxmECdvOCQnnZA3uD7qmN8uM0HudsD7+y+zgD3rsH4RSTKdL4kHSI0OnCxToMTvklghEgFDezqIRm8NkWdI2H4Stwrj20nYKSpLQxPI2EE54gs18P3KyO8bAUYv8Qx73xU=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 238 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 6261
+;; flags: qr rd ra ad cd ; qd: 1 an: 4 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ch., type = DNSKEY, class = IN
+
+;; ANSWERS:
+ch.			973	IN	DNSKEY	256 3 8 AwEAAcSLdT0fEmcFmLpeUkAJoeVaHKiu+nbuc43fWlqaCRVf8t2HA4uWxOk0O5ci9nrFTc8nq8oa5fk5Cj7CHh4yrX9qUCfTdIWTyp8BDEdJpS+Dyb0u9wQuVj+nQMj4fLzdQf4TJs3/qxuiLr3nL1UUwlhhXeqSqGVb7p3mtB5HJ8ad
+ch.			973	IN	DNSKEY	257 3 8 AwEAAb7GhhZ8IAy/AhwmSms5DeQK5ad09wIIplEpYoiAIYXPtJvT1ReFzyfTp/2YP+g/PWDwHPh4qKAHa9x0VgbIQcGAeNakmfkAdWEmCnca323/SAml3mwfaX62G7/uYWae5zh8QTxZKNd+K1yZ5x0IxnI31chSl5xymRbTEHYZDKwSIRFM3fTxUMt93WFaBVWELReYotJBr++rvAWdnlay5TPBTvheLBkaiqtgM4GP8HK07Y+86lsZnEsj5K3G1KTV5SPpa82rqYAwxG9VKbmSE/6/kBR5jJHjt1rRt5Oe7v18aEtw0YCEN4vxq+KuvMoNVqXUsE9LBwHJD+QNwi6wmB0=
+ch.			973	IN	DNSKEY	256 3 8 AwEAAcsg0kY6fw1wzYMhSAKTy+Y2JzAst66P/1odp9NECJJHbU8f4nwziI3onoFSBV0ZiSZhY1aH5dhdDZ7BkrqhVXSrZPAz0CvzjIxmB1gSOf9DeZvjQvoy97HqYolxsf+B3QQv2RKBT67elF5+JisKg3/dQISelKn8LhabSoVrMlD1
+ch.			973	IN	RRSIG	DNSKEY 8 1 86400 20150127100909 20141212090909 46375 ch. bT8q0FWyeMH0SulNo6UdIIgZYNATwYsee2bikq2Gh339Bufma8eaqWIPYT3XKmxYPBFOw0bVl+kLZxTwbR1CFoCDXoP+qgQhh4mf9qkNiv2CDSc+0FE3FRREn+DAhYTUEuB58FPiPakFB8s8O7T+k2qhDae7jy4/y7Jl1lnjaBY8s7bzOUPhF0KKCNZmvoKwtL23ZdVeTSV1xM3jkiNnpzBKbcoSWECSGJVp1SE0BnRXdwQP41YTXFZ0310YjaTAUCC5qbMIWdEkHjfdSQtKBImnc85mkapq9w++XQ4zhauPWBtrPV3CcoCahjUaWdjrKVkibomlJZaN8MEO23CfQw==
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 893 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 15861
+;; flags: qr rd ra cd ; qd: 1 an: 3 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ingotronic.ch., type = DS, class = IN
+
+;; ANSWERS:
+ingotronic.ch.		3581	IN	DS	6031 5 2 4A948F2FDADA24686E473EDAC00DCF972584C75E3FAA92C2021B6221449FF87E
+ingotronic.ch.		3581	IN	DS	6031 5 1 733D0218B571CD617B1A7493564B9FC4F12ADE82
+ingotronic.ch.		3581	IN	RRSIG	DS 8 2 3600 20150129033614 20150105123019 60789 ch. rVPJP2HhzW7OkroK2axFj5Lb4iVWCH8Fp/Iq1rF952NDo72b8RiKje2RaAKJAGQ+wd0YgE+PAej04GCmkhlDJA/zvPeeTxuhy3HbJzReMlQ7fjyH+wW1hli+FuIYvogXWf7nO/9VyPORt8X/f/pjrOr3Vlj9sGLN8TGYpEuVSw4=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 288 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 47780
+;; flags: qr aa rd ra cd ; qd: 1 an: 4 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ingotronic.ch., type = DNSKEY, class = IN
+
+;; ANSWERS:
+ingotronic.ch.		300	IN	DNSKEY	256 3 5 AwEAAZ2Xh77GFzpEDx7EHYxShqltHgkiG+BOjBGifEmnJhQSdE5/yNSLFNcdhZZ8HUPxYnaedTqJcFFg4AzUsQklF/fECegTJdZjaj2WoL0/I8K7HMfY/hVuRZUWPNglYi8agJRX6gdkFTCpUNI7stpgKqxtzUJhhw15uG/lKMplwqUr
+ingotronic.ch.		300	IN	DNSKEY	257 3 5 AwEAAeA1vzmjaB+eBAcvhzpKEgAEFpvQ1rg4uKDW6MsQtacKoqBpgyep2+LuWotz5p/xYxj3NGsArwN8Ad5cY0FHRr8miTT0elOv6nvlqGIfRuhj/BXAQ1x4ihpSFslHw0lJMYFwxsUZWpUyjWX/nv1xRZMMwF46gui0N4OEbyTYusCk77D+A71k+K0EAitFIbIH4GCUKmH1H7HmXhSVH9bN/n7KEGwW32lmsuuUcJoRKDkcUvbMXY/9Xoa2quERrUg/rBbDUHowRPjYDS5GzY1+f4YY8s40BufGiqyUTKKXL953MVFK8gmezXA0hbmrnZ7CBOw/7238mORAdzExaX8n7CE=
+ingotronic.ch.		300	IN	RRSIG	DNSKEY 5 2 300 20150125003700 20141226001657 6031 ingotronic.ch. rs1QlP2SlSpA2ELbzwg3DgWLzXWL3Lpv6CUJE2Q0qH2Zp7Qdy3cD+ZEtNh9v24Qv1M6JJ3zFt8mmZoCeW2ycuMbJCqBkW9CBuwF+VznZvZY2MxwPipvhvEEGP//0M8YAZJ66yQPDv3PTdAP8FYbIrJyvY44vwyncwbslpfHT9jAsrbfr3vuMuWps86dnP462q+0s1TxBfqi8mzo3gdavjHKWVNwohLahLKT+tWeu6DSzQv0YwMjwtkLgF7QRgx3ctIIkloOrnx9nHH1N6y+hxEB89fOlyVDjHhgL5uVtsD5fEdT0FJ2Gc/2nShEMMqIwr1/J9kUq1mNySff/uEe65Q==
+ingotronic.ch.		300	IN	RRSIG	DNSKEY 5 2 300 20150125003700 20141226001657 17430 ingotronic.ch. mEwZjhQqeWksWD0TCnNBrtce4YkWJL3edqL6PvAUu8Fn+Ih437kEs3+pqdkgRsdYQ9HW+lBm/8pWwJlNAv0bi9NykItXMwAUFtncgq+6Pnh3iAM972GXSa5VV4LcGQ5b8CBdHCHiEKDqyPv5Hr5QfYL/FQaWlcNRh4QZZlZNPFA=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 940 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 11858
+;; flags: qr rd ra ad cd ; qd: 1 an: 4 au: 0 ad: 1 
+;; QUESTIONS:
+;;	., type = DNSKEY, class = IN
+
+;; ANSWERS:
+.			87372	IN	DNSKEY	256 3 8 AwEAAaPD7Y7XIi1MOEREJNTrRhyqsY3gff6JWzg+XCbqut1sbcbvqyssHw8DT1AkRaAC92pO8xuyq5QEgEPL1IHfABLwpwXI5gTj4gdwi86bpkmlWs9fRpnn4DPDCTdrnxIejJXgClHikLJF3u3CdpNCMijq4CKdQbMlRZ3avv+G7rh7
+.			87372	IN	DNSKEY	256 3 8 AwEAAe3fSrbLBy3LOS7pnxEUhvPZTE2H5dIGsI/UfruI/nOEvWWa/PSX2BFedBkEqOlYdjdNF2f+6lmfk2Od/xu0v5bVqxFE+/24v3hZSlWBxvXzPTAGHrbW/IJYEPqlzVOAS4XdUgHg0N7IbLywNHMvB+Yf+Nm6ctyXXFLV4WTNnzs7
+.			87372	IN	DNSKEY	257 3 8 AwEAAagAIKlVZrpC6Ia7gEzahOR+9W29euxhJhVVLOyQbSEW0O8gcCjFFVQUTf6v58fLjwBd0YI0EzrAcQqBGCzh/RStIoO8g0NfnfL2MTJRkxoXbfDaUeVPQuYEhg37NZWAJQ9VnMVDxP/VHL496M/QZxkjf5/Efucp2gaDX6RS6CXpoY68LsvPVjR0ZSwzz1apAzvN9dlzEheX7ICJBBtuA6G3LQpzW5hOA2hzCTMjJPJ8LbqF6dsV6DoBQzgul0sGIcGOYl7OyQdXfZ57relSQageu+ipAdTTJ25AsRTAoub8ONGcLmqrAmRLKBP1dfwhYB4N7knNnulqQxA+Uk1ihz0=
+.			87372	IN	RRSIG	DNSKEY 8 0 172800 20150115235959 20150101000000 19036 . i8cAxD2pvQi1oAyvQxRpDfFlbqPzW+69QQEsDwE1eWOm5AtawO9U7lmsGps7sy/fVNvl1ljKBj4Djp9pb3U2FLogjiIlW0cDAkPmLlG9t+b/pjEfBNlhjANUVN06pvQVAfm+LcF26EaWT6FlISBqb6jSy4BHRa3Bdc4Sx7+pRSYSqVVvYxLkfAWsKPqGkvWhebJDndJJV9syXQXgZ+v/uJ+6XOS43xkAdeL8iBzIs/FlwMTfh3tVe3d0lb65IBBLlCzeQuetX+0Vu1YFcnD0mHc/wS2ZnAV5toAFmyVQBoY/XAZiZeaOkcROJ6Zmqezy7liwK7BqsYyAZntMhk8lbg==
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 883 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 52147
+;; flags: qr rd ra ad cd ; qd: 1 an: 2 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ch., type = DS, class = IN
+
+;; ANSWERS:
+ch.			972	IN	DS	46375 8 2 8F96646FC68BB7E4AF4C0750A6096FBC0D4ECDA3D3FA6DA06FDDB42EE50C6CF3
+ch.			972	IN	RRSIG	DS 8 1 86400 20150112170000 20150105160000 16665 . thY7xYWBBxiBjqbQIb9fAG4TmQgnziwM7q6P1T3/ITxmECdvOCQnnZA3uD7qmN8uM0HudsD7+y+zgD3rsH4RSTKdL4kHSI0OnCxToMTvklghEgFDezqIRm8NkWdI2H4Stwrj20nYKSpLQxPI2EE54gs18P3KyO8bAUYv8Qx73xU=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 238 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 42646
+;; flags: qr rd ra ad cd ; qd: 1 an: 4 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ch., type = DNSKEY, class = IN
+
+;; ANSWERS:
+ch.			973	IN	DNSKEY	257 3 8 AwEAAb7GhhZ8IAy/AhwmSms5DeQK5ad09wIIplEpYoiAIYXPtJvT1ReFzyfTp/2YP+g/PWDwHPh4qKAHa9x0VgbIQcGAeNakmfkAdWEmCnca323/SAml3mwfaX62G7/uYWae5zh8QTxZKNd+K1yZ5x0IxnI31chSl5xymRbTEHYZDKwSIRFM3fTxUMt93WFaBVWELReYotJBr++rvAWdnlay5TPBTvheLBkaiqtgM4GP8HK07Y+86lsZnEsj5K3G1KTV5SPpa82rqYAwxG9VKbmSE/6/kBR5jJHjt1rRt5Oe7v18aEtw0YCEN4vxq+KuvMoNVqXUsE9LBwHJD+QNwi6wmB0=
+ch.			973	IN	DNSKEY	256 3 8 AwEAAcsg0kY6fw1wzYMhSAKTy+Y2JzAst66P/1odp9NECJJHbU8f4nwziI3onoFSBV0ZiSZhY1aH5dhdDZ7BkrqhVXSrZPAz0CvzjIxmB1gSOf9DeZvjQvoy97HqYolxsf+B3QQv2RKBT67elF5+JisKg3/dQISelKn8LhabSoVrMlD1
+ch.			973	IN	DNSKEY	256 3 8 AwEAAcSLdT0fEmcFmLpeUkAJoeVaHKiu+nbuc43fWlqaCRVf8t2HA4uWxOk0O5ci9nrFTc8nq8oa5fk5Cj7CHh4yrX9qUCfTdIWTyp8BDEdJpS+Dyb0u9wQuVj+nQMj4fLzdQf4TJs3/qxuiLr3nL1UUwlhhXeqSqGVb7p3mtB5HJ8ad
+ch.			973	IN	RRSIG	DNSKEY 8 1 86400 20150127100909 20141212090909 46375 ch. bT8q0FWyeMH0SulNo6UdIIgZYNATwYsee2bikq2Gh339Bufma8eaqWIPYT3XKmxYPBFOw0bVl+kLZxTwbR1CFoCDXoP+qgQhh4mf9qkNiv2CDSc+0FE3FRREn+DAhYTUEuB58FPiPakFB8s8O7T+k2qhDae7jy4/y7Jl1lnjaBY8s7bzOUPhF0KKCNZmvoKwtL23ZdVeTSV1xM3jkiNnpzBKbcoSWECSGJVp1SE0BnRXdwQP41YTXFZ0310YjaTAUCC5qbMIWdEkHjfdSQtKBImnc85mkapq9w++XQ4zhauPWBtrPV3CcoCahjUaWdjrKVkibomlJZaN8MEO23CfQw==
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 893 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 39084
+;; flags: qr rd ra cd ; qd: 1 an: 3 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ingotronic.ch., type = DS, class = IN
+
+;; ANSWERS:
+ingotronic.ch.		3581	IN	DS	6031 5 1 733D0218B571CD617B1A7493564B9FC4F12ADE82
+ingotronic.ch.		3581	IN	DS	6031 5 2 4A948F2FDADA24686E473EDAC00DCF972584C75E3FAA92C2021B6221449FF87E
+ingotronic.ch.		3581	IN	RRSIG	DS 8 2 3600 20150129033614 20150105123019 60789 ch. rVPJP2HhzW7OkroK2axFj5Lb4iVWCH8Fp/Iq1rF952NDo72b8RiKje2RaAKJAGQ+wd0YgE+PAej04GCmkhlDJA/zvPeeTxuhy3HbJzReMlQ7fjyH+wW1hli+FuIYvogXWf7nO/9VyPORt8X/f/pjrOr3Vlj9sGLN8TGYpEuVSw4=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 288 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 5987
+;; flags: qr aa rd ra cd ; qd: 1 an: 4 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ingotronic.ch., type = DNSKEY, class = IN
+
+;; ANSWERS:
+ingotronic.ch.		300	IN	DNSKEY	257 3 5 AwEAAeA1vzmjaB+eBAcvhzpKEgAEFpvQ1rg4uKDW6MsQtacKoqBpgyep2+LuWotz5p/xYxj3NGsArwN8Ad5cY0FHRr8miTT0elOv6nvlqGIfRuhj/BXAQ1x4ihpSFslHw0lJMYFwxsUZWpUyjWX/nv1xRZMMwF46gui0N4OEbyTYusCk77D+A71k+K0EAitFIbIH4GCUKmH1H7HmXhSVH9bN/n7KEGwW32lmsuuUcJoRKDkcUvbMXY/9Xoa2quERrUg/rBbDUHowRPjYDS5GzY1+f4YY8s40BufGiqyUTKKXL953MVFK8gmezXA0hbmrnZ7CBOw/7238mORAdzExaX8n7CE=
+ingotronic.ch.		300	IN	DNSKEY	256 3 5 AwEAAZ2Xh77GFzpEDx7EHYxShqltHgkiG+BOjBGifEmnJhQSdE5/yNSLFNcdhZZ8HUPxYnaedTqJcFFg4AzUsQklF/fECegTJdZjaj2WoL0/I8K7HMfY/hVuRZUWPNglYi8agJRX6gdkFTCpUNI7stpgKqxtzUJhhw15uG/lKMplwqUr
+ingotronic.ch.		300	IN	RRSIG	DNSKEY 5 2 300 20150125003700 20141226001657 6031 ingotronic.ch. rs1QlP2SlSpA2ELbzwg3DgWLzXWL3Lpv6CUJE2Q0qH2Zp7Qdy3cD+ZEtNh9v24Qv1M6JJ3zFt8mmZoCeW2ycuMbJCqBkW9CBuwF+VznZvZY2MxwPipvhvEEGP//0M8YAZJ66yQPDv3PTdAP8FYbIrJyvY44vwyncwbslpfHT9jAsrbfr3vuMuWps86dnP462q+0s1TxBfqi8mzo3gdavjHKWVNwohLahLKT+tWeu6DSzQv0YwMjwtkLgF7QRgx3ctIIkloOrnx9nHH1N6y+hxEB89fOlyVDjHhgL5uVtsD5fEdT0FJ2Gc/2nShEMMqIwr1/J9kUq1mNySff/uEe65Q==
+ingotronic.ch.		300	IN	RRSIG	DNSKEY 5 2 300 20150125003700 20141226001657 17430 ingotronic.ch. mEwZjhQqeWksWD0TCnNBrtce4YkWJL3edqL6PvAUu8Fn+Ih437kEs3+pqdkgRsdYQ9HW+lBm/8pWwJlNAv0bi9NykItXMwAUFtncgq+6Pnh3iAM972GXSa5VV4LcGQ5b8CBdHCHiEKDqyPv5Hr5QfYL/FQaWlcNRh4QZZlZNPFA=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 940 bytes
+
+###############################################
+
diff --git a/src/test/resources/recordings/org_xbill_DNS_dnssec_TestWildcard/testSynthesisUsesCorrectWildcardNodataNsec3 b/src/test/resources/recordings/org_xbill_DNS_dnssec_TestWildcard/testSynthesisUsesCorrectWildcardNodataNsec3
new file mode 100644
index 000000000..e4e522c85
--- /dev/null
+++ b/src/test/resources/recordings/org_xbill_DNS_dnssec_TestWildcard/testSynthesisUsesCorrectWildcardNodataNsec3
@@ -0,0 +1,297 @@
+#Date: 2015-01-06T22:35:04+01:00
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 22667
+;; flags: qr aa rd ra cd ; qd: 1 an: 0 au: 8 ad: 1 
+;; QUESTIONS:
+;;	a.wc.nsec3.ingotronic.ch., type = MX, class = IN
+
+;; ANSWERS:
+
+;; AUTHORITY RECORDS:
+L40SJG7ANKROIHCT5RA6C8CTKJ91CD3N.nsec3.ingotronic.ch.	300	IN	NSEC3	1 0 10 1234 ND3HQPFBN314KVB64L6T40JF75US8HKT
+L40SJG7ANKROIHCT5RA6C8CTKJ91CD3N.nsec3.ingotronic.ch.	300	IN	RRSIG	NSEC3 7 4 300 20150125005926 20141226002759 62417 nsec3.ingotronic.ch. v6NHEWwb2KxRGRPshC2KFoxJs4Mis3OmvncJmn5bIWBnzeTY4x75tsE4zlVPx9rp0rjmOAQsYn4KGtIFPUShDHNHy45qoOtKkvRzRgByx4K2l5Rq9OizQVYsEUUScXEYATilaDU9whifF0vPk7YPwFGRmiY3prCGAvY/jH4hQUM=
+O275F9OLQ9HNCER7U4SMD4V8AG7IPML9.nsec3.ingotronic.ch.	300	IN	NSEC3	1 0 10 1234 QM439T9VOCEM9QOGUD483A42508V4G4E CNAME RRSIG
+O275F9OLQ9HNCER7U4SMD4V8AG7IPML9.nsec3.ingotronic.ch.	300	IN	RRSIG	NSEC3 7 4 300 20150125000452 20141225235516 62417 nsec3.ingotronic.ch. oNHVOddpZW5FtTmBoQuwUk/8Ufa7OjqtzrJWNNcRufe7gJf/k+cKIGnf/JsZC4FFu+KlTbeOU2RkgfgdvjUv4B+5K9WM4Lc33/4lo4hiH9MiQBIKbneShRwBBCXTlUpSzJvksvl/Ld8VZJ2Dbe2q18A7JQvRNW1o1Gx9vxT1kO8=
+ES29HF5NN8D4NUDKH2QBR28NEVBFODG2.nsec3.ingotronic.ch.	300	IN	NSEC3	1 0 10 1234 FH50CGGM3TBSI8M477ILPD3VAT8TM76S A RRSIG
+ES29HF5NN8D4NUDKH2QBR28NEVBFODG2.nsec3.ingotronic.ch.	300	IN	RRSIG	NSEC3 7 4 300 20150125005926 20141226002759 62417 nsec3.ingotronic.ch. CMXrIb7iTUoxImX+qODyUAo0rJ4PyOdS6Fa5yLuCc8OgPTafAgXYNb7oF1esZcYJh6Bn05J+1kIbO9YnIeCLU74bUfQURaeQOwyC+/l/B5Hx1VFo+F304llVBsoge2VvT/IQrtFGBAKpZY5iiQO4DH5yI8yfHprskj3ZB0jvcIY=
+nsec3.ingotronic.ch.	300	IN	SOA	ns1.ingotronic.ch. admin.ingotronic.ch. 2013032932 300 60 864000 300
+nsec3.ingotronic.ch.	300	IN	RRSIG	SOA 7 3 300 20150201003516 20150101233516 62417 nsec3.ingotronic.ch. RMXaAZCkydysBpA4+LWD2frs4CZH2FBxafAolq7MOG62Sw3ellwNcSIh2naMasviin2DU2BAzIYyFUqKJDbUqzTxZQjsM6d5LtgFy5iTNmWum6FnFP5Fz73Zs/9Q0LNEstR82MRRL8EDElADhFySAReavyT/vlSTScQGxx6slyQ=
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 1050 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 20815
+;; flags: qr rd ra ad cd ; qd: 1 an: 4 au: 0 ad: 1 
+;; QUESTIONS:
+;;	., type = DNSKEY, class = IN
+
+;; ANSWERS:
+.			87369	IN	DNSKEY	257 3 8 AwEAAagAIKlVZrpC6Ia7gEzahOR+9W29euxhJhVVLOyQbSEW0O8gcCjFFVQUTf6v58fLjwBd0YI0EzrAcQqBGCzh/RStIoO8g0NfnfL2MTJRkxoXbfDaUeVPQuYEhg37NZWAJQ9VnMVDxP/VHL496M/QZxkjf5/Efucp2gaDX6RS6CXpoY68LsvPVjR0ZSwzz1apAzvN9dlzEheX7ICJBBtuA6G3LQpzW5hOA2hzCTMjJPJ8LbqF6dsV6DoBQzgul0sGIcGOYl7OyQdXfZ57relSQageu+ipAdTTJ25AsRTAoub8ONGcLmqrAmRLKBP1dfwhYB4N7knNnulqQxA+Uk1ihz0=
+.			87369	IN	DNSKEY	256 3 8 AwEAAaPD7Y7XIi1MOEREJNTrRhyqsY3gff6JWzg+XCbqut1sbcbvqyssHw8DT1AkRaAC92pO8xuyq5QEgEPL1IHfABLwpwXI5gTj4gdwi86bpkmlWs9fRpnn4DPDCTdrnxIejJXgClHikLJF3u3CdpNCMijq4CKdQbMlRZ3avv+G7rh7
+.			87369	IN	DNSKEY	256 3 8 AwEAAe3fSrbLBy3LOS7pnxEUhvPZTE2H5dIGsI/UfruI/nOEvWWa/PSX2BFedBkEqOlYdjdNF2f+6lmfk2Od/xu0v5bVqxFE+/24v3hZSlWBxvXzPTAGHrbW/IJYEPqlzVOAS4XdUgHg0N7IbLywNHMvB+Yf+Nm6ctyXXFLV4WTNnzs7
+.			87369	IN	RRSIG	DNSKEY 8 0 172800 20150115235959 20150101000000 19036 . i8cAxD2pvQi1oAyvQxRpDfFlbqPzW+69QQEsDwE1eWOm5AtawO9U7lmsGps7sy/fVNvl1ljKBj4Djp9pb3U2FLogjiIlW0cDAkPmLlG9t+b/pjEfBNlhjANUVN06pvQVAfm+LcF26EaWT6FlISBqb6jSy4BHRa3Bdc4Sx7+pRSYSqVVvYxLkfAWsKPqGkvWhebJDndJJV9syXQXgZ+v/uJ+6XOS43xkAdeL8iBzIs/FlwMTfh3tVe3d0lb65IBBLlCzeQuetX+0Vu1YFcnD0mHc/wS2ZnAV5toAFmyVQBoY/XAZiZeaOkcROJ6Zmqezy7liwK7BqsYyAZntMhk8lbg==
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 883 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 56020
+;; flags: qr rd ra ad cd ; qd: 1 an: 2 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ch., type = DS, class = IN
+
+;; ANSWERS:
+ch.			969	IN	DS	46375 8 2 8F96646FC68BB7E4AF4C0750A6096FBC0D4ECDA3D3FA6DA06FDDB42EE50C6CF3
+ch.			969	IN	RRSIG	DS 8 1 86400 20150112170000 20150105160000 16665 . thY7xYWBBxiBjqbQIb9fAG4TmQgnziwM7q6P1T3/ITxmECdvOCQnnZA3uD7qmN8uM0HudsD7+y+zgD3rsH4RSTKdL4kHSI0OnCxToMTvklghEgFDezqIRm8NkWdI2H4Stwrj20nYKSpLQxPI2EE54gs18P3KyO8bAUYv8Qx73xU=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 238 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 47777
+;; flags: qr rd ra ad cd ; qd: 1 an: 4 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ch., type = DNSKEY, class = IN
+
+;; ANSWERS:
+ch.			970	IN	DNSKEY	256 3 8 AwEAAcsg0kY6fw1wzYMhSAKTy+Y2JzAst66P/1odp9NECJJHbU8f4nwziI3onoFSBV0ZiSZhY1aH5dhdDZ7BkrqhVXSrZPAz0CvzjIxmB1gSOf9DeZvjQvoy97HqYolxsf+B3QQv2RKBT67elF5+JisKg3/dQISelKn8LhabSoVrMlD1
+ch.			970	IN	DNSKEY	257 3 8 AwEAAb7GhhZ8IAy/AhwmSms5DeQK5ad09wIIplEpYoiAIYXPtJvT1ReFzyfTp/2YP+g/PWDwHPh4qKAHa9x0VgbIQcGAeNakmfkAdWEmCnca323/SAml3mwfaX62G7/uYWae5zh8QTxZKNd+K1yZ5x0IxnI31chSl5xymRbTEHYZDKwSIRFM3fTxUMt93WFaBVWELReYotJBr++rvAWdnlay5TPBTvheLBkaiqtgM4GP8HK07Y+86lsZnEsj5K3G1KTV5SPpa82rqYAwxG9VKbmSE/6/kBR5jJHjt1rRt5Oe7v18aEtw0YCEN4vxq+KuvMoNVqXUsE9LBwHJD+QNwi6wmB0=
+ch.			970	IN	DNSKEY	256 3 8 AwEAAcSLdT0fEmcFmLpeUkAJoeVaHKiu+nbuc43fWlqaCRVf8t2HA4uWxOk0O5ci9nrFTc8nq8oa5fk5Cj7CHh4yrX9qUCfTdIWTyp8BDEdJpS+Dyb0u9wQuVj+nQMj4fLzdQf4TJs3/qxuiLr3nL1UUwlhhXeqSqGVb7p3mtB5HJ8ad
+ch.			970	IN	RRSIG	DNSKEY 8 1 86400 20150127100909 20141212090909 46375 ch. bT8q0FWyeMH0SulNo6UdIIgZYNATwYsee2bikq2Gh339Bufma8eaqWIPYT3XKmxYPBFOw0bVl+kLZxTwbR1CFoCDXoP+qgQhh4mf9qkNiv2CDSc+0FE3FRREn+DAhYTUEuB58FPiPakFB8s8O7T+k2qhDae7jy4/y7Jl1lnjaBY8s7bzOUPhF0KKCNZmvoKwtL23ZdVeTSV1xM3jkiNnpzBKbcoSWECSGJVp1SE0BnRXdwQP41YTXFZ0310YjaTAUCC5qbMIWdEkHjfdSQtKBImnc85mkapq9w++XQ4zhauPWBtrPV3CcoCahjUaWdjrKVkibomlJZaN8MEO23CfQw==
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 893 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 31925
+;; flags: qr rd ra cd ; qd: 1 an: 3 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ingotronic.ch., type = DS, class = IN
+
+;; ANSWERS:
+ingotronic.ch.		3578	IN	DS	6031 5 1 733D0218B571CD617B1A7493564B9FC4F12ADE82
+ingotronic.ch.		3578	IN	DS	6031 5 2 4A948F2FDADA24686E473EDAC00DCF972584C75E3FAA92C2021B6221449FF87E
+ingotronic.ch.		3578	IN	RRSIG	DS 8 2 3600 20150129033614 20150105123019 60789 ch. rVPJP2HhzW7OkroK2axFj5Lb4iVWCH8Fp/Iq1rF952NDo72b8RiKje2RaAKJAGQ+wd0YgE+PAej04GCmkhlDJA/zvPeeTxuhy3HbJzReMlQ7fjyH+wW1hli+FuIYvogXWf7nO/9VyPORt8X/f/pjrOr3Vlj9sGLN8TGYpEuVSw4=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 288 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 54791
+;; flags: qr aa rd ra cd ; qd: 1 an: 4 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ingotronic.ch., type = DNSKEY, class = IN
+
+;; ANSWERS:
+ingotronic.ch.		300	IN	DNSKEY	257 3 5 AwEAAeA1vzmjaB+eBAcvhzpKEgAEFpvQ1rg4uKDW6MsQtacKoqBpgyep2+LuWotz5p/xYxj3NGsArwN8Ad5cY0FHRr8miTT0elOv6nvlqGIfRuhj/BXAQ1x4ihpSFslHw0lJMYFwxsUZWpUyjWX/nv1xRZMMwF46gui0N4OEbyTYusCk77D+A71k+K0EAitFIbIH4GCUKmH1H7HmXhSVH9bN/n7KEGwW32lmsuuUcJoRKDkcUvbMXY/9Xoa2quERrUg/rBbDUHowRPjYDS5GzY1+f4YY8s40BufGiqyUTKKXL953MVFK8gmezXA0hbmrnZ7CBOw/7238mORAdzExaX8n7CE=
+ingotronic.ch.		300	IN	DNSKEY	256 3 5 AwEAAZ2Xh77GFzpEDx7EHYxShqltHgkiG+BOjBGifEmnJhQSdE5/yNSLFNcdhZZ8HUPxYnaedTqJcFFg4AzUsQklF/fECegTJdZjaj2WoL0/I8K7HMfY/hVuRZUWPNglYi8agJRX6gdkFTCpUNI7stpgKqxtzUJhhw15uG/lKMplwqUr
+ingotronic.ch.		300	IN	RRSIG	DNSKEY 5 2 300 20150125003700 20141226001657 6031 ingotronic.ch. rs1QlP2SlSpA2ELbzwg3DgWLzXWL3Lpv6CUJE2Q0qH2Zp7Qdy3cD+ZEtNh9v24Qv1M6JJ3zFt8mmZoCeW2ycuMbJCqBkW9CBuwF+VznZvZY2MxwPipvhvEEGP//0M8YAZJ66yQPDv3PTdAP8FYbIrJyvY44vwyncwbslpfHT9jAsrbfr3vuMuWps86dnP462q+0s1TxBfqi8mzo3gdavjHKWVNwohLahLKT+tWeu6DSzQv0YwMjwtkLgF7QRgx3ctIIkloOrnx9nHH1N6y+hxEB89fOlyVDjHhgL5uVtsD5fEdT0FJ2Gc/2nShEMMqIwr1/J9kUq1mNySff/uEe65Q==
+ingotronic.ch.		300	IN	RRSIG	DNSKEY 5 2 300 20150125003700 20141226001657 17430 ingotronic.ch. mEwZjhQqeWksWD0TCnNBrtce4YkWJL3edqL6PvAUu8Fn+Ih437kEs3+pqdkgRsdYQ9HW+lBm/8pWwJlNAv0bi9NykItXMwAUFtncgq+6Pnh3iAM972GXSa5VV4LcGQ5b8CBdHCHiEKDqyPv5Hr5QfYL/FQaWlcNRh4QZZlZNPFA=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 940 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 54694
+;; flags: qr aa rd ra cd ; qd: 1 an: 3 au: 0 ad: 1 
+;; QUESTIONS:
+;;	nsec3.ingotronic.ch., type = DS, class = IN
+
+;; ANSWERS:
+nsec3.ingotronic.ch.	300	IN	DS	16758 7 2 3C8DC02750A1636F829B45D6E6D642866768A9CD40A013AD9D25AB63734FFA13
+nsec3.ingotronic.ch.	300	IN	DS	16758 7 1 1720FF268E09A2CB63805EC8782D10AAD20E12A5
+nsec3.ingotronic.ch.	300	IN	RRSIG	DS 5 3 300 20150125011134 20141226002644 17430 ingotronic.ch. hNurzlGhlyHbSgezPDuhIrtN9ZMsMXZbKGc7HD5rUuM88wD3fM97NxdzF+2Hi1USvBZ5GsQv63L+lAzf+mFPBoPIFHtTiAv8up7kQKRKmi/EzzkCYd/CC4UYdDZbaUyv7esh7spSOGwjPJNdK831p+MgltoWaYtnSGVMgOKk5mc=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 305 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 17499
+;; flags: qr aa rd ra cd ; qd: 1 an: 4 au: 0 ad: 1 
+;; QUESTIONS:
+;;	nsec3.ingotronic.ch., type = DNSKEY, class = IN
+
+;; ANSWERS:
+nsec3.ingotronic.ch.	300	IN	DNSKEY	257 3 7 AwEAAaBuJTf9oGyeTH3biUkAFLrsYrkodX1H7Snsui4XsDHFCBvs5XYacHbs0Jg0/O51KPjmNnjwMW8SSyDkKqYQ+9uYAf2EQ/pnD/VGQqnV2cw0Vwk/t0E2V4FUCju4pnAoyzZFZXGs1eWbX9JXu++b0Azp+ACq6485qJLzHhWDiIrPoK/SvdbFVRK4s+nPPJLH3NGBbtdz6kPq7aFWYBMoGeAZdN1wsQpcNWUo5eOmaJY53nMc7+rDpAyYlMe/FKwSZdX2ZDd63Qsa6Im4FVUJq/nWLq7tlQ/mWks15uDTQyJy/OWfA0ICCO4N9Fel9rThJNpJWEzOCblvZyBoy405kZk=
+nsec3.ingotronic.ch.	300	IN	DNSKEY	256 3 7 AwEAAccAWxkTVGZ6UAp0VEozAlYpARhbh6Y6tYOl6Fg3UeBNFFtDQ9fTEEt1NkbnR9u8KkpVN6a67avlYiUN1egDqEwzDU7R1Rw+/USdhm2hqOARmmu3DBgjjX/iXjZLyv310cOGFJZ/smcodlDL4pDAAoPxh/qs6KEBaT0sc1KWcGq3
+nsec3.ingotronic.ch.	300	IN	RRSIG	DNSKEY 7 3 300 20150125001457 20141226000444 16758 nsec3.ingotronic.ch. mXi1ylDi8XkRPup+YlT8GPdYE+P7gb6+/VdAwtodI916IzrkGkOHOTLbnrbAqqJOh0HxVCYXdxovmEcbJKUFKwplrQg3XD7/9Sq4pKU1MhMFEGrm/QPkM4u0mgjQwyToDLGuPHuFyur3FSjO/n54uGhAEft9JOFk/WKtWdCnm2LLyQrpC6herA3efFaI8kZhdoEY02AwihWVJxHasmz7lOoKRgNrkfELU+fN4+V7ISsRfJMyZc6q5PuNeG6vFD0uNE8tpdLJCSMurKYVpelvYqzFIcRTYcIjXwmS+L3DGjupqWMzFZVmpQM62JG3KCCD0ffpnNb0nWoSoHwpSeh/3Q==
+nsec3.ingotronic.ch.	300	IN	RRSIG	DNSKEY 7 3 300 20150125001457 20141226000444 62417 nsec3.ingotronic.ch. PyCrf8T5dAfJzapb1p+kcTALPjDuD2niSaXXo0KeHAunT+6gJicLML2S/ZpiYr7X7Ma4Z0TYqE02qH6pcLYNnSgv9BE8sZO0nRtPekSyTy5nLi4hFADYhjb3UjaB85qmQZcqm64vC/CJhWO4t6Eixg/5MYALw+Qdy5Fo0qy/U5E=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 958 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 6987
+;; flags: qr rd ra ad cd ; qd: 1 an: 4 au: 0 ad: 1 
+;; QUESTIONS:
+;;	., type = DNSKEY, class = IN
+
+;; ANSWERS:
+.			87369	IN	DNSKEY	256 3 8 AwEAAaPD7Y7XIi1MOEREJNTrRhyqsY3gff6JWzg+XCbqut1sbcbvqyssHw8DT1AkRaAC92pO8xuyq5QEgEPL1IHfABLwpwXI5gTj4gdwi86bpkmlWs9fRpnn4DPDCTdrnxIejJXgClHikLJF3u3CdpNCMijq4CKdQbMlRZ3avv+G7rh7
+.			87369	IN	DNSKEY	257 3 8 AwEAAagAIKlVZrpC6Ia7gEzahOR+9W29euxhJhVVLOyQbSEW0O8gcCjFFVQUTf6v58fLjwBd0YI0EzrAcQqBGCzh/RStIoO8g0NfnfL2MTJRkxoXbfDaUeVPQuYEhg37NZWAJQ9VnMVDxP/VHL496M/QZxkjf5/Efucp2gaDX6RS6CXpoY68LsvPVjR0ZSwzz1apAzvN9dlzEheX7ICJBBtuA6G3LQpzW5hOA2hzCTMjJPJ8LbqF6dsV6DoBQzgul0sGIcGOYl7OyQdXfZ57relSQageu+ipAdTTJ25AsRTAoub8ONGcLmqrAmRLKBP1dfwhYB4N7knNnulqQxA+Uk1ihz0=
+.			87369	IN	DNSKEY	256 3 8 AwEAAe3fSrbLBy3LOS7pnxEUhvPZTE2H5dIGsI/UfruI/nOEvWWa/PSX2BFedBkEqOlYdjdNF2f+6lmfk2Od/xu0v5bVqxFE+/24v3hZSlWBxvXzPTAGHrbW/IJYEPqlzVOAS4XdUgHg0N7IbLywNHMvB+Yf+Nm6ctyXXFLV4WTNnzs7
+.			87369	IN	RRSIG	DNSKEY 8 0 172800 20150115235959 20150101000000 19036 . i8cAxD2pvQi1oAyvQxRpDfFlbqPzW+69QQEsDwE1eWOm5AtawO9U7lmsGps7sy/fVNvl1ljKBj4Djp9pb3U2FLogjiIlW0cDAkPmLlG9t+b/pjEfBNlhjANUVN06pvQVAfm+LcF26EaWT6FlISBqb6jSy4BHRa3Bdc4Sx7+pRSYSqVVvYxLkfAWsKPqGkvWhebJDndJJV9syXQXgZ+v/uJ+6XOS43xkAdeL8iBzIs/FlwMTfh3tVe3d0lb65IBBLlCzeQuetX+0Vu1YFcnD0mHc/wS2ZnAV5toAFmyVQBoY/XAZiZeaOkcROJ6Zmqezy7liwK7BqsYyAZntMhk8lbg==
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 883 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 4743
+;; flags: qr rd ra ad cd ; qd: 1 an: 2 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ch., type = DS, class = IN
+
+;; ANSWERS:
+ch.			969	IN	DS	46375 8 2 8F96646FC68BB7E4AF4C0750A6096FBC0D4ECDA3D3FA6DA06FDDB42EE50C6CF3
+ch.			969	IN	RRSIG	DS 8 1 86400 20150112170000 20150105160000 16665 . thY7xYWBBxiBjqbQIb9fAG4TmQgnziwM7q6P1T3/ITxmECdvOCQnnZA3uD7qmN8uM0HudsD7+y+zgD3rsH4RSTKdL4kHSI0OnCxToMTvklghEgFDezqIRm8NkWdI2H4Stwrj20nYKSpLQxPI2EE54gs18P3KyO8bAUYv8Qx73xU=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 238 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 63386
+;; flags: qr rd ra ad cd ; qd: 1 an: 4 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ch., type = DNSKEY, class = IN
+
+;; ANSWERS:
+ch.			970	IN	DNSKEY	256 3 8 AwEAAcsg0kY6fw1wzYMhSAKTy+Y2JzAst66P/1odp9NECJJHbU8f4nwziI3onoFSBV0ZiSZhY1aH5dhdDZ7BkrqhVXSrZPAz0CvzjIxmB1gSOf9DeZvjQvoy97HqYolxsf+B3QQv2RKBT67elF5+JisKg3/dQISelKn8LhabSoVrMlD1
+ch.			970	IN	DNSKEY	257 3 8 AwEAAb7GhhZ8IAy/AhwmSms5DeQK5ad09wIIplEpYoiAIYXPtJvT1ReFzyfTp/2YP+g/PWDwHPh4qKAHa9x0VgbIQcGAeNakmfkAdWEmCnca323/SAml3mwfaX62G7/uYWae5zh8QTxZKNd+K1yZ5x0IxnI31chSl5xymRbTEHYZDKwSIRFM3fTxUMt93WFaBVWELReYotJBr++rvAWdnlay5TPBTvheLBkaiqtgM4GP8HK07Y+86lsZnEsj5K3G1KTV5SPpa82rqYAwxG9VKbmSE/6/kBR5jJHjt1rRt5Oe7v18aEtw0YCEN4vxq+KuvMoNVqXUsE9LBwHJD+QNwi6wmB0=
+ch.			970	IN	DNSKEY	256 3 8 AwEAAcSLdT0fEmcFmLpeUkAJoeVaHKiu+nbuc43fWlqaCRVf8t2HA4uWxOk0O5ci9nrFTc8nq8oa5fk5Cj7CHh4yrX9qUCfTdIWTyp8BDEdJpS+Dyb0u9wQuVj+nQMj4fLzdQf4TJs3/qxuiLr3nL1UUwlhhXeqSqGVb7p3mtB5HJ8ad
+ch.			970	IN	RRSIG	DNSKEY 8 1 86400 20150127100909 20141212090909 46375 ch. bT8q0FWyeMH0SulNo6UdIIgZYNATwYsee2bikq2Gh339Bufma8eaqWIPYT3XKmxYPBFOw0bVl+kLZxTwbR1CFoCDXoP+qgQhh4mf9qkNiv2CDSc+0FE3FRREn+DAhYTUEuB58FPiPakFB8s8O7T+k2qhDae7jy4/y7Jl1lnjaBY8s7bzOUPhF0KKCNZmvoKwtL23ZdVeTSV1xM3jkiNnpzBKbcoSWECSGJVp1SE0BnRXdwQP41YTXFZ0310YjaTAUCC5qbMIWdEkHjfdSQtKBImnc85mkapq9w++XQ4zhauPWBtrPV3CcoCahjUaWdjrKVkibomlJZaN8MEO23CfQw==
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 893 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 59366
+;; flags: qr rd ra cd ; qd: 1 an: 3 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ingotronic.ch., type = DS, class = IN
+
+;; ANSWERS:
+ingotronic.ch.		3578	IN	DS	6031 5 1 733D0218B571CD617B1A7493564B9FC4F12ADE82
+ingotronic.ch.		3578	IN	DS	6031 5 2 4A948F2FDADA24686E473EDAC00DCF972584C75E3FAA92C2021B6221449FF87E
+ingotronic.ch.		3578	IN	RRSIG	DS 8 2 3600 20150129033614 20150105123019 60789 ch. rVPJP2HhzW7OkroK2axFj5Lb4iVWCH8Fp/Iq1rF952NDo72b8RiKje2RaAKJAGQ+wd0YgE+PAej04GCmkhlDJA/zvPeeTxuhy3HbJzReMlQ7fjyH+wW1hli+FuIYvogXWf7nO/9VyPORt8X/f/pjrOr3Vlj9sGLN8TGYpEuVSw4=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 288 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 62132
+;; flags: qr aa rd ra cd ; qd: 1 an: 4 au: 0 ad: 1 
+;; QUESTIONS:
+;;	ingotronic.ch., type = DNSKEY, class = IN
+
+;; ANSWERS:
+ingotronic.ch.		300	IN	DNSKEY	256 3 5 AwEAAZ2Xh77GFzpEDx7EHYxShqltHgkiG+BOjBGifEmnJhQSdE5/yNSLFNcdhZZ8HUPxYnaedTqJcFFg4AzUsQklF/fECegTJdZjaj2WoL0/I8K7HMfY/hVuRZUWPNglYi8agJRX6gdkFTCpUNI7stpgKqxtzUJhhw15uG/lKMplwqUr
+ingotronic.ch.		300	IN	DNSKEY	257 3 5 AwEAAeA1vzmjaB+eBAcvhzpKEgAEFpvQ1rg4uKDW6MsQtacKoqBpgyep2+LuWotz5p/xYxj3NGsArwN8Ad5cY0FHRr8miTT0elOv6nvlqGIfRuhj/BXAQ1x4ihpSFslHw0lJMYFwxsUZWpUyjWX/nv1xRZMMwF46gui0N4OEbyTYusCk77D+A71k+K0EAitFIbIH4GCUKmH1H7HmXhSVH9bN/n7KEGwW32lmsuuUcJoRKDkcUvbMXY/9Xoa2quERrUg/rBbDUHowRPjYDS5GzY1+f4YY8s40BufGiqyUTKKXL953MVFK8gmezXA0hbmrnZ7CBOw/7238mORAdzExaX8n7CE=
+ingotronic.ch.		300	IN	RRSIG	DNSKEY 5 2 300 20150125003700 20141226001657 6031 ingotronic.ch. rs1QlP2SlSpA2ELbzwg3DgWLzXWL3Lpv6CUJE2Q0qH2Zp7Qdy3cD+ZEtNh9v24Qv1M6JJ3zFt8mmZoCeW2ycuMbJCqBkW9CBuwF+VznZvZY2MxwPipvhvEEGP//0M8YAZJ66yQPDv3PTdAP8FYbIrJyvY44vwyncwbslpfHT9jAsrbfr3vuMuWps86dnP462q+0s1TxBfqi8mzo3gdavjHKWVNwohLahLKT+tWeu6DSzQv0YwMjwtkLgF7QRgx3ctIIkloOrnx9nHH1N6y+hxEB89fOlyVDjHhgL5uVtsD5fEdT0FJ2Gc/2nShEMMqIwr1/J9kUq1mNySff/uEe65Q==
+ingotronic.ch.		300	IN	RRSIG	DNSKEY 5 2 300 20150125003700 20141226001657 17430 ingotronic.ch. mEwZjhQqeWksWD0TCnNBrtce4YkWJL3edqL6PvAUu8Fn+Ih437kEs3+pqdkgRsdYQ9HW+lBm/8pWwJlNAv0bi9NykItXMwAUFtncgq+6Pnh3iAM972GXSa5VV4LcGQ5b8CBdHCHiEKDqyPv5Hr5QfYL/FQaWlcNRh4QZZlZNPFA=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 940 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 64272
+;; flags: qr aa rd ra cd ; qd: 1 an: 3 au: 0 ad: 1 
+;; QUESTIONS:
+;;	nsec3.ingotronic.ch., type = DS, class = IN
+
+;; ANSWERS:
+nsec3.ingotronic.ch.	300	IN	DS	16758 7 2 3C8DC02750A1636F829B45D6E6D642866768A9CD40A013AD9D25AB63734FFA13
+nsec3.ingotronic.ch.	300	IN	DS	16758 7 1 1720FF268E09A2CB63805EC8782D10AAD20E12A5
+nsec3.ingotronic.ch.	300	IN	RRSIG	DS 5 3 300 20150125011134 20141226002644 17430 ingotronic.ch. hNurzlGhlyHbSgezPDuhIrtN9ZMsMXZbKGc7HD5rUuM88wD3fM97NxdzF+2Hi1USvBZ5GsQv63L+lAzf+mFPBoPIFHtTiAv8up7kQKRKmi/EzzkCYd/CC4UYdDZbaUyv7esh7spSOGwjPJNdK831p+MgltoWaYtnSGVMgOKk5mc=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 305 bytes
+
+###############################################
+
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 52804
+;; flags: qr aa rd ra cd ; qd: 1 an: 4 au: 0 ad: 1 
+;; QUESTIONS:
+;;	nsec3.ingotronic.ch., type = DNSKEY, class = IN
+
+;; ANSWERS:
+nsec3.ingotronic.ch.	300	IN	DNSKEY	256 3 7 AwEAAccAWxkTVGZ6UAp0VEozAlYpARhbh6Y6tYOl6Fg3UeBNFFtDQ9fTEEt1NkbnR9u8KkpVN6a67avlYiUN1egDqEwzDU7R1Rw+/USdhm2hqOARmmu3DBgjjX/iXjZLyv310cOGFJZ/smcodlDL4pDAAoPxh/qs6KEBaT0sc1KWcGq3
+nsec3.ingotronic.ch.	300	IN	DNSKEY	257 3 7 AwEAAaBuJTf9oGyeTH3biUkAFLrsYrkodX1H7Snsui4XsDHFCBvs5XYacHbs0Jg0/O51KPjmNnjwMW8SSyDkKqYQ+9uYAf2EQ/pnD/VGQqnV2cw0Vwk/t0E2V4FUCju4pnAoyzZFZXGs1eWbX9JXu++b0Azp+ACq6485qJLzHhWDiIrPoK/SvdbFVRK4s+nPPJLH3NGBbtdz6kPq7aFWYBMoGeAZdN1wsQpcNWUo5eOmaJY53nMc7+rDpAyYlMe/FKwSZdX2ZDd63Qsa6Im4FVUJq/nWLq7tlQ/mWks15uDTQyJy/OWfA0ICCO4N9Fel9rThJNpJWEzOCblvZyBoy405kZk=
+nsec3.ingotronic.ch.	300	IN	RRSIG	DNSKEY 7 3 300 20150125001457 20141226000444 16758 nsec3.ingotronic.ch. mXi1ylDi8XkRPup+YlT8GPdYE+P7gb6+/VdAwtodI916IzrkGkOHOTLbnrbAqqJOh0HxVCYXdxovmEcbJKUFKwplrQg3XD7/9Sq4pKU1MhMFEGrm/QPkM4u0mgjQwyToDLGuPHuFyur3FSjO/n54uGhAEft9JOFk/WKtWdCnm2LLyQrpC6herA3efFaI8kZhdoEY02AwihWVJxHasmz7lOoKRgNrkfELU+fN4+V7ISsRfJMyZc6q5PuNeG6vFD0uNE8tpdLJCSMurKYVpelvYqzFIcRTYcIjXwmS+L3DGjupqWMzFZVmpQM62JG3KCCD0ffpnNb0nWoSoHwpSeh/3Q==
+nsec3.ingotronic.ch.	300	IN	RRSIG	DNSKEY 7 3 300 20150125001457 20141226000444 62417 nsec3.ingotronic.ch. PyCrf8T5dAfJzapb1p+kcTALPjDuD2niSaXXo0KeHAunT+6gJicLML2S/ZpiYr7X7Ma4Z0TYqE02qH6pcLYNnSgv9BE8sZO0nRtPekSyTy5nLi4hFADYhjb3UjaB85qmQZcqm64vC/CJhWO4t6Eixg/5MYALw+Qdy5Fo0qy/U5E=
+
+;; AUTHORITY RECORDS:
+
+;; ADDITIONAL RECORDS:
+.			32768	CLASS4096	OPT	 ; payload 4096, xrcode 0, version 0, flags 32768
+
+;; Message size: 958 bytes
+
+###############################################
+
diff --git a/src/test/resources/root.zone b/src/test/resources/root.zone
new file mode 100644
index 000000000..24be51d68
--- /dev/null
+++ b/src/test/resources/root.zone
@@ -0,0 +1,25097 @@
+.			86400	IN	SOA	a.root-servers.net. nstld.verisign-grs.com. 2023110500 1800 900 604800 86400
+.			86400	IN	RRSIG	SOA 8 0 86400 20231118050000 20231105040000 46780 . DjoF8WtNBOaFha3ymE3nNTa/gBHkftTrFV8+bWCpkdIjZVI8PvL0BEJlsoKCQNmXgOVo21+AIKyKE2pl0kiCoCawSjlIu2BaOqcOPtatjvYsZI/dBSxEc7h5UhDj6vEOAhiu+6f3caR1r9P4cF2DsME7gR6+sV7a6kEu4YiV1jt7YG1qsCeYeW4DR5pgYIQ3CvnfIA7sxxA+FAvMmbtvBin/AAtv+4/VkvEhJDUIsXGeNzuAt6Ilp5/PEX59s6zF0WoMy/OIVVfAR0KnsmPoo5BPZyNDXBBV6ZmGq8/f6aZoJ+gcm3fNq9+UAHKJ+oYfhZht2+ymOkdS6l9D8F2VyA==
+.			518400	IN	NS	a.root-servers.net.
+.			518400	IN	NS	b.root-servers.net.
+.			518400	IN	NS	c.root-servers.net.
+.			518400	IN	NS	d.root-servers.net.
+.			518400	IN	NS	e.root-servers.net.
+.			518400	IN	NS	f.root-servers.net.
+.			518400	IN	NS	g.root-servers.net.
+.			518400	IN	NS	h.root-servers.net.
+.			518400	IN	NS	i.root-servers.net.
+.			518400	IN	NS	j.root-servers.net.
+.			518400	IN	NS	k.root-servers.net.
+.			518400	IN	NS	l.root-servers.net.
+.			518400	IN	NS	m.root-servers.net.
+.			518400	IN	RRSIG	NS 8 0 518400 20231118050000 20231105040000 46780 . wBGo1yaZisA01u7C75dBaeietQukxXT8wmTOMWKTcP744RPpXkDjDeaws4BZC8prKdZyXPbeOaPtrwp7DF2nt3zlxxh8IWJOlgos7G7KlXxqd5V5UtXH8uaTvM0tMSJ5TAx3n/HJleoLfRis4NdSYL0GTFYBdANwHXJFKVeSkpn3pmXZylH2Iaqh4QfBEADitTLPu7LozA+nziweu2E/awIDYsp6H0Q9KmHA00/SX7WRlJnnSSCyQyEE3jm9GFYLmQo7RM+V2FfozFsfh2EY7IC7IM8RgjqTE1fchD51lrhhWzr9y0oYlSbaoRl56kYGTLFOjhTh1ppnxLQ7GU1Cvw==
+.			86400	IN	NSEC	aaa. NS SOA RRSIG NSEC DNSKEY ZONEMD
+.			86400	IN	RRSIG	NSEC 8 0 86400 20231118050000 20231105040000 46780 . wmb55sb6b77nHTDBxGKhKeou1jfGYYg0Pj1ekK8N/WlOfkhgoBJcmJncT2bgqUTXryrDGNIKq6pPT04GWW99DsEn0UOq80lztZW2snPnmg9nZqJ38gOsvAbG+RbIENOeEX9/3xm7/ZYAniFhryuUzauNVaDYtvaxY/shHgGW6VETN04aw/rFj25spxEFjUl+3Cy8KgaSsH6WTnQK9EG1q2CDhspeDedkzI5ozBbDH6maYIzLWVxeW+ShdoZs+m/vPtCh9OLADdHa6t96QO8NMIVHsjJNQWJGGDeX3SBj1lSz0sBNg48QSGL/zF719E0Bd5ZtNVdOcmypUE4tQvjjPg==
+.			172800	IN	DNSKEY	256 3 8 AwEAAddS95RV5uUtkUCN7vyvpb0kDZgmtXwN5Sj/d08+X7ND2sgWBabKnFhftrOsSx9DUhKR3gpMPIxac84Nou8Wzkiu2A/sTzP1F6KpCL8epgemdlZVd1ATHEjpB0KHIQmDjSEO/frGgi8ijQ2vDF3AMSrUwH7qntL1E5ufPHGKRM+agGghcAYfJHJN1dw7Ki3Fo22RDB3VZBxU9yJ3vl/T4hngeL7zK84vgl62tlJJw1rK5S/3U4p/bZarjtMFOHDfh0DEj1ywtRpkpPnge03gmINoa2tz+Kff67kbQb0NhHJYzPRpViaMEWZI9pgGH9ZyuFdNrNRx68XSiO7sya7/i+c=
+.			172800	IN	DNSKEY	257 3 8 AwEAAaz/tAm8yTn4Mfeh5eyI96WSVexTBAvkMgJzkKTOiW1vkIbzxeF3+/4RgWOq7HrxRixHlFlExOLAJr5emLvN7SWXgnLh4+B5xQlNVz8Og8kvArMtNROxVQuCaSnIDdD5LKyWbRd2n9WGe2R8PzgCmr3EgVLrjyBxWezF0jLHwVN8efS3rCj/EWgvIWgb9tarpVUDK/b58Da+sqqls3eNbuv7pr+eoZG+SrDK6nWeL3c6H5Apxz7LjVc1uTIdsIXxuOLYA4/ilBmSVIzuDWfdRUfhHdY6+cn8HFRm+2hM8AnXGXws9555KrUB5qihylGa8subX2Nn6UwNR1AkUTV74bU=
+.			172800	IN	RRSIG	DNSKEY 8 0 172800 20231121000000 20231031000000 20326 . fdwy6D1E9vFN099dbnfAwV7uYYd1aXOpVZ56Vh6AFWyWWQxno07varI64fNCDCv5vMXoMkGXZO7+rb0ngfYS6sFFgdNUUz1O3EMgqGyzPM2dqe0YbeZT/m+10PdMZJRnNK6cK2swPcuSSZ8LatNwx+L2MlQ4ipxNwJRJko3jbJWGFTqttvXUA9fv3ecwe4ACVjLgM5sJBtxWlgM3nUXu9hf1JFo4NI8ePJ8LcxWHfxldKlSKkjigmEMLZx7sDl2CvAY5mK/qRtIN+6VIKyb2iZBC7UN8C6GpRv/3P8xCQ2FLAbOnh6ibUUTSZf8FP3KGZtnoSelSqdOhFI3beHP6EA==
+.			86400	IN	ZONEMD	2023110500 1 241 1AADC4FDD0FDB404C4848A9D7C1F1C674C31ADDFDF747454BAE966048EAE0806158EBA5569EEC4638E7A765A72F5019D
+.			86400	IN	RRSIG	ZONEMD 8 0 86400 20231118050000 20231105040000 46780 . 0mm+OTPKLHGBcr3TaEHU74N7jpuurIeuyd3tS5I2s+KJ6Sx5605ArLIvbSfXA1b265rErJN0sp5se2ldBJqIzO7UzkPHSvDoMR8AyuFx8nQskidqAH/M0xOeUzZmft9+3ny5MTauLuIEaTHo2/w6fY5R3+TI24bvCLvHpKxodEu9V0Yx5pxLCtuQvV7ZDV1fG00dYbsIZygdx9jjdx6tCfAtRogl12Sc2VN3+Hw0GlxCpt9GP6nh5LIcyGY4ilC1T9RZF23t96hJ2PgJho2vfib4hsWYN9kanjReEAd+du7HZAlMuLfawzA1Prh0+CrmrOexzkQnIOBQmxz24HrS2w==
+aaa.			172800	IN	NS	a.nic.aaa.
+aaa.			172800	IN	NS	b.nic.aaa.
+aaa.			172800	IN	NS	c.nic.aaa.
+aaa.			172800	IN	NS	ns1.dns.nic.aaa.
+aaa.			172800	IN	NS	ns2.dns.nic.aaa.
+aaa.			172800	IN	NS	ns3.dns.nic.aaa.
+aaa.			86400	IN	DS	23185 8 2 B18D0EC8791D98E167CA4D9745A0C27A6377E099D8F6A16A09567492AB16B7DE
+aaa.			86400	IN	DS	31852 8 2 89F7670AFC091B199B47900E4CE4135B9463B7F74D3D19A1C732E78C345D4DE6
+aaa.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . 0OQVJoL1nMOk10u4lgU+LAIh85AdaFSwQmIBper8pa1YTh/+oPNqFIUExrNoNIZF1liR+8MVk23AGO9w4An7lNarY1oSinI6FdRPpT0OexI0DRywkI3CRTKTivENxAxjbt9o0sJHg4yNiwBJfv+KFaYCXAns7ppZT6WqdekqmcAh85g8GzZSiK6eujbM6TeDW2VTrxNn5k2x6/g+CXlUUHUT8RHtVvGohTi/kPRPt1fKtZOJH1d9Ne4bwYzuonTA3xdsGGqaqNr1LFtDNjZsHzk4Wwg+yNcewl6o1wt1wrHn0GllUW8vVHKut/K53VHjt+9mbnhdbVATrDeusLLzXA==
+aaa.			86400	IN	NSEC	aarp. NS DS RRSIG NSEC
+aaa.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . LyowmUUnY+25FKpqGtrg0W3J74F28Fdl8p5SNcW9MhiyMt7pGeFa7i6ZnnGknIY9pQ83pVxx7dgxen6q4ZDMAakcsr7JiOFEIVpeCfg27TNmsVuKjm8H8PWyPKhUwK/INDaz2W93b09HizwD7F3vIR1Ycz3hSYGtZyQmlPwu8A4hKotoVe762b+by3PAncWhkqw64I/B18fn+qhwh0Ua8fXLxKdfgB2/rlNzWxH2J30jwBor6cpQmDBIKGoEmc19v9pBg1jD1sQg6LXz+gpoJ2B2+8pLKRP2cjrlxBRDug/78Em2bRSZ7i9AQ+thCIANz1ZIzIjyhtUurV5Sm5iHIQ==
+a.nic.aaa.		172800	IN	A	37.209.192.9
+a.nic.aaa.		172800	IN	AAAA	2001:dcd:1:0:0:0:0:9
+b.nic.aaa.		172800	IN	A	37.209.194.9
+b.nic.aaa.		172800	IN	AAAA	2001:dcd:2:0:0:0:0:9
+c.nic.aaa.		172800	IN	A	37.209.196.9
+c.nic.aaa.		172800	IN	AAAA	2001:dcd:3:0:0:0:0:9
+ns1.dns.nic.aaa.	172800	IN	A	156.154.144.2
+ns1.dns.nic.aaa.	172800	IN	AAAA	2610:a1:1071:0:0:0:0:2
+ns2.dns.nic.aaa.	172800	IN	A	156.154.145.2
+ns2.dns.nic.aaa.	172800	IN	AAAA	2610:a1:1072:0:0:0:0:2
+ns3.dns.nic.aaa.	172800	IN	A	156.154.159.2
+ns3.dns.nic.aaa.	172800	IN	AAAA	2610:a1:1073:0:0:0:0:2
+aarp.			172800	IN	NS	ac1.nstld.com.
+aarp.			172800	IN	NS	ac2.nstld.com.
+aarp.			172800	IN	NS	ac3.nstld.com.
+aarp.			172800	IN	NS	ac4.nstld.com.
+aarp.			86400	IN	DS	5751 8 2 7E8A14AB8F85009B9F19859815FA695954233FD9DAA6AB359044D12621A77E9F
+aarp.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . LczBmJuXTIYRfR/aUlO0ZFHgQDOpBzmeKAttdbpOLgClcOwZ0d01vHmrwTdO+Ip95LEYb+V5pm9HMSBCNBRD/kGO4lf/6/PLmPu56l6+WsAV6SfUtKrwbq4Ln3zRHK+pDLIPziNht/rQ9U+W4Hd9ncoE2VqTEDybA6bitqQ3yrjU7/o/QvQ7ElMWJjBAGOjXTFkbCeF+Ooo6ZzTy7tR/P3VPOrPBD8nZ7CCkEvSLug0tH37s+XTyfkyu9atTJlSjHAeP8AoVbmKSn9Syt/OYMs6TBv3nwq0Hjpo1LlsIHacmHG9f3sjJNzBBB7lSHCe5OEgHnYF8y8bcIQ2qRtKhHA==
+aarp.			86400	IN	NSEC	abb. NS DS RRSIG NSEC
+aarp.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . 1Fj7zbJnHzzSTOems9PQTrp9WJBu9cZhefIDYDXP86pK1TmeR+n1LSJkroPzn80rWrPIHEmmQo7N9AR+aV00tHHC5eMdPx8ra+Hvnl5oYhW8zK9qEm9YLtnfdXXD8BfIaavnK1eMPlp8AnV6Gl3h3yXzTD8NSCVZ0J6BwBspaTzHrWcKak5cNmM5R1oQh5tpN2icmWz5ouXlq38XhxNArR9uJEj82YoI4OIRmZg4ZRmGzRALvLxTWcsyl10s7awww+yzRxT0LoqD+FAcWVbdjF1I32+nwUkuT5GEoZqLklI9w6LKjq5wDOpFIAz7r1vnCmCyh44njxLBf8bgY8hR4g==
+abb.			172800	IN	NS	a0.nic.abb.
+abb.			172800	IN	NS	a2.nic.abb.
+abb.			172800	IN	NS	b0.nic.abb.
+abb.			172800	IN	NS	c0.nic.abb.
+abb.			86400	IN	DS	16216 8 2 6DC3161E488F546A3BAA11018BF0123C789C56241C9C03DCB74CE07A5ACCB18F
+abb.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . eILEjXkVv1/Qt0IgLqfpRMxw3Hgsu4Bch9bF7xcyX+I89YwxkLj0YQTJo5ct41E/2ByUSYgPE1U8+9QllYzQm4h4R0ilPKXLhKkcc14q7hvoZuTheaKGDQ13I+FTBohMgZd44jiVaCgpu31xB7BfVprRRwqNaMOccHHKI7o+vC3+pwIQNDnU+WoWyOr/5cEo10RMNVxM8KG4oAiFhtMVVn4pgaB6vaRMgcNkJLyR8G26EDkfByBEqwNIEOLEhhcooFWdSvrdxIH2FhYRCDir89gIaC8pN9YbCGR4r8+Gg7aDUrAIdDk1LYMl+FwotZITTGv2hmDXQfnGFTtSzsSRIg==
+abb.			86400	IN	NSEC	abbott. NS DS RRSIG NSEC
+abb.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . vcQ550TFQslxkeU7lAV2TUx2MgnJD3bCTQZ93bYJrXX7klt29jygCiJVq4L9dvUZ+ldOl7EbDLVroRmitLsVcyN6nHgI0KfoS5lto9Kvhs604AgFAdCC1n8SrxaMQm5wD7rsKzni1LQLUbjpKMBaMb60LVnv/RE6XZSKpgemLW5EO2ekUGjYP9U/3bD73fRX+GiHLvmxRNXqdL9/PN1tmVPxP3QrKUJa3UexDG/HP/FjpN2fmXGHFrtURUDogzIrmgVepULxpBmRp6A4XnRNvTb6oT6Dv8Nh3pHiHnUNHpXDfYMzYaOaClWQBVc+izBlVgTLD3/d0OOBuC0Bv9wARA==
+a0.nic.abb.		172800	IN	A	65.22.112.41
+a0.nic.abb.		172800	IN	AAAA	2a01:8840:6e:0:0:0:0:41
+a2.nic.abb.		172800	IN	A	65.22.115.41
+a2.nic.abb.		172800	IN	AAAA	2a01:8840:71:0:0:0:0:41
+b0.nic.abb.		172800	IN	A	65.22.113.41
+b0.nic.abb.		172800	IN	AAAA	2a01:8840:6f:0:0:0:0:41
+c0.nic.abb.		172800	IN	A	65.22.114.41
+c0.nic.abb.		172800	IN	AAAA	2a01:8840:70:0:0:0:0:41
+abbott.			172800	IN	NS	a0.nic.abbott.
+abbott.			172800	IN	NS	a2.nic.abbott.
+abbott.			172800	IN	NS	b0.nic.abbott.
+abbott.			172800	IN	NS	c0.nic.abbott.
+abbott.			86400	IN	DS	41764 8 2 04C4003CF06316C866DF2DCF23304B3A25D30778AC1A838F986350010D2647CE
+abbott.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . rR5lSQV+k+J0yjSrNwFk8CGnRYwExT0sf/+65AdgZr+YG8WGOe7wUoD9uMjGIwjbqC50MLUyuDLbMn1+EtgwOWgltXLx4iq5jQUK7OMSfUmcrSqfckFQKwHobtGEGG49gzTS3oXTDELH0KhP45tlMCFF2sNQF6pb8HlMoahgLX6yaRfj9C5MDKvvwRKn0te1YPSnzsD0LfZS4iTWhBj8PfPMlg4lSoKyADxcKIrucOq3x6GckJRtE5EYW8efBYxpbeqiHBYk+a28rw4z95cXZBjCMSKEBCZSd3DShdT2EQag3PMPR7tJvPbzadZKMJ/khBcdInL2qlKY2ccQEolBlw==
+abbott.			86400	IN	NSEC	abbvie. NS DS RRSIG NSEC
+abbott.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . XWpwHNLO3m088pgoxbPLwhFxw66huYumJYet7/95csEcEN6Wb8fQ2sFfDPjkVk5/Ni9OobWP+fKHekG+pWDbRhDZYZz4f/Ai73JlmWEjVKKLicdmGFZO+OFvY6I3kqmnEuvsBQcptPf2MER+fmvS9jUgiFe0YWRaNiLbmOvyrwHl1HHCOBqdlnhIzvxqp56nS7NsDY8mbVlcoDj/md0lYcGlFBPzNp72rQLuoorBS5/KC4oNNuQGOFZpFBJGccL9coenNc4SpyA1R2l6F0dMHca5F6eoUsR589zi2wuH4UxmyS1yB3nbvh+TPrt0wo63e/oo/AnBqAdEqBvbsFz4mw==
+a0.nic.abbott.		172800	IN	A	65.22.156.41
+a0.nic.abbott.		172800	IN	AAAA	2a01:8840:9a:0:0:0:0:41
+a2.nic.abbott.		172800	IN	A	65.22.159.41
+a2.nic.abbott.		172800	IN	AAAA	2a01:8840:9d:0:0:0:0:41
+b0.nic.abbott.		172800	IN	A	65.22.157.41
+b0.nic.abbott.		172800	IN	AAAA	2a01:8840:9b:0:0:0:0:41
+c0.nic.abbott.		172800	IN	A	65.22.158.41
+c0.nic.abbott.		172800	IN	AAAA	2a01:8840:9c:0:0:0:0:41
+abbvie.			172800	IN	NS	dns1.nic.abbvie.
+abbvie.			172800	IN	NS	dns2.nic.abbvie.
+abbvie.			172800	IN	NS	dns3.nic.abbvie.
+abbvie.			172800	IN	NS	dns4.nic.abbvie.
+abbvie.			172800	IN	NS	dnsa.nic.abbvie.
+abbvie.			172800	IN	NS	dnsb.nic.abbvie.
+abbvie.			172800	IN	NS	dnsc.nic.abbvie.
+abbvie.			172800	IN	NS	dnsd.nic.abbvie.
+abbvie.			86400	IN	DS	56720 8 2 11E4530F78B2C9CB2455D04DFA886A61C3F23E1887E53245B7950FFF03AD8B2B
+abbvie.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . vSP58BYnGdnakG4O1jNofJXFOWAT6U6uXk2bSBnaTa8/JtKGHDe8G2dkZW7OBxn9pOa5J49U1jeKUSZ/yr8CuT6qnQXRuAbRJQ4IuARkX1pNLHUJ+4BZhAXsxoUI10sasvpOBCWLPll/pKZG4E92pA2RYy9fe5sAo9rzKwjdy1t6Ny+skHmdE9sgfdj0BIv8y6QGzvle0cC7NJP9Zn9lN3zq0B8uyp/BhZZ+pyJYyaQZQgf9xD2ZCLnjrgvTHPAGghoLoqFeW0+ZUB46XnNnfn2rM89rJ0DcXhxMFWhU9Z8v7rz/wnEK6fVbApALLY53sNFpAwMzGaDa72u4dKW0bA==
+abbvie.			86400	IN	NSEC	abc. NS DS RRSIG NSEC
+abbvie.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . BaOIWWdF58lkotxuUqJh2b7oIzUoOWzUEK3nPzCCiJfChVnMUfY3fwla/OPM47htPRx9urRNqJO6ZnRkks+MJmrgiNuws6yjg+hXxlscoo8H3rwrFoExHTbSXf5o++y5lo5oHkN0K7NRqgpc1ez5ynmdiMB5e3P+IgozadWog0ObRhjiUQK8QhzT9KYHT4ejg92207RVHj5Q/PrZqGlRjedVFcgBscyk4jExRttK0sYGbca/UWaEXSqrLA6nhmxoHnP7vdJ2Vl9LK+rUwE9AIJ/6OSjlB0Z+lywfXx5TNN5CBgkQRS0E3ezlbTVt/L3Xi3Gc/XoNe/OwiOBhr2Dx2Q==
+dns1.nic.abbvie.	172800	IN	A	213.248.219.41
+dns1.nic.abbvie.	172800	IN	AAAA	2a01:618:403:0:0:0:0:41
+dns2.nic.abbvie.	172800	IN	A	103.49.83.41
+dns2.nic.abbvie.	172800	IN	AAAA	2401:fd80:403:0:0:0:0:41
+dns3.nic.abbvie.	172800	IN	A	213.248.223.41
+dns3.nic.abbvie.	172800	IN	AAAA	2a01:618:407:0:0:0:0:41
+dns4.nic.abbvie.	172800	IN	A	43.230.51.41
+dns4.nic.abbvie.	172800	IN	AAAA	2401:fd80:407:0:0:0:0:41
+dnsa.nic.abbvie.	172800	IN	A	156.154.100.3
+dnsa.nic.abbvie.	172800	IN	AAAA	2001:502:ad09:0:0:0:0:3
+dnsb.nic.abbvie.	172800	IN	A	156.154.101.3
+dnsb.nic.abbvie.	172800	IN	AAAA	2001:502:2eda:0:0:0:0:3
+dnsc.nic.abbvie.	172800	IN	A	156.154.102.3
+dnsc.nic.abbvie.	172800	IN	AAAA	2610:a1:1009:0:0:0:0:3
+dnsd.nic.abbvie.	172800	IN	A	156.154.103.3
+dnsd.nic.abbvie.	172800	IN	AAAA	2610:a1:1010:0:0:0:0:3
+abc.			172800	IN	NS	ac1.nstld.com.
+abc.			172800	IN	NS	ac2.nstld.com.
+abc.			172800	IN	NS	ac3.nstld.com.
+abc.			172800	IN	NS	ac4.nstld.com.
+abc.			86400	IN	DS	39900 8 2 7ABC5A1F64FBBFAD550CFE06953AA56A030BE7212A77A60813FF633DE705DEC8
+abc.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . YhNmQBuVvtAXnweZBh6TGmieEHvH1juWKF/Ud0qcsPnv6s1PFALLrZonUIXeDyrh5kr+Mvx+LWVaYf8yiqeKguSf2VZQvQWuwYEuBJUmTjf3f928uhE5sN9+P+UYjU9D+65iEw5eQ8dIe25wwmpCqN+Vsod9t6PNsPPJEWUySQl+r4BcMc3aDDw8KSWMsBUz66jyWjgILcuikoszVQeuKAnmPRn0vs2RnLs8UGhE8BhJc2Cj1N9T8EJQCpx0b/MncgQVwecyfRBCogkE6X1HyW5u61zlGYUgB8qnrN2NCh/gk2BLfi+1aO0DlJQy2RXG9nemGRk3wUbLn57UA6V3Lw==
+abc.			86400	IN	NSEC	able. NS DS RRSIG NSEC
+abc.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . cpO1U0mns+iPow6F3i16HSdzk3NgtEuWOsvwnSBZsF2vacUpH8cCF0KWY18iTKOI1sAYJ+ua5T0xSviEdkGNZG9/bY2yxpTkNmizYVXSM57RVXS3q6esBHKUqjtOSVEZryZHKUgwDlgR5bKEmEnlUypZav2O6RYu6kN9zrd9wLwGCWGwQJqpVklET9RrSsiPRJEYpZ6TKgPTOMsHk8RIKvVTuGHJe6ZVWsne5hkj0Qf8Hdqxpgr5zLqo1KZMxP2oSqWBYu6EC3brXwwWpeh0lyjYDpISAC6vCsBrAqSTM4+6sIOUaquhbVVXxJ0yVtOnipW/v0RaZBTzwyYqimHylA==
+able.			172800	IN	NS	a.nic.able.
+able.			172800	IN	NS	b.nic.able.
+able.			172800	IN	NS	c.nic.able.
+able.			172800	IN	NS	ns1.dns.nic.able.
+able.			172800	IN	NS	ns2.dns.nic.able.
+able.			172800	IN	NS	ns3.dns.nic.able.
+able.			86400	IN	DS	45202 8 2 C7832F26B62FDF91DA819AC5FA524EAE2EEBE0651CAF074B59DC0176D49FD836
+able.			86400	IN	DS	48877 8 2 6EFFEC2F6DB34B2D1086A3B4CEDD6E4109135877E533D6D1BF0F7CA760EB018F
+able.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . LPIVqiK4jxbr6+PWNHE5Ga7FWECtS9VwNNnbL9NND+VhkzpjFuu1fp1f3UMpc+dzy6AQjjSExZSgANYgTDegJSOHtwucuvuaUxm7fZvfz86iVZqAfa21C8cnNJIo0NYPYCMyIuWrQZhByzdZzTfyc7RRvuqDonAA1TfqdmZ8IZKQzgRMB+LBxp4nAGiWUG8tIdeGApDOg1xLnE9AarvQnMWX/8CdfawG5Sq0sL9UIwm6YA1UVQa7ZEEpt4CC35uL2kfEI7hrNMKvEbXFROvA9PBvGtJ82B4tNYo5B26Wo1PbCG4Azo6YLv6iwv+UUm1gFpWrDQLBDZkqwk0U3vCCTg==
+able.			86400	IN	NSEC	abogado. NS DS RRSIG NSEC
+able.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . my0EVDhvxO/dZwvWAIleKXjp27TLm9nQCOJzENzRTsros/sIxt3SN6+oPpPNHAewcs3bY4AZOKyQAl7gPbB75zMamgjogl+h5lsD9eFo1rw0+0OPHCI2AN0ZMX0oFC//itU0ZOmjQVdIGbmwtcr/O10qva1dL1hNHnZ3HcQx5IbXmKYAqFldI+8MapwW+JGuFhjLDReVuUaMNUIvFA09tsmOTr7bo197YmxzWknfZz40KuS6E2jE7redpprrkVv3PicB/X6VQWX5ENSnA45gly+wG4HK5hSG/oVpsBzj14hCb6iZoW9RiWSFVILJFUsYTbY3mrcGtm76bV9l2qAX6g==
+a.nic.able.		172800	IN	A	37.209.192.10
+a.nic.able.		172800	IN	AAAA	2001:dcd:1:0:0:0:0:10
+b.nic.able.		172800	IN	A	37.209.194.10
+b.nic.able.		172800	IN	AAAA	2001:dcd:2:0:0:0:0:10
+c.nic.able.		172800	IN	A	37.209.196.10
+c.nic.able.		172800	IN	AAAA	2001:dcd:3:0:0:0:0:10
+ns1.dns.nic.able.	172800	IN	A	156.154.144.3
+ns1.dns.nic.able.	172800	IN	AAAA	2610:a1:1071:0:0:0:0:3
+ns2.dns.nic.able.	172800	IN	A	156.154.145.3
+ns2.dns.nic.able.	172800	IN	AAAA	2610:a1:1072:0:0:0:0:3
+ns3.dns.nic.able.	172800	IN	A	156.154.159.3
+ns3.dns.nic.able.	172800	IN	AAAA	2610:a1:1073:0:0:0:0:3
+abogado.		172800	IN	NS	a.nic.abogado.
+abogado.		172800	IN	NS	b.nic.abogado.
+abogado.		172800	IN	NS	c.nic.abogado.
+abogado.		172800	IN	NS	x.nic.abogado.
+abogado.		172800	IN	NS	y.nic.abogado.
+abogado.		172800	IN	NS	z.nic.abogado.
+abogado.		86400	IN	DS	31012 8 2 FCFC05F3629DA70F709FB54E7D17214483216D641F8A6CCA90AD02BE852E5A8C
+abogado.		86400	IN	DS	37480 8 2 5589C84DDBF5B50DB5C8A9D5CEA939409C24CE6369F7013F683A0BCA912AC8F3
+abogado.		86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . y0XTPdEq3ueQSO35BxqXb315fUekfFQs5guoQKR3Vdyqk1c6X1ANDtmgIq5etlHlRc9Sjxyd1x4FTdzsu8Aws2neXALGZ+JB+15SBHJya5adlZdIc98IVh6z47I9tSJ0ZhV7KOJjZC7jTCyDdgYzhI2k9i0uWbrRR3GSlqn2FgdqaH7oLI02o0FVuRudY3oBfJG8Zt+jAKfqQcK0jHGXPtuWCtuWK6qB/e6XmTSijQxFw7KgHiN0TiziutCjZyWM0PzKImkOOvjZZsmbuXf+YRNI+eEyFeyx8+8VWfqcoULQXVn0i195i8cY9SXGPvaj2qo77zjMfbx/FALWNGC9QQ==
+abogado.		86400	IN	NSEC	abudhabi. NS DS RRSIG NSEC
+abogado.		86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . 0YrRzN1y3yGL4rpLcqoSAev7U5KUB1Az6NuirrelDRroMyj3ROK2D4e6VMkUCSyWaucstYWs9Cv+NFXmXlSStVrDnl2Xg9YG43bTb7VplaPsILOlM0yTjVe1dbP5Xp0rAP7eTH7qhBVBXvlefYHuJA6sWAIU3ODCCQPddaTprRycSC5Qo7kggyHVvdCLxhciXsWqtOnsALQnrMr6/4SlAVhRVZnGmmg6lkRJrfx7jeyCLmSKDe9iNfSx47fajlJi/lUIPAzCa+F6jUBUfRDGpoFNa4560OZfZFBIUH6u3OomU02NkTTiBrDDMpJJujfRxMbsPo+YsNCZHXgnWCApvA==
+a.nic.abogado.		172800	IN	A	37.209.192.10
+a.nic.abogado.		172800	IN	AAAA	2001:dcd:1:0:0:0:0:10
+b.nic.abogado.		172800	IN	A	37.209.194.10
+b.nic.abogado.		172800	IN	AAAA	2001:dcd:2:0:0:0:0:10
+c.nic.abogado.		172800	IN	A	37.209.196.10
+c.nic.abogado.		172800	IN	AAAA	2001:dcd:3:0:0:0:0:10
+x.nic.abogado.		172800	IN	A	156.154.172.82
+x.nic.abogado.		172800	IN	AAAA	2610:a1:1074:0:0:0:1:82
+y.nic.abogado.		172800	IN	A	156.154.173.82
+y.nic.abogado.		172800	IN	AAAA	2610:a1:1075:0:0:0:1:82
+z.nic.abogado.		172800	IN	A	156.154.174.82
+z.nic.abogado.		172800	IN	AAAA	2610:a1:1076:0:0:0:1:82
+abudhabi.		172800	IN	NS	gtld.beta.aridns.net.au.
+abudhabi.		172800	IN	NS	gtld.alpha.aridns.net.au.
+abudhabi.		172800	IN	NS	gtld.delta.aridns.net.au.
+abudhabi.		172800	IN	NS	gtld.gamma.aridns.net.au.
+abudhabi.		86400	IN	DS	15247 8 1 D2C05AD2312EBE77F6149F8B962DD9012D6D2CCA
+abudhabi.		86400	IN	DS	15247 8 2 4146C35F5EE96A341EE8C8F0ACA17A2CBB52FCD1D6D1C95C9AAB70061A7AC692
+abudhabi.		86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . f1YOYYPbD6Ty4ao8Pxy0we+7W+yj3reXI6L5MbKHm6Wxb+hqqRJKaveEKL6SopBYwqXJ/V4ClqYYhFcItC//AJMv3kVH3hbPDuczEeWR71/FN6V1dTDnciKO7WN7wHHn+ZVRyqaD6RaFQ8TnkWdOR/eAvgiqmXdOHO9C779rcPxONz6K5RfCbEO7AD9tWpX6l/eQOpasGoCjczr58bctuOQRgfZzt/QLZIyR/1g6TAt1s0BiMdPLE6uU3ByyJ4V5f9b0Vksepn7gi49h9qMN/Iu6r8MzFM/mmRCjJjROFVIrjGy0RZD+P+WR68LMg569vGMIiU8X571A6VvXUVITXw==
+abudhabi.		86400	IN	NSEC	ac. NS DS RRSIG NSEC
+abudhabi.		86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . lH4gfyYrEDgOwwBXzToNodtVhJPJEZCDYoNmm2E3XssLHH3j4i0RuBmiUZXpDFa6SbC7FvDBFykQykd2PiezjmLUFGiUAJJCleDAsMFTmpazIK03rUpCvag5Q/os+zmFCe8E+XxXp5Ty6oR2vplgR4dCk+eZkQ39hVS3VwERqi6XGRxGjw26xB2ef6iS39NwXCEl6G05/X2gq1EeVoAb9T0ByVi7qlQ1aWlt8nWT8DU4eMewabKye71X6QXteJ6pgiAKA2wZaX09+eQPsZPxg12F95eh5DF2uSDvYNAJ2iC4QsX7z5c+K90pq8beRWNtFQ02NRCr0e6rTbgP5htk1A==
+ac.			172800	IN	NS	a0.nic.ac.
+ac.			172800	IN	NS	a2.nic.ac.
+ac.			172800	IN	NS	b0.nic.ac.
+ac.			172800	IN	NS	c0.nic.ac.
+ac.			86400	IN	DS	42665 8 2 4B15F405C98F4BC3A370B19E54DBE75DF201EDCD38577C51D277DC6559865D95
+ac.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . r/wHu2Tqvqyhf/soHiBO2ML/AcTKL72YeZu1PXJeTiTD0r0fJuX4Ahv2kMtyKIXvIzzgwANeFWrhNktzy3oFvJQfGL1ShSvw4zf0icB4gUCHNAZ7VbLB5nnEk1Xau0yL/sYJOMtsz3Z+pIDfGrUIUpDTeOodXFrc+FTnCSmYB47RLvbQuY00e4jp295gRh1GfzV/PGlJHkIGKuuOXs9vIrgcl65LMALsRynziEAk1aSIl/QG3KSsfe2RFkKYj0OUelV2PIYrX0dL+E2NmxiuyEtGVC689gdCpGfchfuBHYz8yxIBfChrb49dkE6KqllEzeXhFzmTPJeF22ql0lNKbw==
+ac.			86400	IN	NSEC	academy. NS DS RRSIG NSEC
+ac.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . lh/M0iH9DcaJf/f1Kqw9cnqwO6woEYAYuwmyjaV9Br33c9vLDQtl7w377pdnoUwm0kbao0miJwq8riAgVUUu3qrIvJCp3FGTdD5ShPykjFjbQP2wWfJQ7njeNBGChS/tw+iIZumwOJSe+BGSYeD6Yr9c2yL4rC38szJEPaEIcqoD82hLmXjiqDl+oxa27lzEfAEenSeNye4CkosPMSDNmJ3cJqQorlvmvLuSRR9OKCPloXF8lsyOnYQYVwoqX16PVx5uc/2r0+jp8L0NPxIwpUapKRJ/35GXojT492OWH+y5wtMYrKOkTmgq3UJ6tXgt6R5K/H3+ot/jZnwnt9Zy/Q==
+a0.nic.ac.		172800	IN	A	65.22.160.1
+a0.nic.ac.		172800	IN	AAAA	2a01:8840:9e:0:0:0:0:1
+a2.nic.ac.		172800	IN	A	65.22.163.1
+a2.nic.ac.		172800	IN	AAAA	2a01:8840:a1:0:0:0:0:1
+b0.nic.ac.		172800	IN	A	65.22.161.1
+b0.nic.ac.		172800	IN	AAAA	2a01:8840:9f:0:0:0:0:1
+c0.nic.ac.		172800	IN	A	65.22.162.1
+c0.nic.ac.		172800	IN	AAAA	2a01:8840:a0:0:0:0:0:1
+academy.		172800	IN	NS	v0n0.nic.academy.
+academy.		172800	IN	NS	v0n1.nic.academy.
+academy.		172800	IN	NS	v0n2.nic.academy.
+academy.		172800	IN	NS	v0n3.nic.academy.
+academy.		172800	IN	NS	v2n0.nic.academy.
+academy.		172800	IN	NS	v2n1.nic.academy.
+academy.		86400	IN	DS	21439 8 2 15EB9367DEF52BA7DCE806A2D7ADC6D3B279503235057FA6E7405E96B39F9052
+academy.		86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . GQy68pT6MZE2wVBa2stfMf1vLiXC5qpuv5UL4+1f+xRQV1ZafsQRn5HxgQV5qwoq8tgnclAfio7AvbNZ9QLr55Dkp+T0537ZVTY8lIONGUyAnuXMQ5x7SJtLJudRNItNs8ofzSY/XDSBFjBNf+2ki5Gn4LBgDPpTo7aTaKLHHIVOnuEzLhlZ/0kJ39XxuynnhJp5YULSEe9VWQuK3cDx4msXR0CX0d1vh14EfqVQEHRUNzSz6JVJAYoVdB+S3PRDBPAjv1jub7B78Sqb9eVZFvIrKOtT/NzBmB4SwlVwb74QoyuVcyjIPnAaeFNh+FAN+E+rHd620DFhAdklbAlB8A==
+academy.		86400	IN	NSEC	accenture. NS DS RRSIG NSEC
+academy.		86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . rh8ldZ4zLJ23nRwCEGjOIedR7UX/qkKgPsIPASU9h0aEiozKUsEgaGznqucOTlCk8NYC+VehTRQuSeZherjOmX+vkBmhe4FG42o/GEI099LtVzzQ22v0dfATb0I6ifaWF9hjud/NULgiHwY4kcgvExcwaX4C9KqrLGpw4ZDSDB/Nrd4eZaRuSAvqFiwc4kjJL26HGR75is2LjuBT5Jvcx09JLBl6vsbxxOT8eRcfrxA1wySsX3tonYldnOB/3JmZPs86ZmOBZBdcZO2wBldM2u5HX4Bu58VYhXxbVlvbpfOg5H/N7BU11T2/4LMxUqTrVXvXZTWHWom9MxY6NgAVlA==
+v0n0.nic.academy.	172800	IN	A	65.22.24.37
+v0n0.nic.academy.	172800	IN	AAAA	2a01:8840:1a:0:0:0:0:37
+v0n1.nic.academy.	172800	IN	A	65.22.25.37
+v0n1.nic.academy.	172800	IN	AAAA	2a01:8840:1b:0:0:0:0:37
+v0n2.nic.academy.	172800	IN	A	65.22.26.37
+v0n2.nic.academy.	172800	IN	AAAA	2a01:8840:1c:0:0:0:0:37
+v0n3.nic.academy.	172800	IN	A	161.232.12.37
+v0n3.nic.academy.	172800	IN	AAAA	2a01:8840:f6:0:0:0:0:37
+v2n0.nic.academy.	172800	IN	A	65.22.27.37
+v2n0.nic.academy.	172800	IN	AAAA	2a01:8840:1d:0:0:0:0:37
+v2n1.nic.academy.	172800	IN	A	161.232.13.37
+v2n1.nic.academy.	172800	IN	AAAA	2a01:8840:f7:0:0:0:0:37
+accenture.		172800	IN	NS	ac1.nstld.com.
+accenture.		172800	IN	NS	ac2.nstld.com.
+accenture.		172800	IN	NS	ac3.nstld.com.
+accenture.		172800	IN	NS	ac4.nstld.com.
+accenture.		86400	IN	DS	35388 8 2 0C1DDB821C823AFEC10942D3DCD16D6306221E4EE7F2F524E5D9BAD48BAFD8FC
+accenture.		86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . ZOAmWpIExkDRwopOPuJfI6Rx9PCsev3SocLfmtnn8Jw8/koF+jEQsUgr8dpkhtjeRnXGwze3fp6sefxgFy+egNeoMhDZTWCMDADNp0/aOqm/ljLnl0+q2GNjvoL2n+HG120oI4RdusSv1FVOHwxjdpaB7Pi04vkEpVyDF/CxiSOytUIdTg1UfuqTexAkd34kOAgV05YX+ZWaJjHnHBBWcz34cqP5kgzCUFj88OiIKeKZmsgITU/NXqCTVOIlCyvRHJIq8WGfyplfvIEU89+ON1SFKnOe7Zx4c2cl/dTs2W4ga2N3qnH57Off/skARuzNWizSvzvUyPuqrZFQSO6I+A==
+accenture.		86400	IN	NSEC	accountant. NS DS RRSIG NSEC
+accenture.		86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . JBHvuR32W9PhPpcp9367EOUp3OGFoeTITCjuDGlr/b4cvPb65AdF5P1QgtCdzbMwM0nUf/BMnhLewjn1CpwrPhxG0zu5QT8Qu2DyPHf29K5MSUHhnm0re/LeVGdTi318xaDt9iCX8ZpjLLnIIKZJhmYksVxX6aGiLrhHVgpSSfTeQqHbvuhMRrgEr/ZEersNrxl6p3Dx4Q6xZ/oseDHqvw/QbTgYBNTfm1F7W/tQCO1aOKaBn3HM6hjBDdP0EbdTArb5nqaHsQCo82bG8+XIBwrTBKy3qbh5s3b6nN8yq9INHc+CVNRcFs4f35m369s+f8SEgEoqeWy4KQfHrU6Qcg==
+accountant.		172800	IN	NS	a.nic.accountant.
+accountant.		172800	IN	NS	b.nic.accountant.
+accountant.		172800	IN	NS	c.nic.accountant.
+accountant.		172800	IN	NS	ns1.dns.nic.accountant.
+accountant.		172800	IN	NS	ns2.dns.nic.accountant.
+accountant.		172800	IN	NS	ns3.dns.nic.accountant.
+accountant.		86400	IN	DS	44389 8 2 6BEEC4C8BCC3A1E6B88C46E8348E3E7CF900524BBC2C92E42A202229BA7CD7F8
+accountant.		86400	IN	DS	59392 8 2 D07B6B81BECEF22A22BF731C3EB8932CB97414E494675EF8C7771D4B768AB6F5
+accountant.		86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . mCBJvQcUkPyybMHj/LYgb5cG8X8x7JwYkWnbvpCUm6Ka8zTSqn95KKZbmF2g4YkKGQ3ZoZ/EiBdd1AeJybo/NHX9blDRVnFUR/MrBkoDWwEDOgucu8ygYjreTj8x99RuRX1H1ItNgBGgwwRnZJhhTIU/DGtBaPn/nyiFIiJZaZRXU3MsOgQG73hHPFMrdFMZtu1BEZvh5nVDnnMx/FZB2OOZURKo8S9XLcqCfhlZj4/K2jafs0dlR+/PAc+pJYluzPywR7sY9Kg2yG4euIT6KdshwPWCyukhm+JC17McIeBnS82rnq7FJV/Mcnh80PHYA4yKl9qIqXU7t3f3JJcnBQ==
+accountant.		86400	IN	NSEC	accountants. NS DS RRSIG NSEC
+accountant.		86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . 0fdBmWzmU7Qe8sh5K0eRleRXYzFQuPQ6hXXtgiEEr+NkO6gA8gjmfNZqJabxs5mDK0NxdW0XHZ4q35EDxs0xSd+2b9tq5T/FkhNlB65CrCbiK0HtdaIKceWo9LGwYJlKtGjD7EGzZ45yQygYEXZIhL2R1xvxe0N/r2Qx09rxvJSoOP6sEl7dXrEOITJpWljzDeQuCyaNprIHhOUsybD2MnwSZyXqhFz8URkhRvSy6u/XCuU1ZTYAZCM4rMU+ihp70wFEcSn7Drmd2nDIgkPDX1Who22AgmCoxKrgjaS215chNSghyTN1SxJ5Fg6T0w6kEux8RCZ3HtMfGCG11nd5KQ==
+a.nic.accountant.	172800	IN	A	37.209.192.10
+a.nic.accountant.	172800	IN	AAAA	2001:dcd:1:0:0:0:0:10
+b.nic.accountant.	172800	IN	A	37.209.194.10
+b.nic.accountant.	172800	IN	AAAA	2001:dcd:2:0:0:0:0:10
+c.nic.accountant.	172800	IN	A	37.209.196.10
+c.nic.accountant.	172800	IN	AAAA	2001:dcd:3:0:0:0:0:10
+ns1.dns.nic.accountant.	172800	IN	A	156.154.144.195
+ns1.dns.nic.accountant.	172800	IN	AAAA	2610:a1:1071:0:0:0:0:c3
+ns2.dns.nic.accountant.	172800	IN	A	156.154.145.195
+ns2.dns.nic.accountant.	172800	IN	AAAA	2610:a1:1072:0:0:0:0:c3
+ns3.dns.nic.accountant.	172800	IN	A	156.154.159.195
+ns3.dns.nic.accountant.	172800	IN	AAAA	2610:a1:1073:0:0:0:0:c3
+accountants.		172800	IN	NS	v0n0.nic.accountants.
+accountants.		172800	IN	NS	v0n1.nic.accountants.
+accountants.		172800	IN	NS	v0n2.nic.accountants.
+accountants.		172800	IN	NS	v0n3.nic.accountants.
+accountants.		172800	IN	NS	v2n0.nic.accountants.
+accountants.		172800	IN	NS	v2n1.nic.accountants.
+accountants.		86400	IN	DS	57157 8 2 FE57F0CE1828F591E6EA40B797A64813B5C75624614F92A50A90AE164C24D2F7
+accountants.		86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . qOGQt4qJzbtlg+jYEhQuYsy8/sUo0mjc83OMxM23qpN1iVE1g7yz+6UAt46hkjtQ4wk75L0H0aCVGXrW8bjs7+EyCTp7/ETEY+p6HMA9Gc85gXmjsUdV7VEeKwzx4+/cm+arBKyfNOkGngJayvETgCSTRb4+alYzX/E6QDSK3myretLviG8e6rc+EsXH9KpYsPq8MAvffNECkwFnHZ62FFrC8wNJqQgOsPuMDYhJwjtUnqPcsBSte/PB33L5bddRLevkLO6i8D7pGCaqNyir0pzJdltB3RBzVx85N1gEDCpmm20ukv+EKwcPbFuOJWh4FRzhiExTQpMckDeOI+IR2g==
+accountants.		86400	IN	NSEC	aco. NS DS RRSIG NSEC
+accountants.		86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . Yt5SjTq+35fNuw/vePUFIPmCOmgf0Dn6Uh+P9JNXMTzJ8yaegWlt2pa7icEukWcE9dAF36ezhgEDtHQolmcFr6tRnejRxNqqrsmnS0j+NQMdT1jT5I8J6LWpPtV6j5FPzgTxPA621yw5RFiWoXn0xVZ+W13058sdtSt/NNu7y1o53p41Gzo7s/9oGy/HaPbKoo30Hhswpnbzb7YPjBcweZwBCodoTHuyD7BWkanTan9hSB1cuXQGz8vPJRMcQAlem+FqwBGxY0ShaBWJQNFoQNNqHxjQsTNwG1MEyR4yQvAYDc2VBQde+ML0kwPABVcKnmNmflN6wM3YsTM41fT77A==
+v0n0.nic.accountants.	172800	IN	A	65.22.32.31
+v0n0.nic.accountants.	172800	IN	AAAA	2a01:8840:22:0:0:0:0:31
+v0n1.nic.accountants.	172800	IN	A	65.22.33.31
+v0n1.nic.accountants.	172800	IN	AAAA	2a01:8840:23:0:0:0:0:31
+v0n2.nic.accountants.	172800	IN	A	65.22.34.31
+v0n2.nic.accountants.	172800	IN	AAAA	2a01:8840:24:0:0:0:0:31
+v0n3.nic.accountants.	172800	IN	A	161.232.16.31
+v0n3.nic.accountants.	172800	IN	AAAA	2a01:8840:fa:0:0:0:0:31
+v2n0.nic.accountants.	172800	IN	A	65.22.35.31
+v2n0.nic.accountants.	172800	IN	AAAA	2a01:8840:25:0:0:0:0:31
+v2n1.nic.accountants.	172800	IN	A	161.232.17.31
+v2n1.nic.accountants.	172800	IN	AAAA	2a01:8840:fb:0:0:0:0:31
+aco.			172800	IN	NS	a.dns.nic.aco.
+aco.			172800	IN	NS	m.dns.nic.aco.
+aco.			172800	IN	NS	n.dns.nic.aco.
+aco.			86400	IN	DS	8201 8 2 E32174A9C6E3E3899CF5E0FE6053D8D9E615E0C2993CA32DB589027F03AEC0C9
+aco.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . sFO1w4qBJOWO02f5wMuqjL2NpL6tlPvQx/6zpzhR5FqGGmU+8PFJ7gshTFu+dN1FlV3PS27NlmJLhPa8K6osjtx9DerFnjN76LslKjsqhRNlVkx9uXQhPUvkBEmgaOa7HxydZcb8/sI/+z3FvGTtO0U1Wx893mz8GOKTOWJ5AccfLRCM+U3JhgfksrBH/zQF6oN/BSzT6QS5UzUFf2xQeACMW9C74jqlTZernXcNlGyTLUnT61Pry40v+edGg2HcAUt+cqAZsZhov7TycR6owk9qTdYgCbt8hNR943CEXkdofm+TqHsOxddaZ7KwrkRQLUr2GewHE0ERsGH75JZYSw==
+aco.			86400	IN	NSEC	actor. NS DS RRSIG NSEC
+aco.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . ITfYX0cexqQ8q7A7PegDFiZjaDP3iGVJ4Jwz9q5bKqfVwporZ8m6/Q39UW+tobdEjmYrFNLHciaRo+f1k9exhjRE0UUNUFzQ6SVohOmsqnRjvuguYD2+oBhccp00tnXISvBud2AYfb1BLcc4bwxm+zUFGwCnHZmyUT3U4rDuatpIT/Cy+3DDJ7489B7L4qVPKPQ0fQbtamysL4czzTBdA1l+cx6RLdVQJqJE3viviAxQM67sdXfv1RvhsbviPy8PCwXq1FD2vcsFiDXZPFCZw1KYM/He32QwWUpSBcMXIlPFUtwr74vgkHVuoTUUQVuuojFRNMRCJxBl6bZ5yKzeJA==
+a.dns.nic.aco.		172800	IN	A	194.0.25.32
+a.dns.nic.aco.		172800	IN	AAAA	2001:678:20:0:0:0:0:32
+m.dns.nic.aco.		172800	IN	A	194.0.26.12
+m.dns.nic.aco.		172800	IN	AAAA	2001:67c:10e0:0:0:0:0:12
+n.dns.nic.aco.		172800	IN	A	194.0.24.12
+n.dns.nic.aco.		172800	IN	AAAA	2001:678:24:0:0:0:0:12
+actor.			172800	IN	NS	v0n0.nic.actor.
+actor.			172800	IN	NS	v0n1.nic.actor.
+actor.			172800	IN	NS	v0n2.nic.actor.
+actor.			172800	IN	NS	v0n3.nic.actor.
+actor.			172800	IN	NS	v2n0.nic.actor.
+actor.			172800	IN	NS	v2n1.nic.actor.
+actor.			86400	IN	DS	59464 8 2 FFAF29FF2113EDD3D797F86123BC6A7903F588A252BB9A85E35F2890CD2A283C
+actor.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . RTJoXNP++P7id64dhSn26fF0a5iTA5W2Hf9HXdnamFld75XhA1arXhZ9kS1QgVVMuDoCBVRzMKVwRtVi+F1OfBhfIaIpLvh2KVsma2CwGPC7bOsBeGZRFThrlyERQRy0AF6NDtfwoEe1qw+W/hV530rvEjbTJBIBoBgNeBFbV95rLD/IZ7XWeaRV0bPekdnjsttA8kUhfFqMP4nMf+MqtOkl7z9bSsRQOPaBxXj91T8LWh8E5APsDhs8A+8yH7KLcdY1Pef8UvijuekHa6oz5oPUiRhaNSv3Q5uRSVs19uaXlDciyqA+SA1c3KHvvD/+HFN+iecwKXqJp/2UBqSX4A==
+actor.			86400	IN	NSEC	ad. NS DS RRSIG NSEC
+actor.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . IToll7ZjHGZDlMpaJ8EAhPG8x8URi0PNnY2BUezVLtLlRoz4tJwWTMt9X1yW5sxarX2ddmq+eIIQvun/9iyryfuM6iL4K5GIVgXU+a6Y1MOWfohLIGhMmqSRGbSZ7f++M/w2xJLVBPccVarr2jKR5R1fqDyDbBPYLgFHPMhPfNwpzkU0J2TjMBMZqZGTFDJtl5AsPF+oYEe6wWONhj0pUGI1u2WYUEKQ2QoqAnSpCzHY4/lAvHbwxrKNcaId2TYDfRR1AnxHSMbGFbHDVoXQ3m0rBSHwJx7o1diw418PliI8EkWvRcg5P0kEeBo3Mk+Rk5n+xm6NLgrgS/wW6nF4Bg==
+v0n0.nic.actor.		172800	IN	A	65.22.32.60
+v0n0.nic.actor.		172800	IN	AAAA	2a01:8840:22:0:0:0:0:60
+v0n1.nic.actor.		172800	IN	A	65.22.33.60
+v0n1.nic.actor.		172800	IN	AAAA	2a01:8840:23:0:0:0:0:60
+v0n2.nic.actor.		172800	IN	A	65.22.34.60
+v0n2.nic.actor.		172800	IN	AAAA	2a01:8840:24:0:0:0:0:60
+v0n3.nic.actor.		172800	IN	A	161.232.16.60
+v0n3.nic.actor.		172800	IN	AAAA	2a01:8840:fa:0:0:0:0:60
+v2n0.nic.actor.		172800	IN	A	65.22.35.60
+v2n0.nic.actor.		172800	IN	AAAA	2a01:8840:25:0:0:0:0:60
+v2n1.nic.actor.		172800	IN	A	161.232.17.60
+v2n1.nic.actor.		172800	IN	AAAA	2a01:8840:fb:0:0:0:0:60
+ad.			172800	IN	NS	ad.ns.nic.es.
+ad.			172800	IN	NS	ad.cctld.authdns.ripe.net.
+ad.			172800	IN	NS	ns3.nic.fr.
+ad.			172800	IN	NS	dnsc.ad.
+ad.			172800	IN	NS	dnsm.ad.
+ad.			86400	IN	DS	10624 8 2 732AC3921E40EAC6C01B0C467BEDA420F42BF38B7C462E86D01D1D2C4EB9DA37
+ad.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . 1zbDjtnyU70Z2Us/tpGepzTZRmJ/yd4Ez3T8w6+TGLtfu4RTedOBbhBqjLw779n2hU5QhXQSBRkTBtE2UEAACPsqEiBf0uLGVNYxz97f5uSZ2XGWfOzlD7r/OlykYMWc9WMxAiqQbcgFQpou0sW63qvfmCzJ4Gjl99ny10kdghwGjK84/HwwVpnGI6NyiD9qaUEWTwxGub9W08pHdCQdcL1UYbQPwSvAoYUbGPAJ0adaTP+rS6kXUm+bocYEDitwfTnlF/+85epFE/H9VKHcVp3oUb45RbpLiqT3OPvKqXkGKIOGLmTQIc8nhuA1tjRCQaNzQz3R04HQvTon/4Xr0A==
+ad.			86400	IN	NSEC	ads. NS DS RRSIG NSEC
+ad.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . D9eztRrpkXP3cbxS9wQJaJW44yg0e6mBGPOPJH8hwR9SpwY+1afSUmRJJhJetBzuMJdmMHg81Mw5gjcjeSTepjccE3S0+ROLxD6uVP587Dk5iRvXIwQSgKzSxaCfVvFBKVvo3X7bfSjBtz1ay2dKgcvY4+cU+iNHCTb63zH9y7dwn/JlWRKk57KsGNCfuGCkou5YvhvvhcJ9Sk92mtAoNt/GIu7zccUZgyAikN0dckK9e4P5aRgKhw2R36O8yFZ2cDEEwkKu2YbIHO7FBUVJWv3SGFSSSsMCh1DQLmCxS4M2eUjNFyf4H4mdmZIRXvZhm9s9JK9HYBaAN+fpaA/YJA==
+dnsc.ad.		172800	IN	A	194.158.74.10
+dnsc.ad.		172800	IN	AAAA	2a02:8060:32fa:0:0:0:0:b
+dnsm.ad.		172800	IN	A	194.158.74.9
+dnsm.ad.		172800	IN	AAAA	2a02:8060:32fa:0:0:0:0:a
+ads.			172800	IN	NS	ns-tld1.charlestonroadregistry.com.
+ads.			172800	IN	NS	ns-tld2.charlestonroadregistry.com.
+ads.			172800	IN	NS	ns-tld3.charlestonroadregistry.com.
+ads.			172800	IN	NS	ns-tld4.charlestonroadregistry.com.
+ads.			172800	IN	NS	ns-tld5.charlestonroadregistry.com.
+ads.			86400	IN	DS	45211 8 2 DDC1297DFF56CC8B2DE6AE9D81734BC6E4440A99FFA17C40E565433F629C3000
+ads.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . YoI1BJ4nnH+gBvF4JCwOKRiZurpU3IYS1Z/5fEAl72YXfsD8nXjlr5MOx9V0aukUFDIAX9vtvigb2GfYhOoRNrsyBpAgVSuJAlpDSV+86jwjMGB16dq3VJ4IhkiCJG5UkJRrH3RuOByN9TAUqcvJ+gYGPj33eHS+7YWZ6HavinJKMW2RwJYa7qYbrkSFlm6orTBWWgbZnkDyh5CUG3DZ4OQgjFPpQf47S9b10TicasA80rQfsiv08u1DANPJFQJ0zZT2ws8NgnhGC6v1OOkBEvlsUyPHnil/KrUZPelKWpCqvkXmtPvECgmsrFrqE6m4rLHDr86smqySZgty2y25sQ==
+ads.			86400	IN	NSEC	adult. NS DS RRSIG NSEC
+ads.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . MyEeRHSo5evrx3iaheBQoMfCaLonkt/r+u2d9r7bY+sAvpoln//wQAGBI4dUcUfaxVLg08TnzEKqD0b3n5lw9FdFYlxbXE2ipmBVxlx4HJOIjYwnzwfnr0yAzi4zQip1wYfAFi7HengpOqbk3lXGFmubssEUORwcT7O1x1RDjJlc9unl+6kZRakoL/djUCfTMRGCeqO1tg2qhuC0Z3rEdTtk5K0GbfY/TDU9lGxKw/j0L/UZU41tk3rhbHH/fheARwCqzyTdu0YG7rIwyKT0oU12zQ8XfRePOf4NfihJOGncsMubsi+lCv5eeNGP/Vx5h3CAT33F24ceRyLrzrmuaA==
+adult.			172800	IN	NS	a.nic.adult.
+adult.			172800	IN	NS	b.nic.adult.
+adult.			172800	IN	NS	c.nic.adult.
+adult.			172800	IN	NS	x.nic.adult.
+adult.			172800	IN	NS	y.nic.adult.
+adult.			172800	IN	NS	z.nic.adult.
+adult.			86400	IN	DS	39064 8 2 8D2CCAD69F8EBA3C73214B4877386921586CA56F105B44FC91CEEF1B4AB59B80
+adult.			86400	IN	DS	64321 8 2 CA734AA86339CB101665A65C4F33F4E86B37CF2512FD4C1655C00026D6F70915
+adult.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . hyZjew1DT4eL/fmVXieMRY0lf/3/Shj9FnpouDhY3hizUTQ30FKZq9oE+44aXAYDXgBIVLmKuRKAWsoV7JqVxZX8cFHWYjCPwJzYiscWEcbwfpXZ31PYAGeV1glH0IEPQnATrgOuFJv+ubjVP6zlFI2k9lJK+PatJjHiV+btpckZ31YfymrywFbLtWvHl7jU8W4w2Sbk36tOMFE+MhmMmLPUmU8MectyBWr7ahQWCp9xc59HLr9r8n+4JBzGg7elam6h0BwSk8q3xhJYEuvPFrPM0AlR4xhKt6vHEdpA4p6EH4Pc4QOgniNOGBAsm/BJ+JFGDKoT/xUDeoKiYzpahA==
+adult.			86400	IN	NSEC	ae. NS DS RRSIG NSEC
+adult.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . cU/Q7KCY0Osjf1f8xfQvq/7bIkW1hpFAedkV5guje5hpl6I23lczuYxpLY1sYOVMc0OGdWeZIp9ru6g1b4Q7cX8ODORdx3cVZ/u+okhhnDW60HvHu9DcxZeANDPkM7xckEdgQ35jtecoYPAFD628L4AufT0Dh3Am1T8rJSKK2I8zApWvliv0B5omK+pFXBjzf6SK0HIWmQK97pODI1VJL7g9vJbVox4b9sAXXsxOzOLxtFeq/Y571xzdQOgtvptfECh8zvtbfqMtFtRVtI2mdjkq6cKEW72WsXYa2BiIPeqcgV5fZ+dAbPOUrcVXkII5MUZBnqulajezKgPx5Yu/NQ==
+a.nic.adult.		172800	IN	A	37.209.192.10
+a.nic.adult.		172800	IN	AAAA	2001:dcd:1:0:0:0:0:10
+b.nic.adult.		172800	IN	A	37.209.194.10
+b.nic.adult.		172800	IN	AAAA	2001:dcd:2:0:0:0:0:10
+c.nic.adult.		172800	IN	A	37.209.196.10
+c.nic.adult.		172800	IN	AAAA	2001:dcd:3:0:0:0:0:10
+x.nic.adult.		172800	IN	A	156.154.172.82
+x.nic.adult.		172800	IN	AAAA	2610:a1:1074:0:0:0:1:82
+y.nic.adult.		172800	IN	A	156.154.173.82
+y.nic.adult.		172800	IN	AAAA	2610:a1:1075:0:0:0:1:82
+z.nic.adult.		172800	IN	A	156.154.174.82
+z.nic.adult.		172800	IN	AAAA	2610:a1:1076:0:0:0:1:82
+ae.			172800	IN	NS	ns1.aedns.ae.
+ae.			172800	IN	NS	ns2.aedns.ae.
+ae.			172800	IN	NS	ns4.apnic.net.
+ae.			172800	IN	NS	nsext-pch.aedns.ae.
+ae.			86400	IN	NSEC	aeg. NS RRSIG NSEC
+ae.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . mB8+laxllu+4a9kInJCB0i5wB9/Vmr8T8z6qFhYRBbAz+fLrh2cdE0hO5cmwRajRUz5XWKSumh1FbobxjGNsXdlwXDkSxe3GrKGnnJc6PrEUu3y7dclefst8nt1EtcWFOfJvwrHZ3rcL5qt4nELSiIqu2mbT3nZQk35+EBDJQ5mdgwuBN8loRy/iVCQYBx0MWSvpcqyc8Sh7JbXlE7vwmJYhSysmFfRzFbPrzihEeOjXnPIpPppAjUICOFbfLSOkBmv5ACDucyH8dHhDGEm/sKiCWlTBqQEkG3+z51vU+34yX64wKNPaUZztk66YzCUV+VqIIL8JMyUiem5ZKnILkw==
+ns1.aedns.ae.		172800	IN	A	79.98.120.73
+ns1.aedns.ae.		172800	IN	AAAA	2a00:d30:120:0:0:0:0:73
+ns2.aedns.ae.		172800	IN	A	79.98.121.73
+ns2.aedns.ae.		172800	IN	AAAA	2a00:d30:121:0:0:0:0:73
+nsext-pch.aedns.ae.	172800	IN	A	199.4.137.1
+nsext-pch.aedns.ae.	172800	IN	AAAA	2001:500:7d:0:0:0:0:1
+aeg.			172800	IN	NS	ac1.nstld.com.
+aeg.			172800	IN	NS	ac2.nstld.com.
+aeg.			172800	IN	NS	ac3.nstld.com.
+aeg.			172800	IN	NS	ac4.nstld.com.
+aeg.			86400	IN	DS	34387 8 2 03500BE162E8B2BC43345D119763E29D9284DE715BDF66E55DD19B400A1E64AE
+aeg.			86400	IN	DS	39735 8 2 B28A67A4935609BCF1257AF4215B9FFCE0F7E917BC076BD69030A5D76008AE51
+aeg.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . GCMfafVJtV25vhrJ9GoOacEEDagHFDssufp4iKZZTnz5wY7J2L9EDoPLJ0JeoGqMx5WMiQjl7cUFykfxfel49JENjbrSQMdo6xv4UpBf+5fMoZF85iCbwaG/lMUPSEFOp0Z0y2yAQfevsddMKE4URLkVEK/dS/gFSr5pzVj6A5wYe0jk7NdIamptStl4JbEGqCGqa+ucAw99qM64P3u3E3dlhJE4aWX5L9rA37oVa3RHWJlu8/OqgABo5PYQn99qoD1p8QsbqSAmxV52LUTye+zmiiNOyZqbQmyBk63WwW14/1l0aJwW9BNQD50P64APwyjFHE6pq4+TECxlJACwgQ==
+aeg.			86400	IN	NSEC	aero. NS DS RRSIG NSEC
+aeg.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . b4aJUVzJwbzKKNy+yyn4Dsu5BM6M0zu10Oc+FVMhVUpFfGU6TpduGUyHbxwQufjw5UH27Bt1rDWl8wpdU3vftWRMkkK4yq5TAY7crb5LoU+Y2eBt9TKB3O4b4coxwwYwgT2LdsFfU8N2GMhSds//8Q7KDTNZmbiyaNGSxhatTirw+WQeMn7VCq0TgfnWEpaML7/B/I5NucxArlAqPfIgu5xdMnf4JcudagmkjWkPVXly8UppTzz9R0/7gzJ3IV4QtNJd5emEoBeN1AV2IUX3VX2GJe3MjsZR8VK9Zj4+CZqwUeWasLTwkzk8t4I1XSY0KDP54MN0K7nuVhwt/aJrug==
+aero.			172800	IN	NS	a0.nic.aero.
+aero.			172800	IN	NS	a2.nic.aero.
+aero.			172800	IN	NS	b0.nic.aero.
+aero.			172800	IN	NS	b2.nic.aero.
+aero.			172800	IN	NS	c0.nic.aero.
+aero.			86400	IN	DS	59071 8 2 1D81D38A696E94ADE581EBDEC47A2473A4A22712C33E5501D9756F98CE8B1714
+aero.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . in355lto3N65WE7OHBF9riskQiSSnRWplC+nmhKdp6VsIjV5WdJR+Sfyv933xVpYCXU05NyE0ybJrX9SGTTvm7v3aRqL+9BxcqxxYK/CtfICoe/IS/f/Z0lF9oB+hixdo8aQ/YDy54fXJHvqn5QEH8uaYRUOsl+8fKVDj2wnZcxy00GqmdUykkzh9TFZj6bsBQZ7qc6EYq9rDIPT3z65wUJDKgNTLvp2jhzUeavS12a9QIG+PVZvZOtWetfUvpEWOW2WS1wOUiEvtwIkghzmpM6KStZDWqgEpgDWit7v77cQOHrpJ4ShkZ4EbKCX/hL0s8q6fCBUVLCmSB7oV6Mv+Q==
+aero.			86400	IN	NSEC	aetna. NS DS RRSIG NSEC
+aero.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . R54W17U8zEmVoip0Xz1RRupjWhfFCyLmMP/qHGV7C86NSkJHiEwt07g2rXB/gdd+SNr9Fsn3sNU/kcQ0ft3hzNLf62LWWYDAaAxBzpic6Snxhg/gJWP3G7L4EsuH5BZOUQozzDp1vGN5WuzrN7L5LEDqHJ33G/R6NchLlMeFc/ybb92qYHKisiZmZBoFfPOMr9fxJZ+qZQRYKj9ntr/JDGMEYV3QNMnxOJ2iWn29g2dqOhcQZp7PKZUD4GnnM9+6DhYehzA9fLhv9mnmgUgkQJxYCK9TGK72DT/mAVLzT4cxs2qSYvgI2Ma9hjYwR3Z81U6tC85m3ttpza9HBEAq7A==
+a0.nic.aero.		172800	IN	A	199.254.51.1
+a0.nic.aero.		172800	IN	AAAA	2001:500:1d:0:0:0:0:1
+a2.nic.aero.		172800	IN	A	199.249.115.1
+a2.nic.aero.		172800	IN	AAAA	2001:500:43:0:0:0:0:1
+b0.nic.aero.		172800	IN	A	199.254.52.1
+b0.nic.aero.		172800	IN	AAAA	2001:500:1e:0:0:0:0:1
+b2.nic.aero.		172800	IN	A	199.249.123.1
+b2.nic.aero.		172800	IN	AAAA	2001:500:4b:0:0:0:0:1
+c0.nic.aero.		172800	IN	A	199.254.54.1
+c0.nic.aero.		172800	IN	AAAA	2001:500:20:0:0:0:0:1
+aetna.			172800	IN	NS	a.nic.aetna.
+aetna.			172800	IN	NS	b.nic.aetna.
+aetna.			172800	IN	NS	c.nic.aetna.
+aetna.			172800	IN	NS	ns1.dns.nic.aetna.
+aetna.			172800	IN	NS	ns2.dns.nic.aetna.
+aetna.			172800	IN	NS	ns3.dns.nic.aetna.
+aetna.			86400	IN	DS	40324 8 2 6A4C3C1CD8D865CE88FC01C009D393D12AB8B585A68A196C4B2651239F531B85
+aetna.			86400	IN	DS	49819 8 2 2F8CD71C2CA149B4DA0F60092C775FECDFF60B52D0A61064F458E0A99F378012
+aetna.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . CRPBlLVSM1RJINw5KEgkArQ/sxrxK/n45WoxzJDSZ35nAMD5FNHzX81+wPpcOyo/4NDFi98wSOtWtsCXku2S8+jdXLx8wQP6y8j+Jv8Xgc6wqo/LuhnhQZvd30okqvhZWnJI+DdOhTWJihQE1H4bIziqpcKM/oQUHdAe4kTC/lzHjWgKOZhluA7vM6+E1+QU0qoiWHrVe+dkYethuPeVFUTny9BcGaecTBwnW9Jp+bcpHYiFIfxS7+dPjAZei6NrcrQFxNuJz3YtvNy3ojC0zvVl+PiwFF/D8a1ImAVUEj0jGGlhi8/3KNXsA2uif6XGQj36dcovjFcm+w9TDupFAw==
+aetna.			86400	IN	NSEC	af. NS DS RRSIG NSEC
+aetna.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . eK5AT1Z4VvuWKlrB9P9q1wUB0bgzduNsXThOq0wzeR6ndz/CO/kF5A6x9Cy3sRQsud37GS+kWBqIXFENfmcC7gm898yi3t/bzcy6/JJV+Ha8qJiwa5xsi8APDwsEJQmDNBcTAqijKoQIMFcKSchiV1IOqwiSMu7GxKX8gipIYiqXPBZFLARB5d5xOMwoXmEyU/PUjMAhHM4Tmq97fedxApU988YZcLgHH4dk1EZYxMVGVOAlw/y3Ral5M8Wr6U0o9ykB6vVJY+0b6sOgtsjflp77NvYXf0PfPPMPnhN91B9Yff9XYT8h/AsM8dgfl6pOqPHZ1Re+pYRKjQZmDjQ8Fw==
+a.nic.aetna.		172800	IN	A	37.209.192.9
+a.nic.aetna.		172800	IN	AAAA	2001:dcd:1:0:0:0:0:9
+b.nic.aetna.		172800	IN	A	37.209.194.9
+b.nic.aetna.		172800	IN	AAAA	2001:dcd:2:0:0:0:0:9
+c.nic.aetna.		172800	IN	A	37.209.196.9
+c.nic.aetna.		172800	IN	AAAA	2001:dcd:3:0:0:0:0:9
+ns1.dns.nic.aetna.	172800	IN	A	156.154.144.5
+ns1.dns.nic.aetna.	172800	IN	AAAA	2610:a1:1071:0:0:0:0:5
+ns2.dns.nic.aetna.	172800	IN	A	156.154.145.5
+ns2.dns.nic.aetna.	172800	IN	AAAA	2610:a1:1072:0:0:0:0:5
+ns3.dns.nic.aetna.	172800	IN	A	156.154.159.5
+ns3.dns.nic.aetna.	172800	IN	AAAA	2610:a1:1073:0:0:0:0:5
+af.			172800	IN	NS	ns.anycast.nic.af.
+af.			172800	IN	NS	ns1.anycastdns.cz.
+af.			172800	IN	NS	ns2.anycastdns.cz.
+af.			86400	IN	DS	3691 8 2 56C77864A2CD726F252634C8804A2AF33EA2CE70C49091E08C223BD2BB33CF5C
+af.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . itg0qF5FmPKMZbVHwZVLKcsgmhvmrcaDLzU5PlLqu3l0t0SOQVWBONbB9xizJPhrSezv8lM645sI6t7WW1a3fn6quA4Xov7FO8iGaDGYdhP1FLbzxyoNcXcyVJ6A8vWAo0lLdUbhMtIq7qwO5E+EtKYWXY2p8M3U3wsSNky7K10inmx7xqGkqP3e3AU5yvKkdzR85K/kDNfxpeK9sO8jkIbwPZHiNsaE/advPfJRYH8XpzYTpAqVkrUs4K/zsyyGEwA/ZoABTTZ+B/Qr4dbVTzsRsD+etj/AjqCERQAREJG2SSc/hf+MsGPLF9FGmJ45W2aqL46IhanTYODq8np20A==
+af.			86400	IN	NSEC	afl. NS DS RRSIG NSEC
+af.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . i/ZdWRKmtvt1FyLnCk2ye8G/YygZBMi4Bx3Fsh0EaZZ+hu/zK5yaM8mv68NHxMz1+MYR5tG3WUhlGBROBZFtQyJDtg7e6aH/3duPNK2atWLmptRUP7DVkh8Sg5/GPQUNJuskddbmcNcLg5c0aO2ul02pMxqiB+SUFGSl6eH4TJD0zwwfczFfYeFxmR33nd5fzpWY9Q48RJIr8dDbjxZ0VL08oPhqucGuP08kCy1niaQ1UNpuQ/zYKxyzFCdeTi0ElwW9xT8d3eTXXoVkvDzhDI3AFvG3j97VuIO0TUlCRo3aK//adrEsjvaTOrzB7cAsKq9faJ8lubtV7cdLgZdftg==
+ns.anycast.nic.af.	172800	IN	A	204.61.216.13
+ns.anycast.nic.af.	172800	IN	AAAA	2001:500:14:6013:ad:0:0:1
+afl.			172800	IN	NS	a.nic.afl.
+afl.			172800	IN	NS	b.nic.afl.
+afl.			172800	IN	NS	c.nic.afl.
+afl.			172800	IN	NS	x.nic.afl.
+afl.			172800	IN	NS	y.nic.afl.
+afl.			172800	IN	NS	z.nic.afl.
+afl.			86400	IN	DS	10006 8 2 DE6443D2666E4F9E6066E1B7F1C42E3CE849246F4E1EA06EC86951A002A2EFA6
+afl.			86400	IN	DS	13525 8 2 3ED455AF1ED7B0B93E6E2D245360464C9D6549DEF04606B10E76FD52BD692CA3
+afl.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . XRtlU4UfYnOWcJ22Ecd6KqvDsuz5kfEOMFabmgUzl9VfNA4toTEOi9cnGOLhb0j8iCSrD06otSw2psRyjvJ4MHDmWKNa66RFPa+ftD6nPFGPXenAyLByYaQgM67q/BIa+ngKXgfHXq1daizUjPD/C6i/DmywMY1Gy9f0eFGznAk3f7jMbhEM8mDsJiQP6V9xLBX93HQUuv1bjSERHRHpD1XvWzzfnBMVNqbRDuoozwifjPZif7KXqd/XELMey5RKfjJ4t25q0859S3WaNNKnttn5CEs+dP0/JMKxI1poHvvKs/vWlAojrKJUyEJ2oUhjTT0o/y4U4I1YCLrSzQzyOQ==
+afl.			86400	IN	NSEC	africa. NS DS RRSIG NSEC
+afl.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . CLqVmCIbCSoctEmw0UacNs5hGbbeT88E+V7jYZ2nOWaX5XxTm47iz+Ji+6aymyPQpksjF6OB4y6Y3oc8m6AG34y37ZaVxB/yU9ewSE7h0uaeMp3PHyHSsAse6aK3b66W/utwd+r7eaLg0yNQ4dqUGgpBhKhb/L5D+841vifZCBv+CkRt5i4sNBs5UaHh4aByMLBFNrMWj/eM62FGqjS7IJ6oawBVMKP/VEggAvv6EJM6obicxYfTrGZPZKtVvNB0ll9NoJPSuezs3y77+FrOgjJr/TGx42Non5iuYi0pD1nU9wfvNzt9U3t7+ZauCsr/hdE2c6QgSALKl7gGqhJ2QQ==
+a.nic.afl.		172800	IN	A	37.209.192.9
+a.nic.afl.		172800	IN	AAAA	2001:dcd:1:0:0:0:0:9
+b.nic.afl.		172800	IN	A	37.209.194.9
+b.nic.afl.		172800	IN	AAAA	2001:dcd:2:0:0:0:0:9
+c.nic.afl.		172800	IN	A	37.209.196.9
+c.nic.afl.		172800	IN	AAAA	2001:dcd:3:0:0:0:0:9
+x.nic.afl.		172800	IN	A	156.154.172.82
+x.nic.afl.		172800	IN	AAAA	2610:a1:1074:0:0:0:1:82
+y.nic.afl.		172800	IN	A	156.154.173.82
+y.nic.afl.		172800	IN	AAAA	2610:a1:1075:0:0:0:1:82
+z.nic.afl.		172800	IN	A	156.154.174.82
+z.nic.afl.		172800	IN	AAAA	2610:a1:1076:0:0:0:1:82
+africa.			172800	IN	NS	nsp.netnod.se.
+africa.			172800	IN	NS	coza1.dnsnode.net.
+africa.			86400	IN	DS	44605 8 2 872009B128134F098AEB415390E1CCCE0DF64338F7D3345DF140C59FB15C7D82
+africa.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . YrJ+G/PYODKXkCmfuWOIG2dSQYwiOwlYUur03EIjfUz3777bbtp97vPGAuzIbTuP/br4lRdbaaNy2Ibt3RPpbU2s5ni+50bFEmWLVkl2wjlzHvXHn/YzBML3uaY6ThAbR8RXoUwPaGwciPYgSXRQcFAZpMS03BJIr9K9TEI/k9Ep6aiMD/m2G+wIO+awTKUiOy3WBV1U81JGwSAFA/yiX8pOiI1PKtfdixgr84VVAE9CzuH7iEd45/+4nQRnTN9xtxt48cfRsZ0Ktlv+J6hcUhHN+SBVy7O9tHAMn5mUdXLvqnulPCM+uXnrZoCfGuL6WjaijrFteoIpTXB7FYgF+w==
+africa.			86400	IN	NSEC	ag. NS DS RRSIG NSEC
+africa.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . zDw0+4dUFLv83uQ36cyxAwAG5TsLm3uVoBjKR6b9YgxZklZXkv7qAbhZc9cvlqJJAm9Y0f9NwqQMLzVWzxcTop5DwhQ5RaEgstDj/sEyt2faSar34ihH7O81nH1jS7hbHManagOJYdZmk1Dy+6PuqfzaDhfynn9H+oM9RFrWwe3Qm7UFhg2YivM7D4Ksef4NgIv5Q220T0p4xyUeb/1FZjDgNh/mkbKzRYxxhobhqTmVcw8EaQNKRU/wJpXCUcKS7SEBSpERGy9FbDFOWIfK9LygloaDB48w7lKDEmKd9sl14loh1ZzOcmJv70SA4iDEfJySY367xhEDEPYrmaQ29Q==
+ag.			172800	IN	NS	a0.cctld.afilias-nst.info.
+ag.			172800	IN	NS	a2.cctld.afilias-nst.info.
+ag.			172800	IN	NS	b0.cctld.afilias-nst.org.
+ag.			172800	IN	NS	b2.cctld.afilias-nst.org.
+ag.			172800	IN	NS	c0.cctld.afilias-nst.info.
+ag.			172800	IN	NS	d0.cctld.afilias-nst.org.
+ag.			86400	IN	DS	8905 8 2 E3CDCE330B6F170283C06A1E3AAD11C098AD4A83CFC0F3CB603ECFC49AF4A059
+ag.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . QQnAFr1PCa2WCFfF04acpdY2IJwSMmBfQy2ktX0n4tohu/BuohhS1/jrzszWocmSTBszgKh050n+NoCyFSiRGClBtCRtok2+y1dkzmgmnUVb09/GZzDclBxRbaQ2UFqKGXXG3KbLVdv6hl2FY36ZM/32P/AOrKQstrgXhzW6cMNd0UwUK9chozyWqC4OrJwFsGKcwQMFLRhOR0fAZCubQfH9crEFTOinRlae/Un8EJZUMnwpkmg//1FnXwWw+EeccDgDu4sbX2Dz8Ih81stjB9HL8DQf2furao07VYGswBc/qNqfThryQGW+OHEhSCIulP0VtKhYnuBKDxOxi5VuqQ==
+ag.			86400	IN	NSEC	agakhan. NS DS RRSIG NSEC
+ag.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . fadf/nekQHHquHFxoSA6R/5F6TwrkelOneovTqLMaAQ2vKy2wwzu0pvkAz56rvWSMbfmoexFhtnFYcD+t8eDWxBTF0oUZZt7OpryG49V6ycRqq97cGneRnUJehw40dSSHBOiQElZF9Vh2kGEw347Y3eBmySQqxtvnIFtQpHoOgibm/wZwqGbUs/sdR+wLhm3GnZhAEHtOpEXt0YSGVVsToH5zk9gQ5c6RkvEXmvTbjZjacXBJg9D+zMIoCvAuLqQX7Co23GNkOhjLrEVb+9E2/+1aI96HCpYy7iVEKLduAIpcOR35h98P/5qr9StnhEi3Sekqmp584QqJM3PehP2Yw==
+agakhan.		172800	IN	NS	a0.nic.agakhan.
+agakhan.		172800	IN	NS	a2.nic.agakhan.
+agakhan.		172800	IN	NS	b0.nic.agakhan.
+agakhan.		172800	IN	NS	c0.nic.agakhan.
+agakhan.		86400	IN	DS	44761 8 2 4B8C22972DCAA43686D72581C1CB59D1F18D111A24464B8FC3464E52C7200CEF
+agakhan.		86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . bpI58DRFbSuUVLQBQclAMgahAm79OHZlVbmeLVSNfllbGO8LEHdKZH2QTAMsD/qjDVQtlKUirKRldcqW2jfej7/vXjBV+lHsVY/12/heT+aNi2xFGRsmzO9/IuFFpsdWPp8+QqX62niQZ482tOsvgQeC07l6v/CPHzYbnXUZY9bWRUphmm2orGawyIgwDUdpY+qQSwXfVmbhaL0e1KcXP2QLl2zBw3t9ssiHrYM5ZeUGA7on0o08IflB8HsOmu00MtK6srbALMi0tloyG2S7G3T09r9V+NzHUyEn036nEhsdxNat3c8KmQFBn/V7C5fjTQVzvOZdbCzZidAhetm5/A==
+agakhan.		86400	IN	NSEC	agency. NS DS RRSIG NSEC
+agakhan.		86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . Y9e6GqgZvUrqBrWe2xVnOBc39Q3CxRtnoSr5VJR9nwC/aMLpn0N9gtTM9v9wgYNrARfrD2Xkj2+Lbk977kPEOIrLsQd2UUiCtKAs1Yd1asvrbdnLxO4J9MuGoE39esiO92bZvFH8qjY4iG6RwWKQq3wo8ddSQq0Y1nr8eMH4d72OLn1x3xO3f85kp31ls+VWd2wQK9jFe4kNRHdL8O2db9dc0PzowZTTV3h70Bcim2vJkMWndHRNX9+BXW4c2EJQiWX+0l2bjX7MlemH99TAJaVnTx7/g6sJUFyg+lmYb4igRlos4djq5F5OBV/mhbnLbQx3UZj6D5cc8Upnd7RJjw==
+a0.nic.agakhan.		172800	IN	A	65.22.44.1
+a0.nic.agakhan.		172800	IN	AAAA	2a01:8840:2a:0:0:0:0:1
+a2.nic.agakhan.		172800	IN	A	65.22.47.1
+a2.nic.agakhan.		172800	IN	AAAA	2a01:8840:2d:0:0:0:0:1
+b0.nic.agakhan.		172800	IN	A	65.22.45.1
+b0.nic.agakhan.		172800	IN	AAAA	2a01:8840:2b:0:0:0:0:1
+c0.nic.agakhan.		172800	IN	A	65.22.46.1
+c0.nic.agakhan.		172800	IN	AAAA	2a01:8840:2c:0:0:0:0:1
+agency.			172800	IN	NS	v0n0.nic.agency.
+agency.			172800	IN	NS	v0n1.nic.agency.
+agency.			172800	IN	NS	v0n2.nic.agency.
+agency.			172800	IN	NS	v0n3.nic.agency.
+agency.			172800	IN	NS	v2n0.nic.agency.
+agency.			172800	IN	NS	v2n1.nic.agency.
+agency.			86400	IN	DS	3424 8 2 1ADD3AB87E1ADCF93DD66FDD6E4359737E7EF52C5B359B8B898EE928850BE071
+agency.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . TBmEz9EzumjEuOymkQMdFhESDXrruXm2nqKUxrnv6dmuyExiT2AsUMdR2G6nxXfrI5xZZxjhGjOzdASrRYOZNFnTBcUlJXbjUioqY9TAPFTWOD12NHsXVtM4vCxCmTEIwUtRIqMmMsq5AyoMrpHqH29aV0carWBMPUsl4aNN3KwoYkG/Z89oXX3KTeIfJJNEjl1tKfNshz9vFSA5nNIPDT856hCuoHFwAVUGydvZ+SnE882BXrfN7fOvjRJANSrKD6rwIsDhUSt0wS82uefAhwBAomJB1n1Rt4Mh3rkF/ZEnFt0xmevd26hUubRkB4QSHpQnbgggLoRnt8FDSbXqdw==
+agency.			86400	IN	NSEC	ai. NS DS RRSIG NSEC
+agency.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . j4/llP0pX6gweAWm4kyMvs/IYLoOt31z4XTtrxf7Dyz1rlq23ir2yiJPWdYLj9jjaYWb2+lNhuu8S2nFcb0g1jJrA4kQUdmjAdF3UWFzN5oYMTD7KKX2yYGa7mWbqrQYhpkO41VT8JT0tFf2zIL3Gun0X2uBiG4/KJeikGnjAQEYIZMWAXyuWi3Xj+om5ubToDQHdCrznvpCm2BFBp1yYKjqZNkDZB115Wo9S0H9bfFkSalUpPI58vrFw5TqSfXpWiOQRo4j6Zf7V5p+r/PnWCDJIItfVW2JYme0ysdpkozITTx/1ms9BhoLWoHXCMGB5hCJoU4mXx6lUWbipIWkOQ==
+v0n0.nic.agency.	172800	IN	A	65.22.24.2
+v0n0.nic.agency.	172800	IN	AAAA	2a01:8840:1a:0:0:0:0:2
+v0n1.nic.agency.	172800	IN	A	65.22.25.2
+v0n1.nic.agency.	172800	IN	AAAA	2a01:8840:1b:0:0:0:0:2
+v0n2.nic.agency.	172800	IN	A	65.22.26.2
+v0n2.nic.agency.	172800	IN	AAAA	2a01:8840:1c:0:0:0:0:2
+v0n3.nic.agency.	172800	IN	A	161.232.12.2
+v0n3.nic.agency.	172800	IN	AAAA	2a01:8840:f6:0:0:0:0:2
+v2n0.nic.agency.	172800	IN	A	65.22.27.2
+v2n0.nic.agency.	172800	IN	AAAA	2a01:8840:1d:0:0:0:0:2
+v2n1.nic.agency.	172800	IN	A	161.232.13.2
+v2n1.nic.agency.	172800	IN	AAAA	2a01:8840:f7:0:0:0:0:2
+ai.			172800	IN	NS	a.lactld.org.
+ai.			172800	IN	NS	pch.whois.ai.
+ai.			172800	IN	NS	anycastdns1-cz.nic.ai.
+ai.			172800	IN	NS	anycastdns2-cz.nic.ai.
+ai.			86400	IN	NSEC	aig. NS RRSIG NSEC
+ai.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . qW4gfWuOBwca94ALigu9vDmOaWiDjqkphYeDbHL/pgn8AKZSPhHkpQ1aVnePPsc1QMwfeCKVrg2WbEDkxBlCOToYFLFT/7MiENTvfTpXbyuCzRme3zyulXFGuUadt0GrPdW1dktmWvyW4wPkwQKWhnHWQroDwDTNZLEPd99DwJbily7ejQJHyjDyFcRZRRzeC+lpMad1b9OHSyHErEOB10QE+gbvNMmAVCwKurVTGH/msYi2fJyOWd76+EOULF7WmxcZhfXx9xEgLkgWzdjO721NfaUJM168yAAdqA5t6CPJOk9dQCb9WYdtsqiAgRANH6iZ8iyVk09m6eT20cJ98w==
+anycastdns1-cz.nic.ai.	172800	IN	A	185.28.194.194
+anycastdns2-cz.nic.ai.	172800	IN	A	185.38.108.108
+anycastdns2-cz.nic.ai.	172800	IN	AAAA	2a00:fea0:dead:0:0:0:0:beef
+pch.whois.ai.		172800	IN	A	204.61.216.123
+pch.whois.ai.		172800	IN	AAAA	2001:500:14:6123:ad:0:0:1
+aig.			172800	IN	NS	a.nic.aig.
+aig.			172800	IN	NS	b.nic.aig.
+aig.			172800	IN	NS	c.nic.aig.
+aig.			172800	IN	NS	ns1.dns.nic.aig.
+aig.			172800	IN	NS	ns2.dns.nic.aig.
+aig.			172800	IN	NS	ns3.dns.nic.aig.
+aig.			86400	IN	DS	15685 8 2 572786514068659A43816CEF2D3774DB47DEC4783A3133F6BD7D63D0A37DCCA1
+aig.			86400	IN	DS	18592 8 2 5561856A59F0B23749C885D4DD398A52B087ED06216DAEE0AEB88B965C4F6994
+aig.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . DysVuBG/zASD8l8lDmgYi91z+NlrvzG8zTAaWbWf8VhkLfRFSBXcr56Oo2kMTHrqDsK1koZqQyVIerj0PplVicHFB9jW+lHs7q71trV3zbMB+HKaMZTET0iOvp6kYZCvsUOvip7jVKUUa5RrpQfve1CVziG0OY8bU0ZbDpmPIDQKsKsvIiLmWZCdR9WOoV0rVZMRoyTo0hgoXVNKlc+KzidgVAOOqTv0bzTwxWUsqQktCrWVMhiAbFb5xwEfcAkT88aE/9LINe9598nTDu0oSoiBe6mPgkNAMDyEkfrJDh2201psU0WEymOfzOftJdqS/C/QCxqqxdbiVebGe/tWeA==
+aig.			86400	IN	NSEC	airbus. NS DS RRSIG NSEC
+aig.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . co1xIf3jfYqguQrKD17yQTfKhO2RCDySpQshn/XHegwS58kGBx+8lvOJb4/sGiK7H/ZiydUC23jZKlE2KfrxXfelLzoUl+Gu7gjYMMaCsuHbEKNy/18HYxytyfw+tV9+n8iubN5R6VblmlNCADaPCmgWHsUr/XGgMHqV8hTIutBo9kGZ1UVjuVtlevT10gEED50b7LaRLf5HrPIs+piQ+sVYJPi6FSi265va1tNj1ycWvmLqCqH/FHSsBE1wwRqb+tprMHF89JsjqXHKTbz/8C97udt2HMX0FBenVO87QG3EMbgZLbM499iYBJVMg60S3wYam50KoF6pg5U8NzPcOQ==
+a.nic.aig.		172800	IN	A	37.209.192.9
+a.nic.aig.		172800	IN	AAAA	2001:dcd:1:0:0:0:0:9
+b.nic.aig.		172800	IN	A	37.209.194.9
+b.nic.aig.		172800	IN	AAAA	2001:dcd:2:0:0:0:0:9
+c.nic.aig.		172800	IN	A	37.209.196.9
+c.nic.aig.		172800	IN	AAAA	2001:dcd:3:0:0:0:0:9
+ns1.dns.nic.aig.	172800	IN	A	156.154.144.6
+ns1.dns.nic.aig.	172800	IN	AAAA	2610:a1:1071:0:0:0:0:6
+ns2.dns.nic.aig.	172800	IN	A	156.154.145.6
+ns2.dns.nic.aig.	172800	IN	AAAA	2610:a1:1072:0:0:0:0:6
+ns3.dns.nic.aig.	172800	IN	A	156.154.159.6
+ns3.dns.nic.aig.	172800	IN	AAAA	2610:a1:1073:0:0:0:0:6
+airbus.			172800	IN	NS	ac1.nstld.com.
+airbus.			172800	IN	NS	ac2.nstld.com.
+airbus.			172800	IN	NS	ac3.nstld.com.
+airbus.			172800	IN	NS	ac4.nstld.com.
+airbus.			86400	IN	DS	31023 8 2 FAFDD4F89FA42D1396B42A972019BD3DE013BD1708888FD77BD7DADA8A38936D
+airbus.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . TDLHfyRJKZreiI6BNMVyF89sM28FFFg6DsZnwpzqw9va/uObeLjXzNiWJwYM+vVZrO1QDOp4mZMxdBtK8EQhsXlGHsrzvDIMb1gPrMrJ1ETtopw40bqeuDSvRAgNMGUVf2+d6JHQ1qclbTYi5zLvBYvgVCmwc3eQxDlRYZ1nbzZhK0UYtloGh/91ednI8NTm0U0uVbSIqU6K2jCt/H3fU1jcznTyB2yrHvbPFiCwQ9vQMcXA3MWfEuTFn9IGvLt1GFG1YpMrLjLygGILxJ94ik8z07n6HeSlHJWOSQvDvtNT1r2Qsg+ACUoD1JLHl9NmNVI7wEFiA+7NagH+o1T2cQ==
+airbus.			86400	IN	NSEC	airforce. NS DS RRSIG NSEC
+airbus.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . MUpSSOubDQbiy1+XOFQ50aMyyfrwHZQv+n13irv+u38FItywC9U0IJ1OYejxRf3SQjDBuyAnfW1KiBMxmo2dX1UTlblTZZ20Nj39zcWr8WS7YeMifz3A1XrLv0qFonDvjfRza4IP2sDUPfpPF4fGMVjiOctX5mu9gccA1iFrn6e1qt2UGOuRZPpa4vvIxC5Jw/6+u3gruTNCqaNSFC1ZUherkfwTJQ67xxAiwltaJBAYWsyXdqy+AM39fCsQCpLDZhDqNe7el7NQ9N71sdcyT/6is/UF9EZAcQJ8e/mik6Iu0kc6T3V6U1JYLE2QgG7JbK7vEznDrgrrLa/p+0vIxQ==
+airforce.		172800	IN	NS	v0n0.nic.airforce.
+airforce.		172800	IN	NS	v0n1.nic.airforce.
+airforce.		172800	IN	NS	v0n2.nic.airforce.
+airforce.		172800	IN	NS	v0n3.nic.airforce.
+airforce.		172800	IN	NS	v2n0.nic.airforce.
+airforce.		172800	IN	NS	v2n1.nic.airforce.
+airforce.		86400	IN	DS	3715 8 2 D8C2C957776B06CC6B58A15DA206712613092E36E90AF34015D6881061DFB5A8
+airforce.		86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . yakad+lkxXbj5kvb7K/yKW3YdWxGz+rTQjRJdukimnCS+hFsBZdGlxIIfFVX/XlMsGhjryPhL5h95S40PLgEvFtfU5aYIywqUQ9kHbD5cv1wCpBw029URO13sQtGAxxeB/CkCKW3C1854QAOqbw8wZfeh/6mcrBRd5SlsfMwNiWKmQDLPSWQj710G3VMMY7XfpNS84DWTLNZMC88CUR6zYeWI99M9mBykqR+S5qfBC/oIBtTYyr4YxiQVBo0rr9qVWSDyf78bEC3mjEMk3lVS3ETygAh9wg2gaywke8ngGw5yB8K8I6P+I9zDbfnivm7sJqnmYtutOnMdTZG0putoQ==
+airforce.		86400	IN	NSEC	airtel. NS DS RRSIG NSEC
+airforce.		86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . 06Xd9mHsGW9bc4Ch1uAl9Og9u7swLElhJ8oqf4AtqgzCg5cDuex0qHF6Hgs8dUg3nAC4CDK/YVb7TnsXUSa+EFU2Bth69rn9WqtqvlYM4BpA26njFr95MG998kv9HK/xYTjYtowH/gh71W7fFYjFl4SKpkEy/7j/F0DQurvXPPZMoYCyiLJAkZYlBuQWpgkz6wPG1nGeyIKEJ835tDKI5XRy5rXDoDRc6erTwSmg9H51qoFA7VIIJMXPM9yplNaKmXtF62jQoo8Yyie39utCbc81Ml4Z5uZeY/pin7yIPUv9VJAKXASHmlzuw+DE+23jITEsrCXcKZIB5iOpsKzoAg==
+v0n0.nic.airforce.	172800	IN	A	65.22.32.34
+v0n0.nic.airforce.	172800	IN	AAAA	2a01:8840:22:0:0:0:0:34
+v0n1.nic.airforce.	172800	IN	A	65.22.33.34
+v0n1.nic.airforce.	172800	IN	AAAA	2a01:8840:23:0:0:0:0:34
+v0n2.nic.airforce.	172800	IN	A	65.22.34.34
+v0n2.nic.airforce.	172800	IN	AAAA	2a01:8840:24:0:0:0:0:34
+v0n3.nic.airforce.	172800	IN	A	161.232.16.34
+v0n3.nic.airforce.	172800	IN	AAAA	2a01:8840:fa:0:0:0:0:34
+v2n0.nic.airforce.	172800	IN	A	65.22.35.34
+v2n0.nic.airforce.	172800	IN	AAAA	2a01:8840:25:0:0:0:0:34
+v2n1.nic.airforce.	172800	IN	A	161.232.17.34
+v2n1.nic.airforce.	172800	IN	AAAA	2a01:8840:fb:0:0:0:0:34
+airtel.			172800	IN	NS	ac1.nstld.com.
+airtel.			172800	IN	NS	ac2.nstld.com.
+airtel.			172800	IN	NS	ac3.nstld.com.
+airtel.			172800	IN	NS	ac4.nstld.com.
+airtel.			86400	IN	DS	42300 8 2 A698E339483D094208DFB7B858CDF0401BFFC320AFCC5AEED3B03DFE82BFACC0
+airtel.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . jNyBHjRxial95UPduDRL1jZXbywqiz0aRRq2MWtLpLLxgLUNPFgUP+z3c+nyz1Q6KLD6Hg5oY30NqpYnKPZ9r5Iyt+u4PRAGMIQIx239HzBtED27oSM5s6qJFV3xirdzJgZlPxHbO374xjrL8uvPSEOsOW+33oVRoKu9A5N5XJZ+hkKDNuh9H75xbKMWQrCkrrUJbRZdPBMaYzIB9rVo07f2W0IhPozK6kJc/5dfn75toYRDx9149RMSjKfJt2TUW6n7gRZEV8QsYAeviUqTinfMxUFfO2LdUARCMA8Th8ROgVgNTdsaOc4izfFwpV268LCTXQsQfJTiUvsjjmA7BQ==
+airtel.			86400	IN	NSEC	akdn. NS DS RRSIG NSEC
+airtel.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . r/bAcGaRb8/Kn3ZNCMN/TEUntPszogfQPposjcFejarHww+eWeMUh3vDyIo0Bxi3nR8qJ9ch6JVFwnuJfRHnjEMnReabUUgkX/QLM8K3Gn/nBZJggqwR/vAsW/niszSg4j0Mi0jMZREPPNy0dWcX/iDLKE3IrxVMRndwLXMOGYE0C9tJNHSQBeQz2ScHCiqbKY/XBr83U9X/Xv42j0nuJXeiMq7TgsnPL8/jl5vkLh2EKEYAv1zCRcjsLW3Bb3oAm1IRphvALoDdMtceBXvF2uGWE+x2GW9vJEtACsXcTsoNexzDb6obBP9cbWP4luJaYIiMQWB6jVS5O0ncaxqXSA==
+akdn.			172800	IN	NS	a0.nic.akdn.
+akdn.			172800	IN	NS	a2.nic.akdn.
+akdn.			172800	IN	NS	b0.nic.akdn.
+akdn.			172800	IN	NS	c0.nic.akdn.
+akdn.			86400	IN	DS	25057 8 2 47E24CE61E8604C9A8FC169D5E073B280F24FA9132DCBB64E727003A8BF27157
+akdn.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . yAO3YkCsGARuwZS4XvAKEolIyrKwe4rcHJ8U8WK9M3QaeoHtZeMIRAk+VrhwRSdPHsoB+StkQ6835OZwMhONNiP8vcKk8wzznsUcm65R1TFh/amVxdZ/kh/3TB5O/ROA6vj5YXip0Z45+nfKBBANUJL+Lr3j/O3fouxrMTIbVM8y9h/RuN/NkzLe3PJR4iLziuIEku/IuzA96Cjl9+4jei2NtxZ9JgHHFXbyl9Ul/hCJXjXeOdVyVQITRhADF1o36yzd2VP2i4TTIzCIvjnGpwGqjQnv6+aTMYkx4g6jsBidfMNC0mOljJLhxRvuvdhw3oTjnz+JbCj3MqIHKCl1RA==
+akdn.			86400	IN	NSEC	al. NS DS RRSIG NSEC
+akdn.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . MCQuiEioiRfGEjbhRWfsf1ziMHaMa114p89xN/+bpoCe8F4Plv04LC9incKov46GXPJhIunhbQHoUYFy/oFrRKuvaEL87oOXd93MKzVaxdZ6oi4lUoVpVjQmVYZLXYGkKQqoYYqTl1zwzuS6sijL1nY+EM5O6a/VsOdTdE+tRZ4Dzc/VBjVCU7quBQhz4lt4jnzCnD5qaiJPxIFvaoS605ZlZ/DlHSlQrL3hFQfQFCZXM6DXIk1utGg4wIwM3Dc8Ipvl7zSslokO2aYgt+oUftXCuKObTb5XTLRgadRlL+nbfcPlqakpeee4tKTZsQAU3mLElubszViz1vyR8A5kSg==
+a0.nic.akdn.		172800	IN	A	65.22.44.17
+a0.nic.akdn.		172800	IN	AAAA	2a01:8840:2a:0:0:0:0:17
+a2.nic.akdn.		172800	IN	A	65.22.47.17
+a2.nic.akdn.		172800	IN	AAAA	2a01:8840:2d:0:0:0:0:17
+b0.nic.akdn.		172800	IN	A	65.22.45.17
+b0.nic.akdn.		172800	IN	AAAA	2a01:8840:2b:0:0:0:0:17
+c0.nic.akdn.		172800	IN	A	65.22.46.17
+c0.nic.akdn.		172800	IN	AAAA	2a01:8840:2c:0:0:0:0:17
+al.			172800	IN	NS	ns1.nic.al.
+al.			172800	IN	NS	nsx.nic.al.
+al.			172800	IN	NS	rip.psg.com.
+al.			172800	IN	NS	munnari.oz.au.
+al.			86400	IN	NSEC	alibaba. NS RRSIG NSEC
+al.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . tNSusATl3Lye5nCqwSFjnz4Cwa320j5sc4DSKlvbumqvrsLpL/0UfNGKk4ervMaqoQGOsv71nCtb6Y9xRO8G8hmTQhk1NApHng2ZZIsbtHVUFAUGmGRg8WdXzEh+TNa9eYrLsrHU5lFWKbq810R2dTvrYT0kgan5QAxWC2UPLBSKgXH1wY5vryijnnrc6x9PYy+vHFhbDdaFFgjVT+sUz4E5Q/pHvrCoSDFczyOR/susBVUmINoSY/aCbqUx+8ipae3f815VAGbf5GSrsbRhkBObfTgkWFoJGw+DwkAN5KCVCo09KJDtImGi7X+q1QT16sBTGupuOhGGqTiwYAgfqw==
+ns1.nic.al.		172800	IN	A	194.1.149.230
+nsx.nic.al.		172800	IN	A	194.0.11.108
+nsx.nic.al.		172800	IN	AAAA	2001:678:e:108:0:0:0:53
+alibaba.		172800	IN	NS	a0.nic.alibaba.
+alibaba.		172800	IN	NS	a2.nic.alibaba.
+alibaba.		172800	IN	NS	b0.nic.alibaba.
+alibaba.		172800	IN	NS	c0.nic.alibaba.
+alibaba.		86400	IN	DS	7516 8 2 9BB7AC1C7877373106E72E767EF0A772F43682D030AD67B2C7E3E473A9B7B69F
+alibaba.		86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . N/FCaFJEmGobjZ0BlgEX75dj/Upwubvu4aTvUKSgWBSXqrx8sn695+0IYkR0Y0pE5EKeQrklBc+bAFaui2MIY1F61KKLzdLUyKReVlXqO4nkZMwriXbEX9vGbr2DCPiC+t6ShgifFs6XAda3DM2W3/rEPXUaaCGy+wsfb8RgzmhvyHAy0M0m/x+l2whimIRKor5GVy/cR33ltw0FY3T6bE/5eWlbp4t4/C27WQX2b5iDpiDGi70BGrVk3b07uf0PFBEZEd4vUzyFQrrxrrVvpuCLW3/EMetbzZg3NpFZzcK+mPNfe94tUb+91l9hqiHsHu3XVsjgrdDbfhAyrLFpBQ==
+alibaba.		86400	IN	NSEC	alipay. NS DS RRSIG NSEC
+alibaba.		86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . RBQ6v6eI76zdclhbVIBsIlDj/0wrGLm+DOpWqfBXZr5Tee0PUGWDeI7nr5v9DwuEQuEpk1rPqz7BXLZOXrwypz3fKhzTmd9ARWV2BrgaZCY1CqQtfXW0F3+PiX8YZJN3FRmnJ8/TgHlGGI0rdgCz958SBVrofETrVU4rZbVE9YEK53xPWPX+06cNqpxcVX8gBf0zdjK6eUVRUuUvZEiGBBmgi3yifyXsDlVby7i6lmMx7AHsBTKTsfvYfz7gzPQX5Q7a67KU3jdv3jHCCGGgi9iDs9E8Kbg4KPLvKXgX8uFQ4QFPRl3VIZljpaw6sDGvBEgspdhNETMyhcnb5WvqkQ==
+a0.nic.alibaba.		172800	IN	A	65.22.132.9
+a0.nic.alibaba.		172800	IN	AAAA	2a01:8840:82:0:0:0:0:9
+a2.nic.alibaba.		172800	IN	A	65.22.135.9
+a2.nic.alibaba.		172800	IN	AAAA	2a01:8840:85:0:0:0:0:9
+b0.nic.alibaba.		172800	IN	A	65.22.133.9
+b0.nic.alibaba.		172800	IN	AAAA	2a01:8840:83:0:0:0:0:9
+c0.nic.alibaba.		172800	IN	A	65.22.134.9
+c0.nic.alibaba.		172800	IN	AAAA	2a01:8840:84:0:0:0:0:9
+alipay.			172800	IN	NS	a0.nic.alipay.
+alipay.			172800	IN	NS	a2.nic.alipay.
+alipay.			172800	IN	NS	b0.nic.alipay.
+alipay.			172800	IN	NS	c0.nic.alipay.
+alipay.			86400	IN	DS	9922 8 2 01DC2703DB44DCA0F990FF6B619DE1879DD06BDDA5756272751A4B510CFD76BF
+alipay.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . CwnDYWEGPF1Ysw9Gz3BzhMaBW7rgkB2WPTU52h6eTDFjYfvlujYsLUMbhe9rtjBNcE8qlU0YLGm6iu2By2IJd6tAWThFSfWxLZqiYSdkX7f0JveN7mctwleKsLJyfRc0vjifWd0vhDo+MuvmlH+HcFStH+P0s1VcaLu11M/c/enKyzE6pdxdxfqGfCc4gBpV9C82eL+D3y8lV3fnsTRc8I8OBHuA1F9CD5jtnk2sEUtdtfwN581FsvEVF2m2qveyE2nbgWzibu9gTj80cpDqZNwAI1ehMC2OSuLU+WwFrobLLxvQxkeSonM3Tc//GNPAMEV9JnbK3YvwDsfua/Hv4g==
+alipay.			86400	IN	NSEC	allfinanz. NS DS RRSIG NSEC
+alipay.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . HLYNNnxwjppk+Qkvz9s9eeloYuylIJEHwWDNUbwOr5Bcn2M2ZicrD2hi0UtbTvcRG93ro4wMgVTQtigkizuPT60QxJgZauM9jmW5L02qiZ+uR1Y3jAPs7jIDIFQsDRWyRxKCVXBhvQgCTduneJRtxsFkLEzzUAQUB+46oj6PNE4XEAYevE+8B6mfrgmRrxQkElWJKn4DBeR3UB8oThP7iwilXxfo74Kfhs2K9HCzbCudbH5mQ9nMgrPTpHu0orZfmpEQi39kHhr0mv+T1qxEKQDoPrtzuycW4SD7lCfWOFrIK3W61/UYsK76+JTi0TNG/r0kn7cXSWV17/YULgfa1Q==
+a0.nic.alipay.		172800	IN	A	65.22.128.25
+a0.nic.alipay.		172800	IN	AAAA	2a01:8840:7e:0:0:0:0:25
+a2.nic.alipay.		172800	IN	A	65.22.131.25
+a2.nic.alipay.		172800	IN	AAAA	2a01:8840:81:0:0:0:0:25
+b0.nic.alipay.		172800	IN	A	65.22.129.25
+b0.nic.alipay.		172800	IN	AAAA	2a01:8840:7f:0:0:0:0:25
+c0.nic.alipay.		172800	IN	A	65.22.130.25
+c0.nic.alipay.		172800	IN	AAAA	2a01:8840:80:0:0:0:0:25
+allfinanz.		172800	IN	NS	a.nic.allfinanz.
+allfinanz.		172800	IN	NS	b.nic.allfinanz.
+allfinanz.		172800	IN	NS	c.nic.allfinanz.
+allfinanz.		172800	IN	NS	d.nic.allfinanz.
+allfinanz.		86400	IN	DS	11155 8 2 2337B2A34993E96D38FC18DA0873463C467385BFE16E09E51245673F027F913A
+allfinanz.		86400	IN	DS	39881 8 2 8619BC44828EE2CDFB00E0C8E67AC0F7522AAAAB12149EA53B6B52C421120A0C
+allfinanz.		86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . C1n1s+y8eyJRlryzdOjylH0eHFluDW+pNOlTAi1LbpJUTW0s8T3o6uje9h1BlKRb4JSEbocyngdtzbZI16AHJCjBjFG+/aSWltZDq1fAEEu+ZvkeXZSjJa4z5dIPF6R/Vr81eN8XN5aJAgaQ/4ZaIg4a2d+DNOtdHztL7DCGJiGqXxVcbRH2AzfdzVdO7+KhDQwsMIznKosnownnY8Fx9BcOjPI7b5eIalwSvdb2ykeM0WrlN1m/+YpcomR9zgIjRxgn53blyQ4QGk13h7U5HECkEr5dAH9k6ORI7y3MVEiXm3E+r53n+NdD2GJoQIOv++TAoqUb7jyudRQrCMsmHA==
+allfinanz.		86400	IN	NSEC	allstate. NS DS RRSIG NSEC
+allfinanz.		86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . XIBfQr6KdMQtuwgdvlcIZvttF0lX06Olqk1yuX9bhHDI+++KTKrcg+CqsZVZw2RT5uGi1w+FVRcZ9yXeYhSN+uhoeFY1/bXs9KMU8udO/YB7x79gqtmLDIqJswiAbC04t2pTnYRn9sOoJsuWJx3vKXryI0mggD7Yqsopv8DsMPW29pZGfE9cQoo7PaYsU+4bFztE47OB70iLy3Z+DMgypAo3VQqw5cjYBhpenVfU2/qSoiIwmVi8AWpwstUJ8s4B/GcvtJETR4zBm17jnT4kH3zFD6yXFllwqhWWtyVkJ5OdEe29o3pLBk6L53qsaPhfV036HkS8VpTkm0vCK77TnQ==
+a.nic.allfinanz.	172800	IN	A	194.169.218.75
+a.nic.allfinanz.	172800	IN	AAAA	2001:67c:13cc:0:0:0:1:75
+b.nic.allfinanz.	172800	IN	A	185.24.64.75
+b.nic.allfinanz.	172800	IN	AAAA	2a04:2b00:13cc:0:0:0:1:75
+c.nic.allfinanz.	172800	IN	A	212.18.248.75
+c.nic.allfinanz.	172800	IN	AAAA	2a04:2b00:13ee:0:0:0:0:75
+d.nic.allfinanz.	172800	IN	A	212.18.249.75
+d.nic.allfinanz.	172800	IN	AAAA	2a04:2b00:13ff:0:0:0:0:75
+allstate.		172800	IN	NS	a0.nic.allstate.
+allstate.		172800	IN	NS	a2.nic.allstate.
+allstate.		172800	IN	NS	b0.nic.allstate.
+allstate.		172800	IN	NS	c0.nic.allstate.
+allstate.		86400	IN	DS	47509 8 2 101757B35BFEC8D399987D94B495B60ACC0DA525CF92D900C7566BCE6ECF9356
+allstate.		86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . RZYHqafyTwA7VBHpgPaqhZ1NcJXtK+ot2C/ju4Yl0IbxOLvw6sNuHkMLoEmmDr/mB1O+8DQxT7GO5OKMmPZC2PYgp31IrJ7GeJNYoWFTlK71g65lOxTNrVtQ765u5jTRKFJH/vunFfGZJKtoW8vSY17menHny7fTp/R1544Tmvj8d4xEblqGzk7/xSNFVMLUjNWlk3KpJboqciUc355boT6DZNSB2IkkwVGl0QVuIfKvKW3fy2694VmpG72+K+Va5zTX9GBt4PHGxL6GZWd61uLEjK6W3t3nHOO/erxjkGjJmUNJQcLgAzYOAgfgCj87QbFhAP2rNCJxEUT5MiiGDw==
+allstate.		86400	IN	NSEC	ally. NS DS RRSIG NSEC
+allstate.		86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . ViqtHWDT6mFJdkFnQeWPvO3oBLd3pF9Nlv7PdJrBLLTWDp226NNgJ+SwiTFL9egtlNIRzNY9I9D3F23ZEJp63nRn3WImtn5jBfek217u/jFyZ1ut051ZZEs+mNI8R8x/NhzH8v1MUAezAHhGpnyD7dpkPVPVmX1bE0CjoJIB1Wu7Aa2kDcd4FvMPgMADv9bEWP8oCSo+MG/oKthiYvaOP5GgWTYu4ePXzdnVjVtO4whm6w54UYT77tRsTkSYbGoaKAa4fMF6YEhHd3n77IZw8boAghOOTlgTSekq3slub+07D+/Wj1CbLK5R2nCXYdOSh+rouYA77n6bZTC3sj5ldg==
+a0.nic.allstate.	172800	IN	A	65.22.48.9
+a0.nic.allstate.	172800	IN	AAAA	2a01:8840:2e:0:0:0:0:9
+a2.nic.allstate.	172800	IN	A	65.22.51.9
+a2.nic.allstate.	172800	IN	AAAA	2a01:8840:31:0:0:0:0:9
+b0.nic.allstate.	172800	IN	A	65.22.49.9
+b0.nic.allstate.	172800	IN	AAAA	2a01:8840:2f:0:0:0:0:9
+c0.nic.allstate.	172800	IN	A	65.22.50.9
+c0.nic.allstate.	172800	IN	AAAA	2a01:8840:30:0:0:0:0:9
+ally.			172800	IN	NS	a.nic.ally.
+ally.			172800	IN	NS	b.nic.ally.
+ally.			172800	IN	NS	c.nic.ally.
+ally.			172800	IN	NS	x.nic.ally.
+ally.			172800	IN	NS	y.nic.ally.
+ally.			172800	IN	NS	z.nic.ally.
+ally.			86400	IN	DS	22405 8 2 774C1930A734067DC62E7AE54BCDEADAA2281A57155B8F0AF3683BFCBF7FE46C
+ally.			86400	IN	DS	40354 8 2 46BFEA1CA30072B089D2E566821640C144511B308DF1F0271402D569C7332783
+ally.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . mhW7zbizX+TIUUA64KM5ODSSCEBUf6wwCuAX6Iz4gk2wshCcY0qQfi8AREM9I7dOa0N3nmF6dpEoBMJxrR9ylYUO06MJjudU81hJANXRY4JLlcuf6Q78DE0rMLKi0TPPo6asPO+wsgQX0yLaLUFS9gzSM45UoQ8gn9LC5zN9PnecfcVJ+2UTg9O0jHmY9sG+3PaZyiCqBlDnh+WmpS8+a5UpKdQlyuYPp8YnKq2H155PU+mArRcdK7s36YH5jsDtZLXxyLNFq/JM3feOiFPWUXTJMe4KayeWj3vgCYP5y6IIkQ5lbm5PqmZUdI/FyO8inNzPzu++VrnBkfc2ZH5UUQ==
+ally.			86400	IN	NSEC	alsace. NS DS RRSIG NSEC
+ally.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . uJU72eOaldnPExkkr9x88HFLaTzr71HHnXeAr9wsXbSAkaZrq674GvKoEFQU7z0E351V46ldItqPTTPNsY+Y7MQyDqDZOUvcOQCtrzhgi3bjZ7gZ5jaVpy6zHi9LMmWt+SM2cuoulzXvReOzo0V3vswtSD/QihRhYvVVeIV8MlLlhYjD4jn6XtlyCp/7Z4oCTkSiRgiZL1/6wLzfpfBXhHVnjf3mr0x+vGIAE4R/+fBrE3iHX3/W2LCRtV692tp5/+mvsY9V1JVJhzefrFpShnlPWzRIiFRNF3yP06Dm49Ictui+ebITRdwBhp3+9XJjRE8KA0GeqC3jydOL8glcIQ==
+a.nic.ally.		172800	IN	A	37.209.192.9
+a.nic.ally.		172800	IN	AAAA	2001:dcd:1:0:0:0:0:9
+b.nic.ally.		172800	IN	A	37.209.194.9
+b.nic.ally.		172800	IN	AAAA	2001:dcd:2:0:0:0:0:9
+c.nic.ally.		172800	IN	A	37.209.196.9
+c.nic.ally.		172800	IN	AAAA	2001:dcd:3:0:0:0:0:9
+x.nic.ally.		172800	IN	A	156.154.172.82
+x.nic.ally.		172800	IN	AAAA	2610:a1:1074:0:0:0:1:82
+y.nic.ally.		172800	IN	A	156.154.173.82
+y.nic.ally.		172800	IN	AAAA	2610:a1:1075:0:0:0:1:82
+z.nic.ally.		172800	IN	A	156.154.174.82
+z.nic.ally.		172800	IN	AAAA	2610:a1:1076:0:0:0:1:82
+alsace.			172800	IN	NS	d.nic.fr.
+alsace.			172800	IN	NS	f.ext.nic.fr.
+alsace.			172800	IN	NS	g.ext.nic.fr.
+alsace.			86400	IN	DS	7047 13 2 40AC4EDA437F376B0A772AC6F570055A6AA58D635AC07946A778ABEBB8E5C024
+alsace.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . ItH7KqX6gJuGql9SIZDGpr8sGseQroUmKSFT/ET1Xr1Ufjh2AIvJ1YlkvEtMb57QU2+Y/gmy1y6qGFjVcDYNoVcubL/jTIurr/i7LsNK5AvByRBZiysdgyXzMRiCan5+1Mwf04vieQpBfsIP+gL8ZcpwT9MFwA5Gb0ZgbBubQg+g7c7/bN6bqGiDhR7eQePJYMbWJvN3vZF/f6oHpJllsnPTPEbW7bvzC5e4Glmc7bPSUJCpLOtEWME8yx+Tf/p1N7OTjwmHFGjt0uYNuhIed89rkit2rye8H1KcSJmn3IQfHhA2keSxKGoQTMZx4MVWIpfV0lwQsrjCAVztyCnYIg==
+alsace.			86400	IN	NSEC	alstom. NS DS RRSIG NSEC
+alsace.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . CbEeBjRMl320hoV4jL/hP/6lk9HAAlq0yhg6B+DlLfsvwJ4iX5NtQrwp04AfrnX2CTivlmdf1wYGy83OdZBfmcJ9HT3OfTxmcjFOXxVenEYKcmqA686cfB3jxZGeERtWuuoEkobR+dH8y1t7zZUJEBs8m7yfIDcQJ5GV1iZAi7PxaqrUePqhDmNrgnoAHjVYS8kbUMGzbP8ZprXK7XJQae20SPd8gOoP78EITAaiY8lrfzhyU6EhZEtzmsZQ8PPYWXyFn4maCBsCO2p86yTJ8t2RG4MO0DIjwVpDFITBldd/dD2Gckwt+lzB+mGrl0DjWHVy8975OQbG5YjvJrLX8g==
+alstom.			172800	IN	NS	anycast9.irondns.net.
+alstom.			172800	IN	NS	anycast10.irondns.net.
+alstom.			172800	IN	NS	anycast23.irondns.net.
+alstom.			172800	IN	NS	anycast24.irondns.net.
+alstom.			86400	IN	DS	65377 10 2 54E1DA73874BC3C3291775181DE3F4B6A7B2828FA67A0B519C380C3C1F3B35A4
+alstom.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . uqtf/CeaLVvAH17mUR4uc2VOatlyQ3CJTas5809O7SXGkkQ1NuRDPv3YJY61Hf5zk7vmsyndwy7fnDiTw5+DwJd4SsvMbM4GlrNy5K2PQ5jEN0I9AMvLeujWOsldzGtitUTAhXFfYkNcNFli1hTWevmDFNzBzA1c4WtfSr4Abxs9wLf23F4toOmJ4OJfymsKF6pjL2Z2QZg1W6A9v3O08plpzUoge60BRe9ranyh3dlEj/CPNsbQd8OsB1ZMGgGxdlSfFSgDM9cDRZHHbL/6Cp16hs4jhX5PP7o7g+Npvp8tr3E1fJHtaII5AEFvwFfnPKzuvwWkIsMyjmnaQfHorw==
+alstom.			86400	IN	NSEC	am. NS DS RRSIG NSEC
+alstom.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . NqM4tDBatwHa8ebO0qbwuuM02zNm81x6ZL+OTD2ddxvSbNCa+ICimeKEwcQ5heZWHDSshc5pO47JgDocIFXi+IMXySRbNfG8vrkQW4Izc9MpRrfmy43YisUjLbOoNINBeYrABjGy+hzoXVphMYIGwHv0TG3WdSBjwSNNrU9rtd+i2GovBvr4VAqHLlYz7Fj6X3fhF+tScjN+zAGAmcrkxzxRr7hka6Xe8dUvxpSwBIPeCGDuGTUhQZ7kmRdDw+NaD/7CNuelqViLc+IMIEh1NWVwxU0b6van17e36IMIp/EhVUFI78frPBIBvhcj30vkoiU1vblwoOJohF6GeeG/xg==
+am.			172800	IN	NS	fork.sth.dnsnode.net.
+am.			172800	IN	NS	ns-cdn.amnic.net.
+am.			172800	IN	NS	ns-pch.amnic.net.
+am.			172800	IN	NS	ns-pri.nic.am.
+am.			86400	IN	DS	49625 13 2 30AEA154B17D52884C12DAB5650CE87B9628AA55110DE1890F1D335D995A606D
+am.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . iYKQD/vpuSq5fvIrsMDM0jVD/w4MGfjPDiazQEmMg0kubLPx8XgZW3Au62KC20Yv5MBjcP5uxe0A+AWWKHz0GxwgVJz8jfMraqdjsqvU60idqEZerf0oMGTL3v6/7Et/gnN0ANv6ab04czYGLJcr9CFsjxgaes0bsOtLOw2Hbqzl4hxJGfGzVImGX0+v0fBuvj6jQkmQ6YQVLpjiv1pE7i39XTGYT/8ZlE6OhAUhbqnOhaGv905VadYsF7/JlQ9WMspLMWcV1ux75wi/cNSCwZ32zR9pWnECzPmuN/HnxRdhRL36WxleHN57WYMuH+lISWf5bAUETdMjyUs7MbDXaA==
+am.			86400	IN	NSEC	amazon. NS DS RRSIG NSEC
+am.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . Do+fRV6buAhcVQs173Q9qPFgnardAn5/7e9lCQqSGZ57TbwTBiRMy8wtq7sItE3QE5f2LKGl87zbg56Fo6+qERo6nCdSVUcGLBU+F2hMi4Ln3KVdq4WgnH5huqF9C/5MIWKx3jyx3J0JMMwmccXdeNrE+siuagcrwta7sTO3I/npVC/SaH+6fUYOaserKxUUbF3UkWt+LnjyP7eWzmaF09Rc3gEeaC/p9VerqvwMTUaz+h+7Qplss7X8PDovXoFFRtgd9TgiwNcPBdcfa1/Gin5wxu51ryfw4skSL9tWSmW+CMhDGS0Xb2Mif+x2fEnlMXFS+td29FdHuOeX2j0Cuw==
+ns-pri.nic.am.		172800	IN	A	195.43.75.53
+ns-pri.nic.am.		172800	IN	AAAA	2001:7f9:8:53:0:0:0:1
+amazon.			172800	IN	NS	dns1.nic.amazon.
+amazon.			172800	IN	NS	dns2.nic.amazon.
+amazon.			172800	IN	NS	dns3.nic.amazon.
+amazon.			172800	IN	NS	dns4.nic.amazon.
+amazon.			172800	IN	NS	dnsa.nic.amazon.
+amazon.			172800	IN	NS	dnsb.nic.amazon.
+amazon.			172800	IN	NS	dnsc.nic.amazon.
+amazon.			172800	IN	NS	dnsd.nic.amazon.
+amazon.			86400	IN	DS	14854 8 2 4F9F1805F5689BF4AF48F0FA04BEF8727B83EAC65A669E8BF1A5EAFA83350D39
+amazon.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . dIcfL4NJ+PGMK9C1b5NNiSqTAAiOhjbmuDI415SF9s0TrHQN5z00Ev0VQINiH6wsYmjB64oLXkoC0QYI1fEN3prsVb9hmNlSQPX19iPCtE+C4lbWEnnvp1rQVAB1GIZn1KuY2snpJnaxUDEkKvdI9XcWGjIwoN7HRCzIQV3dcHFGKzFYyULY7CTpNnh6EiT71gD/ae3MOBbKjkfVoCuVRJ00NtzF0PubEfSUbdOsHmm8fOLt0EOMuev7O8f27buymOZ5nDTbSb674n7cc8IUAaSKxH3giCTptlAyP/sH4aNQ6CAMxfYz3BadIPFmXS8nxT/T664OozxIkv2R5i+IwA==
+amazon.			86400	IN	NSEC	americanexpress. NS DS RRSIG NSEC
+amazon.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . o0t9v4h2/aqzTXdftnlMdMXTQldKYfa/f7zHbXjd6RA+pLpmMwOWUma4vYIAoY5rtXC0xfSauswfFJAunPuM1tGQYuHwJVgHJtJ7ILiOtwJaRNw4BhnFp0gOrm5yH0v75wJ9KsuPrIxXIz+sJhEDnr2xMYqwcpBn2RPgNX54V+WrLA2ti6c1lcpz++bVVkWv8tGpuuCS1SclI7kNNk1VvoiiU5QsbdKtSCRT7CsewtSiwKf0iGFBy7BdUPw7lJOApsLlByeZ8d3Cv1Zy4T1XMdc1NKxxZNIosZBKOZ6d/URjQav0h3AguP2HdqCXQWWL3+MQS9+JFZZXcTKBYZt4/w==
+dns1.nic.amazon.	172800	IN	A	213.248.218.90
+dns1.nic.amazon.	172800	IN	AAAA	2a01:618:402:0:0:0:0:90
+dns2.nic.amazon.	172800	IN	A	103.49.82.90
+dns2.nic.amazon.	172800	IN	AAAA	2401:fd80:402:0:0:0:0:90
+dns3.nic.amazon.	172800	IN	A	213.248.222.90
+dns3.nic.amazon.	172800	IN	AAAA	2a01:618:406:0:0:0:0:90
+dns4.nic.amazon.	172800	IN	A	43.230.50.90
+dns4.nic.amazon.	172800	IN	AAAA	2401:fd80:406:0:0:0:0:90
+dnsa.nic.amazon.	172800	IN	A	156.154.100.3
+dnsa.nic.amazon.	172800	IN	AAAA	2001:502:ad09:0:0:0:0:3
+dnsb.nic.amazon.	172800	IN	A	156.154.101.3
+dnsb.nic.amazon.	172800	IN	AAAA	2001:502:2eda:0:0:0:0:3
+dnsc.nic.amazon.	172800	IN	A	156.154.102.3
+dnsc.nic.amazon.	172800	IN	AAAA	2610:a1:1009:0:0:0:0:3
+dnsd.nic.amazon.	172800	IN	A	156.154.103.3
+dnsd.nic.amazon.	172800	IN	AAAA	2610:a1:1010:0:0:0:0:3
+americanexpress.	172800	IN	NS	a.nic.americanexpress.
+americanexpress.	172800	IN	NS	b.nic.americanexpress.
+americanexpress.	172800	IN	NS	c.nic.americanexpress.
+americanexpress.	172800	IN	NS	ns1.dns.nic.americanexpress.
+americanexpress.	172800	IN	NS	ns2.dns.nic.americanexpress.
+americanexpress.	172800	IN	NS	ns3.dns.nic.americanexpress.
+americanexpress.	86400	IN	DS	31510 8 2 87098C48F0E74920DA2D916E8AEA9FC1E92919EE033EE569569942A5DCB02C02
+americanexpress.	86400	IN	DS	34516 8 2 1586CD9180548B70D0D4978F816744C95202F6D63E8685866025116314E629A7
+americanexpress.	86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . t0cgIWbV/nhzCFoCrtO/G0kQqyinXR5S0/sPu8Tjp+FfcLwLMK8alvF4ErmdmU4NYntidEe9RBBDe3MLNW5TUHX2P/DEwAPmYtBB52YRgmI/fZS68xaqnxyXv8wHIa6geApKYpZgWQHbZ45dHPB42NB57UUOEcssr2mDpWnGk4vbNDyQwUb3liYzwESi12XAFlXzcdiInL05BblfWhLuGCPhhuG3hWD9AwNX3ue/oY99wnRkpEpsq3LBqTZGIh69a+czxT53ohR1P7V+cbB+HpERGCApCut+hzzPmRfcCLE/zw3zJpUAshGfv/Bz6fxB401JSdkNme63+TfMyPMusw==
+americanexpress.	86400	IN	NSEC	americanfamily. NS DS RRSIG NSEC
+americanexpress.	86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . Q3fDLs2ij4mEAXFzs8mb5IEoQ4lvVm8GdwXvfkGGlCDjBqiOFzg/5jkxJyqgrnRLbMvvAlnyB7hNaJ3Wvt9KeZgMJjjIDr+sSEY9/BoolriYICuUEQYH3BEHlpUx/5MJqc5pvyIn8MOGXcXj9GDhpSpJTfvs9Se32vuAUd+vQkcZdHtFPVGmrhl7ZbKOUdK7ErDEoWrbDZus+qw0Bt0ax25q7PndONdVykeGd54WM2zj1zHf0+DkgqjKllGNKVhFBKWSnxyb7OdIYszErQ1G/OYyJ9tq5CuF350hPjMtlKgCdUtV2oUvwoPcI7ljfMEljOesf8/0GRJYhApdTPCFvg==
+a.nic.americanexpress.	172800	IN	A	37.209.192.9
+a.nic.americanexpress.	172800	IN	AAAA	2001:dcd:1:0:0:0:0:9
+b.nic.americanexpress.	172800	IN	A	37.209.194.9
+b.nic.americanexpress.	172800	IN	AAAA	2001:dcd:2:0:0:0:0:9
+c.nic.americanexpress.	172800	IN	A	37.209.196.9
+c.nic.americanexpress.	172800	IN	AAAA	2001:dcd:3:0:0:0:0:9
+ns1.dns.nic.americanexpress.	172800	IN	A	156.154.144.9
+ns1.dns.nic.americanexpress.	172800	IN	AAAA	2610:a1:1071:0:0:0:0:9
+ns2.dns.nic.americanexpress.	172800	IN	A	156.154.145.9
+ns2.dns.nic.americanexpress.	172800	IN	AAAA	2610:a1:1072:0:0:0:0:9
+ns3.dns.nic.americanexpress.	172800	IN	A	156.154.159.9
+ns3.dns.nic.americanexpress.	172800	IN	AAAA	2610:a1:1073:0:0:0:0:9
+americanfamily.		172800	IN	NS	ac1.nstld.com.
+americanfamily.		172800	IN	NS	ac2.nstld.com.
+americanfamily.		172800	IN	NS	ac3.nstld.com.
+americanfamily.		172800	IN	NS	ac4.nstld.com.
+americanfamily.		86400	IN	DS	61398 8 2 F6890DE22C9B4261C9FCFAC53FE0849FAA9B573EE95E027E070ABA270CD966AF
+americanfamily.		86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . pUZIbeleHHL+TATSAiz34T3Som0lMXu7drTlWTRcWCnJeiJHYNxiG1vP7DUz/2Cv12WO4PJNLEan9qtZto9+TGm00ToTopwjtQfQS4TCKUYrBeza+ROMqdyEGprGLTtOH3g0QEVksU+HwAJ3QDEBqzXgfxU958KUUsmaUnP58EgYH3lSiooyoyMrzlcBIk5AI9noxW6Wo/qS3RB6nSm6zEnmyp+oFj72wydNmSREGla2poOfccARS9fIJUKoiu9hsxNAsPpemN+++F6b+mwIT3YdekIfwXPgofJ9sjTTBRxK8UQwFiiU6qDfQQWEXoDLsikvlO/cgXf4D6/4uckbog==
+americanfamily.		86400	IN	NSEC	amex. NS DS RRSIG NSEC
+americanfamily.		86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . brkHJh4uRLkgiKLrq3BfU2cYKtFlIbO3+GSQCAIS7AZicitOkTd62DeyF0nn+zIgVwO25CPB8Mfg9jusgyrw4R5fxtw1wX0+WhTHaWEais8bdOEcGH7IEG6bVLWh6w65leMDk1qrAZlRwuvH0lJG2Y426ikyZZgRM7CbRWNU8aDqm1aqSzFYhvCpNcKtl/Olj4xxI3B1zsM0fEZYsNXnyjN9xhwpauO+VVEABhAgqxzg8n63SyYudPLyoG/zIGfc1UOHLNIwqvIQcR2haLivqL0jdzjfgTsW5YoSkSUcbk4oX1/dkWq2ia4pONJL3Gn5VrW36ITA7OpGH9UfszTlTQ==
+amex.			172800	IN	NS	a.nic.amex.
+amex.			172800	IN	NS	b.nic.amex.
+amex.			172800	IN	NS	c.nic.amex.
+amex.			172800	IN	NS	ns1.dns.nic.amex.
+amex.			172800	IN	NS	ns2.dns.nic.amex.
+amex.			172800	IN	NS	ns3.dns.nic.amex.
+amex.			86400	IN	DS	22897 8 2 E17027E1218BA28CD5CC6847F0B7606066EE92EEA6B9901D4E8E41B3E9930B6E
+amex.			86400	IN	DS	33586 8 2 7DEB639C1B7C68838CB13AC4063CEF638BD32B47A399F6FE712E893A9A8CEC19
+amex.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . sgIvCIqGmiDR6gej6YHyo2xSFgvtdPlKMs7UOyrNDy+Jf1Jfe61TYAgifMDbWokWN/fJLouIal+elPqSv8HrpqKSCNquObqUDXSc2lX4yPXpWoL2+Bp9jHX8UcQ6Ke5vr+WBzKSY4TOFWDF9Fz/M4S4IGnKCXpEWq3z8TPH+B3ibWnE0yRcPJsVvDd+22BsuASj8+i8LTOsU29Y0zN2d/pnR8t4Ox6kIUIpcMxCogpIk4kEb2bxq5ifIcEM4A9HaphOZBE/bxKYp+dgx/M93TI8BOoGIiIYQkLjxHlOMeaAdiz5Ph9pqW9J5fIrktffedBjrKXfvMT/kKTbtubXghA==
+amex.			86400	IN	NSEC	amfam. NS DS RRSIG NSEC
+amex.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . Y6JfHk00cSHRSs24Y/lMaNA25eTmVW7SnFdPWvkqewbaGvDhJI/3Emy7zm3qzpT7mQFeyTTFXCHTEDarzL9VarRTJjoRydgBUvCoUsqqaRjJlenUGGrf/qO8VwnTV758nkJoHPDIPktin8qw0lfWZ+IBzTo9M8VS3p6IbulupEpcoGosOmhWjH2eSCYCWs3b0vPuP2v3M4I8+CvcSsOznxYaUvqrjXZpOR6cQZoLE3o1qXQh/b1mK40Gv3RZocvcgJuwOfIxfltv9xLLJ5rSTGza6sbtQnWJhGt09RFMxEAGCW8H+9m7U1402Qz+S0tQxON9p7YYz4xQUeuuhAiJ0A==
+a.nic.amex.		172800	IN	A	37.209.192.9
+a.nic.amex.		172800	IN	AAAA	2001:dcd:1:0:0:0:0:9
+b.nic.amex.		172800	IN	A	37.209.194.9
+b.nic.amex.		172800	IN	AAAA	2001:dcd:2:0:0:0:0:9
+c.nic.amex.		172800	IN	A	37.209.196.9
+c.nic.amex.		172800	IN	AAAA	2001:dcd:3:0:0:0:0:9
+ns1.dns.nic.amex.	172800	IN	A	156.154.144.10
+ns1.dns.nic.amex.	172800	IN	AAAA	2610:a1:1071:0:0:0:0:a
+ns2.dns.nic.amex.	172800	IN	A	156.154.145.10
+ns2.dns.nic.amex.	172800	IN	AAAA	2610:a1:1072:0:0:0:0:a
+ns3.dns.nic.amex.	172800	IN	A	156.154.159.10
+ns3.dns.nic.amex.	172800	IN	AAAA	2610:a1:1073:0:0:0:0:a
+amfam.			172800	IN	NS	ac1.nstld.com.
+amfam.			172800	IN	NS	ac2.nstld.com.
+amfam.			172800	IN	NS	ac3.nstld.com.
+amfam.			172800	IN	NS	ac4.nstld.com.
+amfam.			86400	IN	DS	4101 8 2 D2C0246802AA5B615CFC8B700A5245ADFCA49477B37F870499A44AB272989A7D
+amfam.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . FrB3rShW02IH0ozcWQQSgEpNQ65E9UdAeCu6vSOz2t2hFvJzZL3lyolM39RupYV/FRCsVqeQ/exLB6Fj6z8U4U7gIcRbQuQWpgZVF8l5+8rfKU+bky7zotwDfU+RX+JHpapW8SaYWZW0KOSlUo2CBqTYi7sDVyZk++/120XRaYQViMzoZc6SH4kJcwsZw8wbKKmzao8nUPkNsdUHvXOy44nZFieFXfnR8MOfAB9GLHrqjxJ4LKLVBRR7fzTkExFXRvqYTeohieXdVpMXVrYpe5Uyren/PUwGWPCJDs7GHtHTI2ng7mIFZlookn3P4LEP/w5z+06v1nSCfe5e9OkJgg==
+amfam.			86400	IN	NSEC	amica. NS DS RRSIG NSEC
+amfam.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . DmJbd/tiwBsPqtDf07uL3QnBJPfEpBZAvj0pxIwDRGUxDGAn2RZexcbKIaDwIKjKLrlyNkyd9oP1jISZfD0YqTEcyHs6KKNTtGnm5FVaZZh/hlDrfLgGXLVY4BRu1pXT4wDl8qHmXySXaIV4MBz7Yi2g7MxE6CKyBNiSj0iBGkgez0gSq+MPuakF2lXzlFL3H+gHUx1xdvbZ39we4JI+Kaqx9pXmah34Wyfe+WD8Ug5vUIHU8EaiFnNC5GFKtKd9Ya+9rPqci2/sy2RTEHIlSbaJhUkJS9gZcXaI4Sy+3UrBvhdvtFNzJ9GgQSkPP4EHxztYoCvOYb4OFCxODxJDEQ==
+amica.			172800	IN	NS	a.nic.amica.
+amica.			172800	IN	NS	b.nic.amica.
+amica.			172800	IN	NS	c.nic.amica.
+amica.			172800	IN	NS	ns1.dns.nic.amica.
+amica.			172800	IN	NS	ns2.dns.nic.amica.
+amica.			172800	IN	NS	ns3.dns.nic.amica.
+amica.			86400	IN	DS	14902 8 2 A464DF4FD3A7B27EB3177A1813BC95D25D3F50E5AE5192619A272DCE8587CEA8
+amica.			86400	IN	DS	37714 8 2 D2D98DD38D76B5819CD3079B1772EA5370F5CD0843CD53AF0569985C6D92599F
+amica.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . tlvcKwa7/LglT8P31cGUpFDpSHRQWAXWe/B9jSVkBQ4xR8Tm32w6TbJNdo1WnPYyZG+gdBXf06j2lUljUSGe8yMOd/F3xAj6mgcpVsYjuWZn0202JH3zNVDgxBeL8Gjx9MrTKw63793QBr5NEZvInd/ULS8G/5ZcOlJWMSD5DfGt0v5C3GjSTn4WWZ68+atH2pLFI1DfYZHGna9rGYz9zA0HF8/kQcHUA0O4BA4iGaqt+IBcuDfjSzskB1lzq/EhlF2B5W7Ou8UzfugbtSuFzAPylv/p5YL6yW+8VLLtQ4nm0mk3/PLq3a5Y965CXkAH33wwkC1v+4Kq7sDMPNX6MQ==
+amica.			86400	IN	NSEC	amsterdam. NS DS RRSIG NSEC
+amica.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . d7vvVxzjK1aX5BbncpvMQSrfxNG+Q5GZMPtHa4PGrQxbtz9H8L3SCMQBH0K3E8ki5dAhw4FxnBwkcNQ+H5/A6uluYqyB9Akb5EaEBs7eHAEnA1Ejt0Bcsf/sVTYLqBlUv6Ik3VNl/FMoOz5AcoWfD0JPVijt6jNDwx0hN42mar73Q8vFmXW8KR+Kj8AiogNNXI1XVVy28wvgWpBZ/bY7hZ9xWDEfXaQkUh17JQc5a6yuuZGIzlWDOOO5SMdK5LExwR/eGniC1+0LwI6glgRU1u/R2wK+EghvUdGn5oHOBNM3VP1dVEBD/mtUIPv7ZUeXf9/J5AFAVguvb++6HfmLhg==
+a.nic.amica.		172800	IN	A	37.209.192.9
+a.nic.amica.		172800	IN	AAAA	2001:dcd:1:0:0:0:0:9
+b.nic.amica.		172800	IN	A	37.209.194.9
+b.nic.amica.		172800	IN	AAAA	2001:dcd:2:0:0:0:0:9
+c.nic.amica.		172800	IN	A	37.209.196.9
+c.nic.amica.		172800	IN	AAAA	2001:dcd:3:0:0:0:0:9
+ns1.dns.nic.amica.	172800	IN	A	156.154.144.11
+ns1.dns.nic.amica.	172800	IN	AAAA	2610:a1:1071:0:0:0:0:b
+ns2.dns.nic.amica.	172800	IN	A	156.154.145.11
+ns2.dns.nic.amica.	172800	IN	AAAA	2610:a1:1072:0:0:0:0:b
+ns3.dns.nic.amica.	172800	IN	A	156.154.159.11
+ns3.dns.nic.amica.	172800	IN	AAAA	2610:a1:1073:0:0:0:0:b
+amsterdam.		172800	IN	NS	ns1.dns.amsterdam.
+amsterdam.		172800	IN	NS	ns3.dns.amsterdam.
+amsterdam.		172800	IN	NS	ns4.dns.amsterdam.
+amsterdam.		86400	IN	DS	29930 13 2 66E790789A927FE0510DFFBC2309654D9CC1B4D32FB3797B6EA6F31CAD59D7F3
+amsterdam.		86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . 0cwS1JAB8f8Qg71JxpaKa/8hLvLhBzLS04j4mxcsWrvbB/6CjBEUzUewYSD+CIjjMZz30Ge8AAJLN1YQDe3ozxzlbZipvbL8yAJZNM5boJoXHOh7ptaHJMbitKHCjdcssQEaqF9P9ZKKVV+nl71kMGGbgAF8lMbf+nqVuPlpW0oEyKixL4hUzeheOZevYdBJwH+Veq4SWIr9MDe5RNwW5jU4HMwyo3aXBjjgc9voDZOkGicNmiTRrpKQF9CNygSjqdj9NaV+uDvZ9VHagV6ZxpMWV59E/R2RAPPsKvpgfSNH6Uw2DnBXIWAXZz6uOP5SHxvSEsvtCdskOuQkEO1EDw==
+amsterdam.		86400	IN	NSEC	analytics. NS DS RRSIG NSEC
+amsterdam.		86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . UIeReTjKcGXkQgQ4LEzV3p+wJqGhfphTPR/bkG0GhhWT0RtQ/PhUOefS7Hd2KlM4HddbvCNRO3a7YSAAiepanLqmHTE2Q+fLEn2aLfYiaDfUrXYhrtaQbdG8IIv4wB1nybbypCU02ow7jUVoQMlURmCKf8FSLBMS4Lis4vucVCoWnjawQ0PBc1F/8Z1DzoSdn59y4L9UrsK0F/xyqQWgahK6yeOp0uyHdtNZ0NnxHkqpbQB7J9EavNQJlFbxV7WW2kukZuv93vu8Yioq5oJJ/0Ect+uazrRN9IfDuPssPzyhqs3EVWF4RvZVlh16u1UCYRBcfQByQGYK9LhKwdfELw==
+ns1.dns.amsterdam.	172800	IN	A	194.0.28.4
+ns1.dns.amsterdam.	172800	IN	AAAA	2001:678:2c:0:194:0:28:4
+ns3.dns.amsterdam.	172800	IN	A	194.0.25.26
+ns3.dns.amsterdam.	172800	IN	AAAA	2001:678:20:0:0:0:0:26
+ns4.dns.amsterdam.	172800	IN	A	185.159.199.202
+ns4.dns.amsterdam.	172800	IN	AAAA	2620:10a:80ac:0:0:0:0:202
+analytics.		172800	IN	NS	a.nic.analytics.
+analytics.		172800	IN	NS	b.nic.analytics.
+analytics.		172800	IN	NS	c.nic.analytics.
+analytics.		172800	IN	NS	ns1.dns.nic.analytics.
+analytics.		172800	IN	NS	ns2.dns.nic.analytics.
+analytics.		172800	IN	NS	ns3.dns.nic.analytics.
+analytics.		86400	IN	DS	31084 8 2 C08755F7BE6273AF24944D2FC49C0D1590DDD440AAA7440A08FFC67E2288C5A1
+analytics.		86400	IN	DS	52096 8 2 55DFDF9C576CA2AD13DEEC42A7D0EB36DF9FF56500C5CB33FA0C0879C6F1D8D6
+analytics.		86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . LRgYp7xm7Ng1tSw/26mbFgVWJwYYNAI0uR/KTfm/3uWDJnIv9GEnm7091+JoeMs8MWliHQvguOBSg12HAWYp682GyjtH5YfL9MZfuWR92gp4ZalmNXmMUzIQayip8dLNBSVtN37pZFlBqEiRxhYoCPGR9dW5dUQi/sf+XFSgL7fGFsm405A1cRsVyMAPXwE6nuYSpIMLwKOmmCqvaUWEld63525ymL+9b4ZbwEORBQAT2tSgM+tfp4YPlUV8LX8wWilKu/DCSSUQpV6DvQzzeZhNoaPdpF3vGTDgthHmjsEOc8NPnd7MH5W8aMnXmAlTpHu3tfRWt9Md+GenZi8s9A==
+analytics.		86400	IN	NSEC	android. NS DS RRSIG NSEC
+analytics.		86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . nahTh0gyXLq08vxxL8tBrNYT+ywz7njRTdM4SIOo2ber/k80Nl7Z9qMGjSxZueJ++ZAn92zq/DPatPPh86jfMHRJcqsMaQBQPNXakp37vgFSn08Ye+VIyHIGDhBDEmioSQq8nwDxhmHRoVZJJBx87rw86XXsf3PvOAWtMQ6h+yYYb8jctbclZPQBAZipBHWcQwkeJBQRkaPM2d+pdrx5fII2oFnCeIjjSRzM4o6V9dUDqiWRhTL2xvyoZo9yKXAKnKy+UKnSmAixhfT9kzZsosBjweYkwHYE9FcSq+gxPr2piDrKuwlPNA4Tz6C2Z3GXgMBkc3rhjo99ukduqkjz/g==
+a.nic.analytics.	172800	IN	A	37.209.192.10
+a.nic.analytics.	172800	IN	AAAA	2001:dcd:1:0:0:0:0:10
+b.nic.analytics.	172800	IN	A	37.209.194.10
+b.nic.analytics.	172800	IN	AAAA	2001:dcd:2:0:0:0:0:10
+c.nic.analytics.	172800	IN	A	37.209.196.10
+c.nic.analytics.	172800	IN	AAAA	2001:dcd:3:0:0:0:0:10
+ns1.dns.nic.analytics.	172800	IN	A	156.154.144.12
+ns1.dns.nic.analytics.	172800	IN	AAAA	2610:a1:1071:0:0:0:0:c
+ns2.dns.nic.analytics.	172800	IN	A	156.154.145.12
+ns2.dns.nic.analytics.	172800	IN	AAAA	2610:a1:1072:0:0:0:0:c
+ns3.dns.nic.analytics.	172800	IN	A	156.154.159.12
+ns3.dns.nic.analytics.	172800	IN	AAAA	2610:a1:1073:0:0:0:0:c
+android.		172800	IN	NS	ns-tld1.charlestonroadregistry.com.
+android.		172800	IN	NS	ns-tld2.charlestonroadregistry.com.
+android.		172800	IN	NS	ns-tld3.charlestonroadregistry.com.
+android.		172800	IN	NS	ns-tld4.charlestonroadregistry.com.
+android.		172800	IN	NS	ns-tld5.charlestonroadregistry.com.
+android.		86400	IN	DS	4937 8 2 9D8E83DD4629DDAE1597428C5352EB7B9CECB4854548D960AC8D7112D24C7F08
+android.		86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . ec+wrJrBq23BK9Lgicjs4AP0ChMWgFJIJg7EzlAs4PpADJrSF/bYyIH7soRP0oQW4ToKQOp8HuTllrRV5Twljro7uRS6zmxHqRIhA0IPhTfEFve6WbTpYmX5euF/Bt01dWBq3a17DkG0D/XWUutWlJwOOyl7Qf0wjdjVMaGwqmPb1JrztXVPORbhUe5jZXouNmgwQQsY6yA9e53rMG/OeFSkqLKOqnQaB28KYdlpH5oArHpAnp5kZHj1rPz2p/mSSAiVjNLKlxKQdtD1pQ8BgJhm9rrDl816Wx1gtAut/yLW92BKMFcJvDb8eKq7QLW+hOKSMKl6Y9Qybn/Cn40lEQ==
+android.		86400	IN	NSEC	anquan. NS DS RRSIG NSEC
+android.		86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . z3ZXAfXlnKVO8hRsuqJZoN69C2CA4iY3rf5EbotsdCE4F0WxnD1F6VGa/AtKUaZBU6MKxb+6DNYm3wYWC/EOSaAmyKn5c4L2LV15/k0+kmr8oulnZLydNe6ffeikGMEiqIHNvDHXINDyMvr+DpZI0cN3uda2VFWpsYwbabZSN+yWZTbM9qzapZ0jVr9MtC4QZrzUa4JAc4VTjgiLvw2MOxYTdXCQv4yg8KFU8MNfE+D2qui8mG5tHFmo/ZTavzOYW0mxipNOARM63ZNhzwggJVTlaK7Marm4jVEtFratefxfeqJG1CjgWm/w7xcXW8KjluuZVJmTkAIXcSL3PKJv+A==
+anquan.			172800	IN	NS	ns1.teleinfo.cn.
+anquan.			172800	IN	NS	ns2.teleinfoo.com.
+anquan.			172800	IN	NS	ns3.teleinfo.cn.
+anquan.			172800	IN	NS	ns4.teleinfoo.com.
+anquan.			86400	IN	DS	27565 8 2 F8BCDC5D341EC24CA492B2A1FADE90C2535844CB0F086A6AB77E0059EA2E8CDF
+anquan.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . GQz3bL6aCCUq+u5GUaldfqMn/4gtAxaQehkbNbgKDPfdxHIFtHDiQ/aLaDo+AdsKLofkzPQnSBJz7aA+L4BQTbBZIVxpXcBAzo7b8WDckrPKPppMkaJOd5zC/GkfPbqPYz4Hl29bsHePYQJt8g5j8Q0rplDXnStgZBB/fEnCnOKUNLBp0knYDnKNuNMgwsev0NeXNINJ45B7AxMiPpywpTR/Nn8cTHA49zTVDEJ/AVnohCGNAndXzY80sBjBJG5kCYEj3PsdNMu6MrtgcBAKQONZ8ltj6s1y4HzXAsTV+Z45RP13nzZAkHJjUpCiwAaV4T8G/FgxssVAQNWsm5ZVAg==
+anquan.			86400	IN	NSEC	anz. NS DS RRSIG NSEC
+anquan.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . mUv2dRCinbv5/RovYiHxhLnVJGoH7gmqCXKWIR35yt3SMR4UcHlV0IB9RwpcYeH4Gu1bKMFZmHW9Ls9D8AY0Gu4R1Plj4kloM39aRd9UMRInJhg+QXDvPBaL9O93zsUNqxokQR4OKltZ+XdMSKJgr9u5eYw6FrQ+uu+pbyM8BUcIScz0XHuusPh4gYa6IcklfMxtbJcYBofdbIASXc3XNuRRTHAVxNWKyuEFO0hHiokVxEkQeRKo4MOyZbbT9tyDs3PvoXFg/ltDPi1JzFJPz2mta/BYT/C9Vmr4R6kXxK8+dSAX7WtvJXtb3nodT9CiVlie4QdE7XM2Riv99cz7Zg==
+anz.			172800	IN	NS	a.nic.anz.
+anz.			172800	IN	NS	b.nic.anz.
+anz.			172800	IN	NS	c.nic.anz.
+anz.			172800	IN	NS	x.nic.anz.
+anz.			172800	IN	NS	y.nic.anz.
+anz.			172800	IN	NS	z.nic.anz.
+anz.			86400	IN	DS	25084 8 2 6A107B65405BFE98C0CC040FBD91A29D9FC927FEA447CA0AE4F5538ECF9FCBA5
+anz.			86400	IN	DS	62806 8 2 93266A86BC6D50AD9DA1DDE33B73589F9CD0BE961A058EB386475F63891206C8
+anz.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . m1bGcGh1U+EWgEYzU4ymmfZ7iJDuk90ezUZ7S5NqN7UbDcYSS5yIuQkGVJyPcKDpP20Bt8Rcw1p4eMYLLvUidu32uL3/mU2DHqQ949NPbzm5+jLVqohzDgWqwQtWAI98a1jx/Y95Pq1ZdDPuFobyGooY/92Z5VXDTUR3FmhEQoxIoM0xhOJIe28RIChdRS7UWsil+ZkDoiqlwhVA1CWcrviArQ/7nLRlxG6YsPQOZTNdX6ewX1zxjaMsMOOXuUe9yBcWxNtOitTAeKlcAE5RrzdwgC9xiAaxmwJ7A4vhwqbW6MOF70C7x3ev0H0V4kQbjiFRdk5D/6YuXYVYLq4aqw==
+anz.			86400	IN	NSEC	ao. NS DS RRSIG NSEC
+anz.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . lBsYjriC4HBJpGxaoFIYf7UgwVfNI8hB2iPcPBFYeKhbzrAJ3hxX/AvblR/Vu3/ZVOUDf6YUZHWgsAGLQXsUN0vjK64SRSwdyNugvXP4yY/RIvUznT3xnA19B9pwVHFlcfKFH1/EcikR+a/xAlc1+zUk+MOHmtAXFtG44t7gcXi5KtUILIGtDiwdYZMJD85TJZuRBWPyly6XtM3LTq6/Xjzy4P6ayHoEGPorL6sbXMsGqQCOHFRId39pt3S2LRy9xXdlvzCS8N9eWqyY2miEBnBQzfq76smZz3IXlP5VmgB3Obq4e8HmRo95IccXDqj265+sxDRlccEKilpx1pPRgg==
+a.nic.anz.		172800	IN	A	37.209.192.9
+a.nic.anz.		172800	IN	AAAA	2001:dcd:1:0:0:0:0:9
+b.nic.anz.		172800	IN	A	37.209.194.9
+b.nic.anz.		172800	IN	AAAA	2001:dcd:2:0:0:0:0:9
+c.nic.anz.		172800	IN	A	37.209.196.9
+c.nic.anz.		172800	IN	AAAA	2001:dcd:3:0:0:0:0:9
+x.nic.anz.		172800	IN	A	156.154.172.82
+x.nic.anz.		172800	IN	AAAA	2610:a1:1074:0:0:0:1:82
+y.nic.anz.		172800	IN	A	156.154.173.82
+y.nic.anz.		172800	IN	AAAA	2610:a1:1075:0:0:0:1:82
+z.nic.anz.		172800	IN	A	156.154.174.82
+z.nic.anz.		172800	IN	AAAA	2610:a1:1076:0:0:0:1:82
+ao.			172800	IN	NS	h.dns.pt.
+ao.			172800	IN	NS	ao01.dns.pt.
+ao.			172800	IN	NS	ao03.dns.pt.
+ao.			86400	IN	NSEC	aol. NS RRSIG NSEC
+ao.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . QqPkDnk93nrGf2tu0/zUnciVFSGQw9Txt6Ou/yMag7ovP70u2+G1odMQn4dE7BpR2pp0RdnwfRm5OZowwk2S5Q723mFJv7lL1ZNKW+bESgI8aw68V/nt67lfdhYi21IvE1n/dD+0OL/cg3UGMb5tyzmO/l6KSq4rPCkiOGGW3uapXDoLY0owc5xv6JMR63pjgNd2z7oeTfGPEuK4uEzUc8UVJHfy6VaKCV5BnBj3DeTCZwBqkIeZkJFGWX1ldFvowSpjtDNdQGaOhf0A8pfG5fDfR3qQCrWCTlWYcOfN5iedvDCJdAy6qliQzc2Af50rGef1MU0EH0+Q+6PpSM+jfQ==
+aol.			172800	IN	NS	a0.nic.aol.
+aol.			172800	IN	NS	a2.nic.aol.
+aol.			172800	IN	NS	b0.nic.aol.
+aol.			172800	IN	NS	c0.nic.aol.
+aol.			86400	IN	DS	26461 8 2 05DE3346DF593B9DB78A40EFA9A8EB847347296974924FD837900DB7054C13B3
+aol.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . LRQCrdl5bMQp7wlZL4qngXpMOnKFLhZ2IbNHYLqY/A85LGqFpW91RaMWpxmqMeYsDFIzjCrdz3c/cKKVTTMTTtSmGM55CiS03lRNTa6f/6Tfg956h7ygdCG0juW8s92IfzhKTQ7HzX4o6s16f6Mw4D+G8H8P5acbt6/9zXpI6JdYvOkgclugtGlWc696bo/qF2LEz8Un3TJW7Jg6UBEDauFE72yaAgfOnioriwceiDqWe3a3OwEuEDno87BRL98cWQ78Q/xpUR7+gsVELrfa2TnIPSJj9F/xTguXRf3jMN52Fm1i3G3sV/G8JHwnURQV1J1w24U+7pTpH/JPZzSiHg==
+aol.			86400	IN	NSEC	apartments. NS DS RRSIG NSEC
+aol.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . s0B1rA+aU3HBbFMNSLn51uIVXvMIWAkfDS8PPWIs69NCPSrs9QdeMbmzzXDDAOX8iKYlXiOe0PLVGjn4OIQR5pPKH95ObNLkzR0Q/KsLURaTc9lVks7LH88oiGKld9ncHqGJR7luhjBhrUCrQSXMopt3EWOj2/wzqm6i28a9w3uAD1S8NFfo8NMqc1gshQBleOpcph/3Ihs9CnI7wbPyR9og6BaTTet/DIuEG8KjrqrqFTkcavfVk3nVd5dUEDsdIZsDmUvRWJ3gdeKtB7OJMilKIGvPm5gfTNDvm11Y9UNrpaeqZf78pgIld5dAbSJkW9KpqzGWmf7yUAAEauhN2g==
+a0.nic.aol.		172800	IN	A	65.22.112.42
+a0.nic.aol.		172800	IN	AAAA	2a01:8840:6e:0:0:0:0:42
+a2.nic.aol.		172800	IN	A	65.22.115.42
+a2.nic.aol.		172800	IN	AAAA	2a01:8840:71:0:0:0:0:42
+b0.nic.aol.		172800	IN	A	65.22.113.42
+b0.nic.aol.		172800	IN	AAAA	2a01:8840:6f:0:0:0:0:42
+c0.nic.aol.		172800	IN	A	65.22.114.42
+c0.nic.aol.		172800	IN	AAAA	2a01:8840:70:0:0:0:0:42
+apartments.		172800	IN	NS	v0n0.nic.apartments.
+apartments.		172800	IN	NS	v0n1.nic.apartments.
+apartments.		172800	IN	NS	v0n2.nic.apartments.
+apartments.		172800	IN	NS	v0n3.nic.apartments.
+apartments.		172800	IN	NS	v2n0.nic.apartments.
+apartments.		172800	IN	NS	v2n1.nic.apartments.
+apartments.		86400	IN	DS	36754 8 2 E176954CD1754D3AB3E01A778F531D79DB8A010D674C6F6934F019C0E690F183
+apartments.		86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . MMD7HMUba83Mus62U0Es7U5biwCOlY5FVJWlFvvGoMck3Enjxvc8YvuNK1If2QVW10hODSnG0Xua71ja4XHQg4yHTyxiaMcm3HV7xhJVkZhspY1izs/wIxPJjfspMa8HPzYq7fWCcry7Q/0uN4Hz6rmei/VdA6UHEYHG+JtDm2SW1YPPPGweEr60Ql1Mc0ITctPTMDJhjJ8nX+Qh16Tvnlj2LVauQBNF5jaWXbxTYAfoCF1gB6xpRSm/k4n49p7DD/QqLaTUSrrqf3Tm2ecAHhm4BTiDT+xgmhURtsayJDttegmVw4O4FfaAopO2CwKVgRZFks9LJxgWh3QXLOh61w==
+apartments.		86400	IN	NSEC	app. NS DS RRSIG NSEC
+apartments.		86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . QKBAEjs9ei5npQgY0mXGN7iU1nGikZkXzuNNn2qdb9532iAq6cApKGqBqIXkjC+xZpoQM72PaY/tpaRbotcVxaJCDNTahJl7suRmcf2ynhrSzNaYm2JOSCJkUhN6t/arGGHUHQME8Ck+1oo9xayI9BC4kHPsX6lMKfof4mSlWNBrkW8ilGCDeuCylJZvpmnXn5izhuAzeGtYk+x8gs4sJWBXlnoTvWudAaGZ5n9o8LTK1LTiWxN20MR6+teHGLH19yW0kaZfiLU7DHwJHlKbZ+VcrjEMg7XIPdWAMnhMLAGX4zvqLgd913LGBEsoPbSrUyc/nfAquGtRQaTA6b0BHw==
+v0n0.nic.apartments.	172800	IN	A	65.22.28.56
+v0n0.nic.apartments.	172800	IN	AAAA	2a01:8840:1e:0:0:0:0:56
+v0n1.nic.apartments.	172800	IN	A	65.22.29.56
+v0n1.nic.apartments.	172800	IN	AAAA	2a01:8840:1f:0:0:0:0:56
+v0n2.nic.apartments.	172800	IN	A	65.22.30.56
+v0n2.nic.apartments.	172800	IN	AAAA	2a01:8840:20:0:0:0:0:56
+v0n3.nic.apartments.	172800	IN	A	161.232.14.56
+v0n3.nic.apartments.	172800	IN	AAAA	2a01:8840:f8:0:0:0:0:56
+v2n0.nic.apartments.	172800	IN	A	65.22.31.56
+v2n0.nic.apartments.	172800	IN	AAAA	2a01:8840:21:0:0:0:0:56
+v2n1.nic.apartments.	172800	IN	A	161.232.15.56
+v2n1.nic.apartments.	172800	IN	AAAA	2a01:8840:f9:0:0:0:0:56
+app.			172800	IN	NS	ns-tld1.charlestonroadregistry.com.
+app.			172800	IN	NS	ns-tld2.charlestonroadregistry.com.
+app.			172800	IN	NS	ns-tld3.charlestonroadregistry.com.
+app.			172800	IN	NS	ns-tld4.charlestonroadregistry.com.
+app.			172800	IN	NS	ns-tld5.charlestonroadregistry.com.
+app.			86400	IN	DS	23684 8 2 3A5CC8A31E02C94ABA6461912FABB7E9F5E34957BB6114A55A864D96AEC31836
+app.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . gwi0t1aOYPAK2Z+pPSNArV9QNbVt/Uk+rW9HR8m0hiCKc2VNNIkmpGKSNggwtWNP6XwC7AW1E4u+H5CVubXAzgtCTC8Drjv+sPFHujdl4P1Qxw+kObUm8XCNcLfqSi7zvY7IHHn7AnH1TLcOXRbsqL1NbxXh1/zSGeNlK/cwTtsLIdh/MR4J+hgBj5x6hpzuVGCuoMUBnlm9ScdVnJX9h5wwVhVrD1py1h2CmmCgORxTbLjJb5yIo0+F21YxKnLgx9a8lGRfcrnhL1sp9mGO0zkAat274bD2Ohu/v1n2kEZIeIAdPyEXOjQ1OrKFJ2aAy3j9c1osF8mFSLKWMUTWdQ==
+app.			86400	IN	NSEC	apple. NS DS RRSIG NSEC
+app.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . zjCXrhdFFDZSXjfdTGoh/QK385AnMqcMReI6cvkLjP1tClB0HFmP3GrosnLWOqxM8DxHwVBTZD6LecOhjl1D/bcXwPS+/mF0z/nlgZ9xaHWoGUOtgmxDZ9R6cxQtKJdAIaFHRlY/sW/NYnkqManoOBdcOfCerbXmyp9ZM5y+3WsrJu+E3d3XX1einM8/p6TBogy8ZN9C6OxhTgfXoHp4WodZ00BBSYj89sVVcd808lZf+m/OBFnJK3dhrzM7F3luO1mY7Mu4r6JXGBoSNCadqVXaKD49vMKH57spHyFLdHhXm3/1s4YyIOXyw9bdf3nW+sYALcS2dVWTCCkogOKeKw==
+apple.			172800	IN	NS	a0.nic.apple.
+apple.			172800	IN	NS	a2.nic.apple.
+apple.			172800	IN	NS	b0.nic.apple.
+apple.			172800	IN	NS	c0.nic.apple.
+apple.			86400	IN	DS	50166 7 1 20DE4DA26E31E393746200E709C6F4E91FE65D4F
+apple.			86400	IN	DS	50166 7 2 B8038B6449B548E38FC74CE04D21726C9F052213A55573256C6867AED2E6C091
+apple.			86400	IN	DS	54541 7 1 07ECA60632B3A62AF2BE9E597D7C5B6F1BB1FC21
+apple.			86400	IN	DS	54541 7 2 EB3A275C32EEAB32B6F7F6A9EC1D19E327C68EAF1A55BD5B8DAC634BC416E8C6
+apple.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . BQwoSrISR3hq8usnxMQwO+3Eyw09e9RDzIt5AjHuZkHMolQSNzT8g1k+f+0mxpL2NJbmNe1IvJ4AQXYPRKxRyx4x/KDKejwrrJPa5cYgRJK48LgHHU6BKhJKfjAbC+L9ATZxJPWy6ESK9vafb18bITx1VDdJVAqj7PFKCXXpKTnJBuAkzn6PAnWLfApxDbTm6eDgwKnxtJLhb5xB9qAdC+WmFVlNCPCLrSKVtwFPwac1fO9QiYoHL+YfC+UxriB03k4WbvjCJ79hu4azkecm0OAQcgrmRHZLEToeAZopY4fslw8bjx7orPOQ5FqGDtWB/sojg0YT73pYXbWN/nAXUQ==
+apple.			86400	IN	NSEC	aq. NS DS RRSIG NSEC
+apple.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . MszOinmgMzjTcLiD/+uxp/eFsiv3r2K7vQrSQyFWIAWRscQymRK9v+QUVxiljFgzOzr7bKP+MD/Sb567HBTSNN1XNanfRBOPFZuxa2IBnKzG5D8ne+jZEBggy1iExwcivQ1GejXlv+MWRd2T62aMxrSaW/PYpStpkMZA9dPJmfn1qwFTL8LijD97W6RdfxSf/vKGA5wFzwf82NIvOVgoGEF6gfHJ9ARi64bAX2kzTBjVP5dS1OZiixIL9GW4XHts4cq8I+LeMbaXaikYrgz8mi1Fg8D3B6eOjUcxF8aAqQLqDAa3OfQpEmX7XL1Q4dBRkMZ6nArJd3eFFUF9NhwDpA==
+a0.nic.apple.		172800	IN	A	65.22.60.1
+a0.nic.apple.		172800	IN	AAAA	2a01:8840:3a:0:0:0:0:1
+a2.nic.apple.		172800	IN	A	65.22.63.1
+a2.nic.apple.		172800	IN	AAAA	2a01:8840:3d:0:0:0:0:1
+b0.nic.apple.		172800	IN	A	65.22.61.1
+b0.nic.apple.		172800	IN	AAAA	2a01:8840:3b:0:0:0:0:1
+c0.nic.apple.		172800	IN	A	65.22.62.1
+c0.nic.apple.		172800	IN	AAAA	2a01:8840:3c:0:0:0:0:1
+aq.			172800	IN	NS	ns1.anycast.dns.aq.
+aq.			172800	IN	NS	fork.sth.dnsnode.net.
+aq.			172800	IN	NS	ns99.dns.net.nz.
+aq.			86400	IN	NSEC	aquarelle. NS RRSIG NSEC
+aq.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . WawML+aFdVcQFqeQtMK1z5iiRGHcjXr/sjmUiL3h1OZW6bcwrbEm0hvaVFaU2AfrDSNTIL/x+gYqRq6J5nW4oDFEaLv73xCuBFZRNKF4mUUbPKsrm3Nws5Rmd1gfxl4w76CD3ZbgztSsh45Ayw6WCKms2/YWGivJQ6hN7lZP31m/QBTZN9ikpblT1pIjSw6zHaHze3lrnmBH4YrAWGP6qTg9X29noorjXTRnzodhiTy3S40/iMs+EnKnW/s+j2uPmgpKL6CnBacDV54FE7LLT4pq+7ZmDOYCXICc4zYfBMHk2AoxhZDxKXHG41IctAIi19DDnNaFmjj8w17c+Oai1Q==
+ns1.anycast.dns.aq.	172800	IN	A	204.61.216.132
+ns1.anycast.dns.aq.	172800	IN	AAAA	2001:500:14:6132:ad:0:0:1
+aquarelle.		172800	IN	NS	d.nic.fr.
+aquarelle.		172800	IN	NS	f.ext.nic.fr.
+aquarelle.		172800	IN	NS	g.ext.nic.fr.
+aquarelle.		86400	IN	DS	22061 13 2 65A423EC214071521668ED047D2E74BA781E6495E0252CB8E08A7A633A89297D
+aquarelle.		86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . qTHp26eBmoW+QQAaeSqd/WWFu6VZvDxpQsrIhxNMzTwvPkWbstJ1bIrFFTJj4yY5I+I7Pf8s8waoMqIer2E5TEBYG8c+rgG8ZSwJWHoP6DKUmfmUVItYu/wFdtjpOuQbz37N+cGf1VzaXjpyTH8UH+3KfRnNiN0Zk6Ajk00CUYEz6XGQcwEq7Od3vvJ4I+7Lj70b1giQz9YO7hbfBgKC7HTMYYohdl7NUXF3mkwsuPDOiyzhQUVn9ZI049W5zyWnF45/8bNVI5aqUvU/eB8ZxTvolkDIW1z5F8ijSu1GlVdfkE2YFs62PjatBvwnmMMJxSpyi+BE5joLdfdYJaqU6A==
+aquarelle.		86400	IN	NSEC	ar. NS DS RRSIG NSEC
+aquarelle.		86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . hmdMKJUwzgYcqS1F45GfNZrNTsad5O80XecHJtPzsQsoSK47dNBQhRkjr3PK6Kd2BdFWD71mVr3U7/0/o6QuT042pANvHPShZgjJfz3NeZ/8DM4Dg1Qu75HHQS7yKgSPIoPUM533eNP7YNvXtAvOBsPSvZq9hbHADmhv3aJ0BfdWRJc4Y94yfuMxg4JSbp7sSI+R9Boq8k4R6mBxf9O5VmLZ2HFQg8W/vkl/oc8FY3elzMmxVH6HXBZxP3Fq23Iao+Cc9agjQ0WL2hg23D6laRifMpBrQP8YuApWZ9ro8eVmI+6OwGuakIDCC+IO7a8tyWjDTe2FTg00WzCRaoyc7A==
+ar.			172800	IN	NS	a.dns.ar.
+ar.			172800	IN	NS	b.dns.ar.
+ar.			172800	IN	NS	c.dns.ar.
+ar.			172800	IN	NS	d.dns.ar.
+ar.			172800	IN	NS	e.dns.ar.
+ar.			172800	IN	NS	f.dns.ar.
+ar.			172800	IN	NS	ar.cctld.authdns.ripe.net.
+ar.			86400	IN	DS	19606 8 2 4415CF1A2CF10DE94B92BC020F21D1BF4163B2E90F2A6F6A5D2A1740339D566C
+ar.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . Ln0KNdqj8f2RkWZSFnqu3J65Mwkn9wsL6VbtiBZuIdIPFllwOS5kPbN19IYDwF7p9xtKQmnCDYIv4YJvvpMyBjU8jLldgjnokmX7HFmeA03ubnF6XuGiQGN1plMIIuQ2o2zOgKq8zeO0eVK9SSLAvlgzM4C/KhvnrWfv5wZURy7NjSkJuZ8Y/FHN6UMBE7X1F+hUN71kGibFPebu1XJ6HnoERnvpm5X3suzC9SqR1OmvT7d3wu858pcbGhnhvjGkRHfL+Fg+P+mRvPrtsvN8Eqm54RCpp1HOHKGXiAlkTHXL9FeGEwwInOODGzQEzbwzYWk4oMShroFg/M9NX7YLOA==
+ar.			86400	IN	NSEC	arab. NS DS RRSIG NSEC
+ar.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . BUXgwkJVo7FHdCbM+QBx8fBgdkJnXpwLpDvVUtq+s8iRI0NKw/msXCX1kg+lPXwY9bQX8mEo6WtWCyxjTU/m1IqJCkgy3ZcepvJdgPh9dS+EjTqrhWwtWLuUHGsAAkzy2LptG3JZ5bp3uJQNZSPxBPJQJhlQ6GkCTJcbeG1As9x3ITnw3Vg9M9X0+bxmEAytHSDhf/blhHhx23tdpKsuBZjud5Ja8dlhPKWbjUMvsDmkMeBt9u6bAbEgEPnlQepZUQnqIRm/Ss5NkTA03cYVrbC9WwowHFLTBB9tH3POeoUWTcz58vpXXfkByHOtKsChkOWlZ2cOXzFQJuanwcvJjg==
+a.dns.ar.		172800	IN	A	200.108.145.50
+a.dns.ar.		172800	IN	AAAA	2801:140:0:0:0:0:0:10
+b.dns.ar.		172800	IN	A	200.108.147.50
+b.dns.ar.		172800	IN	AAAA	2801:140:11:0:0:0:0:50
+c.dns.ar.		172800	IN	A	200.108.148.50
+c.dns.ar.		172800	IN	AAAA	2801:140:10:0:0:0:0:10
+d.dns.ar.		172800	IN	A	192.140.126.50
+d.dns.ar.		172800	IN	AAAA	2801:140:dddd:0:0:0:0:50
+e.dns.ar.		172800	IN	A	170.238.66.50
+e.dns.ar.		172800	IN	AAAA	2801:140:eeee:0:0:0:0:50
+f.dns.ar.		172800	IN	A	130.59.31.20
+f.dns.ar.		172800	IN	AAAA	2001:620:0:ff:0:0:0:20
+arab.			172800	IN	NS	gtld.beta.aridns.net.au.
+arab.			172800	IN	NS	gtld.alpha.aridns.net.au.
+arab.			172800	IN	NS	gtld.delta.aridns.net.au.
+arab.			172800	IN	NS	gtld.gamma.aridns.net.au.
+arab.			86400	IN	DS	20671 8 1 A3CC3AD421EC53930B28B255900F9F005C881AE7
+arab.			86400	IN	DS	20671 8 2 164F98C3DDC5C95932ED38AFC1EAC629B8B10484598DD6B3D288C6BD95778730
+arab.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . JbAVm1HrL5Bv7TYc2PNUmAh5BxDxUQ08pqg4x2BrD+/s5EWVukLjnY0fApHYBNbnaOhlUAVgBiVUkoOQE38Aqc+azN7MsdSSvpaOLbuQ31Ad8SJaPCBqyttbROtdqWBIjUug1EvBA0KaRXp5JYbjC9sbOM0HQuK8uDCrGUbzCblTO/hkHGfIIKZiMbaUvGN/8cYIfAtxh7VB2dyQecUoT7uOq1kukRBbcYu4ShLoAuRPZ5Ee1rFdGkimXPKk6MawtECeihiwGkVmzfzvYMrJ3vDL+9D35lP+Aj+SoJoUlh4s98Fd8Pdma7d5Kxqlfg8UZeohWou+HocN5WNIcEHxzw==
+arab.			86400	IN	NSEC	aramco. NS DS RRSIG NSEC
+arab.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . ILd1t6B3DKqXh+8/VBhEMx/WMO7ajR9VFlizbV2eMCz7cMO08F6TCqLSXosKW1550ZFucU3iU+OJRuKcKIHZxHyXAD5OhTlxFvZL11j39ZgEd2MD6TezsAd7Hpaf/MWBJuU7xKb+KkKGUuN7FhNeI8SNKJmOks6uITUQSQJzV3sKSE+ytZVozsRd+hkEJOflb9mFlqTTCRbUC/xViSw2Q/EXQj7VUeFjSgnqQoeF2GYZPYUd5cqE7iyPNpaY88txZ5IyGL+DqE6hknG4GMh/t9yTojGhxWncZHH804GpQRIUI96Q1MIn2yWmjYghhV/EYpLCeQtdGxKPKmD8KteKHQ==
+aramco.			172800	IN	NS	a.nic.aramco.
+aramco.			172800	IN	NS	b.nic.aramco.
+aramco.			172800	IN	NS	c.nic.aramco.
+aramco.			172800	IN	NS	ns4.dns.nic.aramco.
+aramco.			172800	IN	NS	ns5.dns.nic.aramco.
+aramco.			172800	IN	NS	ns6.dns.nic.aramco.
+aramco.			86400	IN	DS	6265 8 2 AEB0CBB0275B05900F98A2F97CB6A47ACCF5D2F559439DDC79AFC695341A9DEE
+aramco.			86400	IN	DS	22207 8 2 2AF8A3FC1AAB39C9117F19956A83F0353FB0C206B33F253331080C91343781B3
+aramco.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . TWz9XZXza4LlJzMByBBAQRTPmUnO/RSbg03YNgDamcjIL7u0kqz+HsCTSO+wm9PShLRqF3Q9bo1fs0pgzgWpelpVDfWOejAQrl+tzxZu1tGCbLCKox9FcMZFcS/XKj9VGvIecQWmhwHCWveeqgdDjc1iiBOfzjRuNyEjC/XOC8utWHE+4q025inMvq4ljPrGCnv3MF3d/eYFFXVMIsJbC1Ps+Pw+TX0Q5u+SmTkOJPB5Tjxudv/ffUrkzCR4rQn6KIPNbdjKVsG3AhST+4+rvTcLhHH/vCnlTMB8k1RxGtJQLcuV4E+SyAjGGmaYoLylQSkJraGUuB6bT2ZazEh2fw==
+aramco.			86400	IN	NSEC	archi. NS DS RRSIG NSEC
+aramco.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . uYXpwrmgXQc/8gzWTSyxw5eyOpIL7f8KtViNVBN6otMpP0V9MeWL1mza2etBh5kkwyYBI/yxKhU1vxqpM5oD3cjmUWMr7rWK6Gd2VgtZRUUOXn8t6lj4OIaKiWItUjNfa4GoM5Q+0xb45cSBKorkcKOXoAzdRRyHM49NKxk7AZ3lGn/xc1KLYyqs7IriHO5zeQyY8VMQu6KAPIIPPbaX3PBfyEWeS6aNVtmNWNGS0QS530p4sNWAtV1iMvFRGpCQYpF4aCCOrTUXfVh3FfVCuYCcHmHxmVb2xSeepaisgDYc5RHrtBoNpsr4IGwxTskhq+AeuONWGR2xHG4R1O68ug==
+a.nic.aramco.		172800	IN	A	37.209.192.9
+a.nic.aramco.		172800	IN	AAAA	2001:dcd:1:0:0:0:0:9
+b.nic.aramco.		172800	IN	A	37.209.194.9
+b.nic.aramco.		172800	IN	AAAA	2001:dcd:2:0:0:0:0:9
+c.nic.aramco.		172800	IN	A	37.209.196.9
+c.nic.aramco.		172800	IN	AAAA	2001:dcd:3:0:0:0:0:9
+ns4.dns.nic.aramco.	172800	IN	A	156.154.156.14
+ns4.dns.nic.aramco.	172800	IN	AAAA	2610:a1:1074:0:0:0:0:e
+ns5.dns.nic.aramco.	172800	IN	A	156.154.157.14
+ns5.dns.nic.aramco.	172800	IN	AAAA	2610:a1:1075:0:0:0:0:e
+ns6.dns.nic.aramco.	172800	IN	A	156.154.158.14
+ns6.dns.nic.aramco.	172800	IN	AAAA	2610:a1:1076:0:0:0:0:e
+archi.			172800	IN	NS	a0.nic.archi.
+archi.			172800	IN	NS	a2.nic.archi.
+archi.			172800	IN	NS	b0.nic.archi.
+archi.			172800	IN	NS	c0.nic.archi.
+archi.			86400	IN	DS	11134 8 2 ED2B030F401540096B716481CD8897E37D9A8CECBDFD98C709F4860C77501680
+archi.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . 0nmlrRp6fc8zVTtAhM0SRDR7cQS6Bxbk90q8AehdzdJxMgGneKU2QDUjl/hI8cLAoy+zQyWJOjlKXRrpvzOZS2nzaaql4JHFoD6Lhhhu33KLdLnez/3rEqxOaHENV6ONDD0aqiT1WDU2ZpGCYCNzVTwPRIgzi4jKU3JYfzjbCTsNd5r5HgvCdt+7nbPT9IHR6bqfrAQk+9ORXn7FVNnTT2yOnfvq8vQ5W1ayr0DiXVTm1yAo9opyn80FEpad8YE3zxsjmB7AnR8XomPXHiQovMmbEr5rXvvXwb0X5mNc4Tl+Ct4W11C8OWAfv77sosEQ98d8rs+25OzYsXjZPvckdA==
+archi.			86400	IN	NSEC	army. NS DS RRSIG NSEC
+archi.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . l3R/a1odgxx6npPNsuV8zkuSkRQP/zKeLvkUHFtrMHjZG/Cq7oAZV1ygYJK5wcNO77ntsrOMMyqVQt1nDW67qmRk3hlPKfHb4xg0ikqZOB+SAy+seCrK8weX4WZNHk5zedtYIpYm8SJDQfbFOnWNPnav+f/FwPITM7T+XiHkxcMiJGly9QXPWiDJAKfBvi1YgvDn41fnNzfJ493X/NDwqsRBYQRe+ab91DVksozkX084KpXEYNRJKO9UA8xMgHt4ktdOiRYOAH42dhMOzNekJmIziShNfc+DPXBUb6sk2+MfPTNkBhuvlFIF5RWA7/qO5Snf+zWHvLEx4NkruQK63A==
+a0.nic.archi.		172800	IN	A	65.22.84.1
+a0.nic.archi.		172800	IN	AAAA	2a01:8840:52:0:0:0:0:1
+a2.nic.archi.		172800	IN	A	65.22.87.1
+a2.nic.archi.		172800	IN	AAAA	2a01:8840:55:0:0:0:0:1
+b0.nic.archi.		172800	IN	A	65.22.85.1
+b0.nic.archi.		172800	IN	AAAA	2a01:8840:53:0:0:0:0:1
+c0.nic.archi.		172800	IN	A	65.22.86.1
+c0.nic.archi.		172800	IN	AAAA	2a01:8840:54:0:0:0:0:1
+army.			172800	IN	NS	v0n0.nic.army.
+army.			172800	IN	NS	v0n1.nic.army.
+army.			172800	IN	NS	v0n2.nic.army.
+army.			172800	IN	NS	v0n3.nic.army.
+army.			172800	IN	NS	v2n0.nic.army.
+army.			172800	IN	NS	v2n1.nic.army.
+army.			86400	IN	DS	5296 8 2 E3738FDAF25D7707191EB37C73924358896E8D046B8D5DDF4D40664ABE87296B
+army.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . PV9MObaRfAn1anrZME1+Hh88WFkA30iHXHYMdz4wYtup56E0mV1zdkvq6+xMGR4HkiDPtDuk1kTtIfXmy0sye153zIFJL8qKi82uVo++JBwyE0PAykgqfjw1kR5q7sofakyZtHE7lGdJuxO/Zck/fGfJiwoKFJqXJ+n4j+s2T21YWlL8mOU3K/L11beXjaRE+jIt7CVNrANRwYqPHI7OhNCOoVuZX6c5K3zsR8D+kl1QoQP598GJMqywYBfC3hj1eYmD26bkMvrdG/EGtKDBoB28BmcWDmYvoSVDqXk6dmZ5APEYzNAYkY/7G6PloVghm5e7JIpk2kQl88WZ7c6lDw==
+army.			86400	IN	NSEC	arpa. NS DS RRSIG NSEC
+army.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . XemcixdaAxZoyq73mmC+BBZDoj0iOPcSFk8D7Ynzn1kn0NqdL0cBTS6KsR3aXZhaJMaxx2bx+teZYYNSKKJ80G0KJB9/ep00FauUcoKcGYnrVvnSiIZlrTiwzc7tDtGhkHXevrT0JFjSzrXcWuV1db5G7iOVRwj+sSiOqOz3n3lQA80VZcfLJHLshdmGMWnVfaZbFbgNweBQMFP9/1A+piM7YUZhYLK/0vTjmku9Z+E41/2ArnARFl5eE7sKlshCAdnTEhfU7uJE0s2d96sXJQ8qSFcBhkNKbDsD1EAjybuyBH+5pdDghksLNjAkGlAC4okx41cRChitHsSaVk4QhQ==
+v0n0.nic.army.		172800	IN	A	65.22.28.59
+v0n0.nic.army.		172800	IN	AAAA	2a01:8840:1e:0:0:0:0:59
+v0n1.nic.army.		172800	IN	A	65.22.29.59
+v0n1.nic.army.		172800	IN	AAAA	2a01:8840:1f:0:0:0:0:59
+v0n2.nic.army.		172800	IN	A	65.22.30.59
+v0n2.nic.army.		172800	IN	AAAA	2a01:8840:20:0:0:0:0:59
+v0n3.nic.army.		172800	IN	A	161.232.14.59
+v0n3.nic.army.		172800	IN	AAAA	2a01:8840:f8:0:0:0:0:59
+v2n0.nic.army.		172800	IN	A	65.22.31.59
+v2n0.nic.army.		172800	IN	AAAA	2a01:8840:21:0:0:0:0:59
+v2n1.nic.army.		172800	IN	A	161.232.15.59
+v2n1.nic.army.		172800	IN	AAAA	2a01:8840:f9:0:0:0:0:59
+arpa.			172800	IN	NS	a.ns.arpa.
+arpa.			172800	IN	NS	b.ns.arpa.
+arpa.			172800	IN	NS	c.ns.arpa.
+arpa.			172800	IN	NS	d.ns.arpa.
+arpa.			172800	IN	NS	e.ns.arpa.
+arpa.			172800	IN	NS	f.ns.arpa.
+arpa.			172800	IN	NS	g.ns.arpa.
+arpa.			172800	IN	NS	h.ns.arpa.
+arpa.			172800	IN	NS	i.ns.arpa.
+arpa.			172800	IN	NS	k.ns.arpa.
+arpa.			172800	IN	NS	l.ns.arpa.
+arpa.			172800	IN	NS	m.ns.arpa.
+arpa.			86400	IN	DS	42581 8 2 F28391C1ED4DC0F151EDD251A3103DCE0B9A5A251ACF6E24073771D71F3C40F9
+arpa.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . D9Fv3PmER8PHZLEvqlSbSO6eKxL/YR1kNZoMeoGBHMUZY87uwxji9YIPISkwxpk9beFJ/xjcXS7F0mpXmwQ8KyBpGeNyvoHhCyyGaR8SGm/YsfObvafVQ2U9glzMiaHr9gnIymajh1uT0TGnuux40bKtTljdgSfmy330TUicK30ZCYJeeGe2JlwKh6KASkgBDvOR/33/UmCVoXorf2vzKiUXgeI74tD91MHhgJVjFFU9K6c6spa05yBaq3BEru4Xki1Ohs3TnhfGRk6l1+hrTM9aK1/W7ZA3AXUGNDaUTtA392B7C27Mm4blyXfUr119UIMhXzgzzUd52NSslEh5ag==
+arpa.			86400	IN	NSEC	art. NS DS RRSIG NSEC
+arpa.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . fT5gYKKkQ96W9raH2reVsSir/Zl0K1K5JPwgp3hjJxJrbO3EVjsd+jCrTzPg4UhdvPL5yfFQ7MICHGElEL18JUdCa5zjU+8aAsQRfuNOInCgbM5kFRrZWXYC8Ef/zviEo4zbpTFoAaVD3chwUTs8sYhmRwg2m+LF0327zJibymTfYQ/1hF6UHz4QNK9P01wWdKKln6azz42qNpnAn9VF03AG9x3rfnChCgAx1gKgYKgTkxmIx/UHVsNK7jRY7BvoXaSLwXGW3kY2wyKpx+qEbLXgKU3QjR3xT/c0bIKtoonpQz9fkfhIfYm+58AVmmiC8tV+WF5qec5VVPFXkHoLJg==
+a.ns.arpa.		172800	IN	A	198.41.0.4
+a.ns.arpa.		172800	IN	AAAA	2001:503:ba3e:0:0:0:2:30
+b.ns.arpa.		172800	IN	A	199.9.14.201
+b.ns.arpa.		172800	IN	AAAA	2001:500:200:0:0:0:0:b
+c.ns.arpa.		172800	IN	A	192.33.4.12
+c.ns.arpa.		172800	IN	AAAA	2001:500:2:0:0:0:0:c
+d.ns.arpa.		172800	IN	A	199.7.91.13
+d.ns.arpa.		172800	IN	AAAA	2001:500:2d:0:0:0:0:d
+e.ns.arpa.		172800	IN	A	192.203.230.10
+e.ns.arpa.		172800	IN	AAAA	2001:500:a8:0:0:0:0:e
+f.ns.arpa.		172800	IN	A	192.5.5.241
+f.ns.arpa.		172800	IN	AAAA	2001:500:2f:0:0:0:0:f
+g.ns.arpa.		172800	IN	A	192.112.36.4
+g.ns.arpa.		172800	IN	AAAA	2001:500:12:0:0:0:0:d0d
+h.ns.arpa.		172800	IN	A	198.97.190.53
+h.ns.arpa.		172800	IN	AAAA	2001:500:1:0:0:0:0:53
+i.ns.arpa.		172800	IN	A	192.36.148.17
+i.ns.arpa.		172800	IN	AAAA	2001:7fe:0:0:0:0:0:53
+k.ns.arpa.		172800	IN	A	193.0.14.129
+k.ns.arpa.		172800	IN	AAAA	2001:7fd:0:0:0:0:0:1
+l.ns.arpa.		172800	IN	A	199.7.83.42
+l.ns.arpa.		172800	IN	AAAA	2001:500:9f:0:0:0:0:42
+m.ns.arpa.		172800	IN	A	202.12.27.33
+m.ns.arpa.		172800	IN	AAAA	2001:dc3:0:0:0:0:0:35
+art.			172800	IN	NS	a.nic.art.
+art.			172800	IN	NS	b.nic.art.
+art.			172800	IN	NS	c.nic.art.
+art.			172800	IN	NS	d.nic.art.
+art.			86400	IN	DS	29485 8 2 BF041A7EC6CA857F5D85151C66F561DEB9C863B98E05670C345C9CF9ED199AEE
+art.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . pnuBnr9QtfIUx5W4UuVRMd1yjVtwaae/nKOYtAyyjGabrR1Q6ZxwzOw/0V91R1WlKHrlBbbd4UCh5HFbb/XZCA79OAIPoEBZ2+JJnN1tWUdIJoYVrN3xrjw9+jTttsC0JkbQMu5ScDZx/3QifzhKBSRfyo5hjn7MjumoECH927qzcqIqFxSTcf56qhAw0AK1OCgpSsnCzhx2l7QBuoj5QfnE2VnjuGqGCLeo8HsQJyP83BEz9574BZQ6/w1sVAe2uywiehDGW0ypSm1HEaTJi9j8mDHPI7ub2EhWDG9ocWyzkuxBJX4kytR9ZeS/pDOynsFzcNUJ/pCLYgpuzm6uIw==
+art.			86400	IN	NSEC	arte. NS DS RRSIG NSEC
+art.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . O09zteskJ491hvafcxMWWFBJ56Z8HMgdSGKGXeZsWI4iHgdMT5hrY65mZgZ1T8tOaDYiA9MsvMW5sDNUgCY3we9/BXDxg8ndXgsQIcCyt8HpAKKu/UAFtOZ+EfJat/UlQ65mUTSOf8m66j8iGY9Zgm3fuWpA1buq51we6HG0h81okQc/smYEK2yMCYDtKF3N6R2dOgx6P4jjYkhqhKdJ3Z5ERNHBm7IXkJ/Fjj8dziXo4Hk4RJAEbdFhJW4GqeHEp6iiRqhnI/XuzRRl+LZmg11ahcIQTqHWHpB1sWVHdkFP5NQIyNPWm4cXPw0MUXZCoTa3pNN0hFZqTO9PBXeZ9w==
+a.nic.art.		172800	IN	A	194.169.218.49
+a.nic.art.		172800	IN	AAAA	2001:67c:13cc:0:0:0:1:49
+b.nic.art.		172800	IN	A	185.24.64.49
+b.nic.art.		172800	IN	AAAA	2a04:2b00:13cc:0:0:0:1:49
+c.nic.art.		172800	IN	A	212.18.248.49
+c.nic.art.		172800	IN	AAAA	2a04:2b00:13ee:0:0:0:0:49
+d.nic.art.		172800	IN	A	212.18.249.49
+d.nic.art.		172800	IN	AAAA	2a04:2b00:13ff:0:0:0:0:49
+arte.			172800	IN	NS	ac1.nstld.com.
+arte.			172800	IN	NS	ac2.nstld.com.
+arte.			172800	IN	NS	ac3.nstld.com.
+arte.			172800	IN	NS	ac4.nstld.com.
+arte.			86400	IN	DS	46728 8 2 D197248E95610371F7624D79D397037EA5E200E6F338BCCEDF5E93BB68448152
+arte.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . jiUQnJcJTSFY+UrgtIuBNwCsNG4Nxx0lsUE3OP3OOWYRRvy7g1fNXJwlCdw6odq1SfiIQZFSjIFMmwNxLwMaYrWZ0krZf+BCt3ZVhBg0u+TVFzvMSzLPdB76eO2F6yNfLWqu6bUGyrBFs26d/0haqaKB5CBYcEVYfX1RE5ttSMx2o4BLum0FIZWTwh0w94MTIYtpEJSHJtq/0ZH/cxcWZz5YcpvpNcA3MSX5jyFmy7CLJvU0K14khUnakWsAW6rhjoK4i3jm028dF9SpgnQhqz34VBFcYh5mRpcH1eUTZXnA+TOsEbw40zmcfc9V3lAwfgSjebUnQbqECGAsuq8jUg==
+arte.			86400	IN	NSEC	as. NS DS RRSIG NSEC
+arte.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . pLbahetmFnRP63MaB2lXjedoqVe3tc54v++WeWf3GlXRvTZdaZHtDlhKsGCOmHzyNwjNGY2BwZMjWsRS4VjhEiCTmmHSHRNjQUd4TRdH3MgWDZQ3RqH/rAthe+4rl8iCNBvCWhmg3eOG6TmOaburaVuptswH/B1H/gPuqUJ5fy4bEX4hIftsLiuIeYJEY4tusdnIfA5Aa57oT4bm7DA1rtC4EyZWJK/1BVor7hiUT3xcgr6QNyHpesTGWwneYGEaGK2JK3fPfoftjLyJ/M+KXVjZdaj/Oy/mygyQklfJ/+comYgwqznLl9Ynw6bYniTL5ejQN2PJ5cQgl3GRzl8kLQ==
+as.			172800	IN	NS	ns1.asnic.biz.
+as.			172800	IN	NS	ns2.asnic.info.
+as.			172800	IN	NS	ns3.asnic.org.
+as.			172800	IN	NS	ns4.asnic.uk.
+as.			172800	IN	NS	ns5.asnic.us.
+as.			172800	IN	NS	pch.nic.as.
+as.			86400	IN	NSEC	asda. NS RRSIG NSEC
+as.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . 0WtnyhpMLhhSY86WIhkML8St11yE8SiN3OsORhUkJwPVy8Im6w6h/ds1LvLiK0oCt8ql1fM1zihuRu9WnRHnFFQiLgF4hWX8qIPMWj3UOlT7QBvTgHdWNQhGh1cbsYztwweRUt5NnJfv0xlYNedaWZFJRjOJmdfEtl+9hYryaF9dmqn+FYrd6qhqmWBOcuthTRuA6PjntKXXtASA0WvuX7FqGd79/V+3ctSznjE/lEhhkUnLLtebMlIt3AOnUtWt0nAYDupdPUd/mUUJmlE2J8v3Z3HQy9JfAVOjlcpNDhprjidveqdK81h1c+fVTH9djAwszRl/xyY+CjBizwjffg==
+pch.nic.as.		172800	IN	A	204.61.216.111
+pch.nic.as.		172800	IN	AAAA	2001:500:14:6111:ad:0:0:1
+asda.			172800	IN	NS	a0.nic.asda.
+asda.			172800	IN	NS	a2.nic.asda.
+asda.			172800	IN	NS	b0.nic.asda.
+asda.			172800	IN	NS	c0.nic.asda.
+asda.			86400	IN	DS	26782 8 2 DEA162D88DB4BF889A745FF70CC6D0E56245350E4AECDDB262CDB1A0663347DF
+asda.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . rTisS/UP65cjpxtuEWnTF2bVGbbWZ8iKYh6MVnB8+zL9UUzdpZlQSAA2bOeZV5SJhdplIROU5I2sKqRk0ZbUAZh2V46oKIMRG/125Lt9p6HNogBl1TMhFZBDR0nV6zZuMDfmp9msOk9g1dRgRWqOZLc/dlZCESpP2HUsOOQ0BrIHnXUaXQvloFNfgyvTj+aZxx6kCyDJxa8fdAKLBKzRp/rLHh2o5zj1L1oA+EGF2O1QH3XuhVsRO1IhT9WkF0XtHgrIDq1at/rSVZc86tZml7Ofm36Hrleg7Oqk/nnwPM1sgc5rxQ61y/3bLtPybwVk4Rl2FI8Rj9R1tgg2oVF8Fg==
+asda.			86400	IN	NSEC	asia. NS DS RRSIG NSEC
+asda.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . m7H4S5wJH922IC7Hf4J0TgoKc74Kem8Ips69azGmEEFeyBrER2KGJrMuiJ9+0E5Rooxi6NhdApW0Uqigb0XtGL7CpNXKzBI+rjoMn7Qs8LbwYLIlTgGOSUOP3Pfiy9dpHEMjdmOUykTF0TgjEUNMktFDtelGOwQpZHe/FVVpHU28WZ/c9q0kvbBcU9PJ2CCFO05WrScW58gdeP6+cY5WUTMsDUX3CV1IlKgS42fgAUDW/38ILkiYwf/hUqgCkp1osLIK4cQIjC4D1W3bjextJa7MqeJXqcI6r6MIpiAQ7V21H/QsrOv2o6wYO0rTfhO1ChUp7xwn0BTiA98DkTabQQ==
+a0.nic.asda.		172800	IN	A	65.22.112.43
+a0.nic.asda.		172800	IN	AAAA	2a01:8840:6e:0:0:0:0:43
+a2.nic.asda.		172800	IN	A	65.22.115.43
+a2.nic.asda.		172800	IN	AAAA	2a01:8840:71:0:0:0:0:43
+b0.nic.asda.		172800	IN	A	65.22.113.43
+b0.nic.asda.		172800	IN	AAAA	2a01:8840:6f:0:0:0:0:43
+c0.nic.asda.		172800	IN	A	65.22.114.43
+c0.nic.asda.		172800	IN	AAAA	2a01:8840:70:0:0:0:0:43
+asia.			172800	IN	NS	a0.asia.afilias-nst.info.
+asia.			172800	IN	NS	a2.asia.afilias-nst.info.
+asia.			172800	IN	NS	b0.asia.afilias-nst.asia.
+asia.			172800	IN	NS	b2.asia.afilias-nst.org.
+asia.			172800	IN	NS	c0.asia.afilias-nst.info.
+asia.			172800	IN	NS	d0.asia.afilias-nst.asia.
+asia.			86400	IN	DS	23407 8 2 0F51A4E5EF96B66C2078F7735B41860C83DA0746DDDA1A1B2B893AB056B3058C
+asia.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . l8tSy6DZtneA4jzuXWWUCL2jhus3vY1k0/iG2OZa1baR7wJuVdLIrJQv/kQ6rYScE2NMskAJnVPhcAvlCU+iBKkaKAsNeLgKLhdBmDJxx9EncC981WxSRTIN290bWBeFi+F61+aruwNGVIKJdlxm69vGHkfSZLjpKHQ3BkHduYL0sCMtZ+5WJvQvuS+PLIoL0UAwX04ovxibv39r+s00L8eS2K0p1XCmtZd/5cHbgxKVB0Cp+3ejGZ9gyvooPcu7t1v9LOzGcFzFxicimKr6w3NwDJ8hWRDKYJtVM+ey7pnqjzvFBL+k1IEwhst2YFxySMwhfK2FS594X5CqnScHjA==
+asia.			86400	IN	NSEC	associates. NS DS RRSIG NSEC
+asia.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . 0TEwQDSmxGKDr4xRpilZEJkx9ymtg3C+xsMRcTAUk9RIzY2KL7rKWeB0ecctiEIXv77STEE6zbQUgdU9v87d6xeBKlxsBIv/a0x+mWoKm94eb3xIQ9+Pf48gLXp4ECbnDdVx5BDHsoQAOMdZujzHyMcDLOQnEJHZidqcrW4vAmQR9EJxZ6NIURTWWLkN53HBfVjdSi83uyjFOINwSWr84OeaXGHI2iE74oa3oCgWLYezbei6M9IivvYkFPRrr1Tp4ioCh68tYN3OpH0BSvmk7KcNxkhXsm2dqO6XcjeeUuWhD6ldIAjWJcB0yxd4I0NX/95O3YNAKOgg6wBFN+wjNA==
+b0.asia.afilias-nst.asia.	172800	IN	A	199.254.28.1
+b0.asia.afilias-nst.asia.	172800	IN	AAAA	2001:500:16:0:0:0:0:1
+d0.asia.afilias-nst.asia.	172800	IN	A	199.254.30.1
+d0.asia.afilias-nst.asia.	172800	IN	AAAA	2001:500:18:0:0:0:0:1
+associates.		172800	IN	NS	v0n0.nic.associates.
+associates.		172800	IN	NS	v0n1.nic.associates.
+associates.		172800	IN	NS	v0n2.nic.associates.
+associates.		172800	IN	NS	v0n3.nic.associates.
+associates.		172800	IN	NS	v2n0.nic.associates.
+associates.		172800	IN	NS	v2n1.nic.associates.
+associates.		86400	IN	DS	51694 8 2 B92F8F575097B95AB00AF8DE35F962205DDD4BC0662B1DD212B5D062D679D338
+associates.		86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . js4tNJ66VNPblF8XHybPW0dMuetJjWd3mTFtClmAW6AMxGVKcl1m05JyhzzTuXMeA7hQSVu12Qg2+3Oa9G1pISDIo/PdgblM3YkeWy6XE8goPP3p1sQoZX2uUuWTvaSBzA4b0/vt9XViqegfTVlbj8YocNu+S6WJ66gqXWbALo5RIfw5iuIZt6e8lr3DtzjZdoAaTlZAhR39/nTmjYISwbLP5Bi8EugfJA3Vc5OOuygKnzemChpYcLKdP1gYgc5oPu2pMNusut47UzVhaP0QAhRxot1EjCpZ5JR+ai0NMwmsx+3Pc98tpgWm0QKGvyWcU+7Jms2p3zKvEgI+/vvOwg==
+associates.		86400	IN	NSEC	at. NS DS RRSIG NSEC
+associates.		86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . n5eB8BbdVfGQEJHPY+JLjWBUR4fKAEQry3AJK0yceIoBgbVVwpuRVLNlf4GIHKWz0MxLYcctSoLqP73SJ6y/HesJUmhy4OnM9Z6hLy8xZRcjzOB2f0V1mfeCkmdTjI6t5On3S/a0uGLisnJnpjhMfPfn2rmrHSRfHA1Lcu+P//ENFNkDQS7YOOUhoW6SThfevYWiMS7jNlmB81V7XkJ2JModJelKmLRKfzGAE+6ADjAal0kEOx7Kh7FI7AKIOVCnW5BCuzeg3jcU4I+DTmOhO08zgjY8rUxUYkgBAMXbkLFvKq9tXFtFF9BQkQEAneAlBBOF3NrG1WGw/HWDdzn+3g==
+v0n0.nic.associates.	172800	IN	A	65.22.28.27
+v0n0.nic.associates.	172800	IN	AAAA	2a01:8840:1e:0:0:0:0:27
+v0n1.nic.associates.	172800	IN	A	65.22.29.27
+v0n1.nic.associates.	172800	IN	AAAA	2a01:8840:1f:0:0:0:0:27
+v0n2.nic.associates.	172800	IN	A	65.22.30.27
+v0n2.nic.associates.	172800	IN	AAAA	2a01:8840:20:0:0:0:0:27
+v0n3.nic.associates.	172800	IN	A	161.232.14.27
+v0n3.nic.associates.	172800	IN	AAAA	2a01:8840:f8:0:0:0:0:27
+v2n0.nic.associates.	172800	IN	A	65.22.31.27
+v2n0.nic.associates.	172800	IN	AAAA	2a01:8840:21:0:0:0:0:27
+v2n1.nic.associates.	172800	IN	A	161.232.15.27
+v2n1.nic.associates.	172800	IN	AAAA	2a01:8840:f9:0:0:0:0:27
+at.			172800	IN	NS	d.ns.at.
+at.			172800	IN	NS	j.ns.at.
+at.			172800	IN	NS	n.ns.at.
+at.			172800	IN	NS	r.ns.at.
+at.			172800	IN	NS	u.ns.at.
+at.			172800	IN	NS	ns1.univie.ac.at.
+at.			172800	IN	NS	ns2.univie.ac.at.
+at.			172800	IN	NS	ns9.univie.ac.at.
+at.			86400	IN	DS	1253 13 2 BA17C1BACB3FB49F7760AD1F7E71E17AB39EE0DF3E9D3BF23FD3D70D6CF1719E
+at.			86400	IN	DS	18942 13 2 AE5F0BD73C8F48F3D55CDC4070F9407873176C364DE4BC92BF96887685E6E55F
+at.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . GbOcVb7zPH6EfRjNEfEs3L2DYocIM1EyKni2ak2xkad9FW+06ICLC6eNwyPg3riwRaIAqfeL2CxM3PmnnYf3Lu/6OvBTngma7dMtoWR2dUjfkjxDye+GwF8af7FmZQHqQJZ/iX7nR5iOfdGRRt56VxEZp6jgok8/OimxBlAHc7sVRuVNAsAMLPN72IPzuoRnbsKL0XsbmPU6OiOSF30scPOlO/cnIBeZ+COXqbp+ELT7/KYWAkMXeSLa0P9UsJ/6f1afThFt3YznQ1luK6be5zhEsSthRUx5bQ/sKezkKGZKguiENO+q6EOE8cW8/H/7SQlQn+mhg6PJvJASvUXp1g==
+at.			86400	IN	NSEC	athleta. NS DS RRSIG NSEC
+at.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . B/ut3h5/Wqpx5p3aEAKuYcWGaR7BMoLGW1Tyy440sNLAkIWfLdCgl5RHOQYQ7WiNxa7UUjM2XusiH0sWY1x0bt2oCu4EO0kFWIgFKEh4cUnCkkmJ6W4xVCJA1TryPjy8/PWr0xLUuWOvjPHEXueqjqzSLku7LEnRDu9p5MC4hyaDO764Xy1q/fM89+R4qXb2R2B83S7l4uZjxWfWBBsmlcpxwsby92SctkSt5MSuRaYnvopAjdy/Hvu5vMvyZEiCj4m6ld2EwlVSM4xooeSRe7hM8r6V3F+7pjn67oSm1+RJtyS4aP3oGxgXyDYIy5za3nhoXZBKbFOG1B7fE+E9gA==
+dns-mk.univie.ac.at.	172800	IN	A	78.104.145.4
+dns-mk.univie.ac.at.	172800	IN	AAAA	2001:628:453:bb:0:0:0:4
+ns1.univie.ac.at.	172800	IN	A	78.104.144.2
+ns1.univie.ac.at.	172800	IN	AAAA	2001:628:2030:4301:0:0:0:2
+ns2.univie.ac.at.	172800	IN	A	192.92.125.2
+ns2.univie.ac.at.	172800	IN	AAAA	2001:678:1c:0:0:0:0:2
+ns5.univie.ac.at.	172800	IN	A	193.171.255.77
+ns5.univie.ac.at.	172800	IN	AAAA	2001:628:453:4305:0:0:0:53
+ns9.univie.ac.at.	172800	IN	A	194.0.10.100
+ns9.univie.ac.at.	172800	IN	AAAA	2001:678:d:0:0:0:0:cafe
+d.ns.at.		172800	IN	A	81.91.161.98
+d.ns.at.		172800	IN	AAAA	2a02:568:20:1:0:0:0:d
+j.ns.at.		172800	IN	A	194.146.106.50
+j.ns.at.		172800	IN	AAAA	2001:67c:1010:12:0:0:0:53
+n.ns.at.		172800	IN	A	81.91.173.130
+n.ns.at.		172800	IN	AAAA	2a02:568:281:0:0:0:0:130
+r.ns.at.		172800	IN	A	194.0.25.10
+r.ns.at.		172800	IN	AAAA	2001:678:20:0:0:0:0:10
+u.ns.at.		172800	IN	A	185.102.12.2
+u.ns.at.		172800	IN	AAAA	2a02:850:ffff:0:0:0:0:2
+athleta.		172800	IN	NS	a.nic.athleta.
+athleta.		172800	IN	NS	b.nic.athleta.
+athleta.		172800	IN	NS	c.nic.athleta.
+athleta.		172800	IN	NS	ns1.dns.nic.athleta.
+athleta.		172800	IN	NS	ns2.dns.nic.athleta.
+athleta.		172800	IN	NS	ns3.dns.nic.athleta.
+athleta.		86400	IN	DS	14776 8 2 CC5CE98FE2C8EBB8DA9B7CEF6EFAE743B1B92A8B60D276C42510FD7C55177632
+athleta.		86400	IN	DS	24775 8 2 27E604906E1205089032C4CF28BC8E12C35D6DD3C1D5FE612EF5FAE0AA5AC6BA
+athleta.		86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . FhaRqA8G7PscyoFXamGsU5UHiv6yHmj9DOkRnG7QysenyGYwCoP4+rLFN8xhznG8xC7yN3BnqDau770bjYZP63mGA64oNpF03L+yf2spIe6WyATjC2a/CBUU5cAewGfDJ9iuXg4Z8G54+COXymUNV3cIbbES+CfzVCvDV4WUYNVRxJzEhc+TEao+wu5hdjsvO/JCNab2waF8G5Q8mAHQuAtakN6BYBdf6EPYdXeRhRi5EHsVcxOyct+h+hq6kkHVgm3Vp1V9NWlX6v7bcM6qIuD7bip89qOGeNRrRHaDePyAkZIvewxV4Unb4CrfTz17kY/hXMGFdnfJ1nweBGpgBw==
+athleta.		86400	IN	NSEC	attorney. NS DS RRSIG NSEC
+athleta.		86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . bl0ZxPfCR7/4VLVGguQcI34jdZWQCF6X+sQGMIbfis5dR67g+DyRkBS8oZsItyXs7Yeq0GA0WUCjNCFKwN0Z3Dtb43cZ2eQpzgXOIwZX22jI6BBnHY5k5Jk+0EXNa6e8On9IAVy4M9WpBBFVh9xOC/Z48FCg7URMvD6ui2JYyVD1LDsu3xbflbE2LdgHLE1xo0tlQqQPZ0gIK1M41o+xunv2FjIwpIGRPg4MFacDDMjuvi+faMXeOwedmbLzm+zkTa6MJ5xDahI+3iNt4Z28MSWrfw3Q4NnSal0p0cBhwIrUhLSVuDEE8vDl7QX6zwI6VugxoZv3Dv1nre4IDGHtvg==
+a.nic.athleta.		172800	IN	A	37.209.192.9
+a.nic.athleta.		172800	IN	AAAA	2001:dcd:1:0:0:0:0:9
+b.nic.athleta.		172800	IN	A	37.209.194.9
+b.nic.athleta.		172800	IN	AAAA	2001:dcd:2:0:0:0:0:9
+c.nic.athleta.		172800	IN	A	37.209.196.9
+c.nic.athleta.		172800	IN	AAAA	2001:dcd:3:0:0:0:0:9
+ns1.dns.nic.athleta.	172800	IN	A	156.154.144.16
+ns1.dns.nic.athleta.	172800	IN	AAAA	2610:a1:1071:0:0:0:0:10
+ns2.dns.nic.athleta.	172800	IN	A	156.154.145.16
+ns2.dns.nic.athleta.	172800	IN	AAAA	2610:a1:1072:0:0:0:0:10
+ns3.dns.nic.athleta.	172800	IN	A	156.154.159.16
+ns3.dns.nic.athleta.	172800	IN	AAAA	2610:a1:1073:0:0:0:0:10
+attorney.		172800	IN	NS	v0n0.nic.attorney.
+attorney.		172800	IN	NS	v0n1.nic.attorney.
+attorney.		172800	IN	NS	v0n2.nic.attorney.
+attorney.		172800	IN	NS	v0n3.nic.attorney.
+attorney.		172800	IN	NS	v2n0.nic.attorney.
+attorney.		172800	IN	NS	v2n1.nic.attorney.
+attorney.		86400	IN	DS	37909 8 2 C4A297804CE08F6EC8BDB6EBDC8C0907DA680A9FEB90555AC0B6BB8F38026CE4
+attorney.		86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . x9VBPtwmqcoBOdJiVo1WsGMwiy35xGJvey/Vh1+qVxBB3OWeuaZ1h8sGVNTXKg+zEIbgULzlgSao6VjbV3bt/o1l3Rx48tlFQEcfD1nFMTuGJLkh/qd9UE+fXMoL3exGIks0gh3mx04izgoJwINCMdmkjqirnvtKejrCL3d5foi9zqp8ey6/XZ9uVVqfZS55PLTPHb/sbUCca1xbbzn7GQvzkf/3FRzSuyHe2Z0Jnf69sfdBIuT4koAiU4IaRKhPN2UbYXWySd0nf07qrDZCE5LFI79HYITaFTvY++2m4tpWNzvejjHdn+BYyeCQAhv2HEAmIfuIIEX8QMban87Dtg==
+attorney.		86400	IN	NSEC	au. NS DS RRSIG NSEC
+attorney.		86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . zu/Y5APWeZrp8WKkEeqEefhPQl62/8pG0aVfvxK5ywkHJqAPi03FvOgmp2/mYu09OMVz8K4eY4rWu8TWGgixlhZgh6pzuDeccyCTyRc76qLn+Srfe1sbsfLJwT4MKOs6zpZnxDHNKyBKNAnnkBHqeNrAweO1BZhAETUNXcqZ9yFCuszfvc8dW+n3/PbIn3pNocQbAywe3N8uFZLrWQ72pSHgIA+79fk0zMz4x2W7hz3pQUlUqV+3aAX5ft2j3Xq0bJue2QMKeiLEWlTXIshVPD0uOHrPfpjw8sSgUI1aZrhpsnl99F5aw60FZyt8X+Zn7JaEMK+Fl40JcvQbEW5DJw==
+v0n0.nic.attorney.	172800	IN	A	65.22.20.20
+v0n0.nic.attorney.	172800	IN	AAAA	2a01:8840:16:0:0:0:0:20
+v0n1.nic.attorney.	172800	IN	A	65.22.21.20
+v0n1.nic.attorney.	172800	IN	AAAA	2a01:8840:17:0:0:0:0:20
+v0n2.nic.attorney.	172800	IN	A	65.22.22.20
+v0n2.nic.attorney.	172800	IN	AAAA	2a01:8840:18:0:0:0:0:20
+v0n3.nic.attorney.	172800	IN	A	161.232.10.20
+v0n3.nic.attorney.	172800	IN	AAAA	2a01:8840:f4:0:0:0:0:20
+v2n0.nic.attorney.	172800	IN	A	65.22.23.20
+v2n0.nic.attorney.	172800	IN	AAAA	2a01:8840:19:0:0:0:0:20
+v2n1.nic.attorney.	172800	IN	A	161.232.11.20
+v2n1.nic.attorney.	172800	IN	AAAA	2a01:8840:f5:0:0:0:0:20
+au.			172800	IN	NS	q.au.
+au.			172800	IN	NS	r.au.
+au.			172800	IN	NS	s.au.
+au.			172800	IN	NS	t.au.
+au.			86400	IN	DS	51895 8 2 6C7D509BD4DF32AF255FF847152B7B00316AC0BA44B853B3C9F9C7119AAA599C
+au.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . UIJ84AbJn0R7Jk1Chx8FSCng0wrJf8mZBXbwNTe75YslxUSD07LVWy9ZUFs2PqLf1GueQGme2r+u9bpIQ8JDoP7cN9qt/NBCPdMhSMaoG7eNsrCFzoOKXD5mvoYjreCUGRoUVjPQgd6lCLgSLpPZ1nrc2INc07PhW5s34l4NhEszHEtyIIW9hnUhGcuOthPZN3AJ4FukE1yQksNxWR0kQcuNiKVdzW/hCvEjSKEROJNRIVUedre0dOxZdp0uaLNG9K+YzP2t7Uvqfartd8/ZB1Fz81SGBS8vpO9SA52A487hi5Qi85I+hxnD6SuPSJ9NlA1AQ4/XDMP6tXdtwYg6nQ==
+au.			86400	IN	NSEC	auction. NS DS RRSIG NSEC
+au.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . RWeiNaOuY3K3//KdqUZcnrZO7qt84I/Y3OY2XVeRtz8bdlTzMVlIZBm6nsojFri2AezTyhGxZ4OzoAbOdwLugLKFr0JveqPNz+UEcRFNMflqasb9v7SE7D5fZhcPwUO9tyuOEd4LAKbZB4hYciGcnN2N1AziV/+rAXZkqbC0SBLDCFASWcABObG7woCOm6nmNzCi+u8iUWso3lBJE7CI0zUfQwBqtwMY6xlB+SKtcYOTeE0h9nmuzTgCb6yqEuWLF27pu/rC2H5MqyhxcRInvLweDo08/I11n/D2l9eYMwaIxfQxA8FLRQHEhdzhRAtrRteIy3eHniP+VlGbsVC+SQ==
+cctld.alpha.aridns.net.au.	172800	IN	A	37.209.192.6
+cctld.alpha.aridns.net.au.	172800	IN	AAAA	2001:dcd:1:0:0:0:0:6
+gtld.alpha.aridns.net.au.	172800	IN	A	37.209.192.10
+gtld.alpha.aridns.net.au.	172800	IN	AAAA	2001:dcd:1:0:0:0:0:10
+cctld.beta.aridns.net.au.	172800	IN	A	37.209.194.6
+cctld.beta.aridns.net.au.	172800	IN	AAAA	2001:dcd:2:0:0:0:0:6
+gtld.beta.aridns.net.au.	172800	IN	A	37.209.194.10
+gtld.beta.aridns.net.au.	172800	IN	AAAA	2001:dcd:2:0:0:0:0:10
+cctld.delta.aridns.net.au.	172800	IN	A	37.209.198.6
+cctld.delta.aridns.net.au.	172800	IN	AAAA	2001:dcd:4:0:0:0:0:6
+gtld.delta.aridns.net.au.	172800	IN	A	37.209.198.10
+gtld.delta.aridns.net.au.	172800	IN	AAAA	2001:dcd:4:0:0:0:0:10
+cctld.gamma.aridns.net.au.	172800	IN	A	37.209.196.6
+cctld.gamma.aridns.net.au.	172800	IN	AAAA	2001:dcd:3:0:0:0:0:6
+gtld.gamma.aridns.net.au.	172800	IN	A	37.209.196.10
+gtld.gamma.aridns.net.au.	172800	IN	AAAA	2001:dcd:3:0:0:0:0:10
+munnari.oz.au.		172800	IN	A	202.29.151.3
+munnari.oz.au.		172800	IN	AAAA	2001:3c8:9007:1:0:0:0:21
+munnari.oz.au.		172800	IN	AAAA	2001:3c8:9009:181:0:0:0:2
+q.au.			172800	IN	A	65.22.196.1
+q.au.			172800	IN	AAAA	2a01:8840:be:0:0:0:0:1
+r.au.			172800	IN	A	65.22.197.1
+r.au.			172800	IN	AAAA	2a01:8840:bf:0:0:0:0:1
+s.au.			172800	IN	A	65.22.198.1
+s.au.			172800	IN	AAAA	2a01:8840:c0:0:0:0:0:1
+t.au.			172800	IN	A	65.22.199.1
+t.au.			172800	IN	AAAA	2a01:8840:c1:0:0:0:0:1
+auction.		172800	IN	NS	v0n0.nic.auction.
+auction.		172800	IN	NS	v0n1.nic.auction.
+auction.		172800	IN	NS	v0n2.nic.auction.
+auction.		172800	IN	NS	v0n3.nic.auction.
+auction.		172800	IN	NS	v2n0.nic.auction.
+auction.		172800	IN	NS	v2n1.nic.auction.
+auction.		86400	IN	DS	28861 8 2 A36871C0FBDE1696E659A812BE9CA47A2B140C26BDBD84C61C6BA3A25175A2FD
+auction.		86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . kz7tULZoOCSWsVE0dMMgbxjRrJsoaUbF+VP+pYYvB+f8PAVAaxZy6bR5QG9QAz4zHj4bL8OPucn/GS7G4GKMSed6ksAjASG8xEVIrPU7yCSZ14XAyhnwrn5Ulg5dMnyiTZBRP9B29ijJwhsG2+sIjw2c9lxwPFz4kz7SyhBr8KLUt16ivSnG9F7TeiBMZO5HKej57aAWYNHnGb2/rxrZTYc14yniS217v7pP8L3VBv2XXlPOICYhEBEI6fytWodzfDu+YytjVhGPtr4+YdZggdkqyuhc62oCxE/baLKTc00gS2cX3xUOhqZsa8nmPrwHL1U8CD5ucqDvFHHU5e+kbw==
+auction.		86400	IN	NSEC	audi. NS DS RRSIG NSEC
+auction.		86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . Hp3iNi6TdCb9yZFut/mp+sXWfA5ZZ7k3ojb9tNT6L8X/Z2wkz48wcgb1xptaQulUk3vG2CIj8Jak0tkxW/ZzWUBw96kRsWXdf2mkPriaYy2Rpq9nsQEq1adxTFSGUrs0UDCEURsYtbSrSSUtkBzfZ89OYEEugrSHxSsy6jIlfyVE4rUJQdLcMs0x0afg5z36J7ZqJ5CNyu6n4x3MOlDMsgbM0X4G5PGb9mFCZf9qNuPdfpxEnjV5MioJCn/V4f2jWJ59LtJnQrGxUHcp1/iQAzmMVjFyy3p8Qjcr6GUECoUQbaNyxHx4Ql+TbuRVtF6UBOdo/Tde5s+058kemq65nw==
+v0n0.nic.auction.	172800	IN	A	65.22.32.55
+v0n0.nic.auction.	172800	IN	AAAA	2a01:8840:22:0:0:0:0:55
+v0n1.nic.auction.	172800	IN	A	65.22.33.55
+v0n1.nic.auction.	172800	IN	AAAA	2a01:8840:23:0:0:0:0:55
+v0n2.nic.auction.	172800	IN	A	65.22.34.55
+v0n2.nic.auction.	172800	IN	AAAA	2a01:8840:24:0:0:0:0:55
+v0n3.nic.auction.	172800	IN	A	161.232.16.55
+v0n3.nic.auction.	172800	IN	AAAA	2a01:8840:fa:0:0:0:0:55
+v2n0.nic.auction.	172800	IN	A	65.22.35.55
+v2n0.nic.auction.	172800	IN	AAAA	2a01:8840:25:0:0:0:0:55
+v2n1.nic.auction.	172800	IN	A	161.232.17.55
+v2n1.nic.auction.	172800	IN	AAAA	2a01:8840:fb:0:0:0:0:55
+audi.			172800	IN	NS	a0.nic.audi.
+audi.			172800	IN	NS	a2.nic.audi.
+audi.			172800	IN	NS	b0.nic.audi.
+audi.			172800	IN	NS	c0.nic.audi.
+audi.			86400	IN	DS	47809 8 2 AA1FA212D47D097669F357C0C70ED8BE45EDCD5BA04D951F4ED9F9A260476FCA
+audi.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . JPluo65RbWWW2ShWedujCpgfYelPa9/waIA+JKQR7aosQUfxMT3vTmpytg0ZhW+6amV7LbNu6oo9/DEy3NAD2f5SQDTmF90wU1gVM1++4OJNrvNHVGCZY48cqgEWMJlJJ9nExvOTkaVbE3CDAPRJDW+NFgJh/9i2thIYpNJ5THYN6wb27yfI3aX5W1PDQPZ3Tie26XlAGcroVsT+d19V4vt8omQ0HnuNPEFX0UHZfVtdlLQJD/X1Uu1O5DQCbhnOryOeRMKwDlEcyQddFhqx3kQUgxgXP+95AFcpw8dzxfNjeiFG5pnkx3fDTDZUKU9wfP6d/QfCqzsB0AkIXh/7/w==
+audi.			86400	IN	NSEC	audible. NS DS RRSIG NSEC
+audi.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . XzVxRvjdj67hDIIsZa63bd3zDcCLn1JoC2gf5Te5ipAVEfR0DW2NiMFiGU3bx3Vs03Tq7O6olQLAwO3x9u2fBZrh9eu2AtokIlbPzjHS+6he7XKZNfTIlWXDen3Ll+N+Duq4PvkYp6dpeYhXbY+ERda5vYDuGLEu+S8d4TveD0bu/U5LEVJZvojSk4npy8Tey2uQnEmVfJLmJfmzLCv2Z62tu0NuSq4zbWAWwm0q0f3UrcqI4NXF5MS8MsvGGDg4tAINxABI3PdDzgWcnwMZuU3EJg4mbvfuZmzBLwl7fE2PJxSLeXftmDmrGDw/4hIWAol0bWb/j412c5EGEB5ojQ==
+a0.nic.audi.		172800	IN	A	65.22.208.17
+a0.nic.audi.		172800	IN	AAAA	2a01:8840:ca:0:0:0:0:17
+a2.nic.audi.		172800	IN	A	65.22.211.17
+a2.nic.audi.		172800	IN	AAAA	2a01:8840:cd:0:0:0:0:17
+b0.nic.audi.		172800	IN	A	65.22.209.17
+b0.nic.audi.		172800	IN	AAAA	2a01:8840:cb:0:0:0:0:17
+c0.nic.audi.		172800	IN	A	65.22.210.17
+c0.nic.audi.		172800	IN	AAAA	2a01:8840:cc:0:0:0:0:17
+audible.		172800	IN	NS	dns1.nic.audible.
+audible.		172800	IN	NS	dns2.nic.audible.
+audible.		172800	IN	NS	dns3.nic.audible.
+audible.		172800	IN	NS	dns4.nic.audible.
+audible.		172800	IN	NS	dnsa.nic.audible.
+audible.		172800	IN	NS	dnsb.nic.audible.
+audible.		172800	IN	NS	dnsc.nic.audible.
+audible.		172800	IN	NS	dnsd.nic.audible.
+audible.		86400	IN	DS	14606 8 2 616BFE32B134D3ADA721660AEB86F2065FF600A1511530F3180F4F2E89588913
+audible.		86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . ymen/TRNOzuldUzRcqFTSzPWKRdHzlqMwur19i1GQG8Tcv5/8OX9eQ+KbbhXrCeCSiZHkU2/spjLOb7PDaXJs3trusgFYpV0GE73ydYAl9lidXMT6NPmlONlMq2SvK9QKgfaSauWuCgOqef5xUHwu99NRc0lsGaariLWM76l1mLqDNj2Q/ld0WVBTtPkmgGXhKLaFe7nP2KaG2b/O9dvECFVooT4sxhJAIz37D0ml9hm+m8SyC+ygMi2eVJkhJVZ//aDtfCmv+vmFgaZaX5fy6DKXMisfWIWOXmZ7pg/un4A6HvmrWoiwQ0zLMxX+5w1sfu2bZl1m+fwFZGkedwotw==
+audible.		86400	IN	NSEC	audio. NS DS RRSIG NSEC
+audible.		86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . dwRr6fqsDF+hTchL480CAQ0emYZpIYUzshOPwgLyE110ISVVkMLVSCD4XZ5sJ4GEKduvGR94mtQD3PM2N/R7LpuJoL/x2TIuZkygVqW0j4OsmB/OJxRzdEsCl6vZKB24Lu7WOBe1TR5EXG3ZSmpyaB5LAOOQQVSBAWazbQyvbVKfI35zx7KpzVT41CFJ7UhwJoyRaCRQMcdxDcG81lqWyVDLWBZTAXr5Q4aocQlqVqDzkw1+6wIo/mHEoOTY5ksvx/ATZNNs4q433rWrysq2kNdfYujtK7oseZSagmv4EjEpwFBTqveabe/fxQfR01CwjN7bjZec3Rdq8LHKmCkavg==
+dns1.nic.audible.	172800	IN	A	213.248.218.56
+dns1.nic.audible.	172800	IN	AAAA	2a01:618:402:0:0:0:0:56
+dns2.nic.audible.	172800	IN	A	103.49.82.56
+dns2.nic.audible.	172800	IN	AAAA	2401:fd80:402:0:0:0:0:56
+dns3.nic.audible.	172800	IN	A	213.248.222.56
+dns3.nic.audible.	172800	IN	AAAA	2a01:618:406:0:0:0:0:56
+dns4.nic.audible.	172800	IN	A	43.230.50.56
+dns4.nic.audible.	172800	IN	AAAA	2401:fd80:406:0:0:0:0:56
+dnsa.nic.audible.	172800	IN	A	156.154.100.3
+dnsa.nic.audible.	172800	IN	AAAA	2001:502:ad09:0:0:0:0:3
+dnsb.nic.audible.	172800	IN	A	156.154.101.3
+dnsb.nic.audible.	172800	IN	AAAA	2001:502:2eda:0:0:0:0:3
+dnsc.nic.audible.	172800	IN	A	156.154.102.3
+dnsc.nic.audible.	172800	IN	AAAA	2610:a1:1009:0:0:0:0:3
+dnsd.nic.audible.	172800	IN	A	156.154.103.3
+dnsd.nic.audible.	172800	IN	AAAA	2610:a1:1010:0:0:0:0:3
+audio.			172800	IN	NS	a.nic.audio.
+audio.			172800	IN	NS	b.nic.audio.
+audio.			172800	IN	NS	c.nic.audio.
+audio.			172800	IN	NS	d.nic.audio.
+audio.			86400	IN	DS	10807 5 1 A8743F3C50BF77807EF5713D614F4CF1C0567F95
+audio.			86400	IN	DS	10807 5 2 859C5604B1A595B5E139D2904314E6E5EEE152ACE825A74ECA32A3E1290F178C
+audio.			86400	IN	DS	20191 5 1 BB72622C591C9F739AF49C13EEDB7F2796CBC8FB
+audio.			86400	IN	DS	20191 5 2 775C07F584233B85606AC3874441C97AD1AF7F144D3E9F0FD779F1E064E49316
+audio.			86400	IN	DS	49027 5 1 F2611084038A67137A2A8EF584402BAD64EE365D
+audio.			86400	IN	DS	49027 5 2 5679B4ABDCC3A065FE7FDDDCF8AD1D7EBE22323D758ABC315AB4D4D8B49CF684
+audio.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . Bcq1koH3Cj+6mjWDs+3Ky/EGTVJ/PgAdfiRkYp8moMVTNcJn0FwcafjgR2WjNpBeB+iQ58HhAhaNgC4Q0nvufwO3vBtCg0O4N6x3qhATl48C3ZvtDkNqCLo6m1h94Nj+5hyY9pP8E4tTMT24G/gbQmrM6O1QDVJPx72S6d9V98Y0W33NZsvb+LshKhgmJzx1Ixfh9/ndC3Of/QouEt8tzRw4gapCcb79sEjO3JhCyOm/FnT8Of82maMcLBG9JF8+h1EZV1zFbHYPGbUBIEtjGn6wqZlHfvDzvZe/0NrnkkNLGsonPxyOU77LLTiwi+VxHRJFnV2rmo7aS63rUr9YxA==
+audio.			86400	IN	NSEC	auspost. NS DS RRSIG NSEC
+audio.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . wUcWt1A0b+M2UcO5akaK5a021hl0CSUIDcCIglFE95mSHpTfsoVRl6zfA+uT3LMVFKfzMGDh7s4/NuQhFnSSebVRBdM9W1aHen2mRhziN/VY5p/2fxD6drOrnuMSMvZENDgwmTlb/KOGTsdfOKnNrt6v7k47Juvintu5gY4gzQhSEGPxRcxDnTTjnf6NyLqiWlGMnm4FhBHQEd613SgRWLNiP4eJi6F9div8EErmJREeBGbs/aLbUG9birZ3ypVc2vqiOweCfTLGrTTsfDsi0N4ZsmgJfY3yAUCmOIAPkfGhsFcWxhaZa/S6T7mPFTg0gaq64BFyUkV+zQK5qdvfXg==
+a.nic.audio.		172800	IN	A	194.169.218.150
+a.nic.audio.		172800	IN	AAAA	2001:67c:13cc:0:0:0:1:150
+b.nic.audio.		172800	IN	A	185.24.64.150
+b.nic.audio.		172800	IN	AAAA	2a04:2b00:13cc:0:0:0:1:150
+c.nic.audio.		172800	IN	A	212.18.248.150
+c.nic.audio.		172800	IN	AAAA	2a04:2b00:13ee:0:0:0:0:150
+d.nic.audio.		172800	IN	A	212.18.249.150
+d.nic.audio.		172800	IN	AAAA	2a04:2b00:13ff:0:0:0:0:150
+auspost.		172800	IN	NS	a.nic.auspost.
+auspost.		172800	IN	NS	b.nic.auspost.
+auspost.		172800	IN	NS	c.nic.auspost.
+auspost.		172800	IN	NS	x.nic.auspost.
+auspost.		172800	IN	NS	y.nic.auspost.
+auspost.		172800	IN	NS	z.nic.auspost.
+auspost.		86400	IN	DS	23341 8 2 CDCE581A5B4B9280A865FC7BD798572016629E0B4C56CAC1A3FCCEFB0D4329A2
+auspost.		86400	IN	DS	50557 8 2 8631F3B3DAA56F69E46A0513AE0BA9943A0992A664A7EBC25C2A4E8792C5DF83
+auspost.		86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . BBTtra94Ff4RVwDzAC92wnlgsZ/Z7bBKfSZTINU7cv6SeiTG/zuIu5cNYDqgYc+bBerbZKxYUlrmSg/gR+YpUtOSbFn37/lZo+QCdsEyc0JBU1KavjmiXcwiiHBKpFh6/1+z9c5voJAM657J9qV8CzBJdQxBEKGVZf3tU0O0XiPb4l6p/m98cwnXItumL3se84NdathfwGWZ6yADVW0IZDn1egtvZ6SNJDYfOxui14dyVCFWyA5rfVfKmvhGLnZns8gLx8/88Gf/f7EBwzeip33z1hfYLc+yzcNHbGDLD7ZmY5JLHKiQ9EOeIDgRaq/MXewoJsqsrnMZGzbfC721dQ==
+auspost.		86400	IN	NSEC	author. NS DS RRSIG NSEC
+auspost.		86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . p65KNPyZ/TR5a+E8yGMjERblSQ9fzj79PzT2sp4GYn7LTggpf96CesZeFsjub4CL7oMJPM3ru+PRGkod5TB0WlZwC5Eaz4kAsfhqEEwK4vn+lhF+owDEoYrqJLJzX+S+tkUqWJjPaSPgEPqRGxgrYPjLbf01f1vu1e9q9+7NhbxiCQyPQOLc/pama2Cys56fAZGytUrZEsTe/Ri+pihNkzEBPCdJ42kQLSjKhe6ggB+CjVoW+DthmjiwqYZQzOQ+vZ/EJ1NLrq3ew2cbQh2gAQNNzD/eVTfd+WC9v9Lyw/JsCo5nDv8oGAmPw4HXcp38+V/WyrKG4bOm0W4jAhiJMQ==
+a.nic.auspost.		172800	IN	A	37.209.192.9
+a.nic.auspost.		172800	IN	AAAA	2001:dcd:1:0:0:0:0:9
+b.nic.auspost.		172800	IN	A	37.209.194.9
+b.nic.auspost.		172800	IN	AAAA	2001:dcd:2:0:0:0:0:9
+c.nic.auspost.		172800	IN	A	37.209.196.9
+c.nic.auspost.		172800	IN	AAAA	2001:dcd:3:0:0:0:0:9
+x.nic.auspost.		172800	IN	A	156.154.172.82
+x.nic.auspost.		172800	IN	AAAA	2610:a1:1074:0:0:0:1:82
+y.nic.auspost.		172800	IN	A	156.154.173.82
+y.nic.auspost.		172800	IN	AAAA	2610:a1:1075:0:0:0:1:82
+z.nic.auspost.		172800	IN	A	156.154.174.82
+z.nic.auspost.		172800	IN	AAAA	2610:a1:1076:0:0:0:1:82
+author.			172800	IN	NS	dns1.nic.author.
+author.			172800	IN	NS	dns2.nic.author.
+author.			172800	IN	NS	dns3.nic.author.
+author.			172800	IN	NS	dns4.nic.author.
+author.			172800	IN	NS	dnsa.nic.author.
+author.			172800	IN	NS	dnsb.nic.author.
+author.			172800	IN	NS	dnsc.nic.author.
+author.			172800	IN	NS	dnsd.nic.author.
+author.			86400	IN	DS	4690 8 2 FC1AAA00C7D9798C3BBEED82B37AAFBA04AE15E97016E9A8B646AC5C37572DA3
+author.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . tTTNQCOYjjG7aQwczwg6GiVuqiZLL3vQNzoP++aRawIs7FfDgFCqw/EkzShD2V37+VerRoewBLXIOpD49SJfERMpXME/yIkWFaRXZ7fUUn8j2jC9jOTeHLxEuqDH4IAzoh4FmOLY0c2Copla1B9j7zKRHRQYHLV7S0jbFGe18EqH88gC5x0RtXgWkvUQo05Arh7kZ6UM5FiJjVHMXkXRem47ZeLsB+bj/v+fHPApXhGwRMSOkGfdWgfZrzwkgzUlyzf1fArdQSqG03Lc6WYPt/smZyU/QK8WH6rglcQoO1q0eiO/SdsyKK82rrv7YZmSmseysDgx2V4vYiAsQKILnQ==
+author.			86400	IN	NSEC	auto. NS DS RRSIG NSEC
+author.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . shPW5SIzdjI+GFJYyH8QhvTJe/nvY+KIbkZlRKHJaWM/IzHxQH+wCauIcOfHeNrQBRmY/cT5+85+u6KT21jYdvq4vq/z8LCRH5fZWTehxbsJVbhQeFnRO7DhExPzLP2YjycXqph4qd/FRJ2mqDO6Yuayqf6GYwHF/RtLYwiyKOPmnjduxcnRwke9uxUCDC3JiViUZGbeG9l/gcLIFlONGIa+rxeLKdF48HCVAjAnJFdoIwBk+FwAnY3EAEaidnbFBhMJISh/76Z4OSKN5pnRzMf58QfMrM0D0sZVpJ2fZpWOb5v6wj3NpPEq1UF6d81V4qSmPdAW52AAo6FOxjw6Vw==
+dns1.nic.author.	172800	IN	A	213.248.218.60
+dns1.nic.author.	172800	IN	AAAA	2a01:618:402:0:0:0:0:60
+dns2.nic.author.	172800	IN	A	103.49.82.60
+dns2.nic.author.	172800	IN	AAAA	2401:fd80:402:0:0:0:0:60
+dns3.nic.author.	172800	IN	A	213.248.222.60
+dns3.nic.author.	172800	IN	AAAA	2a01:618:406:0:0:0:0:60
+dns4.nic.author.	172800	IN	A	43.230.50.60
+dns4.nic.author.	172800	IN	AAAA	2401:fd80:406:0:0:0:0:60
+dnsa.nic.author.	172800	IN	A	156.154.100.3
+dnsa.nic.author.	172800	IN	AAAA	2001:502:ad09:0:0:0:0:3
+dnsb.nic.author.	172800	IN	A	156.154.101.3
+dnsb.nic.author.	172800	IN	AAAA	2001:502:2eda:0:0:0:0:3
+dnsc.nic.author.	172800	IN	A	156.154.102.3
+dnsc.nic.author.	172800	IN	AAAA	2610:a1:1009:0:0:0:0:3
+dnsd.nic.author.	172800	IN	A	156.154.103.3
+dnsd.nic.author.	172800	IN	AAAA	2610:a1:1010:0:0:0:0:3
+auto.			172800	IN	NS	a.nic.auto.
+auto.			172800	IN	NS	b.nic.auto.
+auto.			172800	IN	NS	c.nic.auto.
+auto.			172800	IN	NS	d.nic.auto.
+auto.			86400	IN	DS	41492 5 1 4EF1EDDD59DAEE765CD1ED0205081D46D25BBE7C
+auto.			86400	IN	DS	41492 5 2 01B3B92918B955D84A70F1BC254513D6FD90A33E8ABABC0AAFCF8830AC259C2C
+auto.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . 1At9kcIz5fk83Ugi3OmSmo80xiwdDraBLEmwCgjJ92R5sFWl50jMimWl8sSxQYfHG9cL5W4pWMxZypqrWFaKO2TsWNPq9FN9qPMAhlHwKIwFKylUHp8DAQgj1QdWHr9diDO/6qRE1CEBwur9S6Gw0NrlVsOcWDAN+BbESmIUTHFKT12VR4jnHeAWqds/K1NgYITfaxKa2S1Brp1gt0ReS4yGNAXZqx+g33Mhc1y9rHVOJAowdJctb+W///8S1zuMNVgTwq/R7j2+0W6sDMXfax+rxitVn0SuGyPk18Hr+DmEla9+nMGgxZDOFtdnnaYY8PssiI9dUGG9r1JI3rmO4g==
+auto.			86400	IN	NSEC	autos. NS DS RRSIG NSEC
+auto.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . 0bL1OWNajpjbUnNruv7MtO+4kFj+/8jo96Gbqq8InU5NrSeR7wl4Ezw2k8mEOSDO+FjA3zgf7Qc3XR/WZH+Ju/Kn795jD0nnZ7hkPHgAD5F0Vj8PZXwD5UTIQ8b5oehVrTDQA9ppswPONiwQgb8Aes+38HWc2L9bX0sxD6w8ySWj7DZbXi0u9PpMWlmuR55dlmHo2ed8sNQUBYIrTXJfVwg8vgiGYA0imAskuXYE4VgTjV9NFgsPxBmUxfHhSU9S5IsKqQu8S1FGCRf/MaaJOY0zz5oc1I9eHDDC/xXqXtvhG9CZyo/QqW3ymynTjPS0eH0aWZ8+gJ5jOmE2uxteHQ==
+a.nic.auto.		172800	IN	A	194.169.218.131
+a.nic.auto.		172800	IN	AAAA	2001:67c:13cc:0:0:0:1:131
+b.nic.auto.		172800	IN	A	185.24.64.131
+b.nic.auto.		172800	IN	AAAA	2a04:2b00:13cc:0:0:0:1:131
+c.nic.auto.		172800	IN	A	212.18.248.131
+c.nic.auto.		172800	IN	AAAA	2a04:2b00:13ee:0:0:0:0:131
+d.nic.auto.		172800	IN	A	212.18.249.131
+d.nic.auto.		172800	IN	AAAA	2a04:2b00:13ff:0:0:0:0:131
+autos.			172800	IN	NS	a.nic.autos.
+autos.			172800	IN	NS	b.nic.autos.
+autos.			172800	IN	NS	c.nic.autos.
+autos.			172800	IN	NS	d.nic.autos.
+autos.			86400	IN	DS	12979 8 2 B803B9558F22EFB130A7B8A43E1CB855B94DE8DC5558A1BC350DBA0560E27BCD
+autos.			86400	IN	DS	61492 8 2 34F530B8473FA65A88C5F81552EFAD281321445F6DC77ED685E06071BB56F0DD
+autos.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . CnUESaacq/p0LBoCBlKVm7yDGAUHJ6Z4k4W1+PJmbdvo0BAHS4qcVU3hd6WKsGkALsdiGm8jT71twNVOX7QzmEz7nUzgTlHuxSYO3VaJFlu/a0DEroziybdMujF4bW3g96w4T4zxWtYRcWu+dUa4EyujxrNWIr3ClzW+LndLZQH/sGbe5ig/SMKF9KGJ6MgP1tuBnO8/mi0SaqGUfdIOIaPjBFeujvvFV6tadzXWqsnSB0zg5vcGoy355IEFdR1QMYg3m6+U/zFEFH2d9W0BiPghQBK26aCJjkwc1rpAUu0ha15ya2b7/7uL716oe1ed6RUff/uZRlfaYhYCCfAl+Q==
+autos.			86400	IN	NSEC	avianca. NS DS RRSIG NSEC
+autos.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . F+h4AH6576XFxjFHimMId2xmzjyX8RO7bEYPCPQ5RD5rEL7cu+FeLQH4hKhSIAPTiFjbiH9wSNAcCKQrMQ06YyQCJWMB9Mabr6vyGJDQqKoTbMp4Vyl0ZHfegFYC0BLA3Sd9xoimGUtLE0ret90ElmOGsqw7sfk9iA6GRmbp08vqk9rgyM6iD4kLfhphK0LXZVC3KefY21ILgV1bHfodm9uXicSTrntYWcvbM3Qk0acsyzBRTCvglw4zq//EUJT/EEWlhIntvb+nYhhQKHC/lup4idY92wAj9OqUMuxFv1evajTLU96OLiy144joZhJ6ZePLpuUvtG4ISPRxwut7Pg==
+a.nic.autos.		172800	IN	A	194.169.218.136
+a.nic.autos.		172800	IN	AAAA	2001:67c:13cc:0:0:0:1:136
+b.nic.autos.		172800	IN	A	185.24.64.136
+b.nic.autos.		172800	IN	AAAA	2a04:2b00:13cc:0:0:0:1:136
+c.nic.autos.		172800	IN	A	212.18.248.136
+c.nic.autos.		172800	IN	AAAA	2a04:2b00:13ee:0:0:0:0:136
+d.nic.autos.		172800	IN	A	212.18.249.136
+d.nic.autos.		172800	IN	AAAA	2a04:2b00:13ff:0:0:0:0:136
+avianca.		172800	IN	NS	a0.nic.avianca.
+avianca.		172800	IN	NS	a2.nic.avianca.
+avianca.		172800	IN	NS	b0.nic.avianca.
+avianca.		172800	IN	NS	c0.nic.avianca.
+avianca.		86400	IN	DS	16027 8 2 A87EC8292B65CD932F5B29C32773DABFFF897E71B9921FA4F000F826542F65CC
+avianca.		86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . byeY4h74DUnVBFmWAII6RSqG8xd0zjL/1GoWMPMZi1TebSdJGei5f6Nh52zus90gYWXjPY6+GSqI3+OeNoHU0+s63qEV4kaQJmiOjJ2JzgUj7mMd5OhCwJ922gVxYOCvJYK1I+7yGqvwDgdvk4YiFQ1zp5dzWxXcLmIh3dxLPNAQ/T5xGEPFxchfl0mPGWlvQLB9xyxcKdI2wJPVIetAa+olSoUSOLP+J7xZnPy0FBiuqOyzf9dm6HkMn+G8+K2/jgViCDouyX+2+8P1dPuY09lVLt9J03inS9mrtW/MG7fsNhKEKChob5RsViBHzXYKEoThPdV42jS0xzV77Ec2mA==
+avianca.		86400	IN	NSEC	aw. NS DS RRSIG NSEC
+avianca.		86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . Wofis7xoIzzb39ezTra2UoYkZY3tT4zAIX9CK6zYn9tg8n5EebIwOgcTZPAcznuiZymcw2RLl/9O6vClYOoRA412PZbCoPjtasejlbY81HOmmQ2xqKwustfd+//RtGu1XjvEc2Raj5yol2zmTka6dWv2+phzRGfGX5tm+9EiVHjVQVSkT5C9pnoqlqhZthTjWtyaEzGHaoTKjX4nnd0aRd7RdlFq2/uxRQRpxmeNAuu633eWeC64etviNpc7vZuJUuWrpr+nFzhnWlK7wexgCI8L79T9qroPtD6ky5RXGsvEvFUjpcKcExlu4rL39Y9wIVKHDxUVHYfCWGY5e1LEZg==
+a0.nic.avianca.		172800	IN	A	65.22.80.17
+a0.nic.avianca.		172800	IN	AAAA	2a01:8840:4e:0:0:0:0:17
+a2.nic.avianca.		172800	IN	A	65.22.83.17
+a2.nic.avianca.		172800	IN	AAAA	2a01:8840:51:0:0:0:0:17
+b0.nic.avianca.		172800	IN	A	65.22.81.17
+b0.nic.avianca.		172800	IN	AAAA	2a01:8840:4f:0:0:0:0:17
+c0.nic.avianca.		172800	IN	A	65.22.82.17
+c0.nic.avianca.		172800	IN	AAAA	2a01:8840:50:0:0:0:0:17
+aw.			172800	IN	NS	ns1.dns.aw.
+aw.			172800	IN	NS	ns3.dns.aw.
+aw.			172800	IN	NS	ns4.dns.aw.
+aw.			172800	IN	NS	aw01.setarnet.aw.
+aw.			172800	IN	NS	aw02.setarnet.aw.
+aw.			86400	IN	DS	47978 13 2 8704B1C84A372EC2938559C5FD677384CD8C2DE72C1DA0F56C0162101013BC17
+aw.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . D3tw4I5XV445mT9aDKb7ALAQN8pR7veypPKr94v5HXQ68L0Rs2IE7ilovNVxHpYDZwExgUyarmDj1g3ISCrVGcCJe/yX5NSVpgZphvWarfjuTweR7WAPUH0xBnoZDPziyZLr13EcseBP2j684az/jtQZX9jBcrrDlCR3UEYxQHRCZI7MKkj6UnWR2qJ2NE0nTzc7RLTIbEVVYjciOgTByomlk8gGp/xw2ENjNYE+a+f++v2OOPkpuGtyx0Th1NE3JmusrtnnbhLAm+5/QX8I7k2mmT8LFsjBLnMZhm59XPogIw9nYK8ctVhBOYWUXPDZfu/uswPbl/TVTczhSi84dg==
+aw.			86400	IN	NSEC	aws. NS DS RRSIG NSEC
+aw.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . GFRAq1RdySPg5N9m3+VwziNMxaX87mNceJxbLdqnB5aWVxGuwEGDIgTdlsskDlFtcminE1kKFKuGq95HT6MEgF7NWfJhjmVUr+3IwQ89N4QMoE2iopWJvKa/MjSfm/l1M7giGsfz1BUw03XoW7wJQc7d8wFCcrNUh4BqIf5IjOu5tKQwy6VkfmECtfW4XQ25Hi1+D24FYsDY123RkJu1xf7vwiM0jvQBpRJOoHwdT7vamEWeFzRBEGAS2ieqvv3GKJyaHifFReYpXmrF3COdO0DpnnP6sMuaWckQBH7dThdbThzPRg/XVvdvP6wwlJTsp0odfB5NDuexwaHu6nznAg==
+ns1.dns.aw.		172800	IN	A	194.0.28.2
+ns1.dns.aw.		172800	IN	AAAA	2001:678:2c:0:194:0:28:2
+ns3.dns.aw.		172800	IN	A	194.0.25.25
+ns3.dns.aw.		172800	IN	AAAA	2001:678:20:0:0:0:0:25
+ns4.dns.aw.		172800	IN	A	185.159.199.201
+ns4.dns.aw.		172800	IN	AAAA	2620:10a:80ac:0:0:0:0:201
+aw01.setarnet.aw.	172800	IN	A	201.229.0.26
+aw02.setarnet.aw.	172800	IN	A	201.229.0.27
+aws.			172800	IN	NS	dns1.nic.aws.
+aws.			172800	IN	NS	dns2.nic.aws.
+aws.			172800	IN	NS	dns3.nic.aws.
+aws.			172800	IN	NS	dns4.nic.aws.
+aws.			172800	IN	NS	dnsa.nic.aws.
+aws.			172800	IN	NS	dnsb.nic.aws.
+aws.			172800	IN	NS	dnsc.nic.aws.
+aws.			172800	IN	NS	dnsd.nic.aws.
+aws.			86400	IN	DS	54182 8 2 76F2C3FBB9F23FF5F59A4CD63B8D5D5174B3F2E0F034B7323C1543312F37301D
+aws.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . G0Yynn+ZpZsKkBRvbVXsnH8+3iKFkmI1huF+YYC/YCame+GH7edYLeJletyj5tWDEvpSQUPifP1BiO/wuFA2RnDNBgfP1nLwEW4bDVqzNgDmcLwFBbRQ7tRdl9oTdc+ujZZWF+uGzu3xOPPJFvCewhX6lERZLB3gheqG1sNSErrEO/PtikgU+pX1oAF2bI5qW+KeUXawXbvp3HZ6IdiFwvPWH7nmURP9cSxpN06/Q2Vm8Xr4otG3ARIMkMUoK+Uex++4M96KhPeg6zbW+bBSthEU+O6gONKMWmg5jryPR0dLNujv4+E3O9pUzS0H83GOtAF3Zem+G3noqIy8dLgP/g==
+aws.			86400	IN	NSEC	ax. NS DS RRSIG NSEC
+aws.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . qc/FAlNbvOQiD1/t/GOyqmhihDlpexyUQ7Kdm69BJKOucOlqVy5jUAQtLIZ9XZD/vvjlsrFndCE6sATj3ANCjLB+YRScY9KcJInbNnm6L2bzPCP8Dh52nuBHv09O9FgjxYj1B9uTAm1S9hv6r316rTgzgDsVN5s3UkSCrf5dFxvEwG2PrjmmBXPsINsOGSK5RkO98xOkgRi5Mf0lhay8ihkJig4MaqBUlvQMsUHiKyxhtfDNvNwYi9uSNmw+4qneeVPc2HPI0NjJVYWo5WVO54WRbwhYHoH36bxYhmyOlsJ0kBkUmMLb3nBG96JpJI7zDZbBwBGs53kisxiIsqctXA==
+dns1.nic.aws.		172800	IN	A	213.248.218.53
+dns1.nic.aws.		172800	IN	AAAA	2a01:618:402:0:0:0:0:53
+dns2.nic.aws.		172800	IN	A	103.49.82.53
+dns2.nic.aws.		172800	IN	AAAA	2401:fd80:402:0:0:0:0:53
+dns3.nic.aws.		172800	IN	A	213.248.222.53
+dns3.nic.aws.		172800	IN	AAAA	2a01:618:406:0:0:0:0:53
+dns4.nic.aws.		172800	IN	A	43.230.50.53
+dns4.nic.aws.		172800	IN	AAAA	2401:fd80:406:0:0:0:0:53
+dnsa.nic.aws.		172800	IN	A	156.154.100.3
+dnsa.nic.aws.		172800	IN	AAAA	2001:502:ad09:0:0:0:0:3
+dnsb.nic.aws.		172800	IN	A	156.154.101.3
+dnsb.nic.aws.		172800	IN	AAAA	2001:502:2eda:0:0:0:0:3
+dnsc.nic.aws.		172800	IN	A	156.154.102.3
+dnsc.nic.aws.		172800	IN	AAAA	2610:a1:1009:0:0:0:0:3
+dnsd.nic.aws.		172800	IN	A	156.154.103.3
+dnsd.nic.aws.		172800	IN	AAAA	2610:a1:1010:0:0:0:0:3
+ax.			172800	IN	NS	ns1.aland.net.
+ax.			172800	IN	NS	ns2.aland.net.
+ax.			172800	IN	NS	ns3.alcom.fi.
+ax.			172800	IN	NS	ns4.alcom.fi.
+ax.			86400	IN	DS	54055 8 2 4299C76D8767752C8A10579C4465CBC1C61AD2E1A0D68B42DF75645322F06202
+ax.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . AiHJwBmlkmyTLJGV92xKYz4kbZ0KOvor7buNK1PKh9McpoVLEwpaDvL8Tm8s6VwbTGaKCKoB3FEyepbh0pEUI03UjHVMJn55P4LW+vcsaNM2fkPlwvcBdxsaUer/ZNY2McJAjq9PrcMq5/YK1jNycbXi4j9qWObBZpiVSxEWuo0puErh/R/6Y7qqf6rL8yHBX/95xaZCjIE2MSQUWLNclRgsTznQxEOJZZdx5qyo9fwPknfc60pkXfLAnEoc/c2ZKjz71pIEuIlKI06s1CWB1lJFAYX6VHXrjTUupZvVKKAUXYBoJkGiVHnp7Ko9bczM93knwXJd/8ryx4xDpIB9Nw==
+ax.			86400	IN	NSEC	axa. NS DS RRSIG NSEC
+ax.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . IC0btbjpHfRmDu9o0xy5UYpahO/+Q5MUxdtOHC5RGlK6IcTt75sAFEmfv8qSYiRIl3zcchBH3MJTjHxlvbEOJYvFKVKJiETNsxYnmnAAtiL8UsPe8YKI5XKVQtnSWxe3mNc0ubZbUcbZ9w59kstrUidzwtqOkcxot3DhQgvfe47eVHF3oyRkewsO8yIhLt0JAmFQi7YYfZQ/PZdvzE787cmuumSO802ipcO8IucecRN2DHMjPaNI5XZUBNI4rm/DQkCU3bBTifQVpdpwEuSHDqze1GUBbxn2M506N4+Lyqu8Ml41qnNn2+6XagV99K2Rycps+E7Ok94asGP451qHhg==
+axa.			172800	IN	NS	a.nic.axa.
+axa.			172800	IN	NS	b.nic.axa.
+axa.			172800	IN	NS	c.nic.axa.
+axa.			172800	IN	NS	ns1.dns.nic.axa.
+axa.			172800	IN	NS	ns2.dns.nic.axa.
+axa.			172800	IN	NS	ns3.dns.nic.axa.
+axa.			86400	IN	DS	5080 8 2 4D57320629FFDD40E328D66E6B2C7EBCA3945CE8D09A78E6E336DDDB6EAD6711
+axa.			86400	IN	DS	62554 8 2 E0444F158023DD294CB64EBCE2B642BD7D26EDDF0D5A1592B12C9D6411C1C448
+axa.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . 1mREtLmaHIghX208EhY29yl76DtsWYPDiAEgD2Wkba9/dyJZwlG8qTSm6aSCIl/YVWIApAJETz8StS56hvxgD7RiulzDSHD27txZrd32GjjC1tvFeJFOzxhXm5LGCk5voUAxE2gfW/K4jF2tJgZIou/gN9fttLtkRkB5ByfUEAVigrgWx1V0iuzQR8qtsnTE/zdVLD+9QjBbOt1krRRcrG82SZj9etvwBZJIwBPc8ZzXCqNYeBAdfZb4XvrL3k4k6y4eZv3liXQuNsNMHR2H5h83sekwqH3BUdsyo9yQMNyP0tyXBnnlLp1lt6bGWqCqmV0l1PI8u5MQhOJCyiUtXw==
+axa.			86400	IN	NSEC	az. NS DS RRSIG NSEC
+axa.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . JmMuGhRnYAo2TteEP4P+1ksOce8PVWm+a85/zFX12CcCxSScVHs6Ci55V1oK0VW7ASIrh4FQhHVdj0rHt83nupPPB6mQ25+PL0J+zpl7Koh7V7VGJnxXPAoSa22/ipW25iSaTWsDyvbFWd6g9B2NC4dFBvBH7o9TVYYHwuwFUtEdC3oHLBTfQWI5Z5EHmP6L5xKm9AI0EvTHUuJI/bj5aOl+dr1yf/19nIqKBpZQISQntFwkawfYLbH61qU/y3BRtYD1QIvan+7wIE09TenGbJ/XlFaEJDGxX5/SEBQPnh9Y2teNzqkuYxoEQLa9Yn6xiG2J+xY7TPOpbYNYXWXiMg==
+a.nic.axa.		172800	IN	A	37.209.192.9
+a.nic.axa.		172800	IN	AAAA	2001:dcd:1:0:0:0:0:9
+b.nic.axa.		172800	IN	A	37.209.194.9
+b.nic.axa.		172800	IN	AAAA	2001:dcd:2:0:0:0:0:9
+c.nic.axa.		172800	IN	A	37.209.196.9
+c.nic.axa.		172800	IN	AAAA	2001:dcd:3:0:0:0:0:9
+ns1.dns.nic.axa.	172800	IN	A	156.154.144.20
+ns1.dns.nic.axa.	172800	IN	AAAA	2610:a1:1071:0:0:0:0:14
+ns2.dns.nic.axa.	172800	IN	A	156.154.145.20
+ns2.dns.nic.axa.	172800	IN	AAAA	2610:a1:1072:0:0:0:0:14
+ns3.dns.nic.axa.	172800	IN	A	156.154.159.20
+ns3.dns.nic.axa.	172800	IN	AAAA	2610:a1:1073:0:0:0:0:14
+az.			172800	IN	NS	az.hostmaster.ua.
+az.			172800	IN	NS	ns3.intrans.az.
+az.			172800	IN	NS	rip.psg.com.
+az.			86400	IN	DS	48544 8 2 4CB64B087166BD2A837EFCEDC5D210F3FFBEDB7E6535998B27A1E43B948967CC
+az.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . vv3ibpTD52stjov2dzrwD8iOOcfLx7v6yPhBADtaGzk2ddJoDW/lO/rtZUHMh94r3eKYnybJoVDBpwotnYwTBpUxVp4D+AaF/3VqsFxgEKgVf+JbvIgRpLftP7htZPmznM+b1hr1PR/guV/mCigZybQ5F5dWWPwXkuIcQ4k62bD4vBPpoNNrRcpXiGejodXuSFg+fSHRV8k9CJkJgzcxNB71p2L8AeKm5S5VB/F17ZzjfwdSawIYlfkpSqef05dq2riT0IzaEfqy3XZO1EJNMB5Fi+szd7KmMW4O+3rusCi0OWUpZVzyIQ8Mm9tb46pVPXYOMi6eKtYT0t698m3xnw==
+az.			86400	IN	NSEC	azure. NS DS RRSIG NSEC
+az.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . rchi3tcoTt1iOAm/BEoSkKAKzzaGGJrXPYkEZ0f6z9kJglrALBM2cO//CvioDd4OSCznR16heMro0TJ7iypIbyOcRk8umaaFCeLNXnzlOTm+jrdp64cY7YYHs4e3HA6T7CnmsfWSRcVturRk9dnUF6ngQTrGi64b4tGyham6+wPj61eILHsa9w6X+eJ5RfzXxgQzjTLfooVgaVgL/3eJfW96YNvw4+sSiCUoZM2b1+4+zJez14MRB2lUICBj9keBPej5GqMl/xLjev4+RQxUdUC9wrVxvzxswbNxMYNem1komAbF4Scjna/K6uKQ9qolru9pe4pQLNjS6dRySVR/sg==
+ns3.intrans.az.		172800	IN	A	148.251.2.246
+azure.			172800	IN	NS	dns1.nominetdns.uk.
+azure.			172800	IN	NS	dns2.nominetdns.uk.
+azure.			172800	IN	NS	dns3.nominetdns.uk.
+azure.			172800	IN	NS	dns4.nominetdns.uk.
+azure.			172800	IN	NS	dnsa.nominetdns.uk.
+azure.			172800	IN	NS	dnsb.nominetdns.uk.
+azure.			172800	IN	NS	dnsc.nominetdns.uk.
+azure.			172800	IN	NS	dnsd.nominetdns.uk.
+azure.			86400	IN	DS	25698 8 2 2C2D532D450F86FBC9238816088ED98AE6C8A5F665706DD634BA4E63A8D8837F
+azure.			86400	IN	DS	40166 8 2 9F412D488BC68DE48010ED08D94CC6830CD604296F3BDF244AC9D7DFA74AE458
+azure.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . qB4jmDr/xX5FBohoRgOqKFvMdfLpU2SoL+HUxEneoCuXrJeJEms62Z9TVClUXPQfg+0qbFubGkSVEz/pYukoAEcb8W4Mo27UnJmejoPvG9qiWQwZcbprNEWajzgeWuQysZpwtL8c4IFS1yXfFXKQdus6UuFXoCLbfHw0mUSM9zHXJidzUP7XCdfUE7l0ilVcBHpDsymcxhjpVo4XTjiHz+YzvCoyCi/gfXl2Eqjm5xCsMvIHt28hs1IzTqZsQRUTybAzbyeXU6BFano4KKRvy2mr4pcbapkE6w0+QDZCCjPYaRnBimy+FyAiFeZ1XOch8KxJfCz2iB0x0ozl3PJU1Q==
+azure.			86400	IN	NSEC	ba. NS DS RRSIG NSEC
+azure.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . qD2oCmDsSvhD2HBvappaf5TRTvpLZnReIbFEYJoEBhqubQ3Q4mzlz2gdu1Mlr78dyVq67H/Lb4PyTYobIosAsfmf2uPRedlYTHgmHkoqjsa7w0kXc43aOE0nLuPLVxQgz3W1ZQtCE4kI79BuLgC05FvjyL8z9Wa5c0lmSefFY0tm813xLvhHDE1PhYXHCUsm70z4apb9juAGqA7OwI/mHhsO8QDWN9W+QnxOGoVdDrRJwl/rocI1hTvMpp9zyb4UbvG6TOhpdN9UNmIyNVv+Yc+Bkq85fNKN0WNIGst/KagZ5IlgKjVyMkQflYaWh0uTgcvAvFil0+zDwFbhq239nA==
+ba.			172800	IN	NS	ns.ba.
+ba.			172800	IN	NS	una.utic.net.ba.
+ba.			172800	IN	NS	sava.utic.net.ba.
+ba.			86400	IN	NSEC	baby. NS RRSIG NSEC
+ba.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . PGtjui1IiqcqmfXDHWQ5r3GTBo/+J3gFkw2WJZdJAvS51wfnxSxWi7bE5m8FuCO8acLMZvmxkbNQKhRUyfH9hYuhdZW8ZZ8xwWkgjCJ9NxIsUdjdeCOrunnkwWtEzqh6NMYKxnYP76qe5EnQv6z8oC7z0OgnetsFuiDvpLx0viJgxgZ6bt7mUa2iZHsYtSwU3QNP/1mXbgZa325EOIGfb1Apln4ah+YXTTk+AuDc2XAz6U2ek9MD0rLURM5EsPA0CHlNOSb2JkaQjhAZ3AEl33gfB/mdITsYgvgIAS+POiwQD7obUH4V3VybaAAyDOVvVWyIPfxKc35IykmqKHhAdA==
+sava.utic.net.ba.	172800	IN	A	195.130.35.3
+una.utic.net.ba.	172800	IN	A	204.61.216.117
+una.utic.net.ba.	172800	IN	AAAA	2001:500:14:6117:ad:0:0:1
+ns.ba.			172800	IN	A	195.130.35.5
+baby.			172800	IN	NS	a.nic.baby.
+baby.			172800	IN	NS	b.nic.baby.
+baby.			172800	IN	NS	c.nic.baby.
+baby.			172800	IN	NS	d.nic.baby.
+baby.			86400	IN	DS	11182 8 2 6B39CCC9BA6C73C818D68522547E5D56DB46E13607DC0E83047D6E111067DCB2
+baby.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . lmByUDMhq89dO2QVHL/0BiBccGdkfe3ioMzewx7fy8M+/QfhhHsqrePZkuWcZApIKUwWIIIcPl4dgnri5etakKqt2e38jitGViAen0maAnHqOF3LP3Lsy8XWLU3+bBzPGo1ZMIubIb3M+VP9Tur+4zeWm6NE6aeknVP89xr0ZBM4YuXSZ4Ojmm29bqDMHuaSXwK68QaXMC8iVLfFmyqyuYr4L1+kb1pnR9p2LyPX4Lo9KvkDwyqYAssZsea0B5p3ve7TLw5Y8W6Fr6bnKORBe3bXwMDXRUaKdN/5n0B4DXFABCfM6IF51dCc+gt1KbsKItqQAEbODljWUEsRwN24IQ==
+baby.			86400	IN	NSEC	baidu. NS DS RRSIG NSEC
+baby.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . zQbpQM2OXF1Zf1cs8ujfawHA6+sZ3r3g6ssYm3gGT6i2rDho/YYnfVKHx+gtEmm4r1G8tlqlWBewbQS/tlDay79A5xBjzefguE6+wySl8Ivrpln10Yr76PgKyGc7dOpt+t5j+nZb3baYpqn9uTas2tAR+n4RUhfuUndhw+FZMqW2q0O14FFN9Q9NQBe14d8BoTpRrmX7WsQ1Y5s0bABaiQ9IpB3OdaXPpBBDY6j577Td3I7jATKXz2NbIyiOnyKZDX0OfYoUsqM4osFEztd3nRTdFLucTIwwHNW6aVTTLctZ1VYF3Tds3PNElyKxqFqKPG5STFuh/sjf4PQP30Dx0w==
+a.nic.baby.		172800	IN	A	194.169.218.101
+a.nic.baby.		172800	IN	AAAA	2001:67c:13cc:0:0:0:1:101
+b.nic.baby.		172800	IN	A	185.24.64.101
+b.nic.baby.		172800	IN	AAAA	2a04:2b00:13cc:0:0:0:1:101
+c.nic.baby.		172800	IN	A	212.18.248.101
+c.nic.baby.		172800	IN	AAAA	2a04:2b00:13ee:0:0:0:0:101
+d.nic.baby.		172800	IN	A	212.18.249.101
+d.nic.baby.		172800	IN	AAAA	2a04:2b00:13ff:0:0:0:0:101
+baidu.			172800	IN	NS	a.zdnscloud.com.
+baidu.			172800	IN	NS	b.zdnscloud.com.
+baidu.			172800	IN	NS	c.zdnscloud.com.
+baidu.			172800	IN	NS	d.zdnscloud.com.
+baidu.			172800	IN	NS	f.zdnscloud.com.
+baidu.			172800	IN	NS	g.zdnscloud.com.
+baidu.			172800	IN	NS	i.zdnscloud.com.
+baidu.			172800	IN	NS	j.zdnscloud.com.
+baidu.			86400	IN	DS	63817 8 2 13605EBD9736B66B1EB3B2DB5865CA66B5EFD2BE720087FE4441039F3AA4CF3D
+baidu.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . XOYpO4qqYqrXx8jxmKT2c8Zza0xkcgVTzvIqeVbbN7/TUwiOJWGwOs9J8WGYrHucq0JCnws6ocv4xgR+wqgXCMVTJE0GGHPXhtNbRFOqLSGB3Ta+b4xseknl9V1+/2Go9rXmyNx3ywgPPhtPG+hbW/82xow2Mrw4iDdXYeLqqq4QkDoYLV537eJKHhCSLdy4wlsh4flKa8Xm93PIQEjQR5qMRjn3WShFmtiKLNCFctXT/fzN5NZOmzSOiQ04sEA5Rk4s+teOP/16vwuqDAdYs8y9MeR2LruuwK1aB1mU7UUO+lVCmeSeb5HyS84rRYT+Xpi4IiYlPct1EW/nMyqF+Q==
+baidu.			86400	IN	NSEC	banamex. NS DS RRSIG NSEC
+baidu.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . IejtYq+dn6x3eBkZb/g/fE9h+gIss+jz8vRyFFwHSkaOOmR7Yrh9oNxfekkGNV1dpaN3MFCuyxBKN/4VwfMlkPW84ig3DgrxStX9KJdo+axCHWjpYTsRA+m/B3+o3vMY1ezFNHVGv530+C2E8xxKPr/+wB564tuv+dc871nnWcQXb0LXxSx8CvC1gSk+IPtEJvG0eeBIUGqAS7zWwyL4Bxon/PGTD1buz2azaGqPOQeCpVW9AVmSoNwR3PtbMbXGXLUojY8vfn23IhO+6QZrkrWtH3grtbtT8Q54G2BNb+A7O+0IfXQTDZ4IpABawIvfkNYzDeIo9EUpb1GFqxl9bw==
+banamex.		172800	IN	NS	a.nic.banamex.
+banamex.		172800	IN	NS	b.nic.banamex.
+banamex.		172800	IN	NS	c.nic.banamex.
+banamex.		172800	IN	NS	ns1.dns.nic.banamex.
+banamex.		172800	IN	NS	ns2.dns.nic.banamex.
+banamex.		172800	IN	NS	ns3.dns.nic.banamex.
+banamex.		86400	IN	DS	38095 8 2 EB04C740FB681AB87A2376CFB9E5CE3A865F930DA98246836670D0BB29478229
+banamex.		86400	IN	DS	48619 8 2 0EC0CEA382D19EA64E24C4C8B5DCD64217A362F580401DDF31B3EF3D78E35A9B
+banamex.		86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . BNEbkStGeI98EFgPiZUWbR9OOPMl4A8IclVDaQswVNQYEn4vnw5iQl9oZnxbvkRk849pPCUUBA2f7USuj+i357WLEC/TqS/zt7V+RknhPBW3cezQ31uvBnMAjbaFX8hyJeWbz/GOsr19ltX22vGFS3uu+c0xLyRnsEURURtpKeOd/HuQxmBY09+Fq+7XVehJhaprhKH/QaWDzAqY7CEnmM4knaF3rpchzToNVlwmQUEMVpK4ZCC7sgPX2i4R8TmA/O7QSY5g1ECUZ2pzqHUFzSQMnb4PQGLUv8hk7JHpwPA3Z/r+ZzwqpbjhG0DlQfYZBoFH1JCeuOGBaKoTfj2JyQ==
+banamex.		86400	IN	NSEC	bananarepublic. NS DS RRSIG NSEC
+banamex.		86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . eJXjSH94dCJFS3JlqkG1aDGg2wOgXPsQCQ7IjM/ajY79TO/J4SlvV4AUdVqv8Ia6n48y7UChua11q9xI3ogrwqRcZY7lij7DqRG30k4JUhI0vfZrTCHhY+wtoLsokphWlq2RrDT9B+GY2ZjRQdpjTXmU68o5aiM5BEHGx84wNZlhsKq0QlpiinsBgtMXLnM+K7gxOM0ago2HVOdoo0gsEu/I46RMaiJSoqCyORNGMJ9NJcrLlROG3YbTpc86z30Kdn7QA3UqI1TezxA8S6srIdLau5MO7cZoVzi5T2c6e009gTTpizmGw9cRuHzZmcEDWYv7O40f3EuYBfZ/oaekhw==
+a.nic.banamex.		172800	IN	A	37.209.192.9
+a.nic.banamex.		172800	IN	AAAA	2001:dcd:1:0:0:0:0:9
+b.nic.banamex.		172800	IN	A	37.209.194.9
+b.nic.banamex.		172800	IN	AAAA	2001:dcd:2:0:0:0:0:9
+c.nic.banamex.		172800	IN	A	37.209.196.9
+c.nic.banamex.		172800	IN	AAAA	2001:dcd:3:0:0:0:0:9
+ns1.dns.nic.banamex.	172800	IN	A	156.154.144.21
+ns1.dns.nic.banamex.	172800	IN	AAAA	2610:a1:1071:0:0:0:0:15
+ns2.dns.nic.banamex.	172800	IN	A	156.154.145.21
+ns2.dns.nic.banamex.	172800	IN	AAAA	2610:a1:1072:0:0:0:0:15
+ns3.dns.nic.banamex.	172800	IN	A	156.154.159.21
+ns3.dns.nic.banamex.	172800	IN	AAAA	2610:a1:1073:0:0:0:0:15
+bananarepublic.		172800	IN	NS	a.nic.bananarepublic.
+bananarepublic.		172800	IN	NS	b.nic.bananarepublic.
+bananarepublic.		172800	IN	NS	c.nic.bananarepublic.
+bananarepublic.		172800	IN	NS	ns1.dns.nic.bananarepublic.
+bananarepublic.		172800	IN	NS	ns2.dns.nic.bananarepublic.
+bananarepublic.		172800	IN	NS	ns3.dns.nic.bananarepublic.
+bananarepublic.		86400	IN	DS	36871 8 2 4A4B1A43D4525BE366F7CC568365D7D619DACE7F6895E3C31390A079A7A03589
+bananarepublic.		86400	IN	DS	42796 8 2 28BB727EE05F747A4EB0FC5E0D807542FA005A2A571C039FD34BE55F3378BB5B
+bananarepublic.		86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . sk7DedArM7TTkjFsVHD5x4wRWcZazNJ6EySP5wtiADQCtMF+CAVG+yYZI/v5ALLB3OlVK589CdbomP06ZXGWFkjffzvRXc6vJmH1K4SZgPj/0vbLmiA5dmx1WvRHtcVYa3/ayJqT9eTr4FEp9jK6erXav5rz1+Z0uSkAg8Rv9aSHffKmkVPIB/y/oEq8S9xh/SCH5i8/M4I0CVTR+Ru2cgwuRiT25iQ3VUWw0nNb9mHN/fJuvguzeYKL0JnWIn/On6ytvfH+FutI800aM3ZrU/gDsIF36mJjIk8idLeuPIc4Kekb6SUf2Ew4LyDYm0YtluA+ykpG3MlqnNiulBHMTQ==
+bananarepublic.		86400	IN	NSEC	band. NS DS RRSIG NSEC
+bananarepublic.		86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . HbvQbgqEJHvxq0Nf8s3JSAuet3CmeOQnOiEJyEf/Ij8y3jFUBXOwYLEkSLB7t72GUCTYt+kN969jKeIX06h8JU1iFbPBT1yeBT/mdf8RZxnsKpG9CaZljma2Xp2wRlc8FKlRE9ptXIQhkq5iTJglpuUvdFki5VjCjmhVhVHsmIEB0txO486Bq/tj8XJz9X8HqlHYCL7mnqpwmThHpGMDOSDFSuEfvWiIvpLJ5/lVutQ2wG616z12hjYxUzr9NIFXiMsonICpYXG9Q3vZtYENtVUYhuulwdEfpZ05ITEph8HeiBhMYy6G5RSbnSMud5gXq+tZiAJUUZqZDkF3lprFOg==
+a.nic.bananarepublic.	172800	IN	A	37.209.192.9
+a.nic.bananarepublic.	172800	IN	AAAA	2001:dcd:1:0:0:0:0:9
+b.nic.bananarepublic.	172800	IN	A	37.209.194.9
+b.nic.bananarepublic.	172800	IN	AAAA	2001:dcd:2:0:0:0:0:9
+c.nic.bananarepublic.	172800	IN	A	37.209.196.9
+c.nic.bananarepublic.	172800	IN	AAAA	2001:dcd:3:0:0:0:0:9
+ns1.dns.nic.bananarepublic.	172800	IN	A	156.154.144.22
+ns1.dns.nic.bananarepublic.	172800	IN	AAAA	2610:a1:1071:0:0:0:0:16
+ns2.dns.nic.bananarepublic.	172800	IN	A	156.154.145.22
+ns2.dns.nic.bananarepublic.	172800	IN	AAAA	2610:a1:1072:0:0:0:0:16
+ns3.dns.nic.bananarepublic.	172800	IN	A	156.154.159.22
+ns3.dns.nic.bananarepublic.	172800	IN	AAAA	2610:a1:1073:0:0:0:0:16
+band.			172800	IN	NS	v0n0.nic.band.
+band.			172800	IN	NS	v0n1.nic.band.
+band.			172800	IN	NS	v0n2.nic.band.
+band.			172800	IN	NS	v0n3.nic.band.
+band.			172800	IN	NS	v2n0.nic.band.
+band.			172800	IN	NS	v2n1.nic.band.
+band.			86400	IN	DS	5455 8 2 69EF1EDB0708B50D7F22CCB045FA49699B12E5E7F86DCCC3DD84BAEC7390AC35
+band.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . 0v4b6UpAy/m1h6YAMVx1qh84Hna3fXiZ992bo6V8vTNKYRyaI3IZiMKHUe8yQugjoWxh0fPAs7qLF6idF2WJVGPF1y4DqxCURiiLmXR+ekKB3cP1YibSH2GRs4sS0lwcDympw9O7kvKq3yudofUjBsMhdMtIGbTfqO5ZGqPL3NH6CTYvUvKa9y8V8Aum4oWW9VcvplEKLp4HqcWwhPpD5gVjnYrGTfKnJPLiR0rwRSM6PJ5RgVoQqx48M/YQxCNnHw2iR9TNWFDySpyNn5ctsKX2tD3NLksAQuLci41y0xrQlcimkZ1xOknEvdknqSrVth8aUFiTobXQOJV7kZwMAw==
+band.			86400	IN	NSEC	bank. NS DS RRSIG NSEC
+band.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . Jv7d22ghqManMimJY8fBb2CLytSTm3O0rDSkBeSpLsxWZPi1QdN0L/YjC+hcJb2Q0rAbfvJMyT0d8pNVZvPJvmdzbGFfQGRCMmjYlYgrwrliis2AFz/UNNmY7W9PSLc30+wSa3HJork6itl1+xZy9olDVjzHOJ9zDa5btAndyoZ1YQUQO2H33x5jGpu6wsdJMslVyhUUo33eS8qgVxyu8g1hgbSfIZt3/bs629+m4IiG3UIBDa0TeT1/nfYXEDNDSgz9P+x6s/jZzlqSF6V3QSm4DjrsXizQMcFLhvVgEzEfme6XCqFiIwFITjbfwNg60s0jZUd2j8ZgliyPhegNkA==
+v0n0.nic.band.		172800	IN	A	65.22.28.45
+v0n0.nic.band.		172800	IN	AAAA	2a01:8840:1e:0:0:0:0:45
+v0n1.nic.band.		172800	IN	A	65.22.29.45
+v0n1.nic.band.		172800	IN	AAAA	2a01:8840:1f:0:0:0:0:45
+v0n2.nic.band.		172800	IN	A	65.22.30.45
+v0n2.nic.band.		172800	IN	AAAA	2a01:8840:20:0:0:0:0:45
+v0n3.nic.band.		172800	IN	A	161.232.14.45
+v0n3.nic.band.		172800	IN	AAAA	2a01:8840:f8:0:0:0:0:45
+v2n0.nic.band.		172800	IN	A	65.22.31.45
+v2n0.nic.band.		172800	IN	AAAA	2a01:8840:21:0:0:0:0:45
+v2n1.nic.band.		172800	IN	A	161.232.15.45
+v2n1.nic.band.		172800	IN	AAAA	2a01:8840:f9:0:0:0:0:45
+bank.			172800	IN	NS	d.nic.bank.
+bank.			172800	IN	NS	e.nic.bank.
+bank.			172800	IN	NS	f.nic.bank.
+bank.			172800	IN	NS	w.nic.bank.
+bank.			172800	IN	NS	x.nic.bank.
+bank.			172800	IN	NS	y.nic.bank.
+bank.			86400	IN	DS	15994 8 2 659D10863A42E4957AD8F9AD97A56F8DE227AA74FC9E3AA4C0E8AFAC0458071A
+bank.			86400	IN	DS	21997 8 2 07EDD24219EE1FA88D97695EA28C3722A29B566813CBFDCC4DBF498892B8FF0C
+bank.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . t5woRILpUQikl/FUGL7Bm8dtry458/ykvi5BUojmDehoRhHD3OpmL1X6cVlU7cJhPHxgtGi+e8NQE1+v5QcClNVrPA1BWj+jBWgIjBETvGuYevl2e68RTmk7uiEgORApisCHCD/sECDnrud+aU28M/YC+muWqbGjRn/WA5aWWGrscqD7VPn808sqEEO2sPoj5LRMFdA5Zu9ODP55nMmkYSYcxEbJ1ZUgtiPM3jUjPvbMjqoSZLet8oS7qL+SzDnQ7MG9MW2lSt5ruTAF2/uiiGc8dCwKHrBoUhcFv1XrF0Tm7M0j5QtP2Ke+yIp93PUQkuaTX7xBBpSCfbFnwW8q4w==
+bank.			86400	IN	NSEC	bar. NS DS RRSIG NSEC
+bank.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . YJc4owECxWhBwLUu581yISG27VWzf6/BDYyo3h1P1i3yfY1kZ8WwUeGxAF7AwAMdOUR68hRsPRow8xLQIHaeIZG6fQCJEbfQ4PVSz8BHa7jKWG8fC+w/4k6gw1Egq/iYM5N9HhxAg5Q1IxTSjatO002WgKI3IC1l/BaDcBtkdqis1y1qb9HGl+ZjIlfpRDbGdwuitHICAqqdtO8XVIEJEuFpNFX+tarmjDaye7stFj2SvQIpB/CSFwnp+hlOtPD0jgyMiaFOcUoGbkOz3dRHpSHJ33Y/dA8vl/RBwX7QJ9y9RilPH6N91dD4dW5whM23x42G2p4NYpmwBsATgUHJAQ==
+d.nic.bank.		172800	IN	A	156.154.103.27
+d.nic.bank.		172800	IN	AAAA	2610:a1:1010:0:0:0:0:27
+e.nic.bank.		172800	IN	A	156.154.104.27
+e.nic.bank.		172800	IN	AAAA	2610:a1:1011:0:0:0:0:27
+f.nic.bank.		172800	IN	A	156.154.105.27
+f.nic.bank.		172800	IN	AAAA	2610:a1:1012:0:0:0:0:27
+w.nic.bank.		172800	IN	A	37.209.192.10
+w.nic.bank.		172800	IN	AAAA	2001:dcd:1:0:0:0:0:10
+x.nic.bank.		172800	IN	A	37.209.194.10
+x.nic.bank.		172800	IN	AAAA	2001:dcd:2:0:0:0:0:10
+y.nic.bank.		172800	IN	A	37.209.196.10
+y.nic.bank.		172800	IN	AAAA	2001:dcd:3:0:0:0:0:10
+bar.			172800	IN	NS	a.nic.bar.
+bar.			172800	IN	NS	b.nic.bar.
+bar.			172800	IN	NS	c.nic.bar.
+bar.			172800	IN	NS	d.nic.bar.
+bar.			86400	IN	DS	55406 8 1 EECF54C6DAB2CF3FA76EFFCE97B78F432050DA9E
+bar.			86400	IN	DS	55406 8 2 8E8E102E6751DA62E354BD322C9BDD42C29BF6A413B29DA5BDC579E2ED3C8DA1
+bar.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . ia8oGv9VVKQlGNSB9le3/k8im15ZaTgidyr4IaaJfdOWaFwMaFFVbWh9ptFqscPLqv3ZyqC5Hg6h+VLFL5GiLN9Mq8cS0O+pD2SNnv8yugukTnHDB+ccxrD8el0BdrAC+L8O8/zxp0+ZdndFqkvQPaf3lUFLrQI0PASXOAhjVsYpcSBjsKcexAZVaCqgktLgSuHWDwPVGGvfcCjdAJovS0/v7Me/kIMRu3w/QupVs2efKneELtpT8BCvrc4PelxKpaQejIEzfjVN5BuIvBYt4H5WIZ4g9T7Ypg2lK34T8jjbj89cJOpcOvErgL5hugY7VheQlOyDqIKXK8Ncmsa58w==
+bar.			86400	IN	NSEC	barcelona. NS DS RRSIG NSEC
+bar.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . BxOXb2t3ZldJnjjIQaLV+aaC27rIBHslK5gcIf0p+CNr+BgVQdO7qVXc8F6JYBF2l9Wgh5gymKnyyviJkU524CaVaelnCY2Kbm1OeDpdBqBQJCk6mi/amPTl3EsaEr6Tv5Pv/mXN69Tdqy2QCMl6alI4Fl/0HMoc4Nkp2DqDCvNfuNetLwCvgbpGIcQBTFhDkjRGot19AfmqvEX4hzPmmF1qk6QCNHp4dhRnZ+6RYcvb+0qiuHbOfHD3OB/psFCvuM3Y5LhC626hi76wDApnJzquTJZEvD9K8tTsH7KG3ZLtA9nHAezYVuhC3t+oKk3wrW6h++maFsDhIbbAcKtuTw==
+a.nic.bar.		172800	IN	A	194.169.218.56
+a.nic.bar.		172800	IN	AAAA	2001:67c:13cc:0:0:0:1:56
+b.nic.bar.		172800	IN	A	185.24.64.56
+b.nic.bar.		172800	IN	AAAA	2a04:2b00:13cc:0:0:0:1:56
+c.nic.bar.		172800	IN	A	212.18.248.56
+c.nic.bar.		172800	IN	AAAA	2a04:2b00:13ee:0:0:0:0:56
+d.nic.bar.		172800	IN	A	212.18.249.56
+d.nic.bar.		172800	IN	AAAA	2a04:2b00:13ff:0:0:0:0:56
+barcelona.		172800	IN	NS	anycast9.irondns.net.
+barcelona.		172800	IN	NS	anycast10.irondns.net.
+barcelona.		172800	IN	NS	anycast23.irondns.net.
+barcelona.		172800	IN	NS	anycast24.irondns.net.
+barcelona.		86400	IN	DS	42241 10 2 950D7E77E7D64382A3C69654AE15EC70A497E6E9002D10EB1BF9C1B89F77EEF7
+barcelona.		86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . 1rr5tPrsd1tWiNxq4B63uC3NPsGmEcaUa6wkA1FuM5ZzydvsJIA5Ec2zgjnsjUn7T7PKprfXo9k3ebixPovBITrpFAgm9I+7mz6JnuOtvS0uEeLUf2p0R80HBIhCr0Ng/H3idPy2KO+YA5UyXPBZab4jVHkwnPGGBi5BNUz4oVHcE7Z9hGPQI1V3OFmX1pUjH8MJjpyv9XQi3qe+Sr/EwmEmxg6byHCxBk7Q0P74xz3JNRczLgM9b/3DyX67UZu7Nu5e/eqEPpdW+oyBjHD6/xjllpax1HxKZXJPWY1wLZJ2bmcd4YmKcW5vqn7khVG0TU4aLBkIQMSy0fQTe9Thvg==
+barcelona.		86400	IN	NSEC	barclaycard. NS DS RRSIG NSEC
+barcelona.		86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . EUd5Xn2hSyHiK7zaNz2xKpw6IH2MmPo1Mpq0vUIsBZaKH1lHWcW2BYzLkQxcXVCRWBxTFloyiQdtvZ7Hae6xoLfbYAx0LkgOD8nLdqbnJKUXR04uYPIqH8IxPWp4jBYn6pOrL9oAdvmHKPVidwIBbxq1hVuomt+Frl/68PtYMnYGmWtrVWIJhOOqjeAvsZCOgd7OlgqiNttRFPvn8wA1V70UAGIkwKpnXXumUevM+/pADcVZy10BjmTuEwiGROV8zKikOOp8Dr+mcxIU0MW3tRBJmJDTQa3CJVTxtbA4a71hToEJA3+mWnZebaoRvMuvjUW/zA75izqk3qk4A1pSAg==
+barclaycard.		172800	IN	NS	a0.nic.barclaycard.
+barclaycard.		172800	IN	NS	a2.nic.barclaycard.
+barclaycard.		172800	IN	NS	b0.nic.barclaycard.
+barclaycard.		172800	IN	NS	c0.nic.barclaycard.
+barclaycard.		86400	IN	DS	8476 8 2 5FF69331A1FE54D3D3EA6F4B746444C19C1E61813AC3902E099CB25C369A39C4
+barclaycard.		86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . aU91GzXP/WGb8lZz9WwG/dkrVeENqpAg/Qyi5p3f0Xq77e2eYG+yjGkAaQOsjDUuqAesAztkdwC+KCeYgJ+zXu4tZ1WqvzioiiWVY7n6nDcpwuKB4lZyZAAlXcU2f7g3Dl66sb/q0uGH51v1yknGeWpJc884kB0k+7oNd9oeq1ri1uRexWgsO5ashrh0YBUOWFNO0SBi7IlFNEnxZyUKeU426nbNZ6rPN6iPObi8pxeJsROtQl+6rMI2k7tNTg4mO38omcT7LSggq/flLSTBc5tqr42S/XXSu8+15mhlqRQJRIQR+wRO8ul2VfjBmdHgKF92CsZKNmaGGzIvuSr5Qg==
+barclaycard.		86400	IN	NSEC	barclays. NS DS RRSIG NSEC
+barclaycard.		86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . piOcQ8ZWmkSY+1+Bqee9OGEt88MqjsNnfEj7MpY4sH1zGkrqc9bHBnUx83x1rBs5Yl9lX+4UrJwgHTLyN/VtVOQuQ34cJBCRCbW/DF0neqdbIHu8IkIiudkcKU5go8hkJyrEh/4xJFJaqD2BE3sHVxYdO/RHG7J27f3Hl6zpg8xc6/jYVJu0+xg2nY49BSoGSFH2Jl698NZH6rS8tNG0cOKPJtS2WDv8pHg0TWjXpTQSNqOGQxmCvx62yjZg2HwiVyNGyghqewgUf6Rh1Ku6Oe/ZHc/QNTTaVSiob06T9R+5ANoK0FvpAOvm3II7navRtqSEFbu/GviBAmZjCPkFfA==
+a0.nic.barclaycard.	172800	IN	A	65.22.120.9
+a0.nic.barclaycard.	172800	IN	AAAA	2a01:8840:76:0:0:0:0:9
+a2.nic.barclaycard.	172800	IN	A	65.22.123.9
+a2.nic.barclaycard.	172800	IN	AAAA	2a01:8840:79:0:0:0:0:9
+b0.nic.barclaycard.	172800	IN	A	65.22.121.9
+b0.nic.barclaycard.	172800	IN	AAAA	2a01:8840:77:0:0:0:0:9
+c0.nic.barclaycard.	172800	IN	A	65.22.122.9
+c0.nic.barclaycard.	172800	IN	AAAA	2a01:8840:78:0:0:0:0:9
+barclays.		172800	IN	NS	a0.nic.barclays.
+barclays.		172800	IN	NS	a2.nic.barclays.
+barclays.		172800	IN	NS	b0.nic.barclays.
+barclays.		172800	IN	NS	c0.nic.barclays.
+barclays.		86400	IN	DS	52234 8 2 616F95C6929BD5FBF6A06A38445F48CA787B2C32CA5ED7220065DF54E71E9EF8
+barclays.		86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . Tl7pvPpXwTm1Cs1BL1mmH3whjWsRYzu3eHqNbIH+2qqvfFZdE3BbnoLDLEbY7JE/DVZSg/kORTIVAXhrjvSLpIVpPWJjWAJjggbQlpjTQ4PNXUDih4mOWw9ozDq12MBBi/LJMH22OECZetdkm736x9R3U3PGmMwQgm/BiGKTJ+Yr2drEMmO2iTTaZkrMiJx5xhRlS3ylJ4cISNTLU8Qf3n0ir4UL7f067oSgNdTJ9lYtSVZmixw7fGRluIW0FpTf8jsMe2H5nh/sYTPo4yO2lUwHGClthgTTCujHxlO5MO8i3+xeMw7A3GSZe8X0+QLbL4HRDfIXvgk8Ybb2aTfXUA==
+barclays.		86400	IN	NSEC	barefoot. NS DS RRSIG NSEC
+barclays.		86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . aEep12n7u01oa1bClq2D1aURjDGyExc01mfWZiKYoTwcN7YQAp8vzRxgY3ejVN4tpsB6ZvaATHOuoH5E/dGlurgCNlRIYzAoARbTtuLZsUajZPp5RJbRGlNxPqDjMWSMPWGRIr4rOEM8dLt1VsEvf7n825GcIiVVtLKPL4Wprx+Lnd5XmrckDY1c8H6yALPN/d5GZEB65UzZFFtf7QVI1Ior/4yFMvNvx2xb/fFOIl6Z5+SXo5tnlgEu6bDW3KVZPK9KvBAt7wJN7anM8IS7UlF0pouVGaTyKj7uVdmf5TUrsyQVOXNvPHGK846XZLmd3G2LkWsxQGFTP1RrHxrltw==
+a0.nic.barclays.	172800	IN	A	65.22.120.1
+a0.nic.barclays.	172800	IN	AAAA	2a01:8840:76:0:0:0:0:1
+a2.nic.barclays.	172800	IN	A	65.22.123.1
+a2.nic.barclays.	172800	IN	AAAA	2a01:8840:79:0:0:0:0:1
+b0.nic.barclays.	172800	IN	A	65.22.121.1
+b0.nic.barclays.	172800	IN	AAAA	2a01:8840:77:0:0:0:0:1
+c0.nic.barclays.	172800	IN	A	65.22.122.1
+c0.nic.barclays.	172800	IN	AAAA	2a01:8840:78:0:0:0:0:1
+barefoot.		172800	IN	NS	a0.nic.barefoot.
+barefoot.		172800	IN	NS	a2.nic.barefoot.
+barefoot.		172800	IN	NS	b0.nic.barefoot.
+barefoot.		172800	IN	NS	c0.nic.barefoot.
+barefoot.		86400	IN	DS	35550 8 2 2A380080B296E5BF1C8212618288FDDBC665F7689A31DFDC7EECCFAEFE17203D
+barefoot.		86400	IN	DS	39166 8 2 138E51B866FD0185F6AA90CBF125CD40356C00A14EFAB23344F702F267E45EEA
+barefoot.		86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . hOyLfjTniAlp57LDIK9Z4JSE38mMdpNY+g/+HssZn65r6R+EyGduo0FREvprk9zsVrChIkwoMJWuu7BRGMmGByN8/5HOmn20C+L+p1USWAI5OLZYLabpQBt3IIJEOAC+2g5zin2c1RoswAdBu65odWhqYANgxcMaoZMGs/l2VY8WAvhxwJ68RwiMu7fbcxLbWshagwZkyEq308JFQ4F+RbH47r2YwyNptJbRGgH6ufWJ/GmCLvbjYgF+eDvgVNpRflJbJd6B58zRXn6mtxFvLxrP3r1znUxIn+pgkz7F/vu8QGaieapx7zwgLKcPS8jlrHPXxxF1F0kVX/Ks1DSgPA==
+barefoot.		86400	IN	NSEC	bargains. NS DS RRSIG NSEC
+barefoot.		86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . RQZBMQjtNn5SqcjxIwzS+wR9e/Ng8ceh8lR7A8LcXJ1xV/R9rre2Xis7KOWcN5MRE5jx+Kx6H6Z8JyTMmiq2PcpWLyQVr8tmBgfhjLdpPrrkFD8KcOhwNIm7gXAqpS28X+iO90tJnPwL6MRgWnUC5q7vPFZaSuIzZcWhYm5w1cxChBpAxdb1iouKX2CILP7FZewBp+FAjkUH6N5zCCkleHUFf15vvmauCwgHd/2jWs23htq5vFuaBm9U0G4zHw1ZmmwRR221e42QwUApmuZcRkUHLzWarrCZdxvJEtxIGSTj9TfxdMX9Jnn6ohty05e4iRTdXcVrR3b1HsROolIpuw==
+a0.nic.barefoot.	172800	IN	A	65.22.56.17
+a0.nic.barefoot.	172800	IN	AAAA	2a01:8840:36:0:0:0:0:17
+a2.nic.barefoot.	172800	IN	A	65.22.59.17
+a2.nic.barefoot.	172800	IN	AAAA	2a01:8840:39:0:0:0:0:17
+b0.nic.barefoot.	172800	IN	A	65.22.57.17
+b0.nic.barefoot.	172800	IN	AAAA	2a01:8840:37:0:0:0:0:17
+c0.nic.barefoot.	172800	IN	A	65.22.58.17
+c0.nic.barefoot.	172800	IN	AAAA	2a01:8840:38:0:0:0:0:17
+bargains.		172800	IN	NS	v0n0.nic.bargains.
+bargains.		172800	IN	NS	v0n1.nic.bargains.
+bargains.		172800	IN	NS	v0n2.nic.bargains.
+bargains.		172800	IN	NS	v0n3.nic.bargains.
+bargains.		172800	IN	NS	v2n0.nic.bargains.
+bargains.		172800	IN	NS	v2n1.nic.bargains.
+bargains.		86400	IN	DS	33742 8 2 D6D6432E43AC528FFB2C3CB4A6F058CF9E40E2DC290FEE965A8A3C49ADF2D50F
+bargains.		86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . e5vXS2NKvxoEOaWFGbfmkcow8d/8TFsBrpbW1UkBnksx6rVgnLvjRLi1M9oXmf9+b4h0/WtxrpbZGmKeUMr3QZ3OZJp3Yoooa6c7fNOEjWE422bXy/Om9v/0JwUbEcyJUVp/5lAVQhoWfRcpW68uslkqFnh0CV1LcJrOfkczIr5HqiHHdb9fwtmF85qpZ3U/2ZGiTutMoVt5AxV0NkQm0A3o4l4tzKJ5L7cIEgrYYxbUxr7kBHDc36Xe9tZo0kpuTSKBvQtpQ4IqIVGEhsWr2A4tTabJxA6p8ERtjNtY6gG/M9uv+Bgu8mX5fDkSIBDivPRcqHJI0oocx8jU6T2y1A==
+bargains.		86400	IN	NSEC	baseball. NS DS RRSIG NSEC
+bargains.		86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . rQ3ZfTE2R41mYGwyinmbsHrer5BqFTFPDnBU9MnzphBDHEj5GeMh5FTjDh6WaBqXOR6nl5/JpAsMByzNqU+qtRWtO6pxyIrtiKMr665UiD9MyFOCTmQiEkDd6f8pIDo+2SH4uf/xvWL4Lie4u7AYJ16Dr6dZRBeaEgL7HBKxIX6g2pE8Iq7TljLmVR4e+7XgTMufh9xTgsv0GRVpi3Lks9uP+BGd71FkHVGTCkJ3Efh4vLJZXUzGWgr09aTFHMjqbG03NXxsgWvMtLu7/3fI4/eqk55f2VLLqxyZk2Hlq1xIU/qm/9ErN/A0QSkG55c0ERHgmhQHEWsNSbvhIimlgA==
+v0n0.nic.bargains.	172800	IN	A	65.22.20.62
+v0n0.nic.bargains.	172800	IN	AAAA	2a01:8840:16:0:0:0:0:62
+v0n1.nic.bargains.	172800	IN	A	65.22.21.62
+v0n1.nic.bargains.	172800	IN	AAAA	2a01:8840:17:0:0:0:0:62
+v0n2.nic.bargains.	172800	IN	A	65.22.22.62
+v0n2.nic.bargains.	172800	IN	AAAA	2a01:8840:18:0:0:0:0:62
+v0n3.nic.bargains.	172800	IN	A	161.232.10.62
+v0n3.nic.bargains.	172800	IN	AAAA	2a01:8840:f4:0:0:0:0:62
+v2n0.nic.bargains.	172800	IN	A	65.22.23.62
+v2n0.nic.bargains.	172800	IN	AAAA	2a01:8840:19:0:0:0:0:62
+v2n1.nic.bargains.	172800	IN	A	161.232.11.62
+v2n1.nic.bargains.	172800	IN	AAAA	2a01:8840:f5:0:0:0:0:62
+baseball.		172800	IN	NS	a.nic.baseball.
+baseball.		172800	IN	NS	b.nic.baseball.
+baseball.		172800	IN	NS	c.nic.baseball.
+baseball.		172800	IN	NS	ns1.dns.nic.baseball.
+baseball.		172800	IN	NS	ns2.dns.nic.baseball.
+baseball.		172800	IN	NS	ns3.dns.nic.baseball.
+baseball.		86400	IN	DS	11122 8 2 440E52AF38C50A3E6EDDD224AA4C2DDB50A3B6313EBD36BAAACE8FF520D03A07
+baseball.		86400	IN	DS	28711 8 2 349E8B6A2E0890837FF4B69F7EFB0F44E3C32DC976FA74962DD8F812D7712F66
+baseball.		86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . w1Hwn6/fpKSMlHSOn0POfOFiVkUdNh9plZl1JjGBzAjB6hPJs0sdi8WKpQcZMHr5SPrr4pTDkrHlV7yB9k3TW591OhDC6NtpGxbGEa1W2LkzKajgCPWnrHtaSOEaLW+R5BfG237fEHUf89BgwASDeGLlDaxrf/qJU2xMs55+2fsWKgUa9j2xD9//3lQMHUnmAOvPiK4xUHtRU61khXX3zmFLi5erLQhpmEXWJckuZEhrlYTVzn8ScrB21ucfBI7GhmmoX7NXtYvERxscxPVDLHAWigYs4DPBkdwEMzjZZJ6r0EYxebG/v9BxevCEPsUQe1xTYmpDbEEx2My6RUkt8Q==
+baseball.		86400	IN	NSEC	basketball. NS DS RRSIG NSEC
+baseball.		86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . FpdLMEwO4XaW3MxLc9hyLhSSjzMQMb3gCKmt+UvKOvLbvm2+egDAVKFLmwDnOunMXj4R9I9Q/AwdBO2tFa40zZchmrE6UxF+9spfZKVbxqkfKAR4nBgPGcnPxsHUoqgh4ksWVS3NtGnaZQNboNwISV3BZgJPyIrzxAj2w47EIP+FmO6E6RkHv/i5hOvgmTuU1mcA0vKXGNKLgW+0iww5UeApvkIC91v6W5Mj+oF/caXxbJuybCx/F7GpSmjoxxvxq80bIrZPQ0XHB9k8PvziCFSkDQrBFdigFgefdRcQElEvy+4qOC3yITP1IdW2mMqrSP36shL+mc7mrsNP6Xc/Ig==
+a.nic.baseball.		172800	IN	A	37.209.192.10
+a.nic.baseball.		172800	IN	AAAA	2001:dcd:1:0:0:0:0:10
+b.nic.baseball.		172800	IN	A	37.209.194.10
+b.nic.baseball.		172800	IN	AAAA	2001:dcd:2:0:0:0:0:10
+c.nic.baseball.		172800	IN	A	37.209.196.10
+c.nic.baseball.		172800	IN	AAAA	2001:dcd:3:0:0:0:0:10
+ns1.dns.nic.baseball.	172800	IN	A	156.154.144.200
+ns1.dns.nic.baseball.	172800	IN	AAAA	2610:a1:1071:0:0:0:0:c8
+ns2.dns.nic.baseball.	172800	IN	A	156.154.145.200
+ns2.dns.nic.baseball.	172800	IN	AAAA	2610:a1:1072:0:0:0:0:c8
+ns3.dns.nic.baseball.	172800	IN	A	156.154.159.200
+ns3.dns.nic.baseball.	172800	IN	AAAA	2610:a1:1073:0:0:0:0:c8
+basketball.		172800	IN	NS	a.nic.basketball.
+basketball.		172800	IN	NS	b.nic.basketball.
+basketball.		172800	IN	NS	c.nic.basketball.
+basketball.		172800	IN	NS	x.nic.basketball.
+basketball.		172800	IN	NS	y.nic.basketball.
+basketball.		172800	IN	NS	z.nic.basketball.
+basketball.		86400	IN	DS	46201 8 2 CA5C951D022F3965AB936D403CFBB48F2D753D7B32DDE3AC146B419693DFBF30
+basketball.		86400	IN	DS	48130 8 2 02653B2567731FF23C16036C9F0D51A3596FB8C93B6BD0801B74E7267AF995AF
+basketball.		86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . o2JF+yoJWJ8tgomEzGg/QS7/cYKHTNhmbcw/x9pNf0FyRHCuxtvlh2MRo/Ms5uRfhY+rzzf+GygBuOEaK3MtVqUylhHn/eVfQFhJ5D+sOPj3qGj3CsQ2jNjRI7gF1tvVePkm1cMLJCuPd3gk5Ym1mYC3sohNu0kKcY3+U1Y+A2FkiQflsyMpRb9ITAw65DOBi/EHzeK4mr3uEM/9qnrSUcfg8Y+lyu7OFsTJIIQQUDv5ekZxWfZFnQmV+VXt+iiQREWIr3COWxDQWPmot5RMoHd6vhv+7aX9fr7MGFBrtvZ0Fo99I+mlghx3y8/Mt9RbHWPm6/ID2llv91qks0eZMA==
+basketball.		86400	IN	NSEC	bauhaus. NS DS RRSIG NSEC
+basketball.		86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . DteXbWSdbI0wx6zUPjZyvRD/6R70QYJ6voVYXfL2jKclYhSw4lK6OWOj5vxR7JhXelt3HnAmv0R+omt6aOB3rgVqb2JJ6HkFIBsh9bEruN6U47lANcSPY5hVBXEIOu84/03zfprt8rK2lQSsuxYdWyQGnEfNBtumSRsK0FtAqdZZqCmiTjOuU8Tn846+stIBMF/15f44J5xZmCgWgZVJkrmZx6lav1Q0BtiTfLC07gUmP5xNf9LEieH6A0ebxVRmpqD6D7g4ud3ioftWnKUr8z94evRnycZNyCyh63k401+enjX89+6Hrj9J+1T8O8Jak56d0ZfyZRhpD4C1iKraUA==
+a.nic.basketball.	172800	IN	A	37.209.192.10
+a.nic.basketball.	172800	IN	AAAA	2001:dcd:1:0:0:0:0:10
+b.nic.basketball.	172800	IN	A	37.209.194.10
+b.nic.basketball.	172800	IN	AAAA	2001:dcd:2:0:0:0:0:10
+c.nic.basketball.	172800	IN	A	37.209.196.10
+c.nic.basketball.	172800	IN	AAAA	2001:dcd:3:0:0:0:0:10
+x.nic.basketball.	172800	IN	A	156.154.172.82
+x.nic.basketball.	172800	IN	AAAA	2610:a1:1074:0:0:0:1:82
+y.nic.basketball.	172800	IN	A	156.154.173.82
+y.nic.basketball.	172800	IN	AAAA	2610:a1:1075:0:0:0:1:82
+z.nic.basketball.	172800	IN	A	156.154.174.82
+z.nic.basketball.	172800	IN	AAAA	2610:a1:1076:0:0:0:1:82
+bauhaus.		172800	IN	NS	anycast9.irondns.net.
+bauhaus.		172800	IN	NS	anycast10.irondns.net.
+bauhaus.		172800	IN	NS	anycast23.irondns.net.
+bauhaus.		172800	IN	NS	anycast24.irondns.net.
+bauhaus.		86400	IN	DS	3408 10 2 8E5C6C53E04001F14305794F1B28EB612B8D297CC190F8662B53E3710CE82456
+bauhaus.		86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . Ot1S6wn0sEbUZD93dWO4sviwQVn+jhSWK4VUjUe8wKMXEbidpPypq7wPniTDLe+0oMNePpPTtp9PzlqiESXI9LadcDvA/VM0rL7npGMzAleU9II4dieORbF9KUZ2z+tJt/9JvvJ2J6D7Kb4/H1aQyUpH8m8lonosO9A4gPBkV1v9AbPnM/Y47cKR/BVF52ilLvlqHpkLSlqLCsDuHeAUDjCGFUYM+npxvTNl7KlNe4eGuJ4IgtnYB1rM90GiuSDb8aadSWMtgUrde8q7O6sa/RGN8ha9XNZdYBhCrcHx+UGGV5RrNpslqf9lTrgryLrqa3oIShLjmV5eweQb8alG3w==
+bauhaus.		86400	IN	NSEC	bayern. NS DS RRSIG NSEC
+bauhaus.		86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . JXC4Fq6+3SBG0HE0IcspF25UdfQKgZwMSQ8u644Oo+hlyGFeCwrXMp8zGxIxawAVKm9g5uoJzY1aJ4L6frW6uaYl6nKDUJut805Pw+9BJJavm95vdZf7KJhmRcDKMlhCogbwf1lOchu3F00han9oBJ4nkx1hAfTbY792fOyWtj7HTxQBin1CXCDEo7cIvzlDbwljiJywZgUzvuSfx02WBaq5FI+F/uXu7EDfGURORz47M0fMZhosLsMvO82ebwEgSjkdD8kVqR4X2rSyUAc7Rjj2IorKCfuqPuEjrkOuvhatGAg87PfaiJJ4X02Na7KE6aTR9b6bS+kfvii/qNbHYw==
+bayern.			172800	IN	NS	ari.beta.tldns.godaddy.
+bayern.			172800	IN	NS	ari.alpha.tldns.godaddy.
+bayern.			172800	IN	NS	ari.delta.tldns.godaddy.
+bayern.			172800	IN	NS	ari.gamma.tldns.godaddy.
+bayern.			172800	IN	NS	anycast9.irondns.net.
+bayern.			172800	IN	NS	anycast10.irondns.net.
+bayern.			172800	IN	NS	anycast23.irondns.net.
+bayern.			172800	IN	NS	anycast24.irondns.net.
+bayern.			86400	IN	DS	27095 8 2 C8D5A25263EF9EAAB175F1CA68623488AA7919E16814F516CC369E09F237623A
+bayern.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . cEZ8TGNkI4t4DIiS85yuXCID1VGXGqdgRiEdOaS5TXDN95vkp9hBRJUdE4FllDu/dVDW7XfwWYfpNZLEXUQuXVNQUnheRShnUIG/H00tm0EPtDqaY+sPMDYw6/+DdnAZYXlGbGlJNlK98HI2MGR3KlBMygB2LG6S8JVwTMSJ6qtyzN271zhSBk0zbICknnglYwVX71mlSRDKwEh0KIWMTZ28WskFC45Cs+EIQ20QbOemikEv167094qPdQhywTuEgDhDGn9uRDUZCVNE1k6zHSE32mSDTy42aWv0RTUbERwjLYgwH/ThoZWFIa8bEA6eeZNQT1rVrMqdO+K377hpDQ==
+bayern.			86400	IN	NSEC	bb. NS DS RRSIG NSEC
+bayern.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . mGJEwnR8FySXHKGM7W4nltPxpl39Qoa+hDNv6NNFjvSmEQa/+l20d5geBo886Ar34mbhZ/5sGmbywwhqHcPbUmjkO6iG9+0qfEC86qZAomn3GpdOkOQsELds+ShejHPTKAYzu5lNDjtZXo5DQRMMGcT6F1HpAkdTDyab8+qPGo+ge+f3xECbUUxUfidtEErseB9uILND7HJIsq8QV5UctbX0J5J3R1cb4HsHhWhbWNdzGlm7zSzlkaoE5cmRfW0EoedAOK7o0Xw9wN6TQWVu8CFoq31G9x2aAc41xXNHfzFFrAeysrnWf85oUkO5a5sITsKdLxYKMeZqxOvhPX4Yxw==
+bb.			172800	IN	NS	ns1.nic.bb.
+bb.			172800	IN	NS	ns2.nic.bb.
+bb.			172800	IN	NS	ns3.nic.bb.
+bb.			172800	IN	NS	ns4.nic.bb.
+bb.			172800	IN	NS	ns5.nic.bb.
+bb.			86400	IN	NSEC	bbc. NS RRSIG NSEC
+bb.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . mykh8klGaeVPhsOBtl5AOHFd1Dr+HpifdBlQWHTrZCoHHO3ryTZLEgbvUaDk5p7HTCT5ykpNF68WbheZKxsP+ijau+HFY8Aok+VpQ32m/D6gFJLXxxN+/9Nq1oRced9vdFuv8YFIdGIEoEulSL19pHKrfDOzbBGgegJcG8NouOlk0VCh7qLrhfC76+MfcolhUJjSPUwOObFvcjiHDaEoL2tvt++IE4tbhhlGjKWKesbIz6zAH0TSpvVCRP3fZsSEb+j6kSZIwHsAUg/3+uvpAIqnqGKnmnZ0SP2gLipv8u/Bd1JkgzLIrkgEY5FvTMa6a1SFVuaj5QgeD5Mxdo67bw==
+ns1.nic.bb.		172800	IN	A	64.68.192.10
+ns1.nic.bb.		172800	IN	AAAA	2400:cb00:2049:1:0:0:a29f:1835
+ns2.nic.bb.		172800	IN	A	198.41.222.254
+ns2.nic.bb.		172800	IN	AAAA	2400:cb00:2049:1:0:0:c629:defe
+ns3.nic.bb.		172800	IN	A	64.68.196.10
+ns3.nic.bb.		172800	IN	AAAA	2620:49:3:0:0:0:0:10
+ns4.nic.bb.		172800	IN	A	64.68.197.10
+ns4.nic.bb.		172800	IN	AAAA	2620:49:4:0:0:0:0:10
+ns5.nic.bb.		172800	IN	A	200.50.92.195
+bbc.			172800	IN	NS	dns1.nic.bbc.
+bbc.			172800	IN	NS	dns2.nic.bbc.
+bbc.			172800	IN	NS	dns3.nic.bbc.
+bbc.			172800	IN	NS	dns4.nic.bbc.
+bbc.			172800	IN	NS	dnsa.nic.bbc.
+bbc.			172800	IN	NS	dnsb.nic.bbc.
+bbc.			172800	IN	NS	dnsc.nic.bbc.
+bbc.			172800	IN	NS	dnsd.nic.bbc.
+bbc.			86400	IN	DS	10550 8 2 A5006C3437CE92E184D0E45AD5E31C35FFC69353AEFEC0926B78D04A6D3C99BD
+bbc.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . WyQ2uSXaFLqv3Iy5xLd1KFVBPcqwFPk8IXWzn43lgxcGxQiuVPoMoRir6w+nctjIu44HHie6Qzz2iGt8OH8WMT+SleAs4jxRKiZBvwaGXfsc7wawMPG/RJ015Z0E1ky3BNXPlCefx8lMPPlw5cER1eKeYRTTmvsR0a17NM8Dh86ifYWcIVJUn3blUE+Z/SymWx9/I5gG7UMrjvwR5UAwEkpN1LisqsASa9kx92gZZ1Zsb7p7RBJqk9xE3nnOHLLoD07zUF3zq16Tpcz8dj7k3pEjOUiQujmIw3hXAN2x7fjMBA28FT2YsPNbmqfJNhj5F3I78aR7S7DnIJU7HuWTVw==
+bbc.			86400	IN	NSEC	bbt. NS DS RRSIG NSEC
+bbc.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . tKrr8+B7trCz9A8vjVZ4f1wvBYneOMe8+3XkSJiD7aeyjbpY8s+yDJwBfdXHKr3C23UuhD2kAeRDgZDte0xy1T4t91NJ9bFArXV+PzIJjhbxj+FSHWug+Pks5fokpzuFlb+M7vxLpb3WwA4FzFyllkpxGV5Hg+Blp80nJ98NCGnxWFRI/27PkKf8f8LQWWGbTlBTI6sWWjNQQyCzlUjKHVP0HK0Alef42JFE2am1eG/Sl6HqZ+wAZOR81U+5ydMXZiYFHC3dMVpQ/jVo9ojBz7j9sqNpad63GbawM6Q8E2+2IVqukTvMze5rLVzyCBqxIBJ/nNUQPeSLfXth+dzpMw==
+dns1.nic.bbc.		172800	IN	A	213.248.219.4
+dns1.nic.bbc.		172800	IN	AAAA	2a01:618:403:0:0:0:0:4
+dns2.nic.bbc.		172800	IN	A	103.49.83.4
+dns2.nic.bbc.		172800	IN	AAAA	2401:fd80:403:0:0:0:0:4
+dns3.nic.bbc.		172800	IN	A	213.248.223.4
+dns3.nic.bbc.		172800	IN	AAAA	2a01:618:407:0:0:0:0:4
+dns4.nic.bbc.		172800	IN	A	43.230.51.4
+dns4.nic.bbc.		172800	IN	AAAA	2401:fd80:407:0:0:0:0:4
+dnsa.nic.bbc.		172800	IN	A	156.154.100.3
+dnsa.nic.bbc.		172800	IN	AAAA	2001:502:ad09:0:0:0:0:3
+dnsb.nic.bbc.		172800	IN	A	156.154.101.3
+dnsb.nic.bbc.		172800	IN	AAAA	2001:502:2eda:0:0:0:0:3
+dnsc.nic.bbc.		172800	IN	A	156.154.102.3
+dnsc.nic.bbc.		172800	IN	AAAA	2610:a1:1009:0:0:0:0:3
+dnsd.nic.bbc.		172800	IN	A	156.154.103.3
+dnsd.nic.bbc.		172800	IN	AAAA	2610:a1:1010:0:0:0:0:3
+bbt.			172800	IN	NS	a0.nic.bbt.
+bbt.			172800	IN	NS	a2.nic.bbt.
+bbt.			172800	IN	NS	b0.nic.bbt.
+bbt.			172800	IN	NS	c0.nic.bbt.
+bbt.			86400	IN	DS	41827 8 2 06A56F660DFF926AF3C13EA685E7322EBCAE343D10A15AA9815F27E959B24EE5
+bbt.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . bMqISAxY/Pq9RP1Xso7+dzFtq6qH4c449Q1j7I6i3MVyegxgpoEZ88IuL0Xn7APBuP34TaL3iC0ssYfEFcqeiiIH/ZHQnAVM6Ok6MUxW43bWqcR3O1ox5JHIELydYtPpaI1sXJV8Pq/qeYRa06iA3sS8OgLHBQNmnMDTuyMxoggWBvlC3JBfqhNPakT3Pq8qf4DDOEF481MgIBr6W8uGJvHPgGq6ta+WGBZtd4MazyFTyDDuCoVGrElX9lu2KBeqz2qY63/PUMEifAFrUMWyZrjvsw95Byk/etrfYHO5TADjtPO71zbJB9cux4YODUbcKYM++7mY5dwayWaG6qigYw==
+bbt.			86400	IN	NSEC	bbva. NS DS RRSIG NSEC
+bbt.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . i3nBSJW8QXMhFlHtrm+QvwhJa8HJKaVra05qzRFA2JGnie2cffFyeRpjdcAF/tEBrr6SHLg7J+/bSmaKZyabgwy2jPl8vhm5EdkSFIeZ9uJYXFJs62CD+2feJ35uqYgnibG3lwlnpSx0I/5rIHx2DIST9ojKkJPGLu55Q/gA5f0GBAeoWeus4M7Q3GS+7/jS0Lar3VQGbUZqfIV6TfpjWyIWUiyoe3ITKeG88ItjH+7SGxAY8LKI1Z88gKq5mGB+7klz6YtwldZYpVcwaiXPPPI7t9Z9xQFE/yZF8smzquhxjzBOmlatXf/+foROSoSPfFoFbABaV4a3+YoHzwV9Hw==
+a0.nic.bbt.		172800	IN	A	65.22.112.44
+a0.nic.bbt.		172800	IN	AAAA	2a01:8840:6e:0:0:0:0:44
+a2.nic.bbt.		172800	IN	A	65.22.115.44
+a2.nic.bbt.		172800	IN	AAAA	2a01:8840:71:0:0:0:0:44
+b0.nic.bbt.		172800	IN	A	65.22.113.44
+b0.nic.bbt.		172800	IN	AAAA	2a01:8840:6f:0:0:0:0:44
+c0.nic.bbt.		172800	IN	A	65.22.114.44
+c0.nic.bbt.		172800	IN	AAAA	2a01:8840:70:0:0:0:0:44
+bbva.			172800	IN	NS	dns1.nic.bbva.
+bbva.			172800	IN	NS	dns2.nic.bbva.
+bbva.			172800	IN	NS	dns3.nic.bbva.
+bbva.			172800	IN	NS	dns4.nic.bbva.
+bbva.			172800	IN	NS	dnsa.nic.bbva.
+bbva.			172800	IN	NS	dnsb.nic.bbva.
+bbva.			172800	IN	NS	dnsc.nic.bbva.
+bbva.			172800	IN	NS	dnsd.nic.bbva.
+bbva.			86400	IN	DS	30962 8 2 E800C51F8933F6EB2F234B542F1C83C8E703D9448BFF8AAC4356EDC1EB6AD7C9
+bbva.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . WBB/Cb2+LTvsSucOCID46gcG4lNvCsx8E5QeysV7S/XbUMtOWj3RwGSx6uwYHBOp3QlwMpkecvAMDf2ZqrnNAyJib4XI3tm6CBfyRPfCmATgX0MZ1o2q85ZIwCmZJoumVZCehH/e0rxzfgC8kwvWAkifqM+O223kznZVLA2EUnnnZYfCOgXR5Qx8zSq5N5H/v4L9lwJal7m7sWreK6PNys6pK5uLMSyV5lw3ymXhraEJD6Z9vhmDryJBiq3n+lIjbRIramTbg6P0dyH3LIxzF3wjxNXDYl9dOsyDvNGDiz9MlzTnuVe7gV5oXj87nIi6omfKNk0i3IEEkH3vEyrDEA==
+bbva.			86400	IN	NSEC	bcg. NS DS RRSIG NSEC
+bbva.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . tgMUTAnv6D9sWahhmEj9vwjdOkRwXD0d02mjHBupVukLzDsq4m7TMCOZVJdVYe1d23KFKRU75DN062ksfKC6Cnn2aW2rvxHvMO1tyoM6wynZeS2DvfhJE79Ejbtxc8U1JGea7bKT19jw7beBmLGZTvYS0kIRNnYzYboRy9Q36nNbYbZwjihKejpwizOTML2kwJezPGnEPs4XTEH6XOwlUQ1ry9UmR7wxTcqff9KsW8/hz90h7igzguDFX7JXNKxHApP6UvIvoMJMtjDQY7eF9UBNy22nXjCHlNgd3qfRRm9F2Lh8HGy6Uidli7tCduVWy0iI9OzWBlhMeNr34Rr8cQ==
+dns1.nic.bbva.		172800	IN	A	213.248.219.44
+dns1.nic.bbva.		172800	IN	AAAA	2a01:618:403:0:0:0:0:44
+dns2.nic.bbva.		172800	IN	A	103.49.83.44
+dns2.nic.bbva.		172800	IN	AAAA	2401:fd80:403:0:0:0:0:44
+dns3.nic.bbva.		172800	IN	A	213.248.223.44
+dns3.nic.bbva.		172800	IN	AAAA	2a01:618:407:0:0:0:0:44
+dns4.nic.bbva.		172800	IN	A	43.230.51.44
+dns4.nic.bbva.		172800	IN	AAAA	2401:fd80:407:0:0:0:0:44
+dnsa.nic.bbva.		172800	IN	A	156.154.100.3
+dnsa.nic.bbva.		172800	IN	AAAA	2001:502:ad09:0:0:0:0:3
+dnsb.nic.bbva.		172800	IN	A	156.154.101.3
+dnsb.nic.bbva.		172800	IN	AAAA	2001:502:2eda:0:0:0:0:3
+dnsc.nic.bbva.		172800	IN	A	156.154.102.3
+dnsc.nic.bbva.		172800	IN	AAAA	2610:a1:1009:0:0:0:0:3
+dnsd.nic.bbva.		172800	IN	A	156.154.103.3
+dnsd.nic.bbva.		172800	IN	AAAA	2610:a1:1010:0:0:0:0:3
+bcg.			172800	IN	NS	a0.nic.bcg.
+bcg.			172800	IN	NS	a2.nic.bcg.
+bcg.			172800	IN	NS	b0.nic.bcg.
+bcg.			172800	IN	NS	c0.nic.bcg.
+bcg.			86400	IN	DS	10891 8 2 E3428A6F71B3F25036A32EAFB4811EE26D0E4C2F9E1098C0071AB25431CB339D
+bcg.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . YxImMQ/0Ie0TcJPXKuDheAsOJQyTs33NAUUZuE01ZpnuHoZvYR5ARAvfqIL1v39m0bZHVlHju7ZP9dpiNvBKMzw2+GnZNuTHm3b/g4iPVvcVSYymttvb09f1M62YBJpGq7LFnzCodzUzPCxz86L6hOmf+Ww09bm001YbZQTfNjK5hQAVxDbFRtydOnLXe+03HGR4ev4z47bqPeF5gmh2El0F5D65LpnpmD5g4V0bTVatBWQ/5ly6bqi7oa8qFrpJj8CeK8RuDKplDjsJCxThPYtrtptt/uET2YRuF9pXwigfdCxjR50WUCfC1uKvqZNpctcmcdb0PLlru6PMAykGSw==
+bcg.			86400	IN	NSEC	bcn. NS DS RRSIG NSEC
+bcg.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . OK9sj3XyEncnLtsdW2LQPY5YEpqm6EaXiz+TOn1r6oTQGfzCEtDJxwjYj8hKtDffVRa8nvxTX0gx4dW0iOMP7yuoKRmlQ2dlbkC7+SeFVbmNTtx6xfpgLCowXiRsbCPqMR9gAXEmLlMPP49wvhhEvVX+9FiYRZBahI41hY5pvMwjMjkBweJ3JSKLTTwzcbt7GORsEko3VYgUcZ/2eSv4kTlHFH+JjRpRY42y8N8REovWlcwipDFcorCzlt9Lk0knVt2WepdHbSKloXFUjVh8k8gDs1rPNkwHEvmk6u6EwWKVnNEXsD9Ecp7bZFP6HxDA3rixkMo1bEnKsqraV0KyAw==
+a0.nic.bcg.		172800	IN	A	65.22.216.25
+a0.nic.bcg.		172800	IN	AAAA	2a01:8840:d2:0:0:0:0:25
+a2.nic.bcg.		172800	IN	A	65.22.219.25
+a2.nic.bcg.		172800	IN	AAAA	2a01:8840:d5:0:0:0:0:25
+b0.nic.bcg.		172800	IN	A	65.22.217.25
+b0.nic.bcg.		172800	IN	AAAA	2a01:8840:d3:0:0:0:0:25
+c0.nic.bcg.		172800	IN	A	65.22.218.25
+c0.nic.bcg.		172800	IN	AAAA	2a01:8840:d4:0:0:0:0:25
+bcn.			172800	IN	NS	anycast9.irondns.net.
+bcn.			172800	IN	NS	anycast10.irondns.net.
+bcn.			172800	IN	NS	anycast23.irondns.net.
+bcn.			172800	IN	NS	anycast24.irondns.net.
+bcn.			86400	IN	DS	20194 10 2 2C1FAF28AFB91E2A2FE1A6C27E480CE2077CCFF57CD7E8EAC1B658CF2B9D9260
+bcn.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . mg4rL4XVrkRL6HTCGcDeTltpTX/p3OUThE5TvY8W+tbt/TCsHG502ERqzjCHoIOpJLNzLWXjqzGPg+kFjJ+MDSHuUXYkp1CtHVDNaFcqqPNWZCPCv8FUfbfN7PY+NQhaCyMCsFX6bQHFHnz19FgyFd2xzOBiinh16Q13x6cpn7pAhAg9tZyqsMZXv6b8hVcFjqtXKqSzjtA73nxZ4yNEFd/fUbqL2F/ERDlzbgBNZj0oq6+k1lJAxPviJHYsqbYDqCx/IXNtHsJiFJ4lgmt7h45zQ6LsjF64jnGt4ooX5fep7uJAu6tqCxftvQFHKuedxOp7s+tm3rVoXHK7orDWaw==
+bcn.			86400	IN	NSEC	bd. NS DS RRSIG NSEC
+bcn.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . CH6OJKJQRT0q5g4i++oKgjNP5zI7haC/4XrXtEKyRgMVGNgNmZ/cKB82BR1fkPrBG+TokwJcnLmtsl3Qw1wtflJgRm3wDqHo2BWvAfYeU6lnauPXMwv99JJGbSv6cm5H7N+NRQlK4W9B0bcSyOZmusFAGMwBlcOmMxG7a/LjihouGnXyCQkI8eRGCKSgd8lY7XIgcrXMhWaLfmU1qL9fTGBZ/a/u5x4lmGfXrKpdJD21nh1lVwRaHHUf8kGe58lQf6fuS6LAHtjitmOodAT4VyJ7jZZKK6W3oohPl6fnV0IzVytD5SFtYg7BcqhF39boHpSvdy9M26D4B2loScWmtg==
+bd.			172800	IN	NS	dns.bd.
+bd.			172800	IN	NS	bd-ns.anycast.pch.net.
+bd.			172800	IN	NS	surma.btcl.net.bd.
+bd.			172800	IN	NS	jamuna.btcl.net.bd.
+bd.			86400	IN	DS	26044 8 1 2DAD1B7F8CA778464F536FDDD15EFD24CCCB62EF
+bd.			86400	IN	DS	26044 8 2 BD01C4B4345D21FC38AA88129F7BC00FDD7B422799CC6703736E3B381F37DD5B
+bd.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . ZpZhI4Nl0e5CKLEyf3UQXS2kWTAIheelqLB/gisl1VnCEmZpyJj+b+wEFeWqf4nuflQp80Nx6hkF+q2h4F56HekxwhniilR095Ir8wZuh6dG1i3bMQa2wzJSBVCiY+y8yzWoygiAEp88PdNTDbzQe7iKpOrKk+ock/RfcbYklwUBBK5Cv89yWYWKu15ZMaQbYx+L1jVbdwXWa0fiUQ8pDD9ke6XnFwseDgLsl5NKY2XdYqCFz6yKrrPVQ3NR+FOL6gtqptEPXCXSFxfPL4ADd2avqBS9lOefRcxNl0zQv4j40SawbPZRImR41TXDhTjwq+frqZzDO6xnABnwksQPfw==
+bd.			86400	IN	NSEC	be. NS DS RRSIG NSEC
+bd.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . X/hX8TOHWu2JuYENVd84MhmfJifkTer7wx7gnE06Z5Sck6wT8VvvP0LMBPSzkqs/An27DZDIEtpkJctB0dIk9XZUUrsDXXdtKLTPzyUbZTUU/kOKMGd9fTqhhQ+3FB4T76zBd4+6HhwOJNmUrj5tRSzh8pNd8W8z89SaRbgjHiWIgVnGhh9LrJu3/W2QbECTDD3bOqXyFHPmqIZlElyi4x9hpioJRbXr/oZlS/UIhqqK6I/PcLY6be6/M3V8Pt1rXhJZFqMIvNv8UcpYP3JGHj/yBJrC6uP/q8YrEmiaAgeqPvk+Cd2Sv4mdZJhOCWij9vM0yLGosnO56RiHeT0YPQ==
+dns.bd.			172800	IN	A	123.49.12.112
+dns.bd.			172800	IN	AAAA	2407:5000:88:5:0:0:0:3
+bayanno.btcl.net.bd.	172800	IN	A	180.211.212.213
+bayanno.btcl.net.bd.	172800	IN	AAAA	2407:5000:88:2:0:0:0:3
+ekushey.btcl.net.bd.	172800	IN	A	123.49.50.51
+ekushey.btcl.net.bd.	172800	IN	AAAA	2407:5000:88:1:0:0:0:2
+jamuna.btcl.net.bd.	172800	IN	A	203.112.194.231
+jamuna.btcl.net.bd.	172800	IN	AAAA	2407:5000:88:4:0:0:0:231
+surma.btcl.net.bd.	172800	IN	A	203.112.194.232
+surma.btcl.net.bd.	172800	IN	AAAA	2407:5000:88:4:0:0:0:232
+be.			172800	IN	NS	a.nsset.be.
+be.			172800	IN	NS	b.nsset.be.
+be.			172800	IN	NS	c.nsset.be.
+be.			172800	IN	NS	d.nsset.be.
+be.			172800	IN	NS	y.nsset.be.
+be.			172800	IN	NS	z.nsset.be.
+be.			86400	IN	DS	12664 8 2 75141E9B1188A95A7A855BF47E278A742A5E3F2DDEED8E995D749D48F2F0E72D
+be.			86400	IN	DS	52756 8 2 5485AC33DD7C7ED237EA2A4BD269731C816960FE181042024484B5CECA6ECC9F
+be.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . QSBCjC11SdRdpOcoiGRpnM9fGEDrgLg4glugxL8Gg+VIvpT05nXyz3sCLKhpVOvoGBGlBqwIiJdyod0cCJimXmsXqDt/Dor7FioghobAN23F+6PeTS/mou2BHWIjsSrQRvgWRpAlx1hgTSzUvPnsogSU6iJBLYQqWZ3QIZqITdLubiAKZ80j4XIC0JNv0jeF5HLsID6Sip0crstGr7wknpNShdhf3lrNvXuT5YA1L+WVIhzZBN8wZMHyzkuTM4QGw4W6/3z/U2c2v8hIWhdB0JKTUmRtrH1ssq+R9NIqPx6bl/3co9SvngmLK1arkcapyD0E6KDWlFZlSxB+p8wnMQ==
+be.			86400	IN	NSEC	beats. NS DS RRSIG NSEC
+be.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . pHQCPjy3OT77+dU1qrcBCVytbOvVks/nMRCimfEcZdRXrtBkCdviWzXSt0Fps/hZrmeV46f8ISGJ0+8gyCEoeBjbYqCatM0HLz1/Q6+OfubhyaNvEp0mg1MPJsEK6HoEvOX/Lv666iYVb/oxQOFy7dBLUxnyJnfm0suK9AhJm7LxYHoKwacBLeHjuSZSk4MyxnlGIT7KfM8r17tXqnjSzihR54pV1ptG+Cb6e/Xr4prM+nwxwhvaO/DcQ43B403nX1aqS5gscPIgisn6s8agjcjRyYZMu9g2dDFMiYv5HCRQRJfJR6k6F7sT2Rbv97lFfZCr4pIb5EsClp4F6H4zAQ==
+a.nsset.be.		172800	IN	A	194.0.6.1
+a.nsset.be.		172800	IN	AAAA	2001:678:9:0:0:0:0:1
+b.nsset.be.		172800	IN	A	194.0.37.1
+b.nsset.be.		172800	IN	AAAA	2001:678:64:0:0:0:0:1
+c.nsset.be.		172800	IN	A	194.0.43.1
+c.nsset.be.		172800	IN	AAAA	2001:678:68:0:0:0:0:1
+d.nsset.be.		172800	IN	A	194.0.44.1
+d.nsset.be.		172800	IN	AAAA	2001:678:6c:0:0:0:0:1
+y.nsset.be.		172800	IN	A	120.29.253.8
+y.nsset.be.		172800	IN	AAAA	2001:dcd:7:0:0:0:0:8
+z.nsset.be.		172800	IN	A	194.0.25.36
+z.nsset.be.		172800	IN	AAAA	2001:678:20:0:0:0:0:36
+beats.			172800	IN	NS	a0.nic.beats.
+beats.			172800	IN	NS	a2.nic.beats.
+beats.			172800	IN	NS	b0.nic.beats.
+beats.			172800	IN	NS	c0.nic.beats.
+beats.			86400	IN	DS	3234 7 1 D046927A7B31B59E7AAA612D56E1F8DA77CC9E91
+beats.			86400	IN	DS	3234 7 2 3BAD4FE26537C9B141EBA6CB27F3E5640F302028B78C767D1780F1D85FB659D1
+beats.			86400	IN	DS	4606 7 1 5016CFAFB58908893B6288C1150B6DEBB1C0436F
+beats.			86400	IN	DS	4606 7 2 A5F26C1DD2B6F050BF9C1439E0C53295E502769BE20991866084AAEF6BA2ED7D
+beats.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . C3P9sQQn17ilATwAfywURk0azNYJjW5q+MHmH95cCEpuwLzeQEOVxBKmTnL11rg6qQGG/oRojTGi3BhFce4CHQq4Bt1o9r0D9YyNNKq9jJ1IzeRVJMFAeMnhy6otZStwklR/ZpwP4OQxSgDfVYSBvCXTigxjWkPJl4/H/6JA6ipaC2LiEhWps1Hw9xEW2QBzVhfFJxwqrVU0lr0Krb6mz0ZpwSoD1YyGMVCTzGfGfAgErGMKrC0EON6O9eExOYfc4iJsn9pK12KBXQJ10byGYtEt7YFB/75UQF5FER+eHYW0oowr4hsg5VEKrMy3lGOACIlPsdYVcR1dcRU8BIcjZw==
+beats.			86400	IN	NSEC	beauty. NS DS RRSIG NSEC
+beats.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . TdpiBgeFV441vf6Dp9uEJ3g1WhoG0T9h3yVqrQp6JgS9av37bIwq61YjjmHwwm7a81bi60SW83T1inUwXhDT8WisQZ3qad9ypt1KTkQEdblMbeDdXQh37EuSORskJQhOR+F+jlohYKX+p3BvdRFhuWLt3mjLY1GVOt/GgvLMWqYw2pmLr20W6Oj/Czgf2MQbh1Qhal6jK9ScHX1VItMGngm3soQgalKEaDmXY93t9QhMigFW8LSOUVzDuo4EoTYKFQruww0MvshjCa2fFES6SNj3s35o6ShDmXwNOMkxcdA7prCYFrm/ym98WFo4OTWLSXkLLQQOwwR/HnZhYz9lsg==
+a0.nic.beats.		172800	IN	A	65.22.60.9
+a0.nic.beats.		172800	IN	AAAA	2a01:8840:3a:0:0:0:0:9
+a2.nic.beats.		172800	IN	A	65.22.63.9
+a2.nic.beats.		172800	IN	AAAA	2a01:8840:3d:0:0:0:0:9
+b0.nic.beats.		172800	IN	A	65.22.61.9
+b0.nic.beats.		172800	IN	AAAA	2a01:8840:3b:0:0:0:0:9
+c0.nic.beats.		172800	IN	A	65.22.62.9
+c0.nic.beats.		172800	IN	AAAA	2a01:8840:3c:0:0:0:0:9
+beauty.			172800	IN	NS	a.nic.beauty.
+beauty.			172800	IN	NS	b.nic.beauty.
+beauty.			172800	IN	NS	c.nic.beauty.
+beauty.			172800	IN	NS	d.nic.beauty.
+beauty.			86400	IN	DS	35340 8 2 2489479F7A6E57341C7C5508C55113491C519DD846258A6593C4D1ABA57D463E
+beauty.			86400	IN	DS	52406 8 2 C5C45B79DBE67A132237B020F4966FE32FBE61553487E38D47918561568E9957
+beauty.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . vdi9BiIXUHBMWKdGr8nKYwCVMMjRpmok9d6KdCfp+A1tv97hZknk6ve4FBeTGk1ycvGBi9fuUbEg/UKjM1yxCV+EiMz2Fpky1+Tcams81L0oHCN3Pee0xkJuGZtimQiTS1mA/UeqQ31NTx1TyhZz2MMh755QuckMTWvm8iFo3UqNS+ZThilpsR8KWxmTCyROHkHrzCBVMYhiACwsqMjJkrDigSXClv3RT6ZPSyI9zM+/0YhALjZej9PQAygigrnZJVfyRgFU8cRBE0I2p7VMRxKTmxFukUt0L7b68ODciMxPAUBO1IDXTf572viZHFQqKqOsVGiKERMRd+VpZX2vaA==
+beauty.			86400	IN	NSEC	beer. NS DS RRSIG NSEC
+beauty.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . A/+NqHKYOOtPT5qXbthhK36fCa4IlhO6wFOSf4jb4mwqfViwABMpeC74rDKGSmyjQ/7QMrh526AGTVigsOTF5oaEbBnCR3DNobawCjaDWdN7u18FuSayNqw4jDI0xvvnvRsrfYkF2/eozD2CXa1fbbGGipKs6APsN3AkxoFdjl6ylcP6S/9YZQFMWt+1Hn8J8u1IUVV7pSc/oEMI3PE5oHYVXprMPuxPCrR5XkVGFNhIvqXXpMrfPiuWZuiGKfa9pags8XhNl4Ubxn0k8DBhwHPBKfI3Qn2x6XitTP13t+C8LnDH93Vjs2ysM8C76ya9SfEWk8faRBDMjbnypi06yA==
+a.nic.beauty.		172800	IN	A	194.169.218.119
+a.nic.beauty.		172800	IN	AAAA	2001:67c:13cc:0:0:0:1:119
+b.nic.beauty.		172800	IN	A	185.24.64.119
+b.nic.beauty.		172800	IN	AAAA	2a04:2b00:13cc:0:0:0:1:119
+c.nic.beauty.		172800	IN	A	212.18.248.119
+c.nic.beauty.		172800	IN	AAAA	2a04:2b00:13ee:0:0:0:0:119
+d.nic.beauty.		172800	IN	A	212.18.249.119
+d.nic.beauty.		172800	IN	AAAA	2a04:2b00:13ff:0:0:0:0:119
+beer.			172800	IN	NS	a.nic.beer.
+beer.			172800	IN	NS	b.nic.beer.
+beer.			172800	IN	NS	c.nic.beer.
+beer.			172800	IN	NS	x.nic.beer.
+beer.			172800	IN	NS	y.nic.beer.
+beer.			172800	IN	NS	z.nic.beer.
+beer.			86400	IN	DS	39367 8 2 32940AB06D3524457F9DDEAD6C3C0C76729EEC27C5CC02244CEA24E9FD9E47F4
+beer.			86400	IN	DS	61849 8 2 11485CF30D665A82C06691C37983FD4ECA2068ADD702ACE7374EC00E800F788F
+beer.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . AalJPOid3I8val8kmeXdXLWIvc/7pbZj6Va99EcC4NmUlqNfwptsJWm5rnDXS2/vwuzDDWKGWJO1+HSvi/s3vmL20gTV6OtF2WUIeMwPsVxZu5x5ug80ZhGIAYeMHK1aQaWr7kFgAtnlCDWG5A4Og1AvWxRoSAh2QzZatErb9OkEuAHwCUs6YAhbUd/qhbGneAejw/86tE6bTIQ4u4xCE07bOvn2EH8midxeq7uwOnG3gOtKKiqy8sUWbHxMUZUwlYc+ODR+1DZ8Uv/RIVW/bCI0KCmjQtZRtK/U4On8Nd2EC3jITI7LQJa/W9Bb+lOebJxUUtetF3oEzju8qJf1NQ==
+beer.			86400	IN	NSEC	bentley. NS DS RRSIG NSEC
+beer.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . uNcWu9pUxNxYkTRnHdErxcZGRc0lVCPwE+R6I4lVuN9MuGWsC5fTZ+mw1dKi/1cBS39OT9NsE9kS2oCkHcPw0nAsU/PJ8WB8PFyDbpJBTaNu076jAX4OTImExoI7ebicWBuHPVW841KWHCu5lcda3NMknwJUv49NzEvw1qMQskJu4ue46eW2T0IoEoq17TgBnu/OY0GkBqRHgv3w626UypzMl60iLwTnxBB02PlBLQWHUh7V19Fh9TbuJMLfGq4qHnuI9PFnA0Q/sy7Sju58G3833JhP2B1nPoq5e9EWLoGO2GzkL6vA1kxz4OVljUl4MeqC3FM+szDoGezfQ7c+3w==
+a.nic.beer.		172800	IN	A	37.209.192.10
+a.nic.beer.		172800	IN	AAAA	2001:dcd:1:0:0:0:0:10
+b.nic.beer.		172800	IN	A	37.209.194.10
+b.nic.beer.		172800	IN	AAAA	2001:dcd:2:0:0:0:0:10
+c.nic.beer.		172800	IN	A	37.209.196.10
+c.nic.beer.		172800	IN	AAAA	2001:dcd:3:0:0:0:0:10
+x.nic.beer.		172800	IN	A	156.154.172.82
+x.nic.beer.		172800	IN	AAAA	2610:a1:1074:0:0:0:1:82
+y.nic.beer.		172800	IN	A	156.154.173.82
+y.nic.beer.		172800	IN	AAAA	2610:a1:1075:0:0:0:1:82
+z.nic.beer.		172800	IN	A	156.154.174.82
+z.nic.beer.		172800	IN	AAAA	2610:a1:1076:0:0:0:1:82
+bentley.		172800	IN	NS	dns1.nic.bentley.
+bentley.		172800	IN	NS	dns2.nic.bentley.
+bentley.		172800	IN	NS	dns3.nic.bentley.
+bentley.		172800	IN	NS	dns4.nic.bentley.
+bentley.		172800	IN	NS	dnsa.nic.bentley.
+bentley.		172800	IN	NS	dnsb.nic.bentley.
+bentley.		172800	IN	NS	dnsc.nic.bentley.
+bentley.		172800	IN	NS	dnsd.nic.bentley.
+bentley.		86400	IN	DS	56257 8 2 CF15159EC1841AE2CF91D95B5889EB14574EFBCFB069132903E025345A39AF7B
+bentley.		86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . MlGo+5wmcdIHIjhzQ6ilsSrdjVYiXp1cITevb2sryKi7UQbS6meq7PQV1WeZFFxrdFXILAZjiHgXtnlh+3T3AIUBRj7MbmYtANaEm6W1CslJtyROE5i7VaQbATqpET2URxvyElxFJRUIXOLCIOFC7AJ2Fzr3OuxVVFOPXivfCpPk7HyiIbfksYN/zZGXRtsanNpHvNaYLUnwTCe4TQWDJPwb5DlVXVJlrzia3cYaTThKaI20PNypeHqacl3zTHaIVzV4IVcNoKN03ZtXZWBO7hydAmwMtHLcTD2FTHPS8rQHYb+I427/IBX53MTji6zzMGxjFkgzXBBELbzVBrrIBw==
+bentley.		86400	IN	NSEC	berlin. NS DS RRSIG NSEC
+bentley.		86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . GBvNb8bG/hxCsTigxUp38G4uuIW0CIxj88NlTfHNs5/6LXe/nkJKfAjvX17ghy1qEDT3PsjLr3Ss1u3gnSOXvq7q6WR0OjBDYR9YrWI5Pv08eneX5Cxzj424PMHPV0ZGm88zVYyrGRJusTGG/vO1iH4QrZv17k8wUOeyEcgxTcXr21WGiRnLkc+bGBUaeAmZNGVncFsbht5bBfHwutWNjDWI3ZewpqlcHFcUsvQZ4Q6oLyhl0uNPmVZb4DEacv1JJxtDc674KeUGhRIHkrGGgfzBFWfoiD2y3d+bLPbqull06/0Xy8yutXp+UNQhejB3VNBn6mghcMzP1xc03YukSg==
+dns1.nic.bentley.	172800	IN	A	213.248.219.5
+dns1.nic.bentley.	172800	IN	AAAA	2a01:618:403:0:0:0:0:5
+dns2.nic.bentley.	172800	IN	A	103.49.83.5
+dns2.nic.bentley.	172800	IN	AAAA	2401:fd80:403:0:0:0:0:5
+dns3.nic.bentley.	172800	IN	A	213.248.223.5
+dns3.nic.bentley.	172800	IN	AAAA	2a01:618:407:0:0:0:0:5
+dns4.nic.bentley.	172800	IN	A	43.230.51.5
+dns4.nic.bentley.	172800	IN	AAAA	2401:fd80:407:0:0:0:0:5
+dnsa.nic.bentley.	172800	IN	A	156.154.100.3
+dnsa.nic.bentley.	172800	IN	AAAA	2001:502:ad09:0:0:0:0:3
+dnsb.nic.bentley.	172800	IN	A	156.154.101.3
+dnsb.nic.bentley.	172800	IN	AAAA	2001:502:2eda:0:0:0:0:3
+dnsc.nic.bentley.	172800	IN	A	156.154.102.3
+dnsc.nic.bentley.	172800	IN	AAAA	2610:a1:1009:0:0:0:0:3
+dnsd.nic.bentley.	172800	IN	A	156.154.103.3
+dnsd.nic.bentley.	172800	IN	AAAA	2610:a1:1010:0:0:0:0:3
+berlin.			172800	IN	NS	a.dns.nic.berlin.
+berlin.			172800	IN	NS	m.dns.nic.berlin.
+berlin.			172800	IN	NS	n.dns.nic.berlin.
+berlin.			86400	IN	DS	25424 8 2 479DD34641C6386048518F9A39AAFBA26172060EE36A91F478EBE521AA1CFFD5
+berlin.			86400	IN	DS	47974 8 2 B1DDC962A9293CDA1C2AE8F951C86A8F391248C50751AD61F642D46D0F644B41
+berlin.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . r4OCHDmSCXf7qDrOQL4NQXDliYV7IKAnXulxCnjChnaJ7lCwtHoWA7ZxHm8zi9t/1NnaeCCqeB8xFLaIa4zIyii7hcQG9exKkByKQYQZTvNUDgM/hh1YEQFBNyLd27IaiTaEfWyeL61QJM3VfXCM/yKbup5f5quKRoBgRqIAYry12JqR1wBf7qLHRYs4XyGv2t99Gl6nBvHGwM9NU9n8yVSzuZKfHbJijnP8iJ7YfsNJos3hTIH0kxBq9fzMsrXpz9LtAFVqByu7UDtBeUd2TnlXN6G/Q0lfetsT72WltVpZ+ZjdQXGmrXg20qK4soBzpcGHOgpD3fd4iN2xg62sqg==
+berlin.			86400	IN	NSEC	best. NS DS RRSIG NSEC
+berlin.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . qdu8qtuMerZ42oBM4lUPeo3S9+wOBnIlQUO6ZvzXlnl7IIcrbRxUVpFb74N/W6Rdv5cRP2IKqNgHHbhlp6u+USyD+KnO9qCMUR8fG/0kYXuiCgbrcIz4CunWKa0vQx3FnSHIqHA3+fREzPWzL/2yG66s28X3y4GSWPl9WAzK9b0OB+2Vf4mKqefsiTy1Zpu01kgEDqon0yXGJbPh1DSy2FWawKC8eKfVN8uHa/Cpcvy64tujG1A8whzd1ZZK2QfHUqjvAVhfWorgptJnXGvi3GCGSPNa7GWTUOQxDy3XqGnodySHQPVe/vHQuwybconF8s0zXrQoyp8g508sCF3srw==
+a.dns.nic.berlin.	172800	IN	A	194.0.25.16
+a.dns.nic.berlin.	172800	IN	AAAA	2001:678:20:0:0:0:0:16
+m.dns.nic.berlin.	172800	IN	A	194.0.26.5
+m.dns.nic.berlin.	172800	IN	AAAA	2001:67c:10e0:0:0:0:0:5
+n.dns.nic.berlin.	172800	IN	A	194.0.24.5
+n.dns.nic.berlin.	172800	IN	AAAA	2001:678:24:0:0:0:0:5
+best.			172800	IN	NS	a.nic.best.
+best.			172800	IN	NS	b.nic.best.
+best.			172800	IN	NS	c.nic.best.
+best.			172800	IN	NS	d.nic.best.
+best.			86400	IN	DS	13966 8 2 1B34271DC3CAC4D1FAA279893902BD3330EAB9675DAB6DBA03FD163437E7D12A
+best.			86400	IN	DS	41279 8 2 D0C266B147E9FA7122215CCCA36B23D43407BD2F03B2E3B6E917D350B31AA5FD
+best.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . kujRBaQ4UN/Yd+rPLNN5L5PvtZ19XVfKU0l8h+dHTWFr7Ggar0muCZ0V7EYbW2MJ4/OSAaR9TOBQQ3if7UzNJ3ehS12M+L1lKO19hRkUUNuzJvu/qo/SRRtLdcUIU1zM3TMNQUsy0Ojfkkv2j2kP8itFAADJxrol1wT8mCVyxASdhiaxVf9r/cj7Gj7aOqGBenbf4PEePBZtUQpbOznO82LsRapXEP/RAB92YH/5uCQLmYWimwFtXTsSQdjxW8h4SgSkFMkhEEtJmLkPh9wuYe71xk69jc3i8Ci1j9AJNzdr8jireBwaC9Va6G89ngQV/to/lV3kIlwJahc0Pg4QqQ==
+best.			86400	IN	NSEC	bestbuy. NS DS RRSIG NSEC
+best.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . RsMmWjsCaxF7+W64BkWaVBou4eKT4K6jol72fF1kAjltqp6VA12zE2fW95V7aCP/hedkthnsewmPY5s0IdjfWAlciEFtxAxkTaWxN6mZ2N1ci4V45ayfFRRd4VS6ZPbEpOYxNfsYxTeM0OwlHk7NsgsOOpSzuv2UW5qdG8RGHI+A+IYx1u1FAPdA45aRlpc1QjyVt1h+gfhLOKUvvGcKdFLNakAS4gg+fvz5QZTGsJ3zaSLUh4wtaIEPDr0GunSnzUzfs54heIDgpoOufyDKCKQDIPh0gGKimAeK4F+ACPZmH/iNbktGWOwIfVSGmj/H0wtCl/BiyQe+d4/m+Kq7/w==
+a.nic.best.		172800	IN	A	194.169.218.109
+a.nic.best.		172800	IN	AAAA	2001:67c:13cc:0:0:0:1:109
+b.nic.best.		172800	IN	A	185.24.64.109
+b.nic.best.		172800	IN	AAAA	2a04:2b00:13cc:0:0:0:1:109
+c.nic.best.		172800	IN	A	212.18.248.109
+c.nic.best.		172800	IN	AAAA	2a04:2b00:13ee:0:0:0:0:109
+d.nic.best.		172800	IN	A	212.18.249.109
+d.nic.best.		172800	IN	AAAA	2a04:2b00:13ff:0:0:0:0:109
+bestbuy.		172800	IN	NS	a0.nic.bestbuy.
+bestbuy.		172800	IN	NS	a2.nic.bestbuy.
+bestbuy.		172800	IN	NS	b0.nic.bestbuy.
+bestbuy.		172800	IN	NS	c0.nic.bestbuy.
+bestbuy.		86400	IN	DS	1501 8 2 6E98E0865F6A8CD3E69F0A03CB0D9D80333A31D113AD85BBA7571F87262C5D32
+bestbuy.		86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . OtCou83JFaUAuSgS7K7addRlLUBiuVpv165rwyV2mX+HJrKEWQNnQgDAxcmNh5rOeQnzbZVZ9658js2+au0hwWIxOKu11iCrQxFi5oCchKUHRsDItGb1hKZRwJCJVnl8dnIWsUukxdHEAPRRUPM5K4v/VszjE/B32cjCbiMgQlrL2AWCNJ/kMw684bobKnfbX9eivawHcvg6uB2YqBwZkiGFM3fuEc6bXPWwsx5t1/e4/YX2S9GzKGdeT8/22tw2pRB35Un387FE8m8hVEzbjQZZMfpQLz4iq8xq9cs0Il4z5HfrPUsmKbz9BwfxB2bcOZ7Hqb9/kSHgqNsKK4l8Yg==
+bestbuy.		86400	IN	NSEC	bet. NS DS RRSIG NSEC
+bestbuy.		86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . z5+wGrQgtbHese2Y6lMTGtVMaCcbnqlM9NIKiZt9jcj95XZBPP7SjaIs002iHkLZhdJW6WLLtrO4VJ+jZ6K5JsMyMgvil/Tm9Slr0IPw6Pv92FU0PrbA2fO8f4j3QMOjCQSgVZdx+ksRkXG23WTWIcjdx6dFLA0Wr4eDcoV8BCY9DllIhRE5K6y/DHNjby78vAtJUCgs4VxHl10/sF3jvVZctrUZ/P35Ewt3WMUeMXDJj2wZa48vVOvWPkEpiiLCddMko8rQjAQBWPjmd6aUuIy4Ds3ZDMogPELb4988K/4gpkoBg0zsGRamUGeGEf4iskqyMZv5kBBVecieD47G1g==
+a0.nic.bestbuy.		172800	IN	A	65.22.216.9
+a0.nic.bestbuy.		172800	IN	AAAA	2a01:8840:d2:0:0:0:0:9
+a2.nic.bestbuy.		172800	IN	A	65.22.219.9
+a2.nic.bestbuy.		172800	IN	AAAA	2a01:8840:d5:0:0:0:0:9
+b0.nic.bestbuy.		172800	IN	A	65.22.217.9
+b0.nic.bestbuy.		172800	IN	AAAA	2a01:8840:d3:0:0:0:0:9
+c0.nic.bestbuy.		172800	IN	A	65.22.218.9
+c0.nic.bestbuy.		172800	IN	AAAA	2a01:8840:d4:0:0:0:0:9
+bet.			172800	IN	NS	a0.nic.bet.
+bet.			172800	IN	NS	a2.nic.bet.
+bet.			172800	IN	NS	b0.nic.bet.
+bet.			172800	IN	NS	c0.nic.bet.
+bet.			86400	IN	DS	34666 8 2 E514F93C9FF69EC196E47CDFA00E39946382363CF2CAC7DF3DF562F35B31A2BC
+bet.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . aG9T5LNUDT6gspMEEsvdD1ftWQ0hG3wp4vdU9rOmS5U6uV4g3iolLxq0G3Q0fqiTpzh6dCUXXqoo9pvBHjOem/09MgFw95nEKlOryWi3eDlWvBf3ndJavwzmshTsKKzjcacaqpvbpoZrwf5aM7nMxTgKQyBICtLGu6viq58li3uOT+jUjW+IGC5t1p+uNVrMi+aebFj+PrflKlnfggNtNVAvgXg/4z/fcrtIp5IBFrhvBqSmgGkW+VbeKNm25XbSRhkUelNfrJSVwpybmlPV7J7lWkwFH4p1s+EZ4wXovQ21/RbXvzNhxprKmgfrcP1mifYH8IdL/ZYVJt/HgYEMZA==
+bet.			86400	IN	NSEC	bf. NS DS RRSIG NSEC
+bet.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . d9EOY+1E3LGY3kmOlxt1TIsg5CgjXfMzpMfTXqtELspAkAEGFRJw1/xwtDQP07Hva27tVcoRNakTxNPjTxrfsbPx8StNqQvN8xtZneILk48+UwAYeoFHPvHUkZaHAZOhwfZ0iBfJtNPk7Lu0jKes4J4LRj8KLAxJr02s8NpnW59Gw4WS7b6Pv7524Y8O6g2ZBX8WE/fY4DYCXb0Rtcwmbou7qt+uVgJDCdqupIQzRCq5L/5tl1WyRFwuAP2RUvhibOgl8zNO/SnJFCMBWraok7Au388pEv5JKTtvhBPLshpgejiGixujgeoVLqCmGejDFwQnkNfFTBai/Ay/75AaEA==
+a0.nic.bet.		172800	IN	A	65.22.36.17
+a0.nic.bet.		172800	IN	AAAA	2a01:8840:26:0:0:0:0:17
+a2.nic.bet.		172800	IN	A	65.22.39.17
+a2.nic.bet.		172800	IN	AAAA	2a01:8840:29:0:0:0:0:17
+b0.nic.bet.		172800	IN	A	65.22.37.17
+b0.nic.bet.		172800	IN	AAAA	2a01:8840:27:0:0:0:0:17
+c0.nic.bet.		172800	IN	A	65.22.38.17
+c0.nic.bet.		172800	IN	AAAA	2a01:8840:28:0:0:0:0:17
+bf.			172800	IN	NS	a.registre.bf.
+bf.			172800	IN	NS	pch.ns.registre.bf.
+bf.			172800	IN	NS	ns-bf.nic.fr.
+bf.			172800	IN	NS	dns-tld.ird.fr.
+bf.			86400	IN	NSEC	bg. NS RRSIG NSEC
+bf.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . ESFJEGZCEQzfYta2BKdHw7nNayVmd3YKh5EEerbphOJN/nzNrloaijJuMntYxkbttzbXUu3Yg/QBimbyRtoXcHKgRFEABrc9aKvNCe+8fHWdWno4CGyaPyU2Vf5e6xilKlN0h6J0yq6IIqOLdP/WlOTF9EhENywlB6rqG1LlQBvevLLBVKFutfeMhriTvp/LI0PlyWGLGKoRRLaJd83Xg93vyR5kjOLLuM7gcanCbnc55mNMelvo46nI93BEDJLQ6GOL9ecWhQL5/4OCk5aCovoy3iWiEG4nqCFfiVNOk14wvKks9jLLJuUBYozM4dJVvpAqJD/xDDbaXgGQOQjBwg==
+a.registre.bf.		172800	IN	A	212.52.146.50
+pch.ns.registre.bf.	172800	IN	A	204.61.216.141
+pch.ns.registre.bf.	172800	IN	AAAA	2001:500:14:6141:ad:0:0:1
+bg.			172800	IN	NS	a.nic.bg.
+bg.			172800	IN	NS	b.nic.bg.
+bg.			172800	IN	NS	c.nic.bg.
+bg.			172800	IN	NS	d.nic.bg.
+bg.			172800	IN	NS	e.nic.bg.
+bg.			172800	IN	NS	p.nic.bg.
+bg.			86400	IN	DS	58606 8 2 305151EBB808CFA54A262403982D4C27E081B1C4ACCDAD4B4D83CE091188B1A0
+bg.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . lmT9US2EkV3TOWwuELwgdJp+zdiTIBZ8Y8luX43jM8Z8AvCOKwxVH/98+8/EKGQTOK06R2zcdyhp+bff9DcFpZOtn6pQOzVcdyS/dOd3FLM+vzW+N+XOUSuNClDK3RP3RRTZk4zzhtSjHbiyRkyaRRp64ADQ8ZaUwWfR0jk22LjaT4sOxFCyDnB1RGpofg9VQLSbmPnxJJ2Jh0F8bZuvyK+cogYv9hQ67tReUrsgJT6p9MxQ20Idbs4gnAtPIuRSf4e4lB3hwOPpheV+aTltG05RE91pJQOi8Xda7XKNctOpz8wP1xnxUddIR0yFA/ekWAGI4WTZOPPONeoEMMaguQ==
+bg.			86400	IN	NSEC	bh. NS DS RRSIG NSEC
+bg.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . lTMqM33p1ycLn4hkme9UjL5XNYblTI9EV0b5+Ep7cTJmTSg+yCbtDcmJL8kR6VFAMccu5RnG0ibmg9pYCDSivOpmJ3SDa/Ds8b6UfWOZ1W92nXbzyrCZEINhcua5OlsvfjOONyPsX1mAg8n4EPtErPb0yBqVizh06E+t+8F8n/PTFBzNhCjwb95NCKLRfCaIWpjwiRywOLBW+bGjTJEPHuawpESp7QJQNBd5MWf7LUnsXNd9F82cCZIIbImHKN2goGdOelm3k5vQ2Yl/NECwXFpVSSqSmWpa+BRDC7v3ePPZenbwzMH5UG4umYbJESNdzx5PZknjELrl3zIwgCg+tw==
+a.nic.bg.		172800	IN	A	192.92.129.99
+a.nic.bg.		172800	IN	AAAA	2a02:6a80:0:0:192:92:129:99
+b.nic.bg.		172800	IN	A	193.68.3.232
+b.nic.bg.		172800	IN	AAAA	2a02:6a80:0:0:193:68:3:232
+c.nic.bg.		172800	IN	A	193.68.99.99
+c.nic.bg.		172800	IN	AAAA	2a02:6a80:0:0:193:68:99:99
+d.nic.bg.		172800	IN	A	194.0.32.1
+d.nic.bg.		172800	IN	AAAA	2001:678:3c:0:0:0:0:1
+e.nic.bg.		172800	IN	A	185.143.80.1
+e.nic.bg.		172800	IN	AAAA	2a02:6a80:530e:0:0:0:0:1
+p.nic.bg.		172800	IN	A	204.61.216.110
+p.nic.bg.		172800	IN	AAAA	2001:500:14:6110:ad:0:0:1
+bh.			172800	IN	NS	a.nic.bh.
+bh.			172800	IN	NS	b.nic.bh.
+bh.			172800	IN	NS	c.nic.bh.
+bh.			172800	IN	NS	d.nic.bh.
+bh.			86400	IN	DS	42035 8 2 DE6B7CEF6B195F0AAC140C56C68868105D8F05967342C96A8192EFE7B433BD1E
+bh.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . OFpTkXqAE0sbrYWRy1Jg2U1XDaaeG33EP1lfLS98wNjf/60lRhdieWpbq7wDr02EW5oO6Hza3BtmBGcBx2YQ0L2qr6eRzpDj7Oxsau7zdYb22hQR/c1J030zXVJdkuBZc8DBglrEC1nR69eIlj51zJmK4sHJjFTzhf9GGxrmKF3yRSpVemYETGCh4LZy6AyWUlsvb2eooaRJcdVkcFWJQyQG6Ig+OzUS+hnOPsJ1E96dAtOs7XY+XyBL/IfE62Kcbll496LMZFIUNQg9Sj/qFLZlqVISztq3/IwJ965+BhQYHDHMbR5MyWE4x/zHfAQHzPf2hKn3oMLb1CpmwJqXGQ==
+bh.			86400	IN	NSEC	bharti. NS DS RRSIG NSEC
+bh.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . gTSilJJixCjDXWnBPOyE0y0tfoG/sTbsR0gvzekM33P2YBwUAJBWNTfRsC5QbJigw67LUCp5VAFFCdV3YxOSezsY31c2BFffvPVr6SzUoAKX+DDfD/ZW9I7sYqjfJ+PRYpoULm8FQT8MBLN16miPwnV2cMj+q1LyJM6ojR4E/buFbFa9Y7aH9uX+3OcPe60j4AQSeKZscZqQCFzZAqICaB4PEC296k9n6NHqCCLiljLUVxDqB4x5t/WTqnNhrxJ2COHw7+6jkhI1qgbCRtWMamY34mLwiyVVgpMh1UCS29vytAY9h2hyuNeHhLefP8puJCQ4MujgL35oMJiI70CzBw==
+a.nic.bh.		172800	IN	A	194.169.218.115
+a.nic.bh.		172800	IN	AAAA	2001:67c:13cc:0:0:0:1:115
+b.nic.bh.		172800	IN	A	185.24.64.115
+b.nic.bh.		172800	IN	AAAA	2a04:2b00:13cc:0:0:0:1:115
+c.nic.bh.		172800	IN	A	212.18.248.115
+c.nic.bh.		172800	IN	AAAA	2a04:2b00:13ee:0:0:0:0:115
+d.nic.bh.		172800	IN	A	212.18.249.115
+d.nic.bh.		172800	IN	AAAA	2a04:2b00:13ff:0:0:0:0:115
+bharti.			172800	IN	NS	ac1.nstld.com.
+bharti.			172800	IN	NS	ac2.nstld.com.
+bharti.			172800	IN	NS	ac3.nstld.com.
+bharti.			172800	IN	NS	ac4.nstld.com.
+bharti.			86400	IN	DS	13206 8 2 BCF1EFC6D85CA9939AF95BE715D7093082BAC953E8539F88D21B16054D5A22CA
+bharti.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . Oyy7HayCuhgezX3QEUbM81RVgkElH2ppEtlgxWRMd9gv9W/zBPtCfpMQBd/IsIH2TpP09/P8IvyfmSdf7NJNn2fzeKFrQab/W5ejCfFRCF/SpgiJwXAZ75Qb4f1RF9L038VKlZ4G4PBJkJMLR3m0uXBNq5DOses1mSZBATjVIE0YHCyPme+QsqZmxtN+01f4gnTsiGZdn0tDHXrmY0qJbs4PA7e2QkfuLhdYC0eVKr2BeAeCVDiGishK//Y2WbHjr1WMdKt7yuYvqzbLT+EsTTJ30dp0FA3fSan5wnTBY0AKbnrTDkrdNxbVBnY+eSbc+Hw/zndKvu/juK8PLLdltw==
+bharti.			86400	IN	NSEC	bi. NS DS RRSIG NSEC
+bharti.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . FTj4YmDCqJ91mndHau5TLKmb1MuvuGUzHtfC5X8R+xFSU2nJAQWQMhfJigOuAoAdysyFVH+j9taaSYcvFuR+WUAaGPumcuZ8PdmaDUawZhMFu+T+QFs2SWYr8S6ItyvrC0Xc4ZPkfKyIMXCCR048fJ1fujxjh0BLMltgydM12C9tQ6+V+68OQv4MBjpzMhEphK3W+bvB3EE532JPive/W1Yd37O6QCI00+VEFhcXcLhUqWI1uRi5Zfzpv2vBPujyyW1RLiKZE8Y3pfUV5SCYZdEHwOIPeFUsbldSjef1qxsB/sxkayutv9OUkQwuP8jV6ahhW6S9CDdiHkxV/Zbe5g==
+bi.			172800	IN	NS	bi.cctld.authdns.ripe.net.
+bi.			172800	IN	NS	ns.nic.bi.
+bi.			172800	IN	NS	ns1.nic.bi.
+bi.			172800	IN	NS	anyns.nic.bi.
+bi.			172800	IN	NS	ns-bi.afrinic.net.
+bi.			86400	IN	NSEC	bible. NS RRSIG NSEC
+bi.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . fVaGINHD6VE+1c8w7ShO9zTAsFHhsabDop7J5EoS43tOqf5uYtNQ1hBmFOBwqZ7CY8UK/6T43lUwd/w3zwHWT+XjgLYTCi9cKmYkskZ+EApQmO6JW2Q+CO/2K1i/phKXftDAuPykN/c/mA4IOx7LUnzF/P91lH4M6HARYkNWSAB3CMFawFBPkjDytHSop7TfJ0O6pg/hxVWprCCrDe1z1YAhkkf3n8zcA9f+sSHjuX2T3iY4AANkaGmLTnbYvq4zz9Ee77jCKQzQr2J+0xhTvW3FGNHgsgxlnERQrpUErTIxl8+zOJD8o072OV7wZwY05osHJ2zvvMxNhlWPrlANUw==
+anyns.nic.bi.		172800	IN	A	204.61.216.61
+anyns.nic.bi.		172800	IN	AAAA	2001:500:14:6061:ad:0:0:1
+ns.nic.bi.		172800	IN	A	196.2.8.205
+ns1.nic.bi.		172800	IN	A	196.2.12.205
+bible.			172800	IN	NS	a.nic.bible.
+bible.			172800	IN	NS	b.nic.bible.
+bible.			172800	IN	NS	c.nic.bible.
+bible.			172800	IN	NS	ns1.dns.nic.bible.
+bible.			172800	IN	NS	ns2.dns.nic.bible.
+bible.			172800	IN	NS	ns3.dns.nic.bible.
+bible.			86400	IN	DS	634 8 2 C09ED93543E2A43516C5379A9EBD54364D4226015112CDFB24199A7F91936DDC
+bible.			86400	IN	DS	8386 8 2 0E7835E59CA10B1E14B9F6AB4EED2B9F27B5BA318C66B4DE22166C4A6686B9C3
+bible.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . smM/VaIKUkxOG4zGYKKive6z1fTydEaAsuMSAvB0rpBLajfX94OKXgk2tI25XyQ62je+ddqvF5e9Y6qC9YLYMxD47GxJSdQRxptzITInbki75FZTOQZUITKWIZ47K8ejGaQJaZGBC/KEpmys4+lZImvyt874VZSuUJtKUHksKGV5ufXWpuASzAHUnKMxQKpofwxznUQpfUI6JM913OXZ76h+bn++yRdT49/ICx7W9RYE7ApRtlS9a4ZFgf59Q48mKdHxfhxw/UjiBd6mIrQH5MO9aNHaNo4zzFKxIRGd/zjnHP7uWOgQrkSogLqc1Yd21yifAiueKV0ryOJqmxu+yw==
+bible.			86400	IN	NSEC	bid. NS DS RRSIG NSEC
+bible.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . Eco4YPy+tKPEyPmjCdfwHS/QP6OlTnbc3wqTymmfIBPArFz4wtXS37B1eQZH9pf8KRbBZYTTj2LWehsB+henAxqlovCl2lWMo1nhqxM7YciJljN2U4EiEEcTK8oFbS1fL7U362iamficUErvnosrdeMVfzkDcPbUunM5A2AJuW3nfUp7ptA1Jz8TeysION8NeexFYE5z4i/Kx0e2l1iF91GKeL2ZYK79+hfpAstsBEQJhZYFck5b6dIwVomvoOiEzEjbg7AwEUypBtHX0N63t8zW1kk1B2ZpzuVr+kAYJGVLsyt7sRwluwn8l2ybcYST0rv00UzGMZnX/MOj4V9fcA==
+a.nic.bible.		172800	IN	A	37.209.192.10
+a.nic.bible.		172800	IN	AAAA	2001:dcd:1:0:0:0:0:10
+b.nic.bible.		172800	IN	A	37.209.194.10
+b.nic.bible.		172800	IN	AAAA	2001:dcd:2:0:0:0:0:10
+c.nic.bible.		172800	IN	A	37.209.196.10
+c.nic.bible.		172800	IN	AAAA	2001:dcd:3:0:0:0:0:10
+ns1.dns.nic.bible.	172800	IN	A	156.154.169.100
+ns1.dns.nic.bible.	172800	IN	AAAA	2610:a1:1071:0:0:0:1:64
+ns2.dns.nic.bible.	172800	IN	A	156.154.170.100
+ns2.dns.nic.bible.	172800	IN	AAAA	2610:a1:1072:0:0:0:1:64
+ns3.dns.nic.bible.	172800	IN	A	156.154.171.100
+ns3.dns.nic.bible.	172800	IN	AAAA	2610:a1:1073:0:0:0:1:64
+bid.			172800	IN	NS	a.nic.bid.
+bid.			172800	IN	NS	b.nic.bid.
+bid.			172800	IN	NS	c.nic.bid.
+bid.			172800	IN	NS	ns1.dns.nic.bid.
+bid.			172800	IN	NS	ns2.dns.nic.bid.
+bid.			172800	IN	NS	ns3.dns.nic.bid.
+bid.			86400	IN	DS	20119 8 2 EB851AB057822A4C0092B8A500066227424C6BCE0E50B45D40B21476B18056B8
+bid.			86400	IN	DS	64954 8 2 72F2C783CC339208A8DFE0411272CE3A327C4610B3FD6DD67B6E4C5B27B868BB
+bid.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . cegic4n6IS3fybDcUVvo21kXClSOPibuPtfm/FQKj+U7CfqrgV+hFr906H+vIHblxFNObPdLqoNeViSVTmAnT6i9tm+kgf4/+dRAYR5Cb/6wul3O+C/WsZXBEQQaguQPoF2VUN3Ngmtykpb8Mir5Q35JvXmr2xMld5yFiyJ3Szymt3bj0M+TSHYP+YCKSyBWnMVzxk5lDGV9JbwAIHaaEMXr7/DHfZkCuHuN3lVVLYY2kJkYwP1LlWupXOGDYldE9MUQ/C3yIebQAIZVWRTjg6vVJ/vI/XQEx4BJ5XTzvqsokKfIFEst1lSxOwGEtzEakPqo0ailxE7XK/hiX0Puow==
+bid.			86400	IN	NSEC	bike. NS DS RRSIG NSEC
+bid.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . Ag6c6+vJ/OrcDpd1WbTE0tkQ0uU6Rx84JaPB6jMFXhlihxzafqbj8C+PitLki/FsUgYzwIbqFaX8cCMkrlghNQGDP7MZ8Dydu3zjBJpKX5JrXvPpOjJRXyvlMqOJ1y2bfndZJtQJnqMEiUn9xScZSPScYQGwryXYNJ/XMPlLKyhGms3p1tpUaM+O0+hkMg9RF2eoYtszw/qFNTOrYFv3XUBjGjsdxOciEgYqQq7vi2llx85gbs6YLAb1xmIgFclBlwX2ZT3qWdJY+mjcdwZpQ0r8APIsrG+ofWLQ3jODEF7a7laUMMRgEdknFp6ctxl33+9yIOfb3JXkbLBnY7ENug==
+a.nic.bid.		172800	IN	A	37.209.192.10
+a.nic.bid.		172800	IN	AAAA	2001:dcd:1:0:0:0:0:10
+b.nic.bid.		172800	IN	A	37.209.194.10
+b.nic.bid.		172800	IN	AAAA	2001:dcd:2:0:0:0:0:10
+c.nic.bid.		172800	IN	A	37.209.196.10
+c.nic.bid.		172800	IN	AAAA	2001:dcd:3:0:0:0:0:10
+ns1.dns.nic.bid.	172800	IN	A	156.154.144.25
+ns1.dns.nic.bid.	172800	IN	AAAA	2610:a1:1071:0:0:0:0:19
+ns2.dns.nic.bid.	172800	IN	A	156.154.145.25
+ns2.dns.nic.bid.	172800	IN	AAAA	2610:a1:1072:0:0:0:0:19
+ns3.dns.nic.bid.	172800	IN	A	156.154.159.25
+ns3.dns.nic.bid.	172800	IN	AAAA	2610:a1:1073:0:0:0:0:19
+bike.			172800	IN	NS	v0n0.nic.bike.
+bike.			172800	IN	NS	v0n1.nic.bike.
+bike.			172800	IN	NS	v0n2.nic.bike.
+bike.			172800	IN	NS	v0n3.nic.bike.
+bike.			172800	IN	NS	v2n0.nic.bike.
+bike.			172800	IN	NS	v2n1.nic.bike.
+bike.			86400	IN	DS	32614 8 2 65FFD9EF34AE62688731D986023B138529964729AA847BF3B3FD0730202E7EB4
+bike.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . GfqFkRsUyleJtwYQwvC31rQl5UEw+2iHHtnZYBzAUPaO0c4/OxtSAuIRHSEuimYaA+dr9t2O4/wLD2j/JkCVoVYR2gRfAd8XhHe9/4jO+OdssAnte0pip/mm7GZLaOQir2CNgTz2BGw0ziTp7Y9ox4Qtl/XRXRfprIF/jGhY7q0H+6d5S614jT4EzXyLTbhHgP3u8UDIv1Q7cR6VRgrkVgletQ052zSkfpQURwM6qGZxU05m0Pbab/yyjjJGquBMGeSb9/90wDUQSVzbhf9KGvT9mr7ZFpwJxEdFcjHCH7n4Sc63Ya7+ZfSKudvDHh/gnp89W726YKiVd+dRbhnWPQ==
+bike.			86400	IN	NSEC	bing. NS DS RRSIG NSEC
+bike.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . CqGPJVw2hvI2nvsMooOKlnnv8BeY+GA2q3+ZFcsm87oHomzp0rJkRvqJiww6oBL0idN39eHK/XfQQniwJ9xZajzv19wlqzS/ld0qX9yO6XIK+HTFVUNkOKP0f6f3d29gjFiG3fj11ZJVUr5dc27Yc3nxar73QeiaiUGwpdtQXdXKIOBZecFllftWya3GPyM7C4CgEXFPGMQ855Fgm7t5EbV0+Py4DGSjSdNT2DwwD3k7nl2hMsRdQe6mdLa/KejX4s9CW7htHnak5vV5PaOZrB4etrkfmG56B6eN8dDBPd7rXLMYJzrFX6ukbR2XMXBeaH0cPQiybm4JjbIVZmNrBQ==
+v0n0.nic.bike.		172800	IN	A	65.22.24.44
+v0n0.nic.bike.		172800	IN	AAAA	2a01:8840:1a:0:0:0:0:44
+v0n1.nic.bike.		172800	IN	A	65.22.25.44
+v0n1.nic.bike.		172800	IN	AAAA	2a01:8840:1b:0:0:0:0:44
+v0n2.nic.bike.		172800	IN	A	65.22.26.44
+v0n2.nic.bike.		172800	IN	AAAA	2a01:8840:1c:0:0:0:0:44
+v0n3.nic.bike.		172800	IN	A	161.232.12.44
+v0n3.nic.bike.		172800	IN	AAAA	2a01:8840:f6:0:0:0:0:44
+v2n0.nic.bike.		172800	IN	A	65.22.27.44
+v2n0.nic.bike.		172800	IN	AAAA	2a01:8840:1d:0:0:0:0:44
+v2n1.nic.bike.		172800	IN	A	161.232.13.44
+v2n1.nic.bike.		172800	IN	AAAA	2a01:8840:f7:0:0:0:0:44
+bing.			172800	IN	NS	dns1.nominetdns.uk.
+bing.			172800	IN	NS	dns2.nominetdns.uk.
+bing.			172800	IN	NS	dns3.nominetdns.uk.
+bing.			172800	IN	NS	dns4.nominetdns.uk.
+bing.			172800	IN	NS	dnsa.nominetdns.uk.
+bing.			172800	IN	NS	dnsb.nominetdns.uk.
+bing.			172800	IN	NS	dnsc.nominetdns.uk.
+bing.			172800	IN	NS	dnsd.nominetdns.uk.
+bing.			86400	IN	DS	35654 8 2 5D6D052D2F2CBB18E7F16AA68B42E37B7ED0FC58BD491E8E97C8AEAFB3279C81
+bing.			86400	IN	DS	54939 8 2 AA18F258897855E86489C4A522EA45DA55918BCD1C6DD418322081331DF89E85
+bing.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . fAyOjTFLwdOnPmjSUoCI3dCUwusc/9fSUnrCnZo/vjmZJonlXJTYnncXh/jkd6aD5fYs2Td88cklp7+JFZrnAX8DbWwqc91QeypSWO/BJyrMEalJxdCDtTrU21D9EvSESqtl3mgVjKv6axnvCckaOEejHK2dgwZWJSwK4HYbsg78C39kO7uSG1nZkC+anDdmzlkj4BCiWl3mUh2QIQ0vQpB3Re2NaaIrcCH0Y/1lCFvbBiObk0cCxjzkkduYFaDsnZn4e/m0ngGBy1tA4utm+gkqPexuHk3KpI4v4zaYhQTL3Dn5kU6Oz97YmmfmXooxtJrHOGt953zwiVJN7V3giw==
+bing.			86400	IN	NSEC	bingo. NS DS RRSIG NSEC
+bing.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . vclAzePw5kgdGP76Cr6lCh0vXHaRHlZOeL2/hR7B1EE+osNQsvttKScobRBvbWVzpKjEWEmsDrHp4PF8CLz9eSnafrsUvRapGMv98bvxxzkhn6m79jlq3JrCEtG4/iqv3A05Ahw3L7/xNZEuFd9fWW4XQ8zklis2EI85/PS0C9+M+7TBleyeDGL+N8LOKeF5upCGr7Q9SX8LA6Zjk/QvbkyfH1KNSkBOrrk4EGKewSLmmAnZLZPl9Uc1zATC1vHVtxNc/FWA5p2NCcjYKapjc755MP6gogM6Oo5hUvj3p00DT55f8lWhs/QQPl10ZHadmKJRkbC2dd4ui4ypLX9k6Q==
+bingo.			172800	IN	NS	v0n0.nic.bingo.
+bingo.			172800	IN	NS	v0n1.nic.bingo.
+bingo.			172800	IN	NS	v0n2.nic.bingo.
+bingo.			172800	IN	NS	v0n3.nic.bingo.
+bingo.			172800	IN	NS	v2n0.nic.bingo.
+bingo.			172800	IN	NS	v2n1.nic.bingo.
+bingo.			86400	IN	DS	26002 8 2 03BDACC0AA8EC5264BE4AEAE020B6868CF219757CFFB96E809B02AF985571BD2
+bingo.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . i2QrNZKfFqEWgCsh5m5YZo4fB9ek5RGIK0TaK6mFBNp1XZZiRzpVBqlgjDFTxbY9uWUwq/wZ8X+i0RzPJBGEnbil3UqHUkP6q723LBKXr3+nPCFee6SpbNmIUbvt44knqY4I5U02Dh3LDHG3vuCjRTHQMnxKVS8oGyy7j5AZD8Er+bHC8fKiFjRO0rkk+cMnxt43kZKiDO2mkVfBN+NaPKtj6NCMEpy3H7z0UHPkfXAnVcMqWm2wCONUGWONnY8DS4Hq1iINYoocxZOidl9YqHxF/Emf/g02wjKe6q1Owh5F9gCr9n5NJXeN5fDOsktcKpjJYFBQaN1USp+9uBRUjQ==
+bingo.			86400	IN	NSEC	bio. NS DS RRSIG NSEC
+bingo.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . uDXvfE8ss4yDnjNllLuOderuarvXJDAq4sOZMkPyDV+++N2HH+xp6iWTMfniuYEuz6WxvsqyPH/XazL1N4zdoow/diM8pmbSODRpIdutIjX+kkwKeoKlBxltYGOtXLgUFZPRufjUc/EpfUZufXxSywLqyksFw2H/3YXYyReYEfFTEj2rE4Wvj0NFxz44oD25m5YCpPnNZ9kkqMp4+vFi+4tIewoaJ+wHW1kLcrr+yuVM1gCtUlHp0joY8XHQOzSmgON++j4kGh47wUH8XGvdJgrPqc/vG0H9N5qIseGUL7PRBpB2BmssM7es+cCxwvrFRG/9Zmdo1fWOVhsuNHZLIQ==
+v0n0.nic.bingo.		172800	IN	A	65.22.32.62
+v0n0.nic.bingo.		172800	IN	AAAA	2a01:8840:22:0:0:0:0:62
+v0n1.nic.bingo.		172800	IN	A	65.22.33.62
+v0n1.nic.bingo.		172800	IN	AAAA	2a01:8840:23:0:0:0:0:62
+v0n2.nic.bingo.		172800	IN	A	65.22.34.62
+v0n2.nic.bingo.		172800	IN	AAAA	2a01:8840:24:0:0:0:0:62
+v0n3.nic.bingo.		172800	IN	A	161.232.16.62
+v0n3.nic.bingo.		172800	IN	AAAA	2a01:8840:fa:0:0:0:0:62
+v2n0.nic.bingo.		172800	IN	A	65.22.35.62
+v2n0.nic.bingo.		172800	IN	AAAA	2a01:8840:25:0:0:0:0:62
+v2n1.nic.bingo.		172800	IN	A	161.232.17.62
+v2n1.nic.bingo.		172800	IN	AAAA	2a01:8840:fb:0:0:0:0:62
+bio.			172800	IN	NS	a0.nic.bio.
+bio.			172800	IN	NS	a2.nic.bio.
+bio.			172800	IN	NS	b0.nic.bio.
+bio.			172800	IN	NS	c0.nic.bio.
+bio.			86400	IN	DS	16334 8 2 AEAF99CE9C6F64B1607605DAE987D3BD0ACD4C5490691322B98C592C9C27B14B
+bio.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . DeipbbnSZ2AC1GpUo7Plg+bX8QbN/pE0H9o8GUqr/e1T+P6GAcUQOI2tSpUui7vZAXb7Y/cF9qqoSKTrgQs9A/TyzgSnLt7Y4NuItxX401D+QpSRs/icxedMvT3ozzOTVjb0MybX1rbbmY5WGyPegFkmKL+SEFQwAwjq6mZOPRNbBplept2mwALC2UbAJKqzK3HVi4RPcSkSeyGUGNX13i4hQySI4Pql0Lq8XJL89c0yN5CweJNzeEI6Ducwv1IAFOIOFMvrNCUk548OB/6EpXpWfcXLNmQ6ojh8u6QbpYs55WSCUsSP0LZhOWtZGFyuMnfY3JCzpa0AZWznJa6KFg==
+bio.			86400	IN	NSEC	biz. NS DS RRSIG NSEC
+bio.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . MsPpojLfFUrVcI1SbyN12LdVoir3tSS/lEEkWbHgLufB9FlOv9DiCw4KbfuYWzwgPh4ZlBz+mV1SyXxKpoGRaI0k+eQ78eZ2fGcAS80/IprEbboKtN55vitGTdYHf66ITZojlkE5HgAgpqK1BtomuI2C2ZQwZKXvGBctHyNSolKQRfpsptAQoVtMkdrQWIz/GOUKJ5T5U9dB4XPt+WHeUlHL+su7oieUV5VL7kUmJN89tNQ+tLJH3cmZzU9QrWDNWzSOAg4D8hBJ6CZr7feouJLSkNVBk5naZ8vJ2fbZ7cLt8Su/61Wh6uUhKzJOfP7UIcZd1KzGoZhQf4GyXkqVmQ==
+a0.nic.bio.		172800	IN	A	65.22.84.9
+a0.nic.bio.		172800	IN	AAAA	2a01:8840:52:0:0:0:0:9
+a2.nic.bio.		172800	IN	A	65.22.87.9
+a2.nic.bio.		172800	IN	AAAA	2a01:8840:55:0:0:0:0:9
+b0.nic.bio.		172800	IN	A	65.22.85.9
+b0.nic.bio.		172800	IN	AAAA	2a01:8840:53:0:0:0:0:9
+c0.nic.bio.		172800	IN	A	65.22.86.9
+c0.nic.bio.		172800	IN	AAAA	2a01:8840:54:0:0:0:0:9
+biz.			172800	IN	NS	a.gtld.biz.
+biz.			172800	IN	NS	b.gtld.biz.
+biz.			172800	IN	NS	c.gtld.biz.
+biz.			172800	IN	NS	w.gtld.biz.
+biz.			172800	IN	NS	x.gtld.biz.
+biz.			172800	IN	NS	y.gtld.biz.
+biz.			86400	IN	DS	11044 8 2 E41AF415E6CD0727C2924D6E60B896FB9C6D81831AC90C9DCA4C22497701AB1A
+biz.			86400	IN	DS	13075 8 2 5114C10474C1467017A378DA75E6845511F78FEA480A4469A3BAFC54B2738E11
+biz.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . xkPT7HyXFc9E8ibVBgkkq0WrPp0WU89IF9AgRybyM0wG6I+imivPtqltp504N/pq8YCLhOUdzVBVTcOUAYIbHMlVftwKjhtIzLvyNPzN9tz6iKiNv2Usy2CsDb/7OEOLDdxlY1CA+QNwz4+NFVXlzMmmtBSAdfRVll3OLusSooJ+rMl0AS5aeoopXKGvWsxxMiUogV3xQ8o0xk6Q2vL5SGpclq6G41oD3st68r7gzxqqlUWJ6vhkgDdCM9lrmhvEl38TYRJDdDKCY38idDafUNWaOBSTfTyvLuJK6GtTfVRWi8WFdEvNk/knaErt7RVgnpwSOrp6+OMaha89o8AeSg==
+biz.			86400	IN	NSEC	bj. NS DS RRSIG NSEC
+biz.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . TjlVQOkzq6GZ3xMiduD9AjVLxfhFkrSDvdU+Yho6srZr78zYIoz19k4tWsZYAPBN1WensOrogymJ6OD86R3ERsKKSEuTkdyHNjijsrUaCxCWWQZfOM1XAuLffqXfipuazlTKrcUAldoNFblvWk1Grzzeyn9yOgotTMjSbBwTQ/7AhzhsE1nevhlmqOAWxzBmTQ4Gyh1llvovyYIsWSO3vcmo8MbpAH61J9Gp9q2GAthN7sXO0F0eK8UtSaFZK2wjpmOTKBRosTC6J09ZWUN4edjLxHo2rKrqWmTpbfkpH9XpsLtprR+686EfmwAyJS8XMX552tktcIR6JfrXylDBxQ==
+ns1.asnic.biz.		172800	IN	A	213.248.219.254
+ns1.asnic.biz.		172800	IN	AAAA	2a01:618:403:0:0:0:0:254
+a.gtld.biz.		172800	IN	A	156.154.124.65
+a.gtld.biz.		172800	IN	AAAA	2001:502:ad09:0:0:0:0:30
+b.gtld.biz.		172800	IN	A	156.154.125.65
+c.gtld.biz.		172800	IN	A	156.154.127.65
+w.gtld.biz.		172800	IN	A	37.209.192.13
+w.gtld.biz.		172800	IN	AAAA	2001:dcd:1:0:0:0:0:13
+x.gtld.biz.		172800	IN	A	37.209.194.13
+x.gtld.biz.		172800	IN	AAAA	2001:dcd:2:0:0:0:0:13
+y.gtld.biz.		172800	IN	A	37.209.196.13
+y.gtld.biz.		172800	IN	AAAA	2001:dcd:3:0:0:0:0:13
+bj.			172800	IN	NS	ns1.nic.bj.
+bj.			172800	IN	NS	ns2.nic.bj.
+bj.			172800	IN	NS	pch.nic.bj.
+bj.			172800	IN	NS	ns-bj.nic.fr.
+bj.			172800	IN	NS	ns-bj.afrinic.net.
+bj.			86400	IN	DS	26617 8 2 F408C0B3C28D87A76175348B27F6D26CA47231FC29071AB6B5F849777C6548B5
+bj.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . F/DDyphro4/huOTpjzSbGclvdm6ZycScZM6PeUsuxV9YvtFl7s/JtNw8x2FI5cc30bJLqgRrmh2ZwGm/F/gICZ34/xDJ+ASoFH5DLieccLsDYPaVthHZ/TR2dW/Ctd++iiK0HGO1N8R6+PtV9G8puafBPafyMjWzRMBqIEf/Hc/ggxTsrKtP/Q3Fju6Z+DcAS+8f3Lj4BWMRtpoG1uzglQTCRtMqAmcmO390w15VNtMvaUfwYZGrjxm/hopbmfzMGM/dQ5D6mgqAcJx82sBhIf6ZPwjoQn8r/lxZLnDQjNPdIlaW9bl/par4uoY3Kk3qaC5cw0TqlOcxBYqHUL8KMA==
+bj.			86400	IN	NSEC	black. NS DS RRSIG NSEC
+bj.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . GQRE6KOtCwKpJWisMGHlvTbY2kXPVmmDqvf+NTTZVUChnhM1BUW7nuvEC2ZqqSb6cFGAt5uzSytK6zFkcKTriaboO2hmLuvellnf4R37qCiJkkJv1Q9GGhk2tmwwkLQ/92HhRyJpN+wNv/ShtwL5edNaatB9ggcDe7+skaxiEAMvcn9cg1cxPENLAFKeQfnvrubm+M+sNvCM3C5TmcSKDEQiLry64cCdovtUSmHsAa39Jg6kQUcBk9J6B3NyEGjSAzmnwQU+n2bUCRrRnCMHi47s3+ltLnwizC0r+F6isyyTxb9ZisPEiZQJmXlYfLI9pzVhHSZbRGKfZwRWv9QdWg==
+ns1.nic.bj.		172800	IN	A	154.65.28.218
+ns2.nic.bj.		172800	IN	A	41.85.191.2
+pch.nic.bj.		172800	IN	A	204.61.216.125
+pch.nic.bj.		172800	IN	AAAA	2001:500:14:6125:ad:0:0:1
+black.			172800	IN	NS	a0.nic.black.
+black.			172800	IN	NS	a2.nic.black.
+black.			172800	IN	NS	b0.nic.black.
+black.			172800	IN	NS	c0.nic.black.
+black.			86400	IN	DS	28819 8 2 FA6792252A660261B2C191A71BCEDBE4CDD7BF61C33AA5F04E558ABEB8F96BD9
+black.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . s0/RN4CWXdeT/FtOmbT3+SYJFzOLqrduRFkINm/K4wYw+t3mDErXvwCwTpc6MT2e42Fi+vgJo5qhhS5y+Jv7Pnu1JJ5yALaSAIADAFbNuHiXPWFZIPE8bXTYzZlZjs19hh3Df1Go/1TCeWKz0n5BNeweD7LtuAhnxw1YDnP6y4vCdPABecosXU3BF4rg+u1D9Hleo8b9lpwg5JRYmk1jQylqdP+L6LTxSDFXYP5xRL4S6yOiqX/F3b9GDEHUiDatLoLsqJ+tOQids9f312w9TyUPHVFtajdjE62JZJqrateeRx/S9K91ThMNuP2Ce/orc8k2x77+KkL7Ce9OTEvXng==
+black.			86400	IN	NSEC	blackfriday. NS DS RRSIG NSEC
+black.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . Ogj3Wd7MvU1I/hy1TTR/FitdRxTGCWHN7+UKbNzCwUZ1OcwVSF/XxYbOCiZMfBOLpbjKdtDOELVKkETX/8rAGXjN0SSshmsA7JgOiUMYbzNRo4CiQgIxMmNGsDEXyAFPESARIGHQv6kdOgPqn+sILsXGYD0O04OL6MgfqjVwGi5SFvLZphzD6maleT5mvZJpbKLVfOv4w1RV+nuWFaPrt50No6g4ZdPnnGJkld8sEIJuNxQVZi/SjzhAhQIxaNgmK58rC9utj9IDCKbeLL8tms5lb9KS9lLD2lVNJUn+l0tcJDGCo91jAhm7Y22uEAIOFf/Vv2TgJlCNpL6RxHHPkQ==
+a0.nic.black.		172800	IN	A	65.22.68.33
+a0.nic.black.		172800	IN	AAAA	2a01:8840:42:0:0:0:0:33
+a2.nic.black.		172800	IN	A	65.22.71.33
+a2.nic.black.		172800	IN	AAAA	2a01:8840:45:0:0:0:0:33
+b0.nic.black.		172800	IN	A	65.22.69.33
+b0.nic.black.		172800	IN	AAAA	2a01:8840:43:0:0:0:0:33
+c0.nic.black.		172800	IN	A	65.22.70.33
+c0.nic.black.		172800	IN	AAAA	2a01:8840:44:0:0:0:0:33
+blackfriday.		172800	IN	NS	a.nic.blackfriday.
+blackfriday.		172800	IN	NS	b.nic.blackfriday.
+blackfriday.		172800	IN	NS	c.nic.blackfriday.
+blackfriday.		172800	IN	NS	x.nic.blackfriday.
+blackfriday.		172800	IN	NS	y.nic.blackfriday.
+blackfriday.		172800	IN	NS	z.nic.blackfriday.
+blackfriday.		86400	IN	DS	47938 13 2 92074D73F8C4E1B874E8C6B3F76C6994A02D962A948C94E1A504DFD7CA1CDA4B
+blackfriday.		86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . U+qKWtbR6gTvSrPy7+yHrpvnE4Zxs8pN4XTaqBizAuwGS11SnI4pCkXKbj/BTjlrGk9Xrk5rp1uUHlFV0MOq4LPi2cQ1qT6Eb4q7pxvCtvlqc68BagobcAk+UilvpwezvrmKVhfqPVPQs1wlL7R7EAgZ3frebGVEUic8Fsc8Sp2GbxOBoR7JNTaFSttgF0wHaXKcwvU6wewUz7D3VEFIlEJz0ZU09HRNXoj7paW/yaB5juE979BQwEKMriIQRpBCP3JF9XV5IlX9qM0mRXG8sPhKs1NHwcRK15Gc93/xEji7nYiEpFzCdU1g66NfPnmcRqRguLqYLcyZFJ5cVY+vPA==
+blackfriday.		86400	IN	NSEC	blockbuster. NS DS RRSIG NSEC
+blackfriday.		86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . zKqFp+wdwjTD1sGq6+K74hQjQn/bUVSPYRHkqZy1bxwMlJYBu5tz4RI968azl9qwDWYEOGJ4BnCY2Qs5+HnIsup9uL1Sqw9Muj+qkcmpHlBtQ0w2zpCX1vbiYcm9TgJPDcKCUjK1fjQGyK73Ort6ZK/TGZCpQXr9OK9f7Zk5MwuaIKg8f9B8m4z4l2zl2NIXJjOT/3OnZA0yw3vAjp41wOYeRXFLh2qNT90XfL/tI72lnRmR1WkbcLN7QVDoa2gAawLED8sphSYCXbaiKbTjADPZ6G5U2rXCeFLO13Q8AsTqMa/Oc0ZdGR8dzMVAhRWQorHlI9QvBf21dcnAFQLWRw==
+a.nic.blackfriday.	172800	IN	A	37.209.192.10
+a.nic.blackfriday.	172800	IN	AAAA	2001:dcd:1:0:0:0:0:10
+b.nic.blackfriday.	172800	IN	A	37.209.194.10
+b.nic.blackfriday.	172800	IN	AAAA	2001:dcd:2:0:0:0:0:10
+c.nic.blackfriday.	172800	IN	A	37.209.196.10
+c.nic.blackfriday.	172800	IN	AAAA	2001:dcd:3:0:0:0:0:10
+x.nic.blackfriday.	172800	IN	A	156.154.172.82
+x.nic.blackfriday.	172800	IN	AAAA	2610:a1:1074:0:0:0:1:82
+y.nic.blackfriday.	172800	IN	A	156.154.173.82
+y.nic.blackfriday.	172800	IN	AAAA	2610:a1:1075:0:0:0:1:82
+z.nic.blackfriday.	172800	IN	A	156.154.174.82
+z.nic.blackfriday.	172800	IN	AAAA	2610:a1:1076:0:0:0:1:82
+blockbuster.		172800	IN	NS	a0.nic.blockbuster.
+blockbuster.		172800	IN	NS	a2.nic.blockbuster.
+blockbuster.		172800	IN	NS	b0.nic.blockbuster.
+blockbuster.		172800	IN	NS	c0.nic.blockbuster.
+blockbuster.		86400	IN	DS	20059 8 2 7CC46EE5DB147183B41BDA17AC3A5CE97963064F139E80A7C2B60AA8BD5200E7
+blockbuster.		86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . gtG+1LQPkWb0lV8RtcH3s5/3pUp9lHZkgZR7hWRz6ZUpp6649uacsMW6qgJDmH5hm/RR5uPndtBYXivJw2r9Y46DQ2MfhK55wAik5Zll39ERw3ksoyZ65hN/gZ2gHzE5WjElb9wK9s+dhECqvtv6tcToSy0EcbgvrKetp0M3rKsf6uty0rPbSwkam4WfGD3AiTeP1kj3fnbyiRZZrvdqIR6ruXvzq/Ppw5gssqR43nUXeAefW98ITDS0cATJV7e3dTmGkMAz9OdG9pef/RUDima4BvhhdmxDPRY9O4odux2h1BZB0HxE2LIZh5iLlYOzHrFpBQebbwWI4bsBanX4jg==
+blockbuster.		86400	IN	NSEC	blog. NS DS RRSIG NSEC
+blockbuster.		86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . un8IRV38iud06Vx0Td1divGOCnvwwnujytkEIm7aafr+LphGQbDtDD0s1DprGOuyi9MvwlbHGVhJgSwlYqTITATGRUqfrGwoXz4tvvL5HQYjXlAo8AqA/Ezabx6fLhcm5nEVkVNWw86cs8GyJAwadWK6WxlRoOqwkjE548FdnnkfRAKxnXaOy2NxP3Xv0sFFyiluRkgQBJE0LlHtUUmcx1MmahdBK6zoLNAOsPgyfC95pIXwC3Gob0kFkL9T53kSRvETdjw0jgKsxwnzZtvuFg1KYIRiclLF+/bVDe7ezLfqbx3mWnSt2ueoqmu3+7owXCnO83YEcJrgNzQAAxYrpQ==
+a0.nic.blockbuster.	172800	IN	A	65.22.92.25
+a0.nic.blockbuster.	172800	IN	AAAA	2a01:8840:5a:0:0:0:0:25
+a2.nic.blockbuster.	172800	IN	A	65.22.95.25
+a2.nic.blockbuster.	172800	IN	AAAA	2a01:8840:5d:0:0:0:0:25
+b0.nic.blockbuster.	172800	IN	A	65.22.93.25
+b0.nic.blockbuster.	172800	IN	AAAA	2a01:8840:5b:0:0:0:0:25
+c0.nic.blockbuster.	172800	IN	A	65.22.94.25
+c0.nic.blockbuster.	172800	IN	AAAA	2a01:8840:5c:0:0:0:0:25
+blog.			172800	IN	NS	a.nic.blog.
+blog.			172800	IN	NS	b.nic.blog.
+blog.			172800	IN	NS	c.nic.blog.
+blog.			172800	IN	NS	d.nic.blog.
+blog.			86400	IN	DS	16976 8 1 F4535C694F892FFEB740C35CC9665B52E360DF7D
+blog.			86400	IN	DS	16976 8 2 9862DE44E1E7E44215165000C4B87BD3F46D439C686166DA0CA79E06896958B7
+blog.			86400	IN	DS	43975 8 2 94023BE3A769704F45ECB9FEA13BBBAB6ADCDB4D8BB39E621E3CBF223FB5CA53
+blog.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . yh9UCs9UCmwNip413mS7zCdCCAIupMUjqUNnkWhszQQCiS9cPhLhvE+8USEMDk6jP5kBmODYG/VrDWxXN5KwyoikX/wtm1Bxu8FHDDBbC4Y2UxiMtT34f5cb22whvi9UFumDtfUiQ9OicW+oo6pBu4sap12yQdK3zm7eEkqIpU6RFDq5TrHAzrIejPcAAfAQq0MRi0asOOvVIIwx0g8LVV7/9HeQMugS5LNmRahgl5JV1CZ+hcGbwQqPdKTnaWy4OqFYPQTebmCAjYteTbGjmpdD0suXFJ/GY07SGLp6VGRBbyglCEXUk/PH9uHl+VAbaz4pUZ+ICWCZv2kXTL2EQQ==
+blog.			86400	IN	NSEC	bloomberg. NS DS RRSIG NSEC
+blog.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . xhy93II+1S1XHALzfSfm/nAHilil1lvH3Mos5NiFPVcDqlEwmiDxe2y/Am7ec0s4NpLk1QIbphXyWEyTkCnbAUJ3LmNH/Z2fXvdDs67+vb3MxcE7FnEjuQj3o34ldQfoUKSXooaGdyb8yzMIKMpkiyHxcq3MFBhjLYV9qMRtR5PGg2aLV+83z+CtXoPeWCOUu7sZPMJTaouPPeTMj2qW+D7Hc+/xm9zb05J/bqXTtueUHYTNN06macdruG8zz7/b6gZhEpfeGnNV/mfPjrqmuaSuQMKLZyOHtsx0b9ufNktz3tkJlHxzyw3NLypWyS9SRaFkitgUNmTh2e+q2c5IRQ==
+a.nic.blog.		172800	IN	A	194.169.218.94
+a.nic.blog.		172800	IN	AAAA	2001:67c:13cc:0:0:0:1:94
+b.nic.blog.		172800	IN	A	185.24.64.94
+b.nic.blog.		172800	IN	AAAA	2a04:2b00:13cc:0:0:0:1:94
+c.nic.blog.		172800	IN	A	212.18.248.94
+c.nic.blog.		172800	IN	AAAA	2a04:2b00:13ee:0:0:0:0:94
+d.nic.blog.		172800	IN	A	212.18.249.94
+d.nic.blog.		172800	IN	AAAA	2a04:2b00:13ff:0:0:0:0:94
+bloomberg.		172800	IN	NS	ac1.nstld.com.
+bloomberg.		172800	IN	NS	ac2.nstld.com.
+bloomberg.		172800	IN	NS	ac3.nstld.com.
+bloomberg.		172800	IN	NS	ac4.nstld.com.
+bloomberg.		86400	IN	DS	46338 8 2 98A66BE30959371E15EAF5D4A65ADA3393050610A2E5B7AE321B694C876258C9
+bloomberg.		86400	IN	DS	49654 8 2 DA5A6B59DF8DA1F4B814D38FB01359BCCBEE0E6595E19FC569C1830CE452447C
+bloomberg.		86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . NEpoEhe07hU/m0GtyyL5Shf5pxws6uSqibg+uRNjT8aoSHPosipMIEIILk1BYR0Teyy/PWiiT7W0a3QF/4r0xmxHBBIcyWXbl29KKo/EHwsI+qlNnywerOEikUfe0TMaAcxLvRcPprLp43glsTfDVQ5X8N0/j0tZsW5ZAjzQGNY7sqOvpAiKbdv2PLGpzo8Z0dAwkIGkFffNZdtaJFIShXYWjGk4eZLvsTA1vZxSawIIo1cCE+fAVeTjTx0wRTKnArVfiANaixvFZsPE4+Rc7Fe8fxQT+UhlBRZk4IHYpwElwwbnZu2sVa/ZXPqyBLoOELFXib2k8et/HamnCBCt2g==
+bloomberg.		86400	IN	NSEC	blue. NS DS RRSIG NSEC
+bloomberg.		86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . WdAEsQNne/U4gkK5LtXOJZ6ygJ5n08W8avJgOnp4kG8WchmPCSeMvBkg7JjZlUnOL4Aj9z2BfOnvbYOO5NNoNmzk4+1ESmHoZ7k4cEwC2xv53CnO8X8NlpSBXNyr1zssd3zd/YZt81XgVnsq5pNctT33Bex2p5kws1+PC1l9dmqcGtDGJmDmoQEPqHcPxOw2MjyuMaiKgqWGezFKyAP37lQAAq1iqNndfppQXxhE7npzTzm7Hd1hlbgKFytI4VNpbyCi8hZCUJ1DrmtYWV7Z45wp8d4DIPQeaWdDo2+9Kk4Xb57x4xnN+0mCgyOqY63OCu6PumoAqMklUOswOf4r0g==
+blue.			172800	IN	NS	a0.nic.blue.
+blue.			172800	IN	NS	a2.nic.blue.
+blue.			172800	IN	NS	b0.nic.blue.
+blue.			172800	IN	NS	b2.nic.blue.
+blue.			172800	IN	NS	c0.nic.blue.
+blue.			86400	IN	DS	13015 8 2 337188914037F0D7831C5C732516D7310C1D291F55ECFE67CD8B9F4CED0B706A
+blue.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . cZ5A+QGd3H4epmBfwvH2L2+bSGzaN4q6XpQjpmKQ+fjkS00iyDQZft1v3PZNyz3GB1q2WIORnkHvj7/FnsU//iOMYQ7AdHVCG3hjiJHKBa+cl7WkoDNBtjXX3yRddMPbumLlDsv46N0NzPj6s3ES2wSTSZA6oD9A53Os5mCEI+GxiqgwTtHsdL3kQk0WUenqFmtJNpipp3SP0wcU0us+8ekjZqv5rIbPAtbRR9uqrJgc8UBrlKhI+B+RDbr94Kzm8E2jWGlBUkvUXcpF5Sbb219IOl9LGy6SvmzGa86iixLUJHRtQc4NE5fMDdQgeYthSPY67Yilwk6Pb22M5Tg4Bg==
+blue.			86400	IN	NSEC	bm. NS DS RRSIG NSEC
+blue.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . jbfklwIe4qMuJDaEtjtxB6uNQpk+jiD1lq6sDdaBtJjbhIdFX5uVPb4oubT3IEfRrg5vM9G1IKCNC+Od1pbifuIyQXazFfZ+QoryQO+pYeNXt1X50kmtQCotRtoHd7BQlmfgJUSrXUaEUXkxk13szQ14rDv1LhxcJxMV+5xBNPSj85E4UeJFHUAE36SVPEFWkvoDWxzxgLAu3jKnvONpXT+XAbgns0Gw+39+C0T2v75rX2n16ayIwywJDIaQ6EC5tlvokODtOwj63W6bd2ugmP4prDrsZxnMs4VBZHP9KI4fWXfOXT3wBDxpL2Npdewul9B5qVoLc2KWp8y7cS/I9w==
+a0.nic.blue.		172800	IN	A	65.22.28.9
+a0.nic.blue.		172800	IN	AAAA	2a01:8840:1e:0:0:0:0:9
+a2.nic.blue.		172800	IN	A	65.22.31.9
+a2.nic.blue.		172800	IN	AAAA	2a01:8840:21:0:0:0:0:9
+b0.nic.blue.		172800	IN	A	65.22.29.9
+b0.nic.blue.		172800	IN	AAAA	2a01:8840:1f:0:0:0:0:9
+b2.nic.blue.		172800	IN	A	65.22.31.13
+b2.nic.blue.		172800	IN	AAAA	2a01:8840:21:0:0:0:0:13
+c0.nic.blue.		172800	IN	A	65.22.30.9
+c0.nic.blue.		172800	IN	AAAA	2a01:8840:20:0:0:0:0:9
+bm.			172800	IN	NS	a0.bm.afilias-nst.info.
+bm.			172800	IN	NS	a2.bm.afilias-nst.info.
+bm.			172800	IN	NS	b0.bm.afilias-nst.org.
+bm.			172800	IN	NS	b2.bm.afilias-nst.org.
+bm.			172800	IN	NS	c0.bm.afilias-nst.info.
+bm.			172800	IN	NS	d0.bm.afilias-nst.org.
+bm.			86400	IN	DS	37810 8 2 E3E102B0B9334884C32BA5EE04C628E94D9D66B9026287109066EBEEECFEBC20
+bm.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . jMMjfXogeV/Rme95an2KoNCPMPSJLlaz6NRlzVYFXxWmD44oEpENl+xIFhZdvYcMrP00EENtpZpL95oVSn3sdf0alhJGodxileeuErFZWUWLhyFkjh0VPZLJlFa3/5/K5Uyw5xT/RoauolEp3lF7H9p7NXb3ZnbBu+0cisXkzADsk0BMA+D8jconsrm4d/JCilVSVvceKLtQ0qGlS8hhSGw03mwJsDzawG53Yvj6Hw9AwBve8q4plBCH5pJVI194p+3mMuJQc24aJidSS/4q/FFWLRmXfXZU1pNmtXAorZjoDpbtzOzZzIYyPpA4cZQFrHesKtr72tUNfevix4wgfw==
+bm.			86400	IN	NSEC	bms. NS DS RRSIG NSEC
+bm.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . dJoWFKUkonasgtEuSx+DJiZBISxadXefLnGSj/5GJePCm0dWwBNVqNNRMFMEtw4lKrQCNFQnwIxD49W/lguwhJQ6QKO4LM7oMRbeMLSvsNTbV6jHUDABHr7P5/Em+aoLlvPkwddjz6FmU61ziwBzQl4QEGrZBY5KRIMMDqeIUsmg+U3sCjTEBNrTeT6G/Tb41RH9Xanz4Fh6M6RCnMOTblJ1MotwHqPBnU0xZ85kDzu3FrEfwoOPLejpSbYsFqO5TFQ6y4Ltg+wq66Zr2J2ZQerqgFTRu+hkS8cLct0t/IcEumDjvP6KFoshW3xdQeXn7Tkv0mQ2yXmF8h9Sz+hS4w==
+bms.			172800	IN	NS	a0.nic.bms.
+bms.			172800	IN	NS	a2.nic.bms.
+bms.			172800	IN	NS	b0.nic.bms.
+bms.			172800	IN	NS	c0.nic.bms.
+bms.			86400	IN	DS	6109 8 2 CF017A68F34CCC1A4F72FB998385A5E9EEB60CFD9FF8043AB6E6B4F9495A4A6F
+bms.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . Ucs9NBwrckl1w5pTNAGUFoAmXFVyXp4mfEnm37ij0Ss0jNwU47isnl7sMhQW9eaBPbKdqmn/c/a3FIsPEwf/JZQvZpkwjpio8mjhY9ND0ELhoxROP4dAzwwb8+N95tcITEil+xH1f8ZDnOExiTwnSHxfd+GtUkTrLQu5ePF38qoKH9J6jlkyaXuWEk7yY/i45i//d1vIunHpOZcgkWvyV/3TyGktSECGDVfXvTFFVdohG10BVchYdRYpaW3CFIvTZnk8yWaPxv+S2G8CvtYioo3vadUoDG3tEoQQ4y1w/LG5Izmxr42d4ssgUzRQqRn9m+0Eknt8301sjODdrQmvmw==
+bms.			86400	IN	NSEC	bmw. NS DS RRSIG NSEC
+bms.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . kgSkD7CX61kbbobO5Zo631POtTPpNMWi/w9i+vCf/Kgz2smPvkrBpHJrZzrnoibGKQqlKqxb7XNSbR700jjSJ7bDl1KWU/DoOgHPFdcrPHw2oqD/eCIpwrDcXqyAvuiEO8OF3pl7O/0CH6RJqWSyViXXs+Ovy2z0KxGSMWT2vC6hJZh2W36s8y/6gTLWgb4IHej3OjxT0Co/hP3tjX7IoY4cc22VhYOAdRXlfR+wI+lPfhq4XlMd/9ynNnWY7/ktv5tdpQYUuj/NfnvAG1o8pfTChwyaFIYF+/bp0wfSCscIEA1+IvZlmbakXtFTRgpgCAzkCMdAvyOeDy32UwqrYA==
+a0.nic.bms.		172800	IN	A	65.22.112.45
+a0.nic.bms.		172800	IN	AAAA	2a01:8840:6e:0:0:0:0:45
+a2.nic.bms.		172800	IN	A	65.22.115.45
+a2.nic.bms.		172800	IN	AAAA	2a01:8840:71:0:0:0:0:45
+b0.nic.bms.		172800	IN	A	65.22.113.45
+b0.nic.bms.		172800	IN	AAAA	2a01:8840:6f:0:0:0:0:45
+c0.nic.bms.		172800	IN	A	65.22.114.45
+c0.nic.bms.		172800	IN	AAAA	2a01:8840:70:0:0:0:0:45
+bmw.			172800	IN	NS	a.nic.bmw.
+bmw.			172800	IN	NS	b.nic.bmw.
+bmw.			172800	IN	NS	c.nic.bmw.
+bmw.			172800	IN	NS	d.nic.bmw.
+bmw.			86400	IN	DS	41084 8 2 6C86D7E525248DF05C8DD7720648D4CB629DAAE2DCD163BFC74D28312FD5311A
+bmw.			86400	IN	DS	43579 8 2 B543B5ADBA44E6E32D11C93BB4E729D80FA1197F59B2AE505A1E292605234793
+bmw.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . wPA2lI6+6br+2cDCdOBlIA+/g3KtZTApnnfgngaBlSoMZDRs4zwfXKOprQ5a4jhXvGzXarcL75SbLlB+6Radh1g0FNcVfQUXp/ymxf1Zz8ED9muIcZqobNqVyMpXBVnDNJrJNvgZa/43pc417JnfSPqLM91LITEk7BKAhQp39Zm1f0D28RfUKMu+U1pF8HybLrAkeNqbFo8YjDzaLCvcL9ZaCmMWVkmJ9Qxm1p3VvZEB+UPbPMLfi2OGhMn+oE0SS3TcmC5nOA5wwxilLw61P3MNLOZaH59omMjX6n6oUv81gJ8A/7OnXUpphG+WmRLgvA1zIZllVLPOuGfztWXwWg==
+bmw.			86400	IN	NSEC	bn. NS DS RRSIG NSEC
+bmw.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . ouXwsd7k8vCbe7rwYHy3mR9tssEZQrkiSRIYrqNgySE2uI3VpYyOX1rIn03EyaKbauRzwyXQLETIMW73d5Mzn0RwX98lDyw2rSIdWAa+r/6DTjr9MUTIEyEaqEedb7P5isOH5cses8SK94B+9j5qi5RHoVtxRaJoypTb1v+wiTgnqpFNV1Nq8z1ZRppqxYLZyJTM6FHYwST83Z1sa6hqoLh+hfofLNu27Eppj3V9iWd33b4Rrxw/ciBt4bXg0fkOq8ecZsfWC7J24l4oyByz08wkk47wb8mpVxdbk+0NwkAHxsTC8rs+MCP62nOsOnYte2PWGlOYGlfunqO0cOMK7w==
+a.nic.bmw.		172800	IN	A	194.169.218.76
+a.nic.bmw.		172800	IN	AAAA	2001:67c:13cc:0:0:0:1:76
+b.nic.bmw.		172800	IN	A	185.24.64.76
+b.nic.bmw.		172800	IN	AAAA	2a04:2b00:13cc:0:0:0:1:76
+c.nic.bmw.		172800	IN	A	212.18.248.76
+c.nic.bmw.		172800	IN	AAAA	2a04:2b00:13ee:0:0:0:0:76
+d.nic.bmw.		172800	IN	A	212.18.249.76
+d.nic.bmw.		172800	IN	AAAA	2a04:2b00:13ff:0:0:0:0:76
+bn.			172800	IN	NS	ns1.bnnic.bn.
+bn.			172800	IN	NS	ns2.bnnic.bn.
+bn.			172800	IN	NS	ns4.apnic.net.
+bn.			172800	IN	NS	bn-ns.anycast.pch.net.
+bn.			86400	IN	DS	37217 8 2 C07408E9E9E8D893257B987EBCB7B8C11889A2E40A66106CC05A6F12FBF629E6
+bn.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . GKpjlcdFSsCMIV5ZXHmbrNNl3wzEGajXKYxpQSi9vqA1zLz8ps2K4Do+W1eE4PncgwtWMxLWe6ZJ+EUwUml8QT/XSlr+/tqNgwV7hsGFjyvdhd7qHEpvfqV4XNVmJ6AcYuqqaru/tYYzCrt3nKLPMkrNNxWjZwoE9S4+d/fpMxGopDmO3A/ps85fssH92CbYzKqIjcfQXXZ++NR895It+qlwI7PnbOWlDtkhrg5s2TB5y5bPFBNznfLKp5UVMwlYMxkSyxNQgrOCjNJdOG0YeW6TTj0zufHsmJk8ao8hfJGFNw9F1l66Yszy5XD1to69R5ie5QL9HGylDrwQbpUHPA==
+bn.			86400	IN	NSEC	bnpparibas. NS DS RRSIG NSEC
+bn.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . cRiwcYOXc2YIufOVseM7N6gNATZhhcwK2liDAoWLIf6Nv+Wn+XuwRwBpL7OYt/NeITgrEtdTeQgMzu7PxBgeph0xop6Rp4kSj2dzvpJ5qmsHeDZ3MiTeKc8Sise8BEMWry5GrTiPrrVrsf9G4q3Y3B/Q7OCjPBP9xultPf5PKXbkgQ7VWYxJapMG4sYnyV8V2YeRjPXviDy3a5S8RTMv6hLZq/bfqOr17wYuFdFTcIlEokOambTH+OsxuxtIM6VJlwhW+u+Cc4VZmq43bzLnQDkJZJ5DqrDqbaui4bddKTB5IruswQFrkGqbUdt0jxhh/crt8InG2ZEc30UWSCtwNQ==
+ns1.bnnic.bn.		172800	IN	A	194.0.1.33
+ns2.bnnic.bn.		172800	IN	A	202.93.214.163
+bnpparibas.		172800	IN	NS	a0.nic.bnpparibas.
+bnpparibas.		172800	IN	NS	a2.nic.bnpparibas.
+bnpparibas.		172800	IN	NS	b0.nic.bnpparibas.
+bnpparibas.		172800	IN	NS	c0.nic.bnpparibas.
+bnpparibas.		86400	IN	DS	51937 8 2 84170B93B26C6D2041AE501A63ED72AAD0FE327B139C21ED23329717F1DD2034
+bnpparibas.		86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . jj0WPbo8NxXiGGHKjDTElV/oj18KeTvWSUAw0tLBUX6O++tyT+PpYhTPLR9IZjz8Udy2Yv0e2VzVm+4medMtBEf6NTElq3NlCNWpY8+x46yhPHVGB4A88hTpvGgVaGLXaVMjxwJBbd5Sll+7G2UIPOX1a68+79ljO+YlyquP4A65Hc2CodEb8s4KFdi6wZTwOJD9Mxgx7BonhKdCuJFnblp1ml4LG0gICbxFP445PmS9nB0SoPneP7GoY839+ggrA0LfQOpN4bg5bBolx8tQ+/CYkh8ALHuscomuNtYI9kArOE5zrZwk5hkz+De4jBqV8VBy34JIW2URouAxt+wGEA==
+bnpparibas.		86400	IN	NSEC	bo. NS DS RRSIG NSEC
+bnpparibas.		86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . KGm39yEjWAkIk3qIM4DbJkylyiO3pUa0ehy6MVM12l8IisiSuXspsK0EL67oQmons5yEPKPndhzFlFE/H24FdP+4jCDWmvtjKX87NKeL4OEi5sLCMeJ6vvsuIz+AaDlx6X0XOr1hIoD1PgfjxTgdYpg4uvJmfBBW5NIie8mD/au4dp6LXyzc/gYBZ8hiA7Q+HhWeXs/Huscf86zCEeclzA4HlbinT6FoShYY8sQKSlURoqnizS2Ge8oZyiu9vZo7XkXoMdRx/Mjg3DcKiNLpgeOwsyfu/f9CYjPJ6FwiWmUQxp5aCEABYXzmtEKaEwDoHIULAcEMTp7id0545/pJUQ==
+a0.nic.bnpparibas.	172800	IN	A	65.22.64.9
+a0.nic.bnpparibas.	172800	IN	AAAA	2a01:8840:3e:0:0:0:0:9
+a2.nic.bnpparibas.	172800	IN	A	65.22.67.9
+a2.nic.bnpparibas.	172800	IN	AAAA	2a01:8840:41:0:0:0:0:9
+b0.nic.bnpparibas.	172800	IN	A	65.22.65.9
+b0.nic.bnpparibas.	172800	IN	AAAA	2a01:8840:3f:0:0:0:0:9
+c0.nic.bnpparibas.	172800	IN	A	65.22.66.9
+c0.nic.bnpparibas.	172800	IN	AAAA	2a01:8840:40:0:0:0:0:9
+bo.			172800	IN	NS	ns.dns.br.
+bo.			172800	IN	NS	ns.nic.bo.
+bo.			172800	IN	NS	ns2.nic.fr.
+bo.			172800	IN	NS	anycast.ns.nic.bo.
+bo.			86400	IN	NSEC	boats. NS RRSIG NSEC
+bo.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . Cya60GRDDX1xMAF31bAAFU/2KT8wp0nAYtLtJWYvL4/w5wBHOmUTJB+87Nvulyx1hN6sEZYNSmqRSKI2sNlGKxtdOIqcVyXMYXbf0/EQRyvEJPUHBNTjm9gF3oCgh/J++XZlO/kb5fKOpm6c9U5XgKHEOB1qukkK1N2gBS1cKZAUXN2T1vf7Yek41FGRun3wMNJGLfPj/jLxtYwXxO6PFxil7KLMi0XoFkzyOhIIzeceD8sUR8BVE4HRfGgsiL8VlzmgehzBZzLu6EtbSKyf5e4PQehvVSnFRHa3GFcTLtyhF2A6hwlOF8bGUdEDhpdWo2QKj1YI3KHZqNwQA0V3Rw==
+ns.nic.bo.		172800	IN	A	166.114.1.40
+anycast.ns.nic.bo.	172800	IN	A	204.61.216.48
+anycast.ns.nic.bo.	172800	IN	AAAA	2001:500:14:6048:ad:0:0:1
+boats.			172800	IN	NS	a.nic.boats.
+boats.			172800	IN	NS	b.nic.boats.
+boats.			172800	IN	NS	c.nic.boats.
+boats.			172800	IN	NS	d.nic.boats.
+boats.			86400	IN	DS	184 8 2 A4A33B365286ABB2176F9F617093D4DADE9CD2AF1C8B4955DB2B0AD92B6940D5
+boats.			86400	IN	DS	59980 8 2 A5E1E3D7C3A1CD95834BE1A4F1B403EB0018E4918D107C25A61360B2B7E585DD
+boats.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . EMkxvDCh1xHJZ2RmmSDPzKNRfz76sF4YNcWK1FIJwstQrU675OnsohyDLEhgMDtkrwv2GH8fh7d5vsf/Q5XmXvLQ6DIN6vqBL8quhk3QmMNgXd7/3KxAa+QXmd1hCVO37/EGhqzyyyGaEz0UhsDOkr9ev0gV9Q+CDJ19zNXD7q3AYMBDMnbXVXC5GHyVWGqQvO+HVfc3LhuDLQ/DtWxWp0qWaTFGcmuOEOb2atPC5x+8LHkcvLjJ0huQuBQigr8Qdv5rcF3e/KTqUnnZXNibWrgqQrJnU3hfkov3XzHE2TRJy35oQ6mwo1+toz41otJXne2wuBttSjkE0QJmdQicSA==
+boats.			86400	IN	NSEC	boehringer. NS DS RRSIG NSEC
+boats.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . ZLf9z4qZ5dVmxOr9N9Y8s80DLueiOWTKBAfqqB0a3kBQxpgZThvXLwgyi9kZBfE5u4O+S0jkL8kIS5FP/VerjmLsg89JngvMhCchK1W7JlvlMvZeD9cGRLAj6ltdgXRKhStDRe2Ct5zw4j+NFHCmYN0fxoNpABsrxGtTQ8xRhbDsgEEk2hRoFFB+zembGcYYscu1iwP9IFm8jKtA7WV+oRyVd1xapl75f3/NQ3c+OtflIHePOPXsde2vhCL1H6iDk8hiVGDNZUwUGWbytu9WA/PCfSh0ZotgM6Non0sKru8/x5VbHAwYy1Rm+3WNIIxfbNz70XxRow57oat0V6BGcw==
+a.nic.boats.		172800	IN	A	194.169.218.134
+a.nic.boats.		172800	IN	AAAA	2001:67c:13cc:0:0:0:1:134
+b.nic.boats.		172800	IN	A	185.24.64.134
+b.nic.boats.		172800	IN	AAAA	2a04:2b00:13cc:0:0:0:1:134
+c.nic.boats.		172800	IN	A	212.18.248.134
+c.nic.boats.		172800	IN	AAAA	2a04:2b00:13ee:0:0:0:0:134
+d.nic.boats.		172800	IN	A	212.18.249.134
+d.nic.boats.		172800	IN	AAAA	2a04:2b00:13ff:0:0:0:0:134
+boehringer.		172800	IN	NS	a0.nic.boehringer.
+boehringer.		172800	IN	NS	a2.nic.boehringer.
+boehringer.		172800	IN	NS	b0.nic.boehringer.
+boehringer.		172800	IN	NS	c0.nic.boehringer.
+boehringer.		86400	IN	DS	37117 8 2 98508B91E23EEF16223B93512B6FFD370F83CED809A7A157A98A8B07BE84E0CE
+boehringer.		86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . rMYYbNyvYM/a+KqUns25YNs455aUfTzBJdam1kPEwZ+OouRnY9gRDBEbBOlV0cMOVTAX4e0Ub7wtnc8TAk2Q9fmRAMBiAY/QnHCH/9/8LRnkm/5tl4bBWAxtgPrODznPsJS12Kw73YcpQZkkElhZKclfVOUKcgtFdYNxpLlOFR9pQUdrGYn/sfcSIP7PgACawrmjV8P/QwjIFy1nIferDOd132PtKMnJeGT4sLGymiZskkVgKGLFk+SWk009RWb/k2ZlXCWnhU9fARwzLk+HkeSqL1qz3mMA9h3PMnbi1SY15J0U8zjjF4IvSvoBTvcJcp0B+CK3iap9dp3j4q5vOQ==
+boehringer.		86400	IN	NSEC	bofa. NS DS RRSIG NSEC
+boehringer.		86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . sQSyiJw6uF8kirWFXF8E35wfrrdlqq1EG6P2+iysw6fnswGIziMp4AGKcpKQRGvBoBO3SNh9HB+0MGHT//0FvAcS542nEH4len5C0LrUWs2l290iaDBeWoOkHnfm2yz9BWwocd0iPrVz77GOHBn1UAR5e+y9hKzcM/bhCkdOwmbiqpUd6l1739YXJJFHfrisDFnp9Gvdt63Hh2JjMh0DhDPHbBh/NgBsazqnhTkjpgCRgalPql3gnsBve5fYjWjjWLLmJlAc4YhgFF3jboDduIRE5jkiTqE38Qnj3k/hT4WaAA7rDrGaPmrIvQBy+oTYvY4pUsaW2t3pN1XpHNjzaw==
+a0.nic.boehringer.	172800	IN	A	65.22.188.17
+a0.nic.boehringer.	172800	IN	AAAA	2a01:8840:b6:0:0:0:0:17
+a2.nic.boehringer.	172800	IN	A	65.22.191.17
+a2.nic.boehringer.	172800	IN	AAAA	2a01:8840:b9:0:0:0:0:17
+b0.nic.boehringer.	172800	IN	A	65.22.189.17
+b0.nic.boehringer.	172800	IN	AAAA	2a01:8840:b7:0:0:0:0:17
+c0.nic.boehringer.	172800	IN	A	65.22.190.17
+c0.nic.boehringer.	172800	IN	AAAA	2a01:8840:b8:0:0:0:0:17
+bofa.			172800	IN	NS	ac1.nstld.com.
+bofa.			172800	IN	NS	ac2.nstld.com.
+bofa.			172800	IN	NS	ac3.nstld.com.
+bofa.			172800	IN	NS	ac4.nstld.com.
+bofa.			86400	IN	DS	35541 8 2 5BF7C416FA5DBA14158B807FF4EB2F0438DB45D35D0F0AF4F6FEFF148399B455
+bofa.			86400	IN	DS	64354 8 2 BF0D0E96761317B889DD50495191A1FE5D5342703C381C21EDE518E843BEB658
+bofa.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . XFiVqvyoDgWs5SLhpgHfVi0CiIz7dx1P9OAyeBuxKHSiXCAzl917I1uAZyJTG+XsNRqzRkOme7BT981aSI/b0ubzmWdPji7IftJzEzzO4GPJJWrBWwGzykkbjXKVAp88+YgxvZTe38jo0NcNwMbuPye0+t+1e7qtuG76YTYNK9PjDfzX65lcjLUrj1MNoVhmZQhzoIQREs/jO8ZrIR84cm7469Z73RrGs5qn7j+3HSGSVniK0ru2cEeY6oFa6l0r5AOq0NtkUWRuhK4AbOqtCWiUFRXOckvmzhHtSDe40b1c/wJ/MKeTyKKQHtU4zXXqDW4f2j288/M6sjY3mERUQQ==
+bofa.			86400	IN	NSEC	bom. NS DS RRSIG NSEC
+bofa.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . RB9X0o5StHag5jcdv8cE7oGJYr2zCJ9oNXpndrTmtu/TaDyXDgRHhmUQ3Ij2vft2Y2IzIZZr2A5ZcyGZZPs6rHF/Dt6xFeZj7FFLmXnl3MIZJE7HKI/CZVy8o7gBdFCUwd/25qGh5XtJb2MHvAgXjpy+fgPWZizUnh7C6VtgeTDoRU2suZ6UFzUYeSaRGU3Tqk0mdOrkUkbfQkSBVDaSUS6iV8N7os275UNOMlNHlwfY1WHP5ckWfjJ1yS+u3NLyU3sZEahglXh7o4cYGar7xIzo+kTnbtl8Jeg9ZGEDp2CcpKcxAFW58a98Z5V9Q7CBjk4VsaDYu9AUq7M0oJhdrw==
+bom.			172800	IN	NS	a.dns.br.
+bom.			172800	IN	NS	b.dns.br.
+bom.			172800	IN	NS	c.dns.br.
+bom.			172800	IN	NS	d.dns.br.
+bom.			172800	IN	NS	e.dns.br.
+bom.			172800	IN	NS	f.dns.br.
+bom.			86400	IN	DS	2471 13 2 351532C0B3A206B6B0F3B70DB8DC5F588CA48A9A0AADF743B483AAEB063AF2ED
+bom.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . eC97GHRXyKbLW9kykmi6XA7jpyYG5IOFYs7i3CT4O+6YRDmHgWlPrWxjwhEOebrllDY/vLxzeImb+nKqPo2vvsVlgl3UMEcVnxIvRXzXCfTmFdls0Vh6F0EDFdQ+JXWb9ptjbArFikq72tj2TnwmgzRxGYvyqEiUncKOZnk3fcjck7ub5HhKYLl/96TLlRFrNeXIri9mLA9qj1BJGj9kKW1TfDNK6KN3qWtAQqj3LnwnRt8GY65usX+UbQT5FcSRrlk79Az91foitf5NPdQ/m10oCsb/0N0ZM+8zOLjogeXR0nNLkmb7SiWHlh/hPiNg8qRlV3muBZBhXAxd+sxwgw==
+bom.			86400	IN	NSEC	bond. NS DS RRSIG NSEC
+bom.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . Jaa5DF/7FoZnzRUzaBM7NzKECWNBD3KLvYJqkoyNXB8HsT/oj0HzHzSLwSfkHsWD/ZiWm1Pm40HTcjr3oxFR9WcJRpJGYrc8tuptwd17CQT3yDUUKncU3iXeP31z2h89z5qaJQX3QYqOX1FhE4ln1OBqzdoiyreEuviqLoBOJQHCBq1YVzN7ySMPsNTQNjR7UezQNBUFN+ZckJ+9rASuvTdCXLlXgQFnZjw0jSHQSeDqY+NLcMO15Ib0YZs+iRF+Kbgq9b9oywoiLKo0fv/dgcoy/XZQAVgkohk97Jso/6r9iAWxASui/zshn/Jr5YMIFmzxzB+s+dy8YqcKR+RdBQ==
+bond.			172800	IN	NS	a.nic.bond.
+bond.			172800	IN	NS	b.nic.bond.
+bond.			172800	IN	NS	c.nic.bond.
+bond.			172800	IN	NS	d.nic.bond.
+bond.			86400	IN	DS	35002 8 2 FA12AA0EBA1F60642345CEEFBDD7A36EC310EB1602547BEAAD5A1793ECCA9DD5
+bond.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . LZgmyjsxNoWYWSc75KduA6ECTNdRVoMrErdldoJBrOHdKynhyTUlyUAVw8APlEVVo1RPTrw3I8TlRgKA8Xah/MfZk5WnWjN5dn3++z/jyahmEJkbRdtLrcOyNowL+qpZztBw2axCczFfZ5cnoj8m0FlXb5nQkeVMk33/xi6GaKGPd4cBi0CxjXCgSRbmlMnZO3lrYKxYird0dZB2BVZM4N4wisots9AtpfxSFomlOy+SBQGeOOOU55yySm+RruPB97eVPH32MKQyi9ti4Rj6EUpsTAdBbDbsaHCKeihK1FwnzR/wm3Nl2xkrE9qz+/gm8CdwMzH7BmYEdysmIppNzw==
+bond.			86400	IN	NSEC	boo. NS DS RRSIG NSEC
+bond.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . STgwe2kN8xajj7U7z1rlvnO8LNJBgBKi7mtcHmWELnHBkz1p+xy1WXitMkDYHjBKut+uceZXANQA/Eu4V1MuOQSFgBXIZr7TS3x+aAfHvrw0Uq6UoL6CO8oN1YoEp06HSu5m0U/nakNLtjIf0v9e8EDg1OtzdmofiqjphF2xCl3u7JPWYWWrYpU8pPwNRox2h+CLMqGyxx6fn9ogHzqIFYp349UkPwtZJUi3T4kYnxmzEfUf0D78VG3j6xXKC8RqdQPuUWcFnfebex0KdInee0zZHm7WY1aiBrECN20N3QhQKcArYhmFk982QRuoIYDfCfWltJ1NcF137hD/nRTi7Q==
+a.nic.bond.		172800	IN	A	194.169.218.85
+a.nic.bond.		172800	IN	AAAA	2001:67c:13cc:0:0:0:1:85
+b.nic.bond.		172800	IN	A	185.24.64.85
+b.nic.bond.		172800	IN	AAAA	2a04:2b00:13cc:0:0:0:1:85
+c.nic.bond.		172800	IN	A	212.18.248.85
+c.nic.bond.		172800	IN	AAAA	2a04:2b00:13ee:0:0:0:0:85
+d.nic.bond.		172800	IN	A	212.18.249.85
+d.nic.bond.		172800	IN	AAAA	2a04:2b00:13ff:0:0:0:0:85
+boo.			172800	IN	NS	ns-tld1.charlestonroadregistry.com.
+boo.			172800	IN	NS	ns-tld2.charlestonroadregistry.com.
+boo.			172800	IN	NS	ns-tld3.charlestonroadregistry.com.
+boo.			172800	IN	NS	ns-tld4.charlestonroadregistry.com.
+boo.			172800	IN	NS	ns-tld5.charlestonroadregistry.com.
+boo.			86400	IN	DS	42175 8 2 ABE304D422168068884FCB9BB10AA300AD2340EE85A894740D127CF0F97E206E
+boo.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . rK0EiVnIu4rrz75+VDX/oGNEIoWw0fMs8lSXzH6WKKgdNtGp5a41P1T07ZnGyZlmDcYh/xZw0kcCZg57+UDsdtKOOgNO6ml/RmG4RZYFRIrOcODJyPeHIV+eiMC7bk8rHx9cusbjA7qp08haoHn2xIzPoqrS8h6ufQLNMUiSZfB/u48Ih7YvV8F1w27pTXjNovfe7FMaF/J/o9WH1x197dQoVJ+d+/On/ptTamQwdqjqUAghbelAHXrQV47wSacR0BPxY/eJQRPlKDa4WCa2YoV+NMSnIDcw72GfBSKgjqsJW+bYAL0s9UB5mFNgchNkgojFg5U3PSyLWEcz5M7+Dg==
+boo.			86400	IN	NSEC	book. NS DS RRSIG NSEC
+boo.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . CeAQ3w8t1P8NRb6A3pd+/p1kZMFRlRSShLQ8gBToAWyun6+UKTfW6ptI4iiXdM4fLyF2qk0qUQC9fap+VX3wEybQVqcd5rvq+yd9X5ok/+OUuGq6OHY1IOsHDB/sN7N8EUBxRk5tnvWr7VASNPyXQzSjM4D6cT1+ywFAHdwmkql7ty3Eta/Y/j7lNJywoPzl2uuCHXAU9B+rrWVw81P6YnkV62JfRIvnlbutu1mTrz2t3yh+1jZazA1mt21LWnCQKTlQLChnYNdkFxRXEIGPsvtr/kXXsQB5Q75vP0P+DjPAb4EmwQnnUZn19ohqEgmsMhDQhyUJLlOTScqioQjt4g==
+book.			172800	IN	NS	dns1.nic.book.
+book.			172800	IN	NS	dns2.nic.book.
+book.			172800	IN	NS	dns3.nic.book.
+book.			172800	IN	NS	dns4.nic.book.
+book.			172800	IN	NS	dnsa.nic.book.
+book.			172800	IN	NS	dnsb.nic.book.
+book.			172800	IN	NS	dnsc.nic.book.
+book.			172800	IN	NS	dnsd.nic.book.
+book.			86400	IN	DS	44297 8 2 66BF547095380BD991DEAD7D74CEFD93B8CFB8A8EABB9F43881B6842DE837237
+book.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . 1rKmg+rsIDyKnvHvAHlgDX7wExElxXH6hjL0bRzApUOZ+xwPxx1WaQQzQrLHA02//azdT9AZhrlb/cdwnCU155t4ru4oCcqU9CRQ3Yk4fm6rwPgNivNtrSS4Kr6Dq9/OHUsyavyy+W2rGoYuZQBV9Gq8mRC/e+gkvxa1WXuRy/87B5iQ6udbkoB/Al6o9fX4TEVn2bDMcJUHHr7e7AwiLrhmJwDdI9Xxjf9b2HfMVmA9FZarFcYwHi3AsIKffJ636xgG4V+L0KcEdZirgElNmX1QI+zVcI2FmQZe/r2b3IH+I9NDl85xYw1kbU7oozCWHSNac2IQnGWrJH6WGtpnHg==
+book.			86400	IN	NSEC	booking. NS DS RRSIG NSEC
+book.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . bp8ulxGHEGYBf/oKfrqDa5pLgpaJB2pYHFROceK3VZzXVwWtYwmmAtSKOw3EJmihCPSUkK7LA1mD4a+l4OuuscQIvCrMB/5+mxqmsHddBcKBt9RUu/3hxU2cBEeMJqfPppqAD/JDJLbFCK2PKWEkK0JXo1u4aC70f+NVCGGagCKslbfUU+6HxJk26ohA2NkVztpYjpOktJ6A5W0Zk+POZYide5poN43MO067382vQ9BGrZznlmYFVeEpg9t0K3cV+I2f3vmXx6dLm33SYGTZW98f0Dg3MKI9p7DJd2yQBWSDrqqrxnL7Pb4obG52NGHz7w+lxMXPiFZQTh+nXsshzQ==
+dns1.nic.book.		172800	IN	A	213.248.218.61
+dns1.nic.book.		172800	IN	AAAA	2a01:618:402:0:0:0:0:61
+dns2.nic.book.		172800	IN	A	103.49.82.61
+dns2.nic.book.		172800	IN	AAAA	2401:fd80:402:0:0:0:0:61
+dns3.nic.book.		172800	IN	A	213.248.222.61
+dns3.nic.book.		172800	IN	AAAA	2a01:618:406:0:0:0:0:61
+dns4.nic.book.		172800	IN	A	43.230.50.61
+dns4.nic.book.		172800	IN	AAAA	2401:fd80:406:0:0:0:0:61
+dnsa.nic.book.		172800	IN	A	156.154.100.3
+dnsa.nic.book.		172800	IN	AAAA	2001:502:ad09:0:0:0:0:3
+dnsb.nic.book.		172800	IN	A	156.154.101.3
+dnsb.nic.book.		172800	IN	AAAA	2001:502:2eda:0:0:0:0:3
+dnsc.nic.book.		172800	IN	A	156.154.102.3
+dnsc.nic.book.		172800	IN	AAAA	2610:a1:1009:0:0:0:0:3
+dnsd.nic.book.		172800	IN	A	156.154.103.3
+dnsd.nic.book.		172800	IN	AAAA	2610:a1:1010:0:0:0:0:3
+booking.		172800	IN	NS	a.nic.booking.
+booking.		172800	IN	NS	b.nic.booking.
+booking.		172800	IN	NS	c.nic.booking.
+booking.		172800	IN	NS	ns1.dns.nic.booking.
+booking.		172800	IN	NS	ns2.dns.nic.booking.
+booking.		172800	IN	NS	ns3.dns.nic.booking.
+booking.		86400	IN	DS	5470 8 2 0E779C706C569B36A19A7D788C043979B9AB862EF84E913B51920A9C4106C9AB
+booking.		86400	IN	DS	29245 8 2 35E34127BC68CC91698D0B5EC4562002AA8293DA7C6CE0BC1C75CFF3E6529EC4
+booking.		86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . YZM0aWYYbzh8gp7YFrYbOEov4u6+C4QXtS3UOAYBexXiyGUwKY1P1KSThk63Wnk/2qoVsydsJe1K5QNO61sjDwDiVi9vz8MOmkxgH+o9N/LaVzJflnoOdXd/PnF9fz1nU1xHjgWmVOM8jQC55I4YZ+2M4f0B0jXp3QlyasN3NH5iPTQjghVwM6hXuzK+BwqBne5z/Hj+EufWDHfzuu1wPD907XC4VDjgZL0/+Dvkh26LOM9OflreIsgFUeptY87nu0XO7kFtmMq6MJCV60jIjV5Do+uRjLEKzLR2dK3hi2HdSqrHLKbx+GLazDjm6jfTajAD/6KfNVLFVuq8ake4gw==
+booking.		86400	IN	NSEC	bosch. NS DS RRSIG NSEC
+booking.		86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . lHUAX7cIFoUSapqIP+rGCMzqds1JNiAoMEyrZI+3TP7lgW1C/iGo1pEM5ONJ0W+l+2fCie+/slk4ta8sM8aHScK62lOf1aKyK+HPysIA2qZMjzIkECPE1nRDDu5qdx7vj+Hoe8pzwGo4LIW6n2qmdL54H7K1IiabbQKBCH2d02uuBpBQi283ozxyCSPq3p3D0uCGfm8y5nQtpeHgd0iROsLO+ngMBokJ8RhhOVLztDpCYWTFZXLs2Z8G4mmXi0eGUZh3kxzYrKpqUPuiEnNHHHI6PIFnfKsHFNPiLIkmSIX93cGzmnLu9hqHqfJF2eJedhfWrSm6L+73intHp3PPVQ==
+a.nic.booking.		172800	IN	A	37.209.192.9
+a.nic.booking.		172800	IN	AAAA	2001:dcd:1:0:0:0:0:9
+b.nic.booking.		172800	IN	A	37.209.194.9
+b.nic.booking.		172800	IN	AAAA	2001:dcd:2:0:0:0:0:9
+c.nic.booking.		172800	IN	A	37.209.196.9
+c.nic.booking.		172800	IN	AAAA	2001:dcd:3:0:0:0:0:9
+ns1.dns.nic.booking.	172800	IN	A	156.154.144.27
+ns1.dns.nic.booking.	172800	IN	AAAA	2610:a1:1071:0:0:0:0:1b
+ns2.dns.nic.booking.	172800	IN	A	156.154.145.27
+ns2.dns.nic.booking.	172800	IN	AAAA	2610:a1:1072:0:0:0:0:1b
+ns3.dns.nic.booking.	172800	IN	A	156.154.159.27
+ns3.dns.nic.booking.	172800	IN	AAAA	2610:a1:1073:0:0:0:0:1b
+bosch.			172800	IN	NS	a0.nic.bosch.
+bosch.			172800	IN	NS	a2.nic.bosch.
+bosch.			172800	IN	NS	b0.nic.bosch.
+bosch.			172800	IN	NS	c0.nic.bosch.
+bosch.			86400	IN	DS	60941 8 2 1DFBED7CA1EED1F0FC7C79BFAC760F2D796D423B13CFF9334A00745AFC7AE286
+bosch.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . LuCOienukeeLL5Qc5rKFEyjtnLuOqOyKlNh6k+tu8qIppekpAuyWaM8Zo8AkWM0bF7xy3KdorhBDKC+bkZk85QLKW3mNkCtItZyNYOCafYsG8zFpIYRnDODGyj7aBDPtw4lLbLsfLRXQTVnKruaFQ6g9gx1ycF58dltjWpO+2qxdEeT7Xidx49E+WyuUbr/URMiNQBrYOJMWBTND3CfxwI45vE+gqoAphkKbytANy8dLX1NIFBTjrFoJuaopVOS7+4oJmrB2KNNLOr0HUtcasP3Njk7cD5VXFk8ndha9aiX/SSt2EHhG07n4MZyE1g2FMmkV2SQvRapMCfin2yOgPw==
+bosch.			86400	IN	NSEC	bostik. NS DS RRSIG NSEC
+bosch.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . Io6X2Rsa1QTwku6r5Z3CESRi8Ak6vSybnJW6KnupTNnNm+u/eWdL/FX44hhx3rm9cdXRtpi3D7sXiTOfl4+8o5NdO6L/o/CAfxLa+havLtR4YYL99klhJVjFGaC7LzN/VUen+Xw4JDwJlVSgU6o4N+hHKyAvW/F4FwWja2luc8FgivbH0KoLyFs1nQHCCGUpZoox6uFhDQLPwVUqHXk1E+x6/o5udjsgcMvJKD72U2aFBuJBUWdQK2o7JCoaDqBnpUCbAQqOTl4gZbLlkiv48JUuUzAT5a0whZuefec+ODzimJr29tqXxuBKlBjDBAVwxKeGlYJMptDXuDbVydELrA==
+a0.nic.bosch.		172800	IN	A	65.22.112.46
+a0.nic.bosch.		172800	IN	AAAA	2a01:8840:6e:0:0:0:0:46
+a2.nic.bosch.		172800	IN	A	65.22.115.46
+a2.nic.bosch.		172800	IN	AAAA	2a01:8840:71:0:0:0:0:46
+b0.nic.bosch.		172800	IN	A	65.22.113.46
+b0.nic.bosch.		172800	IN	AAAA	2a01:8840:6f:0:0:0:0:46
+c0.nic.bosch.		172800	IN	A	65.22.114.46
+c0.nic.bosch.		172800	IN	AAAA	2a01:8840:70:0:0:0:0:46
+bostik.			172800	IN	NS	d.nic.fr.
+bostik.			172800	IN	NS	f.ext.nic.fr.
+bostik.			172800	IN	NS	g.ext.nic.fr.
+bostik.			86400	IN	DS	45431 13 2 16D460DE3B5D232225100E179AB80BD20A398618160C5B1C934A39F5E207ED45
+bostik.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . Hjw3WqtgPEYoHoPv76ZBs3ynqQhkPFylBIOFuVuZown1AVHgUt1NaFV+kRtZ581WN8oWd0Yjl+WdpbyEkJizQqn5aaqUVIEQpHRWRXkgMlQBaG5X67Fw5XLJUAd5TgnaNz3LHbTMaeRwbsuRWaNIFqmHPqZBocQ3pGKkUagbfw8COzUrtHERJTGYddy6dFMEArSt7TZtEHIqCeaEB2weEh43E5McZpRl0FlYt9Uv2Wavq1EF/qM+3tSN8yc5ihUmjGrQZXNHMdIknxyNZqDwjjyUqoXpv2/aXSJOeRj5IEGYZjaJ4Lg5dYWnBt8IUCTB7cqTzmao5UbGGyLRE1Wt/w==
+bostik.			86400	IN	NSEC	boston. NS DS RRSIG NSEC
+bostik.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . WG9QiA7szok7YhwH/gPfl2YzHKXv7QK8/NOm4p/lOO9FETUj4mXzAy3IUe9IOhU9SEHbBTpSYYah8WiAefekSJZ1HR7pargIACG/Wdd69S5Xpr0G3bdYi3BBI7RLI4F3WN1AUMO++shSwoIfpKKMjRMmlyC9ukUqipSVV5szkymrNeHb/qcSYMXZysdpahYzhZlJ+XRsowT1enSm+JqQiT+kJavsShQNlXgRIdHeE42g9BShY4bTCWe+Y1/FEnZlcq1YrkUW4+b16LAUTRyQv8ine0aAwUKU3BpfRFvUf4siAN3nx2o3aMwpvaGnsTsCsS14KHAhn3JfOjHkkA5iag==
+boston.			172800	IN	NS	a.nic.boston.
+boston.			172800	IN	NS	b.nic.boston.
+boston.			172800	IN	NS	c.nic.boston.
+boston.			172800	IN	NS	x.nic.boston.
+boston.			172800	IN	NS	y.nic.boston.
+boston.			172800	IN	NS	z.nic.boston.
+boston.			86400	IN	DS	1189 8 2 32DA17D1E9CD92EEBD7214B36B30FA8C8956ABBA7435F46B3A55D1455D8E01A2
+boston.			86400	IN	DS	42907 8 2 253F8A2AA4BF2067B9B72BA983849F63A1B8482A1CF613879196482D1FFA2038
+boston.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . mYzZt5EDkKV9iEWYLADwW+o8s8XDYhai8G+u/wFKCH9J4pu1E8GPsXdjYjffyFR8qB0Mehlv9oXixlrQVIkSuB/iGB3NHil4mzjoBWw7d+X2ye8jgM663sd0U1IgP4f6IL3XfN1q8OMwJ7+QI4kwe2chiyFg8MIVWA1PBkMk4F9KaQFcrc/W6cxe1OPNvAp5Kj4+5Mapr8XrV7MZc0lHD4kc7J4T/4KwoTTHM1RKixBgUjf2yk8g/yR0eyZH5C7mmpFoAbQZGLAtIcD3WDYDAUBtXGtQWyf7wfAxfpBpNL1dgFELdor8L+2cA6Wk+l1yVd9tGTZcuv1EvSYA9n/qtw==
+boston.			86400	IN	NSEC	bot. NS DS RRSIG NSEC
+boston.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . L7cSUUebxlsrPWkQdTA4BjbRiTIfJxkOrUrjLffCILFEQAe3zsh3aR2ex9fVY7i79xadhGJ+drYj4vB01hEKbLzy47KpcVOYtIcExHMfGnddQGoypFXdEdB62LSbboWk8jkmFHSIrm398vFSHBP6/3yKKi9x8Gi9J8uecf7mZOcGDUwJAEzHCpD1veVW4SMdI0RHM9wRSl7eeE81PYALqJLmtAoVbh10Yn12xkwo1GZ2Jc7TswH4WYLuSfn0S8M9CrE8b1qZhDOinMEp8tpSS+IREJVAhtK8agNqiv1aG+GR9F5F0JecaUDTgxSF33YLM2jUSGodu31vZvZZvdBFsw==
+a.nic.boston.		172800	IN	A	37.209.192.10
+a.nic.boston.		172800	IN	AAAA	2001:dcd:1:0:0:0:0:10
+b.nic.boston.		172800	IN	A	37.209.194.10
+b.nic.boston.		172800	IN	AAAA	2001:dcd:2:0:0:0:0:10
+c.nic.boston.		172800	IN	A	37.209.196.10
+c.nic.boston.		172800	IN	AAAA	2001:dcd:3:0:0:0:0:10
+x.nic.boston.		172800	IN	A	156.154.172.82
+x.nic.boston.		172800	IN	AAAA	2610:a1:1074:0:0:0:1:82
+y.nic.boston.		172800	IN	A	156.154.173.82
+y.nic.boston.		172800	IN	AAAA	2610:a1:1075:0:0:0:1:82
+z.nic.boston.		172800	IN	A	156.154.174.82
+z.nic.boston.		172800	IN	AAAA	2610:a1:1076:0:0:0:1:82
+bot.			172800	IN	NS	dns1.nic.bot.
+bot.			172800	IN	NS	dns2.nic.bot.
+bot.			172800	IN	NS	dns3.nic.bot.
+bot.			172800	IN	NS	dns4.nic.bot.
+bot.			172800	IN	NS	dnsa.nic.bot.
+bot.			172800	IN	NS	dnsb.nic.bot.
+bot.			172800	IN	NS	dnsc.nic.bot.
+bot.			172800	IN	NS	dnsd.nic.bot.
+bot.			86400	IN	DS	58741 8 2 ECA26804355A4735CAA906601C7D388AF755AB40F599D02F29D16F347705EE42
+bot.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . W5uYpluucMnkjP5LLGDcpbJsn5CA3aZobBcgZcTBiNbZGKOFrl1Si+H8k+nI9FApSh9Zegc5ae0paHIb7rlu8kNU0pdiH8HiovM0TLBjOkAdvEmAn4MSjqCZoa98udtB+rt4cyee9lJiPtBJeWs13nX4rkNa3PLeKFM3XEx1SezjcnySWjiQKAHI+plw9Bwu3b8XIE6wKVxOM1dRPwiiUZVfjG7sYVP7SKi9veOS7Y6WaKVbcBjBkWZRHPagZlfqZwND0tDzEwJdtslgcwO7n8qbvi++Os2xENQ/VaJwYBXZgno52JvVdH7GdVPX7QI5PsXJHhS3aaakNxOvxtGOQQ==
+bot.			86400	IN	NSEC	boutique. NS DS RRSIG NSEC
+bot.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . wWyBIKxcvRg14t0NhNjj9qs9ujLBU/JwOde4TYkBwkyjDBIaMmqQwYzc4WV2xdQyF1ephuNdtxPear5D+RVrokWLPmjgcu/5sEvMA/BCaPDRQ9WPWgloUPXKHmeyGlElJXbQGdY2h3YxFIgpovrlc5TStI8HEsg1Eh6xImoKhiTB9BB6uMTsqbQzL6FALdUsq9QJP3+hy43KXkWM1LvjMQrzPM28RRGoII7ZnLHRMb3wZOs2o+C5O2ydt+trO8QZOlGHzK70jbQRKe3j66tFXJQPpWu7fxjKcEIPalzihB7jeWp7iOvYQ2XECFsAygHXfPTXXDo6u8lSYwcYi5QqNg==
+dns1.nic.bot.		172800	IN	A	213.248.218.55
+dns1.nic.bot.		172800	IN	AAAA	2a01:618:402:0:0:0:0:55
+dns2.nic.bot.		172800	IN	A	103.49.82.55
+dns2.nic.bot.		172800	IN	AAAA	2401:fd80:402:0:0:0:0:55
+dns3.nic.bot.		172800	IN	A	213.248.222.55
+dns3.nic.bot.		172800	IN	AAAA	2a01:618:406:0:0:0:0:55
+dns4.nic.bot.		172800	IN	A	43.230.50.55
+dns4.nic.bot.		172800	IN	AAAA	2401:fd80:406:0:0:0:0:55
+dnsa.nic.bot.		172800	IN	A	156.154.100.3
+dnsa.nic.bot.		172800	IN	AAAA	2001:502:ad09:0:0:0:0:3
+dnsb.nic.bot.		172800	IN	A	156.154.101.3
+dnsb.nic.bot.		172800	IN	AAAA	2001:502:2eda:0:0:0:0:3
+dnsc.nic.bot.		172800	IN	A	156.154.102.3
+dnsc.nic.bot.		172800	IN	AAAA	2610:a1:1009:0:0:0:0:3
+dnsd.nic.bot.		172800	IN	A	156.154.103.3
+dnsd.nic.bot.		172800	IN	AAAA	2610:a1:1010:0:0:0:0:3
+boutique.		172800	IN	NS	v0n0.nic.boutique.
+boutique.		172800	IN	NS	v0n1.nic.boutique.
+boutique.		172800	IN	NS	v0n2.nic.boutique.
+boutique.		172800	IN	NS	v0n3.nic.boutique.
+boutique.		172800	IN	NS	v2n0.nic.boutique.
+boutique.		172800	IN	NS	v2n1.nic.boutique.
+boutique.		86400	IN	DS	31354 8 2 83FFDC35018A75A4C287E7F29B0181EF0F7495F28E9E65AE00561DDD55942459
+boutique.		86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . KqBfO3GRkiGbwxsUevtCwBmGTMR8/ztAsb1D2yEffFybbILGiPwoPPN85ayWOw03Bc/trgVZlM+k8gD9eGIYKCAdUPmjDv5oezEFT3g8peLHXNQHqV/kO2uttjmC0YD7OGzbKyhBXru2k2FKghTHKZuX6KXpjMlBH2/aJasTVil8eZoQsGNn7ZgQarQ/vUjFtZ8+wSQaF4497YuwKBnmg58TYEGGqDcnnqh8amn4502NLR2Kddvkx7uBmYmWKxKnvSc12VhRa5x2GJAfSGiYdOaFHJrr6JAhLU3VQ9/rRYIdQmlvVIbHLoYkZrN/hIhbF5u+WwqerFMyWBztM8Ej8A==
+boutique.		86400	IN	NSEC	box. NS DS RRSIG NSEC
+boutique.		86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . opIIt/kS56JRauFjcQ5CtoA5iX2ijbD0G6ikYKbin5pCY0jOsyUQUD1BEVOGuRs6+W7YyDhghqeBUHqd3ZC1qHoingSxzjvd4hbI6yGOOKTKxU1A+kE4jTAMix/nOP+Y0yfbgSCnko/fh4732isIQto0YGjkd/754Q7DnknwmIQWfS0tmOPon5upfqwsEZcG4DEzzfiF+Quy3L5PreeKuS6KQ24hf0aEwyLQ9O2Z/exJ5S3BhSIrEbuq+Hn7KpkSbh7p8wT6PcNi/05u6MF6C6GhgjYAo1aeLcbNrfcB642oYl99u93AqFIr22xmr3v6QyWvYyvc/UcnPLgE1AyE3w==
+v0n0.nic.boutique.	172800	IN	A	65.22.24.12
+v0n0.nic.boutique.	172800	IN	AAAA	2a01:8840:1a:0:0:0:0:12
+v0n1.nic.boutique.	172800	IN	A	65.22.25.12
+v0n1.nic.boutique.	172800	IN	AAAA	2a01:8840:1b:0:0:0:0:12
+v0n2.nic.boutique.	172800	IN	A	65.22.26.12
+v0n2.nic.boutique.	172800	IN	AAAA	2a01:8840:1c:0:0:0:0:12
+v0n3.nic.boutique.	172800	IN	A	161.232.12.12
+v0n3.nic.boutique.	172800	IN	AAAA	2a01:8840:f6:0:0:0:0:12
+v2n0.nic.boutique.	172800	IN	A	65.22.27.12
+v2n0.nic.boutique.	172800	IN	AAAA	2a01:8840:1d:0:0:0:0:12
+v2n1.nic.boutique.	172800	IN	A	161.232.13.12
+v2n1.nic.boutique.	172800	IN	AAAA	2a01:8840:f7:0:0:0:0:12
+box.			172800	IN	NS	a.nic.box.
+box.			172800	IN	NS	b.nic.box.
+box.			172800	IN	NS	c.nic.box.
+box.			172800	IN	NS	d.nic.box.
+box.			86400	IN	DS	47542 8 1 F59D467614D996277C9EA8E52EB920623B9FA4FE
+box.			86400	IN	DS	47542 8 2 31CC9F53054303443FA06F368C54971D8E12C89655CB768A951D908701E82800
+box.			86400	IN	DS	63242 8 2 F63250257503CCE60195E71C2E346A2D8BDE06DCBD666B9EE4F860D75988702D
+box.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . Kmou/7Epm77j2yXpWCjeBm1KmB9CaB/WvFJif9gWpYFKenMORwQtuayTC2TatVozirICjORHsqbUwLZLmcAClx/PXsOmUZgFZ2RGRGGYgc1Z2c9lhV64pDA9Esluj/LVBrgm32xlLW18oabcaG8t6RVrXpsxyAdmCyygiNmx7NySJhpVn8xBkGWFQLxtEPnT8Ar59olC4QPYvhLl2o6QaEolfe51qJBSQGqioH1/zIrBpgxYO0QWx2pRpoQqX4r0mbybKeYwrlub0acXGMlJLcQ8TuFaXh7yIxa+vZiP1bvWtngj1roKEEHYBbVtpd+8t2FS7HDcG3J130Cf69F08g==
+box.			86400	IN	NSEC	br. NS DS RRSIG NSEC
+box.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . mTbaYAxqKy7Qm3UqpxmnWjhxdVMvf9hZi5d2W5EXOX+DZMGAWbtOBt2Bg8hH4jE3ZjVEYfpVswL6l8dxjkhY0Y4PW/vFdIJZJShzqd6JDFvE7YTfrwGM8tQkGQDWi8zz8Y5DmszqQzvJn7rauwmCQLrV21ujYTXJgyCbTUQ0c9mZbifAuRavUhs0rzX5m5IDyjbqYmJavvQmDhHK70hvDO28T8oxa8m0TJPofReOMnA49uMGp6C1KGi5TeFowoidehG++ohAIR/9040C0AO0MA5cKyxMXlObt9bTka2jmz0+8XSDLpP3Wfs8BdRWxLcVBp8UrdxIpM6wppgKJ0nbng==
+a.nic.box.		172800	IN	A	194.169.218.139
+a.nic.box.		172800	IN	AAAA	2001:67c:13cc:0:0:0:1:139
+b.nic.box.		172800	IN	A	185.24.64.139
+b.nic.box.		172800	IN	AAAA	2a04:2b00:13cc:0:0:0:1:139
+c.nic.box.		172800	IN	A	212.18.248.139
+c.nic.box.		172800	IN	AAAA	2a04:2b00:13ee:0:0:0:0:139
+d.nic.box.		172800	IN	A	212.18.249.139
+d.nic.box.		172800	IN	AAAA	2a04:2b00:13ff:0:0:0:0:139
+br.			172800	IN	NS	a.dns.br.
+br.			172800	IN	NS	b.dns.br.
+br.			172800	IN	NS	c.dns.br.
+br.			172800	IN	NS	d.dns.br.
+br.			172800	IN	NS	e.dns.br.
+br.			172800	IN	NS	f.dns.br.
+br.			86400	IN	DS	2471 13 2 5E4F35998B8F909557FA119C4CBFDCA2D660A26F069EF006B403758A07D1A2E4
+br.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . frw5+LDMYRP+4u8SOADyYXnKO/O2oMOM34KXm9/vHCf1BqlDss1vMOzyILj2QNNJKvQEXntvEAPNb1nHHJvjCF0OQmXKZa0TXUzrqFWDc2jpWwkI/UpzOWQqzEDrEZIybO0BRGu47Jpo8wloBv7eCCecos1XzJ2t3fiMMOYdvJ0UsbN0tqZrNKhafdpgKbD02uvmyheCS8rZRvC02VtL4pnixRhRtX9+9nBtFlmisr1NtBDQxg8wmVXPF0jLtr7FWhRSWwFQ83q6qpjAPsUoypFLlRYLKc5y+osmlLxKcRwyA88QUHCyy9oK4xL+zpnk8zrfMQD/iis6OkMOSEYucw==
+br.			86400	IN	NSEC	bradesco. NS DS RRSIG NSEC
+br.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . tMY5iDN93w5+MmvAKByB5W9FcIoJGO7BOhlok9T5/Rbd0jgZwwoJd/guKPVjENDlvIA2QpPm51p4udfFjwLCBpI/ePG3LQVeR0ioGOBkIGVNFd24O6c9LJtsmcalZpdyMm+AC+wVCAw5jawDDF2VCadyy9Zq2nkMuXAdoEVSS4wJ/E3f70/9nR+hcH2EZFO9jbmAdZc9Z8Yf4oZIcIQEdQ0a2Yej+46R9l/0VM8kngs8CIvE1PpDocUgHd89+RnE9DpK0ij5iODvE9mv9SprumlZwrDE0R01mEZGa3lCQONn6v3787R+lpEPZzy8LWEoYxYYG/Xfuf1/+MgOtEGF2w==
+a.dns.br.		172800	IN	A	200.219.148.10
+a.dns.br.		172800	IN	AAAA	2001:12f8:6:0:0:0:0:10
+b.dns.br.		172800	IN	A	200.189.41.10
+b.dns.br.		172800	IN	AAAA	2001:12f8:8:0:0:0:0:10
+c.dns.br.		172800	IN	A	200.192.233.10
+c.dns.br.		172800	IN	AAAA	2001:12f8:a:0:0:0:0:10
+d.dns.br.		172800	IN	A	200.219.154.10
+d.dns.br.		172800	IN	AAAA	2001:12f8:4:0:0:0:0:10
+e.dns.br.		172800	IN	A	200.229.248.10
+e.dns.br.		172800	IN	AAAA	2001:12f8:2:0:0:0:0:10
+f.dns.br.		172800	IN	A	200.219.159.10
+f.dns.br.		172800	IN	AAAA	2001:12f8:c:0:0:0:0:10
+ns.dns.br.		172800	IN	A	200.160.0.5
+ns.dns.br.		172800	IN	AAAA	2001:12ff:0:a20:0:0:0:5
+bradesco.		172800	IN	NS	a0.nic.bradesco.
+bradesco.		172800	IN	NS	a2.nic.bradesco.
+bradesco.		172800	IN	NS	b0.nic.bradesco.
+bradesco.		172800	IN	NS	c0.nic.bradesco.
+bradesco.		86400	IN	DS	61375 8 2 A0FFE5A2C7C1CB086855963D43117563E509CA1E6B27D87EF9CE011C195B8344
+bradesco.		86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . Jv0ayILE3lpbbhuSAuTkrfiVfeozPQ5gggCof4DXUtBG4JPvy/kLvuGQYaW/tmYv5SznMougUy6372L7B8iPNCrpxo7hJLDHYVhqS5Zhwu0k93AFqCSiIKk67zplGh4iZGoVvbXChMSLYDxyQb40mH2ufnhFxYOU0UKqogAVYQo3S5ozgzPeBwSka19jmzqfOKbLHh6upNnNnyuRXPiZpnQ8jrroKpqENd77LhQI3zsQZ6SewFt0rymlaMyJFUTzZVIp5LeDrDGEzJMrZVVF5l/11O6Qu/VFuv53PuZc32BDNikvI9dePLUZ6hCr6pWElPvoZU0oQ2f6e/5wk3j4Ag==
+bradesco.		86400	IN	NSEC	bridgestone. NS DS RRSIG NSEC
+bradesco.		86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . pLNE7PD9jy4b9kJ4zArKWCl2LrD82jotuy+rHw9ZRmKaqcCaOL1BGDt6X793DuuXBIdSc38WnK5S9PRQPlft6UgC6bLNc9iHRLP/KjO/qit2Uq7sMBlGDvJt238fb+K/MorMt173nI23mXGLai2wC5NRQWMEFdSFxMRDTbEsXnE23VQlkaHf7xNZro5yumXFr5O6LnSrnGuxj03nhtbLMolpNisRW81HMg1qcBzs1mJaO07C4MzmIWuEf2ZkAjKYy1x+3QWgWj77vz4+iupdN5Nn76rugOt79k2UIKAmvejc2e6TJY3Pur4Cvz0X5Xylcz29Hpxu/nY971W8SaS+7A==
+a0.nic.bradesco.	172800	IN	A	65.22.124.2
+a0.nic.bradesco.	172800	IN	AAAA	2a01:8840:7a:0:0:0:0:2
+a2.nic.bradesco.	172800	IN	A	65.22.127.2
+a2.nic.bradesco.	172800	IN	AAAA	2a01:8840:7d:0:0:0:0:2
+b0.nic.bradesco.	172800	IN	A	65.22.125.2
+b0.nic.bradesco.	172800	IN	AAAA	2a01:8840:7b:0:0:0:0:2
+c0.nic.bradesco.	172800	IN	A	65.22.126.2
+c0.nic.bradesco.	172800	IN	AAAA	2a01:8840:7c:0:0:0:0:2
+bridgestone.		172800	IN	NS	a.gmoregistry.net.
+bridgestone.		172800	IN	NS	b.gmoregistry.net.
+bridgestone.		172800	IN	NS	k.gmoregistry.net.
+bridgestone.		172800	IN	NS	l.gmoregistry.net.
+bridgestone.		86400	IN	DS	8575 8 2 AA4B874CF014A4DF2E7DC9E5A6B8B3EFA5DC966A834F4802BEB19B5CD7442403
+bridgestone.		86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . KeUhKTDYrLP9T69YGpMOrNUP1ZU6JTx7JbySoOs4fWsbxW/AzGpRlJ8wFdZkvJNNbmi9dJLTJsaZ2Og4vnMeRksPlm3DLakGkN6Dzm//N6GtkbHhqKbAwESLgObaWG+fUar/8ZDIYO06x87oWdHtYp7n9O2BYmZNmHrO5lEZBhn2QuENRsD0cs9XfTvGN7Y5CmkYXM66ztNgN1tPFap43zKkboVz0AZUcgj7lN3+n9d0nL6KeKUJBqPV2X73GzSfu5DxjNhx2hjAMyTZyPLXSZRnLfwwtYqLhaSZT6RfnvUZVfUQMViLcOzujQW5hLkHAjdXo7N9RqeBfGkTRivwbQ==
+bridgestone.		86400	IN	NSEC	broadway. NS DS RRSIG NSEC
+bridgestone.		86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . c+i+fFK201R5Nr5bDaS42UIq0qWnBirIdKfxbW9yp1+Tyfe0k3tEdcIsuhIMrNwILgqI8MRwPf0Hh5s4xuey2mlWte8tyPP9PM9p+vwTqA07Ifgc9w5w7UDU87HDHjK1VH18lpBZh4GlQZg3lFPNfA5eh2W9XjeL3YpJmtG+JH1jwZoZIUX7cYUEF/pojKnBSHocSNPIaDS0fCHQR1XQfNmMJhESjh4oRW0a98jr3MVrNRfYBMQEMwRAX0JfxpYIfoLKXywFKHn5z5HCZSknhmogfxNO9dOeWPkF8zyXifupYdNj6g/GRcnkqT6WuuE/G02UkmyttLnhhBCj5h8zgA==
+broadway.		172800	IN	NS	dns1.nic.broadway.
+broadway.		172800	IN	NS	dns2.nic.broadway.
+broadway.		172800	IN	NS	dns3.nic.broadway.
+broadway.		172800	IN	NS	dns4.nic.broadway.
+broadway.		172800	IN	NS	dnsa.nic.broadway.
+broadway.		172800	IN	NS	dnsb.nic.broadway.
+broadway.		172800	IN	NS	dnsc.nic.broadway.
+broadway.		172800	IN	NS	dnsd.nic.broadway.
+broadway.		86400	IN	DS	47576 8 2 CCC4CE45AACB1C0ECD8181D968B86BEFF3B34D1A71576F137CA43529FF8F12BB
+broadway.		86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . AlflIjY08ml2dWt+PvCVDxy58nDulxbnYNn6MOIw9SPw4qdxOHbu0a6ydPlMMy5oXVKS//YkMNbRBLKsC8lGtvBrlSMtIE/QpD9isWKPPtz/XL3FfMilGTFg5s8ZMSHD4JBtHzE+XHSi3ltb9Mwbie8doWVa/3PFJDADUSXhd3HCNu0QdtqD/fE0ceePbWeuW/wMoS/+kWPLEFYbGGB6/DRhtoDF1KCvJm0ubu2Akks0W011W6RBVNvGf4Nx7GPMMfDu46jznjn4Do2yUCmWpHS9v1P2ymhXym+cEjp1Mia6narAV5s36orHydgGPI+0uU//fi44xEcgxemiPVPHaQ==
+broadway.		86400	IN	NSEC	broker. NS DS RRSIG NSEC
+broadway.		86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . d2wq/7eLAIb5jgrnst+7vRBER+/c1wP10U4ttVQIsI+oaA33UMjHajzy7y6pH6YNAqANHLi7C/704vyIO8PWuuqDM+epUOey2a498WFJFuOehhgWCwfNd487EjPuSvBOtK90QaPnJVb/yyYuPOkyKlpL3bW9yPM4XR6s8fC4XoI125lKn5R/dwP6AFxwouysh7LrPh7Vxn7OzKHubBfjMYCA3AqAGjvRLuAv7f+WrwdtWnCs9P1G8bukNISSssOfBouV2lLg4qkzEX1Z/vs5drQgxdsua3OiIVWsDalo3Bd7gZXIR55ZH7MMwiwExAgFM+6kFKkLgCLPawRiEzoS3Q==
+dns1.nic.broadway.	172800	IN	A	213.248.217.38
+dns1.nic.broadway.	172800	IN	AAAA	2a01:618:401:0:0:0:0:38
+dns2.nic.broadway.	172800	IN	A	103.49.81.38
+dns2.nic.broadway.	172800	IN	AAAA	2401:fd80:401:0:0:0:0:38
+dns3.nic.broadway.	172800	IN	A	213.248.221.38
+dns3.nic.broadway.	172800	IN	AAAA	2a01:618:405:0:0:0:0:38
+dns4.nic.broadway.	172800	IN	A	43.230.49.38
+dns4.nic.broadway.	172800	IN	AAAA	2401:fd80:405:0:0:0:0:38
+dnsa.nic.broadway.	172800	IN	A	156.154.100.3
+dnsa.nic.broadway.	172800	IN	AAAA	2001:502:ad09:0:0:0:0:3
+dnsb.nic.broadway.	172800	IN	A	156.154.101.3
+dnsb.nic.broadway.	172800	IN	AAAA	2001:502:2eda:0:0:0:0:3
+dnsc.nic.broadway.	172800	IN	A	156.154.102.3
+dnsc.nic.broadway.	172800	IN	AAAA	2610:a1:1009:0:0:0:0:3
+dnsd.nic.broadway.	172800	IN	A	156.154.103.3
+dnsd.nic.broadway.	172800	IN	AAAA	2610:a1:1010:0:0:0:0:3
+broker.			172800	IN	NS	v0n0.nic.broker.
+broker.			172800	IN	NS	v0n1.nic.broker.
+broker.			172800	IN	NS	v0n2.nic.broker.
+broker.			172800	IN	NS	v0n3.nic.broker.
+broker.			172800	IN	NS	v2n0.nic.broker.
+broker.			172800	IN	NS	v2n1.nic.broker.
+broker.			86400	IN	DS	8746 8 2 7B7C64B10EB518A94BBFD3A75A5A31F9E3C67A18BAB01113A136DFD08D44B4A1
+broker.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . NYOipbGLd4ho0EfC1UDBtFNoJuq1QZvBGecUA2/fVo9DXYn/pdLEqS8W5+0+1yrgN/Sh+0FD3oBLsCAWuT/f0oTDASlLjm0whSIqstEOLnR8ABYdXBsHIBUwzL+KXUhRDRt2iIZvce5EH0gf+8v7rrzI130Pu5mr0CzTfxc6HmUH9cTymut5uLWPv6jSZlfZBpfH9N6Q6wVdXsbuqBFYogCHT/02kJObv0Ky43DrtyEaeeiMVHODlpaWVGAw4zFYPB+troiLbVz2mjfUhBEujFiFxjqmLNtTIiG7slDUoaCswfbCG9LT75tHMCDct6xMC4/QuNZJNfq/wE7YPHHcFQ==
+broker.			86400	IN	NSEC	brother. NS DS RRSIG NSEC
+broker.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . EtapWsPydjNT1YhHGr8hIqlUqW9//53A+vH7LP2vhH+upoP/xbH4LVzZHicyGhQMKSOjDnjkELDLx6TlDmvtsLHa928HzvxANrDP1Fw8uRWW1aABOKsRWFuqCYeXzanP4/Xlg/lR9oGCFxXOYjt+KmkkOTg69hPGc1lACDUBfEb/93vAx3LLj84+EiPPt2S0RQpwpIvQ/PR1Hwnfki/KW1nRglzNnYFrS1zB6EcZ8NP57AZGHy2MrVotJTYngmaMcTajJq9sTkmEg4rmD7k8bMj9N/5hSSTGDNxRfXcaz74z9NN/bxbxd9iJkPDPiqgJeOOSHTaijc/J0mzrFZC/lA==
+v0n0.nic.broker.	172800	IN	A	65.22.20.67
+v0n0.nic.broker.	172800	IN	AAAA	2a01:8840:16:0:0:0:0:67
+v0n1.nic.broker.	172800	IN	A	65.22.21.67
+v0n1.nic.broker.	172800	IN	AAAA	2a01:8840:17:0:0:0:0:67
+v0n2.nic.broker.	172800	IN	A	65.22.22.67
+v0n2.nic.broker.	172800	IN	AAAA	2a01:8840:18:0:0:0:0:67
+v0n3.nic.broker.	172800	IN	A	161.232.10.67
+v0n3.nic.broker.	172800	IN	AAAA	2a01:8840:f4:0:0:0:0:67
+v2n0.nic.broker.	172800	IN	A	65.22.23.67
+v2n0.nic.broker.	172800	IN	AAAA	2a01:8840:19:0:0:0:0:67
+v2n1.nic.broker.	172800	IN	A	161.232.11.67
+v2n1.nic.broker.	172800	IN	AAAA	2a01:8840:f5:0:0:0:0:67
+brother.		172800	IN	NS	a.gmoregistry.net.
+brother.		172800	IN	NS	b.gmoregistry.net.
+brother.		172800	IN	NS	k.gmoregistry.net.
+brother.		172800	IN	NS	l.gmoregistry.net.
+brother.		86400	IN	DS	6875 8 2 8955E563809E8DFE8F6B18FB0B23AD043DC6957E2AAC1A5F2C8B4CA3244270EB
+brother.		86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . Nz2HH8PPO7bvjgIaVuuIjrfzT9OkxyoTVIl9DlniTjsyfs055QOBeELPoqz/5eLSvP0GlXHplg8LCmJI539n/u76aBYHzsiNnHjVc3BLu5KfpnsuP5OLoTYlLEdj70BGjw9py5b7S+PCdgYwtGiGIo2HvLsV/81CNGE8Wh70CE6FDVqc0CcfF/NCVctCPYydriqS+/flUnAjKVuhnqYKuFvVcJ3LbFY+k1PdtY4EF8f+N4Cj6i1879WGLgL3x99ZfdltG6dyBTLiRxSO6tRmLO1gejylssSAvs/KEwqH+LlXEBawbJJrKqjpL+8G1QCXm0gJu/pV+7ZBhC2u9LbADg==
+brother.		86400	IN	NSEC	brussels. NS DS RRSIG NSEC
+brother.		86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . zGRK8JoERTrAjxM4d8VbzR080OXo4qrTJzsquiN0f8LGoswP4RduZbuM7SdvbT1a63GQbljaC4uhjl+pGlGrylUuWLHDdlxa/eow7urDeP+HInF3Em5NosozjyabdG4tjSAUwJWpjn8sY7NDYxD+wjb6BFek3aohTo0gasPl2I7G9dZosRjXpMT00f+omYA7VkJfx3bMrHqFl7nL7Xe5SJBYCsukDtUUAXsc+bpNrrEkfxaWEFK2/ZhHt7VFLAChX7B4bgr+3Hc2T7BEbjEMS0Dtopn3RmVD60Y9RBycCqQ3hk17b3Zp1aBEOqfkY69eXQZPtHEMxVq4SsnYVfJHXA==
+brussels.		172800	IN	NS	a.nsset.brussels.
+brussels.		172800	IN	NS	b.nsset.brussels.
+brussels.		172800	IN	NS	c.nsset.brussels.
+brussels.		172800	IN	NS	d.nsset.brussels.
+brussels.		172800	IN	NS	y.nsset.brussels.
+brussels.		172800	IN	NS	z.nsset.brussels.
+brussels.		86400	IN	DS	28780 8 2 EA50CAB83940B6AA791BD1A0C47ABD6C8549D43CF2776A48FAC633260F3BEE93
+brussels.		86400	IN	DS	62419 8 2 D753CE72A834C746DF60A7D2C7BD6E64151C576FCD066F95E451C3B5955D8294
+brussels.		86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . FFgh22Z9YZ2wjUYRp5tZi70FS95GlkimvhMxRxHd2l/nyoR0aF5OTQkCsS54RgxxCNDTn+xz9emaKjIKu7Qy1YJJI63wAxoLUBvoeNJOZyPiuPXRS7AqrMPhnKpMGLJkKNsWYywwjOcCt7kn3rIx5alnxVuDPsLRbrB6Bf1oGjylGjjTKXofinRZC2z3bFwDd0neTBGXuq+GZRJGA7zIf0JRFLh5CLpDPr1BQgfFrT5ZZqwWvovxYVJcZpkBbidkqT06Iy1klBs4mySszpYgIkaAo3Qojyz/6No/aWUBLY5+vbm67deal7BU3cmOgWIV/A+EpJ2g4bjtjcSDTHKiGQ==
+brussels.		86400	IN	NSEC	bs. NS DS RRSIG NSEC
+brussels.		86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . MdENA/maM7l3h078ODE9lRyq6UhFCv2xeHpGrMUHLww1SJ80QgaRTAe0ETySO88evgw/BuOzBoDUSXwPSIeyuTqcsybriocOD1RmfBQBK9PsB4LXzimBxoNpMLgIeLTPSQP/r3drP0ey10UnsKCvt7xb8jQ8gdERT2KGozu0e4KthnZTopQDU9BU3nl2VOL2eOpynAg7HyhWdvKT18TljtoV0ovj2jBuxaGGaF8LqOHr4OQmgT0V8MEJQLZs076JGFMFeiscRqyYhGR6EIDpAP7nis91wNxEZ5R7exEzHSy1Y4rkeWDklaDAuFC0bf4SQjwBaKO73nHT/2A1m6IUBA==
+a.nsset.brussels.	172800	IN	A	194.0.6.1
+a.nsset.brussels.	172800	IN	AAAA	2001:678:9:0:0:0:0:1
+b.nsset.brussels.	172800	IN	A	194.0.37.1
+b.nsset.brussels.	172800	IN	AAAA	2001:678:64:0:0:0:0:1
+c.nsset.brussels.	172800	IN	A	194.0.43.1
+c.nsset.brussels.	172800	IN	AAAA	2001:678:68:0:0:0:0:1
+d.nsset.brussels.	172800	IN	A	194.0.44.1
+d.nsset.brussels.	172800	IN	AAAA	2001:678:6c:0:0:0:0:1
+y.nsset.brussels.	172800	IN	A	120.29.253.8
+y.nsset.brussels.	172800	IN	AAAA	2001:dcd:7:0:0:0:0:8
+z.nsset.brussels.	172800	IN	A	194.0.25.14
+z.nsset.brussels.	172800	IN	AAAA	2001:678:20:0:0:0:0:14
+bs.			172800	IN	NS	ns36.cdns.net.
+bs.			172800	IN	NS	anyns.dns.bs.
+bs.			172800	IN	NS	anyns.pch.net.
+bs.			86400	IN	NSEC	bt. NS RRSIG NSEC
+bs.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . YTdADvSIQY3xpNmA886cawur4/kQK8FXK54Udo/XuDrq+6YUkY6JFq2bO1mB/y+KebTire0bz8swTmt+gPU8IaRRIoQMRt7bJ189Ee0yxQh4ayfazbMkJ2EnDZ/XQD7BzpCJegLL6JyZq223XFYSPLRv7uMREXgHLyVdLMPDrNkApzK4yNNlhOVfuqSkS3wFr3djOKrYY9tgdMFNaIIe20NQ01BL1MzKpWrCTSkDnzKHCtGuiefJi6k0WE4+bt5vRwd/7bYNf3rJ90CMffszvzuu44eyj324XGgjwkaUXxNzoQnzfH/rOYuoDn6D3+7z/Sv5m8nO/yHeLLJaFq9hGQ==
+anyns.dns.bs.		172800	IN	A	204.61.216.68
+anyns.dns.bs.		172800	IN	AAAA	2001:500:14:6068:ad:0:0:1
+bt.			172800	IN	NS	ns.itu.ch.
+bt.			172800	IN	NS	ns1.druknet.bt.
+bt.			172800	IN	NS	ns2.druknet.bt.
+bt.			172800	IN	NS	ns3.druknet.bt.
+bt.			172800	IN	NS	auth00.ns.uu.net.
+bt.			172800	IN	NS	auth61.ns.uu.net.
+bt.			172800	IN	NS	phloem.uoregon.edu.
+bt.			86400	IN	DS	14989 8 2 97023B81563CD7E07BF03EB44ECBAC8F11610C00FFD41F62B254AB95D643D911
+bt.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . YPjDJLvJC3DSjrxDSPD3zcatJ3f6d5/Sufj1QCnY9h5rXbwoJl+vaf/ZrnreIuIgNiGUT59X9XLVShJ3YAxIL0BdPX6VE3uRXV+kBTOAu4l7N/51BLWzkSOYnDd4eP4WY2QNXo0icM2r0T2fLJcSn5m1vV0iECoMxe9C92ck5sv28ok7XZQgywufLdKpO5WAi7Noc2/eHpCY9yYrTVMUEOih3mkSyLKDkq3/5TVU9NEvBecraknaoW9fq/q23q5kr5NelCZzV+wK08XySl9adVMCsZ39pLnfPvqrRUFsY0uXQMfLfIEOZDmky+tM2EmHqj5Ci+pZ0c0QPOjfrnPBxQ==
+bt.			86400	IN	NSEC	build. NS DS RRSIG NSEC
+bt.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . l8fwI9UW5ZXc4ZyVy+Fr/BwjU+CxLBaOdBPWm+MDJebMDcFb01p+ErOg23rV/OyN3lGSYOsMp1/l6FIGJDPMx1diz1xiwel8ubyx55Ig8h4L9STu2vv1h2V39NpZc/utxtUzMDH8ETUPny924drQz1ILEtnkKeTgiRS+M/+nZZzPKbZ3ICnYIJNF+zvLb0xBFkv6JOyoP+DLdLmqM9vMqDosJS3rjOzfQGB+E7BfoST5L/gcrjG59dO+WBUdp3jhXpfoU2fgelIIeBMMk3HcMeUruiMz746qUHVCYAyV/kP2ShlAEQsh5F+0//EwbOZ2InLdHG3qp8VOsc8XjvF7nQ==
+ns1.druknet.bt.		172800	IN	A	202.144.128.200
+ns1.druknet.bt.		172800	IN	AAAA	2405:d000:0:100:0:0:0:200
+ns2.druknet.bt.		172800	IN	A	202.144.128.210
+ns2.druknet.bt.		172800	IN	AAAA	2405:d000:0:100:0:0:0:210
+ns3.druknet.bt.		172800	IN	A	204.61.216.17
+ns3.druknet.bt.		172800	IN	AAAA	2001:500:14:6017:ad:0:0:1
+build.			172800	IN	NS	a.nic.build.
+build.			172800	IN	NS	b.nic.build.
+build.			172800	IN	NS	c.nic.build.
+build.			172800	IN	NS	d.nic.build.
+build.			86400	IN	DS	30770 8 2 68E3857B46D09FE8C87B6144A5D61F9613440A6407331AC598970C29809B56F7
+build.			86400	IN	DS	38839 8 2 DC44B2ECC9762A6D722A9882017FE051422FE7548782168404E5394C2331E8E3
+build.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . uPgY5AlRaMjkVQShyGz6/e0KPSI+hYdDocKIY/PLL75bydf+zwYO54j/aJBQPIV7bwqzqQdfDBlsW6dInQ95eaeGpZqz3H0MR2XqbhNRkebA3HcoprxKOHVRdiCjOP7n9e4/eEozZj4pjfHousCHZxBOFGEDlW6GDjKWzCsfmF3ipP1OEMl8lPE7hGwQIoLfcyKMCgL9SkZx+j9yjRthIqi+HtHsxCI/l+W6epF69VRzyeDvapXbut+GPdtCtgJwo36qME+DRZ7/+Q1aWF+AGts0LW5r+Zb/4sa7qdxeXhYnc7QAf+x4JeM4VmFiloDH942xKXRRSfEFym+/MQWFFw==
+build.			86400	IN	NSEC	builders. NS DS RRSIG NSEC
+build.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . pyJPudorIFjeCwGC21PmoNqxdbROy9ETFSHDH/auB7Mkf3qd9dkID1NpgaKK2U+9jEHGQG6nbfLjT4dvbLgdKjtGDlmrC7IiiytyzWxZhRlcCyu57yhuG3pxT6/BvWe3M7ZZNgUjLzi5fFxjapNLv7QJmGxyqQ9GcrYRK1ENuOOAVF3FYRnEHjdVxC2UnKcSOg2bmJAqIRejuQbGap/g70NA9QA+VOaVixT6roMW/uWxWEzL2IT+Fp8HS7XCG7lt83X2LF4xwZx9PBEC+LITONiuATFvJKLUkj6tdNcr7v9E77/W7DxNGL6vN5yzaBlv/3qjXZ0csFC28pZcH5WFJQ==
+a.nic.build.		172800	IN	A	194.169.218.20
+a.nic.build.		172800	IN	AAAA	2001:67c:13cc:0:0:0:1:20
+b.nic.build.		172800	IN	A	185.24.64.20
+b.nic.build.		172800	IN	AAAA	2a04:2b00:13cc:0:0:0:1:20
+c.nic.build.		172800	IN	A	212.18.248.20
+c.nic.build.		172800	IN	AAAA	2a04:2b00:13ee:0:0:0:0:20
+d.nic.build.		172800	IN	A	212.18.249.20
+d.nic.build.		172800	IN	AAAA	2a04:2b00:13ff:0:0:0:0:20
+builders.		172800	IN	NS	v0n0.nic.builders.
+builders.		172800	IN	NS	v0n1.nic.builders.
+builders.		172800	IN	NS	v0n2.nic.builders.
+builders.		172800	IN	NS	v0n3.nic.builders.
+builders.		172800	IN	NS	v2n0.nic.builders.
+builders.		172800	IN	NS	v2n1.nic.builders.
+builders.		86400	IN	DS	65089 8 2 0D0F85296845893F83BF7DB013340EC59238C81AD4B6E3DA33BA5B1632A748C3
+builders.		86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . X5NJl1DUAoEcDbzh/4omBaM1pnPtlzERgrrk87iMmirk4fqJWclKBqD8fsrbCa+HXRrhW26pvgM2aJeVOK0aV0MmLxwaJD3vW9F7nY+qGEedDHIUFqBdNFzJGMn8bh21g84uiLgPh28xUyg1K3S1XfAmn0Qwetj0G8kuLRT9LrpJSMyYbkCAIPEj8GZ4GRYI9zgkXfYKpbqzw95i4HTKqdlh3wMuUGyARBqwK2J4pfRjLRJB83CECv/kgjANhdgHQQnA9QlesMrSGdM9oznCaonfcQGB8o92UYZmGqgrznqHDHyPbLG7zkHCpafs2614Zr0zjf9iKaKZzni6NL13VQ==
+builders.		86400	IN	NSEC	business. NS DS RRSIG NSEC
+builders.		86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . VidNbRGoo0PvUuRijE6dOfC53A2gRn3ChvaPxXqmDpNQQjSr8AmyvP9m0tGr0GMLY6MBKmTQ1Sxad9jMp5Ma2J2fBnIF79Gzge55TFHSfbgZwCss9Kr0YTztwOVOK4Kk+qONgoOuz9ModBpbDha8RLFz79OfXOJytTDbf5JXrUcl9MoIYCmno9H5Gvh8P8bmJ8vvTe+wVcwaQSjB+292F5iqFWoxjaPFjDQMnFRaHwFvl7VmYho+3NCiYGEbKCO7o01bR04+bS2Mx6mHmlxtJEhoab1dBOsENgueqE7GstWb9kUDW6aju4uPdEtVof6vvewvVR5qswzU6BKFWZDOBQ==
+v0n0.nic.builders.	172800	IN	A	65.22.28.24
+v0n0.nic.builders.	172800	IN	AAAA	2a01:8840:1e:0:0:0:0:24
+v0n1.nic.builders.	172800	IN	A	65.22.29.24
+v0n1.nic.builders.	172800	IN	AAAA	2a01:8840:1f:0:0:0:0:24
+v0n2.nic.builders.	172800	IN	A	65.22.30.24
+v0n2.nic.builders.	172800	IN	AAAA	2a01:8840:20:0:0:0:0:24
+v0n3.nic.builders.	172800	IN	A	161.232.14.24
+v0n3.nic.builders.	172800	IN	AAAA	2a01:8840:f8:0:0:0:0:24
+v2n0.nic.builders.	172800	IN	A	65.22.31.24
+v2n0.nic.builders.	172800	IN	AAAA	2a01:8840:21:0:0:0:0:24
+v2n1.nic.builders.	172800	IN	A	161.232.15.24
+v2n1.nic.builders.	172800	IN	AAAA	2a01:8840:f9:0:0:0:0:24
+business.		172800	IN	NS	v0n0.nic.business.
+business.		172800	IN	NS	v0n1.nic.business.
+business.		172800	IN	NS	v0n2.nic.business.
+business.		172800	IN	NS	v0n3.nic.business.
+business.		172800	IN	NS	v2n0.nic.business.
+business.		172800	IN	NS	v2n1.nic.business.
+business.		86400	IN	DS	27997 8 2 7F17414B2EBDD17B8BF3F1205BC82E2EE158DF8DE4CF46DACEFF55447F0EE429
+business.		86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . bMW/HRlzhx4DF8JMjxqH85zG7e1PC8p/7hJnbD4+CquAdWW/QyhF8j8eyKUIqiGKO6HRv8oXWIEA6aNpqD8kuN8GPmZqzrnT25gSuCpbstX7cdF5f14EZfYy1ZyIVFz+XpL6LSjBsHLOWvqte82O686SDNnbZj0jzPcpgMkYtzT+HVM4oq4N/d2UCDg1RE+vRuK+Ly3hoe5cwwCFWfiSjFOF2pBCWpPfZWRbwvyWiXnYXMCm0ezpahdY0JEPEkhbg11kYzS8+uWIT2mkhjfIZQAi+5WB5oVjU2qHOgoNf6XPjiwbP2e2qINLUleq/0BlVQ1zrniPioaKnspCnC+8nA==
+business.		86400	IN	NSEC	buy. NS DS RRSIG NSEC
+business.		86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . IB+kONoem+eu/71OyKLIktqSmWfgWmwFz8pPqi1YLC04vSw+DdgaI0T2QyiaUS6PQ4CQEAjg/6rBMGwaHHqHz1Q+PaxwjqZazsbcI0BQd7fsIp6aFu78sdhz3GwSw/u7MJwVuto0CN/jIn7hkleor4Sdz3l8DolxZ2/zwEYcCiCb6OErSoUcZPE+zLZ3ShQCvTooZXSjpcZxvmYWO/Fopr5ZkiOm7tnnEW5f1+uSKOnm5U0UlBF/Iwvj1AFvq09d0ec2675rI1GlB2uhWL45f9pWRRATLGxw62jIdzGgUCuGupcN9mWoxQv+vP2YhwcL0MyIKWj7F9EOY0p8XhRybw==
+ns1.dns.business.	172800	IN	A	157.90.205.138
+ns1.dns.business.	172800	IN	AAAA	2a01:4f8:252:4295:0:0:9d5a:cd8a
+ns2ke.dns.business.	172800	IN	A	147.135.106.237
+ns2ke.dns.business.	172800	IN	AAAA	2604:2dc0:200:2eb:0:0:0:237
+v0n0.nic.business.	172800	IN	A	65.22.32.38
+v0n0.nic.business.	172800	IN	AAAA	2a01:8840:22:0:0:0:0:38
+v0n1.nic.business.	172800	IN	A	65.22.33.38
+v0n1.nic.business.	172800	IN	AAAA	2a01:8840:23:0:0:0:0:38
+v0n2.nic.business.	172800	IN	A	65.22.34.38
+v0n2.nic.business.	172800	IN	AAAA	2a01:8840:24:0:0:0:0:38
+v0n3.nic.business.	172800	IN	A	161.232.16.38
+v0n3.nic.business.	172800	IN	AAAA	2a01:8840:fa:0:0:0:0:38
+v2n0.nic.business.	172800	IN	A	65.22.35.38
+v2n0.nic.business.	172800	IN	AAAA	2a01:8840:25:0:0:0:0:38
+v2n1.nic.business.	172800	IN	A	161.232.17.38
+v2n1.nic.business.	172800	IN	AAAA	2a01:8840:fb:0:0:0:0:38
+buy.			172800	IN	NS	dns1.nic.buy.
+buy.			172800	IN	NS	dns2.nic.buy.
+buy.			172800	IN	NS	dns3.nic.buy.
+buy.			172800	IN	NS	dns4.nic.buy.
+buy.			172800	IN	NS	dnsa.nic.buy.
+buy.			172800	IN	NS	dnsb.nic.buy.
+buy.			172800	IN	NS	dnsc.nic.buy.
+buy.			172800	IN	NS	dnsd.nic.buy.
+buy.			86400	IN	DS	16411 8 2 C9C2D0F38695BCF73FE5C6FE4A049282848F45F887C4C72B337BCA9FB50ABC33
+buy.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . WOzFglUq3elCLIsEGBje+Czr4+pr8+dxosQ03w5Alo4b2GvYs9IdoMe5rrq2wmk12KAeFPxVvGYKEH1xkdN5sbc66Mbw6tTMqfFIAh1aR0b5ZxjciGtXkD9tx4qsKjZyl+Oqb5DW18QNuI4q4TE1omOI3NWze7C3X7kjxWPNc8UER/EhkoMG9AQ2XIS70DsR6/GC5Go3pMk4DpqCrTA+Q7Q0GzneZy1qu4W22LycNM7egCWqbLx9WX7iOBUu+mryamJpomSobaW8RJdiiUj9jDptr7kIPpcTkTNnsUnszJZaZf1Jgn3FDYbVlkL7w+b4Wx97bhx9t+Te+zNL62mAaQ==
+buy.			86400	IN	NSEC	buzz. NS DS RRSIG NSEC
+buy.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . bknar1k0wHPgW2HvcCc3ElQL58qoSjk5hM4Uquuv6GvVEcT9psbrNuW1yOqhKEJ1pseLCyXNPD1FvuscFwJUQTybZoWLkx0IEIC1L2/5jDX9/mxqVjDA7dlRJ7whWG1ZlaD06iXpWfTwds9Lo+wkUnulqD3xQ3NcgInrGgJ0LK+p/znDfeUOpeuIFsG3InM2CGbBScJ5RgPmC14VHx0AM1S6nCIiBu9DBwcQMtywec+Nt99scPe80JHF2tLAWJoOiZHYzG+bgzeDr78HevKnbEx65M/wQBj0uAUopU+EYeSyobvd5bB6r2vsdElEmZtFhjC2N3smEc5+SeiNjq28Tg==
+dns1.nic.buy.		172800	IN	A	213.248.218.62
+dns1.nic.buy.		172800	IN	AAAA	2a01:618:402:0:0:0:0:62
+dns2.nic.buy.		172800	IN	A	103.49.82.62
+dns2.nic.buy.		172800	IN	AAAA	2401:fd80:402:0:0:0:0:62
+dns3.nic.buy.		172800	IN	A	213.248.222.62
+dns3.nic.buy.		172800	IN	AAAA	2a01:618:406:0:0:0:0:62
+dns4.nic.buy.		172800	IN	A	43.230.50.62
+dns4.nic.buy.		172800	IN	AAAA	2401:fd80:406:0:0:0:0:62
+dnsa.nic.buy.		172800	IN	A	156.154.100.3
+dnsa.nic.buy.		172800	IN	AAAA	2001:502:ad09:0:0:0:0:3
+dnsb.nic.buy.		172800	IN	A	156.154.101.3
+dnsb.nic.buy.		172800	IN	AAAA	2001:502:2eda:0:0:0:0:3
+dnsc.nic.buy.		172800	IN	A	156.154.102.3
+dnsc.nic.buy.		172800	IN	AAAA	2610:a1:1009:0:0:0:0:3
+dnsd.nic.buy.		172800	IN	A	156.154.103.3
+dnsd.nic.buy.		172800	IN	AAAA	2610:a1:1010:0:0:0:0:3
+buzz.			172800	IN	NS	a.nic.buzz.
+buzz.			172800	IN	NS	b.nic.buzz.
+buzz.			172800	IN	NS	c.nic.buzz.
+buzz.			172800	IN	NS	ns1.dns.nic.buzz.
+buzz.			172800	IN	NS	ns2.dns.nic.buzz.
+buzz.			172800	IN	NS	ns3.dns.nic.buzz.
+buzz.			86400	IN	DS	21817 8 2 EEA009D624A40B9AFAA8F0FA040A3D0FC900AB565E27AA90CEBB67B481C9816C
+buzz.			86400	IN	DS	60340 8 2 FBA59E35952704AE0656BC122AEC20528C8D49600E314E8BDF0AE00CE8C336B7
+buzz.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . PG5+fjCc7+3qhhy4eJZkxIOPM9lUxb2vHBPtK0JPmCf+kK9/HQkWTqC8A9CfDs6bHDEUZbkh24oP1aSbXIIP4NjGisNQgb3RoRjUxo5qYhYVaeNRMzucU2jdxfXIjWUoFNdbirEj2feMq1eMR88vRCRZ8iBsqt9cmao27LifLJUoQ0n9ftxAFhbkG5UboAGeu2UNE4CN3IKaL3A1CQT5SVmM9Afrdm7L4RUDlqTxTLP4hwfdLhEAFvv7Z4devifVKNxJrUB7l4VroaC3DEIINTmCAUqMjw0dQTqBegjZ6m53Tga08rkVAR/yOn0iJc4fC+yvIODcTsGMLIo+lQCndA==
+buzz.			86400	IN	NSEC	bv. NS DS RRSIG NSEC
+buzz.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . FllayhocofpiPtKINV0suwOgoH5Yl6FQKo6lPUObpMJPYHwB4Xpa9fdpoJNq+9gJbfRNKs3WAKV8cobVxWekIy2DE5dvTF2OHv8SWgfLAL+qaKORKR9GJNTdmckJQX/Yi0T9/hCPgJkufv0SNy10EsoyrQulPhSWT9+tJkwYqHB6RT5JUQAtlTDugNPy29GH5tPxOFd1RXcUZgb/JLsJ28No3mjdHPAM0/vEe9gRrHSkQpUSy8oktTBXaA01Zp1mVeDc6f/96qomoBWmhDwSVfx0dKkB8QX5c4EOdWVxo1z/kKX7V6UqiiacW81ZhEnayga18OK13GFpFROfhOIkmg==
+a.nic.buzz.		172800	IN	A	37.209.192.10
+a.nic.buzz.		172800	IN	AAAA	2001:dcd:1:0:0:0:0:10
+b.nic.buzz.		172800	IN	A	37.209.194.10
+b.nic.buzz.		172800	IN	AAAA	2001:dcd:2:0:0:0:0:10
+c.nic.buzz.		172800	IN	A	37.209.196.10
+c.nic.buzz.		172800	IN	AAAA	2001:dcd:3:0:0:0:0:10
+ns1.dns.nic.buzz.	172800	IN	A	156.154.144.29
+ns1.dns.nic.buzz.	172800	IN	AAAA	2610:a1:1071:0:0:0:0:1d
+ns2.dns.nic.buzz.	172800	IN	A	156.154.145.29
+ns2.dns.nic.buzz.	172800	IN	AAAA	2610:a1:1072:0:0:0:0:1d
+ns3.dns.nic.buzz.	172800	IN	A	156.154.159.29
+ns3.dns.nic.buzz.	172800	IN	AAAA	2610:a1:1073:0:0:0:0:1d
+bv.			172800	IN	NS	x.nic.no.
+bv.			172800	IN	NS	y.nic.no.
+bv.			172800	IN	NS	z.nic.no.
+bv.			172800	IN	NS	nn.uninett.no.
+bv.			172800	IN	NS	nac.no.
+bv.			172800	IN	NS	server.nordu.net.
+bv.			86400	IN	DS	33800 13 2 5FA7FB1C36C810CBBEEA4557CE1B96175FB14B5E5F400A9D7AA36BA6B60FBD0E
+bv.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . UlE/VVWsecgONglXJu0bHZrgnaSiCan73Cy4AbO1ISwrTUsOHYCqwSV2qL+affjTE/VOcmljt2IK+Cy0NH4C6GBzRDsMhxzZ37LoGhrRSNK1EqyrlXAtIC72SFoouIms7qvIi2sW56WA72K0FK9QE5HtpuvJw7APIc3onVG4wsQShwXOuGb5BH+fh4cAYv5N2fvvehjkKQxPpMR0UcjFiPqlw46WqHkdZYHYAnlbAhP63zwd75xjbM3oXwCzRPQiNvtxey/+2JgU5CCtG2haSnnNE1SuK2plq6PqqUzQDx07zDWf4B299+JtxNOfGmI9T0VH8NcCI85ZFvsVl028Eg==
+bv.			86400	IN	NSEC	bw. NS DS RRSIG NSEC
+bv.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . IvYRm4eM5DLpS4nnH6R8xDbs5SGuvvlcGwlRkmrRB5dAuX41Jy+AkRP74sldz7tQ/Ky+EIfPLc7KCJ45QTfAgLXafG9UhyidJn8UN9HKuaYZsvXwFnBi/DiL0fHIns+pUWA/3Go9WfmQBqpUNA10JGqjnCqZzG3tnsJVSRNnosWvirT0wdOZOZzixPuG8x9WYJKyc1fs6rN/3Wp9G4Y3T1/dmITiqPbfgyCVozYpOgazHQhN6NIW3YU7nA56kDozzzJhzXdSdmYbAYGfrwR/N4xcA2tN/3N6vFl40wLTVhkUwCr1ntjZv6r5aJkx+IBiNLbL/nW4wSOCuY9iwNaPog==
+bw.			172800	IN	NS	pch.nic.net.bw.
+bw.			172800	IN	NS	dns1.nic.net.bw.
+bw.			172800	IN	NS	ns-bw.afrinic.net.
+bw.			172800	IN	NS	master.btc.net.bw.
+bw.			86400	IN	NSEC	by. NS RRSIG NSEC
+bw.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . NRCLXYT0KYD5KIfrZ5Hmc2hcQSkoFBTfTZX2TZfuZ0zwUDP9u3xrkZkRiBDLL/wuWtKz3Cvj2UgOJJvM9eQPj+g3Sa2WKMhyNFFia6jI0SiScSc21xTwCKn+U8eF9293ImhXf+exQXJM9+cnXx0hc/fOeK8bWoJgmFf431Je1aoZuU9oZFS0+lyJkXtwSB0MbKnUsA1PXG/GFC08Olm7ea82unfALcPPHj/g9PEm0hVwrhgeCJjOHknOsls/TWWaPhsxot9HW3zlvxN/+CF2sm1iuvjvQRpfTiSJmTfmOOzDhZriDwvoWLLlVU2o71K29exluOQgjSntDGqZOixe5A==
+master.btc.net.bw.	172800	IN	A	168.167.168.37
+master.btc.net.bw.	172800	IN	AAAA	2c0f:ff00:0:6:0:0:0:3
+master.btc.net.bw.	172800	IN	AAAA	2c0f:ff00:0:6:0:0:0:5
+dns1.nic.net.bw.	172800	IN	A	168.167.98.226
+dns1.nic.net.bw.	172800	IN	AAAA	2c0f:ff00:1:3:0:0:0:226
+pch.nic.net.bw.		172800	IN	A	204.61.216.70
+pch.nic.net.bw.		172800	IN	AAAA	2001:500:14:6070:ad:0:0:1
+by.			172800	IN	NS	dns1.tld.becloudby.com.
+by.			172800	IN	NS	dns2.tld.becloudby.com.
+by.			172800	IN	NS	dns3.tld.becloudby.com.
+by.			172800	IN	NS	dns4.tld.becloudby.com.
+by.			172800	IN	NS	dns7.tld.becloudby.com.
+by.			86400	IN	DS	495 13 2 2D14284F8E47B53F839BD8068D438680B4B6C7A645769C9D89B47DF0C5359B7B
+by.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . gzBEamCKDfKYnV2KPZyi/k5c69VJdWXG0/HO6oiUCS+ppye+ZU6bRv4/ljQFXuBuE7kD2zYxd3WUv0Zv50a0430PhLyjsjSD/GgwSeHrb0CmVFb14s/7MBFRHGXgnrzXBSSXYJ3q5GakLrlZO5RpKuzfzjaNtBbPCn8tta/1lgjdZFZvfp/GbNBzIXHGyFa7r7BnUzDn1VwxqIFSpiQsu+HY4mdsyrkQUY4Yyav1aaJuvyhh10gjbZD1HRQr3l9JOcR0h7ckqaUmFY++JBFeLzFNKU5qiDvnWnX2j9dwgM4rmnmKihzjq+VtBZOlrzaZSvHUBcfQm2loupDhJzXTvg==
+by.			86400	IN	NSEC	bz. NS DS RRSIG NSEC
+by.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . N4i9in/aHm1rO2i5aDrrmNbO7iBsW8MaCkFfjUiQoc5kzlTVIJTm6RhU4LZUO0OXvgMDlsgRIHmP5+UFSeB7LqIa69HpH4LsU9gA1IO9UofWYbngm+ALth+inEI2aSTkQUF8hxtEjxtUOLFhGynSdDSJBvRm5G13UVV9vUfpbZUKeJLWm6tOIfAK3q/JtiofPyXck4/EjCPjVI2FBcFiBCRDn+xguKra1g+g0KTTOZYusnb5MOrReBLKJQaGDg1U00DtMz6esi02W8XEgk0FbPjHUD8E+edCPV2ayR/vQEmIg03FVWQMoDf41T9UplBnHzFg2JdAMU97NO6fk8NqiQ==
+bz.			172800	IN	NS	a0.cctld.afilias-nst.info.
+bz.			172800	IN	NS	a2.cctld.afilias-nst.info.
+bz.			172800	IN	NS	b0.cctld.afilias-nst.org.
+bz.			172800	IN	NS	b2.cctld.afilias-nst.org.
+bz.			172800	IN	NS	c0.cctld.afilias-nst.info.
+bz.			172800	IN	NS	d0.cctld.afilias-nst.org.
+bz.			86400	IN	DS	22882 8 2 088AD52A5E8E9ADF54345CB21753A54F71BFB8E2674F08B02B64AB53F45EAB9F
+bz.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . VpeefdS76xMS8DJ2casYweVHj07n7TYf+KX4Zwum8CJh0+RyOEsHy92sEvsPHDonnzvJe9MWSp28fso5+GGpLt+sdpdhIOxkXHIlWnp9DeVjP0H/otZaKAWT9kuEy8eiD8spZSUK9bCukgZVn3/+o1zTcvTmtgDDwG/SdN5vtCM2aEi1Z0PNn2Oz6gElLGx2tSxN/oNm7yuRnLdXx2nFmgOUbFBL0iRVUpKZcV5M0fXkc/O7r9O+YBFoy+Jtj9RsjlviW0ddIWBlyFlykeB+KrSmWPJKH22Wk3qepBD6sp1klqRkSeeB06YBU67r37EgqtZshl0E4nmnFI0egDG0DQ==
+bz.			86400	IN	NSEC	bzh. NS DS RRSIG NSEC
+bz.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . jjdcZwhEaYVwHxrobxwBnRAhjyWNxdxt0V5QVzbeezqfQOCbeODgWAxc81UNH6z9zbRhdkHnGQhiI0byTjG0ISZ26xeY+9S/1uovFqm7Z4iBtAuWbYjE6rNtSPceIUjDxOBkBtKnKz6gB1uPVy9r518VuWZuVaW9CDwnR0qnY/tteqw9PIhoJzc9my9PucEmRvyJ1AtAgmQGlDQDeigJvPQ1sQdCOUiU49vNiNIgWGyFHf9rTI8RJm4Wv05Xsc6wg9VvU8mzEo+LQgasAtFgiCQvjcUYfh69xnisSUAk7Ws2wDw8ShF0vzyEboPNBGae+0uDZlFK3tgYM6FS2PvVpA==
+bzh.			172800	IN	NS	d.nic.fr.
+bzh.			172800	IN	NS	f.ext.nic.fr.
+bzh.			172800	IN	NS	g.ext.nic.fr.
+bzh.			86400	IN	DS	21101 13 2 1142355E16DA610E0872122F8E5F542EE0D3668ABB727F3A031E2C14757B2445
+bzh.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . wloyDOHmFCsewmDQ5ZqolbRbv6AfZPd1Wic/M1mxzsLHrijc9IkWEBvHN840KxPO8uahYuXLtyd7/fmtHLjq0KbgDFg6/3r66TPNI66oCTIylc9SXTBSOgbb5mtNi2FZrmjCjnAip1m6F6qfHHByCOasjFypBkiPAFuSoSEzykLYE12p5EdpmxB0tRDjLnD5MCCo92xuMYiId+s1+Isj2rxHcGdcyV6v9w/Q1Ab14EXguUtyxibmMHJTD0Z5oi/xhwYQFs5wRAb1R2BR1kl3BzejlraI10LqPZq3xCAe71JQPB5vM7SkywXXcAKeBSmgXcXgymV4Or0F4JI0bDjxKA==
+bzh.			86400	IN	NSEC	ca. NS DS RRSIG NSEC
+bzh.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . lpN37pYOyBALn8E8DaBsuznuO0VwWZT5avKWpBWs3kCF8uXvaz8yPioiapp+aAGhBocBHWRnVU4Y/3NNO+lalGXDHjEW3PAmmFyn85ugZdlNYJSA5o+QR6WQNnxMfRdSbkEn+poguUYvuXgIAVezPct1nyHH1Rc5KGFYHuxnPQGiqS4wAeMHWfT2lywBoHr/EFKcQCTXkNrb3WxmjgoRgdUHVQTI4OWd7yQrli9WMr6hjhXPRpdDIHEdGI/XhuEsATnWSRSOeSTBU8ihVO0D9rPo/3ojP8t2p5mbJBfM/S32X9Q+dyLFSUJzl4tO2w8wOZ/9M63eQWYEvO2b7bbvbw==
+ca.			172800	IN	NS	c.ca-servers.ca.
+ca.			172800	IN	NS	d.ca-servers.ca.
+ca.			172800	IN	NS	j.ca-servers.ca.
+ca.			172800	IN	NS	any.ca-servers.ca.
+ca.			86400	IN	DS	18560 13 2 86EC28ED5BFF076186306DC8CE3B4E3EC0433D9D5D34C7CA8DAC7B1934E8B324
+ca.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . zIiTwZ/osvU8laDUcRpLGBrZySsUj1n+umMHWHNtbim31sfZQnlPvfaSQXCyxWaR79DJohZUFlh/3gFHgyWfoHZ8a7oAu5ReK8UQUwwo7hn0iR6JOUOVwG5hdi5a/ku0rogJtsaZxkl1bT2Cvx5lb3zuch2Zfe1zpliajvJR1HDHmoPp0nVLLrFANadW/5eIAVhZOyn0gHTEtBeMO2MZ/0grF2iY+jCfPRwZY2pq1NDQG7723zlt9Djb25sAUjzjqTCjOEnOR4Vc/GyetZkGQNbZ/RklzYTuRncGFUiTiXN53EEAfvmpbJl2fvO738I3+4m4+yV4a7gAnQ0M9zlGJw==
+ca.			86400	IN	NSEC	cab. NS DS RRSIG NSEC
+ca.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . V097NOv+i9hWVhy7t+EcGA/R3kWEDKtnI+5cZdh3sD45wbsFKaqNbVm8e4fVSj6eu+iMa3vnueO9PbPWrh3kzRBrzfQ/2cQdgGznNgyePOHdRxs4Ynpg5t/feNNtF5+9tF/FKILJ7eiQQbw5oWPZ7bCHtPTa8F0dTF91nhF8adMFF4JRtvLlRVu75rfPmI+Po0FBkzVbg7a2CI0/TX46HPzQFAi1CPzsDZ0cz6y3pc0DiJYi72iZQ/5NzkJtJd2wMrD1GYTVsqsAtuCRGlz/bT2YjeOQqhzSnLJJwWbi3PgpkGauL+7EhuyOzRVLKVTSL2jP5keLZCgvevL0vpg3AQ==
+any.ca-servers.ca.	172800	IN	A	199.4.144.2
+any.ca-servers.ca.	172800	IN	AAAA	2001:500:a7:0:0:0:0:2
+c.ca-servers.ca.	172800	IN	A	185.159.196.2
+c.ca-servers.ca.	172800	IN	AAAA	2620:10a:8053:0:0:0:0:2
+d.ca-servers.ca.	172800	IN	A	45.142.220.101
+d.ca-servers.ca.	172800	IN	AAAA	2a0e:dbc0:0:0:0:0:0:101
+j.ca-servers.ca.	172800	IN	A	198.182.167.1
+j.ca-servers.ca.	172800	IN	AAAA	2001:500:83:0:0:0:0:1
+cl1-tld.d-zone.ca.	172800	IN	A	185.159.197.56
+cl1-tld.d-zone.ca.	172800	IN	AAAA	2620:10a:80aa:0:0:0:0:56
+cl2-tld.d-zone.ca.	172800	IN	A	185.159.198.56
+cl2-tld.d-zone.ca.	172800	IN	AAAA	2620:10a:80ab:0:0:0:0:56
+cab.			172800	IN	NS	v0n0.nic.cab.
+cab.			172800	IN	NS	v0n1.nic.cab.
+cab.			172800	IN	NS	v0n2.nic.cab.
+cab.			172800	IN	NS	v0n3.nic.cab.
+cab.			172800	IN	NS	v2n0.nic.cab.
+cab.			172800	IN	NS	v2n1.nic.cab.
+cab.			86400	IN	DS	33811 8 2 B0AC01BE28D9AA827609E9CEE95D686C81D7FCF279D75B54444CC00D9126D8CB
+cab.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . uI7vXhhXIa7RXkk0sxPbviRFEgF15lzQlBtrMHeIPO0Cz9QnSztNtCy3IlVNyUX3omffRZ71K0eIuVKKuoRLYybT2m9l7j4X5tjzjC69nXNdy+eqdwpAb6YSSd+mjh2Rv98OlfCf/avNANNO/ozVzHTy8kZPhFq9bxgQG+iIwEArlhLIJdwQj8enqqb79S0zZJjIxYhuYJYlynmGpjxwmer+jWH+l7n+vkhI2D8BIxfD3cLFYmHU6Ob5ScOinTxTw3r/Wxnqius+FoIUtQ5sSS/vNeLKPIBJ/Aevf1ns7B40hCvsRHwUIO6NNHQANYJkyqCLujvQxnQyz+Txhp3iWA==
+cab.			86400	IN	NSEC	cafe. NS DS RRSIG NSEC
+cab.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . Ym4LBDrp8M4VJxZnnq7iBI2F3DmregrFatING322rYMY9h+Ppb00h5yTaE09/XcWp1OyBqYodTEb3MlX6qyQtUZUBMz7zmTqAwIt0jq3WZO8OOa12PaNj+lggqhzAFh93P0twA8vCoGAjcuVcLrpR30a7EEsdfxJ7U3wtt0sgx4Q38T9iIY2kFp/Iz1TRKdX6q49vdEszN5ykeFNwqDs9j3637uowGkuzmsov74+wSiFSMFXoA55JFJtDJlpvl5v6XRZnCazN4HSMnuWjSSUnuwH0dtBXAEUTYGFfH1wiw9sPua4202BdO7zgJQtNqkayrzEb94DD/1uBdasBOSKIQ==
+v0n0.nic.cab.		172800	IN	A	65.22.28.29
+v0n0.nic.cab.		172800	IN	AAAA	2a01:8840:1e:0:0:0:0:29
+v0n1.nic.cab.		172800	IN	A	65.22.29.29
+v0n1.nic.cab.		172800	IN	AAAA	2a01:8840:1f:0:0:0:0:29
+v0n2.nic.cab.		172800	IN	A	65.22.30.29
+v0n2.nic.cab.		172800	IN	AAAA	2a01:8840:20:0:0:0:0:29
+v0n3.nic.cab.		172800	IN	A	161.232.14.29
+v0n3.nic.cab.		172800	IN	AAAA	2a01:8840:f8:0:0:0:0:29
+v2n0.nic.cab.		172800	IN	A	65.22.31.29
+v2n0.nic.cab.		172800	IN	AAAA	2a01:8840:21:0:0:0:0:29
+v2n1.nic.cab.		172800	IN	A	161.232.15.29
+v2n1.nic.cab.		172800	IN	AAAA	2a01:8840:f9:0:0:0:0:29
+cafe.			172800	IN	NS	v0n0.nic.cafe.
+cafe.			172800	IN	NS	v0n1.nic.cafe.
+cafe.			172800	IN	NS	v0n2.nic.cafe.
+cafe.			172800	IN	NS	v0n3.nic.cafe.
+cafe.			172800	IN	NS	v2n0.nic.cafe.
+cafe.			172800	IN	NS	v2n1.nic.cafe.
+cafe.			86400	IN	DS	20284 8 2 8C701B4BA51B9CD153830F6FA9A50EEEE63A98032728AA974D9466D7EE0E1FC4
+cafe.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . oIxDzUu/E0jCPboDqPPLC506Dq/CZjI76c+T+KAseOAJGPaT2OWMvoPfMCmtUDlYVe2o5xFpx+3rRTZp3dNfggzl7aNCwpkNtuRwNY8zmb0aaAh9P6Sup3UZTtkGdRjOOk4NZruMwER0y/UPuvR/q9aLvURj7OFNyMyXkU0qkXriMIDC0fdB+R437F5QLFC47d8LOgTTXMUKOBdBIGfNVR6drcDHDNDBreu/w2vwCdyDenS0uQp21sk1GKEDfT2we4hybUaE9mJA2hXmSAa2TZhrUHnrbMcH7kYD6mvpBQOMTy9nYJB8RC5MbMAuYxeBXu6WHPdxr97eZh/k5Kyi8g==
+cafe.			86400	IN	NSEC	cal. NS DS RRSIG NSEC
+cafe.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . CrzRBH/b5oO5L16frkubhAuL/wLKQHBqyoVCGvIUGqMekrLLbXHO5cO4Ds/7Lt843z/h3UjSCQIvgbdH7Y7IAZ0bHthGzCVso4+FVUJW56I2YRwVkWSvdFOlxlEJ6QgtjrAli0iiBy6gnVs9fmhjHHQBlD1NQjVyp1T/128B/3vVLiy6xrvr/Is0olNuGTmh/FVQz+mDgcsPR262q47mEEKOB/3ATQgwSqHQi10kS5FnBNoH7k83dDc4RmuCRbg+qw+W8Evmpw+gZUZCYVgvuzQVUvqoH9prVmB1cjg/CR+3cI/LCgcya5Z3Cm3D04DoNc4KXc0Dc7xD6c5xQkoFDw==
+v0n0.nic.cafe.		172800	IN	A	65.22.20.44
+v0n0.nic.cafe.		172800	IN	AAAA	2a01:8840:16:0:0:0:0:44
+v0n1.nic.cafe.		172800	IN	A	65.22.21.44
+v0n1.nic.cafe.		172800	IN	AAAA	2a01:8840:17:0:0:0:0:44
+v0n2.nic.cafe.		172800	IN	A	65.22.22.44
+v0n2.nic.cafe.		172800	IN	AAAA	2a01:8840:18:0:0:0:0:44
+v0n3.nic.cafe.		172800	IN	A	161.232.10.44
+v0n3.nic.cafe.		172800	IN	AAAA	2a01:8840:f4:0:0:0:0:44
+v2n0.nic.cafe.		172800	IN	A	65.22.23.44
+v2n0.nic.cafe.		172800	IN	AAAA	2a01:8840:19:0:0:0:0:44
+v2n1.nic.cafe.		172800	IN	A	161.232.11.44
+v2n1.nic.cafe.		172800	IN	AAAA	2a01:8840:f5:0:0:0:0:44
+cal.			172800	IN	NS	ns-tld1.charlestonroadregistry.com.
+cal.			172800	IN	NS	ns-tld2.charlestonroadregistry.com.
+cal.			172800	IN	NS	ns-tld3.charlestonroadregistry.com.
+cal.			172800	IN	NS	ns-tld4.charlestonroadregistry.com.
+cal.			172800	IN	NS	ns-tld5.charlestonroadregistry.com.
+cal.			86400	IN	DS	18550 8 2 5D5349186BBCC0B98DCC5662AF9140FFE0B36F982043E2888043BA80665B08E3
+cal.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . uC8HyxxA+BUABr0+djmRrRVmVr718+yDK3Z1hmEGo6LnZF4E2CsA0Z2RXaw5GH9MqEBm3nYQ9SQqYAO8gZ7OamVhVZxQhGUr7ThCQRQpyF/mh2r6JbIE67aCpKv4kTG93ID0eri9eu2iNA8kftULZleDgBqJTrmAwYN+PB5aS0fnOnz6LnX3FdHCXPAHd4aRCc5oN2hGZoqwIiLaQmDv9Vn2I/6gScHtXvwppNLFywE2XvAXVXXEpH5xnSsDtMEn4zHtaG5juIx/6Ct3fLYO0M+f/02x+ZFpJORAKKG7E67IC50/CG7PiE+KRrr+njFeIHruVoyf2L6yMW57fVSLIA==
+cal.			86400	IN	NSEC	call. NS DS RRSIG NSEC
+cal.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . aCD4ALzB8pDGGAJxyFZve3ty4jB7k7NQp+AFvmeILIuk3r5BTv25o2KT59Fiz7NgZhaY+cd/mFh+N+VJwrV/cvdQFsn6HnLpO4o/wqBZysRTC5qnDezgM8Oj1oXAH0i+pXKI7gj8bdTIX519oswUk1fOHHbK7gCBvNknlSW3adcl8EOgdIdPiYol46/r/Jn4/rDtlAAsNnh2sJB/iJyxq+1fjRyZJwm+wW3jWD9sUPrJWfR01e5LYE8PQS2OWJauyPiW2cnyFW6NsLZ2XxZubE/FopIUJ9cBDzb3jEas6O1koe2L2ov2oZ5Reyb3jcobqGUMqPXWGohshjr5oKKpkw==
+call.			172800	IN	NS	dns1.nic.call.
+call.			172800	IN	NS	dns2.nic.call.
+call.			172800	IN	NS	dns3.nic.call.
+call.			172800	IN	NS	dns4.nic.call.
+call.			172800	IN	NS	dnsa.nic.call.
+call.			172800	IN	NS	dnsb.nic.call.
+call.			172800	IN	NS	dnsc.nic.call.
+call.			172800	IN	NS	dnsd.nic.call.
+call.			86400	IN	DS	58357 8 2 52A3A1C699DACB7D621A198268E5E76AB21931B19693D310595C504670E18C0E
+call.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . N0kiZ5q0WlZG4dyqQeVaTJCDKpMeUY6j0b4/vRsCDuqR2r84sXJ442iZlU4saqm9nsh23u2YSj8wkJzJTSUTP33RUd0jFRI8UsjwJVr+Rveu+TzYVzOykQJOu//Drj9uAgs66jOKKu8xoVeNrpXhsHbZAMN+HhvIRShOqBNeXETHrHLsjo6/UwCEYzzrB4X9X36UL8HzF/llkJwQzvEXTFga/7smtYxCg/ufQDquIsZ55L0t5kcTTpqlzdtLJr7QJj01WgavkLWlW78lm35YcOwSeq/POJ3iiudpiIvkoDXwzqG0zM4++bAF2kF6QnxQNzkn0O1h9kho1layX1C7Gw==
+call.			86400	IN	NSEC	calvinklein. NS DS RRSIG NSEC
+call.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . xcEd9tea2rdxmhBNG7qI4dsqNe5xL/TaqqxJUaQMnxC7RwGc548LBt3wGHqIPtP7nDkSHyHGbm5oBvpGCzCyKXVjpUdPDdtptV07upXBNplkTuUquAwxrDV54waINtK2vCC8TagZ7R63e3GaCQoV9irAKm3KILMeguVKfJFAVKiyUR+wDgmFzQ/v+palXCMmTGjekkWf4bL33TWnHdrQPyPA9+oNjvGZ56TSRzlmxtcwNenFC8EWnpZGMGEjIV3LD36RO0VZq0KgWQ6bY/PLRexiQjuhD5TXr9dRW3c2rgNhV0OD72dcObQny4VWT/z1TL3hQkZWed0biEqsp7S22A==
+dns1.nic.call.		172800	IN	A	213.248.218.63
+dns1.nic.call.		172800	IN	AAAA	2a01:618:402:0:0:0:0:63
+dns2.nic.call.		172800	IN	A	103.49.82.63
+dns2.nic.call.		172800	IN	AAAA	2401:fd80:402:0:0:0:0:63
+dns3.nic.call.		172800	IN	A	213.248.222.63
+dns3.nic.call.		172800	IN	AAAA	2a01:618:406:0:0:0:0:63
+dns4.nic.call.		172800	IN	A	43.230.50.63
+dns4.nic.call.		172800	IN	AAAA	2401:fd80:406:0:0:0:0:63
+dnsa.nic.call.		172800	IN	A	156.154.100.3
+dnsa.nic.call.		172800	IN	AAAA	2001:502:ad09:0:0:0:0:3
+dnsb.nic.call.		172800	IN	A	156.154.101.3
+dnsb.nic.call.		172800	IN	AAAA	2001:502:2eda:0:0:0:0:3
+dnsc.nic.call.		172800	IN	A	156.154.102.3
+dnsc.nic.call.		172800	IN	AAAA	2610:a1:1009:0:0:0:0:3
+dnsd.nic.call.		172800	IN	A	156.154.103.3
+dnsd.nic.call.		172800	IN	AAAA	2610:a1:1010:0:0:0:0:3
+calvinklein.		172800	IN	NS	a.nic.calvinklein.
+calvinklein.		172800	IN	NS	b.nic.calvinklein.
+calvinklein.		172800	IN	NS	c.nic.calvinklein.
+calvinklein.		172800	IN	NS	ns1.dns.nic.calvinklein.
+calvinklein.		172800	IN	NS	ns2.dns.nic.calvinklein.
+calvinklein.		172800	IN	NS	ns3.dns.nic.calvinklein.
+calvinklein.		86400	IN	DS	4525 8 2 AF8C19B09CE15428675BD900E02276BFD651F263C822C7393EE3AB06791EEAF9
+calvinklein.		86400	IN	DS	46744 8 2 BB8A91F6ED57B17DA3D9F3F91B7ECE068799BA0F09C5310BCBC80150BF1555A3
+calvinklein.		86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . YhAhYahw+KWF1ZGN1ymDcarlEjfIoLGw54qa9wiyRf80A02iqbOM7xOEosFeNiRTdIR3srSNLWyJPP+hWMsJlSOo151n15qK2/7ey+2UWg87I0DIaYvgEMostMwQtrWDQ+b7oBw5YjBXVa46rybisywGcWdqnrBB261OGkHE1Wc+PIqtp84zjgiqat5+2tdW3qWoTM/SzB4GVUaFIOIqpOABcCNJ+Vf1DSDxW37kgBZEeSYPDAXnuimodMHTWrHsaQJhEQ+UtpLJQD0vl3NSoi9y9QlidTP98zOV/zamAxeYV10vj7j8gKItN2X8KHh/rgXM9N7mOjPiPk5+LQ9gcw==
+calvinklein.		86400	IN	NSEC	cam. NS DS RRSIG NSEC
+calvinklein.		86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . WwYgOo50r6MKFNCUWf8i1H+SZEXf2MN2ziOOuyphIYDuiweZsP23Il/33t9avCZHySdBH+3zA0PIFgkVZJxNLAu0sEdmWXYEsIEE5NdSrAL258Y2zk+iEnTzVrXmK+ZpGNbDRYS9xrtYW3AyD+R2rYnMqY09crH23X2iStJg7JJ8Ze3aMhUi7/4nhFIRzu0MyMQpNmdbp3gg4fn4kHiq3LmNDxBOyM86fU7ki7zTEtCovZFllX3z3Xcce4bJILALgoHUi+yr6mdrbyAPPibWnA6P9+hEdygV8xtHBhsJnX5RCzE0gFxLniE5xVOuZeRfccsAxpmhH6bxEVDPt/7jyg==
+a.nic.calvinklein.	172800	IN	A	37.209.192.9
+a.nic.calvinklein.	172800	IN	AAAA	2001:dcd:1:0:0:0:0:9
+b.nic.calvinklein.	172800	IN	A	37.209.194.9
+b.nic.calvinklein.	172800	IN	AAAA	2001:dcd:2:0:0:0:0:9
+c.nic.calvinklein.	172800	IN	A	37.209.196.9
+c.nic.calvinklein.	172800	IN	AAAA	2001:dcd:3:0:0:0:0:9
+ns1.dns.nic.calvinklein.	172800	IN	A	156.154.144.31
+ns1.dns.nic.calvinklein.	172800	IN	AAAA	2610:a1:1071:0:0:0:0:1f
+ns2.dns.nic.calvinklein.	172800	IN	A	156.154.145.31
+ns2.dns.nic.calvinklein.	172800	IN	AAAA	2610:a1:1072:0:0:0:0:1f
+ns3.dns.nic.calvinklein.	172800	IN	A	156.154.159.31
+ns3.dns.nic.calvinklein.	172800	IN	AAAA	2610:a1:1073:0:0:0:0:1f
+cam.			172800	IN	NS	a.nic.cam.
+cam.			172800	IN	NS	b.nic.cam.
+cam.			172800	IN	NS	c.nic.cam.
+cam.			172800	IN	NS	d.nic.cam.
+cam.			86400	IN	DS	5089 8 2 A17021ADA565F6B13749741DC51A25B0F524BAE6B753343155CFE8426CD29462
+cam.			86400	IN	DS	27179 8 2 F8C48547453F63FCC5BF62884A1F885FE50D467079E7B17DA3C8D0A2DC92474D
+cam.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . WBEuLV0hHRsPXABQWe4+66e8BHkd4B746+EhakakaUpk6j+qJxRk/O2woqT3EyNN9FP7ZRpgFzpfcMKaQsxx2nFVFOSfEvAaX8X85dMQHVEtr3C4n76c+1pSlcp4MXs664Qg05JlSQaG4WzbuuFExGg1mqlDRZRN4UvY0l9BfeAasK9Wd57tgUm8GyT2VoWA0JE8zGIYL5VRlqjvGaGCv/DqisTWEPv822z1jctwjuALU/Bc+++uwIPAXbendMY45FL530+7+ictGg78PU1BxAZ58A3eI5ay17uQcPYzjs9gS0rEzTxj1eh2TZZkPZXjTun+IYqBHxu6uBEUhxZh1w==
+cam.			86400	IN	NSEC	camera. NS DS RRSIG NSEC
+cam.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . nVwlnkQfkpmXSsPyz29fbFj/vzwCaTw525iM4plkIUoyMtpGBH1YRijZpzhjdnbwdP9jzmpmpi0hNjzGWHkc3CbJ2bt2ucbrhPNC6Ds8XFLl2an+23iZ9wCJ2CMF2uhl1GDKfdyV9C9/VfpumM8+JJCr2/2WGKrkYxdymhFxOrMB9jc96SDuO4zEHMveSRA9IAUQj5s626362QF8uf/ItaTVKDPVlwp6PFTgK1z6dDUTUu4PWxQ86jeN43ZTDJjeQq9+/jRlTupZBus0ss/uLVPdjXQgjxVeNV727Tu0pM1wf4XEp3YvyeODHxfK7WxbN0g32RnnHIgMv6XI5V6/Sw==
+a.nic.cam.		172800	IN	A	194.169.218.77
+a.nic.cam.		172800	IN	AAAA	2001:67c:13cc:0:0:0:1:77
+b.nic.cam.		172800	IN	A	185.24.64.77
+b.nic.cam.		172800	IN	AAAA	2a04:2b00:13cc:0:0:0:1:77
+c.nic.cam.		172800	IN	A	212.18.248.77
+c.nic.cam.		172800	IN	AAAA	2a04:2b00:13ee:0:0:0:0:77
+d.nic.cam.		172800	IN	A	212.18.249.77
+d.nic.cam.		172800	IN	AAAA	2a04:2b00:13ff:0:0:0:0:77
+camera.			172800	IN	NS	v0n0.nic.camera.
+camera.			172800	IN	NS	v0n1.nic.camera.
+camera.			172800	IN	NS	v0n2.nic.camera.
+camera.			172800	IN	NS	v0n3.nic.camera.
+camera.			172800	IN	NS	v2n0.nic.camera.
+camera.			172800	IN	NS	v2n1.nic.camera.
+camera.			86400	IN	DS	23809 8 2 D3A9137A8B8DF3D9DA4F91CF8C0EE79CA9C3577C9CB7033488C97DE376D83D59
+camera.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . iZL8cfAOc7Ns1T/0ITuWOtoZNeIWAA+dlY9sLey5dSVapxWeYCcn1mh+rulVVo41I3ZO5ZnfwsV7X70BtSqaM9q1migfiAqydeU8nEFT8N/zz8YQw1PYQD0J6g+eyKaYozdrynrMDyKOCYymCZuj8dewEw9s1kdb3Lebl+YP9lKLLOAm7wTbTvqeJke0JnrRQj0UoPTC+IwHo4/EjcHFjvvninemAUsGNDLOmVv4SCVq81toAxQIG6zYntL+JagF4/cqER9PPO2/00QpHVfl9Aagw4n/qKjJLTiVeZbXGeIGTg/5U2DW3sWG1fk2beB0kZ8gXG8LsPvK4hQg5k3WJw==
+camera.			86400	IN	NSEC	camp. NS DS RRSIG NSEC
+camera.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . pr/z4t0cLby/O5wXjIzcupOCLoguet3UVAjnKFssbzKEiJ4DboSBfQZzp8ePmZ76fzNAlbZSTxynAhdS3HWEJiTqP638PYHrQr3i8LNHi4DY5Udiy2t3K36VyK5m5toeOByJatE2DKNSKRQqG68sOoC3/hrxxNtr5zBzpiPEi9VQjdnnueyWFF+KGeblo31t3vLiBA+kizst8wSAfYbfcl7z7UwWZzL+Yky4mXQXS4KRe31KJRza6IsKo3o/KyrxBsXMWUfLNtn0G+Ekh+qWa9UX0sueCgyMuHvBlXDWWtF6kS7Zu6sRZNoOyrTVDGKV7zBvdoRL5qKA3Qg2HlcF/w==
+v0n0.nic.camera.	172800	IN	A	65.22.24.26
+v0n0.nic.camera.	172800	IN	AAAA	2a01:8840:1a:0:0:0:0:26
+v0n1.nic.camera.	172800	IN	A	65.22.25.26
+v0n1.nic.camera.	172800	IN	AAAA	2a01:8840:1b:0:0:0:0:26
+v0n2.nic.camera.	172800	IN	A	65.22.26.26
+v0n2.nic.camera.	172800	IN	AAAA	2a01:8840:1c:0:0:0:0:26
+v0n3.nic.camera.	172800	IN	A	161.232.12.26
+v0n3.nic.camera.	172800	IN	AAAA	2a01:8840:f6:0:0:0:0:26
+v2n0.nic.camera.	172800	IN	A	65.22.27.26
+v2n0.nic.camera.	172800	IN	AAAA	2a01:8840:1d:0:0:0:0:26
+v2n1.nic.camera.	172800	IN	A	161.232.13.26
+v2n1.nic.camera.	172800	IN	AAAA	2a01:8840:f7:0:0:0:0:26
+camp.			172800	IN	NS	v0n0.nic.camp.
+camp.			172800	IN	NS	v0n1.nic.camp.
+camp.			172800	IN	NS	v0n2.nic.camp.
+camp.			172800	IN	NS	v0n3.nic.camp.
+camp.			172800	IN	NS	v2n0.nic.camp.
+camp.			172800	IN	NS	v2n1.nic.camp.
+camp.			86400	IN	DS	16906 8 2 D846CC0B84C3EE2DE1A364728AF8F069798D4F23AAA13D5B8BB161BD8B9D0466
+camp.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . NcwDvoOhyVWzucJ1x4HNusYlNpZXK5gkJp6psoCw9t4n8mUh2VY9xvBrNERO5j3gPbzps42cNzlRxL2rFNlL1SjIVALZ+hdyeBKZhoTV4IWYi/as7ottk6PMKxTS//1z22kXYAMGUQe5jIqPbZo5P/9Myn1oJrWwrVW9Lxo1Kfa4rdfFIsL0J3PQVhJuERlIPaCTibXGd0hBTR5JD3bhrdgrkKKVC3bHN2xDf87s6rX1BwhhrhSFfDrJOf5ZvwX4s/qnossg8IdCLGbVI2D8dIHZ4y/gZWwLnJ9PgUH55JuPZw9os9AFx2Ds7VRe9jTIsd5jkuWTKMYOGnZ8pDUUDA==
+camp.			86400	IN	NSEC	canon. NS DS RRSIG NSEC
+camp.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . uTYHAk38ydIsWbzKAZcqgKtDg3dgsqdw3ZtyE2ATnnVyTUa/3GLJ8tOnx+sH3HA/hfWIbxRieY7WldGI/SfjCOKXyBnLbrZSNgcYIkFd7HLmGWeH7+KA4rW5SkmXuahecvflAZhn8rzk92rsFl9a6vIVVBMueO1Yo26wjm8dBWZ8Ou7+rRzZJxnxEw1TfwfoDT3745ouEsmhRkFUp3P1ohbc+d9piKz3tiFIilYwvMAj8jib+s+59GnRYmYnCiIgVTGbf7R+gJOgfOg4HiOIOkk4uSMhh+XxDjfFFW66FsaIwKb2G5R7dshvYVQqaOm49Y5Kg8zILvvebzuOVAULaw==
+v0n0.nic.camp.		172800	IN	A	65.22.28.51
+v0n0.nic.camp.		172800	IN	AAAA	2a01:8840:1e:0:0:0:0:51
+v0n1.nic.camp.		172800	IN	A	65.22.29.51
+v0n1.nic.camp.		172800	IN	AAAA	2a01:8840:1f:0:0:0:0:51
+v0n2.nic.camp.		172800	IN	A	65.22.30.51
+v0n2.nic.camp.		172800	IN	AAAA	2a01:8840:20:0:0:0:0:51
+v0n3.nic.camp.		172800	IN	A	161.232.14.51
+v0n3.nic.camp.		172800	IN	AAAA	2a01:8840:f8:0:0:0:0:51
+v2n0.nic.camp.		172800	IN	A	65.22.31.51
+v2n0.nic.camp.		172800	IN	AAAA	2a01:8840:21:0:0:0:0:51
+v2n1.nic.camp.		172800	IN	A	161.232.15.51
+v2n1.nic.camp.		172800	IN	AAAA	2a01:8840:f9:0:0:0:0:51
+canon.			172800	IN	NS	a.gmoregistry.net.
+canon.			172800	IN	NS	b.gmoregistry.net.
+canon.			172800	IN	NS	k.gmoregistry.net.
+canon.			172800	IN	NS	l.gmoregistry.net.
+canon.			86400	IN	DS	5225 8 2 9A1FC16A90ACF3C7D3233480F45F595DEBDEF3F71AE637BF3F8093670DDA7D8A
+canon.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . hL2J2HIIvoS8IJxTgrBNIqflBEWhS9D2+2Axx8N5gO9EqZzezy7YyIO2VyMwdoJcXiNm+SibZxayv5JfMGgzmol5m3W5CwsLOFfGd3pChkyIShhjfqdjp/NZBDQS1E5rkat6RlAsVp8zn3mBPrfNolN2sFxXxjy2BDMmGHRDO7Zuom9fVEkjqj3fivGo9caW4Pjc7z044nOeavZyVGg3AFuqPiH1oxE+VRUEcTe0wpHBKmaUMj5afb1LEk+wpztaDC7sIRarBhxl07P6M675j0WSn+gCVY+ac8KWpNvQNK/Xuht2LszDy9gJ2ZUsJjnjFq/RHmhBjuc3NyYcO5/BSw==
+canon.			86400	IN	NSEC	capetown. NS DS RRSIG NSEC
+canon.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . RlSugNBO4lLr6Gde7zVHt/3S73QuT0EOVBmEgufbm2q2vPc1WrLCxkFQ9TEcog69koY+1OEuwg1XkoDKOCmacqFqqzLzLKsDIzlQG81lO0UhazZWd/iArTWznxgerOfhOkUahxrnOWoCGB6jdsRQnxM/UtSTGHMZ0PxcWusy9q9jp+F3Vs2QHG6ykvK8RqQVS3/OZ4s0x2Dmqs5ugDY4FkcaoN8jYL8kwKSsmdbGTG0EJcH4Ic9zwkil9/lFpT5oyX//ARf8FixRAK00H+ClMTurgvYVjd21U3G41+e7wTE7Ux+8gv3sjX75DJEojidRPuSZt5twH6XcePWBS2z9Ng==
+capetown.		172800	IN	NS	nsp.netnod.se.
+capetown.		172800	IN	NS	coza1.dnsnode.net.
+capetown.		86400	IN	DS	58120 8 2 0D66710DD001E9120A86952CEBB8C21AEDD72D5E2CA46F0A40266529E7133107
+capetown.		86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . tExHHcI/rI9D6+VFwB8/J+sf6eZWOlK9sChEd3sH6Sri6XVbKytq4jJGe6g1x0RBLl4sCTf9mtNh7iYaVfFTHiSlc0z1m2aaL4H1HWX/h12uI5eqjsbmlBm2TXtDF0nbfvtf7oUc1G+uZDMDXW7VXKbddPwQXWR57TjAZZf3Nu/nsvaM4P3SU1TD8iQ+uGuvYeMLZSMwciKQE3h26PQL0OEhy5t3ZXKBgxyhOXA5BByaBrUHJXIKTsxaCGaYFGJgvPlJjsp3RTZUZNBZaNAcIBWbYL3obds/gy1Jyp3PL1w9vbM+NXSDM55rjgqAhA4QOGEp4pb9z4kN6tEp2HprDg==
+capetown.		86400	IN	NSEC	capital. NS DS RRSIG NSEC
+capetown.		86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . kwrPUGyCxeke7+EXV51zGpQ20tbGievIgRTwFrPFbbP1MEIsdfty8WMF4xyTeEgylJXXR6fc9UxYyLX3HiwE8LcY6v310QMbH18nbrjLhwmxZeIuVw+uzVr+xzMooQgUUocTG2B5anvn3RCwYLSFMuMAkjMvdS8v0dJTYiWwCCtPt2pXFMHpVIXcaYz4LnKawzEGPMot4NfGZsTvieCft/BXJtuU+jDD+F+B9b651TWXOfgstbhLwBhUAdTV3HtAtEw7Tl98pRgeicntKNZE+jW0QJ/Kj9OQb7XgN/Z17lX/NpIRP4TBDvXtKdSjW9H82tPjWn3YphnDsnWvJb1b3w==
+capital.		172800	IN	NS	v0n0.nic.capital.
+capital.		172800	IN	NS	v0n1.nic.capital.
+capital.		172800	IN	NS	v0n2.nic.capital.
+capital.		172800	IN	NS	v0n3.nic.capital.
+capital.		172800	IN	NS	v2n0.nic.capital.
+capital.		172800	IN	NS	v2n1.nic.capital.
+capital.		86400	IN	DS	9469 8 2 E4832B3A24031E377C4D82A22C87EFADEE41FAC941FD1FAC7A2AB5ECC9B821A0
+capital.		86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . rvr0hR4qkpC6szIfCBDbrQuEKyyTOuVD734j2tTdOMCCv+wdsZxXDHGLAoLJZygLCWE5ct7owzoJAxnttcsPiZYzNmArU09crq4QVzOhXP3VxV6ZhghjmAWNIsLeRoCayI3a3hrRY8qv16bsWEg688hW5qE7PohOofoLnOmtOZUGKcs6PK6kdw8IXUk1ZjaXlCthmMEi+FSwxjO5W1w7mhiuaSKtY5Tyy84tMkGoOQzhZtakMUcaFwnDA955MxXfR75fAz1/W0xxvGItptLiGfYbF6CuDmQ6JOSQviHSyClozReocR4+WOriZ2TNDUytObbdHblveMg0RxKFb+Amnw==
+capital.		86400	IN	NSEC	capitalone. NS DS RRSIG NSEC
+capital.		86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . j9NlLBZacGQ7KjOXkMn2h9lv1JhoGSTk3/p/Y2hadXK/Mpdbvo8ZrYfh1GgSoVbF2oXDSxR59doZ9GN2x0pgEayb0frsoIeyq2p2h6hyKA63Dlw4wr/IVu5EiTSriBPmztwhNOvJe695adXKypQVLUsqAWRVUqFIW6O42QWsh7RIQSGCHI+8BZiyN3kSObFgYWo3C1+QJmLrmugwE2+9KLLotfS4/UASxQfAbWp6mXrd3nDrCsypKWPnqhkEHBGCvWQZnuFN+uXItF3LXslpeqpNgbTkJGSgX4OVWaG6yo+0OOMiLeDeWW1Pqfz628fq5kDnFjOOR7XoqqSz4bbt+g==
+v0n0.nic.capital.	172800	IN	A	65.22.28.10
+v0n0.nic.capital.	172800	IN	AAAA	2a01:8840:1e:0:0:0:0:10
+v0n1.nic.capital.	172800	IN	A	65.22.29.10
+v0n1.nic.capital.	172800	IN	AAAA	2a01:8840:1f:0:0:0:0:10
+v0n2.nic.capital.	172800	IN	A	65.22.30.10
+v0n2.nic.capital.	172800	IN	AAAA	2a01:8840:20:0:0:0:0:10
+v0n3.nic.capital.	172800	IN	A	161.232.14.10
+v0n3.nic.capital.	172800	IN	AAAA	2a01:8840:f8:0:0:0:0:10
+v2n0.nic.capital.	172800	IN	A	65.22.31.10
+v2n0.nic.capital.	172800	IN	AAAA	2a01:8840:21:0:0:0:0:10
+v2n1.nic.capital.	172800	IN	A	161.232.15.10
+v2n1.nic.capital.	172800	IN	AAAA	2a01:8840:f9:0:0:0:0:10
+capitalone.		172800	IN	NS	ac1.nstld.com.
+capitalone.		172800	IN	NS	ac2.nstld.com.
+capitalone.		172800	IN	NS	ac3.nstld.com.
+capitalone.		172800	IN	NS	ac4.nstld.com.
+capitalone.		86400	IN	DS	16365 8 2 017564F7C0204B23E19605E08E5DCF57C286D6D5097B53440DE91D4F04D3ABAC
+capitalone.		86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . MKPNIbPzD7/EcJcxjO7fsRi7jF2lxCrUHf5BFRuVwDek2O/dZB6lq1hg+4XpTJh9ipn3Tn2mN9JFE5WOcccTCSkwGBCscMXtp3DFGoTg0M+zs0DwadyS/sROY71LzLa2Hyfp1lvdqZISOrHC0nTIt6CYT689dWuYqWXk3lGAXFs/UrH389glJHjNfXYL/zYMmbLQFBifLHNbsXH9awunh+0pa2yKRuxZPuxFeryPsHchGA/T9wgT5qehbrrDdQjomWcm1coa28kKiMJq+Gsvz9DnGzxm200bYC9Oah43xXmou/w8nOkzyosRS93OGbqwMEK1ejrvaiHUwwkFQuwHJg==
+capitalone.		86400	IN	NSEC	car. NS DS RRSIG NSEC
+capitalone.		86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . 0qSan+z0ShFzX1BnsPACZyCZVHaNWKg9B/H5vcAw0acLqi4UhwJdzdjODeI8/YSrvEHf3ki6KRTauAPW0gidzW3V/kzpuxL61d5DS9ENaNqdq/8jJ7Bfh0uJIRal89ZZYZTubzS+VgCXsl0/vmIdEaBI5LDCPZYulgaXk0oI5UWE5cYLK8lgrnajFX3hGNbc980CgMh114dVo/P13klyaDUE4DbcQSajSg7vK5i7FreajFqCH1+YhIs4okjfNQdfBSPgVgy2cZMBmMwnIPDhF+ro3TlnQX1UOtCH6cQAd1NXlr3B2VawuyEp317ZuUQWePQ0C7u/thMC4uflERExGQ==
+car.			172800	IN	NS	a.nic.car.
+car.			172800	IN	NS	b.nic.car.
+car.			172800	IN	NS	c.nic.car.
+car.			172800	IN	NS	d.nic.car.
+car.			86400	IN	DS	6293 5 2 519D12765966B6F6E6BE8236B0A6510B86025FDC7BCBAA1630B8632A9471A4D3
+car.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . wNTOpyirvMUmIqjFKYfL7Xq6dwTCCYU6IfM1vnsBBfu0JZCGD0jUJhBpQZjpmsT2kJ9GJVHMQIo5KKsBkWLIjs3o883reVofTnMOvf4lHx4++aIzUXcGb24rbM/vh611HxEuS3WDQ44h/qR3o7X6kFsT0UNtxWVqY4XcJvrVLVMNVp88sCsCAUZRJolB9Sm/FI8bFrHwAj1MIWVvZRgEOU8M6MOhG53D4gECwcME2mEFUP3yF73OSjIGG/dM96aXaJo9pFb25BPHG2D2532gHTzwyaTj9hig+7pcOclsIAdOazDtukHqEgPi38Oky32DUxXPoXhZji0yDcCB8PXqqA==
+car.			86400	IN	NSEC	caravan. NS DS RRSIG NSEC
+car.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . IBxbiRJeF2Zcqrqu5XlWguQr3gCv1ZcL07+SxeLDv9tPixxTwIb5LA4CtcYYVht4KUVktvzIg90A5bV/7ajdr2MKCbbu2Q+69EYWBzydUv9iHqRRMAu9rEtyF/iw4CVnk+dbsEHe04sZmqyugdTf60IE425XLtXXMu9KoAMY6z4SZnCww2URGRRw1sZu9XzVEYQV3MUQ75dGvKzfqGHDAdYtSimkQV5yrvNEheNneSAPHBxMZBRX1KgMze7C5oBZW44imgUNpSG0HgvHSR7IolibYxVxamCebkU8DPz2s3Z0F5MEcaBB1eXrFarueBjEYQCnu5o7lTq97rGX3Tz0/A==
+a.nic.car.		172800	IN	A	194.169.218.130
+a.nic.car.		172800	IN	AAAA	2001:67c:13cc:0:0:0:1:130
+b.nic.car.		172800	IN	A	185.24.64.130
+b.nic.car.		172800	IN	AAAA	2a04:2b00:13cc:0:0:0:1:130
+c.nic.car.		172800	IN	A	212.18.248.130
+c.nic.car.		172800	IN	AAAA	2a04:2b00:13ee:0:0:0:0:130
+d.nic.car.		172800	IN	A	212.18.249.130
+d.nic.car.		172800	IN	AAAA	2a04:2b00:13ff:0:0:0:0:130
+caravan.		172800	IN	NS	a.nic.caravan.
+caravan.		172800	IN	NS	b.nic.caravan.
+caravan.		172800	IN	NS	c.nic.caravan.
+caravan.		172800	IN	NS	ns1.dns.nic.caravan.
+caravan.		172800	IN	NS	ns2.dns.nic.caravan.
+caravan.		172800	IN	NS	ns3.dns.nic.caravan.
+caravan.		86400	IN	DS	3526 8 2 370991B8E6E9F532E4B6DDF051FAE510353E27E0B99A3F9B7B359C48620C507E
+caravan.		86400	IN	DS	28732 8 2 E06FED6FA549445050D4745F1BB53D854AB42ABC74F0E7FDE4E93A887E362E64
+caravan.		86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . 1TFZBNxtWMqRyHrA3DstN+H4JhBLYSMFD5dZq8ReF7fW+OsQO7Fy2JWjq9fadDZtb2xyydpbfAFQIP4l5gP3uj8+vkyrd7unGSWeqVShKWsM4wu9oohJzPoZz9JRmycF+GM99qZDfKR51QAbqk9wUVB1xTPdyXFH5txPE7PsVB/BFeBZzTUp9jitvaFdVkWVsTDFbWKm7QNmKhi3PBN3ZJ/EdQPMcoZzqM06rkBv/buU68njVuD3L7jc9B8BDRxhCA8sRoZF5PzpE6rZxOMUDYA3ZD+EONQL2jA7/jutdE3BgdOAEF7XYGRahKQeFRLpGIMC4FJHFr2BYv278b4zUA==
+caravan.		86400	IN	NSEC	cards. NS DS RRSIG NSEC
+caravan.		86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . UJwXKaTc1mq0FtbQaJL7c5hZqbqiaPgqplqp+IvisoYR1YW4i/DmMm96fbwUScczU4RIm510nmEJH/pE2hxviy7pQCfjRq6cqhSaQdXO42XeJ+jcDaFp00Ui09E7uOExriEoQQzi19rsV+uPgIsAG9pfhOOXaUSZK7p8SIPvhYDppfbNXY8JxkVRdgjHytGkyp1Xmd2a5ib92FOKEgApzKVxfhW8q6afT6dGqnb8Dh5JgdIymquYC0TEXII6N0KAF02qEx8Ry4JE28cYGR95z7vRiGloA+I99x+sxO1UGEs594m/QiIMDS/4H4IFpkm1cuYzi5GRD93p1NuaTeOg/g==
+a.nic.caravan.		172800	IN	A	37.209.192.9
+a.nic.caravan.		172800	IN	AAAA	2001:dcd:1:0:0:0:0:9
+b.nic.caravan.		172800	IN	A	37.209.194.9
+b.nic.caravan.		172800	IN	AAAA	2001:dcd:2:0:0:0:0:9
+c.nic.caravan.		172800	IN	A	37.209.196.9
+c.nic.caravan.		172800	IN	AAAA	2001:dcd:3:0:0:0:0:9
+ns1.dns.nic.caravan.	172800	IN	A	156.154.144.32
+ns1.dns.nic.caravan.	172800	IN	AAAA	2610:a1:1071:0:0:0:0:20
+ns2.dns.nic.caravan.	172800	IN	A	156.154.145.32
+ns2.dns.nic.caravan.	172800	IN	AAAA	2610:a1:1072:0:0:0:0:20
+ns3.dns.nic.caravan.	172800	IN	A	156.154.159.32
+ns3.dns.nic.caravan.	172800	IN	AAAA	2610:a1:1073:0:0:0:0:20
+cards.			172800	IN	NS	v0n0.nic.cards.
+cards.			172800	IN	NS	v0n1.nic.cards.
+cards.			172800	IN	NS	v0n2.nic.cards.
+cards.			172800	IN	NS	v0n3.nic.cards.
+cards.			172800	IN	NS	v2n0.nic.cards.
+cards.			172800	IN	NS	v2n1.nic.cards.
+cards.			86400	IN	DS	40594 8 2 0A2EC0D96558B08E99F3EB0CFA6B80CE64CB9994CF16726D56AF60FD2B5D3F9D
+cards.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . zmCFdLCPpSrkMLRx3ir4wTKIEXcdq573/L/FBzwnJSLGO2XAoNlfcVz7zHJ0r7Tv/uVnUEeFafAQERKonlZLJRJ4F4iycTmagL9Y8a7O2C26uzsYeuDflGsLoSab6OekNJ5Qq1Dtyjkx5zQUBkfBRhNxTDq+4Cncn6RU4+C7TRmkCnZMNw7LSJBsF98k+BxkewUOclLIBiVUDZYCzYvnzWeaEzbvVav/bm7ZMUY3wTBP2qNflTOg/A3X+lFC/WNgw1XPuJ9WCYZy5D3wNxCw7GhFKe9FicBXS0o47gcuKM0m0IatpsbymAoIcCp8Fh8MaO4cuANh6VGrvlIQUAV7aQ==
+cards.			86400	IN	NSEC	care. NS DS RRSIG NSEC
+cards.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . aZnXKGl6GZ4OM7yYl+N+cVQsI29hI2UPWB/ApbLBJV//DHMXvwnDJHffmpIMYMm/OiQ6PDTQd7agB1OnLeYPtyjLSIYzBj7PgBpUjPyGq0w2admrz7KqGTdhl4j9M3aOQFNpR6FgvU0/QmWeST2zgzTss7hpNNCgqzJa7W9C8bWhlVnqSe1sfe8SGY6FdRXlpaHbYCTsoyyvhTjeoaUS97auJ135/tLl6d7hdBg1nC1uzEWa3S7ZDGQAHLRUViEZf/9rXpzt3ilLAEuN0cYmW5ryi3jZAGJR10rATBrBi4OGzwGFX8F8McCOBPfm2+J8jx5254NJ0yWDTlP/+aZk4Q==
+v0n0.nic.cards.		172800	IN	A	65.22.32.50
+v0n0.nic.cards.		172800	IN	AAAA	2a01:8840:22:0:0:0:0:50
+v0n1.nic.cards.		172800	IN	A	65.22.33.50
+v0n1.nic.cards.		172800	IN	AAAA	2a01:8840:23:0:0:0:0:50
+v0n2.nic.cards.		172800	IN	A	65.22.34.50
+v0n2.nic.cards.		172800	IN	AAAA	2a01:8840:24:0:0:0:0:50
+v0n3.nic.cards.		172800	IN	A	161.232.16.50
+v0n3.nic.cards.		172800	IN	AAAA	2a01:8840:fa:0:0:0:0:50
+v2n0.nic.cards.		172800	IN	A	65.22.35.50
+v2n0.nic.cards.		172800	IN	AAAA	2a01:8840:25:0:0:0:0:50
+v2n1.nic.cards.		172800	IN	A	161.232.17.50
+v2n1.nic.cards.		172800	IN	AAAA	2a01:8840:fb:0:0:0:0:50
+care.			172800	IN	NS	v0n0.nic.care.
+care.			172800	IN	NS	v0n1.nic.care.
+care.			172800	IN	NS	v0n2.nic.care.
+care.			172800	IN	NS	v0n3.nic.care.
+care.			172800	IN	NS	v2n0.nic.care.
+care.			172800	IN	NS	v2n1.nic.care.
+care.			86400	IN	DS	17539 8 2 549AD6134B230096AD3BF9E7AF9CE64FFF941884104A23428720D55E6007871A
+care.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . fAMTiWx3b2OuS2rg/SO/NTV/tSTTM58Q8OCpYbIRPe8BqI6z338bIcd1U9gPL/21csdSAQjNuOzNcGu6vAPKV/zfoQul6BkGLRZDrAfzDphQU0vBlpOp6Fug+6MThLwf001MfSHHtw6z7ez4zZxEwqpCkPyKF7cNZMHEUlVFpMNzmlXktwqtMT0pI/qQYVhQ+u7r0FYgkx3UnfAAFVXzJh21C/McyYo0eRk61NMoD6B2CQrjby1h0XDgfHDG6PwYHSr51NTO0mACRrsqucHlv2yXswKsycPy/Zsa5wDB9o/WeWDYTn/3tF/nUnWnqdg6tYWKl7cDfjLvaTm0m1Oq1A==
+care.			86400	IN	NSEC	career. NS DS RRSIG NSEC
+care.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . uevkC6zt2LNpTk6yE1GUnFOQm+D/85Y3YuaE47OcmxB497coX2hO0h3Q5ee3Xiy2dRSDD4fZ5MPvRfvZ72EgI/fpWNqm2oE7xDzP2XbontnKNRPItUw2MEdCCFOq+3hcJEh/I43DUSVgTqZvDf7ce1PeoFSsnXKunq4pWa7M0ikSdQwLd4EgVEsa1BchJyzx3xBWEfbrda5qfRJmjLDhRCgGrgFtneGKF6/Y+RXeDrhkvPOvG+1LYgA5a9lQypx0ndWbwE+jyO4MhCj30pDvDeMEtqttPSOmOAtWlssYwjZ0zFDmIYLAm9KDcoxDaaYcZYAC5ULG2qGdytBTUmYi9Q==
+v0n0.nic.care.		172800	IN	A	65.22.32.5
+v0n0.nic.care.		172800	IN	AAAA	2a01:8840:22:0:0:0:0:5
+v0n1.nic.care.		172800	IN	A	65.22.33.5
+v0n1.nic.care.		172800	IN	AAAA	2a01:8840:23:0:0:0:0:5
+v0n2.nic.care.		172800	IN	A	65.22.34.5
+v0n2.nic.care.		172800	IN	AAAA	2a01:8840:24:0:0:0:0:5
+v0n3.nic.care.		172800	IN	A	161.232.16.5
+v0n3.nic.care.		172800	IN	AAAA	2a01:8840:fa:0:0:0:0:5
+v2n0.nic.care.		172800	IN	A	65.22.35.5
+v2n0.nic.care.		172800	IN	AAAA	2a01:8840:25:0:0:0:0:5
+v2n1.nic.care.		172800	IN	A	161.232.17.5
+v2n1.nic.care.		172800	IN	AAAA	2a01:8840:fb:0:0:0:0:5
+career.			172800	IN	NS	dns1.nic.career.
+career.			172800	IN	NS	dns2.nic.career.
+career.			172800	IN	NS	dns3.nic.career.
+career.			172800	IN	NS	dns4.nic.career.
+career.			172800	IN	NS	dnsa.nic.career.
+career.			172800	IN	NS	dnsb.nic.career.
+career.			172800	IN	NS	dnsc.nic.career.
+career.			172800	IN	NS	dnsd.nic.career.
+career.			86400	IN	DS	11480 8 2 252513A3ADE85062B3943C4D19B9DE1A0AE15176AC5D0C6D15C6B79B70F36FF8
+career.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . jgO+/UnBVp3l22kRHHHQ4IgmoctFDAZSUcRq0/5AKoLltaWUeO8jjtCcm14Cyh/9a9jkAY/amYJDW232w1PyN/ZNFRdFjpul6MuzSO5QMjFf7z4ic9WCpGnPbPsNiXa8NOb1imqt23ybjDYzrP+93AlvjcT/6PXNBR23aWoHDeGqkADVLIiXYbc8ETWW3rIyKhMidC/FOR94DllpS3vk3BB+8eX236q5lF6V7ifI8XK3aYlysq5MEPAbn9dS3QQtyjsgKgoXeTHBijnI5P3oSXHFtFDzfXcgdnARPUbvTk2oNAPJEU66KrXM3SSDvGHz686f3XUU6oj+S6toyDp9dA==
+career.			86400	IN	NSEC	careers. NS DS RRSIG NSEC
+career.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . w2jKfU4CqOVkavue+EfO2QeiPFT1SiafeEqdKGrq0sRrtyh5deqM3xUm4Z1ktxOTWLXeOAGQ6OCOaRGbdVabdpDYWpbOmmZO/Zjdn/k5TrnApkl2AlsySaCS+8KvRBAbP2vXa0hsU1fPbvIINQpLHDtQ/0YcUP9/gW/wKNmftZeB4quqepBYXLxXEbYuic+WDs/naZ7Z/5imX2NRkr08+zaSYBWgfobuF6Cm4LBjpDlOpV+UGU763YqwBiX1FznT4/pCyMxd2TT4FqDCg1pP85RHJJ/yKzso1IJzkK8adsBCNMriTr6g6CiNGgL0QxeISjDiUQrSsJGLs5PsqNnQCg==
+dns1.nic.career.	172800	IN	A	213.248.219.121
+dns1.nic.career.	172800	IN	AAAA	2a01:618:403:0:0:0:0:121
+dns2.nic.career.	172800	IN	A	103.49.83.121
+dns2.nic.career.	172800	IN	AAAA	2401:fd80:403:0:0:0:0:121
+dns3.nic.career.	172800	IN	A	213.248.223.121
+dns3.nic.career.	172800	IN	AAAA	2a01:618:407:0:0:0:0:121
+dns4.nic.career.	172800	IN	A	43.230.51.121
+dns4.nic.career.	172800	IN	AAAA	2401:fd80:407:0:0:0:0:121
+dnsa.nic.career.	172800	IN	A	156.154.100.3
+dnsa.nic.career.	172800	IN	AAAA	2001:502:ad09:0:0:0:0:3
+dnsb.nic.career.	172800	IN	A	156.154.101.3
+dnsb.nic.career.	172800	IN	AAAA	2001:502:2eda:0:0:0:0:3
+dnsc.nic.career.	172800	IN	A	156.154.102.3
+dnsc.nic.career.	172800	IN	AAAA	2610:a1:1009:0:0:0:0:3
+dnsd.nic.career.	172800	IN	A	156.154.103.3
+dnsd.nic.career.	172800	IN	AAAA	2610:a1:1010:0:0:0:0:3
+careers.		172800	IN	NS	v0n0.nic.careers.
+careers.		172800	IN	NS	v0n1.nic.careers.
+careers.		172800	IN	NS	v0n2.nic.careers.
+careers.		172800	IN	NS	v0n3.nic.careers.
+careers.		172800	IN	NS	v2n0.nic.careers.
+careers.		172800	IN	NS	v2n1.nic.careers.
+careers.		86400	IN	DS	29944 8 2 778E821FCA074FC5E155D0866CBAB618EC617866BF7A090BA85CCD71B3B249B5
+careers.		86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . CZctdGd7K0JO8A7Wf2MvNjub8pGImY8bADfljyyI7XYgvNwat5edYl/RZSHDzrmxvQdaqy3Yi1R1b5AvvH2/vFdoHYzA1LfeRAdF5pva2eL9SGDvOwUc/3kniP/OLkS5UPhzsIkcd3YIz/01vwXvJhP7R4CpJ3b/FESAE839veXGdpUcjthZxElGdRJbZfAR69s1Q1afEsA/pQ+eb9Wr0fuEXbI4pE7doOC8oeXxhBz+splaMHH67XK08+DuBnxG3MQhy2tl4jzNa68jV18Y1NlTKBQZkm037j1aftqDm622e6UYLIvNNOlpHJrRQj74IzKLlhQ9n3ZVQrEdcblH7A==
+careers.		86400	IN	NSEC	cars. NS DS RRSIG NSEC
+careers.		86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . mJ7kEP7VzENOLzgMAxPUOQGKPBO9IVGkNloFdy2ThM+TjoKwwiosFpUbw9ddKH//Ck+VYnHSxGGocY8yGTMQ5r32IjADfctYkZTKFhHN4xD0LaZ/eo4wzJGUM8cxCLr3oX3iECBDJPnr1UcXqVZqddoM0riQbIUNXFcfSlYsFElJs0GZXn6vzFDMeKGKGeClkz4L/n0ndbzFZZY5gXmy6smbl8OEJp8Gitj8PIcP8WbriyFHrO/PpkpeTutNu/7zcubbX87OupfiFjaOKyHi5Ldvy1gfSfbwJVB75npdOgndXZ086cizAJPOHAHBY0eT1TeWnJ3UNbddYXUX3wD86Q==
+v0n0.nic.careers.	172800	IN	A	65.22.24.48
+v0n0.nic.careers.	172800	IN	AAAA	2a01:8840:1a:0:0:0:0:48
+v0n1.nic.careers.	172800	IN	A	65.22.25.48
+v0n1.nic.careers.	172800	IN	AAAA	2a01:8840:1b:0:0:0:0:48
+v0n2.nic.careers.	172800	IN	A	65.22.26.48
+v0n2.nic.careers.	172800	IN	AAAA	2a01:8840:1c:0:0:0:0:48
+v0n3.nic.careers.	172800	IN	A	161.232.12.48
+v0n3.nic.careers.	172800	IN	AAAA	2a01:8840:f6:0:0:0:0:48
+v2n0.nic.careers.	172800	IN	A	65.22.27.48
+v2n0.nic.careers.	172800	IN	AAAA	2a01:8840:1d:0:0:0:0:48
+v2n1.nic.careers.	172800	IN	A	161.232.13.48
+v2n1.nic.careers.	172800	IN	AAAA	2a01:8840:f7:0:0:0:0:48
+cars.			172800	IN	NS	a.nic.cars.
+cars.			172800	IN	NS	b.nic.cars.
+cars.			172800	IN	NS	c.nic.cars.
+cars.			172800	IN	NS	d.nic.cars.
+cars.			86400	IN	DS	26272 5 2 8253077194F36991396AC49542ED2BE77D88E972D5ABDB0D832F2D5CD2C7F71A
+cars.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . UgmjG1+igBVDvc/ra/BbmteNve6M3TFVLQPjhvQx5bVWkSMi6eqndFyDFTxCZzR1v0kWXCT+dANfGIft8qec8VOFZUc59bHLJomcQqx2AiUP35+qBMHnL2EWnD98dokFibUQ2Uj9w/cmLUHeupIKWuIjCv43v27vUsDDQ607CLwsTnn6AJw9+q3s28S8qR+UfGUM0LYM7jDHqL6dyQG5iBxeTGMHR68T5nHHd5SRlP1HiaE4KbN96ZCtCeDGczBENscdJ9H/HQMAmBChshDncTfnNGL1O+k4q116kAo2XJuntTqA8gWy2t+Y96ePbTihEISaC6ZTq0R6O6EMXr/WqQ==
+cars.			86400	IN	NSEC	casa. NS DS RRSIG NSEC
+cars.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . Ln8wx+5GFxmj2qs3D9g4fo3UXBbneDAbp+ouFZ0mJitj/Q2mmc30otPZjal6QfICpZ3qb83KhAdUfzTUFyw0dFQpPzNW/NJZOSLc22NbQtir9nPuGf+PXU3FT/y9uFVskk/XItomJ7K/R981rLGCx+opBgjFnPt4a95jDYr9WX8SUbGyeJsxoAMq/pynZiBRNnVdiQ5gcCEqX5dNq26pz4dyN2HzbHoAgnf24x9KdYg9zmGNPw2CJhqNNdrFLASKQ0tYkZu+JQxyqvF197dooVILW3zRM6OtbPfK15hp9PP+dRHS0rXuDH0b27e+3L/fLp+wiyKR+G7nwjgi/2ykpQ==
+a.nic.cars.		172800	IN	A	194.169.218.129
+a.nic.cars.		172800	IN	AAAA	2001:67c:13cc:0:0:0:1:129
+b.nic.cars.		172800	IN	A	185.24.64.129
+b.nic.cars.		172800	IN	AAAA	2a04:2b00:13cc:0:0:0:1:129
+c.nic.cars.		172800	IN	A	212.18.248.129
+c.nic.cars.		172800	IN	AAAA	2a04:2b00:13ee:0:0:0:0:129
+d.nic.cars.		172800	IN	A	212.18.249.129
+d.nic.cars.		172800	IN	AAAA	2a04:2b00:13ff:0:0:0:0:129
+casa.			172800	IN	NS	a.nic.casa.
+casa.			172800	IN	NS	b.nic.casa.
+casa.			172800	IN	NS	c.nic.casa.
+casa.			172800	IN	NS	x.nic.casa.
+casa.			172800	IN	NS	y.nic.casa.
+casa.			172800	IN	NS	z.nic.casa.
+casa.			86400	IN	DS	12820 8 2 DFD8771512E3E5D525FCBEF9BC186FDA12797D20977A41CB663DCD18D8E38CEA
+casa.			86400	IN	DS	39931 8 2 9870940F409B2A9D22AB87E5239F8A18B1C44A9B6528ECD318DD78D23EAC761B
+casa.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . coVTfo4T7msUpWBZBFir3BqBvxFYq+z7WmThiVvN5Qic1BUxbm696z+OhKf11x9PVyKhDqk0fqf4DzzM2Z8OYp10D0NdLjqrXq270NWVQ2o6BxnpErkPDeITGFEeFqDmecKXCj1SgrTf/NFqgiiWI4Ftge/rrnik1bpbY5Z+4M1MAUCMkVcD+RL768ohdsTxTVtoMcfl5oTH/VqAKXIdB2KL0uxRwekYrY6GdB7kRCNrCk9yrx8GMN+ouQfOZJQIoDymDEvK8PpfzJ4NUv1yFqwxqU3X0U03w0VlhBV6G6CArD3pHmXsEmPTYyXbXtrgQq8fMCoda2vWtxSKTLoLwQ==
+casa.			86400	IN	NSEC	case. NS DS RRSIG NSEC
+casa.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . QJwvaLEkimZMY/Nq1rvaH+r4u/hYqKcjW+Ll9mzQSo3k76st3pgOCLuNeoNdJZcq0ooQcBrkFkxJsbE9ptsY8iLcM0/9DJO/nDPpyRGrTTyZyETCqNWfTPUM6OYhZCPmG+qlxdACVozSDcQ1XNmgyKbPv6VNKUC3/RmwOSjYotAn6sVptGsaeta+f63a8TLAwJvQEecm7+dAOAXjQk59zP+n1HN3eRTiX+f+9X4Iqe/XmcvopKraeNmv33dbl07GiUE7BVSy3SnSqiIBZMTm3OmQBsD0YUR8E3BxCiIi6fSoX3pHqskoGH2dnNYFc7Fl+10PCNfRJEX8o1suxvwYwg==
+a.nic.casa.		172800	IN	A	37.209.192.10
+a.nic.casa.		172800	IN	AAAA	2001:dcd:1:0:0:0:0:10
+b.nic.casa.		172800	IN	A	37.209.194.10
+b.nic.casa.		172800	IN	AAAA	2001:dcd:2:0:0:0:0:10
+c.nic.casa.		172800	IN	A	37.209.196.10
+c.nic.casa.		172800	IN	AAAA	2001:dcd:3:0:0:0:0:10
+x.nic.casa.		172800	IN	A	156.154.172.82
+x.nic.casa.		172800	IN	AAAA	2610:a1:1074:0:0:0:1:82
+y.nic.casa.		172800	IN	A	156.154.173.82
+y.nic.casa.		172800	IN	AAAA	2610:a1:1075:0:0:0:1:82
+z.nic.casa.		172800	IN	A	156.154.174.82
+z.nic.casa.		172800	IN	AAAA	2610:a1:1076:0:0:0:1:82
+case.			172800	IN	NS	a.nic.case.
+case.			172800	IN	NS	b.nic.case.
+case.			172800	IN	NS	c.nic.case.
+case.			172800	IN	NS	d.nic.case.
+case.			86400	IN	DS	5844 7 1 D1AF65D9493FE00BC5BC2DED27B91F870645D559
+case.			86400	IN	DS	5844 7 2 4F478B408DA99CB2D196CD2D61A8872B5D2F5A578FBD25E73F4EC19BC4F58579
+case.			86400	IN	DS	53709 7 1 EB8ABDCDE220029A7DD36547CA1A028C7D23C76A
+case.			86400	IN	DS	53709 7 2 71056E4EA918DC68B82A74E22D56519AE1A26C7CA756B754893CBBC10A0AFFEE
+case.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . yexgRMEB4nahhyNv1RyrxQ5j5n3Nlf7BhlNo/1lfQYnmT+sDYzqPKkMOY/EePWYouUGeWJYl8oXQ3hcRafhMZg5AyjwawCI2I2IOBUY+KQJIYZ1hyJ6m+BUEfjwSXr+jA9qpdNFBgX5RbYTduEjvsHjgt3jlIvHBP9tMiSRy0srYcob4patI2oOXIZ47Mz3vn0adA4xFo2hfCMnLsDusQUjDcEPkTq3VRzc22JOmgHf85i37UPq1mgg+QRRFaKyC5mMk4Hhwq7VlIbbp424xcV9EcRsOQahkp3SVfsslyNmWPqRcEHoZJCUpa+K4jT4UcCl7p81mDl121otIzhOjxA==
+case.			86400	IN	NSEC	cash. NS DS RRSIG NSEC
+case.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . HUwwNnA3wXLenNleMcRVc5mXtwoNNvKWP0q3hWXQ6PeunYvWfW+84LCGUUXYV5kZYqucj93f/C9jW3ybBcEhaRJm8ZVfqlhJfS/M+M3qA6M72411wEGnLExOIQqv/vDYNu63NldIxSYynZlCB9NPoDbb8Y19wKVg7aBJzCz2ktp3G8zhZtbZcczgeJgvSVw1cPR/BCssvckcbvYJf/fRNzulommcWz46Q7bjRTHV7+thW008dp0HXXS7IV3Qs/8TZcGJW0aNRPVZdVzJyZ+gsoz8zHSL/+xHbfO8MvBBNvQXwdPe28Vzo0mNzx/UtvXHxckirljsoMJ8q2sAIzIfLA==
+a.nic.case.		172800	IN	A	194.169.218.140
+a.nic.case.		172800	IN	AAAA	2001:67c:13cc:0:0:0:1:140
+b.nic.case.		172800	IN	A	185.24.64.140
+b.nic.case.		172800	IN	AAAA	2a04:2b00:13cc:0:0:0:1:140
+c.nic.case.		172800	IN	A	212.18.248.140
+c.nic.case.		172800	IN	AAAA	2a04:2b00:13ee:0:0:0:0:140
+d.nic.case.		172800	IN	A	212.18.249.140
+d.nic.case.		172800	IN	AAAA	2a04:2b00:13ff:0:0:0:0:140
+cash.			172800	IN	NS	v0n0.nic.cash.
+cash.			172800	IN	NS	v0n1.nic.cash.
+cash.			172800	IN	NS	v0n2.nic.cash.
+cash.			172800	IN	NS	v0n3.nic.cash.
+cash.			172800	IN	NS	v2n0.nic.cash.
+cash.			172800	IN	NS	v2n1.nic.cash.
+cash.			86400	IN	DS	38860 8 2 8FF5818A6631FE5ED105D1E518DE91A91535A52CF8C0E90BA448F0DC78FDF536
+cash.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . nRtyD0DF88jcIC66bDl7hpTRpKgGMO/FKNa2JA7pZgxi8VLgdYs3QRyo/EPMNNiURtQLWLiYRk2bfEemzQGv+7KaisrcUHB+EBjyto9c3MUAK4SWRAuNZ5pLj4W6NiJ18Nu6lLLMYzzIdp1sSc4wStdQd9/gGWLYqTj8U0AqQadrIZP9sqKPUm7EiYIiTuCVAnhEuDb0Nqe62GgttU4wvobLm8BpNFSUuWwea6AuZW+MUa7S4kpFeAx7IwuTIfuanBj6FFkN65ni0SJzo8ohJVU08+liP8Q01VcgmJ9jNARa4vrEKfORup4PwlStQVFUgDEVAP7lNsvwP6yoaZhN8w==
+cash.			86400	IN	NSEC	casino. NS DS RRSIG NSEC
+cash.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . F2uc2yrYDDu5z4uD/51njb7qwuU5TjdWXGuS8Wq7T0hy+wujKN8VAafQZ46Vl0yj+fKnc+V1BZDZRnUgs2/qNs3BhMf7hRWrty2+2LpcSuEhjE2C74G/27UMAvql3pcgr1qPScm+Cv3epGehdKcyhSXRMxWUFyJnOWJ581/y6sn90+5KEj8HZ/lNIMZcteouYRQUs1H/TRW7owLO7mVcpwn700LgwPIahzADOClGzlEGK3cUWAWsUsy9YgbVT7Em0nETsl+tIOpCfhPl49v7BUiq+xyb/NE9uofWCyVL0CzWxAqQLg5VNYMacXOS9S/4Hb2uNQRi3SX+rnDZ+28VIQ==
+v0n0.nic.cash.		172800	IN	A	65.22.32.44
+v0n0.nic.cash.		172800	IN	AAAA	2a01:8840:22:0:0:0:0:44
+v0n1.nic.cash.		172800	IN	A	65.22.33.44
+v0n1.nic.cash.		172800	IN	AAAA	2a01:8840:23:0:0:0:0:44
+v0n2.nic.cash.		172800	IN	A	65.22.34.44
+v0n2.nic.cash.		172800	IN	AAAA	2a01:8840:24:0:0:0:0:44
+v0n3.nic.cash.		172800	IN	A	161.232.16.44
+v0n3.nic.cash.		172800	IN	AAAA	2a01:8840:fa:0:0:0:0:44
+v2n0.nic.cash.		172800	IN	A	65.22.35.44
+v2n0.nic.cash.		172800	IN	AAAA	2a01:8840:25:0:0:0:0:44
+v2n1.nic.cash.		172800	IN	A	161.232.17.44
+v2n1.nic.cash.		172800	IN	AAAA	2a01:8840:fb:0:0:0:0:44
+casino.			172800	IN	NS	v0n0.nic.casino.
+casino.			172800	IN	NS	v0n1.nic.casino.
+casino.			172800	IN	NS	v0n2.nic.casino.
+casino.			172800	IN	NS	v0n3.nic.casino.
+casino.			172800	IN	NS	v2n0.nic.casino.
+casino.			172800	IN	NS	v2n1.nic.casino.
+casino.			86400	IN	DS	50410 8 2 AC39E42D7CD1A4212EC2539A9A9BAC07A8AB840C97823C6205E9264CB1A024EA
+casino.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . hkMHpLGvGzAL6Ur2eIMiQXe+SZFqjOReTVoOD31mIBuAwUrGBqjw8DyxfRUrTtObiKUYrd2iHdH3xM8eREgEU8reeV4Rp5d5nQGduQDyuEtqfHgcNh1mWZc5xOoJ4pDBv872ZthelagAWJXtVcDgO1wQIsV3gepDgNTFuw9BP03/KzKja0XSOm/uKa84u67TD6V9xSTpH/PHd4aJ+sK8MtPCue50p3kNzZw6jo3xKqbcPplTLeTJAEQnsPgee3ZOjI7GgXphzgmtkDpeMkwtfs+kVbkK/A0Sz2DIVb7tIjJoQ7b1197FrVmu0Pj7CXEXCZEJpfTUPqsnJqc25cZLiw==
+casino.			86400	IN	NSEC	cat. NS DS RRSIG NSEC
+casino.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . Rjp2G+2dCeLEYIRCbJxNyRrY5iMbS9eWD3Zk69vcXMu+xXa0MsN9HwwuIraFMcXbCmvtuS3K8tNpq8dslpmH3YGyOTPYoeO674YlpemAUdhKQRzTNlKN3KZMCJtqTkvY6bPU6/iyW7yQMESuzxnc6+QK9i6PIB45z3BjJIC/LpGr1VqpFk2Ej06xMqsgQ9C9p8UWRJaLQ2WkLDVw1uhJ+B7aLZNWuBeco7R2JYC1JacK3zJnVC0nrg/wa1Evs6Wzr2UmDI1pH/4c2AB5TQzWT7cT1uC5UOzKs7MRTZg1BTS3DY11vSVWoTAbXLyc5BmcNt+F36L//xZ+M9P5L8zvhw==
+v0n0.nic.casino.	172800	IN	A	65.22.20.18
+v0n0.nic.casino.	172800	IN	AAAA	2a01:8840:16:0:0:0:0:18
+v0n1.nic.casino.	172800	IN	A	65.22.21.18
+v0n1.nic.casino.	172800	IN	AAAA	2a01:8840:17:0:0:0:0:18
+v0n2.nic.casino.	172800	IN	A	65.22.22.18
+v0n2.nic.casino.	172800	IN	AAAA	2a01:8840:18:0:0:0:0:18
+v0n3.nic.casino.	172800	IN	A	161.232.10.18
+v0n3.nic.casino.	172800	IN	AAAA	2a01:8840:f4:0:0:0:0:18
+v2n0.nic.casino.	172800	IN	A	65.22.23.18
+v2n0.nic.casino.	172800	IN	AAAA	2a01:8840:19:0:0:0:0:18
+v2n1.nic.casino.	172800	IN	A	161.232.11.18
+v2n1.nic.casino.	172800	IN	AAAA	2a01:8840:f5:0:0:0:0:18
+cat.			172800	IN	NS	ns.nic.cat.
+cat.			172800	IN	NS	cat.pch.net.
+cat.			172800	IN	NS	ns1.nic.es.
+cat.			172800	IN	NS	nsc.nic.de.
+cat.			172800	IN	NS	anyc1.irondns.net.
+cat.			172800	IN	NS	switch.nic.cat.
+cat.			86400	IN	DS	58737 10 2 4DCE567C12F637D51A755B9585C0C3C4036ABA446261AC994F7F5E91EED4C365
+cat.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . dkzxtwDryPQLlf+edP8YsptBda7uB0z3Sa0ILTHPQF2zwyJ5v0kH2f0yAWqL3eyEowjlKMW8hOOmk0bMvWEUjOLj6vHJs7WMfR0OiuqMhImbgEYrbWxdNo7ROTBv2lelT5sLCeiqK0bV+M6VzeHYrc+TEfL0swEY7OJfI78KqYYKOPswE9KjGQwcbb7RrPzO9z7Ww/ANRixDmOYOfU+wx7q38ktv6RP75BVMW76ozWIqTu+j1/fILf6+xn5q8fU7IY1cgnGUG4FKEO+Sl/TqTfFAzj0vO8YzIcbBxnsT0yIpMWhb13Ga9r3noaI2eL6ZoiwCYoNy2nIiC0CM4y82bA==
+cat.			86400	IN	NSEC	catering. NS DS RRSIG NSEC
+cat.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . SJAiPSr+QWOccAwYvjNEyVrZsHi8rWMZAuWigugdY39YYha8aJazaZxK6VqPnjZ65oKyvYlNGFmeH+uiaVVAPRg4SHczGrN68t25v2Y8VIT4VM72PD7N2L3z0zWoovZ41H6bTyHIVrgN9SK/p2eMWmmtOu6t8uNVl5UEp7eDmNopVBlX4YnhC2GuF68NX0b7MZUXDEJ5KkxqypZYPGzRv+niB4rvPeJkVcV1lvkkB0tH6D2tQHV2qbkuW/iKnHrufsD8BIokKF66UBMD/fD8xIjHCua2FGGWIzFsazPxEH8ORMp7KENuPvh2YlMKAoBNDneCzL5oAB7CfKbPrR3bPw==
+ns.nic.cat.		172800	IN	A	84.88.0.162
+ns.nic.cat.		172800	IN	AAAA	2001:40b0:1:3:0:0:0:2
+switch.nic.cat.		172800	IN	A	130.59.31.29
+switch.nic.cat.		172800	IN	AAAA	2001:620:0:ff:0:0:0:2f
+catering.		172800	IN	NS	v0n0.nic.catering.
+catering.		172800	IN	NS	v0n1.nic.catering.
+catering.		172800	IN	NS	v0n2.nic.catering.
+catering.		172800	IN	NS	v0n3.nic.catering.
+catering.		172800	IN	NS	v2n0.nic.catering.
+catering.		172800	IN	NS	v2n1.nic.catering.
+catering.		86400	IN	DS	18272 8 2 10B5ED103AF8ACB750D87840FA7EE1E64F0ACC4ABB62DB629D72CC0E44B4D2EB
+catering.		86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . yL5RgOkyy7XlVUpux6aLnnTgLTuviuSNmQooJwc1oXsivFgTc34+N0jN8+jjA37Foilryy67WKHO+z7n0ugdCjrDw+GmHq5i9QOqXHl5qHYldSAeQoNTnu/3L7KMC5HpBM9nTK6ghv4Vc5lSU1Bj5I3FBt/yrGW6S40pB3HKbvICQ1catqssE/hs2aqLt5q4tfmdFSmgCNJENtW/73kokO5TtTSo+EcxTDaExGgNLs8QyQ7b6jhW/EaX1T7147/lh5Y9SZvLrL1BaAK9dNfcih8knhi2XdAosW72Dsmhyy9ajDbPwpygfNDz/Hr4LhLUQUtnDGqeHyCDDv0VGV0okg==
+catering.		86400	IN	NSEC	catholic. NS DS RRSIG NSEC
+catering.		86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . uQb26W+eOJjqwu81PZF05EqP7wg/hpM6IMAIVHt6XCgvqIYwvlLH0vB+yWokso/ym5FLa01YK8G6JuSoeSUJAuCbT3hb3HLaBg6HNcPmkL/miq5nP1CxEjMYujyzPTAoQe29+jg5CaL6OqdvTgDsnq4wdIXFylDvjWH3PP62oQTELu59ySQKWMbo2ul2FVvbHB4gwhahf6NgQBXDGdT5Oe5cYQvqpeL8eP0ra4ZjUgFKxw+X58htr8h/5BzzzBJUFvGSBgWEPt1dLo3186DFsH/Zw0opNE3yqZh1CBzB1rndY0a9ShYDhWDBetPZC+O82KwhSvMfXZiZ7/HnU6849A==
+v0n0.nic.catering.	172800	IN	A	65.22.32.24
+v0n0.nic.catering.	172800	IN	AAAA	2a01:8840:22:0:0:0:0:24
+v0n1.nic.catering.	172800	IN	A	65.22.33.24
+v0n1.nic.catering.	172800	IN	AAAA	2a01:8840:23:0:0:0:0:24
+v0n2.nic.catering.	172800	IN	A	65.22.34.24
+v0n2.nic.catering.	172800	IN	AAAA	2a01:8840:24:0:0:0:0:24
+v0n3.nic.catering.	172800	IN	A	161.232.16.24
+v0n3.nic.catering.	172800	IN	AAAA	2a01:8840:fa:0:0:0:0:24
+v2n0.nic.catering.	172800	IN	A	65.22.35.24
+v2n0.nic.catering.	172800	IN	AAAA	2a01:8840:25:0:0:0:0:24
+v2n1.nic.catering.	172800	IN	A	161.232.17.24
+v2n1.nic.catering.	172800	IN	AAAA	2a01:8840:fb:0:0:0:0:24
+catholic.		172800	IN	NS	a.nic.catholic.
+catholic.		172800	IN	NS	b.nic.catholic.
+catholic.		172800	IN	NS	c.nic.catholic.
+catholic.		172800	IN	NS	x.nic.catholic.
+catholic.		172800	IN	NS	y.nic.catholic.
+catholic.		172800	IN	NS	z.nic.catholic.
+catholic.		86400	IN	DS	20539 8 2 433482CE6522917B6F0C77C23765CDD4BDAC8C05FF5012FFEA892CC9DCDB07F8
+catholic.		86400	IN	DS	21967 8 2 A6AAC594F31E65E79E0DCEDE4D0A0B10EAA0F4DB43DD7174FD928E01BD5542A0
+catholic.		86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . eMQZJgGzskg2P0GcnTOjq/8xcYLOfTcUmYnFUgGGEMe7owvb48Y2M/F34Id3bZUhVfrbvL0yF08epWY76K/6gAZ5on/j5CmPg3ss+tqP4LrHxz7XQd398Fci620BU3ritFYLQjGbEbWrFfSheGhdkvYuCyLRkgcrBrdULAN+5ehqunZlo6gxVNdbippk6PTC3mmPYqb8rocdXIZpX8efcNUJPTK93nOmw8mAvFr7p/P05B3QqWk9qQMa/yO4DLLX9Udqq+4l522Q7ltN2horratl0BwB34wMe4buGTxWH8YXma1IWReXFcyRosE26mdvx2TF2TbA0xP37bGelkLWUg==
+catholic.		86400	IN	NSEC	cba. NS DS RRSIG NSEC
+catholic.		86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . wGGbh+JfzjWMRPlOD38Cw9LV1XSgsR+r2bOypCid9lgIVplomECdVOwviyNWEbZf1thePu1N9DDoqJHahniK8wLh3b/1zw5rb0iF7zm/av1Innix1feFxbS6jq5AuAkYKISNbYPOjslTAC+LTzWfH7jaxYyzNmq+zOuRZ7edAO2I89+KkYSwqvWg9JgkdPqMk7iimM3cDAjQiJsvZTsQHEOZPICRaaecIcfWm6JR7EIOctEFMJ28JDbZGg1rL0TJS0yG6gZ2XToRjRbzdyJ+jSn2HnK+mduYgoSQp3GSJomTwINECmRtTsqRJZCRZbbivtLIjjAnLG8QPgJGA8yP8w==
+a.nic.catholic.		172800	IN	A	37.209.192.9
+a.nic.catholic.		172800	IN	AAAA	2001:dcd:1:0:0:0:0:9
+b.nic.catholic.		172800	IN	A	37.209.194.9
+b.nic.catholic.		172800	IN	AAAA	2001:dcd:2:0:0:0:0:9
+c.nic.catholic.		172800	IN	A	37.209.196.9
+c.nic.catholic.		172800	IN	AAAA	2001:dcd:3:0:0:0:0:9
+x.nic.catholic.		172800	IN	A	156.154.172.82
+x.nic.catholic.		172800	IN	AAAA	2610:a1:1074:0:0:0:1:82
+y.nic.catholic.		172800	IN	A	156.154.173.82
+y.nic.catholic.		172800	IN	AAAA	2610:a1:1075:0:0:0:1:82
+z.nic.catholic.		172800	IN	A	156.154.174.82
+z.nic.catholic.		172800	IN	AAAA	2610:a1:1076:0:0:0:1:82
+cba.			172800	IN	NS	a.nic.cba.
+cba.			172800	IN	NS	b.nic.cba.
+cba.			172800	IN	NS	c.nic.cba.
+cba.			172800	IN	NS	d.nic.cba.
+cba.			86400	IN	DS	44287 8 2 8CA6ADAEA243428A99943519846FD6F6BD355EC4990533D0569EE0E6075EB863
+cba.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . I8q4jVKhYxGZp1S3xVf7bhW3WzK8lKW5s6sn+LqFdP1SPTYNxXauCnB0oKBbFDh2xRm5LjtalzjOG9bj55+GtlcRlFWcnMFQIRiUfLXeh61w9dXAU98FhN0iJEyNFn8L/t3OU8Cg+ZGdvjdiODtRW5W6cKWfyRAuPEtmnZ3XcKRMoYnDyr1tTv7jgOYu1z8x9e5U+qv7w+nCV9ojm6ijjUs0tzWq/gr2HyoKvY7V2VpreKfUJFia3c4aGrxExphBfWqUFuGnxQAVsiU6Zt8tOZplUaHiQoBP3VOy5lBTUEhhT6hXZE6rjp9ZTVX6kOrmQRxosG5FDer3b5KX5AgeWw==
+cba.			86400	IN	NSEC	cbn. NS DS RRSIG NSEC
+cba.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . K0iivqpk5n8PZSS4E+2hubjWnzJ4m+Z6TYJDf0AAzDYdwTZfhc0GntwzYr4/x4xnhvo/gKJ7dBlhg8/HBm3rQIx4Sh6O61KxAdqN+R3W4y2P7CmSyhMJTPG1SyukM6I1lYTTR61Chc3FzhCeS4otSW9xjLi2AEeHtr4EVKRVnqJjhm0QyOBM8vljskYK7Bd3aR8Hdvu5XnLRJSAl4z820S7GqRdUyyNMLTW2jYkdzTKeIrA/es+OF7otwPzHXm9hz7vLPOori8qpFbu9wVdLidTY7YW+zWqB4FHO9qQr907bV2mg2EoKA9p4k4GwtfwI284xaS1uxkCvW8EY+/8CpQ==
+a.nic.cba.		172800	IN	A	37.209.192.9
+a.nic.cba.		172800	IN	AAAA	2001:dcd:1:0:0:0:0:9
+b.nic.cba.		172800	IN	A	37.209.194.9
+b.nic.cba.		172800	IN	AAAA	2001:dcd:2:0:0:0:0:9
+c.nic.cba.		172800	IN	A	37.209.196.9
+c.nic.cba.		172800	IN	AAAA	2001:dcd:3:0:0:0:0:9
+d.nic.cba.		172800	IN	A	37.209.198.9
+d.nic.cba.		172800	IN	AAAA	2001:dcd:4:0:0:0:0:9
+cbn.			172800	IN	NS	a.nic.cbn.
+cbn.			172800	IN	NS	b.nic.cbn.
+cbn.			172800	IN	NS	c.nic.cbn.
+cbn.			172800	IN	NS	ns1.dns.nic.cbn.
+cbn.			172800	IN	NS	ns2.dns.nic.cbn.
+cbn.			172800	IN	NS	ns3.dns.nic.cbn.
+cbn.			86400	IN	DS	38299 8 2 1907C6C2996FC1DF2198492F294525824C6321AE8A891284B0BC74EFC2083538
+cbn.			86400	IN	DS	53419 8 2 030DE643AAAF4C8F1D7D61A6D3E89EB48ED654916C60C670B72A083F43C48312
+cbn.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . cCl7E0e/HXRmTp2s0Vz/ZTh91jKfSfBRS/KO0RM2i4oB6CFakbueXJkvWAgoRC3NRJ3YiIh1E3w45qV9TyamoYhnFjTH4OjIg3gqzA3c+UOSQWvP/mXGcEkKKc8jKwSRqSXy8ahfvRs6MQFSCvwGdwQzGjfQAuhOK/KwbccEKzzY33IXvvtu4eVZDfus3moF9HlEzrVqR/yVGHUltW0mxO72fmAYuSbyqDLS59xMnQvB1rJEiE1C07CiGnS84YbKu7+1zIo/mSnO4cXo3cpKub2KRYKUol8t1+CZKQTEZ3pb/+R0AGWF/h0vTwKyFDmvKxCiuv+a2ARwwQRarTLuJA==
+cbn.			86400	IN	NSEC	cbre. NS DS RRSIG NSEC
+cbn.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . McF01sUpnu1NfB04/la1aD54V+gafiMxraodJYhbVgvFnxJRrwlhlUNg2SRbu1enVOC5bVfW1p6XjdfBKvN4G1gCIP2TPOS1WFlbdhttmIvXD3cJyekXjlLbT4v9XBv8kkQrOdPPMVEpmGc781mxZpvdzH3G7tdtwTt9+eSvIwwn2TZWviztnIlKgX0K/J3VU1S40aecUK5pUhGzjkA/wA6tbDJ2iGaltEVo5S4uFKA3r3tjrrXLw0LTMVjcDgy+QYKTCsqvxspr1a8rhE9SIhQEO9zbZhT/JqTmCHRxW2eUB2wRhwvZEPvsiCYzFEb2yEiXLNuj7HHUuPndZmI70w==
+a.nic.cbn.		172800	IN	A	37.209.192.9
+a.nic.cbn.		172800	IN	AAAA	2001:dcd:1:0:0:0:0:9
+b.nic.cbn.		172800	IN	A	37.209.194.9
+b.nic.cbn.		172800	IN	AAAA	2001:dcd:2:0:0:0:0:9
+c.nic.cbn.		172800	IN	A	37.209.196.9
+c.nic.cbn.		172800	IN	AAAA	2001:dcd:3:0:0:0:0:9
+ns1.dns.nic.cbn.	172800	IN	A	156.154.144.35
+ns1.dns.nic.cbn.	172800	IN	AAAA	2610:a1:1071:0:0:0:0:23
+ns2.dns.nic.cbn.	172800	IN	A	156.154.145.35
+ns2.dns.nic.cbn.	172800	IN	AAAA	2610:a1:1072:0:0:0:0:23
+ns3.dns.nic.cbn.	172800	IN	A	156.154.159.35
+ns3.dns.nic.cbn.	172800	IN	AAAA	2610:a1:1073:0:0:0:0:23
+cbre.			172800	IN	NS	a.nic.cbre.
+cbre.			172800	IN	NS	b.nic.cbre.
+cbre.			172800	IN	NS	c.nic.cbre.
+cbre.			172800	IN	NS	ns1.dns.nic.cbre.
+cbre.			172800	IN	NS	ns2.dns.nic.cbre.
+cbre.			172800	IN	NS	ns3.dns.nic.cbre.
+cbre.			86400	IN	DS	29824 8 2 1E62D3EA2EC98F8360413E0291EE4A9F51870C43A37CC027317FBA746FDE3FE2
+cbre.			86400	IN	DS	46225 8 2 F737A4FD2C347F5F1D4E4DF8F4977BA169F28829557FBC8C477051C041268FCC
+cbre.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . f9pn+XammVp0mKcmf+madPjWWUq5KESiSgqNUCNNkOej/sruqR2uDhYZeJOhUCELOGKmyRavhY3wR/4581ylRqJS/ELbUnvfKUWUl9ulrVczz15gRF2F7N/R/CyTAGXtjPkWTM3DES/v3yf42awgT0YovW+kg4qqws8AHUXqYWaGJEwcda58zUISE172JDrTOkAq6MV/XFq2Pywv/DbODeN82tU0LC8oGCBZhghPZoH6LedSZnSspBxu5Eqneopqgety1UpuKIyPEIzvJI8BrRGI963l6oP+q7Jyu3klsqrq5d2+rUahIE5T3xy68vGua58FERfSZxBqUhSR5p++FA==
+cbre.			86400	IN	NSEC	cc. NS DS RRSIG NSEC
+cbre.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . uZCkN7MjdmVwpRugWniBeq78QzpmtpOAZMI0EwgdimAIjFzcZ5U7lm05557kV2INF2l7FxbO/aJvT4IlDh3QHSQIXos5kBNb2podzI8kQsBcYKENxYhIbuwDmYw1I+h9yzazFJ7ThBrMRIS2UCBaCqDvoVzR4T0JzXh6/mSYVi6qvDFqsJpzMytSsz+X8Lh+0SCFsA+i2zYUETW92ADaWjuMxV+jzVTEnSh3c6z3iSWGxucaAEH5MirsYOQNoU0OnTPHHAp88KAqLUz/3BYHJyvddGv4Wg7/IzwpUNdkHe3CNS4cV05QhiEIc2JhwiMyRsXRCVx9PayIBXna4bJ2FA==
+a.nic.cbre.		172800	IN	A	37.209.192.9
+a.nic.cbre.		172800	IN	AAAA	2001:dcd:1:0:0:0:0:9
+b.nic.cbre.		172800	IN	A	37.209.194.9
+b.nic.cbre.		172800	IN	AAAA	2001:dcd:2:0:0:0:0:9
+c.nic.cbre.		172800	IN	A	37.209.196.9
+c.nic.cbre.		172800	IN	AAAA	2001:dcd:3:0:0:0:0:9
+ns1.dns.nic.cbre.	172800	IN	A	156.154.144.36
+ns1.dns.nic.cbre.	172800	IN	AAAA	2610:a1:1071:0:0:0:0:24
+ns2.dns.nic.cbre.	172800	IN	A	156.154.145.36
+ns2.dns.nic.cbre.	172800	IN	AAAA	2610:a1:1072:0:0:0:0:24
+ns3.dns.nic.cbre.	172800	IN	A	156.154.159.36
+ns3.dns.nic.cbre.	172800	IN	AAAA	2610:a1:1073:0:0:0:0:24
+cc.			172800	IN	NS	ac1.nstld.com.
+cc.			172800	IN	NS	ac2.nstld.com.
+cc.			172800	IN	NS	ac3.nstld.com.
+cc.			172800	IN	NS	ac4.nstld.com.
+cc.			86400	IN	DS	519 8 2 E1EC6495ABD34562E6F433DEE201E6C6A52CB10AF69C04D675DA692D2D566897
+cc.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . x/jq7lMTAaeTnGSM/K5jOVcSFruFw1E2SACxFMmzVgGMAVrQFH58vaNT6LtGW92kL2Aw7OR7jgE6huWr8C+i1vF1TpO7/yhR4Jw50NcLRoZTnYQC/MWAYc+satPlUJxpllhhYvj1T95IPsTtelygm3sJKnlHXsgQ6neKNMf357ECmNuqSbBrTMH9BM6DTfzM8ssBlkgOeJW4cnWzfGqWDdXX9voUbu03KvMEcBbOtB4JYMKPFyHP9LGUBd3JCxMbTIWs5xRd4oc9MpQPpH0UIX72dabMkPX7nv0cBDflVYM432QGzq+3/rj/MoQYmj+4es+N17SPeuqclW1Q6z0j3Q==
+cc.			86400	IN	NSEC	cd. NS DS RRSIG NSEC
+cc.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . aXAc8GrNsEWublkEI16cSqFtqoQFqprProcygsJ8dGiUX+NA65+LepnqKpROTZScbZUMZJXzTpoQ4Kx4LXYMVlNHGZsvRKXHMV6DdPNulX7zoPgZ09i1PL08AziaqhSznLn1JKVa8Q+m6x2UiG44ysxaP69Sq0j63vsrtRBTw4zJz2aBHRrApyO6liSh/9k9GdhWC/MhIFDUbM3Y+DYXmBsVkhftijSfXKiOu4fVN5g6qBgJ8PwP56qOpOn6cgTpyowNZVnYomQ1dlfoJ9FhjSWh7vywBOhrStWXja8EC44ZkeaIu8QuYQ//VxlD2rn/2OVm2MJJ9X1b2+vn6CBifw==
+cd.			172800	IN	NS	ns-root-21.scpt-network.net.
+cd.			172800	IN	NS	ns-root-22.scpt-network.net.
+cd.			172800	IN	NS	ns-root-23.scpt-network.net.
+cd.			86400	IN	NSEC	center. NS RRSIG NSEC
+cd.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . dN1R25gNRaM95qFpCbVNpBpmKCLxHDCIU0iFvHCNdm1s/YzmTIKcQCuLNt6XfXdW6as0s6uGGVgxaqGINQoAto47eTGr9N4+8B9uIXnEu0taDR0L5EpgegZ2CRNThNRv4MhrJ4VvTVbjVtu1U4WhF/GafgsrxpAQcJanMftPTLI9yMdkfCgIk/jDR2NFgxTUlYR932CpXh/ftc9iBCcxxWYHy/FuhTdk1hlpd916uml6XQ7nbMZ+Zd+fpH19eByjWeuFFLCnD6I3w8imCJ5UlRGjin411edr882skoAmDU2VGoXSss26UDVlKZUjmLtcWf2qn75bV4wFAF+eQ4gYwQ==
+center.			172800	IN	NS	v0n0.nic.center.
+center.			172800	IN	NS	v0n1.nic.center.
+center.			172800	IN	NS	v0n2.nic.center.
+center.			172800	IN	NS	v0n3.nic.center.
+center.			172800	IN	NS	v2n0.nic.center.
+center.			172800	IN	NS	v2n1.nic.center.
+center.			86400	IN	DS	44842 8 2 878CABEBA9FD175F4D525664473452CFF09B626D60754B0D49B8F81AEF73C9C3
+center.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . z/H0G7uW0ADCAIso/BRXzUD4Wrqp3TfHKdtU+52j6Az7iJHNtrli2xHgG0KBTyN0VZ/+YKl1+32PJ337stRzapAD4jkz9hg2pvp9Eg7PB5DwW1IafEanDtF/Ri5b89xXXzbU8xCYiOoQIFOryVea1V8kKCP6yRdz6yTLLkxT7gLXm96emoGfuahRsLFqn+xlKff+tVf30NnjUJC3AJVMhL3oTqQ5HZVt/3lvA2onyTO9gWHxui6oU6w9F/D8dytDVc/Nl6ABqKsYpwnCd2VhmLrRSKJ0vINyxe46BhkvBw3fBSzAfoac+LLE3dk8p+daOYZpvyBjcnSN+MT2P8UcfQ==
+center.			86400	IN	NSEC	ceo. NS DS RRSIG NSEC
+center.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . AmWOvOwtkIOPzsruLMXLIaklBopMTBWP81bPi2hnOOeaBvd29PwqMvrUELlgX3fQNceSZNI/06DgOs5GewSiw7oogz5rZ1Yi9+kjwETf2arREUJZ5PCWHoRFn8m+9rhJYM1fR2FqdJOd02490s+FmhduPwF5yxIlEUaG1StR98YbELv2N3N80T8FUucIK7P/zGJH4+GLBkq01Nf1TguoyqqPDxPwS3aIYTdT64rLQWUdBZSYPx73b7qXhZ2yS73x3yamUlS0POzrgX2PzTsoaxkzp3x7b8ntd+TyVlxPHRcFEi+YNlt+J4v4AU/JAYoXZg3tSGt0PV8IE671lItm3g==
+v0n0.nic.center.	172800	IN	A	65.22.28.4
+v0n0.nic.center.	172800	IN	AAAA	2a01:8840:1e:0:0:0:0:4
+v0n1.nic.center.	172800	IN	A	65.22.29.4
+v0n1.nic.center.	172800	IN	AAAA	2a01:8840:1f:0:0:0:0:4
+v0n2.nic.center.	172800	IN	A	65.22.30.4
+v0n2.nic.center.	172800	IN	AAAA	2a01:8840:20:0:0:0:0:4
+v0n3.nic.center.	172800	IN	A	161.232.14.4
+v0n3.nic.center.	172800	IN	AAAA	2a01:8840:f8:0:0:0:0:4
+v2n0.nic.center.	172800	IN	A	65.22.31.4
+v2n0.nic.center.	172800	IN	AAAA	2a01:8840:21:0:0:0:0:4
+v2n1.nic.center.	172800	IN	A	161.232.15.4
+v2n1.nic.center.	172800	IN	AAAA	2a01:8840:f9:0:0:0:0:4
+ceo.			172800	IN	NS	a.nic.ceo.
+ceo.			172800	IN	NS	b.nic.ceo.
+ceo.			172800	IN	NS	c.nic.ceo.
+ceo.			172800	IN	NS	d.nic.ceo.
+ceo.			86400	IN	DS	20929 8 1 BF13ED10CE2850F7C686261F06DA97A0E5EB78A6
+ceo.			86400	IN	DS	20929 8 2 DCE04F950578106C1C5F8386DB709467091C961227606F0A761C7A0E10E2DDC7
+ceo.			86400	IN	DS	47971 8 1 C1D4B59F029DBFCC32C1B3524EE5F5B87735EA60
+ceo.			86400	IN	DS	47971 8 2 CA81C48A6831FD48D45CAF9A0DEB74D0E8B8F217CDD05CFD7090C1F926219AEA
+ceo.			86400	IN	DS	63689 8 1 DB7A8F6AADCEE147D241A9778857E94707234D4E
+ceo.			86400	IN	DS	63689 8 2 F2AB788C2802C3F219D53F37E7E1687ECF2E453E04BC5ABCC0B444FC0E35B1EE
+ceo.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . vem3qzLMcs7Vv8J50j6VSXPIrpLlz89plxyFGeTcjB5sMuUCgvMMnoFmyODSiRuLRUBlc5gxFGeSzju9zoX7sPXXtqTduQ25L4GwQnPJq0FWaDqOqvTPqhUnBTGBIEE/ZSaKwaIUPsFu5jgKdt5JUI8R78xrbieD6iGbvYpMtmQkLTaKkg4BQgu62WeYgtOpISUtKI4unnsop6ZWiPQpUlcPiotI9pfk47Au7SYSIPaLc07QescI4i82ZrGaMpE6gNxIRJB10gmxAX/zGx4mAakg0zTCIICg0uuMTO+f18WXGkPuHrCEw6GX6sQ5uHE9873arKlsHUZ1G8ZajPGoaw==
+ceo.			86400	IN	NSEC	cern. NS DS RRSIG NSEC
+ceo.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . rJCXVjRCUnrJ4raN3XTARb5XMfyga/f0BHkMce21hye4DkpZ3TUnKr4fcANVU78ld8DCMnTqKdEoo0epdA04a62+25PVSXapAScVa/MCqrnIicJHBCQqCaQ89JKVVL4YmeJKGdczzkd6pZjJ7h3sMedksxQ21717hbHgODAvVeAXCnCZbvkxZ+1SI4YhLPEJRUroKvnXK8OvOBE1YWED7e2FrnPH181E5JHB1Bqb8ilvdGdXrHYOKGpW3Z/5y5S7uYh32jL0U3nJsAWytOyFTJA+OMYxRMP+mb7Wfdk8I4yUiohDuA/8dt++lfBvv4KSFN6/sV3t0FOwemXIP6bJZw==
+a.nic.ceo.		172800	IN	A	194.169.218.78
+a.nic.ceo.		172800	IN	AAAA	2001:67c:13cc:0:0:0:1:78
+b.nic.ceo.		172800	IN	A	185.24.64.78
+b.nic.ceo.		172800	IN	AAAA	2a04:2b00:13cc:0:0:0:1:78
+c.nic.ceo.		172800	IN	A	212.18.248.78
+c.nic.ceo.		172800	IN	AAAA	2a04:2b00:13ee:0:0:0:0:78
+d.nic.ceo.		172800	IN	A	212.18.249.78
+d.nic.ceo.		172800	IN	AAAA	2a04:2b00:13ff:0:0:0:0:78
+cern.			172800	IN	NS	a0.nic.cern.
+cern.			172800	IN	NS	a2.nic.cern.
+cern.			172800	IN	NS	b0.nic.cern.
+cern.			172800	IN	NS	c0.nic.cern.
+cern.			86400	IN	DS	20371 8 2 5A48EAB25C4CF4978949D677C182876C48A6C5B7E2282926A954E8E9C8BEC393
+cern.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . QAWkVxvK8Xjr2EugcwpFGq/LiDqj5tSIWwmHtkCp2/r2xNMUQ3DbtYDLTYu2yizBesFx0R7/gGwleTQTqMeNRZROBmEU0HVPg1qbHzqoAVRuvqaoQspB0rsblmU70gNOQEzLQk5O1k3+WzJE8u/8GfFQf7yMksuNyxxeIYGMal1vQlR5/ImHvnIjHTnZWY06KAhpPODnaI3Bs2Deg2QaLENTDCaotaV75qxcBUp2sDugA3+k/AB0T/JNHDXGNXeiayUz+Dd5YF8yAdLpw/VlujeY9//CZLtbR6RBTGInz9Dj9DSaLl1aMOOqld+FWcjH1FJptWXBKMsNIrXGzWMAMg==
+cern.			86400	IN	NSEC	cf. NS DS RRSIG NSEC
+cern.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . hVfubWRvlSvvNb0e0rSWwLXAOi6HTm80Jf5/vLUvjyIGtN8JXRz/N8NX/lD4NgxzMAnyHnbF0bbfm3HmYZBz6EdTI4GxN4LJhoNCNuNl95tFY5ggcevOst69xREF7aeSaPo5sEXhtFSmpDfeyi7dMocjge1jurPE39k5zozVeTl1sLVNjtVYAQnjZYlX7dS8CRWIEdArmxHcBbB1NYu1OB2jWsMZHFRURCki3BMLupgQ898zst+EB6szly7tcEbKbYR6okV056+Xeu9GpC8DLac+eVPdDZWyg5JrKFY0LNBKw1eQdzVkPC8Rtc6AFvJUrytWgJza55ePciqkUgNmLw==
+a0.nic.cern.		172800	IN	A	65.22.224.1
+a0.nic.cern.		172800	IN	AAAA	2a01:8840:da:0:0:0:0:1
+a2.nic.cern.		172800	IN	A	65.22.227.1
+a2.nic.cern.		172800	IN	AAAA	2a01:8840:dd:0:0:0:0:1
+b0.nic.cern.		172800	IN	A	65.22.225.1
+b0.nic.cern.		172800	IN	AAAA	2a01:8840:db:0:0:0:0:1
+c0.nic.cern.		172800	IN	A	65.22.226.1
+c0.nic.cern.		172800	IN	AAAA	2a01:8840:dc:0:0:0:0:1
+cf.			172800	IN	NS	a.ns.cf.
+cf.			172800	IN	NS	b.ns.cf.
+cf.			172800	IN	NS	c.ns.cf.
+cf.			172800	IN	NS	d.ns.cf.
+cf.			86400	IN	NSEC	cfa. NS RRSIG NSEC
+cf.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . NLg0gOwOGBN6cX6/sd0cgHEs2CZvdASyrLcBP7xq1oc9p5V1NVau2+Ptc5dEEdK5KbsvZSZH3SepfQ6U5rP4sBv+x2I10bDa5K/5eeDWA9c6qqNeUgMvCex6sfkBMyxEqFeItcMg9tY925NJJa5rtQOEw7PDm+nYrpY7DnahEnPJ6HbYrGApBqUJ3n9LgBsi0q52s6hNv1LKbNjFoZTHWN5AQhgmyo+wOTfSss0xaf2imWGkncaPJMmVuBnC5OBRrMUDd79L524SWKG9Bmoyv239OvkNdgHlFwV2S/pfW4RcnSMFHXhdt0DiDjj4pjEOAo8HkA21AA17W1no4xytTg==
+a.ns.cf.		172800	IN	A	185.21.168.17
+a.ns.cf.		172800	IN	AAAA	2a04:1b00:4:0:0:0:0:1
+b.ns.cf.		172800	IN	A	185.21.169.17
+b.ns.cf.		172800	IN	AAAA	2a04:1b00:5:0:0:0:0:1
+c.ns.cf.		172800	IN	A	185.21.170.17
+c.ns.cf.		172800	IN	AAAA	2a04:1b00:6:0:0:0:0:1
+d.ns.cf.		172800	IN	A	185.21.171.17
+d.ns.cf.		172800	IN	AAAA	2a04:1b00:7:0:0:0:0:1
+cfa.			172800	IN	NS	ac1.nstld.com.
+cfa.			172800	IN	NS	ac2.nstld.com.
+cfa.			172800	IN	NS	ac3.nstld.com.
+cfa.			172800	IN	NS	ac4.nstld.com.
+cfa.			86400	IN	DS	53505 8 2 AFC328685D96EA41036F4563042DB2D7485C8AD9C790BD22111ABD414BCAFD17
+cfa.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . NbpJ6eOwpbEShLtfOgznzptv2LfDy5caZWKan2gcKB1HX17sU4X3s/N1Z/YbGpRZnFUwsaYqXzqZ0VmuPsQnNC8jA1SyO0J5KRrrYSyYB4/rLJUR2EegdxeSPqRODuFUgazbA1esneigV45SKFxkCo/70xFf0EHWr1DaKf+67EALZhAU2ca7N3BAGOdrpqFiP7AOzRFpwW8GQcZ48VLWoeBGwnzIY1DxB99+m2m9mM7ryCiSGiBKF2h/x4E7zXjkmcA8fedb1c91Xw4Bdjd5v+OW3mswBGt94qrbUReE4/TPzrGqFx2+eBlQxmHQF3DD2LN9ZwOTpwsklpeHamsEkw==
+cfa.			86400	IN	NSEC	cfd. NS DS RRSIG NSEC
+cfa.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . EWIgFJiOMK5svG7Vd3dsITXz49gk7mXnW+e2PubqXjzEdSc8XKp4Sz4v3EfQgB73YE3ot9jXHDuF5l3qglf948GpnA+bqS3qcJcdI364YSvN2zU/4whgE9KOMOLq22lkcPgpNyjFtCRFI8BFEFqLv+WjzP+h/Nq98Pho8+OPGD/x61G1htqJNQT61Lh0z45N19Rfr9j6Oia+VYAqsyVxKFXVmFjhgbMmLd1x/Isp33T9biZghaZ3m7nCN2wcd6bmxFmlkEmMTzNPVCJug2IM8yhpIXr97m4suOxSPjU94AwaDhtlyC8ivU6T0nybTXyD1R0h2cmrjdUheNoaJwMKRw==
+cfd.			172800	IN	NS	a.nic.cfd.
+cfd.			172800	IN	NS	b.nic.cfd.
+cfd.			172800	IN	NS	c.nic.cfd.
+cfd.			172800	IN	NS	d.nic.cfd.
+cfd.			86400	IN	DS	10525 8 2 42FD41D6533AC785EF64CF9BD36B16463C5A161DA2AF25EC08C114B40E82F2D8
+cfd.			86400	IN	DS	27333 8 2 63F199E72594324007D15C0B77B25F4C643E07F0064EAADF08341287856571AA
+cfd.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . suZCYJXvSXQ6nPpTYhr12f84ylygkkfTdS8d7gPvwKbxIrqVKK6a6Ezw04ww9G8Z4SnEosQ3lohDuYApNpcouSEEKd7SkCvIafiby0yJmCp7Rye7LnC0O8X/DEtCpnaB5b8RO1W4fV+SSFGUGr6P+g/FUBh7BF/3/7j/MCgHuN2hR147RcltsKXzv5C1Sr/WEGLinUN9Sk492tAuclwmsOLe9vcmX1K4J5U83iE/Z+eCzZE176IyvmjyfKSrkv8KBkMgnQ5xvh1ShccRr6cr5ZO7DWsiIVNy2zYHdBjSCLf0wcvSWM6l7HpkwP9Pf7U/zP4ggngLtdKOnP2Hm5Hbdg==
+cfd.			86400	IN	NSEC	cg. NS DS RRSIG NSEC
+cfd.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . GQ8hxl6PAYvgpdL5Mao82LDbVWWZZ1qdxTXgXlfW9/t7s4aS3dT70oWz5POsIi8FUNsXatPfNj8tYatLt6khUjCd3nhKGvKiVpztWmjB2zgo0sCyyR/srNlFu2zGAzzDgVFqP7/vvgovVlXqExjdUk94m+R1bTFFuOPQPD/3IepXCtCZEwRJWDfI40rHEEikhgvalQl1DnIFUfue3rEleHlHN2dOHzwCtEQNpTTwlUpoEN0pISJ0WCmLt/+xyKYPD3sqO/ACm5F5oAB2xNoenhd2aXs3T1rDZY1+MerK77raNtNbcgriBwLia08a8uXjKLEWGNQsYrJW9CQiXzdEbw==
+a.nic.cfd.		172800	IN	A	194.169.218.122
+a.nic.cfd.		172800	IN	AAAA	2001:67c:13cc:0:0:0:1:122
+b.nic.cfd.		172800	IN	A	185.24.64.122
+b.nic.cfd.		172800	IN	AAAA	2a04:2b00:13cc:0:0:0:1:122
+c.nic.cfd.		172800	IN	A	212.18.248.122
+c.nic.cfd.		172800	IN	AAAA	2a04:2b00:13ee:0:0:0:0:122
+d.nic.cfd.		172800	IN	A	212.18.249.122
+d.nic.cfd.		172800	IN	AAAA	2a04:2b00:13ff:0:0:0:0:122
+cg.			172800	IN	NS	sunic.sunet.se.
+cg.			172800	IN	NS	dns-fr.dnsafrica.net.
+cg.			172800	IN	NS	dns-za.dnsafrica.net.
+cg.			86400	IN	NSEC	ch. NS RRSIG NSEC
+cg.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . J1XyvO4qEI9U0rOu8WsS4gV0LCKBM+INTCFvOwX8hqZhPrDkm+ozQQX44rxb0/B+ifFBL0V98OQadXaBuX//whWWYSd4RiL4O2PiOIjfhZBWiw5Dpqa41TwSQsng7RDXqGxaD/dusz7gWkpV8FM23gub8qpR7obIUweyrsmFbt3pc5yyacceHFjykzl2Z/fuyZnBArrs61ZhS0nPG2g7o9lhKp49VWxR/NwFvAls9G9ObPZ/mWTCpUWDpPF98sHbcE48XcT9Ejhbx/25FmQiodK/sMBe9ArvHdq5qrOaS1N74eLDcJmSCA2x5rcvmT+aXgUSAzX5GAZtnPukUF8cCw==
+ch.			172800	IN	NS	a.nic.ch.
+ch.			172800	IN	NS	b.nic.ch.
+ch.			172800	IN	NS	d.nic.ch.
+ch.			172800	IN	NS	e.nic.ch.
+ch.			172800	IN	NS	f.nic.ch.
+ch.			86400	IN	DS	10 13 2 0E175543A74D9083EA977BAB2BEE98A771995F80982FB796B2B0B9CC6413D1A6
+ch.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . q0N+CvCktVZJsLUNngRGkAvfaVe1zi/yTk2fUywLBETSju7RVlpI6AlpCQbP0aulpCgaoE3dOplyWBtpwhi93UUQoe6qMQIvVrCG+sQ41l7SSagS/6FfYh4NAwN3Bb3nxaN82sYKw9Lb1DQpRmlwzbJmLh5e5J2uIJ1OmyuTSsH01b1JmrWDBJn4qph0F8BYdO0E+QspRcyRv+97VtveOMo9sXKYa6+p/eMQD8AGyNBmPPhmf3qqvRfC93GNY0m6mP/BQyWWQjTl6Q2+AqjrqXPzkGu1FS80XI0eFrLNgKuxOUDN3z8ObyvcoKtVXWhJCPSTLYawqX46hb8oO3HKDw==
+ch.			86400	IN	NSEC	chanel. NS DS RRSIG NSEC
+ch.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . o1wH08OjV+BG/P+COUecr9pqRU+mXC084VpTLNgNSlgD8DMtK5lEv8dov0imGR7XtgLesA9M4nxMNAxpP0veDdNtLKJvuNuFTFroruX5ZiqzsUtQU9Vd7jqt/7CpmIxjsFluMekosavs0VFkgfDzye58MTHESyLEMA4U8z+RhEiSfQsp0UMfgvwBtoP00YjeAIdrvDiqjSEFHWU30R958+GFa10IZ5O+I9f5/jPmCd2uCjHkuDa4bhh0It5eX/0zdCg0rcg68OLPpG/R/NDCNYx5YOaJCIlu/9K1fleUWKhfNaCthHv9k2yvp7v351EreXqXeMkJWEEhwQ+BkfBSLw==
+ns.itu.ch.		172800	IN	A	156.106.192.121
+ns.itu.ch.		172800	IN	AAAA	2a00:7580:60:2141:0:0:0:10
+a.nic.ch.		172800	IN	A	130.59.31.41
+a.nic.ch.		172800	IN	AAAA	2001:620:0:ff:0:0:0:56
+b.nic.ch.		172800	IN	A	130.59.31.43
+b.nic.ch.		172800	IN	AAAA	2001:620:0:ff:0:0:0:58
+d.nic.ch.		172800	IN	A	194.0.25.39
+d.nic.ch.		172800	IN	AAAA	2001:678:20:0:0:0:0:39
+e.nic.ch.		172800	IN	A	194.0.17.1
+e.nic.ch.		172800	IN	AAAA	2001:678:3:0:0:0:0:1
+f.nic.ch.		172800	IN	A	194.146.106.10
+f.nic.ch.		172800	IN	AAAA	2001:67c:1010:2:0:0:0:53
+chanel.			172800	IN	NS	a0.nic.chanel.
+chanel.			172800	IN	NS	a2.nic.chanel.
+chanel.			172800	IN	NS	b0.nic.chanel.
+chanel.			172800	IN	NS	c0.nic.chanel.
+chanel.			86400	IN	DS	23974 8 2 DE196611E08D7B8A34A9248763C03EF9AECC8C617FEF0B60662964711CD5E24B
+chanel.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . ZK27UPTszGwbgVb4q48w35eLd+nKzOjzxXXvc4f6Tsy0uGUJPd4QjDHUtuFyheBPqhkuXfnmNmvPHGcq+Fy2GKJXqY473mnIqQg+89Z09TIJ0KP7ANtTjH19uzDLovn320GLlQ8PpGRI90Rd+7uOv8nls5iJVw2OFCWzqXpRdL4dipBVdJpZXDJ34JVnA+SXLkh4aDKKuCpxS8bjnlnDLwHxHFM5mOnPUB9+at1/EstlzFVq7PrY/JOHszVv457glzZjlFVtZRm2o3y0Ak6CFdYlpNA1JERS5s4CTAQo+8B4Z3r2tY4WbY0z0/REOJJbDyvMrPhkDxSeoIN72mp2Hw==
+chanel.			86400	IN	NSEC	channel. NS DS RRSIG NSEC
+chanel.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . jbCVS7Nd68Sz1mYD7N+DqgYyP5aZYM/Ut/N7NvOcHqyY6ijTPxzFy7/S+D7zq7grMGfJFcJrVV8EZoD/+87u4LWTx+N45iG7sRLwiy7FmmhR5N5Oegdl1+scjX1vOYj9OOAGIfYMCzHYEppdH4QdAzyOEyUeA1zUp1LMIpPinZz7saSAbjiUE6L0g9MiMe57m7909kpEmr7Alh3xiVFCKxFVkDmxI0ZNuPlqfga/YGdUlrOnNgzPCuKxjBCiDzL8hJ9kptmL7leD8xOMuQLwG+U9vYaNlwNoMVRKrIdiEwSldrGkk24x/k3WMQk37/iMr67f40VOYKZNoOPBeh6Pwg==
+a0.nic.chanel.		172800	IN	A	65.22.112.47
+a0.nic.chanel.		172800	IN	AAAA	2a01:8840:6e:0:0:0:0:47
+a2.nic.chanel.		172800	IN	A	65.22.115.47
+a2.nic.chanel.		172800	IN	AAAA	2a01:8840:71:0:0:0:0:47
+b0.nic.chanel.		172800	IN	A	65.22.113.47
+b0.nic.chanel.		172800	IN	AAAA	2a01:8840:6f:0:0:0:0:47
+c0.nic.chanel.		172800	IN	A	65.22.114.47
+c0.nic.chanel.		172800	IN	AAAA	2a01:8840:70:0:0:0:0:47
+channel.		172800	IN	NS	ns-tld1.charlestonroadregistry.com.
+channel.		172800	IN	NS	ns-tld2.charlestonroadregistry.com.
+channel.		172800	IN	NS	ns-tld3.charlestonroadregistry.com.
+channel.		172800	IN	NS	ns-tld4.charlestonroadregistry.com.
+channel.		172800	IN	NS	ns-tld5.charlestonroadregistry.com.
+channel.		86400	IN	DS	37051 8 2 AD6600649AD83F822CEEA5731EA43CB0C560636908219FE59BC5B0D0E5757840
+channel.		86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . wUZdtbv42JXAPAdWgzn6HtOCRF9FrjF12q9MP2Gv851lvfO7MvN83Nqv0CKcP43nwOil3vLwhWreXJIpD+okK285fleKWYDL2r3JaHSoCxF4SjZa8r92f8T9tsUnmQ6Fov3mDcCeJ4OqbtaCUCFvbXIhHSUYLrsFy50DPKyYsMWtsmjIFVism1uDakOgf3BZxAiWm6la1MZhmNU1y7mB+2aHV7brVx4J/DYZWi4XF6zUg0JTufyIEMppVoSF2LV1XXQeSll/S912C/CPVdNfH91iBUEtZ2NEI3BGFVpeMrudPYmRwSKhLQcUKahFi2Fp1hNKpLA3cbhKlBpl+8OaUw==
+channel.		86400	IN	NSEC	charity. NS DS RRSIG NSEC
+channel.		86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . nD8H6FtdWBNtYanDO6KwF7vH2iUINisa8yOvBObGHaowqlvntYnNimhJWKFWiq9cMeX5pPvIx+Wt4BBQqDzIyW22qGywAOM17+oYmsGYZ1z8wh3jdg0Q6cfJ/YCq1MP9zkEm4QLFq5DHqa/y0RY1Du3Xxv+On/3zO+66ej4PbYdRmYUpM/Bm+3L2bRhGcFQQSI9Vh7p8l3g41Grhjc7+DUkyYAqeWJlnSeFMnjr2Fv2nG7xNHkYtNx3dYAhRXfwqoDh8JXTy33ZsjRyxHGDMrTlSvYIqPM4OCVRPVUEJvPf+SIFdzLsPBGMWC8ZUqXnBPoGoPUrEMy96vTekzfyPdw==
+charity.		172800	IN	NS	v0n0.nic.charity.
+charity.		172800	IN	NS	v0n1.nic.charity.
+charity.		172800	IN	NS	v0n2.nic.charity.
+charity.		172800	IN	NS	v0n3.nic.charity.
+charity.		172800	IN	NS	v2n0.nic.charity.
+charity.		172800	IN	NS	v2n1.nic.charity.
+charity.		86400	IN	DS	52489 8 2 FA42C0A07830A438C791E59D07B39121B72564A6B0AF5EB4F2235E5D16D656F7
+charity.		86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . Rth/mGjcEcyTrs3H7cR+IFIMHKdr8MLG4G6dmHZkLHs/fq5MpRI01e/ikTdKkQ3Pb98IyrClMRcOo0ZaOv3saNLU01/KWc50SNySwscYArbxFZpl6Y0tnI82A3Q7LyvbHJTLwY4MTq3mInFUpch/xjvTOgjyNBPsTaiAEF2MW6Mu1h6rrCs0+BCXHQrmnqK70LGuiscQAtKkv8FROLT7rPsJUorFvHeG7XpShHikkOaM5y14iJYtWN9Fhd578jx7HtyoDpIZWPW9k9TrjVgUSKzgAMI1M6OBg4cM5cXQN3EmoVSu73LUhN8oXL7Ip2u3j9tfVSKqNddj2aB+4+OP6g==
+charity.		86400	IN	NSEC	chase. NS DS RRSIG NSEC
+charity.		86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . MVTKZ9ExnBBeJsa6ftDwpg2lpcXG+opams7JJJFbfJsDzhtQDyOd0Kg6YaKSQRVLmiTHBFWqsJacWgqdiB0WugwxGVIjwV1h6nfbz66aivY6r1jpX7/f2bID/KQXmzNcpoA4LBX2xl7cKlOrFmZ/Ku1tjnNEW1O+hAoAf8Wiaa5o9vAeJxG20Sw04KNdl8DMFxvMBGOy+vaiXYCdrEUa7HDPkIq16EJDTxN5TO5bOS7siy8f+3sm0iYk5r9V//0rsQYkfoWRfZwI+aMcasqCIxouDsRfUeHsHOcuKSlL71cB1NwO01E+hSyMt9vehJahDnN/yG5abtRDg3JDC+qFtA==
+v0n0.nic.charity.	172800	IN	A	65.22.20.61
+v0n0.nic.charity.	172800	IN	AAAA	2a01:8840:16:0:0:0:0:61
+v0n1.nic.charity.	172800	IN	A	65.22.21.61
+v0n1.nic.charity.	172800	IN	AAAA	2a01:8840:17:0:0:0:0:61
+v0n2.nic.charity.	172800	IN	A	65.22.22.61
+v0n2.nic.charity.	172800	IN	AAAA	2a01:8840:18:0:0:0:0:61
+v0n3.nic.charity.	172800	IN	A	161.232.10.61
+v0n3.nic.charity.	172800	IN	AAAA	2a01:8840:f4:0:0:0:0:61
+v2n0.nic.charity.	172800	IN	A	65.22.23.61
+v2n0.nic.charity.	172800	IN	AAAA	2a01:8840:19:0:0:0:0:61
+v2n1.nic.charity.	172800	IN	A	161.232.11.61
+v2n1.nic.charity.	172800	IN	AAAA	2a01:8840:f5:0:0:0:0:61
+chase.			172800	IN	NS	a.nic.chase.
+chase.			172800	IN	NS	b.nic.chase.
+chase.			172800	IN	NS	c.nic.chase.
+chase.			172800	IN	NS	ns4.dns.nic.chase.
+chase.			172800	IN	NS	ns5.dns.nic.chase.
+chase.			172800	IN	NS	ns6.dns.nic.chase.
+chase.			86400	IN	DS	35866 8 2 618F99E685339CF7C8AFAC24EC3C9A7EAA56B41F622D34F23AF944B83BE839AF
+chase.			86400	IN	DS	38962 8 2 7E231DFE930CAA42C760D3298C2F9B4B4F22AADC5A0FE6C7784E4E2177A0E317
+chase.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . hAZYpqpHe790l8CbKVguFxAS3QKutlHtzhFbVHey4p+280Ple6l4qJOgvW7DRLefSx5DW7ZY6+1d3sLwv7oi/Tywme2jrv73IcLPIj7PJCjm9kkcmuswuFbvs1rnPkUmpTn/9gpfR7KQCKuy7BBK093jbywPRsL2Dit6KiZJ7iYC97HzvrGgD05mzMq+DoA55QOo2FmAsj+ezrNf6ruq56NC7/6kQ4nuS2C54sajlm4G+U6i5JMMore7SYG2+NBLp3oTC2/KeC1nqSr4sHvzOXfNxrPiV0dN0Z8g/TDSaREcMFENmebFLmyTClf6oicf7AV41U63B1RjrytdogjeMg==
+chase.			86400	IN	NSEC	chat. NS DS RRSIG NSEC
+chase.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . NxMMbE6eErpp4A9NrS+iSOR1SOV9SbqvsoayGCPsfxPpeR5ls+do0A6Ww7ok1Unachqn0D6CtAPCjPK+zTjN8En+h2so57FB/wGFT+t8eS9xtd6kVQiiWOgRTnoiwztLn+tOc4aSzi0Wn64NKv2HhN+4uorvMsyE6DfFHUZ2TPStA7qbV85YBcwOX95XJmvLPkS3pchXbprHMrNmaG1Su2g6QjsW6niwrnSqHNCaFL60T3nYvU+JeAPuUDoP5HaRLh3qBX1Wfm5jSycFLdVwt3s84ecKjWPxtM3azPJwl6qQz+I5IkKOuR8TrSPxG2pWRL+EAsye5iVihsvCvrJ9HQ==
+a.nic.chase.		172800	IN	A	37.209.192.9
+a.nic.chase.		172800	IN	AAAA	2001:dcd:1:0:0:0:0:9
+b.nic.chase.		172800	IN	A	37.209.194.9
+b.nic.chase.		172800	IN	AAAA	2001:dcd:2:0:0:0:0:9
+c.nic.chase.		172800	IN	A	37.209.196.9
+c.nic.chase.		172800	IN	AAAA	2001:dcd:3:0:0:0:0:9
+ns4.dns.nic.chase.	172800	IN	A	156.154.156.39
+ns4.dns.nic.chase.	172800	IN	AAAA	2610:a1:1074:0:0:0:0:27
+ns5.dns.nic.chase.	172800	IN	A	156.154.157.39
+ns5.dns.nic.chase.	172800	IN	AAAA	2610:a1:1075:0:0:0:0:27
+ns6.dns.nic.chase.	172800	IN	A	156.154.158.39
+ns6.dns.nic.chase.	172800	IN	AAAA	2610:a1:1076:0:0:0:0:27
+chat.			172800	IN	NS	v0n0.nic.chat.
+chat.			172800	IN	NS	v0n1.nic.chat.
+chat.			172800	IN	NS	v0n2.nic.chat.
+chat.			172800	IN	NS	v0n3.nic.chat.
+chat.			172800	IN	NS	v2n0.nic.chat.
+chat.			172800	IN	NS	v2n1.nic.chat.
+chat.			86400	IN	DS	45004 8 2 CFBAED6BB4F9A66E0ECBA421E368DD33B881319A74D3375D3A0F8A88FB9BDA59
+chat.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . dBtQyIMHJseJenz1fsDBFIiOawnbltS3fWOXCt4o2BXJZzM4IIHyjK7D5yHEyRTnZyV2B51kBAa8IzK1uAGbPPLGRtkt/BTpUc6hrn0yA4aCjDJF1xO2FwCEU0Cc7Ny+DyZ1Sc7/SWeqnUg7tKU/xg1eGjtljy1GQieHhSZyWQrYaz7sXL9Hxhxdjcl1Igrbd4NTJ1B7QPFKwIU9Aegx8X8VsZ94qxA1Lfpp9LEp1upUaRmq6WZ3sm1bRp+mD7Q7xBMDqbY1VrZmxaKNxUkWbrLLyYmln/sfHuKEnPhlmXKF6Sc5IDfha90iSpVEKoGpwMj4Npb0Jjb6wEB8MjaeUA==
+chat.			86400	IN	NSEC	cheap. NS DS RRSIG NSEC
+chat.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . zGP0f/t2/eU29rGwKy3UXbubayG1EE+eG0nfPNsJrduvC7JXQoTm44Ot2uJyA/w5ATDxW9+sfeXJ7hLF9bnxxT3YBpldoIdQ89vj0Wfn7Hai3AslJOYgGOiX3uSlyxLEzpb013GgvA5OtuwfHCnYjqsG/CmYMOngMsSZTWVqLa8YFoZSfzQlAVyWsB9WmfsMBqECBj4J/t2LsnGv4utvWrzf/vTzeG48Jnuz2g+Iw2AhMBfc9CyZCyzqWK1mk8oZySUEKLr3kOCWGbwNDim3dsxDXcTrP9NeqiG+9EcfEuK7Nivmk25Fm3QON3I16rb+mA5QDdw5B0/4ExGWkc+y3g==
+v0n0.nic.chat.		172800	IN	A	65.22.32.42
+v0n0.nic.chat.		172800	IN	AAAA	2a01:8840:22:0:0:0:0:42
+v0n1.nic.chat.		172800	IN	A	65.22.33.42
+v0n1.nic.chat.		172800	IN	AAAA	2a01:8840:23:0:0:0:0:42
+v0n2.nic.chat.		172800	IN	A	65.22.34.42
+v0n2.nic.chat.		172800	IN	AAAA	2a01:8840:24:0:0:0:0:42
+v0n3.nic.chat.		172800	IN	A	161.232.16.42
+v0n3.nic.chat.		172800	IN	AAAA	2a01:8840:fa:0:0:0:0:42
+v2n0.nic.chat.		172800	IN	A	65.22.35.42
+v2n0.nic.chat.		172800	IN	AAAA	2a01:8840:25:0:0:0:0:42
+v2n1.nic.chat.		172800	IN	A	161.232.17.42
+v2n1.nic.chat.		172800	IN	AAAA	2a01:8840:fb:0:0:0:0:42
+cheap.			172800	IN	NS	v0n0.nic.cheap.
+cheap.			172800	IN	NS	v0n1.nic.cheap.
+cheap.			172800	IN	NS	v0n2.nic.cheap.
+cheap.			172800	IN	NS	v0n3.nic.cheap.
+cheap.			172800	IN	NS	v2n0.nic.cheap.
+cheap.			172800	IN	NS	v2n1.nic.cheap.
+cheap.			86400	IN	DS	48844 8 2 6956C9CFAD73CD2BC1F638FE272FBAB440593ACCEE4CC6F9BCC60C3C172218AB
+cheap.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . HvsM94WK1AhflcuokpsMPcVIWaSSg0QLOFZJEpTksk1EbKhuayzDPC5leHbC6tsgkJQaz8ZknCgVCJVSKKLihxvk1xTvyszzzabzvXI1F+B+tLt3bhN2JurKnQLWtmM5AijRjzfzpaqw4xbZ3LtDQygdS4ccYCfEilO5TeNne/bOevB40a7kse6gZjuigfvUrQL0hBO/QCmop5P9w8ZBjxW7R0BRAL3Uut15uqzEERBPYfmnpk2ueqBw6xMbHhtgmI13KVa/GLlkSA96rJnoTx8tk++uIL7rscy/Kv1AuZSJf8xTROujxdIBzDRe81WuOIydQQVdMXGrt7sTwRDpLA==
+cheap.			86400	IN	NSEC	chintai. NS DS RRSIG NSEC
+cheap.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . kIsbJe6kygixB2VHh0D7LjOhLM8yfnQlvUVpgFyi9K1AOw3egfkKqKhKujsxq/Vq4JF9VsbVtElS6nFofKKxlClL6kR4yVEfK1Ft+Mp4JLE7Gnm3VrJ5VUY7qaX9u5D7cVN3w7gw40nrHId1r3Q9edBIJFnUixNHOYA/h2N5EcUgNMtc8xCbtyssi/HNyU57aGAxnwU7tYQaNxWfSIbTg4ktQBKbmhCK9yibrxPJakQJg8qOIvEDJVcLzDze+YwHjylaNz/ju6cAVzI8t0fbZYo41N7m909EI04LsGUR/1WyihX8YCNjeXOcbmckv1qztg2ltXrEGfUMRDxlWgZkfg==
+v0n0.nic.cheap.		172800	IN	A	65.22.20.26
+v0n0.nic.cheap.		172800	IN	AAAA	2a01:8840:16:0:0:0:0:26
+v0n1.nic.cheap.		172800	IN	A	65.22.21.26
+v0n1.nic.cheap.		172800	IN	AAAA	2a01:8840:17:0:0:0:0:26
+v0n2.nic.cheap.		172800	IN	A	65.22.22.26
+v0n2.nic.cheap.		172800	IN	AAAA	2a01:8840:18:0:0:0:0:26
+v0n3.nic.cheap.		172800	IN	A	161.232.10.26
+v0n3.nic.cheap.		172800	IN	AAAA	2a01:8840:f4:0:0:0:0:26
+v2n0.nic.cheap.		172800	IN	A	65.22.23.26
+v2n0.nic.cheap.		172800	IN	AAAA	2a01:8840:19:0:0:0:0:26
+v2n1.nic.cheap.		172800	IN	A	161.232.11.26
+v2n1.nic.cheap.		172800	IN	AAAA	2a01:8840:f5:0:0:0:0:26
+chintai.		172800	IN	NS	a.nic.chintai.
+chintai.		172800	IN	NS	b.nic.chintai.
+chintai.		172800	IN	NS	c.nic.chintai.
+chintai.		172800	IN	NS	ns1.dns.nic.chintai.
+chintai.		172800	IN	NS	ns2.dns.nic.chintai.
+chintai.		172800	IN	NS	ns3.dns.nic.chintai.
+chintai.		86400	IN	DS	58834 8 2 71DC6C01F954DA83B6CDC9E95BEABCF8A72FCF478B56F7B4E1214E965BCBFE7C
+chintai.		86400	IN	DS	63010 8 2 1CA7FEBCC15FB6098755EB40502C9ECDDC2E9E0053F6C686A06A11C94FCC220F
+chintai.		86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . oD4H1TIK7QTCM+anXgQJUC/MfQj9l+OUJYDmCUr3IJUZYNxSPiKtcdJ3+u/O3BKrgc0Im0TSt5fr+apAn2lAHRdtOT54ZLI/TT8jZZMk2YUAU1c+tugXHNSQ9aUHwraH1p5+p4qcIbuLIK4cbPtI1Yzh3v3G9z9okv39zsqrMyaH45yZ2K6BWseY3yAXSz6ikamkSNcglkQWfxI1F7W02MF55YGiKreWM/CLoJq1heC8Xmm66FxJadW4OtFkuizebzEncddKMCu1RU+vUYx3W8xZKzzqU9hO5TiWtHc2RwOF3iTo8UJj+kg4R+6In7dskMQ8TWhByjNY6zRSKsEFRQ==
+chintai.		86400	IN	NSEC	christmas. NS DS RRSIG NSEC
+chintai.		86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . O2aYg7cdoUtlwDezS5QjZyzhRGzBV66/sQuZzM3j6Rzl7Hv9iGTsL9LmZ9xJ8Oz/ihbWSZhZElkxqql0hdwtpHzyULtyuKouwnuuJFKJJ88MdW2jFyT1R8uwzUiJ7XIeNEt+WklvNv+IfqH+omzy6w8WxZytcTqDARVKiwxSTzwBQpu72CA0pqRAFnDyOEcwjWqx2fSNwUMBszd+WcGbXM+/vAKBS95tLfuoI+o19HGioCohj1tRO5pPI6Z3VPKg+TglZgIcH5KjcodQrL+O+Mh60Bhh5SNRZUhjHAW0XrRJ87KGjEn4kQCQgG9NWb52NctvjnXIRyjEBi5Fza8R3g==
+a.nic.chintai.		172800	IN	A	37.209.192.9
+a.nic.chintai.		172800	IN	AAAA	2001:dcd:1:0:0:0:0:9
+b.nic.chintai.		172800	IN	A	37.209.194.9
+b.nic.chintai.		172800	IN	AAAA	2001:dcd:2:0:0:0:0:9
+c.nic.chintai.		172800	IN	A	37.209.196.9
+c.nic.chintai.		172800	IN	AAAA	2001:dcd:3:0:0:0:0:9
+ns1.dns.nic.chintai.	172800	IN	A	156.154.144.40
+ns1.dns.nic.chintai.	172800	IN	AAAA	2610:a1:1071:0:0:0:0:28
+ns2.dns.nic.chintai.	172800	IN	A	156.154.145.40
+ns2.dns.nic.chintai.	172800	IN	AAAA	2610:a1:1072:0:0:0:0:28
+ns3.dns.nic.chintai.	172800	IN	A	156.154.159.40
+ns3.dns.nic.chintai.	172800	IN	AAAA	2610:a1:1073:0:0:0:0:28
+christmas.		172800	IN	NS	a.nic.christmas.
+christmas.		172800	IN	NS	b.nic.christmas.
+christmas.		172800	IN	NS	c.nic.christmas.
+christmas.		172800	IN	NS	d.nic.christmas.
+christmas.		86400	IN	DS	2827 5 1 45A7AB7FFC9AED55E130DEEBC6A12A007052C326
+christmas.		86400	IN	DS	2827 5 2 B359C6393C81C5C19E651290CE278F6D9E6B73B625E2809EA4FA7CEE67DF4A3E
+christmas.		86400	IN	DS	23941 5 1 BC0C1CCFFABD83A031323C84E60B6B755356A8BE
+christmas.		86400	IN	DS	23941 5 2 31B3839A387CF1C59F5A9FD953E54C7D5852606C0B20E86281148B6D4AAAC042
+christmas.		86400	IN	DS	51184 5 1 B14C7AA2999B35F27382961870CB8E480A1F5F0B
+christmas.		86400	IN	DS	51184 5 2 1A80057885DE5C3E07689CD77E954733A4B21658C65BEE06F69B8F8E5F47170D
+christmas.		86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . WOcx9ohxnjpDcJ4lHv78FJal0/Z8IroODQIBqutrzX2/LAGZp9Fy83iJ301TXyED5lByMXmQprThcOYXDOdvuwrlER0Kp+RdIRdBPW9/aqnrYZjO88jfYzJeXE9CTbsluutsxq65icl+pX1q0HCy78rKtxt2R/AUi5IOS0r3NLIkNkC1xCWXYE37XoYOy3AwEsWDh9jVWxpVLWL2TobCzAv/XOJg+j/QUg9WSS9a6Ocmyf7PteizJ4idBtABQ7kOPGnkbuYtE6SPgvQXtR95JdF52db4BmENNo6k5BXDYkhlmIO1t48AEtKXpSBcRBx+MAkF8C8wS7/opdWvP6KxgA==
+christmas.		86400	IN	NSEC	chrome. NS DS RRSIG NSEC
+christmas.		86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . hw8NukUFSijTQnFDUhi96UZbhPoUY1dL+UtLb4PSknlAKM2wLFHNAn9xhXOy9qc0fW4GNVQiGkU5SSLxDdx5yX4NnCXBJaZZUhchhgITeQ4tENuExUD6Hc7GAixRLoAPrwedcANSTRg4A48qNTwh2K4VG4ZoqXTOWgEUevJzM5GtrMh0W5iT+uFl1BlMawHj20UpLBz/4SMH2y/WmpAnYMjq0wtswr2QP7+3EQBMHxCNlOIbggLKES6srSg+t7Ab8K2uiV5uUT7Sl5WhKb7zd2XzkwlP4hEpJ91Jqla8AdM2JJp3yAdK25jGSUpeg0tf+jQXcp+pkxLUW6DZrS7deA==
+a.nic.christmas.	172800	IN	A	194.169.218.153
+a.nic.christmas.	172800	IN	AAAA	2001:67c:13cc:0:0:0:1:153
+b.nic.christmas.	172800	IN	A	185.24.64.153
+b.nic.christmas.	172800	IN	AAAA	2a04:2b00:13cc:0:0:0:1:153
+c.nic.christmas.	172800	IN	A	212.18.248.153
+c.nic.christmas.	172800	IN	AAAA	2a04:2b00:13ee:0:0:0:0:153
+d.nic.christmas.	172800	IN	A	212.18.249.153
+d.nic.christmas.	172800	IN	AAAA	2a04:2b00:13ff:0:0:0:0:153
+chrome.			172800	IN	NS	ns-tld1.charlestonroadregistry.com.
+chrome.			172800	IN	NS	ns-tld2.charlestonroadregistry.com.
+chrome.			172800	IN	NS	ns-tld3.charlestonroadregistry.com.
+chrome.			172800	IN	NS	ns-tld4.charlestonroadregistry.com.
+chrome.			172800	IN	NS	ns-tld5.charlestonroadregistry.com.
+chrome.			86400	IN	DS	56911 8 2 C036AD5481A57EACDECF5780DE4AEC4A1C433732D50DA29A66A1643656D065BA
+chrome.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . b04/ZlhT1IRiBpxS5i0AJ/TfDoB2o5SwXghgR83aNOfMXUSmYknkgs9NCPV6y8Iak2tZNo4fXGoMKtBgnSv2RDrr0/ayQtiKGPvvM9pFpF4QeeHWFR+ItB3FpcMF5Z3BSCxHKfIYUaZeAWr3Ilu6lJtcC9s1BRehBEpus+KgVIbe4yMssUC0V4gQlxDjHXxuOtumELWNTAXMLP/wmzC6F6h3aq14fOgRIVj+Xz3Go5IMYdnJuBNCW1IJZitLrWBUR7nq89q0l1dhf+8bXKgzZtliy/JjfTQdYmace3WTuM5J4FHUYIT6etgjsdLx8CELqBwIF+v49WqD2e0XeiTd6w==
+chrome.			86400	IN	NSEC	church. NS DS RRSIG NSEC
+chrome.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . qMhSPy7VQ1HgW2aZCWgP1TjBklnIv0OWpWz/V5Hb+VF6nzL691UeIIx7G/X4QCHf0Rl5iri1oGASVw0RdJYPofGoQ7mTasLrFOl1ENaQvVudv3+xS2p40znShSNyvKTXpUYPDlqz6HAvlpiy3ugixV8vVFd26/6SqKS6Tl0R0frgkHrvSfD0qf4LpJdLZds9mwvFaQqP9ST2RJFVWf2wgdX+dYJgYV5Xv8x2gSYUapAXm6tX2D8tpwazseC31k8BqOlwuF5f7/5hQmnpwokcS+rNLbIiqPn9lvN2zRYthkwz/qgJbVwd15ILo53mQ78Ka9Yy9DvFPcTl9jmZC1MnmA==
+church.			172800	IN	NS	v0n0.nic.church.
+church.			172800	IN	NS	v0n1.nic.church.
+church.			172800	IN	NS	v0n2.nic.church.
+church.			172800	IN	NS	v0n3.nic.church.
+church.			172800	IN	NS	v2n0.nic.church.
+church.			172800	IN	NS	v2n1.nic.church.
+church.			86400	IN	DS	15331 8 2 0F54AF90A54221FEBFC21487ADDA2C595EF2EF9B5ABC706D1938B1F95F20D9C9
+church.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . xwuFBL1slcj+UUEXoP3F6MMp1gAYo7iF5iMP1eUu1ZVAduC1nFfhUyEuldu6iW8qv61u0MZ77IasgUEpFiNml+ypK6YsYG+r74IiS+l34JAXcgXl28rIdH+8n9ZJjihMjYG67AGhdlxdqAIZEuULTEv0Mp2HUmZKfat6CAcc0g3szTuDiWf1DlUajKhX2hJyvWD99olY3dMl56zy6wObPJKLp4+lsjMU4rA4HzpRpPtz78kggURWrXztWkkVWEuMQakPPLFNXWDANQDXM4CTcQZQFT7+VTsn3bxVvgKWXBat9J5rQU9PlVwIoUqM9BsR2GIa7w3aukkow4Gsf8FefQ==
+church.			86400	IN	NSEC	ci. NS DS RRSIG NSEC
+church.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . emfoLOUiHh6gYEPPUdnW2f0oYbiRxFkFA/S8rUyjW+rnNdMCLWJp88BrqySeLM2g27LMWeraaJ9teBrwWu2Tu3GZyRxl3TzSJpyi4BmgFVVMq7YzEK7aCEpBsxvx0/gT2sR24x99x1cuETn3czj4hDtA+SEikCeTutmBTCjRKSwZYUUn/ycmP+/8Ht1mxf+3GRuOOI1es00PEatO7u9n3R4XLgc9B4+kUFzR49nvQoRVjEqS+rFO2iX08aojvaF27N+F7SaKAAbE++bsOP7iNlljtBuXZ3j20m/ZsxZyWtPEQnJzeHJ6ZzJnyAmYt2POwKT8eD35pFy//uOVEU2R/w==
+v0n0.nic.church.	172800	IN	A	65.22.24.39
+v0n0.nic.church.	172800	IN	AAAA	2a01:8840:1a:0:0:0:0:39
+v0n1.nic.church.	172800	IN	A	65.22.25.39
+v0n1.nic.church.	172800	IN	AAAA	2a01:8840:1b:0:0:0:0:39
+v0n2.nic.church.	172800	IN	A	65.22.26.39
+v0n2.nic.church.	172800	IN	AAAA	2a01:8840:1c:0:0:0:0:39
+v0n3.nic.church.	172800	IN	A	161.232.12.39
+v0n3.nic.church.	172800	IN	AAAA	2a01:8840:f6:0:0:0:0:39
+v2n0.nic.church.	172800	IN	A	65.22.27.39
+v2n0.nic.church.	172800	IN	AAAA	2a01:8840:1d:0:0:0:0:39
+v2n1.nic.church.	172800	IN	A	161.232.13.39
+v2n1.nic.church.	172800	IN	AAAA	2a01:8840:f7:0:0:0:0:39
+ci.			172800	IN	NS	ci.hosting.nic.fr.
+ci.			172800	IN	NS	ns.nic.ci.
+ci.			172800	IN	NS	any.nic.ci.
+ci.			172800	IN	NS	ns-ci.afrinic.net.
+ci.			172800	IN	NS	phloem.uoregon.edu.
+ci.			86400	IN	DS	60224 8 2 0FB751F1B2230B9EF643DDCE8C30ACD1E7CC20FA7D52346CA074A32B8F01C686
+ci.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . fFstoU3uiUv/lZch76UUDyqRSmxn8tjhStGvppicESo5yAVg5LR05jYcp2xRExVjNd1m6pmVsnjFsq2kbCkRaLs73F10btxlG3rEfD+lm4QhzR2eVCN/YeAPUQs83AKfFelBFefLNwEDJdhz9lz5WNKst4+7OyzpWX6n64HePgADTgOGY1xwMDWD4SWCEgwySGYDHD4KrydeYpGIoeqbxb071Af7H9A4gp7LxQar2nKDf2hiXIpGodJ+3ChL/kl6PE5I/JNGjURkP7C0r+nd/wcp5s4g7+TsEFldo7j3/WHPnexcjgNk6xvLzuvBuEe7eIERenQTBgT4R+p2pCHCBA==
+ci.			86400	IN	NSEC	cipriani. NS DS RRSIG NSEC
+ci.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . HHaDahHr3woAyrGj0odJpYvTx27JNRdr4XugK5L4EVtJnMoUPH+93nPouHPh3v3+AmO6OARgYHzcXZWyZsH5fjYrkavvPDB/u7gw7KhkzqpFMGZCsu06/GZFurK6uvcdXPoW4CVHnlOBsn3XJt9Bk4Ewn76GmRXCLha0Zt8wHSBXXJh9ELpwtBzCh2Pa4E8VPOhYxAzWumPSETwMM4AqrZoR0s8wznn9cFn9uQP56Pc1S2DXnUHxo4uHqU/QwyG6aokh9nIPk8jx0wcYjkOwKbolj1zRmAXXf5QluSR/R1lqST7R6tLeY17J5Wbg4jsC34iLjNtJlHRlvDL3NWC8YQ==
+any.nic.ci.		172800	IN	A	204.61.216.120
+any.nic.ci.		172800	IN	AAAA	2001:500:14:6120:ad:0:0:1
+ns.nic.ci.		172800	IN	A	196.49.0.84
+cipriani.		172800	IN	NS	a0.nic.cipriani.
+cipriani.		172800	IN	NS	a2.nic.cipriani.
+cipriani.		172800	IN	NS	b0.nic.cipriani.
+cipriani.		172800	IN	NS	c0.nic.cipriani.
+cipriani.		86400	IN	DS	17209 8 2 41ADAC2BF52A4A5EA210CE9DB7AB6114A28CF916F1E06B1F4C3EEE90077D6147
+cipriani.		86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . BdwbZkyN28xRaBT+vaRqO4IVoiZXgzpTg3vQRR074VQx2V1T3iV+8UTxGzTGci9JL1jhJeQ7zzNqn1QMI+SyajAVp6Gj1ofhJm320/5U8+0MRq9sUinnx8sgQldF2Pt4KpiKiW5mJavEUbuB5cAzc/VlcOfGrhM5DZYlHNYuT4QTTxwUcQKsNwa0x/6V2096AuL5xcQezxgTpKvUqZ3TysIpWrET6RsSlaNCUAihH6zYjDoImJswNLfw7iONP6UZDCpugtt+R0R2dklx0ngxCK0OBoIxuOXwNOUcLrVLLgZxre4H4Pac4RGZO38oePfy1Hv5vAvmEbBPa89hZC6i2Q==
+cipriani.		86400	IN	NSEC	circle. NS DS RRSIG NSEC
+cipriani.		86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . IWQNsxY2SWrstwqWsKW2jM+LcDIzOf4RVU6Jh65tAaZJ6D6JVuDdjTznFt3H2Sa21dGSCMs8hYP4JsMs64YS593xz9FER7QTNAJ/HMBExFVU33WvJaGtgnVQttl/fIs1W5WYIo5QGWcTmoEVIIb93xdXXIF1ApiNNEYd65jUfF65Lc+9AAECiU1FEADmv5r+De/sgeI0kfOLU//MV2RTO+1i4fxIMNPnsMo0bgQ88mEabmRHT15FZPR/iIzHx/PBH8MeOJO7avA73RO1Cj2tdvmf4rITBhJbTJ0lxqv5hZVfHJ53A92yse5BVrZxrsdfAIeqOE0lCaLuIa4V5zroVA==
+a0.nic.cipriani.	172800	IN	A	65.22.236.41
+a0.nic.cipriani.	172800	IN	AAAA	2a01:8840:e6:0:0:0:0:41
+a2.nic.cipriani.	172800	IN	A	65.22.239.41
+a2.nic.cipriani.	172800	IN	AAAA	2a01:8840:e9:0:0:0:0:41
+b0.nic.cipriani.	172800	IN	A	65.22.237.41
+b0.nic.cipriani.	172800	IN	AAAA	2a01:8840:e7:0:0:0:0:41
+c0.nic.cipriani.	172800	IN	A	65.22.238.41
+c0.nic.cipriani.	172800	IN	AAAA	2a01:8840:e8:0:0:0:0:41
+circle.			172800	IN	NS	dns1.nic.circle.
+circle.			172800	IN	NS	dns2.nic.circle.
+circle.			172800	IN	NS	dns3.nic.circle.
+circle.			172800	IN	NS	dns4.nic.circle.
+circle.			172800	IN	NS	dnsa.nic.circle.
+circle.			172800	IN	NS	dnsb.nic.circle.
+circle.			172800	IN	NS	dnsc.nic.circle.
+circle.			172800	IN	NS	dnsd.nic.circle.
+circle.			86400	IN	DS	37745 8 2 89E27D8EFD40F6E9A05D3A8A4AE933A41056E574008D30B20C8AD9A7D07785DB
+circle.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . dDjr3XGXiaYKOrwValUYgkyduK4XKQ9H1jwyID9hmzV+u5rOVJLW4K3OTINTN4kRNnopWmRN4mtTL5sTJiOpfAQ8pU+GyUDzWP0DjrOF0SbWhX+cm/MPWwHGxrYOX2ZVOQzIRvisBGJnHg/VlFsh87pZgr+LGeOPZQVZerWwAcCngmUtUNVTwp6f1EGuEatkhEBK/GAdH4y0tEfhHJ1aKBtE4DpGktuhHDXcWKBJho3epHTYrPPQIDxxnWbyfvXpmgj0wIjF4nRo0IIX2SAfF0G0aFYAZhWs8ARqD9NA/0G45fYhOMztPZGDZj39sDzs7BUtTx9sOSkwQjU9Yq936A==
+circle.			86400	IN	NSEC	cisco. NS DS RRSIG NSEC
+circle.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . ab5JntFfZT0WEpW4lsBQBhXsOYbLRHay0UX8Go6sZ5NiBzCIhVZ/ZbWFAcjLpZ1/6+qm+d2fJ7o5wCfNIXk4Hz+pib/LeCQYULRgPYMCtVCrd3VlMFfYGWPWZYohpfPz6/xDpo6HgXqEjVPUe0WODWyXvVNLd/ZRKnEp+SyLgaWKfLvvowa3MS+EcpWNz1Rk5XkgiABrFxdlm/uHAycjR0Ld3OYLsZW1I3EQ/tXQ0emyFSiFlG0l3aAZguW4OKuEIR5nMb6dWSQSJI0HBAiXEfEHTArKIV1xUckBJ4D6KOvXJU/paJFLgMtodf0P7fnnfEPdk1uICMM1ZUomt6StjQ==
+dns1.nic.circle.	172800	IN	A	213.248.218.64
+dns1.nic.circle.	172800	IN	AAAA	2a01:618:402:0:0:0:0:64
+dns2.nic.circle.	172800	IN	A	103.49.82.64
+dns2.nic.circle.	172800	IN	AAAA	2401:fd80:402:0:0:0:0:64
+dns3.nic.circle.	172800	IN	A	213.248.222.64
+dns3.nic.circle.	172800	IN	AAAA	2a01:618:406:0:0:0:0:64
+dns4.nic.circle.	172800	IN	A	43.230.50.64
+dns4.nic.circle.	172800	IN	AAAA	2401:fd80:406:0:0:0:0:64
+dnsa.nic.circle.	172800	IN	A	156.154.100.3
+dnsa.nic.circle.	172800	IN	AAAA	2001:502:ad09:0:0:0:0:3
+dnsb.nic.circle.	172800	IN	A	156.154.101.3
+dnsb.nic.circle.	172800	IN	AAAA	2001:502:2eda:0:0:0:0:3
+dnsc.nic.circle.	172800	IN	A	156.154.102.3
+dnsc.nic.circle.	172800	IN	AAAA	2610:a1:1009:0:0:0:0:3
+dnsd.nic.circle.	172800	IN	A	156.154.103.3
+dnsd.nic.circle.	172800	IN	AAAA	2610:a1:1010:0:0:0:0:3
+cisco.			172800	IN	NS	a.nic.cisco.
+cisco.			172800	IN	NS	b.nic.cisco.
+cisco.			172800	IN	NS	c.nic.cisco.
+cisco.			172800	IN	NS	ns1.dns.nic.cisco.
+cisco.			172800	IN	NS	ns2.dns.nic.cisco.
+cisco.			172800	IN	NS	ns3.dns.nic.cisco.
+cisco.			86400	IN	DS	51292 8 2 2985226F8C44213F8C73E65288EB6F0138383E2BA2CC627A8FD8D7F836B62C48
+cisco.			86400	IN	DS	63049 8 2 42D0C12C3B954C6297A8810386E8D5D80F38A383F7C911630A5C1F3C81AF890B
+cisco.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . TuuPknRDUZFhilBMaoE6kSituYHWmpWtsdkMkj4bZaLQ7HHTH+T3Di1A/WM/aL7o2dQQMgSSp7BLiLroo40O7KPSjAmnEswvZNfq/3hjraRLLEYEpkAzqazYalk2sBtXajVdkf/+LcbcCMnd04S3SbdZJRr2zd4XBSQBDu7sM8on+dPG1tx6c/60OYjxXeQchVasE8nhdEAsge5LLcyNqDumMLrio1Ar2DOoEtUPOIN0eoJYrq63USwCAZdUN1WccZVIn1nxrZXEchJKHGD2U2vKKFNw575ExV4Q2hNEpQNk8ykBUmwrFt8rYPVP1FG0s3lgrKfEPNsjPYjnB9a87g==
+cisco.			86400	IN	NSEC	citadel. NS DS RRSIG NSEC
+cisco.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . amO+QvG2aDrS/NtQmO7XZ/n+OfNTWaCql8mFU+RkdgGXV+8dMdXEP7Oij0vS0RQkW5gUQUc3NW125Qc5ciYh+e8URfFvY0S1CMf796akVHWTB8vdsgAGCownebZMi/JfFEYcD5AKJNsdNImYJVUmetGjIEhHX6A6wFxZWoyA58jEFApkLkX+aJa1CiTJtzzFUuWdNh3NzW6BydQhAeg237SqGJJIQu7bd5ya4fGl7CpeEZZZV8hQg8UY5dQ9E61EJBUV/iGxT10mJjvuYOUQgO58jwEH++yW/KZRawCBfuukxgBEeCv9MyeB8YItJfAMwIMLeqsmy9wU8CZS5fvSNA==
+a.nic.cisco.		172800	IN	A	37.209.192.9
+a.nic.cisco.		172800	IN	AAAA	2001:dcd:1:0:0:0:0:9
+b.nic.cisco.		172800	IN	A	37.209.194.9
+b.nic.cisco.		172800	IN	AAAA	2001:dcd:2:0:0:0:0:9
+c.nic.cisco.		172800	IN	A	37.209.196.9
+c.nic.cisco.		172800	IN	AAAA	2001:dcd:3:0:0:0:0:9
+ns1.dns.nic.cisco.	172800	IN	A	156.154.144.44
+ns1.dns.nic.cisco.	172800	IN	AAAA	2610:a1:1071:0:0:0:0:2c
+ns2.dns.nic.cisco.	172800	IN	A	156.154.145.44
+ns2.dns.nic.cisco.	172800	IN	AAAA	2610:a1:1072:0:0:0:0:2c
+ns3.dns.nic.cisco.	172800	IN	A	156.154.159.44
+ns3.dns.nic.cisco.	172800	IN	AAAA	2610:a1:1073:0:0:0:0:2c
+citadel.		172800	IN	NS	a0.nic.citadel.
+citadel.		172800	IN	NS	a2.nic.citadel.
+citadel.		172800	IN	NS	b0.nic.citadel.
+citadel.		172800	IN	NS	c0.nic.citadel.
+citadel.		86400	IN	DS	43942 8 2 6A252BA4B61331A3D35B5D06AE744643AF83053295C42C0C2E65FCEBBA07834F
+citadel.		86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . I0vR5VjZKadXkmQosPb/yO9gScgFf5rHFZ5xZV1v7qrexybE9uPeNUODbxXSdk7yWqBMMTBZUjs9c+fQBRXgfWsCgZOpRtcyt9n4+aAs+45fv+4Jnt+npf/CpyWGXRaLy7YOR9AMuyeEH0myuxs+ckQXOpm4BdujljblstylNbUwzKS3u/qtGcz7mUUpnuoLH3+yUQz7VjF3ITZtK6Kb+FExbhHIQ//csdcoCsSgvoSjN0Inv+L5CAISs6WtDORnC/GuoNcEr8G4wNacKTOW099haFt2iArYx36qZ5i3Bvrzf2m5ZQ06BezCyyiKNQ49/Kc6/t3Nw/tkGb2Oiu8IqA==
+citadel.		86400	IN	NSEC	citi. NS DS RRSIG NSEC
+citadel.		86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . 026LC1W0a3Y13FelAWLsyBUvbzkEmK6JskhYM/S7gMLn07zbnjYz3Sni7L1iV01h3tLDelJL8VTtq6yIN37wurJAKC4sfRZJRyjBgqdwrqixZuKYX8XHy6vwqWA/Vv0hknr8fdGlQYtvOoJhVVotmRjsd3RDHuoP0DkOEuClbZUjb2DODULDeqOqMAi8vr4aIHZ3lLWmD5hT2EtR5m/QLzMNTxYgELlCuTgR0k1DZ7fCyLCdHx7pinVMcTNw18icxZ1o/QAp/WOKtsI9cF8r1WWTmoits/JV9/CHki5nqL0BJxWQ3GB6ibkwr9HlZBAo4khcrwZrGeYeVJAIs24Nqg==
+a0.nic.citadel.		172800	IN	A	65.22.112.33
+a0.nic.citadel.		172800	IN	AAAA	2a01:8840:6e:0:0:0:0:33
+a2.nic.citadel.		172800	IN	A	65.22.115.33
+a2.nic.citadel.		172800	IN	AAAA	2a01:8840:71:0:0:0:0:33
+b0.nic.citadel.		172800	IN	A	65.22.113.33
+b0.nic.citadel.		172800	IN	AAAA	2a01:8840:6f:0:0:0:0:33
+c0.nic.citadel.		172800	IN	A	65.22.114.33
+c0.nic.citadel.		172800	IN	AAAA	2a01:8840:70:0:0:0:0:33
+citi.			172800	IN	NS	a.nic.citi.
+citi.			172800	IN	NS	b.nic.citi.
+citi.			172800	IN	NS	c.nic.citi.
+citi.			172800	IN	NS	ns1.dns.nic.citi.
+citi.			172800	IN	NS	ns2.dns.nic.citi.
+citi.			172800	IN	NS	ns3.dns.nic.citi.
+citi.			86400	IN	DS	44680 8 2 D1435F2313EA1D9B9A4AD59FC626DB5DC1BCA1DFF3EA52060C1AABA786128FCB
+citi.			86400	IN	DS	49387 8 2 9E8F9D0B17E64BE572031238573F83D2A6FC1EE6C925DDB5062B1698A91D7A2A
+citi.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . rxlGM47sUT0T9+Bt+CywQ+a6WoolHvHNLVdIyDTCGSSZ8UL7PKx14mKLWdgUMYOUoSVHQ+AmI8m7A04GaAVeIAM0f0OWcnFqFqKWX88a7xxZ1mdyPtKrssys9XzF2aoS78Tija2I11J/ffHVftd9IImf+BSeIdy9ZaTGyD9qx6s9PvchSrXXkwL9rUjDyNxvwzI+yMDqPYqpOFYDOIvcv0ywL/NebaE+evANCDzBWFhtyLwU5hn+Qtx8W6PICJUQMduQkVGgaOFfUHra2FM2CGJLX+d0TVCadvGM1ME0faSfK9Qx2BqQGom/4D6+3+7xA6pY8UVVQ6FTIGas+jXhvA==
+citi.			86400	IN	NSEC	citic. NS DS RRSIG NSEC
+citi.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . WlHRVqRf7s4PWlFApoOO9U2q5W3aH1HdBr3AtVg5xSZXH5z9Emx+csHIEBwLoDAyOKc9DUiRADxqRMZE2i93e+Z6ZXQk2GQvncW5XIwWkX8BOqGPfeE4JF+6l+YXY43f2hFbtJgchRuas/u/cUQxREoaZIJ3D5k0ExdBbA/FS1Ccz7Shckwr3FC2wNHgGdk1VyIevGhjTtTl1+qZDiwHgxQrgxPASt7vNiQX445wxdvZoY42LDLjzZQuxGP29LW51z4FfTuTZ1fqtJ2VmCin/JjAjYXHD5+npR7sNFr7+74OgtulYTEbQGU8vmN6oAPnpRg9c+iYRm0qUFg7jXVwLA==
+a.nic.citi.		172800	IN	A	37.209.192.9
+a.nic.citi.		172800	IN	AAAA	2001:dcd:1:0:0:0:0:9
+b.nic.citi.		172800	IN	A	37.209.194.9
+b.nic.citi.		172800	IN	AAAA	2001:dcd:2:0:0:0:0:9
+c.nic.citi.		172800	IN	A	37.209.196.9
+c.nic.citi.		172800	IN	AAAA	2001:dcd:3:0:0:0:0:9
+ns1.dns.nic.citi.	172800	IN	A	156.154.144.213
+ns1.dns.nic.citi.	172800	IN	AAAA	2610:a1:1071:0:0:0:0:d5
+ns2.dns.nic.citi.	172800	IN	A	156.154.145.213
+ns2.dns.nic.citi.	172800	IN	AAAA	2610:a1:1072:0:0:0:0:d5
+ns3.dns.nic.citi.	172800	IN	A	156.154.159.213
+ns3.dns.nic.citi.	172800	IN	AAAA	2610:a1:1073:0:0:0:0:d5
+citic.			172800	IN	NS	a.zdnscloud.com.
+citic.			172800	IN	NS	b.zdnscloud.com.
+citic.			172800	IN	NS	c.zdnscloud.com.
+citic.			172800	IN	NS	d.zdnscloud.com.
+citic.			172800	IN	NS	f.zdnscloud.com.
+citic.			172800	IN	NS	g.zdnscloud.com.
+citic.			172800	IN	NS	i.zdnscloud.com.
+citic.			172800	IN	NS	j.zdnscloud.com.
+citic.			86400	IN	DS	12331 8 2 CDBFC9F67E7F97E1759BF1BCAA26C853BC5DDE881551E1FA4A633E8BD6B8C9BD
+citic.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . hs7zo6n3xq9NH/ROYoKbb+iGOsGe5CnWB8qggjOj856vDrmV1U+HJeVyMh7WUDYdQwMCHPVJniHb91lh4fjEWnvwf4TrBcs6jGV/mNtH+3B7eWAf029gklzq4Ah1wTAMjRM+CVmlGPOwJYEL1bOV5M6jenjxcnegzUTFgNRXl+bjPnaBqFSYEPTBcopHAhrov/l7CoqVAlMMP0ZGHHAc0pSWwFQCbq/uKYYXgoU8B4dQK1+Zwm8L0j8cmUk3s4xqN60xgFymmCjuPQCu6+w/q9nem+gbeU/s2Asw13WRw8AmhF1ijWIkzDqmsl0nOUMiAFAvAsDXB97Y9vL9yePjdw==
+citic.			86400	IN	NSEC	city. NS DS RRSIG NSEC
+citic.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . QujwCjsbbfLZPqeRCX1US+OJ2DQ0FcRw6Bb8ft37QXN2v+hUjA0qeJEF+vXsPidWQyoThYoLei/f+Vo/10Q/7QOPa2060D58AhnqAHTYe/Tk2Ys8mnGq3LsUWnl01n2F7cGpM5ZPFJ8nnExJr1urWOyNUR2LdemmrCLHhN/s/e8YiQUdfrmY66R9xCuGcWRdOMjmW7WOQmpF+zoynGespNW2Em6t+yAVJcLIz2Fp2VLKoVJsV08GokbmSTiIuH60NUG+V/cWb4SVVdf60Syx9R+XaW2XB4VdgCGjfi6z6Hzpp+ldljB4/YAuDMbidPXEyFiZPOL+QtRm6KIgKImzQA==
+city.			172800	IN	NS	v0n0.nic.city.
+city.			172800	IN	NS	v0n1.nic.city.
+city.			172800	IN	NS	v0n2.nic.city.
+city.			172800	IN	NS	v0n3.nic.city.
+city.			172800	IN	NS	v2n0.nic.city.
+city.			172800	IN	NS	v2n1.nic.city.
+city.			86400	IN	DS	32800 8 2 10D3A1350CB71FFD64E8AB13DA40CC6A697267AE989B92A8DF1460C5AFCDF87A
+city.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . BGfwPFTeJwgPj7Pjm8bcxFeOTU87tii5N9KGG6WnGBzcag45WrL86H7LL39a7xIw+oWmqAZprFhaJZPsuDE+OIkR5DKVRSuQUTiEFM9rbvs7K8a7kFUZw6chWyKmKLi+Py/8Vy2ftYTKE7ziTBHKLemoDa6Yo0Hbs6zOJQ8Koe2fvdYUAIgIghvXOzx0oumuD+CS8nEP0JU7FxGIovVmaKr0aNVc21n7mymOa3SmjfSPUTuvVMfjipb+H0fcgQIERabPShYrmyxz2XNMGz3Ba77KQ/VJErC8VzxClKkIhgbJF0cahM9G/9TfrmTqsGFgnUmGHHa6huJ3p5NOrwBMAw==
+city.			86400	IN	NSEC	ck. NS DS RRSIG NSEC
+city.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . vyyol6Z8xFMRZWszVfwc3/1DquRbcA/tOeuKP/Z13iOAzkeBujxPtKYgiWqIO7HxsYJyvqOCBwScaDeY1pewF00UhjrpZWjdNO4Mn3HKljx2CCdU+2458tww9IRZsPh7GslJr6jS/r6iOnn/3GXTe8fsAd7T77KGidJ4sqQ3ViyRYlTiD3mC75riAdrsLOWNCRs06R8I2KukE9YDVkxrUxHmxMnb7Dw1Wm5uwnISS0LrMqfDpRnabi4P++OunjvtrFEnhYZ57rQayASWlMc1axRA/rK3p8TefpsOxKtXlVzOUhsqqw07Q9fFc9J37Rc9Vuuu6mNJAGHJJ0fi37W7kg==
+v0n0.nic.city.		172800	IN	A	65.22.24.4
+v0n0.nic.city.		172800	IN	AAAA	2a01:8840:1a:0:0:0:0:4
+v0n1.nic.city.		172800	IN	A	65.22.25.4
+v0n1.nic.city.		172800	IN	AAAA	2a01:8840:1b:0:0:0:0:4
+v0n2.nic.city.		172800	IN	A	65.22.26.4
+v0n2.nic.city.		172800	IN	AAAA	2a01:8840:1c:0:0:0:0:4
+v0n3.nic.city.		172800	IN	A	161.232.12.4
+v0n3.nic.city.		172800	IN	AAAA	2a01:8840:f6:0:0:0:0:4
+v2n0.nic.city.		172800	IN	A	65.22.27.4
+v2n0.nic.city.		172800	IN	AAAA	2a01:8840:1d:0:0:0:0:4
+v2n1.nic.city.		172800	IN	A	161.232.13.4
+v2n1.nic.city.		172800	IN	AAAA	2a01:8840:f7:0:0:0:0:4
+ck.			172800	IN	NS	circa.mcs.vuw.ac.nz.
+ck.			172800	IN	NS	parau.oyster.net.ck.
+ck.			172800	IN	NS	poiparau.oyster.net.ck.
+ck.			172800	IN	NS	downstage.mcs.vuw.ac.nz.
+ck.			86400	IN	NSEC	cl. NS RRSIG NSEC
+ck.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . OVMG1TKY5u3RkVYeazN9Kg8X+7LHXu5xPOhqDIgrq0AzDC76aNQUEOb1RiXiM2Wp0sY48g1/5Yd8jhYxF6qGJRBcxeJP4++84eElKe0haH2ncXPIjz7mevV56DIYAfw3ydK7LCggW+p2rJTTWCN0KCPtJ1O/mDpAk7/9Jd/eKSTfBi46Hna5gFs+5JrhmsJB5jCBTQ03clAUEKR/SefyTuv0V4FTV9ZQn4EMJLmg5/KVOTLLOFZzC6mS+805CVhKode7bx07EYfTJT531c3CE5Ki9g7SctX2W/c2l6wM7Emow1kvYH2qRJXodNxOLLJVPl7/pNpF9fkOOL6zE9p/hA==
+parau.oyster.net.ck.	172800	IN	A	202.65.32.128
+poiparau.oyster.net.ck.	172800	IN	A	202.65.32.127
+cl.			172800	IN	NS	a.nic.cl.
+cl.			172800	IN	NS	b.nic.cl.
+cl.			172800	IN	NS	c.nic.cl.
+cl.			172800	IN	NS	cl1.dnsnode.net.
+cl.			172800	IN	NS	cl-ns.anycast.pch.net.
+cl.			172800	IN	NS	cl1-tld.d-zone.ca.
+cl.			172800	IN	NS	cl2-tld.d-zone.ca.
+cl.			86400	IN	DS	21199 8 2 7D756DFFAB6D3CD9C786FF5C659954C22944FAEF9433EEE26F1D84EB5370B394
+cl.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . dDwGGWUp+FRhh9GniztGiySyCRXVpAzM8//NoHiDKFXDAe7izQiWCKKnKqR/GeudR2sRCLdIxWgiDjN8NSkQdhJ5Px3gEm2s82o27ChUQPjIv1rK1xvyO3YAR91sjEBE6yEk7Tgymu90kjOdYwrjL4wMxvU1bKmyuTfHVKz0dKvIexKxSpLVDWH63KILGV6Axc+a+yI3Nn9/re2fCLtPHWdJFTAbeTw32KPYmg9KTMgofz9dk4bn6vI/M40NTp5Nz6jZvKuoRP9ypKTMiNDLBdFCJDXcT4TmaOgymNRXZkA9s6djLlOoJ7FIHZQgueV1MnKqUD/6eoJ95VJaP6hFLA==
+cl.			86400	IN	NSEC	claims. NS DS RRSIG NSEC
+cl.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . YexC/WGDz31MqJ5CCnKpB5rbweeGLTI2w03dcrJsyslDJTvd03u4aEZXXY+K1k1Ha6TV/sZooYjHltduAU0LIT7WDR56RtGrk1whRErUabWM339rC0xexfG9SM0RCquUYEb+YPJgQqxMhoCGA6Ma1Dj8+VRJLTotyB376FbyNhAfGNnb8bna8zYqUyoSNmCS7ApYxL7symuF0sNU9DZZBABoFEfdinNCKXQY8V5SyxO+kSiwVu/mA22atRrz1EgsOLffyY6V4wEGUYcXaJ2Iz1CbRUdjEaAxfPpj4cUllw9GkXYBjTiW09gnC2FGcPubjlHpLu6HBUQF4InvO/Jeew==
+a.nic.cl.		172800	IN	A	190.124.27.10
+a.nic.cl.		172800	IN	AAAA	2001:1398:121:0:190:124:27:10
+b.nic.cl.		172800	IN	A	200.7.4.7
+b.nic.cl.		172800	IN	AAAA	2001:1398:274:0:200:7:4:7
+c.nic.cl.		172800	IN	A	200.16.112.16
+c.nic.cl.		172800	IN	AAAA	2001:1398:275:0:200:16:112:16
+ssdns-tld.nic.cl.	172800	IN	A	200.7.5.14
+ssdns-tld.nic.cl.	172800	IN	AAAA	2001:1398:276:0:200:7:5:14
+claims.			172800	IN	NS	v0n0.nic.claims.
+claims.			172800	IN	NS	v0n1.nic.claims.
+claims.			172800	IN	NS	v0n2.nic.claims.
+claims.			172800	IN	NS	v0n3.nic.claims.
+claims.			172800	IN	NS	v2n0.nic.claims.
+claims.			172800	IN	NS	v2n1.nic.claims.
+claims.			86400	IN	DS	2119 8 2 98654E9430C03144F60667837F175CD420236C9A1EDD20131E653D2368A50DCD
+claims.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . tlAFN4etG93qlIt43OpDoD/+KwsCbfx7q/yBFfMk+mSxQa6bEAb71FfxS0ZBbWA2K2k3RPI97OpCcJX0CCtX5c+plgxC5kjbu282Fxqq1dJofSrcWWIQLQ5va5A6L28WIJadKpOU7h17CLuXPh0M3F510Aw+R6jG5pZpe+UScN//oHExX/mtHnW/uXDmyG8LYg8pb9OFaS8ym5MN6am51SiYdjbjgahcr5or0IOZm+Lch2Il/HUvM48pN4pSC3XyvPINalOw8BxiEFgOyO4tB37FIEYrNZjFibtZoF+CiLDXB0clk5/IlzEkhLB0I1d2vTAzvVAAF4dRa5EHIQtw3Q==
+claims.			86400	IN	NSEC	cleaning. NS DS RRSIG NSEC
+claims.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . JS8vSCJDC+fra2AVVKNi03kBon6YMozMGbr7KFpCaIblIMjcmP3Bys4IuzIcQgrkgWAtpJmTj3PhEOW3O6SKpUKqM2tyhSaP4kIlbIns4CseaA0qTRscyDIco4yx5j8GZ4+Gb3keFy9Y/5PUZI+N3OCYhr7D1fOOOome7NScPKpuW6ZH6d8y1alINdOYRtiYvOBHAhqagJq8j/GMT05a3+tZSCxxC6qLN4H02B0ivCwrldxAYzvtOSSHRRMFAxsORhbpY0WcDGL+u/OjpdqjIz/F4dGjgYuUlgGtevmb8jkXnDIO376jZjmobVMIjTRqip2JzEUrXhL/0TivEFaBLQ==
+v0n0.nic.claims.	172800	IN	A	65.22.20.60
+v0n0.nic.claims.	172800	IN	AAAA	2a01:8840:16:0:0:0:0:60
+v0n1.nic.claims.	172800	IN	A	65.22.21.60
+v0n1.nic.claims.	172800	IN	AAAA	2a01:8840:17:0:0:0:0:60
+v0n2.nic.claims.	172800	IN	A	65.22.22.60
+v0n2.nic.claims.	172800	IN	AAAA	2a01:8840:18:0:0:0:0:60
+v0n3.nic.claims.	172800	IN	A	161.232.10.60
+v0n3.nic.claims.	172800	IN	AAAA	2a01:8840:f4:0:0:0:0:60
+v2n0.nic.claims.	172800	IN	A	65.22.23.60
+v2n0.nic.claims.	172800	IN	AAAA	2a01:8840:19:0:0:0:0:60
+v2n1.nic.claims.	172800	IN	A	161.232.11.60
+v2n1.nic.claims.	172800	IN	AAAA	2a01:8840:f5:0:0:0:0:60
+cleaning.		172800	IN	NS	v0n0.nic.cleaning.
+cleaning.		172800	IN	NS	v0n1.nic.cleaning.
+cleaning.		172800	IN	NS	v0n2.nic.cleaning.
+cleaning.		172800	IN	NS	v0n3.nic.cleaning.
+cleaning.		172800	IN	NS	v2n0.nic.cleaning.
+cleaning.		172800	IN	NS	v2n1.nic.cleaning.
+cleaning.		86400	IN	DS	47050 8 2 182550E0C9232702E0700934C97C42E20B831C0987EE0E1B98BD726C1CB0F28D
+cleaning.		86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . KKj7TMnmGmsworh4b8JnKOzCMBL53F7LlqFm67O3eY1E+FOppm+kYaLeGDAJBUK2RUDtbKeh8MbD8PlQg4jWEBzasz1FsF11CVc4+mJhpXSmmfJfZeAZrX1hvKziSk/SdUGzAhzQFiyG3BwVXzqbyO4UyMLG/UmJ9Iab3NhWFdbIJjilBogBkNC6Pqx5PUNz+TIHwJ1g4OuO1DSD2PI+BFZJcuttAP9uMO3NHXoB2iQ9b2IEv1OkxGEx19QHEzf6puKza4wBgPyaRI2DEwISaKCI6Md+YMaGrn55Mac65Kh0z/i2KHHB70knxzy/o2hGU7puVXuxOV0KTKk0hU2I4Q==
+cleaning.		86400	IN	NSEC	click. NS DS RRSIG NSEC
+cleaning.		86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . ru6ugZyFHBIZMZg09DxSkRRkQDreCUoz1pQofutsWb4n+aWeprp1mal4Xp1jXzIj/XDhJ+QVZ3SrE5aVNUKUP7YZ4lrfxXhJxqssDN8DlzuiBhWcxWqnU30fUOOT35jBUOf1Xb/tg5zcSayCPf+19ikbDsyGNM4G5RfHHULqn+yEtsSyHsnPUDOjiqrsuN5Z9ee1Inun8CKLLEd6VDgKJFQULhKDMHlbMCGCa96cHp3C2F7srb+JdS+4xM3W+v1qjjFBRvnI9CSPTgzIrdJxR5ailHGi9J2YGyRYbhb5H2C/I4YzPEjlThqw9lWPqq79zgbB8HuYHP0QFf2JytDBtw==
+v0n0.nic.cleaning.	172800	IN	A	65.22.20.27
+v0n0.nic.cleaning.	172800	IN	AAAA	2a01:8840:16:0:0:0:0:27
+v0n1.nic.cleaning.	172800	IN	A	65.22.21.27
+v0n1.nic.cleaning.	172800	IN	AAAA	2a01:8840:17:0:0:0:0:27
+v0n2.nic.cleaning.	172800	IN	A	65.22.22.27
+v0n2.nic.cleaning.	172800	IN	AAAA	2a01:8840:18:0:0:0:0:27
+v0n3.nic.cleaning.	172800	IN	A	161.232.10.27
+v0n3.nic.cleaning.	172800	IN	AAAA	2a01:8840:f4:0:0:0:0:27
+v2n0.nic.cleaning.	172800	IN	A	65.22.23.27
+v2n0.nic.cleaning.	172800	IN	AAAA	2a01:8840:19:0:0:0:0:27
+v2n1.nic.cleaning.	172800	IN	A	161.232.11.27
+v2n1.nic.cleaning.	172800	IN	AAAA	2a01:8840:f5:0:0:0:0:27
+click.			172800	IN	NS	ns1.uniregistry.net.
+click.			172800	IN	NS	ns2.uniregistry.info.
+click.			172800	IN	NS	ns3.uniregistry.net.
+click.			172800	IN	NS	ns4.uniregistry.info.
+click.			86400	IN	DS	65517 13 2 D09A2C14C4382634EDCCF9634FB32E91511E1E642F3C38468BA2407F1D1BAD24
+click.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . lG+KOrQcSvTF4j70ckocEqMbftcXT8otjUjIb+U8W0eQC9jjAq0z2agEzXoJw7d7vdv14hSqF4AulPgPbLe6u7N2rU57ikpimRVGkPoTdiePoRIHRspQLkz4E1zEH+dHVRaGeRKH/vt2fvgAn8sykch4OgDgig4TLy35fr8uGbNpA/jVRfN47tfBXo4c7UIKqoAwpcYLkiIk5nzDkXozvNp104iUBSVJuChLSMwXMun5r7iARwuM5A5FNZ7aCi6Tm2q/qYMy9HNbbq8GvvdqJbQ2YUmoWCd6Py9exbxFYWUKvZni1uWbl818vzd6Cyno5JgfWeLrfer3P67mjtC2bg==
+click.			86400	IN	NSEC	clinic. NS DS RRSIG NSEC
+click.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . JYPdlJzSXTuMAIanU4pC4C8TLz/z1+7d5/jw7x47JopG5DgEdRj6NU+UDw6/u+Cx0KHm6scix6Kx8FbuDW69LBxvsSKF7pBQv4y9K+YgmfJ3vS2GAGbVLg8sCHlu1d022I7Rl1psMCk0OBuD4ix16pGMIPWCEfE18XIAw+Mg1OzKrIMK0qfE9GXb6d2ytHl1xq+4Qti++kNbULn8ACc2vhICHwsplSyyZgy0IgrRzZ54mDJM8tvtYUVmRM+8uL9AVDLHZttRdqwCYYTTwgM1H8OWT7oGoZw7jHlRUNvRCMQKQJCCyMAVXROq0OEZadl5K+22A0obKAppP1u0w4WrnA==
+clinic.			172800	IN	NS	v0n0.nic.clinic.
+clinic.			172800	IN	NS	v0n1.nic.clinic.
+clinic.			172800	IN	NS	v0n2.nic.clinic.
+clinic.			172800	IN	NS	v0n3.nic.clinic.
+clinic.			172800	IN	NS	v2n0.nic.clinic.
+clinic.			172800	IN	NS	v2n1.nic.clinic.
+clinic.			86400	IN	DS	44914 8 2 AF3D84251DFB43F15442B1B300AC65252BD0C3FF91BF6711412CB3D6EFE49C43
+clinic.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . KiGTqpJmfYdgSSZfP3A6llL5FTiVkRUhFDVUG0d5sFANmUttRCju490CtwX8JtjK1x9HVNXAvXNSzER9wtckfAQUliqBOgt4FPsU2FH+1+93EkB3FhidHgoUA+su9v6rigu7U8e0qregtt3hpzWZv8QLoLQVIDPo0xn2Ve1g5KZND9OVa3Y7w2EQseyfALzqL4igAMpQXrdEfMe5g3NBRa1ycn/4jKRB9nqHNUvRiCTXQ17fd2ZafJcxo0hg7U1//NwscqCc/yJaxESEgwCBM5eHGBlN5sQEU0CADIxhNLvg7mz9r6EgcOHGXBOJAzkRK3POC3uYzY7v67A5CjXZjw==
+clinic.			86400	IN	NSEC	clinique. NS DS RRSIG NSEC
+clinic.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . KpCyo9Yb5RIo6d48iqiQ5yN0YVNU48xLdzPm1GD/XvhN+Qh504wbFU2fDGcb2okE8lK9tK3UaynDSEmj7POGbRnkcToE4RonOdx6/y3TU5D99RaBTDzuIutTY4Crxn2Ne3A7xDZNVJmZC/gFIkTg7J7ABu3WPCSXFl3MSOQx7ydEf1K5V5vqTyxgg21kOBDES156J/WaFP6NUqT770zSyNFDdZM+SENsxG2/099nh3Cyd6raWBxNZFUspPlfhQmRWZ5/DlZzj3NXfCDtXms+Xq/k1FS/Y8k5hcv6z0scyYXXddSKOjPB/Pb8QHKusjUUWwPyLNisCzSHOOxjIn+BPA==
+v0n0.nic.clinic.	172800	IN	A	65.22.32.47
+v0n0.nic.clinic.	172800	IN	AAAA	2a01:8840:22:0:0:0:0:47
+v0n1.nic.clinic.	172800	IN	A	65.22.33.47
+v0n1.nic.clinic.	172800	IN	AAAA	2a01:8840:23:0:0:0:0:47
+v0n2.nic.clinic.	172800	IN	A	65.22.34.47
+v0n2.nic.clinic.	172800	IN	AAAA	2a01:8840:24:0:0:0:0:47
+v0n3.nic.clinic.	172800	IN	A	161.232.16.47
+v0n3.nic.clinic.	172800	IN	AAAA	2a01:8840:fa:0:0:0:0:47
+v2n0.nic.clinic.	172800	IN	A	65.22.35.47
+v2n0.nic.clinic.	172800	IN	AAAA	2a01:8840:25:0:0:0:0:47
+v2n1.nic.clinic.	172800	IN	A	161.232.17.47
+v2n1.nic.clinic.	172800	IN	AAAA	2a01:8840:fb:0:0:0:0:47
+clinique.		172800	IN	NS	a0.nic.clinique.
+clinique.		172800	IN	NS	a2.nic.clinique.
+clinique.		172800	IN	NS	b0.nic.clinique.
+clinique.		172800	IN	NS	c0.nic.clinique.
+clinique.		86400	IN	DS	51286 8 2 2456B103E69D9F788B97912B8DFBA0FBFDF574ABFA166DDD1C773DCF252B3BDE
+clinique.		86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . BPynGRZBmoO/YEkkP1LjjjIPw2JDadUxFxTv/1G3nAWw1QuYEE6ZyYYfLATULyDi6LlOp/kj7kfi6nf1mbqWDe4vqqOw4/C8ST87BbWPuwXXMZsFw/uqWYeC3dv74aerYbIVJUNMTVX7qKSnfJwEE7guBmONSZ+xdB7FRUCG9GQFGvl0jxINTywLyTwn3u8b70wPpUSzcpDx+rOV23A4ZrozqkErnxE6PLx6mZobmB3sUUh03x/zYNbnlYcn5Z+7O06pKoiZXFACa7PWVst8eDPNkh68C+H40X5v+ClTwy1d6J+c5Sbx7+3LPB/FADmy1m+inDPYhx6BH/Hzss0fnA==
+clinique.		86400	IN	NSEC	clothing. NS DS RRSIG NSEC
+clinique.		86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . pszXZvxkVBrXRtHnoA0pii9exMu1YQSa+suHOkFmpjxpYrrCMf7lhvYh0skT8rdh89yK7qww3Pa404jgLspNyQmAX6ryrFvU0slJonEUWm37V+DRF6UjmSebz0UB6V/Kdf9Og2JDyFboN52n28JC27nZ99pFQz2RMH8ErIGJhVsqG1E4BhI1d87cKniriSe8F6MOyDWHoFTlx6gyzRELZskwSIFXavYYMVNe2oIf3tGxahVsXAb3GTh1eKp0242MUBLHmbKz1dg6UbQz162DO1oq1MfPSWX+EfGBLWs6b/UWGbHBkqc9hlnwC+VsV3FDgO0gRwQfMyor3rtcfLJe9g==
+a0.nic.clinique.	172800	IN	A	65.22.52.41
+a0.nic.clinique.	172800	IN	AAAA	2a01:8840:32:0:0:0:0:41
+a2.nic.clinique.	172800	IN	A	65.22.55.41
+a2.nic.clinique.	172800	IN	AAAA	2a01:8840:35:0:0:0:0:41
+b0.nic.clinique.	172800	IN	A	65.22.53.41
+b0.nic.clinique.	172800	IN	AAAA	2a01:8840:33:0:0:0:0:41
+c0.nic.clinique.	172800	IN	A	65.22.54.41
+c0.nic.clinique.	172800	IN	AAAA	2a01:8840:34:0:0:0:0:41
+clothing.		172800	IN	NS	v0n0.nic.clothing.
+clothing.		172800	IN	NS	v0n1.nic.clothing.
+clothing.		172800	IN	NS	v0n2.nic.clothing.
+clothing.		172800	IN	NS	v0n3.nic.clothing.
+clothing.		172800	IN	NS	v2n0.nic.clothing.
+clothing.		172800	IN	NS	v2n1.nic.clothing.
+clothing.		86400	IN	DS	28429 8 2 568008019C12E27101DDBE2DEC57563701D527FFFD4A61AE82D7C54FEBAD2F2D
+clothing.		86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . vyZnwYMXkBLpE2pNP35ZHZmD3Iw/c5bRjsArARqh63i4HKsiBkAXl9aVsmMNgVzm4K2OsJYd1oxSWeaKl19EeTDMu/gJrmT8E6WXKseQkSR79dN/9ZWYjiGcgcigBxgdcBMcDDVbhelIXchhsMP/5tctCgXsYP9y1OKNH7RVWnAmSPaHzwd/XsSIk8BkCLJPJtAKFl+3i8q6jCFyCpvK2eIz9FtKRmKsfFM8dAO68qvR2xZl1pIYPsEbMeO7dnA++6YvZW3w+/QYKGwSyO2/rV2y3TlRSeuVtT2FzLGq+7Zn41kRRvihJN2OYHH/dQ+hLzhVscloXyPCw8oMRjhRCQ==
+clothing.		86400	IN	NSEC	cloud. NS DS RRSIG NSEC
+clothing.		86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . RSdP1mRCM1UBNZT2DFmnAI58sBVZVRD+3WbM5VQKnxtF+BLhWeLwAVfcM9e17Bhbn5gulgvYFZ4ebp7LOV17Q1DrVJ4m6HWKfvDkYpqPyeRvwavbpEW3nnR9WGq5BGIJixcV+ITHW7WhterhE4X4VFcfqpdnzf9ntD1hvmNRPUDcgvvNvMXPgRb0mxcMCB9z5dVAbwWUYNeKc+cyEjllIJl0v0ja61HiYrYRowVyWk3gQ8jJCrF646AEI1O5Ssa2TJGzilOqH52BReH0EaC21fTRolOrA/xYpcGg8MTkVhbS8+/Gc/BXCLEtoNFEJmtBc680y9QjqlDoYWV48zRAoQ==
+v0n0.nic.clothing.	172800	IN	A	65.22.24.13
+v0n0.nic.clothing.	172800	IN	AAAA	2a01:8840:1a:0:0:0:0:13
+v0n1.nic.clothing.	172800	IN	A	65.22.25.13
+v0n1.nic.clothing.	172800	IN	AAAA	2a01:8840:1b:0:0:0:0:13
+v0n2.nic.clothing.	172800	IN	A	65.22.26.13
+v0n2.nic.clothing.	172800	IN	AAAA	2a01:8840:1c:0:0:0:0:13
+v0n3.nic.clothing.	172800	IN	A	161.232.12.13
+v0n3.nic.clothing.	172800	IN	AAAA	2a01:8840:f6:0:0:0:0:13
+v2n0.nic.clothing.	172800	IN	A	65.22.27.13
+v2n0.nic.clothing.	172800	IN	AAAA	2a01:8840:1d:0:0:0:0:13
+v2n1.nic.clothing.	172800	IN	A	161.232.13.13
+v2n1.nic.clothing.	172800	IN	AAAA	2a01:8840:f7:0:0:0:0:13
+cloud.			172800	IN	NS	ns1.uniregistry.net.
+cloud.			172800	IN	NS	ns2.uniregistry.info.
+cloud.			172800	IN	NS	ns3.uniregistry.net.
+cloud.			172800	IN	NS	ns4.uniregistry.info.
+cloud.			86400	IN	DS	23374 8 2 0503A8FB36BC97CF3FBA3B0186BE04364E5743B345A89288FD5DFB9672D73619
+cloud.			86400	IN	DS	48499 8 2 655C17351152D0B6A959B7AC2C674CA37BB3513F612CF803EAE16F572C648AB4
+cloud.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . 0p1oi8isHA2cJtSrVEhYgG9q+lmyCiN2lDripOBExaVZDmQZUgQfQFQnbx4rPG4d6+LktIkxkyBHSORaOydPQwP38r2CKB/0IBBo0hog+FDsMEuE+JbmGu0uuY1pHjwYOfmU4y9cKZDHjEhNlkA3cVKPbQrH0+JsnQz856nBUJYDjtglLqFyFP8L55p2FW1dhSs+1b02ctzln/NMUxRn5q0zkEh7XjxUEuD9iU1t5X7FyO0y7WsWxkiFNRpZ42vRStgw+6N/dpLzXZUVkHUyCW5DOEfvdeq1hRCbqcKf/2q4vtgRSDmAd21ex/aUaHAHJ23wMiijgi70iicix7qY/w==
+cloud.			86400	IN	NSEC	club. NS DS RRSIG NSEC
+cloud.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . ljjjXk5XubFGryvBEDnxk2+eVCO+/nXd/dN+Kl4jZlqfroXP2X+Vz54uGORFkRqfj5E0rU/zVDZQCMj2uPxtVG+3z9Ql74bgZNoidVft7WGJ5YVj3Bbn+9tGMxqUIV0l4/+u//aXpa1E+LlmIn61PxnEJXELfa10q9F8d2KhpUdkbx0s0/TSMpi2xtyPr3Ovazh+bxpFIHkIsK1o0zeBbD2eBqY856E1hiTvPXHS6lYg+CDpcCN+XfPqrjTGwtsMtDTW6MwDfwqBpeueUUCkwpLGbpuTduHTLllvljC/2NImU9XvfWZYczLiJPFHPcDy9/uNpFmeww9HOiXGAIQvcQ==
+club.			172800	IN	NS	a.nic.club.
+club.			172800	IN	NS	b.nic.club.
+club.			172800	IN	NS	c.nic.club.
+club.			172800	IN	NS	ns1.dns.nic.club.
+club.			172800	IN	NS	ns2.dns.nic.club.
+club.			172800	IN	NS	ns3.dns.nic.club.
+club.			86400	IN	DS	20392 8 2 1F1EBACD947952CE4DF8A80045EC37D088A49B72618FEB92B91229DE4D31B7B4
+club.			86400	IN	DS	54682 8 2 4FC0DBB4F04BE413BA1C0B1E92F4C5F0CCEBF7856370E20671AF6417499DB258
+club.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . BH2Fys50et3FM/fGOc71xzE0sL3hEtQ7kJTYYCZSPEvOvNM8uhtz4+QJzYgG6N6e+lndMa2jvUP4ptfaX1X4Uy7L1rHBK1Gl+YY1ZZzAF6u6Na0kaE7Rl/X4u6kSrgymcZ7S6rVKo672PRKIxSygybZtlExe9bn0PcsLFd1du4ZQzvsyw6vyIf30WqcZOK04zqwnAfy3uLOJgt/Z030DmdGYin3202ESN949+sS03yXh3khq27dmIwZNYTMwMGVBWtxT9T/LTlaf5hAzqHbY/NGb4jOCLzB9qTLVeWeHtFMecJRcBvxg7ILIJtSmH5vnlGMlRjdq/ZuM4HjiPrmQ/g==
+club.			86400	IN	NSEC	clubmed. NS DS RRSIG NSEC
+club.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . ESwA02NsXkAlsQF3LIoCItnS9ohEup3syzeSS2Pdm5JaJddB3owHpTwllnLwVtzVFi2oB5ol3X+isLbiOgBAYuwXxAW+49bT3IexC49EX67ZuQTNfFh8iyVGXRMAUjxX+37BJXXbKCKC/MvOS0ZJl6a7PZpLZkoFkb2g3DFfyBXBO8mT4r00XNGCQySeXkILKtyqCMBfkDVOvXI6AtDy5XBkMku5fv6DOFkDd3hzLVbG1tWWHM/ioxQFCNg7UytJflQPqtqR/awxIDaiKzngR3ZUXkZvz9fvzSd0Bmy+dLFiOXyp212yh0NbhAuhXc31o+LLbPqsZMX+H+tomiyxAA==
+a.nic.club.		172800	IN	A	37.209.192.10
+a.nic.club.		172800	IN	AAAA	2001:dcd:1:0:0:0:0:10
+b.nic.club.		172800	IN	A	37.209.194.10
+b.nic.club.		172800	IN	AAAA	2001:dcd:2:0:0:0:0:10
+c.nic.club.		172800	IN	A	37.209.196.10
+c.nic.club.		172800	IN	AAAA	2001:dcd:3:0:0:0:0:10
+ns1.dns.nic.club.	172800	IN	A	156.154.144.215
+ns1.dns.nic.club.	172800	IN	AAAA	2610:a1:1071:0:0:0:0:d7
+ns2.dns.nic.club.	172800	IN	A	156.154.145.215
+ns2.dns.nic.club.	172800	IN	AAAA	2610:a1:1072:0:0:0:0:d7
+ns3.dns.nic.club.	172800	IN	A	156.154.159.215
+ns3.dns.nic.club.	172800	IN	AAAA	2610:a1:1073:0:0:0:0:d7
+clubmed.		172800	IN	NS	ac1.nstld.com.
+clubmed.		172800	IN	NS	ac2.nstld.com.
+clubmed.		172800	IN	NS	ac3.nstld.com.
+clubmed.		172800	IN	NS	ac4.nstld.com.
+clubmed.		86400	IN	DS	2823 8 2 49AFA8257AEF277EADCE81A3B3712BE90AEC8A22363B302884ACF373EADADF0C
+clubmed.		86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . ctu11Fgw7NsmjKffMzo4jT+YHOh5JMAl0Avaum5EX8nS44WmaT3SSRs5ctmeOVB7lLppmaug3YIoBQz6HbsJMqjsUGITUu73ayhaTl+pH++yoi/SC6uZbplYUk9YspaNfFl1REktMJa1mSlU2wLgDdB7wnoWjxnowq9DA8/xCHpMXttovwQnAuwZsc48Kw8pdKU9QDWpRkFwBYtZ43W9wZxTdFgBMoj3oIzFjiI34Fwpqyz+uFXmVjttPGkqT0B6RVJrAVqIXgZaDhA8ZqNXRI5glQ1WbqW9s+awEH/rEnSsFDk/lau+JU7KfONK62bs8nLrXsIL5hXITdqQ/URPFQ==
+clubmed.		86400	IN	NSEC	cm. NS DS RRSIG NSEC
+clubmed.		86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . yFj/apS30x6d9+u4fwLKklqonFFSXfMeFsebjXb1QxCxW5yRnx1EvCEYnDsGsUorHt4asd7eQezpubM9SiGPlQS6fNV5Uv3PddIQ4ckpyg32CZ+V0Nf4yryIyRikQlwFgXhUJYh40ScsoNQlev5fnwTZmR2TjptARinIGozxSbcwF2z8p39i6yamGHi0AV3GS+y9uruY57TbW9oNguqhB7yIG1gjqOuTyZ6Wuo3j+hgK1/94SU9wq6Ml13e9dWu5Yb5SExc/X06gE6kBZsSMFEFvXnDF7l1wu+LRSNKtzk2dcjxMyfGLcH9GRDu5KbiSRVb1gsB5nzFxY0gfLLtZqA==
+cm.			172800	IN	NS	ns.itu.ch.
+cm.			172800	IN	NS	kim.camnet.cm.
+cm.			172800	IN	NS	lom.camnet.cm.
+cm.			172800	IN	NS	auth02.ns.uu.net.
+cm.			172800	IN	NS	sanaga.camnet.cm.
+cm.			86400	IN	NSEC	cn. NS RRSIG NSEC
+cm.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . r6bdnkSTkJJhd3N0W/RMaMmcRXDkeSZk3To8bNAARbVNlwW3co3ZyAfoNc5eL1IVC/n8wy6nRaPz2PJFBGNTiwdzw5V4dU9+bt/Sxc0r0EMyBBhRj115SfIEV8b7J3fFlqTs7O/pLTobpS0kgeJjaLRTf5dwCyqO5U8ybXdYrry4BOxPedcDf3DErpcolkJBVaJb0PNPhOeuDXYG4W3NJ21MiyyJRdrndEOjSV6wuVJ0W039FXGFzk0CBR/QEofq7NkfKowocAWBLJ/uxvjq4d9hedK2SmFOn4qp69NbVcl9jVMA7W62+ZRKEWbp0yWfr5NIvfByqGmPAdNGybSEUA==
+kim.camnet.cm.		172800	IN	A	195.24.192.35
+lom.camnet.cm.		172800	IN	A	195.24.192.34
+sanaga.camnet.cm.	172800	IN	A	195.24.192.17
+cn.			172800	IN	NS	a.dns.cn.
+cn.			172800	IN	NS	b.dns.cn.
+cn.			172800	IN	NS	c.dns.cn.
+cn.			172800	IN	NS	d.dns.cn.
+cn.			172800	IN	NS	e.dns.cn.
+cn.			172800	IN	NS	ns.cernet.net.
+cn.			86400	IN	DS	57724 8 2 5D0423633EB24A499BE78AA22D1C0C9BA36218FF49FD95A4CDF1A4AD97C67044
+cn.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . lyydPdNLplReyh3bR+NklFHi0bxuZPc0M5CFSROWtHWj3BFXSWCwMu4M1deTtLIY02nyvpj5v4dtF2iLODZ5CCKIQXEcEPn+xZskYRt9YCbJDinozLZXGZO79UqATre5iYQvWyRf8hua8T/mS4lcWCzqLWFdrSAT3W5SLgoUxJl1CPqLQcuZw5ShIcKAtcL3D5ok6aSKo/7nHX6DcYjJ/oUENI2Kc4aWyEghnba4YpJXJg52+iWQo7BmmlJHk++HSDJ8soHWRvtbZsVV8le8ZNBAUG8qmSPfN6Qs2hlCxtGhcsVNMAmkfZqopq/9Y27G6Yptbm+Lq48NdGMBGIYxuw==
+cn.			86400	IN	NSEC	co. NS DS RRSIG NSEC
+cn.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . T6Bvtj9BxBXlufJKBCG/ihK21AQyhyb1hodAU41LbXQrM6F/8aAbW/HGiSlLis0+F25EuvTqlDJq7G08exgrlAfQsW2n9HZdpWOco4JzjJEYH0LtZdfktwQYdgoCBcY1V20MA8O6fO6cMHvWJukAKaZKk6mmXTfiGNiuZtgcKsWvcYl2+WB8ZfYvbsaDVQD4h/3017zrpAUQqhOVSrozc/X+047xcvbBic4jAmV9Je/SXogzROaZPHxcMiPla0l5Spz8QOyfUk3ZJ36bpyjsbNlHKboS78Ac3KRJe6FME07wA4GMJ1/gTmckUIM5TeIxM8YwQIwcSMI7C/peQxIjrA==
+ns1.conac.cn.		172800	IN	A	111.235.161.1
+ns1.conac.cn.		172800	IN	AAAA	2401:b400:1:0:0:0:0:1
+ns2.conac.cn.		172800	IN	A	111.235.162.1
+ns2.conac.cn.		172800	IN	AAAA	2401:b400:8:0:0:0:0:1
+ns3.conac.cn.		172800	IN	A	111.235.163.1
+ns3.conac.cn.		172800	IN	AAAA	2401:b400:9:0:0:0:0:1
+ns4.conac.cn.		172800	IN	A	111.235.164.1
+ns5.conac.cn.		172800	IN	A	111.235.165.1
+a.dns.cn.		172800	IN	A	203.119.25.1
+a.dns.cn.		172800	IN	AAAA	2001:dc7:0:0:0:0:0:1
+b.dns.cn.		172800	IN	A	203.119.26.1
+b.dns.cn.		172800	IN	AAAA	2001:dc7:1:0:0:0:0:1
+c.dns.cn.		172800	IN	A	203.119.27.1
+c.dns.cn.		172800	IN	AAAA	2001:dc7:2:0:0:0:0:1
+d.dns.cn.		172800	IN	A	203.119.28.1
+d.dns.cn.		172800	IN	AAAA	2001:dc7:1000:0:0:0:0:1
+e.dns.cn.		172800	IN	A	203.119.29.1
+e.dns.cn.		172800	IN	AAAA	2001:dc7:3:0:0:0:0:1
+h.dns.cn.		172800	IN	A	125.208.32.1
+h.dns.cn.		172800	IN	AAAA	2001:dc7:fffe:0:0:0:0:1
+i.dns.cn.		172800	IN	A	125.208.33.1
+i.dns.cn.		172800	IN	AAAA	2001:dc7:ffff:0:0:0:0:1
+j.dns.cn.		172800	IN	A	125.208.34.1
+j.dns.cn.		172800	IN	AAAA	2001:dc7:fffd:0:0:0:0:1
+k.dns.cn.		172800	IN	A	125.208.35.1
+k.dns.cn.		172800	IN	AAAA	2001:dc7:fffc:0:0:0:0:1
+l.dns.cn.		172800	IN	A	125.208.36.1
+l.dns.cn.		172800	IN	AAAA	2001:dc7:fffb:0:0:0:0:1
+a.ngtld.cn.		172800	IN	A	125.208.40.1
+a.ngtld.cn.		172800	IN	AAAA	2001:dc7:ffc1:0:0:0:0:1
+b.ngtld.cn.		172800	IN	A	125.208.41.1
+b.ngtld.cn.		172800	IN	AAAA	2001:dc7:ffc2:0:0:0:0:1
+c.ngtld.cn.		172800	IN	A	125.208.42.1
+c.ngtld.cn.		172800	IN	AAAA	2001:dc7:ffc3:0:0:0:0:1
+d.ngtld.cn.		172800	IN	A	125.208.43.1
+e.ngtld.cn.		172800	IN	A	125.208.44.1
+ta.ngtld.cn.		172800	IN	A	42.83.130.1
+ta.ngtld.cn.		172800	IN	AAAA	2001:dc7:ffd1:0:0:0:0:1
+tb.ngtld.cn.		172800	IN	A	42.83.131.1
+tb.ngtld.cn.		172800	IN	AAAA	2001:dc7:ffd2:0:0:0:0:1
+tc.ngtld.cn.		172800	IN	A	42.83.132.1
+tc.ngtld.cn.		172800	IN	AAAA	2001:dc7:ffd3:0:0:0:0:1
+td.ngtld.cn.		172800	IN	A	42.83.133.1
+te.ngtld.cn.		172800	IN	A	42.83.134.1
+ns1.teleinfo.cn.	172800	IN	A	103.61.60.1
+ns1.teleinfo.cn.	172800	IN	AAAA	2402:7d80:0:0:0:0:0:1
+ns3.teleinfo.cn.	172800	IN	A	103.61.62.1
+co.			172800	IN	NS	ns1.cctld.co.
+co.			172800	IN	NS	ns2.cctld.co.
+co.			172800	IN	NS	ns3.cctld.co.
+co.			172800	IN	NS	ns4.cctld.co.
+co.			172800	IN	NS	ns5.cctld.co.
+co.			172800	IN	NS	ns6.cctld.co.
+co.			86400	IN	DS	61744 8 2 B9ADCA87453C1F69A9A524681F4179A88374C546A45892ACC10E2653519ACCBD
+co.			86400	IN	DS	62110 8 2 4857EE1A85E661C92156AD09B40139DAE7D5BE37D117A1223289F0E20CF9D654
+co.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . M177bC5hdPzQX8QVkVVDyKebIjcAOseRkd54UisxzrY0Z+oUcjCkFozc5ui4izwtvN3ADg+0KGoSm747nN4xRuuxJZHbg9hJZCeNKsb/OAepVoW7S78R+ib2HEE8moJYZNQB13GDoULdr1z+uZ5v2UrePjams3iExO/wlefi/L04Je1t0TfYtT2CbMF30qZh0bpjLdp5/JPUV0E5gSz4f3aYSEFphPmT+SZ3/6FbzmH0GgPWsl1WCO8JB1AtPcVrpbulwCtmQT0JSiZjA2/W5ZFz1bx0geWeFJnIsE8QbgVFvFhAQb+O/To+2zr4bW2u/hQBDWZsjyZLSiAx1SyDJg==
+co.			86400	IN	NSEC	coach. NS DS RRSIG NSEC
+co.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . qVTBAchCBIuOE+6ZRRDzaHoAfMJnZUk/POfIX/9T5pBo65u5EEcHNV+Dc1ZKuuYwfZJOfO0GpZ2yIr2NRQUXiqGG1rHs7xIGxYUNjV2KjGSAcT4f2vPg6d+w693o6it8xtTtoVBbUD9ZTI7POaZDh4A1pGelgbHK+GvJB+ywCOEIXK4dUHweP7v3sSTOyYVm6jBUHfBg0qfvE8/+ndkBHzPuHEORa3k7QhbbSjeqdOsWa1NKBOUss2H8beQQ8cmSdoIXgNnbZe6Gc/Damtz6rJAqajneaP6ZEkEjQTpebdOePNJjeEsZ2i/vh0oiWe3nkG26PFuCSdC2xQGpN4xvQg==
+ns1.cctld.co.		172800	IN	A	37.209.192.14
+ns1.cctld.co.		172800	IN	AAAA	2001:dcd:1:0:0:0:0:14
+ns2.cctld.co.		172800	IN	A	37.209.194.14
+ns2.cctld.co.		172800	IN	AAAA	2001:dcd:2:0:0:0:0:14
+ns3.cctld.co.		172800	IN	A	37.209.196.14
+ns3.cctld.co.		172800	IN	AAAA	2001:dcd:3:0:0:0:0:14
+ns4.cctld.co.		172800	IN	A	156.154.103.25
+ns4.cctld.co.		172800	IN	AAAA	2610:a1:1010:0:0:0:0:21
+ns5.cctld.co.		172800	IN	A	156.154.104.25
+ns5.cctld.co.		172800	IN	AAAA	2610:a1:1011:0:0:0:0:21
+ns6.cctld.co.		172800	IN	A	156.154.105.25
+ns6.cctld.co.		172800	IN	AAAA	2610:a1:1012:0:0:0:0:21
+coach.			172800	IN	NS	v0n0.nic.coach.
+coach.			172800	IN	NS	v0n1.nic.coach.
+coach.			172800	IN	NS	v0n2.nic.coach.
+coach.			172800	IN	NS	v0n3.nic.coach.
+coach.			172800	IN	NS	v2n0.nic.coach.
+coach.			172800	IN	NS	v2n1.nic.coach.
+coach.			86400	IN	DS	7096 8 2 2C8F67D678443E464938744000D71FE49762EF2F18EB51992D0AA5C9D7B88C6D
+coach.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . mhbm/BIU6Yzmn/PDPEFKSYRphOEVe+eMQhf2EZeNkHyT2UUoaho9+ANGVT/itlZs1HA9vNL6AEyTF3nkMmD3NElgnCcE8ou4YR5dSLIBjKofL5vHTNvvzakx7r/PlNgyZNAg8mxcJl5InECxaCU3QK/xBt4JmokdIrXEyEHlX6P9APZOWa2UxHHNe7hTmsJuGxoB6rdazqLXs7DGwUfy4ni1Fgjf0bGT4oF7UAAY6bZBTiKIB1CjRVoatQOXIUSMoWF5Q+/DJ8IjEJs6/WwI1Rb35Vvc8Viu8IFh9E4fN46hXp2pB7vF4avQvsnBVL85lCYndBhFVOfyoOAmAmB7PQ==
+coach.			86400	IN	NSEC	codes. NS DS RRSIG NSEC
+coach.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . tMWNCuAhT7KoqF7Zi7vbekSs/wzb73DzJQOHv0ci+XIZoFcuxlGNpI4DSWb/Nc/d0DrexOBrJ2SDLA+U74HflIGLutFi/73JKZN1lISpTh1o0mfFChjjfc/9zbEGlBuqGj/HF+kyr9ZEVUA4/W2fvtrNarAQRl4dGqsuskbMaREfaZmMagozKacunlMw39uK2fCHWeMQXf3YH3/3ZSkt4djbcnnczlpSp+mi8m9HLBlz3gulSOh3D/xcf4wjt2P80e4J8Uv/DRhcQRGmAr6/GLfJUEouMyECqIdmguYdekKfxUyyyAGlwekrOtiLwvHGcHlQGSgls/wuZMTfyBFYTg==
+v0n0.nic.coach.		172800	IN	A	65.22.32.41
+v0n0.nic.coach.		172800	IN	AAAA	2a01:8840:22:0:0:0:0:41
+v0n1.nic.coach.		172800	IN	A	65.22.33.41
+v0n1.nic.coach.		172800	IN	AAAA	2a01:8840:23:0:0:0:0:41
+v0n2.nic.coach.		172800	IN	A	65.22.34.41
+v0n2.nic.coach.		172800	IN	AAAA	2a01:8840:24:0:0:0:0:41
+v0n3.nic.coach.		172800	IN	A	161.232.16.41
+v0n3.nic.coach.		172800	IN	AAAA	2a01:8840:fa:0:0:0:0:41
+v2n0.nic.coach.		172800	IN	A	65.22.35.41
+v2n0.nic.coach.		172800	IN	AAAA	2a01:8840:25:0:0:0:0:41
+v2n1.nic.coach.		172800	IN	A	161.232.17.41
+v2n1.nic.coach.		172800	IN	AAAA	2a01:8840:fb:0:0:0:0:41
+codes.			172800	IN	NS	v0n0.nic.codes.
+codes.			172800	IN	NS	v0n1.nic.codes.
+codes.			172800	IN	NS	v0n2.nic.codes.
+codes.			172800	IN	NS	v0n3.nic.codes.
+codes.			172800	IN	NS	v2n0.nic.codes.
+codes.			172800	IN	NS	v2n1.nic.codes.
+codes.			86400	IN	DS	60022 8 2 8202CE29FC05C3D18A4E2B64481F9E14D900D210F86B9B6226AB3EF0ACA364D7
+codes.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . NnOFlXlh3JQAXvxpfJMh60mXFeRSQclc4lpOViw2PoFMrTrOi7AKsu7o0iOlwwUgDf2sTpeD39UZAM0YKHfmrEjFsO6NPZxpZejar1EUckzzaLgTKcDezg+6WsKdjzsX+ScqzlE7bOEMR2rkecQeDbFtfEtI+LAE+LDYuX5TRiQtDjNyUt5IRZ1VN9GExXM+yEKmyBOd2iJWspBrWxQvx3nUsEYSeDmsaIv+8uKij3S8mGPHXOJrhEZKjAeSmU88/l06h7SAM9DCQc5to+Bx6VhILzTzCAra7QuksIIAGczfwlUv4OiHkeluMco0O3VyIom/frZKm+O/mOTVyPTK/g==
+codes.			86400	IN	NSEC	coffee. NS DS RRSIG NSEC
+codes.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . Hny8XFUUf9xyzK+iEk+ILpBe3tcQ0JGpspZ3/ubfxsaRSkaCygqY8m9vNidpQl1It1gdz+iSi3z5otq2CgOl7z08Ih+07NzqqMkzVWylM33dHmBKDHUBb2aNW32cTM+a5MmiLPc0cZFRqlI6lij51MIDB9rbDUiN08WJjRNlBNyE5kR4xd0F+VbiLXDIVhTKw9sNaYu8lRdghrkurXPKsk9rBZ2uS0K+tdIxlF3uhIY3gSfqEbccXJG4h5Ka9kht0sp3hCewG9lXvaEd7dTsI6X9lV0Tj/69g6ZBFyqgG5yTaBOrT6BBxoIsEde4Tg9ffgOHcd+IQ22Q/h9TBdZMLg==
+v0n0.nic.codes.		172800	IN	A	65.22.32.43
+v0n0.nic.codes.		172800	IN	AAAA	2a01:8840:22:0:0:0:0:43
+v0n1.nic.codes.		172800	IN	A	65.22.33.43
+v0n1.nic.codes.		172800	IN	AAAA	2a01:8840:23:0:0:0:0:43
+v0n2.nic.codes.		172800	IN	A	65.22.34.43
+v0n2.nic.codes.		172800	IN	AAAA	2a01:8840:24:0:0:0:0:43
+v0n3.nic.codes.		172800	IN	A	161.232.16.43
+v0n3.nic.codes.		172800	IN	AAAA	2a01:8840:fa:0:0:0:0:43
+v2n0.nic.codes.		172800	IN	A	65.22.35.43
+v2n0.nic.codes.		172800	IN	AAAA	2a01:8840:25:0:0:0:0:43
+v2n1.nic.codes.		172800	IN	A	161.232.17.43
+v2n1.nic.codes.		172800	IN	AAAA	2a01:8840:fb:0:0:0:0:43
+coffee.			172800	IN	NS	v0n0.nic.coffee.
+coffee.			172800	IN	NS	v0n1.nic.coffee.
+coffee.			172800	IN	NS	v0n2.nic.coffee.
+coffee.			172800	IN	NS	v0n3.nic.coffee.
+coffee.			172800	IN	NS	v2n0.nic.coffee.
+coffee.			172800	IN	NS	v2n1.nic.coffee.
+coffee.			86400	IN	DS	37636 8 2 A131F5C4F1C6415C615B2B0B297CC9F97CEECB22CFA36D74270642FA8F0EEDAB
+coffee.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . DbLgSLRUUOPz2rsTci+qS9IbqEeiUglYXVlkFgBzshCEd+JKLcPwp+/mS2ZT8I7EpiBvuu4TZcbQqhlIIMnADa+azhn/FgtvHY1Xnd7S8zjNlnwHAYHBvKoGkEcYc4Suc+h7ZBRaAT1Nlh2iVS0mNf5z8L6ud3hC4/n6sGJoho6OUlKpHSMzpk6BhJiUDQ7IyXD/G2iN7c6b+OHnsBnY73pzYp/PFwAKdxsP0n0lzoOp42Ryr8qgrS360dmP5AsAA5ypD3tlK02ZuG9njTYGr2p3fdxtajxF+sgVs2H6vMWyHPaw5kOGJ/VMdBnrn09tHnHqixruzt1iI8lB3AUSxw==
+coffee.			86400	IN	NSEC	college. NS DS RRSIG NSEC
+coffee.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . OGlFJ4ZF0GqyMUOLOCjM/uMTCx++spIbFK/mqbZhcQsZJSA5dV81tdtB9wvcSgLsB0wycBIn9bXNETvo0tD8c1TuUDlMrz6xksn9kLCozsrbzZdSu79HeJQfgIkVS90feeilTsHK3alAzBzNV3LriEJ7f9PUyt834DBQZhrvA8vjOck+NSTE/IKmRTnQmEpHE3PlmT5A1jUsFcwJaLOV8AImLJE8at2kZuJmiBn+Iqa0V2bmxrhdhal16IrCaKawcM4Hl4/jYOR2ukoPYgmAoONI0IW3PXz93K8BdDjf6o9WUCMMQClZwldGHSVbuoSrsrDiB/4QwjkaPfOCP/iIIw==
+v0n0.nic.coffee.	172800	IN	A	65.22.28.41
+v0n0.nic.coffee.	172800	IN	AAAA	2a01:8840:1e:0:0:0:0:41
+v0n1.nic.coffee.	172800	IN	A	65.22.29.41
+v0n1.nic.coffee.	172800	IN	AAAA	2a01:8840:1f:0:0:0:0:41
+v0n2.nic.coffee.	172800	IN	A	65.22.30.41
+v0n2.nic.coffee.	172800	IN	AAAA	2a01:8840:20:0:0:0:0:41
+v0n3.nic.coffee.	172800	IN	A	161.232.14.41
+v0n3.nic.coffee.	172800	IN	AAAA	2a01:8840:f8:0:0:0:0:41
+v2n0.nic.coffee.	172800	IN	A	65.22.31.41
+v2n0.nic.coffee.	172800	IN	AAAA	2a01:8840:21:0:0:0:0:41
+v2n1.nic.coffee.	172800	IN	A	161.232.15.41
+v2n1.nic.coffee.	172800	IN	AAAA	2a01:8840:f9:0:0:0:0:41
+college.		172800	IN	NS	a.nic.college.
+college.		172800	IN	NS	b.nic.college.
+college.		172800	IN	NS	c.nic.college.
+college.		172800	IN	NS	d.nic.college.
+college.		86400	IN	DS	46634 8 1 E8D1436ABC9B53D4219D05356CC1687732014B60
+college.		86400	IN	DS	46634 8 2 7BEBB696E117D17EFA506B8DD2209D2C49E97E6635596FF3177BE76BE0463C3C
+college.		86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . XpVGVukuM/o/unnsyloJaI4jd005Q1GRODyk9ih06UHQ8xhYQ1PLOdVBx0bnQeHj6Cf+uqgbse0RSlKr0YBaumJYn5eCy3vJdeDUhBq+AOzQsORk/+HtsC2DLTnfmYBD+jpNFfP9fvUF0wkz57PUw83QVHHTlEU8EKtGPNCWB6Szpmg/8IQkojxx6Etsz9GlOWuJpIJnrhoPqe7u/bLnDLA1yC+8J4zLdg31kE9g86tDrr6PIOvZsN0HuztBmc+phMQjgnnO284zjWsIDpuLvMm7lLKUpbDgQh2H5VH6icP7hhQUaMc2uYlFkbvqZ+ykRWG2tSEO4Li7o7uXZ8t3bg==
+college.		86400	IN	NSEC	cologne. NS DS RRSIG NSEC
+college.		86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . tnk3cQ+UcrUP5IPGg9xclZvs4PPZICajdkcZkKXu7+Tgz1hcBo1RYGfmMDkYSIicOWSferQpDTSAts0dg0zhsP4Lf/+tTwx6SLs08ephQhbkQFu7D21VX8JxcCvsfwXkhh1O3mjH/6gDVFuqPjM/haaAkYJa471kuSLSN4Lhawa3K8x73L3BCdHJB0GK4OoECDW0sivogn7V4KNYSwZfwJOqNJsQWAVoYZRU9v1YP083XV06/f8bipEkgg3pR8SbPZzj3jGqqN9JGHVcM3edCfcZ1SbBqxFOZjMumK2coXutdVLga4fy4CFdP+rJ6NK+xMmQMKhu8k9OymScyaAx2Q==
+a.nic.college.		172800	IN	A	194.169.218.44
+a.nic.college.		172800	IN	AAAA	2001:67c:13cc:0:0:0:1:44
+b.nic.college.		172800	IN	A	185.24.64.44
+b.nic.college.		172800	IN	AAAA	2a04:2b00:13cc:0:0:0:1:44
+c.nic.college.		172800	IN	A	212.18.248.44
+c.nic.college.		172800	IN	AAAA	2a04:2b00:13ee:0:0:0:0:44
+d.nic.college.		172800	IN	A	212.18.249.44
+d.nic.college.		172800	IN	AAAA	2a04:2b00:13ff:0:0:0:0:44
+cologne.		172800	IN	NS	dns.ryce-rsp.com.
+cologne.		172800	IN	NS	ns1.dns.business.
+cologne.		172800	IN	NS	ns1.ryce-rsp.com.
+cologne.		86400	IN	DS	26533 10 2 B3A50F0FE5E706E83B98EAFE1AE7AC0DBB95219C8C6EAFB94CE1DE36B2A7F51F
+cologne.		86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . h+awRu4W3geN1tjvx+aoZM3nITDpzM2/DlbCIe/SABQKLhQ2RlSnAiY6AGKmMM2JL1rj/5hh5MBip8C3h8V1hVGWzQWPRxSC72deZHlSHBk2kcxYCVm0jPjHcwCxj12filSCJCf7tbnKGlRfB5B+H0QmHHa0Qk58rn6fPWr45Oin8Rrq23fx3HA33Hp3iqhO1MfItyheOc49kdotv7L7zv1RZwoE1FwwkOvSFSyr3GIoS/bQG/ZJMWlglUrXS4u0VhAWDYWyVVqc0gobRrU8hYUqQzjpDHVRoEORHhe4rjSDcdrKF6ULZPBfle/M8pDfUM/cq2KdcO1LJI0vb0gplg==
+cologne.		86400	IN	NSEC	com. NS DS RRSIG NSEC
+cologne.		86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . Q069vOdjAiVfH69eWE8+FoBgRh3iNdPmNrNeZLItNQ0vUWwGmqNX0Ns00M0s81AfVHbA0MvGVkUn3xqIiDCZeHfIH1HN7PB4EthNRxlwPbuFaW2SlqD/ku4pVTna5EhU6gL9oUlXLWG1Ks611we+SBQYVw61L15pYHMeUlDjmK8zZHhXYwwks16LDnmtacZ49OUD37ZA2HMRk68bUcTh7LdenukJxf/r1orTVICjFH0ntqGRVzV5OgpjQbBPpNUnZWeIWN/1N4/OlZ7qNp+9OQv7BWWf9yKvm506r4AtVVBDFlo7v+ylV09idOkcvyfZCOZzWUG2UbNljC1zyGeDMQ==
+com.			172800	IN	NS	a.gtld-servers.net.
+com.			172800	IN	NS	b.gtld-servers.net.
+com.			172800	IN	NS	c.gtld-servers.net.
+com.			172800	IN	NS	d.gtld-servers.net.
+com.			172800	IN	NS	e.gtld-servers.net.
+com.			172800	IN	NS	f.gtld-servers.net.
+com.			172800	IN	NS	g.gtld-servers.net.
+com.			172800	IN	NS	h.gtld-servers.net.
+com.			172800	IN	NS	i.gtld-servers.net.
+com.			172800	IN	NS	j.gtld-servers.net.
+com.			172800	IN	NS	k.gtld-servers.net.
+com.			172800	IN	NS	l.gtld-servers.net.
+com.			172800	IN	NS	m.gtld-servers.net.
+com.			86400	IN	DS	30909 8 2 E2D3C916F6DEEAC73294E8268FB5885044A833FC5459588F4A9184CFC41A5766
+com.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . t4ADNyZwW1sU/41DtrUFVFgFcXRfoEu3OhZy5zCR+XE4ShiKXq76OzEFfja5RY/r366IZJq/hfmd1QAEOiUTmxPaupveww9V2or2T1bO6nEX3fK3WTVsv/m/4Bk2kV04mhZZIIlxtTdvgbHrJz7QeoKBRAxYGQVapH/ecJYeDDaxRkPFZL4qk0VDqMn3fagw0QaYkR9+Er+Y4DyNyI6SSPRGvIK7C8LHlQhZy1wSWE1mL7sGd7mF7YjtU0y2xWEGLYnmPfyAf7zQRR8biDU0mTM4QLoCgIDTtpGuxTaXWBCYvd1gKA8qRQd/T5MlG05fcIOA63SzQHZhl2bShKim5A==
+com.			86400	IN	NSEC	comcast. NS DS RRSIG NSEC
+com.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . vdJUnMh3wbNLtJZV+XvpZ8Z3am0z62pHCL8Ap/FRJRXm6dKR/blG2oZ9vvZM4Bdw0v0XeAywTTyoOHJYYKBz34JAtU26qk07psifJYg7qa6TRHKMWUDMvQ2z+T3O1sjG01hqzE4kg/dB3e+xoMGOBw+dj0FWioHBrPrxogzpTVrdMjTCsgxH4bRdlCLSUKk2iguLsxifc6I+FJlSSf5k4G4d6ksYcnl65m/89RDqoLOD/+MrNPm7pmEEb/eliDgUB2hHrZ1yuihKQCDO2TwAffXuZNR/4629BMvvNTRJVMzcTAsLvpgF3nQZhjzva/Mn6CHRNOkMh3lshKOh/uI5Ww==
+ns.amarshallinc.com.	172800	IN	A	71.163.249.97
+dns1.tld.becloudby.com.	172800	IN	A	93.125.25.72
+dns1.tld.becloudby.com.	172800	IN	AAAA	2a00:c827:a:2:0:0:0:2
+dns2.tld.becloudby.com.	172800	IN	A	93.125.25.73
+dns2.tld.becloudby.com.	172800	IN	AAAA	2a00:c827:a:3:0:0:0:2
+dns3.tld.becloudby.com.	172800	IN	A	185.98.83.4
+dns3.tld.becloudby.com.	172800	IN	AAAA	2a01:ba80:e:c:1:0:0:4c
+dns4.tld.becloudby.com.	172800	IN	A	31.44.1.137
+dns4.tld.becloudby.com.	172800	IN	AAAA	2a0e:b81:8001:1001:0:0:0:2
+dns7.tld.becloudby.com.	172800	IN	A	31.44.5.245
+ns.blacknightsolutions.com.	172800	IN	A	81.17.240.204
+ns.blacknightsolutions.com.	172800	IN	AAAA	2a01:a8:dc1:33:0:0:0:33
+ns2.blacknightsolutions.com.	172800	IN	A	78.153.202.4
+ns2.blacknightsolutions.com.	172800	IN	AAAA	2a01:a8:dc2:33:0:0:0:33
+a.mynic.centralnic-dns.com.	172800	IN	A	194.169.218.114
+a.mynic.centralnic-dns.com.	172800	IN	AAAA	2001:67c:13cc:0:0:0:1:114
+b.mynic.centralnic-dns.com.	172800	IN	A	185.24.64.114
+b.mynic.centralnic-dns.com.	172800	IN	AAAA	2a04:2b00:13cc:0:0:0:1:114
+c.mynic.centralnic-dns.com.	172800	IN	A	212.18.248.114
+c.mynic.centralnic-dns.com.	172800	IN	AAAA	2a04:2b00:13ee:0:0:0:0:114
+d.mynic.centralnic-dns.com.	172800	IN	A	212.18.249.114
+d.mynic.centralnic-dns.com.	172800	IN	AAAA	2a04:2b00:13ff:0:0:0:0:114
+ns1.samsung.centralnic-dns.com.	172800	IN	A	194.169.218.112
+ns1.samsung.centralnic-dns.com.	172800	IN	AAAA	2001:67c:13cc:0:0:0:1:112
+ns2.samsung.centralnic-dns.com.	172800	IN	A	185.24.64.112
+ns2.samsung.centralnic-dns.com.	172800	IN	AAAA	2a04:2b00:13cc:0:0:0:1:112
+ns3.samsung.centralnic-dns.com.	172800	IN	A	212.18.248.112
+ns3.samsung.centralnic-dns.com.	172800	IN	AAAA	2a04:2b00:13ee:0:0:0:0:112
+ns4.samsung.centralnic-dns.com.	172800	IN	A	212.18.249.112
+ns4.samsung.centralnic-dns.com.	172800	IN	AAAA	2a04:2b00:13ff:0:0:0:0:112
+ns1.xn--cg4bki.centralnic-dns.com.	172800	IN	A	194.169.218.113
+ns1.xn--cg4bki.centralnic-dns.com.	172800	IN	AAAA	2001:67c:13cc:0:0:0:1:113
+ns2.xn--cg4bki.centralnic-dns.com.	172800	IN	A	185.24.64.113
+ns2.xn--cg4bki.centralnic-dns.com.	172800	IN	AAAA	2a04:2b00:13cc:0:0:0:1:113
+ns3.xn--cg4bki.centralnic-dns.com.	172800	IN	A	212.18.248.113
+ns3.xn--cg4bki.centralnic-dns.com.	172800	IN	AAAA	2a04:2b00:13ee:0:0:0:0:113
+ns4.xn--cg4bki.centralnic-dns.com.	172800	IN	A	212.18.249.113
+ns4.xn--cg4bki.centralnic-dns.com.	172800	IN	AAAA	2a04:2b00:13ff:0:0:0:0:113
+a.xn--q7ce6a.centralnic-dns.com.	172800	IN	A	194.169.218.17
+a.xn--q7ce6a.centralnic-dns.com.	172800	IN	AAAA	2001:67c:13cc:0:0:0:1:17
+b.xn--q7ce6a.centralnic-dns.com.	172800	IN	A	185.24.64.17
+b.xn--q7ce6a.centralnic-dns.com.	172800	IN	AAAA	2a04:2b00:13cc:0:0:0:1:17
+c.xn--q7ce6a.centralnic-dns.com.	172800	IN	A	212.18.248.17
+c.xn--q7ce6a.centralnic-dns.com.	172800	IN	AAAA	2a04:2b00:13ee:0:0:0:0:17
+d.xn--q7ce6a.centralnic-dns.com.	172800	IN	A	212.18.249.17
+d.xn--q7ce6a.centralnic-dns.com.	172800	IN	AAAA	2a04:2b00:13ff:0:0:0:0:17
+ns-tld1.charlestonroadregistry.com.	172800	IN	A	216.239.32.105
+ns-tld1.charlestonroadregistry.com.	172800	IN	AAAA	2001:4860:4802:32:0:0:0:69
+ns-tld2.charlestonroadregistry.com.	172800	IN	A	216.239.34.105
+ns-tld2.charlestonroadregistry.com.	172800	IN	AAAA	2001:4860:4802:34:0:0:0:69
+ns-tld3.charlestonroadregistry.com.	172800	IN	A	216.239.36.105
+ns-tld3.charlestonroadregistry.com.	172800	IN	AAAA	2001:4860:4802:36:0:0:0:69
+ns-tld4.charlestonroadregistry.com.	172800	IN	A	216.239.38.105
+ns-tld4.charlestonroadregistry.com.	172800	IN	AAAA	2001:4860:4802:38:0:0:0:69
+ns-tld5.charlestonroadregistry.com.	172800	IN	A	216.239.60.105
+ns-tld5.charlestonroadregistry.com.	172800	IN	AAAA	2001:4860:4805:0:0:0:0:69
+dns3.dotukr.com.	172800	IN	A	37.187.75.31
+hoppy.iom.com.		172800	IN	A	217.23.163.140
+pebbles.iom.com.	172800	IN	A	83.218.14.53
+ns-mg.malagasy.com.	172800	IN	A	51.178.182.212
+ns1.neoip.com.		172800	IN	A	51.195.14.249
+ns2.neoip.com.		172800	IN	A	45.83.41.38
+ns1.nic-ge.com.		172800	IN	A	3.66.58.155
+ns2.nic-ge.com.		172800	IN	A	35.153.81.228
+ac1.nstld.com.		172800	IN	A	192.42.173.30
+ac1.nstld.com.		172800	IN	AAAA	2001:500:120:0:0:0:0:30
+ac2.nstld.com.		172800	IN	A	192.42.174.30
+ac2.nstld.com.		172800	IN	AAAA	2001:500:121:0:0:0:0:30
+ac3.nstld.com.		172800	IN	A	192.42.175.30
+ac3.nstld.com.		172800	IN	AAAA	2001:500:122:0:0:0:0:30
+ac4.nstld.com.		172800	IN	A	192.42.176.30
+ac4.nstld.com.		172800	IN	AAAA	2001:500:123:0:0:0:0:30
+rip.psg.com.		172800	IN	A	147.28.0.39
+rip.psg.com.		172800	IN	AAAA	2001:418:1:0:0:0:0:39
+dns.ryce-rsp.com.	172800	IN	A	194.0.11.114
+dns.ryce-rsp.com.	172800	IN	AAAA	2001:678:e:114:0:0:0:53
+ns1.ryce-rsp.com.	172800	IN	A	193.56.204.153
+ns1.ryce-rsp.com.	172800	IN	AAAA	2a0c:8f40:0:701:0:0:0:153
+ns3.seacomnet.com.	172800	IN	A	41.87.126.253
+ns3.seacomnet.com.	172800	IN	AAAA	2c0f:feb0:0:0:0:0:0:3
+ns4.seacomnet.com.	172800	IN	A	41.87.127.253
+ns4.seacomnet.com.	172800	IN	AAAA	2c0f:feb0:0:0:0:0:0:4
+ns2.teleinfoo.com.	172800	IN	A	103.61.61.1
+ns2.teleinfoo.com.	172800	IN	AAAA	2402:7d80:8888:0:0:0:0:1
+ns4.teleinfoo.com.	172800	IN	A	103.61.63.1
+ns2.tojikiston.com.	172800	IN	A	193.111.11.4
+ns01.trs-dns.com.	172800	IN	A	64.96.1.1
+ns01.trs-dns.com.	172800	IN	AAAA	2620:57:4001:0:0:0:0:1
+dns1.u-registry.com.	172800	IN	A	51.222.128.197
+a.zdnscloud.com.	172800	IN	A	203.99.24.1
+b.zdnscloud.com.	172800	IN	A	203.99.25.1
+c.zdnscloud.com.	172800	IN	A	203.99.26.1
+d.zdnscloud.com.	172800	IN	A	203.99.27.1
+f.zdnscloud.com.	172800	IN	A	114.67.16.204
+g.zdnscloud.com.	172800	IN	A	42.62.2.16
+i.zdnscloud.com.	172800	IN	AAAA	2401:8d00:1:0:0:0:0:1
+j.zdnscloud.com.	172800	IN	AAAA	2401:8d00:2:0:0:0:0:1
+comcast.		172800	IN	NS	dns1.nic.comcast.
+comcast.		172800	IN	NS	dns2.nic.comcast.
+comcast.		172800	IN	NS	dns3.nic.comcast.
+comcast.		172800	IN	NS	dns4.nic.comcast.
+comcast.		172800	IN	NS	dnsa.nic.comcast.
+comcast.		172800	IN	NS	dnsb.nic.comcast.
+comcast.		172800	IN	NS	dnsc.nic.comcast.
+comcast.		172800	IN	NS	dnsd.nic.comcast.
+comcast.		86400	IN	DS	21809 8 2 10E13E49F33ED1E42CA5D829093548118280D27664EB9DB6B52956189B5DBC67
+comcast.		86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . pSBEM1dsxUC6AZZpSTY4E+OMclTzagikAQaQSDDny3IqiQLxEdAUpii8E3tNbyRmEEUkjHCoFLdoMzfw/x/IrthmVsaEgVlHe5kGuRDd44fJsdzHsYhln2X8Zu3zj0W1jOKk8hC5iw8XZqevhNhnQ4XlMIRIhZsLmWXkimAuYpPWTHQBhqm2KK7dECyZqTugH8yBH8o9cHdVFiJmQMg543ZfByMM66p6r7+AWmqP2ICtlyKxOTEkZpeSvD9C5UESSd3MLNjX8avSoVQ/O8pnGEZmK6OZo6XM62+BePvy/2Tk3jG1lGyaJ6J6WwoaCTE0YYAVyZo+XKjOPdcNPxozDg==
+comcast.		86400	IN	NSEC	commbank. NS DS RRSIG NSEC
+comcast.		86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . Hs2O2Znl0wMRHCrVS8ZV+MFOMUd30MzOhy+vAse3QcbFOvC59fIPLPqkBTmgtjkBhsiQWGngLEN/qtNFpeEVCAYoevOqG1I2FbVJGb/rNLMcqMyP3SvUbkrP+6hseRUN4fXTMZBi6T8n/d0j7kiVwls2bd7/2HmSohJopXGqZ50KcM7YAQhtwnBc4s+lbtPetcSqsbwkK8d5d8EQtakbHXhXZrPaVQzdh5P1u+0q2Ahj1UGhYZkw0B7gqWHNEpPtlrA+siBwrxI4YD8fDmqIjn7S9PaamPtzYROMp4AZtxeIvcotNY33qGs8cv7aPwsKxaRaHfuNDfdhYIaJvMrnIQ==
+dns1.nic.comcast.	172800	IN	A	213.248.219.6
+dns1.nic.comcast.	172800	IN	AAAA	2a01:618:403:0:0:0:0:6
+dns2.nic.comcast.	172800	IN	A	103.49.83.6
+dns2.nic.comcast.	172800	IN	AAAA	2401:fd80:403:0:0:0:0:6
+dns3.nic.comcast.	172800	IN	A	213.248.223.6
+dns3.nic.comcast.	172800	IN	AAAA	2a01:618:407:0:0:0:0:6
+dns4.nic.comcast.	172800	IN	A	43.230.51.6
+dns4.nic.comcast.	172800	IN	AAAA	2401:fd80:407:0:0:0:0:6
+dnsa.nic.comcast.	172800	IN	A	156.154.100.3
+dnsa.nic.comcast.	172800	IN	AAAA	2001:502:ad09:0:0:0:0:3
+dnsb.nic.comcast.	172800	IN	A	156.154.101.3
+dnsb.nic.comcast.	172800	IN	AAAA	2001:502:2eda:0:0:0:0:3
+dnsc.nic.comcast.	172800	IN	A	156.154.102.3
+dnsc.nic.comcast.	172800	IN	AAAA	2610:a1:1009:0:0:0:0:3
+dnsd.nic.comcast.	172800	IN	A	156.154.103.3
+dnsd.nic.comcast.	172800	IN	AAAA	2610:a1:1010:0:0:0:0:3
+commbank.		172800	IN	NS	a.nic.commbank.
+commbank.		172800	IN	NS	b.nic.commbank.
+commbank.		172800	IN	NS	c.nic.commbank.
+commbank.		172800	IN	NS	d.nic.commbank.
+commbank.		86400	IN	DS	25681 8 2 CCB3F1BCFD33D277ECE719B8AAD64A84B6722C4A46235605F3DF06D435F59B6D
+commbank.		86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . UFzjmiK/NtPNqttzdBif7wNJAytH9Rp4MM0nn19LIY9ATdmtP771hyRQ9JIHbB7bKUy29kULN+FlLmmzrFlW4Joe90t/etU1lJ5JmL6BggCl78u25wpayznQUciPd4XhlTA2hqmX4HyoHJQAGKcJoW0IQahUOpVRbXyx4Eza4eT9pWi3sz+Lkn3uNbjlZWIqmKDDhIjdNQ5pD2Z73oY4YZo5p/Xj7LlAB91B4MN/IrMWgxg4sz3gCxBG8IugdH6dnzYryA0HiEv6sv1SmhtIOwwS5jORbb47Hb/N7bEhxuxi3qiX+eziZ+S7jrEOVC9JhE4ILciI3OZw/9Iym8fZVQ==
+commbank.		86400	IN	NSEC	community. NS DS RRSIG NSEC
+commbank.		86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . GuGuIWXLf6V779PTHAwvUqn+l8MLtJ8dV1m6Qyih1eRocTCr/aYxGwOTgdygtBukenjW5JnAivtEBwZc8FPh8piptlwMk+WjuOYvAF0aOL88oO50Bz3n1w6rdXkK7jpDh3Jtkz91rBVrg445gpnGt599t6rBYaFFO/tbMAUwRTFRde+u4XA5vTMTSxpQQpkiG5EXFSZ86TVYg/RNUqQ80/TtoKyHqoPEqqicwixm+ZKZYTHCE8RoODvTQ84f+4zivkYZphiEYJkF4eF2P2ZQvrG2DaZdDFLhJ50gbVRMQT67TvukdC60HNUSwuy6IU3AngQ+HElDAF0+psnc/O0/Rg==
+a.nic.commbank.		172800	IN	A	37.209.192.9
+a.nic.commbank.		172800	IN	AAAA	2001:dcd:1:0:0:0:0:9
+b.nic.commbank.		172800	IN	A	37.209.194.9
+b.nic.commbank.		172800	IN	AAAA	2001:dcd:2:0:0:0:0:9
+c.nic.commbank.		172800	IN	A	37.209.196.9
+c.nic.commbank.		172800	IN	AAAA	2001:dcd:3:0:0:0:0:9
+d.nic.commbank.		172800	IN	A	37.209.198.9
+d.nic.commbank.		172800	IN	AAAA	2001:dcd:4:0:0:0:0:9
+community.		172800	IN	NS	v0n0.nic.community.
+community.		172800	IN	NS	v0n1.nic.community.
+community.		172800	IN	NS	v0n2.nic.community.
+community.		172800	IN	NS	v0n3.nic.community.
+community.		172800	IN	NS	v2n0.nic.community.
+community.		172800	IN	NS	v2n1.nic.community.
+community.		86400	IN	DS	41077 8 2 F9EFF79788BF6867B89D159CE55ACB532F65A3A8CD50A49A1A298EBE08384D7D
+community.		86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . JEyPk0vK12toqLMNuMciTZ49hWDmhGlCt7IDcFaoFwbri3deMOCPqY/iAIvBDYeVKJ52N83uLBn6C6F0OuMp4ru6crt1w10Lu1zV0TnYEewtgxqhtmcWRgOQc/Um7MN/7rVVlH4KSDrZES9c4m2CgVtc1yEQmS6xBUoB+xCH3mN4V/2n3FXNZE68hKWoAPXmswDNnTo0sbEG5/38ZSh0FOV1DFbZx+f25fZvYIaQDIUQu6lNTQJ0+fKCpH1quH9SxU59YaVswrmCPJkS/qxkJC8lfnk208jgF18M+Jd8zpaF1SpNaYjCQhkgZFB1B6lZOQOWboM2ax+7juYTd8UZHg==
+community.		86400	IN	NSEC	company. NS DS RRSIG NSEC
+community.		86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . aG6DhFrwJBaYxglZmvYve0AQZQJHI4WvS7RAxgv+XbZp9I80gINDTV70roi1TFBOhOEBAn7jVwr6dHukUtRHFSDGm0q2Em7FeMCeZaJ/vsKO+1Adgu4+aeglO4LyJlgbb1fG592NKZtIQU/rJu/N1TA80JNxbaFD8amMAXKS/zG2XxU51orb1W6zsBMHDPUpI51Pvxkt2viwhWvXcM0fclc8F6ONromPcgXuHrEMZjIKcAMqcQ8qcILJyDc9x5HeDvvvHJSHLLTzQqSrFtVPXOP2zfHSlD2dw8OFLIwl5yEsA+RTZj+rMNx8EyPT71rzpvMW6n6stsfy+XioLPrlnQ==
+v0n0.nic.community.	172800	IN	A	65.22.24.10
+v0n0.nic.community.	172800	IN	AAAA	2a01:8840:1a:0:0:0:0:10
+v0n1.nic.community.	172800	IN	A	65.22.25.10
+v0n1.nic.community.	172800	IN	AAAA	2a01:8840:1b:0:0:0:0:10
+v0n2.nic.community.	172800	IN	A	65.22.26.10
+v0n2.nic.community.	172800	IN	AAAA	2a01:8840:1c:0:0:0:0:10
+v0n3.nic.community.	172800	IN	A	161.232.12.10
+v0n3.nic.community.	172800	IN	AAAA	2a01:8840:f6:0:0:0:0:10
+v2n0.nic.community.	172800	IN	A	65.22.27.10
+v2n0.nic.community.	172800	IN	AAAA	2a01:8840:1d:0:0:0:0:10
+v2n1.nic.community.	172800	IN	A	161.232.13.10
+v2n1.nic.community.	172800	IN	AAAA	2a01:8840:f7:0:0:0:0:10
+company.		172800	IN	NS	v0n0.nic.company.
+company.		172800	IN	NS	v0n1.nic.company.
+company.		172800	IN	NS	v0n2.nic.company.
+company.		172800	IN	NS	v0n3.nic.company.
+company.		172800	IN	NS	v2n0.nic.company.
+company.		172800	IN	NS	v2n1.nic.company.
+company.		86400	IN	DS	11266 8 2 CA9EA07E5EF40B031C8B7CE22D30076665054333B8D56B2979C481DF8CB5F983
+company.		86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . F3c9KbEzZkQbMO50s4Bg7NifLbTNlzv+Ad5mqS1JqWs1LBJh6GC5Gxod9dGBlL0ydU8+nP28SJSfKc2ZTmOf0HlqdcmvtyfUnsf0NBxaiRPRHFkSd9x0lKLT+ghWHCa3CEc/7p7a+xfvJw5XOeNxFA/bMi3REfnLiCu571jYN+cBkxXh1E4U4HxJU8O+xEqeMR+UrDDbQLJ3xP9iD9ZWb4EHG3M3sfCJp3xFk4IW0E18MYiKKd/HNB9Ewy8eso2UusmNIgj5DDgA5fQWaI/K0oEhFKK4sX3i1O9Uf4i/BaKcq3PIkupDB47LhIiG5ThfaVQdniOaCVKU8+3zzMEeQw==
+company.		86400	IN	NSEC	compare. NS DS RRSIG NSEC
+company.		86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . n1LRgcCnEksv9SFJvrI1pXtaGbDYXOX+VDS47WRpHd3CBlbgT0VO+1HL7/plVMCgNneKlRYugVK1xbVgiP66L4x5cuKGKy6MBo1R80ND6x+ROFWSbDVcwAEAR07d/hlWFiuX0B2kGUg6kSw1AcvL/DgNDwkvWS0NDMRM7bIid7Ep3HQ2VHa/YPYos5XGeySazGvY2eOdOhpw5zezBCOUbyTmi8KhmaAMguYJtKSiGBlcBPH0vndkkBhs6gE+jIDmIQc324pY93Vvq8E/81QPkXYbV6VeBokJBllZ5HBT+9BBGPzLeZk1do5MRIXeW+32fvgn+z0trIbP5Eo7dxf6EQ==
+v0n0.nic.company.	172800	IN	A	65.22.24.36
+v0n0.nic.company.	172800	IN	AAAA	2a01:8840:1a:0:0:0:0:36
+v0n1.nic.company.	172800	IN	A	65.22.25.36
+v0n1.nic.company.	172800	IN	AAAA	2a01:8840:1b:0:0:0:0:36
+v0n2.nic.company.	172800	IN	A	65.22.26.36
+v0n2.nic.company.	172800	IN	AAAA	2a01:8840:1c:0:0:0:0:36
+v0n3.nic.company.	172800	IN	A	161.232.12.36
+v0n3.nic.company.	172800	IN	AAAA	2a01:8840:f6:0:0:0:0:36
+v2n0.nic.company.	172800	IN	A	65.22.27.36
+v2n0.nic.company.	172800	IN	AAAA	2a01:8840:1d:0:0:0:0:36
+v2n1.nic.company.	172800	IN	A	161.232.13.36
+v2n1.nic.company.	172800	IN	AAAA	2a01:8840:f7:0:0:0:0:36
+compare.		172800	IN	NS	a.nic.compare.
+compare.		172800	IN	NS	b.nic.compare.
+compare.		172800	IN	NS	c.nic.compare.
+compare.		172800	IN	NS	x.nic.compare.
+compare.		172800	IN	NS	y.nic.compare.
+compare.		172800	IN	NS	z.nic.compare.
+compare.		86400	IN	DS	12634 8 2 40C8DBBA65AC7385A2DD35E299EE6010D850197DD7A438DCCAC7D13C2D32D953
+compare.		86400	IN	DS	27319 8 2 3B57AC3D5396B250896E78B988F741BEACF93733DAF02048F86763AEA3272445
+compare.		86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . bAk/8bY6Y4jZESBuKhXpozjdIy60vrYTOPIB3ZztP5Xo60ZqPHiQEIC1I2H3BWDoy4KnsQQ7PxwcWsGHzzKaBXVPmtZsu35ygdN+ZUlkpBr13wQn/qdWIEfyU9M2sA2j5CO49Nr6P17MD4f40G4jdwG4tAfYueHZkv91kLrgC8wtO29wgmVnTYy4RO/95tPfDxoadZxYWrX4deFF/TRjesSy8I5WJSwAwhtuuzKjmTp+WPI1Rt8G4APhBs1ZHA8epe7UALJTy9/YsOVPVF3sbjSW+G2oeZVVat6l+2p3+ZNnHeK5+vKxSxM56SKZj8HWjLmKo6XIYdn72A8By93qYA==
+compare.		86400	IN	NSEC	computer. NS DS RRSIG NSEC
+compare.		86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . kjJLHhTM0qD3195bP6jX0xdiVlVYxVlh5S20SlnsyjGPn87j631UQlDNUd1MTLdY83qmC5WOuAcByRIFqwEW+xM6pu+B5Izi7dlKQhfhn0sFMVGnEM/fFCCi3GRoVa7sPWRYfw6rVeb52jHQwrp+RDZ7D3GGedlIzw6pYvVTqgUAkXGgh0viqycBw2r60R9W/F1w1laeRzj4A8O4xc/mR1l08TO7dKqI8eCTFYTrZ81dVuqm9oW2Bnn5khYEOIcGf0lQrtz3hXSAbR8T1Cc9gCujsGtPsuBlY2uAmrfa11owvtOkuJpb3KfFXxIIjNXrHAzJWIPNLoviRbqqNnvCDA==
+a.nic.compare.		172800	IN	A	37.209.192.9
+a.nic.compare.		172800	IN	AAAA	2001:dcd:1:0:0:0:0:9
+b.nic.compare.		172800	IN	A	37.209.194.9
+b.nic.compare.		172800	IN	AAAA	2001:dcd:2:0:0:0:0:9
+c.nic.compare.		172800	IN	A	37.209.196.9
+c.nic.compare.		172800	IN	AAAA	2001:dcd:3:0:0:0:0:9
+x.nic.compare.		172800	IN	A	156.154.172.82
+x.nic.compare.		172800	IN	AAAA	2610:a1:1074:0:0:0:1:82
+y.nic.compare.		172800	IN	A	156.154.173.82
+y.nic.compare.		172800	IN	AAAA	2610:a1:1075:0:0:0:1:82
+z.nic.compare.		172800	IN	A	156.154.174.82
+z.nic.compare.		172800	IN	AAAA	2610:a1:1076:0:0:0:1:82
+computer.		172800	IN	NS	v0n0.nic.computer.
+computer.		172800	IN	NS	v0n1.nic.computer.
+computer.		172800	IN	NS	v0n2.nic.computer.
+computer.		172800	IN	NS	v0n3.nic.computer.
+computer.		172800	IN	NS	v2n0.nic.computer.
+computer.		172800	IN	NS	v2n1.nic.computer.
+computer.		86400	IN	DS	29629 8 2 49C52C30C178F8CF305CFE47ED6B6FAEC79E6200AB71B74DD1BFE4B2A9253438
+computer.		86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . VpQDc37F1Q5Oq4nfsb2tCVkyNRm2q2kkMng70y8Hcbd74vYnIB1h4m6TcmwVFfKiqZicyozl7z8l59GfDxY7QRsz5VNfNKpPwtyx7JPzkw6SkIHHBS2F5T0zqoSLc1jCtVZFmyuqwmaIjjwxG0UtJzzMsfFj/08pt+NHVOauDxKeEw74ECfVZHy1c8fGvd/8MDsdZAyilf1u6/YrVSOr75qadgEanVb4qmcLBNpX7K5t7qKnhkgLb112vV/NvrAbwfPFTjBCXYbj/eW4eqHRnM8yTQW+4+awaavKxXsIJLRsWtD3NL6LqRieNzj3zzAkBYpqNClWfKWbDafyt40jVg==
+computer.		86400	IN	NSEC	comsec. NS DS RRSIG NSEC
+computer.		86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . P0Q6yTqDFlwk58C4fDKy3zX8b6hg8NbvwEdlVeWn/mmRQGXYnJ3O4hF4sum4xJiPUyU0sH4qnRH0OfSDKnnXsCHwLuXc7VkB9Sc9T46rd6H3gn9wnUmaZhfrL4xDLaKsvM4SxyXMPslsNuESxD9dDjkn2HAaBweV0mPbroBpBHpFscigG09b5g/9RC3ZQoZ0+84D7o3T/A5SZRY3ZHn12IYqOU/6HpCaLxj2CDLOj96KsGXzEh6StHcjCVLA1+wU+v9salO987Fa/3iIGI/tdV3hVQYrc3PcwxuAJUHiMOd5IfnW6pGMyPj+AD4dVJ+x96DnvWS8yjDy+k5cPG0Xfw==
+v0n0.nic.computer.	172800	IN	A	65.22.28.19
+v0n0.nic.computer.	172800	IN	AAAA	2a01:8840:1e:0:0:0:0:19
+v0n1.nic.computer.	172800	IN	A	65.22.29.19
+v0n1.nic.computer.	172800	IN	AAAA	2a01:8840:1f:0:0:0:0:19
+v0n2.nic.computer.	172800	IN	A	65.22.30.19
+v0n2.nic.computer.	172800	IN	AAAA	2a01:8840:20:0:0:0:0:19
+v0n3.nic.computer.	172800	IN	A	161.232.14.19
+v0n3.nic.computer.	172800	IN	AAAA	2a01:8840:f8:0:0:0:0:19
+v2n0.nic.computer.	172800	IN	A	65.22.31.19
+v2n0.nic.computer.	172800	IN	AAAA	2a01:8840:21:0:0:0:0:19
+v2n1.nic.computer.	172800	IN	A	161.232.15.19
+v2n1.nic.computer.	172800	IN	AAAA	2a01:8840:f9:0:0:0:0:19
+comsec.			172800	IN	NS	ac1.nstld.com.
+comsec.			172800	IN	NS	ac2.nstld.com.
+comsec.			172800	IN	NS	ac3.nstld.com.
+comsec.			172800	IN	NS	ac4.nstld.com.
+comsec.			86400	IN	DS	34356 8 2 690FA5ECE1031BE50DDD9AC71D413546CB3D1F3D9914563C0B8C32E53F491B32
+comsec.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . Tu2c1tqSRxIo9y2wOduRfHIrwGILYjO5A+uqDk8MSV7J88hxxnuqQBymI9l0KZrdz84hgR+wNoarYPNuglI3Km/zz1oACl3FuRkV1plqNS6VfzgqIZGWO7J3Yi7cG06/fTkRGQYl4iHiG/g/CVVzcJ1X6RjS0XWpUKE6FLBjmyFE/XAk+lzwsG2JWXjkDYv29WF8lq8HqQIQYlXcrjKRPMm+/ml236bnoZ9JPfaDk2cxRjSfJW6Zbj8UtcRY+BrC5lR0+KiJ7MgiuWfpIqxr36XdSCT/Seom+6BtgqmzzefI84VXy8ryBkI7ss3oI95G9vZ8AFQX1q3AvNnmf7VEMA==
+comsec.			86400	IN	NSEC	condos. NS DS RRSIG NSEC
+comsec.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . eOxgziH9Auxjzw8TMz2phxph9Y+xUQlcC6C7H7HRM/EAbCdg64KI1XWNKABXo9z+j0QGlPiZ9nfpR+bmMFPGkwGdMsQciXCxM+HCFhaqIhD0A/48QgPUQpj4MI0pQcbW4eyheTjXDsSk8qDp3mS2PmQ+qvg93GjUzmFv7MQxC7XxI5XN6fIRgVRVNeXZx1hgnt7kFo/sPFBAuqZrmuGP432NkQrV1jfwLvWvzU53IQym9vJgHS/380P7Khf3N89v+0f4QANttwa7Tq0Yk6BWrbTP2QpJy7DhadcZAiKdM0YpQjWyidBj0VhXq6lNUWrBjkJw/nASpy/JBqUyZRv0Ew==
+condos.			172800	IN	NS	v0n0.nic.condos.
+condos.			172800	IN	NS	v0n1.nic.condos.
+condos.			172800	IN	NS	v0n2.nic.condos.
+condos.			172800	IN	NS	v0n3.nic.condos.
+condos.			172800	IN	NS	v2n0.nic.condos.
+condos.			172800	IN	NS	v2n1.nic.condos.
+condos.			86400	IN	DS	19774 8 2 71B1FDAD0A762CEA8A5B132165BC53355873C05623B8E093F03B30E0117BC757
+condos.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . FnUCD7tZ+zdNEMPdLVnDluxML3S69LptnJU8T7hCjxi4emF0M2EnuFG9GldJrUkqeuCCgFTCkXvWGFYEFe+i/ceZ7R9wXEihF1PdwHA5OeK0E8xfDeou6hNzsrr6xGGeK4TZyr2xULNtXJx2DWKKlanrXoq3u1NmYDEhm6Vbjthlnd3tCQELxFUgU3lwvWD9FxFdUZaz8KKSXj1SHClNsnQY4Bt21kw0rdhzJp7jnX7skRsX4uHaT8m2Xy8tjBVbai2IUBi6GmEIQ0P4TJ7c/lEK/+H11w4pWNRkWwnritRkVwb57Occfl0/sZCwKPYb9YAq0kVOYX5CcCV4TVs6AQ==
+condos.			86400	IN	NSEC	construction. NS DS RRSIG NSEC
+condos.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . KbY3TIgdcwAM3JLizVwCWLzQzWaOa7/9+92m+4mwUHqVoUk6v9GjqOhkfNIhIU9vZ59Sjw47ho/FwS7qckO8EttP8nwTORWT2qTbO2TXQJLcaqoD6ztHIXZeuVdPFHROjhJkPoe9MdXkL3JM2MbMuKzoNc8OE6+7ohQzezy+hnQD7LYd0IwvPXwWgEy3XTRXraFHTTM5n1wUZv16+/Gm6wUziqst4iVS4SrXhCsjFGNM07DtxotaL8PRKZkbpIkU5GHk0H4aSEo0Q74NtmvZoAR8j7qRpLXEbZBTJUbGzmYnsT4C0u+343ON5owCht166+MuAJkUnOrseAeO3rK+ag==
+v0n0.nic.condos.	172800	IN	A	65.22.20.63
+v0n0.nic.condos.	172800	IN	AAAA	2a01:8840:16:0:0:0:0:63
+v0n1.nic.condos.	172800	IN	A	65.22.21.63
+v0n1.nic.condos.	172800	IN	AAAA	2a01:8840:17:0:0:0:0:63
+v0n2.nic.condos.	172800	IN	A	65.22.22.63
+v0n2.nic.condos.	172800	IN	AAAA	2a01:8840:18:0:0:0:0:63
+v0n3.nic.condos.	172800	IN	A	161.232.10.63
+v0n3.nic.condos.	172800	IN	AAAA	2a01:8840:f4:0:0:0:0:63
+v2n0.nic.condos.	172800	IN	A	65.22.23.63
+v2n0.nic.condos.	172800	IN	AAAA	2a01:8840:19:0:0:0:0:63
+v2n1.nic.condos.	172800	IN	A	161.232.11.63
+v2n1.nic.condos.	172800	IN	AAAA	2a01:8840:f5:0:0:0:0:63
+construction.		172800	IN	NS	v0n0.nic.construction.
+construction.		172800	IN	NS	v0n1.nic.construction.
+construction.		172800	IN	NS	v0n2.nic.construction.
+construction.		172800	IN	NS	v0n3.nic.construction.
+construction.		172800	IN	NS	v2n0.nic.construction.
+construction.		172800	IN	NS	v2n1.nic.construction.
+construction.		86400	IN	DS	64792 8 2 810C9892AE0CEF123C2AB4B09A8BF2547BEBA98819E21B5698032E9026E5FAF7
+construction.		86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . 1wXlXdSz1/JGgypZx0afm8f9mv0a/GZSR7KsIGVHjFy9fmRRf1tI7qrltWJjMWXCPxRt2kraA3XmJd7qZ98WKqIjV8Ru+PFA2DeG0pSPKNXq+oxZ44kTuFmMXN4cgAhnupBa0EM37xt2XengoMYsdIm2XmXnSOKiRp0/64j4nQC1fTWqrtElBvllb6JL3Req465Sj21/9lVjcL8IgD/N0afFkS+KegZCKSoNJxzChN6mGXYShcBJDEFg4nYC7SvYg9/WPHUE5nv2JPTm1GrfqxoTOzXN6cIK43b/ahlaf+VjrQhXOSGCD3GsKRqlXzrCGCsE5lkz/QcfAgywKcJ0JA==
+construction.		86400	IN	NSEC	consulting. NS DS RRSIG NSEC
+construction.		86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . enrjck3bB0bUcbCs4jEgurLFxNFKLtm0Zk5r50E0Ltf8aTk0TO0pZSwLDhSR/wnRYnLwXhoSW0MVh5RepNBMLM7XfwJzRjEdEIc81r+aeZHk0wQVj+VTkkwM1kCtX4VMdC5y+guTZg8bXxWJ97vHSQtjIblsxfa0pPGOvs7pw8i21dqBaZfnOJ8IeNKNDj9gM3vsHVyGbS99R+7nDEHmgwEi4qiEb+CAoCby3d9XjyVC/SZsYrlxNgH2cyDF9gb35Lv3pv6KJQHACLGeAg9bSU4Nco86GNLdtMRvHtekcdqFha4Y8k91THh4kfRctNGnaPPaB+2DbB6gf1CfT0WWqQ==
+v0n0.nic.construction.	172800	IN	A	65.22.20.50
+v0n0.nic.construction.	172800	IN	AAAA	2a01:8840:16:0:0:0:0:50
+v0n1.nic.construction.	172800	IN	A	65.22.21.50
+v0n1.nic.construction.	172800	IN	AAAA	2a01:8840:17:0:0:0:0:50
+v0n2.nic.construction.	172800	IN	A	65.22.22.50
+v0n2.nic.construction.	172800	IN	AAAA	2a01:8840:18:0:0:0:0:50
+v0n3.nic.construction.	172800	IN	A	161.232.10.50
+v0n3.nic.construction.	172800	IN	AAAA	2a01:8840:f4:0:0:0:0:50
+v2n0.nic.construction.	172800	IN	A	65.22.23.50
+v2n0.nic.construction.	172800	IN	AAAA	2a01:8840:19:0:0:0:0:50
+v2n1.nic.construction.	172800	IN	A	161.232.11.50
+v2n1.nic.construction.	172800	IN	AAAA	2a01:8840:f5:0:0:0:0:50
+consulting.		172800	IN	NS	v0n0.nic.consulting.
+consulting.		172800	IN	NS	v0n1.nic.consulting.
+consulting.		172800	IN	NS	v0n2.nic.consulting.
+consulting.		172800	IN	NS	v0n3.nic.consulting.
+consulting.		172800	IN	NS	v2n0.nic.consulting.
+consulting.		172800	IN	NS	v2n1.nic.consulting.
+consulting.		86400	IN	DS	62590 8 2 D5E3B9150E958295E81D8760002FF9E5CFFD91F95903581E648465A2ABCBE2F0
+consulting.		86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . XynNRv4mBPuwoVaSgy1n6kcGmpo2pFKp7V1mkETl1Wi1PwjB1jes4t8ewUv44hxZGCYCZKHF+tMWKA1cJqsGMJaNGnsSJq/zjlrZtKlS8nGgwvF9D8aAzSyAnYj70hGtyJNIjO58QRgIIP7fzqGEH+EsJ6lCHBIkaWUOM6sYRav4jljUpQ4iKkirTXW5YPCWz0a/TLnYlTV4/EGaf4BWgTxBXrpx/ScaDbUt9C3sYlwY2FFKYp35i3kWA3OliwhEbGko1adsa9GOOvd9SZWqX8oXFoNGGHqzaM6ZcHx5PPQ0CNzr7YJCCswD+T5uRdQ45JD43behB2ClxyYXRMSCjg==
+consulting.		86400	IN	NSEC	contact. NS DS RRSIG NSEC
+consulting.		86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . uVfK12k6NV2V1KeCoeMrtQbMh/0bDzUwVoKEuRuUeEatanWvtjekMppMwQ9+09pxehR+ySHvDN2gdhCtw1yWKhmENQbEt9APSmJEeXkQhcM3uF0YevzYw8q7rsmSTlsOH63CtKkeiZlB0nbKF6FhUnm7NccvZxNkEFvagpFgQJ92QaupqlK4gCsDIDHWii5MDoJiqzxI1zDFv1lFHXaeQzPSBN3wPn1VA15M6wbSfWKjKMG1LBBU7e7YYOKQdUxn+9r0HqLHywaWC5SQWLNCj/KQC7NJjNuvVmvWQbMbKBc5O8aSFmmqPV0jL/coAJ7fP6+vPcQKfG6ic5TdDsw6Hg==
+v0n0.nic.consulting.	172800	IN	A	65.22.24.65
+v0n0.nic.consulting.	172800	IN	AAAA	2a01:8840:1a:0:0:0:0:65
+v0n1.nic.consulting.	172800	IN	A	65.22.25.65
+v0n1.nic.consulting.	172800	IN	AAAA	2a01:8840:1b:0:0:0:0:65
+v0n2.nic.consulting.	172800	IN	A	65.22.26.65
+v0n2.nic.consulting.	172800	IN	AAAA	2a01:8840:1c:0:0:0:0:65
+v0n3.nic.consulting.	172800	IN	A	161.232.12.65
+v0n3.nic.consulting.	172800	IN	AAAA	2a01:8840:f6:0:0:0:0:65
+v2n0.nic.consulting.	172800	IN	A	65.22.27.65
+v2n0.nic.consulting.	172800	IN	AAAA	2a01:8840:1d:0:0:0:0:65
+v2n1.nic.consulting.	172800	IN	A	161.232.13.65
+v2n1.nic.consulting.	172800	IN	AAAA	2a01:8840:f7:0:0:0:0:65
+contact.		172800	IN	NS	v0n0.nic.contact.
+contact.		172800	IN	NS	v0n1.nic.contact.
+contact.		172800	IN	NS	v0n2.nic.contact.
+contact.		172800	IN	NS	v0n3.nic.contact.
+contact.		172800	IN	NS	v2n0.nic.contact.
+contact.		172800	IN	NS	v2n1.nic.contact.
+contact.		86400	IN	DS	53062 8 2 222B955DB8B21EE60995CCA8DE45627D6E0156627453FEC444EF6C57339E8375
+contact.		86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . fWWlFFtdvKhL+l7vUbRT8hQ7xTbeXLqCpjW/02T6QwVSzZNBWZ6VixCK4WDmVklbogkAIztMBMPIFwwLJoeN8tgrFbn4VLmtqBZDipvr4HJAJWr2NOz4ZTJeNX3MjaThcNWL11KHvD4nLr/TeSE5AbU+ZAvys06KAFQJoJit08RIWypW2dxLekDFW7/YapmgNfa5HthTO0oGONcgs1KxdLboKqDmFJZwu4qRrK/rOh3XVTOZ5WoDmpCkvczrqRWPuXKLNDIEE8HyhabkLZamClmTsPUw6hEzeoy8hfrHFGYNDW3bWntvD7ZqOL5Z6vVcvzBxqvgS3Fp9vXb4N5NfxQ==
+contact.		86400	IN	NSEC	contractors. NS DS RRSIG NSEC
+contact.		86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . 1c3tK40C3cxO/SkXOXzLfeM9jMY8L/cIWJ4bNwDirGJNy5/9dHAG7RvCutqJPI0r0Obu9xNA5ZRAUBNYcuK+HWf/Xgw0ekHfaw6krYBZseFjFUJul+bEe5ug2oEFXYrYFn+oBkooJScxOQtlIqM3Jj+e7eE8RY7N3vscG6gpe09rOv+L0nx8/t8NRVzkEd4o5zEhZhgXvthR61jqQBbUP7sESYjb0kdXvkNsJhPNjXLXbdhoBaU+LfXXYxBrJ21trokdzF2+46jlKGtTmGc6sguBRmNVJO9/oQeRaSUS+tBzSF/3VT70tNZ/wR9v7kot0rFk6HPlvpSTCOdZdfDYHQ==
+v0n0.nic.contact.	172800	IN	A	65.22.24.34
+v0n0.nic.contact.	172800	IN	AAAA	2a01:8840:1a:0:0:0:0:34
+v0n1.nic.contact.	172800	IN	A	65.22.25.34
+v0n1.nic.contact.	172800	IN	AAAA	2a01:8840:1b:0:0:0:0:34
+v0n2.nic.contact.	172800	IN	A	65.22.26.34
+v0n2.nic.contact.	172800	IN	AAAA	2a01:8840:1c:0:0:0:0:34
+v0n3.nic.contact.	172800	IN	A	161.232.12.34
+v0n3.nic.contact.	172800	IN	AAAA	2a01:8840:f6:0:0:0:0:34
+v2n0.nic.contact.	172800	IN	A	65.22.27.34
+v2n0.nic.contact.	172800	IN	AAAA	2a01:8840:1d:0:0:0:0:34
+v2n1.nic.contact.	172800	IN	A	161.232.13.34
+v2n1.nic.contact.	172800	IN	AAAA	2a01:8840:f7:0:0:0:0:34
+contractors.		172800	IN	NS	v0n0.nic.contractors.
+contractors.		172800	IN	NS	v0n1.nic.contractors.
+contractors.		172800	IN	NS	v0n2.nic.contractors.
+contractors.		172800	IN	NS	v0n3.nic.contractors.
+contractors.		172800	IN	NS	v2n0.nic.contractors.
+contractors.		172800	IN	NS	v2n1.nic.contractors.
+contractors.		86400	IN	DS	20974 8 2 CCE032DCFD77C2F610E6EC3616944F62054504247EF87827D63A4CAF9C3047D5
+contractors.		86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . qkMErrbGkUReEfR3G5onG9Z6ooia04pOjACHMF1BSA/1hBmK8tzzcm5lynrdmRL7xG3upskhSawxwOd0V4creZALxqwynxpM+riC+PNRrdk2qmLL+5sRZal6KbOn8Ml79epTGsgiVWdivc0wvtc9mJ8m5zPHwNm4mmWtNmBZogzE++RrxTQhBraf4Bykb9Zez4f6Fpie05wyoHQxUCWz5o6PE5B1C41fl8k6qSiAR3oNtEReBE3iZnVYifbzIZVd/FWrAgYHLCar3mmgH6jXY34fjGLTzH2g7faBp45czGIcuOQKbpLz1QaqX81bdcaVn0CcQTbUO/ZK4hgbZiz6ww==
+contractors.		86400	IN	NSEC	cooking. NS DS RRSIG NSEC
+contractors.		86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . Y4iFRgF0+gmPNGpIjtXtil9rDu8PdvebH8Mwgl2fXfv0F9bkfvhQ3LGGkFjssYWwogLzpc65RVVHpGjhMjCBFQR1dAlcI9PdJ95Pu9amXX8a2tBYpjgSTLEfOkaLXPiGtEP24GqWj6azGFovf/CtIrUFBAQrA5GM24j4S4BIs1vgx8fdI2qwY9OsZqZz9Oa/vcNYhh32kdaOA/q6UVKQSsgYSjJH8NnocGhix6x13/cCLnGCRNtpw2A195SdCwFU8XJeU1uffHa5BvHQEfR5D9NkSsQ0EsSkyM7qJaAa5kcePXPEYoVxfNxaCu2vpsN/vp25meO9pU7NrniMEX/TNQ==
+v0n0.nic.contractors.	172800	IN	A	65.22.24.56
+v0n0.nic.contractors.	172800	IN	AAAA	2a01:8840:1a:0:0:0:0:56
+v0n1.nic.contractors.	172800	IN	A	65.22.25.56
+v0n1.nic.contractors.	172800	IN	AAAA	2a01:8840:1b:0:0:0:0:56
+v0n2.nic.contractors.	172800	IN	A	65.22.26.56
+v0n2.nic.contractors.	172800	IN	AAAA	2a01:8840:1c:0:0:0:0:56
+v0n3.nic.contractors.	172800	IN	A	161.232.12.56
+v0n3.nic.contractors.	172800	IN	AAAA	2a01:8840:f6:0:0:0:0:56
+v2n0.nic.contractors.	172800	IN	A	65.22.27.56
+v2n0.nic.contractors.	172800	IN	AAAA	2a01:8840:1d:0:0:0:0:56
+v2n1.nic.contractors.	172800	IN	A	161.232.13.56
+v2n1.nic.contractors.	172800	IN	AAAA	2a01:8840:f7:0:0:0:0:56
+cooking.		172800	IN	NS	a.nic.cooking.
+cooking.		172800	IN	NS	b.nic.cooking.
+cooking.		172800	IN	NS	c.nic.cooking.
+cooking.		172800	IN	NS	x.nic.cooking.
+cooking.		172800	IN	NS	y.nic.cooking.
+cooking.		172800	IN	NS	z.nic.cooking.
+cooking.		86400	IN	DS	19084 8 2 1EBFD6587779A23692ABF0AF38F79AB41282E544AB54F04A6C07168523234587
+cooking.		86400	IN	DS	28069 8 2 CE234A5239CC651D9613917E4D5D4795EA8A0C7A63DB0C3AE69BB5FA6CABA352
+cooking.		86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . RKnphI/mffZ/LYloOc9QXopyq0gyn5YCvqn1W+QdbYEKaZ0J4ppKFmQmyD5MyU0DH3GlJaH8sHoG1ZFj/KPz6VqFlAPWcN8MNhVJ4+3UKNGy36tiSeDwshP1IPiGo2T7Qoz0FqDs6o+g7hht5lwX/Os6Q+p6xs7yqOXT42u1FDLMwyXY/TchI0iuMx0DnTxxHcZCB/ZcGZeae2Uu3FigGTohZH96/R42sgl3ngos1x0KWmnMehQUjf1klMomVoMcpdBqnFAQ7yVI2y8w8MeeTzN0pgU8AR7qTvtCFsIwFtUmllUKRjSzjbRiIl2W0iEoGEjF8OcO9nl8u1M/hSykwg==
+cooking.		86400	IN	NSEC	cool. NS DS RRSIG NSEC
+cooking.		86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . fvEpdslCUXIyzxtM7giRfMpKI2bGoczaP/rFlBf3lDlgHtHj0z24buJ7ICLmi/mEJ7Iq6Ytaf9KkpWQOP8+hBcErU1x5vJWtvexwAFqLpV1vM/qM0Tt2iavpyJ0B5q9Gvl8BAyYKdv2EIVCbi8CSikr90bdMSM6MYYH3abzKxStje9YlpgQSuce+QCLeVwr/1OLNa+vITnh+wHYYJMPfePcZDMeG4AElpjw1eoik4lKV4fopQDHgO0Nbmz+fdrXw7xlsTzO/VpxgUzBRqYkfmu8q7Y8ujxc+volGw+sRizkGrreEEwThAdbdPVlMSliGyAB28+J62QMVlIJw/05wTw==
+a.nic.cooking.		172800	IN	A	37.209.192.10
+a.nic.cooking.		172800	IN	AAAA	2001:dcd:1:0:0:0:0:10
+b.nic.cooking.		172800	IN	A	37.209.194.10
+b.nic.cooking.		172800	IN	AAAA	2001:dcd:2:0:0:0:0:10
+c.nic.cooking.		172800	IN	A	37.209.196.10
+c.nic.cooking.		172800	IN	AAAA	2001:dcd:3:0:0:0:0:10
+x.nic.cooking.		172800	IN	A	156.154.172.82
+x.nic.cooking.		172800	IN	AAAA	2610:a1:1074:0:0:0:1:82
+y.nic.cooking.		172800	IN	A	156.154.173.82
+y.nic.cooking.		172800	IN	AAAA	2610:a1:1075:0:0:0:1:82
+z.nic.cooking.		172800	IN	A	156.154.174.82
+z.nic.cooking.		172800	IN	AAAA	2610:a1:1076:0:0:0:1:82
+cool.			172800	IN	NS	v0n0.nic.cool.
+cool.			172800	IN	NS	v0n1.nic.cool.
+cool.			172800	IN	NS	v0n2.nic.cool.
+cool.			172800	IN	NS	v0n3.nic.cool.
+cool.			172800	IN	NS	v2n0.nic.cool.
+cool.			172800	IN	NS	v2n1.nic.cool.
+cool.			86400	IN	DS	62176 8 2 96734F338D4E0324B2D2D4749966FD092409783EC337BAB67574D72BCAB7C19E
+cool.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . Rm76uwXki02k2EB46zU6SOiaceY7t+Yjl71PohAxTiexU8FjxRyXPP2GJ3YzUQSQNmH4XbAQDFNAC7Pg/iN3SzQ4jNYaFF8ZY9ZKljdN6CDqUKBs5vfSQ9XzcrucOn1R3c7LqsLaHdQFfieGYOrxEJM8KRFFh1P7jwt/NZsIM/4PBSb111mByszTa3kFcThIqvEGywQRAXsefG0FqLTXla5Z47RgepB0vXT5Tujn/GZUvbAF79o5XPsYdaWBtjn/huKhN3Tw0pxDxWDeagjgFTUWlYsOFTs7TJgHFT/Um9iOzZ6Qdud2by167JtO0eooeVmkmZVrkZhgf3piKkdvzQ==
+cool.			86400	IN	NSEC	coop. NS DS RRSIG NSEC
+cool.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . nScVUHEBue30QTA+gBhqc+Nvfsps5sDlSTdQl8BLehBRunMYI98233qChkehecf4xSMKQxdAwErdRo6fhFdq2f3Ou+SI9PKQXLC9acUJvo7fNfazUt/cRP4mqZaZXzxHoDZ80p6bVgoVt3M4jXeiyQet7boxBrh3jblW8PLcuPq18Zpg4768WPXTdGy3Hr742wCAarzC1L+dVcT+Huvuc0BgbINe3lNhv0zRevbyV0yAJkE6ejxvBOgaJCFeDXRtDZJ5x39Rpzq3el9FFU0tuS9Z9OaxGz/7VC//FNoJHZyCHRhSVpbsWIl95h9PUxymOee7dBaLo95L7uJx1xjT1w==
+v0n0.nic.cool.		172800	IN	A	65.22.24.38
+v0n0.nic.cool.		172800	IN	AAAA	2a01:8840:1a:0:0:0:0:38
+v0n1.nic.cool.		172800	IN	A	65.22.25.38
+v0n1.nic.cool.		172800	IN	AAAA	2a01:8840:1b:0:0:0:0:38
+v0n2.nic.cool.		172800	IN	A	65.22.26.38
+v0n2.nic.cool.		172800	IN	AAAA	2a01:8840:1c:0:0:0:0:38
+v0n3.nic.cool.		172800	IN	A	161.232.12.38
+v0n3.nic.cool.		172800	IN	AAAA	2a01:8840:f6:0:0:0:0:38
+v2n0.nic.cool.		172800	IN	A	65.22.27.38
+v2n0.nic.cool.		172800	IN	AAAA	2a01:8840:1d:0:0:0:0:38
+v2n1.nic.cool.		172800	IN	A	161.232.13.38
+v2n1.nic.cool.		172800	IN	AAAA	2a01:8840:f7:0:0:0:0:38
+coop.			172800	IN	NS	ns1.uniregistry.net.
+coop.			172800	IN	NS	ns2.uniregistry.info.
+coop.			172800	IN	NS	ns3.uniregistry.net.
+coop.			172800	IN	NS	ns4.uniregistry.info.
+coop.			86400	IN	DS	39183 13 2 FD71E26868BF7F277DFA0800AA6F51E12E00C8B61841B35DAAE12CD86A34606F
+coop.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . 0lMpgVEgcnhkcDBoYi360+fs/j6lOXXfkYcOcYR7CAGqciAydUPsKy9ay8oWwxOVMmGyaPG/N2gvw26MGU0fXXxIprO9z+CWoQLGu/REc15DVh1AMY5GKTCphItp5Eaicvf+NhPZwrNXyWCJ6fsnq40iSnz48oBnMzBmvIWQekAYwZ4EkvvpzSmVGqyK28cFYIjPX46WeWoqL/Uo3ZqYSCz7PHLtDkETJ72kegA3ATNB6Qif9oAi0Y1umjq3rbk6K7pNhOWGHlvLPplA4ZzNrFQAd9mtU+x4O/pt4AI1z1T/hkT43mZ5/rjWNao9W1VmCN9vxDZ7pwEilMff69zKkA==
+coop.			86400	IN	NSEC	corsica. NS DS RRSIG NSEC
+coop.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . RDgEC/6INB2TJe6rxmcHdmvW6vF/E1LYp9QfzIz94AkgZc0QP9bHLIfH6wueB2mxRuFiF/a6Hp6PEQ6GpX/hnuJoJxl74NDr5RZcSLT4+hYL0BfAkfy+oR6Mn6t77Zf1amhasCoZtH1cyoZV6vHgxXLoXMVb+nqdm0VhJ+mOnn+EU4Nh7j11dVcsXkajmbDQF2NMZabNqgRWIYtermAZUIButtXIA4VPAOG2ZZHLK7kwqAqFlY9zfIDgnziFfIeZRFbUzQ56Z5ERjue59+G9gfcGPhUBP1DzWy0JI5KyviZvM342tVKBbMHXN0Gck5Aoiktk3P+hLn/whkFZjFstEA==
+corsica.		172800	IN	NS	d.nic.fr.
+corsica.		172800	IN	NS	f.ext.nic.fr.
+corsica.		172800	IN	NS	g.ext.nic.fr.
+corsica.		86400	IN	DS	16766 13 2 FB25F2D69835BF52CD5389473CD4B0C58D581385EE40B1D1A357135A8CE26997
+corsica.		86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . f9TKOlua1eYyx01q6hR8bdOB807Nfnb5RFVk5YPiS8yUnTDZbvlIjcGqV7feZ91LYFv1BwUtu/LaZnnMv2WAFxPJrORrCQa4Xfw3WkRQCZlobGX+ry/AIyWbKUJW33XoVeCrPV+XrW4wV4B0uMdyS+DJcdOPFX/3faVELU8/sEzC9r0bh8pemi5t1NtBITwFDQ3uewcUT+ZTnjr824uAK/v12vPGpFhorYpbNLSPiH5ysjrU5nHwfk4N5S1RXIlZhzQbjCEc1Bot1sp3H4vutPA0kFGrHeY8CxtG/DHztlIatN3p2f5ynxgMViIzDKcEQrqICqBNZeeWkQJjjnrdtg==
+corsica.		86400	IN	NSEC	country. NS DS RRSIG NSEC
+corsica.		86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . Q6DtXoVGBL7gejnU6yUbjUOwwleGDlLR2kGEkWQuvztmlVb5XDslbODO3lqO02Lwux+q51Cdh5d7gBPZ3Bb2h3faCL+wzu6qBvC2Y9CLBCVppPXkrAwPHJI4D0aI2ECML3lA5THRodZJE8Dcoof5lQMxZKxLVOmSCn5ewmFKVH2c/9L+coS5+6SuUK3zXTHXgWAdoslYouWH0xNasMmrrr3Mh+WT6QQPwL3p1j516zYhbBA5NipERhwvrsvZOM6YqPpSKYKdBISXYmmmMK0IHO5JyC0yHqqMyDXpBnouWwvsrawGaPwqMe0lGNz1LpvXtgRrjdy0jiMcfzuQ7320xw==
+country.		172800	IN	NS	ns1.uniregistry.net.
+country.		172800	IN	NS	ns2.uniregistry.info.
+country.		172800	IN	NS	ns3.uniregistry.net.
+country.		172800	IN	NS	ns4.uniregistry.info.
+country.		86400	IN	DS	28436 13 2 94DD44E372B69204CB1FE63DDD1D7A831642D96D00E9DDA589DDAA02E0922CDD
+country.		86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . dirI8EBUXhGpgj4HiLmMkPXhgnP4nQQAV94u42V7HhF51QG1cimiq6a8blEvvgLm9VuHtNN091vk52Q4hC4kOgkdhm3HsebEUzxNxe4nbC4R5lzoSOsZ0sPa6HdwR7PSIdgMCtDeLV/xsZiggf9X1HfsSbwsJ0X0mwPisPhfHpI0Rt4AmOOcyPSON97RL2RUTg6Ei06X8WOKuHWTMUgKP2vWdaf2/WjM5etqCJAaBxMNzkq5J18niowR2UhpKEYyOKYu6NXJrKIYF91YMA+L8xpMqfFtFKNnLK3EOAIEw/CUt8dlINyM0iY0QR8TA1bWvbAHzG9Q9i62znoSCTg2eA==
+country.		86400	IN	NSEC	coupon. NS DS RRSIG NSEC
+country.		86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . ZEW1onfvcbZPA5IVDhdTAqmwJKOcwlOFL5uLA1k/J5nm81jM3PruALbz6txenMBczFYiEtHHaI8lnVB0sMi3JMk4ir4r8r5ErQ1Ga1wNhYAvMIwPURES+1EwIH+yCBd+15wsP/iFQcJnA5Cwenaw1uODq5N2XVyOlMhlE0o/DqX6zWhLqlkfc/LHV/9uDW8HhzYWPQd0/QEztlek/Ftt8MO8uISGO2RI8VzxxwnQVS9IU98qkOzqfAhf3pfdqFprfhfzRLeOYJoY7JcX3mAz2Z5LmQzIhwBoH8TXhjas/XFi0OFo0sSobEDvyO+vNvX9i/HN3JMBHsxR3v58omI7aQ==
+coupon.			172800	IN	NS	a.nic.coupon.
+coupon.			172800	IN	NS	b.nic.coupon.
+coupon.			172800	IN	NS	c.nic.coupon.
+coupon.			172800	IN	NS	ns1.dns.nic.coupon.
+coupon.			172800	IN	NS	ns2.dns.nic.coupon.
+coupon.			172800	IN	NS	ns3.dns.nic.coupon.
+coupon.			86400	IN	DS	10297 8 2 215A8514706A344478D609F1F92E86C0934BA02AE9B7D965AAC116E68DF1AFEA
+coupon.			86400	IN	DS	24754 8 2 28AC37A1524040F644439B351BB5929F2EE66B8B6D6EA40D499A0DB7455EF0C3
+coupon.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . ppQwGxB8NdwxqbO5KHl+aeZ2puSvhFicPHGooNtjNNl9uVKzer71bupkFNeb+ecsYPHK0l+ZJzcYlZ1aA6VWMY5muJ5GGaSkHxTkliitLDyyXX8EXHS5w5jd4q8du8YhRpgSsqnyF/nz0NFBWNJF0vUvW+2iZYskziq/Z/OMHTvJcqUMfS/wDpO+owUYdyJ99sZn8ZdSRJE3TzoWx78f2OhzCz0A84lMxW7j8o6vWKWpVOqUL4nMOTovgnOnam5npXWVl3m12/PzcK9XsGt7T7Zcms0HLBtlNqMTKsQHs2YRXujXEYKsnna7tZs/AvK4X/Wbqi5Rn4Bb073b0biLcw==
+coupon.			86400	IN	NSEC	coupons. NS DS RRSIG NSEC
+coupon.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . LPR2KpS/fXEt7Bghha4JqlwDflOeLq2AhTM93pVukYcFILJdDD+lfVKQPNjMCLkWpUI00kEWVAPiAPH+s0fX59QR6pjn836sUajVOmDxVdvgF1YK7XX1TAuRghCemh3dHZGgpZicqffeucfbHTRkltaR5q679VVJAUFWJDNIAeeHYoGTplUC5O1CdpTBCts+SU7shYd0MehKLiJJrX4NlYreomjIakb1feZupYffAiyVzIy3QDNvrX++Dofk2WcmlETVeGBAXfvU5FPQexNrA5i934rOO/PhkazsQd6vTqQ376kceZJvQ8unRy4xbTu8rU93HK/nfE0Mk1SG/IOSfg==
+a.nic.coupon.		172800	IN	A	37.209.192.10
+a.nic.coupon.		172800	IN	AAAA	2001:dcd:1:0:0:0:0:10
+b.nic.coupon.		172800	IN	A	37.209.194.10
+b.nic.coupon.		172800	IN	AAAA	2001:dcd:2:0:0:0:0:10
+c.nic.coupon.		172800	IN	A	37.209.196.10
+c.nic.coupon.		172800	IN	AAAA	2001:dcd:3:0:0:0:0:10
+ns1.dns.nic.coupon.	172800	IN	A	156.154.144.217
+ns1.dns.nic.coupon.	172800	IN	AAAA	2610:a1:1071:0:0:0:0:d9
+ns2.dns.nic.coupon.	172800	IN	A	156.154.145.217
+ns2.dns.nic.coupon.	172800	IN	AAAA	2610:a1:1072:0:0:0:0:d9
+ns3.dns.nic.coupon.	172800	IN	A	156.154.159.217
+ns3.dns.nic.coupon.	172800	IN	AAAA	2610:a1:1073:0:0:0:0:d9
+coupons.		172800	IN	NS	v0n0.nic.coupons.
+coupons.		172800	IN	NS	v0n1.nic.coupons.
+coupons.		172800	IN	NS	v0n2.nic.coupons.
+coupons.		172800	IN	NS	v0n3.nic.coupons.
+coupons.		172800	IN	NS	v2n0.nic.coupons.
+coupons.		172800	IN	NS	v2n1.nic.coupons.
+coupons.		86400	IN	DS	35041 8 2 81D5A5BC4DE79409836063937978ADDACE94166D41A4D005B328C8DCB9D0F936
+coupons.		86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . Ii1uDgJSmVEhkplQaD11byF4dFLtS9v2W8L2fiFmo6ZkNfRBVrTljKVq6ScTfk+xEOH2U/7p2OxMNQMTK2k6yh87hfvQgmw1WWpZNKqR9NI+0H5PT3u9J72VUF7NzXQz11wwOcxLoyUNEZUgOOk47sqBsTLlM4spHqKPP7vW32fCSqbAT2ebZJiMmuFZCpqHW7gQhxDJ2/cnuGXCGyHC+4Ykor3jLs+TE6tE/j7L2YpzN/SJikqofkkw1KSz3jm35S5RJcZXFTyNDWuARWwaWYrv3jhw5GKSj/ZRsQvCEbPLUxvaN7cA8Kw4ouFIIXkj3akzlQSIcftJjOaRuBnCvg==
+coupons.		86400	IN	NSEC	courses. NS DS RRSIG NSEC
+coupons.		86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . lkDp38dpvcUVf8JP23U6sf5xkfrY3Tazs+wpKjWUrc/cgcAv8PhDETmaWjIxdz7voZcJHM23ShaAqDuHwh3Mm+Pld+jw5P6YlCjiIG4mt0zTTaEs3kMILw8vOXNwla2y0DL6JVUpKRUkeR7Hl6kpTZvLvN6X6DgEO5kR90bJJt+tLay1iNq0wZ1DKLte74h6mFr/uCqhv98+WhmtMYGByYuk30N/hIiwreJeA5SHgMvIp1Jtcb1hhFjp1nt4wfNaHo7Azf25Ra2EzzgG11R702/6ULXg4k1kqq+qJ2OT8//Af32yn0aVI4pKM2pXIW0Vsrwofjk5VSIL8pLObHi3hQ==
+v0n0.nic.coupons.	172800	IN	A	65.22.24.29
+v0n0.nic.coupons.	172800	IN	AAAA	2a01:8840:1a:0:0:0:0:29
+v0n1.nic.coupons.	172800	IN	A	65.22.25.29
+v0n1.nic.coupons.	172800	IN	AAAA	2a01:8840:1b:0:0:0:0:29
+v0n2.nic.coupons.	172800	IN	A	65.22.26.29
+v0n2.nic.coupons.	172800	IN	AAAA	2a01:8840:1c:0:0:0:0:29
+v0n3.nic.coupons.	172800	IN	A	161.232.12.29
+v0n3.nic.coupons.	172800	IN	AAAA	2a01:8840:f6:0:0:0:0:29
+v2n0.nic.coupons.	172800	IN	A	65.22.27.29
+v2n0.nic.coupons.	172800	IN	AAAA	2a01:8840:1d:0:0:0:0:29
+v2n1.nic.coupons.	172800	IN	A	161.232.13.29
+v2n1.nic.coupons.	172800	IN	AAAA	2a01:8840:f7:0:0:0:0:29
+courses.		172800	IN	NS	a.nic.courses.
+courses.		172800	IN	NS	b.nic.courses.
+courses.		172800	IN	NS	c.nic.courses.
+courses.		172800	IN	NS	x.nic.courses.
+courses.		172800	IN	NS	y.nic.courses.
+courses.		172800	IN	NS	z.nic.courses.
+courses.		86400	IN	DS	15277 8 2 0F2AC6152763313A36B063646929B4B8B35B5E4C0EAF12D54EC3982A78157D2D
+courses.		86400	IN	DS	34960 8 2 DC3B228B7E6F2EEA82FAD1ADEB93171D4D3CA3892A3E0E94035CD89D258DF087
+courses.		86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . eMFC+YQQoiyUAoWMcToG2Y2j9xLgvnXgdTgd1ttOVR+oelAFJ/XUa+lBZdVL8Mdaf6mm14JgGJ6T5Qn/F/QBUrJBlV3sANgM3AKAoMO+0H796Vvqfa7XVojh9Lvtq9YCjYc96Dz3tpst7i1CLf3mt7Gh+CZwYHIaXt2AVmEOs0rIPTRWlPegrsKCSEjsAPFkU1EI1G12CiJxEQt/qEanf/hgbX2Fj7m/U2mMUgAyTDynk5AURoAlmwRTbQnic2QAKhiDTmg3+V+A+vPwpBw1KmSygyeLCs3GTV+azcK3iDlsQ7Le9l3YNUI4fUB1IRc6ymSFHGwcspK9Hk/4Xl4eAg==
+courses.		86400	IN	NSEC	cpa. NS DS RRSIG NSEC
+courses.		86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . Ce6kbFT4WQe/vGqKdag7E6fmPDlgpNBlwKIll9DhKNx6MG/X7u+PsPuO+92T0rqe3/JvOCPeNTWpX0BOhspCkmJQ2PyIVS82RA8KzRZpdSpOvHjhna8ZMKVgAhMNfxpVgrZonb6A7RNNBeHjSkavIb0Bg0B1fDKAbLGpmcAsgPhy+knpSNq7Gxolb7VZjJFrEdBGPXZcd3r7LN3DVud25J3elARisOJH45zzpVEYtYKpcSLcGfVbQz/qp0erRL9ub4c+nNfH4Elxnspkzn95Av8IqLEjeEjhPboSGZ3vbUHWQXNVwilaCteldAKdQI6WAV2lOg8589LFRgItIDRocg==
+a.nic.courses.		172800	IN	A	37.209.192.9
+a.nic.courses.		172800	IN	AAAA	2001:dcd:1:0:0:0:0:9
+b.nic.courses.		172800	IN	A	37.209.194.9
+b.nic.courses.		172800	IN	AAAA	2001:dcd:2:0:0:0:0:9
+c.nic.courses.		172800	IN	A	37.209.196.9
+c.nic.courses.		172800	IN	AAAA	2001:dcd:3:0:0:0:0:9
+x.nic.courses.		172800	IN	A	156.154.172.82
+x.nic.courses.		172800	IN	AAAA	2610:a1:1074:0:0:0:1:82
+y.nic.courses.		172800	IN	A	156.154.173.82
+y.nic.courses.		172800	IN	AAAA	2610:a1:1075:0:0:0:1:82
+z.nic.courses.		172800	IN	A	156.154.174.82
+z.nic.courses.		172800	IN	AAAA	2610:a1:1076:0:0:0:1:82
+cpa.			172800	IN	NS	a.nic.cpa.
+cpa.			172800	IN	NS	b.nic.cpa.
+cpa.			172800	IN	NS	c.nic.cpa.
+cpa.			172800	IN	NS	x.nic.cpa.
+cpa.			172800	IN	NS	y.nic.cpa.
+cpa.			172800	IN	NS	z.nic.cpa.
+cpa.			86400	IN	DS	6397 8 2 DDF80B47684502EB3921D4FE2B9307CD49F14BD1A896BF694CAE0ED767666CBC
+cpa.			86400	IN	DS	25351 8 2 A5062C23EF5598A091792978FD4F5BA6729A9A30BFCF880FC1CC7D0708A3313D
+cpa.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . wJkaIiHeeqKn5xHCc51nfDa89cA/pUNQr8ubizE1bVXut22AXeohyDW7j338idggpfm1VsswfdRZjl5rzCDyTiHYNWwCKsITAv8Ug6Y7cur8hquWVIZYgguqYCz3pux7SoKsRkMKIae/EqMB7lr5F8wAxOchtOBtcwa5Jd4faAF638B5WuvnwtWS5C74i2LuWfuotYl3r02PH0kKfbxkQ5n2aAAKrmvJ02LOWsCXeX/1877oFCRAZpBwhWuOYxmcdgbkEnhksXPuBzx/Oj3d+iWFljsxw7ck0v6majNJ7uPnlGvgDaPHVdPqG5C8+k5O9kJ6bBVYmg/e7Qg6sHB2uw==
+cpa.			86400	IN	NSEC	cr. NS DS RRSIG NSEC
+cpa.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . Ys3ymWaxQWUwUNYwBdRgYCT3e0kp6JCWA1GtiPkqdmKfoPjhb3S9Jdy8GCDMJyB6IHTVU4Vb2xc7+KV7gwPCidxfBMruT/bwRUZRTAT5aoaD7Uwh0Hi8KaupFspUPmmfjna0qihZxcRHBZ7v+Yzpr7K3OH/UQPL8nRXBt1/SDn0ob08EfnoIvfRBwbiBL83TZP/ue21t4Pl5I6k0BPy8wrb7xh5I43Gg5JDtLLpcnYktqkmGS+W/peabNEav4ortbpLLWW+hmOIqMu9FGP09A+HjnKacu8y0fv+4nfvFic9nKeKrG9GAkpIkaRtpFxgZwprzndZnchACD2k0/FSdWw==
+a.nic.cpa.		172800	IN	A	37.209.192.9
+a.nic.cpa.		172800	IN	AAAA	2001:dcd:1:0:0:0:0:9
+b.nic.cpa.		172800	IN	A	37.209.194.9
+b.nic.cpa.		172800	IN	AAAA	2001:dcd:2:0:0:0:0:9
+c.nic.cpa.		172800	IN	A	37.209.196.9
+c.nic.cpa.		172800	IN	AAAA	2001:dcd:3:0:0:0:0:9
+x.nic.cpa.		172800	IN	A	156.154.172.82
+x.nic.cpa.		172800	IN	AAAA	2610:a1:1074:0:0:0:1:82
+y.nic.cpa.		172800	IN	A	156.154.173.82
+y.nic.cpa.		172800	IN	AAAA	2610:a1:1075:0:0:0:1:82
+z.nic.cpa.		172800	IN	A	156.154.174.82
+z.nic.cpa.		172800	IN	AAAA	2610:a1:1076:0:0:0:1:82
+cr.			172800	IN	NS	a.lactld.org.
+cr.			172800	IN	NS	p.nic.cr.
+cr.			172800	IN	NS	de.nic.cr.
+cr.			172800	IN	NS	ca1.nic.cr.
+cr.			172800	IN	NS	ca2.nic.cr.
+cr.			172800	IN	NS	dns.nic.cr.
+cr.			86400	IN	DS	10517 13 2 268FB03099E07547620F19A62F101DAEA146DCEE6FAAA18263E0B3DA4E997D6C
+cr.			86400	IN	DS	10517 13 4 11D20D7C408A1F289F6ECE30F241CA4BEB6ABE9D6376E8C6BE2FEE6400038989EE5C447340A5F2E7676454BBBEABFC95
+cr.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . tPHo6RrQ/efleJ5ptoIeqLcl+TULYLdyE9uF772fhwNK3Da5yXGPiNaXSt7JGJBx9BJf6WdsAuP+mjdfKy+Il3qVEak07rXbBgFxzxA8yRZ2DoU0ljj1SJUi9izixD7q7CQG06kY4v9VTjyo/zKas/B+r+SMtHMpcgNcO7BC0jJyzclSoE3V0oPK/1eirozLt49zOUShA3dQyGuf/8Lyylezz4b4PfkHha1Z7ax/Nu1oA/Op51C1035kbbm5i7RdeDEhmCfS/W7tH+Gib+Vg/Xo3+1Rv+PCwVkVJKSuhsyVw1GWSxsgQI7wKC+ShffkDCLQMoHURKUsmGG2fUDVXKg==
+cr.			86400	IN	NSEC	credit. NS DS RRSIG NSEC
+cr.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . oPAxO1H/hAnxOvUddWeh5JvlEjWUzOqBrJ2nDuIHwinHmorZN2Uy6RhnhVzLXiGVgbQxH7s4bI36TGQLB23zab02zxunMRPVFrVAi7noYkC12BAD7tTVlRp5BWMnMHOw+9O9Qf2SBcx3llyUl47OyIkaqOdTSQRtp7ReGeGuyjtuFD7Fk9rI9ivfn+4G1n3kqy9HGY2jroSF0pta+j3CadVm0UCGflVPBhIKdVpx/nUaSfoapkisjcjb9TIsZw+0V/MMY9qczGLbUtmvCQNThVK5cqxKhPBg2nQzx5Jm5cA6UVuVLLfse7LybKvnHX9hfkw+LSv1M/lsoxj0R0AEMw==
+ca1.nic.cr.		172800	IN	A	185.159.197.100
+ca1.nic.cr.		172800	IN	AAAA	2620:10a:80aa:0:0:0:0:100
+ca2.nic.cr.		172800	IN	A	185.159.198.100
+ca2.nic.cr.		172800	IN	AAAA	2620:10a:80ab:0:0:0:0:100
+de.nic.cr.		172800	IN	A	194.0.11.107
+de.nic.cr.		172800	IN	AAAA	2001:678:e:107:0:0:0:53
+dns.nic.cr.		172800	IN	A	200.107.82.100
+dns.nic.cr.		172800	IN	AAAA	2001:13c7:7004:1:0:0:0:d100
+dns-ext.nic.cr.		172800	IN	A	200.107.82.219
+dns-ext.nic.cr.		172800	IN	AAAA	2001:13c7:7004:110:0:0:0:219
+p.nic.cr.		172800	IN	A	204.61.216.89
+p.nic.cr.		172800	IN	AAAA	2001:500:14:6089:ad:0:0:1
+credit.			172800	IN	NS	v0n0.nic.credit.
+credit.			172800	IN	NS	v0n1.nic.credit.
+credit.			172800	IN	NS	v0n2.nic.credit.
+credit.			172800	IN	NS	v0n3.nic.credit.
+credit.			172800	IN	NS	v2n0.nic.credit.
+credit.			172800	IN	NS	v2n1.nic.credit.
+credit.			86400	IN	DS	49534 8 2 DC1DB287046FCA135C071640A2DA5B5A357AAA6AE900BB324035BAEBBD461A90
+credit.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . xL7JrwszekEUednQcqq2ZV9HrmVAUSX4WuLdqY4YWYVsPG/CIX049M6yZ57Hv0x6DeuTIpWrvFNxw0KHFvfPEv+s20h6777mxxLyUNHUaL2xF8InG4bQ/Izx0yE8/03eFJYSf5S5+s0RpK0/qEZA9xID7oN9obTC+J1rh6iChs82BkUog71d5b5+BkYFv82EiNSyqvyHikzXjC79csLguJv358zIHrX+JOweq+wIb0C1LrwWA08/moddnXyAK/HFJeXhsYgskNKMNYuivlvcq9LYRtrBciq5codj22bWv5lKgdB0/sbYW9abqbLBTDxv5zj4BYgs7LS6HTH/7c5LhA==
+credit.			86400	IN	NSEC	creditcard. NS DS RRSIG NSEC
+credit.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . V30I/mdhu67dg7QL34y3muN5aOcnMtX/9US/912cNyZXWF/LPP7neoBx1aj5jMRqDh/T2Q2dUFvqFcfMBjISbWQwgiTKFCwqPusc6Y6EZWSke/He08KuzT+A3b4+h297AFyWnKJWzMJ464o83robuyNUS94ALXhRKeP7TkxQ3OolNlHZZzJJ41g55uqouRm2L3S5w7B6hU9eSFasZ9tQVLhTbINua0mI/kw05UrtEmatVwfrazY/QssAo9Wex46wIV9Hw60rveHTGpLbOxOdlM9uSfNh38M7v7CL/xgmSDgjh8Nm4UIYEEiccttSqKeQV2ID7EYMyIYpilh+BxCrTQ==
+v0n0.nic.credit.	172800	IN	A	65.22.32.54
+v0n0.nic.credit.	172800	IN	AAAA	2a01:8840:22:0:0:0:0:54
+v0n1.nic.credit.	172800	IN	A	65.22.33.54
+v0n1.nic.credit.	172800	IN	AAAA	2a01:8840:23:0:0:0:0:54
+v0n2.nic.credit.	172800	IN	A	65.22.34.54
+v0n2.nic.credit.	172800	IN	AAAA	2a01:8840:24:0:0:0:0:54
+v0n3.nic.credit.	172800	IN	A	161.232.16.54
+v0n3.nic.credit.	172800	IN	AAAA	2a01:8840:fa:0:0:0:0:54
+v2n0.nic.credit.	172800	IN	A	65.22.35.54
+v2n0.nic.credit.	172800	IN	AAAA	2a01:8840:25:0:0:0:0:54
+v2n1.nic.credit.	172800	IN	A	161.232.17.54
+v2n1.nic.credit.	172800	IN	AAAA	2a01:8840:fb:0:0:0:0:54
+creditcard.		172800	IN	NS	v0n0.nic.creditcard.
+creditcard.		172800	IN	NS	v0n1.nic.creditcard.
+creditcard.		172800	IN	NS	v0n2.nic.creditcard.
+creditcard.		172800	IN	NS	v0n3.nic.creditcard.
+creditcard.		172800	IN	NS	v2n0.nic.creditcard.
+creditcard.		172800	IN	NS	v2n1.nic.creditcard.
+creditcard.		86400	IN	DS	53764 8 2 E405DD422F4A0B2554A51B063D92E9709A2BF309DC2D5BEC2C914065636D3FE4
+creditcard.		86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . EbSY+RGsj/KSECoMTY0Xl6IfRGbdrLF7YxblivOxpdm4dHEnPrsYMGRmRc5DnRXOOeFFWp/Fmbyl+0i1vCDJNq5s+MljkeRTVJtpDL5UTCGVowbcEsAKZGKvIJtarfLgy756tbSYKrLt4c7Qdmburp1LETkBrElPiYZp5gUM+m9J2xkktA3LfyTWceKLa6qSQ9ng+lyOQ/PXbXrAlAPxZ4eVnEE0RdA0wkcZbthZfY37LYo4ipdky2EmZfNCrqTtiOpmaKx2QeauqYq/uVqhBvhJvUoXDrK8VvN5KfzY11W+Sd8KAKwIPGEzKcwnESCoVNNRfuVb3z3zcr3jvDjgEw==
+creditcard.		86400	IN	NSEC	creditunion. NS DS RRSIG NSEC
+creditcard.		86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . WUHMhGaotJ30qJyhk334ThKDqknJpdBNEKSqBrTcL52+HOrCYDvX9/6qu4T5j88q4Lg0/FeY57kCCSMdpRiJH58opBafrz4rJBe/mXDjhFcRWrBLWhcA4CXv/kk2qi/R+YUDvP09CYCSHGSkoDoF1qqnhpSX1YYL4s5luye1680kMzLPSW32j2+A3OKXTPOLyQmwi8v8cOdFMEexUdtfYdAzGgaqLd9eZbKPPHUosYIx49mN1Xcor0V2yh9KTEqwVN1EhAnW1pw6lZh0xXh5nPbC7+lVuLNhm1UhugUFx+jJ9BvIXtKq6PRmndCxGiJCY+0a2BGaVTk3dySfGwCEEw==
+v0n0.nic.creditcard.	172800	IN	A	65.22.20.65
+v0n0.nic.creditcard.	172800	IN	AAAA	2a01:8840:16:0:0:0:0:65
+v0n1.nic.creditcard.	172800	IN	A	65.22.21.65
+v0n1.nic.creditcard.	172800	IN	AAAA	2a01:8840:17:0:0:0:0:65
+v0n2.nic.creditcard.	172800	IN	A	65.22.22.65
+v0n2.nic.creditcard.	172800	IN	AAAA	2a01:8840:18:0:0:0:0:65
+v0n3.nic.creditcard.	172800	IN	A	161.232.10.65
+v0n3.nic.creditcard.	172800	IN	AAAA	2a01:8840:f4:0:0:0:0:65
+v2n0.nic.creditcard.	172800	IN	A	65.22.23.65
+v2n0.nic.creditcard.	172800	IN	AAAA	2a01:8840:19:0:0:0:0:65
+v2n1.nic.creditcard.	172800	IN	A	161.232.11.65
+v2n1.nic.creditcard.	172800	IN	AAAA	2a01:8840:f5:0:0:0:0:65
+creditunion.		172800	IN	NS	ns1.uniregistry.net.
+creditunion.		172800	IN	NS	ns2.uniregistry.info.
+creditunion.		172800	IN	NS	ns5.uniregistry.net.
+creditunion.		172800	IN	NS	ns6.uniregistry.info.
+creditunion.		86400	IN	DS	11419 13 2 2393DDF8501D382CB4A700C85ABCC974A95AAD110898B8BECC4BDBA60B5E50F1
+creditunion.		86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . GaoeAIpEfAXFSFKKcD2pHdvqyPXpkCD2AxeBui3Xtn8Iw+iRvkdLL1pqBVmDr8lNvlO3uOgjxDxJQqTgqGcZpR1ENq7JHG86iR2J02uLbLYe9dn2DEmELheF4uwO06Xk+fYayp///qp/q5nglUEhtzgct+OT8c/vvXn6ZdMFnui4sKzw2zykBvY389o9pJxA6idbMiP/6NDEYHMgEFsRTUA7TnN16TZzWNfFPtydhU1knnHJpLeWzJJzNDwsBDQhuHyhPUpynkFZf3RG0pywncZ9wucyoudl70Qho7bCuy70KGo39mg/xtyWNxxUWcAbgWgSYCsrVXkZxU0KaHPEQg==
+creditunion.		86400	IN	NSEC	cricket. NS DS RRSIG NSEC
+creditunion.		86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . BPP/p86tje4LbDSwYI2weIC1yltTlmFXjhBDcxRok+V1xEzg6mWU95Fao6I1PU24Fx7SyXY8Ulj7380+LWsp8MLc02e6lrJl/HFWQTMDfCe1/VpPfe0LqE/jefkkJHqXakHRUUDuFjrkBCj90cn4s2l0KYBC1nBLoJKUcPhhITwiPwfopcSNFmlLN2MQHcvJccwAgpGTJdiuo9iE5uWo+ELVNcpk0udvV8gYuDsXIktkHfL6llCAdbNdU4Xanb+44iCvDgJZuUME7HHxSm7pwhKqVoT6OpLlUp6UUx1Ggv5MYv+FpU3mlwntMlCJAdaPNAo6a/eeyqUinEtX5OnCEA==
+cricket.		172800	IN	NS	a.nic.cricket.
+cricket.		172800	IN	NS	b.nic.cricket.
+cricket.		172800	IN	NS	c.nic.cricket.
+cricket.		172800	IN	NS	ns1.dns.nic.cricket.
+cricket.		172800	IN	NS	ns2.dns.nic.cricket.
+cricket.		172800	IN	NS	ns3.dns.nic.cricket.
+cricket.		86400	IN	DS	31300 8 2 F17F7981F1F544769763F21F8C1222D7CBE9393B89A84EA84D4ABF9A72950751
+cricket.		86400	IN	DS	41779 8 2 300973057D1EEAEAA9A7A558359564F48E7654B88CD3C81D23E48F700701AFCE
+cricket.		86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . JIq/E5Hdd2WAoU8XS9aWke3qNgQA9YTyUQwl9IpY9UzBzsMWmQAnHRHG5+strusG8ihtcXfrg8FsKSoK8V2KgCICvgsGGhNMcOWDPlEPoIfWPlbhajEmui/cr1FW3uJtACxlVzE20bIb1FwDytyntHfd81Ge2Xixnykenc09TIdR9TI0SqUThNMsq4Mvo00tLyzq+vkM58qEzVb0UwOOjXQx2cPktJX77A7xOidvhB9w8lBUIM0jp6Wteu7djDbm/kQUNkn5c1nQQ2k8tzM9vN9XL7+dgHFs/lEJQEVaWhD/qMaRBNOWkzsfPg7ApdOPGrfLfFSqM1/a5271Q4mf6g==
+cricket.		86400	IN	NSEC	crown. NS DS RRSIG NSEC
+cricket.		86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . oKTQm9M7APvtRzIyDNcXQX1pH3si+L4syD/4uphHSa3FCzI2ps70Q//GeTIdA2IZqoX9sXLJcSc3LQEMFRLzkJ4zUhrspJd451PVi5RScUnToK+EyGYfF81FwxwrDsTUJsl6K2E+0rubBOBYLQdpj4T4ZVnyosODhA5oHdJMtT3Wj+8Cf9c8faOU1ba8Pi/Bwpk9pM3s+UXDpKYh7jPhnmnP8kpdMXNrHARoBUvxiNQ2Ildrg3miBod08d+ARZ53OTSQNmpYIvJbT4nTcaZ2PN0zvIXdFkoyzRAlfufQOUM/M173J3FNsBcOMvGscHZDXguizagdcMKnzFD0b/6ECw==
+a.nic.cricket.		172800	IN	A	37.209.192.10
+a.nic.cricket.		172800	IN	AAAA	2001:dcd:1:0:0:0:0:10
+b.nic.cricket.		172800	IN	A	37.209.194.10
+b.nic.cricket.		172800	IN	AAAA	2001:dcd:2:0:0:0:0:10
+c.nic.cricket.		172800	IN	A	37.209.196.10
+c.nic.cricket.		172800	IN	AAAA	2001:dcd:3:0:0:0:0:10
+ns1.dns.nic.cricket.	172800	IN	A	156.154.144.220
+ns1.dns.nic.cricket.	172800	IN	AAAA	2610:a1:1071:0:0:0:0:dc
+ns2.dns.nic.cricket.	172800	IN	A	156.154.145.220
+ns2.dns.nic.cricket.	172800	IN	AAAA	2610:a1:1072:0:0:0:0:dc
+ns3.dns.nic.cricket.	172800	IN	A	156.154.159.220
+ns3.dns.nic.cricket.	172800	IN	AAAA	2610:a1:1073:0:0:0:0:dc
+crown.			172800	IN	NS	a.ns.nic.crown.
+crown.			172800	IN	NS	b.ns.nic.crown.
+crown.			86400	IN	DS	41194 8 2 F7C822B56B709256E744781B677C0B32DA1E218EAC286A2543B064A19A40F3D5
+crown.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . ZZlMEEookDje4epUZs/MmFrUoOY2/8xsZky1VxZqatxaddUlKP2f9/R4NhIDVbDtRzNxik4Q1XWHuUx++L3T160mlY51xq+Oz7w8pqdM6aysPSJ33UK5cIic+zlFWFNgTCXLtPLAvk25UWjM1T/o0XGYizvioG94SE258d2TEekbRbFQTKqB5+55Ym8pXqhb00WWqQPjAXbFXoEKZryC+ITUQTmSDrUKT0Ko9cWjJ5AmLif+66tuRIT7TsOgCt1Vi38NwJpX8H1PG4kWfPladyy/I+Zn3DpwkdqrZbQ4a7WLzZ/mfUb1CTKC8oRkiUHy9wTjAMqkDJfSgYSFotqmng==
+crown.			86400	IN	NSEC	crs. NS DS RRSIG NSEC
+crown.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . m3EWQm9PoS8kqscneiIYciui4e8uV/Dp3reeDQ3ktfqbNnEY+Mlirdr83a0E71iPIHORW7yvVFs5hcBe7gCzJq8dr+BbW3UpxNKHRo4ad2G9VbRHvz9UtQuHErBM15xSyvG2coo5OwWJH1ZrcXqU3gyDWNJ6yKotVOmw5V6xyU3I6BeY0STp6BwAHoGdgmm9PW1mi/sz2rFLVn6G08KtHk0ZwDGzoxKgmHJJCe/Mr5Xba/Jyhb+DTbknAVYKSY6F6GmWhJU7CCoDuZa+DD4tT0MW5PmpqmDk9THa0zNYb4KCVpLHmIZSfX2mKIVAq3sqKYz38p71wTbAubTg5CNaUQ==
+a.ns.nic.crown.		172800	IN	A	185.159.197.5
+a.ns.nic.crown.		172800	IN	AAAA	2620:10a:80aa:0:0:0:0:5
+b.ns.nic.crown.		172800	IN	A	185.159.198.5
+b.ns.nic.crown.		172800	IN	AAAA	2620:10a:80ab:0:0:0:0:5
+crs.			172800	IN	NS	a0.nic.crs.
+crs.			172800	IN	NS	a2.nic.crs.
+crs.			172800	IN	NS	b0.nic.crs.
+crs.			172800	IN	NS	c0.nic.crs.
+crs.			86400	IN	DS	63622 8 2 D1647F1F8B7A8508B81F1D822C27581B628F7351EE8D99B8DC32A2BD802E0C37
+crs.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . qdEokfrDxrxsoShF2nVu9mYYMyjAxw8DbFnpsKHVHHaUmdomobOd3pwAUQj8+45lRvGy8LdFENTsZ48tHuCOsiw00iR9RN3rjsWTlHugL+rtfMBR+KGj/Q9xThP4Yv4ysQc5pvuYs9gtqIUVFYb2QIFgWcuR1GqFIXMzHij60HdOcH2gTrswTgXqTkxxpk9iQTvTK0QOyuTpvfqicbKj/5pqEOQNcrEG+yeHYQaXGT2bJKIMrs9ngffiSi4lQU+iMU16VbpPrDHtMuUpn1ggyLVqH7B0ISmw3fzlxBwhorH8MxgeG8ayZ6lpoTaFiEUgKZfMS9j+MlLzeB3h/8HXiA==
+crs.			86400	IN	NSEC	cruise. NS DS RRSIG NSEC
+crs.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . NS3r4zLl+8Y26dhRSVKa3SK2/GXEC/R3533FqgExam6bdtRwM/IvYRS/yh8jrMI93VfQ9buotr4/UiGpkZQR2SL0MLHdThdfh9KlKQRpcSF1MX7apEE02vEq14guuvsf4O9q9S4W7JlQLcGdTxD3vz7A2BmNNxtN4/Rr4UC08qCJJm8ezxOic3DoALYsbvGC8kGT9epJKlsOLvktClCEfUyPgDukv5cxnr5+3LU6iI7au7lvNFf0ewaWWDDQp2zqEUJ7xQhU574AtMBvP3ug5fMwyL3al8GEHVKLLN+XOQDbGxBFfz/r4I9iphC5IAv8IaDczKBIQFOfmUwWInnYnQ==
+a0.nic.crs.		172800	IN	A	65.22.112.25
+a0.nic.crs.		172800	IN	AAAA	2a01:8840:6e:0:0:0:0:25
+a2.nic.crs.		172800	IN	A	65.22.115.25
+a2.nic.crs.		172800	IN	AAAA	2a01:8840:71:0:0:0:0:25
+b0.nic.crs.		172800	IN	A	65.22.113.25
+b0.nic.crs.		172800	IN	AAAA	2a01:8840:6f:0:0:0:0:25
+c0.nic.crs.		172800	IN	A	65.22.114.25
+c0.nic.crs.		172800	IN	AAAA	2a01:8840:70:0:0:0:0:25
+cruise.			172800	IN	NS	a0.nic.cruise.
+cruise.			172800	IN	NS	a2.nic.cruise.
+cruise.			172800	IN	NS	b0.nic.cruise.
+cruise.			172800	IN	NS	c0.nic.cruise.
+cruise.			86400	IN	DS	33220 8 2 254D748F9E700BD632010EEFFE96CC5A1DFEF5B4A85A18A1AB4962EA81F9937F
+cruise.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . qZV9KkLhJmLid4z0bZurO03E5eaFK9uwKrX+z231XfPiAKmJwprDhsKOuPAwfTO1vrUETligguR3t1OQO+JOFn6wnqkEWjM5zITN5Z0bhSz1zHif7C/n+1WOwnLGOnzBCCMXHzhiF7akqHwOQ4x7UpW4SpTrLFXfgBAYPnJC/5GCjKggeRMmVZ3KrILsu/zZ79VS8U/e0JZhtOGEUg80CEvdYHhEM5lispEY7mU2xKwybNJa6CUMMsRDUxR4cqI0thIK6ejEbqCotMQmKghWeri/GdZTumg+7PozJwJMhdJ7oW9yy7hGFDrNY4zb7Gyn1G2nzx8xbUlsGG/qjG/55A==
+cruise.			86400	IN	NSEC	cruises. NS DS RRSIG NSEC
+cruise.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . JSkrPETnRE8dT1OaTbcfTzEjS93vtzT+YAia2uFW5q8Pk7OSha+mUuJmOUaPJYRJpFs0EyPwJRjqlEjL6+AjUYlKfI58Bp77BoTKR/NW9YQDGOcVVIu1JwqKdkqYVlxeMYxsnv2ccdqZ615etlX0TqQF9F14RylNcDsLU/x/f/Gm4OjE8yXxlxKXCxQWPBniwhFdePOqD9rb0x8ihEk7x6W5PVEUY1lUqUI2X4NUMGy2a6vSKh7F4Uz6+1OSFp1FLxUQmATfCtIFa/x+N3GAj8DBPhxaOCUlQ67Ax0XoUAK8qw1vo05CmvW7UBPItmE9QPs6TIEz9DZOaM3cx0ernA==
+a0.nic.cruise.		172800	IN	A	65.22.192.25
+a0.nic.cruise.		172800	IN	AAAA	2a01:8840:ba:0:0:0:0:25
+a2.nic.cruise.		172800	IN	A	65.22.195.25
+a2.nic.cruise.		172800	IN	AAAA	2a01:8840:bd:0:0:0:0:25
+b0.nic.cruise.		172800	IN	A	65.22.193.25
+b0.nic.cruise.		172800	IN	AAAA	2a01:8840:bb:0:0:0:0:25
+c0.nic.cruise.		172800	IN	A	65.22.194.25
+c0.nic.cruise.		172800	IN	AAAA	2a01:8840:bc:0:0:0:0:25
+cruises.		172800	IN	NS	v0n0.nic.cruises.
+cruises.		172800	IN	NS	v0n1.nic.cruises.
+cruises.		172800	IN	NS	v0n2.nic.cruises.
+cruises.		172800	IN	NS	v0n3.nic.cruises.
+cruises.		172800	IN	NS	v2n0.nic.cruises.
+cruises.		172800	IN	NS	v2n1.nic.cruises.
+cruises.		86400	IN	DS	33562 8 2 1DDFE341F6A4826600129A02D4586888063E21C358E093D8AB4C4B5933D73E01
+cruises.		86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . afBLUrL/a+g+mjhrioGpDrRfDb51f/WR+gADwOQOmewxw6lAN/WJKcTNHD6oIM7Cj/yIhONpIwWnR2VV4vy8ssq1sslCCq7BjpL23j/5TthlZK0eglRpGXm+2pvAq6nCtV1yAX4fjIeBXj0YRjSaCR1QE9r3M1v8VLqzldigw87CA4Q155cElIHVqyCC4iq3LT16TqCKkEltQKXbUxDV7QpLVPR554biAodwlCGudmlaRwcbHbyyNAgiY5WYBa86t0hnViit1Nb3n0mhiQTHia0rNah0W1BR8dYS42mdmBdTE9UQEFzlOSkEZCNuwsGpH85YCjoL08/XJuhSKXwFKQ==
+cruises.		86400	IN	NSEC	cu. NS DS RRSIG NSEC
+cruises.		86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . wDMHOCRdQ68PH0YeDcPoycPrdErsOxVLViZnx/GSZX9K29BJG1Nc4XqvcusrhAysPyrNAEs1yW3oRc7kkX/gcWpy/vDaoXm/Nj64OhVK4oio3U9tBWqzK8i6BEeX2pnCfDgpS3bqkomuTB+yvCdE8HDVwmgqxJE/pSqcNuSMYJ9H3+CuDVEA2KghmFx7EUk+eScc+dCjoHOhfS01CHMjlq0LTSdGgQpZseNlN0JeqpiMj0M5PrYHrZTpD4Fh5MT8BV70xlAJMLVEs+frZtFZXTFU/lIIUdLO8ZcxMaiiEMYKElzUGIKIqyG4JqRKWVGCfR7MN/eiMhQ1wxWMJP1iuA==
+v0n0.nic.cruises.	172800	IN	A	65.22.24.30
+v0n0.nic.cruises.	172800	IN	AAAA	2a01:8840:1a:0:0:0:0:30
+v0n1.nic.cruises.	172800	IN	A	65.22.25.30
+v0n1.nic.cruises.	172800	IN	AAAA	2a01:8840:1b:0:0:0:0:30
+v0n2.nic.cruises.	172800	IN	A	65.22.26.30
+v0n2.nic.cruises.	172800	IN	AAAA	2a01:8840:1c:0:0:0:0:30
+v0n3.nic.cruises.	172800	IN	A	161.232.12.30
+v0n3.nic.cruises.	172800	IN	AAAA	2a01:8840:f6:0:0:0:0:30
+v2n0.nic.cruises.	172800	IN	A	65.22.27.30
+v2n0.nic.cruises.	172800	IN	AAAA	2a01:8840:1d:0:0:0:0:30
+v2n1.nic.cruises.	172800	IN	A	161.232.13.30
+v2n1.nic.cruises.	172800	IN	AAAA	2a01:8840:f7:0:0:0:0:30
+cu.			172800	IN	NS	cu.cctld.authdns.ripe.net.
+cu.			172800	IN	NS	ns.dns.br.
+cu.			172800	IN	NS	ns.ceniai.net.cu.
+cu.			172800	IN	NS	ns2.gip.net.
+cu.			172800	IN	NS	ns2.ceniai.net.cu.
+cu.			172800	IN	NS	rip.psg.com.
+cu.			86400	IN	NSEC	cuisinella. NS RRSIG NSEC
+cu.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . MdwijIkE8lbPkzZSPWlEs4wWzqFNXatbr7yhsxHYzVTym86X2mv0GDQY5MG6CWcGA/oaWU+3IZ3Pt67HZHjp6/+/pYV2EJWuf+Z5sGXpfzb6glRb6ZBwYWbqzfy5igEu+EqzB2Ie1MmxhPU29ab4l/LehzEGGIQrEWZvQ744Bxp2yuqy7ibtzdO2wU61miJkyIjUsTH/g8bD2EuIAhzPNVBdnWyaau+C2jnHDBeomUMffGt6D9g6YOWeTMyL7oGNodfU6ofM7nCo2vo6uP6jnaD8exZGlkzra7ujnGUuPcDVT4J4UqqwzidDkk567+EaaRRL/lu3FsRWbN9ev7wdbQ==
+ns.ceniai.net.cu.	172800	IN	A	169.158.128.136
+ns.ceniai.net.cu.	172800	IN	AAAA	2001:1340:1:128:0:0:0:136
+ns2.ceniai.net.cu.	172800	IN	A	169.158.128.88
+cuisinella.		172800	IN	NS	a.nic.cuisinella.
+cuisinella.		172800	IN	NS	b.nic.cuisinella.
+cuisinella.		172800	IN	NS	c.nic.cuisinella.
+cuisinella.		172800	IN	NS	x.nic.cuisinella.
+cuisinella.		172800	IN	NS	y.nic.cuisinella.
+cuisinella.		172800	IN	NS	z.nic.cuisinella.
+cuisinella.		86400	IN	DS	7819 8 2 34AD4E3123591F60CA6F54EF8225C5B9EA2CF0325CA3AF1C73DA9BE243C1FBBB
+cuisinella.		86400	IN	DS	35209 8 2 1FC1EE72FADCC8085A2F62C861BDDB4B556DFC33B9356845550BE284DE05B383
+cuisinella.		86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . 1Z+lhAwuMb0hmrCJ+Vh0qMGeZ1DvO17vVrMxAb0wsfm+RkgCTUY+JM5c/jMCgqzslkoCSAzNr+Cahfhj0uRZitCdznyuFjRSuKZh8Y0KjP4Otq7PSDkyMjgwUTIt0JLY5nJlSis/AqQIYVFFfgEQTCifBBo0bndpW99btgLRTc7pHPJccElJRFkqoHsZkFfPGApzMUFOzKIhbYXPpwnzQCaF37Xgg4p69YDw4Ff4IVJv+tD7OC4ZEYNjf3ZDgcsnBNCr+dFVWErANKjlc7Sl09ijwEViT9mwibFUd0G6WzHCmL4b6vZDc6zxGMvHt/whCkcYJ4J1DHvEGVysshH9bw==
+cuisinella.		86400	IN	NSEC	cv. NS DS RRSIG NSEC
+cuisinella.		86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . DAgwvNHG0ajNaXH/3jr/q7K1Rog0rWYD6GoVDZWodWffgq+d9aQR+h5yfJk31fAddm2E5C5vK6MVGQGT6gCo4xy1h2CYiNA+E59dnNEqWyUzuw2lE9h9sqNP93tzHAsvDOU2CSVXrT1VAZzZEVPA0xYrVr1vMIXW3xbCQ9OqphuQ7732LgM8dMJipZkwHrD5afm6aYvQIi2prOZtuNz6TuP1bHx23Mkx1QuD8rXPX++YZ77Z2yHzdRQtz5tu1UyUFuaAJJD4hibSunlDg0+fEFbx0dRAzkHpdtskgHuJGr1qTypRvoDpNUeISwPVAlDUixE6TbTEoISKpPBFzipXgQ==
+a.nic.cuisinella.	172800	IN	A	37.209.192.9
+a.nic.cuisinella.	172800	IN	AAAA	2001:dcd:1:0:0:0:0:9
+b.nic.cuisinella.	172800	IN	A	37.209.194.9
+b.nic.cuisinella.	172800	IN	AAAA	2001:dcd:2:0:0:0:0:9
+c.nic.cuisinella.	172800	IN	A	37.209.196.9
+c.nic.cuisinella.	172800	IN	AAAA	2001:dcd:3:0:0:0:0:9
+x.nic.cuisinella.	172800	IN	A	156.154.172.82
+x.nic.cuisinella.	172800	IN	AAAA	2610:a1:1074:0:0:0:1:82
+y.nic.cuisinella.	172800	IN	A	156.154.173.82
+y.nic.cuisinella.	172800	IN	AAAA	2610:a1:1075:0:0:0:1:82
+z.nic.cuisinella.	172800	IN	A	156.154.174.82
+z.nic.cuisinella.	172800	IN	AAAA	2610:a1:1076:0:0:0:1:82
+cv.			172800	IN	NS	c.dns.pt.
+cv.			172800	IN	NS	ns.dns.cv.
+cv.			172800	IN	NS	anyc.dnsnode.net.
+cv.			172800	IN	NS	cv01.dns.pt.
+cv.			86400	IN	NSEC	cw. NS RRSIG NSEC
+cv.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . ZSMg8bGvO6rYz3dCZEnVUp5U6UrEcYonjktx2YlWDwBichf0nfE9MBg0am9aCAJBtgoiokKEdfRVsnYjEQLn8X3zu494zEPQY7qRXtU621g/7mkd+7MWOgP2Y8+Zj0+UGFG7s57B6jV2BPEiomiqCEYnhJ1uI8Lq5ezUE1S6Adyp770JZcT74vgKRnzPwfb4PuDoekwzTVeebRVMvAvWWBkESZKmo4z4yU+DB0+ifl83crWIAoWhbx+QySfNDS6pGKHde7QFYaKhcz/Ww+3usEDptKVLGeInjAYZ3gd5C07DxKtd8uuEhb8S9p8p1by2swvpNB3QOM6XjMtcBOXhFA==
+ns.dns.cv.		172800	IN	A	41.221.192.220
+cw.			172800	IN	NS	cw.cctld.authdns.ripe.net.
+cw.			172800	IN	NS	ns0.ja.net.
+cw.			172800	IN	NS	ns1.dns.cw.
+cw.			172800	IN	NS	kadushi.curinfo.cw.
+cw.			172800	IN	NS	ns01-server.curinfo.cw.
+cw.			86400	IN	NSEC	cx. NS RRSIG NSEC
+cw.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . rWNu8izESjCJ5OJlqDYsh1bJWI7cHMA/UZBQVH8Z0uzy08C4H1giWqHrTcB3+fnWbfh2Rasto2kvAccsMEVk868HzAPjqHvBtkgLLqoL/kpW5VS6EP9o/oitQZlJGz2pmS/L48L35aAXq9chg2mjwDjN31dTODhINWMGdiIAaqImA1jpBs05FPdmVjAqO8pc+wkzv7P3JogWhKcvbu833XHWME0HtnzEWnr0/2gexUWr6sfhbTLWagVbb/eoXjvTOeKrfuRObuT1ZRxbiHZyK3Rg9GKEAOUX/wB46Oa6/Gzn7tn9QdSIEuDiwk68CRk+K/NvW1zXBdU8i2laS0djBQ==
+kadushi.curinfo.cw.	172800	IN	A	65.208.122.63
+ns01-server.curinfo.cw.	172800	IN	A	65.208.122.36
+ns1.dns.cw.		172800	IN	A	194.0.28.6
+ns1.dns.cw.		172800	IN	AAAA	2001:678:2c:0:194:0:28:6
+cx.			172800	IN	NS	ns.anycast.nic.cx.
+cx.			172800	IN	NS	ns1.anycastdns.cz.
+cx.			172800	IN	NS	ns2.anycastdns.cz.
+cx.			86400	IN	DS	6500 8 2 4854A102492CE0C50C714F366EBBD520CBA38BBEFC91CF295EEE8E6EF7D48CA5
+cx.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . ctB+ovQUA9OSxDAox+7m27x+vGWVndQ5O5kNs4NYX+g8T5R/Lxd7Mgn5bij1kYxI6OcyI3l8Cq0NYlPVKcMxhNgESysM4yBEMTZYvx2d5X5uAWCqBTMMcDYA2ZEZiSzET8dBvJ6s5g5QbxI2vQhmA9e7MTQjmz/ysQDFBl0sbcMO2KTo0Jju6fHeE8Db3Ud0fjw2JIJoj18SinI2QYhOyXbW9aQnqztcEpap8SKvoOfzvSQs2fPFnZ4GvQvL3dSA3Va0lGlLPTBQsJ1FwVoUbTtlBh49y0aMb1SAJhoCG6I4rC7MjEQYGbepYrzzmsOmGMBn855eRbwWONFYjHKmMg==
+cx.			86400	IN	NSEC	cy. NS DS RRSIG NSEC
+cx.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . tGPunRF7XGLrmoFZrVbVu/z4rwB5sMeGUOT5Qi3gg5LHrHVpol5/7huVAp7Sx6b31CaY7xHISNDls+pr02If7DgSg+BUW/orEUGH4rudXocg2WvEApQMY04/RAT8iB/56Xw1laN13Kr1mZt9r5TBdw9S9kT2VHNFVot6mOiea/jh1eoYrB8vAqRfPtIz2w2dxGo9q2taf3SAqBLFoadnPnYnFnhqcv/42xFhwjwOoIdrrf83LEQB1V9QOeQBicMyMkMzlCEpSsW/oqcmV5W4l2sgLv2F8SVNujFlbc4OnbyKtCKKsqebZtGfVUwLvxDdFxkqoQqbFCjlo27uOco7hQ==
+ns.anycast.nic.cx.	172800	IN	A	204.61.216.16
+ns.anycast.nic.cx.	172800	IN	AAAA	2001:500:14:6016:ad:0:0:1
+cy.			172800	IN	NS	ns4.apnic.net.
+cy.			172800	IN	NS	ns31.rcode0.net.
+cy.			172800	IN	NS	cy-ns.anycast.pch.net.
+cy.			172800	IN	NS	estia.ics.forth.gr.
+cy.			172800	IN	NS	cynic4.dns.cy.
+cy.			172800	IN	NS	cynic6.dns.cy.
+cy.			86400	IN	DS	53051 13 2 23E40296DD897E15A7B78061B987F240D0415ABC20382FDCDAEC24C7FC8A9E0F
+cy.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . VAo3aqOM1tLCIbNP9sABlxc3bNzI3Ob6JuIE5t7ZA1f0i2p8813IYZamKbBt+fWA9KAR75ljPhI2A/711PlF2v+7jGEUh1Y4MWfgVtr22nEaQyUTGWzNZLnDNj1Bs8Htyjge69SsL1ddvoW3plZywbCXU3E3CtnEx0XF9pJ9vV/rr8eZp6PjoWEF5kgaax9TUVnUny38by/TY+HBjhZOtPaFzQw4iPr3q3F7E0C3H8v9W46ZkwNOvQ4hgRMswa/DpKI/u6UawievIA0Uymvr0+dIB51s1vlC74HAoluj4EHmnsSOQR6UL/13LtkqARDrOulObhxV1cgKKFF7+nFdRg==
+cy.			86400	IN	NSEC	cymru. NS DS RRSIG NSEC
+cy.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . ASq7nvFiZdmiM/14bnzt+tlLyUJ8BPZXrI8oVyiubaODYxpKSPGg58cEeQxDsrJDzshfd9a8B7oDalvIFuFPhS7z2uUlenlBzGB2VXPOqMmK47c7CyeQ9DRwKnw5yx7KOt1JZmPggfuq9sPl4Rr+smi6oNGWs6/SnFx8l1DbQOtELL1uVwhoCZ9J4j0hS/GcYSpsoA/hqeWvIcWUwupkwwSFOnEYOqRmlV6/MHb8qhnWIbpEV7ZMzsz8lR+2nS6Z2e8cucl/uuoiSOy7W73ENqUCU8sKFvAutiqR/PRWEm752SpQyTW838EvkSvLMToP6nelkOtJsBwPGXBaNXZW5w==
+cynic4.dns.cy.		172800	IN	A	194.42.29.16
+cynic6.dns.cy.		172800	IN	A	194.42.29.5
+cymru.			172800	IN	NS	dns1.nic.cymru.
+cymru.			172800	IN	NS	dns2.nic.cymru.
+cymru.			172800	IN	NS	dns3.nic.cymru.
+cymru.			172800	IN	NS	dns4.nic.cymru.
+cymru.			172800	IN	NS	dnsa.nic.cymru.
+cymru.			172800	IN	NS	dnsb.nic.cymru.
+cymru.			172800	IN	NS	dnsc.nic.cymru.
+cymru.			172800	IN	NS	dnsd.nic.cymru.
+cymru.			86400	IN	DS	34255 8 2 B85680D4065DB4E7CFAF8B349DD43901EC51B78F5E9C57C332BC6D905BEBA702
+cymru.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . A6mi4eJZ1inUudMQt0H5y5/I37UKqjHpSvKeB6MxTkrd4c1dxNharvcCAimGWG6TnINV3/eZXqlPMbbxysuT3UPua1BQlqIKwkCGRAY95cYDkwnr3/kgTMDV8nxKxhOCw8Cf0/JsrOkjvHp/pHJV0Q+S96akdj66/trVabrV+0RjGYSyu8aIqB2DZ/9Y0dRp84EQl0SeaV1jXIYNsbcWCd22x8OQFTEFzXTm/nETE01Ru7BSnG1JxoJob9N4ed0vvjYxRsl7k6JwhEudmUjWGZxCP7EHhcN0DTo46MB5DYrT7mvp/POV+oUkkMoGgjrOEtX0qJXLEJNWU5KhBLs/Dg==
+cymru.			86400	IN	NSEC	cyou. NS DS RRSIG NSEC
+cymru.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . hzpJ9/KB0BtJx7HNb5qQ5STptIH2gFmIdG5aeT0yRmFKE91xXNICO+OHEemJEBPsunq6VysmCPnIL8s3EksAXsd/kEGZZCi4ocmzx/0FYtrrOM4n32tTqJwGK8zeNDVp2N3uBxeFgo5MLaLVX2Kw69PKti/YaCxqocQ5FjHDSOVUTYga49zHiDkInXm2zVFTZLsavtOsbcgRlzHy175SvLYf3qTp6DvQ/GMZA8/0oXeeBPUiwAyxn+S6jyTzkZbyOvQzX6ww7xEHppa+uJH8feDVM9cwOcINApLz2mvD/CK1sBJFaF3a4m09Yd2p5VKhkmE2SvBaG+PoSdq/eW+/pg==
+dns1.nic.cymru.		172800	IN	A	213.248.219.3
+dns1.nic.cymru.		172800	IN	AAAA	2a01:618:403:0:0:0:0:3
+dns2.nic.cymru.		172800	IN	A	103.49.83.3
+dns2.nic.cymru.		172800	IN	AAAA	2401:fd80:403:0:0:0:0:3
+dns3.nic.cymru.		172800	IN	A	213.248.223.3
+dns3.nic.cymru.		172800	IN	AAAA	2a01:618:407:0:0:0:0:3
+dns4.nic.cymru.		172800	IN	A	43.230.51.3
+dns4.nic.cymru.		172800	IN	AAAA	2401:fd80:407:0:0:0:0:3
+dnsa.nic.cymru.		172800	IN	A	156.154.100.3
+dnsa.nic.cymru.		172800	IN	AAAA	2001:502:ad09:0:0:0:0:3
+dnsb.nic.cymru.		172800	IN	A	156.154.101.3
+dnsb.nic.cymru.		172800	IN	AAAA	2001:502:2eda:0:0:0:0:3
+dnsc.nic.cymru.		172800	IN	A	156.154.102.3
+dnsc.nic.cymru.		172800	IN	AAAA	2610:a1:1009:0:0:0:0:3
+dnsd.nic.cymru.		172800	IN	A	156.154.103.3
+dnsd.nic.cymru.		172800	IN	AAAA	2610:a1:1010:0:0:0:0:3
+cyou.			172800	IN	NS	a.nic.cyou.
+cyou.			172800	IN	NS	b.nic.cyou.
+cyou.			172800	IN	NS	c.nic.cyou.
+cyou.			172800	IN	NS	d.nic.cyou.
+cyou.			86400	IN	DS	19927 13 2 2079B2824EEE39EC9AB51F32B199A6BCC68162CA56BD12C2740B8C800FC611C4
+cyou.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . tVuLSAhCSj8QoXabtcz/K5lwITZ8mpBTiR+mUW/vfzIjI4C8iXlxvnF1hc/n1C1gb2scU/qKu0Ez5CiPROrt852Ao/OnAUQszZDZwfxHsvBeVcULRjIzbXtS2aERmh1TL/ezpkh0YUjeEzDJzo5OFKW//FADYBzh6LxyLudh2zdXtDLpnOCna3ZOjPLeaDu1yMcUGoDr9/9zIUfFIUHSqs1NZHnDYQhYGvFkQ1oPpBIQCRtodRQEddFxiF9jqe4nO/HdWuFgcs+4nJt6CoHrelxCDhxspLSg1xKXXJvsJBaBIU5QArCGTpBKGh+lLNOE2NmgTsot9RTAk1kgKF01Hg==
+cyou.			86400	IN	NSEC	cz. NS DS RRSIG NSEC
+cyou.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . Z+6xM3NG/7tzFEqgojcFye7cvGlUFPmHDdbX/Jb4uNrygCxnSAnPYRfahyG3CrHrGO/eJ92kNSUuuFQyO4UcsWwrdFhcORWNFZiWfjCD8UQ9eLpwFe7BxR4arYyN0tF6VQ+5HWNYQOB5sDLbt8k7Q9mxHx/5ER7GtTCYhONmSsRhNpmpplW2kwdvO4hNyyDXcpeM/pz6PHLWNe9K+nYDLtRQFqx0eFy7+bYtrCGAredKg4riuH19uPqB3M34OhWc7jGJld65y7HZmDWRvIs7s166MaNWpeYKv77ZpmYSUX4zOZYMlUy5XKdzWOAqanKPN//KFGob32X1sRo+Vf6nhA==
+a.nic.cyou.		172800	IN	A	194.169.218.120
+a.nic.cyou.		172800	IN	AAAA	2001:67c:13cc:0:0:0:1:120
+b.nic.cyou.		172800	IN	A	185.24.64.120
+b.nic.cyou.		172800	IN	AAAA	2a04:2b00:13cc:0:0:0:1:120
+c.nic.cyou.		172800	IN	A	212.18.248.120
+c.nic.cyou.		172800	IN	AAAA	2a04:2b00:13ee:0:0:0:0:120
+d.nic.cyou.		172800	IN	A	212.18.249.120
+d.nic.cyou.		172800	IN	AAAA	2a04:2b00:13ff:0:0:0:0:120
+cz.			172800	IN	NS	a.ns.nic.cz.
+cz.			172800	IN	NS	b.ns.nic.cz.
+cz.			172800	IN	NS	c.ns.nic.cz.
+cz.			172800	IN	NS	d.ns.nic.cz.
+cz.			86400	IN	DS	20237 13 2 CFF0F3ECDBC529C1F0031BA1840BFB835853B9209ED1E508FFF48451D7B778E2
+cz.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . gksxAF48Ac1m3WNpRGRtRVytrsk+9YrSpU+SZiyQ0z5uEii4zM2lNCzi79Q7ojLfYqaz9GH7VnppgUH8QcHn3WeerC2Ia81hI9Q6voj1ps8f1cQKM3pXgL2YqF4FsuTILyzAmuzFdBUSVZsoE1qRxxOYtj7qJV84/b2ZCfvOBLth/l6pP2Wz2/G2RYJy4q79Rei/ss/3ydAYwRDk9Zw3LtMLngjGqRvDn5incxL7tJsIimUFdlHRDlT3xzxE2OYbxYvErkprU+E6N4Sgo6unYLkVw7XE8BimxQ+OK5OuPn/JZR5Qdc393QRnm1R9f077CjxgrTrPP2Y5g88xpL9nkg==
+cz.			86400	IN	NSEC	dabur. NS DS RRSIG NSEC
+cz.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . u6eqLyIwlhdEp7KsSduGEFrJDy3TckuFhtKvfS/qnsndFZ/nZy604HTTpGJRO966moeIWqysPyUB2lqSzQ0qoQPGtMVHd2ynC3Yi3mb6F6QiaAfqJJBPUqU/eDHolhgCJmejqH2qFcWJ6Ep19sxAgMbvl2pOk+sNZUtt1geUdKjgwsZdsujYK5kO9cmV8gfYRKiFs+8k98akhuzcv6TADJi5NlIIRrjFkQZPbZzDn4K4v7NWEm8XAh8P4PSdz5p8A6o1iIKLJKyJKGVireOjUt29av+rg+9+SDi9FYn7Mptx7OPZn5S6EaEdKELHHhGzTd4ebn4lDS0xgMbi16EmMg==
+gt.anycastdns.cz.	172800	IN	A	185.28.194.194
+gt.anycastdns.cz.	172800	IN	A	185.38.108.108
+gt.anycastdns.cz.	172800	IN	AAAA	2a00:fea0:dead:0:0:0:0:beef
+kenic.anycastdns.cz.	172800	IN	A	185.28.194.194
+kenic.anycastdns.cz.	172800	IN	A	185.38.108.108
+na.anycastdns.cz.	172800	IN	A	185.28.194.194
+na.anycastdns.cz.	172800	IN	A	185.38.108.108
+ns1.anycastdns.cz.	172800	IN	A	185.38.108.108
+ns1.anycastdns.cz.	172800	IN	AAAA	2a00:fea0:dead:0:0:0:0:beef
+ns2.anycastdns.cz.	172800	IN	A	185.28.194.194
+ssnic.anycastdns.cz.	172800	IN	A	185.28.194.194
+ssnic.anycastdns.cz.	172800	IN	A	185.38.108.108
+d.ext.nic.cz.		172800	IN	A	193.29.206.2
+d.ext.nic.cz.		172800	IN	AAAA	2001:678:1:0:0:0:0:2
+a.ns.nic.cz.		172800	IN	A	194.0.12.1
+a.ns.nic.cz.		172800	IN	AAAA	2001:678:f:0:0:0:0:1
+b.ns.nic.cz.		172800	IN	A	194.0.13.1
+b.ns.nic.cz.		172800	IN	AAAA	2001:678:10:0:0:0:0:1
+c.ns.nic.cz.		172800	IN	A	194.0.14.1
+c.ns.nic.cz.		172800	IN	AAAA	2001:678:11:0:0:0:0:1
+d.ns.nic.cz.		172800	IN	A	193.29.206.1
+d.ns.nic.cz.		172800	IN	AAAA	2001:678:1:0:0:0:0:1
+mw-e.ns.nic.cz.		172800	IN	A	185.43.134.10
+mw-e.ns.nic.cz.		172800	IN	AAAA	2001:148f:fffd:0:0:0:0:10
+tz-e.ns.nic.cz.		172800	IN	A	185.43.134.11
+tz-e.ns.nic.cz.		172800	IN	AAAA	2001:148f:fffd:0:0:0:0:11
+dabur.			172800	IN	NS	a0.nic.dabur.
+dabur.			172800	IN	NS	a2.nic.dabur.
+dabur.			172800	IN	NS	b0.nic.dabur.
+dabur.			172800	IN	NS	c0.nic.dabur.
+dabur.			86400	IN	DS	12355 8 2 BC18991E60B16ED8791D94EA935D83E9D40E2CBA9AC8B824A40191E5F5F50AE4
+dabur.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . sEELQbe1LmoF4eBae4zHmocs+wS/sCcWTYP8yEWgIxtscMnFBekRfMDLQcSrndyd/ULBsb9NywiaDsp+bJntAOJ4BKIG/lZJ9PKDRoHCzJ5ustMXetCNy5kzKleuxbajhKRUt239Yxb/YXtomIy7v3a6PelZPgFCCfEmxgZE9GDu/BpLGn9nttilYCqDNsVEKXsUdxS/kOIkYxH4YBxG2/X40DOmpMnaxTDZ+OWOmu2OTi81jRmatnrc5ycIoeckQliowTRzizCn538VuD3bDvlmz6h4y8oCIWpfAlZh3VfDOyfqPBKsMk7ApCSAsUYQS/lgNmDiuxPigWGTN6t14Q==
+dabur.			86400	IN	NSEC	dad. NS DS RRSIG NSEC
+dabur.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . AM7xN96giQWNN1bUtUPeJm8NzLFFg/CrW70+SzYF3THdXcdTLua+hJS2M2lnHed6SLWBKc8//lWsgUb8336v7q0xd0kYX6cgiTsaw8OLdzLrtjrftwEnchpSXm9B6Bg3PijN0zRQ5K5dUMTsaoipy8wk7QmKksIkT3EFAEYPrpcgUt3pxxXit2ORBL5og8mob5EmntLn003a2+wAmmGdH/SKF6LmItcBciRi1CWgHbHicsHN1Er9HWH0mA2tmjoFYcRkswGtPokjbe8wpocHV2exaCGZG6lZoLQVNytoQz5JSJvvw7UWeYqBwsjqKmkcvgXhoYx+9/3q6S7jb97jHw==
+a0.nic.dabur.		172800	IN	A	65.22.180.25
+a0.nic.dabur.		172800	IN	AAAA	2a01:8840:ae:0:0:0:0:25
+a2.nic.dabur.		172800	IN	A	65.22.183.25
+a2.nic.dabur.		172800	IN	AAAA	2a01:8840:b1:0:0:0:0:25
+b0.nic.dabur.		172800	IN	A	65.22.181.25
+b0.nic.dabur.		172800	IN	AAAA	2a01:8840:af:0:0:0:0:25
+c0.nic.dabur.		172800	IN	A	65.22.182.25
+c0.nic.dabur.		172800	IN	AAAA	2a01:8840:b0:0:0:0:0:25
+dad.			172800	IN	NS	ns-tld1.charlestonroadregistry.com.
+dad.			172800	IN	NS	ns-tld2.charlestonroadregistry.com.
+dad.			172800	IN	NS	ns-tld3.charlestonroadregistry.com.
+dad.			172800	IN	NS	ns-tld4.charlestonroadregistry.com.
+dad.			172800	IN	NS	ns-tld5.charlestonroadregistry.com.
+dad.			86400	IN	DS	26870 8 2 E0CA4BC0FD88A68E2A90402FD62DA9F321940B79F5D1E01BA1141D2B5301D8F5
+dad.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . hmIyxQEegitssBZGCM/AWMKZP6Jv/lQH2xn4T6O5k+qiETuu5pTxUD4lId/K/NwH3yE3My/4LxJoS0tRA5JYtPjcqNkh0aHc59VyM2F9PCnWgYhOxUrUplLRyI2/B3L1U+7/sB5H3Jrz7mzGvUnf3o2q4lGpjMSP+Qutp2C/rQAX41X67XYtt8648Vh0xnLC9T3T7xYSGz2X5LxaFpeW07WcAfF0b1GBC6+THppgYMRTkU3Nt5e9YsgS9BggJWXpEKgFSJXqoApeVs4I5Z4Kli+yYli6zqcp0QEoike486uROiS5K2ydT4X7lsVormcGDUrsuPrKzl9ZjYGB9XQLcw==
+dad.			86400	IN	NSEC	dance. NS DS RRSIG NSEC
+dad.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . Trei7vq3hmOxl/Fv3pJoog76kaUIrLeKJpQ5Naxzh4nbTFC8WlIuT2K0pCnbdsDFaM8Vuk/HzI/gS+GJbQ0KsmbYCYueo6XcF8Rx8p095iFAu7K/NguiS2VS8eM5jXte7dcm1ovZpo281GyhWb5GKgSLCLpLCEMkN4gU4YhYJkb+hqxP4Bl+tzyzK+tSKniyUwCaUw4xiLHtngAVA46KmZeUWQiDq11pulb4bUyeRkbbmwfBXvdD563TyVceV8A6e8HfUyAA4ZhmvUKAB1vBxyG1P+nbPs9FoapAtncCMHTSyexew4iPlnShF/R/9tZJqhw1zd9iuD5k2g8r9nhULg==
+dance.			172800	IN	NS	v0n0.nic.dance.
+dance.			172800	IN	NS	v0n1.nic.dance.
+dance.			172800	IN	NS	v0n2.nic.dance.
+dance.			172800	IN	NS	v0n3.nic.dance.
+dance.			172800	IN	NS	v2n0.nic.dance.
+dance.			172800	IN	NS	v2n1.nic.dance.
+dance.			86400	IN	DS	22036 8 2 D2494CB312C97D6A1A075F55601BA62CB59D2672E23658E3EDACF4777BC614B1
+dance.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . H1nnrurV/R9kUr3Ao4rH4KBBEB0jc760Hr5h4jQciQ0zRzdHjeBK9vrnT6R4+queCURbpczLx4ykhFqEaStzhKyfyEVVA2KbtIWLmfiVgPMSW685V//hkVugQ8g9zDW8hh4QqZm6tV1dH2/Eyki6Ys/69sFeJt/8bChxU9ctaqmmw7twfX1vHjsBp9M7W2ncM+jEhedLb5Oolt9koxpVDCh8gHbMlI4TdOF0Wm3opiLucLfTDVq/HHYZ4agw+WobpGObWqsR822A9nUTMWxw4EZkV06144B2aLRUza8P1R5giGBIzLc7C75KNYoaZN+cqOZDovon1nCNd9fD8pFDuw==
+dance.			86400	IN	NSEC	data. NS DS RRSIG NSEC
+dance.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . 1GINjXlqHkvMfjokn2r+b8wIII1IXBZd0+Da+vb2zmsiIJRcnyP1gBTEm1bJyaPZjnV+tDhMGhxSDgJIzSOSVtV6R+MHDqGPGp+zG4U8BqzJtAaY2BJ/O1Yoa3vbeSDXOIaAnRiLVjf7zErU4/jmrmZLNd2zdZhsgx5G3vPBd1C9U7ySyEwWlcraYV3i+R/9DaZGh9/V+N8FvpPk9/MUWLTAEYg8e9GeznaTc6wXq4kg4gePuAHUn0sErOLigh5PvsTsH3xd3V6WHQFBaOhyJ2/eCNCFx3qW2yPuKDMpa0JCmY1w4M2EYJt9ycNODwegU/05HjrhfJxQvB83XtP60A==
+v0n0.nic.dance.		172800	IN	A	65.22.24.50
+v0n0.nic.dance.		172800	IN	AAAA	2a01:8840:1a:0:0:0:0:50
+v0n1.nic.dance.		172800	IN	A	65.22.25.50
+v0n1.nic.dance.		172800	IN	AAAA	2a01:8840:1b:0:0:0:0:50
+v0n2.nic.dance.		172800	IN	A	65.22.26.50
+v0n2.nic.dance.		172800	IN	AAAA	2a01:8840:1c:0:0:0:0:50
+v0n3.nic.dance.		172800	IN	A	161.232.12.50
+v0n3.nic.dance.		172800	IN	AAAA	2a01:8840:f6:0:0:0:0:50
+v2n0.nic.dance.		172800	IN	A	65.22.27.50
+v2n0.nic.dance.		172800	IN	AAAA	2a01:8840:1d:0:0:0:0:50
+v2n1.nic.dance.		172800	IN	A	161.232.13.50
+v2n1.nic.dance.		172800	IN	AAAA	2a01:8840:f7:0:0:0:0:50
+data.			172800	IN	NS	a0.nic.data.
+data.			172800	IN	NS	a2.nic.data.
+data.			172800	IN	NS	b0.nic.data.
+data.			172800	IN	NS	c0.nic.data.
+data.			86400	IN	DS	31144 8 2 C9BB359F8D99FB1AE7CF5A5972BD18448EE89775E7B6FB0BD19D3BEC970A4E8B
+data.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . M6vIzy+hxLPHnRdXzt3gsYhrnRG1LG7cCBdmwsvE+cSMj/lZiXlftk38Rsg/z97izKIYzutAN1/vDjoirJ7gq/Af6mvuDD4OI2cC9mYDv3KEsIFrju0yNZyKtNuOVRySEQz2IP0yLUj7gUlXGMuGv5ROZK5F5z5ep0n3H8FUrTAQKJkyiLyO1kZzb7jPD0LgLCurG8u46T0ucwouk90t5EJHIIT6pWAhuA2fa48gMK8vWbm0m6CvQK6jI0wZzXZscRX5i1LqRI5v719dJ4O5jjQVv3BYtx0Rudk733uvngoSAEmPTHShJerADym+Nfu7uZeV8HmfGvEp8y1YxafqBQ==
+data.			86400	IN	NSEC	date. NS DS RRSIG NSEC
+data.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . r58sRvrrGDUQWDYgzAlnOSn5Svna3LLBpeLb9pjo6Mn4/X4/ULCqmoU9Qt58FbHfmdTmfTnfms/lxIB+AIt2XqElyywRnbmKfVLpmyLuCagoFQjRc4+DmkCw0fOhjxvPOM/Nwp2yMonvwLiIkUwbYR6amV5vBf2cy1dsTYXy/CaGoPeZ6AuhryoNvydFbFFvZ9vjClnb2oMFy4wxjgZNLbx8LryroXc+3XSQ+prXoZgABw0BWeNA+Gx5S7ouCW7Di/BIWapxdKMOQc8TgZwdBShIwIrIy0W+i7jcLiERuotK+gNWlRta3pf5M7GTnlJ+xlNxsI+JfM8/Ej4O5t8X5A==
+a0.nic.data.		172800	IN	A	65.22.96.25
+a0.nic.data.		172800	IN	AAAA	2a01:8840:5e:0:0:0:0:25
+a2.nic.data.		172800	IN	A	65.22.99.25
+a2.nic.data.		172800	IN	AAAA	2a01:8840:61:0:0:0:0:25
+b0.nic.data.		172800	IN	A	65.22.97.25
+b0.nic.data.		172800	IN	AAAA	2a01:8840:5f:0:0:0:0:25
+c0.nic.data.		172800	IN	A	65.22.98.25
+c0.nic.data.		172800	IN	AAAA	2a01:8840:60:0:0:0:0:25
+date.			172800	IN	NS	a.nic.date.
+date.			172800	IN	NS	b.nic.date.
+date.			172800	IN	NS	c.nic.date.
+date.			172800	IN	NS	ns1.dns.nic.date.
+date.			172800	IN	NS	ns2.dns.nic.date.
+date.			172800	IN	NS	ns3.dns.nic.date.
+date.			86400	IN	DS	17974 8 2 89F996CD425D64FBD8DEBA987615D4C3D8DE899F626643B4BFC6FA7BF8F996E5
+date.			86400	IN	DS	30325 8 2 B0A4309D9AD85D8050259A80A8261B1003251CB1D2F3C74AA30E09335AAF2501
+date.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . nJR/QyTpsxxkioOK4G/riJbelalAUaE4odD01CK4qj6uiGOLmOaZt4FntdbobanLSJVQfobxXq1L0e+kMh99Yb7wahTC62SJo9r6K9XlrKIzptL+X6oL+DUB4tDXzTjabeuaw6T/cM0p9PDr3jcuPUBBU3AZTfemtLpzL1AsMF5dwPvCvjrRvAPwQEnor7gzNGuQrXVfMx3owAPrkf40xMTKA9ObF718KEz5iBiftDiENaUzfI1SqmyJCV4UO/AiSvJ/NZ6AT4TGIbjF3I1DPYmYTY5RSjcBRujhl20QK1rHLvvakp37ZMF98ziPZuisqTgbHlKAmgT2y4L+qMa7jg==
+date.			86400	IN	NSEC	dating. NS DS RRSIG NSEC
+date.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . Qu1frG6cSZ5KC/5nE9CAwE6C/2BDkwowoV/yvxPxOYoCykbfumTycxAo+prvEWGir2fviGSPH+SzZKt2m4uv6MwlfyYt9kNZzCiGWanBR4ag9t7vnwbj99KkJhvPPBTtyf3tmd0RJ9xVW5kL2jEB4Jo+2Gze1W8jRp8xMpPztl3OCFKIjdCWV1Y3tRwHaAK5erGscxINWtocnnmEZGKF3cwRwKXa3CE1GtqUIQLQpd6pGJ/d8RKV2hL4LEFIUjmPqwaXbmaI0u8Sr6T/8RF13QAhgAoBq/Ky+V9zYl2de1m5byLbZc+tC9wqKLxxhd/9vWz8FK5PPxbSqC8Zm0r8AQ==
+a.nic.date.		172800	IN	A	37.209.192.10
+a.nic.date.		172800	IN	AAAA	2001:dcd:1:0:0:0:0:10
+b.nic.date.		172800	IN	A	37.209.194.10
+b.nic.date.		172800	IN	AAAA	2001:dcd:2:0:0:0:0:10
+c.nic.date.		172800	IN	A	37.209.196.10
+c.nic.date.		172800	IN	AAAA	2001:dcd:3:0:0:0:0:10
+ns1.dns.nic.date.	172800	IN	A	156.154.144.46
+ns1.dns.nic.date.	172800	IN	AAAA	2610:a1:1071:0:0:0:0:2e
+ns2.dns.nic.date.	172800	IN	A	156.154.145.46
+ns2.dns.nic.date.	172800	IN	AAAA	2610:a1:1072:0:0:0:0:2e
+ns3.dns.nic.date.	172800	IN	A	156.154.159.46
+ns3.dns.nic.date.	172800	IN	AAAA	2610:a1:1073:0:0:0:0:2e
+dating.			172800	IN	NS	v0n0.nic.dating.
+dating.			172800	IN	NS	v0n1.nic.dating.
+dating.			172800	IN	NS	v0n2.nic.dating.
+dating.			172800	IN	NS	v0n3.nic.dating.
+dating.			172800	IN	NS	v2n0.nic.dating.
+dating.			172800	IN	NS	v2n1.nic.dating.
+dating.			86400	IN	DS	14914 8 2 46E07950175A552B198F6739926F1B881C5CCAB279839247684840018A9F4CC0
+dating.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . mgFQX4zY5DCdALyeXm+Ahd2hCR276RBsqPEPJIEOMfhEQRFtrlDx1GHzLDzEwq0YiVY3pfaEyhz72LfYYGpIFEf/v3zUxA9Us+NN1tU+OJOba0ORBFOBeKygNMbcU8nuA7g/J+bf1/2cumBOSRWMbN8JVBmzyJyHs71xwC3h7J3Fmzp6DEBHJIcaNI3qUGcBpbWvbZxelgGeT7iYKDB3lBOcLrphjRwnRp82mF0bLddus1G22fmBvOOThZ4VM02DonQXQNKCaOsqYeWLCdxjaUVLMazfwh7wrGjHsLTTYw+DjdSiXE6lLdyflGGNSNTqg/69n8z8KxrFkyVVvkh6vg==
+dating.			86400	IN	NSEC	datsun. NS DS RRSIG NSEC
+dating.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . X1x6McTbDOIIR7EIjSKDE/Ui0KzTrZsTG6ncwCBzzZ0x8yvbNaJG71es6sd5CJDit4U/0J1F1qAQsJqyLhwGJDtDqmdnTTEjylElk+yYy8dVGeWkyoR8XDvjualILo6NAiLXDlaWlJ0vW67jnnySeu4U4r4QC3Gvf6FwyNvHELWIUuBVCjTDGzaGLF0ORDdjOK4tSR76kX7ZcbvUQ/4dLYBhnbY6ZHgcPAysAU7brreMpskBgEvIa+zJdzGvFgpMzwFMhkRb3sxAOukHDsSjbe/3dx9uCeFlK4EWqklgLxEsfodtCZV8nNtHFagkmJeTv447Q8gjwwRaQ9uMqcRY7g==
+v0n0.nic.dating.	172800	IN	A	65.22.28.28
+v0n0.nic.dating.	172800	IN	AAAA	2a01:8840:1e:0:0:0:0:28
+v0n1.nic.dating.	172800	IN	A	65.22.29.28
+v0n1.nic.dating.	172800	IN	AAAA	2a01:8840:1f:0:0:0:0:28
+v0n2.nic.dating.	172800	IN	A	65.22.30.28
+v0n2.nic.dating.	172800	IN	AAAA	2a01:8840:20:0:0:0:0:28
+v0n3.nic.dating.	172800	IN	A	161.232.14.28
+v0n3.nic.dating.	172800	IN	AAAA	2a01:8840:f8:0:0:0:0:28
+v2n0.nic.dating.	172800	IN	A	65.22.31.28
+v2n0.nic.dating.	172800	IN	AAAA	2a01:8840:21:0:0:0:0:28
+v2n1.nic.dating.	172800	IN	A	161.232.15.28
+v2n1.nic.dating.	172800	IN	AAAA	2a01:8840:f9:0:0:0:0:28
+datsun.			172800	IN	NS	a.gmoregistry.net.
+datsun.			172800	IN	NS	b.gmoregistry.net.
+datsun.			172800	IN	NS	k.gmoregistry.net.
+datsun.			172800	IN	NS	l.gmoregistry.net.
+datsun.			86400	IN	DS	11344 8 2 FB16FD51D18855F4127721BAB619CA805D69817A84CE73B90BE152205CA31A40
+datsun.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . dh/yTAIwzIJ7rPDkquqV8ch4uaixNBPuc3LjtpGq7EW0aOMyB6paYDmIev/C6tE1USKIvxmt5jIOHne3aoJZb/bhRM3pK3zMlQbEi7B1rJkqH0tDvjlxBu0ubywQmUx7tYuN1wMi0W0OrSmri/a7hdlcDu07QRTjDzDR0MauBIbNkRxHfVGH2Dwv9IlU5Ln7rxaXZHXjTpZLQP6XMjzKdiVCMZLe7J7nIbOaw/PxuCM/4JXcPSR7c+7wIizydYnYs1lT6kALHhxPPV3EphCBPz+M1oiDssRfK/5ltwch5im8qQNYgedRqkArqUiIdopihNimOLjfaamjl3i1Gh9Hbw==
+datsun.			86400	IN	NSEC	day. NS DS RRSIG NSEC
+datsun.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . nWewSCPziwCKaXosrcCmcobUM4hPnoMboqVw6RpHSE7hLDKBY4CIB1/59VadN6XsjhPA2RyIW3y9J3SfgB4W6/dHX35yI5KFpL/MKQUCiwgi3uCr3TDTYXQHyiHr5KdB9PXTHDyiKjJ8U2FokerQiWqDYeJakQN5OFvfAi12mSmuUvJSAZzEYEPUFwNI832Z6PWqxMxV3tqZ94MNSzGDIvuyJndZiccYJDcjAzS7cLH5btWJFbEre04QPWot9CbTZFgWAl6ahvROn42lOZJhYIexNmW7WSuKrOrBkEIaveLC3aoBEtL2ewPg3Y7L4UAIF2nPhxSE4f0+D5Yzew4kAA==
+day.			172800	IN	NS	ns-tld1.charlestonroadregistry.com.
+day.			172800	IN	NS	ns-tld2.charlestonroadregistry.com.
+day.			172800	IN	NS	ns-tld3.charlestonroadregistry.com.
+day.			172800	IN	NS	ns-tld4.charlestonroadregistry.com.
+day.			172800	IN	NS	ns-tld5.charlestonroadregistry.com.
+day.			86400	IN	DS	41746 8 2 BCD63DA0F1195997A0EA25780E7B0675EC7877052CD6FE837E8F112C1FAD3886
+day.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . mR1CkCuIGGtV+apxqZ5la6fZKfVfWkPdqnb6BWvwy1YF3ps6KY+UC0OOxSn8ZY0eGkXP02vefhNvs//3irYlSGwwAtFvI65ICBviwMbKG2fXKuvNqzNOmOfXeCZShlLJw/BXfjGTmD7byNatO+9RJC4UKQSjPkXbjENd5KYxbR5fuXeGHsS3cOuYUbjq9jnLl1DVT1P55hWS2niPXyNXf4auZ29sdNjGksH4tcCPGZa7De7f1O6emyDIt/Q3El5W93BKyGSq2+Yfomysls6KDUoXcWm4+qbLcgOmFsaI2t5z1yy0Eps+GUFMEmFs4xTS+/9NtjH4h6ANdhQVekvd7g==
+day.			86400	IN	NSEC	dclk. NS DS RRSIG NSEC
+day.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . ljdxhPEvvgb0jgnKKadxq3ilzGpZP8Rs4RtdU9W/7MzQlux6dbNguSDHD6IcpEo/XN2SerVZ9ozYH+qJ1wuKRC2p/XBikWtp9pLCBN+HKNi4Kkg3MojfrbsjFbSV9SDOFpak8kRbeXx07vNDPyfpk9Qg9sioAUozoDvW9wkRThvmtKruY9eKFMKFiZHJyo42AgUywtPVlc/gso3Hsn+uMm6ONHBXx3nF9mxPyVQIY3jKjm6pbuWq3cneNWmdux9I0+FrsjsfFV8RMdTJ9Cm/ZatE6EI8DhXzfCfRlEu+18CFTPeYn4W1BMITTE/cneSJJHhstI3JrMlZXAyPi31K3Q==
+dclk.			172800	IN	NS	ns-tld1.charlestonroadregistry.com.
+dclk.			172800	IN	NS	ns-tld2.charlestonroadregistry.com.
+dclk.			172800	IN	NS	ns-tld3.charlestonroadregistry.com.
+dclk.			172800	IN	NS	ns-tld4.charlestonroadregistry.com.
+dclk.			172800	IN	NS	ns-tld5.charlestonroadregistry.com.
+dclk.			86400	IN	DS	44237 8 2 2DB4B865E2A04B4324E6B5359ACF3FDBCEB10E9E2AE8597FF7A71B9D770A70E1
+dclk.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . vKXi4Qo3dR++gPMSXTWUQuqJG+gEgB6dhZZJHCpg7FKVqdyI35EQ+grohkTEG37iN0q6xnZF/tcoqrkxQ6vsQx/nnb/UxWPChMp65weta4bFAHnqvZ0z+1By+Kz7mHt5Apntfq1AlTT1h+WHbunQ3AgYIJ30utwLIcF4X+OGs3lf8vqNpbPLhC5PPTXxd0AGLYHfy9beoUcJLPvTk2pCzzGBPFjkWZsrnUm+Q9pMz0tQpC5zCPJvwt3GzPfZeu8B99gdqhII6c/ljFyPbOkD2ILhve3sveVuwPOd450fB8fLz+0D41yYEdJ0eAse+4wbqi2P1mBeo/M8g0R6swhoDQ==
+dclk.			86400	IN	NSEC	dds. NS DS RRSIG NSEC
+dclk.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . XAFPDux0nDrxpvI/jjJHh8UZby9efclZ7jPpSD8c0zExvb55UNyJwNnQEAkcaMBRUMEIKS9Zx8OcwkOdDHqXEDpHejxqrgZ1hSUnf5G40RetzHZs/d1BFybiP0YjcvNQDGxjQ4tOhbkgek6Zi+cOJT0JID8UU5dGBdirJEYgo12C95NjAmuHrbJB0wzZA4Lee5QE//uQt02hMeWtqHCtfVUck10lKWSqjLINyeeSF7brihp7VroJR0j++vy5UUjNDd4d8++3wTVFIu8IrameAb/8zUSwISguejqNlLe7SvnHGC/sT/0OowghxjA94UegExcwVFZ/pU691c9rlru5ng==
+dds.			172800	IN	NS	a.nic.dds.
+dds.			172800	IN	NS	b.nic.dds.
+dds.			172800	IN	NS	c.nic.dds.
+dds.			172800	IN	NS	x.nic.dds.
+dds.			172800	IN	NS	y.nic.dds.
+dds.			172800	IN	NS	z.nic.dds.
+dds.			86400	IN	DS	4084 8 2 653AC51723253E888C2887191E1F89C34C4ECEF2F18E4EEB247F1FAAE3AFC6B2
+dds.			86400	IN	DS	51931 8 2 13EF8FE3E8E2AFAE0A24B7453D086E2EB0DF7828B03A8AF18FCAE43BEC07FD38
+dds.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . taa8g4YQbcT95jUscm6dEotp+B1EbApvcsTyQInpU7TVxgFa/oP0fcjNAsIaRr7N4n6FjQOJa4TW65s9OPDqir0CEOCSYSS6y+Fk0dXZ3lR9nHF+Mms7lu0YYNhEMWzwSks6JKD/r/OHaBs4EP53etrdIA4FklHwO1CurrSzKcwU113L6zMWst/1v1hEKPPLU4EC5raZlFtmLs8fif5NBzzGagjZGCRbMoJzTKrBnuwHR+YxhdIP3T+wRfGcwHbJxP7eu2HW4weJEy2QnMepVzx3OFITWhmtFAOWMPQy/1x7aB0Lc81A6bRkvQcUQLLmR3+zDRzFZzKLR5C2+TzGBw==
+dds.			86400	IN	NSEC	de. NS DS RRSIG NSEC
+dds.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . WIhfTBz/HV8Bsnu4ywGUvk+73vPMaMGpPYOuI92tffpU1t5Sb7sfY35JAUHYuAAG4jhHZDynYh68GwD1hFzMwa/TMtG5iWNp8a2FMmWgYH8DS4ZY9nz/wnhbCXzgP4AvxXFDXBWYYCt2NwRB6MXZbE77uGWAedb31Ty0uxN7XWpmXpS/lssnHzIqVFBmI2KM3RJ2mkun0JixWLLeWsb0JZcRBLkyjN4EmR79lAUf8iMJeiU/nLxzwAuqD3bDjomvlxeOArpZDgO8IqzStciIJfWIifrdi5EFN29M63nNlYxv+KywqDq1YsEdFRhjYr+WEf23cW/caTEifrcqyXg+5A==
+a.nic.dds.		172800	IN	A	37.209.192.10
+a.nic.dds.		172800	IN	AAAA	2001:dcd:1:0:0:0:0:10
+b.nic.dds.		172800	IN	A	37.209.194.10
+b.nic.dds.		172800	IN	AAAA	2001:dcd:2:0:0:0:0:10
+c.nic.dds.		172800	IN	A	37.209.196.10
+c.nic.dds.		172800	IN	AAAA	2001:dcd:3:0:0:0:0:10
+x.nic.dds.		172800	IN	A	156.154.172.82
+x.nic.dds.		172800	IN	AAAA	2610:a1:1074:0:0:0:1:82
+y.nic.dds.		172800	IN	A	156.154.173.82
+y.nic.dds.		172800	IN	AAAA	2610:a1:1075:0:0:0:1:82
+z.nic.dds.		172800	IN	A	156.154.174.82
+z.nic.dds.		172800	IN	AAAA	2610:a1:1076:0:0:0:1:82
+de.			172800	IN	NS	a.nic.de.
+de.			172800	IN	NS	f.nic.de.
+de.			172800	IN	NS	l.de.net.
+de.			172800	IN	NS	n.de.net.
+de.			172800	IN	NS	s.de.net.
+de.			172800	IN	NS	z.nic.de.
+de.			86400	IN	DS	26755 8 2 F341357809A5954311CCB82ADE114C6C1D724A75C0395137AA3978035425E78D
+de.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . cHmMELJxrmvmtn1XlvAk+JloM+85kYJ4aTAjo3HpBArT6jUcubmRcTgBUpi/uswCO1++TzsPuP6K0tbDYzphy59ZgOacXb1CEG3lFD5xAYyEaGuagdiE0xW+Hfk+CvMpK3095e522VrGXhNqxht6z+NxVxWMhoV8/5P0tyGLJF4aKnW6Mly+b1x2cLKd6L8Q1oPNSdqKzdu2WSCNDPqOlXrJnT9XTzDBND6DDrfHFGhyfqfD9fgKKyt/q2353a5fWGgdjMxgsh+W7B8tbxkRhv2iwJ9nLov9Xd4QGSi+4OcD4samFimHqfhYGAZ+APeXpt1TrBh653AO0mHt0MoG3A==
+de.			86400	IN	NSEC	deal. NS DS RRSIG NSEC
+de.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . gkeE1LmfDw/bGcngiAfKIDB31l1mYpDLwqyFwiV7P9fTq/64NtQBCqb+cD/rNjrn8HxwArLsRTe7G7b31Sap7b2Nqjy3X5O4P5pfGSNW14pONpQUvrQsL+jJRq5j+FygBhVTeQa9oGZfq341WmO4twhbucRgtGeKnbsGd6hHXgy0ziz4EJ86Qfif4mwOLJvIBkxZg6m1HiOL4ZIv5/DZ8sUo1+y9/fc/rzc0xGej0EnWY9eNAYJPzN3uNstkygOUIW4+7O4JxNT0ZX0P+/8gPBTJG6Mo6bPlAfRRJljIiIw3+EvfP0zRIVfHOJxhbircxu56VGJOe6ln8jZEjKSeVg==
+dns-ro.denic.de.	172800	IN	A	81.91.161.99
+pr-dns.denic.de.	172800	IN	A	194.0.11.111
+pr-dns.denic.de.	172800	IN	AAAA	2001:678:e:111:0:0:0:53
+a.nic.de.		172800	IN	A	194.0.0.53
+a.nic.de.		172800	IN	AAAA	2001:678:2:0:0:0:0:53
+f.nic.de.		172800	IN	A	81.91.164.5
+f.nic.de.		172800	IN	AAAA	2a02:568:0:2:0:0:0:53
+nsc.nic.de.		172800	IN	A	194.0.11.110
+nsc.nic.de.		172800	IN	AAAA	2001:678:e:110:0:0:0:53
+z.nic.de.		172800	IN	A	194.246.96.1
+z.nic.de.		172800	IN	AAAA	2a02:568:fe02:0:0:0:0:de
+deal.			172800	IN	NS	dns1.nic.deal.
+deal.			172800	IN	NS	dns2.nic.deal.
+deal.			172800	IN	NS	dns3.nic.deal.
+deal.			172800	IN	NS	dns4.nic.deal.
+deal.			172800	IN	NS	dnsa.nic.deal.
+deal.			172800	IN	NS	dnsb.nic.deal.
+deal.			172800	IN	NS	dnsc.nic.deal.
+deal.			172800	IN	NS	dnsd.nic.deal.
+deal.			86400	IN	DS	1547 8 2 D803CD689AF6D85A8D11D95F330D35E7587831DC01F61886D4C47F3E5398AF29
+deal.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . VzgjcTrzmPDQYGpFGnrhJGpYFER9d3++d1n33+1dIOHdifzHmYXZ4Y5TWknu+CBHUsc8W9oII8F9cDH32eok3qY1k2YTQI/fLoBWNuhzqZnwAWLjbG6qnouS/YKQyh5QIxp3WnQwVimIdFZOu5N3wJp8Cik397YBj3Gw7Haj5Q3XlnUojwHWgUV2G7HMiXhnGdLK0oZSdY2sKqaasLcMGsnN3xsKNie89VYiFEEHfydX/VILiVxj5fi1ZJDXgZN6+QFPxVYc9O9PpkxmazwGxFHxn60k9iCZmRq02Ab1bhmwnnih/mpY4ostFz+8DJc7rvotncl7VNDgGURl56D91A==
+deal.			86400	IN	NSEC	dealer. NS DS RRSIG NSEC
+deal.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . o/OqL5W9h5wn4jAasQiQf+49dFfwa6EusIi98QoXCQDqoUZer1Sjze9vku1EBSk3qQa8bwaDLiEtwJN67zXUsC5uOkJ2yX0bo9uZejyKNp6ou5gNOIIKQ3LgL3GE3zbTEXdKQ2hCg360aP8moBRgAUQ392ZRs4dcz5EIlBXnWlHct0RPimVLTk7GUryGNaCvhb3/3loIjGiju86SijjnXQQHgemrOof7i29a6UsvO2Q8zP4a7K6TNgcPX4jqhACE2OTMfrDdoxsu9/7XdPHBX056qDyoJ4dxVP/OuN36twQMhsFFGZs0J2tA6BbSzr+JscU9kNBl8bU/aJY7YEDLIQ==
+dns1.nic.deal.		172800	IN	A	213.248.218.65
+dns1.nic.deal.		172800	IN	AAAA	2a01:618:402:0:0:0:0:65
+dns2.nic.deal.		172800	IN	A	103.49.82.65
+dns2.nic.deal.		172800	IN	AAAA	2401:fd80:402:0:0:0:0:65
+dns3.nic.deal.		172800	IN	A	213.248.222.65
+dns3.nic.deal.		172800	IN	AAAA	2a01:618:406:0:0:0:0:65
+dns4.nic.deal.		172800	IN	A	43.230.50.65
+dns4.nic.deal.		172800	IN	AAAA	2401:fd80:406:0:0:0:0:65
+dnsa.nic.deal.		172800	IN	A	156.154.100.3
+dnsa.nic.deal.		172800	IN	AAAA	2001:502:ad09:0:0:0:0:3
+dnsb.nic.deal.		172800	IN	A	156.154.101.3
+dnsb.nic.deal.		172800	IN	AAAA	2001:502:2eda:0:0:0:0:3
+dnsc.nic.deal.		172800	IN	A	156.154.102.3
+dnsc.nic.deal.		172800	IN	AAAA	2610:a1:1009:0:0:0:0:3
+dnsd.nic.deal.		172800	IN	A	156.154.103.3
+dnsd.nic.deal.		172800	IN	AAAA	2610:a1:1010:0:0:0:0:3
+dealer.			172800	IN	NS	a.nic.dealer.
+dealer.			172800	IN	NS	b.nic.dealer.
+dealer.			172800	IN	NS	c.nic.dealer.
+dealer.			172800	IN	NS	d.nic.dealer.
+dealer.			86400	IN	DS	31586 8 1 2300A755B90E6E18845757994FFD35D160F8B1C3
+dealer.			86400	IN	DS	31586 8 2 8C442BFE32DAFF402FCC59D26A90F5ECAC593FB6BA8A6396BD21686E3BD0D24B
+dealer.			86400	IN	DS	43516 8 1 E4209E3F2BFDBF136D547329F367AE9BD03A3BEB
+dealer.			86400	IN	DS	43516 8 2 AFFEE7DB437839677F9B16547175BFA4F22A0CFC0FC2F374AF5884C523EFA54C
+dealer.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . fQhQ8JEDzVmaqYU5fWNWWAbQIAPGAS/T+kEOhVAC4TwpUI6J2Ea1/4jqiG9GLIAztAEqngWR0tXp2mYR1W1817n0k+SPCeZJebynTWLFvS/j2dA1SM9PCTIi3p5ZbwI8QzQXptkx6ZKTCMxfdDRgJMp8JJMaGLDW/EwxdTbpKEJ4YWmviaptWH7319BRdN30huoplumrhZ1AohEI0RnnDTAYahil1MIeFEUJ1FSNB82fI8W+/3zIGOXYyRLwyRM7Z1LIj/RrA7owuNHTrdp60wLqSguUAnF4w8SgmDXA4Bejf4ynk6tdebBhGe/JSkUFaKcVxLqSP1xg76+Iyzdk4A==
+dealer.			86400	IN	NSEC	deals. NS DS RRSIG NSEC
+dealer.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . U1gcVNvEt42264YDg9aPfR4oa9/nPey6uyatJFeL6Ax+GestX18qjJHGqrbpQNXZSRIk1kKJxzvcoRiO9qodcw4ZtirU3W0UJ+perFTwbCJlGiWEv7zrZUwYU7ojKH3esk+BdphvcHqnBDtk7sjF9NjP3L0c3wFbEv7ZLHon6WTdRUwRtBo+iORpK9ZJINJ+emqn4bkGvDABRts2vcG6bpfphuHZoNOhOWksL83cVpTL8MHC3Ny5pecd7y2bMK3nwyDUggdfkPyWI06NtnP8JHkNZg3pQjcYhssYw7LbSghOp1VqYCAD+xwDN/NNiVOBC0nbcGZ1rJaP3wMjj/J20w==
+a.nic.dealer.		172800	IN	A	194.169.218.138
+a.nic.dealer.		172800	IN	AAAA	2001:67c:13cc:0:0:0:1:138
+b.nic.dealer.		172800	IN	A	185.24.64.138
+b.nic.dealer.		172800	IN	AAAA	2a04:2b00:13cc:0:0:0:1:138
+c.nic.dealer.		172800	IN	A	212.18.248.138
+c.nic.dealer.		172800	IN	AAAA	2a04:2b00:13ee:0:0:0:0:138
+d.nic.dealer.		172800	IN	A	212.18.249.138
+d.nic.dealer.		172800	IN	AAAA	2a04:2b00:13ff:0:0:0:0:138
+deals.			172800	IN	NS	v0n0.nic.deals.
+deals.			172800	IN	NS	v0n1.nic.deals.
+deals.			172800	IN	NS	v0n2.nic.deals.
+deals.			172800	IN	NS	v0n3.nic.deals.
+deals.			172800	IN	NS	v2n0.nic.deals.
+deals.			172800	IN	NS	v2n1.nic.deals.
+deals.			86400	IN	DS	32710 8 2 79CCE4262F66137FA812ECEFE1BC11046A85CF728ACA6BB5F6DEFFFA61A506C1
+deals.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . m0It9GXXiDtIf2uctYwWq91V4umQnc/vkRxdxJ93JCHQxiI1NEgNqn+n3hXIAYtTNfl8YEEb8CN83W2OmtgkNSm6APuU7EXI5PU2wTHXKDMwYaBMEz2Zr1dhcuYxvBRlacFziupaswgo1mTyyQqQYy4x4Vmtf3tlXfSH32b3LRvmm5QMEnzaADO25Zml0WOhXd2p10fH7mT3fy4K1OWjP15U81M+8Ozzkw4F75IVc4xVEx/U9cUg0QNFsFasTpy9eIXazVzdGdHc7Fzk2g5ZaGNNMBjdUIvzbS85JjV2ljH8eaTMT22KsingZr7b4VjYxsm91FvRu/kZnonzcaEpsQ==
+deals.			86400	IN	NSEC	degree. NS DS RRSIG NSEC
+deals.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . CUqru7wDT4dLuXSTmF30ptSd70nNZXskmkrwuPKfNgFLs9fuDRCCwirodpbRzkAKv6oc3apV5j9bj3IvHxEa0+2K5oeexMaQ3mheFkjnDG8KIAtTZ91XEpDm11g0ec99UJ32UH6E2EKjjx3+iBDI395B5VekBQEiMGR1aE47eI1HWQYr3k3eMwF6U1XVe6Mlc+DNGC7eWioav75/1Cae1xCW+IpkWBsBN4emRsyfYsilg+kESNRnRczWcCi1gOpWEqGC77SD0sqMGJl773rbWQXNw8VRQuTTquXKal6Fd17F+7CFMiRsqpO2+1GHPxHJFp0215PYo2/PkEoWg3mhZg==
+v0n0.nic.deals.		172800	IN	A	65.22.20.15
+v0n0.nic.deals.		172800	IN	AAAA	2a01:8840:16:0:0:0:0:15
+v0n1.nic.deals.		172800	IN	A	65.22.21.15
+v0n1.nic.deals.		172800	IN	AAAA	2a01:8840:17:0:0:0:0:15
+v0n2.nic.deals.		172800	IN	A	65.22.22.15
+v0n2.nic.deals.		172800	IN	AAAA	2a01:8840:18:0:0:0:0:15
+v0n3.nic.deals.		172800	IN	A	161.232.10.15
+v0n3.nic.deals.		172800	IN	AAAA	2a01:8840:f4:0:0:0:0:15
+v2n0.nic.deals.		172800	IN	A	65.22.23.15
+v2n0.nic.deals.		172800	IN	AAAA	2a01:8840:19:0:0:0:0:15
+v2n1.nic.deals.		172800	IN	A	161.232.11.15
+v2n1.nic.deals.		172800	IN	AAAA	2a01:8840:f5:0:0:0:0:15
+degree.			172800	IN	NS	v0n0.nic.degree.
+degree.			172800	IN	NS	v0n1.nic.degree.
+degree.			172800	IN	NS	v0n2.nic.degree.
+degree.			172800	IN	NS	v0n3.nic.degree.
+degree.			172800	IN	NS	v2n0.nic.degree.
+degree.			172800	IN	NS	v2n1.nic.degree.
+degree.			86400	IN	DS	64015 8 2 A0EF2C85BF1D4F53A28654036BAA10E5E6C124F4FDB4E46B2F05DE8BBB07E6D7
+degree.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . sNQek6MFyA40p0zyg3gOd+M+Cb2L8w4LZsA6uKh8hI4BLV9Kcd6HaQI9Gvpe0EgzXZ0wyAJFLPTK3slHpI83TkPeAbF4CFmaugLS5wg6a9htfDqT58j1SE56BQoFTNHWXNc2dH+ONK51uku/YqDCkkRm5Gw79cYiEqGHI8c5CYvb+whgGKxxDpcI2TSBMNmvfmFq054OH7mYRswF+eEdsCrXRcvDbZwzUI75F8aUIMj0J59qwXFXsL2J6NousDfbHSr/gf+1kcfj6/tWRzCGdWKSGN5Pw6+H4pd5EnoUekbYSitGIxsvYX00nHV9HpyLf+F7NoJEjffH22MV2ovhzA==
+degree.			86400	IN	NSEC	delivery. NS DS RRSIG NSEC
+degree.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . o2igxhCLqRVcgzW3pNr18+wtIz0uFNE6GVjrzxFL64HJiEIDKao8/iFS9C2C2353Nq8W/zk91WAnSoWLSqZyDgYqIfHsLdeqYvcytRrRGOP07lapgqP7VPmDj+qQ/p4VjU4t+HM9JlU3PDIVZHlTXMMyOtj6fqenQZoCNoPSt4hJ275NcZw0XtcTflPFlus+w0sruc5qBJA9Oirqc4E5bfB4OZnueenX0oTrovbC2dddIAydvJlAhFkVF4PCLlh6PBCNbMPG9kG/5+o7I4xFnDMWkSxhSfXscb+sCuam4VStZ2AWG98/uIfQRg0m/sORe1PrtCRhdF9fJproeO9ysA==
+v0n0.nic.degree.	172800	IN	A	65.22.24.61
+v0n0.nic.degree.	172800	IN	AAAA	2a01:8840:1a:0:0:0:0:61
+v0n1.nic.degree.	172800	IN	A	65.22.25.61
+v0n1.nic.degree.	172800	IN	AAAA	2a01:8840:1b:0:0:0:0:61
+v0n2.nic.degree.	172800	IN	A	65.22.26.61
+v0n2.nic.degree.	172800	IN	AAAA	2a01:8840:1c:0:0:0:0:61
+v0n3.nic.degree.	172800	IN	A	161.232.12.61
+v0n3.nic.degree.	172800	IN	AAAA	2a01:8840:f6:0:0:0:0:61
+v2n0.nic.degree.	172800	IN	A	65.22.27.61
+v2n0.nic.degree.	172800	IN	AAAA	2a01:8840:1d:0:0:0:0:61
+v2n1.nic.degree.	172800	IN	A	161.232.13.61
+v2n1.nic.degree.	172800	IN	AAAA	2a01:8840:f7:0:0:0:0:61
+delivery.		172800	IN	NS	v0n0.nic.delivery.
+delivery.		172800	IN	NS	v0n1.nic.delivery.
+delivery.		172800	IN	NS	v0n2.nic.delivery.
+delivery.		172800	IN	NS	v0n3.nic.delivery.
+delivery.		172800	IN	NS	v2n0.nic.delivery.
+delivery.		172800	IN	NS	v2n1.nic.delivery.
+delivery.		86400	IN	DS	60874 8 2 B647A584112E0F531F2A28AA94B345079D603BBB409E11A55A16F459C60AF4DF
+delivery.		86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . HuhFKrdAj2AJMEGSHqGTsFITLJqlPIkMXq+YMEcaKyi6SzOmk6Uverbe38dAZE95ZFPZMsL31bfx8cQnLYnBOWlSRWM1jWiwD30DVCjNmBFg+JW85VKwM+fohdyafcte6Xl1/Y6frf7jheIEasshmMuwy94YEnTvgUcvtH4ZwIgEaTqHN5xwHYlH53+8C4Rg2m2mT5KX3WZrpYo2eW++SuZDyiFHG9XylJ58mZkFHw+ZCHna8gFcQFaQJU8FlDYdDM/uZPOhv4MuDjD+yVCFjGrZerYz2yNZ2wk9S9hisjJ50EIuMZ0+RvGSJRZOFrTPXjH74Lt/DyUzlY6eToTmBw==
+delivery.		86400	IN	NSEC	dell. NS DS RRSIG NSEC
+delivery.		86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . SB00XDX8Nh3TF4f2QOjANVtUkzLwH7IkmIGzZpfZPPRIFsJWtavqLFNCYVYkVQ+5FzLqU+nSqcAR1VlEe9R7dSe5wpOdevI8GJ/eLPZRVS+oOfAW0K7D8yeG15AkZfB8nsh2E8B3iY8Np6/CLnUua9DAdG8UOole3VIBg+Oy9Xo90c4WO8t4NXdKVTp4bJoLrxLkY/5CN+QhpXJddZlLQ6X0at8eh/RzjcDJ63Pa7gpXFLKhmbtnsi6rlkvu+3zPGTg5gvGEJ+D+WxDZoKc5SUyb5Oindxy1sMmdySoKUOtJ1+WLNEx7DMDzM2ZYi+/7XOqvbAueRgekqT17ezq0fA==
+v0n0.nic.delivery.	172800	IN	A	65.22.28.48
+v0n0.nic.delivery.	172800	IN	AAAA	2a01:8840:1e:0:0:0:0:48
+v0n1.nic.delivery.	172800	IN	A	65.22.29.48
+v0n1.nic.delivery.	172800	IN	AAAA	2a01:8840:1f:0:0:0:0:48
+v0n2.nic.delivery.	172800	IN	A	65.22.30.48
+v0n2.nic.delivery.	172800	IN	AAAA	2a01:8840:20:0:0:0:0:48
+v0n3.nic.delivery.	172800	IN	A	161.232.14.48
+v0n3.nic.delivery.	172800	IN	AAAA	2a01:8840:f8:0:0:0:0:48
+v2n0.nic.delivery.	172800	IN	A	65.22.31.48
+v2n0.nic.delivery.	172800	IN	AAAA	2a01:8840:21:0:0:0:0:48
+v2n1.nic.delivery.	172800	IN	A	161.232.15.48
+v2n1.nic.delivery.	172800	IN	AAAA	2a01:8840:f9:0:0:0:0:48
+dell.			172800	IN	NS	a.nic.dell.
+dell.			172800	IN	NS	b.nic.dell.
+dell.			172800	IN	NS	c.nic.dell.
+dell.			172800	IN	NS	ns1.dns.nic.dell.
+dell.			172800	IN	NS	ns2.dns.nic.dell.
+dell.			172800	IN	NS	ns3.dns.nic.dell.
+dell.			86400	IN	DS	3580 8 2 44C5F896B1F96A4B5F85385DDA8648E5F050D94CF53B244D243CAA0877A5A3C0
+dell.			86400	IN	DS	22471 8 2 3B9DEEF2F217EE45D415525DE6979D780F2AFA1A1C95B8F2F437BD636CFD2095
+dell.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . neRsgEkHhMp7TvIum8wXD6xKTQDSUEJ3bWNvGKbDHaTzppeESosb6OikQNtQwwGxM9Zhru6aMhPGoNU8ZwZ8UjD3mqrqqW1J1RdF1klyJV0GdGFI1+iJpasVmGRrQffJi1vSPzNXFeyTF7SIqPr1d6xyWdm6Quo7hAiEKwaKxP6K3NBOeH0E1fHUlZPy013sJIrsi+B3NRRtz1oQHj7NTembjGnQW4jX/Oe37jZD/QP335Z6iZ644UAsyM9Mng2Ykv399p92XEf8/m5OnfcyQnCskNYczK2PrztQFFbwpZOpW47IzUhi4oXlZcYMOAE6Y4JtZrRRRJ55qh2a7gBvdA==
+dell.			86400	IN	NSEC	deloitte. NS DS RRSIG NSEC
+dell.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . gjwwxOcjR7hEjWc+8apNCFM8C2ac3mF4w+ti+E9LWhMMynka2glRQypyDj7UMPamxlJq4X0bDo3TKLj1bxhGRqS7wiQuJMPFmMRrFBLwARlJKS0Q0/IuK5e2mKBoV8mRV0pgXj+JX+EmKLj0KUC13eiANDN+mtdg5Yfd06iunWgUh/V3z8o+zu/zEz8LOEeP5Dsf4t5ghUQfj53rch2L3acW7k8pm8lv1XsLmUyJa1W3eJOKu16u7pqlWFX76vjwdM9iYIKi7peamQarzWN/lmO+7Yd9MkAKLy4tavJILZaOOdzSK5UDilpcvS7EUzvduCiWkEsJLp8tqEwZtbl7mQ==
+a.nic.dell.		172800	IN	A	37.209.192.9
+a.nic.dell.		172800	IN	AAAA	2001:dcd:1:0:0:0:0:9
+b.nic.dell.		172800	IN	A	37.209.194.9
+b.nic.dell.		172800	IN	AAAA	2001:dcd:2:0:0:0:0:9
+c.nic.dell.		172800	IN	A	37.209.196.9
+c.nic.dell.		172800	IN	AAAA	2001:dcd:3:0:0:0:0:9
+ns1.dns.nic.dell.	172800	IN	A	156.154.144.47
+ns1.dns.nic.dell.	172800	IN	AAAA	2610:a1:1071:0:0:0:0:2f
+ns2.dns.nic.dell.	172800	IN	A	156.154.145.47
+ns2.dns.nic.dell.	172800	IN	AAAA	2610:a1:1072:0:0:0:0:2f
+ns3.dns.nic.dell.	172800	IN	A	156.154.159.47
+ns3.dns.nic.dell.	172800	IN	AAAA	2610:a1:1073:0:0:0:0:2f
+deloitte.		172800	IN	NS	a.nic.deloitte.
+deloitte.		172800	IN	NS	b.nic.deloitte.
+deloitte.		172800	IN	NS	c.nic.deloitte.
+deloitte.		172800	IN	NS	d.nic.deloitte.
+deloitte.		86400	IN	DS	29626 7 2 456B29B8B2F010F1159BD118E9A3E9FCB29E385E3BF206199379A65E5BAA7F7D
+deloitte.		86400	IN	DS	41922 13 2 FD71F550C4E968F52E85DFB13EB0DA6068B0FA4970ADE6CBF96300C872A90998
+deloitte.		86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . QyhwyZL6/A682fuFfN4GzQ6E4a4Jd4Dl3Okhvw92h6CXz9ImejcbyB1XpWtLjcfyPAPIbe7nH3XSqmIZ/jblXn7xk4ivLIONYzZtjB4/2p0uy5Zfoh5nNUGSjnO8DDTQiSZDsNADl/nTG1bKASIQ4g2c5FsbPSwCDIeM0GEapnYTEcSRpavOp7GQtTSh29dm6wIIHSUNXtuyDfScKdlElh4EFxLWtJ8C4U3TRe6yasx5OJrsprWUhaGsKgZCf1LMaha2iVa+3QBKwUUvGKAYDATS6I7ieaoMTJ8JF2o3i0kzaH6boX85fK5DXSfvVMKqJ6NhecPP0I5uKJvzr8RN6g==
+deloitte.		86400	IN	NSEC	delta. NS DS RRSIG NSEC
+deloitte.		86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . Dqj5jV+YujKzZaihO0Y6x9mWmTXnjzhoSfxDuC1iZ08P+SJAgdG+bvnzOCA9o4C9YsxGnPeSLIQN6BE0u0PDGhBrgLz6XQIWnh5ylZEvyczOtyDQVravZu1SDIm6M3dsdW20dAByeKiuKZdFMKn0MPU/ShaaAseyR+7jQB/nWh8LTZGKFg3mOF9UkVR3vGt/918uuILW1GT3accNHrOEYXFaLaGPo7TCdwTRfGze+MJGmG5Jb9hF5FtWAIm29zmyTrRu7oiormMPNZmRVUp2UoUpLp1GKURRcsQmLlqB8NtxiS6VZdnofvLN0IYqV4V1LakqE18N1su6y8MeBtPFWw==
+a.nic.deloitte.		172800	IN	A	194.169.218.80
+a.nic.deloitte.		172800	IN	AAAA	2001:67c:13cc:0:0:0:1:80
+b.nic.deloitte.		172800	IN	A	185.24.64.80
+b.nic.deloitte.		172800	IN	AAAA	2a04:2b00:13cc:0:0:0:1:80
+c.nic.deloitte.		172800	IN	A	212.18.248.80
+c.nic.deloitte.		172800	IN	AAAA	2a04:2b00:13ee:0:0:0:0:80
+d.nic.deloitte.		172800	IN	A	212.18.249.80
+d.nic.deloitte.		172800	IN	AAAA	2a04:2b00:13ff:0:0:0:0:80
+delta.			172800	IN	NS	a0.nic.delta.
+delta.			172800	IN	NS	a2.nic.delta.
+delta.			172800	IN	NS	b0.nic.delta.
+delta.			172800	IN	NS	c0.nic.delta.
+delta.			86400	IN	DS	64069 8 2 88613E5643F713D61B4E642F2638BD959492C3E0D116FBE27AF764DC6C0ED75B
+delta.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . NAzpvnnPuosE12PztSugjDjDih9mMYhOjlCQL+raZKkO/8ExQN5478KgfLlWXy2wkuAQ4oX+c9rkxscyKSaSFeNJuKSrGu67QfvNMPtq5Bt3hg5Yo2TekamKdXD/RrGz34nQBWoatwGDme7fKC5wGkml29B53NxT2aMCpyAXeTppDwDUosk4ZGKjanQJQmDiZxCz3QLoFZAVKpAAaA280WGoBmyB5F+TExr9lPtAwNnctzuDd8px14+tFNWhHuo8RVIQp1Ap1v2jrb6D9GeX89KdT/O3cnAStP3cOOk3HjUSLvhcduHcXWkoBkV6YQbgSnX/Mqt9Nmsyi04W1PuHiQ==
+delta.			86400	IN	NSEC	democrat. NS DS RRSIG NSEC
+delta.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . FCuuhMKB99OJnY6SnTxESZif5aWYIi9WGf9Yye4cPcJS0oP4Va14Z1RZLdJ3ASeTrqlmBdwkXm37TeFInkRH2ns46RUg0YNMwYcI03IB7NiF340Eu7klXLLJHpJ/BIlJ7LyF6OrFhsiF/xrh1c5Sd6LKKWiZ+b52dBk7eLaAoKQTzk6T1dPynjFtk1SJBSha3cAeo4ikmiHmB8N2++lXY7tyoNoHObNI9lXlSAFdvj1rCWLwNx+Oi33ct8JqMQB2QdFAK+rDwc18/pVZ++VaeOBz++Q4dFNShCu0EgTNSGtNTK/JgQFHtzVuaPGjSMbcgLuym5Q+1vAelPj/VGpHqQ==
+a0.nic.delta.		172800	IN	A	65.22.224.25
+a0.nic.delta.		172800	IN	AAAA	2a01:8840:da:0:0:0:0:25
+a2.nic.delta.		172800	IN	A	65.22.227.25
+a2.nic.delta.		172800	IN	AAAA	2a01:8840:dd:0:0:0:0:25
+b0.nic.delta.		172800	IN	A	65.22.225.25
+b0.nic.delta.		172800	IN	AAAA	2a01:8840:db:0:0:0:0:25
+c0.nic.delta.		172800	IN	A	65.22.226.25
+c0.nic.delta.		172800	IN	AAAA	2a01:8840:dc:0:0:0:0:25
+democrat.		172800	IN	NS	v0n0.nic.democrat.
+democrat.		172800	IN	NS	v0n1.nic.democrat.
+democrat.		172800	IN	NS	v0n2.nic.democrat.
+democrat.		172800	IN	NS	v0n3.nic.democrat.
+democrat.		172800	IN	NS	v2n0.nic.democrat.
+democrat.		172800	IN	NS	v2n1.nic.democrat.
+democrat.		86400	IN	DS	32314 8 2 225235F8FD2305949050D93CAA91EDBA96FEDB42FE018D125CCC0373776F0725
+democrat.		86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . Sc0m4Ud2W7Jq+g9DFcptkDkmHp7zYqi+2HzEeroMVHJzMf5di2pd+RAoT76C78pJ2iGyqwFIl4VCjPqYWecTBydl8FbjSX9WbzfP4Cps+lQ2jLjzFoG4KH0XxgzUHJ7exGPc7o7zjSPgNTNBT/vmJrKtaCUgySRAwJ2Fdmiq47gBPtcx6K040jovI0WKhKokvdIo4GX4Y1p2eJ+tidAgm/aO3KCwhBySYPok7P46G406koew05YFdjjb4rLwo0OZXddXD3kYRpU7NYbcv9yKrEjZa2LMBFkVQtahL/NTsblgrLRlpgyI0gJQcaUsY4odOR+8bXX7DGZ+98TKEa1fkw==
+democrat.		86400	IN	NSEC	dental. NS DS RRSIG NSEC
+democrat.		86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . otaGtP92Kr6mAkd3isoXzRivXGnyBIe7L7WQOhznaT7NcnWDVbmA/8SegLf5PgRQvcJVBKX6kE3Lu9jcruGHR8Tm+vWiLP+fGL4foKI7tCYQr/M0MJ5eu+VmZ/xfV38N/Kl8WKzpoPqjb8FD7gcxP42+BxVlVuqcAEOMcosxPsNpZH2w8nIFushj0CTAQmGTcTDSP1K0S4Y0wB/EgimXQ+NdVhpnTlXlOGCwdDR6ZdbGZE6zKwt85x94LLZsEkiHUUtUVLM015VBCdwfh1nJBlah8NU0pPWyKPfyA9Qmnq/qN5w59nm7EfM65eO121tpo4DfxSHNuVbTkO1uaI6yQQ==
+v0n0.nic.democrat.	172800	IN	A	65.22.32.32
+v0n0.nic.democrat.	172800	IN	AAAA	2a01:8840:22:0:0:0:0:32
+v0n1.nic.democrat.	172800	IN	A	65.22.33.32
+v0n1.nic.democrat.	172800	IN	AAAA	2a01:8840:23:0:0:0:0:32
+v0n2.nic.democrat.	172800	IN	A	65.22.34.32
+v0n2.nic.democrat.	172800	IN	AAAA	2a01:8840:24:0:0:0:0:32
+v0n3.nic.democrat.	172800	IN	A	161.232.16.32
+v0n3.nic.democrat.	172800	IN	AAAA	2a01:8840:fa:0:0:0:0:32
+v2n0.nic.democrat.	172800	IN	A	65.22.35.32
+v2n0.nic.democrat.	172800	IN	AAAA	2a01:8840:25:0:0:0:0:32
+v2n1.nic.democrat.	172800	IN	A	161.232.17.32
+v2n1.nic.democrat.	172800	IN	AAAA	2a01:8840:fb:0:0:0:0:32
+dental.			172800	IN	NS	v0n0.nic.dental.
+dental.			172800	IN	NS	v0n1.nic.dental.
+dental.			172800	IN	NS	v0n2.nic.dental.
+dental.			172800	IN	NS	v0n3.nic.dental.
+dental.			172800	IN	NS	v2n0.nic.dental.
+dental.			172800	IN	NS	v2n1.nic.dental.
+dental.			86400	IN	DS	29074 8 2 D20A39CB427D7BA59A4483AC8E4E774A5D197DFA36AD7A47696501619DFD6B5F
+dental.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . aQLn7rk9iB+X48ZH6BZX59AvuvYQ4x9ks8lBlqdtDijwp/024bou8mdiMNnkp1UIDz3mBRH0+sRukm51gBiYIe5sA8bHqPAYHWOUWsxsw1T095F0j3EshPJ/F4PDfDdjVC+8FRT/n7C0z+VLR/Y32EKPxa6T4dwVPXvwBtwRceB199P+0jvoqkNl7+Ot+hnWSq/8S6F83oOGkTAIzpD12XZW3morLFR5h5gPScMvNhUu5MayasvCEUz1uz7Q/jr8dMrBA6ZToUXWimHKJlqxyRLJ+KSMLZVEcpkLOKwXwKeFacBMwkk4RR/PJlkesmMDgtzLs4njPZRSk6K5FPYgtw==
+dental.			86400	IN	NSEC	dentist. NS DS RRSIG NSEC
+dental.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . eu5xotUFbocdMPPtgv4eNDbabXK1kB8aLpzi+uTATw4kneoNhHy+w31XSsIuEYWS8/8Nmjw+Z9JmZeL7lungZPQvAgz3oUKdhSim29uv8gN9GSs6XUJ5g3pa0JyNi0XJQDpFaE2lW6fPWiwQeYAQ/qa7e+JWtd8OZ5nICxwV+x1Kr7Pbb/f7lslRPYlzuSm0EbtJhfe8xr2L+69+gE2b06HwUcic4ln5QeaVQBxErFnZSCPQbEv9FOPUdhyQt/OLyUQU4pLvmyxTfdPCEFXitEUD31PThHYJilwPx2YhzyKyfnnX4/Dt3O6de98UCjzQJiKih/uoOZI++EO4BaFGOA==
+v0n0.nic.dental.	172800	IN	A	65.22.24.49
+v0n0.nic.dental.	172800	IN	AAAA	2a01:8840:1a:0:0:0:0:49
+v0n1.nic.dental.	172800	IN	A	65.22.25.49
+v0n1.nic.dental.	172800	IN	AAAA	2a01:8840:1b:0:0:0:0:49
+v0n2.nic.dental.	172800	IN	A	65.22.26.49
+v0n2.nic.dental.	172800	IN	AAAA	2a01:8840:1c:0:0:0:0:49
+v0n3.nic.dental.	172800	IN	A	161.232.12.49
+v0n3.nic.dental.	172800	IN	AAAA	2a01:8840:f6:0:0:0:0:49
+v2n0.nic.dental.	172800	IN	A	65.22.27.49
+v2n0.nic.dental.	172800	IN	AAAA	2a01:8840:1d:0:0:0:0:49
+v2n1.nic.dental.	172800	IN	A	161.232.13.49
+v2n1.nic.dental.	172800	IN	AAAA	2a01:8840:f7:0:0:0:0:49
+dentist.		172800	IN	NS	v0n0.nic.dentist.
+dentist.		172800	IN	NS	v0n1.nic.dentist.
+dentist.		172800	IN	NS	v0n2.nic.dentist.
+dentist.		172800	IN	NS	v0n3.nic.dentist.
+dentist.		172800	IN	NS	v2n0.nic.dentist.
+dentist.		172800	IN	NS	v2n1.nic.dentist.
+dentist.		86400	IN	DS	44359 8 2 7FA7576377DD2904A2DC223D4D21C8D75B394F65794AFB21CDA90BF56C78C8CE
+dentist.		86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . 0werNtD7cz5z0o30RqPHEhAHCDmaC/bTZUEdzEIu8ZDE1/nHE4bs4ArcmjI3JE2k6p7bFg6VlmqzEsVc73DHWMk4OWP5+3Cn8JxcGfSGIK9D3SVhxR0vD+pptLQtxhvNOgt7hWdlpIEhOupSqIj4E2wHf+XGIxZNy2GInxRx3Yf69BuO6kBexmPZmEEvv7PnF/k7jk67LRa5VmyWo1rF3rbSznEtgu3UqEgkH38csOIluS1RH4iTbDks8V9Ir1E+4cgjMRrs0a8FBTFMG+92V5kIR5bNICPhnpXKhsKsc87FMakc/5RkXCE9ZskGTZr/z56XXUjCA7V7mljIa1W8nA==
+dentist.		86400	IN	NSEC	desi. NS DS RRSIG NSEC
+dentist.		86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . qAgV6JIwPsv6Nr+Lywi4lbSQep5zvvcPIdwxZczki4Zbeljl0FEO8QCkFjDpVqMrgEyYcF5WZ+lAto5ftaGvL8QQzuznorkHyL95darO5PI6Ql71d+z2OoeaClQkVHW++WQqEBIh4kIqmdm9ZEJ2uQW6IXkTOtQVKixjvlhxUazwZdCt8v4oodl/CWzv41p5I7GNukJrXc3s+eIvACV0R2NIcFP8Qa4TlbTsJxD/sAs9pCWUqwVG2P/goef+uWNiRoBwBALf5UJQlF4iFyAhRMoI7UWtsf8Et4ZgKAFP+E+LgfdWRVjLF+MC1IvmxMa50HUiRV+SyBiIQ68h3g74Eg==
+v0n0.nic.dentist.	172800	IN	A	65.22.24.27
+v0n0.nic.dentist.	172800	IN	AAAA	2a01:8840:1a:0:0:0:0:27
+v0n1.nic.dentist.	172800	IN	A	65.22.25.27
+v0n1.nic.dentist.	172800	IN	AAAA	2a01:8840:1b:0:0:0:0:27
+v0n2.nic.dentist.	172800	IN	A	65.22.26.27
+v0n2.nic.dentist.	172800	IN	AAAA	2a01:8840:1c:0:0:0:0:27
+v0n3.nic.dentist.	172800	IN	A	161.232.12.27
+v0n3.nic.dentist.	172800	IN	AAAA	2a01:8840:f6:0:0:0:0:27
+v2n0.nic.dentist.	172800	IN	A	65.22.27.27
+v2n0.nic.dentist.	172800	IN	AAAA	2a01:8840:1d:0:0:0:0:27
+v2n1.nic.dentist.	172800	IN	A	161.232.13.27
+v2n1.nic.dentist.	172800	IN	AAAA	2a01:8840:f7:0:0:0:0:27
+desi.			172800	IN	NS	dns1.emdns.uk.
+desi.			172800	IN	NS	dns2.emdns.uk.
+desi.			172800	IN	NS	dns3.emdns.uk.
+desi.			172800	IN	NS	dns4.emdns.uk.
+desi.			172800	IN	NS	dnsa.emdns.uk.
+desi.			172800	IN	NS	dnsb.emdns.uk.
+desi.			172800	IN	NS	dnsc.emdns.uk.
+desi.			172800	IN	NS	dnsd.emdns.uk.
+desi.			86400	IN	DS	5621 8 2 2AE99319E83D075EAC0F4B572822E3685027038688B38CEB2C5445E09606F752
+desi.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . DOYlT92PR4MgAlwP191FFBKL1QFoHTEBspmk8b7eTYrjX7/IpC+l2MpvNt7aRDgvrVq8zyRs16mBXo0LySLSjhz836zdekzaS5Ky60aCyr7uxHvPd6SwAegIMVzUpvUFPYrRrnjctyfbacJdCr0BBrVAdAziOcWVzhOorP5ZJZPb0ITBRMOgEwXCc/oZRezyBAoqkZrs0Pa4GNfaGrAbLEOG5Y4DLICn7Jwk+Ko1nFW+8F0w3LPmfprdbTRMpMgTjJ0Hxax9AwXXGBuAj762qn60bKZ8Aw5dZkDhaVWNuUn1CEiMjGm9DKm+Z2GS/kFfkXUtUxHMGKCa+sPKWT4G7g==
+desi.			86400	IN	NSEC	design. NS DS RRSIG NSEC
+desi.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . eba8irmbD+tQD/1NbHnKOPIy6z52uDC6p7yr6wG1q04GNwGAfbFIzwzbkDrwq1GpSa0jXpLH4DEEUAXhds7MwG6ma/y4PIwm8mwHOlKGCFFEs7AfG25JCIpxWSzdz3ehBrEwq/SCQ2ZtMHz6MYcmJWtNxnfcQzUKnYtFEu+8a2sCQL1EUTv1NgKToUDtm6CYNXwxWxzXO7YAzR+ozkkn9on7lSJfoaflkvWeUqgyK/sNu7UJUjMA7Uyw4RrlQtM1j7c7VICk/21ffQweyj3RiUakblkOOk52UwShm28a6RUwV18n4/eBnn0L0gKqfctO8cqZeLH30zfzWAI4uWf8qg==
+design.			172800	IN	NS	a.nic.design.
+design.			172800	IN	NS	b.nic.design.
+design.			172800	IN	NS	c.nic.design.
+design.			172800	IN	NS	x.nic.design.
+design.			172800	IN	NS	y.nic.design.
+design.			172800	IN	NS	z.nic.design.
+design.			86400	IN	DS	27199 8 2 EAEC6E1B661B0264846FF8F70858CC63711F0627781386B9024360656679ECF5
+design.			86400	IN	DS	50422 8 2 400C06349DA05FF7C9B9D8C11857E8E9C3CE947EA05CC4C7C6DE878BF2A496EE
+design.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . ktA0IDEMtXDOPsBlpoVNskerHX3oanoEQULpx7ynTULU7GjVfal9RwPsnrt/jTQ1bnqVhOInZS3XD46AlA3ioWaA2Vee0wFUFUz6l55mqYTTsl/BV0jyx4c7MW9Xt6KIqmikOAuE1O+3oGH/22BTyRbGV7itIrBzYZmVkTRoEexv3eoD1OHAzAL6IEsP9x1rW5yyioDMSrSEa8wp3CO2oVXHKAQFK9UVgp0ommvBp/0MKuH/2+7xNiQb4LpG+yIWwc/prTX616PWbC71P7k5lTA1Gri7ZuXOa2aKU+89AMhMeI8sOdVIJJY1QxZxrOq3NCEoxP1ziUAQPnAOs78U2w==
+design.			86400	IN	NSEC	dev. NS DS RRSIG NSEC
+design.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . j9MJKUGWJ/zpMlvFa4el3szei0NVxIOrAHsZdz4QdoB9ZCdNBkwAWHmYHaHeZwk0X3A8RNHgMF5KbS9x7osrerU6g+jYzVREta16hMvKcpQYtjCO0gyDrYo5blMr/Oj3qql1o4JS6lPgt7NpcMgVuqXdpSZzab4hT0tsknDwNSNuJA38YQmQNwAb58PW8s5DkkbZMGDgYf0ZVyL59PitihRRX8azavugnA5i2nXMdVC0eRjYVWqxh6zK8frvQB4I18aogKRMx5nAsfwWYFHB0RAawXHHHvdEk+3qhRaaAEJH1iiVGUkJ4jPv7Swv1ACCAYdInuQgbxxdEthhEytVag==
+a.nic.design.		172800	IN	A	37.209.192.10
+a.nic.design.		172800	IN	AAAA	2001:dcd:1:0:0:0:0:10
+b.nic.design.		172800	IN	A	37.209.194.10
+b.nic.design.		172800	IN	AAAA	2001:dcd:2:0:0:0:0:10
+c.nic.design.		172800	IN	A	37.209.196.10
+c.nic.design.		172800	IN	AAAA	2001:dcd:3:0:0:0:0:10
+x.nic.design.		172800	IN	A	156.154.172.82
+x.nic.design.		172800	IN	AAAA	2610:a1:1074:0:0:0:1:82
+y.nic.design.		172800	IN	A	156.154.173.82
+y.nic.design.		172800	IN	AAAA	2610:a1:1075:0:0:0:1:82
+z.nic.design.		172800	IN	A	156.154.174.82
+z.nic.design.		172800	IN	AAAA	2610:a1:1076:0:0:0:1:82
+dev.			172800	IN	NS	ns-tld1.charlestonroadregistry.com.
+dev.			172800	IN	NS	ns-tld2.charlestonroadregistry.com.
+dev.			172800	IN	NS	ns-tld3.charlestonroadregistry.com.
+dev.			172800	IN	NS	ns-tld4.charlestonroadregistry.com.
+dev.			172800	IN	NS	ns-tld5.charlestonroadregistry.com.
+dev.			86400	IN	DS	60074 8 2 B942E2CE5AEBF62FCA59D05707E6DBB795211D540D8ADBA02E9E89E833424785
+dev.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . VbDW5XY2GvUOiORi549M+Ze2Bb3JHIFJRc64u70PZyjNhPoMY7r+QM12yxqPUL1yHp/2ERGpCcGQUTUJptuDZJMf+HDC/+3e8bl++yWWHCoK7kCgMwQ76rG3nhMxqO0fc4yW8irSZP+qN2HK7LSgMGja96x6km178pTwuROWvQIaQBY4sagYLavdT++YFUgaTRy/e0u6R77FqO95bByvZzc6837jX/k3xCvfh4ng+fPx5P2y/DMrsj3orWOxxMdWCIDk3XjRJgcbnIdKIZk4kyDRomMwZd8EBMhim1Ovs2vtUUMjeR+8FOXPyYxj/OJOtLQUlposb7CtBndR9z47eA==
+dev.			86400	IN	NSEC	dhl. NS DS RRSIG NSEC
+dev.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . efeU1Q5CtA26oVryWBaP58QwAiqKRDYirkD/kP1C7K2UPVkQRnBMy924t4pfsdvRlJmJ4tMk0YKv50MZ5IkBuxhpazPtmDeQDDvqUanMSAChpg9xp5EJSUmZ/oAk+2yReB1dK/mFu5EMOPs/usYxURAxLFitUW/yHNHe0PG1Z0S0fNnZmWvn7HQVacJTBQ629yPUB1zIPEhI7mm7ze+u72J6n3Q0u+lLmyJ4Dyjf/0bu3hLEp363eQlc8srImh+tZBANSMt3aWRplnPJtvPSzCIszr8vC+zebXxW7puaZriCQlilcqv5Yj/8HjI/vtZsVO3MI3S7WnmEa230qiWmjw==
+dhl.			172800	IN	NS	a.nic.dhl.
+dhl.			172800	IN	NS	b.nic.dhl.
+dhl.			172800	IN	NS	c.nic.dhl.
+dhl.			172800	IN	NS	d.nic.dhl.
+dhl.			86400	IN	DS	31860 7 1 89FE558D6EA8DCAF797B2235DC3C246108A2B74E
+dhl.			86400	IN	DS	31860 7 2 BCD5350BD4181A15DE2FE9FB448AAE594DA19BFBFCE42AFC9D63693DBD45A4B9
+dhl.			86400	IN	DS	33051 7 1 E2FBEE1CC8DA9CE0BD4D74A688491ED1315D0568
+dhl.			86400	IN	DS	33051 7 2 8F83E4018FB981E5F7D18DF96549EC57B31A143C6F8A6D010038108525425B7E
+dhl.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . goDsCiI0d1m+9cqPwYNn5LqvuIkOa/h0aaVk6XLlqRdr+YrAXtin40G1rIqyiPKemvGj6Xwa8qIGLEVz44w/4YA4T4Mtp6N0el1uJsbrBziCV89hsGyYkj9G2ysi4PAjP+kCzPE75Qo7RV+NSSeNMh7czTCYGbI4aaqPrgiCnnWhcOYH2QuHuKP/xjpRfFkUIBBJekH30TL7XfDPkEJ8VP8CsQBoo40NC7rXlQw39bDFlgbD0c+pfUmhKv/f5aJUw9rdaOjmrdvrb2GYQEObJH9TckvdV+MjpmnJnm4uy5asSt58GIEfF0nNKCT5G5LJB7JLSGbvgzI3GVx4tQvwAw==
+dhl.			86400	IN	NSEC	diamonds. NS DS RRSIG NSEC
+dhl.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . XuxEYqY10lqUY7feq+vWbxvuq+9JJ2YLens+K/PREbwwrxkSFgqaXdh7Rhbh2LsHBg6FH+TL9mRUFuoFu6a1yq+XTDvtDzioMQOemgxwffspm0o7C7o8FL6Nsi7os/72XG0mPWgSWRYlu4w3PiKvX67DfqdBRo/oCKNtHlXfByW7bmPUrGUUpUbll1mV2GHKkLD0FYn36Mi995h/e3jHrH/xmNBuq00hFD/YiMu8dqXETFd4+juctiPD4niP6SIshQWSyp5PXjKB5E/vgwG/IAzaaAEMwaOU0xldTLcA37OFo4oeFLzG0/qvrE20htqCtW3jtNS4nH8POiV0qIWiAQ==
+a.nic.dhl.		172800	IN	A	194.169.218.82
+a.nic.dhl.		172800	IN	AAAA	2001:67c:13cc:0:0:0:1:82
+b.nic.dhl.		172800	IN	A	185.24.64.82
+b.nic.dhl.		172800	IN	AAAA	2a04:2b00:13cc:0:0:0:1:82
+c.nic.dhl.		172800	IN	A	212.18.248.82
+c.nic.dhl.		172800	IN	AAAA	2a04:2b00:13ee:0:0:0:0:82
+d.nic.dhl.		172800	IN	A	212.18.249.82
+d.nic.dhl.		172800	IN	AAAA	2a04:2b00:13ff:0:0:0:0:82
+diamonds.		172800	IN	NS	v0n0.nic.diamonds.
+diamonds.		172800	IN	NS	v0n1.nic.diamonds.
+diamonds.		172800	IN	NS	v0n2.nic.diamonds.
+diamonds.		172800	IN	NS	v0n3.nic.diamonds.
+diamonds.		172800	IN	NS	v2n0.nic.diamonds.
+diamonds.		172800	IN	NS	v2n1.nic.diamonds.
+diamonds.		86400	IN	DS	112 8 2 E66F5D68588DF7BA7BCF572688355FC59A367276C3C309EBDB6FFE155D5A2FB2
+diamonds.		86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . NeGs4hq+CMFWJ5gVQnQQWrL9vAviTT3xJMy2UnZqU1PnyHpyPjsikQlymBGDttC81GGzIgYqG8KKPNNvaBnPSuw5P6xRU1nQkokaO7xllVJ7Epl9aAFevvh/mVhKsopxZXftIz3MaVAcblPI1qGSrKzcot8Nl6Dn7oOUykiSkM8xDoL1WeRo0fc+zytEP8l/VGUEJt8+Z+7WnDXJnOUsa5X0bMIbycrKejxir4lD6Yirh7I6/pnrF+nmXKRf+MTDju6bHoGImDF5NRdg3F0bGAblPDhs3+AvnwvOCXNmGch16BFa3wf63YspyX892baOGH9I0cXEO/a/OJ68j1FGVA==
+diamonds.		86400	IN	NSEC	diet. NS DS RRSIG NSEC
+diamonds.		86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . sNelVXS/4s9k7mAV3UY8YwwiLqqFAQX8W18gBvvZc9mKanKPv4z96aflugPXoGXeKUNVGGV2Sfz5pivb+gWd1fF6m3t+MSKCmSU3UC6Dxwh1f7KiDZyXzMa1JZWhDgxMThvCC5s7j0W6OhngKOqj2jFXx8G94VClz6LKffm+fT/A8lAzjOPFYiNhOGCzWCjFNBHKErUcFopTmTZnrCL2NOBLPbAchb2h6gkGrcGNxDaVT3nHbmGu3PQydM1scxRgTkoiGFMF9mSC9J/NP5/B7tjmOMXo39DIms4mENvggbbL8+gaWIKq81kKd5PiZG7CsR3E21yfvwwCOqSiwOudgg==
+v0n0.nic.diamonds.	172800	IN	A	65.22.24.60
+v0n0.nic.diamonds.	172800	IN	AAAA	2a01:8840:1a:0:0:0:0:60
+v0n1.nic.diamonds.	172800	IN	A	65.22.25.60
+v0n1.nic.diamonds.	172800	IN	AAAA	2a01:8840:1b:0:0:0:0:60
+v0n2.nic.diamonds.	172800	IN	A	65.22.26.60
+v0n2.nic.diamonds.	172800	IN	AAAA	2a01:8840:1c:0:0:0:0:60
+v0n3.nic.diamonds.	172800	IN	A	161.232.12.60
+v0n3.nic.diamonds.	172800	IN	AAAA	2a01:8840:f6:0:0:0:0:60
+v2n0.nic.diamonds.	172800	IN	A	65.22.27.60
+v2n0.nic.diamonds.	172800	IN	AAAA	2a01:8840:1d:0:0:0:0:60
+v2n1.nic.diamonds.	172800	IN	A	161.232.13.60
+v2n1.nic.diamonds.	172800	IN	AAAA	2a01:8840:f7:0:0:0:0:60
+diet.			172800	IN	NS	a.nic.diet.
+diet.			172800	IN	NS	b.nic.diet.
+diet.			172800	IN	NS	c.nic.diet.
+diet.			172800	IN	NS	d.nic.diet.
+diet.			86400	IN	DS	2464 5 1 58AB5506CD049DDD784C487957D5D87C44E238B0
+diet.			86400	IN	DS	2464 5 2 A2624874743790CB52066E9B50B06EBF915DC80355E2F9C10094295DE2ADDFB7
+diet.			86400	IN	DS	11962 5 1 5D42445C9C0AA2C65F6B9E23F90B3D5C30C4A256
+diet.			86400	IN	DS	11962 5 2 A3D113A8AF70BC8B9D35FC555A0EC7474482383FC4F73CA605F0EC498288FDC9
+diet.			86400	IN	DS	35167 5 1 91AADEAC68B9579FC6602CA5FCC770BCFB7536B5
+diet.			86400	IN	DS	35167 5 2 64ECE39F08B2542CFD13D6C484E25F29B2BB29FBA98E082DD5294F9011F73020
+diet.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . QIcWRSxTd7EM/JE6tyzsa+HfAsRkfiB+HqNbhZmTs5QrV1NNI43tDIsKI7UjDY7my8yZa1X8FW5KUuZNq0mjxKCMVF5k7jddLWv0i8CPvTkIBwgn44QmLeophykqHxVQmkxVYW0Ox2mUJ/C94wIPiCXHDNE/cihJ3o+kXWPvbe3r1rCGKgXyABfPCWtLUPIBVyX+oxTiKVgbiNZFlLwBLjUp2RgjXu2eKNO6bLx0i1HFketSE1QUW+cpSjvPcQquiUWYmDXV+tVKtuXro19fbWHWzLPug6pqbqyO8ETlpzVARvfpGB961hcB17SRTVSrP+Tz5ReWnFzJ4kMVla6hRg==
+diet.			86400	IN	NSEC	digital. NS DS RRSIG NSEC
+diet.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . Jycts6lL/ufO5OVSdW281PO/vSmV4bjs1tAJ1GlQWK7cT6vrxkzHACaDaOcu9RSNRsByGVCMc42vdd8tETgdR748Iulg7M+tBELGLRGEDPuTpEQ/1Q+H0VGkVqlZEW0TGh25BZ2nU3Xc/BW7O3nukPYwCO27kfF5xUH/05neV20k1hTa3DQJI/LV2PrpePv3VCUC5ykPZzYM6PmV4lyI2A8vp/du+XUt5rVbh0bxH4qHAZ5gw+iRHeuiEtzUpPrXOOhnkiGo3Ew2v9O9gBsJxxPI/uw6y8vD7XRb0TBnq8BVUplSjwWC0pvUSEyXWAOoEd5a/tMCGYb6J1tA6Z+CWg==
+a.nic.diet.		172800	IN	A	194.169.218.145
+a.nic.diet.		172800	IN	AAAA	2001:67c:13cc:0:0:0:1:145
+b.nic.diet.		172800	IN	A	185.24.64.145
+b.nic.diet.		172800	IN	AAAA	2a04:2b00:13cc:0:0:0:1:145
+c.nic.diet.		172800	IN	A	212.18.248.145
+c.nic.diet.		172800	IN	AAAA	2a04:2b00:13ee:0:0:0:0:145
+d.nic.diet.		172800	IN	A	212.18.249.145
+d.nic.diet.		172800	IN	AAAA	2a04:2b00:13ff:0:0:0:0:145
+digital.		172800	IN	NS	v0n0.nic.digital.
+digital.		172800	IN	NS	v0n1.nic.digital.
+digital.		172800	IN	NS	v0n2.nic.digital.
+digital.		172800	IN	NS	v0n3.nic.digital.
+digital.		172800	IN	NS	v2n0.nic.digital.
+digital.		172800	IN	NS	v2n1.nic.digital.
+digital.		86400	IN	DS	22126 8 2 70F9666735926ED661AC90BD6C0F9C2A7BFB6AD24F5E9A4892AD7D25D7E151F5
+digital.		86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . Z0MVGUnhdZQsRHKI/cRRgGX1rct9gyc6y4sVvMW9IhzYduDsob+qJqmlecUWPu8dFefRRCawc9BPI1dL0H3zklkNLJ/L5HqtuUG1hDYdMgU6n733mhniKzZALIqcBrb84HVNSa/Q3TRMYfjQMbo+aUddP7A4Ux/k3jA90sKRiAgsfQQYn8HSLaLciRbbPkPanmxFiJMq6KKwPjDeNlyVQj3YXt9umRny0sbSVQJ2QSXth4bP3g0nR+pcbFlqKMnmUpTzhNK5KWu47CDwkK514vChx9zB/vtTawPNx2DnoTRyDXoKM5s65wRjuYibxVuMHL5xXHGKlsCbqOElvvUftA==
+digital.		86400	IN	NSEC	direct. NS DS RRSIG NSEC
+digital.		86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . s8Tgtjn/fY1C/Az07qNOklnIanaL/PcMVDUcyAnkP9L1jNufDjjzW9k5n1SF1ScRi4kiKYx8+87ncBpdWQGugtWHJOiMaQEo2O9eOG8eHNi+UlktFYoxFIvMnE28l88x8uiM7XUu9dWWQlsJ/9N7CwHVqzAQO4w1J7rghVfFgBIpDrDBVuG2gU1pcCa9pwH2+DYdVkaEC9DowbQj4FbaNj8iilpeIvxBWPEiQHk7vOiQ6e0NCD6LA1ACa98uQLi4pIH+GPHC83KR2yZs/dLR/fx5j6FpSCyY61W6cY0aWg0ESNOBTkV3OjHXKpVk1ufxR1BJdZ3UKn7YlCFXo2ddDQ==
+v0n0.nic.digital.	172800	IN	A	65.22.20.36
+v0n0.nic.digital.	172800	IN	AAAA	2a01:8840:16:0:0:0:0:36
+v0n1.nic.digital.	172800	IN	A	65.22.21.36
+v0n1.nic.digital.	172800	IN	AAAA	2a01:8840:17:0:0:0:0:36
+v0n2.nic.digital.	172800	IN	A	65.22.22.36
+v0n2.nic.digital.	172800	IN	AAAA	2a01:8840:18:0:0:0:0:36
+v0n3.nic.digital.	172800	IN	A	161.232.10.36
+v0n3.nic.digital.	172800	IN	AAAA	2a01:8840:f4:0:0:0:0:36
+v2n0.nic.digital.	172800	IN	A	65.22.23.36
+v2n0.nic.digital.	172800	IN	AAAA	2a01:8840:19:0:0:0:0:36
+v2n1.nic.digital.	172800	IN	A	161.232.11.36
+v2n1.nic.digital.	172800	IN	AAAA	2a01:8840:f5:0:0:0:0:36
+direct.			172800	IN	NS	v0n0.nic.direct.
+direct.			172800	IN	NS	v0n1.nic.direct.
+direct.			172800	IN	NS	v0n2.nic.direct.
+direct.			172800	IN	NS	v0n3.nic.direct.
+direct.			172800	IN	NS	v2n0.nic.direct.
+direct.			172800	IN	NS	v2n1.nic.direct.
+direct.			86400	IN	DS	29044 8 2 DD72F7EEC3B8CE0E6A278A6D560ABACABCDFF4A4A9062EB8DBD96EDDC910B140
+direct.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . xxFwrpsPacF5+6SY83HUGXCwu5Joy0EEodLjANKsVNTj8VYKDv8lvafMy3VjjKONMwwJlRZfCFUV5sekm+j76EeC/mobFuXt0kS95tOO1CpcDiPvimZ9jTcP8V2IAtKbaak4Io96oV47tAbLPvdnNLHK/wYYihWU/AqPjfK5ys0CooEpN3hLQ60URonxHHKeWhtrhdVqOpE1u+0mTXgdCMRHrp+MPk8JOr7kjmrLgxzIH2HhPhotGHwcwAXgQFn9Tvo80SjLxuMLkCQDVJpRnqnX8xAFbiZYlVRZE0xja8BYl2gxd4ey6KjgtU3dx6L/ajjEYFx1LPsdNs7FT2XSyw==
+direct.			86400	IN	NSEC	directory. NS DS RRSIG NSEC
+direct.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . BV1HjAkQmT3bgBhudDcyibzN1xFS+bpOhCTfqM4ry8rwQu0lNkOMOjq0sRhfrH8l+EgYKlq2DloM79EU12h9wtwZxyz/oWse2WweZXN4Mkt0VahumhQWJ245UX2cYTA2l/8Jx2AMdvID6Vf9UvFX5yuRg+IfZUphRayFHdait2zvS89F36Dat620axW+KmTP67DhH7CgTcNIF3WSvatZuSS+B8+8G9hfL600beoiZvfLQfWUjqhGp4d2qVVMvVQn1cOMegJThEotHWdisF0nfrJjiR301Lns4z2TEej2L6TWmfGnkK3urTLnoitBlR+VWsTFpJVQBpj0U/27ozAFSg==
+v0n0.nic.direct.	172800	IN	A	65.22.24.46
+v0n0.nic.direct.	172800	IN	AAAA	2a01:8840:1a:0:0:0:0:46
+v0n1.nic.direct.	172800	IN	A	65.22.25.46
+v0n1.nic.direct.	172800	IN	AAAA	2a01:8840:1b:0:0:0:0:46
+v0n2.nic.direct.	172800	IN	A	65.22.26.46
+v0n2.nic.direct.	172800	IN	AAAA	2a01:8840:1c:0:0:0:0:46
+v0n3.nic.direct.	172800	IN	A	161.232.12.46
+v0n3.nic.direct.	172800	IN	AAAA	2a01:8840:f6:0:0:0:0:46
+v2n0.nic.direct.	172800	IN	A	65.22.27.46
+v2n0.nic.direct.	172800	IN	AAAA	2a01:8840:1d:0:0:0:0:46
+v2n1.nic.direct.	172800	IN	A	161.232.13.46
+v2n1.nic.direct.	172800	IN	AAAA	2a01:8840:f7:0:0:0:0:46
+directory.		172800	IN	NS	v0n0.nic.directory.
+directory.		172800	IN	NS	v0n1.nic.directory.
+directory.		172800	IN	NS	v0n2.nic.directory.
+directory.		172800	IN	NS	v0n3.nic.directory.
+directory.		172800	IN	NS	v2n0.nic.directory.
+directory.		172800	IN	NS	v2n1.nic.directory.
+directory.		86400	IN	DS	59725 8 2 0D647C2701E4D9988D38939E1E372C77DBC0F76D21C8D2BD6E40A21FBD4441A3
+directory.		86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . GVcmWvJznDxejSi91dG46sdf0Ze1qOe9U9r+w6ZXcvGr3oduG7RSJZSvoFXg5nvMTP7ycBhEw4P0pkf7NmvMVsQ9oB697eE/UYUN7+rM8FDoKl/Q5bXPgq9u1KjjdFII9KbCyRxvtE/lm/ZZ+CbtiNOvbCFe7iqnlzkL5AedU6m+OEToyc+Ihhw2WKH/2V33s5zhEUNbd1cyQA4iBBA0D73jooOCEzZFVvq+escneMxbyEF8pTYYHMj+bmHo2OEImswVIJLu0/d+VpAZavbpiP1a9ddL7p9LND9q4YdmGho236i3tc9WCzZXkCWHBx2Z/Zaqrcy5mkITnVj5y2NUvQ==
+directory.		86400	IN	NSEC	discount. NS DS RRSIG NSEC
+directory.		86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . sQPxQXR4Mr4ynxMSG3AEEXU58mVGP/wwSgSqdC2FzEFIgcyItNTxdXS1ptQ69jHl9N1V4bC6K+fPEvIqVINPmZqRC45Hu1WgTDawu15k9YjIeQyQ16gy9dAAULCoqjCxXQnraE9JNuJaeMf6d8CV8FhrZhRotE9B8rsnJMUGFiQTpx822M2wLDgtxeAP5ZlPdCjbnpEDeigqwvicCs18WIje66no6Lgc2+OTIaH2gzQ8LIR76ZKw4c6nrXxsWOK7uylzY22l8ifrZ9FNt2Rz83R1zUsJ28nigkUVxEs06+3s30INWm9+0GqKSRs9UtiBJGB0W/Entq4qvfDUF3kuxw==
+v0n0.nic.directory.	172800	IN	A	65.22.28.11
+v0n0.nic.directory.	172800	IN	AAAA	2a01:8840:1e:0:0:0:0:11
+v0n1.nic.directory.	172800	IN	A	65.22.29.11
+v0n1.nic.directory.	172800	IN	AAAA	2a01:8840:1f:0:0:0:0:11
+v0n2.nic.directory.	172800	IN	A	65.22.30.11
+v0n2.nic.directory.	172800	IN	AAAA	2a01:8840:20:0:0:0:0:11
+v0n3.nic.directory.	172800	IN	A	161.232.14.11
+v0n3.nic.directory.	172800	IN	AAAA	2a01:8840:f8:0:0:0:0:11
+v2n0.nic.directory.	172800	IN	A	65.22.31.11
+v2n0.nic.directory.	172800	IN	AAAA	2a01:8840:21:0:0:0:0:11
+v2n1.nic.directory.	172800	IN	A	161.232.15.11
+v2n1.nic.directory.	172800	IN	AAAA	2a01:8840:f9:0:0:0:0:11
+discount.		172800	IN	NS	v0n0.nic.discount.
+discount.		172800	IN	NS	v0n1.nic.discount.
+discount.		172800	IN	NS	v0n2.nic.discount.
+discount.		172800	IN	NS	v0n3.nic.discount.
+discount.		172800	IN	NS	v2n0.nic.discount.
+discount.		172800	IN	NS	v2n1.nic.discount.
+discount.		86400	IN	DS	51140 8 2 FA79B01E16956FA153E17DF749592AB311AC88F7CCA89102145A31BF327E7C0D
+discount.		86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . 08bn5C5WHjoJ1wl7WUrIzquQxmtFXbqxb4FM7Uypd+rOUmCOweaDzA1pDINI6m69OZQUYMqpSVf/2pO27WkNg70QtBXic2xKlj/xRAb8FC0b5pyUbxWdF9rFakLoiiz6cK7cA2K4/t31P1mdram3srB9JeDhhaI/6ho3F853ABciI1Wrnq0oLUQy+P+PU2tulJNZl273XKkg6MkKj801GZjleZJHHklrpTrtJ7+whkpFxkZe9BRKmXk1jHEKnvR4Ke8R7XsH9vjNMrEgs1pFr2ZPZsbK5n7Quw8FaX7v3Ar0/H0bx4Pi00WtculUCl9DxcS1AKoVm+aZ+JtrpXCacg==
+discount.		86400	IN	NSEC	discover. NS DS RRSIG NSEC
+discount.		86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . RtfXBX++2V51R5B7T1RBA3sg3lHTHBh+MOyTlqm0x5rMx0pg6Lx4RkJgNlYZDxSeMVtYnhyatyiX70EQM0a/20xyK6/c41XrSvioEq0cPruFRBFHvR9cqdAVA6u+BxXJlXPbl6veGMXkGQByIrOIfZBlVawJ2va2lCfQTtgaYv7cgt5Usl7fpj+DjAcQI+wa/Si7FKXsdKkQwBrrazIj5RzLqCM9jt5WuaMyl2ds6b/7dU5o6bG7JNjUsgPBdiJxnjXci90diPLus5IzdLPacS9zHWmTKABiibV8H3Mv2QtuaDxhvT/iCRFzGbQb6kgxGrpIgb677QZziF1QZiymZQ==
+v0n0.nic.discount.	172800	IN	A	65.22.28.57
+v0n0.nic.discount.	172800	IN	AAAA	2a01:8840:1e:0:0:0:0:57
+v0n1.nic.discount.	172800	IN	A	65.22.29.57
+v0n1.nic.discount.	172800	IN	AAAA	2a01:8840:1f:0:0:0:0:57
+v0n2.nic.discount.	172800	IN	A	65.22.30.57
+v0n2.nic.discount.	172800	IN	AAAA	2a01:8840:20:0:0:0:0:57
+v0n3.nic.discount.	172800	IN	A	161.232.14.57
+v0n3.nic.discount.	172800	IN	AAAA	2a01:8840:f8:0:0:0:0:57
+v2n0.nic.discount.	172800	IN	A	65.22.31.57
+v2n0.nic.discount.	172800	IN	AAAA	2a01:8840:21:0:0:0:0:57
+v2n1.nic.discount.	172800	IN	A	161.232.15.57
+v2n1.nic.discount.	172800	IN	AAAA	2a01:8840:f9:0:0:0:0:57
+discover.		172800	IN	NS	a.nic.discover.
+discover.		172800	IN	NS	b.nic.discover.
+discover.		172800	IN	NS	c.nic.discover.
+discover.		172800	IN	NS	ns1.dns.nic.discover.
+discover.		172800	IN	NS	ns2.dns.nic.discover.
+discover.		172800	IN	NS	ns3.dns.nic.discover.
+discover.		86400	IN	DS	4225 8 2 D90804DC84C5E0542F8DA2011BABD12624318D1992483525EC125125CD576553
+discover.		86400	IN	DS	39040 8 2 324144794F4FC2951D3EF2F1A6D2B335CDD0BD059CAA3AC2EBA809250C47A694
+discover.		86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . EpS/oO2t9LO965iwInsh9YNk2pyRqB1ktj+GB5mhWea9ZG7tnnQ0qCu6s0tQa7WY1js7AAbGKlShr4LJsDkpD5ESPjRe/QgKd+yRmos5J72a0Fn+vunZ7X/QwG3OebJMydKZ6cK8h8zVAqyGJvcksmnUBA52pvgc+tahMpCt/G3rr8mJwemcJ2QUeouYp15/I/BLkeJF/Zdl6vtiO4GAPg8DAoj0KNYRYkgGjbM5e/NWUiscvhpaSHtZz9AZUBOJMbeUJ15JbvvBOLczoLZprqc7vSe4xMoLiwIdjq8uHxJLkyfkIRWR8SshCqCXqLcwTxPy+eWfRFEQfC3MWZlqmg==
+discover.		86400	IN	NSEC	dish. NS DS RRSIG NSEC
+discover.		86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . Kc0qNDpow146sbwGiy4IiEnZe0nEagPs+3qEr+yiiqRs5E7v+Sf2bLAJ+nGXQI7Kr1YANS4KEj3EgFW9Xga3I4v0LNiiAVB6N11V1Os49MwwoqicrIPOVWswFw5//X3TaSGjMNlATfFhKUPbQGU8fDG84sQqYVC2psnntzun693xvgTmufDKnG4XN4YJKyRMWxeCWa0a2+kGyEPDwzLiYEx9gQSy+Np1N4efFJKsiWT0R27y2cpLzo1HLc/jWCM51cwKN4DRheJMElUje0VskaNNoZBNEDnG1luylHe7o67tyCXKKcowJ1f86P34IHjBpEPYdaEHbP0bMkXwZjLUzA==
+a.nic.discover.		172800	IN	A	37.209.192.9
+a.nic.discover.		172800	IN	AAAA	2001:dcd:1:0:0:0:0:9
+b.nic.discover.		172800	IN	A	37.209.194.9
+b.nic.discover.		172800	IN	AAAA	2001:dcd:2:0:0:0:0:9
+c.nic.discover.		172800	IN	A	37.209.196.9
+c.nic.discover.		172800	IN	AAAA	2001:dcd:3:0:0:0:0:9
+ns1.dns.nic.discover.	172800	IN	A	156.154.144.48
+ns1.dns.nic.discover.	172800	IN	AAAA	2610:a1:1071:0:0:0:0:30
+ns2.dns.nic.discover.	172800	IN	A	156.154.145.48
+ns2.dns.nic.discover.	172800	IN	AAAA	2610:a1:1072:0:0:0:0:30
+ns3.dns.nic.discover.	172800	IN	A	156.154.159.48
+ns3.dns.nic.discover.	172800	IN	AAAA	2610:a1:1073:0:0:0:0:30
+dish.			172800	IN	NS	a0.nic.dish.
+dish.			172800	IN	NS	a2.nic.dish.
+dish.			172800	IN	NS	b0.nic.dish.
+dish.			172800	IN	NS	c0.nic.dish.
+dish.			86400	IN	DS	24325 8 2 1D7C249775114E100DECB96C9E6CBA080BFFC5398498C6D3FE2EED6CBAA34663
+dish.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . efPhPeypcIMg00Y7axRsv90Gh1K3QVQDDP6N/uvtL/1BusnjOs1Co9xXkxWFBhTZRd+fIJDwjcr1gJPmKnrxKpqVC6EVjHaMrtNSbT2qqB1S36LJuhdsYFbzAiQuPmqyivWZKWUReSCgssiCFmZQYXFf6QlkVNKi1g2YcaJwU8icAicBT+At07fNfuL02NCJWziPGr0CZuBP/FHvd3QSaZZA6QdDUC7MsNAEcNKg0KKUf5ImHOTcav61lZ5IxefTVPx4VoHy+2pRQcXW8HgquaC9GMRJo0L2pHmDu2gN0OxYmjaEWIt5fQHhcpKGdZ4eCPB+Ozl5ComGaa10Sh8JLQ==
+dish.			86400	IN	NSEC	diy. NS DS RRSIG NSEC
+dish.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . 1WroBoPQAu2KqJt1PDniHZR2VgCjGq3MuMBJhFd2QXiZw6yKSNZugHui5Q69KH1jQA7kheYjK23YPxi76tm3PGatHEP4nL+v1fFJptvU6rFmmOtNcW0aO7um2O8TSXj2Q1SihKrpVuLqZ8emhnxI9LgvZLCQLkYWIFM0twSPAoHRW8+dYz9/udyhkfgsTbE8tGtZ16lQ1EOLWeoomFnDSE+54w+pbDFMo8wJD6jz64Ap6rXaTvXQFsYzKa0BMR5xQxV0SRGTu11VOs5KeowoN3l1d8w4uNLxOEl/ZH6QmyfkncnhhJd0/Toci8Dy9BVOPVNnsxvI7ATbuPi6114xJQ==
+a0.nic.dish.		172800	IN	A	65.22.88.33
+a0.nic.dish.		172800	IN	AAAA	2a01:8840:56:0:0:0:0:33
+a2.nic.dish.		172800	IN	A	65.22.91.33
+a2.nic.dish.		172800	IN	AAAA	2a01:8840:59:0:0:0:0:33
+b0.nic.dish.		172800	IN	A	65.22.89.33
+b0.nic.dish.		172800	IN	AAAA	2a01:8840:57:0:0:0:0:33
+c0.nic.dish.		172800	IN	A	65.22.90.33
+c0.nic.dish.		172800	IN	AAAA	2a01:8840:58:0:0:0:0:33
+diy.			172800	IN	NS	ns01.trs-dns.com.
+diy.			172800	IN	NS	ns01.trs-dns.net.
+diy.			172800	IN	NS	ns01.trs-dns.org.
+diy.			172800	IN	NS	ns01.trs-dns.info.
+diy.			86400	IN	DS	25674 8 2 06C661D544490AAF9C0EFA121F0FD66AE957CB1900309FDAE4A670AC4AF1D37D
+diy.			86400	IN	DS	41150 8 2 D206FA304919C1B109784EFE3704271919A8DA8AB5DFE8637C22E1AE7C8C46AB
+diy.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . stGuq3mSJDR+LsM2TCyGJDifr78DybReX/pKAsRWDpbtntXmAx1ru+DbFSeWK7bUkLUpj7IjFHGpTecIip+VIA86tV6x/sNyZMMrSM6qfIeAbm8oHC3OJzye++y60Ph7VecujL1uEXaPGiXGVEb9p0SAPXQ47KpRf/rkkLq5yPKqYZzulCFMAy8ipapZ6zYSSan1sD4ZV09eSEdM+5LCL/D7Rs4QRwZZukSeGszBfggADz3aT8PHqYwfeHRFSfNgO4q9sUg1VWl6IJlNRm6q+1h4/Mk6hrSU7NHnwhnlQNY3aLctm8kw0w+A2cCGHzDoKAs4p2gWqbtKhivDLiBeSQ==
+diy.			86400	IN	NSEC	dj. NS DS RRSIG NSEC
+diy.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . vSMpl1wt5LzRuMcpEGmC5xwnEzLAbJJe2j+nw9DLGXmz5FTGnKhP7j8tH+/w9yNgfK0gVvfjW85s+4Te+ogTvb72XyqQFALaoLhQZWohIXDuGSRS036kJJyPsipSAA/NsV8s0MJYz27Pbzoe17dv74QAqvOyLZBytCYd0dGesbCFxA0vG1r7tlR5D9ZxAMd0iRQTQdg6rjBoS5HEeEC4Xl3Ff35KhPKgAbJWZhwKhRBLrnCTBdklFXz0hFhq1NdQjm2TWkUATJAfej5Ib2z6kZYakNmZsBK2cnGSBTqHdnY2loK9ycttudiMBZHlPOiIOVxwTCuSkVvq17Ap47N6LA==
+dj.			172800	IN	NS	bow1.intnet.dj.
+dj.			172800	IN	NS	bow5.intnet.dj.
+dj.			172800	IN	NS	vps443605.ovh.net.
+dj.			86400	IN	NSEC	dk. NS RRSIG NSEC
+dj.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . ys4dl0teNbpE3GqN/Zy/hzeTOCyuq00y34QdkerM05BYJT8Fvyd0PYeb/pCxzoeqFtZuSs3NyV07JgQ8oz8WShrdcjtA31p0Yf+AbycjZgD80iME+dMx4MXUilMIf24gjR82yUzpULLVrGsh15W+fDvMtHHwEMTdydTC+T9t91mrJyJz77VTtMFv0XORHNwkjhlM6h20irjpwq2oov5ZUrieOe8S33XRiYN9oc1aMfOcv/tJ4WZhB+5x/0nWqK8xB9tgAw6ejni+i3YYVp7UPu0x7yHf3yM2bzAr9110efNV4vrnHuuv22YfiLJABIXgK4V02sOQFlqLehVK9TNW/w==
+bow1.intnet.dj.		172800	IN	A	197.241.17.130
+bow5.intnet.dj.		172800	IN	A	196.201.196.41
+dk.			172800	IN	NS	a.nic.dk.
+dk.			172800	IN	NS	b.nic.dk.
+dk.			172800	IN	NS	c.nic.dk.
+dk.			172800	IN	NS	d.nic.dk.
+dk.			172800	IN	NS	l.nic.dk.
+dk.			172800	IN	NS	s.nic.dk.
+dk.			86400	IN	DS	21369 13 2 E6D0011E98ACD5C1D332C0CFB29EFFA5242824F30B8EE43829ACE1D789051CC1
+dk.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . EvrFuUEPM/a6ONJkkLh/OwYBl+gY5+RVt6nuzaSkNTmsVJ3fvgqq98GMdUjw3uhygPE2z7lUkvUyzMEvGBC0Gvcbv2NhApfn2qCboJ73JUz9ou1OccWdRI1R2KH5SVMoj79zIGF+3VJmZ69CBbNc96uJAwUPDw2SAr2qfC+YT11K4vOIiMq7NVBgHqfLQqahEfBvr9BqsfL6HjCwdTbaBNCM+JZCZbKEPGpFXZYNt1Cairf8wTTWnfp8Lb3gXxcxhZWTmKo7n+FmBB6EmUgguLRU+dFiqIvwE9YnyZ4/IQ3r2SdYiGwNg1CDz87pW6i4tB77aETpnq+MsgAFTp2gSA==
+dk.			86400	IN	NSEC	dm. NS DS RRSIG NSEC
+dk.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . OfanxCclVgRFpaV5DMhQ93UKXEzpahWmMAHF4acwlQ9X5NES0r6FjZYLMC9Ve0/T52vHYqJ0AsBvVT0M1IQ/YKfizjxbitpgAHr79KZ+8MlXHyKSEOL7im29BnJxBO0ZS8u+iLmGvPOnMvs43DCif6YlJC/I36uIkhi7cY42WTzrP1bsByeapg1spj7FTjUzw7mSBBQZMbMXJEVrdQ3gV9Ws+quTzjOjLWJUxCGpGJDbUQ9kzi5YnuMML8nphDa9kPIAuv7PeKYWs7hGPUr/rTZeGrlSS5jKSpOxH3Df2w64RIo11q+1yQcpvrpY2bKFx8vmAKit+ZHvJ8PdvvXuFQ==
+a.nic.dk.		172800	IN	A	212.88.78.122
+a.nic.dk.		172800	IN	AAAA	2001:1580:0:180d:0:0:0:122
+b.nic.dk.		172800	IN	A	193.163.102.222
+b.nic.dk.		172800	IN	AAAA	2a01:630:0:80:0:0:0:53
+c.nic.dk.		172800	IN	A	194.0.46.53
+c.nic.dk.		172800	IN	AAAA	2001:678:74:0:0:0:0:53
+d.nic.dk.		172800	IN	A	185.159.198.45
+d.nic.dk.		172800	IN	AAAA	2620:10a:80ab:0:0:0:0:45
+l.nic.dk.		172800	IN	A	130.226.213.138
+l.nic.dk.		172800	IN	AAAA	2001:878:0:e000:82:e2:d5:8a
+s.nic.dk.		172800	IN	A	193.176.144.15
+s.nic.dk.		172800	IN	AAAA	2a00:d78:0:102:193:176:144:15
+dm.			172800	IN	NS	ns.blacknightsolutions.com.
+dm.			172800	IN	NS	ns1.uniregistry.net.
+dm.			172800	IN	NS	ns2.nic.dm.
+dm.			172800	IN	NS	ns2.uniregistry.info.
+dm.			172800	IN	NS	ns2.blacknightsolutions.com.
+dm.			172800	IN	NS	ns3.uniregistry.net.
+dm.			172800	IN	NS	ns4.uniregistry.info.
+dm.			172800	IN	NS	ns34.cdns.net.
+dm.			86400	IN	DS	55698 13 2 AD4401344BEF3BD1F86737A2E2D008D5F5D138E101F4396A0461FF93A313C50E
+dm.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . j3yLBhhiK7pmvoJOv+aEWmwMpm8NWbvAG56k/BQBXCMtwtsbMlgyv80an3dgvwFfZY/Ps5GdiVZKi0pQfs7iywcGZKYVbGAKXi65J/mE92boEdlRm96/dn8etWq6sR3SFH+M+O7T9cr1uEgBdrXF0xpEwu/FFM5CJ64rfIViXk//FS9txJhIu2Depqzfr4bzz3T1V05JS34+atBSHVoknX5lUtRPgIpKNon/J76pHfKxdmasUDkS6Q0S2gPwFzpcJAGD9C4hCchsu2tvEOsG+wQ97miFS3TzlpTEm7fhPEO0Yo50MBCAfZQHC6rFbMJALmAj7aVcZvDx/8sWj8AzFA==
+dm.			86400	IN	NSEC	dnp. NS DS RRSIG NSEC
+dm.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . UHkshZyVjUXMdVhIxXm2qSqPm2EkSnT3L3YbYW2K7gm1bBvWQXmIdZUseJdQE01/YfWmoHwKUZeYdK91MawBWIRCxY72f34WOFNSonr37N9bO+fis3TDBCVHX7NtEJVQBDGEn/NzXauEVY+ysw9Of8VumQ0fU5CMYaHoTiw0jakkwajn+qf7O9qKHNX+zmHMq8wJWdtZlnx3w2oPm2G4Q0OQw4c265U6uA2FRXtN1r4mAnR1MfpHforuKE2xol3J9bvGSYVlEbtu/cQ8brdJsuzqcEeKczFF4h9hnAeO98s+iNfZqHcVCmQZbSVWVzS6u+gEU+q9/PyBihxvdN6Fnw==
+ns2.nic.dm.		172800	IN	A	199.127.196.35
+dnp.			172800	IN	NS	a.gmoregistry.net.
+dnp.			172800	IN	NS	b.gmoregistry.net.
+dnp.			172800	IN	NS	k.gmoregistry.net.
+dnp.			172800	IN	NS	l.gmoregistry.net.
+dnp.			86400	IN	DS	45296 8 2 51C787A8914386558C84D6CC426E45E73445A0D91094D2A8FB8F4D0ECDB60293
+dnp.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . lO6gDpSG5lVJOnPzLmzbg3wvFWip7lVNEf5zjxgTfsewcyCFU5+/wgA90eDfYxqCwj4HRFmXbtNeM6YW81CGxHwYcczg7TJsp/b4zcLCFY0zizAsMnXG9+z0d/+Lq7KjuczSeUsEaoNaZghHZLkdIscsFwv1OS4W3y9zfSMUNxztwZ+bKaw2HzXntRFsdMe956DYRPhbZKCLlSNNVdMqAaqjot9KJDi1074BGR3ct58rirXyIGblagTxGeUxUfIoeegVEd4MWw/+MmHVWxxlFAF51MsQYXdxUy9ASiD8ePgps3JfqP+R/y+UzJjzo2SPTWptUc42s5sT1KI8g1sCKQ==
+dnp.			86400	IN	NSEC	do. NS DS RRSIG NSEC
+dnp.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . zrSZu5Z+UsoZyZt8rfoyKmtc1i5aX4QGyFnvEHYPqGW5xfjgqAGjDUIADTnEj6a06bealjr4fAL4vOjjAPHLX++7GJ8a66lquTgmd3Q66eAL+TMbpvgMY4JbaxyC0Q/x9x5YKgIfdMXzu+6jLRzdl/oGudOdej1dUjzGTqFsEAkfZOuV5tTBvxcWmhD2o8R1R9UjX3OPbB8sLy8/KOs3pBZ9CSzuYGSyzW+oyArXbQno3Ij9bSczqXkBXLqdhjYhamEAbYXLp0K3Dd82VQektyA5pjh1wGd0kBkODr7qGAnTghTMQ9ieKFONwL0GTuSdqL+Dx331QTYs4hI2y8tgCQ==
+do.			172800	IN	NS	a.lactld.org.
+do.			172800	IN	NS	ns.nic.do.
+do.			172800	IN	NS	ns1.nic.do.
+do.			172800	IN	NS	ns2.nic.do.
+do.			172800	IN	NS	ns4.nic.do.
+do.			172800	IN	NS	ns5.nic.do.
+do.			172800	IN	NS	phloem.uoregon.edu.
+do.			86400	IN	NSEC	docs. NS RRSIG NSEC
+do.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . U1LDmuDhGq0Qli4p/S2s7MuogWrZq5NEjibpVpfaMWat2FfLDtPhyqew5dP/WIRKQsZD2H3CXNtGdC5f+VRXqjamsnj5l9Zm0vpoiaC6+BTSEatYBqUjk/sB73Oo5Z2NRZMoLQ2uAzvateQKj7Mfv8MziBaq3VbFsRariOzaBwXZfgSbV8GLp/8ef749fid5R9aOrRRBBtlq+zkB14U0mn+89bVGmcM9EFwjyAziPJff5OF7VNtT9ggj7ynEWg85mdgJ4CMNEhDsQZC4pVs7mOzvG6c4uFd+cIHO1XaZPKMYgMeXQltH+dO1AOLsZTJB3CsXmWp0WN8l2QdgqkhEvA==
+ns.nic.do.		172800	IN	A	190.113.72.177
+ns.nic.do.		172800	IN	AAAA	2001:13e0:85d0:106:0:0:0:177
+ns1.nic.do.		172800	IN	A	190.113.72.178
+ns1.nic.do.		172800	IN	AAAA	2001:13e0:85d0:106:0:0:0:178
+ns2.nic.do.		172800	IN	A	190.113.65.12
+ns2.nic.do.		172800	IN	AAAA	2001:13e0:0:1:0:0:0:12
+ns4.nic.do.		172800	IN	A	204.61.216.124
+ns4.nic.do.		172800	IN	AAAA	2001:500:14:6124:ad:0:0:1
+ns5.nic.do.		172800	IN	A	190.113.65.13
+ns5.nic.do.		172800	IN	AAAA	2001:13e0:0:1:0:0:0:13
+docs.			172800	IN	NS	ns-tld1.charlestonroadregistry.com.
+docs.			172800	IN	NS	ns-tld2.charlestonroadregistry.com.
+docs.			172800	IN	NS	ns-tld3.charlestonroadregistry.com.
+docs.			172800	IN	NS	ns-tld4.charlestonroadregistry.com.
+docs.			172800	IN	NS	ns-tld5.charlestonroadregistry.com.
+docs.			86400	IN	DS	47287 8 2 7FADD5020F126BC3792E13F6190A956ABC040D7140FD0867AE9290F18CF5B960
+docs.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . rKgciZ/lz45Z1Yd9IBG4CjiYtq3phalnMU9F3oGdflnSS6X2zZPl7HSiBafXyf88BUhFOGN/L6OLTglqGVz4/7iSSxz2+M0KJMrU/V5tego2CAyqYvr6ewktlmzEoM1ZUZnJMH3RM/3xlzSbL4OuY+b6lvwc+hQfXlOOTchJXN9IdfBaR13pEbJ/8XmwG9s9s7FTacDi9GfXyaxSJ0pL6hTI/ElfwXpS8Dw0H8bNBrCdudXPdpiqJCnad6TXytm8BmuYkHTm/+Kpue8NYzsiYw+AVkbhqYCrOMgGd8eE9gHhhsp0go+eCZwBFNW306L+xW+jXD3XEJGE/dmJvUZfOQ==
+docs.			86400	IN	NSEC	doctor. NS DS RRSIG NSEC
+docs.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . aLLammTSzHUrobWcWV8DZIMWFu66lyAfqPl/sQIY1qIMnupALZJpo8MsAhZwasCT5DfntSN2AtzWUhir6ntu3ws5eryU/ZSDUHIcc4mPKb2ShBbz8LaHxNUuFIhIVPXFGVlxLUVZ6e1ER6S0a+yUBj/CEjG0YauAn03MmH1Ai++iobb53XdgmjAPXyBXlzttQHBggyzZ5f7NaDCTVTgf24OUe8V6cF1Qwn2vDXBnHQGZQ+bns37KvB8MZzLj6cnqnUCtUnqWg/fxSaN8PXqHl6o7Cdtv6IQn4ua/ZLcjCfMghEIzBpaRcRIlxfo+xpEitBzBF6csA0Iphlmo2VUvlg==
+doctor.			172800	IN	NS	v0n0.nic.doctor.
+doctor.			172800	IN	NS	v0n1.nic.doctor.
+doctor.			172800	IN	NS	v0n2.nic.doctor.
+doctor.			172800	IN	NS	v0n3.nic.doctor.
+doctor.			172800	IN	NS	v2n0.nic.doctor.
+doctor.			172800	IN	NS	v2n1.nic.doctor.
+doctor.			86400	IN	DS	24394 8 2 2A6B3BAD3ADAA076E2BD11BB0EF493EFFB17C7E32F041E30A8504C165F669652
+doctor.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . a5jkhpcToUpTapzUAMA522P6ZfK79AAOR8xK72jAaW818+ui8eUzvNi5cAvO0CXy/ecROomhzLavV2TzkRZk3CZ9SO5LjmMugrZ1CXJXz7g70XLPTBPYjKXQXbSm+yu0nRDlQC5RKvo9DaGEVgLHpWooryEdeHFahImj/nnUgRzkDV8XTgqPwg7q/OQlEJZzG17Rq5ipjDTpEZyLp/B9fpOka1+pETeogq6IiKaHcHPBJHmHNybDvPzXHoKtxCHBbTLGLRFpPSLoAuXYmykRWSSYpyi3cM42Z0om6+dkiwXDfd49YPZkOCcZCovwNU0NZstTYhGHx4todRfXLgYFrQ==
+doctor.			86400	IN	NSEC	dog. NS DS RRSIG NSEC
+doctor.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . RyLcEN76/wAqMnIY2cc9KtwpOBQKJEqXFvfwkHgkSOA0s4DnUy9JMew5zLDgilFujpwN9pBriJmThlWKl3w8R5y1cMIClFROS7pRfxDhUkCXPpGtMT9kXtxnpq9oEIV6bymjlfFUhKg1Cjsa40LkrVMmlY7SH34kOFsVDFPMvKBDD2CGPexSLP9Iw5VC7l9G8H4aHJueGSlSc3/PFAKOENZ3iNoKK5PvFZT707n2faybB95rn1fJv+/0B7dxm1/cd2S4AixZ1j1r5bAneBcdDHJ527+5fXpWKDNvRdr92qoLWTZLaLO2OzR+Zb1v5jD8JYQ1wh1OXhIRZP1VSgrV/g==
+v0n0.nic.doctor.	172800	IN	A	65.22.24.21
+v0n0.nic.doctor.	172800	IN	AAAA	2a01:8840:1a:0:0:0:0:21
+v0n1.nic.doctor.	172800	IN	A	65.22.25.21
+v0n1.nic.doctor.	172800	IN	AAAA	2a01:8840:1b:0:0:0:0:21
+v0n2.nic.doctor.	172800	IN	A	65.22.26.21
+v0n2.nic.doctor.	172800	IN	AAAA	2a01:8840:1c:0:0:0:0:21
+v0n3.nic.doctor.	172800	IN	A	161.232.12.21
+v0n3.nic.doctor.	172800	IN	AAAA	2a01:8840:f6:0:0:0:0:21
+v2n0.nic.doctor.	172800	IN	A	65.22.27.21
+v2n0.nic.doctor.	172800	IN	AAAA	2a01:8840:1d:0:0:0:0:21
+v2n1.nic.doctor.	172800	IN	A	161.232.13.21
+v2n1.nic.doctor.	172800	IN	AAAA	2a01:8840:f7:0:0:0:0:21
+dog.			172800	IN	NS	v0n0.nic.dog.
+dog.			172800	IN	NS	v0n1.nic.dog.
+dog.			172800	IN	NS	v0n2.nic.dog.
+dog.			172800	IN	NS	v0n3.nic.dog.
+dog.			172800	IN	NS	v2n0.nic.dog.
+dog.			172800	IN	NS	v2n1.nic.dog.
+dog.			86400	IN	DS	48736 8 2 4AEDF3D3B5D11C33C5A39BADBE1708D3AFC6276582BF1EE80E73A667EBB543C0
+dog.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . WF5xpVxVv9Dwdta0Zg79+SXQ9LcMJWMvDr1LTChXACB82h1gd2FSmuch37cRyrmlaWyIzatyZgVk3u8E1QisT/94jiaBAnDGmYhYHv98sdy1xfuhgyNUXP3qp4ZBuX/0ys1wAdP8ErgfdVGzxdAtsrH6iGxYIskgCkBU3siEX43EZH9z1tcbc0NvRVTBRvBlIrbT2rbvKdR7rfuzM+fiFKbJZqdNhFYkqkHuB+vw2o/81moXd1gAGWIin3FyD3V98ZmOwFI+4nAPGb/7O8ny/W79Zl1rUpG0mJEpX8/HUv18/D9/O4gQ2yUdlTnb24gAQJIA+vKMP6+cJGgY3KvFPA==
+dog.			86400	IN	NSEC	domains. NS DS RRSIG NSEC
+dog.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . wc/dCtfq9OGQQNuaOFMPC2ZaNaQQYzfAm3XbPn5jXuog3fbNBcFvpzyS0NkqlRWi+ZYu5RBgNds2QqOwQpvp3Yv4n96OIOhmpaX6aNzSHF9cpADavYIDLGr4p0+B31tfHTDc7OVN6zNywHVj0HmpqJAXrxB8/4rG7kRWfiguIx9V21O+Qh/i1Acampb0j0kNObt1Kka6dqMjzQ1JQCTP1LbZLeOcwP4ABZV/gmtxEGe5O6Gd1bDwWvxqR/Isb7+n4bUwPTzj0bbhMn3SApt3YWvHw+B8gNaKuGvkpiZzmzHU4w3H4ZD8yqP9cooIY61fnk/hh9EIvPsGUB+kRht0hw==
+v0n0.nic.dog.		172800	IN	A	65.22.32.45
+v0n0.nic.dog.		172800	IN	AAAA	2a01:8840:22:0:0:0:0:45
+v0n1.nic.dog.		172800	IN	A	65.22.33.45
+v0n1.nic.dog.		172800	IN	AAAA	2a01:8840:23:0:0:0:0:45
+v0n2.nic.dog.		172800	IN	A	65.22.34.45
+v0n2.nic.dog.		172800	IN	AAAA	2a01:8840:24:0:0:0:0:45
+v0n3.nic.dog.		172800	IN	A	161.232.16.45
+v0n3.nic.dog.		172800	IN	AAAA	2a01:8840:fa:0:0:0:0:45
+v2n0.nic.dog.		172800	IN	A	65.22.35.45
+v2n0.nic.dog.		172800	IN	AAAA	2a01:8840:25:0:0:0:0:45
+v2n1.nic.dog.		172800	IN	A	161.232.17.45
+v2n1.nic.dog.		172800	IN	AAAA	2a01:8840:fb:0:0:0:0:45
+domains.		172800	IN	NS	v0n0.nic.domains.
+domains.		172800	IN	NS	v0n1.nic.domains.
+domains.		172800	IN	NS	v0n2.nic.domains.
+domains.		172800	IN	NS	v0n3.nic.domains.
+domains.		172800	IN	NS	v2n0.nic.domains.
+domains.		172800	IN	NS	v2n1.nic.domains.
+domains.		86400	IN	DS	39406 8 2 74ACE87D5605021DF3E619563249119E01D0975F30455DF1BCFB3DF54329F17B
+domains.		86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . KQrpXzTtI1Ce69uo75Gjzg1VdE4GTurm5ywPcVpgA1a08KpbPx0XsC0KyB7ZV42v6dsWzrGo9RqNUmYAq8bropX/LHyBTFEJvP6G23Wm9APyuLjBnP0th0o9+/+On8bRaJcNK2amNcKtaeAvuQti5B5tlr0syMXl47NJ84RiJ+H4wR8xZueqFSQcv68TK9x3TXapPVn3iEvGEomWPZZSBe4AYsnxqhalH8EwqBF9rFlVW40CZTxhgnppubbYxyo91J/METljcHruBJMeQFqWUmruo2CjGOSAiiIsJQvPA0s5g4Qf3vuJVHHXGUQlwK4rMfFK6u0gCpaNNfmHd5rfVQ==
+domains.		86400	IN	NSEC	dot. NS DS RRSIG NSEC
+domains.		86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . hULm9L4QJ5HLpqp8Gdqf8sIMS109T8sabABWyAK/2zkyS9rrJp8qbMp0C7OjQvXOdWBlZ+KuJn3rqQgY9Kbrlf1V6iggW5oyeEMEDrPhcrWuQF1I2TmCiR/MBHPEtJaDlIxxvsq6ljqftjayEqSLf0RK5e1+APHS3TcF+HTbOUr2MBS4scrntSdzku+IxeT/ALxriFFqfYwO2dEMxM2C3x4dQvqfw1x3/qXLS2cGwAFJI0iZgeO1uJRYeyVBf2QfNY3ch3GUHc/svVOuuR0wGq7LRNSXHQW8yiK6EkrEr+P2fMuRzFk+BQiLXaUFpEFzbCGMJ7DHNAphuQUosOkEBg==
+d.dns.flexireg.domains.	172800	IN	A	89.111.135.1
+d.dns.flexireg.domains.	172800	IN	AAAA	2a01:d8:8:0:0:0:0:1
+v0n0.nic.domains.	172800	IN	A	65.22.32.51
+v0n0.nic.domains.	172800	IN	AAAA	2a01:8840:22:0:0:0:0:51
+v0n1.nic.domains.	172800	IN	A	65.22.33.51
+v0n1.nic.domains.	172800	IN	AAAA	2a01:8840:23:0:0:0:0:51
+v0n2.nic.domains.	172800	IN	A	65.22.34.51
+v0n2.nic.domains.	172800	IN	AAAA	2a01:8840:24:0:0:0:0:51
+v0n3.nic.domains.	172800	IN	A	161.232.16.51
+v0n3.nic.domains.	172800	IN	AAAA	2a01:8840:fa:0:0:0:0:51
+v2n0.nic.domains.	172800	IN	A	65.22.35.51
+v2n0.nic.domains.	172800	IN	AAAA	2a01:8840:25:0:0:0:0:51
+v2n1.nic.domains.	172800	IN	A	161.232.17.51
+v2n1.nic.domains.	172800	IN	AAAA	2a01:8840:fb:0:0:0:0:51
+dot.			172800	IN	NS	a0.nic.dot.
+dot.			172800	IN	NS	a2.nic.dot.
+dot.			172800	IN	NS	b0.nic.dot.
+dot.			172800	IN	NS	c0.nic.dot.
+dot.			86400	IN	DS	52639 8 2 E2BC058F7515C31DFDD8ADED00BA870071AB84E0F32DB3003C533C9A6D4F6F84
+dot.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . vqhWCFYguBEHEuGlAWTeIlJNdSY/8ayOYyBEbMRDYaPeoUKYULyUqQMDUbCXmsjMrK1RgeaMRQ2gYmxfKiX/0pH33zlqz4wcmwlwc7g+ZcVby3fa+PMUIkgzJ7BMRqNjIFnaUMhgxIksRHZujDC9KoQXPmguMTpHwY0S8bFfHo8m4y5WmctVkzea5cYVoD7AziGwrFJfMfv0dpMligT/+/L6FLUp9J9cC0g5c3oYMB7tzYZU+m1+Wq7CqvmRQJWwc7PNJmyKW45P66xlCmb+Nk3cOIhvU5wQK35oOTjVGbZBbN1SKyZEwQEMQhfuJVesCq+YYdCVREY1wD5eBB3T1w==
+dot.			86400	IN	NSEC	download. NS DS RRSIG NSEC
+dot.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . jw5Y0bEx1fP+vbYrzMWkGMfQay4Ksj8vfrDv9+JH15J2VB/OHyo8BdhmyvPb8bsfLWXoFyHk/3+XuES42WmzymZl17xW+sFAB9t4xNrBcymIUTbJgYzrYrs/DPjC84TcDCr+h9kzxLMmWybVAdV4v9TQcWL1e220GxP7xA9CbCX+bgenrVxPIxaS7bCwoNZmzncjp2bpRreWVGjoDnCEV06fKkWSMaVvY4t/the99/5WiqiqWIW93/6HqU8vZwD30EW2dAksQuWtKtY3rS8hyNlO93wARGNrRG4xLC5y8vtE6tmCfUrsVDaFsyIlEwjlwMopLoNckccVLDra0mbVjg==
+a0.nic.dot.		172800	IN	A	65.22.92.1
+a0.nic.dot.		172800	IN	AAAA	2a01:8840:5a:0:0:0:0:1
+a2.nic.dot.		172800	IN	A	65.22.95.1
+a2.nic.dot.		172800	IN	AAAA	2a01:8840:5d:0:0:0:0:1
+b0.nic.dot.		172800	IN	A	65.22.93.1
+b0.nic.dot.		172800	IN	AAAA	2a01:8840:5b:0:0:0:0:1
+c0.nic.dot.		172800	IN	A	65.22.94.1
+c0.nic.dot.		172800	IN	AAAA	2a01:8840:5c:0:0:0:0:1
+download.		172800	IN	NS	a.nic.download.
+download.		172800	IN	NS	b.nic.download.
+download.		172800	IN	NS	c.nic.download.
+download.		172800	IN	NS	ns1.dns.nic.download.
+download.		172800	IN	NS	ns2.dns.nic.download.
+download.		172800	IN	NS	ns3.dns.nic.download.
+download.		86400	IN	DS	39961 8 2 7C47E4D56AFF8C707935139F703C219E376EABDA0461F1B224949610B0203CE8
+download.		86400	IN	DS	62131 8 2 0D4CDA13AEAEB337AAB9C14691E912C1C363068E308792CA8109590A4E2FB502
+download.		86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . BD2dY1VzqyFCMK9jTr03EoAvnOAUDzVm1N/Zxi7ziUxn9h9EqR3rxmT9gAA9J95udt0mhI3cnyCogx4RBVmKQjSpANmATR6PORsWZ+xWEY3tYYeIx8kd7qS+KvtcxY8YXzdm/P6+h37hJ2oMY4lJO8VtGMDgawd2QMey3nG3ycLXYWPycGbtTN3UlBlnPE2HBdG3+EGVYf+IVfAGKB6IYBdPiwzqywJTOEtAVIottKrFrqCwOrb+J2KdXkFl13/+/8ug1oaX9Ox1rpkTcQPq6yFDjUyk6MwfMRYMvNDKpq//KJbCAqa0nf1adUJLbKFxiwBfXrWReRYgneAqRbe17g==
+download.		86400	IN	NSEC	drive. NS DS RRSIG NSEC
+download.		86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . SO1AbVy/JWysqK+EETQnopelhmVo3047k2m1hyy7UK4kIKaVdrlpTKOwnpUfv3sySK+P71FYXhMDfur+Hb5KpDK8LJ5oGTS4iuqjau7aF6DQ9dD48ODi4e8fHME9sozLazzlHrAx6ynMQ/55CAi2pJ8jed3LwPY36rcu9SLJPaZJ+BFZMEZlgfzVODxvhIyPo/gNQesGEdlPC8pyYNKuLRc3bm7K6iEXq+WR67UbpjqBy/ftrmA64iyuOaulZkcotLouSebNJkq5y7As49WDrRUT88LXYDlqGWrqr7IeSB/AH4a4kq+MJIrPdgZh+uz7DXSHAzRuxG2uzSTXJHW9zw==
+a.nic.download.		172800	IN	A	37.209.192.10
+a.nic.download.		172800	IN	AAAA	2001:dcd:1:0:0:0:0:10
+b.nic.download.		172800	IN	A	37.209.194.10
+b.nic.download.		172800	IN	AAAA	2001:dcd:2:0:0:0:0:10
+c.nic.download.		172800	IN	A	37.209.196.10
+c.nic.download.		172800	IN	AAAA	2001:dcd:3:0:0:0:0:10
+ns1.dns.nic.download.	172800	IN	A	156.154.144.50
+ns1.dns.nic.download.	172800	IN	AAAA	2610:a1:1071:0:0:0:0:32
+ns2.dns.nic.download.	172800	IN	A	156.154.145.50
+ns2.dns.nic.download.	172800	IN	AAAA	2610:a1:1072:0:0:0:0:32
+ns3.dns.nic.download.	172800	IN	A	156.154.159.50
+ns3.dns.nic.download.	172800	IN	AAAA	2610:a1:1073:0:0:0:0:32
+drive.			172800	IN	NS	ns-tld1.charlestonroadregistry.com.
+drive.			172800	IN	NS	ns-tld2.charlestonroadregistry.com.
+drive.			172800	IN	NS	ns-tld3.charlestonroadregistry.com.
+drive.			172800	IN	NS	ns-tld4.charlestonroadregistry.com.
+drive.			172800	IN	NS	ns-tld5.charlestonroadregistry.com.
+drive.			86400	IN	DS	32974 8 2 BE68DE85AD9A87657CEB1F620FA37FEBFC725180E40117914886CCBB6947D619
+drive.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . Uw4UUJxGdOdAMKFuUaJV3xCawpBuhLmbKXnIy1gEjQLywKj2ZEAhG0LbmNYpxrG8/wPDe8cj+31OYfj0XDol3X9afIshs5RmTAJaN52IGgfaCNci6aAr8Is/XfKWUoKhY1DoRsy8WOPuk18PGwaPdjdhbwU0DHJnGjS+g9CWGjg49re0qQnDJJBlQ4z+S++/4LUwshlSPiCTSGlDZTHnr+7xufeouHAlmvklrEFDIH0R8n0wmmTvK/1MDj8STUTcghMoFG8aZgQCF1swGbng8QgwmgSVvsNtd0WDqO7c+QbqN02QgFJjqJdwpRt+zTLBLO/o7sY0Wwv1p83sY1j+9g==
+drive.			86400	IN	NSEC	dtv. NS DS RRSIG NSEC
+drive.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . L6RunoxuLn5MutJjnBVJLDJe6TUijkTLDYCacVt5VEejdDMO+tEpuEPPPTQqiXzkFH8map5XHkYTtohQvVVs0h1WwVh+vXWenfmJhY8gNij1AnlIPGvADzCxB6UP1KkVBGSHys4KFOHhVuFSdX1gOf/V9pTJrgVPnyNMZwmfRBUduElNI7zYoruPQzMpbiPlTTJjXU9bZq3fvQoqxW0Y7wIIzLUpbMA1Tw5VsfSXo7NTZ44loNTEq82t3eh9kv0Yud6CELpuFFDVCCw5BrX28hPL4dfT4kO8FNAv/lYQJUnXd1XxXBkQKuqrgIsPEYobuly+OFX3NRvXFCBsAA1vuA==
+dtv.			172800	IN	NS	a0.nic.dtv.
+dtv.			172800	IN	NS	a2.nic.dtv.
+dtv.			172800	IN	NS	b0.nic.dtv.
+dtv.			172800	IN	NS	c0.nic.dtv.
+dtv.			86400	IN	DS	51301 8 2 EB39CB7D7771F169881C4B9ECE63E510C949949741D56988D8BB9CCE24EB3479
+dtv.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . HVg7X7F0tVYAiZWTmlP0dxLf2nTrMqNKqqucfCMKZzUxPi8YKy8P4TsmJzxBhodggBzDL2EXRCznJsunT/tHa1QSIaDwJw86ql2kEqKV0DMczZsli87RP/KQm6S02sTplwX1QLwZZx2Hu4mZAlFqHPTGzgF6mSYB39n6lSWRFbJiCtMSHaHxi2ID+VAM/Q37coy+qByv4O6dMd6+bPhEVuQ09ur4TZXzWq6vNXkdyvrYp2cNMkyhajjVCjZjS5y0MAbDNomZ9Vz1eyV2YNfcMc89nt6gssUiH1lDmZb5SQJhuCPY3bC5ScO6buKI/K9fx9/A0ynJ7Z4PhpuJmb2wNQ==
+dtv.			86400	IN	NSEC	dubai. NS DS RRSIG NSEC
+dtv.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . cb2+5DNOaLpUsnfxLLP48CiwgDpquUuQTh1h3A94MBLXYdhe5XIqnFI2cHKuKSRctM4XKwAdrTdbkeRFT/i6w2QWgNWNHVdb5Mkrt5w+0dXLhegwffUCetg3tVw5/tJ76k4aDhXRIWhXtNRhQslEA9jxQ+4JahYVhCv8d2xNb7VKMceQZliBzkkKrC+cWpBHKfhMMTiti2PXKb0EsYmeLyvs5CJueAVBwtp3AD/zkS+id64SYmH5lKswcGKtryYKif6bzVdi0gR/DikRXFCBJLrab44AeL+Lt7r4oKw9npaUPof5ZdPwxDs58YDYt5bU9M30Rq7xGfw5cQoOd5pyzg==
+a0.nic.dtv.		172800	IN	A	65.22.228.1
+a0.nic.dtv.		172800	IN	AAAA	2a01:8840:de:0:0:0:0:1
+a2.nic.dtv.		172800	IN	A	65.22.231.1
+a2.nic.dtv.		172800	IN	AAAA	2a01:8840:e1:0:0:0:0:1
+b0.nic.dtv.		172800	IN	A	65.22.229.1
+b0.nic.dtv.		172800	IN	AAAA	2a01:8840:df:0:0:0:0:1
+c0.nic.dtv.		172800	IN	A	65.22.230.1
+c0.nic.dtv.		172800	IN	AAAA	2a01:8840:e0:0:0:0:0:1
+dubai.			172800	IN	NS	gtld.beta.aridns.net.au.
+dubai.			172800	IN	NS	gtld.alpha.aridns.net.au.
+dubai.			172800	IN	NS	gtld.delta.aridns.net.au.
+dubai.			172800	IN	NS	gtld.gamma.aridns.net.au.
+dubai.			86400	IN	DS	32134 8 1 096078E36E111A0773BF2546212B8BAD920528EF
+dubai.			86400	IN	DS	32134 8 2 3B001EA7FB42657CE51E6D30DBF91A71B10EC5264C2A01B14082C5E3BD9A6F9D
+dubai.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . chNAFvd4yRq6oOQ7+BIj+D7NH+70c7x+ORPWYWwHKisAm77gYN+bLS/Aa77PR5mnF9xGnwJo9evwzuY+fElaQ2+y7SsPRQkQBW87Oycn/WSSVuzk/cpPUkA+nGgm6zX314IXC+oP8EB205KPTO5x1gStOP8ollFevHO3cbviQ8nkhBvbyoaILVFiqwPg+wCQHYLn2OG2zV8iuBY8laZiWe/oEq1L3haMu9qoHj5D5vukzCGUyFsjByDT8155ZeHLLALb8fclcci5M++T/O/EHBmaenrOJs9002YMVPtuPMxOMzyN7G2eAiVLE3aFmNdd+pc9qe39CCInkXwkAoMVwg==
+dubai.			86400	IN	NSEC	dunlop. NS DS RRSIG NSEC
+dubai.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . nqYH7sACYqBoMcz7QmIcR8PARia0Jp+IwxHEGDtIMKZuF2cS7hOmPMc+trk/h/kDeCgl4UEjsKzLvhrmjsT5U41+3BIXYm6WasEFyP7bV8yWVHSmck4rwv+7snaB3PH4tMulgNptOx962+ksZgbktJ+BsUbhMFsBixaaAj0Plrmuo0JZ8mqnfzc717LQ/1kfLXyN5FJVAgmvarHuZ/D2IxdYOEVAWk24KRIRTCyN/iWtz+dqZ0hqIvlxQ581agcE2H1rH3A6gRdNCd9D7sHhRUCUYKr/h87g/P6kFRZu9NSP8maTGsmZrE3SilX8KD25UU86Kfq8nXIATwGA6KpUIg==
+dunlop.			172800	IN	NS	a0.nic.dunlop.
+dunlop.			172800	IN	NS	a2.nic.dunlop.
+dunlop.			172800	IN	NS	b0.nic.dunlop.
+dunlop.			172800	IN	NS	c0.nic.dunlop.
+dunlop.			86400	IN	DS	22897 8 2 03CD996F132FFD32BC1BB4F08122D4A4F6570BB9C2AB647BE9B1AF174E79AFAA
+dunlop.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . dIkKskqDlyftC1rWtMGL5BTHSpCSZqk55z6mNQQf3Bf4h5oXe49/tMk+exUS6uDEf07rt1RGo2V+l9tGZP0Nm20IObHf+hSalhwQHxpqEwG8Q7PKvRSzJeJR+mG/VnM6TT74PsUjtNsP25Daya//MNNzRcLwlLqBrlx/gvGz4GRkTV18jjtM8M5uW3bGIwKw50KEqJLyDIkU/remaJLh+zxkgD8/9WKEnF+bJfZsQX95b4C1X07PCoNjld/8JjDKcQtXV8vMXhjebAKJHbHzpYYuSbDs0OGuR5k+oNKQTaX27v8Zs+5oUUuA11jmLQwxReO39AFX9Aqo+feMYZwcbw==
+dunlop.			86400	IN	NSEC	dupont. NS DS RRSIG NSEC
+dunlop.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . rORY/s0EqdBrFf5DCS1rApmGRqrByk5sqyzQDsUJ2063VIPbuYU5hCQbu5Famwv6ZfTwdmPyZf0Tg+34How2FOQvKbzzur2lwzcytkmQmyAtuplUQuvbOdz/c/FPMLXnUagdnQp1vQhMMjVrFfwaSXq3TndXe6QdXv9jK+yNcxkOKhfqJ01DqHjcoinohQPdeVfrrzMB+lIY/52MPfpHISsDQH2BxidENWgdnGfBSKo6x5Tg0Wc7xOeZ0kRcs5dTyyRK5y2QfZqdR9MEb51OTHC1EeNhyYPWoTyudMQ5E5OzE902YV+h/YGzNlCj2RgUtWQ5xLfhUw3/c4jFM66/WQ==
+a0.nic.dunlop.		172800	IN	A	65.22.120.33
+a0.nic.dunlop.		172800	IN	AAAA	2a01:8840:76:0:0:0:0:33
+a2.nic.dunlop.		172800	IN	A	65.22.123.33
+a2.nic.dunlop.		172800	IN	AAAA	2a01:8840:79:0:0:0:0:33
+b0.nic.dunlop.		172800	IN	A	65.22.121.33
+b0.nic.dunlop.		172800	IN	AAAA	2a01:8840:77:0:0:0:0:33
+c0.nic.dunlop.		172800	IN	A	65.22.122.33
+c0.nic.dunlop.		172800	IN	AAAA	2a01:8840:78:0:0:0:0:33
+dupont.			172800	IN	NS	a.nic.dupont.
+dupont.			172800	IN	NS	b.nic.dupont.
+dupont.			172800	IN	NS	c.nic.dupont.
+dupont.			172800	IN	NS	ns4.dns.nic.dupont.
+dupont.			172800	IN	NS	ns5.dns.nic.dupont.
+dupont.			172800	IN	NS	ns6.dns.nic.dupont.
+dupont.			86400	IN	DS	13507 8 2 2A1BBC71245A57110165649E9C31BB6CF87DBFCFC3CC3F45EC4C7845F5DEDBBA
+dupont.			86400	IN	DS	44914 8 2 F94EF24DE9794ACAF4920BFE73388A466179C339BD33DDEA11B1DECD2A45611B
+dupont.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . l2FpeQsem1RDx9fNyApA4VG5LH20HTULqIHBCeBiP94/ppEb13l43NrddtcchIAT4w3ley0AXwbmnrgfJkivRGGXfKGWMXF7hdqjkSen6HhvZ7voKk0WjcQGRP0SWMTknPh7e7JmGWQAQGAXvK4gl3Lt+5xk0zY+gQW2eoO+F0J3RpstNLN3bCoeuXRphbkB7L20vC96bmh1yB9qPCbcDRKddJpZERqNgemeqrDJG/E8vfAsD0Ml7Bpj6PVuusBlD4nKXgRYDrevL9FK+ix28RlRT9gr1d63IJZsye328iTW2Q7LfzGrk3MHFqD3O7+imFBlHqs43Ol5sKoSzGjQog==
+dupont.			86400	IN	NSEC	durban. NS DS RRSIG NSEC
+dupont.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . pCSCsVDzPD27N5oaqoGn+4Ms50WY2AU6mwKAb66q3fQvnW3aZRQrenvA8ZdOTLdkC9XItF0zt5adEcKZLeaFykTxod98N1tFVNo6/YJGsLBSPOJ94UAhNA/+SjvEYrhSdbS0ql7OdhhZA6U/FoLC5+x9QF7MUlLl8tKRlX67evKf1u503WI3wW64Nxtz3E63CP/6qdB5zQA4KJfoD7ktP/zL6xoSKHc2f0Kn/ZCgudeVQQNeIESCYkPinRE0lBCqCu+MBk/v0ctMcjHQovveglmfmDjrZ9+dzxbjDd5tyM4kQkNuqZJCtB0N2rOds/Di0QL7oMfXCvh7eyEKqwuetg==
+a.nic.dupont.		172800	IN	A	37.209.192.9
+a.nic.dupont.		172800	IN	AAAA	2001:dcd:1:0:0:0:0:9
+b.nic.dupont.		172800	IN	A	37.209.194.9
+b.nic.dupont.		172800	IN	AAAA	2001:dcd:2:0:0:0:0:9
+c.nic.dupont.		172800	IN	A	37.209.196.9
+c.nic.dupont.		172800	IN	AAAA	2001:dcd:3:0:0:0:0:9
+ns4.dns.nic.dupont.	172800	IN	A	156.154.156.52
+ns4.dns.nic.dupont.	172800	IN	AAAA	2610:a1:1074:0:0:0:0:34
+ns5.dns.nic.dupont.	172800	IN	A	156.154.157.52
+ns5.dns.nic.dupont.	172800	IN	AAAA	2610:a1:1075:0:0:0:0:34
+ns6.dns.nic.dupont.	172800	IN	A	156.154.158.52
+ns6.dns.nic.dupont.	172800	IN	AAAA	2610:a1:1076:0:0:0:0:34
+durban.			172800	IN	NS	nsp.netnod.se.
+durban.			172800	IN	NS	coza1.dnsnode.net.
+durban.			86400	IN	DS	48265 8 2 57603308E8A6D14065F069A08C050CDE3AD0C769DD2BECE4DA5FCC9456BAFB32
+durban.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . vssJAE6CiT1ojwcgNQO2qg9ecQJ54fxHWLMyXUOpb+k6ysK4RdoIuSRs1226rMDWVHbzjab1sk1hFsBRjugz0O4nh6OGwVs10WWW+2hMz56Ko+3oGR4eTfpWx9Ib3y91QRKe+nun4/jKgyIOom7znRPPDR8MNMXjjXOtCHuSqoSmXQsjPBecY4T7yBNGV97/Cz3Q1iDZ3dYyNCczz1Qn1x8vk+jG6Z1tjyNpIoG7a3flGvoMjHcR9fBQYQ/8jPqo4TcIazPmA61hqPc0UKXAfd+ID5ccQ5+d6SJkdWDPvKE5jB0RXQNk+66aTba2IO50+7ildWx4uD+9+hZEzJVrfg==
+durban.			86400	IN	NSEC	dvag. NS DS RRSIG NSEC
+durban.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . MooQ5aHnz1rjQTBG0LTs/k8LmNodFWPzSGYRY97Yo1SsNxTMQpFcaT8nOer3VLwDLefPV/Ug63SNyR4QeNnkJI2yLsHNA9o6/AxOdfQrVEqc4RavZffO4pHME0qTgbYMkNdWf5b72diqPCfKkzEigVTf5cgpKNU3qLOkycTirPqrsX2y8QcBdEpEu6xGo0eYJk7u3mG15r7pZ1EA3tfMwbeu6h7sBHNz7HQDhh+u1e0fu8TdPsxVWG4fdbsjTkThM7Btt0y5XY84scBPapfLA7GWq5NbxTldmYF8hs8x3MByBPu4T6UHlkn2g2eXxpqRIcq77wlZctxiKlZO0Ydmxg==
+dvag.			172800	IN	NS	a.nic.dvag.
+dvag.			172800	IN	NS	b.nic.dvag.
+dvag.			172800	IN	NS	c.nic.dvag.
+dvag.			172800	IN	NS	d.nic.dvag.
+dvag.			86400	IN	DS	3200 8 2 4544410064854638C7273C4481902B0B3218F905E6DAE266A181DEC2AB700BD3
+dvag.			86400	IN	DS	26666 8 2 C94C9E4F38CC0283D1F3854A27F49C001E6D43689F35C0C9438E7D8731301662
+dvag.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . Y5a1nqNWjmSkauocI0lUU5Vj1TkJJQISxv9mFkRtfj0X8CoM+DEdTSUhDHcoDiimI+zThcDrxsIzg/ebSeL+po1oHONtGmwp1AzFUId/Vd5LOQVtVwmZaMfUBtRrkWu++NIoTF2T3+h9x79UIudR5+pIdi8+9wZqqQKk0IQLvC+3bIhTY8bMdBiUYKLgz7rF7WFgLUN/uBJ9nxKewdbWcqs6cffPRepfDksolPn/JVt1GobW+VISEeW8AFPE7JRDh3Qs7ANjKVaLIQJfHpQdtRRnLRPVO1XUOi96/MmX2xM01GwvrZmcS4Pf5tkchmxIvRYq3kulEYIo0f0SUNTwNA==
+dvag.			86400	IN	NSEC	dvr. NS DS RRSIG NSEC
+dvag.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . JnCeROLFQpZPIh8qZpxK+zib+W+5926mWNhoR0FIubCgSMU6dGCRo4n3VCbxtZBKTK6A4CtT5+gvTX745hPKeh+KvW8NaXHxY3fUT1h9fKfjLR6aNJv/1AEQ6PLiWXqM88ss7QbYJttFQRltEINbnxPYxQP6rRntgtPMgPzs42jKouG4Wx0Zooznne8b2Hb6BSeD91IiYvUcKIOXF5aKZiwhnp6mU1NMBLiXyAjKkIXsiiFmrFKdTIvVPCNsy7AX5ZbDDf/d1f0vM3py2jYMj2agpxDGmBijt8wlFqMrMKrzb0iv/b64QZVVpYNqqYC3pvyHqDsRFnEmFm2L5SRdDg==
+a.nic.dvag.		172800	IN	A	194.169.218.84
+a.nic.dvag.		172800	IN	AAAA	2001:67c:13cc:0:0:0:1:84
+b.nic.dvag.		172800	IN	A	185.24.64.84
+b.nic.dvag.		172800	IN	AAAA	2a04:2b00:13cc:0:0:0:1:84
+c.nic.dvag.		172800	IN	A	212.18.248.84
+c.nic.dvag.		172800	IN	AAAA	2a04:2b00:13ee:0:0:0:0:84
+d.nic.dvag.		172800	IN	A	212.18.249.84
+d.nic.dvag.		172800	IN	AAAA	2a04:2b00:13ff:0:0:0:0:84
+dvr.			172800	IN	NS	a0.nic.dvr.
+dvr.			172800	IN	NS	a2.nic.dvr.
+dvr.			172800	IN	NS	b0.nic.dvr.
+dvr.			172800	IN	NS	c0.nic.dvr.
+dvr.			86400	IN	DS	28879 8 2 FE84D723DC95EEEE237ED7452871DA942FC883F0154CDEAD6BCFA3A36EF52DC9
+dvr.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . Faa1bT2xNFncqN/hO5tEErP+22/ozyGhPMio3YTjxGMOsiGwwWkXDNJSQ/0Hikla7JUzlVhMmaBwvKmwHGXM9VIalBLC0spWotIxJ/mC8k6KiM5mUxahIg9KJlK+W4OoVBqkF07xg2UdbzjQhATwA3/EMrsYsPPV6hWXkmXqcYOqAg+0xxBGSwL2y/fIeQar++o968KNPigOtAB8cGGnLauH2Tq+RgG/rDP4mbW3daNMVaxtn5E4hP1izuvRYfNHUPB1913/ghPmiYEqTxgU2ZMQZaT+Do8+AN2ops8+eteuNkf4bEKcmB0usDrK9Sw5gE3FwJHue49R6dnhvZGBug==
+dvr.			86400	IN	NSEC	dz. NS DS RRSIG NSEC
+dvr.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . vPRH/655so7w9RgU2SuazXkZMcze8sTi4FoXtozaaKk019p8olmfvOqP6uCSZ5pct0MnFYTNc4s5lU8k04am1Vs3vritGF3KAuTbSCV9F/f66hEJhsd2gu46NhGaJmr0JqDtmS0ElQ/KvQL0cfSkaFq0/rgeOeAphy0HVLut78/XXBVPuj3Dwng3saPeKas8WJF3ZcNeFkoD1x9Orcz0x7Qmasc6aES6z2czXqWHQCovEaZuWPplGec3vfkv5qYZVarryc/FU5Gvx79yGPey1IdVtcFOURVrBSyXJtMIYAC3t3XPezmr9L51MoK4x6Zd6bM/KoSY6GuBzhAjHeP2qA==
+a0.nic.dvr.		172800	IN	A	65.22.108.17
+a0.nic.dvr.		172800	IN	AAAA	2a01:8840:6a:0:0:0:0:17
+a2.nic.dvr.		172800	IN	A	65.22.111.17
+a2.nic.dvr.		172800	IN	AAAA	2a01:8840:6d:0:0:0:0:17
+b0.nic.dvr.		172800	IN	A	65.22.109.17
+b0.nic.dvr.		172800	IN	AAAA	2a01:8840:6b:0:0:0:0:17
+c0.nic.dvr.		172800	IN	A	65.22.110.17
+c0.nic.dvr.		172800	IN	AAAA	2a01:8840:6c:0:0:0:0:17
+dz.			172800	IN	NS	ns1.nic.dz.
+dz.			172800	IN	NS	ns2.nic.dz.
+dz.			172800	IN	NS	ns3.nic.fr.
+dz.			172800	IN	NS	ns4.nic.dz.
+dz.			172800	IN	NS	ns5.nic.dz.
+dz.			172800	IN	NS	ns-dz.afrinic.net.
+dz.			86400	IN	DS	17380 8 1 E624A5121244D5706C2126AE7B48CE7546DB0E21
+dz.			86400	IN	DS	17380 8 2 71034E42FCAA30ABC99190C2B1D99D4D3D9C7CE005E020699A047D2B36E28AEF
+dz.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . ofC65WWSJWyqN4md5R5GuB+NAbUjBcM4rdHxmHxTjvnCAWNLJBVt2PQlS21esgbT2qZvOHcLFolyzH5z6fiyG9rmPiBU/KmPC/zWqacmN6BP7+H9HCt2drSfzazkbyTVfdwWjuxpgl7szYL/S0SzMySCIiokrrTsCnlEZV/NGKEtqanh+YxU9po0+y4UYfJq000N2yz1mP60nzW10Tka74nWcNSBwGP9HKHMCGNaMpum4W2iTPvJG3C6PZ0+dTWoNAe4eh4OibdKSARqcvVImWXYOxQbzJaDXRf2Tcgpur9fxYDqEX16zgyNfkGVJvyvLlaZNDluR+jywIiVsE+50A==
+dz.			86400	IN	NSEC	earth. NS DS RRSIG NSEC
+dz.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . TE2UOpXtXFQRAEECVb8lGqX+/lKBbsSpI1RIqkqEfAluuH5r4w6tBgOLcwfUjUfb0uhCq5Y9zUSczXSBwDOchISYXsB3Ysjd2x/IqpFND+aMUlQD66t6oPDTQW3rT/A6+4waNE/ZO1NZAjfY7v69nCjDGB59MAOHuK1V6eabWf3yRyFEflx9TLJ/fLcInVoSELwfgIa87UN1Nqka1+xBevaRzZOGcyYsJsMzhgAXQ26yh/AYDcDHYtDdxiGuI5lXPkAiWy85Ydi2jpnoJfru+w2nfKkYZEd8ecXnPRe3o5l8tBfQ7b1RAXNmVeVNPM1xg3NAJYSCyUCwgPprC9OVwQ==
+idn1.nic.dz.		172800	IN	A	193.194.64.243
+idn2.nic.dz.		172800	IN	A	213.179.160.68
+ns1.nic.dz.		172800	IN	A	193.194.64.242
+ns1.nic.dz.		172800	IN	AAAA	2001:4340:1030:2:0:0:0:2
+ns2.nic.dz.		172800	IN	A	213.179.160.66
+ns4.nic.dz.		172800	IN	A	204.61.216.103
+ns4.nic.dz.		172800	IN	AAAA	2001:500:14:6103:ad:0:0:1
+ns5.nic.dz.		172800	IN	A	193.0.9.71
+ns5.nic.dz.		172800	IN	AAAA	2001:67c:e0:0:0:0:0:71
+earth.			172800	IN	NS	a.nic.earth.
+earth.			172800	IN	NS	b.nic.earth.
+earth.			172800	IN	NS	c.nic.earth.
+earth.			172800	IN	NS	ns1.dns.nic.earth.
+earth.			172800	IN	NS	ns2.dns.nic.earth.
+earth.			172800	IN	NS	ns3.dns.nic.earth.
+earth.			86400	IN	DS	26449 8 2 F5CED94F4F7CD8BD7278CABD2D2E7BE2DB0FF7C89037B9066212D42883A525CF
+earth.			86400	IN	DS	38176 8 2 6BB59812C4FDD633997053989F89EE0E3B466B694C11B739C8F79995176B3920
+earth.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . JZuiip2/dBUW9IR3c/jN9hToyBm55f5AdE+qRXGF5O92Kw/0qTScjNaiRKXe+mrcYM+Q8MweQFFgu3qpb9e7yy7mXRU1pnnb45Agprk2p7ZaOTuXU14jqw3ceMCNMn0yWL1cpMVUFI9NVLJujXpjw1Xisro1dgal0MqlGLRUHb+1Q43P5e4qHrs/NUX9WYiEZ/L12sXG3pl1l6CYpAwDfNF+wZFM+iBgF5aWxQSyOy/UYDuPF7HQnv8DF/TfrQoEyhCKjPUXt9e7Brk+WnICHA7DTdP/l1RaIwv+NFSaoK/6aC2KvAnsVzPQo4zKxd0RutVbl10UKowuSeMgIRGWcQ==
+earth.			86400	IN	NSEC	eat. NS DS RRSIG NSEC
+earth.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . NW70PJ4DaSAZmMfykCVXdaXxED7V62ScVgtGZDkSQB2Al5ZKRV/kKfCj47ovrf90TSRMZKauEJZ9CrA6BtUeJ9/PqOHQ3HGDszF/aAeLB4NH+Xwr+v5ZZNHFkEuaNTqpucAj3F1g9zR9dLhMAQiQrCG9ik/E2vIHTevUyb/G9C42cEYNjO2FUokkqtaGnQQmLReSSVm+EKEEhr5v+gQRPoT42WIN/D3T+518zmIPqlgumQMrnTYBklsvc8OllcfV0WzSNvDrKcvOAgY6DA2daw8DMc65akmiZkT3SEpHoh79HrE9GcLTLjiAsj9YcxsvqTCwcCDAx5JBjSMvyy7f3g==
+a.nic.earth.		172800	IN	A	37.209.192.10
+a.nic.earth.		172800	IN	AAAA	2001:dcd:1:0:0:0:0:10
+b.nic.earth.		172800	IN	A	37.209.194.10
+b.nic.earth.		172800	IN	AAAA	2001:dcd:2:0:0:0:0:10
+c.nic.earth.		172800	IN	A	37.209.196.10
+c.nic.earth.		172800	IN	AAAA	2001:dcd:3:0:0:0:0:10
+ns1.dns.nic.earth.	172800	IN	A	156.154.144.230
+ns1.dns.nic.earth.	172800	IN	AAAA	2610:a1:1071:0:0:0:0:e6
+ns2.dns.nic.earth.	172800	IN	A	156.154.145.230
+ns2.dns.nic.earth.	172800	IN	AAAA	2610:a1:1072:0:0:0:0:e6
+ns3.dns.nic.earth.	172800	IN	A	156.154.159.230
+ns3.dns.nic.earth.	172800	IN	AAAA	2610:a1:1073:0:0:0:0:e6
+eat.			172800	IN	NS	ns-tld1.charlestonroadregistry.com.
+eat.			172800	IN	NS	ns-tld2.charlestonroadregistry.com.
+eat.			172800	IN	NS	ns-tld3.charlestonroadregistry.com.
+eat.			172800	IN	NS	ns-tld4.charlestonroadregistry.com.
+eat.			172800	IN	NS	ns-tld5.charlestonroadregistry.com.
+eat.			86400	IN	DS	36982 8 2 0162A0530F6AA0945BE047455CE29119BD4582EB2E4A08FEE5961BC427F9F518
+eat.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . P6PAQsTEXvupepA+m+/2wAKrlN9wNC6F3GoaAYPZZBwbD3+W7/eCzrjvU/Piuonbn9jCz2wJZkRIrj/g9z9CwIr1h6p49TATBTW0cY13BedLlTMISR89wzY7QFAL+CUXNau+I5Xiheu+575k34bVk7tHlSsO1xA4uY247nGrVzKRSr7xgSWTMKxbMM9+TcsRaS/ANYMrhT1JIEaT8P0zdzty6dcBdRUd+cCbPdkUIO6D7yrKJZClxNouUvKWVky//R7sUKpZ9KgH3yPFWVXUEndiML+0NnbyxmCGtqMhN0bjuOmvF3oYpiyobeTBdjpU6wKx1XZrQ76JdgO615QPAw==
+eat.			86400	IN	NSEC	ec. NS DS RRSIG NSEC
+eat.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . BKpPyE2Q0dk1EFL/1cW3PgQ1WgQ9+u9NL06rcJiVjakQowHSMmhALttyu+q+M/Ql+rC1wwrK/KFMSGYpo2X8pwII+olp1gzfQuAcjcK9f/z3apgJwutUERZvaXfCvHdtLgA6DbxX59pXRQZng+n4EfJM2ujIGDAkoHQiHoG4QvcLPjbTlYW7CLxKPZ79sSB0GwtFsGzk9aupFjXd4CP0qAI6usExDZgfaJ9KxP4DM5dzrdaS/RsIL9PvqC1ER/p/1LzA2LrP3b5nPqr0qpPSd++XGA32IEhBCJiYYCamtPl5OIxivwtT0UwTGy2KB4QBB/+hBaKa07pbc3CKmZC0TQ==
+ec.			172800	IN	NS	a.lactld.org.
+ec.			172800	IN	NS	n2.nic.ec.
+ec.			172800	IN	NS	n3.dns.ec.
+ec.			172800	IN	NS	ns1.anycastdns.cz.
+ec.			172800	IN	NS	ns2.anycastdns.cz.
+ec.			86400	IN	DS	35138 13 2 2DE23508E6AC307FC11F86B8768025BFF14E2B585D555B020E218EC65C9A0223
+ec.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . fLJLwcLFW4Km5rUcX3yavTwZnJgkDk96AuAFEuf4F3wnF+xzZur0xy6+xfO9M5HAGNnQX2tUtpt1/qZi6I78GkmoWPsbR7EK5doGJBUqXNfgeIJ7+0XDlMdX8D2rC3z8riRD5XnAqfghSy2gVFY5iwTHj684SjLdEQ8QSpkKkEVikK0v6QkzCqixpCmTbOpShTYuyF5NZjHY8aO579C5eyidenTMKNAFgAxNy0IZwaXtqLpK0pfPB4ZGT8ei/do+FyakDY4xHB9M/VAWN95VPM1/B+kdhWuJY/0r1Nb735ETE/aBE5jzQQYhZhmaP+xjsAfn0mDvyXWS4x6Q69ZmVw==
+ec.			86400	IN	NSEC	eco. NS DS RRSIG NSEC
+ec.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . Z1rUWood/zYZoJH+ZfWOrdvRIqZV6+BfKrREMOPJ5rnANrL+EKlhGpSfm11UcjD0IP9gCFQmrT4FxjvoZhoopmi1WMer5+EpQYw3zqEWA1ND1PTpn2PC0eMRZlSy1CSFxcsVtcZwEKxVV1sc2GaoTpQd2TF1XDJQk4ktpYl69hJxPcshF1sNu5kSrbtZYcV/4Wj7givkU1MStCI9iScySnZnNVgduWmxlTRWslzV1MtICUMqJBTT2UnSEXR56x6a+m5PXim4KL3i5NMK71xALdALEw1njzxggp0cAwVUvN93D9AzIwU1kHzeFShHMj8ILh4Vc0XzIs6q7VomgdUmjA==
+n3.dns.ec.		172800	IN	A	204.61.216.39
+n3.dns.ec.		172800	IN	AAAA	2001:500:14:6039:ad:0:0:1
+n2.nic.ec.		172800	IN	A	200.12.199.1
+n2.nic.ec.		172800	IN	AAAA	2801:0:60:0:0:0:0:1
+eco.			172800	IN	NS	a.ns.nic.eco.
+eco.			172800	IN	NS	b.ns.nic.eco.
+eco.			86400	IN	DS	34597 8 2 BCE820D516CFE81DF04C38FBCB7CF80C2ECCC473B57A295948FA50AC1AFF9800
+eco.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . JlQg8QJ045e4C0nG5QJ+WyfBxihyUyixItKIRH7qEUHQGrQ8kmKbblMy0EqodI75NaIp5MV6Q/cxitAbw2htfSTwv7YRZqgWnKNp8BUvIHnlTtqvdfvoyOpt4+IjAUqpCzz2qyk7yucDs3YX3sw3bcpyCREbkdPoQfUF02u5mDYXPo+haYif9EV+JPvfcjvZ0h0llan9eJHbvkB08haPPiYspsIFMfUpYWwcsbT5Rcx0LuczaXr2ySudyRS5mH84gRPcyptsPjcIrWxB3qJIRxstBPWC4J8e1t27peSWUF1uoq0s+WRrtP/mk4leQAt+l53VsK2913blJm0RnmhHUw==
+eco.			86400	IN	NSEC	edeka. NS DS RRSIG NSEC
+eco.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . kzm3QoB1rUTFoaWQ2JIa5W1/jkVGDM+03xj1Z04b6uK5sAeAPbSvVNw5WQdH+7g1QwJdZ+CKW0gf+buaOWizUW7e/1uYCp/ouiUcvj8tCPBY097A5c1MVip8q1nKPqY6BTHAPgv7AyBwcdcOvtTF6aNYpTBmBFpGxfzZnbytEqLmspcSGEeRvg9n4a82nuHptf5bBntF0GAFUK58kO96AEDg16hbr7PRysrDPeYj5F1Pp7lnqLNYfGIj6fwr0Ha+PjSXYLAyqeFVkTpdu1/GAjNQrXJ6TcSlRNbDcdLSeglhASOcse68b9Iu+wkJdGU4+kSWqUwAJKq3/mBGopKuDQ==
+a.ns.nic.eco.		172800	IN	A	185.159.197.4
+a.ns.nic.eco.		172800	IN	AAAA	2620:10a:80aa:0:0:0:0:4
+b.ns.nic.eco.		172800	IN	A	185.159.198.4
+b.ns.nic.eco.		172800	IN	AAAA	2620:10a:80ab:0:0:0:0:4
+edeka.			172800	IN	NS	a0.nic.edeka.
+edeka.			172800	IN	NS	a2.nic.edeka.
+edeka.			172800	IN	NS	b0.nic.edeka.
+edeka.			172800	IN	NS	c0.nic.edeka.
+edeka.			86400	IN	DS	5236 8 2 1423F0E6F60E7BA10535B7B7B88DEA2B02A8CE3309E68ED2E9698687CDB95065
+edeka.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . WsTPh0DPcSN+VShhfkak3AfmLEql7/n5z7gjGwmAjGdoQYZNW3M70OvgJZ9ilv5VEDk0kQJ4yzS7s9g8k0eT7kuCxqn50ZbkRvt2zwBOnpRcqI1LwJjg7OyacNWAyQMXClM+czAYWGMSIj86CrefS3mjOMoTIVEfiBZgxPi1IE0ZrQ+w0trCLZ5JqQBXjRTTlFiOQ7il84iekFIQI2De2vr23LKn4HI8688GE2nz3jCoOeHJBC+p0xnJSFAZ911Tv1J1JS+BV4dTrtChhwQeZryTH5RQji6uaXPKojIkekE0zlnt+oFvxZ0HcEXO/JThGlO9KlbGj+lKMwtHi7B1Ug==
+edeka.			86400	IN	NSEC	edu. NS DS RRSIG NSEC
+edeka.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . ijUZRp/pAzBOhO5CfAWw4eWA8V4su7Z2Jqg98JZg8/IpaP9m6gAUQpUu6o8xp3o2Cb9YgQAVwyo0EfRQ17Q+tYLXxxYs2Ki3NohYU+uZVF/GupEAMYqz+UxYTGgzH6m63PcCuyK6FmTdTNloEf1f6QM5/tomxq8c5+mwNH9AMXnkoo3c8iJRNse8s2NWzmIXJOzQ9JP5RZ5uK5QHmAFpoXWfl0alV2tFjn5Z+AUIbFipWRYdNRI9ubsGhKUkHIrBky1lpZ0tN2f1JMMmYjai3ts8b5yC/yIbQseojFcnDL2pSdvrmUnCoPwjGzZYEkMwXE2ZOfutZCVQH0FQIl68/Q==
+a0.nic.edeka.		172800	IN	A	65.22.16.25
+a0.nic.edeka.		172800	IN	AAAA	2a01:8840:12:0:0:0:0:25
+a2.nic.edeka.		172800	IN	A	65.22.19.25
+a2.nic.edeka.		172800	IN	AAAA	2a01:8840:15:0:0:0:0:25
+b0.nic.edeka.		172800	IN	A	65.22.17.25
+b0.nic.edeka.		172800	IN	AAAA	2a01:8840:13:0:0:0:0:25
+c0.nic.edeka.		172800	IN	A	65.22.18.25
+c0.nic.edeka.		172800	IN	AAAA	2a01:8840:14:0:0:0:0:25
+edu.			172800	IN	NS	a.edu-servers.net.
+edu.			172800	IN	NS	b.edu-servers.net.
+edu.			172800	IN	NS	c.edu-servers.net.
+edu.			172800	IN	NS	d.edu-servers.net.
+edu.			172800	IN	NS	e.edu-servers.net.
+edu.			172800	IN	NS	f.edu-servers.net.
+edu.			172800	IN	NS	g.edu-servers.net.
+edu.			172800	IN	NS	h.edu-servers.net.
+edu.			172800	IN	NS	i.edu-servers.net.
+edu.			172800	IN	NS	j.edu-servers.net.
+edu.			172800	IN	NS	k.edu-servers.net.
+edu.			172800	IN	NS	l.edu-servers.net.
+edu.			172800	IN	NS	m.edu-servers.net.
+edu.			86400	IN	DS	35663 13 2 A2E1614291831A4746B5AC52B4B345357687271E85353082741F1CF3D06A4C1D
+edu.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . fTc024dGSm3seoOVtwKng2Yt3K8wmUwJBJgvzGaZ7XJafA5FwZ8weQ/kXskvBaPzsFW8oyyMThUN04O03ThcnpIjLo8X72W+DnLjK7WVaWtaxPaPcl9yg6ynd7XfFpEo2ob5VvVEWYMnwzjRLwjhHP4Jue+/20nDJ+LQwyDuCx9FBoBwvvPJsk67y/WZNWkzJH3ztfRsFF7Zvw1C18JeYSfWCRFYJuwU9FFuO1iNu3W/CnLLfKU7idItGoERoHI4n+JpqeBNWBKlsB2qiMFrbgbjngoZ6SjHzr1Xpk3YSbnSgBO9xqLR9ZHwxbOzrpjWduN4NRer8eCkCrQn0+ITyw==
+edu.			86400	IN	NSEC	education. NS DS RRSIG NSEC
+edu.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . ye+GajD5S925FvMo0Ao2OiYbAc508brCncjqs45k1gHJWQxLRa6wD7zQAZqdWwTUI96djFXSK+EafS72XzJMW34O1CxSDii8uoh5LVOcOuDC3CCHSnqTliHTrdjUGk7Okfb2NwErZFb3475IQv/eKCz0ZbUPxaLLEXAhscafb3RJ3cEVslueuhWYfbamx1Jx++Vb8i0rak227qmSxJsW/Z+t75YH5hUIqgZbTA9S86yzezs54Jha+hPadmVHVbP64pDYiahqjIvuZ2OA3q4afAMPk4c7NkN/sjGthQP32wUB87j+TswwLVPr4YxMq46FYQPmY+p0zkgD15bbOvAwIQ==
+pendragon.cs.purdue.edu.	172800	IN	A	128.10.2.5
+gold.uog.edu.		172800	IN	A	168.123.250.66
+green.uog.edu.		172800	IN	A	168.123.250.56
+phloem.uoregon.edu.	172800	IN	A	128.223.32.35
+phloem.uoregon.edu.	172800	IN	AAAA	2001:468:d01:20:0:0:80df:2023
+education.		172800	IN	NS	v0n0.nic.education.
+education.		172800	IN	NS	v0n1.nic.education.
+education.		172800	IN	NS	v0n2.nic.education.
+education.		172800	IN	NS	v0n3.nic.education.
+education.		172800	IN	NS	v2n0.nic.education.
+education.		172800	IN	NS	v2n1.nic.education.
+education.		86400	IN	DS	26536 8 2 A81CD163F9E5927688CEC92921DF489DA53DFBDA0E116B78B02B97010814CAD0
+education.		86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . WQe2jEm8rONPR86ak+oZPzrA7T5DUzSBj1W7GXwwoubrNkaIXKOmB3K194SQMTE3qat+Hgz8h2+QkJtNcaytN124T+7DCYgK0btiemLemStyNEtg0Kcal3/xhD0cBzWjfp9aeejWAd9/gw5Yb73UNMglgCR6Sycj/3Rnhx+2ShlX7bB7lGA7zaA/Ie8nKOEwyl85E7ds7dhW5QCYGV/dLaap86nn83XEqZ9FDUAaO7mdZY38V+60+24IJg4TeV8tlYAhPiJtSa2Zu6i3JyGXgXo39gQkP9ANaBEfY0UIejrsIGzCAC1lb3I6a+zg2gvUJgZsmCoAipmgdYjDbuSdlA==
+education.		86400	IN	NSEC	ee. NS DS RRSIG NSEC
+education.		86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . r+Awb1Qe7QDF3gCNwVTlYZXH07VV2bX5tQg5iiEWniSNLvgj6pnLviiKdKAhwaPPOpj5leyKmA7eNA/qmS5K0dsJX8iNZQk+aLz+U0dPnXmgpJX/Y3ns35QkDrH1/h9noS9gYcjDG/NA+clmMNp2WMScXio53PNnXSnEH9N9E2oMa8X1rqPvyIjtDyMYsn4BW45pyylJvtX++1gutzqBFlp+5UYYRKRkdJaUVxSohfTvlDDD9aI4V0I+OcFntz16kjAm7OaTOCBfe9Pv45RX03bnxiutJnxZapk9EjsJL8KKuA+0ZkW9TdMxN6gdi7smzAdZBnxHfLe5bgh7yq9qCw==
+v0n0.nic.education.	172800	IN	A	65.22.28.38
+v0n0.nic.education.	172800	IN	AAAA	2a01:8840:1e:0:0:0:0:38
+v0n1.nic.education.	172800	IN	A	65.22.29.38
+v0n1.nic.education.	172800	IN	AAAA	2a01:8840:1f:0:0:0:0:38
+v0n2.nic.education.	172800	IN	A	65.22.30.38
+v0n2.nic.education.	172800	IN	AAAA	2a01:8840:20:0:0:0:0:38
+v0n3.nic.education.	172800	IN	A	161.232.14.38
+v0n3.nic.education.	172800	IN	AAAA	2a01:8840:f8:0:0:0:0:38
+v2n0.nic.education.	172800	IN	A	65.22.31.38
+v2n0.nic.education.	172800	IN	AAAA	2a01:8840:21:0:0:0:0:38
+v2n1.nic.education.	172800	IN	A	161.232.15.38
+v2n1.nic.education.	172800	IN	AAAA	2a01:8840:f9:0:0:0:0:38
+ee.			172800	IN	NS	b.tld.ee.
+ee.			172800	IN	NS	e.tld.ee.
+ee.			172800	IN	NS	ee.cert.ee.
+ee.			172800	IN	NS	ee.eenet.ee.
+ee.			172800	IN	NS	ns.tld.ee.
+ee.			86400	IN	DS	34382 8 2 000A3D89DC6CD4BA00EA8AFFEE3967D3A26DE7A545FBEFE16BA07518FC8D54F6
+ee.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . IUjiItv2rUbUNDeEIqQgkJqITPAqSFfLou/VYJITwR+m/QxErrSawqqCGOP44o2h7FZy0+spJLSN3K4yg3Rsq3uhvxit0/NYFx1iF2O3ImoBr946dzzUM8B9+W6iuWI1uX63TlGJjKVXqIGY5Yy5HqKd95/2BRX4gF4+qvo5gHfEWfu+zyM3T8RjGvgmM+D0qH6j8tWw16U1cPH+mowojB9XUBTznfN3vT5IsvkVm3jB5GfeTFQLSXOfV0Jc1i33OzOwTdY0MyyvZ/dW/HrU4QeH56xqOeaG/jS/cDo9HChbOb1sFybSx3i1ZNOttKuSe5g36vH92RocXiEvXP1XSg==
+ee.			86400	IN	NSEC	eg. NS DS RRSIG NSEC
+ee.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . ScQp0hTi4y7eQZHD5ymzpt2FGrrT0ghdUR1bIRY7swPzI8XrSeRhH5KVBHFvHr5gj+yh02Ovt/UPciUxL2AqUj1zvbsfpLQJPYns9s00gSn19jLpi9ERHVQWpvvzaT2lh9tguXClg7F+1+gl/xfA8cVCS+9MAWXcbKLk7FpVgp/3S0fpzB9tzHhhHVOOwqQBW+zPWUuKSq4joZWWY2FZSS9OuDBRQnwC1+Yhbj4RVEKy0I6uWfRwq1nFnvsAEZTlnou9WgguOwbsJCpoi6J/OJIp7iE+xp8hBl+kPanFWlcAzyKl2dLe9sOpk9qyYQrm41Mhsc3y7OoytamSCrXI4g==
+ee.cert.ee.		172800	IN	A	46.226.142.147
+ee.cert.ee.		172800	IN	AAAA	2a00:6a00:ad1:814:0:0:0:147
+ee.eenet.ee.		172800	IN	A	193.40.132.5
+ee.eenet.ee.		172800	IN	AAAA	2001:bb8:4001:0:0:0:0:53
+b.tld.ee.		172800	IN	A	194.146.106.110
+b.tld.ee.		172800	IN	AAAA	2001:67c:1010:28:0:0:0:53
+e.tld.ee.		172800	IN	A	204.61.216.36
+e.tld.ee.		172800	IN	AAAA	2001:678:94:53:0:0:0:53
+ns.tld.ee.		172800	IN	A	195.43.87.10
+eg.			172800	IN	NS	ns5.univie.ac.at.
+eg.			172800	IN	NS	rip.psg.com.
+eg.			172800	IN	NS	frcu.eun.eg.
+eg.			86400	IN	NSEC	email. NS RRSIG NSEC
+eg.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . BTgtQynb57Vpvi5r+Okrw/UFP19MZInudSz1ZUE2vT6qvuPvDbH2ukHrvKABV6MlWEHET4OXSbIfU0vtCzEQVJJAby0WkKaGxEteQMGu5uXklCuDeLf0ndKebuk4cQ3AS5NtkE87iLCLXBj09etmHYvRXay4uLTsHOlkG98+W4yDVPZCqkazwHEnNDuUe7UAASDiv8pDioOLDAt98Eg+coXmRu+O+eOPo1xDE858HtW1Ea45hFIZX7pLEyAE+KoQqacBikqwKeIvxatxtegIpo57nE1CB7pOg/hL1sjpP/a1rGdK5n25rUdJH/BIZ0ujunLMPcDStpIG53zhKi9yaA==
+ns1.dotmasr.eg.		172800	IN	A	81.21.97.155
+ns2.dotmasr.eg.		172800	IN	A	81.21.99.11
+ns3.dotmasr.eg.		172800	IN	A	81.10.38.11
+ns4.dotmasr.eg.		172800	IN	A	204.61.216.106
+frcu.eun.eg.		172800	IN	A	193.227.1.1
+email.			172800	IN	NS	v0n0.nic.email.
+email.			172800	IN	NS	v0n1.nic.email.
+email.			172800	IN	NS	v0n2.nic.email.
+email.			172800	IN	NS	v0n3.nic.email.
+email.			172800	IN	NS	v2n0.nic.email.
+email.			172800	IN	NS	v2n1.nic.email.
+email.			86400	IN	DS	62422 8 2 92A9DA686674B9BC30EE72224130A7C761D5B01902DA9A5A62038C796A16BD33
+email.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . hOiiyRTscsQW4AYHH14tFqOOuSS445WYTRw3/CNnEGYjLRy7ES491uErkjUPnHX3sferRVpFHtwfHKitK9hFqHjcg6nyDgkMSazh7NUFlvAmFM1xgq5iQehUvIvTWCSXl+BTfKJhN7ch5lXAyp6wRKmejuW2jl36YPF0Ei9Qf1I1HDqiAxCAGrSlWdLT84ocxj1L4RX58ja/aCT4CORSAvsr0nDoaWh5uUNwSDcTxrrmr1CJ99JqZ3/ZE8J2SgLe2/FQAdKDVkhaPEtVAFZA1xoKJFpAWX+UOHFPAPHfOxVVhrxDmGhLfs02BUTGHONvk7s4+f435lcMx4mFbyRFOA==
+email.			86400	IN	NSEC	emerck. NS DS RRSIG NSEC
+email.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . 0ltpaKdFCnjdUNGl+z/Nkh9BV061YlIAWuWJbUrsy012oW9v0oNBezPt2zMBH/I39NMOcfcoSlpwpK8yDxyy1c3q0+3VuydZXlI5Kz+X2l94NdLWRTC/f6Cxlvlo7QBucCVmNQQWK3d5Z9HIqSh26Kk2dDkTeIbLslihpDTfslZsD9xQRYEijr5lHe/GlNAAp93Pi5rw12cHMbYt+U6EAjoVQnIJCsv/sBIKaB5ixRvcQ7iyY5CYB4FzAL6seMBxyNUBjCx6KONgDcEfhWZEMhs/D9LsuhrOv0up18oXGjqD8I3jCS1havxm41FQcbxXLORff7JoGJ+sjnE/f345Jw==
+v0n0.nic.email.		172800	IN	A	65.22.24.35
+v0n0.nic.email.		172800	IN	AAAA	2a01:8840:1a:0:0:0:0:35
+v0n1.nic.email.		172800	IN	A	65.22.25.35
+v0n1.nic.email.		172800	IN	AAAA	2a01:8840:1b:0:0:0:0:35
+v0n2.nic.email.		172800	IN	A	65.22.26.35
+v0n2.nic.email.		172800	IN	AAAA	2a01:8840:1c:0:0:0:0:35
+v0n3.nic.email.		172800	IN	A	161.232.12.35
+v0n3.nic.email.		172800	IN	AAAA	2a01:8840:f6:0:0:0:0:35
+v2n0.nic.email.		172800	IN	A	65.22.27.35
+v2n0.nic.email.		172800	IN	AAAA	2a01:8840:1d:0:0:0:0:35
+v2n1.nic.email.		172800	IN	A	161.232.13.35
+v2n1.nic.email.		172800	IN	AAAA	2a01:8840:f7:0:0:0:0:35
+emerck.			172800	IN	NS	a0.nic.emerck.
+emerck.			172800	IN	NS	a2.nic.emerck.
+emerck.			172800	IN	NS	b0.nic.emerck.
+emerck.			172800	IN	NS	c0.nic.emerck.
+emerck.			86400	IN	DS	58186 8 2 B19E38544F1C313575B683C8533ACF792A0373C18F270ED0A1EBD2C3F77A291B
+emerck.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . z18Ss1Ledhvoh/coz7ZXKVC1mgVj32TWI3WDomsbTmXtPkDvUk0gfQSrkpeSzxuG/zA3Zm6o7I2XZWrMH+nWyD5awvAwfE05YmJPyYVw8wLBswPcewjmexCSqzWkhNqF7uPNFHBiKJiWK7C/NWx3mQQIBU8ApcSAPwuasaxITQf/MhqNPMASGbK6A2QQeb2WEYrRmfQMQHCKqmLEbXHcLlqvbwgHZr8T39BqINRX6HymfNBd4pRarHv0qCB2qxLbSSFohLIiLi1s0E1V1K4pcue/yCmvB/HTC6luWFM3KO3oR0f7ez6jC2RS5A7OOgBlPcLRbPhF2TRLqInl2ldjZw==
+emerck.			86400	IN	NSEC	energy. NS DS RRSIG NSEC
+emerck.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . m9Ihmi/nvbDa/Yf7q2+e6CixFw8+m36JjTV/0bL9IkDDFc1bmVhUDGX8LchsPXYeiJiivzqWwJmZ34h4tf3XSVRcW+cEtW92/PrWbWHv8OypLzl/O0l6I/MDEvF9dyKrEfFCtUJxBpmJn4IXTTn5fW+X0ozqucYd6NlnO4q6IZHS75zMQaRfjHlsULfhtIY2xEXcrspi09CRtiGxyJPFnLs7zO6eQSJBbfNd1Jw4jdGr7M/06Cz0cdtnOKbb8HIgzvofOdFe6pWCL1LZTWGs1dfvg6bT2/5T3uO9cPxlsQrZVh4C+xijBdnStj+HM5so+pLgk7URLcfCS5raDCwOUA==
+a0.nic.emerck.		172800	IN	A	65.22.156.1
+a0.nic.emerck.		172800	IN	AAAA	2a01:8840:9a:0:0:0:0:1
+a2.nic.emerck.		172800	IN	A	65.22.159.1
+a2.nic.emerck.		172800	IN	AAAA	2a01:8840:9d:0:0:0:0:1
+b0.nic.emerck.		172800	IN	A	65.22.157.1
+b0.nic.emerck.		172800	IN	AAAA	2a01:8840:9b:0:0:0:0:1
+c0.nic.emerck.		172800	IN	A	65.22.158.1
+c0.nic.emerck.		172800	IN	AAAA	2a01:8840:9c:0:0:0:0:1
+energy.			172800	IN	NS	v0n0.nic.energy.
+energy.			172800	IN	NS	v0n1.nic.energy.
+energy.			172800	IN	NS	v0n2.nic.energy.
+energy.			172800	IN	NS	v0n3.nic.energy.
+energy.			172800	IN	NS	v2n0.nic.energy.
+energy.			172800	IN	NS	v2n1.nic.energy.
+energy.			86400	IN	DS	26965 8 2 59F95FA7794AA6A855ADF22154CEE74E7AE44FB25142DBF999174B599DF16771
+energy.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . eTrsUDlfJXegXpIPtGnMQxCBklf8T64xVqvJpogE5/1iX0FJpUfkgt3c9RHe//KqoXyZZQH4O0vdsEFiUeDqWY6ealsvli1vlQu2zAKy4mwf/UOLNFZmeu9qpFdyKzDv69UJtEnItsnTs4Ox+0GU5LSrIsZ4o8E+AmDp5tPF6cpbZZpTrPfcWDj9+EJrUmgzHp7EhscVl/7/97vEul3h3wQ5uYk4NMSjyUMhvauzwSV93kYLQiXnVih5r56dQ5iwSlxNXCoh236SeXt2eMt03OiYSUkZxXMly3V3WAhPAwkm6fuSdDQzN87lk/xtuUNlR/SMJiodbTOP+xOSfJ/qOA==
+energy.			86400	IN	NSEC	engineer. NS DS RRSIG NSEC
+energy.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . OeLrrC8c5NY3NAkaAyyWYJ85pQZw+joZ3dG1gzmsz99G+S95pw2z23z6OUfTpW4n19Vnw83/sNA48HUko6EEVLueU5UAL1ud2d67yDf9LM7sWlfAkHRFbl+54UfYKgIiD3QKpIVNYyphdrM/vEFW7iKfdGwcjjsUoSz3T0ee24iMtHwTTxR4czv3ZQYzS8Dgb3t/Te7NWBMtvhJyNvCYqEN3Bsbi5ySC2PUeqTOuJ2RDkPWsaPTpXTHNh16d2HsIfKSnJmF+XFCl9nIi07klsKzIWtfb981Lxc1zGzL91LiNyVAOMUvy8hI5Ozc2L8cy0B2xR5TKAgNFBOqFdtwVzA==
+v0n0.nic.energy.	172800	IN	A	65.22.24.45
+v0n0.nic.energy.	172800	IN	AAAA	2a01:8840:1a:0:0:0:0:45
+v0n1.nic.energy.	172800	IN	A	65.22.25.45
+v0n1.nic.energy.	172800	IN	AAAA	2a01:8840:1b:0:0:0:0:45
+v0n2.nic.energy.	172800	IN	A	65.22.26.45
+v0n2.nic.energy.	172800	IN	AAAA	2a01:8840:1c:0:0:0:0:45
+v0n3.nic.energy.	172800	IN	A	161.232.12.45
+v0n3.nic.energy.	172800	IN	AAAA	2a01:8840:f6:0:0:0:0:45
+v2n0.nic.energy.	172800	IN	A	65.22.27.45
+v2n0.nic.energy.	172800	IN	AAAA	2a01:8840:1d:0:0:0:0:45
+v2n1.nic.energy.	172800	IN	A	161.232.13.45
+v2n1.nic.energy.	172800	IN	AAAA	2a01:8840:f7:0:0:0:0:45
+engineer.		172800	IN	NS	v0n0.nic.engineer.
+engineer.		172800	IN	NS	v0n1.nic.engineer.
+engineer.		172800	IN	NS	v0n2.nic.engineer.
+engineer.		172800	IN	NS	v0n3.nic.engineer.
+engineer.		172800	IN	NS	v2n0.nic.engineer.
+engineer.		172800	IN	NS	v2n1.nic.engineer.
+engineer.		86400	IN	DS	14215 8 2 DF8C5C2C75ABF8EA572D1DFA8BA0A78D4F74CA7213521C1084154AA9684A5587
+engineer.		86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . FZCJtoA2fr3GAGTxxbIf5wBF7tMGuA7VP6gGlRSaPfdmiOXlZTTmR82/5qp9HbxNf0ymS8yqHfqjUFWGNFKgj+42xtJbe2Lu8oT4sN9UeVa0E3lxrIvr6GLnFxrxyDIOUAZU6/At9iCEJU3+67+dncR2tWy2RXay24qER0k+yqEVj9MSovkhlxjMm9sMAvAWUkcx7LozS9DOWWqLM/PlwNEllsXrsAO/HS56gZzWRB3SJDYMoLbFqqY5WM0A6e8/EwBfx5ydrttMWuoUKCnq8pquHdzkU9YoYuCbbBBmmSMiLInzXcnYtfNezsVxZKUUnNbFMc9PBL92gAy3f465Jg==
+engineer.		86400	IN	NSEC	engineering. NS DS RRSIG NSEC
+engineer.		86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . XQNoEbyhOKbpecZ4TEcEVkEFFIySxrAr57Y36ujrnbzIu1YDIJGEK+gz5jB/mgUb2Pc1dd0RncIP2XFb5KqEN64027w6oEc2nxTYuVkKdALYqjzqjnOIV3T1PxOOSLsCWccGYHAl4xnoX0HGL/ktOubwIVBy2G5bsriOdVOziwwrf5/SRbs/+IOoqzYk5zIQz785oFyG0l2fiOIahfwwMM5Ijwm8ERNW9U0C3JYecBXMAKdhyKtzXTDg2ajwpRhxVh+oiLLOi+0K7qqq2ofHtn8T4l6j6GqJv++ZjcFH6CzWyh71gYFRkBQ1o5WLiD+bJ20TKjLipB06uH/wGyK2aw==
+v0n0.nic.engineer.	172800	IN	A	65.22.24.22
+v0n0.nic.engineer.	172800	IN	AAAA	2a01:8840:1a:0:0:0:0:22
+v0n1.nic.engineer.	172800	IN	A	65.22.25.22
+v0n1.nic.engineer.	172800	IN	AAAA	2a01:8840:1b:0:0:0:0:22
+v0n2.nic.engineer.	172800	IN	A	65.22.26.22
+v0n2.nic.engineer.	172800	IN	AAAA	2a01:8840:1c:0:0:0:0:22
+v0n3.nic.engineer.	172800	IN	A	161.232.12.22
+v0n3.nic.engineer.	172800	IN	AAAA	2a01:8840:f6:0:0:0:0:22
+v2n0.nic.engineer.	172800	IN	A	65.22.27.22
+v2n0.nic.engineer.	172800	IN	AAAA	2a01:8840:1d:0:0:0:0:22
+v2n1.nic.engineer.	172800	IN	A	161.232.13.22
+v2n1.nic.engineer.	172800	IN	AAAA	2a01:8840:f7:0:0:0:0:22
+engineering.		172800	IN	NS	v0n0.nic.engineering.
+engineering.		172800	IN	NS	v0n1.nic.engineering.
+engineering.		172800	IN	NS	v0n2.nic.engineering.
+engineering.		172800	IN	NS	v0n3.nic.engineering.
+engineering.		172800	IN	NS	v2n0.nic.engineering.
+engineering.		172800	IN	NS	v2n1.nic.engineering.
+engineering.		86400	IN	DS	60949 8 2 255F04D5D9BD1E74B0CB27EA0A6330E6445FE33FF6DD0A87B5C8FD1FBA7E0439
+engineering.		86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . WqwK6fsVLu9jpGdgVp4UiVOTPBrifc0wGH20WbRNhbm77neRqT7Dl0y5MViBj/vD0ltwmiTAPx4uaK/qh//6t1rKjViyAL0zq5DwI9UWYaegLnJbU4vcxn6yXggoPeAQTS2cDYCyGteEa3aiTfTJXj8AmwCQczkCDjXTHBpWK+iD9jxmmC93u68n+SljrjuzyNCV/Vnw/geX2Te3r9krsy6S94tIJBPd4HLD6x1olyAjGjyWaAfGJ7eZo9l6VfjGpeuiwoB65eEldKKcvaMqat0Dn9UyrvdTfSlNqeYCcZxl7XYQKVowVsMaTBQ1awXahafyisj3hxE/sJ1cR2xr7Q==
+engineering.		86400	IN	NSEC	enterprises. NS DS RRSIG NSEC
+engineering.		86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . hhOF+JezSragAkjj6Y8+tLPfQOX0vnki5peex9RdOHJtJyfYoynOGsb7ZrqtGshGmC9B0XA2iCTi6WaheBdiAi2s5NVm/Ena8ftbkaQ+w4eSp9baMEkrbuTRyC1OtqZjpGEZxkSf/Gu9sHRMzqq+3jYURpeXbiiIbTebuS3rQn6PyMY7Z7w3NPeseZpM6iAaY9TpJ9mILGCMFDmbL8O0z2K5BS/7/jJGAPHipD7BfAjWIqM3hP9XLXNfzcUFdKN4NBoUTzur/Mvb1vUmlAc5HB5nN+Yx/DTIrH6XvhyBozGWh0x4HPHH0USeHAJSX5f9RgL6qySHWB+4MvHupAn5tQ==
+v0n0.nic.engineering.	172800	IN	A	65.22.24.18
+v0n0.nic.engineering.	172800	IN	AAAA	2a01:8840:1a:0:0:0:0:18
+v0n1.nic.engineering.	172800	IN	A	65.22.25.18
+v0n1.nic.engineering.	172800	IN	AAAA	2a01:8840:1b:0:0:0:0:18
+v0n2.nic.engineering.	172800	IN	A	65.22.26.18
+v0n2.nic.engineering.	172800	IN	AAAA	2a01:8840:1c:0:0:0:0:18
+v0n3.nic.engineering.	172800	IN	A	161.232.12.18
+v0n3.nic.engineering.	172800	IN	AAAA	2a01:8840:f6:0:0:0:0:18
+v2n0.nic.engineering.	172800	IN	A	65.22.27.18
+v2n0.nic.engineering.	172800	IN	AAAA	2a01:8840:1d:0:0:0:0:18
+v2n1.nic.engineering.	172800	IN	A	161.232.13.18
+v2n1.nic.engineering.	172800	IN	AAAA	2a01:8840:f7:0:0:0:0:18
+enterprises.		172800	IN	NS	v0n0.nic.enterprises.
+enterprises.		172800	IN	NS	v0n1.nic.enterprises.
+enterprises.		172800	IN	NS	v0n2.nic.enterprises.
+enterprises.		172800	IN	NS	v0n3.nic.enterprises.
+enterprises.		172800	IN	NS	v2n0.nic.enterprises.
+enterprises.		172800	IN	NS	v2n1.nic.enterprises.
+enterprises.		86400	IN	DS	18490 8 2 F9D5CD8A254B1C4E2F53C8FBD8AB2FAF9BA3AF8479DB07A23127EFD0E97F23DE
+enterprises.		86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . w2QVI4Vyes6sAgoX/kcjbZaAUQEn1bmhykyZcP8sttKwPHqqfGdc6ED7xiA11Ul5JkjOtoojUInQBANHSO3qitGxaJQAJU6QDNh79wa5T77WNAFmW9TS++stxbBBA+GuW7gyJq4rflQnq7eWra9Si9ZP7F9ftYbCgAx9PB9Ihk67s0FBqnS/BV4oIuHEScVbvf3LGu6A9dlGneLgv294zcaN0m60Yer5gI1YAqWgDdxqUxIy3913+eEym04mOH5dDeqOw6NZOrgaQTBhOQAY+T90yIU5FTfACPYlZUok/69fvfBH+c7zuKi0jLe1qY2uO74s4nuzGIh1afcBpzXclg==
+enterprises.		86400	IN	NSEC	epson. NS DS RRSIG NSEC
+enterprises.		86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . 1LB+Cr66km/p62XmKUcMb5rqR2ByGgmQTsEpFZRyXm5HEbui3QFACRmk1D8R0s4nSdfZnOZhibxi2hvpYRI9B8jl6c2w8+O5Zf3F411dcKgaL5AdExvzVISOdHHhWYIVHnGRTYoIEjgOE/LuvuJxqzR9on+W9j3JykaDfrRExaSu2MVT6rb8I/qs2IOwckYGJEa+nYaocR0iqOh7ZayplY/vHTQUdG48pzRW8k8Bj4T4uSVtFsBWgetrbbvcugzgu+twl8DZd5R5lBTWzg+PdXYKDpI29m8Tix/D8yHtclCSwIeu24TkscfXcBqxJJvwUhn2cKWuEPT+efYO9NhHwg==
+v0n0.nic.enterprises.	172800	IN	A	65.22.20.52
+v0n0.nic.enterprises.	172800	IN	AAAA	2a01:8840:16:0:0:0:0:52
+v0n1.nic.enterprises.	172800	IN	A	65.22.21.52
+v0n1.nic.enterprises.	172800	IN	AAAA	2a01:8840:17:0:0:0:0:52
+v0n2.nic.enterprises.	172800	IN	A	65.22.22.52
+v0n2.nic.enterprises.	172800	IN	AAAA	2a01:8840:18:0:0:0:0:52
+v0n3.nic.enterprises.	172800	IN	A	161.232.10.52
+v0n3.nic.enterprises.	172800	IN	AAAA	2a01:8840:f4:0:0:0:0:52
+v2n0.nic.enterprises.	172800	IN	A	65.22.23.52
+v2n0.nic.enterprises.	172800	IN	AAAA	2a01:8840:19:0:0:0:0:52
+v2n1.nic.enterprises.	172800	IN	A	161.232.11.52
+v2n1.nic.enterprises.	172800	IN	AAAA	2a01:8840:f5:0:0:0:0:52
+epson.			172800	IN	NS	a.gmoregistry.net.
+epson.			172800	IN	NS	b.gmoregistry.net.
+epson.			172800	IN	NS	k.gmoregistry.net.
+epson.			172800	IN	NS	l.gmoregistry.net.
+epson.			86400	IN	DS	61387 8 2 9183DE01E842231D1F1F951DE9B25C160DFDDBAB7411AADFC6FA69764B7D44E2
+epson.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . U2S7iErfFw2jyOseT6z5VwwGlNrDr8r486kVLFgbdHq8rkqUWim0bVT171HLYJBcMrtU4LT/d/U+PVTFdQm6NdeF4eDv6u1Jr+69q/Gf295Z9lBCBcsuNtaBFfXFP2AZes8bTtjcTkqTUVqdh6x9F4e5vp9ZKO17xPW8WIFtVag8CWuPf8QRlrlHrcULyulomGrnJjTHcA+0j1zeCcOYmILdksVLnYluif1dFq5BsS+/XSpSO40zdxAPjKt5Hy02s0iAA4MUeQP8yPKOXQ2owQpjg0CUAjPPv13uMotIHZ6E3ybnLprWOTvoojtzU1LP5FSWVUNA6oQ8b0Ie7B32kg==
+epson.			86400	IN	NSEC	equipment. NS DS RRSIG NSEC
+epson.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . bnpYKLvv7ftec71TShBHFpPjZgmr6kNxRQsB2uYN4pNxVnyJ/iZt1ls9rJEzsmHK9S36/9wlqgsN/UkrJ/2YZe65+HL5CbGADfKaC5509D/25pySGagFOwObHb7/1ec3meEuvb5gewdFvQWSLTZ5BLwG8Rb/hJubN4qktXC4/ejk0haWdpMuCn1pQ1+3E3nw8PrIq65p7aFCBxNLgQn52oQU690A1GTcgKsrUAEhkIIUaJbXF+IrevvXfA/EmIdMQeAeoiVw+4781OJ3FVnX6byTHK3FQ3ILP/6FCf75jREEApxbIT40cQO71Z0NNklDu+pqliaPbEoxxubJEkO2QQ==
+equipment.		172800	IN	NS	v0n0.nic.equipment.
+equipment.		172800	IN	NS	v0n1.nic.equipment.
+equipment.		172800	IN	NS	v0n2.nic.equipment.
+equipment.		172800	IN	NS	v0n3.nic.equipment.
+equipment.		172800	IN	NS	v2n0.nic.equipment.
+equipment.		172800	IN	NS	v2n1.nic.equipment.
+equipment.		86400	IN	DS	51544 8 2 602442F2E32F4A351C89C118CF22CD5F34C324D57EC1DF0616A7DED19BCCD5CA
+equipment.		86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . uYyv8C06iJLKxuhXG+lX2UmZaUkqLkPedvrj2sZyUp4h8X0aN2snZgFovDd65GYHQ4V8BCaYoO30PapGkPrBFrc8TS3RZwNDUlaMCnXLA0gO1F0i9rug0CeFiFE+sh61Ca8HvjJZMMXo/htv+0nJAof6vkIfG4NeCJSO+4GXfZCb5V/fW2RHlOLxgZgC5Wy4Tqa8XUk8XyIaBvMdoo2Y24bGhiXMKRNY+Hu+SKuvks+qKAjLaL9V4dPiSa5c7ntDCXbSnxDRS9OlcvU2uEoTq47rdQurSHfDEyZV4n9CxS6RV1XIOF+GUGLFRolORlc2JooUF2GP7MwsO/dvzCUg7Q==
+equipment.		86400	IN	NSEC	er. NS DS RRSIG NSEC
+equipment.		86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . A4T41Tubm/7rkwC558Zy/V+esepvpQnigZVXpVIgJ2NYrHA4M2bQXlIOOmWzU2EcFdYWQQ/vECQGlA79ruD7W1mQRDkQjKvmyibUHlA1WCEU6b05GtpLL84J4el8WTp66EzALs+VvuRCFfyLRDPJL+wYH+iIFYCtmaptlYhq5589zD9qelNDLkzlOHfL7UAxyP9KiVZOjIKBVTjHiG/Rg1XAhRXgdR0U7jA25FQ6eJiL/rNWX+DigoBZi62uq1WOD47LZfL2TNSQbkpcetCBiPs5MC0LCQwgpHKG/iZ3OypkpgXHwAhzDrbSMMZ+fytmlznbl1pMgyk4X4V0trdKHA==
+v0n0.nic.equipment.	172800	IN	A	65.22.32.21
+v0n0.nic.equipment.	172800	IN	AAAA	2a01:8840:22:0:0:0:0:21
+v0n1.nic.equipment.	172800	IN	A	65.22.33.21
+v0n1.nic.equipment.	172800	IN	AAAA	2a01:8840:23:0:0:0:0:21
+v0n2.nic.equipment.	172800	IN	A	65.22.34.21
+v0n2.nic.equipment.	172800	IN	AAAA	2a01:8840:24:0:0:0:0:21
+v0n3.nic.equipment.	172800	IN	A	161.232.16.21
+v0n3.nic.equipment.	172800	IN	AAAA	2a01:8840:fa:0:0:0:0:21
+v2n0.nic.equipment.	172800	IN	A	65.22.35.21
+v2n0.nic.equipment.	172800	IN	AAAA	2a01:8840:25:0:0:0:0:21
+v2n1.nic.equipment.	172800	IN	A	161.232.17.21
+v2n1.nic.equipment.	172800	IN	AAAA	2a01:8840:fb:0:0:0:0:21
+er.			172800	IN	NS	er.cctld.authdns.ripe.net.
+er.			172800	IN	NS	sawanew.noc.net.er.
+er.			172800	IN	NS	zaranew.noc.net.er.
+er.			86400	IN	DS	6518 13 2 A1FDBFA73B513E489341D7E82029C7645D0E5F52D8500A3D7380CDC1122F52A2
+er.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . n3ZtqJhncgL2gpj4KpRrgwDu8wxm/prG7mxRKhIRxlqri84XX9miUGZBZsYDjEVvbsY1vH7Ma7dYr1hv8n4RJ2i04UNqKBJLHCipEUObaDCKi2TcGpNzDvcpvDllX+B0sgdpIwMVRRDh5r3Xf0s3MOomu8p8ELsYoD1T6+6jwB29xn2dPuRO1vMa64i64qaATrSMS3A1iH/jMrvkNMT+7ZaGJAkXpjVzH1MKzvTG5kO3VnLv8ZJI/cPg9NqjcCzYZlPc0M49h+Sc3NKnQNsPcQBAeuyeCl4SVQTncvGPatluYmJSozeu901cPc+tKIusitIeMBFJNBNg5auDT3LuWw==
+er.			86400	IN	NSEC	ericsson. NS DS RRSIG NSEC
+er.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . qshZZSbF7IFXtkZDcrXKhs28r732iCGraWdKdbNABVqkS1sZIUdKBB+qnFcH3rATjAm08uCzgPLZifa3kVFiLF1xpw7H1rANc3SgN0fZlOlYjZP/etadX1mqmZE5mSUkjYOeuM4RvI/wiBzdbtxHEd/a+NkefuKY75GMMsL5iPbqVKhyW+SDWQOID0MlDRTiemj2yPCgEPcA2avdb767NN2Zb4+AW6QVJyrjTzKXl4FXLGUoTe2hzQhOyNHYQxtxPhy++VP0ErkvWx8A/L1W8G3/JYMw+XP3X4scuOMNqcmPprH5jmBIly6FL+A5M1DneHRuBsEDZ+20+TGxPJgQlA==
+sawanew.noc.net.er.	172800	IN	A	196.200.96.1
+zaranew.noc.net.er.	172800	IN	A	196.200.96.2
+ericsson.		172800	IN	NS	a0.nic.ericsson.
+ericsson.		172800	IN	NS	a2.nic.ericsson.
+ericsson.		172800	IN	NS	b0.nic.ericsson.
+ericsson.		172800	IN	NS	c0.nic.ericsson.
+ericsson.		86400	IN	DS	47419 8 2 936161632EA5611634BAD358155FA6B976A34BC812178605E9700890412EDA71
+ericsson.		86400	IN	DS	60888 8 2 1B2FCF0C2219910E8BCC22B8B982B9ADEA8074C3C20540D58312646469C1F0EF
+ericsson.		86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . MY4xhq9mGtZAanY+XO3GjFJn+ujUH/eOJUS5GWdlK73vsYaNhVfqN1Nx5wBqK5/pFFchg6N7MoLUUd/8wXbh5EzLNgtY2ovK2hD30XDojxGbu76MOUjNClupHbHQSKLGlYJ1TbM7u84HGulsIXsD5DAkzqcM7SolhqLfsmxz3u+s6O8sNUgVUgTA5a79wDcmCkLaH7mkNi0HI3Azq8/rojz0q+z/aljMs39yKFlhLwOaf6OLpd3VVxl/jyKjOiRZCteN9JAhh3RstxwDQQ8p1Arzua57GO+We9WD41EUiXvFDNZjao1axY1ffYHnq9/t/hCj7JffA9dffDg3qeSGtw==
+ericsson.		86400	IN	NSEC	erni. NS DS RRSIG NSEC
+ericsson.		86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . wMlU9CZrT7Cn09DPZXkVCtZbsDXe5cxniqy+//u+ZthJAZIHodLIUiO08F7hkTJtGAFvi71Lu7rb0mLDCQ8PNYYgmANsQnKgp+o5j5iLq76e8v9lFMXCthl4iebaqpbQrSo+ZRJghQTQWoBx//YVV/x5unhaaRXVu9z9M25fnjHG23SoKR3BuZtEC2AJf12IeO0a5SOwpWSt437wVuJ8j4Ig1RGX12dIafAwDsq05cjZM1YjoPitDNR0ZxwTIDxmrq+bm8daVWK+lWcW8Xq2V3Xyxvi4F9VhGWLH5VNHCxDz/TOQZCUe/mt2vX8ptReVPkPu9ncdAFElWAyIs9ZW2w==
+a0.nic.ericsson.	172800	IN	A	65.22.56.33
+a0.nic.ericsson.	172800	IN	AAAA	2a01:8840:36:0:0:0:0:33
+a2.nic.ericsson.	172800	IN	A	65.22.59.33
+a2.nic.ericsson.	172800	IN	AAAA	2a01:8840:39:0:0:0:0:33
+b0.nic.ericsson.	172800	IN	A	65.22.57.33
+b0.nic.ericsson.	172800	IN	AAAA	2a01:8840:37:0:0:0:0:33
+c0.nic.ericsson.	172800	IN	A	65.22.58.33
+c0.nic.ericsson.	172800	IN	AAAA	2a01:8840:38:0:0:0:0:33
+erni.			172800	IN	NS	anycast9.irondns.net.
+erni.			172800	IN	NS	anycast10.irondns.net.
+erni.			172800	IN	NS	anycast23.irondns.net.
+erni.			172800	IN	NS	anycast24.irondns.net.
+erni.			86400	IN	DS	51829 10 2 25888A431BFA4251BF4E4D8340B9EC411AC57F6C20DAB0FEEB9CA68A34B13AC7
+erni.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . MMJv4S/Z0Phf0GGG6cujSzmyGpS0/K+lzuo6EKnxhtInu4FvRZygS671VrroHhXt5YCMIWfoTz5s3roWF6YXnFKngY5JyKyWc1vktT8CZ6dNJPHY2nLPmTQZNv4UKwbqs6b0OTncJbHhhr8qh8M6Rtw0uItFx50quzzliHMITNTA2WaWjDNM5Hgbo6YkOqP+6U+NvYvadcnNvBnydidMgNhVQAiHOM6OiQK+gp3UmO3aV8DVNekeBgg2Pmv1yg4UWWBuoGVfxxWm+uAgPxEJ/dLDZqwotu5FXtEtyjdk/NWV9fmbuCivP3OesEZpDzFXFNewcJzV8YfCKIjrodED4Q==
+erni.			86400	IN	NSEC	es. NS DS RRSIG NSEC
+erni.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . 0IJk2ixP2HMch8dRXp5VsW7ptL7y4HMqkyW5cI23kUJzyF1pifZ7rbUhz2BTyuwzqhhnLhCGBlilYZEFhMYUzyqAr4Xz3qnZbKmp1J5bTtSXBrlhifEI0X3omJeiJxgqEn2ClPc09Hy/INHPBNRyK/4g3W/wzONlUbRxztxe9vZghlemCpjzaso+nUXD22f6lDFFPPsy3tY1k37/nw2wfRYps5ldpkJyqxhjSYTzCXzQxuBBRr2ICdCAQg8CHQd+GbS8YIKpowYTCam9X8+WkQgvFVIHWmCFvR0A8n0CyzL/l2T89DL21/LP/ThoerYrds+/6hKKOlQwKb/Ry0FYJw==
+es.			172800	IN	NS	a.nic.es.
+es.			172800	IN	NS	c.nic.es.
+es.			172800	IN	NS	g.nic.es.
+es.			172800	IN	NS	h.nic.es.
+es.			86400	IN	DS	44375 8 2 9D9858AE981AA53DD1143D93844E3D69B0FB73A9B4FE5759DA39E036E754D402
+es.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . GRdGXMAQsZK1xSguPKBgOeC2WInytxrejrOAQs3bAaigghEj8G6UsW0AE4ti/kUaFQ08/7aeDHiKoScWSb5L+IZh9tF4zrQohGl/kGN2IKhYjZBcktszmw2v1fg7pN92Y+Yn+c//fok7lT3wnFAQmKqeFSp2fJu1Lu0UltDmVWlqs4Uzol0KHX3zn1nwSwEgzzG8xKgrCjk6iKs4LaNxezuq8wQ4xn7+uyWw9w7sFX764dZerSzs5IeXr3CCvHt251kbdnA9u9MFzrws3DWQNp7tZGlcfKZYwmIUPzk67pjcRDbscMExEfol/Jn8DGqF+9cLGqsW0FrHtlzikXTK1w==
+es.			86400	IN	NSEC	esq. NS DS RRSIG NSEC
+es.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . dbirLc/eUMdjsPGznJ/bXbBdt2CvIjJx2X96qRtTFIO0xLJ1QYUjgBAePqo799tsV6t8oKNFVQR5UPbe6fxeoVqTmEPFVaSZbYmVomWlQ20gN7ctVycuoz1Buuv09PUR7vapMjARk4hWecxxGj9fk1DmpwN0m42eO61VQtM+5/DaSABOy9uahen4h+JTGosQsE7He7VTVdVtHCcC2yTalGyleMyzlyYD8os+e1ud+U+xv2lhphOg7M5IJiUajc5tP0bKPEWlbZbCzSbLE7lwXHwZGNVfQP4Xv7eBTIQsBBppP/E+UYn324DKYXVkNK+CS08uXYcZh3FxBNqnH3ou8A==
+a.nic.es.		172800	IN	A	194.69.254.1
+a.nic.es.		172800	IN	AAAA	2001:67c:21cc:2000:0:0:64:41
+c.nic.es.		172800	IN	A	194.0.34.53
+c.nic.es.		172800	IN	AAAA	2001:678:44:0:0:0:0:53
+g.nic.es.		172800	IN	A	204.61.217.1
+g.nic.es.		172800	IN	AAAA	2001:500:14:7001:ad:0:0:1
+h.nic.es.		172800	IN	A	194.0.33.53
+h.nic.es.		172800	IN	AAAA	2001:678:40:0:0:0:0:53
+ad.ns.nic.es.		172800	IN	A	194.69.254.15
+ad.ns.nic.es.		172800	IN	AAAA	2001:67c:21cc:2000:0:0:64:47
+ns1.nic.es.		172800	IN	A	194.69.254.1
+ns1.nic.es.		172800	IN	AAAA	2001:67c:21cc:2000:0:0:64:41
+esq.			172800	IN	NS	ns-tld1.charlestonroadregistry.com.
+esq.			172800	IN	NS	ns-tld2.charlestonroadregistry.com.
+esq.			172800	IN	NS	ns-tld3.charlestonroadregistry.com.
+esq.			172800	IN	NS	ns-tld4.charlestonroadregistry.com.
+esq.			172800	IN	NS	ns-tld5.charlestonroadregistry.com.
+esq.			86400	IN	DS	40564 8 2 9A963EAD34A5139ED1F5E24FB422202CB704038AE15B670287BB31A040055322
+esq.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . WFurXStI+QEKF9fXM5GuuNnPrDbr4eNBkeqjSUNL1AuW+DW23wzXIEPK0e6Mhrwy681aWNlnx4iBo4yY1QHjjqVDHI8/vNtj3wB9wkixRcpIylIzKc81BKXA9I95fQcCbvrugsVWPrb51dFdyPMPnfXJfFIak4SHM3hai2OdQtRmkZcHyh60L/Ucgjx39P9AIztRxQh+WgOfvgeHPUenFEyUrdRZxyWljSwGkfaL1IPYyZKfRivdq4pnyntpTvORUtt2CPa+3wRWjDuL+xmAiV8bnAz5EFyDJQZ/ywxi6/ufRk2QVpLtz9DNCg51RXFI3drP5z/jel/kDFtr/FEaMw==
+esq.			86400	IN	NSEC	estate. NS DS RRSIG NSEC
+esq.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . cpl2NtGc4MonSEds2LLSorRAsoqHqkOOoqiXoAzqt6tGNTpIxhSEdeyvAfL0TVH1NcUsVLJwhASqycJdlKwUBbgvdxJdJKDj2clW8LwxlRlhjEniEqLwLZc6ezls3LIAsl5NbDPY18wqKj84GIqrSrR/cljDD2tjrDepxhQrzTxMfw9mhvt9UB+PLIQayyCsm7a4e6MbpRCju8mUogH+BsfAcHOhKX6yOWe6mdS5Blu3B/nQ9BYg305J/zj/LN29WWhomJAkPmUo2eBctQZRFmDfYN7at6vugFU7kxSvTURipLSfo2l0QOpncuBkMDpuxeDu4LEXqfICRzH0dCvl0w==
+estate.			172800	IN	NS	v0n0.nic.estate.
+estate.			172800	IN	NS	v0n1.nic.estate.
+estate.			172800	IN	NS	v0n2.nic.estate.
+estate.			172800	IN	NS	v0n3.nic.estate.
+estate.			172800	IN	NS	v2n0.nic.estate.
+estate.			172800	IN	NS	v2n1.nic.estate.
+estate.			86400	IN	DS	9670 8 2 FBC7771A3F609853616F5B68203D1645DD9ED6D9D56BA3BBA93429CF43AF8562
+estate.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . IZcpMvZbbY6NU32YCWEzQd/vQ6beunRGUTu8LR3BlZd7P8DoQdgRQQuV/jWZmYAqBcPWG63diPSfoLgiubmPUbhNVUIp5ZJuVHiIdl7lO5uVC26V4ZqEuobFV+CWGPpBX8OFWfksFqv8ElcxjM2nkdL6rIpmBGrSapt2mlqn7CQ+Qwp13buoy7J+A8HVWND9nPa6InzOwxHVmPth3fspVFkrCk6Z7qdYr5zcZY5o6d2Rq8zCkrSXVteVirPdWd9ZgOZ8KQpXUUS4IocdHgVGCsfRncI6DT4KbiaWVjI5wOj916OQDitsI6hwY39YQJQfdbX3KBd9M5eQO64JulyXGQ==
+estate.			86400	IN	NSEC	et. NS DS RRSIG NSEC
+estate.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . eliDV+fnpwOCPpBSLB9ULHopUTVNf9s6skorjYAbl0agbKrSJCEiNHX37qzgBAijotssBqgDHaIUYbuF78bM4Pt1WhlpbxACJFEA7+Ul2cGukcbPRuBTbaFnZfPqYOWY7l5DPqYECH2OAWLNWXTTsR2B+KYRJ3ISOj9ovg2yky5Fa5vENQtE3jXYkkvoecHnyvPj+xqHd2rb1iYK2OsSl/MlaJo6UjRZ1Xa5JrdOWJBfhM+jgLmiCEXRpyELPDfr/OO4h/WYtE2TpoIcucpspNMtR2mzErrhEkT3XcWNgvUMJ8inDAGfQzmuxBjgn4EqSQowcDTdtbViiI+aKvtaHQ==
+v0n0.nic.estate.	172800	IN	A	65.22.28.47
+v0n0.nic.estate.	172800	IN	AAAA	2a01:8840:1e:0:0:0:0:47
+v0n1.nic.estate.	172800	IN	A	65.22.29.47
+v0n1.nic.estate.	172800	IN	AAAA	2a01:8840:1f:0:0:0:0:47
+v0n2.nic.estate.	172800	IN	A	65.22.30.47
+v0n2.nic.estate.	172800	IN	AAAA	2a01:8840:20:0:0:0:0:47
+v0n3.nic.estate.	172800	IN	A	161.232.14.47
+v0n3.nic.estate.	172800	IN	AAAA	2a01:8840:f8:0:0:0:0:47
+v2n0.nic.estate.	172800	IN	A	65.22.31.47
+v2n0.nic.estate.	172800	IN	AAAA	2a01:8840:21:0:0:0:0:47
+v2n1.nic.estate.	172800	IN	A	161.232.15.47
+v2n1.nic.estate.	172800	IN	AAAA	2a01:8840:f9:0:0:0:0:47
+et.			172800	IN	NS	a.nic.et.
+et.			172800	IN	NS	b.nic.et.
+et.			86400	IN	NSEC	etisalat. NS RRSIG NSEC
+et.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . GWRd/xPwV2/WZOxg5w5QJPOLh9PdYtminaGrsvo/AWnChXGbKcSASaRxW65qngfhRk7V3YI6QU0f0xqyZDGhYKL4z2ypdtG92JcGUtbBiCN6h2Tjof7eL38gOF80DQ6o0Ywn2p3hxwhLNlZHMP5YVhdsPInoK720YFwvA3aQrlKKNm3cWlNISHNgDzsdrxe/+3EZ2vuFk+ACv3QCSoWvM5cFAKn+7i+wl73vRKl9ZwnVMg2LzvGfRKGskYIJ4PQVSZhdAP3gO9DwSOxmBBMadUlM5iRENa11ZhoiVL/AW2h9wTznVgbPYcR8sFEEzknSBWKF20kEeETyM27CRqNbYw==
+a.nic.et.		172800	IN	A	197.156.74.192
+b.nic.et.		172800	IN	A	197.156.74.193
+etisalat.		172800	IN	NS	a.nic.etisalat.
+etisalat.		172800	IN	NS	b.nic.etisalat.
+etisalat.		172800	IN	NS	c.nic.etisalat.
+etisalat.		172800	IN	NS	d.nic.etisalat.
+etisalat.		86400	IN	DS	3857 8 2 389B8D170BF2914ABE8CDD4BCCDF454BCA62523FAA83F6F5F30CB8E672A75803
+etisalat.		86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . pMBtB8BnFhQqVeP5HHV+KlKxyBDfY25HtwHS1e7b5Lvw9XQ9Pi/2/I7hEO9ghh5uE6KuMBIs7vSg/wbVL+eIAMd18AqvRXhpsKEgPgWe8ZFpZSnEv+icRz1WgymH8sL7kVZ8P/7EyZn8Cxr69IGCxofvVvUUd2MYK00CUCk0WuOLq+kveCkaOGizxTQMQAm+8AqAmXQqCpJtDflm0ZOs1F53yyQFJ8BfHB+WKWfS5pTsrm7TRB7dNncjiu3buwqz5VcWpFOWcZLrDBq0VowcVyDPq5LLPxT6RB1isJxfXSKh2omZSanMC1tsPQYatXfQPnSDVWxFo6cHPY54IVE6Wg==
+etisalat.		86400	IN	NSEC	eu. NS DS RRSIG NSEC
+etisalat.		86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . KJMcxn5cDTj6fO18Z4j2ec/tnG5HIm42CHVA6dSJMNd7NcX4aswbsxD1Nl//ZRVdDAD9rgf1tydLiGhdZycEuU3kqm3roTmJRVwwMaPfyq3vNs0ZjWparjVtZZxloQBJoT3L0xrtYXk00I6VlkEgpop3O2KaLTintUb/Ng8N7yZrl+m8gfs6bGVmSmLxMMc7JNIv9P2irw3dZ5ubM1mfJ+S2r1yteJ2qY8hQYGtgFjKghE9pU5uKqA7boUqcXWBbYjkFI9A1v6zDPgIe5Zrm3CSmmUWTnN1nnLoeYyDNqjQEkyw9Nsm+ZiiV0EyEGrlEz9Ug4vXZR+fUSuJMF9u+vw==
+a.nic.etisalat.		172800	IN	A	194.169.218.48
+a.nic.etisalat.		172800	IN	AAAA	2001:67c:13cc:0:0:0:1:48
+b.nic.etisalat.		172800	IN	A	185.24.64.48
+b.nic.etisalat.		172800	IN	AAAA	2a04:2b00:13cc:0:0:0:1:48
+c.nic.etisalat.		172800	IN	A	212.18.248.48
+c.nic.etisalat.		172800	IN	AAAA	2a04:2b00:13ee:0:0:0:0:48
+d.nic.etisalat.		172800	IN	A	212.18.249.48
+d.nic.etisalat.		172800	IN	AAAA	2a04:2b00:13ff:0:0:0:0:48
+eu.			172800	IN	NS	w.dns.eu.
+eu.			172800	IN	NS	x.dns.eu.
+eu.			172800	IN	NS	y.dns.eu.
+eu.			172800	IN	NS	be.dns.eu.
+eu.			172800	IN	NS	si.dns.eu.
+eu.			86400	IN	DS	35926 8 2 89B9EF0445904E7C6074B5BECE823C3E264FBD91C103D10BDE603412343CE70C
+eu.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . JfSSEDKhzIC06ZQ0EB6uh7O/WzVyOu3IscokmFOmdVYyTr/M8isVf00A2FgyXmRJR9wBogoLpBGywa2Vam2mSf9AVMZvCHf9WIFJ33UyYKyYvXelWDxZdtTbB1sU88hx6t5vipcDgOQ9w3oo7PGvQ/uDtmuNNlmAXqlMPY1L8AgQPZcqrNfKicPpKQq9EWZHE0n/6P9EifMWLjItIlTKLMHPq9Btig1FFkxMVHoy6njDt7tbIt07gNidRuBeeZtDfOON6dqcKHGXIkIj5dMEykGQJcvBh9AoByuHvZOaAX4OhHQkCdsiDtRCqHl+yMPfg4IY+iYfB3h283EBzU70zg==
+eu.			86400	IN	NSEC	eurovision. NS DS RRSIG NSEC
+eu.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . AqzXjCgeNw+kPotE3mQmaavo2+L9uw4CVBjMa2Fl2dE41SnV/3HZq85e2OUanZVQAzmWy2NO4fU/ffNow8RyccSUHiCzXATGauO1QQpBdLfh0EYOJ4XCRR8TJBdKNBYwJvPVH6CGXJekibm4Et5BXzIolLUcjBrnt/2CW0ytmXLJh3237/BG0d+7zHZMzz9tfL3GkSgiYyoipMBLyIRNqOzAetbaWSs4/6hZlFpDX+lBQgeaavi2twTCQI/+vSjlu2xETgsqGhIAtlGWegfyq84En/TFy14YTlfXVe9Qr/AeFdg13SgQtgmrmuQAFwj9gbl5rc8sSZ52nrSO0ThCEQ==
+be.dns.eu.		172800	IN	A	149.38.1.26
+be.dns.eu.		172800	IN	AAAA	2001:978:2:1:0:0:93:2
+si.dns.eu.		172800	IN	A	193.2.221.62
+si.dns.eu.		172800	IN	AAAA	2001:1470:8000:100:0:0:0:62
+w.dns.eu.		172800	IN	A	194.0.25.28
+w.dns.eu.		172800	IN	AAAA	2001:678:20:0:0:0:0:28
+x.dns.eu.		172800	IN	A	185.151.141.1
+x.dns.eu.		172800	IN	AAAA	2a02:568:fe00:0:0:0:0:6575
+y.dns.eu.		172800	IN	A	194.146.106.90
+y.dns.eu.		172800	IN	AAAA	2001:67c:1010:23:0:0:0:53
+eurovision.		172800	IN	NS	anycast9.irondns.net.
+eurovision.		172800	IN	NS	anycast10.irondns.net.
+eurovision.		172800	IN	NS	anycast23.irondns.net.
+eurovision.		172800	IN	NS	anycast24.irondns.net.
+eurovision.		86400	IN	DS	52357 10 2 FC1CA626451621109D8314D5BBBB3DA8C607E36FB0C5493BD6F237762C2C7BAC
+eurovision.		86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . aX2wG4Hm2wgNpYTNBjT46yMQUc/gXMb/CgYAH5v1xNQQLd6jlOGftoSHQTg0RaXf6Ldwk/TAYULdEQz9clxFm6l/diwm8AqNM9MrUCcYIA5T8kSnCHz47iaTvnSAlbVlxv4ISdHYXHsFTCgeQbJm/mKatJ9e5RDwG8la7uzrsayzmn3Fpx0zKTr3h/mmU2B0gPp7kB0IQyENm2XmvEhRoLfnHg1hcIfEGD21YQzf62DfuauxCR+VbgDOPPct8uRV84s7d3jE7JC436qjWn0a0djS6f80d0YAOgIcGgyqnpN82KYdQ5GfPgvwmhl6iaF2Tj2QQfWuBH8YL3l+odAbuQ==
+eurovision.		86400	IN	NSEC	eus. NS DS RRSIG NSEC
+eurovision.		86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . JbPd+bFUfLyof9zVrzlMmMkAYmX0WmsIja954xDP0U2lQUrUqMI95DNxmrlU/RL3di6oHBqXnju1DBoXL+YkN7uae6aHpN0t0KzngyyKEL9/Yu9qs6rJqgm7Gly6EIjzGog8xyXvuy+ewn1ldFMw/uiX2EbwJev4dsJvWRKUf4DtHQKo+hr6Fku3NfiBT1hLSjB+O0TTLGk7U3OjnQEO04oZ27G2vnY6dvOaIgoZc42Ppp7oLK8DGuF+eC6S5HPszxHdXjsD2sOwQTz/CZElr6UZpjo5YbNyzbkkhFX9JVOIH2Ik4XQvYwrL8rQuxLYqyL4+tuPHkhtyXgdhxmdDqw==
+eus.			172800	IN	NS	anycast9.irondns.net.
+eus.			172800	IN	NS	anycast10.irondns.net.
+eus.			172800	IN	NS	anycast23.irondns.net.
+eus.			172800	IN	NS	anycast24.irondns.net.
+eus.			86400	IN	DS	37627 10 2 04415714A6DF5F737093919D47FDA7FE0745D4A0AE9DFD4E8652D51D49BAC4DB
+eus.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . cPKI3VZadpJN2L/5kqZm+np7QNshvV5uxcwFNR+6MCY9RPZcnsv3Bz7e+2RcjQd4whuw54NAlt44alv/NLZMigKXzYEJyQB6OQBgD+l24dm2npXtvxT1wK3dA3HbYB27oBy+k33lwXSuYbDLIHoZ/v5yd6Mz3jsrvH+SaR4y8Hp+ByI/o5JpChXup2x2k7VPRh4iNORvCqjkpYjCVT//27bInNa2wRkG63JhXv1Jw9i8TLTmLgfeJA4NzD7pjjNvjqAgBoSBHqMseX1Lgmc6G7f/hpYrEQkGKpKuVR/5YvaX4PcsxWofdiruWuf9xe9LSBX15IifiWwCKBbXQEu4aw==
+eus.			86400	IN	NSEC	events. NS DS RRSIG NSEC
+eus.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . NCjdgmCabkpA7S89G7e6/R2JAdt5VJkL/LHvJIZFsygQmHPbixeWyiyJAmCQQGSvMIwnRdXA+uHT3nQoBLHxWjScF/9FvkZWHCb96ZNzEQ+7gHzLXgqYvCNu1V8ehc06tBPk07ZEwBKEasYRZUCAjJU35Dl0FyEUR/RY9rJ7DU8rAJIoNft1KHht6QHrP3EmTgOVS9T+gs/u1pARYBPW0xYI1Dah4iTAQ3tBzXZCHDsMLktH+mzGHU/m0qPAy97pOLWvNHMXvu4UmvVvkICnBCNL0Mz92Jc0oymn+/usPxKeqMCgO22h0QdTSPlWWkT0NP5S0hZX+9MjB3D2/4u93g==
+events.			172800	IN	NS	v0n0.nic.events.
+events.			172800	IN	NS	v0n1.nic.events.
+events.			172800	IN	NS	v0n2.nic.events.
+events.			172800	IN	NS	v0n3.nic.events.
+events.			172800	IN	NS	v2n0.nic.events.
+events.			172800	IN	NS	v2n1.nic.events.
+events.			86400	IN	DS	12487 8 2 51D1AB269AC995942F3AAA4BCCF1C7B47B625892D8F7AC24DC74ED305DF0D2C0
+events.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . dApcTwU8pzu1o10jV8T6Br0nULLl8daMHe1L2h4MMbkSFi8TsZW/A+2L/US2BtSJpMNihiSD7366yVitZWFUh7a/buRb04qWqOFNa2hbZiR3MaTnL6llGfrKYV3C7fAnI8fqMEeEOxCfFxdn8w4m022k5qwM3XerrKDrcFHWloANMW0ckyVNKlf9Zcb4TYCsbjYJAW8awuMHHqEn68Lcztd6z+EibZE49IlDaSc4vGjmU8NQQrLUcxZp4M2Y2meyFSFVr1vqetjBQ46WlNyMFraTOV+Wk4DkK4AubWel1DlsusX+HRH6RKadHqMfX15VSLM1BfLlCGhpnrmRTxqjmQ==
+events.			86400	IN	NSEC	exchange. NS DS RRSIG NSEC
+events.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . EHKGmW2ekscFWqiuapTwzKKeILMMU47+sApgxLB9oycQdKsSbKwE66tcTYOOp1KfPg+FtCiF1mOUIYNk/At0KbRZFGhz/6bmigoSHg4f4C7mAgS+1imknjAHXN1hFrNCA/f1BX1fpQiIC1vqYYclpvCTijeVvnPocV5ZeB+0zstmTsGPD+OyaKySpxDJROADLQimDb3YAZwKpfn9pUkKQxU/5Awil+cSaxj6fFCMjNLH8HNCBocQFsj1Nlg2iL48f/H3NdBF+bbyhInwnVxYQpzP5umiDnmwmmsREuaJ+6lY6dHllSBoP7PqcHcMKihYmM0e0+EoQ6giUfgmcwxvYA==
+v0n0.nic.events.	172800	IN	A	65.22.32.6
+v0n0.nic.events.	172800	IN	AAAA	2a01:8840:22:0:0:0:0:6
+v0n1.nic.events.	172800	IN	A	65.22.33.6
+v0n1.nic.events.	172800	IN	AAAA	2a01:8840:23:0:0:0:0:6
+v0n2.nic.events.	172800	IN	A	65.22.34.6
+v0n2.nic.events.	172800	IN	AAAA	2a01:8840:24:0:0:0:0:6
+v0n3.nic.events.	172800	IN	A	161.232.16.6
+v0n3.nic.events.	172800	IN	AAAA	2a01:8840:fa:0:0:0:0:6
+v2n0.nic.events.	172800	IN	A	65.22.35.6
+v2n0.nic.events.	172800	IN	AAAA	2a01:8840:25:0:0:0:0:6
+v2n1.nic.events.	172800	IN	A	161.232.17.6
+v2n1.nic.events.	172800	IN	AAAA	2a01:8840:fb:0:0:0:0:6
+exchange.		172800	IN	NS	v0n0.nic.exchange.
+exchange.		172800	IN	NS	v0n1.nic.exchange.
+exchange.		172800	IN	NS	v0n2.nic.exchange.
+exchange.		172800	IN	NS	v0n3.nic.exchange.
+exchange.		172800	IN	NS	v2n0.nic.exchange.
+exchange.		172800	IN	NS	v2n1.nic.exchange.
+exchange.		86400	IN	DS	46084 8 2 7AF19D7F0DA9372DC3CE58871F2A06EFEBDB7D44248EF60A7B0CA5A595192B4C
+exchange.		86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . lS4dYZ/43+PwcmJGjjF2xkxJ/H3WavuvmUa+r+EHylYyMRPQgzk7Wcr/xJk3ZuOPfGbuncY3QC6wuc4uADLzoLUO67zDNlW5SBWUNa0ICZAYAm52hssPw2lkFj6jcxHEsymW4imoCiAmcI3TWH27Gi5LnaGZhOvhNH8QZ9XVF/fDK4APP3tMcnijUzo2HNK5stYnCHssmcIJCzVBC4KGmF0iMuyKFgFqsHRlwLJkI7QTS9N1g2IfK5/OnoFIO9DDWTkcmVArbpwkpbmo1xeVdMueclPma11R+Yp7Rp9qqHU6YuG0tEcebiNC5ESCmBLWpQv1DjfsNTRipyFf3NTonQ==
+exchange.		86400	IN	NSEC	expert. NS DS RRSIG NSEC
+exchange.		86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . wPhFiNmSEi0tp7RZbCGa3DSL03XyPD/uy2NifL3XHnoWdSX+D51hKIN7b5KzpAUoBk3ram/eH7DFHR3sEw+xOFB8sfCHdyWxKN9IK+YS161myOdTL7JdtehhwZHlpJoGrivCPAnmJdUIuYzfHg/HQzILy0i1XIWcHB89uDUwZCxgpw+WcA04UrJkWigJXmo3f9S6EyoD59WFuwKdCuny+IUW5sADoIfSK0ubaioLdiNHzh7wUQ9uge5HM1Mr3A51ibuTimc2AWfs0Xr1ibzG1y9KOZcEnOuNKj2EnZar/0BR9E7Wgysv03tBNeGqy/SZl2Vi8wTSzUDYgtObqcAjXw==
+v0n0.nic.exchange.	172800	IN	A	65.22.28.14
+v0n0.nic.exchange.	172800	IN	AAAA	2a01:8840:1e:0:0:0:0:14
+v0n1.nic.exchange.	172800	IN	A	65.22.29.14
+v0n1.nic.exchange.	172800	IN	AAAA	2a01:8840:1f:0:0:0:0:14
+v0n2.nic.exchange.	172800	IN	A	65.22.30.14
+v0n2.nic.exchange.	172800	IN	AAAA	2a01:8840:20:0:0:0:0:14
+v0n3.nic.exchange.	172800	IN	A	161.232.14.14
+v0n3.nic.exchange.	172800	IN	AAAA	2a01:8840:f8:0:0:0:0:14
+v2n0.nic.exchange.	172800	IN	A	65.22.31.14
+v2n0.nic.exchange.	172800	IN	AAAA	2a01:8840:21:0:0:0:0:14
+v2n1.nic.exchange.	172800	IN	A	161.232.15.14
+v2n1.nic.exchange.	172800	IN	AAAA	2a01:8840:f9:0:0:0:0:14
+expert.			172800	IN	NS	v0n0.nic.expert.
+expert.			172800	IN	NS	v0n1.nic.expert.
+expert.			172800	IN	NS	v0n2.nic.expert.
+expert.			172800	IN	NS	v0n3.nic.expert.
+expert.			172800	IN	NS	v2n0.nic.expert.
+expert.			172800	IN	NS	v2n1.nic.expert.
+expert.			86400	IN	DS	35986 8 2 8BB05A08616E1D432C7118D31FCA1C48E3CFAA536DC81FAC428EB3A4D695153C
+expert.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . AriL8r0SiOAGffaCNnc3Lrg/fKLdSsi2upV8MpGdVPsKcaWBcPOxJJbl9LKkJbq8gst9uIi1zl1iBxRCZsfWajnbgWEUpFWiJt1rMAbaIW4Jx4laZ5A0759oT8VavUvGEKKhFrDe35E/gTBYmrVJQQVeuI2Jih5vSE8nqkzYVbWIVBvpfAt7UFEkNyBkhkgLfsTHqBGFALxo/5RCWOl1JPVt9yWkqPAOGEB5r2D/A8Tk+gm/zIID0vB29CEY/sldjoy82kKeEvHU4+qV5iaY4Aolcu/pAtsxHRztPfAkW9AMASx/FiPaa64+yTAjT0OKrvTNNS5yBl1WdCGNCoQ1ug==
+expert.			86400	IN	NSEC	exposed. NS DS RRSIG NSEC
+expert.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . oUlO50yinVmMmUo0MxsmBh0i/FaqaSvlZ1PH6yZHOldBKh47h+PQvhce1wTDSf5MWQHvzMPEDdSA2ITz5pX4Lrz/zR8deo5ZA9VIhKVJdneZOILIqN/LGDIlxJUEAHWpAzx7hcgC9MtKXg/5GVMyS/WvJiki3Xd0BpZ6LloyNIxeHokXPpPY+6AyBUcg1XOcui5CYx4ha9NZgkVM/s0Y+Zr89xIOHPLMiQx+F1LS46gXt+86Q+lmU4ZCbbehObzCxJQ2fKA5HpKnWFqFbp+MgWOePie+652QcM53teasfX7lXtfUlQ9QcrHgZgpCBLFU6oar/sh3XZrcAlkj5x06TA==
+v0n0.nic.expert.	172800	IN	A	65.22.32.4
+v0n0.nic.expert.	172800	IN	AAAA	2a01:8840:22:0:0:0:0:4
+v0n1.nic.expert.	172800	IN	A	65.22.33.4
+v0n1.nic.expert.	172800	IN	AAAA	2a01:8840:23:0:0:0:0:4
+v0n2.nic.expert.	172800	IN	A	65.22.34.4
+v0n2.nic.expert.	172800	IN	AAAA	2a01:8840:24:0:0:0:0:4
+v0n3.nic.expert.	172800	IN	A	161.232.16.4
+v0n3.nic.expert.	172800	IN	AAAA	2a01:8840:fa:0:0:0:0:4
+v2n0.nic.expert.	172800	IN	A	65.22.35.4
+v2n0.nic.expert.	172800	IN	AAAA	2a01:8840:25:0:0:0:0:4
+v2n1.nic.expert.	172800	IN	A	161.232.17.4
+v2n1.nic.expert.	172800	IN	AAAA	2a01:8840:fb:0:0:0:0:4
+exposed.		172800	IN	NS	v0n0.nic.exposed.
+exposed.		172800	IN	NS	v0n1.nic.exposed.
+exposed.		172800	IN	NS	v0n2.nic.exposed.
+exposed.		172800	IN	NS	v0n3.nic.exposed.
+exposed.		172800	IN	NS	v2n0.nic.exposed.
+exposed.		172800	IN	NS	v2n1.nic.exposed.
+exposed.		86400	IN	DS	43324 8 2 06DB817955E79F54D71E1D818B4F4C7EDBBAFF2AC602DB75FA95E5B4C9DBCE6C
+exposed.		86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . 0QEH8gfD0Rx9LSl1NHnLhxjLOEVx7WWKqQhNUbT/gtbK2ivxataljNvuotzVAdXlFJxDJtlwsTLzmVX5SXFhxiaKwrZfNlnNRiV9Zs6QZUzPhxeec0b+O6KB+0Id+BkIGnUyj+6OHQcnCg/Hlv+rx65HOncegdtNkusYuNcOHosiyesfeJX/nR1+1H9gJ7iIstM+kWv6+GQADV4TrBZbo2nA+71oi+yJZrpzO7ADX4fpbL+awFWSC7N/AYrO1VxZT0w/k/YlKqDv4TsrSabFG1aGtMuIO2rfXhshseSPomxjJx4ynljalp1HhYOii8CqkFp8wM1McDbtj5mZ00Tpvg==
+exposed.		86400	IN	NSEC	express. NS DS RRSIG NSEC
+exposed.		86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . 0a+2StrOqFwVfGyoyyCQj2xR/gSH25i6IlJKc7rWavdda9g1x8QYvO6CLDGFpFhYss4ZLZnrB0srsexorjA3H/zktl/uhNSy7FNw3GD+o1k/kfKkFVQ5W68bxjXqU39LpfgSFXloeF+UhX70SEeS/c8cAtRkK7guvQIdGfdO5Yf1Vc7izFfq8S4btwWEtLTlN9Ysfc3C6HjAEXBcKTRm5++NtH7gk1SfEJgIqcNgOr7oMr2Q3yPAGoHquIujpp7nEle8bUj96Ve0DEHad7GkVSQ1ammHD8zZ6A98/IkN7xDueuiSn4ikweH7fa/YeT2T1DggtmIXvKMSgZUJNxVW+A==
+v0n0.nic.exposed.	172800	IN	A	65.22.24.58
+v0n0.nic.exposed.	172800	IN	AAAA	2a01:8840:1a:0:0:0:0:58
+v0n1.nic.exposed.	172800	IN	A	65.22.25.58
+v0n1.nic.exposed.	172800	IN	AAAA	2a01:8840:1b:0:0:0:0:58
+v0n2.nic.exposed.	172800	IN	A	65.22.26.58
+v0n2.nic.exposed.	172800	IN	AAAA	2a01:8840:1c:0:0:0:0:58
+v0n3.nic.exposed.	172800	IN	A	161.232.12.58
+v0n3.nic.exposed.	172800	IN	AAAA	2a01:8840:f6:0:0:0:0:58
+v2n0.nic.exposed.	172800	IN	A	65.22.27.58
+v2n0.nic.exposed.	172800	IN	AAAA	2a01:8840:1d:0:0:0:0:58
+v2n1.nic.exposed.	172800	IN	A	161.232.13.58
+v2n1.nic.exposed.	172800	IN	AAAA	2a01:8840:f7:0:0:0:0:58
+express.		172800	IN	NS	v0n0.nic.express.
+express.		172800	IN	NS	v0n1.nic.express.
+express.		172800	IN	NS	v0n2.nic.express.
+express.		172800	IN	NS	v0n3.nic.express.
+express.		172800	IN	NS	v2n0.nic.express.
+express.		172800	IN	NS	v2n1.nic.express.
+express.		86400	IN	DS	63130 8 2 57D56C05AE39F31076A67FA9D97368908461D311DBD01F32174979A6E75921DA
+express.		86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . 1gnTU4Ga3FmNLOFkOwPPvKOR7gLV0hsvZo5IDSpWmbHzJ5QQuBghwSu7qaB2MY6RE7fKSU0DNeLlaEeahbaJgllVcgBei+U7nZdniZKyeilSIn0pBGf0nk2bMISPU1An2LfbiswInU5n+t1zBUCMqRFCY9btmZUqCLSwLGxssmVG+3ZJJBKCm2ZZhbwwXhpJtNtlfm5BGdHSituQgrgrUkAKB5ZZDs8ESNopSXHx/ROW++TUDQmCh51RJ8qsQzTZe+SDJ4DlFH3JJ9BTXgkkThEDN+Csah1a9grXgQM9at5SueglL7o2mN5irNWFEISz+8qJ0q5vQRV99lrsnpAKOw==
+express.		86400	IN	NSEC	extraspace. NS DS RRSIG NSEC
+express.		86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . vPVLIwv7q4rVOc86iX3XZnoGu14g+5a95sflEFbYZyRM7bOEnplbCdhtHfMu4i3DEQqL4PGsLdRLpB7fPJ8zr1R+yim4GlUTzyr2UGjdkfv8LcMcsS7iq6oY7ADwr4/WMm3NMczlB3doK4cR0PSTFNQZCNrofwDCdfjyFOhd3qEEwEm9HS4QPsmj+eIfK1t5EFxoWsZw5gk/wQJwbZsNNZ0J8vnvmTgMlu+ZCavyZmUrXgm0g5r5BN4Y7evieL7oTCSE4nWwQXOsL58IGDccZdA3QbKks6lOy0AAHpLwiMVVJrDnjzskWXckXHExN39Lt9sGIQUoTrltEwvtmdgXPw==
+v0n0.nic.express.	172800	IN	A	65.22.32.16
+v0n0.nic.express.	172800	IN	AAAA	2a01:8840:22:0:0:0:0:16
+v0n1.nic.express.	172800	IN	A	65.22.33.16
+v0n1.nic.express.	172800	IN	AAAA	2a01:8840:23:0:0:0:0:16
+v0n2.nic.express.	172800	IN	A	65.22.34.16
+v0n2.nic.express.	172800	IN	AAAA	2a01:8840:24:0:0:0:0:16
+v0n3.nic.express.	172800	IN	A	161.232.16.16
+v0n3.nic.express.	172800	IN	AAAA	2a01:8840:fa:0:0:0:0:16
+v2n0.nic.express.	172800	IN	A	65.22.35.16
+v2n0.nic.express.	172800	IN	AAAA	2a01:8840:25:0:0:0:0:16
+v2n1.nic.express.	172800	IN	A	161.232.17.16
+v2n1.nic.express.	172800	IN	AAAA	2a01:8840:fb:0:0:0:0:16
+extraspace.		172800	IN	NS	a0.nic.extraspace.
+extraspace.		172800	IN	NS	a2.nic.extraspace.
+extraspace.		172800	IN	NS	b0.nic.extraspace.
+extraspace.		172800	IN	NS	c0.nic.extraspace.
+extraspace.		86400	IN	DS	64657 8 2 9697A3469E8E24F5B49FECC0D2F2573CB96D106F26781583E705111BEFD15571
+extraspace.		86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . s+LQpQh6iDyLgSoHZVC6ZNiT9RGc0vz2IO861KOn7h994iuKZrc66mWSgA/LQfSU3BPofm7me8s2Z7LT68H5QoXPzjspUWHv6chwrfTpk+txLcYYXofWsUD1q88dLYAz5PkaQGJxBjgXIcC9u4KWDMCSowwRvm27tk3lq1Gk//aILIZ3JWWooC+W89R6u6+dFRnFyizD86zD9vwWzDTNSTrXRFDfMgRwVO8yi0vGVs7oZiD+BkUTkQRUfe9ejsF69P1yregDJBfwktv7Yd6GuUSQFIvwJG2To+JdaK4RvfTzX1C+ECpr8qIqy45jRM2CjFeHa760X5abA3XuNGtISA==
+extraspace.		86400	IN	NSEC	fage. NS DS RRSIG NSEC
+extraspace.		86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . E6hVbqXX9P37DHfPCsamwDUDlLByl/KgA+AN4gSRTXu3tAoLXd0Pq0ur0uHqC0/iwxN0IkSZTMvey+fzEj/etWrTrunIWn5t4wNUdERq2deyRwn5Rs11oMooSN0HnSioUtvjWKm919T9GRT+68mjjKRYkqdKHQXowYqDUzKZnHigOyZr1mvmr1AopfJABaoyU5JVZaY34awj1W/Gn4T2LZHP8YMUyWsX6Pw8iDW5gb62mgrmjvMWZpkW7w68IwnN6jtUmHIS2oblpNE3HY6F8/2eDW/EOViHmSrTYib3bOD4ZjMQb1+B0P0R+EgrWt/jjPZzyfmZ/peVmARkBRktEQ==
+a0.nic.extraspace.	172800	IN	A	65.22.116.1
+a0.nic.extraspace.	172800	IN	AAAA	2a01:8840:72:0:0:0:0:1
+a2.nic.extraspace.	172800	IN	A	65.22.119.1
+a2.nic.extraspace.	172800	IN	AAAA	2a01:8840:75:0:0:0:0:1
+b0.nic.extraspace.	172800	IN	A	65.22.117.1
+b0.nic.extraspace.	172800	IN	AAAA	2a01:8840:73:0:0:0:0:1
+c0.nic.extraspace.	172800	IN	A	65.22.118.1
+c0.nic.extraspace.	172800	IN	AAAA	2a01:8840:74:0:0:0:0:1
+fage.			172800	IN	NS	a0.nic.fage.
+fage.			172800	IN	NS	a2.nic.fage.
+fage.			172800	IN	NS	b0.nic.fage.
+fage.			172800	IN	NS	c0.nic.fage.
+fage.			86400	IN	DS	17296 8 2 73F0339F6D64BE40A263E66BF730B0EF53A4372978561E0CC8F3CB754DF443FE
+fage.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . c2/FlQTvdLCpbI538oOzofJRbfd5jvkI053OMWiINVfC+qLvNfC3puxmrPamgAmwupnkeaU8pNedwVDF9tBTIVNtJ/PwK3AwCMixbQ9B0z8pRtxUibiJGCmbswQ4uWnzdph5W+SsWWaWmprfwNR7oTzDgmavU+4xxQsmZEg2NQq+vEvEVMcgDnWJGossy+jwCFsr0gmEvIR9WRVy7cnX+MBTRoUktCLt32BnA7sFmtVgOWBUhV7F0cZBx/B9v7X9K8KMot0lHt0hbMu/WjuhZhrKIhj9mbZQboA8iyCTSYJPt/Vtx3ZXRpKZUkllU2jn5EkVUppkms5WQxQ/lwSxrA==
+fage.			86400	IN	NSEC	fail. NS DS RRSIG NSEC
+fage.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . aH+vpQShAe0aRyBv/v0oQIiCVrFZ3YTiyC3sm9ZES9Br/9EUOr8Z31qqEkkammBV29fsArHhhQOVcXKq1oe61R0pfa0IsNctw5fGa5ruvJTPejmkL89OitTg93y2r+I6bQlS9UHh2MPc8+Gn61cKYqAtqJLV2WXxuZ0Tf6clfhqcdjznjCCgL/ybhkELwrluWeqVp3t+c6j3S7eDiigGgtuk+wfRC3W4Vnum7U9hlsH8QN2HM3Di6/Jojl6cqTCt6EfADbEmtVfo5nmHaiJsetPa5I88U7j2m0PpqFH8nsr65o76YGL2+7QX0fe67623Ut7zSMOKEHqTKce2/OjkCA==
+a0.nic.fage.		172800	IN	A	65.22.156.33
+a0.nic.fage.		172800	IN	AAAA	2a01:8840:9a:0:0:0:0:33
+a2.nic.fage.		172800	IN	A	65.22.159.33
+a2.nic.fage.		172800	IN	AAAA	2a01:8840:9d:0:0:0:0:33
+b0.nic.fage.		172800	IN	A	65.22.157.33
+b0.nic.fage.		172800	IN	AAAA	2a01:8840:9b:0:0:0:0:33
+c0.nic.fage.		172800	IN	A	65.22.158.33
+c0.nic.fage.		172800	IN	AAAA	2a01:8840:9c:0:0:0:0:33
+fail.			172800	IN	NS	v0n0.nic.fail.
+fail.			172800	IN	NS	v0n1.nic.fail.
+fail.			172800	IN	NS	v0n2.nic.fail.
+fail.			172800	IN	NS	v0n3.nic.fail.
+fail.			172800	IN	NS	v2n0.nic.fail.
+fail.			172800	IN	NS	v2n1.nic.fail.
+fail.			86400	IN	DS	55696 8 2 23599FACBCF180CA8A276A70E5E407236CBFCC5C9B27CE00972CB83F99803577
+fail.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . oDanZFV9aWac1Puimq1GWXxLuHSIVWSnlEv/SdORcJTiGfDvng5ixwLCT/OOC4BX+eQr6XsajFBGVILoewNP+yIFEdRtDYH+KG92ZGDwVBu02S/3OrA6iCcYJ3OCmxxpyvS/n8g5GZWmJM7pz9OGTBQAOsBSlWJ8hj+JDUT8WgmqoVvDO9TBPGQJgCECFRbMiRRqfbd3Epd+xXzTIPtp1QZYYpTwENXNCtRCl/qxyrQFstnW24UnGTU0M2yM2fVEEHM3o+6Vm25aJB0fHR8+oZew/N8Lb9DRykIbswRVlkYEEic8N02Kha+dsx6WUx1uzS1xcu4bYoBY+XzZRQ6M/Q==
+fail.			86400	IN	NSEC	fairwinds. NS DS RRSIG NSEC
+fail.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . ENsotzJkF4YRmk0FZDImrb0kt7kLOVCmctqlrqx3kdaytCb0+UKY1EG/xly/QX/GGHfd+0UEljKTicwoOaji9PEz1rit1u5dXl5XP/V6YbqkyXSiSCIGqg6eem2cHcJsmd/EPaijxzRAjVnpwfVMGAz8qau6NaKt4yhDlF9hmqymS8zC504+dLRHFYVlyyp1153iDZouNSM9XIkmj5XJ/8aueAXsbw2SgfTUgz9J9WIw7yFI3TtObBGXtGfyIG93YCDtLqdE6gOJ6C6trUw4/LhCcx9tlspkyLPCNUuoZKicjVuZ4msThON8yLfN45yFi33yqRPMYuW1TwckqdTZ5A==
+v0n0.nic.fail.		172800	IN	A	65.22.20.56
+v0n0.nic.fail.		172800	IN	AAAA	2a01:8840:16:0:0:0:0:56
+v0n1.nic.fail.		172800	IN	A	65.22.21.56
+v0n1.nic.fail.		172800	IN	AAAA	2a01:8840:17:0:0:0:0:56
+v0n2.nic.fail.		172800	IN	A	65.22.22.56
+v0n2.nic.fail.		172800	IN	AAAA	2a01:8840:18:0:0:0:0:56
+v0n3.nic.fail.		172800	IN	A	161.232.10.56
+v0n3.nic.fail.		172800	IN	AAAA	2a01:8840:f4:0:0:0:0:56
+v2n0.nic.fail.		172800	IN	A	65.22.23.56
+v2n0.nic.fail.		172800	IN	AAAA	2a01:8840:19:0:0:0:0:56
+v2n1.nic.fail.		172800	IN	A	161.232.11.56
+v2n1.nic.fail.		172800	IN	AAAA	2a01:8840:f5:0:0:0:0:56
+fairwinds.		172800	IN	NS	ac1.nstld.com.
+fairwinds.		172800	IN	NS	ac2.nstld.com.
+fairwinds.		172800	IN	NS	ac3.nstld.com.
+fairwinds.		172800	IN	NS	ac4.nstld.com.
+fairwinds.		86400	IN	DS	8913 8 2 4B1C638C7FC58D11BF54B976CE4FBA1CDB935F993F6B50194093B2479BFF8504
+fairwinds.		86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . vlFjo+HYO5wJzUI2v2mvFyAMVamDEfMp59tY/odppWMess6eIgE60Bmdv8bLBw5okznW16JLDprRCIY10rLtMsVzwGcT41gjIjRodTJiUL6pJa5Ya5vcSF8O47CkeTEI8QHFT4C7srhaJ/9IrkqaQ+ZfowTOgpDjkakMf09m5F4T+RVSerih5PcMVYhk9eueNyHPNacOQJBF3ihBqJ3V1V8MLy/1habzSi7AVR5bnMzZgqhf6wi54YcrgcYmyE4gnVJLlmNQZojNdJXATYVHtTi54eG4InYqJg8dhjU0J/gaR+w+EUz4B0fxlHbiDlmTojlIdcmgNczooAatlbQcHQ==
+fairwinds.		86400	IN	NSEC	faith. NS DS RRSIG NSEC
+fairwinds.		86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . VBk6z9RzzN7F5P//hJYsLEWslgxAHqjTJ3AekZ8d9K+CzaCG0TKwUzQrg9vfUUvrYLtejNh0kkM15cy7vgOAVlw7a5nMWO5WlaygxQAMhT0OiM18Ur6UwPpyfDiTst/g14PvFjB11EXXCBHpFI1uAkE0mP4ZkmkFj1kg7qRmmtYKTz5WbiUC4IQY/z/0S7QAlb60KLY6rfh/koVpPTFvGc+4XhN9nuGzhqRUxFCXKrwwqXVxU+QrxL9VstLl2Lp8OIJXvaZOZ0f2Ke1ojR8wcOIgIEzNPlpAZNpC8KfaKH9giKUZ0UvH+HFMd9a3FPxoB5RQB48QuAI0OTaZ95JnYg==
+faith.			172800	IN	NS	a.nic.faith.
+faith.			172800	IN	NS	b.nic.faith.
+faith.			172800	IN	NS	c.nic.faith.
+faith.			172800	IN	NS	ns1.dns.nic.faith.
+faith.			172800	IN	NS	ns2.dns.nic.faith.
+faith.			172800	IN	NS	ns3.dns.nic.faith.
+faith.			86400	IN	DS	24400 8 2 272E92A109875AEBBA7CA98AC8B593C6A27059F58EA75D4B741A3452A63C97F4
+faith.			86400	IN	DS	54856 8 2 4018987B2E2691D14BD31C3BD7F9E286326452D485EFA1FE6330C64F35A32005
+faith.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . FfLwSfkoFhCg0qhLPH/1ivuYl/R48FBE2UXKTzlAuKQ1AAskRkqz6vjjFbQlUIxzVeDksgbL8ZXnNqNSwwhjOWDCYxJhtTGeA9yDzvVWFNKcCAZ6LoIYXwsy0O3CUTSBzYd3B2oVKHR3hY280wtYfl7BCjmpjx1pOa9kwxkYwZtGdEryzHwgYAGEAQlg9oegJxSA89W0ZaY8disysazCWtA8VclblsY4CIL16+ylNIi9x17/Keou1mzMNQuACv21ploadb7KW1xuUorNGXcmSnnt+Vmvk05e4lSCn4A1i0SQp3oKCQRQ8X3jqQhBBpMwrtOCv6O8LfdyZMUUjitpmA==
+faith.			86400	IN	NSEC	family. NS DS RRSIG NSEC
+faith.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . ZnPmqvRjzVR5TR42x+Pho+0dHaGhgedt37dccKjRLPRb/YIaqkCLws9mr4bkDBMbxu1v8ej/sp18l++NKz2fuWyYt6MP02IJ+JlegffdgEsecQvUpif7kNO4otUVnCNOBDCmiBuGsuBxeIn5hvFHUfa9oG6ApWEyw3YZlXkhtJMzv0gGJ9bMoVhoVwDqvJFh95BADof1DrtrT6jweL6JESl1YkiBJ3iJz/OPBvOuABs2XXeOc9lYUQHVuXWU4be/VtoMhG4dQcICky8mRt7VFGxgKbNub9MMe1Unn3cd2g9ni+3ht3BbOTPILR71qrSoXBvrvLqMOCwhTgyKWEvH1Q==
+a.nic.faith.		172800	IN	A	37.209.192.10
+a.nic.faith.		172800	IN	AAAA	2001:dcd:1:0:0:0:0:10
+b.nic.faith.		172800	IN	A	37.209.194.10
+b.nic.faith.		172800	IN	AAAA	2001:dcd:2:0:0:0:0:10
+c.nic.faith.		172800	IN	A	37.209.196.10
+c.nic.faith.		172800	IN	AAAA	2001:dcd:3:0:0:0:0:10
+ns1.dns.nic.faith.	172800	IN	A	156.154.144.54
+ns1.dns.nic.faith.	172800	IN	AAAA	2610:a1:1071:0:0:0:0:36
+ns2.dns.nic.faith.	172800	IN	A	156.154.145.54
+ns2.dns.nic.faith.	172800	IN	AAAA	2610:a1:1072:0:0:0:0:36
+ns3.dns.nic.faith.	172800	IN	A	156.154.159.54
+ns3.dns.nic.faith.	172800	IN	AAAA	2610:a1:1073:0:0:0:0:36
+family.			172800	IN	NS	v0n0.nic.family.
+family.			172800	IN	NS	v0n1.nic.family.
+family.			172800	IN	NS	v0n2.nic.family.
+family.			172800	IN	NS	v0n3.nic.family.
+family.			172800	IN	NS	v2n0.nic.family.
+family.			172800	IN	NS	v2n1.nic.family.
+family.			86400	IN	DS	30022 8 2 2AF2DB00CDBDF65666C9AFB59F4DC21CF8B8DC5B050A34FC594B1CBE6C858584
+family.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . bfHJm+w1v9DIvE5ppXpMuqal9j9j8+WmnwFSRWE8KJH57IHTa54msiJcRJl7fO9wK84SqFfkWfR8rTToOgFaOmKE2++ssD9GlPsZ/oZAxPCv4AD7xjN18jNK3LuRo/PDD/tIT/EKCNLGmgCGI/1wK+Nts3G6Q6UCBYHekZiPot0M3AszDVE6/4IloGyAdX5Y+0WmcqjyAXEb030JDxHUVrgWlNw8F8njlbMDYkXPj3JAIDRLiU37DsNFI6VS13w1VnR69LITiqXuLVesucRQPtFC97LBGaawp6250jJlr7ymNZuOmln5qxoorzTZmPyHh5dE1xsIDoKH6EbYWZNWmQ==
+family.			86400	IN	NSEC	fan. NS DS RRSIG NSEC
+family.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . m+wMO+j04KpJ5iYrcloDzuN+6tXy5l00MXoLm7RAcQ7e78epZU3nWl89L876DXs5j+JQCcYa6S9ADNFuA+m46Qc+Lcjq46omJUY4JuEZFGMTT08Pkkbyh4HDwQWhlfLz9XpTZ7EyM/dBBaPgq7c3RTwM7lot9sFreDB67rJ93MORv/zE26QsVHye1HDeZkbcZevPuxKrSTcTVz3gt0Kg3xbkgNwjogMjo1D/zhUeO5VJI5dEwEvGqXGf7x8EiiYu1bmx2RciEh20uKnZOzMVWw+z3XkLfdUdHKehATEMh59uyIk6CZ0CdwoGqF53659bd5V5sJjI8wiuhEg1m/XyJA==
+v0n0.nic.family.	172800	IN	A	65.22.28.39
+v0n0.nic.family.	172800	IN	AAAA	2a01:8840:1e:0:0:0:0:39
+v0n1.nic.family.	172800	IN	A	65.22.29.39
+v0n1.nic.family.	172800	IN	AAAA	2a01:8840:1f:0:0:0:0:39
+v0n2.nic.family.	172800	IN	A	65.22.30.39
+v0n2.nic.family.	172800	IN	AAAA	2a01:8840:20:0:0:0:0:39
+v0n3.nic.family.	172800	IN	A	161.232.14.39
+v0n3.nic.family.	172800	IN	AAAA	2a01:8840:f8:0:0:0:0:39
+v2n0.nic.family.	172800	IN	A	65.22.31.39
+v2n0.nic.family.	172800	IN	AAAA	2a01:8840:21:0:0:0:0:39
+v2n1.nic.family.	172800	IN	A	161.232.15.39
+v2n1.nic.family.	172800	IN	AAAA	2a01:8840:f9:0:0:0:0:39
+fan.			172800	IN	NS	v0n0.nic.fan.
+fan.			172800	IN	NS	v0n1.nic.fan.
+fan.			172800	IN	NS	v0n2.nic.fan.
+fan.			172800	IN	NS	v0n3.nic.fan.
+fan.			172800	IN	NS	v2n0.nic.fan.
+fan.			172800	IN	NS	v2n1.nic.fan.
+fan.			86400	IN	DS	57907 8 2 0877BCB676B4B8470A843B7A72560351ADEF09C067AC1445CAC5579DA6ACC11D
+fan.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . h9cQ9juVtRzHBecmMRFmwc8N6xB36i3YtBpNmMj/hcxOgpXb22XNDokrQqDq6GBe9vqQoe6u9oqiPS2zK/MJEp67e/9fWl6ai1qQP2kaVp0sHmWPO/Czpt1dVek6+3uAfJ/RoYN9vHhqvxVM+y5kd7r1RWCR6p6v0MYnpG9HhObhlYyGkziIkGN308BKic7HGmTOaTUK/Z+GFB3Ein5htsudw9BOm9VdnzmCExw4CRL37FsJUk8KcnsOg4XjWb4hnzBurHgWPVdCItkQfJ/Ll1neN//9kFRa+1eVqmWUyJqTS2T8xMW+ItTf++AQyyITXsfiauYMxcqbh8SvX2xHTQ==
+fan.			86400	IN	NSEC	fans. NS DS RRSIG NSEC
+fan.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . vIxtRbu3GGHp6T3hD+7tlAoipPOVoi0IBlpN2fqb2RKICXFmsaZQyzH6fQvoTvaEuRB0iPc9nV0pUPszZUcnYP33Owx5qYzVIYhG5rt3f/EVZtSSl6Eb+rkKt8W4fJb69B/InJhD+kleliRAHEDAncNdEcFXyHGgT7B4sExA68ufV1bBpUIrCwNFNjKvbh5iX2TQaO+8vag2Puo74iGZXgesha1trAoN8do21bnYipSxOc1c81iYizKW7lNKYrDrQcGWBe13WpdNVaBtaDgkvTjSUGVsOi49UTyQnTeHNgXsrJCFdmskojQWkUpPCInwOfmMk/CIOgTjiBVDAdn6gg==
+v0n0.nic.fan.		172800	IN	A	65.22.20.57
+v0n0.nic.fan.		172800	IN	AAAA	2a01:8840:16:0:0:0:0:57
+v0n1.nic.fan.		172800	IN	A	65.22.21.57
+v0n1.nic.fan.		172800	IN	AAAA	2a01:8840:17:0:0:0:0:57
+v0n2.nic.fan.		172800	IN	A	65.22.22.57
+v0n2.nic.fan.		172800	IN	AAAA	2a01:8840:18:0:0:0:0:57
+v0n3.nic.fan.		172800	IN	A	161.232.10.57
+v0n3.nic.fan.		172800	IN	AAAA	2a01:8840:f4:0:0:0:0:57
+v2n0.nic.fan.		172800	IN	A	65.22.23.57
+v2n0.nic.fan.		172800	IN	AAAA	2a01:8840:19:0:0:0:0:57
+v2n1.nic.fan.		172800	IN	A	161.232.11.57
+v2n1.nic.fan.		172800	IN	AAAA	2a01:8840:f5:0:0:0:0:57
+fans.			172800	IN	NS	a.nic.fans.
+fans.			172800	IN	NS	b.nic.fans.
+fans.			172800	IN	NS	c.nic.fans.
+fans.			172800	IN	NS	d.nic.fans.
+fans.			86400	IN	DS	25466 8 2 7842246F760A21E694F1D8B64754F0D5BB27EF6A33F25E2F3F2DEE26B33B118B
+fans.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . QhvRrOu/rzWD2EarBOrtVwdl76A3l9eGkCQIbq+zkx+wv2NhHV8Xc2P/kF/6Hc71UqkDPJX/i8LYVx44QUJ1p7ClckaxK/0dHoFkOKppTb6kz/mYq1hujy+hCX+emdTeKGJSDgLxDARxUypobfdt4ZyQljiLS0E59V3NUXqNVdwmNFQ97G0bsKuWvsPRVEzCtrVfpnNw22DgmD546LkLlV9g+YIUm+8oN9H9cHNx3SrHXBNt1E39WLLoxvdnKDFqd0q4SJtnwbQ4Sd68qHhEXm4t08rrfuGKdN927HytAcmG71KWCnzuW3TT57+H5Pk1oQaMTSvZqU5RXTW0zklTrA==
+fans.			86400	IN	NSEC	farm. NS DS RRSIG NSEC
+fans.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . gWB2BoPNYIuhSts9okS8lawHO21t5PtHhzHR8d8Alg6XmqOdoavcIQp3vjHqDZidwJW/oVGWVVxaqIJ4AeVwFyp9u73QhFBwpqaVEc+ztxebbDTjtAMBNmddmXTV2kKRUSy3LtunyOHPdHzD4Jn5OcHlDXW91LHBK8sCu3b+AJkqegBahAjl6do2UlHUJN0s0CjSTmjut6Zr+igmY65hLTG5ejqPY4QeRNPnJqCtlYOdfnbt591qodBZYNhThCseYAkPBX0YP0l79Lff5gz5/UO0wAO7rN29nxfnRelaPwPD6lddS4M5A9sxbepHB2VzvB4pLE0huwQ2W6zCCzJFSQ==
+a.nic.fans.		172800	IN	A	194.169.218.39
+a.nic.fans.		172800	IN	AAAA	2001:67c:13cc:0:0:0:1:39
+b.nic.fans.		172800	IN	A	185.24.64.39
+b.nic.fans.		172800	IN	AAAA	2a04:2b00:13cc:0:0:0:1:39
+c.nic.fans.		172800	IN	A	212.18.248.39
+c.nic.fans.		172800	IN	AAAA	2a04:2b00:13ee:0:0:0:0:39
+d.nic.fans.		172800	IN	A	212.18.249.39
+d.nic.fans.		172800	IN	AAAA	2a04:2b00:13ff:0:0:0:0:39
+farm.			172800	IN	NS	v0n0.nic.farm.
+farm.			172800	IN	NS	v0n1.nic.farm.
+farm.			172800	IN	NS	v0n2.nic.farm.
+farm.			172800	IN	NS	v0n3.nic.farm.
+farm.			172800	IN	NS	v2n0.nic.farm.
+farm.			172800	IN	NS	v2n1.nic.farm.
+farm.			86400	IN	DS	63382 8 2 584397D0AABC1083C561C54DC4ACA32AEEC4B002C8A67FE09D4B1EA429DA8DC1
+farm.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . X5gweaktFEMi0UA0krlN4Hvo/JtbljJpo2R8hKW7BO+l+w3ZnPqZRpB8YJykdnEnmsOToIfVUqHoISo7GrFDSLLHGXhJH6UzhOdGvjowqJSYVrGVCLGMuyYpfDb7kYk8zzeoM08EcVEc8WJKYMD+7wIsI9Suct4CjBNEC/JGZCYfWgyBqYX7kyo1aQiwc2hjNDIHNYP3h/bxtxXLz+Esr+CFIWMPoJ6m5GPqe8fUO18xS5+AjeMUseWTLPe3zShcJvjVQGtCHFQX+hHcM431yjTVozAUhoTQ7/hEBAriCRPWYqkrzFHBgPIOXssL/MGxR+kkuG8nHX5F6IrYw6ehcQ==
+farm.			86400	IN	NSEC	farmers. NS DS RRSIG NSEC
+farm.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . df9y2TUPfBI5F1JnBj0lvJ4XP27EoFz+XQ63y0jkibdukRiqP+I3mjMfg6uzeEBPuQEAAMbjA/DH3VODZlWIi3lXMltbL2SnG4Cgg/d5LL+nR57QjBhB8PWd+JPmeiON08mAuQXvRrLpDtf+4TVAy4BmxemXNJSUM75hRHnnktT4QxymAJmoNcgMVK1lwTyiX8Or3HfCOwsxEcoY0z5ipH0gC8S+mY24RNf2pN7qyZMxVhLh5uzs+wWeRwuwzq8nsbwuMK7re9QJUQ7QT+MsixpE5uPUUjRumq3RXXYWnaBZsJSnpPu6eg/TenWX3kcpyIrSBDgK8hIQbSJzSamYKg==
+v0n0.nic.farm.		172800	IN	A	65.22.32.8
+v0n0.nic.farm.		172800	IN	AAAA	2a01:8840:22:0:0:0:0:8
+v0n1.nic.farm.		172800	IN	A	65.22.33.8
+v0n1.nic.farm.		172800	IN	AAAA	2a01:8840:23:0:0:0:0:8
+v0n2.nic.farm.		172800	IN	A	65.22.34.8
+v0n2.nic.farm.		172800	IN	AAAA	2a01:8840:24:0:0:0:0:8
+v0n3.nic.farm.		172800	IN	A	161.232.16.8
+v0n3.nic.farm.		172800	IN	AAAA	2a01:8840:fa:0:0:0:0:8
+v2n0.nic.farm.		172800	IN	A	65.22.35.8
+v2n0.nic.farm.		172800	IN	AAAA	2a01:8840:25:0:0:0:0:8
+v2n1.nic.farm.		172800	IN	A	161.232.17.8
+v2n1.nic.farm.		172800	IN	AAAA	2a01:8840:fb:0:0:0:0:8
+farmers.		172800	IN	NS	a.nic.farmers.
+farmers.		172800	IN	NS	b.nic.farmers.
+farmers.		172800	IN	NS	c.nic.farmers.
+farmers.		172800	IN	NS	ns1.dns.nic.farmers.
+farmers.		172800	IN	NS	ns2.dns.nic.farmers.
+farmers.		172800	IN	NS	ns3.dns.nic.farmers.
+farmers.		86400	IN	DS	11494 8 2 CD092DA4B2E46BAB4B5FEA2310C7C8007E8B5732F5BB3CB6E0A01A4CEF212C70
+farmers.		86400	IN	DS	22045 8 2 6BF128234CCA6C4FB7BA28F87C84C2488333439E8877BAB9E94BA8F65BA28123
+farmers.		86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . gYyWiOZ1MViIG8JlYzqq4sJI0UhTapDp+dXrDxuQtbsz5YXbC/WXo1nIcq1LI9mdpTHsuQguQA5uH2JFeLpM6Ao+z50HAK9A35NGIlsIwmDpBbuqEf5IZ/M70mAwuI5WzJcSpIO0ph23wLvlHc943/b0HP0W/Q2K4SidzrGZvzClck/o8CBo4FakUPiyYNyj9L7fHaCELuce6koGH9RqD0NFk9c4WXAl6L3hIUY3JKxfYjEI555RQRr8yyrIsu5atU8klfrb1wQGxl5zJWlzFaBI0NXSYpsMx65/Is/Fc0cKLjKM0d9NhxtGvgxftCoFY9RiCYxIQDob/lp/vU8rGg==
+farmers.		86400	IN	NSEC	fashion. NS DS RRSIG NSEC
+farmers.		86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . nO42eWrYe572QxJ/b0cXEGRisoH3aFiAaoB4f3+roAY2VAX3scLbQyDPOyTJYVjlJn/ZDNSZgaW6qSmnUpjwHls8SWg4NQPnr9xFk1zRdmdFSdpOTVMUDgebUVWIn1LKPJpEb+UbpPvnJPhXsdUlDgFrUo5/Bej5vyviq0pSwtDh6Z2OHN/AKJ0RawDQLhYFQ0+0gTy7KiD3le9MrbAixdpus1QiHRe1gbUommuTEQvrZy6ZqnG8f7+Jy14zhs1RIf1Mv8IAK1++DJV5P0BL85UeKHTf54beulrROY9yC+iKpBkowyAv/ZZa4foX7dvc/EJDgjpQuNJgxgWXYiFxtA==
+a.nic.farmers.		172800	IN	A	37.209.192.9
+a.nic.farmers.		172800	IN	AAAA	2001:dcd:1:0:0:0:0:9
+b.nic.farmers.		172800	IN	A	37.209.194.9
+b.nic.farmers.		172800	IN	AAAA	2001:dcd:2:0:0:0:0:9
+c.nic.farmers.		172800	IN	A	37.209.196.9
+c.nic.farmers.		172800	IN	AAAA	2001:dcd:3:0:0:0:0:9
+ns1.dns.nic.farmers.	172800	IN	A	156.154.144.55
+ns1.dns.nic.farmers.	172800	IN	AAAA	2610:a1:1071:0:0:0:0:37
+ns2.dns.nic.farmers.	172800	IN	A	156.154.145.55
+ns2.dns.nic.farmers.	172800	IN	AAAA	2610:a1:1072:0:0:0:0:37
+ns3.dns.nic.farmers.	172800	IN	A	156.154.159.55
+ns3.dns.nic.farmers.	172800	IN	AAAA	2610:a1:1073:0:0:0:0:37
+fashion.		172800	IN	NS	a.nic.fashion.
+fashion.		172800	IN	NS	b.nic.fashion.
+fashion.		172800	IN	NS	c.nic.fashion.
+fashion.		172800	IN	NS	x.nic.fashion.
+fashion.		172800	IN	NS	y.nic.fashion.
+fashion.		172800	IN	NS	z.nic.fashion.
+fashion.		86400	IN	DS	36220 8 2 317F7BE09221A412B8DBE4D8AB6C620083D9A3BAAC4064EE4A7C2A1F5ECA6C7E
+fashion.		86400	IN	DS	50059 8 2 99BBDDD068EC695D622DC3A186FD015D9D47D2B26056CDAB45AB8E45FC99DD87
+fashion.		86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . KbT8P/utB8JYCFXocqfXX+HPhfkisj2sYFhq1v8vo4/wOEqWwFtxZUODetw4KFfb3AzQFDJ41Veqm5qBNwrHJwjLV5Zeys5WYwp4+6SEZeSU7K3kBTDGszBRogXkQwGyGHsIushUQLbpe2z6piTbXpn96gQbfxmY56xWuhf/T+WH7SrTIw1OH1gfrzV9BQfOBn6vNn7nifJ2OCNzNax74C1nfEwsU1HKCQplyheQ3cxg6TTMb8w1/skcw/C//h62w2qIDbeH4OGtJ3jS9u9x1Y97Yfat3sfNs59FuGVHJFvOwPjsUBCo9KgiCrg9CZenF7ncVMQEvIAs2zKS5dbcQQ==
+fashion.		86400	IN	NSEC	fast. NS DS RRSIG NSEC
+fashion.		86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . A3MLawSS35Bhk6v+zIMMOORKOOlplvtz47Intya82Y1OQfhUQ70B7yrUxamFkne8rDM8cxmbfzRKzz5VB3RTvfeF0dJi7pjqNN7HS5WEWYXzuHqLNskV7j+TrXqlHv+7glTLDUjNxWMj2clpLKODZbXNssi1yxaLqHlYRfKjBxpRpxGUCA83VY1kixNQyHSeH3wAbmhr6G3hiTb8jMosCWlvsjz9NhKnLFK25a3hkI9499KE7hDCAAEe6EdVVJQ4jsfDvTfNIMUMi9zqHDVhMKnDBgjS0W553eaxxqoM42vTl6x6LZTGI2E9PGgQXGnitpPsIwu62ZTZANdLF1HGGQ==
+a.nic.fashion.		172800	IN	A	37.209.192.10
+a.nic.fashion.		172800	IN	AAAA	2001:dcd:1:0:0:0:0:10
+b.nic.fashion.		172800	IN	A	37.209.194.10
+b.nic.fashion.		172800	IN	AAAA	2001:dcd:2:0:0:0:0:10
+c.nic.fashion.		172800	IN	A	37.209.196.10
+c.nic.fashion.		172800	IN	AAAA	2001:dcd:3:0:0:0:0:10
+x.nic.fashion.		172800	IN	A	156.154.172.82
+x.nic.fashion.		172800	IN	AAAA	2610:a1:1074:0:0:0:1:82
+y.nic.fashion.		172800	IN	A	156.154.173.82
+y.nic.fashion.		172800	IN	AAAA	2610:a1:1075:0:0:0:1:82
+z.nic.fashion.		172800	IN	A	156.154.174.82
+z.nic.fashion.		172800	IN	AAAA	2610:a1:1076:0:0:0:1:82
+fast.			172800	IN	NS	dns1.nic.fast.
+fast.			172800	IN	NS	dns2.nic.fast.
+fast.			172800	IN	NS	dns3.nic.fast.
+fast.			172800	IN	NS	dns4.nic.fast.
+fast.			172800	IN	NS	dnsa.nic.fast.
+fast.			172800	IN	NS	dnsb.nic.fast.
+fast.			172800	IN	NS	dnsc.nic.fast.
+fast.			172800	IN	NS	dnsd.nic.fast.
+fast.			86400	IN	DS	50396 8 2 AE5D5376961980DDEFFC4E0DB6A516FFAA3EE0949387AFE48F8BFFE7CB0651BE
+fast.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . CEqAQL4878Yn3qJTVTUHpJHg23/24JpUC0XDIwcTYJ2rlX/tTJ9q+XyxqRYAj/lCIMGlaG8E5776WwoyuVKzzLiqkMrFj9e1+rPQxLQnz//6Rh3gEVQvKsKj5JmID6pZiUkMorrZDjZsIQ/jKbFD4ewj5JlyZNQ+DHCiHuTBNPP09WXRjSoAz7+DffnDvyMjDrQ2Es4RSttJKlADd+Ks8fHj+unD7Gzmr5VsnYIYtV4+yi/3Im9hx5kLsJX4vh4RJOUKsGX1dJIAvfcveKqsLhxZO5KwZHElSgD6zULMmtY5kc9FoCBfOwNYqKl0Vnm6OsEl1LHuER4bdD9QXk6D6w==
+fast.			86400	IN	NSEC	fedex. NS DS RRSIG NSEC
+fast.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . Owab2l9quCHrTOpNVHnFg2LEJmZuHBChRt8rzJdgO+iwCUzlP6Gju9LUO5Dfuge3c6ItBHe5gA3CM3Vk8xiboBzvVQjE1+yRwgw5hVGkIbd7yWwLv78yXhHFjYM6bn5ZoCFs9fU2PoX7Z1KNTot2PpLV+/lY+t/rZwyDatjgk80Kb1J42M1TVURz7z35TfkOyIs6mcs6jzOq3vlntqNgejqIGTn7AaJgeiBi+faIYRXWVNh2OBf2LR8OCZZrSzRCVCRzIayr52SWP+fvswc9nUD85cE168/3VR95pARxPNUUefypmyoaroSKUfxCkM/7IZiGZWDgpa0Ldcz7kjHVMw==
+dns1.nic.fast.		172800	IN	A	213.248.218.66
+dns1.nic.fast.		172800	IN	AAAA	2a01:618:402:0:0:0:0:66
+dns2.nic.fast.		172800	IN	A	103.49.82.66
+dns2.nic.fast.		172800	IN	AAAA	2401:fd80:402:0:0:0:0:66
+dns3.nic.fast.		172800	IN	A	213.248.222.66
+dns3.nic.fast.		172800	IN	AAAA	2a01:618:406:0:0:0:0:66
+dns4.nic.fast.		172800	IN	A	43.230.50.66
+dns4.nic.fast.		172800	IN	AAAA	2401:fd80:406:0:0:0:0:66
+dnsa.nic.fast.		172800	IN	A	156.154.100.3
+dnsa.nic.fast.		172800	IN	AAAA	2001:502:ad09:0:0:0:0:3
+dnsb.nic.fast.		172800	IN	A	156.154.101.3
+dnsb.nic.fast.		172800	IN	AAAA	2001:502:2eda:0:0:0:0:3
+dnsc.nic.fast.		172800	IN	A	156.154.102.3
+dnsc.nic.fast.		172800	IN	AAAA	2610:a1:1009:0:0:0:0:3
+dnsd.nic.fast.		172800	IN	A	156.154.103.3
+dnsd.nic.fast.		172800	IN	AAAA	2610:a1:1010:0:0:0:0:3
+fedex.			172800	IN	NS	a0.nic.fedex.
+fedex.			172800	IN	NS	a2.nic.fedex.
+fedex.			172800	IN	NS	b0.nic.fedex.
+fedex.			172800	IN	NS	c0.nic.fedex.
+fedex.			86400	IN	DS	57511 8 2 13B91145D3199C419B0B4BAFB3938F08388B7B52BF8983C24E068BF63075B68B
+fedex.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . thicER7FMUf1uoBJR0HUvr++H8IwtXLfywPxv60EPkTc/7BNxXdpgf/3K/3m2ys5t6SGI20pqp8UJY+4cd35Rw0c+vMISSqF5kANoIPsLYJ3rs20xpK5Qi7Uw/Jngfd2fCmOkWgzIZsl2h1YBpmdm86nz4OUM75KRL5axgZ6fBr94O6PbmkPttttNkhluIufQhklGS4hk6p0KeE9bWoQmpyZeqmuEiDfp71Mmm5ZtE9Mx7Qw1gTHCzlJYMwbfmMPEb+I3+QFx8i6pVHQ6mocS6zkEnpNjqDfcEFCIfEVXelhwkLDC0waq2H1a6q82eqpXxMrAupwI5uoUENarNg/pg==
+fedex.			86400	IN	NSEC	feedback. NS DS RRSIG NSEC
+fedex.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . naRgu7KPvt1QHQkmu6LXT89BpxlX5ObWjdrsnecmZOlLG1Ns2yN35WoDDXC4r6YeUAXdjDiLW0+Ed7QuhE7h7aJAK+HZNFozsVhmkDlV+zovi1KymECTYIw84Ym2UAtw0sePePAmbbvtIRxUwOOPdGN4bFywcgqWhvm4l8fSJKc0WT9beEcEGbtHfyCc8OdSZzkJ4dpyWo236Wd8eyFd01uTI4NQIbgfX3wyYkBFq5Pms4zzxZNQovmE72ou3MENh7rkv+totJw/uVM587TOkAULUgbDwdW7kZuG6RCkVShgRiZZepCS6/BArf1XJBNIVoemOMeJV0XQomwqFEqISw==
+a0.nic.fedex.		172800	IN	A	65.22.228.33
+a0.nic.fedex.		172800	IN	AAAA	2a01:8840:de:0:0:0:0:33
+a2.nic.fedex.		172800	IN	A	65.22.231.33
+a2.nic.fedex.		172800	IN	AAAA	2a01:8840:e1:0:0:0:0:33
+b0.nic.fedex.		172800	IN	A	65.22.229.33
+b0.nic.fedex.		172800	IN	AAAA	2a01:8840:df:0:0:0:0:33
+c0.nic.fedex.		172800	IN	A	65.22.230.33
+c0.nic.fedex.		172800	IN	AAAA	2a01:8840:e0:0:0:0:0:33
+feedback.		172800	IN	NS	a.nic.feedback.
+feedback.		172800	IN	NS	b.nic.feedback.
+feedback.		172800	IN	NS	c.nic.feedback.
+feedback.		172800	IN	NS	d.nic.feedback.
+feedback.		86400	IN	DS	16786 8 2 00F7F4B6DF67DC7B828C14829884908EE92E57FE312ED483C43DA299FA5DDAE5
+feedback.		86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . c5J3JUHKUhc9dqnXmMJEbR8tqDDc8nNou7jyD3tT1g05O4+7VeSQUpxpzsRb4dWX2ng83n3BTuEcHaXfMWUsEGRmA2hJqX8xGf5kl9aUs4RbQBTrY310GK+NCbRtavkHsn664NPu1qs1tgPQB5zF/MPLPy4SGnLssZxuQvmHGp1GTRfBOH+JdFBE/wKZAVFLn+gzst74v1Gjd9KEOXUU2JCsR/iBJxYP+jzLAAARvlnU46olsTqyw1X+OZ25frmnsrOQZ5p7Ve7R1oipkICpAC10YklYr7mplQsdpNbW/BaXyWWSqF6O/9AR5rG6EyUa2zKVxk3kUgil6JooPcTJXA==
+feedback.		86400	IN	NSEC	ferrari. NS DS RRSIG NSEC
+feedback.		86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . iDR9XROnRujzj5N9Yw4vjqgUmiIjcwBe7NAD0I9s0t9ckwD30mUKP7Mh2DDGJxSIO8jisSgXEmiGpRfuLOBNILJq+ct7THwMp7jIhTM/u9pMN1YsHqBByoDKd60nG7undX56iVe877KLDXyntJw6OmUz4yUJCLj+QUewUUWPGlvlfNqchjc/yCxBAPgyFPN2igfj6JYzWV2UHGVoue2FQl0r5T1UZNTjpUcui6+7D0IPZirQTNx7w2RTAEKTRsdq1QaSSdDXtfvkRe7co/O6acHUZ5ckIJAHzJ6YT9usA05yEVnsxeu4jJkYoPwA2Ias4p23gRPXFfIjENCWRk6oZg==
+a.nic.feedback.		172800	IN	A	194.169.218.50
+a.nic.feedback.		172800	IN	AAAA	2001:67c:13cc:0:0:0:1:50
+b.nic.feedback.		172800	IN	A	185.24.64.50
+b.nic.feedback.		172800	IN	AAAA	2a04:2b00:13cc:0:0:0:1:50
+c.nic.feedback.		172800	IN	A	212.18.248.50
+c.nic.feedback.		172800	IN	AAAA	2a04:2b00:13ee:0:0:0:0:50
+d.nic.feedback.		172800	IN	A	212.18.249.50
+d.nic.feedback.		172800	IN	AAAA	2a04:2b00:13ff:0:0:0:0:50
+ferrari.		172800	IN	NS	a0.nic.ferrari.
+ferrari.		172800	IN	NS	a2.nic.ferrari.
+ferrari.		172800	IN	NS	b0.nic.ferrari.
+ferrari.		172800	IN	NS	c0.nic.ferrari.
+ferrari.		86400	IN	DS	24796 8 2 33FCAB9B1F82F04CA4AD6685FAD6E660CFE968C2D0C97C08107DE4BA5C5735FA
+ferrari.		86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . MUrx/PRg+rqTmj1MgpyyVbB/3N9N6AMpIK7s+st03YGO5AQN8uu/fVDQ9P2Fh6d3e2RyovCXxCfcqORJYWUftqXvGDy/QEOkeVGKGYhi1rzLKpkSNIkhp3f9J2c6YX3oti0CobV7H9KtpSbfupqv/zi/byajfz/Cp2epq67a2yFZXG9p+kducxaqhxvrgmJUTY5yNT0X+HdzRuitrmZnS44AaonjCHCudQxlHyLc+IXQ6o9fz3hzL/pxwetUsffSgQK6KBnCXARgL7FCuBsWnWpUm95uv7Obpr0QtrW0JI+e4wsULQ6WbYIuYHwFNVBc+mdTVcDB1ScLRueklKcl7w==
+ferrari.		86400	IN	NSEC	ferrero. NS DS RRSIG NSEC
+ferrari.		86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . zFWINLyO09uPUZL5kAkcGoRF7/fT4yRj8An65k4usSwrM4UVjIcB9KKF/1v1iKF+lXHuDUwoojVtXhg4EKvVTa+c/Ti3whnJGVJxKB8iYnIDtvDlKFB3gM2corYu3vrKJEXrJiwUP+bGr7O+dJ5+hs3VDSBX84dToITWmAKhTCKQhOETwANjqyeO33FUXAZelUOx7G4JHHlOBBmmmoC/LGtKy782FDjgEZXggA4rA3IhuPdEiDRLkDX1aLjoSv6QAAjSLzVypGDs6nB+K7sf5YOIHCdxnL7FtNbmDxcOOy4WlgUqfHUJyUwkViQ517v4SZ5H+rmU6mvXA+En5tZjdw==
+a0.nic.ferrari.		172800	IN	A	65.22.124.25
+a0.nic.ferrari.		172800	IN	AAAA	2a01:8840:7a:0:0:0:0:25
+a2.nic.ferrari.		172800	IN	A	65.22.127.25
+a2.nic.ferrari.		172800	IN	AAAA	2a01:8840:7d:0:0:0:0:25
+b0.nic.ferrari.		172800	IN	A	65.22.125.25
+b0.nic.ferrari.		172800	IN	AAAA	2a01:8840:7b:0:0:0:0:25
+c0.nic.ferrari.		172800	IN	A	65.22.126.25
+c0.nic.ferrari.		172800	IN	AAAA	2a01:8840:7c:0:0:0:0:25
+ferrero.		172800	IN	NS	a.nic.ferrero.
+ferrero.		172800	IN	NS	b.nic.ferrero.
+ferrero.		172800	IN	NS	c.nic.ferrero.
+ferrero.		172800	IN	NS	ns1.dns.nic.ferrero.
+ferrero.		172800	IN	NS	ns2.dns.nic.ferrero.
+ferrero.		172800	IN	NS	ns3.dns.nic.ferrero.
+ferrero.		86400	IN	DS	37165 8 2 EAFC5FBD259481214624A636038BA784E8CD56869A1ADBFD1024B3358C59B114
+ferrero.		86400	IN	DS	45604 8 2 89BD8DEC1256F0CAE5EDC8F2618FB6AD4149EA9028AFD909632727EACA092B3C
+ferrero.		86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . lCR+u1PBJZq0pdOnwWF02Q0bApntPwYoQ+xdIZGgGj97IZZUHuRxbfHqM//8G6TPUVF00DUeoLzx3OxHkVNDJLHNztUH5mpYzcRdIgICj8eK1NAFCJ+w4N8pjbsuMfVAy+dxY2pSmQ3fcOvhwh0h/2jLQ3ai5qIVmH3Q4efScUsN/lrVDhWAKIhZxbECTC+QGsoppLdxR4F4TDuFDbINoaKjK9aGKR5Z+IW4fSmd2qfb17+6JkSQhpBnxnze8ftnEpcUARSDw5338RFykheZcj0ajfX5DWSOP/aN7NWm/iFTst2t52Onctk4dtSzNsSpTUhpHSU//Oy5Rqvsz2OoBw==
+ferrero.		86400	IN	NSEC	fi. NS DS RRSIG NSEC
+ferrero.		86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . m4kqqWlhKsqyDebEg+3ygrMPr9HEFIWMwdUkj/MMOB5qWO6NzXxdS4gCTW3QeGklvzWN/iCdm+B5rq2qjQqcYH1o0uMKCywfs91pmHO6d+LrBhhj8+LLxEl+LlfmJdr0Z6fhRqvxx7f0T3PyGb1zWYkbUBPPhgxBP30rgh+T7oGoGhlcmN9mCGb+wo6xc7KL51dr6rAugUTMBWYuzNaMPtWJ9dA1eVpxpdjgsk0BrcCsTqBSKGqUMFjoXaiuaSu1CPWN7KUsUew6W06N+7GVFt9XN0gbxSV6rBKSSMrr/y9WwxVQmkfx0BSbQGr8D8PCjiWI9rI+a2Tcf2zCN+lt1w==
+a.nic.ferrero.		172800	IN	A	37.209.192.9
+a.nic.ferrero.		172800	IN	AAAA	2001:dcd:1:0:0:0:0:9
+b.nic.ferrero.		172800	IN	A	37.209.194.9
+b.nic.ferrero.		172800	IN	AAAA	2001:dcd:2:0:0:0:0:9
+c.nic.ferrero.		172800	IN	A	37.209.196.9
+c.nic.ferrero.		172800	IN	AAAA	2001:dcd:3:0:0:0:0:9
+ns1.dns.nic.ferrero.	172800	IN	A	156.154.144.57
+ns1.dns.nic.ferrero.	172800	IN	AAAA	2610:a1:1071:0:0:0:0:39
+ns2.dns.nic.ferrero.	172800	IN	A	156.154.145.57
+ns2.dns.nic.ferrero.	172800	IN	AAAA	2610:a1:1072:0:0:0:0:39
+ns3.dns.nic.ferrero.	172800	IN	A	156.154.159.57
+ns3.dns.nic.ferrero.	172800	IN	AAAA	2610:a1:1073:0:0:0:0:39
+fi.			172800	IN	NS	a.fi.
+fi.			172800	IN	NS	b.fi.
+fi.			172800	IN	NS	c.fi.
+fi.			172800	IN	NS	d.fi.
+fi.			172800	IN	NS	e.fi.
+fi.			172800	IN	NS	g.fi.
+fi.			172800	IN	NS	h.fi.
+fi.			172800	IN	NS	i.fi.
+fi.			172800	IN	NS	j.fi.
+fi.			172800	IN	NS	k.fi.
+fi.			86400	IN	DS	35221 8 2 D4A489017F68A6C02836D4F126A4B9F6AF34C371993BEE97ED759D83DB9CD38E
+fi.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . Zg41lwQKl6UIYgKB+yTLNGq+YgOniCmxRt2sDn5tbhmmkss8WN8ZFKYSpT2NLgmgQyKfKbguJzQlG2i/sl+Ql1dJbxh7BC6iU0oHI3L+fOIYJ+WmIWvCFzY3xJ16+Tc0wTfKyP3qHCgXKz+/PjC4Hzyn0xxDm7gpPFkaxVbutwDzU19Vn3Rmq5TUHMCHBx/krlX6Gn5jDdurGzmqqBgndwvUBS8+03BSvnp2C/pDAIfjjzL1OuMI7gED28k5b+qxGSck91wBgouz9YYGF8wPOAc5Pg4JnS5q1rVbGv0HVtkGkQE6qPgB4u3R0k7/5X9ABDWzaJfcLjKYMkmGYQCmnQ==
+fi.			86400	IN	NSEC	fidelity. NS DS RRSIG NSEC
+fi.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . ootgLR8b8bqeKcNhC3B6xXUukdyKwpPdidCdm4pmrglaChgbPjX14OU8DzNKLeYnRihEk4d82wSmAfODutaKf3AN0cEinFDPzMkw4ZoLfxmGdDhausMz24CKO1jWusbIG0Qg3jAmF/DKVJzfSH2e6sQLpjVQdLP5kMkcdO4zGQsL8Eto162k4kAETPJN8TmubRhS/O5grf2V4laN2mhGCRh5w9NRmOVIXj7tKtTt/QnZXp8bQh3HaQxIGq9LcWVEwtO0J5s1LH5NZvXwEBDq/bR0IgjOp1FB9ZPgtXOpeFuC10gwfLDNRu7SFfB0upG3QUEAjewEBp9WnxZ6OJHmVw==
+a.fi.			172800	IN	A	193.166.4.1
+a.fi.			172800	IN	AAAA	2001:708:10:53:0:0:0:53
+ns3.alcom.fi.		172800	IN	A	82.199.186.130
+ns3.alcom.fi.		172800	IN	AAAA	2a00:5500:1:6:0:0:0:130
+ns4.alcom.fi.		172800	IN	A	82.199.184.194
+ns4.alcom.fi.		172800	IN	AAAA	2a00:5500:1:7:0:0:0:194
+b.fi.			172800	IN	A	194.146.106.26
+b.fi.			172800	IN	AAAA	2001:67c:1010:6:0:0:0:53
+c.fi.			172800	IN	A	194.0.11.104
+c.fi.			172800	IN	AAAA	2001:678:e:104:0:0:0:53
+d.fi.			172800	IN	A	77.72.229.253
+d.fi.			172800	IN	AAAA	2a01:3f0:0:302:0:0:0:53
+e.fi.			172800	IN	A	194.0.1.14
+e.fi.			172800	IN	AAAA	2001:678:4:0:0:0:0:e
+g.fi.			172800	IN	A	204.61.216.98
+g.fi.			172800	IN	AAAA	2001:500:14:6098:ad:0:0:1
+h.fi.			172800	IN	A	87.239.120.11
+h.fi.			172800	IN	AAAA	2001:678:a0:0:0:0:0:aaaa
+i.fi.			172800	IN	A	194.0.25.30
+i.fi.			172800	IN	AAAA	2001:678:20:0:0:0:0:30
+j.fi.			172800	IN	A	185.159.199.190
+j.fi.			172800	IN	AAAA	2620:10a:80ac:0:0:0:0:190
+k.fi.			172800	IN	A	213.186.229.226
+k.fi.			172800	IN	AAAA	2001:14b8:188d:0:0:0:0:53
+fidelity.		172800	IN	NS	a0.nic.fidelity.
+fidelity.		172800	IN	NS	a2.nic.fidelity.
+fidelity.		172800	IN	NS	b0.nic.fidelity.
+fidelity.		172800	IN	NS	c0.nic.fidelity.
+fidelity.		86400	IN	DS	1792 8 2 8A77ACA7DA9CB3000D7DA7ABDF46182CAD3E20BD9B0FF7D685F70BC6DCF1D6F1
+fidelity.		86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . mN6SvfhccIZKCEdcme6SOg8RLB9CnAgRmnBviPbIkztZshcqna+s22veR4TmC8ZbIkekLF40at44ct+O0d0GIE1ml8Lg+tYmYRWwh7NCe0X+5GBni8WvvEnOdokNFFwenSHIxj6acYOABX8/riaQiCDtDiHrXNsNCBKDMakirCWhxTrqv83DpIfUN9MklVDW3QvCcSQp/Ex7py9h4iZOJrLPM73pWTp0AcrEEzptt0y3ZIeNPNQRtILAh1HFHrPLEBGK0k2WktrKqk7Md1AkZl7DK24QAFWcW9rkP+naZS7NY97fIobhWs9c46aVk/09MREPjjug9FLpPRxg9b2vIQ==
+fidelity.		86400	IN	NSEC	fido. NS DS RRSIG NSEC
+fidelity.		86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . y1zPQRv036tUk27Rno+QgTPfWVNPv6DAtqWijdpYzw0rhugvcB3aKLzYwDfVn5J9Jvd8neO6SQTgCBph+zlI4/bK037sbh9T3eEG0bSUes45rPhmzREx+tj7DsBueGfIIeDAZO6hhRbcRqNWZ2CAVCYSR8J17XC/CGj7rhmkdMd4ULY84btaJq/6QM3+0QfpcwPwJZDIsxKcHTXiI6Ycf9INVFrXjNomu+PGVRL/4L3+zxtHzjfjw1ALKZzTVapY1+0bTZCpaZ/xAq3C43VDt19N8zw6YaWEwMQ+BhsQY2pjw4bSNErEAdUya7P6CYZCVgEwa8RtWiI9v1NeeX8jpA==
+a0.nic.fidelity.	172800	IN	A	65.22.112.48
+a0.nic.fidelity.	172800	IN	AAAA	2a01:8840:6e:0:0:0:0:48
+a2.nic.fidelity.	172800	IN	A	65.22.115.48
+a2.nic.fidelity.	172800	IN	AAAA	2a01:8840:71:0:0:0:0:48
+b0.nic.fidelity.	172800	IN	A	65.22.113.48
+b0.nic.fidelity.	172800	IN	AAAA	2a01:8840:6f:0:0:0:0:48
+c0.nic.fidelity.	172800	IN	A	65.22.114.48
+c0.nic.fidelity.	172800	IN	AAAA	2a01:8840:70:0:0:0:0:48
+fido.			172800	IN	NS	a0.nic.fido.
+fido.			172800	IN	NS	a2.nic.fido.
+fido.			172800	IN	NS	b0.nic.fido.
+fido.			172800	IN	NS	c0.nic.fido.
+fido.			86400	IN	DS	16402 8 2 F1FDB16B12B96A368D95FCC0F2A37BC54588DC9D0049F066AA21FB095E5EA7D7
+fido.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . usQLONoEAP7CCtTfvKp1Ww0wTwfC6610YgzaMKNY0/j1MDIZtkAdGu6mq9OlP6PMtbhT8NEwwMGdi7rzdll4jXERsa2ZxstfxClcp6q/APvDdvBxA6SOJguUsqhxQURO++KwMbZwf4gUuIJardCy9+a9WUpcjC66S2F1e1h2eRDwSAx+w602U/IgSpinlAwWAl+DBQ7JeRFQAgXxNELXTUv5rlS4XpuqaQUN4Utj+n/ByHt31K4BRk97rvo2UdIMp0jDbgCkVquNGutLjWIlKFpVp6Ix1yc8gownGJEQ9Wg5aURRTPujp4LbkbOxKEQY23QYcpTYgQhVq67g3t7OJg==
+fido.			86400	IN	NSEC	film. NS DS RRSIG NSEC
+fido.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . VMXPWNBtGLBOjm2R/0uwsX3Y6IIlsRPobbPTn6LMtP6BKSRr9hv4a0cg1dM9+drpjAXgKuetjqobkeFJ37yvakksLpyxUEmK0UiZisKtP1lvFG6btywEg/AZw7l320Hpl5QmFEMp8KUMOmTFGKr3WMGcYqRzwlUHy1tKP4piA4jujrF8WxPbe4iPJmJHfOfJHfZmEPwYk2oem0ThwhQRct3yz2NL9xg8Zs4/VWiNgUWDllVTry+kRQNB48ZfXINDRKi/l5LM0n8J7yCjA383xgNhVt4pICgZ3++4+g8PWyTgnoc0G8H3yoWUfNgvB2xx4IaEIJHv87kxuF+N74LEJg==
+a0.nic.fido.		172800	IN	A	65.22.108.41
+a0.nic.fido.		172800	IN	AAAA	2a01:8840:6a:0:0:0:0:41
+a2.nic.fido.		172800	IN	A	65.22.111.41
+a2.nic.fido.		172800	IN	AAAA	2a01:8840:6d:0:0:0:0:41
+b0.nic.fido.		172800	IN	A	65.22.109.41
+b0.nic.fido.		172800	IN	AAAA	2a01:8840:6b:0:0:0:0:41
+c0.nic.fido.		172800	IN	A	65.22.110.41
+c0.nic.fido.		172800	IN	AAAA	2a01:8840:6c:0:0:0:0:41
+film.			172800	IN	NS	a.nic.film.
+film.			172800	IN	NS	b.nic.film.
+film.			172800	IN	NS	c.nic.film.
+film.			172800	IN	NS	x.nic.film.
+film.			172800	IN	NS	y.nic.film.
+film.			172800	IN	NS	z.nic.film.
+film.			86400	IN	DS	37210 8 2 713E96C6A83BF8E26D80DB818D4061793B4C10405C13E7D9CF7D471CEEFB6009
+film.			86400	IN	DS	40855 8 2 2C6B614B379DA71A9822BCE8094B4B42D14801C5368B07CB1F6F59AF7E750AE8
+film.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . zkWPCWyPwocvQV5IO87fFJ+VoLPMofCxk5NZqXvQZ0qCato2oLQ+DkZx83nv+EiNKdlnz55UYneXD0xNOW/MzsjCxJU64wQaJSugR/l6XdeUd5GL+ccR9xpnwrtS8mu8bt1TJwP0QMQeVF1BnrRdNAv8GsuDyZPHEFkgD878L8H5ixIqyUSTEdaxQfVaeYEkjtNJ1nj2swoE/tZ8nQ0fJliLsj4KtzWW3+xbgn+7dOquQAB/uNhrG64K984ge7SFcwmjv6SDuFbOOnMTVOZIEsiNrCEADC7YBRxYzxUKwwJAMDz7vqGbdMfrv22olPzBYh06+rqE7WVe4n0pDXaZPg==
+film.			86400	IN	NSEC	final. NS DS RRSIG NSEC
+film.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . B8i5/NV2x8wgcljem1r493x5icH4vcoyGXhQu7/szK9vnYU8jfZNZQpGr9ymm2V93IgLgNj6/CX67GMkBiHvSRvLeLRViQOjYnMdrNdLFYUGt+MKy/DdsypCUkZndWQU3bYrIkgLyvHeltTFEnaF4p92wtWZgMUpQZBwsqC7a1MuQXptL6CTKV+DQfFJVS5f48ltUHgEBXjhN/JXu63VsAogC/AjXv/Zua1w9Lqt6cyUeA0dnG+lQDrtPjv1EP43zj1AzVU57UTzfv3wJPCRGKGTkiVM7W/9W4/iQTivZCy/D4YKvasqDsku66g9Uh3IC3nOnDG0siZuOoFinW4SOA==
+a.nic.film.		172800	IN	A	37.209.192.10
+a.nic.film.		172800	IN	AAAA	2001:dcd:1:0:0:0:0:10
+b.nic.film.		172800	IN	A	37.209.194.10
+b.nic.film.		172800	IN	AAAA	2001:dcd:2:0:0:0:0:10
+c.nic.film.		172800	IN	A	37.209.196.10
+c.nic.film.		172800	IN	AAAA	2001:dcd:3:0:0:0:0:10
+x.nic.film.		172800	IN	A	156.154.172.82
+x.nic.film.		172800	IN	AAAA	2610:a1:1074:0:0:0:1:82
+y.nic.film.		172800	IN	A	156.154.173.82
+y.nic.film.		172800	IN	AAAA	2610:a1:1075:0:0:0:1:82
+z.nic.film.		172800	IN	A	156.154.174.82
+z.nic.film.		172800	IN	AAAA	2610:a1:1076:0:0:0:1:82
+final.			172800	IN	NS	a.dns.br.
+final.			172800	IN	NS	b.dns.br.
+final.			172800	IN	NS	c.dns.br.
+final.			172800	IN	NS	d.dns.br.
+final.			172800	IN	NS	e.dns.br.
+final.			172800	IN	NS	f.dns.br.
+final.			86400	IN	DS	2471 13 2 D2ECD166572437125F8D9B0157E59BB3D4201F5700C2749EB4B8DC1D30B2964B
+final.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . dsZ+cnY1KuiiDDJFRFe5PQv1d99XUcJgXPIbJlDE434VV2j0cd5f2VwjcaEJBXrHqpUDUp4MDEZuQ49afETUEinpAiAQdLa9ooK3eliLraC7XD1n/gk4nJ9nOsAjRSulZCgb4ruaPchBhPtha3X46q+lvv2v32zs0qpbmVX1FmJK/ZgpyjkqO61syKqYG9GASJGEcqNv0yp4gKVcG/9MBqxJLoBXlZJ1BqNvgzMHYsLNRdgxwb30HCWpu1xarfG6fzw0DxEocUZuB/n58qNLHKt6nbGE5GFQw5Vh7/2jlIyFZqdnyf67TQAx8gnpQEPOq1FH61gBqoy75419FCmiNg==
+final.			86400	IN	NSEC	finance. NS DS RRSIG NSEC
+final.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . V4wxkCRjERNwH5G9mADPWLoMk8CJjWmJcRH7e/1JYWlLVQzwEiB/vMtR2wWnmQRNZqakWgNEHgZuYR4XyEsheybUqeZhltagZkeJ6Ht7IsjmcJ51EXJIJ5Yl6h7VZG4Wxo3ZDxN3YaIMXmBS3iiEC06PaUWBbcIqY3DJL790m57yOP3eJd6509GQvi+6vKkmf566StqEt3D4rRI7Qq/FzG5y7m5/f4vc0Mjf0smkkz5txa0axAQLzsKcsI4rbxOxQ0pLYbePDhL7Nu2kJPDqyUDJoVF4qCuZeUw8dEEVYTnR1NFOH0Z/svWoT78w53KCgIUakwJqvENCurNZrHqFJw==
+finance.		172800	IN	NS	v0n0.nic.finance.
+finance.		172800	IN	NS	v0n1.nic.finance.
+finance.		172800	IN	NS	v0n2.nic.finance.
+finance.		172800	IN	NS	v0n3.nic.finance.
+finance.		172800	IN	NS	v2n0.nic.finance.
+finance.		172800	IN	NS	v2n1.nic.finance.
+finance.		86400	IN	DS	28624 8 2 860C6291C65E96464ECDB0F349A9F9F10B1F5872D8A39BA27DBFAFE38D85F07D
+finance.		86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . hUtAP5eD3vRtPGCTyXTrNalXZD6l1esyFC0Fs0PWA9N9WPo36vxaScVuUQWS8CWXpM9eu2rpwmjp3e5ZZWANLcIsE1+eCEHw68AfvjLeKVvPVNTAY9saxwVOH6ZEOTEG0zdU4OAOJ9c9/9nbDnEIZfDNVLpIDEQPpBFGiXfnwIUbU1SA65pir1IvB4FrwyFyj7X21znKFByH/XcyaPR+1GxZqCPHfGnuw5263lzFrUud51vAHRP6IXtcdPQqAs/fw3OCHQflJV+yg40QeDk2OTnnOt1iyn9IL9sZ/0iYaUIvV5T6uRMwu6/zWpyEPfU3HuGw4zQ9HHSIunIPT11aNQ==
+finance.		86400	IN	NSEC	financial. NS DS RRSIG NSEC
+finance.		86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . Vq2H81tLNGHzH9bmPVUDMPSUr7RNYen7zLzxFZAvzAq9b2tbWTMGwZ3qN3mcHVxOWN846NAqhaPMfHu5RCNPwiiLM1XSQC/ppHjqU3U9bUR3Lec/v9cUZIsa2QhvNcD38yEQ5JqYh1+oNUGYBknHMOXy1D1s5KdPcaryZj0D+Z9Bf3avGyP7Ox+I6aqG+1QlXy2VPjp3vOlEOPPKwiE+RbIfQJP1EXOfEuEBwC84hOKomJlc2Q/U+cxapyzk3LFqQds68MSE8UWvgq6m12P5a+5kSSmOKwxunwHNM5cWP9GoWNxl2ysqL0k5r1M+2VIkiBBgPxh1XgttoXDs5n6Pfw==
+v0n0.nic.finance.	172800	IN	A	65.22.20.10
+v0n0.nic.finance.	172800	IN	AAAA	2a01:8840:16:0:0:0:0:10
+v0n1.nic.finance.	172800	IN	A	65.22.21.10
+v0n1.nic.finance.	172800	IN	AAAA	2a01:8840:17:0:0:0:0:10
+v0n2.nic.finance.	172800	IN	A	65.22.22.10
+v0n2.nic.finance.	172800	IN	AAAA	2a01:8840:18:0:0:0:0:10
+v0n3.nic.finance.	172800	IN	A	161.232.10.10
+v0n3.nic.finance.	172800	IN	AAAA	2a01:8840:f4:0:0:0:0:10
+v2n0.nic.finance.	172800	IN	A	65.22.23.10
+v2n0.nic.finance.	172800	IN	AAAA	2a01:8840:19:0:0:0:0:10
+v2n1.nic.finance.	172800	IN	A	161.232.11.10
+v2n1.nic.finance.	172800	IN	AAAA	2a01:8840:f5:0:0:0:0:10
+financial.		172800	IN	NS	v0n0.nic.financial.
+financial.		172800	IN	NS	v0n1.nic.financial.
+financial.		172800	IN	NS	v0n2.nic.financial.
+financial.		172800	IN	NS	v0n3.nic.financial.
+financial.		172800	IN	NS	v2n0.nic.financial.
+financial.		172800	IN	NS	v2n1.nic.financial.
+financial.		86400	IN	DS	52537 8 2 A7F8E91C44E9425540A603D224D4D58FFA08754C19E6480C0E437D562E387FF4
+financial.		86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . zIe8n3PbxMQnuHoX+IJ5xa9ar3pVPtPFKOLoUuFmBE83ZHi2Ga6740sAkma1CKnY/rZgnluyZTsxSXZcS27VD3EHwnE06EEafJBVYIwc5cfnn2miG8oMrfw+wEN06PKgahrRFlTZERwKg+CggULKO37o8ucOvSk6thC8NYbs/ggnpih35FP9HcIyA5o7er+9+hn0ilatPlFgTVTtLihVIyDxgtH5rXGMZS4dxhUEADhmmCeewj1eAsnMXPC7uZSfprktsNXIilpDluWPL8m4ftdbS5hjWrhmMX+w1MYom/2+cKuk1ynz7yH2rSHYRsLXBpwcgPQX/VcbYi6iTdHzfA==
+financial.		86400	IN	NSEC	fire. NS DS RRSIG NSEC
+financial.		86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . 1KNtJZNGgg/su+qonlNWv+YyBVsaQR1wudhjC+Ho/YVG16HDEiw7DGWWhWN0q7QVKa0gpF5rCiMQTnXP/1aqk8i0OTEH/uDLcWydMZH48TEE0et6aNQzQ2fKheWs8Uee3jYRUW1XIpCsvb6+4SBasDgS+NYJR/iObLSU6aT26jwmfyUpwaUI80BnahhuF9H10oOoLhgdP0w7G06baRfMVZh1RBviUVWTrDXaPpU6aw1Q8IrJY3pPBoiYKKBi38AtYTIL7C/wyDIkxdwpP9xreFUGRJex1EUu2PRyUmiUw+Gvk4oZt0uWyOxZyNYzeevBUfnhq9WyhS2ZuardlTrN5Q==
+v0n0.nic.financial.	172800	IN	A	65.22.20.54
+v0n0.nic.financial.	172800	IN	AAAA	2a01:8840:16:0:0:0:0:54
+v0n1.nic.financial.	172800	IN	A	65.22.21.54
+v0n1.nic.financial.	172800	IN	AAAA	2a01:8840:17:0:0:0:0:54
+v0n2.nic.financial.	172800	IN	A	65.22.22.54
+v0n2.nic.financial.	172800	IN	AAAA	2a01:8840:18:0:0:0:0:54
+v0n3.nic.financial.	172800	IN	A	161.232.10.54
+v0n3.nic.financial.	172800	IN	AAAA	2a01:8840:f4:0:0:0:0:54
+v2n0.nic.financial.	172800	IN	A	65.22.23.54
+v2n0.nic.financial.	172800	IN	AAAA	2a01:8840:19:0:0:0:0:54
+v2n1.nic.financial.	172800	IN	A	161.232.11.54
+v2n1.nic.financial.	172800	IN	AAAA	2a01:8840:f5:0:0:0:0:54
+fire.			172800	IN	NS	dns1.nic.fire.
+fire.			172800	IN	NS	dns2.nic.fire.
+fire.			172800	IN	NS	dns3.nic.fire.
+fire.			172800	IN	NS	dns4.nic.fire.
+fire.			172800	IN	NS	dnsa.nic.fire.
+fire.			172800	IN	NS	dnsb.nic.fire.
+fire.			172800	IN	NS	dnsc.nic.fire.
+fire.			172800	IN	NS	dnsd.nic.fire.
+fire.			86400	IN	DS	60362 8 2 DC39CBEBBF22E91A1BF4A4BA771010082509DBF8F3129B04199E8497AD8E71B6
+fire.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . m1rjROEJyz+SlDrfRc7lPUr1HaP3WpAFNQL1s6nMwloid0CCVkeCnPjS7g35RapaPZfhHuaXh2XTkF4k6UujJCtLaCtPSCLx2C08mS4f2zOKZTmJFovTKU91iMW3lcBSqX0JyCdgAqxhWpbRRC+1m0LdGGokl2JbJ81sLott7UHahuQ3PZMV95zV50cyF/tEQHHWEabv1XMb+f5WAvArphKnp2K3Ghx6KAKEVA8rpGcGhdYJfEU/XvfnhTV1VR07frZG8EodWfc8ecf4HxjJw8cnXuby4Pwkw6cYhIUcZ/tCQdidm3ouzPrUWkPgf1ySRkZBFCfykXHWiTpkhdtfbQ==
+fire.			86400	IN	NSEC	firestone. NS DS RRSIG NSEC
+fire.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . kJSiNCLf0+FjwzzwCCyswOht9kuuwHDwpNmqQje9ruUyiB0tMSFTnyrWUy7TpJYCAvvbdUEER0HqEWTsxai1n9xZF6hwFq6lubLAI3C4HFG2A4a5XYzYZM6sx8IJs00emsZ7YdP6O8PKxYr2hYeig/1QY6qg5Qc0E7GQg4/QZRq91rAYXt3ftCGArVvLgokSev9Me6ptvpHpih4ViBvCoy1jikeFpA34xokPyYnEKmydfAsMap+lUZRIxgDaP8RdUagWR/2n65MhEKZ1yb8u4bdiDxHFERogxU6ygbQ1m+WeGds9HRPEBWxip4RRNUOTPgIQObLsnzhjPFfIPxrGHg==
+dns1.nic.fire.		172800	IN	A	213.248.218.57
+dns1.nic.fire.		172800	IN	AAAA	2a01:618:402:0:0:0:0:57
+dns2.nic.fire.		172800	IN	A	103.49.82.57
+dns2.nic.fire.		172800	IN	AAAA	2401:fd80:402:0:0:0:0:57
+dns3.nic.fire.		172800	IN	A	213.248.222.57
+dns3.nic.fire.		172800	IN	AAAA	2a01:618:406:0:0:0:0:57
+dns4.nic.fire.		172800	IN	A	43.230.50.57
+dns4.nic.fire.		172800	IN	AAAA	2401:fd80:406:0:0:0:0:57
+dnsa.nic.fire.		172800	IN	A	156.154.100.3
+dnsa.nic.fire.		172800	IN	AAAA	2001:502:ad09:0:0:0:0:3
+dnsb.nic.fire.		172800	IN	A	156.154.101.3
+dnsb.nic.fire.		172800	IN	AAAA	2001:502:2eda:0:0:0:0:3
+dnsc.nic.fire.		172800	IN	A	156.154.102.3
+dnsc.nic.fire.		172800	IN	AAAA	2610:a1:1009:0:0:0:0:3
+dnsd.nic.fire.		172800	IN	A	156.154.103.3
+dnsd.nic.fire.		172800	IN	AAAA	2610:a1:1010:0:0:0:0:3
+firestone.		172800	IN	NS	a.gmoregistry.net.
+firestone.		172800	IN	NS	b.gmoregistry.net.
+firestone.		172800	IN	NS	k.gmoregistry.net.
+firestone.		172800	IN	NS	l.gmoregistry.net.
+firestone.		86400	IN	DS	9944 8 2 4FFB2B67BAD9D7C6D0DEF9EC1DC4AC201EF4137364729662E19F329C10801634
+firestone.		86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . taU8GPdrc8/tJUrDLyC/xFjAAyG5nqri1uURvdxd9p2LVLkq9kQRxvbKxwrU8ExXOezMYv1byHzAwG7BFTfHOHfmw1fdib/mHTIebSPBuU02u/0Kd2EVrfbCI3Un/ZrG0sO4i+BWTh4vI/MZM6JGAhT1LSGq1gRF3yrkJFRAHHXAjdJQqNQLBwwYA47igaY4sPW/Qvbg23HNHab3jsCH9nNEOy6Uod8bguXBP1gxbZ+2JBxB6zKJ6LvPATiAQfe0q357MOJka2f+MFuNh9kSL9ZOF7YgqhByew4RViABypyJaLlqmSlH6iEKD94gQ3sNGDh68la3lHK0u0vP/OX2JQ==
+firestone.		86400	IN	NSEC	firmdale. NS DS RRSIG NSEC
+firestone.		86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . B9BUC/MQpnIAgpQxH0cP9Dfd+Eh2r6XMXmWmv/Wfkm6eoOtIToH8QXmrncoPQCQwnjUX+x+ch4WnbSdES5GT8vRawB/sCK9vvRm514PBjkR7qUajrCVc9LWuaWheYJyXeIDxk9by0P30/Ng/ZXy2xRCivin4PCDTXbVsmyk0BBntmQWUJnYMNWYoOozW1oM7aJDnLGfSuOhAn6SxAkZPEySqGeIVVqztCPDJmDVVuP1N3aU1qxw1llDzOdJBCWSGfl8UZYo5yOnQVq7j0v4anaaxlkQFoIvbooMor8xJ3EZ0G0/ZxU8htDsCKWaXFnY6Z1p0MjiVuacna+2JTx0CCQ==
+firmdale.		172800	IN	NS	ns1.nic.firmdale.
+firmdale.		172800	IN	NS	ns2.nic.firmdale.
+firmdale.		86400	IN	DS	46150 8 1 242C19944D9422F066F20D3686225C2370D150D0
+firmdale.		86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . EOoa1xx1Y0l+1EpEMWG85Cgz1nrbVatcxhAwfGSwNWDOuBjT68VIaqeDhXO/hQRvZoCjMdwgRos4S5XJeX7xFnDsghep8B5Ey813wfbuv6gLeqLNoOXsSc5cyNJLCZQyPu3ipj5dOOP1XOlkDU7nchVibSxvTls23qPljhXFyVldalFWHnp58988tLYWKg9+UJ1pqHCii3hUvjvufn+AhMLuaCH41vzGndCIDmCeowD6OB2jh6Wn2r7iTf/Ug4oQM1z5oKs15YvvMFJflHCO2UceU4/5dnIwxWqNezRfeD0CvdnmDqKc12YoiWB8i1JiK0xMv9JUbTHcFtOaBCDCsw==
+firmdale.		86400	IN	NSEC	fish. NS DS RRSIG NSEC
+firmdale.		86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . BbwyAWPQOBXktgZeAa4W977oS6GD1R7qt9EXjPDLasr/F+b3BICos4uluwDI95AZzwZT8TxOG0wVYKDwwMb6tlxVlZnMQoqdJ6cK5t8qBUQOL1/w7XNQhXN/G0qhdmJsi2nEOoB6UUCgv1IN5lHN+rsXyVHA7eXT3qLdNWjsJj+NMJWB9YHuk05xNCEnLo/zyUELGjX2pMZ+AvWMyLZc0MPBM6rJhB1xsIlIYdolAjkmA9fmiJLLuPd/LLV1y3pID+ABRMYzq2SgFhEla1fnvc3MLANkVPIz0HJTHD4YPMGhn9J3oTMjP5I2+iFH/hxt0yRJUGQ11TSwwTclH4wUig==
+ns1.nic.firmdale.	172800	IN	A	72.0.51.1
+ns1.nic.firmdale.	172800	IN	AAAA	2620:171:a03:ad:0:0:0:1
+ns2.nic.firmdale.	172800	IN	A	72.42.115.1
+ns2.nic.firmdale.	172800	IN	AAAA	2620:171:d03:dc:0:0:0:1
+fish.			172800	IN	NS	v0n0.nic.fish.
+fish.			172800	IN	NS	v0n1.nic.fish.
+fish.			172800	IN	NS	v0n2.nic.fish.
+fish.			172800	IN	NS	v0n3.nic.fish.
+fish.			172800	IN	NS	v2n0.nic.fish.
+fish.			172800	IN	NS	v2n1.nic.fish.
+fish.			86400	IN	DS	46519 8 2 4B82D075B2315DA06036FA1F9530B15E142FCE0FF748F3370CD36877B1C50AA2
+fish.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . UQaN9GZd3OxdM1/0UZ21d9/nuO/KfzFDEQEVWD1E8ymL0uTmSfttuzL4wcDoZnuGmMNZohpZvPA6i2mE/zUhkeBrTIg/vYX18XVDocBpDEMCLd5pnvjeMcjlkQGv3b7vogct40YwdnTpK59yEfgG9x0OJlZVJt0TE+GbTWLD/3H8N5MIlKfrInuabWjqOYaC/V65WbCxZ2x+AR0X7SpCc4Sz5vTs2sofb6oKKqdgyvwPcpFtU3vNxi1hwLbSRE6hqxVU5cecaPm1t/7NDRTgQgFblMnf08OxycWGAtNEmoaCwQz1ta2KIG4Ge51iRZCNWRaD6Rj8QrNO3RoA4ftyxQ==
+fish.			86400	IN	NSEC	fishing. NS DS RRSIG NSEC
+fish.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . Mv3L806d4W9r3XCn51a1NogLnTn8BhoQvVWlmYoTd06ywOF6MKiVg9BTTZxCrmSCm52YKqRFJi1FoO/lTgCUPSvXPa5kDOLajxUNRjroba8e8Yu6UuT4BrOgyrk/dHYXnMDFEHEkCTnfRuRle4000ml+goKMUDo9KynauiPsbX22bybJMr8MKv5W9B1Q6eHMgn6n1qITDUfEL1wA2+VPDTyHTfTK/6smiKbYZj8xIUJHCm64yEsrjdUYM/1pOf6GWbyXHYqNRiqhEgtwLZSjZQAElKCF3Eag6ipla0mTCO6BOzHzlNXkhOradqP947qjQpaxL64xYiCxL+WAGA4hXQ==
+v0n0.nic.fish.		172800	IN	A	65.22.28.23
+v0n0.nic.fish.		172800	IN	AAAA	2a01:8840:1e:0:0:0:0:23
+v0n1.nic.fish.		172800	IN	A	65.22.29.23
+v0n1.nic.fish.		172800	IN	AAAA	2a01:8840:1f:0:0:0:0:23
+v0n2.nic.fish.		172800	IN	A	65.22.30.23
+v0n2.nic.fish.		172800	IN	AAAA	2a01:8840:20:0:0:0:0:23
+v0n3.nic.fish.		172800	IN	A	161.232.14.23
+v0n3.nic.fish.		172800	IN	AAAA	2a01:8840:f8:0:0:0:0:23
+v2n0.nic.fish.		172800	IN	A	65.22.31.23
+v2n0.nic.fish.		172800	IN	AAAA	2a01:8840:21:0:0:0:0:23
+v2n1.nic.fish.		172800	IN	A	161.232.15.23
+v2n1.nic.fish.		172800	IN	AAAA	2a01:8840:f9:0:0:0:0:23
+fishing.		172800	IN	NS	a.nic.fishing.
+fishing.		172800	IN	NS	b.nic.fishing.
+fishing.		172800	IN	NS	c.nic.fishing.
+fishing.		172800	IN	NS	x.nic.fishing.
+fishing.		172800	IN	NS	y.nic.fishing.
+fishing.		172800	IN	NS	z.nic.fishing.
+fishing.		86400	IN	DS	24019 8 2 51A5CC521F83D8BEA6AFE905D7F24A758C72D9341B550FC4E7AC0F272ACEECA5
+fishing.		86400	IN	DS	63775 8 2 8137BF33700CFB755C53EFA2EB3B80AC9630B05BEFB7E8AF34DD079E131D2C01
+fishing.		86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . dSelP57zWwJPmSti8VqB+GX7wlhyx7ZpGidgL7gGn26WWEj5JJLQYo1GVSNxFRqwgheCufVS4EitelLO7Birp3yX6qguRoPmGCxnE0hFV6TLWoJJu5fJW2jr+Q/15hNuBGvpHiXgBlP3PvZvXAluG1guCLZXlIwqqyTI1SB/DqqH0GIsuiQs25a9WqvES9FkAZy7EtJzkrZJ+33meb4CkZmTy9djj5deuGOmPH2/2A6v+Lx6Jj9hde2D2icEniXHInjyok/uf7v8Y1sEq8Vz9FV6hvnH5Kp5AkUmXKWNwReBS8gqUyequPOpJchRcZ6fjekm5CcaGNJHAINe1jww7Q==
+fishing.		86400	IN	NSEC	fit. NS DS RRSIG NSEC
+fishing.		86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . dMT/xQn1T9yvgCAM0C0Qk9grrde3LzTTVIfRWg15Jcl9eNxCEVRQnC4dpsmScW2oEX3WilzRZHJlAykswJwJhKd5KNhrNHbLjTy0BtSoGHgkisK9tRRBczu8mb144TPDFcJbZjdFhwKN4SfEX8LJP/dJaVCC+EbttJWRB3dprktBlhZ1+HMs0s+DMaFQBF95Lv1eZP68V8yZfFHmniIpK587RfUDLSAba3mQSPaXMEAKep++HSsgS5ev5T/lugT2k1PWWDUx3xOVO3DPHbsE/49Civnt3N4SpYnrYCrTOynumHgEuQdQvaEP64ZHCcqLUMm29X37gF/ILuvCs2Wowg==
+a.nic.fishing.		172800	IN	A	37.209.192.10
+a.nic.fishing.		172800	IN	AAAA	2001:dcd:1:0:0:0:0:10
+b.nic.fishing.		172800	IN	A	37.209.194.10
+b.nic.fishing.		172800	IN	AAAA	2001:dcd:2:0:0:0:0:10
+c.nic.fishing.		172800	IN	A	37.209.196.10
+c.nic.fishing.		172800	IN	AAAA	2001:dcd:3:0:0:0:0:10
+x.nic.fishing.		172800	IN	A	156.154.172.82
+x.nic.fishing.		172800	IN	AAAA	2610:a1:1074:0:0:0:1:82
+y.nic.fishing.		172800	IN	A	156.154.173.82
+y.nic.fishing.		172800	IN	AAAA	2610:a1:1075:0:0:0:1:82
+z.nic.fishing.		172800	IN	A	156.154.174.82
+z.nic.fishing.		172800	IN	AAAA	2610:a1:1076:0:0:0:1:82
+fit.			172800	IN	NS	a.nic.fit.
+fit.			172800	IN	NS	b.nic.fit.
+fit.			172800	IN	NS	c.nic.fit.
+fit.			172800	IN	NS	x.nic.fit.
+fit.			172800	IN	NS	y.nic.fit.
+fit.			172800	IN	NS	z.nic.fit.
+fit.			86400	IN	DS	52846 8 2 67AC0D6B4ABDB3E427BAA988FCE6DBB8F5420027AB25D219FEC06E2FF8BABF09
+fit.			86400	IN	DS	61939 8 2 964CF669D1EC486A61CD6BE09167B36D5FDA20B21FF3950F4E1A2373BEEA3E66
+fit.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . COLANIVBwzEf7OiaCWehfJ07qtd9mSFzfrshp1cs8vJyLmoKhvaO0qXoV7e/O1QiA3izvJgTs3o5V87A8SvdUKftqZDTULk7OWBHlc8xNACzikb2GnQQGcwk/s4b+e2hreWjI20AR2Goi2JGgAIWP5MpQKcZftng3vJic0jzYqr5oYOvwiiyZ+BbpQJPGMdxvBKIAMREM3b/bgC+fNbf7gU42GajcIOgKFdKlnKndgctDuUgpUmCSg9+6VqB7GyWuxAa+m3Tp4DPnHiTYJVM5GLGWahtUitAfOpTY1FNNdAqx52VZVq5mMT0BlhcPDTPYNvgCiFdQxgn8YhAgWoLSw==
+fit.			86400	IN	NSEC	fitness. NS DS RRSIG NSEC
+fit.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . KeVcxz4j1pbv7e4DtQ7lk7RWi0b2Tex4f+bp8DRoJgqrSb6g9FF1wffolQvydr/cS7JdMqNLhhklZ/ufqksqdgJ40iN7tJiOKx8yKnXiys0O1J2vBXhbpwG4uVVxMEgfRgxiq2im0iih60U41RwCh4d+6SO1Nd2d9S7/V8afoA/r7kcAln/6yPWufgUmE4oDjXGj9I8HqRbXntqcDpg7D3qleWN132rBPBC7QWWi7rR4Mz7Ax/Ye1YmwBNJENsXRKe0q/KqP5fLmb1jR9XciWgVo3OV6zvVNTAPbFEKoYYmJ6V9v4yfNFuCun3nm+koAOEMuuej9CnUNy1/9ePznVg==
+a.nic.fit.		172800	IN	A	37.209.192.10
+a.nic.fit.		172800	IN	AAAA	2001:dcd:1:0:0:0:0:10
+b.nic.fit.		172800	IN	A	37.209.194.10
+b.nic.fit.		172800	IN	AAAA	2001:dcd:2:0:0:0:0:10
+c.nic.fit.		172800	IN	A	37.209.196.10
+c.nic.fit.		172800	IN	AAAA	2001:dcd:3:0:0:0:0:10
+x.nic.fit.		172800	IN	A	156.154.172.82
+x.nic.fit.		172800	IN	AAAA	2610:a1:1074:0:0:0:1:82
+y.nic.fit.		172800	IN	A	156.154.173.82
+y.nic.fit.		172800	IN	AAAA	2610:a1:1075:0:0:0:1:82
+z.nic.fit.		172800	IN	A	156.154.174.82
+z.nic.fit.		172800	IN	AAAA	2610:a1:1076:0:0:0:1:82
+fitness.		172800	IN	NS	v0n0.nic.fitness.
+fitness.		172800	IN	NS	v0n1.nic.fitness.
+fitness.		172800	IN	NS	v0n2.nic.fitness.
+fitness.		172800	IN	NS	v0n3.nic.fitness.
+fitness.		172800	IN	NS	v2n0.nic.fitness.
+fitness.		172800	IN	NS	v2n1.nic.fitness.
+fitness.		86400	IN	DS	65515 8 2 637C29078214FD97DDC25208CD00FA607EAD761BCC5279AEEF00AE91AE8997F0
+fitness.		86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . Yeavnik6uR/Jh3S4bOznnt3ueZriHevgza1RKbrvEyPkYUmsZx/vNmtKs+fYhWdVliVg1BbUdkTjV4I647xHhasE/1Lm3fsWMhUSH6hCASWnnjF9I/PD4vVCSVrlnpnDRvpr3yXCmjmNadDAGGroZwWup9V91MqT4qhbeLrx9OHA6QVLw44iDy8D3WpbIeC2wMNW807gR3axs/DAjVb4YLnZXUqnNqQz0ZinD/DjCEgLI8PmwH5Hw8U2Oj2nEVCAyM6ZZRKCVuWFlaXlNsk6+WiTKAAkr5zCIrOa/Qlz7esYJDuBH/jIoUJhp3T4e8Gcd60Vd1L7pNTDetet++9U+g==
+fitness.		86400	IN	NSEC	fj. NS DS RRSIG NSEC
+fitness.		86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . pfoj8ieNpUIub3ECNv1t52R09YKbo8IxLmOI88yu2FZlv/GkAb2iv0P2LJPegU3pnnw5WAKb0FPuJY46hzGDZg2WUEtpauTa4XODuZtDNsZ3owFao3cZ/vojo7DJvA4FodR0UVV27D4fJUy5xHBzbWgbxh4lMfu0UrwEUjAA5FKqRsBQrjFdX70WrYDquFYY0rmYC1brFW3ZZDQWWZ9PZUdGujBxbYAbAamjpRznSdwxTtc/O0sGvbxnm+rRtm4+/Ma7Q4oLlv/CrXQF9bsxtBrVYTLtZvSmUEUZF09lTc3dVla7WNsjF8U150d+XlZgommZ5/ZHzRXIJnfG012mDA==
+v0n0.nic.fitness.	172800	IN	A	65.22.20.47
+v0n0.nic.fitness.	172800	IN	AAAA	2a01:8840:16:0:0:0:0:47
+v0n1.nic.fitness.	172800	IN	A	65.22.21.47
+v0n1.nic.fitness.	172800	IN	AAAA	2a01:8840:17:0:0:0:0:47
+v0n2.nic.fitness.	172800	IN	A	65.22.22.47
+v0n2.nic.fitness.	172800	IN	AAAA	2a01:8840:18:0:0:0:0:47
+v0n3.nic.fitness.	172800	IN	A	161.232.10.47
+v0n3.nic.fitness.	172800	IN	AAAA	2a01:8840:f4:0:0:0:0:47
+v2n0.nic.fitness.	172800	IN	A	65.22.23.47
+v2n0.nic.fitness.	172800	IN	AAAA	2a01:8840:19:0:0:0:0:47
+v2n1.nic.fitness.	172800	IN	A	161.232.11.47
+v2n1.nic.fitness.	172800	IN	AAAA	2a01:8840:f5:0:0:0:0:47
+fj.			172800	IN	NS	ns1.fj.
+fj.			172800	IN	NS	ns2.fj.
+fj.			172800	IN	NS	ns3.fj.
+fj.			172800	IN	NS	ns4.fj.
+fj.			172800	IN	NS	ns5.fj.
+fj.			86400	IN	DS	27739 8 2 D7FE923EED1E1194597CC5EBCB37D10F3BFA2E927159F5018CDDB86D30665ABB
+fj.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . qkPlN3sivdbwlgmOwYLCa+Pk52DBbXjFMB1tUahAbesYAoJWbQAI3E4I1fk25fZHb3rtnf76Dfo6Q2mHa/enTm70wOxQCKww2vW3tiZ4zd24u+tFOGtWh641HFkJ6rSbzWN3AAP+EBJGjhMWKesNKxEEPCieuXceegxLTaRim9IVBdX0xycXvqkhxLK0285iEAH9SnaSjB3DkMMqS0RJ3HestoQKtUm10E9/pAkYV9u04AVbyqtKwbeNKBiaLWcc/od/pPDDOQlkVClMD6+6zNd7GrY7m+ldsbUBX5fn+4wd7FLzbPRwyOyy5Ot9WR+VYKGXwU1XV9SWbzVABbNK4g==
+fj.			86400	IN	NSEC	fk. NS DS RRSIG NSEC
+fj.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . vVB1bC11orNF53npEf7YH89YwUFtsa9xFfo2fiNH/0qz6i/Ka66Enq+wkg+PkmXw06ExLTHhArdXsSThftfUmqmLvZAlb7PHGN8zIFdx2874aVIDXevBn7/uFv2m5ISV8KxHzz9lJyf3LNCU2qnq8Ny9ggNMmaAD3rtOyn90LJUqd4igTYcCANc3EnmFMnBtwKhyK/pxsiS3QLmQ92WMNdrzdwfnAZGq4EbnOhEZO1mvKsVYTyAy1oCEf5wCTdaBFsW25X4i3m68qLGS7Touuxc1XJh4dPtPkg+Sv9pod/P38QaPgaX/c6Z02yaOXu2Dkm8nsKu4ZcMlM1OAjzMP8g==
+ns1.fj.			172800	IN	A	144.120.146.1
+ns1.fj.			172800	IN	AAAA	2402:2940:100:100c:0:0:0:1
+ns2.fj.			172800	IN	A	144.120.146.65
+ns2.fj.			172800	IN	AAAA	2402:2940:100:100d:0:0:0:1
+ns3.fj.			172800	IN	A	185.38.108.108
+ns4.fj.			172800	IN	A	185.28.194.194
+ns5.fj.			172800	IN	A	204.61.216.138
+ns5.fj.			172800	IN	AAAA	2001:500:14:6138:ad:0:0:1
+fk.			172800	IN	NS	ns1.horizon.net.fk.
+fk.			172800	IN	NS	ns2.horizon.net.fk.
+fk.			172800	IN	NS	ns3.horizon.net.fk.
+fk.			86400	IN	NSEC	flickr. NS RRSIG NSEC
+fk.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . lgdu6CZmodh2s8rzGFnVFBLzEhzdty+ELawZqze074UPm0lRAK9T5eKzgk7yMK6jNDK19+phu/aNd4PnX9anrvW+Bhc+4SVWhjyeaV2NaNnNL6ZKlZx0gg+HWUNdsSujY6D/EyywRF515QAJjz9UaDoeEO2vkBG+cNxgNuDDKB9Yp+ezCbL28o1xFambi3rgxff3S7Nc229H3v4042aLu0vDOwYcz1Umn23nq2XBZ1MPVlEMm/CP6Y8rRvDOdqaU7Jzu3AcTvFiH+mizJjUQvRTTZQ5/tP64rnmXIRR07tBJBDx5RYo40sTkuAq/tKBFQ6abZXiZ2RgYoCaR+LkPZg==
+ns1.horizon.net.fk.	172800	IN	A	80.73.216.250
+ns2.horizon.net.fk.	172800	IN	A	80.73.216.251
+ns3.horizon.net.fk.	172800	IN	A	93.187.151.42
+flickr.			172800	IN	NS	a.nic.flickr.
+flickr.			172800	IN	NS	b.nic.flickr.
+flickr.			172800	IN	NS	c.nic.flickr.
+flickr.			172800	IN	NS	ns1.dns.nic.flickr.
+flickr.			172800	IN	NS	ns2.dns.nic.flickr.
+flickr.			172800	IN	NS	ns3.dns.nic.flickr.
+flickr.			86400	IN	DS	5335 8 2 16642C254C1CE6557C42465FF0E2053F92952A38280642401DAE04A51DB01030
+flickr.			86400	IN	DS	54904 8 2 A0C9B5D4A5705BA6563443E9A93BE7202551583FD55054E2FFA1B210B17F3903
+flickr.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . QASL/PxNmwHynU0vsCH5tfF8ItRTfv+aCu+V2cL4Lt3Qi9Z2vAoBA1gydXUH92sA3SiH74rhJLy/pGQGdeVwEox1PJ2y46eqC8k8Iqj74+oHukAgPqGuGcZelq8sCkXBfZjKGjzrr0tuDu/UoMcQC+jSeIPylVtOYNDoYx2jMtjp223MeCrQ0qpIjLmMFKwdoUY1SoU/cvln/cmLM2T4wO6jll6878mAVohi6FlQ0xHIgiCKM/h62bKtEJ9iejJYRO7t49+ZP0uLNEA4oiB3FV1fZ+woyo+4mUMbkkZ5wUvFv0K87N9mUREn7B55OOKg26IaTPdTPWUvW84TZaz/+Q==
+flickr.			86400	IN	NSEC	flights. NS DS RRSIG NSEC
+flickr.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . WXQCG/MdCGq7IgFTIidaXiaMcDawAvEndaLbd/fwj7O4QBHdUo4uwMebEGeWMl9UdjvutslojPPzCdtY+ZduEPJNlpIFpObiOmsWnlHphpoxZPJ0b0TnrrIyG0RCmnAbcydJCPax8EEv9spVQ0G2hglmdoC0oISrkpcvo/32qKtvJc1YfS/+nO8rqH5gxiz9TMuAwq24LNKz/3nwXQ2Lwnemw09sc0+JgVg7VwatZJp6tqq+fDv0a0ej3HN/hkNC5ClnyRXRmcktEQLus+JXIZYIVzw6hBlBoPzs7hpQaE8Ghw8OqwDIW6GuHktpaa2Eqlv0dLWghxLpFKaotI8tXw==
+a.nic.flickr.		172800	IN	A	37.209.192.9
+a.nic.flickr.		172800	IN	AAAA	2001:dcd:1:0:0:0:0:9
+b.nic.flickr.		172800	IN	A	37.209.194.9
+b.nic.flickr.		172800	IN	AAAA	2001:dcd:2:0:0:0:0:9
+c.nic.flickr.		172800	IN	A	37.209.196.9
+c.nic.flickr.		172800	IN	AAAA	2001:dcd:3:0:0:0:0:9
+ns1.dns.nic.flickr.	172800	IN	A	156.154.144.60
+ns1.dns.nic.flickr.	172800	IN	AAAA	2610:a1:1071:0:0:0:0:3c
+ns2.dns.nic.flickr.	172800	IN	A	156.154.145.60
+ns2.dns.nic.flickr.	172800	IN	AAAA	2610:a1:1072:0:0:0:0:3c
+ns3.dns.nic.flickr.	172800	IN	A	156.154.159.60
+ns3.dns.nic.flickr.	172800	IN	AAAA	2610:a1:1073:0:0:0:0:3c
+flights.		172800	IN	NS	v0n0.nic.flights.
+flights.		172800	IN	NS	v0n1.nic.flights.
+flights.		172800	IN	NS	v0n2.nic.flights.
+flights.		172800	IN	NS	v0n3.nic.flights.
+flights.		172800	IN	NS	v2n0.nic.flights.
+flights.		172800	IN	NS	v2n1.nic.flights.
+flights.		86400	IN	DS	2104 8 2 E78701C441507DED68434984E0842F491BB2BCEF7F0F06C9B4C964AAAAD7222F
+flights.		86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . JUCrL4aBoyGhxsOR4zMRaXz1eXk0s5nD5M8gtAEy5tibFAqOcxr/Qqqgn98LSHwcK2hCn7UXWHh1UpFCHkij6EssBGKmfhVM+mX7fXBAUUG7VyNhtz1FZbM/pcX0RtrSe4vOPNwVIx5CifugJsGrlwbj1HFNr6VMSIKoD5DMTtSltRy/2FcTkAQsHc+aPfE0UoAHtJUht3qyUJRFp88FDSvmfQr9Q8NtdwSUJTkMOI3/7pgG/H7J5Vrf8nmzg2T3TKuaPHL7LLkPucvbrZ1kEJ1FSAHQzlrmVequ+LGG281IfFFpSTJFGb+5nLtsxmaK/m9pLiTvpZ0TpbHPVtW2Og==
+flights.		86400	IN	NSEC	flir. NS DS RRSIG NSEC
+flights.		86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . ETJCwZaWfPdeda0VXbplee3Yh5Suhs1PSyghFiOVDSmBVErBmTFbxYCSykyoGcthJK92WUoDE9uwDvwjjM4iLFckgjDHJWvh5BHFMyIxDzGnjML0QCKtaQYFw4U55HhGOv+pA6a4hRq7tiUU9TokSbjxaqkmIC5T7st7Msbubb0/d5NEM824+kXhwn3LOkavIbyW/g3MDghGzHocc8+qPGDYFBjjrcKOco/hnnpNSEX4Rj/d+1Liq6+0uTbMWi4ZEK4tpvapMyZZmGctds3gyTMJtj+vq1z8sWYij5/k6TKta9ExmSsi19cAhGnTimfEpXQZ8UfysnFGyPsDo1nNnw==
+v0n0.nic.flights.	172800	IN	A	65.22.28.31
+v0n0.nic.flights.	172800	IN	AAAA	2a01:8840:1e:0:0:0:0:31
+v0n1.nic.flights.	172800	IN	A	65.22.29.31
+v0n1.nic.flights.	172800	IN	AAAA	2a01:8840:1f:0:0:0:0:31
+v0n2.nic.flights.	172800	IN	A	65.22.30.31
+v0n2.nic.flights.	172800	IN	AAAA	2a01:8840:20:0:0:0:0:31
+v0n3.nic.flights.	172800	IN	A	161.232.14.31
+v0n3.nic.flights.	172800	IN	AAAA	2a01:8840:f8:0:0:0:0:31
+v2n0.nic.flights.	172800	IN	A	65.22.31.31
+v2n0.nic.flights.	172800	IN	AAAA	2a01:8840:21:0:0:0:0:31
+v2n1.nic.flights.	172800	IN	A	161.232.15.31
+v2n1.nic.flights.	172800	IN	AAAA	2a01:8840:f9:0:0:0:0:31
+flir.			172800	IN	NS	a.nic.flir.
+flir.			172800	IN	NS	b.nic.flir.
+flir.			172800	IN	NS	c.nic.flir.
+flir.			172800	IN	NS	ns1.dns.nic.flir.
+flir.			172800	IN	NS	ns2.dns.nic.flir.
+flir.			172800	IN	NS	ns3.dns.nic.flir.
+flir.			86400	IN	DS	7306 8 2 5D9F70DE986FDD8F93A84AD0E5D458A99C8B04545A49F60A348B6A05C4540F4C
+flir.			86400	IN	DS	24484 8 2 3DD6835D42B1D12266D8FCB2FC29B0AECD5783CEDA9792A213F32FB67889C64D
+flir.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . xJBzwontbhkRry0sTT0i2h6kVfA6SqByoPeQgVxlseD6Wvn4I9KQ3pRqiIdHnoXephP7A43sGXjCoBmnqDfabmekeNDVaGt+C2kjeREKSQAeL5TwxMFzxbyDIYcbAzXDI4zgMo546+PgulQTBdYpfnxkqRVPZC82Tj3aZsKipI6vix7scpeOkGwmWOaE13WgK+AQLmZMmkkAXtL5UPNJk1TAwwOnKJvrGRO3y7PNZ+9PXCIFrVXZCtAcx4+iwmHib1/8ndhy0dD0JUmpT+M+6EgLbuLog4vD5Sveh5sKxlzYJKaLuwuUJ/2kxMS4HYl0Yh41nmvSa+ZzaiMf98bgfw==
+flir.			86400	IN	NSEC	florist. NS DS RRSIG NSEC
+flir.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . RD2jbAkS2sSZuBHSvVgHoBpL9Mf2bY2mXtE7nw+zmS63/rhMhFILNDEoP2a0ubc1N4GwD3XVktNQFkEv1p3vH8vKbRN1WCFIuP7saYFBudlv8k84Vk7RCPKDjqAqupaYVimDcY5gzDkAbxCwtszX2jAqLfCeQdNsUHnNPxBKUF5kRAhLvnmOAZg7BXJAbsV4i+MUYjy8WRDgvPQU3KInRUkhVQ/n4UK5DZR/8eYJ0BjxvtngfyMxLf1nhL5cc8VCK0/6ppwrZO9jWaiA7C0ucm+0KeluhQYdpZHVls57W/yhthpUIVFaIpLjYppZivuRDGVa5wbs+dlYDgl1HGBGUw==
+a.nic.flir.		172800	IN	A	37.209.192.9
+a.nic.flir.		172800	IN	AAAA	2001:dcd:1:0:0:0:0:9
+b.nic.flir.		172800	IN	A	37.209.194.9
+b.nic.flir.		172800	IN	AAAA	2001:dcd:2:0:0:0:0:9
+c.nic.flir.		172800	IN	A	37.209.196.9
+c.nic.flir.		172800	IN	AAAA	2001:dcd:3:0:0:0:0:9
+ns1.dns.nic.flir.	172800	IN	A	156.154.144.61
+ns1.dns.nic.flir.	172800	IN	AAAA	2610:a1:1071:0:0:0:0:3d
+ns2.dns.nic.flir.	172800	IN	A	156.154.145.61
+ns2.dns.nic.flir.	172800	IN	AAAA	2610:a1:1072:0:0:0:0:3d
+ns3.dns.nic.flir.	172800	IN	A	156.154.159.61
+ns3.dns.nic.flir.	172800	IN	AAAA	2610:a1:1073:0:0:0:0:3d
+florist.		172800	IN	NS	v0n0.nic.florist.
+florist.		172800	IN	NS	v0n1.nic.florist.
+florist.		172800	IN	NS	v0n2.nic.florist.
+florist.		172800	IN	NS	v0n3.nic.florist.
+florist.		172800	IN	NS	v2n0.nic.florist.
+florist.		172800	IN	NS	v2n1.nic.florist.
+florist.		86400	IN	DS	48775 8 2 3FDFBF7D66854164BD6F7EE44CA6E92F8E7D23E577BDC213D34DFB62A0093E85
+florist.		86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . F3Jd0WaJF/iZeuDWt6k4JlHG2Y1RYin6sHwUmS4t1ATXlIbmSG4tO0gH41B9678oTogQdaiV4KinTT40UZ+vgRdcI2fEVYo0jTgdttY69g0CDyDmL+o8msQV814KHCMNcktgdZx5HCQDvtoVLZXk0E+TKK4GswJa+T51s3niCyiD6Gb/RQND/spsZn30HRM/2KojN2zWybXekLx4oiZzxsTY0HKucPPa6PXkRy+4fww6Ff3t13Zxb2IMtelbQ8/sjKs4apaNvx26GnjcUdtKv0AsPadBp1vXqcw/9oK+TKsWG3mAI5UhPbAeAbsKd4kX7ksby9Is5JPVb7g2/PdkJA==
+florist.		86400	IN	NSEC	flowers. NS DS RRSIG NSEC
+florist.		86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . mbpx9gNib5E4DU3DeNek7easXiXBullAcXd18XamJhbqUV8maZUKxs9a1JY2Wl9nwpCutGcAr1kFwHJTEq89vHK5xuPq6yf9Z2R/w2pw76doDwXVgxcHzFKxDWP5v1V624kXOBuRc5RAFtxDjzWyqmyGcVwSEDkzk3eVDCZJKmFfw9+jN5EDDB0Qv3rSpTusc1sggoKZKw/vVqV7D3wSj+O76XqqFer3ZUD3rSyKeh9J3DRuXR2QD1/kJK5B2qrM/N2t1Xub17EPL4gAgT68beiMLWN3Ya/Yj/PSZ1MuGS9qGSkB1KZmPla8ZkR6HS2AxtP7zGNd8tq5BIQFATNG8w==
+v0n0.nic.florist.	172800	IN	A	65.22.32.30
+v0n0.nic.florist.	172800	IN	AAAA	2a01:8840:22:0:0:0:0:30
+v0n1.nic.florist.	172800	IN	A	65.22.33.30
+v0n1.nic.florist.	172800	IN	AAAA	2a01:8840:23:0:0:0:0:30
+v0n2.nic.florist.	172800	IN	A	65.22.34.30
+v0n2.nic.florist.	172800	IN	AAAA	2a01:8840:24:0:0:0:0:30
+v0n3.nic.florist.	172800	IN	A	161.232.16.30
+v0n3.nic.florist.	172800	IN	AAAA	2a01:8840:fa:0:0:0:0:30
+v2n0.nic.florist.	172800	IN	A	65.22.35.30
+v2n0.nic.florist.	172800	IN	AAAA	2a01:8840:25:0:0:0:0:30
+v2n1.nic.florist.	172800	IN	A	161.232.17.30
+v2n1.nic.florist.	172800	IN	AAAA	2a01:8840:fb:0:0:0:0:30
+flowers.		172800	IN	NS	a.nic.flowers.
+flowers.		172800	IN	NS	b.nic.flowers.
+flowers.		172800	IN	NS	c.nic.flowers.
+flowers.		172800	IN	NS	d.nic.flowers.
+flowers.		86400	IN	DS	11746 5 1 48BDCF4CDDC2A930612A0D41E3DCBDFDEFD6B433
+flowers.		86400	IN	DS	11746 5 2 D3D6C0D4A9E2E40E92DA8203B7EE72A80CE3B9220FB51B212C6CB25A1B886D5E
+flowers.		86400	IN	DS	44614 5 1 16E65148CD02D28C72BE03EC2AD4F0B7B8EA156D
+flowers.		86400	IN	DS	44614 5 2 E504240FF007EAA0829D9CF47F27FDD2B8C4C03E113C9D163FA0766D6716609D
+flowers.		86400	IN	DS	53083 5 1 FF6D6BA7638E7D8010867C4334D20EED0D8F0D0D
+flowers.		86400	IN	DS	53083 5 2 9F8BF09B0D588D739D4F88D9E2AB870C3EE1368EC69089EA744353CA27B49C21
+flowers.		86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . jy9kNBjaw9/XCsfGg75SpMSXN7HfIEgwYLqjz1IEF30MmkvkONDb2cBli6k6HWr01IBLMn9TA/dYezXIKkM+K52KwfwzXIYXfl+VYXETGi9oqvQBfXBI2z9v+1CO2gXQiWXNpkZt3Her4wjZAJYUgnjI5mnNKZetHb9aBpZzQTQnPNwsfutcyHitBvnthNtrwq5MvrAjdDjT3hMhsAieyz2msu/zi70l0JDnRYh4sLkSuP3rXon2OoHVz9q2Xtx9a89PrCaQx8s/Chll7bVzUVTM5EL8eK6h13toFxRiDiJLcwy7APW3ORU3BFofBRU8rAY+h8bz78yzeTTcsWu3ng==
+flowers.		86400	IN	NSEC	fly. NS DS RRSIG NSEC
+flowers.		86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . uO1J1f9yOXxImz2hz8v4Vk+uCNJmUMJx8lPxtU5lPKmFZKIFTXkerM1JG1oLWcgKFZzI92uMOa+W7nRC0lcZcBFi25bdtSOYdft0JQM1SrO5RwX2Ew6F657hMX8jFt4wkuX/zkbNQwQbY1htH3oUv9mse9QkybIjQQ2/BoQRnU16o5uorXy0P118IUEiGt0VUwKibzg5ti7GnnK0DYLoBaXb1uGQWwXliQhM0k252xkdIDMmaP8fso9I500skvUEHTBpdu0LuLEpJInwuXPnWdT4HPuo9+gdEbzc2sFoHjpCDP4kenmPBH68JS6F4b1mp/ay1LSmCTijWA52D8z/JQ==
+a.nic.flowers.		172800	IN	A	194.169.218.154
+a.nic.flowers.		172800	IN	AAAA	2001:67c:13cc:0:0:0:1:154
+b.nic.flowers.		172800	IN	A	185.24.64.154
+b.nic.flowers.		172800	IN	AAAA	2a04:2b00:13cc:0:0:0:1:154
+c.nic.flowers.		172800	IN	A	212.18.248.154
+c.nic.flowers.		172800	IN	AAAA	2a04:2b00:13ee:0:0:0:0:154
+d.nic.flowers.		172800	IN	A	212.18.249.154
+d.nic.flowers.		172800	IN	AAAA	2a04:2b00:13ff:0:0:0:0:154
+fly.			172800	IN	NS	ns-tld1.charlestonroadregistry.com.
+fly.			172800	IN	NS	ns-tld2.charlestonroadregistry.com.
+fly.			172800	IN	NS	ns-tld3.charlestonroadregistry.com.
+fly.			172800	IN	NS	ns-tld4.charlestonroadregistry.com.
+fly.			172800	IN	NS	ns-tld5.charlestonroadregistry.com.
+fly.			86400	IN	DS	65399 8 2 78E00A911E48A9109506338E1FB131C462333AA1E35C00E2F24971D28A97CBD0
+fly.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . CdnJvR9mUpQrmAJl7GlLXrIGguGbCzglt/C1VS6tz2vJU6SEs4lNUM74NuTabs01kP5weNL6w8GQ6GHyQ/TXzuJ1ghyApeh8SR70LolLJvs1DkmGSDHYcR2LJgCJVzONzsPv7z45NYpyrlfPpj+HLfndEEMwnWxU7gI5ShBfvB5Qgrr1Hgq+e2UbX2yRD7/0I9fVl9ubvlVoDiemQYYiHLovfjfuwwYXy5Rb+oi3OTbz3f+/f79WeaYwFfDF4iRJaXoDPeudXj2QSGpD31aAOE41ukhJe1oWI8ar6BuMKHOZEwPsHS2cHF3o4Ap2mnSokcwQ2xqc/8rklHE/FWbyBw==
+fly.			86400	IN	NSEC	fm. NS DS RRSIG NSEC
+fly.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . oMZxafP3Mcz0toUYG+DAD1Z+SIBFnjidf0K6fQ/sYkTRZHjMAq1kKvJi69PJY5GpWbT5DPLdnRRh/KxgJT1kGMWg9F+xttQFwkarjMt0hdjTjKrj2b//hyVtsSw7YXFiOcy1Z8x4ISiErUeqwF2viejfIpkZF7Mb2lLywjFMLVFGFqVAlRpuniCnWImR/l3qnJAe6n9i3Upbty4KwuURPgp/WaWSsxb6O2KgcdegEWg4hFshZTjPIatGbHrOLZr0N5asFxfBOGIBh2DPzsh1kUWISPKpsf1CrHjnceQQWWcm+m+qirymUx1cro8Dg9lhAXR2s9YOA8iLpf0yTiMdRw==
+fm.			172800	IN	NS	a.nic.fm.
+fm.			172800	IN	NS	b.nic.fm.
+fm.			172800	IN	NS	c.nic.fm.
+fm.			172800	IN	NS	d.nic.fm.
+fm.			172800	IN	NS	e.nic.fm.
+fm.			172800	IN	NS	f.nic.fm.
+fm.			86400	IN	DS	26186 8 2 DB3703697384A6F8B3A944A21C1A81FFD921000B23AA4241380B4BA3AA28DEA0
+fm.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . K6YfOPBThzeeluLQzy9BvWCe/Nn2oMt4yuBZqa5m3ZHqxhoNCIJsOC4OYV8gxAlHlRPppSGSbhdxbbd1oGgnOL5UmlLW19gg1N3pl7glkkOoiI8eXLuB6oAXLjWCTCfQwlMACaL7x4sEZYbDyqGU99GPb6wi590V7oZ9epzciW5yrZMoGpm1u0Ijxbteu+vKj9urfH6ATJEcXV3IQ6vQyqhLeMQI5+8qFpB3Eaf+pNJyBV+iXNWJWbJy6r9qzABJIOP4oRzuy9S6TPfwEhIRWzjpNSxNNVJyveamQF2BTFVguE0HK0ZyFccfJ2YUlQWSQWcB1+K7PvtkCW2CNAU6Ag==
+fm.			86400	IN	NSEC	fo. NS DS RRSIG NSEC
+fm.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . mY0nEgPykbKB4LH7EOMrugQvK7KXLJYyAA56ni8Tr9h9bCb89++H6Rrl+VIW4n5WYn7t+YdEqO1LNKhbwvl26N+vtDjDOJa5M/IZa33z9KPHwUy6xZNjhC861aY89IoOyzGCx30ldwye2GK5hZz2D+mn5AiUwjNk+GvtRbFgRjDQnLX/oWUECseR0HP59/t+162jHPsphP1k3dRhh/wTtBJAQUJCWkUtBXWOIlfTH9wAI6VrLuKVJhGXLWRfdRGIB+vupuZkOJ+t6RAcFA0tJLOunAglQz+g3uX83HwsBXSgkdZSkW4Yj5wexOK6NUEfHquTsP1cDDdT27o+Id5G4g==
+a.nic.fm.		172800	IN	A	194.169.218.26
+a.nic.fm.		172800	IN	AAAA	2001:67c:13cc:0:0:0:1:26
+b.nic.fm.		172800	IN	A	185.24.64.26
+b.nic.fm.		172800	IN	AAAA	2a04:2b00:13cc:0:0:0:1:26
+c.nic.fm.		172800	IN	A	212.18.248.26
+c.nic.fm.		172800	IN	AAAA	2a04:2b00:13ee:0:0:0:0:26
+d.nic.fm.		172800	IN	A	212.18.249.26
+d.nic.fm.		172800	IN	AAAA	2a04:2b00:13ff:0:0:0:0:26
+e.nic.fm.		172800	IN	A	204.61.216.137
+e.nic.fm.		172800	IN	AAAA	2001:500:14:6137:ad:0:0:1
+f.nic.fm.		172800	IN	A	206.51.254.3
+f.nic.fm.		172800	IN	AAAA	2620:171:804:ad2:0:0:0:3
+fo.			172800	IN	NS	a.nic.fo.
+fo.			172800	IN	NS	b.nic.fo.
+fo.			172800	IN	NS	c.nic.fo.
+fo.			172800	IN	NS	d.nic.fo.
+fo.			86400	IN	DS	6691 8 2 A752CEAAE4E28B4232244E5486D55889F117A15B81D3128CE7E9359F1D47A445
+fo.			86400	IN	DS	41527 8 2 6E7925D8D6F243EF35381231B955528F25087DBF3E61CC5FCBCFE72948D0470B
+fo.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . vHPlXOXRWoqJZxPQ03W2Nn9n8kNz+DfqSMRvfFxBo6XJyiL6+WuNLx3QbWj9Uav29KJr5coLgR0Iq5NCFB6NIgMynLNM7KisoO2ytSOxhCR1fYmUksm0K3D3iY5cJWYtRwW7Vxd08PnZpbtetzItAoBMJ4bvWz8byWbRYDS8xZc69Rjq9eZZWrum3USXqe0rlyAvLRgPUubEIUemacdQ/ACv3N54iW7N6MtcHPcn2d5uMVnOpC7/nQ7MYb3rA+LrqGIMrI0V2UOSC7y6XwACIKSgiymwL3L0nwCep2gJHZQkclGojHAHuh/webYwOejPMmZOv586HTMufUUfw7UQgA==
+fo.			86400	IN	NSEC	foo. NS DS RRSIG NSEC
+fo.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . lwLI16/lkuRQVBKN6KUV3UK0FLp++YtefUhM77YB5htfYIg5VQiYcxq/iAbDXQGphWeOT+AO/e71De6M3MQ5kZbn4U7TlXIhnThgaEj5H0dJyk/HTE7cxdAlTqObBy1zeqc6UuuBxZJk7YyXQvgimyLSwvgrXleVACJ9jKDx61qyXBwWsuiXuVNezvh0z7M56CG2vhfow9nZWGYVRmQbyHm4zRZT4bO8Lq2yyrKTElgB9Ys/KsEQHZ3nVSgyLljKpeX1Kh2BFfB5G8FTRbqL1f0RSyTR8+AzEqZkMCgY5pkBiXR3whMuHBKWFU+vXUbpSRSroFeR3DNBVuF1HvfWFA==
+a.nic.fo.		172800	IN	A	194.169.218.27
+a.nic.fo.		172800	IN	AAAA	2001:67c:13cc:0:0:0:1:27
+b.nic.fo.		172800	IN	A	185.24.64.27
+b.nic.fo.		172800	IN	AAAA	2a04:2b00:13cc:0:0:0:1:27
+c.nic.fo.		172800	IN	A	212.18.248.27
+c.nic.fo.		172800	IN	AAAA	2a04:2b00:13ee:0:0:0:0:27
+d.nic.fo.		172800	IN	A	212.18.249.27
+d.nic.fo.		172800	IN	AAAA	2a04:2b00:13ff:0:0:0:0:27
+foo.			172800	IN	NS	ns-tld1.charlestonroadregistry.com.
+foo.			172800	IN	NS	ns-tld2.charlestonroadregistry.com.
+foo.			172800	IN	NS	ns-tld3.charlestonroadregistry.com.
+foo.			172800	IN	NS	ns-tld4.charlestonroadregistry.com.
+foo.			172800	IN	NS	ns-tld5.charlestonroadregistry.com.
+foo.			86400	IN	DS	59840 8 2 CF97E293D4692C8085D5254B04C77780D1A217A692D5D0EEEFC7A8E282614F1C
+foo.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . sFMn1GU+qyZkM6eLKPktVFUr7zzTjgjiBpNPV82SSYk8W7SzOtG4F5QtoE08g4CKdRW2wAkLfv2xQ9hc/eNLJPskiR5n/k+HA3I+65afXotPqagYTGfa9lz2nwrxuEDxp07CgCUQhpIb7TM9pcD8QCFp6gkOQIfZ2AMJ1Ij7bPVz6QJDj2ZJHqTrPmR7c3r3h5sqj2rfVLgd5a7EeNmTMti3AlQWTWKcuWAmvIQHo1HgN3eeU393Xa3qctDAY0X5jY/ka1E9hODNPf00aVAW7QWc2FwRILbgxLszkYtaOTWG0K8vXhxP0PpR14olBUkH0Pj+XlIZ9nIGVvOaXAfFRg==
+foo.			86400	IN	NSEC	food. NS DS RRSIG NSEC
+foo.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . ghsOjsgJMbrlVNdUnzEP/Ey5gKNH/LhB0PdBajplvPPlpfSEBMNtEClLRYXRWuKDTJf8UakutxMHUDnpx4APx8U2wvb+CM80TZvVPM+bD12uerMfqeVJHgEBayEnndsFnIiULF8WOcSZiS3O2FrD84GI9ZFDjzmsHU38n5fnZsssIHqDj5RDtsjzKxqjiatvHCjLHUHoAeSxPn4k9vA+OySBfoCs7lRq0QlJn4zJjqh1T34gUAJ9XJ+I0KhoSxCnXa3brYNtSu3W9jeQwl3g6kwZBsEG0t73ixUiWMKGqvD5L0ePpH4Hmksw0/o2dVRGgCFARUszZ2ohyl0++byQlA==
+food.			172800	IN	NS	ns01.trs-dns.com.
+food.			172800	IN	NS	ns01.trs-dns.net.
+food.			172800	IN	NS	ns01.trs-dns.org.
+food.			172800	IN	NS	ns01.trs-dns.info.
+food.			86400	IN	DS	3415 8 2 CA071E56345C271F2097DEA2FD030A761869D20ACAF34540F56C26EB484A4EEA
+food.			86400	IN	DS	42180 8 2 4AA1F08B292B3835FD27B5692D0CD0C1CD0119BF1455A69506E50CDC6C47D761
+food.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . XteDI6hhejsYfRtS7JCiSLD2ypP8j2uA3dKP+Pu1Z8CJ4gF4JdHR8N+MokSK0NoT7AcLimI3K07PlG9zf+Vazii6085sI9GJD4HzBoqmlKjGQj3z4s5UpAwJ3TjyIEePwfQU96zk9YNN4DkJ4hkOKfhiIf0/1/XtOeKHGKzxe1QZAk9z9b3/1bAsTcxb5iMy3bYGFb53NaxxmUVMgEW6gVt+SBC22tmw4lKyxe5vEN8PUlkeqr8GC/Qd5uZXGe1xrkg+dTrlfJtSaat46rRXHDVJ1j1hO2A40wYRAEAssijUmFEfoC19pS5FLyy312X0cABSECsQcOzy6Bci/pFO3w==
+food.			86400	IN	NSEC	football. NS DS RRSIG NSEC
+food.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . ymM+TAlFqhSiGM8qkCvbFDXUhqLah9MVVqAcsNJaMDFITP4NawugMx9CYiLXlTRAwI7/apQM6rZQubA2tS1Rtb4R8nVW4suqYnWnuOYmAlxO3aU98r0TbvIWny2SzfX/P/uphFb11F9nr/9PtnoXtoi4vTBGUiICt7s+9NbH3NiDEDqP3XWr1TDYjwDeC+S+j1BPRRVo4EnkWTcjpN4AVtnpg0sFDGuKCITvOHf4a6VRo9hhhSC67LBHi0ShfteWHdZVcjHFlAlPekeRzdiwGPHl1GvJgnFGBHQhvNDK8qqf4VzBvBT0InRHn043v02fFVR9Ri1FOmgrMl7jdNmuSQ==
+football.		172800	IN	NS	v0n0.nic.football.
+football.		172800	IN	NS	v0n1.nic.football.
+football.		172800	IN	NS	v0n2.nic.football.
+football.		172800	IN	NS	v0n3.nic.football.
+football.		172800	IN	NS	v2n0.nic.football.
+football.		172800	IN	NS	v2n1.nic.football.
+football.		86400	IN	DS	55084 8 2 D9D70577CD1802B894946548997BBE9671ECF7AB3A6F67882064C575D19CFA50
+football.		86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . lG8RLrjXNBw7xjDg1HXo+0lGzNpYukmM+imiNML6r6LT1uYFwPg4DQTXU2whCDWvrFHB4lcix+iMfo3r6NeQmAm2xuxLe7SNl95rUko8tXnoqpsIQnvaWW7pgktPnT30/f9pqQBfPAlFJpshYIubvs7kD0LjjUNOHGpgporIruP8zZy1A8qqoJllgKMubhSLz+xjb/14YwvrtQh0kLAVTtGrwCirm0A4FEQxhR/4ylUA/HfUGTyCmtsBXfa69sP0o5fo/41aHrS+OkVFgv39qfo+ZysDemwyfrnxyTOuIe6QoWYqyZpkdcOwuvWDt6aJmLg5xVFXwxNTSeM92XeC+g==
+football.		86400	IN	NSEC	ford. NS DS RRSIG NSEC
+football.		86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . baepbdpFKapYNUEsJnSMWN9MLMzvZrzg6gU0GR7/E55FutjYfNqJXM/W6e69Fp5SHRkY0ksLCXOls+/v5viJ+eLh1ijqLkZcwQbt70rVRSFqizYFH7GvL1z2po/774+jDA3o6tYY1226HkniQcWnlvIz02tLDzeIskAeM0kqytbVG7qhMmHddPURUHpTSs4lNhlKl1i/ZY+kCW0G16s83fC5C39TMUgQhz6sGHAxZ3FXDVeIskNz4RSz3NqX0KXSSiwFBHJRAxk1qcvveth8MTzv4+EeTc7gsHg6b8hHU4u3pArAhnNugg4o5TyIsQwzCEzHGDyKjjGE52A0PlqjFg==
+v0n0.nic.football.	172800	IN	A	65.22.20.22
+v0n0.nic.football.	172800	IN	AAAA	2a01:8840:16:0:0:0:0:22
+v0n1.nic.football.	172800	IN	A	65.22.21.22
+v0n1.nic.football.	172800	IN	AAAA	2a01:8840:17:0:0:0:0:22
+v0n2.nic.football.	172800	IN	A	65.22.22.22
+v0n2.nic.football.	172800	IN	AAAA	2a01:8840:18:0:0:0:0:22
+v0n3.nic.football.	172800	IN	A	161.232.10.22
+v0n3.nic.football.	172800	IN	AAAA	2a01:8840:f4:0:0:0:0:22
+v2n0.nic.football.	172800	IN	A	65.22.23.22
+v2n0.nic.football.	172800	IN	AAAA	2a01:8840:19:0:0:0:0:22
+v2n1.nic.football.	172800	IN	A	161.232.11.22
+v2n1.nic.football.	172800	IN	AAAA	2a01:8840:f5:0:0:0:0:22
+ford.			172800	IN	NS	a.nic.ford.
+ford.			172800	IN	NS	b.nic.ford.
+ford.			172800	IN	NS	c.nic.ford.
+ford.			172800	IN	NS	ns1.dns.nic.ford.
+ford.			172800	IN	NS	ns2.dns.nic.ford.
+ford.			172800	IN	NS	ns3.dns.nic.ford.
+ford.			86400	IN	DS	31459 8 2 13DFD0C4AC2B97B1294ADA48FB4A36E5732739AFC11818B4C46FCD17E3FC13DF
+ford.			86400	IN	DS	64471 8 2 200E32097C2E1D54428766BB9E5489316AEFEC25672D34B24778F71A50E947FB
+ford.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . KlLkgShmFJafaOjpj5IHur3tlxXbsZoTqCGRcKx7d0/jodQTFPIPvV+fJZz4/W7NPcZvMVYCflbSkwtgJhaKQABUuU+up0CmQF+H9xJ0DTxMbq8eyjq+m3vlQMVGqJm/m8WCzIuKfzVgvAB2DN9ZnzOIZHs7+PUt/KD/gjct75AUsUu6L/yFLLx1qw274fwMfmHolk3ryoWgkPPMdLrnhVjybjcQLNryY7By5Xi+pv6cX5YHU1P8N9jfh/jE87ucvabCntcR+Uo81brJ/UaRSXI5iPg4q8HcJk85096J2ZZWWa7ycThUlGWHk9uhslbFBQaqLpeIWsGaz7CQoPV/sA==
+ford.			86400	IN	NSEC	forex. NS DS RRSIG NSEC
+ford.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . qhLWwhwCxJjzdmXSlnZHoreNzlqNneDTEtQV05V6bN0VT4kD2dwLx6Inrna6XJKs1GNXnmR447KRy+yWqfMd1UlGzLMm30s21UoWlEF63B5zskRbA6QW154b/5sQos30QKcyHjxYSpDM9TVELG/rqYv2FMQPy7Wg4QvZQCIkJS5MYJRY0H49G44yGHOKK8l/MpVUcfcCNSGwYCrt4eC5M4eeABrstVCj/jLzivG6r+xQkrLoOHBkWKlg/6bg5q0ziTWiI7T70oonO+G7grRkic1/D/JGVf1/NDRwQfA8h3cACaqkf13UbOon1zIIMtLOmitWnevllIZrzS9TIkehWA==
+a.nic.ford.		172800	IN	A	37.209.192.9
+a.nic.ford.		172800	IN	AAAA	2001:dcd:1:0:0:0:0:9
+b.nic.ford.		172800	IN	A	37.209.194.9
+b.nic.ford.		172800	IN	AAAA	2001:dcd:2:0:0:0:0:9
+c.nic.ford.		172800	IN	A	37.209.196.9
+c.nic.ford.		172800	IN	AAAA	2001:dcd:3:0:0:0:0:9
+ns1.dns.nic.ford.	172800	IN	A	156.154.144.62
+ns1.dns.nic.ford.	172800	IN	AAAA	2610:a1:1071:0:0:0:0:3e
+ns2.dns.nic.ford.	172800	IN	A	156.154.145.62
+ns2.dns.nic.ford.	172800	IN	AAAA	2610:a1:1072:0:0:0:0:3e
+ns3.dns.nic.ford.	172800	IN	A	156.154.159.62
+ns3.dns.nic.ford.	172800	IN	AAAA	2610:a1:1073:0:0:0:0:3e
+forex.			172800	IN	NS	v0n0.nic.forex.
+forex.			172800	IN	NS	v0n1.nic.forex.
+forex.			172800	IN	NS	v0n2.nic.forex.
+forex.			172800	IN	NS	v0n3.nic.forex.
+forex.			172800	IN	NS	v2n0.nic.forex.
+forex.			172800	IN	NS	v2n1.nic.forex.
+forex.			86400	IN	DS	37024 8 2 B76C4CB1E725CBAC7C8043A1EFE178802F19BBD47687EE2DD46BF30F626F1C08
+forex.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . rglkHe1nhb1rryZ1F3nXrjbFUDUOiwTL6sVe3gTjdqIO2TuNNnkOS2+I9xnicqMMwAoMCgyOFQnhpbGZFoN9iUfYRNVOqAfb5gGxUKFNQ7YMicAsEFznBIZsZDcXRKMJuHiqMO6JsP3f1XHVOUEElwumzL/Dk6rIVSPsotfnVPfivLiGUJdezKE9e/lt6f0K7z4piwGd6bMKr3EwLP2b89Mj9+vKdqtmUR2ALujOwYB3YjaanjtXaXyVPZnvBXqzYUxjExqJWrNPkCuJEmB/k7xh2MH1UhAmztQ7pbwHSzQjhYKjBA0Xe13PaST+14IsJLOWqEbRSjf+/48l613EhA==
+forex.			86400	IN	NSEC	forsale. NS DS RRSIG NSEC
+forex.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . eTQfQpWaV6SKNw1zwCW7B8oOgRk920pYBipbzeFs80rdXaTHeMTUalqT+X7/tqofO8nWUfelwuyAW3YCVxVPBMbS4/Do4dTN3Y1PouEI+oLck1GSS7pzb35zMTkLBQs/yCdVn8pSYmr4e5jz9GlW1SPMTaFavXKyrxoms3wvIZmkb14dzBddZaRwz2YNSmPdiLZcx1yPl1LaOalSyc0bGwXdPgf1I/9ku5DQg3tAyJMyGx3x9CCCdBfg2tYstkZWI9i0PqFY9DeXZKmhRcAli7SV2fuRLh/yBMhxa/PSQvSQ9MA3F64ZmNM/aNvj2iIfc5Rf2oEByNV54yQYbo9Qwg==
+v0n0.nic.forex.		172800	IN	A	65.22.28.65
+v0n0.nic.forex.		172800	IN	AAAA	2a01:8840:1e:0:0:0:0:65
+v0n1.nic.forex.		172800	IN	A	65.22.29.65
+v0n1.nic.forex.		172800	IN	AAAA	2a01:8840:1f:0:0:0:0:65
+v0n2.nic.forex.		172800	IN	A	65.22.30.65
+v0n2.nic.forex.		172800	IN	AAAA	2a01:8840:20:0:0:0:0:65
+v0n3.nic.forex.		172800	IN	A	161.232.14.65
+v0n3.nic.forex.		172800	IN	AAAA	2a01:8840:f8:0:0:0:0:65
+v2n0.nic.forex.		172800	IN	A	65.22.31.65
+v2n0.nic.forex.		172800	IN	AAAA	2a01:8840:21:0:0:0:0:65
+v2n1.nic.forex.		172800	IN	A	161.232.15.65
+v2n1.nic.forex.		172800	IN	AAAA	2a01:8840:f9:0:0:0:0:65
+forsale.		172800	IN	NS	v0n0.nic.forsale.
+forsale.		172800	IN	NS	v0n1.nic.forsale.
+forsale.		172800	IN	NS	v0n2.nic.forsale.
+forsale.		172800	IN	NS	v0n3.nic.forsale.
+forsale.		172800	IN	NS	v2n0.nic.forsale.
+forsale.		172800	IN	NS	v2n1.nic.forsale.
+forsale.		86400	IN	DS	57781 8 2 B782D732FE1E21301D1CF866096D3293925AB1E839FFC580591CB7FF8EF63983
+forsale.		86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . WcdewR5lpqTEMZqxNeo34GZ79Ma6sVBg7Y5rE9/6PT97Yy3hhwO14/KSL3U7fkQN+o60kuj5ZU0D1RAr1X9BPDcu04nEUd+0emYemk5CFlzv3Pa4GqWkUxQk2cjXYY8GMsSwLrvjjA8ZAR4E2ZQI05dZ8puIvxw0ijC4vXLHp3DXGjX/svz6RPiclSg4Q1Q87ohkBSFWw9HDQqL9iuMPjg7Po331XE9w49nPTdc5Bs2kpdxX8+9nqBFxT1W9tJxyyveShpT2RFG1sib8kJxDkcPE9huh4MmmlOQLnVyNisxSZF1qNRdyzvLXoOUVz5+VBbiqNApdQeC9p2Ndvn2YQg==
+forsale.		86400	IN	NSEC	forum. NS DS RRSIG NSEC
+forsale.		86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . Ub8gvvUSKcRzSZgNjjLm/8r5WgpcdF4PfWR6X8Fb2kmqEFPfn3IHdrHtZAv3yz7B9Y6X9h3qjbAlloZndBkNqOyIP9BYTe6cVGDuDv65NvnnjJsEu4tGyeOuAvSBSKuaYdaMQF2+TwAlMADXWsYH/1yEk2VlWmmp/3v+t1GRY2sz2BIll+7l2VQr14feCR5urDd7yzSdYxboEMOCpJnq09uwCD/KYWJzOdjy6HmrWXUECl8phPe+yHv0C0iyEu6cu9yItb+PYo5PETziqwEHz2mvrsWUNfdfoJhKJbLTo+fWgTzENyBqp3xn7oDvJf9o3T0C5K8YrDsJBI9ZkemFdQ==
+v0n0.nic.forsale.	172800	IN	A	65.22.32.53
+v0n0.nic.forsale.	172800	IN	AAAA	2a01:8840:22:0:0:0:0:53
+v0n1.nic.forsale.	172800	IN	A	65.22.33.53
+v0n1.nic.forsale.	172800	IN	AAAA	2a01:8840:23:0:0:0:0:53
+v0n2.nic.forsale.	172800	IN	A	65.22.34.53
+v0n2.nic.forsale.	172800	IN	AAAA	2a01:8840:24:0:0:0:0:53
+v0n3.nic.forsale.	172800	IN	A	161.232.16.53
+v0n3.nic.forsale.	172800	IN	AAAA	2a01:8840:fa:0:0:0:0:53
+v2n0.nic.forsale.	172800	IN	A	65.22.35.53
+v2n0.nic.forsale.	172800	IN	AAAA	2a01:8840:25:0:0:0:0:53
+v2n1.nic.forsale.	172800	IN	A	161.232.17.53
+v2n1.nic.forsale.	172800	IN	AAAA	2a01:8840:fb:0:0:0:0:53
+forum.			172800	IN	NS	a.nic.forum.
+forum.			172800	IN	NS	b.nic.forum.
+forum.			172800	IN	NS	c.nic.forum.
+forum.			172800	IN	NS	d.nic.forum.
+forum.			86400	IN	DS	9475 8 2 A53A95D8AB4105B83918A104F8828B1E0DDDB48C290A8EFF1960918E01EAFAE6
+forum.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . m+xQXplIubff14IAUXvQIC7qCN++k1pMZWLyX+o8VQbBWA+sENsiIZ4sUuplyaiAAEnEphPM5xEWDx1vK/dqW+V7g+ITl/f85OVPx+PH8b7FDPseTs0IHZxricLulmCAUTLQIS7jyMsY5D3atAj0QknNEa4ARVoGmY13xAdEx3/PIHRQg/O5iA32H+y0L2ZE++MaxmIv97saWNxpQ20FGbsBRNdGxIeaSMscULmUvkcAjxYFyyuF6DNkIVkmet9zKFuPaoWH99C1j/lOjEb098/dFOYTrI/+YtRmv7yS0uiTn6yq6du9vWnypb1mkgR7Wn9MQpmv5kwMWevVUyX/Wg==
+forum.			86400	IN	NSEC	foundation. NS DS RRSIG NSEC
+forum.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . mh360wDhXh/w7EvBvjt0bM4IWW/j3eEp35qaD9eQuLytMe1lJ3E33fqWNr7RdxBdgxJj3eXbq0/2a+rIQGkvZNxMbPwB1y6JfJ9NYyEKS0iab2bzPY+zcbtPcYqAbJkn/1/9FIraQ81AjYkr2VTVCtAQ7ImsNX1L4v3WTjCFm8JkacZx1r3OXaIym2T/6C6Uvyel+Y4Aby4bgGo1WgmmJqt5LKqXG/TJaK9ZB4yoJ5zZWqoJR2ytoEbneft0g3oe5835ZS4he3uG5fn/3GkRDbwJaDWEzVFyqjHVrC175VIgzWKXNmk0/liwUOhi6RnmkDDT4ksvNXnah9aK/hA6fw==
+a.nic.forum.		172800	IN	A	194.169.218.65
+a.nic.forum.		172800	IN	AAAA	2001:67c:13cc:0:0:0:1:65
+b.nic.forum.		172800	IN	A	185.24.64.65
+b.nic.forum.		172800	IN	AAAA	2a04:2b00:13cc:0:0:0:1:65
+c.nic.forum.		172800	IN	A	212.18.248.65
+c.nic.forum.		172800	IN	AAAA	2a04:2b00:13ee:0:0:0:0:65
+d.nic.forum.		172800	IN	A	212.18.249.65
+d.nic.forum.		172800	IN	AAAA	2a04:2b00:13ff:0:0:0:0:65
+foundation.		172800	IN	NS	v0n0.nic.foundation.
+foundation.		172800	IN	NS	v0n1.nic.foundation.
+foundation.		172800	IN	NS	v0n2.nic.foundation.
+foundation.		172800	IN	NS	v0n3.nic.foundation.
+foundation.		172800	IN	NS	v2n0.nic.foundation.
+foundation.		172800	IN	NS	v2n1.nic.foundation.
+foundation.		86400	IN	DS	50359 8 2 B440325C92CAB8D16072F62301B71032691FD4C5D46ED01278CF945B0F8E360B
+foundation.		86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . NdrgDboHxI8vevs2w/GSwQO6ZFMsEKavhRvm+KDJUCd/Ou9fm6/3ER9B3d9uR+9i2U0iyQt/NGbWz1PFu7Svq9gZaKI4GlzDNzM/J/uSk0vk07AQoCzLLKHHkGypyn9P0WM+/gdI6br4oM/uToxC50MaZBjqFTjh3xIlvwEX3C4/k6Ceg0lHXwABuUX/R/L29dLLmPqdscNTs7LQHa9uljKaRK/Jgh3k2RbtP4mgmRiiUDxK+F75NAXn98U4xbkUaVvXeZyq/O0rBXTGOtR1n4g+WH+xVdkLHFnNHm9VWdFWq5Hnsk3Myc6BlxG9aMHJmgTeKoDgS1o/JCVRxkvzUw==
+foundation.		86400	IN	NSEC	fox. NS DS RRSIG NSEC
+foundation.		86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . yEN/TWvMAgJIz0P1cEk6x0nvnUvxrmmUZ7CqF4GNVPXgHY8F0Xe7HIFuNuydn47Su5gyUgOIQpYkBH+i3bgLyGdCG/9ADyH7SNHkSw8NL/E3mMVe0uV0ikwyqS+YQR35oKHAcowobMpnYQF9p3suL0Rvwk88C/oRcaMmRgVV1WkuMDEvCYGR+kiOPLP0xdKYEHVRfToqRnkH6SNivhsU7eGOFwE58t3xiALM2bZL3GqOO7FIpa8p9W8KxhAYN5TVYpX3kzxKymQrQsFbV/t3TSAuXL7HisKtWYXjlQfjamdtnV6rkKLzlks5z5rZxwdfuCAOp86uWEZp0Qr2Ggq5Sw==
+v0n0.nic.foundation.	172800	IN	A	65.22.24.43
+v0n0.nic.foundation.	172800	IN	AAAA	2a01:8840:1a:0:0:0:0:43
+v0n1.nic.foundation.	172800	IN	A	65.22.25.43
+v0n1.nic.foundation.	172800	IN	AAAA	2a01:8840:1b:0:0:0:0:43
+v0n2.nic.foundation.	172800	IN	A	65.22.26.43
+v0n2.nic.foundation.	172800	IN	AAAA	2a01:8840:1c:0:0:0:0:43
+v0n3.nic.foundation.	172800	IN	A	161.232.12.43
+v0n3.nic.foundation.	172800	IN	AAAA	2a01:8840:f6:0:0:0:0:43
+v2n0.nic.foundation.	172800	IN	A	65.22.27.43
+v2n0.nic.foundation.	172800	IN	AAAA	2a01:8840:1d:0:0:0:0:43
+v2n1.nic.foundation.	172800	IN	A	161.232.13.43
+v2n1.nic.foundation.	172800	IN	AAAA	2a01:8840:f7:0:0:0:0:43
+fox.			172800	IN	NS	a.nic.fox.
+fox.			172800	IN	NS	b.nic.fox.
+fox.			172800	IN	NS	c.nic.fox.
+fox.			172800	IN	NS	ns1.dns.nic.fox.
+fox.			172800	IN	NS	ns2.dns.nic.fox.
+fox.			172800	IN	NS	ns3.dns.nic.fox.
+fox.			86400	IN	DS	17635 8 2 CE046FBC1B2DE0479BA9624F6344E0D6A22DA6BB2C776A4782BA144F36D05D33
+fox.			86400	IN	DS	31102 8 2 675C7B085143739B2C32F301858C5EE3751B58E3A9776EE2A6DDDC2C9C7A9E13
+fox.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . s2eTjHI6viCY7SH8O38FAYGxgjNR/ApOS5XkdMKZt61BwRibMbDY9G6Mhm9Pk6rNm30DwjpwYjOGROEA+jdrVhSij2xPoSF4luEpW/eKaSli+r9KK2yqXmZkCWsey/7C/Zo8l4FXIdZjChAKhugQAiODwgXKznl6hOyTXNT5qHK/mk4F9wtJ4+79BxVms3IGIVIrHXpTnPHTimrhAa51P7/9mRbCK0SL8eG3ZwX269oUU0wTnv8K611cYN8kLcQ5o6ppTauHwJ/wQKc9uvq4s5IEBNmUlsZBsxdo4/1ukKwI8kbUv9/3TwvuftUUdrB+E2V1cxDUctTIDgqjX4QBmQ==
+fox.			86400	IN	NSEC	fr. NS DS RRSIG NSEC
+fox.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . A6Ocuhq7PbvrEx9PM4ehnnLniAg0VzaWAGihj3BkGvAyK/l62dgL0IUMgaTtPIFRYpc2epZbEc9hm9EzreUKIy4ohct7bCCQxiSBbtyRkaiFC+Xop8+HPPt1OV2WEmTh+POFgeVf8RsCqeRjkxcBncxaFMVxXDLEjx21Oek/CRqmX7lSs1eHbY9Pcj+CCp6kovERSqvvOOnztUFkBd34OPeFxtaIytOgeLuReRUgn3s7frZAQIT/+6RLFTZDdJvs2k6sbg3oBp/ksesa6Zmm8NJjsHhyylpXmwl2JiVpgvfRGW+uFF5DWB7a2NJtoc/9el4XVWuj+FY/ZW6uwNM6mg==
+a.nic.fox.		172800	IN	A	37.209.192.9
+a.nic.fox.		172800	IN	AAAA	2001:dcd:1:0:0:0:0:9
+b.nic.fox.		172800	IN	A	37.209.194.9
+b.nic.fox.		172800	IN	AAAA	2001:dcd:2:0:0:0:0:9
+c.nic.fox.		172800	IN	A	37.209.196.9
+c.nic.fox.		172800	IN	AAAA	2001:dcd:3:0:0:0:0:9
+ns1.dns.nic.fox.	172800	IN	A	156.154.144.63
+ns1.dns.nic.fox.	172800	IN	AAAA	2610:a1:1071:0:0:0:0:3f
+ns2.dns.nic.fox.	172800	IN	A	156.154.145.63
+ns2.dns.nic.fox.	172800	IN	AAAA	2610:a1:1072:0:0:0:0:3f
+ns3.dns.nic.fox.	172800	IN	A	156.154.159.63
+ns3.dns.nic.fox.	172800	IN	AAAA	2610:a1:1073:0:0:0:0:3f
+fr.			172800	IN	NS	d.nic.fr.
+fr.			172800	IN	NS	e.ext.nic.fr.
+fr.			172800	IN	NS	f.ext.nic.fr.
+fr.			172800	IN	NS	g.ext.nic.fr.
+fr.			86400	IN	DS	29133 13 2 1303E8DA8FB60DB500D5BEA1EE5DC9A2BCC93DFE2FC43D346576658FECCF5749
+fr.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . Xbj94VLLISknnKFEGlGGoTZyRGIxFA0KvVS2U07j2vMBqNMh4iLfeGI0mg+Sis2531XLaBuzTDIHIB4WBxL3N7KD3LRClO/DLTnYE2pbfD2be1kjYTxFQKMhrAvIjXAH3xYf1O31aYmziYSTTnh1sWxIlaUHsBO9btqVqn+Hr+IKHyw4Iuglb7+hFiq3Ix0ABxzAS6WXr3rkWUD8p4GHeO3DrUWNqSlAIJ9ML6o5UBPVKSzETABq2BrNAfkLNYmOnca9PtKeHUaqVOD/N2cynjexYSXX69EIuulIXRIHk6b5fM+bloyJAAKPSEy/JHdLZKIcCmz1I/svvlrMePdhTw==
+fr.			86400	IN	NSEC	free. NS DS RRSIG NSEC
+fr.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . FZRMjqI6GLFNtyFys/w1sMd+qW+9A5JPUPbMdw7+yRIktid/SLCv9JNcYPHkvrp6wjqPtOHvT2FJuSjRk46uitAB7NjNEOGFuMkZKA71LRkrO4gIKXVjhRjZ7vSh+s7GnMd9RhE/Q360WNJP+6+o5F5WUD1q4iqsTXQi8hLauzE2ZfDez7i2WxfTnM98SDNgz0UFMQo91+dW5KgSGGFJ4zh/D69BA713E4syMYYxPE0UgD0xyPQhmm0UrSP92GxXc6hYPdvH0g4rLyGL+rLGYWmLilu7gHtQDd2xZigUkV1NnEA61us/p/zep5F0QYvPJ8xgE07A0u6ctbG7BPThfQ==
+ns.cocca.fr.		172800	IN	A	185.17.236.93
+ns.cocca.fr.		172800	IN	AAAA	2a03:dd40:3:0:0:0:0:93
+dns.inria.fr.		172800	IN	A	193.51.208.13
+dns-tld.ird.fr.		172800	IN	A	13.39.116.127
+d.nic.fr.		172800	IN	A	194.0.9.1
+d.nic.fr.		172800	IN	AAAA	2001:678:c:0:0:0:0:1
+e.ext.nic.fr.		172800	IN	A	193.176.144.22
+e.ext.nic.fr.		172800	IN	AAAA	2a00:d78:0:102:193:176:144:22
+f.ext.nic.fr.		172800	IN	A	194.146.106.46
+f.ext.nic.fr.		172800	IN	AAAA	2001:67c:1010:11:0:0:0:53
+g.ext.nic.fr.		172800	IN	A	194.0.36.1
+g.ext.nic.fr.		172800	IN	AAAA	2001:678:4c:0:0:0:0:1
+h.ext.nic.fr.		172800	IN	A	195.253.66.2
+h.ext.nic.fr.		172800	IN	AAAA	2a01:5b0:6:0:0:0:0:2
+ci.hosting.nic.fr.	172800	IN	A	192.134.0.49
+ci.hosting.nic.fr.	172800	IN	AAAA	2001:660:3006:1:0:0:1:1
+ns-bf.nic.fr.		172800	IN	A	194.0.9.1
+ns-bf.nic.fr.		172800	IN	AAAA	2001:678:c:0:0:0:0:1
+ns-bj.nic.fr.		172800	IN	A	194.0.9.1
+ns-bj.nic.fr.		172800	IN	AAAA	2001:678:c:0:0:0:0:1
+ns-gp.nic.fr.		172800	IN	A	194.0.9.1
+ns-gp.nic.fr.		172800	IN	AAAA	2001:678:c:0:0:0:0:1
+ns-ht.nic.fr.		172800	IN	A	194.0.9.1
+ns-ht.nic.fr.		172800	IN	AAAA	2001:678:c:0:0:0:0:1
+ns-ma.nic.fr.		172800	IN	A	194.0.9.1
+ns-ma.nic.fr.		172800	IN	AAAA	2001:678:c:0:0:0:0:1
+ns-mr.nic.fr.		172800	IN	A	194.0.9.1
+ns-mr.nic.fr.		172800	IN	AAAA	2001:678:c:0:0:0:0:1
+ns-sn.nic.fr.		172800	IN	A	194.0.9.1
+ns-sn.nic.fr.		172800	IN	AAAA	2001:678:c:0:0:0:0:1
+ns2.nic.fr.		172800	IN	A	192.93.0.4
+ns2.nic.fr.		172800	IN	AAAA	2001:660:3005:1:0:0:1:2
+ns3.nic.fr.		172800	IN	A	192.134.0.49
+ns3.nic.fr.		172800	IN	AAAA	2001:660:3006:1:0:0:1:1
+bow.rain.fr.		172800	IN	A	194.51.3.49
+free.			172800	IN	NS	dns1.nic.free.
+free.			172800	IN	NS	dns2.nic.free.
+free.			172800	IN	NS	dns3.nic.free.
+free.			172800	IN	NS	dns4.nic.free.
+free.			172800	IN	NS	dnsa.nic.free.
+free.			172800	IN	NS	dnsb.nic.free.
+free.			172800	IN	NS	dnsc.nic.free.
+free.			172800	IN	NS	dnsd.nic.free.
+free.			86400	IN	DS	24446 8 2 04DE92A2CCFBB31F3FE8B80A9E1C03B604062BB5726B1FE18D95C62F3CB8A26C
+free.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . olMpYoNgEmXUutdWaJH5n0HKGYnjTP4bim2NjEYjYLJ13l+EkpCh0FHpj51jHk3GE4HN2nvbkIZbMdK31mTN+aGFDymrHTf4Zyhs4x++LCCiNlTxOSCc5lJRdgdGllM2LuIX1Gvc13w/8NJZ59xLB/B7p6xADyvutcxdOtlFC6PqBF6vCm8dRI4omkm5D+ICuounas4lvs+N5WbTj5oOiQmNf6pAXdg2/JUYkLkYcRvJ0QIYzbcWVSemkOaBGujewajjWBWTTFBVn2Zl0oJ1Ar+Ovgpqoy9iyxP2qg5nLSDm428/RdxVcWNrWHWoeUMQ19nvmEZQ68B30vReigfxdQ==
+free.			86400	IN	NSEC	fresenius. NS DS RRSIG NSEC
+free.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . LZVLWPi4whJAD8pRFrjknYt5rbUdfAhdrH6+Mr2iaVSvnnbhjW84oCW27Z9gykyWOelLvEb/RykJsKXyW8k945xFfEJ9+wQZQ4ENs/PZUYukPNOLLI0Dx7+pZz2ZpoY4iCh2dnBaekMEFiAoKH5Kwi5LCGPOqHaJRFjfiEpftr5Oy11rHL4dXjZp36CSgfnb1uBKQbXUkpKl668HYCFv01jfqGG+rbajMEAwI54bsXp1lRw3WmDJTE2CjRH9vWCUhoBTcP0tdGVEZptxfbvJK1ABTcJvIqbDXprf7bdq6nBCINYUJo0KD7uRJ7LN5Fvb4Ab+KHvxMnnE7YGgyjtEWg==
+dns1.nic.free.		172800	IN	A	213.248.218.67
+dns1.nic.free.		172800	IN	AAAA	2a01:618:402:0:0:0:0:67
+dns2.nic.free.		172800	IN	A	103.49.82.67
+dns2.nic.free.		172800	IN	AAAA	2401:fd80:402:0:0:0:0:67
+dns3.nic.free.		172800	IN	A	213.248.222.67
+dns3.nic.free.		172800	IN	AAAA	2a01:618:406:0:0:0:0:67
+dns4.nic.free.		172800	IN	A	43.230.50.67
+dns4.nic.free.		172800	IN	AAAA	2401:fd80:406:0:0:0:0:67
+dnsa.nic.free.		172800	IN	A	156.154.100.3
+dnsa.nic.free.		172800	IN	AAAA	2001:502:ad09:0:0:0:0:3
+dnsb.nic.free.		172800	IN	A	156.154.101.3
+dnsb.nic.free.		172800	IN	AAAA	2001:502:2eda:0:0:0:0:3
+dnsc.nic.free.		172800	IN	A	156.154.102.3
+dnsc.nic.free.		172800	IN	AAAA	2610:a1:1009:0:0:0:0:3
+dnsd.nic.free.		172800	IN	A	156.154.103.3
+dnsd.nic.free.		172800	IN	AAAA	2610:a1:1010:0:0:0:0:3
+fresenius.		172800	IN	NS	a.nic.fresenius.
+fresenius.		172800	IN	NS	b.nic.fresenius.
+fresenius.		172800	IN	NS	c.nic.fresenius.
+fresenius.		172800	IN	NS	d.nic.fresenius.
+fresenius.		86400	IN	DS	14099 8 2 3A1C09D9328367D2077AA1418DACAB1E9799C6E419409C35416ED57AD0D61DD2
+fresenius.		86400	IN	DS	43201 8 2 B8B450BA7043973A3F43E9E8A70FAC6A6B979838254E439553F17F403D24425E
+fresenius.		86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . P2PkQoywtlZBRjOuRClYW/WxJiA96ydP1wKltdCBtXQWIwNjbq1MGULE26KQ6KgoFFEfFAwGlWusg/ln+x3iEaxV6CxvUcbrWBQUl2oCYyZOr6x1EEvvGFBieJsRjiUSVY0rH3TepwX5C4QBGeAnltw4hcFdZnqbQ/DAQPY71L6X2vWVKgOSU7siBp2q7qihaNOgLQ/QByBweciqlxw4tRPEFWruqjFM0mdvNBGBTsAxR4sLbXHY9MJIxg4eeJagcg8PJAtI87uKoT7eJYYipTvd2Ow+3Z7EMyxdv5rPcT3AvhD5heaLKRd6gIYhva3jOTyyqqydQKa8LLHee+ceLw==
+fresenius.		86400	IN	NSEC	frl. NS DS RRSIG NSEC
+fresenius.		86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . rtrG4rlEHtlkBZnZKnybPc4vSM24s8G1pWlnx3kv6F/15V96jsf4Ic6oztpobLMRyGJWYXU2BHtSNbVpwbADw31wutzb1NUBKDOZEautWSJ13uKjuqSYEUJvjUFUUp47pTDXrK4B612hEyvSW1IHSdJVgky1oyba5YGzzckMrzKqxsm61GKrjZdiMfB1IsA5tRSv8I/P6nE6L0QUMS0jKGza0yGzcKjVBLw5rvVYnB7uCIldYTH+ESORvR+oEj8q7R/j6G004YKfLG264wXdYjm09LT1RshhYig4YZv1GN2rUZohVUdvgLvVWUaYGsIuTq8aN+otDQ9afwB99S5LuA==
+a.nic.fresenius.	172800	IN	A	194.169.218.86
+a.nic.fresenius.	172800	IN	AAAA	2001:67c:13cc:0:0:0:1:86
+b.nic.fresenius.	172800	IN	A	185.24.64.86
+b.nic.fresenius.	172800	IN	AAAA	2a04:2b00:13cc:0:0:0:1:86
+c.nic.fresenius.	172800	IN	A	212.18.248.86
+c.nic.fresenius.	172800	IN	AAAA	2a04:2b00:13ee:0:0:0:0:86
+d.nic.fresenius.	172800	IN	A	212.18.249.86
+d.nic.fresenius.	172800	IN	AAAA	2a04:2b00:13ff:0:0:0:0:86
+frl.			172800	IN	NS	a.nic.frl.
+frl.			172800	IN	NS	b.nic.frl.
+frl.			172800	IN	NS	c.nic.frl.
+frl.			172800	IN	NS	d.nic.frl.
+frl.			86400	IN	DS	16639 13 2 D3CCC215301C0738FC3B1AA14DEB7602421FF42D3889BD15D018EE2212373D38
+frl.			86400	IN	DS	46635 13 2 7564B5A11E4AED3DCF92F5D40B75A3089D7EB5E0DC97C4B467218E6B6E9E95C0
+frl.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . Y4jWfEEBwdH+HmQN8AI25FuvHqWEiZbhJ6wfXptNejPyjBbCfagr7dWwrs2GWJwknXgocQooZ53l7BfiGwNXNi/9PmkC6aQjN8Cd8K1/4N/vJj8HOd8ZzPEnyOpFBtBo0a1UvKSyMPFhKdPe7+UOMJruYQxNQc+uVqDpKleMt9hllS+q9mDZHAqnWHWf68yo0Wrrsm4ATHzTp+Z+T/olgdQI5oJCOgJZjuXBDj7F8yUYx3Qm06r0PTJ4A/2iTHugDEia5XU7tFJRR7wEGsSMpErWuyUrvT3UVm5delnpXEJ+Y3v4zkxGEYcm0qc5rDxPXGXzvUGwQ97SLxVCmAQa+A==
+frl.			86400	IN	NSEC	frogans. NS DS RRSIG NSEC
+frl.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . HiDpAoKEp2IAZKCxlhxp9cmwXHnPf501ejsvOFyZHQXCIDWG12AEdtF0F21c31rsYW+fhOzi82P/yPCytbsiaEELM2JhocJ/399t7rfPxTSp08tn+uMOwjvV0MONxfynobDg7i5O4O+h8E0xZjHx3TmuROivHSbXPTSZ938lsf/tSR0tKqwduXCSFLYbgQqnmDkMV3S1kw22BJLZSDE96066f2NnyDzOSOwXA6MwZBpQtMPfm5XazphFZCGMdSljODgqhLJR3rkLy8QIrX4ehEwxk/zyMrR0VFjcRF2UW5zFq0mKlBGqMOV6qFJiI/7E1QzA7Yc+aH0AA7E5+3LMoA==
+a.nic.frl.		172800	IN	A	194.169.218.87
+a.nic.frl.		172800	IN	AAAA	2001:67c:13cc:0:0:0:1:87
+b.nic.frl.		172800	IN	A	185.24.64.87
+b.nic.frl.		172800	IN	AAAA	2a04:2b00:13cc:0:0:0:1:87
+c.nic.frl.		172800	IN	A	212.18.248.87
+c.nic.frl.		172800	IN	AAAA	2a04:2b00:13ee:0:0:0:0:87
+d.nic.frl.		172800	IN	A	212.18.249.87
+d.nic.frl.		172800	IN	AAAA	2a04:2b00:13ff:0:0:0:0:87
+frogans.		172800	IN	NS	a0.nic.frogans.
+frogans.		172800	IN	NS	a2.nic.frogans.
+frogans.		172800	IN	NS	b0.nic.frogans.
+frogans.		172800	IN	NS	c0.nic.frogans.
+frogans.		86400	IN	DS	44230 8 2 50F935219610318D526521F0E31C70705B462BDE2C9FDBA142969B27207B3B7F
+frogans.		86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . Sst+MegT2sj2u9zJ7BuErC65/7k3G2uSU2oHbZWKOjVoX3Zh1KozYTF32Dwim8YqWBYVMePWW3uIzUthvt0uH3Nqdr4E0LcWrTaxQ1slHFCQhbeyZVbQA58f3ZobVRRBQQInHTBOXFL9J7+U4LxG+/JAfhFrq4VnwLtI4Gf6jC2w+kytD2KnSmbHrABIF4h1+WpNNymWHARRvMHUZIRGzR0uKRETPpHaXqlhFy1OI7bAjTRBfByO+ULvnSB7WYfyYPWKCZZ98FW0Eao5Hk/Ma1PfJ5fTZ6FK/VyOo3BAifgGyhA5Z1jI9RRwYB9fHaWBnMEnnKgpz8Br4LsvbIHGWA==
+frogans.		86400	IN	NSEC	frontier. NS DS RRSIG NSEC
+frogans.		86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . gdz8xS4KD7yUzQIQGU1W+EVutuXuyUA/UMkO/Zxhz9fpE3aP3+112HFXYE+liZp3ITbnqYVW/76snnnRubi6VrJpcGhJBQRFHNW6CiQDStULquJUfCcL48gjjH8hgJm5tNuAeQ1CmuXD0qyWtZ2nqFSx09tMRcGwBxCE58wNsF3x9fn1GfbpgPSpqDJxtUuG1+Q6xtfzPIVZ987JWrHaTDZlrWop6g+Y/EJD1wnGxAob5a7EmqzVXImCD0CwRMDmiIhsuaJ6PrvnBw89spyu85R6kyFKKs3/Vwthic/Xq9/mk1yQv1Uu9GNeDQZlCyQDscZmQlL59y3CxDXIePusTQ==
+a0.nic.frogans.		172800	IN	A	65.22.188.1
+a0.nic.frogans.		172800	IN	AAAA	2a01:8840:b6:0:0:0:0:1
+a2.nic.frogans.		172800	IN	A	65.22.191.1
+a2.nic.frogans.		172800	IN	AAAA	2a01:8840:b9:0:0:0:0:1
+b0.nic.frogans.		172800	IN	A	65.22.189.1
+b0.nic.frogans.		172800	IN	AAAA	2a01:8840:b7:0:0:0:0:1
+c0.nic.frogans.		172800	IN	A	65.22.190.1
+c0.nic.frogans.		172800	IN	AAAA	2a01:8840:b8:0:0:0:0:1
+frontier.		172800	IN	NS	a.nic.frontier.
+frontier.		172800	IN	NS	b.nic.frontier.
+frontier.		172800	IN	NS	c.nic.frontier.
+frontier.		172800	IN	NS	ns1.dns.nic.frontier.
+frontier.		172800	IN	NS	ns2.dns.nic.frontier.
+frontier.		172800	IN	NS	ns3.dns.nic.frontier.
+frontier.		86400	IN	DS	32674 8 2 43ABF7B723073B5ADB567BC9095EAFC64367D702C7818DFD97B7C293EAB0B4B1
+frontier.		86400	IN	DS	50689 8 2 B81514D86B0AE37D16A0676680B70B9C714036DE9993AFB8D38FDBC6879A0062
+frontier.		86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . oQQzHR4VDrPABLj/zHhyIQOVrzbY2cywr/k/5djSX4YkM+3pLX5cKqysE9TZE1qdNjdlGxIwUgAOVt+Y4/MrvR/cSEk20Z4yR7CuNeYM5hRPjLaqPq9QQxvx8vDYfPTRqgKjlUcRxHlfqTTbdqFVP1lDYuL0/pBKvSMrYYDAfsSodreTafs6ee1qIZG9omgCaNKWUzebYmRmK6WgDlEZl2gz0QRUSJJk/mIGIq65uMwJudQfRpA9AR0YkYRkqSmdanK3oE22s/TQoUxHLt75fRlQsP5u3SX9DG2jPAMfqhUpD9J1GalXowq6a7Ehuur2fo1zTXMy+Q/KBRVLTBkI9w==
+frontier.		86400	IN	NSEC	ftr. NS DS RRSIG NSEC
+frontier.		86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . RphKLlCSpurnKm0+vaMEglJV6QVP1jlVh4oLKo5KjUt+3WQKOerpeoiNVwAkuQg5goJZ4GabxfyQbxF2qGOBXdy9BFSTUTBmEF65ZYm7ZJcUmfLv9RqSfIDd2rPr+98jDHiZhscCG6akcJt2t5Vrd+XWIXWI8/ryf2f9F6YEZb/VSU7AzOqZP4lMNMNLHL1JcLlnJ7fBTxN6RSI8U9dk8GgpMiF7OpmjdtgF8K+/LZUWKL9MuY7QedHee+4zW7lW5VS9Tzj3ZMZ0DPZnJ6L0Lm1GZYrAxTO9q1cG2aIAiK8uzCSWOzkVAYCADPhmFw+W8nNOMJU8gUzrHUysBX9U0A==
+a.nic.frontier.		172800	IN	A	37.209.192.9
+a.nic.frontier.		172800	IN	AAAA	2001:dcd:1:0:0:0:0:9
+b.nic.frontier.		172800	IN	A	37.209.194.9
+b.nic.frontier.		172800	IN	AAAA	2001:dcd:2:0:0:0:0:9
+c.nic.frontier.		172800	IN	A	37.209.196.9
+c.nic.frontier.		172800	IN	AAAA	2001:dcd:3:0:0:0:0:9
+ns1.dns.nic.frontier.	172800	IN	A	156.154.144.64
+ns1.dns.nic.frontier.	172800	IN	AAAA	2610:a1:1071:0:0:0:0:40
+ns2.dns.nic.frontier.	172800	IN	A	156.154.145.64
+ns2.dns.nic.frontier.	172800	IN	AAAA	2610:a1:1072:0:0:0:0:40
+ns3.dns.nic.frontier.	172800	IN	A	156.154.159.64
+ns3.dns.nic.frontier.	172800	IN	AAAA	2610:a1:1073:0:0:0:0:40
+ftr.			172800	IN	NS	a.nic.ftr.
+ftr.			172800	IN	NS	b.nic.ftr.
+ftr.			172800	IN	NS	c.nic.ftr.
+ftr.			172800	IN	NS	ns1.dns.nic.ftr.
+ftr.			172800	IN	NS	ns2.dns.nic.ftr.
+ftr.			172800	IN	NS	ns3.dns.nic.ftr.
+ftr.			86400	IN	DS	26692 8 2 BEA8F6F61998570B7DC8D85B43487908E8CF2FA560E7255953E7FCBE29A80209
+ftr.			86400	IN	DS	44104 8 2 42ECBFDD47BC85333FB13850757D18493116ECABDC33EB40CA70D7CB952D9D52
+ftr.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . T6E4Qtq0YGZKY1ccyt5npUjRGnAglg+xkNLCl724qCndYj9MJaHzqmfK0zoT5iTe5hLJxGVuqaBjZCsgP5vz7GdBX+iyO9l9vpbGKMaaWWzPnyyzk2bNwe7iyyiTqcp+GZlzoa8GAbQcXKZv9eWynglC9UwNs82bVxHBjC+OT0ZScfbdq8Y7khEcKJGqCkncmUp4IgAnzJhcHapJW9gjdnC59BOx+DDeu6HgG8wtcT5+p9X5mIZNwmZ93cLexEovUTdrgZuWpfa4fdpetkn/fNo5pGmEJMFM7wU2Gg0E34pTmn5JtNaAk8tZKJHYaE6nKxzbGfEFjlNEQI+ikQ4LpQ==
+ftr.			86400	IN	NSEC	fujitsu. NS DS RRSIG NSEC
+ftr.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . K3RBuiZh2032NILec7uTVqNuX0pLDeIq8UyhzeD7QzTabWOncoj6vtaWiU14OpvJN4YJDRKrqlqrCdRFl15TjEy0uCvR8oazQT5gOgPgAZPx3IoyuqD3bU8RoEIlctqHut9Cv5QxQFOCPdBKlsTrvAns0z7dIVQk8e/lmzPlEhnWQ1acECTEmxt3gCyJrgfhxy1HxPJhMC4jiHEbMJGEf9c0waW9He1AmFN8kMijH/35Ppwh+I53t7Rjr0CodmArh4RVxCHzLMbW3ymv+UNFVsxbHtgTigcYY+8xZvqOcM8VQK77riVAl39ACgv6aJJlGYXrX65BMhMvcAUZ3Q/CFw==
+a.nic.ftr.		172800	IN	A	37.209.192.9
+a.nic.ftr.		172800	IN	AAAA	2001:dcd:1:0:0:0:0:9
+b.nic.ftr.		172800	IN	A	37.209.194.9
+b.nic.ftr.		172800	IN	AAAA	2001:dcd:2:0:0:0:0:9
+c.nic.ftr.		172800	IN	A	37.209.196.9
+c.nic.ftr.		172800	IN	AAAA	2001:dcd:3:0:0:0:0:9
+ns1.dns.nic.ftr.	172800	IN	A	156.154.144.65
+ns1.dns.nic.ftr.	172800	IN	AAAA	2610:a1:1071:0:0:0:0:41
+ns2.dns.nic.ftr.	172800	IN	A	156.154.145.65
+ns2.dns.nic.ftr.	172800	IN	AAAA	2610:a1:1072:0:0:0:0:41
+ns3.dns.nic.ftr.	172800	IN	A	156.154.159.65
+ns3.dns.nic.ftr.	172800	IN	AAAA	2610:a1:1073:0:0:0:0:41
+fujitsu.		172800	IN	NS	a.gmoregistry.net.
+fujitsu.		172800	IN	NS	b.gmoregistry.net.
+fujitsu.		172800	IN	NS	k.gmoregistry.net.
+fujitsu.		172800	IN	NS	l.gmoregistry.net.
+fujitsu.		86400	IN	DS	38612 8 2 B04465DAFDF63B8C89EF0BAEFD4C6E602C6AC778794F8F196941169BA669DB4B
+fujitsu.		86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . Mcix5whDmWI+X9FtftruLnCSiYcgO+fm8N4Sd4sSOrii8fM15WqCGwFLFLW4Lr1Gf9ZDN944tJ4EPmKl9vtuRNqWcLrEqPKwQy3zBe9pxqNnGDIeDG4Uk0mHyXC0Lbg0AJw/HmYO2rDihSdoOCU8se0/YN8A0UD7Sqiv97Mh7Bs5IVVTvhe/DfOUevTggxzENX0GIqWltiPlWeIeq/z39zCA36brvlNIaJg73RlWRcdXvmqsHBcZrLx7le+sOURv6hrzHl+m+oOYinbmMfVHWCohnMdR57NEYrTOf9VQYVdVA+ST24a3L9nVgZUVWpl9kmPRUYOEc3Q8CpcB3bCmzQ==
+fujitsu.		86400	IN	NSEC	fun. NS DS RRSIG NSEC
+fujitsu.		86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . UgV6bBOPgjatiaTC/WcecMMLlkfXA12G2pkmtuVuvsPBhFe95FIMXd5F++Ba7XP74LPvLDOTOP1Yn7E/oFn3heRyRyyzxLjWswqf+Vk7Kohgn4NAEGkFFh9oz0fW3ObxMIK91NEBGdZse6wZX49VOU9mKEhqQjQgP9d/QrT04Ebb+btJiY4dMaex5ppy7IZ2flszUil6iSgs05W2KIWle6Uz8N5vCdGozUNmvtoF7mUdbxrlI+97oTMMgsVbf+msUYj3+plmanGOMt9Nw+zKftiO8hPmiC9jtjEAq0WiPJyb1VT7oeA+EKg6szNiR9zj0QJF5+1FDxqSaO//xYvkpw==
+fun.			172800	IN	NS	a.nic.fun.
+fun.			172800	IN	NS	b.nic.fun.
+fun.			172800	IN	NS	e.nic.fun.
+fun.			172800	IN	NS	f.nic.fun.
+fun.			86400	IN	DS	4594 8 1 E256D68D24212DD3355F3AE897504E47F847579C
+fun.			86400	IN	DS	4594 8 2 58D070A391A5808DA071DE7234C293B2A4A32006F1FF152CCAC45E2EE66C3891
+fun.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . JIpFePdx556o5CQPRdnu7Gr/dl+HOI40K2VJ1t4rHiwSenLL9rgRrTmIaNHiRhQKHn9KQJa5X7zXsPG7Pn4t0hpOuGV5hGPbHAtu+8fITmXRiJhESdirt/0Evtpf7v/gepMj4lLl08j5Ih9iR3DEUACrQG1C+jL3sqSUnj/UH5GLvMt2E6ebWzAZCik/4Gi8+BN6BoPg1Dw/pSt/7ZUMx3g3+D2JFpW24vOHqayQf3KnuqjOGhC1nn5OTH4EZvnwRtL0RLuW+Nw8PCe98MsGNDCiQVOHKgFn/EV6IaVDuJNKtAZHkDfj88DhxsGDWCOGHgGbsYW1AVoPMNihNqmaHQ==
+fun.			86400	IN	NSEC	fund. NS DS RRSIG NSEC
+fun.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . fhc12RHgl9hzEeDlGWvEUEpnH6LJjkY1RN5eGhde3keI2JvM/3UI/JUV7HIU5ocT6FChhnqVE+Jk2uaSgGWYILdVgrtATEFq96fgNGlBFRPfYQjJnIXcKpo5anQ1R66o0QI2AEIWQsYxikAimw1GHytf3W3tFdEUVlXUEM9pLD1siubHl6yl/9nS/Ug88Dm+Z9XZAl1XmqArd/hbLTXKmNPrP2yE523nwQVyh5MNlcqPXrhrQc/tFqvzIPhGtIt5jk0NcdhoVPlBUogjlWxDjWlpn/BD2ewppSHsG/v6ZumRQZXLKs1D6GndxDRtY6zmZS+2Bd069SG9sx35wuZEWA==
+a.nic.fun.		172800	IN	A	194.169.218.72
+a.nic.fun.		172800	IN	AAAA	2001:67c:13cc:0:0:0:1:72
+b.nic.fun.		172800	IN	A	185.24.64.72
+b.nic.fun.		172800	IN	AAAA	2a04:2b00:13cc:0:0:0:1:72
+e.nic.fun.		172800	IN	A	212.18.248.72
+e.nic.fun.		172800	IN	AAAA	2a04:2b00:13ee:0:0:0:0:72
+f.nic.fun.		172800	IN	A	212.18.249.72
+f.nic.fun.		172800	IN	AAAA	2a04:2b00:13ff:0:0:0:0:72
+fund.			172800	IN	NS	v0n0.nic.fund.
+fund.			172800	IN	NS	v0n1.nic.fund.
+fund.			172800	IN	NS	v0n2.nic.fund.
+fund.			172800	IN	NS	v0n3.nic.fund.
+fund.			172800	IN	NS	v2n0.nic.fund.
+fund.			172800	IN	NS	v2n1.nic.fund.
+fund.			86400	IN	DS	58270 8 2 987CF39F13D83606711047D4D88B8283BD49BED69BA378B2106C7ED6B33D2527
+fund.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . yOeWv4nKWvg3p3oTiw5oMis/k97RmkDuFUokzREt7ixZBQyENIZZ5Py0lzIhxPgRnNPj9F3XwocL0G3aO/OvKDaXA5D0u/Ez0xX5+VLJ9qxlWPHC2lX6HFc65Kdb2hEoXpEMJBerdLPmmdf1pNTkHqrKGetlrADK5leYfFWcq46n1sT7VUT2jy68WLEfsNNF2BLfBG2GNNGWbLkgmeOFVFx7vouZxA0EQ/mOZPUVVLEuFF1wJQcyRlJl4xD/Dy1Md3r3sE5kA+ANRGxJYF4NZ//l0r0oCE4SP7qDBlSAdpsk+wRe1H81BgT55Vsj+3ZxbpkLc3+9Ols+5KI/OcvN7w==
+fund.			86400	IN	NSEC	furniture. NS DS RRSIG NSEC
+fund.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . m2dSsljFAJ+DqyS6i2vcxM8oTETaVYWB1stGirvpE3c7tRIaAl9cdXed3t+68/88z4UJnv/AACl06ru/m1ka0STZatJdVBX4T0QM44Ak5MtgLShoTtY7IKxX+SlzBivmjb8dMRrHcw6IJHojE6/6hyskwdvolzyeG/jSB6aRF+ZC1jP+tRAzuawBeTuUMetaCfYQglOUqb3IOECzPOTY3g60QCPOps31QfGX6I0zjLkPoeG0OLSKF1kyIMMvgcJdSmBR4rZlInauSEPuAoolBbxRuPf6Au33Ey+BCMyqzIpYc4rKtXJblpsWU4f7emLyXw5OraYtcIxnSgga5T/7ew==
+v0n0.nic.fund.		172800	IN	A	65.22.20.45
+v0n0.nic.fund.		172800	IN	AAAA	2a01:8840:16:0:0:0:0:45
+v0n1.nic.fund.		172800	IN	A	65.22.21.45
+v0n1.nic.fund.		172800	IN	AAAA	2a01:8840:17:0:0:0:0:45
+v0n2.nic.fund.		172800	IN	A	65.22.22.45
+v0n2.nic.fund.		172800	IN	AAAA	2a01:8840:18:0:0:0:0:45
+v0n3.nic.fund.		172800	IN	A	161.232.10.45
+v0n3.nic.fund.		172800	IN	AAAA	2a01:8840:f4:0:0:0:0:45
+v2n0.nic.fund.		172800	IN	A	65.22.23.45
+v2n0.nic.fund.		172800	IN	AAAA	2a01:8840:19:0:0:0:0:45
+v2n1.nic.fund.		172800	IN	A	161.232.11.45
+v2n1.nic.fund.		172800	IN	AAAA	2a01:8840:f5:0:0:0:0:45
+furniture.		172800	IN	NS	v0n0.nic.furniture.
+furniture.		172800	IN	NS	v0n1.nic.furniture.
+furniture.		172800	IN	NS	v0n2.nic.furniture.
+furniture.		172800	IN	NS	v0n3.nic.furniture.
+furniture.		172800	IN	NS	v2n0.nic.furniture.
+furniture.		172800	IN	NS	v2n1.nic.furniture.
+furniture.		86400	IN	DS	2821 8 2 F50E41782D45C0C945289178E73F62D5C2FCB56CBA05BDC5988EBB0D5D46F07B
+furniture.		86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . f7228+bd2xloPVprKQML4M6bSiZkbHIEZJpc1A+mqYLnl6Y+C2fo6kFwbIWvI04leloRXOc1xOd333+FAmXxZG/E27I20AZAo5N4uwjlRnlZ4SJPJzPGHtRAX1M9FydCYjQh2KSWAHcEPSkkVcmf0FDYGF2Bj/mPaWVhUciIkXp3C91OBDaDW9FcNoOpYpJVF7XI8flEabGPHFtL8JQ9jY+l2i5lZ5W09vFYBlmbnG8NfNvXH5whzTHgCr26Dg5RBmGbz1tP56lzOk3e1FcfNO22GgJ7WHK9k/HPVsYCjwp2JcD2vxzEye17G5SwMH7iuaLHfxDq82psj5mhz1QJPA==
+furniture.		86400	IN	NSEC	futbol. NS DS RRSIG NSEC
+furniture.		86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . nASnEEw1+rHnU6pd+Vx5GKKjoeM7k6N173LDPco1yx1NQLF5alSWE7Mgr+3siLDID3S/Eqqu7T2l2/Bk9hpFWiFJFjG1ve20RxXpKjpD+EXYelR4/HcQj92oRsj6AzpYguGbT5TovpcoU5B7KzbVLYuNYYzioxAbAXt42WRA5D+rX/AyUgMTP/mIk/yOegD6eQNZU/B2XSpNm6Exb8b95MSc7t8pFYGOIki+/DRkan6zXs9j0Up6ABIm+KRRfVWU8O9TrfCyiSn86ZGmX78JMduoRZhC/QCaJjuEzX9EmbjS7J/z9wLtIiT4RjdRHaJjoxbbzB5yNTiAipQsUII8ig==
+v0n0.nic.furniture.	172800	IN	A	65.22.32.59
+v0n0.nic.furniture.	172800	IN	AAAA	2a01:8840:22:0:0:0:0:59
+v0n1.nic.furniture.	172800	IN	A	65.22.33.59
+v0n1.nic.furniture.	172800	IN	AAAA	2a01:8840:23:0:0:0:0:59
+v0n2.nic.furniture.	172800	IN	A	65.22.34.59
+v0n2.nic.furniture.	172800	IN	AAAA	2a01:8840:24:0:0:0:0:59
+v0n3.nic.furniture.	172800	IN	A	161.232.16.59
+v0n3.nic.furniture.	172800	IN	AAAA	2a01:8840:fa:0:0:0:0:59
+v2n0.nic.furniture.	172800	IN	A	65.22.35.59
+v2n0.nic.furniture.	172800	IN	AAAA	2a01:8840:25:0:0:0:0:59
+v2n1.nic.furniture.	172800	IN	A	161.232.17.59
+v2n1.nic.furniture.	172800	IN	AAAA	2a01:8840:fb:0:0:0:0:59
+futbol.			172800	IN	NS	v0n0.nic.futbol.
+futbol.			172800	IN	NS	v0n1.nic.futbol.
+futbol.			172800	IN	NS	v0n2.nic.futbol.
+futbol.			172800	IN	NS	v0n3.nic.futbol.
+futbol.			172800	IN	NS	v2n0.nic.futbol.
+futbol.			172800	IN	NS	v2n1.nic.futbol.
+futbol.			86400	IN	DS	56971 8 2 BE9582AD283374F983057455CF2068505A0E6BD69DDD89EA2A3EA74F380E2AE1
+futbol.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . A4DSy5lkQSu5ju7O2bei1+4I6zRBzetkSDJcYs4XjGiqBWUdc0TXs2gPsbiAsmjrNUNSCZAQynXBoaal6aKDFIWpt/5ZpUu3E5lMXIbj3Om+v39mdEUol8YxYr0zQLDBOuVqYtRal0CHYL/KKyI2htiEfAcalBoamOrdgUNm75T4yELx7DhoenJ9gUXD+FVAZ1ohHXmQ9lNi/EwqKferGA+bD/in/WsmrRL7P7VoULHGuVr5BqNEe6E6+f+QMO1/qFzgRZnjR23ygS6V0EMEG0cahdQ2LdqycW9FLWn5yNEJPWfo9ORB2hGjtPOM2RyIJWKlguSGeh0mnQSo5W9Ycg==
+futbol.			86400	IN	NSEC	fyi. NS DS RRSIG NSEC
+futbol.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . Gaoxg3hPMpK9d/BE1Nu4/IyhQHNflA1OBvMdbaTLh7IWZU8R+V5+QmlKh+0bZWqt3tsleoOBIXqbTN1Lejlr4+YopyiQx4iS3PSiN1VzLmX/Q0Q+rctc/KFyk2sEPJyxxrczyJxbysCPsXJmn310mbdBfrTTiFNzj5subSaAVQ+FsKlep/0cznSMw1QpyIDvTT/qvDaYL1TWbVLyck5m0nT1aITtFoCcbX3Rm6Poh798//pPIcDnZkN/RDxWPuY7g7uk1Hw5dSynDk6GgYogUE6x7+h8Wbac7qtZP1u1JIDXvFEMQ/AoqVgDtTeXMNRPaNoCVRojUyoq7oPcfLqgFA==
+v0n0.nic.futbol.	172800	IN	A	65.22.28.60
+v0n0.nic.futbol.	172800	IN	AAAA	2a01:8840:1e:0:0:0:0:60
+v0n1.nic.futbol.	172800	IN	A	65.22.29.60
+v0n1.nic.futbol.	172800	IN	AAAA	2a01:8840:1f:0:0:0:0:60
+v0n2.nic.futbol.	172800	IN	A	65.22.30.60
+v0n2.nic.futbol.	172800	IN	AAAA	2a01:8840:20:0:0:0:0:60
+v0n3.nic.futbol.	172800	IN	A	161.232.14.60
+v0n3.nic.futbol.	172800	IN	AAAA	2a01:8840:f8:0:0:0:0:60
+v2n0.nic.futbol.	172800	IN	A	65.22.31.60
+v2n0.nic.futbol.	172800	IN	AAAA	2a01:8840:21:0:0:0:0:60
+v2n1.nic.futbol.	172800	IN	A	161.232.15.60
+v2n1.nic.futbol.	172800	IN	AAAA	2a01:8840:f9:0:0:0:0:60
+fyi.			172800	IN	NS	v0n0.nic.fyi.
+fyi.			172800	IN	NS	v0n1.nic.fyi.
+fyi.			172800	IN	NS	v0n2.nic.fyi.
+fyi.			172800	IN	NS	v0n3.nic.fyi.
+fyi.			172800	IN	NS	v2n0.nic.fyi.
+fyi.			172800	IN	NS	v2n1.nic.fyi.
+fyi.			86400	IN	DS	24340 8 2 853F208B5D528007D5B57BB498524364DA3A2C43AD48444AAE41D3AFDB5B5ABA
+fyi.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . BxM3mWYdRm2AbLIQiDEbEzsqPhBg2pYk50Zzp27vEx7X9h0OeNBolhTmmutxlkXvLI1t5QulAk7JsM8ryS3TArmB0b03tWG2siabDY2im/s9VUVoBFAVQ6hKl854H8LyRGqYlblUxxTChckM0Y6XaK2GpQh6zEA7hcqyWoeseMRMVMs/pndHE3dx3BwBRKuqAPa2CBJnlWCVa5+w/wnBIhwHhM6iAABUCn+SFWgGvP+Prz0hFIumhqktf6PJYc/MBcwqo9tG2OmojEUbUhCLcm60kCfWfA/MPSlC0asT02NgEeixYbgjB0/a5ck/rKkW0izsqbOZJ01DYQtGpqMQZw==
+fyi.			86400	IN	NSEC	ga. NS DS RRSIG NSEC
+fyi.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . M249tgLE9GJIEPjiJvspoMzYLRdfcVjKkqfr5eh8VFV7JPVjuKPTFgttr5vWu9jGgVtu5eyzYKqwGnVCwhiXzq/QZiRpU0PKIvgMKCYCsX5yvW9dtkYLFxtdEVDKD5G+k7QmJwemRoMaehBIQfpu7dHrhd2E9GLRDm/jH0drLiCiWGpGx6j7lK76qPBHBc+QdFhI0nEC0Htm7jK74gnirIrSIrVcz2ABl9Zoh6b+Oaaow5ScEpvOpl8yYRx1GQ4LFinjQLAjoPmTSRyR29RX63AoZrlNL5ysfWhQFOiFKFfVpFUuRG27U8ODn5ihx7AAI2shpKiOogCjsFd5NTf5/Q==
+v0n0.nic.fyi.		172800	IN	A	65.22.20.42
+v0n0.nic.fyi.		172800	IN	AAAA	2a01:8840:16:0:0:0:0:42
+v0n1.nic.fyi.		172800	IN	A	65.22.21.42
+v0n1.nic.fyi.		172800	IN	AAAA	2a01:8840:17:0:0:0:0:42
+v0n2.nic.fyi.		172800	IN	A	65.22.22.42
+v0n2.nic.fyi.		172800	IN	AAAA	2a01:8840:18:0:0:0:0:42
+v0n3.nic.fyi.		172800	IN	A	161.232.10.42
+v0n3.nic.fyi.		172800	IN	AAAA	2a01:8840:f4:0:0:0:0:42
+v2n0.nic.fyi.		172800	IN	A	65.22.23.42
+v2n0.nic.fyi.		172800	IN	AAAA	2a01:8840:19:0:0:0:0:42
+v2n1.nic.fyi.		172800	IN	A	161.232.11.42
+v2n1.nic.fyi.		172800	IN	AAAA	2a01:8840:f5:0:0:0:0:42
+ga.			172800	IN	NS	d.nic.fr.
+ga.			172800	IN	NS	f.ext.nic.fr.
+ga.			172800	IN	NS	g.ext.nic.fr.
+ga.			86400	IN	NSEC	gal. NS RRSIG NSEC
+ga.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . XJZNz75ZGA9X42APeQRSIn4ckM5ud7Gltzg/lgXEYFtV07b/KkUenhezjyP0ESLn1juPfWB1hhW0OOLthFjsN3YW8glHyrGFzi+ixCgLjBwaKZ8NmT5Hh8w5sEMZcwkdHecAQ3C9nStb42wJk5WeLksPBDvmjRn9Q7H6RjeNYRfzGrFanOGnblx7knuUFEq4eXvaff89PRHMhYHamie1ib6t4OkgRZZrcXO1b2G1V639SeqbPOSmnej4u6w6OpJEcgf7apX1BjaxV0zaRSlYzYS9KnmR4JcDXc+QP7d3iA0uLTJwxWltqqIqb4D1JdDPobPgV7oOr1Xm/obz7avRyA==
+gal.			172800	IN	NS	anycast9.irondns.net.
+gal.			172800	IN	NS	anycast10.irondns.net.
+gal.			172800	IN	NS	anycast23.irondns.net.
+gal.			172800	IN	NS	anycast24.irondns.net.
+gal.			86400	IN	DS	32469 10 2 31D40665954899244190D71E2365CF3623A825580B9BF277953ADEF2599B49AB
+gal.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . YQeWFSzr2LVQ/eUBY3YYqeoZL+9DEO2gzHxxsUNnT3ZSlO2HOcZysVfXUbtG1rftc2ZkBqSBCLhS8qbxne3ETrUCJ3k962qWgsD3AiiePzlWU5xGbgjWVLgCbRYaP6T9wvoNpONeV6CP7Ev6frOPX3WeZJtc5zwUhACo8fbC79YlwbPxUYszdNjU5NwccERCOA4G2KqeY2kn7ldzRsW+xgq1fRii7sakXjhHDrE9PfxJ00J6tfCFPzUpE6FVYsgMSG2WJ8OSbjoePBwYfs8LVbUOmq7zuMd70w0JruSIJnkbnevDlOs2SXQqst3bM5ZYmrJn3kL0edizbqp4fe7d9Q==
+gal.			86400	IN	NSEC	gallery. NS DS RRSIG NSEC
+gal.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . nOLKtF5y1aiMgJbVukPEBQmfqAm3G5EdOJENqxdLY4IYHxGKHPqu6qLBZQutSfVcpgsB9SEQFZvoRGq/Zz9u8Qzz2Wk2ucxIYc8ENBxC9PAH2RraSA8HIFgyFJkHgG6EDx/9ys5mQ/iB4poTXshzfcy0evnA8bMGOb2pvCHXP0V8+cmIChS4qbGxfNWBFWn1AG62TeSZvZlFPHHOe6M9BZR8e/qO/ouH2SC4XqfphxuE5dOCchfuIjWH8+VgR9CQMkzoFaB37YSE1Sx1ExAXrhF8HZECHr4BXA18uhsM+qzMJX2jbTweTaPBHJ+4pDjSqAazBD9R+XNeNtfC+WCYnw==
+gallery.		172800	IN	NS	v0n0.nic.gallery.
+gallery.		172800	IN	NS	v0n1.nic.gallery.
+gallery.		172800	IN	NS	v0n2.nic.gallery.
+gallery.		172800	IN	NS	v0n3.nic.gallery.
+gallery.		172800	IN	NS	v2n0.nic.gallery.
+gallery.		172800	IN	NS	v2n1.nic.gallery.
+gallery.		86400	IN	DS	11671 8 2 6D21A1E67D81B0C40C63C22650433BFBCA5EC66657BCA99C01849387563F7BFE
+gallery.		86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . 1PMFKAl1UTq/y4SLMsgBawfG0wAkcn2wzWfk9CpXJMIi+KRDJvZcbbSt5pf7+l3f1ElH6sHDvah2M2KwfOzGGRN0o8QTjmHJxkXalMUPQ8XpUrjcUzaYlrPo+Q6TBAHhV+BvvRuAYcz/7Eai/FjNM7JDTJl4YpymdNBjV3yQm0TuGNbVGIDAmOAgV9Ax4Aw2ZOKuwzuT7qHUYO+u/aIp7FVSvZylhoOlnjzdlRSaTKXnMPNxOdmPQHq0CIfS/JyQFWyswe5bdH1YS/Ygx7YhmJ3Xa709v+FYxPUaaX71fQWimzMyB6kkoBjVNEbs5WarlSNxap+K8NxS9BXsWKfCfw==
+gallery.		86400	IN	NSEC	gallo. NS DS RRSIG NSEC
+gallery.		86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . QhrFKCLG1ohsX0o32mm2+Ri+q24QhdebnlDHxaZffssKuCEBsaEyNqMC8GaPTSzcOAeZ2sWKZUrtAJteTGqwhHlYaVXZR+OtWLl+qpNofhHEBFkQcTwheCMl9oVhSDBGe77ghpEN6Swn+A70dE7fLzkEwdHLM/gEGnvtU1elr0wXBHWQi5m+9mUSVsLH940VIO16f0kJ0b3XRbwTsLp+FX3uBVwAAEoRTZJu/WUrmMgv4wxhOSaZtS/rn/AEY65yR29n5svTqMhQ5jUAyvxreu6Irzxnur6UYM8gjWHF1YXh2jtHmAvvJOE0Y8zodCiQqhJq9xFbSm5X6/9B9EdS4Q==
+v0n0.nic.gallery.	172800	IN	A	65.22.24.8
+v0n0.nic.gallery.	172800	IN	AAAA	2a01:8840:1a:0:0:0:0:8
+v0n1.nic.gallery.	172800	IN	A	65.22.25.8
+v0n1.nic.gallery.	172800	IN	AAAA	2a01:8840:1b:0:0:0:0:8
+v0n2.nic.gallery.	172800	IN	A	65.22.26.8
+v0n2.nic.gallery.	172800	IN	AAAA	2a01:8840:1c:0:0:0:0:8
+v0n3.nic.gallery.	172800	IN	A	161.232.12.8
+v0n3.nic.gallery.	172800	IN	AAAA	2a01:8840:f6:0:0:0:0:8
+v2n0.nic.gallery.	172800	IN	A	65.22.27.8
+v2n0.nic.gallery.	172800	IN	AAAA	2a01:8840:1d:0:0:0:0:8
+v2n1.nic.gallery.	172800	IN	A	161.232.13.8
+v2n1.nic.gallery.	172800	IN	AAAA	2a01:8840:f7:0:0:0:0:8
+gallo.			172800	IN	NS	a0.nic.gallo.
+gallo.			172800	IN	NS	a2.nic.gallo.
+gallo.			172800	IN	NS	b0.nic.gallo.
+gallo.			172800	IN	NS	c0.nic.gallo.
+gallo.			86400	IN	DS	29001 8 2 4C475AD8273C49CCED3D8FBF45F02BA8E1A2759F816BF2020A544B49B9B04CF6
+gallo.			86400	IN	DS	49567 8 2 5B769DB94FCFCDD0ACD004B90DC7BA248DF09B3B7D7F29B40732B388A1EBF9C7
+gallo.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . dwVVdqYIiQWrsZusQ22mn90dj7d3gyJYj9futrd41ns5Ev3WiR/HTDt7cn8QotVvboLJXffOkYE/A9B6aD9qzbOPwYeUpr77FQWuYxesEN0JstdzF9QNnwz3AE/b5QmwIqp2GXD1/NeEY4ZsUQOCJ/odLrDdTEnaY09znk9N0pAqKcRcQHBjAa9aE2nr+C4V2zZuvHRvAU0NINsiCwLNx/52v+36ORqZ5MRuv00AoxB4/YLN0vOZs7coAqjAXzHvYNVjc/R04TgsGEL9f3x6Z2M7g7PCdpX9KeAoFFzk9fljw4l8jp/m2U3WXMo0GJiV9sOfnqxqQtrw7YLHPCvWJw==
+gallo.			86400	IN	NSEC	gallup. NS DS RRSIG NSEC
+gallo.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . haStG7FBemiI9CLMf8fdcnJ2wEi72ckD3f5TmTsEvILqufuCqtIhfyJ+Ir+u2eg648Ss50j4C7e9Zl3miWqnD4fJTxi5vh7K8AhZuk7TI7Zi8n+R+Mf/iZOBtYjVDVwDXaJ2f2vHUtxqX9fRd+5XHsWHY6aAQNUVsgFrbno24mMgyZtHBZH/IW9eo4pDNfzVdgnUbmzyVIJ9mrIzAQGenFUN+87zn+CPG1JZ0QkNpFIRdAKYk30CnzufhofCAKlnDk5X3IZMifRkcVxvbWD2nPElx/eYJvBrn4irJ+QDKGtHxPzZYWk99O4mfa37MT9C8ToKAYLT6ozBzc0vgk3eIQ==
+a0.nic.gallo.		172800	IN	A	65.22.56.1
+a0.nic.gallo.		172800	IN	AAAA	2a01:8840:36:0:0:0:0:1
+a2.nic.gallo.		172800	IN	A	65.22.59.1
+a2.nic.gallo.		172800	IN	AAAA	2a01:8840:39:0:0:0:0:1
+b0.nic.gallo.		172800	IN	A	65.22.57.1
+b0.nic.gallo.		172800	IN	AAAA	2a01:8840:37:0:0:0:0:1
+c0.nic.gallo.		172800	IN	A	65.22.58.1
+c0.nic.gallo.		172800	IN	AAAA	2a01:8840:38:0:0:0:0:1
+gallup.			172800	IN	NS	a0.nic.gallup.
+gallup.			172800	IN	NS	a2.nic.gallup.
+gallup.			172800	IN	NS	b0.nic.gallup.
+gallup.			172800	IN	NS	c0.nic.gallup.
+gallup.			86400	IN	DS	34159 8 2 AE9BBA11562A260AAA062E2EB9881443044FDB8998B6A81C25D34D0D6BF49CB5
+gallup.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . vsEUEdZiccw416skVW8yYMXThJvfAInwAatevddt1hC0/S/sjP8fkS2FM3BH07zv81ekhCfach5n3TjDBbQKniQ5DwNDzHx24/Aw8n4x7YJr2FJK7kypS3pgDM5kxIkX1rEX0XKtfMjlbkbvqDioi81PkbCeMIqB7MLQAgSfmg9NbBssxcsEYvXH8MK1bTBv7tnvnEAMrxGmERBwbXhJGSgeVJDPgI+ceDcGF2PXlxnE1Q0QJ/7yVVCXe4SbVKQQZYiSbY2/IEiSl686DIr7nuSoya+ktZnt++54znciW721DSfOfgSxcXNQ2b6snIB+ovj5McWEl+DbuwqgBHeKew==
+gallup.			86400	IN	NSEC	game. NS DS RRSIG NSEC
+gallup.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . lsb7kH4ESbm5BSbnT2XQOxbInz9zsAygLlofKfLQ8cUpg2irW47g3gvbdX6magR7n35Ik7inNstpQ7/S7ApzvvFPHcPkJOv9BvpWpd11y9VNi5rQU+ngxJ7L2n7PRDpeZN42QxPRsTmBDI7lFu4ohOgcJnnwHMrTi05vB66MxPjcFCl7RiQkmcYFX0NCe7G7gM8dHCkeueAQzNmD1/Mprrd8KCo6QvhA/Jg6ZU3B9ODvZgBFTHHCd0aRvrjyWcWxaLADsgN1kWqYk0oUw7m8Rtj7tCDRp1qS0Vs9yUuXRGfswvbqvsZcRv2jBL0PrIOqQ06+1b1rXGhliLwSeZFKAg==
+a0.nic.gallup.		172800	IN	A	65.22.168.17
+a0.nic.gallup.		172800	IN	AAAA	2a01:8840:a2:0:0:0:0:17
+a2.nic.gallup.		172800	IN	A	65.22.171.17
+a2.nic.gallup.		172800	IN	AAAA	2a01:8840:a5:0:0:0:0:17
+b0.nic.gallup.		172800	IN	A	65.22.169.17
+b0.nic.gallup.		172800	IN	AAAA	2a01:8840:a3:0:0:0:0:17
+c0.nic.gallup.		172800	IN	A	65.22.170.17
+c0.nic.gallup.		172800	IN	AAAA	2a01:8840:a4:0:0:0:0:17
+game.			172800	IN	NS	a.nic.game.
+game.			172800	IN	NS	b.nic.game.
+game.			172800	IN	NS	c.nic.game.
+game.			172800	IN	NS	d.nic.game.
+game.			86400	IN	DS	4126 5 1 0BFD20235875E18EE7D8B0FAD0A9F566D296CB09
+game.			86400	IN	DS	4126 5 2 F69BE762D422754930EE00176F377AB6A7FF074A48B2076A6F0CEE711D97001D
+game.			86400	IN	DS	32929 5 1 AC35DD8C5C6E00427FCE4432F9F817D54C5DBB9F
+game.			86400	IN	DS	32929 5 2 C7602F661849EF5422CB5E5D7CCC91E7EA8344C7FD20F0E43A198CC699EC895C
+game.			86400	IN	DS	39133 5 1 FB1F7E5D4D62AA9F930B77A9494BB3B04D84340A
+game.			86400	IN	DS	39133 5 2 ECA12999E650C648FEABAB0AA1870D10D6E9F6316FA609B126C98477F964C6A4
+game.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . p8yvJr4BGND51/oMoTTaDLHTPf66T1275r4yOtMrA0bSFF9j1p7/yvpj4kpvzFEjxiQTM0672w81COaj8e6Si1KUC+QXcE/Zv+0hSZadYbT5awHpceg7eaVnRtNy4LgARxNGBGZKXd3zFGGQxTvWGNCPI5cm3c75L71m96V6pCR5nNSRyNaF7lc8PO7j4fogl0oVABvWFGs7xq5xYJCMMnI0bYFTXK0dTTxcQAX7xs5/KUf6MgMuBExYfzPykg3wGs2Vov5uYpxD2tOASHvG3T7Ib6Y3uB6OyZi6QC4IzN2ju2otSSeKFCqAGREg2M+4X+H5Pa7wfE40hs1kutDwIA==
+game.			86400	IN	NSEC	games. NS DS RRSIG NSEC
+game.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . U43d+bf1e1Fs3waWybp24QupDmbTJIaMTWdNM6Snr4wux5u9v8C0G+55akDdnTlnnB22JTlLH2UXwEhl1UuqszS0A+gBFbYqf+Uox188XTpVydaATuVQbayC7eUXz2Fn8BFfr1fzkZq82dAUjFm+XLua8k0MvQPpEmeSvUKeb5BjkyokMLUDn6g5PNLivwdll4cdR+XX0JeBmnXOTZLcC8qCtUoflwUjT5GG+SAvkPrU18dymzqCGyAFQdS/MH1xkImCdA8xPmvGRbFtwUupmF+QAsZQvkZAKHNzCfcxiLNJ/tdZchaSGVvLjvEvxpRajiaxNB2zY+fp2whwh4UpBA==
+a.nic.game.		172800	IN	A	194.169.218.147
+a.nic.game.		172800	IN	AAAA	2001:67c:13cc:0:0:0:1:147
+b.nic.game.		172800	IN	A	185.24.64.147
+b.nic.game.		172800	IN	AAAA	2a04:2b00:13cc:0:0:0:1:147
+c.nic.game.		172800	IN	A	212.18.248.147
+c.nic.game.		172800	IN	AAAA	2a04:2b00:13ee:0:0:0:0:147
+d.nic.game.		172800	IN	A	212.18.249.147
+d.nic.game.		172800	IN	AAAA	2a04:2b00:13ff:0:0:0:0:147
+games.			172800	IN	NS	v0n0.nic.games.
+games.			172800	IN	NS	v0n1.nic.games.
+games.			172800	IN	NS	v0n2.nic.games.
+games.			172800	IN	NS	v0n3.nic.games.
+games.			172800	IN	NS	v2n0.nic.games.
+games.			172800	IN	NS	v2n1.nic.games.
+games.			86400	IN	DS	54412 8 2 A5CC38E38A2D92016AAAC71830FB380AFFFB9137BC360F97DD576BD73F9D39F6
+games.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . jaLhzd4Jv4LD/zQSmPsuQy+BHb+968r61ikDdhlegsHvwn/o4QR7pKPTiKdNetdChadmdkvAUGIozZZuE1osfKZqt55WC3qiMxPcsdaz8x6ez/byvWk2IgqdC3o+QoIDhNDgYr7+fPz/xJ8bRePV0rADjUeuyO1MMcRkA+fCj/SIM72S185VTDywh1WzbrXPnvuNkamSCeABviiLTaQhi64v14FXZjP6TlF3DXlxabp4qTfL9DLJ5XlcLbqvAfNokqRKux5WHuheVuOofoM1wncwwA9AxfFWA81tP9euexFW8VpawzSRZNXDRDw/pYyFgvb7EZEIDlUguEwjoGgLMQ==
+games.			86400	IN	NSEC	gap. NS DS RRSIG NSEC
+games.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . M3vF+Op+l1dRy2tl2aZQm9aZndVEpFDcC/KbJkUVedItTOgg/hLfWYX7bez/w1p17cv5mxNbUBgH/XOllcNvmCB+Zrsi68vUCikBPDMny6U+s6kvQwlEV3hZKFDdaJRir0vEnrEklTytq+cGrnyPp+Oc97gvsA6NFNPtYpi8B0k+cP9PpjJWonydTzyy9SRHdfGx95+t4LrqF3itLS97lLFUIr9F5bbMF/ihNcMPcKDgLR4ydsQYfThxoxFvlzS4KTw/DE6rH1DrWBnEa99etqwwSFauuM22tCZqmN7vkOVfS/mdeW5xO6V5F1/H0/MEHIFp351ZRZTiaNpCCYDNOA==
+v0n0.nic.games.		172800	IN	A	65.22.20.39
+v0n0.nic.games.		172800	IN	AAAA	2a01:8840:16:0:0:0:0:39
+v0n1.nic.games.		172800	IN	A	65.22.21.39
+v0n1.nic.games.		172800	IN	AAAA	2a01:8840:17:0:0:0:0:39
+v0n2.nic.games.		172800	IN	A	65.22.22.39
+v0n2.nic.games.		172800	IN	AAAA	2a01:8840:18:0:0:0:0:39
+v0n3.nic.games.		172800	IN	A	161.232.10.39
+v0n3.nic.games.		172800	IN	AAAA	2a01:8840:f4:0:0:0:0:39
+v2n0.nic.games.		172800	IN	A	65.22.23.39
+v2n0.nic.games.		172800	IN	AAAA	2a01:8840:19:0:0:0:0:39
+v2n1.nic.games.		172800	IN	A	161.232.11.39
+v2n1.nic.games.		172800	IN	AAAA	2a01:8840:f5:0:0:0:0:39
+gap.			172800	IN	NS	a.nic.gap.
+gap.			172800	IN	NS	b.nic.gap.
+gap.			172800	IN	NS	c.nic.gap.
+gap.			172800	IN	NS	ns1.dns.nic.gap.
+gap.			172800	IN	NS	ns2.dns.nic.gap.
+gap.			172800	IN	NS	ns3.dns.nic.gap.
+gap.			86400	IN	DS	4462 8 2 59BE1D87D0D5D5FD371368FA00C3E73B9E3215ED06CBEC2459B8A25C49248B07
+gap.			86400	IN	DS	34711 8 2 E6B688299E2DFC3B96259647E8A564475401D4504729BF8B523A08B4359B4C9F
+gap.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . n3zwpRYUK9achzmeLTENrD3oRCCWuxDGL50iTMqu0GzIZ7kbNNIetUWYbQYgCUC54ORLH4TeMzW63MjiZncQXTMlyMY3ySVODS1rejJv4e3NqvzxmnrQFMAqoWhjwfAtN6s5qKkMJq4v24BNZAdlsuPW1R6jCntcRp5LdW6EzbGmskfwwAa3fNrriWAr0GAppfvrg2kDgu+4tjRJV7GTR13GkFrAvxVLyK+VrsGD4PiZNUMW5dbRQ8fPm70BP1Hm25u5f+5WsMXCZUmhngatXZ85crI/G8N9AtPP+QlgVM48OtRPDBLbxVYVwXgIBw/UILeRWkhojudI9tRXvatVuw==
+gap.			86400	IN	NSEC	garden. NS DS RRSIG NSEC
+gap.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . li2vEcwYQH8NxPJ6HMjjNQ/FlKtEc3/L2Aq1QwBgmI8SzMs0N9r81NKCWy/Mdr73n1eh9BYBSbcRg7+l2OfAW8MJN6VnpWvJxvUHw3KkOQuFf0YKQdV1HkQMP2IF7HkYkBqLeDzDRq2yiZfz/6Q3jEYzKqt5l2HpmQpW5BFSxir75kah0kAdWN+b+ZB88l2Ww48gjgSqB4B24KrwBKyY0LBJj6PHSlIu6D0hQl0yJAoiwTYd/ZO1mPGJrEK5njfmPCJ4vGcV+9/0E6vO2N65Qa2AjlrvYezaGPmaBjk5iqJAHvFx99hwoe2Ks2GXqDobK4ldfmWBoM/UXLuzqGa4MQ==
+a.nic.gap.		172800	IN	A	37.209.192.9
+a.nic.gap.		172800	IN	AAAA	2001:dcd:1:0:0:0:0:9
+b.nic.gap.		172800	IN	A	37.209.194.9
+b.nic.gap.		172800	IN	AAAA	2001:dcd:2:0:0:0:0:9
+c.nic.gap.		172800	IN	A	37.209.196.9
+c.nic.gap.		172800	IN	AAAA	2001:dcd:3:0:0:0:0:9
+ns1.dns.nic.gap.	172800	IN	A	156.154.144.66
+ns1.dns.nic.gap.	172800	IN	AAAA	2610:a1:1071:0:0:0:0:42
+ns2.dns.nic.gap.	172800	IN	A	156.154.145.66
+ns2.dns.nic.gap.	172800	IN	AAAA	2610:a1:1072:0:0:0:0:42
+ns3.dns.nic.gap.	172800	IN	A	156.154.159.66
+ns3.dns.nic.gap.	172800	IN	AAAA	2610:a1:1073:0:0:0:0:42
+garden.			172800	IN	NS	a.nic.garden.
+garden.			172800	IN	NS	b.nic.garden.
+garden.			172800	IN	NS	c.nic.garden.
+garden.			172800	IN	NS	x.nic.garden.
+garden.			172800	IN	NS	y.nic.garden.
+garden.			172800	IN	NS	z.nic.garden.
+garden.			86400	IN	DS	27637 8 2 2D10A23A8DFEB7B80721476D3DCC5A5D31A61BE1D7D3B5BF6F15F4A2747B347B
+garden.			86400	IN	DS	51400 8 2 A3F1A44A1D481D01241486E74820FC3634CB119C4772812DDF44E6D1CC5D2EBC
+garden.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . QrkCJc1NLgfLUUcXc2KRFPNR8JrmNMFCWXvp4Kc6isstXSrYfuummAXvTYB2Z0oLmiyb7A2u2I2EMgF8SEqBNw+Oh9fXCcmlCLj7DJFoU42CBoFZG+NKD14Mzb/L7zehr59t3nwy/6iCTGJ8ZfDAW4hkns0imlLn3alP4+iTFc64kV2cURxKcPCFe3XVx5dsCUhux9PLH1EAdqzRaM7gzSPsyMPLrnXZ7kXiuxLKiIxkmIFkfjpKrCkxrr3ecGHoMK1VDOYFIwHeS5gVk6psj+o2LZJ4vq/He1cJJRt5J/0mys4oESgIjAugGvvUhytVp8cD/mfojmqpSlwk/2Etyg==
+garden.			86400	IN	NSEC	gay. NS DS RRSIG NSEC
+garden.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . D4ih/tOsIkCJWkXMEyK5tMUadt5WPN3i0nmlF7x2Lj878tcEnz6tiidmK7xuQD7xOcdawO1+e0L+HFRPEg/q4gsVt1VIQ6I6USRBgdxpNYf12NGlkfsg7yelysqbFQr6ShP562/0mitiQODlyW0V+zKT2PwZGMmLtx4O8HMOLKZ6MVz/Y90Mytetoj8Vg7B9Q8/yvd9ZtHmzhI10lDpwLfwsQ/f7MTltpal17lk/MbRChyyby2cJOhT01Z5f7r+iUBxtn7o4/204F48tXvuPiVIz2gDBRGUCo8aOigW1e6dJ2O79JVdp3mWxDP4dc7btgAXplACHWY5GTCPeOdNAZg==
+a.nic.garden.		172800	IN	A	37.209.192.10
+a.nic.garden.		172800	IN	AAAA	2001:dcd:1:0:0:0:0:10
+b.nic.garden.		172800	IN	A	37.209.194.10
+b.nic.garden.		172800	IN	AAAA	2001:dcd:2:0:0:0:0:10
+c.nic.garden.		172800	IN	A	37.209.196.10
+c.nic.garden.		172800	IN	AAAA	2001:dcd:3:0:0:0:0:10
+x.nic.garden.		172800	IN	A	156.154.172.82
+x.nic.garden.		172800	IN	AAAA	2610:a1:1074:0:0:0:1:82
+y.nic.garden.		172800	IN	A	156.154.173.82
+y.nic.garden.		172800	IN	AAAA	2610:a1:1075:0:0:0:1:82
+z.nic.garden.		172800	IN	A	156.154.174.82
+z.nic.garden.		172800	IN	AAAA	2610:a1:1076:0:0:0:1:82
+gay.			172800	IN	NS	a.nic.gay.
+gay.			172800	IN	NS	b.nic.gay.
+gay.			172800	IN	NS	c.nic.gay.
+gay.			172800	IN	NS	x.nic.gay.
+gay.			172800	IN	NS	y.nic.gay.
+gay.			172800	IN	NS	z.nic.gay.
+gay.			86400	IN	DS	4816 8 2 960F543D3EAD5C2E0FD6D1E792265F7C795170D793ACD073F84C52A2F72EEA85
+gay.			86400	IN	DS	32074 8 2 C725B3CBD9D404307D49D0969B57B8885FD69663ACA51662B05716C9ABD1361E
+gay.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . Zw4Ga4diys1JkXRVjbYQXYzxg2iz3b+XHuPVbfnzsWNDkzVOQWwKcqk3x+FJmI8Fe54z6BJ/ItUxdDdzvcgHDtmqWusKcW97TAfE2NJl9oSr2x+nrCpYKD9mT1h096kn8W6Z1u922hXLykN72bI/KWJlLFBj/NDNGhkx4ts9biJmyDeorMinZ4x2hQFulWNZOGhebOBbWCgAHd23gBKlJS3evZ7toudTfnuILc07MOP0gnV7gyJdyWRVyyMPPhAUVgieThjSs7YlysZjnYMGjPbIB9GIhAcZ13WZtjvSdWblAuWJsEX2AokgzCBwKYMGSTiHoBHRo1g39Why1a0WSA==
+gay.			86400	IN	NSEC	gb. NS DS RRSIG NSEC
+gay.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . lXOZwZR5s0QpronYlSyLIadhkaHgWgnsFoY5RtT2I80lNHVtkiDmrULToCuLj2trcdT+enMYUQZyG/+nCA20rdWQFl6CY0sBgJv98OFS0BpsxNokoHxKI89OXmkr2AISyXBkixhiK3kRER8sEHmgIvHOkg4fECLvSl5oBG5fd5drM1XSz/8IuTSeHQ73NpUunDpPPP8ODEkpsFy3fp2pqB/HHBeryJ95Zg8OcSKazbFspGA40g+3DvFWne5uBy7p08kElpwE+h88RFISOqeX78K62z/7hu0vbqv9pptOG/TBZXM4h7bamtgNdMC6LKKXzJS/cUHM+3R/D+cifFz9Tw==
+a.nic.gay.		172800	IN	A	37.209.192.10
+a.nic.gay.		172800	IN	AAAA	2001:dcd:1:0:0:0:0:10
+b.nic.gay.		172800	IN	A	37.209.194.10
+b.nic.gay.		172800	IN	AAAA	2001:dcd:2:0:0:0:0:10
+c.nic.gay.		172800	IN	A	37.209.196.10
+c.nic.gay.		172800	IN	AAAA	2001:dcd:3:0:0:0:0:10
+x.nic.gay.		172800	IN	A	156.154.172.82
+x.nic.gay.		172800	IN	AAAA	2610:a1:1074:0:0:0:1:82
+y.nic.gay.		172800	IN	A	156.154.173.82
+y.nic.gay.		172800	IN	AAAA	2610:a1:1075:0:0:0:1:82
+z.nic.gay.		172800	IN	A	156.154.174.82
+z.nic.gay.		172800	IN	AAAA	2610:a1:1076:0:0:0:1:82
+gb.			172800	IN	NS	ns.uu.net.
+gb.			172800	IN	NS	ns0.ja.net.
+gb.			172800	IN	NS	ns4.ja.net.
+gb.			86400	IN	NSEC	gbiz. NS RRSIG NSEC
+gb.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . PE5CBMGUYrzxeas9dDzDXY/MpEnJ9S9z2X2y/Z9+wZrqXGYIssWJcaiLVQm3oh+kwWF8Cp6Jyw2dRGxex6ePDFCOM9ZoOtdznHojiJeGx5Na5f7Vkqj04YqpEXWlgivr4k/YJKVEHH3NgFZuGEcqyO6tgrxie5IEW1hd9SHsBGq6BOnFV52yrsnuKpLI7jbaHwJ2imEc4cK0g1136qkVcAFaTlUFU/ZLq6YyK2JuSbzB8jS/Ke5magIkYgVZS1PGrvDyIy5t77dteq40EYuRJiHuUv1N+uJP6Q2m/0NfkPD0YO0zMo+qij/3JAWXy/KACbJuUxZ/5M4KC6A8wp1qpA==
+gbiz.			172800	IN	NS	ns-tld1.charlestonroadregistry.com.
+gbiz.			172800	IN	NS	ns-tld2.charlestonroadregistry.com.
+gbiz.			172800	IN	NS	ns-tld3.charlestonroadregistry.com.
+gbiz.			172800	IN	NS	ns-tld4.charlestonroadregistry.com.
+gbiz.			172800	IN	NS	ns-tld5.charlestonroadregistry.com.
+gbiz.			86400	IN	DS	17434 8 2 CEDDB0629DE967EECEAE6B9831DDCB0FD30ED800E46D6A69BF15759C2A239D90
+gbiz.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . rgU+GEzu38eyhyVmNs/eoKnQ37PlZJDKntTnIgCGG7HrUCpLHj4Lu9XqIOOvHL/P4+sF5OGLM7uEbcgQbAaAevpyqxAAJXfuf5W0ppVJhJXK6y35ijQ2tzYJDFk0TS0X/lM+eJQSKiHJ3rVCdep0BWWi4u/sevvCiDSsJXe83Uupy5Tvvr6oNlNdDPvhkXLqrzsY3JppYyEyHfz7YVTj1iSg7cC659ZyKHsyAscXxirremAC8/KV5DLe1K45W3MDVkIprWircpLK85vHj1X+YKLXPIPeI82o8jrj4VSEC18DJDb/sdiPLNWoy/z7a91AXAU6blrHTr6mrSYwmpbTXg==
+gbiz.			86400	IN	NSEC	gd. NS DS RRSIG NSEC
+gbiz.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . NgXD6PwOD054tAVMlCvkmqZIArKy7nbMjh/awNPUBT+gGdnzpoIcwkux8Q8/+TD9c3SMwn+cJTxdHT1uSY7fdQclPcdp3hrJ/lNNBCaBzJmxMz6o65qHxMg2GSb2+TAI3f3vW6Y70ZFWrsa6B6UUI4LdhSR4w93G2+zsgPgMDkhEbYQYgssfLeTl2rM294UtGQtp+xYpxjCvcUCjRByfW1uaf4zuDNxCQbYdf1IYK2hT3yZxU8fwziam6egaFPq4ZeohVW9yE1B1cf9F/J/JhGPPa+IAbeaCw4PMWmWJfJYFdasd2MGge/Kjac6M2h+jPvrcNJ6Mx67iZzp6u05LDA==
+gd.			172800	IN	NS	a.nic.gd.
+gd.			172800	IN	NS	b.nic.gd.
+gd.			172800	IN	NS	c.nic.gd.
+gd.			172800	IN	NS	d.nic.gd.
+gd.			86400	IN	DS	51039 7 2 BF36A1EC5D2998566123DE660BBD857D1D25231729873E5F5399A641C1CEC13F
+gd.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . vmALw3A32Ony5ldnzW1VXz2A1snCrdaRIW2nr6P4Z5xzzl48PnSNeru9KPoTIC210z4KW39qluP9O/sL3JmDf6EFEcH9fwMMzhVYXiJW4j1OLiPexuPej9+qswMwzk8+AVaKm+RJk4ShsCm43Th53d9BzGbMejwwW65KMdZYxi4eFT33AzlS2dcUBiqIvrANjy19FjgtTAEwawo1uXCNeh+IVtIebdmoP3MqqK1IRQgDdYDout4lN97gDOOEPUfKH8afn9Qcg5h6sfOBi6FJLsFqj+blcX8g7uIHwfq1vv1f2vUGRyyRiJYDe++wCbBPQgWSHQx3oSaJbednpPpY8w==
+gd.			86400	IN	NSEC	gdn. NS DS RRSIG NSEC
+gd.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . ijFoy6e9LGNi9TMNfAJ6IVbL1wt48O8RjxxJbJ3gDjtu/us6qhOIExgLRyacfcw6Zbivhm1PwSHx/riUauFKWmMgDNZFdG40O0DEogz1mCNUsMB2fFj+oZufCT3tcRgzSfXEqROYvOm079xhFzh65BXo8fznz+AwKBiqp9nhuWkFrfMlmEepXfNOLS5UdbUI2INcPSsmnn3a0/OCZoqdKHjOZCpN8xXpLQzzJQXr5u9rHLMU+Jd6+mhmdzGeAV3DO97t6JY+rdR+IlID4n4uzIyapTgeL6BxjNMnKvjEQKmHYk+Qbtb82VCLfJ9GQbC6+PTbVqbgxWrZCPupqtWMVQ==
+a.nic.gd.		172800	IN	A	194.169.218.88
+a.nic.gd.		172800	IN	AAAA	2001:67c:13cc:0:0:0:1:88
+b.nic.gd.		172800	IN	A	185.24.64.88
+b.nic.gd.		172800	IN	AAAA	2a04:2b00:13cc:0:0:0:1:88
+c.nic.gd.		172800	IN	A	212.18.248.88
+c.nic.gd.		172800	IN	AAAA	2a04:2b00:13ee:0:0:0:0:88
+d.nic.gd.		172800	IN	A	212.18.249.88
+d.nic.gd.		172800	IN	AAAA	2a04:2b00:13ff:0:0:0:0:88
+gdn.			172800	IN	NS	ns1.nic.gdn.
+gdn.			172800	IN	NS	ns3.nic.gdn.
+gdn.			172800	IN	NS	ns4.nic.gdn.
+gdn.			86400	IN	DS	28906 8 1 157427E9D56B06DE066A0BEE607C2F3314B85FEA
+gdn.			86400	IN	DS	30307 8 1 7A16BF5938B9FE7CF2AC5BE9C472E81443944686
+gdn.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . it+IPDgmpecBCLPwHby01TgEqnv3gvU9vRL5ovU9qXTbZ0htRbRUn1/QzLcIyPU/ftfY8Aj0HXSUPA7EzBhwHkWL5lc59Ltvl5at0+1VidMgUCNIUEfq+RXq/vzs5wyPqatIrLDcj3ZnyAOW3h7x2UUSgYEZmvZsYKIvVCm5JIKifcgXRicBGwfGPtz1te8nEbT9B4eCIpyAESzzHa6M2y4Qc+p8kJqxIHZT948nZDtrHcMZ6DmYfQ1KbcLX6wjLx3cI9nurEMpK9NXDZbaXNr2hssLJhtXDdpyLO6u3xP6azX86oNPtqnZMr4IbLxVFSydrzV5j5UU0DRCjN5bTNQ==
+gdn.			86400	IN	NSEC	ge. NS DS RRSIG NSEC
+gdn.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . a8c9VyjSIia4Tcjl2gfohBdN/fvHtivHwcpl7hnuECKxF8KXAvQ0I6nBNVAM3lN0Fcr0OURtHDiXzDw7mvBpYCluUYiNVpGP+Hu7MaqAg7/t51faenvsqWB19wUISxqayBl43Bgk99NcBCyKXz0b281iO7cBoUOs6J8jwb44JwIDL0mfvDm8VOLL4AIpmr09qZzXHGWe/TR01PvXwZ627odW/W1erPFRwPG7quhIDDajoh14ww/I47/gR0ONUGvWw9nd8vWpybI+Aur79vL4MLrjxV3uKVxBnoWRHlwV156Hgx9NdgiVFU2kE9/1j/zk6pQS+FiLbuVf+ob33nfx5w==
+ns1.nic.gdn.		172800	IN	A	194.0.25.18
+ns1.nic.gdn.		172800	IN	AAAA	2001:678:20:0:0:0:0:18
+ns3.nic.gdn.		172800	IN	A	194.0.26.11
+ns3.nic.gdn.		172800	IN	AAAA	2001:67c:10e0:0:0:0:0:11
+ns4.nic.gdn.		172800	IN	A	194.0.24.11
+ns4.nic.gdn.		172800	IN	AAAA	2001:678:24:0:0:0:0:11
+ge.			172800	IN	NS	ns.nic.ge.
+ge.			172800	IN	NS	ns1.nic-ge.com.
+ge.			172800	IN	NS	ns2.nic.ge.
+ge.			172800	IN	NS	ns2.nic-ge.com.
+ge.			86400	IN	NSEC	gea. NS RRSIG NSEC
+ge.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . DIlgh8ZZL2+naxMiF0LrW6bwfyv6D9fY/lk2nFRBk2kYrxZcqhvUKl5arZisxs9icmbIxq9Pc7p9srFCyYuk1FWxVUe1sU1QG/iXnA/n4sH2qik+ntFxKS5ElD3vgOb2zsy1bCtUpWS2jPbgTze7ZHVoM5+kcYYci1yKMnizdwGXiHCsM8vSwq4lXnwJGL+KAYCpQCBSYRUMB5DZWywCsoumr1gCdAETzgww3OqlyNSAL9R+CfHxkDNR4AqP0wdi3xXOxDDeGNJO5Lw5qkJjs/4wpmHfp4bd9xCs83pZpn/gsJ3O7qzJE9T37rYw60RCg+oC7B4U83SkV7WX+dMQxw==
+ns.nic.ge.		172800	IN	A	212.72.130.11
+ns2.nic.ge.		172800	IN	A	185.19.98.98
+gea.			172800	IN	NS	a.dns.nic.gea.
+gea.			172800	IN	NS	m.dns.nic.gea.
+gea.			172800	IN	NS	n.dns.nic.gea.
+gea.			86400	IN	DS	60191 8 2 62049B91E513B7230F960B356C6E70634AF960EFBFE5DDD4F33741A26B2583F0
+gea.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . rNyKnyQxqp07rnlnz9ZYMEAEsFwYvCvFyAFb4buepMdd+nYXXeP2sLBvzHgxIduyADQVFgpX40TjKp8TFbHN6ytgBs0eQhSAie05y7/vMRLRUqyYG5/LU4yninvR4AphMi1ViD88qu8T0Oc125ktduzkzGlzE5uJ88lQyAv4CAJtg2aGES9STtwANwIa6TYz2dvHcnb81/H7wMsNu84QMtXcqwaWkDpl6L18EA+PkYny1eOoCVWJoAOJuh9W9FnZuTGwDevOmROQ6zUlg2eA3gXRWXH/7DwAa++/ml2CKVkqUxp/+K6Tvrk9GB5mkYP0QXeo1XrGR77oM/05Ht1L/w==
+gea.			86400	IN	NSEC	gent. NS DS RRSIG NSEC
+gea.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . KU4+LlApG4EJoVvR2JLz/i3EwVec73wQL1nfayrhMwqQ9ah93JWYCp5mkX6adTnK5SbCjjnHRdNX3aCVLHb7+ATJuozW7ricX5ouyyCxbIa2kkNwB2KUneWYF/tVzZP+Duy1an9oFcqmqiVOk1KlyesjebhYeZ+kPCu1+H0UTTYkPMqNVqo2tGlblLnoLmesAsWnUIn4mODOs57xs9jAlvuFEIuhkQSzqPPHUInfSKrPq4RfylsoZtQjO75/M1dSX2aMsEYEg8RpuouB4649RZjevbqxeAtK5NVl0/AU1QSDfaS7m56Nx6lH7w/0BEM4rhLtJ/bq55dGWbx51avGvw==
+a.dns.nic.gea.		172800	IN	A	194.0.25.33
+a.dns.nic.gea.		172800	IN	AAAA	2001:678:20:0:0:0:0:33
+m.dns.nic.gea.		172800	IN	A	194.0.26.13
+m.dns.nic.gea.		172800	IN	AAAA	2001:67c:10e0:0:0:0:0:13
+n.dns.nic.gea.		172800	IN	A	194.0.24.13
+n.dns.nic.gea.		172800	IN	AAAA	2001:678:24:0:0:0:0:13
+gent.			172800	IN	NS	a.nic.gent.
+gent.			172800	IN	NS	b.nic.gent.
+gent.			172800	IN	NS	c.nic.gent.
+gent.			172800	IN	NS	d.nic.gent.
+gent.			86400	IN	DS	2640 13 2 E97C1F6F53E1284399D6DAAF670D8FCBDDB5618710ADE52C1219757C14C77D88
+gent.			86400	IN	DS	65113 13 2 FF773C6DFAAA57475219BA35030A346181A8737E02E2EA2566C452B5FFD5A69A
+gent.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . eomPmAuK7knvaz4E+BuvPh9ADx2+nuheLgfdYp/7qPx92/+O3uXeRK3jO+FxpEXpX9xS3sO44x085TlyInBbej34KDSYGJQO1bJZ1XsKV8XR3qBc0ePl/RVvNbsguthesQoErKHLhkXixjv8Ws+mq8cQePueQRmro3TtTOk2eFnAGKaeYMyQ7+cRz7U+bGKdzBvMorMqN/Y1G1YRwRYKUhMNSY6CaU2afcLafglVZjRAhjhWgGycDIkKMhs1dwJP3EQYboGVLIko61bDOsf2K56RL8mV10o2CKk0px15thg44xqIzquf4fj4k+2bLJSMtX/XQ8zYEEfVZacGsXOk0Q==
+gent.			86400	IN	NSEC	genting. NS DS RRSIG NSEC
+gent.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . EewETLRWYDbZWQPSUh79lIanEjDaFd1eB8EuTfBl73epJ/gTBOm7p3EnVeYP5x5X/53Wc0DFHTnu9uxsOPtn37z9wt/v6DDgxKClKu2YhYwUPXMnRhsM2z52/wtRD3VdeU3czmki45HW6w+JW59V9d83s7q3hwg0syloMqKqRRZRpau817go7fxJ0WTsG1ClSWZevSnDWCqqLr7YdAHhQ+JBAz7UuA9zkomLure2gvth8Qgs/YCttA4l75g/HeiVzfb+lnbMqwke5mH8Jfj79FV81duEBHRxUgz/sB5w57duH2KnSTq8xSvRcoJ3dCScpdkc4XpFbBshDjejL2npdg==
+a.nic.gent.		172800	IN	A	194.169.218.89
+a.nic.gent.		172800	IN	AAAA	2001:67c:13cc:0:0:0:1:89
+b.nic.gent.		172800	IN	A	185.24.64.89
+b.nic.gent.		172800	IN	AAAA	2a04:2b00:13cc:0:0:0:1:89
+c.nic.gent.		172800	IN	A	212.18.248.89
+c.nic.gent.		172800	IN	AAAA	2a04:2b00:13ee:0:0:0:0:89
+d.nic.gent.		172800	IN	A	212.18.249.89
+d.nic.gent.		172800	IN	AAAA	2a04:2b00:13ff:0:0:0:0:89
+genting.		172800	IN	NS	ac1.nstld.com.
+genting.		172800	IN	NS	ac2.nstld.com.
+genting.		172800	IN	NS	ac3.nstld.com.
+genting.		172800	IN	NS	ac4.nstld.com.
+genting.		86400	IN	DS	22539 8 2 983FDBFBBA09945A8DA7FEACB64460FA801F4A3481D83FA9E1257FC92ED206A3
+genting.		86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . hi360Uz6b5O9smnvf9wLB/6jxjt3yjah2y28o3RGxRHurZoLpzUgw+eM2Jl7s6GJ0tfpKeCbdY1ok4NOxdVzXWuKS3Pkpqs3XgkCqsO3TyXi1vjfnu14LSr1KzFdIEWu0ccELFe1M+YTl9nvX0sp0c+XDeQjc7RTOtl/PLz0ouP8ze3WSqSFk77DvzxtXG0uo2ef0LLk8F+0ai1Tdf/IRIoy4M1J1Pt3viVDAo/vHp2Xej32il9InEsnHtJoLgfGUFU6Fo9LBRwIVD32gpTviMSJ0/t7rsDvlGjg/8zv87lERk4Ql6W012Ak8o4DJBP7nNdK0vW4yi+qF7y+/LzzMw==
+genting.		86400	IN	NSEC	george. NS DS RRSIG NSEC
+genting.		86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . ttYBk4V2GfzQM5kB1udFhA0kb1ocCBquECQQVMX1IVQSbn4AgA/nLBCurW/PH2PDbIko2PiPg+QMUpqd9Jrb4KpgypjK79TMzWa2gs9sDwczwu+MPOnG+9yiNddHZkAe6cosPe44y4cOvGpU1hVZsDL9wkuaKdDcXMXnIQZhF2/hAGC/EXsEh9Im/VmKOHyndNCPE2yo4iITdzxKzyEuFRPC5VMAUaB77Ect565c25h6VLhKoaKY8aRZi4WhnjjzmEtzSEsFDEeFOx02I050iGVvUAE9HSe5YM5ag1Nt6FCX+fB62voMu4IQrmxfo18VOpTL0XK85hmnklME8ZtlbA==
+george.			172800	IN	NS	a0.nic.george.
+george.			172800	IN	NS	a2.nic.george.
+george.			172800	IN	NS	b0.nic.george.
+george.			172800	IN	NS	c0.nic.george.
+george.			86400	IN	DS	1759 8 2 0CAA1F5AE9C0E736030B351AB71BB351053798CE39B3B662CEEFDB956057D5FE
+george.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . IpAj/QsgFB+uuHaUaDfOGVHm9zz8pU5nLFtsahYanu3Y6CMZKYq3pRE0tWXlApcuJYltD7yM7FQnz+2Px+Ezec7DIWAQDUrRDeL+7mjJChw221VW6ZKdyX3p4tdV0mXniOh2MGGei573Bb6mqmdWMWQdPqmuOmM6GkPwXu+gZ4pfrp+skORSdnPKs7Q96NGHaJfSb+QwQlKCecGaXhQ/8MEF1NbvwTXvGN2cPeECNLI79NaIvWaoeWEWzQHOQdoZgLwiE/8T2h6GjapH2g4WUfvZVJof6qn4NLI+kcR7WYdtMUirrson9i8KCw+Lpy4L85c2kI9FB7oUpxWuyrQ9DQ==
+george.			86400	IN	NSEC	gf. NS DS RRSIG NSEC
+george.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . cqypvQ547eOrxkIZ5tFnN1ar1o8vqM0hmfkVPmAuZ4EpKoVuPySw88Q/eefswOIR5+VvaKpy0cv2yWV1mUto7CdyeBGUi/U3zUhGfE3DBJJBum47AUIWf6r93gOd7jLXVEjnTqJ/KbJlvKgedymNR1WBoSap7aD1MWt2bN4p+kdwKPvDvKitMFDGU+h19E5XiX3gQul+QbNlxn51cPE3rCPsqLTZUjSNWGbMgLZuJ0v/W6Jk/31C41e8ckZghEvnVhohMSJvlhpOb7YLdc3CLnp0mk924dbg61OcvnJbZ62K7/TMyngTgXE6WSdPlIziZWXcj/HaZkYtVOht/X9U7Q==
+a0.nic.george.		172800	IN	A	65.22.112.49
+a0.nic.george.		172800	IN	AAAA	2a01:8840:6e:0:0:0:0:49
+a2.nic.george.		172800	IN	A	65.22.115.49
+a2.nic.george.		172800	IN	AAAA	2a01:8840:71:0:0:0:0:49
+b0.nic.george.		172800	IN	A	65.22.113.49
+b0.nic.george.		172800	IN	AAAA	2a01:8840:6f:0:0:0:0:49
+c0.nic.george.		172800	IN	A	65.22.114.49
+c0.nic.george.		172800	IN	AAAA	2a01:8840:70:0:0:0:0:49
+gf.			172800	IN	NS	ns1-fr.mediaserv.net.
+gf.			172800	IN	NS	ns1-gp.mediaserv.net.
+gf.			172800	IN	NS	ns1-mq.mediaserv.net.
+gf.			86400	IN	NSEC	gg. NS RRSIG NSEC
+gf.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . ea2y5wDdzblW4puCGMkOlox4teahmJsit7+Byzvq5eZS2QjvdotSa51J6gyCdSzb2gACQpRTqv1kmAeC5CXRK63axcP4hMgKR4lnZ21i25Ei3w36NCGZrEq1uNyO8LLAQE5+50oj3nsfGGGBNKtds4TxuPhlOxPV7RcRRM4MbQZH2Q0TjH0sLTMopA+mr4N8Wcb/9jwl1hLvzMVVQFb8R00M1Qaw13fVA0igTWwqKIg7hlEvo1x2KCtFevVQ8oBgmIXejnI4BoQf4yF1CfhXGuhD0XJ5mD8ksqso3AKj2DG7RJx0PUXAn3xa/zv2akxnQebkoTaGqjdyejytQQR19Q==
+gg.			172800	IN	NS	c.ci-servers.org.
+gg.			172800	IN	NS	e.ci-servers.net.
+gg.			172800	IN	NS	dns1.nominetdns.uk.
+gg.			172800	IN	NS	dns2.nominetdns.uk.
+gg.			172800	IN	NS	dns3.nominetdns.uk.
+gg.			172800	IN	NS	dns4.nominetdns.uk.
+gg.			86400	IN	DS	4975 8 2 6B95DA44B57BF3BDFCE8E9CF6D28DF4B0FF999A374EFF7909E095AB1C7000630
+gg.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . Dbb9FFaS71wlY69qiNjdx4A6eWNs/jn/Nmm1x6Eu1Zm6jcBTbMKwTDOc6KQn3ZNcwc+OrjQAC3jdLjhz2H78klYw76F/XEdrFHzvA+HxjGt4Od6MpseI+0uAFCZCcy2qGkoyvUizhzFRZR5kIsC8ag5LGTG251rYg8K4QWF70EaT9isB+Fp7gxpxcfJKml97LVlgPQaTRbkWEcoPdoZXfgc3YgK8OZNuvA6P2SOSq0iS4+NN1Th3BtHLzANHm2J/Lo8KStocJ1mRkDkM4Op65tZ8i6SMxbu34o+mMBT/Z6gKUBd3qkY3MaG1Fp5WeCyaSyIDsUuRAliN6yPnI0S26g==
+gg.			86400	IN	NSEC	ggee. NS DS RRSIG NSEC
+gg.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . lKTuxp9Yqxx80QD6Qjz6aCW2GOK3L2tcrimyncssBPgGpS1S9wr9i3KxXtxYU+TDS2xI0eE2PCZ87QGjKSRFCKUhBvY8dr6zLB2LfgPvso/jl8NWMSj7bKbkgEtXi0/F+XGs44DdIISUnH+abaUHtD3pNd8bNFgHcg0ksRalACK+HTWqMRWjhRut41vEx604EJXXMAif4tO/gUHnftsl1xszf/EkeUe6fK9p09DWsfq4SAG7e90soHd+Th8zqmKuoMPwL35NXPXa9Msn0ZQ7HWEqPCKJ8RZVZz+I6m5rHUS1wmg1tzgvpJxVqYoCpeSYHe7vD+NJbOYX8a4aGHON8A==
+ggee.			172800	IN	NS	a.gmoregistry.net.
+ggee.			172800	IN	NS	b.gmoregistry.net.
+ggee.			172800	IN	NS	k.gmoregistry.net.
+ggee.			172800	IN	NS	l.gmoregistry.net.
+ggee.			86400	IN	DS	602 8 2 0D54D07BEBF1A6AFE76ECF6D55C48698D8F233B719009329E4465B75078479D5
+ggee.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . KyTHf6AqwfJZeul7WldaLjRYqHtwoyLF1pRSJZQhupY6LAkd0Orehsno6E1XYX3LRpHHFKmf5yB0vUr1Rpm1d/3YVVtzGgaKqLkSeqiWK7Kzw1yzAhyXVfvEK8jLZ5WO+E54IVmuDwYNvDexapNedTG1VKwpNl65/Z42jqs8Wt8B1ACjVdL07uQpdP6LO8pwjDXhspAmCN6JaNuF8y4xJle4pAYHTsp0Uey/aAOSOS+F99GgS4ZpRyLCrBJrYAS7S6PVL8BDuzCsJnwaBEUL2Kz7BHcmf3O5Qe5KI38pH0puoAnX55XBc+FAml14c1f55Q537F4TJ0jpH3NXeG7wNQ==
+ggee.			86400	IN	NSEC	gh. NS DS RRSIG NSEC
+ggee.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . AcXxK+DYz9jN1RKpnYtVQYm7ubb3Lqb+6b18QTM2yPnApBospIaYqEnwmrKIFMhB+p+JRv1iJVyDiKenBDshIkNh2ko08CEX5rnnZGLnVGOjEICMttCml3qVuPlP+j/7TnpYLm8A7imA7SzhYHXwSYTLNT0evndwY8AwTf0WyS/LGRaFk54J2OVLOrfOF74DSvIbzDWC8dbHXKpAP3XQiK6R+mWNDA0rTh9b7juwYp++lE8zqHzXYGwIltBvKqEoU0M2RpNcFVRbQeAQ/9fe2MLuYgAqR/fVnkoFOp6boAc6pypwL2WKWx7fNqKEuOTKTgs+dFNZGKcTPnQon7wYEA==
+gh.			172800	IN	NS	ns.dns.br.
+gh.			172800	IN	NS	ns1.nic.gh.
+gh.			172800	IN	NS	ns2.nic.gh.
+gh.			86400	IN	NSEC	gi. NS RRSIG NSEC
+gh.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . wTqmyl6jD71MvWLhomRMAPov0cCq5Ay4rmzEkc3pC7mk+7ZRnoYuhtuTuj41Z8XVwugOOnLypEuorRLyDZODKzjc8dajCBuMSiNU8cEwen9+Pm9eNevw6X1RwJxcq/KVeiILVzUJiFs1sK28BJ08//dOw6Od7NQ1mp5KJJucGWlbklnK8Gct7pv+GFUnuuteK6XX+uuZ+PBwCrHBGo8AbytiUY5QzSHzUtYL/dNuKuo+bIeJwaCcp18HzUtHO/XdU9G/NByJG9oqnE+/4lf6E9yGFJ0AOdKaF8SZqVxPva4lzVIA8JZFLE8zlhmdX7hp/4EOwLI0k03K+lIbhWs2oA==
+ns1.nic.gh.		172800	IN	A	197.253.95.251
+ns2.nic.gh.		172800	IN	A	197.253.127.251
+gi.			172800	IN	NS	a0.cctld.afilias-nst.info.
+gi.			172800	IN	NS	a2.cctld.afilias-nst.info.
+gi.			172800	IN	NS	b0.cctld.afilias-nst.org.
+gi.			172800	IN	NS	b2.cctld.afilias-nst.org.
+gi.			172800	IN	NS	c0.cctld.afilias-nst.info.
+gi.			172800	IN	NS	d0.cctld.afilias-nst.org.
+gi.			86400	IN	DS	33934 8 2 3DB5809DE2E1052B00E010F54B404BD59CB5CBA0C8306E1799623BDA45A1CFB7
+gi.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . quMxjU3HIM1cfx1MZF1PoPhJeX9uBaLLWCWPxwkVr+bz/1p1wIBPhZAfbc/A8mVmJXgWQFXUG/1ZJ/INrQqalLKzd0IF3ljX5kpaPmIe5DA/3x0dFfcDI+8YGpbvztdQKTSHb1F7rkzQZV/DsmvLsAWbEkqtLF5V6ZxWXOPzKJu2wLr/zgpqtupP1Qt8/yClLSdUWN2l3qYDQ2uQ+IMG/OVj7Qlu4Nkon2cx04I4TtXj3HAlh8OjvK/KiLN8UMfNcU7SF/iGKZQDlYU4LdnbSm5oQrg8zaKrIVgjk4brtcPfADouMU2n2HiumPRq2K1t2H/NtZyQZiB6AIyeEmck/Q==
+gi.			86400	IN	NSEC	gift. NS DS RRSIG NSEC
+gi.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . khnTSk4VGZPIjrB0z+fyWJwybIThbnSkPA+gF5196cO0tbEHLVmkdM4f52o5DVSHGPsrB3RR87lVfW6nmgefcmm07sxyFSO3JWbYeotUwYUDsBqsqGX5xflb1mbiDf0gQS0mQrTzobzrJWQguiBEMW4Ek9xmCwZnuAHU/rkdjx8rqDGBOOYvnpe499Qs/woJv6vKj8YHnFraJMLdxFyueG3AJAumEcs9hxP4CamFVKbJGJE+891nJZ5c3HpHX1vd9df37h0hc62hMQQlTTTa2qgrM6/agy/5cOweyDqnjTEQWXv5uKESnBMIldcc8K/F5G9TBpuVD+bfjvwlAKlbUA==
+gift.			172800	IN	NS	ns1.uniregistry.net.
+gift.			172800	IN	NS	ns2.uniregistry.info.
+gift.			172800	IN	NS	ns3.uniregistry.net.
+gift.			172800	IN	NS	ns4.uniregistry.info.
+gift.			86400	IN	DS	45508 13 2 EEA1DC9AE9E1BD91256962BFB0D639C8DF881E8C56981B667FFFC27DAF293A6B
+gift.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . CWKcAbWdRyOorI7nd0supjA2EUUnuk+dff1Bx73dT0Aq2gtuKbrkrzODG1GIjzIRUUMgPuT8qXw+GQD68IkQWZ8hiU1pM12/3O2gaqKNDcbNGJ4jzJPPw1k7EXLmU8J1yp2IpVq7/7fHC54Ml87yB8Zz7+rYH6dZ/wOXxHnVGGdDb8FoMvff7zgt35cGdumLyLyIj/DCNKsGSjge0p12JMNqnif6v/XXR4mePqvxnPoe7W+AxVfKRiYFe0NAXO+u+6N3tFDePcuQa6xL7g2ZZOB7raIdQJOh+Td1rbzCsGmG7Os7L97mCJB5GAomN5jZ+mu6Z8wPHh73A+gyyFASTw==
+gift.			86400	IN	NSEC	gifts. NS DS RRSIG NSEC
+gift.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . jimUtqcdEAUbq23vwfI0oQoCG7z2H2ZpEEP8xVwbmjr20ZX3faYwQhJDV+hgfStzR4o0AUpwgdSI8N26cybzinKmJ3HM/Ir9U13pyASDHZ1OEsKHmCE6pZu3d2obxBlEKRBt1+UUUYcDndXnJ5ijLPY1SKZ+QQaSWvt/ldS/IMhalPZOIdQiIW88IWwncSab+HgKOFyVC518a03aAG2u96mhwRelJJPbnV3Ekc7u6YFWvs9dyF7U7o/0WkYrHr1GFuvRuqF0hq0jtlisnuUTG5TiIHun/D9GGa37TNJUI34i15rnRAjgLakvT0jVGg5oMPyOBPYCttKpBMh3lsR40A==
+gifts.			172800	IN	NS	v0n0.nic.gifts.
+gifts.			172800	IN	NS	v0n1.nic.gifts.
+gifts.			172800	IN	NS	v0n2.nic.gifts.
+gifts.			172800	IN	NS	v0n3.nic.gifts.
+gifts.			172800	IN	NS	v2n0.nic.gifts.
+gifts.			172800	IN	NS	v2n1.nic.gifts.
+gifts.			86400	IN	DS	32917 8 2 49D3ABCFB00907EB5EDF64455814D09EC2EFA8D8959B1DAA949C71A1D47E3DE2
+gifts.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . MK97/xXx/nWSHzCvmlnPK5W5a1K3r1Q8su7/X1N+XL1k1Le6KGIhZGevpExiijLjPmeAui+I1EeskYy3J4Th+lz7D/pZtDlBJGMgxtmFhUz8GtqvzU7sLrOm4vLRSqkJBXrKdoDS+xtnO5AHyK/ezNbCnteGzrb+5pP1+ZtfjIWXFCTZJ8+WTr57r1ZQytS6Z6yUd9Iq+d5BmyHG9jtKZn5J9fH5WG0DYH7nH7iFTOEBs46tKFC2/cC8EhBkBIenYYh2VLCdc+VbxMNAZ9mHSZvRW0g6wvSj51TLGl693Hn6UJyMtAHUivRx3PtAwN7EzS2R5R56WuGPauSdc1ofLQ==
+gifts.			86400	IN	NSEC	gives. NS DS RRSIG NSEC
+gifts.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . S4DN6/G+6YODwb+sYnNF94dFfsCWWnc7swVXGcBbZiFq1h+071IhoT/M/w92NT41NJZ5D9/SKk6ruMAuYPHOMLvI+XzhfrGWFeC4eI4zMifC1MxbIc0AYMbh8yRd0XqgLwJlfo9PChLOYJLnRhTJabIlZ/C2Yade1XCAvLpMxvEL7t1QWWJh5fZ2OTfaTmnS4HXSwqB+43RULpMu1FSaRzUJ1Gp2bnnH4cTijt5Ex79gj0zPake9ISDuNz2WrnXD+QSfeh1wDhoLlP7zpIwGFTYv1yD2LIYQHvGojYdInTDRFE2wb7IVkrYI77Rt3Mkvi0RSuS4HV6g/5ZDI2LzuBg==
+v0n0.nic.gifts.		172800	IN	A	65.22.32.23
+v0n0.nic.gifts.		172800	IN	AAAA	2a01:8840:22:0:0:0:0:23
+v0n1.nic.gifts.		172800	IN	A	65.22.33.23
+v0n1.nic.gifts.		172800	IN	AAAA	2a01:8840:23:0:0:0:0:23
+v0n2.nic.gifts.		172800	IN	A	65.22.34.23
+v0n2.nic.gifts.		172800	IN	AAAA	2a01:8840:24:0:0:0:0:23
+v0n3.nic.gifts.		172800	IN	A	161.232.16.23
+v0n3.nic.gifts.		172800	IN	AAAA	2a01:8840:fa:0:0:0:0:23
+v2n0.nic.gifts.		172800	IN	A	65.22.35.23
+v2n0.nic.gifts.		172800	IN	AAAA	2a01:8840:25:0:0:0:0:23
+v2n1.nic.gifts.		172800	IN	A	161.232.17.23
+v2n1.nic.gifts.		172800	IN	AAAA	2a01:8840:fb:0:0:0:0:23
+gives.			172800	IN	NS	v0n0.nic.gives.
+gives.			172800	IN	NS	v0n1.nic.gives.
+gives.			172800	IN	NS	v0n2.nic.gives.
+gives.			172800	IN	NS	v0n3.nic.gives.
+gives.			172800	IN	NS	v2n0.nic.gives.
+gives.			172800	IN	NS	v2n1.nic.gives.
+gives.			86400	IN	DS	51526 8 2 D1DD06D869102253FE38E8F665571B0F10A7F2C24AD4A92C10C47503919A6E1D
+gives.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . WIvYAX6nrSGpKUZEk60EHC8BlT/ZatCt6OHVeBrxq5oPlIGhxj8871iK966ILSJPOgozeIRNJ3NLjfFCwXjuadoxn/2bg9v1jnCHA8wlHOZ5DYJAHACcDOjr/Z1pBP3fnwgSnUY77Zz0hr2yM51WDxAMQ7CCfv63nNWfqV5yDcH2CCHvmdQsp4tx62lV0+M4vszpjn+o68KSUXgFRoOxHINgvT9BuTMotapsd6Ie0EHvAStOxKQUuAJHhp2wTtnVgZA/luvH/bSqw0LxDaNFP5LISHjQwOxP37gqaOmubNTvGNIWKvF2lRSsmadF1QYXbZp7MiTBv421N+Q08siVgg==
+gives.			86400	IN	NSEC	giving. NS DS RRSIG NSEC
+gives.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . e0fgMtjHHj0NBRB3PRJ4i28ZIv8gbut7YICcQSme5Ojc5CFucUfNZP806Xax1ZDHSKDtZ5j+fHPADkOdhiLNi1F2L2gs+QX6xnKFbrfgTuLWAualWz1Mds3FZhKTijx3eirnc1M18q0zr69sEdrCWBnE3KWUPVta9DR6pYfApuT4BDUDv2Y8k3oZgSSmm1BWAhoQ0kuKhHHQGW5vX8L5aiADFYaGwPW/toKi+aWpkUT9ZsJnhy5nU7QDqYQWLiQJLmI9ZzZJPOSWLSsP+GTLQuj88QFwgeriilyYVAm6dpuNpMyKSn+IezSW8X4khQrxnvw+54vT1TYhcKgLjK63hA==
+v0n0.nic.gives.		172800	IN	A	65.22.32.61
+v0n0.nic.gives.		172800	IN	AAAA	2a01:8840:22:0:0:0:0:61
+v0n1.nic.gives.		172800	IN	A	65.22.33.61
+v0n1.nic.gives.		172800	IN	AAAA	2a01:8840:23:0:0:0:0:61
+v0n2.nic.gives.		172800	IN	A	65.22.34.61
+v0n2.nic.gives.		172800	IN	AAAA	2a01:8840:24:0:0:0:0:61
+v0n3.nic.gives.		172800	IN	A	161.232.16.61
+v0n3.nic.gives.		172800	IN	AAAA	2a01:8840:fa:0:0:0:0:61
+v2n0.nic.gives.		172800	IN	A	65.22.35.61
+v2n0.nic.gives.		172800	IN	AAAA	2a01:8840:25:0:0:0:0:61
+v2n1.nic.gives.		172800	IN	A	161.232.17.61
+v2n1.nic.gives.		172800	IN	AAAA	2a01:8840:fb:0:0:0:0:61
+giving.			172800	IN	NS	a0.nic.giving.
+giving.			172800	IN	NS	a2.nic.giving.
+giving.			172800	IN	NS	b0.nic.giving.
+giving.			172800	IN	NS	b2.nic.giving.
+giving.			172800	IN	NS	c0.nic.giving.
+giving.			172800	IN	NS	d0.nic.giving.
+giving.			86400	IN	DS	42049 8 2 51655C1EDBA06B3C2329578ADE539D446169F70F06ADFD536C0EF7B315506A1F
+giving.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . L50oJDbBK33Ijj3qWu12yYCjClyI+Rh1I9JjxQsann+9dTcmfpM/OH7/fb9KptAe0xLekksHlgoidLrJx+QuivdrlmofHrfv3L5Oip6reJCFGsv3+apgD27VJlIg+SpQXFBhC76FWbTNeGh/VSpRvblMdla91zVouoUOLk7NM6vm216M4H90grsu4FNDv3cxxiw64L5a9K1dZrNm8W54YO/XEvfvN2/BYRJRVb8GtdhkFftAA7yudMrCssvqvUz4a731kHPj4JkexwU+mKupVayuE2K/8flsS/o9Xme+BcnmLxQN/c9ttvhxNPcc3yMn/cCJqipfYt0HeLABLO/VBg==
+giving.			86400	IN	NSEC	gl. NS DS RRSIG NSEC
+giving.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . DJ13vUiUQkMz9zquO21yY+ZUh1fIb+AIruIRwMXeqzlBW7jtdY33KYTJFcCxFB4HYcSvbyzxsSeKXNmLCauC6eJCJlJwve0ru4bTRUX+QODQRNWD9xJ2irebcaD+6xvV6TrkakfQojg/ilz0Jkv3wJty3Q3hvq79EsoJMB31tG5hMD6HeKfnHFugZvr/9XqNCje60hjrUXb/+zLsTSyW9jU15HS7Q2SSBrqXhSY5s5y/8rx0Qp7a/IrYgdqR721PLWMlZDvkPcC0bXzAMdsIh8iYbC+v3kkfBNMcgygCwmpBAijMiwGBe9pLCFe1iHaO+wZqVvunUwr7s67wuYFNLg==
+a0.nic.giving.		172800	IN	A	199.19.56.1
+a0.nic.giving.		172800	IN	AAAA	2001:500:e:0:0:0:0:1
+a2.nic.giving.		172800	IN	A	199.249.112.1
+a2.nic.giving.		172800	IN	AAAA	2001:500:40:0:0:0:0:1
+b0.nic.giving.		172800	IN	A	199.19.54.1
+b0.nic.giving.		172800	IN	AAAA	2001:500:c:0:0:0:0:1
+b2.nic.giving.		172800	IN	A	199.249.120.1
+b2.nic.giving.		172800	IN	AAAA	2001:500:48:0:0:0:0:1
+c0.nic.giving.		172800	IN	A	199.19.53.1
+c0.nic.giving.		172800	IN	AAAA	2001:500:b:0:0:0:0:1
+d0.nic.giving.		172800	IN	A	199.19.57.1
+d0.nic.giving.		172800	IN	AAAA	2001:500:f:0:0:0:0:1
+gl.			172800	IN	NS	d.nic.gl.
+gl.			172800	IN	NS	ns1.anycastdns.cz.
+gl.			172800	IN	NS	ns2.anycastdns.cz.
+gl.			86400	IN	DS	11560 8 2 3D44DF84C78A82E0E9824440F3E82B402551341DBFF3BCE72CD786435D15F1AA
+gl.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . MsaqIM9CwHUSuauRJ8/jPPDz4VZe9WubT7DpYJ6L0FDMK9jVMGncIk3dzUltyHrxdWAmCaN+8clY8Wo3K9L1vbFcXw/3rX12HmdZjDlEuNvnFSHGDhe12RTO+7NtQ0bYPkBOiCYeFrEjE7O32iGFAH7rOpOHa2XaYCZ7b5n3xXrSk5Oop6WDxIrUlyMpNQre0bPVz7bchT2kaqBjkMDarThKM72SGlyz8bMOt4sT7hXVv8APhqI0MUMzCu2/5hwojxqqFOHahuPr2PfhjrYXNSgygAO5vWP9aanbDEl0Qu/Vtk9Q1JatWc27U//EMCEZHeEJw/lAEbmshR41mE3l+g==
+gl.			86400	IN	NSEC	glass. NS DS RRSIG NSEC
+gl.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . DYSHEtEFqcaE9MZiAWCARIoJTyOvOimue6N2YUjWUqCqD1cZC/jcZr/nHLpwM6rPsIJoE5ZuXxyxaob2YHsIxQaY6cjrOkACS3jOhWogGezOtTPL5h8ce4ctQCr9Dm1iWfj/fsj+Ln7kxqAcJAU9l4HZx6aYcOsk9iOd+AgfeMnYroWqPeKrA3GJFwvvstiMrqj5NTsluZDh4a/dKNOnZzXV29DRB+o24vf1igy4zMTCQicFpI/cu79Tj0xvcD+8A0s6ciWU/JOHVMjlTmWR/sBetTQs4bnDwJTBGvPvi/Mym9CMTNTzK9XdsSoUndQqk0a5k5Jdlp8pBPVojR/YEA==
+d.nic.gl.		172800	IN	A	204.61.216.49
+d.nic.gl.		172800	IN	AAAA	2001:500:14:6049:ad:0:0:1
+glass.			172800	IN	NS	v0n0.nic.glass.
+glass.			172800	IN	NS	v0n1.nic.glass.
+glass.			172800	IN	NS	v0n2.nic.glass.
+glass.			172800	IN	NS	v0n3.nic.glass.
+glass.			172800	IN	NS	v2n0.nic.glass.
+glass.			172800	IN	NS	v2n1.nic.glass.
+glass.			86400	IN	DS	47641 8 2 BA130708530E9F108ACA4B16217084E861F151B4069E567C6E85193A457B219E
+glass.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . c2cu+Xc2UCbEhg7SJCYXCDlIvyTy/hs5idp1LgwupzUlMH/ZJSwMLCwi91+sPsDN5sPtBtZm5Bj2k7DB3DcXcyB4Bk9vZlO8NxGWvejex0kdhAIW3IP8lSMUpwZjPsRT7BO7sH3+0N3kb1IIah0/q81nEi1S7V3PxlSMsSEp3fHLnLZeV4oOSpPeoKm4Dt+MF+FwSS6YAfqbVpWmVde8Trtveykja4AoQGZx1XRQW1w8llNE0QaMtgnVqMynsSouUbIyJyd1FCsKQ21wYc8nUUg62+o4meCnFiKsU1g3M533iR7wlTQ7TXkbQyG6g0GT63LXrI4tdXXL/8t8GL1XGw==
+glass.			86400	IN	NSEC	gle. NS DS RRSIG NSEC
+glass.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . O8/gb/gGSlRLx0V/WLQU1zRU//BsVTWldrNXfqPQDxjxg4XYkc7bwf58bA9hz0TbodW3XdkRa0LNMHEZ4KyVbUmNXo08yXkKDVVqcYrSZsKEgYiykpjb4faSx8Ltm8TqdY6n6eVTn636QA+05y8ofQvVwkpDNF+ZhSCCCTj/RZqfDCkJGcqazDM3e1GVcigMmU0WayweBjpDzHpFVxZN647WiJz+XUBEZlP7UtCJXYt/B0wJ7QtBmBoYvdD5/Ddp3fdkQauxJ42xZNdQ1iz2dL3bkfZQgSZPYG8jh3r1i6iZ41HkhSYy6/G0ln52YJHKxJ1V8RHqrJyYkl713Z/ZWg==
+v0n0.nic.glass.		172800	IN	A	65.22.24.57
+v0n0.nic.glass.		172800	IN	AAAA	2a01:8840:1a:0:0:0:0:57
+v0n1.nic.glass.		172800	IN	A	65.22.25.57
+v0n1.nic.glass.		172800	IN	AAAA	2a01:8840:1b:0:0:0:0:57
+v0n2.nic.glass.		172800	IN	A	65.22.26.57
+v0n2.nic.glass.		172800	IN	AAAA	2a01:8840:1c:0:0:0:0:57
+v0n3.nic.glass.		172800	IN	A	161.232.12.57
+v0n3.nic.glass.		172800	IN	AAAA	2a01:8840:f6:0:0:0:0:57
+v2n0.nic.glass.		172800	IN	A	65.22.27.57
+v2n0.nic.glass.		172800	IN	AAAA	2a01:8840:1d:0:0:0:0:57
+v2n1.nic.glass.		172800	IN	A	161.232.13.57
+v2n1.nic.glass.		172800	IN	AAAA	2a01:8840:f7:0:0:0:0:57
+gle.			172800	IN	NS	ns-tld1.charlestonroadregistry.com.
+gle.			172800	IN	NS	ns-tld2.charlestonroadregistry.com.
+gle.			172800	IN	NS	ns-tld3.charlestonroadregistry.com.
+gle.			172800	IN	NS	ns-tld4.charlestonroadregistry.com.
+gle.			172800	IN	NS	ns-tld5.charlestonroadregistry.com.
+gle.			86400	IN	DS	35609 8 2 254367C4FA9FAE6E0675EE721943C4CD97371553C9669E4BC424B00CFF86E6AA
+gle.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . LNWJg4Kv0GI3zTJA7A/0mnn8zw6L9N3HEBbQ8c/LII3UAT6+WBD0DYb3srqSrK5a6gnS9D2AllQ9ry5aVQ7/TBP3foMWevokFj+2z1++DZBKngXDCb01eS51+SSoN3A7FBylmiIHUgkGSiSQSgonGzt7cWARne8YhINRpzPg918J6C4Zw0NaSlskn9DAaE3qJCokJKCaVMnDBXqraiSJaaU85PNRWYCcQMy5OFnz15ycGFDMilhj5yHHuS4edQuUria77cE1S/ajBRhxd98opR/hpnlPlW5roQGSIz/XlXDTlO1qKsG2sqqHXDpl2uc2l2e2LHWWGdRq+WTTXKLtFg==
+gle.			86400	IN	NSEC	global. NS DS RRSIG NSEC
+gle.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . BjkzsmcxlRU303FTqwxZv43AyuXZwQ3Z670z0pzzMF46PULb1L+hfZf3r2oVqztCtWQE4RUTRnNJIeMIOGNhNHt5rZ5xFFEtzHB0D5oKlJQGcrs/jJr51T6bHzHGKphsVlYJL2nKgWZCKxqAFY6OLff94KjULSnrM1/jUTtJ4ITGrnXrN54ULCtHepM3gnuQK3WJTTsv3f2WwTWprpdaqQtE6Y+R+8dDMKsM3j+zaWNLypksh1OKCxRosTm9oXQSqW5+SBOZktAs4z8itcdh8REkwUVYWMncCKZlxdBeZ5Q9GInWnJM2rscxjZkdXL+CKUJGtXy2UMl8mPDgHvXHmQ==
+global.			172800	IN	NS	a0.nic.global.
+global.			172800	IN	NS	a2.nic.global.
+global.			172800	IN	NS	b0.nic.global.
+global.			172800	IN	NS	c0.nic.global.
+global.			86400	IN	DS	13060 8 2 5DD90E21BA23D0192E7F7148F56F7C20FE52B02074AC4BAF8E611F1E6C7B878B
+global.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . NttPF1NBiwfU36/zS+eaNGuL4vo1HPDZiSLDopW6I0a0ek0PCc+WasIr+Pk+6u9wGjr6VLBPgQnIFx+wvkG3FRDQEvQWU1BOEekCZQB7ngxVhpNJDV1k7Lzx8WGDn29B7gifuSs06ucSgIldxmj0qtqMqQy2sq5DgrsmwDrxzrNkBJothih6cfkI39RRNWHQw6fnk7zrRPmDKEJNDbDZRpmLRnP7oXTrkgfSJpr0SvFxXuwzylkNSmNup3eRsNJtlTFdPkduIr81QuhzBnvOfSZJfAQnyxb8gT+oq/K6fPx0E+efz2nB9RoyqZIOkDI/RtLgfG01abeuFirVirH83w==
+global.			86400	IN	NSEC	globo. NS DS RRSIG NSEC
+global.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . b1x5jvhiVPi8EjDrD8NRpOTbNIDLOkOhoVGvlm/UXP46/ZoLBDiwmDD3Jc/9KcPLY6Eu5iaXSmkUQFnDtBHXNvnvY/UWi4S1tTR1zWC1+tvgx1AVr/8Msr/JDEe1lIXR3uiLV12Gl/tNgPvC5meaRsPdApqdBznASCsJP4EylxKjEbc4/2sGHLuzo0Ss+WaKPiSmUJ3ZdvTMXdqsQqCuQ0dGGb1IA7/3y1O+NWaT/Q4fkShbkH5N+4mKiHtq+eEXFp0EY4p6bUDoTrmA1LH68SGyAlO7eppZ0m/wtqvnu3/3jfz8ZrkSkqf/VNwLs7RFBEkV5J/+v4YMog57XOSGLg==
+a0.nic.global.		172800	IN	A	65.22.80.1
+a0.nic.global.		172800	IN	AAAA	2a01:8840:4e:0:0:0:0:1
+a2.nic.global.		172800	IN	A	65.22.83.1
+a2.nic.global.		172800	IN	AAAA	2a01:8840:51:0:0:0:0:1
+b0.nic.global.		172800	IN	A	65.22.81.1
+b0.nic.global.		172800	IN	AAAA	2a01:8840:4f:0:0:0:0:1
+c0.nic.global.		172800	IN	A	65.22.82.1
+c0.nic.global.		172800	IN	AAAA	2a01:8840:50:0:0:0:0:1
+globo.			172800	IN	NS	a.dns.br.
+globo.			172800	IN	NS	b.dns.br.
+globo.			172800	IN	NS	c.dns.br.
+globo.			172800	IN	NS	d.dns.br.
+globo.			172800	IN	NS	e.dns.br.
+globo.			172800	IN	NS	f.dns.br.
+globo.			86400	IN	DS	2471 13 2 47016576766A31841F591B328D8EA0ED33C9F057740D1A625C57A746EB67CD98
+globo.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . BeErFAfk4xQowNJlxAx5Y0aUlmY7Y241+xL8AlERsjQHKFzsI4PilEIzm7hb5DKTZbDjbC8r4hsdVNHrOgzyMKWNa8zIc9kX+ePLhpV7RZN2okQ1hLFNEc3SNO6WXQZ6NxXmygh0c+wHnacK7/21vDWalqBlt3Hi4bDHyIwRCiZ8Pnkkr9x9cWq/qODmFkfy/9bLvix0v60zR8ppguqIS3e/YIjHeh82+6HcsdXz1/EW2p7+t5OFtOpSX03BfVBQdBxtvUUyxxbzYR7FM/GQuwyNMxu8zHdCZNKmMAzAcqrGG42GZBuP4+P3BinZw3TOBSwBSxAQbgg0e2j395dBlQ==
+globo.			86400	IN	NSEC	gm. NS DS RRSIG NSEC
+globo.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . hMCCHaCZXRzRKgpM9EOMin+zxAllDmYNyN9hNm4YNzjnt7otcSVshJGACMpQdHaAafsWO5l9xr/f3BujTe12Otd320Pzc3qQHHbgOrA/8zuQkvoSBVCynfPq5t+VMa/fT9uIkGAiHG1+gPm5HtC6rN7bch3E6wqUTJqLhc2F3t56vdQYAnimfMTNP+U0PM/JGZ4jdROUqe9fJfQ3W7Jg7es/xBHN2VmoaF9AQwjYsIBS5CcF/DPLdvbZwKub5APgcUwFMtf5hdfbGMBdeFt27ZSIehaxA/5em9raR2m/tcjiFTTm8hPUxxLervGB9Ok4WvBMVjZSFy34dSfWX7nf0w==
+gm.			172800	IN	NS	ns1.nic.gm.
+gm.			172800	IN	NS	ns2.nic.gm.
+gm.			172800	IN	NS	ns-gm.afrinic.net.
+gm.			86400	IN	NSEC	gmail. NS RRSIG NSEC
+gm.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . g90t35wF12kjp8jtHAPgDFTAdhcn4Z211hdTsjhUriizN7MiDWQc/YrvrVMUne7Qg6erBJBmwkcrqqeiMhwFsPSPJGxkSrgZNvufG8/S3xpTYt3gFLCJEc+W6HVO8cvLsMUJV9ISlVHy946cpQnUTtLFZvIX818cZxUPWKdaGewycE0+b8QpOh6aIi3YKNtfXB3GADNF/+WwDTZtygYBnegxV7XAsbmtEq6d4KX4sleSfyGASUPUQySXkT01LDu7rZbUV8A2yQNJSRh4om2Ia8n5i3dUuNS2XdUY2hKY+UfgwHESGys1RiTf0+gw+reRxhaqumlfZLU+4O6J/o/yRQ==
+ns1.nic.gm.		172800	IN	A	194.63.250.217
+ns2.nic.gm.		172800	IN	A	196.49.1.87
+gmail.			172800	IN	NS	ns-tld1.charlestonroadregistry.com.
+gmail.			172800	IN	NS	ns-tld2.charlestonroadregistry.com.
+gmail.			172800	IN	NS	ns-tld3.charlestonroadregistry.com.
+gmail.			172800	IN	NS	ns-tld4.charlestonroadregistry.com.
+gmail.			172800	IN	NS	ns-tld5.charlestonroadregistry.com.
+gmail.			86400	IN	DS	39661 8 2 BFFD3D45856E1CB03607F334362CE795E0C8F9F75B7010357699C72FF2DCE648
+gmail.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . Y16AxjIEakrL0gWfyZYhoqliMmYWrIlSAx95H0JO/z0QeLyPbek/eGHX/voVUx7iykQLOGhsPZbpV88LCv9sSzpjK2LIQ0Cr429G2CQkkMsN4ZJE0g+dD5BKbS2BnGx7Klt+ss9bgyjtbTyyMGJFQaiFakqD4qZ+ZKhg8Iv6uoXZzohN9yG1LIrg+ER/2rW1i46YA27bGaoT9HPzgjYrtxQzkuZ4BQaYoDKDG7pFYkHze+G2bvL3NnqSakcHWqUNW2I0MItYJHmxpz57qIhOTln6H8w4Pt1rBnjpkMm/PEt4JqiiwtLupNJ3nwvU/T+GYHz23PwGwbTXqxjVMMAv1g==
+gmail.			86400	IN	NSEC	gmbh. NS DS RRSIG NSEC
+gmail.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . UiQoRrAikWhdfq1AQ4C5MIPyiUkDG5bP319G6XYTXJpS3cEy5CrbWi/PUJ6SV6oe8PHUq/p8kfmwOa2WcDpMf691lzG6FSpJgD8nzAqpBVWt8vUeRs6SFag6x+QnDcH5H9hEd2EjdNhmUhCpbVD6mIC+7aGgDqq8ydhsZs71JlmZ8cr/34g823V9/w3Ako+OHTRdsy8OR1LpLLAac76QVgpXzO+avIY2FtNiYKzzE7EucMW7Ydw8HJayvNVCDW5p/WVuZLTcWcAXDo/F3A9f9W8z6H1WaAlO2s1ywEBjfVjeB5l12ayj/GhtZBv5qUGmLqJ5jCB02Llnzpa1NEIlLQ==
+gmbh.			172800	IN	NS	v0n0.nic.gmbh.
+gmbh.			172800	IN	NS	v0n1.nic.gmbh.
+gmbh.			172800	IN	NS	v0n2.nic.gmbh.
+gmbh.			172800	IN	NS	v0n3.nic.gmbh.
+gmbh.			172800	IN	NS	v2n0.nic.gmbh.
+gmbh.			172800	IN	NS	v2n1.nic.gmbh.
+gmbh.			86400	IN	DS	50959 8 2 AED172F485DBDEF89FCCCA14B29463F53AFFC646105FE7C5FFCCFBB43DC116F4
+gmbh.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . V6qaR9ZNNKa5sgTTs8ZSbMm823RGG6HWxRaKmOrcotrKQgTKjQMrvSRQ4C2Hs7rBBgEvKByBZU7bkJbDN6EJ842WaS+3E8GkgU6Pv2oyFBPdNCm33AeDbOWIqIGbjMshuSrXTcu+0gj0nEep41R6fmYHHd8aOtlAk2pf9kekeMfJL5e50DBUjZvlTiIOd3ixM8qc55tdpKhQTUpJK4TIXZUWfvPM2yMBpMiGqHDApiQsb0VZnjnLTzx08RbV+5d/FR/JNL3fYRKr9u6dM5erw23Y19T0jde5l/ij0ccCxwYXI32CPVzRzPcgC1FJ8Qfhdurz+pNtBi8yGMxaBxgCqQ==
+gmbh.			86400	IN	NSEC	gmo. NS DS RRSIG NSEC
+gmbh.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . WpxIUnXb3sU+uUBkqEdQyAxyP4uRyI3wWoBrzFSxWa7ht8CvCcH7LLDmtLMDOcchcrhkkxIaAxRnhuqP1Js9qZXBMDGwu6APSztWOc0hlCX83Hq7JF/i211A06cBa4UnkNFAasdNQR5WbxX40UwIAYbmmZqL842Dzt8GupqfmMN66jQvzO4JrSfPwC8w0MHXM8uo4HyzymPXSvlWmb0keyfD9HPOxebnMW2O0c+5M5Pzvt7xy4Rq9iUuxpspXwMKhGzMAS3GXldtuw0IbdEaVFN/64CD10Cb9t7SfX/7jejrmkegVD0doyEgxoxKjEKAD/bimylGUIgTvhXM58ntsg==
+v0n0.nic.gmbh.		172800	IN	A	65.22.32.7
+v0n0.nic.gmbh.		172800	IN	AAAA	2a01:8840:22:0:0:0:0:7
+v0n1.nic.gmbh.		172800	IN	A	65.22.33.7
+v0n1.nic.gmbh.		172800	IN	AAAA	2a01:8840:23:0:0:0:0:7
+v0n2.nic.gmbh.		172800	IN	A	65.22.34.7
+v0n2.nic.gmbh.		172800	IN	AAAA	2a01:8840:24:0:0:0:0:7
+v0n3.nic.gmbh.		172800	IN	A	161.232.16.7
+v0n3.nic.gmbh.		172800	IN	AAAA	2a01:8840:fa:0:0:0:0:7
+v2n0.nic.gmbh.		172800	IN	A	65.22.35.7
+v2n0.nic.gmbh.		172800	IN	AAAA	2a01:8840:25:0:0:0:0:7
+v2n1.nic.gmbh.		172800	IN	A	161.232.17.7
+v2n1.nic.gmbh.		172800	IN	AAAA	2a01:8840:fb:0:0:0:0:7
+gmo.			172800	IN	NS	a.gmoregistry.net.
+gmo.			172800	IN	NS	b.gmoregistry.net.
+gmo.			172800	IN	NS	k.gmoregistry.net.
+gmo.			172800	IN	NS	l.gmoregistry.net.
+gmo.			86400	IN	DS	44245 8 2 A4CD5D4FC4B18DC7162E94A9F9AC801AD4E67A5DB3048691BEE28E4F2CC7666B
+gmo.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . FmrRgyIFCqWgJQxbtZ6CqOm0/btdNP44x9EwWvrFrwyKE7kPZqlOf1dJ/OXFdto9vF8PceK282fcG4hiu6VRoPtyd2VBHO8e9k3aRVHnGR7ZnhebkoVIjyfoVrj/wo/lIvSQo5YOZ9d4tiwBflOjmaQJ6dSXAQLTf3l0/RI8eBnX5bj3hKeFh0nB8cnLzTiVKUWK4ivMWGwD8rHPzoI7uFtfLVaGKvo/RrlGxpLx04/T/Hfsq+Tr9vC8irEiyiuz5tT+pVD0eHrRMaY80cGQVpFSaQ5bOWScITC8CrYTRa6ie5uAXoSdfSrDzMRrLfjHW0dTw8InoCPIOi4oH6APvQ==
+gmo.			86400	IN	NSEC	gmx. NS DS RRSIG NSEC
+gmo.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . NTY75LSINP/pn+DDdAJ9/EtOl/ErA8fCI/MeFtCZBP+HMlafMWHdOlKoLmaVCmnrambJgWhEo+35HQ9db2sLkHIUpN5UMSf0RFbxdXZBU0HhE9lruX8DP/5rOnfoFA/nuI6z0MOjs//5ad6OZFrzEOQoQaa8/44VfuS/jkz222ed4unEIez7YmRQSXgGAsqI38Ukw7009mkczehTMXMeqmsrQDKwwvA41R/qt8AtWIUkGQH6dpEfsOJGQud9BF9DvfxvKu3+818Gt4phOqL9FrdMCJrga3NOzLSB3AoorMJhYyF8mc3ilBxMgLSmw0gw+vu8YW9JfiQfY4bwWXz11g==
+gmx.			172800	IN	NS	anycast9.irondns.net.
+gmx.			172800	IN	NS	anycast10.irondns.net.
+gmx.			172800	IN	NS	anycast23.irondns.net.
+gmx.			172800	IN	NS	anycast24.irondns.net.
+gmx.			86400	IN	DS	49537 10 2 EE15CF33C2E02F308291960DF44A5A87E16C0535E34178528780A9A4F28A736F
+gmx.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . YdxfVR7MdurcmewGsN4SsixNS4wzzQTrmgcgeb6d3sWyiPD/T7K47CluYFlQkl4zHwPWx8G6uRrJbkhwbbUyXy2lyddn5SbJg4BnyWJGnKd6Acc0crITDUkFVwb8M4hVhh/TD3VaZ51m0M7rvhUOA/4szhE67pFeOo+oVsxLzlgZBcgRSZjG3OY97VDv78cklanfbA3T9JC0JIsazZBLUYDoadNYhWrV9vCx9plp4zJACJ518bMMsDj/S1x00j9GbGhGdSxqlwOKmIt1r11GvghGhOLINjGOpUyUXM7dLWVb5Pxus4tdHAKGdPar1Q6Yi1/dcTc//GipMl41SV4zjQ==
+gmx.			86400	IN	NSEC	gn. NS DS RRSIG NSEC
+gmx.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . sd0TEisdGPLLyqmx8VSe1CV2RsbJmG7iLGcttUkiDueYP6UrLVMvTKxpIhGj93yBRcwHC9w6AK0fEnwkVUrqSaww51RwvWCNNWhUNz0nrcfJkBz6qfj/NISk0URAPhnV6V3/03ikBjxc14wbLS9u3gXPYfQG9zuHCUc/AnZGfXGFoJ/4j45/ux9CVJqztsbPxtdVWW6JZLc63Xk5F9FySMZsH5R4UTH3gK4CDMzyFMkuEGjzGiWu3iHjnqmrwys18LF5CFUeEGMMgXNxzaAHd5Wz0X1sPF1OyRvbv44zmTMksFYigMHo3yD6XRD44YEK/iv3y4mFOmHFG9aLNTJUlQ==
+gn.			172800	IN	NS	ns-gn.afrinic.net.
+gn.			172800	IN	NS	ns1-gn.pch.net.
+gn.			86400	IN	DS	9311 8 2 E471B517052703360CA1C48BE047E7C4316F507A07213AB25ECEB6A63BC64C09
+gn.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . Rno/oEJAHORVbN1oB7gTzvsGKBaBSyrzRu+BUvDLLs5pwW34T6NKcR/RbxnESGVYyv0Cfgy72PxoIA7L/Bey7+ehnGaWnobS4RqjteGTIg1VwO4AQOJFCQc/LdD4I51JGLuMS7f70qIRVY219samxGCOAsZTxnxaCqE5OYw9Lu6ybapJoMYsad8KT8TxEOwGKcYdDyQi9rRppSyUSTvG9Ec+UqGSFnykAmMZPRXxP9S4wmQZ+r+flNIx3IWjeaB2ipIvW3ZkW/XOiVdGwgRYcJzua0Ng5xyT1nKoCQg/qVX+gBaOyjzqxRc6VrRJ/odjy5QGxaiODUHqAVFrHdIdyQ==
+gn.			86400	IN	NSEC	godaddy. NS DS RRSIG NSEC
+gn.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . Ehdbil9L2lZJtedkMiuKJTM7JMsTT92dafuCOM9r5gFa8jU+19moPw/TqPxcHlWrECO+BHYhuz6GJBl1kyoDhtq0AwOHcCmewSWGntUad20qpsJahm3A0MNhk1cmxuOP+Lrn6qkRuw8zxerN93ZtYtqPGd2dFvX4VML5LjVPUTkoT17EBepKpJ4AeCVy0MPEKRHG2xzbXIK+aZsKLzuv0hYaw2LLzcV7TAk7pB6BNgwTaxUsP4ANGlwLg7KYysFzeYULFbuEmJwfylm5GF559emWpTWdooYO+yTdv5KviEs5K5zbiicBGqt9dSeiDm55lmH6MM4C8nol/E5mMXh6GQ==
+godaddy.		172800	IN	NS	a.nic.godaddy.
+godaddy.		172800	IN	NS	b.nic.godaddy.
+godaddy.		172800	IN	NS	c.nic.godaddy.
+godaddy.		172800	IN	NS	x.nic.godaddy.
+godaddy.		172800	IN	NS	y.nic.godaddy.
+godaddy.		172800	IN	NS	z.nic.godaddy.
+godaddy.		86400	IN	DS	29332 8 2 2C52023CFFCCD5FB2D7C4567840E0A06E2360B2A5090BC0DDD9E7B30CB4803B5
+godaddy.		86400	IN	DS	31312 8 2 B9BFFDCD6A38A5A0E6C73CA45AE8F0B66799AE35A1B2CEA3C237F7F1910C9967
+godaddy.		86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . fn4JEwrjAiWylblsGsWoPhdr32ab7D7CLhW7vQprsEfEkRj2OJDjMrbB4yx47Er4zH0Zx1BpEAYxEbHZbnZa/408gqQNB9tbe3yzhxto1pgzGDxhMVvj2KKJNDyEflrGWzR0FmVKRDGFzmG+VaOHNbO3/8o5hQQ0uPKl63I4SL3uwihlym2670ubjG1RNJzasJoVnwolidPZJwdA3MNkpAN9+5FUqq0w0ayJCPUaOljbRhz0XJUdF4ory8zf0hhVt1LSfTKcOiYK2XQ0+T6yMylm8p0iQ2qP2gVO8SRopTDUQJ+vM/565yXu4brUVJOOtxbO2MiE/qjwzvMk/CZ0sA==
+godaddy.		86400	IN	NSEC	gold. NS DS RRSIG NSEC
+godaddy.		86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . G5ANC0I1IEfR+3K9OvgqI7dKrQvpVyU3dCYo6fdQNaB7jG0897Mi7a1OYAe9lu7ap6/EQpAsJ/AvlPD7FPc8XudcT3mDap9tDPZLEb2a3oy8FYwKrhXt7XjgkA63QwZQ3ift6hCjjk5rJVI4LuRUX+bqdp/xMxLY2gTRcDmhpD2/xWVkGq8VFP5I3g+7mcClebQEkTQ2nZFnrBbLYIRA78s+wCS8gh0gYQ4m7k3YCCeAdtsj3OW3DsOxxiV8HLer6txSAbsTPqHa5beC4KPrrfpak0wiRYCxH7DlXs70c4VmpYSR6JrhgxrFaYGjtu1zGMCXGGSp4zOtqSpB5bnGiQ==
+a.nic.godaddy.		172800	IN	A	37.209.192.9
+a.nic.godaddy.		172800	IN	AAAA	2001:dcd:1:0:0:0:0:9
+b.nic.godaddy.		172800	IN	A	37.209.194.9
+b.nic.godaddy.		172800	IN	AAAA	2001:dcd:2:0:0:0:0:9
+c.nic.godaddy.		172800	IN	A	37.209.196.9
+c.nic.godaddy.		172800	IN	AAAA	2001:dcd:3:0:0:0:0:9
+x.nic.godaddy.		172800	IN	A	156.154.172.82
+x.nic.godaddy.		172800	IN	AAAA	2610:a1:1074:0:0:0:1:82
+y.nic.godaddy.		172800	IN	A	156.154.173.82
+y.nic.godaddy.		172800	IN	AAAA	2610:a1:1075:0:0:0:1:82
+z.nic.godaddy.		172800	IN	A	156.154.174.82
+z.nic.godaddy.		172800	IN	AAAA	2610:a1:1076:0:0:0:1:82
+ari.alpha.tldns.godaddy.	172800	IN	A	37.209.192.2
+ari.alpha.tldns.godaddy.	172800	IN	AAAA	2001:dcd:1:0:0:0:0:2
+ari.beta.tldns.godaddy.	172800	IN	A	37.209.194.2
+ari.beta.tldns.godaddy.	172800	IN	AAAA	2001:dcd:2:0:0:0:0:2
+ari.delta.tldns.godaddy.	172800	IN	A	37.209.198.2
+ari.delta.tldns.godaddy.	172800	IN	AAAA	2001:dcd:4:0:0:0:0:2
+ari.gamma.tldns.godaddy.	172800	IN	A	37.209.196.2
+ari.gamma.tldns.godaddy.	172800	IN	AAAA	2001:dcd:3:0:0:0:0:2
+gold.			172800	IN	NS	v0n0.nic.gold.
+gold.			172800	IN	NS	v0n1.nic.gold.
+gold.			172800	IN	NS	v0n2.nic.gold.
+gold.			172800	IN	NS	v0n3.nic.gold.
+gold.			172800	IN	NS	v2n0.nic.gold.
+gold.			172800	IN	NS	v2n1.nic.gold.
+gold.			86400	IN	DS	59041 8 2 525579C6CD38E9E537598CEC0953061FE404C9A7623EFD9A871F46AFA0E69E24
+gold.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . bCFArqQ3UVLnmD2Qq5uSjgQ5S2pRP6ubBikO2P+F2clZIXjB5ihn7NU+nKVFstfOLXWxnXf9VTISCea1V6bdEe91jVhM/14EWLVNk/8SkJzUQbFqCaFMQ49/kNAR7MItfchcX0ajJWloTDHOyJleDHZQTG9D3AdZrPsj0AI/WLnMkn4A+tataUbFabPxHa5ykaEscNHHth41efzp3QA0k2HiquJxDdhRqaG09OV13jldtPcSbZQZ1SAqii6JD+xkluL4LL/WGdeNnz+VnzchtB6gGke+KwnEtsx38nbx8+9aa1OIAEXNEA47H5Soruh0GjJj88Xq24Hzh14bFs5Vxw==
+gold.			86400	IN	NSEC	goldpoint. NS DS RRSIG NSEC
+gold.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . Ke+OOkon2c+eNisbOGKGCgsezmqP8hjv94pYfzVlzSAWvntif4am177GuwUN7zV8h0rNvFgm2Ug1s4Q1fRAjoeEMeRmR7oGPM2d28743pRr2A0OYgGb9e7BcHbG2CkWnpkqh6ryGWbq0UDQg/3znB25mQBmLOmic+ffGfaYFE1i+1zo/ypLBVMJ7KDcIEU6CEs2YKqn7JjQ7c/eBs9tMhrnHt0w9PZWTxEYVrwL48agWQZ77ywYhQm/E5ReEs4NvImeqBx3U0fDxX2X+L2Bo83VatidGpwAWaXAWDAOilsw/xLlZi5PYWVCgjmatVTwVydXn/Z7IQyERlnAyzSdifA==
+v0n0.nic.gold.		172800	IN	A	65.22.20.13
+v0n0.nic.gold.		172800	IN	AAAA	2a01:8840:16:0:0:0:0:13
+v0n1.nic.gold.		172800	IN	A	65.22.21.13
+v0n1.nic.gold.		172800	IN	AAAA	2a01:8840:17:0:0:0:0:13
+v0n2.nic.gold.		172800	IN	A	65.22.22.13
+v0n2.nic.gold.		172800	IN	AAAA	2a01:8840:18:0:0:0:0:13
+v0n3.nic.gold.		172800	IN	A	161.232.10.13
+v0n3.nic.gold.		172800	IN	AAAA	2a01:8840:f4:0:0:0:0:13
+v2n0.nic.gold.		172800	IN	A	65.22.23.13
+v2n0.nic.gold.		172800	IN	AAAA	2a01:8840:19:0:0:0:0:13
+v2n1.nic.gold.		172800	IN	A	161.232.11.13
+v2n1.nic.gold.		172800	IN	AAAA	2a01:8840:f5:0:0:0:0:13
+goldpoint.		172800	IN	NS	a.gmoregistry.net.
+goldpoint.		172800	IN	NS	b.gmoregistry.net.
+goldpoint.		172800	IN	NS	k.gmoregistry.net.
+goldpoint.		172800	IN	NS	l.gmoregistry.net.
+goldpoint.		86400	IN	DS	44254 8 2 B83DB888A853C9309A732E6AE3FDBB3FFAEE325641B4F2F33EF6A4C468AC206C
+goldpoint.		86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . uhPPyBljt/XpD1BE0M++Epq+rneJpH5Tl872Bmsda2SVkPuqDWNKZdy9zLtXT4bCffqdMIZ+t8jm+FQJN0z1ojbq0C/TZKIvv1WsnSLI28aelz4LOt1d5ziqHkpV+WLdK/8BP+ceS+A/vRO3qNrxc4HmwwBPITWXJlSAqrBmGmXMU0fLFBar2QI3XGs7I2OzY4UK1AGc4cn7w17j2u2ydpcAXLfpqTuc6QD4rd3+hmC9XVOGy1isuh2Ur5+XQBQ1aXIzVbKFWyLNnGW0N8hJN4HrMM6AHRkb91on2m7TKpv6IrWkbWB2sM94Fl19sks4O+u4rOuQbdWqZdABvyW7nA==
+goldpoint.		86400	IN	NSEC	golf. NS DS RRSIG NSEC
+goldpoint.		86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . uxYoGK2dGP0yAyLTndtbsaLsVYxsi8sd+GaNknWNLhhFWAKJZiRZr+xK/hwxkpqIydOh92h/FDh69mBeHWrIa/oF30tSVG+hU8tUseWHf1kkQ4d8RrGf9pIJ4A9ooN/gJyDL0bDv9wwb5Ioy69o94TMSf/UdXJSdtChOfoBcfoJHiOxLHoNtYUzByKA0f6RJcSLL7tEBK/q3R+bq8jEGuWwkyoiiMXHG4xYYP3EFvW8o8GMs5gcrgeoysZnTYzSgEvHNGwBMY+7NjQPgbhqrwkFXzegoOLLM2VDEZWwuPSAvHXUy2uwxolV9wzCPnB6aEnCWLpMjRSI11OBrvNqldA==
+golf.			172800	IN	NS	v0n0.nic.golf.
+golf.			172800	IN	NS	v0n1.nic.golf.
+golf.			172800	IN	NS	v0n2.nic.golf.
+golf.			172800	IN	NS	v0n3.nic.golf.
+golf.			172800	IN	NS	v2n0.nic.golf.
+golf.			172800	IN	NS	v2n1.nic.golf.
+golf.			86400	IN	DS	10444 8 2 FFF548BEDE169FE52DE3106F856E5A31A0B349D1A54CBEC3C2FF0BB837B29108
+golf.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . fQ6QBaNz2dwmHKzeumQtC6VE0pQ1vrhB35K2AepXSAp9gQ1mY2Mxqk859WE1kh1mn4KL5Ti5kj3rSTwag9DesbiBvA04TB/ILEdnNoqogzkZLyTrGjGL0dnfz72+FaKuJZ0Aoc4QrbiyAgp1KjUDQt6UisKjZp8TIuVUQrr7b6Jog9tTOy4SFm3+fKfV+ki9N2hepfI74ToyVnvYfh1WCiWR1lOtKnrAcj22xxmdPinpYHZHouB2KEoLe24aARrlhBLZaSMeHo58QjUvfO0Z/mM9/Wy4EfW28UGrHihH45U4A101mNsfxoQH+QyQbrnUPa1jPKsByuHc+aZkPfPMhQ==
+golf.			86400	IN	NSEC	goo. NS DS RRSIG NSEC
+golf.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . uVf9cQYh5uFNjSG3WPyZculSfKnuauIHk3aGN+42yeybsdSotQVQBWqPq+C94uexSvXbVtOGOzQkjp7wBla7KRmHOacCzKrxdZlu7iZB6qdPdeWBiUH7yWyoPb2dSG0shSQnXAVMKt46uh5gey4PxfjgVE7pfHm0OwXIim5AV4RlT1IIhBV3b4ybQ+P9i6Ro6tcVNJY5CqPHnw8tnhvjgVviRnk194xAnEg5fubxSvnv0qYmkumw4wzIi1KJAJhxkQUAwVcwGJm3fVMQfhGIO7z9GHxSgFyVKaTAFRB/d5U+TNO0kSUF6hwU/sQnruhFIUhrGxpHxT7DA77ou7H3Pw==
+v0n0.nic.golf.		172800	IN	A	65.22.28.46
+v0n0.nic.golf.		172800	IN	AAAA	2a01:8840:1e:0:0:0:0:46
+v0n1.nic.golf.		172800	IN	A	65.22.29.46
+v0n1.nic.golf.		172800	IN	AAAA	2a01:8840:1f:0:0:0:0:46
+v0n2.nic.golf.		172800	IN	A	65.22.30.46
+v0n2.nic.golf.		172800	IN	AAAA	2a01:8840:20:0:0:0:0:46
+v0n3.nic.golf.		172800	IN	A	161.232.14.46
+v0n3.nic.golf.		172800	IN	AAAA	2a01:8840:f8:0:0:0:0:46
+v2n0.nic.golf.		172800	IN	A	65.22.31.46
+v2n0.nic.golf.		172800	IN	AAAA	2a01:8840:21:0:0:0:0:46
+v2n1.nic.golf.		172800	IN	A	161.232.15.46
+v2n1.nic.golf.		172800	IN	AAAA	2a01:8840:f9:0:0:0:0:46
+goo.			172800	IN	NS	a.gmoregistry.net.
+goo.			172800	IN	NS	b.gmoregistry.net.
+goo.			172800	IN	NS	k.gmoregistry.net.
+goo.			172800	IN	NS	l.gmoregistry.net.
+goo.			86400	IN	DS	6266 8 2 CDB2048D86D951BFC2320C25EC2211B19E22B00F8A1FBC6A6A7CBC9D5D9A9924
+goo.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . KosN2RVzK/A7iPvo8EZQwNQ6NaPBO5p23BfqNMjZWPiUWLT5xFfF8flBGGQRz6FkZl3cf46sDd+SibHgfg9OT3pPMTgxVbYThywJNmi9KqGujzB592nsk/dF9oIl9mFs2j2OhFBsweBTQDNX3zIxFoDyuDtTI5IhgXGSv28NzqDOiaf63aQzPSLy6UrSAHBP71hfUCNdDf+Wy2Mnofz8XjsLxSD9NHrIy+sGIFIjtY5qlnxUJn2uTp4yAse+KHbiRjR57hA7HMxeFCHzUb1dTu36g3yjHhWrJc5LbMqSJAIH7uU8dsZci3tKJnT3xqVHJZCj2xsAmAll9YLxeThmxg==
+goo.			86400	IN	NSEC	goodyear. NS DS RRSIG NSEC
+goo.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . wt1E2YdLzdfw9F56GZVytrbpSzTRBOscxJEnoRDaRFCrhsq5+3Cwk7zvNlprYjPPHXFmon5SGEzVejT1SOUKbYQdbOFal6FGx38IINIKRjRhVlrytFOc47Jlo1nvSUvyq2b3wZ/dlwHQFF3UICCrVCauGs6Nbd9ZAMKRpc3fd1G69dzK8jsRj4EyvCIao63twKZfOHo1UJ+OomGY5gXXcBV/azhEIFgtmmEd1DBy4YQrSwTi22kqw8sN19ZDPrG3MoJeDf9dMtFlLYZaFTviejNfpmlIbMWtWbmG64Ek987QENArZ7m/WBQpAbJbfNkxUhtOcWKC1rE0BVf+ddn9eA==
+goodyear.		172800	IN	NS	a0.nic.goodyear.
+goodyear.		172800	IN	NS	a2.nic.goodyear.
+goodyear.		172800	IN	NS	b0.nic.goodyear.
+goodyear.		172800	IN	NS	c0.nic.goodyear.
+goodyear.		86400	IN	DS	43276 8 2 31677E86241AF9FAC9000AE3681F1054BB94FADE26D91A92109547D4231A64BC
+goodyear.		86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . A++UbMO3NlGWN/cSjjbntHXHR3ydj+QvimJWbf123EdMNjRyLRbP4d7/lXsnN1NsBJ3KasiDhA38Fn6Y9DFeSBQFCc635r3my6igiIS6FD93eeFNXskSrTClXTkanA7u34lnAUXEiD5x4rzvsOS/cKMU1oJtHsBhHPFXPYgxEfMaCLSUmw6qi/ALrXhT7amkpUQwVoqD9TgZzq5hVR1FgNnWGisSBpkor5++APcViVf3XdYskZaAO8+vb/dvnDgnIQG8rOwoYG02h1U4jDzzjPTh5xHOUvb9HuOXDmhdKv791lkB88019uNwY8moJ2snNvyT0OSZ1nnpJSS2sVzHvg==
+goodyear.		86400	IN	NSEC	goog. NS DS RRSIG NSEC
+goodyear.		86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . loT3XglTYSxqIKmXx34yHCbwUzqrIFBIyhJIVvbJzHUdxZfgRchSKIrYeybDuFKsPFIYXzrZUcfEOQtKQztboSDm7qoMUC1JyfGKCmbX62hZ0RjrH6I+zFgsfk13pNdigYN0d4Pljn3hpowDcBVy3fExIXXNiLzBGILokdCZEL1S5hpW/diX/vslXZcStwVQk5lkENt6AdNfy+V3PnaM87w8JELdXQ47G0FAxEQ2off921nBOxok93WhJjMYX1wlDnITk/0PS+NTIIzBGn+ucrrbbojJvO+ytBf0yEv/V5aBujS/FYXUs4nrycumNxVb1pje3NqmpxWBSB3piB/yzA==
+a0.nic.goodyear.	172800	IN	A	65.22.120.41
+a0.nic.goodyear.	172800	IN	AAAA	2a01:8840:76:0:0:0:0:41
+a2.nic.goodyear.	172800	IN	A	65.22.123.41
+a2.nic.goodyear.	172800	IN	AAAA	2a01:8840:79:0:0:0:0:41
+b0.nic.goodyear.	172800	IN	A	65.22.121.41
+b0.nic.goodyear.	172800	IN	AAAA	2a01:8840:77:0:0:0:0:41
+c0.nic.goodyear.	172800	IN	A	65.22.122.41
+c0.nic.goodyear.	172800	IN	AAAA	2a01:8840:78:0:0:0:0:41
+goog.			172800	IN	NS	ns-tld1.charlestonroadregistry.com.
+goog.			172800	IN	NS	ns-tld2.charlestonroadregistry.com.
+goog.			172800	IN	NS	ns-tld3.charlestonroadregistry.com.
+goog.			172800	IN	NS	ns-tld4.charlestonroadregistry.com.
+goog.			172800	IN	NS	ns-tld5.charlestonroadregistry.com.
+goog.			86400	IN	DS	8029 8 2 01509DC8D2D79E32F9A9C7F9845FDF26E4C4B7B2D6040E0D9381EBABE5331801
+goog.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . F39Pvd2s2y2f2Mx6N1nblP5I4Om3xUhKXXdgf0//hCf8m5jm6EH/6b6L5335+5UjNqo3/gpLyrej2ogLwAhoCH7lpFLvo/kuL+3DOKLofnL+y/awlBhKP4qUpGpzoS5bpmtygcNKwi0FLamxOwJSaWwstLdcm8QoGHdN+LHzJ+jxPYiC3Nr6lCaTSQIHzzxsGOEtduXDx1X8x/6Xzw3BU6MZ2UTagBsVcc56hceANaIroyc6DWZQ/D1t8QCR/dvmARg0KPFsM86L+ueWwaRlJzU0hIKQ/xz5Xzj0UCa+KY40u5xCWH/3tpbVmdIWGr7oLIokh8HAfwjJJYXSuULMNA==
+goog.			86400	IN	NSEC	google. NS DS RRSIG NSEC
+goog.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . aCQKYdgxxeHhesD4kWp7TY2YlSHohLFYD/hR2sludZqiZ2Ff3m1zFCsaeuWdM2pmNH4CH6sFVTxbQ5TwufFRT5fDxBh/tJvw7fF7kPr1i0OxqKtz4xqSnSaC8KOR2L9TTGooL2FnvSHVXX+OCwG5aSuHk7D9QjYvWNGGrUad+yAR4L0OBk4TozNuPCCvIee2/3F4gf5GqFSPVq9GNI8DpBVa899gRqDsV2KPrC76pBOAnB3iFnarNbvmstdE4BGIiBdDC/OZ2rd1IElzLoYeUi3mXo8bXDftKuWokh06MEr6Qa0+RnJmRxaNihIIKEk4Tg8vUifqwjaQocitvOJ9zw==
+google.			172800	IN	NS	ns-tld1.charlestonroadregistry.com.
+google.			172800	IN	NS	ns-tld2.charlestonroadregistry.com.
+google.			172800	IN	NS	ns-tld3.charlestonroadregistry.com.
+google.			172800	IN	NS	ns-tld4.charlestonroadregistry.com.
+google.			172800	IN	NS	ns-tld5.charlestonroadregistry.com.
+google.			86400	IN	DS	6125 8 2 80F8B78D23107153578BAD3800E9543500474E5C30C29698B40A3DB23ED9DA9F
+google.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . s/sUHkWBxfuQOLrFUjfTMaisXthObBCFsQ/mVfeKRqEYbCTewh0/9ctx+w7RjXtCa0HWk2xIYianzKw7l1ydJAKqEtZgpI1IYBwB9SmCP6GuZFc5GCS8Zf0AslBMOW/yVGsOdwY+J2E8KwsEu/27ZMqyy9h4cC0JUSSScLX38UUSPxGRPpU30jT5pwS4VIqq2RxBaMTeLR9u1f7WvLFp96sb5I9MfpH7DlJHinGfp3XzCxIhcFnTZhFkmv9a9licKzMrU+TfHx254uLnSEFjzVECZkZu68iY6EdTCnHq4ss0z02KYM5rFNwrW/FsRUEpkqNj5oc+IFqZkKyIpLG+8A==
+google.			86400	IN	NSEC	gop. NS DS RRSIG NSEC
+google.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . UIW1f/chP9CPHhaPK7fCnfxtStSC+mwP3SyKM2QmYBe0ZPw3z/SnLX31/FrwUpPn6zhATzfh7qa9pIcT9+qt1GZNDk/CkhePPV/HG3Qqnv556/a18/Nzn0GBepXfSrPayPY2DIi50oJCMA/thAeAYNZCdbivK7aAJ9mkeX297h53cPN7vSxRvSGjwtCpkFfOAE0FblXFKCiJcaBiIN72h0qt5xKWcWC6sGtUoRxvdTtaj4hYCEfkSU05r5Tw+fSlFx6gA/iMjKShZAsJFYE8LTbDqP1poA/HjBMgEooa9G/vXrAA+hXKfM9sq0R7SemDVqnBltL5L8JLjsZA7+KBxw==
+gop.			172800	IN	NS	dns1.nic.gop.
+gop.			172800	IN	NS	dns2.nic.gop.
+gop.			172800	IN	NS	dns3.nic.gop.
+gop.			172800	IN	NS	dns4.nic.gop.
+gop.			172800	IN	NS	dnsa.nic.gop.
+gop.			172800	IN	NS	dnsb.nic.gop.
+gop.			172800	IN	NS	dnsc.nic.gop.
+gop.			172800	IN	NS	dnsd.nic.gop.
+gop.			86400	IN	DS	31562 8 2 13454BE0988354AE5CF482CC912C8D377E0D72ABADD4A7C55E6DFC923E26868F
+gop.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . RpeQ+39MGliRlZL+7QsOOENtzKghHLrmIq8+Jo6IkpjjFXbmkoorSCTaJpcSuqjGSexwUZCpoBG8U1Lt4ii5QcIidxsTjrQkv4boPh8zm1W0iJbFLob3jndSLwqWu22RznbnMkXXmnjl00dYVMMhX+6LufycC3UYudHw02amTCsLWhq7Vifz87ymVmVqQ7ADBjkrdguLOa+7t0I7Hqh4CWZO/LO3j/CW6yBNxg6RXiXhiJDaVfnKzXjMH6WXfzq6dqjaYeGnuOh0L3NccAROAeajRsJOACaUrS8lADNErpv9R8VCYans2Tv7ko5EshURfiDk1mFK5Ngdqgs5KS0e5w==
+gop.			86400	IN	NSEC	got. NS DS RRSIG NSEC
+gop.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . ohrhcrwzkoqiQNlLeAuIaVMWNsvFyq7vCI+r1mCVzENt5/1IH5yvzTsHK/OaJwS6OlRA7B1NgDhyl2qglXmiBI6oymGAbmqZhhMNjXo3K/lUAYdbCSAT6FG0C6ilgZdg6xgWMIca1xoXImsmTv4TuyP6sd68/lOjS7v41Zh/pooObyQGN/OeRjyvUuHONk/z9ewf7l/NmcMJ2NwORjBb5vdl4Zk0ySh5OonYxEDYbATxHjER5hW2SrzTUmeJ8rqpSr/hGfBdA2Swpe7bYmcsU136FmRlNC7wxMEDRIwYeC/HiqkWXnzeUFTZpvK09LXqJQJvPYERrYYQSNGqQoeVRQ==
+dns1.nic.gop.		172800	IN	A	213.248.217.39
+dns1.nic.gop.		172800	IN	AAAA	2a01:618:401:0:0:0:0:39
+dns2.nic.gop.		172800	IN	A	103.49.81.39
+dns2.nic.gop.		172800	IN	AAAA	2401:fd80:401:0:0:0:0:39
+dns3.nic.gop.		172800	IN	A	213.248.221.39
+dns3.nic.gop.		172800	IN	AAAA	2a01:618:405:0:0:0:0:39
+dns4.nic.gop.		172800	IN	A	43.230.49.39
+dns4.nic.gop.		172800	IN	AAAA	2401:fd80:405:0:0:0:0:39
+dnsa.nic.gop.		172800	IN	A	156.154.100.3
+dnsa.nic.gop.		172800	IN	AAAA	2001:502:ad09:0:0:0:0:3
+dnsb.nic.gop.		172800	IN	A	156.154.101.3
+dnsb.nic.gop.		172800	IN	AAAA	2001:502:2eda:0:0:0:0:3
+dnsc.nic.gop.		172800	IN	A	156.154.102.3
+dnsc.nic.gop.		172800	IN	AAAA	2610:a1:1009:0:0:0:0:3
+dnsd.nic.gop.		172800	IN	A	156.154.103.3
+dnsd.nic.gop.		172800	IN	AAAA	2610:a1:1010:0:0:0:0:3
+got.			172800	IN	NS	dns1.nic.got.
+got.			172800	IN	NS	dns2.nic.got.
+got.			172800	IN	NS	dns3.nic.got.
+got.			172800	IN	NS	dns4.nic.got.
+got.			172800	IN	NS	dnsa.nic.got.
+got.			172800	IN	NS	dnsb.nic.got.
+got.			172800	IN	NS	dnsc.nic.got.
+got.			172800	IN	NS	dnsd.nic.got.
+got.			86400	IN	DS	4355 8 2 8B11D5875A3202ED7FAAE05A5EAB67057ECA0D5BDB62875C5203B6CBB011C50A
+got.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . gyFhzcQubsno5zeBqguaQtDSuD77Tx7+Fhs+Qiex57Uf+qrxz6FTJ9osmDdcBlk/x1C54x+lLHi64fFJ4PYmw1xUuzKgR0VAHHRorT0gBtg+ywtNANG30zuMKDYP5r7dlHRvpep7jCoGB9F6miFcV+qRgIg4bxkp+1FVvgUxUqoISsqkUEhvRLebwKLdsHwIdYODRfHmF8FfPlGVAgw+RgRYV31cYBLIzgCFtxJQ6pm+ac8PbP61poJRtwiCSRoiOMJdbfeC+UrQRots/0eFnqDiOqSNMIdv3KrG0YfbRUkIC6dx0rkDMDGzAO7p32biJ5GsGx5zeNYeN7/ozC9F0A==
+got.			86400	IN	NSEC	gov. NS DS RRSIG NSEC
+got.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . UaV65ILgqoYKiBHEyDbN3JgSMVsRw+u4s8Y423Go7a6TzE2NvcezVu4koOjeixK2QI1/F7ozoEptbyX0HhWi9TDFcDKaqlAvqoLCzKs3wWsUTjZRzIxWfDz0bSVfbMeU6wQU4spUUF6iYkj3nA7vW3d+VRZGgVsssKigNxZQ4yNzT1hgxj3ea5RAfQKORqrSbRDXtuiOM5k3ruGQsiXhlP8Z8OD+iXnkQoDC29PGlsmfWBqiBJYhiks2+vWkG2Icf/dBhICgywDVPMebhdodYW849tHPB6KZW5HuyyY4QF0HolMbD9t7WoGOjaWurbJ+zEvNO6aVU2dxctzNShX48g==
+dns1.nic.got.		172800	IN	A	213.248.218.68
+dns1.nic.got.		172800	IN	AAAA	2a01:618:402:0:0:0:0:68
+dns2.nic.got.		172800	IN	A	103.49.82.68
+dns2.nic.got.		172800	IN	AAAA	2401:fd80:402:0:0:0:0:68
+dns3.nic.got.		172800	IN	A	213.248.222.68
+dns3.nic.got.		172800	IN	AAAA	2a01:618:406:0:0:0:0:68
+dns4.nic.got.		172800	IN	A	43.230.50.68
+dns4.nic.got.		172800	IN	AAAA	2401:fd80:406:0:0:0:0:68
+dnsa.nic.got.		172800	IN	A	156.154.100.3
+dnsa.nic.got.		172800	IN	AAAA	2001:502:ad09:0:0:0:0:3
+dnsb.nic.got.		172800	IN	A	156.154.101.3
+dnsb.nic.got.		172800	IN	AAAA	2001:502:2eda:0:0:0:0:3
+dnsc.nic.got.		172800	IN	A	156.154.102.3
+dnsc.nic.got.		172800	IN	AAAA	2610:a1:1009:0:0:0:0:3
+dnsd.nic.got.		172800	IN	A	156.154.103.3
+dnsd.nic.got.		172800	IN	AAAA	2610:a1:1010:0:0:0:0:3
+gov.			172800	IN	NS	a.ns.gov.
+gov.			172800	IN	NS	a.gov-servers.net.
+gov.			172800	IN	NS	b.ns.gov.
+gov.			172800	IN	NS	b.gov-servers.net.
+gov.			172800	IN	NS	c.ns.gov.
+gov.			172800	IN	NS	c.gov-servers.net.
+gov.			172800	IN	NS	d.ns.gov.
+gov.			172800	IN	NS	d.gov-servers.net.
+gov.			86400	IN	DS	7698 8 2 6BC949E638442EAD0BDAF0935763C8D003760384FF15EBBD5CE86BB5559561F0
+gov.			86400	IN	DS	64280 8 2 D66CDDA12234C22C5E6FD1C894DBD682FE7967E111793485A281972BFB164377
+gov.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . WaE9gOm9g1T5y+wbMvDDNkoVJd6iGmiW+TpAAtnjphYDD4Fs8GXE9YoT3IPiXmkNzp+bJx74io8HbLsuR5rOydbGB/CNJx5U45GJVMQ5dWoMDiy8v/AS9CWNZjtMYSAepVQj4mYMs9gxTQ1LHHf9OScRthd5fO0KZB28W88x/8SEGWS21Y9Q0LFW9b2HfJZHYoSzoYyv2eBWe7OI7gLYQcSNEfGSt5Ygcqyn4z2ZcCPNv4Nhw+GhIDoKvYpY+43u7P9DS8wtjCtKCg+gEeiWWRvviu29k82SYhHrGA++7uUUq5ZWcfkgtSpy7fX9C2D4Y3Et3i5lp5HIcfCu4rQ7Dw==
+gov.			86400	IN	NSEC	gp. NS DS RRSIG NSEC
+gov.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . f8kr9YjbrgA7ILJrprN0dskzyLfad1n1a8JgOFwIs7Td9iCcS0deTX/mdyMhfQe4azLC7kUwSJXGBLFl5WIo50laxqjGXI0eZmdzxyB/KJWp3UBH93W1NgWDsq93J7Lb/e4CmIzQ6gsQGz+aLHXrndQhGOsXIP0Kiwddce7FP1fJCQVU7nkrB6HXF6uK7w8FIUBOeupO8IYCo6/f76atAPQTansLFTz7tFyzx7MqL8Jw+Zxu3ZZ8ygWRsVrG9Mwf3KtucMBYKKQgCXFFrsRwsPXFr2H7k6YIN82q+ZVJdxAvdlBvvB+O4cykCNgnaVijIj4zOiPxkQq9KVlojzTPZg==
+a.ns.gov.		172800	IN	A	199.33.230.1
+a.ns.gov.		172800	IN	AAAA	2001:503:ff40:0:0:0:0:1
+b.ns.gov.		172800	IN	A	199.33.231.1
+b.ns.gov.		172800	IN	AAAA	2001:503:ff41:0:0:0:0:1
+c.ns.gov.		172800	IN	A	199.33.232.1
+c.ns.gov.		172800	IN	AAAA	2001:503:ff42:0:0:0:0:1
+d.ns.gov.		172800	IN	A	199.33.233.1
+d.ns.gov.		172800	IN	AAAA	2001:503:ff43:0:0:0:0:1
+gp.			172800	IN	NS	a.lactld.org.
+gp.			172800	IN	NS	gp.cctld.authdns.ripe.net.
+gp.			172800	IN	NS	ns1.nic.gp.
+gp.			172800	IN	NS	ns2.nic.gp.
+gp.			172800	IN	NS	ns-gp.nic.fr.
+gp.			86400	IN	NSEC	gq. NS RRSIG NSEC
+gp.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . HF7yPK50aKC7OmOG3rRgVbrLHq1EHSZ1J0SoPuati7gJ/HcSibMAfU9v0CV9+6VypP1I9EWvYZqipDyV3rw0Hw2UDWyXhyWz4Jxxa/23LGhNwuJBo2UMxK3pQx3yudxxZ85JGdl1XNBZFl8zWoSLd/O4QVqi1LdaltWQr5istKyBupDppamLZHLw57WqwgaxuHpKOQ0+/Vb2XqumJ3lz0UTENARCBgHfHscKf8yKUFM7vsLS4eRhjNmNgonzR1xCGJIt/SoODNfcfIHQYXDqUrtuky+Eob+T74nhb3S6h2h/HPf1ZEPRUaGNMnrP7/1RMtsNmdSctwwOuXpCRqt3vQ==
+ns1.nic.gp.		172800	IN	A	193.218.114.2
+ns2.nic.gp.		172800	IN	A	193.218.114.34
+gq.			172800	IN	NS	a.ns.gq.
+gq.			172800	IN	NS	b.ns.gq.
+gq.			172800	IN	NS	c.ns.gq.
+gq.			172800	IN	NS	d.ns.gq.
+gq.			86400	IN	NSEC	gr. NS RRSIG NSEC
+gq.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . u76kaob5B9wejJXq6S7CsnRoOwoWMrj02Nzj2DlQzme5k83AiSDIIOgKyLxYhYF2Lsuu7XrkxeYH1RkM/Ph1tC0YGZagUk6s3shx5paMLR20+pQim469rFaiZ7r95ECExCq220uAlxipBaNjL+OIR85mcg1mCnpn/jCxDOoJI6UOFSYG8lGi5HOS5RdItrG//u542JwRSqqV9/WJuss/E261JQkkd3BQE1brNwc2GYHru6MakMlIc3Tf1yNWQ7/y7kAfylU/3r78p0EO6FBbblnk6xDUUiZF2FsA05k9Mv29YcPag7WwPTWjhAXwGSYj1kHlarl9ZkCZJtFlWSYJ5A==
+a.ns.gq.		172800	IN	A	185.21.168.65
+a.ns.gq.		172800	IN	AAAA	2a04:1b00:10:0:0:0:0:1
+b.ns.gq.		172800	IN	A	185.21.169.65
+b.ns.gq.		172800	IN	AAAA	2a04:1b00:11:0:0:0:0:1
+c.ns.gq.		172800	IN	A	185.21.170.65
+c.ns.gq.		172800	IN	AAAA	2a04:1b00:12:0:0:0:0:1
+d.ns.gq.		172800	IN	A	185.21.171.65
+d.ns.gq.		172800	IN	AAAA	2a04:1b00:13:0:0:0:0:1
+gr.			172800	IN	NS	gr-c.ics.forth.gr.
+gr.			172800	IN	NS	gr-d.ics.forth.gr.
+gr.			172800	IN	NS	gr-m.ics.forth.gr.
+gr.			172800	IN	NS	estia.ics.forth.gr.
+gr.			172800	IN	NS	gr-at.ics.forth.gr.
+gr.			172800	IN	NS	grdns.ics.forth.gr.
+gr.			86400	IN	DS	13987 8 2 FF87E9205F88E1D32C67A65BD61C68C56689C607D7684D12C867DC933D546EC8
+gr.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . Ai8+bOaLjds1JtfJDgM524UMkS6HNj6KC2HvDp58INO947Ky4uWcuwf0QYSAvQalDn2zYMF+3mw7/xY7XS7Mfrvv1NyODMWk9ZK08U3fcE/lQIduHHtYS2lOcyzsDCcUGGdNHWBNmHKp/pQecI3Jkm30reDZVCfGhJ4bJGibjMGqcfKBDuYDMXW0rTKlHgfnzDC7JSxF1d5qZD9oYPC22CjRkQsfGs5MqIt5jRD84iPkSn/aS37/eJEdvL0hTcZzt5sYToWR5MhuVKRCo2DMqWGSiLOBhNCTmPTmwaCMsZEyVWnrVQUvDuHb/9ME2NLvbnPGXa3ab//Qys/BC0Fugg==
+gr.			86400	IN	NSEC	grainger. NS DS RRSIG NSEC
+gr.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . D4qw3D9yWghA4qKHVM6nf6HM5jR1Mh5hN+F+7pV26OhlNy2gLsg4BeGsal0zqX1TlCUnWyTlnz7qyJw3OMM2fVbc51lAMJV1RORavMhu7ZJLYA+ntIXfDVfQwfBfhPm9ImDGlerBHrXLiP01IC8l+RtHzIhNk6H39x0rqiHVUjv958w/gwnwTJ+Z9KUOUZ1PRhigAKX5YnI+zGccsOs/w31xj7OGa09sMhEbQivMRZmVgSJDWHeTzq6RO9+stciOxcavGfzSV/s1j8KW7u5ADfD72A6v6/1L8bu8M0HqM675+bZ037hnTDjfqM0siDFfSVoCQ/vMgBYxn3+3JH8nsg==
+estia.ics.forth.gr.	172800	IN	A	139.91.191.3
+estia.ics.forth.gr.	172800	IN	AAAA	2001:648:2c30:0:0:0:191:3
+gr-at.ics.forth.gr.	172800	IN	A	78.104.145.227
+gr-c.ics.forth.gr.	172800	IN	A	194.0.1.25
+gr-c.ics.forth.gr.	172800	IN	AAAA	2001:678:4:0:0:0:0:19
+gr-d.ics.forth.gr.	172800	IN	A	194.0.11.102
+gr-d.ics.forth.gr.	172800	IN	AAAA	2001:678:e:102:0:0:0:53
+gr-m.ics.forth.gr.	172800	IN	A	194.0.4.10
+gr-m.ics.forth.gr.	172800	IN	AAAA	2001:678:7:0:0:0:4:10
+grdns.ics.forth.gr.	172800	IN	A	139.91.1.1
+grainger.		172800	IN	NS	a.nic.grainger.
+grainger.		172800	IN	NS	b.nic.grainger.
+grainger.		172800	IN	NS	c.nic.grainger.
+grainger.		172800	IN	NS	ns1.dns.nic.grainger.
+grainger.		172800	IN	NS	ns2.dns.nic.grainger.
+grainger.		172800	IN	NS	ns3.dns.nic.grainger.
+grainger.		86400	IN	DS	19057 8 2 21ADFC98B30B8A046A117C926C36CE7D890ED1C98A7168049332AF0AFE19C08B
+grainger.		86400	IN	DS	63544 8 2 9D220E1EFFE75AEBEE784D7066BD378773A55462C2DA902458DE3F80A8BD069E
+grainger.		86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . k8VQq4yk7i0ysVb99U2N8yS2jLTIOlvdYo0CBm9UMyTUj8n3O4VqrXFehuSo3WPV/bBJ/ACVwcjSPFLC4yvLLLaP94L4UFNNlG1tLOW1J5JOZa3QvuG1W7JtxHsvIa0UBUYJutyZPujuz1ijnpy+4xvdZirTSQ89KaKDFiB4sf8mf6Eu98gqBkaYZpKyf02FuA8tlcfyY85uEWi25nViR2VcYw9Y6LmEygwg1ZPf/lHRlUqNqeeYkpUWcOAg0lrEx6+bfGEvBXvY62tbaqjqLCmQqHzEx8bJ4Dvyww4zc+qDL6F9c3f/YFn0IzAUF6e4ZIM4EmiQVMaWfGrMdyDaCQ==
+grainger.		86400	IN	NSEC	graphics. NS DS RRSIG NSEC
+grainger.		86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . tGxTepVbr7VeWGc9SF4wjBazt8Bi2j7RsmyuS7DvShmyoPULi57l/4iBMgRSOb+aPsySJOkhL3X32YAYyKQLx96pwzWKdHK22oAs2nWNPaxFRTHQ+59DWsMt1tzUWtvtW7gQFuX9PpONLWqJCWzShgQj3nAnWKsWd8arCIMWBWGMcGXzUl0BRjKGj/mAlvM5kAsQxYIE/ccIrVfNVg12uceBCX0cu0rYhc0FKjeHih1Shr7VDagRRkdA1gcg4m1FcnL151STRwERXvK6INzFhXiWY2rhEKCpN8T0gVc3WyINxRKF9cK/p75OxOGwgfNMAGZCobMQ7ctYTwJsuAcZ2Q==
+a.nic.grainger.		172800	IN	A	37.209.192.9
+a.nic.grainger.		172800	IN	AAAA	2001:dcd:1:0:0:0:0:9
+b.nic.grainger.		172800	IN	A	37.209.194.9
+b.nic.grainger.		172800	IN	AAAA	2001:dcd:2:0:0:0:0:9
+c.nic.grainger.		172800	IN	A	37.209.196.9
+c.nic.grainger.		172800	IN	AAAA	2001:dcd:3:0:0:0:0:9
+ns1.dns.nic.grainger.	172800	IN	A	156.154.144.68
+ns1.dns.nic.grainger.	172800	IN	AAAA	2610:a1:1071:0:0:0:0:44
+ns2.dns.nic.grainger.	172800	IN	A	156.154.145.68
+ns2.dns.nic.grainger.	172800	IN	AAAA	2610:a1:1072:0:0:0:0:44
+ns3.dns.nic.grainger.	172800	IN	A	156.154.159.68
+ns3.dns.nic.grainger.	172800	IN	AAAA	2610:a1:1073:0:0:0:0:44
+graphics.		172800	IN	NS	v0n0.nic.graphics.
+graphics.		172800	IN	NS	v0n1.nic.graphics.
+graphics.		172800	IN	NS	v0n2.nic.graphics.
+graphics.		172800	IN	NS	v0n3.nic.graphics.
+graphics.		172800	IN	NS	v2n0.nic.graphics.
+graphics.		172800	IN	NS	v2n1.nic.graphics.
+graphics.		86400	IN	DS	50656 8 2 72B3A23F71A09CDB43C5C5C1F9717DE3C722A1EFEF355B11789661B46891F3AF
+graphics.		86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . v2njINDwAAld/lw6ilJT2pRgHrVa1U3HaOhlFckfdOVk/GC1eHt5lDwLMSj5+EswnPQdRiOBNTYfFYJWfDRAOaHjxdmk0ubq6lCwu6cBV3Oq8h9dmVKf4odeQDlZQ0nBiB5uussF+2m1GKOzimcJV+wnsKYAzFBCJc5nxdzr8CgC/8YAWd2YhStWoaDwJI31mHh1TeLLs9xBfG6NECi70aGkrC0JOv2xQE2bHi49pp3h/3UEFhYsMX5WwPIZZdUacXxxhHibsDYND1iTVa4BdTmGvLl4Ur4U+1+ttfkCaJmHIeIyrL+MGzRTwvRk0qal4hUnWQozFNpyLXNY7mou6Q==
+graphics.		86400	IN	NSEC	gratis. NS DS RRSIG NSEC
+graphics.		86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . SYfkkfBuqXexBBiGLvatV9ng2KYU+2lV+O9aSRwyHyNK3OhlnWhOoPNdW/p6ANsf2TxA9lfEyv4szfbe1XDf5rjK+rezvJey6F9Wo6O+5Ok3RBv3AJRCyR6J3v0Rs+KU930zGDw9sjOzo5aPICpx8GzyXtZ5K9JaPjbibFJa49zrDCyZqPwXiljuWhMBtcZ+RixLBcPf34RgnTnoJjlfeHJqazHNDTQ1OP7zAI+pLusax0x++LJh4Zhoy+EFe0V+/jFMNsWChMLuqIx4dGoIWcv8ARWsmsOAdTF/lsEpsHI00QBEhwtVgFope4T2Z0ePfI8sEKifqzfoyzN2tPlhNg==
+v0n0.nic.graphics.	172800	IN	A	65.22.28.20
+v0n0.nic.graphics.	172800	IN	AAAA	2a01:8840:1e:0:0:0:0:20
+v0n1.nic.graphics.	172800	IN	A	65.22.29.20
+v0n1.nic.graphics.	172800	IN	AAAA	2a01:8840:1f:0:0:0:0:20
+v0n2.nic.graphics.	172800	IN	A	65.22.30.20
+v0n2.nic.graphics.	172800	IN	AAAA	2a01:8840:20:0:0:0:0:20
+v0n3.nic.graphics.	172800	IN	A	161.232.14.20
+v0n3.nic.graphics.	172800	IN	AAAA	2a01:8840:f8:0:0:0:0:20
+v2n0.nic.graphics.	172800	IN	A	65.22.31.20
+v2n0.nic.graphics.	172800	IN	AAAA	2a01:8840:21:0:0:0:0:20
+v2n1.nic.graphics.	172800	IN	A	161.232.15.20
+v2n1.nic.graphics.	172800	IN	AAAA	2a01:8840:f9:0:0:0:0:20
+gratis.			172800	IN	NS	v0n0.nic.gratis.
+gratis.			172800	IN	NS	v0n1.nic.gratis.
+gratis.			172800	IN	NS	v0n2.nic.gratis.
+gratis.			172800	IN	NS	v0n3.nic.gratis.
+gratis.			172800	IN	NS	v2n0.nic.gratis.
+gratis.			172800	IN	NS	v2n1.nic.gratis.
+gratis.			86400	IN	DS	32626 8 2 C0E0491F4FCEBE153703E4ABEB895CD8706902717053B2BC2DD1E421E5508BFB
+gratis.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . B51dAug1kWeL6RfqQvqsD6ZvEAl4VNXpE/Kw0ay2v8WZdPztQISx6x7w0Wb7iMckGM+eU6HdxNgh7za/Qe6SdDPtmtj0sJICVGYzJV1sOV2ZrPHyj0BSOsNdoSxk3PbkDjUXb8jKqXoRCDmzuR2Noy+U6L4FEv+I3engZt1tzWh0L2/ldpetsq/YhoZEpPdqk8Rc/iw1+A+nKpkGwToL+WwPiel+NXAbvFgGagSBYVHvXpv7xGHtXZe4B5prVlh3dbTpwOctIHkYmOvzLg0ZyMpobQZCn/fzuPFrEVFZCcz49GHde7tWiflTICZzPtuR/2jqoLN2JV3Me8xOeSlLFA==
+gratis.			86400	IN	NSEC	green. NS DS RRSIG NSEC
+gratis.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . SUigNPscgLGNneiIn6q0Xmkqy8zP8sOvke0+RNz5+sogGUk/PkkYWDBqoUoz2P+v7YF6BplVGlNFJ6fVgkcAnRqoDlnkrjdDSMMF+rbooayjv3LYVFADw2umFZEhzlKpDcEmwZniVGvK2ns66U+tv/radSX9NT55lgYwesupmPs5QXMWiH1owMPHBxF2seEIHXssTGDaiHclIeiogqfMWwMiW12ZFwt1tV/Uhu/nd0VznoCjbnxoAdYLoFuGZzCkzuOSNL1wQMQrGrMGhQyL3aCsPpKHYb8Aw920w1Dk3VLu1FLQrn+oqJsEOMYGdJ4dfXCt/4ncLOS25ULhvKGZhg==
+v0n0.nic.gratis.	172800	IN	A	65.22.20.24
+v0n0.nic.gratis.	172800	IN	AAAA	2a01:8840:16:0:0:0:0:24
+v0n1.nic.gratis.	172800	IN	A	65.22.21.24
+v0n1.nic.gratis.	172800	IN	AAAA	2a01:8840:17:0:0:0:0:24
+v0n2.nic.gratis.	172800	IN	A	65.22.22.24
+v0n2.nic.gratis.	172800	IN	AAAA	2a01:8840:18:0:0:0:0:24
+v0n3.nic.gratis.	172800	IN	A	161.232.10.24
+v0n3.nic.gratis.	172800	IN	AAAA	2a01:8840:f4:0:0:0:0:24
+v2n0.nic.gratis.	172800	IN	A	65.22.23.24
+v2n0.nic.gratis.	172800	IN	AAAA	2a01:8840:19:0:0:0:0:24
+v2n1.nic.gratis.	172800	IN	A	161.232.11.24
+v2n1.nic.gratis.	172800	IN	AAAA	2a01:8840:f5:0:0:0:0:24
+green.			172800	IN	NS	a0.nic.green.
+green.			172800	IN	NS	a2.nic.green.
+green.			172800	IN	NS	b0.nic.green.
+green.			172800	IN	NS	c0.nic.green.
+green.			86400	IN	DS	49042 8 2 B0A053BC2903459BD6DC6060A822285C492FBB5F20346821A48C5EF3E6B0D29A
+green.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . hOc01LfCxvNuPxpBVXX5gaIK05/U96J8Era56ZNlTGr6bDumqAZIqwBJAaUfnynMHzQcE8BUnxESci42+oEVc/oiE+vtuyzcrZaAdqxVktArJzQgGzWgXHa3xZfG5SmzjAsWUM6leVojg2IPeaNmUD8TQV3NFU+AizXtXrxwwzObFGDHqXK0u+sgzkRsRc6ddQWcY2hwC0Yck+PAmEhNzX4GvHZkKIXMB1i1xuLypA6dUbrwsE3Svf2dzsdcZ9jCDNqtGqxjHeoJIpsyyVGmLRdH/CwHwqXlsbuhxyO8zTe2DXg0kV5Rz/InvRNBNECuHCoFkuC+ty8g8ToRLuToQg==
+green.			86400	IN	NSEC	gripe. NS DS RRSIG NSEC
+green.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . cZgkPOO3+DUTzH+67fUbpFW/vlfNIeIgT8EYunAg0FFVMo4PxiKTTs3JJSSxCY/wMF6t7UmV807EhtJPVQwv3nlFlWzqMmNm/H3OJ6fQRa9CR1o7ipjE1bg6EpOCpPOZB5mwkWKoGq7r0VA2zcJQ7MPJVByYRa0VsFP+35Hjxax7ZELHlV/g9yH//uqMK2/2llrR5LOcqoxOLQOUSyOO7rlkf1F2I98AJ9Pql+nVT91O6Qg8cLsWE9pX2C7zIibttY5a6F07Qg9BYrMZUW/9zSOpBc9e0OC9YlSXm5vpRaubM93EuI5rajfi2dPDk7CN7jWGt8JU2GyP7Eb5iQ/L6g==
+a0.nic.green.		172800	IN	A	65.22.32.9
+a0.nic.green.		172800	IN	AAAA	2a01:8840:22:0:0:0:0:9
+a2.nic.green.		172800	IN	A	65.22.35.9
+a2.nic.green.		172800	IN	AAAA	2a01:8840:25:0:0:0:0:9
+b0.nic.green.		172800	IN	A	65.22.33.9
+b0.nic.green.		172800	IN	AAAA	2a01:8840:23:0:0:0:0:9
+c0.nic.green.		172800	IN	A	65.22.34.9
+c0.nic.green.		172800	IN	AAAA	2a01:8840:24:0:0:0:0:9
+gripe.			172800	IN	NS	v0n0.nic.gripe.
+gripe.			172800	IN	NS	v0n1.nic.gripe.
+gripe.			172800	IN	NS	v0n2.nic.gripe.
+gripe.			172800	IN	NS	v0n3.nic.gripe.
+gripe.			172800	IN	NS	v2n0.nic.gripe.
+gripe.			172800	IN	NS	v2n1.nic.gripe.
+gripe.			86400	IN	DS	45766 8 2 6816AE0472BB1EBB28D2F4434609AC9D178F7F82DBF92ECEB11C658B50169415
+gripe.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . UYwqX46jGeOxDSShDn2Pnw1aQjSXeO02xWfOtiX+J4oR+DDboTniexB+7c78xz0SNLnO0HUhFzumUkRH7ruXqYPHyVLIA3zpbBLP81IyXGX1CsDnmbePW9M+quHQlji0UKqkfOVnIMGE+inmdZsz6FQFxRMTQbojIwSny+4ilWT0FquLWDDTMpJ0+6N6hVra4EKuizTYLFgH9ynC9i3dBqt2GJciDBlZj3sHZrGKDDEVZw5fCN8+8ePK0Wc60z/TBpgUlh+9GbWB8//hCBufNCy7blQvP0ZSZyH138UWqSJKJ9DrQkrUJdW9BV4q0MiKdXXY7634mupveCjcNJfhVQ==
+gripe.			86400	IN	NSEC	grocery. NS DS RRSIG NSEC
+gripe.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . I7Pk++MV3pd50C8cqqGmZnTnj8dvqYYjefs1p4SGUTtGKx2jiT8BKq85ve4NPVjBXbI8HTUA0AZqd8Q+G+zlwBqqyrA7XFrnN3vqngk9itrKGNhdGvRWxxDeyCMTxfN35b9wHniEQSOaXbZx+gYjHK0ulHs0y+Wu/VbdseM0juqwzO16SfEuIxKkifB8ceif1YYNrq0Zz+nLv6/vr9Fwrj2pjnfPwLOAHNal3q6OEracouH5+fyvJfDfNS1HqYcnkzwf+zgIaeRSF+JO2haf8ZTcPXi7WABA8ZdJY9O5ypUfzN3A1lvRnUuNFMpI5F7dgQKy8jf8DF/l4PAOOnMf8g==
+v0n0.nic.gripe.		172800	IN	A	65.22.24.33
+v0n0.nic.gripe.		172800	IN	AAAA	2a01:8840:1a:0:0:0:0:33
+v0n1.nic.gripe.		172800	IN	A	65.22.25.33
+v0n1.nic.gripe.		172800	IN	AAAA	2a01:8840:1b:0:0:0:0:33
+v0n2.nic.gripe.		172800	IN	A	65.22.26.33
+v0n2.nic.gripe.		172800	IN	AAAA	2a01:8840:1c:0:0:0:0:33
+v0n3.nic.gripe.		172800	IN	A	161.232.12.33
+v0n3.nic.gripe.		172800	IN	AAAA	2a01:8840:f6:0:0:0:0:33
+v2n0.nic.gripe.		172800	IN	A	65.22.27.33
+v2n0.nic.gripe.		172800	IN	AAAA	2a01:8840:1d:0:0:0:0:33
+v2n1.nic.gripe.		172800	IN	A	161.232.13.33
+v2n1.nic.gripe.		172800	IN	AAAA	2a01:8840:f7:0:0:0:0:33
+grocery.		172800	IN	NS	a0.nic.grocery.
+grocery.		172800	IN	NS	a2.nic.grocery.
+grocery.		172800	IN	NS	b0.nic.grocery.
+grocery.		172800	IN	NS	c0.nic.grocery.
+grocery.		86400	IN	DS	58537 8 2 3306B36E70FE436FC00B50ACD0D7C0DAB84DB02062907F3FF5CECE68F09CB68C
+grocery.		86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . aDonwyxAAmEG7GlZBiB2gBKq7hioeCQWInuVlQAT6XXYzYXGER3rgB9LacBRTSztYttGK/Ib0ahXYxjnklOCw+Bh3W6XTgEgHdFlMm5mr2DMjD4Sv+uaYSCTMoA2OB1KT78naQAWBt9ji1YkZXONfx69KBKl3CKQ6tPOV6GZ4SGxN3tJTVAQfgSwdiW+ZGfUxDursuyUqDJuNubxIp6qLYTD1pxrgsYA0gYA6BwtRwLCmTJOwLE8GXr78WOMaV0Nv1fD0NB+ScerXtwwG2lSqxiwG18H1BXq0H9/XHyvQTGfERRT6LQwS0AVT8d+ShzSXTwXTFv9kflg9OtQ2dpdQg==
+grocery.		86400	IN	NSEC	group. NS DS RRSIG NSEC
+grocery.		86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . b34auA83PBiJXbFXQ0t9lI+2J+S8+ha+o2HOA8LR6lMD33N3hEYzck7dlT4eFd7yqk/IVDdO9HjFkm0wtPIr++nORD7mbrc1Nv1Tbr3TzZ89zpPajjvJ/p7kW1nDczXZNz4nEyxtRADkVmoR+6Dgz5xDXfOZB6Q+uFLbTv8LF5K2sMDM5tXxd7k15CJPh/oIVGC4F7J8UigWi5FGf+Fv/QLitpVTk8ExgDSEhp7+9hJ96d2dRdRLMYZBPHjmWyPkCUUKtVvYTCZSO5yFZEvQZGV3rD6bfIRadThVwOnRFVbJ08XyoO6qXbYtQcj9Dr3+2dR9A0VLh2VPpGi6x/PKMg==
+a0.nic.grocery.		172800	IN	A	65.22.112.50
+a0.nic.grocery.		172800	IN	AAAA	2a01:8840:6e:0:0:0:0:50
+a2.nic.grocery.		172800	IN	A	65.22.115.50
+a2.nic.grocery.		172800	IN	AAAA	2a01:8840:71:0:0:0:0:50
+b0.nic.grocery.		172800	IN	A	65.22.113.50
+b0.nic.grocery.		172800	IN	AAAA	2a01:8840:6f:0:0:0:0:50
+c0.nic.grocery.		172800	IN	A	65.22.114.50
+c0.nic.grocery.		172800	IN	AAAA	2a01:8840:70:0:0:0:0:50
+group.			172800	IN	NS	v0n0.nic.group.
+group.			172800	IN	NS	v0n1.nic.group.
+group.			172800	IN	NS	v0n2.nic.group.
+group.			172800	IN	NS	v0n3.nic.group.
+group.			172800	IN	NS	v2n0.nic.group.
+group.			172800	IN	NS	v2n1.nic.group.
+group.			86400	IN	DS	63685 8 2 EFC04B30999B34C97394A6E337333B2C273A5CD765C6C83BE8858FEF57A5CCA8
+group.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . HibE1lAfSG9iA90PyhG5P+6wsePdzZUbGSzbqe82xEm910EzYWix6M0Tu/65tASMlyiE9JOExoX13/NMoPeOqqL/+sQ1NgzPSYsXpT8vNt9c50WUU8z4bYUQnpr5A7lsjv4hZKcepFjARs3KZUGDsQ6uPCmaFRTlj23oTWp4VGw3Ql0JOwry3eYo7yKqahtyG62eDRZBeky7Eyo0prra04FllCZmfSYox71OCEsJTSWhwPjRfqVEmxwiL2jy3LgxvSfBwhG11ohgQjSSlomQbnYl8lkaYTX8f/S/xkMkMMSSI868PCwl6piiztNMtKaryad5RJEyKhrcZAcw55cNNA==
+group.			86400	IN	NSEC	gs. NS DS RRSIG NSEC
+group.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . l00Bt09R7zBjWc2s5VVeyAwQmBC5yqfvPN9COZzwaqlLbTt/kNKBwhXGo830QYJYLjhRB9B1DjG+mTFBX6l8QSLb+eDFjClqvbCJ0FegBzK6EPT0o4EWbNTO12XakoGus+gVRdPyk/e2Vi1x8B8UXzGJiPGTUGwUTU1lZj+K/AtD/hw8S/4kqScnXsLjRGf5kt5Ku1/u6J2m67FmfaA+eEO6EPssDrN7c9HlcBUyxdNrgU4Z5nfMMLbFZC3vUwlwqcRO+ql4RJWsCdtIRmSbI1hIaa1gj0D0ggYqbud0B/RsViwwWqJxE6FkAKKFQUCXtXPmTwSFvJqPJKCGcvQR1w==
+v0n0.nic.group.		172800	IN	A	65.22.20.2
+v0n0.nic.group.		172800	IN	AAAA	2a01:8840:16:0:0:0:0:2
+v0n1.nic.group.		172800	IN	A	65.22.21.2
+v0n1.nic.group.		172800	IN	AAAA	2a01:8840:17:0:0:0:0:2
+v0n2.nic.group.		172800	IN	A	65.22.22.2
+v0n2.nic.group.		172800	IN	AAAA	2a01:8840:18:0:0:0:0:2
+v0n3.nic.group.		172800	IN	A	161.232.10.2
+v0n3.nic.group.		172800	IN	AAAA	2a01:8840:f4:0:0:0:0:2
+v2n0.nic.group.		172800	IN	A	65.22.23.2
+v2n0.nic.group.		172800	IN	AAAA	2a01:8840:19:0:0:0:0:2
+v2n1.nic.group.		172800	IN	A	161.232.11.2
+v2n1.nic.group.		172800	IN	AAAA	2a01:8840:f5:0:0:0:0:2
+gs.			172800	IN	NS	ns.anycast.nic.gs.
+gs.			172800	IN	NS	ns1.anycastdns.cz.
+gs.			172800	IN	NS	ns2.anycastdns.cz.
+gs.			86400	IN	DS	23990 8 2 2CBC82DA27FDB16662BF359F59DF1B63FA0AB720BFC2120F17BA369A3249FC5E
+gs.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . Rn3MEUxMoKf96xWiOtWXSxqzF2gnsjqKH9d4gITTrSYmcq1xba0XF0nEJNLUhCHYIq7rhSQ6zSVxBbBpy3X65f/0ffJySM+MyMnlJTkya2fgH+6zI8XixkCzINean/b/P2qaJJ8afz0++ikExNWNFt5I2j2nOeAqx+uFgNKbFWYvbrev14AHr4dxq+m725i37NDQitPpv79poThuDAtsdtiwM/4SlOqoRKj+iOQXfz4fAY45z7nyj6VZ5kBH/ZvVEKieOfHf+ar+Cn4Md92ZUBbtvqnCZtfDH8ayUo7TzL22PkfiYD+MHJB1ITujuybWTNkooF2pIl3laTCzkxALag==
+gs.			86400	IN	NSEC	gt. NS DS RRSIG NSEC
+gs.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . Mq5cQLwH0N1hv4NR247fy0QCZIco38dbikvOznQJgCY9Q00Aj9T7J1FcdN737qTCf2Gs8/XyKBfrFLvl0ZQvZFTySCxYoklunmgR5CxAu80ECjiETZ+rniKuxWD0gUSq9OnYn3SUaFvtNFrhGRFyp6JQ5HWesUygDNw2xKJqLy1xBS5DC1POXdm3LHjq1F3eyNRpfFgNk04ut6L4jxaZx1BbcNADsIGlIEMAPpB8IhV5mykw8ZYpIHsHWNQWUCm4FBcx1ONjcQGlTrJx5zEJVSIU1VzVbb6l7NQChXpspRn+K2v+6InvOEgG7yRpiwCw+9byzYPBlSrJBbOxfsEOXg==
+ns.anycast.nic.gs.	172800	IN	A	204.61.216.21
+ns.anycast.nic.gs.	172800	IN	AAAA	2001:500:14:6021:ad:0:0:1
+gt.			172800	IN	NS	a.lactld.org.
+gt.			172800	IN	NS	gt.anycastdns.cz.
+gt.			172800	IN	NS	ns.dns.br.
+gt.			172800	IN	NS	pch.gt.
+gt.			172800	IN	NS	ns-cz.gt.
+gt.			172800	IN	NS	ssdns-tld.nic.cl.
+gt.			86400	IN	NSEC	gu. NS RRSIG NSEC
+gt.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . CHI17AwDRwkF3aYC19ditWr7x1pX/5U7LYduFOyvPRXnErnz12fYN8SGri1UZjQhANBux5zULrjLcWVxKj81XUHjQXbr41/xac07QKcdV+YNCav1HKrUCNRWU2cKaZgrywO0pjLTffvcyMXmrxajFyihItwbznaEQUif6eHon5uJB0/Fps1uG1aEE9L4eYyicPDClAOAmLcVK7tE2fgN0/wc2slooDVDWjzW9Xr4Y87Ub44Peeff6ElepJRz5CuH9Qn8mbpw0lZaCqybBLY9Im/GU4MfmMnsvs2afOuAq7U5+KA7Ax8upNDCiIjri4x2NxA8WgBaT6nEFaioFbdzaQ==
+ns-cz.gt.		172800	IN	A	193.29.206.2
+ns-cz.gt.		172800	IN	AAAA	2001:678:1:0:0:0:0:2
+pch.gt.			172800	IN	A	204.61.216.95
+pch.gt.			172800	IN	AAAA	2001:500:14:6095:ad:0:0:1
+gu.			172800	IN	NS	gu.cctld.authdns.ripe.net.
+gu.			172800	IN	NS	gold.uog.edu.
+gu.			172800	IN	NS	green.uog.edu.
+gu.			172800	IN	NS	phloem.uoregon.edu.
+gu.			86400	IN	NSEC	guardian. NS RRSIG NSEC
+gu.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . w2Hy1PHQ03SiWLp4xzCJlRdnRGn5xpUqGIaKL+H0/HP7CGrOTG+KDzsun4HVAcLYiNtHyUXJxkam5CBQB5yT4qsKhfwllrn/Lxzi178toDVcNtWwiFfexkbst1lOUb2mIBcp0xRKOvqVq22beBQTnrGyVMcCW2D6QkqFVaH0IGuVQUo0Wght6mOUEuONBNP+5TPiy/b/XRBI1y21W0rJrD4WfI4xQ24jgPyVlmEwNCsat5Xg/e0cfpbHAjqO36VjMdXtpTcnmKrJ00YyGW6xVUrzgujkaL4QWWTYbbsA+c38pJMlaibFihDdyhjdAOWG6cTzNgyjfso+yIwv7c05HQ==
+guardian.		172800	IN	NS	ac1.nstld.com.
+guardian.		172800	IN	NS	ac2.nstld.com.
+guardian.		172800	IN	NS	ac3.nstld.com.
+guardian.		172800	IN	NS	ac4.nstld.com.
+guardian.		86400	IN	DS	5751 8 2 11ECDF54B3E2E3E14CE6B189827EB40D28D743708B8D461D00074046BC4B552F
+guardian.		86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . Cbr8xQikakhdSiRRH6YU0baW9CBY7L9nZE8GhGMu+3HN4vfJnAeDOUOYjFHbZNzo7jrmgJKJp98EgThfdT+0HpiJSc3fVPbwXpdqVclNqIpEv6As06Oym+ec3qI2/JjscZh78NdYxkzZM5H6JH0kI/sItVCHGw2EBcv0mdIAUFyWB3L1Xv2fR6SNFYr1aHcWMyzC4yqX4xzmUYvG5l+sdNi/nTuxGjxMR8J5GFvpR6Otlp7VhhscM8UQLwjbVwwyYRUqgndd84W0XZjgVZDYCv+Dlliep9yk9ut+PfQns6qpOxrOesB8TCuJ+V/7e3fzt/wvNPU1jLWuC9ZFs5Qffg==
+guardian.		86400	IN	NSEC	gucci. NS DS RRSIG NSEC
+guardian.		86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . RDrI5uQlnUxHwOiaF827+hGwPjyb0C/J7pcNUf92Pq/bOqC4d5kw65lokZ+2WwxNB43MjkSzUjXpPIvnV4B8D9pNoA8debZUJ1j6HiPNhsXdOPRvS99yj80lXR3wbsHQxDRFvALGFDR+rHFntQPT2YpNmEV4xxsvYsVmzb3EkaM6N0s5nYOWBo4wRGFqxXJj3N2bRPVEMfuQZKXexwhbTRZAWNVOcXXTta3/LvFCajXb0eBg088em4b0JRNz32xnuflB+lvAGCbw0lqspnrRCPoHCHU00PEmkRqp6qDYYMjbr2Xjbx4tb55DaIZZSuVXwzLT+U214yKRvYv+xvPJCw==
+gucci.			172800	IN	NS	dns1.nic.gucci.
+gucci.			172800	IN	NS	dns2.nic.gucci.
+gucci.			172800	IN	NS	dns3.nic.gucci.
+gucci.			172800	IN	NS	dns4.nic.gucci.
+gucci.			172800	IN	NS	dnsa.nic.gucci.
+gucci.			172800	IN	NS	dnsb.nic.gucci.
+gucci.			172800	IN	NS	dnsc.nic.gucci.
+gucci.			172800	IN	NS	dnsd.nic.gucci.
+gucci.			86400	IN	DS	54892 8 2 E13F3A9ADA4C86B25C68F8258D9922E8201FAE2845D6300298555856A2E1C938
+gucci.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . uIZzPLQcT1Zxw+aTPMcgs6sHUtAxHAESxhh4BigD5r8E3AGyIQ1nALtutCs+kQls333AgyIyUvOgHDUBVYdFxZrwtLVlF4auADySCLLYLrQHQ9BERQ/eyo8T2RWlJbFLMcADT9TH8XppJi+KwQrpFb46jKMpl3PY7e03XTTORFxve+wTXqRs6eVPEhLFTht8m9oGr48UzEihT//6iIlPU0G9kcekSXZznby7O+QJzKN+PuEIPrQDA79Glk5zkT87ZOtxEBBH+i62/fSe3kShzJSFMM2WfjQSsWPzQ+K+e48PuqpqNv+SMLSTX9xwT99FEKSmIzB2WdmVtWo2kzyqog==
+gucci.			86400	IN	NSEC	guge. NS DS RRSIG NSEC
+gucci.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . XWhxo0cLrUfSf6lf/RTYqnt3SrBNC1fIFshCeezz0AFbFUAir6/d3GEPuWTihw+fRKMdJzKCDj5uYVnWDvkvccxV3ncn6wKSE9158RTFhbQ4tnGG8NqbQpF3mWYLJ0ihtw1ByLUGC0gqDgcqe1Y+clGMGbhAyM+ikDEx4jjMXUNMuHlg01TDuz1b3xseD0KNOytmx8ntepkXDjPsIxs/0AdX7SCxsSfNl1iqVvIa6ZybG36AVmHDQjlCOcgz/HKteR9G6aNbc7NHg7ZRGInkjIxNT/99/KC3S6vZnq4meZO1HcWiJvTX86HyKih6SBZOMA3IPWtDVZ8p7Ws7mysmxA==
+dns1.nic.gucci.		172800	IN	A	213.248.219.43
+dns1.nic.gucci.		172800	IN	AAAA	2a01:618:403:0:0:0:0:43
+dns2.nic.gucci.		172800	IN	A	103.49.83.43
+dns2.nic.gucci.		172800	IN	AAAA	2401:fd80:403:0:0:0:0:43
+dns3.nic.gucci.		172800	IN	A	213.248.223.43
+dns3.nic.gucci.		172800	IN	AAAA	2a01:618:407:0:0:0:0:43
+dns4.nic.gucci.		172800	IN	A	43.230.51.43
+dns4.nic.gucci.		172800	IN	AAAA	2401:fd80:407:0:0:0:0:43
+dnsa.nic.gucci.		172800	IN	A	156.154.100.3
+dnsa.nic.gucci.		172800	IN	AAAA	2001:502:ad09:0:0:0:0:3
+dnsb.nic.gucci.		172800	IN	A	156.154.101.3
+dnsb.nic.gucci.		172800	IN	AAAA	2001:502:2eda:0:0:0:0:3
+dnsc.nic.gucci.		172800	IN	A	156.154.102.3
+dnsc.nic.gucci.		172800	IN	AAAA	2610:a1:1009:0:0:0:0:3
+dnsd.nic.gucci.		172800	IN	A	156.154.103.3
+dnsd.nic.gucci.		172800	IN	AAAA	2610:a1:1010:0:0:0:0:3
+guge.			172800	IN	NS	ns-tld1.charlestonroadregistry.com.
+guge.			172800	IN	NS	ns-tld2.charlestonroadregistry.com.
+guge.			172800	IN	NS	ns-tld3.charlestonroadregistry.com.
+guge.			172800	IN	NS	ns-tld4.charlestonroadregistry.com.
+guge.			172800	IN	NS	ns-tld5.charlestonroadregistry.com.
+guge.			86400	IN	DS	10625 8 2 10C4028323A5529518C24D007431E7878192CED09C8AB2B6657ADC624E8B8C16
+guge.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . KwGMQEn36V5Ti9qAqUXNUPxBA1hHxY5mEA2hXzYi4fh6SYYmNDReMGsP9LMydKkWHlumK+PRMlrmXZTcf5kPKu7ttVv2RNitKA/Sz/kcvR/7+J4baWse/+TMXUHsZXEkE+tFtnu6cVXJWinfYEzAtqzZuZWZ6xW0GR4i/O3LW3XSJDX5QxLUovJKI3WXB2xJ5GaudFXgPwTk9JYiHfOKy04HisLldV4CkNU80rs3JE8ruIY8rEWIXNN5kpmzxPzXsEDJ1mDyKCZXWOrIJ8s+T3bBqiS6hfP+8ra3JRPzeXjA9d8zOyAmlDe/MDjv56CWte/Fs690SuS1KRskjNfPwg==
+guge.			86400	IN	NSEC	guide. NS DS RRSIG NSEC
+guge.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . FmTUmBC126FImMdUQ9qDWJaQ1shU22OeDSXHoMihRALoFyXJrMLOqAoIe8YgNtxhPG9h+p36B39bnJQaMNSZY+NYcdHoZxa1YpQXd/WtWkYlJ/ur4N1JV2mgQyjfQwSyLXEaNGykhKokGzrfXYvPEPiukREaIWEm29n/OQ+90YxBAXha397E/DO/jeJvfq77W4mZXoBWOCuIw4idrH8moBULPDUWJ36pU2qf5kNAa9agZnCBvisSfmEd99uzMDpdCtNk4n7oO8RANBCO/XvBTs1aDvLUI9qvf+9HBSD5pmz6yxTrZcFUBd6pyiTpbPxaHqphHU5yOiTUJp+U/9BuTg==
+guide.			172800	IN	NS	v0n0.nic.guide.
+guide.			172800	IN	NS	v0n1.nic.guide.
+guide.			172800	IN	NS	v0n2.nic.guide.
+guide.			172800	IN	NS	v0n3.nic.guide.
+guide.			172800	IN	NS	v2n0.nic.guide.
+guide.			172800	IN	NS	v2n1.nic.guide.
+guide.			86400	IN	DS	49501 8 2 835F5372B348A923B10BB048B56758380A24320C66E5CB828C5978DC79AA2F08
+guide.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . ZG3vFz4HY49ZhRyv64bbDcpQM7jyg5SjgC2Ul812He2x3YK04EAvd86+xp69AB7faq8bmW990/LgnS4L81afUOZi0GH/nBkqseWOmIShuhDXtxGR2hOQXax7bg/ksoCRF2i1VxGKmjKsdm3hBpyFBSWVodKxEnQwuu9NfPcPZBLMaeoLYYbFbG327wWPohscARecSz4HVEOy/qPgUifnI4j/T/exvNqVjPVYJ01aqH5RLAyqZldXXL3rVMhkjhlRNXiNexy+FEoQabML+LPbZYKUFB/zjmXNFJryFoz1dgUxDnoakh6eQ+0fnOTXAPXVRPQloivx6ct8NtrRqjXcgQ==
+guide.			86400	IN	NSEC	guitars. NS DS RRSIG NSEC
+guide.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . ROyZVTY0CJehnkNRJtpK+WzDZKaWOF6iyXYMyo55UJinbPOsK1jVETF+EocKXRVyQaW8h2+M9raohhG9Hj+zeqoIQAG4M3dr6+iuWdI1LZ4IPpE40goo3pVhbPKS5t4EbJs1WZFTgEToh3LC2Hc9riX9qSPhtxfzFngw2fS1/rKD08ikK29YuFOqq1aVFWys/YJ86daKUWbNH+r+SjNyp5U0EquSyDiLW6g34E4THSxMr7TO/i6UtXhyDH7KZ6NPLUW8sdik6z2HZJE4c/pb5aJcz6pNTXvbRHYq1edNpA34PZC9IZYw1HLEAIdbLUtizlOiTrtJSkV/lr1vNJom/A==
+v0n0.nic.guide.		172800	IN	A	65.22.28.12
+v0n0.nic.guide.		172800	IN	AAAA	2a01:8840:1e:0:0:0:0:12
+v0n1.nic.guide.		172800	IN	A	65.22.29.12
+v0n1.nic.guide.		172800	IN	AAAA	2a01:8840:1f:0:0:0:0:12
+v0n2.nic.guide.		172800	IN	A	65.22.30.12
+v0n2.nic.guide.		172800	IN	AAAA	2a01:8840:20:0:0:0:0:12
+v0n3.nic.guide.		172800	IN	A	161.232.14.12
+v0n3.nic.guide.		172800	IN	AAAA	2a01:8840:f8:0:0:0:0:12
+v2n0.nic.guide.		172800	IN	A	65.22.31.12
+v2n0.nic.guide.		172800	IN	AAAA	2a01:8840:21:0:0:0:0:12
+v2n1.nic.guide.		172800	IN	A	161.232.15.12
+v2n1.nic.guide.		172800	IN	AAAA	2a01:8840:f9:0:0:0:0:12
+guitars.		172800	IN	NS	a.nic.guitars.
+guitars.		172800	IN	NS	b.nic.guitars.
+guitars.		172800	IN	NS	c.nic.guitars.
+guitars.		172800	IN	NS	d.nic.guitars.
+guitars.		86400	IN	DS	892 5 1 E421D29A8D62E53665069DD9B99E04A86F4FE8E3
+guitars.		86400	IN	DS	892 5 2 AA980F135EB29C27887F8DFCDD0BAB90DCCF0740EF3F11FB3256B8A6A8C7FBF2
+guitars.		86400	IN	DS	17278 5 1 C127E898212738F4A0723A1D4FEB33B59B7EA719
+guitars.		86400	IN	DS	17278 5 2 E0AFCC946458DCF20874905A1ED2626CFCEA262016AE87BC53F8BADFB0D497BB
+guitars.		86400	IN	DS	39502 5 1 6186E2C33FB4719080BE060E131E9339BF9CFA39
+guitars.		86400	IN	DS	39502 5 2 742844EC01D87ECEEC0D34B7DE1D39E376C697C73D36D90C9D5FAD65625B624F
+guitars.		86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . FhEJciwTvfATDp7mK7Y1JS4OIx0kL1Xj4bV85rnTpkImNaZdK8xkvtCcCE3j7fhkSm0T+E5rUUlK1UsRDAkOa4j/PMedgSlt0vjDXLT7TTw4OW7HaKxltnczniFS48HvG+JHRpLNBMUtbXkfzj369wqNGDrSqHwF2ZKX/oVvFP86IKV1k3Ap7cz34qgsY150lsA4LS+5LVih9DBOvKbTougDJkAThuWn5uILEpC/yS5U9qRGGFiATB4bG0TR/85oNaxNyDyT3d7E2CQP2tBLY6TRztoaZzHgM+OHz/dzhE6/ikqwJc+Gh77IWmWt3fLbRemZulybnwfaIQPPp2qWpg==
+guitars.		86400	IN	NSEC	guru. NS DS RRSIG NSEC
+guitars.		86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . LP/wbL/z+0/pt0nSTO2VQ6gLkDZ+NqXCvkz8AO9EK/O/74kxag+5okDARd9KT2WFiF3TNGEOVnLgAfu2QjP4SyWIojSLi8G7yuDU7Y95vc2i/zRIvm+9riZ6/asJsm0CHvmLJJIHwNhAWFiSUkKdmC4PBkk3x4HagkQgiV/i3U3Kij9Ou7PfOTf2Fy+xj0F5Z/BQgVNbRxHlhoOwP9fv6d7o4s/E3//rVgVAsp80mEVdJSpULerrfdGrneu6a6Hik4gLOvJ2/0BxaVmbnlBLRs6+zF0EcTmWmOZBuw9oOmHakESsL0AhjmfJJT9QKijkSqOHEY3EO2KDkesk5LKsRw==
+a.nic.guitars.		172800	IN	A	194.169.218.149
+a.nic.guitars.		172800	IN	AAAA	2001:67c:13cc:0:0:0:1:149
+b.nic.guitars.		172800	IN	A	185.24.64.149
+b.nic.guitars.		172800	IN	AAAA	2a04:2b00:13cc:0:0:0:1:149
+c.nic.guitars.		172800	IN	A	212.18.248.149
+c.nic.guitars.		172800	IN	AAAA	2a04:2b00:13ee:0:0:0:0:149
+d.nic.guitars.		172800	IN	A	212.18.249.149
+d.nic.guitars.		172800	IN	AAAA	2a04:2b00:13ff:0:0:0:0:149
+guru.			172800	IN	NS	v0n0.nic.guru.
+guru.			172800	IN	NS	v0n1.nic.guru.
+guru.			172800	IN	NS	v0n2.nic.guru.
+guru.			172800	IN	NS	v0n3.nic.guru.
+guru.			172800	IN	NS	v2n0.nic.guru.
+guru.			172800	IN	NS	v2n1.nic.guru.
+guru.			86400	IN	DS	35665 8 2 3CC5E1CD14A0F2DED6856C1EC88785A7B9B36D6381263DABFA1AC1646848CE82
+guru.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . L/8+eGxsOTxzwlo1T0+T0WxIJo/HP0Kay8o4GSUb0EQK4+cfUSH3Awgjlir2JQFKrfixFL2JKrfaFdvnM7iJd8ZAMkGk0gR21Djh8l2TYa2ISfmR6YdkfiKAg4QwTpy/SV8QRdCZsxIL/A4Odd/IZ7mRCrAT11xrD6+vilkf+4adIJsZBLJqmtOLi+CDruwGWUbKp1/mF1jI8Rfmq5PGK+6DUdfuQN2aARQzTdhhqSAxZkEFpt1YaHtoltoacXcLYgGYKksmS3BgMdPkl92hXsotFt2X1CsKOKpcNlWOvbcUefhekSj0IyLagN2QbCemgaF7pfAqADcBzvaMM899UQ==
+guru.			86400	IN	NSEC	gw. NS DS RRSIG NSEC
+guru.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . Y2KZE6fHTrfxfmzXz4NRSMj8/wYrvMZ64cll2oOQIrfL5pM6P2TQoqQFeAUO7z9dyQoJa/Mkg8nzc78vRKuJNFrymZrKA+Gm2vaslJ+Gljow8cgLG4/zOJue5cZmZlhIkPwqGBNGyzL/HH/s0BB335bZcCFyEPpgqiZz5XVfC8RNEA8Hh5A/uQTrTjqzjEyMJOtybGMMZvpSTSxTuldJ/hWQPMSGszrdZ+VWfdglUHWl6rFBHXGt9E0HeJKUZ+k4jJyKSamfbZ4FQXIBv5SA/hk1MdgR+7zPoQxHPhkWLyxzGP2DuJa3L8LsGJBTHztuxaZe4tlnPfOO+UodfHlt0w==
+v0n0.nic.guru.		172800	IN	A	65.22.28.36
+v0n0.nic.guru.		172800	IN	AAAA	2a01:8840:1e:0:0:0:0:36
+v0n1.nic.guru.		172800	IN	A	65.22.29.36
+v0n1.nic.guru.		172800	IN	AAAA	2a01:8840:1f:0:0:0:0:36
+v0n2.nic.guru.		172800	IN	A	65.22.30.36
+v0n2.nic.guru.		172800	IN	AAAA	2a01:8840:20:0:0:0:0:36
+v0n3.nic.guru.		172800	IN	A	161.232.14.36
+v0n3.nic.guru.		172800	IN	AAAA	2a01:8840:f8:0:0:0:0:36
+v2n0.nic.guru.		172800	IN	A	65.22.31.36
+v2n0.nic.guru.		172800	IN	AAAA	2a01:8840:21:0:0:0:0:36
+v2n1.nic.guru.		172800	IN	A	161.232.15.36
+v2n1.nic.guru.		172800	IN	AAAA	2a01:8840:f9:0:0:0:0:36
+gw.			172800	IN	NS	h.dns.pt.
+gw.			172800	IN	NS	gw01.dns.pt.
+gw.			172800	IN	NS	gw03.dns.pt.
+gw.			86400	IN	DS	31518 10 2 CAE77FE2299B3A08A4C78B400327C2A62BF65421D4BD98836228800C3B0722AA
+gw.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . PpH8adJSoFZQSUdUI2QH6VTXCAP1j8ngKy4CfYkogANWrCtYI6q4ypYVj5lej4jffpk9FjMeCJCbmWT35kqYaUbwnsq0PVyw+SbFaF7UbM2dt1gApdWY6KU+yz1yN+MphvnGh9MBq5NU4qmnhHV+f980m+dFLEfoeR7dcR/IQ7TLjjiXYvulZbWJzkZkXgveg9JMxuWjb9mP3RSsqXr3q5QrRrEPi0VNMn8RjkqoNKG6V/cNLOeZuX74YoJZMhoX10VTSBkIqMSSmmngo7hpK1RH4ZnOzV+/eHDNPVLYVe/lptKY5dZ1JBSqUbPPSZohAz92yKpYRKrjKlUoLCh5XA==
+gw.			86400	IN	NSEC	gy. NS DS RRSIG NSEC
+gw.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . lt5eScKBgN/IT/MhukgulzUM1SMKuK4VV7GtleZeAmE8J9vJoR3LeZDFVAlvQ9MMcQRwG0uwyMgpjRKTFFQY3FK/3wz62gqpv0PVT0HXneuSuAZG5sW+co1IkD4PiiwLzYgfYQSbaa+p1JhS2il7gFeGYqNmzknO+qw1fuD6w9z01m5nAYRH+T0gzz7GlTjRNSjdVW2yNlnI+46oJ39+fm27nXHkymubSyrRpPwLdiswfq72T5PLR/OB6+Ts3bVorrM5Ss1+mN4mdwsIDtrpqtY9CYgUZnJrqkTz5n35Y5uPNwQsF247/npEy6PrCfA2pQVgViuxgk3nikr7yOu6oQ==
+gy.			172800	IN	NS	a.lactld.org.
+gy.			172800	IN	NS	gy-ns.anycast.pch.net.
+gy.			86400	IN	DS	50885 8 2 6B06025ECCB7EFB21793E58AFD2CE16D5949884F4AC352047DACCD841627A3DF
+gy.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . eNu4eIn2IvfjsgoII50Z9+YnQ2DL2ZMPUYu6dbTQkWkg7+AienSP5whP375jWWRsUcqP3tSilvsiE7dlLphzXyOXAgUdGzKEQzfNa1NrIc2TOqZItF8Ru32lncl2ozcC8gy8npPno+jKr2c+DJu6rjpNvlc02rXGugK8JidoR7TB45nAjwIU0zbrsW81YHRQU5OR+n1kJZMAKxYna8JS3KgwgbuM/lz0wBBb2dqfJJkU6iSr3BTQMq9/5iJr9RCBNOZP3VTufLjQBDvVIdBCn4Khwl8ojdFAsiNAzUJstMyIYTENEceRQAvsNTFOEl5vNgpwmwE6Ma3CCJ2na31Bnw==
+gy.			86400	IN	NSEC	hair. NS DS RRSIG NSEC
+gy.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . jana32wImSiCRTT1Zb3jnsjHACbfuvGNUJSwtqRCOLmq/R0K7HASMUhQQ1cYGSEOr6OifGS5F9DkktmPNX15F781jdeysi2ZXochGY1HcOEDSFPrPSekLrzdXL6NfCHkudypGuXMPlcnSP4HD/25JWYE796AhlC6w8hVdsM47ciw3QugO03ZPPYxtE/fwqlle934PbCmiK8pj7i6R3zHPOJ7Neiv7pjVz5k/uLDHL/yqSi7FslhSaTiqXYUtesgSAcgZHg1UtHtBijw44p59obZw+MGBNqF8ztowVD0BXCJebH8FVhkw8KZAQqH58zDK1tUA9eyfQzvnzeDsQe3rmw==
+hair.			172800	IN	NS	a.nic.hair.
+hair.			172800	IN	NS	b.nic.hair.
+hair.			172800	IN	NS	c.nic.hair.
+hair.			172800	IN	NS	d.nic.hair.
+hair.			86400	IN	DS	30150 8 2 50CCA06C1ED8718A9398F347566C5FA6773222E7B3F152847292A5697CD8A7DD
+hair.			86400	IN	DS	39236 8 2 D8C88DAA478496C4F99A8CB5CACB0746CDDE2612E9668BEB6F7D683AC220313B
+hair.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . lonD0uegxAxH4kCULaxtq+sDiNiA6/dDgYu7mnbHJH2qd34icNNdqwhQPKIpdEu/GabII/dt69DSEGjod5D6MXvsIT9EdrOiKg/7VxLdf2pZjnCkS7zoZgBv/Y53om8Dk3U+Lp4srfcGavxEf93vbvkgqZ1qcdDo4XiQWczpAuCs5/n1HbhGqaEKRSY37acL3Ts/k2bzhupzGabPO6q8TYQf+jyYbx2mhxearU83mubtYqEDyhZIypXpxZzVjndgqi1L3m0bG0YMpU/rZhot0KXHuIB8ZPZb3mQWOEsO+gSSpB3uu8dnSVMjyvw70lqWaiHN3dxSlfabvx+/3mHnRw==
+hair.			86400	IN	NSEC	hamburg. NS DS RRSIG NSEC
+hair.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . tOKkPDtPwUIpv6+/qqxWVLV+kQLSTqjBOYtOyPhOTMi5wF239brAqiIrHmlmZTiaZWqhHMS6gj89e0sbKf1h60/MhqgCmuCJgVYmYdB5NgqmsE49aOWfbKQ8DKv9Jb+5pWaQ+mrnswUlDGNhd18nNHIZE8y0nK1KnlD8Zn0MsBLFOaKHS/HiFIH7wdJUDCBu/5Jc9ecNRAxX9C+xgQU99HM6gncKnao3gk++FsigaM2fctV+W5qZdMQV12NRewbsZb7qjAOsP56L0Sn+xrct5g2xpriqIrN+fNgp90SPaWCOnQ+c8oSAWQYjdF4dE3PQ0NsfHKX9dy6UnDFRa3vfzw==
+a.nic.hair.		172800	IN	A	194.169.218.117
+a.nic.hair.		172800	IN	AAAA	2001:67c:13cc:0:0:0:1:117
+b.nic.hair.		172800	IN	A	185.24.64.117
+b.nic.hair.		172800	IN	AAAA	2a04:2b00:13cc:0:0:0:1:117
+c.nic.hair.		172800	IN	A	212.18.248.117
+c.nic.hair.		172800	IN	AAAA	2a04:2b00:13ee:0:0:0:0:117
+d.nic.hair.		172800	IN	A	212.18.249.117
+d.nic.hair.		172800	IN	AAAA	2a04:2b00:13ff:0:0:0:0:117
+hamburg.		172800	IN	NS	a.dns.nic.hamburg.
+hamburg.		172800	IN	NS	m.dns.nic.hamburg.
+hamburg.		172800	IN	NS	n.dns.nic.hamburg.
+hamburg.		86400	IN	DS	12136 8 2 8BDC8642F1C0275904AEA61C126D9D5A5DB25881A564348AF218EB4165BEF7C5
+hamburg.		86400	IN	DS	39857 8 2 ACADFBAD24320A82CFAD9DC5DE24B5EF710FC0A9503F102596019B85ED1C74FA
+hamburg.		86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . i5irTZrXOY9TVunI2ku+1vlTxypPP9kGiJ5ar241e9USOkqQHsTxds/kFk7im4sqBMEbsO1DN4e2Z6by/pVpnpF5xsOky4viVG6rjTz6AaMTS2A8odnWx5fa1YZqejT4b0vh/QT7fFEbCHeGZGWnuGNrre0Oe1kt3L8Foy55SOAootwxNbqoeH4pz+aFyXYd164MAdWw8GIIzXqSIOshYvapp9UJGEKX+BNYAm292i+e2yK0HQvLMFKEJEnrOsEmZZogniy68+jVIteC4w+amc0DDTbhUvDhvSxPcQR3BnCMKG8cj0kTf4Irhk7CbYKaP2vOjvnCwPxkImCx4PtfWg==
+hamburg.		86400	IN	NSEC	hangout. NS DS RRSIG NSEC
+hamburg.		86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . D2gdHsZqEfllFEd7BFxGaCtzB+3Ar03yrmROfnTmQusz2Twx6C8Zv4Lfv4NVcW5bFGI/RkV9tsUOJPBcdKAfCO9x58IOPXPkjajATHY1uiisksbGnxrP6QeK3Op4DNeydULEJyw5tv4UQrFEKT+CaBTFHOuxCqOpFdRnf/cqU2toIo3nBMb9SMq55+kRclLqRyJNrpBSNk0WPndvY5sS7tv9yioPrkbzPI3czIcSKWV6My+cXyT++bsCG+e137WZmH3oLBaD3GPX+JnFbknF1OWQV+7IPKyOqK7NEA+lLClMYm0TrkarEAyz6B5GwgIFjcqzfgDNXPstUXMO//z3XQ==
+a.dns.nic.hamburg.	172800	IN	A	194.0.25.21
+a.dns.nic.hamburg.	172800	IN	AAAA	2001:678:20:0:0:0:0:21
+m.dns.nic.hamburg.	172800	IN	A	194.0.26.10
+m.dns.nic.hamburg.	172800	IN	AAAA	2001:67c:10e0:0:0:0:0:10
+n.dns.nic.hamburg.	172800	IN	A	194.0.24.10
+n.dns.nic.hamburg.	172800	IN	AAAA	2001:678:24:0:0:0:0:10
+hangout.		172800	IN	NS	ns-tld1.charlestonroadregistry.com.
+hangout.		172800	IN	NS	ns-tld2.charlestonroadregistry.com.
+hangout.		172800	IN	NS	ns-tld3.charlestonroadregistry.com.
+hangout.		172800	IN	NS	ns-tld4.charlestonroadregistry.com.
+hangout.		172800	IN	NS	ns-tld5.charlestonroadregistry.com.
+hangout.		86400	IN	DS	12985 8 2 007ECBFBF4E92E7FFAC278E5830D4FBF869C2EB5A1ABE1494463649A279FEF9B
+hangout.		86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . H7O0edbU1ikQGYsWb6vrr3WviH76GWzAbDcROjoULTDn9jm83qRLQCMTZVh144n3usKgU9TXNC5LudMvyjMUq9q6/KNOpcsSQB2H6obBjetYYrBZEdzBbUjWTEixUgmXTbx0QwisFhTXEYlwGqe1AR6oOivZ7vhK06LO7vrtkKmNHe0IoFkbTuWg6GHfmGkeBnF4+cBgnrsmIr+LLsif5SsqdFoX7Ke7obTZoWExaZQWbPhYrVYh6Nyj/6O2dnFR6+IDH5HQcD6gyf4xqM6lXkkq2r7yrIsAP51onmBL+T262ggWYiLM5FmM8N606lDCDjcdspofNXF8gOVJZacfYQ==
+hangout.		86400	IN	NSEC	haus. NS DS RRSIG NSEC
+hangout.		86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . gOXRBO1Dwc6zbHRTa1Go47UXwWWxMHHkkUsYoT2dsoPwqNdB5qJ9l/m5/hzj72CyEXbqw9R0Yn+GwSGbSvFJMk32QwioEPy93wspxLYfDDhBuXVsEoi6gnX0evsfMQjrp2HqJxY+Ah8hfDGOAONzK3dU1gdF1sZtsmBqxboSh5qftFLeEdLUg2bTh2aFaHAOXt333Erjo5Q7LcWv1vWMvEwRkoFj62AOGD/jNwM+2fkGOHgjtotV3PnCZ9nLc0/iXDB1T8vvxhZ1CQqnojv5RvJTa9zqdUE5PJvhVNzx5deq2YMszAR0Sb2p47WRsKWjY8S3YkqtjIEKEx3XwoGZiA==
+haus.			172800	IN	NS	v0n0.nic.haus.
+haus.			172800	IN	NS	v0n1.nic.haus.
+haus.			172800	IN	NS	v0n2.nic.haus.
+haus.			172800	IN	NS	v0n3.nic.haus.
+haus.			172800	IN	NS	v2n0.nic.haus.
+haus.			172800	IN	NS	v2n1.nic.haus.
+haus.			86400	IN	DS	33031 8 2 685029345E53264730379B0E27C87DE10ED93B0075F543D5887126E3DBFB7B84
+haus.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . gpXkaCslxpc9+SLanDP/k6pERWHtZ1JnYUwlToGyzxnJq1FqzAnKctmK7bWQChOa8hGdJy43cTn++nf64KdWPb+B54iit1+PM5lcTuEQStHPVpORc5dgzTx5LGLj+lYPI3UyBKNx7tEPW9k6rI8yNypN+ZYFDU7z79NBpyYMsDyL2MaRlv6qMaxSHjNxKysnFKroYB1RuQfJwjozI51x4ygt9ONn5syv9urqhPp9C6cA5NXTlmrpKqlwgqOMgQOSnOTntTrqHcY3tsTd6FFXhinjxf7bGwJpxt7Xoqr/Kwndtx7lBx+BO+Uoh5FZ8MyErtmwn7e7drRi6sSqldHBPg==
+haus.			86400	IN	NSEC	hbo. NS DS RRSIG NSEC
+haus.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . KgSTTAxL6sSgQ3k2/mYxqgWt/QXMCEtEU8n6G5VOxobsgZIv5uEdcNgFW4teAc631WBFW9DqyDCImarkDLf5ewY0z5KETmL2rcalVrERlS6tkiiT/rCQArxfS3vM2MvghdjTKOjYJlO5alN5cdmLqEPZ8omxcjIOpNQZKFC/RLoy2iBkyuddocXVOS8NBbagsvmFLi5eObMsdAoF+06czGRbXkCq7eYGTyc4bLWC4VGCSkh5eVun9kI5cQWnEgPLpgBegUCghlBfVR4vCI2eLaqsXtVGlIfdpEkiXMcPEh1q3in+EHLVR2XpZ1/G3VlymdIOU9Qw7iD0mmO1st1INg==
+v0n0.nic.haus.		172800	IN	A	65.22.24.20
+v0n0.nic.haus.		172800	IN	AAAA	2a01:8840:1a:0:0:0:0:20
+v0n1.nic.haus.		172800	IN	A	65.22.25.20
+v0n1.nic.haus.		172800	IN	AAAA	2a01:8840:1b:0:0:0:0:20
+v0n2.nic.haus.		172800	IN	A	65.22.26.20
+v0n2.nic.haus.		172800	IN	AAAA	2a01:8840:1c:0:0:0:0:20
+v0n3.nic.haus.		172800	IN	A	161.232.12.20
+v0n3.nic.haus.		172800	IN	AAAA	2a01:8840:f6:0:0:0:0:20
+v2n0.nic.haus.		172800	IN	A	65.22.27.20
+v2n0.nic.haus.		172800	IN	AAAA	2a01:8840:1d:0:0:0:0:20
+v2n1.nic.haus.		172800	IN	A	161.232.13.20
+v2n1.nic.haus.		172800	IN	AAAA	2a01:8840:f7:0:0:0:0:20
+hbo.			172800	IN	NS	a.nic.hbo.
+hbo.			172800	IN	NS	b.nic.hbo.
+hbo.			172800	IN	NS	c.nic.hbo.
+hbo.			172800	IN	NS	ns1.dns.nic.hbo.
+hbo.			172800	IN	NS	ns2.dns.nic.hbo.
+hbo.			172800	IN	NS	ns3.dns.nic.hbo.
+hbo.			86400	IN	DS	22906 8 2 5989D419F8A7D34910C197B7D3701B97BA5505B53F505E885EC1E33C006FE8C2
+hbo.			86400	IN	DS	32689 8 2 1EF470B15BC605463552D25B4BEF46AE67A79DF01C3FC3EEFD9EF2EB296FD034
+hbo.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . y7A38Gka5rNQHIaMmpaMV0CZ5kylwkuKAi6n38KDxJI3hkG2c1dpsNskEbR0A0+DV062yxmi/VtiqT3YoNhETYRD0tLaKfIRLAbCgzwcUQhO8qm+mn1zHv0iwo31ciDpavfimwPjrXfZxiYDcyGjR2FJ81bnbjSMrVcsXy3CjI/zf6Wo+5jjb2Q9Ukhw3EB4v9HTt+h+R2aNQta0VTc5Dci4i7UDIjk0t8sbuimTKYistulOiMuHv6Up9j8FkgkDvsB8MHdcw0x2q9VhUfTNnj8Rgm+dOd2LVUVWckn6D+mW9u2JehvK8F4Fe3P5fJggb30YNfSezYX6VLnoagoGCw==
+hbo.			86400	IN	NSEC	hdfc. NS DS RRSIG NSEC
+hbo.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . geuF5y+FURqNNdyQaJJS+VSmAZi8WzbxQ6fTtYuF2sveZXlFrleLpJLt13Vu6d902x7LOVIg/LxE1akbskGboPmwVHQJS8HcEFOAU59HX/H+UITpUXxJhSaeHMDEEySW1Bl0nCNtA4p3UJz+f+WWSbq2jrFjcct9liaqLdbRCGCDP9xu3L8N+x3mgQHKucNdRYcAYbLXGQT/Mb8ub8l6t5Pppq7L9hGCLYxkBdSuSREQ92TAL7XOK1vmC+jxNGywqLVLIBVbvqLtv5orlb4I/bqg0gT+kXp84wH12O2hjrdDMS7CAPietAi7emYTGHwzp3e5Kc0xqyCHsP7uJ0turA==
+a.nic.hbo.		172800	IN	A	37.209.192.9
+a.nic.hbo.		172800	IN	AAAA	2001:dcd:1:0:0:0:0:9
+b.nic.hbo.		172800	IN	A	37.209.194.9
+b.nic.hbo.		172800	IN	AAAA	2001:dcd:2:0:0:0:0:9
+c.nic.hbo.		172800	IN	A	37.209.196.9
+c.nic.hbo.		172800	IN	AAAA	2001:dcd:3:0:0:0:0:9
+ns1.dns.nic.hbo.	172800	IN	A	156.154.144.70
+ns1.dns.nic.hbo.	172800	IN	AAAA	2610:a1:1071:0:0:0:0:46
+ns2.dns.nic.hbo.	172800	IN	A	156.154.145.70
+ns2.dns.nic.hbo.	172800	IN	AAAA	2610:a1:1072:0:0:0:0:46
+ns3.dns.nic.hbo.	172800	IN	A	156.154.159.70
+ns3.dns.nic.hbo.	172800	IN	AAAA	2610:a1:1073:0:0:0:0:46
+hdfc.			172800	IN	NS	a0.nic.hdfc.
+hdfc.			172800	IN	NS	a2.nic.hdfc.
+hdfc.			172800	IN	NS	b0.nic.hdfc.
+hdfc.			172800	IN	NS	c0.nic.hdfc.
+hdfc.			86400	IN	DS	23122 8 2 F73544D186EF971C4E3172EDDD985D4579C4BB60B5D04396921D25FF9095DC6A
+hdfc.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . jX0WB2EAQRy34l/tnyQ5CqPq1QXnD8KOWBdWTryO8bR/dRVPTzuxjZ/ThoMOko9M3fzmLUuVaHD+QwhIjiSlcVvyNRUxlkQUaLim2dQVSToBSeaOMgej+u+mbobk+juuYb+znAdBlCzZ6CpTa3WQAKd9myeT4UqprQlilR/t3QBeSRPGP6fdhGWnFQBSqhqUxu3O2sjXoIWbGXHf0LcpTyQFavi8W1T0G4VnS5cV8ubse+xe28B8ZLi5iJQdkqLQroBAtlPfURo/xUa/1z9C9Pl/pf1Ut2pOtNk5bEOcvr/ZI373lmyLCA+Bwd+c3YtpBQ3vuEe5qOSBRVybjJMJ/w==
+hdfc.			86400	IN	NSEC	hdfcbank. NS DS RRSIG NSEC
+hdfc.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . L1FhAwB7IJAFYdZTPQ9exQPbMxHvWL7t8+k44PXm8TJeAVoWtkODwpXJ/Ju2ihr/C/L/7Q25lrh0a7moTMnAQSF+nBuHiK8vxzrozOzneEwZ0JMsjSaXBTqkZxpYZZwNvHCd2sCHoBT4rcwbuYDC81MJVxDS2aPii/ornODs5Wpy4wLNYCYUqeWs5zrnI28x5xIM5epg1aDRQ2SvpGm0HZTuggLNmBAnfQyZG7X4h138pcA+/6e3EgIi/kY5wgkrwNjXOiSzTH5DBtk6D6M13dKWwhCjUHKqJzOw1dVn+3OmqcLNYg/s8t3VzqHyFOwjti1qgwEsExX6nGo2qoWBbA==
+a0.nic.hdfc.		172800	IN	A	65.22.176.33
+a0.nic.hdfc.		172800	IN	AAAA	2a01:8840:aa:0:0:0:0:33
+a2.nic.hdfc.		172800	IN	A	65.22.179.33
+a2.nic.hdfc.		172800	IN	AAAA	2a01:8840:ad:0:0:0:0:33
+b0.nic.hdfc.		172800	IN	A	65.22.177.33
+b0.nic.hdfc.		172800	IN	AAAA	2a01:8840:ab:0:0:0:0:33
+c0.nic.hdfc.		172800	IN	A	65.22.178.33
+c0.nic.hdfc.		172800	IN	AAAA	2a01:8840:ac:0:0:0:0:33
+hdfcbank.		172800	IN	NS	a0.nic.hdfcbank.
+hdfcbank.		172800	IN	NS	a2.nic.hdfcbank.
+hdfcbank.		172800	IN	NS	b0.nic.hdfcbank.
+hdfcbank.		172800	IN	NS	c0.nic.hdfcbank.
+hdfcbank.		86400	IN	DS	63937 8 2 B8F2CA908CC4E3526A25AD74DA7F2D9962B4A1692805AE8F5C0CEF5542745029
+hdfcbank.		86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . PXL19OCshZPL8LDUQKhApMovL7USahrRDPDJ36oRAwzIIlYbnEvKMULbdknxkhnROzYT34jlvHUvaV5yHCR/1U0KhqD+q83ADCMTdda5O16xzxkk2QSNSRSxzRJ5AUX1iHos1rdKFOU247Yjw9qCFLHgbTQ7w1+THQBuqMgac4dIsZeuZbtuhkuOCjH/jGN9oDWabWD6MUgJp/N/ACGNdFkEf3bXNpmsNq55pniCv43VoFwDE+Mk+tUn+rFt3URL+cApzL27vsYWLGdo4HYPYnOqFeSPT2L8o9Mc/SevmjLJEj9A5WehOAUDi1Wzl4cO7vNlaM35JYjvW7Swu3EQHw==
+hdfcbank.		86400	IN	NSEC	health. NS DS RRSIG NSEC
+hdfcbank.		86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . lx2+GVPooxohc5Eik/ZDLUKJvngEqueq0JcKtnVk0PpEzdh4ZR5OugDFNy3Spm73tIv7Q9Y2vXNyo/nLLnzw/sBZTC4Jc+yMhx9xN9xgYoT2B5BPZ6xGm4CmCpSsGab4XV9M7gCjScy/DMBNaRrFfZEx2HJj+F/q7NhX9+ggoq9Z9m6ewDke0XYKRSl7+2MkUHWkWOPVG5cN9zCpoalcQLQsKYZPVO3RGs1WvLymPzq5Z9DrQQVXCBNmIWaW/WfgARmqhxzGebjnINsPYLXGzt+jQn/No/KGLRGNniQ6js5YOGEb9Kyuc/BkSF+hk67oA38AJxG4A7K1tNyXIA8uCg==
+a0.nic.hdfcbank.	172800	IN	A	65.22.180.33
+a0.nic.hdfcbank.	172800	IN	AAAA	2a01:8840:ae:0:0:0:0:33
+a2.nic.hdfcbank.	172800	IN	A	65.22.183.33
+a2.nic.hdfcbank.	172800	IN	AAAA	2a01:8840:b1:0:0:0:0:33
+b0.nic.hdfcbank.	172800	IN	A	65.22.181.33
+b0.nic.hdfcbank.	172800	IN	AAAA	2a01:8840:af:0:0:0:0:33
+c0.nic.hdfcbank.	172800	IN	A	65.22.182.33
+c0.nic.hdfcbank.	172800	IN	AAAA	2a01:8840:b0:0:0:0:0:33
+health.			172800	IN	NS	a.nic.health.
+health.			172800	IN	NS	b.nic.health.
+health.			172800	IN	NS	c.nic.health.
+health.			172800	IN	NS	ns1.dns.nic.health.
+health.			172800	IN	NS	ns2.dns.nic.health.
+health.			172800	IN	NS	ns3.dns.nic.health.
+health.			86400	IN	DS	6277 8 2 4A5ECB53AE18B611B3345C9549E55E35944FEE84F50BC150D8667CF1449DFD06
+health.			86400	IN	DS	47641 8 2 B1F415477AD6386ECEB54957A181EC70D0B3CCDBC09C5DF6DCDD063F69BF0631
+health.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . uWaFrfZnFTns+ijbvVts+IijuhHYXCrSEEWV9BEtLyrwsOgV1T7G2R2HXcgJh8gjFy3P8uuNnaCTxXRG4BUT1oISHukhxsFUaOt/b+sn2hweRgjBF+Q7wZBpAPi9HDSh3EkkaVmup9jCpWgIsZ3Aom81+6dhWRBZhW1BQjZUn0ojXK63EPqHZY4lAFmnDR02FfqRTFqMXKXbFbmVmNpS+T3weAXkPAsFN6m1iTcbhIKnDjYDgSd1UC0TnxkVmsz4/C1JVdbXZqgkWe+hv8+613VCtE583EZAO4cNCTE5KuPhJ5VSUWC+9GzaExjNxvVIUnYVOBc8jBjbv9p3KTks9Q==
+health.			86400	IN	NSEC	healthcare. NS DS RRSIG NSEC
+health.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . eWePgZN5PwCSuy5Lkq4Bh7B2EYFHtX4Luiww+yXI3ub2Sql/UaSWOsf/1Fc/4tbRvCFQ0usT5fTYBVZRACNIYKYeqGl167LOs3b5XMfqj/s0wjvZNXPXvetDO0VfJfQifXMKEIjQ48CZX9oEWPBayiwwFp+TvYFZorrhBQQrvqu8dOKd8FsMTl/r3QQLTbfbuhEMIrTFCnhZWZBxVUSjvilnQUrw+pmJCS94mvt5iSjCoBanoUjiDVF7iOJYXby8jWybH4CZpiePHv7A/FXevj39wxfFfFym71iYCDnkx+pni8+ZtpYAyKk13nNssLy2d1da9tb34b3cArQ2CEzIRw==
+a.nic.health.		172800	IN	A	37.209.192.10
+a.nic.health.		172800	IN	AAAA	2001:dcd:1:0:0:0:0:10
+b.nic.health.		172800	IN	A	37.209.194.10
+b.nic.health.		172800	IN	AAAA	2001:dcd:2:0:0:0:0:10
+c.nic.health.		172800	IN	A	37.209.196.10
+c.nic.health.		172800	IN	AAAA	2001:dcd:3:0:0:0:0:10
+ns1.dns.nic.health.	172800	IN	A	156.154.144.247
+ns1.dns.nic.health.	172800	IN	AAAA	2610:a1:1071:0:0:0:0:f7
+ns2.dns.nic.health.	172800	IN	A	156.154.145.247
+ns2.dns.nic.health.	172800	IN	AAAA	2610:a1:1072:0:0:0:0:f7
+ns3.dns.nic.health.	172800	IN	A	156.154.159.247
+ns3.dns.nic.health.	172800	IN	AAAA	2610:a1:1073:0:0:0:0:f7
+healthcare.		172800	IN	NS	v0n0.nic.healthcare.
+healthcare.		172800	IN	NS	v0n1.nic.healthcare.
+healthcare.		172800	IN	NS	v0n2.nic.healthcare.
+healthcare.		172800	IN	NS	v0n3.nic.healthcare.
+healthcare.		172800	IN	NS	v2n0.nic.healthcare.
+healthcare.		172800	IN	NS	v2n1.nic.healthcare.
+healthcare.		86400	IN	DS	24502 8 2 DB68117556C537203B18D94BE79836F65ECCE06452C5658D16887BA2F0629C58
+healthcare.		86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . XfUXD3eWkhGEOMkU3d5/IjBtRC5FNRDWsGkyG83/OZ6WT/A6jJ0Beejw7uJ5eZUhMXB610XqXZRMl0po5vXMb91jY9R2Q5HwCuf9OYOUrRAHhU6bBA8OhnO6jUAxGndfNbIecd2GTqmwqGR3e2gHInprZIIRawgxMCxLzXUC3TNMqiEOqXl4ZS/XLVTevb7uxK+ZEYdhtXw9L5OMHsTCgm+wbuiuWs9kXpONEN81L6kZxLM9Dl5fL3IiPn6eVPu4zaMSY74qen75iyWWhfb+LXiWFFz+8bS3ueH8zaaPaTfOTaRCebnDSR3mF8kxJfblA7PgsThn8WH7+z94VSnJlw==
+healthcare.		86400	IN	NSEC	help. NS DS RRSIG NSEC
+healthcare.		86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . jHZ8TCJ628hcO3oKsJL/NjlF4JaMW01MQWcYjR4B1288qRJAq99aDX14eatUR6ihd+wYade0c28zQBoNcys+URYCjJz9U3figJrupQHvrc/dKD/syaQHH7rki/E+QLRA1Tj+dB4sdgpT0Y9aUWXbQmz/IjIj/Lt6TwoWsgdJPpoqNq493lYHbrLnAlu9S/w6tdOtSVnDBOSFonzWse9Ef4/HWWj5rEhGcwSZLNsaxMolPzUzxsR5MYqNFOhjDMJ11dA1RGVKxERPs48qKR0tZCxQrSmjZ++FPEtQ7VujUmv72so1XUoq+8X94QNsk7+n/Wys5H6ncMwy3XgBSi8/rg==
+v0n0.nic.healthcare.	172800	IN	A	65.22.28.15
+v0n0.nic.healthcare.	172800	IN	AAAA	2a01:8840:1e:0:0:0:0:15
+v0n1.nic.healthcare.	172800	IN	A	65.22.29.15
+v0n1.nic.healthcare.	172800	IN	AAAA	2a01:8840:1f:0:0:0:0:15
+v0n2.nic.healthcare.	172800	IN	A	65.22.30.15
+v0n2.nic.healthcare.	172800	IN	AAAA	2a01:8840:20:0:0:0:0:15
+v0n3.nic.healthcare.	172800	IN	A	161.232.14.15
+v0n3.nic.healthcare.	172800	IN	AAAA	2a01:8840:f8:0:0:0:0:15
+v2n0.nic.healthcare.	172800	IN	A	65.22.31.15
+v2n0.nic.healthcare.	172800	IN	AAAA	2a01:8840:21:0:0:0:0:15
+v2n1.nic.healthcare.	172800	IN	A	161.232.15.15
+v2n1.nic.healthcare.	172800	IN	AAAA	2a01:8840:f9:0:0:0:0:15
+help.			172800	IN	NS	a.nic.help.
+help.			172800	IN	NS	b.nic.help.
+help.			172800	IN	NS	c.nic.help.
+help.			172800	IN	NS	d.nic.help.
+help.			86400	IN	DS	10505 13 2 9F5FD17A8185397A597DC230DC457DCB5DB4AE9CD4A3285CC7CE8CAD823BFC9D
+help.			86400	IN	DS	58472 13 2 9313A5FF28806D26514B86F9A83A67B79692AB1FF3A4401CE49FC0488B607BEA
+help.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . gujqoFqGZU/S3YhIj29o2LvvqzRSF4+ostXgpACvqUzaKhKziHa7mJXairLKY1nf4VtbFONT6dgE9TAQd5bpKW+7mSq7gqTr2lTWqHZuqiG6t4n2Tg+qgY7P9hn0dGcL3Hsn5ToIId9s53Mb/KLsdwc5PmaYdMexsQZsmnCex1LuUK8TgzLPJfBRFMtYOZh9ujaDb5hckBwgslTsVJOtmQUDqfP6dzV41Hc/PqSrlgLvnwOkTdbN4bOg4dZS76qUJjmUgzHOBb2L7xLNrIEFbFvtUVKcTUVGfVnKqWvR/9+05SnKcuxGxdtOnt+7xG9DOFU9jZdtqt07c1brmM0VZg==
+help.			86400	IN	NSEC	helsinki. NS DS RRSIG NSEC
+help.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . gU+3YS5aQCgg7WY60RLkjtb/NbiTdPAW8DqKVzQuEEVZvWTqovucA/TOXCgOjVoPaq9t9G+8LuDtSEuW51g3RYXfhKAfbbyzCvS6Rir/55ogZ6kqZooa6LdhKKr9v4hwDs8l4t2fpF5G3G4Irdg/WSIrAZe6+AOhswWmo1DeMV6BTNGuyuc4DXwke3cRI+BquQZg5pp3YZclZj6nDiyxmFD8eQwijI8jG8OfIHQ+D7BjohwKMw9gzGNc2sS6ucxB6cvuOWN8l1x0WQQYP6cDGoqJ6ohAlPBhdaUwxs9ZEUdb+MgBCXLqYFq0kqlIPCMORN7VODqzOnNYp+hGhWz09A==
+a.nic.help.		172800	IN	A	194.169.218.158
+a.nic.help.		172800	IN	AAAA	2001:67c:13cc:0:0:0:1:158
+b.nic.help.		172800	IN	A	185.24.64.158
+b.nic.help.		172800	IN	AAAA	2a04:2b00:13cc:0:0:0:1:158
+c.nic.help.		172800	IN	A	212.18.248.158
+c.nic.help.		172800	IN	AAAA	2a04:2b00:13ee:0:0:0:0:158
+d.nic.help.		172800	IN	A	212.18.249.158
+d.nic.help.		172800	IN	AAAA	2a04:2b00:13ff:0:0:0:0:158
+helsinki.		172800	IN	NS	a0.nic.helsinki.
+helsinki.		172800	IN	NS	a2.nic.helsinki.
+helsinki.		172800	IN	NS	b0.nic.helsinki.
+helsinki.		172800	IN	NS	c0.nic.helsinki.
+helsinki.		86400	IN	DS	31639 8 2 069A71EF4B12265A44802FCF51B4531DC3835F8FBB68874FBF3565144A12770D
+helsinki.		86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . Kihr01jMMPwVKTMLvkCf+LBraGOx3niDYdv/wW0E1RtOf0PscPTVM5Xant1co9NZMM856U3qbLhQXpg3CGEEa8cYx873M/LAbAplL8k/uP4ao5YKcRQEke0yUDNqcSx7xeZ9+FA0dpA/QrhobEkHeVjSAtCYP7CT6jygjpbuJIRtbIJFyMX2es/8kqPr5Nk1OyX3fIn7EiBgMPROj+rviB9SmwcSAdtfbR1vResSYyFknWN7S/k9EkupzJx3k1ajOCrHTBsR5gW1dvzpHp0zzz0xEdSR9aiyuHOdQGFP+VlcA6Xir/C4oEg8gUTkE2+oOrXzym3MzILnV438QG3fsQ==
+helsinki.		86400	IN	NSEC	here. NS DS RRSIG NSEC
+helsinki.		86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . rBVpz+RyxUOo/4D3vjlvK1vA5aOgiZU9jR3m+F3qQNE8+q4wzmLn0g+ZVFwQVlix/uJRzT3njrK+G6BxLhPQHbWmpBcgxWXnjVj0wJBlO90yDqFNRUS1/6NlhJLh8N1OBhh/AG4SQ/cBh3AUSXRgpKSkpm97uz+kXp503CXeu+2NBf/DK6L4P0p1sypV/ek3lqBqQlUydPRyDMHXypZgBnjXwMjBfth4Dx7TSotlp3wsqEDnYAVdixDzRotrqKbvkoXFmSty8os2fJUPGSGF7Y62LzhpVDmFpGlbpPnMo80nhSALOqbP4h+WKOwyVp274PpVusx/ZFtLsmZ619N4KA==
+a0.nic.helsinki.	172800	IN	A	65.22.220.33
+a0.nic.helsinki.	172800	IN	AAAA	2a01:8840:d6:0:0:0:0:33
+a2.nic.helsinki.	172800	IN	A	65.22.223.33
+a2.nic.helsinki.	172800	IN	AAAA	2a01:8840:d9:0:0:0:0:33
+b0.nic.helsinki.	172800	IN	A	65.22.221.33
+b0.nic.helsinki.	172800	IN	AAAA	2a01:8840:d7:0:0:0:0:33
+c0.nic.helsinki.	172800	IN	A	65.22.222.33
+c0.nic.helsinki.	172800	IN	AAAA	2a01:8840:d8:0:0:0:0:33
+here.			172800	IN	NS	ns-tld1.charlestonroadregistry.com.
+here.			172800	IN	NS	ns-tld2.charlestonroadregistry.com.
+here.			172800	IN	NS	ns-tld3.charlestonroadregistry.com.
+here.			172800	IN	NS	ns-tld4.charlestonroadregistry.com.
+here.			172800	IN	NS	ns-tld5.charlestonroadregistry.com.
+here.			86400	IN	DS	32584 8 2 DC704BA2007A9F1F254659A40FC55762434B742F3919B6F31FDC53B8301657BE
+here.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . q4UxeHIXgPrDrVsyntzd5AqQie1QzMuShRRggBCMDdw08+75EMmV/OhDlfKmQyexVTpf8gF3llQWCUddMmZMdpa0HqXaKKKiZ4pq8kYwQWKqBbXvDJl/X0n6zR6zYXy0EI+1dONjR0Do2AML+dPIlPGJWIfKROZrTVunFQRYjB0jPaIiRzWgJUgL2P15Bo++Ps/qcp1npwCvIG14tmpRZmGSv48mwu0XWt7lw6QwBUVg3mKdJAlvuunYjUdSuHLftYSMPaoudgcp9jWSBjux0spEghqKJbJz/SE1p7MZdOyatQoaoT4R+fZUyrKMpGNsCHKyWldEULXz/6ct9ZoK3g==
+here.			86400	IN	NSEC	hermes. NS DS RRSIG NSEC
+here.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . j+uytu+p3I3ZfSTr8Nmr8pfEjDSZh2edTgBXNlujiiHQlWxXQinVURe/Lg7TUuXspwjsH6HzrCFW59CrJqJjkuQ+FJZvCTtjL5bIUnoUi41aww6d6PqTXtmYIGPb8smSFMDjsm5ePXRrYqsyhlelxJsCzOa10MB+D79axIYckH/TKSC6mVk3h5gor2Tb5DSjD01dPI6nHvbF8UIlfn+dCl85VWqYm3gjtMJ473ogNtKs/1oz5FIgPIpwNOle7jX5Yi0lkmFA/Rca5t10e24Oxesg62TeTIDnavtwXUKls4Xdg1F7ILJDRN8W038bZRCqYmd7i8PNevIXrORN4H1Btw==
+hermes.			172800	IN	NS	a0.nic.hermes.
+hermes.			172800	IN	NS	a2.nic.hermes.
+hermes.			172800	IN	NS	b0.nic.hermes.
+hermes.			172800	IN	NS	c0.nic.hermes.
+hermes.			86400	IN	DS	17194 8 2 F38AE5E161D402739020CC92A88DFA905A59972426EF42044C37EA6240BB9614
+hermes.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . G5zqz7ApwENkKaGQK6S8330YlrIS+wqzX2IWMWES/XWfZ1NIGiphrTLGOP4PTdn/TLH4Qg6Y1WJuYD5Ict9CUzMCgk4s4EjZ34zi7P3nXhY5RhnjRAmc+I62/3Ptg9OaQB/ykpPNC5w7V/FDfwDip3+g7iBJKWlqpCDEZ0SJpSviCoagAiV1gvCI5BQrTBCgRBOwcApFp/OMjq+b2wrUwUXlT9txEAlr2j90w1w2T+z9+mvqtB6SRjcBJ58sESO9G7W36W4an2iv0Rq+v0uVegrFD9Nr00O1OhEEHJ4a32dKWuWikchDCAxzYj9aNqJSRAXMhbkcPVbmAjt63pk3/w==
+hermes.			86400	IN	NSEC	hiphop. NS DS RRSIG NSEC
+hermes.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . FAKZ+4WPu2cwwVd3bgOdh9RFnw4RT0Q0h4SN1Mg9PXRV61Gs8rOwRnDYNNKS+L4HPoUH1oAQ5/h7srSCzmE8GmWvXDYCqNDUxiqNFZDOA8XLNEiR8EbB4V330pWXJgKRofxLL3lnlnmpgaI9BU+THIOMzS9lcqSM/YpsOl5tqpUtqrJzVe0I4WdCOR4drkpQE9khTAIJSIh8ToTSkPKLo9B1Sz5kw5bjfpirOGCbllZBCd9zMN92xz4BkjRslMDA0SigkozfyUdCuE1yyH6BkKbXSbU/FOtXNUAuNnAAJnMRkvGt1J/EOTXzgL61l8md+kxoe8OcqAoWl9blr9IxVg==
+a0.nic.hermes.		172800	IN	A	65.22.232.25
+a0.nic.hermes.		172800	IN	AAAA	2a01:8840:e2:0:0:0:0:25
+a2.nic.hermes.		172800	IN	A	65.22.235.25
+a2.nic.hermes.		172800	IN	AAAA	2a01:8840:e5:0:0:0:0:25
+b0.nic.hermes.		172800	IN	A	65.22.233.25
+b0.nic.hermes.		172800	IN	AAAA	2a01:8840:e3:0:0:0:0:25
+c0.nic.hermes.		172800	IN	A	65.22.234.25
+c0.nic.hermes.		172800	IN	AAAA	2a01:8840:e4:0:0:0:0:25
+hiphop.			172800	IN	NS	ns1.uniregistry.net.
+hiphop.			172800	IN	NS	ns2.uniregistry.info.
+hiphop.			172800	IN	NS	ns3.uniregistry.net.
+hiphop.			172800	IN	NS	ns4.uniregistry.info.
+hiphop.			86400	IN	DS	7668 13 2 DE0BDE4365798B5080D31D7A5A8E7182D4924938761BFD506AF371EA5CB36AB0
+hiphop.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . 0krzMm8TO97QcDdSJg4W8iPBhiUsTModhJZnSPAxyw8xhb6fNLHNtvMT7KJlUhVZoSHW/4oJq9W9VLoFaEny+pKttIfJfZdie+hoiORpfbsNBIu1fQWJfuwSNLd1cNQFQSPTVUFaq0l9Rg00BcXKhX3ewEl/FTUM3H+wy0qhopBdfVKu1CvK/AwpWWu4mz0QZ1O9aM+6HiMWD/0jNqVkpiah8V1z14pW1AUVkk1IggjrqRDZy9yyuJB736nDaXNMWZ/yAQbDf2DzaqtVn+yRrkE3PgG4bQmiOYu0RJAiSfD/X5XFujSUdlm4RNztabaD/yMevoo0DPCyBsuPohtR+g==
+hiphop.			86400	IN	NSEC	hisamitsu. NS DS RRSIG NSEC
+hiphop.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . BzOfsGyUC8Q7H17/T4Ij5/UoJL4Uhiqrbf9KwAvc2jeAKE3sA1uCu5oaprRYJPDt/sNAOW/Yl/PJRDboYH4weRMJUrzcnSM+iTIWnSMzl/Fn2B6kyD+HuA0PqQUJtLvo/u8xPYzKblHpQ2NXLvi+KK/TPi/lV9CHFG2n7LM01gzHlJ5//HMO2UVJbeqpChDq/23+fCJpKU8APgAqslbExoxYMetKO3hkxoyuPP3NBYudekre+Ql8C0LJWxb9g3SdEsZz7vX0Jj05mjm/GRNEVtbIo35PWxgK6eHjgfxT2DFlro5SGxd3In+2mAx5H/tMFCTlH1TTxQCrCsA7J0RXDg==
+hisamitsu.		172800	IN	NS	a.gmoregistry.net.
+hisamitsu.		172800	IN	NS	b.gmoregistry.net.
+hisamitsu.		172800	IN	NS	k.gmoregistry.net.
+hisamitsu.		172800	IN	NS	l.gmoregistry.net.
+hisamitsu.		86400	IN	DS	30364 8 2 02836F0E9FDB7E3CA5983577CCFED953698BD173D92A2E65650F73F14C39AC8D
+hisamitsu.		86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . xM/GFj632kNup1FAJBJsjA4fxlUaQvg2WG/Sp65E2g9uP8EynkA+JU/sf+THWikThVIEy/WZ7eNvjuvCRcMnvhAAF7Nb+EaIyFibaWCdlbVdYYAQ9QuGt2QsUCzaAiAUuux6QnK1mDp9uUYbJizh4NJqE0z3WPhS/7LxceYyjXOmorKr1wQ6fNKP8dX8Qd7Y6Rzzoh52J3rXZBdEz1DExGiGu8niROfWn6A7K0RcKIpkms0skgplu0HYCS6/91qqRiPj1/tXz2mukXCUxA5sx1Z0/QMw4SvWUj55/eFVjmqU2XB+47Qa1smWvjBWJJsdWgP9SI3KqziAh0wung9PLA==
+hisamitsu.		86400	IN	NSEC	hitachi. NS DS RRSIG NSEC
+hisamitsu.		86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . XEL0XZoUdpCYJHiQwdFxc79l0ZTAggtXUpgoC9fi/VA+cBI3TLDzjquoTESK04r1P295mtrd7hygzgwgVn8q0YqVtO/LqJnpHTH5jj8nFF8M80NJl7yHNEHshqY+mN74balLzeftfwyMjleLKzpIA9oHm8f73qZ8tyt7UDHjMY+SjxBGl6y3yg6J9SGFuVnatyUNiUvT4CkzGG158GibtTwDpFP1NO+bzUbnGMK6Z8/bJgylIMogu4pQB20law29S77By7SJQKdVnWa/GbgcOf1QCOlLpAu7Pse2ocw8vvGZ7Mv5HZa5dYIEBAZPL+uFka09AcJQnSrySeZUpu1FYA==
+hitachi.		172800	IN	NS	a.gmoregistry.net.
+hitachi.		172800	IN	NS	b.gmoregistry.net.
+hitachi.		172800	IN	NS	k.gmoregistry.net.
+hitachi.		172800	IN	NS	l.gmoregistry.net.
+hitachi.		86400	IN	DS	14525 8 2 03EA91AC19AEB9FFA37874A5F0F27F2A04C6EEAE162FD7D9C87F083447D31E5F
+hitachi.		86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . GnQ/KOzMlGTrY8d3ATnomtxrP3NRjAx4M5mYsRlSiLE2j4DFbHKAxrK1XH7ojv1SMYCYaaMnlDHL9ANBtc82Kp1TBGyccxez4Z3R7CCGddiOlo/g35zunVEQqx7h/Hab0MRG9kcV4sAPa6pcs6Caafe811v8mjyn3CO3xi3tWkHGfkpSRYACi3dQXwWOn0ZvseXEYIlNRYG3a+sEWE0AnI+mKKttHUVo1WzNw7mORRda0hegVKvd/aWKLjZpHDJoU55+M/Q3iXVLc32eViDPKmjD0FP38/sgQcA7aWaQ3Rf9VUZCnXNdQduvcLfnsbQeo+uFV9yrozWxcWAic5s0Jw==
+hitachi.		86400	IN	NSEC	hiv. NS DS RRSIG NSEC
+hitachi.		86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . L1k8gU1Fn/9dFmBxRODEthIlyYbYQuuCqwHFWntF9RKmbui9XQ8RICDcakRlwxMtHhVC9KYEIVHuEr6z5SJusUJfXJxg/l16Xuqq8R0RcpO/JOufCZfVIqivwLJfPsquvYW5CbM4HXE1oavT4EuOssMoWnO6UjgNFHqPUMODQS8JziBDlSZITyz3ob6zTxmS8lixpCvZxVOVsfDOxr65fM6Af5Bcpn4Bi7k8FrzXVhB5eEqcA5kIE/uWNSJm2aws9PBB/gFDG0f6Xmu74Zkt/hF8V7E2vTCBZPbS/J9q0D/VSezfN0aOuIB6Gdr4g6Glf+gfcfkth/XtjscXUHs1Kw==
+hiv.			172800	IN	NS	ns1.uniregistry.net.
+hiv.			172800	IN	NS	ns2.uniregistry.info.
+hiv.			172800	IN	NS	ns3.uniregistry.net.
+hiv.			172800	IN	NS	ns4.uniregistry.info.
+hiv.			86400	IN	DS	50937 13 2 139053A1DD36C05B171D5ADB695CEDCD3DB6EEA7B7A2B0700AADC4C8712B1344
+hiv.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . Dt9wPZ3BhLEhm0cJSi+IvMzTVHZXvMzQTjK/x3Dcw3yZAkA002xpHDzFKAIJn+iVFFYZb82oskZtfIsEg3M8OL3e+xv3Dw4KNoHfnWgtRc4WgLZRF284VDhRDKsOXPBgmdKingWriqT77KxYMVHirs7MvB+65ArLpoZFAdtfsPbp114btSTB2ps7r4cV6cpQMBTtaQ5wX9vvQufp8L6ZLUEDk7U8mXCb7eNfsWtvaR7TAQkQuIvriuYeQINhOWCxKKXFIF9kYHtFZecnLjRcItjVxZ4p+JaoUnWuIOKB70ZyZry48C44llMm8J2qXrU661EqAnAcHvfHtBIdR9OeYw==
+hiv.			86400	IN	NSEC	hk. NS DS RRSIG NSEC
+hiv.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . pnZVfNKbTtfnhjti06Pshz0+cvEBFte0F1v08NT5M+IIZW4M9WEOwrUClmMXPvvFaFj3ExDsw4QzK+Vhwatmbs+g08pcFADvCGDql7IApcBtWfO/7/cbhkYZ6mXLhFY0iJp3DptcIuYSDWfaBTTUD9MEO7lVBkYNWNnVN4wZaX9Ksv6pABhJegDIsPawxqxqSx/3cK8FrkPOFjSA04hVn6JN0adOmqv6U/QF97uXTehbU2/Y4Nuzr7JLQZEdB6xVPhF7tse/CgMcvNgclqL98PRYm1vDG7jMO/BnM9v4GLNN2ruPhiZRB5omuEu2tlE7vr7ySj8UFRhcJ7nK8Qju+w==
+hk.			172800	IN	NS	c.hkirc.net.hk.
+hk.			172800	IN	NS	d.hkirc.net.hk.
+hk.			172800	IN	NS	m.hkirc.net.hk.
+hk.			172800	IN	NS	t.hkirc.net.hk.
+hk.			172800	IN	NS	u.hkirc.net.hk.
+hk.			172800	IN	NS	v.hkirc.net.hk.
+hk.			172800	IN	NS	x.hkirc.net.hk.
+hk.			172800	IN	NS	y.hkirc.net.hk.
+hk.			172800	IN	NS	z.hkirc.net.hk.
+hk.			86400	IN	DS	859 8 2 47DC78A2F99D4702FCA38EFAFBF8ADE187B5CFDA762494D59C9D8C55C533C8FE
+hk.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . u4tGhX6xv21q/JZnARYlUpDzXNyZTJCZxNfr3VAedHKvzvvxs6AeoYLgHCBCF/ZYZtm0bt2390xWf2QdumRbpd63p2pkMRia57JxAYLM3cUH4FRex/8vcYjoN5ZU3ZOwJ0LLcbLATmgnGMCsb8qoRrnqs+TCZ6dVyU0jRDvIuXaSMwlu/IGz9jxnLf1pqhOChoEvtAmK4U80c4pLfCQJoA6cVags7a6PeRxAfIG1IlONryFXlinMb0Zp4Ln3ImKF1UIWZhHLvDLQmSr4sIyLGlbZ9XrrW/aG9FrLxpnywcYTOLb5+0vvwgGyXnfeJ1z2lFot0i69IHqAk2rOSyBe6w==
+hk.			86400	IN	NSEC	hkt. NS DS RRSIG NSEC
+hk.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . ou5+fnc6ztdCRRbv51YZYO6hz1kzhFxj5bQ4ULAfaK4NBB+LfZouKbImBVsCkk+5yGvOSgcigqGbh/lYw/0o0eTrD8MDDx4HAfGsnSpz+FZrsSm6cZesKsjF+hpV6/YrdM3V0Z1igK65J00WHZJdUHxkegGip6gdxOQiMCe51C1V5OMG1aAsboKg/WhCXpO3VLooRIMQ0rda4J2ih5z0RxxXE8pF5SJUpUdXksTbhuWFpVY9X26jDaqBfJbWOnvRxO9N1vNeb/4/lOJiWCRXf/2N4K3giV58WfYiIlZiJ8uhdDhm3Sg7CUf42krEzl461tk7MWC983k5yNXnXWsrfA==
+ns2.cuhk.edu.hk.	172800	IN	A	137.189.6.21
+ns2.cuhk.edu.hk.	172800	IN	AAAA	2405:3000:3:6:0:0:0:15
+c.hkirc.net.hk.		172800	IN	A	203.119.2.218
+c.hkirc.net.hk.		172800	IN	AAAA	2001:dca:4000:0:0:0:cb77:2da
+d.hkirc.net.hk.		172800	IN	A	203.119.87.218
+d.hkirc.net.hk.		172800	IN	AAAA	2001:dca:2000:0:0:0:cb77:57da
+m.hkirc.net.hk.		172800	IN	A	125.208.41.10
+m.hkirc.net.hk.		172800	IN	A	125.208.42.10
+m.hkirc.net.hk.		172800	IN	A	125.208.44.10
+m.hkirc.net.hk.		172800	IN	AAAA	2001:dc7:ffc1:0:0:0:0:10
+t.hkirc.net.hk.		172800	IN	A	202.12.31.53
+t.hkirc.net.hk.		172800	IN	AAAA	2001:dd8:12:0:0:0:0:53
+u.hkirc.net.hk.		172800	IN	A	210.201.138.58
+u.hkirc.net.hk.		172800	IN	AAAA	2404:0:10a0:0:0:0:0:58
+v.hkirc.net.hk.		172800	IN	A	204.61.216.46
+v.hkirc.net.hk.		172800	IN	AAAA	2001:500:14:6046:ad:0:0:1
+x.hkirc.net.hk.		172800	IN	A	202.45.188.39
+x.hkirc.net.hk.		172800	IN	AAAA	2405:3001:1:3a:0:0:0:27
+y.hkirc.net.hk.		172800	IN	A	137.189.6.21
+y.hkirc.net.hk.		172800	IN	AAAA	2405:3000:3:6:0:0:0:15
+z.hkirc.net.hk.		172800	IN	A	194.146.106.70
+z.hkirc.net.hk.		172800	IN	AAAA	2001:67c:1010:17:0:0:0:53
+hkt.			172800	IN	NS	a0.nic.hkt.
+hkt.			172800	IN	NS	a2.nic.hkt.
+hkt.			172800	IN	NS	b0.nic.hkt.
+hkt.			172800	IN	NS	c0.nic.hkt.
+hkt.			86400	IN	DS	2077 8 2 B467734F0F2A8287BA3A0EDDF252055D740F2FD0072F81095EB6A56BE2405EE0
+hkt.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . NjeJXWVmNo6uGr/E53nBvuGZuMWKQXsNqaZcIDoJ5RFZiwp7H+RgoHMsCmSLI517DbZ10nls5U2Ebex1UcGwMDnFCSl8OcpB99cVABH4p4U96al1gzrZJ+BH69DkrkhgUSVLV99e80WeLTCSSfb2Ak2fIx1FnjKlwoiYU4OmiwH6Mi2ur4JPQy7CTeNuHfcRsN9BpoA0ArpF2BfCFkf7VvkH5h5a2L8G43QgbVqLaF77/yfLwyYlcg7BgKlnEsSxl3VEaYgmGVGC2hOvwLXThNSNi/zWijuhb7J917U0qFP9bXUhofkbXaebu0vLKyh+pZvCgAUf5n/ZKudUl7+KNg==
+hkt.			86400	IN	NSEC	hm. NS DS RRSIG NSEC
+hkt.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . pG1OhkA9rLQbTwytyaNnkiyVTInVcB7B/fKIjKxZ3PXHM8/ptxZlQ5hoRpbyHIeNLJr9KJM+wAA6h78rG5CCiwCjURvweNIVHow2kfbuNmSRlSK415hO8sFEa+BSOBZpsCZLiC+TGw35gANPwUu8WcNQFGmWVxkmsmTGDt41DDuGhqJ/t+f/DNfUiK2gn2suoiRpCtuVoCW8PKIibyAggRNoyiivtmnmOTl0Hm82+fFZVud5DaMcYyZbVLME27P3ZzJU8RMV3EETugIDFQ5H7cvwD6kWjoTlPAZn5cGo/pSLehD1W9CIo4koSjWRr/3F1DXk3jzUBrFLwmYve5gqnw==
+a0.nic.hkt.		172800	IN	A	65.22.116.33
+a0.nic.hkt.		172800	IN	AAAA	2a01:8840:72:0:0:0:0:33
+a2.nic.hkt.		172800	IN	A	65.22.119.33
+a2.nic.hkt.		172800	IN	AAAA	2a01:8840:75:0:0:0:0:33
+b0.nic.hkt.		172800	IN	A	65.22.117.33
+b0.nic.hkt.		172800	IN	AAAA	2a01:8840:73:0:0:0:0:33
+c0.nic.hkt.		172800	IN	A	65.22.118.33
+c0.nic.hkt.		172800	IN	AAAA	2a01:8840:74:0:0:0:0:33
+hm.			172800	IN	NS	ns1.registry.hm.
+hm.			172800	IN	NS	ns2.registry.hm.
+hm.			172800	IN	NS	ns3.registry.hm.
+hm.			86400	IN	NSEC	hn. NS RRSIG NSEC
+hm.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . ptcmcAnTClklSFM/jHsFiUUCm1XOLgIcuRt5pYG5WLJrC21twqPg38LqqilVDRxf++jRRCoXAwCTLaN98U0mbJsFOkMpsPV+ilmn4ZvQNT24KKELiQlurn71U3MKrXXYf9JqQ0jNbN+EkgqlUqEATSLGra4P2MLGbnF/Xy4hzGpvh0rlxpAaEC5/VUbpstv54Na9VE6VyZHAuXrlH7glNOgI0Vey9NO2U1OEJi/pjnwfblUn1XrbrKjhM19M5DHwogxUiG9EUFhc6zKXQ+zQ48SS8MnsxZ+9wXfhcoAxv8diAXlg/+UZjGGX9r/bAzags1OJidCVEAjDLIMnxfLTjQ==
+ns1.registry.hm.	172800	IN	A	208.70.79.25
+ns2.registry.hm.	172800	IN	A	208.70.79.24
+ns3.registry.hm.	172800	IN	A	128.199.180.188
+hn.			172800	IN	NS	a.lactld.org.
+hn.			172800	IN	NS	ns1.anycastdns.cz.
+hn.			172800	IN	NS	ns2.anycastdns.cz.
+hn.			172800	IN	NS	pch-anycast.rds.org.hn.
+hn.			86400	IN	DS	20599 8 2 B7CA2A70DEA7188CB7319A8049164EF9D0E3496D8FE4E3C135CBA8452544BA72
+hn.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . j/tA62rWDydAo29DnEDHICCWnt73eJ0kNhcHiqJdIIkElmnA95m8SBGkqtBzLi4p6wN0CdnUDseU3u43E02Bo/YJpjl1TvL/OIzLCwh1WkhftKIT9OFdnPbtp/MqzatJ1SUlcxmSJH9b94sEPEaFJUnHNL+JQ1nPAjjSW3x+GlpgoP3ys7KDepIK++lgofj3iQHIWuER+/HqDJ+x7nhpKD7TdDs/njYI9OMSurVgzbt483x0VM9Fpz2U84AXsQGXYFBOVD8aPVyOO6RzsFgRcuprHqix+rIKqvJIZucFNnacxbMVZxSJ4oxoomhelj5vVgFIMJXF69/R/ZXHihZRZw==
+hn.			86400	IN	NSEC	hockey. NS DS RRSIG NSEC
+hn.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . rZO34tVm/QEijqYkBBiwGnM1gAtTyRryeoKnkO+t643LIVUvJj9gKTxHQooKMIVuueYMg13FgLWvzlae7H6shU+P0O7c2zQpuZpqkpZgkjiC8CDf18K8EHAjzjsgZ/Chxiwkur2Ms3MHxNotVMPMhya3xAOKmnTcaR4A0tqXigrC2aDheFe5fCt7m3SBm2uoDu59UD65md6kpIEtxtMId1F5sqnV+krQHjE+mHdNoNBjxyoIqUMkaCNki9DLoqDNAyseA6wfzmGjq59OMIIzyJfc5CYyaHHCJFC3GJmFAsTt+SkZ0ApxCNlf48z8CPgwspz97+8ZNq9EKgVxMvoQhw==
+pch-anycast.rds.org.hn.	172800	IN	A	204.61.216.64
+pch-anycast.rds.org.hn.	172800	IN	AAAA	2001:500:14:6064:ad:0:0:1
+hockey.			172800	IN	NS	v0n0.nic.hockey.
+hockey.			172800	IN	NS	v0n1.nic.hockey.
+hockey.			172800	IN	NS	v0n2.nic.hockey.
+hockey.			172800	IN	NS	v0n3.nic.hockey.
+hockey.			172800	IN	NS	v2n0.nic.hockey.
+hockey.			172800	IN	NS	v2n1.nic.hockey.
+hockey.			86400	IN	DS	17029 8 2 8BCCB97086905AB56155084578E7873C77ABCE3210245D2503F59D42D94D8CE6
+hockey.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . GSzriDCDDJN+0XeAzz3SF2n99soLCJIg1xnCknevG6Psw6ODVPY+IGEkUL9lmOGyLt7ZAA3QCRx9a5JHoTznndRkeynSL1PLJZ/deTVQH+HDeiq4u+bz6Gfd8PEHTuorRP77bKvh/7o/tYlkAQbk+37zQ+b8JhlU4ImiTI5UKgfV0kU709inY1K7oIoP9E80lae10VVUiH+ZUnAvNFeEZvj97pp9u6DIDkQSrxlBsAhoGL3paZw6Zra3BODVsyOdmIsbc+KB8npvP5xxPxOURzel7lKnomyoVIqcOA5t1Aq5JBE/YXEtFsxHgFOZ+TzLxEDcU5Im4v8l3zKNdYG9QQ==
+hockey.			86400	IN	NSEC	holdings. NS DS RRSIG NSEC
+hockey.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . dhMUbv0wZ8kMw+ZTuF+30Azz5LUBKgij6XBMgebV8GE3gJnwqRf0azQFGU1Ml5psm4ncLvGjvTkvWGQeD5+SyNBXp1Mlsc1Uxfrfq06i3gDEFAtB3UO2Mqw30LPruhiPQCRwlc5RvQNrHQuxrWgtZaX7Xp/vSubRKNIk8jluMeOvW4lhTXP0MU8rPv8rWlkkxKgPY6quuxQXZCG/sj/2n3/rE21BJE19Qvj2s+uOCudBMom84ovMxFG2UG7WXSFXnhhxl9Tiy0ICRM9x/cSOKenakstIDtBzEiiOSq+CwZnbYAZP6KR3CIdJfvxWoYqOvZk7iF/rjLo4sVlNV8SewA==
+v0n0.nic.hockey.	172800	IN	A	65.22.20.31
+v0n0.nic.hockey.	172800	IN	AAAA	2a01:8840:16:0:0:0:0:31
+v0n1.nic.hockey.	172800	IN	A	65.22.21.31
+v0n1.nic.hockey.	172800	IN	AAAA	2a01:8840:17:0:0:0:0:31
+v0n2.nic.hockey.	172800	IN	A	65.22.22.31
+v0n2.nic.hockey.	172800	IN	AAAA	2a01:8840:18:0:0:0:0:31
+v0n3.nic.hockey.	172800	IN	A	161.232.10.31
+v0n3.nic.hockey.	172800	IN	AAAA	2a01:8840:f4:0:0:0:0:31
+v2n0.nic.hockey.	172800	IN	A	65.22.23.31
+v2n0.nic.hockey.	172800	IN	AAAA	2a01:8840:19:0:0:0:0:31
+v2n1.nic.hockey.	172800	IN	A	161.232.11.31
+v2n1.nic.hockey.	172800	IN	AAAA	2a01:8840:f5:0:0:0:0:31
+holdings.		172800	IN	NS	v0n0.nic.holdings.
+holdings.		172800	IN	NS	v0n1.nic.holdings.
+holdings.		172800	IN	NS	v0n2.nic.holdings.
+holdings.		172800	IN	NS	v0n3.nic.holdings.
+holdings.		172800	IN	NS	v2n0.nic.holdings.
+holdings.		172800	IN	NS	v2n1.nic.holdings.
+holdings.		86400	IN	DS	25396 8 2 BD7D00CFF174D8898DFD6B1174E027E8899B1AA029555D54574F6165135F45D4
+holdings.		86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . DNx8dKj7WPjq1byxB3j5SUIN5vHduY8hh/YwlEKUdFoDBsUukD0BNCK09Lk5PIgqRN3I1ab1Zk8iI/u4PhU+NJRlkI0q0qMOXreMMbxwWh8PdZEhBaewOcT1mxCL9ed5znMAZZ6lIsniF35RYg/SkD0GG72djfO4pAVGjb/e+2p5d2Gws6puCzK+v7eJvtkD+6MKPfrlKHxGgn80SX+s/SGJDU4JfyQuiL1zkJiBIXwdP6WY+IvfVvXpwV2zck5jsPBINyruMpK1GrnS6uVIBmfXSLXvgCueIJm/MZxgqIXUwxg92vakbcZ5ZQVTqgOkXkUolJY97ZNSSv8RoJJHUA==
+holdings.		86400	IN	NSEC	holiday. NS DS RRSIG NSEC
+holdings.		86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . ThDASDUYwXrfQ1MdlBBmBZb+Pfenk7RdFWnQ5xWETZbtXu6hHI9cIhWcau81igeMNqrfnQhe63kD8mBipIva3Z/Hg/Nd+7OCs+kWd7K5+XTAaNTgX1z3eXDiv1rlwVm+I9ovDaZ2hlFrWuWNd/2kU5u9bvDeVSGTBt2I31f5CzutaGoJCm4R1AxDU51IfTKtnrkDJduPWM6i8Sewsfp5pqxlvVeyl4k+Jen/AJeJGZiht8+GFvyvqQs53SjsJAMGExkREFoCTtvp5xzOoXpJjGooYI5W63LQTuCCTbc8nTdcRq0WpjpIv4N1sbylsI/wavvuFRTbWZ6/wrSiXBJh8w==
+v0n0.nic.holdings.	172800	IN	A	65.22.24.51
+v0n0.nic.holdings.	172800	IN	AAAA	2a01:8840:1a:0:0:0:0:51
+v0n1.nic.holdings.	172800	IN	A	65.22.25.51
+v0n1.nic.holdings.	172800	IN	AAAA	2a01:8840:1b:0:0:0:0:51
+v0n2.nic.holdings.	172800	IN	A	65.22.26.51
+v0n2.nic.holdings.	172800	IN	AAAA	2a01:8840:1c:0:0:0:0:51
+v0n3.nic.holdings.	172800	IN	A	161.232.12.51
+v0n3.nic.holdings.	172800	IN	AAAA	2a01:8840:f6:0:0:0:0:51
+v2n0.nic.holdings.	172800	IN	A	65.22.27.51
+v2n0.nic.holdings.	172800	IN	AAAA	2a01:8840:1d:0:0:0:0:51
+v2n1.nic.holdings.	172800	IN	A	161.232.13.51
+v2n1.nic.holdings.	172800	IN	AAAA	2a01:8840:f7:0:0:0:0:51
+holiday.		172800	IN	NS	v0n0.nic.holiday.
+holiday.		172800	IN	NS	v0n1.nic.holiday.
+holiday.		172800	IN	NS	v0n2.nic.holiday.
+holiday.		172800	IN	NS	v0n3.nic.holiday.
+holiday.		172800	IN	NS	v2n0.nic.holiday.
+holiday.		172800	IN	NS	v2n1.nic.holiday.
+holiday.		86400	IN	DS	61717 8 2 34267E711A8FC7A8BB25EE22E87508951CAFAD73F29D332CDDEB3190BB9982F9
+holiday.		86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . YWXEnuhWz6pvkANm2Jjub3iFMHm6/dxr8C2hbKApJwRt7hLCyICdSPUmKVvmA9PAPOiDN2DeDgE9yPheuQ5Odf8l9c77KhufpFQ0M295209SbFWuISExJl61NRxRNS5uKKCvk7l98+WDekHtEq1GJpDJx2mxSKP7N+cDuGBRzhWkhbEirU/tGoogZlv4Bq8Nu2v1KDrc5spjoonfpXBEyR+5aBDcY/12j7Gu6LEGBX1E6vB/W0YTObpCLmmp08DwlezBkQ9Aby+bEsjFS7EjWci/LtEqN+0UVdu9+pQ37sO092c0iaBqWfRRuo/vAHKYGVxA5nv6433ctQTP/z4UrA==
+holiday.		86400	IN	NSEC	homedepot. NS DS RRSIG NSEC
+holiday.		86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . r7IQtGQuKKvnKXXy/orjUbkpRHnOJKc2dh0MLspRqHohjfRHpbXo9xEd7ZlReghHYBQ2SVafRSk0hDUwC0RDC335nemNqmUtJbnUBBkJNc7rvC1JS9DIQRRr24P9TkhY3tIXRZ/s1JccfOik38feFI9nK34zQyGMOLa93jQPMVhzdyqawZSb/nMy6F1CJxI7L3uSWu4YwCgYUE7vaHnth2qYxNdDN2JewIblDdYjWe8uZJKB9vPlJP/KyBXUXj7ceuujAR32cvXzzD8OPveXO10REEjKDtqe/lrG8Qf+IhakQoutsNZJuMp2SepZ6wkTExyAwyAgRcq5hiNgdl3b/w==
+v0n0.nic.holiday.	172800	IN	A	65.22.24.24
+v0n0.nic.holiday.	172800	IN	AAAA	2a01:8840:1a:0:0:0:0:24
+v0n1.nic.holiday.	172800	IN	A	65.22.25.24
+v0n1.nic.holiday.	172800	IN	AAAA	2a01:8840:1b:0:0:0:0:24
+v0n2.nic.holiday.	172800	IN	A	65.22.26.24
+v0n2.nic.holiday.	172800	IN	AAAA	2a01:8840:1c:0:0:0:0:24
+v0n3.nic.holiday.	172800	IN	A	161.232.12.24
+v0n3.nic.holiday.	172800	IN	AAAA	2a01:8840:f6:0:0:0:0:24
+v2n0.nic.holiday.	172800	IN	A	65.22.27.24
+v2n0.nic.holiday.	172800	IN	AAAA	2a01:8840:1d:0:0:0:0:24
+v2n1.nic.holiday.	172800	IN	A	161.232.13.24
+v2n1.nic.holiday.	172800	IN	AAAA	2a01:8840:f7:0:0:0:0:24
+homedepot.		172800	IN	NS	a0.nic.homedepot.
+homedepot.		172800	IN	NS	a2.nic.homedepot.
+homedepot.		172800	IN	NS	b0.nic.homedepot.
+homedepot.		172800	IN	NS	c0.nic.homedepot.
+homedepot.		86400	IN	DS	41296 8 2 547D577CB0C59BC0FDCA6D4A26AB5FA73588F9F7BA554A6ADFFF6B31BA056E45
+homedepot.		86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . RSzYdRVxCYYv8ZCpeOLdsQ3va0wxdOJ0Z7fzfw+u0vg3+hIXua0W4+D2n/zhtJE1q3aUnGFUZKZ1SZgyej28pBwD6QV3n4e3Dqy9/ffOH97/WLg34Ky8xHfdfn88U2sCQSkoAXkEfglE6lr/GtFye3PZJ5/Shf6iEI77BnLzMNYCoN/oMguIhvWjbYb1u3lwPH8AnfE3yASvm46nUiPy6tAyKXleIZBlAwj+2HzAKmrwMGng+TVO+ReLmOcofY7+W1D9S3YUVfVtKrHiEvssgsYlfLcBraByK9ETzd3G7c3aN8hYa51AwrEDm7O7mBqd2AObjcxPyFbTm9xVC+Kwjg==
+homedepot.		86400	IN	NSEC	homegoods. NS DS RRSIG NSEC
+homedepot.		86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . a8t6RvP6XhNPLHGp2Lncdd5cnwaFiwPUK65dYUYI6pczUflaxGSrBhUsWqpiWKOrEOLMc3CAF0tsQ3STRye0phH6or4hyNk6fqIjIuQHJsdaIFMnTNHrV1l1O2plCEwtYWacvvuJsskQPQnPVeOEyNt1hPoEEDc1yWG68BcmR2kP/a4RnCfGXgHPK9Pnc/E5ZMnNB0B2VAOafxY/YiyVeZ4YIq0QExvXRmWWUjJM9KGgg0IqG2ZPrav6VEy82qV8efxBs/GC4FSG5gHB/+FMSL7dsmQfiUjCbu0Vi8c7Jkpn+LBDOBFCjKiwC0TgeIPyes6vswdo8p71KGX8kU8ybg==
+a0.nic.homedepot.	172800	IN	A	65.22.192.1
+a0.nic.homedepot.	172800	IN	AAAA	2a01:8840:ba:0:0:0:0:1
+a2.nic.homedepot.	172800	IN	A	65.22.195.1
+a2.nic.homedepot.	172800	IN	AAAA	2a01:8840:bd:0:0:0:0:1
+b0.nic.homedepot.	172800	IN	A	65.22.193.1
+b0.nic.homedepot.	172800	IN	AAAA	2a01:8840:bb:0:0:0:0:1
+c0.nic.homedepot.	172800	IN	A	65.22.194.1
+c0.nic.homedepot.	172800	IN	AAAA	2a01:8840:bc:0:0:0:0:1
+homegoods.		172800	IN	NS	a.nic.homegoods.
+homegoods.		172800	IN	NS	b.nic.homegoods.
+homegoods.		172800	IN	NS	c.nic.homegoods.
+homegoods.		172800	IN	NS	ns1.dns.nic.homegoods.
+homegoods.		172800	IN	NS	ns2.dns.nic.homegoods.
+homegoods.		172800	IN	NS	ns3.dns.nic.homegoods.
+homegoods.		86400	IN	DS	8509 8 2 FF29069BA0204E904C1BA9407D98664383C7C9D65F4D33008A13042B497C93DD
+homegoods.		86400	IN	DS	15460 8 2 F6BBD1FAFC2A7AC4B287FB2EC8BE0907D52B7A812AA437F4672EFE4088454CFB
+homegoods.		86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . nOzozIMTLc/SWfJUlkL61u3sIkXbiIiNCclr2bX5tebB/yv6xQehlDH8NGNX3J0uOPKwHxJzIeK9grJWxadlk7OjA0KlBy7IhqhvkDAMiMe5UILWBcah/Yzp0zBu59Qf1An541lO2lmYlwfL3CT0OY3/7aZ2iK8q3dpBcMdPVa/QyDFXJxphPGVOJKs55Ja0CRfygoJEkJU5N/sob9YBeXQRQ2J+FrMr87KBgdtamD71LRTRfNXnHHum45BNvWTh95TSMRn+nUcI88/ETZudt3XLX5TYoFWJgys0R0RtuxcDZ76UolQBE8h4TnR9ed4eiWKA3rYNFkhP76pDx7kTog==
+homegoods.		86400	IN	NSEC	homes. NS DS RRSIG NSEC
+homegoods.		86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . c7+Y4iyGFwWX6cvEE4PRwVoGiYnHkhi8FEaT729QX1NTBw27AghRbcQUmNKT+E45oLKq2I//+ouva+Y/jh/xslS4S7ALeKqzi/ro2VNl9xu6q8TucWv1+8UHENOgyH/Z6NYiZ6+ao5C5GQAEOGqMWfCtTnGrGLm5n2NTzbJJ+RbElt92sBPjYip1yS445bajXhYTD5uCqRoeVu3cjhv7UM+BX6ZYL5xIYA2VgogNVXAdStXyJamjgfcZksq4aU697Nuq/NwNRLv2X6yjFQuh6w+HLSE5JFJhHKF5/hIMTI4L6yQihYYsQLu98Oh9nd2+T68ACQmH1/EN2u0osk8uMg==
+a.nic.homegoods.	172800	IN	A	37.209.192.9
+a.nic.homegoods.	172800	IN	AAAA	2001:dcd:1:0:0:0:0:9
+b.nic.homegoods.	172800	IN	A	37.209.194.9
+b.nic.homegoods.	172800	IN	AAAA	2001:dcd:2:0:0:0:0:9
+c.nic.homegoods.	172800	IN	A	37.209.196.9
+c.nic.homegoods.	172800	IN	AAAA	2001:dcd:3:0:0:0:0:9
+ns1.dns.nic.homegoods.	172800	IN	A	156.154.144.73
+ns1.dns.nic.homegoods.	172800	IN	AAAA	2610:a1:1071:0:0:0:0:49
+ns2.dns.nic.homegoods.	172800	IN	A	156.154.145.73
+ns2.dns.nic.homegoods.	172800	IN	AAAA	2610:a1:1072:0:0:0:0:49
+ns3.dns.nic.homegoods.	172800	IN	A	156.154.159.73
+ns3.dns.nic.homegoods.	172800	IN	AAAA	2610:a1:1073:0:0:0:0:49
+homes.			172800	IN	NS	a.nic.homes.
+homes.			172800	IN	NS	b.nic.homes.
+homes.			172800	IN	NS	c.nic.homes.
+homes.			172800	IN	NS	d.nic.homes.
+homes.			86400	IN	DS	33262 8 2 D9F3C8D72738EBA7ED5002404C5E2748E1AA47C83E36D33D2D4EB72360E49D80
+homes.			86400	IN	DS	44875 8 2 DE0934D0C6C5221BA3533739B3147E327A87F8E97DB379136A9343AA9D330079
+homes.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . Me8rTZvnRnLWAAr5FAstXCfNM+7nwh+3NOw8Qid9ZKkNtGPGadHODlQ44MNTma3yd9zOHZhV3008fdXh8PGi/wDAd9D/nPSIfXl3hWqCSaoDGc4cnaGTxcZJypH1gTHhZxN+TJofEaOhH5FaS89eRtIgIQ6fxKE80HNhty/X4LBKpPPeLh2hjWbSsV68o6g2bUZ+3aRYZqD1A6RavMt6Uxc7AuVdk8z4f+janPNvMeS1/m0cxnn1/pFXtZ1ToiPcftXOxeyyl7HfRdEfvND784Hf+TQhVcPuUTdp0W5A0n0kRz11LtDXnRVu5ZuvcVPEl2WclCMI9i+D4GU6nc4JTw==
+homes.			86400	IN	NSEC	homesense. NS DS RRSIG NSEC
+homes.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . BDNjdgaXbRhz11joU1yquHljUO/vsjjtfZMZPtBKMqY42hztMH/rB6JoZcHxSVebzPnFAyoD7OYs+vFu4GJ57Akexj4TFPDY7GZ+hveu2vq6krlY2swHCzBaKj3e+yop8NIyP6a3ECoXgmtswYC/xlDjBJVw2BE15tTtlf05YxNzWbbo+lWBs2DmJfS9/t671G4/TXAw5pJbk5cT7OV64/grNlEacGoP0G3yFCWa3s/ILTHkzAoK07ftybdhzytfDKlxPjQcFu8/Y5gBTJQzOuM4Gz2PbHRS2AtciYUwZLgA2j6b6P8DAH2ZIJsdFvHSrnt1Cp383CBGeylBokFMzg==
+a.nic.homes.		172800	IN	A	194.169.218.132
+a.nic.homes.		172800	IN	AAAA	2001:67c:13cc:0:0:0:1:132
+b.nic.homes.		172800	IN	A	185.24.64.132
+b.nic.homes.		172800	IN	AAAA	2a04:2b00:13cc:0:0:0:1:132
+c.nic.homes.		172800	IN	A	212.18.248.132
+c.nic.homes.		172800	IN	AAAA	2a04:2b00:13ee:0:0:0:0:132
+d.nic.homes.		172800	IN	A	212.18.249.132
+d.nic.homes.		172800	IN	AAAA	2a04:2b00:13ff:0:0:0:0:132
+homesense.		172800	IN	NS	a.nic.homesense.
+homesense.		172800	IN	NS	b.nic.homesense.
+homesense.		172800	IN	NS	c.nic.homesense.
+homesense.		172800	IN	NS	ns1.dns.nic.homesense.
+homesense.		172800	IN	NS	ns2.dns.nic.homesense.
+homesense.		172800	IN	NS	ns3.dns.nic.homesense.
+homesense.		86400	IN	DS	4507 8 2 C5400C84FFDE26FD2A4ED6374057D876CC46C0B933484F74A352BB1EF953B9A7
+homesense.		86400	IN	DS	15379 8 2 78DDB12E13AA6279D368770B09FCACB19F09C88E369372E5B77A294CEE3B21E0
+homesense.		86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . a2JvJms9Y6goDdcgshFU3z0w070Cva3mmoNumDTj+lBV2XnCqRrFFxHJknPVaYAr8sSsLo2SFAWEYAPv6rbRtRY01JSKbjuVRsRoA67FPgDRGZLhoY+k3hgVuUpbac8tyY8Z3hMsnZkg/2c7eZezp3NeUo6xKQiaQieEsIMh7T3p0CAgKidg0kvuSteupaqheSDMb9pHlq0mlhNqFfabbd2blp5eBOTSwplvKDUAGVBdC7ux/4ZFTOqCIyEcUEC8cmCPH07vh5MBr14zuRSdJrLXI4oqWOpnSxuZNDlEPf0eHXrm12sLwbayk+JUiBfWNSnpudj7cYzi8vy0xMGhTA==
+homesense.		86400	IN	NSEC	honda. NS DS RRSIG NSEC
+homesense.		86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . P488kn7Raz02JL1KWaehsgbKeSh+t52hmHCVLrH5DxcgIn+LsqhpzKo+i7XoGXYjRyGj5aUadnxN+9j1iw5yqu4q5gwhiW+wc/nkjzQkdp+k5PIaWJn+0Tf80OtvxJbXZlaEOpUa2YHfLajyoxkv/zJkrPdlJn3D/+sb6Ca34qpA0eZwlhN3mobESGneHsRUW6kpDyZyeEPk+UHKeuuHbFhwH7eZDHaxrybZ7YvW4KphsPQERfofNhF7rnS+hETeEve6aJ1xdJVXTwu3PDOL9yS2WEMwk8p9+fI7rHXafGrXSsK3idrD83EieuRhNi+rWs97AFwuHnmCZKq47tk+oA==
+a.nic.homesense.	172800	IN	A	37.209.192.9
+a.nic.homesense.	172800	IN	AAAA	2001:dcd:1:0:0:0:0:9
+b.nic.homesense.	172800	IN	A	37.209.194.9
+b.nic.homesense.	172800	IN	AAAA	2001:dcd:2:0:0:0:0:9
+c.nic.homesense.	172800	IN	A	37.209.196.9
+c.nic.homesense.	172800	IN	AAAA	2001:dcd:3:0:0:0:0:9
+ns1.dns.nic.homesense.	172800	IN	A	156.154.144.74
+ns1.dns.nic.homesense.	172800	IN	AAAA	2610:a1:1071:0:0:0:0:4a
+ns2.dns.nic.homesense.	172800	IN	A	156.154.145.74
+ns2.dns.nic.homesense.	172800	IN	AAAA	2610:a1:1072:0:0:0:0:4a
+ns3.dns.nic.homesense.	172800	IN	A	156.154.159.74
+ns3.dns.nic.homesense.	172800	IN	AAAA	2610:a1:1073:0:0:0:0:4a
+honda.			172800	IN	NS	a.gmoregistry.net.
+honda.			172800	IN	NS	b.gmoregistry.net.
+honda.			172800	IN	NS	k.gmoregistry.net.
+honda.			172800	IN	NS	l.gmoregistry.net.
+honda.			86400	IN	DS	25744 8 2 4214B1E2FFB881035440B32CB3C90675E1051A23AB5424FC07111EB917643338
+honda.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . G/NRIY3cz9HEbgMqJf2Ax81HSQtBbT5idA2TTalawSN2my+Hag9QdwgcSEiyDh5Pco+m4ub4SrmCcuqA5qMU8SS/cV0zEKvPp3GKRfQB+uVtJqyxJU4O5v2guMyFtwyJj7lIPzq2Bhpl0eOSH/WPObVt2u+WLozMIbB29+9mX/TbLxYqadW9NQeLpO90Ytb0Qg5vkvaTIl9SxFEKwrhUXs4AixxY2kA3l4qU2sPh+qErVh4MBUOLNzegyGpWPJbwbr18tOx4P6VtEX42vvpaM2FtIkeZYTKe//8aPNq5rEKAOYjVWyNeaeymhkbv/U5cDZ/aovu3cCRMCWAZHhvS3A==
+honda.			86400	IN	NSEC	horse. NS DS RRSIG NSEC
+honda.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . fKwEm6kYqgWcYN6S0ryXRiTPtiZ5D6wUXT07qxk9U2zC9jqvTKlGnLpZJMWYtc2WWftGaSTQrSZpHVGld9rBr7O1lpNtDEFOqTs4IGLN1/R7oDBv0MY9j95e5u1Zb4Bo0/TlptnS36b+KKgZELs8IeAE2Lt+TjLJHzfIgnUa7HyfEvt0Fh0Da/kg/89fpUJwY4/t6Rm5zoWoT3IoBppt59KzVlGfpEEhZzBvaVEg7FKZrlx1fET5L97uZ/3XAKxg3GATzIOcFEtpA3V8ecqAv7zeVpADjr9XZr2aCOT9pTv/rOAjZYrIju9fk8DrJtFTVwSbgO1rba/Ugd25d/85WA==
+horse.			172800	IN	NS	a.nic.horse.
+horse.			172800	IN	NS	b.nic.horse.
+horse.			172800	IN	NS	c.nic.horse.
+horse.			172800	IN	NS	x.nic.horse.
+horse.			172800	IN	NS	y.nic.horse.
+horse.			172800	IN	NS	z.nic.horse.
+horse.			86400	IN	DS	25741 8 2 04C915E78C75DCB656AEF6CE2423935D826C60319A9EAE29AC71F9E745C38975
+horse.			86400	IN	DS	49330 8 2 6566EDC407480E5F0F3D1F31E436BB5321D557E5805704868FCA3A59E6042D38
+horse.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . Hcf+9E5+awHYWsw/4EJoU8o/EFT5OgCS0kbZNu9ZFZDpvzE2jsniQOnXp4pmIHB/VFU43J0kwzIHgBaCbakaRZSfEIWpr+2Q4ES8NCyCDUbHR8qP9O/eCWfWrlSTpEJCsjKbRoHzxau/TWpCPwKXJr5nq63rf/SnFupF6+imYTMjLNZ5EWCvScLZBBYRlfEqViVSgEociGNU9D5rgMxKQhCOXi0Yti+dq85BeUtlSMniE7gxUo4to30LFVt+XZpyfzy/u9ZJ4w0NjdcuzGZj183ofDzffS6W/BOBfKrAIAx1F17sSrkGH1Wmgnb9LcDy5yrNqrKNwsB3STiF7P9qBw==
+horse.			86400	IN	NSEC	hospital. NS DS RRSIG NSEC
+horse.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . mprOyE6eTMibLWwos/FL5q8wAd35AknY/otop2KaT8cqjcS+4U6fWJVKR8Um0kXnJU5XO9TpCYz7H2dljN4xq+gXLkIqljQwm7epgUCF3AQtygPk+zoLG6FIesfgzM1S0Bj+BcOGpsTw3tzY7FmImqbcBtW34J+cr7WVYBp2ahT4q2Mmp45y+y1NtanwdjMtlc0U1wihH504vxuYnt9HaGjP/EturrlDCPl4SKmsDkmMWB5hcmH9lA95iv68tvtA+6MA9XJCJlVaJGnXP38QyvvAx2ojwHYZwzYHsf4FA3Kqo2pb57xkaNmPxK7wX/OL76aZSexyrfmLfX3EaA/2xw==
+a.nic.horse.		172800	IN	A	37.209.192.10
+a.nic.horse.		172800	IN	AAAA	2001:dcd:1:0:0:0:0:10
+b.nic.horse.		172800	IN	A	37.209.194.10
+b.nic.horse.		172800	IN	AAAA	2001:dcd:2:0:0:0:0:10
+c.nic.horse.		172800	IN	A	37.209.196.10
+c.nic.horse.		172800	IN	AAAA	2001:dcd:3:0:0:0:0:10
+x.nic.horse.		172800	IN	A	156.154.172.82
+x.nic.horse.		172800	IN	AAAA	2610:a1:1074:0:0:0:1:82
+y.nic.horse.		172800	IN	A	156.154.173.82
+y.nic.horse.		172800	IN	AAAA	2610:a1:1075:0:0:0:1:82
+z.nic.horse.		172800	IN	A	156.154.174.82
+z.nic.horse.		172800	IN	AAAA	2610:a1:1076:0:0:0:1:82
+hospital.		172800	IN	NS	v0n0.nic.hospital.
+hospital.		172800	IN	NS	v0n1.nic.hospital.
+hospital.		172800	IN	NS	v0n2.nic.hospital.
+hospital.		172800	IN	NS	v0n3.nic.hospital.
+hospital.		172800	IN	NS	v2n0.nic.hospital.
+hospital.		172800	IN	NS	v2n1.nic.hospital.
+hospital.		86400	IN	DS	53629 8 2 5CE9EA127A6A20BA0171A93B41716DC419367AFFE7B5D9445CEB1C4C3A8252BF
+hospital.		86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . LnrkHEjWbY1rYUekd7C1kFN1dzftbD6wqMMJtxqPMOARoNCdLDBucN29FBWskVfois7U3sMX0r9/zWZGpW6BqhzgZLoNtLqKVYfTENsF8sCi38L4gX9YeQzyO6Uxa8i+O5H3jV6vsNF9fpDpHxF5Cub9ya6x9YiPsqouzAgIOkmlyRBhJISisdjbu+L+cB2BlfAH2JJOaEL1Q/aIpSa0aXtgquEe3Ipfa+0wbYcWc3flLMa3xggq/x4rb5AKnAemWUUEx0FclpXPbMv5t0G/qfx0JNmGMlcNdh3pCSCcukDrZsJuIQzXLQzh4dDoxe0bXq59wV1IHZqZ46IZuFcWTg==
+hospital.		86400	IN	NSEC	host. NS DS RRSIG NSEC
+hospital.		86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . U1gjDXc55M9nXqMQ3iunE0n3nCY40Ef0ha9rQimDC4sdWGy1erK7ySvc8gxkOxtJRqgMQctAOKLog/o9Kd2I8UZKtIh+j6qny8FUGMomvAC5h+LDK53BzzZgEl+Cq7CmSvI9McvdUbc+nqf8G+TeVWhtT3l6Fg7XGwi3uiLbkv7fKslDhDIhIGeo82E+IBcJlfOer2gYmyTDLb9Cd0AFSXCKcANRm5E7EMrqGfQZ1iNkbmPyYF0kLqdPIn+2lVPDOzsdrj/lKFlVtsEJJhnnmxZiJEjwjKLb9Y4THH71gY1TpGmevs9bm/v+0VzDi1XI/0+Gt9qmEt+JnDH4crPF6g==
+v0n0.nic.hospital.	172800	IN	A	65.22.20.29
+v0n0.nic.hospital.	172800	IN	AAAA	2a01:8840:16:0:0:0:0:29
+v0n1.nic.hospital.	172800	IN	A	65.22.21.29
+v0n1.nic.hospital.	172800	IN	AAAA	2a01:8840:17:0:0:0:0:29
+v0n2.nic.hospital.	172800	IN	A	65.22.22.29
+v0n2.nic.hospital.	172800	IN	AAAA	2a01:8840:18:0:0:0:0:29
+v0n3.nic.hospital.	172800	IN	A	161.232.10.29
+v0n3.nic.hospital.	172800	IN	AAAA	2a01:8840:f4:0:0:0:0:29
+v2n0.nic.hospital.	172800	IN	A	65.22.23.29
+v2n0.nic.hospital.	172800	IN	AAAA	2a01:8840:19:0:0:0:0:29
+v2n1.nic.hospital.	172800	IN	A	161.232.11.29
+v2n1.nic.hospital.	172800	IN	AAAA	2a01:8840:f5:0:0:0:0:29
+host.			172800	IN	NS	a.nic.host.
+host.			172800	IN	NS	b.nic.host.
+host.			172800	IN	NS	e.nic.host.
+host.			172800	IN	NS	f.nic.host.
+host.			86400	IN	DS	61142 8 1 86B9716C2E5DAADC785ADA27D4E8BFB190947D14
+host.			86400	IN	DS	61142 8 2 D15742398F5291B0E2642BEE5DA6ED6EF3F4497C65BAC0F5A6C9C8FF495CF286
+host.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . UjooCKPm8nH3HqD5YTTpWJW/chOb048OOnWTwd/z6lyRUxNFw+FzCK8dcCQqT6EYg32TxQ4b2faeba9kus60RYQrEdPT3w+RxOfPZq+BTWPskgeOj0pQYp5D2ah5Zl+TNyd/5iI2yaJ261Ltvo+HNoWJfygZxjZ0N4LrWImkVQGjnfq6A4FvKUNAabUCaDTKEak/j91BeAL8NNfWfuwWPGIqCjhah0PZhahvQ2a423zL0hgIfcufiRCLMswOTtmabF5pOCPiJcXaS0bqyw3wElI465FHwiFjnqi8tg1ThktPLKefk2TV8hsGjX8t40LBxWDVSvyLoKOD6QwxccOyFA==
+host.			86400	IN	NSEC	hosting. NS DS RRSIG NSEC
+host.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . WJoz7yRXCqfW+NYiS6rkirMNyxnvxI6elyPuO9vsDhN7lbuzIHRah76g452Z6h1kmK4cpC4ihOMyzl95W+TmGKFtYgwnNf2+VfoZtKsX3Czff6Ykg6pbIjdjRpWSVPcmKX6s7SwhuNXWDdrrLUiQivvRBEbTpIdlJignFHz6dpk2ZLpfQ1Uo1WLPrTQQuCLVXGnZwxCyvHQnQZAcPvggMVHKiqlei450L6ABbJwMYWY52aJK4fd+O1IZT/VwAExTN3AM7H2+OeCKNLs80SfC1kiUj67vFClZgSz8d/szO8CEHQUIjrGY3hY3RZ2tIU6/ysmgnw1GJCAWe29HtbnXUQ==
+a.nic.host.		172800	IN	A	194.169.218.53
+a.nic.host.		172800	IN	AAAA	2001:67c:13cc:0:0:0:1:53
+b.nic.host.		172800	IN	A	185.24.64.53
+b.nic.host.		172800	IN	AAAA	2a04:2b00:13cc:0:0:0:1:53
+e.nic.host.		172800	IN	A	212.18.248.53
+e.nic.host.		172800	IN	AAAA	2a04:2b00:13ee:0:0:0:0:53
+f.nic.host.		172800	IN	A	212.18.249.53
+f.nic.host.		172800	IN	AAAA	2a04:2b00:13ff:0:0:0:0:53
+hosting.		172800	IN	NS	a.nic.hosting.
+hosting.		172800	IN	NS	b.nic.hosting.
+hosting.		172800	IN	NS	c.nic.hosting.
+hosting.		172800	IN	NS	d.nic.hosting.
+hosting.		86400	IN	DS	27751 5 1 9A72CAB4A4CD51469DFC9E1DAC8B1476D4B5C66C
+hosting.		86400	IN	DS	27751 5 2 CF9F7FA35F5DCE998A5757081F6E790DF501F8B8FB58D0F9D8C4C645761A39DB
+hosting.		86400	IN	DS	46927 5 1 017305D89EE86615E38B0ED31F5EED0A797E8156
+hosting.		86400	IN	DS	46927 5 2 74803C2BBEEBC8D188832C4054B3FD230F31F593E3F5432F7FBCD860E3CB7ED5
+hosting.		86400	IN	DS	51544 5 1 EB0E1F6128E4B7ED6C0C0560F9A3EBC8E5100C33
+hosting.		86400	IN	DS	51544 5 2 8FE6BF96895D8504F0989C4DBC3741DF17B7672D5AA64107BD624089B5D3D403
+hosting.		86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . aT/KtU5KdBMgIopWwCf5kKJHoW7FbxRUfLhZtK/ieH1QUvuB3PW0KBgqiyeFrlWXm4FPgVNxIi3xABSRuwAT08fzrG73DTQb2tKT0JI4vOvuPMclVc5nXGCF26Y2HilXY64AMB4F4AnhPqmWvl9z04R9QV407LViZsix5E+FsYe7PC5gi4g2kr7exDpqHIXVGehb42jCX9M8pJhxknw5yWrETpzvFRAWpeT82Yeg1lFjxKumqKoLzDLk03kY0V/lrptSuXFtGuhiAzP3++J91Om/t2nNSTIdxgcDqiJxAWwkkYCfekwoEhq/rDJxElmI9khwdNt3zNisxqDQ4ErN7w==
+hosting.		86400	IN	NSEC	hot. NS DS RRSIG NSEC
+hosting.		86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . piZww4v+hX7LhS3KJExzklTfThVrg2IA27AjZiz0C9GLnATV7MfmILn5SONwJUTillJZSx4UGKoqVAOpZm8ytpKTh9ClI1XKnGOxsZEuNi8/ZIGHroaPaHNSRiFD2Qfgp/Rd2bXYY5a01Vk3UJQSw4UpTB1FTZbiA3E3MTYqJk5quepSLwnWfbRUHYgro8gpYFFhlq552kqSM3uyh35YTcX09AJ+2+sJZAMmUqiV2lWgMx09MVKaTRhW+fXdlY0PpslP7v1F+gWthh5O/aMawvhf3oQWg3waIA8HgVZQ/BfcAABsEOBvAZgzatudboAEuRYzMtnXVWaFOcQQ0PiyjQ==
+a.nic.hosting.		172800	IN	A	194.169.218.152
+a.nic.hosting.		172800	IN	AAAA	2001:67c:13cc:0:0:0:1:152
+b.nic.hosting.		172800	IN	A	185.24.64.152
+b.nic.hosting.		172800	IN	AAAA	2a04:2b00:13cc:0:0:0:1:152
+c.nic.hosting.		172800	IN	A	212.18.248.152
+c.nic.hosting.		172800	IN	AAAA	2a04:2b00:13ee:0:0:0:0:152
+d.nic.hosting.		172800	IN	A	212.18.249.152
+d.nic.hosting.		172800	IN	AAAA	2a04:2b00:13ff:0:0:0:0:152
+hot.			172800	IN	NS	dns1.nic.hot.
+hot.			172800	IN	NS	dns2.nic.hot.
+hot.			172800	IN	NS	dns3.nic.hot.
+hot.			172800	IN	NS	dns4.nic.hot.
+hot.			172800	IN	NS	dnsa.nic.hot.
+hot.			172800	IN	NS	dnsb.nic.hot.
+hot.			172800	IN	NS	dnsc.nic.hot.
+hot.			172800	IN	NS	dnsd.nic.hot.
+hot.			86400	IN	DS	48326 8 2 FD4F66692C3A0784DE4B089A4A2D499BD1366F63566860F6F80938D59E3A431B
+hot.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . LMcbkwRz52pJ48ZStmt11nlUll5hc5F3dfvAksiJGVQlTU7gBs8zT9ohFpu1uWYZ05tSpfnQtq+py42hIIf+7NggvCNdhhNVXV2XnulAoaYhLsyjc0YK56GffEn7ZLEfxQUDkXgY8M6hpSy9p2keAXnRM026GSS/64tMF31hldO0SEayU6340i5gHybn08Vgyg5ySmz0bGH9ujluuPushSUuiWVhohn8Rmp4Dn7177DfV4A98nS8eCvj0rIl9kJ0Kl0E/E9udvdiPA59xipQktZJNehCu7ox08aTJGPA8ljxlw7DUkgd/n/OYgbTIsDeC6wsRgZyBjVubn3oJwLMpA==
+hot.			86400	IN	NSEC	hotels. NS DS RRSIG NSEC
+hot.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . Ny1VITFvXeTysD9v7/fTdVJ5px3DE3Ui5HyEUBodYHrfKaAav+boKjgJCtDI2jrjBCpT5912gOEMTPVca/2ATWBj35+8XTNGek5Yx2Vrr0TJgzAvJBvd2lL72fc3l2dkjS/XTiPuJIvK5OcCN19PPY9FPBlSeZkQA2GjNCcnN9O3GBtj0bXvYX++ibscZqsaFK07++hNOgN3kuOdEaHFwoRT6TM0N7N3wJsuVrjUSSSSgdRsZkAvvyUp50AZnfpVkcOY7gObIoAasxQgAYphXLEUAGde5qjrfwKwg6qT8eligezT8pAzf4UKHKRGuWoIkw5fG+wOFJIlu203X7c8cA==
+dns1.nic.hot.		172800	IN	A	213.248.218.69
+dns1.nic.hot.		172800	IN	AAAA	2a01:618:402:0:0:0:0:69
+dns2.nic.hot.		172800	IN	A	103.49.82.69
+dns2.nic.hot.		172800	IN	AAAA	2401:fd80:402:0:0:0:0:69
+dns3.nic.hot.		172800	IN	A	213.248.222.69
+dns3.nic.hot.		172800	IN	AAAA	2a01:618:406:0:0:0:0:69
+dns4.nic.hot.		172800	IN	A	43.230.50.69
+dns4.nic.hot.		172800	IN	AAAA	2401:fd80:406:0:0:0:0:69
+dnsa.nic.hot.		172800	IN	A	156.154.100.3
+dnsa.nic.hot.		172800	IN	AAAA	2001:502:ad09:0:0:0:0:3
+dnsb.nic.hot.		172800	IN	A	156.154.101.3
+dnsb.nic.hot.		172800	IN	AAAA	2001:502:2eda:0:0:0:0:3
+dnsc.nic.hot.		172800	IN	A	156.154.102.3
+dnsc.nic.hot.		172800	IN	AAAA	2610:a1:1009:0:0:0:0:3
+dnsd.nic.hot.		172800	IN	A	156.154.103.3
+dnsd.nic.hot.		172800	IN	AAAA	2610:a1:1010:0:0:0:0:3
+hotels.			172800	IN	NS	a.nic.hotels.
+hotels.			172800	IN	NS	b.nic.hotels.
+hotels.			172800	IN	NS	c.nic.hotels.
+hotels.			172800	IN	NS	ns1.dns.nic.hotels.
+hotels.			172800	IN	NS	ns2.dns.nic.hotels.
+hotels.			172800	IN	NS	ns3.dns.nic.hotels.
+hotels.			86400	IN	DS	27175 8 2 400F3DB76FF23FBE5FBD8FACA3695871C6FC5FFA6CF116DEA6FCCC9E4711EA65
+hotels.			86400	IN	DS	51700 8 2 844A568CAAB77E76130C1551AC820B3A41A3C39F6419BA2411F9E3D3A581765E
+hotels.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . xNJqaOmdDMGlcRivwBMIBPfv1cmZKZp+juulCvENNEGy1NbXoSYBoB0/xZCIJY1wjin3in0GOiebixfxk8EzUa+YE8a8xS4UrIhR+RaMwRt0C/JLEEkGmQlu/2hC2XbqjA5EWZ2/BuirAkvrZNIuwQ5XLbhP69kVk8tFgnSLhAgBp79U9uCqYlSbsvEfxorgOj5EUYxSDnx4hTYVj4L5dktfrhEV7Zw8cptMfyMEM2pGlODpE1lCVP2ym+FQhNgJv190GaIai3djWt2kWB9hxLJ8ufvIf4OpweFqh4d5EZU/OhN3ZBZcC3Eu2aBOZo2I/8m+z5uK5a/9UbYfB/6EVg==
+hotels.			86400	IN	NSEC	hotmail. NS DS RRSIG NSEC
+hotels.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . 0yZTow68aw6Vi5Y0yYTOaC9AoFjBhrPWg93B8ntpWAaYZmYmBPoO9iwN9B/0Bv22o2TcM91fIDptcZAotvu2QTaKv4P+HxBZM1mB79Zua2aMTALhrrlQCPF40RzrtPWVNQbq7mkhPwYg6+b8njbkpA8RlhTfLLa8zbHdwWiIH1uHxdihyCzzfZ58fmZng4KCdmcSJULGHtM3sW6V7n0PJ6dczXtQ+CVmQ0Eboya8KIF7D0qBoKmSAj42hd/lPMQIHyrnF1H9dHs47S8OuoykkDxT41ufZbir62ongh08GtaCBzB+fsSWL+4SlZMBD42Bo2QDry9JZG7yFOiP5n19Cg==
+a.nic.hotels.		172800	IN	A	37.209.192.10
+a.nic.hotels.		172800	IN	AAAA	2001:dcd:1:0:0:0:0:10
+b.nic.hotels.		172800	IN	A	37.209.194.10
+b.nic.hotels.		172800	IN	AAAA	2001:dcd:2:0:0:0:0:10
+c.nic.hotels.		172800	IN	A	37.209.196.10
+c.nic.hotels.		172800	IN	AAAA	2001:dcd:3:0:0:0:0:10
+ns1.dns.nic.hotels.	172800	IN	A	156.154.169.3
+ns1.dns.nic.hotels.	172800	IN	AAAA	2610:a1:1071:0:0:0:1:3
+ns2.dns.nic.hotels.	172800	IN	A	156.154.170.3
+ns2.dns.nic.hotels.	172800	IN	AAAA	2610:a1:1072:0:0:0:1:3
+ns3.dns.nic.hotels.	172800	IN	A	156.154.171.3
+ns3.dns.nic.hotels.	172800	IN	AAAA	2610:a1:1073:0:0:0:1:3
+hotmail.		172800	IN	NS	dns1.nominetdns.uk.
+hotmail.		172800	IN	NS	dns2.nominetdns.uk.
+hotmail.		172800	IN	NS	dns3.nominetdns.uk.
+hotmail.		172800	IN	NS	dns4.nominetdns.uk.
+hotmail.		172800	IN	NS	dnsa.nominetdns.uk.
+hotmail.		172800	IN	NS	dnsb.nominetdns.uk.
+hotmail.		172800	IN	NS	dnsc.nominetdns.uk.
+hotmail.		172800	IN	NS	dnsd.nominetdns.uk.
+hotmail.		86400	IN	DS	12876 8 2 5D35F9E8561CE9835FBDBCD44FD9F80C93D5412827694BD7B17BC1477A8E70AB
+hotmail.		86400	IN	DS	30586 8 2 C055D04AC9301BFF85AF9424F6D368D206D7E4786813A22FD3CCEAA6928F50CC
+hotmail.		86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . dpUYhTx4P9p1UPwQh6XGpfWeREBwuqO2ceBDJahvVa9oYkaBT4EJX1ZEjUjQ3EtUDIBL8+pAOwcWVC12kWCE94A3eWFygcWw47uajSf0f/jEmFFkF8JfhHDYEnNkAIRgmgDuuiNvQwmCcem+XnKSq464iwCH9+0QjMM+Xkw58zQrgoddtXrj69CwmNNqu/9T/6jCKX7p9cNEVxsAZ/W5sMxkXmwH4XTh0mgjajvwIG54F5HnCDEyJak5Y+PCgBaQPQIsL5LewKbPA/VJ5vG+ql+ySCcb4YrryzUBKtXaRUroWW1SvZskyivla/+KKUGHzgSMh+0dxt/dI1Zkz/XOng==
+hotmail.		86400	IN	NSEC	house. NS DS RRSIG NSEC
+hotmail.		86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . djxpsNyx/Q5bPTM6wTzEN8zcui4zrwfRGXzBJ7NOfcPdyyrr6SjcaWxQvdUHJv1wB8KaLlQqS9KleI9iI9bvTJVigOFwIgdzqGH7hmJlf+hSgXCIYkj18J7ggv9DWYsIZe6dos69dWuXXAE9cSGfPdqbBm54LnhUMS8qwKbDgFbl1L7sy+olNT/VCF5cHc3Gv0tX1Xg/LqizA3DktEXNleFQnsj0TJsDewfdmjYWxTtdNLZtKdeXW88cJcqlRqSb45X/t4S0eYlWTgmL0mxdL6IqXVzw57OgTf4ZVy2PMr3k9Ravn+dMXzlmMO2g3TpcSMyKsuZ9RvELWYiOPWJjLg==
+house.			172800	IN	NS	v0n0.nic.house.
+house.			172800	IN	NS	v0n1.nic.house.
+house.			172800	IN	NS	v0n2.nic.house.
+house.			172800	IN	NS	v0n3.nic.house.
+house.			172800	IN	NS	v2n0.nic.house.
+house.			172800	IN	NS	v2n1.nic.house.
+house.			86400	IN	DS	12289 8 2 083BA725024957730C4C92111205FF8F4F0D0B8E92E16EE24E80BE98CEEC39EB
+house.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . CDKHdc0zRkmvsFXDeaGpyf4rrf/JGJHm56vzf+E5O4GqSauMmTgg6Yz4t9kRDAmi+FD/Afp7tqWo6Gkmn16rID+9Gk5e5jP+v9jWvUy9r/sfijqp9EKQpobizF0LDA7W/j7qI3Yj27o19RZjVWSJuxFSeY6o3lqOD4DIMwf+O8nMbYInL1s6wMhinD5l4X7HPJp/JvlqnxzMt6BA9NCuAklVMot85HoJJbkDjzQnu568k4j3MEGlpsGLECCFeEXxpskLlp+ZiUZiZxy49CemUeZZSWZ8PQc7ODQDyO3Xlco1Jxw/5ukJPXGAXf2xkWK4IRksw/kXQnyFtdMrHmO86Q==
+house.			86400	IN	NSEC	how. NS DS RRSIG NSEC
+house.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . lSXKTdUdBCJ4zt6BsmfQtX/2XPwEyIaa2RYOhB+mmCvpsrXOY+HMkyrvfEUrwg7hDbTJFL9alHhpJECM0rQqOlBw2I9ifTg2LaOBonBEKwswLy5WvNFUe3XxdX2mUaWW+irmXSXuLpXHEfwyHV5fu8UL030yZkOQ2N24wE6FlBlgRRxhiUH1j7uEy46IqofZYSY1jdmPw5Qu+fcBC7HuyDvc+2J2z6sGaaEHF89Uhkt8au5dkEvqAMSS32k/BRfu7VbPakRNX3iSXpCGo9VMBl85G7PkDTU/KtKgNiC3R3DyhWJ4KwxfdGb4+wgQ/aPSMeIcC+u1UgBmL9tjcHAO5Q==
+v0n0.nic.house.		172800	IN	A	65.22.24.7
+v0n0.nic.house.		172800	IN	AAAA	2a01:8840:1a:0:0:0:0:7
+v0n1.nic.house.		172800	IN	A	65.22.25.7
+v0n1.nic.house.		172800	IN	AAAA	2a01:8840:1b:0:0:0:0:7
+v0n2.nic.house.		172800	IN	A	65.22.26.7
+v0n2.nic.house.		172800	IN	AAAA	2a01:8840:1c:0:0:0:0:7
+v0n3.nic.house.		172800	IN	A	161.232.12.7
+v0n3.nic.house.		172800	IN	AAAA	2a01:8840:f6:0:0:0:0:7
+v2n0.nic.house.		172800	IN	A	65.22.27.7
+v2n0.nic.house.		172800	IN	AAAA	2a01:8840:1d:0:0:0:0:7
+v2n1.nic.house.		172800	IN	A	161.232.13.7
+v2n1.nic.house.		172800	IN	AAAA	2a01:8840:f7:0:0:0:0:7
+how.			172800	IN	NS	ns-tld1.charlestonroadregistry.com.
+how.			172800	IN	NS	ns-tld2.charlestonroadregistry.com.
+how.			172800	IN	NS	ns-tld3.charlestonroadregistry.com.
+how.			172800	IN	NS	ns-tld4.charlestonroadregistry.com.
+how.			172800	IN	NS	ns-tld5.charlestonroadregistry.com.
+how.			86400	IN	DS	58609 8 2 CF18DC0907A9D2F0D260C7C4A958EF62312BC64B2832002330A35DBC9FF59075
+how.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . mOoMXLA1ueK4hHeCW8cgudw+9rBl6zPHUXy1JpNDh2OmhiV8xJoLegFYcpiDV7hMRiB78U8yZ6+9ndWtnnmSyxgyENnw/m07OGyUA8vaPm7F5lowSmNQJbqAYOCJKamJq3jmq9e9BMwyURnMcPmQeCPKnBisrzlJEPK5eLlYlpJGGC7JpCDmUNFEo55nn3MdmvhTs3e/sTf3LBls5sKlMI4u225avroq2VV6zXcIrgdrFcZwtAiYBAvVQ7MOGK4CoGH6tDBz4M22rS7RMEDPaoVDvYKqzNNAkqNQVl64fyO20lpVPC/WfseSbxOewVukRWfbsSfXBTmZ46+4CkMaPg==
+how.			86400	IN	NSEC	hr. NS DS RRSIG NSEC
+how.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . Mq9mFKYYlP1XdLkkF4JoVKdp3p4StqvkrY8RcgfvawpZx5pI+Pzx57g45bgVHC8uEThLYiPVdRi4CemOL1WnK92/fDWqc6qINcvA6dlJ5BLsReZ5V5jGjHTix/ltAKuLUKZYJq8G7U16DnINjY1pPdqPLtCCv4yZY2nEMeU/rZ6UtNds2li9NzWbHRBax6YpL4qsMn/XBvRwa0/rQrmGMosylTP0mBE8EHrydt6Luv85DXdBhrqC31+0zi81IdV5UHY1YB/hMMjRZPlwwPxLpUrcctP0MMz+znb8VItbGNu24KZx4LE80qcf38YnUR6lU6LI5zaYPelEv4SZnppdmg==
+hr.			172800	IN	NS	n.dns.hr.
+hr.			172800	IN	NS	pch.carnet.hr.
+hr.			172800	IN	NS	hr-ns-1.carnet.hr.
+hr.			86400	IN	DS	63025 8 1 D2E75CC74208F81B1EE50EFF524259BDA1F72AC1
+hr.			86400	IN	DS	63025 8 2 1493B6F67A78F844E72953B29B7FEE9F6301F41E998BED94427C79A5AB60BAE6
+hr.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . ytVvDCWDOUqGM457g5CIUWC3jhGeP3lHArLGuuv5CgGeZtLfimYbfXXVyU5pPAb5LwiI9tZqR8nGNpjCedbc7foyQ+ceq0tYuW5Kg59nyzsXcyq/+7Pj6MZ4Io57lzHaYEJu/Ljfzj56zSh1mmkFc0Ox2sDXLU/MDorX5ntIsgV1k2drYNCwlCS4WdLVqGxKHrXZz8V5SkZxthfSRm3B8Niv8MquneuNEjXFg23wpu/9R2KDCCHn1Cl4u3406D+sWzBpdDvJlsxJyDT06C8nm2+bHQF89uReqnZPv0/vHMuGO/ISJ96+AGeiv/2e/YOR6SRIcKbA6eGGBtbgnB/Miw==
+hr.			86400	IN	NSEC	hsbc. NS DS RRSIG NSEC
+hr.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . JcXekDhO9wpXtrvQnS2/s96ZOLetWMYzka5+yn5jdX93LvNAmePB7n2eV4sYthNYro/ITBN/zDi5JeIZuBaqBQkj6lS2i4JzBkEA5kLwWRmHLM9pOrY8CPIC1RiR72nnesEgc4EjuUZQpxNnpRL87ahmvoVw0l5ztOdTWDRfKJtKJDiDTj2xv45NMpNQN21qK0+iDpba7sC/cjHketrFKeaiHcIT3BdwI6bDEB0U9MPgxqjaIZtLrQkkn5LmWF3zL4li183wFJDOi0rWTZxjPIpBUp43OfBW4tu8v+dtGiWpoCa+KZnnod4w249aEdery+QQZYtzD5k4XhzWLqApoQ==
+hr-ns-1.carnet.hr.	172800	IN	A	161.53.160.100
+hr-ns-1.carnet.hr.	172800	IN	AAAA	2001:b68:ff:1:0:0:0:100
+pch.carnet.hr.		172800	IN	A	204.61.216.90
+pch.carnet.hr.		172800	IN	AAAA	2001:500:14:6090:ad:0:0:1
+n.dns.hr.		172800	IN	A	194.146.106.142
+n.dns.hr.		172800	IN	AAAA	2001:67c:1010:36:0:0:0:53
+hsbc.			172800	IN	NS	a.nic.hsbc.
+hsbc.			172800	IN	NS	b.nic.hsbc.
+hsbc.			172800	IN	NS	c.nic.hsbc.
+hsbc.			172800	IN	NS	ns1.dns.nic.hsbc.
+hsbc.			172800	IN	NS	ns2.dns.nic.hsbc.
+hsbc.			172800	IN	NS	ns3.dns.nic.hsbc.
+hsbc.			86400	IN	DS	16129 8 2 1E993A683FD63BA6FA436D235EDDBB949901975649B11C628DFEF8105264AE9D
+hsbc.			86400	IN	DS	44836 8 2 89F4241090C6C95E72420B8525E2F2472C6198937CAC4D5ED6D1C6D2F4F6DE27
+hsbc.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . My204VQbkccHVqHNx/FZXYsSvYGi3RfGCAwKyypzKMsIeD5u5lKwsdtqoiT/QTfgl2+ydbBW8rxho2obBMc53G4+ABoUeEhndsuX1bmCa48g+LE9ForYuBmomJeqMJ0I7m/Nv4BFdbtYkCZSq602CZWJ0JZ1VUxl15GcuwgS49fEqDEHjC9osO8yovLK7idEc2iX2/MYbczaUyH2zxRgbqQP02xkkO0NNkaN7ygW8pzjAl5voaqY5hlhiM2rP10StavCj1QreYqLfOQ5CuKhQI/V+RDiXY++y3yFAFT1lPpX+lVXfBP53Y7xHpOlyXfXt1PB2dGfutwWHgZxfgUTrw==
+hsbc.			86400	IN	NSEC	ht. NS DS RRSIG NSEC
+hsbc.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . BMIffkAKK+V1Q4/2c/oOjvxQcIoANvXKdCzDoNDiBdWXZ5eKqvakiFSHH5xtIwTiDrCqCj8Fl5QtEZ72n0/3GF54tF5G34NPkq5uq87VtjtcJhKfGLggSH+QnFsyKR7kilLFv3ZU5gpbP12exQTAlmHgj0m/wEvj8t56J81E2zgcqU6p/WpIiB+xh6+vvxCqc3t/hOcN4UGjME7uC2W5wvzPpYja11VDUr/5iuZ2M5rH0zqOGIkh0mwIO2Lh5OW4MUKFP4iDbczUrHiZWWk4LCXTanM+2buBoLWd8J/0Hu/zBzHj8GWOCviIyBvAsVb+fI6/ujjcR6YCXDKcfqKfKw==
+a.nic.hsbc.		172800	IN	A	37.209.192.9
+a.nic.hsbc.		172800	IN	AAAA	2001:dcd:1:0:0:0:0:9
+b.nic.hsbc.		172800	IN	A	37.209.194.9
+b.nic.hsbc.		172800	IN	AAAA	2001:dcd:2:0:0:0:0:9
+c.nic.hsbc.		172800	IN	A	37.209.196.9
+c.nic.hsbc.		172800	IN	AAAA	2001:dcd:3:0:0:0:0:9
+ns1.dns.nic.hsbc.	172800	IN	A	156.154.144.76
+ns1.dns.nic.hsbc.	172800	IN	AAAA	2610:a1:1071:0:0:0:0:4c
+ns2.dns.nic.hsbc.	172800	IN	A	156.154.145.76
+ns2.dns.nic.hsbc.	172800	IN	AAAA	2610:a1:1072:0:0:0:0:4c
+ns3.dns.nic.hsbc.	172800	IN	A	156.154.159.76
+ns3.dns.nic.hsbc.	172800	IN	AAAA	2610:a1:1073:0:0:0:0:4c
+ht.			172800	IN	NS	a.lactld.org.
+ht.			172800	IN	NS	pch.nic.ht.
+ht.			172800	IN	NS	ns-ht.nic.fr.
+ht.			86400	IN	DS	2176 8 2 7CA97FAAD5FD19728C3CEDFB2F647EADC144EE21D01DAFB7F821954B38BDDA78
+ht.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . FyzMoPAObaPD0g8MF3Q+dWOpLAlJtMTH6OakKTqHHJafj467X7hy21wRMTo8l0SIBznXUfCGU6znlSj/SFIQ242fePpQ2hAfLmjxR44SQqgqm9TuLRocFzM0cd4yFlhpw3yL8lTlyciT2DiB14v+bH3kQWRuxdtX7sPoG2dmLLVryZv8MLClkOnN7qOnsCsTa916gx01fa5ew4VfM8TzS+PNIoRem79UZlROwsEqdvHMg3Sbl+kZXovpV98UT1k3nLTvK6ibzLAKPk2jftmC1oytzQsl9nwhgWQMEBbkg/zu+HRoFygFiAW+/9QLyzsMsCo+mD4ZEQn1JkcQNPhh1g==
+ht.			86400	IN	NSEC	hu. NS DS RRSIG NSEC
+ht.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . oa9DtdwlJNC1Xw182BJL988yjGuoyHGFMJjWQAu86C5F1qUeYBMbxRsRLHtvQ+JmFcr2IDwcSXvinmzUFothTwLo07ef/1Y9d6c/APR8Uozzmskde6WvGuAcufrZ1khkFl0eY3xOwtVpxKwT0ya4bK5SxXy3Co933hhn1mynbv4B4OjH3qiF56fWG0jb6WZP3WtvW/5aTvd8580vs//BR01XAl7iWEBqD6hopKwIyy3TC5SoDOLw0dHULQAMOHOPd0OwPBDcGjeMOvm3gMexGkiFrlyilHKrPAht7SWvlPFZTejC00mGZSbRAAI3J9RpeiD/K1rL7zlcz+hsMUDtsQ==
+pch.nic.ht.		172800	IN	A	204.61.216.38
+pch.nic.ht.		172800	IN	AAAA	2001:500:14:6038:ad:0:0:1
+hu.			172800	IN	NS	a.hu.
+hu.			172800	IN	NS	b.hu.
+hu.			172800	IN	NS	c.hu.
+hu.			172800	IN	NS	d.hu.
+hu.			172800	IN	NS	e.hu.
+hu.			172800	IN	NS	f.hu.
+hu.			172800	IN	NS	ns-com.nic.hu.
+hu.			86400	IN	DS	2104 8 2 65F5D64B860F26FEAE0BDE3CA51B730B38381678C8C316F16B37E551105EBAC5
+hu.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . yiUK6tPtQf3pB7DtcRUHy469zQT90DHiFv2HXOtQw5zQnRfdBJMXgHNZSEYyxfTATfHrfhEVSF9+sUYhTOS3y54tE7R2W04KbOYzjGxUCxWXRSAJP5mrbBEt3vSDX1mV+NvkdLN0oLea7N5T6yxYEMZuVQoP8NdWhXnD43/zOW996K1DrflpG2wfllFQa7YGGrCOX/wP3rpKGS8QXWv7CRO7VpThJnKBKVCTLATgzfM7yIX7bdQ2JdHG/tlRkGuP+BblLXLPq78bCobiQu4+Gty32zCGyRsxdm+d7avf6tz38gkYZocatzCS8K/m2PpMSQCuyru/HtWnmrtndO5IcA==
+hu.			86400	IN	NSEC	hughes. NS DS RRSIG NSEC
+hu.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . XFBeiEVZzFjiUFhlcnVYWpvoLey6WtLfDIisxZtos7DLNrL3QciLcZcWEAgdNl98kC8Psy9k4jxVZ9+1NnqyunbTBG5BUtOwupUZxyBJb4utw3xzeqCyLjF0928NFuMlID9rvUFg/eJMTWfqHjUDxld88b/YcMLX/FtXEonEdtQooEQe6aMlNuve/gBEjeWDVDd8VKp3TgrZoh0as0rFVV+Pj5zx0VZkq5YUzYitBKSx4AaY6BTLyi2sGxLN/uc5r5JiJUDiDlGqVBG/FqLSOfkFJL1p/bI/DGwBiHIGifiXAxkEateHyBcDk99JOAfBxcPJ+M65hpjlIoAJkr3syw==
+a.hu.			172800	IN	A	5.28.0.97
+a.hu.			172800	IN	AAAA	2a00:e6a0:3:1014:0:0:0:97
+b.hu.			172800	IN	A	193.41.82.18
+b.hu.			172800	IN	AAAA	2a0f:7ec0:100:100:0:0:0:53
+c.hu.			172800	IN	A	195.111.1.92
+c.hu.			172800	IN	AAAA	2001:738:2:2:0:0:0:53
+d.hu.			172800	IN	A	5.28.0.99
+d.hu.			172800	IN	AAAA	2a00:e6a0:3:1014:0:0:53:99
+e.hu.			172800	IN	A	194.0.25.11
+e.hu.			172800	IN	AAAA	2001:678:20:0:0:0:0:11
+f.hu.			172800	IN	A	194.0.9.1
+f.hu.			172800	IN	AAAA	2001:678:c:0:0:0:0:1
+ns-com.nic.hu.		172800	IN	A	194.0.1.12
+ns-com.nic.hu.		172800	IN	AAAA	2001:678:4:0:0:0:0:c
+hughes.			172800	IN	NS	a0.nic.hughes.
+hughes.			172800	IN	NS	a2.nic.hughes.
+hughes.			172800	IN	NS	b0.nic.hughes.
+hughes.			172800	IN	NS	c0.nic.hughes.
+hughes.			86400	IN	DS	64252 8 2 29A6AE50D287B301E6624077720BEA37AA9CD752183DD014E7F3028CBCB740F2
+hughes.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . Tn8ueo7WvUm8efysTXTZ6BMpVsvfyBaeD/ElPDBF4Qesws2Ak3nyTJ3WgfvZO/dKIQyCUPEcyaRsCi5kTm5Xr0LkpXWV/oO5CwrS59tGovPVv24ogkUhRjVaMXruw2ZaCEbrV0V9K5RxIXVzQB7+kfDGHPBPqHSMpsAFRZtiu5bdGzDznDn4v7V6Mgwo/XnnWhHiXDDAJU28ZibBwmAA1IpW6gqP3PQVI6NhW4jHPmMuKNYVYZghRthxUt8QUNSbLKh6He/11Khsl//oCyFjCjCfxL9RWY+dFzamFGKknbOyeM2vWZko9Heb60LvBL3vCXLHVsEuR9Cah3DYJdxY2w==
+hughes.			86400	IN	NSEC	hyatt. NS DS RRSIG NSEC
+hughes.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . Lc6OC9SS9So/2PwFZLKnW2RdYE3WeIb/Zq8OMsbgxCIfpZyguBoCXfwd4DpGW3B6MONmJt4Fb4wtY/4cFt8e19ywKIDw1KC3G4PLTXhRYRA2qsdjP+QSkYnPUtV8M9MLECnbTALvVzvvXkMVkoBJ4P5PATJW7DE1JkMn/nEjS4o2c1rt4OG496dNpijtqg0FsToi1fSJE+ph8GS+MOgMRZKxw0TLv7Ig366N7sBjlWb7q1k4T18VV5m2dEt253zYI/4jv52Zk9cxRVOxxcvPfGCcNiSLgGAOdbRZFLd8ljk/0qT3u/n0SHLnHKKSCVLtY6SOuDKBt5SOaYFIFLSGEw==
+a0.nic.hughes.		172800	IN	A	65.22.108.1
+a0.nic.hughes.		172800	IN	AAAA	2a01:8840:6a:0:0:0:0:1
+a2.nic.hughes.		172800	IN	A	65.22.111.1
+a2.nic.hughes.		172800	IN	AAAA	2a01:8840:6d:0:0:0:0:1
+b0.nic.hughes.		172800	IN	A	65.22.109.1
+b0.nic.hughes.		172800	IN	AAAA	2a01:8840:6b:0:0:0:0:1
+c0.nic.hughes.		172800	IN	A	65.22.110.1
+c0.nic.hughes.		172800	IN	AAAA	2a01:8840:6c:0:0:0:0:1
+hyatt.			172800	IN	NS	a.nic.hyatt.
+hyatt.			172800	IN	NS	b.nic.hyatt.
+hyatt.			172800	IN	NS	c.nic.hyatt.
+hyatt.			172800	IN	NS	ns1.dns.nic.hyatt.
+hyatt.			172800	IN	NS	ns2.dns.nic.hyatt.
+hyatt.			172800	IN	NS	ns3.dns.nic.hyatt.
+hyatt.			86400	IN	DS	30616 8 2 DBB2CD74E3FD102DA5E467F6B4EDA7E3D1D110EC2329053F087EA8532C84B897
+hyatt.			86400	IN	DS	34852 8 2 B21957EBB857E894B0FC407AC189CBAB466804F560AD5815E9D1AF829A566424
+hyatt.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . IqWuWs8P23dN5W3gEGTHAAmHL84YONX+Yyzq7HIJndszbb+XAehrKciag1H/Ui5kl0RSDzSQxluQ7yVM2H7ekHvdFiYAJftgKVyvSXr3Mf7yMuukrYCsu91rPHoLvSGeQoPDQeu0YCxZSssP6qchKNyqN3Ws2L5+quRK/1ZDPj7wjlTXR8m921vprlhEH3jGzad/lztPPBIjf3nLPlYr3q7h/wpQb+ha2AcNBIvhonz+R2i5Lp9j1wA44RHBgb/Xc7FisvXpaeVzRd8yfVMBMFyQWW1E+UnWrQiI5OPCwU/jy5A6y+JOAwyjsJ3wYtTo6Ed7Mo8JgiNW3Tyb9u5MQw==
+hyatt.			86400	IN	NSEC	hyundai. NS DS RRSIG NSEC
+hyatt.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . YE89PSPXEy2GBVs6FSQ7yfIwHxS84c6vqyK3RYeJBHVjV/c8jtxING60h6ulSWvjUTqBF+PeuKoswWd1wKRvPvhjdOomCNulai7m1wBtuzFWBRxSda854YAPflMq2CrX498uDyVtdIuLk4e1JJm5O76ELZ5THQGjn3Saj32+fo3GRY1ti3+Swx020OKV94dpBfUBvtjjmggSM8yRs+04OWJHcR4EFU15E29q+s+h0Cv6711QBvyPj1g+NGodvpev13i9yAjE1duPYV2psUxeMZkdxGyzop7fYboL3l5ZQTC+reYVt/3Yp6uvbyXC+8HIa1Pmx1ioajp1kTIvziSC3g==
+a.nic.hyatt.		172800	IN	A	37.209.192.9
+a.nic.hyatt.		172800	IN	AAAA	2001:dcd:1:0:0:0:0:9
+b.nic.hyatt.		172800	IN	A	37.209.194.9
+b.nic.hyatt.		172800	IN	AAAA	2001:dcd:2:0:0:0:0:9
+c.nic.hyatt.		172800	IN	A	37.209.196.9
+c.nic.hyatt.		172800	IN	AAAA	2001:dcd:3:0:0:0:0:9
+ns1.dns.nic.hyatt.	172800	IN	A	156.154.144.78
+ns1.dns.nic.hyatt.	172800	IN	AAAA	2610:a1:1071:0:0:0:0:4e
+ns2.dns.nic.hyatt.	172800	IN	A	156.154.145.78
+ns2.dns.nic.hyatt.	172800	IN	AAAA	2610:a1:1072:0:0:0:0:4e
+ns3.dns.nic.hyatt.	172800	IN	A	156.154.159.78
+ns3.dns.nic.hyatt.	172800	IN	AAAA	2610:a1:1073:0:0:0:0:4e
+hyundai.		172800	IN	NS	a.gmoregistry.net.
+hyundai.		172800	IN	NS	b.gmoregistry.net.
+hyundai.		172800	IN	NS	k.gmoregistry.net.
+hyundai.		172800	IN	NS	l.gmoregistry.net.
+hyundai.		86400	IN	DS	48091 8 2 D4178E0BD6EF00A383544DA7D1856CB37034C64A64CF70D1E08D67BB9EE2E3B2
+hyundai.		86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . QkHI4q4hAXhO3uEfgtdHvXpj96J5sd15ket2U51mz0LtXf31dYMMk8ssIp2Vezk3oEa3s8sesYeJLHGYxmHgUcqeNxfIchirgOqUDa8UNgNuQ/kRwQPJ3wfwpZ1P79ZvvQHBLUiKeE94Gj1ylU0wA0dkNldgi76IgePBEb7yBZ+j/TCU304pfkLtS7c0wWogMjRomncm2TBFx0tiH2t6Fi9c0RM3+WtOS+C1pjvhB7h+tSM/2XYV/Z3PX/oyTHWrMiK5BIo2BBl4O8Mc9WJ23l8WdSl2bvfL0keaLgPL0OUKOlqKE0Hi79CNRRVBQMve2BBCX9Pcl8N54UU5xkjSlg==
+hyundai.		86400	IN	NSEC	ibm. NS DS RRSIG NSEC
+hyundai.		86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . MQyiaqjsl/pDvYlhpMyUsWOhymv4AdxnlWU0AvwNdKAyaLZJm1gc18R0KLVdthmAMAE2ifiRfEV3gM6fnSx56bIGyJzKuAEvFGx5dGKPK7bSCi04n8G/113Xc1FK/W3ATUIQJXL+ycbtkzFyCh1pZJzizk0DKHVrutlp5hn4EkSrHUOQbfnX40U//pr4PqFcy9HQDaLmCiQcinZBvzRiyeyHUyPAgmEwJwMk2hx5BsguABNtD6sl4uaWLfu2zPRvy+w2hFooy+zLSXJHqsnB2LFXIXkCo+8M+HFDwA2JScCNv392/0+SDOfMKPHwtahyrid0c1WP3A19P9ZuaP1u1g==
+ibm.			172800	IN	NS	a.nic.ibm.
+ibm.			172800	IN	NS	b.nic.ibm.
+ibm.			172800	IN	NS	c.nic.ibm.
+ibm.			172800	IN	NS	x.nic.ibm.
+ibm.			172800	IN	NS	y.nic.ibm.
+ibm.			172800	IN	NS	z.nic.ibm.
+ibm.			86400	IN	DS	9955 8 2 8BD095C8717FC998D47CB36565C650CCADE45531991BC5956E121E803F8B5FC9
+ibm.			86400	IN	DS	31492 8 2 5E5CCD88746B4CDF018723A143EC14D9FB139F0009545AD21CA6AAB2E1E914E2
+ibm.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . OxtXQW3J+bubmlLeks2jF1woSS+i2yfe/OmwJ9/xc/UgVmKpAJ0c5cFdmmr1P5xiVocGyYzHYkrCO4ibcZI0k0BOM2O6Hsfe5x23lHpczOwMTH0iL7VrFqePVFkJgD/FasgzzSrzxNAieTHQoEIoAi8tQ12RyGW20BYFICRFg3946EBoIQYakFVdS5ZBPhafC4Kzc1EH4XfBcaMKMqkk/ww5yPVA2m3mUKIRkD3xYM1RL5xOALiatf0XSHHDQkDnklmNeOP/VDgIJqtwuvRWwa/x3nae67aFSeJ3SUw3O08ucR3/abYN+3Q80jfHUGE8qtiwv1BfPbw8H5RFH60zAA==
+ibm.			86400	IN	NSEC	icbc. NS DS RRSIG NSEC
+ibm.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . 1jADsfpiJRJWpybXyXKEoUjox+bgN7ld//utCfyDPblXdO7N6wbaB+Ml2t3Gyd5WRROBi3H8M/mIKJAFZ/kdlE93nC7+GnB/y+fS6B746Up1ZuNQYL9czAIdHE51piZ6xQWEaL/1OnhMj11A0SbnK4Jin9eF7vjdfAmo4HNRYOByYT12ZCGvssXI5/2fCKlaL8W2Nj8I3AB4t9LgDJfs4TX0iSKLfW9Urd4xpuq+mwgBQ0zAUz84qM1lFllDWJITl/Zm14QVgzATT/nLLLKwfbJE5jSg/BJu4I3iiA5O5bgPn0BgzPwN2/dBzVnmZ4HMh7zNrE1cNiyYeImwQp6HrQ==
+a.nic.ibm.		172800	IN	A	37.209.192.9
+a.nic.ibm.		172800	IN	AAAA	2001:dcd:1:0:0:0:0:9
+b.nic.ibm.		172800	IN	A	37.209.194.9
+b.nic.ibm.		172800	IN	AAAA	2001:dcd:2:0:0:0:0:9
+c.nic.ibm.		172800	IN	A	37.209.196.9
+c.nic.ibm.		172800	IN	AAAA	2001:dcd:3:0:0:0:0:9
+x.nic.ibm.		172800	IN	A	156.154.172.82
+x.nic.ibm.		172800	IN	AAAA	2610:a1:1074:0:0:0:1:82
+y.nic.ibm.		172800	IN	A	156.154.173.82
+y.nic.ibm.		172800	IN	AAAA	2610:a1:1075:0:0:0:1:82
+z.nic.ibm.		172800	IN	A	156.154.174.82
+z.nic.ibm.		172800	IN	AAAA	2610:a1:1076:0:0:0:1:82
+icbc.			172800	IN	NS	a.zdnscloud.com.
+icbc.			172800	IN	NS	b.zdnscloud.com.
+icbc.			172800	IN	NS	c.zdnscloud.com.
+icbc.			172800	IN	NS	d.zdnscloud.com.
+icbc.			172800	IN	NS	f.zdnscloud.com.
+icbc.			172800	IN	NS	g.zdnscloud.com.
+icbc.			172800	IN	NS	i.zdnscloud.com.
+icbc.			172800	IN	NS	j.zdnscloud.com.
+icbc.			86400	IN	DS	40582 8 2 7B808042C4C053D9AF8F39B7E784A66C00CE1D9EEF0BC1DC6E5D59A4451DA05A
+icbc.			86400	IN	DS	52120 8 2 36FD8ACB79ED5963ABD523BB73B5C9FA39F8D206ED2488436D1795B1228766EE
+icbc.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . WxTv86JrZJp0uPWrtXS+VDINFiE2dIpC1LZuwGYvs+glxsQnmOiHVfiFGoGZiVuje22Vokc3AerhAYcOZ/ZY5fsAmfGV20keV0OWDbotNtkbHwwMuDRfrk8XsWr4UkJIVLrpI3iSzIlNaMh913YyoZHGUGMCXu0t1DhegBLlVboz2sdRQsIOn3mcUCOs+kiIfwLfAZGR2LUrD+6T2Ksn/HtaWG4NLvCn7WBYEQahP7NR7/nvY3zi0E4AxM4UilGNEtJ/1kjtrcB5udHgjsIYtmFu1oxGPUyV83RPKr/QW8Mt2dyIlLuFo2cGSaCout+GrScR+w7N3Hd5VTnOZB3Eug==
+icbc.			86400	IN	NSEC	ice. NS DS RRSIG NSEC
+icbc.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . ht+wxrC+5jpRgibBgSTIv5nSl5IUMGU9eoILRVdpLNXPrYb//SIuV/UgbMJpAhXiRuMUPrGJkOFZF5PGEC3d/of4pjpMGWuecI1Jav81pH0vB98/rFGKcCgTIoUSMcdt7mknk7i9dCpx1Dwsj8aIpqMLDR9BhQ96rE6hxj3XiyUn4rgb7+kWH1pV7e3j2rr1qtRt/amIle4n8AJh6V/qZXLv5PnugHDnoeamY5lR0nVlZItkkstwTL1gjbeLkGObpAqDdRS8RHvRNBWiVKAEAve2U0rogw+5pxzxuV2+kvN8I/t64yEZQwCtt3Ub+MNCAhHq353tl69SfPcrWrIjnw==
+ice.			172800	IN	NS	a0.nic.ice.
+ice.			172800	IN	NS	a2.nic.ice.
+ice.			172800	IN	NS	b0.nic.ice.
+ice.			172800	IN	NS	c0.nic.ice.
+ice.			86400	IN	DS	18844 8 2 75D7ADC8FA12D9C26466924CCC80C4B3C4EB15CC616C8255C4F759EED437177D
+ice.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . IzBcB3P8RSgS4FoNo5ErxsI/OVJvL2lPoMwRwcLds7HJXklAH797VJrs9Fqh3vhmMMUnSh2cMPF6i8zyu99iFbr4+LfqS1WcfMDz0JFrRHdvTsTmd7Evr/Sn5TwVUGEFACoU+Nc1x7GmtO2/Og/wqIbTdnb/CpNTVA5ykqNKGof6PEYqWgENhIak55LG33SSqPzzOTAT1OuXnA6ePVvaOQF3E50vfnPnsSkYs7cUVB2cmzTcLbV3uNYCIjtdrSW/2+Nb8zkEkemtRZ8iltK5dbRbBt113Mk2DJDUx/sjgG96vx+q+36EKg+pXA+9CUI+1G4gR8sOhkt1zF/MViL2/g==
+ice.			86400	IN	NSEC	icu. NS DS RRSIG NSEC
+ice.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . V+7kQcOOrDCVwB5k/mzKIFG29vMr1aQlBlLKqdujkUJhrjyITgY0XfTVw+A6O3MaOMLKZy7Amcc+aHheYPJbaI5BGUznztOvYnDWLliuulRtQCADgcV4hO1vUPqUXJfbFmn1rh9REuMSIAl/TM/e2y8S+CTGSUPDadd3BzlrExoZfLCaQxqXBBANy+x5Do+LROBHGR6nDAH6s3vEUnpY/fsWf5ZWeg5jJR6eLQ+e0i1rAH93InnxVIgFHPG8ezSWui1VENOFeZr9hjhLpS1sFPdmj1gN/FXiTAJC9Zxe4lD4CfJbbf3TbvsV0BQ+HKjhGfUNm90vvLhBcdqrRMWWiw==
+a0.nic.ice.		172800	IN	A	65.22.112.9
+a0.nic.ice.		172800	IN	AAAA	2a01:8840:6e:0:0:0:0:9
+a2.nic.ice.		172800	IN	A	65.22.115.9
+a2.nic.ice.		172800	IN	AAAA	2a01:8840:71:0:0:0:0:9
+b0.nic.ice.		172800	IN	A	65.22.113.9
+b0.nic.ice.		172800	IN	AAAA	2a01:8840:6f:0:0:0:0:9
+c0.nic.ice.		172800	IN	A	65.22.114.9
+c0.nic.ice.		172800	IN	AAAA	2a01:8840:70:0:0:0:0:9
+icu.			172800	IN	NS	a.nic.icu.
+icu.			172800	IN	NS	b.nic.icu.
+icu.			172800	IN	NS	c.nic.icu.
+icu.			172800	IN	NS	d.nic.icu.
+icu.			86400	IN	DS	31762 8 1 DB42BC4B511C8F97E5A3C00666B76FB1F4C2E567
+icu.			86400	IN	DS	31762 8 2 CCC397A837F6491166129E1D99ED03CCA6635166B2F5B58C65B5CF516AE92B8F
+icu.			86400	IN	DS	62704 8 1 D834EE1ED0374E28C49BE9C12FE1B93AE0FE9CCB
+icu.			86400	IN	DS	62704 8 2 8C0442A126BA382CA5B05AE5B44744CDC5AB2845C83918E147083434F65790AA
+icu.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . C+1nGxeLqJhhNS6+1tka1OR9ZkF5HwCxPcI6ATKLU/5k5i5+klU3PeDW51bcWc+O4rl72wBrdvQuUMGnt4ke8j19afWZSb0U1KGSa5b0kdAdvgLX7iNwA7uL2tkog6Popr+gkmDBbEaNsDivhCk/OSBkjauhI3ZD7id+hmL6zZKuELL+7hRw6dSCLgv7rwwJgvnwKemlJSrAzDXCKjBCQs2TuO1BlvqbUdpuQ9K3DqSTFzLo343WL1RWNyF7fWOD3B5ovQ1QckBQPHwW0BNrf+mI9ln3Zf5mjJHjuuAx4lSUq59cq2jwX4sxBkYc/l+aS0B1Ba+EVoiDSdXIuaxHyA==
+icu.			86400	IN	NSEC	id. NS DS RRSIG NSEC
+icu.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . dRMfM8hocg6AuBEzDSyFgKmixiHQKzY9bxA+/yp2QGWI07BMt5OKiXTYY6nzHbJcrEYcMDO2zhSzPViqm96u1IsWosU/B820wr5YHxShqgXQrf6gFpfTyo1Au6kR+MSf2i12MRqwJEe6f2R9oeQz+Ttk8vkwpBf6fvUVZ7dWHL9f5Knsj5+lLtnAbJlIVBdMtCAxCvh6BITL3sC5UWVsVjdM0M5aqWWuJZHRbpwh/Atk53EdLWG8PTlfsIp4Usu+t4Q6lPaELTTZD78keYG1q4nciSCi0kvrl2/LlFeERWH4juWYAkHAP52xtUE/HG3o7RXWmxaJDsAaO+3+eLIoEg==
+a.nic.icu.		172800	IN	A	194.169.218.108
+a.nic.icu.		172800	IN	AAAA	2001:67c:13cc:0:0:0:1:108
+b.nic.icu.		172800	IN	A	185.24.64.108
+b.nic.icu.		172800	IN	AAAA	2a04:2b00:13cc:0:0:0:1:108
+c.nic.icu.		172800	IN	A	212.18.248.108
+c.nic.icu.		172800	IN	AAAA	2a04:2b00:13ee:0:0:0:0:108
+d.nic.icu.		172800	IN	A	212.18.249.108
+d.nic.icu.		172800	IN	AAAA	2a04:2b00:13ff:0:0:0:0:108
+id.			172800	IN	NS	b.dns.id.
+id.			172800	IN	NS	c.dns.id.
+id.			172800	IN	NS	d.dns.id.
+id.			172800	IN	NS	e.dns.id.
+id.			172800	IN	NS	ns4.apnic.net.
+id.			86400	IN	DS	26887 8 2 28BE22003A1AFB1ED9A7BB82482274E2DB5F09A6C50702C731E040D2257347EA
+id.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . u+h9Jn8aMdKalpBUb+AvaFcNhytWJArQIyMBKZhc30pH12z3JwOccEQuFlHchNiraUN+4cAqCTMcaXMgEnGykBhtxdnUtc2uYLpmPidBOJAW5zm/PVMRH2kjrdHIRo6vkoKWCcBIFdz7FhLOXXsMwCBkCKEMfAgLq5Fv/mmPOUExW5h8sCMJSRhv79sVk4hMlP00odqYoCOxtqD2tGVZWKYuC0u44vmVVdWZDlq/JyDBb21x8gs+QCVrGMYQodIZu7YQwAIWMBAN1SlsHANmAD9A4/FkvFFzQk1qQeZ6jqbrZ4kKc9v5GiKdn13COpJclqUWOqEcQzcMYiCYCOnDdw==
+id.			86400	IN	NSEC	ie. NS DS RRSIG NSEC
+id.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . kexY5NqjNM0AZ0UI61Sc/tL5FguoOgHUHWdgEg2QDHNKNkpeEQ6T9YS6aeIchA4d9PrvXWlK0fzrzp94oJ4g0xMF4yooN7CGZwUtmXSjfBZLKVEtEgcZgfVFhILev1oTqumzSF0JjMDfJi1TCQdJn1Up1tBgo9sm0TpWhJgbr7aLOUCgfDpiZGOKv/Re/L1erCG0E9htcjFFH37EKQqmV2Z/Wdhp1XfD9s1yNt2FOmtXXmaanIswhzF2KNsx7FYT+nL3+ZYHglnrKX+Uw0f09mErOOp/Tn97VHdzNEAHuivOm7g5GzlC3wVy8HPso5Fz3gBHh6hkbPJb4aCioEurLg==
+b.dns.id.		172800	IN	A	103.19.179.179
+b.dns.id.		172800	IN	AAAA	2402:ee80:b:0:0:0:0:b
+c.dns.id.		172800	IN	A	103.19.178.178
+c.dns.id.		172800	IN	AAAA	2402:ee80:c:0:0:0:0:c
+d.dns.id.		172800	IN	A	45.126.57.57
+d.dns.id.		172800	IN	AAAA	2402:ee80:d:0:0:0:0:d
+e.dns.id.		172800	IN	A	103.19.177.177
+e.dns.id.		172800	IN	AAAA	2001:df5:4000:4:0:0:0:4
+ie.			172800	IN	NS	a.ns.ie.
+ie.			172800	IN	NS	c.ns.ie.
+ie.			172800	IN	NS	d.ns.ie.
+ie.			172800	IN	NS	e.ns.ie.
+ie.			172800	IN	NS	g.ns.ie.
+ie.			172800	IN	NS	h.ns.ie.
+ie.			172800	IN	NS	i.ns.ie.
+ie.			86400	IN	DS	15040 13 2 966EC13E38AD71EB585FB1982308930D96CF88873A065188AC11C469435ABD39
+ie.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . jKZIH4pgR5sq0FGGk46zBx2Og8FkvW7jauWmC9b/MAMG9HHKyf6CRuVutbr80ArLo3qvc6HzEDBubz2krGM8ABZmJWSwbV6SgIp5XKu3evQzTYIAw8oGgS2eI7IfG9qQ911fWIu+bH9VzHFs8QqH+Yk1od4Jgx9GY0VWbMxs/5vwFj4tvnxOV7lCDIv7nAamAs0xW1OvhfvH7GBvWuH+RSOpLJmJjW3t2CyjWgSssEE42FIO2jcpDfWjN9sGwfIbkL14Lqwll6BoOHQFR+vXSVKpud5agkpAv5wlct8ybQJtzQJa8NdE+C79J8tMtWBnEjab1ltCV7lAu9AZ/IQU7w==
+ie.			86400	IN	NSEC	ieee. NS DS RRSIG NSEC
+ie.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . DDUiND5MOnIdixwSHcwCfVyVfLZAjvIASES6mmJEgYxFADVZ9qT9GxxjKwl1RnfXl8D2U2xf6Ko5Oee49t5kDDVJjr8bPX1JtUtj704H8be04N1NJjCsW8xve1i0D+ipqnzjZ05LOgCMM1rSC8xDeQOUvgLT8nHsPTNYlGz/vX4Qem+aumIr94L1zkSuIeZZd0EGHBVuSa2n9A6zOSgOKhjZIKxOKJVexmV9qzbpV2DKBICmuEbxusXrNSAfH77xk2X6H4JqbxbO2UdZ7QE6Z2ttlj/cHImxTDnQpPy2VYL0g9K/ce15SsHdIY/5+lWNdsqKZKyim4BXmi5vh9XKow==
+a.ns.ie.		172800	IN	A	77.72.72.40
+a.ns.ie.		172800	IN	AAAA	2a01:4b0:0:0:0:0:0:40
+c.ns.ie.		172800	IN	A	194.146.106.98
+c.ns.ie.		172800	IN	AAAA	2001:67c:1010:25:0:0:0:53
+d.ns.ie.		172800	IN	A	77.72.229.245
+d.ns.ie.		172800	IN	AAAA	2a01:3f0:0:309:0:0:0:53
+e.ns.ie.		172800	IN	A	185.159.199.210
+e.ns.ie.		172800	IN	AAAA	2620:10a:80ac:0:0:0:0:210
+g.ns.ie.		172800	IN	A	192.111.39.100
+g.ns.ie.		172800	IN	AAAA	2001:7c8:2:a:0:0:0:64
+h.ns.ie.		172800	IN	A	192.93.0.4
+h.ns.ie.		172800	IN	AAAA	2001:660:3005:1:0:0:1:2
+i.ns.ie.		172800	IN	A	194.0.25.35
+i.ns.ie.		172800	IN	AAAA	2001:678:20:0:0:0:0:35
+ieee.			172800	IN	NS	dns1.nic.ieee.
+ieee.			172800	IN	NS	dns2.nic.ieee.
+ieee.			172800	IN	NS	dns3.nic.ieee.
+ieee.			172800	IN	NS	dns4.nic.ieee.
+ieee.			172800	IN	NS	dnsa.nic.ieee.
+ieee.			172800	IN	NS	dnsb.nic.ieee.
+ieee.			172800	IN	NS	dnsc.nic.ieee.
+ieee.			172800	IN	NS	dnsd.nic.ieee.
+ieee.			86400	IN	DS	16667 8 2 BABDAA67D51EE0C44AB2A25B88427F9BDAC5BD271DCF6074684D0356DE2469B6
+ieee.			86400	IN	DS	39700 8 2 F12A037A0D1108BDF15C5A58CC488EFC19F3B9100C643C67181703E2747BE9AB
+ieee.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . YWxyuYE91udpSXY1RFM6Va6DNY0dFAAwVhWPJoDv76p+yTkmVV6So1ssqj6Xf5YRzJYNdc/8bP5c6uIr1A1S0yA96ZIvY6oFS5W/QHZpgMa9Q3xl/MyaRuAUKLiGTdNsJRq1Rk3O5KWPj7cNvogPC6M4CG+WK5LDPnxgB99U8CPtqde20Q5R5v8Y/qaIO/DO0rQNDNz2lcyw+nw3R/otLha5PaYcjB9/YmXgwRaB3KgA/xrFBV54JOboRHorrKtbKO5TOTdW+BbokVnU8PjnmxZKJDQmNtiaaHcDOixn3BesZ8+zn2rxXEPxld6WH14x2tGP1WaNx2j5O0IvOAyc3Q==
+ieee.			86400	IN	NSEC	ifm. NS DS RRSIG NSEC
+ieee.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . qwbALMCRcmpo3nEpfguKYtlL+XgoMxnb6c8SQh7J8ilF/jXRwdbeaRFuKFAABf2F6lKlgnhGu6GeRMv9Hqw+jxYcS620lQpTGMireeVpJYFdMwv4Z62t22lK437cbNp/Kherk0FjMkQ/62ATUDAScwFCwSHuRehGrpJ/b/CBI/d49RhLqxfrA2K7wie0YR+2fOxgjJ/Vcq7LbM1mf7P4xo/+zWiv27+WkrDLVV8SyH1qEIClpqTcMWW8EVzMti55tTgLVoOqszzdU01AokepxQByRGGt48Dw5EG7uG4F6zz13aZMKLsp7IDRsa9W1Xg+gD4TAogZXVyE/l/TIYhLMA==
+dns1.nic.ieee.		172800	IN	A	213.248.219.125
+dns1.nic.ieee.		172800	IN	AAAA	2a01:618:403:0:0:0:0:125
+dns2.nic.ieee.		172800	IN	A	103.49.83.125
+dns2.nic.ieee.		172800	IN	AAAA	2401:fd80:403:0:0:0:0:125
+dns3.nic.ieee.		172800	IN	A	213.248.223.125
+dns3.nic.ieee.		172800	IN	AAAA	2a01:618:407:0:0:0:0:125
+dns4.nic.ieee.		172800	IN	A	43.230.51.125
+dns4.nic.ieee.		172800	IN	AAAA	2401:fd80:407:0:0:0:0:125
+dnsa.nic.ieee.		172800	IN	A	156.154.100.3
+dnsa.nic.ieee.		172800	IN	AAAA	2001:502:ad09:0:0:0:0:3
+dnsb.nic.ieee.		172800	IN	A	156.154.101.3
+dnsb.nic.ieee.		172800	IN	AAAA	2001:502:2eda:0:0:0:0:3
+dnsc.nic.ieee.		172800	IN	A	156.154.102.3
+dnsc.nic.ieee.		172800	IN	AAAA	2610:a1:1009:0:0:0:0:3
+dnsd.nic.ieee.		172800	IN	A	156.154.103.3
+dnsd.nic.ieee.		172800	IN	AAAA	2610:a1:1010:0:0:0:0:3
+ifm.			172800	IN	NS	anycast9.irondns.net.
+ifm.			172800	IN	NS	anycast10.irondns.net.
+ifm.			172800	IN	NS	anycast23.irondns.net.
+ifm.			172800	IN	NS	anycast24.irondns.net.
+ifm.			86400	IN	DS	1062 10 2 9F27E38962FE2E8FEA42E4AD88F1F90A5A23F6BDB4C8949AF772C1430E073745
+ifm.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . ddDaFa9uCI+XdYAZeeNtOz8GcDxmou2uPcJSaH30WdlnDWzJb1fG+o+H1h3wHxD4bJLpLfRgOg5bXj+Uz5rw1FWp8BQ9kfY3tl/MISzQGcSt3sLhj3IdAPpk86WaWf2fwL5Lz3uq5DVK3jFdjZUdd4CvX0TuaiaNyVeJrCelKqmxRCmW6Byyvr+KfjLoX7+DRzH70X/eolZMmlBSkNFOQoo4kMmh6MsONCTSDpI4iyTx43LrxrGWgI70XgOtO20QgiTQU9IgwCFeIAzArHBQOnWQgogMP2cyKyRcp2ulQRUNlaktRJzICnr3lbZMpntGU8TyZPWxBeHSLiK4YryguA==
+ifm.			86400	IN	NSEC	ikano. NS DS RRSIG NSEC
+ifm.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . bFSoHXyxKFDLAbvXsYCty7giPNXxBvEflrdFno1eHItD/sgoL+Z/2KNMpAb4v81BLqS3syHLa8looRWGKBfYMirLq49Muor8/bjdtz7IR++A7O3p3MYi6wvI8Q3/fwniszwPakEW9bvi/p6K84txKVB94xqZZRIBqpV6i47se4NCuAmeiDYc0GzVnlFLdH7wR0UN5gE+q311elaVYAG0ZtoeGohdcHYUoGLOgw+LX+pVosPUiI8jaq/bv8Q+xQkCDPcI2rDSGpEEENq9C75hogJpYClcFUfgvX1HP+v0Gz3D69G8s0FEAIPjoySJaH7ZHZ9BRvMb5HgNvcxtQnpw1A==
+ikano.			172800	IN	NS	a.dns.nic.ikano.
+ikano.			172800	IN	NS	m.dns.nic.ikano.
+ikano.			172800	IN	NS	n.dns.nic.ikano.
+ikano.			86400	IN	DS	11692 8 2 E041CEBAF350D90D1D6235AD11B5F2091C89B0A0B6799C56262F60BC9CE02C68
+ikano.			86400	IN	DS	39817 8 2 859DD28A91F4D364FD7A0FEACB958A52BA6F211F4167D07ECF64E8BEAB9E49DB
+ikano.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . 0pj9PN1haUkN7xagTaLOFCdZo0xd1rwAcFLpnE0Pbq1BbT6Tn/kQ2ArIaRtNN36LqbyHlxOaeo/ArraeRUl8bYY65tWKZ+Zw5NlRncjBzaVH2kpoaSxwu/cUhcTktd2yKnO7ocXHa1ySzShZy5QaAZc874FBw1Y2dtr7u8/mHu3nn4HEOgwcZrK4BDnShg8upHO68LUYIg2JHhPOoQdiOdiQyIZkgke2sSKdVfKxen382wXuNxgvZFs5qN5jEDvV7hDlQJNpUD6izlynbvYoc5/5jyo1DKYdXkJ/SZvHet2KYEdh5BO+2uCBzaESOxc6qPbs5Z/u228NEmgUzlzt7Q==
+ikano.			86400	IN	NSEC	il. NS DS RRSIG NSEC
+ikano.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . hG3dRmD4AXCP0J1r4G+AodGeVCG6M/PxO25BJXp90J42hkKz81AElux9GxZhYKOLKgbz2OZxCeI7pwAoltrO8DTUmi6zAQjEeRBzhf1GtrQLbU4OUgem23ajmFpj3dWDHLfbxNxng8uoaMjKoVZKZxyLpneGiXzcEaKUZYBKQZQXyjfPKtIuOjB4WbXtloc09NWZqlu+Wo0yRIMCNmd/nLv0qzpqQGs+YVa21elVxtewjBegW11/EB1esd1vcocWAS/G3DA1ZUukn+Go5cwFs4M2wde/LUPMHd5u2xaR1Nr9V3gzuOdV/n4V4frcADYaKioHFUOETeCePWEEOoAGiQ==
+a.dns.nic.ikano.	172800	IN	A	194.0.25.12
+a.dns.nic.ikano.	172800	IN	AAAA	2001:678:20:0:0:0:0:12
+m.dns.nic.ikano.	172800	IN	A	194.0.26.7
+m.dns.nic.ikano.	172800	IN	AAAA	2001:67c:10e0:0:0:0:0:7
+n.dns.nic.ikano.	172800	IN	A	194.0.24.7
+n.dns.nic.ikano.	172800	IN	AAAA	2001:678:24:0:0:0:0:7
+il.			172800	IN	NS	ns1.ns.il.
+il.			172800	IN	NS	ns3.ns.il.
+il.			172800	IN	NS	ns4.ns.il.
+il.			172800	IN	NS	nsa.ns.il.
+il.			172800	IN	NS	nsb.ns.il.
+il.			172800	IN	NS	nse.ns.il.
+il.			172800	IN	NS	ilns.ilan.net.il.
+il.			172800	IN	NS	lookup.iucc.ac.il.
+il.			86400	IN	DS	61239 13 2 728D9059778C0FADFF197F462ED5539DB1CF1F541E2AC7B0EF18735C8555645D
+il.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . eITeCFz9VhhsnmzC/KVL9Nnl14vmcbV9Tafu9CBs2Im9aL5jf+Y9xlqHu1m0kGQ8g3S7R7SbF+4E2dpgt8O8tMs8oQ8lFiw/uxWFJowqxeQzS6QDLQbR5jZeLpxXvYXhT1ALudfobn9liGn4UcqRf+xbCj0Cgojgw9MBFpig49+zXtWfwxwT2K7VMClTpYHcNBnaysZM9gG1WS8fos06PLucEVDI/07Az5boiUbAwdsoiB6SoL2QUo+nkb0kH0LwYXx+Z+YRO2Sne9IOBrLsK9kAwHaUvoJkUqZO861/nE2/0yIBKT+Xan+MVoU3ZRy3JLRNUC3uWthwyhB8yxIaDw==
+il.			86400	IN	NSEC	im. NS DS RRSIG NSEC
+il.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . vYQWTc5/lr/rEPuRmxK4e6pk3EOM1HbbKy15aIfHpGBqOiN0DiXUhWlPusjamyFVbkV4AhW+GiazBwBmzrqtuwiETJbCYhCQrxwrvSTByt13GnzufhEyrgLuKCAkB6AAR1CJkFoHxeNDKgtZ1MKekm9Q8NZA3mp6K94tAZ47Ai3XQP94oGjQyAEwW083Oo59USz3+NIaSAY+oFSy+pZUVjvm6vGdAjb+HaSkGEPjXmXTzfC4YqfkKayBvFRDYRPFlKcY3mv11n82LEgF4trT7Am5c72eFUwRUUGi/j3JfLSZee7EUdbgC93ANLBoEobpYFU6/RR04IxYI0ERL/UCJQ==
+lookup.iucc.ac.il.	172800	IN	A	128.139.34.240
+lookup.iucc.ac.il.	172800	IN	AAAA	2001:bf8:900:6:0:0:808b:22f0
+ilns.ilan.net.il.	172800	IN	A	128.139.35.5
+ns1.ns.il.		172800	IN	A	194.146.106.122
+ns1.ns.il.		172800	IN	AAAA	2001:67c:1010:31:0:0:0:53
+ns3.ns.il.		172800	IN	A	194.0.11.103
+ns3.ns.il.		172800	IN	AAAA	2001:678:e:103:0:0:0:53
+ns4.ns.il.		172800	IN	A	204.61.216.134
+ns4.ns.il.		172800	IN	AAAA	2001:500:14:6134:ad:0:0:1
+nsa.ns.il.		172800	IN	A	192.115.7.53
+nsa.ns.il.		172800	IN	AAAA	2a01:4280:2:70:0:0:0:53
+nsb.ns.il.		172800	IN	A	192.115.7.60
+nsb.ns.il.		172800	IN	AAAA	2a01:4280:2:70:0:0:0:60
+nse.ns.il.		172800	IN	A	192.115.4.235
+im.			172800	IN	NS	ns4.ja.net.
+im.			172800	IN	NS	hoppy.iom.com.
+im.			172800	IN	NS	barney.advsys.co.uk.
+im.			172800	IN	NS	pebbles.iom.com.
+im.			86400	IN	NSEC	imamat. NS RRSIG NSEC
+im.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . SjUIsQS5TAeYM5fgNORVQCXSUZxMTrMamfQsQCql2DybLDxjtZ1q01U125YWksLadU+lZVmnlUWuCBelkEe5bn3U90lsDa4OvNsx9+S0sKT4Im7yhMuvYvKykR9GyLPPd6OnkK5JRMnqmZZgNMtgBAjTGZSazzR38NurEcKmwqwO9YgZij20aw3yxwTq60sir5j8Di9ztF88Xtx+uPhK2K1SaJ0ikEHOervaVaKqnSRCTdCCQlJABeuZRW5Ro01PXLG60mYnn+Id0Anq6/r09j+axPMrDs1Znd2UAJB6MXI7vZ02hgi2AbS2tJegm5vG9TSrrDvEfiwU1LAeImDhEQ==
+imamat.			172800	IN	NS	a0.nic.imamat.
+imamat.			172800	IN	NS	a2.nic.imamat.
+imamat.			172800	IN	NS	b0.nic.imamat.
+imamat.			172800	IN	NS	c0.nic.imamat.
+imamat.			86400	IN	DS	50965 8 2 A76C5431030FBEF036B5008BC289A1614207D3447E7D8D565065F50ED9543E6A
+imamat.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . tdl9UvC2UYmzaoKQyhApqCWTyR7a5zoC7J7167weo+jvBWalkTWWMDr3BFvWQkkTl4Vi+pMzqZi4Hby5X3g/sdyOvTVMC/1GAGNjyrzAqlFA1grqdcyurGgqiYrTTlrRblw1E1+MUU32NgxfNuonWm4INfKGVFHw1/GO/iivjlQHXMK4pFTfDm2oipHmNX4FxL7dzAAJ4AQOm4+VL+EIvCMo+CsKf3c/KNx8WVUvwwkpBqlDpcXc3DHsqa1jME+a5DYcE6+UCUg0TO/AIK0bO9X0OBdEsEyzjkzP0Q8d+ozzE6CVICYH32c05ZMgt7GvG71FFqWBwNLwOIL7B9IDgQ==
+imamat.			86400	IN	NSEC	imdb. NS DS RRSIG NSEC
+imamat.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . hlL8PVZRkP4Eg96jVAGQZ4+Tahea7ZxCIkm8qxZov/eXtr30od1m0Ss/lHHBUAaSzF6IYgpgnph+iENnUO3HFcm81bCL6mGJGaUQW0Zmr5K1aZV+Z+PFTgyC4EWJncSWgRP+KmYkUDfFUPctbwsMVWMNftyoUuPLihSqynFZfUaUpP4Bfn7V9q9LHz599gmvYhMIUDoffAfcd0hYjXR1MC2d9fuWfdEkp6VvQIU7Anw+SyrAm0QraY2+6KvplnDBodFnt8ZlL3On8HXWpPDSTsD03KVPizTTGSRu2ux8HjIL4TjlfZwbZYUgWMHZS63Wg2u4poIqKL4oY882Cidjdg==
+a0.nic.imamat.		172800	IN	A	65.22.44.9
+a0.nic.imamat.		172800	IN	AAAA	2a01:8840:2a:0:0:0:0:9
+a2.nic.imamat.		172800	IN	A	65.22.47.9
+a2.nic.imamat.		172800	IN	AAAA	2a01:8840:2d:0:0:0:0:9
+b0.nic.imamat.		172800	IN	A	65.22.45.9
+b0.nic.imamat.		172800	IN	AAAA	2a01:8840:2b:0:0:0:0:9
+c0.nic.imamat.		172800	IN	A	65.22.46.9
+c0.nic.imamat.		172800	IN	AAAA	2a01:8840:2c:0:0:0:0:9
+imdb.			172800	IN	NS	dns1.nic.imdb.
+imdb.			172800	IN	NS	dns2.nic.imdb.
+imdb.			172800	IN	NS	dns3.nic.imdb.
+imdb.			172800	IN	NS	dns4.nic.imdb.
+imdb.			172800	IN	NS	dnsa.nic.imdb.
+imdb.			172800	IN	NS	dnsb.nic.imdb.
+imdb.			172800	IN	NS	dnsc.nic.imdb.
+imdb.			172800	IN	NS	dnsd.nic.imdb.
+imdb.			86400	IN	DS	20815 8 2 E3CC51FE5A9A31AE6FAC92900038DCA9B523511B22158A08D8093220AF88E4D7
+imdb.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . rdVj//62ywENby40/JV3DyJORB9Lw/rbZYU8rqb2CyR9+5iFHM1R54ppQjAbPp3Nw+UFxpsuwKkrdQbn2hUw0LyExgfP2sDDodj5uADLyfWWHhOJX2YztvD0y5yzJLRM3TGQ1L2mCcnbplGsbscH2IKfVKQWUQI77Rc2i8CDL4QrAgZ9hn7BMIm7hbqJ4uIpwAj84Uz2sek/V1e75FIyBKlFm9Ml5udas2J1HJ2AoV+lttzQr0orEmzFHcjTL3XA0+RBWaHwc6sHSCgSABEszpnlZsksjUG9/bZdPa462jnyVJu8jPPJ5Xt5DWaDfrWswYpNyJr40IPwxZIUhRx07w==
+imdb.			86400	IN	NSEC	immo. NS DS RRSIG NSEC
+imdb.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . s1LLWDyz+sTRRc4WOHz5lSTU6PbKLD+FJPrxOeEAZ2GYsOGtORhtHZ0LpNmz+wO3O9by+p196/OSC8x/L58iPDuZwUeFnqMmqi69SV9EtEsFQ03wFwjqq4LRUhiBKf3QwAU+vWyp7eXRMf0Ik4OKjDgprEe/b3LU0uu/ANYnnOOGNx6fLGmnQDygxmm8feK35SNO3DhSsVmoUj3pbC7BiKD+szO92xVcDujqwopEWSv1nPFst2qH2MCzMK0SfRU/Yz4lTNYTxlA1d1NOhLaVaZlq5jt/PXh+anYWHSMduQ6IonDqr+91yjJ+ANJ+wFyOGkvp2+1XZ5rBChzl0rtxtw==
+dns1.nic.imdb.		172800	IN	A	213.248.218.50
+dns1.nic.imdb.		172800	IN	AAAA	2a01:618:402:0:0:0:0:50
+dns2.nic.imdb.		172800	IN	A	103.49.82.50
+dns2.nic.imdb.		172800	IN	AAAA	2401:fd80:402:0:0:0:0:50
+dns3.nic.imdb.		172800	IN	A	213.248.222.50
+dns3.nic.imdb.		172800	IN	AAAA	2a01:618:406:0:0:0:0:50
+dns4.nic.imdb.		172800	IN	A	43.230.50.50
+dns4.nic.imdb.		172800	IN	AAAA	2401:fd80:406:0:0:0:0:50
+dnsa.nic.imdb.		172800	IN	A	156.154.100.3
+dnsa.nic.imdb.		172800	IN	AAAA	2001:502:ad09:0:0:0:0:3
+dnsb.nic.imdb.		172800	IN	A	156.154.101.3
+dnsb.nic.imdb.		172800	IN	AAAA	2001:502:2eda:0:0:0:0:3
+dnsc.nic.imdb.		172800	IN	A	156.154.102.3
+dnsc.nic.imdb.		172800	IN	AAAA	2610:a1:1009:0:0:0:0:3
+dnsd.nic.imdb.		172800	IN	A	156.154.103.3
+dnsd.nic.imdb.		172800	IN	AAAA	2610:a1:1010:0:0:0:0:3
+immo.			172800	IN	NS	v0n0.nic.immo.
+immo.			172800	IN	NS	v0n1.nic.immo.
+immo.			172800	IN	NS	v0n2.nic.immo.
+immo.			172800	IN	NS	v0n3.nic.immo.
+immo.			172800	IN	NS	v2n0.nic.immo.
+immo.			172800	IN	NS	v2n1.nic.immo.
+immo.			86400	IN	DS	32956 8 2 87B32E0AAC22FDD5BF233FACA5EDFD1307B914EFECEF3778D6644CAA8037F707
+immo.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . Zwo24sWgGCqS6auD1wdMh6CpdaVY/Tc0FWKmYJe5IFLK8DytrQXO50sYNaM4YKxgvms6XHuBlDStjwJq0aCZdnxoKGhNLaSoJOYBvUkVnBGr4szrnb8mS5YyzAYbIYfzTIUNKIguM7SqXNqz1Jy75d1Tyv9nGJa3HpejAigwF0LUF+eSWVjTk8k15w+dfQaVeahP9tU0HYi85tMtbE6betqBDGnLdX3KT5MIsA9B+fLHhri8c7IJkaWGJGZ0O4Bu+MWYmZuZNAR8i/2FSIxTSBctMkXr5wT7WKMfd3Hz5QfPH4h/JrK1kRTujsxVp7ReOl4jjC9UMk9vatMVSzQn2A==
+immo.			86400	IN	NSEC	immobilien. NS DS RRSIG NSEC
+immo.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . Lazgsj8YH395ri1/DGWmMTir9QmNEJrMVFVJiYh6s4FboYiUhkj+1vGRUhgYV0gawJaB4FJSpPu21HwAH3svTWjPR5LF/W4caCU6Oe/qzvRnvfRqa7XVlM3AqC/R9oX+pGxY45qMhwwNgqJQ2QRNOF9ozO4oRp3SveaHJXKWWmEClwJfM8xxQq5H8UPi+htN9c3AH+Bi3UMb1pGpnwiDrQd49N92KEIlIgPPcYUn7pcarmEW+U69zvyBgfmpyzZLj9U0RzORxM+KR0CjpRQAgPl+9UnOFHw0ZO7gnpItuunUSmnNi808ANcaNkJgEgXEYaAEZPz5RnXt3cgQ7atmiw==
+v0n0.nic.immo.		172800	IN	A	65.22.28.42
+v0n0.nic.immo.		172800	IN	AAAA	2a01:8840:1e:0:0:0:0:42
+v0n1.nic.immo.		172800	IN	A	65.22.29.42
+v0n1.nic.immo.		172800	IN	AAAA	2a01:8840:1f:0:0:0:0:42
+v0n2.nic.immo.		172800	IN	A	65.22.30.42
+v0n2.nic.immo.		172800	IN	AAAA	2a01:8840:20:0:0:0:0:42
+v0n3.nic.immo.		172800	IN	A	161.232.14.42
+v0n3.nic.immo.		172800	IN	AAAA	2a01:8840:f8:0:0:0:0:42
+v2n0.nic.immo.		172800	IN	A	65.22.31.42
+v2n0.nic.immo.		172800	IN	AAAA	2a01:8840:21:0:0:0:0:42
+v2n1.nic.immo.		172800	IN	A	161.232.15.42
+v2n1.nic.immo.		172800	IN	AAAA	2a01:8840:f9:0:0:0:0:42
+immobilien.		172800	IN	NS	v0n0.nic.immobilien.
+immobilien.		172800	IN	NS	v0n1.nic.immobilien.
+immobilien.		172800	IN	NS	v0n2.nic.immobilien.
+immobilien.		172800	IN	NS	v0n3.nic.immobilien.
+immobilien.		172800	IN	NS	v2n0.nic.immobilien.
+immobilien.		172800	IN	NS	v2n1.nic.immobilien.
+immobilien.		86400	IN	DS	11665 8 2 11C89F087B187155D5736C648887B4F34348268895910F202AA61E5C19C5F7E3
+immobilien.		86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . QCwm4XhlZd6oyQTHcnz8PzHmHVCtnRkvStXgfJqQowJNFQBYDGCbC0VBeZ93zQHbL8JqLDoEDFlZSMwFfgft+yLxFdOaA2JLvJbLyA+YCj3YuIUcY2WJf95FS1K2xp5a6iwbNh4oNZOrSMqDuwCJbKagcPne37CwftpEmnUSz8uQB0MO44WQUrc0tMD4/l44oscvc1iNO3rdkIZJ4cAMrA6bO6FyJ11npTwkTKsGOYu/F2rIZ5kyee8C6blyeWcX/jxUpBjBk9/Esd7R0cINxHCN7eOdIDLp9derY1wmGIdJ37LEluRGqmf5KKdtmQaiPNKjnTytV1zHYfiHLhWcOA==
+immobilien.		86400	IN	NSEC	in. NS DS RRSIG NSEC
+immobilien.		86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . mE8ope1ys3HWfPuR2w2AVHZZBwUsqpch4j8jXskPlM5+6RbFcQghMKdwYua/c6O3hbxnfGivzUSrGryBolB6CR8S96y4zB/hTTj8MtkSIdNcGsQKsZy+Zn9ePA2YlT+3Y4sNPh2kemORD5uwRwHHVVj/4tU8hkgKPmgYWO+sXskwOhbS1hIyBigmr99HszM0ImJShNfFUYBsw8BjXHWXLzD4ULXo6l1eOB4MmQ+bbcwNNif4JXpM/b8NQoD7sN5HOD1ZtTky7ZsEF0bSmxKoB2sFCzAVJg+Ytg+2XPe2wyi34Vgcn28LkFTQsVEpYJ+HlpMsR+1UecSxeXgUNBGceA==
+v0n0.nic.immobilien.	172800	IN	A	65.22.24.19
+v0n0.nic.immobilien.	172800	IN	AAAA	2a01:8840:1a:0:0:0:0:19
+v0n1.nic.immobilien.	172800	IN	A	65.22.25.19
+v0n1.nic.immobilien.	172800	IN	AAAA	2a01:8840:1b:0:0:0:0:19
+v0n2.nic.immobilien.	172800	IN	A	65.22.26.19
+v0n2.nic.immobilien.	172800	IN	AAAA	2a01:8840:1c:0:0:0:0:19
+v0n3.nic.immobilien.	172800	IN	A	161.232.12.19
+v0n3.nic.immobilien.	172800	IN	AAAA	2a01:8840:f6:0:0:0:0:19
+v2n0.nic.immobilien.	172800	IN	A	65.22.27.19
+v2n0.nic.immobilien.	172800	IN	AAAA	2a01:8840:1d:0:0:0:0:19
+v2n1.nic.immobilien.	172800	IN	A	161.232.13.19
+v2n1.nic.immobilien.	172800	IN	AAAA	2a01:8840:f7:0:0:0:0:19
+in.			172800	IN	NS	ns1.registry.in.
+in.			172800	IN	NS	ns2.registry.in.
+in.			172800	IN	NS	ns3.registry.in.
+in.			172800	IN	NS	ns4.registry.in.
+in.			172800	IN	NS	ns5.registry.in.
+in.			172800	IN	NS	ns6.registry.in.
+in.			86400	IN	DS	25291 8 2 2945B61339DFA7221AD82D5C6C7E3CE4E9C2523E7754ACC8131D0EF94617E2F2
+in.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . VffWdUCKf6ii6PzlXUAubVuFgxg66bnhrVIj3IZHErqKNpRu2REnIY/SAFaCizVSpAL+fZCU75X9Zg/GyEYEbELqok0hSnD6raeSy7Fc+fDeTDc7g/AA8mVfjlu8onqopX2Seg8JVFSwTDxhwIi//0plkxzOLOQ0Dxl1tJHjD/i0OsP4yIF+c28kd6fRIfHTJitfucDQrIU9foalRxAKez73waWd7kJzBpRPqg+9udwwvF+uQoEPm4SMv32Rnqg4zm7Zw0EmXJh+xRQ9+VaAVFBY1I3ADR76f5MXiUQfr28TM/SG8PdeNW68CM3fEFD+eOvGXYMm6brRuijftitbAQ==
+in.			86400	IN	NSEC	inc. NS DS RRSIG NSEC
+in.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . H1rbRwFQYk2Nz0VNUjtjmRo7KCECg++JoblxiBHJTj2bbz27PXfeWUKxFUlYvRR9ElY2sSGDJabYTvu+wq1x1SBflYTgnuiItoGUwlmPxjT4M+5ZBfF5oWPwdgC1rarCpl95+9ZN5SK1gvvkpD0C1znlzzz22mbXRhtW2PUgu0Zzgmi0/Q8AN39dlZHDmeNpQttmCZodiBzDIkInkgiluOvKDnh9c0piy2iVBnWlg7WDF4jkiEZeNWDOZQ6OC/mGP/GybM4ekdrSydsk+aidxAc8Hb9qkg5IACEDJI7uV51DY7IGZGQuF+s30O8yK5o/pn8eGaMXSV48tiigWICwkg==
+ns1.registry.in.	172800	IN	A	37.209.192.12
+ns1.registry.in.	172800	IN	AAAA	2001:dcd:1:0:0:0:0:12
+ns2.registry.in.	172800	IN	A	37.209.194.12
+ns2.registry.in.	172800	IN	AAAA	2001:dcd:2:0:0:0:0:12
+ns3.registry.in.	172800	IN	A	37.209.196.12
+ns3.registry.in.	172800	IN	AAAA	2001:dcd:3:0:0:0:0:12
+ns4.registry.in.	172800	IN	A	37.209.198.12
+ns4.registry.in.	172800	IN	AAAA	2001:dcd:4:0:0:0:0:12
+ns5.registry.in.	172800	IN	A	156.154.100.20
+ns5.registry.in.	172800	IN	AAAA	2001:502:2eda:0:0:0:0:20
+ns6.registry.in.	172800	IN	A	156.154.101.20
+ns6.registry.in.	172800	IN	AAAA	2001:502:ad09:0:0:0:0:20
+inc.			172800	IN	NS	a.nic.inc.
+inc.			172800	IN	NS	b.nic.inc.
+inc.			172800	IN	NS	c.nic.inc.
+inc.			172800	IN	NS	d.nic.inc.
+inc.			86400	IN	DS	13636 8 1 6EAEBC6DDC7E32668027D425FE37084D6CB2D13D
+inc.			86400	IN	DS	13636 8 2 1F6E64CBE2F9FF7A4D33195D8EE394E09E58CB89477523A1B5B1113B0CD6C3F5
+inc.			86400	IN	DS	18077 8 1 B1D522ED8FEEEAF6EAD2504C9460101CFB98A195
+inc.			86400	IN	DS	18077 8 2 42F81B888D9B44D561060B7DC32796807F2A99F2D151B3837019ABA31C8966A0
+inc.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . xsk1Ho1jZ4SNSe52IUI85qbJK87/tzwVLjZGX/7LF0h9iJezmwkPV5Kv83nrZ2SacvaqeVrVz5ykz2kRKDBF9rE5g037zl/Lp53oTpci+Tmle3ddhFAVIh7CT7SIM33n6GpIe1NM4CclH62CgcGByqT6VcKQOaeVJvTpHRHY15Uc9wH+v547viHuxAEp+idm+EeNMU6jegMyz3kXOOUZnt4JDSMolrBaSCOXHiH7TU/ngFbNavTJrIeCgNJGFZ3dOCG2PsLhXYK3dd4HyXpb/5yo4X6Sqdh3oh7KSewMdlicHEPP2E4wgsx3/8X8XfZwHoWngqneJBlA7KmvULQr+A==
+inc.			86400	IN	NSEC	industries. NS DS RRSIG NSEC
+inc.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . YH7lpgo5pGQjifIy9NEwbkz3cFkX+WHlEpttL3XDnY7yC9r5WGrrTEqCAhsC737iliz5SHzlgC/7JXAmYX0wseL0IBW0bZUhfr6ykaedjIpEuts5MOCx9GyScgWuPsP/VlkY4s+UKt7fW4vwYlBpZK/w8O40H284rJb0E2d7RiA7g74El1CeTfoqgfDWymIx/3Yb4gCAG1CL/vC7K5uleaePQc2bBg7fyiCWvD3RMCPGs/ftGZIpjDlmdrKLoB2doYS1jJoxWsC316gW3LiRtjvrJmpVuI5KRA1QvDIGZbAparxPoQIwtxi6Rqndm8yeOHaxXDjj66tASJiw5Zy0TQ==
+a.nic.inc.		172800	IN	A	194.169.218.137
+a.nic.inc.		172800	IN	AAAA	2001:67c:13cc:0:0:0:1:137
+b.nic.inc.		172800	IN	A	185.24.64.137
+b.nic.inc.		172800	IN	AAAA	2a04:2b00:13cc:0:0:0:1:137
+c.nic.inc.		172800	IN	A	212.18.248.137
+c.nic.inc.		172800	IN	AAAA	2a04:2b00:13ee:0:0:0:0:137
+d.nic.inc.		172800	IN	A	212.18.249.137
+d.nic.inc.		172800	IN	AAAA	2a04:2b00:13ff:0:0:0:0:137
+industries.		172800	IN	NS	v0n0.nic.industries.
+industries.		172800	IN	NS	v0n1.nic.industries.
+industries.		172800	IN	NS	v0n2.nic.industries.
+industries.		172800	IN	NS	v0n3.nic.industries.
+industries.		172800	IN	NS	v2n0.nic.industries.
+industries.		172800	IN	NS	v2n1.nic.industries.
+industries.		86400	IN	DS	9211 8 2 8AB45E54723F63CE648E7A3679C9518E476AFA4FD9A719C826378C5BC69F31E0
+industries.		86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . Px+prpWKjFxfuVnXjEoU4P2TcjsnUcEY4IL5BP73rg40lnMMbr0soJA+q/VGMMYk6c3ZATywWsMuMWjDlEj0Da2MLrt27OBe+uh/9UshksWYH8Ido8dBbwWHsbCCMQaMCOBAXoPGofIxoCBEo4yUNPMebiwq8uI7ICp90G/vK50AECiuHPccoNCBYTAQqTGfs5zJaPg84RmCwCD8FSXOz10s1IAtpw28RyVMm4km+YX7ZpmJzsCTBcKhrEW/qwlbWNw7GFDwb/AimbtPbP8J3FOHP7KOdudA5Qa6VOjU0p/l6zV1mDRNXMzAjlk9uAWEDlB4I15P2fpAH05zKElJRQ==
+industries.		86400	IN	NSEC	infiniti. NS DS RRSIG NSEC
+industries.		86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . aer+zqgHGrP9QtVvHN+DK+5fUz6NW2i8AwNqnSRHItYre8I/b3b8kJlJs9L2k91kcVYN6FmGKgGEswoVccy6PT6v6hd6OS6vU0QcavUtNDXWuXSIpXr5p7Vd+3MySZQY+Ui/Y4A1LHkmfJoIAr52XRsvKl8msx7ONjTwuuERBhfTEzGZSj0d91dVFWjF6Wyh6GiB8wIQigF+lx5z+sK6DoBfVQvWz1SLyc+nPe4hRxYsUdeXtl5T0Rq94fIno8vt6KfRpVL1mJJJNW23dWAJJ6qm027xS9ZFVxeU8Sh3oxz5sS/9QHfFwottsJK/S3urogYMuqA6mlLv3x4t1m72lQ==
+v0n0.nic.industries.	172800	IN	A	65.22.20.55
+v0n0.nic.industries.	172800	IN	AAAA	2a01:8840:16:0:0:0:0:55
+v0n1.nic.industries.	172800	IN	A	65.22.21.55
+v0n1.nic.industries.	172800	IN	AAAA	2a01:8840:17:0:0:0:0:55
+v0n2.nic.industries.	172800	IN	A	65.22.22.55
+v0n2.nic.industries.	172800	IN	AAAA	2a01:8840:18:0:0:0:0:55
+v0n3.nic.industries.	172800	IN	A	161.232.10.55
+v0n3.nic.industries.	172800	IN	AAAA	2a01:8840:f4:0:0:0:0:55
+v2n0.nic.industries.	172800	IN	A	65.22.23.55
+v2n0.nic.industries.	172800	IN	AAAA	2a01:8840:19:0:0:0:0:55
+v2n1.nic.industries.	172800	IN	A	161.232.11.55
+v2n1.nic.industries.	172800	IN	AAAA	2a01:8840:f5:0:0:0:0:55
+infiniti.		172800	IN	NS	a.gmoregistry.net.
+infiniti.		172800	IN	NS	b.gmoregistry.net.
+infiniti.		172800	IN	NS	k.gmoregistry.net.
+infiniti.		172800	IN	NS	l.gmoregistry.net.
+infiniti.		86400	IN	DS	54241 8 2 4BA4A2E65269A0D1E93C17C160C744302700307D21C67889B9ABAC72644C5227
+infiniti.		86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . IdnM5VJQF5op35rpEepDVv+/2hQfQ5cB2QVnavs691wbsf9Ru2yMnK780vY7xiWiFzPvxDUOmdbx46WFExKX2lJSFxfHDFuweYdzXnzrXHt4zJnTRXwukzuOufnGXZmb3O1Gad2gcZ1ZLYRXk81QZdwoBgcagHe8D01DpqyL33QMWfu68uuMG8rzdCWTcqNbTces7abUKfgeIJE8momM5QHsAf/osOxmeDTejMpj/nzrgPozr8ux+Fw4LCJ29BR/QPSagfKuorp+K+bEvkz+NoE93TmLG+9VeigN/TDYVXwnyocRT8551IKaDMiMO1rX2bpWlykWZcnXir/aE3wn9A==
+infiniti.		86400	IN	NSEC	info. NS DS RRSIG NSEC
+infiniti.		86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . rsVUCvPlOevrIbXNCUaT4a5QICLlxBuq7z26NScNRLoJjMAwIwn1diT8UImETF0XtWAvn+IDKLvki4KUZBWhmiv/z1meiR+KYLJOqg2Y4qL7gpCBgO2QA1DviriqDuU6n7NxIIzrMrBnQ/yiSk4x6Qm1jZSeh9vcpWtw9OsaCI3RtdCAYvP8mVBhZTOxZCq/tGN1z9NEq5jO+m8B77pI6yTO7ygZkyTJNB4keQos+UKZkTJ+UwNPR2/NKyUkffmyVLlyWt3t0ZfmWNJP0e6ieAEV3mrxlBTByCGHZS8ZrdkNaBJydxhphQYg13LFkMbYClRw0AYIDXUhxppEG0BSBg==
+info.			172800	IN	NS	a0.info.afilias-nst.info.
+info.			172800	IN	NS	a2.info.afilias-nst.info.
+info.			172800	IN	NS	b0.info.afilias-nst.org.
+info.			172800	IN	NS	b2.info.afilias-nst.org.
+info.			172800	IN	NS	c0.info.afilias-nst.info.
+info.			172800	IN	NS	d0.info.afilias-nst.org.
+info.			86400	IN	DS	5104 8 2 1AF7548A8D3E2950C20303757DF9390C26CFA39E26C8B6A8F6C8B1E72DD8F744
+info.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . x+LjIlSThQrYPaCfR9LjHP2baVcOGeXYd7R5/nXqte4t5gDuUBX1gDhMt8BPx2IdFSfRro5O/8D304mc1Ix65tMRfLq22cwHavkTqioxG/PN29JpVPEs+D3SSPwHq96Yj3wm1tayo3YCOcH7S1uLYJtWWfO/b9ux/q1f9s3Xg798l381RhN4KNN3Ok9NFWsHoXncCQzokt9bkLsdm5XPME+ZCercmduTg9i2jzFYrxtUdn+z2l+mVyzXtLb7cR9Fmu2K11VOEquv87KWmU6aYrImHR3Cp6H3KPTVVOZIM72bjRF2KmuZf4HqHi0Mgjkl5Ijn8pgXiycS5SQk9Csw9Q==
+info.			86400	IN	NSEC	ing. NS DS RRSIG NSEC
+info.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . Gz9u7kHZN4nN867l/kiXFEzJxZulpXnGoYb3NxETsw7DZngSQ4SKObwQiDQQsm09V3TSKVvCcz0mnLe6p69VfsW43WU1Gqp7tX+d6uaNcry2rBBTSGeNmQUtrrNXV0rZYs/JeoqqIWwD0ojca8mouvR18nIeDUJPepFDLNX4ow/GFGivbmmahh4hvdyq7AN1tdX37UJfwPkFWmUjfSs/fFnCdU71rr2cRPaWSCOi10dblrgwbCzY1QbkucZxukn59e4tXBWxLeV43v1Dxx/ZtdT0Tzfo+SDmMlXCl3dIFVnw7BzP08oJUcLIFyqOlFHICwUDYR0JniXxXYfJ8luqoA==
+a0.asia.afilias-nst.info.	172800	IN	A	199.19.55.1
+a0.asia.afilias-nst.info.	172800	IN	AAAA	2001:500:d:0:0:0:0:1
+a2.asia.afilias-nst.info.	172800	IN	A	199.249.114.1
+a2.asia.afilias-nst.info.	172800	IN	AAAA	2001:500:42:0:0:0:0:1
+c0.asia.afilias-nst.info.	172800	IN	A	199.254.29.1
+c0.asia.afilias-nst.info.	172800	IN	AAAA	2001:500:17:0:0:0:0:1
+a0.bm.afilias-nst.info.	172800	IN	A	199.254.59.9
+a0.bm.afilias-nst.info.	172800	IN	AAAA	2001:500:25:0:0:0:0:9
+a2.bm.afilias-nst.info.	172800	IN	A	199.249.116.9
+a2.bm.afilias-nst.info.	172800	IN	AAAA	2001:500:44:0:0:0:0:9
+c0.bm.afilias-nst.info.	172800	IN	A	199.254.61.9
+c0.bm.afilias-nst.info.	172800	IN	AAAA	2001:500:27:0:0:0:0:9
+a0.cctld.afilias-nst.info.	172800	IN	A	199.254.59.1
+a0.cctld.afilias-nst.info.	172800	IN	AAAA	2001:500:25:0:0:0:0:1
+a2.cctld.afilias-nst.info.	172800	IN	A	199.249.116.1
+a2.cctld.afilias-nst.info.	172800	IN	AAAA	2001:500:44:0:0:0:0:1
+c0.cctld.afilias-nst.info.	172800	IN	A	199.254.61.1
+c0.cctld.afilias-nst.info.	172800	IN	AAAA	2001:500:27:0:0:0:0:1
+a0.info.afilias-nst.info.	172800	IN	A	199.254.31.1
+a0.info.afilias-nst.info.	172800	IN	AAAA	2001:500:19:0:0:0:0:1
+a2.info.afilias-nst.info.	172800	IN	A	199.249.113.1
+a2.info.afilias-nst.info.	172800	IN	AAAA	2001:500:41:0:0:0:0:1
+c0.info.afilias-nst.info.	172800	IN	A	199.254.49.1
+c0.info.afilias-nst.info.	172800	IN	AAAA	2001:500:1b:0:0:0:0:1
+a0.mobi.afilias-nst.info.	172800	IN	A	199.254.55.1
+a0.mobi.afilias-nst.info.	172800	IN	AAAA	2001:500:21:0:0:0:0:1
+a2.mobi.afilias-nst.info.	172800	IN	A	199.249.118.1
+a2.mobi.afilias-nst.info.	172800	IN	AAAA	2001:500:46:0:0:0:0:1
+c0.mobi.afilias-nst.info.	172800	IN	A	199.254.57.1
+c0.mobi.afilias-nst.info.	172800	IN	AAAA	2001:500:23:0:0:0:0:1
+a0.org.afilias-nst.info.	172800	IN	A	199.19.56.1
+a0.org.afilias-nst.info.	172800	IN	AAAA	2001:500:e:0:0:0:0:1
+a2.org.afilias-nst.info.	172800	IN	A	199.249.112.1
+a2.org.afilias-nst.info.	172800	IN	AAAA	2001:500:40:0:0:0:0:1
+c0.org.afilias-nst.info.	172800	IN	A	199.19.53.1
+c0.org.afilias-nst.info.	172800	IN	AAAA	2001:500:b:0:0:0:0:1
+a0.post.afilias-nst.info.	172800	IN	A	65.22.0.1
+a0.post.afilias-nst.info.	172800	IN	AAAA	2a01:8840:0:0:0:0:0:1
+a2.post.afilias-nst.info.	172800	IN	A	65.22.4.1
+a2.post.afilias-nst.info.	172800	IN	AAAA	2a01:8840:4:0:0:0:0:1
+c0.post.afilias-nst.info.	172800	IN	A	65.22.2.1
+c0.post.afilias-nst.info.	172800	IN	AAAA	2a01:8840:2:0:0:0:0:1
+a0.pr.afilias-nst.info.	172800	IN	A	199.254.59.17
+a0.pr.afilias-nst.info.	172800	IN	AAAA	2001:500:25:0:0:0:0:17
+a2.pr.afilias-nst.info.	172800	IN	A	199.249.116.17
+a2.pr.afilias-nst.info.	172800	IN	AAAA	2001:500:44:0:0:0:0:17
+c0.pr.afilias-nst.info.	172800	IN	A	199.254.61.17
+c0.pr.afilias-nst.info.	172800	IN	AAAA	2001:500:27:0:0:0:0:17
+a0.pro.afilias-nst.info.	172800	IN	A	199.182.0.1
+a0.pro.afilias-nst.info.	172800	IN	AAAA	2001:500:c0:0:0:0:0:1
+a2.pro.afilias-nst.info.	172800	IN	A	199.182.32.1
+a2.pro.afilias-nst.info.	172800	IN	AAAA	2001:500:e0:0:0:0:0:1
+c0.pro.afilias-nst.info.	172800	IN	A	199.182.16.1
+c0.pro.afilias-nst.info.	172800	IN	AAAA	2001:500:d0:0:0:0:0:1
+ns2.asnic.info.		172800	IN	A	103.49.83.254
+ns2.asnic.info.		172800	IN	AAAA	2401:fd80:403:0:0:0:0:254
+ns01.trs-dns.info.	172800	IN	A	185.159.198.3
+ns01.trs-dns.info.	172800	IN	AAAA	2620:10a:80ab:0:0:0:0:3
+ns2.uniregistry.info.	172800	IN	A	64.96.2.1
+ns4.uniregistry.info.	172800	IN	A	185.159.198.3
+ns4.uniregistry.info.	172800	IN	AAAA	2620:10a:80ab:0:0:0:0:3
+ns6.uniregistry.info.	172800	IN	A	206.51.254.2
+ns6.uniregistry.info.	172800	IN	AAAA	2620:171:804:ad2:0:0:0:2
+ing.			172800	IN	NS	ns-tld1.charlestonroadregistry.com.
+ing.			172800	IN	NS	ns-tld2.charlestonroadregistry.com.
+ing.			172800	IN	NS	ns-tld3.charlestonroadregistry.com.
+ing.			172800	IN	NS	ns-tld4.charlestonroadregistry.com.
+ing.			172800	IN	NS	ns-tld5.charlestonroadregistry.com.
+ing.			86400	IN	DS	27256 8 2 F7B48A11530565EAD3CC6CCDCCE9841B6A65A707EA8CC20A4D81F9AEB7656A91
+ing.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . B391e3mly8FgP6OsOWMMjKPi88NlvptkFozzL3CeTE0c+qHxcRQEwylJWIvjFcnxjCHi2LjRG7t7/L/3frwx6rTOrmeXFXk2Kpjc7s75StmJAuISEdsNspzMhx8pw0UBCrnywIxfqkp5kej/+JgjziEmcR809X6iShKk6SKDmhJ11iv0bpU8urrJBhHqkaMm150rvlv4JYQafdRNHU1JMHvsduGsPIW6MJSip0KFkfkDePUmpR7+YW1F5AMdA1eRxfvjZKyUZaEPsXkNXVK3qjdmPThUnkcTo44Cxrnba/Ynaj6ElPqiPl2bfy2Z1sVYGuIfWqVeXF/PwRcOf3WUqA==
+ing.			86400	IN	NSEC	ink. NS DS RRSIG NSEC
+ing.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . d3O5fmcltmQjTELJlULG9P4cKvbc0+i1eDaT8IUAUeR7fNy24l2eRGuV7uEFeS+K+FbNznntof53y7x89KRK5xoS5ESum23O0xUQMkyL9FmSNaeRFTL5Q/ajD2JtHrYPwE5dufBazLd/mvlkzDuwHTZDGJgS8vrbA4tdhvTuv4ta1Cy+9JAbIorE5r+WaKxDTVtGRZQBcbZbP1QQDJi6pdkf5QtLg2GrSP2zjGrQpQnk3zUPD+dwUy5G1WonGXZhwaoJBMlFoOwMGgvy7J56mjCh8cwd/oOd6qBi5eZMTz/KVKcHimxU5ClMfFnZUq6+WdRLh60Wom7hpx+87ZbF3Q==
+ink.			172800	IN	NS	a.nic.ink.
+ink.			172800	IN	NS	b.nic.ink.
+ink.			172800	IN	NS	c.nic.ink.
+ink.			172800	IN	NS	x.nic.ink.
+ink.			172800	IN	NS	y.nic.ink.
+ink.			172800	IN	NS	z.nic.ink.
+ink.			86400	IN	DS	44809 8 2 F3328D3A8A78E742E5D1E84C641F399E944D62A290651D21DFFEE632AB6AD01E
+ink.			86400	IN	DS	48370 8 2 9AE237CAC9D9160455E023B1097161F066C986F9821247DD279B1C84F5163716
+ink.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . ITsq42OavfySUUNhTlUfXu/rb8Mq3XYAC8PHtXFuDTlMQEnxOnqZT4RZ98SZjAQ1C742wK4g1ARZ0Wk9ubAoyEPP24e9Zrwl4z3Uj10EoHNkBCKqpPdiloFc8k/KJnB5kalrczPQncRAZlaLkAUuHKI+VuJW2+P7ZuwMqqpU9Eq6XRacAiOWBuGE8Urst6aup/8c4ZkXjD/9cIHvPlLGAgcvyEBZmtBMLHCJ72ziy7KEo5BwuKFYHqabaFQsZ71LXVQiU+Kj6ZNHFTVUEaFVWDLBV7/4agpztOALiZcZTlV2a+u3FRwxb4opN9tXKBclgXCuw9vVmDYhYRqTJfwH2Q==
+ink.			86400	IN	NSEC	institute. NS DS RRSIG NSEC
+ink.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . vWrQmvZ6u4dlM0pr9VvvbVLmtNiuiC/bbLkiDGhJTYUXBKGIfS+RcMAc2acweIe3cd64201sYLih2LPs8Icojy/I62kOYfkbawgrZVPsssN1oX/KYKe9OOksv9LcylfJzE1eTi5+OaSA7+wz6PYVsHTPav8ZopE27YzOekjwxCBHSXbOFUgIw+SYrOVjeCOhTS8ndznhVFtjzF88s1CIRMrtBk7iJhf9aJuUQYGlr2VRuuGxBhZUKM4z5VlcoJgc55AjkrdO3kHL4Tc9+x+s1a3J0mjf5wLv/cQ7/umzma2G5Fsgi58W3s7Z3dxMHvPM3y/QFi2AMXrpzP7rAYJzfg==
+a.nic.ink.		172800	IN	A	37.209.192.10
+a.nic.ink.		172800	IN	AAAA	2001:dcd:1:0:0:0:0:10
+b.nic.ink.		172800	IN	A	37.209.194.10
+b.nic.ink.		172800	IN	AAAA	2001:dcd:2:0:0:0:0:10
+c.nic.ink.		172800	IN	A	37.209.196.10
+c.nic.ink.		172800	IN	AAAA	2001:dcd:3:0:0:0:0:10
+x.nic.ink.		172800	IN	A	156.154.172.82
+x.nic.ink.		172800	IN	AAAA	2610:a1:1074:0:0:0:1:82
+y.nic.ink.		172800	IN	A	156.154.173.82
+y.nic.ink.		172800	IN	AAAA	2610:a1:1075:0:0:0:1:82
+z.nic.ink.		172800	IN	A	156.154.174.82
+z.nic.ink.		172800	IN	AAAA	2610:a1:1076:0:0:0:1:82
+institute.		172800	IN	NS	v0n0.nic.institute.
+institute.		172800	IN	NS	v0n1.nic.institute.
+institute.		172800	IN	NS	v0n2.nic.institute.
+institute.		172800	IN	NS	v0n3.nic.institute.
+institute.		172800	IN	NS	v2n0.nic.institute.
+institute.		172800	IN	NS	v2n1.nic.institute.
+institute.		86400	IN	DS	46447 8 2 1068CBCEF5B14E4B888A50B79E38B75630C1DDA2067D1AA13640A6158E984C6C
+institute.		86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . L7iLbKXnTWHqgyTQJ7Eur3jePF+3FaxRGUUP99f3w0lU6Bog32HjCraIaMJe3bsxw50TWmPhYvvhiJM40eYrB07GQQjRqJ/RwhFacVu4zWL/h9SWKRJvr+HD9SsVg3tOD5FuCzm2y4y3aGJZP1zILyhgBwIOQRCrWnRwxmxwjJRZc+RocNEVTspl91xG47fC8usAH1VmYmUmraDcQq8Weqj3dOX7WmDnOGsW5IdIYQQz2G1rPuxxPv6DvED2FMdbAFbPHgcWl1rEhJBDHPv7jXa7+Tlx8ddfpGwRo1keB8ADwtWep+555A3gqpVvttTom2KFeanKBxo6xVbf63PhQQ==
+institute.		86400	IN	NSEC	insurance. NS DS RRSIG NSEC
+institute.		86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . gZr2HVISOgRXnMrp4mabkH/jnjNviix/Z9AN3nH1hnVP4P+fxvni908cHTTbh+KP6k/rIzCaeUtmAJPE3bK12/JCi0G82O6ZWvNqm2EUiK+rDY7mwTRQUHZiFn49n1ZSd9UjqAnK/wJDC5A1/ORYBt4IOEZNB0sQLKbSUAS5w+70VmHUpEgmynqbnAwGXkc3yfwhAu/NA+ipTNj0L5sUivpV6PtP3Mjknefa0zl9ttIJ3m9ZOVXVBwjYSsBqYIT+we3CvkUr0ZNAEhPZGMbYCy7c7PQ+R4JvnBw+6mPafLO5ndKzU2hC/lkAwWGAOvwJV1WNx9buy/5KkCadwmYSLg==
+v0n0.nic.institute.	172800	IN	A	65.22.32.13
+v0n0.nic.institute.	172800	IN	AAAA	2a01:8840:22:0:0:0:0:13
+v0n1.nic.institute.	172800	IN	A	65.22.33.13
+v0n1.nic.institute.	172800	IN	AAAA	2a01:8840:23:0:0:0:0:13
+v0n2.nic.institute.	172800	IN	A	65.22.34.13
+v0n2.nic.institute.	172800	IN	AAAA	2a01:8840:24:0:0:0:0:13
+v0n3.nic.institute.	172800	IN	A	161.232.16.13
+v0n3.nic.institute.	172800	IN	AAAA	2a01:8840:fa:0:0:0:0:13
+v2n0.nic.institute.	172800	IN	A	65.22.35.13
+v2n0.nic.institute.	172800	IN	AAAA	2a01:8840:25:0:0:0:0:13
+v2n1.nic.institute.	172800	IN	A	161.232.17.13
+v2n1.nic.institute.	172800	IN	AAAA	2a01:8840:fb:0:0:0:0:13
+insurance.		172800	IN	NS	d.nic.insurance.
+insurance.		172800	IN	NS	e.nic.insurance.
+insurance.		172800	IN	NS	f.nic.insurance.
+insurance.		172800	IN	NS	w.nic.insurance.
+insurance.		172800	IN	NS	x.nic.insurance.
+insurance.		172800	IN	NS	y.nic.insurance.
+insurance.		86400	IN	DS	13792 8 2 EA492E4CF1888E2861F9FFFAA38A66509C854DB6AA41C4DB1DFA611AE358B23F
+insurance.		86400	IN	DS	17830 8 2 B2969B333E64714F8EA3B5D1D691FE476194FF8C5B67AC78345ECE07B77FA20C
+insurance.		86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . tX7W3ti05+l2NlB7jbmm7zWS07UcimwRrHptWA4gk5aeoCN00afbDKYzo0Ib6monVoIDsU20/r2yhASu6E3RCgYXVVOdyY8M5Oq9v/01Ya66awF564QgCuhPp1kWhUQJnfEp4eRAY6WgIjWiVuEusHQVRFKpAL/thRM7NsBM6HltcTB73+kI1Mj7jf4hzDjtjPSEwuHWfTbMJidlU3/AUJyM9Bi8mU/Rf75ppWVL3/zDg0jJP3HkhvPlwc+gAS2hC8wFBoDlr31hMww9rgf+6ZBdMVzsBl18yV62OfocloUOhO7L2H/4euwlPTZjmM3ngKZT+/T8/2rCpvc9Gd0ujw==
+insurance.		86400	IN	NSEC	insure. NS DS RRSIG NSEC
+insurance.		86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . sdT83P8mvAVKd9cA8VrrducazHfvxQo6/pEwVdoRob6wrGx0hWDuZQluQzKGVoo+H2Yd5kMzxQisKaLdteSRjtja7PXC6GIHPk8se644IGwCfyO9SU+QdgXjyVqOV2QRwNeU+1xuS57DYsiDgli47hsVfrrdsWP6l/NX/nu5T9UFr3la+gPil7XJc3bDttAGjUpCb62DzVfkmMO2diru+Q8hHfaoV0/fOCFbS/22ViGihzysEH9ifczIIq7bpA5ehFxZtN19iaaXIrEVVhsOGuXsuhIKynbvCbqeBGENDgbcPzvLKtPvYO6x0qD+SKsza9Fjo7h2hosk8SjCKBmhJw==
+d.nic.insurance.	172800	IN	A	156.154.103.22
+d.nic.insurance.	172800	IN	AAAA	2610:a1:1010:0:0:0:0:22
+e.nic.insurance.	172800	IN	A	156.154.104.22
+e.nic.insurance.	172800	IN	AAAA	2610:a1:1011:0:0:0:0:22
+f.nic.insurance.	172800	IN	A	156.154.105.22
+f.nic.insurance.	172800	IN	AAAA	2610:a1:1012:0:0:0:0:22
+w.nic.insurance.	172800	IN	A	37.209.192.10
+w.nic.insurance.	172800	IN	AAAA	2001:dcd:1:0:0:0:0:10
+x.nic.insurance.	172800	IN	A	37.209.194.10
+x.nic.insurance.	172800	IN	AAAA	2001:dcd:2:0:0:0:0:10
+y.nic.insurance.	172800	IN	A	37.209.196.10
+y.nic.insurance.	172800	IN	AAAA	2001:dcd:3:0:0:0:0:10
+insure.			172800	IN	NS	v0n0.nic.insure.
+insure.			172800	IN	NS	v0n1.nic.insure.
+insure.			172800	IN	NS	v0n2.nic.insure.
+insure.			172800	IN	NS	v0n3.nic.insure.
+insure.			172800	IN	NS	v2n0.nic.insure.
+insure.			172800	IN	NS	v2n1.nic.insure.
+insure.			86400	IN	DS	54472 8 2 FBE73379C21C9221115F502EAE725983064C91D82AF0C293A8C718CCBEE36529
+insure.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . v4gMWpwDQm+3ifsHJEUlfUh0kwkII7qlHRy8Ooidj2qvOZArYYcdCtLAEkN095KJ2PGH5wf0jC0ZEPDkzYIHQHq3ZL9MAG7j7yRxcRbM+FR3eXLPahQM5Jyr5HoSBs/XzB6rVcY2tUVh9Uvu7USCahJcYLKXb0vZ/1E6Av2I/hNjUPAgmUSmbP0xAwYlpaLUaibBPy0VTRbNaEM9FFd9W9loZMeket2SeEUKvtkqeNEMlyI/5x0rmzOcSdlp9uxlZwmwqkLr5orbPdzvcHLOuUqDnDogc76lAaHxXfRk4cppzJ6Gw7K6US7Xf7BZhk/o9DAMwws362YESxHGws3KYA==
+insure.			86400	IN	NSEC	int. NS DS RRSIG NSEC
+insure.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . dRvB/lbb4mHflIQ8ipqjxzkQwiHSPo01bV6yca+IuZ6f2n3fzWVY3yFTrv9zlflLVYZzqb9q+zij3hivaOEoxhB2z54B3pdb3+G6DsJtJFF2RtHWIDvktMVs47CW+mPH8WMjnuBd5E3zsNMkXWRbIGPfwGkp3sqEBo2jSv9X/7bplUbfqBhuYkttYNT6+UbsD1xTgMGHSm6pOWiRnM/MWnT011lWOLWGHpn4kh0fz0ogRkiXf0lq2P2vWJjOnqYppvnC6/drlps2fTvMOSllZFTkrCmc7olsAdiHmgTYnhTa71fbvw60AOWdsxk5beixDBxSjXYScCSY8ldrFnLjVQ==
+v0n0.nic.insure.	172800	IN	A	65.22.24.53
+v0n0.nic.insure.	172800	IN	AAAA	2a01:8840:1a:0:0:0:0:53
+v0n1.nic.insure.	172800	IN	A	65.22.25.53
+v0n1.nic.insure.	172800	IN	AAAA	2a01:8840:1b:0:0:0:0:53
+v0n2.nic.insure.	172800	IN	A	65.22.26.53
+v0n2.nic.insure.	172800	IN	AAAA	2a01:8840:1c:0:0:0:0:53
+v0n3.nic.insure.	172800	IN	A	161.232.12.53
+v0n3.nic.insure.	172800	IN	AAAA	2a01:8840:f6:0:0:0:0:53
+v2n0.nic.insure.	172800	IN	A	65.22.27.53
+v2n0.nic.insure.	172800	IN	AAAA	2a01:8840:1d:0:0:0:0:53
+v2n1.nic.insure.	172800	IN	A	161.232.13.53
+v2n1.nic.insure.	172800	IN	AAAA	2a01:8840:f7:0:0:0:0:53
+int.			172800	IN	NS	x.iana-servers.net.
+int.			172800	IN	NS	y.iana-servers.net.
+int.			172800	IN	NS	z.iana-servers.net.
+int.			172800	IN	NS	ns.uu.net.
+int.			172800	IN	NS	ns0.ja.net.
+int.			172800	IN	NS	sec2.authdns.ripe.net.
+int.			86400	IN	DS	27433 7 2 5864812D4DF2A4A455D905AF311389F479AFCD96FD369060941C7E170B40CA4F
+int.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . NH0+vK19IZiaOdpfxCN6pDJz9C1zaJR3zAACc9NwKDFnDhzHxHDJUaLyWLwgIapdTgELo/6U2hNzInALXxPR0B7bt1KRWXWAV/gzhT1D2n2NyapM224MtXM8Qb/syqnzwg4DtUQTtmaP2LcH+g+JmzvB0PlEG045jUpjK6ooZyteouj/MgExB55KjxKdZn0ovs8jl8aIrKP/vE6aCIzpWKVQBY0i9DutAQlKPovq6T46Kf5hKPkRkfqozgqoPo/nZqHsxvD/lUVGWTkkAxiRprwE3laWkwhUDRNgC17GyIrCBQEeVKa5E+AY85sPquIaE8pPyu/XScCIeQfqHhRtNg==
+int.			86400	IN	NSEC	international. NS DS RRSIG NSEC
+int.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . C/OSueQtpahzWUZtgiRsYNBfK2bK1yiBuuUW5wuz8b5VAld3f3hQg28BTbMftpAVsCthoHFtXQzFJq8WwVDxEUgC9EFv6ZEjXO3UbpNT0wjQNjwmxEHAmdPSUILQFLdVeDg5zZGtpkVd/5lbEo2cO7IxAsqivMi06xJFSQ5iQdXLB7A7bqiDf+r/Z/zyL7/bpUOm8DjHxRrMGWbA2hgMPHJQCOj2fxlIGZoeGn6gCLBc/lZRLdwHtwEXGgyHjEvF8vXTBF3VB7j1Qg/EwLwML1q1cY4yyAwHdmOASWEzJJ/dvr911UZiiYBboZeUB6LDhHOTjU9qrosixxi3faplGA==
+international.		172800	IN	NS	v0n0.nic.international.
+international.		172800	IN	NS	v0n1.nic.international.
+international.		172800	IN	NS	v0n2.nic.international.
+international.		172800	IN	NS	v0n3.nic.international.
+international.		172800	IN	NS	v2n0.nic.international.
+international.		172800	IN	NS	v2n1.nic.international.
+international.		86400	IN	DS	28987 8 2 947FD1DCD82105B572AFDC6F9BA5C8F17F6D3A755F2BE059CFC5C9044FA8BB10
+international.		86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . FPEYk4tJdakYTsbllgI9m1CM/0bjo9NfCFxBp1na6rvfXVEaZuiI30CVWKIr9rOVwCWCAcEPT68wz0nZiVkxn5vlDpdp6i3qZruPFtRbh7zurhU69xtxcpVq4kg8JctEo/8P8kijbOeM7gfTO2cyhaZ5NNyhsLZfjF5+3YHRiRNT+kGFnZhwvt2IuJns6zPHcUu5va8F73j/4AMr297dc/W+C9duvFwn2ywXMGMoxFiMA7U5KBIo4IHwMjMTmiZHF0aoYX+Cb0UFyXmkAIT3QRAi3be+zwTKbw7bsBp3xCujO5LSqjvUx64sPE5kYHQNtJFiq1v7a3ZWtX1Dn7BURQ==
+international.		86400	IN	NSEC	intuit. NS DS RRSIG NSEC
+international.		86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . klaUOqrJlSGLC4mvvXwY/qJkjHY4i7jHDlp7+zjLM5gNqKwO+9y3/M4Eq+m3qpt3LRwfbPde6njaACTS8xLshR2E87PyDbRej59fODR4MtRHi8Mk3JCKWN/WRNITr7cPFWTXphkcXM8Xqg28kKipl9gRPZxoSePNaRDMz1h7YciWedQ/adJH36cbtGyUeiLRDybJtPRXmhbJK4FoO2pWFobk+JcEtGyrtEZJaqRiMh3QfuUyWf256M6V2HmAFLcdsAkBPYtZfwxnLFF/RoO4DsBkSEQWYbLkSwZiXYdXUGWQHWd5S+nFtABepAwprnLXCE/uDj/nhciMm1eXtRy+Tw==
+v0n0.nic.international.	172800	IN	A	65.22.28.6
+v0n0.nic.international.	172800	IN	AAAA	2a01:8840:1e:0:0:0:0:6
+v0n1.nic.international.	172800	IN	A	65.22.29.6
+v0n1.nic.international.	172800	IN	AAAA	2a01:8840:1f:0:0:0:0:6
+v0n2.nic.international.	172800	IN	A	65.22.30.6
+v0n2.nic.international.	172800	IN	AAAA	2a01:8840:20:0:0:0:0:6
+v0n3.nic.international.	172800	IN	A	161.232.14.6
+v0n3.nic.international.	172800	IN	AAAA	2a01:8840:f8:0:0:0:0:6
+v2n0.nic.international.	172800	IN	A	65.22.31.6
+v2n0.nic.international.	172800	IN	AAAA	2a01:8840:21:0:0:0:0:6
+v2n1.nic.international.	172800	IN	A	161.232.15.6
+v2n1.nic.international.	172800	IN	AAAA	2a01:8840:f9:0:0:0:0:6
+intuit.			172800	IN	NS	a.nic.intuit.
+intuit.			172800	IN	NS	b.nic.intuit.
+intuit.			172800	IN	NS	c.nic.intuit.
+intuit.			172800	IN	NS	ns4.dns.nic.intuit.
+intuit.			172800	IN	NS	ns5.dns.nic.intuit.
+intuit.			172800	IN	NS	ns6.dns.nic.intuit.
+intuit.			86400	IN	DS	8869 8 2 1A86450877BF7CDCAB1715F9B5206A668FD7E21C9D10119F3CE7E6D004287A5D
+intuit.			86400	IN	DS	9856 8 2 D826E3ABF318055E6E502772D495AF5FE336D811E8B841F780114D28479D6F3B
+intuit.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . xSPv47HKGrBQXu/Me6wpdlqxtStCbOarBYpJH1auD0WbqXAnUDv7zDxL6+IqomdEmYUCz3S5JGz2TOwLIUpywt1g4uGJpDm/+TE71/nOeIi8tJmNDLSvCyRE84yRe9532/RaAT2oL4HaYxpDtU5iiabdcEJOgdc3eFYejfHO/1pFzwng4zlDbAlCzhJYX1dONmKJTwRC/XZS8D5QF37uPhVkh/NPlrnxm7U09wg1V/Kl+gauJd88P0r+yCyGzYJDHJbP6XyyfV2tKsyOeoGdXZRzBMGU2CJoN8N3YHgl1zYw7hP1lC5WoxkIqMsGx4K0KA4dOHosaINy3lvwjSVOKQ==
+intuit.			86400	IN	NSEC	investments. NS DS RRSIG NSEC
+intuit.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . os02b+d8VP+tydaQMRyiixxMTpeZqpNNpXqIatM9IliifhjD83DGldbxe3yY3o/3RKDyLGsWLYdkhVR5wiWb/KYccVH0LFxAnzwkvaNiirolXjxoNhOh8KY0NiFd51iYB254tAWFCWbCtxduY12Z44dlpt4HJsC8vkV9yOqLmZoAqV0cmhjpgnRDwgJ3tYkQ09oNbSinqKozV2vx7cBtLaKwzjudTbPG69SV28jMrXr+Bn4Ei3P2BEfVfBkQ3P66zMErrNZ+9DNIEtyuyqy4wyqulmnYXE/wxdolqIEnAwXMcGJNesn62bBj4ttSdcNawSWiLDHWz/uftpeG+poHSw==
+a.nic.intuit.		172800	IN	A	37.209.192.9
+a.nic.intuit.		172800	IN	AAAA	2001:dcd:1:0:0:0:0:9
+b.nic.intuit.		172800	IN	A	37.209.194.9
+b.nic.intuit.		172800	IN	AAAA	2001:dcd:2:0:0:0:0:9
+c.nic.intuit.		172800	IN	A	37.209.196.9
+c.nic.intuit.		172800	IN	AAAA	2001:dcd:3:0:0:0:0:9
+ns4.dns.nic.intuit.	172800	IN	A	156.154.156.82
+ns4.dns.nic.intuit.	172800	IN	AAAA	2610:a1:1074:0:0:0:0:52
+ns5.dns.nic.intuit.	172800	IN	A	156.154.157.82
+ns5.dns.nic.intuit.	172800	IN	AAAA	2610:a1:1075:0:0:0:0:52
+ns6.dns.nic.intuit.	172800	IN	A	156.154.158.82
+ns6.dns.nic.intuit.	172800	IN	AAAA	2610:a1:1076:0:0:0:0:52
+investments.		172800	IN	NS	v0n0.nic.investments.
+investments.		172800	IN	NS	v0n1.nic.investments.
+investments.		172800	IN	NS	v0n2.nic.investments.
+investments.		172800	IN	NS	v0n3.nic.investments.
+investments.		172800	IN	NS	v2n0.nic.investments.
+investments.		172800	IN	NS	v2n1.nic.investments.
+investments.		86400	IN	DS	56107 8 2 9A6DF7804A869EECCB7D1C03F4ACC62FEE9C130250CF3479BE1E9F3904A9E0DC
+investments.		86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . n3ADgbvTMztRFFSA+C5+qmvKo0OTdCR1BIR527FTkv/Ni6qjWecedW2DlnTewDGPTgMIFPJ8VhDEyelFdTP6ExTnUI5Y5Poi7WY5vu90y5to+E5CiPjq8NhQScYG+I/3m9xL75y/KhynUCN2an4W5QhSBd3dnPbzjBfkFf9beaBSN2BEQX1VvZrwwpv16tzWnZbTa7vufHVqa+TGBVqRb+8ATXP/t3mB7mEtBg0MDEbqXn3jg5lfXtepwCvL+UY4+OKjzj0Pprzukn+OSDRBL7U4MF7Ea7Poh46HR77oFxVIFx0hN0hSaSFPsag4NCpbnqSbG6H+ueygCgo9jbktKw==
+investments.		86400	IN	NSEC	io. NS DS RRSIG NSEC
+investments.		86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . LjrnAbE12xPGOAvAcHZgTltnDRepA2zKPI5G+cydHqiuwuly2VOPXQp9q6mQjCkrQdSIYPXnUXrm1L39rSYzHDeotuAGRa8LCPnza5hVGH9w4vt0Ly+oKkDBsTr/0YZGGYJM3BI3k9RJPzmO/kdUoTjqZVsri6wfl5l3skS90QHF5eWA23nVA4QX1iLWhMQxVF804RKYd7F44Qb7l+Q0GRZGS/B4dlv3n58v/e9nFJpDMZHkK1P3X8dxaciZSQZgslri/mktwswNO+yUUZF/WDcYFtoxcFynVn0dbj8FsjDivOdLV4agHng13Q6Z4WJp6oKWXhqawJyNSa/r3FXZhw==
+v0n0.nic.investments.	172800	IN	A	65.22.28.53
+v0n0.nic.investments.	172800	IN	AAAA	2a01:8840:1e:0:0:0:0:53
+v0n1.nic.investments.	172800	IN	A	65.22.29.53
+v0n1.nic.investments.	172800	IN	AAAA	2a01:8840:1f:0:0:0:0:53
+v0n2.nic.investments.	172800	IN	A	65.22.30.53
+v0n2.nic.investments.	172800	IN	AAAA	2a01:8840:20:0:0:0:0:53
+v0n3.nic.investments.	172800	IN	A	161.232.14.53
+v0n3.nic.investments.	172800	IN	AAAA	2a01:8840:f8:0:0:0:0:53
+v2n0.nic.investments.	172800	IN	A	65.22.31.53
+v2n0.nic.investments.	172800	IN	AAAA	2a01:8840:21:0:0:0:0:53
+v2n1.nic.investments.	172800	IN	A	161.232.15.53
+v2n1.nic.investments.	172800	IN	AAAA	2a01:8840:f9:0:0:0:0:53
+io.			172800	IN	NS	a0.nic.io.
+io.			172800	IN	NS	a2.nic.io.
+io.			172800	IN	NS	b0.nic.io.
+io.			172800	IN	NS	c0.nic.io.
+io.			86400	IN	DS	57355 8 2 95A57C3BAB7849DBCDDF7C72ADA71A88146B141110318CA5BE672057E865C3E2
+io.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . P6nKYhBWBb98Fxo+BbDmE+OYmQKAPqjUoRo9oiIjl7LGZqtCa8NSDRYkRcEdpLJTUCTlkOWua2PUEqRNFusvnYCjtl35v1z5dghurozeE4iUpvpQbKtuHyxnLwDrJiDcrYbLPwsptdBVtN9fQlhILuof1HLgley7MdYLZsEhq9vvrOtpVpPWPD1WolQr9TMFBnOapLYkwjV1HRgool8cSRfMzdCEOwdFg2nuFJrhkmYAdALJzn3Rb1r1B7vN/mID04iTJOeKuQBpJebmKzoW2OHkK0GDmi4i8bEwTWMIex5HbXj157Iz/91uutQMPKlYTVktG1zl+UqMbVZS/hmx5w==
+io.			86400	IN	NSEC	ipiranga. NS DS RRSIG NSEC
+io.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . FDWGpvJBh3zSqAuk2fWau/h+9YFnVXcnbl79O04sdxSVtqdTXIpO9yox5NEDltwGzuMpeSZVN/wEREj0WdBxqzlw2nWxEl7eRSXOtkAsJQPrLZfp48HHtpXACUszIl/rnQDTfcPA4m+W+TvmD3lkBBgSN9AbppE2wD6+AuBXV9ooyssIZYEzQPXWDQi5JxbUKui9RaVeLZyeFn2FNRMeigooOTWhPD8pCIwn02Wb7TXK+cepw3g7bRQftYV+6J0zAfTKNBqB0c1NX6qpKg/JCzPrgsL/4nwp0ZnAmCviKTDYKN6OHO8CK0mPTN1l9OgBmPCVdoju7lQDJ8KhRnnayA==
+a0.nic.io.		172800	IN	A	65.22.160.17
+a0.nic.io.		172800	IN	AAAA	2a01:8840:9e:0:0:0:0:17
+a2.nic.io.		172800	IN	A	65.22.163.17
+a2.nic.io.		172800	IN	AAAA	2a01:8840:a1:0:0:0:0:17
+b0.nic.io.		172800	IN	A	65.22.161.17
+b0.nic.io.		172800	IN	AAAA	2a01:8840:9f:0:0:0:0:17
+c0.nic.io.		172800	IN	A	65.22.162.17
+c0.nic.io.		172800	IN	AAAA	2a01:8840:a0:0:0:0:0:17
+ipiranga.		172800	IN	NS	a.nic.ipiranga.
+ipiranga.		172800	IN	NS	b.nic.ipiranga.
+ipiranga.		172800	IN	NS	c.nic.ipiranga.
+ipiranga.		172800	IN	NS	ns4.dns.nic.ipiranga.
+ipiranga.		172800	IN	NS	ns5.dns.nic.ipiranga.
+ipiranga.		172800	IN	NS	ns6.dns.nic.ipiranga.
+ipiranga.		86400	IN	DS	15469 8 2 07072C5F3D4A042E6E13050CA502DBBB6CFDFC20EC03C2407562BCC5E23FAA32
+ipiranga.		86400	IN	DS	64375 8 2 ACF8A18748A01A0DFEEA2A9078C2CA53721C508831B9C151DB77AE4342065538
+ipiranga.		86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . ceh3J6OXuYNa8pjG7X5uZy//PxUM7NMsAJmEmhWDFMlO6QGWAKrHDXxmo7Q3DPrq+C5+mUMHzvrJJDQUzJ1MqixNXfhhfrAtl8AQeT1RGgDpbw9cREjDfPGb2KaffRkPfA3sUBQT2sOvKAOYU2elYZnPK5A7+YWFL1W0dNQpID6VVBUJB6LLW+rW+xPxlOC0EYQVBg36FjO6EdoZ89dPduvqC3uMAklH/ja5Z7QCtueWof9e4hg616OCdd0Ioqf3LcinHZ0xqXiKGLDR6Xj9OpXS5CC7bW05BbqxTYRlj5CsdD5QCA2/twmY7j4tBESHu19G/kvkiEJFlIl1MZsdEg==
+ipiranga.		86400	IN	NSEC	iq. NS DS RRSIG NSEC
+ipiranga.		86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . e5nJlfvnzviuB7W1e2uv3AOgoJO5imsF0gGO9a+OzQReNO5qUu11WN2YxmX6MWgNDw0ZTY9rK6VftQ49tOz/oD5zl18mvgRGv2MxPLLLsUIx3xUTkvYYox53Uxiiyy9DRyBPtbC15xuqd2aGngwfDqs3oInSJUdT+BQ/WyMeY7fSuSfoEbliKpe7nIYFIyWeldBg/X9ZEOI8vFVE/Fjuza1LOMm5XmJx0QofH71b4wGtcH5WrgFadHQlt8OLU0JssgUJUOT9Yl11lJqa0X33bxsFvFFGAEJjN4BnVKouTQPCIvvky1OH9g1ngQ5VusG15+TE1YEtXo0+544j3BjjyA==
+a.nic.ipiranga.		172800	IN	A	37.209.192.9
+a.nic.ipiranga.		172800	IN	AAAA	2001:dcd:1:0:0:0:0:9
+b.nic.ipiranga.		172800	IN	A	37.209.194.9
+b.nic.ipiranga.		172800	IN	AAAA	2001:dcd:2:0:0:0:0:9
+c.nic.ipiranga.		172800	IN	A	37.209.196.9
+c.nic.ipiranga.		172800	IN	AAAA	2001:dcd:3:0:0:0:0:9
+ns4.dns.nic.ipiranga.	172800	IN	A	156.154.156.83
+ns4.dns.nic.ipiranga.	172800	IN	AAAA	2610:a1:1074:0:0:0:0:53
+ns5.dns.nic.ipiranga.	172800	IN	A	156.154.157.83
+ns5.dns.nic.ipiranga.	172800	IN	AAAA	2610:a1:1075:0:0:0:0:53
+ns6.dns.nic.ipiranga.	172800	IN	A	156.154.158.83
+ns6.dns.nic.ipiranga.	172800	IN	AAAA	2610:a1:1076:0:0:0:0:53
+iq.			172800	IN	NS	iq.cctld.authdns.ripe.net.
+iq.			172800	IN	NS	ns1.cmc.iq.
+iq.			172800	IN	NS	nsp-anycast.cmc.iq.
+iq.			86400	IN	NSEC	ir. NS RRSIG NSEC
+iq.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . wMnhWloqNcjMBtkxK5uyNxkHbSQ994GbyVRvXuSgNQr9wbDSzpCg6QrhhwJiLl/2gZbIzBow6AK4SmJ+MEBaVTxvwnjSnhh5T59rAnq0pvu19U/44tqImBbSKaCYaArP1wFrUzSDKerKMnXDQmeCl1jVEMTnsMDPb7d0tbMNitHPwVUqUtgbG9Ar55OfXkCE4xhpBtojNTh700ORZQcmmTP7kMzOcH2LorVDCNbyyIjiC4TvisSV3DpyUaO73AmXB5A72iRtAnSM07fGiUaLoaItwpA23dQzzPNISounVfusKVnZd5Kv/X/mDZ6H3SMqYW5AAlu7MR3sWZ2hteuyPQ==
+dyn1.cmc.iq.		172800	IN	A	199.19.5.8
+dyn1.cmc.iq.		172800	IN	AAAA	2001:500:92:0:0:0:0:8
+dyn2.cmc.iq.		172800	IN	A	199.19.6.8
+dyn2.cmc.iq.		172800	IN	AAAA	2001:500:96:0:0:0:0:8
+ns1.cmc.iq.		172800	IN	A	194.117.57.100
+nsp-anycast.cmc.iq.	172800	IN	A	194.117.58.42
+nsp-anycast.cmc.iq.	172800	IN	AAAA	2001:500:14:8001:ad:0:0:42
+ir.			172800	IN	NS	a.nic.ir.
+ir.			172800	IN	NS	b.nic.ir.
+ir.			172800	IN	NS	c.nic.ir.
+ir.			172800	IN	NS	d.nic.ir.
+ir.			86400	IN	DS	47300 13 2 7AB287956A55ABD60DC8697C2049738FD5EEAB6F2070152B015D59929521DADA
+ir.			86400	IN	DS	47300 13 4 FE3A9BFD3AED31CBD1E2F6B45C88D81B5CCA68CDC9D46080C1C4AFBD491AE3A9F6DFBFC4320111144C375D648AE3CDF6
+ir.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . nUIIbw5v3et5Cf+2ayinuDCzZNq2v7giF5FS6ZIOgLZrm8mCzKlBL420AacWDPicisUQF5pmwhCkrhFrSqwcHX+GiryCMdparoeEWTMV64KRycT7oAEF4MHxcQNsFn7vCdA2B3aqP9Gf2uniVbM0NunsjMUKYymsQWt56wlbbZUA3bNSwwzP01jj+zA7E1ho+45Q21BiFePHjzJXjuInK4wI1dOspQQkm9I8+vt9s/ul5sRwzCXKi73zwB7q5ShycqiRXsUmGGal9betNIvgFEn829d5S/YqVQz46GUyKTZ1/Xh9gc/0JjlTfoJTYQeH8FXNAUvu7DDIVxPtBxBbrQ==
+ir.			86400	IN	NSEC	irish. NS DS RRSIG NSEC
+ir.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . Y0ViEJiVi0oV7EwLyrCuvkgP/guHOxKR5FjpJI3i55+LdkL8nCBp9e61jD3XIrg+PSuEtqTDlghEPZgTFcoJT/MM2rFCZj4hykQ5wFmAenKMyM8qJl8/H5VVURpMdGqyxEFWpCOuO/kyt+DwyY/F+jd66CCP5pwoL5i3+AmhgeNhYpH9w/hyWfvR+FTiu2IyzbROrzVgKruvTNGbxwCX5nnjbeA+eLqQ9tvo6rmd8LNC+a6AkZfGEk/5YEz3568aw8oYpVw+iDcPdKP7W8snUC6/tANNdKTzIt7OqDatfEIwqFUvJkbcYFs4TJwEAnLKLQdaBvCyIkRGBK5EZw1XHg==
+a.nic.ir.		172800	IN	A	193.189.123.2
+a.nic.ir.		172800	IN	AAAA	2001:678:b0:0:193:189:123:2
+b.nic.ir.		172800	IN	A	193.189.122.83
+b.nic.ir.		172800	IN	AAAA	2001:678:b1:0:193:189:122:83
+c.nic.ir.		172800	IN	A	141.95.65.136
+c.nic.ir.		172800	IN	AAAA	2001:41d0:700:5d88:0:0:0:0
+d.nic.ir.		172800	IN	A	194.225.70.83
+d.nic.ir.		172800	IN	AAAA	2001:14e8:c:0:194:225:70:83
+irish.			172800	IN	NS	v0n0.nic.irish.
+irish.			172800	IN	NS	v0n1.nic.irish.
+irish.			172800	IN	NS	v0n2.nic.irish.
+irish.			172800	IN	NS	v0n3.nic.irish.
+irish.			172800	IN	NS	v2n0.nic.irish.
+irish.			172800	IN	NS	v2n1.nic.irish.
+irish.			86400	IN	DS	18289 8 2 E438257880733AD6E7EBD5E4721F73470C93C55D57798E19DEC38B9B1FE56813
+irish.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . ZhUodTWUUfqpj4VND0WEUVEHZvWf/PhBAFqDTdO/yWfeFrkyb6jfJT2UZ54JCGKjdt+ntuamb7GMrq0xKCJJ+eZCilNTpUOzmEIT2/Cu4I5JO+MS6u2ZEA55+hhJCmvwB557154M5fd/e8hTbjFUsqIn/wDano4Gi6fuCOMhj96aWcAYCmafBQDAVCAEOeFwaE+RgZvZMSrK/c1ocb7FdCIVZaOvsHPdNB5x4m5M4J3Bmd1KAFxoSJlOeo+B+iMO3E5ziqH0ys0D04VCor80oK+RTn9g6YhaUCoIZQExywpr8HK/tOUbAnGr584+I40yS3ca2oeldWrv5xYjh/Lp9Q==
+irish.			86400	IN	NSEC	is. NS DS RRSIG NSEC
+irish.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . DMjoug/tcGDa68I2bv/uSEiJGWWzKDBEvrTRub9/AYu75OlAaV+WVHI+lcFytsxJFmLuHRirPdJkBGU9stxacetE43HQfadOft2U+6moAEJwzSRVLwm22i8GlIH+BXSZ6eDQrqOzcY1UTFiTDz9jJliLUxbqyagq1QRVL/rcAADd69kUGQoWq9zcRCfbSBACq7y7jh3+4OwrwuTZiB1SrrQ5g27M+wrnje5shFOUdycYBG2RgiPndK7RQiA41D29OQ8vTx155J472u7haquAq6vCaHyAN3LaWNILFf45Viqmc/IH5L+5hFrmk9AfbIou9hqmZDDzN+S9qsAhjjqkIQ==
+v0n0.nic.irish.		172800	IN	A	65.22.32.27
+v0n0.nic.irish.		172800	IN	AAAA	2a01:8840:22:0:0:0:0:27
+v0n1.nic.irish.		172800	IN	A	65.22.33.27
+v0n1.nic.irish.		172800	IN	AAAA	2a01:8840:23:0:0:0:0:27
+v0n2.nic.irish.		172800	IN	A	65.22.34.27
+v0n2.nic.irish.		172800	IN	AAAA	2a01:8840:24:0:0:0:0:27
+v0n3.nic.irish.		172800	IN	A	161.232.16.27
+v0n3.nic.irish.		172800	IN	AAAA	2a01:8840:fa:0:0:0:0:27
+v2n0.nic.irish.		172800	IN	A	65.22.35.27
+v2n0.nic.irish.		172800	IN	AAAA	2a01:8840:25:0:0:0:0:27
+v2n1.nic.irish.		172800	IN	A	161.232.17.27
+v2n1.nic.irish.		172800	IN	AAAA	2a01:8840:fb:0:0:0:0:27
+is.			172800	IN	NS	bes.isnic.is.
+is.			172800	IN	NS	sab.isnic.is.
+is.			172800	IN	NS	set.isnic.is.
+is.			172800	IN	NS	sunic.sunet.se.
+is.			172800	IN	NS	durinn.rhnet.is.
+is.			172800	IN	NS	ht-tldsecondary01.isnic.is.
+is.			172800	IN	NS	tg-tldsecondary01.isnic.is.
+is.			86400	IN	DS	50437 8 2 9F52F1F92F1559E26DFDD71DAD54DB41ACDD80F0150D974B08CAF910D45E8B6E
+is.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . Tmo+o8SrwD6LHxk2r0t78F1sU+8AXppcCqlhnN3o+gQHMvEB/U4IWRr0Lo+dXSR4zohdLbYYbvRPUjjDDiJUbjwiGw5sCY/37WBkLrR3ZTYr59OPVWHPgHPKl15R/sek7fdk2TI73qH/MqliAJO/PnnlERM/uafqYAJwpjuhWwcEtxjgTDyJV2uL103tiWdoIClHsR6P9NiZYJzn/ZSiI25gKNHtYNZVmPNy2W23Foj5G07ZMT1Z8Ky4kIdZM4NLTbtQbFMJnbCrmB6MoncyZo5ls6oXSAJhgBTgzpHxDkvcBdE6MayTZHCJVWV5+d+CnX2ixi+v3vXlBNVsnbGHXA==
+is.			86400	IN	NSEC	ismaili. NS DS RRSIG NSEC
+is.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . VC8+PaC9hk3gG1wT2RlfMkrMYXtyMNxAn2ynaC/6qR/U6wqxTDWlGHC8LdM4mUDyqvVp8OKuZb7mxNHhHG1yZ51I2TR9r0hcPfh+B9LNKZ2a3PdMmTmEuzbayaEiuiAaoWU/AU7k8zP4dGH3bfz8LVD6Xcl+hWWTTkdTNCTpbtjybSJuwlzH9b2ZtD86eMknay1OKrOs1utGoZVH77XXsmo+m17EjILDvCMKgtBqz/MD94uTyM8JGOEsCDPjqmY5g7ZmTK1Q9j4yWGfUwOCfvN031A0rzKO3WAnhKPeGEtybMb8Sdlp19MswI79LfoEIFoZK8ly7ES8MlRqt2gFvNw==
+bes.isnic.is.		172800	IN	A	204.61.216.116
+bes.isnic.is.		172800	IN	AAAA	2001:500:14:6116:ad:0:0:1
+ht-tldsecondary01.isnic.is.	172800	IN	A	185.93.156.10
+ht-tldsecondary01.isnic.is.	172800	IN	AAAA	2001:67c:6c:56:0:0:0:10
+sab.isnic.is.		172800	IN	A	194.146.106.58
+sab.isnic.is.		172800	IN	AAAA	2001:67c:1010:14:0:0:0:53
+set.isnic.is.		172800	IN	A	194.0.25.41
+set.isnic.is.		172800	IN	AAAA	2001:678:20:0:0:0:0:41
+tg-tldsecondary01.isnic.is.	172800	IN	A	185.93.156.154
+tg-tldsecondary01.isnic.is.	172800	IN	AAAA	2001:67c:6c:f056:0:0:0:154
+durinn.rhnet.is.	172800	IN	A	130.208.16.20
+durinn.rhnet.is.	172800	IN	AAAA	2a00:c88:10:16:0:0:0:20
+ismaili.		172800	IN	NS	a0.nic.ismaili.
+ismaili.		172800	IN	NS	a2.nic.ismaili.
+ismaili.		172800	IN	NS	b0.nic.ismaili.
+ismaili.		172800	IN	NS	c0.nic.ismaili.
+ismaili.		86400	IN	DS	50875 8 2 99F076F1405B88AEC44062CD7B8E9BF55D82130E00F55C92F6BA79F944980DA8
+ismaili.		86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . DXeX58hULWFjtByjVQWdeyhp190hs5wUC0BCXfeLYxRMfYVbqHfKWK7FJneFjsG6zHTbxaW7yFI/G9wPNzPM61WTBgkBaduyL/u/0xEy4IRJnio+PjBOgH5sES2dxzq2QRwR9w1iDYn6M8ahcZuUrbRPz7Uco+E2C1/lMrPLJzCQHRVvqzFYgjJBKcN2GjDdhIE4rE3KkGOMRZs+EU+mGaCkdMPdQi9ve7e2J9sdfoC5tbZk7UxuIkgey3xrb1jrKpncTTYPnlcuJMjZsU0NDFqisFKxbFV49ccUxcKT04a9/LgYll0IrrbNaMPMGLcGhXqAPQhRAwPoXGBmEgJ+iQ==
+ismaili.		86400	IN	NSEC	ist. NS DS RRSIG NSEC
+ismaili.		86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . FwnAeFEsKIRxGbRI/W+L60mFS1geq0g9EryOS2CvPhIwVaKWhM7KgvRvaQlfI1hREaTUnMo9jl0OB2fyvJqZaVehqbdEFzjt90ud7QMmvp2myZoSsbZKIr3LBiCyoBrDJLwK9r/HvjjNLlrcZI5ofi+19RPy+UVsohmijlnW1ru5T00YKboQFTUbxMkXIT/hD7rIsS9+ggFeIoiTsq2aDwhCze7fYuVkiRcHTRfjqTGrksJwjQLhGbi7Te8W0h/w4aLYIH34EziFftMkb0Bc19qLk0JsOX6FxVVSvlbe++rSBfcjAjnfCJvzIycWQyutdDQfMw0HS7evux98q/mC2w==
+a0.nic.ismaili.		172800	IN	A	65.22.44.25
+a0.nic.ismaili.		172800	IN	AAAA	2a01:8840:2a:0:0:0:0:25
+a2.nic.ismaili.		172800	IN	A	65.22.47.25
+a2.nic.ismaili.		172800	IN	AAAA	2a01:8840:2d:0:0:0:0:25
+b0.nic.ismaili.		172800	IN	A	65.22.45.25
+b0.nic.ismaili.		172800	IN	AAAA	2a01:8840:2b:0:0:0:0:25
+c0.nic.ismaili.		172800	IN	A	65.22.46.25
+c0.nic.ismaili.		172800	IN	AAAA	2a01:8840:2c:0:0:0:0:25
+ist.			172800	IN	NS	a0.nic.ist.
+ist.			172800	IN	NS	a2.nic.ist.
+ist.			172800	IN	NS	b0.nic.ist.
+ist.			172800	IN	NS	c0.nic.ist.
+ist.			86400	IN	DS	2221 8 2 7F26778AFF98DAD019476832C62CE0399F247BA6F4F8E10BF26B8C80DB6E30D9
+ist.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . AaEbcW+VtGZOFKJzkcp44ucRJkqRXxzSKy9Eu6Kt8jEc+y5MfY4DI38LFdlUmec1wCh0omURROoWkwjvWIHzptru01aYtAhuMlKYMjedzqVHLSFkIBk7sb+pN85vwzs/yOvxmb9TQeALyrvVGZSMqTKPGZkxcnSOZOMyKPFhc2Gwpbg5i4Yl4liCNXwtbY7Ax8xjbRvrOknnJHzA0Hcdb6rE1rhJ1ro/A3rzeN15pKAjlGA6WZbeGBohXb+FLwhq0GkgH6ZzR5CTJDxrCmgqkxjYNTTFpHASnK0D33w96eTkg4zCyv7y5hXM3H3WhX5DOdgmRWyHsNYZe0OJfHvChw==
+ist.			86400	IN	NSEC	istanbul. NS DS RRSIG NSEC
+ist.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . sSysh3ZW6GV2160hhADNR/JLZ1zWiYOFBi+XAVJqwX9aNaB7dKNHltGVpts7zpPbjl0jooTrJqc4uypla4JPMjtWQ8RoO2+xCbTRXrh7yOu2BoPkoqv7AFmYtSvwKzmdBPIvzTbfqVaDrd92l4cF58FyeBvOsji5fkdLTm4lM/iJ+xu7qPYUWsgXl6+PptUv1HDfYbehujQccv2ZO2gciCHjFcabd6yjcbKuNCMdWMb3FlFyBhoXpvfICpMK7TR/kkU2E+9zCbvTl7rZOEtyKL1FWv/qj00C5rD9ne2NkKNKH0B4Ft0Zer+8azJjo1SspBytg0aHXPekdMfS9FAg/w==
+a0.nic.ist.		172800	IN	A	65.22.144.1
+a0.nic.ist.		172800	IN	AAAA	2a01:8840:8e:0:0:0:0:1
+a2.nic.ist.		172800	IN	A	65.22.147.1
+a2.nic.ist.		172800	IN	AAAA	2a01:8840:91:0:0:0:0:1
+b0.nic.ist.		172800	IN	A	65.22.145.1
+b0.nic.ist.		172800	IN	AAAA	2a01:8840:8f:0:0:0:0:1
+c0.nic.ist.		172800	IN	A	65.22.146.1
+c0.nic.ist.		172800	IN	AAAA	2a01:8840:90:0:0:0:0:1
+istanbul.		172800	IN	NS	a0.nic.istanbul.
+istanbul.		172800	IN	NS	a2.nic.istanbul.
+istanbul.		172800	IN	NS	b0.nic.istanbul.
+istanbul.		172800	IN	NS	c0.nic.istanbul.
+istanbul.		86400	IN	DS	61630 8 2 3EBB91801CF0D1A67A84B4F1E265B248A3E3B0459C30D3631955E98A31A430D8
+istanbul.		86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . yPWrBzotHHRFnDb8mVL60DO/GktOEeHMu0PTYs1Top9ZikAM/QHH2T2a4Ah7aCslCLffIfNqxq0WuMVeDLP4qHGpg/mzThBgKgaH8hdJ+j8kImeUARwIQbyXbW5k34yRBBvrpYhIbjLaq3IlcHjDifXYNTLDl3RXiU9IQHNxzsyCNJOh51s6BWGm0YF7tntnfoZVTy0KAGS5u0QO+2jQUJvbl2RjgyZ32AQHdfli1FIW+EZSWZbQiL3F2Bv44ievLI+eM1GGOTnRU9Hqa7NSLTvXi9E12XFB+KmQDQgPI4rHWd+kEMbs/db1p2zIB5FIZ5YO6D7zsvBiyTUwkyos2w==
+istanbul.		86400	IN	NSEC	it. NS DS RRSIG NSEC
+istanbul.		86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . SzDOkdbyhxaQf4CAYLNakcnms66S8uYh7mCF9+N5p6SbxCmftiHxDn/Y8c6xOh9XR2uXFHd6M8U112XzKB7z51qkeWVj0utBlvFPjmRfQ3RALLZKYWR4IJvcmOobllaDRS6R0U6Y8G6uOlx8lIrfxX8Cl+zEb19cYNU1k+MPUoEsQO323pbHFMyV/aW9Ef1EerqbpBXoPxYF/alY1+xz6QXEa2pOwB8yREHILFAYSHjjyae22/nYf0CKNY2vqXJ+i1/qUrtJbjvX4xTqJuofMR6pQHQAzyF0GY2iOAed18QWNCe3ocj61mT3IvGdikMd8K3GLJ/t7ZSOImpAZVZK6g==
+a0.nic.istanbul.	172800	IN	A	65.22.144.9
+a0.nic.istanbul.	172800	IN	AAAA	2a01:8840:8e:0:0:0:0:9
+a2.nic.istanbul.	172800	IN	A	65.22.147.9
+a2.nic.istanbul.	172800	IN	AAAA	2a01:8840:91:0:0:0:0:9
+b0.nic.istanbul.	172800	IN	A	65.22.145.9
+b0.nic.istanbul.	172800	IN	AAAA	2a01:8840:8f:0:0:0:0:9
+c0.nic.istanbul.	172800	IN	A	65.22.146.9
+c0.nic.istanbul.	172800	IN	AAAA	2a01:8840:90:0:0:0:0:9
+it.			172800	IN	NS	a.dns.it.
+it.			172800	IN	NS	d.dns.it.
+it.			172800	IN	NS	m.dns.it.
+it.			172800	IN	NS	r.dns.it.
+it.			172800	IN	NS	dns.nic.it.
+it.			172800	IN	NS	nameserver.cnr.it.
+it.			86400	IN	DS	41901 10 2 47F7F7BA21E48591F6172EED13E35B66B93AD9F2880FC9BADA64F68CE28EBB90
+it.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . mRDJMq4kPplSPJBI/kDEn3VGViti9C7ncNXmo28DYGKO254mT2QVDdHykfypPg2HlvSeVOMwogC6QnjlX3Shz9NBzuKtArh+zBSnHiskJkZXQw3owxpcnsO3WVDdndEY4+Hwhvx7HpcE3SRRo6WLRNpeDkrFfATLW/YD6IA09/MoHlzrutPdyUE2LGhEv5ILDbcdRYW/gbtOtcCMZF5DVfaO6G4No9HTVDXe7Q7p6Q/8thwTaBcRpla52t6I/9IJ0LAxUbiMMP0d8sYKNpyy7Q71Ok3CGyQA+uomMC3WDHtUaOMHYfI6fJ3z9q78j1qGIln1guCBe0fpXQNS+4PWRA==
+it.			86400	IN	NSEC	itau. NS DS RRSIG NSEC
+it.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . utWKYndf5RKzMhpTAYes8O/bx+23jTWU7nQLaBowAOYCEijPpeltT7fAKV76k4W/PvbBgS9CdoqSAOsWZYNpSB8vcXQ0U7wWubTBNt94meMtv3j6g3eXBjluDa046ug9X6BcBQHcWr8XSOppSvAbMT7UHKTLLGrDZAhhoL99mzYu0E3/7jgXA/34G414UD3qMJD1stEnGfRdmIvXLZySFgFw6/jIWak3q2hkZ+TK/p0NIa7s7YsXk0GMahCeArbWs6sZFjL9ic6Qr4j+3SMi3c4DQrjaafyc1zWch67kaJpc9WrBcibwNWD+8Dn1ljuSFcpTpAAnUz5HsG64tAxaAA==
+nameserver.cnr.it.	172800	IN	A	194.119.192.34
+nameserver.cnr.it.	172800	IN	AAAA	2a00:1620:c0:220:194:119:192:34
+a.dns.it.		172800	IN	A	194.0.16.215
+a.dns.it.		172800	IN	AAAA	2001:678:12:0:194:0:16:215
+d.dns.it.		172800	IN	A	45.142.220.39
+d.dns.it.		172800	IN	AAAA	2a0e:dbc0:0:0:0:0:0:39
+m.dns.it.		172800	IN	A	217.29.76.4
+m.dns.it.		172800	IN	AAAA	2001:1ac0:0:200:0:a5d1:6004:2
+r.dns.it.		172800	IN	A	193.206.141.46
+r.dns.it.		172800	IN	AAAA	2001:760:ffff:ffff:0:0:0:ca
+osiris.namex.it.	172800	IN	A	193.201.40.6
+osiris.namex.it.	172800	IN	AAAA	2001:7f8:10:f00a:0:0:0:6
+seth.namex.it.		172800	IN	A	193.201.40.7
+seth.namex.it.		172800	IN	AAAA	2001:7f8:10:f00a:0:0:0:7
+dns.nic.it.		172800	IN	A	192.12.192.5
+dns.nic.it.		172800	IN	AAAA	2a00:d40:1:1:0:0:0:5
+itau.			172800	IN	NS	a.nic.itau.
+itau.			172800	IN	NS	b.nic.itau.
+itau.			172800	IN	NS	c.nic.itau.
+itau.			172800	IN	NS	ns4.dns.nic.itau.
+itau.			172800	IN	NS	ns5.dns.nic.itau.
+itau.			172800	IN	NS	ns6.dns.nic.itau.
+itau.			86400	IN	DS	20974 8 2 255E44D9C42D417AE07B1B92F8BBD5C856F1347B87948B58DC245DCD58FD59B4
+itau.			86400	IN	DS	32626 8 2 4ABE223F5AD4BDBD1C42DE183C76722AFEDA52267F4166F23483204AD0CE4AFB
+itau.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . aD5nIojxSO0RY9L8eByuG9Dj77UV+xdlWoQyR5awq7OqBeBmitYadPpe8pHHLVz9IhiaJ1qyiYJ7TeXhWt7gNpiie7WsKrHffZfobHkzqlyHiSNIqkVUrzrhfUdkmzCm9zBXyVI3Z2RznHaodMulQc+OCSvRhXCM/0kr1A0kvQH27rVLwzpMMM4cviJSDWgvtJce1SC0qA+9la73Tmpxt02JGgnZ/e5pgXHQfR8SunjFintfdwao3+jjC1eU90apVKOoU3qcIuiB1ndldYnXaOuU0Y6uaoZ1JNUeOIA77jZ41LrBp7UmSIzcNAWuVHwFNAdVZtrYjPuC1CVDoRpQDw==
+itau.			86400	IN	NSEC	itv. NS DS RRSIG NSEC
+itau.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . vgmG30YtOrIsZO2jZuXJwGMomPXfm9obhxTVo53DJ4B1WgH4PD50R2pFWgj0TwN0C1QXyNSxKrlQn7PP0IGxi+q2rxXMPzXGxc6SGW2OmmtKDxpKp8Sj0zwTRP+UpClPtLk2bX0DxOykZc5ohSgyGB/xdeT1ngtERU7atIrLZ3/XCtqVAqvc4DIoB2Meig38ow75Rh6CnZ6CJtBCvJ3gnKhNUo0Idx2qgIxbluawLH4JEOGZu5a67qPRZMdihQW6HDJu0mMr1Q+Aypuv1s8zk3iABEoVHEYdhr6tzuaogg8EBh2aY8xjEeCBBdtS63TZ/26jlZYSiptoOhucRR8LPg==
+a.nic.itau.		172800	IN	A	37.209.192.9
+a.nic.itau.		172800	IN	AAAA	2001:dcd:1:0:0:0:0:9
+b.nic.itau.		172800	IN	A	37.209.194.9
+b.nic.itau.		172800	IN	AAAA	2001:dcd:2:0:0:0:0:9
+c.nic.itau.		172800	IN	A	37.209.196.9
+c.nic.itau.		172800	IN	AAAA	2001:dcd:3:0:0:0:0:9
+ns4.dns.nic.itau.	172800	IN	A	156.154.156.84
+ns4.dns.nic.itau.	172800	IN	AAAA	2610:a1:1074:0:0:0:0:54
+ns5.dns.nic.itau.	172800	IN	A	156.154.157.84
+ns5.dns.nic.itau.	172800	IN	AAAA	2610:a1:1075:0:0:0:0:54
+ns6.dns.nic.itau.	172800	IN	A	156.154.158.84
+ns6.dns.nic.itau.	172800	IN	AAAA	2610:a1:1076:0:0:0:0:54
+itv.			172800	IN	NS	a0.nic.itv.
+itv.			172800	IN	NS	a2.nic.itv.
+itv.			172800	IN	NS	b0.nic.itv.
+itv.			172800	IN	NS	c0.nic.itv.
+itv.			86400	IN	DS	47554 8 2 B40BD9C46F4EA1A9A496C57C37A91938AF59778971851D7D91C54DC203649C13
+itv.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . kiXe8dPLJp5v0WWiFCLu8NaSnnvHNj21gsQjYN2Z6lWjpLX3ddubdSWxEqchnjoTGJ2ghIl57KEpPeJXzX4V2wYMztctDZtTrHpbY+Sdy9bVeU90sisSh11EpLdLJzcJdlDBCr8l/7EFEnq8ARq+CNQK3QxQJT0G3CK7RsQsy29GC7KbmrP/hNyUIh+2j+6H2DQtc3n1njlmGPMhuscTDtcRMXfrcwyVtzoIU34gDBKFcnAtdWadVRcqryA4vDV+fkw+Jt4FKECrIk8twD9sierAJoIMzbKxwN9YECofzXD5mkTvjYd7ML701fdekHDidCzfi9rU8MGDadpojaLPUA==
+itv.			86400	IN	NSEC	jaguar. NS DS RRSIG NSEC
+itv.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . N5yhvSNHuNSEZ+7RMA0XeBXMdZfvqXH4tjY9mQpRNesuYU8vf+lzp03WeRAGZMEEbq13EUvz8Qq12wT9t5d2+F+sXY5xoCq/DWjRGbhhpXz9d/6bNekFv7c2DQjo80jcRe9EUPOENPrHHe2iL9ehLqn0nOr0yQm/ZcY9ApcdX3O4rYW+lXhkxthh9qJKa3j4AtWnN1h/KhmVtCtMZErwcnw17P1vz/tcmJuSmNGRjB1yfqKyFVEq+A8ZW9MZICRthWN6JYb8n2jbJm2GumsGtoJPOUxlSXCB/i0Rz6z1ePzL73vBHv3Q/ue0eShtaZJSPotshURY2UUSSpzKr03xEA==
+a0.nic.itv.		172800	IN	A	65.22.88.25
+a0.nic.itv.		172800	IN	AAAA	2a01:8840:56:0:0:0:0:25
+a2.nic.itv.		172800	IN	A	65.22.91.25
+a2.nic.itv.		172800	IN	AAAA	2a01:8840:59:0:0:0:0:25
+b0.nic.itv.		172800	IN	A	65.22.89.25
+b0.nic.itv.		172800	IN	AAAA	2a01:8840:57:0:0:0:0:25
+c0.nic.itv.		172800	IN	A	65.22.90.25
+c0.nic.itv.		172800	IN	AAAA	2a01:8840:58:0:0:0:0:25
+jaguar.			172800	IN	NS	a0.nic.jaguar.
+jaguar.			172800	IN	NS	a2.nic.jaguar.
+jaguar.			172800	IN	NS	b0.nic.jaguar.
+jaguar.			172800	IN	NS	c0.nic.jaguar.
+jaguar.			86400	IN	DS	15829 8 2 D4BB4FD9F95EFA2BF1781B7A0C17388B42520CAB5F8C805E7DCA3105F33CD881
+jaguar.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . k/irjrsc8uwiCcT/YeCwnij+SmwiwW05BZh9Gm3qvYwPj7uwL47GszfAdJYNPCjjlSQUZv7jK0gpKl3GwOZDCMH0eG6Gw86XiRGOkLuTG0M5tfEobBEzHOD5VNz+VBCJh+4gS9eisBCenT4kGyhSoANoz3XxUSCkfUwQNZzA8CEg2Lb/mqmLD85JKz9ASDlGd2EDxkpdblSBjJmGaCFB5et+5XTEvW70gw3+QeaGIiwE7idtc5EN/UzT3s3x0rgbtE6Plj+hxKn0PzpwHkT1vAr8O1qa4bWuriNx32RP18oYa+wip+4mZ/jzcz/heCoUvOfnLlHkS2mfIOofd7OvYg==
+jaguar.			86400	IN	NSEC	java. NS DS RRSIG NSEC
+jaguar.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . DShyhlmz3/FhUCviXc3Llsf5WtD6LMYjUC95Z0t9u5L6jpE01yt+lu7xSrl0V6Xkw6EA0xyAzS1pBSSdnJI606/yNzYgqMAxTebaJlvhDNHm37Bas08RNDmejQhTZ5cby7HRggHDd9rACBNY8V7TkBcjz8t+Q64dclKnV32VOF3NyF+g4h51woNEyAXihE0vOc1cuKidaLN3Q6fcoVTp5kWD49J+Fa+pkape9nJng2VcBQgdAe1+jE+7u1PiNudNEEbT0fw+gP85HpG/eBm+Pzh8bL2hvaOIuCzN6Nf+3Nx7ITmiXm07bLGCXPsjbytc0pb9A6qYpxGueyublDtvKA==
+a0.nic.jaguar.		172800	IN	A	65.22.112.51
+a0.nic.jaguar.		172800	IN	AAAA	2a01:8840:6e:0:0:0:0:51
+a2.nic.jaguar.		172800	IN	A	65.22.115.51
+a2.nic.jaguar.		172800	IN	AAAA	2a01:8840:71:0:0:0:0:51
+b0.nic.jaguar.		172800	IN	A	65.22.113.51
+b0.nic.jaguar.		172800	IN	AAAA	2a01:8840:6f:0:0:0:0:51
+c0.nic.jaguar.		172800	IN	A	65.22.114.51
+c0.nic.jaguar.		172800	IN	AAAA	2a01:8840:70:0:0:0:0:51
+java.			172800	IN	NS	a0.nic.java.
+java.			172800	IN	NS	a2.nic.java.
+java.			172800	IN	NS	b0.nic.java.
+java.			172800	IN	NS	c0.nic.java.
+java.			86400	IN	DS	35845 8 2 FE3EC07C5C98197923923416C9AF01B70379C0A8431064C8E74BF9B443877FD4
+java.			86400	IN	DS	45615 8 2 7F20B5E00C2324D253F209B3F386F7033DAE09CA9587524B3561F4CB4B3CD60D
+java.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . 1RrM/Zcy+N5qA8vym8q/fWQDo3RBTUvszV5A+/7BMXRFGRVexQNVGUyWk6ekW10L+lPuAQ2izFlI9smgeA9wjRBOwUaW2goQgrKXlGSZJ4ji3B56Q/KSxTc7FXzUMVgzNHR2J+cysZjOrt3GuJwO+wabrdAPsUn0BXnKNbhXnGuo87TpenLSRETpK28iAcYQkGwV/B6LVR32v0/Ma2utDhuU3DxsG7yo62flWQBAINqMoRQ8u+lynfQQ+S9Q56Vd2I2vZQb8cgil0DsBD/UFz9K3BhlF/5Zx1Mp/6Iqma9x9vjKy8mhtnYqSnxUVHobN1JvoHMxme0qEgSwqzQU7Wg==
+java.			86400	IN	NSEC	jcb. NS DS RRSIG NSEC
+java.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . Isetd19FQSLD7LtV5XMJeVmoZ0Nr6XyStQ18Cc9rnqzrcuOhJisoRCNjgV0hDN2FejGwnzpP+ddXgxgrA34ZjUqzdZlLVop5iaBiyOHZoWPmjrQV+ZZmy/+spoMDs7Z8bO71qAflFbTOxuQh/8uwMWQu7nT3y+kw3MkCS7ibjTQRUOZJ9Rw65FIg45DT14rDHXLWkolu2N6LRNIdRzk1njaDS1rjQhwKAFlZqjKm25cAlStZ/KNCwnkdhp+1uSsEE7bX6Ojo5cBbTxdPnLBJKXR12UbBooOFxznyRaUjQafphmpSA9r0WJOC49Z1mi8OBFGZYO8ixDfuT9MC4Pxz+w==
+a0.nic.java.		172800	IN	A	65.22.84.33
+a0.nic.java.		172800	IN	AAAA	2a01:8840:52:0:0:0:0:33
+a2.nic.java.		172800	IN	A	65.22.87.33
+a2.nic.java.		172800	IN	AAAA	2a01:8840:55:0:0:0:0:33
+b0.nic.java.		172800	IN	A	65.22.85.33
+b0.nic.java.		172800	IN	AAAA	2a01:8840:53:0:0:0:0:33
+c0.nic.java.		172800	IN	A	65.22.86.33
+c0.nic.java.		172800	IN	AAAA	2a01:8840:54:0:0:0:0:33
+jcb.			172800	IN	NS	a.gmoregistry.net.
+jcb.			172800	IN	NS	b.gmoregistry.net.
+jcb.			172800	IN	NS	k.gmoregistry.net.
+jcb.			172800	IN	NS	l.gmoregistry.net.
+jcb.			86400	IN	DS	8039 8 2 A21F8529CE9B38A28A4B03251CA112BF0528655D5CD28901B8585389DE8261FD
+jcb.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . gDLZGbJK8IuVGdIlfDiBX9rzvA8MhbZq2SXL3l1PaVf7/WywEvD0z2BuZ1FGZpQal9elwFOIvARbl1eTjolhaopa74MIee+ysLn8uiu6E74J4yKQNkkL7Jmu1c0LAXP6irujsy2rw3HPkCu97/XkAumgw5ohda0R3yzm/hUxahbRCt8uqAg9LVqqfnBU6t3R5QakPdF49d0JauRyXMTBiK+/s9PE/m1bxmTa9cg65UKJBaRPx2/rOFpgzDn8ofMG1j0/Po4Y5dhvikBQa+2OTuD4oClkPcvP7BhDgOyptDVfX0wvAdFbUdWqT6BwEooPQxMCUcRbXEl/W4Z8JWUJxw==
+jcb.			86400	IN	NSEC	je. NS DS RRSIG NSEC
+jcb.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . XSi3yPRF6y+fgoZmWXbFHirzKRiB6e0duJd8f2a/h03AzDEc9CQ/y/thg5Z0kV71/QphA4s5D6e1eUEFCok92DBWF31yNwfuIBzdpZaPFPMQ19oZzepBYpOzVRPWqPYwMfpq5kqMjAf7o1LPYEio4pq57R+gFyu172hdOpKeR0qZx1er1ej8fcHOGnSP1K+vzCSbDo14aKW5qtoX97eP/w3aluyLYdJz0+mzjdQ3IQzIXJhnOYEtdwu7ePteTxdtsTkyBFGqZWkrz1sNopfZmHql11kqMROe6Ci+xhWKhcaS62I+eA8l8zYqBa3EfwUMKowFPTK+ee2lpe+Keqj6Ag==
+je.			172800	IN	NS	c.ci-servers.org.
+je.			172800	IN	NS	e.ci-servers.net.
+je.			172800	IN	NS	dns1.nominetdns.uk.
+je.			172800	IN	NS	dns2.nominetdns.uk.
+je.			172800	IN	NS	dns3.nominetdns.uk.
+je.			172800	IN	NS	dns4.nominetdns.uk.
+je.			86400	IN	DS	19054 8 2 051F21016E36C0DC46DA9437C9F5975A95BF6B0B85E9E8BF53F49930EB65E90D
+je.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . fP8nZE0vU9b5pyEf6WH2vTzqZhqeBBqRJce3fqG6taQCzp7nxLC3DciDng4yL92sS1j0f1qACkEYKCp7pixb90SSzC7rjyWY2TrAJTwr6scceswc+Co0aCG85Lp4SolMg+KtO87KIYDCzRmNSvgX7WvtnrtT6r/3h90EGiGvjgwagAONWMlGnV82fIR/TNZFVMxGNpuI1zcm9RtMyQ+X8x6b/jVc3X99Z8/fcrXfJyStaJepNQvg4kI23B3aPZ9/2OSwa9ouWtiHnew1OPfg9wvyg46weYT8vQORrTN7FrUkq+2RxjySVOjmI2dDXh6F5Hm+0lT/HAw88WK+i3qxzA==
+je.			86400	IN	NSEC	jeep. NS DS RRSIG NSEC
+je.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . ZH+eKXc7qb4JRscbAcHSJtFpGSRqC3eJTlLZwNI/+zl+8pJGIdR1/Etwqlf1/+ltnQYh22/6mbzlWKoaUwPJ5I6aA5eaHLbXcQZNJRKKpovgq9D1wRqq7JAy+LjhXyXEM4HagwVeTthSm3wzmajlV5j67wEah/JPWZPXAjqzmyVP/JgCYkMBw626xcUye2tf6MkiBTJPW4HxiInESPWPeO7/Tvm2MD4c12MWQyHpIEa0gLeRQ9yrBuNVZi23+Z6U0w02rSL/4fiyu1hh+nN/mjfwWP8uE3lcNdmhN+B9fZGazlashZtUqkWDMlzMKsGh+XpkMmRzNwpioc4npkbudw==
+jeep.			172800	IN	NS	a0.nic.jeep.
+jeep.			172800	IN	NS	a2.nic.jeep.
+jeep.			172800	IN	NS	b0.nic.jeep.
+jeep.			172800	IN	NS	c0.nic.jeep.
+jeep.			86400	IN	DS	49999 8 2 F00A0B4B65ADAC570C2DBC81483367392EA9A86FFD17E4B3F042D446ACD1EA4B
+jeep.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . Dtx0VOLv/5DKU1kTAt/FQdHJb4hdBeKFft8lPAFTXrMUM5WbShdbdsOdKkriikFVFt4GLD15AIHGw0VdWR5NbRjT9RobARJHftNPS9hYEFHNiNXKtkoNvnG3wQ/TH0UlfL65FXnLNQshmHbScy7lHcRqbe1hMru/RkMSzRyTz+Nnn50uSgz6wDch+tewgeoz9oruWdQWyjOECZ0B7K64+7t+U9l59HO+C+Qwk8LKuBVgcQo5DldfAFIFAOrkOTQyNV0bpjXnnMkvmS5w8DaQkgiwsciXX58JHiWibZri24YCwaBFGkvBwpyVuyGGJ3BBmpkISwUObwOf6Fc8J55fxA==
+jeep.			86400	IN	NSEC	jetzt. NS DS RRSIG NSEC
+jeep.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . ydDl/mrLzvUR2Dce7Bzhnn01H+6YxM5ApYlV3wmbtsr4Qw8+xvPG+JofIF5KINZlusnifFcSTsSVVEWUvir/NEa4Jk0JDSow2jL9CX7x+hl/uGHAfdygOhHR64ZJ9xHmRx8M9JBSFTaOPQ6t3RHGcSZe09TQh6iOTPMKl2On9bQU74pQJs38vWtT373/0zR+OYOXLpP0uMhcZEggzcGWGpvNOkpoRR4am1uKljcy9FhqFgCjtegsMdwp++3okFAP7yh/3TAOfqNOhg2lWKKOQKrBvNeUzcjwNiJJtPyxkz7AqdC7mxCL14RlzUfxfF2r2Pwv6v0mRa7TR3HITr/qZw==
+a0.nic.jeep.		172800	IN	A	65.22.76.41
+a0.nic.jeep.		172800	IN	AAAA	2a01:8840:4a:0:0:0:0:41
+a2.nic.jeep.		172800	IN	A	65.22.79.41
+a2.nic.jeep.		172800	IN	AAAA	2a01:8840:4d:0:0:0:0:41
+b0.nic.jeep.		172800	IN	A	65.22.77.41
+b0.nic.jeep.		172800	IN	AAAA	2a01:8840:4b:0:0:0:0:41
+c0.nic.jeep.		172800	IN	A	65.22.78.41
+c0.nic.jeep.		172800	IN	AAAA	2a01:8840:4c:0:0:0:0:41
+jetzt.			172800	IN	NS	v0n0.nic.jetzt.
+jetzt.			172800	IN	NS	v0n1.nic.jetzt.
+jetzt.			172800	IN	NS	v0n2.nic.jetzt.
+jetzt.			172800	IN	NS	v0n3.nic.jetzt.
+jetzt.			172800	IN	NS	v2n0.nic.jetzt.
+jetzt.			172800	IN	NS	v2n1.nic.jetzt.
+jetzt.			86400	IN	DS	34480 8 2 BDF6C4604D479D93BF6B0308835406829CAB3DACD840365A854653F45336EA92
+jetzt.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . XwN75/fvGzYdL7a4HfO1OvSYba1iSVhQEsuRv8zy2couKJ4apidee1z8MWNCMbbJ9yGZz3Hsjfz/vdHUyK+DHW3MUpSnT8OvIBmLM14pZ/NEMJCGzBOFuYK0A8V+Htr80ygKYoXFD3V5GEvD+NGPRjOWkaTvoSfmUiX1jSQDTzUpcSAdo/5TjWYSieAA0MK1cJVt3LnZ9EE27jZ/TNCJeSpt6OnRQB1ipVqSFUcFAJ5KxZE2dFiGqbVbWXUGJFq+vt1s+ijdTvufJQW4rUg2Majey85wiMzbBQVKUig3JPOyVop16oic5REn6ZWSJ/PAx6zOiHevKOp6FF7JTasxzA==
+jetzt.			86400	IN	NSEC	jewelry. NS DS RRSIG NSEC
+jetzt.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . A6npiL2Hc01qfcNMs/1+9n+XMh0B+fAH+hHyIj/koPu2OMhtwZtHws/bYVYoMxlhp2w39pvaxclDevhjqa/05/i1TlcKZS9mqv9dGPKq29A1uN8SespKRRrk92TWR/xVQtYb+viaqbINhyWs4f9ki2bjMjYDaZtoDw9OMMoXgfWvZwUxOzXTFuB0U3FYOrYN4F32UVEzND6E+7vAbMJrfyC4nlw5QdL1JCAR/NtE4AlbzYdrPb2sxKfE6wZKbV2iN1aHxAMa5VYAKHu59vErtbnhzKEO9a2Eo8pFLxgm3CNUgMgg1E31Lf4bWsPuldlZcvFctTHWEXCnxqCACJr42Q==
+v0n0.nic.jetzt.		172800	IN	A	65.22.20.49
+v0n0.nic.jetzt.		172800	IN	AAAA	2a01:8840:16:0:0:0:0:49
+v0n1.nic.jetzt.		172800	IN	A	65.22.21.49
+v0n1.nic.jetzt.		172800	IN	AAAA	2a01:8840:17:0:0:0:0:49
+v0n2.nic.jetzt.		172800	IN	A	65.22.22.49
+v0n2.nic.jetzt.		172800	IN	AAAA	2a01:8840:18:0:0:0:0:49
+v0n3.nic.jetzt.		172800	IN	A	161.232.10.49
+v0n3.nic.jetzt.		172800	IN	AAAA	2a01:8840:f4:0:0:0:0:49
+v2n0.nic.jetzt.		172800	IN	A	65.22.23.49
+v2n0.nic.jetzt.		172800	IN	AAAA	2a01:8840:19:0:0:0:0:49
+v2n1.nic.jetzt.		172800	IN	A	161.232.11.49
+v2n1.nic.jetzt.		172800	IN	AAAA	2a01:8840:f5:0:0:0:0:49
+jewelry.		172800	IN	NS	v0n0.nic.jewelry.
+jewelry.		172800	IN	NS	v0n1.nic.jewelry.
+jewelry.		172800	IN	NS	v0n2.nic.jewelry.
+jewelry.		172800	IN	NS	v0n3.nic.jewelry.
+jewelry.		172800	IN	NS	v2n0.nic.jewelry.
+jewelry.		172800	IN	NS	v2n1.nic.jewelry.
+jewelry.		86400	IN	DS	55777 8 2 CF1E81D50A04C164391BC99065EC51D4E25AB77B740CC93F011DED2A151AD6D2
+jewelry.		86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . T1YbpvJUxdcqEjPh0+KSePkNPVm5b/pxjm9oWAfoJxbJhfeGm8228CJNce2KflH5+Hpaf4aUOik3arL//hWXHrD8MAQGbeXysN2R17SY+AUkTIh2kfi4ofeQYPJgjBZfq/ekh9h7hLlgBfGzUGYl4OEmVlJp5wioPoSvsb7xSPoStWn74kB9BG0LlnYCyefXsz+bf2n3fp7dRZs7c/5YippvqmIc0uytApH+wTfz4CMlNFacCrm2ygraPzPMYlK5WmX5CovzRh0g5HDlo4WExTMJ7dtlDohdvU2Cqap58ljdq0gtvlEldWbYllkqh2BS7t8+GJ8CtWKGLWEWB+OpSQ==
+jewelry.		86400	IN	NSEC	jio. NS DS RRSIG NSEC
+jewelry.		86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . Cg1Dxm/n2rpDWTmv4jzDTbfRLlosS61dqJOhsBjKusqvEPJZvinD4VAu2a2OQ4yOX7XyxHpGsmjU4MiLl5CcfIuKSlSaiYIcv/3Q49za6W0232yPk0ckgdCuHGGx3o5LuvWojmnRKJlPYdFHY/zQMDavaCW9/an4oakkylU4Eb/eAEysd1HxxA8gq+kfJux16EIWPj8pUZFYQ6x+O7BOoLBnvVorG6n5dxEiwLgJ7xXKYYa6pZ41q0YpxPaFl7xZUdV0zHV8/5dYxZjJIFp7FfYod+9iOosFdRdhOEXI3Rjr1LhxGCWUvhuRDWMhkoqnuKkkqn9UogDeup/KPm0Xrw==
+v0n0.nic.jewelry.	172800	IN	A	65.22.28.26
+v0n0.nic.jewelry.	172800	IN	AAAA	2a01:8840:1e:0:0:0:0:26
+v0n1.nic.jewelry.	172800	IN	A	65.22.29.26
+v0n1.nic.jewelry.	172800	IN	AAAA	2a01:8840:1f:0:0:0:0:26
+v0n2.nic.jewelry.	172800	IN	A	65.22.30.26
+v0n2.nic.jewelry.	172800	IN	AAAA	2a01:8840:20:0:0:0:0:26
+v0n3.nic.jewelry.	172800	IN	A	161.232.14.26
+v0n3.nic.jewelry.	172800	IN	AAAA	2a01:8840:f8:0:0:0:0:26
+v2n0.nic.jewelry.	172800	IN	A	65.22.31.26
+v2n0.nic.jewelry.	172800	IN	AAAA	2a01:8840:21:0:0:0:0:26
+v2n1.nic.jewelry.	172800	IN	A	161.232.15.26
+v2n1.nic.jewelry.	172800	IN	AAAA	2a01:8840:f9:0:0:0:0:26
+jio.			172800	IN	NS	a0.nic.jio.
+jio.			172800	IN	NS	a2.nic.jio.
+jio.			172800	IN	NS	b0.nic.jio.
+jio.			172800	IN	NS	c0.nic.jio.
+jio.			86400	IN	DS	5476 8 2 D03F2390954D50F114B39620E940A7DE9D1FB60661CDEB43757B5D4A76FA8180
+jio.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . kHB+5Nz0hJneufBlHsYofSlT7kdWwwlaJNJit5rv9tDN3CbZe5+YmAQi8EwjTeAF9UAGVe2cbMmLfXwpG5lfHr879+FxNeVQwqlhnmwKxuCT6PgXV/wOFCniA8CPdtOjPXkLMp83C4E5sdglcSiYFzNpAE0XnowCOe5VgzuAwNqz7XNyCz6XGraXoIDJryTPrg+GzeUJiVwu9RU+aYPCppG2gUZbQTecw7njrJ4sixzyDG6S8/icd5dk3F2tPjUnSXoeuDm0rqn1hsbiebXiXdCnBSCIrXQkiuCnnzxTHBGvD0fQB+7V5EXsgLxtpC6w6Q52N7wS/BzT4wDusiVRRA==
+jio.			86400	IN	NSEC	jll. NS DS RRSIG NSEC
+jio.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . hn9x/zAltY+pzW/35bOqkeYIHLckdMQ5Oh17OUAKaufipnK6jqU8gCP/nDXQPY4R6loqmFqAPs1uRcgQ/JcL62iUdMSCu1ZOEjGnp5yL43SanWPvy6v0hmGiqkv4HLN+IQiGCXaHO21aY5dRfoGup4cq5WPcbmfWqEuth96Rpr3Nqd9737uYeuXjIwXqWZMUqy6OxUGTaXIAO7+p2U9FAew04/Y5kfqcI5LDuhPsef4rMck7nCyZ9vmANA/8FaTMHXBtujjdIPdFy8AGiu2GxrMsB+5LmePgr5lb5Ju8e8FO6vxCtG2VvlI7lqcM91mmRsM+wjjXBcza4oVN+BvrnA==
+a0.nic.jio.		172800	IN	A	65.22.212.33
+a0.nic.jio.		172800	IN	AAAA	2a01:8840:ce:0:0:0:0:33
+a2.nic.jio.		172800	IN	A	65.22.215.33
+a2.nic.jio.		172800	IN	AAAA	2a01:8840:d1:0:0:0:0:33
+b0.nic.jio.		172800	IN	A	65.22.213.33
+b0.nic.jio.		172800	IN	AAAA	2a01:8840:cf:0:0:0:0:33
+c0.nic.jio.		172800	IN	A	65.22.214.33
+c0.nic.jio.		172800	IN	AAAA	2a01:8840:d0:0:0:0:0:33
+jll.			172800	IN	NS	a0.nic.jll.
+jll.			172800	IN	NS	a2.nic.jll.
+jll.			172800	IN	NS	b0.nic.jll.
+jll.			172800	IN	NS	c0.nic.jll.
+jll.			86400	IN	DS	34711 8 2 2684574B7AC4339237FA607C55C1244D45C6C7C86B143C9240A72C2F62A012E4
+jll.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . A1pNskJ50MpUcMnDTSQD4CNrG1ga1BVLSdlX1UHxXGSDS7UfqagnyeADBp/SjWZvBz2BCrGGPmoh6tUB+5Up4zZIbnaVXmC/OecCFbDDxSZO+9xSvgmcOQsz6gFYJpTfWNvn5D2TKFhOpl8JIlQtKi7Yh8jwq/6kZxiUJzVnH0JXes+aGV8e6lpS+W2iC8NIi9rUV1F2H3qS7spuZJQEPDtY7/pH2/9mdoz0HRsfVogcjFuxwhJPxFQajlH38KL/JQdKWcF8G3/SyX3MldacaFlSejf7zAbCr58DrT6Qk+B0zLEHBN1xi2IsTj4v/wq/AJOljF+nkNeoiaNvEVZUhw==
+jll.			86400	IN	NSEC	jm. NS DS RRSIG NSEC
+jll.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . Sm9bgAkP+UilGwgjxfBH0YPAQ4tvXZZ8zt/zpBV5spfog8QXR6Z2/KNP+NWdimhEMK6t/2qWvQu2ggsygFcB1kMEAQSIJ5qpiUI9124vZd5kBPTsvDxfrn1CrV2pJ/ufp1cmMRunWn+l7UoTFb8DbxgYCXLU1gjlY729Nb69ykSV1AhLoXNp5y86cw0eVHCJdF/r0jHSZOa707FGtsbBXJrU8Bg31umXQItyp7NdSdH9k7xefjZOM9b9cJnzzlRb728Vzm6gktne52ye5X2A8QiRht+pnpWFFr/Y8mV0y9qcnLFql4yoaXU6Ept9pVLXt1OcKD+QI6CO64s92tWe4Q==
+a0.nic.jll.		172800	IN	A	65.22.148.9
+a0.nic.jll.		172800	IN	AAAA	2a01:8840:92:0:0:0:0:9
+a2.nic.jll.		172800	IN	A	65.22.151.9
+a2.nic.jll.		172800	IN	AAAA	2a01:8840:95:0:0:0:0:9
+b0.nic.jll.		172800	IN	A	65.22.149.9
+b0.nic.jll.		172800	IN	AAAA	2a01:8840:93:0:0:0:0:9
+c0.nic.jll.		172800	IN	A	65.22.150.9
+c0.nic.jll.		172800	IN	AAAA	2a01:8840:94:0:0:0:0:9
+jm.			172800	IN	NS	jm.cctld.authdns.ripe.net.
+jm.			172800	IN	NS	ns.jm.
+jm.			172800	IN	NS	ns.utechjamaica.edu.jm.
+jm.			172800	IN	NS	ns3-jm.fsl.org.jm.
+jm.			172800	IN	NS	phloem.uoregon.edu.
+jm.			86400	IN	NSEC	jmp. NS RRSIG NSEC
+jm.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . HFTe/U8VvH3Ev89KJgSfC7Q7zrIEYzJWohux0lBwHSvXJH1cHwXBrwj9Yanwp/5G14/6/zEyTRpJEEb2ZI4Jrs2nM4VmGHA/MrziPHO59WSRpxp5Zhr/eriPBZe+ep66RTm0e4Dr6EhpEM9FMWPD4zSI3bTFeUY8roiuk9U07abn2sRgexcueOQbdHVxi/enYOsVCrcbParrDy3orIFjYhzAMxlU1qUeSkjg+PR1RxDhJWo7MLhz8pmKi7BHgAbrmFuCNxFNH6p5S+HSuCuMbGiVLTSNZBo0wnnWyZMe41Tbe8d23hrUnMRa5RmmswbCmpUhSr9iqcGDVBhTXEZN+A==
+ns.utechjamaica.edu.jm.	172800	IN	A	200.9.115.2
+ns.jm.			172800	IN	A	196.2.1.6
+ns3-jm.fsl.org.jm.	172800	IN	A	196.3.191.66
+jmp.			172800	IN	NS	a.nic.jmp.
+jmp.			172800	IN	NS	b.nic.jmp.
+jmp.			172800	IN	NS	c.nic.jmp.
+jmp.			172800	IN	NS	ns1.dns.nic.jmp.
+jmp.			172800	IN	NS	ns2.dns.nic.jmp.
+jmp.			172800	IN	NS	ns3.dns.nic.jmp.
+jmp.			86400	IN	DS	8866 8 2 30EDBD31093E1A261862822C85D745E0E803D7BA503AA4FBB79D4BB828FC5422
+jmp.			86400	IN	DS	30112 8 2 47FCD5889323F70E3346B144D204BA05F601D6B6C56C8C52AC7606F7D14AF60C
+jmp.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . rNCtQlkRak9zsj7/w8BY/cC6bk7b7QQG0esN/2PGKbns9kDr6wPOS6obC+VpJp8faY1dTGYX5nPR4gkQ3kgpaYQrVaG4fEZczTZ8KZKnt2XAm0rN3QXf1MvkobldWkPkZV9iVj3NlU3vpcZ2+cQg+pyGiYsdWbElDVCPfeck5DFE5CgMdxcrYjvuGE+iFxg/PBhJARi8T9woYb6qnGmPVZrqhQpiAEaIkq0Md8hw3OekQVZ3LnZHH8K0J3G+eosKLGhedLhsJ7wbmeNl2/FbqfrgEN1gm7+S+6I+unRL/DbNDDag1mGNRFHgYg6nLFmLwguHx0TkrtaLQ9654wFOjA==
+jmp.			86400	IN	NSEC	jnj. NS DS RRSIG NSEC
+jmp.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . bIhQttJZh/IG5+TFf5gTfpa4/mH+4HwEabr6kqveJMWc+y3NyTAps6o5fAfVX/GGUDK1mtDviPGyC2PkKv9P2omyqDl92CE6KSvONslkNd2OWmFtRYckQPY6z8bT3EOfPJDVzo+8sfClFZl3vMpHuTYQURrihChjMevPuJb5Y/+cOaejQulX89gqYIazJugicNR654HPwnftRyXILLpczn933lIMV5VRAZ3r6Ppld1smFi1RRU38pv8EuAp6pzpIP24+DUwXsNQZ3KaJKUdmxgjU8HwEQb2tIpcZD9hnRi248gAVWy4hyblkaQWCeiSFHYUmpyYHmm/g0/4OnOaibQ==
+a.nic.jmp.		172800	IN	A	37.209.192.9
+a.nic.jmp.		172800	IN	AAAA	2001:dcd:1:0:0:0:0:9
+b.nic.jmp.		172800	IN	A	37.209.194.9
+b.nic.jmp.		172800	IN	AAAA	2001:dcd:2:0:0:0:0:9
+c.nic.jmp.		172800	IN	A	37.209.196.9
+c.nic.jmp.		172800	IN	AAAA	2001:dcd:3:0:0:0:0:9
+ns1.dns.nic.jmp.	172800	IN	A	156.154.144.88
+ns1.dns.nic.jmp.	172800	IN	AAAA	2610:a1:1071:0:0:0:0:58
+ns2.dns.nic.jmp.	172800	IN	A	156.154.145.88
+ns2.dns.nic.jmp.	172800	IN	AAAA	2610:a1:1072:0:0:0:0:58
+ns3.dns.nic.jmp.	172800	IN	A	156.154.159.88
+ns3.dns.nic.jmp.	172800	IN	AAAA	2610:a1:1073:0:0:0:0:58
+jnj.			172800	IN	NS	a.nic.jnj.
+jnj.			172800	IN	NS	b.nic.jnj.
+jnj.			172800	IN	NS	c.nic.jnj.
+jnj.			172800	IN	NS	ns1.dns.nic.jnj.
+jnj.			172800	IN	NS	ns2.dns.nic.jnj.
+jnj.			172800	IN	NS	ns3.dns.nic.jnj.
+jnj.			86400	IN	DS	8032 8 2 5CF2A2DFA2B3A5B5C8B3F42BD42290FE5632DC8720B48286573C4ACA21FD8C82
+jnj.			86400	IN	DS	16897 8 2 8E9740B903122D7DFED99CF66764BBB9B24EABE8B5A3C37BD0D876F47D69956F
+jnj.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . kIjoG3cvqp+jx1U5/24ZLUdop8MsZtWRBWDKvtJypexT++P5oLa3x2CYQnMiAZyoa+gHAEk9IfF4WHYCPGf5phtHUkqXgVFZ55paoSmPF/uXxsho3z+HcOJUEmegBpz173CqmhkQVGwZMzcczs50d/CnsEbxvcOC9QVaEOUKmX/jDHfingW2CBSKiqXXL44tPWoK4ZmLI5pZkaLN3ERtFUkMGD18GY9caJ+Si+cnInsE6IXI5LTnZuZY+vXEXpwOUzv9tpkAJRY0gjShBo+XhinbgRV9D+QqCleCw1hIQ3zvnAOR1Fnu7vt3KkQFfSNc4B/mGVPLXJEb6oc4AZR95Q==
+jnj.			86400	IN	NSEC	jo. NS DS RRSIG NSEC
+jnj.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . yR9QTyq21sj4HzHMSJcqOnhYhKs+jcCHe3J+vqMld31KgcgaVuHqyP4g40NSYIN8k+hn209tpFqgd7+8IARJhBjc8zG5l0GRyOhEdRFhCI7g6toWW7urlQUZT+pSS245SyW9RF6SxelIAPIDNFAhjEu4icYS3ISCVT2To9Rxc8zZiRR6Q2yXl1y3bEfTvt0WpnyY+Jxh+qnPz4e2d+o2C/mtNiCegLh/uIg7FQyCHDGFixmyuGwoC+TGbFftIsVKoXbvPkb4GvkORzEVoGrUgseOxmtNSo6TrOlBJot2UnbBRT5qyR8n9jEOwUY1xwDeYrX3O9iz0NU2vdblT9yqtg==
+a.nic.jnj.		172800	IN	A	37.209.192.9
+a.nic.jnj.		172800	IN	AAAA	2001:dcd:1:0:0:0:0:9
+b.nic.jnj.		172800	IN	A	37.209.194.9
+b.nic.jnj.		172800	IN	AAAA	2001:dcd:2:0:0:0:0:9
+c.nic.jnj.		172800	IN	A	37.209.196.9
+c.nic.jnj.		172800	IN	AAAA	2001:dcd:3:0:0:0:0:9
+ns1.dns.nic.jnj.	172800	IN	A	156.154.144.89
+ns1.dns.nic.jnj.	172800	IN	AAAA	2610:a1:1071:0:0:0:0:59
+ns2.dns.nic.jnj.	172800	IN	A	156.154.145.89
+ns2.dns.nic.jnj.	172800	IN	AAAA	2610:a1:1072:0:0:0:0:59
+ns3.dns.nic.jnj.	172800	IN	A	156.154.159.89
+ns3.dns.nic.jnj.	172800	IN	AAAA	2610:a1:1073:0:0:0:0:59
+jo.			172800	IN	NS	jo.cctld.authdns.ripe.net.
+jo.			172800	IN	NS	rip.psg.com.
+jo.			172800	IN	NS	amra.nic.gov.jo.
+jo.			172800	IN	NS	petra.nic.gov.jo.
+jo.			172800	IN	NS	jordan1st.nic.gov.jo.
+jo.			86400	IN	NSEC	jobs. NS RRSIG NSEC
+jo.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . Z0tT+dw+2vzJIOjQiTIN4nWmR3fgL9roTC6t/Rf2/0ObZX/bcjresZ9CDb6z3LE8xxpKq6iXHVzJffzkCdvuUczP8Pky3JGFfw+LLYmhrBtukk6iyL5Msw51ZiXDIGGidwwatKgt0i52pEYwPHKuwLzGxv3ysZ8+HEm229KFbo0A4I3asXB3IeCW8bAVIN5XjcV3aav9Q5ijGEugn0Bp3SZmPhah9fFthbdbMsb/fxf3TV2/CC1FLYk8s9HXp5/TwLq1MKczLDu54LcldyiZBoKc9iB8J8KArT1M/TsRxTMP8BGRDX0mmFRwEyqLf8lIreQkSNaR4+QuQEMLGOo1Hw==
+amra.nic.gov.jo.	172800	IN	A	193.188.66.103
+jordan1st.nic.gov.jo.	172800	IN	A	193.188.69.19
+petra.nic.gov.jo.	172800	IN	A	193.188.66.2
+jobs.			172800	IN	NS	dns1.nic.jobs.
+jobs.			172800	IN	NS	dns2.nic.jobs.
+jobs.			172800	IN	NS	dns3.nic.jobs.
+jobs.			172800	IN	NS	dns4.nic.jobs.
+jobs.			172800	IN	NS	dnsa.nic.jobs.
+jobs.			172800	IN	NS	dnsb.nic.jobs.
+jobs.			172800	IN	NS	dnsc.nic.jobs.
+jobs.			172800	IN	NS	dnsd.nic.jobs.
+jobs.			86400	IN	DS	47990 8 2 813737ED8EA193EAE37C0C2F95758A0DE0B5069A20A9B0E8F4955908AC40C57A
+jobs.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . Eik+UpO7CWcnC7bzDGthW2nCr36xGFe0u6oSUnujSq+0B2EIsSEOEBFN9FxbhOUZXQDP6aITJ6fOM9jrO0/ik+E8MZLo3tRjfFfUMetpi7MhqV5ffOFJpxk0+PTYdoIZ9Vcgqh5217UquoEZsTx3iH9gaB+dhiBllTSsbZN9jBLKl9r9OAgfYjivIyOQtJDavpw/bGj6Qq8xVZDnTNaDjYs/g63oiy2QldkkLAomS+0YgQMFhKpxzc/Qpd9qVCGiuSxlAwd6WhXcWxyX6EGkmq19BNaBonXbRspbVO9UVi+yM+VzlO0dtn0uWV2vT3SxxI8bZ+Y/yp27sdyGI+SXkw==
+jobs.			86400	IN	NSEC	joburg. NS DS RRSIG NSEC
+jobs.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . ciFumu80z23/HhlEUPZBLgm2ei07vmhNP5pQLQ78C/P0lzh6NmgxdmWXTxS0/LZ6Z9ddhQH15PXEPN3FZXwJBjI+FV7D2QJdrDzZpfn7ebgItEYoFkbRMNmPZ7ur474QY++kCwlRsFTsUlB7YJBJw3JnSGtwypXSqymfELUju5tDLR5QDOWjUB0l8pyrt5bhtycbJm7OcKKhVFMb62v0QZ4KYAdv4pbfepFTeWdaY+GRqcOZlHTfjAVaTK/VsvM0+XQTlc5keQSdPKrC/VE/Ayrb0w6VjdL2r5EiHlDaotJJbKWJnAx15QYYeqi9+psnZOBucUk+WHbNu6cRKwz4/Q==
+dns1.nic.jobs.		172800	IN	A	213.248.219.120
+dns1.nic.jobs.		172800	IN	AAAA	2a01:618:403:0:0:0:0:120
+dns2.nic.jobs.		172800	IN	A	103.49.83.120
+dns2.nic.jobs.		172800	IN	AAAA	2401:fd80:403:0:0:0:0:120
+dns3.nic.jobs.		172800	IN	A	213.248.223.120
+dns3.nic.jobs.		172800	IN	AAAA	2a01:618:407:0:0:0:0:120
+dns4.nic.jobs.		172800	IN	A	43.230.51.120
+dns4.nic.jobs.		172800	IN	AAAA	2401:fd80:407:0:0:0:0:120
+dnsa.nic.jobs.		172800	IN	A	156.154.100.3
+dnsa.nic.jobs.		172800	IN	AAAA	2001:502:ad09:0:0:0:0:3
+dnsb.nic.jobs.		172800	IN	A	156.154.101.3
+dnsb.nic.jobs.		172800	IN	AAAA	2001:502:2eda:0:0:0:0:3
+dnsc.nic.jobs.		172800	IN	A	156.154.102.3
+dnsc.nic.jobs.		172800	IN	AAAA	2610:a1:1009:0:0:0:0:3
+dnsd.nic.jobs.		172800	IN	A	156.154.103.3
+dnsd.nic.jobs.		172800	IN	AAAA	2610:a1:1010:0:0:0:0:3
+joburg.			172800	IN	NS	nsp.netnod.se.
+joburg.			172800	IN	NS	coza1.dnsnode.net.
+joburg.			86400	IN	DS	65032 8 2 4ABF29A076FC19AC89283BED93457B56D2B0C8AD90DC24D70F70988A7D8BB574
+joburg.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . cMkfkZNoA/NWi84pKVT2esZOy5a2LHE4I0LtyXxEraZkZ/4JaJVNLXY4s0jFnW0zOkNRwbKM3YNf4he5R1t3eBKZujRSsnD6ApcfmT60MBNjoTfbe8ClCitcBrp96R0qy5Imqn52M8lYxmhixuSzSvGwP5ZQN0a3l1hEYhZr6XfylqW8QZj/1pZLtMoAWa9Dv1eyycCKYArAMULtPLRFQiFQg5buyUfyOqel2KrV9Hor/OFTEeqsjJ5MLb8OXmsYu0gyM/XhQGYHQJ2FbJBcOpjBXp4QDrqfcE6KjjTrbDKb6G9ZBRFvgyAfI++i4lIQK3FP28EFMKk9rYHLjs3qCQ==
+joburg.			86400	IN	NSEC	jot. NS DS RRSIG NSEC
+joburg.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . nhNAfHKjji/pp1nndnlf1H+jqYAZwNFpfjlgL60UxwoxvYWWe3BSYXIiahsVoX42lWcG7elodGGzjKDYaVEETRbxirixf0ram3uELufxCexOVzkSFS5xjCwP1AVKevXMWaL8imXKI3bLOZAwnRhjNWA/KdG2xUaF9X6VnJoVUMPqUb6kjCVohjXubEDGGyqMRK2iUJuiKsChI9NxuO4fOsFSr7Q0YBpy4DOQuGNWjiDTrzsJiZVUN2FtjZyjFSi9GVk06v2oKgifMFiQUI/EcQ4HDnEmdByjIyNBtOKWJ3cWCNBsW28J8vbR/jjKGQhEJP/g8BwcU5ILyfLtipAZrg==
+jot.			172800	IN	NS	dns1.nic.jot.
+jot.			172800	IN	NS	dns2.nic.jot.
+jot.			172800	IN	NS	dns3.nic.jot.
+jot.			172800	IN	NS	dns4.nic.jot.
+jot.			172800	IN	NS	dnsa.nic.jot.
+jot.			172800	IN	NS	dnsb.nic.jot.
+jot.			172800	IN	NS	dnsc.nic.jot.
+jot.			172800	IN	NS	dnsd.nic.jot.
+jot.			86400	IN	DS	60425 8 2 E6238D8E60F3D9967690F2D435F35503CA777FC828B7DEBA61A1E4CC7E97BFCC
+jot.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . oGCiyo5Pi8rjy2IHhCVsXqfw63bRbH+Ipie373re6ngEaLDbIp3WuV5+bCFHwftxf0EjlWuJvSdUl/RjBRe6kGL+4CzrSWvIuGBYFzg9z+rS63rUm0npRQeyhioDiDtCu+anSbS1G8c0Mt6C8s/4SnpTJazHFIYdcvcMQ0b/9k0dTx7fsOivvFbHQSdDGs5zMLfIriVKdWUNyVBwS/zZ95MMkp2qm/Ajse3CRBap/udkZhjafub2S2V44C1hydWWdbE3kfveLMJ1jqdh6NmxD8/8Wtlg1yY4/RtTOkVGJ8S4KHFMEriup/Po9Vek4VC0dMrx6kmktpLNRZpd+7rgrA==
+jot.			86400	IN	NSEC	joy. NS DS RRSIG NSEC
+jot.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . oNAUBfx0a4/jWVBL7ryoMjYNWyr0rQwgTMjPvOQmfv0bmKLw3F38Pd8rYTJErEXLjnGEwrE7VfjXLJd2Yo2GzZhgH/IzhX/agoz1hqhwpQQcDdR3agVjmAGHmCvKOu2ZcFWDb71/vYsluBgbKbKfVJw0Wsdj542I7lN/9NZYSeOhxQbVn5bEnk7+n19kES0FEvOaCJpn9JpHePSYDoofNxcE4iHb7VDgVNQ5cnHkdBcA7XglUR7/urhcExGlo0/1PiI0o63JDs0rabjWLaPFygKInth2xdZi9pGf6mw4X98DYfi4zQBqTzKmKR8Qhnk0XfkJ02Qq5jDlfsb50lZuog==
+dns1.nic.jot.		172800	IN	A	213.248.218.70
+dns1.nic.jot.		172800	IN	AAAA	2a01:618:402:0:0:0:0:70
+dns2.nic.jot.		172800	IN	A	103.49.82.70
+dns2.nic.jot.		172800	IN	AAAA	2401:fd80:402:0:0:0:0:70
+dns3.nic.jot.		172800	IN	A	213.248.222.70
+dns3.nic.jot.		172800	IN	AAAA	2a01:618:406:0:0:0:0:70
+dns4.nic.jot.		172800	IN	A	43.230.50.70
+dns4.nic.jot.		172800	IN	AAAA	2401:fd80:406:0:0:0:0:70
+dnsa.nic.jot.		172800	IN	A	156.154.100.3
+dnsa.nic.jot.		172800	IN	AAAA	2001:502:ad09:0:0:0:0:3
+dnsb.nic.jot.		172800	IN	A	156.154.101.3
+dnsb.nic.jot.		172800	IN	AAAA	2001:502:2eda:0:0:0:0:3
+dnsc.nic.jot.		172800	IN	A	156.154.102.3
+dnsc.nic.jot.		172800	IN	AAAA	2610:a1:1009:0:0:0:0:3
+dnsd.nic.jot.		172800	IN	A	156.154.103.3
+dnsd.nic.jot.		172800	IN	AAAA	2610:a1:1010:0:0:0:0:3
+joy.			172800	IN	NS	dns1.nic.joy.
+joy.			172800	IN	NS	dns2.nic.joy.
+joy.			172800	IN	NS	dns3.nic.joy.
+joy.			172800	IN	NS	dns4.nic.joy.
+joy.			172800	IN	NS	dnsa.nic.joy.
+joy.			172800	IN	NS	dnsb.nic.joy.
+joy.			172800	IN	NS	dnsc.nic.joy.
+joy.			172800	IN	NS	dnsd.nic.joy.
+joy.			86400	IN	DS	33604 8 2 7DBDD304C79FBC1BC471A74B57D8DD1E286976E6203512356146DF3AF37AC916
+joy.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . mjW7XRGGSdPcTQI8xE/WDR9LOwbPs5BxnZZxqCo06AVDkhSpHNQVWyuugaoE2Tj0i+Bcea1/+FhnLy4iEcaz0ntt/XwbG7s2CDtrbpuyliRjn3+mmb+maiTcCCoO51YWB2d14A4NaEWJLUrHZBJP73A5nxgGE47Nk+Z0j3HwTFZlqc2R8oDJ/loLVlOGC5OSOQhuQAmYTsKwhm9s09W1gQCCZVR0SFvI8GWXHbGp3pYrnYkXLcJZrqScQMlkGzhB/IBxYrOjTi25rtOBZ9AfnAD62DKzxlKaSXd2QGTfa9qCP13csTerZboEvCA1Q1z8NfjP42vHIqpEDzwfFa2xuw==
+joy.			86400	IN	NSEC	jp. NS DS RRSIG NSEC
+joy.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . VGC9RkMle9vvwMKIpW+kxDxRV02k3qDNbienIT0Lpz6aTQaeTSC6eD9Jd/Ehw03xaZBr5UnPOGyTXZ25N4alSYARwYQdeQ/Qa+aB319T4jTKYee7biadzv2sgCE9+IjjZI3AeMLkXYZt5eOfgEvm4au161ZONsLz7PH/uAg1Gtk7kGVNa3KAZLbTu8h+0QNF1SCzDud4UQ1A0Q9e/686ObjBDRhhjCsyG0VdHjDyXGq0wJTxB1ta+fTWSEq4IgVJsfzJ/EbRRJhRzL7I+29+k6RB3oMLww+dDVJr3ujLX53pjZ7IJrBz4YASz/z3T5MzMSmighJmfkTj8lLVySn32g==
+dns1.nic.joy.		172800	IN	A	213.248.218.71
+dns1.nic.joy.		172800	IN	AAAA	2a01:618:402:0:0:0:0:71
+dns2.nic.joy.		172800	IN	A	103.49.82.71
+dns2.nic.joy.		172800	IN	AAAA	2401:fd80:402:0:0:0:0:71
+dns3.nic.joy.		172800	IN	A	213.248.222.71
+dns3.nic.joy.		172800	IN	AAAA	2a01:618:406:0:0:0:0:71
+dns4.nic.joy.		172800	IN	A	43.230.50.71
+dns4.nic.joy.		172800	IN	AAAA	2401:fd80:406:0:0:0:0:71
+dnsa.nic.joy.		172800	IN	A	156.154.100.3
+dnsa.nic.joy.		172800	IN	AAAA	2001:502:ad09:0:0:0:0:3
+dnsb.nic.joy.		172800	IN	A	156.154.101.3
+dnsb.nic.joy.		172800	IN	AAAA	2001:502:2eda:0:0:0:0:3
+dnsc.nic.joy.		172800	IN	A	156.154.102.3
+dnsc.nic.joy.		172800	IN	AAAA	2610:a1:1009:0:0:0:0:3
+dnsd.nic.joy.		172800	IN	A	156.154.103.3
+dnsd.nic.joy.		172800	IN	AAAA	2610:a1:1010:0:0:0:0:3
+jp.			172800	IN	NS	a.dns.jp.
+jp.			172800	IN	NS	b.dns.jp.
+jp.			172800	IN	NS	c.dns.jp.
+jp.			172800	IN	NS	d.dns.jp.
+jp.			172800	IN	NS	e.dns.jp.
+jp.			172800	IN	NS	f.dns.jp.
+jp.			172800	IN	NS	g.dns.jp.
+jp.			172800	IN	NS	h.dns.jp.
+jp.			86400	IN	DS	39916 8 2 B36B524989BF0625EFD9B0877E74E77F052248FDE965B6E3C327D9C06AF1D080
+jp.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . 1VHoarCBWWU3AndJcSoxxLvL1EBgTLaPDWDwJDovQTpIte+27TJjRJI/906V4SqEyAZqNPX+K0y+brc1ktQ06+sVrmOwGV+XudzhaCRoj6Vhv2aDnr4g11u1UomhN3VevorF/Km6nP8ovrfox0mF75akS6NVUWFtdbMWzcGXLQPaRe7WM5jJpGlYiyiKxI33plRAxB2+qwtuQqyi4weY1HUCXRMqucHPCLetzy8V+CvJSjQfNGOoGrH2NTSiPMBT9CP01kNfz2Yztbx1VdcFF6T0MhAWSMVYsHA232mKI86xLp0M60+YtNZ3ODGHq/1en0dZx87Wwcuu75ittR2IQg==
+jp.			86400	IN	NSEC	jpmorgan. NS DS RRSIG NSEC
+jp.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . r2qIhva9CxbpNO2lUHx1JqiEve8/Py4SOwnlUgye2wbsbzFwXG8ezTHwsMLrlcXNFbi5dxEQDBH3BdOsSExRfo2wCRej/+eRzlvYf+HOhADu+NDFpEZK4rsiJJD4sIqIT/GPjepom/rLhS1cFjDihyKW9egCEM9lsjvUScxLQCTpDkQHjV/OdphatCuqxOEju7+dcZoWF3HEDtHRkDhIzSUwmkfD18mbLTa49Vczb1tNWHk0P7+io86J8LWnGCG4fCrYXFfnqUP/2qE90IU/FVq9T37el3Me0b7AResb0XFPygFcBUk6a7mIfn8UhqavwA0/vhVAn1FgqNRB1cW34A==
+a.dns.jp.		172800	IN	A	203.119.1.1
+a.dns.jp.		172800	IN	AAAA	2001:dc4:0:0:0:0:0:1
+b.dns.jp.		172800	IN	A	202.12.30.131
+b.dns.jp.		172800	IN	AAAA	2001:dc2:0:0:0:0:0:1
+c.dns.jp.		172800	IN	A	156.154.100.5
+c.dns.jp.		172800	IN	AAAA	2001:502:ad09:0:0:0:0:5
+d.dns.jp.		172800	IN	A	210.138.175.244
+d.dns.jp.		172800	IN	AAAA	2001:240:0:0:0:0:0:53
+e.dns.jp.		172800	IN	A	192.50.43.53
+e.dns.jp.		172800	IN	AAAA	2001:200:c000:0:0:0:0:35
+f.dns.jp.		172800	IN	A	150.100.6.8
+f.dns.jp.		172800	IN	AAAA	2001:2f8:0:100:0:0:0:153
+g.dns.jp.		172800	IN	A	203.119.40.1
+h.dns.jp.		172800	IN	A	161.232.72.25
+h.dns.jp.		172800	IN	AAAA	2a01:8840:1bc:0:0:0:0:25
+jpmorgan.		172800	IN	NS	a.nic.jpmorgan.
+jpmorgan.		172800	IN	NS	b.nic.jpmorgan.
+jpmorgan.		172800	IN	NS	c.nic.jpmorgan.
+jpmorgan.		172800	IN	NS	ns4.dns.nic.jpmorgan.
+jpmorgan.		172800	IN	NS	ns5.dns.nic.jpmorgan.
+jpmorgan.		172800	IN	NS	ns6.dns.nic.jpmorgan.
+jpmorgan.		86400	IN	DS	1816 8 2 E41C95D6A3C09199493BC8A48D9D348B0BBB1D4CC33E9333092A510806A35E88
+jpmorgan.		86400	IN	DS	3652 8 2 EE3004DFA6162785F6C80C697E79D43F8FE436189A5CD880C971D4CC2870B139
+jpmorgan.		86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . V4t9k9vUEpoLncw1l1g4Gd2gZHzk+Cd8SXKCM0LD5p1xM4uL8ZWzuXVrJ0TRB3PiUjn14wOG+QbyBfFYOqS1yxECfx/+GkqgZfe/xGM4iNsgwAC5GZchIwpUrdxEMcKieKKYmT0hocBK6oq46jbh0xwu6JyWxdDvsqKkHecYdvSuoIzF3cFZKfT/5iaGtit6rUvLZPA5k6ekME1gyOWxm/Esu1RhmqZ+HBg/HylVvMTdYPY6Detk0j9phP2Su+uj1GuIQgiTDcUlcuEJWrsbY0+lijOY+wAp7CINqmVlwwfWzfVlkcJ9nFODxssz63jRjSXdYCCs1Z2r5o8cmdv0Pw==
+jpmorgan.		86400	IN	NSEC	jprs. NS DS RRSIG NSEC
+jpmorgan.		86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . dkZBm6ohg03q5WvOrU9wW2/GOzpEO3/cUI6uIqxyHEdxZlT5g5LILHMpKkxRXLJ6uys/euMqoHj6829Kf+ywQDqhWWZZcqr6fP4didygDL1SXybbpNuIi3FPOMjl4UYt+ov/dnjILhWiRpmboGof4/jaB9zYE+rkMBOrkFxE6HLNMl9WFbpVJAES06HtCM7FB4drBvAfoDzdF7rGlzYibS7xUmMcsJ023IAlaoE53t7cnJ7/f/74bbBsDPW/cpane5ldX2XozVqwkU55n4O00A+Dpo5xJZAznoiaaOvlli0p0Hf6ryk5v51MGznNCYtaWCiUmbwer+pTS9beza6l6w==
+a.nic.jpmorgan.		172800	IN	A	37.209.192.9
+a.nic.jpmorgan.		172800	IN	AAAA	2001:dcd:1:0:0:0:0:9
+b.nic.jpmorgan.		172800	IN	A	37.209.194.9
+b.nic.jpmorgan.		172800	IN	AAAA	2001:dcd:2:0:0:0:0:9
+c.nic.jpmorgan.		172800	IN	A	37.209.196.9
+c.nic.jpmorgan.		172800	IN	AAAA	2001:dcd:3:0:0:0:0:9
+ns4.dns.nic.jpmorgan.	172800	IN	A	156.154.156.92
+ns4.dns.nic.jpmorgan.	172800	IN	AAAA	2610:a1:1074:0:0:0:0:5c
+ns5.dns.nic.jpmorgan.	172800	IN	A	156.154.157.92
+ns5.dns.nic.jpmorgan.	172800	IN	AAAA	2610:a1:1075:0:0:0:0:5c
+ns6.dns.nic.jpmorgan.	172800	IN	A	156.154.158.92
+ns6.dns.nic.jpmorgan.	172800	IN	AAAA	2610:a1:1076:0:0:0:0:5c
+jprs.			172800	IN	NS	tld1.nic.jprs.
+jprs.			172800	IN	NS	tld2.nic.jprs.
+jprs.			172800	IN	NS	tld3.nic.jprs.
+jprs.			172800	IN	NS	tld4.nic.jprs.
+jprs.			172800	IN	NS	tld5.nic.jprs.
+jprs.			86400	IN	DS	58219 8 2 978A76DB730F3EA33F8E68179624067461E501E870E2F7168C4C15EB3E1CEDB7
+jprs.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . jwLedQlsKBIfU9IfD/UxMURvqYE5Z6u70BpMqlHrYxz4WxSPL0rgh1rRR0V6JG5BVbQc53l5QJ8AIwnh3UtEVSEh5nj/7hezJJ19woRhDM+FqtwlIvREMk6w7sA+4fHpZk8DHmiPYGdkzwNLFP7dY4sE2ckQfHShHrKcSbvpq5Cr7An+2qtb3J5i0RXuRzQMlwTaHLrX171zDQIpdZm0jZ3uRF3sBT5OYCTCt5xyoRuS+YtaXnmoO7JtWBRRKy/VIA5Ph0qQM/EXW0Qn1I3TwccmdUsaXMB8O0Rh7gp3R5JnlkZz4we+CRD+h1crTlqV2KO4XcGAVIdXYSGVJvF0Zg==
+jprs.			86400	IN	NSEC	juegos. NS DS RRSIG NSEC
+jprs.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . glPrbbQGgobW30/9bJqSffdPHobohky5I/x3KEvaMDgzNl7b65XTVLsAENTWzIB5VurUhhVLT88SubBBRUUusq0m253yi2+JZkEomysYb413y/Ral0hC+o+pbXdU15TLo4+XCnt0sKC5F4k1+zqRsXgbUlXzU4pqPKDh7i9OiWVffj+nYsm74lpsZ/O0vwFjQXOfxCYjZauqbvqtch+oZHx91oI/zla7dCaib3spxPDx+cGNTeeVTXZD64iuKdacjX9At5Yz/dO5dhj91EPGLnQfn403BTntjf2GgJ89LZuFW6dck2jEnuTkwgjc8SRipGpSoTq8LaXWhN8aWZnv7A==
+tld1.nic.jprs.		172800	IN	A	103.47.2.1
+tld1.nic.jprs.		172800	IN	AAAA	2001:dda:0:0:0:0:0:1
+tld2.nic.jprs.		172800	IN	A	117.104.133.16
+tld2.nic.jprs.		172800	IN	AAAA	2001:218:3001:0:0:0:0:1
+tld3.nic.jprs.		172800	IN	A	65.22.40.1
+tld3.nic.jprs.		172800	IN	AAAA	2a01:8840:1ba:0:0:0:0:1
+tld4.nic.jprs.		172800	IN	A	103.198.210.1
+tld4.nic.jprs.		172800	IN	AAAA	2403:2880:0:0:0:0:0:1
+tld5.nic.jprs.		172800	IN	A	65.22.40.129
+tld5.nic.jprs.		172800	IN	AAAA	2a01:8840:1ba:0:0:0:0:129
+juegos.			172800	IN	NS	ns1.uniregistry.net.
+juegos.			172800	IN	NS	ns2.uniregistry.info.
+juegos.			172800	IN	NS	ns3.uniregistry.net.
+juegos.			172800	IN	NS	ns4.uniregistry.info.
+juegos.			86400	IN	DS	29108 13 2 A05CE9AC7DD78B8C400AEE67A0F85D3AA82B99C07745748021A53BC35E9FC0F3
+juegos.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . iy+C8LYQNdRlN70Ef9DWRDjHxU1Uu3vDJxfMe3zuNElIOFzpXFM99Uv3at2WdtjZ3kFzAtpA1M0SjJVHxCcQD61NtTJkb2QEn3p2WbBHrvUFNB8E9D1fi3J1eGUpNE9F74xsUJ5jpKgHoiUvhIcUPjUP4OmxkmpWNJwMHSERvc9zlR0KUmXiQ9dJtlotPHppWj+gVhxzSF8O4LOG2fiQ0GQhrxKvJ8a46XodYjYFIOov45tLHECut1y13NAM2CClDKVJVuRJ/1d96GmCma+m8KfxLeqDclBbfifpOLFyPlcx08JCOosYMALj0Kqs1bEkoZKQ7C2PvzoATjREAYYOlw==
+juegos.			86400	IN	NSEC	juniper. NS DS RRSIG NSEC
+juegos.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . WSOT5PhInfxZLP7MMqETfxYs7XCTxIJfz7AJI/MZOX+L76Do8MXfsZyUN+DgutiQIkb2efoe6mHvoZ9VaFUzKjhfWm4FNS/2Mw1aN+MWcIdr8bdwQI6V5U5OASnaelcJNoxbDlLRK3hkYSSdJPlfR4NnI7G1ZWLRlEl4VaYN6yqWP2+1MW/d8sObBJyzGrrna6xwhJZmNLeutSHPy/sw61A2FRjTfEYGYG9rX337t5XjzLbGvBHRddVsJXJmURQ0QO4EgQLCFx5Wxk942/DLp2NMGd0vAfXGquP/dJdH25Y8bShpFNVrWdW4aPdF09on/m69b7M6TgCrgdGR+MSKWw==
+juniper.		172800	IN	NS	a0.nic.juniper.
+juniper.		172800	IN	NS	a2.nic.juniper.
+juniper.		172800	IN	NS	b0.nic.juniper.
+juniper.		172800	IN	NS	c0.nic.juniper.
+juniper.		86400	IN	DS	49897 8 2 AD81FDD4BF0E52FF057B63957A4EC39FAA26B560D26FFFD730A5B46C92B55610
+juniper.		86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . 1mp4FYCVBBYOS2PUc1nXSBeQEytAp3KCg4DFbBOi3dMmuKFieqmj4XLCw4//S4QYq9zJgactJBmqzlLhgS/Yzp8d2UTRYvK/TcLP+LkA7QGKaryns9J/0aJ7qj0B1JyYjTqweNd9xlXa2/UKkPxjFLVMDwkV+GqbnHGVppTtSUZlscX/wU+Pnp9VXd7TgrvcBOu3FqTev+JJM2c6heUVh4/6ZrWBkLW/t7YIrFjuqvH/V8fOKwgKjVN1xJBDOat+Zd0KZzPeTbE17hu19I26SuT5um6iZKSVpISMPPFziYsjaRXHxpm5FAN0Z0UnnilX6ZGP2+7i94qXjnZDQpikPw==
+juniper.		86400	IN	NSEC	kaufen. NS DS RRSIG NSEC
+juniper.		86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . JAH3dr7Az+fhVAJlBERTN36psu8SaIiB/BhWHJ+EBGQJaJ81bR+6BZKG5wTBsP1QO5WA/X+rM1UI/sUbcI6/KLnqEeazX9NdDFyFd6ubZLyJ08ko+Sh3H8Oqb7YA/fcrWhTXftxVuUHD3GCILMe3ygfqvXrQ2sruynGducck/j3FMAJGiJHK9ETnTpB1P3pxBUm9yeDA6zrBQKmjKPOhg+DBcaGl0/WeBWwjY6InqonLkNEp9XKVfBx83U89QoUD0pbQe2iD2fh/bW/78iR3kH0/qwGNMee9dBC/I5dDCrxrt2sinnkbtqsa6i1BCNuWQUQ/ptX2z7lsU1M6f8pRDQ==
+a0.nic.juniper.		172800	IN	A	65.22.112.52
+a0.nic.juniper.		172800	IN	AAAA	2a01:8840:6e:0:0:0:0:52
+a2.nic.juniper.		172800	IN	A	65.22.115.52
+a2.nic.juniper.		172800	IN	AAAA	2a01:8840:71:0:0:0:0:52
+b0.nic.juniper.		172800	IN	A	65.22.113.52
+b0.nic.juniper.		172800	IN	AAAA	2a01:8840:6f:0:0:0:0:52
+c0.nic.juniper.		172800	IN	A	65.22.114.52
+c0.nic.juniper.		172800	IN	AAAA	2a01:8840:70:0:0:0:0:52
+kaufen.			172800	IN	NS	v0n0.nic.kaufen.
+kaufen.			172800	IN	NS	v0n1.nic.kaufen.
+kaufen.			172800	IN	NS	v0n2.nic.kaufen.
+kaufen.			172800	IN	NS	v0n3.nic.kaufen.
+kaufen.			172800	IN	NS	v2n0.nic.kaufen.
+kaufen.			172800	IN	NS	v2n1.nic.kaufen.
+kaufen.			86400	IN	DS	21757 8 2 08A94D2A8C54C7B7CDEF0B6EC1D550D04110D86B904ACA22327458AE8B2F0E86
+kaufen.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . fAD0QHS1tFv1iHVny0+VU60E6rF1TNOJxV+jXtdFD/TslHwAGTtoyxVnb2/JEbK6vgJntDYNwGPCPL70Uksb9H4u5dLXNpHwQYKaOFjipUaUbZB8u5CM1na42PNFmq7nocHNydaIcOXjhrItR1Nr17afKMg15fHH1GVsyHEbdxGX+2HoctoaoWXf2cZSsD000dXtnN6HJMVddIpi6Ek2VcM0JRqbDAVuHH+dV/JpovfBuUoTZKXUD2Q8jo/sI9s99GDkl7KuAT5yxLSd6bqBCvR4G8A2YzyUk2G3UTxwMJKw1kv8DZI5nnJhJYRkFx/RyeXGTmnTsG42Ol0HuAbkRA==
+kaufen.			86400	IN	NSEC	kddi. NS DS RRSIG NSEC
+kaufen.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . uJSU5b/hF+eXbGgonDPBSkkPN+vzr7A8f4b01ZvyKEqgWwNi9ogLpKXAxIgULS+QNSo9yPR9GKbfWkDovbQVVYOnv+9xKnzEw0sCvvWKp8Tky5XAHhz4JVBVMMLQdrxupIjvv4LhSyuImh0g9uwvcxOIuW0Xm+J6ljHQ8dU6v9vS4GrZawzsdVQMClHLersWFmcubR7WvxeMNsk6RTMu/4LAwEqKhR3CMeFha82KitbmwuTyxa6SOXJQkEJ8uUuxF3iMtOmGDb40TEzwW0eJCjNwity65rQnsXO+6wPKfOuqLp3pPEbJcMk/oPwWGNKj1Nf2Xb+zCW0kyPAwPLd+sw==
+v0n0.nic.kaufen.	172800	IN	A	65.22.32.20
+v0n0.nic.kaufen.	172800	IN	AAAA	2a01:8840:22:0:0:0:0:20
+v0n1.nic.kaufen.	172800	IN	A	65.22.33.20
+v0n1.nic.kaufen.	172800	IN	AAAA	2a01:8840:23:0:0:0:0:20
+v0n2.nic.kaufen.	172800	IN	A	65.22.34.20
+v0n2.nic.kaufen.	172800	IN	AAAA	2a01:8840:24:0:0:0:0:20
+v0n3.nic.kaufen.	172800	IN	A	161.232.16.20
+v0n3.nic.kaufen.	172800	IN	AAAA	2a01:8840:fa:0:0:0:0:20
+v2n0.nic.kaufen.	172800	IN	A	65.22.35.20
+v2n0.nic.kaufen.	172800	IN	AAAA	2a01:8840:25:0:0:0:0:20
+v2n1.nic.kaufen.	172800	IN	A	161.232.17.20
+v2n1.nic.kaufen.	172800	IN	AAAA	2a01:8840:fb:0:0:0:0:20
+kddi.			172800	IN	NS	a.gmoregistry.net.
+kddi.			172800	IN	NS	b.gmoregistry.net.
+kddi.			172800	IN	NS	k.gmoregistry.net.
+kddi.			172800	IN	NS	l.gmoregistry.net.
+kddi.			86400	IN	DS	2134 8 2 871A87191B82D082DF95647615DB803C3CF6E7B80578B018118C2DD27D7FA00B
+kddi.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . yQtUssTyLGf/0+w989FrlYNXjUdNOIhApREfJIY1zoUaUvCZeLKmY8LJ35rGEtfPu49DoCQTsFGHfSIeDcjkTI4w2PZL+r10pAh5+GQPzrGwP0xBRCItpJeJEjIIrMvdAmc4W9j7zgjWvrMcab1QyZ3XHrNIPAwvq1JzgJHS2abMYtK4By8urLan4dWF8rPMb+/DxcX5KkQ7XePHvCBEjiEJ8r8m102QGIAClNsi5+dEjLJvCA1gfrGQEmik+7CmKTn2pM2K+loIDwAC14ZwxRjHFBIy6Xti+cftPXE3oEkzj1l1+JJUo2tE914lnQsWWMknnes52vGvpACAE1qcew==
+kddi.			86400	IN	NSEC	ke. NS DS RRSIG NSEC
+kddi.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . 08n0lpzr1Eat6vvKB+n5RR5lN9K6DFNNaBpdqYt3TF4wX+m96j/K2nNVkJ0zY3LvxPceUyqUxgn8XYG1AQ99Exivjj9Q4WNPz9kGo4WWZzqWIGDAu2s8xSG5Pq9dCmFrRGG8LC56slf8dzY4OKwsfGjc6IiDcG3r2r+aPgOTeTLeQme2stgGOVU7F8JmH0bWoMKN0SiGETa7By0DjrpZpjTdemoU3ABjJrp/X+0xyGGHZvz3LKkXVtEf8/KxbePEwHLuyrGBGV180MHrhNBSz4O5r6E9dVApAYLxTXLkcE52qKnJii7vOti9ntdi3ldBVdwaNpI2o0VtiA0wzPjVsQ==
+ke.			172800	IN	NS	ns.anycast.kenic.or.ke.
+ke.			172800	IN	NS	kenic.anycastdns.cz.
+ke.			172800	IN	NS	mzizi.kenic.or.ke.
+ke.			172800	IN	NS	ns-ke.afrinic.net.
+ke.			172800	IN	NS	ns2ke.dns.business.
+ke.			86400	IN	DS	28886 8 2 19406C149DF3DB23A40A55194B87C7D78C9223427D4602B78B117EF20F072AFD
+ke.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . aZOKhOusc6JYymmWGoZawPQ7qKKavMpQqGumQHFOfSxb5pqSEYQppec209ez1NE/crLFz6Rf6/BhRedLOJ/QSxKmk20Ba34n3vRKh7Q4NOCxgc2g/wb3xl/Ez1uW7dsC77c2fkXNY/ax1p+039+hrCC3ooJTEJh3YjJ6Vy9T2FPhdLZHu+pGIbo0LyMR5c6hkE12F7s887GIysA4jG5n35xaukRhx9RCpU1wpxBnV1Zy/TOIRCIb6tXigagNr0M9s/Utn47Pr9VuSAutDB/bluQw/Fm4mJHmd6voqL1evp6jh3/PVWHMtTGfKZcrtpGnm3x/fV/UPmLfYkwl7pI7Fw==
+ke.			86400	IN	NSEC	kerryhotels. NS DS RRSIG NSEC
+ke.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . IFftmX6hPlNLx375sfZfYDNi3fBTNUxqIGY4sjpaM4PajJokXVS7fh2FrVVRH8MfCQL18A4vmXftvblW36HfQjyhZBd44mkZLZGuzxbiGP4EvwZzjY/V3LJ4WpHGBgHozWsPsbRo36vY2goJQ6HPs7SeaQOkYjT9/o5n9FqFHEMxu9N6SfwrQCDLEtHptJEh88JsUrehgfGnpL8YwaL0HBWDiWPdQzlXyv7vZ4PpPQ11xpzeerqwKfJLJfA9fiD5x8FymMVBp1zqYC0ysDsKow72UIjLWxylWt2iStoR3jOcUsmksG71SxQ+zQojoNBKEcfUw3NdHT/3t0HOd/Ku4w==
+ns.anycast.kenic.or.ke.	172800	IN	A	204.61.216.7
+ns.anycast.kenic.or.ke.	172800	IN	AAAA	2001:500:14:6007:ad:0:0:1
+mzizi.kenic.or.ke.	172800	IN	A	196.1.4.3
+mzizi.kenic.or.ke.	172800	IN	A	196.1.4.130
+mzizi.kenic.or.ke.	172800	IN	A	196.13.202.53
+mzizi.kenic.or.ke.	172800	IN	A	198.32.67.9
+mzizi.kenic.or.ke.	172800	IN	AAAA	2001:43f8:10:0:50c0:a8ff:feee:30
+kerryhotels.		172800	IN	NS	a0.nic.kerryhotels.
+kerryhotels.		172800	IN	NS	a2.nic.kerryhotels.
+kerryhotels.		172800	IN	NS	b0.nic.kerryhotels.
+kerryhotels.		172800	IN	NS	c0.nic.kerryhotels.
+kerryhotels.		86400	IN	DS	59119 8 2 CABC1873EC8BC994E11443766B2EB1E6AAAA0F01CA1472B7FF03C4C7B818838A
+kerryhotels.		86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . KYiQCoG+op+nNFnS3nQaGu1eK7m1C7cqIo2cETXFRsstWHHKqyMP6w8YSJ50ZWNSrmaKtQrIdxKpiBzgUI+Ho0Dp7iDrZsIYusys1gRpntQSwWRRkppULSmA3InuHXb/oxRkPM1WvBDXVTGXpuMRiymhXWZnQsnXXBHGA18mgcIXVwBZ3EA+Bgpg3HLlqbGBXjZVC3C+Y1e0HPXPg6iqdjj27ooTbVMsentyU8CVoWjz6uqa78njE00AAy8kcKW2AOJU9w0rHlAkS8o4fzRlynM2Qt0PnzpOUHQFpDSB/b/AouIP/7mMAXavJlSSkblnKWdApVRzoaLwcaEtJGfE0Q==
+kerryhotels.		86400	IN	NSEC	kerrylogistics. NS DS RRSIG NSEC
+kerryhotels.		86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . 1XL/uIGgOYqouobdGQzz8+E4r1ABBsu2tdsDyecKynDVQup91vjWPBZw/hVyrZ8liq9R7v+TJTh11HZMEepRtgEued7gckb06O+ZbN3NgkiGohHPtLhy0DAOmJ3SROvRG2Yu5KV5nhZ0/T1uYBd/JZ7wW9eUfHkKYIozKyJKh6X05tlRNG5ypBlLo8wcVyVzEOcJiBng+sjn3lo4RPjZshfoA0ldvLbI4SIhE8P89zZaXDOaNRZ46slqndQdW2RxGM7T7Hjl6xUS02ZELej8usOLWE+eG2bPXwhKI9wWU0+p6MUS/ucxxgv5n+cTqZmKBOeXp57qqD7/kroAaAvzrA==
+a0.nic.kerryhotels.	172800	IN	A	65.22.112.53
+a0.nic.kerryhotels.	172800	IN	AAAA	2a01:8840:6e:0:0:0:0:53
+a2.nic.kerryhotels.	172800	IN	A	65.22.115.53
+a2.nic.kerryhotels.	172800	IN	AAAA	2a01:8840:71:0:0:0:0:53
+b0.nic.kerryhotels.	172800	IN	A	65.22.113.53
+b0.nic.kerryhotels.	172800	IN	AAAA	2a01:8840:6f:0:0:0:0:53
+c0.nic.kerryhotels.	172800	IN	A	65.22.114.53
+c0.nic.kerryhotels.	172800	IN	AAAA	2a01:8840:70:0:0:0:0:53
+kerrylogistics.		172800	IN	NS	a0.nic.kerrylogistics.
+kerrylogistics.		172800	IN	NS	a2.nic.kerrylogistics.
+kerrylogistics.		172800	IN	NS	b0.nic.kerrylogistics.
+kerrylogistics.		172800	IN	NS	c0.nic.kerrylogistics.
+kerrylogistics.		86400	IN	DS	3604 8 2 2AE824F545E34C607A660D6EEDBD7D2938EE47BCBCC39CF3D269370C533BBA51
+kerrylogistics.		86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . Nh5lqvsblcc4S8Jgl0WgKJrOW9nb9IMYNm/+NSmVeXqMPIxMCv2L/gInQ7e2drhTBd0SMP5yoPslGpaJG8TRYmnxMZcxLvoYZK8qjzPWmdZ71GJV3/D0pTP8ycUWH1lbShr10iYKpFeWyVleXoNY5VnMUrePGI4sHYnsE+27ErbOYcWZNQyTyCJt8xdoUdwDiAdTOaebCAIVtg+U+mbKoUQCL2G9MsNXuUF5MW5J0hXw6PQFcTppANMSKFXME5UCTyGWxipcAqY6EYt3swpb/rCG//EpREiAsjIfx9I5FQxuxYWBK4Pc4w8ZRUeTCWbR+jYxg1WICiCfTDv/1HyjJQ==
+kerrylogistics.		86400	IN	NSEC	kerryproperties. NS DS RRSIG NSEC
+kerrylogistics.		86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . drtj9Z6f9SYBuH7Ptq1mR16DOIWV09xNKpkK/Waa1MIvcpxS1MbqbVLcOFTKqduVMG3I4j2GxbV1OO8TZERwrDaTPTkZ3NdYAaX8llHvk9acuhYAGAdroLCtZt1IPAdw2MYzq8Gwvq6b6slkoHBCd+O+ExKuno7pN3V+ooCRhljVd0wpNiTpgjehOVPMO7HuKQfxTa3wRSnhfYUc0kHuOWODOvhWc6L9H6jOzWHgZBJAQ1jPCqYHlcnKNUhVioJFVkAE2pKhE+XG+UUOOHws/Jvz2vkeqYds0tcha8uetZv2OXAlsna3QufUBkO6PxeKezf5WU3eba1BTP8T9hqG7Q==
+a0.nic.kerrylogistics.	172800	IN	A	65.22.112.54
+a0.nic.kerrylogistics.	172800	IN	AAAA	2a01:8840:6e:0:0:0:0:54
+a2.nic.kerrylogistics.	172800	IN	A	65.22.115.54
+a2.nic.kerrylogistics.	172800	IN	AAAA	2a01:8840:71:0:0:0:0:54
+b0.nic.kerrylogistics.	172800	IN	A	65.22.113.54
+b0.nic.kerrylogistics.	172800	IN	AAAA	2a01:8840:6f:0:0:0:0:54
+c0.nic.kerrylogistics.	172800	IN	A	65.22.114.54
+c0.nic.kerrylogistics.	172800	IN	AAAA	2a01:8840:70:0:0:0:0:54
+kerryproperties.	172800	IN	NS	a0.nic.kerryproperties.
+kerryproperties.	172800	IN	NS	a2.nic.kerryproperties.
+kerryproperties.	172800	IN	NS	b0.nic.kerryproperties.
+kerryproperties.	172800	IN	NS	c0.nic.kerryproperties.
+kerryproperties.	86400	IN	DS	48565 8 2 98E8C6905DF7915E05A6AF4CF38AD9E4BAD214DFEC3F14D2A62ACA1A1A8C53B2
+kerryproperties.	86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . P4oeu/C68IfZ9Ryjs9xrY9IayE2dncMAH5OPylloHm36q0Y/gGz/KqRw/lWJW4BNqioyccY7d9hmNxmjT3iyuiG0AzbRiKuKQaJfT34PjMixx7wbqVmLKMiGD13QpLTsb6UDjCZzis8Q0uI4sle+69/ymXIyXh/WoB9b+8zl6knAAZgInIiLMfMc4py0MGR5jXEXQM+cHwe+BsBqTPiExB2lVEKq8YZrkPH2lBi8Ktx46qKvH63EuqCjneHN+vIWMB+kvVmbBjK0ffsTMq4S4Y70LkgrLwtnx3ilMV8KHkJavSfzOxULWDK5sfozVSollVAvW5HiSG2dTebDYigyKg==
+kerryproperties.	86400	IN	NSEC	kfh. NS DS RRSIG NSEC
+kerryproperties.	86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . q+f++YtVQiTHVjOCVeHyN4PZd4FCdfNuTDLC956QqzsBtx6XH7f7wCbIKeR4HZy70NUTlCifWML6YEyW4dGa2/qC9FAU1NWgwVYYvwhcs783lzKe5+HY6Ns5e+vVEwL2pmquIAhzTrSHo9Uub80QGBe+secj2CIPX/xOH+mZ+/PbAgX4o4dVysFR0Qo1W3uDZQh4qsGEzAwp+OFyHSP9QairBGUVeamRnszJHN0HL9m5ZvR6mrwaLl9JXh4mGzVyNtwhbaH4QZo9ycN7Z5cP9CippPus6uTZn4NP189ecFCfShpcny20NcnUvoZypXcvyF3tRHdlO2IxvlB8yJbzjg==
+a0.nic.kerryproperties.	172800	IN	A	65.22.112.55
+a0.nic.kerryproperties.	172800	IN	AAAA	2a01:8840:6e:0:0:0:0:55
+a2.nic.kerryproperties.	172800	IN	A	65.22.115.55
+a2.nic.kerryproperties.	172800	IN	AAAA	2a01:8840:71:0:0:0:0:55
+b0.nic.kerryproperties.	172800	IN	A	65.22.113.55
+b0.nic.kerryproperties.	172800	IN	AAAA	2a01:8840:6f:0:0:0:0:55
+c0.nic.kerryproperties.	172800	IN	A	65.22.114.55
+c0.nic.kerryproperties.	172800	IN	AAAA	2a01:8840:70:0:0:0:0:55
+kfh.			172800	IN	NS	a.nic.kfh.
+kfh.			172800	IN	NS	b.nic.kfh.
+kfh.			172800	IN	NS	c.nic.kfh.
+kfh.			172800	IN	NS	d.nic.kfh.
+kfh.			86400	IN	DS	47020 8 1 2FF9A7948808D902D399E6119E3734C64078BA79
+kfh.			86400	IN	DS	47020 8 2 602EE5EB852A6581E8CBDABE8D6685A881CC2783B4DE8D8947393231243B80B2
+kfh.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . g85r4pGEnV0zNPPKcmZVI7zZfMG/4HVHJj2e2RKwiQ8yKzg6KtKd8wrpF+2OU9KcOlEsBlqSw4oSdkXkD2CzzCXtOsoaltDx6y9IFvhIaMaL491e+za3nSfMUo0NzOm6mXeFQ6Z+vLeODfg5pciBwwwJ5qeaom1lI+iCI6zQiIR+iIFFA5v+AXg+uFPRdpQND1zOyt5+OREkBBGWPKF6CENayFraGkOU7zKtTAkmMABSjXa0yn7/UiOetU5QZjYewsA1zOK6eD+A1nmQ/va3gi6HBc4CmK7HPb0XhoqKLLuGWFy/H73qzWgVtdBiwaTGMA2fPWpCCBF/dC9II96Y3w==
+kfh.			86400	IN	NSEC	kg. NS DS RRSIG NSEC
+kfh.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . n/a5bNdi5gl2qsQNrniYIUoxcwg33QgEmsfnlUBJx+nmJqspaxtaozNrIB4+rYxeeXopHwKHKainZ8ZtngvbqC5a5l2VXhPc+y9b8QmpdOrnATW/A7lPefAu1uTyjEeHlpoRy+pB4d1N59Jp9ut2amyVNJgNaM8PATsDKcWaSaZTERkzLBEAQtSBEKtBozM9E1agpl7Vs566Up8Bvzyn9kQEJXVaj8MjsZ9VJNQcbjofmboy6RSo7RqalOS4pYW3n/2jY12t/jloEERIDdQJYwhA8EyaU1rLYSFyEgbgWh6owCW6sg2xJIWiqsTslEUPdy3GPDc6TQImxSqH6tVyBg==
+a.nic.kfh.		172800	IN	A	194.169.218.43
+a.nic.kfh.		172800	IN	AAAA	2001:67c:13cc:0:0:0:1:43
+b.nic.kfh.		172800	IN	A	185.24.64.43
+b.nic.kfh.		172800	IN	AAAA	2a04:2b00:13cc:0:0:0:1:43
+c.nic.kfh.		172800	IN	A	212.18.248.43
+c.nic.kfh.		172800	IN	AAAA	2a04:2b00:13ee:0:0:0:0:43
+d.nic.kfh.		172800	IN	A	212.18.249.43
+d.nic.kfh.		172800	IN	AAAA	2a04:2b00:13ff:0:0:0:0:43
+kg.			172800	IN	NS	kg.cctld.authdns.ripe.net.
+kg.			172800	IN	NS	ns.kg.
+kg.			172800	IN	NS	ns2.kg.
+kg.			86400	IN	DS	45982 8 2 D642AF8C9BB761E035CE77A48750BBAA64B41CFA0799D8D94498CFA335FA1380
+kg.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . gLLk6CfnhfwbMyGwMf56+VvBrR8ikR/mD9fOGbRtNvPDANVUnwxCYQ9izbHy97+Agb+BcjbCgw54p5JwMmHNT8QAU+OsqezxTb9hrAcAsSK1U51sbWhJxAq7bfbDWdrLCoTMAmBtjRH1afj7+cgnx8XwlC1T2Zq2/f4VECP5znuvbG8IW9oFkPl6KGAXp+Zh2FA9tXT6gvqEGTCIqNo7IVzD2fiJqHI2qqyhLatd5siRJT12XIToCxbblyKOm/+ZVYWQqx81+Rs5KZIWu9RFunBkcaXKV4efD5DaYMJtjMZ4DoYGkqCOD9i3k1l9DTZkTITQZsUBWvYCCADLUpDzDA==
+kg.			86400	IN	NSEC	kh. NS DS RRSIG NSEC
+kg.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . NeVGMIvulkdxgK8b/yYoxjLUm9XketjDHjrcPV+szwFkeyYyoI664xyji5mZQC4MZVPCH7Y38H/N5XzU0FwdJFb4JoCKtVLhMlxj5DYgcOIVYqvW3mexPJpFTUwZ+KqJcjyFqTT8xWoeVf50dlesCMW2YZUa/8gef0QX6JP864P1P/YD/kE2rng1SsoQgYN/Rb0iin0u0OOJ46PxPh4oMkQKUq8WEYaZGk/Cl65dUlRQFT5rGLQv5YzuxpudcGneXSjfJaEVrbr0sgt9hJYDBCeU3V/YxNQHAw8599/s2mgQAjvpZ3onSNtOSkN5DFswvlFQXBrY0NK2pptuGRDUEg==
+ns.kg.			172800	IN	A	195.38.160.36
+ns.kg.			172800	IN	AAAA	2a11:a380:0:0:195:38:160:36
+ns2.kg.			172800	IN	A	195.38.160.38
+ns2.kg.			172800	IN	AAAA	2a11:a380:0:0:195:38:160:38
+kh.			172800	IN	NS	ns.camnet.com.kh.
+kh.			172800	IN	NS	ns1.dns.net.kh.
+kh.			172800	IN	NS	ns4.apnic.net.
+kh.			172800	IN	NS	dns1.online.com.kh.
+kh.			86400	IN	NSEC	ki. NS RRSIG NSEC
+kh.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . 0FqsxgR1d+FoTT/UDvqHIaPklth9wMj10SVTCxXuCfUsybIc0nKuQFT/5TGYSp//uEWrqaDMWwNEI90OZnAl8kA8c0bV+f5YFgU87f5bn/7UlZoenTs5CW55j8TRB1vubormUjfmx1NHwLF67lv92d94qJTfC9zdYRZHcGW9cDbvbYAjvQg7g4Bzr4J/7cYx2iNRO/Cj+AXxE/BPWwQTrSw7LGGoP1UCHuC/zLlK8IW7/ywWMv8n0UVrbQHMX4+wqoZJWzj8SXKvLl+15ExfhNbXlGxPcB/qTYixf1p3nvJ9dGfxcEdoJ/viNXDlFa5vspN16lw4KVvNUWwawNEisQ==
+ns.camnet.com.kh.	172800	IN	A	203.223.32.3
+dns1.online.com.kh.	172800	IN	A	203.189.128.1
+ns1.dns.net.kh.		172800	IN	A	203.223.32.21
+ki.			172800	IN	NS	ns.cocca.fr.
+ki.			172800	IN	NS	pch.nic.ki.
+ki.			86400	IN	DS	59540 8 2 FD3B27E5C171B883FE2815DDE7FBBE7F2E5AF826BFF47C33B5970F53E2A855DE
+ki.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . iVImuQGYC+V+SuiJYXC1cTiH3juBP2OmXhHiiyOA6GlevysQ2ItZS7p67hoxFpqeDIDh2taUk5qQ9deIu7AxyRxeMxtHWmB+A516P+KpMaxhNlrjMsV7dmALssHDmN/CxgTWhXYpmsSP5qYTvgUROh+W9VTSlytS0SoJeCekAnRYeLxqe1/KKXojFJo3ja4dR1yefrQbVlXd9kIG6BHeFxTLFT6JibTTi0K937rvXzk89Y3uz5QVm2fRwfCSHr+pLqzbkJonPk2B/R94zuWVnt6caFUAMeRCzOd4cCPB1DMOo54PCYeVGKPad8KxOKbQXDEMwdhIqwKyxwhyUa9rBQ==
+ki.			86400	IN	NSEC	kia. NS DS RRSIG NSEC
+ki.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . nbI6X0+BHkNwXjjmBSo0uKm1Vt7QUAtv89+HbtqjGXUWbRfScDCo130FiK72l6EctTolq6XRy/0EbSa68bhqoRauexuBpGT6RU3HwTB7y1gxmdAJt5hxUq7lSNSNK7XW8KsgbkIXUGsbeg5C/jY+6b+woVOn++zzJnmaRCRk2nI0SqMfQeENQlNZzpeRE0bHJZmPH2Tt5MMbXXpXf97DX/AqEY+9ubouBiYx9sEK4fTGb6awLZsrTC6L2rj4wU4Kyo2D7WuV/IBzfqfFsGCqDwAI3ERrwzljWeoZq/SvonvMv6Aqu/EkIq9cZBdDAa44c/XVELOawWIo3IPrcCEQlA==
+pch.nic.ki.		172800	IN	A	204.61.216.26
+pch.nic.ki.		172800	IN	AAAA	2001:500:14:6026:ad:0:0:1
+kia.			172800	IN	NS	a.gmoregistry.net.
+kia.			172800	IN	NS	b.gmoregistry.net.
+kia.			172800	IN	NS	k.gmoregistry.net.
+kia.			172800	IN	NS	l.gmoregistry.net.
+kia.			86400	IN	DS	2195 8 2 F0E9A6AAF2B84CDD23A98EC5926F0D9F921351207278B1D02EF8067895466377
+kia.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . 0WNeI0A+Am2lppkoFTrfpUclwoTGb+joM7GsRPc1Yj+x5YvlcsuT5QSCFZGyax0VFz1lFjjtJxIjfHDb+JscxK4CDOl3B2Gtpo3ZvSYrX8tXWdYg1fjTLRgBo9wzrJr/KMf18QpGJyZGgx4jdry05exqcbFGg5GNVVT1nq1IUq99qgYvJNdyemZANoroQ2QVhuPvJO3wInXQXHCom6bDUVoeEIuR+Kle5xKETxLfuwq0ww7DV6f/L/g1QNKJ1BUQq9NarKYTmaiQYIyX+s8tOVSP2l8FQpsUtg5BPA5CIYWbAuo2HaTxevEyeyoUA/aEeFrtMcxNOrYt84OwDN6Mkw==
+kia.			86400	IN	NSEC	kids. NS DS RRSIG NSEC
+kia.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . RqCQNXmCPfk+D2OgVsXvr5L0q6wuNXusB874xMLtCMTIAfBxb8Ymi0CJmc3c63XJr1dmTBGMYO8IXrSLQK+ia/GpOmgf2xGcVmmTBNLOnAZVJonTLALEq7LBCnouzjdC7s29nb1HMo+Eb+wKDD8lDqGW+8usMW5uteobeaH+lhMWik6lMCh9Y2aqmyLDuCxn2wnWO5TK5uKfZmuVS+5sjf7BsHBmUUQ/sTVDk1scktqQDoqObjKYvsF0cRWoGJReVuYVSnK8vRBi3BGs1bszbUlOZvLRa77kZ5B1I87H8/XAV/4S1WOwy2hgbWzgnGRhQuuWd1ZoFtTSWNOmYYV3bA==
+kids.			172800	IN	NS	a0.nic.kids.
+kids.			172800	IN	NS	a2.nic.kids.
+kids.			172800	IN	NS	b0.nic.kids.
+kids.			172800	IN	NS	c0.nic.kids.
+kids.			86400	IN	DS	11536 8 2 0ADE57B3836DA5E4CE75AED8A7CD64B58E7D68A813D10CD94453D11F60A3ECEE
+kids.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . OIS0T9v9VneKVH6cphj9Y97roj7niMkfS6+RoVoNfg0huOstRVDhm2w3yKZZUgAYZjfxo/CUKy8GlmErU+hl2cq/3mlTlbty3ww0FaptMKVuh6/h4UHolXxX49t+VtLKoLH4KHAxf8GCEdw+D0Trlo/OVS2veQXNGC7EMDWE+QcsE4D34WS1Oan2XEkJQrTbwBixFBBEn0M2gUO7NZgw51Xsj++1vD2s0vvO/73BOiwfk4Eudxs58BKhq9KDkqgtoIL1cN9uHHG/UJ0/otXM9kASbY/Vnp3XwFfdXcXVmIFcySJ2YOHIKOxSu85hHL6ew2n2QVamR+qtYorIn/ADtw==
+kids.			86400	IN	NSEC	kim. NS DS RRSIG NSEC
+kids.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . TvSQP05ixEgp5LAHvtCvoFIQfTrJiMNpzjEtLhmjkzJoMPFMc5gYo7Lo3qgwfJDDsvPU6FVd2PkFewmX+dMWgaGGR/3Ya6PETfV2SR4ybgYtDwi5yXZ+4a+2G0IwT1ngoWEjXWpKD+rUq5V8e/dZbLeSWxzijJdwHHhQsmUQCSyeOm+ZhF/jLOn1+uR6cKTy9a6FarsfQuEwImbaGl3T6izCZnDPPsmUYc2mYzB4+A6NAJfYTRam+cxRw0etV/IYPYl3CFjSeElMGufr97LXT0491xRlgz88eBOR7cv6jbbFzVpNTE+Vx58Fz2fOLFsLg+ClZ2Pc3PmRjbXASyj9lQ==
+a0.nic.kids.		172800	IN	A	65.22.172.17
+a0.nic.kids.		172800	IN	AAAA	2a01:8840:a6:0:0:0:0:17
+a2.nic.kids.		172800	IN	A	65.22.175.17
+a2.nic.kids.		172800	IN	AAAA	2a01:8840:a9:0:0:0:0:17
+b0.nic.kids.		172800	IN	A	65.22.173.17
+b0.nic.kids.		172800	IN	AAAA	2a01:8840:a7:0:0:0:0:17
+c0.nic.kids.		172800	IN	A	65.22.174.17
+c0.nic.kids.		172800	IN	AAAA	2a01:8840:a8:0:0:0:0:17
+kim.			172800	IN	NS	a0.nic.kim.
+kim.			172800	IN	NS	a2.nic.kim.
+kim.			172800	IN	NS	b0.nic.kim.
+kim.			172800	IN	NS	c0.nic.kim.
+kim.			86400	IN	DS	12277 8 2 BA18A744991A561AB09A464FF96864573DB04FD61A29E9D37F7551989E7E5535
+kim.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . Me439Hen+b4hMpkNlYecFSIaHmStrqXBfXiePdZCq9nydV1SBG1Zxg2Ej8+0wkbHsAABSCTA4x/jgbDosmITBF/eNfkvvwBzi4WHovTLNAXo9D/W3u9eoFG2xrkJlAIfONRPEp8v8fsnSoALQ2NVdVFWQ2erGKkfcXQHc4OjutU+hWpmnqhiKzdtpFGgNYF3QUQ+UjioVWbisIbeS1H9XisQ8PQddZuSMDHiRJO7FNfNUWgSSDNrfvjDE16pqRFKi4oefVCWC0BQ/ZDUcLAArI8Ga1EpdeRSWcGC4CC4wr0iP98ln/Q4f4BhZezn4h5zMYXI7cgrEsNgPKh2c/Hd6Q==
+kim.			86400	IN	NSEC	kindle. NS DS RRSIG NSEC
+kim.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . EY7DH/3VhFpX5Aq3Vm8hkHSi4XW6PP/qT8euZcLFDLKAvxDDS6ETnulESLSAtqQsr7rfa2iEXIi74pgLLunpIq1KuR/vqCLM3kTrZYDsWPgkIZ6wXVTIHg4Z0CuHXTIf6x0OspkSNlEjSkWPiOoqbXpkW5nt6+0bfFJMlu5GtGC8DhsjrndcWwDjAcbg+Kb4cXpTtiteNy8ayi+HQ/MQssIV2zOFnnFrt6sKIYEmTNFDcoPGCyG9B+ERWgOhotZ7ZI+PR36FgGjOhijpd7rDznlLsAv0Nmnqq+UzsWU1x3ZzY+ZmFnJAMCiVNx0rDU6VtHLBOGeGfWAZvU/tN2znCQ==
+a0.nic.kim.		172800	IN	A	65.22.28.1
+a0.nic.kim.		172800	IN	AAAA	2a01:8840:1e:0:0:0:0:1
+a2.nic.kim.		172800	IN	A	65.22.31.1
+a2.nic.kim.		172800	IN	AAAA	2a01:8840:21:0:0:0:0:1
+b0.nic.kim.		172800	IN	A	65.22.29.1
+b0.nic.kim.		172800	IN	AAAA	2a01:8840:1f:0:0:0:0:1
+c0.nic.kim.		172800	IN	A	65.22.30.1
+c0.nic.kim.		172800	IN	AAAA	2a01:8840:20:0:0:0:0:1
+kindle.			172800	IN	NS	dns1.nic.kindle.
+kindle.			172800	IN	NS	dns2.nic.kindle.
+kindle.			172800	IN	NS	dns3.nic.kindle.
+kindle.			172800	IN	NS	dns4.nic.kindle.
+kindle.			172800	IN	NS	dnsa.nic.kindle.
+kindle.			172800	IN	NS	dnsb.nic.kindle.
+kindle.			172800	IN	NS	dnsc.nic.kindle.
+kindle.			172800	IN	NS	dnsd.nic.kindle.
+kindle.			86400	IN	DS	29776 8 2 BFD30BF5A3A6DA5808BB6780E6CBEC1CC929445AF65E949B31A9E5BDC3003066
+kindle.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . ItgiNKRKEd9pl6F//MNBmcuO0Bq7Iq7esiZ8dd1qJQxdU0rFM3g2Qqfux0r9Zf45fOvzlPJz1wPA8oBRqBBsK7qCTQPoq4QywoXuN1QHhZGCgbHk4tZK35xQaVtgh4R53N903IgCmNArsIUYjHaJlMGdD081tYl3Zk1tbCQ1LweAucwXKmKvg52ekVS08dJROr3EJlrQc+ksIAEAnBsrw7sQ7ChkOEGQgSzLd9AnfZBCFouU2CVCziqwCq10RhZWP5i9NccHRZ1ENBLQPJmbWn+rx9kKN3bys0kTI1Q17Lqqje2AvJFHUBCPR4SOFGdUPODnhjvIY2FrftSmcCRHLQ==
+kindle.			86400	IN	NSEC	kitchen. NS DS RRSIG NSEC
+kindle.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . hIEpHE41ocZ82q6wn48v/S63iSS3L6a08Gl6Y2lH9Pc1bLDSOasp0E012JXtdjA9C68y+9XjmhZ7ds0YGKzkVjY29EcxAcIXUfNP7UScP4Os3KfmDL3JUnihPrOfFZSesJTYFG8NVGMLxApL0kAaAyNDUJpO6zbvwdB/f7arjAWhTJl3+v2yOH7CZVMFCYm7zjK0CqqcJdMbu5xXBD2csx4VAzXe+1NBUfI5RpPEeIBfEGMr0rG09R9zc2IvTkOO2S998/z+GVTI8rf2aMD63HVBMMOAQnyut/qYxopwMXH0Rr+ji6Ji0BcixuK9K1N0bM889GtFaYzSGXsLsI3r6A==
+dns1.nic.kindle.	172800	IN	A	213.248.218.58
+dns1.nic.kindle.	172800	IN	AAAA	2a01:618:402:0:0:0:0:58
+dns2.nic.kindle.	172800	IN	A	103.49.82.58
+dns2.nic.kindle.	172800	IN	AAAA	2401:fd80:402:0:0:0:0:58
+dns3.nic.kindle.	172800	IN	A	213.248.222.58
+dns3.nic.kindle.	172800	IN	AAAA	2a01:618:406:0:0:0:0:58
+dns4.nic.kindle.	172800	IN	A	43.230.50.58
+dns4.nic.kindle.	172800	IN	AAAA	2401:fd80:406:0:0:0:0:58
+dnsa.nic.kindle.	172800	IN	A	156.154.100.3
+dnsa.nic.kindle.	172800	IN	AAAA	2001:502:ad09:0:0:0:0:3
+dnsb.nic.kindle.	172800	IN	A	156.154.101.3
+dnsb.nic.kindle.	172800	IN	AAAA	2001:502:2eda:0:0:0:0:3
+dnsc.nic.kindle.	172800	IN	A	156.154.102.3
+dnsc.nic.kindle.	172800	IN	AAAA	2610:a1:1009:0:0:0:0:3
+dnsd.nic.kindle.	172800	IN	A	156.154.103.3
+dnsd.nic.kindle.	172800	IN	AAAA	2610:a1:1010:0:0:0:0:3
+kitchen.		172800	IN	NS	v0n0.nic.kitchen.
+kitchen.		172800	IN	NS	v0n1.nic.kitchen.
+kitchen.		172800	IN	NS	v0n2.nic.kitchen.
+kitchen.		172800	IN	NS	v0n3.nic.kitchen.
+kitchen.		172800	IN	NS	v2n0.nic.kitchen.
+kitchen.		172800	IN	NS	v2n1.nic.kitchen.
+kitchen.		86400	IN	DS	47935 8 2 7F36F037E4BD2B909479811F3B3AD76C00DB04F1F7F6476D00483D653B744CA4
+kitchen.		86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . 1sW9Z+uglndG4pWgoJHghsCkJlP9DEMLjsQKKaZDtIUMIah53J/XEBLLsACTDdYPL95MGOf5i6zLD0YoAbwuaS6kC6SGxYmTdMtY/XmvyfUYstDCqakAr5sO1XcHzr3bB3S0uwUH01HoQTSF8emsXroztlYmGVP1wocKFGQsLAc1ynyrZYr0/fn2Mg+WCdD3z8Jqb7xjCISDxqEJ51QjgKwZQcl5U0a64VjnFvEa3sQy/q5yELI0aG7i4mkNMFdG3bwCcsj0AtR7bLtuC/dtyaKVFoVpzX0hcu6rPcIAXAXKgmUxf+7LxZEyOs1C1DcERJq5dNw6c4jWBVbfTZcMjw==
+kitchen.		86400	IN	NSEC	kiwi. NS DS RRSIG NSEC
+kitchen.		86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . hjKzGnvFaqtlwhB8w1RTbrR/+goQQaWU/pYlrI0AT/0nfK+UHKfVIKSKClyMG/dsydbbSa6ZCh2d40Vm5+uekbe90u8D6tTFqbCbQW9XPoaMl+T4YmA2EX/TEtGThJqwZhtlfT17TtOZ13vHQ3GJXoOCzcYNq2QrBbImaw9+j/+hrGfKO0egB3Yq+B2uwlcezdHg7aPndkuRIIF9BPYhdtPaVrSlzkMd85VpUieKDb49xA2phyaEss32/upfhFHMBcote/D83osctguB10WZVMpfrvS26Fala/fKbv0H3xv6TtBS5VcX1BPHoM0LK5HymS6+n4uOiG4JfBLOpGOWBw==
+v0n0.nic.kitchen.	172800	IN	A	65.22.32.17
+v0n0.nic.kitchen.	172800	IN	AAAA	2a01:8840:22:0:0:0:0:17
+v0n1.nic.kitchen.	172800	IN	A	65.22.33.17
+v0n1.nic.kitchen.	172800	IN	AAAA	2a01:8840:23:0:0:0:0:17
+v0n2.nic.kitchen.	172800	IN	A	65.22.34.17
+v0n2.nic.kitchen.	172800	IN	AAAA	2a01:8840:24:0:0:0:0:17
+v0n3.nic.kitchen.	172800	IN	A	161.232.16.17
+v0n3.nic.kitchen.	172800	IN	AAAA	2a01:8840:fa:0:0:0:0:17
+v2n0.nic.kitchen.	172800	IN	A	65.22.35.17
+v2n0.nic.kitchen.	172800	IN	AAAA	2a01:8840:25:0:0:0:0:17
+v2n1.nic.kitchen.	172800	IN	A	161.232.17.17
+v2n1.nic.kitchen.	172800	IN	AAAA	2a01:8840:fb:0:0:0:0:17
+kiwi.			172800	IN	NS	a.ns.nic.kiwi.
+kiwi.			172800	IN	NS	b.ns.nic.kiwi.
+kiwi.			86400	IN	DS	28462 8 2 A1C28EF63FE4B2CA5DE823951A0A0EDF27F73601ECA4371DA74B600190846F7D
+kiwi.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . bN2U0bxvl3QZzwPU/iwXKMsAtEoM97jc42+rtomZRER8zxcgzKJux3T+ZMd705MKrfZulbNCwpYhzL+1Xjr7hRViSrfigR+df+i/bM0NOjKA9EEnz5/IE3i5stE7OokSIIsiP0HRddbiKk21/1bRgVnP3uIDeGJ3VldwifIzU1ZgHKYF8KnR5UGRBZjX8tvXTzqIYSyCSLraUVeuR8EUaBlTIVD+rzMrniylwUrG6ANb1h0dKA/b+5Rz8Q8dZSppK7EJ8XEpIc5gaVlceuuLPF7pTlCNw5Mk+RxfzuarF/eoq90zB0iNSpOmgj3zX6sc+4NOgq8+mQXuySFmx+4cWw==
+kiwi.			86400	IN	NSEC	km. NS DS RRSIG NSEC
+kiwi.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . fSMyyEjd8qPZvGoi5946lmAipTgXJCc2mUZmmWEMtvtNv0vzfLygkSQEEsX9ZyJcA2NGB7FsLWfHq28gLs+YV/fSNzVS3xJR1qmKZjRZqsNClSP67HcIBEmaKbPpBdzKMAFakzLqXRn5Ix3RHtnMIAUI7yumZXbYGj8690O2Q2DatlzcBBaHnOmsEzV9Dqc6LCVW1XoUsnUNfE+x7h0EhzQq+ch69E44ZigiEPBJNkndKWXkbmhha8+ItKOp1x3XwUft30MdU3jThHJSFp/fhCwdCCm7SP8nd431k3sMBcvgcSbPQ0yy0Nb4caeOljF7ZzhliM++N8BFkB51ueI1Fg==
+a.ns.nic.kiwi.		172800	IN	A	185.159.197.1
+a.ns.nic.kiwi.		172800	IN	AAAA	2620:10a:80aa:0:0:0:0:1
+b.ns.nic.kiwi.		172800	IN	A	185.159.198.1
+b.ns.nic.kiwi.		172800	IN	AAAA	2620:10a:80ab:0:0:0:0:1
+km.			172800	IN	NS	dns1.nic.km.
+km.			172800	IN	NS	dns2.nic.km.
+km.			172800	IN	NS	ns-km.afrinic.net.
+km.			86400	IN	NSEC	kn. NS RRSIG NSEC
+km.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . l9dzJEGE49xt5aVnT05aHjvw//vH/uol5GjQQ5QHHD8w0l9OhXbCLgn7nUaF60ixYDDpw5MoMO7RWDwjr32YHi30bx2ntWuW9pG5LbpVPju1WSjHpcsCGgwb2SJ4oRbHwPLB/vUBAOSG36Qni6+aPDr9V/D6rbxvPrqaqdobBtlFnY8mqG8E3oYSokXt1pubDSrUsMsxcFBJ/6YWvtepMnAY8lLrzFFRHjMaEfp3zjBjbM1IUM9ZeUFgbGkIwp+ia5oF3WNj8mOHsI2m+H0KgtSHAS+39d21yMKOxGcnBAj2kwl1/L8h0J8rXRy6kHmYfbDQlCc4Km6W3kfsOL6vWg==
+dns1.nic.km.		172800	IN	A	197.255.224.18
+dns2.nic.km.		172800	IN	A	197.255.224.66
+kn.			172800	IN	NS	ns1.anycastdns.cz.
+kn.			172800	IN	NS	ns2.anycastdns.cz.
+kn.			172800	IN	NS	pch.nic.kn.
+kn.			86400	IN	NSEC	koeln. NS RRSIG NSEC
+kn.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . oMgyBPhc+En28l9RCsq77qsM31hiVKDnei9+7pTG5Xj3439SIwkZ1lPSKUG19v689KzHDI2N7dWC2ovti94WTFaQM2f0qRO66zZyudMlPMQ8BXWmZ32vkH3Yu3wj0HNCfWiDiohRGHXdOXhwABeer7gChl1vhjzOO69xN65WFp+raa/bQFxs/gaJitGUFqDb6y6OXBaYIO1+kygBPoAmXI8K0W0ov5OGuHJbl1Nw6mUUG8Alyn/EVizYu8yj1rYCMGU2tuQQilHRPEyYZP0duWHyiHJFPcIWzF0FOJbpHDKUCIVsqG4GluCjKEntPuD/ssv0OFKokH4Uv8bYlxUJ9Q==
+pch.nic.kn.		172800	IN	A	204.61.216.109
+pch.nic.kn.		172800	IN	AAAA	2001:500:14:6109:ad:0:0:1
+koeln.			172800	IN	NS	dns.ryce-rsp.com.
+koeln.			172800	IN	NS	ns1.dns.business.
+koeln.			172800	IN	NS	ns1.ryce-rsp.com.
+koeln.			86400	IN	DS	48568 10 2 0D64B2D9B1A06897BB24383F1200BCA0E4F4307AA18A9DFAAC28163111F95B44
+koeln.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . Ce9U4i9yPoludsZjnD1LHdiq1cbcEQHBPTLKZlFNhDubLOnFxxgbVUpz6kSDGtcFPU85ndkFfnnAGRl/Gf7LMgxj+ePe1DudN0SWAFYKcHVbjXLw7KdZNqBmEptBj0APtoW+D7cTVAPgjSlsDwtWmA78hUy4ROLfw5Z9rszn/MfySAEfS/XActA8OoC5XwDIA1pND/a5gG1iHvUmBrfXT9Lfm0DblIlOCmfj+615gQpX1ob3cwDiR+aQN2dRhGzfhJjG8JQxvxU6g3R82Ny16DpWPvX4DrzYlCS2HIU62u8ZT8lNeR3lRX9SNIeXbS27c2zcPCxsjS3e0z/+sYinAA==
+koeln.			86400	IN	NSEC	komatsu. NS DS RRSIG NSEC
+koeln.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . ebUjMEUpr8PJAlLOJrwKm4t/XmTL01DNAALJgkjp2IgpojL7keeUnvCHjZ7nskQ8vYys0euDpSYZnWQdLe/V8WrJvbpPuFE9So7EnsS7H7odCqV7a0aI9U8NnZePA3WUcItucj5KAlvFe0OOR765bpfzw+JQoqVpgK8mXkrDS4VpL8M9KfBVjpFOoTKcP+EheMBSidFU02mRX/cGtALxsM4dP9L7yeZ9fxWKcDc6FnhxAV9Ma7fPVctNkBxaDUJKhEDhTIVhpi4Wr4/o+n+5jTopfH19qnXbHPXkSV/dn1HgLtodD6swGgrZpv+Y8FXon3O2RhD91F27GgDMaeZr2Q==
+komatsu.		172800	IN	NS	a.gmoregistry.net.
+komatsu.		172800	IN	NS	b.gmoregistry.net.
+komatsu.		172800	IN	NS	k.gmoregistry.net.
+komatsu.		172800	IN	NS	l.gmoregistry.net.
+komatsu.		86400	IN	DS	11065 8 2 2BAD7D0A51246FEF1F7924DA2D095396B030D518F3E6FB791299B4618EF8B2FC
+komatsu.		86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . UNvxOQSBgWwlAuGVoilSDTCjLOiRxj92R3j4yy+JHM2Jht00gAd34chwI8ZsNIR+Syu1QXFjpdzrW4mne7yuSX4SYHYzh2LM5yaGsR5kdvh6+Jz8XEqRcV0o64SzeqygW0/UAjfcgOU32/nFgBkEpxBBpTb+0QpMPG+xBSLa4BZ1MeMWoPbz8GbCmkI/mf91GP6jTl63XjQ2sHNgCkuwUtdYrIsYGgPtJd8er1fyAXwse+DNq23eTyuW8pQTWN0jTaIpmMWaixFpqD/6B3w+EH/ERwvK0kJiBkxeeXB9bYmJp9g3uQ54EgcyYUk4ec4+jWYS9pojQxxpOCR8/bSZJg==
+komatsu.		86400	IN	NSEC	kosher. NS DS RRSIG NSEC
+komatsu.		86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . HvbX1o+lHtqa45XvGso562YOZ1U+ZwYoxVDiKLQPJSis1SkiuVf1cbXDUQ2s3iDmCPIc5HU2uwUECvjAQutX5O6sOEMeRMmivFU917YHMjj8xJ8I6vo8EsFRribyZru5fHhQS20kLTfwVFvz2r8kW4JATE4/Wsk4B5FiHZ4dlGbO1n30w+zsFSH5Ps036cBrPvwNhc1Y3ZlpkJg4AV/SswNUORR6L0bSRr+iU6/dgGwIfSta+y5+QWnEQEDNi8DBNmkqHr/sntSOUfbiFF0t4nVQqrr5xlrQEuNxNqe0MYvZCNxh+l7JjLFGAjbKi05w7HNnRI3lezqXMRS0hWR3pw==
+kosher.			172800	IN	NS	a0.nic.kosher.
+kosher.			172800	IN	NS	a2.nic.kosher.
+kosher.			172800	IN	NS	b0.nic.kosher.
+kosher.			172800	IN	NS	c0.nic.kosher.
+kosher.			86400	IN	DS	24490 8 2 C4A550145923C0F5EF17F8D247E1E1B1E11DE20B1CAF26605DB23D4E6A5010A4
+kosher.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . XVquIvBqT0kJ0jwODxszZFf4dHzVnjkh+xlN15xVldwXYag0CmVZeFCF3JEasycsBZ/taa1bga2HGmKraK+S66e8v0YT3bYDAi//G5qnUqohrtY6pfBgE6KQY1jNc7JzdYfna4HV4tMWzCzi3VTrsA0KnVP67y1ONTxT0r+pzTMXqu2fGwp9LdxLlKfbyBF5VnUc5aRnxD9VMyZfpKdP+PLaICWepbtp/crt0gU9+BO5D+XUZ9hvYC7l+dxqh/GOVDCcptTNOquaAxc6iurfxUXL9uoxJHflj8KZ3IlpQAlt83XGuU9imFNYwUOGc2oa6QbzvLN2Mq9P1eImlgqZJA==
+kosher.			86400	IN	NSEC	kp. NS DS RRSIG NSEC
+kosher.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . Z0OcrlInaFqqOnU1oBB2+/XfvaNUexcfy4G87/KrmW5422h1VrG/tnVlNJ8UB9p4EE6YFgXEUejTFtZ4t3PIWNQ3WAR5509F8BqEnjaHdBaES6DoS/zXxIAtrjZ6wVZJy7y32OQh1L5Y9tPFZkXqj81mMDDhEfPH5O4Tw+A48Y6eeTP3SpMSdvYLSsr1pVyPz1MmImPpp4ZldXWkJE2luLjtdJNnKrulImS/hffihHz89peYN2WWVYh4hqc4bnzVNM7AgFOgmalHO5sLI1OPii9uWYiDIAU+PgrAR/lWgRD3VygMgaEEdYYq3Y4PmOtLpbHlGf7dXG/yzU1dWXqb6w==
+a0.nic.kosher.		172800	IN	A	65.22.220.1
+a0.nic.kosher.		172800	IN	AAAA	2a01:8840:d6:0:0:0:0:1
+a2.nic.kosher.		172800	IN	A	65.22.223.1
+a2.nic.kosher.		172800	IN	AAAA	2a01:8840:d9:0:0:0:0:1
+b0.nic.kosher.		172800	IN	A	65.22.221.1
+b0.nic.kosher.		172800	IN	AAAA	2a01:8840:d7:0:0:0:0:1
+c0.nic.kosher.		172800	IN	A	65.22.222.1
+c0.nic.kosher.		172800	IN	AAAA	2a01:8840:d8:0:0:0:0:1
+kp.			172800	IN	NS	ns1.kptc.kp.
+kp.			172800	IN	NS	ns2.kptc.kp.
+kp.			86400	IN	NSEC	kpmg. NS RRSIG NSEC
+kp.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . jNKFk8t1uIggE4/8hBNkvflYRKJS7pemUbhlI3QoUlpz+9mhtkOZdCQWXWE8Rb9sYay7eqHjFPEQEMNhopnZh5Pk7jcbS55WQSZ33UKSEF7uQzcGG9ufgTAE+E0LHJ4hrF62tqnq4q+E1bvyU4on5HzJkedIfZiJUJgFmoqms9LNBYWCYeUat7dBrWvHG5KShl/aOui43UEa7prJwFfgmz40CvZQYM2/Qx0T5ywZGC4NkzsRxclzFbpRnKm5nHjSSObP3V8keKYpQbPscJzOCUWZ4hzPlSxdHaFvoy0zvlG7XbfVcyVSfTf3eh7w1SUdtBNbiHuznVWdLL9es5HBKQ==
+ns1.kptc.kp.		172800	IN	A	175.45.176.15
+ns2.kptc.kp.		172800	IN	A	175.45.176.16
+kpmg.			172800	IN	NS	a.nic.kpmg.
+kpmg.			172800	IN	NS	b.nic.kpmg.
+kpmg.			172800	IN	NS	c.nic.kpmg.
+kpmg.			172800	IN	NS	ns1.dns.nic.kpmg.
+kpmg.			172800	IN	NS	ns2.dns.nic.kpmg.
+kpmg.			172800	IN	NS	ns3.dns.nic.kpmg.
+kpmg.			86400	IN	DS	35407 8 2 9FAA34C98DC55567CDB910E3D068D6E6ADC6646AE8E1085678D41498C0DF9D42
+kpmg.			86400	IN	DS	48439 8 2 EBA8341EF02C15F59E27E356E637D8DC8C50A0989F015809AD057410663A02D8
+kpmg.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . kPei5jxbWYMRh+MducAMw4o9huYeC40FTI4a+5AMJz6J+Bb8ayfM5QyhD4k9ivDOEeMBkJ56xGpeS/ld2SJtvWZjBcX8GLxBJfiYw4wy961ZpmkI1YWxQMtzsw9qt0ChiIBiqB9JrfEbt3wAY1hEFFv+xyk5wkq6me6J7H9JUyRc+eVF3jEJVTSGfgOEIiLVhlIifm1gY7WWqg5lY5psw/ZM9SeIogXShzSAXu+GpYRpPX+fnPw+YJ6HPs8SmZMLh4C1mTTdrsrF9tIWyOJbq4irPxx+MZXquQjmo72x8OEgb62ivQA/P/0hWH8tshuaujCeLDjPJN1oAliazWfe1Q==
+kpmg.			86400	IN	NSEC	kpn. NS DS RRSIG NSEC
+kpmg.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . HnugGh6BSQ/vTufAbDr3o4lRX0P8i794WVZnKvR6H055EHrj/HXKBTS++pRwr2DrZwbnxfaQ4vS3qkDYBPf6M8roxy2vsoGjtdJfLQjwUiYzq2mXAGtjQMWCK7q5T9E/CdZV1Gjfe0R6QnOS/1tdbyCT3YoMMwruIR0BF/Mnv3lDJefFdjtkFZ03MjGfgcy/dWrCMQKzmKrsDozKslZ12cOffPFbMt+tl71OLNlQSwVjWvt6v7bWYGNdEsA1R87UbUJsdSdexe9q432Bk/FXshNCOF1w8e0i2YKUO3W/QiuwBLSLchO+f7uQ06xKcgKQzbgrFmCdLz1eX4g/TRaX9w==
+a.nic.kpmg.		172800	IN	A	37.209.192.9
+a.nic.kpmg.		172800	IN	AAAA	2001:dcd:1:0:0:0:0:9
+b.nic.kpmg.		172800	IN	A	37.209.194.9
+b.nic.kpmg.		172800	IN	AAAA	2001:dcd:2:0:0:0:0:9
+c.nic.kpmg.		172800	IN	A	37.209.196.9
+c.nic.kpmg.		172800	IN	AAAA	2001:dcd:3:0:0:0:0:9
+ns1.dns.nic.kpmg.	172800	IN	A	156.154.144.98
+ns1.dns.nic.kpmg.	172800	IN	AAAA	2610:a1:1071:0:0:0:0:62
+ns2.dns.nic.kpmg.	172800	IN	A	156.154.145.98
+ns2.dns.nic.kpmg.	172800	IN	AAAA	2610:a1:1072:0:0:0:0:62
+ns3.dns.nic.kpmg.	172800	IN	A	156.154.159.98
+ns3.dns.nic.kpmg.	172800	IN	AAAA	2610:a1:1073:0:0:0:0:62
+kpn.			172800	IN	NS	a.nic.kpn.
+kpn.			172800	IN	NS	b.nic.kpn.
+kpn.			172800	IN	NS	c.nic.kpn.
+kpn.			172800	IN	NS	d.nic.kpn.
+kpn.			86400	IN	DS	10051 7 2 F265871198C769849F8ACF952F01FCD412C9B3DC5DBF8FCA98911D5052C0A240
+kpn.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . GTY75Nxt9ORjgW2dAQmXtypz6mfR5ZaO83mYbjzH55aX6l19CnzrOai5dYnLqAezoKSel/VPOb27aOV9/tGqB+VB1jPMlQQvGnfiKfDcBoO7qMLzTAi6WYxXiH8L6x9boA0j/Le15MW1bel70NnSzn639a5EcFBOFOnO55ibodCamVJjljo1I35yug3FeVmPZp4ZKXeJra8zvQASNtajKvNjFgQTQIv7S2oMAx/KYbe8H6imqSVGGMfNJtn8NOJlf2T5we3mAE9/cfIj+ATBVW8splYni/ZytbgQEH2iqjAz5kDQyGBrDgWK9mkRotVsua8xi8kGyDm1kDC7f+z99g==
+kpn.			86400	IN	NSEC	kr. NS DS RRSIG NSEC
+kpn.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . gCTDYRdB7+gKhi3Q50wSDFZuDGLOIFnmGZwZlYDgM9FW3vybGrhcL3pFL8rfClQfGGPE1y3N/Ac0vzs4jE4Re7q7n0JnIVBchRFLdrTpMoOL3jYONREzQ7G3MmrAGZbDNG+UHjzoBYOyxiAzxy4/KscvmbVPtYele9qkkYDLYPhbuARv5P0sCIbUF3eWXAUV7JzaI4XuMawfPBfiVx2gXDlKVF2CIMTuH/kuzb40DXbh+SWPRzQMXD/U3TIHudBzSR+t3FuGtYkwaUqtJmEvBr3nnr79buTkKl4J/5a2FFcnU++GCRUyrxnbNJNRSqf8HHXh45z3B01cS/vy3E9a8Q==
+a.nic.kpn.		172800	IN	A	194.169.218.90
+a.nic.kpn.		172800	IN	AAAA	2001:67c:13cc:0:0:0:1:90
+b.nic.kpn.		172800	IN	A	185.24.64.90
+b.nic.kpn.		172800	IN	AAAA	2a04:2b00:13cc:0:0:0:1:90
+c.nic.kpn.		172800	IN	A	212.18.248.90
+c.nic.kpn.		172800	IN	AAAA	2a04:2b00:13ee:0:0:0:0:90
+d.nic.kpn.		172800	IN	A	212.18.249.90
+d.nic.kpn.		172800	IN	AAAA	2a04:2b00:13ff:0:0:0:0:90
+kr.			172800	IN	NS	b.dns.kr.
+kr.			172800	IN	NS	c.dns.kr.
+kr.			172800	IN	NS	d.dns.kr.
+kr.			172800	IN	NS	e.dns.kr.
+kr.			172800	IN	NS	f.dns.kr.
+kr.			172800	IN	NS	g.dns.kr.
+kr.			86400	IN	DS	61615 8 2 ED570AADC88713CE2775FB8AFFB2AD782D056EA21D0677E147F2FB7BF54404DA
+kr.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . SLx2OHO58NvDFPzBORERhqeSAP8NXioAIq/LZZnHLRGVW4RZUGZVCSm5RY0pHj9xvIwOYkRHjIL1sEsAJpjRE0CWGM+npxu4K82aST6nlo/kNCS57LPmjPtms6ettLarv2cmYogynyXCPQf4RNn1Nc/7w5V+o2dD7g3EVb/4i5tBwGsJWrGE+3mHZeaTuq+dM+JhWC1ryh9X/lJbDYL+OqXpyemNLQy/9rYIBD1e2tJ3+CbyLe/WppfOlGRvw4+N2AClTT52DNbKJWnsMZ0Vw2p1ZpXOKi+ZTLp4Ei/aTma/x3YJE9s/9v7eITmsXgaXZ26YZsYNU4izs1ZhRD+smQ==
+kr.			86400	IN	NSEC	krd. NS DS RRSIG NSEC
+kr.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . SNbmLZPY2HII7VJErbEwEmORqaLpfBqPU7N/DAgSG27gkq8eQTdMvjrRwNIFuzpN5fKcMqDgV78yRNnlISu9zatS5FWvodTFfJHJYePDHsUq2QlNSBSBG1nqTu4WedrfGpNE1oXztj5eDnFWcYo4njRsYqA0dFNQMyRx2EMARYjjpTNsMSh3bOHgBza6iLh8q0PzWM5JONHpTcFucZb8WQYPKYXc8iJxSRtecSGh1eCzf8s5CUa6DPAi6gVo5KbyKwZZczGUXx069Q/o6LeHqtddlv/PcADMKJKMv09pVG3ubyDTm/MmUBlw6YSg+Iu26KQXJEzlsAsuq7ODpOVveQ==
+b.dns.kr.		172800	IN	A	210.101.60.1
+c.dns.kr.		172800	IN	A	210.101.61.1
+d.dns.kr.		172800	IN	A	203.83.159.1
+d.dns.kr.		172800	IN	AAAA	2001:dcc:4:0:0:0:0:1
+e.dns.kr.		172800	IN	A	202.30.124.100
+e.dns.kr.		172800	IN	AAAA	2001:dcc:5:0:0:0:0:100
+f.dns.kr.		172800	IN	A	210.101.62.1
+f.dns.kr.		172800	IN	AAAA	2001:dcc:6:0:0:0:0:1
+g.dns.kr.		172800	IN	A	202.31.190.1
+g.dns.kr.		172800	IN	AAAA	2001:dc5:a:0:0:0:0:1
+krd.			172800	IN	NS	a.nic.krd.
+krd.			172800	IN	NS	b.nic.krd.
+krd.			172800	IN	NS	c.nic.krd.
+krd.			172800	IN	NS	x.nic.krd.
+krd.			172800	IN	NS	y.nic.krd.
+krd.			172800	IN	NS	z.nic.krd.
+krd.			86400	IN	DS	16384 8 2 C87C87E976D19AFD0CB934B7AAC7F85BB0E327D4D63931604F7FF495D0BB1E61
+krd.			86400	IN	DS	62344 8 2 5A1637513252BE2E160BAFA8E86C853914D8418598064DC8A9E23A6CA266BEDD
+krd.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . fKyBss+YgJw1OVLVYrM35ImuDnROczu1JUfr9USKqW8aNzYhnccqW7CfBVYRuE7xRkRmGj7lajORr5bgFKLQ4PxVYed5L2fuN2uEV+SVY/OjCVdfmzarnAG7JB1XQnnedbNUFqk15JlHPf5QFbk9SkTIfAkv+nTzYuk8fvaLsjI/PVYaBer9f/qBgQL1s7lRhYKjnp5oKAQ62FfWWotDtUhskFbmB68D1GVJtqixpw7kjeuar/QZlzjRz217xsun3dRnMuvt2h3SDBfHmaOLMUXjnDhkJUJ0E2+VLgJ0q2eAjEmA/GSDD5KGa+d6An026mt/+IssBr7GQamAsMsJIg==
+krd.			86400	IN	NSEC	kred. NS DS RRSIG NSEC
+krd.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . x0cQjzzTuhvZUGiyQaLUjh4SxDyxuxSD4YqHTyVuYBsCKYh3VyS5I6yw1JWyF/A28Azcsu4oln2rcYpB25MD1+33/rKni1Cs+lO/Jve9gHN8a2LNiaHkpe3jwLKtntf7OMfScKkoTyCKK17b3b3ZDgn5l6XdiFiPF3P5rTbnspzVe3jKTTXCVaaF9NRS/uUGWWwh9xBM/6cPsW4iWZY42UOh2ldRc+zOanIONej8aibMNA5Z/FgYfHGxnrlVeCmNu3J585uxBNt3FlVacl1iUivlqTzRrL0Chvl3pNxZcgKrshx7HfZycIkHYgonOh02Q8tv+pwFc2/wulZDIZc8MQ==
+a.nic.krd.		172800	IN	A	37.209.192.10
+a.nic.krd.		172800	IN	AAAA	2001:dcd:1:0:0:0:0:10
+b.nic.krd.		172800	IN	A	37.209.194.10
+b.nic.krd.		172800	IN	AAAA	2001:dcd:2:0:0:0:0:10
+c.nic.krd.		172800	IN	A	37.209.196.10
+c.nic.krd.		172800	IN	AAAA	2001:dcd:3:0:0:0:0:10
+x.nic.krd.		172800	IN	A	156.154.172.82
+x.nic.krd.		172800	IN	AAAA	2610:a1:1074:0:0:0:1:82
+y.nic.krd.		172800	IN	A	156.154.173.82
+y.nic.krd.		172800	IN	AAAA	2610:a1:1075:0:0:0:1:82
+z.nic.krd.		172800	IN	A	156.154.174.82
+z.nic.krd.		172800	IN	AAAA	2610:a1:1076:0:0:0:1:82
+kred.			172800	IN	NS	a.nic.kred.
+kred.			172800	IN	NS	b.nic.kred.
+kred.			172800	IN	NS	c.nic.kred.
+kred.			172800	IN	NS	d.nic.kred.
+kred.			86400	IN	DS	7366 8 1 938E9EE09F411E400DD96657494C3FB5C90EE3B0
+kred.			86400	IN	DS	7366 8 2 46BB5D35906260D79F26C5639B8A1FE47061C329973204D07222808035CD11BF
+kred.			86400	IN	DS	11480 8 1 74E467BCA5017FCD4F9F52618BBA52BAAB535461
+kred.			86400	IN	DS	11480 8 2 A9C2AD21A0CAFA1DB04731EF4647140962C88A2DA406C53E8A9D4B3CC46F7F9F
+kred.			86400	IN	DS	56191 8 1 DDFF2DC997DDB6798552294536706D235395FE24
+kred.			86400	IN	DS	56191 8 2 E0ECE602138FF1452F8F8D504ECCAB90404B9F010486F09D461C49FDE6F3A30F
+kred.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . lUXmbMS0jjN+cgFPFkmjXYeSgWrfzD/8FkeainHCs/dCDxB/uzoJzA6tQOghn9AgBHidverDLS0LeOB0aUK0A+Lnn968LfbBVHXWPfH2077kzWHoRVzZEq+1mFo7hBJ1KdXMph0/ke8rmybQStfjiyQpYcSCU/Nm5uVDfhuKyVKeZ4bwLqGgsUe7gR92882NWSj4LniuxtDvmjtWO2CyhwYbVBiUC6L0CYPZCFiU0GCZ+A1grcDZ7HSJ4i+qSq6MJJkQcT/AjSktYgXjNqaoDhcNHnoucnpvQf1V3j16b1qm83xlu3vb1b7FwRmSma7vnNH6ESRPcDTYTJaiFPih/Q==
+kred.			86400	IN	NSEC	kuokgroup. NS DS RRSIG NSEC
+kred.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . AETFFqPeoEpOlmG+3fQJjFH5fAHR0s1usYZmZLM4kvHI4PO0+pSMKFtWsd2nBfZQfmNaTSg3OTvvpYAHlgIqrcAeFLW66KGKYMxxG0STSRthPcx2YfalUBMPwu0ojvPuC1IPM22TO3pH9TwQ6ThWMuBHMn6h4SmmquGCkRnlJr4hfkcLEK0b9h5M+rgs7fSOtF71JUyyDo0uuQLzhfqzneKFigKZ/bWYFvo1I1xbbMWqsf3qji8bGg/uiq3ZDE9fjT0PYMwsdlWzL+BnZPcD3oHe+tr75s7JA2aYTTlfi3cocwILKDxbP+GMM2nYuPUX4YPpmsVCB/FBgBhgZnuj3Q==
+a.nic.kred.		172800	IN	A	194.169.218.79
+a.nic.kred.		172800	IN	AAAA	2001:67c:13cc:0:0:0:1:79
+b.nic.kred.		172800	IN	A	185.24.64.79
+b.nic.kred.		172800	IN	AAAA	2a04:2b00:13cc:0:0:0:1:79
+c.nic.kred.		172800	IN	A	212.18.248.79
+c.nic.kred.		172800	IN	AAAA	2a04:2b00:13ee:0:0:0:0:79
+d.nic.kred.		172800	IN	A	212.18.249.79
+d.nic.kred.		172800	IN	AAAA	2a04:2b00:13ff:0:0:0:0:79
+kuokgroup.		172800	IN	NS	a0.nic.kuokgroup.
+kuokgroup.		172800	IN	NS	a2.nic.kuokgroup.
+kuokgroup.		172800	IN	NS	b0.nic.kuokgroup.
+kuokgroup.		172800	IN	NS	c0.nic.kuokgroup.
+kuokgroup.		86400	IN	DS	28711 8 2 19C2733EEB5AB3B49CE9D819206870D68B3BB15DD07F69F99175E27A984ED8D1
+kuokgroup.		86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . GGNOw/nenH+2L8AA0B6xVGmb0zFHkburgFGcq70kKdlVpaZR5bHCWAXaSajU38pSCRICgjwy5qqWENMKoIYfwxCpWgPITVcfDJtQU0OP2kDjW/SIHhHtr3JfloWn53PAE7SIf8U7ykgjwcDlQiv8z32V6byvhgUYynh14VAa0j/bHdi2sjBpJjFEtE2aczjfWA+Xli12swZzhiNDpCZ9nPsyQPoWYKk/kd474u2MNxolswBoUgxNjrrKYTmlU8b4Nknz/FcySqKs72UqSHQcaHBxev84nsCsyVhgO1EXT/hipvRT153Z2L22dincwEZuIK0c3tw9HmNyEhXz8Y2O8g==
+kuokgroup.		86400	IN	NSEC	kw. NS DS RRSIG NSEC
+kuokgroup.		86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . uY5GmCFx4kRCfkNOIJxGBQvUIXhj3nPSYkWdP5VZSQBDyG/2VZY5jBBnDZZWMF/17GuAdKYqrClt1Vo3GWJsD5Yf98wkUUpwH/15eFkaxVdhl5dA5IeoZdycvZPgVimWhbywNkLTyvRPqMc5Sx9WrGy5x4B0Z3Cc08VictW2saF+c7Sjg7GdrgBHiDYLs/MGLzvKDHXnqWUOqqXj/yUZrGjndfDBeqlJQySEuA7OXhfrh0+ax7CPi6r7vdAIif5bIM+BuUJNBlUsJioQa5sWgBkMLd8hFqDilzpBaCBOG4U6z2Mbh4tFQKUsiAUYfSAIsk1N1T5T5809fosHi4wbHA==
+a0.nic.kuokgroup.	172800	IN	A	65.22.112.56
+a0.nic.kuokgroup.	172800	IN	AAAA	2a01:8840:6e:0:0:0:0:56
+a2.nic.kuokgroup.	172800	IN	A	65.22.115.56
+a2.nic.kuokgroup.	172800	IN	AAAA	2a01:8840:71:0:0:0:0:56
+b0.nic.kuokgroup.	172800	IN	A	65.22.113.56
+b0.nic.kuokgroup.	172800	IN	AAAA	2a01:8840:6f:0:0:0:0:56
+c0.nic.kuokgroup.	172800	IN	A	65.22.114.56
+c0.nic.kuokgroup.	172800	IN	AAAA	2a01:8840:70:0:0:0:0:56
+kw.			172800	IN	NS	a.nic.kw.
+kw.			172800	IN	NS	b.nic.kw.
+kw.			172800	IN	NS	c.nic.kw.
+kw.			172800	IN	NS	d.nic.kw.
+kw.			172800	IN	NS	pch.nic.kw.
+kw.			86400	IN	DS	53599 8 2 C5646A4E1BEE8C2699D3CC3C4F597F8767B85A134FE5EE5DFE8B3D25B1534D3A
+kw.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . UhrIpyKGhZW+bOzsqbe8TJf0lE2FxZqZVWJJvc7jOCE9eHey3FvFKjg8ZrMAQ0OhTbl/pedGcrAfnNlUj3k2OBu3I9/zLlnZw4nzpwINQ4ZCeizH4K9p+JoSNTocGnLi/b6ajSoa7fRCRVdJ2Bf05i32nr/aoz5aIlpcc7HXfy9ArgQFqwOi+WSMyVap6+UEfFS7akUgn2m6Yqf6aIS8NRILLZxKMJXQOdDYQ0tvw9td1CXHkTzIr/SMR2LLFS8j8H+66LPuF7SfBWKcVvhRYnOuVcZfYmiggM7R0S7Xmi8cy1hQMD/KAgFRo2mb72YlbS65Ht50ztip5bAHJCOPSA==
+kw.			86400	IN	NSEC	ky. NS DS RRSIG NSEC
+kw.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . SsWXaPpGw87/rXkaytb0iAVTEpIgd8doc18NUEDr0b9/fHenGv0RGAUWTg5HSgxONdbzOyhTuB/KGnOaTWBbWaH6RXXYa1tK3JgTQBL7AFEMHn5FcG4GDvbYmtfAbd4odk94p2g8rBBUlHxUskKpX94FAJjAH63x0YM6b6LPFXMLU0Fnm6LfzT71AYKWU4R9XDt27jKOD/VlUviwBSSe8iMi/1tJKimztmVZZYhIKu2g8om638VdUNvB4yZIfx3TmsnuEUj2UElOIJnu7YewXFy7EcT1GAF8XcK4oCA6VhyDOpB+2/AIzq3485G2hIcEqkV4q4Ary4tOe8t76nfQ8w==
+a.nic.kw.		172800	IN	A	54.228.209.46
+b.nic.kw.		172800	IN	A	168.187.100.84
+c.nic.kw.		172800	IN	A	194.58.198.135
+c.nic.kw.		172800	IN	AAAA	2a01:3f1:3032:8001:0:0:0:135
+d.nic.kw.		172800	IN	A	185.42.137.135
+d.nic.kw.		172800	IN	AAAA	2a01:3f0:400:8001:0:0:0:135
+pch.nic.kw.		172800	IN	A	204.61.216.118
+pch.nic.kw.		172800	IN	AAAA	2001:500:14:6118:ad:0:0:1
+ky.			172800	IN	NS	ns1.uniregistry.net.
+ky.			172800	IN	NS	ns2.uniregistry.info.
+ky.			172800	IN	NS	ns3.uniregistry.net.
+ky.			172800	IN	NS	ns4.uniregistry.info.
+ky.			86400	IN	DS	38821 13 2 7FC55D2CABBA85A2CA6831ACA0565A64D7AD91E4861B114F317392B680DC6CBC
+ky.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . EHlSknxiCt4YGjMr3EcrSlJRYRotj9Em24TEdkqYUWumC7iltHTUBiShUO5wvVObwJU8VWQLwmAf6IYMM8uTpAT5lI6BnqvTQ6tiP48OzGUDgF6kZAOGokdLAVWVUlFqUM0fhnnK+XRSLqK3aRa+qphLk3edluPETIwpnfrFNc13RRNclACnzeiHy53X+Rqjl9mtF+AQqsitWUWrkxtk1mLy40CG8Hc2+j2GkY6y92+Mutq+1hX2OLcfckpdxpPvN0gUImYgnAn0+e+vWZkWaSsfN7rWJ0Tf7tTK+8qW/W0c3fxBw3NHCNM5sJYdzvXiEB5NStNi2z3oVH7wc75PdA==
+ky.			86400	IN	NSEC	kyoto. NS DS RRSIG NSEC
+ky.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . JBqmxDAmle5lQSO5d17wZDHSMcS3nMeuKIpfNiCHxn5eg4rVr8mJe7Of74YhM7sUZ95XdRW5KnReReoIElky4lujDK4XH4ZeIF+pyE8vDDQDShDrSrDYjcbF3Q0kpZYgBqM/h3A3mUXB6elxsurEkzTxqAydEtXygLE09aLg0Ii4pmY5kLUViHhg0P/paNtQkGgOz2Ak6SaJ/zuuwdo9HeSWzM4FTjx6vvnLNkqxIHdscZ/te3JIkH1WwSmM+7z/KOk5pLW48UFwZZKsnyso/SV5IrCDIw5vxy7ZlyLjEm+W3G7fmgtv8IeC8GhmjQsteLSVhrtoqzsvtSd9Be1tpA==
+kyoto.			172800	IN	NS	a.gmoregistry.net.
+kyoto.			172800	IN	NS	b.gmoregistry.net.
+kyoto.			172800	IN	NS	k.gmoregistry.net.
+kyoto.			172800	IN	NS	l.gmoregistry.net.
+kyoto.			86400	IN	DS	36767 8 2 E5237B981FA00A1F097E791E68F746F2596B7B111F07A2F824C265F98AE5D861
+kyoto.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . ia8GJap38e0YPYZFcBgCz1UnuCP8z0xa7QBWjssSgM14coIv0riQ3U83Gc8DtiAz58Q3k3hyn35DM+7vKp/Bzn9+xyC8K0an+mPJCJgaTsyLjjk2CBIGwU61HvzEWClHrywGBgI59qJ13oW0AZKAfj3mEAOpG2HYajs48x6fqwdX8CPQEL8Jz7yWbaketjrJpNN6UHCSZgRqxD+jmAzN54wbeOTz8nWztA0h2zcOWLtBD3DEin0JxV1Di6dRT4Z85pUpMzRSUUZco4BP2hAXn4neWPeOuBMKjDfie3LMChHEoccGkGM4bLPGnr+2BIoxzLsJZ2fiHZ5JfPrODZX0Pw==
+kyoto.			86400	IN	NSEC	kz. NS DS RRSIG NSEC
+kyoto.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . a8M8CQsVpVHXfU7Kqdyjc7nkQ3y+nGBEkVG3Xsx7t5jvGm1PuEgIYm3dzzDP14lsqgKLU7DecTQTFIaXnS8NITlhvNVgwVbMKQzn+Mlii+PsWAyl2358I/lTBoeBjpQL37HvwoPM7Ng1+9PQkYhKyMrw8iiO00iHN0LVZiU06HcMHKjXShhxp3d4oF9BmB6gwWFbo/WsTCJ+Eo6axcXUqDht/6DvHKAW3+8FTJc+LXBR5PeJ8JWazB08ng0Tu/14x/Uoyicp7aPCJMHfWzir9ivdv7GyOfPx5W60mYt7D7wqv1f6VUSr3cmAb2DwiZxxKoOBOb1Ww1mjFeP4IkosvQ==
+kz.			172800	IN	NS	ns.nic.kz.
+kz.			172800	IN	NS	ns1.nic.kz.
+kz.			172800	IN	NS	ns2.nic.kz.
+kz.			86400	IN	DS	10656 13 2 5CDF9266FD5B325975A21BF7AB865C3FB0B2A6A835196FB47B4F80035E8B094F
+kz.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . nv25Q1XeAj0caIAAJPj/2fSyUJK7MPLPMNa8agCtZ4N4tousQa9/nUPNIoXCYR4b/kPT03IEeFuy1wgSsYnZSi+dt1vjdUo0Z24D8VX2qAwoRvsY8EfZS+QKxR+TJP23LzjsPqbtS5vggQC0gC3IyN/kHnnhXaU9jc7tVUgQMycYCc1f+hgbeGkX4LeSd9q2p2PkntVP5f6x0/EoNEG5sa4zdRXDjvouaUA4SdAKLwnHzl1yZrqkFyle6+77+DLSnNAo054tIfqDePSnXsw5EPFcqxfdVds1Qso/ShLccDsG06IlsNpny2P0zRcwHprSZQSmbertZClteLpYSa4+Bw==
+kz.			86400	IN	NSEC	la. NS DS RRSIG NSEC
+kz.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . t+3c9UnQmHOYcE/WGGn1xY7/OGROzPD/msVxrC4jQfOpCip3LaaIKHS3XX7+jWPgSMuFlsNyOvSqqIi6GKlIZGZkHeu4fWlDukL0bnZvGugs4rALUp3ZtD5FBpiwSA1hLy1h6G78yohljJ2BN3hfne+xVAP0n/0xkLojFHZFAaqxTxsVwjEZfqRYzXwJf6ZlhV3d9LyIsnI0DY1Cqqy4LFI460b+ZNjV4rWD4VJngAyI/ldcgdwlHL1q+kOj8Px/lPpVidcc4NoiNdqHkND0bT+ltqL8hkSIBJpX3HUim6FHk3qDhHoAI/X7Rg+qfB1NEbId+sosFtfRhMw4R2OSxA==
+ns.nic.kz.		172800	IN	A	194.0.21.5
+ns.nic.kz.		172800	IN	AAAA	2001:678:98:1:0:0:0:5
+ns1.nic.kz.		172800	IN	A	185.79.212.7
+ns1.nic.kz.		172800	IN	AAAA	2a01:7640:9000:0:0:0:0:7
+ns2.nic.kz.		172800	IN	A	204.61.216.143
+ns2.nic.kz.		172800	IN	AAAA	2001:500:14:6143:ad:0:0:1
+la.			172800	IN	NS	ns1.nic.la.
+la.			172800	IN	NS	ns2.nic.la.
+la.			172800	IN	NS	ns3.nic.la.
+la.			172800	IN	NS	ns4.nic.la.
+la.			86400	IN	DS	42973 7 1 1F0CEFA420E9101BB5791F3AB93E85917A72978B
+la.			86400	IN	DS	42973 7 2 E7D0C3BCDF60E8D842E882D90B4EC263C8889B760098492C798841C13B4EA13F
+la.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . Vlg1Rr6Fcwaku+F0njuwUWt4NobU/aYR3Z+3mCKDE1uXbvrG7xXrzG5qozIR4w6uFjgfG8s5kkTMubEGOnGm9j4OIn1oBduLXlsvgBZZRMdanfoBtslf/Wj1/Lgp96VhNOFdPNSxrQoZIDLVUqwnEHwu+x2UfHkD2VbaXbX+B29YyLHz53lq9GhyaMvTHb1fsmXBu/u9NCNxoIP5ZJkFWjOSvm9XaUKnUc9FAs+NuFh2WOF2fhRimhYlNNw+wf+Y37onzkteO74x8dXYnQ+Ksoc9VBWWwweSHrMn2yk38xEq9Fm+ohy8yVGT9RndpoEBvEN67x7raZhzGPLha/t74g==
+la.			86400	IN	NSEC	lacaixa. NS DS RRSIG NSEC
+la.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . llIstS0Om/vpi3W9+2wHJIAxciFULNCEXgiI0WPrcXVbxAV72UXGs9I4IUbfP5FbH8QJzVs1pjgzOZC85Swgk7A9nWcvY3q6bpGGtsaewqkgA4aMEncYqQh4qZPDUOhIkjoOlnHsWaAza+OVzwpUTkhZxX/7MgQ8qcY3fJaoMxgqAAMZF/tqg9zzwEhbq8DgagFVN3h0TETXXiA12KNCuYMiWCjzXmopc3UlpR/Y7jF30OZtMhf+ELg2RJ8Ix/+4ikozvXKhTjsX+/ln80/creJwBCGhQcghjmmQL0Yjkpqo4qux2mX5EPyFAhlDoMjZgGWhsYSHpeLEJn1Gdq3jZQ==
+ns1.nic.la.		172800	IN	A	185.24.64.15
+ns1.nic.la.		172800	IN	AAAA	2a04:2b00:13cc:0:0:0:1:15
+ns2.nic.la.		172800	IN	A	194.169.218.14
+ns2.nic.la.		172800	IN	AAAA	2001:67c:13cc:0:0:0:1:14
+ns3.nic.la.		172800	IN	A	185.24.64.14
+ns3.nic.la.		172800	IN	AAAA	2a04:2b00:13cc:0:0:0:1:14
+ns4.nic.la.		172800	IN	A	194.169.218.15
+ns4.nic.la.		172800	IN	AAAA	2001:67c:13cc:0:0:0:1:15
+lacaixa.		172800	IN	NS	anycast9.irondns.net.
+lacaixa.		172800	IN	NS	anycast10.irondns.net.
+lacaixa.		172800	IN	NS	anycast23.irondns.net.
+lacaixa.		172800	IN	NS	anycast24.irondns.net.
+lacaixa.		86400	IN	DS	36309 10 2 1472BAB3DDF6CA893B478BB871E9C9A21C0E01D468C9A9117771E29BCC93D1B9
+lacaixa.		86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . GRroItj4PPU2VdLNk8GtQpcvJebnFADwKos4a4nXMECOmpbnNYtptINkoIAH5EQKGCyxuWGDo/EHbjpXWWxZjE0kbJTm7KS9VWdLAJO74VvJPv+53F2WQ65vakWPPOxqymV8EJv1aHsBlrCeoelWs8L6YalAr1TJ//iy2rYo8yV3szFi5ahbLQiKHnJAcqgcvJ5M3kul5JuH3XrDQLyk4IwmXMWTUxvopJvKgletw4VblUjLg0+ub8FwR8TZ3nrh0SC5zYM9dNTVuS5ggCJMHZxzVtUihpYigP3zEdjY/nxQE0LDYLOMkpxklfqyydxvHrbaljxbo+mZLfqUoX986A==
+lacaixa.		86400	IN	NSEC	lamborghini. NS DS RRSIG NSEC
+lacaixa.		86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . aYk/GUEI4VixvjCwq74uRAycPPva0JJVQoWxjRVWuDwOfLZKPWSNzyPIRHGxJNv0Oahy1MzM3+VavwpmTHxJp6Lc1jkqjNXegjgZsd8xjNoFSkX6y9w9May4SnC9vV4hXjtPDJVCABoxbNzQURnCa1jaN22DKLrjkAHf/iQwuzIn3vTyxKpaMDWwlRC7dopXfL26THM4Q9FxRc2cDMnT4H8VLtoGOsvJuaN33gntWcHZJ+Onigb2RjdpBBB8FZ9oa2wOAX/eZWE2kPldAXcsxpTThbJYij6fX9t+P+1gauqwG8Dj974mSh9lMBL4oVFCXbgEc+Ryd1xZmrH+r4eQIg==
+lamborghini.		172800	IN	NS	a0.nic.lamborghini.
+lamborghini.		172800	IN	NS	a2.nic.lamborghini.
+lamborghini.		172800	IN	NS	b0.nic.lamborghini.
+lamborghini.		172800	IN	NS	c0.nic.lamborghini.
+lamborghini.		86400	IN	DS	61360 8 2 A10D1EA44CB7FB0A404807548F2CABD4DEF69B874CE31632C870E108C673CB09
+lamborghini.		86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . BOxgbutBbGhNaf/BpuEBEec78gc3Jag/iZAfdIo7REmVAjV9BsPNuiPVIkEVwsjNRsr23iZ8Uw/FJbwhKxOUML03dqQVBWpQIeJv8+U8BFY5xDtQziwaCN8lT/15pJ64aEyZiXhCXYX8F+J3L0K7pJG/MUg+OJj4ya3NPtKRMiNsoBwGPGYaoZe4NCICZREKAsosB1yEPYJzHZ1YDBschZNdBAR62uGfP0qCL1s1ZkgzPlqdwY8eKUGXX/qidSsXTBFxSjFFZ/7CXs5yY03PNG/0X1BzM2OnGSV7psiWAFl6qsv7nLCdgVQ9l6dwxt+Xd06JFJ9g5/EaNbJkuZFJOQ==
+lamborghini.		86400	IN	NSEC	lamer. NS DS RRSIG NSEC
+lamborghini.		86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . fWGQzebo8zIU26fw+iyKsDDYvnv2rzsqmCyRkGdrgQYWV+E2R+QrLqp51x2GEsB8fQr+3EQ1Gp74gmXu8dNMs0mXnpE2G2omSe3kiFG1VbBLbN7p/Bi5ggR9Rgd/MXtRAb5M3tkLhNw6QIRB+Fieb55GR5GW+50tjKz9keC4YiYsatciZXQYwBfWGh/Z/j/vLdE63FYngEnTdAUhwbZKxcATr/FXzQAsUqZWjDZsEQs9YXl706Lhbtia5/GsZjb9g4OBETyrAW6UtSgnsGA0dTmgYJQeoic+l9qra5cocKc/myyv1AMZMUrEZlIBbxSO4eZZQIJ3Kx12o+zkhBnoKg==
+a0.nic.lamborghini.	172800	IN	A	65.22.208.33
+a0.nic.lamborghini.	172800	IN	AAAA	2a01:8840:ca:0:0:0:0:33
+a2.nic.lamborghini.	172800	IN	A	65.22.211.33
+a2.nic.lamborghini.	172800	IN	AAAA	2a01:8840:cd:0:0:0:0:33
+b0.nic.lamborghini.	172800	IN	A	65.22.209.33
+b0.nic.lamborghini.	172800	IN	AAAA	2a01:8840:cb:0:0:0:0:33
+c0.nic.lamborghini.	172800	IN	A	65.22.210.33
+c0.nic.lamborghini.	172800	IN	AAAA	2a01:8840:cc:0:0:0:0:33
+lamer.			172800	IN	NS	a0.nic.lamer.
+lamer.			172800	IN	NS	a2.nic.lamer.
+lamer.			172800	IN	NS	b0.nic.lamer.
+lamer.			172800	IN	NS	c0.nic.lamer.
+lamer.			86400	IN	DS	59092 8 2 F92E0E3F77B71FC4D1D69D18D013EEDCEF963C1C889B7DD1CFCE17A7E4E5B1C8
+lamer.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . MC+k0RgzM4+5vx+N9/q5zEUljtDXmOLl91YJSXaEEhNUvlUT1O3sMLjkLwFEoOXU0ZA/BD18t+p6vkm/m7ZjOs8FLCOngF0RyHOeR2eePgPChVhH2VzppbD0ks+aK+NoLMgdiao1minzVebPB3Kb3iiyOEQTydeSwYPwzAvf7nUOtwaxBc+OotwqMpMfuvklgZl3UT4VcFuJZN9sWw7nltRj+AaUZpw2XOHCMNpIAFZD/s7YuEtptmjqaauFkj/Cg+YFbgiipN9ynMdjzYr6wKhAr4NSVw6/CmnAZKArtGqXwG1t/u4TOguzLCmVG/aNtt0oWq32aTvb90WBTJLLPA==
+lamer.			86400	IN	NSEC	lancaster. NS DS RRSIG NSEC
+lamer.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . O1R86Ofhu8h3Mpc403hgqVUjLLozLT8IoywMVDmD2Pw88HzX5qDhKGT4vSVnUE5SoHkqTydBdkmpqBkW5+N9V5wegbmz5sx4TLuLeVTCvpeUluIse7bFxXXNLIclnCQRcr6ChswKrUp3ZPOdSocJSiBPbLAWergxifluvGmEsXousc4Uu+gwcj1/lq2mt7OkSxtNsJ4D4u21+BjOo1khVtP2LNMBjm7WZGosFF5BNvNMM0tXBlyHuik067khLVM5VdtMdxoOfEhcceXvtK76zHhouzsmncqHo6jsdCCECSzXzLUCmyLeBhMzWR1RWKbXBNXeOjwfdZOJUQdKquVsXg==
+a0.nic.lamer.		172800	IN	A	65.22.52.25
+a0.nic.lamer.		172800	IN	AAAA	2a01:8840:32:0:0:0:0:25
+a2.nic.lamer.		172800	IN	A	65.22.55.25
+a2.nic.lamer.		172800	IN	AAAA	2a01:8840:35:0:0:0:0:25
+b0.nic.lamer.		172800	IN	A	65.22.53.25
+b0.nic.lamer.		172800	IN	AAAA	2a01:8840:33:0:0:0:0:25
+c0.nic.lamer.		172800	IN	A	65.22.54.25
+c0.nic.lamer.		172800	IN	AAAA	2a01:8840:34:0:0:0:0:25
+lancaster.		172800	IN	NS	d.nic.fr.
+lancaster.		172800	IN	NS	f.ext.nic.fr.
+lancaster.		172800	IN	NS	g.ext.nic.fr.
+lancaster.		86400	IN	DS	63656 13 2 847B427327BF07FD61B821D3DC537401D3AF0371C0771BEBCAF2CDCF51AA108A
+lancaster.		86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . DSO8mm/vxxCux+qMMO1brWH9uHJZlRUpNUDXugzV+R39dFaXWoZscipJ6hHpM0XHoHbYj1BzDrM//FP1FKvaBxzSP6xcPBK0CPk3TVrzebm7/nKBbScS4emETAwxoXidt5e0RA5J1M614IumrWWuZRZ940CTXG77V4JHyU0I/GIEud18wWIm5gLF1f3l9gWrGJK1LYRHcsbNcQP2Vyv6ddpeFhwhr70dF7BNI3aUxN5m/6UE80LahRPqB5BLYuyPs4HaSxTCDJS69D5lEVF5jGKaKB+WKfYhgmqkj3J/GlscN1n0R6bGE5yVLhDyWwSiLthbptjNkLWcNGRGU5NyQg==
+lancaster.		86400	IN	NSEC	land. NS DS RRSIG NSEC
+lancaster.		86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . PIq93GlBkv1cmXtaNc7sI9FuzDap1FwzQDdPNxQlZHhIw4sY6oDVgsREeq2AxRtYzo6YH/FpSd46tMbl6BPSWz68C2XjMW3srzjrRcQhVsKSnbJgdhRFPlIx/6Akds+vFRx/FZn9rv895Mw1RbbrnhdfFXoEri5yiP4+6XVc1DWoZAOD8tzk4TEMFODJOzDVyVreBSP7PqcVVRPCOTyF5QuqW3VqMN/39FwXmiryJqOzQ598svdqee6afPXa2EajX0rBgjTcvexEioRRSLG5eYhrBIuFC28K+o4NhX5W7wWHAPecIMxbpEPTGtDS6xIWirGQlHvc6DqDcQcPojcu+Q==
+land.			172800	IN	NS	v0n0.nic.land.
+land.			172800	IN	NS	v0n1.nic.land.
+land.			172800	IN	NS	v0n2.nic.land.
+land.			172800	IN	NS	v0n3.nic.land.
+land.			172800	IN	NS	v2n0.nic.land.
+land.			172800	IN	NS	v2n1.nic.land.
+land.			86400	IN	DS	6595 8 2 7E0B97BA96C8437478BFB2DA2F47C51CD530A254D8F9FD7612C30D5CE7FA2FC3
+land.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . GP7zUxOSX+jA+vl2IgSgx6JTh0DXsJ/oiGe4z+kz3Glq/mqxU0Yju27ksy9kuYtjriB02aQ77bJ8C1a5YIZxwRDhdsbFL4ZGMalXGJl9HBer46PbAsmZ9RI40ovio++KRmbgWLdZg0fLsK+v0zRZkOzYPgI/7qOsUkVNi1VHq3YmZorMPb+X9XULZnFJXwq7BrplTFkSLVTadGjb5Fmp2q4JFKQOi6GpFNgaGRPmNZzbqCgyMPgR4KLatpnygXDLmSRUC0P+5VqsYjGw1T7TJq9sFcOOJ8A0HCMHCeZBLOQdx4f50EaytzfoyJcMUCmGDivKiZXLMR/nacP9+QvTJA==
+land.			86400	IN	NSEC	landrover. NS DS RRSIG NSEC
+land.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . F23mn090q2jstotJEYrGq1tr3IE+Np8YzXh8myczmfRhP/QSJT8eauSx3UCjNngZ3Jq5N9I/+cjyK6J9680tkCJZr5+qU7h/V8pQr3RGQBgvNaeFXAuPwJDTWzshGLmAMxv4tV8ONvPNFWiye/BxqV1smdxgRGiJC/xBaUoLaoq+hQNKmmrvVlEPraAtKxtnmh5SYFxfFDYhN0Swy9na+Zm3aN8YzbssJ1CHq55y8hTV5cD6O3hChVz/JAMwhy8/5zlNpBGNsBUBOrPrsIJ9+/EHYe9jfOGaACG8Epb7BYaq2rw7VG9fFz8uDdaDbR6/ruUivfKU/JfpCm+VuyaPzQ==
+v0n0.nic.land.		172800	IN	A	65.22.20.11
+v0n0.nic.land.		172800	IN	AAAA	2a01:8840:16:0:0:0:0:11
+v0n1.nic.land.		172800	IN	A	65.22.21.11
+v0n1.nic.land.		172800	IN	AAAA	2a01:8840:17:0:0:0:0:11
+v0n2.nic.land.		172800	IN	A	65.22.22.11
+v0n2.nic.land.		172800	IN	AAAA	2a01:8840:18:0:0:0:0:11
+v0n3.nic.land.		172800	IN	A	161.232.10.11
+v0n3.nic.land.		172800	IN	AAAA	2a01:8840:f4:0:0:0:0:11
+v2n0.nic.land.		172800	IN	A	65.22.23.11
+v2n0.nic.land.		172800	IN	AAAA	2a01:8840:19:0:0:0:0:11
+v2n1.nic.land.		172800	IN	A	161.232.11.11
+v2n1.nic.land.		172800	IN	AAAA	2a01:8840:f5:0:0:0:0:11
+landrover.		172800	IN	NS	a0.nic.landrover.
+landrover.		172800	IN	NS	a2.nic.landrover.
+landrover.		172800	IN	NS	b0.nic.landrover.
+landrover.		172800	IN	NS	c0.nic.landrover.
+landrover.		86400	IN	DS	9545 8 2 8228511299170DB94D53620E945E5EAD65BED2F247121A70CD9DFFB37674DB69
+landrover.		86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . t2ZcpySodDT1/hCayQqZI52tTtzawPAtUG2vA1Nao5rPHjeZPqnKxxq4iijyOat2MbYc4qHpAZKRvNz9AkepAeCY8U8EFL/WKOGvhnUttzA96iUYL7CtIskeu5HNm02/15w7tFp4IEt6aq8jBhFAgTBP2QXttMPXt2vLMoSmsRDcQzSj7aJLBToVSS8LPwgwdXc9vGYoTFSgMVUMdz6JpeNzJoxS+i00hn9HQd73rjntW1Oddrum/qwUf8V51bX9YrEp/1vZjUw244E4JLFOkkYCiPXqGasweg7VVbzfqrf0PyeCBYTdrCRCQBrc8cfv4kR77LHs9wPY0N11fH/Big==
+landrover.		86400	IN	NSEC	lanxess. NS DS RRSIG NSEC
+landrover.		86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . As9xR/H1AnSQlbjdudXJNh7uRifthzPRyxI2RdQLWqqbrNl13PpHdhi0HAU29T9ssHVIPxwtmyiYeOauEC4i0FUats9oW2vVpVmrH4arWBP7H/8siVt4eaNSAkRq6nCi1NHejMJk+kR9Rkz7ZvQ622Rv+vfh9EkEz3N90A9fF6NcbNeLYkHaLPdVBbzB0FVcR62mIKxlYDujGpWjC09zm+Qs7Gfmy9vpjNAJZrogpU4zmAERC8cdVUfeju79clZA6rPiNCSKFucezbcmgW3iExwsNZCFXUWzkT+ppRCSzj8r5vKaJ8bH0FTchX26bFLQZdAl7dI5eyV5rsqgfZHqqA==
+a0.nic.landrover.	172800	IN	A	65.22.112.57
+a0.nic.landrover.	172800	IN	AAAA	2a01:8840:6e:0:0:0:0:57
+a2.nic.landrover.	172800	IN	A	65.22.115.57
+a2.nic.landrover.	172800	IN	AAAA	2a01:8840:71:0:0:0:0:57
+b0.nic.landrover.	172800	IN	A	65.22.113.57
+b0.nic.landrover.	172800	IN	AAAA	2a01:8840:6f:0:0:0:0:57
+c0.nic.landrover.	172800	IN	A	65.22.114.57
+c0.nic.landrover.	172800	IN	AAAA	2a01:8840:70:0:0:0:0:57
+lanxess.		172800	IN	NS	a.nic.lanxess.
+lanxess.		172800	IN	NS	b.nic.lanxess.
+lanxess.		172800	IN	NS	c.nic.lanxess.
+lanxess.		172800	IN	NS	ns1.dns.nic.lanxess.
+lanxess.		172800	IN	NS	ns2.dns.nic.lanxess.
+lanxess.		172800	IN	NS	ns3.dns.nic.lanxess.
+lanxess.		86400	IN	DS	27220 8 2 E7715A76B9EC7C6F1F6553100BC86F7C705078B27A8AEEF20A3CEE83A939069F
+lanxess.		86400	IN	DS	42049 8 2 8F36C334345A3308D0E6C36974EFFEB13B3B5C0297A0A76443311A5BF98E01C8
+lanxess.		86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . T+XfYYdbs/GR7TOunuZZ3+rDh/4xlqt9HHPMF4o7XMVCqN/FbMiCqpdacMR+J7gquGm/aDzZSCj6JugIYZ+RNPYdWS5GmWHT6osIB1VsNzs6MXT3SEo88Jv7S0pwfx6rj6DOqMGCXqUhpkgT+CyIfsX60G9wsGkOfozL2TvQuWzX/UqYiHwllgNyLnOT5y1nXL3hGIsr96DZiCNXBXrXMF6Dc0baAOTmZZrq9bR6RZWnH0yrB39tUozd6CCP8Xk9t6m2mQVm1gC5SP843bf7lLzxdPe8QXqXqha4NzEAmoitFieHVRMjLIAKKJWJesqIijQ3dXsmkqeczxNpbUvMYw==
+lanxess.		86400	IN	NSEC	lasalle. NS DS RRSIG NSEC
+lanxess.		86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . Ygi6f8n4O1/9TblShX/liuQb4vXstYTDvyRwVtLrIfXwhRYVC6cLn9s27tWsgsGjtgaYn4LtlEIEpISjLPkczWa0seEDxqvkxrsAjSxORMVcraRmfXlWXgUmsLLpsZeZHMvU+LOSk+d1PQZ6Q7IujfCcGjrxCniE2I+csx+ptvjJoRhTTAqZ8DIqfw77RqqGM10mk7DsAdL9f/Ezi35e0eyL3zQ6i1eUxTeBlss1V7DQKVZg5SOwNyT/mrdtDXRyZc14igJqDdwdLVgCLGtIa24+AzBHXVPpMhRhtSjJjOEc/Hx1djkcY9Cb873HsMDUGP98SDdyMx90RT8ww7W9Yg==
+a.nic.lanxess.		172800	IN	A	37.209.192.9
+a.nic.lanxess.		172800	IN	AAAA	2001:dcd:1:0:0:0:0:9
+b.nic.lanxess.		172800	IN	A	37.209.194.9
+b.nic.lanxess.		172800	IN	AAAA	2001:dcd:2:0:0:0:0:9
+c.nic.lanxess.		172800	IN	A	37.209.196.9
+c.nic.lanxess.		172800	IN	AAAA	2001:dcd:3:0:0:0:0:9
+ns1.dns.nic.lanxess.	172800	IN	A	156.154.144.101
+ns1.dns.nic.lanxess.	172800	IN	AAAA	2610:a1:1071:0:0:0:0:65
+ns2.dns.nic.lanxess.	172800	IN	A	156.154.145.101
+ns2.dns.nic.lanxess.	172800	IN	AAAA	2610:a1:1072:0:0:0:0:65
+ns3.dns.nic.lanxess.	172800	IN	A	156.154.159.101
+ns3.dns.nic.lanxess.	172800	IN	AAAA	2610:a1:1073:0:0:0:0:65
+lasalle.		172800	IN	NS	a0.nic.lasalle.
+lasalle.		172800	IN	NS	a2.nic.lasalle.
+lasalle.		172800	IN	NS	b0.nic.lasalle.
+lasalle.		172800	IN	NS	c0.nic.lasalle.
+lasalle.		86400	IN	DS	6184 8 2 B7CEB81D5279786BE446C8D6981F911D3CB31DFC7E192DE510C6D489CA3BA370
+lasalle.		86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . SKdGtwwAcjrMHa55upif4aCntFf5mhKizpw/CYe9ox086U5azJ9Ny+DrhbzqD+Bfi40RhzKLk+hwy+6yUxBB75s0erXyaY7lg3T7ou9nk4WnDufD1GrMoMhkS0DIx1uKoNwC4hoJh5sTS49H41Jf/1JJ/f/mc7hFBB3Yv+TyrPDJjjJNUwbnq04Mu/V5x2NYTVu9gTq4AwvkSQyjVfOLV9Ut1RKRjCino32wd33l1d5NijPv3Xj5wxmIzz4vracM3PIjzp3DY2HyheeuDkp6nweuTpStxlHCmQcUIJhw8zCcg/tZtlR/2CYdy0JVOtMrAhpLlefCRe218nLivAsdxw==
+lasalle.		86400	IN	NSEC	lat. NS DS RRSIG NSEC
+lasalle.		86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . sQIT23t3BtegMZHtvrhdByh7j6UbgwRxsGIjeJCciPUSEkEPlBDEIKbkMWhVzBH1o2yhHRvaTZ9u1eMpGlj8kEMik1pO+ihrtPjIDugUnK9Prkb2q2aKMlrSrbkWJAt3uy028G9W8F+sVEg9JUh1z6GlgC16iqJ3ftn4y3FiDT+rOHiVWI0D9Ohq5Ty+y7ljFUYf0XtDR2IBwES3EoMCGH+/rKelVi/jSuBSuqKZVeRBBP3Gx98ksjWCo70POBsZIKbcvu8+Iss3sFis1P0SX8etIU/D3RBp2cpnEPr/lsww4yF5iD6rvjUDySEpiyU9lm/ArtP3uuCbMCsCfcf9pw==
+a0.nic.lasalle.		172800	IN	A	65.22.148.1
+a0.nic.lasalle.		172800	IN	AAAA	2a01:8840:92:0:0:0:0:1
+a2.nic.lasalle.		172800	IN	A	65.22.151.1
+a2.nic.lasalle.		172800	IN	AAAA	2a01:8840:95:0:0:0:0:1
+b0.nic.lasalle.		172800	IN	A	65.22.149.1
+b0.nic.lasalle.		172800	IN	AAAA	2a01:8840:93:0:0:0:0:1
+c0.nic.lasalle.		172800	IN	A	65.22.150.1
+c0.nic.lasalle.		172800	IN	AAAA	2a01:8840:94:0:0:0:0:1
+lat.			172800	IN	NS	a.nic.lat.
+lat.			172800	IN	NS	b.nic.lat.
+lat.			172800	IN	NS	c.nic.lat.
+lat.			172800	IN	NS	d.nic.lat.
+lat.			86400	IN	DS	961 8 2 D87E3EE5BABAA5DBF51C4AF462D2670BE2B702A2972903AE27BEE9BA64413973
+lat.			86400	IN	DS	42520 8 2 FAE20127B971E74D949E113CD4D738F82D6D53C5091B76CDA93A5877554DF1F4
+lat.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . Z7I0Dz04VnqEy36EdOyNUOEv3gOMdDv+iZqY4ZSSz60yeZhtaUEiKK6gDV/2wHvselkhufEA/63/2NIj+VraYiGk3XdJlRmgu6KYVN/jHhJfxoQy8HB0WPd2Pz4ln3lqChE9cMosnLu98+RRzb6AmEghTTV5KFNNRoPpA+D9bcgJKF0aZht0BDkWOxaMPM32TGjtpWAvKOP4ceEVMF+TwgH/smqxcpq9m0mvEeusf8J1UcQwO2jckOuaZg7mb2nuArBaIPXmBPauLOZfDH+eXJAHf6sOHkYe0wzeVnaXTLczQGXjfcrir2iek4UIaeoZ4LlVXAdcV1ht4sq5dmx4yw==
+lat.			86400	IN	NSEC	latino. NS DS RRSIG NSEC
+lat.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . OZ3l4kuggmmkk28olgBpCIuXxoR0GZPnmFvdNI0QQTSGKEF0Jvs+BcN8mw00kXLGamClExJOYSOPLlgk9tRtu1u0GaxnRsNz28ARafnHxTWI+WEvjoNMlZ9JTiyGqjqjA8tanwguT0H4Zhg3BgPFTDbIlHKbRNLZoA3tIa+5neKTdZmcRINoHwx2HuL79x0/qhwRkVS8qD6mcv5Gx/s8o1oeDw86PZZDSLHTcRBND0Mu3mVUn8OWnAC+ag94h7YdpbSwVeVOGuH8nrXR9zuDO1J1C5VVBQ82CO7sM9kKto1CQyLJ8CqowddQxU7q2JJE2wD8yInoe05LR+Jqq73bHw==
+a.nic.lat.		172800	IN	A	194.169.218.156
+a.nic.lat.		172800	IN	AAAA	2001:67c:13cc:0:0:0:1:156
+b.nic.lat.		172800	IN	A	185.24.64.156
+b.nic.lat.		172800	IN	AAAA	2a04:2b00:13cc:0:0:0:1:156
+c.nic.lat.		172800	IN	A	212.18.248.156
+c.nic.lat.		172800	IN	AAAA	2a04:2b00:13ee:0:0:0:0:156
+d.nic.lat.		172800	IN	A	212.18.249.156
+d.nic.lat.		172800	IN	AAAA	2a04:2b00:13ff:0:0:0:0:156
+latino.			172800	IN	NS	a0.nic.latino.
+latino.			172800	IN	NS	a2.nic.latino.
+latino.			172800	IN	NS	b0.nic.latino.
+latino.			172800	IN	NS	c0.nic.latino.
+latino.			86400	IN	DS	28831 8 2 38D9082C093D8C2E653B0C2BFA3EAA463FC401FE31ED28C62B0A2B506BCF9D24
+latino.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . JTRe02V1mMN1dUm/Fb4xMrHoRPq4CQ2zggnxxt+Fj8K3XnJAFuWkDUNRiksEZcuDXTzBduEV94l1JmRzLg0xvGTXryeTsfp1p4zkAorbZjIOXpytnBTY5Hj/iA5tNVr7qHjGda0jZ5cI6umf9ZCouQeq3JG5IxSO0gXAU3AlF+5yiaj6kD2mVBA6iuiAYE0ulwHOlF01VFSqeC41adiJS3RpaohVtjJAL9GIvjIicUk6d26fKVzF4UO97nELsz7suov/1djATn2ndQ0zE/qaZBaCeo3C1dPyi+lug+vmfOfYZO7mUZHI3RbMLAKkPMb+Ex6pbN6olN4d8cRXcMdACA==
+latino.			86400	IN	NSEC	latrobe. NS DS RRSIG NSEC
+latino.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . 1TjlNYricQ9Pen4zyiuIglbTmm4o2eoLijN3s34Fvzn9daOMSphSUi050NWTsoTxRGaQ/kO4oPaEsBynb+ikujTHS2MzwYDPZ38Vxhp9ktzIIA/RaS6jGnTRPd7WbJ1byZQtDYH6Ak6ZAMm9ZOQW8qsoF0EtjvV9F6z/YfBwf20dTxTFaDTK+b/b6R/Jwh99UyAAxBtX+kWDgKNemusyhM3sZ2B7zXFX8mcfyvTMK6kl+56aoXeNYmfZ4NcdTzQaoq/G5NX1ybLHGLKFUCy3Sm3V2XjrMDNYwNU0Mqb0OOeqwwLthKP9Evyfx7ybxqz1B68HZvIaU5r8FKal7+rGLQ==
+a0.nic.latino.		172800	IN	A	65.22.92.17
+a0.nic.latino.		172800	IN	AAAA	2a01:8840:5a:0:0:0:0:17
+a2.nic.latino.		172800	IN	A	65.22.95.17
+a2.nic.latino.		172800	IN	AAAA	2a01:8840:5d:0:0:0:0:17
+b0.nic.latino.		172800	IN	A	65.22.93.17
+b0.nic.latino.		172800	IN	AAAA	2a01:8840:5b:0:0:0:0:17
+c0.nic.latino.		172800	IN	A	65.22.94.17
+c0.nic.latino.		172800	IN	AAAA	2a01:8840:5c:0:0:0:0:17
+latrobe.		172800	IN	NS	a.nic.latrobe.
+latrobe.		172800	IN	NS	b.nic.latrobe.
+latrobe.		172800	IN	NS	c.nic.latrobe.
+latrobe.		172800	IN	NS	x.nic.latrobe.
+latrobe.		172800	IN	NS	y.nic.latrobe.
+latrobe.		172800	IN	NS	z.nic.latrobe.
+latrobe.		86400	IN	DS	18520 8 2 80AD6C51ACEB853C834A7170B91F67C61A23751918E2FF96DAFA047F7FB7D57B
+latrobe.		86400	IN	DS	63574 8 2 E4568946895709133C39F850F8FA9A768B97993838EF69E35F2E3619F78AD08C
+latrobe.		86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . dy0fhaFhyClZ/QbmfxxrSxiwaK4zseKbxi1hugwmJs2gda+QWNelANvfvZn8T0UZEzw/NP+0JMQF7b7OSnbVaYzZJl3aWhtcGReeVUrDUNrHpS8j2StmCBt+H84GDJFoUulzzcpgMjoXTfsFyg9Pi3I/xRBgdlrjZuGbWdWkgt10X86fLQ76dyDU/u5XncVZPjyb+rvoQ6AV/MszWzw3s1EAWJTddegwuOENEVjUgIi8CtV43HRrU7q7KTNCVngKDLl+7A2mugNQbefChjphO3j1fSTTDYdSgIhdvkL1hAyHhBcFysgrBkZgNvlOTMJQ02ksBXpU0ab1bIcp00oDuA==
+latrobe.		86400	IN	NSEC	law. NS DS RRSIG NSEC
+latrobe.		86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . DrkrD3Mr5Ioba5OQyC7mrHv9tG3TDe1DIuzkWzMm/heyueDCSRsL7nQDraHxY+gcZRtE9EN2ZLXCEmEwpa6NrA1oB29oSMvq6ynL+fXDaucsbq1Fhs/kaCnVOpmlCO3BEH0U0Rabw7ofK/PNey1MUjLeJxNOv/I9Elep34l7F10YKHjWWYhpabc3P7raVAWXeyhdlzII1fQkD/5gNuTXWWZVZoK+rcawAVG1gmEzg6DxbgbG+c+AU9M7Eq9lLih48bX3h+yV1bpL04StRCJ/msaY2+X3G757AukPsrPcfwTct2BqPFFJpKpas3q2KWzp++8CPb5MdzvNJsIx1yVsVg==
+a.nic.latrobe.		172800	IN	A	37.209.192.9
+a.nic.latrobe.		172800	IN	AAAA	2001:dcd:1:0:0:0:0:9
+b.nic.latrobe.		172800	IN	A	37.209.194.9
+b.nic.latrobe.		172800	IN	AAAA	2001:dcd:2:0:0:0:0:9
+c.nic.latrobe.		172800	IN	A	37.209.196.9
+c.nic.latrobe.		172800	IN	AAAA	2001:dcd:3:0:0:0:0:9
+x.nic.latrobe.		172800	IN	A	156.154.172.82
+x.nic.latrobe.		172800	IN	AAAA	2610:a1:1074:0:0:0:1:82
+y.nic.latrobe.		172800	IN	A	156.154.173.82
+y.nic.latrobe.		172800	IN	AAAA	2610:a1:1075:0:0:0:1:82
+z.nic.latrobe.		172800	IN	A	156.154.174.82
+z.nic.latrobe.		172800	IN	AAAA	2610:a1:1076:0:0:0:1:82
+law.			172800	IN	NS	a.nic.law.
+law.			172800	IN	NS	b.nic.law.
+law.			172800	IN	NS	c.nic.law.
+law.			172800	IN	NS	x.nic.law.
+law.			172800	IN	NS	y.nic.law.
+law.			172800	IN	NS	z.nic.law.
+law.			86400	IN	DS	16534 8 2 AE36939D5F3629784F63C7CC2E5F7643EFD9EF7533A5049420BD067F4EEAB51C
+law.			86400	IN	DS	42496 8 2 F6DAAB5F4FC2A7D48C9E97623C3F0D478586FA882732BA0F86C31B291AD2F3F6
+law.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . puOAgoIETuEdw7eL8cNIjKUFlIROhKajsWTPor/Gp+Azyzm1jgTzM06AbzjyGDlbK8Klg+QAW0bkhWh1tTf8tAXxHzcwyUVMjt78QxoTrR2siyCcl9RZVuSmnWFLayP02qT0T+v1LeFNbYl+JV6w7O0k/fKhJzkAqa9HptvGZ1D8sWpWoi0Fn0xD+4JgXx5QpJyny99MHKUJXugV9KmATUhlPz2bTX4QEk8gUJ+IZ1FjR+elOMBMU1xPTt5Nnxb63cjDLS0hBQv4s3r07sygIbath+fsKjjmi621zRyk3AAanDPcIHIIWruVjNgrXMWLMnbCtV9OXItR047GnySblA==
+law.			86400	IN	NSEC	lawyer. NS DS RRSIG NSEC
+law.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . g6WnUwuTIwblDCBQI+qR/ZCFqtlxfscslkIbUXziSS3ld/oNLY9m5tv7Xf0xio4JS3OkPYDpzLDyXMJ0LCFEi8ed2B3qkoZD7vSDXsrhB0njc2GpF7ef+ZEM+fhiHnlZ5Ni/wHyb1cJPx4mAxPsll6oVSHUwn81qsJMHwiKOCMQcqNNpghou00noF++cUBHVhYft3dn7KoLihGSAIViHhwJ9prb9readBtcIQA/hfiHmjpfaw1RG8jRRpmGUgkUaCE2z0Xv9sSQtz3FQ4tgs1H7JuiJ3oFp/qhDTbfn7tOp+z/gOQlz+/vsnRD0PeZrffsZ31PZ4D7MRwX9G2J/83g==
+a.nic.law.		172800	IN	A	37.209.192.10
+a.nic.law.		172800	IN	AAAA	2001:dcd:1:0:0:0:0:10
+b.nic.law.		172800	IN	A	37.209.194.10
+b.nic.law.		172800	IN	AAAA	2001:dcd:2:0:0:0:0:10
+c.nic.law.		172800	IN	A	37.209.196.10
+c.nic.law.		172800	IN	AAAA	2001:dcd:3:0:0:0:0:10
+x.nic.law.		172800	IN	A	156.154.172.82
+x.nic.law.		172800	IN	AAAA	2610:a1:1074:0:0:0:1:82
+y.nic.law.		172800	IN	A	156.154.173.82
+y.nic.law.		172800	IN	AAAA	2610:a1:1075:0:0:0:1:82
+z.nic.law.		172800	IN	A	156.154.174.82
+z.nic.law.		172800	IN	AAAA	2610:a1:1076:0:0:0:1:82
+lawyer.			172800	IN	NS	v0n0.nic.lawyer.
+lawyer.			172800	IN	NS	v0n1.nic.lawyer.
+lawyer.			172800	IN	NS	v0n2.nic.lawyer.
+lawyer.			172800	IN	NS	v0n3.nic.lawyer.
+lawyer.			172800	IN	NS	v2n0.nic.lawyer.
+lawyer.			172800	IN	NS	v2n1.nic.lawyer.
+lawyer.			86400	IN	DS	24952 8 2 07F6239A01F7CAB022DB3F5773EA1F03BCF6780E4F87DE8AFD4F93883D19EBF8
+lawyer.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . xFbepyb7DcBeAaKzatgjNT18yY5VhkhZNiHeCWrq3CCt5k/af2piu0etFLLFT4mQsRI7AYuXGusTevoFU9o6VF0jBhjYzeOOWYV3WJB4JcvkE0obhHjM/Rx39p5EnMyuH+Wthc84HdZ2Q4Le2wqxK0ybfwoPSQs/ceQNSkjboWn/yuTcoUylB+DDrM7EIFmwXUT0VdU45d2Mgg9CTolpJsPXfCys7M/5B27napkT1DFKB7tyOQpbTSSPQe3qxwS5KIPTDznj3FpK9K/npWpTqnXsF/2hu5UYeif2DvIVcgiMYa7ISldB2CHbe82hQSaObPewo5RG5i1Q/U6OTiFFRQ==
+lawyer.			86400	IN	NSEC	lb. NS DS RRSIG NSEC
+lawyer.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . aEZbmxfyXODlNsmE3JBsy6aj5wdd557/qr9lr0BqsaizKMwI3BeCLy94UjKgA9GFXsHpYR4PkcJZo7e/w7FHFGWMLB0DpAAtqeEbLO58f3ypmUkJYJX/XsEDdLbnwPE+48LobHioMNeOKZMMJDLbvVtaM0t9Wilx3ONQj4SFfKqNbcc7yU/VQXe4dhxgmitaI9wOMXN9tKhtmVTYH6sSDEm96r31AhJC6oxL23bZ6IJsIxcLn5WNmjOYPz5W45KDViqOrVuVX5bqRGlmNvDu5TtB5x6sXQLFUG/RCo9PRzXx+U1ZpL1FbslOnevUuCnd7OWHOkPYVs3J7fTLDPSLzA==
+v0n0.nic.lawyer.	172800	IN	A	65.22.24.14
+v0n0.nic.lawyer.	172800	IN	AAAA	2a01:8840:1a:0:0:0:0:14
+v0n1.nic.lawyer.	172800	IN	A	65.22.25.14
+v0n1.nic.lawyer.	172800	IN	AAAA	2a01:8840:1b:0:0:0:0:14
+v0n2.nic.lawyer.	172800	IN	A	65.22.26.14
+v0n2.nic.lawyer.	172800	IN	AAAA	2a01:8840:1c:0:0:0:0:14
+v0n3.nic.lawyer.	172800	IN	A	161.232.12.14
+v0n3.nic.lawyer.	172800	IN	AAAA	2a01:8840:f6:0:0:0:0:14
+v2n0.nic.lawyer.	172800	IN	A	65.22.27.14
+v2n0.nic.lawyer.	172800	IN	AAAA	2a01:8840:1d:0:0:0:0:14
+v2n1.nic.lawyer.	172800	IN	A	161.232.13.14
+v2n1.nic.lawyer.	172800	IN	AAAA	2a01:8840:f7:0:0:0:0:14
+lb.			172800	IN	NS	nn.uninett.no.
+lb.			172800	IN	NS	ns3.seacomnet.com.
+lb.			172800	IN	NS	ns4.seacomnet.com.
+lb.			172800	IN	NS	rip.psg.com.
+lb.			172800	IN	NS	fork.sth.dnsnode.net.
+lb.			172800	IN	NS	nabil.beirutix.net.
+lb.			172800	IN	NS	ns-jp.lbdr.org.lb.
+lb.			86400	IN	DS	3842 8 2 C838938C2127E3E10E15F92106EC565EF273B2EF7E3AEEBE5A2162862FD3B469
+lb.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . b4FGmj4yrKOLqT2VY6SRy0B9kqlxy/t+P7AvOlUS0A+3NOhhz4RyCffTzUGfb20uIpQFPZwUJ55LzDvcFLQf/bJ/oNXR4tYtWAuT3aZaYpbS6nFBl5jtJupOmjcGHD2JR6uhvXt8bCXKS1zrg9alLZJkMuso4bXZ4zxL2fsk9N4qyAtEi+l5Cz9PeOPQ90nRtlDjaLgqcPdHqvcpQL/4bvp/d3audZODhsBq+0sHM1B+nHPavs657IZCzrIXYXgH9uOQdH8HIX8EajHB6AvfXCcoqqiYC315bPrYMU+WmGVZ8JRNjWkERyUew3BKruwVyP1kNI4+DTc60arGs34qrA==
+lb.			86400	IN	NSEC	lc. NS DS RRSIG NSEC
+lb.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . Hnc1IXBkENAdITOOE0Bl3QAfoZwnNk0zw0YFV4T/CFq8NOZSy2z0rdLFeHeUrG2wS21709XYjrVWzdWRtJicFAXhZOgxTInB10KkvXbI4atVjLwOdAJO94KH1xLe1yuGmTYC5xEcidLEmPqVU0xS5/haTWJa7uvounYQToacTkx1e1OfIsxFrbgTJ4IMcfXPfRp6sb0x0J18l+mJCRbhUV3oOruNIXob8fQ3EwgRMKAO4I+mhotLEME1XtAVv0doOMxHN2hSdpoZES4EWyqQckQNWvUPu9POggLG+FE3xmxinco86YPmvjqwNvlQSIsaCuyQ1uKIqMcGcZfPAHxIgQ==
+ns-jp.lbdr.org.lb.	172800	IN	A	203.178.141.64
+ns-jp.lbdr.org.lb.	172800	IN	AAAA	2001:200:0:2:0:0:53:1
+lc.			172800	IN	NS	a0.cctld.afilias-nst.info.
+lc.			172800	IN	NS	a2.cctld.afilias-nst.info.
+lc.			172800	IN	NS	b0.cctld.afilias-nst.org.
+lc.			172800	IN	NS	b2.cctld.afilias-nst.org.
+lc.			172800	IN	NS	c0.cctld.afilias-nst.info.
+lc.			172800	IN	NS	d0.cctld.afilias-nst.org.
+lc.			86400	IN	DS	28069 8 2 A729B4E0D245D3CC81FC71893943DF13F55C26D8415AA042C5ADFF42C76D25DE
+lc.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . YoRaBpAK2a19WI18o/7iwiKMLEAo3oRazkTreLihB3UlEFRj8LYYqdF8XTzTw39FsvWoDC5LXgwpBwrq9Z4K1X38wlI4m75uVpSK7+DdTQgc+w1CuoulfGJiEKUqQvG1wiJMSqhYwgI2TmjWXR7TwD86gEByVPB3kxlhmXbhu+RISLtulSNpwyIPz9TCNtbRjQvbx1QHE/QoAn8zKKKsSFklq4/Hgh1H/C+om67br+QSI+I5LuwS7uXdzIk/LIZDA7654Ag4h9TsgwHdcL4VuJcxzDLwePm7hsFAXD8pMPtOawpIrJ7E0nNgC2msS/9IUJX6PnVFX6v2aw9kn44Z7w==
+lc.			86400	IN	NSEC	lds. NS DS RRSIG NSEC
+lc.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . b4i9UWC/2E7Nrd03HufjWzp6bJ+YqCW72R/XlAP+vRVxd63/gnB3UMFpn2SYB3WaNcUKPuwh09MDpkMNXPwV5u/N79u5a/Go7U5LgU1cBPbgMQXflVYyj9O4ZpoG+rG23jyaQRaJbtKJppwUfSta6IxzOR1zCn57hBkAJis1zLHutj6y9sa+M+/X0a7ZwXFcz5IkJRWY/8a4baJ/EQWj9iqFBjBa9v9qMdbF73fP75q0YQGWOqZNwMtoZOfQHxHwzGxm69lVcmza/xnbVOHrcCabs+3v7mKlkXWYBJdbADjYpOkHyWbrwexrORjNFnIVo7xsn4SkjZ8cMlIT4kBaQg==
+lds.			172800	IN	NS	a0.nic.lds.
+lds.			172800	IN	NS	a2.nic.lds.
+lds.			172800	IN	NS	b0.nic.lds.
+lds.			172800	IN	NS	c0.nic.lds.
+lds.			86400	IN	DS	36055 8 2 CD5AC0CB52D71DC6D369CC4CCA8AAD970690BCF3BC33F2202890668E47D34A5A
+lds.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . xrmA6XGzLHGWaRKrJ439mhWk7g57IrgLBH8SL5mcC6WyEPdwCMzStBXNFSz2Gl8jwfYAvVoKq2JvFyZXtCDb5frP9WxHWQxk3jxWlWY+yMvR9k9jYWVmzqDma/Owene9tuyyATqXCQM2vK17xwHxF9hacVusjVK5mizkTNg7l/s1kdDaqnRe0jDNksjdVN3KRXBThFnaB5bU0Q+Rg62cuZelVShLlzHEKIy0635s0psdqvsOfwoS3bXjuKMjbO7l5WgDikdD99r9xWwHpaYNsz5iSvLcq2ANc/tE7QnmafOsLbgyYG0UiCxQZ54D0w823r4quW00yBO04yLDZHdC6g==
+lds.			86400	IN	NSEC	lease. NS DS RRSIG NSEC
+lds.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . eUOYc9gYdRS8dWFCHiF44KCz9y0irl16SUOc38LdEeVWb8gwUY1F/B4gTTS8f+QSdJv+O5VK8C01xfNwDjsyjL98KHSrxghagBILpSU0aW23DdIjpWDcUOc3Sd4wj8h5XYJc9EHtQGNZq3hBeIZPC9S6PYPh3lebgzDi7a2HJF2NoWacDDzalzfJmM+ooBpHTVQ/Thb2rMbnXL9I8x3nZasetoKqhz17s6Z81mO/5Vpt0BIY00yhOLOFqbnAkPm9g+B8jlkBzmoPZvXskn4uPs6M+ChctIi77Nks1C2OLtBwTtLFD81HoFmmLm8jX9Ayy19T1b9nKMX27PyIdO8EhQ==
+a0.nic.lds.		172800	IN	A	65.22.152.9
+a0.nic.lds.		172800	IN	AAAA	2a01:8840:96:0:0:0:0:9
+a2.nic.lds.		172800	IN	A	65.22.155.9
+a2.nic.lds.		172800	IN	AAAA	2a01:8840:99:0:0:0:0:9
+b0.nic.lds.		172800	IN	A	65.22.153.9
+b0.nic.lds.		172800	IN	AAAA	2a01:8840:97:0:0:0:0:9
+c0.nic.lds.		172800	IN	A	65.22.154.9
+c0.nic.lds.		172800	IN	AAAA	2a01:8840:98:0:0:0:0:9
+lease.			172800	IN	NS	v0n0.nic.lease.
+lease.			172800	IN	NS	v0n1.nic.lease.
+lease.			172800	IN	NS	v0n2.nic.lease.
+lease.			172800	IN	NS	v0n3.nic.lease.
+lease.			172800	IN	NS	v2n0.nic.lease.
+lease.			172800	IN	NS	v2n1.nic.lease.
+lease.			86400	IN	DS	49669 8 2 1C84BA6CC51944ECEBD6A197DE418AF987C88A6EE0BDAC2D1120B47E1DA6BC9B
+lease.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . MkcrjlHBIr7tNjhEuLE0YIOw9EYJkVPMqxWVowMuq9bKXUs3ib8KxiFwnsZmLpdhhhQLCzY7Ed+7GMkGnsiLSKWT3/d/xxQvV3gf1rNsBHBtAlEHD6cYjIFyO6dQka3PlpxGZSlVKy9X19pt4RhIQ2mIOEwyD5wLzwQpJwqAZMdyslUqqC8Gqirvw5ey/FCLVgto06VSjDifonWV2733og7FyyCPNY/3JUw++bPx+K8g1PnZTDjQQSWjfGzZzjdT2wYp0ke240XuMR4dZZJhC7od3snLe36/uVFZnKtOH6U3TbOwGCbOOMmHPxrOXghYFH3dFA2ZfzWhrCzJwuu/jw==
+lease.			86400	IN	NSEC	leclerc. NS DS RRSIG NSEC
+lease.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . SDu9sVuv7a69KaNuiU4/lUrxnPRdCicUXqPLAzjvSfOvakYiV/MGYPLXc4ZrHP60wJxiZOISVlJxwa7Z0EenBK9RmD/Fgs+Zn+aWmo7I8q5UPKEDE67UxJLSH5quqSlB2TlZkhwO43NShEAwIaNlwV1uokpxQgxtDiM9AjvV+nWfpeZh9r0FXSrpvD8UsxxBKkHpXnl6zPT1ga89+0o9a4GknUboOza7Veis2PdiBYg7lHpf1YZcNr+2IsunrhVBTQnObJfqZYEq0lk0QCaw3+zVdtU+1cEyDW/7GATHhhotjMLxAxrPz60W5d+xMprUFk4r1gdSi0s2nc4kMa21/Q==
+v0n0.nic.lease.		172800	IN	A	65.22.24.62
+v0n0.nic.lease.		172800	IN	AAAA	2a01:8840:1a:0:0:0:0:62
+v0n1.nic.lease.		172800	IN	A	65.22.25.62
+v0n1.nic.lease.		172800	IN	AAAA	2a01:8840:1b:0:0:0:0:62
+v0n2.nic.lease.		172800	IN	A	65.22.26.62
+v0n2.nic.lease.		172800	IN	AAAA	2a01:8840:1c:0:0:0:0:62
+v0n3.nic.lease.		172800	IN	A	161.232.12.62
+v0n3.nic.lease.		172800	IN	AAAA	2a01:8840:f6:0:0:0:0:62
+v2n0.nic.lease.		172800	IN	A	65.22.27.62
+v2n0.nic.lease.		172800	IN	AAAA	2a01:8840:1d:0:0:0:0:62
+v2n1.nic.lease.		172800	IN	A	161.232.13.62
+v2n1.nic.lease.		172800	IN	AAAA	2a01:8840:f7:0:0:0:0:62
+leclerc.		172800	IN	NS	d.nic.fr.
+leclerc.		172800	IN	NS	f.ext.nic.fr.
+leclerc.		172800	IN	NS	g.ext.nic.fr.
+leclerc.		86400	IN	DS	60287 13 2 D64818B1CD557C6040E2F188D15748AFB29AC5FAC90E8403BD391776D34A9696
+leclerc.		86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . pvAg68XQdCa0/pOyLEDL8Xjeq3YPIPSkDtzM23B5VLp1kHdIFPubqXG10RJAXriS8J5ur3jbbVcqjOMJ63sJsmE9H1PFX9JpRtH/saj6rtF08uEe5ll3yrPj1KFz1WtJBIockxrF/NGm6K2Pnrkmn14CX+v/NErhOnwdVbddK6U016tszBGPcd3yBClZoO8VyDY4NJe3/BNY0dGdROxfqtWRdiPK5haH5TD3Y8bRQwT3iDEehtC+923SPPOrZ1ZkUfqH5fsR0RsFLCnSPeI7iTGSCiWVo9N/NwFBDhMJgQ/5RvE0Oqc6COIdE3r3cKDiU/Kk0kShL8rokifMdbA2dQ==
+leclerc.		86400	IN	NSEC	lefrak. NS DS RRSIG NSEC
+leclerc.		86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . m1SBsmTTlRR7893OJbtYa0QTzcJgZkurrux1XD1MaQoeU0g84TaeZPHj0hMBAsUMa/R1knzkVOo7/JNrFNKUwHLKelgh6kuuru2u/p4v4i1nvLoExbFSr8SYxX9nzL4RkeH2mtSoYpbuyDWpM7TtW+wZpef9MYi8ItkTYYGTTrf4hKf9Slgu9BCkxHy/itnf6ClpNcDgiNX54iNkV2np+jiEI8fwz+B4bhuJHmsk9639lF4LqtYIrXfZ9TD8W1m6suUo84/ZJxtZqqBQSyz0MIG0A8i8yCLpyPCe0ZFr2CBjhAe3IGPxtQ67/CZostZyF3CK5dSDxonsqVyJsGoApQ==
+lefrak.			172800	IN	NS	a0.nic.lefrak.
+lefrak.			172800	IN	NS	a2.nic.lefrak.
+lefrak.			172800	IN	NS	b0.nic.lefrak.
+lefrak.			172800	IN	NS	c0.nic.lefrak.
+lefrak.			86400	IN	DS	13552 8 2 DFE80636FC126C19C1AF2FF130E361CB22B4F33D97A48CA25FE7C81EE351796E
+lefrak.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . noRHdBFPa/xSb1+2b5vll28R30s3JiUQ6n9iOkHUn3QCszQLnYSOrxCJo5vyj++nuKDYkHhnpywOBdzFLXdgx5ktgItifERrDQKSN+SJcMeKYvxZq8/SsVci4/IToKlt6vvf923+I2gSL87cRQn3yo9yOdAgzKP6avxEYJFY4KOFY8biUQKkhgtwdetfHORFEBLL9v80j1zxE0/t4SXUHJagmY9WYiOFaGm6Zo1uLuJX6wY4mjXIErMgW2uBfpjCM5gLr0RPGuggoCvo9pUFKPVSZpguxlFA7Tyb+9Q7ytAoi7PNYd473t2tFZjCCbCpzCvhx0y3umwgygH4J+cbFQ==
+lefrak.			86400	IN	NSEC	legal. NS DS RRSIG NSEC
+lefrak.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . vN0TYKVr3bMA4O3isu1lfCM62g0AxGEMOC+cy75PqZLjSNUdchTZvLqIuBx2lp/VZAAL/NAuVjYHBq49CRQKMXuGs95YHgG4sc09JrIFYMx36CpNRCwHyKPRQu/uq9qckre5iKohhNPMtct8DRf4RVxl82qQL0WfnEDIH0EEgJ6VcMzzC9EoubRt463KCc52WJE0I8nLcgrJPFvW1Pq86dNtSEncjus7oi+nwq7ZqDDohr4B117I6meXkrR+ZcuLu+z4nPW3wPgxAj9yT0qSX5JDykOqg2nGhn5cHC0uqChucIAkcMTH08jO4EOXFD6etsJ4v3Bhs41BeByeSl/ySw==
+a0.nic.lefrak.		172800	IN	A	65.22.112.58
+a0.nic.lefrak.		172800	IN	AAAA	2a01:8840:6e:0:0:0:0:58
+a2.nic.lefrak.		172800	IN	A	65.22.115.58
+a2.nic.lefrak.		172800	IN	AAAA	2a01:8840:71:0:0:0:0:58
+b0.nic.lefrak.		172800	IN	A	65.22.113.58
+b0.nic.lefrak.		172800	IN	AAAA	2a01:8840:6f:0:0:0:0:58
+c0.nic.lefrak.		172800	IN	A	65.22.114.58
+c0.nic.lefrak.		172800	IN	AAAA	2a01:8840:70:0:0:0:0:58
+legal.			172800	IN	NS	v0n0.nic.legal.
+legal.			172800	IN	NS	v0n1.nic.legal.
+legal.			172800	IN	NS	v0n2.nic.legal.
+legal.			172800	IN	NS	v0n3.nic.legal.
+legal.			172800	IN	NS	v2n0.nic.legal.
+legal.			172800	IN	NS	v2n1.nic.legal.
+legal.			86400	IN	DS	11869 8 2 C56D8A0808A1BA707334DAFE4D97506BF25DE7CE21885DD86C98C012E164F113
+legal.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . 1ip2UxaVTSyHs4j+lOQQOP0DomCwxKT4X0DLo8dBa00UghSublcRVH8o/OuA0CtnUjipPhHIsorIRjTOUmK6EXbuvni/IeAm7ECGTy85juinwB0NPfEl9W6iG/tHY+lJlObuFreSCeZ7Bg2boJUBSpF7TsKma6x+iffHyQQa6re+uB4+Qafrc04Ng9wyFNCzkmoSrPar8DsPK2HC6kfbM5byuto5qDTG6NE8I7aqnaf5V/RekHQpI58n68hzHswriBYZfkfAi/dSyJ84RXgwouJFI5Hvgt9ClFFOkRs6JfJcM7zmbE3xnxE8QQkzSnumapA1AZVBcRTeLovTFGriDg==
+legal.			86400	IN	NSEC	lego. NS DS RRSIG NSEC
+legal.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . GyWiL1wQ1zjvV3I9liCs8GDqEc70SO2p0PBrh+JB4LIxdLW0a0PXHhAO24OEyW9oKB4tpiWvE10hj93nkj0DUfS6xJhsaxAm7AKv0qj1jEW5nJRhsuqgTp+99BLlue7+xu59SBB6T02qh9PIBYZjPWEoRmJ5VoHCdgJmerMwS6v/oQO1GrtRSf4VzZY0ktFVPYH+0qQTkM0WqxTB/Co+COmKUAsg1B8Cf5AKFxFwXaNcR/KWYK8O2QJSP31PxcBXDjpDsSzDJxvW3naBKkNleUoY0VmVh/9KDdQg6WMHeplO6W1z8StyfFLCKERxBtOSV+EsSqNvLUzn5i8sD41B4A==
+v0n0.nic.legal.		172800	IN	A	65.22.20.12
+v0n0.nic.legal.		172800	IN	AAAA	2a01:8840:16:0:0:0:0:12
+v0n1.nic.legal.		172800	IN	A	65.22.21.12
+v0n1.nic.legal.		172800	IN	AAAA	2a01:8840:17:0:0:0:0:12
+v0n2.nic.legal.		172800	IN	A	65.22.22.12
+v0n2.nic.legal.		172800	IN	AAAA	2a01:8840:18:0:0:0:0:12
+v0n3.nic.legal.		172800	IN	A	161.232.10.12
+v0n3.nic.legal.		172800	IN	AAAA	2a01:8840:f4:0:0:0:0:12
+v2n0.nic.legal.		172800	IN	A	65.22.23.12
+v2n0.nic.legal.		172800	IN	AAAA	2a01:8840:19:0:0:0:0:12
+v2n1.nic.legal.		172800	IN	A	161.232.11.12
+v2n1.nic.legal.		172800	IN	AAAA	2a01:8840:f5:0:0:0:0:12
+lego.			172800	IN	NS	ac1.nstld.com.
+lego.			172800	IN	NS	ac2.nstld.com.
+lego.			172800	IN	NS	ac3.nstld.com.
+lego.			172800	IN	NS	ac4.nstld.com.
+lego.			86400	IN	DS	28536 8 2 FDCDBD92D8A27F3A19BA30EF37E04FF21188973EE8648975E5B9A77DB48478D6
+lego.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . mOD/oZtXuljtsRcwuEboFLfGsIhuF43PUWFRzngveSrkLALGiWMyU+niXqijgLOdPjCRIPBrrPO5hJ9WkZGfRkCH2+wGc0Q9NSU/7alFiOEXqx8/NcxldEAzqU624V2kygrjQTO3IL7PRBSAzaK52XHRqm0MqEV1fOH1j0AB4gqJj7P9QKov1GNbO4JIpy4fXUqQQP1u4wREiVPbQwh7FxtQEtOTEmmTQEhWgT3VYsuC1eB5tgpvrqiDUsCJQVO3mW5oscoz/fa7cU24JAp9jb1uk49y3+ALRpiG1TFUFp1jNtRuPvf917CmLIRCJaz/Mv+pu1+ieJxXo+rupqxjQg==
+lego.			86400	IN	NSEC	lexus. NS DS RRSIG NSEC
+lego.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . NMgkdxP3SAFDOxaHU0HkC3ubH/f/ipdkwdH8AJBgqlK/hyI8POD/S0S1RSW3p8cPmX6Fr0Y3jSDO1bW/zuDIKe5iqn1/IpYRcMvxVfkpUeBwHM0tX2UNvHJzu3YnMLj+AA9kdawGx4Ld9QdBwoYfNqQsJ9QA0z9Uw+ll4AUppxWNmqJQag6iM8K4C/Op1XVUvrhPowsaaYFpaVdjgXyA2cyKesn5pyOTXd5eMq95HdAttHpkQRYofuFp5Hp312/D+tVg/IBiOaHJGrl3Ef6PZPvQttKdVZ8jTVkpizb94DNxB9baWEkQtyyHTZI0L1puS8c5JUnOyOp87dx099LfsQ==
+lexus.			172800	IN	NS	a.gmoregistry.net.
+lexus.			172800	IN	NS	b.gmoregistry.net.
+lexus.			172800	IN	NS	k.gmoregistry.net.
+lexus.			172800	IN	NS	l.gmoregistry.net.
+lexus.			86400	IN	DS	59681 8 2 5E836746A8E2E867C1EB27292293F5AF3E849C0B5F2462C86FFA9EE85668348D
+lexus.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . ZoMUuVEduIyhKUVLJVwOpnsmwHvMqPc5vjq0kdywxnjqBuWG1eDvbgFPUGLr6QmdH5E9oMz32IZ5/hNnDwFIqIDnHcvJ33105uWfXLF7TfZ+f1raIgGAz1xZnMdxrlvrirkktzFgsIF1EODDOLKSXnAehxOaTZaGxPXmpzn2s9XfBS3l6bAiG2D6doeZ3T6zipmYcw9qwOSdrhjE3uNotxw2Lye/bMG0h5Q1DLA3C2BoAVURE8CLFt4FUl2AqK8+TcEelNRgakskSk9DfOceLJgE6ew1/Dnk095sXm4Yb2ITqu33+q1E2deOL+1ZKIhcDq0XFyD1NZXYZ5nNR//WkA==
+lexus.			86400	IN	NSEC	lgbt. NS DS RRSIG NSEC
+lexus.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . 0ahsGQ0Y3pFyBu6UJIuDgu4M3+i/ggsNUUyToarD8beIYi290Im33qk6JdF+SxFFZI75GX417dfHVQwpHIq1fAE5sCJdVPwtgGv/XmGKL4Ye+Ly02t38EvDiCHnF5dHdbpgnMBpojvQCvNAi9G+Ucx/z9ugINkuXY5B3u27lFfQgz3oVpv8xBhfwRshSCLqIuzwOdJEGPW5OVuAg+xuet2dQn4YqbotK+yt57uCU2gref8TCb1zb9ThWh/fBVhhGYPwZTFxX6qfzcIKPZ6pbc5p0evimh/Hr/wp9tFQXhmh5C8fNeVyyFfNgjNGHnrD7Ff0Oyu4hJsb7K7uEzWUFqA==
+lgbt.			172800	IN	NS	a0.nic.lgbt.
+lgbt.			172800	IN	NS	a2.nic.lgbt.
+lgbt.			172800	IN	NS	b0.nic.lgbt.
+lgbt.			172800	IN	NS	c0.nic.lgbt.
+lgbt.			86400	IN	DS	16912 8 2 58FC6791DAA780F1B589FB72CE7F1E43F39DCD185DF0E57AE60178E81FA174B6
+lgbt.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . sUBcUOt74HodV2xIqwPHkmKqxTzYzovXzN+ik/0sODlxGgJ5YFjkbsXtP8whcVApelSGCs1rbfIyAxY9plJzAMepa0h5XAxYATPZUxUgIy/lfyepTSKX3gww095OZJ62F2jyjZHPbPq/N8fMO8g7Nj0KE3QRVdbi5Nf7VrOiMZ2uPFKcmrwP8BlFPxUHGbMOGGdlPGeUiWbVLjqINGhQF/iQUz4ucyI8UEW8h2S+W7CFBkeNvcn6tqKLiVLwwZM3ZE6LMVykJIh7bLDhvhKpfl6Zv6AWdF4Sw2njN6JwdTNVR9M4xbzW6RiQbCWwegrZZx4Lks4hVW3y4S7dFATP7w==
+lgbt.			86400	IN	NSEC	li. NS DS RRSIG NSEC
+lgbt.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . Vd4m9TzV2iB3wJUvgw69swr7S8y+6K0rYg4utYsXXTxYxguEqKzZBGnBnYnJKrXcVgWbD8lAv5O8TEuAceXosD8tCzbh4t7Qn0wwvVzRzHDWKU3z5b8E9aVg1vNhBeYaRQkZFRlsUlxnuGC04RGeoqmjPALuaOKrVmXlX5H6yiSFn4V4Rz8LcjT1aMOIQ65n4HTFblMQhI4uUWTgtlzkWSLH2xSgliUbaU3kCsn+Sh3gUV0FNUlZBnuj0zrs/LM+hK9ptYcLz92dISST3kR2reVRqHJ0JE+7s8kAO/Ec6OR+MgD2YQ2gCg2H/ooUgJKiXIqGpFUxnqq+WgnkaYpBcA==
+a0.nic.lgbt.		172800	IN	A	65.22.32.1
+a0.nic.lgbt.		172800	IN	AAAA	2a01:8840:22:0:0:0:0:1
+a2.nic.lgbt.		172800	IN	A	65.22.35.1
+a2.nic.lgbt.		172800	IN	AAAA	2a01:8840:25:0:0:0:0:1
+b0.nic.lgbt.		172800	IN	A	65.22.33.1
+b0.nic.lgbt.		172800	IN	AAAA	2a01:8840:23:0:0:0:0:1
+c0.nic.lgbt.		172800	IN	A	65.22.34.1
+c0.nic.lgbt.		172800	IN	AAAA	2a01:8840:24:0:0:0:0:1
+li.			172800	IN	NS	a.nic.li.
+li.			172800	IN	NS	b.nic.li.
+li.			172800	IN	NS	d.nic.li.
+li.			172800	IN	NS	e.nic.li.
+li.			172800	IN	NS	f.nic.li.
+li.			86400	IN	DS	43984 13 2 844E2B8C231F43692D319A33657A9A83C9F22BAF53F276EF23F8405E20A0F1FA
+li.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . Phg7E9HC7x2cp9tCVpHZSKTbwWZtbulOTx8KlE+QubuEXh0smNCBoPsZwgvYmWGngBSb9p3PiIPFL++ct5Y9KEjQgJel1FhRKyXM6XbibOo8PDruv1Z5aGLaDo0KeHGcn2WVJxqrtkH/be4rGvuiI5aV9wb7SJrN9xmtta9wMCdOuBiZn0Ut9wYfWvILukRiYK9Ym2NS0ROnC070UnhIlGx67e8rKuzO4YstyhJiYzyb/2v86K+3+n5iAHevursB1NEaYp4mGpRS33HZxcYj8/zF9N9ETnnjwS9GebXQ5Hm9zRARWM7Gn56BULW+FneR7woFslL4v7pCVIr8IudN0w==
+li.			86400	IN	NSEC	lidl. NS DS RRSIG NSEC
+li.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . GuSKJajJaFVvM7O7oPONXc7P/XCaMHqDiDQ20wzWXvhln21Ve6/9plc4ho4githOel4dpTl7rpNYZ9uOari76Zep9ihiexyfr9CVyAqRXkP/IKtlj6AR5sfbjijywbyecTbYsYa0fujrd28kpby6HtX0lSE7g+lz6VQxlpdOzD770yE2Xy7brIR6t1PlJCpIMBYUI9mpqxB2JcqSqId9jP5VdcyduwekSKvCNZgVbYaeHGQKqZ6mZc9H5TX7lZM2pHA7V8wvMBBQ+VdIwX2b7is6wFwKMSGEtFdXH0hLMsLl0Ql6e7BisJvs4eg+pzcaATxvdMsvqwC1juorzNrJaw==
+a.nic.li.		172800	IN	A	130.59.31.42
+a.nic.li.		172800	IN	AAAA	2001:620:0:ff:0:0:0:57
+b.nic.li.		172800	IN	A	130.59.31.44
+b.nic.li.		172800	IN	AAAA	2001:620:0:ff:0:0:0:59
+d.nic.li.		172800	IN	A	194.0.25.40
+d.nic.li.		172800	IN	AAAA	2001:678:20:0:0:0:0:40
+e.nic.li.		172800	IN	A	194.0.17.1
+e.nic.li.		172800	IN	AAAA	2001:678:3:0:0:0:0:1
+f.nic.li.		172800	IN	A	194.146.106.14
+f.nic.li.		172800	IN	AAAA	2001:67c:1010:3:0:0:0:53
+lidl.			172800	IN	NS	a.nic.lidl.
+lidl.			172800	IN	NS	b.nic.lidl.
+lidl.			172800	IN	NS	c.nic.lidl.
+lidl.			172800	IN	NS	d.nic.lidl.
+lidl.			86400	IN	DS	25851 13 2 1AA0941E7D1538497268EE853423361989C3B0D9A8F2D3DA4E3F3BA0521E24E9
+lidl.			86400	IN	DS	44022 13 2 031250E5D00E613D5044B944A8F5D9E88FA4F803EAE5F887C1670E0A8BCFFC97
+lidl.			86400	IN	DS	54241 7 2 12602BAA0FE5B77F6070A3E78C6BB5734BC8C415A7A74724D7060D8E23CB7A30
+lidl.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . WSqAVvmzUuOeoYd91c7+NoYhjDhfasz/YDpt2UaWtX7rPXcnwfaWh5nL3louAnJ1mv9zN5mrMr7h+y18dPtN1kbosPDMmpTpqYrzPFRrSaiCYZGLBrBQzgFqMWTtCkr89Gr3TRItz6HmLPbtdz2zZ6SPW14f6XJAYlqkqVd9u4elYeSE1yllwMtqTW4AK9BGJNDDynWWTBmX2kSxAP+IgK31ySNng37cM5n5GnevSLCUVbwa+dHX+PzRRnnzhZmmcIpcu9DLbv6yShfuIj9ra8V+cHYK9oEqI9LYZDz1mo7hMahLT1ksnBSUm6bysEcoYqoFJxNX/CXRJ44zBRwfOw==
+lidl.			86400	IN	NSEC	life. NS DS RRSIG NSEC
+lidl.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . roeNH6w3XrHedP6d7UGCo+q3XFCmu8D8Wsm8B+i2Hohzy84eNJ7s0H8hmune3rbcQykoLZBnNsF8OuTGbCGvszOiJ99fpLbeTU6bzAz+aFJkfE7aawLU/HKnjMbDmk8wPwmd4lgGp2BKMh0GZiXPHFMhHwUJ/IwQqDW2XyNs+Ho+L/NUgwsr/8clMmn93Aew1EW+rK26eVRzzGg3FAlHwvfKlYScaFJokxG2Sm0yLt5DhW+Hj+dfeNN0KIgH8B3h8nqkR9PJlMclOPorIP5LRvB9aouwYoQsTPphYx6gnuXD8jZKSc0g2fQ9fhZd9Irw+pXUu1ByXfcinJV0WW883g==
+a.nic.lidl.		172800	IN	A	194.169.218.91
+a.nic.lidl.		172800	IN	AAAA	2001:67c:13cc:0:0:0:1:91
+b.nic.lidl.		172800	IN	A	185.24.64.91
+b.nic.lidl.		172800	IN	AAAA	2a04:2b00:13cc:0:0:0:1:91
+c.nic.lidl.		172800	IN	A	212.18.248.91
+c.nic.lidl.		172800	IN	AAAA	2a04:2b00:13ee:0:0:0:0:91
+d.nic.lidl.		172800	IN	A	212.18.249.91
+d.nic.lidl.		172800	IN	AAAA	2a04:2b00:13ff:0:0:0:0:91
+life.			172800	IN	NS	v0n0.nic.life.
+life.			172800	IN	NS	v0n1.nic.life.
+life.			172800	IN	NS	v0n2.nic.life.
+life.			172800	IN	NS	v0n3.nic.life.
+life.			172800	IN	NS	v2n0.nic.life.
+life.			172800	IN	NS	v2n1.nic.life.
+life.			86400	IN	DS	11164 8 2 AA2DBFF1C2F5E1C3C430E1BFC84208722612A39D3CA8E3974DDC5E0934564328
+life.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . EQKlRyusWigRZonUHih7gxjBUTzd9QSEbUkitCsAadMnZFxF0XgkIy8DYh92C5Mho1glMOAI3jHdUAy1KJcSXVXaknD4MlzIWfk4+GBCyQfcIcYH5PlIL42QbHUEXGoMBH7Rm2FaYCybD+AzIQ+sBOopdhE6f5nzKk4ZIgF7LzygnrqSqvCoGTZqxCaB6gcPglAbBOb6rHqUtM6JVDDiMBdQLlHLskowvTehM4iNgdo36DEhzrLcsp+F5GRKaXbugWdBgsXhTj5bhp/MasdwOb1Wdp1KSGwLkHHyQXfPq15FHpNUYNlLSPMv1f4wiXv6DMr/xGoPM7KahYtw8I7adA==
+life.			86400	IN	NSEC	lifeinsurance. NS DS RRSIG NSEC
+life.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . 0yHqEJTuaRPOsLlx+4V8/w9m/AGc2bTLvLtSWUSrARmtkxWnrdCM0UMXAUvsMxKFLJ+xi3n8JgMYq2bImZ7HXkpV+mkNSF5+bDC9SizcceIPTTVrYcJjkG/N20p7BmhypVMzZJM+uNDKJtS48SDdXfq4BYL10t1XCXl+w0pGzvkRFql7iULEiffunxCeWlvlFHAxM73eHZWrgsdIYiqBbZ9m/2c37TQOWBVSbDy1/vDQ1HgvsEodpB4HBlD7wgjILEosZh1RIhzDWuMw/nTKZI2w31uFEUr63fzLexOUzYTFIrnsRNqj6ybrCcB6HNzinURH+6OcTeUFtbbppD2qSA==
+v0n0.nic.life.		172800	IN	A	65.22.20.35
+v0n0.nic.life.		172800	IN	AAAA	2a01:8840:16:0:0:0:0:35
+v0n1.nic.life.		172800	IN	A	65.22.21.35
+v0n1.nic.life.		172800	IN	AAAA	2a01:8840:17:0:0:0:0:35
+v0n2.nic.life.		172800	IN	A	65.22.22.35
+v0n2.nic.life.		172800	IN	AAAA	2a01:8840:18:0:0:0:0:35
+v0n3.nic.life.		172800	IN	A	161.232.10.35
+v0n3.nic.life.		172800	IN	AAAA	2a01:8840:f4:0:0:0:0:35
+v2n0.nic.life.		172800	IN	A	65.22.23.35
+v2n0.nic.life.		172800	IN	AAAA	2a01:8840:19:0:0:0:0:35
+v2n1.nic.life.		172800	IN	A	161.232.11.35
+v2n1.nic.life.		172800	IN	AAAA	2a01:8840:f5:0:0:0:0:35
+lifeinsurance.		172800	IN	NS	a.nic.lifeinsurance.
+lifeinsurance.		172800	IN	NS	b.nic.lifeinsurance.
+lifeinsurance.		172800	IN	NS	c.nic.lifeinsurance.
+lifeinsurance.		172800	IN	NS	ns1.dns.nic.lifeinsurance.
+lifeinsurance.		172800	IN	NS	ns2.dns.nic.lifeinsurance.
+lifeinsurance.		172800	IN	NS	ns3.dns.nic.lifeinsurance.
+lifeinsurance.		86400	IN	DS	38941 8 2 E0FB583D29DFE85B4D42CA9B0FC5EB8DACBA63A801AF5B8515921702D2C3FA29
+lifeinsurance.		86400	IN	DS	62002 8 2 478B46D62EB30D95009E07212B7110C1DC20483AFEEF1754831DC17A72112810
+lifeinsurance.		86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . AHXQxY3zxrE61OFHcM5nnOD9hPK/YgprR3e8zOeImj26Ioz+arhaLpLiRGKzSG3N9iyJmGLrxQWxvoW7+RSr6w+rhHq7appE2naAfOqly7biGSiY615KsSn6hUNvP+myAG5cCMCsZBMPFzpVzN+IvP7VPC+EaCuXTf5LJzpcFSUqLd9KichY0DHAjqpmWC1XKpQAKcnQxZud0qDFKAFRM3KNSbDn5U0eSJ+Z2QsMZw3vlpX12Y96j8pimBlqlWxRGdCpEb1mMbtXIh5Yvhvybw3ZfUHqZ2E7U5snouEX2ZRtDrhj3od6L8U31yuHM8lnxFaR9rxesm+mvIsENs2nAg==
+lifeinsurance.		86400	IN	NSEC	lifestyle. NS DS RRSIG NSEC
+lifeinsurance.		86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . uT8KNgJxRPkU5s072pABYoIrxDRfVmSXhuVRBChQbX3U0Zqm7/LIc75zOZuYS+j68a8YwGbfZJVO5irk1EeOl5di1Pi5oRvDNhr1IzX/lHNsnLJ/SBSFRmBgwyrXwUd2w3KST7ojIY2suNkoBh/oFaWUfViz2WbgxKMeNQhy4jGanRK77Q86f2xlpEdPDS3xIboy8KiDPq908e88tXlNvkAGtuggLtU54kzgqsKSbxZvrNeKHnhV/Iwscf3Qd5IsT1V/5i8Pfm6Z7QI0hWr6l9gIHb+r/jCfLIcHiKz3zmEk7FF8xBEUxP0EnZDffmn/wIeNRYKpAZAw1G2P+1q1Ow==
+a.nic.lifeinsurance.	172800	IN	A	37.209.192.9
+a.nic.lifeinsurance.	172800	IN	AAAA	2001:dcd:1:0:0:0:0:9
+b.nic.lifeinsurance.	172800	IN	A	37.209.194.9
+b.nic.lifeinsurance.	172800	IN	AAAA	2001:dcd:2:0:0:0:0:9
+c.nic.lifeinsurance.	172800	IN	A	37.209.196.9
+c.nic.lifeinsurance.	172800	IN	AAAA	2001:dcd:3:0:0:0:0:9
+ns1.dns.nic.lifeinsurance.	172800	IN	A	156.154.144.102
+ns1.dns.nic.lifeinsurance.	172800	IN	AAAA	2610:a1:1071:0:0:0:0:66
+ns2.dns.nic.lifeinsurance.	172800	IN	A	156.154.145.102
+ns2.dns.nic.lifeinsurance.	172800	IN	AAAA	2610:a1:1072:0:0:0:0:66
+ns3.dns.nic.lifeinsurance.	172800	IN	A	156.154.159.102
+ns3.dns.nic.lifeinsurance.	172800	IN	AAAA	2610:a1:1073:0:0:0:0:66
+lifestyle.		172800	IN	NS	ns01.trs-dns.com.
+lifestyle.		172800	IN	NS	ns01.trs-dns.net.
+lifestyle.		172800	IN	NS	ns01.trs-dns.org.
+lifestyle.		172800	IN	NS	ns01.trs-dns.info.
+lifestyle.		86400	IN	DS	19435 8 2 4FAE9DA930DA43CA7D112ABEEB973FC22DE2A72B39F7570DBD1D7CF825AAE708
+lifestyle.		86400	IN	DS	43470 8 2 BC977BF20BAF75A4593E81D3E773F044543DE7C3DB7C8B0A7059E6F370A5C86C
+lifestyle.		86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . a9Pe8UaSfH9KgYAFiO8PARuEqrusxVHSebDLhuBuEog9UT512c1ELdrG+U7wB9qwtTIKN6keq/Pis3N/xtlStg93VjCXgUHyl6QS/M2FqoNggHiQ8/c+laqVgrg/jx+KYBb/bZgSHNlu/aAvv7hhJLaVWSvC9rOFu2BX5cnIq+ZcqHi864KqO3k44S1GH9jj40vMovjoM4pH6gWsI70HLyFUXPlJ+pDZ1pFG73SCmxWDDC13Sb9JgvI8Ze8pT8v8kIXVeNKWKClM8NOE8G3t79IPWorjhWea7UFpcgVJ0JndQgI6xyqDcPhQ0AF90TqLeOGsYd/I7yDcIsduo6upcA==
+lifestyle.		86400	IN	NSEC	lighting. NS DS RRSIG NSEC
+lifestyle.		86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . AA8JPrqHjKoAHqKEwz+ICMZbQ9jjC0jgG3S7NfbOGzehGQZBBdUafIB/OSalG370FYO2eCFAxH4fpt+Cd0G1gYLMWxH7PnXGOMXLHDcDfKJj3bPRyMsjPP9N6mzRwxaIPZQLySKMMJazjygNQKSQ1wZd8HpGGRsvf0koVsoTqpO5HK05M5n+h8a2+6QvpWBoD1m9D5tFNTJ9aoeKCeWfOyMqNGPmXGePJaFY/bGL0hy3noEEWNpJvdi/rrTyoJhkxMcPYeNgtI32dJv5KcmrRZ/sbV1yOc8beImZsilMlxtPbvGecmfJH/dVUq09n1fLTG9sv4V4ZYNKkr/xL/snPw==
+lighting.		172800	IN	NS	v0n0.nic.lighting.
+lighting.		172800	IN	NS	v0n1.nic.lighting.
+lighting.		172800	IN	NS	v0n2.nic.lighting.
+lighting.		172800	IN	NS	v0n3.nic.lighting.
+lighting.		172800	IN	NS	v2n0.nic.lighting.
+lighting.		172800	IN	NS	v2n1.nic.lighting.
+lighting.		86400	IN	DS	55696 8 2 8ED67CCF601FCF46FF98B89154D21B8C5EF2D60F34A9A4D6D1968B5869BEEFAD
+lighting.		86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . gG6zvR4fvrf1zK3Z9QfwlQpWmPbyYTAmEPkVh1pchJxYM1xuq3l5L86Qs7CEWsQwmSV/77vCRhwGxSChbYz7oAEM3p42z2ROJTZVRYyceVrSHTgbweKIe/SPkRiboFYqXwnkPIPdO5EIZQNMMRYIpz1lDpTdVugN8cYUpqfHs3Z3z+dU/Bv56nSKym/Oew5tVqrCEZtxrG6Lrunto+fk2bUNs6ckYQ8JUQbLoJG5AXnlHbdpc1Omb7O9MQBi0P/zNgyXjzQHlcEWAFTwsLKoYnPkxKJe627mPMUHjYQNQMxtsVD8mIDTus1S+LFM8yXMdoBV9h4yTs0rKq2Wdm7+nA==
+lighting.		86400	IN	NSEC	like. NS DS RRSIG NSEC
+lighting.		86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . 1Jp03CucgcxQMPA4Fxf8kaW6KCO86qjuJ8xojjfigENW+v04GC0ruoeZuvSZWqseIPKXgsafZFI+3Achs5MsOx36oVpPiaBdmczb+ProgclSPu2OwQH1HrbkrnGupJkA66K6LqchOWAPJ7GkcRGKOT0Q+MNOVOc3o3U2IKBhbgGv03KJ4+eXbWiBUVKx70JfQFxzu6S85MN1Fmznxb+TUpuwan9wRwMsBfUCYmxsvZ/GWP9beuddteiXFJRQqFRHGcC9u5DCCN0Xxdipa7FwtoL5Z8r5+tf7S7gTept0dF0jozmvCNPgSr7m1Dm7OALppCSd6VmTm0HgZnndmB6fYw==
+v0n0.nic.lighting.	172800	IN	A	65.22.32.52
+v0n0.nic.lighting.	172800	IN	AAAA	2a01:8840:22:0:0:0:0:52
+v0n1.nic.lighting.	172800	IN	A	65.22.33.52
+v0n1.nic.lighting.	172800	IN	AAAA	2a01:8840:23:0:0:0:0:52
+v0n2.nic.lighting.	172800	IN	A	65.22.34.52
+v0n2.nic.lighting.	172800	IN	AAAA	2a01:8840:24:0:0:0:0:52
+v0n3.nic.lighting.	172800	IN	A	161.232.16.52
+v0n3.nic.lighting.	172800	IN	AAAA	2a01:8840:fa:0:0:0:0:52
+v2n0.nic.lighting.	172800	IN	A	65.22.35.52
+v2n0.nic.lighting.	172800	IN	AAAA	2a01:8840:25:0:0:0:0:52
+v2n1.nic.lighting.	172800	IN	A	161.232.17.52
+v2n1.nic.lighting.	172800	IN	AAAA	2a01:8840:fb:0:0:0:0:52
+like.			172800	IN	NS	dns1.nic.like.
+like.			172800	IN	NS	dns2.nic.like.
+like.			172800	IN	NS	dns3.nic.like.
+like.			172800	IN	NS	dns4.nic.like.
+like.			172800	IN	NS	dnsa.nic.like.
+like.			172800	IN	NS	dnsb.nic.like.
+like.			172800	IN	NS	dnsc.nic.like.
+like.			172800	IN	NS	dnsd.nic.like.
+like.			86400	IN	DS	62675 8 2 373514C7EE449CBD1D66527FA947C567A8DAFEA0065D055D3226307C8C2E2874
+like.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . NeLpLdhaWMFs5/sEc2AqZk8mnhg7qQP6mG5/n1N9Du8FaGC/vJ04ykRAYU2N3j0mNLH9WqosxhusgrPm6n6cpLO+HtR6U4RhSV8qewKM6QO5xlderEcUo0g9n2S0TUdyFd7XYahQZK3fHzt1uUBATN9liq9f0EqSOroNDmeom6qWvA34GRsZjXRkgtWz6o6t8ffK3cPuGVPsjlSWiixmFrWGC6G+rVw2LBR1Zz52aj+IcYhPgUsedeEV6fHi6Kf9ziWFI0TAXxwxd6fBREwvHshzGBO9HxRuCGnZI9IVSQ25XNtqy8FvKnd7oxdb6hS+hDcj5m1yPGFgajCCnw+C5Q==
+like.			86400	IN	NSEC	lilly. NS DS RRSIG NSEC
+like.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . E+j1GNwN6AxAK2KqZ3em0jQseSHGRcGNwON/g08k8kIwaxgYhNGNtyjF6rLWVvrQGDsnL3kGuziQFh45E+KUwwNXmmkFuUoADaYUQsFioFwnbEYE307eBa4471ekAwaE3ZPYC3NxOwY/jfGdcixNO8LspJsjMHYq6B7tPiGwsIli4xM97GG0/2r+gZJQE9ysIbVqRO/qrCkaPJ6naDk8P/8lerekAw75SLWh25vKugfAAlKDJgb/wRH6CHafUix0kwGtnhruE2sI1WTdrVcV38i41rPDkc3yIszTcuMEoG0mPI6/ntDmYw61a4xdDqRiI3dciHOjuoK6otN8HO/PQw==
+dns1.nic.like.		172800	IN	A	213.248.218.72
+dns1.nic.like.		172800	IN	AAAA	2a01:618:402:0:0:0:0:72
+dns2.nic.like.		172800	IN	A	103.49.82.72
+dns2.nic.like.		172800	IN	AAAA	2401:fd80:402:0:0:0:0:72
+dns3.nic.like.		172800	IN	A	213.248.222.72
+dns3.nic.like.		172800	IN	AAAA	2a01:618:406:0:0:0:0:72
+dns4.nic.like.		172800	IN	A	43.230.50.72
+dns4.nic.like.		172800	IN	AAAA	2401:fd80:406:0:0:0:0:72
+dnsa.nic.like.		172800	IN	A	156.154.100.3
+dnsa.nic.like.		172800	IN	AAAA	2001:502:ad09:0:0:0:0:3
+dnsb.nic.like.		172800	IN	A	156.154.101.3
+dnsb.nic.like.		172800	IN	AAAA	2001:502:2eda:0:0:0:0:3
+dnsc.nic.like.		172800	IN	A	156.154.102.3
+dnsc.nic.like.		172800	IN	AAAA	2610:a1:1009:0:0:0:0:3
+dnsd.nic.like.		172800	IN	A	156.154.103.3
+dnsd.nic.like.		172800	IN	AAAA	2610:a1:1010:0:0:0:0:3
+lilly.			172800	IN	NS	a.nic.lilly.
+lilly.			172800	IN	NS	b.nic.lilly.
+lilly.			172800	IN	NS	c.nic.lilly.
+lilly.			172800	IN	NS	ns1.dns.nic.lilly.
+lilly.			172800	IN	NS	ns2.dns.nic.lilly.
+lilly.			172800	IN	NS	ns3.dns.nic.lilly.
+lilly.			86400	IN	DS	8122 8 2 5DC5F4586F67FC78F4ECEC1E95A5E1A89423DEE30A27E5BB43C31AD6A874A556
+lilly.			86400	IN	DS	60970 8 2 967D4DF30E91FD6E0497C228C18DB4FE6C3EF1479CE5428338FE0E746BC412E0
+lilly.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . UbdB6oR988OVHOoKd4MRjjBBXvGqgLGLScJSTbLDd4qNGFj1hgI27lwrlAp9TmcGapnUELLOkVH2iX8lCzneVyXtRYHQIHUuYqpquoubMk4ZAkimYvE14smD/SoQahWwIRwii+5gJboZEtQiBws1vIjTakJ7frwt92CNJUnTRDiy7p4IcrYc+ZRQIzTHlyPrtKWSO5EQMzXnKxsaXtvz91bqi3gCqbOx91VoD1xtT+5RnT9zdsm7IW27yKmWIOEmqNUwgGFM4dpLa4w1tBQY0RTesQdc2l7bsY1R31hN1k9QP43rV6hwrUv8s/dTIzlOL5NctUHRbRlM5KbTwfS0vw==
+lilly.			86400	IN	NSEC	limited. NS DS RRSIG NSEC
+lilly.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . H5DAYqu62/O0uYmSzJa1WbyYEjqHm0WXa2y4CygvXQsDX0eKwG04Y+8cjCsSXedYtaD8aafeq8TI7xVmCoiXvxQu61GJbkHcIQsC9PF+QWSbsF5uMiivtIdvAcl7mudmYLg4IZXBoNp5mAQIP1KnEgD8HBQS5O6xBP4wXfowHsmYUGKUh+1L5+4PeJF4f3XpGdXF8az/b1bO1f/1qEDr+XRF0bMAi4TaODOiwy0S/vhaW9CBbx57Dl+cVZZIvafmiX4o59FXg0N02AQiAgzqppz+xovSVsVe//Z4K/C38+d59Sj8+AX1IdFBv/hOIsUvyntS9oZtGwJ/RjlUlvFWbg==
+a.nic.lilly.		172800	IN	A	37.209.192.9
+a.nic.lilly.		172800	IN	AAAA	2001:dcd:1:0:0:0:0:9
+b.nic.lilly.		172800	IN	A	37.209.194.9
+b.nic.lilly.		172800	IN	AAAA	2001:dcd:2:0:0:0:0:9
+c.nic.lilly.		172800	IN	A	37.209.196.9
+c.nic.lilly.		172800	IN	AAAA	2001:dcd:3:0:0:0:0:9
+ns1.dns.nic.lilly.	172800	IN	A	156.154.144.104
+ns1.dns.nic.lilly.	172800	IN	AAAA	2610:a1:1071:0:0:0:0:68
+ns2.dns.nic.lilly.	172800	IN	A	156.154.145.104
+ns2.dns.nic.lilly.	172800	IN	AAAA	2610:a1:1072:0:0:0:0:68
+ns3.dns.nic.lilly.	172800	IN	A	156.154.159.104
+ns3.dns.nic.lilly.	172800	IN	AAAA	2610:a1:1073:0:0:0:0:68
+limited.		172800	IN	NS	v0n0.nic.limited.
+limited.		172800	IN	NS	v0n1.nic.limited.
+limited.		172800	IN	NS	v0n2.nic.limited.
+limited.		172800	IN	NS	v0n3.nic.limited.
+limited.		172800	IN	NS	v2n0.nic.limited.
+limited.		172800	IN	NS	v2n1.nic.limited.
+limited.		86400	IN	DS	28252 8 2 A9350D48B0282A5BFE1F7311FE716DE96CB29700B11642B15848419091C3E27A
+limited.		86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . xDIkHbwZKQiqAjPzaNql+eJR8Nu/R5Rvwhgy73v3vath+Yeq4OVflS/PpZ1PcEaJTf9o4FFaHEePHBS5OtoVs4PwhM4o5cKtCORdAwb5tISYDy4hlGNKODwIUAK4uz7139ieJB2tILK3zBW6Bjfv24sSXCUzB6M+uh3NBAecsT/Fs6aKGW0jo/vE7HajYf90TAMVYDIhsXjQW925L4+oQCq3c313L/3hQ/fWu1mmMB6CNJs+50qunN8bBV2KRRXc6TTlEZFjjzHc3FKMWwsznwPfbZ/ER1OFzIoq/mBfztvYWuMkcK7ykPI4ISzYIXktce57qEIs9/1K75tr70KjbA==
+limited.		86400	IN	NSEC	limo. NS DS RRSIG NSEC
+limited.		86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . F3ryw+YG5qxQrDc98lkBw+ZIYQjSJej06c8oUP+mSuvL/YSvP1wQebJWbm8g75Y5fZ2KtmES3n59cyNXD6bdA4xrNZqKa6LyFGbb7O392TXvlgzq/phH0CeYRTTD9yrSX7G6im0s3RpkMHU/whQlJLXMR9AZxRlrt9PJLxAEiyXTgFLHwUkGLTGSyTboUJyCuGJKMOIao1pdlTYOwnkHuisNH19jDMqbalO+ZyKO1Y3AUh7WszElKS4WJDhKXeS+WSO8hRKC9OGgEnzLO9Vp81thi2DoCPhja3oWhoh2oaugJiz3CBEMFOH1/RhjNQOakqVMrDMfxa+lhUFg8TsCoA==
+v0n0.nic.limited.	172800	IN	A	65.22.28.52
+v0n0.nic.limited.	172800	IN	AAAA	2a01:8840:1e:0:0:0:0:52
+v0n1.nic.limited.	172800	IN	A	65.22.29.52
+v0n1.nic.limited.	172800	IN	AAAA	2a01:8840:1f:0:0:0:0:52
+v0n2.nic.limited.	172800	IN	A	65.22.30.52
+v0n2.nic.limited.	172800	IN	AAAA	2a01:8840:20:0:0:0:0:52
+v0n3.nic.limited.	172800	IN	A	161.232.14.52
+v0n3.nic.limited.	172800	IN	AAAA	2a01:8840:f8:0:0:0:0:52
+v2n0.nic.limited.	172800	IN	A	65.22.31.52
+v2n0.nic.limited.	172800	IN	AAAA	2a01:8840:21:0:0:0:0:52
+v2n1.nic.limited.	172800	IN	A	161.232.15.52
+v2n1.nic.limited.	172800	IN	AAAA	2a01:8840:f9:0:0:0:0:52
+limo.			172800	IN	NS	v0n0.nic.limo.
+limo.			172800	IN	NS	v0n1.nic.limo.
+limo.			172800	IN	NS	v0n2.nic.limo.
+limo.			172800	IN	NS	v0n3.nic.limo.
+limo.			172800	IN	NS	v2n0.nic.limo.
+limo.			172800	IN	NS	v2n1.nic.limo.
+limo.			86400	IN	DS	39862 8 2 9DE0702A0EEA28354D3DCA5EB0870D939F439CB14A879B583B35911CCD15019B
+limo.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . VQOPNd9XySjZ9WmzO6My46LSqtf+8YIjxed6oaydbDs2r4Sh/r3KBkPybREEsoITtyhpv6ow2IA6wBEoyIS6KQp6a8Jt7gjB8a1kjsNhhfaXjep5COZiMRwMVMTlr6FU/HHbrMMMkIIC7EMWC/S8LYy9r0/GW3maRxWD6hB/ss7sg1jE8IHwHcWvejQhlI4uof1HfJeO/dZRp0U3F5VGrr82KtzNAQhd+4htpdmjVcZ10MbmlU5r7209eNOas0ydKSNYltPztvonifKE/1Dkc8YHgGB/r0PXXCO7mtJ8R8hlxyG6YopTAX6cGRwY0y1zrD8UOSWNBQtQvdxIW4qMVg==
+limo.			86400	IN	NSEC	lincoln. NS DS RRSIG NSEC
+limo.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . NlIWshSVaTujxy5PAb3M7ihi2DyqmXALxUaGPCYySZMguSpm3+h6kaaWECvAyZwk6VHOk5RHRFKRpTwMB8buYr5ZwHhA5LfqruJ8+IFJVBNigZ23mooIsdElPX8KZkLnpDLHEdFl5evzqJbyQVS6chR1q4B0W+7mlGCfew+2l+mGTrL8nPAJGX12IsmlI+JEc/39b2oXtXb1s1HTK2AiM6wo76gjbZXJ/4GnYHiePrDqntJH4IJE843N5ohdvX63jS6SWPtbtQCRX1uqmS6ugCZvmH9dyPjWDXn4vQAplLPDrND0xlsH1OiOK0CdhigM/1Gz47lFJRpzjqkwCX/3qg==
+v0n0.nic.limo.		172800	IN	A	65.22.20.30
+v0n0.nic.limo.		172800	IN	AAAA	2a01:8840:16:0:0:0:0:30
+v0n1.nic.limo.		172800	IN	A	65.22.21.30
+v0n1.nic.limo.		172800	IN	AAAA	2a01:8840:17:0:0:0:0:30
+v0n2.nic.limo.		172800	IN	A	65.22.22.30
+v0n2.nic.limo.		172800	IN	AAAA	2a01:8840:18:0:0:0:0:30
+v0n3.nic.limo.		172800	IN	A	161.232.10.30
+v0n3.nic.limo.		172800	IN	AAAA	2a01:8840:f4:0:0:0:0:30
+v2n0.nic.limo.		172800	IN	A	65.22.23.30
+v2n0.nic.limo.		172800	IN	AAAA	2a01:8840:19:0:0:0:0:30
+v2n1.nic.limo.		172800	IN	A	161.232.11.30
+v2n1.nic.limo.		172800	IN	AAAA	2a01:8840:f5:0:0:0:0:30
+lincoln.		172800	IN	NS	a.nic.lincoln.
+lincoln.		172800	IN	NS	b.nic.lincoln.
+lincoln.		172800	IN	NS	c.nic.lincoln.
+lincoln.		172800	IN	NS	ns1.dns.nic.lincoln.
+lincoln.		172800	IN	NS	ns2.dns.nic.lincoln.
+lincoln.		172800	IN	NS	ns3.dns.nic.lincoln.
+lincoln.		86400	IN	DS	3661 8 2 D29F19155FE9E20AE5A9FA1E1DEA7DC1BADA5D04F1FF458E8C14FCDF088ACAB1
+lincoln.		86400	IN	DS	10597 8 2 54EEB8F5A01779190A418A0BAA75372C8B84FC313188B03DB43E2FAE379F133F
+lincoln.		86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . NHheT1uTog9/YabN2AvscXbTq+5a3SQke8pUJYmIn+lLUhk03BAi2HQH9bG6jYy0PC3WqHfOaEMdQ47/ImKV0sGYvsEofhvrwNj+WsjDQw6lH2sTNKVfswo58TfrGLsKJYaZ4x97/1n2gfKeQSz9WyTVrrpqWnoEw7kNK7BH3lRIzzyEWCtaxDPRPDewwcRBfogmepkqneXTaZfTpG59VpvnneCWaIh3eaEfa1vNNFyhs6hbacSAINI0Nta8anI4wF74rPGUaNlTxbxq3JbsZwH3dTTE26VrTJVrLCVZoCDzIZr8RoPb1XJEhgt63GxHrZHvTIYwRCRoP87JX8PJGw==
+lincoln.		86400	IN	NSEC	link. NS DS RRSIG NSEC
+lincoln.		86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . Q2eUrk873/PalkOMJrfoU7VYfk0Axr4cPRKpWeU70zKBO57vfF3OyX0qXLl00NWRqEss5Yw612SojOXpUVU5slubiu0yRC46Cr26zmeNQR8mfJ0sat4K/j7SGNNpW1PlJ2Emo9b+F4Yp1mnPCU10frZKTKSmZCZcNqk7boIeJP8R84rGVcH29VrUvc5/VC+XzK4Fr3pZ+ITgSolNt11fKz6PV782d/PhADnclLy5+eCMDwLxDPjs43UGLr4leUtWN+M+43s+MlnvNMMkpoiQJQvHV/t/gtCY10XP7z8Bt5DAKrZztTMub8fSm5SxmA0SX2NEZRYiLiwyhM90pqBumg==
+a.nic.lincoln.		172800	IN	A	37.209.192.9
+a.nic.lincoln.		172800	IN	AAAA	2001:dcd:1:0:0:0:0:9
+b.nic.lincoln.		172800	IN	A	37.209.194.9
+b.nic.lincoln.		172800	IN	AAAA	2001:dcd:2:0:0:0:0:9
+c.nic.lincoln.		172800	IN	A	37.209.196.9
+c.nic.lincoln.		172800	IN	AAAA	2001:dcd:3:0:0:0:0:9
+ns1.dns.nic.lincoln.	172800	IN	A	156.154.144.105
+ns1.dns.nic.lincoln.	172800	IN	AAAA	2610:a1:1071:0:0:0:0:69
+ns2.dns.nic.lincoln.	172800	IN	A	156.154.145.105
+ns2.dns.nic.lincoln.	172800	IN	AAAA	2610:a1:1072:0:0:0:0:69
+ns3.dns.nic.lincoln.	172800	IN	A	156.154.159.105
+ns3.dns.nic.lincoln.	172800	IN	AAAA	2610:a1:1073:0:0:0:0:69
+link.			172800	IN	NS	ns1.uniregistry.net.
+link.			172800	IN	NS	ns2.uniregistry.info.
+link.			172800	IN	NS	ns3.uniregistry.net.
+link.			172800	IN	NS	ns4.uniregistry.info.
+link.			86400	IN	DS	16766 13 2 40F1045035D7BA48D27A66442B2C71CA159D219756D3AD4D35CF1E80419228B5
+link.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . geHp9XLcJIZwk58srS5IHeyrRH+4fu4fWcIfrbgwpYOZWOv5yJwu6ZFbJT4LWkjynM/J3p7ZTBu0YNtJPwy2zahaKT5d7lbnCMUTt/0RMP6JsvZ7KBDYXJIGFicBkj70gKvENuPOlC/eQ6tGc1XywDJrsVM9f6DNhyHcWhxZBnAL5W9JTZnWbXUuZTXrm6hHAA3QQ8HSY0YBWJWdnH666BhTJiAQ6kid6Jpprs/607ky9mlU+xIqO0DNlTIAzf+wZyFk2DvPMADXc9AqoO58dJgYPLkpTm0Q234jWsLOLCVwdlTq7y42WWmkWDOOa0jdx7HF/1kOjWSRxaA4QowQQA==
+link.			86400	IN	NSEC	lipsy. NS DS RRSIG NSEC
+link.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . Vpy/Qqw7Ffg4OQnC+fMEdXz42xBTF8GUMNw5u09vEvQg8SizgQ0JopzO8p4HshYmXXupE3qpRrV4Dfmjk2kYtHkKdiJpLG0x5oRmdWsOV2Jr0o0w2HD5LZaZKzaWv46y+Y3+zosCGw88BgHoPsR4FEkzX2Plv52l2tbenCXRF77pMyhavgUP+TNlJ5FlQzGGWh/mYROZqffKcPQP2tPrcZngl1gQPf/3nss+jFnLsj+1sUF53d5AzQpqY1W4AV2mRFMmpZlZgsim3H0Or16KzQ7ec7W2CclQBH48kP3jRLpFQ8owbl1QwDRfPJJOCr0eL6UXYaw293SBQzCBfwt6JA==
+lipsy.			172800	IN	NS	a0.nic.lipsy.
+lipsy.			172800	IN	NS	a2.nic.lipsy.
+lipsy.			172800	IN	NS	b0.nic.lipsy.
+lipsy.			172800	IN	NS	c0.nic.lipsy.
+lipsy.			86400	IN	DS	14890 8 2 AF1FCD22DC45F40EE44921A2CDB562F28F3412B8E9FD8648DD393282C29DD449
+lipsy.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . 0BTekRMT6oQoL8meCjsgWjMPgq7cnddOHK9K27JPPkln9yp3OW0CZz7xGvE8y3XAmzPcwHhy0wHIrWL+KS5v9e8U678orklY3x6g+MVNEOrJ+smVbwmi13FICRNAm4p/juB0JWaCl+az5bLRVH2JITS5Huwx+SiUvUoveG3J2CiTDcJOIAhhrA+CkopvNXKjhd/1WAdAwzAPz7wkmDQfJAQpZl62Ry9FIglqqQ697fnCX2K9VDO1XLLiHhC0e6+Ige5DcypzXLxnc2K076tR3rBBbckw1ikoDsCIMFtnKghd5KxAdpRIDc2+tNz2pbfeZ89d1rblDSmeSpjm2PIsBA==
+lipsy.			86400	IN	NSEC	live. NS DS RRSIG NSEC
+lipsy.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . xAuyJaPjkPE5d86UYoCt8t6UTEgSn/LVGQGJ6kJOStH2/SucRezpVKPZhZhXsp1H6nKn6q1o7w1TalQ9sXGklotzp2FeYryNALH+S2efCJfc3TdP/HOlqBeC86rNAQobhw+DAPgLFM6/cMjipwycpjAdX9cThVbCnIf5iEhz7hKM36Aje+LyzydMJ1t3HX88VxJ9BlmO6wZjQ1a8temps35HYKs/sc6nsTldZ7x966I5P4jbI1BRTZc/aoKo7Hnv4MdaKLvhk4Mz7vZ+RUvuCtO6VACDXUH6nP8FyXL+LsolZNUgOcB6HMqtdqCMPw2KFQ2d6XLnZhJxA6mHtg57Sg==
+a0.nic.lipsy.		172800	IN	A	65.22.112.59
+a0.nic.lipsy.		172800	IN	AAAA	2a01:8840:6e:0:0:0:0:59
+a2.nic.lipsy.		172800	IN	A	65.22.115.59
+a2.nic.lipsy.		172800	IN	AAAA	2a01:8840:71:0:0:0:0:59
+b0.nic.lipsy.		172800	IN	A	65.22.113.59
+b0.nic.lipsy.		172800	IN	AAAA	2a01:8840:6f:0:0:0:0:59
+c0.nic.lipsy.		172800	IN	A	65.22.114.59
+c0.nic.lipsy.		172800	IN	AAAA	2a01:8840:70:0:0:0:0:59
+live.			172800	IN	NS	v0n0.nic.live.
+live.			172800	IN	NS	v0n1.nic.live.
+live.			172800	IN	NS	v0n2.nic.live.
+live.			172800	IN	NS	v0n3.nic.live.
+live.			172800	IN	NS	v2n0.nic.live.
+live.			172800	IN	NS	v2n1.nic.live.
+live.			86400	IN	DS	36322 8 2 201DF9A9AF6766D9CDBC8355756728F2DB40BA93F9724F93AEEB1BDDD7D564A0
+live.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . aIsdbxNMjjWEsxaXXkDJekTTmuPDRsgjHRwNkXMu3rI7K7GuqL18fxsB1pCiyc5rLh6VzoDzk7oB1a3xmAW8bw6IH2UoABXOsdSfvTcZwtmCTsmyfziSjrN5p6lD46Bu5Zyzoc+Lb9GeZO5Txp4d8BX80CuVCLCXVpGO9GmZZ0igL/EMhxLc64elAND7vxB5OO4Van648JI9LHBSSQ5pu+ERn8p0VpWUSTDwefGhn5zqy1x221VtPuvPB2QZ3VX8ye/7m19P8Sh3oSe59M3/QqKloscJ+7LniPS6PDJ6UbRI7sb+li1nBRZimC3JcK+fou9nQ5He98FBHgQT4W6FEA==
+live.			86400	IN	NSEC	living. NS DS RRSIG NSEC
+live.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . LFMzsvzjhVNgxmvb60zhbKhDWp2ig2rUMqjC5WpnMsweUkTI+AtWhNLJVAJRpfb/mjXdjMolIJCT3UF5RmFWnO/AudFWyahppJKs5usSGUCVu2uOnM54y9TrDsSyjl95vbTT2BqA5aCk3By+rjbZis1x/yyWI+J4Q8+4ELnNxCSsCcYKasNOguT0oTpudpa9sAED5M3LVkFtO2sbPbV72wTQEYdwBomeuUySA4d47147kY6sAI+kZcNJ8Lwe8KNgLKYM2pgJwIiv91YRt7NtawmYO4SWA+qiYKXI6zL/ArJlhNEKMtI80qAm1xXmmRG9bATjZRmimNXOvmjVrS83kg==
+v0n0.nic.live.		172800	IN	A	65.22.20.1
+v0n0.nic.live.		172800	IN	AAAA	2a01:8840:16:0:0:0:0:1
+v0n1.nic.live.		172800	IN	A	65.22.21.1
+v0n1.nic.live.		172800	IN	AAAA	2a01:8840:17:0:0:0:0:1
+v0n2.nic.live.		172800	IN	A	65.22.22.1
+v0n2.nic.live.		172800	IN	AAAA	2a01:8840:18:0:0:0:0:1
+v0n3.nic.live.		172800	IN	A	161.232.10.1
+v0n3.nic.live.		172800	IN	AAAA	2a01:8840:f4:0:0:0:0:1
+v2n0.nic.live.		172800	IN	A	65.22.23.1
+v2n0.nic.live.		172800	IN	AAAA	2a01:8840:19:0:0:0:0:1
+v2n1.nic.live.		172800	IN	A	161.232.11.1
+v2n1.nic.live.		172800	IN	AAAA	2a01:8840:f5:0:0:0:0:1
+living.			172800	IN	NS	ns01.trs-dns.com.
+living.			172800	IN	NS	ns01.trs-dns.net.
+living.			172800	IN	NS	ns01.trs-dns.org.
+living.			172800	IN	NS	ns01.trs-dns.info.
+living.			86400	IN	DS	9429 8 2 341CE294DED797DD426A6B6AFEAA0C85BA65BBC8EC3D5A7895D77DEE88435DF4
+living.			86400	IN	DS	59309 8 2 276C77D08EFE6388824F1726E7C6D754189F9EA1747718D4960C5EE66AE2837A
+living.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . Q3/qWLWmWSNaR3kNeXaTbE6DdGvx7zKf5/nKBpQZJ6OqFs1SMVx8Y+yWBiTfTY18lwKJIsw4i0sydjPd0ZmpsOxqzfT4m64fCJZ28irrG8IvROXE3IVil+txvoTuGPjhRQQCO3GurWZw8Pv//H8asmq2U4bFggx8b+1GHZaL4gjcPt6+Xk9lMC6QM0LKLiHZXBLfozkYqDOTUs/53fSk5m6RzU4oHklfGIVs2LSneSIKVI56uVBSIcTAOYa+C1fpL49XN+LMOtAJ2livTGIpEH68YeU1D5YS/ZxHf2nOWwqLK7HksEdZzHX5+JSo64DfkTWJUZtTo5X1HxwPxvllXw==
+living.			86400	IN	NSEC	lk. NS DS RRSIG NSEC
+living.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . PAggJMLewAy7iZ/fI2aD44AvbANyYvRLwqy2UUkJRBNRGlagPhW8Fp5BW2v2dCAJdIWL6diBZdDLP6akOtEBp38ptLRYtwDaKJAU+bEbfMtmwI4fsu5oh5JXYmZT0XpOSRxEhz8GWNRFXG0vgOcLT6ofwNTHEc31h2nio0R3tG/BQwMwzSNxDupoNZrSl0QoRF9/S/TEJ6C73n6Hq4F3I8u6G1Y3yTe6lZ93ET4VgV209DMqEjcClQ0gswipQvxX5E9GrN2umGCl089LQfstTusSyoYVGEi379oZTeznStOU/9DBUB6YEIAHQrRrfvVAMckspcks7RXwgg2R0+0qFA==
+lk.			172800	IN	NS	c.nic.lk.
+lk.			172800	IN	NS	d.nic.lk.
+lk.			172800	IN	NS	l.nic.lk.
+lk.			172800	IN	NS	m.nic.lk.
+lk.			172800	IN	NS	p.nic.lk.
+lk.			172800	IN	NS	t.nic.lk.
+lk.			172800	IN	NS	ns1.ac.lk.
+lk.			172800	IN	NS	pendragon.cs.purdue.edu.
+lk.			86400	IN	DS	181 5 1 A1907F85D49081239389C216912B8937D0ECEB3D
+lk.			86400	IN	DS	181 5 2 87516D56B697CB3F7A7C3EB594EE0E16AE509D16A503089F4FBD4F347B336F93
+lk.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . UVuDmcAWoBZKjRZet8mYiCKROW4bpNqEabQG0VI4gN3T6YIXLzvV2A2UJtkQD0ZcrpQWSTiI54L7YuTfckybFdlCHXGoB5p8UPRK4TBVq3s82X6EADxh40QAG68nOchfEIs+oXxb5kSJp7mwbpbRYtYsInXBmg1txUgByQVp1Ls+O2d6QcypIv1RI4ctyGHtxyLJGgFLCPQzIwcQiJovhiu9OVzsQ9A9S8gBLFpT7Cu11OXihRuKx59F3+RA9OB6mmFJrRWx9466z1u3I4LkQnVSoTBNKGHS1WWZdXbEQWWESURHo8EkgfqgdstLIz8Uwc5MbisbhuBVKj9adiA3OQ==
+lk.			86400	IN	NSEC	llc. NS DS RRSIG NSEC
+lk.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . KYZ7P17cBf/BviNXtmziO//ub+sL5Uv7nLpVOgEPH5xiiSPILpo7j+mVyNIyiZ19HqL6ZwFSCbtA1vOjmzIDS75942OCziYQ0xkJO4gzeMadlvgUT1AlRRfguHN9POXf5A8/vPYsefITnFSc6hTPoeHvBbl6gIz7kukxRoO7ggpPNAY0wY7ewGFroV1xzKUynB8wgYoK2vu7UUMHowSB6M4QzuzSIrzaYAPsRlXQyJFYnMXMIeSiugkar8VziKhl0rFPKnKz05Bb/ZlmIjH/SW2Ms0oU/vRu8pqdFPq6u5ADWeYpKqTy07t87WoZKbaikKoZ31d0bV2YC41yyojZ5w==
+ns1.ac.lk.		172800	IN	A	192.248.1.162
+ns1.ac.lk.		172800	IN	AAAA	2401:dd00:1:0:0:0:0:162
+ns3.ac.lk.		172800	IN	A	202.124.166.178
+c.nic.lk.		172800	IN	A	203.143.29.3
+c.nic.lk.		172800	IN	AAAA	2405:5400:3:1:203:143:29:3
+d.nic.lk.		172800	IN	A	123.231.6.18
+l.nic.lk.		172800	IN	A	192.248.8.17
+m.nic.lk.		172800	IN	A	202.129.235.229
+ns-c.nic.lk.		172800	IN	A	203.143.19.3
+ns-d.nic.lk.		172800	IN	A	123.231.6.18
+ns-l.nic.lk.		172800	IN	A	192.248.8.17
+ns-t.nic.lk.		172800	IN	A	203.94.66.129
+p.nic.lk.		172800	IN	A	204.61.216.27
+p.nic.lk.		172800	IN	AAAA	2001:500:14:6027:ad:0:0:1
+t.nic.lk.		172800	IN	A	203.94.66.129
+t.nic.lk.		172800	IN	AAAA	2402:d000:100c:0:0:0:0:129
+llc.			172800	IN	NS	a0.nic.llc.
+llc.			172800	IN	NS	a2.nic.llc.
+llc.			172800	IN	NS	b0.nic.llc.
+llc.			172800	IN	NS	c0.nic.llc.
+llc.			86400	IN	DS	25591 8 2 93C8B54BD9413A06DC25A32304B423342FD3273CA6785071C4BD18A2D8B04819
+llc.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . D9whS3zwfzKGObkTF+U3D/4GAF0yrL9IoAEdwpz0QBF5BS8xqqNDl/zXyhAzG8I1XBLroIxy5uUl2GuMP12uWBCPYme8XYp5bs++58gK/eSmeTPBn9Y/45+CxIq4HHx1ETpqd1iA9SGyHegoxYsU1jUNM3Q8BYf7sVU7SPyEu6SX2xfudbabNlsx4soBgkhlLkQbzGaaXsNN9jj/uqb7yMrQo4KH2fLs8Gl2pu/dEQufRl6BzEOL8QojrPalbZvwKP4kk+BJN7Ei31WJaPxdX2+ZD8vWS6dFgPjhQvKNqaqK1gC8Kf/qH3aR8jNfBu3olJXLLILQtdnSpZX/5VCOqA==
+llc.			86400	IN	NSEC	llp. NS DS RRSIG NSEC
+llc.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . DtZCN0PmTfmn0fQw71T88mIc+UsthJYlDBQDJyyjC3u+5ZzAVhnID57Vaknguptm53uBU5bUxPRVxo0mHg49i653kv+XMnHRR6zvN44Z8mN7jKYypMU4rs++3MuofLrZ2f4PGV2gHaaS4C0d5RqhbytnLUg8FGMrriAii3cc3XsiSmI8UqNfr/d8RN8VUnDovD3OxfIKmGULpRf6zncqSyNX3NXYDflB752bD2IgPc8fjWSyjrietlc8/a1ADzVdA07UuAYxLEUsX81htDHwOgR3TLFqrXVE8bWq+jBKtllg1m5xhTizLe3Xn87ER8NSgE+yF0bp5Mg+udZS9rmbnw==
+a0.nic.llc.		172800	IN	A	65.22.36.9
+a0.nic.llc.		172800	IN	AAAA	2a01:8840:26:0:0:0:0:9
+a2.nic.llc.		172800	IN	A	65.22.39.9
+a2.nic.llc.		172800	IN	AAAA	2a01:8840:29:0:0:0:0:9
+b0.nic.llc.		172800	IN	A	65.22.37.9
+b0.nic.llc.		172800	IN	AAAA	2a01:8840:27:0:0:0:0:9
+c0.nic.llc.		172800	IN	A	65.22.38.9
+c0.nic.llc.		172800	IN	AAAA	2a01:8840:28:0:0:0:0:9
+llp.			172800	IN	NS	a.nic.llp.
+llp.			172800	IN	NS	b.nic.llp.
+llp.			172800	IN	NS	c.nic.llp.
+llp.			172800	IN	NS	d.nic.llp.
+llp.			86400	IN	DS	16200 7 2 0D84D15BF51C1A1C7EAC512663C58BFFDDB5CB5E3AA960399D551754A471870E
+llp.			86400	IN	DS	27216 7 1 5DE35ECE1AE46BBA06281C8DA6FFDA34B167AC2E
+llp.			86400	IN	DS	27216 7 2 B95649568BD88F57C7500A9E21D1D181065170CADBB881E299FD82E3A9909C23
+llp.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . uz8PLqmRxpmDpCU+gR0+sISZxjE8X/+Qdmo7RCrs/9+VYcqdmZFF0hbLZ9IkUq0pep2lH+tBn4olwyRRlgAIhgxPszlisZgSeqUTpXP52j5zDYqwGC327ePeyAGWbpYDOjB1V0wflcmgxbrGdqnItHe83oZilz6C2BodUsO0gFC1GS/F0flBPcmHzu4N769vWu35nApXITCsapuWsU/KpaBEWvICcwQ+B+Pw13g+Wpu4lcl0PMniVAvxPhp4rhPgsdDPLjyKoXhuLRUqPXaDz7tDQN/S/hTHgmvPVk24EWB/AtzSEIrm/JTI2lbrhhAZGtEx05jlGfk0x9lYc25giQ==
+llp.			86400	IN	NSEC	loan. NS DS RRSIG NSEC
+llp.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . L88PwYv6SXyH9SsR6MfR6cDwUQBNytLjFzUaUn8zrQ1vMrO49dTpq/+F+2WbNSowOzKqcZEQYQvEEp4XD4rwOMTmjP2WUd5mzBqvYVj2Dy1JMSVUhO/UOZzSxANxBS2uYQP1A2NkMQKGq7Z17FoijRY+L2znmuoDa5hu+AbuRnQTJkbMAxRYX16A6TX/OYrHkQ4F8G9BbRiK2QASRFVVpnayqDfXLJgIv7Pj85nOL7F1eXCZZkBUjuFlwivEuCvqCA1oMN1v/BIYTU6rp+rvCuf8f45V7FLoEnFWBIXziKb4EHwtZEC6sdst/2eOvHOIWDXvQrXqtQSjurrpHSz+UQ==
+a.nic.llp.		172800	IN	A	194.169.218.157
+a.nic.llp.		172800	IN	AAAA	2001:67c:13cc:0:0:0:1:157
+b.nic.llp.		172800	IN	A	185.24.64.157
+b.nic.llp.		172800	IN	AAAA	2a04:2b00:13cc:0:0:0:1:157
+c.nic.llp.		172800	IN	A	212.18.248.157
+c.nic.llp.		172800	IN	AAAA	2a04:2b00:13ee:0:0:0:0:157
+d.nic.llp.		172800	IN	A	212.18.249.157
+d.nic.llp.		172800	IN	AAAA	2a04:2b00:13ff:0:0:0:0:157
+loan.			172800	IN	NS	a.nic.loan.
+loan.			172800	IN	NS	b.nic.loan.
+loan.			172800	IN	NS	c.nic.loan.
+loan.			172800	IN	NS	ns1.dns.nic.loan.
+loan.			172800	IN	NS	ns2.dns.nic.loan.
+loan.			172800	IN	NS	ns3.dns.nic.loan.
+loan.			86400	IN	DS	32044 8 2 4263DEF7BAD2257B9020E8887811109CB097FE253BDB6CDCFA2C1F95EE136979
+loan.			86400	IN	DS	61084 8 2 88742B97E99CEE43C1C901233A2A21779DC101EC43CF28C287CDD6509B3D7401
+loan.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . ihRAua1phs+ovibfZFQFNv79VnUlyeP7cqEITCs1A8DQygzhAg8xqezhnAsHiexR1oq/SZmG8WDDq/73/jXbV4LV/fATt7x/yOOOGkWtZ8uPxyI31zZJqO2ylMSffvoDayFL0aZY2gqYbo2YdxXYJ1X4soXfy5CpOVomrJD9hj2M80bWqw7SE15En7tR1sdPPfAnF0yjxmTrZgkGKpuXPMgpkZgtxEEPaciLegZV9E68KaWoP8nQu/pzF975ELwVMmYzHLkeXhZCVpvrYJhNb85Wj5h8K1rtp3I0Rne1sZr1bQUijgHa90mUKFy4LBBbrYXMkTAByLAnbrhL3iSXvQ==
+loan.			86400	IN	NSEC	loans. NS DS RRSIG NSEC
+loan.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . UQv6tD6W19rHqG8MJ8IrakkidLJUftlmtDLweopsXi1hH1WdS2MFZILVBYXf+KE7dYUgJnYZkqwLGeQFBc647eK7cUVFueDg8sYKnYFoFq/AZsujwNXmzzsGiY2VvQ6dQgLgLV5K/yt9pL4FApSY0C66R6PYDeKdglc6fPrB0J8rNYpg1Ok3/cU8uJYFN9O+Kis06Gxg3CjRoPRWlSRaBCmrlQOpfRVT3eXjpVNEBt/qYR4cj1CAJs+KxwKUOtY9GmxwTw2OjuatDa4Whv+x4A0pjV827bQ9zQ9ulTb58Vw0KbG6p6U31yL5SLyzrB+jZYdoI98YE5hdbe5iPJBo5A==
+a.nic.loan.		172800	IN	A	37.209.192.10
+a.nic.loan.		172800	IN	AAAA	2001:dcd:1:0:0:0:0:10
+b.nic.loan.		172800	IN	A	37.209.194.10
+b.nic.loan.		172800	IN	AAAA	2001:dcd:2:0:0:0:0:10
+c.nic.loan.		172800	IN	A	37.209.196.10
+c.nic.loan.		172800	IN	AAAA	2001:dcd:3:0:0:0:0:10
+ns1.dns.nic.loan.	172800	IN	A	156.154.144.106
+ns1.dns.nic.loan.	172800	IN	AAAA	2610:a1:1071:0:0:0:0:6a
+ns2.dns.nic.loan.	172800	IN	A	156.154.145.106
+ns2.dns.nic.loan.	172800	IN	AAAA	2610:a1:1072:0:0:0:0:6a
+ns3.dns.nic.loan.	172800	IN	A	156.154.159.106
+ns3.dns.nic.loan.	172800	IN	AAAA	2610:a1:1073:0:0:0:0:6a
+loans.			172800	IN	NS	v0n0.nic.loans.
+loans.			172800	IN	NS	v0n1.nic.loans.
+loans.			172800	IN	NS	v0n2.nic.loans.
+loans.			172800	IN	NS	v0n3.nic.loans.
+loans.			172800	IN	NS	v2n0.nic.loans.
+loans.			172800	IN	NS	v2n1.nic.loans.
+loans.			86400	IN	DS	42307 8 2 1861E548A3F914C3B7F4DB8336E56041359D352B703D9E302193FC1A98D3AE1B
+loans.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . NYiCoVaS488TbUmdMBOLc4kC9uS+XH0F9WEdRefyuebPTqijQPDrthBK+KkbFkejuP4HiNq9aPHtqsQrQ7i79DecPnruiETfERT/E/caMolYOyUrvWmpDFL9XqM/UX8TvjJQefvB0icBvzAj3a6TLpg2BdQa/gR9OdWi7rjJqSlwDHp7rNbuOgIv+Mkrz6kv0UZ3ZD/FTgKAikh5N8F72Nw0R0oa+QqRHgEJSYfO756pg9q5tiUZ1+TRVvR1IBCVCIBis0riRJPLRk18CN4Ly4IbKZVwsi97b++UFIWoIkPiQjmAOx4hJ3Fo3r/MIQXgQO9p+ahmeCe/oCFRN51RzA==
+loans.			86400	IN	NSEC	locker. NS DS RRSIG NSEC
+loans.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . BcZaJOXACGBJFeiXD4CMeoWRFeNviFFvZWlMcDm5il9Y+6OuLMgZZcZFwEBMwy5JVb42w3xdg92Y4w8otrG3FuWakH033e/ZEQHUFIsEmjHZwthZ1txEWxcBCzAo5gICQp9yr+ltVmqs/QoZVnWcoQ0N2Xxc/v7+ZPE9oPF0/jXxZSJqnxJxqDV9aW9ZfY2BrzXw9NTS/z7E9DrTLl0TOaD0HMSHHLSkYEASuieLvcoqIKZBCBl0AuL3NgFOAdFKmbWZM+6GihG6g4kXuPwABmHumoesU5kbXtghAg3nsxYlNVaukkai6kyG+sv0RvjHnoN0dtSQgqkevpWpl/NQJA==
+v0n0.nic.loans.		172800	IN	A	65.22.24.55
+v0n0.nic.loans.		172800	IN	AAAA	2a01:8840:1a:0:0:0:0:55
+v0n1.nic.loans.		172800	IN	A	65.22.25.55
+v0n1.nic.loans.		172800	IN	AAAA	2a01:8840:1b:0:0:0:0:55
+v0n2.nic.loans.		172800	IN	A	65.22.26.55
+v0n2.nic.loans.		172800	IN	AAAA	2a01:8840:1c:0:0:0:0:55
+v0n3.nic.loans.		172800	IN	A	161.232.12.55
+v0n3.nic.loans.		172800	IN	AAAA	2a01:8840:f6:0:0:0:0:55
+v2n0.nic.loans.		172800	IN	A	65.22.27.55
+v2n0.nic.loans.		172800	IN	AAAA	2a01:8840:1d:0:0:0:0:55
+v2n1.nic.loans.		172800	IN	A	161.232.13.55
+v2n1.nic.loans.		172800	IN	AAAA	2a01:8840:f7:0:0:0:0:55
+locker.			172800	IN	NS	a0.nic.locker.
+locker.			172800	IN	NS	a2.nic.locker.
+locker.			172800	IN	NS	b0.nic.locker.
+locker.			172800	IN	NS	c0.nic.locker.
+locker.			86400	IN	DS	6301 8 2 2A62E4284AD1157A9994BE5022A76CF66C2C233CEEDE058C673D065FEE63B90E
+locker.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . ojRXD5u8zix5+vSYKGIq+0t2u/hO7cGWQbGRuKdxAowovpFJFV6/7yUWPfaY5hPDyM7AWL17ZH43PNIc8BPkKz/kUJgDkYAmYjTarPJLm5NF2T2Q/7djJEemuf1EBH024RWxCil8Op8J4rfj416JZ+/zGYeVO0ajYntcpSMt5367AJcXN4+Nedyfi7eQDh1KTuC/cdHaj+1hbRhTuUlH7VGuGNaqnl6CXx/hGbWwXl9vnEyMVF9O9Dx8eAG9rfGgxl+2dYD2HyVhwto1XR6dyM0lGhp6xUcSWtK5pud+N9y9+UjPxWBZ42GULL9W3O4ADVCawFFHb0ur0+L29QtLGg==
+locker.			86400	IN	NSEC	locus. NS DS RRSIG NSEC
+locker.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . cw7UPwLRf8hssAmJudaAg28Ufc49hv2SV2fIAydC+pQW0dvxXg6oq3ad8Li4WdYMYpK7iBFyzYnZbLyzY2HiKiY4UrIfWvQY744ykvE27jkP7KeioO1E3WICPMYPTlYHAkV8sF9trtsnSCyOlGry5RH2jAE78aReG5EVPRFM6HqhfVzEXr7CRmf+RX/T2IJLDcVaO8Gt/iKdEvF2Or8MIXDWL7RFueZ54InYx96y/pswSCD/Zr1/URTXE+fGdHM0Yw4Qn3DuBi3SJlZHU/KJ6Y1EIgTOyCkgxDPw3jZ0zokA46WtD7PKSGT6IijYP5OUTLC3UVP90wjr2DubeZiUqw==
+a0.nic.locker.		172800	IN	A	65.22.96.33
+a0.nic.locker.		172800	IN	AAAA	2a01:8840:5e:0:0:0:0:33
+a2.nic.locker.		172800	IN	A	65.22.99.33
+a2.nic.locker.		172800	IN	AAAA	2a01:8840:61:0:0:0:0:33
+b0.nic.locker.		172800	IN	A	65.22.97.33
+b0.nic.locker.		172800	IN	AAAA	2a01:8840:5f:0:0:0:0:33
+c0.nic.locker.		172800	IN	A	65.22.98.33
+c0.nic.locker.		172800	IN	AAAA	2a01:8840:60:0:0:0:0:33
+locus.			172800	IN	NS	dns1.nic.locus.
+locus.			172800	IN	NS	dns2.nic.locus.
+locus.			172800	IN	NS	dns3.nic.locus.
+locus.			172800	IN	NS	dns4.nic.locus.
+locus.			172800	IN	NS	dnsa.nic.locus.
+locus.			172800	IN	NS	dnsb.nic.locus.
+locus.			172800	IN	NS	dnsc.nic.locus.
+locus.			172800	IN	NS	dnsd.nic.locus.
+locus.			86400	IN	DS	23735 8 2 FB7C38BE258C83CB17367AB656FE05F6A8A2A616FEAC4115DCECFA7DA03A1214
+locus.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . jz/2i+dVDRn8+1+6ROX6ibj8BjCajgOGJEexdfYPHzc2ACdpIXhlXfVp8cXVYlKx8s57R7kkIeRJ48MyD2BVk9PbwtpYYzNBXWfZmduAVy8kt/67THZ0m47o0rdf2Ugn42cyk51y0H0yEvifI7h9eeh3X5wVF4adJNi3Hdwf5bs/urgxPfuKLeHj/POj/ovUn70iHDUEH3ubvYOJIuZ2NAyhM4V0/Nt5UIxcodGJFf5sreaHEEWX/L2KWdMh8JqlLcEH/PvqnHB8+joXG6DxXgW8qTNIdMvMemGeuNleX+9gEuzzrL0zfxFguibPZSHx44CzWZko+E7/flYbNPs6lg==
+locus.			86400	IN	NSEC	lol. NS DS RRSIG NSEC
+locus.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . ArNuhx1pPxVQ/h6LMumPAsK7IW5oJAZJyo72GUS0NUXuLMn5EbUSeVnk/z7rf4HtlQj/930fX52S8faNPOpWqcgunEzNLSJPVF02jMqpxO8wf2nWy30QlMj4HuVh+IFGl2Y2XmHQ/vD7SPOJNkBQE7O2dILd9KSQhj/3jJV0fgFw9qW08IWJCBKVLjXJNCFmcL8mDF3vSYLGfhxQ+UW2JsKIUCDfEP60dPPY8IWaUAnuKF+4jYxSsN7f0o60j5ZnmLdc4GoG51ki1zVqKAqgypE5LezF29A/vGOUMOmbmnhmKjevrqwx7Hb4h3AzNa1WZlHHLYNmXiGGNJRp/jU9+w==
+dns1.nic.locus.		172800	IN	A	213.248.219.11
+dns1.nic.locus.		172800	IN	AAAA	2a01:618:403:0:0:0:0:11
+dns2.nic.locus.		172800	IN	A	103.49.83.11
+dns2.nic.locus.		172800	IN	AAAA	2401:fd80:403:0:0:0:0:11
+dns3.nic.locus.		172800	IN	A	213.248.223.11
+dns3.nic.locus.		172800	IN	AAAA	2a01:618:407:0:0:0:0:11
+dns4.nic.locus.		172800	IN	A	43.230.51.11
+dns4.nic.locus.		172800	IN	AAAA	2401:fd80:407:0:0:0:0:11
+dnsa.nic.locus.		172800	IN	A	156.154.100.3
+dnsa.nic.locus.		172800	IN	AAAA	2001:502:ad09:0:0:0:0:3
+dnsb.nic.locus.		172800	IN	A	156.154.101.3
+dnsb.nic.locus.		172800	IN	AAAA	2001:502:2eda:0:0:0:0:3
+dnsc.nic.locus.		172800	IN	A	156.154.102.3
+dnsc.nic.locus.		172800	IN	AAAA	2610:a1:1009:0:0:0:0:3
+dnsd.nic.locus.		172800	IN	A	156.154.103.3
+dnsd.nic.locus.		172800	IN	AAAA	2610:a1:1010:0:0:0:0:3
+lol.			172800	IN	NS	a.nic.lol.
+lol.			172800	IN	NS	b.nic.lol.
+lol.			172800	IN	NS	c.nic.lol.
+lol.			172800	IN	NS	d.nic.lol.
+lol.			86400	IN	DS	14131 5 1 A80AA63C99464101BAD5A82079D748F602A4A79F
+lol.			86400	IN	DS	14131 5 2 4564B365617A6BCF1C53C04DD101339729F556C2837AD8AB095CFF78CFF1F97A
+lol.			86400	IN	DS	15019 5 1 4F3C98C4C13B1657CFA5D90D945EF26008FDFF32
+lol.			86400	IN	DS	15019 5 2 24CEA2AA8A26053D2DA0301850748F74E217A52A1B1941E86963A32C5991E9BB
+lol.			86400	IN	DS	54097 5 1 D96BD9FFFFDF0E0F85A1E2FD01306042D63B3919
+lol.			86400	IN	DS	54097 5 2 EFC57A65D9C270370A1DC1F6A3DE157C6F09032864E976AC5BBB1710C6BC6779
+lol.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . 0XnY3KO3t1hPmm4Htm6FeWnk6Q2H+iHulM8ea3mPS6F79c7JfddEyOGtw2ys54DSkT0p8jp07iYtpIkv3VMNTd5IXhnT24oW16bfBqh1amD7CVtaYVVNIGRWNv0wpjvBL3q0Hq2WmIsuDvIPKI3Of71OUo4rx+dc7ctoE0PaaoXOYqmxedAMWV4xahC9npXFs+PZMk3HqWGGsA6Ky3R29+Sy7rgHS8n4ay6vtfVGjxM9TtitfFWRrGT7YgjB1gZs/Yl6hNSelbipM8gpGSaAhnoa+0Dkztd2H+k550KKyUz+TGPNEoLeVjSJ3/HiaWE6xkJXc5y2wXqese5gKNgKOg==
+lol.			86400	IN	NSEC	london. NS DS RRSIG NSEC
+lol.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . wcEM9BuAI0eCIRtFgXnX+4VzQ+ZttQ/u9QX99llYbueVDKQGdmtwB/3Gk4IgqEiwVYXRa02k6BYpDXVUDQCL/2q8tV6sUc5rT42IAPV13RJtZtX8K+UFnHQF5uuwBA/h1vmpHMwOFBA1xoxYDTprkQtRUSxKfTJldc9omExjwfVMG30FQMv5sOKOHKKNJ0BpaGaQHMu9KayQiTwhDDurGX3Hl4pkJC/xnJJAYZLqk41MrkajudSUcRArrRWGwiItbM+g662jNIdzErcrElGBYiGL+9dHypEp8+c8/V1pdMW+ZzX/TcZYIrgFZk3nR3NLuQyNAkIjIeNsgjdX3em7Ug==
+a.nic.lol.		172800	IN	A	194.169.218.146
+a.nic.lol.		172800	IN	AAAA	2001:67c:13cc:0:0:0:1:146
+b.nic.lol.		172800	IN	A	185.24.64.146
+b.nic.lol.		172800	IN	AAAA	2a04:2b00:13cc:0:0:0:1:146
+c.nic.lol.		172800	IN	A	212.18.248.146
+c.nic.lol.		172800	IN	AAAA	2a04:2b00:13ee:0:0:0:0:146
+d.nic.lol.		172800	IN	A	212.18.249.146
+d.nic.lol.		172800	IN	AAAA	2a04:2b00:13ff:0:0:0:0:146
+london.			172800	IN	NS	a.nic.london.
+london.			172800	IN	NS	b.nic.london.
+london.			172800	IN	NS	c.nic.london.
+london.			172800	IN	NS	d.nic.london.
+london.			86400	IN	DS	9956 8 2 DDED8BEE7362BBBF9F4186B413C901FF293F5897412FD92E5EF507765D0A6443
+london.			86400	IN	DS	11861 8 2 5083FACFD25EDC276C25D2D3DA986F370C82BF31A01821ABF462C35800548F77
+london.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . eJhYrlrUR05rVnQhDE76PM35nCuj/qTeixKwqj3kloRxSnZvghiNJilrI+LAy27p6ttPdwo6Sefg3AcoVrzl/90c4sWqE9R/MiAnzv2ZQx+nppFdU6+RI2NsV/DTgAghPuAl5dx6UOvaQm1JDyNMNg5LDdyWgfFrxTj6n2OqDQbYx4K2iYxGmC6RrD3vZGW0TiL/VV87rA1AAqTXM4NyjCGK5wERFGQMIp6VHq2W9SG/apvc3tdW6TTdMpQMPJDHkRY9MH810UyZWX/sJtdZZX1nd9lALju/E/+5WHBDaibZHN1owUFjkvjRGZW8/1ta/gP5PkL9F/HIUg+zlRbGzA==
+london.			86400	IN	NSEC	lotte. NS DS RRSIG NSEC
+london.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . X4I6dl9umKgXJaQMNnzTdL4LIyfOoLid7LIm4mgvLbfY0KMkPXxzCYWtVOpLe7+5M7T1/tv9yV4JRJdIH7kjJIvUovJpeEsV5ubn83x+2oDie0YOubhjFZjXS1ATnU/Ehf1cgQEJ46AEhsFhxwhzamrQiGPc7btA/sPfvq/cdMNm/gdlPeYC/5a97v48GzS6ZAwmV9In6pawv247fNU9uc2LVQSol9Z4yaVabGm9IK7t+T9h2EPYTN1a2KJ8iAx/h9rDcCUcMoPmzOxq9PRj2RH7DC0syb7CvwmQl1MAJeufe8TalQLCtQZYkBhvt4EqtIFY36EIP4Xf6jp1EShe/g==
+a.nic.london.		172800	IN	A	194.169.218.141
+a.nic.london.		172800	IN	AAAA	2001:67c:13cc:0:0:0:1:141
+b.nic.london.		172800	IN	A	185.24.64.141
+b.nic.london.		172800	IN	AAAA	2a04:2b00:13cc:0:0:0:1:141
+c.nic.london.		172800	IN	A	212.18.248.141
+c.nic.london.		172800	IN	AAAA	2a04:2b00:13ee:0:0:0:0:141
+d.nic.london.		172800	IN	A	212.18.249.141
+d.nic.london.		172800	IN	AAAA	2a04:2b00:13ff:0:0:0:0:141
+lotte.			172800	IN	NS	a.gmoregistry.net.
+lotte.			172800	IN	NS	b.gmoregistry.net.
+lotte.			172800	IN	NS	k.gmoregistry.net.
+lotte.			172800	IN	NS	l.gmoregistry.net.
+lotte.			86400	IN	DS	34387 8 2 5D13945C642B308E7D91B7653614033529D3C6B95C38C0EDB47913EFC809D769
+lotte.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . EjpwiRLCpvpyZd6aqS5tl4hMNhGdF4XE/7nTNeUve/Su0q/TjAgOahezOa+786mDpjmQwWdw8IdJQ2FFXbvtzaGhuxClfFVEG0z/6Pxmhvn+UZwjTChwOJ/opQ5G21PJFmQbzdPDjbAJn+im/DZOP9oI4js+kU43R+v9PkC2dLSMgavFvMHoapvuISvYWANrzZj89HWypzkTJz6xmohAW2cEjln4MpBhqVrSCQicY+g/SAmENoxLu9tmo55LBKKmTTpf8fC/4cL/9RIiG7Yv2xF+vl/7eozN1bPOCLGcdH2nXQcqWlcsOjzJgnJpWMM9G3LxoPIYnmp/6rtS7pqgTA==
+lotte.			86400	IN	NSEC	lotto. NS DS RRSIG NSEC
+lotte.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . eiTabdvZVlYDCfu+xIJNyWR+gjGzFxfgiz14h1vlKd/gGIaHD4D1dXR1eQzvze5lLTufYcoAHN6LYD3MP9Nkf8nyb5/CYc+DEizdHzUt9uF0isNn/GNZ4fjV6Rv0htxmMXbhOMbFZx0EriXUjtFL3hUDXXM93HfrWtSj/E7YI21GVAXgMeRRIkLm3zjkWFb27VI8GQOZSfAwrpklV5VtVQftod6ZpndWyQN+GWQFfhfyAPPbiq9yi0/NBTnmKzH5/QQi98jxnbbG6dBIGffzqQ1tttn2GMUYyxTw3v7q0sAcvijayq9tA6ZD17s/Q96q7DakF9GeCDSSKfxqDUrGWg==
+lotto.			172800	IN	NS	a0.nic.lotto.
+lotto.			172800	IN	NS	a2.nic.lotto.
+lotto.			172800	IN	NS	b0.nic.lotto.
+lotto.			172800	IN	NS	c0.nic.lotto.
+lotto.			86400	IN	DS	45466 8 2 6FFE76934A3634A61F99FAD76FA0506A7682C5541452CF7B289F348FEDD124BF
+lotto.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . nHaRCB64Jr/dU6x/PpxE77rdqYWr/kdrXP/j+X6IfEDExKLpsh7+eYwOpY8GB+Nj8lQVLWKY6fDSVHAxW4xkXBMGe7KPLE+AX+9RkIcYQDFJnVVQOV8EEQhNEtbpqrxigUjpZOErfcWUZmWjEvP+divfD/kL0mJK0pXTDJRXyF/HFkISSRePAApbIylG55iKATEaIG6rdomcAQj455TYJlcH5SPFGfAQAYiQGyR8kONyZcLbFVmLtmhCVxBUtwpQGx0FVlGT/+J26bn19NiD/2AwakReRsOxMIDL/bS0bRoZ7LRkCkSaE+MsMtMpz20Ip49bBmr+XhIyNpm+H6JJ7Q==
+lotto.			86400	IN	NSEC	love. NS DS RRSIG NSEC
+lotto.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . L+9MtFTCpJGUVSLeAMDbGGwIFeA1xZbRNbW5Gvl/aH25fjZGPEO9llf+FGcTcNJTNUwr8N1YEVTY6rg8vaPh+EwD2rOvPPD1xbn7tzDkGLtn4kBVBEBheDv2GjdRTnUkXcQxbimbrz+3gp6iuQr6pSvpbdUOBtvrucbZCDQbKTMSKMOsPN/Z5vj+keKdZhemomfFb4wllne84XLMZTXMO8zcX7ybEKQNhpRzN5JVII3NKW6MmHpQLxb8Leu+9LOCMX8QHYAAA0ewXcDjtPyU3aJTypu23UhMDiWfqfDXrHhGTpbA+E5ZwcigeHuYNGrqy+9KgtxN75/XOk+A1vtI8w==
+a0.nic.lotto.		172800	IN	A	65.22.28.25
+a0.nic.lotto.		172800	IN	AAAA	2a01:8840:1e:0:0:0:0:25
+a2.nic.lotto.		172800	IN	A	65.22.31.25
+a2.nic.lotto.		172800	IN	AAAA	2a01:8840:21:0:0:0:0:25
+b0.nic.lotto.		172800	IN	A	65.22.29.25
+b0.nic.lotto.		172800	IN	AAAA	2a01:8840:1f:0:0:0:0:25
+c0.nic.lotto.		172800	IN	A	65.22.30.25
+c0.nic.lotto.		172800	IN	AAAA	2a01:8840:20:0:0:0:0:25
+love.			172800	IN	NS	ns1.uniregistry.net.
+love.			172800	IN	NS	ns2.uniregistry.info.
+love.			172800	IN	NS	ns3.uniregistry.net.
+love.			172800	IN	NS	ns4.uniregistry.info.
+love.			86400	IN	DS	27205 13 2 099BAACEF86A52379CDC0F6756D1EADAA7963FF5C3A16CFE32340B109580B84B
+love.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . 0HR8lhzzt3c4q8j2Z+SXUtOeVduQz4Gc/R3gAnZhd8Op1IO52mG6Px9vSnw1o1We/c/MMJHou2bp65z13+wKBNC6e5w86gQuGGjJhAczTstXoGxIkwaumykf/zV38njSm33OP0AfKI8+hUzNfA36CC09rWivGBvL441Eet73Pl7BHLDNKvSm4DfX1bmyYl2d5CzRO6BQ1hKaTkpx8Dq9X5HKws8GKcfPdeRHhLBXV8Do7YwmEzJhONw0K45hpKIkyr7AzedhmCw20vqyeBDFwJ5RgnH2hgrU0VOI/rD3UtGReUtkVei+DLT/qQM3rhf5RG+nwp9jGAvycYwttB6C+g==
+love.			86400	IN	NSEC	lpl. NS DS RRSIG NSEC
+love.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . LXsRXaBzz+tOSaZFFS7I8kKvZsSIrFWxAKKqHYx+1wWU4NzS+fmOiURkbe1k6noTCT5m7UemiFasw5Ss+CM33m8mm+5a+0PIXtfvEedocmuWmdIBe9pS/irEvilxvQFQFmf6uGm8Ib7q9E1d6kjECqQel9jQCZleQkS6u0gdDzaitPt1Z6lrt+cwv4qlib/703Pr3wv+/KFK7ZyoXn03OpOaf3ijJ2S8Sb1WOzOh8Xt8BD6HLPtddRE3BlxTwmD169beY1wLy2ez5KeI4KnXaeEX5rZ0PBjnlitVJir3CKRKhmfW6w2ERinpsTTo/ugJKbBYw7VSQ8BAA9KqchIuYw==
+lpl.			172800	IN	NS	a.nic.lpl.
+lpl.			172800	IN	NS	b.nic.lpl.
+lpl.			172800	IN	NS	c.nic.lpl.
+lpl.			172800	IN	NS	d.nic.lpl.
+lpl.			86400	IN	DS	43324 13 2 1783403D052E9B382D00F3D78AB8DC40689AE032B7246D93A683761837F220DF
+lpl.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . XZx31hyxk/0grRhDPMWKoea31d25EPMqh5uCmkUcOe88sG/nk9nXXiqJtZgf5SIJ1u0J2+6phk2Yt1UwUUGpaju7iB+WTxCf4Igh9HCm2XW2DVrFjMFH5AFQzJqTSRg21XpdrjTydPJ5u2LQKxSRu7GywY+rPX8IDwggMjmjluRmR7E+op5M+JUPXBXADnbV8Rqevii7jNwf8ptNTlOVMrRgIOHjz65jAOZ3vicpG/FUYdDAgmVS3GQuLhs4BFoNJkpJ5fLq6E1GHkBxCZPXblb0qu9gzete40Bz/BDfTK4AteaJoFsp1KvZ/+QOA7Uvr1EHc0wEcZZABLvfV/1WWQ==
+lpl.			86400	IN	NSEC	lplfinancial. NS DS RRSIG NSEC
+lpl.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . DKokdrKAjDKw1KQvPg2qmjqHGgJfp3fenqpnSo53kUfUXqYHdZDstSr6oT1zY1LzExLNh/NRXrwEY+wnD3pJEgrLHS8sQe0byYyMDwliu/plJCcVDBBarB3bCuBpkYat80FFVcIeUKJuw2uRB/rcmDwOWoGrZKkV53gx1CP9EP8kQiR3B46pNKFgsaLBcR+pL1Nydvjx14x+YioBSQwC2XdsVPovs1StK/y6Q2lZKa5kCgP05Ft94oep1KYZnW8aIlNEV26A2PQTaGWQOBMC+uFay6349eKLuObcXMzmWlt+mtXqbmXns2hrjkOFFGOM2keD8fbQCA+QYhRVjSMd7A==
+a.nic.lpl.		172800	IN	A	194.169.218.92
+a.nic.lpl.		172800	IN	AAAA	2001:67c:13cc:0:0:0:1:92
+b.nic.lpl.		172800	IN	A	185.24.64.92
+b.nic.lpl.		172800	IN	AAAA	2a04:2b00:13cc:0:0:0:1:92
+c.nic.lpl.		172800	IN	A	212.18.248.92
+c.nic.lpl.		172800	IN	AAAA	2a04:2b00:13ee:0:0:0:0:92
+d.nic.lpl.		172800	IN	A	212.18.249.92
+d.nic.lpl.		172800	IN	AAAA	2a04:2b00:13ff:0:0:0:0:92
+lplfinancial.		172800	IN	NS	a.nic.lplfinancial.
+lplfinancial.		172800	IN	NS	b.nic.lplfinancial.
+lplfinancial.		172800	IN	NS	c.nic.lplfinancial.
+lplfinancial.		172800	IN	NS	d.nic.lplfinancial.
+lplfinancial.		86400	IN	DS	5735 13 2 2A05B6233FED896C1E37FBAC05045EA676F33E838F2177ACD4CBA897E128A0BC
+lplfinancial.		86400	IN	DS	59873 13 2 F4665676A01CDA5D5CD4EFD16BA5F3919EF741E788D27512015C84D8B0861DF1
+lplfinancial.		86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . mruN++Wod8QLlXCTy53JHKZcZ8Q+hm0v2Shr2jrc3NAE/WKf+/gHBtSNQ3gfIs9Pv0ROJlX6IsmVAmpRyQzERfIk0+XbViKkWCLLyy6jttbUBlQW4vZlrQyDyb501sYTN+xL0m197BKpzGr5RtbrOzLKKYLoCOC6YjHIId5EcXBdEZE/elqbGFJsZFhnxc1+PdCUn9+Yba+pNIAcUjK/cOsTKETyN3+WBxGyjONJ+LuwWjpX7LT5ofbn/URzEEjxnWdczGdH9JWf6Ge7TSvEijzuwe39S5qGm4/QkW4gONGtiAfv9EOAk2wyQ7TQRAHyD9ZhXhw99kL37NYdHeEggA==
+lplfinancial.		86400	IN	NSEC	lr. NS DS RRSIG NSEC
+lplfinancial.		86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . Ry7VJbd6tp1jRTAm5pfLzvBg3YeX6t1qwFckFskUGS5r11sL/H8mZtiRffCRqWUJ4LsaSzgnMwNifjKd86E91gbYIPCL658bLi5O2F/vxACuMWzbOTg5siLzSWD+wD7j9KnqPSrqWrAzxBj92LQJVGcdkwZzinJ03CDMy8/75NtuaBITDUuN9KUas5Gg1DEm3+jRznXXWSfTJmufTedq7oxwvAAoxyDd/l5lxwmeyhz1HWzgSu4en8fZUpb4tPlCvnCozIfYWtFP77imuPhmk2f+2IC8qDxeX3KfAhePxtYrO7rxRzV2hiIiAXurd3BUBINRjZBxD2TG8dpOGPDSQA==
+a.nic.lplfinancial.	172800	IN	A	194.169.218.93
+a.nic.lplfinancial.	172800	IN	AAAA	2001:67c:13cc:0:0:0:1:93
+b.nic.lplfinancial.	172800	IN	A	185.24.64.93
+b.nic.lplfinancial.	172800	IN	AAAA	2a04:2b00:13cc:0:0:0:1:93
+c.nic.lplfinancial.	172800	IN	A	212.18.248.93
+c.nic.lplfinancial.	172800	IN	AAAA	2a04:2b00:13ee:0:0:0:0:93
+d.nic.lplfinancial.	172800	IN	A	212.18.249.93
+d.nic.lplfinancial.	172800	IN	AAAA	2a04:2b00:13ff:0:0:0:0:93
+lr.			172800	IN	NS	rip.psg.com.
+lr.			172800	IN	NS	fork.sth.dnsnode.net.
+lr.			172800	IN	NS	ns-lr.afrinic.net.
+lr.			86400	IN	DS	29984 8 1 A5E2025D5C3B1F4853BDDA21AA6A751E552DC715
+lr.			86400	IN	DS	29984 8 2 AA0EC78A15474B054759A26A2BE9D85A97F5FE9FE485A206E68B4F83B07789F8
+lr.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . WhKocr5Ki/T6rO4VgdNCSRdLu1VjLW3Q4Ro7uFQJQsgxBfPADXNQ85bABwEp4aNJjBqUITxmQA2nvjRwVRTHK85N4EpxiVmko6HXkplqisjyJcAjA7w/a3I6C56dv8k9H0qGQyAW8Hgh4Ft+wzjA0JAp1cnGCr38rGS8n8DhL7OmbR/6RNQgtaNkusMc1wcQj+k9W+TiVox7QXyEOTLfgLGlfCmJ/FhIru1m26uJjciNZXg4xXNzqNL+rbVbH27dU+JisZTTjCZ2xhjlD/HifRFYpFQfsA5WaBlCPDJjKrbxY+7Sgn0dqXI3VRac/aqsVarFiuPMW4KurTWZ1+T1vg==
+lr.			86400	IN	NSEC	ls. NS DS RRSIG NSEC
+lr.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . HFz5f1734M4hdnPeoH7NOHuAOdBI6jsrbm/ns67uzy2g58orJnFvHuvillHiwfYOdCXFtj768vcMPFTSLBji451sWZCwDVswe6COu5ja95jfGw44dN43wXrFWF78s3WfdE2PIji+YrKJz3+Jj8WTwkF2wV54boj1mP0P9RBtD+efIn/wIG3XxWmdS/TYTOITNXcchvDHFauBmSK+nk30eNsjaDy9mrA7YpbnzcA3Itbq7fpqY7mdmLgJ1nk4xSo3uuovJIVlmKflcULpMjnkw9Qy9OeM034n/wgvRe6oToN9Jhezy5KLl7ThvgaYSkAiWG+Q0kTc05/Gqn7m4nAlyw==
+ls.			172800	IN	NS	ns1.nic.ls.
+ls.			172800	IN	NS	ns2.nic.ls.
+ls.			172800	IN	NS	ls-ns.anycast.pch.net.
+ls.			172800	IN	NS	ns-ls.afrinic.net.
+ls.			86400	IN	NSEC	lt. NS RRSIG NSEC
+ls.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . uZ4rbCjjcOL25SgggC3LYudYf4RRHpc57HeX6inAMVm6hnhPwldjES2oEBHNHv/dPljhxGuY3A9aejys5uY6VcdBcJWiCbw7eIDbRQzSGxycVLJfGcMZvkCjCQJm32t/fVyzgZHHdGaNo8kP2XTUo5/16Uw8ziUKQ5PeSklcAG4NMn8WJEwFAWBKHz9suYV7zcoO9NdpMgVzokrP00Z2NHJ6TMvqj6nC2dGxoMG9hQ0kGdEYS8qC9crLXIt5o0I2hbaMvl9SLU1MZ/0U39pjgaQG2oYmZbvAzr1+69KnZhMYxuD1xhEde/OhfktcBPMSfwWPXTVoSxwtfsj2pFfJTQ==
+ns1.nic.ls.		172800	IN	A	196.43.249.1
+ns2.nic.ls.		172800	IN	A	196.11.175.1
+lt.			172800	IN	NS	a.tld.lt.
+lt.			172800	IN	NS	b.tld.lt.
+lt.			172800	IN	NS	c.tld.lt.
+lt.			172800	IN	NS	d.tld.lt.
+lt.			172800	IN	NS	e.tld.lt.
+lt.			172800	IN	NS	f.tld.lt.
+lt.			86400	IN	DS	56197 8 2 DAEB03EBA817B22E5E0FA3BB3E1FCE483DF8EB309E9D350838A9659E609E15AA
+lt.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . qbJGNckB1QV46o8RuAWD/KASDdKlEBzO9rchvEvFGHsX9LPFfprRFtSCqCH9MX7Uh83MIv5NjzXLiI87rs1OwqfEeV8ug9gc1OUsBJlwKXiX9QHfDUrsqGOejAr3DQAFi36FM38bsytLEGqSxhHott1+4ABNu+Njw/8AhgahuONdqf9swY7/LlabbvPFbFXhiaNGj5LTx3KEdZOK48Pj3hctFgIt+DltZFqNAyEs/iihcxVgZk/M4tNym1gGp3LuFaanYcnn8u+vADPbeilhzhofi17SZuuApZ0Gb2g+e62iFSUg3toYOKZjmvXhlQxt+ynXF2TStbvZ7kP4Xe/T8Q==
+lt.			86400	IN	NSEC	ltd. NS DS RRSIG NSEC
+lt.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . gqjYH4bAuhSSmNlr2N9Iirf+lrUt1ddEVmV4vzw9N4h9FYVY5MKAXbC9qXuGmgIcnQkPQgUHFrNBUod9NHCcQInW6Rh0f+F1FNT5D8Vl5F6ucr7y1BkVbCVW0ViJPQ7L456grzyqUb5bgafLwyVR15dP5USeCiiOB/OFKYftdepfHpK+6paBqGCPSFcidgGE+ONaI3KP/CbP1naUiMqpZmLWvTGwlxvMIvpmh9auE5bmIxvWXRIwsWUJ9VNhG6qvMIPeeVYd5B2e/GhJXhdW0GKGukuPYiF5PJLaow+BehirEgEkA9DlPswUGovgTkrUdGOvkeRwQithC9GlkshHKA==
+a.tld.lt.		172800	IN	A	195.8.218.131
+b.tld.lt.		172800	IN	A	194.0.20.1
+b.tld.lt.		172800	IN	AAAA	2001:678:19:0:0:0:0:1
+c.tld.lt.		172800	IN	A	194.0.1.4
+c.tld.lt.		172800	IN	AAAA	2001:678:4:0:0:0:0:4
+d.tld.lt.		172800	IN	A	194.0.3.1
+d.tld.lt.		172800	IN	AAAA	2001:678:6:0:0:0:0:1
+e.tld.lt.		172800	IN	A	194.0.18.1
+f.tld.lt.		172800	IN	A	194.0.19.1
+f.tld.lt.		172800	IN	AAAA	2001:678:8c:0:0:0:0:1
+ltd.			172800	IN	NS	v0n0.nic.ltd.
+ltd.			172800	IN	NS	v0n1.nic.ltd.
+ltd.			172800	IN	NS	v0n2.nic.ltd.
+ltd.			172800	IN	NS	v0n3.nic.ltd.
+ltd.			172800	IN	NS	v2n0.nic.ltd.
+ltd.			172800	IN	NS	v2n1.nic.ltd.
+ltd.			86400	IN	DS	54 8 2 D0F5F5A210D27F70A8912BF81078BEEB34DBD370D7F0470D1140B749AC2F3A46
+ltd.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . TWoVPWK6PXY/88mMsJju4bhZVi6APdSWtxXKowZZqSIoK1reok3l+KcT6B2UShIg0gN95WSX55ckwyVSfiOas7Z52F/0nviPfHNIQxv7NlSZd5nRmJphBZyXzr/U3E/PTEGu0EH3d43e8CDMJioTWZWZWSIQzjsvL7HJfAoFojqASGOnxQHqICVUj8Cp0yruLpk0XKOl2KSjLKtjNSqjnSrYGuP01wxrLZoztj7bnaAOCX7OWDLy4MqpUdDgj7nFD1UhBfja3e+Ens4cwLQQq1ek/fSXt19+YB3ObHOBSxSWgIJbGFfJn/zbm/mQlQpId5TvokI67rUMAdT8p57hhw==
+ltd.			86400	IN	NSEC	ltda. NS DS RRSIG NSEC
+ltd.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . V7WJUnudBIwarhruH9rTiwyNpeMIWWtcyue4RhvU/vs9QWGNzA+GnjbJb3uVRXoClEPT8Sj5KTDSTnDi4G+jJPochqArFCzDbgsLInS60Kpj96pHCeLad2B74AgMxp/l18racwTgvMOWNfdKW/spS31vm3B+64/QT7SxSR05LCei8L7MIDXxBj3AEsM2iW/RkYy7VhcZM76EppB6p/3XsGBBxXfRUxcwsBJSxlXDxJYeh2aXsKc0L0tzWAnTjgAHWgOaHIqpOGbVAgJSKnryyUhKApsf1wLJfUfLdXMG+xnD1TXdYKCaZmWi5U8DoSu6nC9tXqmJmqKOvuG/6vZwYQ==
+v0n0.nic.ltd.		172800	IN	A	65.22.28.2
+v0n0.nic.ltd.		172800	IN	AAAA	2a01:8840:1e:0:0:0:0:2
+v0n1.nic.ltd.		172800	IN	A	65.22.29.2
+v0n1.nic.ltd.		172800	IN	AAAA	2a01:8840:1f:0:0:0:0:2
+v0n2.nic.ltd.		172800	IN	A	65.22.30.2
+v0n2.nic.ltd.		172800	IN	AAAA	2a01:8840:20:0:0:0:0:2
+v0n3.nic.ltd.		172800	IN	A	161.232.14.2
+v0n3.nic.ltd.		172800	IN	AAAA	2a01:8840:f8:0:0:0:0:2
+v2n0.nic.ltd.		172800	IN	A	65.22.31.2
+v2n0.nic.ltd.		172800	IN	AAAA	2a01:8840:21:0:0:0:0:2
+v2n1.nic.ltd.		172800	IN	A	161.232.15.2
+v2n1.nic.ltd.		172800	IN	AAAA	2a01:8840:f9:0:0:0:0:2
+ltda.			172800	IN	NS	a0.nic.ltda.
+ltda.			172800	IN	NS	a2.nic.ltda.
+ltda.			172800	IN	NS	b0.nic.ltda.
+ltda.			172800	IN	NS	c0.nic.ltda.
+ltda.			86400	IN	DS	28549 8 2 44371EB8133D637DE5A5F08B4465F9F92624D581808BB4547635815D455BD804
+ltda.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . bQsGi/ym0Tgb+I73uwmt+t1BVNtd/T72z301d6ENJld5KGKgkhSBYu2G3oAGo6rVtuYyEvz8e+VLKBYx46+YhIGEjvMs/l//0xev7LRHy/DBi/RLjd4JFSbVlAWv9fv9+USpgMaiZZ2kQn5YkPN9/+x3enJkKBww4rJnWQX2+rTpCVTdssIUbIcEl5cMJssUfpEVb5eAlKAbcAK1PFXe7LGhTvEjlGzGxUywF78rhMK0t1RZrqR0bRrf6KWQEebIMcTZJqONJ5SvKx30t6F6oH1TIugK6zivo/YNIBtOQ7WUzMit26+purgDKDfSQDpOPCNkkezBAcwtq4Kt/BrBLQ==
+ltda.			86400	IN	NSEC	lu. NS DS RRSIG NSEC
+ltda.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . ZrKjx1FZ/iByccBg//XGfTVKXkGGOTkEskKSxPhiy2OiIyEgCU/X3gR6jNuDCb8Gx48KUsbUs96c9WLPIbNPdai4o6/JIliMoCZIKQMY+5QacdvMcOlzX0Ofx///7vpPdLizzwQCs0tbB937rQoAtRzgiFYlMZ0a+i9O5kKLQhfEwdBTEC90Tqt9/7+H+2dIfUxylny0ka/hpWNnRFGQ2+5bzDECYgBONx2p5JbXnHz8h+Vcm1SiMl2wMI4XbW72VgzXGVlr1/ZYjIrg6jXlby3KyKaRi8BY5vorQiNwxU/FlreADsUJRz8mIQ2zRUJb/Lx8h6ZIrvdHAapmI8krng==
+a0.nic.ltda.		172800	IN	A	65.22.116.17
+a0.nic.ltda.		172800	IN	AAAA	2a01:8840:72:0:0:0:0:17
+a2.nic.ltda.		172800	IN	A	65.22.119.17
+a2.nic.ltda.		172800	IN	AAAA	2a01:8840:75:0:0:0:0:17
+b0.nic.ltda.		172800	IN	A	65.22.117.17
+b0.nic.ltda.		172800	IN	AAAA	2a01:8840:73:0:0:0:0:17
+c0.nic.ltda.		172800	IN	A	65.22.118.17
+c0.nic.ltda.		172800	IN	AAAA	2a01:8840:74:0:0:0:0:17
+lu.			172800	IN	NS	g.dns.lu.
+lu.			172800	IN	NS	i.dns.lu.
+lu.			172800	IN	NS	j.dns.lu.
+lu.			172800	IN	NS	k.dns.lu.
+lu.			172800	IN	NS	p.dns.lu.
+lu.			172800	IN	NS	ns1.dns.lu.
+lu.			86400	IN	DS	20752 8 2 2BBE0B0C438F336CA96F655DCCB9A72D7359064225D9E38A0A09804F9BE20415
+lu.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . SvdOjc9WVRkxGWZQtuIzRcE9wj7WpwZODjUpvEujgi+9A5hOiGdUe+6FmR0v7WqLq4M5O+lrmdK+/oh8YgH5/g/wyg4JQGiLJvEXzZn4xFm4hU4XDuoshaN0/kQW1+82sfQywQHAHGKTgJawXD1K4aaobEz6QldBT/1+zpaNPUh1WIv5YFUjxOmpDaEv0qeLV+cgrB+GqtRHYJ7bVL5KAxAE1oQw+2tvUUi51ctH9R+YsjVhuf6dqatPRBnv3c+6iLWM//wusLEIfp1Ib218JMIl3pNHu3nzWX+hDx9/DjHzFiqk/CfSgb2fVm1RFYl1+2gCZUFw6+Fkfkf5XrPotg==
+lu.			86400	IN	NSEC	lundbeck. NS DS RRSIG NSEC
+lu.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . KGkkzerZjQXgAY11qjXFtvVvEPA+Pa7d5M7K+Pzhpr54iYD1LPQ+tDAdYs+867WadtnVDaApr1ItrIlA8+H0PyqTIJUFQ6tNUb/z9NcQjk+m5qQCqFtmsmQZuSxwAaNpHboLp5n24gbqq40mJIzxLe2NUsccG7J+XQXn1v7fLB5mJ2jbJYZnD81JTPHkfYbQgkhVLo8TklpKACxL/s96RucnelbQeMY/dUXwPt22lHtS7bGxVaysz3FQltvyNlSAcxUllkdD3kbbbghR1kwPteTGdvN5rJcsGXZAWJHHyjqqCzHBKwTXSLZaTMR7YEpmeIxZ5vqC2hAW59FjXBs4Lg==
+g.dns.lu.		172800	IN	A	194.0.23.5
+g.dns.lu.		172800	IN	AAAA	2001:678:1b:5:0:0:0:5
+i.dns.lu.		172800	IN	A	194.146.106.66
+i.dns.lu.		172800	IN	AAAA	2001:67c:1010:16:0:0:0:53
+j.dns.lu.		172800	IN	A	77.72.229.247
+j.dns.lu.		172800	IN	AAAA	2a01:3f0:0:307:0:0:0:53
+k.dns.lu.		172800	IN	A	194.0.1.13
+k.dns.lu.		172800	IN	AAAA	2001:678:4:0:0:0:0:d
+ns1.dns.lu.		172800	IN	A	158.64.229.18
+ns1.dns.lu.		172800	IN	AAAA	2001:a18:4:1:0:0:0:18
+p.dns.lu.		172800	IN	A	194.0.42.42
+p.dns.lu.		172800	IN	AAAA	2001:678:60:0:0:0:42:42
+lundbeck.		172800	IN	NS	a0.nic.lundbeck.
+lundbeck.		172800	IN	NS	a2.nic.lundbeck.
+lundbeck.		172800	IN	NS	b0.nic.lundbeck.
+lundbeck.		172800	IN	NS	c0.nic.lundbeck.
+lundbeck.		86400	IN	DS	10564 8 2 38580C9480C824DA9CB65A5FFACCDF2F6AEDC660B98C6166E0A843FF13FAB368
+lundbeck.		86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . gUqj2OGoK5DEuMMyxl+V2snFO1PMbHBFkmhHfczudewvXPhX6E/E/gdA9F/V0ubv01Uo1Mj3V/rkWfg5/28hcMWMbhyAbg5Bf3mfrLrZiAWy+dnvuEvatwhyEOMr+M3aheTbEt7TbXhvFwFDYL8Trx08CV5QlAlucquDsuxrFYPxnJz2xO/UR9CpCXuzsLPwqFL4kXTJDk9olUU3sat1l6PrlgfDrSy8xuif2WJ4XEQCO2fUo+6K0KV0ndp0NPLcADS59QbFj9k5gvBd+Mn3om8t5vhpvLs8a9Vrd7X0Z6FfXiBzD0zHue0x8gZzfVZKxbW8BphO8Cq2Hq/hjvnrCQ==
+lundbeck.		86400	IN	NSEC	luxe. NS DS RRSIG NSEC
+lundbeck.		86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . 0k5s05UCHTZGtJ6Jdtg1E/OqoBq2MYWQuXD0cCa+IQnecfawfGjKT+QBrMkE+vQu4M/+NPdTw3Bv4zCD8bvFhgpYqV3JmyShvxLNZnBtET/7JVDfc2J5ihbjNCiBHx9EazHpBmFQV8zyAQYOuvIV0vqEYCkwRwdsA54/CRkdtFnWIlrKHeb0rJOEnlHrjORY3Nu+IbW/81atWP+MlQVkozI9+gD3nJ6PN1W2bErqvwBoSa5m5u96eggnSDIoVSUt8nd/U+A9AhOQxzL7Fkx1wGuY0048obl0F+RA9RzGbfRgOnaVVbgaeSmjL7GQdH8omO/NWgY49vMrPMmcaNJGBg==
+a0.nic.lundbeck.	172800	IN	A	65.22.112.60
+a0.nic.lundbeck.	172800	IN	AAAA	2a01:8840:6e:0:0:0:0:60
+a2.nic.lundbeck.	172800	IN	A	65.22.115.60
+a2.nic.lundbeck.	172800	IN	AAAA	2a01:8840:71:0:0:0:0:60
+b0.nic.lundbeck.	172800	IN	A	65.22.113.60
+b0.nic.lundbeck.	172800	IN	AAAA	2a01:8840:6f:0:0:0:0:60
+c0.nic.lundbeck.	172800	IN	A	65.22.114.60
+c0.nic.lundbeck.	172800	IN	AAAA	2a01:8840:70:0:0:0:0:60
+luxe.			172800	IN	NS	a.nic.luxe.
+luxe.			172800	IN	NS	b.nic.luxe.
+luxe.			172800	IN	NS	c.nic.luxe.
+luxe.			172800	IN	NS	x.nic.luxe.
+luxe.			172800	IN	NS	y.nic.luxe.
+luxe.			172800	IN	NS	z.nic.luxe.
+luxe.			86400	IN	DS	36439 8 2 5795A4998940987917475AE83F6F49B1FEA576CAC1203C449E9C8A3EDE316785
+luxe.			86400	IN	DS	39844 8 2 195B8FCF70C5028B4C75368EE18A455CAEB9330C8BB85141C4F071FB94833A40
+luxe.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . L1jZqitj/aoYNMmDYZiTj8oHJXOnmFl4wAblmUCt5n4//2+QeavsK4iK7g6pAPDPXjNX1Kculg86giWfenSOb6T6lIvPtdUJnCO5DM91HIOrm3PfjdJ41nfjf7PxXYPTueC+x8H3mkD/lEsujyzDabYH8iH5BiTcw+Aq43kFSLC+u6Icm4vW8aYU4KJkltaSP9NNmLPk4n+T0VgzVUh0V3wZw9+bpU2IlGpL/8U04P57tIQ0BsFyZ/6EdiOJh5uCwYo9Y8660TGbYXXC/bRnnv8XEJI1g/BsE0QOOPRfOvQdBb7ujq7EGQlrR+POJEQW/vJERcQPGhIywBYq9NxAWA==
+luxe.			86400	IN	NSEC	luxury. NS DS RRSIG NSEC
+luxe.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . qfhvJECiksexSS7TbbjT+VgsipapCI+I+ZQKN7P/JBcOwge1rbowaPBifh5aDSeDZWpFCVC2GkGS/pAPQf6Nb78AZxkJCRLm/uvYCGIwOX3exBr/nVYb5cdH4f876l+TKZyoqZg4MvP3Mv0K2WWvOdYXxRV8w3jCcT3pj3BFTz99qJXfE2nnLBZ1sK8yRYGN9f7jye0uqWoY0ZQFEmYhGZRXzzWnHoLjxzW7+NzJKN3fWLGtAgFtro04qZEc6KD00CzQQbhGxdIkFceZ1zrwDUdWIfBuwZzkTV9C2xcL/kdNNiRXHhcRzuRYj8Yl4M0tBG4C1ogcRjB7GCo1qfH5iw==
+a.nic.luxe.		172800	IN	A	37.209.192.10
+a.nic.luxe.		172800	IN	AAAA	2001:dcd:1:0:0:0:0:10
+b.nic.luxe.		172800	IN	A	37.209.194.10
+b.nic.luxe.		172800	IN	AAAA	2001:dcd:2:0:0:0:0:10
+c.nic.luxe.		172800	IN	A	37.209.196.10
+c.nic.luxe.		172800	IN	AAAA	2001:dcd:3:0:0:0:0:10
+x.nic.luxe.		172800	IN	A	156.154.172.82
+x.nic.luxe.		172800	IN	AAAA	2610:a1:1074:0:0:0:1:82
+y.nic.luxe.		172800	IN	A	156.154.173.82
+y.nic.luxe.		172800	IN	AAAA	2610:a1:1075:0:0:0:1:82
+z.nic.luxe.		172800	IN	A	156.154.174.82
+z.nic.luxe.		172800	IN	AAAA	2610:a1:1076:0:0:0:1:82
+luxury.			172800	IN	NS	a.nic.luxury.
+luxury.			172800	IN	NS	b.nic.luxury.
+luxury.			172800	IN	NS	c.nic.luxury.
+luxury.			172800	IN	NS	d.nic.luxury.
+luxury.			86400	IN	DS	9355 8 2 0DA436D04A11933D6BAE25E2AECEF3CEFCB34E407FEB3BA999A7190964F3C3D0
+luxury.			86400	IN	DS	32039 8 2 DEB7FE904A2E04500ACC98F3F5B9D6DB275139FBC92EBB2938BCF9E842812935
+luxury.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . QsiXZ7YmHC/FEcOkl39mPTe4pSvRFKvE1Yg0kWzN7JP4+awEqUIv6qMww1XWTUQGJZIFTBjKzBlB5roDDM5iLMVm78KP7axcYqH/JkUXEvacld0tcEzTuE5wNEzIPYIWWgxj7KwhMOQnU9VOg6jNRhA8icU93hQtF17ihOikrR5pd0bRKsEl67W8t6Pmt8NoEdgStg+hT0oo5G0KqRlNEHTE/eJFftS/EaliqNzhqi6gS7K7YgYK/854+MoL1FacemJ1Z0R1deOIa3XXnFfurhUv+LZJJc1DoDIcqn4WOMNhWIOM+ylZGy/wPY2u7HCidX4lgFb+g5qFhCbBpnO1Ww==
+luxury.			86400	IN	NSEC	lv. NS DS RRSIG NSEC
+luxury.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . Z7gVIjEFDapRnofPomIZ8+5sggCkzT7taPURRIJPAEsHyYC9LTZfNOdseX//iw2QNUNZNHgc7nrifcvEvZ1x0a9g+b/TnzxKsUkcslurBJC12IB1Z6nIWPFJU1OhYCoXJanUcoDUQDYMuTaxQjvRusbi6OU+1Rw7h06gMnS6qF4TOa5w7+dtoBaj0HE6IIcEfQ1rJYMdnpNujH3IvrFf4584VJRbaOspsPGlNlAs2Ep2iFeq8CadMS2qCHxWoPVes20pO1dI2SO9/zn6yqBAEqksI8+pr+rhI8eBV0mDV2T5SvQubEnbL4ACu+BDlV5WcX0qjVfhwOvriB3cj5RXpA==
+a.nic.luxury.		172800	IN	A	194.169.218.98
+a.nic.luxury.		172800	IN	AAAA	2001:67c:13cc:0:0:0:1:98
+b.nic.luxury.		172800	IN	A	185.24.64.98
+b.nic.luxury.		172800	IN	AAAA	2a04:2b00:13cc:0:0:0:1:98
+c.nic.luxury.		172800	IN	A	212.18.248.98
+c.nic.luxury.		172800	IN	AAAA	2a04:2b00:13ee:0:0:0:0:98
+d.nic.luxury.		172800	IN	A	212.18.249.98
+d.nic.luxury.		172800	IN	AAAA	2a04:2b00:13ff:0:0:0:0:98
+lv.			172800	IN	NS	a.nic.lv.
+lv.			172800	IN	NS	b.nic.lv.
+lv.			172800	IN	NS	d.nic.lv.
+lv.			172800	IN	NS	n.nic.lv.
+lv.			172800	IN	NS	nu.nic.lv.
+lv.			172800	IN	NS	sunic.sunet.se.
+lv.			86400	IN	DS	42018 8 2 7E932A4F9CF9B1CD047C277E3CD323A53D42347D47C7BF1DD6018FF4B344FC1C
+lv.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . Tqc1aOsE5+ric02AxruLD8hj/Cd/RsZ61xLCamnxgBUqkcvvHfPKHAIcetCf4qxBtCNjAH/wLmu+bvV/ZOiMhzjsrVNswNPW+/reEUtDOABQg8SSrjofFULruNKPeT7vWt7OgS1biAZEXlqeuJlJUSUEQmJbC6uEMFsIwcKSpg/zTRENWa98ED24hVR5+ur9OKZ2ko0TilAzRurxjjHoka2f7iiTJQXaZJQrNt2vMi0Qqrem2GOYW13bepNJlKpX/eUu0kL4Oe8zTk8+YQ8+y2KxRA0yeZDwdUmWXeo/of1CrNaVcLi7cyaHF88+bUyhOSRcRuGx1+lmajLvEQLBcQ==
+lv.			86400	IN	NSEC	ly. NS DS RRSIG NSEC
+lv.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . vqWbcvisWaaj3K1TSrC7dGDVtqR93/ue1zhhR2AjhR5GRSwn2P9uacIjXOgt/X4AZi8NcldlqOXeX4biDpOUIkHKLAHV9MovXt72+hvF6FubkOFkfHvaEM6e6Czh3uINASxxHMT78RCVwK129SvD/pQuqRa5KYV67jzRV3Qc6dncsSRTTQh9fyZoHkFT5jL6OInxbDUOqlXEPAvUvPszwcxxd7K1Q1agsmm6DG9K3ZLwCZ6oN3P/1R19bCf4qaItFjvlvjjfVA02KBfynN5Be+DMPWH8LPrBq8mFqDeeT86VxffC53I0zaGvNaA1qccN+HmBIQiq1DfWWmM5Ymic7A==
+a.nic.lv.		172800	IN	A	194.0.48.1
+a.nic.lv.		172800	IN	AAAA	2001:678:7c:0:0:0:0:7c
+b.nic.lv.		172800	IN	A	92.240.70.1
+d.nic.lv.		172800	IN	A	194.0.8.1
+d.nic.lv.		172800	IN	AAAA	2001:678:b:1:0:0:0:1
+n.nic.lv.		172800	IN	A	194.146.106.150
+n.nic.lv.		172800	IN	AAAA	2001:67c:1010:38:0:0:0:53
+nu.nic.lv.		172800	IN	A	77.72.229.249
+nu.nic.lv.		172800	IN	AAAA	2a01:3f0:0:312:0:0:0:53
+ly.			172800	IN	NS	dns.lttnet.net.
+ly.			172800	IN	NS	pch.ltt.ly.
+ly.			172800	IN	NS	dns1.lttnet.net.
+ly.			172800	IN	NS	ns-ly.afrinic.net.
+ly.			172800	IN	NS	phloem.uoregon.edu.
+ly.			86400	IN	DS	62311 8 2 08E9AC56F605A728D048C803787AB044B0C81CAEA2031EAC9EDEA77150A1BDBE
+ly.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . YS4/QE98AJfnv8eB4sFnvKpYUs7R/0+qvipq3sXxv3JaC/ZM3PfDMCLSy5VJgmZCFp9a5rlvBxSukpV5HqSxXIGUd38oQb3mHPfnbyEJUx9lricMxQHlpeBuXdXVNL9FATBZcZ1SMmG23qHueM8XphRQHJPq5Jy+PBW0xNlg84mo0IL2p2vCqM7xQ1MC0GX7OaTHQJr7yl9GGiohhDhVqhKDblXDw1mAqQPHn04x5Q4Rsk6ZogU+zGznKC5wdStHvqSRV97S0UEer6QOHZjSTKT/8O/h5GnSauNu3ntYnNlICQf2ZA7hHh5sjnYYXTCzx5QyBniMoLpa81nTn/CCEw==
+ly.			86400	IN	NSEC	ma. NS DS RRSIG NSEC
+ly.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . V+87S0O01S6rLeBW/Dp2OS9Utle65+vfcGnRBGgJ5NizRnsoMq5H7/zQ8Ov44tj4VRlmWzYHemLDvwLZGZfLjmuRq3CIEOtiWbVn6uBqW50oXqFYG7DNt/sZF9cM7bPyrUerQpgc6xRxVooH46JP12ADTkpwGobk/3hzRdBGkyceALG/C/oUl4szQFnUgBRvCLHvCd/SXIR/WaSEaMifWMtodzZQ9QkUGNnFYWnVJ5nwJu2ZgmEi+z/SJv2gnn+ns4F1l6Fiq97N701JFIjJGa9FXJYaLXPc3vIvcpTDdQ8ZQacki3MTAVkqr5w5Rugs8NYpr9H/UxUiBByxe/vRKg==
+pch.ltt.ly.		172800	IN	A	204.61.216.67
+pch.ltt.ly.		172800	IN	AAAA	2001:500:14:6067:ad:0:0:1
+ma.			172800	IN	NS	a.tld.ma.
+ma.			172800	IN	NS	b.tld.ma.
+ma.			172800	IN	NS	c.tld.ma.
+ma.			172800	IN	NS	d.tld.ma.
+ma.			172800	IN	NS	e.tld.ma.
+ma.			172800	IN	NS	f.tld.ma.
+ma.			172800	IN	NS	dns.inria.fr.
+ma.			172800	IN	NS	ns-ma.nic.fr.
+ma.			86400	IN	DS	41102 8 2 EC91608875E8628E96FB65403D828E0782103EE815FD7E0B67ECCCAB4B44EF56
+ma.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . H+BpqTB7Mt6IZV2NAC2900+6cQ/ryWZc2RU45Nl2oqf/UxgVdn8IdCMrr6zKyRFHpE3bEqh7lCy4ozbDsklps073eg8LilBb+ChLWN1GIYOjREWFr3smBhs1iFGMzg9jvLqDpW5hIJWILyTsSK3uNXxHviEY3cq+b9jusvPVMEQQVZZmNtNDk+W6srfxNghqUOs4R2eI3uc9xNL9/csPvcKH7P47oGaNOfLt5D5T2oYnsRDVvvTAzn8rsEsW4I+gbWje0wVkfMZu3qtyDpHHsbo6yP39fFU/BaIUpWc4oGuQLsV7cHfPT84RwNdxMZ7/d5ppjRr7knME1YNy1x3ofw==
+ma.			86400	IN	NSEC	madrid. NS DS RRSIG NSEC
+ma.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . 09TobpSgiLyPAB6k9H18J/05WLsxzW6qSMVDBsLVt2l73L28V/2ZMfl7Gcf1J9gjhEmRqVv/uHw064uPcFTM4gKdRjOMJf1shHw/mqJzZDCMW0uYfKTvekM1rMbu6d/FkCQCJ+I9Z4RbjXD4QUvAXcHoOZMxUKSCFg87dEKfrlR8zfSHS9CnmaKYX4jbWNnkEZiUnPm/QIDUgTs5BjnDT93KYfGplmmN9SLbZRtwNPv+V5aOgU0ct8eAlE2SHq1lxDca57JXmFqLpuRo7i0SuXSNce+RW4lY8oAxOj+pAkTbuCAnODC9GW4APRJQaP0+dTLx1oR0fhoTgkM2Dhjcjw==
+a.tld.ma.		172800	IN	A	81.192.171.83
+a.tld.ma.		172800	IN	A	81.192.171.131
+a.tld.ma.		172800	IN	AAAA	2001:4288:1800:186:0:0:0:3
+b.tld.ma.		172800	IN	A	81.192.171.84
+b.tld.ma.		172800	IN	A	81.192.171.132
+b.tld.ma.		172800	IN	AAAA	2001:4288:1800:186:0:0:0:4
+c.tld.ma.		172800	IN	A	81.192.171.115
+c.tld.ma.		172800	IN	A	81.192.171.139
+c.tld.ma.		172800	IN	AAAA	2001:4288:1800:386:0:0:0:3
+d.tld.ma.		172800	IN	A	81.192.171.116
+d.tld.ma.		172800	IN	A	81.192.171.140
+d.tld.ma.		172800	IN	AAAA	2001:4288:1800:386:0:0:0:4
+e.tld.ma.		172800	IN	A	105.73.80.236
+f.tld.ma.		172800	IN	A	41.214.240.4
+f.tld.ma.		172800	IN	AAAA	2c0f:fb20:100:fc:0:0:0:33
+madrid.			172800	IN	NS	anycast9.irondns.net.
+madrid.			172800	IN	NS	anycast10.irondns.net.
+madrid.			172800	IN	NS	anycast23.irondns.net.
+madrid.			172800	IN	NS	anycast24.irondns.net.
+madrid.			86400	IN	DS	54534 10 2 B04CBF4DF277FB7AB0799B9CCE1469E120DF69CAAAE1118DAC9C408A970E35CC
+madrid.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . r+pxKaQqK3ylGSK/DazMwfLHLszSuxSjLT0179NfjjDEnQZk2Wpao7HWDiCZ1nUqc08qd7MpFY1QlqzGtc9b2C52T0IC6JS0gOOwvs7nlmEV0oGPadvKGKHJIMuLjdsJ0KzxGlYz34rd3nLg5Xi+kwpKFeDqAm4c+yGNbh2F+r1kJSdsEi2rVLTcGkhiZoEE6e5xbRl167Tjmolbooja6s5H+UQgfsn3p7LfT+0C6Vf/UhvaqI2IhGe/GZiD2rDWhuOS40o4XJgrjcB2Z1lqxSRxo8YQNQFfU2HTUCndKwMaSlPBhyGrZxjuHsn+FRsY/JSs7xuauObDQCJuzd+4rA==
+madrid.			86400	IN	NSEC	maif. NS DS RRSIG NSEC
+madrid.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . FsYVgHEKCj/PP45GWeRm6W+6nLHZeTQHqo15f5jrZQwJqqLkUBAAZ74K4g2BMnBRf9HN4Ns5vKHkjGZcfPQ2qRrnyTIK4pyuxuDwYyY2kxYGyGrUQS+kYsfFVzFNaEGxqwhTR/jYlyxAcwsScH/G/LwoO1Pu06YDX3siVqy29nbDHORT9xP6JE9q9prNrHeFdxS1wq5XuHM2AndV05qDbNqoEjcEaJ1rE4g8i/RgNGceDDCEEkcYs6DlX81zgcnQCte1QHTDh3Q8BS2Fb68GYvMvJ7g7o31p+kocnpZMWPxff36RyMVguhAfU5SBoFkkNER3uqIZrWtbTzrQDvPK5w==
+maif.			172800	IN	NS	ac1.nstld.com.
+maif.			172800	IN	NS	ac2.nstld.com.
+maif.			172800	IN	NS	ac3.nstld.com.
+maif.			172800	IN	NS	ac4.nstld.com.
+maif.			86400	IN	DS	48459 8 2 E44BC6E7CBA1624A5F16941F1D53FE470A3A7DA4B1C592878D1B32E8EBEF667C
+maif.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . rMUc/raIKd0R95EemYXzJa1CaCHco1KNEk/OMMrAIpaST9LiJiiFCsdNakqfYtZRVjkSc0FtSJZNR8lMOgaim27tpNoYDWo/1Ny3XrSXmTzhzWwnmwqhpyNdsWWVJVNLCx7LK+zQWFyRTfHx63yaohu7dRAuqtanD1qfsLVPpY5x1nMnqp08FDq+JmSiN+f7pvwZhVgPGpo7Hly0zk6guiLha41TzWyo576keEh6s6bZqRZ+qr9Uj9/wzx7KY9ojEZ1M76joZVxczClv27cm8axl3Zs1VSOcUO8K2i9rVV9kRAkeNF4wkJWqDNMrE2VisjFVxvTq/xfMwjr5/rYj5w==
+maif.			86400	IN	NSEC	maison. NS DS RRSIG NSEC
+maif.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . Rd4MpaNRZE0Q/4n7PT1QpB+Wyj4226P+zYpwy7dKw0byl6axjCas5DA6KF1Ek5VtrShnYFvTMRU3h4MFnZghKWRnZhmXT8gbeFgZsa5vQ8SiZVB/iCZU8N4uA9X9PXoo0gi9HAyKlVf94H5DG+FHYVT+6xd2OGKKw6jS7qK0/gsIVqNZrjVKEAEzI+w8cP2GYJmiJE1vB1DqghrutO1Sf/lvaQYRTvwP9ldo4UvBhTXLzYPO6SwpnKcH0cDC7JQpq/Nx6WbEYgrDSFQVD1jSQyCMjphMtcZ20I36sjPX80r1Sos4gkDgxvwalmRN2Iyk4TVtt+L93OdaYdoL8A/vWA==
+maison.			172800	IN	NS	v0n0.nic.maison.
+maison.			172800	IN	NS	v0n1.nic.maison.
+maison.			172800	IN	NS	v0n2.nic.maison.
+maison.			172800	IN	NS	v0n3.nic.maison.
+maison.			172800	IN	NS	v2n0.nic.maison.
+maison.			172800	IN	NS	v2n1.nic.maison.
+maison.			86400	IN	DS	47149 8 2 AE330295E4790375D3E98AC41830036AABB74D3D31B17C391B49D7FD2A4883BB
+maison.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . Sr7lL2z6dJKMs4KYMkQUZioui9raeNLvpXgO9na4MTcGVX9FEOyJEBrjFR5qOsMGd94P6/DwqwT9TjQVWbaAX6tiZqVm3D0bii+j4u1dEzW6fyZhqLdnotRjXpZ8XbRMa50zdh+6mkYjtaSj+/HcVBHK56Py47g7jYx9QCupt7lruW1ZpIKpzbr7lZZdlnYm1INYKBOMJEfHjOwK1od8X3uNzlDI4KUB6fPIsF0AecHUruAyCyV8umDCFgbZvArE+GYkY1j/x1H2NETLzEZ9qj/zaX2yUfLi6xCtPbmsvSal6L9Cjg5Y7bPy1IjtHVxVkk9q9aMKcNGomdYAvUZjlQ==
+maison.			86400	IN	NSEC	makeup. NS DS RRSIG NSEC
+maison.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . Rp3gWeu0p6HJiyslJSf3cjO+5CZwsRByndkESQMhRW0yeEnf5gEbce81ogNr+n/z2tF1yiUeIq8G8jwHKVLGpX26GbR9gQ+94Js1y7rKZSm6m/P0wECNPHljgCQ4hVRhtWeLFk8LkKG8ArIWdtdnoA90MpAjSWwjX2ghG/iapNSVCOStXcPOEQ3WwgLi647ujvYP2I+2PiRvrbpFvmYVwPBVHs2JmUshrYMozYQTjiLGvl3N0Ch++gxmn562tuqtxKaRrY/uA3ErmxViWjFlTamraHGlnuVnbTmYBpC865Ozp+aYkWoLzBCNdZCigKB0nrSN4Ag5cFB4ZD7IR4R8xg==
+v0n0.nic.maison.	172800	IN	A	65.22.28.33
+v0n0.nic.maison.	172800	IN	AAAA	2a01:8840:1e:0:0:0:0:33
+v0n1.nic.maison.	172800	IN	A	65.22.29.33
+v0n1.nic.maison.	172800	IN	AAAA	2a01:8840:1f:0:0:0:0:33
+v0n2.nic.maison.	172800	IN	A	65.22.30.33
+v0n2.nic.maison.	172800	IN	AAAA	2a01:8840:20:0:0:0:0:33
+v0n3.nic.maison.	172800	IN	A	161.232.14.33
+v0n3.nic.maison.	172800	IN	AAAA	2a01:8840:f8:0:0:0:0:33
+v2n0.nic.maison.	172800	IN	A	65.22.31.33
+v2n0.nic.maison.	172800	IN	AAAA	2a01:8840:21:0:0:0:0:33
+v2n1.nic.maison.	172800	IN	A	161.232.15.33
+v2n1.nic.maison.	172800	IN	AAAA	2a01:8840:f9:0:0:0:0:33
+makeup.			172800	IN	NS	a.nic.makeup.
+makeup.			172800	IN	NS	b.nic.makeup.
+makeup.			172800	IN	NS	c.nic.makeup.
+makeup.			172800	IN	NS	d.nic.makeup.
+makeup.			86400	IN	DS	49310 8 2 335D21FA55D5E1E94AD51A0CD89E8BEF3F034C5F842C2AD0A305ABEDB2603257
+makeup.			86400	IN	DS	64251 8 2 D35BAFB6C94CCFFF2DD894B0B745C49C0717BCC5348CA5422B1A9405DB1CAFB8
+makeup.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . sSKa8VW3AjcaL2/rjERzfjU0mwNjkCV5WbDRRP5t6kR/vRvr+fb+vSPU8jKvg+OBcZ9ga00wz5ySQ3FcC0b2mxrTSn9fheLRYY6MrzZULabW2eFMb+7g2mOgcPhuQxAb8LNNEZ1mKLw29U98VqdSehmZFfya0MWxQalAnORubtPy9GjMGGN9sMACR7LCsg/sU5DOVwQeBN/O5b0h14wMOcbYU/5uJ5JQ882JgoSMXF2l0XqH6XL+EUZ4KcYycy2Ith5tVSfQqYyzHE8ymqjHLr736hhx0wdZWQ1itfS+0d0H+6fY7vb/gKq4/2KSglEkqjZ+SZrItPPFQ2lw6FWq0Q==
+makeup.			86400	IN	NSEC	man. NS DS RRSIG NSEC
+makeup.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . W5kdUevFmrR8RLXBJnNqyN1nPbDKYZNteHFYe2oHeptAs0/fANpIixXoOVgEZgvlHC1oKSs3q3pCBTzDPtngdXjFIS81KtKXNM1yT7U/JLREqf47N57JW9dDN2GN9qkXtT41Wu7V1qGNXzX09l2SEb4PliN28MlTsmf9iQez15NKeD1kgHnKQTX/UMqqfq+G4DNWlpMC7al9h4d/PoNum8iYRYvgrqIoJi869oFKNjXd23leT7/i9XhFnIAEqGmm1T2fJUdect5DDM7kT/9LEqpcAZlP6RX5fuuXO11dzUnk6J5XjNBBZTbOy34wSpMu/swsFFjrGBlXtWUfeLq4Zw==
+a.nic.makeup.		172800	IN	A	194.169.218.116
+a.nic.makeup.		172800	IN	AAAA	2001:67c:13cc:0:0:0:1:116
+b.nic.makeup.		172800	IN	A	185.24.64.116
+b.nic.makeup.		172800	IN	AAAA	2a04:2b00:13cc:0:0:0:1:116
+c.nic.makeup.		172800	IN	A	212.18.248.116
+c.nic.makeup.		172800	IN	AAAA	2a04:2b00:13ee:0:0:0:0:116
+d.nic.makeup.		172800	IN	A	212.18.249.116
+d.nic.makeup.		172800	IN	AAAA	2a04:2b00:13ff:0:0:0:0:116
+man.			172800	IN	NS	anycast9.irondns.net.
+man.			172800	IN	NS	anycast10.irondns.net.
+man.			172800	IN	NS	anycast23.irondns.net.
+man.			172800	IN	NS	anycast24.irondns.net.
+man.			86400	IN	DS	1872 10 2 8E4B8FEF8F9E2D51C3B5B4189CFA8CD13D23D6B700516FC4AC632FC47EF7E7DE
+man.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . FisvbIkeSbqEoYZcC6hVtohmVh2YjyYUetu0m9pBwyhFVEEM/jAuPjGjDmLfuS1ldCeLOc+yuRyT5RihXauQ0XYar920+pJbh5DTHd20m6kVc/6uyoKKbxuvAm31yo5DDT6sF32UgZTSv0FgRX8CJZRyIIfPplr02B22VuvlLuOti3oTZPcfQZceXSblxpE4NSKbDeeucaWY/kpcl7qgXCN3ik3WoGdqcsjmwOQpguRD9Yy0EFVzKQHyC/dWdPKdGw3Fa5yvEcYV5FoYLP5xilllc55JTGoWUMFBDW4hAcP8kvTIfEm9d0CUh+OwjXLO+zW3VK2sOzd808bDXcQULw==
+man.			86400	IN	NSEC	management. NS DS RRSIG NSEC
+man.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . kXe3ck36eUTVgguL+PlCqn9It0NswqzUaOy4dzSrddINb2j6fO6iUdwDWjGZIb1XFfm9+KoL4vBma0R3J1SNlDIR14FHwqrrR+4j05cQiHicK1jAwk3xyUEbKIMjzXEJyK/u0YhlyC6ZMktu30h5fz6PXKlEkoiJ6wB6cynv+XS4saOmW3eeynba8jnf/p0IizJzVcik6sFhC9ZvsU3F2gWL1TdVDTSLIqsBjG4KUxTCYc3aQvQ5ij2MG+Urz38T8DWKi3kqi5eZYemTApfoJ1QTRm2aUmyQTWLVKRSHxhx1xzPoK0KEIQBtWF+TwGZ+UPltAcvW7vJSllvsJ42u3g==
+management.		172800	IN	NS	v0n0.nic.management.
+management.		172800	IN	NS	v0n1.nic.management.
+management.		172800	IN	NS	v0n2.nic.management.
+management.		172800	IN	NS	v0n3.nic.management.
+management.		172800	IN	NS	v2n0.nic.management.
+management.		172800	IN	NS	v2n1.nic.management.
+management.		86400	IN	DS	2944 8 2 3212DA6705ED0149EE2E13781D2708A6ADD9073DD6E680EDB3D76D9E45427590
+management.		86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . RWzRZ168n660y90s/ODllJ2iwh+V+5EEK74O5qINKoPZeMQsSLeuqkZvcWutnDvpjgTgpGtnN3IpRrd96oNS2U8iuFa7mkqxqvAKv7slbR78AWSkG6nSR78W5FWhP1VYQUN98Bb05MCpa5riyIFNYQtSUyG6kO1dskIJKAmyONMi3mljK9PPgki9xygmjjMysa47LCflmMNBJo7jNlZLGy+aRqjNJ42my5aDN/R9BVODs86Hf5IUZeX0L0wjqXnW5ZeEM+xfUa7D+VDXzY2tCpLsgVIsx8uZ9VoyBlJshCxItAnu2TzuS5+vH7fBmASNsjnKoobIz7ZF3KhL7nrOrA==
+management.		86400	IN	NSEC	mango. NS DS RRSIG NSEC
+management.		86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . fDzn2ysK8Ngv8LaQdVnYC9Ap0DWhQ2mP8wBeR6dC3Tm9f0reAbTokJ+pgGE2p6/zP971/1hKy7dgOhswAz2VJOo8ms80wadXVXEVhu3vZWRmWT/ToyOLTm4IY+Leu7QaA8DmOYc4r1mZ+Tv+BOxzOD08qWfplK3DXmdpZUyrfLt9bpK6OI9iNzKRPZdrNpwbsSQXH23IkwMGqI3uHi499IDNuHDrM0szBJRiz6v/j1csbdM1OosiMUH321IOFV9aDwZkTYDXUiXptwu/2RMtjCBJUCiQKrMvFdcZPbSr7zSnYeZOWpgTbdSya+Eh8IRGSpZYEevtPc/QepIzxM/mLg==
+v0n0.nic.management.	172800	IN	A	65.22.20.14
+v0n0.nic.management.	172800	IN	AAAA	2a01:8840:16:0:0:0:0:14
+v0n1.nic.management.	172800	IN	A	65.22.21.14
+v0n1.nic.management.	172800	IN	AAAA	2a01:8840:17:0:0:0:0:14
+v0n2.nic.management.	172800	IN	A	65.22.22.14
+v0n2.nic.management.	172800	IN	AAAA	2a01:8840:18:0:0:0:0:14
+v0n3.nic.management.	172800	IN	A	161.232.10.14
+v0n3.nic.management.	172800	IN	AAAA	2a01:8840:f4:0:0:0:0:14
+v2n0.nic.management.	172800	IN	A	65.22.23.14
+v2n0.nic.management.	172800	IN	AAAA	2a01:8840:19:0:0:0:0:14
+v2n1.nic.management.	172800	IN	A	161.232.11.14
+v2n1.nic.management.	172800	IN	AAAA	2a01:8840:f5:0:0:0:0:14
+mango.			172800	IN	NS	anycast9.irondns.net.
+mango.			172800	IN	NS	anycast10.irondns.net.
+mango.			172800	IN	NS	anycast23.irondns.net.
+mango.			172800	IN	NS	anycast24.irondns.net.
+mango.			86400	IN	DS	42309 10 2 3AFD388DCC7DE7AD4FA84EC0F897B59FAEF31877F80EF4D55E5ACBDFD8AB98DE
+mango.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . iF/aFL2ZNFiJVjiM6oA3DayxT2/y12sY7DM94NAkXxwCRiSQ1vKxTIzDtj04hI5vlu4L+1yfQ0utPaGH+4syN44fTRAN0zjJKdELxLnbed/1HglLH3f5F03ALYM3qJMv1ImnfnwYZzEGl+jBBuwaIcvtBw+kP4RrEWG6GP7tNO3PJGRX/qehOg8jTHvhzizGj3wpvJNw277pyv8/zzNWH6fK+mulwDny/ol968L20JbMYHbe7TF3gn0VssAYaiTLi6vpjPS4SFDhJfzcg89oSwXJB65ACHJziSv2+nEO6xqjJaqsfnGqU0N5P1AV1VNq2SqvjsHG5AaK2VUs0+TAcQ==
+mango.			86400	IN	NSEC	map. NS DS RRSIG NSEC
+mango.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . bTlbfK/RAdJkOT4hff6ChT8oVhOCj/P1oWOpTx08DiyT4RosX3PZvjj+NuwrUnzkdp2zcBz8kgDgfS80mX/CcM2/Zo/RpYKuZSazFmnvlKBJ2178Cro03XLqKtQ5eOQT9EqN/pjNcm76WKN52hL4Uoqz7pBp+e6G2CPwqYUjy6lwRmF81U1lI0as1trtqQiuu6hE1IqimkyP0kKgdqUF7r98Ec6m9pltDwYMXGbBMzfiagYF7VNo/II8ESDQ5JxSa5qlJrsvTndyz7MokdtUX9uGlMK9yYeUR5kDssiIO9kMY5AnHSAjed+Z6mCiU3zNNyM2ZQRpWwgTo8szw94nrw==
+map.			172800	IN	NS	ns-tld1.charlestonroadregistry.com.
+map.			172800	IN	NS	ns-tld2.charlestonroadregistry.com.
+map.			172800	IN	NS	ns-tld3.charlestonroadregistry.com.
+map.			172800	IN	NS	ns-tld4.charlestonroadregistry.com.
+map.			172800	IN	NS	ns-tld5.charlestonroadregistry.com.
+map.			86400	IN	DS	16600 8 2 2B0DBAFC4EAFA98FBED02ADB2FF33C9AF7666F2F9910A141573F511397393A4B
+map.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . IyfQDSk2xmOisdNYXOx/nz6VG0TBJYmLgtq68o85iiuEMqK8rJlf8QXoooIsvWQ3nwUVWbu5AMGYhnJgdQFaUaOTf8tcRG1GFpPldQ9nEaTXEuCCAH6gPsRusBgPDHKvPQKjPb6DwoCapiDSmEmSQ1VYg4FB7IxsL0+1hd1tINsc5JObjLEP215agKUwb53FqLkM2RLct/kAqmWSxxqTkLiS60/s82ROHlQCUg7q+MnDaSO4ycmOir8JrbXE8hjqKxUTQv2fVRhNx5bWSpROX9seEps1+6CFN1EeKjsQZyKtOzLqSHF0m5z9R7cspnuPAhkQ+sUxJvZYViY1LT5W6w==
+map.			86400	IN	NSEC	market. NS DS RRSIG NSEC
+map.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . x5td7+mRvNQTLNRQCSRS6GP4JJatIAJ27FBq4xV9RM3U+xnEv1qQeLhX+DyyaDHRYHFqUkmD0fSrOk8fPd0mP8MMB5TzkU1g2dlaSweLqqHVJFbRp7Km6YrfUgMtlpY2mbOi0zf4kZTixRc5kQZRkQFrpuFBkCKzqS2MeIzYhdkKpBP7vXxVGrfcmQaQ+QOU49Q40ZhJpvFiKYFOw4w+JBUtbYjkWchG5zsYAtNua0+POu6qlHo1ysgmn4z4a5REO7J5T8oQ5PjmVfqzBCi5ZS2gYv35NOAJJcL2eeZV6ikveX+WLkwBPZRmqxlUoTN85WwwrVkC3E62F6Bxq0Rsvg==
+market.			172800	IN	NS	v0n0.nic.market.
+market.			172800	IN	NS	v0n1.nic.market.
+market.			172800	IN	NS	v0n2.nic.market.
+market.			172800	IN	NS	v0n3.nic.market.
+market.			172800	IN	NS	v2n0.nic.market.
+market.			172800	IN	NS	v2n1.nic.market.
+market.			86400	IN	DS	40531 8 2 A42ED3B928B90E5B821578D204BA0D108138BE438EEA0F9CEB91436085264C80
+market.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . Sw0sCGAu1clfVEMtkUdhXBOCJv7cXfpHa7DyWWh5j5bPRtwcpeGvDebKZ3QNSqkm0rgvderhd3J0Kka9oPmcFX7/kCtlZI/Rr2usU/97DdNoWVxr6PUSdIn5QabI7o7rdw9BE2p8PjWA7qhhbYTim0HoLF2ATu+nKHxkpZ0WwqfwNAkObbcM51oTeUf4Ic3WNtPQzqPxlT0B3+fPrVYFhyZDUghx7DGWdyomFIfBVQFNXDuunjAUeUAiznjuM+kBaP/0r5xV88HFAH5UC93p6Zci3d4QGg7gigHkxcjk/w9q8/T7SbWRqnZVsbW1wKRlwsezS0qp3fRifi4hHPsxKw==
+market.			86400	IN	NSEC	marketing. NS DS RRSIG NSEC
+market.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . Ydw4x3WpUV3gKRj9xjIe+pDfMSECPkRgODubFnC9x/ohi1QYJ7NAzskiD+a3VamNhPvH5Iwk2wZeI2FUnh0+wEeaNnAKi1rQmYvXjeoJFR/VkyTCLk6iPDyfV2LSxjLHaS0mnF1idPvCYM3fcfD65ZB55HpQYr3rxQCgRkfY0hNC+8rp37dzzCdy7/DDUEkLe2EIx50H0iN0dIC1oxhFtJHVsh1/Ia61ipvtSingnz2bGzB0Of5ocQUAhK3YvbmxgsCWWhRMSSVEL/lzrw6QUROplL0ecZojv3zb1zX+LaJ2pAtKEHIYxDfkxIcMdxWseNIxio5lS5z+TIprvT3Jtw==
+v0n0.nic.market.	172800	IN	A	65.22.20.8
+v0n0.nic.market.	172800	IN	AAAA	2a01:8840:16:0:0:0:0:8
+v0n1.nic.market.	172800	IN	A	65.22.21.8
+v0n1.nic.market.	172800	IN	AAAA	2a01:8840:17:0:0:0:0:8
+v0n2.nic.market.	172800	IN	A	65.22.22.8
+v0n2.nic.market.	172800	IN	AAAA	2a01:8840:18:0:0:0:0:8
+v0n3.nic.market.	172800	IN	A	161.232.10.8
+v0n3.nic.market.	172800	IN	AAAA	2a01:8840:f4:0:0:0:0:8
+v2n0.nic.market.	172800	IN	A	65.22.23.8
+v2n0.nic.market.	172800	IN	AAAA	2a01:8840:19:0:0:0:0:8
+v2n1.nic.market.	172800	IN	A	161.232.11.8
+v2n1.nic.market.	172800	IN	AAAA	2a01:8840:f5:0:0:0:0:8
+marketing.		172800	IN	NS	v0n0.nic.marketing.
+marketing.		172800	IN	NS	v0n1.nic.marketing.
+marketing.		172800	IN	NS	v0n2.nic.marketing.
+marketing.		172800	IN	NS	v0n3.nic.marketing.
+marketing.		172800	IN	NS	v2n0.nic.marketing.
+marketing.		172800	IN	NS	v2n1.nic.marketing.
+marketing.		86400	IN	DS	22285 8 2 F2FD61F041544A7A8DD1BF440C72020D08581190D697F3944886AD1FF08588E1
+marketing.		86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . fJkyl/CKF5asV+LVRvT/rDPVjqWM7juPdYIIk0q22Uh90TK4X1xZkTNzGBbEIRWSy9h9pq3Jie3hZrKqrhb+73PEQ1+e/mP071Nb3OhVuktQXsPbXuQ8uhMRv63852RsRGZv+6XBrtMgQ7QzriFuv7CDY6H2pj4dhKFw8MkqEJlprQKuR9SbSV1SOzkhiqDUqmYKyGKT0NRsOiByYxFmQhvXBwzq48pWap2pVqSiwSw7NqnVRkE+EM/0AUBsyaEKYPCPwb4Yzfx3F4CIRN+Q68KK0F2DyarmaTinhwcYFLURQnzECJFRcDdjIwKEAeQaRvKIqsPXF9DYrYq0XF2zpg==
+marketing.		86400	IN	NSEC	markets. NS DS RRSIG NSEC
+marketing.		86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . qYpX3DmSyPKfi3ZmGMD9A6G46FXJR7AQiTskwkMR6xru2tt7X8i1AISFJH84A78/jDMpzAN0wN5WNDTUTjsJLX6vnDbeY5c1zBS5UBrG7ZDMWbQjduk/m1132gu7VOkEglGWkNg7Y5oFuUVMp7RwMIQA9Z4YzfEOp6Fg1n1xQ7ZhkTBigSUvlZX4WKsOiWlDfDj99pJr0zjKToFFINXfiUjcgQngFIKYp8pxSPuRAi4XBfHzi22oKvOBxet3EU0HH1PrSb6XxfWxbdtiiysE5Tfwr77KUeLGu+dC4GIvkbi07QNhy8lwKjVPhZYvhnXvR0QhuIaf65Cb6lheToigwA==
+v0n0.nic.marketing.	172800	IN	A	65.22.20.6
+v0n0.nic.marketing.	172800	IN	AAAA	2a01:8840:16:0:0:0:0:6
+v0n1.nic.marketing.	172800	IN	A	65.22.21.6
+v0n1.nic.marketing.	172800	IN	AAAA	2a01:8840:17:0:0:0:0:6
+v0n2.nic.marketing.	172800	IN	A	65.22.22.6
+v0n2.nic.marketing.	172800	IN	AAAA	2a01:8840:18:0:0:0:0:6
+v0n3.nic.marketing.	172800	IN	A	161.232.10.6
+v0n3.nic.marketing.	172800	IN	AAAA	2a01:8840:f4:0:0:0:0:6
+v2n0.nic.marketing.	172800	IN	A	65.22.23.6
+v2n0.nic.marketing.	172800	IN	AAAA	2a01:8840:19:0:0:0:0:6
+v2n1.nic.marketing.	172800	IN	A	161.232.11.6
+v2n1.nic.marketing.	172800	IN	AAAA	2a01:8840:f5:0:0:0:0:6
+markets.		172800	IN	NS	v0n0.nic.markets.
+markets.		172800	IN	NS	v0n1.nic.markets.
+markets.		172800	IN	NS	v0n2.nic.markets.
+markets.		172800	IN	NS	v0n3.nic.markets.
+markets.		172800	IN	NS	v2n0.nic.markets.
+markets.		172800	IN	NS	v2n1.nic.markets.
+markets.		86400	IN	DS	58144 8 2 2C079F760779074E6CE68307C28F88F7B75D9FD6CFD65BEC5C95C38D3EBFC614
+markets.		86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . n0VxvRIMDnNMSRKI4dN/QXs0weXS2SwdEhBDB3NPU2X4K+KVaR+txAvVcuj0eLpVT8d0cRduGE1H6QYJFtl5ZfsrhXMsr/lQfDzXQ9YS9IyYMFy0HB7yKwZ3qhB81T/KmiaWL5jmGABW8LkdsQAzvvEGS/HoB5QZ04HDRspaZogtSRhYlP3f15BFv4k2PgKAsq5KkqZ0AeiOivpDIkk15tdsvn29z4tExgP38ebNlNxMaXsFd719+KKdvcoM6ooU/LpnOLeb+vPFbu0B6ZaaYceHtDoi4408DyDq1jGVILqtHivJEPzpzDtQ93g7zn+hDyG0zq8D9zqA6p0ZMRGJcQ==
+markets.		86400	IN	NSEC	marriott. NS DS RRSIG NSEC
+markets.		86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . 0ptlgU99F2ZrMQKOFAsrkXnP15HOgNQG4b5E6rfVJyLwxF/Zt6dLZ5AByBNxuj+kFoiwiHrn+j8L9mrJfDNtqAxvMYXD4lz8umpr7LUDXcLf7ld3V/BecdzoYyDEyZUeEeNmIvv54SC2r1va+9Eng7trFoE78Zr3kjtyFlVd+Y63r1gzsA3t87nHA89y9KxXcN2QCKDel2/mNh4cH6ltDyaItGlnwq7WawHZ1dLACYdoWB9PyF5yeqDp0jCNzv2f+JvrTZBvDJKtxLi2ricj5b1bVmkbJFAlhjGxJaYxM/+E2CYC6Xe+2uIR7/MTC/eMfmI5XHnzy95HfSgYupgvsw==
+v0n0.nic.markets.	172800	IN	A	65.22.32.65
+v0n0.nic.markets.	172800	IN	AAAA	2a01:8840:22:0:0:0:0:65
+v0n1.nic.markets.	172800	IN	A	65.22.33.65
+v0n1.nic.markets.	172800	IN	AAAA	2a01:8840:23:0:0:0:0:65
+v0n2.nic.markets.	172800	IN	A	65.22.34.65
+v0n2.nic.markets.	172800	IN	AAAA	2a01:8840:24:0:0:0:0:65
+v0n3.nic.markets.	172800	IN	A	161.232.16.65
+v0n3.nic.markets.	172800	IN	AAAA	2a01:8840:fa:0:0:0:0:65
+v2n0.nic.markets.	172800	IN	A	65.22.35.65
+v2n0.nic.markets.	172800	IN	AAAA	2a01:8840:25:0:0:0:0:65
+v2n1.nic.markets.	172800	IN	A	161.232.17.65
+v2n1.nic.markets.	172800	IN	AAAA	2a01:8840:fb:0:0:0:0:65
+marriott.		172800	IN	NS	a0.nic.marriott.
+marriott.		172800	IN	NS	a2.nic.marriott.
+marriott.		172800	IN	NS	b0.nic.marriott.
+marriott.		172800	IN	NS	c0.nic.marriott.
+marriott.		86400	IN	DS	24409 8 2 8684C74574A7D00D562DCD780C7DEB8554F2DE761BC6BF4F59197D8D9B0656A6
+marriott.		86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . gbaVBp1i0fLET+nktk0E1lGxeArl+so3fMpW1O1dT6JF7zikql36x69MYzTmTaNpz0N6RhTFC2EeqH0GYBGcL0uGoOlJJnu7kXBENbCQbtXS18xzNRONmxaOw7BVkqXwAwMU6MF1+e+zgsQpRFmmBgZTIKL1I4q0CcAUGZKKRVRyWMmuOgHR9GesGndz8QrGyeb0HkAMcEoGTApgnJw8zuGNzTOs5v/xqgOFXFv+ee5AcrHmtf87Lt5cFJ6eZM1cuMiZ3G74w/BAbAd+qMhP8rBsrPP0EYi1gvimK8N6EHvf4Y/ZkHeihGLjEmieefk/oqpSrDPfvKEB3M77zVYunw==
+marriott.		86400	IN	NSEC	marshalls. NS DS RRSIG NSEC
+marriott.		86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . S/HqqpujSfCOiQNn5SOSbRuZGhdAHhlVU0DGT+Kf//5sRF5Itqd0VpjExbQUZas5oBlIpNtFhpBPpaDNmGuOTFLd4+ePcIfsWsZXQHOGNzYEccq7q1UOx44UGYKKCCCki1bhyj7XpsCI7/c75Nk32jgeMNjXQh/PAl5vW9ZqfvvDREbhoE06WMgg5g1Zfhhnp14PyiUiaHt9zq7Bk8aKvWtIuCohPdXe/sn1XkFal+TVqgVlYPTRQdwTcKEKy+KWHNZEe+eiSB6KgLgmFOr2SUXitVYuuOVLpH+emr7z2oUdTikw63jBFUPra2ttSuM2YgVNLaV/HP8slZboVq76gg==
+a0.nic.marriott.	172800	IN	A	65.22.236.9
+a0.nic.marriott.	172800	IN	AAAA	2a01:8840:e6:0:0:0:0:9
+a2.nic.marriott.	172800	IN	A	65.22.239.9
+a2.nic.marriott.	172800	IN	AAAA	2a01:8840:e9:0:0:0:0:9
+b0.nic.marriott.	172800	IN	A	65.22.237.9
+b0.nic.marriott.	172800	IN	AAAA	2a01:8840:e7:0:0:0:0:9
+c0.nic.marriott.	172800	IN	A	65.22.238.9
+c0.nic.marriott.	172800	IN	AAAA	2a01:8840:e8:0:0:0:0:9
+marshalls.		172800	IN	NS	a.nic.marshalls.
+marshalls.		172800	IN	NS	b.nic.marshalls.
+marshalls.		172800	IN	NS	c.nic.marshalls.
+marshalls.		172800	IN	NS	ns1.dns.nic.marshalls.
+marshalls.		172800	IN	NS	ns2.dns.nic.marshalls.
+marshalls.		172800	IN	NS	ns3.dns.nic.marshalls.
+marshalls.		86400	IN	DS	33055 8 2 5202EA0F1ADF8FA9A0FDB1EBD7B3DA0AD6274731623EB7E6ED2012F47678E413
+marshalls.		86400	IN	DS	53986 8 2 C616816A6077BD3E6E38BC929C17E557DEDE9DB0E541CDF3A196D699EAAE729A
+marshalls.		86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . NMye/F5xUVWD0p5YxeFrHPxL5KBETz0Pr7DM9Q0EekYDizi7KjurY+/teZIkmHQuOgmZglSXujC5t9+wXjusK4eSP5Wb3PfoooiuRjVRoN6q3Rl177EP+Ypc3zIsALtvDx7RQno/YD2pTLKyMvtJdQnAjVLw7As4Ch/tmJbqHiRpSZmIJaT+Z8F38BlhSeYGnYHjTiYN+xcf/wZj2x40m2j0/JcqxTrgK89ifK8LwR/MaqXujGQpsmztetcOBQXjBxahUs4N6j8oYeJ7g/VzWxYsK4e4YVTFsX4gD/MUUlPiwmxoFvV0KfGRAKignD/usnWB0O3P9vwvnl6DUZScUQ==
+marshalls.		86400	IN	NSEC	mattel. NS DS RRSIG NSEC
+marshalls.		86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . BR27LQdc9su+iygwoDXCxQ8yZxVSRWvliCDS2Zyet16IEW5ss+zyGF5gwjW/5w8Ni4a8qZdhDcxpTD6GIDdarS3Z/GF63eNdQHPU68hAIniFffXW6uHABT61Vv28k6Xj10gDsCbL95gldEdnpN7krm4LCtBu6lqJjunSnwLf3JDb7yHcBDhgb6d0LgEzL+HiM5UAfLQHX4HE+EVtylNcEUo8YfpAvhHG1wOlVAVSENFwIYmYUsbGEQIXDNrtRAQVPhEqoGpJLD1OMHOAf/OMl0nYMpevy0zOupIdErYsPwbCdnFI88RxWkWDR5SAZfmuSKbgpaA3QIxDbz4eAByLjQ==
+a.nic.marshalls.	172800	IN	A	37.209.192.9
+a.nic.marshalls.	172800	IN	AAAA	2001:dcd:1:0:0:0:0:9
+b.nic.marshalls.	172800	IN	A	37.209.194.9
+b.nic.marshalls.	172800	IN	AAAA	2001:dcd:2:0:0:0:0:9
+c.nic.marshalls.	172800	IN	A	37.209.196.9
+c.nic.marshalls.	172800	IN	AAAA	2001:dcd:3:0:0:0:0:9
+ns1.dns.nic.marshalls.	172800	IN	A	156.154.144.108
+ns1.dns.nic.marshalls.	172800	IN	AAAA	2610:a1:1071:0:0:0:0:6c
+ns2.dns.nic.marshalls.	172800	IN	A	156.154.145.108
+ns2.dns.nic.marshalls.	172800	IN	AAAA	2610:a1:1072:0:0:0:0:6c
+ns3.dns.nic.marshalls.	172800	IN	A	156.154.159.108
+ns3.dns.nic.marshalls.	172800	IN	AAAA	2610:a1:1073:0:0:0:0:6c
+mattel.			172800	IN	NS	a.nic.mattel.
+mattel.			172800	IN	NS	b.nic.mattel.
+mattel.			172800	IN	NS	c.nic.mattel.
+mattel.			172800	IN	NS	ns1.dns.nic.mattel.
+mattel.			172800	IN	NS	ns2.dns.nic.mattel.
+mattel.			172800	IN	NS	ns3.dns.nic.mattel.
+mattel.			86400	IN	DS	59044 8 2 66F510D9469E77AE174BEA4F42E1215AFD837C2A27C9F0095BBBC3A3E2BA4CA4
+mattel.			86400	IN	DS	64621 8 2 340D9CBB6A30CC146D7CDA72F89D3AE7B4F634ECA0FCF53D84586D13BE35FC14
+mattel.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . 1W/QLQjYs+nDHPRPiH5JM8mjzaHIZOiCF1mll0k+V7d28x6jyjxSNOd5OAIdmmY2CpIvMDTchmxQrluxJMFdgUvP53bzXsTSRcWLmUR4qxH+Iabno18qE6qaxrfJVeSg+CWKV0r+x+8gn3zRw0TUMPmXYwBmIVJeuvhpyTZBqBkMRP+swmYeLeAZffokRTy0K6/I7Yof+9G6LD1BrLhzVMN1Ft1qgl1RBR3Wd4qRF73RAklKcpwNUeeBd8yCXEPH/KEZ9JfJJ5AGKF/wO4i6H2A9PIZgocbPhBEcNpkDJktP6kOz9PefwVibmO0mbAZPx9hnC68IFfZi4XGmg24Uug==
+mattel.			86400	IN	NSEC	mba. NS DS RRSIG NSEC
+mattel.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . Pd4sttcXS5w4NvpoMOOXczuJEcE+Vcaee75QGPYQBzbTPqvdHALeNSjlsQDzRUAm4yEPAHpN8gZt6VvOKTD/DDKtwYyMxMUYYxmrx2bbeiWz/qqh0aLH4lPIsY95oqjAQ3uOQPDXR2JQ0987bOv/IYoIBkbw7oDtDMUe+KT2P/zn6/BXmFNyPIFzRqwl294GmjKWc07Zpkj+eqw5KPhAgB3PuvJybPjDnNaJQ6nc7B7WLSHAeSe0/ykeUrTpzhs8bv0GuGqcHR/S2qZXuXZr7PAE2skdbnHnxYXQdgP49bl9k4GQHTrdtkQtpOSjVr91StPHPMoIw/zTFxI00HD2cw==
+a.nic.mattel.		172800	IN	A	37.209.192.9
+a.nic.mattel.		172800	IN	AAAA	2001:dcd:1:0:0:0:0:9
+b.nic.mattel.		172800	IN	A	37.209.194.9
+b.nic.mattel.		172800	IN	AAAA	2001:dcd:2:0:0:0:0:9
+c.nic.mattel.		172800	IN	A	37.209.196.9
+c.nic.mattel.		172800	IN	AAAA	2001:dcd:3:0:0:0:0:9
+ns1.dns.nic.mattel.	172800	IN	A	156.154.144.109
+ns1.dns.nic.mattel.	172800	IN	AAAA	2610:a1:1071:0:0:0:0:6d
+ns2.dns.nic.mattel.	172800	IN	A	156.154.145.109
+ns2.dns.nic.mattel.	172800	IN	AAAA	2610:a1:1072:0:0:0:0:6d
+ns3.dns.nic.mattel.	172800	IN	A	156.154.159.109
+ns3.dns.nic.mattel.	172800	IN	AAAA	2610:a1:1073:0:0:0:0:6d
+mba.			172800	IN	NS	v0n0.nic.mba.
+mba.			172800	IN	NS	v0n1.nic.mba.
+mba.			172800	IN	NS	v0n2.nic.mba.
+mba.			172800	IN	NS	v0n3.nic.mba.
+mba.			172800	IN	NS	v2n0.nic.mba.
+mba.			172800	IN	NS	v2n1.nic.mba.
+mba.			86400	IN	DS	65197 8 2 4076FF89017430719753DF3C4C878F0114B1A6C14F79A9B8D7494F6F825AFDEC
+mba.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . z/+hazQuhhkheRdfTx8XkYe+Ih0hfk58Nx+3WBzv6BCBGKTF7jGBXV/s3bYHk3FTz7iBW8lJjpu3VsNPKODyRytCXrBCtHskU5co+Xnhy1Nx0qD0Qx6JyRKCZwjCtnc0YyF9AqXxy6R0AM9B2BQO+xzPWUDJ8SVxss4dhH++xc7878AWEITULR5woHWeUO/JXnbiMJsIC4vyrWFZYkzirFFEO7JRoRGLLZGRskJ4VPFfVZdZROFvq5Hi4ujNrYVu0HICLfInkx+Gpc+I4NhILOsYyjWq3H5mWcwYwBz/fJEF461b/twkI8wVbvp3ors9jFV9Ac3unIDBpqQia7cD8A==
+mba.			86400	IN	NSEC	mc. NS DS RRSIG NSEC
+mba.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . ODX/SKM8FYzQLEqxLJ18KvMG5rzjEHgIVt1ugws3Ph2TPB6gP5+ep4a6M79g4wiDGFeHH3ony6wTtnuyMEDeyyxKleaiIFcpxqDEaJOliilaQqgLyian3C5PJ/Hdt84IheB6HmoqZfT2zlWWS5/+h05Y1z+KeHYWtMgkzqd2fsikyKmt6r4tZ4hqdMz27nhWf+DsdElTINUGx+wgwbmX9geny6m/YunMr3Iyde0hkjxkKofveLWXJTUk3RSeHi/QeilWSkQA2iotovysDbFm2yefqUIUWxfCWxbiF21VHR/LYA9n6e0v17blAXKSID5na7aUpeYACKQXg3Fuw0jSdg==
+v0n0.nic.mba.		172800	IN	A	65.22.24.59
+v0n0.nic.mba.		172800	IN	AAAA	2a01:8840:1a:0:0:0:0:59
+v0n1.nic.mba.		172800	IN	A	65.22.25.59
+v0n1.nic.mba.		172800	IN	AAAA	2a01:8840:1b:0:0:0:0:59
+v0n2.nic.mba.		172800	IN	A	65.22.26.59
+v0n2.nic.mba.		172800	IN	AAAA	2a01:8840:1c:0:0:0:0:59
+v0n3.nic.mba.		172800	IN	A	161.232.12.59
+v0n3.nic.mba.		172800	IN	AAAA	2a01:8840:f6:0:0:0:0:59
+v2n0.nic.mba.		172800	IN	A	65.22.27.59
+v2n0.nic.mba.		172800	IN	AAAA	2a01:8840:1d:0:0:0:0:59
+v2n1.nic.mba.		172800	IN	A	161.232.13.59
+v2n1.nic.mba.		172800	IN	AAAA	2a01:8840:f7:0:0:0:0:59
+mc.			172800	IN	NS	mc.cctld.authdns.ripe.net.
+mc.			172800	IN	NS	ns1.nic.mc.
+mc.			172800	IN	NS	ns2.nic.mc.
+mc.			172800	IN	NS	ns3.nic.mc.
+mc.			86400	IN	DS	20677 8 2 81E94624EA1EDD7AC7A412F0E5311B7D4D9500FFDB005E98B2FC610239331A9B
+mc.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . iNwHvYv+iSZ8X0Df5QPcUvC2TdtM1ldEwhMTs75sm3gb/DD98GFY1uu4cHcAaZcchlbq12OKT0BXcGqZqG0fhs9oH0QiBsiWo2PvMbtXhB5z4IITqgVlQkzOTp9Plexbye7ptQ8Pedumr4lyLDRnWUQ1rKOICsBFNIeLFbKFFnMPw+VkPtJMz/ZS+ZeAFWQdgbzts669Nr5Ta80KT0amRBgHPJI2m9VSo8WJ2rgnHlfofRo03mPUaJt8dDrlRGFGth5vYT2hJSSB/ipZ3Z8qF1PYqL42VjOijJiVyRtPq/FFnhht9QYrHOCovQ10BMG4liHAa2k7yaBCdi2zhwqBtA==
+mc.			86400	IN	NSEC	mckinsey. NS DS RRSIG NSEC
+mc.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . nEtrBfZ7P2HauG8Hstvb2djBLbXXR/ScH2GvbxLW+fB7aCfd2liU24BuBOvVF5lt42cO2u8o4qnU2UeyI9bg1F4psJUeSjKSTclwi9jgF6fF7omxp5CgbnvTITsog/cOsgpan4MlHSiPfCtB+WxNMLIWawWNP3V6/OmUfty34XqYWq/id4e60zPxKrWs4iqJhBYwOgldUT2tDADoGYQNPF+nT2IZLF0eWehaisI4ZPhbJp68tQl+DcwCCZBsCyfz5S0AQ+wbPkYZu2gtXhn5yThoOfza3OseTpGsUPZ6O/XPQ/A2MiCeBvrXRCjDS7EqgdNFJ2S/wf9oOYYB5V9Nxw==
+ns1.nic.mc.		172800	IN	A	185.243.3.205
+ns2.nic.mc.		172800	IN	A	13.36.89.111
+ns3.nic.mc.		172800	IN	A	15.237.153.29
+mckinsey.		172800	IN	NS	a0.nic.mckinsey.
+mckinsey.		172800	IN	NS	a2.nic.mckinsey.
+mckinsey.		172800	IN	NS	b0.nic.mckinsey.
+mckinsey.		172800	IN	NS	c0.nic.mckinsey.
+mckinsey.		86400	IN	DS	27100 8 2 B9D92B7DBF31D3BD3AA6752BD38C50F6B637509E22C438A34677C843B9AFD238
+mckinsey.		86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . oCtRSzLfNwG0rKj8UDCruyUxSB91E8mVswpjmDali6SDMGv/MEM+Lsa3qt566wIZruw+XZ4GZlgu6LVTix30LUafoQxbjbGzyw6LOyWOc2ub0t0UV4HZo5cneZcrvddbqoJEwBL9tQ2qVKWaCrQS2LGXtqzV9yBFeAlHaPPtbVEiLmgIi3DXVrAtJdd7dmtB1IpymIjmfarrsyMe8kQ1QG4IHlEf4MwqF4JmPAUni4+kiidqJMhJjWodDqkCFjRlrJ87IhYFDj4GWjY5ODhgSvFEzEtAjd7bXrj+PNkjkfS/OY8fsYlwTwCCFYFik+Zb97UlnCIiO4a0lFfvttVs2w==
+mckinsey.		86400	IN	NSEC	md. NS DS RRSIG NSEC
+mckinsey.		86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . xQaZLPCJbRsxCsk673j6BIZqk0M9lu7eDNMobzwmCrcET2pxBpEvV9+OhLVRPYnpynCPqOlVXSnJj42TpB4DdTgUyfdS1sdMq9zIknQdr712sbppFQfwGSBTcCIOP5XxVoSNmDAKbAYc4VZVhL+j2T0t5J0YIczizTAOBXriMSoV1d+xfbg7c5FY6zT8ub0vw4CA22aDZLZrKU/a7J71Y0NzS6v5aX5qHYcqbv2BlQIVO9kJp48fdQ9wwXZmHgs0imzVZ13z3N8xUnk7cNMhp++t0hxDNUK9jEn2yUPBDqd6y3BsSdLyV5T+lggjkBiE6JbrW35s/yweLVXEVQy7gg==
+a0.nic.mckinsey.	172800	IN	A	65.22.236.25
+a0.nic.mckinsey.	172800	IN	AAAA	2a01:8840:e6:0:0:0:0:25
+a2.nic.mckinsey.	172800	IN	A	65.22.239.25
+a2.nic.mckinsey.	172800	IN	AAAA	2a01:8840:e9:0:0:0:0:25
+b0.nic.mckinsey.	172800	IN	A	65.22.237.25
+b0.nic.mckinsey.	172800	IN	AAAA	2a01:8840:e7:0:0:0:0:25
+c0.nic.mckinsey.	172800	IN	A	65.22.238.25
+c0.nic.mckinsey.	172800	IN	AAAA	2a01:8840:e8:0:0:0:0:25
+md.			172800	IN	NS	nsa.tld.md.
+md.			172800	IN	NS	nsb.tld.md.
+md.			172800	IN	NS	nsc.dns.md.
+md.			172800	IN	NS	nsf.dns.md.
+md.			172800	IN	NS	nsr.dns.md.
+md.			86400	IN	DS	127 14 2 CA674F4A54BE4629950ECDFD492B82C5DFC833006924D5F06F40749A543DD1D4
+md.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . gtf8lCOuk8j/CrBz+zqma279ykiBDTi3nv1hZbZ4FQt6ZWJ5+2ZD1qMIyeRwORleM+Rqm3MSgfSiJg5opEaLfH2k2uUM9yBxEutgznD+h2ebKAq2u/jcdT4ybe1YsioQ1E8dYy9MuuVlCLnhaIz6ec0vldQyH0Qs4qM5vsW+U5CW1J1V0yyM/pfskkLNYJvoF0XKJi/cUu9MegJ2mWrxcuQKoTJ4HZcYyIixowZpATcw/4xp3qoxSJ4woKUzQ4/MwQEK0NCN4ow99/h1QhR/lBDU6MdlQ/oARu5iDPxOOtsAt0O6P+OUoYFKQYskwHYEaRb9wpDyNEDBfVO1C7kjpA==
+md.			86400	IN	NSEC	me. NS DS RRSIG NSEC
+md.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . oj2BGuCKEZ15B8jIikcQodvh7VRpvbNOmX4GOTKR7LJMYy4mTI1sVakXU/FFjniFlOB4x2U6/AA7gstioaV89UWIog43WBatBE1W10DlKsWl+HA/olKieKtrfOW5w+mUYD+QWx7QZ3Yfmibbyn5VydUkCFhC75mCkJFmfZiYxMvlE6O1Nq9vGZvbRW2cfmacs+GGE2NNkHz+9qonnvlcWCaDWgLSjdz+eCAYFjb2kl7UkKtBgniyfzs7HdbHnYgOVxZ3JP6UV6oGlOcLSOKu9vYibd+TJ02V0wJ71JDPcdyUTi3pGUiY6pj+rp9lKrf7KVGIfW5XmeyoRbbtTOb6TQ==
+nsc.dns.md.		172800	IN	A	144.217.93.2
+nsc.dns.md.		172800	IN	AAAA	2607:5300:201:3100:0:0:0:2f69
+nsf.dns.md.		172800	IN	A	92.222.76.179
+nsf.dns.md.		172800	IN	AAAA	2001:41d0:401:3100:0:0:0:7162
+nsr.dns.md.		172800	IN	A	89.32.236.165
+nsr.dns.md.		172800	IN	AAAA	2a00:c5a0:0:aaaa:89:32:236:165
+nsa.tld.md.		172800	IN	A	185.108.181.191
+nsb.tld.md.		172800	IN	A	185.108.181.192
+me.			172800	IN	NS	a0.nic.me.
+me.			172800	IN	NS	a2.nic.me.
+me.			172800	IN	NS	b0.nic.me.
+me.			172800	IN	NS	b2.nic.me.
+me.			172800	IN	NS	c0.nic.me.
+me.			86400	IN	DS	45352 8 2 7708C8A6D5D72B63214BBFF50CB54553F7E07A1FA5E9074BD8D63C43102D8559
+me.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . enzINiTu4hr1MmA3BD0XrYx0HZm/uI/9IpsTQZhKL/v1lWV6grysUT7fE6Bl6k39vdHTBwEvlx11HM6dLzPHZ9kFifkm7j6/fQOiiWJ48LJYM4QJQPPsqSvAtwtA5gKJ0/ySuJcB6y4DK3H5JCUseHwnX+t27s9RPiq46K7tL786Qylr7b8HXNmJdnyx/vuDRJLGJ3tbpQ/RbqIDeiFcgSzsMHlazqux4qNnVx/fKpcZrHwaGB4SwEbDc7RJYHlFJ34S40bd1w566lfRnnWvTV4bA11OIZCa0zTDPnRWS5i4cFJD6fzNUgDovA+SlIhHIQfGDghyoCrHcs5f756Vpw==
+me.			86400	IN	NSEC	med. NS DS RRSIG NSEC
+me.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . Y830A8SRFPP/lAgnZY+B7QJsTMAOg67mizF5rhkPeTfu/oN2Sm3uj9eO5XSFXwEYvzFlu8olfz18NJsn/oykqdQwIXQv4QuZo7xgy0MAoPbxXz403ooRoXblt9LgEkFL1rnYdMgyWdP8heEeXLJTHb/eC2VNRcz0OkzYBPttY/O8B9nZNokgjRBWxzBoQWoUKJAqXmsFGQEyNMNhJxwiWj270x+WSnHuXtbPhTPJRAu35eIQE6/kBCXNTvWA/2oVQrcEC2kntm2QaJ+Ug1HE6pwrLp4kwmYaPyEot4/8YV3R4GPtwE4m7W3+5aNzeo4oqXB461zbzxyGiEkqepTdFQ==
+a0.nic.me.		172800	IN	A	199.253.59.1
+a0.nic.me.		172800	IN	AAAA	2001:500:53:0:0:0:0:1
+a2.nic.me.		172800	IN	A	199.249.119.1
+a2.nic.me.		172800	IN	AAAA	2001:500:47:0:0:0:0:1
+b0.nic.me.		172800	IN	A	199.253.60.1
+b0.nic.me.		172800	IN	AAAA	2001:500:54:0:0:0:0:1
+b2.nic.me.		172800	IN	A	199.249.127.1
+b2.nic.me.		172800	IN	AAAA	2001:500:4f:0:0:0:0:1
+c0.nic.me.		172800	IN	A	199.253.61.1
+c0.nic.me.		172800	IN	AAAA	2001:500:55:0:0:0:0:1
+med.			172800	IN	NS	dns1.nic.med.
+med.			172800	IN	NS	dns2.nic.med.
+med.			172800	IN	NS	dns3.nic.med.
+med.			172800	IN	NS	dns4.nic.med.
+med.			172800	IN	NS	dnsa.nic.med.
+med.			172800	IN	NS	dnsb.nic.med.
+med.			172800	IN	NS	dnsc.nic.med.
+med.			172800	IN	NS	dnsd.nic.med.
+med.			86400	IN	DS	36455 8 2 4B9CBEC710C3FB2EDDC07AE31E75FA59855FB5ABCB9CE68A61CB7E490B5831C4
+med.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . R3BGliDNvW7xMLDJmZTkWlZxCyxAnIg4vvJfqlNqm1HvEvEISPCM2xfzN4A7gBZ07DlD15yhfBi/g/E3AwHGIQmLpMHfBzp/wR61AsGRsVIuP9Zs2+dm7yzmod2oWYmpTEzt1f4pZyb6PcnVuLI+Pr737Kf7654Ls+RIaxXYke+FdmsSwEUJLfSIwRjYpwKNWl51No/EKHk+gq5n5ioJugTL2f5FlKv6hPeX6wQ5hfswqWpHly2CYmC5lyrpuQUdWx/5nf9j8iu4PiFp8F0ZMZyg09TLQPwME5NTtmfVnOHx1jf72qfZBA8eual6wCrl+lh68LtaCI6M6uUtIr44BA==
+med.			86400	IN	NSEC	media. NS DS RRSIG NSEC
+med.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . VuqsEkjjjYmUt/AHhwLyl80MR/tRrYQhFf0lz5v98pHyYU6Z/yKy4bSZ0g5gDuLVutpP+J0+frNZskDDr9TQOqQSFyWsH6WSYPd1c/iCZEOystN0KHtXdPj7RHQqiXCDE9eLNc0U2X6J+KaOOVtlJMMpanQPvrH4s8RM8kYb3znxBpevQfX18UmGIeDGLeVD3O/XfgZzFHPbaG3NROk+1CNYBqvXICfaoiCqk6o7youTSIzCczI6o54vjjgg5inMCretVhLgU5Jrmd8/U1XkpcRuYswiQr6phh6rfR/Zf2sbnryAHkwVdx1NEyF++DquE1kSR9o3AD/F7pasEXFfUQ==
+dns1.nic.med.		172800	IN	A	213.248.219.124
+dns1.nic.med.		172800	IN	AAAA	2a01:618:403:0:0:0:0:124
+dns2.nic.med.		172800	IN	A	103.49.83.124
+dns2.nic.med.		172800	IN	AAAA	2401:fd80:403:0:0:0:0:124
+dns3.nic.med.		172800	IN	A	213.248.223.124
+dns3.nic.med.		172800	IN	AAAA	2a01:618:407:0:0:0:0:124
+dns4.nic.med.		172800	IN	A	43.230.51.124
+dns4.nic.med.		172800	IN	AAAA	2401:fd80:407:0:0:0:0:124
+dnsa.nic.med.		172800	IN	A	156.154.100.3
+dnsa.nic.med.		172800	IN	AAAA	2001:502:ad09:0:0:0:0:3
+dnsb.nic.med.		172800	IN	A	156.154.101.3
+dnsb.nic.med.		172800	IN	AAAA	2001:502:2eda:0:0:0:0:3
+dnsc.nic.med.		172800	IN	A	156.154.102.3
+dnsc.nic.med.		172800	IN	AAAA	2610:a1:1009:0:0:0:0:3
+dnsd.nic.med.		172800	IN	A	156.154.103.3
+dnsd.nic.med.		172800	IN	AAAA	2610:a1:1010:0:0:0:0:3
+media.			172800	IN	NS	v0n0.nic.media.
+media.			172800	IN	NS	v0n1.nic.media.
+media.			172800	IN	NS	v0n2.nic.media.
+media.			172800	IN	NS	v0n3.nic.media.
+media.			172800	IN	NS	v2n0.nic.media.
+media.			172800	IN	NS	v2n1.nic.media.
+media.			86400	IN	DS	54649 8 2 D73AD588629EAAC32749998639D85E8B383069CD7B85E4A5EDD131156EB15B97
+media.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . xGcQXjR/CXTEaHEY6aeITPszYttuHpS04GMpbb/rZv/Ie5uqdpchDA8gWsszDFjEeD6HnPupqe4KApIq0QmrnebkUPK8V10725lqQ/+hmfvvx5tqE2NWTw0N/ZByhhynOCmtRX3Iqw2T63LJz4A6tOBOpqFbA8GMaJ+42wQ0ssYBUkQJzlhHN+IGg4/rgMBt7oIHeo8nBHDxUBmyYV+2DzhCF252dcKRGMsqc7Ti0ODr33jefL+NKDhmmAWvcVCTdCnEC93XnUIxH3j1KG134N5OTxhxxiNNzoDj6ZaB/1ZOjtCZCif0q1PGzqokGOaePKThUQDc356lCQ3rZiOEfQ==
+media.			86400	IN	NSEC	meet. NS DS RRSIG NSEC
+media.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . jh4e4SPDcvSj1xhuTpINNv5XE/4gGg7/gn1CdPH6As3CD7lYP/4nkn6y+5kLokUU/Fuv1O2/1vRxXMIiXwHsCuypAuCjsVBuOs8uNRLCuM+zJDiDTDpzTQicrv4KCbftutXLM6O3MudeRbCatJvlIouGPRmacrgyZf4FLkbtEVSTzqq6NeENQPQwf71Q0FGLGvsDL4i3xc5PZPbKxWnB788pNSHmNRgLZ+HMGjSVcqtNSXOB03/wFKmO9mGN9V2QmAIaJ9E0HJIkbrOqfJNzHj03rdnKNt1kzyUD9doHKx7Mu4HqX6LyfPsfqMTEuuAGCUjCQ6shdTqlVi0mugQWDA==
+v0n0.nic.media.		172800	IN	A	65.22.20.3
+v0n0.nic.media.		172800	IN	AAAA	2a01:8840:16:0:0:0:0:3
+v0n1.nic.media.		172800	IN	A	65.22.21.3
+v0n1.nic.media.		172800	IN	AAAA	2a01:8840:17:0:0:0:0:3
+v0n2.nic.media.		172800	IN	A	65.22.22.3
+v0n2.nic.media.		172800	IN	AAAA	2a01:8840:18:0:0:0:0:3
+v0n3.nic.media.		172800	IN	A	161.232.10.3
+v0n3.nic.media.		172800	IN	AAAA	2a01:8840:f4:0:0:0:0:3
+v2n0.nic.media.		172800	IN	A	65.22.23.3
+v2n0.nic.media.		172800	IN	AAAA	2a01:8840:19:0:0:0:0:3
+v2n1.nic.media.		172800	IN	A	161.232.11.3
+v2n1.nic.media.		172800	IN	AAAA	2a01:8840:f5:0:0:0:0:3
+meet.			172800	IN	NS	ns-tld1.charlestonroadregistry.com.
+meet.			172800	IN	NS	ns-tld2.charlestonroadregistry.com.
+meet.			172800	IN	NS	ns-tld3.charlestonroadregistry.com.
+meet.			172800	IN	NS	ns-tld4.charlestonroadregistry.com.
+meet.			172800	IN	NS	ns-tld5.charlestonroadregistry.com.
+meet.			86400	IN	DS	56669 8 2 92E856A377729B77CCFA92121FDFB3DC6E82C9ADABFEF4876765E4027D2D7AFB
+meet.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . DcfpODntW9lFhgsAD5/kZIDl6BUoIb4trx/MdycYKoqnmwHs4UOGPquP1TUZi5ITtb409fkJ3+15CGNj72sxnkxqIHfCgLiRT/KMBBOK/7qZK7s/EHVbVwjavdCOGeA53ZPRgExdRoQzTcXZ7YtQIy0PFvdRKjs+Yg2ban6k2IBCOfGTvZhDs2peAURy84ZQlDyr4GYmsu7qBQEYp1zsjM7FQT2Ue27tQtFUCe6CvtKtVlbmxCQ5R/hjtCfsHOPhImd+NcA6l5A/WL840UwQakUfMLKx+bIFsQiicYC8UTXMU8zMsCBYs2YGARMXSILF3VShhOhYn9iPkTzO1twBiQ==
+meet.			86400	IN	NSEC	melbourne. NS DS RRSIG NSEC
+meet.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . gO1jkXxrTNQac6nJWrcfblbO7/wvYlqB6u2JWFpPnU/FfvBvcoOxkmknzCpM5VteclLmqXgdzKOTEK+iDdP/FQw3DFFyHv4k1MX+z9TpNRDWvGzKjNIKbxzHXOs96scRqjjpBHY2kINuFaEcp45fl0gFks4a2R/B2DOMD6Mkx4xs7+jskqMwpkeqmzUec7qeCmE9jJPdED1ELNHBvDksoAMX4Ao0Z8R4azmlzkgmPzz2z0IG1qsnEy6hTUmkhA7JMqBFbCPGHOaX19l7ufuciJ4BBcn/vTM84bWx/pyXj/O1SykoKvx1nkTkkXrIDOq6S35rEtq1u4cETKlNIRhu/Q==
+melbourne.		172800	IN	NS	a.nic.melbourne.
+melbourne.		172800	IN	NS	b.nic.melbourne.
+melbourne.		172800	IN	NS	c.nic.melbourne.
+melbourne.		172800	IN	NS	x.nic.melbourne.
+melbourne.		172800	IN	NS	y.nic.melbourne.
+melbourne.		172800	IN	NS	z.nic.melbourne.
+melbourne.		86400	IN	DS	3487 8 2 A1B0B1CA0F068E57760B7A4183DE3620EB0BE059006F36D07FED827424F89589
+melbourne.		86400	IN	DS	17374 8 2 6D9AAF608C610BEA2A8CE99B8870E02E7EC8CD2A8C1A76D363CD813A682F5513
+melbourne.		86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . ZIMkk27I8UrtPXYw9aqv0tCjoTrJoRRQeRJkr+WH0F7pTB9s1gmW9Wqto7n5aigszECDEm3Y/GfUBQP7nWFf4uqmES0hskFbvEZn3LTDieFoY0UArLjQQHpfGaoALbr6TCguwao/gKa7y6PSZia1mVzG/tNI/L8N2ERHZxdo6qC8pfbiQbN2nDxY6ySA214VAAb3RxubvP0s+d4esb5rS5Oem/6gaICP7fAYv6Njn8y1nDJeglyePebZUhM8pW1rzc5FaMr0scBuKQ0FsIBokEZv7AwjGUi4Dyq7T0mCbF4IHffetkQikZAb1fBns2xsxk+v0vOgvx3dWsVi7LC6fA==
+melbourne.		86400	IN	NSEC	meme. NS DS RRSIG NSEC
+melbourne.		86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . jqkYO1lYf2dmX63aB5QC5xJhe90xO1ukn/2TsjMMEQocXff9KCkfTlZeUppKBvOmVI1GIifOaDbgtg+3cnKb8n02/2a+EGP+eDYFgf7lowS8yRfuooZ6fanH5/hZj40A7lyq95who4VNd3o0hG5nLNJtagNJ5wQa3nB1FxEZEefYibA6Y18gQV3XYMHkAgcMz/t2du5VNlH+XMJLEjjHR+L1FIp5o90CzIVl0r32yTjRRO1OhcqeKcMz/pAOrXJDIZJBAXjQhwwqP6RDg6AS4L22ovfqFFfkshy9tPpRfU8qTZHca35WZcHznXY+F8xtslmkWcb+iiGiF8fzlD+jAQ==
+a.nic.melbourne.	172800	IN	A	37.209.192.10
+a.nic.melbourne.	172800	IN	AAAA	2001:dcd:1:0:0:0:0:10
+b.nic.melbourne.	172800	IN	A	37.209.194.10
+b.nic.melbourne.	172800	IN	AAAA	2001:dcd:2:0:0:0:0:10
+c.nic.melbourne.	172800	IN	A	37.209.196.10
+c.nic.melbourne.	172800	IN	AAAA	2001:dcd:3:0:0:0:0:10
+x.nic.melbourne.	172800	IN	A	156.154.172.82
+x.nic.melbourne.	172800	IN	AAAA	2610:a1:1074:0:0:0:1:82
+y.nic.melbourne.	172800	IN	A	156.154.173.82
+y.nic.melbourne.	172800	IN	AAAA	2610:a1:1075:0:0:0:1:82
+z.nic.melbourne.	172800	IN	A	156.154.174.82
+z.nic.melbourne.	172800	IN	AAAA	2610:a1:1076:0:0:0:1:82
+meme.			172800	IN	NS	ns-tld1.charlestonroadregistry.com.
+meme.			172800	IN	NS	ns-tld2.charlestonroadregistry.com.
+meme.			172800	IN	NS	ns-tld3.charlestonroadregistry.com.
+meme.			172800	IN	NS	ns-tld4.charlestonroadregistry.com.
+meme.			172800	IN	NS	ns-tld5.charlestonroadregistry.com.
+meme.			86400	IN	DS	12857 8 2 58B9E8925215859C971BD949C9DBD299900C9D017211FB30282A3BE9D8E7ABF8
+meme.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . WCo/GDgWeWdnxXeGIfZinUfOwOclJgSiZQ1yarCWyTnXGiUxOcmumUeXqgVrCBVdWGKxhOOLkivXA7lk3ycqgNo5sz62U2lzCGWvHFLIky7dvtnsea2ZKfY5vucP+lOs8U8txyP1zclFOnTXKy82hywgJyE5Dv7yIL0iexMIUJT2nGDDFkQty81JnjTbErLFKSO08i7ivQQyaHXSm2jowhed5BbyAFct1QH+O/hykQPiVoElEMVGGLuwajRmYFvW04FEAuBT40az/DlLEtgY1s3/guTUJkF1FnUp/paarBh5Ux7lU288Cvw0vImm9Ihpss7+RQ3cFHwIAXqSMxugmw==
+meme.			86400	IN	NSEC	memorial. NS DS RRSIG NSEC
+meme.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . krUlSsKYL5Fx35Lgus9V56KR4SBbcQjYZmGsQdyl8PJw/fcRXWhQeDZYZ9pzBTVr8LceTqkmB5KnnFiWooi0ZUmzvNlNLp94+bejAMwoIPTowxBYPI513qPfBzaQN9fuzpBZAqlO2aoA92qpL8rKrT2INpKd7ea0B6QNWqxGstnKGXt5D+L5aNe/4KEhuf79D2CRMHrvNtKdMWBwRr76Ur9moQ5rpFPB/j95fB+xMnBkhq0Zcmc66x5skslVW2VyymaTfaXJ1N2FLPnPpIznsXSsF3h2Qwp+Zn798i094/98UQA/sUOAOSVvj6RNbia/Z9WuCxe7JRfiNaAzlTbR8g==
+memorial.		172800	IN	NS	v0n0.nic.memorial.
+memorial.		172800	IN	NS	v0n1.nic.memorial.
+memorial.		172800	IN	NS	v0n2.nic.memorial.
+memorial.		172800	IN	NS	v0n3.nic.memorial.
+memorial.		172800	IN	NS	v2n0.nic.memorial.
+memorial.		172800	IN	NS	v2n1.nic.memorial.
+memorial.		86400	IN	DS	17102 8 2 125500A7DFBEA41E4B90C1B086DB21277340DF1FBACE51AC8E9AAA0C773D1D23
+memorial.		86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . JHp5Eh5HwMrgOcve/ow2ozSPPgnGup+OSptnPcFYa5NPmx9iigf8WC5cfHkrJCNupf5zXkSKSX+fE5Aj4al2DjiJMeYXkPdeWzM9QMHcjklvOfuRAIs22O2pZuwx3RlibFCrQICzovnBABoMVQ0EOi8Kt2xwLAz+4/nL0xL67+jWtvXSupV/NmV2O+zYPMtGUDthmSkc/p2P8PSGTCeiH/Zz5t2H6XyoNj+1iWYUipjGZOYqmvtequt4gH44CU5WKP5oPPIU039jR8eu6xl+2QTaLHZ3QI592+yyBQIXe1XWkuVU765GWrCCUdE/e3pqwFfViSp2OqDvLLrVLRaNtQ==
+memorial.		86400	IN	NSEC	men. NS DS RRSIG NSEC
+memorial.		86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . QcdTZUTvfgd+91V7pdZ/9QvuyOQ5/qr/jpPUNARVY70888VRNCs1QLIDmzHVuTxPn0u3EoC1ES1BkiEHt367ANaPsUrnLNIHRF1dQm/sETi/W2jsbzewDJg00bGYPfi0Md19lU+ZUEUN6PxYQNSmsFAnZb5lZbBh5JcCNbuuFQQXSouUmyIjHJoi39OMK7VyEPFW0NBU469hR5lRDYzKClLb1RApU3LZZ163ZDc49s88m7pcwKyvEZT9Ug6vNcAuqV0ZWMapI5IKZUH+uXro7j3A2f4cpOnO0bGUufyJWyx1PQEX83sCf1ga5aHpb3UM8pmo3cD//UJV98eNFTqhLg==
+v0n0.nic.memorial.	172800	IN	A	65.22.32.64
+v0n0.nic.memorial.	172800	IN	AAAA	2a01:8840:22:0:0:0:0:64
+v0n1.nic.memorial.	172800	IN	A	65.22.33.64
+v0n1.nic.memorial.	172800	IN	AAAA	2a01:8840:23:0:0:0:0:64
+v0n2.nic.memorial.	172800	IN	A	65.22.34.64
+v0n2.nic.memorial.	172800	IN	AAAA	2a01:8840:24:0:0:0:0:64
+v0n3.nic.memorial.	172800	IN	A	161.232.16.64
+v0n3.nic.memorial.	172800	IN	AAAA	2a01:8840:fa:0:0:0:0:64
+v2n0.nic.memorial.	172800	IN	A	65.22.35.64
+v2n0.nic.memorial.	172800	IN	AAAA	2a01:8840:25:0:0:0:0:64
+v2n1.nic.memorial.	172800	IN	A	161.232.17.64
+v2n1.nic.memorial.	172800	IN	AAAA	2a01:8840:fb:0:0:0:0:64
+men.			172800	IN	NS	a.nic.men.
+men.			172800	IN	NS	b.nic.men.
+men.			172800	IN	NS	c.nic.men.
+men.			172800	IN	NS	x.nic.men.
+men.			172800	IN	NS	y.nic.men.
+men.			172800	IN	NS	z.nic.men.
+men.			86400	IN	DS	21250 8 2 6C3F496F5F6ADA95799145C17FB84C995554114A8E2A77D27C58D7F383C9407F
+men.			86400	IN	DS	43840 8 2 F2AB9162A3125EE62726C0782DA179D9A6EA14D948CCF416C2C6CB2E7122A70F
+men.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . fuXkt8nzk4HALf+q24zmy+VeVOj8e0yriQ6zh9n8LPEZq2cfNY6S2nt54Uu2hhYWtl/xmUWtDx/dzWwV1rKtocOIKHmEpnCiUy+X/MiNykwEcaxXsBNyv7p5Y/6vAIumil274yXxmrlS+7PQPblNZQkOC0pAA39mSog7QQjNRK18hBZTv6GFHI7HsW0oLZXYohVJn1/VidamyGX1XYaqRKIdcNdHPp2tiiKmVhI5UYiBpRjwHlgDAvargNM46J8+Dy0xzmAkoB8COdjyWZmqCcdWGozhJsGAs7Oa5jFEWtNUaTnclZdPytcgY74XzEWrMCBfr7WgGIAYkKeDoOVKNQ==
+men.			86400	IN	NSEC	menu. NS DS RRSIG NSEC
+men.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . vNgfFfQjmHIaopxch6r/r2jhcyrcjQTV1dSuqBFWrpby/NAdAmAXlMq+lYGHnbghu5ZyZJB6EgVsLPHvO0khPTuglpPfvwSnY8PVC/tkTCReWyHvZCu3PAVN8DJBA5BrMCc5G/NPDvPKS6DlCbJ8OOACn2SW9E5+p5vV/ahDOUF8eEoJO11YWGvtHPPB6k/J43nuLgV2VhebJDjr0uQ5Vah/CKlxdZxMUeHAFt7i/ZQPJurvOKr053k+dTjYoqTPvOWnVLJT+yQ7vNg/xytzs1tpqtEXN+sN1lF8bK0XlV1BtKHeVouBwcNzHH9bP/UasfTns+7xIhBCrYSRIAAdeA==
+a.nic.men.		172800	IN	A	37.209.192.10
+a.nic.men.		172800	IN	AAAA	2001:dcd:1:0:0:0:0:10
+b.nic.men.		172800	IN	A	37.209.194.10
+b.nic.men.		172800	IN	AAAA	2001:dcd:2:0:0:0:0:10
+c.nic.men.		172800	IN	A	37.209.196.10
+c.nic.men.		172800	IN	AAAA	2001:dcd:3:0:0:0:0:10
+x.nic.men.		172800	IN	A	156.154.172.82
+x.nic.men.		172800	IN	AAAA	2610:a1:1074:0:0:0:1:82
+y.nic.men.		172800	IN	A	156.154.173.82
+y.nic.men.		172800	IN	AAAA	2610:a1:1075:0:0:0:1:82
+z.nic.men.		172800	IN	A	156.154.174.82
+z.nic.men.		172800	IN	AAAA	2610:a1:1076:0:0:0:1:82
+menu.			172800	IN	NS	a.nic.menu.
+menu.			172800	IN	NS	b.nic.menu.
+menu.			172800	IN	NS	c.nic.menu.
+menu.			172800	IN	NS	x.nic.menu.
+menu.			172800	IN	NS	y.nic.menu.
+menu.			172800	IN	NS	z.nic.menu.
+menu.			86400	IN	DS	31309 8 2 DEA786E2B9C069E2595D79B03F3A920B0342BFBC017EC606A0184340E9C9C88D
+menu.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . PDERNWQcC+B2nmoEgCRhVpSpF+Gos+1oMc6apLM/k+La2lrELjicXDDT7xrFBn82nJIUz6lB8rpgKXBc5VH5hAz8XUI8XpwM2EKZSCBlEBrf8XEuIilhC52ZZbNzoy/uuHQ/aYvtDIbNDlT6Nei0Om/p0KAW0Zx+j3D04Kak4iekdSWyRFbP8CRsTPw1/n0LrxTOkkZ/D2dbqPDc4owLayF5Lo17BpLIjifk1kg5Y1o5oYBMY053h2/BkAoW+i88wx5zjLrJkYpEPbaQI+Be95twqgcendyv+rPtYXMoTVFKLo+8la1VBbZvJ1YYg1r2dtquNsqHRXgtOWCv3IvxVQ==
+menu.			86400	IN	NSEC	merckmsd. NS DS RRSIG NSEC
+menu.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . roy6qNip7WVyMwO/IaW7O5FqwBZRf3doHbEaChlvfSlPd6y4xrqsxeqVm2dzvYkUd6RwS3Ce7y9g2XgLfF8CDThOz2NweT1ZkcVe+IvIH/jaOuMrDH3WniCXFC92x2r8FGSrMe2az5L+O8K8ehXAYUsPS0smO4JmxSua+ezyTNebOnQxsbb7VJsdWz/n1tArfdgSJpHxIv/7UFEhaY9oLlVk5I56ek1B0JNCZqiCokq6q4C75LznvCBRFke72ruHY/W8B+LCB7FHXCQf1UKE7G0/2gAwAOCpdKNzo63pkWB74hV0MrnkIcfRV9p+aviMXV+k5KGWtpbwgGWf62KkOQ==
+a.nic.menu.		172800	IN	A	37.209.192.10
+a.nic.menu.		172800	IN	AAAA	2001:dcd:1:0:0:0:0:10
+b.nic.menu.		172800	IN	A	37.209.194.10
+b.nic.menu.		172800	IN	AAAA	2001:dcd:2:0:0:0:0:10
+c.nic.menu.		172800	IN	A	37.209.196.10
+c.nic.menu.		172800	IN	AAAA	2001:dcd:3:0:0:0:0:10
+x.nic.menu.		172800	IN	A	156.154.172.82
+x.nic.menu.		172800	IN	AAAA	2610:a1:1074:0:0:0:1:82
+y.nic.menu.		172800	IN	A	156.154.173.82
+y.nic.menu.		172800	IN	AAAA	2610:a1:1075:0:0:0:1:82
+z.nic.menu.		172800	IN	A	156.154.174.82
+z.nic.menu.		172800	IN	AAAA	2610:a1:1076:0:0:0:1:82
+merckmsd.		172800	IN	NS	ac1.nstld.com.
+merckmsd.		172800	IN	NS	ac2.nstld.com.
+merckmsd.		172800	IN	NS	ac3.nstld.com.
+merckmsd.		172800	IN	NS	ac4.nstld.com.
+merckmsd.		86400	IN	DS	23340 8 2 F6643D8AE9760F8033A5A14B231851CEDFF97429EF22514CFCB1BA625EAC86A4
+merckmsd.		86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . hxCWyvjNIAgnbXbLpn8LP1Hm23AmV5xaqfsvp+nyZUySuXSujUD30ETLKf98fubH9y8/WbG48hEfPoVxk9Uf7psssaXRIPetN7OSnzF2ExMvld4GAzR9ft7QYLXnf3jiG1ewi2LDApeYKYn77ObAFY8NpKGLNRVojvKB5FwzVqPJgT8H9YlQAhmaNwPz5jIRRWD3VuvOlPyYfqxkad92zVs16HOlaL979EIpCntSTYG+5dnfI0pzCHXo1nZ4LWZ534yT9KMkIUpfmdhSLktEWcBbCYnpW/HZnDP+wBhl9+f5wN85CWrR809sT/Ou4P15TFe1H1KuEaOhZPalTWPukQ==
+merckmsd.		86400	IN	NSEC	mg. NS DS RRSIG NSEC
+merckmsd.		86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . caQ1PrSTdm9fLcmWO5OipcIGoap7wEh3Q3MMsgISJIl3/ZJVfsJRqMLv9+0AE1IUKwcgZm7PE5rUhufXy0dzHX+6I9m1f5arVeGUpRbzZ6iGHqi4hRXoR1aSUSUBmjgYSY/GBZIiZAoLV+d8G2gluTk/hVZ2FN0tUCopOsz0eiQKN1JucIcoM9u6HLtVqAYo1sCt/EG2L1BSV3V0K22sur5RluOUPDGXlUC5XLJ0kT+4IUREKflMzrZFKRlB61IYRnEpR4XR4xphXSPWJYBPLa8tdGef55lzqWeUpOly+W0fYx+65/3YmaUEhpMazu+6yN9qkItjf2zQkrA2eG/F9Q==
+mg.			172800	IN	NS	ns.dts.mg.
+mg.			172800	IN	NS	ns.nic.mg.
+mg.			172800	IN	NS	pch.nic.mg.
+mg.			172800	IN	NS	ns-mg.afrinic.net.
+mg.			172800	IN	NS	ns-mg.malagasy.com.
+mg.			172800	IN	NS	dns-tld.ird.fr.
+mg.			86400	IN	DS	31916 8 2 61C4C85F931E44175E37E585D4ECF728FE63587742D7335836E1E686AD44950E
+mg.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . Tfq43qz65rj64nEsAUo7uhemTxdxByjmZYiDGj6zReRsvbtqAFdEokOSaBX5HSxoCupHxZVdA3ALADKuess/bP2VjocWZk/umVbtPUBPz1JOYdRLbP9YLNz6g7TlcB+hliNDWFyWZ1jurJIGrFxlrU1jEp6YECWAOyZKEZzKs6AiKgeRqrK5ZJ6qjD7tgo91o1cRdf/irj/BBgdEX4XIhpzNPonbBJtG0dt76v5xV4cYntATnNtpmlVbM9vbcg2iKp7NtRZyL0QLh2HKzSkZBXbf7SHUropgnL12ah8TNN8AUAXXYEtR4kKe6OKHnewHXACPHbvt+O8KfCkfqxthhA==
+mg.			86400	IN	NSEC	mh. NS DS RRSIG NSEC
+mg.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . v/GvFy+9vRHQsKYp6KIxBNkTDUpQ9TTzZqc87Q6kheHebsGpGDzb186FwZoPUKyzoNckN6kmdG+PQBud0VM+OYhBja/iBTKvsDi3J25Yd9v7jPTnk9VxdNl2ExwngSeAsGDGCaq5RBeHg4g80656ikC0+89pJGIaWedhaR1Ipx/ztzyv7nEA+g0I3Q3BcliWO1S4CC1h9bFtX3XjcHYP5BZ6n7/uyNXjT8JdWHtmbDj+16nq2xxkatXDsRDNDVjngRA8YJyuPFj+YbNMcAkE+WW5gJtKvW7xXHCIl2GqKAVZSWYma4Cp7QEhaNyCAgpr0IXQzBNddIwjJLujhUl2yw==
+ns.dts.mg.		172800	IN	A	196.192.32.2
+ns.nic.mg.		172800	IN	A	196.192.42.153
+pch.nic.mg.		172800	IN	A	204.61.216.121
+pch.nic.mg.		172800	IN	AAAA	2001:500:14:6121:ad:0:0:1
+mh.			172800	IN	NS	ns.ntamar.net.
+mh.			172800	IN	NS	ns.amarshallinc.com.
+mh.			86400	IN	NSEC	miami. NS RRSIG NSEC
+mh.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . AA4INpm0/n/PxXGVa5UD2PI67F9gm3jFv9jEksKOyqjkWhATJRNzGSJr4jvvUeG/Yyw4cwvVLvQsAGmjzFBxzREaE8+daeyrPhOSQU51U6piUg2E6IhCWcrzJBKcCKCWBclZKsWUe3rppa1CyCLeAtBzuGFZvKlnoh6EkrRcKeNGrAdP9wcDWAvBP65WSm4WcL9LIKP6MY96RrELJpKUeU2lmAAr1H+IMOfr5CFtyAvOuHApUaasc88L/NO1GhwR27mdpHzAcqLd7iHJaJGAdfLvE6ECYkB6HCMtx6PnEFh2GltjKB6bmsg8jkkH9AQLd/aEPMWM07CxZ+6MZ5QntQ==
+miami.			172800	IN	NS	a.nic.miami.
+miami.			172800	IN	NS	b.nic.miami.
+miami.			172800	IN	NS	c.nic.miami.
+miami.			172800	IN	NS	x.nic.miami.
+miami.			172800	IN	NS	y.nic.miami.
+miami.			172800	IN	NS	z.nic.miami.
+miami.			86400	IN	DS	12679 8 2 4B9F71133648B60BE8D6D6742A698E1E6CC62B84EC278F643824690735549056
+miami.			86400	IN	DS	19654 8 2 8F63985AD288D934E94263F9CEA1F58734EDA5B75B35BCB9CA39B3038BFC03AA
+miami.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . 1ENSG+4ccJ5YP88VZZZKKQ+rrL4P64ynC7IrW5rxfahMYAXbN4sdeb/kFpP74WXgMeILHK/cfXlguDklpNaIC3/1B5RnaVvhRMSsGGL1OWzVkrXaat/7OIPmYHq3XVolYH6NkFZ72PJtxnUqPuGa5eO86xKw9SUJ0rVd2U4mnS1qXlyrgyTtgwGiCYAEk8VwXG4yDw8bI5va1zRMC4FSh7bQE2nlq7jga6g0ZePv7IAEqYnKNoCHn7b2Y4NQhQBYFmqSfCUS8Ujbnc5KRyJO5XrBPgq8IDrpz3nszNgWNFis5eKbCwF1Tk7rDNKnQ1tMlTFWdAUD1pUzLO8H1At5OQ==
+miami.			86400	IN	NSEC	microsoft. NS DS RRSIG NSEC
+miami.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . TUs5O7vxucwwVTh2XE/u5mbhNzmT7gdyYqOlAECKCVGJWzHP0xv9OnNGbYnr4pH7JM7V74BqRo1NWvIwf6HrnYpThJTJrqO9NcjK2mSlplLxm8JkmsFm51F1LK4It/eULeUr925FRA4Zc0m53GoVxUdh9cESkIfQdfo8lxT5kvBGkatNbx9OLWQi3/ZV2JWfugANbfvuTECtB0iV3yVT1n3HiE/mKI8LsE6/xPJe4/tTT8kq7tZHUkOlUM0JhqwrDuMDmfI+CSLlOegCHBbYHfxmaO4/APx8FCxvZMeP+ULahk51ilj3LgJNs8M5wkaO5IJQi9MWMxwxovLeSKVgmQ==
+a.nic.miami.		172800	IN	A	37.209.192.10
+a.nic.miami.		172800	IN	AAAA	2001:dcd:1:0:0:0:0:10
+b.nic.miami.		172800	IN	A	37.209.194.10
+b.nic.miami.		172800	IN	AAAA	2001:dcd:2:0:0:0:0:10
+c.nic.miami.		172800	IN	A	37.209.196.10
+c.nic.miami.		172800	IN	AAAA	2001:dcd:3:0:0:0:0:10
+x.nic.miami.		172800	IN	A	156.154.172.82
+x.nic.miami.		172800	IN	AAAA	2610:a1:1074:0:0:0:1:82
+y.nic.miami.		172800	IN	A	156.154.173.82
+y.nic.miami.		172800	IN	AAAA	2610:a1:1075:0:0:0:1:82
+z.nic.miami.		172800	IN	A	156.154.174.82
+z.nic.miami.		172800	IN	AAAA	2610:a1:1076:0:0:0:1:82
+microsoft.		172800	IN	NS	dns1.nominetdns.uk.
+microsoft.		172800	IN	NS	dns2.nominetdns.uk.
+microsoft.		172800	IN	NS	dns3.nominetdns.uk.
+microsoft.		172800	IN	NS	dns4.nominetdns.uk.
+microsoft.		172800	IN	NS	dnsa.nominetdns.uk.
+microsoft.		172800	IN	NS	dnsb.nominetdns.uk.
+microsoft.		172800	IN	NS	dnsc.nominetdns.uk.
+microsoft.		172800	IN	NS	dnsd.nominetdns.uk.
+microsoft.		86400	IN	DS	35775 8 2 75B42B6862AC3B32FC471D044DE968DF0D3E9A2B6D4EAD5ADDBA4ED42FEF185A
+microsoft.		86400	IN	DS	55012 8 2 6124FC6575FD96E99E526B792F5637653C25DC4E1E2C034C7A23FE2E2DA94ACF
+microsoft.		86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . 0d5uhtKUppmTXbsKQq7/8cIsspFh3Wl7O5EBu2RwrQ8nPlBcRJTw/lSecNry9O042oEAF5CnlCGE3p2wuO/njFIcC/G+vbe8Tl+RWfslVBHfOgB342QcfXclCuJ3O3fgf9Hbn+P/S1AND+P22kMkReFWVyb8K8N2/2YbFh0CP6HPKK9ViPASfUXVe8Cz7TRqkc3GpDD1xD+g+D1uyVf7zsnnhWWy6YTzJMXK4lMK1V2SMBwT3szD2GshWRIbC65iLhDNUzWhL3nJjkheZiNb/zGgZzyQN8ZVzJbRHY/lxX4jhoM1S/NXmKE/m7dWumeUwOhl13zJGb8tG3EUTw5LIw==
+microsoft.		86400	IN	NSEC	mil. NS DS RRSIG NSEC
+microsoft.		86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . E3rfHlQBwH3J+ymrxmNGHNtFN9Z/bi26dX+3SNACf9txirlJxYiLGlYmWviZeejgl5SRj9Zd6LlctAWyCjT8ilynV2uzyew2BIvILzOy/jkqLctTS6XbZwjFHByUhMrW7zM7JUBReDPRx7FAGlZPXelcLslgehiu+DuNMK47YuASLqPLl0j0eMnM/HsGWeyiSoTKSWJXB9pmTvcYuL0mYk5CCJzhR7XBbmxhVEc+27npzL4fy556uEem7fA1xxff9yPVZP0HAm8lYN/nG1F7jmwr0sgDgg5ipe8N2uogRkZQXF2NBGDrpmCtX0IeKluy3rpx8KlG960zgVdSx4vcJw==
+mil.			172800	IN	NS	con1.nipr.mil.
+mil.			172800	IN	NS	con2.nipr.mil.
+mil.			172800	IN	NS	eur1.nipr.mil.
+mil.			172800	IN	NS	eur2.nipr.mil.
+mil.			172800	IN	NS	pac1.nipr.mil.
+mil.			172800	IN	NS	pac2.nipr.mil.
+mil.			86400	IN	DS	16801 8 2 49013E5D5ED406C25C5A3E7F67C756E34C925342A34BD64D7427536C366DF99A
+mil.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . hMgDaiNQ4ZUpL6Aw2rmZvspfyfRghiU8u96trHNQOz0BT+UdRXJWGQty0XxguUmTypRDkqgb+g/4tdaf03Oh8YuQIQnBFXwfq6H3M24FwnAQNH4Lj/l6E7aCha1cVjHWXSq17g2FkDvZPS9vthyrd62rMMdkCtJH8Dq6i/6Os1U3x3zD7gafD/aWn8QYnfyLZGgAN1RyMaVgZ11ANvHSPiyVuCbuTtDgdW4dKqAUE1/C6sxKaa7CevHynJ+GBzBmBlrD4YDGoID2LfWjrYj4mGLU9jJnt5Yiwd2euF/zxYL0H0mTm8tWLNzJUb9wenTc74qPnLbsX9recMZNO2C3IQ==
+mil.			86400	IN	NSEC	mini. NS DS RRSIG NSEC
+mil.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . RS32r/9u+Z67eIFWx6qZDtjGM8CRmUVXe1mNmD4e0y9OVNsf0TjFGj3K3lLdsG+E9zuPkb21ZlJhuI4m7zLqdkEBkUAbnBXRLFOYMtrppAXcZTANL2KFBwxBJJ6C+QlkYPlS9rh3+hTkrqK9I4LHMUHjNeeljOn6J+qF2nxXFmwjJNn+oZ5lWOx6qU2gaBcr2weUSserSpn676whlRGpmEXhS0nvs0ZVmjn6u6vX0ydNDJuZjBkCjCV1l3ZmF4X2cCfekPj70E7LrOHhHEdEVwrFJet5t95pMhwU4lNyHPSmwNH7hPfOk5FVlW0E8rHDDb36VVC5n7RRQPwz+HRiBw==
+con1.nipr.mil.		172800	IN	A	199.252.157.234
+con1.nipr.mil.		172800	IN	AAAA	2608:140:c:157:0:0:0:234
+con2.nipr.mil.		172800	IN	A	199.252.162.234
+con2.nipr.mil.		172800	IN	AAAA	2608:120:c:162:0:0:0:234
+eur1.nipr.mil.		172800	IN	A	199.252.154.234
+eur1.nipr.mil.		172800	IN	AAAA	2608:4122:2:154:0:0:0:234
+eur2.nipr.mil.		172800	IN	A	199.252.143.234
+eur2.nipr.mil.		172800	IN	AAAA	2608:4163:1:143:0:0:0:234
+pac1.nipr.mil.		172800	IN	A	199.252.180.234
+pac1.nipr.mil.		172800	IN	AAAA	2608:c184:1:180:0:0:0:234
+pac2.nipr.mil.		172800	IN	A	199.252.155.234
+pac2.nipr.mil.		172800	IN	AAAA	2608:c144:1:155:0:0:0:234
+mini.			172800	IN	NS	a.nic.mini.
+mini.			172800	IN	NS	b.nic.mini.
+mini.			172800	IN	NS	c.nic.mini.
+mini.			172800	IN	NS	d.nic.mini.
+mini.			86400	IN	DS	82 8 2 6F84E8B483F6FEFC9832A282EA80D4F30497393B5353CC6854431FA7FCB240F6
+mini.			86400	IN	DS	54260 8 2 0DA865B8E8A60553B90380AEC9DA84A2DE372A2A098EC5F2F6E3502414947F88
+mini.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . tKLCWhaLoa+dzXIg4HZge2lTKUoGBhfbXyXbyvbQfehoVFvuyhInJw3o2g9Pd668vMiwXuHM+icsapPtqrf/Qk/4fZWGt287lSRqfFKYDsxOnoVYave787QHxHrrK1+Fj4F1lFHYyv5JdSRZu2/S8fLAof1LxCzrp34tMYellWvB5XyTL86E5flrshzN8yGWGmEdbkqHRjJUdR3lOegTIXxiWoiLf95rF/MX+6Oo9Gsjn6LAhkCWX2Xh/LRsY4VnI+bVUpHshtZrXmzv+IHxZDszDbcTMulLTCHditB3IIOd/hVH7g2BneZ5gRrmjVCsJUSskQWzkaknFDDYiPo60w==
+mini.			86400	IN	NSEC	mint. NS DS RRSIG NSEC
+mini.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . ugop9PQRGhpGoFOEMJ+AATO2Q9JnJUjewLlaLKq2wyaZ3d3oh2wf87CaKLSn915Npvmz7WcP0juNBRlbAiR5xwkcz5TcCr81E1Kv2Zl6jgnUZzjZAJ16EYyQngLDxAtQqzm8ARMtI26+yAoJDN6FIUwdeXFfEPGWJXlftYBWr0RHa4K3k1HWEujA8vy6EcfigWAX+nO0t4gF2G8J8ed+/mpIN8HwV0L1Bs/kMRi94cMv9idREowIOU4xFAdZu59jDNOKcq6Dy6VDj3TJMIvRyA6W9FC/ETCwX3qhICA+9J+MXO1DUKRpDi1afwgF4mwGCbNzvGem/IaAPNyFrCz0bg==
+a.nic.mini.		172800	IN	A	194.169.218.95
+a.nic.mini.		172800	IN	AAAA	2001:67c:13cc:0:0:0:1:95
+b.nic.mini.		172800	IN	A	185.24.64.95
+b.nic.mini.		172800	IN	AAAA	2a04:2b00:13cc:0:0:0:1:95
+c.nic.mini.		172800	IN	A	212.18.248.95
+c.nic.mini.		172800	IN	AAAA	2a04:2b00:13ee:0:0:0:0:95
+d.nic.mini.		172800	IN	A	212.18.249.95
+d.nic.mini.		172800	IN	AAAA	2a04:2b00:13ff:0:0:0:0:95
+mint.			172800	IN	NS	a.nic.mint.
+mint.			172800	IN	NS	b.nic.mint.
+mint.			172800	IN	NS	c.nic.mint.
+mint.			172800	IN	NS	ns4.dns.nic.mint.
+mint.			172800	IN	NS	ns5.dns.nic.mint.
+mint.			172800	IN	NS	ns6.dns.nic.mint.
+mint.			86400	IN	DS	20665 8 2 61E6470C8593C69E908195DB6D54F96E47BBFD80E61FA706E4263AFC6AC810A6
+mint.			86400	IN	DS	24670 8 2 872536426335AC76542DD46851AE59FDBC13E1F33E8A5C49193FF5A70BDA6FDC
+mint.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . bLw5XdePYya+ewHHqBmr5CN9CGcaUXbGXKN5niF8ZRauR6/rNsOKuKNd2hECIadD+O7P64/kBB4Fuj34jtTY+fmTb5fQYmI5msnLB37pu18OKRrb4JjixuYCLo+YwyGCCIdQNNVAgkpJTOkSmHKbuvVf4pLuzfI4ilccTZE4jEAaiD752bI4fbDLutTejvR2X3f+lSfJvXsyNLLLiG9A3FdzVhpm7FowO1da8RHIP5ymNRDeWljEKGbUZTI5nDK69v9aZws+KeuBuHZmTPKwotoTf3j+JQUucOcNFkD8n0rhJBytjNVoD3e9yb8dvb3F6m2UBErcgE0N+HceXtM7yA==
+mint.			86400	IN	NSEC	mit. NS DS RRSIG NSEC
+mint.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . vyc35KWxWcJ8K9suhwWm1gesCaDXYY/7FFxSgHkAmjdfgpg66Zh628DSPEQ8GVV4SgLAEvSBOt12HhNLD6DfLrSuBuEXz5kjy2dAAtHjoTpPeTpIEt7O2jc/PmOg5tDJClcfYWF6QqR7orcEIoUVOmiW2l6lcqQkROr6w6trkvCvRQKRHM++Fl2ZFYSCcrfXSADafGs1KMaunTDXk3nOVs69NtLeoDXlJsd8Bv8aSzz0xwRH69I0+Xi51GTEUutyFXwKZzAfmTtbw/Z/QnCj4i/VpuxYt9XhHudBO9bpjRU8bxQ3V2J5SltL/6kk8/go0u9cBGd6PnJgKc+EYz0FCw==
+a.nic.mint.		172800	IN	A	37.209.192.9
+a.nic.mint.		172800	IN	AAAA	2001:dcd:1:0:0:0:0:9
+b.nic.mint.		172800	IN	A	37.209.194.9
+b.nic.mint.		172800	IN	AAAA	2001:dcd:2:0:0:0:0:9
+c.nic.mint.		172800	IN	A	37.209.196.9
+c.nic.mint.		172800	IN	AAAA	2001:dcd:3:0:0:0:0:9
+ns4.dns.nic.mint.	172800	IN	A	156.154.156.112
+ns4.dns.nic.mint.	172800	IN	AAAA	2610:a1:1074:0:0:0:0:70
+ns5.dns.nic.mint.	172800	IN	A	156.154.157.112
+ns5.dns.nic.mint.	172800	IN	AAAA	2610:a1:1075:0:0:0:0:70
+ns6.dns.nic.mint.	172800	IN	A	156.154.158.112
+ns6.dns.nic.mint.	172800	IN	AAAA	2610:a1:1076:0:0:0:0:70
+mit.			172800	IN	NS	a0.nic.mit.
+mit.			172800	IN	NS	a2.nic.mit.
+mit.			172800	IN	NS	b0.nic.mit.
+mit.			172800	IN	NS	c0.nic.mit.
+mit.			86400	IN	DS	65212 8 2 321542533579CA11F6FC95AC23ABAE16A4DD112EB3785E98C51A47F5B25D2B9D
+mit.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . x45OUzBWTIMpBetCZuJK8mn0nMAIaGNg9PGNEdciBfoUT/HwBSiUoWAOjwobZqhcZlRijoIQVjhIBRvQxYiVRY7bo99jRs2iavZZxCOcpH8X8wff7FeT5MYgPKblApXoTJ0xvQtyWFAop3lrIq/PE5x8Z54DAprZMB7cNISGe1SbwTFs3tkkt9fYuTxf/slBe3HNDf4JcUhUX/xUethNXb3RsuplVQutEJC0fAaepFv71XsndsF+2J+3jPsBVzUUby0X3tkBwj5uK6V7ZnP4qXJlUfUl9o1AQ5ymI3wZL4E9bnTXTNaxmdq2d7UNCcC+ntctzGdBugIaSiY7WPiDLQ==
+mit.			86400	IN	NSEC	mitsubishi. NS DS RRSIG NSEC
+mit.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . o4h/gn3c472ikabd3c1DyNTlWmbWnuHJ0gDX4YwoXlA3KUaBeQemrAqdEbO22t3DRblQ8fie/aovKXZzhyhf9HNdDEVTZ2jUzC3OYr6DlQ18+2xW64GgRT1NVS6TS5FDFwRcQmKSZq4vAiWcweoVXoqVA88rhj9h1Kl0JSURCns/i+k8TaSdBN366HKhDk0417+3b6Z1tTofBbzIc+9CHtWtwJw2K8ThOgajJgk0ibE9ARH9jTsMhG9MeJT+X5e7UQmsIVdpAZewMg+SYLpXJJEkH4W9kpWtTpzZPo93LGsAlAIdU+7apUdRKc3s6EJvQ7OoJvgpM3iBD0AKTnV7+g==
+a0.nic.mit.		172800	IN	A	65.22.236.17
+a0.nic.mit.		172800	IN	AAAA	2a01:8840:e6:0:0:0:0:17
+a2.nic.mit.		172800	IN	A	65.22.239.17
+a2.nic.mit.		172800	IN	AAAA	2a01:8840:e9:0:0:0:0:17
+b0.nic.mit.		172800	IN	A	65.22.237.17
+b0.nic.mit.		172800	IN	AAAA	2a01:8840:e7:0:0:0:0:17
+c0.nic.mit.		172800	IN	A	65.22.238.17
+c0.nic.mit.		172800	IN	AAAA	2a01:8840:e8:0:0:0:0:17
+mitsubishi.		172800	IN	NS	a.gmoregistry.net.
+mitsubishi.		172800	IN	NS	b.gmoregistry.net.
+mitsubishi.		172800	IN	NS	k.gmoregistry.net.
+mitsubishi.		172800	IN	NS	l.gmoregistry.net.
+mitsubishi.		86400	IN	DS	45959 8 2 1E5BC196FD959FBEFB2CBD681475BE0FF1DE7FBD074B2CE338894EC2B011C0DC
+mitsubishi.		86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . MMDtJpsoTZ/UOwmaeZZYYzP3N8diD+Vk6VDhj+c4bne9vpoesHop1O0RT7hxRqqqcM8L/rE+0CpHEu32DwoZrlRVOwbF2UoLotbQ+GyJDNDhWqH3F8Z7m5WdxnER+n5+2+ctku/z0WKCIlvwT7uYamt2a1xx7JgKvRTbzgJCwDvID832eY44YR0+MUyqegTkHXjBEj/hJC0WG65IHMZ8SnhxOKSN7JTReTcVC+ofAP9cHqkCfo2E08WM4dvq9578O66oez76iwEvNddP1QtjJeTKDnqNLZyjwWGd25MDxJ00QJC0syPd2udSkIoUYxY2drXxsXUs9so1zBvGeCoW1A==
+mitsubishi.		86400	IN	NSEC	mk. NS DS RRSIG NSEC
+mitsubishi.		86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . x4IpE7SIEkTAzPV7v1Hw/BGg6nI6mMoqAOw25SIUU8dJ0sYu2ehnE9jg4DF/NS7At79CBJYIgH3pO0zrInM/xlhInB1Thice4O6PUz2i/u2cpxuh5aO8v/p68aBWuGGZwFDebzpWxjXTL8IPlww9pwUJ2EnIX/OoLJmVOqW6LvP0t7MyiSiVDOS3C7+mwfsTXZPHOhmRGaJf2KqYkFYFp7PJ0Bkhr5zTV9vEwoIookV5dBgqgrwfvV8AIe6YRJppPKynFjUcfImKuRFexMsxIC8jLj42Q2Lag/bD7aY6b5XRi9p+hG98frIE6CoW5rv+2jPGQ37qdx7APDB/Kss2AA==
+mk.			172800	IN	NS	d.ext.nic.cz.
+mk.			172800	IN	NS	ns2.arnes.si.
+mk.			172800	IN	NS	tld1.marnet.mk.
+mk.			172800	IN	NS	dns-mk.univie.ac.at.
+mk.			86400	IN	NSEC	ml. NS RRSIG NSEC
+mk.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . zA5SAr7QW4tn2Wy9lXMvQ6hqkZ0ZkJUuTK4jv6u76Dh3QjoADzCj+ce+Z6G9Q9dkcJ57HEmYCy6NmH1+7mJ/+LZ3cJt9GK5FFxg+rqa8e7ryiNLXu6FCEFoMYQFzZr+fcgpQ34256ndWkU+lSlBmSETBIVP0L9rQJadABsUb4F/n7858xxG7tvdUeIm8bApkDvUPjT6QVFX0J+blHjgyGeDjB7Mp6tXvJnstGHE9MWhUaoKRWuzzLMVEyIg6L8q0gI1Rd66NV+k94koljk8DDqxPtsyONKke3QzS81OhM9WDJPD8qZzPG+RMj3s9xd/gqiKtpbWsQVlAVQn+uOr70A==
+tld1.marnet.mk.		172800	IN	A	194.149.137.168
+ml.			172800	IN	NS	a.nic.ml.
+ml.			172800	IN	NS	b.nic.ml.
+ml.			172800	IN	NS	c.nic.ml.
+ml.			172800	IN	NS	d.nic.ml.
+ml.			86400	IN	NSEC	mlb. NS RRSIG NSEC
+ml.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . OSMtmqVXM0FVw082Y0kvI0Hl5KbSH8QQzNKvvO1AB6Hdu45KGJNwQWh/P4pPulknvPMiQwhf4w/NqvDZRTzukeg88dP8ViD1hS/aJ3BAnUSGEI6a73eV1EHMZS4U6WF4RR0X9fmJz0BWBf1S/FbVWd8kXReoOgkwoNevBmTrGQV6QfYMga5aPskjCHtKCMGRUG9OzArKDv3ei2QtLJCr3zk1noI+HXjENhkul7FYffYk8EuCNv8nUUqDhEmMeIX2lAtkBU1KDGtFU6rpp5I+hnjFJOCYFd0Ef46HkMoUAA7UZMjM/kTDJaGcKDzb5tm4T/WnYxE+mm8at5HPIO/iow==
+a.nic.ml.		172800	IN	A	196.10.220.136
+b.nic.ml.		172800	IN	A	165.90.218.166
+b.nic.ml.		172800	IN	AAAA	2c0f:f900:2:3:0:0:0:2
+c.nic.ml.		172800	IN	A	204.61.216.144
+c.nic.ml.		172800	IN	AAAA	2001:500:14:6144:ad:0:0:1
+d.nic.ml.		172800	IN	A	196.216.168.37
+d.nic.ml.		172800	IN	AAAA	2001:43f8:120:0:0:0:0:37
+mlb.			172800	IN	NS	a.nic.mlb.
+mlb.			172800	IN	NS	b.nic.mlb.
+mlb.			172800	IN	NS	c.nic.mlb.
+mlb.			172800	IN	NS	ns1.dns.nic.mlb.
+mlb.			172800	IN	NS	ns2.dns.nic.mlb.
+mlb.			172800	IN	NS	ns3.dns.nic.mlb.
+mlb.			86400	IN	DS	4324 8 2 88B16B31916A70182F0809393AA481AF43C61350734E0D1E8107EA8CF2348B83
+mlb.			86400	IN	DS	8650 8 2 218D67DC41C6696C577288447524E3588673894AC178AB6EC2D0F3C1FDA09A9E
+mlb.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . XS7QADMtfIB5GDWShHimw7sjpffCB3kdU+yGZBgM5eywJzZJdUsN4koQ9R/D0eAOLw3WsMl/nI+esLysuuKrhpiKVuMcXkwPydmyaV35KsLjgOiI7PWnBv38J+JdD1k3r1FZBfd73NNo37HWg3w2qU9qnhBCm6nQEhxC7knCHjDTT6HR3D8o+xCR1QxVlT3AlySy8SX9lpXBu5xDah3uct+VNTywu8jXNe4y1F7Qty/D7IgCsGrAiXicSjbKncGhxdsy+kGOIoQOfG4gXO/0o5LAeExjk04GgvQBguKdWKhZ1QFzCnmgG7WeUqWP9ETuMuMxG0AyVHU4Mz5EDD81vg==
+mlb.			86400	IN	NSEC	mls. NS DS RRSIG NSEC
+mlb.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . x4cWF5wVMqQXcsAoTQKQbpsU0OBS5F51yPiS5P7tz77SVkpSJg4YQBpScUZ5d0DhV61n5hvcEAP57c5VFfaVswA3Utc/O78sRNAiHIRxjvSWOWNTPYW5ERft1jTHxwYUZIUqFAWQ1BOliym0iY2b1qhk6tekKx9kk0olwMOO5ET/UOGbzT0gHwmd8gTeUpQ2mZSXjjyi2UyX7Epz3jEsB/ww8CzenrgzBofWO2w14zH9HEb1POzQVAq5tUU1p4/BhFTE6Dy/70ocQxd+kZMKckEKx/5gYFWLMMHHq1AEMYYrtgh6UEOnHpriVKPMNqJL8U5TxV7ujcqeMqx6r79brQ==
+a.nic.mlb.		172800	IN	A	37.209.192.9
+a.nic.mlb.		172800	IN	AAAA	2001:dcd:1:0:0:0:0:9
+b.nic.mlb.		172800	IN	A	37.209.194.9
+b.nic.mlb.		172800	IN	AAAA	2001:dcd:2:0:0:0:0:9
+c.nic.mlb.		172800	IN	A	37.209.196.9
+c.nic.mlb.		172800	IN	AAAA	2001:dcd:3:0:0:0:0:9
+ns1.dns.nic.mlb.	172800	IN	A	156.154.144.113
+ns1.dns.nic.mlb.	172800	IN	AAAA	2610:a1:1071:0:0:0:0:71
+ns2.dns.nic.mlb.	172800	IN	A	156.154.145.113
+ns2.dns.nic.mlb.	172800	IN	AAAA	2610:a1:1072:0:0:0:0:71
+ns3.dns.nic.mlb.	172800	IN	A	156.154.159.113
+ns3.dns.nic.mlb.	172800	IN	AAAA	2610:a1:1073:0:0:0:0:71
+mls.			172800	IN	NS	a.ns.nic.mls.
+mls.			172800	IN	NS	b.ns.nic.mls.
+mls.			86400	IN	DS	2629 8 2 1F831BF4F17CA7B3636EB20249ABE2BC58FE071B0F6E8869EC904C8DD8A48CB8
+mls.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . whL0L8QDV2CXrmMR0IAtEo0xhYo6XWlCj5CboxURkSaChZ8Mnw6V1SYN0gRNqizMR8wFYFkv8Rd1/0BnNbs/d78OWXQLJ0xoDMdTna5Cc5oCPUZsNxRr/Y8iLFGKdA7zqDaE30qfXsvYtITi6LX9mjWAHx4xtaMz9GYVfCdqCsvsktnOCoATOIPVTwQ6i8uatPdbqIUZ8QGiCuNqU9uFnx4CeKfWTOrkZFnwlQqAuiwPr+eUyRfWDd2AEivL6/sh9bmwV0ZpOcnZJHNacojhRnMRMfSohHt7D09bekWwfBcyg1lsO7ggbDTojnX1ScGimjx1+0Kxf8QXqzqGMh9pqQ==
+mls.			86400	IN	NSEC	mm. NS DS RRSIG NSEC
+mls.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . XAYbm+rKE6YsKA84sYlClSFrKB95VtLNTSSI2I0mCIEVHcBEazVKDJX4hKHTu+GXdILrS2AkBZXiHEss0LJA2oMLQLSc5utVyUmPDJgcbBjFCnM0hwklF+9xEkTMnHIMjzPeA/FvABd0zSf+1yCUz8AYML0QcXT4VRku06efmwwrg4ymgOMSxHaikGj5jzScKmj/rg/P9pRzBxybRbyrGW/KWxcX/2CIsYbdBDlAbqCsABO8GaQ+xNOB2sWi5Ty++NANIexfMMsj+wgIhm10tADsH7gvaFz23QmK6Kn/bW/g+x9a6CJ3uRe8XX4b5D4VVKLwSuMsIzhX6MNSWL+7og==
+a.ns.nic.mls.		172800	IN	A	185.159.197.8
+a.ns.nic.mls.		172800	IN	AAAA	2620:10a:80aa:0:0:0:0:8
+b.ns.nic.mls.		172800	IN	A	185.159.198.8
+b.ns.nic.mls.		172800	IN	AAAA	2620:10a:80ab:0:0:0:0:8
+mm.			172800	IN	NS	a.nic.net.mm.
+mm.			172800	IN	NS	b.nic.net.mm.
+mm.			172800	IN	NS	c.nic.net.mm.
+mm.			172800	IN	NS	d.nic.net.mm.
+mm.			172800	IN	NS	ptd.net.mm.
+mm.			86400	IN	DS	18589 8 2 0A66403DA2CEB4C3960750739074D5CA799334B45C85E3FEDD7838E01A2435D8
+mm.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . rKT9OkBKiU74CASVdVIRFn3UaVcQ7xTRnYg046SSE72NCfG5WspfpWDqUwjAGR14eC9PCwXSHyAuqSRgAYprHI7PIWCAxtfJJEO859c+UBeTUWGraiEitifyjeCErVu0OEUs3TO1SU9tXxdMBXU8K91lQPotyOymvsPCMMuQCnKaqurpcNRjqAx23eB+Sxfj8jvos4WqtH3cYwQWfdvKZdhlXVkgQRerG48vahafxudjeQ6mDfxCNXzliijo4sDVchdUe1mY/VeUQYiJem1MlEzA/akPe49qt6yys17ElJ3MP3Zg5WRzN2NcJ1TZdR4l8FBGDus8nor5Rq2gG3UugA==
+mm.			86400	IN	NSEC	mma. NS DS RRSIG NSEC
+mm.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . Kbc8+6a81sn15tVViqkTSvMD2jf4cBvwZhhOH97andLkTuQG/u8GheoXRkzBjuFlTaHJc70LA3qyWMWvcICcw7hzMHeKgCY0kVJ6tu4Zy7jrBLDtyW1mAWwWKzcU+y3A6yJigRQaaSPUZvXb0u1BgTmlbgyZ4N8sqvbbXutElJyOvCSo7VKEycXo+nvmfBjj4jU84Wvolg/5td8pVrNtHArJjXVdBzNZqj+7bBiCaZ3Xb6inBhyvwu5IoHRjM87i/exePgVpI7xCWJvXfFs0CouS1ZtMZfexncvKT5422KSr+8slJh/HMTOg5Z7s9qjxqQkagrf39PtZKsbOGDbgtw==
+a.nic.net.mm.		172800	IN	A	37.209.192.4
+b.nic.net.mm.		172800	IN	A	37.209.194.4
+c.nic.net.mm.		172800	IN	A	37.209.196.4
+d.nic.net.mm.		172800	IN	A	37.209.198.4
+ptd.net.mm.		172800	IN	A	103.103.173.9
+mma.			172800	IN	NS	d.nic.fr.
+mma.			172800	IN	NS	f.ext.nic.fr.
+mma.			172800	IN	NS	g.ext.nic.fr.
+mma.			86400	IN	DS	59534 13 2 25455417C20C22D815E00232DEFB2FC78E7B728600C91AADB21F8703EA1C314B
+mma.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . pODSQx4K2m2i1LCX2iNezKz73HMJNFjGm9BzCze+FWd+nEdy2Sa5x3f5DZ3ABBHRaUYiPnUft14t6nTRkUvdVNxrtV32jF1I8MyzewDIoroklUzm6XHMACirdyCw8OBWxKYbtphWpve69eK14/wpKiVVOabkp2hnmbRfj1P+LTR2A2Ku5EUbyBN38zQF7tcdIQ3oLKRD2REmcxNT3AGTl0JIJUdCNkN1rO1hiO3+Uevhw98gsMxiVFm7D9UQmYFZOiXcENkT/fVAPVax8ySTHS2VQMMvXO4cN24gYm8W8NQ4aaoqgodQx09OT83N+/gU3wqKqF0V76ch40LQz2zX3w==
+mma.			86400	IN	NSEC	mn. NS DS RRSIG NSEC
+mma.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . RTX7gBIvYpGmtKF6BCT3VSUBQ2P4JLug3lek6eJER7Ka37SGZW2/qYNLW2xMc0YOY7csu4OdHW7wvz/EfSILYZGT+zYeyo1FvunAp8OIfheSmeuRCmha0KYSK9tMkFhXSS7a9dnxWmwyZmrlpwCL/lGPEPFTwOPT1zz16v2bDRh9ISXbWiYchsp2zMbDSManTNAKJ1qmTszgUCEaO11f079IB6Z9gXrY0l7QYSXD5jmaH3ce96yiPf8vWCl4YWtEmtTNGl+8CWBXe+RfqQRGF6xpqbdYlHSZ7gbf1C/LSMBF2pB1dqRtYP/vxbNv+akeHlHymmyegYaRB6UGuFlGZA==
+mn.			172800	IN	NS	a0.cctld.afilias-nst.info.
+mn.			172800	IN	NS	a2.cctld.afilias-nst.info.
+mn.			172800	IN	NS	b0.cctld.afilias-nst.org.
+mn.			172800	IN	NS	b2.cctld.afilias-nst.org.
+mn.			172800	IN	NS	c0.cctld.afilias-nst.info.
+mn.			172800	IN	NS	d0.cctld.afilias-nst.org.
+mn.			172800	IN	NS	ns1.magic.mn.
+mn.			172800	IN	NS	ns2.magic.mn.
+mn.			172800	IN	NS	ns3.magic.mn.
+mn.			172800	IN	NS	ns4.magic.mn.
+mn.			86400	IN	DS	22489 8 2 C069CD3E147E1F008FD2394A7112509C96D26094F876E48E56192779E1C47BA6
+mn.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . 0p7+Sq4Z+gcNu0zDd5xC4i92d4nNDMiOGnpB1NAJKNFL6fGo0rtPEHBSF6OuZY0nYBieZhg5rX+dljuVTddYRX0otAd5TmHMCxWFXwn1W0/Fxr9wlw3vk3MSwKYC8K7/guoLYL6wj8jntnoM3gGhryiqK1bXg+k86nT1HyGDzHo6B5EyWAKMkUiOXnJBzf9ZKxu03foebZ4AV/t/ij47ZvjVKDdEpvxsmETuR30hYQDxAVVXwlkF6DiJY3CejNTaWsX6SZGaAcb4I0PZ4DtClMl2LhwnZl6G/R0Uf9uTg5Qto3DOm81ojHkAlTDdmzmYYAWYvM+HtdOVZ+eUToVeug==
+mn.			86400	IN	NSEC	mo. NS DS RRSIG NSEC
+mn.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . Jv0zugkobIBzhF1aIIc85v3xGf+FFfb8D/PR+2avxly/9c3TN4cEzGPLEB3PxzcrB9hpqSqULAWHSfhMmSD+n8H65lhGa7wOTSdK/nJbCVuadcr6eryA1Zc9Q59+hjOb7VKCVfV2vcNUlkr089nz47zXDQADygLJvEA4hiVVU0T3gqrb6/8X/sceQtKM+B29mDuikZuD0OFtDul4rqBcJnzms2fAvPARyjayLYgYypBEVVLOi+7cryRO78IzkxMVhy+4TgOkDzR/rSWp+LVqH2eK4wXE+pGIO2IR5VQCo6NrESnQtXHENgsGL1N7Wj71J53AfelVkda/+/MAV3aK+w==
+ns1.idn.mn.		172800	IN	A	218.100.84.27
+ns2.idn.mn.		172800	IN	A	202.170.80.40
+ns3.idn.mn.		172800	IN	A	180.149.98.78
+ns1.magic.mn.		172800	IN	A	202.131.0.10
+ns2.magic.mn.		172800	IN	A	202.72.241.5
+ns3.magic.mn.		172800	IN	A	202.131.224.80
+ns4.magic.mn.		172800	IN	A	218.100.84.26
+mo.			172800	IN	NS	a.monic.mo.
+mo.			172800	IN	NS	b.monic.mo.
+mo.			172800	IN	NS	c.monic.mo.
+mo.			172800	IN	NS	d.monic.mo.
+mo.			172800	IN	NS	e.monic.mo.
+mo.			172800	IN	NS	ns2.cuhk.edu.hk.
+mo.			172800	IN	NS	ns17.cdns.net.
+mo.			86400	IN	NSEC	mobi. NS RRSIG NSEC
+mo.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . gzwdOKiPWhfMmWeMIRnke57G7flDG3mOVQ41eq+EQ3J6WWEVyOm+2MwTLz5xNgq2/vA9uuYhUPWQSOAGEodW/h8FLxb3N1T8pabqjrXJtWrhZ/z7pVimLSjKXWLKsQZVYYkEIPyW6mqoqUxmDcPdLhD6jURpaAhJq6I2F1JZEHdgjOk+8vvLNSM4hNZQzhYMzM/gC6OkATU5/SOzjHKWuJqc/Lz8viR86hpJyybi6SfRFFazFA+O30z5Pb6b49PjDtO2jvzcqFBVOe7cxWjhQmzRnMSF8iWXdQet4ZY3xkWd7wKeqqlJQ78NymL11OaYkbU6w2YiJgqPiQHrJcc7IA==
+a.monic.mo.		172800	IN	A	202.175.87.47
+a.monic.mo.		172800	IN	AAAA	2001:f90:2:8:0:0:0:2
+b.monic.mo.		172800	IN	A	202.175.87.48
+b.monic.mo.		172800	IN	AAAA	2001:f90:2:8:0:0:0:3
+c.monic.mo.		172800	IN	A	202.175.87.49
+c.monic.mo.		172800	IN	AAAA	2001:f90:2:8:0:0:0:4
+d.monic.mo.		172800	IN	A	202.175.51.115
+d.monic.mo.		172800	IN	AAAA	2001:f90:8:0:0:0:0:2
+e.monic.mo.		172800	IN	A	202.175.51.116
+e.monic.mo.		172800	IN	AAAA	2001:f90:8:0:0:0:0:3
+mobi.			172800	IN	NS	a0.mobi.afilias-nst.info.
+mobi.			172800	IN	NS	a2.mobi.afilias-nst.info.
+mobi.			172800	IN	NS	b0.mobi.afilias-nst.org.
+mobi.			172800	IN	NS	b2.mobi.afilias-nst.org.
+mobi.			172800	IN	NS	c0.mobi.afilias-nst.info.
+mobi.			172800	IN	NS	d0.mobi.afilias-nst.org.
+mobi.			86400	IN	DS	56191 8 2 016C0D8022BEF2CABB827CE75DABD8FD24CD0160AC277A95ECD5E79B1A95592C
+mobi.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . MIBtVCXnyiEm3dBv5KdOsn/eZQQsjVuwdDc5ppEnz5HhHR3c2/tGG8WjciwzvlqBSAtQXeHRQrWuvirmUyY8grwjWk77PTOdJGfBmF5jI1+ytpThbJPUBYAeH/NZs+xxFEAOyGtlrQ/Q/7TaiPIhzuCDp8kvA3+iQ35p0/z3Np0vC4ytzM0//JGsrQC9vfVtlA871zNEvz7vKEzYVNGG1Hwj5cXrskhEuzkDnb7LcAh8ZQWNLnK9OGVmesHI13vMLkyUvoNzvveLWrzNEOtBEpFFqjix2eFbIqukQawt/SoRS/0mJlu6+DyHpSWtQ13sOky6pOGOjH69X8jh5TGpNw==
+mobi.			86400	IN	NSEC	mobile. NS DS RRSIG NSEC
+mobi.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . jwDsBLCDneoR2VvkcJs23ACk8DrVzLeTb52SAdW4Ymv3y4R+4XBRoYdYwLq1v2vafVCYwPp1PaVQW+6yki0wZwFXNOdWJv2wwDiKFks3Ta2c4jqAtPxyoOBrZsillu7tFSeZs/DcRep9G3UIMhrT09cAOTjCgHuYCsUi+aAzUKyJv0Z9fNiG3lC5Vd0KZ5cFKnMGQjwHwnmHPkK93MgTK5oGpU1pXly7V3gcajbhbheD2uhzuAGDoegzDekvqt05YuzY9pkQo2RlhCtR0h5OOdtnLpFhSR1VgaG65C4oM8S00zlSWqwpMGlMfzzTy+0bof14BoGH7mfDwmv/vw5OYQ==
+mobile.			172800	IN	NS	a0.nic.mobile.
+mobile.			172800	IN	NS	a2.nic.mobile.
+mobile.			172800	IN	NS	b0.nic.mobile.
+mobile.			172800	IN	NS	c0.nic.mobile.
+mobile.			86400	IN	DS	85 8 2 7E9719C718C3954D6F5D3C8967B1424F663AC3FF24D49BA6C26A52EBCD2C3B0F
+mobile.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . QVr423m6Dj+rqT8hUW6L+wER7IMic358ieWxHy2JW47F6pCvUgVk2WycvOzXAv7AobCSKITqnNU2zSt1YI4OML/1bfC9vG+ubQW+qF0YuBe3ey+kWh/l7j/sVS9sjMFUQlY7HgVIq+zxr03b62u+WIF3x5WUb2vsIxxPRX8rDJmcW11FjDp4HWey3kW8ziH2FNSF0+EDwUIvg9YtJelEx+BFIupOr+jg+pPB7WsjvIEvHeHdZ2HpLDvy0dTxaMwDaks3vYlXMrDXlcuj7oo+BXZBQJ+xYcGkH04w9cMeiPVMBi2PVYmuJVSJBEr+rBsTydF+BIv8Gc3wvmKloqiY6A==
+mobile.			86400	IN	NSEC	moda. NS DS RRSIG NSEC
+mobile.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . oIacmI0PEN3Y3dyIWASjoYBZ5eIfHhnd7j6+aiXL0Y0Mxsh3CrcahtfWDJVBK1dWokkUUDb2hbfKMTbBTcROCBxFFMPumab9VN3Kdt3dj3YBO4/Qozw8KC2q9BUBeLh2I6nwBhE9onPhH8MAd5sjdyC+BQIWueFS38OWP51z90ETMnfLF+sx2IsAvYFlekNaVstxo6J+R5+npjYSjXKPOfTrZ3nTVmABWlAZWckJV1mNf/EvtrLJvpLPLXdZOQVh+mFlbxrgFGB4pBWEtXL/Z/UEHXV4ACCU/czrOfaLdJEQHJjDXz3awoGto4uYwc030MekFAUs3IV5xginTi8cyA==
+a0.nic.mobile.		172800	IN	A	65.22.96.9
+a0.nic.mobile.		172800	IN	AAAA	2a01:8840:5e:0:0:0:0:9
+a2.nic.mobile.		172800	IN	A	65.22.99.9
+a2.nic.mobile.		172800	IN	AAAA	2a01:8840:61:0:0:0:0:9
+b0.nic.mobile.		172800	IN	A	65.22.97.9
+b0.nic.mobile.		172800	IN	AAAA	2a01:8840:5f:0:0:0:0:9
+c0.nic.mobile.		172800	IN	A	65.22.98.9
+c0.nic.mobile.		172800	IN	AAAA	2a01:8840:60:0:0:0:0:9
+moda.			172800	IN	NS	v0n0.nic.moda.
+moda.			172800	IN	NS	v0n1.nic.moda.
+moda.			172800	IN	NS	v0n2.nic.moda.
+moda.			172800	IN	NS	v0n3.nic.moda.
+moda.			172800	IN	NS	v2n0.nic.moda.
+moda.			172800	IN	NS	v2n1.nic.moda.
+moda.			86400	IN	DS	60925 8 2 D9124BBC4096E70B4AAB2A0328750836243BB8FF45FB0AA3000239E83D5DA1CD
+moda.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . p4Tdq+jOsiD5fNhbiWRIYQBZnQVX5q3fuXNFHdeX3Fo+mFlqjUV1pUKnbKyTNuYon+Yaq6C1n2/u2s7O+s85p+LGP3cKvbNOKZLNDQvSa60jyTutngZh14Tfh+VAULiBzgR+LSKBQtj+8wE7UBJfAW6wAZE39m0fYFrwSSG4FWITlLxmptsHTpkzN4jo2CkbgEyJIEvNNJvRYKCJ5JwNfz4H095GLH+2Jyfd2q4IyPkYH4eph7BEf+8g17/hJwQemyu/OMzKuPYIRhhOPmXUyVWxpQu280Lea14gnMC0Jp9RBJbuCotN5Vjgcst+YA7LR+xfLHB3jQP+HJ/6Vxvx5Q==
+moda.			86400	IN	NSEC	moe. NS DS RRSIG NSEC
+moda.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . xkyuoqwHXD+r7d6RSymuZtf/DUzGd4yl0k8VpKEE3Q7QDKNgg/PgPyvHimZX+Zvku535uCzxUaqrqqwiQay7lc0Qel2//PdW5zCF2U/0dvMNt9vrkWWyk2f+PQlfpSTvOmOWOkgX1C7T2e7jBs/CKStpQZ2n60GfDtFQi02enIsdBehJNVR4rmQh51Nf3hHdDpChFQv4sUeIDJ3vrX/lMqnhgG0Ah15pN4FXjf6fp78pnDnZny5jPVYBusojGJP8Kcj8trSXOiB67rljQ0lRf2T/4EgjaZ8heNPd8CEqOI1u4D1Q0/RUpIQmcQc4COI9kUJnSWPNk82qZXExwkXyaw==
+v0n0.nic.moda.		172800	IN	A	65.22.20.28
+v0n0.nic.moda.		172800	IN	AAAA	2a01:8840:16:0:0:0:0:28
+v0n1.nic.moda.		172800	IN	A	65.22.21.28
+v0n1.nic.moda.		172800	IN	AAAA	2a01:8840:17:0:0:0:0:28
+v0n2.nic.moda.		172800	IN	A	65.22.22.28
+v0n2.nic.moda.		172800	IN	AAAA	2a01:8840:18:0:0:0:0:28
+v0n3.nic.moda.		172800	IN	A	161.232.10.28
+v0n3.nic.moda.		172800	IN	AAAA	2a01:8840:f4:0:0:0:0:28
+v2n0.nic.moda.		172800	IN	A	65.22.23.28
+v2n0.nic.moda.		172800	IN	AAAA	2a01:8840:19:0:0:0:0:28
+v2n1.nic.moda.		172800	IN	A	161.232.11.28
+v2n1.nic.moda.		172800	IN	AAAA	2a01:8840:f5:0:0:0:0:28
+moe.			172800	IN	NS	a.nic.moe.
+moe.			172800	IN	NS	b.nic.moe.
+moe.			172800	IN	NS	c.nic.moe.
+moe.			172800	IN	NS	ns1.dns.nic.moe.
+moe.			172800	IN	NS	ns2.dns.nic.moe.
+moe.			172800	IN	NS	ns3.dns.nic.moe.
+moe.			86400	IN	DS	8980 8 2 0107DD039F8BD0049A6803271A15D71793A5234EEF881013701E481774A8BA19
+moe.			86400	IN	DS	32761 8 2 EA6DE3F9A962AB77BB96DAF62BEC88D0F580FC31799EC36FF7DA697DE8535AF6
+moe.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . mkCaTbuKjBx3OSk9c+kcS8pBr2bRFmFmP0EhKmor9raFxkd9yTdAbBBJLXWJU2vPHUG2IRuVPvgq6c2MrcbdaPSk33+SgTK58dJbhCe4pcjAZ7resrCkyTkEfZZ2NkHnJ9DD0MQG5SzqyoSTbA6c7RgzZU4PZ+H/H2mj/Lrb1FVTbB6hBnv0Zr48f6Ch8EsEQ0w05rKVjmKAZV4jpahqtcKpbTHi/OBpnLIl7H7YYb1vjNryO5T5gs9kxGuE+S69IL/luEh5HvSnOFNUqHPMrHY4HknOalZnhW/PaiEr5Q6R5a5XFfT/5lvlDuqg5KWczy7UfTQWjWYr3ed6IV1Biw==
+moe.			86400	IN	NSEC	moi. NS DS RRSIG NSEC
+moe.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . WrsBevCFw/6SrJkP5XkMKkIppHCbCvqG0ZIqTI7PD/ctNJkjEXvqqpPgghrrMcbht2rhrJmH5N+77NZmxwyJcrq+hCIijrbJyfILUozs3+CwPVLcaed0SfVQIQiSZafEEuxM6dgsV888tmZlR91a2k+vV03wGsQNr+jxPFvWAANzDpT9TI957Gipg4BKZdW/Qezqt7TMrRQmx9szBTGpmP34RL/9fHXOe+yoQVzWVKWRu05bZVz9EhRJ7UOeHob/Z3yLbh2fqCdQThtnnA008DCdyS2yp9bGX3GrxvTD/jHCnqPzdP8WLae2/1GXgBmzLv4UaKGiCMd2+js1Zk7Qmg==
+a.nic.moe.		172800	IN	A	37.209.192.10
+a.nic.moe.		172800	IN	AAAA	2001:dcd:1:0:0:0:0:10
+b.nic.moe.		172800	IN	A	37.209.194.10
+b.nic.moe.		172800	IN	AAAA	2001:dcd:2:0:0:0:0:10
+c.nic.moe.		172800	IN	A	37.209.196.10
+c.nic.moe.		172800	IN	AAAA	2001:dcd:3:0:0:0:0:10
+ns1.dns.nic.moe.	172800	IN	A	156.154.144.114
+ns1.dns.nic.moe.	172800	IN	AAAA	2610:a1:1071:0:0:0:0:72
+ns2.dns.nic.moe.	172800	IN	A	156.154.145.114
+ns2.dns.nic.moe.	172800	IN	AAAA	2610:a1:1072:0:0:0:0:72
+ns3.dns.nic.moe.	172800	IN	A	156.154.159.114
+ns3.dns.nic.moe.	172800	IN	AAAA	2610:a1:1073:0:0:0:0:72
+moi.			172800	IN	NS	dns1.nic.moi.
+moi.			172800	IN	NS	dns2.nic.moi.
+moi.			172800	IN	NS	dns3.nic.moi.
+moi.			172800	IN	NS	dns4.nic.moi.
+moi.			172800	IN	NS	dnsa.nic.moi.
+moi.			172800	IN	NS	dnsb.nic.moi.
+moi.			172800	IN	NS	dnsc.nic.moi.
+moi.			172800	IN	NS	dnsd.nic.moi.
+moi.			86400	IN	DS	50647 8 2 D3F69D4C3A87516B81285C3CC392CC7B1A27EAC534DD8A5DF41B6DFD323576B9
+moi.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . Cxzfg2GkoU9ygjlim2qsks6Awi6USoYdXe/WfwtuZVfK+tML7fyOdzcHXHchaU9WhxD3ygmIDGYaH7Jrqe/AqI/lDHLzc7IgVutz4x6mRaP6mHY8XlGYGjriBrRESv4UZa8uuGhCgCp5kBl7l5CJ2j8NmS0/0oOsboVTB5dzKpZiDvEwa8XAFtZqEerwp1FlyujGZRKNfGCoPCOXlOJve4iGF6wBlLJcn22hAsQYwXUzw9cGbkGOKgY0/50o+lag6wXekmSDeNYXJXhCIV+7DfDZJn4kMoOhPuwUCUNZClZAGOsyF8+KtA3w7ogBTOFEweRNL0f7MBQePKNcK1Y7wA==
+moi.			86400	IN	NSEC	mom. NS DS RRSIG NSEC
+moi.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . 1yngP9ZYMeRfzQLu8KEmK/Rap25nVWR456tROxVO6AWMSiSefVu3CF3/KNjLff+NapqOGXbrolDjrGMNPlMw5dPuKCXL0lXD0hDXGbTdXhm0owD3gNWw8vCja0kXmJ1fGjq7hPXbTGJqb7WpN+vKsFx03IEqUpQBARFIctG7OisRVRs2NNwFKzgJAY2JbN57inVtbPskJosVag80H+9iL4hVnahtB4wKa/VufNSX+4oUZyRtLZi66s35SrHQYCrwGWo66bU9pgOKt/tcyFihnx8Xlw8L38Lzlio+Hwi62sUvk5fmnLp7tiafi4tFJnpDwuMVB0t4uwx7odYWEMWGIQ==
+dns1.nic.moi.		172800	IN	A	213.248.218.54
+dns1.nic.moi.		172800	IN	AAAA	2a01:618:402:0:0:0:0:54
+dns2.nic.moi.		172800	IN	A	103.49.82.54
+dns2.nic.moi.		172800	IN	AAAA	2401:fd80:402:0:0:0:0:54
+dns3.nic.moi.		172800	IN	A	213.248.222.54
+dns3.nic.moi.		172800	IN	AAAA	2a01:618:406:0:0:0:0:54
+dns4.nic.moi.		172800	IN	A	43.230.50.54
+dns4.nic.moi.		172800	IN	AAAA	2401:fd80:406:0:0:0:0:54
+dnsa.nic.moi.		172800	IN	A	156.154.100.3
+dnsa.nic.moi.		172800	IN	AAAA	2001:502:ad09:0:0:0:0:3
+dnsb.nic.moi.		172800	IN	A	156.154.101.3
+dnsb.nic.moi.		172800	IN	AAAA	2001:502:2eda:0:0:0:0:3
+dnsc.nic.moi.		172800	IN	A	156.154.102.3
+dnsc.nic.moi.		172800	IN	AAAA	2610:a1:1009:0:0:0:0:3
+dnsd.nic.moi.		172800	IN	A	156.154.103.3
+dnsd.nic.moi.		172800	IN	AAAA	2610:a1:1010:0:0:0:0:3
+mom.			172800	IN	NS	a.nic.mom.
+mom.			172800	IN	NS	b.nic.mom.
+mom.			172800	IN	NS	c.nic.mom.
+mom.			172800	IN	NS	d.nic.mom.
+mom.			86400	IN	DS	11348 5 1 6A1B7A558A82D6BBCDEF5DEA82AF070B832BC7E1
+mom.			86400	IN	DS	11348 5 2 97FFC26796C7B2A683048B7CF0BCECF3C54D00B0DE377B54D7C7EEEDEB2EA8B5
+mom.			86400	IN	DS	28162 5 1 2AB25D06F73E977EE5CED0FCF5EA4ED6EE50D269
+mom.			86400	IN	DS	28162 5 2 4B2B701367D0B74F52C9684E9B8921659045039452D135A55D128687C729FBF5
+mom.			86400	IN	DS	41626 5 1 2744D01EC89A56E70F5B6C3171C39739E46AFB3C
+mom.			86400	IN	DS	41626 5 2 7E3FD3D91571D30CEB82A33021657552E235F436D998A605611A0712B21AA1DC
+mom.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . xQMd/3wLVIpZpz3uabGVMUET5+xRhdLk9wjkBilgqUeWwUxDuvb3jpr9H3wAPQ8y2NnX+Y51XLt+Fnx24WAxxK9QhUir+3SabCPsKorXccFRTaIDx/eWCfcrcGbTi+dkwUH68HEe9zMAlZIy5Dst4ii2RxaKCfnzs2ydweW/tOViqVzznZYWyQvxLpzHfvwdYERChqMPaaQSO1asiWjBKgiVH1EmnKTEylyXMHYN9NRRURd+Ht4WoZ01k3r9YTeBtiYQiia+VouOT5A5MhML73C7oz1JawLXPBI+4SwCyOJSyDys/WRCIaYBDnhLDE4XEmo1kZskQB1N3VEVqnuShg==
+mom.			86400	IN	NSEC	monash. NS DS RRSIG NSEC
+mom.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . xWI/zVi3fOM90dMFjdcXyV3qfaS6ZjDc9Fgy9lJ6lAjvdvm0KApp12LPSH6jGE5xd6rx0nlRd7BjwmCf7m8DtcMsLhmMxSd5JBwTnZ63OrP9odQ2FnhIRLhQjxweUh4BZlMw5oV6w0US4btC5f7UN1i7SQyyRA3j5oRLTlSsiPhOehJk+szM+9xaJSHLdu3D6e6gZAO//aCSuG+QHBXboiZOw34c/IG49bWZRnCaOd2tQ+lDEkTcqK9VH0t4aeGusfNybmDkzh7mQPRSs5FlZTFHRrjawppG5qto0YLEBSoUkVP3ABHpfvO0V9NxmA1bXPRTKGSx6yDum0xScoYgrw==
+a.nic.mom.		172800	IN	A	194.169.218.148
+a.nic.mom.		172800	IN	AAAA	2001:67c:13cc:0:0:0:1:148
+b.nic.mom.		172800	IN	A	185.24.64.148
+b.nic.mom.		172800	IN	AAAA	2a04:2b00:13cc:0:0:0:1:148
+c.nic.mom.		172800	IN	A	212.18.248.148
+c.nic.mom.		172800	IN	AAAA	2a04:2b00:13ee:0:0:0:0:148
+d.nic.mom.		172800	IN	A	212.18.249.148
+d.nic.mom.		172800	IN	AAAA	2a04:2b00:13ff:0:0:0:0:148
+monash.			172800	IN	NS	a.nic.monash.
+monash.			172800	IN	NS	b.nic.monash.
+monash.			172800	IN	NS	c.nic.monash.
+monash.			172800	IN	NS	x.nic.monash.
+monash.			172800	IN	NS	y.nic.monash.
+monash.			172800	IN	NS	z.nic.monash.
+monash.			86400	IN	DS	58609 8 2 C0713DBC0879E96BACCE82A9E23928CF407DD5336121CA0931CC93D193050B42
+monash.			86400	IN	DS	59965 8 2 D344B67791659D1F21F6181494A347040694C757C57A8D76CBCCFD00CAA1348F
+monash.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . rz7N2NOd5ZcawWl7AC+OyQMoFCQZN/qXO5/Vi8zJ3RFhxP4oghlPajskMarnPwiLsEEyRRpO3JX7/5KOOpru1aTYNgRJTcIYV0ZnE3pzLB+QRJUcwZA4ve6Jps+84wIRwkLa/rEdz7qdJyBQbGdfdPCvX40tv74eQgLUScs+jAwGn1kKLGl8/7iHKD/LpJJKQPxO++vkfMSutmDtwS2taXzpvPHImoO52AC/fNFkksY+1HmbNugDkiS7ZXzOahJZ8q0haeYVBM44tUvgNfSg2/Yp660VqTk8uz2fsw9Xzx0SnJ5iUW/iAbnlGgUGzeODL4+9eMRUfyin94Vyv4fexg==
+monash.			86400	IN	NSEC	money. NS DS RRSIG NSEC
+monash.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . JAl9zx7aIBCYxVWTobojYUIWqnVDDaDLkGEL3mMI9g7mhaZopzFPSgxorHvvYKF8jcN8+7hav7huS/s4m1At/2DcfS+N6IMkveWwfbStiEkRR/uMdAwUJCAs7fad64fXvMzic9AFigDhmzfYhmqjgFUiBwQa0RtpsAMaXBoacdiAqN1/x0d2HaSDCvTFdZe3GRcmA1em3YYCyDYQcte6U45yl+K0fwQQTo3aHXyVtOMuOX5AsOA+A56ZNMob/6HJ+hJ7XYTBo1ElOhq4IRszqS+HfWVH89jALLBw1dVR62cmqpWRP9igmaqo+jXCWvy6U9FLggbqiTy4fzgFakqGpw==
+a.nic.monash.		172800	IN	A	37.209.192.9
+a.nic.monash.		172800	IN	AAAA	2001:dcd:1:0:0:0:0:9
+b.nic.monash.		172800	IN	A	37.209.194.9
+b.nic.monash.		172800	IN	AAAA	2001:dcd:2:0:0:0:0:9
+c.nic.monash.		172800	IN	A	37.209.196.9
+c.nic.monash.		172800	IN	AAAA	2001:dcd:3:0:0:0:0:9
+x.nic.monash.		172800	IN	A	156.154.172.82
+x.nic.monash.		172800	IN	AAAA	2610:a1:1074:0:0:0:1:82
+y.nic.monash.		172800	IN	A	156.154.173.82
+y.nic.monash.		172800	IN	AAAA	2610:a1:1075:0:0:0:1:82
+z.nic.monash.		172800	IN	A	156.154.174.82
+z.nic.monash.		172800	IN	AAAA	2610:a1:1076:0:0:0:1:82
+money.			172800	IN	NS	v0n0.nic.money.
+money.			172800	IN	NS	v0n1.nic.money.
+money.			172800	IN	NS	v0n2.nic.money.
+money.			172800	IN	NS	v0n3.nic.money.
+money.			172800	IN	NS	v2n0.nic.money.
+money.			172800	IN	NS	v2n1.nic.money.
+money.			86400	IN	DS	4450 8 2 CCB7EBA3B169EDEFBF21F0DD89667AFA4920D4065D96C26F9A191B874BA25719
+money.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . TKjPXy9i2bS3GJgF+n9Hbitxta9pfWkpQyiqjtHPqR7gjrlHZ/DyZ3xeelr1Bfqjk+ukavH7isCz8bHUdNpoQKvUad7EMXR/gLV8M3PU5CxMFNoUUdzUJ25BsFp1jxCF7M2LHiUaaeoSRfKhOBr0rrka1xUc/haBeJjz2o5+KcPl9smlilZEnKvQ0oVTsOfpRNuQUyIn8U049XnclhPWMuEnxCzf+5A2QYzsanEuaZYtlDE1hvf+Hl/Ubh5LmhU6UwYWxKbSset+VPA6lCDC/erUD11ECXReXo4+8KMkl/gsRVZ/8/rbWx/yoPp3Dy9cLjonR/kMzRNFK9IO0HAf1w==
+money.			86400	IN	NSEC	monster. NS DS RRSIG NSEC
+money.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . y8t8jWIsIZtOlnLSu0Nh0StyU0uvIDoHsaTL2AfmvBXbp3TMETE0SLQgUFExOUrpzH3q9Ir0uOOdrKq3yTPpikOKok5nGuOCIe7Ck/qXsoXy5Lh9+2H7rNIjKRgJedt/08WKvYPMGLPK0JdB9xX0qfjn+WDn/MEc3cMLGPesUiO/xpkAbBH4qncjmd0kUEBA1BZdPJni+A9aespIoREVY763XH1r0rguafib9r9SaW7Rg2DQ/Pt8sPpcPrkl2F6l9efMYzIV4vbET6updePz41RDqFhtUBCfIXz3lsAhsQG8z6ZC9fEfIcIwNkiRBtDWlRXDUnFjvmwgr/fF2ftE7A==
+v0n0.nic.money.		172800	IN	A	65.22.28.13
+v0n0.nic.money.		172800	IN	AAAA	2a01:8840:1e:0:0:0:0:13
+v0n1.nic.money.		172800	IN	A	65.22.29.13
+v0n1.nic.money.		172800	IN	AAAA	2a01:8840:1f:0:0:0:0:13
+v0n2.nic.money.		172800	IN	A	65.22.30.13
+v0n2.nic.money.		172800	IN	AAAA	2a01:8840:20:0:0:0:0:13
+v0n3.nic.money.		172800	IN	A	161.232.14.13
+v0n3.nic.money.		172800	IN	AAAA	2a01:8840:f8:0:0:0:0:13
+v2n0.nic.money.		172800	IN	A	65.22.31.13
+v2n0.nic.money.		172800	IN	AAAA	2a01:8840:21:0:0:0:0:13
+v2n1.nic.money.		172800	IN	A	161.232.15.13
+v2n1.nic.money.		172800	IN	AAAA	2a01:8840:f9:0:0:0:0:13
+monster.		172800	IN	NS	a.nic.monster.
+monster.		172800	IN	NS	b.nic.monster.
+monster.		172800	IN	NS	c.nic.monster.
+monster.		172800	IN	NS	d.nic.monster.
+monster.		86400	IN	DS	56230 7 1 9DD1CFCF93B8D7F4CBCAFFB882C6DD820C345B3E
+monster.		86400	IN	DS	56230 7 2 7DE5A740D6E45C95C348209C877CB97736350694E595608DA72A0645960937CE
+monster.		86400	IN	DS	65523 7 1 A0927D13FF8D54A355B158D01AF184962B0D9684
+monster.		86400	IN	DS	65523 7 2 5A5B5575F92A04519F4C492D13F0F5039DF17597DB256444CDA0BA6CA203A105
+monster.		86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . kxsGIi7LQ7L2rawn6yG+c3lQmJ3r0H2ARgjfJ0QUOQP51mvdSQcOeFbJO6E1wfD27fpuL3xYefwWnrL79G2CaND6IdyOF53SRjyGdwNryqKQUtei6ScVGkqp18IaZaW6eAVxEDKk7Vnz1hUtdpnkRkEsazsQGLZ5PHSGvhtmeqc8dJiOsBa6eWyU14SEgWUabuRnZYvAc7U91iOBn/SGVEajwki86dG9n9Q4BckaC6d2dwdqRTgrBXKJ4Fr0RBahoMhXaZTCbWYpAQI8n2Ov3ggPCTBb7OqFoK3iQ39+rl0nps87uhQCW3B7nr1abP/hoXlmt09NQEVsBNa5b53rnQ==
+monster.		86400	IN	NSEC	mormon. NS DS RRSIG NSEC
+monster.		86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . bmlII5QnYwXxfeIFspLSjq1FLvu8IhEB6VM7YBMN/jq1xDOEV1HY0yUoC13qGG9g9i8Q1hKUFzmZz3lOhtyLEnbbluZ8RckcA9kF6doZvYKhZTnZd56uesYgKpYvc1a/BdeNiUhcduAqzIiLQ3wBS1Jp7TyAu+TYiqOwFSwhkNRTJKa2Xg8RvDXL3FaOiIp8lCeMu6j8NkOYz6LO0NwxSIh5Iw3SdxfNNtIaiqAxgzMg5/xy+KHp8V+N2RE+jMJaKZbEaSFRILRheLhmGOPwIhCLcI7Gm/eLUvXqe1BLZRT2pPYyGf7N1wvaOjB3FUIBG2XJHLJcr18RS+cqoPRl7g==
+a.nic.monster.		172800	IN	A	194.169.218.83
+a.nic.monster.		172800	IN	AAAA	2001:67c:13cc:0:0:0:1:83
+b.nic.monster.		172800	IN	A	185.24.64.83
+b.nic.monster.		172800	IN	AAAA	2a04:2b00:13cc:0:0:0:1:83
+c.nic.monster.		172800	IN	A	212.18.248.83
+c.nic.monster.		172800	IN	AAAA	2a04:2b00:13ee:0:0:0:0:83
+d.nic.monster.		172800	IN	A	212.18.249.83
+d.nic.monster.		172800	IN	AAAA	2a04:2b00:13ff:0:0:0:0:83
+mormon.			172800	IN	NS	a0.nic.mormon.
+mormon.			172800	IN	NS	a2.nic.mormon.
+mormon.			172800	IN	NS	b0.nic.mormon.
+mormon.			172800	IN	NS	c0.nic.mormon.
+mormon.			86400	IN	DS	25606 8 2 32BC7847356B87EF6E35D7CA36F19E481361D235C1E4AB7593012DB12280425D
+mormon.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . oGgGuy39OaN5n6IskX76HPKtw1vMB/ljfT/jgJwq8e13W/J8QJ8MXLB1lgDSBKMpOHEKO8DZh9Kh3rdyiEJobIt9MyaGnIu2317Qn4DhCGiXZfnerJ16zrW7GROW7cOZU9GeoZrEv7JyWf/nwNg40iPXtbfgKxZ4e5qooHdQhhIEuziWCkT8/8fGaBmBLajox1vbMfjPR3BWRaEGLwY/tM5sRik3UxHGQ8AXyWHJmzWHQ3Mdd8ikEhhJpqL9R5iOYCSpeVEcAQzjUO3f5mV9tvuc3PgLGSpTS7wWpWGFf2tRWpFczO0Kgg0OQv4BAKEb9OpLjWVS+2tfNB9lzfIJKA==
+mormon.			86400	IN	NSEC	mortgage. NS DS RRSIG NSEC
+mormon.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . t/aLK2U98tjO1ZTLqL+SrQ1NIKEOwEvJLA/VjsXzr9sxpdmrWz4StyLN3QU+N/PJmf+c5rXpj0r3aCHeSU2jo1BQwvhFcZ9ApdMmzisAUs68uipyELrzu/hvlGtmjk8Kx4pRxgS838guPjMTuIGh9avVmNYpRlODUEPQSY0SBrJkJs+do0JpfuWlnP1xSG188ny1Ar0paT0j5RLTGGQO3TrlThUZW7eBlAmiEwVfXDz7Tgh0JS+1lF+KOhLuUwiTTQx7rKWLuA9D/Vwv97U5sPPp226SFlyWOgBD9MzxRuahvax/FbOWDhxVuLdul31jTrMxA0+YTi+SlAunwO+uJw==
+a0.nic.mormon.		172800	IN	A	65.22.152.1
+a0.nic.mormon.		172800	IN	AAAA	2a01:8840:96:0:0:0:0:1
+a2.nic.mormon.		172800	IN	A	65.22.155.1
+a2.nic.mormon.		172800	IN	AAAA	2a01:8840:99:0:0:0:0:1
+b0.nic.mormon.		172800	IN	A	65.22.153.1
+b0.nic.mormon.		172800	IN	AAAA	2a01:8840:97:0:0:0:0:1
+c0.nic.mormon.		172800	IN	A	65.22.154.1
+c0.nic.mormon.		172800	IN	AAAA	2a01:8840:98:0:0:0:0:1
+mortgage.		172800	IN	NS	v0n0.nic.mortgage.
+mortgage.		172800	IN	NS	v0n1.nic.mortgage.
+mortgage.		172800	IN	NS	v0n2.nic.mortgage.
+mortgage.		172800	IN	NS	v0n3.nic.mortgage.
+mortgage.		172800	IN	NS	v2n0.nic.mortgage.
+mortgage.		172800	IN	NS	v2n1.nic.mortgage.
+mortgage.		86400	IN	DS	32380 8 2 5A2743723615F674DD2633997CFB7D2E89A0DB552BF7553B6EB80C449E998049
+mortgage.		86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . qQZ4RpOunt+0D4J2MWCWXCMuGTw+yHPAzfGlyAuRQUOciVllXlTNYI7m8ohysTDddenqmmHJIAGLh5ikArKYceqUKp813oISuqD9zx1xG+9L1yFY7RrED6j0nBycMwS3/u0cTZsupt8SoF38xM0/3mHJcksiF86pJgU1duE9XRP4j7lOk/OYRyrAIyHJPzAXdeINrDrIQbIJyJkXB8wachRJ/daI2AVbTpiNoVWCgkyk3QHRCoJATbKj3WfRdFr0CS3TFpbDq49XxjI/XgWAoOTKFDrkOh2p2JJYrIKwEkMliQcppL1HW8Q9PgRW0okkVsooGhsLaab66Y5wiIFOww==
+mortgage.		86400	IN	NSEC	moscow. NS DS RRSIG NSEC
+mortgage.		86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . mM9c6vm3PKcDXoZE1FMyAV2SWVsZBRJgD/aTtLl3Q861TgJR9dsJpv8/7fegjdJC6XdPIX55Kgsz+2Pz2ZjSmcjEp6IgQuPbPKC9ZnK8c2Qb/5ERfXl9y+UCirHQ3JM1noMS/CBenYdrCDAUoc9Hzc848+Zq5NAqJd9tl5yE7j8NHty8yI4d1LhuHlcRwI80FCjaXiCd6sQ396WaFfm8MkBIB22bSGR8qUpm/dDPXpIVL8SMZehXgGYhOKtrqSPxVYvlaAsyE7L9CWCOoKzEFrt0kQuh+jwBJCbmxbbkQBHj7WKh2p0etEJukEKxqThu12Q/5nRNAbFNVCCYBVl2fg==
+v0n0.nic.mortgage.	172800	IN	A	65.22.32.56
+v0n0.nic.mortgage.	172800	IN	AAAA	2a01:8840:22:0:0:0:0:56
+v0n1.nic.mortgage.	172800	IN	A	65.22.33.56
+v0n1.nic.mortgage.	172800	IN	AAAA	2a01:8840:23:0:0:0:0:56
+v0n2.nic.mortgage.	172800	IN	A	65.22.34.56
+v0n2.nic.mortgage.	172800	IN	AAAA	2a01:8840:24:0:0:0:0:56
+v0n3.nic.mortgage.	172800	IN	A	161.232.16.56
+v0n3.nic.mortgage.	172800	IN	AAAA	2a01:8840:fa:0:0:0:0:56
+v2n0.nic.mortgage.	172800	IN	A	65.22.35.56
+v2n0.nic.mortgage.	172800	IN	AAAA	2a01:8840:25:0:0:0:0:56
+v2n1.nic.mortgage.	172800	IN	A	161.232.17.56
+v2n1.nic.mortgage.	172800	IN	AAAA	2a01:8840:fb:0:0:0:0:56
+moscow.			172800	IN	NS	a.dns.flexireg.ru.
+moscow.			172800	IN	NS	b.dns.flexireg.net.
+moscow.			172800	IN	NS	c.dns.flexireg.org.
+moscow.			172800	IN	NS	d.dns.flexireg.domains.
+moscow.			86400	IN	DS	50770 8 2 63009CCCFB519B1EDFF8BEED4DF77F0EA9741CDDEB172207F622CCD913994E75
+moscow.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . U0bv1ITGBGKpu2l+42yU81BxmjLeU6B6W8gS5XQRXO+X3HFj/GzQIjVnwnhfxz4eSjCbnoxjkmfDM3cUoWrtnMwjhQ1Ps85k5HD1r3wUReJ7dt0RlCwIQEQjn3KZUpoQrZ32yzS/djmZkn/jvBnikIWXOGd6uwWBp0Uuq1LQeSHsYzNFDFH+mEdQEnlgV3x/i88YrjJE7VGqTHZqCPjRrrYJqdYjePGyWrts9jhKb/pow/6H64qP8YcQZ161CiZrr/ZOYZry1weAYdak/kPj4ASyr+3trVlquWh+yfHHh5SF1jhKRtdlp25SgMP4wPMSZUZdYHWHE47wNsyOgpSfjQ==
+moscow.			86400	IN	NSEC	moto. NS DS RRSIG NSEC
+moscow.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . Hxmi3DisuBorReyc3DpotbV6Dd3zYitFp67uod2plKboGvwPLXbNRm9PS2uwR0MuOmeejA9p2DwFQw2HXK03b6Q0j3SeT4I7UcHzAsWBKJyVgaKqF8CNbzuOxxa0Whh/IEFYzqQTe7yOiN1KWTk7CoY4l+LGAplXvrFBkZ5G3+PMF9v39tbPbzzM3jcXSXMDmGyEiCl31LmQ2PKYh3f9ufFGRyrZYfU7CrRTbHhnP+PsF/hj4VScUVXPcjQDJvlw0VkNcvJFI5K1K6C0wq4IqgXfWhx9wkTnFarvFOIDK8sVIbviph8Pe8nZr5w3/sc9BAfA0NIuHGJxzKP6PP0q9g==
+moto.			172800	IN	NS	a.nic.moto.
+moto.			172800	IN	NS	b.nic.moto.
+moto.			172800	IN	NS	c.nic.moto.
+moto.			172800	IN	NS	ns4.dns.nic.moto.
+moto.			172800	IN	NS	ns5.dns.nic.moto.
+moto.			172800	IN	NS	ns6.dns.nic.moto.
+moto.			86400	IN	DS	5671 8 2 6C1C11FAAA1AFB7C6198F3CD2BAD469E9C0E5D1D714189A4992699093440D97C
+moto.			86400	IN	DS	10705 8 2 A039B06852099A6B4E7EAFE4F4187F6D3B5747953413CE454EAD9A4576301C5F
+moto.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . A/msiqpvUmdwixl4jxldK1sRohIY1SVLJ562HAbI8v5VFFsjrybqFNP5o1MxCD83tLaoqQfwWDaGImQDWrQP75MW0BLZP+seEB8iansy9hJFdzTqnIj7/KDK9RdOW6a70Gi1T8+MJMo3TYsQ3v8wcr1+5OcZTYRxpNxvvjf605CM540iw6rDaDYoz0OOars5SMP3anYgr8YoJ9D/BTGD/abuTl/EDw+JeUIPFcND+k1jbEknwJfuT8TCpMU6V8PoRFgXwyzRjL6mIMbjcU0xepswuJfI/3BjGLwqGE/G0f4m/MRonhSx5DSg8dLoa8Zc11FzczENDIoRsYL7RnnpRg==
+moto.			86400	IN	NSEC	motorcycles. NS DS RRSIG NSEC
+moto.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . bvfUe/dvLDb2BX2K5SuSicBDz0NpECqiHQOeV0ys4NgT3qNfBPsRoMDNe44iX7SQ1GM7ePgWUxlShHaDZ+CTaF3ZoRXJim7VCnn0XJCaTsp1rKxRKKcngI389e9OSxFfVNT0Jallfg4zaaNZQEF+YUj9hAZ7PNpFg3wEkNvoUQ7GY3/7geu5CsuzU73Wu2riY2jLQEthuDtbfYcoQuBsmFgA5rj7OeWjHkqj24OMR2xkfR0MI+UawYGZqL6Bc0SGf6zcnrbfD663GvV8PLsd5NquyYdxPlRvdXdchpjOrGmVCxeZm7OmjaBxJRx8v6SW5rTQd1SEDbBXWuxIY/auZQ==
+a.nic.moto.		172800	IN	A	37.209.192.9
+a.nic.moto.		172800	IN	AAAA	2001:dcd:1:0:0:0:0:9
+b.nic.moto.		172800	IN	A	37.209.194.9
+b.nic.moto.		172800	IN	AAAA	2001:dcd:2:0:0:0:0:9
+c.nic.moto.		172800	IN	A	37.209.196.9
+c.nic.moto.		172800	IN	AAAA	2001:dcd:3:0:0:0:0:9
+ns4.dns.nic.moto.	172800	IN	A	156.154.172.81
+ns4.dns.nic.moto.	172800	IN	AAAA	2610:a1:1074:0:0:0:1:51
+ns5.dns.nic.moto.	172800	IN	A	156.154.173.81
+ns5.dns.nic.moto.	172800	IN	AAAA	2610:a1:1075:0:0:0:1:51
+ns6.dns.nic.moto.	172800	IN	A	156.154.174.81
+ns6.dns.nic.moto.	172800	IN	AAAA	2610:a1:1076:0:0:0:1:51
+motorcycles.		172800	IN	NS	a.nic.motorcycles.
+motorcycles.		172800	IN	NS	b.nic.motorcycles.
+motorcycles.		172800	IN	NS	c.nic.motorcycles.
+motorcycles.		172800	IN	NS	d.nic.motorcycles.
+motorcycles.		86400	IN	DS	4906 8 2 B200A2BE6FCDBE18E128FCBF7F0E60F646B58F1D6C8842A9243C17AAE03E74DB
+motorcycles.		86400	IN	DS	21907 8 2 6ACA9A367926ED9773D6FEEA4671EEDF7BF4DDC8C08B7CD8FEC415E9DBDFCC66
+motorcycles.		86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . oh7zPoIhcfncKd0Ie9+M5wdadmKmPQXDVGb1mn2fj7nrv0Hs8JXd5U6nc3VK6LiZlHIvwA8GDixWR/j/ZFKHdhbwj4TJqm5rtLsrEKATAG/GCn1JQJd9+0W9B6ohJD7CgKEWSmZIxVwedGWjCScW0FbipISMyyAyMoZiZ+vu6tlieOOShmF1Ysz2cnH8S/KJTO87aFb8osbvBN0gXF75SueBGW/AIwLmzzROiKBMfpGnEDljYQUTFKAJNiWXdMaL/EF3bOB3CuaRDiQkD1py4vNAjREzBsvZcKBHn6ZhaYyxus2nosu+PW0WfU0zf+CdV77TSaOcekQ1wBDbX+VAsw==
+motorcycles.		86400	IN	NSEC	mov. NS DS RRSIG NSEC
+motorcycles.		86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . BPyH8Y54yKuxU7uVKUrQ9K868r+Z3Bo1XH6DkgcatlLa4+D+mIxQaOMG5yvJb8rc2Of/sRGvKsOjSxkr8Xk91KjD4qg2kH1m1SYoPXNypWR2QvQ1s+At/m/waQuCvi3P4MRKjf20nwQdV+Ict0bo20b9OQrjWt8sg68p1/CwDtyTXg+wUTu2yaIQJREETTPvnyTDF1WYfF5hGDat2q1kEznziWEx3FJQc31T0Zdnl0vl28Y8ezZJjKBMHdhg/IZLvKio6/LtJnZtsZ1ZGt8dOe+robL1zF4bCoq6LmRE09ihbgglTYajZwmX5NWtNoJiuqY4O58LdUItmT5D0Ygtvg==
+a.nic.motorcycles.	172800	IN	A	194.169.218.135
+a.nic.motorcycles.	172800	IN	AAAA	2001:67c:13cc:0:0:0:1:135
+b.nic.motorcycles.	172800	IN	A	185.24.64.135
+b.nic.motorcycles.	172800	IN	AAAA	2a04:2b00:13cc:0:0:0:1:135
+c.nic.motorcycles.	172800	IN	A	212.18.248.135
+c.nic.motorcycles.	172800	IN	AAAA	2a04:2b00:13ee:0:0:0:0:135
+d.nic.motorcycles.	172800	IN	A	212.18.249.135
+d.nic.motorcycles.	172800	IN	AAAA	2a04:2b00:13ff:0:0:0:0:135
+mov.			172800	IN	NS	ns-tld1.charlestonroadregistry.com.
+mov.			172800	IN	NS	ns-tld2.charlestonroadregistry.com.
+mov.			172800	IN	NS	ns-tld3.charlestonroadregistry.com.
+mov.			172800	IN	NS	ns-tld4.charlestonroadregistry.com.
+mov.			172800	IN	NS	ns-tld5.charlestonroadregistry.com.
+mov.			86400	IN	DS	38414 8 2 BBD1727DE09AE643C1348D9637A31192116DA5444852AF3C1C5541E8998FB78B
+mov.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . U6qbf79zwnSfqu/VCpNXSfo0UO8KxyLHqHOsvY3OeuYyE0NFXJC6hBRA3WBQtX/2FumUcsqxiQ13J2U6PthonaNrJ578M1cVgUljC2Ia+i5i4U+ZoQHZJj4gCPW6MHSCfC9g3IQVrWlv6xe3hr8eDPChsWlZYzau4lb3YvcsTQAU9Cq5xgfPC8aYA1Hs5xBb79YJkfFYZ7e+/pWGvPimbDhtfHxbyqy6GIEt8BWoynjxwZSAJDR37Zf3hwPfkX84kIRxbE5aj2HDmef1xGsHZ9PMJNFK2mX2NIhdYjK3lVyjwNNav5p3XZipOtrNmePyGTSe2mUiAkpsZSgTKO6oZQ==
+mov.			86400	IN	NSEC	movie. NS DS RRSIG NSEC
+mov.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . Lmk9Dj3YEprRa1HQDqbW9Cizu5rHAcF7sLTIwwsbm0JQpK5KOl9IjQybksoVshRA0UU6uN7ZVaH8Xc7zspwGRobIco1cCkMXLFcaIBKeHi+GNtXNYU/rELKrhJn+h7WgbFgUsb1uu0HtMtFia8i0zgzPvCL41auO86jqjPijoQSXer9H7NtqafaSVBhDxMd2T66oDJ/Ucs9ILqeHZsxXUXZjwtysu5zZUaeAKZ0X9OWkg0yJ+7ehjFPhEjP7ydAwwUgLnOEei7uouy7603GcI4oaWu35owKgXmv/6c7lm+8TuDmxachzLu6Xlng62QWmGARPWu2MT11QL/qb8rh85A==
+movie.			172800	IN	NS	v0n0.nic.movie.
+movie.			172800	IN	NS	v0n1.nic.movie.
+movie.			172800	IN	NS	v0n2.nic.movie.
+movie.			172800	IN	NS	v0n3.nic.movie.
+movie.			172800	IN	NS	v2n0.nic.movie.
+movie.			172800	IN	NS	v2n1.nic.movie.
+movie.			86400	IN	DS	391 8 2 0C93D08A6111D49129AC112076ADF54B8B8E8975EB6F334372C8CE498664C422
+movie.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . x4OrZK97aU2pvoq3DqwsJIfDB+o9zs1bETmFAfP96g8wijmA8cDtOkhEsxP9UX480C13T74x9BcpMo1Mb3W3mavA9uJhNUjxs5ctdqAnSG3cEIP7jf/8m+Vwga6qahYWRP24S6CK7tJ6Ud4Yq0zFlx6s2SpYDi7TL4CBfuT1c3A6JYo+8ubuR5WEFiAdXGjRmLJDfIxQM6LFkjPhDqa1QWXNkRnMFpvzupfPJeXh1k79VYIdiWx3rDgDaO3qtXujXSmmrCN1mmchO8wnuSyuUnCYusObjjEiqKkn56Sy4d0jq31rGCeOadsHA752NsWt6cnNh6buULG5RpndpAQNPw==
+movie.			86400	IN	NSEC	mp. NS DS RRSIG NSEC
+movie.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . blh85S4dNrd8dSnegvuMNZ9/0F7N7Iz0VCbzlxbfvCqzoeokPDTjMmd3sscWMZeFl2u8DQP6S2UKCUxNGh0Gknu8z3leyo9cgzQiceU4rLDFFkLfBq+WRuuXqS0Xxz2cY5ktbrED08ctVTHo2D0CdiWzXQZobU2+j/H+3rBpeu2WEL98NeMOa5bWThE7XgndiCGjIkp3Aj5wkGfuDwafQ10+9GBxa3EnbYMueOij6JceZrjKlglHPK7Ahbju5iQcamGo7CD436l6iYAwJvOKyxu/Ah+vUq+x5XI5tugovCxcAsR3x6gbNm1yjtCQBjfAvgNetnTseNtINKefiN1eqQ==
+v0n0.nic.movie.		172800	IN	A	65.22.32.26
+v0n0.nic.movie.		172800	IN	AAAA	2a01:8840:22:0:0:0:0:26
+v0n1.nic.movie.		172800	IN	A	65.22.33.26
+v0n1.nic.movie.		172800	IN	AAAA	2a01:8840:23:0:0:0:0:26
+v0n2.nic.movie.		172800	IN	A	65.22.34.26
+v0n2.nic.movie.		172800	IN	AAAA	2a01:8840:24:0:0:0:0:26
+v0n3.nic.movie.		172800	IN	A	161.232.16.26
+v0n3.nic.movie.		172800	IN	AAAA	2a01:8840:fa:0:0:0:0:26
+v2n0.nic.movie.		172800	IN	A	65.22.35.26
+v2n0.nic.movie.		172800	IN	AAAA	2a01:8840:25:0:0:0:0:26
+v2n1.nic.movie.		172800	IN	A	161.232.17.26
+v2n1.nic.movie.		172800	IN	AAAA	2a01:8840:fb:0:0:0:0:26
+mp.			172800	IN	NS	ns1.nic.mp.
+mp.			172800	IN	NS	ns2.nic.mp.
+mp.			172800	IN	NS	ns3.nic.mp.
+mp.			172800	IN	NS	ns4.nic.mp.
+mp.			86400	IN	NSEC	mq. NS RRSIG NSEC
+mp.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . tXfoQW9x670DhAdqrKDkLSBOWctUrIrAVXEMnDWerlZVBqrYnscbrk4/6Km8aNYRl9JmEL/ybefcM1pGOiz9g8m1T5P6jxT/xI0+Vd3qBEUbLDTg0GALG9PdwYbRlv5nVjDhv0lN56SvlGwtMcD34FScp8LECZlqhbvthIOXfMtyB642fZu9P4Yj01r9TiOEkYC8w+ppObxBjWS8wcSxtlk1Xhs9Kjvjgi1+fbsHWP0UO+utcR7ITFof57W8oyi+pBUduS5NykM35foVE8qgkVJZxTFMdxZdCT1EUmIkdGD7vBHxWTPO5YrNw8vIyA+W5PfpX6u+oVi1GXyQL/7AtQ==
+ns1.nic.mp.		172800	IN	A	16.162.31.128
+ns2.nic.mp.		172800	IN	A	16.163.54.122
+ns3.nic.mp.		172800	IN	A	75.101.129.89
+ns4.nic.mp.		172800	IN	A	75.101.133.101
+mq.			172800	IN	NS	ns1-fr.mediaserv.net.
+mq.			172800	IN	NS	ns1-gp.mediaserv.net.
+mq.			172800	IN	NS	ns1-mq.mediaserv.net.
+mq.			86400	IN	NSEC	mr. NS RRSIG NSEC
+mq.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . imeTY0BYg18nruDX30T5mkdtymMiRsriBPlP2/GTVPXCayM+haekarRIpR4GWzEGTd2YQbooN+6DKcOZr8VxdGbzWwm6VKuDANrJfzx/RwP9RKiQrh2+egVHHesJUOcz9r+vabJ/nQynz+/U8orl1AFYAq5wgbqRtCXbJAuIM8Cx++STeOTcgZfrF9p0aA9VwQa/1dOJnUzaKUfaTxQg3fa1B3Yq1g7SzMRt0LwLRktVDOwJs5uGzTbhK2UN4Jv0wYk515S6+iyRln25Qll+jYDmsXoDmAJom3o6P5w51RpPE1B05hw8G47hXdVPP1opAMq4Kye/TIH8PWA3kkBjeg==
+mr.			172800	IN	NS	ns1.nic.mr.
+mr.			172800	IN	NS	ns2.nic.mr.
+mr.			172800	IN	NS	ns3.nic.mr.
+mr.			172800	IN	NS	ns-mr.nic.fr.
+mr.			172800	IN	NS	ns-mr.afrinic.net.
+mr.			86400	IN	DS	24775 8 2 949E0AAF97F494ED93976A84DCB1B2654A8C35E6208009C50D54A9AD8FE88FA3
+mr.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . DzDW+LDEkotj187jNoRW8vvpiQhHrXIE93tK+ZJrr0Lt6JoPkbRXSTh21+3NR6/yKYmivUW0MJb9YX5kM1lx2Vde570CEgdw7ysyjXRwPJng+NFbTd2ZKNbQ3OamdTNfyn5Bc6/OZnZjbWY9wX9twT8YLNwwfUa+kZJBAUpvyM0GEAgR+OW/lfOliWdJ/Um0+arMpDk5MmRKOyxg0VRdsHbjVCa9eOlartoZOefVI4yjTT7tJj4lWuUIQ6ayKMLThhb92huu+zz7SevBSEuSoCdlBad8+T6jWOFrkR3H22R0tJMpMNhBBJ8FDHYwXci4zF2gqUHlh9IQgGYmXt6SNA==
+mr.			86400	IN	NSEC	ms. NS DS RRSIG NSEC
+mr.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . RdZv+ZIuGF+pBmxoNpiCLlXrI2zOR+uC0BWHmLy6Y2AvbMe04BpLivWvJk90LwvasgHbwJv7IywJDefqqIU9johVtscKNQ5lyd1ptYWZDGFmLlQ2lTFtrPW69X4wWaqsA1Pn0hFn5jg3qguGeJDmz4GQO/M2nSOMa5eVKPGgWNZcjQ3tDmMv031I4BVAYjgwTZr43ZWmv0y5VULgZZNulzuJiGvJcKZpdyK/SxDLm0TmyrsEJ0BOLr5VuEv8sWSbGjqqPbg01x4x9mVimTP2xp034IO74c9fCYJcOdBwUxk0lxfRhZxraEFztNSZV2cBXi19u76GHrN5sPSMKj2jlw==
+ns1.nic.mr.		172800	IN	A	193.146.150.193
+ns2.nic.mr.		172800	IN	A	82.151.64.2
+ns3.nic.mr.		172800	IN	A	204.61.216.135
+ns3.nic.mr.		172800	IN	AAAA	2001:500:14:6135:ad:0:0:1
+ms.			172800	IN	NS	a.lactld.org.
+ms.			172800	IN	NS	ns1.anycastdns.cz.
+ms.			172800	IN	NS	ns2.anycastdns.cz.
+ms.			172800	IN	NS	ms-ns.anycast.pch.net.
+ms.			86400	IN	NSEC	msd. NS RRSIG NSEC
+ms.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . cC8TTRMxvrqvnV8WKrjZlzQO9H6AME+/2RyKs0RJZMgzFO2D/JpyFtYkzp3vSNdnUvQZeuMbhAijZ+l5D2gLspN3S9Fiyf+i0C3YFIVAfZHqXYVXgScW+B3nRIX/LapeHDr855U3DBo398qmcQW2ZO56h1vLhZZVgnRXQV/iMsfNAFShTYuDEP2kx39BRIjUWBS0ym1kFx+Zg6k2kH0b/wzbiJ3qpmqlx3L3dbfL49jyBTwP4YyoSIAW3sY1OUH2Ri5fvIxf8Rm1HowXHsm+wjLky5p2t7/lyWWHNui0u+Ji151rOsKHQXmjr1RreA+XJgJCiyXTqWTQDVE0lSpT1Q==
+msd.			172800	IN	NS	ac1.nstld.com.
+msd.			172800	IN	NS	ac2.nstld.com.
+msd.			172800	IN	NS	ac3.nstld.com.
+msd.			172800	IN	NS	ac4.nstld.com.
+msd.			86400	IN	DS	30849 8 2 8560961FD5E191D49B2461180F7EDC509E10689F85ED595AD111956BC81FF9A2
+msd.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . qGzRsEKOn6M8mrRPCDinx6ImOb/x4yYsnXMdgiDayuLiwt7ne7GunKqkIh+ewsy0EYGcOlUdV912LeFxsWc/FSFQc4uPghs+8M+qfLg4ZiP8gdyYqu9kT8r21Di/33anmJWzsvrlD/NQvF+kCvAS627Tn3GRqhtjJTRU82sBR8nQoMmpSzbq76/9yavPwdYB1M5Fh5t+SGZX3W0pV2pO+kL5sTr6Sj8vGNqBcNUyHfEI2+j7hELIhyPKlqNh67/BAeh1yONIqTJZdxqpO/llsiJD0+GP694U6YdTBy2o7rYW9rQs2VBNyVqP/BG+x9JMPVLfwTeC9SQKDZh2oHLHsg==
+msd.			86400	IN	NSEC	mt. NS DS RRSIG NSEC
+msd.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . FR1HrBgB/RlUcoO1IU+LuOBCd5238GW0q3fXQW+Yt7vLSf2MaDdSvb5W9YSd8LDN6BtoPeQvHlOJWw/MOehbuA3BYdhShA+DXwUFl26Sx4kLfa/oGUz9NG9VzVBBpPQttw52s24y4rxpPY9l9aj49Of+ZvAFp2g0hP2uM+/eErbIMG7E+OQZFZUyP9EkCMqfxUprS2JRPBBYGwHI5Cwm2AI6+z6I8cG4+ApED6/aj/Rk8pFblK/xT5ITQTtXC1HMs4o1ipNPlaDmWMpqHK5HD73Mc48/8RPytplYLqej6OrnuhEpj/zZ/TCavGQ++AE/3SuzgBst+kSItjjW2CX5FQ==
+mt.			172800	IN	NS	a.ns.mt.
+mt.			172800	IN	NS	b.ns.mt.
+mt.			172800	IN	NS	f.ns.mt.
+mt.			172800	IN	NS	p.ns.mt.
+mt.			86400	IN	NSEC	mtn. NS RRSIG NSEC
+mt.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . WfUFF+rr8kUXnczbO43oyiRYadERJQFiCeFY75zm4cJAJJoPikhpGwR+Z4pGcAe3YmUpnqcnsHP1PtrxuwwHPU2vF8DhSQNXfk3QXwRbe8tYOAufXq3qr3qmeNukmY2Comh7rXw7I7H3z8d74TfMEGzoPrXeDP3hA+A5xDBGMuLIWMYF9YVHu2EvhVGtRUdIXjESXl2c3A/yQ0LZ+/XkBvqk3xx5uIrbQghXuANxGZ+fCAQdLB5tw7VTsm/lg2YRTzg5h4pW03o5y4KTnEJGVM9qub/mOCZKD6ry8NRtYig7NKpRN4r/C9AuYwSivRQgc/ra7E7+a1JVUPhlQJxvtA==
+a.ns.mt.		172800	IN	A	193.188.47.252
+b.ns.mt.		172800	IN	A	193.188.34.241
+f.ns.mt.		172800	IN	A	192.93.0.4
+f.ns.mt.		172800	IN	AAAA	2001:660:3005:1:0:0:1:2
+p.ns.mt.		172800	IN	A	204.61.216.45
+p.ns.mt.		172800	IN	AAAA	2001:500:14:6045:ad:0:0:1
+mtn.			172800	IN	NS	dns1.nic.mtn.
+mtn.			172800	IN	NS	dns2.nic.mtn.
+mtn.			172800	IN	NS	dns3.nic.mtn.
+mtn.			172800	IN	NS	dns4.nic.mtn.
+mtn.			172800	IN	NS	dnsa.nic.mtn.
+mtn.			172800	IN	NS	dnsb.nic.mtn.
+mtn.			172800	IN	NS	dnsc.nic.mtn.
+mtn.			172800	IN	NS	dnsd.nic.mtn.
+mtn.			86400	IN	DS	18374 8 2 58114B80A64F8617AF3EC29668C55519D8CCB44A203562D746E7F2CC8850A1EB
+mtn.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . eSQj070yLyKjuIo3KT/+In4boBB7PgKurepZHjRF+E0Rq1H6ls78UfJ3ZOm4iP2ee8iBEbLiG0HCuXZLJHSwkvk26C2W310RkLagWSrd/o53qmvA3y7qW93C46KYU4Cf499093jYrjdO+bW8XuGCCXle+oOzLOaPqrqCm1WojtQHDT6bfBplnClJ5xgA8gN2IVo5WT0h/A4QLjHtA1sZzrdw8ileP6OUJB8IMvXSZ41YCsSFdG0p3iVOHHSKSuCOjpqaGUGKPADzGHTtknCgPoRwJdIcHWy0lmpj1ycSgWd+3eNkx8nErDWaHQ/bVSQMFs+tl/b+McOjFWGfpa0Cug==
+mtn.			86400	IN	NSEC	mtr. NS DS RRSIG NSEC
+mtn.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . WQn2ppw1ahJ/zxzV//lkLQMjFr18H85+WO8GNyE+ZITsATs7cWKvZOJCnyHGW3i3u4Bepav4MCnjGtmS8R5g/Brklh+bbqe0xmqAD219aURzcjmPadcQS6tk2oZRmz2PR4duIAiMpnUFMuf1Cv7uwVBA4o73vzkJ8Qik1m8oDduJXTMHBSC6y0PLIcrEbypcRlRV3q/raBiBYPLSPdskNdHEYciDnRJNt4pa0rG6VL7ZJ6e1MPx70LjlL5v1pdr35RmZKZIFuIeAOFudBaHJETyxVjosIh+jmb3qnSgLRhQJ4XjdXv+pFfHIpchNgW9XOftlBpMbwPqZmbofjSQ86w==
+dns1.nic.mtn.		172800	IN	A	213.248.219.42
+dns1.nic.mtn.		172800	IN	AAAA	2a01:618:403:0:0:0:0:42
+dns2.nic.mtn.		172800	IN	A	103.49.83.42
+dns2.nic.mtn.		172800	IN	AAAA	2401:fd80:403:0:0:0:0:42
+dns3.nic.mtn.		172800	IN	A	213.248.223.42
+dns3.nic.mtn.		172800	IN	AAAA	2a01:618:407:0:0:0:0:42
+dns4.nic.mtn.		172800	IN	A	43.230.51.42
+dns4.nic.mtn.		172800	IN	AAAA	2401:fd80:407:0:0:0:0:42
+dnsa.nic.mtn.		172800	IN	A	156.154.100.3
+dnsa.nic.mtn.		172800	IN	AAAA	2001:502:ad09:0:0:0:0:3
+dnsb.nic.mtn.		172800	IN	A	156.154.101.3
+dnsb.nic.mtn.		172800	IN	AAAA	2001:502:2eda:0:0:0:0:3
+dnsc.nic.mtn.		172800	IN	A	156.154.102.3
+dnsc.nic.mtn.		172800	IN	AAAA	2610:a1:1009:0:0:0:0:3
+dnsd.nic.mtn.		172800	IN	A	156.154.103.3
+dnsd.nic.mtn.		172800	IN	AAAA	2610:a1:1010:0:0:0:0:3
+mtr.			172800	IN	NS	ns1.nic.mtr.
+mtr.			172800	IN	NS	ns2.nic.mtr.
+mtr.			172800	IN	NS	ns3.nic.mtr.
+mtr.			172800	IN	NS	ns4.nic.mtr.
+mtr.			86400	IN	DS	7114 8 2 CE2AE4BC0908188F044CE4B2AC931119311272D0FB3842A36F2ABBFA059E093A
+mtr.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . vtqGMejOsB/TfBQmE4cZ2MsU5attgRbIG/VqbsCYiMlxoyovfeNoZTu4Dyhl/XTeol3XFNMcjZGtz3zamuP51MfZQbKyuh5g7rA7kadawAh3ZwG+Th403Uy2a0orcVxKnWb0wmQ5klv4pR99F2lYh0Ncg/TnNkafW0wZuFv5szg6lAuh6ECEobB/WLJqUSxzuXlr6hlYJhpHqb2PyRoE7/CdurxyldfUG2+BOltF+ZECuvmQTjgR7jEI37JSVMS2razH/SY1opsEkZUmqG1Ky+gkb5Dp/tckGhqFW+XEgwiPCf3uoTx0oYjPvDRa8TaKs3RIln2Io7sielbKcH3xNg==
+mtr.			86400	IN	NSEC	mu. NS DS RRSIG NSEC
+mtr.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . WsvRptP8wKaFVRymxFUA83CXul8FR9qsD6HIq5elTQS6g7yYZjhwl/x5Zt5/wZ1vj0t9x2MjuA5ggua3a2snXac/Fj2MwBj/OsZsP24u1YE9hku2JEdTshH5fUfJy8gN/UqfjpI8rD4C5irblgARmJYFa+y6mfewsQ1BdO/FCMsBZAg1o4NkLmUL8p+nVRk1zEJV4GuQt0Bfg+/DuXTB/ys6OLYKLgL+mI1t9s2Xsn6XmHwTXYAJVP+qWvkim9mepqQQty4bkqSxMvWruTmfTQVg1q4Pmt9K1+oMl2X3EZFUaYCiUMDfpY+ujA8QaCJ/a0AnwMj06LhsREvHeCXR3A==
+ns1.nic.mtr.		172800	IN	A	203.119.2.164
+ns1.nic.mtr.		172800	IN	AAAA	2001:dca:4000:0:0:0:cb77:2a4
+ns2.nic.mtr.		172800	IN	A	203.119.87.164
+ns2.nic.mtr.		172800	IN	AAAA	2001:dca:2000:0:0:0:cb77:57a4
+ns3.nic.mtr.		172800	IN	A	169.54.247.173
+ns3.nic.mtr.		172800	IN	AAAA	2607:f0d0:1b02:b9:0:0:0:4
+ns4.nic.mtr.		172800	IN	A	135.90.90.24
+ns4.nic.mtr.		172800	IN	AAAA	2401:c900:2101:2a:0:0:0:b
+mu.			172800	IN	NS	fork.sth.dnsnode.net.
+mu.			172800	IN	NS	udns1.tld.mu.
+mu.			172800	IN	NS	udns2.tld.mu.
+mu.			172800	IN	NS	anycast1.irondns.net.
+mu.			86400	IN	NSEC	museum. NS RRSIG NSEC
+mu.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . JBhBxK63l9ZmXiQfIRTBtW1xdN80Siuan+GCU59cp6FUt8kGYCzn0xWpcSglqNQOGBOU54kI9bLkw7ZVwrEkUpvCsmCyXUhbaZHGiiehex1/dk/WGR4KQx1kSW2w/L7c+l/yspXdOeppVIdB8RE/j5/dRL47xewqBp+KRlaSYkZIiG33YeDBQrn6sJJkiUHVNseHQa6MK4T5n79KNpcbdaeSodhW3jCm5ys7z5IFNhk/t9UAuLGpPUx5ocWUkaj2Lt0Lls9yusSuSJtWfXPc7+JRJkXbV4AU+aMibbwrFTe+tfd+fpuW0CjdBME5eg4GlMrgZPiM3TqfP+hodx7eqA==
+udns1.tld.mu.		172800	IN	A	204.61.216.10
+udns1.tld.mu.		172800	IN	AAAA	2001:500:14:6010:ad:0:0:1
+udns2.tld.mu.		172800	IN	A	193.0.9.98
+udns2.tld.mu.		172800	IN	AAAA	2001:67c:e0:0:0:0:0:98
+museum.			172800	IN	NS	d.nic.fr.
+museum.			172800	IN	NS	f.ext.nic.fr.
+museum.			172800	IN	NS	g.ext.nic.fr.
+museum.			86400	IN	DS	21969 13 2 BDB65BCA27B34A0C9E296FB79EFC78615678F7CC46EAB5EF86FE59F259CC03C5
+museum.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . JblPuTu0d+/pjsEnmLrUDsOOtKkmx2sRxuJfmEwrNd6QvztDNauoIfJh2NvG2ktzEYtDwGEWhTte045fQ/GWclQfRdSKQ1FGIr0FnxTwY2lWp+JTBNEFmD+vKJAxiK1byjCwGNl8/AjojEnZygrlJkFoCp2cj3zQq70Kh8gNc6K3bTFCHC3u7at9pOckd7TgN2ao0uD5yTnb2zxa4RHfubBv2iV8mK28GyN3ZsbkopdVemLrt8aHDUK08NjVdJSEukguKtA6EIhLjNd1cWVvE09Db4/DHWEHPHbcoaJ37pLuCH3SHxxr+xmcymZW+aRCUY5PvFG3D/QFkB9f39FRpg==
+museum.			86400	IN	NSEC	music. NS DS RRSIG NSEC
+museum.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . mMaHoMlNtrfv36kmIhBH/bl0DlNGp1/5f6gSqcvEa6uDSBnwt0UEoIyUDAUafZ6LrIol8godwHvEx7DoiHnZpo+Jjcs811ajthfkF9WHifYT4nygMhoOC5TocJD2UtV4tuTlz7BtrasEmK/npV/terMIGeMu6js6yCFPTU8GNalnjJVu4o4QQMlhwP1sJjVyjr8Yrv0ZH1U6y0p3g8XpjBaDDp/F+sl2OeF5jXVqygiyqhoUZfSzPij1/t+v4LySioCXmwRRb33iAhYCwbVP08+xvjqrYMgB9edMdW5p1DSM4KhqjT9X65vcPWiEJHuyAg08vtZeVhirdrMLIjW8Bw==
+music.			172800	IN	NS	a.nic.music.
+music.			172800	IN	NS	b.nic.music.
+music.			172800	IN	NS	c.nic.music.
+music.			172800	IN	NS	d.nic.music.
+music.			86400	IN	DS	60004 8 1 EE80F198DA75C68C32A632E895502F3F2A32940E
+music.			86400	IN	DS	60004 8 2 F4025F7B5C848808861BD35868BAE0CFCF7A0FE3AA1F79BB222093687462F3FB
+music.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . K1ImWmTDJJ7L4BmGc6DkB+DTy2uMjfIOwJ1JAjIOwEshezOIsMIPmo0AJGhmu3ZPJnbQVQoOgZYRoS9gNA1nMiYn8xvok/oj+Z0HQ2b1cBWpDzlVCStq0FA+GG6UvUv7WuNnHEWJNBuj7FJhMrxZJXBCuwneKDtq3iC0iLz0pN4Zu96zez6pNDtuCM+42TkXCeT42pyfYAl9uCbtthtQ/JF4YXcDlKXKuizEuirmyr/4h9WzJQkVGmKvIosur0uC/m5xhztnV4k81lMfG0gW6yCNTcSVJ3wSnwQYIBBogX9lCqPyuqtd80k1N457gQgO0YVpyQpDOAMNVIz+6DHYXA==
+music.			86400	IN	NSEC	mv. NS DS RRSIG NSEC
+music.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . PCPrc25g24uIZ5LvtBFHDvMXCNWPQfUFiU2lP+5rmgjTRlQS1ay6saTH2StjVWtpIZLcb+5JmPZj6Z3HvUp5FTv8owCXecuEyJ5V/7R3FbFPkG6fp/+S/AJ4LnxdwMmSgULS8+V2mq2f8Vr6HkTM1K63CC6MRSV/t60iewhXe8UHM8Oce/tJMmq0K5exzWi2HAzvi210yHzU4p5nLzTDsa+B8MacjrwPn30uJZv0O7+tx6t3nOuj6kO5YVe79yNZsrr6gVnmSRquH5HRdzX+QhWiIgMp99pbGlud2uH+A2JQknd1xx+sOyI/yu7Rz2j11Mc/Md+sK4E+hb6zyR8xoQ==
+a.nic.music.		172800	IN	A	194.169.218.142
+a.nic.music.		172800	IN	AAAA	2001:67c:13cc:0:0:0:1:142
+b.nic.music.		172800	IN	A	185.24.64.142
+b.nic.music.		172800	IN	AAAA	2a04:2b00:13cc:0:0:0:1:142
+c.nic.music.		172800	IN	A	212.18.248.142
+c.nic.music.		172800	IN	AAAA	2a04:2b00:13ee:0:0:0:0:142
+d.nic.music.		172800	IN	A	212.18.249.142
+d.nic.music.		172800	IN	AAAA	2a04:2b00:13ff:0:0:0:0:142
+mv.			172800	IN	NS	ns.dhivehinet.net.mv.
+mv.			172800	IN	NS	ns2.dhivehinet.net.mv.
+mv.			172800	IN	NS	mv-ns.anycast.pch.net.
+mv.			86400	IN	NSEC	mw. NS RRSIG NSEC
+mv.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . A51NLffc5ORaAgaIBEex6S0en30w4kMewxbCIFlSSCn+HC6KWr0/g3IxhLC7c/jqzwwhUJQNOOlbtfKetdQoSV5ZlNNW/WLZnIRBiX9wf8i66y+rZpIhsDQQHNdLxx3SkhdBieE8ZzkcfJLwKhzhvwRcbcFp89ktItLk9XDXBJHF6NVxPYb/aKM5ccOGvSE1tYmaAi84KaO3oZCyJ1bBPupMYxaGRwsDOUPzR3CMoPPub1OhUU08AdZGRaQFp6nFM703oIukkQHjD3AaI2ZjaaNG7pgXAR97ilucrVatJqhTt+AJet+a6YDg5HS/yuD+BVDQC2Oej6DroQCfgse1AQ==
+ns.dhivehinet.net.mv.	172800	IN	A	202.1.192.196
+ns2.dhivehinet.net.mv.	172800	IN	A	202.1.201.201
+mw.			172800	IN	NS	mw.cctld.authdns.ripe.net.
+mw.			172800	IN	NS	ns4.apnic.net.
+mw.			172800	IN	NS	rip.psg.com.
+mw.			172800	IN	NS	mw-e.ns.nic.cz.
+mw.			172800	IN	NS	pch1.nic.mw.
+mw.			172800	IN	NS	domwe.sdn.mw.
+mw.			172800	IN	NS	chambo.sdnp.org.mw.
+mw.			86400	IN	NSEC	mx. NS RRSIG NSEC
+mw.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . ENa+ShxxpMI5gq94L2oxG8DcSeetiO7eYAHB653NofBAJt2rRVSsXdr4suiAnNlAMXIYo4KNPMPkPtATIFBnOzd7DFGiRpm00GNbkEQ9qz/Ra2n6gvs7U2+lVFuAEmo1DVasU5P32zDovr5hGBfz3n3t+FqL3CLRCYTv6lw31Nqkd6ToJWw9ocB+ehbgytLbY2gwaLXKpCn2vE0j9W/gnH85xlrFxfCZw27kzWkBK35RPO3IARF/zlgUcYl6uHGnPUTwfsjRXf/HGt9TDPpDD4e0KGmYKrOCdkOuZmkAWUYRT6rkSk/+zU+80DPprsT+iMw/0kqp5z/EoiJP2JH4SA==
+pch1.nic.mw.		172800	IN	A	204.61.216.131
+pch1.nic.mw.		172800	IN	AAAA	2001:500:14:6131:ad:0:0:1
+chambo.sdnp.org.mw.	172800	IN	A	41.221.99.135
+chambo.sdnp.org.mw.	172800	IN	A	196.45.188.5
+domwe.sdn.mw.		172800	IN	A	41.87.5.162
+domwe.sdn.mw.		172800	IN	A	196.45.190.9
+mx.			172800	IN	NS	c.mx-ns.mx.
+mx.			172800	IN	NS	e.mx-ns.mx.
+mx.			172800	IN	NS	i.mx-ns.mx.
+mx.			172800	IN	NS	m.mx-ns.mx.
+mx.			172800	IN	NS	o.mx-ns.mx.
+mx.			172800	IN	NS	x.mx-ns.mx.
+mx.			86400	IN	DS	5714 8 2 F98C2F8FD23EE07AE29137FA6B2AC6BD44BE32D684FD06BB894EE307C56700E5
+mx.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . uz6KK1B3t13eSgoEUWZ9UeZ1EexidiB3rdlzGPcydrHIB7hXoQXspNW7QASRIzHz60I7Ta+NIhucacPCEaaTjPUl1Wd31xLlflq02462oHnq/45HB9h7OMrF3B0EN3neNxvHXk52Z9DENTlS5GE8mB19ETSatKtiuwDkWcC/XG7zFOhP6lS6g6VSZwlfaZ+yBRPDhwfneXJ2DaXcESamHJ5bcrQ2q4N+AgbO54+0AdRF6x3bE5EqDM53dKq1IngQ5qcvPx/EjHKlmMuDplP0AIbyDinM4XYnlJzW99DK9Hczs7m4hA3bmkqzFweOy2aIEqfdw8u5Jn0XRuY6tu9G1g==
+mx.			86400	IN	NSEC	my. NS DS RRSIG NSEC
+mx.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . D1ptDqAkIqHd0Ql3zprUud01XlXiR4kSHcnbwMSEl1HsuDzmWcosrP7KDTP99uhqOz4e8MK35xj3/5GYsABB34LXfbBdCP6H4T2BZwsOD+AE0Vguvd9vUHpl2AEKB+e1vfTyHgHUIv2/01OOyXWPuyv4rGIIp031uQlxTQ9qiwSYdcsjP5udloU/cCfB/0Hpncq82gbuoyQl2KS86MXmdjOoNa+ZB19nzlU2q/5GWsFLm/AGGTLDhS6W4gGarETvv97H5GamvJUmmlHg1VUmJHGsJNI5QYRb8VXCk1dbn103qE7Y4k2gMBqyxnP3d8jhhk/Y40ObysYwoq9nKCEnZQ==
+c.mx-ns.mx.		172800	IN	A	192.100.224.1
+c.mx-ns.mx.		172800	IN	AAAA	2001:1258:0:0:0:0:0:1
+e.mx-ns.mx.		172800	IN	A	189.201.244.1
+i.mx-ns.mx.		172800	IN	A	207.248.68.1
+m.mx-ns.mx.		172800	IN	A	200.94.176.1
+m.mx-ns.mx.		172800	IN	AAAA	2001:13c7:7000:0:0:0:0:1
+o.mx-ns.mx.		172800	IN	A	200.23.1.1
+x.mx-ns.mx.		172800	IN	A	201.131.252.1
+my.			172800	IN	NS	a.nic.my.
+my.			172800	IN	NS	a.mynic.centralnic-dns.com.
+my.			172800	IN	NS	b.mynic.centralnic-dns.com.
+my.			172800	IN	NS	c.mynic.centralnic-dns.com.
+my.			172800	IN	NS	d.mynic.centralnic-dns.com.
+my.			172800	IN	NS	a1.nic.my.
+my.			86400	IN	DS	174 8 2 FB9E2F10F50A09E3614A9E6A2C76C1AE7554711E5242B7F516A8078D86ED87B9
+my.			86400	IN	DS	35481 8 2 AE555A40F6BDB488EB025822A71C91C94E1F339FDD71E0386561C3C4B7D2B198
+my.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . vWEpF2unf1o0I8tNmUJNZekuqAVyppQ9CvNWpLdaGlyjMNJYVLjHrE/E9V69i6mHi7gJfaQM8wTXPG2PkNxJuZBDf3AH2wMOOAgsreOCJsWVJKxP4qzI5FYLSHmO2tmNIkScGUTof3FMJWZrmEz7F986t/zpGSrm8Szq3kmSCVPcW/AnOUHdjIh34YvtiRd06pcQmZ9LiLe9elJK+EkCPd5J61FFVqSSaAbiU/x9FZrWBF4Mu+cyhgYP7yW+7hrqtfUdRBMNGp3ae/OuJNifZjdjZ3ao3CtoZxBlLyafbuvsJg9D293PITtQy2EWzeslWgqiGnFVbCv8c5zRwbcMvA==
+my.			86400	IN	NSEC	mz. NS DS RRSIG NSEC
+my.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . r0dBIAR8Zoe5DLZ1gxNUea64T930RYRUhi6BECegPP66G8m3LlIes17TzBxw+v8O5s5Sku9dCw7Dxe2kVuWlIC17tcxUljWYit0wvigWl2lswdKY9TnzJd3hi73pHMnMs3J21iRzlZbvrOeZPa7/I+RcIsUer0PF71U9axwId+HOobj/YmRd0dIkxLWGacKLKY/tcNs+aRYVYAxryjGbxe3lhd+gGF/pn/MyrKTC4wPiKx1kuMYUPiT/EmQhPuK9kaHG2rvOgoyOBbeJgRSjjP4eTDnTw3f6lLhVBDZR53aJAz6oqsZ4iPdtht1/6w/cdCR4O7HltqT+8wpbYkCT7A==
+a.nic.my.		172800	IN	A	103.44.108.53
+a.nic.my.		172800	IN	AAAA	2001:ddc:0:53:0:0:0:53
+a1.nic.my.		172800	IN	A	202.171.47.204
+mz.			172800	IN	NS	anyns.uem.mz.
+mz.			172800	IN	NS	dzowo.uem.mz.
+mz.			172800	IN	NS	ns-mz.afrinic.net.
+mz.			172800	IN	NS	zebra.uem.mz.
+mz.			172800	IN	NS	oceano.uem.mz.
+mz.			172800	IN	NS	phloem.uoregon.edu.
+mz.			86400	IN	NSEC	na. NS RRSIG NSEC
+mz.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . g0gGK+nEgfktbcBcKOH9FxKIwBoQIRo9ugaegi2xyQIn4psiXdQg5TL2XQtHt1MJSEPD9mm8iwvSfKyItsMlUiAWVQtAaeD9EmVXLprjsC3GLNsXHwLdOCSsvZem5rCiaz6jQY7sb6BoFej6rf29wNK2paZd8xrh45h1oTyadpXLMe0u7C5br89XH32Re2yD1y9zi7T9mSc9PXFm6FgK3p7L0vBfduRBswPgKgvvaPiUUbB+UFZLAV5dL8bx6Q81Xu6n59x5rV3ByP2uT8o9cc0eHMhniUcSg9hheL2zIAfPOIoXsq6enk6uxmzQ0+GV+WRcuW6JVEKau5L3Ttq/0Q==
+anyns.uem.mz.		172800	IN	A	204.61.216.14
+dzowo.uem.mz.		172800	IN	A	196.3.96.66
+oceano.uem.mz.		172800	IN	A	196.3.96.69
+zebra.uem.mz.		172800	IN	A	196.3.96.67
+na.			172800	IN	NS	na.anycastdns.cz.
+na.			172800	IN	NS	anyc2.irondns.net.
+na.			172800	IN	NS	na-ns.anycast.pch.net.
+na.			172800	IN	NS	etld-1.anycast.net.
+na.			86400	IN	DS	25079 8 2 EAE8C2767C1C52C78B844247A31B0EF44988782CB5517D502983BA75DE98A627
+na.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . Zn3n8U/wgy4MDCA6TrTD1wyClkr/jeA6kkuO2iDYHcfYFkDaitz7x8ETv/rGSCYo8LTRVncdt927N4e0+zgCEDoste+/Za/1kjldR39antlU2Bc7/tVgtZlsBVf27vPn7JFfXTh0U4ejKp9gNk4l7Gu+gYKF2MqhqWTz+DVlg9OKCSHlxdjGr8fA2/8FAxT+/Uzs/jCoLhvkgwS236dE2sCx2UtJo6GNOKtL9IYkHJ23mjyptlmYMTWonEOoZz7SkuXlhLetGSDMG0lcKTC/iB6QSt/MjYCx6PGJFy/qHacDrfKuH7PFjU0esC0Xm8H+WmaRV2bnume5rEAH+eNpoQ==
+na.			86400	IN	NSEC	nab. NS DS RRSIG NSEC
+na.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . TbzoTj9uKMC5kIRlKN3Me840JO02X1YJEsLI29JNJggoMTaxUeZksbor0Vzt6IQPd5vktvtVFyKRoYk7Aqda3bj6dFIGfJhTOo4Vk7XCIzWIJD5MiPAKl36mY0zKGwS1ZjnCXonsPU17hKZFXcUxdj/mYzwyTplSAu3OMY4gKD7UahFk1FE1uJdo2V3cTutchuErFDt9Wciv5OGMjRZZG71yf9mceA5Ub27vP1OZtDhYGe3vJgGXlQlMb97zYqOo267qJsRxtOPgo77uCPPArNitF0C4k+0uPSU56CLH1LDimAGavlp37JyqAbujAJRd9kpFsXpuNAv3w9GJ5IC5/g==
+nab.			172800	IN	NS	a0.nic.nab.
+nab.			172800	IN	NS	a2.nic.nab.
+nab.			172800	IN	NS	b0.nic.nab.
+nab.			172800	IN	NS	c0.nic.nab.
+nab.			86400	IN	DS	3754 8 2 8DB2922BD318627EAF5907312A66433D3FC088510F37A4162B1911077B0CDFAC
+nab.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . z9Tj1A8IGsT7O9MSP47nnLAdzz2WnBJW5NflJBM2tMCNDZdAMxzUeWPsWgpCW8he3m/qGcxXojFwoMeqgS5AN2qaV8zXRPLoXXbQr9iE0Ldf2J+5aQFkJ0rv1GUyCh0DUfO2en+JGTC1kTU+Qk2MiuLI5rzx9kieEfZ/ywQ7jla5zSwXNM56lYHWCG6otxB06rELItGGhRs+ehtezzzivscfUXooPXV/oxsDWtv46ua17NW33pxwjSO1nwFVXElGaXQpH36QWdQidZHVYAt/PkhTXnSc49bUAq7ov7lacr0wn2aVziTdJsnxL5dAzk7FyRUOJM/dTp6QMxoVt3dVpQ==
+nab.			86400	IN	NSEC	nagoya. NS DS RRSIG NSEC
+nab.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . dV70iZ7cozMiCl2dyygUhHuX9uKLjzs2p1eR5OBpoioTW5M6yvj8ltve6fucke5cNfo5JpfZJix2qylEMsa9NhKprZxLfYMeMGXSuBPA8iHqio5wjx5Rx5aDpzNnsT4xDoWLBpBGbOcVM8CotWevxLqDSerxQ35FtvXzJP2Ew8ZXvx5JOVSdw+a4YaL3LAQf9i0G0/FuTMRYdzFn2QfVyy580CbkoezNi8n0e4C3YRRO4hP0DPlbAu83FMiL52tNtdiYt0wRL4YcSJidfbbjdTjTYKSbDG9bumltR/oyPi9M7KC1QQI00vinrnAtjxvgGf2DwdpV5zpAWP5IWN/qCQ==
+a0.nic.nab.		172800	IN	A	65.22.112.61
+a0.nic.nab.		172800	IN	AAAA	2a01:8840:6e:0:0:0:0:61
+a2.nic.nab.		172800	IN	A	65.22.115.61
+a2.nic.nab.		172800	IN	AAAA	2a01:8840:71:0:0:0:0:61
+b0.nic.nab.		172800	IN	A	65.22.113.61
+b0.nic.nab.		172800	IN	AAAA	2a01:8840:6f:0:0:0:0:61
+c0.nic.nab.		172800	IN	A	65.22.114.61
+c0.nic.nab.		172800	IN	AAAA	2a01:8840:70:0:0:0:0:61
+nagoya.			172800	IN	NS	a.gmoregistry.net.
+nagoya.			172800	IN	NS	b.gmoregistry.net.
+nagoya.			172800	IN	NS	k.gmoregistry.net.
+nagoya.			172800	IN	NS	l.gmoregistry.net.
+nagoya.			86400	IN	DS	44545 8 2 C856432F455A59B06C6964821F01A64FC0957DCB854EB10435E79CAEB6C2486D
+nagoya.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . AvN2EFWXxIfjGCHugHQr0/NnpZMXQTJxOLw0ef7cNsoy3oz27pyxzYz+fOVC2jduiCFEN3Y92KX17jggGy5av16W4jieo0Tdj8kpVq0KI16danWERmywi1hVTss15kHkurN3GozzlNtk5MIw+Tdbt1j4PeDqOzk+Y7B3z1GqYvcGm7BqkOmlW5V29noZ8GQ2LJ/Ok4EwZvq8DPfvfiM2kWFQG3c8ZoAXB5pJ75/m8+Hcs9hH3sHdEMyF8M8DgRcYAomJQN7mvmkl2v2uA1jue+ndmuvuD9OpuBINkY7JWy31iPfePHtUquQJs+SsRmByCtFc7xvd1umYUciXo7at8A==
+nagoya.			86400	IN	NSEC	name. NS DS RRSIG NSEC
+nagoya.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . sl/fuP114NdW1REzwwTE4XcTM3ryNrOKBzXM8Etvc6ipH1DzyBstImJ6v48YeJ0ayf9qsH2DCk3UemO67cZ7IybJyTgxjBIZqhvqNrzOnVObpMvk5GcFx/L2vQfAGRRM5rWUuTdR71K8IRZzDpb4E1PAkjc4PVHdLcW1DHxa3UerXU+nzN7ncksfkkx7pnGOesVucHs1D3psFqL+dofWVlTRfExz+GP0tACZbZT7UImi1eUruoxSeD+4fuqGUmpnnK4yZMVAe2Y4pbM6gvNtSl/3Aip1Xm7ET4ppcZ//PKZAR8X1GBbCBahXEgvMe2/WZWkcrc/H7vMpkdVXYSoxRw==
+name.			172800	IN	NS	ac1.nstld.com.
+name.			172800	IN	NS	ac2.nstld.com.
+name.			172800	IN	NS	ac3.nstld.com.
+name.			172800	IN	NS	ac4.nstld.com.
+name.			86400	IN	DS	52563 8 2 4E2671F0DBC3927D842053044C6A0CBF8B21E1E657DE8BBA99A4835031A85A41
+name.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . rdpqwFMVnnYIXPlsExlCM5QFNQOteTDJt/b43LtBU74QoIrEjLyDg0EpaHMSwJz1i9nmGRuboZ/Sn3rJ3fycujsIIN2O+9lAauLdE/rd/4PPAC0HVWBteIWupiqnegidsKmvFSHWPXj4mhEL1sEAEzkCxNqGqCn+Z+tCJz+nd7RJ9RBj+iuNr1tsMHNmpghEiZY4uzXEXNpps6u3l7p0WBTOcmiY7+sBvcF97SEYRKeRvlG8UFcBRfyv4Feeoi4ABE3YzaSERZ779MVP+k78a0yL73aKhdNRSG8o2FmoyQ8kfUCvsoN6AjYRCqvhEaM1OsvRd4NgWtdvJYtH8bOFpw==
+name.			86400	IN	NSEC	natura. NS DS RRSIG NSEC
+name.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . JNWRNK9g5AhdgGgdzG1u9THhpD6LC0uQx+UsoRTarBlHY0eAABH08vcaAkM3k2S+N1+kT3GdGZpdCHLhegmajEE7MMOSTpxzYOqnl1O59BEEkYIB+69f8An7fIpNDWtjHhlzD9oedDgKar0vsYROg4R5X37cfRcOcvAFfQo9P3Jme9Qpo7KNh8a38hnW1JU74MemQuLsj6PnbFgihg60L7WxiGxgc3QS9yYUHRu1y5ICQ1DcGq2dsHYdZ511Xr4JrMYELWWkzpdAUKlj4m8ipWepMFLTVuTpNpgt9JtMoC6SkcNvaXAQ7s4ltNp9VFEgZ92hVWOGKLCfgf+Fvlwt7Q==
+natura.			172800	IN	NS	a.dns.br.
+natura.			172800	IN	NS	b.dns.br.
+natura.			172800	IN	NS	c.dns.br.
+natura.			172800	IN	NS	d.dns.br.
+natura.			172800	IN	NS	e.dns.br.
+natura.			172800	IN	NS	f.dns.br.
+natura.			86400	IN	DS	2471 13 2 C42365FCDE0C1898AB38A492EA636E38437FC87C5EF161BDC3C27893BFAC9B6E
+natura.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . PSNQWvzEs++11SlVqjLaYCDK9ZUXcHp/sXm4MLqf4C8ip0KMNX/hHJY6GKlQOcgiZAsLmb8mFYAE8wSGBxLuRWRkLCIaucm+IsAM7zZBm4xgRrh8JpfSMqdRLWkVNS4n71kx+vFgkzNUbb1Sz0q+HEJkvOru8gPoNreSIXVaghwMj+oMQUluMVX2vU8T2fy8lA1Dj/oYBmfm6tBRUb9oBWfcVkPgD2YKfcKEhqxQjxU2Ur3vDNu0DaMlAnQevxgeboA1WUEqac5LZVcj3RUbgBaALlodwGQiZV/ZtjQqOV4tbh1k28yn4stG3kvwXpuR2ifTjjVuuGsUIoUWW5D9VA==
+natura.			86400	IN	NSEC	navy. NS DS RRSIG NSEC
+natura.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . c4fXTNyyUQzoZji2t97WKWH9WKgozTYUOlxmvYwhI7DtGMjiAVlQcht1uUb8Spyjs3nImrZB0MiqktCDyiLNcVfzyk7YV9/kK9JfqN8TvuOw930RaKye68TGBqFqhsCm1ngMJ8x0abiHf/x7PIH4RmyAakwBZmogdHUpwFWEBbQoeZaqrvs6HAJ3eFJ+rd+I7O5xj6Y0xam9z8UVAhEIegTXlvGpjY2QhfXalMD0jrW6hdVCR1G7QqY7wQdhhboy4YHAsa550Ahw5oCe6DLGZR2VNBF53UiPPNkQTHdmrNGfSktNH2ggHmMR/PGFaYuvcziLeAfOYfITg4pbV5XSVw==
+navy.			172800	IN	NS	v0n0.nic.navy.
+navy.			172800	IN	NS	v0n1.nic.navy.
+navy.			172800	IN	NS	v0n2.nic.navy.
+navy.			172800	IN	NS	v0n3.nic.navy.
+navy.			172800	IN	NS	v2n0.nic.navy.
+navy.			172800	IN	NS	v2n1.nic.navy.
+navy.			86400	IN	DS	24535 8 2 6F05F1CC418BDC0C32058586CD7DE8CF28EC70AA9C978E2613389226053C53BF
+navy.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . DaC62bAg5cN56TYSpm+F2zu0xm+5wjdylQHdp9mNoVfQS9ol5HtK8HP0GZLv8ceazCYgvrT26WbhznKa4rkeN4IdQL8SKRIY7PWwjDsKMfh1ghkvzeo5hBHOlcKe+XiuF6bkB8GMMt3zX22heDybeMNjjOk8YcgeNVkx3dMQcldpv3yOWEh+ieXFv/fiQ7no1HE7SXyMIyx8QBo1XtqgKf69CsUgvYKywV6GXZH7snfch6UeFWsW/by8Bz94pDWr1jkDkvaQiL5ynEUR8BEnWpovP3FIFZhwk6GikYuQsq8LI7ElFQ/PmWnE4Y8H+jf8oKr7zjFVEaCgIvD2o7fpNg==
+navy.			86400	IN	NSEC	nba. NS DS RRSIG NSEC
+navy.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . SW4zw189manbcRMl4AHmG8uO/dchwGfygP4yHs5iepk2Ae3AsV5FeYirSxl1WTjUXG0pSFasXgCb0m7HyBkulyaSmf2qFrHQ7IVsENuiLgSkC8Xy0kH59YcOKQ5K0ZKCzLfw0wwZ6NknM9pJ0HArsh3hYZhNHtcfoqGTY5Swh9HqokzRXL3iPiuqGtp2QuXA1QCpiNLgzc7hEQcu9tkurEpn06AWPlWoJ3Hh6ZsXZuZsxE4Pz6XStgEbgRxKEyTQokc7RJZt+AdiZQbKKrj8pu6+N6/CfF6aVikf/PxHHIygyIC0hsVhzpbTEhC55oSp2Jhn2ms4vzMeEPgX4AclSQ==
+v0n0.nic.navy.		172800	IN	A	65.22.28.34
+v0n0.nic.navy.		172800	IN	AAAA	2a01:8840:1e:0:0:0:0:34
+v0n1.nic.navy.		172800	IN	A	65.22.29.34
+v0n1.nic.navy.		172800	IN	AAAA	2a01:8840:1f:0:0:0:0:34
+v0n2.nic.navy.		172800	IN	A	65.22.30.34
+v0n2.nic.navy.		172800	IN	AAAA	2a01:8840:20:0:0:0:0:34
+v0n3.nic.navy.		172800	IN	A	161.232.14.34
+v0n3.nic.navy.		172800	IN	AAAA	2a01:8840:f8:0:0:0:0:34
+v2n0.nic.navy.		172800	IN	A	65.22.31.34
+v2n0.nic.navy.		172800	IN	AAAA	2a01:8840:21:0:0:0:0:34
+v2n1.nic.navy.		172800	IN	A	161.232.15.34
+v2n1.nic.navy.		172800	IN	AAAA	2a01:8840:f9:0:0:0:0:34
+nba.			172800	IN	NS	a.nic.nba.
+nba.			172800	IN	NS	b.nic.nba.
+nba.			172800	IN	NS	c.nic.nba.
+nba.			172800	IN	NS	ns1.dns.nic.nba.
+nba.			172800	IN	NS	ns2.dns.nic.nba.
+nba.			172800	IN	NS	ns3.dns.nic.nba.
+nba.			86400	IN	DS	4090 8 2 3D0D5884F22C76C902BEE260C65C47057BBBF5544D83CE01681A756B3C220955
+nba.			86400	IN	DS	59911 8 2 734021820D7B1FDEB0567389BCB05A0F47DF5F2A0F156D6E9177A9EDCB6A8716
+nba.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . 1OfqO698nzhEheaC++LZzrUyDCi995Fb1lT8dZ/dkLvn2Rp9AF97derVeotlZhAkqYh9vTZ3hO2X/QlYmYPNoTzQriYmaaOCXPTF3PkIfoabcMCZfTXS9O0Ckf1+CqBtGZIjzTx6Qi/QkflYdq0g8cEdt8kgpDCDfh2AJSaUeRY2Ht/0MEJ1NtIsEC3MXPi89nBnWE7mn1zKw2XM0Jc4WR7HsX4MVnB8VFvBYgDGcWXGOCpgUy2gHahLv94XoqcerrqYueTm3UGbGZQNMQRQa/ZLUuwOisfUFeB4hOhm8DvxSacMDrqJYJqgjsl3ShcBg/oJD42QftouKgIb7MeA4w==
+nba.			86400	IN	NSEC	nc. NS DS RRSIG NSEC
+nba.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . nqJ1Obc/bE+pKhlQjldZ4SoYDoZB38MUGkRKNWpJFuoYypPddGJcSuHVhAzwj8wMLVeegh/yYRmpewlCMwhc92tP7yWkIVti3FmMYtHBhZn1mL8mfeLNqcKfZonPRpRJHNSRRymIno4uu2ZbVRsdddnJ8LaTxGv4FgGvjEGy4mEVaz5xAxsCb+NZ7UAwM0sIemO4IhE6WSMM7IiSAFfaJTEUaFUBYXm6zVPgjaGYAbp+GJ4xG1emyUghxbhXNVkI5F+rJu6xRUnSo26NGc4sg6v+9vsLiRsUu/SDW09MlXqO3OESPnI1XWZ/CN8wc8KOUdBgRWWJcakoR0qVhG6apA==
+a.nic.nba.		172800	IN	A	37.209.192.9
+a.nic.nba.		172800	IN	AAAA	2001:dcd:1:0:0:0:0:9
+b.nic.nba.		172800	IN	A	37.209.194.9
+b.nic.nba.		172800	IN	AAAA	2001:dcd:2:0:0:0:0:9
+c.nic.nba.		172800	IN	A	37.209.196.9
+c.nic.nba.		172800	IN	AAAA	2001:dcd:3:0:0:0:0:9
+ns1.dns.nic.nba.	172800	IN	A	156.154.144.119
+ns1.dns.nic.nba.	172800	IN	AAAA	2610:a1:1071:0:0:0:0:77
+ns2.dns.nic.nba.	172800	IN	A	156.154.145.119
+ns2.dns.nic.nba.	172800	IN	AAAA	2610:a1:1072:0:0:0:0:77
+ns3.dns.nic.nba.	172800	IN	A	156.154.159.119
+ns3.dns.nic.nba.	172800	IN	AAAA	2610:a1:1073:0:0:0:0:77
+nc.			172800	IN	NS	nc.cctld.authdns.ripe.net.
+nc.			172800	IN	NS	ns1.nc.
+nc.			172800	IN	NS	ns2.nc.
+nc.			172800	IN	NS	any-ns1.nc.
+nc.			86400	IN	DS	49057 8 2 5957AB66CF4871C8C39EDEBC78DFAB2B6DCBB3EA5E97278EA27190539410B753
+nc.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . hmmyzfk/qlsHaQ+x2tOE9vraIYOs33Pep/Giv5LjYPwXDSQKRLDgb4LmKiKhEnQTQ1ebr5Ilj9lpS/7IrQ4iHzGdOejsc18kKQoYBcc0GLu+5w6KbG5QYU3KZljKI8VZFzRXtyBAHbeXQEY3uGUq0kDwG/RV5CHgEzPn3FnH8o1yFYIfFrRAiXgDEGDhRDlWZAlBcfslR7NpMMUZqBAlGV77ixLeu45OEoHZ7SG2Pv1RqFp/P+y6l7VD641aFJenPQ32oriv7LEwfat/KyM5ZKdI1FvEwBP3NGFqHbvwg+3+KoCvHXw+z8bzbyd9xuHXq816lAZfz+FbEDr4Gx0pxA==
+nc.			86400	IN	NSEC	ne. NS DS RRSIG NSEC
+nc.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . lZLhFO03iojGq5rZVkDhJKmKQ6SrBhfyfx3/AV7DGoi14y4vif1lQNlg7FItANkYK8K4mhH2qzGDLHL6bp/ewqyG8Q4xzuHSFrhfEaJQVw8PiWExLSPUB/hLioUEPSjpqUQQ047zQseDeOKCNS4faNuf/28nDOL5zMx5vUf78ucBOPz2KN6sg4Yfg2Ej3nov6girol6vXVQmNFUbiPtIo0cTw+p4ZGmOt9WgMFaGGEYS2ROpH8Bw5O3FYV0Mwx6S1UJ3AFMS2jFEHRCfDhG+rsmXbjObZHVcJysIMADX9UIlPiUeVH7PSB+hV1r0LfmssVEDI4lHIQ4jdh8cAnCHYw==
+any-ns1.nc.		172800	IN	A	114.69.222.1
+any-ns1.nc.		172800	IN	AAAA	2001:500:14:8000:7245:de00:0:1
+ns1.nc.			172800	IN	A	202.87.129.16
+ns1.nc.			172800	IN	AAAA	2404:2200:10:1000:0:0:53:1
+ns2.nc.			172800	IN	A	202.87.129.17
+ns2.nc.			172800	IN	AAAA	2404:2200:10:1000:0:0:53:2
+ne.			172800	IN	NS	ne.cctld.authdns.ripe.net.
+ne.			172800	IN	NS	ns.intnet.ne.
+ne.			172800	IN	NS	bow.rain.fr.
+ne.			172800	IN	NS	ns-ne.afrinic.net.
+ne.			86400	IN	NSEC	nec. NS RRSIG NSEC
+ne.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . tqSjfrxUabdeO5y5aiPxMVwyzefg98AQJQyUFZng3HlkPGO3fl/3Y/p9VDuN0FKU9NAvBcwvExfW9opHlhdVRxlwbwSDSXV8t9zIwZ6ZysdRwMJz9Jy5kO2tznoTDsh83m8Oy14dYe0ReWZZiuTnMYgJ0YHcFvYcHVgI4IEnUHhwKfsgbBSTaJZ2BcylP8IDeGMfoJitNhIZS6iJOHGHSGiy0/yz2D7hvpTkHvKO8/5GvHftHXw0yuyqXouFuRNCetcLhjrs/4h3c8n333Z0xci7A/e3jBdjj0CagdBJXLRxOZi9c3YnrhDh4TFMPN3uwZxYGwYFT9MhjWNkk839wQ==
+ns.intnet.ne.		172800	IN	A	41.138.54.10
+nec.			172800	IN	NS	a.gmoregistry.net.
+nec.			172800	IN	NS	b.gmoregistry.net.
+nec.			172800	IN	NS	k.gmoregistry.net.
+nec.			172800	IN	NS	l.gmoregistry.net.
+nec.			86400	IN	DS	3352 8 2 077C18D635DA43D7201764E89118F552F72428B12763F1BC258A5619B71458E7
+nec.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . VkGeYblCMGufp4OkIZg5owTxzj4fIcU65HG7bNMD193YswvDu7OhD45CYusLjamQumTusWcxhMLluoGCqsmQh8nJJs9pUxsMov4yqUuW7DIrqPIa3S4gfHY9S0OPLhUniNHriYa4P/TCZCcLu0BQiAKLYpwVbNnQ3uI66TqEBUb7FTxWEaDCkJ1Dx640actW0xgvs0nHBDQ8jCXi1q8ohAbvAdW7KH7VjZPhixDcwItwOMhJwDs6lYHQZQf6+AC/WNJbSCSiiQC/0/0maE5HTZwVSaHQCKZzC2brVGqDAmClfxz4L73u6ue419401A2y2so+p+T6T0xFPMtnq5x9uw==
+nec.			86400	IN	NSEC	net. NS DS RRSIG NSEC
+nec.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . YcVTRl0vzHO5orAhnZF0EExumqH7wXXSvZeix3veVutG3mEGQCDtY/P6feYWy+92Sh9jWw3oW6JaDXl2zSNL6Pn5t5VneVwRy349HxYGhiiRKg8JUnWDRz6ngkQGTM55EF/MPB+qA0wg2sXz/j31hPzNkab3AFq3G+rnhoWU5mGt+pf4cwrypOvUJXbIJKCMafPdNZNA/z08jafF9jXjUdH4ZBzCt/IZ5IMSMAMXj69zF89mf9yImS0bJEOJGqvrPljwaFIKgEYqmhyccX1dsdvEEhyHR9VE1tAZ8Nmrl+/bKnkParX0MG+CyAGo9C4gmy2E/7sK72PzwjGonx1TRw==
+net.			172800	IN	NS	a.gtld-servers.net.
+net.			172800	IN	NS	b.gtld-servers.net.
+net.			172800	IN	NS	c.gtld-servers.net.
+net.			172800	IN	NS	d.gtld-servers.net.
+net.			172800	IN	NS	e.gtld-servers.net.
+net.			172800	IN	NS	f.gtld-servers.net.
+net.			172800	IN	NS	g.gtld-servers.net.
+net.			172800	IN	NS	h.gtld-servers.net.
+net.			172800	IN	NS	i.gtld-servers.net.
+net.			172800	IN	NS	j.gtld-servers.net.
+net.			172800	IN	NS	k.gtld-servers.net.
+net.			172800	IN	NS	l.gtld-servers.net.
+net.			172800	IN	NS	m.gtld-servers.net.
+net.			86400	IN	DS	35886 8 2 7862B27F5F516EBE19680444D4CE5E762981931842C465F00236401D8BD973EE
+net.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . jnMvgNg2Zp42e6drDHaTskv2vxbBztIz2Nl24m8ghOH1Lwvjkk9Z0nxgM5XVBkNPjIDrlIojIf0BZ79RzPiklD6Cd6nTemwyL1hF6gWFtyJPyK95PcNUhbkj6uF5PHpaofcFek0LpgakaumBY7qqAd80mb8NSq/cU7jCTUg9OBEW3kMEozk5cLHrCES/+oGVInl7tOuhX9BLsjf72uJmKmUGJYWR5uTkZzVm4pG2CRoLnkZv+O2ndamF8m9bmrppkyAFleB3Y3mSYK80aBF18FB/BVG15QUqbQpRVXSllpVGR/k5dHQ9HG3yjTWSB77ubrmcFejWlbb6f5DY/R/x7w==
+net.			86400	IN	NSEC	netbank. NS DS RRSIG NSEC
+net.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . xHSBDFrl77ByUfxltigS2THVzk7tqYJLk3Fg9ctt3znialLiWKcWZniz4vbllXunIsoqhbRoZHjykswDf2weX9l97H7A15ZVywJ3pCC9IeIUhSujCnfyC+oLReVHAd2bc2NgyrVwzi2PRURYOepufbVh3u0yyq3ywzVOOkoqiLDs92mGRLkHB2RtpPGIvNO1APLeLvAZl76YKgVFX7GRc+ObPvamBNH7ya30/EX0jmjv/oLYM0OWaFnRsu/KZ7pkeavkXypt+N/E5UECUNAGCjFVCd1mBtViiJ8f6FGNo/Tl4MJexrh/swgojM9KssV7rqlJTPD5P4wriGoLkh+3Eg==
+ns1.admin.net.		172800	IN	A	198.73.186.1
+ns2.admin.net.		172800	IN	A	108.61.25.122
+ns2.admin.net.		172800	IN	AAAA	2001:19f0:300:1007:0:0:0:cafe
+ns3.admin.net.		172800	IN	A	87.98.180.44
+ns3.admin.net.		172800	IN	AAAA	2001:41d0:2:8adf:0:0:0:2
+ns4.admin.net.		172800	IN	A	103.25.58.26
+ns4.admin.net.		172800	IN	AAAA	2406:d501:0:0:0:0:47e3:2a7c
+ns5.admin.net.		172800	IN	A	188.165.33.42
+ns5.admin.net.		172800	IN	AAAA	2001:41d0:8:5c79:0:0:0:3
+ns-bi.afrinic.net.	172800	IN	A	196.216.168.23
+ns-bi.afrinic.net.	172800	IN	AAAA	2001:43f8:120:0:0:0:0:23
+ns-bj.afrinic.net.	172800	IN	A	196.216.168.33
+ns-bj.afrinic.net.	172800	IN	AAAA	2001:43f8:120:0:0:0:0:33
+ns-bw.afrinic.net.	172800	IN	A	196.216.168.72
+ns-bw.afrinic.net.	172800	IN	AAAA	2001:43f8:120:0:0:0:0:72
+ns-ci.afrinic.net.	172800	IN	A	196.216.168.30
+ns-ci.afrinic.net.	172800	IN	AAAA	2001:43f8:120:0:0:0:0:30
+ns-dz.afrinic.net.	172800	IN	A	196.216.168.36
+ns-dz.afrinic.net.	172800	IN	AAAA	2001:43f8:120:0:0:0:0:36
+ns-gm.afrinic.net.	172800	IN	A	196.216.168.29
+ns-gm.afrinic.net.	172800	IN	AAAA	2001:43f8:120:0:0:0:0:29
+ns-gn.afrinic.net.	172800	IN	A	196.216.168.49
+ns-gn.afrinic.net.	172800	IN	AAAA	2001:43f8:120:0:0:0:0:49
+ns-ke.afrinic.net.	172800	IN	A	196.216.168.22
+ns-ke.afrinic.net.	172800	IN	AAAA	2001:43f8:120:0:0:0:0:22
+ns-km.afrinic.net.	172800	IN	A	196.216.168.46
+ns-km.afrinic.net.	172800	IN	AAAA	2001:43f8:120:0:0:0:0:46
+ns-lr.afrinic.net.	172800	IN	A	196.216.168.61
+ns-lr.afrinic.net.	172800	IN	AAAA	2001:43f8:120:0:0:0:0:61
+ns-ls.afrinic.net.	172800	IN	A	196.216.168.70
+ns-ls.afrinic.net.	172800	IN	AAAA	2001:43f8:120:0:0:0:0:70
+ns-ly.afrinic.net.	172800	IN	A	196.216.168.24
+ns-ly.afrinic.net.	172800	IN	AAAA	2001:43f8:120:0:0:0:0:24
+ns-mg.afrinic.net.	172800	IN	A	196.216.168.35
+ns-mg.afrinic.net.	172800	IN	AAAA	2001:43f8:120:0:0:0:0:35
+ns-mr.afrinic.net.	172800	IN	A	196.216.168.53
+ns-mr.afrinic.net.	172800	IN	AAAA	2001:43f8:120:0:0:0:0:53
+ns-mz.afrinic.net.	172800	IN	A	196.216.168.40
+ns-mz.afrinic.net.	172800	IN	AAAA	2001:43f8:120:0:0:0:0:40
+ns-ne.afrinic.net.	172800	IN	A	196.216.168.45
+ns-ne.afrinic.net.	172800	IN	AAAA	2001:43f8:120:0:0:0:0:45
+ns-rw.afrinic.net.	172800	IN	A	196.216.168.28
+ns-rw.afrinic.net.	172800	IN	AAAA	2001:43f8:120:0:0:0:0:28
+ns-sd.afrinic.net.	172800	IN	A	196.216.168.26
+ns-sd.afrinic.net.	172800	IN	AAAA	2001:43f8:120:0:0:0:0:26
+ns-ss.afrinic.net.	172800	IN	A	196.216.168.27
+ns-ss.afrinic.net.	172800	IN	AAAA	2001:43f8:120:0:0:0:0:27
+ns-td.afrinic.net.	172800	IN	A	196.216.168.31
+ns-td.afrinic.net.	172800	IN	AAAA	2001:43f8:120:0:0:0:0:31
+ns-tn.afrinic.net.	172800	IN	A	196.216.168.25
+ns-tn.afrinic.net.	172800	IN	AAAA	2001:43f8:120:0:0:0:0:25
+ns-ug.afrinic.net.	172800	IN	A	196.216.168.42
+ns-ug.afrinic.net.	172800	IN	AAAA	2001:43f8:120:0:0:0:0:42
+ns-zm.afrinic.net.	172800	IN	A	196.216.168.44
+ns-zm.afrinic.net.	172800	IN	AAAA	2001:43f8:120:0:0:0:0:44
+ns1.aland.net.		172800	IN	A	194.112.0.1
+ns2.aland.net.		172800	IN	A	194.112.0.5
+ns-cdn.amnic.net.	172800	IN	A	194.0.1.26
+ns-cdn.amnic.net.	172800	IN	AAAA	2001:678:4:0:0:0:0:1a
+ns-pch.amnic.net.	172800	IN	A	204.61.216.96
+ns-pch.amnic.net.	172800	IN	AAAA	2001:500:14:6096:ad:0:0:1
+etld-1.anycast.net.	172800	IN	A	45.54.45.54
+etld-1.anycast.net.	172800	IN	AAAA	2607:f740:45:0:0:0:0:54
+anytld.apnic.net.	172800	IN	A	202.12.31.53
+anytld.apnic.net.	172800	IN	AAAA	2001:dd8:12:0:0:0:0:53
+ns4.apnic.net.		172800	IN	A	202.12.31.53
+ns4.apnic.net.		172800	IN	AAAA	2001:dd8:12:0:0:0:0:53
+dns-st.bahnhof.net.	172800	IN	A	79.136.119.20
+dns-st.bahnhof.net.	172800	IN	AAAA	2001:9b0:1:601:250:56ff:feb7:46
+ns1.bahnhof.net.	172800	IN	A	195.178.160.2
+ns1.bahnhof.net.	172800	IN	AAAA	2001:9b0:1:104:250:56ff:feb7:5c51
+nabil.beirutix.net.	172800	IN	A	185.91.97.18
+nabil.beirutix.net.	172800	IN	AAAA	2a05:e380:2:4:0:0:0:2
+ns17.cdns.net.		172800	IN	A	194.0.1.17
+ns17.cdns.net.		172800	IN	AAAA	2001:678:4:0:0:0:0:11
+ns34.cdns.net.		172800	IN	A	194.0.1.34
+ns34.cdns.net.		172800	IN	AAAA	2001:678:4:0:0:0:0:22
+ns36.cdns.net.		172800	IN	A	194.0.1.36
+ns36.cdns.net.		172800	IN	AAAA	2001:678:4:0:0:0:0:24
+ns.cernet.net.		172800	IN	A	202.112.0.44
+e.ci-servers.net.	172800	IN	A	204.61.216.74
+e.ci-servers.net.	172800	IN	AAAA	2001:500:14:6074:ad:0:0:1
+lk.communitydns.net.	172800	IN	A	194.0.1.27
+ph.communitydns.net.	172800	IN	A	194.0.1.23
+ph.communitydns.net.	172800	IN	AAAA	2001:678:4:0:0:0:0:17
+l.de.net.		172800	IN	A	77.67.63.105
+l.de.net.		172800	IN	AAAA	2001:668:1f:11:0:0:0:105
+n.de.net.		172800	IN	A	194.146.107.6
+n.de.net.		172800	IN	AAAA	2001:67c:1011:1:0:0:0:53
+s.de.net.		172800	IN	A	195.243.137.26
+s.de.net.		172800	IN	AAAA	2003:8:14:0:0:0:0:53
+dns-fr.dnsafrica.net.	172800	IN	A	151.80.35.161
+dns-za.dnsafrica.net.	172800	IN	A	41.185.30.170
+anyc.dnsnode.net.	172800	IN	A	194.58.198.135
+anyc.dnsnode.net.	172800	IN	AAAA	2a01:3f1:3032:8001:0:0:0:135
+cl1.dnsnode.net.	172800	IN	A	194.146.106.34
+cl1.dnsnode.net.	172800	IN	AAAA	2001:67c:1010:8:0:0:0:53
+coza1.dnsnode.net.	172800	IN	A	194.146.106.74
+coza1.dnsnode.net.	172800	IN	AAAA	2001:67c:1010:18:0:0:0:53
+pe1.dnsnode.net.	172800	IN	A	194.146.106.82
+pe1.dnsnode.net.	172800	IN	AAAA	2001:67c:1010:20:0:0:0:53
+fork.sth.dnsnode.net.	172800	IN	A	77.72.229.254
+fork.sth.dnsnode.net.	172800	IN	AAAA	2a01:3f0:0:306:0:0:0:53
+za1.dnsnode.net.	172800	IN	A	194.146.106.78
+za1.dnsnode.net.	172800	IN	AAAA	2001:67c:1010:19:0:0:0:53
+a.edu-servers.net.	172800	IN	A	192.5.6.30
+a.edu-servers.net.	172800	IN	AAAA	2001:503:a83e:0:0:0:2:30
+b.edu-servers.net.	172800	IN	A	192.33.14.30
+b.edu-servers.net.	172800	IN	AAAA	2001:503:231d:0:0:0:2:30
+c.edu-servers.net.	172800	IN	A	192.26.92.30
+c.edu-servers.net.	172800	IN	AAAA	2001:503:83eb:0:0:0:0:30
+d.edu-servers.net.	172800	IN	A	192.31.80.30
+d.edu-servers.net.	172800	IN	AAAA	2001:500:856e:0:0:0:0:30
+e.edu-servers.net.	172800	IN	A	192.12.94.30
+e.edu-servers.net.	172800	IN	AAAA	2001:502:1ca1:0:0:0:0:30
+f.edu-servers.net.	172800	IN	A	192.35.51.30
+f.edu-servers.net.	172800	IN	AAAA	2001:503:d414:0:0:0:0:30
+g.edu-servers.net.	172800	IN	A	192.42.93.30
+g.edu-servers.net.	172800	IN	AAAA	2001:503:eea3:0:0:0:0:30
+h.edu-servers.net.	172800	IN	A	192.54.112.30
+h.edu-servers.net.	172800	IN	AAAA	2001:502:8cc:0:0:0:0:30
+i.edu-servers.net.	172800	IN	A	192.43.172.30
+i.edu-servers.net.	172800	IN	AAAA	2001:503:39c1:0:0:0:0:30
+j.edu-servers.net.	172800	IN	A	192.48.79.30
+j.edu-servers.net.	172800	IN	AAAA	2001:502:7094:0:0:0:0:30
+k.edu-servers.net.	172800	IN	A	192.52.178.30
+k.edu-servers.net.	172800	IN	AAAA	2001:503:d2d:0:0:0:0:30
+l.edu-servers.net.	172800	IN	A	192.41.162.30
+l.edu-servers.net.	172800	IN	AAAA	2001:500:d937:0:0:0:0:30
+m.edu-servers.net.	172800	IN	A	192.55.83.30
+m.edu-servers.net.	172800	IN	AAAA	2001:501:b1f9:0:0:0:0:30
+b.dns.flexireg.net.	172800	IN	A	195.253.64.6
+b.dns.flexireg.net.	172800	IN	AAAA	2a01:5b0:4:0:0:0:0:6
+a.xn--node.globalanycastcloud.freenom.net.	172800	IN	A	185.21.168.36
+a.xn--node.globalanycastcloud.freenom.net.	172800	IN	AAAA	2a04:1b00:8:0:0:0:0:4
+b.xn--node.globalanycastcloud.freenom.net.	172800	IN	A	185.21.169.36
+b.xn--node.globalanycastcloud.freenom.net.	172800	IN	AAAA	2a04:1b00:9:0:0:0:0:4
+c.xn--node.globalanycastcloud.freenom.net.	172800	IN	A	185.21.170.36
+c.xn--node.globalanycastcloud.freenom.net.	172800	IN	AAAA	2a04:1b00:a:0:0:0:0:4
+d.xn--node.globalanycastcloud.freenom.net.	172800	IN	A	185.21.171.36
+d.xn--node.globalanycastcloud.freenom.net.	172800	IN	AAAA	2a04:1b00:b:0:0:0:0:4
+ns2.gip.net.		172800	IN	A	204.59.1.222
+a.gmoregistry.net.	172800	IN	A	37.209.192.4
+a.gmoregistry.net.	172800	IN	AAAA	2001:dcd:1:0:0:0:0:4
+b.gmoregistry.net.	172800	IN	A	37.209.194.4
+b.gmoregistry.net.	172800	IN	AAAA	2001:dcd:2:0:0:0:0:4
+k.gmoregistry.net.	172800	IN	A	37.209.196.4
+l.gmoregistry.net.	172800	IN	A	37.209.198.4
+l.gmoregistry.net.	172800	IN	AAAA	2001:dcd:4:0:0:0:0:4
+a.gov-servers.net.	172800	IN	A	69.36.157.30
+a.gov-servers.net.	172800	IN	AAAA	2001:500:4431:0:0:0:2:30
+b.gov-servers.net.	172800	IN	A	209.112.123.30
+b.gov-servers.net.	172800	IN	AAAA	2620:74:27:0:0:0:2:30
+c.gov-servers.net.	172800	IN	A	69.36.153.30
+c.gov-servers.net.	172800	IN	AAAA	2620:74:28:0:0:0:2:30
+d.gov-servers.net.	172800	IN	A	81.19.194.30
+d.gov-servers.net.	172800	IN	AAAA	2620:74:29:0:0:0:2:30
+a.gtld-servers.net.	172800	IN	A	192.5.6.30
+a.gtld-servers.net.	172800	IN	AAAA	2001:503:a83e:0:0:0:2:30
+b.gtld-servers.net.	172800	IN	A	192.33.14.30
+b.gtld-servers.net.	172800	IN	AAAA	2001:503:231d:0:0:0:2:30
+c.gtld-servers.net.	172800	IN	A	192.26.92.30
+c.gtld-servers.net.	172800	IN	AAAA	2001:503:83eb:0:0:0:0:30
+d.gtld-servers.net.	172800	IN	A	192.31.80.30
+d.gtld-servers.net.	172800	IN	AAAA	2001:500:856e:0:0:0:0:30
+e.gtld-servers.net.	172800	IN	A	192.12.94.30
+e.gtld-servers.net.	172800	IN	AAAA	2001:502:1ca1:0:0:0:0:30
+f.gtld-servers.net.	172800	IN	A	192.35.51.30
+f.gtld-servers.net.	172800	IN	AAAA	2001:503:d414:0:0:0:0:30
+g.gtld-servers.net.	172800	IN	A	192.42.93.30
+g.gtld-servers.net.	172800	IN	AAAA	2001:503:eea3:0:0:0:0:30
+h.gtld-servers.net.	172800	IN	A	192.54.112.30
+h.gtld-servers.net.	172800	IN	AAAA	2001:502:8cc:0:0:0:0:30
+i.gtld-servers.net.	172800	IN	A	192.43.172.30
+i.gtld-servers.net.	172800	IN	AAAA	2001:503:39c1:0:0:0:0:30
+j.gtld-servers.net.	172800	IN	A	192.48.79.30
+j.gtld-servers.net.	172800	IN	AAAA	2001:502:7094:0:0:0:0:30
+k.gtld-servers.net.	172800	IN	A	192.52.178.30
+k.gtld-servers.net.	172800	IN	AAAA	2001:503:d2d:0:0:0:0:30
+l.gtld-servers.net.	172800	IN	A	192.41.162.30
+l.gtld-servers.net.	172800	IN	AAAA	2001:500:d937:0:0:0:0:30
+m.gtld-servers.net.	172800	IN	A	192.55.83.30
+m.gtld-servers.net.	172800	IN	AAAA	2001:501:b1f9:0:0:0:0:30
+x.iana-servers.net.	172800	IN	A	199.43.135.53
+x.iana-servers.net.	172800	IN	AAAA	2001:500:8f:0:0:0:0:53
+y.iana-servers.net.	172800	IN	A	199.43.133.53
+y.iana-servers.net.	172800	IN	AAAA	2001:500:8d:0:0:0:0:53
+z.iana-servers.net.	172800	IN	A	199.43.134.53
+z.iana-servers.net.	172800	IN	AAAA	2001:500:8e:0:0:0:0:53
+anyc1.irondns.net.	172800	IN	A	195.253.64.4
+anyc1.irondns.net.	172800	IN	AAAA	2a01:5b0:4:0:0:0:0:4
+anyc2.irondns.net.	172800	IN	A	195.253.64.7
+anyc2.irondns.net.	172800	IN	AAAA	2a01:5b0:4:0:0:0:0:7
+anycast1.irondns.net.	172800	IN	A	195.253.64.5
+anycast1.irondns.net.	172800	IN	AAAA	2a01:5b0:4:0:0:0:0:5
+anycast10.irondns.net.	172800	IN	A	195.253.64.12
+anycast10.irondns.net.	172800	IN	AAAA	2a01:5b0:4:0:0:0:0:c
+anycast23.irondns.net.	172800	IN	A	195.253.65.11
+anycast23.irondns.net.	172800	IN	AAAA	2a01:5b0:5:0:0:0:0:b
+anycast24.irondns.net.	172800	IN	A	195.253.65.12
+anycast24.irondns.net.	172800	IN	AAAA	2a01:5b0:5:0:0:0:0:c
+anycast9.irondns.net.	172800	IN	A	195.253.64.11
+anycast9.irondns.net.	172800	IN	AAAA	2a01:5b0:4:0:0:0:0:b
+ns0.ja.net.		172800	IN	A	128.86.1.20
+ns0.ja.net.		172800	IN	A	193.63.94.20
+ns0.ja.net.		172800	IN	AAAA	2001:630:0:8:0:0:0:14
+ns0.ja.net.		172800	IN	AAAA	2001:630:0:9:0:0:0:14
+ns4.ja.net.		172800	IN	A	193.62.157.66
+ns4.ja.net.		172800	IN	AAAA	2001:630:0:47:0:0:0:42
+ns1.liquidtelecom.net.	172800	IN	A	5.11.11.1
+ns1.liquidtelecom.net.	172800	IN	AAAA	2c0f:fe40:0:0:5:11:11:1
+ns2.liquidtelecom.net.	172800	IN	A	5.11.11.10
+ns2.liquidtelecom.net.	172800	IN	AAAA	2c0f:fe40:0:0:5:11:11:10
+dns.lttnet.net.		172800	IN	A	62.240.36.9
+dns1.lttnet.net.	172800	IN	A	62.68.42.9
+ns1-fr.mediaserv.net.	172800	IN	A	185.56.51.194
+ns1-gp.mediaserv.net.	172800	IN	A	213.188.172.1
+ns1-mq.mediaserv.net.	172800	IN	A	213.16.20.3
+server.nordu.net.	172800	IN	A	193.10.252.19
+server.nordu.net.	172800	IN	AAAA	2001:948:4:2:0:0:0:19
+ns.ntamar.net.		172800	IN	A	117.103.88.33
+vps443605.ovh.net.	172800	IN	A	37.59.106.21
+bd-ns.anycast.pch.net.	172800	IN	A	204.61.216.108
+bd-ns.anycast.pch.net.	172800	IN	AAAA	2001:500:14:6108:ad:0:0:1
+bn-ns.anycast.pch.net.	172800	IN	A	204.61.216.87
+bn-ns.anycast.pch.net.	172800	IN	AAAA	2001:500:14:6087:ad:0:0:1
+cl-ns.anycast.pch.net.	172800	IN	A	204.61.216.30
+cl-ns.anycast.pch.net.	172800	IN	AAAA	2001:500:14:6030:ad:0:0:1
+cy-ns.anycast.pch.net.	172800	IN	A	204.61.216.44
+cy-ns.anycast.pch.net.	172800	IN	AAAA	2001:500:14:6044:ad:0:0:1
+gy-ns.anycast.pch.net.	172800	IN	A	204.61.216.34
+gy-ns.anycast.pch.net.	172800	IN	AAAA	2001:500:14:6034:ad:0:0:1
+ls-ns.anycast.pch.net.	172800	IN	A	204.61.216.28
+ls-ns.anycast.pch.net.	172800	IN	AAAA	2001:500:14:6028:ad:0:0:1
+ms-ns.anycast.pch.net.	172800	IN	A	204.61.216.33
+ms-ns.anycast.pch.net.	172800	IN	AAAA	2001:500:14:6033:ad:0:0:1
+mv-ns.anycast.pch.net.	172800	IN	A	204.61.216.24
+na-ns.anycast.pch.net.	172800	IN	A	204.61.216.35
+na-ns.anycast.pch.net.	172800	IN	AAAA	2001:500:14:6035:ad:0:0:1
+xn--node.ns.anycast.pch.net.	172800	IN	A	204.61.216.88
+xn--node.ns.anycast.pch.net.	172800	IN	AAAA	2001:500:14:6088:ad:0:0:1
+ps-ns.anycast.pch.net.	172800	IN	A	204.61.216.29
+ps-ns.anycast.pch.net.	172800	IN	AAAA	2001:500:14:6029:ad:0:0:1
+za-ns.anycast.pch.net.	172800	IN	A	204.61.216.55
+za-ns.anycast.pch.net.	172800	IN	AAAA	2001:500:14:6055:ad:0:0:1
+zw-ns.anycast.pch.net.	172800	IN	A	204.61.216.128
+zw-ns.anycast.pch.net.	172800	IN	AAAA	2001:500:14:6128:ad:0:0:1
+anyns.pch.net.		172800	IN	A	204.61.216.4
+anyns.pch.net.		172800	IN	AAAA	2001:500:14:6004:ad:0:0:1
+cat.pch.net.		172800	IN	A	204.61.216.20
+cat.pch.net.		172800	IN	AAAA	2001:500:14:6020:ad:0:0:1
+nic.lk-anycast.pch.net.	172800	IN	A	204.61.216.27
+ns1-gn.pch.net.		172800	IN	A	204.61.216.147
+ns1-gn.pch.net.		172800	IN	AAAA	2001:500:14:6147:ad:0:0:1
+ns15.rcode0.net.	172800	IN	A	194.0.25.15
+ns15.rcode0.net.	172800	IN	AAAA	2001:678:20:0:0:0:0:15
+ns31.rcode0.net.	172800	IN	A	194.0.25.31
+ns31.rcode0.net.	172800	IN	AAAA	2001:678:20:0:0:0:0:31
+ad.cctld.authdns.ripe.net.	172800	IN	A	193.0.9.53
+ad.cctld.authdns.ripe.net.	172800	IN	AAAA	2001:67c:e0:0:0:0:0:53
+ar.cctld.authdns.ripe.net.	172800	IN	A	193.0.9.59
+ar.cctld.authdns.ripe.net.	172800	IN	AAAA	2001:67c:e0:0:0:0:0:59
+bi.cctld.authdns.ripe.net.	172800	IN	A	193.0.9.62
+bi.cctld.authdns.ripe.net.	172800	IN	AAAA	2001:67c:e0:0:0:0:0:62
+cu.cctld.authdns.ripe.net.	172800	IN	A	193.0.9.70
+cu.cctld.authdns.ripe.net.	172800	IN	AAAA	2001:67c:e0:0:0:0:0:70
+cw.cctld.authdns.ripe.net.	172800	IN	A	193.0.9.86
+cw.cctld.authdns.ripe.net.	172800	IN	AAAA	2001:67c:e0:0:0:0:0:86
+er.cctld.authdns.ripe.net.	172800	IN	A	193.0.9.72
+er.cctld.authdns.ripe.net.	172800	IN	AAAA	2001:67c:e0:0:0:0:0:72
+gp.cctld.authdns.ripe.net.	172800	IN	A	193.0.9.76
+gp.cctld.authdns.ripe.net.	172800	IN	AAAA	2001:67c:e0:0:0:0:0:76
+gu.cctld.authdns.ripe.net.	172800	IN	A	193.0.9.78
+gu.cctld.authdns.ripe.net.	172800	IN	AAAA	2001:67c:e0:0:0:0:0:78
+iq.cctld.authdns.ripe.net.	172800	IN	A	193.0.9.81
+iq.cctld.authdns.ripe.net.	172800	IN	AAAA	2001:67c:e0:0:0:0:0:81
+jm.cctld.authdns.ripe.net.	172800	IN	A	193.0.9.82
+jm.cctld.authdns.ripe.net.	172800	IN	AAAA	2001:67c:e0:0:0:0:0:82
+jo.cctld.authdns.ripe.net.	172800	IN	A	193.0.9.83
+jo.cctld.authdns.ripe.net.	172800	IN	AAAA	2001:67c:e0:0:0:0:0:83
+kg.cctld.authdns.ripe.net.	172800	IN	A	193.0.9.84
+kg.cctld.authdns.ripe.net.	172800	IN	AAAA	2001:67c:e0:0:0:0:0:84
+mc.cctld.authdns.ripe.net.	172800	IN	A	193.0.9.92
+mw.cctld.authdns.ripe.net.	172800	IN	A	193.0.9.99
+mw.cctld.authdns.ripe.net.	172800	IN	AAAA	2001:67c:e0:0:0:0:0:99
+nc.cctld.authdns.ripe.net.	172800	IN	A	193.0.9.100
+nc.cctld.authdns.ripe.net.	172800	IN	AAAA	2001:67c:e0:0:0:0:0:100
+ne.cctld.authdns.ripe.net.	172800	IN	A	193.0.9.101
+ne.cctld.authdns.ripe.net.	172800	IN	AAAA	2001:67c:e0:0:0:0:0:101
+np.cctld.authdns.ripe.net.	172800	IN	A	193.0.9.102
+np.cctld.authdns.ripe.net.	172800	IN	AAAA	2001:67c:e0:0:0:0:0:102
+ps.cctld.authdns.ripe.net.	172800	IN	A	193.0.9.105
+ps.cctld.authdns.ripe.net.	172800	IN	AAAA	2001:67c:e0:0:0:0:0:105
+sd.cctld.authdns.ripe.net.	172800	IN	A	193.0.9.109
+sd.cctld.authdns.ripe.net.	172800	IN	AAAA	2001:67c:e0:0:0:0:0:109
+sm.cctld.authdns.ripe.net.	172800	IN	A	193.0.9.110
+sm.cctld.authdns.ripe.net.	172800	IN	AAAA	2001:67c:e0:0:0:0:0:110
+sn.cctld.authdns.ripe.net.	172800	IN	A	193.0.9.111
+sn.cctld.authdns.ripe.net.	172800	IN	AAAA	2001:67c:e0:0:0:0:0:111
+sy.cctld.authdns.ripe.net.	172800	IN	A	193.0.9.113
+sy.cctld.authdns.ripe.net.	172800	IN	AAAA	2001:67c:e0:0:0:0:0:113
+sz.cctld.authdns.ripe.net.	172800	IN	A	193.0.9.114
+sz.cctld.authdns.ripe.net.	172800	IN	AAAA	2001:67c:e0:0:0:0:0:114
+tj.cctld.authdns.ripe.net.	172800	IN	A	193.0.9.117
+tj.cctld.authdns.ripe.net.	172800	IN	AAAA	2001:67c:e0:0:0:0:0:117
+ug.cctld.authdns.ripe.net.	172800	IN	A	193.0.9.52
+ug.cctld.authdns.ripe.net.	172800	IN	AAAA	2001:67c:e0:0:0:0:0:52
+va.cctld.authdns.ripe.net.	172800	IN	A	193.0.9.123
+va.cctld.authdns.ripe.net.	172800	IN	AAAA	2001:67c:e0:0:0:0:0:123
+sec2.authdns.ripe.net.	172800	IN	A	193.0.9.4
+sec2.authdns.ripe.net.	172800	IN	AAAA	2001:67c:e0:0:0:0:0:4
+a.dns.ripn.net.		172800	IN	A	193.232.128.6
+a.dns.ripn.net.		172800	IN	AAAA	2001:678:17:0:193:232:128:6
+b.dns.ripn.net.		172800	IN	A	194.85.252.62
+b.dns.ripn.net.		172800	IN	AAAA	2001:678:16:0:194:85:252:62
+d.dns.ripn.net.		172800	IN	A	194.190.124.17
+d.dns.ripn.net.		172800	IN	AAAA	2001:678:18:0:194:190:124:17
+e.dns.ripn.net.		172800	IN	A	193.232.142.17
+e.dns.ripn.net.		172800	IN	AAAA	2001:678:15:0:193:232:142:17
+f.dns.ripn.net.		172800	IN	A	193.232.156.17
+f.dns.ripn.net.		172800	IN	AAAA	2001:678:14:0:193:232:156:17
+a.root-servers.net.	518400	IN	A	198.41.0.4
+a.root-servers.net.	518400	IN	AAAA	2001:503:ba3e:0:0:0:2:30
+b.root-servers.net.	518400	IN	A	199.9.14.201
+b.root-servers.net.	518400	IN	AAAA	2001:500:200:0:0:0:0:b
+c.root-servers.net.	518400	IN	A	192.33.4.12
+c.root-servers.net.	518400	IN	AAAA	2001:500:2:0:0:0:0:c
+d.root-servers.net.	518400	IN	A	199.7.91.13
+d.root-servers.net.	518400	IN	AAAA	2001:500:2d:0:0:0:0:d
+e.root-servers.net.	518400	IN	A	192.203.230.10
+e.root-servers.net.	518400	IN	AAAA	2001:500:a8:0:0:0:0:e
+f.root-servers.net.	518400	IN	A	192.5.5.241
+f.root-servers.net.	518400	IN	AAAA	2001:500:2f:0:0:0:0:f
+g.root-servers.net.	518400	IN	A	192.112.36.4
+g.root-servers.net.	518400	IN	AAAA	2001:500:12:0:0:0:0:d0d
+h.root-servers.net.	518400	IN	A	198.97.190.53
+h.root-servers.net.	518400	IN	AAAA	2001:500:1:0:0:0:0:53
+i.root-servers.net.	518400	IN	A	192.36.148.17
+i.root-servers.net.	518400	IN	AAAA	2001:7fe:0:0:0:0:0:53
+j.root-servers.net.	518400	IN	A	192.58.128.30
+j.root-servers.net.	518400	IN	AAAA	2001:503:c27:0:0:0:2:30
+k.root-servers.net.	518400	IN	A	193.0.14.129
+k.root-servers.net.	518400	IN	AAAA	2001:7fd:0:0:0:0:0:1
+l.root-servers.net.	518400	IN	A	199.7.83.42
+l.root-servers.net.	518400	IN	AAAA	2001:500:9f:0:0:0:0:42
+m.root-servers.net.	518400	IN	A	202.12.27.33
+m.root-servers.net.	518400	IN	AAAA	2001:dc3:0:0:0:0:0:35
+ns-root-21.scpt-network.net.	172800	IN	A	102.68.62.15
+ns-root-22.scpt-network.net.	172800	IN	A	102.68.60.15
+ns-root-23.scpt-network.net.	172800	IN	A	161.97.87.130
+ns1.sr.net.		172800	IN	A	200.1.159.148
+ns2.sr.net.		172800	IN	A	200.2.162.30
+ns.thnic.net.		172800	IN	A	202.28.0.1
+ns01.trs-dns.net.	172800	IN	A	64.96.2.1
+ns.twnic.net.		172800	IN	A	192.83.166.11
+ns.twnic.net.		172800	IN	AAAA	2001:288:1:1006:0:0:0:11
+dns2.u-registry.net.	172800	IN	A	195.123.1.7
+ns1.uniregistry.net.	172800	IN	A	64.96.1.1
+ns1.uniregistry.net.	172800	IN	AAAA	2620:57:4000:1:0:0:0:1
+ns3.uniregistry.net.	172800	IN	A	185.159.197.3
+ns3.uniregistry.net.	172800	IN	AAAA	2620:10a:80aa:0:0:0:0:3
+ns5.uniregistry.net.	172800	IN	A	204.61.217.2
+ns5.uniregistry.net.	172800	IN	AAAA	2001:500:14:7002:ad:0:0:1
+ns.uu.net.		172800	IN	A	137.39.1.3
+auth00.ns.uu.net.	172800	IN	A	198.6.1.65
+auth02.ns.uu.net.	172800	IN	A	198.6.1.82
+auth100.ns.uu.net.	172800	IN	A	198.6.1.202
+auth110.ns.uu.net.	172800	IN	A	198.6.1.114
+auth61.ns.uu.net.	172800	IN	A	198.6.1.182
+netbank.		172800	IN	NS	a.nic.netbank.
+netbank.		172800	IN	NS	b.nic.netbank.
+netbank.		172800	IN	NS	c.nic.netbank.
+netbank.		172800	IN	NS	d.nic.netbank.
+netbank.		86400	IN	DS	61447 8 2 2E300D5E09BDD071679488D325666AF89182213D8AF2BD2D026C57F3FAB5895E
+netbank.		86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . Uk4DArjPK4nHq+yCcpKdw+kDdAhM9MI9zBRt8Hg4qcXWgvbqJSq9Bx1Xr8kEpjBjQxf1nc9mcrTXYeIOs5blotj32d2Qpi/BYFCgTtq/1OOlv2gQ9XBL27WIYJO979K9Kh2InnINAlAZPvxolJtwmXxwbcOrgeC54c+FuAYGKTXhKkkNE4PqJ7tnMvCWwsInKW19zTfS7xR9Bg9IsKUPCpQFiZkV0988ve/Bv255DTSZXuZj74uVUQcBdgXdtlH4UOpGnznrj/AVbUMJm+QA9xCk7dXXhINSOnAwwsWiDVwGSqPRF7kZFJSEmqQpKlJ3kAJ7fYCJL1NwUhgvG6swDg==
+netbank.		86400	IN	NSEC	netflix. NS DS RRSIG NSEC
+netbank.		86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . YvpF2dRbOO9jM0r++sti9I+xK4cpLzeYHEoeCiyIgNOtkErSZLrSbXN7dfxsKp+7Cblk4GWSbap8pdYqakdAqJ8j/7H7cLopyztmoy0OmrK00OMYyFlUNdog6mqxiNjTQpbsPjKyf2bPF/4OY6Z/ft28V+16eCsTpOCmb8MkATKZW2dOaHkKMIS8lDFqqSlSQ7dnKTzvZfESV4hhzr+jxaY8/pCDPYFqncxPlXsf8gR0Jdsq6MV8kJVrfVjbOHSzqBbrrE574b/8cYSVFAspN4XqRFrnDNgzuTwjTRwWTUaXC1DbyR0UM1vBd+IO4Qk/dRqbn4K8pyarGP2Px0ReFA==
+a.nic.netbank.		172800	IN	A	37.209.192.9
+a.nic.netbank.		172800	IN	AAAA	2001:dcd:1:0:0:0:0:9
+b.nic.netbank.		172800	IN	A	37.209.194.9
+b.nic.netbank.		172800	IN	AAAA	2001:dcd:2:0:0:0:0:9
+c.nic.netbank.		172800	IN	A	37.209.196.9
+c.nic.netbank.		172800	IN	AAAA	2001:dcd:3:0:0:0:0:9
+d.nic.netbank.		172800	IN	A	37.209.198.9
+d.nic.netbank.		172800	IN	AAAA	2001:dcd:4:0:0:0:0:9
+netflix.		172800	IN	NS	a.nic.netflix.
+netflix.		172800	IN	NS	b.nic.netflix.
+netflix.		172800	IN	NS	c.nic.netflix.
+netflix.		172800	IN	NS	ns4.dns.nic.netflix.
+netflix.		172800	IN	NS	ns5.dns.nic.netflix.
+netflix.		172800	IN	NS	ns6.dns.nic.netflix.
+netflix.		86400	IN	DS	27637 8 2 7ABA17BD5B87AA5D31CB611E0DFD4C67D926B6CFC68B8AECA58C468B104CC2E6
+netflix.		86400	IN	DS	35611 8 2 37BD4F2E02F06306F0C4EB146EBD289CF83B91824B1320A6332AAB7B14F33462
+netflix.		86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . iyKwxcUuK6u7jynwtkYt8zUfveZAWQpItq1HG5fg7houLKjgKvm4aODf2SHkD2PX1oN5qth9gnVEsbOApo1N5BU+ZL7QpoIuRw0gH15odm9S9XaPmRWRf7FNFAKRd8WoshAbLnzcKLfiqydql1cQZZLRKul7P+PTUMt3U2D9HEsLHeQxWsMphRxiNzt7cpRUNatE7OUgPW3Vu/sug9Eo0uqdxzvkvWG3dT42ac31eurjlPemY8Uhd0tVGLvuPZpRlfq5f5gE4Bt10zBt8oNeUOqlQf08oDsmNQzRPTOYGibUKByNv7XXkf9mrxzd2Wk55KO0fl5rQrOMCMjpfKdR4g==
+netflix.		86400	IN	NSEC	network. NS DS RRSIG NSEC
+netflix.		86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . GC/HZ+Qt4aLuxapn6j7JoqIaAy7LLTqLI/D7GwaSCSfivxiwnOLdLU4N4+MkCdk6QCemc/VRWfStPPk4ErrEsunmcAWViVnI/xQtOKlo4C1OetwFuf34XIoXNDn3HJ6UIdyr6n00q+6FpEKk4CrcnMOWI3JX0Hc8nyFtVc5arQAsE2SzVk5tdh+zSVNafiNd146J9WK3jeHe5GmPTBcl3VD7hp9PK+/fLKh8fTrdMjkBMzoRIK8zyvbK88qRuG+z2F7RkarH6Tv30gr9jsebk7Nbf8tqplybRp9gtiLDxi2WlCaJsjHtW94xpMQAGXNHwbVmQNUOst+vaR+cjSgq9w==
+a.nic.netflix.		172800	IN	A	37.209.192.9
+a.nic.netflix.		172800	IN	AAAA	2001:dcd:1:0:0:0:0:9
+b.nic.netflix.		172800	IN	A	37.209.194.9
+b.nic.netflix.		172800	IN	AAAA	2001:dcd:2:0:0:0:0:9
+c.nic.netflix.		172800	IN	A	37.209.196.9
+c.nic.netflix.		172800	IN	AAAA	2001:dcd:3:0:0:0:0:9
+ns4.dns.nic.netflix.	172800	IN	A	156.154.156.121
+ns4.dns.nic.netflix.	172800	IN	AAAA	2610:a1:1074:0:0:0:0:79
+ns5.dns.nic.netflix.	172800	IN	A	156.154.157.121
+ns5.dns.nic.netflix.	172800	IN	AAAA	2610:a1:1075:0:0:0:0:79
+ns6.dns.nic.netflix.	172800	IN	A	156.154.158.121
+ns6.dns.nic.netflix.	172800	IN	AAAA	2610:a1:1076:0:0:0:0:79
+network.		172800	IN	NS	v0n0.nic.network.
+network.		172800	IN	NS	v0n1.nic.network.
+network.		172800	IN	NS	v0n2.nic.network.
+network.		172800	IN	NS	v0n3.nic.network.
+network.		172800	IN	NS	v2n0.nic.network.
+network.		172800	IN	NS	v2n1.nic.network.
+network.		86400	IN	DS	40414 8 2 67BBAA0C822DACF7BAA5D8FAAC2591BDD7BF9A6A4189ECA26A61C25276744D2B
+network.		86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . t/Q1Odhoa5ijftkuqbDWhH6lGEPa20h533HlC6imESZrZC0clyXmS88oJfLA6OSkdPDxe5gRNYn4tN21CuRkl2YaTg8dqTpCzVmapwZuiw/VektBjK/z/hlxPVo3/dWAOYaKewT5NclWPf2pWFzDpW+E4Ocuyu0/6y5xReeZVMiPlKL0qmS6Qg79ffP/4Xv0OYPZoDSnuDJ+ImEDFs+5hX/XxKwNILwd/ELFUtDN7skklAO6zCd/cOu5q8T0vE2QYlLTLqCmu0uJox7fU+ANqV0VT6Kn3hSjji0BjYzhHR+GFyTa41qkcS2BryIRs2N3zHmSrSAooZR1pgMUoYLp7w==
+network.		86400	IN	NSEC	neustar. NS DS RRSIG NSEC
+network.		86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . KnHTZ0cz8Nc3XQgq6AJV2oJ9Q0OZ82lv+mMxaWDZeqGp/VdPcwq76DtF0gFlcMNs85hspiOX4kvYo7VTEQzU/6Kg1qd5YCPPE689MZukufZR8yjpOI+yFnH66IWzTzvJXf0P9u8mZYuJwn9q3m0BLp+6epso5d1QU15uU5DCHabsiS9MIHiIVs+zDtXmxXkTiLYu4SQZBXVbvIyufIOJua+YaeCLe2TDw4/k6huTTkgd0EJ9KiZ8qB2EauQsaYNr42cI5xJ7KLVrZnB/g7E78v8WGhbGupMEb+tWHsHD0xCEJ9eCEeS1DVg+91D585WH/F49Fgn1G3rHuA64yhcjDA==
+v0n0.nic.network.	172800	IN	A	65.22.32.36
+v0n0.nic.network.	172800	IN	AAAA	2a01:8840:22:0:0:0:0:36
+v0n1.nic.network.	172800	IN	A	65.22.33.36
+v0n1.nic.network.	172800	IN	AAAA	2a01:8840:23:0:0:0:0:36
+v0n2.nic.network.	172800	IN	A	65.22.34.36
+v0n2.nic.network.	172800	IN	AAAA	2a01:8840:24:0:0:0:0:36
+v0n3.nic.network.	172800	IN	A	161.232.16.36
+v0n3.nic.network.	172800	IN	AAAA	2a01:8840:fa:0:0:0:0:36
+v2n0.nic.network.	172800	IN	A	65.22.35.36
+v2n0.nic.network.	172800	IN	AAAA	2a01:8840:25:0:0:0:0:36
+v2n1.nic.network.	172800	IN	A	161.232.17.36
+v2n1.nic.network.	172800	IN	AAAA	2a01:8840:fb:0:0:0:0:36
+neustar.		172800	IN	NS	a.nic.neustar.
+neustar.		172800	IN	NS	b.nic.neustar.
+neustar.		172800	IN	NS	c.nic.neustar.
+neustar.		172800	IN	NS	ns4.dns.nic.neustar.
+neustar.		172800	IN	NS	ns5.dns.nic.neustar.
+neustar.		172800	IN	NS	ns6.dns.nic.neustar.
+neustar.		86400	IN	DS	32962 8 2 9BC1D8D086284962E03FA43AE37AC80F2D784218CEA1EF02B322220F5E15CAFE
+neustar.		86400	IN	DS	65215 8 2 AE5583BDFCF0307DF227FF8C2916527DA34D91C92D69835A87302B41D8284C7D
+neustar.		86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . AgIIutjaCEoooo1NW60lrckp6lQFcrXfK/U7ak/sNinJiXj+gKIIV76zCHUFrBDpPoGqPHNDZRUf+TmVgD+QbG6xemxq2VJGq+xIBrIlCgN6bQAnZgkQHUi6XzpupQGJLtsBOzmcqxqtGi8ifz56EIpmnuwqL1x/M9Vb+Uu7Hh+8OoSj0MytV/EOyOUFDUaubb/m1R4cerMGgcTPAMLybybPo0F3qmH1SGBJj7KckgoVIs+GDIPjICfF+KSPjSd1ueunsnznRFxqi+z7sXUkc44Ig/3sXpMxMwef12s4DBg5EQKVbLc49IO/+DmRD9udawXra3uteQCzSiemf01pkQ==
+neustar.		86400	IN	NSEC	new. NS DS RRSIG NSEC
+neustar.		86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . UMdF2ppZ4zNtLwlbagekEpZ5+eUi8w44yjHBn489J201O+ckK5H1n+WTwnEEYW0gg5GPBaQPUTi4YEMdgu5TV3W4igNy9JynbcsJNU1UAKGJW4FO3EsArDi5zae/HbpLjmMK5eY/GZQ6lWCVtZhoywUBkvczhoqOuERdOtb0AGt0YVuMCdSGWTjMFwaTf8/SRTyNS7oGW7OGjYTjVMl2F+fnInVMfA+GUZGmSvlWKKc803LG7l+cqKQuiPVhSTbTgNYA3q5Y5XCF/6XHTx51FOsZFtmizSr6kvVzn8Db5FcRq0s7QddQoxcYuwyscDy9Syko9U+qzIYfckIrNsFjwg==
+a.nic.neustar.		172800	IN	A	37.209.192.9
+a.nic.neustar.		172800	IN	AAAA	2001:dcd:1:0:0:0:0:9
+b.nic.neustar.		172800	IN	A	37.209.194.9
+b.nic.neustar.		172800	IN	AAAA	2001:dcd:2:0:0:0:0:9
+c.nic.neustar.		172800	IN	A	37.209.196.9
+c.nic.neustar.		172800	IN	AAAA	2001:dcd:3:0:0:0:0:9
+ns4.dns.nic.neustar.	172800	IN	A	199.7.67.250
+ns4.dns.nic.neustar.	172800	IN	AAAA	2001:502:100e:0:0:0:0:250
+ns5.dns.nic.neustar.	172800	IN	A	192.100.59.250
+ns5.dns.nic.neustar.	172800	IN	AAAA	2610:a1:1013:0:0:0:0:250
+ns6.dns.nic.neustar.	172800	IN	A	198.133.199.250
+ns6.dns.nic.neustar.	172800	IN	AAAA	2610:a1:1021:0:0:0:0:250
+new.			172800	IN	NS	ns-tld1.charlestonroadregistry.com.
+new.			172800	IN	NS	ns-tld2.charlestonroadregistry.com.
+new.			172800	IN	NS	ns-tld3.charlestonroadregistry.com.
+new.			172800	IN	NS	ns-tld4.charlestonroadregistry.com.
+new.			172800	IN	NS	ns-tld5.charlestonroadregistry.com.
+new.			86400	IN	DS	25687 8 2 E03B5113926012D4D23705257017F61B0154976B32947AD983F3693B8477653F
+new.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . VtJMyA9FKmxdrz+V8GSw0a8Ny7jQNeFr65yiFaCunqDD8EOsXAebpS1WkXdOPE3xIsZtHLr2KQ5JzCbbVom4J4hpS5rKRXZFhHCneGW1nZ9kH5Nur5dZsPlTrck5FSOTGwfoGpQV58C0Olqcz/vJfueKjq6Qd6zE7ZFvMICA07ZaflMkp0ng03qRcVGOSbRAsWB/sS47M0WRYmAsWiSgwXF36rspqwP+cHxp14s6q8VsDWB49bLFIYXcR4sZs47TuUM2sxLng4U+W+57Wv7/I4dvPq23Zq4FEMxtPCDchjrpJzsFTNxiVNU9ISXcY4kpgsoD4wpM7JENJ4A95gXKIQ==
+new.			86400	IN	NSEC	news. NS DS RRSIG NSEC
+new.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . QcSdFvCQVoH2VbmeQGF1vGZrF6n4tAUTFTwMDItrLeXS2B4wMd5x7jVJ19DQnpTFi2uw4hy+YRnqaW1HKVTRmbL19eqEXvtH0PqjP5Jlmz+qco00+QHC31fXRWXcbct7Okn8kAFaD5Yb7opqsa2tDqUxmEl/ay7OiBJVK3cuV4CWeSgJ0xZ/oHUwByqfW53wYwwznUt5MnzhUPBMm4w/X9mIm61jGyUHVp3wu5lwJdUQnj1oHLk/bS6NLjXkMnplleF8T6Q2UIjyHwBxZ9gbisApt36C3D+zcDwV3pmRIz+SuoavEEy/BDC+FAclWVolJhzW2IJLmqFg+JlxhD0weQ==
+news.			172800	IN	NS	v0n0.nic.news.
+news.			172800	IN	NS	v0n1.nic.news.
+news.			172800	IN	NS	v0n2.nic.news.
+news.			172800	IN	NS	v0n3.nic.news.
+news.			172800	IN	NS	v2n0.nic.news.
+news.			172800	IN	NS	v2n1.nic.news.
+news.			86400	IN	DS	39979 8 2 40C36D4B7AFF71B956ABBFD5710BB34DBDAB3F020D58CB613DA94FC359E63C36
+news.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . bvCuLX93iub5URc3BaiUjOvUIjrMIo06Rd2QbZ68seRFN8qTV2zIm/zq4MCS1HqFQZER66nFiVNTQkDQAUfaK64XzZGVv9jk/dCZtMfdL3eZlGdPMVlKO23ZlsLZjOaBN+n05AMoNkOwDjv91TRjqhmdmEY3uty+u/Fiy3OIplRbjXCPS4OfTQwQWbldAZXO1igE06On9LSIfcLyhqWm2TAJCX9ao/EOYs4bowfdpr0yzp7x0/MWZF6RsadOYETyengAFZeBpcrzFzATPnbsUW4E4UaRXP5w6SErQGkxsD0UnKMZjtni+UUCVkuIZd+Z0R6V/4TmSyKe5oHmc2udGQ==
+news.			86400	IN	NSEC	next. NS DS RRSIG NSEC
+news.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . mKqHo0b3lK0cjIEtL3wNptnfcRFpppypO3rn4kGG9g55kZj486yWxOTUqui3TgojX3zXdhmGfgTkoYw2mc34aEpBudCIufoyKMr1Ky1Wn3u7sGiQ5QLdePjzNeiANr81y98BjDayanm4keIC/4H4x0VRqO7nAgWMBas279bYCIUA5iL49T975LlpAi0WwfG1irnp8R6mrRnF+SuNBJQBDDc3gacGcQTP0LuBHdTEco0kgOj3izVOp9nw7KCSq321Isushe7Z63wQApnxQXKEvpnUXzSK/WRd0x6mUtc1gJluX0DLwCutRRjOCWQpYz2abhqECw7r7FObYfGKWaRP+w==
+v0n0.nic.news.		172800	IN	A	65.22.32.3
+v0n0.nic.news.		172800	IN	AAAA	2a01:8840:22:0:0:0:0:3
+v0n1.nic.news.		172800	IN	A	65.22.33.3
+v0n1.nic.news.		172800	IN	AAAA	2a01:8840:23:0:0:0:0:3
+v0n2.nic.news.		172800	IN	A	65.22.34.3
+v0n2.nic.news.		172800	IN	AAAA	2a01:8840:24:0:0:0:0:3
+v0n3.nic.news.		172800	IN	A	161.232.16.3
+v0n3.nic.news.		172800	IN	AAAA	2a01:8840:fa:0:0:0:0:3
+v2n0.nic.news.		172800	IN	A	65.22.35.3
+v2n0.nic.news.		172800	IN	AAAA	2a01:8840:25:0:0:0:0:3
+v2n1.nic.news.		172800	IN	A	161.232.17.3
+v2n1.nic.news.		172800	IN	AAAA	2a01:8840:fb:0:0:0:0:3
+next.			172800	IN	NS	a0.nic.next.
+next.			172800	IN	NS	a2.nic.next.
+next.			172800	IN	NS	b0.nic.next.
+next.			172800	IN	NS	c0.nic.next.
+next.			86400	IN	DS	39380 8 2 FD76F1A70049CC1383D9DA8CBE33917B5877152F2D976E1A0806CA79C00F4658
+next.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . XRfKPmeUhfFOuY0i1X6BFFb24onRJBfrf58a+IrDUKm/yklXbw6fmAIB3vfZUy16gZZlIYjBdVTDkVFKz+1cLXrKcZvAgVxm07JENlfSmRvaRozTEbsY7fOxJp1nI6lNST50yGxpyM1VmApUiCigPwScs2sgGGPDjEk9ITVasuc4ej+QAPF/UcL5xCiarBAHqHOSpx+F/vcLJponRLAjHy296ZmY5RES6tjFz8AyYBf3/5IDJ7t9DhkHFDSCgdVEp3q8aBvHL9AJFL5811viuYO2UcvD8X1AtujVl961ivIhftT27TCRdtMzkX5NJf9tg0gFxs8BJ7TY7xXVGh0JvQ==
+next.			86400	IN	NSEC	nextdirect. NS DS RRSIG NSEC
+next.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . rFehR0M6uafi3dWJi/eGruKgKf5FE0GvOiOWSSRCE8oxSjM82TWcCs9RgQ0xwRVFXqSdmYVBlbCLKY88LYwp9TXc05ji0T3hemVQt537CO4u8BBE42gqL0EoxsKlYA5k9j0sn+SZhkT2nKBlV8X2J+pRCsvmtvEfk9vlLfa4lZAbjNJMEeogWqLV/eAXWJsAQKu0uUCYNoaVcaF7lRmPieLfY6RDYgXMMr8zLgUdQHw1GNCPB1jqvO3hceyJlB/4EKT6ek6uMJScEAOTiIfw84y3QzCeaPiwu5spUOWczouhD8wxOEFgX+R9ljP4GhZyLcobK2XL50NKlMU7SR091w==
+a0.nic.next.		172800	IN	A	65.22.112.62
+a0.nic.next.		172800	IN	AAAA	2a01:8840:6e:0:0:0:0:62
+a2.nic.next.		172800	IN	A	65.22.115.62
+a2.nic.next.		172800	IN	AAAA	2a01:8840:71:0:0:0:0:62
+b0.nic.next.		172800	IN	A	65.22.113.62
+b0.nic.next.		172800	IN	AAAA	2a01:8840:6f:0:0:0:0:62
+c0.nic.next.		172800	IN	A	65.22.114.62
+c0.nic.next.		172800	IN	AAAA	2a01:8840:70:0:0:0:0:62
+nextdirect.		172800	IN	NS	a0.nic.nextdirect.
+nextdirect.		172800	IN	NS	a2.nic.nextdirect.
+nextdirect.		172800	IN	NS	b0.nic.nextdirect.
+nextdirect.		172800	IN	NS	c0.nic.nextdirect.
+nextdirect.		86400	IN	DS	56221 8 2 345DF818DFD28C7973070C5F0FCB467D1143C1ED05CB9F9837A3262ECCED4538
+nextdirect.		86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . wkyqquOthvblI7JGXJQuj3QIggfk2AaK91vjLbhFp02s7hOM++7CbciLf9UrhsPgNUcGRFTQGYMqpl8p29nrwLUEIekr7HDbt1mAJHvhezl5W46AK5yUE4bTwIs62oSxAQM6WCD+bVl/gEvWPE6mPieNAnhgqlgasNPqTaPsAd7sqeAoLCYMMGl8bq3Pe3Q3ZB744Fr9XxIqBR2wxme6QhnxdlAEl1NFrPolnraiU/V1MSHqCMmEY9RjPZ5Jk7eg7sxSoTub5WgyWXu2LeLrdBeS/S6LciQ8BtveGJl9z+seuDRH0Y6hJawsumNBUnIxsWlQeMzLBtBvE0Y/5HQ0kw==
+nextdirect.		86400	IN	NSEC	nexus. NS DS RRSIG NSEC
+nextdirect.		86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . OGsLltVj+za5Z7ehbOH0EnO0VqdNNF0zgpsSEnTXazjdTZANDQbP12FddkVlwERpvcbXoRknVyJ4FskPYjKcDYTzXbziYcKc+zsBXuev1BVTBsa3IoRyRdcNWHAMx0HbPOjWWRPOGk8v2s3075vZNxqD6Tlr3Ulx2Ml9q1/dsDs2ivZQZSy9Prx4v25QvoLzLcsJ/Xrj83k4sgwBK10z5Yb4pq49fy1YWwqehkObqnHgaS/2L05Jt1gmpgLEN76i6api1WnMHmtMrlT+4tGiSG+eQ3BUu/praY0eJKduxjHWDlRWz4Owk4E2cY5W5TJBV/7BzKou07lN6O1tD+ltJw==
+a0.nic.nextdirect.	172800	IN	A	65.22.112.63
+a0.nic.nextdirect.	172800	IN	AAAA	2a01:8840:6e:0:0:0:0:63
+a2.nic.nextdirect.	172800	IN	A	65.22.115.63
+a2.nic.nextdirect.	172800	IN	AAAA	2a01:8840:71:0:0:0:0:63
+b0.nic.nextdirect.	172800	IN	A	65.22.113.63
+b0.nic.nextdirect.	172800	IN	AAAA	2a01:8840:6f:0:0:0:0:63
+c0.nic.nextdirect.	172800	IN	A	65.22.114.63
+c0.nic.nextdirect.	172800	IN	AAAA	2a01:8840:70:0:0:0:0:63
+nexus.			172800	IN	NS	ns-tld1.charlestonroadregistry.com.
+nexus.			172800	IN	NS	ns-tld2.charlestonroadregistry.com.
+nexus.			172800	IN	NS	ns-tld3.charlestonroadregistry.com.
+nexus.			172800	IN	NS	ns-tld4.charlestonroadregistry.com.
+nexus.			172800	IN	NS	ns-tld5.charlestonroadregistry.com.
+nexus.			86400	IN	DS	30644 8 2 4FF9338887C833C3D51A1C002600A2E8799A8AF2DA1246A54E43EA25E574B9FF
+nexus.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . fCgnTi9WKfTBzQsjWut1x9eQ24Y2vTEHw9GuL6ozUAl72GoNgikgiISmPi9D+69TfIbYV6Qt82COEMCav8cYTCIiVDyQjd8DODCSP7xiDOqBhrWzFXsHBvhLSJ5ZRCVUBUMXZj+40c8cRfS08scinbqMD15UhKIdfmhiwcV6KAvhrClHeoWGw6QA7xWxzTd/ucnLepRmiv+SbHX+CjXSlxo/m0PLtg5527vobJFC+u+tNe8uL+NbgZ8Tyd5ikdD3QlmIwoz7pq6AWzOpfzFsmxXSiRDjFVjdNDNgv3cPysHNqqDXAIhlLFpsVfAo1HAC3HoOs/N9OnKZxiTyfa/qkw==
+nexus.			86400	IN	NSEC	nf. NS DS RRSIG NSEC
+nexus.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . PFclvWZ8PYWN89ggoLY/SKYBS03VzuCC/Taej518/8Rju7H4cL7I+LjGDPgkSY5zcEHdAuQTaQRx8pDExjgTBsPTPBmsO3tWCZ+uYV855qdQx3Z4+7sBvxIwCz7GOEKCQ+VW2DB2qf4fFWRZAQYBkzHUHgi+rZ4v/YOtJxp/7Mi1SEXpgV3y8pER9+yuDQNUhxyXwJgNUoaPr3gUB+hbF8JuitpMuBdObqn55kqB2Zf5yZ73EL9IggShXcRnfBQKXAxBlgKI33pkHB2LvV/ZqD3ibTfffvBdMl7LWlGZ1YmFul6JAwYbw9cnwRlWu85TUOQwONjMhqoAdzCNYrBfdw==
+nf.			172800	IN	NS	ns.anycast.nic.nf.
+nf.			172800	IN	NS	ns1.anycastdns.cz.
+nf.			172800	IN	NS	ns2.anycastdns.cz.
+nf.			86400	IN	DS	54236 8 2 DD87DD324E8360DEC8DAAF2DB771B8C52024D6CEFEB76F2B855E0FC3B8FDB7D7
+nf.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . dV9vlZnMVRY8pmPzqgfbbdeSmECHjbF2IrkrUZmULWZKiq9VSrt4ONVzQJKw4pkGstZMUQhC6iKqiPIKKYuKEHe166cQXQbi6AhErmkt396zqruuzGCMclLycb/V11FKKVWsVz8PaulcMhDhkKnoc2acpCrCxajmhpbhc4UMEo9R/SKydLMbnoCNO2X6RPX9cMQWVCdM2x/I5YSSAV0tV1PDAYataPkjUTO9GlZyYTZay6BOmLJ+WK6vl4lwZWyW4iiO8+edxWqSz3dL7wRap1pQGG0LTTT7gpjFJN+BVOBWtUmP1zU/MoQJOwAV1hpkSpcLjHQa27aJoaeswP6ysQ==
+nf.			86400	IN	NSEC	nfl. NS DS RRSIG NSEC
+nf.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . I/mD+XQyG68iropUj/i+aQDQreEfD16qJhecNgG12l+R9KsShHcE56KBeHHNO6ZGuCnvqQS/sf/bPz8SNGaOsB3h+aEthCe5dgDGv0/25c8fw0GdctGh/G3Xfh0XvTnzWRHiJgHlK4gIfQPTXBdBM3CarWCO3ocs/McspKbY/I+ZejZ4Qwzn/sh9YbBQwR6eNRySgGuK/RYQ8T4rwZeZoA09ax150IOjhNtoIKI1UkAEsVfH5ek30JQPz7y0d2AYWTcsVnb1METcod3Ext8ZsI/zVUeJSCsXw0A7LpzJLJiZdpvUxAMLrUqBg04PR4lL9RkOYhbctynoH0iS70tEcA==
+ns.anycast.nic.nf.	172800	IN	A	204.61.216.51
+ns.anycast.nic.nf.	172800	IN	AAAA	2001:500:14:6051:ad:0:0:1
+nfl.			172800	IN	NS	a.nic.nfl.
+nfl.			172800	IN	NS	b.nic.nfl.
+nfl.			172800	IN	NS	c.nic.nfl.
+nfl.			172800	IN	NS	ns4.dns.nic.nfl.
+nfl.			172800	IN	NS	ns5.dns.nic.nfl.
+nfl.			172800	IN	NS	ns6.dns.nic.nfl.
+nfl.			86400	IN	DS	7234 8 2 EC15A3B4D86192561C46BC1EBB72AA65BF5BF9C9D07A32EE736157EBADD447BB
+nfl.			86400	IN	DS	52009 8 2 4F703D96F3EB2E4621C5176905407CEAC4AEF4CFA8409791AFC2B20BDF4EFB2A
+nfl.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . U/6TKj7amh2MjNjVzn/O3Gd6AmP0G8ZwFNKkKCYpEDvdlu9ngssnxXvCoKT4D4RZah4J2J18rOzAdpYlftm1dTDiRs+Ws1ilW/RrUsELDUsQD6pwtM16RINlfnKTpzm/nPWSLtSZcwVzGk2R4rFTI9ciFSiApza2E4kLuaf1rZ7mGzuAlfxnHCkX7lR/p2nC/5YKrV6jrhVQXY54yN3VlfvYHjU8wli/OYZyOZwwzFA+z0qaXkt6qprZorYEabTGiF9/6a0bvRnfBDnRdYvfkMZmCcTAEF3aWzNoucqS8ImrEDbl2Bj9MLbWLV5xRJ9OA5RxAscAVQXoomaInBW/ow==
+nfl.			86400	IN	NSEC	ng. NS DS RRSIG NSEC
+nfl.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . GXfa51CgfKyyi2gIPli1ntN6sy073kfs0M0djDVmSzonnLq9/aKzi4ZkjNlzLv6wJokrbDoKMf2XHV4acoaS77R7YL8/skasIZir+z3E45mm7dScitcxE1vuTYBLjL0ZlR+EtkeDfu0JahVAVN/InPvZJVvLibjj4+6YLcz+V2/mD2jfX/8pB2e+F/K9lFekScs/++8feKTmi+J5jbkjV/ExlO2q4Gh5gSEGAeT6hkNFPPrGctWHXZkmuCi6viI0yQ6A8FaxWkejh/N8GY91M0nwXKlADUj2x98r5tDc/1vFKL2rTSQQYFqpsajusote5J6wprXclmwWMQVNkqfKYA==
+a.nic.nfl.		172800	IN	A	37.209.192.9
+a.nic.nfl.		172800	IN	AAAA	2001:dcd:1:0:0:0:0:9
+b.nic.nfl.		172800	IN	A	37.209.194.9
+b.nic.nfl.		172800	IN	AAAA	2001:dcd:2:0:0:0:0:9
+c.nic.nfl.		172800	IN	A	37.209.196.9
+c.nic.nfl.		172800	IN	AAAA	2001:dcd:3:0:0:0:0:9
+ns4.dns.nic.nfl.	172800	IN	A	156.154.156.122
+ns4.dns.nic.nfl.	172800	IN	AAAA	2610:a1:1074:0:0:0:0:7a
+ns5.dns.nic.nfl.	172800	IN	A	156.154.157.122
+ns5.dns.nic.nfl.	172800	IN	AAAA	2610:a1:1075:0:0:0:0:7a
+ns6.dns.nic.nfl.	172800	IN	A	156.154.158.122
+ns6.dns.nic.nfl.	172800	IN	AAAA	2610:a1:1076:0:0:0:0:7a
+ng.			172800	IN	NS	ns2.nic.net.ng.
+ng.			172800	IN	NS	ns3.nic.net.ng.
+ng.			172800	IN	NS	ns4.nic.net.ng.
+ng.			172800	IN	NS	ns5.nic.net.ng.
+ng.			172800	IN	NS	nsa.nic.net.ng.
+ng.			86400	IN	NSEC	ngo. NS RRSIG NSEC
+ng.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . cMEKgDAjARQL7VXlEY4v/ZOaWIBd+G5PMjv8CPoVHlTfC1ddn8MK83vEg52ElyFkdRdEfkDWnXUNVl/R4bTNeSHJpZ6iSFW7P5eTa3vsFekWcRgs1h1W8mLurYAA0WRiQExP9DGAT2vgwGrgbbYN9ImXyCf+HrkjJgYxaHlFKHf2QqrPqoVVgahtqESOhiiclCvU9TbbFXvk/DcQtHTKhR6TBB5DSFkNJj6WicDAutEp4GDktmFN3RsxJvjp62/pWKv9J3HKN28AquKdObrZYnl8Y30WoBRo+Vrm6ssoQ2OZ/5h/l3HLdJ43CrcVayBmt0ivRku1p2v05QhP+IUYgw==
+ns2.nic.net.ng.		172800	IN	A	204.61.216.40
+ns2.nic.net.ng.		172800	IN	AAAA	2001:500:14:6040:ad:0:0:1
+ns3.nic.net.ng.		172800	IN	A	185.38.108.108
+ns3.nic.net.ng.		172800	IN	AAAA	2a00:fea0:dead:0:0:0:0:beef
+ns4.nic.net.ng.		172800	IN	A	185.28.194.194
+ns5.nic.net.ng.		172800	IN	A	196.216.168.41
+ns5.nic.net.ng.		172800	IN	AAAA	2001:43f8:120:0:0:0:0:41
+nsa.nic.net.ng.		172800	IN	A	41.222.79.3
+ngo.			172800	IN	NS	a0.nic.ngo.
+ngo.			172800	IN	NS	a2.nic.ngo.
+ngo.			172800	IN	NS	b0.nic.ngo.
+ngo.			172800	IN	NS	b2.nic.ngo.
+ngo.			172800	IN	NS	c0.nic.ngo.
+ngo.			172800	IN	NS	d0.nic.ngo.
+ngo.			86400	IN	DS	23944 8 2 DFEC23291372BA32BC2BDE96F88A383373BE1C4BA7BCDB65D5E34F1607400F63
+ngo.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . XSjsScMBMmRMvOBqibuSwQBoiG6Zhsz4SizfYEMEV5/xTOCZp5ZkjvFVu5cKhU5Fokj7pR2YmDfgsH+3X+A77DP3FYd5y5TBt4ojjEfMUJ38vWnmXDcHUxOinYKLTXuqJnRZ3i4nx16doMlXxoqgd1eGHnvvDRaDU4RNkLxNewM9dfrLeZmv6i1cqrcMk5+0DZ4WU+sOgA26OfD81q280yluGW6kurB0uybzVIGLED0CobFm9SYbfaDwH7jgJSA5jiRVqsQnar9yRQLDGO/KVcNDdJ2Sm1oDv0cksoyxQESjJfj+lbbDh7JM2TKIQbHTaIBFYOjqOKuHZ1pqWJ1WNA==
+ngo.			86400	IN	NSEC	nhk. NS DS RRSIG NSEC
+ngo.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . Bohtffw/M2MRbqTPp7+Uc26YcfO/ejh07nMhBPMzzyX9xk7PpGcHARBSoFOv8tq4Q3q+txf4XIqV/M70/MWQ84l9TyYMw2C1+xkrQlI4plNI/uGBNd7hB9HVEc8t5uJzOMKAdKfkivZaqWxXxSMA7i6hasbxvI6dr9Zy4Dq3+JRB+57/eXIp3Ctz9VqNc/N0Y64xmfUa3N+5bwBXYUGuitN9ejtprApCrCT7rPi8DVukV/97XT/EUw9Y0labC/yu2xEBkYReVGuw44EX0R5faj05uyZv/9BKTLeRF3UNsO/pDY/7w3xxluSOj4WigLzABndyfbbdFMTx1i4FPtRI4w==
+a0.nic.ngo.		172800	IN	A	199.19.56.1
+a0.nic.ngo.		172800	IN	AAAA	2001:500:e:0:0:0:0:1
+a2.nic.ngo.		172800	IN	A	199.249.112.1
+a2.nic.ngo.		172800	IN	AAAA	2001:500:40:0:0:0:0:1
+b0.nic.ngo.		172800	IN	A	199.19.54.1
+b0.nic.ngo.		172800	IN	AAAA	2001:500:c:0:0:0:0:1
+b2.nic.ngo.		172800	IN	A	199.249.120.1
+b2.nic.ngo.		172800	IN	AAAA	2001:500:48:0:0:0:0:1
+c0.nic.ngo.		172800	IN	A	199.19.53.1
+c0.nic.ngo.		172800	IN	AAAA	2001:500:b:0:0:0:0:1
+d0.nic.ngo.		172800	IN	A	199.19.57.1
+d0.nic.ngo.		172800	IN	AAAA	2001:500:f:0:0:0:0:1
+nhk.			172800	IN	NS	a.gmoregistry.net.
+nhk.			172800	IN	NS	b.gmoregistry.net.
+nhk.			172800	IN	NS	k.gmoregistry.net.
+nhk.			172800	IN	NS	l.gmoregistry.net.
+nhk.			86400	IN	DS	26765 8 2 6E9C65A3131229436D4C649A5B32377024F1A8D74AE38DFBADDE3A007D00C6AE
+nhk.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . eCWyTo0SIjHbRCa5Cr5OtLUKN6cic9lEM6Rosdpv6/VOE+tQlQ7xQRbMBi5CNuMRSJAXYWT2HBNkZpWoa6gpB9iGT1Rn0Qanv+N42JHr5IPgLJmymSuoNYZcNn9SVyKvbAWDoPxa6OsQcP6Vsz//Wdc7oGm5KWenuXGg1Ccyl4eoI+1wvBBWvtfz94WGmoGq3yYNqGjm+SFWAYgf7f9Hsh4rdgHr0Iz5Z5bd5J850JOXRtegkvslLDihLMohe6452iafTzezrAqXddPWcZdTzjYGA9USdm+uN0a+xfHrOgGW1dyWu5qLwCsdYB+uB3posPL0NAZ0ajztoEEYL9Qt0A==
+nhk.			86400	IN	NSEC	ni. NS DS RRSIG NSEC
+nhk.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . XfxKjsJCed6e/UIL+/l3hvAd64yVaUBhFZdkKrvm0wu3bzzFe6LgOAJogapP9OGihKL7A7e19KUmGlUOToHVLFYtfCw7B7uXaWBYmGE8SFvAf+RgAr6QalHUN6czZfPzEmUQgDemhgG1gIE1ZVIL1XWcANp5CqRTE421D91Tj9W1uxKlDfzJ9MF2ijxZHvcRjqWGqw8pqXY4SUfXP71WvdLdfkJeP1uY/1yqOVDPn3E9xeRqsfMARWZLC2UizOVj9IEiAbZQERD7ZtYH6C2JeDPbECV21nZ5yTzdbqRAuvKhaQaBRd+VbxRrgGaNjy502+G1BKsfI1pICwH7/L3/Zg==
+ni.			172800	IN	NS	ns.ni.
+ni.			172800	IN	NS	ns.uu.net.
+ni.			172800	IN	NS	ns.ideay.net.ni.
+ni.			172800	IN	NS	ns2.ni.
+ni.			172800	IN	NS	ns3.ni.
+ni.			172800	IN	NS	dns-ext.nic.cr.
+ni.			86400	IN	NSEC	nico. NS RRSIG NSEC
+ni.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . ginRAbP7NWpbyjnYPKb00R0zjyfP88e5CNrpEBUzpc7PVDCYZEo5pHVLWOKjSVFSI+OxHXZWBw1wj0+shGNAjJ4ag+bDu/zY5nD0+SsPJ9w2krsoZ9edpHoUU3Pg8DHyEyzr0AKnmK7Gfos0Z6iu0FiSb5YA8cD0+Bi0VYJewxsbOskNmRKl9qzvbpV3gXc1PhPPePaJe74IxUuwgZwZmJCvW/bb8mFQlfmHS6Bm3pJCm8cez1oK1U5q2EaxNegHr5nuyqiQd8QfZ4tZ3NK7AtkkEVoKXxUCrzCsCj14iqR60PY2ZD3c4xOcuWs4oV2aL5Dy/1AJCwWIQ/TCYuQerA==
+ns.ideay.net.ni.	172800	IN	A	186.1.31.8
+ns.ni.			172800	IN	A	165.98.1.2
+ns2.ni.			172800	IN	A	200.9.187.2
+ns3.ni.			172800	IN	A	190.85.232.145
+nico.			172800	IN	NS	a.gmoregistry.net.
+nico.			172800	IN	NS	b.gmoregistry.net.
+nico.			172800	IN	NS	k.gmoregistry.net.
+nico.			172800	IN	NS	l.gmoregistry.net.
+nico.			86400	IN	DS	48460 8 2 3F35A47BF0B6846B18A619300C133843DE302C9606273A21A965F49DA2F23E0A
+nico.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . dxnReVm/t+raRQEvFzL37BQHkGlOKGBG9SUb88kaaVW4wQ3Mk5JsgorwuCNEdUk1PnI3m9MIMlC7CycyY53fxhr7nsvSZ6/huXyTcuRDuQhCJLEgvJuvGVJ64bpI/gE9jJNJpf+NGOGOAg4WrOdAct98aPEbaiM3iI/ypjw4StREpW2imZJIzpD1w9YPilS8fYJhBhytWEqNy1IzzXJ9j98NS/nSAnQTuXg4BWJwroY3lYcUtIoRvsGYQr7xPCiTdHDiryZxvyit/5UdeGkYvj/jyyJkZ2Xl8JuBxNpYEpMkEYQE7OoM3uynDOReJVBsneCz6bfieoPKR6hOJ8I4Vw==
+nico.			86400	IN	NSEC	nike. NS DS RRSIG NSEC
+nico.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . EpT0GsQdhs7/lhQoAEJpBgK6I1mkmj/ujuutEjsHYLUyFroxait5SE4l6fe6xrXsjJk93/fT8nV1pyKERXls8OnGTqMofLU0KEnXos5uai7kYbkiQmCVeXj1L2p5yx6E5OpZ3Nxh+rhs+zWRwzWU856bvMG1p7ZRjqBYag85n+iEWMcmZmUTeco8vjxbOO4YDwKbeAqCSfc6BUoLbe9osI3vbkL7YQHq2WPxieacvV6rigK7JbFdWfeJHZ8JXS5ZvQdvuTIwIkT7p8kFir/fzcQ7PA0ey5Ol2HcmDkXIuhVJUa+fsnATweDWTd3pvGGRfNxY3XCymRtX3wSHECcIgw==
+nike.			172800	IN	NS	a.nic.nike.
+nike.			172800	IN	NS	b.nic.nike.
+nike.			172800	IN	NS	c.nic.nike.
+nike.			172800	IN	NS	ns1.dns.nic.nike.
+nike.			172800	IN	NS	ns2.dns.nic.nike.
+nike.			172800	IN	NS	ns3.dns.nic.nike.
+nike.			86400	IN	DS	4354 8 2 FF4031CF9735B318FDBE43B2EE7465B3911499F59BB3B0C420AF4ED92A494276
+nike.			86400	IN	DS	37330 8 2 DA781B878EAAEDD5CB777C550671E970BE256F4681F2F8B7ACA6B823CEA32898
+nike.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . MpwNSq+gdnZPO/6FEOjpG1zyRGRVyKVz+0UHSfYkDmtbTj0M6yoKSG2M0pQxEjfqipV4AWcixocd7c/P3DBSSpchYVWZOMrgR3Z0pOnQbTM/JaoQ+BeLlJsjQMCuIpxa1oNJjRrtYEWYG9j9yYSW2kyuucnOYfo6IqkMa/Ad2MTrCjhBIZIWD3CyRQ1J2cT6Q0BGB2TwrtLQNgqaZtIXzK+wQCm7tidHPvMcKIoq847zsCPW5WyS2rR8zWIzaIgkSQCtmfI+m60ETyor09OJlecj/OAgmvjx8eXSUqCXh7CVqK5J4pB7ryAvztZCAW8WXa2BrensnIcb/+OD2dHDSQ==
+nike.			86400	IN	NSEC	nikon. NS DS RRSIG NSEC
+nike.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . JS7TtZ8nnnMveyVjOXXOZLN2m5FBcubnfEjj2YJx7pEdAPYJ/goSZIWsrKexsZvv9WVZ52NLvs31hmxcWt2Y9iUReKeKN0UkDXKGuZGRPvd1y2eZWaIZ1Av6UR7dLeksGv4QnBDTJnrlFk+84bCxpmYXiPBGXo7PJL3uFcLVXxXgERdvMcFBuEajSi59flUZMPfQfkPp48NdGNbWku3AsKCd561BqHzrYpSDXDvGCbSVtpxTTMH/yXXUScMcJP2tzEQFbB2qRNoFH9vmZsT62YyXOwyeBOBfonCLVoX+vVVl4x3S/ivVvKiIg80xThW0EaadK67nLZeUl3EtzImQBA==
+a.nic.nike.		172800	IN	A	37.209.192.9
+a.nic.nike.		172800	IN	AAAA	2001:dcd:1:0:0:0:0:9
+b.nic.nike.		172800	IN	A	37.209.194.9
+b.nic.nike.		172800	IN	AAAA	2001:dcd:2:0:0:0:0:9
+c.nic.nike.		172800	IN	A	37.209.196.9
+c.nic.nike.		172800	IN	AAAA	2001:dcd:3:0:0:0:0:9
+ns1.dns.nic.nike.	172800	IN	A	156.154.144.123
+ns1.dns.nic.nike.	172800	IN	AAAA	2610:a1:1071:0:0:0:0:7b
+ns2.dns.nic.nike.	172800	IN	A	156.154.145.123
+ns2.dns.nic.nike.	172800	IN	AAAA	2610:a1:1072:0:0:0:0:7b
+ns3.dns.nic.nike.	172800	IN	A	156.154.159.123
+ns3.dns.nic.nike.	172800	IN	AAAA	2610:a1:1073:0:0:0:0:7b
+nikon.			172800	IN	NS	a0.nic.nikon.
+nikon.			172800	IN	NS	a2.nic.nikon.
+nikon.			172800	IN	NS	b0.nic.nikon.
+nikon.			172800	IN	NS	c0.nic.nikon.
+nikon.			86400	IN	DS	964 8 2 6FAA1F2BE2E7B7E40D1E6CFFFD831FE4D8A2C2D9B46429719F67EAC2CE582EB7
+nikon.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . 1D7bAbIsbLIPAbOOoxcTf/Nayayn8U7Lt0raO4SY3SPyxSUlZ4r11xilsJcvMQfAOdYXIlvdeOqyvipbWGtQwUdZHEDQ4cFbddDicP4S8GEeslDWcQsQ/Ar7ySxvCWZXIRhsygaNhy7tIDck85btJyn9aGJHPuI43W2/8PYj6V+rTn4tdTSMVzpTsCqtYbbgKIG5w2HRPIS484QrHYI2ePrtzovTK66uT5zK2rd4ABToO4miHDWIP/7UDJWbHNCpRquh+JW6p4NlNipyDEOmqPbO6omgCRkSzjrpEFe1ihSjmZ2i7y9VDW26HdtFEKgnHsnlQx3dbxL38dfLvyUKGw==
+nikon.			86400	IN	NSEC	ninja. NS DS RRSIG NSEC
+nikon.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . Ey4xA7aK8AxkY9WROjHQ5B6/KwpoqGbFC25ibkckANCdB5yYD3ZBccUEUx3PuaK66XE5ZDMolPBCCpxtWHolIKUz/gd/yb+nn6ccaHhh0MYaKgBESXvzHLhrqLZzC1go97dh44Vuvm8C0glGBjkmZ4vWAUEjGJs8JSluX/LtVnNwUneeWzxmZ++rBmlQ+PQUWomjrfgaJWnpL+0GCMv9D8oFqX6wkDKZATDvcuEz0fakCA4uho3jjQ+d26pC24N+7O1d5ZaEB1kM3hlRa5ZfH7VveLF1FK43JjcKFjwvePJcvNpPl0zv4FosukR0O2Wq4XacOPKqqV9cOb5Z15maFg==
+a0.nic.nikon.		172800	IN	A	65.22.112.64
+a0.nic.nikon.		172800	IN	AAAA	2a01:8840:6e:0:0:0:0:64
+a2.nic.nikon.		172800	IN	A	65.22.115.64
+a2.nic.nikon.		172800	IN	AAAA	2a01:8840:71:0:0:0:0:64
+b0.nic.nikon.		172800	IN	A	65.22.113.64
+b0.nic.nikon.		172800	IN	AAAA	2a01:8840:6f:0:0:0:0:64
+c0.nic.nikon.		172800	IN	A	65.22.114.64
+c0.nic.nikon.		172800	IN	AAAA	2a01:8840:70:0:0:0:0:64
+ninja.			172800	IN	NS	v0n0.nic.ninja.
+ninja.			172800	IN	NS	v0n1.nic.ninja.
+ninja.			172800	IN	NS	v0n2.nic.ninja.
+ninja.			172800	IN	NS	v0n3.nic.ninja.
+ninja.			172800	IN	NS	v2n0.nic.ninja.
+ninja.			172800	IN	NS	v2n1.nic.ninja.
+ninja.			86400	IN	DS	46082 8 2 C8F816A7A575BDB2F997F682AAB2653BA2CB5EDDB69B036A30742A33BEFAF141
+ninja.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . F51klhIwz3KDJab/jdgDR2q8TIuD5KrfiAYVDBWLbkAjJ/hkLQysCud9IXhwjhyS9yRu8qYwDxBhXjd6gQc7ibFPnBEx1gN0U7WEN9aIrnYG+/DPEq4deWJtzUBzwLgGaipi7ieT7myQWXQQ8vdkRmNYVppBFazNRlq/2eKh1RsE3PWBFqPbfD8XaCwOmN/67RK/JOzrnMGY9eDNEh5IUe6KeAjWUDObwcAIermLDJPDmvoM8Tk1rq+Y4YBI0DAdHpIOvpd70WlMojhdaiY9y0/M4JVk4Sf8n4Qd8h4Z7YQdA+FGRqAwvIJlIHPnLM4fMntk5EW9FHb/PhqbFQxIKg==
+ninja.			86400	IN	NSEC	nissan. NS DS RRSIG NSEC
+ninja.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . b8U19O6xFTBDV9jOX+NQ+e43mpfYyoVRlOEOLjXNqUEXQxJaaI5qmplIlrxAyj0o1+dFZ3Wmrc6sgwqDlD6popEQPCX+/ZyAfUFpZ+PZSlrlgyOxZpYICDeBi7aDFBI5jNUAP/N2GF/pzI6b5A46CrGf4vTOWKQoaCNVNWvhVWEAfd6BuM1mfVDJEQVzhFck0PYI5VW8c5y/SfJjnx1ySY8e96rmEHaq9h0qGLOOqIiJ5O5/2hinXxximJVdX+QuYItmaZLvOKFdVvIq5FbWyIEyLV4QPbiBQmrWMdugFqLqxh4fMCiebY2F+t/0hho0WB74f4HKXw4Eeuob9jojVw==
+v0n0.nic.ninja.		172800	IN	A	65.22.20.4
+v0n0.nic.ninja.		172800	IN	AAAA	2a01:8840:16:0:0:0:0:4
+v0n1.nic.ninja.		172800	IN	A	65.22.21.4
+v0n1.nic.ninja.		172800	IN	AAAA	2a01:8840:17:0:0:0:0:4
+v0n2.nic.ninja.		172800	IN	A	65.22.22.4
+v0n2.nic.ninja.		172800	IN	AAAA	2a01:8840:18:0:0:0:0:4
+v0n3.nic.ninja.		172800	IN	A	161.232.10.4
+v0n3.nic.ninja.		172800	IN	AAAA	2a01:8840:f4:0:0:0:0:4
+v2n0.nic.ninja.		172800	IN	A	65.22.23.4
+v2n0.nic.ninja.		172800	IN	AAAA	2a01:8840:19:0:0:0:0:4
+v2n1.nic.ninja.		172800	IN	A	161.232.11.4
+v2n1.nic.ninja.		172800	IN	AAAA	2a01:8840:f5:0:0:0:0:4
+nissan.			172800	IN	NS	a.gmoregistry.net.
+nissan.			172800	IN	NS	b.gmoregistry.net.
+nissan.			172800	IN	NS	k.gmoregistry.net.
+nissan.			172800	IN	NS	l.gmoregistry.net.
+nissan.			86400	IN	DS	37324 8 2 2F8EDB59D650BF63C13E67695E5254D4CEEEB25FFAF456727E367DA003182256
+nissan.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . ILwvUHUOez6dMHgKodItpq97aNrYi3wTCuoZhhLciSrtGmEe8VlhvjoWsjyxpcdOvytwZI53HA7JHrUDmNZmJPOqvfy8rWC9ljMAx77iOZfpoeY73GMNtS6ZSE9MsZMZ91TYvpdsX9r1pjTyadqIYhoFa2oC5sYAiUTmyXLyNWm64DznW5RfHFNuho/N5yfGbNxanAbnJBx6epyX/5RbyfRgv5NhikTcDwxqIHrR3xsjLfPCMCs2yzFq13Vp4n7WkuofBftq50Dy1dgRfGQJdgWAsN7XSwMNih+JdGIlfqPb6iXsLk1OAz1uiAQrNIvr49mL7w9CnOned+ZHNUBf5A==
+nissan.			86400	IN	NSEC	nissay. NS DS RRSIG NSEC
+nissan.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . R7e4ANKvKs8IVTA40UQEytqYvWLkY6hBvagLoUCi0GxESv2ggeE6KDMB6y+Xt5mKe2EAfM0xYzmoE1e3OXqCSYXdO+301ZlHC47Qb+tRDvB2GD6/F7ZELicqHWqDnQB3IosYYA7V08yrVMMClr75aXdHApg3KpoKkUMqPhPGT3OAoEsECEQ/75kWSMbNuXZ5QL1yMNRMXRBqYKP9/mQFwMTcTUonE5oXK+yqt1ifz+VgGqQtzOWLLC5bi3ZcU8S13KXAGgJsVXGQm1oCjsYHIw6YUkNEkFyKV/eGYfk0UjEZKd5y3FHxX7wK3/UvQBG7yK9/QjEaRWE1xs5aBGyn2g==
+nissay.			172800	IN	NS	ac1.nstld.com.
+nissay.			172800	IN	NS	ac2.nstld.com.
+nissay.			172800	IN	NS	ac3.nstld.com.
+nissay.			172800	IN	NS	ac4.nstld.com.
+nissay.			86400	IN	DS	62124 8 2 B59D6BDA2C131F954A260174AAE128A43BA29580997FC822E4006148960ACFD4
+nissay.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . LClaMdbtT44NGZL+7MEaeiEKLaj7JYZxXUCR3Pc/VVqBzEBSnV1dLcGd44x3t/G3XpN6MCrts55dllmrBvvw42c94Bh/uQeNqEjTRbGr3SlTCkWBb+NPMERUi3zPDAFosYGWxl9ig21/D9+Mcxb4iHS6xpTKjR9w4Jgc4xVTfcEZ+itMtqZKu5lXcobJ6pRi7UfYy5WyDbQEqrz9kkiSrXYuImjdxyjRSB7+nFSK0KVTkRGkGVO4ET52aQfHlvJUFZI2bdaloi3wbUzG4D+pGSkf+J3zgyXk7b3uu3mAEae+lPGRZHeELwLn7W6zA5H3FLikgpvXofx7RirzAEkB+Q==
+nissay.			86400	IN	NSEC	nl. NS DS RRSIG NSEC
+nissay.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . L0E9uJqFghfNuuwkQ5re1Cc0zmbnP/91qxnfdfpnEJIsbSxafshKqBz2l+B07xDYpR968GV/3tG8i6AWohC/GtPuPkRKFQ7/PGC8+z8pPGHUl0mM+M+r9Uy5cJ3JD+JJ/xKo86Uqy70A3nf4J685H3GKRNw04T4duLGJI93I5uu4/ZEKysC3tExGR3IRxawBHGrLRLdqEfUA8GgEb6vr85uqbMkz9m7cifSh9gTJb2yY6TkXybPPzQ4L+sRgh5SzDFrTPlViHzAngWInhC/uWR7Nd21ALp1kIvQpXWZe1j089sjRNqpfVPPVqV1VpLiT7r3s3yeHHbppzDOrTaU60w==
+nl.			172800	IN	NS	ns1.dns.nl.
+nl.			172800	IN	NS	ns3.dns.nl.
+nl.			172800	IN	NS	ns4.dns.nl.
+nl.			86400	IN	DS	17153 13 2 C5DFDDC91E7532562A35F3C2CD30823894BE08F20101F1ABF45C8AB9739F3F49
+nl.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . uE4L0qVFYSBuSvyInW+9SvgxT9VT1wlIdmGosiUTCiFZxZCsrwMT1cGJVzcAqTGMTSghZuIsIXTjRS8kwYG9poPEBcOjF3t+nf1FNE5zblKGI55LXPkXtR5e++O5hUkhrrAtl+VU3EFBr1VwATPdEswn+KojgEXTt6XL4vUx60eorcHnLFpfxhW6EcsjUo2yqIPBVBYroKKLeSD1WBCEvBQBrI83AzwsANb9SYmJI9K9vUeGqjf4jEXWZGEWYW7/IS0sVbxBFDnGsyA+nVA4+2XNj6akma7Y+c7LNddNqVooJrVHURTtgyeLSpMP4T3PD8cpWpGpPvDr8USRG4gTqA==
+nl.			86400	IN	NSEC	no. NS DS RRSIG NSEC
+nl.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . tb9dn8CTgQm3tv+5wncgqyPqCt9Z/ZryACgupn7EH91v1ppyhQfAM0A4SrrHE0vUX9WuXCzU3TGKD4uUcNj1Mt+AxkpHYlFpVueA3CAPkIjp3fsmSWlp/bGL5mEicBQS8Rnh/b5TROSS53lrqfxfsNtwoRuHeVq+FofYiFTLlh+tEqKlEedhAJH4E5CwQqMEYtJhhj6HpmycKC5prA8BXKVeMgHYNpHoBgwUpr3dlMZNtD35we0Z24OG6GZ0xCn/dwx6L2mPFOCDatCQ9/ZDHuhJ6zW+j+aPTURulSymaJKTduc7MNsXEO9bvecXzUhJdRa9u4JtBBYuVqYG8Ypu8A==
+ns1.dns.nl.		172800	IN	A	194.0.28.53
+ns1.dns.nl.		172800	IN	AAAA	2001:678:2c:0:194:0:28:53
+ns3.dns.nl.		172800	IN	A	194.0.25.24
+ns3.dns.nl.		172800	IN	AAAA	2001:678:20:0:0:0:0:24
+ns4.dns.nl.		172800	IN	A	185.159.199.200
+ns4.dns.nl.		172800	IN	AAAA	2620:10a:80ac:0:0:0:0:200
+no.			172800	IN	NS	i.nic.no.
+no.			172800	IN	NS	x.nic.no.
+no.			172800	IN	NS	y.nic.no.
+no.			172800	IN	NS	z.nic.no.
+no.			172800	IN	NS	not.norid.no.
+no.			172800	IN	NS	njet.norid.no.
+no.			86400	IN	DS	38032 13 2 6D374D769D1E4388B1A549A6DA2F7D89371DB6ABAA53D20EEC70844DB4062E51
+no.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . Q2JTtnIS+i8FFLMBRuY5ShpOMxD2sGHnmtZHDIMVN/Z/POO2W0A2ilTrVN50EipFPMsoLXmb/UrviNVQcN/d7t578eBAk8T+UNLS007hhepJmlY3WQ5tYufPsoI6EwdVezgQxkagLOh9q6JqNwIBE7vGSTMGfOLh/1MQ/NvTuhd7SLb+b+tliJcjflauZdd1KvzrwQleiwG6Q3vczSBCTq8Dr16ylP/N+md/D2st4Y/qlSrtaYPEuf8FC29sQ4oK/473iFnfM5JK0CzEgRCZg9U1l8olf2vMrLtYUNpYlnP50kA39HcjQlUlvYNp+cOVB2ddrG2zvlkV+l7HEdk66w==
+no.			86400	IN	NSEC	nokia. NS DS RRSIG NSEC
+no.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . uqs+i7rhXrrzVBEsP/ktlOBCU+wveTXDkGctW1N62hnhGiMBFqnuNcjgfnbOaZv2ZysPzKU8etQSjAddUvcdgBELOE64C7NKMt9tMfEVkGm6K0pkLO3FQ0wzpDZaw4YevwhiZ+k3d/eOnmD/vZRJ3sTxQhjGU4/IHZ7S4Cc+dPOSLu0G2P9GWaN8K5KSdDQ01QrXKAeu5tNuQfEceakNafn/K+fHRJ1BBCXtUPTAVh1E6BFJ1vV6+gGJJxlqy9q6P1mbad2Ty7jLwWV7ho4ZPJv1V1G8QiBlslZqJoKanUDNa1JTpsl1kidgm8VOdZpOGRYMlUT/s7msxttRiphC3A==
+nac.no.			172800	IN	A	128.39.2.22
+nac.no.			172800	IN	AAAA	2001:700:0:102:0:0:0:aa53
+i.nic.no.		172800	IN	A	194.146.106.6
+i.nic.no.		172800	IN	AAAA	2001:67c:1010:1:0:0:0:53
+x.nic.no.		172800	IN	A	128.39.8.40
+x.nic.no.		172800	IN	AAAA	2001:700:0:412f:0:0:0:40
+y.nic.no.		172800	IN	A	193.75.4.22
+y.nic.no.		172800	IN	AAAA	2001:8c0:8200:1:0:0:0:2
+z.nic.no.		172800	IN	A	158.38.8.133
+z.nic.no.		172800	IN	AAAA	2001:700:0:52d:158:38:8:133
+njet.norid.no.		172800	IN	A	156.154.101.12
+not.norid.no.		172800	IN	A	156.154.100.12
+not.norid.no.		172800	IN	AAAA	2001:502:ad09:0:0:0:0:12
+nn.uninett.no.		172800	IN	A	158.38.0.181
+nn.uninett.no.		172800	IN	AAAA	2001:700:0:503:0:0:aa:5302
+nokia.			172800	IN	NS	a0.nic.nokia.
+nokia.			172800	IN	NS	a2.nic.nokia.
+nokia.			172800	IN	NS	b0.nic.nokia.
+nokia.			172800	IN	NS	c0.nic.nokia.
+nokia.			86400	IN	DS	38794 8 2 5D3C0F0B92084EB734E6E06364681B3BB051087A15EBE6F468B2974C5F197AB1
+nokia.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . y9DQuZSZimUxYou5QvebTJns6YVwa7mQBuHsVtovVAtK8LmmIfc7BEhaLgV6HWkcTdWUXTpvcCIX6OJdx70HPe0vbZue6N1oAhWWacVhEWGAWDm7gWuviYxsaj6HwhNUyZkDvVBfBq4v3wZEJP3Y5isg5m32LaaGu2Ji2r17P5nCfmLt+SspUbQmunTbV4VQB94Vjx1L67vsaROvKL7irIVcG0LFYd+pq997xYd1Z3BQUCnRtmNqEAVcqwaG7cn4g4XX6ZNjUOLk5z5cz1tA3scRHby1wCss60s/jzOnXKaO9yMj3+lvZ7pyBZzhRmMFjnUG4QbCve4eLyWcS7S9ow==
+nokia.			86400	IN	NSEC	norton. NS DS RRSIG NSEC
+nokia.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . PZ1pYtOcBhhoJbY5sEBg3isBp+TfpXTVY04ttAlAG5RGZdXr2UDGaFwx6mtzy/Wsemq8Xgfx9o+34f6l62rsN0v9mDexAeSS/mA5cDJku5TsKvOKszqQ2Itx77hLcgFJWxoKsbTh0XYyAhqyW0Q2ZJDCXGnqwvMk9+TdhqNb8N4h4rNyJTPFbJvKHom4pX1MbWw2dIM0deRowJe1o+X/kgjwKND62MQMShvuIKy0RLj3DO4WmKRORTWcHbTLQ1Ylf1cs5msfFLyv0+2mbQu+MAnQAC98N8ZsUzLYu0rWHZL7Z+SiCshCnZJlPen47vgESG6y0pijc0wld/jdCo8KpQ==
+a0.nic.nokia.		172800	IN	A	65.22.148.17
+a0.nic.nokia.		172800	IN	AAAA	2a01:8840:92:0:0:0:0:17
+a2.nic.nokia.		172800	IN	A	65.22.151.17
+a2.nic.nokia.		172800	IN	AAAA	2a01:8840:95:0:0:0:0:17
+b0.nic.nokia.		172800	IN	A	65.22.149.17
+b0.nic.nokia.		172800	IN	AAAA	2a01:8840:93:0:0:0:0:17
+c0.nic.nokia.		172800	IN	A	65.22.150.17
+c0.nic.nokia.		172800	IN	AAAA	2a01:8840:94:0:0:0:0:17
+norton.			172800	IN	NS	ac1.nstld.com.
+norton.			172800	IN	NS	ac2.nstld.com.
+norton.			172800	IN	NS	ac3.nstld.com.
+norton.			172800	IN	NS	ac4.nstld.com.
+norton.			86400	IN	DS	13095 8 2 8A3E13067F0237E9F16D0C6D25C72B262AF2E49BBBA4345C70E1BA5FD19AC321
+norton.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . DtUDWjtpgqHm98b75ovX+DvymwSPVd5yp52+kjmFvyhzD9gpcxXkthZ5MVb98tm3eA+ucMxKMs/yMrqJeBDpGv8vHb5xVbu0uu4y1bDXSDwLKTQ3zqU74RH612L2Au1zFYs6Ekw+Vncj23OVeomJjVumtAN4pp2mAZRg6sfmEeVfJYmk3cz+XI5bAgcnr99yd6Bx+w+mw5MD4SUsIz5D8Y3sq1/QoICLdONWMAhZAszbUrtjzNlf19h0RiBVTaqfUAMXymApCjKmFUROrH0eIMbYqPmRcX+OkytWD6x8m+eO0q5aOgckSAkNGIUB1SulstieHJEcGl7BysCS6m5EkA==
+norton.			86400	IN	NSEC	now. NS DS RRSIG NSEC
+norton.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . L/rGK8rpSemyqR29WCyxbPJ7dKYvpUkGcizg+eiQVM+CUspUi9Vp9whpqGjL34HrFaDIa0Kp1KHMMcFuwARG4IMAfc45HwZBrX6NjJChW1POAFfX0vaCVu8dn04oBVZQJom1+F+wWZM1MXfOlBQmsSVwl8bXOUh+yL0p8ykIFDgFTcwy5iBVXTWE2kc+1jsXRuP7iAbOnDGtC5j1ycL1Gi87WKxI3w8THF5099/eCk0nPxv0Cbp9yenmn9hCmOKqOv+wlwiUO4b+x4ziUr4tCV5ouzI81T+GfiAmLPPWl3+KUHiZbEBOKHRfQQBP7blbgSg+ZUS5gBIU/lck+KPINQ==
+now.			172800	IN	NS	dns1.nic.now.
+now.			172800	IN	NS	dns2.nic.now.
+now.			172800	IN	NS	dns3.nic.now.
+now.			172800	IN	NS	dns4.nic.now.
+now.			172800	IN	NS	dnsa.nic.now.
+now.			172800	IN	NS	dnsb.nic.now.
+now.			172800	IN	NS	dnsc.nic.now.
+now.			172800	IN	NS	dnsd.nic.now.
+now.			86400	IN	DS	53572 8 2 530790FFB40A20CF7570A38B4F02E33E1B14E2EADE01CD99F15C9BBDF2E58112
+now.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . k+P4oHqWaaT6HhvQpoN4kMiLcCGN32AmVl6E0DX14iLcF078+rJAXdectnuJLuCtTWP+xpmjvoGDPf5fooQKrMRDjoL5cLiQLmXMDw36QnFPhvoRK4TuH3GsxpLk+Sj9RlQiOxPGBC9Ea7eZlFP8FUXXwcJR0YviZ2MjCJH4js5kF1DV7IH6lxe/9mT9k5kE01OJ/NRPW6hdypHNN3MHa9SjHBk1B4a6INggHJx+7K5AEv4XalFWusy/74qvitcJH/aqD0h5c6py04vReNWXDNPUOWqOaUPKh+111je4nRDWbiTH/Mjh3ZvB/jpjalzYgDzUYuzxBxwZIifPLTcg6g==
+now.			86400	IN	NSEC	nowruz. NS DS RRSIG NSEC
+now.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . IK6obTea44eFDQEQx1tfEa3NSS/96JGssA4Q5zYL/zDDzsbWs2JKrdbrPaIz1GS2PElZidBaIfnbgqTAlfsruQwKqDJ/D6CZbJ6UqUtLP4a/Pz5ud4Z8/niGmu7/iwPy+4L4Pmk4p3L1P29YwPgwZYa+DSLfs+FSZ0qVfFXb6MLrt+MHnpqeCm+TgiflP/YbkMkFMUmTXoU3FdE37oqW5s8HHRKhE87Gge5zm2Ive7vArCZ8cBT3XfvQ1wKpTXM0glXamGpo0+mP0x2WJNJmYRs+EZp0Vq8v0KZoJSgXgu+H5iZ5ZAcLhUbadTAzQOEhPkqStun7OTyzokUbRK3wbg==
+dns1.nic.now.		172800	IN	A	213.248.218.73
+dns1.nic.now.		172800	IN	AAAA	2a01:618:402:0:0:0:0:73
+dns2.nic.now.		172800	IN	A	103.49.82.73
+dns2.nic.now.		172800	IN	AAAA	2401:fd80:402:0:0:0:0:73
+dns3.nic.now.		172800	IN	A	213.248.222.73
+dns3.nic.now.		172800	IN	AAAA	2a01:618:406:0:0:0:0:73
+dns4.nic.now.		172800	IN	A	43.230.50.73
+dns4.nic.now.		172800	IN	AAAA	2401:fd80:406:0:0:0:0:73
+dnsa.nic.now.		172800	IN	A	156.154.100.3
+dnsa.nic.now.		172800	IN	AAAA	2001:502:ad09:0:0:0:0:3
+dnsb.nic.now.		172800	IN	A	156.154.101.3
+dnsb.nic.now.		172800	IN	AAAA	2001:502:2eda:0:0:0:0:3
+dnsc.nic.now.		172800	IN	A	156.154.102.3
+dnsc.nic.now.		172800	IN	AAAA	2610:a1:1009:0:0:0:0:3
+dnsd.nic.now.		172800	IN	A	156.154.103.3
+dnsd.nic.now.		172800	IN	AAAA	2610:a1:1010:0:0:0:0:3
+nowruz.			172800	IN	NS	a.ns.nic.nowruz.
+nowruz.			172800	IN	NS	b.ns.nic.nowruz.
+nowruz.			172800	IN	NS	ns1.anycastdns.cz.
+nowruz.			172800	IN	NS	ns2.anycastdns.cz.
+nowruz.			86400	IN	DS	50845 8 2 F7691BFC344455BEE7376FCF659FCF623AD2FD081900F4FB32DB07C7BC6BDF57
+nowruz.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . RPe/Kdgwty5nhOBWiDO4OUpbvd2YwPrr4G3fIlQ3749fZfygG836Rq08FSkb1UQcnF8c7ZWaL4OI4Mw8Y3YaSZ0K4FDo/emDZ7Sblol8W24xfYDVWXLpHuQbRQnkxb45hNQIoLivSdH/TnEiak+ZTci5WkHjuNmGymnlMMyNKet2lP3xaqEP+Dv0Rjrhq35CQJm5Ug4yzzGVHjLEhYFyGbR2xdCWJPBOZ/iFc1UqqJKn6L9mht5XvnTXh5V8fI17yYyNYl6+gbowBGsfR/yEVzaD8vVNnNdT3GFF4VTetG8fCzM2sON30LglFYxZ8XD9n+XMrAybERcZlN16cRWOaw==
+nowruz.			86400	IN	NSEC	nowtv. NS DS RRSIG NSEC
+nowruz.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . KNbfn0E2dJe6CKo/1iPNlyRHn+AYoGSqYexv938Q3Y0855amK/DeJoK+XdUyZE0vZC8i5rtJX8XLPetMVRbAe7KTGostuxh8ZA0gTPf73hAWUZdPhJetI3dWMQSVFdTZu0w7VTAwJkZgoE2FX8BUVlnjol/4C8Hkw2mmnqnSdbOPcnZfnJyGqLnZzIMZsyrzSuKs9YFw+IHaL/b1AasqTzDXxZZNjzpLMycsXrkLD9puD66LPTKyS6Rx8AZq7+m/qlKZTjYqO95/eRgurLyn3DkB2Qs0v5MfiFdAxKkMp65yIynV+THkpNx563j3owHR1ME7NE2ThzGkFaTZGPoWww==
+a.ns.nic.nowruz.	172800	IN	A	72.0.49.10
+a.ns.nic.nowruz.	172800	IN	AAAA	2620:171:a01:ad:0:0:0:10
+b.ns.nic.nowruz.	172800	IN	A	72.42.113.10
+b.ns.nic.nowruz.	172800	IN	AAAA	2620:171:d01:dc:0:0:0:10
+nowtv.			172800	IN	NS	a0.nic.nowtv.
+nowtv.			172800	IN	NS	a2.nic.nowtv.
+nowtv.			172800	IN	NS	b0.nic.nowtv.
+nowtv.			172800	IN	NS	c0.nic.nowtv.
+nowtv.			86400	IN	DS	30316 8 2 06BCB6632FC4327BA1D5ABFF7CACA06F7D01FCADEFBA3AEA17DB0839C5C9CC4A
+nowtv.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . onN+86EVGKZbKgj/lCd2/duCxu8sENJBc7HK417WQi4blUwnLfuiUUbLOuF4HcWUy5zt+xJrzAoJMHMbAdKGSAmB93iSWlhrC0fMfJWAbJKEHsA+4d+PqVOasaRabiQ8ZG/GvpoHo6dh+THk5sNkzPlFSN+lMuNJDOaQxG5pqKkFyLsadcs5dvPNstQmMW2hADAY3QBuHKrwDRFHN4QYQsKqLWim3HeqznWC2yUx5/9ouEN1AZWaBpxVS/r/jTSIMLOXU+HcMOg2TKd6gpyaIodGlhD+nsnKdROJf0CmkQGxskE+OdFh9rAwV2CoQ6UNjakMjYJw3FdgNfs2ILX6lg==
+nowtv.			86400	IN	NSEC	np. NS DS RRSIG NSEC
+nowtv.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . iVNmfvG2wTnnfSE1cQz+8KwVgkgW/1KErCXMqduHEVxroZ70VhARCcGV6AYUz9oVkYFII54ekDQguLK+H4otRm3vXw2NhDLyYk8z1Qkx9qa6g5Xh1GvVAu/30MNlj3P8uzgTuuLZaPhOaQy7J8r6x1DXsnACGYjfqEy7B0k2omyLbOZL+FNNXxsMOr37MwvnhLtv5Qp4AxkbdBaPjlvCD7wsYtoo4W/1Kau2EnP4bq481PAlirXn1nD0PG0CIfcFOxk4VaKXoMxof61cpv87gDJkykhhq3i759yvdOwhI2irWJhLipIKtxSjXCEyHO1HbWIDSt7/NYjSIQuouaEubw==
+a0.nic.nowtv.		172800	IN	A	65.22.172.1
+a0.nic.nowtv.		172800	IN	AAAA	2a01:8840:a6:0:0:0:0:1
+a2.nic.nowtv.		172800	IN	A	65.22.175.1
+a2.nic.nowtv.		172800	IN	AAAA	2a01:8840:a9:0:0:0:0:1
+b0.nic.nowtv.		172800	IN	A	65.22.173.1
+b0.nic.nowtv.		172800	IN	AAAA	2a01:8840:a7:0:0:0:0:1
+c0.nic.nowtv.		172800	IN	A	65.22.174.1
+c0.nic.nowtv.		172800	IN	AAAA	2a01:8840:a8:0:0:0:0:1
+np.			172800	IN	NS	np.cctld.authdns.ripe.net.
+np.			172800	IN	NS	ns4.apnic.net.
+np.			172800	IN	NS	pch.nnic.np.
+np.			172800	IN	NS	np-ns.npix.net.np.
+np.			172800	IN	NS	shikhar.mos.com.np.
+np.			86400	IN	NSEC	nr. NS RRSIG NSEC
+np.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . wUvrHptTvw1rarDITpVOWPNGkcigSnevBGbVn4d4OcZke2IuE5K+pztd7JQBeMhvy8X7oCfCzRpGQHNoPsoaxpNOajefdmtYHnfWFieeDgCGGjCEVOAoxxPbfiaX0g8L4RH4q94SloSqcX/GNakHKEdZtOCihGnWTMzqtjvSfJ2fCO5IaayKFurR5akmFft0XDnDanO/ZyFcM5a/rEi/0Cn82Y1v1e8LFCRlo0t9MyXf/Go5HkDsi5n3RIhkWwf/TP81LkmpML784wMtiucMc+gNN3iutx+Xbd+aZPVOFPov8RYyO7LSlsztLSDEWRej/j+WNxSDT2bKw+Kyb13UIw==
+shikhar.mos.com.np.	172800	IN	A	202.52.255.5
+np-ns.npix.net.np.	172800	IN	A	198.32.126.50
+pch.nnic.np.		172800	IN	A	204.61.216.11
+pch.nnic.np.		172800	IN	AAAA	2001:500:14:6011:ad:0:0:1
+nr.			172800	IN	NS	ns0.cenpac.net.nr.
+nr.			172800	IN	NS	ns1.cenpac.net.nr.
+nr.			172800	IN	NS	ns2.cenpac.net.nr.
+nr.			172800	IN	NS	phloem.uoregon.edu.
+nr.			86400	IN	NSEC	nra. NS RRSIG NSEC
+nr.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . f2yoqFKZYZ1dpm8SME+WiUH2kjsgnoVKOYYZt6/8gHM1BFr7Ja4of3CXy7gTZ1z2/x2dj6K0LmPc8AVMCI18mie1JgsNHBChodqBu8a/hJIvPPht55z6J+IpnHjIVhf+vHjUX8xURvAI9iJPll11/eNVMh/yH+CMQVgssXREWZG0XKWW2WMdc04qkmooW9C3lPrvoj5aJxsRty3/bS9iiSB7xFZCsKE0v/qsfqyBlleotQ3bh1BfNqPvp7QEEO2cqmGJmsOVJ/m/zdFsISdBYcV0TBhB7l5gS2DNBlXOwQS4RR2bj6IByoR4G6/l0vKhyL4OtE89clzEnVwS2Zdilg==
+ns0.cenpac.net.nr.	172800	IN	A	203.98.224.66
+ns1.cenpac.net.nr.	172800	IN	A	203.98.225.9
+ns2.cenpac.net.nr.	172800	IN	A	202.144.128.200
+ns2.cenpac.net.nr.	172800	IN	AAAA	2405:d000:0:100:0:0:0:200
+nra.			172800	IN	NS	a0.nic.nra.
+nra.			172800	IN	NS	a2.nic.nra.
+nra.			172800	IN	NS	b0.nic.nra.
+nra.			172800	IN	NS	c0.nic.nra.
+nra.			86400	IN	DS	44089 8 2 C9CE8FB22E6E9EAA566D79696115FC26158BE3F19C520DE9490748BE01982F4D
+nra.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . QM9Qu+YFDbC+gm8ZpMY5+q9dMtyDYeHngqT/dXRjsQA463YhsgysPC2iuUlNCtqzGNi9xygXi8NOgy1wNImT2P+zkbR2mVJvVKztTtfMch7je29oBzD+iOj/+olc3xfuHGlVNy9pppOJ2gMoJNl0mDB4UNKz8IKJMCxD8CM98LTC687ihzgP/7rVgGPuarRBiKpO+oUReEP4AQ3LFv0hf28ZmF3mk1MiGM8RGSRJ7dJioBEYaWgeCP6J8HGS0gWiwgkH6Nw4IWLeT4GkdMVu2+drjvGw6SfWI8W7kfiZFaCobSt48g86MgEfjJYrRVnua+s3azwVni/TcMuuIEF1Xg==
+nra.			86400	IN	NSEC	nrw. NS DS RRSIG NSEC
+nra.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . cNECBx2Y+R8w4SAAvxY/LwDSqSZdEt+E1CIGkdMr26EOKM3gCsm6QtQOM9nVuhg5wlMc9kVgENJOsGyDmiyZ2VJA6q/wG/0fpyzVHAEkgQuLC7gvRicU4bhq0EHfzVpjMw8JGMVVFbZr1VcIo5Xki17xc/j3Jr22SozI/pWqMJ/wi2L5FGHvlHwzbQafAqZeHF1wSakZUNkm4sNdHAfW821kCa+Oan2kZc5FmImArSErheL5njh6IU2JY+vy4iYWNTJzzWXDxN/zQV8wS+NMioEK3py1zQLKCs/eSl9V0BlPWGX8HWDC85U+q5Uy36aVObVTbUh1NYtPqRUYKkLxNQ==
+a0.nic.nra.		172800	IN	A	65.22.240.25
+a0.nic.nra.		172800	IN	AAAA	2a01:8840:ea:0:0:0:0:25
+a2.nic.nra.		172800	IN	A	65.22.243.25
+a2.nic.nra.		172800	IN	AAAA	2a01:8840:ed:0:0:0:0:25
+b0.nic.nra.		172800	IN	A	65.22.241.25
+b0.nic.nra.		172800	IN	AAAA	2a01:8840:eb:0:0:0:0:25
+c0.nic.nra.		172800	IN	A	65.22.242.25
+c0.nic.nra.		172800	IN	AAAA	2a01:8840:ec:0:0:0:0:25
+nrw.			172800	IN	NS	ari.beta.tldns.godaddy.
+nrw.			172800	IN	NS	ari.alpha.tldns.godaddy.
+nrw.			172800	IN	NS	ari.delta.tldns.godaddy.
+nrw.			172800	IN	NS	ari.gamma.tldns.godaddy.
+nrw.			172800	IN	NS	anycast9.irondns.net.
+nrw.			172800	IN	NS	anycast10.irondns.net.
+nrw.			172800	IN	NS	anycast23.irondns.net.
+nrw.			172800	IN	NS	anycast24.irondns.net.
+nrw.			86400	IN	DS	61012 10 2 03B1A9B2F537EEB6E16872FEF7971D7FC55A71B270952BD1E7BE44301F1CC245
+nrw.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . J1VhVv9y0XNDKklACjfqQ2piRAym+uz1kSJpbTOIZIDTWd+eMeDlQxgmacHe+lHMafYykQ9AtNGSHmDcbm5XQBrBCJ4kYoxTEEd1u78L0DxpeT2lz/0pKZO6PEtrcLJ5t+ArvBUgXJNZ1KTG1ddACo315tAYVeLIbh1n1dRR2CuKhzCuh5DMVa2o/7Tznt0R4QASz1nFvmdc0IZ3Lw5G129/Fcs6rFxmJdEenrFbEWytEcFbkse57m0r9iz/2vEqgGnQjhIRAmg5zCcgfYW/nkyzgXM5t+SXJEXM2lE81WsUA24ajLzKm3j0AtmU3k55tKQm87Ssep9JJQE/DeKLqA==
+nrw.			86400	IN	NSEC	ntt. NS DS RRSIG NSEC
+nrw.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . cejsPwEHOllg0ljCI7PllDhGz+JP4oy8vxT/Mfn1uNaE0OMlNG8vU8F20AwDA+KfnJBdtafC5zLfU/mmznLHGItszbYlP+wqmsRL98ZKMBtCoqxaHlpP8BAfO32BDeiuw4hSUq4MS1vtxNiFovG+o8jzHzW7Jlprx8Pg0/sj6l/Lg8ANzM+Fh3LqwkgaaP9BiDXG2vA72vbLzApG7++uct30uhPsSM+wNFVWq2Yg8B7Q74jMcy4YC2NNwvZQhvZkR11oA2mkTcacf2oxvPsOLpxB31/+F3prenqTPZEh4LnLuku5XGhaBGRPwPjDAbDchjhBZEymkUCZ0bzWE+ij1Q==
+ntt.			172800	IN	NS	tld1.nic.ntt.
+ntt.			172800	IN	NS	tld2.nic.ntt.
+ntt.			172800	IN	NS	tld3.nic.ntt.
+ntt.			172800	IN	NS	tld5.nic.ntt.
+ntt.			86400	IN	DS	42481 8 2 D21DF93A73F35F8C3428A42DB60DA7CCEBFC2A64A42B6F5E5024F358D5E18D44
+ntt.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . gRrfdHnxV2kB9GWybRTXknXAEHWedjh1V/yYUSyVwz3CGBdXHx3DUH0msSi11vQKzSez2HcNIgNhRnT0TqxoTM3+GfYmYOEiTAs1W73gjdjmFb8URVRhsUGYsJEkutSVZoIMrHhJ8tYoDh7PrVKkekH/mmmiWUWQl/p6HH/7swbX4OTR2nbQJM2gjyMiuBOtG28VVInfUHKZUZDE41y8j2v3xkzvqkdIsQ406PEgnMhlcO+FwWlnDJRdVbj0mODAoKoOIEXL1z7IX5wcdtroDNqWlfVL+2z6t113lK7cSreDXz3o8oA2T9hDgd8a0iRkYh9jTriIH1zwVz0iCNSlTw==
+ntt.			86400	IN	NSEC	nu. NS DS RRSIG NSEC
+ntt.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . KcUQUUebEGfuHDOy9i49SXOhgh2rmjw8kc6VKIoJVZVAjpsldUP8k6iS84KvA3gZD8r0a6DBEWtTvons3PEY7wIZh7m9uLw83qImzxDiLTfBqktsGwBPdi1W0ToWWEDaCrIQWohJzneXN1wCNSJ0qvmAQanJVh9iS5pwqEdxEc8RHylYb7CAo+IFrpTtM4SY4YrgmWZF/xpMeG16q/7u6BtoVrbzwoZI/SwtrhHDd/Ut5iheVd2Z4CXYquf82RCQrJSuCtbbFSibDwHqRG35UpNrBVeaVzgrQ8rf1VvNPPdGECrRlJuinXlPp19LlRrPi6jUv19ke1lJZWoF7s2oMA==
+tld1.nic.ntt.		172800	IN	A	103.47.2.2
+tld1.nic.ntt.		172800	IN	AAAA	2001:dda:0:0:0:0:0:2
+tld2.nic.ntt.		172800	IN	A	117.104.133.17
+tld2.nic.ntt.		172800	IN	AAAA	2001:218:3001:0:0:0:0:2
+tld3.nic.ntt.		172800	IN	A	65.22.40.17
+tld3.nic.ntt.		172800	IN	AAAA	2a01:8840:1ba:0:0:0:0:17
+tld5.nic.ntt.		172800	IN	A	65.22.40.145
+tld5.nic.ntt.		172800	IN	AAAA	2a01:8840:1ba:0:0:0:0:145
+nu.			172800	IN	NS	a.ns.nu.
+nu.			172800	IN	NS	c.ns.nu.
+nu.			172800	IN	NS	d.ns.nu.
+nu.			172800	IN	NS	m.ns.nu.
+nu.			172800	IN	NS	y.ns.nu.
+nu.			172800	IN	NS	z.ns.nu.
+nu.			86400	IN	DS	41209 13 2 46159142140BBF89ECB41E202F88DA8C7D8A51B584AA5EA4A28CEAAAF9091185
+nu.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . Egx8WZN30bvvj4pASzTc5xEWwxZ4XFDP3BiVeJjMAJvTaW5RlXqv/HdrlJ2wmVFgw/abVnoo3Ifym61rAF0TuxbMmhug8HWK2H26J2bvwzJVloNBuKFsdlA5LLgjrRULeMM8ScYhvdNyaRbYIl0n/NJaTuxiu6rt8rVgKiqyEDbMcYcea9LlafnZjmA9ZdQEnJpZKvT79Ya8kkb/PyzslHem8aX3H9daUhtQ5UzsLr3XZEVfxJL7b74RqldacgMM4Qhsey4eWADvVDVJhkDQRFKfRNHDJTfH3Z0h++X2FrqbA6cLgn61IrlrOHxaDDxksv7o62aTDYb/fncyIZxLXw==
+nu.			86400	IN	NSEC	nyc. NS DS RRSIG NSEC
+nu.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . LGexYsunV7R6KEEA5UEMX3BSiyEJJuFiLQgpfwbh+ExxWXn4RuaTDRFeA9hYSPelB2AWZrhGyfb3Bz9VUeE11AO5V4uN2CPjBlybvLhc7/l4RpKGpbNxhkXRaERFh/222BvIb12cdrBfZ7clshl7oA1os6RE6r9YrzruHpUiuqFGReZ6WMAjkNZ3+p9h4LNP4azf5E7EqZ/aVaOH5dj/Wt4T8glPc+yyQWHCc9GUOLOl7b4Br/0H+U+kmpx5bAOhSXHIs5o0h5IKihqWJBot+kFw1NgxdcqnK/+VYq+9XAKV8ul8vHDtEW3DF4E4kDq/7I0tEqbbFOyy+LktJs+iAA==
+a.ns.nu.		172800	IN	A	194.146.106.22
+a.ns.nu.		172800	IN	AAAA	2001:67c:1010:5:0:0:0:53
+c.ns.nu.		172800	IN	A	192.36.144.107
+c.ns.nu.		172800	IN	AAAA	2a01:3f0:0:301:0:0:0:53
+d.ns.nu.		172800	IN	A	213.108.25.4
+d.ns.nu.		172800	IN	AAAA	2001:67c:124c:e000:0:0:0:4
+m.ns.nu.		172800	IN	A	194.0.11.112
+m.ns.nu.		172800	IN	AAAA	2001:678:e:112:0:0:0:53
+y.ns.nu.		172800	IN	A	185.159.197.150
+y.ns.nu.		172800	IN	AAAA	2620:10a:80aa:0:0:0:0:150
+z.ns.nu.		172800	IN	A	185.159.198.150
+z.ns.nu.		172800	IN	AAAA	2620:10a:80ab:0:0:0:0:150
+nyc.			172800	IN	NS	a.nic.nyc.
+nyc.			172800	IN	NS	b.nic.nyc.
+nyc.			172800	IN	NS	c.nic.nyc.
+nyc.			172800	IN	NS	ns1.dns.nic.nyc.
+nyc.			172800	IN	NS	ns2.dns.nic.nyc.
+nyc.			172800	IN	NS	ns3.dns.nic.nyc.
+nyc.			86400	IN	DS	12721 8 2 37F945F2D915698DCDA12F80C7306150223270F78EC1D96FFFEB163A2B1EAC22
+nyc.			86400	IN	DS	12811 8 2 A5F2EC128186E5BA7F44AE789ED94F96E32811A68407D40E7073E2A58E8A1341
+nyc.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . yhBDqklu8XvKpXgXRblADSpU82oF5daAtC2Qg4KSp5kWvvoWgvG4oxyqRIZp7y5+DPyACAci8u29ILSU/LuifF5TFF4NFF6PpTK6j+UNRF+ZReWkYpNHQET8Z1jBTRxG8xNzpEAZtCp08R0YdQK0/ShRsus5DXfdX1UbXPJ7NZy7qwLFuS1YhIYR1w3EXjOgNEBdaqy24OdBmfyg4thWMGogC7xORgAuxrQQS7rZum8+79DiJgXX9cnV5mbWK3b5t8LO5LApJMCh1CJu207psznAZ0PVkeOZOXySZfy4z8Kr3vtZFymDEz1oR4QqIyxtVtdXm9c8GJ/4b3LtQfxlVg==
+nyc.			86400	IN	NSEC	nz. NS DS RRSIG NSEC
+nyc.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . FIeo3cEQ6/bpMi019Dzl1T1MCbYwg//cMGHcMdkCdxz7mnq0LjZzh33159Cdc8WXPFKfrLWDmHOEuNsIBtiJYmUK3QQ0wAS43wGP1fsRCHeInQSPNeE582e9XZhEN67WaZEELHQMVXYh6GDcGrGSm6bXUqFrTnYC71lr0sHYqc2yp9SYRCJzcOQJ8UQWYOK6eI0R4mlMSAjxxzEe6lnsgGkxtr3ay3e65/V0mlWe4kz24mPZpL0iwyWfjb9bmIVZXjIhSOaxs/xfQvU+McDERevZ59o7FdIHUzyJpk33VjMzhJuydIqbay+k5CCxSdm0Y+SzPT/v3r4k+fRkX20lHQ==
+a.nic.nyc.		172800	IN	A	37.209.192.10
+a.nic.nyc.		172800	IN	AAAA	2001:dcd:1:0:0:0:0:10
+b.nic.nyc.		172800	IN	A	37.209.194.10
+b.nic.nyc.		172800	IN	AAAA	2001:dcd:2:0:0:0:0:10
+c.nic.nyc.		172800	IN	A	37.209.196.10
+c.nic.nyc.		172800	IN	AAAA	2001:dcd:3:0:0:0:0:10
+ns1.dns.nic.nyc.	172800	IN	A	156.154.144.125
+ns1.dns.nic.nyc.	172800	IN	AAAA	2610:a1:1071:0:0:0:0:7d
+ns2.dns.nic.nyc.	172800	IN	A	156.154.145.125
+ns2.dns.nic.nyc.	172800	IN	AAAA	2610:a1:1072:0:0:0:0:7d
+ns3.dns.nic.nyc.	172800	IN	A	156.154.159.125
+ns3.dns.nic.nyc.	172800	IN	AAAA	2610:a1:1073:0:0:0:0:7d
+nz.			172800	IN	NS	ns1.dns.net.nz.
+nz.			172800	IN	NS	ns2.dns.net.nz.
+nz.			172800	IN	NS	ns3.dns.net.nz.
+nz.			172800	IN	NS	ns4.dns.net.nz.
+nz.			172800	IN	NS	ns5.dns.net.nz.
+nz.			172800	IN	NS	ns6.dns.net.nz.
+nz.			172800	IN	NS	ns7.dns.net.nz.
+nz.			86400	IN	DS	13646 8 2 569B1BAE369FD18F03D088FBA91BD58A830E4E21D2C96155CED267544CAC14B1
+nz.			86400	IN	DS	49157 8 2 44628E9BF710B40D5A5B19087A119EAF2C0B5CED7E7BA4268F4FC35BEF14B1C0
+nz.			86400	IN	DS	63529 8 2 65C9663EACC1AD314058A5A7B127D409D144BBA9A58EC0B6A7F4F028574DF47B
+nz.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . UEjUgzU6+uy/Ov8vrAEqLTEJiZRraEhxzNQqcqF1AFTuflN/ZsfDnxH3OmPC4hoBnW8ZeQ/JvVQT6Fo6AXkq1bR2DNyPMBP9zhJeRsFb5kX+YHDpmaVFnE0qY+RCh1xl0ihJ1tsWOuB3u1Ht0l9YqHfkY3KKlfDerdQJISmkZG/R3dRYyOV3JT8jhnfB0k7o6sVJP1xgrSSexUUdVNfZOEQrCTsSNhoZThdyZJwgXDZ0BpovFBUJKWWiRQtgMaQuswbr0QmtJE+M4sdNkToxB6KAlgPQGdUTSl78A7pGncUidGSxSKh55fjCTCJ1csRFY4qJ05PVhJ90e979WCuD2A==
+nz.			86400	IN	NSEC	obi. NS DS RRSIG NSEC
+nz.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . Z13ESScqnUfi2kr+1b/U6YS5+Ka9BbJoy72lXGAtbKon+9d77FlYeIYluMJTCKQ3sBeU9Z8Mh+K2ZcD8uyQRO81PkxCrePEei6C6c0+FNqybVUAI9vuGZjyIzzYZejD3WQmVwBmW13OcgyUnHU40Mw3SRekyaV0NtnAKM6VAdNu6pztlf5TLZxUpDxPMi6PDTNr9qzTMnaLevLuGD6RRh7034rPPG+BrMiFyhW4V2UVrDb72srYONyKMDQBLTpNID5S5Zc3tyPvCaqQuDfzWXJRCi0QlI9PhTiRFYDfDcouXe+ZjBhlQEe8EwYfByXZziuyyRXy7fGrosCSya9xI5A==
+circa.mcs.vuw.ac.nz.	172800	IN	A	130.195.5.12
+downstage.mcs.vuw.ac.nz.	172800	IN	A	130.195.6.10
+ns1.dns.net.nz.		172800	IN	A	202.46.190.130
+ns1.dns.net.nz.		172800	IN	AAAA	2001:dce:2000:2:0:0:0:130
+ns2.dns.net.nz.		172800	IN	A	202.46.187.130
+ns2.dns.net.nz.		172800	IN	AAAA	2001:dce:7000:2:0:0:0:130
+ns3.dns.net.nz.		172800	IN	A	202.46.188.130
+ns3.dns.net.nz.		172800	IN	AAAA	2001:dce:d453:0:0:0:0:53
+ns4.dns.net.nz.		172800	IN	A	202.46.189.130
+ns4.dns.net.nz.		172800	IN	AAAA	2001:dce:d454:0:0:0:0:53
+ns5.dns.net.nz.		172800	IN	A	185.159.197.130
+ns5.dns.net.nz.		172800	IN	AAAA	2620:10a:80aa:0:0:0:0:130
+ns6.dns.net.nz.		172800	IN	A	185.159.198.130
+ns6.dns.net.nz.		172800	IN	AAAA	2620:10a:80ab:0:0:0:0:130
+ns7.dns.net.nz.		172800	IN	A	194.146.106.54
+ns7.dns.net.nz.		172800	IN	AAAA	2001:67c:1010:13:0:0:0:53
+ns99.dns.net.nz.	172800	IN	A	202.46.190.131
+ns99.dns.net.nz.	172800	IN	AAAA	2001:dce:2000:2:0:0:0:131
+obi.			172800	IN	NS	a0.nic.obi.
+obi.			172800	IN	NS	a2.nic.obi.
+obi.			172800	IN	NS	b0.nic.obi.
+obi.			172800	IN	NS	c0.nic.obi.
+obi.			86400	IN	DS	26464 8 2 540D7E7CB6F111D9EA048E3801806A4814B6C1DD229F3A2414AAE8FACCE3CB13
+obi.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . d+59oObTPW05EyjJHAnrY1wfMoXqIYMI05xR/GiQYR/gbsiT1m8267N6VuFtN+c/pzhB2TK+FXaApgLnx0dhVzkuafZM0SMe55SP8bW0T8xDF6yMBhwEq853dC1mayzcPG+BR61ye2fXLfseiFRs/azE6A9r28p2XvGHzP1FMzk6fWmK5bUiUobQvzVkR7Wf5rQgQxcdb0fp/Bc8hn8o8C5XKVeWea8SsHJOgC7SeirlAlFo163996krhYvtgDwUJz/M0Al/EDWvk7cK8bu01Oxi9dVx6EY8lp3HAJ2VzfQk3T3ApW2WvTZOEH76TUtkj/eMiFuf0jYvK94zv1AY5g==
+obi.			86400	IN	NSEC	observer. NS DS RRSIG NSEC
+obi.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . NEf2Xc6gRqja8Yb30V/thMUQnzt4JWtYCOe388N/tYj0F2efglDboxaYYMbxrL6+XZRL5h2woErutvlMcM4JhsJ9r00FASvzGM3MrBwMLKto5AQ/m1OC3RL3AK+jYGN2wrfQNowPBmz0WGZXhFOC3/cef7NZJEeHcAbBlSHHeXcVkCgIc8Lm0vdOb4vCD9sCh/qBwhKOiHffXpE/ov21tiDwO3baGipdy0CRcwjsp1GJk/MyVm5kgoGzzAj6l8nsCjFeS5qOuwe1bKz4FEiO0zmdgr5hEuuuB1MVprnjk6wAwFCsiK45S9U7BVjA5JGqKxxWJa7s1Dyq/R4lDeIaJg==
+a0.nic.obi.		172800	IN	A	65.22.112.17
+a0.nic.obi.		172800	IN	AAAA	2a01:8840:6e:0:0:0:0:17
+a2.nic.obi.		172800	IN	A	65.22.115.17
+a2.nic.obi.		172800	IN	AAAA	2a01:8840:71:0:0:0:0:17
+b0.nic.obi.		172800	IN	A	65.22.113.17
+b0.nic.obi.		172800	IN	AAAA	2a01:8840:6f:0:0:0:0:17
+c0.nic.obi.		172800	IN	A	65.22.114.17
+c0.nic.obi.		172800	IN	AAAA	2a01:8840:70:0:0:0:0:17
+observer.		172800	IN	NS	v0n0.nic.observer.
+observer.		172800	IN	NS	v0n1.nic.observer.
+observer.		172800	IN	NS	v0n2.nic.observer.
+observer.		172800	IN	NS	v0n3.nic.observer.
+observer.		172800	IN	NS	v2n0.nic.observer.
+observer.		172800	IN	NS	v2n1.nic.observer.
+observer.		86400	IN	DS	46084 8 2 366C4C042DBBAA5636C254A7AB2331102545DCA6F2C81C8CE6B42C6DD0CADEB4
+observer.		86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . eigpZuUt97BFdJNVryfQHzLUawvxI5lOkMP7dba++MUMhSPKPqS3/j+9CcBqreheXD8c8gErx8OutW7g+3pLSxuWEWU51WUQ70kCY1lB/42kKPlyX0Wvn/GbK+9lgg4GELuZL12lRwzd9JYPRnSMSKLQvxs/ZXZx3r0OsCrm1YYUOJcOMyrgREmQXtkzGH79P0Ur+F5iicH0XrgCyOLFa57OTJzGx3/Hc/mQrKqhQpTTJ1Gs1O1WblonkwXcO91Y055TrpGSx9n7+xD5h3bIA1OYQ6bI6sZfIH+PljFam0isoBv8nebftk4D+/J/VbV3hVP8e4SK1guNIA7rUyOjtA==
+observer.		86400	IN	NSEC	office. NS DS RRSIG NSEC
+observer.		86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . XKhNEcx0va9BRxTMDxXHQxvoUVdbj7C6KgWdOfy/vG1cOaArESwhzMyE0ZyTWQUgKbb1++TfwJNLaYWkJdo3InuIA4Uv5ygTWZGYAsc+TKLRKCzKSE3wNaRyF8AxVEYMPV/+bKfSAr/O+72XUaUlyuHY6vsewc8Ne8BknmkenmOz/NVZgiwwJ/9x9d0CL/uc7eKBajKJxqjtIP9xEJxkuu1uXtPhdjF1b/+E7YkQ39v/C0dpGAaRWp8GdT4IIQ9P/cfGEaTCF30xHQF0dwS+7Kj7rF3qzoOGjstRgmLrfcMitGQSyvC4XbB8RXJln6UXUOU2SOZoOjhVznK3jcASNA==
+v0n0.nic.observer.	172800	IN	A	65.22.24.63
+v0n0.nic.observer.	172800	IN	AAAA	2a01:8840:1a:0:0:0:0:63
+v0n1.nic.observer.	172800	IN	A	65.22.25.63
+v0n1.nic.observer.	172800	IN	AAAA	2a01:8840:1b:0:0:0:0:63
+v0n2.nic.observer.	172800	IN	A	65.22.26.63
+v0n2.nic.observer.	172800	IN	AAAA	2a01:8840:1c:0:0:0:0:63
+v0n3.nic.observer.	172800	IN	A	161.232.12.63
+v0n3.nic.observer.	172800	IN	AAAA	2a01:8840:f6:0:0:0:0:63
+v2n0.nic.observer.	172800	IN	A	65.22.27.63
+v2n0.nic.observer.	172800	IN	AAAA	2a01:8840:1d:0:0:0:0:63
+v2n1.nic.observer.	172800	IN	A	161.232.13.63
+v2n1.nic.observer.	172800	IN	AAAA	2a01:8840:f7:0:0:0:0:63
+office.			172800	IN	NS	a.nic.office.
+office.			172800	IN	NS	b.nic.office.
+office.			172800	IN	NS	c.nic.office.
+office.			172800	IN	NS	ns1.dns.nic.office.
+office.			172800	IN	NS	ns2.dns.nic.office.
+office.			172800	IN	NS	ns3.dns.nic.office.
+office.			86400	IN	DS	6562 8 2 DBFB7BBBF0BED181CF7797BEE3565A527B9D4746148AD3B2B835ECD1531BA925
+office.			86400	IN	DS	9475 8 2 8193E9E63984C0EEBAC5E602C134CA712C7843002BCDDEF3C08A199AC9D4308D
+office.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . pv6pF3O8eR+pS8e39+QNPdrlByw24ApUs9Be9h/m6VuFvNBenIkQuJNRZSY7Bf5PqG0YC3dPmtZOO5W5ktYn19umNPT7gK7gmF1SyiPpIQ25zxd1ebbBBEoG2t/jB+HvPOrz/2roQf9puyHfYpQlwxHvapS9nBU8PAXB2raBEHHyC8yqJ6LAtBm5unoEA1+WQ2y/1XqW/pGeBCVb2loH9R4lfjaKc4kVwQO+/W2AM8Rj64H/VzPw2X2tztTDuB0oWdoMW/F/zgg/GzB1aS0zGEsy9/z8aJbpB/IM8OiOJ2ahTkH7KJ0Gzu3o0Q6+7o7c6+yu44EUANhFgxqrLhx83g==
+office.			86400	IN	NSEC	okinawa. NS DS RRSIG NSEC
+office.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . Ji1r/BQHzlGt4JzGZYjGTSkl8O1OhAYhFat8BuWcM8F6XnqmVhMzDbYINyQ9bZKRuB1E5Bslw/WqVQZ3Rpm2b69kKVuqZMsR2nUFwstG5M14/upA0vHJDf7LVtzBUzSCq4ZBCMSCKLHNw1kgWy8roiOpg2Vxmy7Gl8KpE/KH2mjVnhwY5QHhxEXHXZu3wcOgfWFUYniUISwn4R+bwk2m385Xf3PKRTqgmKxp0rU1olNn1aIcg/w6M4Hv4iMjnYOkUFaHqxuhKkRMsZ1jvrbl5BKrCWqn9dwy+gr+XtAomaFz8w/5iOYU/NeCTH04ka0hBNkhJXV6ZseMch6HgD5BFA==
+a.nic.office.		172800	IN	A	37.209.192.9
+a.nic.office.		172800	IN	AAAA	2001:dcd:1:0:0:0:0:9
+b.nic.office.		172800	IN	A	37.209.194.9
+b.nic.office.		172800	IN	AAAA	2001:dcd:2:0:0:0:0:9
+c.nic.office.		172800	IN	A	37.209.196.9
+c.nic.office.		172800	IN	AAAA	2001:dcd:3:0:0:0:0:9
+ns1.dns.nic.office.	172800	IN	A	156.154.144.126
+ns1.dns.nic.office.	172800	IN	AAAA	2610:a1:1071:0:0:0:0:7e
+ns2.dns.nic.office.	172800	IN	A	156.154.145.126
+ns2.dns.nic.office.	172800	IN	AAAA	2610:a1:1072:0:0:0:0:7e
+ns3.dns.nic.office.	172800	IN	A	156.154.159.126
+ns3.dns.nic.office.	172800	IN	AAAA	2610:a1:1073:0:0:0:0:7e
+okinawa.		172800	IN	NS	a.gmoregistry.net.
+okinawa.		172800	IN	NS	b.gmoregistry.net.
+okinawa.		172800	IN	NS	k.gmoregistry.net.
+okinawa.		172800	IN	NS	l.gmoregistry.net.
+okinawa.		86400	IN	DS	33736 8 2 ED3CF17EF5286EE0AF90213FD802871A672213FECE32038557DD2A0375A2E6C2
+okinawa.		86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . PKJHugHSdiQJm2f5v3HVqU8louevkzV/WXy/yPfydTrtlecKJb9Rk5dBCQpNnTFJF4lS8b80pd6QC5Yb5VCwRkY9Wkd3Lb48gyCjx8q2sXZvG6k71b6Q+x7CRiBzhpBvu+6ms+MnzKZ8oQJDxSZn4g532Era9m7G5wIY85EOsOVFMfYrC3FsKforDw4Ghu//JSAGes1kBYVRmh4ViVPt96j1GTQyK0kU41JfcjgVbIFPy4QQO6N3DeW/7yxGnc6/XvRH+3MCfoIF5+e88m2B5u1rBbhr2US+9TEdLMRGBfaDtimkQWxGSf7ViHhpoHDYhUZC4QtEl4kmPYhdVFt5Gw==
+okinawa.		86400	IN	NSEC	olayan. NS DS RRSIG NSEC
+okinawa.		86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . ajpO3s01lbmeRl07WdSZCj8FHbJ6JnCprx7QRSKVj4cYNGxKVBk0uWdEIMArVRDnYgQLOtP6ea16L2O6uEBnWFvutHg0nsF4F0OsUW8VRuqGSwuT9RIFXxQr0nOcpGbtHm/bs9Q4F1Di+zeBUExMs4umtw15r4Jtm2uvlX2PE2PptNb4OazxtTZ4S1Y/cHufKuoQCZ8DnPvHXh7qihv7YY9f8CEKlusLnE9aLrSutgss3XVCHsNoAf5Uum+GtoAz4yVOxiO9A4gIjfDcvk+9avyXSLZIll/iNvQz9xEG9Sh+X4N1uEzbXa7qHF92EO7s5pILtIuOybcJ9s8HfPLvYg==
+olayan.			172800	IN	NS	a.nic.olayan.
+olayan.			172800	IN	NS	b.nic.olayan.
+olayan.			172800	IN	NS	c.nic.olayan.
+olayan.			172800	IN	NS	x.nic.olayan.
+olayan.			172800	IN	NS	y.nic.olayan.
+olayan.			172800	IN	NS	z.nic.olayan.
+olayan.			86400	IN	DS	24340 8 2 84F7ADE4991F5338FC9612349A62C456810E645B4AF49B77AB8DD029ED8E5CEA
+olayan.			86400	IN	DS	60061 8 2 930E37D43F6F58965863B8906ADADFDF0091EDEE90B6C8C0DD3A88ED5112D2C8
+olayan.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . mHd3zMSAy3KJmsnEFsKg2XbXBqb1m0XY2wd5NqsiGu8L6/vIbxkMFLm4DZtxMLSjzsulpMqGFe/8TXAIRybX3+DX4mGGAqhdLXabok2wW8U/haME/ZY2weIeFe2WDnW5t90D+dXDBeg0or5c8hrlpyozt21hp10lSI3wlIZS9btU4fTBTvgZriC2so86I3cdcm1pHoFr8ZEm3TPwfGOhZ8f/XoKg6CCG1j44Q35MZenkYPoz30fwC4OdoOW2EGqgjLueNs3FT68QF7k7OD6muIgcYChoaCmz7rf6/rebfDNFcIMiKbi2jvaZlc+IwutloGifpq9QClaZr/ciMbPIgA==
+olayan.			86400	IN	NSEC	olayangroup. NS DS RRSIG NSEC
+olayan.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . 0BT8L3JrxrCSpvWiewjmKlzKfTM2GTQSeo4EkhCtP67dbblTczDB8agVlvGDD7GX3SXNRvQg7HtGGPdU/Lxv+bXV0u7OHdEwgkhNElve9SmKvUwbhR5Vvb9M3b8cYz0Z0W6E7wX8kfvqV/v8yqem46jHsQFOhw/yTkWBIkTS0tqfbK6ms9XuSdJSgXpYO22ystwKn/BqEyUyEnTv/mCmLbS+J2CBRQFSJADI/lcesKkInGWX5kJEELp64hAey7QRJ7l+5VOkwPkUfHd3gmqAZTV76NOLeKNs7qkhf41sBU64Bi6cNo44oMuRsIp1TUxxBT94q+oDblgQ99Ooe0zq0Q==
+a.nic.olayan.		172800	IN	A	37.209.192.9
+a.nic.olayan.		172800	IN	AAAA	2001:dcd:1:0:0:0:0:9
+b.nic.olayan.		172800	IN	A	37.209.194.9
+b.nic.olayan.		172800	IN	AAAA	2001:dcd:2:0:0:0:0:9
+c.nic.olayan.		172800	IN	A	37.209.196.9
+c.nic.olayan.		172800	IN	AAAA	2001:dcd:3:0:0:0:0:9
+x.nic.olayan.		172800	IN	A	156.154.172.82
+x.nic.olayan.		172800	IN	AAAA	2610:a1:1074:0:0:0:1:82
+y.nic.olayan.		172800	IN	A	156.154.173.82
+y.nic.olayan.		172800	IN	AAAA	2610:a1:1075:0:0:0:1:82
+z.nic.olayan.		172800	IN	A	156.154.174.82
+z.nic.olayan.		172800	IN	AAAA	2610:a1:1076:0:0:0:1:82
+olayangroup.		172800	IN	NS	a.nic.olayangroup.
+olayangroup.		172800	IN	NS	b.nic.olayangroup.
+olayangroup.		172800	IN	NS	c.nic.olayangroup.
+olayangroup.		172800	IN	NS	x.nic.olayangroup.
+olayangroup.		172800	IN	NS	y.nic.olayangroup.
+olayangroup.		172800	IN	NS	z.nic.olayangroup.
+olayangroup.		86400	IN	DS	6919 8 2 44A731318AA7D54EA4F18178AC0EEE1DE541334C36F9917BB6249F41895D774C
+olayangroup.		86400	IN	DS	12544 8 2 B8A9FB54EAA15AD63B37CA39A06E8EC0052D61D51A8D26D5A825F81C2E1850D7
+olayangroup.		86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . aBpCIWWmTu/l9v1TmEbX9RCI5eP+Wg5vepaKc1mFhMxQgFcz13wrwAcCGEljkuEDn7VGCPZsMvELVSfEGhaIWc/s0LEUQDHOcbU2Vs76zILOqBukdefVn0aTOGWR72R5GnJpEIdgmdaSspjkKHjlYGH63Acd74z94wGGjG4PJ68Or+bNwbL+aydLEgbb2iv53Tfm4jZzK8xue2RIhwz4VIU5i9GdzpEOp65pE6fG/MdgoR///oaZzPhY6WP1vFlaSOMaALjUxnVKvsgSo4hAf7D8bWPMgygc+KOHKCw0H0IZ0Q5c7gqM5BN+K72ZvQOWbImxCcL0T/P8+/XB/RAyzw==
+olayangroup.		86400	IN	NSEC	oldnavy. NS DS RRSIG NSEC
+olayangroup.		86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . mQfp738P/sJZA8dzrLYyfzjaHw+d/eqaVMgj+1+O83KCc3RY0VSW+c7xiqvM68iZx6GGL0uTH1aimRPe4PkjG22f25ysrfZL5YJ5E9enPCaVz5C3wyVt7YACNohkjqB4FLe6m1uo64A5/epmtJG99rl/fQrDzlzumvbkfOBnC3yXzzNXaDBEURmS0D8oMdSwL5w77fl4WRyqLVDG9xgjix00H8v/XELSjW8R8caonakMgNAiK3FoaKiFug1iyH7vDg8ASxeE3Xk1OhLkAb9hxMy4f2a3yt/Nz4EscS7Gy3aGXMNDn8mOlhO4MhLJP0dinUQ1QxgsdB2FuMcNKv5JuQ==
+a.nic.olayangroup.	172800	IN	A	37.209.192.9
+a.nic.olayangroup.	172800	IN	AAAA	2001:dcd:1:0:0:0:0:9
+b.nic.olayangroup.	172800	IN	A	37.209.194.9
+b.nic.olayangroup.	172800	IN	AAAA	2001:dcd:2:0:0:0:0:9
+c.nic.olayangroup.	172800	IN	A	37.209.196.9
+c.nic.olayangroup.	172800	IN	AAAA	2001:dcd:3:0:0:0:0:9
+x.nic.olayangroup.	172800	IN	A	156.154.172.82
+x.nic.olayangroup.	172800	IN	AAAA	2610:a1:1074:0:0:0:1:82
+y.nic.olayangroup.	172800	IN	A	156.154.173.82
+y.nic.olayangroup.	172800	IN	AAAA	2610:a1:1075:0:0:0:1:82
+z.nic.olayangroup.	172800	IN	A	156.154.174.82
+z.nic.olayangroup.	172800	IN	AAAA	2610:a1:1076:0:0:0:1:82
+oldnavy.		172800	IN	NS	a.nic.oldnavy.
+oldnavy.		172800	IN	NS	b.nic.oldnavy.
+oldnavy.		172800	IN	NS	c.nic.oldnavy.
+oldnavy.		172800	IN	NS	ns1.dns.nic.oldnavy.
+oldnavy.		172800	IN	NS	ns2.dns.nic.oldnavy.
+oldnavy.		172800	IN	NS	ns3.dns.nic.oldnavy.
+oldnavy.		86400	IN	DS	43291 8 2 C1B93F6A8AC42F2F15DBB3C74AF29E6F32E5A59D330F84E761A895ECA3371914
+oldnavy.		86400	IN	DS	61489 8 2 69B39A1FE5AD03F2A8494D74F48B0D7330E074C529F86CC1988456A8E2C83E2B
+oldnavy.		86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . Tz2b1jwKLDmG0r03SAogJF+ov4MnNg3zBb0Wc9SUrmMEtO0pcU0/DkUFazKZDpsZXEAxDyPwFc6GXDLPGTL25svnpfASoIZADmDmSqZJsGWNPBlcgO8Br7nb6lpmXt2jj+NL0/Uf5E+mY9NjKr9zskXnoUgG3W+j5knfsJDpodUhcrlfnxeQih783WAcCsdBTqgMZhLDba0Pqj+v8wf55oMXoGcRrui9XSqhFlpPuKv7U2pj4sm8x4iKiqMIWWq157oQ+h5GgKunF8qUe8vaqMu61Ri+7Zzfh77MHMjeHQbFNdgcG2G88H2+fG7tF4ekVljzeqMK/Kf5hSJG1KNjpg==
+oldnavy.		86400	IN	NSEC	ollo. NS DS RRSIG NSEC
+oldnavy.		86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . Q/Bz4JoOqzymilAGv0u5/1Q4Qy3Z9GdCt4i3/JxjOxia2g7QwTphCsbPIIJBBNSrvzUB2GbeDPxwZ5AxLClCAfCjQHlQ+EET+/lhz3PNq+CfcVsdN1lQxt6UPmuUXPZxRUFay/1+QcYX0lcKUPDqYXfotNWP/0mA7SjBiSVMp4t5sXtXwMVSUHNyjKh5xZNn2ZNbSKHaFsU+D7ZzyKu2zUjMwpgjpzE0eThq/HUV0L1TurTdhr0md1sRrajrlNacN8f8fDI0Ug+UIQAA9mbTqY7l06f1bjW/q0GBpqKdbq3zG6mdbElRfBmQB4kJYTBhwy+9JXLtF7tCP/xsNRrG2A==
+a.nic.oldnavy.		172800	IN	A	37.209.192.9
+a.nic.oldnavy.		172800	IN	AAAA	2001:dcd:1:0:0:0:0:9
+b.nic.oldnavy.		172800	IN	A	37.209.194.9
+b.nic.oldnavy.		172800	IN	AAAA	2001:dcd:2:0:0:0:0:9
+c.nic.oldnavy.		172800	IN	A	37.209.196.9
+c.nic.oldnavy.		172800	IN	AAAA	2001:dcd:3:0:0:0:0:9
+ns1.dns.nic.oldnavy.	172800	IN	A	156.154.144.127
+ns1.dns.nic.oldnavy.	172800	IN	AAAA	2610:a1:1071:0:0:0:0:7f
+ns2.dns.nic.oldnavy.	172800	IN	A	156.154.145.127
+ns2.dns.nic.oldnavy.	172800	IN	AAAA	2610:a1:1072:0:0:0:0:7f
+ns3.dns.nic.oldnavy.	172800	IN	A	156.154.159.127
+ns3.dns.nic.oldnavy.	172800	IN	AAAA	2610:a1:1073:0:0:0:0:7f
+ollo.			172800	IN	NS	a0.nic.ollo.
+ollo.			172800	IN	NS	a2.nic.ollo.
+ollo.			172800	IN	NS	b0.nic.ollo.
+ollo.			172800	IN	NS	c0.nic.ollo.
+ollo.			86400	IN	DS	39565 8 2 63769A931A3EE95AFA940CC2D02CCDCC01BEF022B6445495AE8CB153E211B3F5
+ollo.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . coSXH1mBPWEKbRcktdPptonnNt/mK/olm0CqvPJpymfr9X/oBrMd0nhfD6PVQSWAg5eRqycpMwvbJ9FYq7YTtWtp1Ohp0hU40aWOLNHfZLS1F6S3P1z0xWAkpteqrkgueWd8kNV3yskpInzuxqnisy2BGoGVKhF4Mu1jaC1R1O49a8Pq/nxw/fa/vxrpoUW0d5Of+44IbWyimtZi+5lCu10LTHaqU7K/1fqEyQdDId9IXNB7l9AJiJQz+yduDEtv863Wd9ogGzcQSW+BNlRGpKJwlRTqF9ByNMrBluJ1+0jUHPN3brStIZmeDhY7qOOEV+4fIpEBWpepDRMHzItEhg==
+ollo.			86400	IN	NSEC	om. NS DS RRSIG NSEC
+ollo.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . l5m9GUNRvo8R7xiXVreiL2FtOb+g+k0NGuyEYnNaWBrvQ4SIgVLPHzp4whq/RCb9tkf29TJhgme10CZERPHLZ9bqpAyWYvMv+JwmAprILQPeU/US819ES/JMPCmzOCE8E1mZfKxQePRzP9CtBReVvlt2k4DvSImznnkdoP4q23+7TT3A5YB4PSl26GaftuWhHOYhM3RAwnNNG35FVhInUPSvxW5gB84/F/7r57kcDOzqhw8rjbLNubFvYii0GFSKpLfaq/52MrrV5wJKMkxFpu+Kso/VKeoc2ENlcf+DTHkm/pH+L1B91jynKUwrj81IydtFj3fDpSmkRYESu/MSsw==
+a0.nic.ollo.		172800	IN	A	65.22.96.1
+a0.nic.ollo.		172800	IN	AAAA	2a01:8840:5e:0:0:0:0:1
+a2.nic.ollo.		172800	IN	A	65.22.99.1
+a2.nic.ollo.		172800	IN	AAAA	2a01:8840:61:0:0:0:0:1
+b0.nic.ollo.		172800	IN	A	65.22.97.1
+b0.nic.ollo.		172800	IN	AAAA	2a01:8840:5f:0:0:0:0:1
+c0.nic.ollo.		172800	IN	A	65.22.98.1
+c0.nic.ollo.		172800	IN	AAAA	2a01:8840:60:0:0:0:0:1
+om.			172800	IN	NS	ns1.registry.om.
+om.			172800	IN	NS	ns2.registry.om.
+om.			172800	IN	NS	cctld.beta.aridns.net.au.
+om.			172800	IN	NS	cctld.alpha.aridns.net.au.
+om.			172800	IN	NS	cctld.delta.aridns.net.au.
+om.			172800	IN	NS	cctld.gamma.aridns.net.au.
+om.			86400	IN	NSEC	omega. NS RRSIG NSEC
+om.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . mvzmNMJYqKDSnjS32Cdkvaor/l3NfMZOYjKFz6SGPY4b5Alj8C0rJ7EPKfWrGtu8cCMSFF4PN9jaWFzrzuzP2QUypyCs9GaCBqPx1/raccZzVxAwY2RqBQoOomynoxLsULmUmnuESwvjtXi/j5wjH2VgCZlwA84FBkfLrlRDfzh6Tiq9Ec0ZGpjHE26B5IMLv+hDYXckcUHZa1+IFg21p1iDC6yX4W9mIXPbiyjyDVBVwIN3zRegDB9SIe6IIsIPXmhp6DWCODwtem7mezSX4ZhH2azH5vFykSkLh5ajZbKHpEeWlsKQT5ZZ/i6+OKb/vWrWQ/4AXDDHBtbIcgMfhQ==
+ns1.registry.om.	172800	IN	A	185.27.88.50
+ns1.registry.om.	172800	IN	AAAA	2a00:9120:1:0:0:0:0:50
+ns2.registry.om.	172800	IN	A	185.27.89.50
+ns2.registry.om.	172800	IN	AAAA	2a00:9120:2:0:0:0:0:50
+omega.			172800	IN	NS	ac1.nstld.com.
+omega.			172800	IN	NS	ac2.nstld.com.
+omega.			172800	IN	NS	ac3.nstld.com.
+omega.			172800	IN	NS	ac4.nstld.com.
+omega.			86400	IN	DS	4269 8 2 439D91ED221DE512CB04F3A7218DB1B019340B8D6228AB73DEAD0DF30AB5CF7B
+omega.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . SwEeWESs6TdHDJj0eUGYoeO2Icv47O5raByW/EYF1Qe0x0unLZ394dG5EZmlkJhMnl0JqmpYqlGqzDiZ6/NmcKF5ok88i2D61nPBsi0UbjvvUDXlNbDX3flS8X+IM3WW7KOD2E3/LIkmzAqdtGzI1W8S4tc8/GSBbT6OYoUAhfymyTXe8I7D9zIA5rBrLfr5Lftsm//U6X26HLlk7cw6uhUyddY5ems6jsf1xWQhKGpdWSjqaJRbGk255uyOKvPmwplRcvMhJwAhgbsVn6pq2+OhL41H6W76dAzq4lrmHnptLZS05bXx73CKBGv4gv5aNivAzoy9d2NKX0btlMkF6A==
+omega.			86400	IN	NSEC	one. NS DS RRSIG NSEC
+omega.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . uEUsBQp+OLiBN/WADJV4eDqOMCz1EgOVVkxRymS6tLaUncbSHL/24j0AZ/44bhfzZY01Te8YyUMWR+fjw7AZ6as8/aFN/6k2yU8ceern5yR8rEPshfFnNdFRxFSL2yy5ATQGoohi0Ds78VKOsogpluwGPr/HI0SDbzR9meDermqaf1C1K6yMf6BQaAcN7Ge9mO2c8r9gOEMh2fAKMcovoUXipR7g/CioG/PdW0t+RKN3+CMLRkzk9wnWCsVaw2nsq3CWmAUFFT00VAWP3AaKAzI+A+zs26E4L5XzJ7sD2cdAuUmIGQ4dqBd6FMa7h5hVXPg9NVRJxMEljp6+GXjJlA==
+one.			172800	IN	NS	a.nic.one.
+one.			172800	IN	NS	b.nic.one.
+one.			172800	IN	NS	c.nic.one.
+one.			172800	IN	NS	x.nic.one.
+one.			172800	IN	NS	y.nic.one.
+one.			172800	IN	NS	z.nic.one.
+one.			86400	IN	DS	56899 8 2 C28CDE2F5E88289C26584A4E6871B41E0F0C2D5F7F2DF2906E8FBB275AC4AA68
+one.			86400	IN	DS	64939 8 2 32961F5F8CBFC0A1714EB5589E9CB54E83E1340380B5D76EAD661D58EA55DE9D
+one.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . nTHcwF0Q1cmAhpNvImTm3RjnbRdrRlHC5+h1wovaZ7xT4scufSKFPY5pXlPgXNc1bCQo4dOJD3vY3iYVXoZ1T8VXTf7k1rE7CPbPcMeT160/oyU1SD5dnt0msznF5BwiUk+QtBGgIB9vgPS60QFIDluRy0QhMlVPOJLHo3XWuKGSPdDF4avgx6lAlk079/wJlw5ivnAFdy+L4fh09Pu1KhHG6P1EtOWrYRp54lavAnKAJWiQUZ5XpXoFnoZmMpUs9aavjQrXRIR1vkcItBm1XCnkPgHopfWRO523DajMDaT4ek9qPll+GkYUl5l6o37jQTJoWZrao5jVIHqQZed8mA==
+one.			86400	IN	NSEC	ong. NS DS RRSIG NSEC
+one.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . d0LGSE9yJE0i0fjl8gEN8qcR2iRKxFiEyaxexyAhUMaLyVRUYXFwiXMMNGlNfhAbIfVxh39odkLxKEt+6BJLSo7cZuVAHF7xDtgs2Bt4bVu+CRrCQScBVv6EG3fZrOtlwM6c7z7qYklhW5rMLpisN2OgCj4tZ8PmvR/dnHXcGOi4P7nU78Z3dahk7s3Xue+vFhJNfRwcLZbo0kz2f8io5L0rdZxnLy3V+Bgh5Rb1mJZ8R1hyriKZfxzEtJI3mOBJJOcl21YZwDvdJBLDS8gPswIOk0XUeegEKBeyX0+2wjTwsVyVQ8/HwJuHrf4TFnxRuM2b4JL8AWBLrC5a0TKX6Q==
+a.nic.one.		172800	IN	A	37.209.192.9
+a.nic.one.		172800	IN	AAAA	2001:dcd:1:0:0:0:0:9
+b.nic.one.		172800	IN	A	37.209.194.9
+b.nic.one.		172800	IN	AAAA	2001:dcd:2:0:0:0:0:9
+c.nic.one.		172800	IN	A	37.209.196.9
+c.nic.one.		172800	IN	AAAA	2001:dcd:3:0:0:0:0:9
+x.nic.one.		172800	IN	A	156.154.172.82
+x.nic.one.		172800	IN	AAAA	2610:a1:1074:0:0:0:1:82
+y.nic.one.		172800	IN	A	156.154.173.82
+y.nic.one.		172800	IN	AAAA	2610:a1:1075:0:0:0:1:82
+z.nic.one.		172800	IN	A	156.154.174.82
+z.nic.one.		172800	IN	AAAA	2610:a1:1076:0:0:0:1:82
+ong.			172800	IN	NS	a0.nic.ong.
+ong.			172800	IN	NS	a2.nic.ong.
+ong.			172800	IN	NS	b0.nic.ong.
+ong.			172800	IN	NS	b2.nic.ong.
+ong.			172800	IN	NS	c0.nic.ong.
+ong.			172800	IN	NS	d0.nic.ong.
+ong.			86400	IN	DS	45685 8 2 535CBA6CFB082FFCCE6584C2958DCBDF706A21DE784096A2738B3ACD8D643032
+ong.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . cRb+WPBhOdOX+sirvmVJX7PgeYHi1/w9J4Fnm+LRJeK4c2Td7f7dGpCD6TTzW5vqVMKa1E67B8PoIgmf6BYvzy3qRWdQRT2wJtszAT2jb1BnzKJLs5RHCzjQ/eJIR3kS+m7d0aAFn1tQTOF5S50UYCn+zb8o8Jrr6rJGCzQjHRLSD6SFTMcayAnwrz32VxyTcuSC6cyFSkomTET6GtYeG/gDbwrtCBZih/zPchZ7P9Ip2KGSmUFnYKZ9ZTQbS8vy81naoVBmG+k5q29qv7ivt17vRzLnuQ8lhejV3O8XVplYoZzxnRt0x28Y67sE6+/fLOtILFHN9I+o9sHKg9xpjw==
+ong.			86400	IN	NSEC	onl. NS DS RRSIG NSEC
+ong.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . Gm3OSCvJD+trJF3LmSWOw5u+y/jglkV/hXQt0qzVkilwZhtBOLJVls7USyNUlOYqweuXutq3lRiMbDKTcK/Rw30sB+cKkxJdPE/xRtzfje3tWebxAaZ9UpTIuTqMt3VKPe44CMVCDvHHpkDc/8gdulIATMUA3YJz0ENlHWt+xv6k1Uy7pKOxioiB+n4yeUAkowLtIocQPPpm8qaWCeef23RuzhSYanCG/j4NSiwgRPVSoHMnsSbXr6rVYjvMtQZrAkE2txjxNBBlpRmDn+/3bCnHMQdh9Dkc0bgkwf1uC+V++sPyCfeB1raL9UjHfpc0FSmgnrHaapY4jvc83N1Rwg==
+a0.nic.ong.		172800	IN	A	199.19.56.1
+a0.nic.ong.		172800	IN	AAAA	2001:500:e:0:0:0:0:1
+a2.nic.ong.		172800	IN	A	199.249.112.1
+a2.nic.ong.		172800	IN	AAAA	2001:500:40:0:0:0:0:1
+b0.nic.ong.		172800	IN	A	199.19.54.1
+b0.nic.ong.		172800	IN	AAAA	2001:500:c:0:0:0:0:1
+b2.nic.ong.		172800	IN	A	199.249.120.1
+b2.nic.ong.		172800	IN	AAAA	2001:500:48:0:0:0:0:1
+c0.nic.ong.		172800	IN	A	199.19.53.1
+c0.nic.ong.		172800	IN	AAAA	2001:500:b:0:0:0:0:1
+d0.nic.ong.		172800	IN	A	199.19.57.1
+d0.nic.ong.		172800	IN	AAAA	2001:500:f:0:0:0:0:1
+onl.			172800	IN	NS	a0.nic.onl.
+onl.			172800	IN	NS	a2.nic.onl.
+onl.			172800	IN	NS	b0.nic.onl.
+onl.			172800	IN	NS	c0.nic.onl.
+onl.			86400	IN	DS	40711 8 2 2144E3A641835A0F4944A2BAB8DF4DD9EECC76A76C330690765966C1C81A2D78
+onl.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . b22j+nguEbQfXswEFn3LbAxtNAxmUTAhx7jGmH7tc6eIUafkwxnTFyRcyuLdsGbA8RIeIumwymqPo8v3YTFmQL53z1XomwWnvx6eZ6/CvdrC9TY1aqjdUePxJcnzLo6wMEvJ0rU8AKAwg//3YQDNMkm5Cr6UXjIdIcSsBfBJ3tsTEJSlxXqyF0sdeWA9n2h2UGGkWi6ZTptH4u3+p2Y43kkb+lBSm1G2L96va2eZWA9WR7E/z00aASr1ODP9sigwYDeDF1hwm+cTP75h1k6AyrNoSgwuU86pX59NpTD/KSG7r4oc4weky2wBa7Ugd8CNT0+AhBj8UaWw14KfBCjLXw==
+onl.			86400	IN	NSEC	online. NS DS RRSIG NSEC
+onl.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . YRocBY1CNAWJyDM1xh1DMcep771VNHqLhqNZxxHs0fVvSpKwvAI99EgjcNlDtuu33x3WGVSRwi9rZOh73p14etxAEP+rfqzkXFIGCMFeEHber4sEA9SLx8mo0vsZMMS0QLmQB0G8KGpXAKCemU6REXkpOxaJhuP7lH4rQvWcdapdLGI/NTojtkVqr4amu3c+LspJPftDkAb+RG51tihOkF1oDuCUm3RYueTeAQEsuJqWSoODIwLIiwrQhu69ZAWOMKzXrapHVhBFSGvJK5hKmRZG1PFP/hvjhtMcJzd1RqvlYTt2jc5G7o9hatMipVJGy7BAPrjS/cM1czLjqBPvbg==
+a0.nic.onl.		172800	IN	A	65.22.136.1
+a0.nic.onl.		172800	IN	AAAA	2a01:8840:86:0:0:0:0:1
+a2.nic.onl.		172800	IN	A	65.22.139.1
+a2.nic.onl.		172800	IN	AAAA	2a01:8840:89:0:0:0:0:1
+b0.nic.onl.		172800	IN	A	65.22.137.1
+b0.nic.onl.		172800	IN	AAAA	2a01:8840:87:0:0:0:0:1
+c0.nic.onl.		172800	IN	A	65.22.138.1
+c0.nic.onl.		172800	IN	AAAA	2a01:8840:88:0:0:0:0:1
+online.			172800	IN	NS	a.nic.online.
+online.			172800	IN	NS	b.nic.online.
+online.			172800	IN	NS	e.nic.online.
+online.			172800	IN	NS	f.nic.online.
+online.			86400	IN	DS	4267 8 1 A038DA06A96AD8E9BFE2BA78C392FF7804B4CD2B
+online.			86400	IN	DS	4267 8 2 66D7010609CB19E99AD1DA2833DDAB8CA2E7ACC1CE870CC28D29E76EB53D39BA
+online.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . ur0uNAveh2LpAZlklHM/0tkPfQchi6Lu53jnpzNs93XlzoM7JVPj0fnYoWhxJVM7f4YaqCDMhmAYDLvLPU06pG8DM183RVjD79TMzNGu2F9iiEVPMCmR2Lk1RUvmL6EsyqY5k4ArBKHqSv4Qp45lRMqjelj8Ue5gR7p/0ZchabtKo6I2hyLDr/QULdy8sBa8PazDgR09Xzu0vloqPIDrS33flzUQ3InJtWxDHt4Tkr98CF0jcIwOXWv/IqMI49bmgk2HE8nLFyS6FGzeVHygwjh5LNH9WwSAxAyOPqlv2aKRHL+toB2nxrHbkyssBahUg7gN+RJ1xYQ6fzP/KkEwAQ==
+online.			86400	IN	NSEC	ooo. NS DS RRSIG NSEC
+online.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . nOYuEyfJaWvLCj5gX3vOg9OIZqwI3vp7EYgOOA3cWjJpGYcb9j9mo8HV+WpUE0K7qPcb4t8rY2OKrgimiTLkvTv/4i/Q9aG4DWX3vAexg7x2djjaMt9OoDl2dj28JBfwE2+G06NYZfIYEVpEtzEjCFDEwYeoh5SucAUp4jKV5eRaL257dmOOgwlBvZ/IY+P51Nomgp7QnCxW9POhPDsqKucNFzH9wDSBnEv7T+dH/ouwv05zegvsOIQfHLPW2+Q6XlN7uLt8fZC2FN/Vm1+sxzBobVzflxmME5H/3CROQQ1o7XGIPWE+BKhHk4aNY7s7UiTAWXjQEjm7pjPlPZm4mg==
+a.nic.online.		172800	IN	A	194.169.218.54
+a.nic.online.		172800	IN	AAAA	2001:67c:13cc:0:0:0:1:54
+b.nic.online.		172800	IN	A	185.24.64.54
+b.nic.online.		172800	IN	AAAA	2a04:2b00:13cc:0:0:0:1:54
+e.nic.online.		172800	IN	A	212.18.248.54
+e.nic.online.		172800	IN	AAAA	2a04:2b00:13ee:0:0:0:0:54
+f.nic.online.		172800	IN	A	212.18.249.54
+f.nic.online.		172800	IN	AAAA	2a04:2b00:13ff:0:0:0:0:54
+ooo.			172800	IN	NS	a.nic.ooo.
+ooo.			172800	IN	NS	b.nic.ooo.
+ooo.			172800	IN	NS	c.nic.ooo.
+ooo.			172800	IN	NS	d.nic.ooo.
+ooo.			86400	IN	DS	32919 8 2 2A406589BC010BBD09BB78E067DDE644946D1AF4389113341358CF135B6F4910
+ooo.			86400	IN	DS	41890 8 1 27DDE633B73DD1F2703C0A89695862B056A0D29F
+ooo.			86400	IN	DS	41890 8 2 F9807556257F226660B308490776B72FEBD70DFDE2ECD9E850FA1127B37C7799
+ooo.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . aIq3AAjbEtSWoQJxCPtjl0fNWef5PS6ch26+IAznt8klYH0PvNF+DZkmTEjyPz3pQzWh4SZr4Q/LMJZ6KlVPh322jJk2oq2N0LFB1HygjqVlhwj/F9vQYp0txyamlvME7U3+FpJxlgXE9RaD38qqxFSka/xkLCnT2TQFVvExwPZJWyd3YImPhQ+v+rSQlYFjwzWRR1mgv+jRq9D1l6Kc/Z3aqtGza5Z2xvjDlR3hd70PDknkJ8BMuygPj83tQMJFjAo/LqLJVIhSRTAmG6X5m4Z+PYG5aZqoKgtuHqTm2Mp416fGXJfE1T5RbhEH/hKUGmi6xB6NSVCOaakYAyOcaA==
+ooo.			86400	IN	NSEC	open. NS DS RRSIG NSEC
+ooo.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . KzzLhD+h8RlDS4RX6lYIeKbZv1RFXTynsPPKE2SWeoqi0pggDndfF5h9c7p0OVvVLtFGn37SDaGnVT46MSXlpwFo8HEAMaAL2iDm+XiMg5CuKTpKkyCdtOHcy+ZJ/zY/pqquG+NeHHoBsTwuaGg3qAF2pO5BiUjqSSMehwOSKr18ZwXwwRwrpsB7s34/HNbxzomHJBa9ZWjP88Kh7XQ3ya2OZOgnoTTWjIUGGF0zZLW8msiqvQflAZgE3s/Vnd44QIX/yVTNiJKQ89PzBlviN1QTVYLaElfbdnJGTTnDC+Ll1EKmHlPJDSBYgQuZusXDIrrcRTltrMQRSt8q8G3Mdg==
+a.nic.ooo.		172800	IN	A	194.169.218.33
+a.nic.ooo.		172800	IN	AAAA	2001:67c:13cc:0:0:0:1:33
+b.nic.ooo.		172800	IN	A	185.24.64.33
+b.nic.ooo.		172800	IN	AAAA	2a04:2b00:13cc:0:0:0:1:33
+c.nic.ooo.		172800	IN	A	212.18.248.33
+c.nic.ooo.		172800	IN	AAAA	2a04:2b00:13ee:0:0:0:0:33
+d.nic.ooo.		172800	IN	A	212.18.249.33
+d.nic.ooo.		172800	IN	AAAA	2a04:2b00:13ff:0:0:0:0:33
+open.			172800	IN	NS	a.nic.open.
+open.			172800	IN	NS	b.nic.open.
+open.			172800	IN	NS	c.nic.open.
+open.			172800	IN	NS	ns1.dns.nic.open.
+open.			172800	IN	NS	ns2.dns.nic.open.
+open.			172800	IN	NS	ns3.dns.nic.open.
+open.			86400	IN	DS	31069 8 2 62311A119E0F3920060A74F5347B9A7A3DDF121B060690AD92487970238D555B
+open.			86400	IN	DS	37351 8 2 A7C742AF4B9A5C8F40C652AB5438E4107599C7F5B052FBF6588FD1CD79C9CA78
+open.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . F6gkZ4GAqg7FuGQYuCzzAvtj0xaEunQ6EIbAzlJ5T+Ijhd6+sxtZvVldAxq3y+r3BD4rgG7AI5F7WgSvPL88kixP9NCe20SYi8xbk1jwHto52pV6XtyIdXqhvn+IzWg8E9SA/dW3LQB4s8s6AOfbQHNJ0e75/l6mVbqMSV755qDQVaoyi3qiWyFk8F3pfZVjyyuz12t9IAefggy+nKZZ00aspwkjHjxD0fzGjxtCPuNa509Ac2Br4DmRx4Npf+rE6tAAJsQwN8LylM5XHSzjv1qDivDiH3l00HnFsxWh6H/vlNV0io2x7x7nRffdWJ2phqnIq8yAhmptfb1M0t320g==
+open.			86400	IN	NSEC	oracle. NS DS RRSIG NSEC
+open.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . tjN1NUKLwJroveCIsgOaIjZTPH73fa/cBpMcrURpr8AWhCp5McNilwg11kGP6Cq6mT/5zrltAQUyw5WfTA3bo1sNUxBLMdJcDlCEeArMuSjad50pwzfgWjpBFC4UXS7P2B9y6e/sE4w6+lK3nZnuJXjR9XaqW7TfM9zNkr2DckFVO/DYTXzOAAYFpSF23nHNgEoR1Kthu9ukv5TOXH1bmGTvhzmUiHg6PTAEa3iFecZGYuo9zmHh+xxi1xCVCZEAeptzt3LWvHYvZ8yTx6gNXPTM11TlD1d/n86ju3bzb96lOjSqmtuKGOnt3p17w6JhQGBV8jLGKvOkppLpB1NMuw==
+a.nic.open.		172800	IN	A	37.209.192.9
+a.nic.open.		172800	IN	AAAA	2001:dcd:1:0:0:0:0:9
+b.nic.open.		172800	IN	A	37.209.194.9
+b.nic.open.		172800	IN	AAAA	2001:dcd:2:0:0:0:0:9
+c.nic.open.		172800	IN	A	37.209.196.9
+c.nic.open.		172800	IN	AAAA	2001:dcd:3:0:0:0:0:9
+ns1.dns.nic.open.	172800	IN	A	156.154.144.128
+ns1.dns.nic.open.	172800	IN	AAAA	2610:a1:1071:0:0:0:0:80
+ns2.dns.nic.open.	172800	IN	A	156.154.145.128
+ns2.dns.nic.open.	172800	IN	AAAA	2610:a1:1072:0:0:0:0:80
+ns3.dns.nic.open.	172800	IN	A	156.154.159.128
+ns3.dns.nic.open.	172800	IN	AAAA	2610:a1:1073:0:0:0:0:80
+oracle.			172800	IN	NS	a0.nic.oracle.
+oracle.			172800	IN	NS	a2.nic.oracle.
+oracle.			172800	IN	NS	b0.nic.oracle.
+oracle.			172800	IN	NS	c0.nic.oracle.
+oracle.			86400	IN	DS	6291 8 2 9F74ECCB6080A089661309A8AE8F82146D0EE4CC7CA96F01F62AE47F76368F2A
+oracle.			86400	IN	DS	51169 8 2 43A2FD7B6DF137824C6EE5B145AD5FA8664600165EF0C9772B1D286BCDA63873
+oracle.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . 1K7wj20ofHWKbdKzDt1Mj6yRirnPKDglOG/XRrEj1bKnG2VjydHTLX3AH+wc9mGwMewvHr/ur78gVX2DnJXpUxKX9HfX6lkCAHh58FKUI2oq5GF6vjkHAN2h9g7WzHnLpG350JSfSciCYT21AoljAlvzBA//H0bk0RWlYPWXdKy1Thc1LjKEXjYkMeKiutV1/jI33JAcG6Bi09Kos84GZU3KB+jyvBGIybwV2yYLEc9AEfBC/shJqrvm+mY3+qswp6D8DP8gaswN/BDNEY7ljWSKNHdWr/6gs+LNIfLj7AMRKWGeVQNrdMzoJNkdxWzFMmPSHydzwbHM4zRjKZaY8A==
+oracle.			86400	IN	NSEC	orange. NS DS RRSIG NSEC
+oracle.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . cliZDXjll+gWrgGqPz4KLBDkVstQk7VrLRIfEGlU2Jqw6PEr2w55gFoVJWKMMCOc7UqpYmWyHCmQdCColNNp3HfktHBxBv/9rw0V9eCVdkeVsxURYqzYNDX6G/YWWv+OdS3gBhN5Z6mo9vc2eWedKB1uMj5rybOx1x3xYXFUae2ID2fYi1/A4UZ4U/EFFrRXzxIJrvjKNPSkfkcD8wEd7m3KLHOgeP6zQ39br/AzqrvlBMK0qo0baBoMvraDuZlKJHtz1gr94DOyCk8bPhAaVxoDtAGxh/htX3KikyI0mA0mLlT8H5s+3XGsycS5GrFAzHr3i1CCqWWT9LDmFkk7Bg==
+a0.nic.oracle.		172800	IN	A	65.22.84.25
+a0.nic.oracle.		172800	IN	AAAA	2a01:8840:52:0:0:0:0:25
+a2.nic.oracle.		172800	IN	A	65.22.87.25
+a2.nic.oracle.		172800	IN	AAAA	2a01:8840:55:0:0:0:0:25
+b0.nic.oracle.		172800	IN	A	65.22.85.25
+b0.nic.oracle.		172800	IN	AAAA	2a01:8840:53:0:0:0:0:25
+c0.nic.oracle.		172800	IN	A	65.22.86.25
+c0.nic.oracle.		172800	IN	AAAA	2a01:8840:54:0:0:0:0:25
+orange.			172800	IN	NS	ac1.nstld.com.
+orange.			172800	IN	NS	ac2.nstld.com.
+orange.			172800	IN	NS	ac3.nstld.com.
+orange.			172800	IN	NS	ac4.nstld.com.
+orange.			86400	IN	DS	44385 8 2 54957BDF3921CA2D50BB340E042605F8D39EE91CA2A08A37424CE88882C4FE1A
+orange.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . 0M9qbxp4RcnAikJ13Kf0gcoJiSagMulg59Ck8wfPz2y5Cw4kIuYOOmKDTPXYVfmpkFMI5FZJZebv490j4L6J4muUxbr8RMlEuXClIZKJlNXE9en83leTLQr+WX31tV8NWy8LPODHqV2Ty3xAIR4TVvn3P44K6SSQi74wuhGnm+Ucfrkldg4fKxq6Frrz/NTY1tDWYgrPX6KOCI8xTLgtbVWBPcFtLvuPr092hv7goxOgCZCWSRSD2LEFhJhFeq3viqhwGpsyNi2RCpxFYabOBpd3q60ZGfiMrmI8+0M8dm5GTPX3Ygb22s5PFdBiFdn58nlRsSQ7s71qnHgo/fDwmQ==
+orange.			86400	IN	NSEC	org. NS DS RRSIG NSEC
+orange.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . qFjMrhbCQ3/aWQpiaFsN+bUef3mqNFsI5WdaGtWp4ytszTvlZ3Wu1IviInFMpU7VIvpbOGmAJEtnk5W9I8LSFTsLK5UiF7XX2CgNHKVRJDUoMnUdpsUzkB+HkzGFzjY8cgIWJBeBynC5BkdnrRnBEKvWMq3ynLo1HSfDCwMdQ0rdCgcKY/iFfO0m2g5MxCC0zCPBN/P0Jt+U0AM/1NAWl3UequT0b6jQo0dhTpK4tTy0gSoEfCdMYdu/SfBlmNdBJ4fQ1gnHt0aPV1fYpU6XaG+AjTi9OUKerPLYoCXaMM8FWojsnXkCo4+yVyI8q90vnAoZwPrAc1ektPRc9rphOg==
+org.			172800	IN	NS	a0.org.afilias-nst.info.
+org.			172800	IN	NS	a2.org.afilias-nst.info.
+org.			172800	IN	NS	b0.org.afilias-nst.org.
+org.			172800	IN	NS	b2.org.afilias-nst.org.
+org.			172800	IN	NS	c0.org.afilias-nst.info.
+org.			172800	IN	NS	d0.org.afilias-nst.org.
+org.			86400	IN	DS	26974 8 2 4FEDE294C53F438A158C41D39489CD78A86BEB0D8A0AEAFF14745C0D16E1DE32
+org.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . RMU0ubR6ZXNGyCOe0fq1wn6OC9jptsOR5WzLCBU4ur6QrzqNuG49jNTENEuks620T0nh2wumrcRMd9qe/eaJkGPzMl2IrN6ioQAC1fI9vyUDyvGQ3hXgeE+2ixlLX808dER8/FvshncUD+tR44Wb44YOfm/nYp7MYKEk+5Xwck9U+Dbk6ADLoTvq7qtbvLBmj52Iz5nAiyDjX7x2xTGzqsVoG5gQwOJNOOwYzwqgW2uPzOJ7D76fZYs47ei4kY6HLYa1OUc4eGdB4//6dPrVZnokKSuVvHyrLyNG9W0qYbxiCfp1oiIVlmAsYgGZIaROQt4Loj3dzyF5lIaB4M9g1A==
+org.			86400	IN	NSEC	organic. NS DS RRSIG NSEC
+org.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . dIRbqEbrXs0ax1WLq1xaD242FZ2Uy4y4FH1ND95GxjWReJtL3c8q0qmsaI4Rx1QTtc7PmT7FffRBh8c4W975qP0mwz/iol+2OVWcjlN4VU/DteixuVtufxGqHfKwOEDQBlNuqF+ftD+CzprNntLFD1inIBGs8kePjNQ0kVXCC697V08o0vlkGO2npvV9oz8jlW3X/3LTwQFpzJUPkTFjYzA7rIn799L8Euk+kxnIjxFEUJ30XIENX/o+uRzxS3U8qnK3fFfIOJpyuvgOdtdfesqCFsXRzXqxg1n9BH4Mb3vWcyENvIBT2tPnQJvCWADZTt3pEAlmpXHvuge5zQj4XA==
+b2.asia.afilias-nst.org.	172800	IN	A	199.249.122.1
+b2.asia.afilias-nst.org.	172800	IN	AAAA	2001:500:4a:0:0:0:0:1
+b0.bm.afilias-nst.org.	172800	IN	A	199.254.60.9
+b0.bm.afilias-nst.org.	172800	IN	AAAA	2001:500:26:0:0:0:0:9
+b2.bm.afilias-nst.org.	172800	IN	A	199.249.124.9
+b2.bm.afilias-nst.org.	172800	IN	AAAA	2001:500:4c:0:0:0:0:9
+d0.bm.afilias-nst.org.	172800	IN	A	199.254.62.9
+d0.bm.afilias-nst.org.	172800	IN	AAAA	2001:500:28:0:0:0:0:9
+b0.cctld.afilias-nst.org.	172800	IN	A	199.254.60.1
+b0.cctld.afilias-nst.org.	172800	IN	AAAA	2001:500:26:0:0:0:0:1
+b2.cctld.afilias-nst.org.	172800	IN	A	199.249.124.1
+b2.cctld.afilias-nst.org.	172800	IN	AAAA	2001:500:4c:0:0:0:0:1
+d0.cctld.afilias-nst.org.	172800	IN	A	199.254.62.1
+d0.cctld.afilias-nst.org.	172800	IN	AAAA	2001:500:28:0:0:0:0:1
+b0.info.afilias-nst.org.	172800	IN	A	199.254.48.1
+b0.info.afilias-nst.org.	172800	IN	AAAA	2001:500:1a:0:0:0:0:1
+b2.info.afilias-nst.org.	172800	IN	A	199.249.121.1
+b2.info.afilias-nst.org.	172800	IN	AAAA	2001:500:49:0:0:0:0:1
+d0.info.afilias-nst.org.	172800	IN	A	199.254.50.1
+d0.info.afilias-nst.org.	172800	IN	AAAA	2001:500:1c:0:0:0:0:1
+b0.mobi.afilias-nst.org.	172800	IN	A	199.254.56.1
+b0.mobi.afilias-nst.org.	172800	IN	AAAA	2001:500:22:0:0:0:0:1
+b2.mobi.afilias-nst.org.	172800	IN	A	199.249.126.1
+b2.mobi.afilias-nst.org.	172800	IN	AAAA	2001:500:4e:0:0:0:0:1
+d0.mobi.afilias-nst.org.	172800	IN	A	199.254.58.1
+d0.mobi.afilias-nst.org.	172800	IN	AAAA	2001:500:24:0:0:0:0:1
+b0.org.afilias-nst.org.	172800	IN	A	199.19.54.1
+b0.org.afilias-nst.org.	172800	IN	AAAA	2001:500:c:0:0:0:0:1
+b2.org.afilias-nst.org.	172800	IN	A	199.249.120.1
+b2.org.afilias-nst.org.	172800	IN	AAAA	2001:500:48:0:0:0:0:1
+d0.org.afilias-nst.org.	172800	IN	A	199.19.57.1
+d0.org.afilias-nst.org.	172800	IN	AAAA	2001:500:f:0:0:0:0:1
+b0.post.afilias-nst.org.	172800	IN	A	65.22.1.1
+b0.post.afilias-nst.org.	172800	IN	AAAA	2a01:8840:1:0:0:0:0:1
+b2.post.afilias-nst.org.	172800	IN	A	65.22.5.1
+b2.post.afilias-nst.org.	172800	IN	AAAA	2a01:8840:5:0:0:0:0:1
+d0.post.afilias-nst.org.	172800	IN	A	65.22.3.1
+d0.post.afilias-nst.org.	172800	IN	AAAA	2a01:8840:3:0:0:0:0:1
+b0.pr.afilias-nst.org.	172800	IN	A	199.254.60.17
+b0.pr.afilias-nst.org.	172800	IN	AAAA	2001:500:26:0:0:0:0:17
+b2.pr.afilias-nst.org.	172800	IN	A	199.249.124.17
+b2.pr.afilias-nst.org.	172800	IN	AAAA	2001:500:4c:0:0:0:0:17
+d0.pr.afilias-nst.org.	172800	IN	A	199.254.62.17
+d0.pr.afilias-nst.org.	172800	IN	AAAA	2001:500:28:0:0:0:0:17
+b0.pro.afilias-nst.org.	172800	IN	A	199.182.1.1
+b0.pro.afilias-nst.org.	172800	IN	AAAA	2001:500:c1:0:0:0:0:1
+b2.pro.afilias-nst.org.	172800	IN	A	199.182.40.1
+b2.pro.afilias-nst.org.	172800	IN	AAAA	2001:500:e1:0:0:0:0:1
+d0.pro.afilias-nst.org.	172800	IN	A	199.182.17.1
+d0.pro.afilias-nst.org.	172800	IN	AAAA	2001:500:d1:0:0:0:0:1
+ns3.asnic.org.		172800	IN	A	213.248.223.254
+ns3.asnic.org.		172800	IN	AAAA	2a01:618:407:0:0:0:0:254
+c.ci-servers.org.	172800	IN	A	194.146.106.86
+c.ci-servers.org.	172800	IN	AAAA	2001:67c:1010:22:0:0:0:53
+c.dns.flexireg.org.	172800	IN	A	195.253.65.6
+c.dns.flexireg.org.	172800	IN	AAAA	2a01:5b0:5:0:0:0:0:6
+ns.icann.org.		172800	IN	A	199.4.138.53
+ns.icann.org.		172800	IN	AAAA	2001:500:89:0:0:0:0:53
+a.lactld.org.		172800	IN	A	200.0.68.10
+a.lactld.org.		172800	IN	AAAA	2801:14:a000:0:0:0:0:10
+ns01.trs-dns.org.	172800	IN	A	185.159.197.3
+ns01.trs-dns.org.	172800	IN	AAAA	2620:10a:80aa:0:0:0:0:3
+organic.		172800	IN	NS	a0.nic.organic.
+organic.		172800	IN	NS	a2.nic.organic.
+organic.		172800	IN	NS	b0.nic.organic.
+organic.		172800	IN	NS	c0.nic.organic.
+organic.		86400	IN	DS	22474 8 2 5803FBC9F1FC0D4AA172DC24F6B2B099F18DC13E04CEE7F605777D798A3A812F
+organic.		86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . eLSiUXBB9j/KziEQl4GjXfQaDEcioUbyHaJkYjTC9dSg2bfNSP1aO1M4msR5dv9RSibtUhb2silGbpCSBLoq9Mk5GWmW7/dS8/6CFedAcHnHmKFhIrSlzZ2GHGXK8V8NhMrVsTVAJOK52/d9JYlg0CXceng8e6Tzggi+G4n9iHqbvWg7DNyvtxaWFPbgyH+AA191uTm94OK5WzFV6ifW+E9YsJ4Z1RABrdQQxP2qkaB9kfVxM0w9Uy3fmcrXCUxRcPHkucg/bNrTGM0vHzV+Ubfav3AXGMHeIjJzkmvagRYyoC8pUN1a0d9VK3oai/TaELufD9x5PN6rwY8HCLwU6w==
+organic.		86400	IN	NSEC	origins. NS DS RRSIG NSEC
+organic.		86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . gBlmWIn4xpZqAU/8/saXXCtdGge25oMMhpPaHn3k8/A/oqVaMz13ODRsnGuWcg1GbHr5sNx6NbfBdflvFi7CM3NorWTHw46H0oMZzVzQ0xQGLvrtJExgsWPDSftIvkwhjle5eXoAkU+cptDaAr+ds85CPysYjuqNOAMK1NHMRsFjkKGtz6O1AaKqbd0D80JwD8yfJNpCoaqDdynVG1zLEZfiE9Rwuo92N20zq0CTjbXmKS/gW7a0SmSRRZZgH84ye6EKnlXRzaq1uNkjmsrL7TqIucVPwfs08vshpjzfeYFSzmzkcicsHzvqwzP65kA+jCbrSwEAsi1IniZlA/JWoA==
+a0.nic.organic.		172800	IN	A	65.22.20.40
+a0.nic.organic.		172800	IN	AAAA	2a01:8840:16:0:0:0:0:40
+a2.nic.organic.		172800	IN	A	65.22.23.40
+a2.nic.organic.		172800	IN	AAAA	2a01:8840:19:0:0:0:0:40
+b0.nic.organic.		172800	IN	A	65.22.21.40
+b0.nic.organic.		172800	IN	AAAA	2a01:8840:17:0:0:0:0:40
+c0.nic.organic.		172800	IN	A	65.22.22.40
+c0.nic.organic.		172800	IN	AAAA	2a01:8840:18:0:0:0:0:40
+origins.		172800	IN	NS	a0.nic.origins.
+origins.		172800	IN	NS	a2.nic.origins.
+origins.		172800	IN	NS	b0.nic.origins.
+origins.		172800	IN	NS	c0.nic.origins.
+origins.		86400	IN	DS	25234 8 2 5290155E291FBA766EB200F5E95AC883BABFBBFDA64F5AD243068C7C8DC6019B
+origins.		86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . VWqSOcwdGGjwIlmxvfAZz/r1TegwCoQEEMCKTIYtbuEC1SilX/2VRNVC5ZAvVJalqORQW31kt4IqNDNHexdqGkYsyT9SQ7NLpn/MDfGTZd967uKBTz1vDnRdTXOG7XZsw7QPSjPXQSJK0WJVVJU+vIX1+xWK1nyivwFOq8i3HTzvmE6ZJ7elED1Pr/r8UpP7ZX5yxyHoaMd43g4LIioF7cBQ05fwnvxXuspibLVhPmI0PMyBoLyY+IAlETQ6pAW+SGoXdv3v4ZCrCYKkdK7beJkxljqsMwv1YppbkS+DtO23zBOm2c522ZylQlh/3DtQtWWuMrJddbxaEbC6DUdVLw==
+origins.		86400	IN	NSEC	osaka. NS DS RRSIG NSEC
+origins.		86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . 1IAqUbjtOcmVWe35buRVhEKCx0q0ja34TRl1vWMkX8PmoZ8mxhWFcLmdV+LFq9cJiOz3tW23uByqHYY3qe57h8bPTQ5AExNZm6Z2syDT1A6ymSFt/X0wQ5H6II1fJfwqI127djw1ux+eGB5QWJkyJC03VGobKrNNaZXbX1UoE7zf8UhekDiqMozWXN5Jt0oy+aCxDt8+/h9PTlwwyggIJNoDfsUvg+sQx3ctalpLHVuyghHmpzP6pVZ1J0FlJt5EErhW3T92Qn+aXmGVRDU30YAlcwGexQgJ5FEnU/JGvcRBC3eaM8FtmT3AClJEThQKvF31NCfoQKuqXoSpGwVD5w==
+a0.nic.origins.		172800	IN	A	65.22.52.33
+a0.nic.origins.		172800	IN	AAAA	2a01:8840:32:0:0:0:0:33
+a2.nic.origins.		172800	IN	A	65.22.55.33
+a2.nic.origins.		172800	IN	AAAA	2a01:8840:35:0:0:0:0:33
+b0.nic.origins.		172800	IN	A	65.22.53.33
+b0.nic.origins.		172800	IN	AAAA	2a01:8840:33:0:0:0:0:33
+c0.nic.origins.		172800	IN	A	65.22.54.33
+c0.nic.origins.		172800	IN	AAAA	2a01:8840:34:0:0:0:0:33
+osaka.			172800	IN	NS	a.nic.osaka.
+osaka.			172800	IN	NS	b.nic.osaka.
+osaka.			172800	IN	NS	c.nic.osaka.
+osaka.			172800	IN	NS	ns1.dns.nic.osaka.
+osaka.			172800	IN	NS	ns2.dns.nic.osaka.
+osaka.			172800	IN	NS	ns3.dns.nic.osaka.
+osaka.			86400	IN	DS	49957 8 2 7E2477A5BCB64B013BA654F6EFB43C6478DC172D05463CD8C43C2DD7187E9B2D
+osaka.			86400	IN	DS	50221 8 2 90146B6E89FB883144F08A93233F7265086D9E43728EE1C2739F5C3B6D00F9FC
+osaka.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . t597VtcsUuC2qJeNLVi0j5CJkhl3VIPt1nQoxIZ4j/zqrbhREmUBVY8+FAgOh6tbECHX3eff7UQDfJLoPP5ThJMpx1qpC2rIT1lrS8HX6UsOVtaA7lffvGO4yBntn051nQ2wUL1jgh+59TQlyi25WZ6YJk6H9040lYgxO6nU9XCgWF1q7Eb5F5oDzLIWTCuppOiCklAaQ31Nc9zT4VXWU4AuyolLcpeFnR7NGAo54wCToPU8GzBMzqQmdlx0++yT4FNsBGweDh/S3Dknz4eDDYEDbOKXoNF0CfNS3xLRDWDDZtUGKXezOx0AeuPr2T/a9ksp8x+s3eiHsuMRf3MwwA==
+osaka.			86400	IN	NSEC	otsuka. NS DS RRSIG NSEC
+osaka.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . Be332wRsxt5GSqe5mkCd7xQjxwstTroi1t3Wj5hg6mgsu2YoJPo2hq0VuRYBO3iMMvIeo3wCgQqA3rWyEved99DwjUgGQHMmRdlcdHVk1saY1VZ3cywqowEL/Z4JHeip8Hzb2XB2U4nNsFHJfhlvrc5G7pufNr1numRUMeNV+3+xzsbnemmqk2SJrdX8H5gqPmXx95AA3crINEbP8+vrrELeZ1lvyA3Mcw4jrJuTHi6v1ZpXSkM5n6vWrKAaqaRMfSbfafGgxMH7/PxM5bEKvv5RmIjZiQV1HGogHlzIwyTdnT6X3hipgwA0ncz1lg4Sbrc1hKCT97MC6Lf4oAlEoA==
+a.nic.osaka.		172800	IN	A	37.209.192.10
+a.nic.osaka.		172800	IN	AAAA	2001:dcd:1:0:0:0:0:10
+b.nic.osaka.		172800	IN	A	37.209.194.10
+b.nic.osaka.		172800	IN	AAAA	2001:dcd:2:0:0:0:0:10
+c.nic.osaka.		172800	IN	A	37.209.196.10
+c.nic.osaka.		172800	IN	AAAA	2001:dcd:3:0:0:0:0:10
+ns1.dns.nic.osaka.	172800	IN	A	156.154.144.130
+ns1.dns.nic.osaka.	172800	IN	AAAA	2610:a1:1071:0:0:0:0:82
+ns2.dns.nic.osaka.	172800	IN	A	156.154.145.130
+ns2.dns.nic.osaka.	172800	IN	AAAA	2610:a1:1072:0:0:0:0:82
+ns3.dns.nic.osaka.	172800	IN	A	156.154.159.130
+ns3.dns.nic.osaka.	172800	IN	AAAA	2610:a1:1073:0:0:0:0:82
+otsuka.			172800	IN	NS	a.gmoregistry.net.
+otsuka.			172800	IN	NS	b.gmoregistry.net.
+otsuka.			172800	IN	NS	k.gmoregistry.net.
+otsuka.			172800	IN	NS	l.gmoregistry.net.
+otsuka.			86400	IN	DS	1147 8 2 99FA7BA5260C1C400FC5D65616FD3D796A6AB5AEA557314CAB10392DE8FC90B3
+otsuka.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . wmJlBln+MGvn/2iWT5GLZ8ARhgdJajdYA1ti8438Uk2E3Xi/GwSJQhlT3WmfPmGm+mIwe/iSN3j1Q5vAfAH9QWozigiXi6Ak84M5f1KnTdxVqZCxYJswEiL9jDk28s4tcuNQko0+G1V5jyLRJ5j4QMkld8Lfcx2kIyKPzYCdCPR82mbH5GzNH244rkWSmH3m5IFyIgy9XZ5V3ygMAJ/Hu/g0RlgG7o9VEqUSOM6AzwbJQl2b6JmPVMda1KhoPR+jWu27Ee8Wt0SagYFDGoMPzFlqlhHe3GN5j67wdQzx8HG9xT4gquVy819qIjUXeCgQx5Dsk65ZrgBaj8k68lcsbw==
+otsuka.			86400	IN	NSEC	ott. NS DS RRSIG NSEC
+otsuka.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . jMoayH6mKKIs6YNDWJeyQOAcOYnVnHbtTGvd+oGROyy6fISTJ9ckI1iv+15+oUGt+g5O3s1cOU7ajhkme3lU9xAQv8BMhNiTHDFLIkXLNMygakYYp9XIEZQMZIeM1XxW5xgHKc/565MKNPBkeYqu4NVSjtTxow3KoFb3iRU7DUUPeLeqW3i+1nkLaecWhXAAvsr76xpWPc3xCN8CEV8ZJ0xOGmo0GR17B80xgFnhi1VxGNUdms3efagjF93KLLX+tjxkpgHfqUZBfWJutI4KjiJ1yKznXp2EbipIuG3M6mRGUh77g1c9ZwfZCLUfW/+Q32+7GPSwhUpcaYUPykMang==
+ott.			172800	IN	NS	a0.nic.ott.
+ott.			172800	IN	NS	a2.nic.ott.
+ott.			172800	IN	NS	b0.nic.ott.
+ott.			172800	IN	NS	c0.nic.ott.
+ott.			86400	IN	DS	39925 8 2 EA35CB20303CA3E610C87E77947BF04693F3E14933C59A60BEFF384BD0CA0654
+ott.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . vhslQvnn0Cc+WadpLgS4GmgSiyMstpwDAP5nBwZb5tA6yguGcmFLxy+onMTxq2xprbCYdARzPeK3n6FT2JDL3eJnafwVhPAGzU4GL8vyzGbwN5tdp2R0dBp4qITfZORkZ2eVBTzTwRWaWmA6Mywi2o3grdxp/V0Lwk/ADBA5vPaq8dSu5lKnwdtC/qQ7lDg0tl+RJclCocWrFoo62eIjgyOojcwveLz6l4/L5dFNalE8YRTmDnYn3KOIz4DhKk6oCTsocaozRUJ71zy8JrvygJg/Y0YTI8Z7155VYtQUOQcsLiBwfFtAHGB64M6ZBSZwzC6RbKFrwjYRxM7CifB7OQ==
+ott.			86400	IN	NSEC	ovh. NS DS RRSIG NSEC
+ott.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . JnhpXIzyM/3QDkN9TpWJ0co07YFcFq/gstAghwE1whnvbPu/UkeI1AAVAH1h/LPAkarnOPvTAfVMWeU3kSS3KvAHu0TfEt4rxAUHSbY6+CTiN+9B5aFJRS73X3lJYz0ZPg7UkReNESjNIZ0pHqjbzrBzDbq8vBumBCuFjHrx0YpQI2zAt1451BnuYDHy4RkCImvtOesd9PxIHD0YnC2XrZ0qP/QX5IA0xWGGRP/5Jou/XaT7wo45lfZ2P4HDqBUIVhVNgo7DOKCnZGuZo0rbI5AKugHBWmoWXKaUuofIRRlCVLYRELMRN8Fi2S23FHkpI6D3NCV1wu1KMLLTLR/iqQ==
+a0.nic.ott.		172800	IN	A	65.22.92.9
+a0.nic.ott.		172800	IN	AAAA	2a01:8840:5a:0:0:0:0:9
+a2.nic.ott.		172800	IN	A	65.22.95.9
+a2.nic.ott.		172800	IN	AAAA	2a01:8840:5d:0:0:0:0:9
+b0.nic.ott.		172800	IN	A	65.22.93.9
+b0.nic.ott.		172800	IN	AAAA	2a01:8840:5b:0:0:0:0:9
+c0.nic.ott.		172800	IN	A	65.22.94.9
+c0.nic.ott.		172800	IN	AAAA	2a01:8840:5c:0:0:0:0:9
+ovh.			172800	IN	NS	d.nic.fr.
+ovh.			172800	IN	NS	f.ext.nic.fr.
+ovh.			172800	IN	NS	g.ext.nic.fr.
+ovh.			86400	IN	DS	24939 13 2 02A3F789B7D6C726513EEBADF7F64741FED1ACD57405339D9D50191C620CD914
+ovh.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . e8jTt6CjNg7frr0z65phrnm+oeKm12MXycjHLGbpKtW3+VD4Txyxi+fPmBL922/x3kPjouvVMpd4slVsDQ542kW2GX6EokwSiO6rUP/9c7f4tKzt6keDBkYDMSlYOqI6m7runvVz4L3q2uBmWXlDh7/wQdpNe0JJ17/NbOqG0CDnLYyyIa/LXuyMUjIiByoKioZVCeJmkcrKnmfWJrDX/0rraL/q6K6/74bt59m9lTu4cpcIayFYvaoyaNXfBV1Fb6xkUDgN5lt+S+USvBjg3X74i+zDCGrJLidg+nWWprdqm6tYaXT+GiFMfAW+b2ioRZJ0ZJrraad3TSAOd56kBg==
+ovh.			86400	IN	NSEC	pa. NS DS RRSIG NSEC
+ovh.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . tG5wEfkIvm5g5MIHDvnl33nV2gYxHgIwg7GfUIr1SDz3tqq3oEyD8yje7AdQ6DZIgp0L08aUFRvi1KOeTXCgD5DWm0OqV+QM3CjseK1qzOUTImD1FM07x0292qDIWalW1AI7kgzbbifEEQSg440IViuKsw1qw5gAJ1i1vUG3bw5xUXekhap+r3LOEpfX+5MoJPxg01dFI+4J7kKQ+JfOGIEtVMZxbPc9G1N569H80Crccib877OaqcBtUlKqL1Hu5m2vT4NQmt7Vjw+DK9YiQEEEdtFMuKRmlCNUfsOzamMGUKvCvkuG2lYpuLdxyXO6Bhu+QMFo3ZlWEXibbx+p/Q==
+pa.			172800	IN	NS	a.lactld.org.
+pa.			172800	IN	NS	ns.pa.
+pa.			172800	IN	NS	ns.dns.br.
+pa.			172800	IN	NS	ns.nic.pa.
+pa.			172800	IN	NS	ns2.pa.
+pa.			172800	IN	NS	dns-ext.nic.cr.
+pa.			172800	IN	NS	ssdns-tld.nic.cl.
+pa.			86400	IN	NSEC	page. NS RRSIG NSEC
+pa.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . or3wTMJ5+xMvB6Fo8uLNWYXvxGR4TcQ+yktupkLNLaG93rAwMyQGemIYZqMjjeHS2XJtPotk7ZXSD0vdgeFNkWOjEYnoCl0DMN+Ye7/ZwjqGHPIT5n9aqaontbbaojFpimJ7pGbXg/yGKUuetrtn8GKSTTxIQnO0E5vZ1bFO5rUBLXlucAp4Jh+OegMOlT2z6RSv002ZeMbF/EtG+h5L/ibGLeN1XRjFrDR3VfeU41IG2zmlHIBRYMHLYTWCkaYEo3w0rpnZ3A/H+vND4y8XajyHrcTyMrVZtY/IjX9Op/pPFfEcpu1Bf+nOLyODDPWZIVN+OZ22YGsYEs0UuPum0w==
+ns.nic.pa.		172800	IN	A	168.77.8.4
+ns.pa.			172800	IN	A	168.77.8.2
+ns2.pa.			172800	IN	A	168.77.8.7
+page.			172800	IN	NS	ns-tld1.charlestonroadregistry.com.
+page.			172800	IN	NS	ns-tld2.charlestonroadregistry.com.
+page.			172800	IN	NS	ns-tld3.charlestonroadregistry.com.
+page.			172800	IN	NS	ns-tld4.charlestonroadregistry.com.
+page.			172800	IN	NS	ns-tld5.charlestonroadregistry.com.
+page.			86400	IN	DS	64712 8 2 9BE1303B86187DF7F8EBE1C51BC70C2BFA1BC12AB98383AC2A7D0E18914292F5
+page.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . c2GWf9pAfZ3NQXQMnh0fYXfKvhZL/WBktFT2/qTqljHRP/UA4kcEGCuw+Rbk92XkhbJqAwtN0n0xFee0xA9GOPMMQmouIGVNI2m/Lhck5FuCUv2o6unUit5aH4ySCOObEokq38V2uNh3/SywcAYzDErEyk+9DkTFdRqKyQTNAQGKwlgh7UaKyuYKjHfTKFY0p3DHpggaO+ehZcrDFOq8znFprg3Euhywtyk69zsm07YxjpCEBJnAtBdU+VWGbvjLeG2eZT5wQ1Ssf8zrzrfYircBia1PgXYqZ87FnPOTabKUBuEJ9m5kmY+aOnel24wWWeunoymWrEGBob04PPzyzg==
+page.			86400	IN	NSEC	panasonic. NS DS RRSIG NSEC
+page.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . QQC96HIlUszE+TPY9nI8dHLCNyUqLirGgruQAO5dW2GTazJgsBJNsNTbHGkvlDg3myHWt3XrFmbynsOjwSVXQz4A7F/RZUHCppp4nC2GRCwYLnoYVlW4IezkHRw0Jkkfz79BPZUHH5M3T/g2bfY0P0jVsT3sdiLv2XE3bClc+5vCMLZYk2O4+lkaHqFUhhe8ErEI6+uYOD32Bp04hODEJDbqVPyJiIM5iqOwlfetr7TNSntoxr1E5jhOoY2Gv3YF6ONQ5vBUnCZJrDZXbU7gbqpUbx6r+DJu8svLvS8y4+GfSWB4xhFIp66HPzRNw1aeVCW+Z/e1h/MczvixzMrYtw==
+panasonic.		172800	IN	NS	a.gmoregistry.net.
+panasonic.		172800	IN	NS	b.gmoregistry.net.
+panasonic.		172800	IN	NS	k.gmoregistry.net.
+panasonic.		172800	IN	NS	l.gmoregistry.net.
+panasonic.		86400	IN	DS	45016 8 2 A4B88BFB2B883FDF8CA5630562061FD5D7979F203962D1F4C5A0C9D79C4D3AFF
+panasonic.		86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . jEOarU6D+1aQer5vq8c3l2tQfi1z9gWSVU6iDuYdY8d2DFOP2Z6gYJk37uPZ1kTBhvJ7M4FInZPDQxKXEQ54xsYBl62f8kJvHKYSMiCFG3KcIZg8SvXTWnWm4lH/+M88KWJX9CBiOtRUkmlahbxL9eXlhkNAW88Dskx+z4mjajJkcp7SS1jUu/h1Oorm7ivq/smm30uWp3Ea87bZOoUTIdUXYxsXuUg/mN4XmZ/+9u9l/K9SLHHzu/d5VNn51q7Fen0MI7IN/LwIrvWiDWWU60cYQ0IRcAlmINp1vond2cSUPZv/9yB6eO5w7PhryYM9aPYxJ8GWo1lqxUiXWM7TKQ==
+panasonic.		86400	IN	NSEC	paris. NS DS RRSIG NSEC
+panasonic.		86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . BLlYH/xBz9Iy1ymoXJvC5NR5MKWdipfphM/bVNDo6EwVJemm+BitOLi/kIxCNDYJRRgGg3MUO6iLFg5rzGkTgrFVYtZDeV7DdaPWP5wotCAxD/4lwCDXYoQXp1L+vcOl1shkNW/orXeazUFDpJBhqcXRRcz3jzvhFnJeMiWgm2aUD2PTWATJ6y92gP96uR4FU7Wgu7qIXnkBr+fs6Vr5+ATwAaL9Ex/vXkTSKKpfpjJP3wiylieBNDf++peR2F6nvVPwxMCoA1jgyWjt/3Yj9Vx/0ew0P8cDaI/b5GlFi9Aq+QF0SDa5m5r/yx8aAF89rE2EinuV95b6GY2DOHAcjg==
+paris.			172800	IN	NS	d.nic.fr.
+paris.			172800	IN	NS	f.ext.nic.fr.
+paris.			172800	IN	NS	g.ext.nic.fr.
+paris.			172800	IN	NS	h.ext.nic.fr.
+paris.			86400	IN	DS	36157 13 2 E9AA567B3FFAD9AA9F2C6A0BC0B7FED6D338C5150BD5627812A5F9957969C37D
+paris.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . Sy1qtHsIq/c1oBIszj4Oz546wvdQIrTScWZ/7lYZj5IcRXssmgppQYk7GoSFXsxSzSVAP5Q993FXZ9ROEEAlQiDxruhLEFnBG2sYSjaQMqcXAnyNgOicOM6A3ALwkLg4w1f5tSPVqBqWhYXcQdnHYY14pFYm/a1hVVJ9gOaajbz/ObTH6eZHXjADEIWMToe7OaTbo0ugv1E1b6Z/FUF+QNRhmx4Sclb5vIzIlSg+jYuHvkBUFs1RrU0A0Wo7Ii4GzGcvbr++pmzJnSPM1GTinJLVuATnsh7C/vz11ripNuVyVxg/kfO7rjaNCuWCyez7HdtLRpOIl7xuOjJjaCkfHA==
+paris.			86400	IN	NSEC	pars. NS DS RRSIG NSEC
+paris.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . dtE0tyf0rHo/uycXbUA0siuysSvpPph0ACxliyYYDvWl63lXutdNEobFIr1USon5M7in/CXJQbNNHYvNMx4K1CqLKoQbfYcspJ98BfFSVkFK/6F5/YS/gaxoxN1NaXzYDdFTN9aOCrMxumpREsyrHZRfYrpA3ELU9nnK/E35jhUcNTXX9d2hE8D5Bi3hptd10y9F8sEEtT0wK1okmsCEf+bZXsdUsnqkFo1fIYKHBOhF8+P0u+boElzQbLE81ZP0N7Sd7NdS3ght1lcJ3wFtEeyni5iE37wRzAh239UVR7xxmM213dh1Lb2mz5prfOAV+dpY3SkldC2Qm1JsjTVUtg==
+pars.			172800	IN	NS	a.ns.nic.pars.
+pars.			172800	IN	NS	b.ns.nic.pars.
+pars.			172800	IN	NS	ns1.anycastdns.cz.
+pars.			172800	IN	NS	ns2.anycastdns.cz.
+pars.			86400	IN	DS	2911 8 2 BD1468967B866D21C106F1A2B92906604380E7787BE97AC2855219DDE2CD2285
+pars.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . G5q/wRxAqqA2JWHGw3nT44yf/BDwh0X99X61bdLpIAkNzTChYy/hqYrrEDF2G05i8oX9rkFlFGNWo/VXgDse0YWMv50muT9+6dgHjItYd3joRO9I9PUm+zC+6jr5mS16KFkD9sn1MdVT5dRBZp5uCJfO/zjl5wSQQbQ1mGkJUb0nkKEQ6WxZ5Fx6MkueZRPgEetuYzAaNo9bDugYIO5LAx+8iDDpsmNz7Nm8fq1JIq1Cwb2/b1HTKbI7+h/o58opxN/Vy7+VvyLrxFlheOhVGuQu213H3wLo36mfEwaA22i5YosSGizI+pwc/fZUnKoDOwuIjyz5J/je8MhdRLH+Ng==
+pars.			86400	IN	NSEC	partners. NS DS RRSIG NSEC
+pars.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . uX/gbYHtLSwIre+tTt4iRNapCoQ39QEx102YcdyZZWxDR5vY+iEaTrFWqaXM9lve9lpnzz5xkvfYW418fv1Ov3cW/KuHDo4OqGTgNyBj2M7KYsBrK8j1LKHK77p6GyCugQ5UVzYAUXO3MJIfiFHQW35iR8e88fcp09e8DLlPVUbI1fUktsfn2+zV7lrr9KNuj9GXrYnBT0GshqjURxhIDSQ2Mwfv1FjvqXbaYM+glC6rYMDliXUo5q61/euHUUAYFdZr5x7nmAU+2UAAGs+FvIeWxTJus58yXrGrjjn3Dd/kZhjjQbFx85cBySlKY/rbtq1ytQbLQPiOnSvT4mRWbg==
+a.ns.nic.pars.		172800	IN	A	72.0.49.5
+a.ns.nic.pars.		172800	IN	AAAA	2620:171:a01:ad:0:0:0:5
+b.ns.nic.pars.		172800	IN	A	72.42.113.5
+b.ns.nic.pars.		172800	IN	AAAA	2620:171:d01:dc:0:0:0:5
+partners.		172800	IN	NS	v0n0.nic.partners.
+partners.		172800	IN	NS	v0n1.nic.partners.
+partners.		172800	IN	NS	v0n2.nic.partners.
+partners.		172800	IN	NS	v0n3.nic.partners.
+partners.		172800	IN	NS	v2n0.nic.partners.
+partners.		172800	IN	NS	v2n1.nic.partners.
+partners.		86400	IN	DS	27907 8 2 DED4DC046E9D9F9250F766BD987E6268D4C82333B9835A520AA311DF9D3C0948
+partners.		86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . fIpurQ5UkB6b47+w/37vx022386hGj9g0kaig1USyZSpSbk5XxKLzM8bi51yrv4cWfRK1mrDvO3/VWqYFGpoDEyajTLNgn07es0OopVaQ6TnMdfLBAqpndVsafsvzQXlLz60QfEqhMi9o/8KiHtxK2oRX3YmMZ/JANn6id9B+gwACPGY7IgKzcwhuomcPCJKYPTVHNGVIfFomCjkusDPi5cCYllt2LrN4cQ7GZnnapWP4aaCCws2JHLE0h9S7KZ+7Oh+2rgrbTLvKUawTqW93lYx4ZK6EOtXSgQ3iClFtk7EExEccrNKU4mmAHQgeyPEe36kWnOW8KV0S0QCPTjDEQ==
+partners.		86400	IN	NSEC	parts. NS DS RRSIG NSEC
+partners.		86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . Kxt4T2rqgLGhT6CVUdc0rcc53G0vBPio4zH3+FFJ9fthGjjNXA04ZTG0kuSg0+hOZz+ziinB9E2lxuDzuy1EwUAHhXoE0WyrgjhE1/LaRlRdV4bLy07pfVObGQIt8uc3F46vL5lhQJeGStjPoBjrJu39RkbEcwKDNuTCcbHCyKn4INdL4f8YgnsaTxCCCXBtukp/Rr+EAIRW6K8iPz3m7Z3gY/6sQPlIInb90bc3RvO76tfV12Ia0roc7jY9bvxbK6Ltrg+zwJ2xyqRkagZEmSnbv7uDuZBfOAnJzd4hqdwUnMzXfgTuviB+eGdpRiu/7vN4w0jEgi0JmYSvOhXrpQ==
+v0n0.nic.partners.	172800	IN	A	65.22.32.15
+v0n0.nic.partners.	172800	IN	AAAA	2a01:8840:22:0:0:0:0:15
+v0n1.nic.partners.	172800	IN	A	65.22.33.15
+v0n1.nic.partners.	172800	IN	AAAA	2a01:8840:23:0:0:0:0:15
+v0n2.nic.partners.	172800	IN	A	65.22.34.15
+v0n2.nic.partners.	172800	IN	AAAA	2a01:8840:24:0:0:0:0:15
+v0n3.nic.partners.	172800	IN	A	161.232.16.15
+v0n3.nic.partners.	172800	IN	AAAA	2a01:8840:fa:0:0:0:0:15
+v2n0.nic.partners.	172800	IN	A	65.22.35.15
+v2n0.nic.partners.	172800	IN	AAAA	2a01:8840:25:0:0:0:0:15
+v2n1.nic.partners.	172800	IN	A	161.232.17.15
+v2n1.nic.partners.	172800	IN	AAAA	2a01:8840:fb:0:0:0:0:15
+parts.			172800	IN	NS	v0n0.nic.parts.
+parts.			172800	IN	NS	v0n1.nic.parts.
+parts.			172800	IN	NS	v0n2.nic.parts.
+parts.			172800	IN	NS	v0n3.nic.parts.
+parts.			172800	IN	NS	v2n0.nic.parts.
+parts.			172800	IN	NS	v2n1.nic.parts.
+parts.			86400	IN	DS	24967 8 2 3FACB67C61427CAC01C712EA17C8D0E9EB74F5290A2D36311499C096578254BD
+parts.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . szfYSrbnulnqb+GRS0pIW8Y7wEq8VUFKo9F4jCoXtGYNU5zNWSpViWQZO5Zxc4NZ2wLx4P7bvOh7HucP+fuT+rskeYoZudCatg2ZBFiWMhPGHJHwruHa9sT8U65TKS8OU1wN+pZWpdNMhMdFEIhulvo8sJQt3vbFOe5Jt3vU7tae5EfJ4kAR++uFAthFM2ED/BfkgNQHmAxRTEvEfvx2WVQPjkIlFNKvwThzGv5DhZZxpJ/IpZvu496W8ax6vW0sDLZI3OvO81ozcNgeiaIhkX+jeADg4eHzrX80ASBrVfPKPkoBlzAbjjV5eIctABiSB8EX7T3F5SzOjpqT/DNgxg==
+parts.			86400	IN	NSEC	party. NS DS RRSIG NSEC
+parts.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . JwEUjEkx9/ChAmmODF+RHI3OQ5gRhNIrb89slpku8JOY9ZcJOJ6CIgRPtlLIuTLr4iMNww1mbxSDgzHyQqVpPzwSat4UkqB6nDyB/201nADB1HzS/7jYyoFRs/hCCQFOsrqpDkkVMfjwKcUF1dbnM/pSWvvkkdWQXozuld1hfcFdc44klleC1tkDubQMIN6uhxDW6ZF/Uc83StMh/Go44whzbqBlNn/IMBO4oxFoglk/kDIAASIJMrixfG7Gznify1k/wx9i6SMp+EN6EqM54JMOyRSVKpN5JtdCXNLP1c7ZcK1hdvnwN75TvWJN/hApws6uLTAOBj5O4KrM387A6g==
+v0n0.nic.parts.		172800	IN	A	65.22.20.53
+v0n0.nic.parts.		172800	IN	AAAA	2a01:8840:16:0:0:0:0:53
+v0n1.nic.parts.		172800	IN	A	65.22.21.53
+v0n1.nic.parts.		172800	IN	AAAA	2a01:8840:17:0:0:0:0:53
+v0n2.nic.parts.		172800	IN	A	65.22.22.53
+v0n2.nic.parts.		172800	IN	AAAA	2a01:8840:18:0:0:0:0:53
+v0n3.nic.parts.		172800	IN	A	161.232.10.53
+v0n3.nic.parts.		172800	IN	AAAA	2a01:8840:f4:0:0:0:0:53
+v2n0.nic.parts.		172800	IN	A	65.22.23.53
+v2n0.nic.parts.		172800	IN	AAAA	2a01:8840:19:0:0:0:0:53
+v2n1.nic.parts.		172800	IN	A	161.232.11.53
+v2n1.nic.parts.		172800	IN	AAAA	2a01:8840:f5:0:0:0:0:53
+party.			172800	IN	NS	a.nic.party.
+party.			172800	IN	NS	b.nic.party.
+party.			172800	IN	NS	c.nic.party.
+party.			172800	IN	NS	ns1.dns.nic.party.
+party.			172800	IN	NS	ns2.dns.nic.party.
+party.			172800	IN	NS	ns3.dns.nic.party.
+party.			86400	IN	DS	55099 8 2 32AD9FD70AD1F66E62F19686F8DCEEED1B5EBFEA2CAF73B68D7903CF3321EE77
+party.			86400	IN	DS	64246 8 2 11A853AEE57EBCC64D5260DF6A693F26AA144D4777EBE306F83A886A48F6CDEC
+party.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . O27HTwd24lKZ2Nh8pOmfnA6SahdhEspKy1k2V0VoQX0qPgjRDNmTqMJM9vZWOGTgDnmb6FqT5jue05ydbJ85FO4ObbTGqhk5CLFYntNsEcUGHN98/NXvxkaPaQuxNQ/YMyoxSSp5PQlR+wWet1aisvnA0YLJRncD0uUS/j33bpmj+JY0DJE/po8S70jPPWaCjWjH8pW97qmWvkn6XrVV9S1YDs2wjjlkyARAnYKeQV4vRU7gggG0ruaHGi+SsnkkmUl7XCEf6Kj4YBjvJpUzElQYD+xE8rBp9A5i4ibsaPpSEawNicDH/uNgDmc+4uOSjNwjSNMJHHO+NwjiT34PqA==
+party.			86400	IN	NSEC	pay. NS DS RRSIG NSEC
+party.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . gUJIDXMr9/Auh6rPKcu8Vo9/PTgvB0vgno/q2yGvO8FaeaAiBubssPg91g9YCtqiZ5rJDe0Y9vHdfAsSXADAF750S8O4JqS+7da1peL6eZTldcUne5HG65G8YM++d1XLOHBYHGya69rpF0xNsmHn3eUpVuJtb8Is63CBXvZJ9GXz9bwvRSk9XkACVhSTH5fYfABbGOQ7wrV2gybwIpHpmi/ubElKL+SD+zN37X05fB+APHhT9cHoZo3UWo+Nw/YadYCkO6HwfSOnLrCPcd4cHXXHUMNXAGhsbVY6PY8WbMrwgDsRKSI+qZm/iehYPzLNW3t4oPxd4g+y8Tcc9TsN2g==
+a.nic.party.		172800	IN	A	37.209.192.10
+a.nic.party.		172800	IN	AAAA	2001:dcd:1:0:0:0:0:10
+b.nic.party.		172800	IN	A	37.209.194.10
+b.nic.party.		172800	IN	AAAA	2001:dcd:2:0:0:0:0:10
+c.nic.party.		172800	IN	A	37.209.196.10
+c.nic.party.		172800	IN	AAAA	2001:dcd:3:0:0:0:0:10
+ns1.dns.nic.party.	172800	IN	A	156.154.169.24
+ns1.dns.nic.party.	172800	IN	AAAA	2610:a1:1071:0:0:0:1:18
+ns2.dns.nic.party.	172800	IN	A	156.154.170.24
+ns2.dns.nic.party.	172800	IN	AAAA	2610:a1:1072:0:0:0:1:18
+ns3.dns.nic.party.	172800	IN	A	156.154.171.24
+ns3.dns.nic.party.	172800	IN	AAAA	2610:a1:1073:0:0:0:1:18
+pay.			172800	IN	NS	dns1.nic.pay.
+pay.			172800	IN	NS	dns2.nic.pay.
+pay.			172800	IN	NS	dns3.nic.pay.
+pay.			172800	IN	NS	dns4.nic.pay.
+pay.			172800	IN	NS	dnsa.nic.pay.
+pay.			172800	IN	NS	dnsb.nic.pay.
+pay.			172800	IN	NS	dnsc.nic.pay.
+pay.			172800	IN	NS	dnsd.nic.pay.
+pay.			86400	IN	DS	62576 8 2 DA12C17AE6EFE2AA5782C2C0CD41BA4A845AD04E2AEA30A826418B4490FFB264
+pay.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . xG3hQxB/LPHmt+TG2W8MYoS5b1QP/8xzdtxt71xOr99DjYoj2O2CJhmCuLlhlSuzq3ie0ojlp8rSyOGzNEysVFql0g6EStuj1lVipaH0xsvPwwCtT7g61SBeQAWr59Wo3IXWCiV6UGJe87spnm2llYK4o+qtipLNAS1sdwSIyopLm9BeJ9d71oNmUuxwPe1Ax/FZCWmTIQR4YYeklZkRhIHyESL8XTU9g+yHK41zq8A/+Ko1C2yKx/1yTQu/eF+5b6jfMO9LYYcz2umhQMKGBHZ4TMTKdQxbUaDbb+xTi+rt1VzjT11w021u+pd+8eTF9UZAyWTXonr90MUEA7pPvA==
+pay.			86400	IN	NSEC	pccw. NS DS RRSIG NSEC
+pay.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . Qc6P+PDFRDsvcfDl9j5d9CpA1VFkjw1nMeDmbKD/Qlc7BmrCDFRsZ+665XqrGEaeWO2Ly+6BLHUsF1QwutS5Wl1lGgbwNsqXS5usG4R6PF/qulkIlco7+miVQSu/k8DNTCMZp31U0gRHgLo7bVVDl4MFao0FzEvYE6f3uQDyWJTevin53MA/kMjR3eLbuB1zNZqzhOS3+7YYYJMursSTjOkxIfriJFyqCNcXF+TdJvHYCJoEAhV1TyZ5xbadeg+fh4nIutdcpIi+eOGR5thOIrL/44bMq6D0EuwrHGQs7qkV0RY/hcPUeriGY/3SKPmaDwRkydTpEQrviCjzD7UjBw==
+dns1.nic.pay.		172800	IN	A	213.248.218.74
+dns1.nic.pay.		172800	IN	AAAA	2a01:618:402:0:0:0:0:74
+dns2.nic.pay.		172800	IN	A	103.49.82.74
+dns2.nic.pay.		172800	IN	AAAA	2401:fd80:402:0:0:0:0:74
+dns3.nic.pay.		172800	IN	A	213.248.222.74
+dns3.nic.pay.		172800	IN	AAAA	2a01:618:406:0:0:0:0:74
+dns4.nic.pay.		172800	IN	A	43.230.50.74
+dns4.nic.pay.		172800	IN	AAAA	2401:fd80:406:0:0:0:0:74
+dnsa.nic.pay.		172800	IN	A	156.154.100.3
+dnsa.nic.pay.		172800	IN	AAAA	2001:502:ad09:0:0:0:0:3
+dnsb.nic.pay.		172800	IN	A	156.154.101.3
+dnsb.nic.pay.		172800	IN	AAAA	2001:502:2eda:0:0:0:0:3
+dnsc.nic.pay.		172800	IN	A	156.154.102.3
+dnsc.nic.pay.		172800	IN	AAAA	2610:a1:1009:0:0:0:0:3
+dnsd.nic.pay.		172800	IN	A	156.154.103.3
+dnsd.nic.pay.		172800	IN	AAAA	2610:a1:1010:0:0:0:0:3
+pccw.			172800	IN	NS	a0.nic.pccw.
+pccw.			172800	IN	NS	a2.nic.pccw.
+pccw.			172800	IN	NS	b0.nic.pccw.
+pccw.			172800	IN	NS	c0.nic.pccw.
+pccw.			86400	IN	DS	43702 8 2 59E6008039A16F566F18227380A702F8168707059629DA13CBFB9D1203E5EF93
+pccw.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . FU9EQhn6rYhRqi1i6lkNUHwA58qDUkQuMj3M3Srqe23C7d5PqUZFo5SqiX87X85lck3BiwtkMqlJNOBbiMPP87G/mstUeo5wyRMxUiLTBpz3cRqyJ0tblwK+hzzrtxmfrbF+ZeCPEyWftmgJYmRvZ/ZYAJ1BormVI9OuLM7OtMgI850FA3gBc+LwcXdHAJKXByIIugtZ2HG5HEgVmjmzCJUF7v1bN70Nfb4fyS87vVlM4GFiQOMwfnSBkw1Tvkih+oqwwr0eA2CdcEgu9kN8QPojEcjARkGOiPDeWEnPIOVpgoUwgVUnxIJZvUUDnAeGcfZSSr0grI0SiMmnK2LUhA==
+pccw.			86400	IN	NSEC	pe. NS DS RRSIG NSEC
+pccw.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . OGL5qmxdF1MVUuN7Fhbv2/Ie0ZEYCIs3Namc9ktqeYT8JrLjmDHGVOHfzBl/wP4KWpk01OThmCEQzbH/4Vl7G4bY9kKfG5c37Ku3bZi/A57ZCDTBi0wJf0ZvvkkduyeEuXw3oYxHJ/BJy7p4eI4+nJ8pTGr5wknyXnR38HmxZF/yPwvkZVg9/eixz/3WGF7H6a8gui9KR1kfC4uelShpEMF5hc3wE0598nUEydu6TIQt0lZu/yRcDQjzIcCZExBtm/NdUhJb6ahnbwceimW3EK3xIylVYgZNGoKWshvBAw+FgRhqjrFsuXMtuWVHcVX3o3ZE3q5nfuakQe0Sz2NknQ==
+a0.nic.pccw.		172800	IN	A	65.22.116.41
+a0.nic.pccw.		172800	IN	AAAA	2a01:8840:72:0:0:0:0:41
+a2.nic.pccw.		172800	IN	A	65.22.119.41
+a2.nic.pccw.		172800	IN	AAAA	2a01:8840:75:0:0:0:0:41
+b0.nic.pccw.		172800	IN	A	65.22.117.41
+b0.nic.pccw.		172800	IN	AAAA	2a01:8840:73:0:0:0:0:41
+c0.nic.pccw.		172800	IN	A	65.22.118.41
+c0.nic.pccw.		172800	IN	AAAA	2a01:8840:74:0:0:0:0:41
+pe.			172800	IN	NS	a.lactld.org.
+pe.			172800	IN	NS	pch.rcp.pe.
+pe.			172800	IN	NS	pe1.dnsnode.net.
+pe.			172800	IN	NS	quipu.rcp.net.pe.
+pe.			86400	IN	DS	7981 8 2 7C4B12C0D916694718131C7B7607561393FB86E2A3159CE7A74EA9E29AFB26F3
+pe.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . ngayBNt+CDoakAwkDyvU8I95ATbpn3DwfesSE4uvzww5UaOtYMQPIJJ/i5rHIabK5sNAQSP3aWyLdqP4cM1W8oYMHRbk+uBB4ub4EilKd/fw+NXFNk2mk7S6vg+lTJvDAR967Smc6i1oCiewypVfQp7Ge5hIaLkWQ8jSAg/JexzSh0ZwhKigsDp2qgUZ4QqjojHhl9CMnYZMZXAhgY780ZShUt4ecdqUD5Wf/ULgks6Mt9LyLCzsoKya2YL1Z/PXbZVixxuw1yYJpCKzRXFwYqFLQ7V1OFGVZJLS4VvmJuKpYye47U86QO2PgB0N7D+s11e7n4Xt6U7T2v8uiyzlPQ==
+pe.			86400	IN	NSEC	pet. NS DS RRSIG NSEC
+pe.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . tzstFgU1sLTiMi4Bcm0gtS4WVz6uQqEDSukVP9UYb4WYtmC9VUyO6w2Y26Al0z4Btv2p9THVVHzHm/EiVi/y6ftP8V7P2qMVm6u0SdHAhEUqo3kQ6T5OV4RflTXiKPotzUVG7lnKB1Np01Xh8+51P1oVIwJDUn1eZvZflqn+B9S4SXoBKWjlHicdbuPLvcQj7GfF9yPCmmrrLGyvpIc7Y4pJCoTl2vZv7dY0K4GQHn/GNPL4mC27KxGgA2j+8ayD+Rc6n4P1yW9opyvLr3TQRqCFvZQpQRkdV7LqZIeB3dc1A8fYMeC3AO0aEfOlugDefEvMTsYwX3kdqOyGdbwRHQ==
+quipu.rcp.net.pe.	172800	IN	A	200.1.176.4
+pch.rcp.pe.		172800	IN	A	204.61.216.85
+pch.rcp.pe.		172800	IN	AAAA	2001:500:14:6085:ad:0:0:1
+pet.			172800	IN	NS	a0.nic.pet.
+pet.			172800	IN	NS	a2.nic.pet.
+pet.			172800	IN	NS	b0.nic.pet.
+pet.			172800	IN	NS	c0.nic.pet.
+pet.			86400	IN	DS	42856 8 2 EE6C6C84EFF7B00EB70D9BD8A29CEE8A04D29D4D006CC1F61A95FFF873FDE974
+pet.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . EdC8E/DKjd5eJGxh6szOsgJ50Oi4pQJwWWJQqhxUfRy8js5BJcE7/clEkaSmTYm4XIDO3+TiyeJ9liZEomE8q4ZCjHwQGhrFiQuWqhUSShV8dH2NhhwduB5hPNeHMaBB0FPkeDZG6bkOLVWOanYMoHEiwoJta4PoAA+PBue2NRlKfskimP+dl7SHvYzpFp1ZU92/BUn8czuNqLRMgb5MNefRQD1uasrIS4ejLSXfOFuNhGLAyg5VjdRKPC4UtcxtzYPp+j4hpOYFetIQH/eUKlOEtBlRERK4lvoJF1yyxco+ynFlxvU+wTDsC4rGOv/4+dMgyU9UWFjD1C9elDqRuQ==
+pet.			86400	IN	NSEC	pf. NS DS RRSIG NSEC
+pet.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . Nm7phq9AkPVMBoX5DIC30oBt4p8KDe191JaVFGRb2dsKvo/rPzcYl76Cf3ltxwwLyqzUVLm+1Ti8tftFz/7ugzht/UxPa3tcBbS2sOF4iOu7iCXFNNuH3fzXgWdlpwwddwpfHy1VJCKThcwZjP7LcO1dN5gaywQeyp33ocnYshIRp1IMrY6iVsKNIlcW6ApIy/b7T8ejpeqb5P6sPVyatMf5xlZKNhK/i9rsmCbzJULN722PTuOiTasXYzWs/PWcKKOLekbj4RQgIzH74IOtrOjevZZOkH1nrW/fNgJtn71gQT237DKeelql7J/LmLrqPDyDgqeZLSUlPPfT31Fo3A==
+a0.nic.pet.		172800	IN	A	65.22.16.17
+a0.nic.pet.		172800	IN	AAAA	2a01:8840:12:0:0:0:0:17
+a2.nic.pet.		172800	IN	A	65.22.19.17
+a2.nic.pet.		172800	IN	AAAA	2a01:8840:15:0:0:0:0:17
+b0.nic.pet.		172800	IN	A	65.22.17.17
+b0.nic.pet.		172800	IN	AAAA	2a01:8840:13:0:0:0:0:17
+c0.nic.pet.		172800	IN	A	65.22.18.17
+c0.nic.pet.		172800	IN	AAAA	2a01:8840:14:0:0:0:0:17
+pf.			172800	IN	NS	ns1.mana.pf.
+pf.			172800	IN	NS	ns2.mana.pf.
+pf.			86400	IN	NSEC	pfizer. NS RRSIG NSEC
+pf.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . y7iU50IpNfOvgbQULg20BRdvmW9VH1CvYcQbne+wYDdKmf2lX8nsXO6GeRdHTW+pN0aBAAbNIlGi/KeF+SsdejS12om2llktr+bOftuFnjwYEQZrLoptgI34xhtK6eZ25QGC5KDaq6fDomeGPbtP+8B2qkacOEtS1c6Igkj9lt4uxACWw094K377BaKhzd5TAUJ2Bks3siddaWLrTDmbpbVXsp7fPdHnVfoA63+CWLJlheQj92cMm53FivS9O/jLn/E9SmLm/2giMSPr6wRe982SlHBzafcN2s44eb5egHhRaB9RuY2zMZmOy+sdOo4T4ktr3Ebj2nUiLJtF05slPg==
+ns1.mana.pf.		172800	IN	A	202.3.225.10
+ns2.mana.pf.		172800	IN	A	202.3.225.20
+pfizer.			172800	IN	NS	a.nic.pfizer.
+pfizer.			172800	IN	NS	b.nic.pfizer.
+pfizer.			172800	IN	NS	c.nic.pfizer.
+pfizer.			172800	IN	NS	ns1.dns.nic.pfizer.
+pfizer.			172800	IN	NS	ns2.dns.nic.pfizer.
+pfizer.			172800	IN	NS	ns3.dns.nic.pfizer.
+pfizer.			86400	IN	DS	46210 8 2 9166664240F37692A3886B0566E05220D43A364B2FEF2581A905EF5833414BCB
+pfizer.			86400	IN	DS	56779 8 2 1DE9B797AB28F75B9C00723C2308ABCAEA91BCEE49EB2A4470EFC123613802C6
+pfizer.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . BURa8fysmH7t1advphtCWW2ShnVmtoAFdBdxQkGpkedMgUhuqHOOTh0OaDNb3wzEtKGuoE8bVybxTRbCg3sozy24GquB1f/77F6wG5eKsaO6XdU4I7FwwzzmOb4KDgGvoaoMRz5UXoYiWaeH3qKevq2d6cvXY+eoPzkon11soFPDgsZguJXsEEGfGS7kZrW90fkRTRTLiQnik9OWA+2KChsk7vw+dMxMODw7HcjEJH119akhyV9rhQ1aVZqKUdDLCxK4cFbBNoi37YHOuHMGVuCJM5qU1yRP9kK+D9g4q5eY6WxE23Xl7tnCoDoFPg1QIeF/LDaG6nsgKkpPniBEkg==
+pfizer.			86400	IN	NSEC	pg. NS DS RRSIG NSEC
+pfizer.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . dGv43+KR9e0OsUAs8JDIMPGizEonVDQJUOXH5R87W6RlwewJTCMC8zAbuJ15Pzz9tEP3BdgL6R+46Mz1KDFRayI4WCrGraiwq5SBMzfkwxHEgxX/tQ6ttHri7zAhXK0KMMhy/+sBFDUIIcSRqUqMyPNiKi1Q0UknsZ5VOhWmJEQRmnrNmxIzr2RL5MUXEEZbgXh1cVPKME2GGf25hu3YAwQjiQktlNJMLCgSzVmwxzKxITbQRolRoiyseYyBHhT925XSfXucifLu0R6+KHxAYLZsV2wGID4+1NeneQE/IMykoZQbyCWe44+gdbuFsJGC1u3Srfohf7Joa7ytQzlhVg==
+a.nic.pfizer.		172800	IN	A	37.209.192.9
+a.nic.pfizer.		172800	IN	AAAA	2001:dcd:1:0:0:0:0:9
+b.nic.pfizer.		172800	IN	A	37.209.194.9
+b.nic.pfizer.		172800	IN	AAAA	2001:dcd:2:0:0:0:0:9
+c.nic.pfizer.		172800	IN	A	37.209.196.9
+c.nic.pfizer.		172800	IN	AAAA	2001:dcd:3:0:0:0:0:9
+ns1.dns.nic.pfizer.	172800	IN	A	156.154.144.134
+ns1.dns.nic.pfizer.	172800	IN	AAAA	2610:a1:1071:0:0:0:0:86
+ns2.dns.nic.pfizer.	172800	IN	A	156.154.145.134
+ns2.dns.nic.pfizer.	172800	IN	AAAA	2610:a1:1072:0:0:0:0:86
+ns3.dns.nic.pfizer.	172800	IN	A	156.154.159.134
+ns3.dns.nic.pfizer.	172800	IN	AAAA	2610:a1:1073:0:0:0:0:86
+pg.			172800	IN	NS	ns.uu.net.
+pg.			172800	IN	NS	ns1.tiare.net.pg.
+pg.			172800	IN	NS	ns1.unitech.ac.pg.
+pg.			172800	IN	NS	ns2.tiare.net.pg.
+pg.			172800	IN	NS	munnari.oz.au.
+pg.			86400	IN	NSEC	ph. NS RRSIG NSEC
+pg.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . V7/fvwsMdmXVtER61bW1NXJN8ZpPa+3H+2p8wZxQMNPwOHwXDkDqYYekcaeQIJMwiNeabkqbxKevfdFxdWvQxu6sS8dX4tTpVTZslgi82HCB8hOmXRtojt0WXb5rjHpXzx1Svgb3IYjhXzasxTdcgPVzOaj3x0+GiOzn4ALKZi0EI9AQhp3ZepiSApf40ZNP4Bvn9wcFcd1O3G0e+zB2ljYZzTycjNqX/N8IIUobRzJpJGZsONrMtU7kVzFXJXNHVhjzms+Mu812stu2amuTPbm50XHcTJVZBGfmYdaqWfLMXpsqFPAS6X+PXv4FBMg4LFy/aSn1NvNF3uSYMdn4qw==
+ns1.unitech.ac.pg.	172800	IN	A	202.1.32.49
+ns1.tiare.net.pg.	172800	IN	A	202.165.192.23
+ns2.tiare.net.pg.	172800	IN	A	202.165.192.24
+ph.			172800	IN	NS	ph.communitydns.net.
+ph.			172800	IN	NS	ns2.cuhk.edu.hk.
+ph.			172800	IN	NS	ns4.apnic.net.
+ph.			86400	IN	DS	29122 13 2 0ED5C93074522F903DBB7FBAD2866CBE7CB67F15F0E5B54013340B57C1BCD509
+ph.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . UCtmy/3IaeCqiYPzl/Oj9X4ZIp75gUFmfzAMje4dICkfHRHeKb+I0jKfPAYxuXAB24lbXy3kNULK/6EMxF5gmTDTzAN65jEsf2VDSkkbqOIyWCNUSBh7qTdNyKT6BHCZpHUKn6aDwVxf98Xj7jmGa3kZByDKPGO/aXsK19JKZJE/RcilMbQTY0vjkYqGk/ZDZcHbL0piQkgBiV1ckDqaUeBfXofPykmVjRePZgyvW+cXHcn+/SJjt1oc6MTUMZKopJchHapswlJlhGN/Bil7jZR3d9argbnR+0Aj8XPGSpszQzYcoefcIUlbmTqokSNDN31UHd2BN6IRWbppl7I2dA==
+ph.			86400	IN	NSEC	pharmacy. NS DS RRSIG NSEC
+ph.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . LvoMPntok1q8gOw0TBfjgdGSCt3t4djRwVNYudJgetZO3xvF+UwAC2ja6P3TQFZMMJHvZ/JgLF+09zuTyh858nOOur/cWXioaJ/he533cn4Xmy0RKKTWsXvlRkF2v1M9okk5ECiBZwTf9m0nJfgDqSnKFIWVUdhMhm3vlrHI/bdxoupua28T9wpdeu0Erw1UT6j7m/Pn1G1vFOzIVT6ZlvPpQnRGxiONV0UAxXSBBoJthWPV/iPCn2hkxc0ny6KJGXg7MYFYCVPCpWPWbga/uHxTaxSlohbAxr5x219XnDvFyjy0diZGHH8I2WY68JsU7gaGnEfG+LHPFjtTwssJBw==
+pharmacy.		172800	IN	NS	dns1.nic.pharmacy.
+pharmacy.		172800	IN	NS	dns2.nic.pharmacy.
+pharmacy.		172800	IN	NS	dns3.nic.pharmacy.
+pharmacy.		172800	IN	NS	dns4.nic.pharmacy.
+pharmacy.		172800	IN	NS	dnsa.nic.pharmacy.
+pharmacy.		172800	IN	NS	dnsb.nic.pharmacy.
+pharmacy.		172800	IN	NS	dnsc.nic.pharmacy.
+pharmacy.		172800	IN	NS	dnsd.nic.pharmacy.
+pharmacy.		86400	IN	DS	13921 8 2 D24B9704B0642E8D9EA7CF6418C9212883ECD172C5651E89501C04724DA8AC00
+pharmacy.		86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . lEcEuQ4Hvhxj18zn3+L/pAmtGUbaS3jliz0YCYHmCwtQbm12RZ+50poD8NIGELF9c4HXGjobZr36Wd+5FKY17m+p3GTUimZnrLF+m2LtC+GssVWBnftkn9hh9dzgaeZF/fK2oL0Jc/4zJovCE/hzfmyeP/V6l+yzw6rp9jLZveJ9g1lnh/66GlVa5HMf8R3UWnenww4WEtGERXPpjBLK1+STpgcBwlfYMPBW5Yg8J5DPNoGiinpSdZ+jvpWtHj9Y5km1DcmIzlw6UwrqOCezbSAh3DvjI4tM5XfpzWU7U5JfFskAD6GEe/O9SAYYBbSWIGLkeVovtHdj6nvURlAZEw==
+pharmacy.		86400	IN	NSEC	phd. NS DS RRSIG NSEC
+pharmacy.		86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . wCWR5xk7phxz8pUHJXYwMLbb2YdlXGMWDgmAHfpiD9v7CxiL51Zjxdbut0Nfu1zlQVLrVVmIRkVnGKt6q1gpoD7nIHmv6uOhiySn2WTPvc+CLP0ClvkB0NKxzBs2cKLab18nJ8dpiS8Ne+gim0e3SC9N7y8NWh6hwW6MXYjy1gFkyPV9aitX8NRKimycf62g7LUottse+GBMsGs45GPRxcuKbvWIAkm48a/sstDfV59AydR+FjJ++jqRgfY8C6OClv6VH9c9DoB0KtMIWKbeibODAs+dpzglZp08Nd1ycRERKzzA1R2e9YTTKlWEyxMFv+xa8fgxtPGVc7h5Hkm+zA==
+dns1.nic.pharmacy.	172800	IN	A	213.248.219.45
+dns1.nic.pharmacy.	172800	IN	AAAA	2a01:618:403:0:0:0:0:45
+dns2.nic.pharmacy.	172800	IN	A	103.49.83.45
+dns2.nic.pharmacy.	172800	IN	AAAA	2401:fd80:403:0:0:0:0:45
+dns3.nic.pharmacy.	172800	IN	A	213.248.223.45
+dns3.nic.pharmacy.	172800	IN	AAAA	2a01:618:407:0:0:0:0:45
+dns4.nic.pharmacy.	172800	IN	A	43.230.51.45
+dns4.nic.pharmacy.	172800	IN	AAAA	2401:fd80:407:0:0:0:0:45
+dnsa.nic.pharmacy.	172800	IN	A	156.154.100.3
+dnsa.nic.pharmacy.	172800	IN	AAAA	2001:502:ad09:0:0:0:0:3
+dnsb.nic.pharmacy.	172800	IN	A	156.154.101.3
+dnsb.nic.pharmacy.	172800	IN	AAAA	2001:502:2eda:0:0:0:0:3
+dnsc.nic.pharmacy.	172800	IN	A	156.154.102.3
+dnsc.nic.pharmacy.	172800	IN	AAAA	2610:a1:1009:0:0:0:0:3
+dnsd.nic.pharmacy.	172800	IN	A	156.154.103.3
+dnsd.nic.pharmacy.	172800	IN	AAAA	2610:a1:1010:0:0:0:0:3
+phd.			172800	IN	NS	ns-tld1.charlestonroadregistry.com.
+phd.			172800	IN	NS	ns-tld2.charlestonroadregistry.com.
+phd.			172800	IN	NS	ns-tld3.charlestonroadregistry.com.
+phd.			172800	IN	NS	ns-tld4.charlestonroadregistry.com.
+phd.			172800	IN	NS	ns-tld5.charlestonroadregistry.com.
+phd.			86400	IN	DS	38734 8 2 DE93541823CD232C5934AC0A420C0D90949C04020B6211D4C94D588CDC9FB8D8
+phd.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . VMP1BvrbiOIElHWUuODbxmakn2K2DP0sPTL8JhOMtmOT7mH7dITzNJUwag2p/Cnl9nfWoJQ9zrWuyVktVI8sq2o3QycvfvB90XHKgT6hPwCkrMfKd8u4fAB2bYDIi4L6bCNLd3r2bM9rSeq1QuPZcq8poUdBWgxC/BP6epDIXjbAEKF5Wx6sjsj02THw3lF+9CPT2QGxrQiy40fhwZAW696jKJ6FG1ixeoEeXj6B1ztxMIgjjrWSfKM5v9RlMMHmtn2mZ7/LJVj3bgIPgZ/Cp91Sz5yhzt1xjxwV54CdSwOhlFlC6CrZ8dJJYGPsdOASYCwA4Fn55+ieWIO7w/WZvA==
+phd.			86400	IN	NSEC	philips. NS DS RRSIG NSEC
+phd.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . j9OVU9jNjZF98CWWy34nv6dwu46HAEbotPBkzMqbfhMuFFF1O2/h0CM0s/6N/Q3jTG/EW+fPmSFCEgHjBGLNn0MP4Hn6W2y8dVoym0je7Zh35yNOey49qKARiegSTxwk+XvYKaJtAG4Q+CBtvm183Fh/ioTwfy8EX5meKeNgQudiVOAM2mxwMTqBm1M4h2JMXAlbJAAdzlWeEEOjkNrlxIh7sEGsvtj5te1B5O7JY8aZoTIeHf5PkoJ0fGe5ViyQNE55upQZw8oxbTju67Pf2d5WwBZ4WP22J8EeeB17hkbh7DLI5dyyz7N98MtGjgrjEjj2vAKwOA/k+6ZOYNBzog==
+philips.		172800	IN	NS	a.nic.philips.
+philips.		172800	IN	NS	b.nic.philips.
+philips.		172800	IN	NS	c.nic.philips.
+philips.		172800	IN	NS	x.nic.philips.
+philips.		172800	IN	NS	y.nic.philips.
+philips.		172800	IN	NS	z.nic.philips.
+philips.		86400	IN	DS	3100 8 2 FA65D969B695C8E73DDC89724CAE9D83E352B23B57CF5571FD711E2627026638
+philips.		86400	IN	DS	40792 8 2 C71972943A57973E364EAF29F7562F99CF426F5786E2BE3F28F7DA685CD47059
+philips.		86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . NZ4lEhOLpIlnKQWe71Q2RXo66FqRqfDlgWlHmaibGk65KpcawgOwiWFl6LDUIntc/viPUPTYw6c9uhkooQarrzdzJCGHk6T0E/rrq46dRJkyBxOPKDYAihGd3dobRB/TVP7jKojfpht0ycWBXTTPRbmcoJ88pcLOQBzXcy9WOuHa6dbn2FaSIgWJF/LMRiC4s6pOYrrjPBBwvzF7nqV2FCa7jxjakWrh5rIqCxdzmOBnJuCPNDrd9moP4LqsiVAtz4TtPtf079Ii5ajBGiEr7cb7j/6ameLWkgVW4C44dKAEv7/DXUPicdTxvbAqFY/sdcszTLfKki8LBDAtzwNYUQ==
+philips.		86400	IN	NSEC	phone. NS DS RRSIG NSEC
+philips.		86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . aWIDJENZxTjDAL5siwn7DwkQ+ndrBaxB2s65Daa9W19iWCxseH2ENGVRyQ+cKuVLfb8R0TNoVKKqhQbCtJKvxUOQzkZJoStsM2oU5upsV9tGydc0zdnF/MPhE9ALXfBqOre2kA5kD4JXQe496TzYEKgP65WA9MAwq1wty8yG/GmWJoKtVmdMCDRbt5xEEPBaXGeV/yBukWXmyhHPcFqnHAYfE6ychdF6EZRxudxh4/d1C3hK5NAsstFPfB5dZoJt9Q/5aZQ5vZ2yznuo/qCXEFmwqNmBG+8zwJwrMcJFj1k/O+wjsG6JxWBFOLKtX06tU0G+mrNmdlId6uGhncxcdg==
+a.nic.philips.		172800	IN	A	37.209.192.9
+a.nic.philips.		172800	IN	AAAA	2001:dcd:1:0:0:0:0:9
+b.nic.philips.		172800	IN	A	37.209.194.9
+b.nic.philips.		172800	IN	AAAA	2001:dcd:2:0:0:0:0:9
+c.nic.philips.		172800	IN	A	37.209.196.9
+c.nic.philips.		172800	IN	AAAA	2001:dcd:3:0:0:0:0:9
+x.nic.philips.		172800	IN	A	156.154.172.82
+x.nic.philips.		172800	IN	AAAA	2610:a1:1074:0:0:0:1:82
+y.nic.philips.		172800	IN	A	156.154.173.82
+y.nic.philips.		172800	IN	AAAA	2610:a1:1075:0:0:0:1:82
+z.nic.philips.		172800	IN	A	156.154.174.82
+z.nic.philips.		172800	IN	AAAA	2610:a1:1076:0:0:0:1:82
+phone.			172800	IN	NS	a0.nic.phone.
+phone.			172800	IN	NS	a2.nic.phone.
+phone.			172800	IN	NS	b0.nic.phone.
+phone.			172800	IN	NS	c0.nic.phone.
+phone.			86400	IN	DS	18829 8 2 B7809834406510FCBEA1AAFA42F0BD2E7F4096BEE97D8B7FD5964CDB39C607B4
+phone.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . D5LufswREKhUNlop9F5z4EJxMsXpO5kL+5x3IOtrj7+zgDX6OlQgYw+ZYfL9LmtASKnHfskIH6SAwMe+l1K2WjlnbeNksL3prCJTf/Kk+VCl4aJA13+2c7RAB6SZeVxAanShaCjCCWT+aff4+NMj6WmebbZKloPGDhzXF0OdTw6WJUHuvHKhwRqOogUgE2RHNYqTDA9d0C5HscEykUB/5KmNkJLYgCwohJ6ocjgFN41xhAM/yab7KfOlOzM686eL9CLrU+K75gGyF6QCaWEEe5k4Rv5LOVJ8kFms1i3t73rpcNAhFF+TLZMo8B4/vd3zrMexff7zqAzxPM37PefD9A==
+phone.			86400	IN	NSEC	photo. NS DS RRSIG NSEC
+phone.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . Eq2D7nWg3BKapDOesvJDMNV8F8jLwOXQhnKUpHzrjY5/+Y0LpW0kgeUfAK8j+546Q0WHEaIl6U3hZeqjQ4UxKDg54KLocn3UOu1Ac4gcD2HuKDqK8GGeeMU/pH1nnuPebFMCzseFaXn+/AFCRySeMutaBVtaCNg3U95ItwdRNYWMLsFyYqaDrEC7p674ZaFWEneBm1jZmtRkfBsrFDqdF5Yevur1GDMQ/I6yTL8WfKw0LiIauJFvrshz1Cqr19kbOdWlQOuaw7pVYzji72S6kzLN/z4LbDkpI6ljYL72mOvaujLM32hjEW9TpUWKCUi/tFhqNZLNLlpbcQnOrmdmpQ==
+a0.nic.phone.		172800	IN	A	65.22.96.17
+a0.nic.phone.		172800	IN	AAAA	2a01:8840:5e:0:0:0:0:17
+a2.nic.phone.		172800	IN	A	65.22.99.17
+a2.nic.phone.		172800	IN	AAAA	2a01:8840:61:0:0:0:0:17
+b0.nic.phone.		172800	IN	A	65.22.97.17
+b0.nic.phone.		172800	IN	AAAA	2a01:8840:5f:0:0:0:0:17
+c0.nic.phone.		172800	IN	A	65.22.98.17
+c0.nic.phone.		172800	IN	AAAA	2a01:8840:60:0:0:0:0:17
+photo.			172800	IN	NS	a.nic.photo.
+photo.			172800	IN	NS	b.nic.photo.
+photo.			172800	IN	NS	c.nic.photo.
+photo.			172800	IN	NS	x.nic.photo.
+photo.			172800	IN	NS	y.nic.photo.
+photo.			172800	IN	NS	z.nic.photo.
+photo.			86400	IN	DS	8311 13 2 7F11B4D8E82F14ACE5ADCFA2C5CB6701D6E40D87C4F92B129AA62118A7890BEB
+photo.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . o2/Y7RPmkweZNpjwcnSMLEDsfDNAKlO+rwDKDPG50BgdWZdRn9q6rlNQ/hIYllSLfh2RKn72Kcra7LWy1coOjYrSKqEFSvMxUiaD58rOYhcEJwJOyVPsTnBEICgwc4OmTVmaiuhHqf5Eof+Eg7A7IOy8Mv4CoUqRrbuykd4EaQ+2cPbsONDa563iA7VURjcjI7pm89K3aIEGdf6dbKPIcHzVDcKmakPIwWOV5Ygqp5cNHQQZsrD+96FwY9Ct/9AdTZJ6Oq9WsZ1Utyc+ntpE1vbh/E33NNcl33KkjAkPzPdnzO+mKKtUibqrexRGKTziFDPlgDkMogPglqQRNDUD2A==
+photo.			86400	IN	NSEC	photography. NS DS RRSIG NSEC
+photo.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . dZPvUeIlG9zC7Zafj6gf9/E2ZXl1IoiNqpkWPzKusJdsi0nUxvoktCzjdLc/L9+cKTlzY4LgGsjLRsNGq4vN9VFhDsKsfk90muuebMjt7HzlwkXz9ZzNenwjwQZj651rjqIkIUHte1tqJk6l1ihQymhPiU7kMlg95LH6ycAe2px7ffCzTriTR0/xwjsyMhuilsAHnV9lp5YMx8UadHmU74ZEqPaiDXIdZy/VyJhRXGE+5aFQq1m2tx+Xwa1+IKKdFKU4cuy/RkMI1yOYmMyPcbOm2t0LlKrzY+3kGzQJP6hEer0HcKIf0hx+MIOBlODcnFoe2Zn/x2Sssdw+mnKbrQ==
+a.nic.photo.		172800	IN	A	37.209.192.10
+a.nic.photo.		172800	IN	AAAA	2001:dcd:1:0:0:0:0:10
+b.nic.photo.		172800	IN	A	37.209.194.10
+b.nic.photo.		172800	IN	AAAA	2001:dcd:2:0:0:0:0:10
+c.nic.photo.		172800	IN	A	37.209.196.10
+c.nic.photo.		172800	IN	AAAA	2001:dcd:3:0:0:0:0:10
+x.nic.photo.		172800	IN	A	156.154.172.82
+x.nic.photo.		172800	IN	AAAA	2610:a1:1074:0:0:0:1:82
+y.nic.photo.		172800	IN	A	156.154.173.82
+y.nic.photo.		172800	IN	AAAA	2610:a1:1075:0:0:0:1:82
+z.nic.photo.		172800	IN	A	156.154.174.82
+z.nic.photo.		172800	IN	AAAA	2610:a1:1076:0:0:0:1:82
+photography.		172800	IN	NS	v0n0.nic.photography.
+photography.		172800	IN	NS	v0n1.nic.photography.
+photography.		172800	IN	NS	v0n2.nic.photography.
+photography.		172800	IN	NS	v0n3.nic.photography.
+photography.		172800	IN	NS	v2n0.nic.photography.
+photography.		172800	IN	NS	v2n1.nic.photography.
+photography.		86400	IN	DS	30361 8 2 11AB70B24654E6225068852309A763D43AF4958B7C670407842C40F655BEE3AA
+photography.		86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . dvD0PFf9E/4RfOkoGFTS9Gq1vI0mU3lYZgOrN1EJj0v+8ZL1wDoaIYlNGLcOo2X0PPaetY27zqNoE3B1iR6IhFM0B8bVkHq8IiXqtfUUBFHYZ7QoPJkFXIiVnjcAQ0yNNd/B4CPcWKZZz2Hvzc7SwsyUWam1cBMbfLFSnmKlFZtThmQAvwaAHofA6FTY2MRF/kK0YlVwxF6M1JsKYf/H7H3XgH3eubs5GBFeAkToAdA/hP+SS2PDI37Ac2slg2w1FbHH3MZTV3AlPxqtrl8QPXKDcs8cP/HG7LMrmU6MT0lMLfVmQFKaT2Qqlve8hpEuF0Zis6Tm7NElVrOSEEfgjg==
+photography.		86400	IN	NSEC	photos. NS DS RRSIG NSEC
+photography.		86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . DGTHcXFAyzdaXeEA8huSBwjYMS6q5abSL+hNO2FjA2sso16ZwiO6/8KfrbjRP4MSjL4GHG75VC3PPLR6UhyORNLocbgP4+ArLHBnkAuR2eJ+AWWfwAHvzhRygQEtIG2Hw/ycXqPbfgvFbB4wtOvN9CXtHeUZeOawpPpRWKnsZtFsJocZAnptKVdqHnU6VxnlTXtx8VaEEamcFEAPqRbSFAKOIiliSdxQ17jjBdJzxg6fV+TRGZslvsZA0wsOYDOYdNoFi6itaD+RTGuCl0BlJIeaLcl29GhufFzEfoGkPId4ZHfelCnFffJhee+oX8EWjNwXtekXn3QTcAr0Hh/okg==
+v0n0.nic.photography.	172800	IN	A	65.22.24.3
+v0n0.nic.photography.	172800	IN	AAAA	2a01:8840:1a:0:0:0:0:3
+v0n1.nic.photography.	172800	IN	A	65.22.25.3
+v0n1.nic.photography.	172800	IN	AAAA	2a01:8840:1b:0:0:0:0:3
+v0n2.nic.photography.	172800	IN	A	65.22.26.3
+v0n2.nic.photography.	172800	IN	AAAA	2a01:8840:1c:0:0:0:0:3
+v0n3.nic.photography.	172800	IN	A	161.232.12.3
+v0n3.nic.photography.	172800	IN	AAAA	2a01:8840:f6:0:0:0:0:3
+v2n0.nic.photography.	172800	IN	A	65.22.27.3
+v2n0.nic.photography.	172800	IN	AAAA	2a01:8840:1d:0:0:0:0:3
+v2n1.nic.photography.	172800	IN	A	161.232.13.3
+v2n1.nic.photography.	172800	IN	AAAA	2a01:8840:f7:0:0:0:0:3
+photos.			172800	IN	NS	v0n0.nic.photos.
+photos.			172800	IN	NS	v0n1.nic.photos.
+photos.			172800	IN	NS	v0n2.nic.photos.
+photos.			172800	IN	NS	v0n3.nic.photos.
+photos.			172800	IN	NS	v2n0.nic.photos.
+photos.			172800	IN	NS	v2n1.nic.photos.
+photos.			86400	IN	DS	41914 8 2 B6A00EEEB4864E5152CF32CB1DC5AE4528AB2CF82C46A4DE0A2D77921B51C979
+photos.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . OaYUXXPpyPugyTjBFXbwUogwf+3EnK+J0s2JEy46mhlG0Nk+Kucfr/RVoJ8ObXuO3P51A/c3S6zi6lWnhbOPHweUU6a66HR+DXiNuoaOxpsqKx2qeRGIAdrNSvahhNOW+u7TdCueF5CpaqJp4UznKIbt+gaWr9BHp6uG1USjeHlzBDvyVsFBWUxwgMIk4TL0N70MqCMoKa8ZOZfQyBlvSYpHZ9blrctlnIin6pY15wqDlchey4C26UEOb9BBisVVw252mqvMb72OMIhtMBXpThxhUFmFtjjHi7j+QoKi27gip7S3GCPhxMxioFvNcwUG0VmECdUvyakcHbMFqPG3xg==
+photos.			86400	IN	NSEC	physio. NS DS RRSIG NSEC
+photos.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . O/Vl5tToPUvgr1GA5N7t5hpFJsnHgnQU5Eto7yrglZaaCvevSz2k3qwbME093rUaU6q0s3DHdfZGNjytWPmAkhp2qqauKmmH6ROmXz1UCK0KSebMDN402g49cM/FxVoM5OFzpqP/L29uUZscPQj5uTUpVJ9sfPNFiltvEIkzpttYeTFVZdNXbL86CufR7Z2ohu5rIFdr7PfZXnJRKVABY6674a6U11TDC8p0ExEaDYkoJqn79r534H+2m5wF5d5MQFFH0fw+2JJBkxizsWGf8Nn8Q76RNo88oMdiuT22WFjho2ET/wlth3Mz/2ALSFXvF0OQYP9f1LWFfT51LPa4zw==
+v0n0.nic.photos.	172800	IN	A	65.22.28.40
+v0n0.nic.photos.	172800	IN	AAAA	2a01:8840:1e:0:0:0:0:40
+v0n1.nic.photos.	172800	IN	A	65.22.29.40
+v0n1.nic.photos.	172800	IN	AAAA	2a01:8840:1f:0:0:0:0:40
+v0n2.nic.photos.	172800	IN	A	65.22.30.40
+v0n2.nic.photos.	172800	IN	AAAA	2a01:8840:20:0:0:0:0:40
+v0n3.nic.photos.	172800	IN	A	161.232.14.40
+v0n3.nic.photos.	172800	IN	AAAA	2a01:8840:f8:0:0:0:0:40
+v2n0.nic.photos.	172800	IN	A	65.22.31.40
+v2n0.nic.photos.	172800	IN	AAAA	2a01:8840:21:0:0:0:0:40
+v2n1.nic.photos.	172800	IN	A	161.232.15.40
+v2n1.nic.photos.	172800	IN	AAAA	2a01:8840:f9:0:0:0:0:40
+physio.			172800	IN	NS	a.nic.physio.
+physio.			172800	IN	NS	b.nic.physio.
+physio.			172800	IN	NS	c.nic.physio.
+physio.			172800	IN	NS	x.nic.physio.
+physio.			172800	IN	NS	y.nic.physio.
+physio.			172800	IN	NS	z.nic.physio.
+physio.			86400	IN	DS	41164 8 2 600CCBC6A1E1CFDD09650CF095D2A15AF68AD3574A849028654D2593367D90A5
+physio.			86400	IN	DS	49021 8 2 AE268396DD64C1FCCE4FD3EA3A3F6C427E4DAAD035AA4DE961B6B8380A800153
+physio.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . ExWhleFeRUsXB4r9JSUtcGnFhaWbLIz4nJQW5N4e0BNdMkn7eD+bVK0aCjYbzFq8EiWTu8yT5HSJDAvmbjIx3KfRnAbnZ8yH2qBUW7fwWdST5trWot42kCwXQUXQbBzgJguehawVNGGgNP2Ms1jF1WOKNm1qncywkY4BWpjp+NOBZW6Ti4mKlNcCDmXtj57wYwzUx3aYT9dS89fn0W5rv4lJyKsLsSAL7oFy2VnD4880e2Wm6j6ueLRCdgZsc1g4Dgf3uwPjN8dRvcqToJQdG+FqX03WShz6fxWnKZnmQUVINqxfs/NQ0ZSHrIh8xjLFheB36+nQBL1iN0wsRoCLdA==
+physio.			86400	IN	NSEC	pics. NS DS RRSIG NSEC
+physio.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . CBZuBr0Kt/s0c+XNq2FkWLXy86RSibV8xZsb6y9VsN89SQjB+qjulzPjabgFRMnvGpVR0pWA2IkQtboKdjItbr8o0sj2zVJIZl6Guzr7vW6NSSgOHp8XKXIwKWs6SZ+cmz3N1KMs0ghFkszekcS3MSvCL8IlHYol70vxrVVWm4eWoDlaDgHDIdnmqXjS1ykEW8g3bOtnbYTSs4owXDP+NWgDUHQTYTah7ehe4DC0ZCjrqLu3hx5NHKHA5sC/988vBKJqLyLrQnKA1h6mzNKzS+3Bn6rHTU0NXSkdriwkTDm/KOb74spWcEFJpvXzLZz32SLrAExjkYiaLhp9gjVgDA==
+a.nic.physio.		172800	IN	A	37.209.192.10
+a.nic.physio.		172800	IN	AAAA	2001:dcd:1:0:0:0:0:10
+b.nic.physio.		172800	IN	A	37.209.194.10
+b.nic.physio.		172800	IN	AAAA	2001:dcd:2:0:0:0:0:10
+c.nic.physio.		172800	IN	A	37.209.196.10
+c.nic.physio.		172800	IN	AAAA	2001:dcd:3:0:0:0:0:10
+x.nic.physio.		172800	IN	A	156.154.172.82
+x.nic.physio.		172800	IN	AAAA	2610:a1:1074:0:0:0:1:82
+y.nic.physio.		172800	IN	A	156.154.173.82
+y.nic.physio.		172800	IN	AAAA	2610:a1:1075:0:0:0:1:82
+z.nic.physio.		172800	IN	A	156.154.174.82
+z.nic.physio.		172800	IN	AAAA	2610:a1:1076:0:0:0:1:82
+pics.			172800	IN	NS	a.nic.pics.
+pics.			172800	IN	NS	b.nic.pics.
+pics.			172800	IN	NS	c.nic.pics.
+pics.			172800	IN	NS	d.nic.pics.
+pics.			86400	IN	DS	3458 5 1 356A302C72ADD225E8DBF542FD8851BFA458B1AE
+pics.			86400	IN	DS	3458 5 2 A32C380766B5205F998872B8187A99AC5027872DA54B0DDEC2EDFBEFC6279B89
+pics.			86400	IN	DS	7408 5 1 79F063399B4C13CA29EA8F68FF98D9D4EFF59B59
+pics.			86400	IN	DS	7408 5 2 02F6C4FF7037230837665A072A51779019771C19626E233465A9CAB5EB69CEE1
+pics.			86400	IN	DS	46651 5 1 5A09C2C9B674B46AE6A49255DE9FECB7D999467B
+pics.			86400	IN	DS	46651 5 2 5DDC0142062A06775E6DF86A868A0262C740A484FF29FC22AEC48116D6FD5860
+pics.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . hwb91f/lDJN3c2uO4E+WrNlkNRoYQJ6LyHoW92SDdFROxzFSQ2qwmQKVbb3ARU/B6gXay+35RF7W5UlsevGC/zHH5o/gf1OTZ5f4VYUS5fGh1nGiasqNxFBeyPVV5omNFcQVHxMohbctuCF/QJ81t4ye6HucV/o5VzS+nATfrQtDfIgbQ5qyZukZoqf4nuxuIg4wRZi3bOPeuDk0GURPH/vVQpiz80WLfMEay79ext8Hd1DGGzKugj4/39GX7g+E5Un1qe1LhePuVyNKfjB5goGi7pVucAuBvXjMn3cXI4G4rPbeBn8V3ie6U4tSZdBuOJBHnzB3La8VaXN/LEsJeA==
+pics.			86400	IN	NSEC	pictet. NS DS RRSIG NSEC
+pics.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . u6Q61jYP6oxfhXHeafgjmLjJf/UzNQADOj84HLsFlaIDksxCkUeNne0viyeCTiDAFxG2jgAB/pAubdu11O0VYcDune3tR1EFE1stmnre4923JvRECHzQnIDuBTmOmAKTXcB7nFVEgbKWmr+RjGBocAFEcd76xjy5VUM/TUrpFi221mvY4AAD9fMhPfx4q7w/7ODevmHo9WJYkbCClg4sbDKJlhPLFqBbYMqYlvLAO9QY4B+sIq8zp5qFAkL0qGVNi9bTQ2HUd6q9Mtc9cVYyX+XrQPKFQqCCDTyZspetA1/qyO1J8SDYKpzPbLwBq0M18RlZLJ8iG6hxL+jl6/VmAg==
+a.nic.pics.		172800	IN	A	194.169.218.151
+a.nic.pics.		172800	IN	AAAA	2001:67c:13cc:0:0:0:1:151
+b.nic.pics.		172800	IN	A	185.24.64.151
+b.nic.pics.		172800	IN	AAAA	2a04:2b00:13cc:0:0:0:1:151
+c.nic.pics.		172800	IN	A	212.18.248.151
+c.nic.pics.		172800	IN	AAAA	2a04:2b00:13ee:0:0:0:0:151
+d.nic.pics.		172800	IN	A	212.18.249.151
+d.nic.pics.		172800	IN	AAAA	2a04:2b00:13ff:0:0:0:0:151
+pictet.			172800	IN	NS	ac1.nstld.com.
+pictet.			172800	IN	NS	ac2.nstld.com.
+pictet.			172800	IN	NS	ac3.nstld.com.
+pictet.			172800	IN	NS	ac4.nstld.com.
+pictet.			86400	IN	DS	216 8 2 DE41FD4B1C1CEDAB4D83F1BACC75DB5012E269BD46A56B4C03D43380FBA665E6
+pictet.			86400	IN	DS	6694 8 2 61DB4E4AE88A08E546AF5490AC950221659B53669A6D54BBE6FF662568C5E6D7
+pictet.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . fKJ6PBG3iAmLfzMoB0j/GQ41CVjPDqGjQdQDxOdIAOyMaBIB44IxroqAxpukkAkZNgdnqp3f8O7fVT0nSh2AT/L3JNyVSSqs7JAu2PU9UAlZJKjg8zUITetEIhKHSlUWxLMVp6bPNmbF8Oa2nwJOSX407sXyqzYbVIKUManBg+x6fogF98oSQdh81s7KXHsZZCc6cy0mMuE1f+xVSt2vjHw7lCGDtgShBEqfC+wPWo+IsYl+xvp19/JoE5Bl5FHORtEksXUhQyGf1AyYLaalNMaXPbepFwl/ah06zIlhxpfzK99TwxE4D5mWQE6WnSaYE16KimEvcsvd5GooFeCu2w==
+pictet.			86400	IN	NSEC	pictures. NS DS RRSIG NSEC
+pictet.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . WA/bGGrX6WMgmXWawZapdO2nI6ik/iX+hJfccO5VzmXp+am4/WuHyhy4IfBcltZicr+OqI100ORa73ouGTPtIqCPpAWtS8inzajukRApS9SiU/XQKqZCTBHkuMUVxESpTJoF2ECXwXD2+mGhi1lhXy2oyyZ4XrR1H2e2/AueWFOmcb/VJYcEpTU0Kj9XEQdsCRE/CiDzeREsPffTvslu7AYZXB6pvdZOXYu0CJS5pB2tfh5hUkrpBpUAdvfheQFC1b3qFEZOkb2Cd5D1MThwUaOW2MK6Uv6oBQjq9aAjK0PLmqo1U32B7A835Hbnzg/bJeQLDlEkZ4Kuay6EX6Mw5g==
+pictures.		172800	IN	NS	v0n0.nic.pictures.
+pictures.		172800	IN	NS	v0n1.nic.pictures.
+pictures.		172800	IN	NS	v0n2.nic.pictures.
+pictures.		172800	IN	NS	v0n3.nic.pictures.
+pictures.		172800	IN	NS	v2n0.nic.pictures.
+pictures.		172800	IN	NS	v2n1.nic.pictures.
+pictures.		86400	IN	DS	6637 8 2 550EA36A773C9DC5A81E39BB942120F5B00AA3EAEFDEADC785C8FC7265D41012
+pictures.		86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . eR4iXRlpZlT6Aa5ojhnOYUJ+LjLQD2KfzE+INOWXnde9EqxCI/GxC445NDhm0uqhgXjLaChxNMUqo7NuJvcW0p8xqFv8cU1cghNR8wnkGh3dspoZBZJgfXEAF1Px1rUJQywBxIH5LGDsO77sR97qfn/1smLu7x9N55NVsIyfUkM9HiSDKYxpLDH4f9xU731TvELXUtVnnAeo4ml1dxkNXZa98TXoQCMkllwpHbQSn3qag4FvM3uStEyE4gUZqpOIkf86k8yY0yk7MStBpAHLckOgMDJroKGETW/1MhnOLicn/nWIhAwBUkRI3kZ3lkZNIxrN/hbArOYm68YDvt+JcQ==
+pictures.		86400	IN	NSEC	pid. NS DS RRSIG NSEC
+pictures.		86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . G1i9PBmvfp7GVdvxvHTtGKQvZPmCB2fn8F/NDAqbMyUmpUc2Zvl0d0yO/CJWSsLf52w7ucBLf333C9P59JIC4RHdp74W/L+UzdTcPWEbU2hsZALgqMcLTnkPz1FDOdlLqTPdY4/e+/Dq4Zd2SP+WK6+wAhOTKcKq1c2A3RrO/IUWvtPNFaWZOX/LU0Bg2lqD1tMOmKvpM/uBrvWL+Yxx7JxQBjHyrXI8xXpX1NFVL6JCB3uW6+J5262sCiCi7HhkyTbrezuiwNkMsUkdN0Rok/Mmm3RMZjolKFYjioSTWMfIxtGX53auVKCIHNmiKp0q4QYpV4ALp49WYuNYkKnXQw==
+v0n0.nic.pictures.	172800	IN	A	65.22.20.16
+v0n0.nic.pictures.	172800	IN	AAAA	2a01:8840:16:0:0:0:0:16
+v0n1.nic.pictures.	172800	IN	A	65.22.21.16
+v0n1.nic.pictures.	172800	IN	AAAA	2a01:8840:17:0:0:0:0:16
+v0n2.nic.pictures.	172800	IN	A	65.22.22.16
+v0n2.nic.pictures.	172800	IN	AAAA	2a01:8840:18:0:0:0:0:16
+v0n3.nic.pictures.	172800	IN	A	161.232.10.16
+v0n3.nic.pictures.	172800	IN	AAAA	2a01:8840:f4:0:0:0:0:16
+v2n0.nic.pictures.	172800	IN	A	65.22.23.16
+v2n0.nic.pictures.	172800	IN	AAAA	2a01:8840:19:0:0:0:0:16
+v2n1.nic.pictures.	172800	IN	A	161.232.11.16
+v2n1.nic.pictures.	172800	IN	AAAA	2a01:8840:f5:0:0:0:0:16
+pid.			172800	IN	NS	a.nic.pid.
+pid.			172800	IN	NS	b.nic.pid.
+pid.			172800	IN	NS	c.nic.pid.
+pid.			172800	IN	NS	d.nic.pid.
+pid.			86400	IN	DS	35396 8 2 E8653B5C02C27CC66FD56D529656C23DA9DC0231F060D527E231659F9EF27964
+pid.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . UhGxLWkLUMOOzpCuwVzaOw22A0tkl0veZd2+tLqnE3DI44lUJmVjAnmXR3BywTdyLnA3xs/POlRQR/gWMllbWyxROlt3qn/rg334tUTNp0jUlP9U/xXndZIQU2J+BoJoEiop2vqR8nKbyUpHwavTbw23QdgKV1U6yiSOSNdRIJa0ovmjiDxgdlSdHBhHDhVAXGEHhUJ48w0E1Sto52hZMANm8su0TECNkjOUMdrdkn+tCCJyrJBafsU+lfXfp/N1hVecvUyOv6zEwDWMj8rGZCuFZvzt+6iehhbieDtj/5z1YoNkvcWzWrPXKMlRYMK6Su4jo8hSYmUms8iHpsxNmA==
+pid.			86400	IN	NSEC	pin. NS DS RRSIG NSEC
+pid.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . mXVFGBADwXbm3opcmNKc/8++x1XYddtAvhPvaCYhQQFwTd63CGAARoole26F/7zaDiFHSZwM0T3yKqFkkkPMKdAr1Hokloj3GhJTzTB4qfplN+WRqfpV4f2gYkyegbmmkp8nSAl58VeFLNcEy87zohMTHqe+orLoJwgYSHuSAppW+y4dYZFWGl4kCKxWvQzGcGzgu1XdxiyT4UqaX8efcfrqlPsUyrCVdDcqbOkE7kEoDokIai2sH53rNolH3LnP9hEsegGG8kIAZ12rGhThkLkhBCqGZZao5aEn5jshcMRfVuHOfC1QQEA7LVMSltltG3gbzaZc7YkUoZq/QVgp0w==
+a.nic.pid.		172800	IN	A	194.169.218.47
+a.nic.pid.		172800	IN	AAAA	2001:67c:13cc:0:0:0:1:47
+b.nic.pid.		172800	IN	A	185.24.64.47
+b.nic.pid.		172800	IN	AAAA	2a04:2b00:13cc:0:0:0:1:47
+c.nic.pid.		172800	IN	A	212.18.248.47
+c.nic.pid.		172800	IN	AAAA	2a04:2b00:13ee:0:0:0:0:47
+d.nic.pid.		172800	IN	A	212.18.249.47
+d.nic.pid.		172800	IN	AAAA	2a04:2b00:13ff:0:0:0:0:47
+pin.			172800	IN	NS	dns1.nic.pin.
+pin.			172800	IN	NS	dns2.nic.pin.
+pin.			172800	IN	NS	dns3.nic.pin.
+pin.			172800	IN	NS	dns4.nic.pin.
+pin.			172800	IN	NS	dnsa.nic.pin.
+pin.			172800	IN	NS	dnsb.nic.pin.
+pin.			172800	IN	NS	dnsc.nic.pin.
+pin.			172800	IN	NS	dnsd.nic.pin.
+pin.			86400	IN	DS	63869 8 2 B1E2D98D05C72ADEBB4876FD43CD7B3F1ED02856EEAE8547B34769633E056B92
+pin.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . emtrsKW4IW/FM6QAz9XK8Mp5l8bL3EDntcP/ZhMVZ5KljpXys7G3a8YoWQpUCCvBI20E3kTaJAijv3EG/DmYtehzeXRx7f1HIEePhIYI8bbB5GQQereC35iXjScfGpaiF+B0qD5kMBLWOf8mDxDHsCr6EZ+/fOTv2RWoKTXoOq/NpgVteZx8XbralUB/zSxg8WfNId9n73fqsTCCG3RGlM5T1G3O9xXCzziaLIIXmwoBSeKY203gmFacxemQsXsZ4PIEOJvexHevs0+4byiCD+KmBvzzSkvZkPdI9VbHleBJFjofcOrwcMgVr9WoG6rFjjTDKOU/G15tWjE1fCK4Uw==
+pin.			86400	IN	NSEC	ping. NS DS RRSIG NSEC
+pin.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . pKH9syw2Z3xe4ucN+JlZVjE/MIxkvmAmQ3UusCj4H52eK9h3MHmtZGDzIeTNyitKCYrHgZZpvxebobOURKNTd7qMhtm4AKIYVucifyOAtuxshVYimOHBjZbZpbYhUnZaVFg+5mlgIftll8y8P4UEh5Wvs5bHWNRIrQj2fSViKK6QCTHwKj1GAeZiCbaqD/G7M7HMQPMS7IFaCpzyT8QInLn02nwhlO4R79J+rEM7Rh/svekk3WFqwYECkoImXRS6uqRGmp0dc0R3WFSudRQ3wrgrp9O5NZWkzEx34CkrPriHwvR4CzbNzTjF87rK9RYeFzRE9USFkMOncN8iiUquqg==
+dns1.nic.pin.		172800	IN	A	213.248.218.75
+dns1.nic.pin.		172800	IN	AAAA	2a01:618:402:0:0:0:0:75
+dns2.nic.pin.		172800	IN	A	103.49.82.75
+dns2.nic.pin.		172800	IN	AAAA	2401:fd80:402:0:0:0:0:75
+dns3.nic.pin.		172800	IN	A	213.248.222.75
+dns3.nic.pin.		172800	IN	AAAA	2a01:618:406:0:0:0:0:75
+dns4.nic.pin.		172800	IN	A	43.230.50.75
+dns4.nic.pin.		172800	IN	AAAA	2401:fd80:406:0:0:0:0:75
+dnsa.nic.pin.		172800	IN	A	156.154.100.3
+dnsa.nic.pin.		172800	IN	AAAA	2001:502:ad09:0:0:0:0:3
+dnsb.nic.pin.		172800	IN	A	156.154.101.3
+dnsb.nic.pin.		172800	IN	AAAA	2001:502:2eda:0:0:0:0:3
+dnsc.nic.pin.		172800	IN	A	156.154.102.3
+dnsc.nic.pin.		172800	IN	AAAA	2610:a1:1009:0:0:0:0:3
+dnsd.nic.pin.		172800	IN	A	156.154.103.3
+dnsd.nic.pin.		172800	IN	AAAA	2610:a1:1010:0:0:0:0:3
+ping.			172800	IN	NS	a.nic.ping.
+ping.			172800	IN	NS	b.nic.ping.
+ping.			172800	IN	NS	c.nic.ping.
+ping.			172800	IN	NS	ns1.dns.nic.ping.
+ping.			172800	IN	NS	ns2.dns.nic.ping.
+ping.			172800	IN	NS	ns3.dns.nic.ping.
+ping.			86400	IN	DS	17914 8 2 128D6BF21796BCDB0997673C07CA67CBDEC3A09339034F311B1FECAB03391A6D
+ping.			86400	IN	DS	46066 8 2 CB8F8034EE1D5B500BEE462544A6A5211CC96B42833E17EA568345937A07E7D8
+ping.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . lZDzDCbkmJ5rkQiuAzBOmffo+Ek7eJS2D1crr7jT6n+CSqHUMSq88ez36M2w1+Y92fiPH4NA1c5mUvYBN+xUqXhJLi3qQfUhxHYtALxcTUODsI8QV9uEZzlFdky5MaKHQPsrHYfwSToln72lHzaM9t7UBu7OTF691yyVNcF5xrOJ55xTo+R0/u25bzFA/oitI5WNMUajycRUG0dmViVB351hosB1T3gbUhrmkek8R6AQZbNavk5JvEdlc3T/F7FaqhF9KdSAojO64Bj+K9gs3Qvp0bbgFj18lv03e1mjNnlesK5xVdQzSo4byeyPHOlaiTQeIflxpr+0dxn5isFhug==
+ping.			86400	IN	NSEC	pink. NS DS RRSIG NSEC
+ping.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . DEQgJFf0/WYiKjvwahdve+FHM3imJMdXVoEHZMjysKTr7qIJzzkajOXg8t5Wn8CLlF/5Lb/eaEE4dpzEt7MM74tMtboUNnxWsT7lRUlCCigaoNTDNb7hJda3E4e+/R7OUNavh320GXuSrRUP/+u6e5UfCZSLmjcLcMP/eWu5JPlO+MvXDNz8mnRUo/e4EWVWBYKcRb4lUBalVJf46x3kcBM7aupA9NpSiFCvfJDD9WVpB8BNkoWaDtZZ3P981diPdfnAukhdB4l8xZuiu/hGQFbVE32InCVX3YSq0gL+Xm85lln81N3EDubgcsTcSfeM6dTidKGkLLmH1cIl6RAjuQ==
+a.nic.ping.		172800	IN	A	37.209.192.9
+a.nic.ping.		172800	IN	AAAA	2001:dcd:1:0:0:0:0:9
+b.nic.ping.		172800	IN	A	37.209.194.9
+b.nic.ping.		172800	IN	AAAA	2001:dcd:2:0:0:0:0:9
+c.nic.ping.		172800	IN	A	37.209.196.9
+c.nic.ping.		172800	IN	AAAA	2001:dcd:3:0:0:0:0:9
+ns1.dns.nic.ping.	172800	IN	A	156.154.169.29
+ns1.dns.nic.ping.	172800	IN	AAAA	2610:a1:1071:0:0:0:1:1d
+ns2.dns.nic.ping.	172800	IN	A	156.154.170.29
+ns2.dns.nic.ping.	172800	IN	AAAA	2610:a1:1072:0:0:0:1:1d
+ns3.dns.nic.ping.	172800	IN	A	156.154.171.29
+ns3.dns.nic.ping.	172800	IN	AAAA	2610:a1:1073:0:0:0:1:1d
+pink.			172800	IN	NS	a0.nic.pink.
+pink.			172800	IN	NS	a2.nic.pink.
+pink.			172800	IN	NS	b0.nic.pink.
+pink.			172800	IN	NS	b2.nic.pink.
+pink.			172800	IN	NS	c0.nic.pink.
+pink.			86400	IN	DS	53032 8 2 54475C411977FB9C94C01453633EB43B8DC64B154462DE278A0644C6B83A79D1
+pink.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . Cdp43GhK+pLi5oqYehZudPVJ0Wr4lDAVBriOI0LZGsqCZtzBtnjvAiceTrCZTgNFqks23NB1jyHiOLk453Blvp6Mf+cjDpoG/31kBCCONSdMzNjxh2lX+HPsjyS37txJKrfs0RNwdJmEPsD2OlQxdttP6ZUvjd5sQSn6Ktc7qkjqKtu6SX1G4aNkYrDirxahtUjU5vY4sEH4Getl8t37Dl0dFE0JwRtvm85niiPg5B1G8FIqrMO7Xs+2NIHhZdPJj3xumSsJGeQzAjIV3vVJbfplRri3D3FtQGPmhpEzRWS0gOIQiepouLkRFEu1i2RR4u5ltgNOKWJbrRbT/TSkrg==
+pink.			86400	IN	NSEC	pioneer. NS DS RRSIG NSEC
+pink.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . BODtBXkxwfV4qu+z11VLPIvi+92dhknTJXY2No7GnnjMWx/dzimYulf3LPKLhjL/X+a7hR9GvwJYAqQ3JOJ8QRJRbgswId2IZw2f6YMikr0MKP0RxHoe62Nu6+Xqm6OFI1WRsl2dDBuIdgFtk/YaOIcJCm0b3B5m17ioW0VPoz8314QZynXPu5dPMYr5uvKc4P2izmcXy0T7tIGdD4BSrjjcX1dJvuk9v9KHJ3pPXlMTqF8am7QoUCDmpdU3D9adeAOahSf9/luKGt2oZnl6z9SM1gIfq+LINAdVB07aqOR5vOBVWVmpRU0G4sA1xOdrhltEChDAnNWOUwvdLN6wyQ==
+a0.nic.pink.		172800	IN	A	65.22.28.17
+a0.nic.pink.		172800	IN	AAAA	2a01:8840:1e:0:0:0:0:17
+a2.nic.pink.		172800	IN	A	65.22.31.17
+a2.nic.pink.		172800	IN	AAAA	2a01:8840:21:0:0:0:0:17
+b0.nic.pink.		172800	IN	A	65.22.29.17
+b0.nic.pink.		172800	IN	AAAA	2a01:8840:1f:0:0:0:0:17
+b2.nic.pink.		172800	IN	A	65.22.31.21
+b2.nic.pink.		172800	IN	AAAA	2a01:8840:21:0:0:0:0:21
+c0.nic.pink.		172800	IN	A	65.22.30.17
+c0.nic.pink.		172800	IN	AAAA	2a01:8840:20:0:0:0:0:17
+pioneer.		172800	IN	NS	dns1.nic.pioneer.
+pioneer.		172800	IN	NS	dns2.nic.pioneer.
+pioneer.		172800	IN	NS	dns3.nic.pioneer.
+pioneer.		172800	IN	NS	dns4.nic.pioneer.
+pioneer.		172800	IN	NS	dnsa.nic.pioneer.
+pioneer.		172800	IN	NS	dnsb.nic.pioneer.
+pioneer.		172800	IN	NS	dnsc.nic.pioneer.
+pioneer.		172800	IN	NS	dnsd.nic.pioneer.
+pioneer.		86400	IN	DS	52502 8 2 4C7837526065FAD0933B836EFBF1694B16E9C38115A1AD0317BCC4BA599FB367
+pioneer.		86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . oJmkoASqZP69IrFsbkAm2TiElPCM7EGYM1IexJPCtly6IHW8k9RD9n1lvSckVn+dw7UKcD/SW7RPTpJSOwSOgDjc3RUbPFvWL8ijcAEFM7/w4dLakgd5Pndkvy3wJuwt6p4LrpXe/5bIOVaVD8GBqdUdqbEPq2WjkTHWIZO6zJLVIcVBiQjmYuzOidmQK6RQVpyTdbTdLKJxtCeuYzDL3b1wNL+qYgYrIMw52sBTaCAoKhL+sK6yTFD/6TdGjP4P4ZKc581bxYjSfetjS+go1EVgOS981L/8n41Tplg6sBTkUV7TZdGWWBLWZH0ucs8MX7CsDidxv5UWfQX0F0joZQ==
+pioneer.		86400	IN	NSEC	pizza. NS DS RRSIG NSEC
+pioneer.		86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . oiml01k6aUs+xGFzX6oQ/4nHGmjtwSg8hbTfsQTrU16OgLpNUO2BQLpw80RJrf6w0o0fIn5Y85SCjDWU8OWF06R/hgyp8Omq/Z2g7Q79hS/FHfRVhJpz8d3awPbvD4TRxp4JG0WoPZbvksRSOEy44GbLZ86ldZ+ZybeQjZ/Ml+3KoZrcfVdiTuLUachJELMuu/DupJ2EMmgbxrjx4Nguoo8a1xQ04884Wm06nfe17y1UC78+D53Lj0F1WwqyWehe842nC/QitXpeq0H50SKIymeE/U3fm8WCkKV7mRSD4zH5iuOALPw9uIFT6Cn4Sjkyq/hNjprUL7xaeHW5Dkf8KA==
+dns1.nic.pioneer.	172800	IN	A	213.248.219.126
+dns1.nic.pioneer.	172800	IN	AAAA	2a01:618:403:0:0:0:0:126
+dns2.nic.pioneer.	172800	IN	A	103.49.83.126
+dns2.nic.pioneer.	172800	IN	AAAA	2401:fd80:403:0:0:0:0:126
+dns3.nic.pioneer.	172800	IN	A	213.248.223.126
+dns3.nic.pioneer.	172800	IN	AAAA	2a01:618:407:0:0:0:0:126
+dns4.nic.pioneer.	172800	IN	A	43.230.51.126
+dns4.nic.pioneer.	172800	IN	AAAA	2401:fd80:407:0:0:0:0:126
+dnsa.nic.pioneer.	172800	IN	A	156.154.100.3
+dnsa.nic.pioneer.	172800	IN	AAAA	2001:502:ad09:0:0:0:0:3
+dnsb.nic.pioneer.	172800	IN	A	156.154.101.3
+dnsb.nic.pioneer.	172800	IN	AAAA	2001:502:2eda:0:0:0:0:3
+dnsc.nic.pioneer.	172800	IN	A	156.154.102.3
+dnsc.nic.pioneer.	172800	IN	AAAA	2610:a1:1009:0:0:0:0:3
+dnsd.nic.pioneer.	172800	IN	A	156.154.103.3
+dnsd.nic.pioneer.	172800	IN	AAAA	2610:a1:1010:0:0:0:0:3
+pizza.			172800	IN	NS	v0n0.nic.pizza.
+pizza.			172800	IN	NS	v0n1.nic.pizza.
+pizza.			172800	IN	NS	v0n2.nic.pizza.
+pizza.			172800	IN	NS	v0n3.nic.pizza.
+pizza.			172800	IN	NS	v2n0.nic.pizza.
+pizza.			172800	IN	NS	v2n1.nic.pizza.
+pizza.			86400	IN	DS	55750 8 2 9271CD9FB2CA456900EF1E26877EB45D968D8DDF80281B6C6E05621F4067207F
+pizza.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . cD6yPwoJ8y9hjIfx06i3uDgR61PNP4M/9Tpg/uYmAnIVGjyAtexPdmbf6he0lTAlVTlVDSM0Ztd7uTfCeMNqr3xPqkBy2zWA3Jb2lFn0nyC/ys3R/FwbdJ7XY7hQtRh0R6oxStXsAAu9e+xE59HPRavvGJZRfegu9iNAK2L9c67aDw/UxosgQTVyoBcS+OIViLq6s9uwa9H5Q3b45huOjiMNLdTLlGr/OmRThKKAPTCzaiNGQAoTMPzMmVUCdKE/yEgvQzUqAteEBr5+oshl8ntfniX+FaNMPEnXJ2Xs7zdTj5IacuYHyEIFFS3t8dgBLv9Q0xmVXzwmqcxrp/8t/g==
+pizza.			86400	IN	NSEC	pk. NS DS RRSIG NSEC
+pizza.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . rGtElYtFTr4xwqtAVRW/40LR/GYEjCTyRpZVZCGxCUCLeLRm4NhgJbm4KBkX/RQ3uffdLWWNxW701IcsQYiTiS5zMnxMS/ptGgYSIyR/s99JA9qjR7LnlbpZSbRy/NMJsySfwtEZgnCh1ZPtJzKplQYxJ1Vy1DBm+eRBOjESvoruk3xdYsjKUimRm8I8iNkI6FnsafrbCK/83kV4rqcLMkdRoUy9KxoGEV86Ewrul8GKhwZOs28fy6jl3A8UoDLk6UfZfZgAAmTi3G5AHiDu9N3m8jdIx+Mof14WOIlEQjvb0onY4JXjbZvnX8dRzwfXsA5M4pHvyNEyBRLLKIsW2g==
+v0n0.nic.pizza.		172800	IN	A	65.22.28.50
+v0n0.nic.pizza.		172800	IN	AAAA	2a01:8840:1e:0:0:0:0:50
+v0n1.nic.pizza.		172800	IN	A	65.22.29.50
+v0n1.nic.pizza.		172800	IN	AAAA	2a01:8840:1f:0:0:0:0:50
+v0n2.nic.pizza.		172800	IN	A	65.22.30.50
+v0n2.nic.pizza.		172800	IN	AAAA	2a01:8840:20:0:0:0:0:50
+v0n3.nic.pizza.		172800	IN	A	161.232.14.50
+v0n3.nic.pizza.		172800	IN	AAAA	2a01:8840:f8:0:0:0:0:50
+v2n0.nic.pizza.		172800	IN	A	65.22.31.50
+v2n0.nic.pizza.		172800	IN	AAAA	2a01:8840:21:0:0:0:0:50
+v2n1.nic.pizza.		172800	IN	A	161.232.15.50
+v2n1.nic.pizza.		172800	IN	AAAA	2a01:8840:f9:0:0:0:0:50
+pk.			172800	IN	NS	root-e.pknic.pk.
+pk.			172800	IN	NS	root-s.pknic.pk.
+pk.			172800	IN	NS	root-c1.pknic.pk.
+pk.			172800	IN	NS	root-c2.pknic.pk.
+pk.			86400	IN	NSEC	pl. NS RRSIG NSEC
+pk.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . y/3wXEfvlVPLNkgM8+Vf4ERPlyqDn8PTG/+ZbLQJPZ5xfssVLG9sp61KOPUr/sKFFqFwQsD1E521+SIm3ANVHvRgYK3nUeaOGrUwR38bhV6x14pBgGfRIsdjogeFAC8VhyP3sqm82moijfyZFVaYtSBnNo0T8xUeMF4K+VyA5ZQgxRnQhyj7zAlqIbvq8PLUSsKBpirzRbAhhqb0LQNkCQEHDoA8YfpSX6lKSbbSeh+YKb9kXouuzKwbZ1FKA4JqEvxiQZ6fZNmmECu+h/77aG+HGJ2jsj8eiwuMKzmi41reNdhYe8bwBOaa5RWcDjqVI7uOtf9PSoEOIRVhcerLUA==
+ns.ntc.net.pk.		172800	IN	A	202.83.164.166
+ns1.ntc.net.pk.		172800	IN	A	202.83.164.167
+ns2.ntc.net.pk.		172800	IN	A	175.107.198.150
+root-c1.pknic.pk.	172800	IN	A	185.159.197.160
+root-c1.pknic.pk.	172800	IN	AAAA	2620:10a:80aa:0:0:0:0:160
+root-c2.pknic.pk.	172800	IN	A	185.159.198.160
+root-c2.pknic.pk.	172800	IN	AAAA	2620:10a:80ab:0:0:0:0:160
+root-e.pknic.pk.	172800	IN	A	107.6.178.178
+root-s.pknic.pk.	172800	IN	A	119.81.34.90
+pl.			172800	IN	NS	a-dns.pl.
+pl.			172800	IN	NS	b-dns.pl.
+pl.			172800	IN	NS	d-dns.pl.
+pl.			172800	IN	NS	f-dns.pl.
+pl.			172800	IN	NS	h-dns.pl.
+pl.			172800	IN	NS	j-dns.pl.
+pl.			86400	IN	DS	59899 8 2 914B8A9BDAE8EFA6B0323FF7F7EB90DA985FE63EAE0E1CB614CF6D5B116F9C80
+pl.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . o3XstVzoZmoHgqTx76iRkQyu8xTxEGieR6W0c2tlrrqiXHAVXjQcnMkU60z+qvSomUTMFpSJg0TOczBE2Jb+j2BuQW0vO2+4UdYYFsMVC29LnR0wugObM0AdmM91GvsD2XjoO4YK8gcrXxhB+W/rVbuLpB05OrvKnXqDEwfE6NfsulP1m2JG9ryHOJtBdEfVYtjEi0ukjvHqsGYt0hRT1h8+aaCM/VwQj7Xj/Lh55OOOmU7I/edwoO2t3RlUBgrgAjg2qqTYdDyIOD9Df8qLlFCMpBifpsTcqKl73+dLHuy+7ji+2+daUGmHfeRGOfEE+CVwBk3Bs9NWep/HOWtATA==
+pl.			86400	IN	NSEC	place. NS DS RRSIG NSEC
+pl.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . WfBr0d5b15Yf1spM71vkNOk19ZiceDRoS3lJwze1DR0bThabtNfn02y9MrgCmN3BvKi70R+483CLnFZW+7PMiJkq0KdNyZDANF/VKesi06YM3LGey7fYddn6tkbtpMZ5NdBqX/IeZ+cEZXCXioGFRw8Q77rpHhYmsEDG1/THJ/46pqxPHVbKe0/caF0Ba3kC/YEFQB0PfCpP6pYxENzQ7zniCPoD0R53A3hSBvA/ZNLyFyMFDSLCEjB4AL3TxBXChh64LxsVzRdKoXJfKbbCX5PQ/gbodtPs+P5KzxMyvF8TE/Uu2rdDzRGwilvPNixYTa6vX8td6Rw8pJtJvkeCPw==
+a-dns.pl.		172800	IN	A	192.102.225.53
+a-dns.pl.		172800	IN	AAAA	2001:7f9:0:0:0:0:0:53
+b-dns.pl.		172800	IN	A	192.195.72.53
+b-dns.pl.		172800	IN	AAAA	2001:7f9:c:0:0:0:0:53
+d-dns.pl.		172800	IN	A	185.159.197.48
+d-dns.pl.		172800	IN	AAAA	2620:10a:80aa:0:0:0:0:48
+f-dns.pl.		172800	IN	A	194.0.25.29
+f-dns.pl.		172800	IN	AAAA	2001:678:20:0:0:0:0:29
+h-dns.pl.		172800	IN	A	185.159.198.48
+h-dns.pl.		172800	IN	AAAA	2620:10a:80ab:0:0:0:0:48
+j-dns.pl.		172800	IN	A	204.61.217.4
+j-dns.pl.		172800	IN	AAAA	2001:500:14:7004:ad:0:0:1
+place.			172800	IN	NS	v0n0.nic.place.
+place.			172800	IN	NS	v0n1.nic.place.
+place.			172800	IN	NS	v0n2.nic.place.
+place.			172800	IN	NS	v0n3.nic.place.
+place.			172800	IN	NS	v2n0.nic.place.
+place.			172800	IN	NS	v2n1.nic.place.
+place.			86400	IN	DS	436 8 2 2EE9EF69FB398B0D80A926994666CC9405231A042F31752D00295CCFC2DDBAF4
+place.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . R1AXWFsF239NeNLcZ5ePuJs329n5sVEVgGa/TDwTEG9Ee4S+RetVfQkIpXRfHQg/rCX05uPpXg/IgiaXUpuo8HihSDryp0NUDCUqvR1Qh1EmBPSum4QMULSC6UtY1ixZIhNYXsRIDhOQDOnhnkm8e8RS1vW/sFmz7ZwC96CK+LQaoCWqCs33RjoZlO7F1I98TBwLTQQu6h3jikzPGI4BAYzfvvO+KcfEEwkpqfKQsXosYWSKLka4T4aMFO8/azNSJGwikGP/lbmwlBFJeNvplifUZZixgJi6Df5LfhMAvMIjP50+It22Hk8cEMc/DL4BCZOtgOiOLRoSnk5Lp6rKng==
+place.			86400	IN	NSEC	play. NS DS RRSIG NSEC
+place.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . Z3LBnE4wxFp/eBuUUF0EL/mDaUY3PHkWv9YIKpkEYJ+Zq4k5MHpI1KfZVKzg+WPWzlQE4yDXU7mJ+uaSuMS9etHUxE2Pv4RZS1NNCRZtCiAeo4PcrbqINImPOoHYxcKa+9704knZmmN1RLbgXGq1cLOBseUsQhnHibQHVangAY3pWP6mx3vwi/F2j1HIWPVn/etp7Ad+Q8fH2l5hckPzIqIon5IVSS7XXXWlAujWk6GVWH6Efo4XtKkplDZVW+HuV5EKuABif2cANs/qKPZcVkFNUj/Z51uJkXW/GXWkgAzgPi5IDdF1+iGSgB8KKhHGzzokZ6+/6RlPBBy3qdIJAA==
+v0n0.nic.place.		172800	IN	A	65.22.28.22
+v0n0.nic.place.		172800	IN	AAAA	2a01:8840:1e:0:0:0:0:22
+v0n1.nic.place.		172800	IN	A	65.22.29.22
+v0n1.nic.place.		172800	IN	AAAA	2a01:8840:1f:0:0:0:0:22
+v0n2.nic.place.		172800	IN	A	65.22.30.22
+v0n2.nic.place.		172800	IN	AAAA	2a01:8840:20:0:0:0:0:22
+v0n3.nic.place.		172800	IN	A	161.232.14.22
+v0n3.nic.place.		172800	IN	AAAA	2a01:8840:f8:0:0:0:0:22
+v2n0.nic.place.		172800	IN	A	65.22.31.22
+v2n0.nic.place.		172800	IN	AAAA	2a01:8840:21:0:0:0:0:22
+v2n1.nic.place.		172800	IN	A	161.232.15.22
+v2n1.nic.place.		172800	IN	AAAA	2a01:8840:f9:0:0:0:0:22
+play.			172800	IN	NS	ns-tld1.charlestonroadregistry.com.
+play.			172800	IN	NS	ns-tld2.charlestonroadregistry.com.
+play.			172800	IN	NS	ns-tld3.charlestonroadregistry.com.
+play.			172800	IN	NS	ns-tld4.charlestonroadregistry.com.
+play.			172800	IN	NS	ns-tld5.charlestonroadregistry.com.
+play.			86400	IN	DS	25081 8 2 0E823D1AA376C001A94C9EFA4197F6E86C8088AA294AA26306093C3CF0908EFA
+play.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . O1CAMc61H3GhMinfcsc5KZpfgj4SkCwcZ/cxt6Zl5IMIQv18wGSJB/6c29jKR0O1BpCFh0fFlL5zjApBXMhkDByzTwHdK08ZIhjHH/YYBuqZMP69LNvVlWyXqwIpHjnnzllut77MsmFj2hM7+7kkn02Bbl/4Ees3u0DLYB3/njm++ZDaymvhGgweckibchdUb2AAN3npcSkrX+bjt/IHCAlMnj5f6wd6fxGKdCGd7gQgSLg18+h1iBs/gxUIS/7RXV0xjLiYJMDpZp/Vy+MwS4VLYg7k7995qCiTNj4P0QFo3OQfRTNTl56ol+FMxc0MTJAeZ5D/ARnZvE7LvGpqCQ==
+play.			86400	IN	NSEC	playstation. NS DS RRSIG NSEC
+play.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . uMcgBPkj6Io21/pCo+kZLlUqyp88QyZYFNxbsB7mr0lwLbSnojx0gWAufRYhQ62OERjwLEBMgMIGrqNiff9g67QPgG4nNqRUYF7pH1vFlYiaTcIs2KNbG7tLIOCSKMhy5RekSEj89kTwWq7kystQFHwOJ0JvBJARCaF1ZbJx4CAm0kUImcWCWOtIDi+DFmVRFWVbdCyw5tuNmwbuEH0fITMr2n1XOxMSEcDgt1F7d51nMU4tsbCUbQpNdaPLy7JTfWjugMTJi5ajCvTBATV+oetHcySaAtdwJOOYl5uYjzWDFcit507NWm6o9qCBZB3ly7UOxk1My0mF88UFTYfbQA==
+playstation.		172800	IN	NS	a.gmoregistry.net.
+playstation.		172800	IN	NS	b.gmoregistry.net.
+playstation.		172800	IN	NS	k.gmoregistry.net.
+playstation.		172800	IN	NS	l.gmoregistry.net.
+playstation.		86400	IN	DS	32839 8 2 A730646C6D6A5E9AD966881EEA96E688600D163A409AE2BFE3A33BDBC780211A
+playstation.		86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . rlQrHkVfPiWSLXCId2dvOUhg6Ai4YvZajiVqgEGwSRx8ODuVvckQra8VY5f+kP8kjC3By6OQ+lPxg7oZpoEf3dfm75iKQ/6ohZ0gnDKeaU9cvXVmGMXpjNU1tuJ6/BswPZ/8mkZVboji0weqcB4SFAQGIyblu+fk+PNKL7gHlgQUKj8GsUG0bdRQNPWcEZHfFD6jKh+77jmq+8cid7wqHzR2R5kgHImG4ksLStHv0zhtIr6B4YoLmAGxjbtBYV32Jzn1G5FeM927m0viJIRM81Is1yFyeW/6HkJSJ11izM3IdpY9oIDqQPiSViWFAUfW+FG3u+ocJXYr6kHPSn7pFA==
+playstation.		86400	IN	NSEC	plumbing. NS DS RRSIG NSEC
+playstation.		86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . EtJrfpQXAzdhncIljCC+C8opYGK1f2sn1hToQHh8eVm9pCqGL6goxegZFYrYUpGzAOLDeJItdG68F5Awk4DolUdWvUEvc5ttOfeJCjzPkDbOV08zxK/0suvBpsYb8SVsY+Cx69CU6vhT1jdkKY2Y4Sp5bjYoxePb78RJnaC1tNoexLQ2YBwGwWtprEpzVSEpn6myodjarz76W32eZTPvuWcWMEQUQQPIm1Uk2+iG2Btc6kxADoE9sQJN0SbAUTh2tgpP6Zm+1HzWMRNm+P0LxteYsG1/ZANdHNUYdRKfqqqcxDqjPux89Ju9jQDwR27xP01L6t2y80U6h7ZVNXjd4Q==
+plumbing.		172800	IN	NS	v0n0.nic.plumbing.
+plumbing.		172800	IN	NS	v0n1.nic.plumbing.
+plumbing.		172800	IN	NS	v0n2.nic.plumbing.
+plumbing.		172800	IN	NS	v0n3.nic.plumbing.
+plumbing.		172800	IN	NS	v2n0.nic.plumbing.
+plumbing.		172800	IN	NS	v2n1.nic.plumbing.
+plumbing.		86400	IN	DS	48722 8 2 D0024BF8BC37E85179A92E3B16F602AA566E63DF0EB315324BE040FF2D35BDB4
+plumbing.		86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . l2M5BvWQirfAMVMIm1zAaCX7vSWjgGm6NZ0gcd9G/4Dbgl4HSV3Ba8kmtKyjVrAtw5ywrmHARAgRiAuhAcgqyO4haNPXvbh9PHvsH9nTlBIFLz1/jH/cW8qYE7dBsg7hvWSIi2qJwuFmnWhK8sjRJvtDjdq8JrYYsKhZluCW7S5sj6lQB7wVhvm1fnqXIRFnvggEZnCvSrhDb2R/fkGdih/CeMxsZduydjZiGW2y5JYKLCCjXxy2MHG96r3zrLwpauJlz5YxJIMrUFxJMKxTfeogura/U6oOk8I8sA8w1F75sMVfWgVBl7Y26OhPhCWmJxqYeCPGzgPvErvpl4zTLg==
+plumbing.		86400	IN	NSEC	plus. NS DS RRSIG NSEC
+plumbing.		86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . bSWKDJ0JQGM/EP5nSyyDm0xs+xylzMOzlHlsMZedIAFUhcPZzjPHjorFlCEU0PXCAxs5FMcBiqJaVV6NshqhlWQrI1Bp75sSnGbpjiE2NCtFaJEdXTtgtteZlRSQ08EcXAtpyALOsXQS342SfKuTSj7VJGUFQXcdcOVROUO5zzwHR1AaSeZ5cuso0xjclP+1KQXmJpVzRqHI1TSwp9u0O3oCscno3/JglczossfOxz3ECa75s8bq0t5Mg58l3WoxTqNqQ7rJJyCTUwTQio4dpUCYmH85zqyOsLc1aLgthK2waKsTEWPE65amd/xtAerjKmx8daLwnio0oZtCk+B8AQ==
+v0n0.nic.plumbing.	172800	IN	A	65.22.24.28
+v0n0.nic.plumbing.	172800	IN	AAAA	2a01:8840:1a:0:0:0:0:28
+v0n1.nic.plumbing.	172800	IN	A	65.22.25.28
+v0n1.nic.plumbing.	172800	IN	AAAA	2a01:8840:1b:0:0:0:0:28
+v0n2.nic.plumbing.	172800	IN	A	65.22.26.28
+v0n2.nic.plumbing.	172800	IN	AAAA	2a01:8840:1c:0:0:0:0:28
+v0n3.nic.plumbing.	172800	IN	A	161.232.12.28
+v0n3.nic.plumbing.	172800	IN	AAAA	2a01:8840:f6:0:0:0:0:28
+v2n0.nic.plumbing.	172800	IN	A	65.22.27.28
+v2n0.nic.plumbing.	172800	IN	AAAA	2a01:8840:1d:0:0:0:0:28
+v2n1.nic.plumbing.	172800	IN	A	161.232.13.28
+v2n1.nic.plumbing.	172800	IN	AAAA	2a01:8840:f7:0:0:0:0:28
+plus.			172800	IN	NS	v0n0.nic.plus.
+plus.			172800	IN	NS	v0n1.nic.plus.
+plus.			172800	IN	NS	v0n2.nic.plus.
+plus.			172800	IN	NS	v0n3.nic.plus.
+plus.			172800	IN	NS	v2n0.nic.plus.
+plus.			172800	IN	NS	v2n1.nic.plus.
+plus.			86400	IN	DS	5074 8 2 EAE08E76FC529973567F9EDE81DCAD8090F91800AB271B798006AE563A538B2F
+plus.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . Xch2B/9qCjIE3VJ/XI/fQEc5avVQcSngX/bog1hhBt/DrxD6cuG2n+uwFCg8vEzIY4YFgDw5VozR8rllZdNLScrtVVp7BudfUd6rKXMvBn4myp5fCA+NrMheejRxGP5HbrgaqthS2W+AB36YQT+zm5v0QuKCq4fVB+3TXowgbsFde/gGWvTqY4OWpbt7HKYyimpOu9cyyeoP4t9lPVFfWpSrv/xiL+jQTem73ZSyi2bdWez5kC0eiNIFAF4JoEri1D/pBOFBud2U5svLWB7l290NFHObgRYmexxIaaYDdxPuustsHpaar861fzGwBQEDlUIy2xQOuBh+BoeEFqEXUA==
+plus.			86400	IN	NSEC	pm. NS DS RRSIG NSEC
+plus.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . bSz/B4QZ4RuXHpeJuZ5+sk1mmuMBGfx9EWN62YVE0IC8rZzptZzZb6/WCAiVLz1LlOZ1sQBdKUJ+zHH6SRifg3/YsT2mPRx+cgapwfthHe1SGDecxAgAcJepRGntS7P4ax48bW03TwZxd6DABjVygpAAczu0Hhs3R3MIceV0n5qtdUlw2lKnOOLYPXsU9py6uIFlvA4AiutHT5kJ0TCmYv+tj4xRzH2oTjPdbWWZAcc37tj67MtRyX9h4gVbu2bYI+nOKqqalKOsLvGzpDRSboXlyBGl71rEmbxbzjIjnDhRor78cDpcSgukdcAdMrvz+3H7eiI9OdJLebSgrVHDrQ==
+v0n0.nic.plus.		172800	IN	A	65.22.32.39
+v0n0.nic.plus.		172800	IN	AAAA	2a01:8840:22:0:0:0:0:39
+v0n1.nic.plus.		172800	IN	A	65.22.33.39
+v0n1.nic.plus.		172800	IN	AAAA	2a01:8840:23:0:0:0:0:39
+v0n2.nic.plus.		172800	IN	A	65.22.34.39
+v0n2.nic.plus.		172800	IN	AAAA	2a01:8840:24:0:0:0:0:39
+v0n3.nic.plus.		172800	IN	A	161.232.16.39
+v0n3.nic.plus.		172800	IN	AAAA	2a01:8840:fa:0:0:0:0:39
+v2n0.nic.plus.		172800	IN	A	65.22.35.39
+v2n0.nic.plus.		172800	IN	AAAA	2a01:8840:25:0:0:0:0:39
+v2n1.nic.plus.		172800	IN	A	161.232.17.39
+v2n1.nic.plus.		172800	IN	AAAA	2a01:8840:fb:0:0:0:0:39
+pm.			172800	IN	NS	d.nic.fr.
+pm.			172800	IN	NS	e.ext.nic.fr.
+pm.			172800	IN	NS	f.ext.nic.fr.
+pm.			172800	IN	NS	g.ext.nic.fr.
+pm.			86400	IN	DS	17970 13 2 7D82CCD8DD0674CA01CCF836C21240A504C85597EED5E511131C3E17C323B503
+pm.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . oah5/Gd0qowW9pchKtKuJO2LytXPSqBxJ9qeh7axj71Szfk9GPVuuRl+FgGH40PTAOchIoI+TUmqTsxDrsp5UAEBrcCxLXkBlv0pQnrqhNOy2yvTBjds0KQT6iyxQ8a4+YAk/d6BMZFzlqput7jAjuHetfI3JXQ9m1Y9OKJSgd4zMKCnT+3k7BD8Z3tx4FIZb+SJYPxp2pBqJMp9BdH+8wk1yC2h9uIzrxuIsknnjrAoplRd1UCLhs1Ljv1l8F1hxLqAJqjs7E/2vFU72bwcSepXYvrMIE9WAxcdDjD9WGj/ymj8pbtc6gevgG5cQAnd/5/NT5OaWGV/a+lqgwvO2g==
+pm.			86400	IN	NSEC	pn. NS DS RRSIG NSEC
+pm.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . CW4sdV3piZWUNAFoV257wBZ/ZtclDIt0nLL403Ty1IcrpRF5y3TJ51BAPvpaGrbHNL3pxHGsm9MVGJx+hRBJqTAdTmMmuQnr7Yd6OyCjJwslnWwx/2WkEyuWbIjJUJUbu7wNeC4YwMVGtZ5bybdeHbciECvizaO4IdCb+LhgrkObG0HML0EEAKBsNzDgpB6bqQnvocuRod3WCR2J4DE056XcjZMGrnE1FcmnWN2kyPdgI8rAzeO2fTniJSBgB6dppga73r5MI+FHjQm0ThD7vluKARXDdbFIpjnsWfExUvFza8k2Yt5i1eWh9OuSnPWHVaRzl3MZtZLvdYKE8VI6sw==
+pn.			172800	IN	NS	dns1.nominetdns.uk.
+pn.			172800	IN	NS	dns2.nominetdns.uk.
+pn.			172800	IN	NS	dns3.nominetdns.uk.
+pn.			172800	IN	NS	dns4.nominetdns.uk.
+pn.			172800	IN	NS	dnsa.nominetdns.uk.
+pn.			172800	IN	NS	dnsb.nominetdns.uk.
+pn.			172800	IN	NS	dnsc.nominetdns.uk.
+pn.			172800	IN	NS	dnsd.nominetdns.uk.
+pn.			86400	IN	NSEC	pnc. NS RRSIG NSEC
+pn.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . LlMKQ6uneCtyJrEqTZtSpKUBqEUa0PAWAyPJjEEl64d8Oz0blDYeXN/n1LVL4Cfi2+jchSUbrEXcdM3OMJiM0Vx5jngf0cDmE8mK9ryE6bbuTnvP3YPERcbw7/p6xSiG7gmj43HGTMFPOevEfUNaDOrZ82Dz5dalQDeIYW8PQu6uDT6NTPhUCugB3NQm2AQYJoFanM6EWqzC2i66Df6aEjS6AFQJVIip/kxHG1/95NrqoRy4xTParIknUUJbaTtAEZ54dIIXr/eLPXVjF+4CnOnd5iaBstTkDVGg9DpcrJKQ7XtH9r5PB+epH8EfzeJu/QUuz+BzyX+PX897DshRTg==
+pnc.			172800	IN	NS	a0.nic.pnc.
+pnc.			172800	IN	NS	a2.nic.pnc.
+pnc.			172800	IN	NS	b0.nic.pnc.
+pnc.			172800	IN	NS	c0.nic.pnc.
+pnc.			86400	IN	DS	40264 8 2 137C7B7B6BE3D79FF1C7F5DDB9525CD8BF14B821DCEC08FF5A3A7B128E58660B
+pnc.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . yxPfIwAtUSxS4X8KXTJZzW+5UNDHdA4JBtYBlFMI7prQkFFRU4IxWnGWCaHnCpy0WIuIbV0LPH2EQPXfOVpSXuWdAAm3Em6DZwXQ2srGuX5mVCEwCzut2WGf3iIK5ienyIn66BaIPGojtsrtUz1/qs+EUTFYWriQOvU1Ey++MrBcQe/yke0lc7w1t6fuenJyjGjR78VMhDVbckf80lePSQxqlyHYEkkYzQ+fg+kVJqqFRIVFudMXaVn70jqWszISgY1ymgKhBmCTD7/SRIPByqyBLo6FE1xXyLRe8ikRnKM4Dd6vDrj+vJK0fhJkxR4gknymfKKWH96+NwMdSvgTTw==
+pnc.			86400	IN	NSEC	pohl. NS DS RRSIG NSEC
+pnc.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . olniEZUMKt+wROWdBMJJtjgPuf1k/Qr5CiyW4aKjd1BQBJCATQY6j+CZZWd9xoWdqftL263aPhuUpmJPpi4u5vLeMhPgtIpwod5F76oDjzxjqZpR+vT4AJAzWfRr4YlrjwBeb0F6ex4wk2r/IbEha3TanI7IqkVa+9Y6YZ6jHDOtr6d/Ie9P4n+Ib7oSytbsSCFRU/3O98ZEso+UcHxE9RkhdFA8nTkWABIrJ6UHDpq8O/NIuOzNTP+9kxaCFAYSjmuy4zES5XyNINRnVwM5tRNc1p/ILCBtq2PxTgFwZqoHyQ0neF+a2i2myLd0IvR1ylsqaRQWWZpof7yYJGItzQ==
+a0.nic.pnc.		172800	IN	A	65.22.64.25
+a0.nic.pnc.		172800	IN	AAAA	2a01:8840:3e:0:0:0:0:25
+a2.nic.pnc.		172800	IN	A	65.22.67.25
+a2.nic.pnc.		172800	IN	AAAA	2a01:8840:41:0:0:0:0:25
+b0.nic.pnc.		172800	IN	A	65.22.65.25
+b0.nic.pnc.		172800	IN	AAAA	2a01:8840:3f:0:0:0:0:25
+c0.nic.pnc.		172800	IN	A	65.22.66.25
+c0.nic.pnc.		172800	IN	AAAA	2a01:8840:40:0:0:0:0:25
+pohl.			172800	IN	NS	a.nic.pohl.
+pohl.			172800	IN	NS	b.nic.pohl.
+pohl.			172800	IN	NS	c.nic.pohl.
+pohl.			172800	IN	NS	d.nic.pohl.
+pohl.			86400	IN	DS	41627 8 2 D31963884932152AC788383ABA38B83F187291AFB59092A43185734EC561F506
+pohl.			86400	IN	DS	52324 8 2 F733939F77FE6A3F4FC63546CF69C4A86CF432BD6F41147B287818BFC87661C5
+pohl.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . Kr1rQKAMLegZ2iG018E0ddJ4Lt5kChpaaLM5EGXaFEMdiNdUcRcTSPrwz5lqyxoUq8WRmKPNsYQwMI8BZIPKxYof3z8rn1RFwDexxX3FEmRTenZgDZqm8nsLa6lENENNbp51JPc72VkBZYYpOq6EUEtnn6PhOKsjUUc0z+uoIwuKWoMRyKoHF7m6t6lnCfzvYI13PP44EfTAo1NvHD+p/eBG12gaPLUwVyPm9Ko5NyZUckEk4VcjyT02s+mDvgs1CRrTAzZQ//+RfGlZ8HlDHA1IdmdcGfLEa3SakVzUGijZAdwMtKoDTiIbtR7HHYbNeLkfztfKWGbvYR/cQIqcUg==
+pohl.			86400	IN	NSEC	poker. NS DS RRSIG NSEC
+pohl.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . no8pyOt+KEJErxrwJyFLLkHTehmthOJSTOhalGZyaTw5fRAJP5lkImrDSlufMdiPfFVSSOnqd9QDM6i1ZuI1kcNgsPMOv/LH5fxej00U/ZpGMqK2oBDlT464xCtvoDJ1mj/Kb0ut4WAOEoNRljz2Hcu3v5srSz78vZubjFWHj3LuxFPx9VGTVWpTxlOAsGMQ9IFUov4mbUg0Hp084+33YWxrixZ6nrOUsm5xSkN0DLRQbOo7XpIUdD0i5QsO9hSzVjXCKff8dBNNOrhoNG1VuOrmOJTHNiDbpjxpQtnlU4fey9KaAeMKlyttrCVjR9WwV3UA1rNWjEriRcGYc/ydvQ==
+a.nic.pohl.		172800	IN	A	194.169.218.96
+a.nic.pohl.		172800	IN	AAAA	2001:67c:13cc:0:0:0:1:96
+b.nic.pohl.		172800	IN	A	185.24.64.96
+b.nic.pohl.		172800	IN	AAAA	2a04:2b00:13cc:0:0:0:1:96
+c.nic.pohl.		172800	IN	A	212.18.248.96
+c.nic.pohl.		172800	IN	AAAA	2a04:2b00:13ee:0:0:0:0:96
+d.nic.pohl.		172800	IN	A	212.18.249.96
+d.nic.pohl.		172800	IN	AAAA	2a04:2b00:13ff:0:0:0:0:96
+poker.			172800	IN	NS	a0.nic.poker.
+poker.			172800	IN	NS	a2.nic.poker.
+poker.			172800	IN	NS	b0.nic.poker.
+poker.			172800	IN	NS	c0.nic.poker.
+poker.			86400	IN	DS	12856 8 2 571EFC932D4C25E2F41DF9E216B66732F8D17BB7EFD2F6230AF3127948BA167C
+poker.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . DsnmVeJcBOE3tcComhS3gbpjKfEK917vjIu0/qpylJyAMTdWBLtj3PMi2Tp0XW+iT8vxGM/wjjeaHaM7jikabHorkiiuvRpHZbEd5igARNqTi/GKSYCGx+ERO6VRkcqh6lED4uHLE2mWOaV1bXtoDY+YvNDBf0HgBVh+ZJWzSrb2cmWcXlsHExpDTfB9Nrb77xqQc9EP4UjPjZAiruYmIjAME3fUUuGXmhHwI9djgDRWiP9aPNX8xwZlAEDHGh3U7lV4Sc2tRXatfCnVTH5Vtr7n/WXj5ZxE4fJ61oz6c2/2JjHMF9Jw9XQTkREg99k+GjtiVSJdQJc0D1RnV5pbPA==
+poker.			86400	IN	NSEC	politie. NS DS RRSIG NSEC
+poker.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . MQLYNb/rm6WzMCMv0so95D2ok+m49/o829MCooffVAT6GkCR24QaazaWaEcFlfrdO7KFoUaYOvZrcA8R96SR5ca7Ijuqr8parZbWxgk5wMBJjwTo7/qFqUAmr7NgsT+Y81+q5R3e+mDXMtrIa4+roFBLnS4VWrNfYafxKh/2Y3oBc5M6JdcEyOHXHOGMnmdug4lR2Sm+b5BtS3RuW+VaPjSGOQkHudMdEyhuJ+DSRmAf2ZPiTILAnVbNgr+BntrHV+EZdkaazQCOteI4c+j6lDEN2jOcV/VAaAvhVD8iksXeF3WZz7hES5lvpdIeleKtfMOPELR90+Cqhe5BvZ6b2A==
+a0.nic.poker.		172800	IN	A	65.22.20.33
+a0.nic.poker.		172800	IN	AAAA	2a01:8840:16:0:0:0:0:33
+a2.nic.poker.		172800	IN	A	65.22.23.33
+a2.nic.poker.		172800	IN	AAAA	2a01:8840:19:0:0:0:0:33
+b0.nic.poker.		172800	IN	A	65.22.21.33
+b0.nic.poker.		172800	IN	AAAA	2a01:8840:17:0:0:0:0:33
+c0.nic.poker.		172800	IN	A	65.22.22.33
+c0.nic.poker.		172800	IN	AAAA	2a01:8840:18:0:0:0:0:33
+politie.		172800	IN	NS	ns1.dns.politie.
+politie.		172800	IN	NS	ns3.dns.politie.
+politie.		172800	IN	NS	ns4.dns.politie.
+politie.		86400	IN	DS	9518 13 2 7CD0F19183C87D685057BF63640434B80BF32608EB2E014854E398B437B543CE
+politie.		86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . GdPEb67W7lijUHatXHOEh9jG+hTe5WEjRTywgQJAbE16FNgZzI418zDnsYZrDO+Crr8qaULEARKaJXHjNdWKKA+L3x1ClcQDNYYJ82XAC38ROEZ1k+c5LByHS8xZvBaeEY2g6IscOdFsTzjl3oGjZHJwElWV7tFSpmDhJISUbSxi2UkDvpB8UFeX4uu+gxDf2YPYXnaRRUZvBXlOgQ17hAO9wCjXcEo6uweNS7PLtXCuA4/Nghg5yD4wWgkdF35MPBNs4hVJmTYGeorGiaTGAhXuw/l9JE8vInM2aOHTnUDkEFKrY9bL8icMAno6RLPc+dXts6vsV18H/oy8UvWn+w==
+politie.		86400	IN	NSEC	porn. NS DS RRSIG NSEC
+politie.		86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . fKjTK3aymvM9CpP0hetZdezOwof8wIA72UGd9S7v8n7kNagflTlog8Ezhgg92AVUiUPU3+0JCi32BfWjabxvKc+FRNfQgaKfc5jdwMV43PPOFpidOVoKrsUVM6FB/Xjjnj3qPeQG7oVLhhwFbsGj9k3Wmh0bxQHLQvwOsT1LlMnaz0Em5xk50NcivG+OIS23pfemgBZNSef9kq0VX4mXFj0o/iG8/TjWTvFfqLJYGEW5rUYu8FgvE8gMl3lU0yJxUljwfsJ/cQa7oIFx2uCWbv6safuC3uAqnW8lapEYqasgB05/NEF+vBRyZqT0O5XuG5J3/f1tVjX42W3ZlW65fg==
+ns1.dns.politie.	172800	IN	A	194.0.28.5
+ns1.dns.politie.	172800	IN	AAAA	2001:678:2c:0:194:0:28:5
+ns3.dns.politie.	172800	IN	A	194.0.25.27
+ns3.dns.politie.	172800	IN	AAAA	2001:678:20:0:0:0:0:27
+ns4.dns.politie.	172800	IN	A	185.159.199.203
+ns4.dns.politie.	172800	IN	AAAA	2620:10a:80ac:0:0:0:0:203
+porn.			172800	IN	NS	a.nic.porn.
+porn.			172800	IN	NS	b.nic.porn.
+porn.			172800	IN	NS	c.nic.porn.
+porn.			172800	IN	NS	x.nic.porn.
+porn.			172800	IN	NS	y.nic.porn.
+porn.			172800	IN	NS	z.nic.porn.
+porn.			86400	IN	DS	3196 8 2 6B2D8FEEA5A23845E6934F5639D4055639D7B8D1FAC4B5C19C7E5CD45745344D
+porn.			86400	IN	DS	53866 8 2 6FC2A5CC5949B5300AA6BDFDD041D34BA5AB08604F22F7B3E34654FB22F89B68
+porn.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . i8FaZXHUjnYcUAkKifUyHRbQv+U68Ma5QzDP38Ne7q8trcKowSQ0d1JMu+fVWkfU3sjs0uAlDBS7sH1OvsVzYsxCiz7SUCXySYuQoRX914pR7/w/oqzP5N8nyCqpkjjibvocU3WfmTUaBkzXuUxi8YK+dWerDGo2/NV/teCcxpbThiU1TdTGEOsAhFv0/4xucY/yCpNrbC+6ybpkM25ZfRIxE7FIiTShvPJUYdr88uQtAFvaNeVRZuDtSe0P7/Nl02fMKFm5bDa4S3pmVUaOzXBujlrqrkAyKZNne82TvhbF1AnRG7QnvA2QAJgiyo5d6vVkHKOCh6Acc6EwoOUGJw==
+porn.			86400	IN	NSEC	post. NS DS RRSIG NSEC
+porn.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . KaDAj0Jbxk6w0o9NmdFlSodUBGUyw5xrnnrwWa5L3hcoMHHg474wm1PV0HLaM6sFg+PhYT/Bbm3CCUIREHQD1kayTxMvLYTrfgdQTvJmSMNRAvFz/vfkwDLUiXeQyEvphNPyTucdqP5zTYBbHkzqU6w65HA0c4fXZH8+ZeXCkzARunq2c5eV5FQVYWEvceLnc0l3A6sffDy4iNoqBzqMgHUSmpA1xFzALn3jX3U32/oV2GI/ispRzqRRe9eGpbO/lQ9qEIEVOPhXeZ8UmzTNilAXnWSbGa3gCizHUaZV5u+MuaYnj4zV81ze90gSYyeWiEJeT2Eds8eJ1CSNPkHx8A==
+a.nic.porn.		172800	IN	A	37.209.192.10
+a.nic.porn.		172800	IN	AAAA	2001:dcd:1:0:0:0:0:10
+b.nic.porn.		172800	IN	A	37.209.194.10
+b.nic.porn.		172800	IN	AAAA	2001:dcd:2:0:0:0:0:10
+c.nic.porn.		172800	IN	A	37.209.196.10
+c.nic.porn.		172800	IN	AAAA	2001:dcd:3:0:0:0:0:10
+x.nic.porn.		172800	IN	A	156.154.172.82
+x.nic.porn.		172800	IN	AAAA	2610:a1:1074:0:0:0:1:82
+y.nic.porn.		172800	IN	A	156.154.173.82
+y.nic.porn.		172800	IN	AAAA	2610:a1:1075:0:0:0:1:82
+z.nic.porn.		172800	IN	A	156.154.174.82
+z.nic.porn.		172800	IN	AAAA	2610:a1:1076:0:0:0:1:82
+post.			172800	IN	NS	a0.post.afilias-nst.info.
+post.			172800	IN	NS	a2.post.afilias-nst.info.
+post.			172800	IN	NS	b0.post.afilias-nst.org.
+post.			172800	IN	NS	b2.post.afilias-nst.org.
+post.			172800	IN	NS	c0.post.afilias-nst.info.
+post.			172800	IN	NS	d0.post.afilias-nst.org.
+post.			86400	IN	DS	35725 8 2 5B8265DC3F1952980AB5369253C4A4ED9D674D91B8C39360B22A7DEAEF168FE0
+post.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . yFRSZID3dPFhUC1ZARbzA7qkE7Ue7QrvlaeRbitDX1suZX02LLeCvPHloFlfOjD0Rdd4Qbs3vteiyQzUMkXDSDPtF4V7VqXH/leg/zxd6aG7zOY4k46lE4lcFR7MMXdtdl1HeiQwLKTIS/qc/3guka4Sz+b3c4OwTs0+LVLKTCrW8M+ZKjML4yJUOVzsrCuxtX1Q6R2UoppLLFv4l+d99qEVEgkysFEK7kKmFrSq1a9l3e5cBz84tBW0busNln8KMVw/C+EjIGQ6DugDcRXLIM3Ia539wxGJg6A3AEfEEY+cd4uHufgK6uUdI2WChYs1rzvex8SnG8/4wtOh1GIxWg==
+post.			86400	IN	NSEC	pr. NS DS RRSIG NSEC
+post.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . WPyZjebHT8tqY3OQonmYVn+GbkzrlmX+v9RSC12EKks4fgR/K7BssyVPCnWSscjl/HTGOLulubrtUub/raR6iDixAI/xMtcUWFoIwt9Ls5V4X02cgajS04cUyqVAiKAiWqlykGPO6dJCgKtfJafRTRWibmv4/7y6C78N8/SezYOn7cR0Hb8XdR1FxdpfUZAq4VDOiiTWkkU420KIRm/Ufwmr1pqGZzsB31tgFBTcmHOtTNZ0tkCIFoEvT/Bf4WrXGiIPrir8EX+M1yJ3Z9uOpSqJHFCH/iA/rm3KHv5Hfww3Z1rEawUeyTzxERPczbK3yBHpd4/XykPO78gcjifneg==
+pr.			172800	IN	NS	a.lactld.org.
+pr.			172800	IN	NS	a0.pr.afilias-nst.info.
+pr.			172800	IN	NS	a2.pr.afilias-nst.info.
+pr.			172800	IN	NS	b0.pr.afilias-nst.org.
+pr.			172800	IN	NS	b2.pr.afilias-nst.org.
+pr.			172800	IN	NS	c0.pr.afilias-nst.info.
+pr.			172800	IN	NS	d0.pr.afilias-nst.org.
+pr.			172800	IN	NS	pr-dns.denic.de.
+pr.			86400	IN	DS	5134 8 2 2E7F12833596203DBEF32DBCEBC2CFD2F6D3AA4432A9BB39927394C6CF1A844A
+pr.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . R2v0sCdLAQrEt04BwgXSOH6Sr+/ifygqEop17naxe+EOSl4fnQX5dW7ZvQxDZyTwQvqs5u6wxliNQJv5K2ASShFQVsvh7P5ALvf3dZQ2HaXi0Gl3OMLzeC1bat4/uCVc1+8RErDBaYPmc9Q0Dtd3U6f4lMkrMqbdl43Zm57fCWYoUq+6gSaI+tUoYBYbfWw1Iq4PoMaa1eMpXe2uA7LlHLqWM5wHxTcU/Kb+uaipg/qIZzPvHstPZNSubVflKM8mFysPwSUrcYhAA7DKjQmMtKIDyITBPJamDXFCNEV+aZbUUEXaTB7yYue6yDlBLn7gJ3l2QVOmYfnWvmbogVDssA==
+pr.			86400	IN	NSEC	pramerica. NS DS RRSIG NSEC
+pr.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . pm/8SB2y9jtBNC9B9McnZ6SsfoXNWL0Ymmd9Rtx5dSKHopc8frLMwWaBmK0l37KUxs+ISDEU9Z5j6DljbC8d7Y9mb4UV1aPa9fREhblnQAEpSs6pkx9WDilQsQAGJ0AcZL5TFbhoBD0qBWMuKVvmkQbj5PkaxR3Aof9/a9m4aoPdbHz61NuPIaZ7yVpdkiGUM9eKGNfWSkkq5iaCklu9DSbVyQ9lBsEX7ePe6i6rmYNqLjNpeCzEBvcVA2UYLIKkE5cI8pKvkRsA0C/C52rT7t/Nvon3YF9NafDgyZe1Ypji//68v6D8NKwuAo3FJ52fYfQkb8fz+mmgouLo11SWnA==
+pramerica.		172800	IN	NS	a.nic.pramerica.
+pramerica.		172800	IN	NS	b.nic.pramerica.
+pramerica.		172800	IN	NS	c.nic.pramerica.
+pramerica.		172800	IN	NS	ns1.dns.nic.pramerica.
+pramerica.		172800	IN	NS	ns2.dns.nic.pramerica.
+pramerica.		172800	IN	NS	ns3.dns.nic.pramerica.
+pramerica.		86400	IN	DS	22411 8 2 55E42F1140C47CA9A71E1306D0487E31DCA919961409E9121765627E563FDB3C
+pramerica.		86400	IN	DS	42634 8 2 34C29E72AFDE2F27194A21E6D5C9E91AC44B5C04328D7FADE36C026C18C118EA
+pramerica.		86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . QpC0BDBHqlKfty0adJYun+jo0RTmxpPw6bDgo2tT3enF2WzPp23InYHrlAn6oDhGuqA+slqchxohqKE9aAFeVTdwEh3PIZCSYej4Y36cXfNY0YEqpzZNwpOPbaDzVD20//EI7KWU0DMX3s5oRtTamZmgPNqjawnKpXlFtTu9uzBf8naiTzEnnjUufCqSN81BBp1Orepf7GJePkrFR2HGbr3IiAhlVsDm0eZPPFu+d9RgzookQUZlb4Sb991XNoQOdcnE06FhVUwgmrERATX26eSw7Tgxb6fo7FGPidJgW/oi82PLO6dqOe0tnpbh0BtV4MtrXQEUBlCvwKGTc7Vfow==
+pramerica.		86400	IN	NSEC	praxi. NS DS RRSIG NSEC
+pramerica.		86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . gdtWL7DIuvxsp6FdAEOwHv+FCgjJTZvQHGwOqobZ1+YHpTbRn9GXGt9VK8ZwHLCKZDg25lpqBFHlQgEWXuyRWdpWupQStifoBrtLjMKU24zKhD+QwYQynQRPIkMFHc818CbWvbXGIrhv0XuNkTDBsUei7A8mfGqeVVIhueIT+uGLPLZ5g+OVeVZk1t8cpGQJ0Lpz3hheWV7maudw5YiYp7uA7Q/6/dCr1Ul2e/4h3h6NbqxY3tdipWKQ/+runThVAm9MsyhNm0gBFxQLLUnZj1Sr0YpbzorctUrnfpNeg/8d+Rp7gxEKbjTfOcL2XogV4ckThT5WBJm/X7G8Xk3wYg==
+a.nic.pramerica.	172800	IN	A	37.209.192.9
+a.nic.pramerica.	172800	IN	AAAA	2001:dcd:1:0:0:0:0:9
+b.nic.pramerica.	172800	IN	A	37.209.194.9
+b.nic.pramerica.	172800	IN	AAAA	2001:dcd:2:0:0:0:0:9
+c.nic.pramerica.	172800	IN	A	37.209.196.9
+c.nic.pramerica.	172800	IN	AAAA	2001:dcd:3:0:0:0:0:9
+ns1.dns.nic.pramerica.	172800	IN	A	156.154.144.138
+ns1.dns.nic.pramerica.	172800	IN	AAAA	2610:a1:1071:0:0:0:0:8a
+ns2.dns.nic.pramerica.	172800	IN	A	156.154.145.138
+ns2.dns.nic.pramerica.	172800	IN	AAAA	2610:a1:1072:0:0:0:0:8a
+ns3.dns.nic.pramerica.	172800	IN	A	156.154.159.138
+ns3.dns.nic.pramerica.	172800	IN	AAAA	2610:a1:1073:0:0:0:0:8a
+praxi.			172800	IN	NS	a.nic.praxi.
+praxi.			172800	IN	NS	b.nic.praxi.
+praxi.			172800	IN	NS	c.nic.praxi.
+praxi.			172800	IN	NS	ns1.dns.nic.praxi.
+praxi.			172800	IN	NS	ns2.dns.nic.praxi.
+praxi.			172800	IN	NS	ns3.dns.nic.praxi.
+praxi.			86400	IN	DS	19099 8 2 3E39236609363BA83713BBABFF24B95FC7774A6532D68B3F8D7766BE5C7054F3
+praxi.			86400	IN	DS	56446 8 2 B6EB17A0657C338C939960A1B134AF133254BB756D7211CB3D9AA4DCD2495656
+praxi.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . Ce+uJAnySILtm/a8iy31TwnjKzakxCz02O3sgbYjycYcEGJkdqzHRv0Jt7l3wf7q72zjhmw3c/Oi+LsY8JScChoPrGPQMiIop210MzuspETdUnlsX2qHi2ar4PWpzTlirpzBJuvTkpPutQJ1pGKPJEhotgpPhhsgxcfsbDr3vSbOntkyQo64jyZ1n+ru+7Jk0tWebkr4hUTJ280ALhmW0K9N7chivcbtxrF6+tFinruPfXNwxJHHRaMqcTB7FFaJT9bStlOGbtvXw4j8guoSbP1mxrbOCYrL/GzmEHZpwu14bHl2h8QZdqu1MPVDMhOBM1CoTLlz9V8Ms6mYZx1k/A==
+praxi.			86400	IN	NSEC	press. NS DS RRSIG NSEC
+praxi.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . Hmt3wMfZJSGKg5oUGMjaWGr5NnX9JN3CTivI20RDbwWJsfiGLGegC3Yg/6ZBtjKFr6VQssFF+DQNY2rlKTBHnV/czTXzSw1O2eSedGR+HG+k6FfmQV3GHaHbKUgzqay4PxOjARMziyAcH+KIPH4MhR2eGW1/PkB7wQOsc5nObrD8GjSmkh2a6LCh5NdeRyTCnPuoV39sjhlBuqImv1pu1EoVce0M5yN0enGDedtUEDPZBLK3iq2Zw7t9W5qxzQ7z7o8aMu8Bfr1qXu4ovRDY3n2wa9opnGFOJBo3OGpK8Rg/UeW+Gj2SOizafA9lRXrIiZ5JI3IYjU+wCGcOpO0hwg==
+a.nic.praxi.		172800	IN	A	37.209.192.9
+a.nic.praxi.		172800	IN	AAAA	2001:dcd:1:0:0:0:0:9
+b.nic.praxi.		172800	IN	A	37.209.194.9
+b.nic.praxi.		172800	IN	AAAA	2001:dcd:2:0:0:0:0:9
+c.nic.praxi.		172800	IN	A	37.209.196.9
+c.nic.praxi.		172800	IN	AAAA	2001:dcd:3:0:0:0:0:9
+ns1.dns.nic.praxi.	172800	IN	A	156.154.144.139
+ns1.dns.nic.praxi.	172800	IN	AAAA	2610:a1:1071:0:0:0:0:8b
+ns2.dns.nic.praxi.	172800	IN	A	156.154.145.139
+ns2.dns.nic.praxi.	172800	IN	AAAA	2610:a1:1072:0:0:0:0:8b
+ns3.dns.nic.praxi.	172800	IN	A	156.154.159.139
+ns3.dns.nic.praxi.	172800	IN	AAAA	2610:a1:1073:0:0:0:0:8b
+press.			172800	IN	NS	a.nic.press.
+press.			172800	IN	NS	b.nic.press.
+press.			172800	IN	NS	e.nic.press.
+press.			172800	IN	NS	f.nic.press.
+press.			86400	IN	DS	4289 8 1 2EFC540D13139B56FC1041247B275BC5CC6DE009
+press.			86400	IN	DS	4289 8 2 03A4602F454DD05E3EF2B7A9507F7E4EEB78BA9259E35DA7C3B20FD8DA43341A
+press.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . gSiZpnI8PPy3Cs73pe1f5ckHlgrycacpyTPlO8ByV/3J1TEImgAW916q1Z4Fe1TgMqd18ja1hzTDupGeIvmpVQhF/wEjRq+BOJtbaUdoxgT/Z4pntfEkwYAHUfYF7EH/ArGmWm66EYvRkwEkGky7grrlgNNLcGjuN11ZFgQgIjZ7WBFzCs2RsCx4gMcBu6U7RGR5mLM0rNMs7gMBCef9LVGhNatvxopICjyd2nAhDF8rIN6RdqwMYq6erMOhuXJ8yOtrEvl0RNrziYZDYAgiF3se2i/OM1ALRljWzJV4n8QbXgzuTqZyVXo73EDf3Opl071jfeVV5JlyDUV1qqnjVA==
+press.			86400	IN	NSEC	prime. NS DS RRSIG NSEC
+press.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . Ywz/c5E08CTA2dYLoosfsmk20pE0jp4SwJItxZHcjsJCk9tUQ0yhTdNI2bC84HYTb7fuC9upjQPuIABhj1Tqjdyud/GDSK6TqREGHVeQZc2p39IMjPMSFUmpX7249Ous0yqWaSWFGIkNM0anXoQSwylN6eX3XetyKxEYjDtH7HKayWk6q23Xd5t/YLZMymnu5zl3z5qb5CN8hm3fwPK0LihPgZNjYyYUUtrSo1Ey/7VX9gi8HkZW5h96U5kvDT0v0Hk/n40Y7rE60evWV3ormGSRSAFqu52ai7t09vOdeJAGoOcsp9kXaypXONWGhmK1WJJ63VJgxgVbsURKt9AMDw==
+a.nic.press.		172800	IN	A	194.169.218.34
+a.nic.press.		172800	IN	AAAA	2001:67c:13cc:0:0:0:1:34
+b.nic.press.		172800	IN	A	185.24.64.34
+b.nic.press.		172800	IN	AAAA	2a04:2b00:13cc:0:0:0:1:34
+e.nic.press.		172800	IN	A	212.18.248.34
+e.nic.press.		172800	IN	AAAA	2a04:2b00:13ee:0:0:0:0:34
+f.nic.press.		172800	IN	A	212.18.249.34
+f.nic.press.		172800	IN	AAAA	2a04:2b00:13ff:0:0:0:0:34
+prime.			172800	IN	NS	dns1.nic.prime.
+prime.			172800	IN	NS	dns2.nic.prime.
+prime.			172800	IN	NS	dns3.nic.prime.
+prime.			172800	IN	NS	dns4.nic.prime.
+prime.			172800	IN	NS	dnsa.nic.prime.
+prime.			172800	IN	NS	dnsb.nic.prime.
+prime.			172800	IN	NS	dnsc.nic.prime.
+prime.			172800	IN	NS	dnsd.nic.prime.
+prime.			86400	IN	DS	48080 8 2 B29003C3E5F60CE38190106F221D85B335972C9DEC6EA671C1536F63E081D214
+prime.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . pA6XobkNA0EqiAedDO/TdpQ73Lphi1lyLG0ZLZ2GOMKJgSDwMiB1jc35KVif4BXfBBXZ2+zJ1IGyvbOcxXEqd0YY985gUbPhos4btbOjwZnbFIW0C7u8j1EoMN+7TY/XCBffSWcIxEJuB+pu3Q9oAxIZnf19xiO8GhxhlDpzQ/7ExLky7XuUAqfnafE+eSIig1ZhbhcxO/MDsfmcd9dD7H6FhAv2TpDmOZBp+3mLG0kaOu22Flkm568VR7nI+Vs9DJULEezvfFGOGF84HraMg3HbnThzb6FgkrhrqtsZTfQHBkILqd3UOM9eXQWVsIM/+1cGHmdTStFqv/IvfugVcw==
+prime.			86400	IN	NSEC	pro. NS DS RRSIG NSEC
+prime.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . KJEQjKt08XLmj3PcikcOk2L7YIc7foMB7zmV0eDb6ayPMkXymmipNc5lOc7KikH6vJB5ixvhhvqtr0H2syrtYHJGnj1UbjFSlQNKs1CcQlvX3a1BKFso19OqqS6gNXQA8p2+p3xU+UR3Nax8hzEf0zsfwI8OEG0rRSNFCJEB3PyW6yg7Ai0A3tne41NtogNMQRXx3pdYDTtCvayFqDWiQHWJ2rxAsu1yElOhXpHarYZPwIk7Ak04RUqprTA0JUvEy6i3OfKppKletzx/keAKt2gNTh6tWI4O5+syY5qjdh3lDJogHpGuHtpFqhOdJTSdtrKwtuRbxOX411lSMd45cA==
+dns1.nic.prime.		172800	IN	A	213.248.218.51
+dns1.nic.prime.		172800	IN	AAAA	2a01:618:402:0:0:0:0:51
+dns2.nic.prime.		172800	IN	A	103.49.82.51
+dns2.nic.prime.		172800	IN	AAAA	2401:fd80:402:0:0:0:0:51
+dns3.nic.prime.		172800	IN	A	213.248.222.51
+dns3.nic.prime.		172800	IN	AAAA	2a01:618:406:0:0:0:0:51
+dns4.nic.prime.		172800	IN	A	43.230.50.51
+dns4.nic.prime.		172800	IN	AAAA	2401:fd80:406:0:0:0:0:51
+dnsa.nic.prime.		172800	IN	A	156.154.100.3
+dnsa.nic.prime.		172800	IN	AAAA	2001:502:ad09:0:0:0:0:3
+dnsb.nic.prime.		172800	IN	A	156.154.101.3
+dnsb.nic.prime.		172800	IN	AAAA	2001:502:2eda:0:0:0:0:3
+dnsc.nic.prime.		172800	IN	A	156.154.102.3
+dnsc.nic.prime.		172800	IN	AAAA	2610:a1:1009:0:0:0:0:3
+dnsd.nic.prime.		172800	IN	A	156.154.103.3
+dnsd.nic.prime.		172800	IN	AAAA	2610:a1:1010:0:0:0:0:3
+pro.			172800	IN	NS	a0.pro.afilias-nst.info.
+pro.			172800	IN	NS	a2.pro.afilias-nst.info.
+pro.			172800	IN	NS	b0.pro.afilias-nst.org.
+pro.			172800	IN	NS	b2.pro.afilias-nst.org.
+pro.			172800	IN	NS	c0.pro.afilias-nst.info.
+pro.			172800	IN	NS	d0.pro.afilias-nst.org.
+pro.			86400	IN	DS	42154 8 2 5A8A58F4E30CDE44A47091488870D109108FF45D42FDFDD30B448D78DFFD5566
+pro.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . Ooce92uNkiMiKfM4ROgXPf3htKaO/O4KPk2ZlQO8H4NtTHdaVqehvmPAZNlt1dkyypJ8/cz7s/bElK9WT2YTMGyXQbIECyMptVwM4QfBVUs/cP/Z3tIfYRh80owN5IhukHI8pyZhxWfiXk+WwzboFd5sw2LwpEvtR04Ppf99Cyn6B3n2uv5K1uaq69B174CW99TFEq7RnwTX/9yAtYF4Jsn9pIJ3c3XQvrZFIyM0xCodSGW5hOC+6YA9+Sngp1LRU/7cp3qYyimn3h4/GZR6eJVjIBiScgONdLNp9qEeYQsYLF6dQxZDhU81vu9FK55FUfWhTE08iBPEU7BVoPIrKQ==
+pro.			86400	IN	NSEC	prod. NS DS RRSIG NSEC
+pro.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . AQX/oxE954piT/HrYexdXwq5O7X8Awl+XPTWbuzGBhPKIeU8FcOehQrBQstcNvZpi1rdeAlgaxoOrKLXrOdZBNDBPPsUIjeMgttwCVzoV1a34N/ZTTQcY3ZC9ikZfHoCxYKH+Bq1799Kv+OroYevuAYt0MtF/ypGjZNDCkX2bd/totwkxby2n6pVNtlHqYaZp5tLxKsCSNV0BgFUavMOlplM/Eu8TGuTkvn5WJHDyMIW6iEaJb5LXD97BZJFKtWQUV9Y3VbYkIIEtWecW6E1NfUZcyg5cmwtT4Nu4P0xyGMdPqMFVnPGb+3zYwFVAxzL9c3TBC+cLhnLQnreDm5XpA==
+prod.			172800	IN	NS	ns-tld1.charlestonroadregistry.com.
+prod.			172800	IN	NS	ns-tld2.charlestonroadregistry.com.
+prod.			172800	IN	NS	ns-tld3.charlestonroadregistry.com.
+prod.			172800	IN	NS	ns-tld4.charlestonroadregistry.com.
+prod.			172800	IN	NS	ns-tld5.charlestonroadregistry.com.
+prod.			86400	IN	DS	21494 8 2 0A30297175BC29B23297D15887E6D884C63AFAFD110D7A7212AEAD473925E56E
+prod.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . HWwsEuGm8la+nepEyqPsyzJygO+mZeguJjUukAd97j6apVDQCHNCjeICRyLgTBLr08cijPtYonn1uPrn6khE+Yx5A9Rgh9krgIqMK0yqeXYdoS1CphRWbVNJIt31a/gx/2YtHJr6o1jCYFwRJe9v7LnkM8zRC2GcXsWOOyjmxeu3SdvLTVNqonyhYABFFFAWhMcaqLS+6JLuXLPmhW4BiBc40ndnPh7gNhJ6pVQ88gqtxd7WK6c1n9Q2ne2AD9JrEOx7hCwxTPka87yAx0vWl4s8JJw/bHYM7g/BITYscU6ZThh1WexOMZhH+uIf6v/5V3A8X+Y9SFFgkzExk9H7zA==
+prod.			86400	IN	NSEC	productions. NS DS RRSIG NSEC
+prod.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . CqUg2k377ekfvWEROU7F2S4lmVmMfBOHmv5J+S4i0rbyyFo98r3kQ0+nI0peR9EoOv7sf5C8Irho3Fz5brHPdON8GxR16rRaxJbalNRYHr6aM+8h+BjYZtzLPx+pK1uLR1rNzrJyU8cMmA7mi+TnfL1WXusRFIUWOxrFpBytxJBMEVBGVuEGYQXJhuYw0lLdXhwbNU+JqAZjqV6ICgzJzqqkaNXfzeSmWHmH/sksoUKK3SWBybSlnBJy22UrPLiwym4J/0w0A9moqzdme3n8JLDRsAIbWrQreyIkNaP6V72C+g8CJiLAlZowZ3KSUdfEpJc2TynjaHBk9SBE1n1T1w==
+productions.		172800	IN	NS	v0n0.nic.productions.
+productions.		172800	IN	NS	v0n1.nic.productions.
+productions.		172800	IN	NS	v0n2.nic.productions.
+productions.		172800	IN	NS	v0n3.nic.productions.
+productions.		172800	IN	NS	v2n0.nic.productions.
+productions.		172800	IN	NS	v2n1.nic.productions.
+productions.		86400	IN	DS	55354 8 2 61296764506D9B3EA454B8CF49FEA13CBB8662804F0A02948139FFBB0E0CBC8F
+productions.		86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . VFo2IFrCZNT7yevTU9wZTa4EspEuurdeG1p65oPdvEha0iXs93fNgvCYoJEfSwYddEq2MVRL/D8h2FMoe4DFmvYQh0DvsuKAtpHsVZz9m8wRDRcZeAA5L82T73fj+M7tLlP1Q6gOJluDKcub5gzTza3uWuJZXHvKIRSiFoN+eMmjlLp4v3CgOdlDXGK64h5l/kZzptky0BScHOEBUNrovarPJFV44yrLyu8MnQycMKST+YZr22J5aWODCP0AR5tfDLFyLDKSr3lnBHBlLi7iXZGsPbeNzkEVFWapDwcoFM342KM9E8bCbxS8JiOZWKnZfOh2niagRAC0UgonE/dbwQ==
+productions.		86400	IN	NSEC	prof. NS DS RRSIG NSEC
+productions.		86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . hwo/op9qabG2Q4O/1m4Mba00hXfeTpb/kqmEepMuTBzIKYPZBNKKOyKVuwZ99YPBW62ivUC5ew2KpbY5M0jM1lpoKgPWKZXfPKHf/RuiUqBIHYzUERBpgWpgQb8bSGhYBqKWaHT3eR0M6aCzLRrccdpLlG1d/H01tjr1v2I5j2es78MhMsL2c49uE6wfBUz2cnkcKfGgTAZ1kWgUPoqn6BC3T53M8L2uwERHeR3lcgYi4C6JKlqBs5eF5/74fLDZUzAiFIFyXcNqkD7bQBssk3iBg8UYvdmUZAVbn64Tst2jnfdZt6YJWguV8S46GK41HeFXMnZ32cpriT14WPPZSw==
+v0n0.nic.productions.	172800	IN	A	65.22.28.16
+v0n0.nic.productions.	172800	IN	AAAA	2a01:8840:1e:0:0:0:0:16
+v0n1.nic.productions.	172800	IN	A	65.22.29.16
+v0n1.nic.productions.	172800	IN	AAAA	2a01:8840:1f:0:0:0:0:16
+v0n2.nic.productions.	172800	IN	A	65.22.30.16
+v0n2.nic.productions.	172800	IN	AAAA	2a01:8840:20:0:0:0:0:16
+v0n3.nic.productions.	172800	IN	A	161.232.14.16
+v0n3.nic.productions.	172800	IN	AAAA	2a01:8840:f8:0:0:0:0:16
+v2n0.nic.productions.	172800	IN	A	65.22.31.16
+v2n0.nic.productions.	172800	IN	AAAA	2a01:8840:21:0:0:0:0:16
+v2n1.nic.productions.	172800	IN	A	161.232.15.16
+v2n1.nic.productions.	172800	IN	AAAA	2a01:8840:f9:0:0:0:0:16
+prof.			172800	IN	NS	ns-tld1.charlestonroadregistry.com.
+prof.			172800	IN	NS	ns-tld2.charlestonroadregistry.com.
+prof.			172800	IN	NS	ns-tld3.charlestonroadregistry.com.
+prof.			172800	IN	NS	ns-tld4.charlestonroadregistry.com.
+prof.			172800	IN	NS	ns-tld5.charlestonroadregistry.com.
+prof.			86400	IN	DS	23977 8 2 A0F1AA6C62A81B21AE5F3CCB1369DA38E79352431378EFE10556A85A3E067590
+prof.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . YkSLLgbsfb6yOlLZd8KGAU87c8zs0PDx4Tgq4w9J3cbCurEl7L2LBVIOqaN292XPTOn3a2undMmQ8WmCO0Vg0pNd2x6tcNdZCjizut6mdxLEoAOwGrzK3AaGZ1/Fupqu7OpuukAPiEpGQHES1tFtFGy11Ac76s42Lqo04Sn8R1YNHwHTLLTD+syrOW7nadimeLtiDJa3DgV8LAxzoGcg1GUqXfQFgvpqhg8K8O+mkT1yjlslHuGSvqIilXxOzh9a3yS7mLi1S/6qAL01FSjARciX+ADxSOcYWUuN9Be10DHqBfQFJPpCC4yL+FSeGnew7V1lAhLA1Dheos/w5FOkfw==
+prof.			86400	IN	NSEC	progressive. NS DS RRSIG NSEC
+prof.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . UBNG2wu226xy5tV7TNu/GQqF0hPNIGl0e/IT7b3hNb6BBQplnrFwS70NyiHvzG6aecXpbz4+uu0+VoOfhX1ahcfs4PsLBQlcvg7zmUx4uXOVsKNuRJhY0PdWq2NwzlDRoaNgDuGEqLd6MyvkgZl9Wifvs2jhPMwU7w6X1v4Gtn/Vb25tNfwVJ/COPQbkKQBOVwyQ27MoJJsFMMYWN6xrDoI5Af8XkNQJD4P1y5u+/kZ+/fkL6B9DwpnoRzsE4ZIVxxGMrtz4ZFaxYnqu26uvtr8qLKrhJoYhqphrvX/FoURYQRybrKf7GYodTU8DpLKV9qW/cqjXcIyWu3YyyTSl2w==
+progressive.		172800	IN	NS	a0.nic.progressive.
+progressive.		172800	IN	NS	a2.nic.progressive.
+progressive.		172800	IN	NS	b0.nic.progressive.
+progressive.		172800	IN	NS	c0.nic.progressive.
+progressive.		86400	IN	DS	17329 8 2 F6623EFA3C197E122F7037A659F8E7FB2CEC4D91AF518653D04B44F15A72ABC9
+progressive.		86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . vRMhImDyarDfUU3FzB4M9UnfIEgpmPI7h+N+Hve4qGAHB62XSTk5j1vnI1g85zasCGhZ2MFtsy79lziU7dYDrnErwV/cR7RtDNiKF7R3HnY/DLw7bQJQ9lWJly/1C1Fh9HicLnLDn2zirSueiFMW3OebsfnBPU2SWmT8VENhDaXHsKZcmL0SV/Unfq1nNS25jlex9/qdPMS3kQdF3XzOBKiy7hEyVthU0De1JIGnSbyIuFvX6t9E6XHOX6e7I3UyLKyr0me9WkwuWBHCaWrwTtLAmXJ6/89kS73uzhwFNuCbJPgeXaf8fGZTFRImqyWOBrsc2ux1hpVT0FO9pVirTw==
+progressive.		86400	IN	NSEC	promo. NS DS RRSIG NSEC
+progressive.		86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . b3Y6QNf0GcU9nJYMTZp+ecnX6J/p7AgcuMDbbLUwGualfx/jKXaeZTE594+1tcgWTDM1kF2RT97pfGq+5x7uEJBmBHbnYNddFGwzgJutVgIMa+hKaPgXWXySLsomU8T+gycvbcszFMrKBo/vvZFjGPq76ldv27qa77+cFT2lwf3od6/55/48wKeXySZtemr+ZUVKGrznEPF04YoGN5mDafUm2HZIIC7b/rgr8GMPJ9b63L/ljY7DjAGhFJT4qLgUQEXIx+Y10SObvsmkhtbfCx61zA67cktrOVnrCElPJ3vzllJSSjUAaBwrgtpQoJFoJY+jclh+u24yF1rC5e2suQ==
+a0.nic.progressive.	172800	IN	A	65.22.200.33
+a0.nic.progressive.	172800	IN	AAAA	2a01:8840:c2:0:0:0:0:33
+a2.nic.progressive.	172800	IN	A	65.22.203.33
+a2.nic.progressive.	172800	IN	AAAA	2a01:8840:c5:0:0:0:0:33
+b0.nic.progressive.	172800	IN	A	65.22.201.33
+b0.nic.progressive.	172800	IN	AAAA	2a01:8840:c3:0:0:0:0:33
+c0.nic.progressive.	172800	IN	A	65.22.202.33
+c0.nic.progressive.	172800	IN	AAAA	2a01:8840:c4:0:0:0:0:33
+promo.			172800	IN	NS	a0.nic.promo.
+promo.			172800	IN	NS	a2.nic.promo.
+promo.			172800	IN	NS	b0.nic.promo.
+promo.			172800	IN	NS	c0.nic.promo.
+promo.			86400	IN	DS	61459 8 2 583DCFFEACF0CF25F52E5F4D356DB7E3D3E4145992EDC4E8B1FEA3B5AD1868CA
+promo.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . VaueKapa1XlzzR8SVLEwRSCgYWGD+UHKQP+sXeN954O8Sc29PCJjRIwgTcw1Y0xlI+FlTlXosSAx04//cA0Fo1gM/nXWIy+ATx+xxc90jp+ddjSeZa6W4l3pcvspLoOLoeoTS9D8MGxiZ9JwHo4oUrB7Efzcz+TuJwIu3p0s94fSN2yF1TqmJXpTm0jCJnkvfSE9i9WtRGO3rnROv8dZBCWZfNjwhYn5uXGw7sAEYp8jmVfTYw8vOfFy2eERZD6sChdAHcyp55CpYUIO2QWRwrmgGMZfMCu+frSggKutVu76lWYkPAEOElQT1nn9R5bfMmrBKhJNHpT0kbfLDO/4xw==
+promo.			86400	IN	NSEC	properties. NS DS RRSIG NSEC
+promo.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . b8ksEan+C5i72wP5HRmqk+iqLt6SnvP6zIJTqs81lMCeKoXbBqMPnPaD338mG7VHHiQZhbKVHUiKWaXX/bYgzJ0n1apASENWlyuY9J2WfDB2K/WLfofSv/yFcI+IpAyDkBfJ/MIbf/u7d3LCTBJxias9LQg+Dj2bupn9F6s93UZGpCurGE2F01J1fznAgaLirOiRQlNipJ2whq3dLlyqEXOi8OnLbjuJhXtOvUqBmJoVJjwEX0YwxbijRgM1/U1YaminpfZZMXmLazldCocTDe5GX+TjbXl6hcMllh4esTMKBGda+QtZL5jsW+BtavceFsYljB92svDVao3ovUstBw==
+a0.nic.promo.		172800	IN	A	65.22.244.9
+a0.nic.promo.		172800	IN	AAAA	2a01:8840:ee:0:0:0:0:9
+a2.nic.promo.		172800	IN	A	65.22.247.9
+a2.nic.promo.		172800	IN	AAAA	2a01:8840:f1:0:0:0:0:9
+b0.nic.promo.		172800	IN	A	65.22.245.9
+b0.nic.promo.		172800	IN	AAAA	2a01:8840:ef:0:0:0:0:9
+c0.nic.promo.		172800	IN	A	65.22.246.9
+c0.nic.promo.		172800	IN	AAAA	2a01:8840:f0:0:0:0:0:9
+properties.		172800	IN	NS	v0n0.nic.properties.
+properties.		172800	IN	NS	v0n1.nic.properties.
+properties.		172800	IN	NS	v0n2.nic.properties.
+properties.		172800	IN	NS	v0n3.nic.properties.
+properties.		172800	IN	NS	v2n0.nic.properties.
+properties.		172800	IN	NS	v2n1.nic.properties.
+properties.		86400	IN	DS	24565 8 2 519C0CAE03F6F4A6679F85ED1376F04A6702406F0731734618F608895306E4F5
+properties.		86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . Jsruwem/6KNzteNr3IiSSu0l6v/WaIk7McuLRBSB/T8UIwrQGDQf3VmbpXxcHAkuaCa3PGUD3oDa1waS/sN1oHzCPTcbWbGEcmTZr2FyI5YNU4ISq26I2Mo8MRz72LT9ZsaIpGW2OiF3kixyT5ewpQzu+LwN1MRdIZF2rtGUsYRjD5Oy4H0EtnbtsdDWbOpo1/karI8969Y7JBimEh8ZAg+xkiaDZYTEo17E+gwXZNZj7kGw9Q/qnkLRXRSaJtqUOcxS7qJycFfcAz+DAUwFI7Yjdi7JChpnPcWo5UoOwCenFRfEkJNbqt5fw6GDFY4+HzXfZxLFKNKQ1SkZK1mcWQ==
+properties.		86400	IN	NSEC	property. NS DS RRSIG NSEC
+properties.		86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . bRCdPaUL1uGwjI+W1HXpoLYQzFhZSy+aeGCTvpxyKQlpb3qthP4mdBsqWq2vywc8qrAXdcpi1+5t/omx5qaLQf8qdOQDk9XJYMv5sxZXUDGt19Gg4wroHdft93AH3QW3QYSWneLFFcczFcR8kGHZIP2KMZN1+bIDhY0DROx8gH0g9AaGuR66OcVAZc/gx+9R6eLdLTag0BUFwTi6ioYGUWcs31sN4D5FEf/T0BzyzTVsUdob7C40ld0yzoAltvODSao8Xs8WaRIXyrPqvyez7SfCN0ZHnEfSagZAu7c1hN8F76ySDAgom8m8duAQpPipAZ+bVlOFOZrzeEchcWHRwA==
+v0n0.nic.properties.	172800	IN	A	65.22.20.46
+v0n0.nic.properties.	172800	IN	AAAA	2a01:8840:16:0:0:0:0:46
+v0n1.nic.properties.	172800	IN	A	65.22.21.46
+v0n1.nic.properties.	172800	IN	AAAA	2a01:8840:17:0:0:0:0:46
+v0n2.nic.properties.	172800	IN	A	65.22.22.46
+v0n2.nic.properties.	172800	IN	AAAA	2a01:8840:18:0:0:0:0:46
+v0n3.nic.properties.	172800	IN	A	161.232.10.46
+v0n3.nic.properties.	172800	IN	AAAA	2a01:8840:f4:0:0:0:0:46
+v2n0.nic.properties.	172800	IN	A	65.22.23.46
+v2n0.nic.properties.	172800	IN	AAAA	2a01:8840:19:0:0:0:0:46
+v2n1.nic.properties.	172800	IN	A	161.232.11.46
+v2n1.nic.properties.	172800	IN	AAAA	2a01:8840:f5:0:0:0:0:46
+property.		172800	IN	NS	ns1.uniregistry.net.
+property.		172800	IN	NS	ns2.uniregistry.info.
+property.		172800	IN	NS	ns3.uniregistry.net.
+property.		172800	IN	NS	ns4.uniregistry.info.
+property.		86400	IN	DS	33049 13 2 6DFF521D658293FD458E615DEBB6CA0C76341775F72F340BCD3960851B4C536F
+property.		86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . GSdxnIs0ovIRc4ytMu88Uh+UzjZoUPHymAt4fPyOnBN0nEFTodLXIAZtcywHMX0YZ+Fayn9Bgr/uPIESvjH/riGr30H/einlkw6PZEYGlnCr3O3p50x1Dl/U0fYGkZ5wWWwtJfxBcTzO68CV4HW2MTRuiPMO5/KcA2e+tNTfgt8jqIrxGF/8eHKsSYtLNkzWf6f5KX8WjoG8wr2TtvayPu9DGaCwRSH3aNjWWroqx7S/EIxMsWXAkcwzRuy3tvQB2XGCZWxhLHd4LdY0HB3R0SggScipA0uxmDgjSRT/sIhE1QYrLLiI8XSVnqlNj7nP8wnPJ0nlFg6X9wGz4szgFQ==
+property.		86400	IN	NSEC	protection. NS DS RRSIG NSEC
+property.		86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . Iy7X/wJA18jdWF2GfAR75m7rIyPHOkExbv6O7S0q+eynilTHGYbsrVg0i16+WEinD3NlDxneCWlzHMff2QniL8TAm5FJQePBEe+vHFj+ulrDuRHbgsrRVe2Ua9hxZap6VDnkPnu5oPy12YAV4B4y2FQJRIA1ZYt8P1D6B30iQ5OF2EUZzEc+ApkFlot4F7vuolJpWverx69/NF8jYWfRF1QsH7DslRIW+eDvHjDQts37w7OqDGCFTlG7esRi7fY1nWsT/A2lOasauD+AGGJ/5agoMHsLdAkIZBy9L6hGYtbOvjGyelYgv6732jIobjp7McMpBxIpHWV40XOiVRJD+Q==
+protection.		172800	IN	NS	a.nic.protection.
+protection.		172800	IN	NS	b.nic.protection.
+protection.		172800	IN	NS	e.nic.protection.
+protection.		172800	IN	NS	f.nic.protection.
+protection.		86400	IN	DS	46846 8 1 44911D0CB6AE4931C66C83C2881085E48866B075
+protection.		86400	IN	DS	46846 8 2 3E780717CC500405E3E7869AEBBE9F3D49AC770B338E216FCA3F096EFE92F2CF
+protection.		86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . p/TIJRzr0gJo9gK1bwwX7DYxclFRcPjBDLqU0VLSSvqNwInWMUEefDfuLtYgy4E9rr2pLKyo/nTc3gZS+T+dCsbZavpTpTEPzecy+4ysgvykCscVjYocQNGKIrHuLhqyVpUAYl2O5k4nBSNKmdSh0Yw7cnTJ1mBxB7bzq+OHbzpEc+AfOEdzaFxPYOIsonkAEZsXmg1B8cCQy5anLwngJnefPLlkI+vFTc3yOrlObbfs7sUOji/i+eJVvqDoPP+Ybphl1hJJvUlr6UWeE7mHHBZmDqMU5txaV4aaG9WKTKk9sOWrJP6dbPeim6pm3hV3yxkcDg+aOs+LU0+asWpZ6A==
+protection.		86400	IN	NSEC	pru. NS DS RRSIG NSEC
+protection.		86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . THBiUuQ8nKPSPF3jTeenCkyFRxhO6WxPF/F3ThMOgeT76B88vE9fUR6CpqhQHKvzqxYJSGpqLunIVQZkR1OcFz9HfmI9TT1RZfY2Cso3LnJMjSEUYMoIN7r8lZ85DTh+XT3pp3CQNVE4Um5jhqqDOWXC2Aw6/VMygz61yVNR/KUffVIYs2uhE/l/TOqhBY/NkxcAC/5MTS67VaSTRHN1rxR7mb6fYSzTkMwxG/M/L7nocGo6FzluR7dDUyz+Xg/uZQE68N6GDlVVGWKVGRq59tmiWcSiLZ6Pm+NFaMstOyLMHUfTl1w0ciTP7Azj89AmhbhcmdObdQxNYv6tIgH0Lw==
+a.nic.protection.	172800	IN	A	194.169.218.67
+a.nic.protection.	172800	IN	AAAA	2001:67c:13cc:0:0:0:1:67
+b.nic.protection.	172800	IN	A	185.24.64.67
+b.nic.protection.	172800	IN	AAAA	2a04:2b00:13cc:0:0:0:1:67
+e.nic.protection.	172800	IN	A	212.18.248.67
+e.nic.protection.	172800	IN	AAAA	2a04:2b00:13ee:0:0:0:0:67
+f.nic.protection.	172800	IN	A	212.18.249.67
+f.nic.protection.	172800	IN	AAAA	2a04:2b00:13ff:0:0:0:0:67
+pru.			172800	IN	NS	a.nic.pru.
+pru.			172800	IN	NS	b.nic.pru.
+pru.			172800	IN	NS	c.nic.pru.
+pru.			172800	IN	NS	ns1.dns.nic.pru.
+pru.			172800	IN	NS	ns2.dns.nic.pru.
+pru.			172800	IN	NS	ns3.dns.nic.pru.
+pru.			86400	IN	DS	54559 8 2 E38AAF4292647D64678F4E3819B5658570E058ABBF7F60BAE7A57C5369ADCF73
+pru.			86400	IN	DS	60964 8 2 97A2DE7C9E4880F5F4528C07D2446E93ECF03289B85A8B79AC9355914B18E957
+pru.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . Gu2urNLFl7dFVncIr+ZWsuXXpB6Qgy51CpbU3x2YKcMtbC5KNad+oJITDfjL907/oQOpRXpkziyR5rtx/MTAfXR5CDLpc1YU8KNO2zxrJzNBUE0P2fUEa44gz7rgH5wrs2LnkXIesc8bCi3BD+tSuko+VFYdYYPE5yyNfMXLdHhwvWITEAInwfajcY8BcQzxTciqPUXPstdyiY8km1MAPvXJaSwCP2/LHXwqEPsU+iwfnTL57CuZ1qYrOQnFxdD5m+FMcEarflu2FxmW6CA4QxzdDgg54QdX6Os1u156fB056Znt14UpnewC14z0woKYi/ES2T2sanljAROhYC3d0Q==
+pru.			86400	IN	NSEC	prudential. NS DS RRSIG NSEC
+pru.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . hC//QVPPmDnQg46qjrWT394UdTzB0SK+hlM2wKLScl8l3WhBJyxpQgcqWWx/UInMrk25qNgduSDP3HDtRpqzjwUeG1sSqTxQHQp8MUxSEXgcAxc0STpNiL4e1Ti6Tj96YuTlMC/3pvyOB17Sxh0rioNU21VkO/7f8DuXiqq6k73oqMobJ0eZd8Jf4UdugAk55alEfiGavOUFtys5I917H5f6u0Zka7QFYx7ss+R9LZMgDvc2nbQ4NPmb4XkG/fI5LQUg/uPaNwVnryXSWb/sHcvhKdQaxa1OqsUYdhAw4bp1DUq2ynnbuGbtcLIDiBxJH2rtTJtmW6iqwxVYsIuI2A==
+a.nic.pru.		172800	IN	A	37.209.192.9
+a.nic.pru.		172800	IN	AAAA	2001:dcd:1:0:0:0:0:9
+b.nic.pru.		172800	IN	A	37.209.194.9
+b.nic.pru.		172800	IN	AAAA	2001:dcd:2:0:0:0:0:9
+c.nic.pru.		172800	IN	A	37.209.196.9
+c.nic.pru.		172800	IN	AAAA	2001:dcd:3:0:0:0:0:9
+ns1.dns.nic.pru.	172800	IN	A	156.154.144.141
+ns1.dns.nic.pru.	172800	IN	AAAA	2610:a1:1071:0:0:0:0:8d
+ns2.dns.nic.pru.	172800	IN	A	156.154.145.141
+ns2.dns.nic.pru.	172800	IN	AAAA	2610:a1:1072:0:0:0:0:8d
+ns3.dns.nic.pru.	172800	IN	A	156.154.159.141
+ns3.dns.nic.pru.	172800	IN	AAAA	2610:a1:1073:0:0:0:0:8d
+prudential.		172800	IN	NS	a.nic.prudential.
+prudential.		172800	IN	NS	b.nic.prudential.
+prudential.		172800	IN	NS	c.nic.prudential.
+prudential.		172800	IN	NS	ns1.dns.nic.prudential.
+prudential.		172800	IN	NS	ns2.dns.nic.prudential.
+prudential.		172800	IN	NS	ns3.dns.nic.prudential.
+prudential.		86400	IN	DS	3886 8 2 09ED8DDD91AD3B14C9A4EA598B9A0A94E8D3F7FD1EFC789F92002AD74372FDF8
+prudential.		86400	IN	DS	60835 8 2 C69DABD2CF3D79D968533BFC2CDB13A20ED9792260F42DE04BDAA6925AE9A4A1
+prudential.		86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . qFK791gw9x7AwTCarbKJFvqBpUVC9T0O5RVQJTSfKnCnoE+nvtbhmzOzISvLD3N0FikM7CSqw5zuvbps+8Gc1aZBWcBHJwygfLMycXjEHoD2fTB7b/Nh2h3JLQPxSxmjricHYcSwNPZTZKgPNwu4XjnNadJyKdXOdpIs75NTQVNHZzfJdJ5oSoS0n5WOO7tAvBSf1ghNFhOrY9I/H68d/4uWchtEer5DQLx3C9d8tYFMT7TiAlAH5Cmy8n9+CP/GIMDMYpVU5szUoc47PFycj3SH/vjLfCIgp1O6qUQNgRCU/mSHOLY1z2JF3UoXQSAVuhMXZaiROYdXms8ittmg1g==
+prudential.		86400	IN	NSEC	ps. NS DS RRSIG NSEC
+prudential.		86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . WHiaqGDMkTOZRQlI8nP5cbRSH0ScfWKhXdtFQ1ZAOOUy3Vdjm/ptkSV3kKe4iyZuUtbyUo69iI5nK38YqgzjhSgEAIUXYCaAbxFZBnptpq1MbGjfpL5blcWHYU5l6PKInjBWk6T33byTI+gA1RzYUzTC7ZiikZ4IV2otHLKKAI22+MRibiMT68suhQz2WqAgE2riZyAsXLCjC4JReZdaGW7G0IK9g6BiBK4clITAdPMpa5Op1L6K9GSv+idYIDWF0urdSQ1RSoQlivl8xRKBuADNuPG5HMN9jUs0MLUFc6GoboVLwxbv8A1g3Nmc8kygrU458wPJWTTZn4Bo/yGwbg==
+a.nic.prudential.	172800	IN	A	37.209.192.9
+a.nic.prudential.	172800	IN	AAAA	2001:dcd:1:0:0:0:0:9
+b.nic.prudential.	172800	IN	A	37.209.194.9
+b.nic.prudential.	172800	IN	AAAA	2001:dcd:2:0:0:0:0:9
+c.nic.prudential.	172800	IN	A	37.209.196.9
+c.nic.prudential.	172800	IN	AAAA	2001:dcd:3:0:0:0:0:9
+ns1.dns.nic.prudential.	172800	IN	A	156.154.144.142
+ns1.dns.nic.prudential.	172800	IN	AAAA	2610:a1:1071:0:0:0:0:8e
+ns2.dns.nic.prudential.	172800	IN	A	156.154.145.142
+ns2.dns.nic.prudential.	172800	IN	AAAA	2610:a1:1072:0:0:0:0:8e
+ns3.dns.nic.prudential.	172800	IN	A	156.154.159.142
+ns3.dns.nic.prudential.	172800	IN	AAAA	2610:a1:1073:0:0:0:0:8e
+ps.			172800	IN	NS	ps.cctld.authdns.ripe.net.
+ps.			172800	IN	NS	ns1.pnina.ps.
+ps.			172800	IN	NS	rip.psg.com.
+ps.			172800	IN	NS	dns1.gov.ps.
+ps.			172800	IN	NS	fork.sth.dnsnode.net.
+ps.			172800	IN	NS	ps-ns.anycast.pch.net.
+ps.			86400	IN	NSEC	pt. NS RRSIG NSEC
+ps.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . tu7LcDYe0GursB5JHZ7AzQNf57A1cz56jjcd3gKj/qLACxLTtG+UqQXCicEzQjjEx5pEQYOv3V0F8vzpsBh//uMWJ54ib0xdUCk8nReaMy8i0KYcM0MMD7KGNYLPC/39F4mrKGTGK4WeleQ9YUiX8EY0uyudwJQ205pBFdLOe9GKT1Bvn0lIscKItaoVUn0q22jOuXuvnkl8CTSqwbEfoVKzUtkaFbj9wIkoYpVCgbQxDlMOn4GzqKJ1v8p8Uxed3pskvVHIrN9wlWrZEaQYmF/MOv4Z1IVEcqSkVHICAIFMWbbFGwlFpC6wRTyFbv+WPB7BFSppMxab4Q8+bwqZ9A==
+dns1.gov.ps.		172800	IN	A	213.244.82.147
+dns3.gov.ps.		172800	IN	A	212.14.253.242
+idn.pnina.ps.		172800	IN	A	208.64.68.4
+ns1.pnina.ps.		172800	IN	A	194.6.225.20
+pt.			172800	IN	NS	a.dns.pt.
+pt.			172800	IN	NS	b.dns.pt.
+pt.			172800	IN	NS	c.dns.pt.
+pt.			172800	IN	NS	d.dns.pt.
+pt.			172800	IN	NS	e.dns.pt.
+pt.			172800	IN	NS	g.dns.pt.
+pt.			172800	IN	NS	h.dns.pt.
+pt.			172800	IN	NS	ns.dns.br.
+pt.			172800	IN	NS	ns2.nic.fr.
+pt.			86400	IN	DS	40155 13 2 B0ED28B7255E9880E7CE4665B75AE7271F7837899057F0D4B897ECE2EB1EB494
+pt.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . uC/CLdbzpEP3z6quUBbTbTIic6h4NXgZrSxLyu+4U7yTOE2YOxAlfU35BKRB3rQfAyEYG7OY8jwTpvSZ1ma04xVjjXfVI5Fkhj5/mngPcBwSCC/2IZfvoUPC1AyEHAbtsNkiSQ5+15Iwug1qrWG/vsyh0WH6SIumvq/FrXEPmJAwf4u7iQg3FSrTJicK5gaoihMAAX/bguu/mzhRDmgakYpuF0kqy2td9u/wZDecbfDEDF4wKq1aPYNMzQBcBOJ8Q/zhiMdIVXm+12/5FKBSGTDEnl9JHNXtSLoHOKCng2Pu+EaL2vL88Hb24YgY2CRuMxoXbK2+pWRMr0krFLuhqA==
+pt.			86400	IN	NSEC	pub. NS DS RRSIG NSEC
+pt.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . b84AwzNGiNUAUPr/BjW0ciBd9jqbKciYsPF6WMZMf6Iy8yC9qu8a4EZ3kfz7cq70Vc81d5/I5UAdQvX68J4p/gLVRuFI7yWRI4EJklU+RHHrkRBB68spSFgSvhoAmomNiWR+uhWSrXI1uH8D+h+pCogvSpdQWc00w4nNfjZRhIZ1mp25Hok/Q2l31qpEaECKbHztho+EiD1XgDaYcE7ONW7//pC186YmFDjXtpNE+Luyo3tGABS5XwTGZrw7p8oG7uLWaixZyHVMt5cEc1LkCaWRDG3ZpnGfpfqlZDt7N78JWu57lFJ97Z1aAXTfR3Pq8qZRYYEgOTm7EhP3psz/QQ==
+a.dns.pt.		172800	IN	A	185.39.208.1
+a.dns.pt.		172800	IN	AAAA	2a04:6d80:0:0:0:0:0:1
+ao01.dns.pt.		172800	IN	A	185.39.208.17
+ao01.dns.pt.		172800	IN	AAAA	2a04:6d80:0:0:0:0:0:17
+ao03.dns.pt.		172800	IN	A	204.61.216.113
+ao03.dns.pt.		172800	IN	AAAA	2001:500:14:6113:ad:0:0:1
+b.dns.pt.		172800	IN	A	194.0.25.23
+b.dns.pt.		172800	IN	AAAA	2001:678:20:0:0:0:0:23
+c.dns.pt.		172800	IN	A	204.61.216.105
+c.dns.pt.		172800	IN	AAAA	2001:500:14:6105:ad:0:0:1
+cv01.dns.pt.		172800	IN	A	185.39.208.18
+cv01.dns.pt.		172800	IN	AAAA	2a04:6d80:0:0:0:0:0:18
+d.dns.pt.		172800	IN	A	185.39.210.1
+d.dns.pt.		172800	IN	AAAA	2a04:6d82:0:0:0:0:0:1
+e.dns.pt.		172800	IN	A	193.136.192.64
+e.dns.pt.		172800	IN	AAAA	2001:690:a00:4001:0:0:0:64
+g.dns.pt.		172800	IN	A	193.136.2.226
+g.dns.pt.		172800	IN	AAAA	2001:690:a80:4001:0:0:0:100
+gw01.dns.pt.		172800	IN	A	185.39.208.19
+gw01.dns.pt.		172800	IN	AAAA	2a04:6d80:0:0:0:0:0:19
+gw03.dns.pt.		172800	IN	A	204.61.216.114
+gw03.dns.pt.		172800	IN	AAAA	2001:500:14:6114:ad:0:0:1
+h.dns.pt.		172800	IN	A	194.146.106.138
+h.dns.pt.		172800	IN	AAAA	2001:67c:1010:35:0:0:0:53
+pub.			172800	IN	NS	v0n0.nic.pub.
+pub.			172800	IN	NS	v0n1.nic.pub.
+pub.			172800	IN	NS	v0n2.nic.pub.
+pub.			172800	IN	NS	v0n3.nic.pub.
+pub.			172800	IN	NS	v2n0.nic.pub.
+pub.			172800	IN	NS	v2n1.nic.pub.
+pub.			86400	IN	DS	53776 8 2 3766469C89AF5ECA8E8C5852E359396294057677C5AE8CA9C641422D7237BB4F
+pub.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . XZV6zUul5GLTpTAVqvIz3N+3u17jcfMqvherzeSteQJ/ktnlbpEGFMCUeBzcYjEAWMQaSHjBo05yemtoii8TFfRqlnyMKDfg59//d7VdWp2477QWPK5fNQqV4T5ZA/Yl9ZbRpbXcnv4sgLCUgOFUyZ2U1rGMEKXYFsJ3SPdKuY7KhDjBlNXW3IKI17w8e13wkxtPNmnJU4JPoMRRXwJXAcT1JByEhBfPBrlqVJ6zNPo3NmoAW0SqLEi5sscZBx8GLS6GPYxJi7Zwjr+p+yO2pxg9pgss+HqaZjeqQbf2dKMGJx/Sujv9DZmoTHlnD+mERfLnSKmejRLSV01R2VDt6Q==
+pub.			86400	IN	NSEC	pw. NS DS RRSIG NSEC
+pub.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . ijENbgrvdw2V8i9TpOd0xiJuNFicWzG5Tk55x/CpQxsNnYCdsNQCkWnXXEy0muKez7963LpBSj2mOPBoFVRj+6Dfn01sXJ2+camid6yckSng0nNF3YkOoLEvLI4Bar+hb5Vly0jyfVfT14pFPlVs2GaLL1wX6Yp5ErPGmpN09B0CFZYaRHKPmGKrz9f8BnEuQtb+uXOpyY3NcxmQD0UOUP1GmJrXv5hu4OdYEUuT3d80LlqwUKXJZ09C5x+fKeRnHEl75HXcgxo1KxsSGHIoHLHpJFnf49qXkv6h8a5nlCvCQ2dUfD7Ny5d5L06dCRh7ZxZUXahg1Hk7OZN3kyZg8g==
+v0n0.nic.pub.		172800	IN	A	65.22.28.7
+v0n0.nic.pub.		172800	IN	AAAA	2a01:8840:1e:0:0:0:0:7
+v0n1.nic.pub.		172800	IN	A	65.22.29.7
+v0n1.nic.pub.		172800	IN	AAAA	2a01:8840:1f:0:0:0:0:7
+v0n2.nic.pub.		172800	IN	A	65.22.30.7
+v0n2.nic.pub.		172800	IN	AAAA	2a01:8840:20:0:0:0:0:7
+v0n3.nic.pub.		172800	IN	A	161.232.14.7
+v0n3.nic.pub.		172800	IN	AAAA	2a01:8840:f8:0:0:0:0:7
+v2n0.nic.pub.		172800	IN	A	65.22.31.7
+v2n0.nic.pub.		172800	IN	AAAA	2a01:8840:21:0:0:0:0:7
+v2n1.nic.pub.		172800	IN	A	161.232.15.7
+v2n1.nic.pub.		172800	IN	AAAA	2a01:8840:f9:0:0:0:0:7
+pw.			172800	IN	NS	ns1.nic.pw.
+pw.			172800	IN	NS	ns2.nic.pw.
+pw.			172800	IN	NS	ns5.nic.pw.
+pw.			172800	IN	NS	ns6.nic.pw.
+pw.			86400	IN	DS	44440 13 2 362CD4EB8C8FD51674622639F860F906EA08A7C977400547A9F0AC7DB92E14C6
+pw.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . ov+32ODk74C7XWIhMRtrhFOKy7XECQHX5MXWRBraCX/h6V1l0B4yk1ot8sa/rVBq70hi/nShiHlQTJjnGotXblKAO+0OS7DYmGt1jLSP7vcJ+Lrl/wYq6+2yeFJqdLpRrOUbj1+FUo2SgFAAn1vBSWqURx4P+v8ZYmvuOzsDdvKHm0B3AKaQwyNBO8jlZgVsjZkPTcafAbLgjy2Nes5tcaf0TKpRdUg3Y45B2jilmLcRsBc/8h5OIjdv7X8oUrV4ptY0AHe2OunAMx0n/HAYxxuc+wSvR3lR+aaxi3+wQNHOy2Y6tApfM4hoBepJJbzR+v3FnSwo3abUfLGknuCKgA==
+pw.			86400	IN	NSEC	pwc. NS DS RRSIG NSEC
+pw.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . gSwEo0Wmcp/Lg546oKdRNJW1+bw+cRhJN6v5RLUAsIsyeI7OzhSBDFhhHsQalHxLPLmSStfOrQmx10PXxqlu8PlGXSuII6K6zbB8S/weKkbskqCzNXVAw3LyLb1brxzpGdE6RGTlfR3qX2dktIc0ui770sCrP+NtRR9tDvj6MAmOgvRTQFlLVCoxphCVdv9F3ie4k89+C7fikb7P0pdaM2Fena5p85MRZdz4kg1SKSWFv+s8QxsMw/mb+7uYXos//nfRezjJ8xfyQts0EEfmpNBEZEeTCDMn6xnaIF8Hl5UTOG4g11DJFyMeLTKkTQDKT8RANBqxv4dIAfpw7jHecg==
+ns1.nic.pw.		172800	IN	A	194.169.218.12
+ns1.nic.pw.		172800	IN	AAAA	2001:67c:13cc:0:0:0:1:12
+ns2.nic.pw.		172800	IN	A	185.24.64.12
+ns2.nic.pw.		172800	IN	AAAA	2a04:2b00:13cc:0:0:0:1:12
+ns5.nic.pw.		172800	IN	A	212.18.248.12
+ns5.nic.pw.		172800	IN	AAAA	2a04:2b00:13ee:0:0:0:0:12
+ns6.nic.pw.		172800	IN	A	212.18.249.12
+ns6.nic.pw.		172800	IN	AAAA	2a04:2b00:13ff:0:0:0:0:12
+pwc.			172800	IN	NS	a0.nic.pwc.
+pwc.			172800	IN	NS	a2.nic.pwc.
+pwc.			172800	IN	NS	b0.nic.pwc.
+pwc.			172800	IN	NS	c0.nic.pwc.
+pwc.			86400	IN	DS	50191 8 2 53A702C1BC2E7246D8027839BC8C43ECB48A28139D2ECBC0350E4C6CA3BC623A
+pwc.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . gV00M7eTeIhm79nEI/IYSt64pPPomS5jpMofQuD56IqYrHXa8dQ0yOmHTVTZdIxQNjzxcM7Me4LKaEm7hRelFarKV6DZlVLcfDNnAuOMsavlCg1GQBCFrU86c84985rLBChUmkT5rglgstUHMiCaaAVSJDnPy/03fYi+D8+C5HYl/5UZiT3rEj0dPIuL78Lb5MW+C9VgPzbfIoF15Y8jK3so8aMnEPlAkDi3q9fevRQiGMAb3I1pyXmjBgf2bcCKpbeGv6cDWLi9g0cagr5dfA1Vw+yJCOz0Hk2UOeGwGRP2WrlV7ScjIcrWLnl21McKNNk3vy3S6/T5bxJUurILog==
+pwc.			86400	IN	NSEC	py. NS DS RRSIG NSEC
+pwc.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . Tt5/KWeVkFBN5+FBxBbOmukLKJEb9frrZSY4d1wBHMp+6P5Z5KsCZQTrD7l87vM7oMtt+gUCazxlvv6OlBj4mcDsntU0fVsKbOKgYVEQtvjlc6MyXCvAXT+6jdWstPaFCvI8fVL6MRpM7UH9jUrIjBwRegGb6XtdkGnUymKOcVhDkdj4OFjD1F1WHLR7ne9400FwYX9nUgbNsfVgwOQMrbAjzs+iiWWs7TgEVPc+y/bk85h/SSoeGkczXW+eH5L3evwXwF/EytnFLdo0cRyHoaP4EDHyGrvvYXi9Q1EUqyxbwbSccX9FRHtmK1iKpD5MsVN/eYWSTQV1rMGY7VkxLA==
+a0.nic.pwc.		172800	IN	A	65.22.80.9
+a0.nic.pwc.		172800	IN	AAAA	2a01:8840:4e:0:0:0:0:9
+a2.nic.pwc.		172800	IN	A	65.22.83.9
+a2.nic.pwc.		172800	IN	AAAA	2a01:8840:51:0:0:0:0:9
+b0.nic.pwc.		172800	IN	A	65.22.81.9
+b0.nic.pwc.		172800	IN	AAAA	2a01:8840:4f:0:0:0:0:9
+c0.nic.pwc.		172800	IN	A	65.22.82.9
+c0.nic.pwc.		172800	IN	AAAA	2a01:8840:50:0:0:0:0:9
+py.			172800	IN	NS	b.dns.py.
+py.			172800	IN	NS	c.dns.py.
+py.			172800	IN	NS	l.dns.py.
+py.			172800	IN	NS	p.dns.py.
+py.			172800	IN	NS	u.dns.py.
+py.			86400	IN	DS	61306 13 2 5FBA6A98277300D23512184AE3FC238C367F731D519F6EC9A63AF9D4FBC9A435
+py.			86400	IN	DS	61306 13 4 609AA5B81513378F093FF57BB91296E85366D815E24680D1894E490CDAFAE188D7214DB1B0E453BCE2D5340DD921B1BA
+py.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . YnYUVDFD/paaPGbjT0MWirRC5/rlr0g1ym/M/GjrmH8LyVFokip7UJcUASRmS+Nq5QbaxKohBr4PkYuQFgbRe4W42mczWjKtSH/QDg3UUrV3GT9TUotazjtrm9f2LnC626QrUQpeChQ9wUwh7fjfwDMaVOMSKm7OoTDau96/RdllAo4dggBeOnDqqrzaAudapxS0zbXVZ8RfO24vfFl60I0a4ir9hAcvov4e+nrtLn/kfcR9G4CnfymM/mcdNWUdrDihQZCTY4RyDNBRP5uV0RYlmuEfL6yTNJPhhoavbJmufQrx0ld61YSCfgohTycx6BRHIHywQCsQG1fuzSJjgw==
+py.			86400	IN	NSEC	qa. NS DS RRSIG NSEC
+py.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . Cnr/9uAWjJNlqe8luzah8Cv74mLVgiyFaVxUgdXhyyma2Swka3EjR3BpvwmzyY5nxiGfQNEbIQFUVHyrBAKj/ZIyS5QyQC5vrotL2++Ii1TxEyZD/gWSPs8/D3lCHMzm+CCvHYjAAUuDyX1yni1z4ZSLX4E80EVu/oJXgXLXURIm5qZTiM0gDvpl8lCXl518rXi84wYonFVUI5hkUtcduClUe3HytPthV03I9JEOJ2qBBM+qLJc0NeerMgA8u6uWbYL/2ewmyBToBNjq9R7keCIKQy7ewA2r0ZjF7vUEgx96CsEjhEhSICkjooz+5v4m0kVPQPoAaAHkjG3Smkg41A==
+b.dns.py.		172800	IN	A	200.160.0.5
+b.dns.py.		172800	IN	AAAA	2001:12ff:0:a20:0:0:0:5
+c.dns.py.		172800	IN	A	130.59.31.30
+c.dns.py.		172800	IN	AAAA	2001:620:0:ff:0:0:0:30
+l.dns.py.		172800	IN	A	200.0.68.10
+l.dns.py.		172800	IN	AAAA	2801:14:a000:0:0:0:0:10
+p.dns.py.		172800	IN	A	204.61.216.107
+p.dns.py.		172800	IN	AAAA	2001:500:14:6107:ad:0:0:1
+u.dns.py.		172800	IN	A	198.6.1.65
+qa.			172800	IN	NS	a.registry.qa.
+qa.			172800	IN	NS	b.registry.qa.
+qa.			172800	IN	NS	c.registry.qa.
+qa.			172800	IN	NS	d.registry.qa.
+qa.			172800	IN	NS	e.registry.qa.
+qa.			172800	IN	NS	f.registry.qa.
+qa.			172800	IN	NS	g.registry.qa.
+qa.			172800	IN	NS	h.registry.qa.
+qa.			172800	IN	NS	i.registry.qa.
+qa.			86400	IN	NSEC	qpon. NS RRSIG NSEC
+qa.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . GBv1ZFsPsQh/S8WK3owv3kM8Tmf5BGiJBwuToGtGIu9EDYxpQgmYAoek8r19cFWkwhKUaPd07gSfGyhOV3TTZv+W72hmkl6WzmmqhQNgLM0o8pXMpMi0dCCrr+oyHYgnHivEruTGwajc2LKXDOECwU9NEKBQtzFIyUYrsYG9gqWXKzia+ITzdDdE5uXvdCCfotM6qIgsLFTPFmqIGzX9ijsfKQttWW//mH03iLXDdU571WIN693raazchA2fqaGudHa/mtyookCY+L11FtnXCDCtqK0PspVegC5v6QlgWnHe/++ADP5LRxOGtyfX66CaslItbihQF5oE9JowtAb/bg==
+a.registry.qa.		172800	IN	A	178.23.16.104
+b.registry.qa.		172800	IN	A	178.23.17.104
+c.registry.qa.		172800	IN	A	212.77.192.10
+d.registry.qa.		172800	IN	A	212.77.192.13
+e.registry.qa.		172800	IN	A	178.23.20.60
+f.registry.qa.		172800	IN	A	37.209.192.6
+f.registry.qa.		172800	IN	AAAA	2001:dcd:1:0:0:0:0:6
+g.registry.qa.		172800	IN	A	37.209.194.6
+g.registry.qa.		172800	IN	AAAA	2001:dcd:2:0:0:0:0:6
+h.registry.qa.		172800	IN	A	178.23.22.60
+h.registry.qa.		172800	IN	AAAA	2a0c:a640:1:22:0:0:0:60
+i.registry.qa.		172800	IN	A	204.61.216.62
+i.registry.qa.		172800	IN	AAAA	2001:500:14:6062:ad:0:0:1
+qpon.			172800	IN	NS	a.nic.qpon.
+qpon.			172800	IN	NS	b.nic.qpon.
+qpon.			172800	IN	NS	c.nic.qpon.
+qpon.			172800	IN	NS	d.nic.qpon.
+qpon.			86400	IN	DS	2327 8 1 C3A7DB5BB487A23BA948A762681A1899980DEDC0
+qpon.			86400	IN	DS	2327 8 2 3862EBE8922407508C2915D29ADA122BFDC2385E90E14F0B98145665D794E347
+qpon.			86400	IN	DS	29890 8 1 44C89222BC6F471572A2D95AF068D70D82D99D65
+qpon.			86400	IN	DS	29890 8 2 7467925EA4AFC0A3A7E0E36A640721385FFC85B26B7002B492EA8CF45F4C9A90
+qpon.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . O40PLCK9KQ4H4kB+6GSEdxLMCM1bSyRBUWr3MnDl/tVVLveYw7D7Ajw5zHENEl1RxNT/LmZMSRFXKnIPpzjv00hCshFECvN5UWXfJDEWTxLbzz9aZfMdFf1GVzhQUPdXFnmpK58GO1ZnLmNUCh9l4CxD9/APi+WuHhaIu6cEE3PcXW9EpWyW94hzJ1rvibMsO652d5yYNnm+Veq5FHgJQxIX5ZBdc2VBni4MHxSVyFMP5C0wlWoXSaFSW/fFYqKXv7CHWTdUiS/+njAPpMrdZ4yoeWSPz7TSwdwbeYzXtsPLuu7+x050sx9l5V8SVW8O2PTlwLTi0cNfHQd3gOv9qw==
+qpon.			86400	IN	NSEC	quebec. NS DS RRSIG NSEC
+qpon.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . HpeRUV+HjVjo51xbauuuTy0chZqf+5wtqzd8Y4dV8p/r3e65IkCaobMV7LQIHApTfrSoqoRNikiG2pGPgcbROaSx6vkx2tjvvv0UTqfz8bYy6T6pM2E4imFj++v7ZTStRd2F6bW/GArAM3aU070xq6RkrHX0xkuPsaiAoMNEfkoxE3nwykW/hdEZyJmDnG1w38XZnqIZ373YJ9FzJP4hu3YYrv1RaFo58vChfqQs37dOT2ZFTrvdKNXOKlB7LrX3R4qbuN5/Xd6jDLCMzmO9o5aKfYL5aZHjwIltH5TV25lGKm8rX3DmsKtPVeVpJ5+f908jUYtRG0o8Dj0MwTY7dA==
+a.nic.qpon.		172800	IN	A	194.169.218.128
+a.nic.qpon.		172800	IN	AAAA	2001:67c:13cc:0:0:0:1:128
+b.nic.qpon.		172800	IN	A	185.24.64.128
+b.nic.qpon.		172800	IN	AAAA	2a04:2b00:13cc:0:0:0:1:128
+c.nic.qpon.		172800	IN	A	212.18.248.128
+c.nic.qpon.		172800	IN	AAAA	2a04:2b00:13ee:0:0:0:0:128
+d.nic.qpon.		172800	IN	A	212.18.249.128
+d.nic.qpon.		172800	IN	AAAA	2a04:2b00:13ff:0:0:0:0:128
+quebec.			172800	IN	NS	anycast9.irondns.net.
+quebec.			172800	IN	NS	anycast10.irondns.net.
+quebec.			172800	IN	NS	anycast23.irondns.net.
+quebec.			172800	IN	NS	anycast24.irondns.net.
+quebec.			86400	IN	DS	46012 10 2 5916001FFF3DC261A7F1B5D81BDC63312697F8B672AE1C8AC7677F6E68977F48
+quebec.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . OaxC6Rmb5i0UPBdf502eVQ90THy8RaXWg9vz+jM+IcqZdUqAxoXExssB0AONeYVf4bqCkG4cNndEHA+FpfGUXo6hRCi3ios2DMC2IFxbYN5/NJs7XAnLSltjle0RTOojmFafZYnhoTuD6VCYVo4yJS2kbvD27Y+tlerykPPAERDZuLiP+TKRyMUV76Nu77o3vP1j45xqvHQ33gPa8aEJUFbt5CWx8PZlX0C+m6E2k00qyJ4lv1qYAw9sCEj/3+FteQVvsmhcsvhtPoJmQORns38vR2Eylzi+t2oABaq/ZxbsHla9k5WYNDwKelSUKmGxtUNWo96qXNU2Pn1LmXPxXQ==
+quebec.			86400	IN	NSEC	quest. NS DS RRSIG NSEC
+quebec.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . b0DS2d39LrkGrbn7IWzUU/p/KGS0RAghoD4rdQbhQb88l9TYkza60BPn30HedH+vsqjR47lcd4dNLrPKVkycxLQhTknqhDSckqG/iB2XZSzQEZPQB9V99b1vrkDvutzjUVELGxVEIwuwtQnWjILwrUvghKVqPpRnOh6iZEKZp9N8rRYt4CDrqss4Y7j+hyxDpblLpHOOgkptoOKQxhc2wKZvsSCJckHbFr8Mw5A4v4A3g/fwHE7OpRLTK6bbYS9sC9YGf0Keo7F5SfXgqVJfhYur9hxoJXKp74/DI3i7RMElh78R5n/FG0btHCJ9EylmSFH4LlWvNAwboM+yDN+DNg==
+quest.			172800	IN	NS	a-cnic.nic.quest.
+quest.			172800	IN	NS	b-cnic.nic.quest.
+quest.			172800	IN	NS	c-cnic.nic.quest.
+quest.			172800	IN	NS	d-cnic.nic.quest.
+quest.			86400	IN	DS	21334 8 1 D99396EFCD9B8F4A3B269CD1E9620572FB04F0D0
+quest.			86400	IN	DS	21334 8 2 8472C2FDF0A9D2BE4A2C1BC4C601C987118E6A815B1242B6985110B7C390E80E
+quest.			86400	IN	DS	50071 8 1 118C9E561B08FC2C993CA75545FF688ECFF4FFCB
+quest.			86400	IN	DS	50071 8 2 A0A1FA69FA59661AD0501D87885426B7B879C84B19891309DB11EA15A92EF2AB
+quest.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . pNQvYHdZeJDXbld1viLR+QIbr+o7YfX7m1Cf1LR29i9DAf1ir4De+HvlwjMibUtuhiFYlDXItWx9tzvvfDBVF8JnsI0Tu2vkhR0N3jjQ5IkPyw9TryRq8MlT0MaMw3gUdid5s0kKrZekc540d+5P5HlejdpTqzxyQSMb+I+2yH82zIdWlOzJJxWek/4ai6YsIcq5vkmUPaFp62A/UwzyntGzcTcqCj5klJDvERwZhlXaZE0SHHQSYdSUuypdFy4skkS8D4BqCW8KZzoEOXqGm6riQNFczRMSmFmXGZGO9iNVdmXF80lGiDJvXwcE56jGHf6eTxKazLFVa2UwV765OQ==
+quest.			86400	IN	NSEC	racing. NS DS RRSIG NSEC
+quest.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . cdDkqQs0haLtm0VwC+4bXxvP2Ij5DLDuf0jjc/6wwHM6uamKga9cHghkDodzyZIUIqyHM2GAS0V5ewtEQa9mSyoCMfc9xJzsTU20LrOGfmMUEuEkMqQBS0nBt7UQWtv4OlqA1wq584wFP+1MesmmpoXdwsAsazmzgnlg/aWkB7W85ljWhlDu7lzNP8yUypCcwYBd0n4cekJIfDmeT2yMD8M3yP17y6holvCdwVGVMLoDu1HGZ9HuxB2kaJbOli14UElaxG8oTA1rFEKZXFiLnZySEKD4TdeizaWKeVc+MQ2VWeDRgiJS6bdRsn9SxI48ndpRRhF3ok5sJqsLzN8pmg==
+a-cnic.nic.quest.	172800	IN	A	194.169.218.19
+a-cnic.nic.quest.	172800	IN	AAAA	2001:67c:13cc:0:0:0:1:19
+b-cnic.nic.quest.	172800	IN	A	185.24.64.19
+b-cnic.nic.quest.	172800	IN	AAAA	2a04:2b00:13cc:0:0:0:1:19
+c-cnic.nic.quest.	172800	IN	A	212.18.248.19
+c-cnic.nic.quest.	172800	IN	AAAA	2a04:2b00:13ee:0:0:0:0:19
+d-cnic.nic.quest.	172800	IN	A	212.18.249.19
+d-cnic.nic.quest.	172800	IN	AAAA	2a04:2b00:13ff:0:0:0:0:19
+racing.			172800	IN	NS	a.nic.racing.
+racing.			172800	IN	NS	b.nic.racing.
+racing.			172800	IN	NS	c.nic.racing.
+racing.			172800	IN	NS	ns1.dns.nic.racing.
+racing.			172800	IN	NS	ns2.dns.nic.racing.
+racing.			172800	IN	NS	ns3.dns.nic.racing.
+racing.			86400	IN	DS	20812 8 2 D4E4DDB66CB7CD6A1A4FACA0007E3735421EDCA637C767BEEF02D01A15D928D5
+racing.			86400	IN	DS	57100 8 2 048874AFA57AE916C96B9B8F92CA789E5750512CDFD1F153C1F71ED26053E7B4
+racing.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . ldh118hvZmEECkjq9yZT8C+3NdMbzD3taOLAsrluqvGrin5zOp8weoosmxrz4ffLIvcBIp7D5Zf/ga+onuQIiARdXxZzpFDd13IpxZbqzckD6QaO4kZChvaVWDJRB247OoCf/+wG42+ducpMP8Zp9IKj2BnZwTe2/8rAbzym328peu5KwqKRx4yW8Qdx2WEOutiq8+GF1dh4qGt84MU0rOOMtpI7seQWtQtUwbErMy6yG+scb9oU31od1AeQoUOsFKlB2EQVkha3/EPmgJipVMl59/XPX0+B1RenhgJ8vBOwengugSU+fseEAO28wjy6VadEzgmHChQ8yjEJ9PEoZg==
+racing.			86400	IN	NSEC	radio. NS DS RRSIG NSEC
+racing.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . M5rgaff1dNQh7OjmTN89txZ/oum0TZzgf1zPbChzNTbIPaV5bc8LObK73nk7QjfRZPW461pswtA2py4sHK27YG+wQ9CtPTGlqCtWrmznQmtwhmusDfriCgKUdjqeoN/qARcD2WBWSO9+E3Ej/6eTEWx+EkwaUMt7zeOihCIMuIgdE0A3HQrNIgiXlZznW6oSKJp/2n0PO+Rdd6kXvkS5sfUVs/Vz7WLGioOAl3H6MOqAbwE8NPa+r3n1KmaN8I+xD82HXDw++eSt5lHvcmS9djnnyYmYDEe65KwTXjYA+leqyoG+eXb9nndbYQbRfj7kK5aA07IyQx5drh93rBb9JQ==
+a.nic.racing.		172800	IN	A	37.209.192.10
+a.nic.racing.		172800	IN	AAAA	2001:dcd:1:0:0:0:0:10
+b.nic.racing.		172800	IN	A	37.209.194.10
+b.nic.racing.		172800	IN	AAAA	2001:dcd:2:0:0:0:0:10
+c.nic.racing.		172800	IN	A	37.209.196.10
+c.nic.racing.		172800	IN	AAAA	2001:dcd:3:0:0:0:0:10
+ns1.dns.nic.racing.	172800	IN	A	156.154.169.33
+ns1.dns.nic.racing.	172800	IN	AAAA	2610:a1:1071:0:0:0:1:21
+ns2.dns.nic.racing.	172800	IN	A	156.154.170.33
+ns2.dns.nic.racing.	172800	IN	AAAA	2610:a1:1072:0:0:0:1:21
+ns3.dns.nic.racing.	172800	IN	A	156.154.171.33
+ns3.dns.nic.racing.	172800	IN	AAAA	2610:a1:1073:0:0:0:1:21
+radio.			172800	IN	NS	anycast9.irondns.net.
+radio.			172800	IN	NS	anycast10.irondns.net.
+radio.			172800	IN	NS	anycast23.irondns.net.
+radio.			172800	IN	NS	anycast24.irondns.net.
+radio.			86400	IN	DS	62727 10 2 3863E4A0C36A262785C1703B5CFF54CDBD56CD40BB414B45599848CE972E26B9
+radio.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . Q2bGRrQoNg4YK523G4TsEs/4twnkYlCRwDJu3dPRgpZdJMA6WObq8GpZaShy4YaXlBCrLu0pA8RkBHTjS8gjhCOiLi+RC92SKO3syITl5upvpIGlbRON+F4bEvfXKy9wNpDinlPtCJOvTwxaX6SGzc+0en2r7emb62h4OYEb6UEFcyULpf/98k6THLOqwwwQq0CsxMT7rjKfMgENrobZ2kSPqzZ+0+qI8A5d60lPzkUjJYtXEsC5JfCayghTbJamVhil18AtEGmpsXvkXw815TUvrSoIx1528e4EgdyPZn+0mgVDMVI/0uZ9xe30AeGfaNtlfsu+umzLKyHR89+01A==
+radio.			86400	IN	NSEC	re. NS DS RRSIG NSEC
+radio.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . Dh7vXM+g/sFk9p+7NOPKJGepyMn8Ya6kFpbUEHxOElfqk8kQAhCdY/Hb5KKrWVrWtnoyQuakCOjht2BmEGa7ORTCyxG6MtvQkikybWFFn7fDRVry3WfA1bRZNa4ly/VM9SrJwByuel+fzQujAb8wHmnN5zEYGPpBWke2qcwvbhlO0yDfPIcKwUHSeD06ncgN2r4F+6z0wXfwY1hgbrSZhn1l/H6yHm4n8xjkvgaP2LysoEbmf6oS2yzD0c1mNtkBqlIGoWIFp13cfwj5aWv7AaIIswYUDsthS7ytDDlFkZFW7QEl/+oqX7LUXotyowEA6XlA1lrqJndjLsBqBe+huA==
+re.			172800	IN	NS	d.nic.fr.
+re.			172800	IN	NS	e.ext.nic.fr.
+re.			172800	IN	NS	f.ext.nic.fr.
+re.			172800	IN	NS	g.ext.nic.fr.
+re.			86400	IN	DS	49754 13 2 CE6C40407ED006C7A2D34B04F01EA0D825A64FA2418D6E994192AD05AD24FF68
+re.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . Yp1yNRpadV20F7Jm0GToPqJ2Q8XSEkvOI7i79mhuHTWbrWqva7hFszZoT01XeKvdKU4bTq3QUprTf2lVXdQblWkELXeU+HVNrY/aorHpdpTPaiSCbrsVPazwId1BvONynO5De7oGdL/M7w0L7775pAxxn/U0C6qTf+Sg1B3R159uaFvGitNvaIDWfaG6lAIY2VNjgGP/vOflyBbrBpc5emBVZX7FgNGe1pr0JZccQTx0htDSBKD37cnT86vS3Bdq/GV+qBvVSEbRpwhqDR0nNDO3CYnyU7ObI+agiMMR1MOkpa1eF8FA5sE8k2tusLScHpvxnaW4YM4UW7Coj+qKdg==
+re.			86400	IN	NSEC	read. NS DS RRSIG NSEC
+re.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . GX/0NFAvHwIbiHvimTms5FMA8EKxQDnDbAFljt3AHg3p+LbMavjxbNvspSLZUYtQ5DG8cmL0w/sKOqb3v5IrqaY/axZy52WmuC4stFn3O1V9L7TuGinhjVQ2zG8p58AqTVhrPoZAB14e/8UhOjcqnY2qL3yDaqNEzSyFCZjp2rH5e64MzXi4qntkl9FE31AFYWW5EEyXqAha/6H/IuvRAr1fG6mCLx33y5n7JZNNFMWIFFfnrvaesQ/SNlpyOqrJ/sWdmbEGmDnfO1ZeRIa6SarRJxI6vdJu/PGwkAgnkTUFrTCq8dz1sr9qx15KhSexcqrUp0SiCOBOLcgHreFJ9A==
+read.			172800	IN	NS	dns1.nic.read.
+read.			172800	IN	NS	dns2.nic.read.
+read.			172800	IN	NS	dns3.nic.read.
+read.			172800	IN	NS	dns4.nic.read.
+read.			172800	IN	NS	dnsa.nic.read.
+read.			172800	IN	NS	dnsb.nic.read.
+read.			172800	IN	NS	dnsc.nic.read.
+read.			172800	IN	NS	dnsd.nic.read.
+read.			86400	IN	DS	15481 8 2 688BA91CA7DC1405423B597EF47BECDE3188530011815FBB5C55B484EECD9F31
+read.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . uym3KKY1UvRUYxEBoSl9IXmMzYOdzItHKbhSWvz9YyKgwBo/QeBA63woiDsoWf/HHOQ4aq7oCmBITl4N4fabutB9AfHMtpkrkONmWF++WsiFBGNmBctzv92eL/JudAOkL6oDJEnUAee3/dwU/f3tKO9rjD1k0LnDE/l5f2f0jQn4mE94COm4Rgs9PZWS7J4MslwAwhD6OeqR+OEjCI+woGsTCCEFn6d64lyIdc8YOHYN/zhqFQIBxYHzqFaJrpFueenhtBvnQUy32D3jF0tWnxTQc/bDGY/tbxuBHb4elVSIepT7f8Q6q4dn8NXfjgIIG6+UrA8gYrfnSxkh2bt83A==
+read.			86400	IN	NSEC	realestate. NS DS RRSIG NSEC
+read.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . 0JK4/sEp8m9Ca0fBhzrHYT95x8FQQOF0BPFH5IF8+4SBMooookeNmBOgoNxwSOZMuDDxz9emxzBgo1YMW9ZCEFrngpK7DNWY+jqSkWbrXYzgo5ogjX2YQHtabtVm4JAEHd8xEPAaRMTxeJCwILsaw7dZnmjBfMkRBg+3FCJGkrw55SxBn6xht4fIOatia6cyrKFCzrGm/AIsbxu7K+3WzcSFd/Ny3X0qJ169IVOJRIWyuCDx3rFMTRFvReBdvw6EmiwL0+xKnduIk6/guX+rPJUAk7xM3aSqtnPfNcpMpUnocDoq6k8mx10UCoJMbGy3mFIl02fZv8xtmwx/vYLXOQ==
+dns1.nic.read.		172800	IN	A	213.248.218.76
+dns1.nic.read.		172800	IN	AAAA	2a01:618:402:0:0:0:0:76
+dns2.nic.read.		172800	IN	A	103.49.82.76
+dns2.nic.read.		172800	IN	AAAA	2401:fd80:402:0:0:0:0:76
+dns3.nic.read.		172800	IN	A	213.248.222.76
+dns3.nic.read.		172800	IN	AAAA	2a01:618:406:0:0:0:0:76
+dns4.nic.read.		172800	IN	A	43.230.50.76
+dns4.nic.read.		172800	IN	AAAA	2401:fd80:406:0:0:0:0:76
+dnsa.nic.read.		172800	IN	A	156.154.100.3
+dnsa.nic.read.		172800	IN	AAAA	2001:502:ad09:0:0:0:0:3
+dnsb.nic.read.		172800	IN	A	156.154.101.3
+dnsb.nic.read.		172800	IN	AAAA	2001:502:2eda:0:0:0:0:3
+dnsc.nic.read.		172800	IN	A	156.154.102.3
+dnsc.nic.read.		172800	IN	AAAA	2610:a1:1009:0:0:0:0:3
+dnsd.nic.read.		172800	IN	A	156.154.103.3
+dnsd.nic.read.		172800	IN	AAAA	2610:a1:1010:0:0:0:0:3
+realestate.		172800	IN	NS	dns1.nic.realestate.
+realestate.		172800	IN	NS	dns2.nic.realestate.
+realestate.		172800	IN	NS	dns3.nic.realestate.
+realestate.		172800	IN	NS	dns4.nic.realestate.
+realestate.		172800	IN	NS	dnsa.nic.realestate.
+realestate.		172800	IN	NS	dnsb.nic.realestate.
+realestate.		172800	IN	NS	dnsc.nic.realestate.
+realestate.		172800	IN	NS	dnsd.nic.realestate.
+realestate.		86400	IN	DS	60815 8 2 9EFE92191E0F3F5C0462D0F4FD5283A6227A240D56793ADDA2A9C654C4840131
+realestate.		86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . WGAI0WwMVS5oJu544/6ZYNArigr7gQUYQHaBmR233aM3EvMHb6ncpyVhvkUONs69zVsXrH05SNBr7tCpav7ew6hawrT/MjPgXKmvur5JNEr9f4eOaZGSnqKHIs1a43QoKsUeGfEfEgMoUp3EpCMlyoDU58reBqfozKis00qZdntaCLo6zr2f7w6KYrb2A1rZhwyaxJvngrQvbUo1R5XdH/G5SzHvlUJHWYkk513tF/LlZ7Ph6s46U+wwGJe8rBl6kxzLcuTzZIJ9N4No1FnXFWIEEjx1i2FmVml1ChVd3ozcbsnrdcgnQD3CCp1Bfb9lgKWaUklYNQUjGjV7iI+u/Q==
+realestate.		86400	IN	NSEC	realtor. NS DS RRSIG NSEC
+realestate.		86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . 0M+Dgl5xa9VWEga6We8Uflw0ZC/JNZ7jhbDPhtZlVtdmgWmryOq5Bm+RtrapW7I5F7d/x+ViRpUE5Y1I2qfup0sYh6L4c+PZsjbMNOjFOdioXnFkPsZ+cnp87uUXUOrXdZ4MKwvy/MUsSvfowiwNqD3UFUvgHYVStOkbbeeMWTU+Av/5GE92+40FPff3fXZAi/lDFI6m68oY3JFWm/nQlfP3KirdjQN5X1F1LfsZ5W69Gpx7ALTaMnKxD2zpNWNPD8eNoiTclOuYX+xmuY3NTWcQU9HWPmEjNzyWyurJuIOjnLKIKQWBnwSaPmmgb80GFzuYXCJjBJ4f2JzpMl3RuA==
+dns1.nic.realestate.	172800	IN	A	213.248.219.123
+dns1.nic.realestate.	172800	IN	AAAA	2a01:618:403:0:0:0:0:123
+dns2.nic.realestate.	172800	IN	A	103.49.83.123
+dns2.nic.realestate.	172800	IN	AAAA	2401:fd80:403:0:0:0:0:123
+dns3.nic.realestate.	172800	IN	A	213.248.223.123
+dns3.nic.realestate.	172800	IN	AAAA	2a01:618:407:0:0:0:0:123
+dns4.nic.realestate.	172800	IN	A	43.230.51.123
+dns4.nic.realestate.	172800	IN	AAAA	2401:fd80:407:0:0:0:0:123
+dnsa.nic.realestate.	172800	IN	A	156.154.100.3
+dnsa.nic.realestate.	172800	IN	AAAA	2001:502:ad09:0:0:0:0:3
+dnsb.nic.realestate.	172800	IN	A	156.154.101.3
+dnsb.nic.realestate.	172800	IN	AAAA	2001:502:2eda:0:0:0:0:3
+dnsc.nic.realestate.	172800	IN	A	156.154.102.3
+dnsc.nic.realestate.	172800	IN	AAAA	2610:a1:1009:0:0:0:0:3
+dnsd.nic.realestate.	172800	IN	A	156.154.103.3
+dnsd.nic.realestate.	172800	IN	AAAA	2610:a1:1010:0:0:0:0:3
+realtor.		172800	IN	NS	dns1.nic.realtor.
+realtor.		172800	IN	NS	dns2.nic.realtor.
+realtor.		172800	IN	NS	dns3.nic.realtor.
+realtor.		172800	IN	NS	dns4.nic.realtor.
+realtor.		172800	IN	NS	dnsa.nic.realtor.
+realtor.		172800	IN	NS	dnsb.nic.realtor.
+realtor.		172800	IN	NS	dnsc.nic.realtor.
+realtor.		172800	IN	NS	dnsd.nic.realtor.
+realtor.		86400	IN	DS	15827 8 2 577657BD827B1E23EDD28113992899460B5E0DD5138D49E6978740D303F41059
+realtor.		86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . QVEqhhKZYDMHOomD6f5eA5bM9hmlkSGiaBnHEpJAsZXTb3VBkIwcguKY9LGT6+rDTr5cyTTtcYZfNDYUIMprn/wRZqsTA7v511NQtg+1NZAhprFZQQyXy27nOQj6bghTInLPUWKWAF1OUt9wOPY967TLvoeRZ+BfmnAiDLDvqRnIWUmcbYNNRDTS2YT80RFUSBotvegy7I/mL9duW11WIK2c8bVsw2FbyrrNrwH4JTOBKsmrN3oKeD/DlCq4GNDWcG1G9Kn/Vh7Cbp7SK+Jj+NPZISeBLV1zMndwj5+zAn/AT36vHpJXfCRdhb0kgxlyqD6V/nv0QTSYf6MEO1mA8w==
+realtor.		86400	IN	NSEC	realty. NS DS RRSIG NSEC
+realtor.		86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . R50qgkF2fS3k6TOHvlLFcUAcAoRBthyPlJvxv4DPLGFs6V6V/qS1KKBuxZYrNOlZC3ZKMDVVMpcoSUTaKWNvwF3igaVup+aD8KJ+imYbmJwTMwHg6WekD50z9uX603TtWL+5BtJwzxcdLAzXqHCxjwOLD1kbuUke7dpbO8eE45wUv56LE5h18EEpSYw0ydgBJ7xxEtijnfyEgsFe4FPPNNJGpk7vwxvQT7VAZCuAHFJT6eQ8FJM9IvdM4dF1EQ/aJ+dm1Yum0DATb3E6xSqcUdciJ5gp5wjfA+1FymXCpN3hdSUEYulPCTSX8yMhXUJ12LlZiebX9qA+kdgT8DAosA==
+dns1.nic.realtor.	172800	IN	A	213.248.219.122
+dns1.nic.realtor.	172800	IN	AAAA	2a01:618:403:0:0:0:0:122
+dns2.nic.realtor.	172800	IN	A	103.49.83.122
+dns2.nic.realtor.	172800	IN	AAAA	2401:fd80:403:0:0:0:0:122
+dns3.nic.realtor.	172800	IN	A	213.248.223.122
+dns3.nic.realtor.	172800	IN	AAAA	2a01:618:407:0:0:0:0:122
+dns4.nic.realtor.	172800	IN	A	43.230.51.122
+dns4.nic.realtor.	172800	IN	AAAA	2401:fd80:407:0:0:0:0:122
+dnsa.nic.realtor.	172800	IN	A	156.154.100.3
+dnsa.nic.realtor.	172800	IN	AAAA	2001:502:ad09:0:0:0:0:3
+dnsb.nic.realtor.	172800	IN	A	156.154.101.3
+dnsb.nic.realtor.	172800	IN	AAAA	2001:502:2eda:0:0:0:0:3
+dnsc.nic.realtor.	172800	IN	A	156.154.102.3
+dnsc.nic.realtor.	172800	IN	AAAA	2610:a1:1009:0:0:0:0:3
+dnsd.nic.realtor.	172800	IN	A	156.154.103.3
+dnsd.nic.realtor.	172800	IN	AAAA	2610:a1:1010:0:0:0:0:3
+realty.			172800	IN	NS	v0n0.nic.realty.
+realty.			172800	IN	NS	v0n1.nic.realty.
+realty.			172800	IN	NS	v0n2.nic.realty.
+realty.			172800	IN	NS	v0n3.nic.realty.
+realty.			172800	IN	NS	v2n0.nic.realty.
+realty.			172800	IN	NS	v2n1.nic.realty.
+realty.			86400	IN	DS	5506 8 2 20E276179F6EF711CD63C5E4851C2C3B4917FCFF813C708AA902C305B8960484
+realty.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . cvD+CETLcyS7wCWyz97jHaxNiyaxBvOahUO1OHeD3B4SaYvIZ9WjDOY+js38lDeiYN693EqaTJhZO/FRf36JwrmnUaIr1QzeZ5Vi16ZkmFc5qz9YI7Tm4/n5suSMbka6BMk5yHZwZdoyRk5PsLWsKtp/mM6sGT/k91mKN6ofG/Ko39lrJCtAlNeCXZj/WawQjSyAbeONQsFEw1szWYn7V0UC9F3mTCiKuv1gObZapwha/bisXc0JNjg4lo54N24aIoJ6jMtr/UFja6cm2txw/YLh0iiWXheQyBJg52Zvh+zPmtfLQGgu4+VFPUXf7ezDG9cyUDjF8eNoct8oLOB2Og==
+realty.			86400	IN	NSEC	recipes. NS DS RRSIG NSEC
+realty.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . XS3+gS1M9452b8kVcPHSs/OfahJSUSE4mLUXSGnytk8L0Spk3jVZy8nu2RYAlOhuD2QlSIR8izGx3dek8JutHAD1yVVlpUP3bM91p52frB9qY0a6Y6K7a5jwjTZeYdX4HQeyS7XV8PlIAneNumKzR5aLa22GvAQAWfLgWnzSxAHm+48wqlckyClXvcmAuhTmA8bgPAAUnbLbzy3dx+CDoRQkGj3FvKxFfelpGE7Z7y2C47Ol9+fsd0IYZhPwfdZryenldyf8iIrzr42S2NAdZQzzAYx7uVltwEwSz8I9c57t+/L/3SFFlWOHN5XGRCcRldql2CMlnH17BdpaPkWGSg==
+v0n0.nic.realty.	172800	IN	A	65.22.24.42
+v0n0.nic.realty.	172800	IN	AAAA	2a01:8840:1a:0:0:0:0:42
+v0n1.nic.realty.	172800	IN	A	65.22.25.42
+v0n1.nic.realty.	172800	IN	AAAA	2a01:8840:1b:0:0:0:0:42
+v0n2.nic.realty.	172800	IN	A	65.22.26.42
+v0n2.nic.realty.	172800	IN	AAAA	2a01:8840:1c:0:0:0:0:42
+v0n3.nic.realty.	172800	IN	A	161.232.12.42
+v0n3.nic.realty.	172800	IN	AAAA	2a01:8840:f6:0:0:0:0:42
+v2n0.nic.realty.	172800	IN	A	65.22.27.42
+v2n0.nic.realty.	172800	IN	AAAA	2a01:8840:1d:0:0:0:0:42
+v2n1.nic.realty.	172800	IN	A	161.232.13.42
+v2n1.nic.realty.	172800	IN	AAAA	2a01:8840:f7:0:0:0:0:42
+recipes.		172800	IN	NS	v0n0.nic.recipes.
+recipes.		172800	IN	NS	v0n1.nic.recipes.
+recipes.		172800	IN	NS	v0n2.nic.recipes.
+recipes.		172800	IN	NS	v0n3.nic.recipes.
+recipes.		172800	IN	NS	v2n0.nic.recipes.
+recipes.		172800	IN	NS	v2n1.nic.recipes.
+recipes.		86400	IN	DS	50824 8 2 4740FA6AEFAC02132E2EDEA2F54DCD7FA2140F06DE024524215B7EAC2968A225
+recipes.		86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . o2x+RWk+uOh0Mz+2xPTuFQLFMO2dCrrHDWCbKJkeJNgVkk1PBru9uGFNm2gVVkOFcrHzNbUp1PKnxvV8MJip5ez55QW8d/LaMgIFLKwIsqd5WrfSiOuUFkPUx6hy3S/VclKBfkLAR9ynTdk134biT+TlF3DNBFOMEmjPHsghOeX6tuRYbBsbOGLjuD6GbTJakUdODdUkbwUfQeE0fLoee3Ea0+czsAVjbl0r/s9rKO6xk653ILoxs0GlD/BzTjPyUxj9ylGSssNq16sGbRoizs2RYODOyEWBo+wzMUHwDgSws3qgq53L3LhitHQ7J6C6/p/CzJTUfCcNEK14e0NNeA==
+recipes.		86400	IN	NSEC	red. NS DS RRSIG NSEC
+recipes.		86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . X4ldK0oXl+elBsfbK7YWo9+sVcOJh/Wc1O5pzu6+teSn/7kmyUSOccCIJ317xNI45AVC4r2gUFWxQSQqzRwC8T4pr/QqPPRD+g3AQNXLXdMqzAmiZgTQfYJ4V13pMPLsBtUe/IkKGIdoG8wOrMoJTXA9G6mFqpH4s2NF1QWgyB+Al3lI8ZbkUmx+DSHbJNtzt6ap4tzoChPxF3CA66NpL0+wR4/+dCNfvDBBHyHYWe5DVKnGQKKD+L9q2eojOLagnHOjp81Nv48tqRUiZDSVB3yQ0xcDXFaQMS5N+g+SZrMMN82McDE3eRqbJaay0c7FEv9OGFNhV4A8wT48ke+Gng==
+v0n0.nic.recipes.	172800	IN	A	65.22.24.54
+v0n0.nic.recipes.	172800	IN	AAAA	2a01:8840:1a:0:0:0:0:54
+v0n1.nic.recipes.	172800	IN	A	65.22.25.54
+v0n1.nic.recipes.	172800	IN	AAAA	2a01:8840:1b:0:0:0:0:54
+v0n2.nic.recipes.	172800	IN	A	65.22.26.54
+v0n2.nic.recipes.	172800	IN	AAAA	2a01:8840:1c:0:0:0:0:54
+v0n3.nic.recipes.	172800	IN	A	161.232.12.54
+v0n3.nic.recipes.	172800	IN	AAAA	2a01:8840:f6:0:0:0:0:54
+v2n0.nic.recipes.	172800	IN	A	65.22.27.54
+v2n0.nic.recipes.	172800	IN	AAAA	2a01:8840:1d:0:0:0:0:54
+v2n1.nic.recipes.	172800	IN	A	161.232.13.54
+v2n1.nic.recipes.	172800	IN	AAAA	2a01:8840:f7:0:0:0:0:54
+red.			172800	IN	NS	a0.nic.red.
+red.			172800	IN	NS	a2.nic.red.
+red.			172800	IN	NS	b0.nic.red.
+red.			172800	IN	NS	c0.nic.red.
+red.			86400	IN	DS	20191 8 2 A838978F76DAB8C9A0057B3FDDDBD9883E760764E5AE1CEA04F0961D61A4BB28
+red.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . JBOMtfgGQKLF3OheUQu2QcBrfpvMKnJyBOc9RZtVm6i5JZVoZjTlYrXbd/sNRL7tJ2mkKFEH9oy24Hklw3S2Hr55Ftd7gYyV+wOAGEPi0/1Dv8Oce+Q0QRa+tP/oRSkMh4cHwUJveaEukHvMombv3riUsy0qhh9tPSvZXHE/lP+xAGIhZQ+0/fptjOmrm2a+Giho0QJezPvhwAyRF+CA1kSkxtJi7Xg3nXx4OS9knxRIcKxevCPIFN52+o0UaTzLzbg2+Yfes8IS/N/8z34rzbIwb7TesxlHX/+wXoY9LVdaK897LnnmIie8HFU/Z/hmaKI3EfT6vcy9c22VN2Aikw==
+red.			86400	IN	NSEC	redstone. NS DS RRSIG NSEC
+red.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . VKP4TCZUb1B66eG3JaExRB3nYCOroHfV+4srdzW+xvfEup8uhDDOEYEzKag9SRwbTj4roAnZKzL9kWLrT/MlI5fLgA8l2lZnB/d58NwhYYmRPM7Xbny5/vkuePlH91c/es97nhhlkQbIWlTSrNhxrYO5n9fyNFDl3GY2PQrFqW9LJEOMu4cGtFQ+1Y5FVD4ym0geCB1bVaJzRGRerykGq+L6owdwpNbDh1MXzr9qyuSh0+Tqt6v9cm2viM+pWvQ7bWghtGJAqoLXb6OMcNf+C01e1EIfPkpwZ2S5ehSoCCrfZRc5IdfgdCXjHeVsafuAYEkS1/kXql4OV74RZvaG+Q==
+a0.nic.red.		172800	IN	A	65.22.36.25
+a0.nic.red.		172800	IN	AAAA	2a01:8840:26:0:0:0:0:25
+a2.nic.red.		172800	IN	A	65.22.39.25
+a2.nic.red.		172800	IN	AAAA	2a01:8840:29:0:0:0:0:25
+b0.nic.red.		172800	IN	A	65.22.37.25
+b0.nic.red.		172800	IN	AAAA	2a01:8840:27:0:0:0:0:25
+c0.nic.red.		172800	IN	A	65.22.38.25
+c0.nic.red.		172800	IN	AAAA	2a01:8840:28:0:0:0:0:25
+redstone.		172800	IN	NS	a0.nic.redstone.
+redstone.		172800	IN	NS	a2.nic.redstone.
+redstone.		172800	IN	NS	b0.nic.redstone.
+redstone.		172800	IN	NS	c0.nic.redstone.
+redstone.		86400	IN	DS	55555 8 2 425CC5BC7ADD435160D3C70CBA9D545BE2FF5466ECC27FB46E520BE2EC1F9D0D
+redstone.		86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . K3MDIpws4hBI0YSZapaHBct2R46qskm5X+yNmMjfSkxu8B8uU3RV0OYDvrYBtvCtRp6AACCsSapDZk+8hZ+ak75RiuWRaluYPKvaL+usAbXbfIL8v/lxmxRj9xOBgjXIoBybMmGYKUYl7+EWp7WAumtAP1jd5CnZl3noxLz4qYG/d2R7hJPD2Y9KIOUqJQgnTAhZjarx+da/Jw7WB37njwGiTSbxNpmCHCoWmHBVqhJivuoK6c+sygrrowJnX5IRHeTd3VTlcBxGvyxupOp4JYC/Mxu1jGN90E/7hPLFGExCQNhojWLIHXmXxztSwP5qHhLkyquDNg4mQ/W2lVLNFg==
+redstone.		86400	IN	NSEC	redumbrella. NS DS RRSIG NSEC
+redstone.		86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . jIIL7xtSaj9ILlxLOGQhaTo9PE9ea/oZo3+sOAnAv/BRw3FgbBgtGvdt2Hgkw/wHoD4sxfGJp9adkGsbgDbSQUZZFQv3ri0C2yYEhNl3vTtjuh/FOy4YE6pqGZPH3FFv1fXSL4HXFnpy7GWTezMBh75mVvQ3nQoSPg2UsCSaBDqspXD3TJkLkksmeAicvyzU4tB8XA+BICYeoIqEsnIP+3Zp52UAxtHtMktntBtHmLw6EKQAOiJOdBQaym8LMgyYhxmg6qx1fQZHPQqrwCv/SQsAeDPWkBWz+tIQIpHjdEQa/eZ60D9HVhED3/JVY2eImMfEpNFCKe3r6FOvJlI2rQ==
+a0.nic.redstone.	172800	IN	A	65.22.132.17
+a0.nic.redstone.	172800	IN	AAAA	2a01:8840:82:0:0:0:0:17
+a2.nic.redstone.	172800	IN	A	65.22.135.17
+a2.nic.redstone.	172800	IN	AAAA	2a01:8840:85:0:0:0:0:17
+b0.nic.redstone.	172800	IN	A	65.22.133.17
+b0.nic.redstone.	172800	IN	AAAA	2a01:8840:83:0:0:0:0:17
+c0.nic.redstone.	172800	IN	A	65.22.134.17
+c0.nic.redstone.	172800	IN	AAAA	2a01:8840:84:0:0:0:0:17
+redumbrella.		172800	IN	NS	a0.nic.redumbrella.
+redumbrella.		172800	IN	NS	a2.nic.redumbrella.
+redumbrella.		172800	IN	NS	b0.nic.redumbrella.
+redumbrella.		172800	IN	NS	c0.nic.redumbrella.
+redumbrella.		86400	IN	DS	44047 8 2 1A8A582FF781CCFA13C4928D373E2F29E7DB7E4027174C68BD7B3E5772EF76C7
+redumbrella.		86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . t+G759mL3AvONinU75309vwSyLP3eIL69dYeBhazuSW1JtItufZDRm9gju9miUhR4KCZVG3nAaevUKcT1OZAZ46Cu1Nw0DTmMCUx8iHXZzqyCO9q3Fk7Gh4xg7gLqSa2pDM/lEP0Jjk09k/xqRXCR4rracBIzBLGubF9nK59p/5N7Z6L4u7VddQr3RwN41KmJ9ROGRivXH1xaA8BKAhwr2En8SpvoaS6lZYUTHVHtlMR/EcL8reUdi5D0XOARaTsraS4zYLaSv42UGiHZqhFfc0OT4Mi9Bpug95PG7350w8ozxbImEEgl858zc8aTs10TayGRw0iGBhc9dn71jq1dA==
+redumbrella.		86400	IN	NSEC	rehab. NS DS RRSIG NSEC
+redumbrella.		86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . qfqBf5ei31SlmXP294lMdsB3ccKstVE2HHshL/fLgZfxUyZaV2qb4lMeMrkVpYK3WR3v+/i0grPAPT4oRgRJMRDpCDMGyclOD+xxQYVI2+BGX5N5y43pzl1Q8ztAh0LQQVNeDDgx+zWAGID3kA5Zy3/Jx9J9saGyDorZ9XlAmJbhOLKTTa6/Rkwi7XauEZ3K6rZ59Mb+WAIJoaxALApwra1BSWydleu1ARA9jPr3Uh8ASSXTsHYG2wSeV+RKxL3nv2l0w5ambczc/cfFwumncgD7v/0awt3nTmaGD0XJ7c8yA62aFsl91LkTF3Lljrd6BeodXgxKNYYIwiBw6NiX7w==
+a0.nic.redumbrella.	172800	IN	A	65.22.200.1
+a0.nic.redumbrella.	172800	IN	AAAA	2a01:8840:c2:0:0:0:0:1
+a2.nic.redumbrella.	172800	IN	A	65.22.203.1
+a2.nic.redumbrella.	172800	IN	AAAA	2a01:8840:c5:0:0:0:0:1
+b0.nic.redumbrella.	172800	IN	A	65.22.201.1
+b0.nic.redumbrella.	172800	IN	AAAA	2a01:8840:c3:0:0:0:0:1
+c0.nic.redumbrella.	172800	IN	A	65.22.202.1
+c0.nic.redumbrella.	172800	IN	AAAA	2a01:8840:c4:0:0:0:0:1
+rehab.			172800	IN	NS	v0n0.nic.rehab.
+rehab.			172800	IN	NS	v0n1.nic.rehab.
+rehab.			172800	IN	NS	v0n2.nic.rehab.
+rehab.			172800	IN	NS	v0n3.nic.rehab.
+rehab.			172800	IN	NS	v2n0.nic.rehab.
+rehab.			172800	IN	NS	v2n1.nic.rehab.
+rehab.			86400	IN	DS	5731 8 2 D3BA72F70047888FAAE7F22DEAD5112C540FA6AAC533DCC55D9EE4920DE4CCA9
+rehab.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . O0THLNeyV1ElzG9PwVUwH37+FgJUid0rWe+vRrOxZCoahyRyWJILVAyTQfo951SV9OGU+rdAm1rfUzrY/z/CtVvWayE+M+2MG1zP70Q5w87lSK6brq1KJr9blL81iwj15w8ru/evjsGwcmqhM2ROzbxQYG9Ua17zvKc37Hy2PdDRcf4nrWqRX2JaRNH+7boOcNxkQzQUtvRPsk6h2ev6KEvqPerR2TYynUGKP0wr+bnQAyJCFJRz4V9Df0zs0r07n08Lwsx+TAS87wt7bK5EcDp/D/DWqpwyxWCZilY72j0LA+c4r9ABHt93gbXTlThzDVtPJsRmkjYAMk4i0neTsA==
+rehab.			86400	IN	NSEC	reise. NS DS RRSIG NSEC
+rehab.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . tGub82DR/2G42EKSukmg84qNrfD7BxLJvF6EGOyl37nhiiOhjNotShYHAZOP/5A3uv99IFC8piv/lqnvyYlf8gTl+fpRK/uhxFO7ieu+Aq8KYOcFWdrP+ymZqnkpxJvMo5vc1GBlapFfodqEHuj1t/GNupAFuqPWAmIJ768HXRGVHUWSC+dVK9VlZAx5YuhcPpRnKup/pXBGSoH0G4D5dHIc/boNeCxOw2HG8IBg/K7E1EshAtJZDfTT/6NGgVD/50mq+PxXJLn0fRYd1Q5EhOThZG3SNwPMpYc+1FXwWMsePPVu+y+zDBAZ+v0DisAd7SAHd3CeIHeA9b95s9UjXQ==
+v0n0.nic.rehab.		172800	IN	A	65.22.28.61
+v0n0.nic.rehab.		172800	IN	AAAA	2a01:8840:1e:0:0:0:0:61
+v0n1.nic.rehab.		172800	IN	A	65.22.29.61
+v0n1.nic.rehab.		172800	IN	AAAA	2a01:8840:1f:0:0:0:0:61
+v0n2.nic.rehab.		172800	IN	A	65.22.30.61
+v0n2.nic.rehab.		172800	IN	AAAA	2a01:8840:20:0:0:0:0:61
+v0n3.nic.rehab.		172800	IN	A	161.232.14.61
+v0n3.nic.rehab.		172800	IN	AAAA	2a01:8840:f8:0:0:0:0:61
+v2n0.nic.rehab.		172800	IN	A	65.22.31.61
+v2n0.nic.rehab.		172800	IN	AAAA	2a01:8840:21:0:0:0:0:61
+v2n1.nic.rehab.		172800	IN	A	161.232.15.61
+v2n1.nic.rehab.		172800	IN	AAAA	2a01:8840:f9:0:0:0:0:61
+reise.			172800	IN	NS	v0n0.nic.reise.
+reise.			172800	IN	NS	v0n1.nic.reise.
+reise.			172800	IN	NS	v0n2.nic.reise.
+reise.			172800	IN	NS	v0n3.nic.reise.
+reise.			172800	IN	NS	v2n0.nic.reise.
+reise.			172800	IN	NS	v2n1.nic.reise.
+reise.			86400	IN	DS	25897 8 2 4D05B8CDD95E0502923689DFEB01DB93185455E252ACAB2556AF477BAAF4865D
+reise.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . zHZnVOt8Z9fG2vtGEv2jE8B7aBNc6fm608xnv/EhkfNiR7BME9hTSnXHe+Wm05G7F0uIUFIDtnf1Mr7i+fctm84Ef3I4H76N5M8aO958WWYZ3F0gLwonUGmyBbJdA2HMovNX5uLzXORMXLtT3oSxZUIrifaZCG5CCc1KR/pJqwGmLCNjyalE8ZupgkorJuJ2K25B9mTBKCk6akjX7x19mJf2qWJuImkG9vF+anhVro5QVrqz0Kc77d2q2lQ7yXsUhuVsIadmqXc079mbzB4JTR6Tz305dLSxbpjXDZos8prgHn+Vt6Ye7MFq87zdqZ8J1/4o4FyKGGAlLOjksQe2IQ==
+reise.			86400	IN	NSEC	reisen. NS DS RRSIG NSEC
+reise.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . g04GErNtBl7FzE0ZLinGtUz6tSDJBPwuKXYUOa0QIuKUqXU3LclIrbjpYR5Xz8fvA8Jsaj8Oq8QQSyToX10KvhWJizZaxTi8CcFjQXpXWDLltAmG9u9DBmONYayed+iT/C7Pcpmg3+IS8JxLuPEKstJdC9OL3UC6LdRrnaY0Qj7DsoMGkx2kYzXVZRww9Xa/i6aSDakfli/QPceUhsZO3Z76N/kC6tLAqoqEUI1SKxjAjAABTwk5XNXPedsh6wPmdsWbkpoIJ+HRylaNAyuKPxx3CuKu1VUaodOLpUCnj3xEhMxONswAQ+cEw8gLwS6+dijnkKqYWIeemB91bwu06A==
+v0n0.nic.reise.		172800	IN	A	65.22.28.63
+v0n0.nic.reise.		172800	IN	AAAA	2a01:8840:1e:0:0:0:0:63
+v0n1.nic.reise.		172800	IN	A	65.22.29.63
+v0n1.nic.reise.		172800	IN	AAAA	2a01:8840:1f:0:0:0:0:63
+v0n2.nic.reise.		172800	IN	A	65.22.30.63
+v0n2.nic.reise.		172800	IN	AAAA	2a01:8840:20:0:0:0:0:63
+v0n3.nic.reise.		172800	IN	A	161.232.14.63
+v0n3.nic.reise.		172800	IN	AAAA	2a01:8840:f8:0:0:0:0:63
+v2n0.nic.reise.		172800	IN	A	65.22.31.63
+v2n0.nic.reise.		172800	IN	AAAA	2a01:8840:21:0:0:0:0:63
+v2n1.nic.reise.		172800	IN	A	161.232.15.63
+v2n1.nic.reise.		172800	IN	AAAA	2a01:8840:f9:0:0:0:0:63
+reisen.			172800	IN	NS	v0n0.nic.reisen.
+reisen.			172800	IN	NS	v0n1.nic.reisen.
+reisen.			172800	IN	NS	v0n2.nic.reisen.
+reisen.			172800	IN	NS	v0n3.nic.reisen.
+reisen.			172800	IN	NS	v2n0.nic.reisen.
+reisen.			172800	IN	NS	v2n1.nic.reisen.
+reisen.			86400	IN	DS	16819 8 2 2FE6F73A7337D0492BA6ACC3C38AC175E81D13B593136551AD1E95641DD396CD
+reisen.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . CKk+IXqRg8OiUTHg3WRgYeKCqpq8FiOQe8igfEMA87DnNwe5iK04ihCOebyI1HuHkBWRl4SaHyKRDqpzbWVTuwaIDKbrOZyMun/WdOqyfjhJ8kTy7/bRrvqLJ7CQzkySJwEHyMLO/xrzvgmdCQ+x0BIu5O+F3N8AO8BY4Jz61VTJEL7b43Ny6b9joH1UjV/eMokG78n+53MRlutoFI6ehRTETMIQ4iM3lU8Scp9KGJY+rGXS5fDGBQi7oTyfRTw/0yMDU/2UMNhlO9cJt9hl7o7qMRDzRKcN3GsO4oqhJijpQKsTvOrOqEyCTIC5zUZK6ZQDS9S/7y7Wl9MAadDoHQ==
+reisen.			86400	IN	NSEC	reit. NS DS RRSIG NSEC
+reisen.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . EtTr0ExxHwGuTn+1GgREuM9k9oAGuRawxz7L3Tg5jqaQnUVPjyCj1PV84U85McoIDiHmAadMuQttb7y70NxmVSyDb70W5otpnvKWYEqPSlKuxwc+8UKD6HVU1NAqQkKNlSKMS5s1Pg4qxYTDA+upX8MG+1O98UTd+qAC8k3HKV8eNj3uSqZ/BOjqFjPEvEAGhclrUQP3BhZU45qMk48vJ2SYbsu7keT2GXX8num6tQhxhM/idoH3Wjqw/Hlj3mA39GzERk2YWJprFtLdtpHolTI10Rs7+radgVOUHK3b29nQrgUjUNEs4G+KSKy0iaEkNhurPOyO0NkzHKAQqfIAQg==
+v0n0.nic.reisen.	172800	IN	A	65.22.28.54
+v0n0.nic.reisen.	172800	IN	AAAA	2a01:8840:1e:0:0:0:0:54
+v0n1.nic.reisen.	172800	IN	A	65.22.29.54
+v0n1.nic.reisen.	172800	IN	AAAA	2a01:8840:1f:0:0:0:0:54
+v0n2.nic.reisen.	172800	IN	A	65.22.30.54
+v0n2.nic.reisen.	172800	IN	AAAA	2a01:8840:20:0:0:0:0:54
+v0n3.nic.reisen.	172800	IN	A	161.232.14.54
+v0n3.nic.reisen.	172800	IN	AAAA	2a01:8840:f8:0:0:0:0:54
+v2n0.nic.reisen.	172800	IN	A	65.22.31.54
+v2n0.nic.reisen.	172800	IN	AAAA	2a01:8840:21:0:0:0:0:54
+v2n1.nic.reisen.	172800	IN	A	161.232.15.54
+v2n1.nic.reisen.	172800	IN	AAAA	2a01:8840:f9:0:0:0:0:54
+reit.			172800	IN	NS	a.nic.reit.
+reit.			172800	IN	NS	b.nic.reit.
+reit.			172800	IN	NS	c.nic.reit.
+reit.			172800	IN	NS	d.nic.reit.
+reit.			86400	IN	DS	44512 8 2 661FBDE636973834F5D417D3897DDF8590461DA6F020CFAA4274718DD926C523
+reit.			86400	IN	DS	51490 8 2 4DD84EE5EAF91CBBD8FDDC5AB21382C030860E1FA9BF9D6412D8B4FE5DC9E353
+reit.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . n7tGLjXM/8dWe2dC/gl9CbLu037J7VEBssYjAxAa3p76Lt3AbSGa/Cbfz2fOlsnP3XMYzinRcuJ4JXRZhmMx6oYTbPXKyeofDL4vl2qa+bqmNxHgfAtz5l7bgGqK98kngUYHqxVp6Hp9Ov5EV2p+WemqCgkJTLiB3+b/cAgIGhsZydsxt9vuRqjO4KKZps/APJqQ6Q2vzCkGu7TMUmJdZgua0X58FuHBzVh792MlYm71PUk9vScS3KOWLnVBFSjjAhTV1Q1in/4cEJTKhNQTgUdCDugVci7w+4y/5xfovZGJD8Ge8RcpqQopiL//dLwPrActDQi/KVY+AuQ0NKkvcA==
+reit.			86400	IN	NSEC	reliance. NS DS RRSIG NSEC
+reit.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . ENT+ZkXIMcrJXTWDUpSmOuTncPP46NMmRSMXyZYsQpoCiK3lFn0Gl5Smk8k6A78EDfThUNAahUWJ3R4l2Xvz/0O5PsBHm6kcwAZ7ghrcBUPQueD5XFH0JQtkMqYfoN6Spb6TnymHeZ99KVZIkA4NDF3CNt7HII7JPs/EQThRXjtspURvBnvyJDY8nkacdy/6cr9+5irRYVGkRcELr6FTu60XTgVCqtSpYUx9ouw/xnzyIEbF/60NaEFRvflakRs+sCEb+5q76Ffpgx2J+QZiP4W0AAXoyAo2MTM6FmJuUnCsa/0Q4Ir6Yf0AzDhUwAURWf46NPxPkHOtlXhXllN9YQ==
+a.nic.reit.		172800	IN	A	194.169.218.38
+a.nic.reit.		172800	IN	AAAA	2001:67c:13cc:0:0:0:1:38
+b.nic.reit.		172800	IN	A	185.24.64.38
+b.nic.reit.		172800	IN	AAAA	2a04:2b00:13cc:0:0:0:1:38
+c.nic.reit.		172800	IN	A	212.18.248.38
+c.nic.reit.		172800	IN	AAAA	2a04:2b00:13ee:0:0:0:0:38
+d.nic.reit.		172800	IN	A	212.18.249.38
+d.nic.reit.		172800	IN	AAAA	2a04:2b00:13ff:0:0:0:0:38
+reliance.		172800	IN	NS	a0.nic.reliance.
+reliance.		172800	IN	NS	a2.nic.reliance.
+reliance.		172800	IN	NS	b0.nic.reliance.
+reliance.		172800	IN	NS	c0.nic.reliance.
+reliance.		86400	IN	DS	19927 8 2 DB9D2DCF05506FCB1F593CE8F9B5A0155E68706CB9BDFE7A945074312BC8F896
+reliance.		86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . lyw2ODEn3+kAMOJK1CZsspCM0b4UqMu332WwTtS3BUCVMmoueB2xFyu8fKv1wk1LSh5m1WZMAUjiiCnV7m3VpP7vCViZQZxmYuCju/Bl7r+hZH6OfOuyB1U+0fFC5CuNRFO51oJY66ozwXKgcISY6/0uvCFRBa7jlEC6FhVb5qqX+jN4179C/rp43eAywmNgQP0D3W1Ci3Dw9UUBYzJ2RLIyiogtz14Sbtw3bPcXeo4g5JiNUypp1P8Yr9Sp7+mloXE3kUKsDRlVtvzmPgk5SruR/3UKN4hCvBhMqpiiTmzT62lN1VscuK2elX7Jm26O75eH51v4J6bk+OItncgwHQ==
+reliance.		86400	IN	NSEC	ren. NS DS RRSIG NSEC
+reliance.		86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . wyGOhr4efB2pG7AyJFdYiu0ITRt3yTRrtW7qn+kfthj7jVXLZpKWnaMNg8o+PlDAfi8N8D2rFXZCmGfLr7wwB4Y+GFWy+DCS/xORZhDvcA+1oUa8Te60oyQ9NbYxfu/DKtxOw/OWgT6AOYqCoCGC2/t6I83SUyYLmK/+Vy0yKIvcsxHMwjY3g2e1JigpGxrOn77Ofqh0WT7NVoGceN/H6ShBBEOm/1UnbcyPhLp/z2bl6nqsUYyA/PHxA1e5YaIGBnKno/enZvZf7tuqujNYSNgHTO7QQBWb/n0Z/qWZn9PtLUJ9gdtnJzvxyCK7+d8cSDzbSnuLGUkAZqnj49BjPg==
+a0.nic.reliance.	172800	IN	A	65.22.108.25
+a0.nic.reliance.	172800	IN	AAAA	2a01:8840:6a:0:0:0:0:25
+a2.nic.reliance.	172800	IN	A	65.22.111.25
+a2.nic.reliance.	172800	IN	AAAA	2a01:8840:6d:0:0:0:0:25
+b0.nic.reliance.	172800	IN	A	65.22.109.25
+b0.nic.reliance.	172800	IN	AAAA	2a01:8840:6b:0:0:0:0:25
+c0.nic.reliance.	172800	IN	A	65.22.110.25
+c0.nic.reliance.	172800	IN	AAAA	2a01:8840:6c:0:0:0:0:25
+ren.			172800	IN	NS	a.zdnscloud.com.
+ren.			172800	IN	NS	b.zdnscloud.com.
+ren.			172800	IN	NS	c.zdnscloud.com.
+ren.			172800	IN	NS	d.zdnscloud.com.
+ren.			172800	IN	NS	f.zdnscloud.com.
+ren.			172800	IN	NS	g.zdnscloud.com.
+ren.			172800	IN	NS	i.zdnscloud.com.
+ren.			172800	IN	NS	j.zdnscloud.com.
+ren.			86400	IN	DS	770 8 2 897EA15932FA4407809D32CA7C7DA4B0C0E455316A897970F152109F18CE6CD9
+ren.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . ifOYueOvtFymzYYdbqTO47lSGv/4BRP+vQd8If8OzfiNZoEtzm3hQVmzPqz5HIYQWhrqIZ8rPX2EABniM9AvqkCHVkd33YIUCXL+RGhufsprbtOivIhyAa9w5U58zg78zdeQHybWjHZtp7GcKgjRFePraDBeI3e8660it657B28ArKffxBLJ5k5cZUJcJfUxBqkRv74SJKrzhGd/xK8PkoiJ5A1AAaS1inHpPg+FiCSmnK7iQ6HCfCV4Fe9SCr5TpwiZSic1sTpGWM4148Cdpm/wQ7dyLVwIsPI/73KBdEmBvSbvjSO/aRzsoglwaQoMy9fCbZJp9pMVM+H0b9Ca4A==
+ren.			86400	IN	NSEC	rent. NS DS RRSIG NSEC
+ren.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . Y1PETEBE20cqvZhvbJbLhNCp0eieRZlmoFvF9aWOSIv8KRn5qYP4dS1rtBPDWVGn6wJ8O0DMm6MZTvazD3Rys+0rCKQBc10CLTPKMpWXe7z9QuSWSuPRwj1syuPG1DbRB/FHi4arGGtVyHZNMPrzXxt1U0tbmtMBWa48OaL9CYvZCZsipDve1bpdPvWQCjGDWOpP6EsHfUxq23DmcLOcuDLQG8rvDxDzpjL/rtkbRJXxdERpOIzV56RenbHQ3+ckD4R5PKdEaWjLv8UTrNZUaBV/pntpiVZwNOJCj+EYepGhHW2Of7Z4YBE3l3lVan33rIFl0O+TWX2+TzSZyVfU5w==
+rent.			172800	IN	NS	a.nic.rent.
+rent.			172800	IN	NS	b.nic.rent.
+rent.			172800	IN	NS	c.nic.rent.
+rent.			172800	IN	NS	d.nic.rent.
+rent.			86400	IN	DS	56632 8 1 5A37261D09F9158D95C49030C66337F40E66B6A1
+rent.			86400	IN	DS	56632 8 2 D49A86CDF8411AB763FC46430370A6432392B06E1A6C7F6ABABAD8E1E85B558B
+rent.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . XWFexaP+UfebBxvt8LuVdIkr7T0HfJXHHA+pIbNBlPMIG6MJys8UwJnG/FcyNU4DhNUURBkFW9hujTNVAFPGXRBdpoUpvpViMCIiZaKbYk9B0pMPf8r+63ny6ZmrRJpeyj6uW/XVcwranOJZGTLhpMNYS3Z73jdJ5p5IBmoS4dBBQF4N88x3HedBDw5Hudnn49DTjT8YJyFG9rHVX3lDRZWKUN/nvlOJ3peF4COp3b+noBFYZbb7ynonC++QFEOxxvmYpfmCYDLSZbKwwFzXPiQ0rZ7REzSKFuNYNX4jK1TRVkWHAxpTehPJtWHpKaP2qYzc/hwTJbOsIRmktmywag==
+rent.			86400	IN	NSEC	rentals. NS DS RRSIG NSEC
+rent.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . cgqDhZs9+r1CEwbroKB8PbCXf/W0i32HBnGudryD5fwlp/6+z/cPW/oTHlXQJNOPdTcADbEe0Npzv5ocKnvpapD2htn9wKBbiit5phAqn4c/FkqR5HZT23m8Sf2lx/jXeNCPRzFCNPaDgPetNpYJwkOuKJILLtXtyP+ofjF0hlV2FItc58z+WLYSo2sSC4dYwTw0c9qkmHZysvK4dbq7esFwPUMhcINxlyf1XfzUnG6dwIV04oGhQyR6aRL6No3ocP00tQ4RchwWWFMT9xR638cOzxnvsAafrXJIr34Uv1A5rxwwwZrKqdqB7YZ3n0esPY5i4k33ypcYjk5rohkCSA==
+a.nic.rent.		172800	IN	A	194.169.218.63
+a.nic.rent.		172800	IN	AAAA	2001:67c:13cc:0:0:0:1:63
+b.nic.rent.		172800	IN	A	185.24.64.63
+b.nic.rent.		172800	IN	AAAA	2a04:2b00:13cc:0:0:0:1:63
+c.nic.rent.		172800	IN	A	212.18.248.63
+c.nic.rent.		172800	IN	AAAA	2a04:2b00:13ee:0:0:0:0:63
+d.nic.rent.		172800	IN	A	212.18.249.63
+d.nic.rent.		172800	IN	AAAA	2a04:2b00:13ff:0:0:0:0:63
+rentals.		172800	IN	NS	v0n0.nic.rentals.
+rentals.		172800	IN	NS	v0n1.nic.rentals.
+rentals.		172800	IN	NS	v0n2.nic.rentals.
+rentals.		172800	IN	NS	v0n3.nic.rentals.
+rentals.		172800	IN	NS	v2n0.nic.rentals.
+rentals.		172800	IN	NS	v2n1.nic.rentals.
+rentals.		86400	IN	DS	33616 8 2 348CCA06B6EAA7F81247D1B92C72A18CAB732C243954080D773507739433202E
+rentals.		86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . ded79nctbGuxhYP+gMNwPqrxWZTLYP2V5iYX70p59kQJKVD0pKokXwi3kBfw3fzeUi+qURlkyOEKlcOtt/W5BSPQEQYQzHBgbodvX0EyNKeq76JqUBBQHYMHJiyCdmehI5cq9nJ4v/bdnQZ3ME9DBtG96iXuqAhi7sKN8ckSMsnq9bolWAtRO/i1t5KGitUtROxdT4Yf4i6Ewdql4mX2hvZAw9qFnyIwfqmgFmBupyyK79e3lSYufm/oSC3VyZpAuViLY617fKTpjA5e9HA7tpW8pF6fvEe8fWtBsay8yO1GdXhsGXK2wCEHkzL2Mp2y+qi0UvnPKoeqPCJ/17fRKw==
+rentals.		86400	IN	NSEC	repair. NS DS RRSIG NSEC
+rentals.		86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . sKhQOTARy9Xmv7EB3iHPXByP1fDjAv7tGHA3zO5TuaznUHfnZHLlqXD/wfkvy8axWKUX590iJsgGmFv4P9JKpBDR+CeAUwlTuZ+PUpmPRFm4LY8XNBNUz25dqlKk7di6JPBQFg/iYeH6uHEmwi/L8aA77GiZoInS7YV9zYDoak68nEh/n82xeFATF/Kw+Gj77T2dqmJOwGYibca7PEsNlDnlf6bjKAOlicMx6SzX4jpNKQbNHjWyCLC1AEQ3yPUXGFqn26vr3qKFRz4P5GT5gbQ1gi4vWuzGSIWSNuhOujLNBtqL5jVTGuGpKCdZShsL2B6E4AHvcK7Q4RkzV0V1ow==
+v0n0.nic.rentals.	172800	IN	A	65.22.32.14
+v0n0.nic.rentals.	172800	IN	AAAA	2a01:8840:22:0:0:0:0:14
+v0n1.nic.rentals.	172800	IN	A	65.22.33.14
+v0n1.nic.rentals.	172800	IN	AAAA	2a01:8840:23:0:0:0:0:14
+v0n2.nic.rentals.	172800	IN	A	65.22.34.14
+v0n2.nic.rentals.	172800	IN	AAAA	2a01:8840:24:0:0:0:0:14
+v0n3.nic.rentals.	172800	IN	A	161.232.16.14
+v0n3.nic.rentals.	172800	IN	AAAA	2a01:8840:fa:0:0:0:0:14
+v2n0.nic.rentals.	172800	IN	A	65.22.35.14
+v2n0.nic.rentals.	172800	IN	AAAA	2a01:8840:25:0:0:0:0:14
+v2n1.nic.rentals.	172800	IN	A	161.232.17.14
+v2n1.nic.rentals.	172800	IN	AAAA	2a01:8840:fb:0:0:0:0:14
+repair.			172800	IN	NS	v0n0.nic.repair.
+repair.			172800	IN	NS	v0n1.nic.repair.
+repair.			172800	IN	NS	v0n2.nic.repair.
+repair.			172800	IN	NS	v0n3.nic.repair.
+repair.			172800	IN	NS	v2n0.nic.repair.
+repair.			172800	IN	NS	v2n1.nic.repair.
+repair.			86400	IN	DS	39172 8 2 C1D26541B3CCA74A53DB2B5EABA4AD0A17D7F5D06C824B9A658AD2580FA40B28
+repair.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . ULZouGyilZKk/fnPUd97OqsIR0F4bwy8kI0G7ckWNpNbtEq9DuZeQe9qbry9ZgxmcJ16WM06OzpeP4eCw0axjAaOrSxEBR+HRd6FTDO8lNhro2tlpKMhd3jSPUZUKJ9pQLcsS6m4aCNwDZO+AVusBCkFwwvsEjzipVBUKHLNiS8+c0vyfhn+luAtrY0FtO7DwX3/RNZiWqe7cdit9nZRcs8ePxuCvD4U0rgMGan6x/hknlo3AvPYqA/xtChU6nZ20HzQtI7HPtV7Upag3FFhd/eEXD8BG00jccl54k/mh1qBvzGUvxZeZJ+pdG+GU7s9FtF7JXgFn3TeWdLz8mLevA==
+repair.			86400	IN	NSEC	report. NS DS RRSIG NSEC
+repair.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . S/fv0eZ9pyHXopjBM3cKUo08T2R7RVrf5Y48uFJozFEj8Xw27OIVoDitqXcY7o6+mBzBJjNcF1x5V62zhCbmOr54zncOicUmi+GSPqMqhwWgyaV4uIFv+g5a/P4gxJdG+Q0nbs8neGTtguqDVEFm9oMkdBNTqkGc+z7z+XWjHctBgVy0SBh2DAIoyUoU33X+d82t6g2w02GFRNE6xldchaOS9Zrqh44JTLIcscupi9GXaC8+YbHmGvmqls3XJ3rcQM5g1z8jYKlly8GSpdxe5eeE96+UJASMFi8dfELzFonlD2+IcScXcOmRt4cqaJQb2qLSWoBdbSFQeHkXmP8K8A==
+v0n0.nic.repair.	172800	IN	A	65.22.32.18
+v0n0.nic.repair.	172800	IN	AAAA	2a01:8840:22:0:0:0:0:18
+v0n1.nic.repair.	172800	IN	A	65.22.33.18
+v0n1.nic.repair.	172800	IN	AAAA	2a01:8840:23:0:0:0:0:18
+v0n2.nic.repair.	172800	IN	A	65.22.34.18
+v0n2.nic.repair.	172800	IN	AAAA	2a01:8840:24:0:0:0:0:18
+v0n3.nic.repair.	172800	IN	A	161.232.16.18
+v0n3.nic.repair.	172800	IN	AAAA	2a01:8840:fa:0:0:0:0:18
+v2n0.nic.repair.	172800	IN	A	65.22.35.18
+v2n0.nic.repair.	172800	IN	AAAA	2a01:8840:25:0:0:0:0:18
+v2n1.nic.repair.	172800	IN	A	161.232.17.18
+v2n1.nic.repair.	172800	IN	AAAA	2a01:8840:fb:0:0:0:0:18
+report.			172800	IN	NS	v0n0.nic.report.
+report.			172800	IN	NS	v0n1.nic.report.
+report.			172800	IN	NS	v0n2.nic.report.
+report.			172800	IN	NS	v0n3.nic.report.
+report.			172800	IN	NS	v2n0.nic.report.
+report.			172800	IN	NS	v2n1.nic.report.
+report.			86400	IN	DS	23221 8 2 4FF9DE3B32F0735045D53641DEEB17597DE3638B7EF3AA33616D4F52C6AA6B51
+report.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . jdzB4TIwVGoLHxvTziDbpvzgdyOB9zvGDxxhkLxW1qV6R5OHP2GnHKQVrw2Z5D33fCP89mXkoRfFjeLFu2rnVrbDPaN/EZl4eSQOTemP+FnNkuhgXita0y1GGBRkFXJA3a71quH7SCkxN1XP4AVUQDLH7lvMBT8zwgZBJt2zsDu+ch6f1Rj/+8YCNzjeZCwTpfsYn9w73Y86FtXu0L1xajx6TS/npUsdrbTIrNmIb5rxyOJTPJRczRrO0AeAbL24UtAlGKJVfJdtm7A9UFLsoq6GK1xUc8hV0UhZr5YppsbihMw5R7Zo3WRmod/ZB/rqk6M31e3TCYp01D+NQUOgTg==
+report.			86400	IN	NSEC	republican. NS DS RRSIG NSEC
+report.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . wt55TzRF0y/ncad8CJ+bNGeq3GvyNvSxVkkUq0mwSlQiqAE6mzpPQzMS7ypP90QC1JA1LJgnSVKv0KfV1mwpazJHQi5BLOGqjXcg71jci06I2rCGi+9gSG9cNJJ4QMZbh4bheYkH/UL7zIEXRf+KUU4lhljWM7Tsf809TesakVYvYdmVz3amsLDqATFjE7oDvVFoUJuctoPV8G/QcNkQAT/5x3nFoEAwDzZeJtPjbDnftWAduclyLqmoOdECWxiSfFG+PZ3GKRIz5lWMzD0FirO0OqNFW14l6ElT/SEs79tqINAm9HnGOSk7So26UZ0pKu58rApRSFJzI504NASrZg==
+v0n0.nic.report.	172800	IN	A	65.22.28.18
+v0n0.nic.report.	172800	IN	AAAA	2a01:8840:1e:0:0:0:0:18
+v0n1.nic.report.	172800	IN	A	65.22.29.18
+v0n1.nic.report.	172800	IN	AAAA	2a01:8840:1f:0:0:0:0:18
+v0n2.nic.report.	172800	IN	A	65.22.30.18
+v0n2.nic.report.	172800	IN	AAAA	2a01:8840:20:0:0:0:0:18
+v0n3.nic.report.	172800	IN	A	161.232.14.18
+v0n3.nic.report.	172800	IN	AAAA	2a01:8840:f8:0:0:0:0:18
+v2n0.nic.report.	172800	IN	A	65.22.31.18
+v2n0.nic.report.	172800	IN	AAAA	2a01:8840:21:0:0:0:0:18
+v2n1.nic.report.	172800	IN	A	161.232.15.18
+v2n1.nic.report.	172800	IN	AAAA	2a01:8840:f9:0:0:0:0:18
+republican.		172800	IN	NS	v0n0.nic.republican.
+republican.		172800	IN	NS	v0n1.nic.republican.
+republican.		172800	IN	NS	v0n2.nic.republican.
+republican.		172800	IN	NS	v0n3.nic.republican.
+republican.		172800	IN	NS	v2n0.nic.republican.
+republican.		172800	IN	NS	v2n1.nic.republican.
+republican.		86400	IN	DS	53482 8 2 9F97CC9C78C5D96051F4689120777EAAB356675883B2573D4D2EF769B33DFE34
+republican.		86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . U4uBZLLvSiaEBpLBqc0SMNGJ5sMY5Uvc1SzQOzyEjAfV+vmhzu0cl6zGLhmnf/UhdOJ+25Pa64xBknmTBjSbHwkFXSAuQ9Xq5sad1DyddpCzGZo7s7UkoZH4PK6MCSMwLaXa7SSHwvipJpTUJuc/m5FSYLQv61LPx+PyeE6uNf4V0cVQ8xbYcyufs/R0Ja5rOGWN73FjsFHDQ4W3X/+R3cTajZDFg5TErOl0v8z1JUceL4/278NwjynCU2ci9Kg0x9/DZKSYfCyqZIcoqOgCsYgs2nZJ0mMaHNC20pTdFpeOOJVfpb64IUScOSfSwKRDbBGcrLRTx9CyKCDE41Cr+w==
+republican.		86400	IN	NSEC	rest. NS DS RRSIG NSEC
+republican.		86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . 1AjBUAzbw3C9nBNSq/Viy3ANXoxo9dxXPu5ObJl+hl1n5CJg4EJXFVarCk6haqJ3Oe9dsiqgYpHzcO98PgZBnd0/fACkMu7tniipkoOrDuLQtQ8/swnZpOtl4ySYZ0lSggIXULqnBO4GNrNwCJMWSFON7yU0ExxrbXT/NSTURK89H4ET/kbNTR3VmTB0N/eK8dWm0wmbTs3UVihWkF8ON0gYf5+zaBho5aXmVknXHIEynVIAnEWzRBiWoQz1SuH3rbDYU19AezxJbHHppGSOlQiG2sDFhFpIzhjPOzMCD4F8kLKSWu/Z2CKKGduQhTvSYv+lOvlK7LzGxfMf3nxYww==
+v0n0.nic.republican.	172800	IN	A	65.22.20.32
+v0n0.nic.republican.	172800	IN	AAAA	2a01:8840:16:0:0:0:0:32
+v0n1.nic.republican.	172800	IN	A	65.22.21.32
+v0n1.nic.republican.	172800	IN	AAAA	2a01:8840:17:0:0:0:0:32
+v0n2.nic.republican.	172800	IN	A	65.22.22.32
+v0n2.nic.republican.	172800	IN	AAAA	2a01:8840:18:0:0:0:0:32
+v0n3.nic.republican.	172800	IN	A	161.232.10.32
+v0n3.nic.republican.	172800	IN	AAAA	2a01:8840:f4:0:0:0:0:32
+v2n0.nic.republican.	172800	IN	A	65.22.23.32
+v2n0.nic.republican.	172800	IN	AAAA	2a01:8840:19:0:0:0:0:32
+v2n1.nic.republican.	172800	IN	A	161.232.11.32
+v2n1.nic.republican.	172800	IN	AAAA	2a01:8840:f5:0:0:0:0:32
+rest.			172800	IN	NS	a.nic.rest.
+rest.			172800	IN	NS	b.nic.rest.
+rest.			172800	IN	NS	c.nic.rest.
+rest.			172800	IN	NS	d.nic.rest.
+rest.			86400	IN	DS	25199 8 1 C43AF7DEC8B165D6C8B832BCB984C2407EF5ED8D
+rest.			86400	IN	DS	25199 8 2 8F477474F47C387D246B6849202CA0C54C4D5A50D322C79718A98100314D08B7
+rest.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . l4a3/AcXT+64mcktBf2sq8qS4r2LSlqrw312Xj6w/0caCtP09o/NDTUT/zxueB2OvBXVxX2d+RjGj/mgn6mYciAVNsIbyLm9c2BwcL4yTSFmF2lpUSK8VOI78zLlcY8h+bK6Z8OMgKznN0T1iYvTfeg0ghnTBXS+RZN9Q6KjSR576uVPhRZz9PErrI2y9Lq1LwgxnvVq2BSvZxSFirFNFbU3AlfXlNhjWNcycfWskvTEMAJ3lEKsVfXXuMfBow6zlNifn5XO0m6ewwTqjDzWUnszVLWZR0yLXsgOsX3wQx8nZLrXDKCPcgqeFhHT5KBGQqzdeMLsvYnzNK+/H9l2Qg==
+rest.			86400	IN	NSEC	restaurant. NS DS RRSIG NSEC
+rest.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . GkcmAJnzzwOTkT9I+OBQ2DxGO4Va1db5veLoilADXcFhxq5l8JkKbmI0UbXsE4miFHxAtFG1k8Pe5XmEyYXO1YQgz93tjFIKHZrZzRNiuj4872K/fe+fSbu87QpvwwmK6eJnkGrFe0wblWKux6TFR9YqGeT17ORc/8GNX6icaciiqGPpv4+bmUnJuLjv7wYspoOjtsiZBi2sRVhex4DFbDOAzyjoJgq/bSIzKUBhU4lAdaS0mYj4zi0127SMEXqgKmNCf9+dCdkXTNkSBCL/rqdwzK5Ji92GeKsjp9O4nnWgv7GGqbGJzawDtxtIwyBPawRd4ZwqqMzk+/su53eB1g==
+a.nic.rest.		172800	IN	A	194.169.218.35
+a.nic.rest.		172800	IN	AAAA	2001:67c:13cc:0:0:0:1:35
+b.nic.rest.		172800	IN	A	185.24.64.35
+b.nic.rest.		172800	IN	AAAA	2a04:2b00:13cc:0:0:0:1:35
+c.nic.rest.		172800	IN	A	212.18.248.35
+c.nic.rest.		172800	IN	AAAA	2a04:2b00:13ee:0:0:0:0:35
+d.nic.rest.		172800	IN	A	212.18.249.35
+d.nic.rest.		172800	IN	AAAA	2a04:2b00:13ff:0:0:0:0:35
+restaurant.		172800	IN	NS	v0n0.nic.restaurant.
+restaurant.		172800	IN	NS	v0n1.nic.restaurant.
+restaurant.		172800	IN	NS	v0n2.nic.restaurant.
+restaurant.		172800	IN	NS	v0n3.nic.restaurant.
+restaurant.		172800	IN	NS	v2n0.nic.restaurant.
+restaurant.		172800	IN	NS	v2n1.nic.restaurant.
+restaurant.		86400	IN	DS	62200 8 2 A9093436978DB7D5EE302879F0BF8D7A84E0A2C0AA132784F92D97D0D4E15992
+restaurant.		86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . oGUHHIU1g/Gtl4/c4ZRzbnxtU4T71RXkeu7JE57fbipqWfYxAtDCE3WI4/GbJF3xxGc70gUlGvx9lltfug4WpOcmtvTobz/BDhPda0xygQdQyxJ8R2Xgoj/+B2mCuz618cDOs99BZ9nTWU7F8+zjuuouIRyAw3OgS4zYBvC6fQmDiIj0CMMl9i73RooTy0iuuy42Y+y8O8n04GQS//GU8/91HqBhgV0wUmm0TRIumA/gatmtP9Eqmyy4baY9o832PhD2WNlmKIm0SnQfmOJsq3V/TkAw3oEdMMQ055ovpu8dZk7cDri3rHduaDYlXIdi/QbrY/aKX6mSD1Bugl+iBQ==
+restaurant.		86400	IN	NSEC	review. NS DS RRSIG NSEC
+restaurant.		86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . A5lb+q3KTB0QXdaBBQEr9zxSHfTZGikzLq5RGwiRM44Z0jmVUOZUh4n5MsHJ2o1N8NNx7QNzRjAydj0ixvTlpGzk3glO1fsLKAfiMotGbFEN6ZBeziMCwjSVYgy2el3plRGyLtwlVYJUKHPFM2TtoEfFI7aj0bybBmyi1HrR+LQilddius06jDv2eSPWqVXUIRI8n63dhK6W4QKRR3MP5CEClFTQIZMsrqMNmpEKKeaQC0/5iRZTWksDDUVwyyZeUqj8q4+139uii+AFWQUt7QaiQe3qKCr45XblsPtGxcYhT6OjRi1mixcewjxbynkkBLQ0pNtytBG81gClf5Q2GA==
+v0n0.nic.restaurant.	172800	IN	A	65.22.28.49
+v0n0.nic.restaurant.	172800	IN	AAAA	2a01:8840:1e:0:0:0:0:49
+v0n1.nic.restaurant.	172800	IN	A	65.22.29.49
+v0n1.nic.restaurant.	172800	IN	AAAA	2a01:8840:1f:0:0:0:0:49
+v0n2.nic.restaurant.	172800	IN	A	65.22.30.49
+v0n2.nic.restaurant.	172800	IN	AAAA	2a01:8840:20:0:0:0:0:49
+v0n3.nic.restaurant.	172800	IN	A	161.232.14.49
+v0n3.nic.restaurant.	172800	IN	AAAA	2a01:8840:f8:0:0:0:0:49
+v2n0.nic.restaurant.	172800	IN	A	65.22.31.49
+v2n0.nic.restaurant.	172800	IN	AAAA	2a01:8840:21:0:0:0:0:49
+v2n1.nic.restaurant.	172800	IN	A	161.232.15.49
+v2n1.nic.restaurant.	172800	IN	AAAA	2a01:8840:f9:0:0:0:0:49
+review.			172800	IN	NS	a.nic.review.
+review.			172800	IN	NS	b.nic.review.
+review.			172800	IN	NS	c.nic.review.
+review.			172800	IN	NS	ns1.dns.nic.review.
+review.			172800	IN	NS	ns2.dns.nic.review.
+review.			172800	IN	NS	ns3.dns.nic.review.
+review.			86400	IN	DS	27040 8 2 3A9D7B6CF7A12550C281A6FFC5B376B7C93972D8B7607D2C726BBD351D4803D5
+review.			86400	IN	DS	55054 8 2 93642D0425C1357DBB5F42BE8CFEF153324B22D81EE82CEF8034541D360EBB52
+review.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . FLfgY6VhV8hFcG9YBGKDeRwMIyYQC2uAAwfXrz4Xp3YhNuc1GEZBmdJKTTfJD9gsS7U4X75P/PDc9vvXQP9mxCnrgcECLGRVmfuKWSQ7ie5LoICQKJFtDKUz8caXk5JkXmHGWAnzu6Nxz5zOp3a+1gY5I9iNddXcj9lImJroPFhD0L4xNXBe24i5WreysHhLaIUCsLYqHaOC5aL0OVq45z6IUJL2ebCA1C11kLdwuofmVSO7HNkHtB1doolDONUey9Fkt3nJBtPpjjoPxnmSAwyQQNUK97TdODm6tZtruMZPRrVSaoscApnpQ024eXOJ08pVO4GPs0uvDsSu0aS79Q==
+review.			86400	IN	NSEC	reviews. NS DS RRSIG NSEC
+review.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . KXpnyfkzIDyWEP0e7oPiP4BpzIL2b9OjYvb4jMnsjEIgJUnbDjgTX5v6tvPK7wi71Waq6Duz7m2MsrdfyQs6MTqmAswn8ntJZB063eMenRNV4A952FdNX56BlgE4r9EM3h+sOVER6JhgYKoeE/A4n4rtpO6vY9L0LIVvjYVUdypjM842iMoI4Sm1KUUz40DhGaH1e/o3eHnwR36sI11kDN2FW2Nj6ZoH8ccchvUNHzHpyuc2t0VflsI278la59zj12w3xnNQS/LFKy/4bm1m8pYQGPCkMN8XDB59vB9u4y4fFyNHAIKGWWkdRu9vwNUbyoDt00/D1xOUiEsBMPgcRg==
+a.nic.review.		172800	IN	A	37.209.192.10
+a.nic.review.		172800	IN	AAAA	2001:dcd:1:0:0:0:0:10
+b.nic.review.		172800	IN	A	37.209.194.10
+b.nic.review.		172800	IN	AAAA	2001:dcd:2:0:0:0:0:10
+c.nic.review.		172800	IN	A	37.209.196.10
+c.nic.review.		172800	IN	AAAA	2001:dcd:3:0:0:0:0:10
+ns1.dns.nic.review.	172800	IN	A	156.154.169.35
+ns1.dns.nic.review.	172800	IN	AAAA	2610:a1:1071:0:0:0:1:23
+ns2.dns.nic.review.	172800	IN	A	156.154.170.35
+ns2.dns.nic.review.	172800	IN	AAAA	2610:a1:1072:0:0:0:1:23
+ns3.dns.nic.review.	172800	IN	A	156.154.171.35
+ns3.dns.nic.review.	172800	IN	AAAA	2610:a1:1073:0:0:0:1:23
+reviews.		172800	IN	NS	v0n0.nic.reviews.
+reviews.		172800	IN	NS	v0n1.nic.reviews.
+reviews.		172800	IN	NS	v0n2.nic.reviews.
+reviews.		172800	IN	NS	v0n3.nic.reviews.
+reviews.		172800	IN	NS	v2n0.nic.reviews.
+reviews.		172800	IN	NS	v2n1.nic.reviews.
+reviews.		86400	IN	DS	38191 8 2 5DAFA6AA4E5BB71394FF2F91B4423EF5A1C7BA598E359F7AFCC8DF8C6F68957C
+reviews.		86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . Bkib9quksAKzyi7tuB5NR95tdcgLiRA61JG/D/KrDLlsrTMqmYIlTB+odFdWjN0dDDI/dZuftFNQuSR0deLTAAiyhWve0vM+imlkCwXuTDIiQPQXo0ofcVfADWhNybIM5yhnRhdyPkKXqBpxD2X2c35P/lZMRsr8fAQiRQI5iuXJbc22uw+wODZWavYq+B14qGr2kwQTjxNe5QRdjNY2q8NruWDRZ/0RcEtAW7GjKfxLz51ZJN0AEBs6qt1tkN28LMm87ycKc1z1ogb6vZfIKyZit5Q7n0s0qbYrYL5IXmAZqAeJ7fDOYFNkJGhFgexqWsSbZFXtBL3n/7t6nXMe8A==
+reviews.		86400	IN	NSEC	rexroth. NS DS RRSIG NSEC
+reviews.		86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . jfHdnX6FeF5oUdMzIBwDQf41b4EV/VMytxSLgAkwgCXei3lz6sz5uQsYOQtjWaHQU4UOwB8RgvOxZ1rb66zKJttd1dzkI7X1883J92OH7Hsp+OvEloNJ+f/qmHnpZWa6PyuOiP7sJxgyi7XbeTmiZB0t1vbccr+1kFpqqN+EwohYa9JB4ZmQ+cI8ZpMlp7lcooBuKjY/GkvA7n+LhWCSYkIfcRPiRZm4wNQLkgNuRXawjEYNMGTLJvTWYTSSawZAioFRDZm7dLTiTEzbL70yBfat2uLMg1cih+ypIjdOkSz30/I7mI7YHFLs1DrR5ULL7Uy7LGZhtGbduL2TwNTfhg==
+v0n0.nic.reviews.	172800	IN	A	65.22.32.12
+v0n0.nic.reviews.	172800	IN	AAAA	2a01:8840:22:0:0:0:0:12
+v0n1.nic.reviews.	172800	IN	A	65.22.33.12
+v0n1.nic.reviews.	172800	IN	AAAA	2a01:8840:23:0:0:0:0:12
+v0n2.nic.reviews.	172800	IN	A	65.22.34.12
+v0n2.nic.reviews.	172800	IN	AAAA	2a01:8840:24:0:0:0:0:12
+v0n3.nic.reviews.	172800	IN	A	161.232.16.12
+v0n3.nic.reviews.	172800	IN	AAAA	2a01:8840:fa:0:0:0:0:12
+v2n0.nic.reviews.	172800	IN	A	65.22.35.12
+v2n0.nic.reviews.	172800	IN	AAAA	2a01:8840:25:0:0:0:0:12
+v2n1.nic.reviews.	172800	IN	A	161.232.17.12
+v2n1.nic.reviews.	172800	IN	AAAA	2a01:8840:fb:0:0:0:0:12
+rexroth.		172800	IN	NS	a0.nic.rexroth.
+rexroth.		172800	IN	NS	a2.nic.rexroth.
+rexroth.		172800	IN	NS	b0.nic.rexroth.
+rexroth.		172800	IN	NS	c0.nic.rexroth.
+rexroth.		86400	IN	DS	13240 8 2 3FDB1D716CC4D502C89094EB8B0F44056E6BDEBEFDFDBA79632C5DC606238E70
+rexroth.		86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . aUWQqHjLyYYOSLBEpHNFoa9QAgGDRBYeI70u4YrY+aHF830V0Lw+NH5N3hPzo1F+Y1zk50vE4rKarJWSWaoGyb7z1fcz+okid4e2TIWlO5Fq8qb1Hoab//ggBc0KUPtytPqvEaabvabkri4xp2qvBNQe/BNeg/KCaczbj3VU2hof9QYMpcV5Dr8CZilSN8QlQi79ST7Hd4u3kDuhl+dRnv91NNcLoMb/Ic7Wc4ihHTKIgt4hO/XrRgOLAMYEh/qaO+i0Os1A07igC0EHiEmoZm4TSiF//nvtWxAgBZrR9/LI/Nsze5d3bJmAcUMUCnAXIZipBrZ/PML8+2EzmCQCIA==
+rexroth.		86400	IN	NSEC	rich. NS DS RRSIG NSEC
+rexroth.		86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . sNoMahb0nU3Wh2zRAk05DUpmQp/yIaKRLfMBAODLFU3BtsZ8VvLFomTIvMe/m6I9h6ujHL14MCIIgc2inPxSQiNiFiAejnI+RwM+W/7ybKU4Iza366KoNg633ZAHp1t5yzYO3fNYknXlHdi6cslJPjcelIxCDvaa9NYM2tYvsMuWilhKpXNE1ZVh/w1LJugHTlju2dGh7fS+IOLwGtV2Y1j9506CEZ6+c9obb/cnGGVo0E2brRA+QD6SY4FRSFsB642pndc2Lj+mi0Mkcke8Z8YOpYwA1/5WO1Bgwnn/HSE/J6FcHCu5gZaJLf3tt79R+r26j0jFXAr/x+k6grbkTg==
+a0.nic.rexroth.		172800	IN	A	65.22.112.65
+a0.nic.rexroth.		172800	IN	AAAA	2a01:8840:6e:0:0:0:0:65
+a2.nic.rexroth.		172800	IN	A	65.22.115.65
+a2.nic.rexroth.		172800	IN	AAAA	2a01:8840:71:0:0:0:0:65
+b0.nic.rexroth.		172800	IN	A	65.22.113.65
+b0.nic.rexroth.		172800	IN	AAAA	2a01:8840:6f:0:0:0:0:65
+c0.nic.rexroth.		172800	IN	A	65.22.114.65
+c0.nic.rexroth.		172800	IN	AAAA	2a01:8840:70:0:0:0:0:65
+rich.			172800	IN	NS	a0.nic.rich.
+rich.			172800	IN	NS	a2.nic.rich.
+rich.			172800	IN	NS	b0.nic.rich.
+rich.			172800	IN	NS	c0.nic.rich.
+rich.			86400	IN	DS	12391 8 2 AA344ED8E0615FF242EC66EDEA4160269D0EC1D36437965A8D1D1ABA6A4D97D8
+rich.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . QzseeGFNWpLIFKPCV5JXUcKFgkEB9OFh+9E0U14A8OGqKbCgBTlZ1ykYqjp2b9LsSTWVAKd1q5caAyffHTXJEU4csjs39Yh/3xLCgTtjLAvdUZOxZrCh0RHV6cERe/saljyymntax88y+XavtGaH2tpPQ43jQN8yg79rbIQOvZXyfzBGy902kUEQGe3JvTJyfiGUlqMxKGetvr5jyy8P47l43yAHtv5ueGTwmYtfAWKIzekZ9/ADdIJYk0HjNXTGjogn6bDJSmEcCpLcqOnIRf/Dwjh6OIlJ6WTpakHJkShOkFKunm1Q1yzc8YNpBqrWrKa2MRQu+mZwHHVQDs2R7A==
+rich.			86400	IN	NSEC	richardli. NS DS RRSIG NSEC
+rich.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . VsKNpyuPX4hq/08nebjN3PFwEQESBZn1Vl63iq15Ls46JtHAQMdmLQROlSMZMRAb9UGczXrAuWtShJs9fUKj0Fmq4hO4lMRKWPbdFPk0t49RNeMS2lRmy8c9mJy3VvZgxMaDhIdA0d7oIWhDkBvJ3LUcxu0Wzp6TgrDig3O4MUz7rUmCPYbfE/5Nppu7a/3GOs4XATbu3ZbOz+hUXEINZyHGgi4qN6DHVBhC2Awy+3S061ZPI6wzbNdzTC8sJdhsy3yM9gzuzV3tOsUWNFsCjyCoWDSIAX/WyRoQZhhiNDIkw20YPeNKAK4C4yQiWPeE6idg/KLxOW53SyIT4/ZcqQ==
+a0.nic.rich.		172800	IN	A	65.22.136.17
+a0.nic.rich.		172800	IN	AAAA	2a01:8840:86:0:0:0:0:17
+a2.nic.rich.		172800	IN	A	65.22.139.17
+a2.nic.rich.		172800	IN	AAAA	2a01:8840:89:0:0:0:0:17
+b0.nic.rich.		172800	IN	A	65.22.137.17
+b0.nic.rich.		172800	IN	AAAA	2a01:8840:87:0:0:0:0:17
+c0.nic.rich.		172800	IN	A	65.22.138.17
+c0.nic.rich.		172800	IN	AAAA	2a01:8840:88:0:0:0:0:17
+richardli.		172800	IN	NS	a0.nic.richardli.
+richardli.		172800	IN	NS	a2.nic.richardli.
+richardli.		172800	IN	NS	b0.nic.richardli.
+richardli.		172800	IN	NS	c0.nic.richardli.
+richardli.		86400	IN	DS	41074 8 2 FF2E8B0F81588F0266003EB8AC2D8617607069C425DDE1BB7734FCC4F93C8D88
+richardli.		86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . UYKTQubFHpOGD6zkEsDJ1+d0oDeIeLGekJVnxWHdMG3eZo7wM4EhEQRFilyupIscmcw4cENndTrh7ljzZucawZX3Lxi4EzgujsWoh3nlUpFT4ywRfj2PAi+ic+UUGXnDgN1MLKE0D3lR2mwgf3/mqR39QP0QkWmyrHxwxjrrmdEJ39blLJNSeczQXPEEEsIeT4jME9lxwBRWw7yHgJ8HDZPKQICnaesIm5X1NBcpvlYCbCvJD2f+YEfo4LMblAwHPB9dUjG9/l2wwz/XKED593s0s09St57VdtXJXtZgUs6GpvoDq2l7FTGiz/2yHlCRpi7CcA6iOxyj38lZllmi5Q==
+richardli.		86400	IN	NSEC	ricoh. NS DS RRSIG NSEC
+richardli.		86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . yxGVWorxpMIew4kcU4xye76c5ZcmUbwKGT02zLjyXQavQRey/IuWgf0h9eFc+3C4as0YuHsxbhxXwico22rffsRmE6Bkyg7OkHyejgH59o+oNS32q4ytExl1CqlR73uUXEqznKoDpujETMf2ga1ScAwT+vRkVyqcnm0gCSEkfFcNOUvvUrNigw2IOFxuLZXP+F9mzf/q0pBXPmFEpSw1RmgRtU2EKinjI1uv/LmyIH+uzUAlIBPmFjsMZWs0SboYdW9qUurHvxPNXAObrdOcz/xGF48yphnCbcsym7lI8zViN/Hsqq76wK6xuMQxo2RO4Qb5Mq5J8dkEGQdM8hlU1Q==
+a0.nic.richardli.	172800	IN	A	65.22.136.33
+a0.nic.richardli.	172800	IN	AAAA	2a01:8840:86:0:0:0:0:33
+a2.nic.richardli.	172800	IN	A	65.22.139.33
+a2.nic.richardli.	172800	IN	AAAA	2a01:8840:89:0:0:0:0:33
+b0.nic.richardli.	172800	IN	A	65.22.137.33
+b0.nic.richardli.	172800	IN	AAAA	2a01:8840:87:0:0:0:0:33
+c0.nic.richardli.	172800	IN	A	65.22.138.33
+c0.nic.richardli.	172800	IN	AAAA	2a01:8840:88:0:0:0:0:33
+ricoh.			172800	IN	NS	a.gmoregistry.net.
+ricoh.			172800	IN	NS	b.gmoregistry.net.
+ricoh.			172800	IN	NS	k.gmoregistry.net.
+ricoh.			172800	IN	NS	l.gmoregistry.net.
+ricoh.			86400	IN	DS	7006 8 2 60FF4CE45E722BC253D21348E4B285A44C77C60F75BFE704B033685BDDD4F63D
+ricoh.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . tIgm0qdq2AlOI3YDJ0v1vRHwily+n04fmTwUg5ehuQK62BkCDjb5ujeAsXMH3Y4xasDQcv3zVeQM1p1+gtWw3zhCDWGk5i6yFP81cYRJZKTPNzHE2/U38Fo957hUFq2C4cDYLPHU8lxNnsrfCv8723I8zTmOUb8nSXSrjP446kKHao0PE9123Z+vNlY2eQi2M4XyWO6cR1b1jbtqjfKDbvpHH741+QSTb5xgIP1Vnhs8XQBz5zEmD/zE7htsFGUyjzsjNWj03MXIPAtEQiNlk82O8rxdspeBiRc1qmdfv16Qme3aMWQ9iATAfX2Ueuy4y43UsRpdac4qyxUuOoY6qw==
+ricoh.			86400	IN	NSEC	ril. NS DS RRSIG NSEC
+ricoh.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . gNyllL0gbPCetzsX2TuLR7uAw48SXAgg0xXMbYuK+Ms1RLVSTYwUCVjlvwAxv8kH5nzQ21bhP94WkOHJXZM7U0o17rcDK6ggDHoKJ2J7XEGKRFiASbDzLc5/lO8A2+ZQMU8VRdsAavIf1sbY3aceVoMrYTc/5cY+t2621s1lGz3bUCGd+xqx/B7LY/z3G4ZOFsgGdY5y1i634vKK5MMCHbbmE058RQx2WjkRAgqBvbQav2KoK4HoqJR3UFNzsuMkn2yWGMX0xbBa3Pn2zAg5VwPBY3K7R7LIgoTizXv6G9EUi7gZzKJQMXzzC8ZfwGMv0q8MKvI/pEu8osILKwce/Q==
+ril.			172800	IN	NS	a0.nic.ril.
+ril.			172800	IN	NS	a2.nic.ril.
+ril.			172800	IN	NS	b0.nic.ril.
+ril.			172800	IN	NS	c0.nic.ril.
+ril.			86400	IN	DS	19549 8 2 AEBD50284035552652975D96493C1394E8C652C43AC366F019B0FED4CE3B5ABF
+ril.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . vsx+w2K9GBH3AO25Q/zHjBRCmYhfeqV4mVHYfD4g/8gobxAKzW+YAROprVZ+OjsSE9FlbssWLLD/g/+vQzsjscTmJQK8LQQ0zgQMgYUfLlmB6TvGflq5QDerpm9vHOxUlO/ONYHrgA+AU5jsAfPmJKPqK/oWLEt5BxLyoSbw0LoMM4defbGjigHwzXK5b22k5OLs2pV9+TqSICCb030eLKgllaclx2+c8ZQRQUt5ObeCJmj9ZB23zItTUTlmwjHc3Bzt2Bi5L3onnjNl5NLiC19jGOPHNtMGU2hVxQkyukO0RXsad2qCrrV0b0ILEMrRXc8tk2yZQ5RmKBsbh9Gubw==
+ril.			86400	IN	NSEC	rio. NS DS RRSIG NSEC
+ril.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . sVO3dnA5kwxVtP6K8PPaGFKV6ynuCIw9NS6up8Hvxgyn026ZwZ1AJFe3nGWo2xKnmM8UVQ+nInMRrQtF3+bClKsdXUEN3u5NwW0IJyR3CqcsOdfca1DJ6rsWOQnu0FYUQwVScq0XLAPy0uNgfKrq08+njUUTHfy+6PX6u87u9MuPp8Uk3DyZAPU1lVfI8LMzm+V3jOXAdJp528sP01YFz2VPoODq7XkhxUEmFywkg301ZuvAsTYSz6C7qifLYMSCSoEkb8lLkcDMyrUnu0NEhsbnv2U+h5tQbvkO9cSITvWqwGQoEH3CM43RlA8G5uLT/ZjIxiNB3IIFklWGxJC5jw==
+a0.nic.ril.		172800	IN	A	65.22.180.17
+a0.nic.ril.		172800	IN	AAAA	2a01:8840:ae:0:0:0:0:17
+a2.nic.ril.		172800	IN	A	65.22.183.17
+a2.nic.ril.		172800	IN	AAAA	2a01:8840:b1:0:0:0:0:17
+b0.nic.ril.		172800	IN	A	65.22.181.17
+b0.nic.ril.		172800	IN	AAAA	2a01:8840:af:0:0:0:0:17
+c0.nic.ril.		172800	IN	A	65.22.182.17
+c0.nic.ril.		172800	IN	AAAA	2a01:8840:b0:0:0:0:0:17
+rio.			172800	IN	NS	a.dns.br.
+rio.			172800	IN	NS	b.dns.br.
+rio.			172800	IN	NS	c.dns.br.
+rio.			172800	IN	NS	d.dns.br.
+rio.			172800	IN	NS	e.dns.br.
+rio.			172800	IN	NS	f.dns.br.
+rio.			86400	IN	DS	2471 13 2 452F6BD5CB271080AAD2425FB762A32D0880D6C706F16ED4D0C8797342A91A80
+rio.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . R/DXIHJBKS5zoKSINTdKk6iHXPnmH95e5jurSetG1N2tffDvekD3xs5kGLXlIxDFFk8oi8Tm5IFogY3utlRHWFqAErcb7N3Peo02nbPZJT0eltmTYWVCYaUMZlFA/tZXNDxJT3ew7Y+7Gpskb39GZidLDuqWu8JQvcmVXpSiMgHJPRhDfSjRi+V0CYPuaC4Ar3MBy4n4xgCjasYOJD/Zg8wwzEkZoiwRx425YXyiZ+UUOp+qZGzIUlYMIZoK6AKp/hT2Mj+krbP8Uhs/xRiBkeb6t0nJ0+48BOoi3mihmKEk8wvabD/3pEenNR5hoZOrqtI3quJBVNIZ8FtMBOZDLg==
+rio.			86400	IN	NSEC	rip. NS DS RRSIG NSEC
+rio.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . TjuEZuETdkhx2uI4yA3BBUS0pUSLRuuOuXgsXmWEiS+D2p2/EQlJU6hSaQPtkybp/8uDS4+gBfz3crxpzfSv1E1En2j0Lu+FQbE72wgKFpdCfJYW9OjrFMKpQ8F8fAO8bFTeFCmOIEU2AYs1HmFo6uqaPlHZnGilV2HE6dMQnevMf30ga2Tuc1BdgJW4nxpnN9FHXVpetVj3c6+XP0pJCrQlO6UAhB2GBAcikhwzY7wlzq6KdcqjoNBEC/IzdBicyXvI7PxTht/dCsX9ym6t9WcHzuDRBdw++4YU7UvdoL2P+qFQzHaK1SJ6VxO/3R/xR2UGTE4Ty1RMnPDK5H7qeA==
+rip.			172800	IN	NS	v0n0.nic.rip.
+rip.			172800	IN	NS	v0n1.nic.rip.
+rip.			172800	IN	NS	v0n2.nic.rip.
+rip.			172800	IN	NS	v0n3.nic.rip.
+rip.			172800	IN	NS	v2n0.nic.rip.
+rip.			172800	IN	NS	v2n1.nic.rip.
+rip.			86400	IN	DS	64594 8 2 E5771475FCAB4C6DF4608BE0EDE2EFD5CFBCFA1405CA0B121C57557B959A40BD
+rip.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . AJROYacsrkeOJm4jkQW5v5gkwZZ2ugUatC041gOH0v0jWI3gGI/JXzIWkNxK0ecSqVd9GHDbHSW/WliCldKMX9cYGkaJXZzvw0Fl6qsJETIqp9l1WZvHwU5FMRjOXFLZB2NhRhzGCZDTCg0HCLZwXTAGZvX1YOvRtE5u9+6sfkbJcIZCrWL6fg8/NTrKna+qX//uXJG7w9gewymMA2X/b+VWUwXkUdSo86yFMmXV7dJuVuAWaU0b39hAjMrnI6DoQrdULDiBIqA+EZim6GIZ5YiFD2HFu9gZPERbHsyOSOsQ/gtGXADpjr0FfbOK++mQe4ZOJ3L6jZZGmKWAhPbToQ==
+rip.			86400	IN	NSEC	ro. NS DS RRSIG NSEC
+rip.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . ispQA77uAVRefCGwTlFLR7kwOL6rJzaa8FPJEV+u/BICChTFN922jgpDuPB3Oc42aOeB8qyFpWGou37ZbQQTJaauRn+mktz5kgPaNGRgjNlKFicGYfv32AqjVfoDs8ohs2hWWgYoSzcZpagbdcDSr5vWjhguub9RCQEc5XZ4wt6WuI2uIfUMyN3+yfEO3tBrHpoDMS6DiVxHx4ezAAEAjIJm4j/tdbKep+S+oc4EauhwSp/NyJMihFxz3RDuOIPNB3pZk6Tww1Qoi8mOMn6+qT8m3tgnrKRd1kObDvI5nEQSjc0WneH3+0PuA9rqkeE5KsC0itciOK+A8kFRQqL03w==
+v0n0.nic.rip.		172800	IN	A	65.22.32.22
+v0n0.nic.rip.		172800	IN	AAAA	2a01:8840:22:0:0:0:0:22
+v0n1.nic.rip.		172800	IN	A	65.22.33.22
+v0n1.nic.rip.		172800	IN	AAAA	2a01:8840:23:0:0:0:0:22
+v0n2.nic.rip.		172800	IN	A	65.22.34.22
+v0n2.nic.rip.		172800	IN	AAAA	2a01:8840:24:0:0:0:0:22
+v0n3.nic.rip.		172800	IN	A	161.232.16.22
+v0n3.nic.rip.		172800	IN	AAAA	2a01:8840:fa:0:0:0:0:22
+v2n0.nic.rip.		172800	IN	A	65.22.35.22
+v2n0.nic.rip.		172800	IN	AAAA	2a01:8840:25:0:0:0:0:22
+v2n1.nic.rip.		172800	IN	A	161.232.17.22
+v2n1.nic.rip.		172800	IN	AAAA	2a01:8840:fb:0:0:0:0:22
+ro.			172800	IN	NS	dns-c.rotld.ro.
+ro.			172800	IN	NS	dns-at.rotld.ro.
+ro.			172800	IN	NS	dns-ro.denic.de.
+ro.			172800	IN	NS	primary.rotld.ro.
+ro.			172800	IN	NS	sec-dns-a.rotld.ro.
+ro.			172800	IN	NS	sec-dns-b.rotld.ro.
+ro.			86400	IN	DS	9784 8 2 0A8ED773F6BBF8C5D2F687C26A9A904C76DE41DB74F329501E23F206C9C3B078
+ro.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . W+7imBwab8JzlDThig+khj57Npn2U7P1B3yt83ebuhUejRxShNnck/q1sDUV8osEF2Pv/ZcFoVy3+fq2/Q2neQ2ofctCKUTX6sRfBIEk0fvjqz+ai68W3nvCKJrm+h8RTi+F5VYTGTEkVVEkTHuOlX/kdyQl3ghHfXjO82A20D7D14NQafnnIUCk/ickj8cX6S+q7Vp60VcO/URM63+q0Jk554yFSxtZC7ElbbGFnG8mOKCmHvlSJWQpV4Hw63LbTGKBG7UqXCSjaNKt3I3LJWWhNa6L/LSUANpfqfhMQrYMgwmLTaZ2up7KVRR34xSwwoqRk1otEF0KRGUb4afCeQ==
+ro.			86400	IN	NSEC	rocks. NS DS RRSIG NSEC
+ro.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . LDx6X7vo/F20yUH7SdenVe8hoqXzU9tOcWY+qdKTcrByDAHzDuKeM7Krin3VyVh2u8cl2VkqrbonmLvZBLdpyYNCvfRHJf0E93oP8OqIfwXm1LvvLC7fdQfBEwdv+tl/GmCo1SPNnCaNyVfDoDqPDDr2WZ7q4qp4D+E979YTd/RWs1dRBiyt6LmXeoUVDqsw2YKlyPDDcgaWn8vElJ8CrpJwCjPB3cAahPk4aYmrgjaIqYsKGsqRW4tXMpdM9Vy/p8+1Di7xRIRrpts5a3jsT2hmxInyGDBSfd85gQOXO1xU7J0kquyYtWF2xgfJakyt1GPPhlbk6soYvQBAMjl3MQ==
+dns-at.rotld.ro.	172800	IN	A	78.104.145.6
+dns-at.rotld.ro.	172800	IN	AAAA	2001:628:453:bb:0:0:0:6
+dns-c.rotld.ro.		172800	IN	A	194.0.11.113
+dns-c.rotld.ro.		172800	IN	AAAA	2001:678:e:113:0:0:0:53
+primary.rotld.ro.	172800	IN	A	192.162.16.18
+primary.rotld.ro.	172800	IN	AAAA	2a03:5e80:0:4:192:162:16:18
+sec-dns-a.rotld.ro.	172800	IN	A	192.162.16.20
+sec-dns-a.rotld.ro.	172800	IN	AAAA	2a03:5e80:0:4:192:162:16:20
+sec-dns-b.rotld.ro.	172800	IN	A	193.230.31.230
+sec-dns-b.rotld.ro.	172800	IN	AAAA	2a03:5e80:0:5:193:230:31:230
+rocks.			172800	IN	NS	v0n0.nic.rocks.
+rocks.			172800	IN	NS	v0n1.nic.rocks.
+rocks.			172800	IN	NS	v0n2.nic.rocks.
+rocks.			172800	IN	NS	v0n3.nic.rocks.
+rocks.			172800	IN	NS	v2n0.nic.rocks.
+rocks.			172800	IN	NS	v2n1.nic.rocks.
+rocks.			86400	IN	DS	55882 8 2 BDA2ED5E9099D2E358529C190D03290D396B85FC2A41259C734FB816BC7D5ED6
+rocks.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . ND3vQ4TwnWYJpdSauW1sWMqK/STr2qyXyIAg5SmPXb6lytR4shFT9Sr8UwUQml1uw8ZdI0g47oA1DeKw65Y5qGPGOvO8AAa37PgmUNsRnXh2ge1PkNDRPOvR2hP9cSArfiDEtrepZ3XshAKm64iQaoDVotBlndlxz2sy5hrQ2YSqc1hHr8eYx38P80K7wNiKwEH02OSU9ZLFUwZGdogTiUouuSYnNhZRMIcyEePkWeCtdSCSJIzZPXM9FlqTt4lrelx4d2VqFXPdWH8DNw8d4aanau1LQCAuxGUYkeAyP6V+leHtxye52tvoL88UaEjipNpnJXB+CAZxhJJgnOP5Pw==
+rocks.			86400	IN	NSEC	rodeo. NS DS RRSIG NSEC
+rocks.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . Fyd75fboD+9SAeq5DfW8QM4pDPpIgPv/joQYqRdcORtdeyNX+halF3QL51JHMGYG5RjxnV+yOh9GeWsFCPdin/EkEGpjiAp2w3EsJtqy5j5hlcLk6kFf7UtG90Jv2LGJ8RCcSXA7kZ1ZhcEnEyBmj5OCyp0ZoWpPmvfuGJqlsq8T6TVwWNyRRQfacuF+ccOwdIKSBlgNoUf+3pnBV+8boQWYCHHnHnVk9XkhCZXC5ZRzr+tBb6eNvmD4iXlPdNp/E2xcSoV8lTQ3rkkeL9Dv+sqf/RgvG4YkXouJlYuyLygLoeu5w9XSnIM14EIz7ialPdQ+l9V5gda6tApGaB9shA==
+v0n0.nic.rocks.		172800	IN	A	65.22.32.35
+v0n0.nic.rocks.		172800	IN	AAAA	2a01:8840:22:0:0:0:0:35
+v0n1.nic.rocks.		172800	IN	A	65.22.33.35
+v0n1.nic.rocks.		172800	IN	AAAA	2a01:8840:23:0:0:0:0:35
+v0n2.nic.rocks.		172800	IN	A	65.22.34.35
+v0n2.nic.rocks.		172800	IN	AAAA	2a01:8840:24:0:0:0:0:35
+v0n3.nic.rocks.		172800	IN	A	161.232.16.35
+v0n3.nic.rocks.		172800	IN	AAAA	2a01:8840:fa:0:0:0:0:35
+v2n0.nic.rocks.		172800	IN	A	65.22.35.35
+v2n0.nic.rocks.		172800	IN	AAAA	2a01:8840:25:0:0:0:0:35
+v2n1.nic.rocks.		172800	IN	A	161.232.17.35
+v2n1.nic.rocks.		172800	IN	AAAA	2a01:8840:fb:0:0:0:0:35
+rodeo.			172800	IN	NS	a.nic.rodeo.
+rodeo.			172800	IN	NS	b.nic.rodeo.
+rodeo.			172800	IN	NS	c.nic.rodeo.
+rodeo.			172800	IN	NS	x.nic.rodeo.
+rodeo.			172800	IN	NS	y.nic.rodeo.
+rodeo.			172800	IN	NS	z.nic.rodeo.
+rodeo.			86400	IN	DS	16639 8 2 75B8726A0F8B07D958FF6E8EF2EB31AD19650920865EBA6382171422B3BFCDC0
+rodeo.			86400	IN	DS	28669 8 2 BEEFB4208ACEE98D66CF5BF93DD9841AC55EFA98B003CFE13FF4201E3F8EC300
+rodeo.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . BD8Tc68ILRVmRdQdl1yTOodTQaPvk2LcXHF5aN9ElI12+aiPplBpH8iuhePyvXL8lXF0IG3i8Pwg55qzQFTK/QCeYkp2I9OPgAI12xxH0FQ9D/TWJtr/lufRZYBuG/jpN2RNfodoKAZ1ZpHnzJDH12FdoU5MzXYnya2WyjOV6C0Aj2AG39H5fCkLcGmaReJ6GRPfe1b6AI6J+JhgUTultMiorQ2geVFbHV1FFfqlMM6nc5bcOBuum1N3O2LqwchVANRe8lobCXHhG6brmRPwOEeLrbo1IejVeLJNy3mfJfKOzA3fydU3nRKoxEu6Ne3RW6nsMKLzmeocWMUa95vwGw==
+rodeo.			86400	IN	NSEC	rogers. NS DS RRSIG NSEC
+rodeo.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . j2gm3KYF9WFM+BmouYKub4hgvW4enJz+tQCOh8M9c/E1JsJPg4hLR52URGLf3ttWjqbcPo10JL/dN++AhVFNkK3FYStdiBdE0n56MY+8AfMjzp5o9DeEB69kxec24Bx9Rre9SGezWBX63DGtH0p7Nnccv2YXeaWaRK+NzQyDvTjC9l0VXW5Z2SpqbrR/PbeSrx1ldaZvyDclWyLxjHb2YHKdhgtBg36euyWWyVSIuWcW7ooU6WGzu0UbaYZAGFu+zIaNrZko5tbfnl6zGiKGP2bQB+pR/TqbTMFff5muRQkmUzeBfNVenV88378jRuShfh6fcD59o42/Gj7QUd/siQ==
+a.nic.rodeo.		172800	IN	A	37.209.192.10
+a.nic.rodeo.		172800	IN	AAAA	2001:dcd:1:0:0:0:0:10
+b.nic.rodeo.		172800	IN	A	37.209.194.10
+b.nic.rodeo.		172800	IN	AAAA	2001:dcd:2:0:0:0:0:10
+c.nic.rodeo.		172800	IN	A	37.209.196.10
+c.nic.rodeo.		172800	IN	AAAA	2001:dcd:3:0:0:0:0:10
+x.nic.rodeo.		172800	IN	A	156.154.172.82
+x.nic.rodeo.		172800	IN	AAAA	2610:a1:1074:0:0:0:1:82
+y.nic.rodeo.		172800	IN	A	156.154.173.82
+y.nic.rodeo.		172800	IN	AAAA	2610:a1:1075:0:0:0:1:82
+z.nic.rodeo.		172800	IN	A	156.154.174.82
+z.nic.rodeo.		172800	IN	AAAA	2610:a1:1076:0:0:0:1:82
+rogers.			172800	IN	NS	a0.nic.rogers.
+rogers.			172800	IN	NS	a2.nic.rogers.
+rogers.			172800	IN	NS	b0.nic.rogers.
+rogers.			172800	IN	NS	c0.nic.rogers.
+rogers.			86400	IN	DS	46654 8 2 36DCB391639DBEF1612BFFC2103E2CE37D3167BBA29AA713FAE7CEB540F6EB71
+rogers.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . iCCRZ2Szv3KwTTxof4pO9Snj4rj733WAv7O0VAha9UKW/tLg3I22bLxxxkCBvj/exNp9DS/kvmxKfuEvI7LkHvIEpxfmEig1R7EXm7DljBjW4+sZWUVvmAVM7tsDwHjB4dOrY0yTs2UoZIjhmQlKCyHKfGYQXIR9DxCG2hQFUoix5xR020K3bvPCdUyRTjp8ZSBFOwUMyBszItDVpYnB7xtqu+JgkqBcJo3Ynjfy0skbn2CvaVI8f/q+IShxFa4MDGl0Lc3CPQSW4rfjZl25wd3Wj+CNoC6NMzYTtVgkZAtww68I6Mb/MO3OHTDDd0QvTfsSpaxjUIYazX9dVTb4Sg==
+rogers.			86400	IN	NSEC	room. NS DS RRSIG NSEC
+rogers.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . gQKFEd/LK7jCVz2xRbvQxcn+LLWkm3y6MiRFC6NoQyoKGWMZx17XrBE6LxjDCIHZtVKMO/oCU8TDDXah30GE8W9rPKItGA2Orzj2s6aJ8YYEps46uNRQnC2+eaExshD/uEwVekJFMB4ZjKjcRY7dpIiYGRXuiBtEMzS9JpdawRI65ZrLAhGbVeNLByxVC5H0A4sqkH9B2bPeW6RRm+HLiTXRGje1yG7a037b79dWEYPIwUqQlswqrOQMPd+wtfh/nuPpM3l9EvFVq6Dr7qnp5eZBuUVxo9cq1dgm/DA+S5Pt2rYdDr79A3XCigpF5nd/+TV3zOTkdTLFWSUpYVFOLQ==
+a0.nic.rogers.		172800	IN	A	65.22.108.33
+a0.nic.rogers.		172800	IN	AAAA	2a01:8840:6a:0:0:0:0:33
+a2.nic.rogers.		172800	IN	A	65.22.111.33
+a2.nic.rogers.		172800	IN	AAAA	2a01:8840:6d:0:0:0:0:33
+b0.nic.rogers.		172800	IN	A	65.22.109.33
+b0.nic.rogers.		172800	IN	AAAA	2a01:8840:6b:0:0:0:0:33
+c0.nic.rogers.		172800	IN	A	65.22.110.33
+c0.nic.rogers.		172800	IN	AAAA	2a01:8840:6c:0:0:0:0:33
+room.			172800	IN	NS	dns1.nic.room.
+room.			172800	IN	NS	dns2.nic.room.
+room.			172800	IN	NS	dns3.nic.room.
+room.			172800	IN	NS	dns4.nic.room.
+room.			172800	IN	NS	dnsa.nic.room.
+room.			172800	IN	NS	dnsb.nic.room.
+room.			172800	IN	NS	dnsc.nic.room.
+room.			172800	IN	NS	dnsd.nic.room.
+room.			86400	IN	DS	3599 8 2 060634B06ADEFFA11A3A1A3E0A24F1D94EA80D6D5E47E96A7C80466DE361DD7C
+room.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . qTYpvxjMhcn/Yb5SdCmWwDK7yy7MF9aWo+abCUulQFraUsnqHSvP3LA2ks23lFkAsyNTYivoiyA53zNCGjbKL5RFwUXO5PFzPNXxehLe6e+Ri8uPCmAl24PmWGO0xXQlTmWBTwOITQqGMolMD29WDLPwFEBUOeeJ0BajP7R8g++LiNtz1dPOdNdvkmg4IpO01kVKQwoWkqzmve85xunbGQ75M5Gc0ik2fDh6UVt/wYE+H+zaST7g2JmRSmLXlorKrRKAiA7AKiKOUTSl6CfXWvud6/c5MooJYXRmqbta/FHdmanmNiGZhYtjIsfQlWfprFUQTawhc2xwUUvLMTlxxA==
+room.			86400	IN	NSEC	rs. NS DS RRSIG NSEC
+room.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . odIlk7AUZ3Z3EI/37FnbPWALH7OGAKFEdKXbXlHpP/FsIypVV5H4XvvCqzKN/bLbXNqrMVyYFxcAzeEdwvETEAF3fg4DkLMlrOlGj9NDsqypKO0beP2VbrodJEI4+nR8fUQ9wTYB2YMHeNla1of9QJj+BtyCGQzP0Rw0bk3jU+iEMwRrVsf9h69S0lu7gSkuwYYn5NG+yUH4cCplMfHIWSilCi0fhcfDAfUrHrW4e3R1e2FQE1S3JxEuH47g94hqw6oi9pc8MSULlKFJAFiA37n5DGwpag4pxeKHxo7kuNswKbHNHeR5MtcPEUMZcIsBYCUa1sIQeX9iWZwA/z1/NA==
+dns1.nic.room.		172800	IN	A	213.248.218.77
+dns1.nic.room.		172800	IN	AAAA	2a01:618:402:0:0:0:0:77
+dns2.nic.room.		172800	IN	A	103.49.82.77
+dns2.nic.room.		172800	IN	AAAA	2401:fd80:402:0:0:0:0:77
+dns3.nic.room.		172800	IN	A	213.248.222.77
+dns3.nic.room.		172800	IN	AAAA	2a01:618:406:0:0:0:0:77
+dns4.nic.room.		172800	IN	A	43.230.50.77
+dns4.nic.room.		172800	IN	AAAA	2401:fd80:406:0:0:0:0:77
+dnsa.nic.room.		172800	IN	A	156.154.100.3
+dnsa.nic.room.		172800	IN	AAAA	2001:502:ad09:0:0:0:0:3
+dnsb.nic.room.		172800	IN	A	156.154.101.3
+dnsb.nic.room.		172800	IN	AAAA	2001:502:2eda:0:0:0:0:3
+dnsc.nic.room.		172800	IN	A	156.154.102.3
+dnsc.nic.room.		172800	IN	AAAA	2610:a1:1009:0:0:0:0:3
+dnsd.nic.room.		172800	IN	A	156.154.103.3
+dnsd.nic.room.		172800	IN	AAAA	2610:a1:1010:0:0:0:0:3
+rs.			172800	IN	NS	a.nic.rs.
+rs.			172800	IN	NS	b.nic.rs.
+rs.			172800	IN	NS	f.nic.rs.
+rs.			172800	IN	NS	g.nic.rs.
+rs.			172800	IN	NS	h.nic.rs.
+rs.			172800	IN	NS	l.nic.rs.
+rs.			86400	IN	DS	57382 13 2 9ACA8316C4CE272097297CF5700E8A66E00AD0C83C4165BFCC90659438DC1794
+rs.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . d5kUT9aZdmNmy0StR75yqnniSer680pNNHPYYobSSfzgkwNY1LDITYnESmOeMQsEglNoe4iC1zCagkGfVZiN6iPIj+ND9yST+GE6lkip69JsiuVDwxfGU63bXKsOH01pVtHkTaUNeqgRnHG8qMtmu6jql+Whz0XZIFuex89Mc5Ca/aFaLUIjpcCDmhUbi92j4hPChDb+/+2ZRJmEFrTU/8M90lSCz+RcSIZtBA5kIWE4K5v2Uiy1o6Lc/XVt27Jr3TQNDLM4AqKef7MnoGvIte+znfcWGr+903Qphm9l9EoMWfmBOO6KGhPnmX2i6hbHokp2CZp0sib7D1UnF+saZA==
+rs.			86400	IN	NSEC	rsvp. NS DS RRSIG NSEC
+rs.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . PHzU68fRI0gwqojzolk0dSSTuMZMg08O5s+9OzC2OMU2X0+K41ptsV3zQBNepEEbq4TrmiM8mDmHs0No6KOB9iNjBaHE39GqaDbwdH06pdowtqgAm5FYlvKqZTGKeFgexJ0cXMV9ilNpMLJbp4eFMiiJBUKXCvaP/E0Gm21VL4lvWfg2vaA0OEVzRBdMpTQmvAahTsydgZUm2jPh0gPMKqASLHikiEKUwpd298R/62GfVvXjGyJQNFUThF4/N6CZKudHOZ1sY0ZYbcXf91+xQZIFTAdKRQwM224E6UIj4wKj7nbgqpZebomDcHsNMiWrMYOms9XRl67D0WParnS7Ew==
+a.nic.rs.		172800	IN	A	91.199.17.59
+a.nic.rs.		172800	IN	AAAA	2001:67c:69c:0:0:0:0:59
+b.nic.rs.		172800	IN	A	195.178.32.2
+b.nic.rs.		172800	IN	AAAA	2a00:e90:0:3:0:0:0:3
+f.nic.rs.		172800	IN	A	204.61.216.32
+f.nic.rs.		172800	IN	AAAA	2001:500:14:6032:ad:0:0:1
+g.nic.rs.		172800	IN	A	147.91.8.6
+h.nic.rs.		172800	IN	A	91.199.17.60
+h.nic.rs.		172800	IN	AAAA	2001:67c:69c:0:0:0:0:60
+l.nic.rs.		172800	IN	A	194.146.106.114
+l.nic.rs.		172800	IN	AAAA	2001:67c:1010:29:0:0:0:53
+rsvp.			172800	IN	NS	ns-tld1.charlestonroadregistry.com.
+rsvp.			172800	IN	NS	ns-tld2.charlestonroadregistry.com.
+rsvp.			172800	IN	NS	ns-tld3.charlestonroadregistry.com.
+rsvp.			172800	IN	NS	ns-tld4.charlestonroadregistry.com.
+rsvp.			172800	IN	NS	ns-tld5.charlestonroadregistry.com.
+rsvp.			86400	IN	DS	7067 8 2 A34484076595033B18742005866B79F5C56FECEC5A667494E3B179621B44EE4A
+rsvp.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . cVB/CG9+/Ks3szigR5GiMyu/MW2Sdqv8t1UKIETZjiAxx2Fm/GKV15Esl9UsFyjBOhvHJYZmOgXxbpHlw0R5njVAVCSs1ECBMK/lncwCO3A5YIXD9hf+mKaqRbQ6ST4MOEIkSrRqPKY/kkY5ZyOyrMoiTa/0pW8WiJXbZnQVfYsetKpnY228+LkOwx+r1Q5Jn1kc5RUQGDgE7ZcZen54FSEQhFjzrd1biU/mcqA9hR7Tir5JhSmaVrMBdHfPIOmPhMRMh25rYAUBFrswEyxtkKGPXyPQDofy7ZiEcyBqnfLroylJGkWBE3RVJqaIwq48D4jo5ZO2ses0MrXlI+5MlA==
+rsvp.			86400	IN	NSEC	ru. NS DS RRSIG NSEC
+rsvp.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . AvxFk9somhUbB8uhfsyxfKisRlAI4Nzhtir/i3St006IUmMhuK79WE1jSSLIsARIRxFvCpHYVtuTCOiHsPMaP3Ne8WumEdy545OWDVFOurNHpMxbsGKoSOCcRpxENLmDms7VzmCfbhb7XL6xKze8/CYzTGoLCVaVikdZAPua9hZwPceBJyRHqhEyk8oYdMkQVY7S9u4Az9FqLuWTmo1fu+hKoDRURayQ4T3cplNyG99xPAqlabVM9P897PyHIrlhV1zEcednRKofPlYtJerFVUEBSaCSzee7A6zx29zUXevN/+m18GUD+Pc3lN55QIJ+zbV/jiSLYVSAgmLWugGP5A==
+ru.			172800	IN	NS	a.dns.ripn.net.
+ru.			172800	IN	NS	b.dns.ripn.net.
+ru.			172800	IN	NS	d.dns.ripn.net.
+ru.			172800	IN	NS	e.dns.ripn.net.
+ru.			172800	IN	NS	f.dns.ripn.net.
+ru.			86400	IN	DS	18274 8 2 AB35D17D3F39EB42CEE14C6273247938D33EEEAA9F5CAA70B3858DBF4BD3E87B
+ru.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . yFukzL4in7MR4F5y1FK+fOpgSd2zYlExUDIJRlaNUOVHwESQ9hGsRU3ERe4vHN48OFW6bqzPMf6vqZ8wlcRzzD6vThy2Mae1bnUIBLTSHpLtwUFFWbHwoP9a+0unMTkmje+2K/BEMA0/E9YXxdc7Maa79vElgDcEq9HezxKdJgGv4VBg6kn210GGfxFiuYFovuUUOevD/XxxT6mY7RDhpE8SIDlccobYBX3kQs1ruIwdC4TfCzdjPGdc9hWxczMc0weRwY7olAcvTcPEgq23AK4+3+WmWHeh6SS/hAbiO3HV1z5xIuqQNd+Lc+zP4LuxN1iedOHIUdNSyAkt7aEhhg==
+ru.			86400	IN	NSEC	rugby. NS DS RRSIG NSEC
+ru.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . m+AVwNc+d/B9OfXFd5KrAmpy27Yvr/lTUHNoLwcuoUhF8pygzb9UmF+NhFu8xII9PIV6XGSE1RaKPLdKg5uUvMQ0/u/eS7KFE2KEhl+sn4dEBCw1mOLZJwceBx2DKXiV9HPruqNF2938XM/mxNz82mo9GZudipOmMecQkhOjXZvCyst6ksgXGx8Z6DlsvqEAPOqjzPXALXKUQz5sRcJsqO6vZVWvVWmyypGhqXes6gEox6jSCXYKbk5u6oYvmFLvo8zm1pxW8QXGMaVD1RA3MLGDWOmVeQBdqJsXIqUUr4eAWRcCWnHtjM+WeaIo7yddridNeKbLUg4Oe4khstZl+g==
+a.dns.flexireg.ru.	172800	IN	A	31.177.70.1
+a.dns.flexireg.ru.	172800	IN	AAAA	2a02:2090:6800:0:0:0:0:1
+rugby.			172800	IN	NS	a.nic.rugby.
+rugby.			172800	IN	NS	b.nic.rugby.
+rugby.			172800	IN	NS	c.nic.rugby.
+rugby.			172800	IN	NS	x.nic.rugby.
+rugby.			172800	IN	NS	y.nic.rugby.
+rugby.			172800	IN	NS	z.nic.rugby.
+rugby.			86400	IN	DS	30334 8 2 AB547A2F87369F8141BC75216586A4BA1E1D9ED416660AA5D46A8C243061E53D
+rugby.			86400	IN	DS	62356 8 2 DF8506247C16FF7EE32EB239208B60960639AF729379A13C135C52D606E8520D
+rugby.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . gQpA2iThQEje8GgVP0bu4IY/kntLQjhg4fhsD45TkrN3zPj7Z6+4zIyXcDLYlTwYLlaC+U67W1Lo2NZcbdKTbW7l4xmGR8nUihxj6LjyfUM+1RcquNwxqVO3O9gZXMCOdkVwJ7516XCW0KcPAUP4vhj0jooRGjE/1WSNsVqw+wQCFtcLsmxA/xSa5tn77shA1B+8bkcXoVg1j8f9Nad+A76AU/RHqWUO+LnHxyDa02+GaRHdXXcuaIdbgIk0mBxhapathojCOGO5S1C7Ft+zjfe7DC/G+Hp0L6pk1qvRr3PY3/EwQWM/zGJ8xq1R00fkkGaUMKfcbFag1c6p1G1gHQ==
+rugby.			86400	IN	NSEC	ruhr. NS DS RRSIG NSEC
+rugby.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . AyxRVg/Qsl+sgURiC+S0iUFj5pIv+5cdgVFe+R+L/QbNygNV0isO0N0n0eRuI4xQ8UDX8rLghqCkkkiKexiBkSE3D9hV4P53Zev92Z1y6KcZVJwXKl0sIWd1SY9uHZ7oqz4NH6OhMPN0euSIbjEXEvUOUFXVT+Gt41APhFdhyly6xuNVK8pNkdPWvVxitZ5tezWRlOufl3w2vEHApzFepRNQ2sDB2YBlsMmRMSEeuVkAEy9U8iukKpP0o9OZV+fqdfM3bduMA187yTrl2cVeOkafcBIE8E8ubZpssnCWkkOCzFbK+qKFsf5wGVPiMjeiLYoZI6yDulUC6gwNpljVKw==
+a.nic.rugby.		172800	IN	A	37.209.192.10
+a.nic.rugby.		172800	IN	AAAA	2001:dcd:1:0:0:0:0:10
+b.nic.rugby.		172800	IN	A	37.209.194.10
+b.nic.rugby.		172800	IN	AAAA	2001:dcd:2:0:0:0:0:10
+c.nic.rugby.		172800	IN	A	37.209.196.10
+c.nic.rugby.		172800	IN	AAAA	2001:dcd:3:0:0:0:0:10
+x.nic.rugby.		172800	IN	A	156.154.172.82
+x.nic.rugby.		172800	IN	AAAA	2610:a1:1074:0:0:0:1:82
+y.nic.rugby.		172800	IN	A	156.154.173.82
+y.nic.rugby.		172800	IN	AAAA	2610:a1:1075:0:0:0:1:82
+z.nic.rugby.		172800	IN	A	156.154.174.82
+z.nic.rugby.		172800	IN	AAAA	2610:a1:1076:0:0:0:1:82
+ruhr.			172800	IN	NS	a.nic.ruhr.
+ruhr.			172800	IN	NS	b.nic.ruhr.
+ruhr.			172800	IN	NS	c.nic.ruhr.
+ruhr.			172800	IN	NS	d.nic.ruhr.
+ruhr.			86400	IN	DS	40422 10 2 74FB0B871ADF46AAB5D49A1EB3B8B0B7DDA42C023DD045EC0282B6187B3B4CF7
+ruhr.			86400	IN	DS	46252 10 2 3DB9DB25D3B8E13FBCB4EBA53F61C7CE156831DCE66D4A19747D17F8AB278FDB
+ruhr.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . P3ypCFdzwpLPOMvZ82FTZvh+y22Vi4J8VffaAq/yva3xKdQywuyCJdcyVHWxHxuq59/Fncl8+WyibZXEYqHanE5xyiR9ZNOKpYKu2XxcfuYQk/2OlulXiv4VPm15JyVHZJcufSbu6v90axueq2JQQLSOhm8XdT4Pr1XPN29C/PVqCrSMv0CB/tR4Ehvv2UPhQATLnzl+Th0v7bKmWaJyJPDzJcpGmqasQoajwiO9I4bA/cO3mkZ/5M+l+i5tRc9XX3HSLf1FaWxSJ0lmWObn6OaqYF12OvXyoqE+QQsCPm5MgryNlTZJxyf3isaICzw2rsGOuC5yjzsnrvz4YxrTKQ==
+ruhr.			86400	IN	NSEC	run. NS DS RRSIG NSEC
+ruhr.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . cJmdIx3lAB0ctBlnMbCubRf943zlbg6ADPXnGbL8F5GQ6V1qzGKFdyWXKUKvDkm0RImbwdu8a53luLBCYQ4NJoIMvhPrU4w7MX4H41ljCaa3RASoetmh5bfTOeRh6DIdrTzX86qm2nYjUjJsZv5V0qX/NJlcJWnNXxrzVSTfen1VUDJSEuKRd002wRNk32u+JzH936SzDSXWAkiqxu6QDQ38vVXDzd4JW/vCKu8VMD5O9wujb4rqPkoWCLpGkSUWUC+S5sfgTq5d2H4PdRnDE53ZAVY+2QmtM1H7SX8cFCc9flY3lT+QiL1/S8x6D083pr6w0UDjVLsdK8WK2yasCA==
+a.nic.ruhr.		172800	IN	A	194.169.218.155
+a.nic.ruhr.		172800	IN	AAAA	2001:67c:13cc:0:0:0:1:155
+b.nic.ruhr.		172800	IN	A	185.24.64.155
+b.nic.ruhr.		172800	IN	AAAA	2a04:2b00:13cc:0:0:0:1:155
+c.nic.ruhr.		172800	IN	A	212.18.248.155
+c.nic.ruhr.		172800	IN	AAAA	2a04:2b00:13ee:0:0:0:0:155
+d.nic.ruhr.		172800	IN	A	212.18.249.155
+d.nic.ruhr.		172800	IN	AAAA	2a04:2b00:13ff:0:0:0:0:155
+run.			172800	IN	NS	v0n0.nic.run.
+run.			172800	IN	NS	v0n1.nic.run.
+run.			172800	IN	NS	v0n2.nic.run.
+run.			172800	IN	NS	v0n3.nic.run.
+run.			172800	IN	NS	v2n0.nic.run.
+run.			172800	IN	NS	v2n1.nic.run.
+run.			86400	IN	DS	37315 8 2 FB85B407411A748F93E2393FDC4123C2FD6F15D2B8841091D83DFF1364726A37
+run.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . Z+zNEuFEykdJ9+T7GKW8HXB6wsoV0FQLG9UQ0bhjsB7FZIQijtvJOsonULTkmHHz7DmLCaNfEE0oY0Ve4RBHQWnAoUQKCPZcXnClldFTkN9IjrNH2dZGBGGFNfS3mzSKy+7TSjDBopFfy3g6XL6u2o4Jb+9XJcDMGnJR9FQ8IW7STRk6jYCWj4k4OcWMX1c1LCiftDmU2cDqN9JVREk5AmN/P9eXVIxOkpTh8hSN5ZcbHclaEuJtbVe7xGcl4kg8WUDQvmvFS2jEGo8kGrxKHpVkxf2H1U/8LhWWguQBzWjC6a7r4a/PVJUAqgirXlXmmSNMHNOLHOCELS1o8SaU5Q==
+run.			86400	IN	NSEC	rw. NS DS RRSIG NSEC
+run.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . BRHC70CiZn7qI8fK/SBrhAG3rOodlfO7bNlmEi+PwbkzPuP9PBf7x898G9Vnq2EtXfmDaVqNfM9/Ax06LN5zIS6p7rR2aTe4DH9rxa3m6zhUruPXjy2DfMFyZZnRW2DrGu1kBG2vLNUA4RK1KBiJcYX7pRQJ4dUWr8A/Hbbc/7ZUYnj4EhnZpFOtDc94oqpXgOG7mEl2Joy21ixYLVvOP19bZkaAQjfBhaZQxLp5QTCoExFNbndAzN3gzcFyjVpCIxmWK4XNXL1NAg4ed64rPIdPu9bENZAzM+Puky+y6iJLNl/IiUb2mTBp5AfYmqfhjMWdnqEQHIGID7vy2Cqrgg==
+v0n0.nic.run.		172800	IN	A	65.22.32.40
+v0n0.nic.run.		172800	IN	AAAA	2a01:8840:22:0:0:0:0:40
+v0n1.nic.run.		172800	IN	A	65.22.33.40
+v0n1.nic.run.		172800	IN	AAAA	2a01:8840:23:0:0:0:0:40
+v0n2.nic.run.		172800	IN	A	65.22.34.40
+v0n2.nic.run.		172800	IN	AAAA	2a01:8840:24:0:0:0:0:40
+v0n3.nic.run.		172800	IN	A	161.232.16.40
+v0n3.nic.run.		172800	IN	AAAA	2a01:8840:fa:0:0:0:0:40
+v2n0.nic.run.		172800	IN	A	65.22.35.40
+v2n0.nic.run.		172800	IN	AAAA	2a01:8840:25:0:0:0:0:40
+v2n1.nic.run.		172800	IN	A	161.232.17.40
+v2n1.nic.run.		172800	IN	AAAA	2a01:8840:fb:0:0:0:0:40
+rw.			172800	IN	NS	ns1.ricta.org.rw.
+rw.			172800	IN	NS	ns2.ricta.org.rw.
+rw.			172800	IN	NS	ns3.ricta.org.rw.
+rw.			172800	IN	NS	pch.ricta.org.rw.
+rw.			172800	IN	NS	fork.sth.dnsnode.net.
+rw.			172800	IN	NS	ns-rw.afrinic.net.
+rw.			86400	IN	DS	39755 8 1 F5FE9C8F6290EED632676687F03D986F17F27799
+rw.			86400	IN	DS	39755 8 2 005F7A73F0609A69CA7736158490764E1A8DC0652AB1D0E327941AF0FE673111
+rw.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . HBXA3Bpj+aD6pWw0FcH/rrZcyGKqNKZa65HfKcZOUQcAH8n/0p+BSNmw8yBWKiwY9pzMTlUUdG0Ct+ex9ilM9pXMmW4fdX3SxDy9hBSqmL5WroBoVRc5FkIPF9DCUQfTUCNm5OazG1yBLCv6AmJPpYUL+UKBl4D+BPL3KV2Hzue31KcYekLL8aNiyQGruMdDSdR89onf/WxI2/qwu7nyt1HbPUpy1Wvj7LDjiMu5Bv264XPwqMrCOB6M98ztJx/gnjrEwujz+nQZw7IxKH07BJZ4yChizdL68jlKJiP4PzlMQXcejpx2CyTpRyKTqLWooLsDYPabY+jy7TI398ii0A==
+rw.			86400	IN	NSEC	rwe. NS DS RRSIG NSEC
+rw.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . DAhHsgWj7AerU9BytgTTLYbreHk8BDF3uvJKf/oVbivSUc/EvUkjQtSwtVVTwZ/aEb3SqerKHixH/XuL2yxsWrQAc8p0SGGOtL7XLf487Q5AqYvHumGXd7ighvB4TCjl1UmiLuJ+dWFBSCHlDQSedY/HMsGKwdp25yRQapfj6sf7VFwOi6zdc67RsJDpxbcRHE4KVEgDVqhVVbh8kzk3UdN8Tzfah28G8lGBXqEgrkhq/kVEMDZsgsorKHoL/WMu7csJ700PIg1yw1gG5/8vCAVEoYm5oXxsidH/TtMouhwaTjidZb21n7ReXIz4I/KQuo0zrzoeQRg/TVtbCVhQNg==
+ns1.ricta.org.rw.	172800	IN	A	196.49.7.188
+ns2.ricta.org.rw.	172800	IN	A	196.49.7.186
+ns3.ricta.org.rw.	172800	IN	A	41.138.85.98
+pch.ricta.org.rw.	172800	IN	A	204.61.216.91
+pch.ricta.org.rw.	172800	IN	AAAA	2001:500:14:6091:ad:0:0:1
+rwe.			172800	IN	NS	ac1.nstld.com.
+rwe.			172800	IN	NS	ac2.nstld.com.
+rwe.			172800	IN	NS	ac3.nstld.com.
+rwe.			172800	IN	NS	ac4.nstld.com.
+rwe.			86400	IN	DS	3075 8 2 542F19DF30F2C69F686E697CFBAFD7DA2AFA039CB9D6620169895888188AC174
+rwe.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . JTktleEDVdW5ZIhsvpoTYVuZ76Q6ucKQaR/TqsA0y+fXw28xCSxhI080R9P5/BxvdgtZXCaMlMQ0bR6OE0PEA0LCaoovav1Q9FIqhPMwSghYSI0y2mYyTz7enrxT0vN9h/g8u1yKYmzpmx84DR0g8/moSQtrjnXxBkHVM9OuRahIQseNErUIoMK62o+nWKj2PcLNRcpwbO+gTLoiHHwP4mYaIYdBwUd0Y54yK9iyp1XTOdYmF9Fup1rTI9vKFufgTcr1yVg6kRbRVkW3E+X6Cb0emAUvrPClmOYaMrk0/2DZAjCU/6vch+G7aKvi36L0oi+4bF7xvd7Pw1qLKScgQw==
+rwe.			86400	IN	NSEC	ryukyu. NS DS RRSIG NSEC
+rwe.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . SlluZvAwRWxAyOF51+WoqxAWM88zO1tfWI7LwwwEe0w74OTJDAWlZgbVqDDOeuAbvH2IP0+vMdmWAFAVWQTpuaMCy0szOib0Hxa0aakg4zU7/RgJw7a4o63vZZeaURCj4hJRWaqL2v1gqBCCBODmZlfZwFx5DCKDynHl1t9kn6WCJa9oufI5ewpvs0S0e20aavZxCRxNMYGvZDOwl1+pDoGte1ZcappCcIqRfNLCnYrvgaMoBHnMDopDYi6zCmMN+ef4dy1fEPSozf1F2YKmE62OEoenyNliHb6fU/TuIRBKzF1F4Bfu+nT7Xypd3iDx/rqez5Bg539vL9rb2rQG4g==
+ryukyu.			172800	IN	NS	a.gmoregistry.net.
+ryukyu.			172800	IN	NS	b.gmoregistry.net.
+ryukyu.			172800	IN	NS	k.gmoregistry.net.
+ryukyu.			172800	IN	NS	l.gmoregistry.net.
+ryukyu.			86400	IN	DS	52505 8 2 A19F9645F1832C3A1550F695DBA8F68E26DAA32BE47967F71B29A4A865D834B8
+ryukyu.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . v+Qd22bRcI60gOSSwvD8pQS0lGkiZzo9jMDVtRKM0rsZQ7EHaixO3ybsgNYUUCMa+3J212mu2g+3GZcoteqi9/P0EJY+R25QHs9tXKSo5mf0T7ZV6FwxXs/7kwO8sags7fuzWTcZNbrDoGFVY21V1mJ7Dn6V8WOa/AKp4RjhLO3gtRDNSqX9p+nAdwxGX7hrBnRL7TpoY3cjph+Jg+PhnbDslHzLYOXrVfDhwaVS2m/s/a2RWe9keWcWPlHPj57xQA80Gamd4i0onwVyCaZB6vla0VKviLSjCs41+C4fCMVrXBkbNxqWnHXE2QK+6/3vjTXLcfeGXMTUkkfi78xOXw==
+ryukyu.			86400	IN	NSEC	sa. NS DS RRSIG NSEC
+ryukyu.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . zW9U4waHJNmmQqacOCowzvUJ7FDpUHPH2o0ye3kLLYL/6L90xqWfx0WkliR0tiBbqgDw99JenxGNvGCHpA+Izd5cF6g9p4P99d3JgKiV0jZDNOsIY2HZylGJub1Y2m6hxI/cddlhOT+NnxzgwHn/ZP2q63fpwvvl5OqeV+YCooqYfw+eht9x+tC6OLXeSdZX8QUpzKDqG7QnGsJ6K+qBbwR+KjkQ5csSVnYVMLiH8mgH+28BAA9TVjcz2NAO5OOCs12FnpFX270QIgJpyQBbc8yOeKp1h5aslGsO7mjTt0jKtCvpB7JlAFOHjx7hj/F4HUdxYxaNL4YGR11qguiEEA==
+sa.			172800	IN	NS	c1.dns.sa.
+sa.			172800	IN	NS	c2.dns.sa.
+sa.			172800	IN	NS	i1.dns.sa.
+sa.			172800	IN	NS	m1.dns.sa.
+sa.			172800	IN	NS	m2.dns.sa.
+sa.			172800	IN	NS	n1.dns.sa.
+sa.			172800	IN	NS	p1.dns.sa.
+sa.			172800	IN	NS	s1.dns.sa.
+sa.			172800	IN	NS	s2.dns.sa.
+sa.			172800	IN	NS	sh1.dns.sa.
+sa.			86400	IN	DS	65380 8 2 0C3E281D035FD68A9BD2BBFE46348B7E000237385CD3A31C58A88CD652DC8785
+sa.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . B9SLZuGZiPRMzX6RlhC5iwgMYUEPsW0zzisG7MOM+KKTXyad9kl5qxVoNTwFRiHSaGizrYQMCL1iup/2wO1PWnMW0GWbX3xwOxKzys4OTej5gD3qxwWbt2SQm5TIoneW6HnpM78BR7CBd6pOpfDmRdEROlRIOGd5WeFaWkqNNF3TZTvToeohreO9eP+lbHwVhLCuwwHA708+GJGpuk2wGdcMYd2UclaK+CutkynI0H0TYtj7ZUM1kcc6a4CPvDT8822wW6LDwfGa/VNCr+3eej3yUoN5xn4dUeEULyzVOVfIR9pbuqLFcfK7fb5GIecWfNKixoYe9ZDTcbGMAnnoVQ==
+sa.			86400	IN	NSEC	saarland. NS DS RRSIG NSEC
+sa.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . D40kYZpPd6wOBWY2zg3nKbfp7UBAeHuzRJFggORFu+YCfH85U9oEoEfvFT96Hh62cyk2L7NvjCzvn7UvDbHh91zPrQjNBmmujIpzvvCw5eEJuhs6CZu9vFdPFApPM5fm9oMB2ALRi7uExLJDnZxDr7+i7rk6arzcBu3/YHH+M5jKPb4UeqPwYKUBTmlz4Q7m6ZQRfqa7w5OKGPiybmRgdIlgTVRF17zGjvwD8sNkNooFpreG0Fwn/QM7zYfT+yRezLaL5x6NAtonAvK3cnZG7aWaA6lfG4R24oZ6mNB7/228PZ6bXNpl40YJKPQDzMYP+cGJR5cPn/dmMGrd4ckkDA==
+c1.dns.sa.		172800	IN	A	86.111.192.9
+c1.dns.sa.		172800	IN	AAAA	2001:67c:18c8:c0:0:0:0:c1
+c2.dns.sa.		172800	IN	A	86.111.196.9
+i1.dns.sa.		172800	IN	A	212.138.118.118
+i1.dns.sa.		172800	IN	AAAA	2001:1490:0:800:0:0:0:118
+m1.dns.sa.		172800	IN	A	86.51.77.213
+m1.dns.sa.		172800	IN	AAAA	2a02:ce0:1:30:0:0:0:5
+m2.dns.sa.		172800	IN	A	86.51.28.37
+m2.dns.sa.		172800	IN	AAAA	2a02:ce0:1:91:0:0:0:5
+n1.dns.sa.		172800	IN	A	194.146.106.102
+n1.dns.sa.		172800	IN	AAAA	2001:67c:1010:26:0:0:0:53
+p1.dns.sa.		172800	IN	A	204.61.216.41
+p1.dns.sa.		172800	IN	AAAA	2001:500:14:6041:ad:0:0:1
+s1.dns.sa.		172800	IN	A	37.107.223.170
+s1.dns.sa.		172800	IN	AAAA	2001:16a0:1:3002:0:0:0:2
+s2.dns.sa.		172800	IN	A	37.107.255.170
+s2.dns.sa.		172800	IN	AAAA	2001:16a0:2:3002:0:0:0:2
+sh1.dns.sa.		172800	IN	A	213.236.36.92
+sh1.dns.sa.		172800	IN	AAAA	2a02:d70:64:68:0:0:0:2
+saarland.		172800	IN	NS	a.nic.saarland.
+saarland.		172800	IN	NS	b.nic.saarland.
+saarland.		172800	IN	NS	c.nic.saarland.
+saarland.		172800	IN	NS	d.nic.saarland.
+saarland.		86400	IN	DS	46559 8 2 AD4F2AC407E370565DF690B65CC4DB568A2F4396403FAB61D2DCF21CF7D2D823
+saarland.		86400	IN	DS	48752 8 2 4CA46968A784B92804D8B08D61FFA40A44C037863C90D8318FAA32DD7D6F6A24
+saarland.		86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . AjrGJSxuwb5NEt+c5A5CRYBAa0KywC1lxCR/o1JUieMhvpppqUOPsan3SHFK+/ZBryHkHQK3A75f1ns9B4aMS4Y5zsEOt6zOHOcVCB4sUBAgYu900ZpFg4R1B7LTuJ6GbV+Fnp22rxz4i+SgMTs0LyRn52cV9W9bUNYIxuT0fPTGieSdysVHcITkroy4GzcAVdEh/qp5VfC/5LqwbNdPyRtfgnMMSgPTGP04jVfjs7a5iONzutin3beInI04Eo2LYUTioUPHvAmzy+P3JCMeDji4eifSwV+dmkzSjWICprq4QVziNwbYK0enRBxpCLC/bKIpVEiKOtgTn7exs2wW2w==
+saarland.		86400	IN	NSEC	safe. NS DS RRSIG NSEC
+saarland.		86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . UaDV9C5tar67NX1Rg2g4/j4/LBJ+AHXG8Zbb18adeM5xNbJf2WDjAWmLwwP6zA9IKHaGSfIhf9QxJ+rZWT5Ai1I6A1Y3tYLpTQGvRar1jioDzcynRyTEHw4tRBxXL62bb9jzUPeAkhxRokJvED7fVRWgpUMFlzbuXRJKS8jzZ8XsFJN3ngKDrKaLxFkxVWHbURupWUgI2Fd7+kAc0EwgIANbTY3XIsaHYSRdkM8OUcD2IPIF2uHdRRL3QJFR3GPp5cGcNyK0SkNjvYlNJHEw06IOGImtnBp4CSfDSVbiD6a87RmcAM5XJLVycSxetElJFnBDYvc4naK8xmBSHiZNTg==
+a.nic.saarland.		172800	IN	A	194.169.218.97
+a.nic.saarland.		172800	IN	AAAA	2001:67c:13cc:0:0:0:1:97
+b.nic.saarland.		172800	IN	A	185.24.64.97
+b.nic.saarland.		172800	IN	AAAA	2a04:2b00:13cc:0:0:0:1:97
+c.nic.saarland.		172800	IN	A	212.18.248.97
+c.nic.saarland.		172800	IN	AAAA	2a04:2b00:13ee:0:0:0:0:97
+d.nic.saarland.		172800	IN	A	212.18.249.97
+d.nic.saarland.		172800	IN	AAAA	2a04:2b00:13ff:0:0:0:0:97
+safe.			172800	IN	NS	dns1.nic.safe.
+safe.			172800	IN	NS	dns2.nic.safe.
+safe.			172800	IN	NS	dns3.nic.safe.
+safe.			172800	IN	NS	dns4.nic.safe.
+safe.			172800	IN	NS	dnsa.nic.safe.
+safe.			172800	IN	NS	dnsb.nic.safe.
+safe.			172800	IN	NS	dnsc.nic.safe.
+safe.			172800	IN	NS	dnsd.nic.safe.
+safe.			86400	IN	DS	25204 8 2 E7D00D17F0781FE00111CDA8875099BB36432F10C3DFEFA6E0521AD2090690D1
+safe.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . y6/3zyhFSn+VIH4vYJmPx9+7SZGwCzldyzC5eqXhO2B/uXIBm3aYtGcgQUM+agWPKIueFIvD3VCefKuBuJD6btIp/KcbcpU/73TH/hlzMrh2MpaFVE5kVrGcSgv2yislzQqHPWY/KqAzweJL2gCJZCQwMhttU9eB+RFJ18V30giQ/9L20+FxmqqUCOVyxfWa//VJ2nYmhYRQsxwnzihZYZzP6UZiMOhXSoLzRtdIL5JFPcN/VvuepwAGxks8v8iY+7kkwDNIBC6WOAuZJBddfPbF5u/dwj4aAnj/gF5YvGLMq05ZaO7yfC8xDIukIgnweopp2qXjk3xl67V1LJdEgw==
+safe.			86400	IN	NSEC	safety. NS DS RRSIG NSEC
+safe.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . LQikU1uEbZ0hgXEOqiwDHXPkDe3QsC8O9NIOZBD4Vr0k7Cj++mYsYAex5xrAz9zaubG1PXVyrR2h16Q0i1ONVYaqlgcpg3T1hXHUzZqHWaUEpnEeu2KXwC4g9xpWJS89hAwlL5GpG/ISXpgarg1j6QogqNMA2o+OeL+a2bmsMOb5EZV1N3wcYasjSb2sj3yoMfCkwMeDXBWhDBu3Obd+ZYPb0m5ro/mFvFFUF4PRRaZq/wrpoetD515PYJ0sRshBtXY5v4EanSKvfEW2OLyGr/mUW60hszZJ1yluvRWRt+niEC9o64x0Ce2B2/aCuNUfD9aiCOY1E4gfb6nunX1XKA==
+dns1.nic.safe.		172800	IN	A	213.248.218.78
+dns1.nic.safe.		172800	IN	AAAA	2a01:618:402:0:0:0:0:78
+dns2.nic.safe.		172800	IN	A	103.49.82.78
+dns2.nic.safe.		172800	IN	AAAA	2401:fd80:402:0:0:0:0:78
+dns3.nic.safe.		172800	IN	A	213.248.222.78
+dns3.nic.safe.		172800	IN	AAAA	2a01:618:406:0:0:0:0:78
+dns4.nic.safe.		172800	IN	A	43.230.50.78
+dns4.nic.safe.		172800	IN	AAAA	2401:fd80:406:0:0:0:0:78
+dnsa.nic.safe.		172800	IN	A	156.154.100.3
+dnsa.nic.safe.		172800	IN	AAAA	2001:502:ad09:0:0:0:0:3
+dnsb.nic.safe.		172800	IN	A	156.154.101.3
+dnsb.nic.safe.		172800	IN	AAAA	2001:502:2eda:0:0:0:0:3
+dnsc.nic.safe.		172800	IN	A	156.154.102.3
+dnsc.nic.safe.		172800	IN	AAAA	2610:a1:1009:0:0:0:0:3
+dnsd.nic.safe.		172800	IN	A	156.154.103.3
+dnsd.nic.safe.		172800	IN	AAAA	2610:a1:1010:0:0:0:0:3
+safety.			172800	IN	NS	a.nic.safety.
+safety.			172800	IN	NS	b.nic.safety.
+safety.			172800	IN	NS	c.nic.safety.
+safety.			172800	IN	NS	ns1.dns.nic.safety.
+safety.			172800	IN	NS	ns2.dns.nic.safety.
+safety.			172800	IN	NS	ns3.dns.nic.safety.
+safety.			86400	IN	DS	17254 8 2 F76C51279BBD1C4525D952E5D1DF46DAAC5CF3ADBC56D772FC1E85983E05E273
+safety.			86400	IN	DS	43762 8 2 BF2D17C54E9DDE52EB37F0D242A1C4C1051E15C18A2C2661C7A6CA58EE6C0407
+safety.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . eIp5KC0Yd2VaoSU3Puq8Y/W7T60vb61Yvnh8H8QgwAxggY1gYPm1dQvqj1ZFgoT72Cu8ELQmUVlYuTY1Z1acWP7HBFM4FkgOiL9r60dpsW7VFzhbnSlXAZYS/w6bNme+8x9Y4txWpY/ka/UgAxdOxFfnrXfelt1M85ru5f+IHTEGr3jDgAsx2/K3hrP0LesxeQhXVz2ROAsvGEzpGZm6d3uaVQKbg/M9/HBL6HMzwYmRHFP0b7g4cmbTXgjRW9/4K+obpEU4D4M6vrwL/kRaRJJyPUHLJoFAlkNkTiRlQtVSv9hFSAISurAnhJLpjhgh9dIIYX3lYi200nNWkVEq3w==
+safety.			86400	IN	NSEC	sakura. NS DS RRSIG NSEC
+safety.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . Wn9Rk9Vzjm/sM5O4eBG41Rrz5hEKq/Pmzkl1Vi0JIAm/qrXU8pYpUoekUvOrY9e+SvXG2GjdnXQU/UDxWootZ451NB5AnEZS1vhnx5Zu1AP1fwyZ9YliJyQE53QZaRv69Frmj+NkpV7sytaqLOZ7ZepijP1KipEBb+Ju27bd1jGhyFpcNB5VydUob3fkyss/iptkKXzLJTEFBh/UaedIwp9EOIzLtFuLAnwjzNWS7DnUO5RRJV93vdCPT2uiz6bMFb9R4gEWJ/DEuwCnN3EQKTR2bWr4eBupNDT0vH9IWyycsFnABAWUQtgCLnjH1JObseKQlS/IZ2VRVMFH/lPWUA==
+a.nic.safety.		172800	IN	A	37.209.192.10
+a.nic.safety.		172800	IN	AAAA	2001:dcd:1:0:0:0:0:10
+b.nic.safety.		172800	IN	A	37.209.194.10
+b.nic.safety.		172800	IN	AAAA	2001:dcd:2:0:0:0:0:10
+c.nic.safety.		172800	IN	A	37.209.196.10
+c.nic.safety.		172800	IN	AAAA	2001:dcd:3:0:0:0:0:10
+ns1.dns.nic.safety.	172800	IN	A	156.154.144.148
+ns1.dns.nic.safety.	172800	IN	AAAA	2610:a1:1071:0:0:0:0:94
+ns2.dns.nic.safety.	172800	IN	A	156.154.145.148
+ns2.dns.nic.safety.	172800	IN	AAAA	2610:a1:1072:0:0:0:0:94
+ns3.dns.nic.safety.	172800	IN	A	156.154.159.148
+ns3.dns.nic.safety.	172800	IN	AAAA	2610:a1:1073:0:0:0:0:94
+sakura.			172800	IN	NS	tld1.nic.sakura.
+sakura.			172800	IN	NS	tld2.nic.sakura.
+sakura.			172800	IN	NS	tld3.nic.sakura.
+sakura.			172800	IN	NS	tld5.nic.sakura.
+sakura.			86400	IN	DS	52222 8 2 FB0B3A130E7587E2AAB1F675F289D87AD4105A64A14E346E9D18F359E3B0F741
+sakura.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . aGZFaeuHOH45ls+mTZ2RQG3RSmJ6w4w/qRUvDWABxPquBFncOzkcH/a6JCUjYmxGYSBWCK7QmVcaqH/ISwIyuPFO4r4CZKlfw7QUMvQX2bJIeTL1SPNzCwzRWwMW3+LKv8kT1LGOWcf7MB/ve4qKacqEHvpC6pKEHHnNGrzQbP273RT6cWlFCxfmJYfYcsIchrthrXQPRjRZUiHbAoZkYM2/MO5cBliZUng5R2yYYp0Bu+99zQUDaxW0WgglEIiMHvWhEcfhoax68bE6DnYXZDqcgfX0H1gKkEHrVSmsMgIw1d+nMAq4qN0XUzqxlcl6smtepUd8rkoq4CSwTMczMA==
+sakura.			86400	IN	NSEC	sale. NS DS RRSIG NSEC
+sakura.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . W6OEeJlG8T3PRSiZQieXPYAUPGfg7pl8r05Z5srvFAOUAAejYSIoWTSpof1oLnEjDWrbM7zjbv48yJvXru0hNcn250ZdtojZrFnPb+Z6CFqfjBggz6tFM7blIWSS7aM07rGp2W1IrPYrC/wyNryZAMJbzdAsycq7RIOAqXn8kfXHqkIDfEeq84kAoiKCaXF1occXcCvgqgMkmFk3dbEyRNwcMW57DKSrXfJvbeFbnzNNlsAROkRRHKt9mErurXvpip4eIihx9IN00XV0lBgwVh9jWeh0td2VaQs1/DtvCHfK1F7KIpvNkhe+Lp9lQ+AOSgJHefWHjjt7ciDJoYo9FQ==
+tld1.nic.sakura.	172800	IN	A	103.47.2.3
+tld1.nic.sakura.	172800	IN	AAAA	2001:dda:0:0:0:0:0:3
+tld2.nic.sakura.	172800	IN	A	117.104.133.18
+tld2.nic.sakura.	172800	IN	AAAA	2001:218:3001:0:0:0:0:3
+tld3.nic.sakura.	172800	IN	A	65.22.40.9
+tld3.nic.sakura.	172800	IN	AAAA	2a01:8840:1ba:0:0:0:0:9
+tld5.nic.sakura.	172800	IN	A	65.22.40.137
+tld5.nic.sakura.	172800	IN	AAAA	2a01:8840:1ba:0:0:0:0:137
+sale.			172800	IN	NS	v0n0.nic.sale.
+sale.			172800	IN	NS	v0n1.nic.sale.
+sale.			172800	IN	NS	v0n2.nic.sale.
+sale.			172800	IN	NS	v0n3.nic.sale.
+sale.			172800	IN	NS	v2n0.nic.sale.
+sale.			172800	IN	NS	v2n1.nic.sale.
+sale.			86400	IN	DS	58006 8 2 3AAFEA8A5F3796FF0E2A4754C784AA2DD72F34853AFCDB1DBD7571C7673C88CF
+sale.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . gyAyvDTIdg8QTb6CrnqKVIb2cxDIPCSKf8gtXpysSNjb8DuN6fUcO9PSA4ZkmO0AsTV1BTQorDA2EDzCWIjOmdDqiaKROCS9BrQc4ecifz0JmJe14ltn/SVB179JrEhAeV2dk+DyjiKAaYjyrxTW2mzzru3NHAOfOSn2hv35CqiR0fQMUG08bCyWr4B8xo7ydzInPtLFGDPuByjb1Xo6f1hkIojwkDOrr1eSTXazFEDODP3tf2qv9yYD1pmvt/m+mLALE2Kkci7NthTGgAtovf3kxJNNYNa2VhwvCD9HtCwdJKIpW2FWspnfVSJaktdqz97oRqI6UQ5/kJwDOjFUvA==
+sale.			86400	IN	NSEC	salon. NS DS RRSIG NSEC
+sale.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . ylP7QBqERH+JAfjjjVtGD7O3crmdkmJR2mxPCD7foYawNcCz494RlYtnBcUnin9DiJw1uyzZzjQf/ryAF3qJjNOgHvyCoRo2beW1E7TMy4lCh/8V7A78N/li4+44HE1yi3FSm9zhinuacRkoyOCbVHLlNZ1QbhT9xmOH2L69XEBUzIynUt6dC+SS1kUG+kNXinH7dQ5gsbmx2g5ji88Yu2Q9GJUxZGRw5SSzBVnwB2xtrECY4eeKJq6xfBYtqwvJWiV3r11SjTSMwNWfsfRC4rw0CiF37Ezooa8Qj2x0bBGHQjYogGutB4ft0TqTkuYu6hnTuxzDBaeTXY5PQvPs4A==
+v0n0.nic.sale.		172800	IN	A	65.22.20.48
+v0n0.nic.sale.		172800	IN	AAAA	2a01:8840:16:0:0:0:0:48
+v0n1.nic.sale.		172800	IN	A	65.22.21.48
+v0n1.nic.sale.		172800	IN	AAAA	2a01:8840:17:0:0:0:0:48
+v0n2.nic.sale.		172800	IN	A	65.22.22.48
+v0n2.nic.sale.		172800	IN	AAAA	2a01:8840:18:0:0:0:0:48
+v0n3.nic.sale.		172800	IN	A	161.232.10.48
+v0n3.nic.sale.		172800	IN	AAAA	2a01:8840:f4:0:0:0:0:48
+v2n0.nic.sale.		172800	IN	A	65.22.23.48
+v2n0.nic.sale.		172800	IN	AAAA	2a01:8840:19:0:0:0:0:48
+v2n1.nic.sale.		172800	IN	A	161.232.11.48
+v2n1.nic.sale.		172800	IN	AAAA	2a01:8840:f5:0:0:0:0:48
+salon.			172800	IN	NS	v0n0.nic.salon.
+salon.			172800	IN	NS	v0n1.nic.salon.
+salon.			172800	IN	NS	v0n2.nic.salon.
+salon.			172800	IN	NS	v0n3.nic.salon.
+salon.			172800	IN	NS	v2n0.nic.salon.
+salon.			172800	IN	NS	v2n1.nic.salon.
+salon.			86400	IN	DS	20629 8 2 15BEEE88CB2059844ADC8B06944FC2424A7618726B390A08FC21FDE2EF6DAA07
+salon.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . u+PsK3nCrOmHfs+9yJFjzbocBgI/bZl23SwG5+A2rZET1a7xrJc1qWudDlhLlfqSx7FDfBg3ZMDs8lWeaekJR+Sz3Y2mBjX0bpg+8tkz2hA1XRscmnBUbAiQHiC0yBSExjyfemp9YWIH2c5i1ZRnM0kKdoE37K8LF1y9+oZ1Talf4+fYD/x1Sas231u526fwrCbFdb8KPMSjmr3Oo4hYwsyHH8ffuernpmOdcYJJoslEhIiH6AYh7/Fs2nYxtn/nHtYW0MnZ/uSm2+DKu7bANh5ohHczkeyQMBAPllmsHNi9bhHQonFOd1EsURRKVmDHsiyxcoYj9RcYmnCB5YEzlg==
+salon.			86400	IN	NSEC	samsclub. NS DS RRSIG NSEC
+salon.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . AZ6rSE6Ury/jmacfUrXNDDxL05VwDLPLJ3L97xe7kGeumnrI3rKQfao/D3XFt1ihKRRkz631bzqUEWsJeI/+OU99AWbo38GxnOjnw3c3XwVozGTy5K5nKW7u4tUb7T6+3fd5G58JEEbuJZC/7+FWL66dGI7/moyEBCZqkh0fr92jsfaA1BCBh3DC8NcE7XurzoYjDbxqdJF/sUxpBNTrjXE/wzySAx+62Ai0hDXyQG0b2TOpF2fZ9yE9+0nY1iUebaSEWk4D4XjsWbmLf7XadA+1oVvW3IQdZ97XuuOg7O2HbMOzNhROMcuOfiAZ3WttneqgcRoUraHfqGQNiacx6w==
+v0n0.nic.salon.		172800	IN	A	65.22.28.58
+v0n0.nic.salon.		172800	IN	AAAA	2a01:8840:1e:0:0:0:0:58
+v0n1.nic.salon.		172800	IN	A	65.22.29.58
+v0n1.nic.salon.		172800	IN	AAAA	2a01:8840:1f:0:0:0:0:58
+v0n2.nic.salon.		172800	IN	A	65.22.30.58
+v0n2.nic.salon.		172800	IN	AAAA	2a01:8840:20:0:0:0:0:58
+v0n3.nic.salon.		172800	IN	A	161.232.14.58
+v0n3.nic.salon.		172800	IN	AAAA	2a01:8840:f8:0:0:0:0:58
+v2n0.nic.salon.		172800	IN	A	65.22.31.58
+v2n0.nic.salon.		172800	IN	AAAA	2a01:8840:21:0:0:0:0:58
+v2n1.nic.salon.		172800	IN	A	161.232.15.58
+v2n1.nic.salon.		172800	IN	AAAA	2a01:8840:f9:0:0:0:0:58
+samsclub.		172800	IN	NS	a0.nic.samsclub.
+samsclub.		172800	IN	NS	a2.nic.samsclub.
+samsclub.		172800	IN	NS	b0.nic.samsclub.
+samsclub.		172800	IN	NS	c0.nic.samsclub.
+samsclub.		86400	IN	DS	60532 8 2 3D5123DE8729F24800C0715726142C8317B27134AF028DC67F541DE50903643B
+samsclub.		86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . KYp4zX/8AoQ606QVxh/wpbVYhoBiGOAXK5UdREQFkhAb9qfyT61hF2Tbx62G33naFrAbXgTii5qKagy9hbdCGMtVhMDyiNTrpNrBdgPGTkJz1hthB8jrwzr8m8vhzN0BkVtS5urlg6PxfVuv/Vrd+SDw4ZY7weOR1ZsdtFyHnL11EvDEb+Y+0Tin5GKx3GOQH0GacbkCxqG14NpWj4Yj3OFdnRkObhaQZFsqj8M2b/VJqO2NSHSinZoaAgyK+GQsvnj4SgslWokewWXHiogkXJQcMF0qJc01YWqcAf6xH2mfJAIMUaOYA5Ng0NnrcHwDD7nRfhLZ7b4huK0Ar1fWoQ==
+samsclub.		86400	IN	NSEC	samsung. NS DS RRSIG NSEC
+samsclub.		86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . N9forgeCdWgFp4Rv2Dj9WJQ2ikrwJB7RhERwdipVvtlO/ZIv4MnJBf0qMI2VFfa0v8OmiKBGeYVq4XhISEJ0ysSaydrvhN5YwMRRbS6FX4ug9XHNoP50vM5ESRPAru+VUPL6blqTGBNAw2yjO7aDDbDC/Fjl5yPzH5LVaesTG4WQID65CmhK3+UFcIDPuaBTPlTVpWkb1Gn5cQmKvSXhPArM7KHh4MXcbrhQ84dGaUPKvxGup5I1qQEcOgfmDLziCpAYuXwhhFOABjBfmaDMjCCNvJ3hjz0T62lUAcM0UGzdLdhySdWhsGpU8mVyBsO8/JSd0oLDhOQXd1wIP3uirQ==
+a0.nic.samsclub.	172800	IN	A	65.22.112.66
+a0.nic.samsclub.	172800	IN	AAAA	2a01:8840:6e:0:0:0:0:66
+a2.nic.samsclub.	172800	IN	A	65.22.115.66
+a2.nic.samsclub.	172800	IN	AAAA	2a01:8840:71:0:0:0:0:66
+b0.nic.samsclub.	172800	IN	A	65.22.113.66
+b0.nic.samsclub.	172800	IN	AAAA	2a01:8840:6f:0:0:0:0:66
+c0.nic.samsclub.	172800	IN	A	65.22.114.66
+c0.nic.samsclub.	172800	IN	AAAA	2a01:8840:70:0:0:0:0:66
+samsung.		172800	IN	NS	ns1.samsung.centralnic-dns.com.
+samsung.		172800	IN	NS	ns2.samsung.centralnic-dns.com.
+samsung.		172800	IN	NS	ns3.samsung.centralnic-dns.com.
+samsung.		172800	IN	NS	ns4.samsung.centralnic-dns.com.
+samsung.		86400	IN	DS	19194 7 2 144B461CB8AD9212307C53173EF72139A418EAB09997FC366484335D0AAE91FE
+samsung.		86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . lK9E1O5T2axoydmH+nWfmCrOw83G22oV5u7rTwcJZNDam9f2QaLamRVtoPYu2dGoiD/9vze4cYPt+IfLDKVvrTzpW9ISCIMtDvG2eeZ7QWtnqHIZQZgtXvTH9nYHkZvKMf/0h/SunTQGjXEY6aWjUbQrlDh9TY3uiex3EUx5jt/uctLh3WRxS3n0pM7WRba1QivRyu9xcPbBhmidxZkBgggV00IQHp9LI2eUA9cQFBFNjaAJKKtVS5obrIMpSjNFcYeKgX0YNeGUgqepOGPYGFyFbBl/1Wey0014LDP16wcwHc2UaUeXjf8sf6tzEAPp3f+xIjp7i/K43MY1ofzedg==
+samsung.		86400	IN	NSEC	sandvik. NS DS RRSIG NSEC
+samsung.		86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . iovFARb/vzJgYxfgjnjTOephMopygnaBw4esV4BIfEvJdts5Po7YFRYE2k0dG4OjYvqupnpvkrZXKInd4ArVu2o01HLoNCpklZHDdZFV/i0dWMyq9/Y3JU5Z8Uhv9b4MJKYY85psFsSgyMdyDjQa7T7yAHEjat2seFDB1GF+2dBO2l4ZHMkkQSL0o2v/Y96E+dbDB0WKtO2fBMtLaKYPOMT303gLdeLUDn0/hvUI/Prbj2tWxaWeT0G8nIONDmxPUMsMwYIP+ojAD8F4himhzw3xLCWXkDj732mUH3xTY7paB0l+jyjDv50+RIv2ZG4nNiP0e1ld94JDwEW7nGclEg==
+sandvik.		172800	IN	NS	a.nic.sandvik.
+sandvik.		172800	IN	NS	b.nic.sandvik.
+sandvik.		172800	IN	NS	c.nic.sandvik.
+sandvik.		172800	IN	NS	x.nic.sandvik.
+sandvik.		172800	IN	NS	y.nic.sandvik.
+sandvik.		172800	IN	NS	z.nic.sandvik.
+sandvik.		86400	IN	DS	16237 8 2 8703222CAF60E541964F6804D51EB5D3C1748E095978350689324CF8C45F9F0E
+sandvik.		86400	IN	DS	23647 8 2 01ED10D00E4FDF8BB9BF3338BFE2EF3AD80BAB54270CE9A42941B6E3DD87781D
+sandvik.		86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . ka0YJ/D3ernNksT+J/09/Ax4cJv3NQ22ox57UZG9WaaGgbnXDuRY0qn0tCvOKAJjsD7KsWYsfhHrm0ZxcNHltntHJA6zSVz+fALijJns9duiGLGvfOnHKfvOQ679t8whtDGjGrqs8JSksb9NieMcyyty0xgujcc5KKbgXR1EFblkB1ic2r5qN4af0kFXhyL9u+YG53A6j0dVAM8uxAhLE51WXDYYzlOCaEsN55Wgwv62PbFNEtc32frpL2RT05iaqkjBhhEPk/OWosbQCbTEMumHPZdQpJ3zJF73j01B327PZh3ApdE0nFLxaTuvp7tDmR+V7JVyZxBmGnwqO5a6cw==
+sandvik.		86400	IN	NSEC	sandvikcoromant. NS DS RRSIG NSEC
+sandvik.		86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . qw/kg+N76pPEfvZGcBGdRgLegj/pk1lloVp64hsP87Qyk1f86XZIO7q3FN0YPflYqQOg79dn6b12G+ZEFuYx6o3bllYEJ0HNQfHYXrzgRm9Ks7LL7RTPQrIUJrikVKpK/dSlbYZqICnDkRRreZQzGAFZ4VT6U84ck4gRyS7+3AzGlRN8rMizLmCpYYZ/ReOCTd7fBQdgOyuO6HQZrLGek46BgYgLZ+0U0LEwicTM3AyjKtU34T76AxMA8sHSzF8H4Sb3NOM8+xDTBGPkEKdi7iaEE8NyBrVhnRGI+wbWkWjU0t2OlMcZmyqXSBA0S8IB8yB4XlotFxzSNqbo/ZnxBw==
+a.nic.sandvik.		172800	IN	A	37.209.192.9
+a.nic.sandvik.		172800	IN	AAAA	2001:dcd:1:0:0:0:0:9
+b.nic.sandvik.		172800	IN	A	37.209.194.9
+b.nic.sandvik.		172800	IN	AAAA	2001:dcd:2:0:0:0:0:9
+c.nic.sandvik.		172800	IN	A	37.209.196.9
+c.nic.sandvik.		172800	IN	AAAA	2001:dcd:3:0:0:0:0:9
+x.nic.sandvik.		172800	IN	A	156.154.172.82
+x.nic.sandvik.		172800	IN	AAAA	2610:a1:1074:0:0:0:1:82
+y.nic.sandvik.		172800	IN	A	156.154.173.82
+y.nic.sandvik.		172800	IN	AAAA	2610:a1:1075:0:0:0:1:82
+z.nic.sandvik.		172800	IN	A	156.154.174.82
+z.nic.sandvik.		172800	IN	AAAA	2610:a1:1076:0:0:0:1:82
+sandvikcoromant.	172800	IN	NS	a.nic.sandvikcoromant.
+sandvikcoromant.	172800	IN	NS	b.nic.sandvikcoromant.
+sandvikcoromant.	172800	IN	NS	c.nic.sandvikcoromant.
+sandvikcoromant.	172800	IN	NS	x.nic.sandvikcoromant.
+sandvikcoromant.	172800	IN	NS	y.nic.sandvikcoromant.
+sandvikcoromant.	172800	IN	NS	z.nic.sandvikcoromant.
+sandvikcoromant.	86400	IN	DS	19999 8 2 AC19FB9AA365946AA64F8872782E80AF68F6BF988F9DE2E31901434849FA8D5E
+sandvikcoromant.	86400	IN	DS	44284 8 2 BF58F3D66C43E835B092A138295C40E293AA5C358C79888A543F9E6538048FC8
+sandvikcoromant.	86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . liU0EtH2Q8BERHYlwK8mxLVUWg8d/FgVXBW5IMJx/G0riJajrC5Am0Q7M/y8UKOpmOpd1h67qMez7IsUa21UnclHtXrWzSAT7VPYhLWOLbqot7BFn86fcxzl4jqnD2grt5K+x9MWVf/L5kydjom8Kr3sBWTeHsqiRzOt/FT6NIJLp+YHE4ohFZDDYo4Ph7Dgwjg3t5XYxz/2p/jtzK8t2mPilR9msd/njCOoMpeLmoUqIeLiDrJbEOgpKiZKaSGNvkXmLH5XOQygOTemaY/GH6ndvruHIyq0cgzQfxLeAyoGhwiCFySIRtsQBuqNarpmE291Kj9whxVzJGQZ2wvPuQ==
+sandvikcoromant.	86400	IN	NSEC	sanofi. NS DS RRSIG NSEC
+sandvikcoromant.	86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . wpDhM3A9XrKYD1tqmvVb2s+XtTbs2GE8m43pg0kq9O1yRpaZtfdTrzsfPrF/qpnELPmtG7aOSpmLLhm6DYsXpnQ7cME/4BPK3ilhr6ptH5w/6m+cvnKNjjMcOcBTdLPpBMEhF8jEaPVV8QmZfC1P3sSpsn3i2RRlTdR0PPvYJ4wwBR3D6ZmMknZVimReq5Scwng4ZwA6DYUmKKTjIOcs8+aBtOC4l3ld9ZMU8MkZy30dfoIahWMskq6EoCTa/bUHWjlc2CIERMu1tYe4ze/6/VGotWgydbjnoSqXrN6cR/YGuSr739dE9GoEnuLP6XDirlJdIsPyKRH6XOTwSoY8Eg==
+a.nic.sandvikcoromant.	172800	IN	A	37.209.192.9
+a.nic.sandvikcoromant.	172800	IN	AAAA	2001:dcd:1:0:0:0:0:9
+b.nic.sandvikcoromant.	172800	IN	A	37.209.194.9
+b.nic.sandvikcoromant.	172800	IN	AAAA	2001:dcd:2:0:0:0:0:9
+c.nic.sandvikcoromant.	172800	IN	A	37.209.196.9
+c.nic.sandvikcoromant.	172800	IN	AAAA	2001:dcd:3:0:0:0:0:9
+x.nic.sandvikcoromant.	172800	IN	A	156.154.172.82
+x.nic.sandvikcoromant.	172800	IN	AAAA	2610:a1:1074:0:0:0:1:82
+y.nic.sandvikcoromant.	172800	IN	A	156.154.173.82
+y.nic.sandvikcoromant.	172800	IN	AAAA	2610:a1:1075:0:0:0:1:82
+z.nic.sandvikcoromant.	172800	IN	A	156.154.174.82
+z.nic.sandvikcoromant.	172800	IN	AAAA	2610:a1:1076:0:0:0:1:82
+sanofi.			172800	IN	NS	a0.nic.sanofi.
+sanofi.			172800	IN	NS	a2.nic.sanofi.
+sanofi.			172800	IN	NS	b0.nic.sanofi.
+sanofi.			172800	IN	NS	c0.nic.sanofi.
+sanofi.			86400	IN	DS	41599 8 2 02843FF5975A697552B6331207523EED81A6FBE7A7F6AA90F9A2513BB3648092
+sanofi.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . S2RHvTpp0qW9B3EZxHJuRVtz4EjXjjgRKos6H/bnRLIygiLmxDLakjEWT6RW0JETp3fjPz+x5SN3Q2hlhDIgQ1cBiiSC+RHwKId02y48kTfi73ZsA822NwXxxrgEGrm/d6I6d60Wcbx3Vet03aNG01D0U4spbygH6ECTFJZQwmsrGsA3439+D+Zffg/P9V60y6kdPD8MBNpCSzFNEtqwMa6dgugu2KTy4iXAzhFBmaoH2Ya2hEh0D4nHg53lJv32+D8XFSei8EDvLtS+kVEC5FU6m/sxegxpXhvfDQgNNfd9z0UyqBPTn+R6iDJIasXZq4f85QVuBMRbWRTaORdlZw==
+sanofi.			86400	IN	NSEC	sap. NS DS RRSIG NSEC
+sanofi.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . Fw63u23/bD4zZ+Flh2p2DT/3KHzO6r1vAsSQe406yEfkMfgfUlzna2Pgqhu+pg4wcbQUZKoN10Z+tVW8Ug9w9EcdXqKA1u6vVl7j6sMBPkoOonXsoIr/cMcek6AHQLVW4DUAPj6G5LQd8eBuGCjF23Zu+IW3S9FnyvIH0EKkRYjnBNtVqi9ugVNriU2OoSpYnLrds8YLJZBtDUJSAzEWql9DlbrrbhRzKUrp7B6XfsrDZeCfltwO546bo1cBKnZoNIkM14Zzk1vdGzBNKarwXlDTtLcc2lqUog3ASqxpFCi2A95Ud/UM6ZaqU/RAv5jlQccuOyMSPiYUALfwDY0gXw==
+a0.nic.sanofi.		172800	IN	A	65.22.112.67
+a0.nic.sanofi.		172800	IN	AAAA	2a01:8840:6e:0:0:0:0:67
+a2.nic.sanofi.		172800	IN	A	65.22.115.67
+a2.nic.sanofi.		172800	IN	AAAA	2a01:8840:71:0:0:0:0:67
+b0.nic.sanofi.		172800	IN	A	65.22.113.67
+b0.nic.sanofi.		172800	IN	AAAA	2a01:8840:6f:0:0:0:0:67
+c0.nic.sanofi.		172800	IN	A	65.22.114.67
+c0.nic.sanofi.		172800	IN	AAAA	2a01:8840:70:0:0:0:0:67
+sap.			172800	IN	NS	anycast9.irondns.net.
+sap.			172800	IN	NS	anycast10.irondns.net.
+sap.			172800	IN	NS	anycast23.irondns.net.
+sap.			172800	IN	NS	anycast24.irondns.net.
+sap.			86400	IN	DS	58162 10 2 C54138AF7A4E7BEDE0D15FFD010BA47792DED7D0729728C814821BD4C06495B6
+sap.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . V5CZByOIhxbUyR+g8X1BSs1Q3mhbRdE8AZj0CVM6ACfkcYSAPVLI+gDOg+yVG7Z3vMz2X2k4U6N+wq2m7Y+rhM1ictkFhTh/kaEygoPqClPKMvXYh25KDYjqm8AvqjK5cgTbUk4jnqOtDJD6rT9Rxlwl92NtIz9t+i+Sly2HLGOcNj+UOhTzYFrOkCOyHY58pfQtHg03BEJ953d3IcbZfSY/UkwtcfFzWKixsSHXLf8bS1TFTYEplupjVJxTAWyRqUpuyqr649rBvdohfZLxRhZ2OY+IwoatPv53eqtcVx8xoZqrX9oKy2iSITuIy7Z4ICPCwO6nyc4ja4lXJgwi/A==
+sap.			86400	IN	NSEC	sarl. NS DS RRSIG NSEC
+sap.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . ZVV5SW6ll7UxLYGn4B6mF5zMMmSd+76TWLwx/AsrNxlstN8nITZzYhoZkYduwo3sy+eWZ+3mSGPkLsdN9rXizJ9kgaEXryMDBBQNghRGzwZZLW1Vo3/sFNQTEjiiubKS3Uemha1NO7AzQLwGJGW+SFVqQyBeBVjNhOEprEqiZNhnh1SorpD1UN4cThVabAFYmM7RyEikqFctbhxwVZckhnXjX99AOO+HhoAMo4TiZGwa4uNgD0Sy6HLf2iUrCpQd3Fjgzg7IA3wn/CQx5thqD6SbC3pJwQ9gVsUQTPGzckWMBT87oXSNP5Nwv/60dS25GNPbH3DxXpDzRRj7VRFY3Q==
+sarl.			172800	IN	NS	v0n0.nic.sarl.
+sarl.			172800	IN	NS	v0n1.nic.sarl.
+sarl.			172800	IN	NS	v0n2.nic.sarl.
+sarl.			172800	IN	NS	v0n3.nic.sarl.
+sarl.			172800	IN	NS	v2n0.nic.sarl.
+sarl.			172800	IN	NS	v2n1.nic.sarl.
+sarl.			86400	IN	DS	30877 8 2 24DB28DE74191D33588C628D306BE3457278F59CECA8104D2A81CFA7FCD8D6E6
+sarl.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . Yoeq8vvFgOa541F3SOsWcJeBuaZo1QasgbMsSWD5d3ou0PRMsSB9hijuHP3BQ+pR8IdhPM1w2wGwE6TaCVQ3XOR/hvN41aasn/UCQfi2rMIC62b4Q7Trrx9hsVDc8g+wWhUe4dwZPqMJGWIRqd8vA5gBTBXDslAH2XHACRhdpqTqYarV/igcCEC2/fcAGfocGIa9/t6uTsT2EH6BnFSihBeZkDZ5HgyhRc5vDZSvISdovrsH8aDJMI6SeKFqiqWyYk+NWr186wAW0HjnbRo2VWZE5yfVELgwylJxrdrfNRWJslKFhJJLgaYiBuVqyblxeFRjlKzsRuKUaaTozn/DPA==
+sarl.			86400	IN	NSEC	sas. NS DS RRSIG NSEC
+sarl.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . GNg1258zj6f2e4gB2Ks7ydGSjzJtpjpicqFKGZaahvJgektn1sxza1t3lRb7i9Slmn5czhVygTFosO82/cf/Ubz6j/qe286ro9Pj/GMCNUwJdCB2KVtUY8Z1opJ0JkjCzTWqZznzkyVvbVpDr9DowKoqHANLCNweRZ5RJfYQhqcjt26Loh9uiI0WPKQ0RNpEkec+pAL7T8r2QZIw+rmcfZSFoag3WYIoruxPz1jMbwd7OqclZpiQt2jeBX8Zpj4hIyMuMw6ULZaozIVHZJltrxKivTuZSJTktiNnuCx8cpSZ/UGA9tR1TZkGOCyJq855XhF/1d7pw3GOg1tmNfnm8w==
+v0n0.nic.sarl.		172800	IN	A	65.22.32.63
+v0n0.nic.sarl.		172800	IN	AAAA	2a01:8840:22:0:0:0:0:63
+v0n1.nic.sarl.		172800	IN	A	65.22.33.63
+v0n1.nic.sarl.		172800	IN	AAAA	2a01:8840:23:0:0:0:0:63
+v0n2.nic.sarl.		172800	IN	A	65.22.34.63
+v0n2.nic.sarl.		172800	IN	AAAA	2a01:8840:24:0:0:0:0:63
+v0n3.nic.sarl.		172800	IN	A	161.232.16.63
+v0n3.nic.sarl.		172800	IN	AAAA	2a01:8840:fa:0:0:0:0:63
+v2n0.nic.sarl.		172800	IN	A	65.22.35.63
+v2n0.nic.sarl.		172800	IN	AAAA	2a01:8840:25:0:0:0:0:63
+v2n1.nic.sarl.		172800	IN	A	161.232.17.63
+v2n1.nic.sarl.		172800	IN	AAAA	2a01:8840:fb:0:0:0:0:63
+sas.			172800	IN	NS	a.nic.sas.
+sas.			172800	IN	NS	b.nic.sas.
+sas.			172800	IN	NS	c.nic.sas.
+sas.			172800	IN	NS	ns1.dns.nic.sas.
+sas.			172800	IN	NS	ns2.dns.nic.sas.
+sas.			172800	IN	NS	ns3.dns.nic.sas.
+sas.			86400	IN	DS	20119 8 2 245081F2A99002CFBA295D87B98465B3B4A2DF0023364E577292C15103FCC0A4
+sas.			86400	IN	DS	55987 8 2 75E65D4917A0980AA1CCCC56B99C58C86A5A2D62EFEE4D1DE37F672AC7AE8E7B
+sas.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . YSGYfRxd1QjOeVSSswYKIeoxgv3GPHVZi/uiyrGH07TUjzCxxeGLNUPogpQsvwEyNvM0ZXFwcwHke3wHCo5YyrznQFZBGnvjzqjiPuFEE4v9jB7aptYcH6S1JIwJCSFGSDWeJ9xG1jmS2KacslWi/5uOzLbwBQJEswrfejKe8q65E4NE/MgB6ZmRTtecpLFcrTmsTh324qyRFI72+c1XVv6z4PyrYQo6efDGGIROxDWhjY/4+AuZxzgNHvWwf5iY6CDwJ4ViL1skb26nASktjOAv14G55obmW9Vx4hFi3LFDA0GDctxsp/cCt/xteZEInsYd/yU/FN16+HSw8YvIYA==
+sas.			86400	IN	NSEC	save. NS DS RRSIG NSEC
+sas.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . bmZcC3RbKNK5DPDOrHsh+81SWiFRRj/hN/Z/4QJrxrRSPA65CBMC7RP2evZaAXju5FvaNC+JtfAZgwZlp83BOk96ApxrRk6vVPmlDdogE+Lh+GR/46z+h3Cw7eKHa1cRoESCp0p76bunDJ46VI4tCZxW+nQVoxMK8n56Yt5r+I5wzO1pY2luY2CiLyEhYxYkktBjRTSNNDbEiTlXIJjSRAhur7dK8JujPR/gTvPsC2bxEervGjp/QUZRu5C+WrsKPeQaLRXV2iBV0PYv/dhgh/Qu+oWXSytCwj3IUeDWG97wqjmD6BZ/XzfHuEA6f0zlqtjj8qvsOKMubu+jc7IOWA==
+a.nic.sas.		172800	IN	A	37.209.192.9
+a.nic.sas.		172800	IN	AAAA	2001:dcd:1:0:0:0:0:9
+b.nic.sas.		172800	IN	A	37.209.194.9
+b.nic.sas.		172800	IN	AAAA	2001:dcd:2:0:0:0:0:9
+c.nic.sas.		172800	IN	A	37.209.196.9
+c.nic.sas.		172800	IN	AAAA	2001:dcd:3:0:0:0:0:9
+ns1.dns.nic.sas.	172800	IN	A	156.154.169.39
+ns1.dns.nic.sas.	172800	IN	AAAA	2610:a1:1071:0:0:0:1:27
+ns2.dns.nic.sas.	172800	IN	A	156.154.170.39
+ns2.dns.nic.sas.	172800	IN	AAAA	2610:a1:1072:0:0:0:1:27
+ns3.dns.nic.sas.	172800	IN	A	156.154.171.39
+ns3.dns.nic.sas.	172800	IN	AAAA	2610:a1:1073:0:0:0:1:27
+save.			172800	IN	NS	dns1.nic.save.
+save.			172800	IN	NS	dns2.nic.save.
+save.			172800	IN	NS	dns3.nic.save.
+save.			172800	IN	NS	dns4.nic.save.
+save.			172800	IN	NS	dnsa.nic.save.
+save.			172800	IN	NS	dnsb.nic.save.
+save.			172800	IN	NS	dnsc.nic.save.
+save.			172800	IN	NS	dnsd.nic.save.
+save.			86400	IN	DS	6611 8 2 E81FA1AF4EA9F0EF852F21B1D175FA87B6758A90D293B77D4326EDBFF8BF79A5
+save.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . iUAX38PAoY0ktyCTyUB00+ZXnfB6sVKViiYRpQ5Se802SSj3ZtdDKca/+N3IfzkD6F9FNcJadqnX0GfI2e9pMIyZiNhBl2ImCc7zfAXK9rlyzJYy+F3w96AXrTPM+u8LQHzmqHxo2n3YlUHeWGL8zuSDapuC2k+/Evu17RHZHkJ4qZP+uU697ZJ54Te3CoS4oICazwxliHvwGkjrR/Fj5z2zbAyQSRkYuRzFUn5tWY0UfK65uuOAWRSILJOP9w7QC3LBBduZkkxpYtNV8+urEv9PJ6Rlva4ABr1k3sQW0LRORfD+k0BFtxmbBsbS8nPCoX7JXuu6jExzE1xdcccgIQ==
+save.			86400	IN	NSEC	saxo. NS DS RRSIG NSEC
+save.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . tKnyAznUxH7mDbVbpwMZgLSohmh5ZHWSE7Icll3bzlqxKIXPqj17A8IK7Tr6qPHHb0oEtP+DMw1I2Tprh4fB+JP7VOZrPSKaF96jg/t3eLtaVzR9+xZp6glqKM7DlSM3q3xvI/CWGQA09iBfAvhYoWQQzb7soAC1UR3GCxTM1ESmpe9iVX5y5GmGj3+/6bv0u00iFcG1HIYhxU334hFzLgnJjfjiG4OFHujEhESn2VdJwqCciRCqs7ClLbN0X6Xgoa6QOlRchctsEA0GWrUT8ruOWKjHRPhSXeHzj6b5kAiAL9Zxp/ZpTgZ4SZEZF7biKEpjQhTbNQw/t2pdYRvWvQ==
+dns1.nic.save.		172800	IN	A	213.248.218.79
+dns1.nic.save.		172800	IN	AAAA	2a01:618:402:0:0:0:0:79
+dns2.nic.save.		172800	IN	A	103.49.82.79
+dns2.nic.save.		172800	IN	AAAA	2401:fd80:402:0:0:0:0:79
+dns3.nic.save.		172800	IN	A	213.248.222.79
+dns3.nic.save.		172800	IN	AAAA	2a01:618:406:0:0:0:0:79
+dns4.nic.save.		172800	IN	A	43.230.50.79
+dns4.nic.save.		172800	IN	AAAA	2401:fd80:406:0:0:0:0:79
+dnsa.nic.save.		172800	IN	A	156.154.100.3
+dnsa.nic.save.		172800	IN	AAAA	2001:502:ad09:0:0:0:0:3
+dnsb.nic.save.		172800	IN	A	156.154.101.3
+dnsb.nic.save.		172800	IN	AAAA	2001:502:2eda:0:0:0:0:3
+dnsc.nic.save.		172800	IN	A	156.154.102.3
+dnsc.nic.save.		172800	IN	AAAA	2610:a1:1009:0:0:0:0:3
+dnsd.nic.save.		172800	IN	A	156.154.103.3
+dnsd.nic.save.		172800	IN	AAAA	2610:a1:1010:0:0:0:0:3
+saxo.			172800	IN	NS	a.nic.saxo.
+saxo.			172800	IN	NS	b.nic.saxo.
+saxo.			172800	IN	NS	c.nic.saxo.
+saxo.			172800	IN	NS	x.nic.saxo.
+saxo.			172800	IN	NS	y.nic.saxo.
+saxo.			172800	IN	NS	z.nic.saxo.
+saxo.			86400	IN	DS	8887 8 2 117F2B38851F01FD3B94FF49ED5A41B04425F8926AA9D569C301CF46F05202C3
+saxo.			86400	IN	DS	33499 8 2 3DACA03D08EF7CFDEA7E7F42231F411F3B56B9C8CA2CBB2D6D6A70B63652FA79
+saxo.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . M7OypTxROv063s/JwpzfEXDeLxaAK3L/XLPYyme1Abb5LfT6jhmbS2orWQV2RMmJ7OrcLliWomh5XNmw+B+hH7vKMF37P50dkgdEoMQRQ1qJcZ+yl4sdnN1LAie2hAv5qkPUyghCxgWrZZGEF0YSXnfOHP/ue0kSXW8SKs1gAidmR7yW2TNhSEMSQuubOp9aZnhL+6kebMTyzxHozM8aDAXIw6Ee9jKBtTGcE+kWm6IYRx8tULFeXKvYLCjeAJFsZyXBNCEL6IrVkjSiJOVXiGCZ2JWm8ktZtcPv2vM8+Pg1CKOV2d380YJsl04h+fWDiH0HegOxpTUpAVqheE0DJw==
+saxo.			86400	IN	NSEC	sb. NS DS RRSIG NSEC
+saxo.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . lVVMKyazhH8CoglrMIDhOy7YgrEZTqn5rFdj4oMoGBrPqUPDyODSuEPx36yGKEoiIpXz8fxasGyaYWjzni9NMI7SNzmNCBPasVvYP3cPnf0AT+u/hGhGDz72tBqa9n911MZCmYRdDcgFG2EeHbEJm9F92PtumtcCDNpNwha7KtcJQrOmgeizyFjf4T0M8yx8eSBozZ2BDqz80TVr1y6QIpa18mySrqh37yktsSdSWsNQOqu288/gwn7baSLm1aP7yiZtlS3vmn9LogKTK+6pNWomX9xuui5Z0r92liIxslJ4Ww/H6GWVXzf8IJORHzPY796B9Q1kwQHXATj8YfA5Qw==
+a.nic.saxo.		172800	IN	A	37.209.192.9
+a.nic.saxo.		172800	IN	AAAA	2001:dcd:1:0:0:0:0:9
+b.nic.saxo.		172800	IN	A	37.209.194.9
+b.nic.saxo.		172800	IN	AAAA	2001:dcd:2:0:0:0:0:9
+c.nic.saxo.		172800	IN	A	37.209.196.9
+c.nic.saxo.		172800	IN	AAAA	2001:dcd:3:0:0:0:0:9
+x.nic.saxo.		172800	IN	A	156.154.172.82
+x.nic.saxo.		172800	IN	AAAA	2610:a1:1074:0:0:0:1:82
+y.nic.saxo.		172800	IN	A	156.154.173.82
+y.nic.saxo.		172800	IN	AAAA	2610:a1:1075:0:0:0:1:82
+z.nic.saxo.		172800	IN	A	156.154.174.82
+z.nic.saxo.		172800	IN	AAAA	2610:a1:1076:0:0:0:1:82
+sb.			172800	IN	NS	ns1.anycastdns.cz.
+sb.			172800	IN	NS	ns2.anycastdns.cz.
+sb.			172800	IN	NS	pch.nic.sb.
+sb.			86400	IN	DS	17635 8 2 27F59686A15B09DC8293FAC9C31E5BE51ABF214E1E9CD5B21CBE50F0F311C780
+sb.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . ut+gZba3J1DKXBAqn/1XL3XUFdG2ETQuS0Fr6y9L78yD5i/HUJu80hpqWGEzJIUhic29KjZ5Ii2YcX3BoiH8b8dcguTp45hJIIlflKOKSUJtpwOMzqetc6hT48vRczO0zfJ2nuL9viIhTUKBhvrGycpcg/0QhMYeZfeWoJMF+T/qR0oCIpULRMupHWTbckWy3TPHm2R6IJNX9yTAHx/IaE6rfD5rAIremcchFUjFsT9GXT49/tI2Md8uvux94C9M5RV0MQchGPdSp9VX+QyPQw6smcZ0MCE7hpdDTj9QsihRArbnkIW8MgNGwFhv3as3nNpBvLhaT7ENoSnwKHF2Wg==
+sb.			86400	IN	NSEC	sbi. NS DS RRSIG NSEC
+sb.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . ePN1sEKXwKzVSL4BAeFy/GKx3BhHtjVl5uHkstZxeMkEvrMpsH3EwyYJ/1tm++7GnwBmguEbqrgvnho4xsijR4i2M/OJi3uLKJGFsaIr+DM1hgOdJVKUEjG5P6E/iCwRUqYFjd8mqMiI7l0/3RT99X+dQzg9mUxu1kqI2gCX+P89UO9SVzP5cr0v/rwlou60S3uiEjlBtgaD6V97R+1GkZy4MwyVcLuWDWN+wGpyzOuwXRuvfk3y/ZEUgGz0IkRvVYC+KtKdNzP589COg0eD0X+gvoCiXyRyqvuX2rZEiYN22YDQO44R2StwnDxJLzXzCnwBz4cXwpuD71bpHsTPQg==
+pch.nic.sb.		172800	IN	A	204.61.216.31
+pch.nic.sb.		172800	IN	AAAA	2001:500:14:6031:ad:0:0:1
+sbi.			172800	IN	NS	a0.nic.sbi.
+sbi.			172800	IN	NS	a2.nic.sbi.
+sbi.			172800	IN	NS	b0.nic.sbi.
+sbi.			172800	IN	NS	c0.nic.sbi.
+sbi.			86400	IN	DS	31606 8 2 70193B642AEFE13270D7FF55A3FD26BCB1C6CDF4D43B04F694509DE430381F4B
+sbi.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . azoElux0huV1esXTKhfk14Xt3wmXOY3ecd7Q3gQlyYpYSUCxHW04/9yB6HV3qtbSNbiGaalNvtI1fgYurKIe6qIcGjpWWR/GEbXZzWJnoRmop04S9hCQ5WTQIVqPedqgilVC63emNnyP8l8udfBlqa5tzf1KQ7p1U6sWErrDqYlG5bKAkdWFzJ2C/FHUHL6KzYKKWTWs2SbRuodwbkHpxgNqj3MH8izxcTAk7fH2YMLqra+vMI7sGFBPLueRfFEaH+k2qE3EDehRYfZ6VmW5tOSrXOpEqAbnKucUkiofoFzHC6MXRlxONo5xB7VCzj1pEvnOQez20k+GQ6HD98VVsQ==
+sbi.			86400	IN	NSEC	sbs. NS DS RRSIG NSEC
+sbi.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . h1VGWK7XU5Qvg+qW4WL6edGALVRK/D2V52AtauIgizhdhM3iYYArgEvg22AT3Ru00cmgVydDeRWMYnHm85NWWY0RJOFr2huRqmRa3lHaRrTH7LMtMG6aNEVqNhrwyUbh0m2Mx6VWwxPTlYX6Bl12yUf5F6b/Xfx7S4o2SzzRxwFqDCRcT1QF0QcfgIZi7FtoYc3+Mb8qPqn3ZD3dn6hsuvnEs6oCjMcT6fVoQ2QhsG9/EiNif+kgfaSu2IOus5tNfchy4ZCeZfnBp/h7THcM3xGvJr8DgVUYBIleVtUM/nOnRt7Lt7arTeOXq4pRYV74klwGNA5FRLfpR7VDW75/vg==
+a0.nic.sbi.		172800	IN	A	65.22.176.9
+a0.nic.sbi.		172800	IN	AAAA	2a01:8840:aa:0:0:0:0:9
+a2.nic.sbi.		172800	IN	A	65.22.179.9
+a2.nic.sbi.		172800	IN	AAAA	2a01:8840:ad:0:0:0:0:9
+b0.nic.sbi.		172800	IN	A	65.22.177.9
+b0.nic.sbi.		172800	IN	AAAA	2a01:8840:ab:0:0:0:0:9
+c0.nic.sbi.		172800	IN	A	65.22.178.9
+c0.nic.sbi.		172800	IN	AAAA	2a01:8840:ac:0:0:0:0:9
+sbs.			172800	IN	NS	a.nic.sbs.
+sbs.			172800	IN	NS	b.nic.sbs.
+sbs.			172800	IN	NS	c.nic.sbs.
+sbs.			172800	IN	NS	d.nic.sbs.
+sbs.			86400	IN	DS	49074 8 2 DBDB6A00E2AAC5F3C8EE371B1E46F69DA8BF7B985F837CDB9FAC21BEEE2F7FCF
+sbs.			86400	IN	DS	56056 8 2 EF6D326E9513EA4C07F99A08AFCDC5F3D9E3F6EB73000AF57D6FC3DECA1CA31C
+sbs.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . qbUJhZhqCEkuH1WQ36WsYFeJK8WZYxPZjY5xhd4vhGy8S7nRLOkPaImmxprKzgf/YMyFhzK2t+YdtsCw+8bD95nEyQeP7KcF07TvVyi5VuJjdqaNZLEPRWABs0aqRmf/DcEkcgXTqZfOUCW3TQ7E5yFqvfownU4Xpj72nDYfMS/XWivaVzgDQWRf9/63pvZsRvs3Wai4DBzV542k7IwR6UcmJmc6xRnoWG9vFYh+a0Ufa1vo+pD+S/dOpzljuSUwxe4cVHMCso0sYH8JsNmEqSW4wr323i/Uvi5t3eNNfX+cSG8J6TE3rUxCUzNsehGhOMBa8hA2Px51rDZMx8xZqg==
+sbs.			86400	IN	NSEC	sc. NS DS RRSIG NSEC
+sbs.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . ewKaQs+Rw6SrrUNEGideS1qiuXevxJizT1/rweDRT1s8x2Any6b//5mCLQyCDFrgHNvRwDF+eldhbP5AjmmQQU3Vc5LEaBQ071PAVPpEcjX9Yl8U8qZ7pUoForvaY+rSm98JM2PMj7Shcu1WRlHkNCEJwvfKDFndehU5u0OT0a/P8TEfSxF5XvJai34FlhK2nuJHyzrpyCR81XmIlUYeQfRWdZqIgyO9dlPYk+7TlEMOuk8EE3EzLDJP3iOnS+/4CMG3jBK7yO5Ry/hhaagR3Ce5d5v9onKwX2P83g6Sbl7do2Hv1fyvbBKbJQiEShtYGfMQsZG/U6KvQAzU9Px8Gg==
+a.nic.sbs.		172800	IN	A	194.169.218.127
+a.nic.sbs.		172800	IN	AAAA	2001:67c:13cc:0:0:0:1:127
+b.nic.sbs.		172800	IN	A	185.24.64.127
+b.nic.sbs.		172800	IN	AAAA	2a04:2b00:13cc:0:0:0:1:127
+c.nic.sbs.		172800	IN	A	212.18.248.127
+c.nic.sbs.		172800	IN	AAAA	2a04:2b00:13ee:0:0:0:0:127
+d.nic.sbs.		172800	IN	A	212.18.249.127
+d.nic.sbs.		172800	IN	AAAA	2a04:2b00:13ff:0:0:0:0:127
+sc.			172800	IN	NS	a0.cctld.afilias-nst.info.
+sc.			172800	IN	NS	a2.cctld.afilias-nst.info.
+sc.			172800	IN	NS	b0.cctld.afilias-nst.org.
+sc.			172800	IN	NS	b2.cctld.afilias-nst.org.
+sc.			172800	IN	NS	c0.cctld.afilias-nst.info.
+sc.			172800	IN	NS	d0.cctld.afilias-nst.org.
+sc.			172800	IN	NS	ns1.nic.sc.
+sc.			86400	IN	DS	2539 8 2 8293FA3AC08BE770A400DDE4F250DC6BF1046F34430BE12E65C15BF2F482B26C
+sc.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . bD/4pX8goaFk41PHK/xtI3HQvJuArRItVdHFXQyQziDeOSLLFG5yqAHU1WE293vMR+r730noqmn7xxrtSjroSXOlTo2hg5F4IpmhClBMjOeNKy24Jv4ZAfm8v2tNMDo6xzZpaGjqOstMxaMGZgpMfa27ouqskiIHcHNjzNfYubdhIMdmfe7moc0CQjwlxcPV1aekucOmEcfttk3wmMaPpjMrV6JWJl/84s9OhopWA2V0FqBMNxxAInas0m/NuBotIM6WnrSahxT+0vhYpmh1kduulVsEgXjRVrYwaj0reCTXxIJ3k+SIC9OYfg0O2peK7IqYBY7C71XRVUAteZBYNg==
+sc.			86400	IN	NSEC	sca. NS DS RRSIG NSEC
+sc.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . CtianIxV4mKNsAa6l+Jab6WTbhxKOhqDjQxX3n78Jl0Zqqrm1a/Td39Yz+ZwQFJXozrx2c9fgAohldYzs4ZC0KMet57DI7Blf+TberNsJziPf1NIA85ACgUkw6GZUOlD0DjyVAS3rDetW/tLv5DX8TEZWFfsJvXkd3MnlNHwa/ay4WLFo8hgW5bWEAXt78eTA94CqFjt8opXcSedH/iASBX5TSbiKszfWS6VuUUYS88nKy8tYAy92rn9DtPdq9GZdPxoLrArKkEHTmvbrU8qHCSxNrGMYmkMb/vB9+VulMT+ykMEEpDiZyPvLpCinpO/a0JDqDI4yE9IvYUo9Ehh1A==
+ns1.nic.sc.		172800	IN	A	41.86.57.54
+sca.			172800	IN	NS	ac1.nstld.com.
+sca.			172800	IN	NS	ac2.nstld.com.
+sca.			172800	IN	NS	ac3.nstld.com.
+sca.			172800	IN	NS	ac4.nstld.com.
+sca.			86400	IN	DS	11691 8 2 2433227153341429FD6DC9CC654844E9614C0BF4D408C39BBE0149E1716438DE
+sca.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . o8eoAYAo7qeSc3tv0otnrxJ5BRU4bcKvWs/VS1Ha0YSKrv77vT9XqB6z9MrKNztvmmp1D758HcbKga4qkKR/C0psvN4SQPHCogGr2otQoHQzxVL3TYRXvhv72E/Gy3R2bLZ1tvVSIgoWSjYSBtojuEotsmXV4Ntbe1m1yn0ENlaMt3M7fev7mfXwI2gfp9VYS53PSX1P6ixEmMamFbeJu2TJmVGjUK+Ilo9FwHZIbM9XtOKU4rUqg4LNw0noM3Q6g0/h+8eSRMRAj9ArtBYGU58AfNvtyPZmV/B2Q1f1HBCD/ijhZWzeMhaKDLFCvwDU4QfF4N0SkUvFN/6d/F+edw==
+sca.			86400	IN	NSEC	scb. NS DS RRSIG NSEC
+sca.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . yBtqEKDmbtx9EN08sXVNR/fHmhTjdwRAhPZZQ6rPju2S+tRFXyaBtrI+CLdeweTaBcVxcbsj8Qn/KImwa54W+V4Ixx+pHYd3dvY0kE51P+kLNMSS4ML/rDdPoICQMoixbhwn/K8YTo9fP95f7WiSTSKYhTXWw3q8dtelEqdsgYcQ0rNZnkV0Mdd8jKZG+PO4AMhx3Ga9kkMttmkpfJQ84H15meCECUTfpFhl8iWPqcVO6QrVfiT9padLky/EUGsSpwW8dmIy2m2ZZ5Lbp5hAzeZxj1b27uosI+r8E04k5MVDSKli0/R1RkomC/9gGRUV0YEBnrOuUyDyjJwwDkaVDg==
+scb.			172800	IN	NS	a.nic.scb.
+scb.			172800	IN	NS	c.nic.scb.
+scb.			172800	IN	NS	rz.nic.scb.
+scb.			86400	IN	DS	20801 8 2 16BFF89DD2FAF9AC06221F6DE0E206ED57FEC2E29316779E30789D7E00A5BD2F
+scb.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . WBt4s31vpTqiKvdPlyhOTzgA4paGkCSYCSxvj4Fem1+vWtnj6/+T701dZR1xF/SIRw+JSlXJKVhdBLepNZI7y680PUxaJccmFE2iXQqeIt1OJjaPes0xqYHz1xclOhUvR6+A0nx5bo2T0F8PUtQacrSS4HILOkGull62lJ+7hB7j7Ie3iAkx3K35vIAZHzz1y+xVMOAbB9Lxf+zjL/hOhOmeE4dQ1qQVHDdP0CBQ+9QxoK6MNQzo0mWvDUnwwNdTzMKwNwyVHQ7r24zJ1cQOyiXrgUNv9Ld0lQBIzKy5Lr4hIdo3mwr0uKUyu05UqOw95uXehS6xzaBlOo+ILVoI2Q==
+scb.			86400	IN	NSEC	schaeffler. NS DS RRSIG NSEC
+scb.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . QAf16fvP9zApd6hhBnAdh+t+WVQ3iWT2oQV6CI0lMdfkwKLL5vvRUlFTRo9DOLDS+fGBf3LsI81pk1P6ydofNcd00XuxTDi23y3is6bXgQAlwMQFf3MSR3BHDjQhJGKWguYJ63zbnWhLNHkuCMyfdTp0UQqYaKNZtTPfFWKHPxKyex6ecJ8f5EyoMj9Tx7OEXty/URS5tLRD+bcbCOivoU1rIbycyddzExdNq36uSI2i/53Oc61VQLrvVnFubVb2SqNwN1xCBwQYw6RhUK3abnLpxKVcNXg4oXo44Bkf78bYK41ReQo8p27bBtSTcffClVErGTgljFLbCBC2esTLKg==
+a.nic.scb.		172800	IN	A	122.155.23.51
+a.nic.scb.		172800	IN	AAAA	2001:c38:2000:183:0:0:0:17
+c.nic.scb.		172800	IN	A	194.0.1.35
+c.nic.scb.		172800	IN	AAAA	2001:678:4:0:0:0:0:23
+rz.nic.scb.		172800	IN	A	194.0.25.42
+rz.nic.scb.		172800	IN	AAAA	2001:678:20:0:0:0:0:42
+schaeffler.		172800	IN	NS	a.dns.nic.schaeffler.
+schaeffler.		172800	IN	NS	m.dns.nic.schaeffler.
+schaeffler.		172800	IN	NS	n.dns.nic.schaeffler.
+schaeffler.		86400	IN	DS	5269 8 2 7CB20720C71B7DE03C050C85D6A41EC795F90912F8918C4FA5F2AB37C45CDBB7
+schaeffler.		86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . IuqzBEqctKjQL9VqgcHrUbzWwNzLe/ZvbtDTCLFKF+AIE10U35RMtHro5F8MAxw/gaGq8E1HgKBSFCk/NVqtvixWWPWrl+CcFFwA7vkNMugMMNNZYNztJq4lze3aIjmg+oczgCiiPQBf+BGcEFOYEYaCB7ahjn+xtmn6DptBpTgA4teXwyht2MI4fVjMnOfOOa1iIYFQ99PqCEDoJlc/YbHuaZ5uVnee3avpE4og018jTX5YqCLm7e0wJp3Jl1ADlE4Dh9dfQrwkb3Go7oOJ/1Wtmazz06VHu82NhIGaHKZJW41pXLD+Agpthm5eZ7VIfgBB6Hi/zPxnt4AJ0BDmzg==
+schaeffler.		86400	IN	NSEC	schmidt. NS DS RRSIG NSEC
+schaeffler.		86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . qD5BFLaPC3K80lzxRfeUuduA93ovsyTcyi5jiMALc1CFOTELz2F6zlOvU6ibq9cYCDNjWqcXHNWyCd3DKdvFYJxEztllC9n4m677cZv2eyUctqFbjgpU1V9sDWZ6Zztvsxe5nCEjs9lJWuXIN2aXzoGH3GI0SDjjwGvNf015Qb7zXVtAMs+mpKnoXJUPsPjiQCr+FMG8eiyKzZxxBiQTKuXdnUNwwIYW97p2lawdr5i+YS7q2omf3q5wYTID2DADi7EJ/ILBTOCe+bvF22+j/Ge3P/ROqw5MtTJWRJrx5VXOvH6dyLHSud4JmAzcTuDsaumhfE1dXz9Pcptjl+Opaw==
+a.dns.nic.schaeffler.	172800	IN	A	194.0.25.34
+a.dns.nic.schaeffler.	172800	IN	AAAA	2001:678:20:0:0:0:0:34
+m.dns.nic.schaeffler.	172800	IN	A	194.0.26.14
+m.dns.nic.schaeffler.	172800	IN	AAAA	2001:67c:10e0:0:0:0:0:14
+n.dns.nic.schaeffler.	172800	IN	A	194.0.24.14
+n.dns.nic.schaeffler.	172800	IN	AAAA	2001:678:24:0:0:0:0:14
+schmidt.		172800	IN	NS	a.nic.schmidt.
+schmidt.		172800	IN	NS	b.nic.schmidt.
+schmidt.		172800	IN	NS	c.nic.schmidt.
+schmidt.		172800	IN	NS	x.nic.schmidt.
+schmidt.		172800	IN	NS	y.nic.schmidt.
+schmidt.		172800	IN	NS	z.nic.schmidt.
+schmidt.		86400	IN	DS	26932 8 2 B073B6B0636B7081AAEC30D496A1D18B380031886748277E8EA437C07D9C9A61
+schmidt.		86400	IN	DS	44854 8 2 D1351C74070E9E2B0DCE546B4814DF0ADFF4E289B1F5F3C6FDDDDD6A8CA1E33B
+schmidt.		86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . x71UOqCxd5vfR7y+AIbKJFG0eMwvg+AWyAVnX0bAXEt7j0ZK36MaG9yT2QQ90xZf8u2u/QLC/rqj3GmnR932s3Ync6CS2BD+VeCtwsRh7Ec25YT5v0+BM/3kQA7ToHgZoccI5AwP2/QP1m4+s0W5PSI09Ss3Q9LAyF5V8igGMtKU6dvSjNRlGfvb9yDmhXUFsXiXU0wvuKBKqOfARBX2minPkRH1bcYdVzsIg6DXoav3mwnIvmr0evTEW6jfdu+39AQW280hUWQDqnSHduxw3h5y4YHL08++AUR0TohOgvPc9vkaLUqrOHmXGkYWBs/AI/AWlh9H3eXuwT66p/uTJg==
+schmidt.		86400	IN	NSEC	scholarships. NS DS RRSIG NSEC
+schmidt.		86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . Qztt3FWOLrtxV62pTaJQE8ai+yQcDUALVGc91iiWsRztzkB6MJfOR2xnyUCdGNR0PpdF2/Mi9ukYjQ8HGGSr34VUxz5foU5IZ1/QzYHouJK3MMHDBm+IaR2vDnNutms4qSsrCigb2j4/HUicL2gy36uB88SDHlisXp02VZoavC1dcn7v530TyAUeH/Jr5i8zm3dtsW5dXkpTOW+c4io1yYM4A4sVe5Ne6+BDLD46Dvv2fALTA5pZZJ9hiEdZhKbYjUEorlyZVh1iEzQnEldJgOlTrvwCqdcy8WaU4flGWAJBHG3enKghb6bGf7BVigd12Dumm4HYWSRC5LSvc93ZRw==
+a.nic.schmidt.		172800	IN	A	37.209.192.9
+a.nic.schmidt.		172800	IN	AAAA	2001:dcd:1:0:0:0:0:9
+b.nic.schmidt.		172800	IN	A	37.209.194.9
+b.nic.schmidt.		172800	IN	AAAA	2001:dcd:2:0:0:0:0:9
+c.nic.schmidt.		172800	IN	A	37.209.196.9
+c.nic.schmidt.		172800	IN	AAAA	2001:dcd:3:0:0:0:0:9
+x.nic.schmidt.		172800	IN	A	156.154.172.82
+x.nic.schmidt.		172800	IN	AAAA	2610:a1:1074:0:0:0:1:82
+y.nic.schmidt.		172800	IN	A	156.154.173.82
+y.nic.schmidt.		172800	IN	AAAA	2610:a1:1075:0:0:0:1:82
+z.nic.schmidt.		172800	IN	A	156.154.174.82
+z.nic.schmidt.		172800	IN	AAAA	2610:a1:1076:0:0:0:1:82
+scholarships.		172800	IN	NS	a0.nic.scholarships.
+scholarships.		172800	IN	NS	a2.nic.scholarships.
+scholarships.		172800	IN	NS	b0.nic.scholarships.
+scholarships.		172800	IN	NS	c0.nic.scholarships.
+scholarships.		86400	IN	DS	57649 8 2 24261732A51A4D33ADC9A823EE1E38139BCABBDA2F4C2EB7F6C8CEB3480B64B6
+scholarships.		86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . dRjdhgeYRXRAMACA4d4UdzcxHqN6IwvPvYW4+TBkqLqSJ0TGmMmKu94XsoMnAXYJN8zIacdPcu3faNrtIwrNDcI6hSKbFk9JABAjD55eA7z4CBEWjGsKsobp96N03v5olQh0+m29XAU+z1CpwV2b2U2GgFqOqETc9rukeoQAmt0ENJRnYzgfe3kWCP+uXIfOFjk2czMwRGWFbmg76n4cxNea2IyXS8iRfRB5X/JSgAPId3e+MpurFsMV+eDT1vAO6XdgaiOFpg1B5JTxqskyS0ZsYch09tXBad38vaBHcfrwUPwIkkRr/f51ooDapFZ07LZZ1swouOCXoMXPpeLzmA==
+scholarships.		86400	IN	NSEC	school. NS DS RRSIG NSEC
+scholarships.		86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . PiUib0zKaOI3sMznBoOh+nJA8HPT5e073/DsEjiOJSkq9Gk7M2QMvX1nvoNMCTlLtEVAi1ncjwNAULyqb2CKg+YaxuBUfEcuEfSK14k8tKFAOR4Ts9loHMGZ6DZGq6RlIXCjyXwWKCDiSuuaNlgLF4MnbCODM7zJJhzYvIZFrbChdBroxs3X/LWmFYEbARtTr+YEirOjiuoODaZjzE6RSbTcHCrh3yTapB+QxShHi9uQi1gVILQ7qsUzpKz/Sbxd6v7KHe2msRJSrEzT+VlJAOi3qXCEl3GVKNoE7ajjemQ+9rHlJEHtJipD5AwALHz9M/UHym6kEpai5KXEdjKwew==
+a0.nic.scholarships.	172800	IN	A	65.22.140.17
+a0.nic.scholarships.	172800	IN	AAAA	2a01:8840:8a:0:0:0:0:17
+a2.nic.scholarships.	172800	IN	A	65.22.143.17
+a2.nic.scholarships.	172800	IN	AAAA	2a01:8840:8d:0:0:0:0:17
+b0.nic.scholarships.	172800	IN	A	65.22.141.17
+b0.nic.scholarships.	172800	IN	AAAA	2a01:8840:8b:0:0:0:0:17
+c0.nic.scholarships.	172800	IN	A	65.22.142.17
+c0.nic.scholarships.	172800	IN	AAAA	2a01:8840:8c:0:0:0:0:17
+school.			172800	IN	NS	v0n0.nic.school.
+school.			172800	IN	NS	v0n1.nic.school.
+school.			172800	IN	NS	v0n2.nic.school.
+school.			172800	IN	NS	v0n3.nic.school.
+school.			172800	IN	NS	v2n0.nic.school.
+school.			172800	IN	NS	v2n1.nic.school.
+school.			86400	IN	DS	34030 8 2 30E847D55BBC147F8706CF9EE2B50478F41A143E2CBB738F7214DDD59CFB31AE
+school.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . mnCSHVzRoo/+i4TlTLvBRs3vocI+QR8wDMxo3emEfyLnYKhsQWt6XSN+j6lj+yz8hoyR9AWwy9Ly6PBn1qosTz23tIGo0FwsF6ucxK4UdD5zPr+kpwtf3GWB9PXXk0vXG3Wg6RzDIu+YmkVT16vB5R3xdq28P3Sj2AwTeldT8zS5MzoO759WVyU0Wqlxm5tJIWoh55fBECknNIoxs7EoDOWHcsQe5EQa8ZD4chAn0czbKSsXpXrkFoB3JmpJp/1D5op6cVDgQY/NqUb/Eql/e9bKlkqux7lFoaAzv6VFMoYbl506FjzWG9dRQEKpt9WcdZQutigdSJmIk2MePLx10w==
+school.			86400	IN	NSEC	schule. NS DS RRSIG NSEC
+school.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . 0TITPbNSZvzafoopNof3mCmLK0R4DNN6M4EjEiB44sacPeMcbgxxEe8JJtbZM6E9QZ5RqBejJ7YksZe5ige3NXGhC0AGUtSzS7VGOIBrpkhstW8COekOGQo+Y/40CS+cXxHAUEOndGqJKmd0+6pmDvJfm3nvAGuByDE/1uXZPtXTpKW1dUYK6iHwnxC+7wePWiCFxMdU03/D4EzuyBtcE3aIJSzaJj+9oOyh2vqGNCKbraDI3UkFSw/bF/HEKplTan9g+fS4tYMoLZOmXYMRyxLHILPQpiEym+1T2/E45bECcMTPMQvbqiZ7myIRRvgrJ7KVY0F/X2QYV2VH3f0LwQ==
+v0n0.nic.school.	172800	IN	A	65.22.20.43
+v0n0.nic.school.	172800	IN	AAAA	2a01:8840:16:0:0:0:0:43
+v0n1.nic.school.	172800	IN	A	65.22.21.43
+v0n1.nic.school.	172800	IN	AAAA	2a01:8840:17:0:0:0:0:43
+v0n2.nic.school.	172800	IN	A	65.22.22.43
+v0n2.nic.school.	172800	IN	AAAA	2a01:8840:18:0:0:0:0:43
+v0n3.nic.school.	172800	IN	A	161.232.10.43
+v0n3.nic.school.	172800	IN	AAAA	2a01:8840:f4:0:0:0:0:43
+v2n0.nic.school.	172800	IN	A	65.22.23.43
+v2n0.nic.school.	172800	IN	AAAA	2a01:8840:19:0:0:0:0:43
+v2n1.nic.school.	172800	IN	A	161.232.11.43
+v2n1.nic.school.	172800	IN	AAAA	2a01:8840:f5:0:0:0:0:43
+schule.			172800	IN	NS	v0n0.nic.schule.
+schule.			172800	IN	NS	v0n1.nic.schule.
+schule.			172800	IN	NS	v0n2.nic.schule.
+schule.			172800	IN	NS	v0n3.nic.schule.
+schule.			172800	IN	NS	v2n0.nic.schule.
+schule.			172800	IN	NS	v2n1.nic.schule.
+schule.			86400	IN	DS	32869 8 2 76B7D6A448A72D947CF0B045429535113822FAD4DAD7B120910EA0D4F5E835AA
+schule.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . MRI4EUt8PHIXcbMw+DVOL3qRQTmJIkZGgkI0b1hNrrBgf4or+2ZGf50v8sNjsPX6sT5Eisfi/o6GkYREyS+szqB2z4KsS6iFZ7yNPtdxzr2t/8OqANQfBN733pAHNbQaCp/LuDav5cP3G2EUYvGGEaWFMQPt5/ccFstnA1nbx9d/HjBLqNr5R27fSjdxJMZhxXcTMsa/f9uRpLcCOnW8OuLCqmoaz3USAUB8G57eaDeWcocYDWd9jxS3Todw2hQ0Vq7GIp7I+t+82YVvYcOMvU5ovBYM4fQRWFHN2XrlHEHVXlH49xBjuX7fGamaensbVXkcVPrHr86Y8o8oEX1QMg==
+schule.			86400	IN	NSEC	schwarz. NS DS RRSIG NSEC
+schule.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . FekUfvLbPx1EO5ZlYWCGw43E0LqHLcUbR1ZmgaeqlcvZgkP5zzeMftQ/QtRnEGk7X6PGBS9qwLqeWrtzmb2dssj7kdCrL1KWD9mTAJDNBjp22FfWbj2VVvBC6vJFZAKDZx/vUNvnUs8J4DNYqK01ClsqaLNG5IHOuW+4XRwa0pjswkuzqD6g3hUDHILCexl53NF3y5RVlmOhXSq2j04dTE4b8y19QlxIBuHqmNhBLbLzOM9CXic67yCWGRznEdK+lJsxlC0GEsY7mG7AcopOomnpaLKP/8NHF/LiM0CcTj9zFo5/5mocs8dGmatGJrlUzEZIkyrqhiOtYV0vu3Z2WQ==
+v0n0.nic.schule.	172800	IN	A	65.22.20.68
+v0n0.nic.schule.	172800	IN	AAAA	2a01:8840:16:0:0:0:0:68
+v0n1.nic.schule.	172800	IN	A	65.22.21.68
+v0n1.nic.schule.	172800	IN	AAAA	2a01:8840:17:0:0:0:0:68
+v0n2.nic.schule.	172800	IN	A	65.22.22.68
+v0n2.nic.schule.	172800	IN	AAAA	2a01:8840:18:0:0:0:0:68
+v0n3.nic.schule.	172800	IN	A	161.232.10.68
+v0n3.nic.schule.	172800	IN	AAAA	2a01:8840:f4:0:0:0:0:68
+v2n0.nic.schule.	172800	IN	A	65.22.23.68
+v2n0.nic.schule.	172800	IN	AAAA	2a01:8840:19:0:0:0:0:68
+v2n1.nic.schule.	172800	IN	A	161.232.11.68
+v2n1.nic.schule.	172800	IN	AAAA	2a01:8840:f5:0:0:0:0:68
+schwarz.		172800	IN	NS	a.nic.schwarz.
+schwarz.		172800	IN	NS	b.nic.schwarz.
+schwarz.		172800	IN	NS	c.nic.schwarz.
+schwarz.		172800	IN	NS	d.nic.schwarz.
+schwarz.		86400	IN	DS	19729 13 2 776AE387424072C0216E5EC2A5D726F289D74E1BD1527400E490982C28789F5B
+schwarz.		86400	IN	DS	21945 13 2 65795AC97BB20D4D18CDA59E8CB0BCA258156F4A2AD3E3D2495259EFD1708357
+schwarz.		86400	IN	DS	51361 7 2 39D5A41F51DC9478526A8ECEB14C11095D7EEE368191936EF8519B15D2F0AAB7
+schwarz.		86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . aLx/vqdUgPXt2P46n2VNslnHZDJ3O5fRK131KCeZy0sRaBEcWMAb2y2f4X8j0f6nQbb2dciFQbaVvkkkN11O1CroXnwQpXeeKeHjszCR6nXqCTA9qUdONGPOYNhcMTr68XMTsXisGDQYsyJOH2PWEy4VwQg2C7H57wC8vYRhzE1v6gXmxnS1hDVpITbHUJm8rs/Xdkfd+JIELY69iH+l6HxwIFlK0sQWfn2s5ZT2Tg8nTP163nlx8fm4iDomKxHBXx7n/bGYgsmUOi63QmXi+hrSOl+8fwlxgzGfawxVOXxACT2PPGaqQG7v4XUDYpkJjEURQLPIdNrk8Da5QPa0MA==
+schwarz.		86400	IN	NSEC	science. NS DS RRSIG NSEC
+schwarz.		86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . sxoWJTiB/i2aFkVcrvtDuncWOzliTGY8o/xvh2HN3e6XHBErrBrawEvTtOWc9hMoH/y2w/fjM61nA6M7k43XWqIRRVIYehpIVld3ExiLDOsgogLwwivVFis9oRP5CZT7A6MLX5VS+KAJELYVJ3KIgkCnLc8AtniInJ/0s7zwy/QIN9dAqW/WRyL4UEIyW8F7ArrVeMvsqADVccl/+cfyJQWuipnfqxtWWDTDga23kuXPfPhcTawDe6I6YBp5hXEtsYPjrrfmWN0rz2CVxs4sbH6NJdaVEee3JBrtkuOkh01tnNpgY0yRD90Z5RDLtrQ8FZQL7l83N0XPj1xo4l+rlg==
+a.nic.schwarz.		172800	IN	A	194.169.218.99
+a.nic.schwarz.		172800	IN	AAAA	2001:67c:13cc:0:0:0:1:99
+b.nic.schwarz.		172800	IN	A	185.24.64.99
+b.nic.schwarz.		172800	IN	AAAA	2a04:2b00:13cc:0:0:0:1:99
+c.nic.schwarz.		172800	IN	A	212.18.248.99
+c.nic.schwarz.		172800	IN	AAAA	2a04:2b00:13ee:0:0:0:0:99
+d.nic.schwarz.		172800	IN	A	212.18.249.99
+d.nic.schwarz.		172800	IN	AAAA	2a04:2b00:13ff:0:0:0:0:99
+science.		172800	IN	NS	a.nic.science.
+science.		172800	IN	NS	b.nic.science.
+science.		172800	IN	NS	c.nic.science.
+science.		172800	IN	NS	ns1.dns.nic.science.
+science.		172800	IN	NS	ns2.dns.nic.science.
+science.		172800	IN	NS	ns3.dns.nic.science.
+science.		86400	IN	DS	10030 8 2 0E676DABA7FA8C847F77C358DB1F7FE17B6A1423B4C48E3952190446B9AFFB07
+science.		86400	IN	DS	49186 8 2 6712663D49AA8EFCB6C832B978FEB020F0EBBB05B16058C64EF387F4C24DE401
+science.		86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . jFe2i2I42ONMW9I/OVJtJPWD2iivppcbXoRKl037cOaACTzg86VcYoy90t2OzyvH8oO4zo+Bq37VU1bVRsr7JWmhupMFgx4OJGduRDwewYN6rlJwVw7/ljlchP2ZsV2d87RDn07Zv5E02IoXDsDWYpcGBcVrwR9m7fhpwO+MGcKRgG2OCLAnC6KGmfR61dALX8IiOJe3Yx3rEBXOPhArGHcFqW44kOzgEUtu488E2nY4Gr4h2ilVGfn1j5LsrswhCD83GPshCoZQcMWeCQv73CEplu4yrObev3KifTmyOz2Es7wRmkQrlZEfYiV6XyC1ejF+aVDne2Vnchkf7tlDow==
+science.		86400	IN	NSEC	scot. NS DS RRSIG NSEC
+science.		86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . ZXi+jzpzleRpRmjtxgQlzC+Vygo+a/5Mdb+khz5GI7BsaYWMluL/ebdTAPz321B6ky/CEhoCq+BW4P38ftpWmORKFe2k1JOEWMqA99rCP42d3obha/6FfzRyIqWtwHjm0EXvruhzIVl+DxK5/PBNguVPKPLnjEd/mZjxjiNB4cseqDrC8iIw4VdsSX/VL0ADLb7uOi74L/zFtztYBq6iXOPNdNR6t2gEPIuRcvQsQXQoTQWlZFb8HWtp6qhS8LNPecRTjTNwywxeVwJkH5E5VWvCEGyHGGkS9cld4+D5FbXYYpGcVVuWILlSEc+62YIZ8f9Mei/4RqOf4u0Jn4b/6w==
+a.nic.science.		172800	IN	A	37.209.192.10
+a.nic.science.		172800	IN	AAAA	2001:dcd:1:0:0:0:0:10
+b.nic.science.		172800	IN	A	37.209.194.10
+b.nic.science.		172800	IN	AAAA	2001:dcd:2:0:0:0:0:10
+c.nic.science.		172800	IN	A	37.209.196.10
+c.nic.science.		172800	IN	AAAA	2001:dcd:3:0:0:0:0:10
+ns1.dns.nic.science.	172800	IN	A	156.154.169.41
+ns1.dns.nic.science.	172800	IN	AAAA	2610:a1:1071:0:0:0:1:29
+ns2.dns.nic.science.	172800	IN	A	156.154.170.41
+ns2.dns.nic.science.	172800	IN	AAAA	2610:a1:1072:0:0:0:1:29
+ns3.dns.nic.science.	172800	IN	A	156.154.171.41
+ns3.dns.nic.science.	172800	IN	AAAA	2610:a1:1073:0:0:0:1:29
+scot.			172800	IN	NS	anycast9.irondns.net.
+scot.			172800	IN	NS	anycast10.irondns.net.
+scot.			172800	IN	NS	anycast23.irondns.net.
+scot.			172800	IN	NS	anycast24.irondns.net.
+scot.			86400	IN	DS	28873 10 2 A99FB1213FC07299A57251F57238BC0F796D7AA311624CF49DDCACAC08C1DC3D
+scot.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . QPXtpJyo2N9tqLlC78BDhkmCR5qt/m42mMg5c0xjgF1/Paj6p2Vl1ilMPAQM39qyAj9ttF5iKGmRb/XX+IfrgpHxiEKRG54RjC42oK1JSOOluKQwcGYJqO9SJOFqkpgBIrFJCx1vx0V/J8plbMACNGlPrixOh+vnQenfXw58IbuNhBtylmZ9i3IGr3SpqN3OZTxGKcK4E5Xtm/piDU7NAF5CGzYpy6SICAxuzlMDHM13V/Yf5pqd8v4m7h5xefuiEDSVS4JzjHgd8MCYz0HeuWzvrEgYIT5hwmbP0oopOKOgduoUFZy+5SyfdRKmLA9lwy9oimRLQ/NSawC+wq7GgQ==
+scot.			86400	IN	NSEC	sd. NS DS RRSIG NSEC
+scot.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . a5pipyOvMKXzwSRE9koRTOu+3OQh6Bd/imIL2zTqtGENcknpKm3lTs+9N0SkzoMJIXLypbCTHYHAJPVG6vPbIDkeUEyClULo938+WaOIIM/Y/v35QE+nUV9zug1Us+FMnVvjsTwzpkbZLKurp/E7A06HgBZxn8q2gGfiJwZ6ugDzxeSHSF/Q2ZXXgeis1Z6BSWRM+qpYhe34l+N6Bjwb08iNusmC043/qOptAeYOFJACgG44lYp7xtd0t3eQEFmg8KbceYbYAXwxRZ9PDNpwCqQeFXB2RMnmcyBDsOVnbhGzRRMCezlcETqx86FMyWeY9x11P5urDw8vc1DuT+OR6g==
+sd.			172800	IN	NS	sd.cctld.authdns.ripe.net.
+sd.			172800	IN	NS	pch.sis.sd.
+sd.			172800	IN	NS	ans1.sis.sd.
+sd.			172800	IN	NS	ans1.canar.sd.
+sd.			172800	IN	NS	ans2.sis.sd.
+sd.			172800	IN	NS	ans2.canar.sd.
+sd.			172800	IN	NS	ns-sd.afrinic.net.
+sd.			86400	IN	NSEC	se. NS RRSIG NSEC
+sd.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . MzVPRoS+yHa1LHT6hqo5pcX2NK7A2QSNfcnkKshbuZP8mF8u9X9AL4qg9n20QQ03ZAciLb+QpSr99KRK4LJfTrOQaSwJ/lfy2Zd8eUnWMF2fSpigmz9X0SUfO/TRvK+9oETiNlUuOxYfLFIdYfIKnfn+aIlRzWYz+F43jR7IYxSaV34aMn9Pe7fN/TZx5G6OpI1jBBDzLCNlgkoZXZVG80W21GEilED8QXLeuJ108yWvO1UzTTG0By6JBB/2FM+3owY0ep0jwKw5jiXJA4SlP71SgHWfmjvsWgfbw3w28WWeztAYWLyT5toYxmV9T/Uxn7caz37DxMKqK9ldN3LLGQ==
+ans1.canar.sd.		172800	IN	A	196.29.180.14
+ans2.canar.sd.		172800	IN	A	196.29.164.14
+ans1.sis.sd.		172800	IN	A	196.29.166.134
+ans2.sis.sd.		172800	IN	A	102.130.251.10
+pch.sis.sd.		172800	IN	A	204.61.216.97
+pch.sis.sd.		172800	IN	AAAA	2001:500:14:6097:ad:0:0:1
+se.			172800	IN	NS	a.ns.se.
+se.			172800	IN	NS	b.ns.se.
+se.			172800	IN	NS	c.ns.se.
+se.			172800	IN	NS	f.ns.se.
+se.			172800	IN	NS	g.ns.se.
+se.			172800	IN	NS	i.ns.se.
+se.			172800	IN	NS	m.ns.se.
+se.			172800	IN	NS	x.ns.se.
+se.			172800	IN	NS	y.ns.se.
+se.			172800	IN	NS	z.ns.se.
+se.			86400	IN	DS	59407 8 2 67A8E06FCEFDD9397F77F26C41ADE4EC142F299BCFA1827F0EF8FD87F2F63022
+se.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . c3UrZTrSO2U4o0hpxAwy2gfoj4Zc7Hw0AC5j67CqojCsywsPQCDBnTwWenv+PQXGFw4v7tnYQFbitdjD1zGy3y23dTy+u/2LmoWVGmg12StOOOr34inqpZigqjVXc1PUXFmQWVBvy6LLWPpeF7a+DWj83Tj84VKaeaXes1GMcqG9YOgHVWrAXfNDaWqP2ImBW7FVg9W8sZBS61274+LPKf0D9GHdhm1acOQPSgwz2Ugc/6HAvSs6iW0P53a69+Oi8iP8Wd4Tl1do4h+vnXPQQSwDk0Q09a4DtyTkw/s0gIpU4t+4L7AYLjKp9Cx7CvD/5jkDGQ0/b9q/nx1h/yggaw==
+se.			86400	IN	NSEC	search. NS DS RRSIG NSEC
+se.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . Wx7ePhSVdGwpq+Rx1mz9bL+ec43hTFLPQwzxbvTT3AcnV+IyQCWnu55TRdeTRX9+KUI+tN+sKSgQk03CGYpi80dIW+Z/Wzs9nszvOsWeXIvZUgUzC+tuWn9ZivuqZ59gAu+G3Y843dlkCAA9uzYUx0fuZSP8B0K/bySg2jM/aCNIUrmICKe4847JBfjAqO8raAlr9wTrqhBxhOgvNa3ndafWv0ZQigVKph6bKiHtSx3dUdLNTwpEHmhZmHFQ4T9CFIFMH/siIlyrLlR8Qkh+PMNI79yOFkVqcpmgqBJMT4gen3MGEsvk3NXOBVhyi1c9f/4xSK6fCXOt5+egZQN/QA==
+nsp.netnod.se.		172800	IN	A	194.58.198.33
+nsp.netnod.se.		172800	IN	AAAA	2a01:3f1:3033:0:0:0:0:53
+a.ns.se.		172800	IN	A	192.36.144.107
+a.ns.se.		172800	IN	AAAA	2a01:3f0:0:301:0:0:0:53
+b.ns.se.		172800	IN	A	192.36.133.107
+b.ns.se.		172800	IN	AAAA	2001:67c:254c:301:0:0:0:53
+c.ns.se.		172800	IN	A	192.36.135.107
+c.ns.se.		172800	IN	AAAA	2001:67c:2554:301:0:0:0:53
+f.ns.se.		172800	IN	A	192.71.53.53
+f.ns.se.		172800	IN	AAAA	2a01:3f0:0:305:0:0:0:53
+g.ns.se.		172800	IN	A	130.239.5.114
+g.ns.se.		172800	IN	AAAA	2001:6b0:e:3:0:0:0:1
+i.ns.se.		172800	IN	A	194.146.106.22
+i.ns.se.		172800	IN	AAAA	2001:67c:1010:5:0:0:0:53
+m.ns.se.		172800	IN	A	194.0.11.112
+m.ns.se.		172800	IN	AAAA	2001:678:e:112:0:0:0:53
+x.ns.se.		172800	IN	A	213.108.25.4
+x.ns.se.		172800	IN	AAAA	2001:67c:124c:e000:0:0:0:4
+y.ns.se.		172800	IN	A	185.159.197.150
+y.ns.se.		172800	IN	AAAA	2620:10a:80aa:0:0:0:0:150
+z.ns.se.		172800	IN	A	185.159.198.150
+z.ns.se.		172800	IN	AAAA	2620:10a:80ab:0:0:0:0:150
+sunic.sunet.se.		172800	IN	A	192.36.125.2
+sunic.sunet.se.		172800	IN	AAAA	2001:6b0:7:0:0:0:0:2
+search.			172800	IN	NS	ns-tld1.charlestonroadregistry.com.
+search.			172800	IN	NS	ns-tld2.charlestonroadregistry.com.
+search.			172800	IN	NS	ns-tld3.charlestonroadregistry.com.
+search.			172800	IN	NS	ns-tld4.charlestonroadregistry.com.
+search.			172800	IN	NS	ns-tld5.charlestonroadregistry.com.
+search.			86400	IN	DS	36497 8 2 AFAEC406996DF5555FC4365C07C7C74DE82FE7CF5264FC5FAD9D1AB948F3DA28
+search.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . A7VW1tu2hg2JDTR/E3YamnPbmAbd+qAViQI8W8SsIUCQfYhvn2IArj5jmiL24y+9RGaQDa7ilICWjUXu7AodFTeTy/E7OvDbLgzR7kZRlVLj7/K63W7KGVxYRb7fjqyWbZSXX9NHZS1lgzhsXtDw76yBqL7mL2r5g02at9jruf1KLPD9G66EnXrcywxFT1256AhXOKvmHqvSn7GRjZk0B48EB+lUKYBdrPMim68NqgJnb0pMYHFx2OhqwrUHe/iofAzJNNqT7D4qKw9syIVUaNg4/4BvGwlYzbaLn5lE3G4hJGr36ihTosFpSWaInFxCpSO2lcSh3cxMhT4BinJsWg==
+search.			86400	IN	NSEC	seat. NS DS RRSIG NSEC
+search.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . lKUjySrkVSsaI78onwPpiG2HAB15j70pwKEZoN1MbYocStjlaWNjzFok/oQqxWBi5a6LejDYpdFtC+D5y3H3QEA6mPKzcJ3CHeZsm7phIiihacaLB6ZQbnpznTxQKifq0mtjoz98+CPRq5aMt7kR/zxRQaABQFTWolhyJ/IIhxVgbkPvTnrb2gygjSf4ttfXFq3PXrHsb2GP2VmIsVKMcGuZ49JLaIcwFXpzCSuBGseUqje7I9+MKoU6ZC+GN2qLiJX/8eJEKSMsi49A6cI8Ofx5QBAO/fJ9TzbXELpSdZz/kUk8EEvAwBJbabGlxsj23zUFnUQDlcfR2Uqx+LmlWA==
+seat.			172800	IN	NS	anycast9.irondns.net.
+seat.			172800	IN	NS	anycast10.irondns.net.
+seat.			172800	IN	NS	anycast23.irondns.net.
+seat.			172800	IN	NS	anycast24.irondns.net.
+seat.			86400	IN	DS	40138 10 2 8531B10A28C981D28F0F412DBE6A7985EFFE40BF0EFC8F2F80D45F85770C1A8A
+seat.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . woVf1Owmh8zk3mKa6EvVbVUDnFz6kJh2t+mMLFwTKNFqyQ/I7DmpxuIyC4s46iR4U71CE+OcczmBGQvZMKRiTxgjsGj24kie3CO9+ILQatguHj8JP99sSz6fH5x5obIKrJPXpB5j5ApNOYlXlEm7qVWH4XfZYs048LbJ/Etv0XwNImMhJIVEGPqsJIsSXbf6hkTOU8xgkHeqLqkeaea4pBtsFl5VcjZ/VLGxzdqyzhe0ZWqYyidl+kiZEyu1zTUc7bWcPvgLm6W6IWnLVe/JDCtS9yB6kNB2OhMomWWzJEUYdb6lzeXMt2IKWOmfjrxgTUGb1HbCsL+Gtx+9gEfpqw==
+seat.			86400	IN	NSEC	secure. NS DS RRSIG NSEC
+seat.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . 0uPJ6Nl6wZT5QgoBuPqW9FgzQokn1cAwEd5Ty+E7iFxaFovW5qnzuXSizE8wT7k/hMSv5Ow66GGQT76kYu4qEX/7/JhdWBCvLa5E3NrHEWYOtsLQItAZXd25i9rx2I5gAHsyc0hTQIXCLa0RsNb8YBXynAyLqjmxUokOBXx1FdrcHSfilF3M5LSRJE1Sbmx8xpg0JIKeUaCxjlD/Wjcn2ozLdaUmYFQHYSc67ChOvRoKDk08+06lormPJD7whXu5u4iYjnWb6/IBNqIAb8Ey6lqrG3ZXCPCU/yOgsNLKbrZ3L4ugpiCodvpAER0kkL6IEsyJIg1i8vVuJfPSf/WLCg==
+secure.			172800	IN	NS	dns1.nic.secure.
+secure.			172800	IN	NS	dns2.nic.secure.
+secure.			172800	IN	NS	dns3.nic.secure.
+secure.			172800	IN	NS	dns4.nic.secure.
+secure.			172800	IN	NS	dnsa.nic.secure.
+secure.			172800	IN	NS	dnsb.nic.secure.
+secure.			172800	IN	NS	dnsc.nic.secure.
+secure.			172800	IN	NS	dnsd.nic.secure.
+secure.			86400	IN	DS	30610 8 2 E15C59F280C66D3582C2A0B218728143E1C6DB5ACF0A4A17DC8858DBCB0C1CD7
+secure.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . Lhyf/Al6PZQhY60W+fix1SF02cCd+ypVV22eBdWsIqQSPoPgMBrFlnEv07awPOs0BxFpVt+LFmB6wMX/V6HbzIgCUu+HNKmgc4u/lvysmWzG+u9gw8ePrYyQls02Z0OullWr6rkkAj94FTr8rQ/7ULBmt+YHsSzdA5MBhxOJBFA5PJFstJCqKpftuNfXMxAzpXdMd6pi433DGbE3MrODsHHTWvvE+cFxlg38JpBtRGwKN8KuyL7WqClg/MhJ40fBuWxhXrpIeWx3waCmxzFaZGwl7pu3w/VjwW4xW3SFYa8BhNIB2YxMEK33pCYxQUOsl77Vv4rl1NMUSq0EZqNbLw==
+secure.			86400	IN	NSEC	security. NS DS RRSIG NSEC
+secure.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . sjhvrzFiZBFbJF6Pcmknd/r8AjyMCGhCsOSQcPdFj8vLD8/tF2LwX7mbSlTzgcEPeoD+/bj1ITrwprr/dsiscl6XJymodpPVCmAtf/VUzFowRbazz0yw+TekbDio0R11GyxEwDTCa2FBw4VXDvCnRQzk6Sz+RjpNZuG9JSSLMABYm5a0M/YLgVr+sM6RexPZGqUvjcMuluBbU0uZxC4FJrhXDAlX7DXsDCQSftL3mv3NQ/KkqzPwRtT/TXoHzJQ38RbFxWu6LNps7REOSwPGARByGIYiZsqJVeJeu0PbTmKh+4JEH4HwuHn0cOQwIulkML6KZwoAzNG1uTkDfXdw3g==
+dns1.nic.secure.	172800	IN	A	213.248.218.80
+dns1.nic.secure.	172800	IN	AAAA	2a01:618:402:0:0:0:0:80
+dns2.nic.secure.	172800	IN	A	103.49.82.80
+dns2.nic.secure.	172800	IN	AAAA	2401:fd80:402:0:0:0:0:80
+dns3.nic.secure.	172800	IN	A	213.248.222.80
+dns3.nic.secure.	172800	IN	AAAA	2a01:618:406:0:0:0:0:80
+dns4.nic.secure.	172800	IN	A	43.230.50.80
+dns4.nic.secure.	172800	IN	AAAA	2401:fd80:406:0:0:0:0:80
+dnsa.nic.secure.	172800	IN	A	156.154.100.3
+dnsa.nic.secure.	172800	IN	AAAA	2001:502:ad09:0:0:0:0:3
+dnsb.nic.secure.	172800	IN	A	156.154.101.3
+dnsb.nic.secure.	172800	IN	AAAA	2001:502:2eda:0:0:0:0:3
+dnsc.nic.secure.	172800	IN	A	156.154.102.3
+dnsc.nic.secure.	172800	IN	AAAA	2610:a1:1009:0:0:0:0:3
+dnsd.nic.secure.	172800	IN	A	156.154.103.3
+dnsd.nic.secure.	172800	IN	AAAA	2610:a1:1010:0:0:0:0:3
+security.		172800	IN	NS	a.nic.security.
+security.		172800	IN	NS	b.nic.security.
+security.		172800	IN	NS	e.nic.security.
+security.		172800	IN	NS	f.nic.security.
+security.		86400	IN	DS	14150 8 2 2859485C57B2B929084427B8C2B444200FA44011015AA6BF005146582947A257
+security.		86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . kQskCxPJZeu9eIll5FRKcnZCZyJ+gtWBMbct3F3hW21lNEMHmeYCwA41rXkDKqDs1B+o+KTU86dyFzZIVBgGtJVZ4RXqf7qEHCOAhcF0ZBFtDhAFy9F1HomCugeXtjA6BfgY9s9s5RkaZWrmcqLvi7xzcTrYwwyCyO4ZQ+eVwDg1+I2iUeI1Qg9WJEkHOv+HXuxc1vWL6A2aTUswIeYzLEb8C3dub39SnnUaCq22EoeWGPrYbyfyqeIjy6Z1FSO4fsNl5DJT5m5n/FSYy9hlHk/lvS02KiDeFaojOYWYqhh0mb0NriIELm6WaI4k+h7ijIBeFZmbm0UwTOnzGSyWCw==
+security.		86400	IN	NSEC	seek. NS DS RRSIG NSEC
+security.		86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . F1IcrCr8oKUpUALGVx5vdAv20xA1CcXef5STh8um5CAVctHJBhEUG6SFNa8RtyZk1Tu4W08sVoO2EFkM5OTTArsHgIgyJ7sjHDF/qPIPe+uHqK23EblajsBfqC7dNCUnFXv6WanLODajNy5QKLYr7GjczRWVaQ7J/Vn/A4fiC5xbMLX7tjhlLbwCnZwXH75cUIlG3f0NPKWe80aNoXIXZOIFp3uphyCxRCawYos7p7aqoFiPg1h9DDBOJ0LyI+GUD06n27AwhuhxJZXYAftVMcms8cWemxd35u/ZsdISgk3uPFpq6I5lWRlcJNlqK528hS/7ugcDeeCQgWaAihlqlg==
+a.nic.security.		172800	IN	A	194.169.218.68
+a.nic.security.		172800	IN	AAAA	2001:67c:13cc:0:0:0:1:68
+b.nic.security.		172800	IN	A	185.24.64.68
+b.nic.security.		172800	IN	AAAA	2a04:2b00:13cc:0:0:0:1:68
+e.nic.security.		172800	IN	A	212.18.248.68
+e.nic.security.		172800	IN	AAAA	2a04:2b00:13ee:0:0:0:0:68
+f.nic.security.		172800	IN	A	212.18.249.68
+f.nic.security.		172800	IN	AAAA	2a04:2b00:13ff:0:0:0:0:68
+seek.			172800	IN	NS	a.nic.seek.
+seek.			172800	IN	NS	b.nic.seek.
+seek.			172800	IN	NS	c.nic.seek.
+seek.			172800	IN	NS	x.nic.seek.
+seek.			172800	IN	NS	y.nic.seek.
+seek.			172800	IN	NS	z.nic.seek.
+seek.			86400	IN	DS	30781 8 2 91DA9A67E40BA21908471A192586DE34FE04433FB046A0519708ACD7EEB7B9B2
+seek.			86400	IN	DS	63859 8 2 E3C3A590CDFCC251B77CD4ADF685FE3CCE8706A0AAECD5421294B9FF2DDF8B48
+seek.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . ZQL+S0OI6FYCatE/lOo+l+pPZMYxmyRopcioL+TuBtCDaBBNbAJcG7dnXg/TPCp4nnoaVqRkxquGbaFMXcXfbvsGLmzOVqa0cS/XZ/NFBNXgd9f1HAcmZMnk6uOhcqR4A66j8orukIMX26v63aM907VV0KdXMqGps6c/MM4YP/7lS0+keqJ0uO17Igi+s9ArpbrPTRzKj3w0W56qJJqkyoIPrnhyiGTTmnbAqazWyKQhaKdjFQZwhcPW+K0fI37gC8mtmomO3lu8lxi5nd6WCdyh+MUkxtQXKRT5To5o4mYBQWCqpZcMx6Q99jUkkUohZVd+mIz2URuVIRD91nmB4A==
+seek.			86400	IN	NSEC	select. NS DS RRSIG NSEC
+seek.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . bxc1VQY+SPTFGKr8p+r32rQzY6SY2XfItvC4b3x+QBqh7jRzX+DpvaeWqZCRGPv9THRZH+yN5C+Re3rouIRFJbSBq+kgEThNcyW9niXrlyPjo6Yat3F+91adU4hlCSs6ReGC3g/t0CLP8MunHb4YcLFdt23c0Qb1UL28mshK5gRnLOdLjB1BzdOWkN1eCSH0ymnjvaOO2gfafZmWr+3WanKD+7p71aFqf4Pnz5vt7t6pwRX69Em3wLiPOX5qnGOoAtLOJdYtOTTjEehnuZn9XLWawbUa1bYzbVNj8okrPLSl2rT22luKPEbrmo+fUJzj1pVGxardQ1GBzp86ilX5Fw==
+a.nic.seek.		172800	IN	A	37.209.192.9
+a.nic.seek.		172800	IN	AAAA	2001:dcd:1:0:0:0:0:9
+b.nic.seek.		172800	IN	A	37.209.194.9
+b.nic.seek.		172800	IN	AAAA	2001:dcd:2:0:0:0:0:9
+c.nic.seek.		172800	IN	A	37.209.196.9
+c.nic.seek.		172800	IN	AAAA	2001:dcd:3:0:0:0:0:9
+x.nic.seek.		172800	IN	A	156.154.172.82
+x.nic.seek.		172800	IN	AAAA	2610:a1:1074:0:0:0:1:82
+y.nic.seek.		172800	IN	A	156.154.173.82
+y.nic.seek.		172800	IN	AAAA	2610:a1:1075:0:0:0:1:82
+z.nic.seek.		172800	IN	A	156.154.174.82
+z.nic.seek.		172800	IN	AAAA	2610:a1:1076:0:0:0:1:82
+select.			172800	IN	NS	a.nic.select.
+select.			172800	IN	NS	b.nic.select.
+select.			172800	IN	NS	c.nic.select.
+select.			172800	IN	NS	x.nic.select.
+select.			172800	IN	NS	y.nic.select.
+select.			172800	IN	NS	z.nic.select.
+select.			86400	IN	DS	44725 8 2 5EE0DCF207475272E3D80571D3454D3EEE5753F3D71A102B58D38D14937EACC2
+select.			86400	IN	DS	63907 8 2 67FFD642D56C519C3A3F78F2396DCC30D237A0CD5F5A32DDFF33834128698472
+select.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . UDwX1u7J6NxjT/VC2Cml/HfD0zXclc56wT23g02Bva4FWL+aQqjFZa7Gfs76hLk8Zv1t3B//k37OXxZoHLAsiOem9Mbm0EKQ+p2ZYrJ3V3YrPdA/HXJM9d4G+N8pBlzHObKA/d9YoMdnEZGilJcIFLc8T8mkF1r6y0XgqidDoF1Y2vXIjeUdN7DA4A6tbS41mpMiLKMn3BPsqdRQdgP+g4/92IMd9K1kktK+LFDqc0Za6ul17yycMX45eOuBw+dMVNLfkYDlxE/VPaGNusYsVMDfHqCSpbGbB+5VIvrXW+/xP1/Hb+Mvm2fN+piCIpcKgAnbyaaIbWoITda5ZYxVnA==
+select.			86400	IN	NSEC	sener. NS DS RRSIG NSEC
+select.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . QlzpPP5Ffog8ytQlldCuGlZ8C9jeHgHoQS+P/GQJu9zQwuFdpH3v4xr1IGZEcFjbxDyzcFv2DSQvvgG3wOQCfHUidc5JtZMYsHDL5678/vzQ7DWIbMxgFmuVkIojGezNWYb/RByhu+SzyBbr11zKyBlVo7bI612EnuHUra8dRQkbpOEyX59SIVuAqR+a3w2wQwCcgAM0YLaaKIydhWb1xWHzN7USvk8TVoQh3wWBaXqECtkMsvIOD0aBW2DM5o8ubiCPkshhjsHOVjV4P9FyBeZZbVWALSQ/Fv/OhTerPWkb8sw6q7W+P5YMpRsa9iBVib8feMEdzsXYFLjfgqPOsg==
+a.nic.select.		172800	IN	A	37.209.192.9
+a.nic.select.		172800	IN	AAAA	2001:dcd:1:0:0:0:0:9
+b.nic.select.		172800	IN	A	37.209.194.9
+b.nic.select.		172800	IN	AAAA	2001:dcd:2:0:0:0:0:9
+c.nic.select.		172800	IN	A	37.209.196.9
+c.nic.select.		172800	IN	AAAA	2001:dcd:3:0:0:0:0:9
+x.nic.select.		172800	IN	A	156.154.172.82
+x.nic.select.		172800	IN	AAAA	2610:a1:1074:0:0:0:1:82
+y.nic.select.		172800	IN	A	156.154.173.82
+y.nic.select.		172800	IN	AAAA	2610:a1:1075:0:0:0:1:82
+z.nic.select.		172800	IN	A	156.154.174.82
+z.nic.select.		172800	IN	AAAA	2610:a1:1076:0:0:0:1:82
+sener.			172800	IN	NS	ac1.nstld.com.
+sener.			172800	IN	NS	ac2.nstld.com.
+sener.			172800	IN	NS	ac3.nstld.com.
+sener.			172800	IN	NS	ac4.nstld.com.
+sener.			86400	IN	DS	40020 8 2 F580B1E1F989E14EB37DA8CD7201254150E4C28F95CA0D1DB7822A78C93EAF17
+sener.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . qJmc916vERR4CZUt7uThhAUeAhF+fceKfxKBSK2oOeqIgQbhxzICkLon6QSUsaW/EFRoPrLBslUS041NqmuAsukRil34HgzMQQ459VG7FgZbc9P7dLJLZfKDs5y4nVilhtTXmSJyjgm5ZWrYFpPhTXiJLAxiX8PL8e8psqsiQtjdWiPY2lfuZUHxotozX4pgiE0ybLEstY/25/AG7dIepgKVa03pEo090PhB5m0eOIM1OqKAwVsygYRVW9DhP14ud0J8f4loSFd5bz2BdqSaSjw4HgCpVpFEoYwV1vurdjaqEmRNpkoRZcXidUKLoU17bc/5C5HFLVq0QI66GJzk1A==
+sener.			86400	IN	NSEC	services. NS DS RRSIG NSEC
+sener.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . zf9q198uWeWysCwh64PoDAEmKqV+x+hgGVkn6f3ZmWWuWultErwIn58rslIY1C+CfvRLHAqx/ppcgpEM4Dq+Vgim6tlsL34/yIMyITAxj/X01jbq57Jj/aD3jbn4XCVYAqud17kl+Cn23N8dkkqY1rQ5z+Jbv1qaYK8p+MxnExybUfqj80VOv1a6hVgBx5G4537wNUFxh/c8Uds22toV3WFTYsy88h8QXUImNm/Wr0FlDUVsw+D310IxTzEuxt1GkmQWjENoQUT9X9TaE51zBzuzcXJkkz4Yv54/PElWyvupn5Imk+TdfBb6qxdg/QsguVbmlocrobprm0ijKz8pBA==
+services.		172800	IN	NS	v0n0.nic.services.
+services.		172800	IN	NS	v0n1.nic.services.
+services.		172800	IN	NS	v0n2.nic.services.
+services.		172800	IN	NS	v0n3.nic.services.
+services.		172800	IN	NS	v2n0.nic.services.
+services.		172800	IN	NS	v2n1.nic.services.
+services.		86400	IN	DS	36727 8 2 46F51F49699733C685B1A338969594396BA5E24D76F6011149C20BE7A3B757FC
+services.		86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . de0keo47HQjptE/CJdtRq1BhwblxQoCHrztLRRIVpnlw5bTx9ww0/42txavw5M8DIbxDtwit6Ne8zrOD06+uYm5tmtyYbYOATHK/pEPxeB8R0N8N6xCBtLKnaG58YZJ9b5tND2PV5atKaO+q7pQKrK9+86fiL8vnxNJottUIhDEZiG+BphIVlbpKje/aBdm3+WaFyyVUQlSaTYq9wsWw+R9VLMwAeHDBnGba1tUIusBCPVLfLXov4u60eZqh4W6mL5xu8QxWKTkQXVPc4uUyvlwBCaZgjWkA3EoC1Vq5uua/sH1BYAdym4CIICYxUyHYAuRFCo7wMrJcSWWZGYJ79w==
+services.		86400	IN	NSEC	seven. NS DS RRSIG NSEC
+services.		86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . O0nhp4V3GQhB9nMMkfKxSlr962JlQ5jvNDlpKvS0Rpkg2QDPIp2j0YIjafOpxgnIbQe82G09X/v3I/KbQZLMnAMZvfRfM3Tx7RhUGojh58JkL0Ub9Y/SioR/YtY3JcNkQlovacCZfjiE5hU6d9r2zT6qBLA9KcjGMpM5oex/tuZZM2jVgbPVP5uzHBCF7B6uZ+HlRmQNeSLyGdyFhHM1EKwAbv6ODcZg7Yqd5yN/n+5+58eaTBDhWXwpmHkoYLDslDqfL7SmDq6HHz6zkMnKEm/tUJXdyEASZO3gUHdL2wqpoyK1CNTVD7ZRdvp9S+AVyVUQSOCenuV/NB6vdv0gZg==
+v0n0.nic.services.	172800	IN	A	65.22.20.37
+v0n0.nic.services.	172800	IN	AAAA	2a01:8840:16:0:0:0:0:37
+v0n1.nic.services.	172800	IN	A	65.22.21.37
+v0n1.nic.services.	172800	IN	AAAA	2a01:8840:17:0:0:0:0:37
+v0n2.nic.services.	172800	IN	A	65.22.22.37
+v0n2.nic.services.	172800	IN	AAAA	2a01:8840:18:0:0:0:0:37
+v0n3.nic.services.	172800	IN	A	161.232.10.37
+v0n3.nic.services.	172800	IN	AAAA	2a01:8840:f4:0:0:0:0:37
+v2n0.nic.services.	172800	IN	A	65.22.23.37
+v2n0.nic.services.	172800	IN	AAAA	2a01:8840:19:0:0:0:0:37
+v2n1.nic.services.	172800	IN	A	161.232.11.37
+v2n1.nic.services.	172800	IN	AAAA	2a01:8840:f5:0:0:0:0:37
+seven.			172800	IN	NS	a.nic.seven.
+seven.			172800	IN	NS	b.nic.seven.
+seven.			172800	IN	NS	c.nic.seven.
+seven.			172800	IN	NS	x.nic.seven.
+seven.			172800	IN	NS	y.nic.seven.
+seven.			172800	IN	NS	z.nic.seven.
+seven.			86400	IN	DS	18001 8 2 D8F64C5DEC80B8F15B747575C020A3E5249C703D05009D88D091E0D28B1168F7
+seven.			86400	IN	DS	65404 8 2 4C4105485919CC132CEA83E201B0678F71CC7DB260E8BE86DE560A8A1864951D
+seven.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . mFKe8OprfkOMRxFtVZTu5hXssQynFUZ/uHNwd10ga3AEAOPQ343JtWTyOxixEqRQ55eHi/BLS68RHdvdi8n33LimSaxIvOH87t+22D16VjvKWFZxyrXqhxVKDdcsLEMbBwIPtQ4KtzbslfzL52TG/YXT7/7RTjdcVhYB3Ab3cP3nkgqQkmxjNF1KnaWBikU7Ups2XSSDvYw9uLlROdnS7utAGy8AqAmnvhjPqw8ZfcP6gLS9Qn1WRMgABzuymI0WOHPfOeZrGuCSrahrlNTWiOwH0+g5UcvYXg7TMtCj6knrOdguTlvKgXTwKcF48YvJhkYwEz8fzWGEAoWj2432Lw==
+seven.			86400	IN	NSEC	sew. NS DS RRSIG NSEC
+seven.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . yip/VZviVEkIMCChVQI3fz6+pCRQG6TFg61NlUbd15Ajnb6mRZr9OHIrSjMSeL6Sy7VtNRzOjf72lWjQ1KaXdn3m2ZwLZfOmE4o86zyMn4CuUTc9ypiRvum7lPeAUJ0jCuDkyVV0yNlY9YAGp2L4Gj1h9hVtFVKkKvs9JDDE7KsnnrEyk0xnDIeo9AiKTDbIsLsxBdBzvkjooT8ReOHZMnIb/qcvpldtspXlWja1QoMxmfecDdG3uBRBtH8Vx97BQWJFuXD+Gmq/64c1GmrXMDv7Fv77ossL0SdQ6glelUIoC0YQ3bgVRyuHGPcMKZWdCISsnDC7BtCRrawrBtxmqA==
+a.nic.seven.		172800	IN	A	37.209.192.9
+a.nic.seven.		172800	IN	AAAA	2001:dcd:1:0:0:0:0:9
+b.nic.seven.		172800	IN	A	37.209.194.9
+b.nic.seven.		172800	IN	AAAA	2001:dcd:2:0:0:0:0:9
+c.nic.seven.		172800	IN	A	37.209.196.9
+c.nic.seven.		172800	IN	AAAA	2001:dcd:3:0:0:0:0:9
+x.nic.seven.		172800	IN	A	156.154.172.82
+x.nic.seven.		172800	IN	AAAA	2610:a1:1074:0:0:0:1:82
+y.nic.seven.		172800	IN	A	156.154.173.82
+y.nic.seven.		172800	IN	AAAA	2610:a1:1075:0:0:0:1:82
+z.nic.seven.		172800	IN	A	156.154.174.82
+z.nic.seven.		172800	IN	AAAA	2610:a1:1076:0:0:0:1:82
+sew.			172800	IN	NS	a0.nic.sew.
+sew.			172800	IN	NS	a2.nic.sew.
+sew.			172800	IN	NS	b0.nic.sew.
+sew.			172800	IN	NS	c0.nic.sew.
+sew.			86400	IN	DS	24562 8 2 F058B69DC4842232E352DBE1485DFC257AD1627AEE9F4BF4DECD967307E30B1D
+sew.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . d+sexZuyVrNkJha2N6X2wFlmf7Ka02W9PHN47zw0rnDAZhdSEBggthNke/aOw0txtsXrh7m3Hd3CFlKGN3/gCI9cR+NgREoeAF65AAHmo5Pa/g+BPeX5Il407JibnCeo8rZ4vOZkE9X18ZDY2P1Flce/QD7TbCz89pIu1+C252trTlNvE6fi+UENT4NkbKdvT/ZMIy3/D+w9VYW89EGgpF6yBwxxFjWJtn6mviOgnUBLr793TxCEioOVt7O/9utS8lK5AJWJ6DaNVGluuDYwX7Y4Gay8H/2BCr4K8fDD5W2UBY6Xt++RaWTRca3PBP+8/DKzzL171iQ5HNnuZC19vQ==
+sew.			86400	IN	NSEC	sex. NS DS RRSIG NSEC
+sew.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . abF+5k3B+dezwgFt9J0ywB9buKWXwcWwp3soNmfDW809nm/ax9XNQSaV+E6uEPJNnK/z9qmvG6xQ0FJS+m31WYOtKI3FVEtnBsEcDeoFPioJ5/N2cUcEIDbt6ZTuWRgkIxJld9Vqoz0dOejmrdsMDvBln3+ktcGJvzZPJ4T9Uede1f3sN9i4T3+eRAPM5hnyYObsR8iITKkXyYsgUPLuOX7J9uNMu48/LkC2eDtoOSJ7t66Vq9C+cr8bdYzmF1NKKsfPLNBxymHMIk0JMuqVr0cbmrNoh5wGO5zMWV5E7D0QSzHOd2GWZdbFC7Aj5uuAqJw1ZQ1+jpdud2jPj8dZvw==
+a0.nic.sew.		172800	IN	A	65.22.188.25
+a0.nic.sew.		172800	IN	AAAA	2a01:8840:b6:0:0:0:0:25
+a2.nic.sew.		172800	IN	A	65.22.191.25
+a2.nic.sew.		172800	IN	AAAA	2a01:8840:b9:0:0:0:0:25
+b0.nic.sew.		172800	IN	A	65.22.189.25
+b0.nic.sew.		172800	IN	AAAA	2a01:8840:b7:0:0:0:0:25
+c0.nic.sew.		172800	IN	A	65.22.190.25
+c0.nic.sew.		172800	IN	AAAA	2a01:8840:b8:0:0:0:0:25
+sex.			172800	IN	NS	a.nic.sex.
+sex.			172800	IN	NS	b.nic.sex.
+sex.			172800	IN	NS	c.nic.sex.
+sex.			172800	IN	NS	x.nic.sex.
+sex.			172800	IN	NS	y.nic.sex.
+sex.			172800	IN	NS	z.nic.sex.
+sex.			86400	IN	DS	27487 8 2 E7625E71A6BC32BF10D612BA2D17E02E62641A5293100A82F389CA415CC71BFC
+sex.			86400	IN	DS	53905 8 2 1BC21CFA8CE05AF75007AE4E83667DC97EB6939B9253CBAA0D124C18D49F09D6
+sex.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . L77R/anhIesDYQ70yKtSv666uStk7H11tcHZ/kwFFQt5Ou2eCTYi9JjGpu47vPpgGsph80pTtRS54snH88+RpCOAH3vQvwwvBq56ZhjqEPTWtvVgeJI/vsT7xh/eHhnJxB7D/B7tUc75ztCCna1lDDw66U1FKz/E0wtRaAAU7nAg/QYpFcV1IV6k+Q2J5n6o7rR5+zTYYqejzYJZWWg9Pr+7zuT9uRnge1LKxCE+jS3nk7+epwYTviChPha3M8hltOKRsCthVIUnneSYHRg4qEYQIK1rdELbSiNBwkGpZfrK2+RFW+Z4vX4zqB9XSFRpIKb3nuhrI2FNjnzA6F8YiA==
+sex.			86400	IN	NSEC	sexy. NS DS RRSIG NSEC
+sex.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . poIk40jsPsgLE4TVAd0LtaJfHllU710dwrz5yEVDxflqPj5mD3y6bOf4eyM/k/ClmKBOV9NI6l7twWO622hT0Lh67RC8AkZ2RxF9Q6z+B7EwMjkl69Cq7nsjmZZJZrcbCwIYm8N2NhzW0P3+wQUBMdkxr0tsUe0ESea89CJAouLBcWSZsfcbYgbhgXff05u7Lvr5M2F7iuG3q1eF6szGlgWtosFJ0jlgZO+gzEEJ76aTn+KyiiCZqZ81uAr6voR7GM56GM4ytw2SpaLwyE+PUcF8rMs7joxVd3sk+9mScnty3kGL/MVBU0v5senfWrp7JIUwio5b2iT5R1WBztrOPA==
+a.nic.sex.		172800	IN	A	37.209.192.10
+a.nic.sex.		172800	IN	AAAA	2001:dcd:1:0:0:0:0:10
+b.nic.sex.		172800	IN	A	37.209.194.10
+b.nic.sex.		172800	IN	AAAA	2001:dcd:2:0:0:0:0:10
+c.nic.sex.		172800	IN	A	37.209.196.10
+c.nic.sex.		172800	IN	AAAA	2001:dcd:3:0:0:0:0:10
+x.nic.sex.		172800	IN	A	156.154.172.82
+x.nic.sex.		172800	IN	AAAA	2610:a1:1074:0:0:0:1:82
+y.nic.sex.		172800	IN	A	156.154.173.82
+y.nic.sex.		172800	IN	AAAA	2610:a1:1075:0:0:0:1:82
+z.nic.sex.		172800	IN	A	156.154.174.82
+z.nic.sex.		172800	IN	AAAA	2610:a1:1076:0:0:0:1:82
+sexy.			172800	IN	NS	ns1.uniregistry.net.
+sexy.			172800	IN	NS	ns2.uniregistry.info.
+sexy.			172800	IN	NS	ns3.uniregistry.net.
+sexy.			172800	IN	NS	ns4.uniregistry.info.
+sexy.			86400	IN	DS	42010 13 2 A0E135AC7E6FFB2CAD1574C08C837BB5D5A4E34C60356498389E69B55943D58C
+sexy.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . oWetIxu7W82kX69tuSjVMuObMMC9MSkqouCHlQmSWaXT/GQC1GpoRVsB9gNU1V+F8mOyMUtt+tNLhgz06GUrXiy/0UXF93bnp+wazvLlVn8sqJz13EPuvnJg9pF7wynEOn6fNYyQ4EpOqfZNea/gtCxG0rXE9rpJrETnC85KkaOCDzBswAktwxI3KbNhv6FfZXRL3sx5FqhaYD5ktuxt14yoNFl983DCuwTKQZwfapeYP70fZZ9+UsdckHa28TBAgFrI9i56euSzt+pQ1hIneNH1g60auxWo5dGUEtFbR6VrHU4LNWMyZTnBScIzMyFSbWQBl7t5iRTf1258PI7Yww==
+sexy.			86400	IN	NSEC	sfr. NS DS RRSIG NSEC
+sexy.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . kiC2n5laT4FFDgNH1866aelVYj/H+QjvxKH3i2kiohAs3EwDLDn61iO8FlqmHHuyh+31iy8bi6prX1QFpZnl61FEEgz5QV7d/PIbHA7r1ZgJNsuXmclv1OxbOgHa8EL61sFZaeGdomznKzIjcbJBDYWXEImlvCAXJc586luVHM10I/VpWhISQ8GVqiMx3MY/s+5oalQdAhLoWeOHA2lbxJQbAm9HLalwTXbWWtF6pOfwrs6tqv8WDyTBn7VNq/FZZa8Nbb8qBw5XDeU01Qu2fO9aFI43zgkmR9B72HAYh0pDIiTj2eHFk025hzmS5vAYPphf7DbjCmNIOKHTkqoyBQ==
+sfr.			172800	IN	NS	a.nic.sfr.
+sfr.			172800	IN	NS	b.nic.sfr.
+sfr.			172800	IN	NS	c.nic.sfr.
+sfr.			172800	IN	NS	d.nic.sfr.
+sfr.			86400	IN	DS	7923 7 1 E348A086A9BC4C214C16FC529E64BBEE506739C4
+sfr.			86400	IN	DS	7923 7 2 E3B4E6B0B3447C29949813283B4308546B1BB895FA1E2A39364F918BE581BF01
+sfr.			86400	IN	DS	51274 7 1 BF4509A051E4CB1206784FB08211043BE36A495B
+sfr.			86400	IN	DS	51274 7 2 4BE38A9FC56F65E77125940E4FFDACCFFC39380F3E74BCA025B0206EB8E8628D
+sfr.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . RXehnencW7IJ43dRnRhPEJ6KnmF3LZQa9YDsb3E0upABKR9/mGa6teHgqjwlx1jeM4h/PQR97fjd+MS9+H+cBDcnbcUEUHMcfAp/G1ZytYdU3VPiHhqE3g5stxDLoK53DPQNF9BwIg7MeYbkbYp7mE05rxbYQq08AjaWBhx3m1DuGSFgR6BDxg0iDSxME0ZTqB1PBt0LmNQM4KdBBv1Evb5KW6qAIaP5nXi81feGvT2oxe9OfjSInTPJZdwUbs+ToKsVgiiuszFtZr1qSGR5mDI2UAAQ2BFsl7G7XXNDY6rX6gmCSF0lLDswZ5eA24G0ul9Ga7JxXGjiUosjYIyVxQ==
+sfr.			86400	IN	NSEC	sg. NS DS RRSIG NSEC
+sfr.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . EdoV1e2CIsnqdBmjc4kfoP//n9ATTlyrRIwzyVWoeaJCxCz9WKYswPd3AJ+l24vgEWZKdL/6vncFhynkvAuRoZWUlODrPpdenFdAE8qsi4+5bWYqqo3Lre7KRRIj2m8r8SgaQUTwfXVYXlsXc2nU51h5rwecd3x+aZl2mWGz89JbKYvcnyq7d5nS+m6i2rxxjeBHxpjcCyUXugxOk8LkVZDv0exOLFgBTxd1iSu83NOSF7hlO63BweOrQgbR4lKzIGw1nT350zGri/FnwgOoBDi7ym5NK8EGoFjEiNZUyz/6GWF7g/nJ+k5uGbGKQsDnmr+VZ2v1pagjGN86GnEgiA==
+a.nic.sfr.		172800	IN	A	194.169.218.100
+a.nic.sfr.		172800	IN	AAAA	2001:67c:13cc:0:0:0:1:100
+b.nic.sfr.		172800	IN	A	185.24.64.100
+b.nic.sfr.		172800	IN	AAAA	2a04:2b00:13cc:0:0:0:1:100
+c.nic.sfr.		172800	IN	A	212.18.248.100
+c.nic.sfr.		172800	IN	AAAA	2a04:2b00:13ee:0:0:0:0:100
+d.nic.sfr.		172800	IN	A	212.18.249.100
+d.nic.sfr.		172800	IN	AAAA	2a04:2b00:13ff:0:0:0:0:100
+sg.			172800	IN	NS	ns4.apnic.net.
+sg.			172800	IN	NS	pch.sgzones.sg.
+sg.			172800	IN	NS	dsany.sgnic.sg.
+sg.			172800	IN	NS	dsany2.sgnic.sg.
+sg.			172800	IN	NS	dsany3.sgnic.sg.
+sg.			86400	IN	DS	46664 8 2 B9E9522B9E345FD54E73E8EBF3D3CFFF9A09189FED03F5106D8EE3E345FB80B5
+sg.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . AABPOZFyNA2TvCv+rLwxV9aKehtutgKAyvXXoJxMUj10KgckRxZyU8Thb2SnZY9s+teWGw8ZBPuBv0/+Hr1dkpQDjLSbCf4/58kuiLdk4CDQPjpA87jtWRDonsIe20WSLu2kcKZ/1JiOuvGfUtp/DrGt+t6i36ix1j7iUx7woYrmBieDrE1sRP/ZP1ZomXiEpAkMjwWxIKyu3UmY9SFyypzPMVzmmmfy2sr9rN2oXDzgg7HxJ1naIxTSqeYI6MPRpyFRqrfBPs775t1WeUSbty3xldswYb6BbkS0eSScnTkS/V1mRjavl8MgZeDtX5+opnd5BkycwL3Re/t/eBw/4Q==
+sg.			86400	IN	NSEC	sh. NS DS RRSIG NSEC
+sg.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . saikgAeILbdXl+ucqDFVAqxAiGz3DhCSKwrP8DPXlUcIlfz2QFdKgeydut8M1bEfq2PNvmZetZ7CMZdi/rngYH46AyhbYPeumnwht+G0CmbCu62sav+dvloTRwfMgGmuVD9+ob9XqWnSvZvBjI0wuHlW9zL79YOkvJA88gN4WDs1mPmDhSW+wbN05r5eeWap7pVqOe1M8eleUDs9WF5Hm/dhVBr9ad6qULELErD/WNmHffGHxglkYg/X+BU5SFxorjtwwYBRb9IXPGRXZJuuKCaL+CNg1LZoq/EuXavVg6+YJ8s8RECZ42H4UgLNxYnMvt6IUojcuEvQCuT2YSxhKg==
+dsany.sgnic.sg.		172800	IN	A	120.29.253.11
+dsany.sgnic.sg.		172800	IN	AAAA	2001:dcd:7:0:0:0:0:11
+dsany2.sgnic.sg.	172800	IN	A	185.159.197.170
+dsany2.sgnic.sg.	172800	IN	AAAA	2620:10a:80aa:0:0:0:0:170
+dsany3.sgnic.sg.	172800	IN	A	185.159.198.170
+dsany3.sgnic.sg.	172800	IN	AAAA	2620:10a:80ab:0:0:0:0:170
+pch.sgzones.sg.		172800	IN	A	204.61.216.57
+pch.sgzones.sg.		172800	IN	AAAA	2001:500:14:6057:ad:0:0:1
+sh.			172800	IN	NS	a0.nic.sh.
+sh.			172800	IN	NS	a2.nic.sh.
+sh.			172800	IN	NS	b0.nic.sh.
+sh.			172800	IN	NS	c0.nic.sh.
+sh.			86400	IN	DS	55297 8 2 BA339AD6E081DAD292A3F473CBDD5ADC53A0222769A7C6125F506DD6A813787F
+sh.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . MpzW8blHL8xsFPkE4SQdYyswtV11iFlfJdKt8Qp7HlGXFi+J7TMoN/qm8EGj1GPEFltLpRI5nLVJR0hZGVnvJOAs3APuf4Mna3TG63urS64I1tafh1RXEM3A1CdX65bhtgpqBy3ZpMNbtLFHc7BqMe7FtbfiFXQKPdQ1Za75R6jMSRq9WgLi8uVOTf/kF3+VIr2e81YsrSgwHY+kBPpRoxRFjf9QQs3afaZ2cfDzgt3y1vHI04nzy9ewXbnFKdfv2p2Cik0WSWXKvr6BL/NyiR6ZUtw5lmjdAwBWttKBIRJViAH4teEYFl6vZ3fDdoHa8IxLk67TD6koKI7287u/oA==
+sh.			86400	IN	NSEC	shangrila. NS DS RRSIG NSEC
+sh.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . Zatc7zrT8bxF9V4VrwZ93t+trIQdEriktQlOyJ50Cxi9gNdEAXr7rIvN9xB9vD6SpXWf7mJkykVRqysWimrMUDkpEP4TxPDKGM9Rt2JrcHGvUm4Tx8uFy4K7Bt4hYob1wbGSwWT4+00YTV7YIaHcqRYsozg6JaPgYNwH7Z8xOvMiu02zz2EBXM0tCLzwFD5utJSelAbvn+gy063EqnrA7DMd3fMXmStAynp0UZwxtv2EbllgBIAHzhR3cGNGx7CEAxtYuHp/zKQYXfM0Xvyn3vompQmARko/BjCMMDoYC8cLvuIOzPTZQzW17NMF7FvsWhbieowlhEitUOvVtnqbBw==
+a0.nic.sh.		172800	IN	A	65.22.160.9
+a0.nic.sh.		172800	IN	AAAA	2a01:8840:9e:0:0:0:0:9
+a2.nic.sh.		172800	IN	A	65.22.163.9
+a2.nic.sh.		172800	IN	AAAA	2a01:8840:a1:0:0:0:0:9
+b0.nic.sh.		172800	IN	A	65.22.161.9
+b0.nic.sh.		172800	IN	AAAA	2a01:8840:9f:0:0:0:0:9
+c0.nic.sh.		172800	IN	A	65.22.162.9
+c0.nic.sh.		172800	IN	AAAA	2a01:8840:a0:0:0:0:0:9
+shangrila.		172800	IN	NS	a0.nic.shangrila.
+shangrila.		172800	IN	NS	a2.nic.shangrila.
+shangrila.		172800	IN	NS	b0.nic.shangrila.
+shangrila.		172800	IN	NS	c0.nic.shangrila.
+shangrila.		86400	IN	DS	62932 8 2 FE4A231C54B837A4CB8EDF50861AD9739F580B1AAB76AD8230BE6ED655D57A59
+shangrila.		86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . mlaI17oXtD+yeYKn7Fhc+6uj7dPAmSm3gtHZn6bjB/JBv9Zttzya37PC1SmMtjAAxmlWePKHPsNzQSvTq64uk9SUMHHQ6tU8ePLNuIr1BQiOZJw+LZVhaDmtzOM8hAU/2oQW9ZDYx1xBT8xAYyR92Tjwff427IPwjDj+OQcwjACF/hi/QwgPFUza8K/Uw1BZzjSGbH82+3q8WKLPPUjtqIGPfhpPAc99wZjkTPVSkNiFOPcQ9s7bIcCgkMEF9openyr/8h7q1gpCzIdnzJpdeTehvrdhR6cvZ6JRuJmnNxh99Zg4t+i2VsVXL2bsSAHXCp9aRefEA45cDvKd9nJDYg==
+shangrila.		86400	IN	NSEC	sharp. NS DS RRSIG NSEC
+shangrila.		86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . a+CWU9GM3thGoSQr5royk6OWGjtQJOT9niny+3ZbHyIc1ArRndAJiRq3HzMF5VQ4inqQ9j3z+8kfPECbETXzHNReikC9prxdHyp/HBHCxuSAGCDTwkDc3ec9rrlurVS26b+DmLQt2MR0DM3Cpep9gkWn8AEGyDaBZVeG1xwlIERjUrVvfPewJuJk43wm0VkA0gqJ0oaScAVPxNR4Q+8GvclY9dugL1tNa5Hj7sxwbiKhPsYZ1Xsa/4c8wdR7IAMCKJZ/cRvGT/Eszj1WGge2EOHgQLezlHrHGjmgAvEaFVmsspL0qkRz5lPCmY7qvSGi/zR8YxKPjyIKF6mEjVSRCA==
+a0.nic.shangrila.	172800	IN	A	65.22.112.68
+a0.nic.shangrila.	172800	IN	AAAA	2a01:8840:6e:0:0:0:0:68
+a2.nic.shangrila.	172800	IN	A	65.22.115.68
+a2.nic.shangrila.	172800	IN	AAAA	2a01:8840:71:0:0:0:0:68
+b0.nic.shangrila.	172800	IN	A	65.22.113.68
+b0.nic.shangrila.	172800	IN	AAAA	2a01:8840:6f:0:0:0:0:68
+c0.nic.shangrila.	172800	IN	A	65.22.114.68
+c0.nic.shangrila.	172800	IN	AAAA	2a01:8840:70:0:0:0:0:68
+sharp.			172800	IN	NS	a.gmoregistry.net.
+sharp.			172800	IN	NS	b.gmoregistry.net.
+sharp.			172800	IN	NS	k.gmoregistry.net.
+sharp.			172800	IN	NS	l.gmoregistry.net.
+sharp.			86400	IN	DS	3872 8 2 9FBCF0AFCB45E677CB42680FF35DEFD79F8ACCACAAA47DF92CFD08E73A8AFCB6
+sharp.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . TsB2sQYYIOYe5k6pe3XcrfbFGEEV0Ac1YgeSFlGkE+gMIeKfMM8P2hURg97uMSuPY+NC3Kl+vzmlxJloMb3i7Wzq7ue4zsZ8WOh+9ue3mbrfPLKFKA2TvikgkCN31IecA1Vu05aF2Lr3uHjoP0c4/wH1ZlVTY1rjVOWRkpGOBauQMsEfPsw338kDiRBSZxNcHcBRB2f4yxik2XKAsvLLGwqeMc4+G56wVgBpoKsbOde0CzOD1605Mj13Fx6ytb5qKBZCHXLszDcd9rhtmvbUUmaY8hwPLHH07+FZ7aAyKdamJPwBUErXsrXdB3tQOlpzzXPfDZTHZ6QPHX0xrcNbtg==
+sharp.			86400	IN	NSEC	shaw. NS DS RRSIG NSEC
+sharp.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . nnQeYUFK9sYFVxfgJjC6yq/LOr+oyb1oNK4jJmQb7ZmdfjJFYVlPSI66ull6tWrmlw4oaB7S6vm2hqWlkXMpsH5rFla91fhslXzGO9pe4b5/Np9JkugB8WaUX1NygLKqSZWcLsu9IyerGp3BKFD0EHFfLCGOsD7Z6iHn+cCGf+oyToRqUA2JhLD+nFGpnbFSiv74jPPLp14dq6POAV+DJ/LhZ52W3osaKoy+igHxwcu880VQOep+Y3XCQe82xdmQqelvH5KxDhIOm8QgZVkT/IqljLC4CKwL7qqnWSTOjQa4bujwyABpdZIK9PrRzbnppNNb4miu/sL21EprMcbVoQ==
+shaw.			172800	IN	NS	a0.nic.shaw.
+shaw.			172800	IN	NS	a2.nic.shaw.
+shaw.			172800	IN	NS	b0.nic.shaw.
+shaw.			172800	IN	NS	c0.nic.shaw.
+shaw.			86400	IN	DS	29284 8 2 A5D4CF180AE979A32069CFC69304AD40F0BD7E0B6CFBD0B5611E49D1540EDBA4
+shaw.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . rrPpJ7pWj351kxpkM6houzIaiIsoUJV6p1TMj2xAFGfajE2V0MRpYkgrxSPkS4OJSrIiONAdLig7yG6wHylSan4rDLP6jBnJheQxNRz65h9VWz9MBLGIEuEjY68SlowGtD2KKDMJc6wkQ/fX+B/ZpUExJXqxisIIZp4V4kg65ljHykHz9UdM1QHqBO0yV+XklOsO/hwu+T+0uXJsSRBRWgZ/vbG/JLKc4zzT2Fy1IX+9MvkvmRuiGntv38ybM1ievybl4J+2BphXIt/JM/Vp4r90AksCzjegM4uAEK8MxoKaco16jVdyPTUWp0aAGMKOKuYbxrJFXH7SsvgPTJ3xEw==
+shaw.			86400	IN	NSEC	shell. NS DS RRSIG NSEC
+shaw.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . 11K69Evn1K3W3YH3G+tQCjYa6ZsELjquHCWQV28xgjfct7JmAdVRwruuFnUx13Jnd4qJwvIh6Xh3fqU7Em5vTuqwoC/7wmh8jMawT936A7GyFywXbTp2N/PqaMOkw2XpARlnVGbxPPTDWmKqGvObjLOw9GTqLEYIiSCtkPF+PGJeqs2Se8BYznWRe6gly7w1fH8TQi+noNCX5xDNl2A4gx7zWtxczsD+IVDEUugF9HDgm0mJELQJqiH69sFAXrMKtyz3OWKJ/0JVxQ+gP8LUhZenbQrFc2O3ewdMPwxZljx5V2TFcXMGjPFYKRnFj62S39BEPBTJjOteosN7kXaIvg==
+a0.nic.shaw.		172800	IN	A	65.22.88.17
+a0.nic.shaw.		172800	IN	AAAA	2a01:8840:56:0:0:0:0:17
+a2.nic.shaw.		172800	IN	A	65.22.91.17
+a2.nic.shaw.		172800	IN	AAAA	2a01:8840:59:0:0:0:0:17
+b0.nic.shaw.		172800	IN	A	65.22.89.17
+b0.nic.shaw.		172800	IN	AAAA	2a01:8840:57:0:0:0:0:17
+c0.nic.shaw.		172800	IN	A	65.22.90.17
+c0.nic.shaw.		172800	IN	AAAA	2a01:8840:58:0:0:0:0:17
+shell.			172800	IN	NS	ac1.nstld.com.
+shell.			172800	IN	NS	ac2.nstld.com.
+shell.			172800	IN	NS	ac3.nstld.com.
+shell.			172800	IN	NS	ac4.nstld.com.
+shell.			86400	IN	DS	55158 8 2 BE8C4AB62CE5F9AC998C8C1383340F7800A43A6A903F061791B19AF6F6DBB9D5
+shell.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . YzN/MQp7Vnb8UsT+QUu0jg3Tj4FVfe4uNjeVpu3iWSDr/X2FNvH/FhOp1Ou6h3kf2/8fJCm+3HRwJXC83JdLvD1jHYA/OZke6iSZ7jCveF2WKI2W6nMGVny6D/U7ERcg+RrSZ3cSfa35GIVvj9lAu75jxJM9YzXmDxn+ssAH1BNkGEOvCEL0/5A+W/GgyfxeWRR2Exs9wmjmuse2oJVSva2hKSwun6U6iy6O3iI/Fg1UJccfpJYqlJ4oSh4nzU1gcdavIwxaRS1rLh+dTtERmVofz6ZfWzz50ECZ92xsCtSDovSRRDiv1VoInPBAqy+/6gQYAKAJVSwuRhhho2zryQ==
+shell.			86400	IN	NSEC	shia. NS DS RRSIG NSEC
+shell.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . Z4TvdiVxs5Rg/yslBbrWm+CL7ZLTS39cX2rHsRmdCeNhLx29F3Ut7k8irBEQ6wuKR7z8vSEeRtJoSTka75YKqL9zQERIWGjqJoXoi/Ybi6Q1wOFEFXkAUUnXazxqVnbhHRQdEP3kruDLTH2vRJ3qLOOYlZtbV5kqu25MCe8c7Zvk9SVIbay3+VngwwmHCEV6sKS70Tu5kyJjcLxD5cATnYRV8/UKwWlgc9AG4z6Y3/ES7wWajM8KO/W7P6hHLeuyFxK3eJC8fi/GU1e7qd+3k6o5gAwO29IEM5k1u6i2fgK1hQaVMaIqPjH5X2469TWR+gzQXrgBuCs70+2M2fYopg==
+shia.			172800	IN	NS	a.ns.nic.shia.
+shia.			172800	IN	NS	b.ns.nic.shia.
+shia.			172800	IN	NS	ns1.anycastdns.cz.
+shia.			172800	IN	NS	ns2.anycastdns.cz.
+shia.			86400	IN	DS	60644 8 2 DD38466778B19A58A550B69E4C5B0ACEFC7AAB903B766A805DEAB97F282C913E
+shia.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . LnlZNsqMNNJ1UocsGOF+64o0DPPBtFuwxWYgSLLRRqfHMIXxckLK5vRrZA4OJ4F7NEW7MqbPMgnZ3UqazYzmLbf5PBGSMQev01hBE02sRhwZYCBcNU2bVr6kULvvv8YThl07WktZipSeZ6PrLPx397GEWPQu6oeGYU9d8DwaUqv71xawOlKwfon1k/MaqAtnb+9mM6fvX6hmYTsfamn0Z1xv9pGs8KECfBb5fUJNuR6MFdZnzki5vguUjhN/on1NBDJGsc9UbwzTEkqwd1GI0A9a8Y9jdH2BTtWVkcHFGlQ//SJFl5Nutl3SQI+PJw4qX8r+jrmYVRghKvamRwUIvQ==
+shia.			86400	IN	NSEC	shiksha. NS DS RRSIG NSEC
+shia.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . JhCUwNElx6/Tog6PqYUUd8/eDhJv69BGbEkIteRfNJPIgfvHR/Lv3iFExNXAvkPrZmzE2XoOJbzopyX7hPodtq0g/p1FVcnPGq3hHxCgzgK/c2riDWDTgiNIEn1K59VU1zlVzTwaHlPF4r5y4ssQANExpkv5cN0It0XvboSUucfUlZKSViVckEoNIkk+q6ClZWc8UHQY+jlTSQXn5CmREuWdbPRuOnG09awgOfdL8uT1fkSmjSfsDfApOqbuS483+aVp9RnfJvIO7TGO5xHSP8lzuKPqV1toQpGwDWWAWndTGjPWTenI3vh4rn7g2Ua2lhdAiBNiJMmGlWiaYpy4eg==
+a.ns.nic.shia.		172800	IN	A	72.0.49.7
+a.ns.nic.shia.		172800	IN	AAAA	2620:171:a01:ad:0:0:0:7
+b.ns.nic.shia.		172800	IN	A	72.42.113.7
+b.ns.nic.shia.		172800	IN	AAAA	2620:171:d01:dc:0:0:0:7
+shiksha.		172800	IN	NS	a0.nic.shiksha.
+shiksha.		172800	IN	NS	a2.nic.shiksha.
+shiksha.		172800	IN	NS	b0.nic.shiksha.
+shiksha.		172800	IN	NS	c0.nic.shiksha.
+shiksha.		86400	IN	DS	54049 8 2 B4DD9094C19C5A3BE8D6921D695F16CD6412258FA8302E5D7879405E2C0EF7DC
+shiksha.		86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . jOgnVVvsWgj7HmrbrM78/68jxd3ConiOJZTCuWn1xWRCg7Kj7fJcMk3OG5MHLsTP470Wz7KZgS1/Vnu5TeDPYBqKSJCJERIK/Q+A+9G8eUobuj1CBegY5UN1OtaobjdMXix6eOXGS2Tobp76qi4PjYhxQoAhHvEY462N2qQTRhs9qal6DsqJUIsUikFujWQeiHNAQx0zzih/9P/WEqrDGv39jMJciZsSnTDu2a3hW6xwmC0ldOd8OFPv9mNfN9QrlamwSZ9+wC0xfWwAL5thYtnw2E2fUeLrSYQzfj1RtG84coBBuPpCCORmSUo2Npg2tq1e4pNragXtrBz/NiqJEA==
+shiksha.		86400	IN	NSEC	shoes. NS DS RRSIG NSEC
+shiksha.		86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . BzUbr0G3eyGbV6YYqgnFryjESmCxSHq4hZipu+OCCVU1S0+1lZDJ9SfMqLQJJx1PzGmpC0iMRdy8bVtF6ak8jYNPwz/+DgxbQYULnoU54H/nyzCp89lbbT64SEvAhSfmlNRLIkryyzTWJFhiiU8XBR3LVdCwUCskg8JRBwA7cSm7Dm73+OqZpze2OFdio5OHi/kT7R/1SQeLacr69qvweUAWqVoMkg4N16X/buQnJPGmMirYbFekp2MXtRfLwiGdKtKdIkD6YQfuTX2pbkFa/nac+EDQOvQzX8aaJ2/bz444kozFbPu2CqVhV3o6CprVKuF9CFiiLtIqV46lWIJ4GQ==
+a0.nic.shiksha.		172800	IN	A	65.22.32.33
+a0.nic.shiksha.		172800	IN	AAAA	2a01:8840:22:0:0:0:0:33
+a2.nic.shiksha.		172800	IN	A	65.22.35.33
+a2.nic.shiksha.		172800	IN	AAAA	2a01:8840:25:0:0:0:0:33
+b0.nic.shiksha.		172800	IN	A	65.22.33.33
+b0.nic.shiksha.		172800	IN	AAAA	2a01:8840:23:0:0:0:0:33
+c0.nic.shiksha.		172800	IN	A	65.22.34.33
+c0.nic.shiksha.		172800	IN	AAAA	2a01:8840:24:0:0:0:0:33
+shoes.			172800	IN	NS	v0n0.nic.shoes.
+shoes.			172800	IN	NS	v0n1.nic.shoes.
+shoes.			172800	IN	NS	v0n2.nic.shoes.
+shoes.			172800	IN	NS	v0n3.nic.shoes.
+shoes.			172800	IN	NS	v2n0.nic.shoes.
+shoes.			172800	IN	NS	v2n1.nic.shoes.
+shoes.			86400	IN	DS	59242 8 2 E6883EE7853289AFF66B9090429F6573077638BAC3B5A6595B0C16108ABFBE9C
+shoes.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . SmVkdddYDU2E8FHp3dPdbeKnhtheEXsVfoyUD0D85+8GuvVS5oNxrVTBKfVmBCrKvzXytspS4mNAZ3UPeTLgE9rWiXOOG5X0/ezO10ZH17by7gP5SqqEmvOHwQjgJAQuSm0j9CSiVVCV/r9UtqynqeqJUkmAX7G4K2eJ8Qu6w89VQqdm+wZSZCY+nT+7MGc1ih74r6J+nTNfUzgwIUZNQwmQUwkf+4ONWQGUb/nYnCM5vSx7wjLnmOxDgDLb1pZk0swbF6cp2IVzSkB27YEWQ+3YshJAqDsocf6l6CUeC5kSv3M2+npm+LWa6PgOo8fZ3SMcEeqguCgY6oxEAWCNYg==
+shoes.			86400	IN	NSEC	shop. NS DS RRSIG NSEC
+shoes.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . HNNvin00jPy0Z9WjeEpU9HtmkEYmi8t99yvV1hZPFtZ12W+yNr7WczvSxCWgazNjmaY+3LT4dvCvacxpE9Ezk0ylkaPVy84qO1d6p/WzzWLZMLzKbrPhDVLmhD6IVANj9bGuQ8pII1nJSviCJGrOzg2ctx6Iv778StJEIwOZrtLCmlfIFCpdDQuvRVN2f+TxurioEfYgtkisP/wXjb1xH6DHcqXT2BqY6XnRrMopxn7VhcveF2AwmK5XvuC5Ilu1e7N65WFgZRrpDYo/Y04rWbvpElHD1jAyNLVAy89CsnRxp8ZProBgS3xcd5IGC8njmXkdxiOh/XAdnETWAzTVIA==
+v0n0.nic.shoes.		172800	IN	A	65.22.24.23
+v0n0.nic.shoes.		172800	IN	AAAA	2a01:8840:1a:0:0:0:0:23
+v0n1.nic.shoes.		172800	IN	A	65.22.25.23
+v0n1.nic.shoes.		172800	IN	AAAA	2a01:8840:1b:0:0:0:0:23
+v0n2.nic.shoes.		172800	IN	A	65.22.26.23
+v0n2.nic.shoes.		172800	IN	AAAA	2a01:8840:1c:0:0:0:0:23
+v0n3.nic.shoes.		172800	IN	A	161.232.12.23
+v0n3.nic.shoes.		172800	IN	AAAA	2a01:8840:f6:0:0:0:0:23
+v2n0.nic.shoes.		172800	IN	A	65.22.27.23
+v2n0.nic.shoes.		172800	IN	AAAA	2a01:8840:1d:0:0:0:0:23
+v2n1.nic.shoes.		172800	IN	A	161.232.13.23
+v2n1.nic.shoes.		172800	IN	AAAA	2a01:8840:f7:0:0:0:0:23
+shop.			172800	IN	NS	a.gmoregistry.net.
+shop.			172800	IN	NS	b.gmoregistry.net.
+shop.			172800	IN	NS	k.gmoregistry.net.
+shop.			172800	IN	NS	l.gmoregistry.net.
+shop.			86400	IN	DS	50701 8 2 30F44F9E79F1119AEBED349D3EC34F7AEDD83A58F1E706D8303C3BBFE83BC7EC
+shop.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . F8YWtQ06YxiWVT7OJxr3WRcChFKxt+nXUd1xWcPzjLEUvspq/fyMlIGzmY2o58fj2oVn6k2HFQEPrWz7BgR8Yw0Fuy1FKIsKAitepHAeF8ICwy5dGIDT7z08fpRubJGXRM1026aaT2zr0O0iXT2hduertnw9rhGxWOZLhS2axgxyCNfrLZLETfxtihImNjYiF8yZ2xG3F6YHJUKE/DMWD1krMZbYaI7su5Aqckm6g41ojYKn1XMN7Rz+lfNRtPMld1az2p6cR/MbVWeFc3MzHILRQ0b7b+zXXl8LHph5VBzLjVwqC0+fx94ll/nyES55A1dAlzb80bdXBdiMNyqGFQ==
+shop.			86400	IN	NSEC	shopping. NS DS RRSIG NSEC
+shop.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . wF44JSop8nZAXOfTlQk9u0JqmasNFlPTOfjbNXvd5kTqiz82hmPW12vf72WTjPrv2h3EjnKHGplex3STdPCj/Dma7rrYF5NpzIKsi+Lln+8p5TEZC0UhA2faAzdhD7Oe3ot4Ne1rcpkrhIWrdOaFelsUWSx6J40R+vx1xxRovBQsRTwyP/x2dR7KaN2p1Y8WTI9BWRSYWXCff4504piSfvpoFDkGApkKKY0kAuBs8h1UmVZS+pwboGkUpAXR5ZZlzpPHkZFF4GC3PuArgI2taf/BqTTKX8J2i2WeyXjg22HJa8ysp67U+xJT1olYShz3NAj8uCagDrOJYDwUXRqyqg==
+shopping.		172800	IN	NS	v0n0.nic.shopping.
+shopping.		172800	IN	NS	v0n1.nic.shopping.
+shopping.		172800	IN	NS	v0n2.nic.shopping.
+shopping.		172800	IN	NS	v0n3.nic.shopping.
+shopping.		172800	IN	NS	v2n0.nic.shopping.
+shopping.		172800	IN	NS	v2n1.nic.shopping.
+shopping.		86400	IN	DS	31984 8 2 372B561BD71AAD22ECF3C93491046FB1B6D5D23A25B899BAEDECB89A4C038C91
+shopping.		86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . GPicD3XwoOkPT4XgCwWG7Ey9Si4afOPemAz8ra0knJxVboJojwPha3mMnd1neWgjdFeSl5OUdLBdGujUURTs5CIZPqtCO3hMsBFtTVyhzUIsDtdb9ayTQ7DsYszk9U0F7WtgTTB2P4KH6XXvrfr0vFYrzdQW6N952eL5y8G3cQ+g2xX4I1e4SwBAummvD8ViX/ltjJ7yNrmGcBdKAQjlbI/CG1lbgnQj6IGCKtxFRsskLhzQ6bjKsA9I63x5WsMS4JdSgEPJzxlHaLU30eZYTN2OGKOMEvkAd4u/JNxO++mF5wlgBNtwZV0RueoPrzhSp2yiOPV9+4eCJvRg+/4hdQ==
+shopping.		86400	IN	NSEC	shouji. NS DS RRSIG NSEC
+shopping.		86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . zlf20h7mKC7kqpL0aA49+j7WJyJFY1N1KrWKnkmsQIZGi0Bx/1g27xY79R35swtTN1NAug9Ayn8U4gIchooGSypDDWrKLCapSmQAYVBRaqREUbyQBOEQcJewzrNbnGDAjPUWwffXrYC7qMuUSpbasGiV4FnOK5baqUJUgm+jBQxCqfm2wtpt1srpkMTqUQWrZ2exm+r8ZCPCkrY0SLsNl6BrTAMYqhQWlvVBUo1/9sA8Yy1bJPLqiWbqzoqeI3Hg8h3DReC3hVE96fn6ogyqolH1WRasFkgM/jJrOHPMwMNcobF6XrFbM1S55uPLWKxAH++Nu5dF8ykbIJ/rQbOXIA==
+v0n0.nic.shopping.	172800	IN	A	65.22.32.19
+v0n0.nic.shopping.	172800	IN	AAAA	2a01:8840:22:0:0:0:0:19
+v0n1.nic.shopping.	172800	IN	A	65.22.33.19
+v0n1.nic.shopping.	172800	IN	AAAA	2a01:8840:23:0:0:0:0:19
+v0n2.nic.shopping.	172800	IN	A	65.22.34.19
+v0n2.nic.shopping.	172800	IN	AAAA	2a01:8840:24:0:0:0:0:19
+v0n3.nic.shopping.	172800	IN	A	161.232.16.19
+v0n3.nic.shopping.	172800	IN	AAAA	2a01:8840:fa:0:0:0:0:19
+v2n0.nic.shopping.	172800	IN	A	65.22.35.19
+v2n0.nic.shopping.	172800	IN	AAAA	2a01:8840:25:0:0:0:0:19
+v2n1.nic.shopping.	172800	IN	A	161.232.17.19
+v2n1.nic.shopping.	172800	IN	AAAA	2a01:8840:fb:0:0:0:0:19
+shouji.			172800	IN	NS	ns1.teleinfo.cn.
+shouji.			172800	IN	NS	ns2.teleinfoo.com.
+shouji.			172800	IN	NS	ns3.teleinfo.cn.
+shouji.			172800	IN	NS	ns4.teleinfoo.com.
+shouji.			86400	IN	DS	27565 8 2 E9706714550CF565AFCB114FDA3DD0A4F105DB670E12074A1A26B71C34F69125
+shouji.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . kiVRj6vhu3euenOI8a+ircTvFJBmE8/yld0Omqz830xrMdfkM7nG2Sw/3H9pJJz4psx+RiecWxGUx0ZpoIWX71uSjLzCTUd4cLKh/6ijVTCUSxRQYvSEW4dV/V3RmbhGXMaS6zgCcKc0XKjb8CLmskUKUj2+3kEzwedUGCP0DVWFfKywL61IKYrx2D7HMuf6zX3bWhTrHXw1ypoMmORAG98s7ojlrL1HJVr4o8Iu6zwtuP/7/gpT4WVSsz6s6+DMr9KMMXmUJH/A83UFORGx7ckRw0XD9vuEz/lej5BLqSuc7rpOBvUq5FPV7F1z2KFLyv9RVb4M9d2oBe/AZQtqCw==
+shouji.			86400	IN	NSEC	show. NS DS RRSIG NSEC
+shouji.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . Utcp7HGN8mUppGptiwSXu6s3XjI0erVMU4KzUKH1aYvzauK8bPp8nQba1xQJQ/1JqDOPpGxTRpTH3TKoe+TzppQWYnzMKTZdyzamWEPs3bUkiEU4zcYQ2LdxmQyUXtJDw/1gk91+tMkBeZcVk7fLGWVdv3qlIkRgjqpsfeN0djAaYGpTpVBdKFj+brWnRsOTwoLrPcjWiWUfjPy5zNT/eSTY1Y5Vy5zSQcahVR4cppPef6QRAVJADBkFbcbDZjoNniB/7PXnuH468lYzkcaAA6EsAB0NYrGXouhNxkZhPtdSPyszGBRKB+sAg/aNBa92eC1R97ubTe2sIPBb4PMzmw==
+show.			172800	IN	NS	v0n0.nic.show.
+show.			172800	IN	NS	v0n1.nic.show.
+show.			172800	IN	NS	v0n2.nic.show.
+show.			172800	IN	NS	v0n3.nic.show.
+show.			172800	IN	NS	v2n0.nic.show.
+show.			172800	IN	NS	v2n1.nic.show.
+show.			86400	IN	DS	43876 8 2 7B05D715B0B79A0A0844D3283F0115D1DCBAE5C3D98EEC45F17DF09BC5963904
+show.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . UzSKIldu9Nru2GsNSiXl64Q8BFKQGOLTeiN2nboyipfkZoLE22PIS8p9Kp1APbDEaGY8hUZAixugCJlUMMS01Bodz92fcUqTfNiTTOBWggq4EKfgIvoEsPpql/oFdX45n+WpUk1Z5za5McgeaWPK/5BAGcnqJJabfz6wyEWyXb3hCaxkCm9O2+IXgT5uqCx+NkIbCRB71jBMKtKaB71qqu66CVC1J+tx4/0WRBudTwmre7HVlXlbwj+tcCz9duEIVKIEolsDLAhURyB06YqLQwA64Z51J0IBdKxV3Dflp00Rtre25FBAMqL1+NNb9hDJlHvufC3LmP13uaMiT4BdwQ==
+show.			86400	IN	NSEC	si. NS DS RRSIG NSEC
+show.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . ha0hnHKAJIeV+vTskv3SER0FBeif8KrZOu5qjJ7zd3x58M0eG1pRGC4HX6zl4mDkbP032cM2zjTDxYEc1VcA64xnxBRH3U0RBYjw5brL0dpwr8BtvskrwZrHSol8T2h6cWRaEB++WFMvyEqGaz7BeaZzB4vOa8RT/UMCFH1iZPp5a2rv/7MiKOzE6ugv7u6HcAHX9A1OaRtkai2KLLj6WmxRAfq42eNcuYThxKCYYgYFqg5TuEVqH8T9SmUSJaMD61iN9sAllENXNn873biP3J7SB5u4dfiiFfJa8V3MkR/dRY7ZIn81rulP5GYClv0UD1/7xKGXt4zymgU2Hcq7Vw==
+v0n0.nic.show.		172800	IN	A	65.22.28.43
+v0n0.nic.show.		172800	IN	AAAA	2a01:8840:1e:0:0:0:0:43
+v0n1.nic.show.		172800	IN	A	65.22.29.43
+v0n1.nic.show.		172800	IN	AAAA	2a01:8840:1f:0:0:0:0:43
+v0n2.nic.show.		172800	IN	A	65.22.30.43
+v0n2.nic.show.		172800	IN	AAAA	2a01:8840:20:0:0:0:0:43
+v0n3.nic.show.		172800	IN	A	161.232.14.43
+v0n3.nic.show.		172800	IN	AAAA	2a01:8840:f8:0:0:0:0:43
+v2n0.nic.show.		172800	IN	A	65.22.31.43
+v2n0.nic.show.		172800	IN	AAAA	2a01:8840:21:0:0:0:0:43
+v2n1.nic.show.		172800	IN	A	161.232.15.43
+v2n1.nic.show.		172800	IN	AAAA	2a01:8840:f9:0:0:0:0:43
+si.			172800	IN	NS	b.dns.si.
+si.			172800	IN	NS	f.dns.si.
+si.			172800	IN	NS	h.dns.si.
+si.			172800	IN	NS	i.dns.si.
+si.			172800	IN	NS	k.dns.si.
+si.			172800	IN	NS	l.dns.si.
+si.			86400	IN	DS	53074 8 2 D3BBE46AF529561A317922DF27D89686E06B87343F22BAC2569D38A549D996EB
+si.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . yFMoqY5+8C+k8drMcUeQ3zxsYVYiUFReReFJP/puLDrPUd4MdEpBuwfuNsY/DrwrdWQBnsls9dvPj0X3vT8Jx0vlblbhyuso73myXh4Zf+bwhZAOR4o5LV2UFAiMnoQUY08UXJNoZh+wWKqZZgiJjCQkjSGJL8JKs/urRE+xnShaRFA4w9oHxUAoOoN9FGFN+7JAWWxgsry3aHN2GRb5W0ZMEMbXaZTf1Hj1CwPhVYU6pL8CnqMTCSEt3pD+LtfrapS6ecAJxcDXSaQeQtBDiPKTtMcq9tbrpg9jMv8x+DhcliXA2FL4wZcbTk0sbCcSZS5/Zz8NPiKjAqIddF/8Uw==
+si.			86400	IN	NSEC	silk. NS DS RRSIG NSEC
+si.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . jtZ3tjm6YaJSv0PstwY12FeqYZo70tE3PKLXUzpLgODQRhal0pRaXfIbe4v0EPxmGzAg6ZIjIjawSy0IjoysYuAsVYD5jhQoiqTP4HK9BP2VAJ+IQnUQuIn/1k0zgb8s1248CxUh6YC9pDvxpwz767Bni/zaNyREdu9sBZ6C+A5IuB6JhGTWPQSyywVo8B0D7mUe0bLPvpuWNrWtJXmlDlII9UCIynvoGYwQnb2HabpPvhY0zjMrltIs/cs36DJy92ZoqmbcQ1vD2ds6Z4EOTuIelDw5ZojHHkCMSEndE73yrsyakXtyKSkUdmtFRfZWmAA2W0n2fskBbWgrGkilFQ==
+ns2.arnes.si.		172800	IN	A	194.249.4.44
+ns2.arnes.si.		172800	IN	AAAA	2001:1470:8000:53:0:0:0:44
+b.dns.si.		172800	IN	A	153.5.81.140
+b.dns.si.		172800	IN	AAAA	2001:1470:8000:53:0:0:0:44
+f.dns.si.		172800	IN	A	194.146.106.62
+f.dns.si.		172800	IN	AAAA	2001:67c:1010:15:0:0:0:53
+h.dns.si.		172800	IN	A	204.61.216.54
+h.dns.si.		172800	IN	AAAA	2001:500:14:6054:ad:0:0:1
+i.dns.si.		172800	IN	A	194.0.25.22
+i.dns.si.		172800	IN	AAAA	2001:678:20:0:0:0:0:22
+k.dns.si.		172800	IN	A	185.159.197.11
+k.dns.si.		172800	IN	AAAA	2620:10a:80aa:0:0:0:0:11
+l.dns.si.		172800	IN	A	185.159.198.11
+l.dns.si.		172800	IN	AAAA	2620:10a:80ab:0:0:0:0:11
+silk.			172800	IN	NS	dns1.nic.silk.
+silk.			172800	IN	NS	dns2.nic.silk.
+silk.			172800	IN	NS	dns3.nic.silk.
+silk.			172800	IN	NS	dns4.nic.silk.
+silk.			172800	IN	NS	dnsa.nic.silk.
+silk.			172800	IN	NS	dnsb.nic.silk.
+silk.			172800	IN	NS	dnsc.nic.silk.
+silk.			172800	IN	NS	dnsd.nic.silk.
+silk.			86400	IN	DS	23695 8 2 04017EC2E893A546BD7D73575404015A5C904B9C4DBB33B2995AE37B4DF0903B
+silk.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . YtMYHPNEqvMgjOn4Xnx5iG7cn9lRNvED9smLwIWq6ceNKFw8uipYt4HVZ2FHUOWqfC7bdKXvoAZs/H+IY93hXYgxmjNMVDEPc8dskzrfkt55vFb5hWyUZo8MLovuDE3+AAwizaYw0bVrf2zsvNJ6UVUI81MaYEkjTcy+NsN6UbXciugmYRyI1K21ruEpYZR9F1q0EAMR7pV7m5r6qqh3ohoRqRr4OKWlnXhy8dOFzxmY0yU/9cBj9ptSsA4V2TZIue14gm9xuIywnRHAxQO8KjQonvFTaJkBLOIwBOjw53yxniuMjus+fmtcy+YU27gJYLeXFqWpOzrm63RU2PUOYg==
+silk.			86400	IN	NSEC	sina. NS DS RRSIG NSEC
+silk.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . Cp9WUGc8GaYByPx7QZzgBOq0OeqFVweX2krCDGNtGlmfCuIawmiDMnZ5mko+Y2y7Xgf5mgtc1Zop5ZxHaeLzfog8iqQMFIecEy1JLuP9AKUq+7gRov3VNnQaXDhbUMaUnyWadAYDRcJb4TShE9/NkhmNwEeFrSsP/3o6ybr8+TKtQuezdCERYMJGgJaAHWp8wwWgIzV0IerjeYsduBqCbT5+pY5QbNzKGBXLJhPke3NIi4FjPFN/w1XxY79Y4FlmfHl8bYYgHB+9pgp3zAAhQNgyGsd2iafyWHEnvFzoVEpP5xdoLDt2OhAs9Y98B+RJ5EE4BYlFDntLbOBbNyoN2Q==
+dns1.nic.silk.		172800	IN	A	213.248.218.59
+dns1.nic.silk.		172800	IN	AAAA	2a01:618:402:0:0:0:0:59
+dns2.nic.silk.		172800	IN	A	103.49.82.59
+dns2.nic.silk.		172800	IN	AAAA	2401:fd80:402:0:0:0:0:59
+dns3.nic.silk.		172800	IN	A	213.248.222.59
+dns3.nic.silk.		172800	IN	AAAA	2a01:618:406:0:0:0:0:59
+dns4.nic.silk.		172800	IN	A	43.230.50.59
+dns4.nic.silk.		172800	IN	AAAA	2401:fd80:406:0:0:0:0:59
+dnsa.nic.silk.		172800	IN	A	156.154.100.3
+dnsa.nic.silk.		172800	IN	AAAA	2001:502:ad09:0:0:0:0:3
+dnsb.nic.silk.		172800	IN	A	156.154.101.3
+dnsb.nic.silk.		172800	IN	AAAA	2001:502:2eda:0:0:0:0:3
+dnsc.nic.silk.		172800	IN	A	156.154.102.3
+dnsc.nic.silk.		172800	IN	AAAA	2610:a1:1009:0:0:0:0:3
+dnsd.nic.silk.		172800	IN	A	156.154.103.3
+dnsd.nic.silk.		172800	IN	AAAA	2610:a1:1010:0:0:0:0:3
+sina.			172800	IN	NS	a0.nic.sina.
+sina.			172800	IN	NS	a2.nic.sina.
+sina.			172800	IN	NS	b0.nic.sina.
+sina.			172800	IN	NS	c0.nic.sina.
+sina.			86400	IN	DS	39217 8 2 B177DAEF81C0EBD0C85DBA9092550EB8D14333806E1DB4C2C44AC9ECE76432A5
+sina.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . PKPK4Rcdx7MIBrIdv8gQq+jaJ3F1sRyGyMzDI+MbxzSsLsuzsf4bFP2vC/7mXovUtJms9MPJrFh6MYaOg9TOx/5YwFaRnAwGvDniXqhpej8rUPZo51UOGUr0BZ9BMSBC9cS+hhloB4FZZAP0NWEcFglwwnh+SpyPO024Zm0y1oRjydD8qUOlthWKGdQRTBSct1s4Wnh7t3B8qmfUtIQoXX5poQdt19pwYCDvKEZnMVwNPdGsKPeF1kGwtWDTiVP0HnEMNdG6TvOwj8ulIFC7a3PuhWN1e7n+Qt/h4U2Smq49ockUjBYjWDd1akcb8KGO1DZ+DzbVD6TEX/m0dTYJ1A==
+sina.			86400	IN	NSEC	singles. NS DS RRSIG NSEC
+sina.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . RYIXqqw2UeHmo41YhZ0nzhwIizCPauv/pPdxsKNUdbmPJ+DbQFqA0W/PvtY81ss67CtbMW89KIR69T2+mD2Gnnc9qTXyLbY20N5BuCXkYHv4oVAp3N4Om9Gu2V5I92YpB9ws2chTYiqSQ9Wdqa/4GZyxXDBTWG9HW6yHtlZUZXkEGeh4oFS3nzspSM+mgF4nC9GTMwBzLt3q6WmEX/BfeVjNd8M+fBSeLdvQMwsLpfyLaftf4IApjwMvLOqxmReK2UPLBkj4nKZpwzSrva2IDFL8VBp85dFviKMbPQg/2hPa3LGcMrnnYRRUNZFT4ACnM+IRkki7wpubondqbO2vIg==
+a0.nic.sina.		172800	IN	A	65.22.140.33
+a0.nic.sina.		172800	IN	AAAA	2a01:8840:8a:0:0:0:0:33
+a2.nic.sina.		172800	IN	A	65.22.143.33
+a2.nic.sina.		172800	IN	AAAA	2a01:8840:8d:0:0:0:0:33
+b0.nic.sina.		172800	IN	A	65.22.141.33
+b0.nic.sina.		172800	IN	AAAA	2a01:8840:8b:0:0:0:0:33
+c0.nic.sina.		172800	IN	A	65.22.142.33
+c0.nic.sina.		172800	IN	AAAA	2a01:8840:8c:0:0:0:0:33
+singles.		172800	IN	NS	v0n0.nic.singles.
+singles.		172800	IN	NS	v0n1.nic.singles.
+singles.		172800	IN	NS	v0n2.nic.singles.
+singles.		172800	IN	NS	v0n3.nic.singles.
+singles.		172800	IN	NS	v2n0.nic.singles.
+singles.		172800	IN	NS	v2n1.nic.singles.
+singles.		86400	IN	DS	11041 8 2 28F8FD0B9B11A1947D4DD5A1190ABA72A1A1F30B7FD3752E8261DEFBFE17B84B
+singles.		86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . GMOCiP62oyNLeS9lK64gflymTnb6zQpZjHoiJzjOZfHRuUur7OHSKtudhkZ1pyQBA2VIkGHJlMSjcr0jLLTq4xckTavDrmcS3vD1/myAW3L/bi3j7knATAL8En4V32CupnIWJgVzWTanp4MMFUQazy6vdnTxm5m/GYTZ3FYxLJlnvhSmIHC1lqj26/v18FCzSslIEpHdngi1ailcaJ0LAbpzYkfL8hJ6CGKwV/YH5BKsx9xKHktK50kN06/YM5fc9D30+Rc1gR8WjS49Ms6nArZEXYu01s85aYGT1+pLN/zm10ofrrkrXHBzG6clcy94B56G5AkHvQ/HqV87+qwWsw==
+singles.		86400	IN	NSEC	site. NS DS RRSIG NSEC
+singles.		86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . IcQhxan9zQgJSM6QRCqCLqrIt2yASD7QMn9JqLlNhgDiUxGgoLdXfMG9S1ek910/CjVMFuak3Um8rDPS1JG/UsooupN9WuvUDme/r0f7vz/wEc/DZfbgxTvpQwVusPh0nmZeX99zsWBck1F8q8RMExnhIrE/gDEXFJZuK2BGrR9B2tl0J24ycq/5yO+VNckKrcG7nn+PTUMxAC6Qe6EnTJxiJUJX3fao/tm91BvLROdGnDAMsU1xi3R8vBCVI6tqKeMxEHJWKCaK5eOQIp6jLJvHWM9f2P/78CtC+b4q+E6YDls8ORXXoaPjbWS2gHokjkBFhbLqf0+P385unJ4gVw==
+v0n0.nic.singles.	172800	IN	A	65.22.32.57
+v0n0.nic.singles.	172800	IN	AAAA	2a01:8840:22:0:0:0:0:57
+v0n1.nic.singles.	172800	IN	A	65.22.33.57
+v0n1.nic.singles.	172800	IN	AAAA	2a01:8840:23:0:0:0:0:57
+v0n2.nic.singles.	172800	IN	A	65.22.34.57
+v0n2.nic.singles.	172800	IN	AAAA	2a01:8840:24:0:0:0:0:57
+v0n3.nic.singles.	172800	IN	A	161.232.16.57
+v0n3.nic.singles.	172800	IN	AAAA	2a01:8840:fa:0:0:0:0:57
+v2n0.nic.singles.	172800	IN	A	65.22.35.57
+v2n0.nic.singles.	172800	IN	AAAA	2a01:8840:25:0:0:0:0:57
+v2n1.nic.singles.	172800	IN	A	161.232.17.57
+v2n1.nic.singles.	172800	IN	AAAA	2a01:8840:fb:0:0:0:0:57
+site.			172800	IN	NS	a.nic.site.
+site.			172800	IN	NS	b.nic.site.
+site.			172800	IN	NS	e.nic.site.
+site.			172800	IN	NS	f.nic.site.
+site.			86400	IN	DS	51676 8 1 90DDBEEEB973B0F8719ED763FB6EEDE97C73ABF5
+site.			86400	IN	DS	51676 8 2 883175F6F5C68EA81563B62D1B2B79B6A997D60DC6E20CC70AFD0CD6B7E82F62
+site.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . zAoysX23l2cz7mTCkvDAUKuzU4362b5dyZJ12SFm5mpTgNAwcYvj5ikgN6SMfFro6KJOSbBoUJqDMq1gzdSRCNoUJe1CNwH+ekBvtKpRj/3qmIxnTHql/Ig4+fkN5GQAMeoa5aLnbOeSB1H4eDoo9MwoHJqnzgsjOKgWKeEdKslpo1pnDmXiacgZlM3hznahQDgZHjAZxaUP2I945a/uvBxJZYfxdy9DVA7AZiXxxIm+6NTUqfMSefbZt3aBhrNKvtiPRvwPtxPivLNdtr61zbgb/tfDIcwU1ccuTZT/ZlbzVOl8sfUepgsyJhu8cJ9cFI2l9Fon82xPpECE91YCKw==
+site.			86400	IN	NSEC	sj. NS DS RRSIG NSEC
+site.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . hwLdyyF780Hfv+hVjV/fywU0jPuvlDVcFomosQ10/TrxAKN10Ct0Qsh3TgZiNlbY8o9eN6qnw0ntEzbMWDdvmgubfvHFY1dI2nQ1ruxDLQBWohQo1mZp8RT9BGu7rWrVMvgKpPSPWf0UZPs74Nt6K6UJwJXT7Y4zKPLW5TXtIJ5YoD1OsnxmoxkxeCG7HjvDcauwFs1/TivXHn0pH5HgYyazHHlRbS5aY8qY0g+jHHZMBanPdUXQuvT7DFeWsdJhOuVKwLNkj4uJVD4ltCHSZdcveHUZl+Kxj2NzXPEHq9/xfNgewtai0S3kvdPZg0QEBTbSbbjeiBtA7kQd13J48g==
+a.nic.site.		172800	IN	A	194.169.218.61
+a.nic.site.		172800	IN	AAAA	2001:67c:13cc:0:0:0:1:61
+b.nic.site.		172800	IN	A	185.24.64.61
+b.nic.site.		172800	IN	AAAA	2a04:2b00:13cc:0:0:0:1:61
+e.nic.site.		172800	IN	A	212.18.248.61
+e.nic.site.		172800	IN	AAAA	2a04:2b00:13ee:0:0:0:0:61
+f.nic.site.		172800	IN	A	212.18.249.61
+f.nic.site.		172800	IN	AAAA	2a04:2b00:13ff:0:0:0:0:61
+sj.			172800	IN	NS	x.nic.no.
+sj.			172800	IN	NS	y.nic.no.
+sj.			172800	IN	NS	z.nic.no.
+sj.			172800	IN	NS	nn.uninett.no.
+sj.			172800	IN	NS	nac.no.
+sj.			172800	IN	NS	server.nordu.net.
+sj.			86400	IN	DS	16935 13 2 CCEF4DFBDDB2886951A928B83F52BE462ED1F63553DCADDD433935FC41A218AF
+sj.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . JLY1hbq+fMt2eSld0bpTMQ8CBw22JWUMmgWL8PX8+B8ccIu+pAKClMKgoXA9YE7r65Dd7X5vgzsZhsIGzOUtSXLZSei1baUL7OFl8y1PYvilmYngmHUuMGLMU69NSNU/uYKS6lQb92nyuP1JKc6IR8Tph0yp6w1nCHbrnCIQk8AY5wViEDjoptR0r1X3ut5U6cuwTjmgi1hiDh3QmFo1kYkxk/VoNSHGoe/kZbfgPAxf62nfxKthoPeG7MdoRXj/9elcgacG4fZxY33JETODqnNxw/Iz3DdaLSNviX0iPshArn5Z/8Z9YN18+bElxE4rSO3sHUeV/0QDlX/f0PAHjg==
+sj.			86400	IN	NSEC	sk. NS DS RRSIG NSEC
+sj.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . ynsRC4cENSX1Il0xTV9UfkSw/bLiXyaxMWPEDD/gA1BXDG+RZ5BkCf8c25qRLIBPVDRnV4rX20rBK4bXfZzv/gBw9OgKWgMZMTbXuECM09lI2etRV4zaIE/7cavt3SWMLyvsMRnL8gXYAw98cPcfDoXY81TgI27x8+EsgjIbRO2ZuDgzfNOVPZLb2vcAw5lGEn3BtCVqRG52hbD9Ajh/7V/cvBiqPR7fKMG+tTHQRFITxEdbC+WToCxHRKcsKQTZ8RlU8ykZYiM4jyKkEbd1JlZygq2GGZ452sT7HXw8Bjvxr/2T5KxNq8Bon4KR/PMzwMJNZsmsEwEf3bomtidC9g==
+sk.			172800	IN	NS	a.tld.sk.
+sk.			172800	IN	NS	b.tld.sk.
+sk.			172800	IN	NS	c.tld.sk.
+sk.			172800	IN	NS	e.tld.sk.
+sk.			172800	IN	NS	f.tld.sk.
+sk.			172800	IN	NS	g.tld.sk.
+sk.			172800	IN	NS	h.tld.sk.
+sk.			86400	IN	DS	2324 13 2 3E7E4F60ECCC4AD8F96C654563265C9A4E56B9F1AC998E88E1CF8150FF1A5205
+sk.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . SClUDU85S9ctFx3O96qal0qw8fca7LUszjlhSYiXibhdd4JTWvYhP+Oq1i/6L2Of3i+39z5Hz/yd72qVT8kq3Kb1l0C3VgDCdTP/hJPHJU2HAdSRx/WYmnecb7CF9Yp+W48JzVbWtxK8lxpy9V8Cwc4EAhPfWJEiUKpbyZ51WQ2NUPfNoK3HKgkFvycroB2pyEj3XHMx4MSMAPH6b8PRNth0oW8rK3QJU9/7U0Es68aR+rNWerRo1U4YkKtTbLG6xEPXdzjh/YYohXf9RwFHHncMAGCICjRoqwIWZ25+Q+542eYJKKy62JpIUMemkHPt0qfMhY3i01quiEDlK/dBig==
+sk.			86400	IN	NSEC	ski. NS DS RRSIG NSEC
+sk.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . LYhswdNqB64tVtvrY9fKoady2vIa3UnPwT8/zPwt5poxXFvVTgXG0Q/qvRJXcV/dOnr0gPN5g9u+6MtzBnSbDctu0eqgGtPAuHXm9HsiEZ+idMfaVJzywDEYYjGo/MZYzMR1YYc+n65NGm8Q79hHrjT8RReGKFxzKm6xg1vxEsv0v9P5eeQLtQiZ/PDUVfPiqw6PMrg3h0bjlxpuTBtAzngEYrIdoDO9S0tq8vgZFXSKqvtlePp1SvxUeubdnWUHng40leUQfVpWpEIeaYzKUXaJsuvpEVCtrJ/JQmNiBONeEjCtjDfI9xgk09gQRJ4kEWZdEHLFZnknxQc4VLfHLQ==
+a.tld.sk.		172800	IN	A	194.0.45.1
+a.tld.sk.		172800	IN	AAAA	2001:678:70:0:0:0:0:1
+b.tld.sk.		172800	IN	A	84.245.96.1
+b.tld.sk.		172800	IN	AAAA	2001:678:90:0:0:0:0:1
+c.tld.sk.		172800	IN	A	195.12.159.1
+c.tld.sk.		172800	IN	AAAA	2001:678:9c:0:0:0:0:1
+e.tld.sk.		172800	IN	A	194.169.218.16
+e.tld.sk.		172800	IN	AAAA	2001:67c:13cc:0:0:0:1:16
+f.tld.sk.		172800	IN	A	185.24.64.16
+f.tld.sk.		172800	IN	AAAA	2a04:2b00:13cc:0:0:0:1:16
+g.tld.sk.		172800	IN	A	212.18.248.16
+g.tld.sk.		172800	IN	AAAA	2a04:2b00:13ee:0:0:0:0:16
+h.tld.sk.		172800	IN	A	212.18.249.16
+h.tld.sk.		172800	IN	AAAA	2a04:2b00:13ff:0:0:0:0:16
+ski.			172800	IN	NS	a0.nic.ski.
+ski.			172800	IN	NS	a2.nic.ski.
+ski.			172800	IN	NS	b0.nic.ski.
+ski.			172800	IN	NS	c0.nic.ski.
+ski.			86400	IN	DS	62489 8 2 D421064A672F86A83A4C7FE005CE8CD164FFFDFAB3E64415498C3413BA46FE10
+ski.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . gL+cE1zoQFINW+fiiFPeTYtMtQ44fxxOaQT+DeMNyJADrsa08BNwV+NVG0U4ZAdwE0qoECmH0H0SMMbPnCLmLCauAA6ZvZ19U0/xjxr7j/Y+gY5vfnWZRkv7ywxbumYQsJTkMwbLzxyd9Q/5G72A42RivozRIbnbBx9AtuWQPWLIK27ZSSvh32EP2gMc4sEFMoIFAqOr6NhLrO03L25Pcd/udLmtE2JPr/gd87qu30EVOakjZttaMecZbFyKVv0oAvCpVqbT/gATs9U3in7MJc0qG/p2ZpTa8SOLWSmbhIAOTDE8PkfiZ8ee/uCqOSQie7O8pd7vwMRc7utFDheyIQ==
+ski.			86400	IN	NSEC	skin. NS DS RRSIG NSEC
+ski.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . viIt4Z7FFg8+krqv93gGnFRbv2I60Tv26D7jY/EmXaZZZn0zSWgE5wSf2tbsb703119JTCRDEXdzdj3WupxakScuAfSbZnNO4AeA8v4OKIdU9fLqEHKsttZzGAzcesZhqCff6TP7P/V/theif8xFDYCJYS/wXh6WHI5PWspVocJU4bxF26Bgx4cChHv+lK8mytI3M+FD5iUxWWV40cYhZYah1pXa3pQrgt6MUsRNCzfUkB52sT9yT39/QdqnlBwgSMbAmi5FyEKKIw8joZigQpTbfUNEUkI0cQ+KRBAh0PZVkj5mQVqAil9R1mDKWQfNjYbEsCHj4SvBzxuCdp21zg==
+a0.nic.ski.		172800	IN	A	65.22.84.17
+a0.nic.ski.		172800	IN	AAAA	2a01:8840:52:0:0:0:0:17
+a2.nic.ski.		172800	IN	A	65.22.87.17
+a2.nic.ski.		172800	IN	AAAA	2a01:8840:55:0:0:0:0:17
+b0.nic.ski.		172800	IN	A	65.22.85.17
+b0.nic.ski.		172800	IN	AAAA	2a01:8840:53:0:0:0:0:17
+c0.nic.ski.		172800	IN	A	65.22.86.17
+c0.nic.ski.		172800	IN	AAAA	2a01:8840:54:0:0:0:0:17
+skin.			172800	IN	NS	a.nic.skin.
+skin.			172800	IN	NS	b.nic.skin.
+skin.			172800	IN	NS	c.nic.skin.
+skin.			172800	IN	NS	d.nic.skin.
+skin.			86400	IN	DS	8175 8 2 5B2D4845730F45F86F38D3FD6271B5E212BDE653A75FE7A3BCA1267E0429D386
+skin.			86400	IN	DS	24104 8 2 3EAEBED2323950252487A9E9F953157A1BBE8B0B7D82906FCD2816C623778B0A
+skin.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . Mps4jDLKP1knVuznunHhOQqknEoIqtoiy1VHSIooqNIAhwWq26tCMP8pSp5AX5A2AMcyWs9WgGPBp8Tnlg7z1ckb1l0Bk37Y/1kmSH+jTv4BHr/JqEWYU639my17iHqdWEHPhLhKSP2FjD50l6TJUF6JJpwRjK+jeFXHEmoyjg48SvPRTKS61lv+FkX/aJUF2+iAx4fd4Xodo7wxwEzzPQwCbwMlNuqbOJXCl8jMn4RWZmH4yh6LA7qvCLOrC5BRgbnQcIlHNoMkR/UaQRISwTtKgEQ7lOyAuUHiHUfN7QKeABOOQGtotgwdR995rv1a18LNfae51fKnIgltj/RpUg==
+skin.			86400	IN	NSEC	sky. NS DS RRSIG NSEC
+skin.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . EsFN59s2+EUD6/deBP68nlU3C4lFmb1a8gxOzlCw7H5cmMHkApUFkKLzVSYeqJqi64xwWDxncrV/0I2C90kQ8NDolHkiaFyEBsSTHVLlfQaGDaHWty0JPgBMZvSmuc7kI9jdN8nrNI53UE6cg8wtTLDyiXF9FWc7isuG9gEkga1dWjeeEwQ/G6VH1BOKlB2Hs9U9waRoET0ZMV+vhWL4zdbUBqRlvMl9XlPRwavUmmqlPYUWiOTI7el57o9g4m+Utn0Zjt/H69TAmVp4IJdSzDIUFI5D0CKFTT3TqVqt83gP03dsMb5Mb8KhuJVd2JU0gk+hAelP96YEbkzknnUkFQ==
+a.nic.skin.		172800	IN	A	194.169.218.118
+a.nic.skin.		172800	IN	AAAA	2001:67c:13cc:0:0:0:1:118
+b.nic.skin.		172800	IN	A	185.24.64.118
+b.nic.skin.		172800	IN	AAAA	2a04:2b00:13cc:0:0:0:1:118
+c.nic.skin.		172800	IN	A	212.18.248.118
+c.nic.skin.		172800	IN	AAAA	2a04:2b00:13ee:0:0:0:0:118
+d.nic.skin.		172800	IN	A	212.18.249.118
+d.nic.skin.		172800	IN	AAAA	2a04:2b00:13ff:0:0:0:0:118
+sky.			172800	IN	NS	dns1.nic.sky.
+sky.			172800	IN	NS	dns2.nic.sky.
+sky.			172800	IN	NS	dns3.nic.sky.
+sky.			172800	IN	NS	dns4.nic.sky.
+sky.			172800	IN	NS	dnsa.nic.sky.
+sky.			172800	IN	NS	dnsb.nic.sky.
+sky.			172800	IN	NS	dnsc.nic.sky.
+sky.			172800	IN	NS	dnsd.nic.sky.
+sky.			86400	IN	DS	27464 8 2 2C593B75DECD94E47A5DBC8E20400DAFA9F6ADC46F5EE033DE4F07BFD9A83904
+sky.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . heXWLYM8nmQSmgt6VTmhjBMJ5wyjdkdz7TsaLEnIJMBPhbheLquXNkS53qBta86PDQyCAgxZc1xcOWqEjcY1RzZUVW2+PSvQqUijsO02arvHHK2fA2GhXTxwRfULs8QMokzGyjlxcycvWA1C+bKeXOFcBjzfzlFFvLOw/ogEpA/ZHrWF0lLKkZ1zgE3T+rZzxODBJe2DrI+TtdLA90pnBvB0G62CsZcVwAcaxNCkih+aky/GWqwc+CK4jrWcNYzYu92PxdvbF4RLTwY/cECv/R6JHdH4zRphjZGWaiWBwEODqeFXf63XNBzOF/HoXilOkW6pEYfRGam+qZM5Ue5apA==
+sky.			86400	IN	NSEC	skype. NS DS RRSIG NSEC
+sky.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . 0qeyXO0GC+4/L8Z48Qw6rO6udJM7Bx2V8NI2PrS94YZlo8YcFnd19GpdDrNr1PBaIzzdouNpddgfB1hPB8X7eUDqKKiikL+JPxdmvOtbKxvClQO5NBYIM6BejTcGkpJ/SqBQTZ6Z7Ou31SgxgWgqC0GyMyoQ0dgMEbF1F1QZWm8dNUzsMC2tTCDFNs0PdKInjJE+WanjOqKmAPUSeklL5CNO5Mg3Rg8Zqdf9EkFkwFlffE4TVXuZROiEEcaTK6fjV6PvJPdly5r/wLFlFFjJ3voFHUcm1QL8sT3/EJZawdNx0X9VinuJ+iJ6YfvjkqbpCAxSf81yNcVoKL6+V/rNkQ==
+dns1.nic.sky.		172800	IN	A	213.248.219.127
+dns1.nic.sky.		172800	IN	AAAA	2a01:618:403:0:0:0:0:127
+dns2.nic.sky.		172800	IN	A	103.49.83.127
+dns2.nic.sky.		172800	IN	AAAA	2401:fd80:403:0:0:0:0:127
+dns3.nic.sky.		172800	IN	A	213.248.223.127
+dns3.nic.sky.		172800	IN	AAAA	2a01:618:407:0:0:0:0:127
+dns4.nic.sky.		172800	IN	A	43.230.51.127
+dns4.nic.sky.		172800	IN	AAAA	2401:fd80:407:0:0:0:0:127
+dnsa.nic.sky.		172800	IN	A	156.154.100.3
+dnsa.nic.sky.		172800	IN	AAAA	2001:502:ad09:0:0:0:0:3
+dnsb.nic.sky.		172800	IN	A	156.154.101.3
+dnsb.nic.sky.		172800	IN	AAAA	2001:502:2eda:0:0:0:0:3
+dnsc.nic.sky.		172800	IN	A	156.154.102.3
+dnsc.nic.sky.		172800	IN	AAAA	2610:a1:1009:0:0:0:0:3
+dnsd.nic.sky.		172800	IN	A	156.154.103.3
+dnsd.nic.sky.		172800	IN	AAAA	2610:a1:1010:0:0:0:0:3
+skype.			172800	IN	NS	a.nic.skype.
+skype.			172800	IN	NS	b.nic.skype.
+skype.			172800	IN	NS	c.nic.skype.
+skype.			172800	IN	NS	ns1.dns.nic.skype.
+skype.			172800	IN	NS	ns2.dns.nic.skype.
+skype.			172800	IN	NS	ns3.dns.nic.skype.
+skype.			86400	IN	DS	4519 8 2 FD50ADCD586D68B58AD4081BFA7566E3E438F0CBE991CEED726AD4485B62D97B
+skype.			86400	IN	DS	56554 8 2 FFA94DC331D59FBE4B7B2E51871B8CEEEC8CE9BAA00EFB2A9553F09F84804E6A
+skype.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . Ra1ugp67PVbjcUEFtE77oesEpxKpeCWqEmF1Yg/spW2HZhXUK24u4/ZUQWWNPvW9g0jH0OvBkgrPPF4KpJqYuj7oRbWBYPQ7yEqqGRmJgt0EqFxffogmlr7lx99IwybCNZyTg9V4PD3PMQvl0pRFs9TkSDy6SCnub7tXEjcQqj2QioOLUQRzkZQxqIeNjtBVJ6g9jxQnSYSv46sIEn/jsI6MYT2dmC7+/MHDxI3CJ3mqV6IMJ76RCJwJh70PINZ376pfcw3jzStGG9hl8AfLGKaSP+xmv5zbDgCu9XPEpimiFjaWM2RDyq5pldjh1ilbHo032z2JY0KmXqxGe7ojbQ==
+skype.			86400	IN	NSEC	sl. NS DS RRSIG NSEC
+skype.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . ZjHXcApRinlA3ufTnlWMPJBUwG0ORrYXkIW5nEDrhpzInu2A2bj2Q0bhlWTOKdZfjqeAWqbbJf3RJC8CrgFgcbwlI2QT6uFI9vFNnsyx3ONqilA2QBYK1lr0MqTvCT1v/8tXaPIPwFXSDI+teJvV5PQoh1SlA/4LTfqCoN/tYOmGpHP2HFxFBgfzLrKV+/tIVUufbuzdRuISDSJAq7WSJHyIoeELJ7UTDhNuDqPBZrybkKT+q9Lx43EBEe4y4XwHIp8Ufk88i7RN1MNxl7bGbeJTFGqV4WQG8s5zACeoFlo5SBzS8Ta6LBE30X3myNC4elTqRbxGikFKP3dDSWVHWQ==
+a.nic.skype.		172800	IN	A	37.209.192.9
+a.nic.skype.		172800	IN	AAAA	2001:dcd:1:0:0:0:0:9
+b.nic.skype.		172800	IN	A	37.209.194.9
+b.nic.skype.		172800	IN	AAAA	2001:dcd:2:0:0:0:0:9
+c.nic.skype.		172800	IN	A	37.209.196.9
+c.nic.skype.		172800	IN	AAAA	2001:dcd:3:0:0:0:0:9
+ns1.dns.nic.skype.	172800	IN	A	156.154.144.151
+ns1.dns.nic.skype.	172800	IN	AAAA	2610:a1:1071:0:0:0:0:97
+ns2.dns.nic.skype.	172800	IN	A	156.154.145.151
+ns2.dns.nic.skype.	172800	IN	AAAA	2610:a1:1072:0:0:0:0:97
+ns3.dns.nic.skype.	172800	IN	A	156.154.159.151
+ns3.dns.nic.skype.	172800	IN	AAAA	2610:a1:1073:0:0:0:0:97
+sl.			172800	IN	NS	ns1.neoip.com.
+sl.			172800	IN	NS	ns2.neoip.com.
+sl.			86400	IN	NSEC	sling. NS RRSIG NSEC
+sl.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . nUdTVw0ZsikXKlN5vnPANGVU+UbGsFqUPOBvS2O3wgLeauqc/g2Mez05P8LGld+Rp6tYKqcs5tYrw2Rn4bUsKmZT/XEGXAy3GQgmqasjD2bRL4qCQ58/z/gupDNVVTKk0UVTAN6G+LBRqZ/027oDiJBJdLn1P/d/y9q86xKyNy1htdxfhn/nMQKMbU1zvExeYyKg4qV3L/kVM5jD+re6wnD1tp9pbfya22RMaThvI6UBeWULbwtZXBvkiW6rAEn9jGGt4ZABFvXX7s1dUbQWWIX3XURpdl6T9KI9xiJSWMAcUcpBiKZ93SaaJ38awW87q9Y8am4Pex1RAqtIqgjN/A==
+sling.			172800	IN	NS	a0.nic.sling.
+sling.			172800	IN	NS	a2.nic.sling.
+sling.			172800	IN	NS	b0.nic.sling.
+sling.			172800	IN	NS	c0.nic.sling.
+sling.			86400	IN	DS	46550 8 2 FC817BC7BCC7EDCC930CF73483FDE9A88386E85674D7CF438E36ED5D00CDF74F
+sling.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . t6DFwVap/4z4O79FF6rM/VtVrGMo+iGWfz2MKOLQ9MWa96C9juCN/JEoDaSLdRs88+99Tx3A9beKWqu9RtEhe1CFJHXIWGvixpwkYO6+8+eWEXOB7PSZl7GwOIK2veW8Ju5GO/ex2qEl3DiWmYhK0Hccv1Fq0rgSa8QEh/+vHQ76F4780per0sHhgtQp6qKq8whbBNYjYCUm5kHY3Z1fxRJzjuiUDRagIoX+aF3t0NyQsq/Q2AKCRGlJLThGQyyJawdbC8PpR9dytv42nnQ7CA6fZWwXZbKDOQShxCYLIDtK0GBG3W2EA1XUT7cG9cr2sf9Z6ydtzISeOb84qNs14w==
+sling.			86400	IN	NSEC	sm. NS DS RRSIG NSEC
+sling.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . OF6KCh1rVKBW7FxReWMt6CKo5xWuGEhI0QeIprWvXCyDRtQtAx3ofJ3Sm6j8RhY8i3d7UgPCcrhrtjs7QyRA8OYxF7kLz8T35iumsrpiJVQlEc9mWBEomqlEvE1e1anJxN9VWse2hRmFzefubykrmsG0c7Vf+SbnZeun9QLcROw/ajwFiSqXnOUJQufm7PGTWNg/JltF6AeIs1f5F58hOWMKxNRhjfdlSLziYvkLPrjvdGU16rBhgI2sTIVZ4oxnCxXozmWbYzmtrqrR0wwnieOAzFWZws5d1jlv+qzM6UWNfig4f3DVLVy1MJhEMAifQTbt4tuR0kaHRw1cU5pMbg==
+a0.nic.sling.		172800	IN	A	65.22.108.9
+a0.nic.sling.		172800	IN	AAAA	2a01:8840:6a:0:0:0:0:9
+a2.nic.sling.		172800	IN	A	65.22.111.9
+a2.nic.sling.		172800	IN	AAAA	2a01:8840:6d:0:0:0:0:9
+b0.nic.sling.		172800	IN	A	65.22.109.9
+b0.nic.sling.		172800	IN	AAAA	2a01:8840:6b:0:0:0:0:9
+c0.nic.sling.		172800	IN	A	65.22.110.9
+c0.nic.sling.		172800	IN	AAAA	2a01:8840:6c:0:0:0:0:9
+sm.			172800	IN	NS	sm.cctld.authdns.ripe.net.
+sm.			172800	IN	NS	dns.omniway.sm.
+sm.			172800	IN	NS	dns.intelcom.sm.
+sm.			172800	IN	NS	ns3.telecomitalia.sm.
+sm.			86400	IN	NSEC	smart. NS RRSIG NSEC
+sm.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . ef3c6fRBUK8oGJtRoL3afM2L8omDtkDogDBEIN4Azq7rVYoRdad00VfEzziuIIbxVDxkbI15sYnlNOHlcCUCTDwx30KQ+vmYNLxGegntU9HSEQFfJi4yjKgoxixHIAp6kHCyNdRHLYqnO+w8O30GzIT9xMFWPGBDRDqZkV97wGCs0MutO8vemD7wjjBDupJaYq8/X0wlBMgAVnEU/W14VFLuRACYMIOisEGLTQTwWF0zxfWnjSHH9mkwmn3eZwQ5u0AStl9kHPcLhOsj42CNFVpQb/DdjPgoB0E3xgCwsYnDKCVQpmUUne70+UjphNkYp7+lgzPcxRbbImuINeCUkQ==
+dns.intelcom.sm.	172800	IN	A	194.183.64.11
+dns.omniway.sm.		172800	IN	A	194.183.64.10
+ns3.telecomitalia.sm.	172800	IN	A	194.0.27.12
+ns3.telecomitalia.sm.	172800	IN	AAAA	2001:678:28:0:c2:b7:40:12
+smart.			172800	IN	NS	a.nic.smart.
+smart.			172800	IN	NS	b.nic.smart.
+smart.			172800	IN	NS	c.nic.smart.
+smart.			172800	IN	NS	d.nic.smart.
+smart.			86400	IN	DS	10241 8 2 1FC272FD0BB0D9AE922348C5C63F401A9E1FBA71C8CB452AF5DF5E4E005237CF
+smart.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . im5h7z7mE1HIWdFntcpVB77i+dt03ryS0MwPXtda8m1sHzvBlWPWRfTOCoCLGc/Dk0dMW0LGqQfULPidb8Gw5IVaag4yg5y/KP4okp2VxeDLav7y1O80NkhkogHSCJMR50fJlINMut6w9vBcinCf5O+RUW+DxJO/TfSRmCXXuq9Xurw4t7meJ+KWiEAXNwnlFFATuJGBV0dh5GGLvLO1e+VCL0KwwDAv7m8sUAl2jaw9J+L7YaudqJTxaRvBhRFJmuumtV9ld2XKCMGWrOn/nplPyZAcgjwSVs3UHCznMFxla4CS0fAakHJCGtXEKzZ7x6grLsqn5w/eLjqNgUB0HA==
+smart.			86400	IN	NSEC	smile. NS DS RRSIG NSEC
+smart.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . NBuOZ2KnA+tgRiv2AA+GuMAJTPzaVNg/dMjLZxH6qtvmc/Q/cpaNA74sGINrm5dfX4EzLx+d2iK4ub4YU8tIMZHTkjZTTelRAd51qHSZ9qFwZFEB+t7zyYqjBoksTSvdo9yJCpI5+qIpI4AZXnS77UU5kzBxFOdLY49jolcOcFRtiPG2b5l7c7KnLIzb4k6v4BPyUjK1gPC/qRC+Ln3j9AImVhp+o6p3j/jFiewID6kenNdbm1CYEj8ZEmhd0PIzQ8mK1pWU875jnEWKGj8R2FaK/GATkUgAagC9PGQlfIss7VTeUN6jaxQv63fOBwu+fEvs+FaMTnC56Vc2oH4puQ==
+a.nic.smart.		172800	IN	A	194.169.218.70
+a.nic.smart.		172800	IN	AAAA	2001:67c:13cc:0:0:0:1:70
+b.nic.smart.		172800	IN	A	185.24.64.70
+b.nic.smart.		172800	IN	AAAA	2a04:2b00:13cc:0:0:0:1:70
+c.nic.smart.		172800	IN	A	212.18.248.70
+c.nic.smart.		172800	IN	AAAA	2a04:2b00:13ee:0:0:0:0:70
+d.nic.smart.		172800	IN	A	212.18.249.70
+d.nic.smart.		172800	IN	AAAA	2a04:2b00:13ff:0:0:0:0:70
+smile.			172800	IN	NS	dns1.nic.smile.
+smile.			172800	IN	NS	dns2.nic.smile.
+smile.			172800	IN	NS	dns3.nic.smile.
+smile.			172800	IN	NS	dns4.nic.smile.
+smile.			172800	IN	NS	dnsa.nic.smile.
+smile.			172800	IN	NS	dnsb.nic.smile.
+smile.			172800	IN	NS	dnsc.nic.smile.
+smile.			172800	IN	NS	dnsd.nic.smile.
+smile.			86400	IN	DS	34961 8 2 BE86EE1B42B863C89283BF8EB0B013D6C16DB2B0702A3C28299EB318540FBEAA
+smile.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . HQXCKd5BXNQPmsSTJJeUTskkYPsPUA+2EEcruGReq+aFh+UaSQlssn3ocNAjqluAEZ6GG1bb4N+xMql08D+7f59xpvr4uFgGk/qK5SOyY8oQtN8L950JJpo9+OfNuV90aMVdkPjbTG0zimZ8WmTCQeCOolbdsXU20OsrGdtL/jJgf7bfHzThnX8dp/8sZLhOO674QQ8HtQSuGEIZq0a9JQcgkB9CD6lCWgn3Yfw3Ap2Bb53O6IbnusTFUKptQsp4X3zg4iNs9/GSYPVJbZLfewWk1BU2NNhbba+r35MimbmR3IQHm821rj4lQVK+zQeSbywCbeseRsm2zV7f5Q+NcQ==
+smile.			86400	IN	NSEC	sn. NS DS RRSIG NSEC
+smile.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . EfKSmKsox2s4hHJV6PswCaebI7A36tz9omNXQlOzpaXfA4VyQUjgK4iuMpXz+0ZNjSOSrS/Epk0s6LGjEET3za9H1kQEgVxUr3ZzxPgcEeq7T7yku0iKrmUEWXmUv4xgK836rpDyHBB9xt1Fd4uXDCKIMYDKR8VdQLY+Sxq/MjmAPK8YA0f87lIfNkGZVsq1Q7X5yHYHGz+9CRGiqX0PWdWuERxgJNXnQ77KUNC2vaBTtgp1++thoJAqrMpcunGht9mnkvgfMxzzt11YLBfpuK9b4LMca0MKf7pOxX7qRd3y9KsAbwX9/VmDD7cozVG1foqHCY75LEsodrFunH+kmw==
+dns1.nic.smile.		172800	IN	A	213.248.218.81
+dns1.nic.smile.		172800	IN	AAAA	2a01:618:402:0:0:0:0:81
+dns2.nic.smile.		172800	IN	A	103.49.82.81
+dns2.nic.smile.		172800	IN	AAAA	2401:fd80:402:0:0:0:0:81
+dns3.nic.smile.		172800	IN	A	213.248.222.81
+dns3.nic.smile.		172800	IN	AAAA	2a01:618:406:0:0:0:0:81
+dns4.nic.smile.		172800	IN	A	43.230.50.81
+dns4.nic.smile.		172800	IN	AAAA	2401:fd80:406:0:0:0:0:81
+dnsa.nic.smile.		172800	IN	A	156.154.100.3
+dnsa.nic.smile.		172800	IN	AAAA	2001:502:ad09:0:0:0:0:3
+dnsb.nic.smile.		172800	IN	A	156.154.101.3
+dnsb.nic.smile.		172800	IN	AAAA	2001:502:2eda:0:0:0:0:3
+dnsc.nic.smile.		172800	IN	A	156.154.102.3
+dnsc.nic.smile.		172800	IN	AAAA	2610:a1:1009:0:0:0:0:3
+dnsd.nic.smile.		172800	IN	A	156.154.103.3
+dnsd.nic.smile.		172800	IN	AAAA	2610:a1:1010:0:0:0:0:3
+sn.			172800	IN	NS	ns.ucad.sn.
+sn.			172800	IN	NS	sn.cctld.authdns.ripe.net.
+sn.			172800	IN	NS	ns1.sonatel.sn.
+sn.			172800	IN	NS	ns-sn.nic.fr.
+sn.			172800	IN	NS	dns-tld.ird.fr.
+sn.			86400	IN	DS	36827 13 2 992ED3A8CD111420E26FD9A8B8885C3BEAFA13507EB0606449AEA1DADC21B25F
+sn.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . DjbyVA/ErZYTXGuk58j6Zg3eJtHmRpTFsBGkqeET9RMmG5EYFSmk0Wz90gAuocHsFu/efec2VS8GMSCjmBNH9HJ6jLhJuZoA0HG07xDSDyUxetoDNqQpLXUsqrHeSeGgrfsMBrYQNSYmC8QtmkQUxIneHmnUTi6OCB4G1Z3HL+/iGQwnwCMqLF3MK4bZ3b6cnWT/BWDRUGxoxlw4Q5dpWMvYF8nDnG7S1aZC9/bgchwlVXx+ir8ATDI6BOY35LuhsHmhCI1Lk/E5b/Zi4H2YmGksM6DL3NxhlDFqfmeP32BgEAhzRCgydALIYS/lUKMI7EdufWVt3JDDOGXjeAKVFA==
+sn.			86400	IN	NSEC	sncf. NS DS RRSIG NSEC
+sn.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . lXkuaq8WYQgVdSQLzekLfIjLjWEdWYOUl4w3Nmsd5IMQ+idXpCe4SICaHNLLSSXfm2zgUHyRKHDLA+Xbvd4eSgjlfaIBYo+ePPD2qkDvhtChDOdmSRaYp48LXtMbSm0aIchasz+f9nc7cjhtX4SlvY4ROqID+X1nhhMpSxcahLW613MfRXJuZdMhbHN1eIvoagoq75hkCFfRS3WF4/imrr4ZS2cEx5mKzuLA/UWZ65/vkj7yfQEUx8Z7Ze9Q+m+ogOPSpbnV1HiH6D0ff5U5xpdLajx/kOSMokPhTVPCEH45lZcwvA8YafRyHA+sHja7GFfcKVAq9/lqYTJfk0wn+A==
+ns1.sonatel.sn.		172800	IN	A	213.154.64.11
+ns.ucad.sn.		172800	IN	A	196.1.95.1
+sncf.			172800	IN	NS	d.nic.fr.
+sncf.			172800	IN	NS	f.ext.nic.fr.
+sncf.			172800	IN	NS	g.ext.nic.fr.
+sncf.			86400	IN	DS	42021 13 2 76868912D2C9AC062CC7B403AD3F32DAFFEB37CF4C220BF74E196FB75F7C861C
+sncf.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . a55L2mjOMETjhQvNQ74p2HdQNB6dB4F5/gsVgJFqUtGY6tQBRparD7330r175RU0ECtcXO8szADPwDJz0yDFM9b5ef9phAT+yHkomWS9H8Mgb7nX5e/H2T4BmbmU1EixHBrFb4h9snDXp0fxDn3zCUMv/eaSzJzQllxa62Q4SfK6aVICL+5KNOTHU2jPaKzOV/chRiaYPCC4UJmkjcrsqod6WTUxRmRAv0JvV4OE++yHAZAGLBXBsUNa1pXMXMvHnNwj830e4FNMp7GMUEHiYpvklvarpk+D2E+rZ5KtTVjyeLyee98EbbaFawdswC+qI55qfikd/RvonJGllaORug==
+sncf.			86400	IN	NSEC	so. NS DS RRSIG NSEC
+sncf.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . qbV+EgYZn6H1Cd10mQ0lOMU3x3CG2KZkomFefjLaH7dvhmvjLUPJVmBRIAH4HlLbXA4BodLor1fR/BogkmFsxZs91RyXWYBeA9OEQdzqANe1PtstR1TJwsmmKj8S4SnupiJIr4RivZa6eTEBSotcJOHzRNBuZUANDPfnni9drXXL5cWqdb/0LEgqnohBTQofnHGqIzmsXIKCycQn6QoEbRx52SWFcA6zai6iLTM9F9AhvVqx6oGR2SzRpeTa/jPkpd0THEvyeOybyEZSzcgRc9qRK1x5DVzP60Jp2CJhIY1tK1NfFG0wypVitezzdVDJKmEYlmSH46BwE9G6oOG7DA==
+so.			172800	IN	NS	d.nic.so.
+so.			172800	IN	NS	e.nic.so.
+so.			86400	IN	NSEC	soccer. NS RRSIG NSEC
+so.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . TeBmQJtLfCMYLvK72yIszAjFyZ2B3tF9SeSXEjPBFuBq0K9hLVXWWDdbffEc0u63LpQzhupPcC+2yO3FBkW2WRbkVKBJREmJzCwAeUYf1c/Gbz/5dPndZ0XI4xUhCmZM4MhLo/t3uREfx3s/3sw9J8hisji02PkTvoorGJTOQIeDLLX7GLDGOn+XGGKgYFVP/U17aQ84w/eRwQ6mklXelDhV83xz0C7bWV2VJCUeq3D5nNK5VMaywHfrCIWwun6eM9NawJldYrRcCXMLR+LfZL9Wu5ByWIv2VwV7Fky7hT9BS8oxCPCqwjV6wqBU5oZs/KFrpjhEqa+5Kt7I4BrF3A==
+d.nic.so.		172800	IN	A	196.216.168.54
+d.nic.so.		172800	IN	AAAA	2001:43f8:120:0:0:0:0:54
+e.nic.so.		172800	IN	A	204.61.216.101
+e.nic.so.		172800	IN	AAAA	2001:500:14:6101:ad:0:0:1
+soccer.			172800	IN	NS	v0n0.nic.soccer.
+soccer.			172800	IN	NS	v0n1.nic.soccer.
+soccer.			172800	IN	NS	v0n2.nic.soccer.
+soccer.			172800	IN	NS	v0n3.nic.soccer.
+soccer.			172800	IN	NS	v2n0.nic.soccer.
+soccer.			172800	IN	NS	v2n1.nic.soccer.
+soccer.			86400	IN	DS	28159 8 2 88EF6E5B2AAE60CCCF9F9585D03F0F2BFF9A57C613CF3EDCF01E34734886F0D3
+soccer.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . cMQaECuJUL0hEC59JJzDJwzU/sXduIxnJ4SU08OrYdxh2A0zB93SkYGO05E5Cp7THxTe5PYr7vor2ogFXVnYTOsfatTiEpsEqQvg2kff8cHPbk3/vXT+ArUptGNw644abEyZFNtLbvKOPa1rxJYIl5F8559iSw0fQ60me8wcFKprHOdmUqEeuNp6TsWOTt+XgCDrabesxgSaiPx59v436epBtJyuvV3ffoiSnPx4opg8VFzRKS+zM1uXmvMaoIH2KQN+YYY+GG9Tqv7sxHpOSsU5OF/pp4/AkGO5FwTauDiV0NNviGpJ/OB+J5DjSxKKWEZJYUW8lQOreCksfubu9Q==
+soccer.			86400	IN	NSEC	social. NS DS RRSIG NSEC
+soccer.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . rNjh3cRU6JxZPT7ctdH2DF+3hsRH2ygqQscN1RKpDPEPPe6pPzXZz5+AA7fhLEjV9HY71F1qFHb09Oxojyl9h41NRwVJ50AL3R7UVCr+N3d1iaFDXNHfmV4LnpVcGW1aTliEDtbwsRVTQj2dpS7nm5EaBCR9sfLcKc5uGsEH5TI3UiRSUocxSKIldYXq+U8TWMh4zHSjTcV9Q0ZDli0uznnAs8mhLTJ/7bV+3ttcEC8wZsC0e8S4vPzrb8gF2GLQyNTOumJbJdiHHzh2zAKQMiX9zr+WwiK5IOtbCgsZNxfbaAaCjkj0zlYbV2Br5SA9kSXlW7Ygh7VecWEgfH08bw==
+v0n0.nic.soccer.	172800	IN	A	65.22.32.58
+v0n0.nic.soccer.	172800	IN	AAAA	2a01:8840:22:0:0:0:0:58
+v0n1.nic.soccer.	172800	IN	A	65.22.33.58
+v0n1.nic.soccer.	172800	IN	AAAA	2a01:8840:23:0:0:0:0:58
+v0n2.nic.soccer.	172800	IN	A	65.22.34.58
+v0n2.nic.soccer.	172800	IN	AAAA	2a01:8840:24:0:0:0:0:58
+v0n3.nic.soccer.	172800	IN	A	161.232.16.58
+v0n3.nic.soccer.	172800	IN	AAAA	2a01:8840:fa:0:0:0:0:58
+v2n0.nic.soccer.	172800	IN	A	65.22.35.58
+v2n0.nic.soccer.	172800	IN	AAAA	2a01:8840:25:0:0:0:0:58
+v2n1.nic.soccer.	172800	IN	A	161.232.17.58
+v2n1.nic.soccer.	172800	IN	AAAA	2a01:8840:fb:0:0:0:0:58
+social.			172800	IN	NS	v0n0.nic.social.
+social.			172800	IN	NS	v0n1.nic.social.
+social.			172800	IN	NS	v0n2.nic.social.
+social.			172800	IN	NS	v0n3.nic.social.
+social.			172800	IN	NS	v2n0.nic.social.
+social.			172800	IN	NS	v2n1.nic.social.
+social.			86400	IN	DS	40816 8 2 683895EDF086360B6BC8F2E6674BFE94735DF6F88A6EFEFF850B905595383AF8
+social.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . JaLpniG0V9PiC/x4/4J6MITbi86sgW75OkL4zAX5PqELb5rl0TbzEizxzosCNdBQswMrFVodA6YlmBWwfjNRKd3iF/XIoUUTWgIzNXtIks5UdxoltlTyTsyKg4wLPPle7WaLFCok5lsQa8a1FyL0Qxe7sUnSETG7Wp/0hxckDIXb7jdp8cqXUfa+iP941cxaQ9B0TUaJ/AXeptS6P/lbTsEuvjkrKsDUcWhMoZnvc2ODZzrfJRP7qpTxPPs/pBjM7Z+nuL+M5l7NP8M0x8T3P+BQLxQJC3f5UA7oqKes2tQfdgEhxi5wPrsw18Nrn4IavdPp8cDXRqlJwXQTQIrutg==
+social.			86400	IN	NSEC	softbank. NS DS RRSIG NSEC
+social.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . LgrQhI+5uziw7N5H+BdzzeAKi3IL1uEIF4ufKVpmY1SLgGSkuUWcMyLBxtrXmT0M0SveUk0zWjOcwe2Ts1pCFoLOmdfOqVTwJabQuUdrTV+iFqj1fWdeRNEk1NBxLDJVWESLXU1na+5ejhyFNvXw7b4P9EXEiq2wJEzRhUixKTUeBDTPZHWiNOUwXwX9BQuyAsJjMFjlBBWqQkVg7sOtdv8kUwKySzf31HqcswLir82+Xfxi5wiMEreT7Tkl5TzmbkjYuvlMAJ5YbZdryyBF+n3ZWyZ5j9g/vy+lr4giUDO3h7v1s69GpLtb/B2jJPjHw4O8URqcAi6+5WOyDqDyZA==
+v0n0.nic.social.	172800	IN	A	65.22.20.41
+v0n0.nic.social.	172800	IN	AAAA	2a01:8840:16:0:0:0:0:41
+v0n1.nic.social.	172800	IN	A	65.22.21.41
+v0n1.nic.social.	172800	IN	AAAA	2a01:8840:17:0:0:0:0:41
+v0n2.nic.social.	172800	IN	A	65.22.22.41
+v0n2.nic.social.	172800	IN	AAAA	2a01:8840:18:0:0:0:0:41
+v0n3.nic.social.	172800	IN	A	161.232.10.41
+v0n3.nic.social.	172800	IN	AAAA	2a01:8840:f4:0:0:0:0:41
+v2n0.nic.social.	172800	IN	A	65.22.23.41
+v2n0.nic.social.	172800	IN	AAAA	2a01:8840:19:0:0:0:0:41
+v2n1.nic.social.	172800	IN	A	161.232.11.41
+v2n1.nic.social.	172800	IN	AAAA	2a01:8840:f5:0:0:0:0:41
+softbank.		172800	IN	NS	a.gmoregistry.net.
+softbank.		172800	IN	NS	b.gmoregistry.net.
+softbank.		172800	IN	NS	k.gmoregistry.net.
+softbank.		172800	IN	NS	l.gmoregistry.net.
+softbank.		86400	IN	DS	34384 8 2 7A7CDE44C2C68CE4D0440E7F9F01A1A0358EDE57A9E007AE01FF94CB0506513A
+softbank.		86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . ST8VNAyzajhVivIMQvPEFiDY2/Xvv9NKhUhJ/LWERRKMsDyZEkKSMqwEfSPo9QQWboqhXIfovEZzMvRhAO5k+ZMJK21OLJC8GnaFwH4+jqKED/rxWKjJXpuMHUhLdURrHgpdXjao+p6HIdXjy+b3rLHjyb5+vp0utOgcJQfneRd87taT9S728R1DqF7zYPSw9r+MDOSAl0Ps210H0sw9PuLTCIa+WnmmSfcl+11I/46qvmKIhHgCBRKqY4TQPDyVSfJnP7WIlspd2Y3PocDF4BTExr6aeygocg8KG6Xzp5Mf5qlRL9y2jRt4j88CRIM3z/YFyABAD/m/ouGYJlquOQ==
+softbank.		86400	IN	NSEC	software. NS DS RRSIG NSEC
+softbank.		86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . dV16tcNnliLA18E5NEOWjs7t8HTiKL60OgkJtCRCcpk2pjaFzunRW/kAqfqXT55faAHGYruA9/PMX4jz4lb3PgIwzAkN1C5iePOF6ERDil9zb4G4s1s8lXXdPXUbzJL00sL4K/ORN/BF2yJOCixvXdTwDpIUgcmCFM26W5Yz0Y6xjNXq4jdU6Ec/GeOcNbRX4y+mkw+YpyHYSk1xdDVEM0A8AgUPiUQSYPLonUgMmjpQ5gJI33QDhM8bPB+edp+bzUN5owGYrI91/3IMviYyxKw8VxWBgoFJEhHLTI5z+ncyxkwuNJLU6D93G4I1oPqUSYwoSPpNiBjtn1SbzlcSdA==
+software.		172800	IN	NS	v0n0.nic.software.
+software.		172800	IN	NS	v0n1.nic.software.
+software.		172800	IN	NS	v0n2.nic.software.
+software.		172800	IN	NS	v0n3.nic.software.
+software.		172800	IN	NS	v2n0.nic.software.
+software.		172800	IN	NS	v2n1.nic.software.
+software.		86400	IN	DS	13531 8 2 ADBC7A3C20E6F0B685C47BFA610899B783DC463921F47BC231A6E29147E80902
+software.		86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . yGmSiyyffuDsKt48xtRti45Ocb5CIJNfgauCJ4kvQTGMe9FR39a3+3Q6MAkb9D25qmMBWeBUyzw8cd/lW3SFJz9TZeZkJak+1qvtFwe+ISKjCA2bXrcRwBFNoQ+/YFVQ1vaoitCWhMr15ghukzwKJH4GBlvgFer4Fs0YvZI/nmU6Cjci36sEdZ/4tcHcShs1mrnTmT7bRo/h2yn9GHD+cdilc3Qs2RLs/LekIsaL/ForhOUn1oKz/dacTzgfq7DJWCMFNf9Q6gaypJWq+9Z4TLXc0pvmK8IHsPeyYl+vNCWcn50xXB4QnHUFWMa/bjliN7i37lBe5e12xYr5wmdnqg==
+software.		86400	IN	NSEC	sohu. NS DS RRSIG NSEC
+software.		86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . I6uDOaUtCVCKO0W5Yts7f7CZkRkUkn5+L1nydUFqrC3gGD6si0lbLKXpmISHut2ir9PWAY5wTLjscmQSlWXFOHRzqwev5YJYWemHPEeZF1xON0VV+GrJ9HkJEiRjlaVa2vWr1cOAntSYB9kFRAr1Sog7m6TDVpSVnZJ9q6pyqYZY45HdUkC1mldlkwX2i8o0LZWFd0KzsngEJ9yKurEFr8DWmYXc6AZl1hsKt5TG4d5sUtG+CB0rIV4xc4VjflR6WhAz6tACKJ7hB6fyjtgj5Oqfg35ToE++DHuPdwVCeYgyfpu/nlCymmuvkba/lLlOVnvbxsNy94l1679QIcJSwA==
+v0n0.nic.software.	172800	IN	A	65.22.32.10
+v0n0.nic.software.	172800	IN	AAAA	2a01:8840:22:0:0:0:0:10
+v0n1.nic.software.	172800	IN	A	65.22.33.10
+v0n1.nic.software.	172800	IN	AAAA	2a01:8840:23:0:0:0:0:10
+v0n2.nic.software.	172800	IN	A	65.22.34.10
+v0n2.nic.software.	172800	IN	AAAA	2a01:8840:24:0:0:0:0:10
+v0n3.nic.software.	172800	IN	A	161.232.16.10
+v0n3.nic.software.	172800	IN	AAAA	2a01:8840:fa:0:0:0:0:10
+v2n0.nic.software.	172800	IN	A	65.22.35.10
+v2n0.nic.software.	172800	IN	AAAA	2a01:8840:25:0:0:0:0:10
+v2n1.nic.software.	172800	IN	A	161.232.17.10
+v2n1.nic.software.	172800	IN	AAAA	2a01:8840:fb:0:0:0:0:10
+sohu.			172800	IN	NS	a.zdnscloud.com.
+sohu.			172800	IN	NS	b.zdnscloud.com.
+sohu.			172800	IN	NS	c.zdnscloud.com.
+sohu.			172800	IN	NS	d.zdnscloud.com.
+sohu.			172800	IN	NS	f.zdnscloud.com.
+sohu.			172800	IN	NS	g.zdnscloud.com.
+sohu.			172800	IN	NS	i.zdnscloud.com.
+sohu.			172800	IN	NS	j.zdnscloud.com.
+sohu.			86400	IN	DS	25066 8 2 CE87E0735A424D4601FDB8D7691FF1B916C54C6CE367A9A66CCE7F88EC8A9E97
+sohu.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . au4P7X6CQajbEAecSBoocGV0oRDzQpiW3D+dQEXolzAmZImtsvtwmKQ+JW35U2dEQ9digs7uk6UdaWQvP3A1D0L2d2ltJ/oh55io7DwxB2JkBcfCf9qV9F3B9xI1ywHG/y2rDiKcpsd5hUhQip4XnarTtW1RwoFqrLkJPq91wOjo66+r5c/Qyq2odbk2n1LeuKPQ0h6l72FsilmO1oG7o6vCKoYUh2YmKfaPUJOuZpsNaDQrCH66xCzKqRf20ukFnma3+n+QHRLqlORnaQ8WJZ+qypqNbUWHgtdOFQRFczw3bT24f1C+9D2gIZL1xjBK3efFBUYs9YzUeqd/ZjI0tQ==
+sohu.			86400	IN	NSEC	solar. NS DS RRSIG NSEC
+sohu.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . quv2rghggfAtqJ0XGTLU6zkNYGD0maBHklGG1HUGqLL/g7J6yzuDn2/ItED5di3R3lnWX2WM70lUtUk6F+0rG+JrTMcbP/LAs/ny5401xkjr8YH2pqrSDz363LkMweQFnAM718LnmciDOMwzm+OSP4+7Jt7rKGtOlBYe9HQ5sByvUn48/wl4J2kOtARONuYuVzU+Izw8duYbqjqNRT1Ufki0rkTiRruz9j81ryelvoyU4DqStFwKOw+h9xbHTSiF4RTeSSPsDxLb+o6L8frE/LxaHAt6VNYwKORofeL0S6RlTF0tIUsPup3XtZHO4ig+Bynvq1J99wz4Ec/AFr6mzQ==
+solar.			172800	IN	NS	v0n0.nic.solar.
+solar.			172800	IN	NS	v0n1.nic.solar.
+solar.			172800	IN	NS	v0n2.nic.solar.
+solar.			172800	IN	NS	v0n3.nic.solar.
+solar.			172800	IN	NS	v2n0.nic.solar.
+solar.			172800	IN	NS	v2n1.nic.solar.
+solar.			86400	IN	DS	55894 8 2 9FE65D323FA0CEF5B7C9180DF5E5EB8CB03D9E8253FE0089E85E4BB58A57AA5D
+solar.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . zj8kNznOkYM/qwOB6rBf/gNe1n5qdfKkkD+IUwn4GEz44D65aRSTd4ynhAYMi6ZP008s8CN2QVv7bTaHNNpKBB4eiOMkGHBdJsCITYW2q4glF2xF6v5+gNdwqUhr+G8i4JLpTcgE/ata6WlwxOnTt+Y5wFsnVQvGuLHEiRhwbhH6XzyxCaFjBKGzDo0Ar0EmRdHlUXwjsYC2KY5+AhIoJQMfahZRvVY8cz+6jWIfFhDjYq8uIFgekfK7Ly5rwAuPgC6ViufsS0xtvaRonOtZuxBPJCH5O1Ody07HPc569UXuppoC/2ZtqCiQVgid2Jb6y86dV3dWARXYPvH0JrUAXA==
+solar.			86400	IN	NSEC	solutions. NS DS RRSIG NSEC
+solar.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . FZXxplz28i5gp7446uB/Nrr2wgQHIPaUNRLRtzEZvJuOL8Q7bZ91xqRs7axpSfxKZbKVRl+7sBbuLCYp1DY3WEFUfMd9HqMe9RZABa2yARnJ8/SAih6t4dwYuPgLN67TdvWso5nTRAt5friV8Pt6sYN7vLN+70vX5GEi5mOiEbaAsahCf695aaaTrNMj/qYu8MlGbMYJDJ+KjjEJ56BJtgO7GTCCczIkDVgU4Z7kOTL1TvO6MwbfSPpu99UICx7q0pYj1yGWP5Y9meh7nw658JILvtgqZsz83D/iG0uziyCQPCrCkYL37YrYLz3DJiB5AfQ8CQV7HrSB+lxckITnIA==
+v0n0.nic.solar.		172800	IN	A	65.22.20.51
+v0n0.nic.solar.		172800	IN	AAAA	2a01:8840:16:0:0:0:0:51
+v0n1.nic.solar.		172800	IN	A	65.22.21.51
+v0n1.nic.solar.		172800	IN	AAAA	2a01:8840:17:0:0:0:0:51
+v0n2.nic.solar.		172800	IN	A	65.22.22.51
+v0n2.nic.solar.		172800	IN	AAAA	2a01:8840:18:0:0:0:0:51
+v0n3.nic.solar.		172800	IN	A	161.232.10.51
+v0n3.nic.solar.		172800	IN	AAAA	2a01:8840:f4:0:0:0:0:51
+v2n0.nic.solar.		172800	IN	A	65.22.23.51
+v2n0.nic.solar.		172800	IN	AAAA	2a01:8840:19:0:0:0:0:51
+v2n1.nic.solar.		172800	IN	A	161.232.11.51
+v2n1.nic.solar.		172800	IN	AAAA	2a01:8840:f5:0:0:0:0:51
+solutions.		172800	IN	NS	v0n0.nic.solutions.
+solutions.		172800	IN	NS	v0n1.nic.solutions.
+solutions.		172800	IN	NS	v0n2.nic.solutions.
+solutions.		172800	IN	NS	v0n3.nic.solutions.
+solutions.		172800	IN	NS	v2n0.nic.solutions.
+solutions.		172800	IN	NS	v2n1.nic.solutions.
+solutions.		86400	IN	DS	23131 8 2 1E10218CD63AB2AAA5A7C6FD02CCB36A543EAC55A4185E24E9ED4E15A866E2B0
+solutions.		86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . oWaHDmRgUGPhJ67i0a8dmjce7nCb57CIraS9FCAXwT3Kx2uRHFqIu0BJxAO1fBGNyRG4bJfR643O33b6uuN2uVgf9hgTT1n1Y3/43F07T3Wwzqf4Dd8Ql0ddGkEBXIoBbkWJlD4zq/OSFX0Jdg4ntVSkbf3RlQYdS8M5b6nZoaJvZ8vbTgyjPdlQWNi0hTkhyhZjGJ2FjfLzlAcahF2aYYSPBk8dm5RsIKcNcc9uQvq20KJfF16vOzDZgIFniAvUznRC6/5/r8EFFGQUmSYJtNHcY0cgaWjKX/qlbe73NLneqi4ZfTxLtTWVBzn3pjGJ+oHMZmUD10ApdCjy3Rr8+g==
+solutions.		86400	IN	NSEC	song. NS DS RRSIG NSEC
+solutions.		86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . y5A/ZlvOEfa4bED4s3Ub/YkpVI4QuHZelG+yAFsSxbImIG4q6PcqpGdYUxK8/03B52B/2tDYTKkEoZtenI4VzNak6IU15tXQ7DOb+21S1f5aBhWCDk4pHLbq3hZsHmgDPxVIrDR8flOut5+ky0AiUVjoz8PDZxRh+M381DDEjCyhs02htMPIE8UJGcF4J6al2vG1wweg4B3rJrTMIBkXCI7KfuYyGo/mNkbYlGcNZ9yPn6VWIJqnxBW4GQgkzTGTZD8liw5TyblPyPSaQNe4VdTxNWtrK2KNcJDZhgUJQtfQ4N0TuqWd4iIRw6SazQf3gRJlqfAyKWfwWG6wBe2InQ==
+v0n0.nic.solutions.	172800	IN	A	65.22.32.2
+v0n0.nic.solutions.	172800	IN	AAAA	2a01:8840:22:0:0:0:0:2
+v0n1.nic.solutions.	172800	IN	A	65.22.33.2
+v0n1.nic.solutions.	172800	IN	AAAA	2a01:8840:23:0:0:0:0:2
+v0n2.nic.solutions.	172800	IN	A	65.22.34.2
+v0n2.nic.solutions.	172800	IN	AAAA	2a01:8840:24:0:0:0:0:2
+v0n3.nic.solutions.	172800	IN	A	161.232.16.2
+v0n3.nic.solutions.	172800	IN	AAAA	2a01:8840:fa:0:0:0:0:2
+v2n0.nic.solutions.	172800	IN	A	65.22.35.2
+v2n0.nic.solutions.	172800	IN	AAAA	2a01:8840:25:0:0:0:0:2
+v2n1.nic.solutions.	172800	IN	A	161.232.17.2
+v2n1.nic.solutions.	172800	IN	AAAA	2a01:8840:fb:0:0:0:0:2
+song.			172800	IN	NS	a.nic.song.
+song.			172800	IN	NS	b.nic.song.
+song.			172800	IN	NS	c.nic.song.
+song.			172800	IN	NS	ns1.dns.nic.song.
+song.			172800	IN	NS	ns2.dns.nic.song.
+song.			172800	IN	NS	ns3.dns.nic.song.
+song.			86400	IN	DS	40012 8 2 9490B716F1DC3BF325E846595C3511F0DC8B3F5149A7664E53671256FDA4C6FB
+song.			86400	IN	DS	64366 8 2 68D1D29041B564B8582F81D7409D912122AC68E2E23BF9167F3135621790FB71
+song.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . Yh0EmXZj2MsNWN21dT9sHz3wwMd4rph8EeeL8S4amN2j7aIUoRyTwmncQrZQopq73eJ1UZrzSGXpdoPvnqo1zkcvTm0wLD6m8E2yaHft6QfZRy40Ioy67RhAVQ4coM4PStGneWf8WfN3P/4wDLnfWtwehE1CHS+qPXT14V9b3uRPTX+3HRU0o7cmlgY/mvu8TY1K+2+Nytg+gFQs78KytD9dROMHki5uqW30kH1LCJdOvJMHm77u37CXhH4WGl/Eq8URV9XZKmeViJg3JRQwz8HsdQ1sqG846ZNjuxc97pNiM72mq00tjr/p5Y4tNzPJibV9U5Kou2KuixXUlWO7aA==
+song.			86400	IN	NSEC	sony. NS DS RRSIG NSEC
+song.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . vGQ18nwRDI0bfUcmullOC7JZLvNXkC7ztcFk+D0HWIjcs/RuGmilW+hPKYd9x3qdiBZdK8V+Q8tHm9ushdLTIQE+QV40W+RboC1Y+yAMOe0sKQk0BRktXmZnsRrU2wbNunAmE/uHwFvRNqWbclnxJlrsfeazFbhGKAx/AaXhFq8PuK9hj1t3R7TVRAepZVEk8/dKjK37Mf92ugD8y5PKk36Yv51u/6kaKJme5txvjYCNiBT0f+959gC4zo4WSFNvOXyM1WJ0EUdKGWDz1c+kHT3c5KiJlR2rvmSbKob8jq0Jb3pF4GAAHZJTumNxOZkaH2BwjTqiXREskj+0Axv/9g==
+a.nic.song.		172800	IN	A	37.209.192.10
+a.nic.song.		172800	IN	AAAA	2001:dcd:1:0:0:0:0:10
+b.nic.song.		172800	IN	A	37.209.194.10
+b.nic.song.		172800	IN	AAAA	2001:dcd:2:0:0:0:0:10
+c.nic.song.		172800	IN	A	37.209.196.10
+c.nic.song.		172800	IN	AAAA	2001:dcd:3:0:0:0:0:10
+ns1.dns.nic.song.	172800	IN	A	156.154.144.153
+ns1.dns.nic.song.	172800	IN	AAAA	2610:a1:1071:0:0:0:0:99
+ns2.dns.nic.song.	172800	IN	A	156.154.145.153
+ns2.dns.nic.song.	172800	IN	AAAA	2610:a1:1072:0:0:0:0:99
+ns3.dns.nic.song.	172800	IN	A	156.154.159.153
+ns3.dns.nic.song.	172800	IN	AAAA	2610:a1:1073:0:0:0:0:99
+sony.			172800	IN	NS	a.gmoregistry.net.
+sony.			172800	IN	NS	b.gmoregistry.net.
+sony.			172800	IN	NS	k.gmoregistry.net.
+sony.			172800	IN	NS	l.gmoregistry.net.
+sony.			86400	IN	DS	31580 8 2 F783850C3C82680A57C926B79098EE5DE999772DCF6745A56FCAB20CE9330DE5
+sony.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . Jl+6BkkI2plLh15F9v6JO3LrAX+oE2Wue3gvFxC+/PMNGrwFqoGt0H/39YIyegFn7aoUF6VyRFg9DcyE3acDO6SHS5nvLeEQ9qLACwcS5kmCLumuiA2L7Z6oKlHrAkBoUcCASVg60p4ZuMiSyJQXIk4E3z2MHWfvDJwrynAVDIU9hmkD/Vg134gkUVoAASFSLU5rwiqS++x87jwg6kPoRSNn6adT/hZ5kaFNRw3lvyRSxq0byREQ5+6TOI3LSuhJfnQRvIuOldO5fk1sHMv//NVo/MSiragUnH2WqWbubhDE5nw9ncrzKFr/M2HZN/xZ/86d2uWxouzSagCgzB0GLw==
+sony.			86400	IN	NSEC	soy. NS DS RRSIG NSEC
+sony.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . n/9SFp3Oo8OjsGkIonTsH66sX0q8uqf3AOopGVjB3oQY3SAFdQgqVNCvNGYfgIGpJckNsLAZHW9rt5noCNGXn9IeYDFC2SaUOcQcfkVSYB5WpNuMYWk65xVvidjndABiwzBC10/Cvjduen1cR1qPce3UIy2WT9SFhLW0Haf1e8Kn4rg1R0XxvbNst6Mky6d2Eg4jUze5o6MlnQFTbC3AQ62McpnsJT2HWkPjm4ktjilJueqIgYbI0psLka4ZFnJZZDpAClVnghK7was8v0Y8EEDt6sbZZvOZkCETjTZ2GioALxdYseholHnlUpIzmL+w46pSgtRyhmqvU8H+5tEEUA==
+soy.			172800	IN	NS	ns-tld1.charlestonroadregistry.com.
+soy.			172800	IN	NS	ns-tld2.charlestonroadregistry.com.
+soy.			172800	IN	NS	ns-tld3.charlestonroadregistry.com.
+soy.			172800	IN	NS	ns-tld4.charlestonroadregistry.com.
+soy.			172800	IN	NS	ns-tld5.charlestonroadregistry.com.
+soy.			86400	IN	DS	37831 8 2 2C8FD7C33B59F39069AAE096B65ED29B10BBE11DE874833FE20FC54A64815D2F
+soy.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . tNeCPSsF4uA78O+zNSq1QPEQD7A4qdpsQacyesqLMp2SVz9YyTV9ZTSBzKmjKwy4+s+tNok2Gh5OG2oFGdFgew9UL4+MTyZKtHqh1Ia8vsTgadV17gGoBdghERm8ddknOMD2jtGKQh8HZVhJDZ63FiBqMn6i3vJrOFBmOzTb9htcTLDpGqYEQVeeCiHckxCjb2wWOXlEJskzCuG7+YkK38GHJZ/s5WJFCrINTQNd7Q1zakmESQSFVs+S2qPjajllEGyNFXfFDNL+jdxU7DCE8OnvU2RcyrS7XvEDNSPIrKVAKTwem5VB/NnKXj34SB5X2FRq2XQlFMfMINoDPsUJ8Q==
+soy.			86400	IN	NSEC	spa. NS DS RRSIG NSEC
+soy.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . fovPSMAp70m0G7g6YfIEyMXUhXTAPPDeu5q8wo4tRNXOYhMcn0cM3rQ0u+oscSs07fZvCAwdrld9eZbmCYmK137HBDRm3D0NN6Ny6tcKbQl1ZjGzA9k9qTnEkC2HO3WL4kwYR+Ftw/2kB3FhXxMD1AQYUyDC2SHbDT18C2IVUdMJsXOZXjADmsvNjTqgzbOc7SeidlovRHbMupJKRYU1WyMvut8k3nd4FFR0yMBni0m2gGJzS7FFPQ5P/btwsnckWD7+Oi+DkCnHeWkqF8V6khrgXXlyZsedHIuNg1j1LACEfJAzfLZls2FtW+4fZgVGwNRnJFcl8WWP56braQ/0Yg==
+spa.			172800	IN	NS	a0.nic.spa.
+spa.			172800	IN	NS	a2.nic.spa.
+spa.			172800	IN	NS	b0.nic.spa.
+spa.			172800	IN	NS	c0.nic.spa.
+spa.			86400	IN	DS	11881 8 2 5F494F6958801E119D309BF6CD627C42D1FD04055703AEAAC2C2D1B98DB00B97
+spa.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . JV83N8k2o5xSGgyOJoX9pbkl1tkZSj7Aex3k/DiRGGCLGsQXcm26aI9jhO+w5NXefmYudB8mymXUNzOCaEOnwM7GiHyd63IeFMfc2MG3oworHsceQlL9Az7/ueoW45TL76lq2/7LkCwqvw/kv8+/hmH+sKzj7D89glQjwIuywWqG2Fja3S4YqJPVjTAeJPk7ZAbS7jq5VQBpGS0PzeNrUQIELPHc3A3lcMiJDzVPg/3kncp+o+ZI/UsIrLhYJr0PKoJ0yOSGQnBgypRlgtAYH6EoVAP7/T4BZue1S3rjIDzOcaJc5Bb5w6rsJhcku7YGf8xEa0/txhWwNeP8Dhxb6g==
+spa.			86400	IN	NSEC	space. NS DS RRSIG NSEC
+spa.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . ly1L05jgr/hYIDQ0FN1692WEI4LdaIk90w/ajLQkojHxTGVxh79cF6MYRwNdiU4S6VwleSdWDJHb8tvC36Z/p7XXVqfn4dbKRcnuzhc5JrIFcZrM4QZbRqPAqACRtcarrREbE1dHWMEg2bQ4TRKBu9JUWOfvRoZybMI6dK76cvuGoudR+NiLFVerE6sNCe/tfWWeIjwXcivvbhBFRa8++hf1hhgU/0Z4nuKua5kh961bazxEb+64lQOrXKFVOHa3j193hpS3LPHmFfRalurkqJA6bHC1N21pBCZxPJ3BmB4RgwgmzE7E6LgmF94EAJqppLtjhXbRqDcCPqiwGXn95Q==
+a0.nic.spa.		172800	IN	A	65.22.48.17
+a0.nic.spa.		172800	IN	AAAA	2a01:8840:2e:0:0:0:0:17
+a2.nic.spa.		172800	IN	A	65.22.51.17
+a2.nic.spa.		172800	IN	AAAA	2a01:8840:31:0:0:0:0:17
+b0.nic.spa.		172800	IN	A	65.22.49.17
+b0.nic.spa.		172800	IN	AAAA	2a01:8840:2f:0:0:0:0:17
+c0.nic.spa.		172800	IN	A	65.22.50.17
+c0.nic.spa.		172800	IN	AAAA	2a01:8840:30:0:0:0:0:17
+space.			172800	IN	NS	a.nic.space.
+space.			172800	IN	NS	b.nic.space.
+space.			172800	IN	NS	e.nic.space.
+space.			172800	IN	NS	f.nic.space.
+space.			86400	IN	DS	44251 8 1 36ACB68B734DFE465CC1112F9DAC08B8B66627CC
+space.			86400	IN	DS	44251 8 2 A82D8ED2B07D66D6E7AF375E0E44B22A82F4479AD45F5D8E1859DF6FC170E67C
+space.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . ocsXH9mCjMzKJjjlBAgqIrM3GHd0032Fvgzdy6azF9wQvrGS2JI7SC54kWfPHXBR1Jl6RixyyaWbf/0frnLf8RSTnKJec3X7q7OXNHqauKJvncNcDN3PZhz9mdHmrECVbWSyV/92tQ1GSCekUcj5YyU7Oh7C08iFNQBfs9PRQxtqKWpsTwGptk43QRO1S/53AnfH2oa1241fLZMW/cJwvgAdUAymBpyO36g/r07P5iP5GNJwWY0VDLgFfhM6WOOrdjeYwZ5EHSM1TczWDfGfdzYQCrkQiB6BHngbPhl1p3DKMxi0aNVjH7ZOL1p+iS/AAS4UOATT+47xPcUoy+b8+Q==
+space.			86400	IN	NSEC	sport. NS DS RRSIG NSEC
+space.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . Xw3txiSESHQUlqnHLHPhcCba5aEy/7P4+aR3igw/CvSWx/nfRA8zFf4pWCsLMo3qOEjkhMl5KNFs+rv+jCf3ZuLFf2U8+jPSlXTvFoNKguLJC913DN68tdAeHA3tpLwkHetbIXSKCS7CGirBWUDgRgfiP2xg26WpiL9xwr1slrLp9X7zzDZmuIuOfDL09OL7gDNQrmxSZrzhlFtW3COvXcaHlxoKhue5ocydpDb+CJ5flMvhU0zkWo0ZhwPS8TGTFSkSjL1yOEhrJ7ZWmKefn5InSEh/xmGvR9HqdUofeFi/PQCMDUOFCgV1EFI/GkYF7Y2JBFjvLuXephqvI7aRTw==
+a.nic.space.		172800	IN	A	194.169.218.51
+a.nic.space.		172800	IN	AAAA	2001:67c:13cc:0:0:0:1:51
+b.nic.space.		172800	IN	A	185.24.64.51
+b.nic.space.		172800	IN	AAAA	2a04:2b00:13cc:0:0:0:1:51
+e.nic.space.		172800	IN	A	212.18.248.51
+e.nic.space.		172800	IN	AAAA	2a04:2b00:13ee:0:0:0:0:51
+f.nic.space.		172800	IN	A	212.18.249.51
+f.nic.space.		172800	IN	AAAA	2a04:2b00:13ff:0:0:0:0:51
+sport.			172800	IN	NS	anycast9.irondns.net.
+sport.			172800	IN	NS	anycast10.irondns.net.
+sport.			172800	IN	NS	anycast23.irondns.net.
+sport.			172800	IN	NS	anycast24.irondns.net.
+sport.			86400	IN	DS	32491 10 2 3B39ADB8057A67441E2B11FDD23417E52F7F5B17E134F12027B3C382535972DA
+sport.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . kgaGvIW/iQQalXdJClddGYaWARTgyPgMQMOoXhUuD7gBpZGusu+JjNJLx3CaNTWeVkCf739/J0nAKauAuiSlRVgKD8uVAghbxHyz8LoOUMIfT3NAMOC8ptocI30v1WOPYBgZFr9KMXbJW+O0MuvpjgGx6fYmOtwzUbnSgKh5fU2KRNcKUMKTPRPYxm3oGIttCSPWzv1r32FcYqS/TQuGrEAl5oFjbJ3iELRmXhD5axPoBUc+uN5PvQ0FAc+6xPQEOZs5ARcxmwoP6U5Q18pxXWRKZ8SwuJnqKcQ2f0kuOq6embDnMQzkzBPssHw1Hpwmi/JPuHjWP03+tofdJHlZ8g==
+sport.			86400	IN	NSEC	spot. NS DS RRSIG NSEC
+sport.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . yFIEzQV7EPjTyqzhy1p/mmLNv8sP9UzD0drQ8oqLUd39t/oHaBGXEXmoFZU8X6cp9K7cH9jrKY+CyIiIWkunQm8XvbZZP5K2icQUwtNezTBpN04+nY0VvNWdS9h3w1PkuJdN3RCClex2IjYI9fzjb2F1hGEcXCkcFsuC9dyjV5uZ1OuVfisct1zEHt8MtgcBS7MwCs4XHccHml0y+5y5UFV7RD9/Enepfq+CTw9bPesmaAtjz1VMQMVKWBEFI5uDa0jxim6NzPX283cwxv1gFjgI2zcSsqqLwIKC/ZqlvskiR3Z7DT11vSF3w82qraEe2mVGFCvuq4cxnn82HAKC3A==
+spot.			172800	IN	NS	dns1.nic.spot.
+spot.			172800	IN	NS	dns2.nic.spot.
+spot.			172800	IN	NS	dns3.nic.spot.
+spot.			172800	IN	NS	dns4.nic.spot.
+spot.			172800	IN	NS	dnsa.nic.spot.
+spot.			172800	IN	NS	dnsb.nic.spot.
+spot.			172800	IN	NS	dnsc.nic.spot.
+spot.			172800	IN	NS	dnsd.nic.spot.
+spot.			86400	IN	DS	59827 8 2 116C15183E96A172850B479253520C519CFC0D28BE0F3154DF01298E1BFC1CC2
+spot.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . dzwVqLs+ggm24dLI9ILxHRRI51Se9GKekFVx8PrkR2zoa9x3ikWGG350vh9Vq+Yo6ThASF6ZdfrictmyHuTp9kSGla5aSwiLsUq6z2dGnu53F9YlQUytezXCxEUenT/P1bq5o5+wrOqK75j63SJt/oVKtLlr/0eF1i//AisbVd2c7/HjLAHL0F9lBeOkN5FWWJg7Fhq2xzoSidEh1JpHf242LPKzpyMJkcwFVjNgmAOzE4nlXKkH1E50MJGxASBr0R5WmSBWjJ1omposL2kCizfbJJnpgvOTs7kyOih4RKjc398VrZwu84D+juhdq470Jw3O9DxsA7KmNudc7l1Clg==
+spot.			86400	IN	NSEC	sr. NS DS RRSIG NSEC
+spot.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . lM4Oz8n1Ui6prpHFXsUoZwwyq1liz2INiBCODO+7s9em/zn6N0IqIuW3hLdkCJBlQBlydGxdznmsfpksfoEq+Y9G3at1Fb4+lnO0skmRR7RM+SUxewXPZqdfKVEoKAiJRZFqABh4sGbNW8cCUSHb4pTP4wBKr2S+DuwKM/yOjE7I3KulFpiiHLEYWDt8a4XKPw7fqA1hWVHAWgMdQnwUoDhn4j0AwG++/N3Znl1JXY4lNp/u0yrKg/7x11091WnZbWwB2rjBl4nex5RiXoLXDU6HG6dfe5iaOF5tYV4oqC+nTSo9wNRJKjOtAt0ZqGgGyZrkN31JR/eQjrl0M3nIOg==
+dns1.nic.spot.		172800	IN	A	213.248.218.82
+dns1.nic.spot.		172800	IN	AAAA	2a01:618:402:0:0:0:0:82
+dns2.nic.spot.		172800	IN	A	103.49.82.82
+dns2.nic.spot.		172800	IN	AAAA	2401:fd80:402:0:0:0:0:82
+dns3.nic.spot.		172800	IN	A	213.248.222.82
+dns3.nic.spot.		172800	IN	AAAA	2a01:618:406:0:0:0:0:82
+dns4.nic.spot.		172800	IN	A	43.230.50.82
+dns4.nic.spot.		172800	IN	AAAA	2401:fd80:406:0:0:0:0:82
+dnsa.nic.spot.		172800	IN	A	156.154.100.3
+dnsa.nic.spot.		172800	IN	AAAA	2001:502:ad09:0:0:0:0:3
+dnsb.nic.spot.		172800	IN	A	156.154.101.3
+dnsb.nic.spot.		172800	IN	AAAA	2001:502:2eda:0:0:0:0:3
+dnsc.nic.spot.		172800	IN	A	156.154.102.3
+dnsc.nic.spot.		172800	IN	AAAA	2610:a1:1009:0:0:0:0:3
+dnsd.nic.spot.		172800	IN	A	156.154.103.3
+dnsd.nic.spot.		172800	IN	AAAA	2610:a1:1010:0:0:0:0:3
+sr.			172800	IN	NS	ns1.sr.net.
+sr.			172800	IN	NS	ns2.sr.net.
+sr.			86400	IN	NSEC	srl. NS RRSIG NSEC
+sr.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . AC7N64qG7dAKeyxGjuSSXrBon2ZlZ9FknCtFXW8zABC2Vr/+n8SRTvrUv8/r0VP1cUf1igcppXE/2RtkCXZvwJcucEBOgeIofmEey87Gj064fUtMa4JyD6OR3GdwN6g50lyzEjIhUlZtnmcHv8xjXW6/Y8jLwzywfV1W1UvGS3Yl4gB+sgxSj8ATbPipkpkOC3CzSkhjnqCzNX3B/ZQac4Pdon4aOf3Of0yCSyGKL7Y+UBsN2gsYLV1u2XfTczZgjHsliLxmfF7fvnrTtfu9XV0kgUpAjuNMt4VMOzIekGy9cqyn5YSqyNHR8w9vMngfjwQqjMFmlycFusmk2Hteaw==
+srl.			172800	IN	NS	a0.nic.srl.
+srl.			172800	IN	NS	a2.nic.srl.
+srl.			172800	IN	NS	b0.nic.srl.
+srl.			172800	IN	NS	c0.nic.srl.
+srl.			86400	IN	DS	33382 8 2 8414F09570E69F8FF6099EF53136AA4304A85FE21BCB1F65E937AF7C5E5133CD
+srl.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . uqr5Jh4tEFz1ItFZK+U4n99Qg9w6jbjvnh79W0GV+bdxm4mgNonEu2KVV7D/TfFkXRN/iuOaKb0sVsJnlKvZFlsQfPpdlbHNbVRkC+yKBh2c4s+1xL7eAQABRV5f/15X4MOv4mE9bdRFta3cYu+MbomdIIeOBqjybHqSmA6Bw35wYkw8IrI/LY3cnrYXuoJ8OJ0wVTpmD0mtrxV4dEAg6DjV6aw7QcViBBYnSuzwCtrTXNhrWDPTfYAMU6I2KLfrHGlbVQugNqVsYzHJaTnjwqgTu8vahYn7j/ljNGOH4DaUoW0hIf+S9wR0YgGF/B4o4x/EFu2cq8WTigewmUoUAQ==
+srl.			86400	IN	NSEC	ss. NS DS RRSIG NSEC
+srl.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . GK7Yp9TfLslto5oZ1srRG2SuGdxVzDEAiXmjQdnaYKwhi6gj5soD7h6SRZ2+VbKe11vVcSq9XX7gd5YBtr8J1QY+JhD4FkmPbEz/ZwDBVJuVvKEnuth+E6wzzTxzFeF04OtuhxvG4Lw4N5KL4aQEi+JE6x2OoMU1zFSHHwflx7UoIPBlQdkiLRsXSiNK/P84yKDkWggAEKdvYP57kzqpU+/efVkJpkpv8mbVcwExA03MmqTT8Pt+AJ13VrHGnObh1UBF/jJRjkI28DMbwgL2U527B1UcPuaAOsiAwWZzE/XjwPRw9T3e3GWoYv+zzwSX99+lzZ3avJXtnqPGMgqOow==
+a0.nic.srl.		172800	IN	A	65.22.80.33
+a0.nic.srl.		172800	IN	AAAA	2a01:8840:4e:0:0:0:0:33
+a2.nic.srl.		172800	IN	A	65.22.83.33
+a2.nic.srl.		172800	IN	AAAA	2a01:8840:51:0:0:0:0:33
+b0.nic.srl.		172800	IN	A	65.22.81.33
+b0.nic.srl.		172800	IN	AAAA	2a01:8840:4f:0:0:0:0:33
+c0.nic.srl.		172800	IN	A	65.22.82.33
+c0.nic.srl.		172800	IN	AAAA	2a01:8840:50:0:0:0:0:33
+ss.			172800	IN	NS	b.ns.tznic.or.tz.
+ss.			172800	IN	NS	pch.nic.ss.
+ss.			172800	IN	NS	ns-ss.afrinic.net.
+ss.			172800	IN	NS	ssnic.anycastdns.cz.
+ss.			86400	IN	DS	43817 8 1 65FB691DA6EB488ED99195E7609837F787EAFC4A
+ss.			86400	IN	DS	43817 8 2 F85D36A2E056FF8CBB8DC79C748E4EC1E862C4F739891F9595669AA3384A252D
+ss.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . IfssLaAPDn6XzQVI4EjDdrVJWlkihuns6QZwlfGwdF5oR4eowJINCdWNhco+524xPRfe1nzWwUAugzsLpj3zvp4peG/HGWP0ucHhLSVpmaLG/HcvvqGSVzGkvgOyfdbKOvct8aV6H9QK3nr+z3dDyunl2LBiU9CY7fvfF6lGTctJWfJxwXyPEg+msX340o/kKRuqVJNjIiiyzvhFUlPXuSlAWsreSY1v4tgCJG6yUvY+QMJc10BhCMwWu3mSZcqgOEMLVEoVcPlZoyE5gyEgYG5vmm+fk6I9J+OwK5wYVw7C9rqt8stUNQFiIpxoQJVRLS8D7ms9kvQHt4HDLDoghA==
+ss.			86400	IN	NSEC	st. NS DS RRSIG NSEC
+ss.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . U9xsIZANfIozURgpjN3TaK37kfnPiOTMUsV6FlCd7VqceidDzD9B3SV/0sc8t+s9TqhHwqCAZsk+ajJkhm9nRjkv9fORaipELiDotKWZsPGseMbSNWk7PqRys1A+UmcdmuIMQMDsIYoyUjMPTDQeLlkUQ3yCq0/DyMJdR8s0JFmtIvnXi1946HZXwmmazoHfHP/kpVNEChncuvuB2EGcGvkt9vVWsUVmIaSUKyuj+3ZzZ3ZKfN9bH/0ksbn3c5gu1/3UubLbRpK5PAEVIlCiVzx4AFXv9h0w05CuPkhgMnbTNI2PquJan3RbGeC9L+3d7SF5R2rUwZhOjTvlTI4NjA==
+pch.nic.ss.		172800	IN	A	204.61.216.130
+pch.nic.ss.		172800	IN	AAAA	2001:500:14:6130:ad:0:0:1
+st.			172800	IN	NS	ns1.bahnhof.net.
+st.			172800	IN	NS	dns-st.bahnhof.net.
+st.			172800	IN	NS	west-2.dns-us.st.
+st.			172800	IN	NS	southeast-2.dns-au.st.
+st.			86400	IN	NSEC	stada. NS RRSIG NSEC
+st.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . XNic1ySWzXvvDxCqtxZdtBQk7c2XHe2YpNdhWjLZC/dq34jPrgA9MILO4HJr06LPsmPA38Z16l1PndnJhQ0h8jIspTHv6f1ixc+SQj4YA2DmDMklv1W5JrBis6rCUNk9Bj2qDXW2BA4ROD+WzF4bRiCh/8OGlOLQ6fkE9hvJpGRjQyT9CeGiYWI8IqQQBUBhoPaFEdgV/OPtWoGPDbfZal1s5WzcL3i8nJsI5byxeSxkadBuITNxzkOBv+p0Gnw6qqIG8LpsUVljIfoSnaGDRoGKtGjAFyHgw3mfqbXEYtCBBSS50dlugZ5zr8iSehq5ZAjJplb1PFfYjJfyHywt2w==
+southeast-2.dns-au.st.	172800	IN	A	52.63.82.137
+southeast-2.dns-au.st.	172800	IN	AAAA	2406:da1c:306:4700:d0cf:a4f8:f1c7:249e
+west-2.dns-us.st.	172800	IN	A	34.218.33.231
+west-2.dns-us.st.	172800	IN	AAAA	2600:1f14:15:cb00:c08f:baeb:bf79:c730
+stada.			172800	IN	NS	a0.nic.stada.
+stada.			172800	IN	NS	a2.nic.stada.
+stada.			172800	IN	NS	b0.nic.stada.
+stada.			172800	IN	NS	c0.nic.stada.
+stada.			86400	IN	DS	10585 8 2 0BDB59EF7DB2DBDD103CF1CDA4ECBDDD6BEFC6F4D074EF177311FC3358C14941
+stada.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . lWOFiegIjr4bIbWF+JiUa1DaHi3ozQE7F4uj1hpDpGDUPYHkdusqXoSSRcJf1JuO1qOP3CxfmKPGQfnlkMSUd1B+Px/s7/CCyKUq/6x53tERpo3KbBBULv8xTuFJVS6WYmkrxdhYQycT6C1wT8nkOFeyaMYCdh6Y8hgir8DiDxJsAi/dEbLkWtdL58PA9App2Q2AY5WNzeul33XgQ9TIdClZUxjLi4iNQrsYEp5j38mevT713K1yACYsykCjYwJYFnKKPrWo2v1HsaR/UpolhdF/LCkNMBcu4qyGj0hSMdeWVf735sPkieo5ulTs7afa3vScjHbcQomK9bZoiep2Tg==
+stada.			86400	IN	NSEC	staples. NS DS RRSIG NSEC
+stada.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . Yetg3sY/g5V+5mu9wG+n9pDthCI2tfjM/pzQ6qbufgeX8TH0rtjPTe7gz90p/FegIyBBlikTzQRSvo1MB86wjaJn5hvrm1nHJUlVSu4+SxtU5Rp7kAkGXWgmL4PVSmOuCU+JtVl3ZpxG50jYUo101iUx/VtyA3q53IDebCQeCPrxW7BDOiOklzMcaz2IE9YNQOdpwqHZTWzip3hmuNWWqvfz8+hoRScp9tMIcQ9M7InX863Rl2NY6i9/ff2As61eqBTyweJG1XiRJ18FWCETxSTQ4RE5+LmcA69ZbV8rct0+GPsIBbdTBk7iSoCJzkhirtP7gnIitWUKDzG63IsRQw==
+a0.nic.stada.		172800	IN	A	65.22.156.25
+a0.nic.stada.		172800	IN	AAAA	2a01:8840:9a:0:0:0:0:25
+a2.nic.stada.		172800	IN	A	65.22.159.25
+a2.nic.stada.		172800	IN	AAAA	2a01:8840:9d:0:0:0:0:25
+b0.nic.stada.		172800	IN	A	65.22.157.25
+b0.nic.stada.		172800	IN	AAAA	2a01:8840:9b:0:0:0:0:25
+c0.nic.stada.		172800	IN	A	65.22.158.25
+c0.nic.stada.		172800	IN	AAAA	2a01:8840:9c:0:0:0:0:25
+staples.		172800	IN	NS	a.nic.staples.
+staples.		172800	IN	NS	b.nic.staples.
+staples.		172800	IN	NS	c.nic.staples.
+staples.		172800	IN	NS	ns1.dns.nic.staples.
+staples.		172800	IN	NS	ns2.dns.nic.staples.
+staples.		172800	IN	NS	ns3.dns.nic.staples.
+staples.		86400	IN	DS	23296 8 2 EC6E9A376B2A1274D837A25381DFB539F1404EADA456C15B7258074517BDDDD8
+staples.		86400	IN	DS	35455 8 2 632AF1F936FB38D84FCED84EAACE443D47D287F3346E8CD4C456D8DB70EFCF72
+staples.		86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . g4kAJSUnphsdFOco5+KjLMFIe4gFu/6jbt7kGkZ/q+zXMaI/uy69bzlGM0f1ZuklrgvO/KynqQhElolVcXOOAEL2YkRKfpc9NFSNt+B1iRGE063BfaCrQlPeA+NRKP3GbzuVFyb0TzKJY2ryA7jqM+vELDjYblJvr9JklUigOVdXD2lX0y3s9EJ22xOh0SJ66ULeCTfoApZVHk3GCvE7nPy/OtMPepZeiSD0hY6LA8hMlmSmVBGm60kF8fhpHet643hz0ZlYl2bbXRf9DklXPVNjOfs6ZpnIm48a1d81fg7UpQD+OF0LpmSIWTavLBqGDwcsYPAJFqikJPxVXHeVZw==
+staples.		86400	IN	NSEC	star. NS DS RRSIG NSEC
+staples.		86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . JPi0G+3/kTFSrvXaVtnwVlE91Jk7ITCEjOK0iCtbulTmSW4+p2EF5BrUkKXr0mGE1Z+09SwnoTFmxUfeY7Xlr0BYL6V1FOZwmeTqzLRMAyisiWQ29rKTvMgdzdL7w/WBoLepnZcz+ZEm8GnD884wbKxRrRC1n+MBO3J0ZxLubtNvkInY8nCUgyco9imD7CdW3fqrcicjbnCK7Wdv+nMtgiUD+Sg7aGc7Ng7loXhJRsbx3faZ+Hs2Xw4mdsLv5bEYpJOaS07TJ2IyiyCkaZpSdRYOul2KkFpDdGPPD8KCU5wopyw2PhaI63wGFmhJjdsQpJBmTh8bA+nKqmt85HrJQg==
+a.nic.staples.		172800	IN	A	37.209.192.9
+a.nic.staples.		172800	IN	AAAA	2001:dcd:1:0:0:0:0:9
+b.nic.staples.		172800	IN	A	37.209.194.9
+b.nic.staples.		172800	IN	AAAA	2001:dcd:2:0:0:0:0:9
+c.nic.staples.		172800	IN	A	37.209.196.9
+c.nic.staples.		172800	IN	AAAA	2001:dcd:3:0:0:0:0:9
+ns1.dns.nic.staples.	172800	IN	A	156.154.169.79
+ns1.dns.nic.staples.	172800	IN	AAAA	2610:a1:1071:0:0:0:1:4f
+ns2.dns.nic.staples.	172800	IN	A	156.154.170.79
+ns2.dns.nic.staples.	172800	IN	AAAA	2610:a1:1072:0:0:0:1:4f
+ns3.dns.nic.staples.	172800	IN	A	156.154.171.79
+ns3.dns.nic.staples.	172800	IN	AAAA	2610:a1:1073:0:0:0:1:4f
+star.			172800	IN	NS	a0.nic.star.
+star.			172800	IN	NS	a2.nic.star.
+star.			172800	IN	NS	b0.nic.star.
+star.			172800	IN	NS	c0.nic.star.
+star.			86400	IN	DS	59872 8 2 306C152BC34676BF135928882FC21C5702BF37C893F71D4DF51E3A84AD6B62E1
+star.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . NBA0vdBa3WVramM3g479MOceejUEtg4rGRrIQCRh1W/pQp1XSaBRak+w+v9U4icPGUoGGk7mwh4xRbuYkjBZI1yg5iBuLXlnsjC2k4xBhx7xwflf/NjVr2nhGoU/R9Zr8V19fp5CJMDabcAxw2PDeledJOOlyiAhT5QLAvJfDc93dLxvNH6kBpu3APUPANpickHHS2ouZfh76LgympYT4d9wv5bLra4oaSlfHQaRm0c6akq6aGR6MjPBJnkrXzsG7HGH5QUn8VJgG+g2yQ14BNt9yaEDienCTpae+M8hj9oO3Cns6dk1vL5ffr9t6nBqXyUUl6alBypKKSmIv/C3IQ==
+star.			86400	IN	NSEC	statebank. NS DS RRSIG NSEC
+star.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . qAyy7z4a1SC3j/QesXuCuB/SEDt+K19oiMLja8fc1slb5CiHwu319uM7dJ1rpGFOu99xai1raH1uk+rwxAiieUzrqT++F6KroNE3oBBTUw8NQ3GIImc6Rpv26GZxDB8DUbHjn/6/XHzUMPkpb3gn883MKuR4myXEaela8evsZzv/ilVEo7tZAKfxaNWceYDuBvobAwgNLkKINaGCoTkE+4I/PYldfsYp7JjV1kgpV+QLlfy6o/uGy/5Pm0dA0pFOXVRUKRll60obgwOKKUZzusX4F5MbyykG5VuEvwcXOwEWiM1AklNmi3LfCgEs4RZsaawr3fzPyeXP32HC/UDn9Q==
+a0.nic.star.		172800	IN	A	65.22.56.9
+a0.nic.star.		172800	IN	AAAA	2a01:8840:36:0:0:0:0:9
+a2.nic.star.		172800	IN	A	65.22.59.9
+a2.nic.star.		172800	IN	AAAA	2a01:8840:39:0:0:0:0:9
+b0.nic.star.		172800	IN	A	65.22.57.9
+b0.nic.star.		172800	IN	AAAA	2a01:8840:37:0:0:0:0:9
+c0.nic.star.		172800	IN	A	65.22.58.9
+c0.nic.star.		172800	IN	AAAA	2a01:8840:38:0:0:0:0:9
+statebank.		172800	IN	NS	a0.nic.statebank.
+statebank.		172800	IN	NS	a2.nic.statebank.
+statebank.		172800	IN	NS	b0.nic.statebank.
+statebank.		172800	IN	NS	c0.nic.statebank.
+statebank.		86400	IN	DS	6556 8 2 CEF021E759C80743AC2B871F39DB1AAC7BFB542244B74EBD5C98776F5D4D844A
+statebank.		86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . cJm/O+BmBdt28svFPr1GZ4gQ5F9HhY3Oonlxes/ERZsEhK4CSrA/LanqK47nwF1+oTScz7i9WWikK0YWyGeujOQOVcVDd6buJQWtuGO9MDtbbIU5XVkC1h7bt/AnAFTUQIyUuxwjvx1YhNUuPun4N3alboOuzu0D/1VBtQSFeaZ9+FzeEVbSto7o9bbNF4PXJpZO2SJqjFznXRXMXhvkl+So0nSpbvspfdvDTDEM/pQjCLcKDHj9ESm/iiM8QeVB78Wp2RGwc6wTP3ksggaqKmTEo5gIiYovonTKGfyuIAWHMsfzhzSX3zcZ3rn6YEBOI9ZjLxyuSwZNwFT5UromcQ==
+statebank.		86400	IN	NSEC	statefarm. NS DS RRSIG NSEC
+statebank.		86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . aSFcrCqfrjsDadvOQySFi5DhubrQ3CaqSWugVLLjRjdCqH0EuSAAgCBWrUpjYA1fnSR50htKpi0GaNjKRySCUJv6rfTXalSzvHSLJQHmTex4XB0JC4+DXc7VcQnj/2RrMwlM7+r02GBP8RjmZgR0QwcjG+aSUMty3CuBNJuwZobx2W/USG03oqJipFt4VIMnXAMOJpQSHkufjTo0JuK+vRvYi5Ge56Q3D5Op6qPUBUVcMI+amq9yfgAhNtOoWScME0n4TgX14+llpTgFWLGcqnxhp9riDWDZZAL5K8HPTaFCVNyqZwaP70KQc8koIn+k4V1du1wXbpqN1aDugM3Pig==
+a0.nic.statebank.	172800	IN	A	65.22.176.1
+a0.nic.statebank.	172800	IN	AAAA	2a01:8840:aa:0:0:0:0:1
+a2.nic.statebank.	172800	IN	A	65.22.179.1
+a2.nic.statebank.	172800	IN	AAAA	2a01:8840:ad:0:0:0:0:1
+b0.nic.statebank.	172800	IN	A	65.22.177.1
+b0.nic.statebank.	172800	IN	AAAA	2a01:8840:ab:0:0:0:0:1
+c0.nic.statebank.	172800	IN	A	65.22.178.1
+c0.nic.statebank.	172800	IN	AAAA	2a01:8840:ac:0:0:0:0:1
+statefarm.		172800	IN	NS	a.nic.statefarm.
+statefarm.		172800	IN	NS	b.nic.statefarm.
+statefarm.		172800	IN	NS	c.nic.statefarm.
+statefarm.		172800	IN	NS	ns1.dns.nic.statefarm.
+statefarm.		172800	IN	NS	ns2.dns.nic.statefarm.
+statefarm.		172800	IN	NS	ns3.dns.nic.statefarm.
+statefarm.		86400	IN	DS	56986 8 2 F07E46D54C6AB0B5D79DA353CE0BF2F58446572728C2823AD964F6EC50B99AF5
+statefarm.		86400	IN	DS	64867 8 2 1ED8A8C0E5102A11CC8659D9D0543EA7EF5F44B63D553A4AA78D46D398FF5356
+statefarm.		86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . MfMV2EB4FHfejBHGkasVchJXftjblaauZ9OviYqf7PkhE8fYtQw6zodpzeeE78eL1rsushWFCsQqt4gkgJBJeb/e1tmY3evzx2n6YVGN6KlXN/SsPnVUmqgBOYv/saa5w7gdXPgHGVfpS/qxG05shQ0SbLP9Udtr1huQ744D9Q/Y7ewFqRB8V+Xq45dFbO1O94MD22eGs+kE/EfOKJVssENiCQlh0bRZxaOcUXPk9560SAjwZov5bRFbAzqaakbujRhQdjZ0Z7bPjZUEXh1gHtIdDrQ64gnHyQm04FG8lCdlqZrWKzcvM8rWqm/r43EKSkhNVoeRkQKHBOATtGcXUQ==
+statefarm.		86400	IN	NSEC	stc. NS DS RRSIG NSEC
+statefarm.		86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . rt11GKLkFRxPfjaRK5ZF3eU5eCr7Gu/0eXIaN81blz9EiB2ap/bsyD2CabLKe6bnR6bY/mhLglC6AsJ0KTuaCS0AYNRgwSUtohy1hNDR1m0fQr71GOua1tPPyGtyrxsk49XnhmR/E1/UHMRBUpvn4d7O2u4exmY6Dxw/GV6fjuFeOIQeK8zqaeoB6t+u4jC2JmmUtxLZg0NepQubd642I48s8F7SI5P8RmHc1/4vKaZLIN3g43VrHGYDBMGlvRlsGpowdV/W0OYRgzI16KC/rOlUb3UF4hwdHn7LlHAS/XjAVdFwj8Q3KTzL/jBFSr7yrrxP1XpCGNKKtwDzhYjF8w==
+a.nic.statefarm.	172800	IN	A	37.209.192.9
+a.nic.statefarm.	172800	IN	AAAA	2001:dcd:1:0:0:0:0:9
+b.nic.statefarm.	172800	IN	A	37.209.194.9
+b.nic.statefarm.	172800	IN	AAAA	2001:dcd:2:0:0:0:0:9
+c.nic.statefarm.	172800	IN	A	37.209.196.9
+c.nic.statefarm.	172800	IN	AAAA	2001:dcd:3:0:0:0:0:9
+ns1.dns.nic.statefarm.	172800	IN	A	156.154.144.154
+ns1.dns.nic.statefarm.	172800	IN	AAAA	2610:a1:1071:0:0:0:0:9a
+ns2.dns.nic.statefarm.	172800	IN	A	156.154.145.154
+ns2.dns.nic.statefarm.	172800	IN	AAAA	2610:a1:1072:0:0:0:0:9a
+ns3.dns.nic.statefarm.	172800	IN	A	156.154.159.154
+ns3.dns.nic.statefarm.	172800	IN	AAAA	2610:a1:1073:0:0:0:0:9a
+stc.			172800	IN	NS	a.nic.stc.
+stc.			172800	IN	NS	b.nic.stc.
+stc.			172800	IN	NS	c.nic.stc.
+stc.			172800	IN	NS	d.nic.stc.
+stc.			86400	IN	DS	42226 8 1 8956D12E91DC98337231BA5B16F75AD766051947
+stc.			86400	IN	DS	42226 8 2 79A9D1A91D2DD8F3BCA16221E6FF11E7E5E852E63D0C3756F6E73F94296B12AB
+stc.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . mL8F/GjNvG9UjfpbAX0MaLHUmzxD9+uoa5is7yWQrDW2QB0Sn9EpXddnVulFO+GScgj2TCz3dJEUPLQA/RKnwuiWr8lc54Dnx+7X3i8YOIvqFUVPnOgUgBpYntYnMmG2WhDFCt0LgTF2UoAmdBHchrYpygkUqh973vwxrHKC3WYL+dNMT4ldvbLfp08j+vUfx2Zw42iiifMhevCi5mo6NoMgQtQcTUCFNlAmlyRCIF7cPBWSaYH6Kd6aM3GBJIwEfbS0jUsJAGVxZPt0ZVHoDjyohyxA3oyLquxXG8Twh8dqsP/XriLHkB4anNHKoJzUijsxKMt9EQBjNWz9j2Ye6A==
+stc.			86400	IN	NSEC	stcgroup. NS DS RRSIG NSEC
+stc.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . X1FUgP//LFS7YpM5CvofoY1b0O7lSd0//qyrR0R6OLax84imWVu+Krc2W4hbpDTjQA2xKRtDXXXW/DDZcpAtOEyU8JqoyWWQ1RDO+I3NScyyo1X/qfyhKIrKE01ScFVpi3YYr4JHhYZ/uc2IScMcYnMO1OkL1xh/1MizRq0iy/5pfWJhGBsQweDwsfD5nBISUTfn6czYWQCsxEEJ+4p0uUhav9Hu6V4jipiFIoGgqQw9fI825diOxQKHa6iGVSymZkfGgQ/vEzcNOODsBU0VLY9QRqGFrLpMw1javmGuwO1XvOH1DQuqYE4V8UYE6SEhmRq1L7jaasdPyZDQI3Jxpg==
+a.nic.stc.		172800	IN	A	194.169.218.29
+a.nic.stc.		172800	IN	AAAA	2001:67c:13cc:0:0:0:1:29
+b.nic.stc.		172800	IN	A	185.24.64.29
+b.nic.stc.		172800	IN	AAAA	2a04:2b00:13cc:0:0:0:1:29
+c.nic.stc.		172800	IN	A	212.18.248.29
+c.nic.stc.		172800	IN	AAAA	2a04:2b00:13ee:0:0:0:0:29
+d.nic.stc.		172800	IN	A	212.18.249.29
+d.nic.stc.		172800	IN	AAAA	2a04:2b00:13ff:0:0:0:0:29
+stcgroup.		172800	IN	NS	a.nic.stcgroup.
+stcgroup.		172800	IN	NS	b.nic.stcgroup.
+stcgroup.		172800	IN	NS	c.nic.stcgroup.
+stcgroup.		172800	IN	NS	d.nic.stcgroup.
+stcgroup.		86400	IN	DS	63781 8 1 B6FD1903A8AABAF134A517661DA8B7F1687F334B
+stcgroup.		86400	IN	DS	63781 8 2 5A2C21B0D982A47EF075DCCA0378175E917E9BCA8128E4FFD52E31F627F29151
+stcgroup.		86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . pnChU1Qvi8C325YaxKOmEJ7ECKzv2kw912LzJydSBFZ/vDs6BqTLPLLbF4Spmz4uW1f6S5n7btql9NDZiJ9EjJFbEFb1ZRELhdWm9h9Y/Y+tLWF+1GrHPIpYVmLBjfzCiT4Y1h9aD6g7TuaqiJ6J42kVNIrZ3rs8uwi7y+U4fqdsPZz/tc8tHG7tRS2PEb2ZiFj9ltxymVyWjlQYoXhYglGxdDEiT3XMGrgbnc2JYgmoNDLfE8wdqwmRO9reU9aDpohbUZjS70Mwmx/JlzBHuwim2+mtv8x4iM8FEoV45ceYOWvE7w8ID03BMktC4aiqkR8fIoDxpvSC2yeehdyihQ==
+stcgroup.		86400	IN	NSEC	stockholm. NS DS RRSIG NSEC
+stcgroup.		86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . SSEPQXxVGAWPD7jtB0E3lvB6DtU7gu2MbJ14QzBCYOaUCz+DrOAWni890MwKv/IuPyD49D5XLRE4UOju1WwD1cvC9P0gDGY5yp0q8Fz3kO9WO+mHTaqqN/1jSsL5YLrj1DHWabboSD8ikoxaSWoRwz43Ize3iw1QjeSqYSe1ZNcJlc7YLaksELDtXvKkHS881VRWrbZc+nTaK/MPNMgyd09gjcnhHg3vZFd6y7enb1AEJGi0jAcqtM20cH9662QOXPmg3fkDbBFFynWgKR12Aquk4DX+QsWx/I2xGxVS/5/co9EuRggXYofIEgjFKR8gBHUYbh7G1eUoxisYgianTw==
+a.nic.stcgroup.		172800	IN	A	194.169.218.46
+a.nic.stcgroup.		172800	IN	AAAA	2001:67c:13cc:0:0:0:1:46
+b.nic.stcgroup.		172800	IN	A	185.24.64.46
+b.nic.stcgroup.		172800	IN	AAAA	2a04:2b00:13cc:0:0:0:1:46
+c.nic.stcgroup.		172800	IN	A	212.18.248.46
+c.nic.stcgroup.		172800	IN	AAAA	2a04:2b00:13ee:0:0:0:0:46
+d.nic.stcgroup.		172800	IN	A	212.18.249.46
+d.nic.stcgroup.		172800	IN	AAAA	2a04:2b00:13ff:0:0:0:0:46
+stockholm.		172800	IN	NS	a0.nic.stockholm.
+stockholm.		172800	IN	NS	a2.nic.stockholm.
+stockholm.		172800	IN	NS	b0.nic.stockholm.
+stockholm.		172800	IN	NS	c0.nic.stockholm.
+stockholm.		86400	IN	DS	28681 8 2 CD787970D0A7DE33BC49589FB72D41BDE6DB32C4470C93C170EB8F2D25978128
+stockholm.		86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . dISUkz33dobmaNVcLpMJ1qkpR2tCplu7sMv8tEvfIF6w3zie1hhSife5w40axbeoFvc6dL64pkg1mXlN4TdyC5UdVZIjBsPdlO7QoLn/H4q51DG9wQ8XXORyF2KN2bw5Aoy1ZjB92WRAIGcnrqWdUI7OUWawkwOtczxt186C8smzO2mL0bn6yfProOxTOwMrQx1RHA0I2Gdu04TTa8xCOTMCBu4Q93nFcnx3IduzEpYtw7EoYNen3FPQc6RKXwUghtljd5v+OLfb4Bnc6Qkl64Vs3Qnv/MhCYl8bWXqYdZgl6JxUF8usds8gU7IHgs54PeDmEGv+xrQzKpxOEG8xzQ==
+stockholm.		86400	IN	NSEC	storage. NS DS RRSIG NSEC
+stockholm.		86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . M7AhkGQzciObp2NuiUrxaZhjGVxa6l9OB37mJNMFolqVaJvGj8dLLGGuaFX8xOXiJIRlBArCAUCYo9n4K9P3reqhKPJsP9zH+J3gvTTaF0tO0pXzfReY4xKMWhpWpRl65LCJ1FJAt9ExDJwWzkrjeGXPy0EfzeO3eufM6Y/hve1ajM3n+8+a8Yex0tP6Uza8KM3sGCwamGZQ41svTWE7J3hAjTxJGPnJiWjZvR+HejTTwN04u/udySgmpLEAgCyz59WAsYXIWCcw5XAwfmZmT7go2x3FD7H/uVLHtvsukmNUndDeggyA5vuXhZLUFQEyRIvDmb1WUUIhG8uhcDohBg==
+a0.nic.stockholm.	172800	IN	A	65.22.220.41
+a0.nic.stockholm.	172800	IN	AAAA	2a01:8840:d6:0:0:0:0:41
+a2.nic.stockholm.	172800	IN	A	65.22.223.41
+a2.nic.stockholm.	172800	IN	AAAA	2a01:8840:d9:0:0:0:0:41
+b0.nic.stockholm.	172800	IN	A	65.22.221.41
+b0.nic.stockholm.	172800	IN	AAAA	2a01:8840:d7:0:0:0:0:41
+c0.nic.stockholm.	172800	IN	A	65.22.222.41
+c0.nic.stockholm.	172800	IN	AAAA	2a01:8840:d8:0:0:0:0:41
+storage.		172800	IN	NS	a.nic.storage.
+storage.		172800	IN	NS	b.nic.storage.
+storage.		172800	IN	NS	c.nic.storage.
+storage.		172800	IN	NS	d.nic.storage.
+storage.		86400	IN	DS	50476 7 1 AD942D7FAEF7C429FEE5497A67162643E96E1841
+storage.		86400	IN	DS	50476 7 2 BF2260B22C8C9630DC3E5CE22130C4FB97EDD6B27805A05F8F526B951B465156
+storage.		86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . a5iG4gnj4O0bp5VOgjFTOnHqpiEI4K9ANQd8HNEr38z6KcAfjglb+tMg7Ye/3jKGigkvPC5cjrSRxa6K8KuH4jvOPiCB7wlvNVtIl++5igHIGL2q7S17P6JLGrNb033Fij7BfNxlH2mt/g+VgvNMR1e4QZ8vJ46zu8ozCnHa1rQQrBdQiz5brz1AEQ3rs5jCyyMqfNNVvzXZRhXLHV3KiD96xg9M5xFs5Lw9VeVGsvtpGk0iokcnUY9NjqKR8iRRKY098LBEKgairLxS3/oFNDkgYDMrIxnXu/hxF9Y/ciK06T+q7oLylKDUnIZNJqFdCTKt/tn73TI5DWMpU+4exA==
+storage.		86400	IN	NSEC	store. NS DS RRSIG NSEC
+storage.		86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . UzSIYIEpW/bwMNEJmLgwPhwfWyJbwkH8eDYgPp4OPngOhKbjuHDudNWh1uBEXeMSyQ895yJLslfSUJHnemNiaGBKQKG9gSmG8KSwZG6JKfO5kNhsAy/IwQfMbT1ffv/iVBRyKumM14DF9gtPyAF8mt/uyHSeQUgnV5c02KFSThZk1TYYHwEtP+1E8lNZCDtK9FRerqlZxqJ8v2qTCjCbaMORfEQJEIpvKBC+Rs+PbVSXoBPcUNnzAem2QaSYe1Bgryl3CMjVpVhqOfEsPRhueddMw9HMj/Q0+42eb2dPS5Bwc0/ocuEpRCzJdvRz6AkSuWw6oCTyXMWp3iGos0k6NQ==
+a.nic.storage.		172800	IN	A	194.169.218.55
+a.nic.storage.		172800	IN	AAAA	2001:67c:13cc:0:0:0:1:55
+b.nic.storage.		172800	IN	A	185.24.64.55
+b.nic.storage.		172800	IN	AAAA	2a04:2b00:13cc:0:0:0:1:55
+c.nic.storage.		172800	IN	A	212.18.248.55
+c.nic.storage.		172800	IN	AAAA	2a04:2b00:13ee:0:0:0:0:55
+d.nic.storage.		172800	IN	A	212.18.249.55
+d.nic.storage.		172800	IN	AAAA	2a04:2b00:13ff:0:0:0:0:55
+store.			172800	IN	NS	a.nic.store.
+store.			172800	IN	NS	b.nic.store.
+store.			172800	IN	NS	e.nic.store.
+store.			172800	IN	NS	f.nic.store.
+store.			86400	IN	DS	16342 8 1 C6D41FB11396E2B908BD82ADD46457DAA960EC23
+store.			86400	IN	DS	16342 8 2 E59827295E51C4F46D5208ED454BCD78DD6FFA49F01BD203B24E1380AA535675
+store.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . RWRs1JkuaCPdrVo5Kfp8VYs+z69BOc1qCKQfMWdR8FFlZ0YZoSRcDtWVP0BTTYPjP9T9tWci8Bnc8qt37VnODHyZV7iA84jsAslxHHrsld8s71Nx53BevW5hlJrGN2R1ljdNHnFIFmU37NIAtox3WN3EEPq5HkgS4XZ/oyCfUohuUKEXRdT25rEp/i7VaWvH1dqlJxoeatmo2STauau08kihdmGGAPSow/DhTtPW4QXyvWn4p90pvdJkZgVFjpaAUKI621mM/F9Lc8eMyoZ4SlzhQlnwLeWxlPi9uN1dGtNGWm7nG/GSVJ0gmHa4l8mjNWEmSfPtYbpNHq/CeUknXw==
+store.			86400	IN	NSEC	stream. NS DS RRSIG NSEC
+store.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . fyUPwR1UwAK7UHnGimT0jaVyNpJw1g4OmVKJwL+VAiU+pfJc4x5gYbHOeBf+9Y/2ohcpxZwxXZcf+uTaVms5kmV7IBt8ZlXmjqMPmDzOnA2qkOmSKIUj0mDfW+AezMXrO98rY9MiafwQow22M3X65qZN8HzPM1oxQNajbUjN/gKwCUxgr9C8BnTIFn/dsqBzrM9tSsL1LR+1NAMB7Y+BX9c2CfUdI+yGZRAFCRZMbTPVF8MBuX78dtGLXbmzUS9lVWRHF7FLhAYkCuE/ATR3L60WnWBUmRjjNlfClVonYIwLNVBbSo5bIH7euiGHERM8FVXLzZlHsYAAxIII70MG0Q==
+a.nic.store.		172800	IN	A	194.169.218.45
+a.nic.store.		172800	IN	AAAA	2001:67c:13cc:0:0:0:1:45
+b.nic.store.		172800	IN	A	185.24.64.45
+b.nic.store.		172800	IN	AAAA	2a04:2b00:13cc:0:0:0:1:45
+e.nic.store.		172800	IN	A	212.18.248.45
+e.nic.store.		172800	IN	AAAA	2a04:2b00:13ee:0:0:0:0:45
+f.nic.store.		172800	IN	A	212.18.249.45
+f.nic.store.		172800	IN	AAAA	2a04:2b00:13ff:0:0:0:0:45
+stream.			172800	IN	NS	a.nic.stream.
+stream.			172800	IN	NS	b.nic.stream.
+stream.			172800	IN	NS	c.nic.stream.
+stream.			172800	IN	NS	ns1.dns.nic.stream.
+stream.			172800	IN	NS	ns2.dns.nic.stream.
+stream.			172800	IN	NS	ns3.dns.nic.stream.
+stream.			86400	IN	DS	5689 8 2 6B26A93E218E96C47E1E3984823BDE21105BFEB4EA6D0CD82E144E24D5D2A0E0
+stream.			86400	IN	DS	31735 8 2 B6A0AC51C5711A40B336884EA349544E664814376C82CF270336799225A7FD99
+stream.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . nWdPuBlJEXvAGDLEKP71sZCkMgSotiY9vsyk4UdsoBb3nZCRIhp5+bQNk0p+OquCyyIn9O8x8KkVzaev8GehH54efNpdNvZetXaUNXFNvfNl8k5+V11dBnEsyFcoyixnOOaEZnzWI5tDTxyN6I0KbodKESlcAqvqjLX5kjLob3ZprhDlkMUTGn/LdVwBgX3tam3yFozqD8QPJnP58bkw1SYtk3JkoLaQm2NKwMXXxErSzJdwkHfXcxvbjIdxL2LvC6mAbIbi1Id/BIBYeKoSK3u3g73yOTVqTEYBQo/mLQGpWOZNr75PaDx2FFaIHUOP26WZhAeeMGT+p/C6zcIdbw==
+stream.			86400	IN	NSEC	studio. NS DS RRSIG NSEC
+stream.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . SMmEyhlctP1WUlT294d3xulbdhE2J2IqJ3wIpiGqZ25x93aZqBClOr1cflGhN5Ts587YTn9lacRty30Zpp9qviv7tyR1TxpOKvSRqtqdph2YPJjBUl2VCpB1jUuvkvkndSaWga9XZ37VuArF1lUA7v1PkSBoKnm9P9KG/qPTgERfItaft/cTDF9XPP2zhdfBhxTf7/3FpjPagN1PDhVj5BF1NMwoxZSQwVn7Gn7ou6NdUkmCYAaG9DsWotNTPIcdEp1YgMB2lnAf0JIKZasDEfAw+PW1bcNAL1pFmT7bHnXWZDhSifkfdsFNosdckHB3Dwljny3FcISBd8uM1rBigA==
+a.nic.stream.		172800	IN	A	37.209.192.10
+a.nic.stream.		172800	IN	AAAA	2001:dcd:1:0:0:0:0:10
+b.nic.stream.		172800	IN	A	37.209.194.10
+b.nic.stream.		172800	IN	AAAA	2001:dcd:2:0:0:0:0:10
+c.nic.stream.		172800	IN	A	37.209.196.10
+c.nic.stream.		172800	IN	AAAA	2001:dcd:3:0:0:0:0:10
+ns1.dns.nic.stream.	172800	IN	A	156.154.169.50
+ns1.dns.nic.stream.	172800	IN	AAAA	2610:a1:1071:0:0:0:1:32
+ns2.dns.nic.stream.	172800	IN	A	156.154.170.50
+ns2.dns.nic.stream.	172800	IN	AAAA	2610:a1:1072:0:0:0:1:32
+ns3.dns.nic.stream.	172800	IN	A	156.154.171.50
+ns3.dns.nic.stream.	172800	IN	AAAA	2610:a1:1073:0:0:0:1:32
+studio.			172800	IN	NS	v0n0.nic.studio.
+studio.			172800	IN	NS	v0n1.nic.studio.
+studio.			172800	IN	NS	v0n2.nic.studio.
+studio.			172800	IN	NS	v0n3.nic.studio.
+studio.			172800	IN	NS	v2n0.nic.studio.
+studio.			172800	IN	NS	v2n1.nic.studio.
+studio.			86400	IN	DS	1354 8 2 D4289B105C9CB81D1EA631FE723A7DD3E9A52FB649B4A0A40C4890A9FAA62846
+studio.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . NmZxRnYjsj1HYEA9uJfde+cf7heFgDZJCmM+4ddEI4zNf30/S5o4AF99C23hMaucs2rox94A40Mv467zGYHuyQIz6wyHnCFE9MfPIxmXE5ouPIZrVhRAEPdZRHrRWXT+29n73IoX4iTW59zIUsW05hga9+xT3UjDYLcN4MaWsitwfRbn1nrZAHPyAGPSlNDsRvlCSF+a/kXHDJxu8Y+wUeVuVzAenKpmvrzRJDPNRM8O+HoEgnclZ126jc1LnhW/8KKVP2IuR8YB/OM456kuOdRhg9aktsoqL6LNS/QfECvk81XkNHEcapbF10g5/ukbLAGHSJ/c0AHOfv2KKxoLOg==
+studio.			86400	IN	NSEC	study. NS DS RRSIG NSEC
+studio.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . J8UQde8z05meu4mxMixx7ibI51Pqi0PmDwjKWlfR84/6SYqanRModYl/I5GfnfjaP0VR4jc7+Yq/5Nkiynygwdj/C7HRK5wJ8AtFBgbUCzqb/0LLpuQkxMytG4QtDP8akCz+E3sR6XAa5ZMyPsJfNOtwRiiACHwEU5OkyO6d4Fqec/Q5lxxcOosqIcKyu+UCg/VyQHJlMgH77bgwEOELnk/8ZNbCMdigEw95mvLek55J/RVT5q+crfXqNnFh4Q2+HPa4HBab6hTyt23AMS3TWDnJ+8Dr2ME6/1th7V+Cl7EJiwE+arAqUI372pe/yUVBzOFWfUPx6Q+PMX7Bn5GXBg==
+v0n0.nic.studio.	172800	IN	A	65.22.28.3
+v0n0.nic.studio.	172800	IN	AAAA	2a01:8840:1e:0:0:0:0:3
+v0n1.nic.studio.	172800	IN	A	65.22.29.3
+v0n1.nic.studio.	172800	IN	AAAA	2a01:8840:1f:0:0:0:0:3
+v0n2.nic.studio.	172800	IN	A	65.22.30.3
+v0n2.nic.studio.	172800	IN	AAAA	2a01:8840:20:0:0:0:0:3
+v0n3.nic.studio.	172800	IN	A	161.232.14.3
+v0n3.nic.studio.	172800	IN	AAAA	2a01:8840:f8:0:0:0:0:3
+v2n0.nic.studio.	172800	IN	A	65.22.31.3
+v2n0.nic.studio.	172800	IN	AAAA	2a01:8840:21:0:0:0:0:3
+v2n1.nic.studio.	172800	IN	A	161.232.15.3
+v2n1.nic.studio.	172800	IN	AAAA	2a01:8840:f9:0:0:0:0:3
+study.			172800	IN	NS	a.nic.study.
+study.			172800	IN	NS	b.nic.study.
+study.			172800	IN	NS	c.nic.study.
+study.			172800	IN	NS	x.nic.study.
+study.			172800	IN	NS	y.nic.study.
+study.			172800	IN	NS	z.nic.study.
+study.			86400	IN	DS	52297 8 2 D306E55CE201DDD1EA5FD896B2FA4389A25F3B9D71E2F91076B65552D421ACFF
+study.			86400	IN	DS	61795 8 2 4B9E5E4B221D060C3DA6B8CF0CBE64E526C00ED82CE0D634E52A22AB4D1602CB
+study.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . NgujvhHeBZj0UnzFzqYrZ/TdE5QffYTxogNG1OyNE+vfEEgRBhazeiyQH3vvdt+PrCZRBxVoP/+PedpxmByUpYT+y2hlyw13EgMLnjSC4gkOvy3W1ge3plgPzxSR1e+2KiL1As8Cgczwyf4063PfN39aPzhaj+XaePD2PIO/pBLlyiWiKOC7PVyqTI2MivmWSzDv29rBdMsl7M349egP739VJcVms+VbLskd1s5SJEGNSANBKUyxCABfAsyObOr7RFe3oqwWTA6kFoP1o9niNb2BydosqnblOX+Ei+2Yut+ll3AFljR/gErWN/gl1/ah4MEtL1oUL0UgSwUdyrPesA==
+study.			86400	IN	NSEC	style. NS DS RRSIG NSEC
+study.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . nrRxh/fCU88llD0Snp2kPhPyhpOgFDyOjul33bgG2b9MvhNdiQQEJOi+aHtPCl8wn1CmJNDDU7maOkelM59U5HGftf283OQ2Nk0HRZuNtMhte+W8VkdWlpuzClCEcz79TS1NeBzVr7z0kzL5DVjFY/4zmhbzd73UClCAjPnRhGFhXSCnjfDNBgxGtSNrHDuvnSAVtbR/jxe9DnilF+C6kOmw+qMn9sxisTLjtI+ACg0LJEdj2ElOe/X/woIQcnT0oXj/LNl4Hce5hOw2CrAwmUKuzhUqJteAsAyILtDWz1N3R74zk+Qj00dvnYIVQQe5AwL7pzBNXCcUsw0HrR26eA==
+a.nic.study.		172800	IN	A	37.209.192.10
+a.nic.study.		172800	IN	AAAA	2001:dcd:1:0:0:0:0:10
+b.nic.study.		172800	IN	A	37.209.194.10
+b.nic.study.		172800	IN	AAAA	2001:dcd:2:0:0:0:0:10
+c.nic.study.		172800	IN	A	37.209.196.10
+c.nic.study.		172800	IN	AAAA	2001:dcd:3:0:0:0:0:10
+x.nic.study.		172800	IN	A	156.154.172.82
+x.nic.study.		172800	IN	AAAA	2610:a1:1074:0:0:0:1:82
+y.nic.study.		172800	IN	A	156.154.173.82
+y.nic.study.		172800	IN	AAAA	2610:a1:1075:0:0:0:1:82
+z.nic.study.		172800	IN	A	156.154.174.82
+z.nic.study.		172800	IN	AAAA	2610:a1:1076:0:0:0:1:82
+style.			172800	IN	NS	v0n0.nic.style.
+style.			172800	IN	NS	v0n1.nic.style.
+style.			172800	IN	NS	v0n2.nic.style.
+style.			172800	IN	NS	v0n3.nic.style.
+style.			172800	IN	NS	v2n0.nic.style.
+style.			172800	IN	NS	v2n1.nic.style.
+style.			86400	IN	DS	64534 8 2 AE493C6907EAB77640DED4690AE2035A5A613D78EDCA8814F9314334E4C19943
+style.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . Dl3MC81xrxC+g+NTUkKaEGcqBqU+on3KJYub6ql5lY9SakbTqDRPuZKTJnbHDOwtgw/Ux0wiZn7zxVYH7z6PrVtrsHAYu0YRLrbp0WgEjdVGNe2Rke0ZujOIqDqykNDda23F3E1J3l/+4cuy4C0dfmn6dl3yHEa7ijS3FLK801DEkeYNVc5tSe2Of6Lnr6en0Kt98cYmtkvr7cUQqcOYAchOllQRj+mpq3/gabg4Zc6RQYLo702V1RjtAau1J5g1YSp5ngrU0VSzwd0bSURPdcX2PTw2Bu1oZMzakp6LX03K93BLbqQrm0YAkq4VLtyFJEaEmVlEmQVwpiJr5x4O4g==
+style.			86400	IN	NSEC	su. NS DS RRSIG NSEC
+style.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . V9XZ13iL6UmQ1PsHpSX6W2n4TddIqZUUysPkrAl88C5y/zZh0NXIvs6lSBo6AHkwTJyOUAOHlZA7kqgS8+7O5+igRNsmPKSqee2Z2VaxtDv+8zcWxeKW1N6scoxo91H6MoPcCbLY2Mw821MeTafjULLSjYmoOO1wRQuhSI03ei7U9Fx8x7U9Ah5H7jt7gwlGZX4pQiRzxEu3UUJNQC+eGhjdXrFfoLaD24f/9aiS8tCia77lI9/CQ6zfFgVEKNDuIhmyW3eTnLzHzvPHrzywfAuBmIj0vtri+r2MUil5dYKDzalDBXUUSwTwTTzq7gIsO46tDUiqy/BeoUSYVxauZA==
+v0n0.nic.style.		172800	IN	A	65.22.32.46
+v0n0.nic.style.		172800	IN	AAAA	2a01:8840:22:0:0:0:0:46
+v0n1.nic.style.		172800	IN	A	65.22.33.46
+v0n1.nic.style.		172800	IN	AAAA	2a01:8840:23:0:0:0:0:46
+v0n2.nic.style.		172800	IN	A	65.22.34.46
+v0n2.nic.style.		172800	IN	AAAA	2a01:8840:24:0:0:0:0:46
+v0n3.nic.style.		172800	IN	A	161.232.16.46
+v0n3.nic.style.		172800	IN	AAAA	2a01:8840:fa:0:0:0:0:46
+v2n0.nic.style.		172800	IN	A	65.22.35.46
+v2n0.nic.style.		172800	IN	AAAA	2a01:8840:25:0:0:0:0:46
+v2n1.nic.style.		172800	IN	A	161.232.17.46
+v2n1.nic.style.		172800	IN	AAAA	2a01:8840:fb:0:0:0:0:46
+su.			172800	IN	NS	a.dns.ripn.net.
+su.			172800	IN	NS	b.dns.ripn.net.
+su.			172800	IN	NS	d.dns.ripn.net.
+su.			172800	IN	NS	e.dns.ripn.net.
+su.			172800	IN	NS	f.dns.ripn.net.
+su.			86400	IN	DS	2074 8 2 9982CACC6DE539A854C63D5657960120D4367845CC64BE2999013BC28463C9F2
+su.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . ZtY1ExxZliynSfOIyZdUw2JR/SgghDgnVCHil/A6gO0hyZd0kaKrcR8CZGbRTelZ3tXxx9YKw+eYiaQB1il2cmlubA0aq/sBGLdZweSXGVDCPu4mcX6RrTAPGjDS8mf0WMNj7cMXZhxTBA5fDN72lfoCDz7s+nK/vH3dtBQIL+CVwLDbIOslJPJj2kLW/FqC6/OzOXA5BSME8Ph7ETm+GWDsz/tjQ6/LeNE+8EQlCXfL4uWjRpcVc8VJh6AeBVqAo10RdIE2pKo0eTAJPeW9gQr+LfMiz2UXJ7rxUiwmVliy7uXXp9rC8EMeRAhUVLjTnbb/fO9qZhDoWAfM8AzOsw==
+su.			86400	IN	NSEC	sucks. NS DS RRSIG NSEC
+su.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . Dzus8taaXlQ2yI3cnyBxwS474dWc65Gjg08XfLta3azpgDZ60erp4Je6WtXgEYPuVMqJeNyPNOl6z6vY2rASjrJIOhSSvFZi6Q24P3hkXkSF6H4n8AZnW4f1pLsCjTiVG3Ood0f6sk+6A2jhgLxn9kfEUTspbHRtTr/34gJ/qTzkolj3wk71tEZFe35JH6sVTA8rekVPgXuRT2aY/Zz9Fh6Q7sAGCwTBCPeT19k/fsKoAuhi9QsD1PO5wGbJqeNsZ6mDSxlRCQBFy0L1Fw6lNFiWs1ZrTRbsQ392Bvlb/C67kCnBERGTLY1eM9O5p6Shw0zRdOR2hPh7o5gwUs4ykw==
+sucks.			172800	IN	NS	a.nic.sucks.
+sucks.			172800	IN	NS	b.nic.sucks.
+sucks.			172800	IN	NS	c.nic.sucks.
+sucks.			172800	IN	NS	x.nic.sucks.
+sucks.			172800	IN	NS	y.nic.sucks.
+sucks.			172800	IN	NS	z.nic.sucks.
+sucks.			86400	IN	DS	33844 8 2 3BC39B543789DE80C38841624E4195136CC4CF04F47AB5A09D052998E9F374EC
+sucks.			86400	IN	DS	59257 8 2 0EB720A2C0284375766EFFEBD01EDD5255397BAFCCE4A8AAA46F0BF13FCA9A5B
+sucks.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . K2vdZ54EIYHanB6K6f6T9LcCuEl3edDemDDNfor55EJZcu6HrxoUJoIlrFx4NRC1rJ1pVhY4ekYcZvJQ7y6KlwH89MSMMN+zYnUm4q5+FKbcL34VZdqP+YUuyxh58xCws2xpjXVLFEBAdlbDvmB+hdS/IGY5NNgIhI0lJifmYbwkB01/OjaPHAHE4ljU4cvBfOn0+cSddnIbwuL3BiA3mqe/94Sr8pyipisaiV3/I/GaqaEi3RvSx6dfKe4RKj4Wbr/Rp/21CbVIeF9zF4TsnQeGvN9dzWLIu27H5NrBrQFAxkRRPyyRuwbs3Nv5MbxZ3DXPbA7v0iFNsmZuSvpZgQ==
+sucks.			86400	IN	NSEC	supplies. NS DS RRSIG NSEC
+sucks.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . wuGAfA5Xiz+P6ebYYdjLQrkjjaFMcV6kEFxT/VIKYvN4LaQK6OxKAyNe6HBPgbEcVII1UWWPN7QRGe/rixu6us0tkcfuSDJIzbDGfDUCPuL+GSkaa0zt2Vjx8wVmX7VNAKRE8KVyqNvgiB8+z48GOcD652qbr4cRvRqKc8Z1f5W4Z837eqhv9ZTp7yfkwx6BcV4iiO4Yz8FRCOPAvJN+nbdgfzkX+PyWQOXl49KwAaAdKfPhSR06vZRy9u9PCv/VzvGsGFEWY/MZ637wOwpU1523F+P5H47cTxESaiZBXXqEigPK0dJL79SNGFaz1DNQYfO0bF2H6F1/HneO0k0ohQ==
+a.nic.sucks.		172800	IN	A	37.209.192.10
+a.nic.sucks.		172800	IN	AAAA	2001:dcd:1:0:0:0:0:10
+b.nic.sucks.		172800	IN	A	37.209.194.10
+b.nic.sucks.		172800	IN	AAAA	2001:dcd:2:0:0:0:0:10
+c.nic.sucks.		172800	IN	A	37.209.196.10
+c.nic.sucks.		172800	IN	AAAA	2001:dcd:3:0:0:0:0:10
+x.nic.sucks.		172800	IN	A	156.154.172.82
+x.nic.sucks.		172800	IN	AAAA	2610:a1:1074:0:0:0:1:82
+y.nic.sucks.		172800	IN	A	156.154.173.82
+y.nic.sucks.		172800	IN	AAAA	2610:a1:1075:0:0:0:1:82
+z.nic.sucks.		172800	IN	A	156.154.174.82
+z.nic.sucks.		172800	IN	AAAA	2610:a1:1076:0:0:0:1:82
+supplies.		172800	IN	NS	v0n0.nic.supplies.
+supplies.		172800	IN	NS	v0n1.nic.supplies.
+supplies.		172800	IN	NS	v0n2.nic.supplies.
+supplies.		172800	IN	NS	v0n3.nic.supplies.
+supplies.		172800	IN	NS	v2n0.nic.supplies.
+supplies.		172800	IN	NS	v2n1.nic.supplies.
+supplies.		86400	IN	DS	10984 8 2 AC8AFF181900B2A9AC0736C0E254C3E847E240705467109B03CFC22839A30405
+supplies.		86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . RWN1I8CHnbC7YNxeQOSLbznFD3yXMRe5ynSA2Nss5VwAywiDtcdPJzCd9H8h3hvLbXiYlXTmYwXACr3gaYa4xrjGfRh8yiO4y0lxm0vOj4QCYlhjl7uqc361u+0aPH4Pp3zHR3z+hMSS+i9ZkrVG3AB05gLTfHT8y4xLsc2vLHdFgk3uyL92gd/+z4z+Tfn3PU8XGpr4VYWYGe1/7MZW/Ogqndhl56/S/t1V4dNAfvnvC0W0lMDRiaioUTDEiUMN5znsppNvy94S7lkLYkhR+BvZRFuKDUORhceZN6lSgius9jp5z+5tWbWSm2GeN7N/pXBCaV7WbXwnVImemcQpmQ==
+supplies.		86400	IN	NSEC	supply. NS DS RRSIG NSEC
+supplies.		86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . po/+Z6KF95G/SGJD6ik98CG0jx0/d4ORa1aYbN8O/Io4kihr0uTzcVilmnzaEKSQHkUxgQtYC4+hrTTTZ3ENnd8AuSuD3bGrjiQ8XHB+Td1Ygs63HpFlmUMawpGjr3FIfQSe7C1AC9GUjIf2+IJawf28OzqnY6VWN5oBBwPE/iCzDmyBOp7u3PB+5Y+iYJ/78UtNU/H+M1ESMDHBvGsE1d40uSbjVVC6Wmtqmm6mR4Ku4PEExYUpK2r+0qa2hInOuTBLP5nnxCs3dw8DIsKLfJHLei5dil/kmJtlazMIuDNpfkoDiPps4iRUnGGi+CsF6kylUEQHnkI1FBvpPhTJWA==
+v0n0.nic.supplies.	172800	IN	A	65.22.20.59
+v0n0.nic.supplies.	172800	IN	AAAA	2a01:8840:16:0:0:0:0:59
+v0n1.nic.supplies.	172800	IN	A	65.22.21.59
+v0n1.nic.supplies.	172800	IN	AAAA	2a01:8840:17:0:0:0:0:59
+v0n2.nic.supplies.	172800	IN	A	65.22.22.59
+v0n2.nic.supplies.	172800	IN	AAAA	2a01:8840:18:0:0:0:0:59
+v0n3.nic.supplies.	172800	IN	A	161.232.10.59
+v0n3.nic.supplies.	172800	IN	AAAA	2a01:8840:f4:0:0:0:0:59
+v2n0.nic.supplies.	172800	IN	A	65.22.23.59
+v2n0.nic.supplies.	172800	IN	AAAA	2a01:8840:19:0:0:0:0:59
+v2n1.nic.supplies.	172800	IN	A	161.232.11.59
+v2n1.nic.supplies.	172800	IN	AAAA	2a01:8840:f5:0:0:0:0:59
+supply.			172800	IN	NS	v0n0.nic.supply.
+supply.			172800	IN	NS	v0n1.nic.supply.
+supply.			172800	IN	NS	v0n2.nic.supply.
+supply.			172800	IN	NS	v0n3.nic.supply.
+supply.			172800	IN	NS	v2n0.nic.supply.
+supply.			172800	IN	NS	v2n1.nic.supply.
+supply.			86400	IN	DS	43957 8 2 81A7A79353C68FF3D449A1B307F82944686706043CFDE44F65B22B396FF9AC5E
+supply.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . VU3h2qR4JkeBqjVFJLRvZagTzBbyMvYChPnkh30igFRzlX7nHoFWoc//tsuJZzaMxBMiupzctRS1oiQ8hKwCxTS6V4J6rnelzma7gtJDm/eNgnZz+PYFG/p/evtjixaLyyJyO+yGgL8Y0hqi5CdmshwRcjSPG+66AzKGeUv4de5snMg+AjSN4JBLfsr+3CLmtbyZI0ApzAzAJx0kRpcm8yQ6UCjAjbFtG2PoIHjda27VbEiUcSVa2+Q2Y+mT18OP4gILl9Oy3vVf+4n1CGOJVf5BFhc7rQ/Fb94CoLkxeNpu00oDuVvxls5WDoZ0lXsb0araKp6fUMfvfFBWMCRYEA==
+supply.			86400	IN	NSEC	support. NS DS RRSIG NSEC
+supply.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . oC9gc2uslq3TZBczF8CxVwfYyBob1LkMni4TYNs027Hj044sPn4t0VwZfIrK9BZrwzMJUZHwX3G0nVI0MrNQ0yCN3vEjRmiOdzoU4z7jmgOvsFgWTuKLeBwdm5Trlj70KCB8vI7Pb+/+wxdSxufYWC1oMg5zcZLdQkOCXHHKzRmQDo3z+WzxNuhtvTpZ21Ne306LGyALUEUXFKGWbo8l3QD7mfjUcp5X5WPNJ6jvk2FcGVCxbw8ox51C/ssm4oQaUIkHXiiub/bzfOxttYxlenckKy9zBrRVI/gJi73MXYO7pLJgvh1QPWdKmvaxDlqcN8KjFcuwKe0CbdHOxYQ5vQ==
+v0n0.nic.supply.	172800	IN	A	65.22.24.52
+v0n0.nic.supply.	172800	IN	AAAA	2a01:8840:1a:0:0:0:0:52
+v0n1.nic.supply.	172800	IN	A	65.22.25.52
+v0n1.nic.supply.	172800	IN	AAAA	2a01:8840:1b:0:0:0:0:52
+v0n2.nic.supply.	172800	IN	A	65.22.26.52
+v0n2.nic.supply.	172800	IN	AAAA	2a01:8840:1c:0:0:0:0:52
+v0n3.nic.supply.	172800	IN	A	161.232.12.52
+v0n3.nic.supply.	172800	IN	AAAA	2a01:8840:f6:0:0:0:0:52
+v2n0.nic.supply.	172800	IN	A	65.22.27.52
+v2n0.nic.supply.	172800	IN	AAAA	2a01:8840:1d:0:0:0:0:52
+v2n1.nic.supply.	172800	IN	A	161.232.13.52
+v2n1.nic.supply.	172800	IN	AAAA	2a01:8840:f7:0:0:0:0:52
+support.		172800	IN	NS	v0n0.nic.support.
+support.		172800	IN	NS	v0n1.nic.support.
+support.		172800	IN	NS	v0n2.nic.support.
+support.		172800	IN	NS	v0n3.nic.support.
+support.		172800	IN	NS	v2n0.nic.support.
+support.		172800	IN	NS	v2n1.nic.support.
+support.		86400	IN	DS	59704 8 2 5C789108F88D370A56E1C616C42694A492FA0B3ED7CAFB7F9565777E1B85AD96
+support.		86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . mcYAcmdZLuonqjnfgrKfv92tVT8hEXkeHKjO3gOQxUdh3ZRVVJfRVOGCbsrW4XGX3z9qLXMwVRCPvievxOQN/wwlUxR/ZKDqNYTBW9bFStpr500LI+wfbZCCtbdvc2XuwlWy5S07jmBdCE1pHYA1jlV9xPLCNLExaGFA6CY1IuOeukGyLzluxveKnhenCnm4GUJo9eeahdJpjTlLfPH/YA5I5BzyRf56IuC0M4IX8J8J1xoeoZCi2rhwfCt417tKC+JdPyudtmR4OsnmImSDrGNCqEZuINyBN1UqL6HvUEU8kbRpzjCt9EdiGx4sBiY+kp56faaPH76+RQ7U/tN6lg==
+support.		86400	IN	NSEC	surf. NS DS RRSIG NSEC
+support.		86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . t3XV+1z2VXgZzULZHvMq8B3g99KzloqRauSYD8vwXobetlHDNAhDaMMi3jbbPba1T1r8v/IOilvGOzWmwk6Eb2h+h3jDysOwVqSaQVQTeApvM11ywSQKrA113yMsru/eUg2niO4OdPO7+cnv8kcOXbpDCRYHb3hdPDoOkvhV2AqNDOTsWcMUAzlrYiJ3dHbSVKXn86QbtyXQ+P/B1l2mmWqgB1rVQyu/A08EAnyE1DEqMqa7wvxlaWX3NW+le5Cl1CHMG7UtgcbmYme11mzyhN8rI4EdMhgsvLrpG3dCYRv+IBqC/k3uN9EY6OVu1YnBBuCpZJeapLQLToWgzg4/3g==
+v0n0.nic.support.	172800	IN	A	65.22.20.5
+v0n0.nic.support.	172800	IN	AAAA	2a01:8840:16:0:0:0:0:5
+v0n1.nic.support.	172800	IN	A	65.22.21.5
+v0n1.nic.support.	172800	IN	AAAA	2a01:8840:17:0:0:0:0:5
+v0n2.nic.support.	172800	IN	A	65.22.22.5
+v0n2.nic.support.	172800	IN	AAAA	2a01:8840:18:0:0:0:0:5
+v0n3.nic.support.	172800	IN	A	161.232.10.5
+v0n3.nic.support.	172800	IN	AAAA	2a01:8840:f4:0:0:0:0:5
+v2n0.nic.support.	172800	IN	A	65.22.23.5
+v2n0.nic.support.	172800	IN	AAAA	2a01:8840:19:0:0:0:0:5
+v2n1.nic.support.	172800	IN	A	161.232.11.5
+v2n1.nic.support.	172800	IN	AAAA	2a01:8840:f5:0:0:0:0:5
+surf.			172800	IN	NS	a.nic.surf.
+surf.			172800	IN	NS	b.nic.surf.
+surf.			172800	IN	NS	c.nic.surf.
+surf.			172800	IN	NS	x.nic.surf.
+surf.			172800	IN	NS	y.nic.surf.
+surf.			172800	IN	NS	z.nic.surf.
+surf.			86400	IN	DS	42349 8 2 F4D78E449D9BF4C11668DF78A7A3F5747797EF8DC5304270EF0574716C0C803C
+surf.			86400	IN	DS	54106 8 2 62E4B7017888F8EBE2231145A20D9378419290F0ABA9C5D561AFCBD1EC92D176
+surf.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . yA5vyHItIwuCfp9S8uFo1AjAXxY0vRzQqINB2r1i9PnOzC0IB3Fd8/POwG+6Xt6mBpYC/K1CpythpA/UwtQSIRLPQiZabaIi0keZIPVs24eaWHyiqnke0N1gjF3JRv1fZ4FWfCsOLfHVlv0owClrXrEKjZsvfwh0j/FtvvRrpmUdrhh6vh/54nAYgAh9e1A2qUgUPKVhaG0avH64TveJQEwGp5chNLO5kIebfB2ve5Ts/ZXQ/lg3PHIESgyGI97nz8s216KAcGX4R1HXqRPWDld7ZqEfZz5imqgwdgjgyL4QtnRuzz8/Suy1Z+I6AsP0eGgGnue1ypdLs15/KDEo5g==
+surf.			86400	IN	NSEC	surgery. NS DS RRSIG NSEC
+surf.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . tyjUzAeXWPi33hti0ERWHiQZu4JdaAoFzVh07q1s4SQaDioSTDb2GqKQBd70QhC0WADW10v7utnNNbW8I6ULD6u6RfX8vOQ3AGGogI6ZobpS/F9S0KZsleaCkp2ZRo3up+ZBQyd68MDygxNiwsiQqlbUZ5YbYlDzVLmsgPkfoQ3l8ZaOifYfavWDJEk98O+uSbMzED/KWESPgz5gdc9YTgOGwbJRqTUj9lsesS9hlc5z2BnEzuFptq22Ws0sm1x9Iz98ZdXhsopouPIeJ/FDy1SwXm5LCNxc+8ru1QYv/4Fm6ysjEbkDJ8pwHsgmo4UIl2YG+orzu84fIthPd6xG5A==
+a.nic.surf.		172800	IN	A	37.209.192.10
+a.nic.surf.		172800	IN	AAAA	2001:dcd:1:0:0:0:0:10
+b.nic.surf.		172800	IN	A	37.209.194.10
+b.nic.surf.		172800	IN	AAAA	2001:dcd:2:0:0:0:0:10
+c.nic.surf.		172800	IN	A	37.209.196.10
+c.nic.surf.		172800	IN	AAAA	2001:dcd:3:0:0:0:0:10
+x.nic.surf.		172800	IN	A	156.154.172.82
+x.nic.surf.		172800	IN	AAAA	2610:a1:1074:0:0:0:1:82
+y.nic.surf.		172800	IN	A	156.154.173.82
+y.nic.surf.		172800	IN	AAAA	2610:a1:1075:0:0:0:1:82
+z.nic.surf.		172800	IN	A	156.154.174.82
+z.nic.surf.		172800	IN	AAAA	2610:a1:1076:0:0:0:1:82
+surgery.		172800	IN	NS	v0n0.nic.surgery.
+surgery.		172800	IN	NS	v0n1.nic.surgery.
+surgery.		172800	IN	NS	v0n2.nic.surgery.
+surgery.		172800	IN	NS	v0n3.nic.surgery.
+surgery.		172800	IN	NS	v2n0.nic.surgery.
+surgery.		172800	IN	NS	v2n1.nic.surgery.
+surgery.		86400	IN	DS	23746 8 2 26E3F51A86C852653EF6B6FDD89566F7D9FAAB6985201274B0ABE95B530E400E
+surgery.		86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . DnVDkDFviLUW473CuGCQZT8I3uCiH6JGfVAJTA5hG+tZBUTfaHfAmpO4/rj4nJIy2eKkg174KNgf0MS0t69OXJ0Mg8H6wtSawP8+S8ZZozQhhBs6uk0ze5mygqJ9XpKlJTom1VOpvNu2GUhmjARWtXv4QepUVDC5fhGVddlI4Y3aGJ90oNqklAroroY65+C4K5vY1J+g7g/2NxvW3wCiN0nzwGzVD9jqX5i9haPJ1JZvLk8R/TnYCGOJaHn6xt6O0y7M7uVR0fSwf0mwqVTOwnC10BgBgCZUUGze8hQACzKeVd3wJIxIjAsP4992Krn2XE5gpOjmgAY/gEduMfbgIQ==
+surgery.		86400	IN	NSEC	suzuki. NS DS RRSIG NSEC
+surgery.		86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . NJAzL+2RFAzEaK6BDVISr4YiQTdergEMBva8Rlhr2VAhL8+l1kIZBtjyh8yWTBzciU3HMyi/yX8yT3snkR9frq0CpGaaSsmIjgEYiYaPGzzT3lk7/7xsFv+p857TUtYgeLqeaxgaggJUSWB0SbRD/3ZcWqTvGz1AOOPNxdPUoVU/an9fcQdEBai1YFt9oQpV0o12HBH0qhPw6tngi5jv42LlFLEIe6G96J3DCTZZZG1F9wNbiNwDThBayPTiI5jZd8xPYFmDgymhnWpUrOMLfNs08eiQTK/6r6FhewdhJ5QtUMTbP7JiY1MQAZ6zvnGrcG43U5f4f7NikFJM4SPjCw==
+v0n0.nic.surgery.	172800	IN	A	65.22.24.31
+v0n0.nic.surgery.	172800	IN	AAAA	2a01:8840:1a:0:0:0:0:31
+v0n1.nic.surgery.	172800	IN	A	65.22.25.31
+v0n1.nic.surgery.	172800	IN	AAAA	2a01:8840:1b:0:0:0:0:31
+v0n2.nic.surgery.	172800	IN	A	65.22.26.31
+v0n2.nic.surgery.	172800	IN	AAAA	2a01:8840:1c:0:0:0:0:31
+v0n3.nic.surgery.	172800	IN	A	161.232.12.31
+v0n3.nic.surgery.	172800	IN	AAAA	2a01:8840:f6:0:0:0:0:31
+v2n0.nic.surgery.	172800	IN	A	65.22.27.31
+v2n0.nic.surgery.	172800	IN	AAAA	2a01:8840:1d:0:0:0:0:31
+v2n1.nic.surgery.	172800	IN	A	161.232.13.31
+v2n1.nic.surgery.	172800	IN	AAAA	2a01:8840:f7:0:0:0:0:31
+suzuki.			172800	IN	NS	a.gmoregistry.net.
+suzuki.			172800	IN	NS	b.gmoregistry.net.
+suzuki.			172800	IN	NS	k.gmoregistry.net.
+suzuki.			172800	IN	NS	l.gmoregistry.net.
+suzuki.			86400	IN	DS	33941 8 2 DC04EAAE9D4E306EEC2A2D1EBD1F146B8E555FF28E0924EE22E36555AC44C386
+suzuki.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . RUTKQ+A0CZatKDkG4aH7jpy8TM9VHW/2aaKut+rMJP2NcmOlsr7bBQHguikVEC0EkyQRx2vomKkc5t0vCxvHKbVB09rg9SnkgI2Ijzj6JoWzFTUHr8XMCAi1BsitavUOumSZsIlP+xOV+17dyLLAsHMAqDh288QOYnWD11OekgBahOZmCFONqG8RtXSZP52p+WpvAulbQGcFzzXxkZD1W36jdCIWWFN1cDZ51Dq+ahn1GYzgo1dOes7zhJL/2ZbU2u/rqjruwMsuTlRJcNSkMgFe2O9s1UikJzLC2Dmnnrv2E7kZXgaRA52cbxZ6BiS/n3FtdSQPeDFNw5Tj/r/hWw==
+suzuki.			86400	IN	NSEC	sv. NS DS RRSIG NSEC
+suzuki.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . BdTLbuMecrFXIsQI5cZrVKC4yEUWWELEIjoR381ScK5U4Ab68whG6dy13lHb9MhPYt1TfFI1e/vFrzSjMIolha0bvCkWMX5lOZUNeuHXaN5n2x/ATm5axiUjoFvO+1ZqzFM4a5hh3E0O7J7dMfbGSGbDt88IaJlVi+SEBA8BA2LXbzFbCo1s/WDZIbFegSEZYH0VUIInezzwSMcK3iALKre6gXRMGOm7LlnMmKun31ZyciIkZ31p/uSbbYlSxn7Ajv1iVzWnsjoOx9rPVQ6G2nryt7HzEOWlTJ97+d4vfkRTd4ugqhwtdbzGrUjLM0exiBpbe8s3mbi0NDAE/171/Q==
+sv.			172800	IN	NS	a.lactld.org.
+sv.			172800	IN	NS	ns.dns.br.
+sv.			172800	IN	NS	sir.red.sv.
+sv.			172800	IN	NS	dns-ext.nic.cr.
+sv.			86400	IN	NSEC	swatch. NS RRSIG NSEC
+sv.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . dvlUHJnDW3x27SwsfvV6BznuwhW4W5DowULuh6b3zvIdSOKYTP3jHetOkEVic3+pGM+R3JoHvpMaKw0vg8Ujxs1/tZECKPtLHM6waVh5UsBrU6vvBJw6W+UEmJweTNeo6PWkMUZQoOGbxkRHTCoavu2vcMwZBTdsQM9hjvZYSNtD0Og1edZA4KP3p/spsyJr26fjSA803jaholltjNUZ1BjlFJ7zWb7t7m+xrtHDTpvmMFkAhgOzNlEv59hUuc6N9fQmXqz2HzLowGuXFItWc5ZWFW9gbRtmyhQVR+dlQ1H0ZCIubRtT1lTsBD/qgfRghCE0A4dJ85PaztWlscrcvQ==
+sir.red.sv.		172800	IN	A	131.100.140.162
+swatch.			172800	IN	NS	ac1.nstld.com.
+swatch.			172800	IN	NS	ac2.nstld.com.
+swatch.			172800	IN	NS	ac3.nstld.com.
+swatch.			172800	IN	NS	ac4.nstld.com.
+swatch.			86400	IN	DS	46125 8 2 F8F63257D53D748EAC6844C412A246DB125E330F646D32922FD947E9F6A1FAC2
+swatch.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . vTkDRgO3bIqT2AFpjm9BXMhqFNusqym+Lk7sbo3gsge0EAKbULGg6RQU0qjULlLRqG3hhP/lYUs47HqQQOmknoDzs5cIqXoAt/rswQKN82JiXxRjDexGVRAchsNYFQEtt5yj5TGJg0OVU/eXJoJyjKsRr7+iu+MtW13n1FFJI3SA/eQa8zJ38QjPi0plox2xf+cXYhbRo5ud++6YnIRTWbt3qDB2PDjlpGp9qmu6RjlisM4FusATZH7HekYlwXVMdf/60yTrVRZ8buRYxQhY33RaMLFWU+y1k1zvWkCpsbLGKU0H/sL53+C4mHgqdl+AHuk+BYXfuMAm24xfJiW6rw==
+swatch.			86400	IN	NSEC	swiss. NS DS RRSIG NSEC
+swatch.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . VPU0klyCizfqSgyAItgxXdlfNtK3CsHtB8PDgEsIHoEajJ6S9QvKaIHvN3pXIedShc8czZZBfpnLq9IjENMzHNQv/RsBpz6uRH8lo76QL9JwB2jBXGChDgCknC3j4AoJKs2Dpx4/WhtebhCV0aY9UQg7NrtxklnWd8wKB4OK/dPKW6dr2ElcYwNOxOGIpOkYD3LbXkE1mkbGZg9MWGJ7cLsiWfsVIQcdISML9FIhmXgLG0vyBFEK5owwJCefN8dbF7iHpLB+RLEMcIESAYh50QOwPrIhYwyfDHolt10FUL4LozH/leqcmxJcBWcL61HeJJmzwLCWRIJ4Yf8Ate4PKA==
+swiss.			172800	IN	NS	g.nic.swiss.
+swiss.			172800	IN	NS	u.nic.swiss.
+swiss.			172800	IN	NS	ns15.rcode0.net.
+swiss.			172800	IN	NS	anycast9.irondns.net.
+swiss.			172800	IN	NS	anycast10.irondns.net.
+swiss.			172800	IN	NS	anycast23.irondns.net.
+swiss.			172800	IN	NS	anycast24.irondns.net.
+swiss.			86400	IN	DS	16056 10 2 B974351F3624A85D4304C09A005203D8CBD8FF0D790095413B19C31538F1AE31
+swiss.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . lUKUe2hoh1VorSu8NZIQgLiMyMZss5hL6d2CsUfRfMlzqwVtOyDz4Kue4VNzhe/dGTNSmcqnTjX1WBZiIP2g0NbK5yjRfnjVlQRbKRD49L0c1FVy6QR56qGdnl1ZDKVuEdx8xXWIY2gIfgZSTzVlznKW51iEZr28R4yTpJX3MuXqHA9L6y/cU/O6QYMa3Rard0JBeKvgPLUKxhABAEgKXwOWBGr4n8zwcFzYHiAegZp+MON2BvZROvJjTFOGyqyuxhxXYPGEgdXo2wodCYFpWYkwgVZG/oXhC0bmtNibWUo+Pk04DwaYOIgCpg5kzYcnW8hxQyzVEN1kbWT9zad5nw==
+swiss.			86400	IN	NSEC	sx. NS DS RRSIG NSEC
+swiss.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . DRC6GFmKkQt+I3Qd3V8kNkoqmYFdYHcTm0kp0/RsJ5pY4pRZiKvgHTcLToDtM9rQ2bnweTHR0zlmI3MCZnx/Hb/tunPznLEjfY/MBJbNc3GitL2qQNgxTflH+WDmSuFGfknJtnREg7b38KPfjmjKcoS7eirQVYEgwod9L9g+5RquE3ls6FN1MeXK4oCNSOGxS0ccnBL77KYfgV7t/n7BMec/S0Ehimaje2PRgrm69gBkUcd1JgHTN0X0avC4FGHrHeBFwWSS1TR1X/0IftCVYLWq3rxgZXYNJkA3P9xFrNh8oMxgovZNOii9l6es9yIzOVBTVZ1Tn6JYDqUHa+dNXg==
+g.nic.swiss.		172800	IN	A	195.253.64.9
+g.nic.swiss.		172800	IN	AAAA	2a01:5b0:4:0:0:0:0:9
+u.nic.swiss.		172800	IN	A	195.253.65.9
+u.nic.swiss.		172800	IN	AAAA	2a01:5b0:5:0:0:0:0:9
+sx.			172800	IN	NS	ns1.ns.sx.
+sx.			172800	IN	NS	ns2.ns.sx.
+sx.			86400	IN	DS	34036 8 2 8FBC9761B3375B5A00AD9A7C0E1D22F7574C87EFBBCDD5249845A9778F876CE6
+sx.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . aDg6O7tFvlZAAssfRmoo49pLqdpfgb/iLoO+JCaGn9Zbt/93MBNG2aRRFaez2o9K5UliIYhKm8fcd0/jmvm8VE3LiaGP0XJMWwvvdNFU3p6LD8oK8VOjxAFKv4O8AzWy33tgOxfLzptdmqqUIe2QjCG5HlU9WEiU58MyTPFpP9Q+53+/zqABjVyV7zdFNScfhBy3IORKk3PA+4y52sLZsB44iANeFhUWlTxzOXuZtn/ktIdmVows+VdcgcY0IgPPyDiFiUrHW/ausxPVHcF1AeBn1eJTRyseilWzY1EFu0qVYuofNR7kBDs0Wrl4mkkjbrYshhnddxiqhCc88X4org==
+sx.			86400	IN	NSEC	sy. NS DS RRSIG NSEC
+sx.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . wQOKXezC/6BsBeGTbjF/wW+DVNZ1WsZ+L6wfqPHot4nb9dfOdYREU8GgyXTBMVvvQdYrOd5pZPL6KmzZh5/E9sGH2GkRY5FmeWp3jUY486Qb1vzSEaXGW7K7fSg0stlWhgAQWkuhd7VDI4kTlkkpOLpu3ByDPHGvMm0bkToycpF/LEIZqKQ4RDbni+PmvlvkfM0ShuM3cY43Olxp6k4T+VbN0XXEs6w3rbEBQctyXeGmkjibzjZMqv3+oAmyb6VFK57yewvYel5RDcUv/egciFGrvd+tjvcgG4SEbKF2jdgahkuIs59uuZtEUGyAd0JlYz788rr64TGBuQnZtDX7hA==
+ns1.ns.sx.		172800	IN	A	185.159.197.10
+ns1.ns.sx.		172800	IN	AAAA	2620:10a:80aa:0:0:0:0:10
+ns2.ns.sx.		172800	IN	A	185.159.198.10
+ns2.ns.sx.		172800	IN	AAAA	2620:10a:80ab:0:0:0:0:10
+sy.			172800	IN	NS	sy.cctld.authdns.ripe.net.
+sy.			172800	IN	NS	ns1.tld.sy.
+sy.			172800	IN	NS	pch.anycast.tld.sy.
+sy.			86400	IN	NSEC	sydney. NS RRSIG NSEC
+sy.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . QuBnlJdbW3nXr4YO3YwkaF4Q9TVYgauXl9aNJMke3XOw2lemCennQ7vbO1jufrpK+VTRjY+f5UziXk8mdsYyEk3a0KGrAZ11e9wscgiZFRXBWOEzwgkGefbSJjl2CbWQG5zz7ICkJqKq12dZYf7D5fUgXf5JZxmNNGYJGQ6JIx4Yzy/BmxXxmRSVKC8DTIsIlp8QIUY3fB+2bB7F8z0J9clTB1mIvJD8qVsopkelTGlAZq4rJmPVWaMyWzhBYQYv9ID3F0fFdG3MAFYBT7QCzVIjzlEK+JOymO1SBY67RWtGMopOFOChrbvXXfPz6iPr7EWJZy4sVDzWnjjAoAESJA==
+pch.anycast.tld.sy.	172800	IN	A	204.61.216.71
+pch.anycast.tld.sy.	172800	IN	AAAA	2001:500:14:6071:ad:0:0:1
+ns1.tld.sy.		172800	IN	A	82.137.200.85
+sydney.			172800	IN	NS	a.nic.sydney.
+sydney.			172800	IN	NS	b.nic.sydney.
+sydney.			172800	IN	NS	c.nic.sydney.
+sydney.			172800	IN	NS	x.nic.sydney.
+sydney.			172800	IN	NS	y.nic.sydney.
+sydney.			172800	IN	NS	z.nic.sydney.
+sydney.			86400	IN	DS	38014 8 2 A5CD19204CA09E64B3A91AA6BF40955E4B7553CF8F288B15D4CE93B4A0B428BE
+sydney.			86400	IN	DS	56155 8 2 6F8BEC880CB37266B04E5B34A8A61238404DDCA2AC3EFCFD47BF641E650D3D78
+sydney.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . k+twAquP0iX1VWVIlgEkle4mo791gsf0Kj+earWAlQd0JajDkUsMGDglIqd2xS0KZW3K+6h/TF30GNZ6ihDONKxq6O8Fey1SECySvAI1C/m0l+7AD93GLw+pwBkfZdIk0nV5WENPRCtl4CaJubjHup6DW1id77xnIWSPrzBSdAz2j4pXeQWddi2uJWvWN4SGPRHugpbuc8LJSMSxIDuVgfnAuLzMxPqKFSGpY2SReE5Bd6uDsUtKr95qyLP/H4Ao+NUzSz4BPuWGYxVnZA/q4/N2IQOPmKhMa6sj6O/rZf6hNZg6Ygt5Iif8lOA6uZCnQSj1dPmczMGul27UIMW8cQ==
+sydney.			86400	IN	NSEC	systems. NS DS RRSIG NSEC
+sydney.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . YBz97RFZe62jaxDvQBtGndmQD4ZFDw7bfWzq/gmYFzMVTzdOLM4130FYsG82zDH/92nWhbX4VFsMjKnXNpsF5SkLJaXMlrjJ5FAbG5MHiZ2073kmUOd1vg6YH+D4nq5ZFYiifdmvD1oQFZ/V7vWWFq6CLpVO7UVuyyQLr7pXDpr3yorFNJrqtWSqChTMwF63JmtoR10uxH7dn8XALsDJDTuYXbe/sDKvwtpRbFDYEB4Mltj/DVbXQyab8vdF4L/4uBcuNwjbDiVkvyPVJnOaus5XkX2nCeF9I5iDMufrznDD0m4IdETvayncK5V/QYzctMUJuKwch1WyFIDpwmg81A==
+a.nic.sydney.		172800	IN	A	37.209.192.10
+a.nic.sydney.		172800	IN	AAAA	2001:dcd:1:0:0:0:0:10
+b.nic.sydney.		172800	IN	A	37.209.194.10
+b.nic.sydney.		172800	IN	AAAA	2001:dcd:2:0:0:0:0:10
+c.nic.sydney.		172800	IN	A	37.209.196.10
+c.nic.sydney.		172800	IN	AAAA	2001:dcd:3:0:0:0:0:10
+x.nic.sydney.		172800	IN	A	156.154.172.82
+x.nic.sydney.		172800	IN	AAAA	2610:a1:1074:0:0:0:1:82
+y.nic.sydney.		172800	IN	A	156.154.173.82
+y.nic.sydney.		172800	IN	AAAA	2610:a1:1075:0:0:0:1:82
+z.nic.sydney.		172800	IN	A	156.154.174.82
+z.nic.sydney.		172800	IN	AAAA	2610:a1:1076:0:0:0:1:82
+systems.		172800	IN	NS	v0n0.nic.systems.
+systems.		172800	IN	NS	v0n1.nic.systems.
+systems.		172800	IN	NS	v0n2.nic.systems.
+systems.		172800	IN	NS	v0n3.nic.systems.
+systems.		172800	IN	NS	v2n0.nic.systems.
+systems.		172800	IN	NS	v2n1.nic.systems.
+systems.		86400	IN	DS	9634 8 2 A45F6041847622B7A24E0B41AEA1BBC2E618E952E2555206776295EDCC9EF77D
+systems.		86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . DxWqlpU7VIGfbCUfp7ZXN7oayXLE/6Rp+E69XvK6RjnBZ96NXW/PIsh48Ghyu8udvDTePwdD+LPG6lx/XQNksQ7HxHI0SHVcxLTwoBlw+VeL9Cebs7ndOUjA1zjPNs7GMCRJ8KdJwcbZxUheAQtEkOD8F0QxdvsyVpGeYhD79mo3+U2riheyh9j6Tgex01i8hPFnf8Y3PiuAf56VXToNhrWcQHQmRu1TdIS5WbZYnZJsq7APn+zAvMyPwk/S5q+x0DdwIvBfOl8Lwigh8Qg0BzLPS6EKsXMUTa1u4YpLrJT/BzPfaX5QcKSe6+8UUV62WLBYGtjoqu12INkKj+JjoA==
+systems.		86400	IN	NSEC	sz. NS DS RRSIG NSEC
+systems.		86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . Nn+xIhKm/I1zf2ZSFkV0djb/UCExhNEprqkaUwbi4U5YmEAoa+rFw8i3Ul/yGPywsAop/oWdKYXQgV5cvm+NsbBTNG6Y6PRZ5lDEOuDYyUYTECd17PKzHBlcnpF03kTwY3OGcJaHSJggiKHwKfphMCn9zbJ6G28b0qun9JmKR91Mf/yRiuLYM2pDumRtAY5pJ/N14tskj7jvt3dSrUr+ie4d2FySxUQQCCcVdDoaCW7Ni3s87eN92KT1d2HxHZqaTRVB0eDoWkyNGm28d9X+5Z/pwdLfTzCq8YfQC4KsquQR+2qFleeDIvHJoRrdi1vYUQcnaCuLslf2srTgNf9Q5Q==
+v0n0.nic.systems.	172800	IN	A	65.22.20.38
+v0n0.nic.systems.	172800	IN	AAAA	2a01:8840:16:0:0:0:0:38
+v0n1.nic.systems.	172800	IN	A	65.22.21.38
+v0n1.nic.systems.	172800	IN	AAAA	2a01:8840:17:0:0:0:0:38
+v0n2.nic.systems.	172800	IN	A	65.22.22.38
+v0n2.nic.systems.	172800	IN	AAAA	2a01:8840:18:0:0:0:0:38
+v0n3.nic.systems.	172800	IN	A	161.232.10.38
+v0n3.nic.systems.	172800	IN	AAAA	2a01:8840:f4:0:0:0:0:38
+v2n0.nic.systems.	172800	IN	A	65.22.23.38
+v2n0.nic.systems.	172800	IN	AAAA	2a01:8840:19:0:0:0:0:38
+v2n1.nic.systems.	172800	IN	A	161.232.11.38
+v2n1.nic.systems.	172800	IN	AAAA	2a01:8840:f5:0:0:0:0:38
+sz.			172800	IN	NS	sz.cctld.authdns.ripe.net.
+sz.			172800	IN	NS	ns1.sispa.org.sz.
+sz.			172800	IN	NS	rip.psg.com.
+sz.			86400	IN	NSEC	tab. NS RRSIG NSEC
+sz.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . ozlUy13uSHi6SwaYMLvNvfh+3XzNxkpQQAWrf34XUtVtF61IlKKVJN9mbLDjfzAxb9/sJEnMbNnjSYdSPCSvmnZsA+2hNuR71C+ZSUP5K2xyOELKIDL28T+cM9/cc1wOvLuxmKwCN5oKCLsJjsy24WSMHhRbXOdA7rVqa3A8NO+o7Gv9jIiOYIA5ty1+BNydOqUY6ayAgiOleClzFwAsnBGRARWEsZVyG3afJcjvYqIOOQeppXMy3+HHt6TjhxLY+Uv35uWJrMCFtXxt12JkgqDLtHncrvT1JJ1TEZPBeq07TAgTK5gnwQlSitLa/q7LzuBTSEcy0j8KsTtxlGfwzQ==
+ns1.sispa.org.sz.	172800	IN	A	41.77.232.4
+tab.			172800	IN	NS	a.nic.tab.
+tab.			172800	IN	NS	b.nic.tab.
+tab.			172800	IN	NS	c.nic.tab.
+tab.			172800	IN	NS	x.nic.tab.
+tab.			172800	IN	NS	y.nic.tab.
+tab.			172800	IN	NS	z.nic.tab.
+tab.			86400	IN	DS	12205 8 2 BF58E40EA4764E2E24254DCB7A365D90ACA26773209827EE0A41BE128CA1F977
+tab.			86400	IN	DS	43171 8 2 199DF3DE634CB26FBFD95EF9C9CB87C804B3D5DE44460A58EA80A49A57A90C9D
+tab.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . dS5Fh6rZ070aghsZLiACnk4USPavLfZv2SWkR+tEs4X1cBxtS0H91QfgqisDN0oDMu857DA0hlSbkfQOq6seGIXBlXSk7K51PNPwUrK1FtdjjCD5kWGcHG3fL7tWt63ykIVLAHGVt04zGcsyhu8E+OiPbkVlg4k4QO6DLKxBDD2knasRsKNCPJ1kGyvBWRVfhmqngJ+vXUeKVSvbo3r1OaiyJrjuxUi1DIKmF3DXXe2cMuM7tSZp8N8jFPmUVFoHgW66uMg6G+2XpOYkdAct8izQ4nHr29znf3W4UIYVrN7Ycis2MnlZrk4j9JL7F+XIWENf1UCvk7//Txb9t2jhWQ==
+tab.			86400	IN	NSEC	taipei. NS DS RRSIG NSEC
+tab.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . obcJ6GPZWoBczerBCSdDlz9n5buH6Q6G0QrNzspRWVJRadwkS/y2y04zPghbEgn792cwNQlYf6wCJApGGMb7S+N/hZPbqi1YNWVvifn0lXVmSW96hd6SOqLOrs396ud2TFievm621n54MyJtaoLKvc4++OCCCTrXJRbgvcq/f6sIntd2zS2Un7HKJy8fMVYQHp2PHTHiv23B/A0Xby5xDNS2itaPbZ5FO1BPf3D80RZpIkAA9qe2eSeIHC0LRCted2TtN65oWdutCN63OD1chjs8Ji/1qgH6a5nVD/uT0G2tTe1MhrI4mq1nAAXl9sOwDp899hrd13wFToXRXqFoDQ==
+a.nic.tab.		172800	IN	A	37.209.192.9
+a.nic.tab.		172800	IN	AAAA	2001:dcd:1:0:0:0:0:9
+b.nic.tab.		172800	IN	A	37.209.194.9
+b.nic.tab.		172800	IN	AAAA	2001:dcd:2:0:0:0:0:9
+c.nic.tab.		172800	IN	A	37.209.196.9
+c.nic.tab.		172800	IN	AAAA	2001:dcd:3:0:0:0:0:9
+x.nic.tab.		172800	IN	A	156.154.172.82
+x.nic.tab.		172800	IN	AAAA	2610:a1:1074:0:0:0:1:82
+y.nic.tab.		172800	IN	A	156.154.173.82
+y.nic.tab.		172800	IN	AAAA	2610:a1:1075:0:0:0:1:82
+z.nic.tab.		172800	IN	A	156.154.174.82
+z.nic.tab.		172800	IN	AAAA	2610:a1:1076:0:0:0:1:82
+taipei.			172800	IN	NS	a.nic.taipei.
+taipei.			172800	IN	NS	b.nic.taipei.
+taipei.			172800	IN	NS	c.nic.taipei.
+taipei.			172800	IN	NS	ns1.dns.nic.taipei.
+taipei.			172800	IN	NS	ns2.dns.nic.taipei.
+taipei.			172800	IN	NS	ns3.dns.nic.taipei.
+taipei.			86400	IN	DS	28855 8 2 6AF00FB1EB9CE9F7B6DA427E29C32BFAE5B605AEF733AFFD9DE17F150A099BB2
+taipei.			86400	IN	DS	45859 8 2 1D7533B060B299291E2C060FE110169784881081BBC7738AA4B7A774F4DC4746
+taipei.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . JPb52PTZHknL8aEO+t9hx2YI7htscQn4wAa+jdrgAhUlj/2xY+hBEWgdHhJzPMsc48kWmjxVhu7Ix62lwh4dK9f4ve4/Yf2hL63TtfqPDdGM9p357apj/qczDmCNtLnVcktixnA0fF7NZfzJaHBYW7+bMj1IDogmkwnFRw0JKVaiZcbgtHh3PRafGEMANk7Gg9850w4+CR/1+jGp1J4bCUfNf3xb3TFWdpcRt0ko54EEzYUya+USh58tCsuwv4tzalzgy61vJ5UybEewsRsRxEl0+Wv5FBTIk75dvxnXwS4r0kqpZqnWGRT1uhYBWNIzHo+ReQSe5mYudZA6usUeLw==
+taipei.			86400	IN	NSEC	talk. NS DS RRSIG NSEC
+taipei.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . GpCDr52DorQGjE8GsCc5BtU10a/3ZJ8PZ66JqLUy8YJsYXB7A9LIRTs5EZA8sBINd536t152/HRRKF0kZl2LEBZoiUX/PafB4CYjy6HxWiGnPEE41itFl2NdwTDqCkpD5qjC54cEgcmHmQWv0oG1G1M0Qf5BCPyxM3Hd3nKDDQpAo3A6m2+zC2lxuODEyqNkY2CAPzX80k8xZQl9xSZmO/TqCXTYFpd4TzEQynXtZv7GxEg5WYLWRnAjJVT+G2arTFeyHc0VBLw+jGAuDgOXmfFbwMRWc5jiueU9CYwnLvE/5Y/sDzNbydtJoJM/+fJagOl1LDHI5S5RU+09ysIfBA==
+a.nic.taipei.		172800	IN	A	37.209.192.10
+a.nic.taipei.		172800	IN	AAAA	2001:dcd:1:0:0:0:0:10
+b.nic.taipei.		172800	IN	A	37.209.194.10
+b.nic.taipei.		172800	IN	AAAA	2001:dcd:2:0:0:0:0:10
+c.nic.taipei.		172800	IN	A	37.209.196.10
+c.nic.taipei.		172800	IN	AAAA	2001:dcd:3:0:0:0:0:10
+ns1.dns.nic.taipei.	172800	IN	A	156.154.144.156
+ns1.dns.nic.taipei.	172800	IN	AAAA	2610:a1:1071:0:0:0:0:9c
+ns2.dns.nic.taipei.	172800	IN	A	156.154.145.156
+ns2.dns.nic.taipei.	172800	IN	AAAA	2610:a1:1072:0:0:0:0:9c
+ns3.dns.nic.taipei.	172800	IN	A	156.154.159.156
+ns3.dns.nic.taipei.	172800	IN	AAAA	2610:a1:1073:0:0:0:0:9c
+talk.			172800	IN	NS	dns1.nic.talk.
+talk.			172800	IN	NS	dns2.nic.talk.
+talk.			172800	IN	NS	dns3.nic.talk.
+talk.			172800	IN	NS	dns4.nic.talk.
+talk.			172800	IN	NS	dnsa.nic.talk.
+talk.			172800	IN	NS	dnsb.nic.talk.
+talk.			172800	IN	NS	dnsc.nic.talk.
+talk.			172800	IN	NS	dnsd.nic.talk.
+talk.			86400	IN	DS	63701 8 2 6EAFD932EDDD45279072054C3CDFCF9CF04EE9CC5847DE8F7AE6442A3ECAC117
+talk.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . Ko0Yyz87iM7z8m9n87sIq6/tSFDKo/uXE7gBZcI8cQPMZ5SR7GPo8Jk8ZCRbqxM6GxJn/bWVbiHUaXAVjqIJgus67xkyL4STyaUMLWsqgyR3/CaucVLm1aemivFl/jdjOwnbszw+VlYJBWR8ePbfoeVaBD09er29mRKTmqTCSlRLaE0UKVMCCFD2KWI3a+RiKjEDq6jiH5Lw95s3mPHrUY48DbL+k/083lqd2G/+19znqQzBfM0ENhRgmEWIO8y7QTsj7IGDNNzaqLk7HgU4MbIsUq3s/9mqb45/OqizecTFkPgDuMqOWX7yWxrPX8fwXC7lWYLQVp1e1d9GhhggZQ==
+talk.			86400	IN	NSEC	taobao. NS DS RRSIG NSEC
+talk.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . dqWj/l/P+g03wVJplDL0L8JHmanJ7ntv1bjDr7BI/q5yBSv8dllF8yO8Jam6yMe7jKrtWNM/JYo9me2mgrZScXnS4TOtO+RC9Eg3GPDzJJ5yTrcdRF7LWDX9dL89bk2vRJZSXwCt9h7A0PbiMZFPLX9CeVcg2aada521aUWlt36XtQSQi61nXGo0gzeGW8HxFGWWlV+ipRtzb9ihBRKlTKBITa9WFl0LAND4hXdB683yf0RUqZWzMq45Q8Ytgtn6mT3xz7jYwmVYxcCSiuXPZ4zgTPMjbnHZdgGfYqBMI830eFAzA+NzgSWWojhAhyFcQBq6PoAPVrXxXG4sWGSHdg==
+dns1.nic.talk.		172800	IN	A	213.248.218.83
+dns1.nic.talk.		172800	IN	AAAA	2a01:618:402:0:0:0:0:83
+dns2.nic.talk.		172800	IN	A	103.49.82.83
+dns2.nic.talk.		172800	IN	AAAA	2401:fd80:402:0:0:0:0:83
+dns3.nic.talk.		172800	IN	A	213.248.222.83
+dns3.nic.talk.		172800	IN	AAAA	2a01:618:406:0:0:0:0:83
+dns4.nic.talk.		172800	IN	A	43.230.50.83
+dns4.nic.talk.		172800	IN	AAAA	2401:fd80:406:0:0:0:0:83
+dnsa.nic.talk.		172800	IN	A	156.154.100.3
+dnsa.nic.talk.		172800	IN	AAAA	2001:502:ad09:0:0:0:0:3
+dnsb.nic.talk.		172800	IN	A	156.154.101.3
+dnsb.nic.talk.		172800	IN	AAAA	2001:502:2eda:0:0:0:0:3
+dnsc.nic.talk.		172800	IN	A	156.154.102.3
+dnsc.nic.talk.		172800	IN	AAAA	2610:a1:1009:0:0:0:0:3
+dnsd.nic.talk.		172800	IN	A	156.154.103.3
+dnsd.nic.talk.		172800	IN	AAAA	2610:a1:1010:0:0:0:0:3
+taobao.			172800	IN	NS	a0.nic.taobao.
+taobao.			172800	IN	NS	a2.nic.taobao.
+taobao.			172800	IN	NS	b0.nic.taobao.
+taobao.			172800	IN	NS	c0.nic.taobao.
+taobao.			86400	IN	DS	62422 8 2 9F3D7CEB441CD4DAC22EFCCCF5E79D238163E139AB368ABDDAA1029302A77BCB
+taobao.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . q6VzMs2gTkrqQrA8IvUaGlE3BO0Zt6R3VhlkkPUWb1HW5c2+zN3FooRO+Xlz224noEkZ1nQHhqanc02MZfuW0vFw2YMc6Y0v+gRaHv/buXdaYloa5lDI1Iq7QH9NnxFuxhtD0/iyu511dps9ZM15b0bbEh2DUKWj1rBWcOagTXk/0z3yQ2gCSwdDmgEt4830+a5s1x2AXbdrGXdVz1X0abhiKtjnFl+bw1JvNS4+3ced8CyQbHMXOdYMXDhBaDwlMGOUcD5Mc287HCeHXGNyfTCi+0myHcQcbm+Dtz79zfhXNzViRx+EazESFV/HgYOnYnLSaLwTJfWT3coEG3o8iw==
+taobao.			86400	IN	NSEC	target. NS DS RRSIG NSEC
+taobao.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . YkuCSaYb3j+XI1XJYlk1IOeR7XhjMLsLJLceb3p1GiXpSc3jx6ec92G1cyexoy+KfvunnjaiFhguLbvpKi3CaZjXaSagVOe7WnteWQ0dEnduf2b2NeVcTRexHST6wqIi/+eFG+29DFscHSseE8a6bwzAVjqrYPzV/YBQ0v5iys+NON4CSPTLQn82jPgEYmeZAJHvbNQRPxLTcKtRKLyYW4JMe/lOxr4vWt5CFmWo2bguqMlx/sokyMbTwIM7VGtMtaqY8nHi7djubvQLgepINCVmdvABuUSsiR5H1gHM+dcsLCJjRWe/r8vjtunK78uWqAyaOVXBBm2Hi3OS9BivNA==
+a0.nic.taobao.		172800	IN	A	65.22.52.17
+a0.nic.taobao.		172800	IN	AAAA	2a01:8840:32:0:0:0:0:17
+a2.nic.taobao.		172800	IN	A	65.22.55.17
+a2.nic.taobao.		172800	IN	AAAA	2a01:8840:35:0:0:0:0:17
+b0.nic.taobao.		172800	IN	A	65.22.53.17
+b0.nic.taobao.		172800	IN	AAAA	2a01:8840:33:0:0:0:0:17
+c0.nic.taobao.		172800	IN	A	65.22.54.17
+c0.nic.taobao.		172800	IN	AAAA	2a01:8840:34:0:0:0:0:17
+target.			172800	IN	NS	a.nic.target.
+target.			172800	IN	NS	b.nic.target.
+target.			172800	IN	NS	c.nic.target.
+target.			172800	IN	NS	ns1.dns.nic.target.
+target.			172800	IN	NS	ns2.dns.nic.target.
+target.			172800	IN	NS	ns3.dns.nic.target.
+target.			86400	IN	DS	63634 8 2 C16DCD3729FCE936B4FF2021E1D2409499FC85C4934137249EF7B5288807AEA4
+target.			86400	IN	DS	64351 8 2 0168137C6E180963663C74F30E4B581847C1D17E674B59AA1CB2C76D671D5ED3
+target.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . aFyCTPBpaLZV3Ynxo6kNbe47Zgnydj+0fEyPzswKQxLjcMv/B3GjX303UzO0fgbnc6JxIKRievHFJKsb1l2/3+Amuht63iPES8/PJyMUffu6q2gluE/72vQLF9+1cH2Af6EBt83u6pkqTEGDksh8HpOQVxeN2vXILYHV/SDf0BKw4oqddJnepy6aPXxDHDShWXDW7Hx7GUoKgjmDJ/3oUFXeq9DXct/bM51LzAqvJmsrcTpSrRXqaQ5WaAcG9Pp+Ct5AVeIGmS/Gyj54UKryvjcDehOttllDmO0KQNPSXh/MDvuoUexsD8/ALF+flXa3o353gD1iRYMx/JaogWcvsg==
+target.			86400	IN	NSEC	tatamotors. NS DS RRSIG NSEC
+target.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . FEwBzuG8ll9jHBiqcgg5uOOKYefV8wUASiUpkPqkFc68zPqM5Kvh+qrXyIdG71t3WMjmvtA6M1vjzhqNooBjxhkiCRFpoJNI0K2x2/UXVMKnDyLCL4Cjnud+WlwxSyuxUO29fM/ceJgoWraGhy6rhSM98gGD+earWLNAL18103/3B6BnL6ABO/pvFlOiDrHOUmuJP1lKCWpBCLv+G6xnoyMh95oHg4Fw3KhLdKLSD6XBLIyc35MoqJ7SMCvJaXccpOqOW7LIY++7KX1sj0CrrEqsn+g5SoCcqX9bykAYEWnQaF/mJvEFFYRMbB9ji4VvWCTOjwSPpgLgVyebJZmwwA==
+a.nic.target.		172800	IN	A	37.209.192.9
+a.nic.target.		172800	IN	AAAA	2001:dcd:1:0:0:0:0:9
+b.nic.target.		172800	IN	A	37.209.194.9
+b.nic.target.		172800	IN	AAAA	2001:dcd:2:0:0:0:0:9
+c.nic.target.		172800	IN	A	37.209.196.9
+c.nic.target.		172800	IN	AAAA	2001:dcd:3:0:0:0:0:9
+ns1.dns.nic.target.	172800	IN	A	156.154.144.158
+ns1.dns.nic.target.	172800	IN	AAAA	2610:a1:1071:0:0:0:0:9e
+ns2.dns.nic.target.	172800	IN	A	156.154.145.158
+ns2.dns.nic.target.	172800	IN	AAAA	2610:a1:1072:0:0:0:0:9e
+ns3.dns.nic.target.	172800	IN	A	156.154.159.158
+ns3.dns.nic.target.	172800	IN	AAAA	2610:a1:1073:0:0:0:0:9e
+tatamotors.		172800	IN	NS	a0.nic.tatamotors.
+tatamotors.		172800	IN	NS	a2.nic.tatamotors.
+tatamotors.		172800	IN	NS	b0.nic.tatamotors.
+tatamotors.		172800	IN	NS	c0.nic.tatamotors.
+tatamotors.		86400	IN	DS	55006 8 2 038F7FE751B672C38C8A1748D2E8BE90C1CB1FF8C35766EC10E0242E0C2FB843
+tatamotors.		86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . BQYr+JZ44hl/TJfurh2DZWB4x3usvf/rD8gAWleB6HzYrjPGEjStAlKWK3hdOHPa2xMLR1Sb68AuFqmonI3orNn3LMSC9AtP2U1218oFaL9k9gQmhg26B1TDuloe89FukVIONysWw3BYDFdaqhqFNxbDPEftHxPk+KDCqKr5rRrISdiWWLofIReAQB197oMUzMuc4T/4biybc6rrT0fn7cUfQYInEPvsHkDSK8ZoVlmN+EBmfzSlj7Q34P9ncdu1dnzLquf7McCE/116V8xH8Fbtc6j2vRW5BRm+BBstrGcbfDNR05SP2xqCNGx4vzx2JY96kIqXjRtDIEcLh8FdRA==
+tatamotors.		86400	IN	NSEC	tatar. NS DS RRSIG NSEC
+tatamotors.		86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . yzUYVJB++NAYKwqTVTYuNCGHmxrUsb9AE6hVv7OUK2FadsGPWcHfeN5MQiC7PGF+zwmRrj7wmu59EO+YnFv0I1L11x1f/jPx+PD4S1cZzJMqVmbcV6RGikg2KRt6yzSDqdxKN1HR6Wx5rmrJ6OS1w2sc9Bbb8k67XNWX1GzSoBpEeHDi+5HzdjWEDOf+R0737dsXAyvx0OShWIloG5U2HZMvOSstEqQDLiSvbAPq5i9+9+z1f7R9eg2dItky0fAoNmiyFx2kujWZlinG69fweJwBv4qhn5DQnBcMX5yPre1XiGfqQFoG8ttqaYAByumtOvh1+DMMmQ7aV4b4VDndBA==
+a0.nic.tatamotors.	172800	IN	A	65.22.112.69
+a0.nic.tatamotors.	172800	IN	AAAA	2a01:8840:6e:0:0:0:0:69
+a2.nic.tatamotors.	172800	IN	A	65.22.115.69
+a2.nic.tatamotors.	172800	IN	AAAA	2a01:8840:71:0:0:0:0:69
+b0.nic.tatamotors.	172800	IN	A	65.22.113.69
+b0.nic.tatamotors.	172800	IN	AAAA	2a01:8840:6f:0:0:0:0:69
+c0.nic.tatamotors.	172800	IN	A	65.22.114.69
+c0.nic.tatamotors.	172800	IN	AAAA	2a01:8840:70:0:0:0:0:69
+tatar.			172800	IN	NS	a.dns.ripn.net.
+tatar.			172800	IN	NS	b.dns.ripn.net.
+tatar.			172800	IN	NS	d.dns.ripn.net.
+tatar.			172800	IN	NS	e.dns.ripn.net.
+tatar.			172800	IN	NS	f.dns.ripn.net.
+tatar.			86400	IN	DS	27077 8 2 CCED6D290E870530527ADFDA81F3277C9F64B8DC2724DC9D90640946D176A01F
+tatar.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . g/Yp1rP6FRMdzXv39vJ8ejjsKKTeud2rh0opJ7F+cfGI//eKJhv5u/NfjbP1ft16rnyfwTDYbthOTxG1WFUtSL+zargl39Y/oy7Q4B13/tTrB5C0/Nr/ovDF0Vt2eU1/aV3OuN3fycSBNlZwc+QZVFjwMoEhiMXh1nhNOdtjrYXqi0PURyGqiOzTn6MfOCFlCOgUs/uQTu5GKk/AoLSTNaPKBXVSbaFf4rzrGCfEcR1vu1SwyQfrvDYOLwylZUug+UK8IfBYBF3Q5iDGVcBMWT4UN73/imPBm0o76NtLQy+VCLz2Xd2qYMpSQx5IlQNGK5LiJFKd5FjnwMImwgdo8g==
+tatar.			86400	IN	NSEC	tattoo. NS DS RRSIG NSEC
+tatar.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . oS3qDDRZ82Rjyr4nVpGQhK7aziP4ZMVXKKObVpTFz2qWsw0OU/KUGuw3R/92TTiU/DrQTczdhq9drT/EIyL2YFuyYmEeKLkrCPrpoAgbichiI2llM68HBB69hqeLmYcP/BaUkmObOV4ifSqprGq9y75nv3sTq1YgqiqOuaxHFbTatK0hBY1TJQd+t/nDkYdpqt+AsdKxU1PIDz/OhvdTiwTxh53yD49dwJr0TdwgEWHSqH0cHBnEnc7o+AvQwn+/xSQOnOQG58hkWfDn4RfuYfTRjyqAB2dpilHYo9j61OnWoV/85qDoSqL96Qy0x5I9ytGt4N+Byo7Xp2GdrU2kmA==
+tattoo.			172800	IN	NS	a.nic.tattoo.
+tattoo.			172800	IN	NS	b.nic.tattoo.
+tattoo.			172800	IN	NS	c.nic.tattoo.
+tattoo.			172800	IN	NS	x.nic.tattoo.
+tattoo.			172800	IN	NS	y.nic.tattoo.
+tattoo.			172800	IN	NS	z.nic.tattoo.
+tattoo.			86400	IN	DS	20907 13 2 2EB5F4E97EBC340ACC792395037D9BAC16B3683099BC109ABC2EA74E7D0D2555
+tattoo.			86400	IN	DS	23225 13 2 BD1E542C994F3E0D03467D60D852AC6DA47C825D16D64612006AC2AFE1FE2DA9
+tattoo.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . rTvyZeUr3v26Co5OjJ40XbBQny+XFqEo+oQAFi7J9pZ/MWi2yQeBodmPCTD1PsnwE+WbSpH7PRn+iFkPefgtnHIXdg9PJKIV3tRyNlge5WGsxrBLcqO+d1pfKZHiuNIr78+5cTYMdQ2j1kugG9a7jGSku/dj0FKPyLF9/s7l9caTUsM5XSgTQJLLHp3e+qnJ3Y4a57BgDGUr7Nsp+m6rLA7qXXnBKt4EucuVjiS1IySuWHMl9CHPzKGixGVZ8TKX9LR+j0PClWBn//Ge8ALnRq3kP659iqFqz2rLr22S6Kz2K7aOx4KxLHRnahv7nY4JDjxY4M8muA0iskHdKMCC4g==
+tattoo.			86400	IN	NSEC	tax. NS DS RRSIG NSEC
+tattoo.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . l63GIUnBJHoJpLhKvK5EUlvGvpNRJ5PN6jl9unrXeehJ0fyiXcMsQhn65AwkSbtLRdxR+/Xya7gpdmsnj4dNQj0ega/Ae4ScYic1V+p0mXxCvYhrmZFfEPW+TPQ783aXi4enyeNDEW6E5TJvkx8iwcSJJadqTRgQPVq5ISqkGIIsJ50TQkXGmiUXQZwzkGQOf3UBxi+tdhwsyRuci3npCHjxcZDaZ/bf972rVIvmscCESL0PXwefVtQv22PNokPHNIbBp+Ojf4cPA1VBEEFmjMJkkg6FWiuuMwkmkxpxvq2nZSr8W5gJ37pcQCguKPxJ/kz+sJBOtjJsij737G0oFg==
+a.nic.tattoo.		172800	IN	A	37.209.192.10
+a.nic.tattoo.		172800	IN	AAAA	2001:dcd:1:0:0:0:0:10
+b.nic.tattoo.		172800	IN	A	37.209.194.10
+b.nic.tattoo.		172800	IN	AAAA	2001:dcd:2:0:0:0:0:10
+c.nic.tattoo.		172800	IN	A	37.209.196.10
+c.nic.tattoo.		172800	IN	AAAA	2001:dcd:3:0:0:0:0:10
+x.nic.tattoo.		172800	IN	A	156.154.172.82
+x.nic.tattoo.		172800	IN	AAAA	2610:a1:1074:0:0:0:1:82
+y.nic.tattoo.		172800	IN	A	156.154.173.82
+y.nic.tattoo.		172800	IN	AAAA	2610:a1:1075:0:0:0:1:82
+z.nic.tattoo.		172800	IN	A	156.154.174.82
+z.nic.tattoo.		172800	IN	AAAA	2610:a1:1076:0:0:0:1:82
+tax.			172800	IN	NS	v0n0.nic.tax.
+tax.			172800	IN	NS	v0n1.nic.tax.
+tax.			172800	IN	NS	v0n2.nic.tax.
+tax.			172800	IN	NS	v0n3.nic.tax.
+tax.			172800	IN	NS	v2n0.nic.tax.
+tax.			172800	IN	NS	v2n1.nic.tax.
+tax.			86400	IN	DS	3385 8 2 4D66CF4D6309A91268D634432D008877AB792D0632A1F8775B732A18C277786F
+tax.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . NcB1Te7WHgL08LjDJ8Q7IqavwfrByzXx2uKMIwE9QrB/psAeoiM/lAYFDT122zeBtJ5CVueu7EidjcZklH2HE1JCBcJ1xqjf7M7+G8FfG9/36RwSbk11oHLcNIC2I0M3PKT9MQQUM+u/aiVxQ0lRjT4BDuuhHAtMSiqRL3IpmCVoR1lHQeX7wyncZv97qGvjILGp2+TD6XsKyBUASkMNEmZzn1J6foGFFtUWCki+3EZ62vQ9fvjmZXsKpSKv1FAuTQ+0xIClFLfjOVQVLciNKW1AaAnWrZXgiLw2qJIGO6kQBwYWuX6P4r2QMKnuqnGydBebmLHGz/PAEzikHdMaUA==
+tax.			86400	IN	NSEC	taxi. NS DS RRSIG NSEC
+tax.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . cB+GuY+istdPjt3JEBvX7FaYewAYUSSdWZs1C3rMPnRsKpMz3HUGj06Rid59B8Md0gQv+0vFY0oAX05eeo4Xcpsvrunc7crqwPxA/eog3QndWSR7OkevP6ljKwi6MZCP7d6TMoqxrfsHPiSr4Vj3+5Hndr8Wp7/akHCk1TTpS+renYDly1kU+0VJPBT0zmjlEIGSOpP7pDrMoNitflZfaOrdDBi2zVEb7/O8IFNtUU745yzv4MnQhMM68OjYz0F2DJcxLJ9JOXQxClQIyhUj/uQVZqtsf2yZ2iWCb5my8uVwm7pWrH2zVhi3FCUUALcM8qsUMxhcnHnzfaw/KQEvrA==
+v0n0.nic.tax.		172800	IN	A	65.22.24.16
+v0n0.nic.tax.		172800	IN	AAAA	2a01:8840:1a:0:0:0:0:16
+v0n1.nic.tax.		172800	IN	A	65.22.25.16
+v0n1.nic.tax.		172800	IN	AAAA	2a01:8840:1b:0:0:0:0:16
+v0n2.nic.tax.		172800	IN	A	65.22.26.16
+v0n2.nic.tax.		172800	IN	AAAA	2a01:8840:1c:0:0:0:0:16
+v0n3.nic.tax.		172800	IN	A	161.232.12.16
+v0n3.nic.tax.		172800	IN	AAAA	2a01:8840:f6:0:0:0:0:16
+v2n0.nic.tax.		172800	IN	A	65.22.27.16
+v2n0.nic.tax.		172800	IN	AAAA	2a01:8840:1d:0:0:0:0:16
+v2n1.nic.tax.		172800	IN	A	161.232.13.16
+v2n1.nic.tax.		172800	IN	AAAA	2a01:8840:f7:0:0:0:0:16
+taxi.			172800	IN	NS	v0n0.nic.taxi.
+taxi.			172800	IN	NS	v0n1.nic.taxi.
+taxi.			172800	IN	NS	v0n2.nic.taxi.
+taxi.			172800	IN	NS	v0n3.nic.taxi.
+taxi.			172800	IN	NS	v2n0.nic.taxi.
+taxi.			172800	IN	NS	v2n1.nic.taxi.
+taxi.			86400	IN	DS	28756 8 2 75A029EE9C29F3CFB66255F04C724E4739ED871DA812F13B9684E07382535369
+taxi.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . pSmr6QU9FOy37wnCztDqmFzwfDr01opLCYKYhwWFgwtW+2C4TDNAIG+rxhnWWkMSwGA2F17neC5HU5Y6sP+PXwWjC74Y1qknhsgRJLhjpkGSAs7HHe4XIZvRkf1D26cJeEEavrNW0MjeIuuiGXHA+hQfn564RCZnGa3tvuhoUTnY4aHOKWAt6Ob4MPZvtBMkub75QjW0wQ2ss7RUJt3MxWExVp3epdQo1j79uujqTn6UvgtQZy/fqVaBvUtgKGwk03Zd9/X60ToQPomU4/6AQmj7638+BDBCUGzBcI2OtCZ/GzSSDgKnzW4ol2aB47BiPjZx6ZylXo+BG17khu2cNg==
+taxi.			86400	IN	NSEC	tc. NS DS RRSIG NSEC
+taxi.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . M3Ykqs78R7JfvEPa2+dmBQwk8byVadXD8Z527DujwlZZv6ucs7jjDfbLLzrnzEFPnUw1a0sGAdBWR/sJpymFaW6dNV8GMRfKwOrPxyZCwtTXk0mXGt6rbOHrU4kYJwM0np6FMq8ycCpBJUJm+bSBKtIdyru/EybeXVKUlMiF+8k8mMarWQXrW4UsMlK2sgyii1ecazDOf7YC3aESj6lGaExk0O+f6OIaGJdCM75jUtN2OpYhfMDuEPvIDW3erKHNt83DI/Wubuq4nCHgHp+hSp1x0Os7jeS6vhfVz4UF4J7ZGd5fVhseu8KXvcOZ90cv2UZNvoHVGjJ98hRMliAGxw==
+v0n0.nic.taxi.		172800	IN	A	65.22.20.21
+v0n0.nic.taxi.		172800	IN	AAAA	2a01:8840:16:0:0:0:0:21
+v0n1.nic.taxi.		172800	IN	A	65.22.21.21
+v0n1.nic.taxi.		172800	IN	AAAA	2a01:8840:17:0:0:0:0:21
+v0n2.nic.taxi.		172800	IN	A	65.22.22.21
+v0n2.nic.taxi.		172800	IN	AAAA	2a01:8840:18:0:0:0:0:21
+v0n3.nic.taxi.		172800	IN	A	161.232.10.21
+v0n3.nic.taxi.		172800	IN	AAAA	2a01:8840:f4:0:0:0:0:21
+v2n0.nic.taxi.		172800	IN	A	65.22.23.21
+v2n0.nic.taxi.		172800	IN	AAAA	2a01:8840:19:0:0:0:0:21
+v2n1.nic.taxi.		172800	IN	A	161.232.11.21
+v2n1.nic.taxi.		172800	IN	AAAA	2a01:8840:f5:0:0:0:0:21
+tc.			172800	IN	NS	root1.zone.tc.
+tc.			172800	IN	NS	root2.zone.tc.
+tc.			172800	IN	NS	root3.zone.tc.
+tc.			172800	IN	NS	root4.zone.tc.
+tc.			172800	IN	NS	root5.zone.tc.
+tc.			172800	IN	NS	root6.zone.tc.
+tc.			172800	IN	NS	root7.zone.tc.
+tc.			172800	IN	NS	root8.zone.tc.
+tc.			86400	IN	NSEC	tci. NS RRSIG NSEC
+tc.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . g9A1F+X7fMvprwsRRgj/SuFya7mqMPySnHb+GIzmZ39ouonX+mRNRORXMpLcChyFJPfL9TNmOJ47dRXmN4jWpnVLxCxSVso4kGLB/xj3dc43FIyCkDAhaj3S3nEc+0ecgU3NBYPtnFwJh/rQfifpoUMId6HgXidNUcLHe20zHBpeZo3dpzCiqaR45xABlFPtdWcKcdWJTx6XZf98kq/uW5YakIxSwvQj76gUw7cH1oDxkUKgWpc6C4TMVEGGKZ/2RUQpaMw/LEY6E6uRcpQVopuaueHkA2MKpOalAtGwL/Pj8O6QaS5V0+WzN/OegBq29zaw9O7WQkKSgrftuASO7w==
+root1.zone.tc.		172800	IN	A	31.169.81.225
+root2.zone.tc.		172800	IN	A	77.79.104.226
+root3.zone.tc.		172800	IN	A	77.79.104.225
+root4.zone.tc.		172800	IN	A	31.169.81.226
+root5.zone.tc.		172800	IN	A	95.173.188.6
+root5.zone.tc.		172800	IN	AAAA	2a03:2100:0:100:0:0:0:5
+root6.zone.tc.		172800	IN	A	166.78.254.145
+root6.zone.tc.		172800	IN	AAAA	2001:4801:7819:74:a322:3632:ff10:3e2f
+root7.zone.tc.		172800	IN	A	119.9.93.69
+root7.zone.tc.		172800	IN	AAAA	2401:1800:7800:102:ab3b:e6a7:859f:a6c7
+root8.zone.tc.		172800	IN	A	162.13.87.182
+root8.zone.tc.		172800	IN	AAAA	2a00:1a48:7806:115:d994:9fe:9eb2:e68d
+tci.			172800	IN	NS	a.ns.nic.tci.
+tci.			172800	IN	NS	b.ns.nic.tci.
+tci.			172800	IN	NS	ns1.anycastdns.cz.
+tci.			172800	IN	NS	ns2.anycastdns.cz.
+tci.			86400	IN	DS	12317 8 2 1D37F5016C69D56F3A3732434A0471FFF1FFFD580E4A7CE26816BC525095DE83
+tci.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . ZfO5qGDU7dKh8g3CqGUYKZNV/C0H5dZkmYzSdNN3mH/P0s1u5DnEiTQ1i4Qq5ZSGHCsnxNYBwy8ENFILbHMvn3YJ9ffxlbzHrQqwput1xoAYiTwF2p0ddC0lleBf4wWghIYyK+X0iTgAI3mZ1MECeL2hXVvVRhPdcxNzo5UZS1ORUGzj30YLCmf/7R7fo4U40grQJEEotWsiSPjnVghINGKSoBBuvTqQsNYB5E2hd+It9+GWTPcLil+XFSlhQ10OHGx2n6y0cww/sKoxfQjGOj50Jp71Y9lhfpecNfqwy1me+HESYPCJP9gL8jxfiuZUTnRm41yrs6IIi8q2EWeUxQ==
+tci.			86400	IN	NSEC	td. NS DS RRSIG NSEC
+tci.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . EDvGMhoHbxlX8zOT8nkl56giFfdlOes4HOhFdSHaluxCyza+Hvhj56vFDL2KTbFC8XEVVFYAaWPQK87r9t4p8Aybx+d1HyNXbXefCQr+k68rwiita/6Gc0tnI/DQIARCDbYblPEEctWv/RfBPWL0+SvkOdWm9CIt+GbtP6C8iThpSEFuWKSBtbsqXrwAHeprb1KMDDICHB41uwVgp3QnmO0hqgn3nTyj/PHiZyuQGzbuyWGOGP9NcUj3k/RkvP27RlQz6Wk4CGo7PrTkSDYuOe99eKHcUtFmBd51uCuniGsoBsMr4Wplva/VF18neQOnWufYW4bk3tTjoneRl37CyQ==
+a.ns.nic.tci.		172800	IN	A	72.0.49.8
+a.ns.nic.tci.		172800	IN	AAAA	2620:171:a01:ad:0:0:0:8
+b.ns.nic.tci.		172800	IN	A	72.42.113.8
+b.ns.nic.tci.		172800	IN	AAAA	2620:171:d01:dc:0:0:0:8
+td.			172800	IN	NS	pch.nic.td.
+td.			172800	IN	NS	ns-td.afrinic.net.
+td.			172800	IN	NS	anycastdns1.nic.td.
+td.			172800	IN	NS	anycastdns2.nic.td.
+td.			86400	IN	NSEC	tdk. NS RRSIG NSEC
+td.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . r75q8SIQzKnp1SVcC+dRT6Id2mfosahLp68tPYzlOgw8xLeFde6TYBnpc8wZjA0WHNiFjd1TTmFy+0qf6KPqVeY+LspD2AhOaiUZrzDxYqZyJk+r5eEtzueOM4Tk2/1p8hQ8oQt33MQz/buCC9UD3MiZl8JjaXGKvZOsacIk7cXvX/vRGfm+meZOff+/bS63HIhwz70t8InIvoFqmhjELeDLXFonfAxo51By7hF176LJC0A1/BaZ+MN9MJuJTV51htPZ3oW+XW2AZ91lvosrCWEEiD7xRAkJoQE5M7JTk9W/cjTyFD5uBiLjTMN7zQe6ZCCSR4y/0Pt5qwA/IJwj/w==
+anycastdns1.nic.td.	172800	IN	A	185.38.108.108
+anycastdns1.nic.td.	172800	IN	AAAA	2a00:fea0:dead:0:0:0:0:beef
+anycastdns2.nic.td.	172800	IN	A	185.28.194.194
+pch.nic.td.		172800	IN	A	204.61.216.129
+pch.nic.td.		172800	IN	AAAA	2001:500:14:6129:ad:0:0:1
+tdk.			172800	IN	NS	a.nic.tdk.
+tdk.			172800	IN	NS	b.nic.tdk.
+tdk.			172800	IN	NS	c.nic.tdk.
+tdk.			172800	IN	NS	ns1.dns.nic.tdk.
+tdk.			172800	IN	NS	ns2.dns.nic.tdk.
+tdk.			172800	IN	NS	ns3.dns.nic.tdk.
+tdk.			86400	IN	DS	39604 8 2 6AD7C7E7EB4C9F8DCB98AD56864A319E516C94CD953B3101377A8BA8C023D1B3
+tdk.			86400	IN	DS	55690 8 2 BBAD3FF362D157B3E4C07DA5EAB21DC9023320E511F6B5CEF84A19D773EEC2A9
+tdk.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . q072JukIvJiXGl86/1skJDAkpbGLDpFQRLUkUYSOf3iTjETBXeJNYj/HMxZCaKfw1hSUZ0N8fIon588fIVR+2X+vj0jRBN/ozGhcjLVLWBhbU0JWJ1iYzjrdbw3hSEfpWuBmCIdNQtga3d9WLFx9mZ0ludUxFaQ07/towovTJd4sKH3FHQxq+c+YbwYM/6XTf2FsrLmLf8Q26AyJ90yFFXPKMhippC9ZivjImYdRe58u6R8CBgqN1coLL75YDuDI5cnneguvhCPPi7qK4NXViDm6wCJg1Z8KX8xhHPSIZUvF5LO/R9My3bNGY2ywF7jFp7lIsfmR5Eby848FzBLrDw==
+tdk.			86400	IN	NSEC	team. NS DS RRSIG NSEC
+tdk.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . F7Z9AwtlfLEuXlhvzL3lE2UVMP0+fj64NIdI33+4dbUnwNkYd+PI3Mn/pJ0qTkwSnu7pC29pRDnJ2+YHc2SzOaFuAiH14d+qBwaZVC1f5Vm94W0x2iO/XHjp/P49nBSUITWCkGm/H5S9C3h4mJoJVjc5zQ41T1aB33vlwz2DM+ue37jkO02+8qN3pZk9Eqta1i/DGK4qQQtsnxhIpdH3rebm4J1zizGesl2I166IsnWwO+1LkFWyx0Y4OBSaymM/g39VdnOrbVy8NuvD74I+jna2a3XD3NNNVRJlEHcLuFLtnOty/pkM3q70SZNKxXjJzSqrWp0WRuKP20XVs9Lkrg==
+a.nic.tdk.		172800	IN	A	37.209.192.9
+a.nic.tdk.		172800	IN	AAAA	2001:dcd:1:0:0:0:0:9
+b.nic.tdk.		172800	IN	A	37.209.194.9
+b.nic.tdk.		172800	IN	AAAA	2001:dcd:2:0:0:0:0:9
+c.nic.tdk.		172800	IN	A	37.209.196.9
+c.nic.tdk.		172800	IN	AAAA	2001:dcd:3:0:0:0:0:9
+ns1.dns.nic.tdk.	172800	IN	A	156.154.144.159
+ns1.dns.nic.tdk.	172800	IN	AAAA	2610:a1:1071:0:0:0:0:9f
+ns2.dns.nic.tdk.	172800	IN	A	156.154.145.159
+ns2.dns.nic.tdk.	172800	IN	AAAA	2610:a1:1072:0:0:0:0:9f
+ns3.dns.nic.tdk.	172800	IN	A	156.154.159.159
+ns3.dns.nic.tdk.	172800	IN	AAAA	2610:a1:1073:0:0:0:0:9f
+team.			172800	IN	NS	v0n0.nic.team.
+team.			172800	IN	NS	v0n1.nic.team.
+team.			172800	IN	NS	v0n2.nic.team.
+team.			172800	IN	NS	v0n3.nic.team.
+team.			172800	IN	NS	v2n0.nic.team.
+team.			172800	IN	NS	v2n1.nic.team.
+team.			86400	IN	DS	38380 8 2 98207980337ABE3132EB70514E4F2117A2CBC9D83ACD2E89B18F9368A0456EA9
+team.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . VKwDBykNlha1lzaUQlZrz5IT/db6lLxejmC47wEe/YQhKvMVce9YFRtLM3aseyfP3zQjzYcEN7d3O8xbVYkQYuue1AfGedkW4N++PaLLcZDSkQb9CseoKgy88ZMToa/SW0fvxztU9nsteg/WqIbD+dyrV8c4xfBURSR+cL3iaogGf3CUgvPnNWd4iwWh0DcB1vnMSiT+iK9gHPjVcr/ANUqY6Kds6SJo+V3qbDd/+p8U3GHh3vIeUKFAtaCKVgHh96clmNlBGazWJRKRdsFPQ0C5K0sVwUWzhtTY4TIGCf4hgV1xdnAFujMKEY3DkYLvUhzJ7nOozn+7rPAmWIjyiw==
+team.			86400	IN	NSEC	tech. NS DS RRSIG NSEC
+team.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . LGGpHCfisTqBxBsX8pxeQ5VkT1Qkq/ZHzRMiApD2YFEHksAIMwgFAbbi9RQZ6uHPtoSb8kcp7Spkctwqq+va930w76Ydsnr9fVdtyMfJrvWwtAAIITKBVG/Ac311uk0Oig1YLSS7yIlGu+C1FN40h3W1C9kjp91dYTp/3DBvJYoyNZe+tAwpYEZXi5gtmQjE7iSRpD3NIcfd1tL6bmFdfYJViy2VynDpRblcIqCF5YMJAQEv+pZUu4HFBLNecEm6EcmyA5kSRvIS/1c2ib++hWVZGwcq3YQBEjbmcVvo4jyvPNeDJGyGelIzYJTjMBZ3schxreH9m3P53i+scBswPw==
+v0n0.nic.team.		172800	IN	A	65.22.32.37
+v0n0.nic.team.		172800	IN	AAAA	2a01:8840:22:0:0:0:0:37
+v0n1.nic.team.		172800	IN	A	65.22.33.37
+v0n1.nic.team.		172800	IN	AAAA	2a01:8840:23:0:0:0:0:37
+v0n2.nic.team.		172800	IN	A	65.22.34.37
+v0n2.nic.team.		172800	IN	AAAA	2a01:8840:24:0:0:0:0:37
+v0n3.nic.team.		172800	IN	A	161.232.16.37
+v0n3.nic.team.		172800	IN	AAAA	2a01:8840:fa:0:0:0:0:37
+v2n0.nic.team.		172800	IN	A	65.22.35.37
+v2n0.nic.team.		172800	IN	AAAA	2a01:8840:25:0:0:0:0:37
+v2n1.nic.team.		172800	IN	A	161.232.17.37
+v2n1.nic.team.		172800	IN	AAAA	2a01:8840:fb:0:0:0:0:37
+tech.			172800	IN	NS	a.nic.tech.
+tech.			172800	IN	NS	b.nic.tech.
+tech.			172800	IN	NS	e.nic.tech.
+tech.			172800	IN	NS	f.nic.tech.
+tech.			86400	IN	DS	50095 8 1 82F72F2462DEE25B99DA2470535AD0A7D131F1EB
+tech.			86400	IN	DS	50095 8 2 83F40D01141484D8F07305E5D2E44AC5663149054C598D6E9D993C661686C6EE
+tech.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . wBhWUxHIWpQ9NaNG/egI2ayQmao8Xa0HkvzyraRfIVC9jGPP47AgZiTtN7lJ9xc3r2LYHIqtGsjD0AD8upJqtLO0yLcqFvL5DnO+LOuhWkpx7Q+BxJWxQmu4AVP5AvNEGD6YIPP7hmUyszGtWg4nzAKpc8Jav0bNChG26sVxbTPgEc+L1Ts/7saYPK5gQSCDrJw6bin7feBiB8PlWNsIuPdoGbNJT3NEswm/x6Ya4bC4uAFPe84QtlRhhXp98NXiLPBFejW6B7BBYKC7ZNJF2S10gKgMxmBaQlop8XS3CHBG1rwLNj8pvxnb/qcPWr8VsQB0KX1lPno0LE0UmdSkHA==
+tech.			86400	IN	NSEC	technology. NS DS RRSIG NSEC
+tech.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . t4/Waz8MhlR9MmaDF3rt46emWD3TnEA/zBQXzB2pyBr31c0qu34DRfQ/HeYUpqLLmDpQoolcpKS0lbDU+nZb12b+T3x3grq/AYUxAKXiuTfH4WwI/FiA9KU2KJdtJzV8PiQVqCjY8oCGEpIAXYyYBn8IspaVwIFSgnMqFWCx6qvVUbotNwon67YWoeaj1juDRWSYyT/UagA4tyvadEoIMiZAiQ7tJJkWL8BX9IjGZepaZv6RpHFIjGOYrOVcV/0RCLkNIStBMJc6BSK4SFtaAJ8NNhgUOuIuBdFjhuCvqHsfDUtueJQnxG9NPDWEcyfMAz3+GoGfRzJgXtOWJ16kWw==
+a.nic.tech.		172800	IN	A	194.169.218.60
+a.nic.tech.		172800	IN	AAAA	2001:67c:13cc:0:0:0:1:60
+b.nic.tech.		172800	IN	A	185.24.64.60
+b.nic.tech.		172800	IN	AAAA	2a04:2b00:13cc:0:0:0:1:60
+e.nic.tech.		172800	IN	A	212.18.248.60
+e.nic.tech.		172800	IN	AAAA	2a04:2b00:13ee:0:0:0:0:60
+f.nic.tech.		172800	IN	A	212.18.249.60
+f.nic.tech.		172800	IN	AAAA	2a04:2b00:13ff:0:0:0:0:60
+technology.		172800	IN	NS	v0n0.nic.technology.
+technology.		172800	IN	NS	v0n1.nic.technology.
+technology.		172800	IN	NS	v0n2.nic.technology.
+technology.		172800	IN	NS	v0n3.nic.technology.
+technology.		172800	IN	NS	v2n0.nic.technology.
+technology.		172800	IN	NS	v2n1.nic.technology.
+technology.		86400	IN	DS	27175 8 2 DBBBB57529756C1BF2ED1AB1CA275B580C2F3296FCB65689844A8D58CD936516
+technology.		86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . y2cq1M3HvpMyO9SR4OdHPEwVtdFA1qYeFsWyQV/ZQBExlDj2JocFpJVg6mdtmXuS4iGant2eTjn0Eb45pI9rJHwQdhQfp3Q+M7xHqvjSXX72OZpkmJg5MBz9IRs/daQVANtQmepQhBGMWPzOfU2Uu++1KWibp/wF/gvu8b6BpF3958O8sFgPBZKbMGe7y261GFWiu49ThHdiKdbnhPAQ3fE9g5P8QkwMFvRecJfBJ6QAxh+WbAzLsWqP/1vYEpV0a3t+Zg/xsTRDVeXrAdDfd3XAL/IG1W3UrfDjXm5Jepps3JGl1p+nd/QW+O/K09H63cm/286Tm8wciTlNigrrPg==
+technology.		86400	IN	NSEC	tel. NS DS RRSIG NSEC
+technology.		86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . hfOXGXjkUZUiBiIJs3+2L2Rx0glnwL7hUgApe73mwTAtzVOOsXHPZcMTJ7M/Ur72XEWXbvbvj0WF3DuFhh+tvQFBAZ+vM5N4rA5xuyg0EQ3+wNYvKHjwi859icf11M/1x+WgqDCGAel/snan77pCxkWaRrrIKC526Tm9HoWfdCedSoXkAFj7CBHJukNY0mZWis6C3WeEgTFL/HyRvEewlP6jDfxbwdbC92dXD6/GhLXFQ7ljd6Yl7h24PBWw0EpO/CaADtjUuFVXa5UyGQJeAK0NHzl8/HEz/ljwOIrGnsXBslurFsGiebjXM2547GGsOnDX74refptksBkEFyzW/A==
+v0n0.nic.technology.	172800	IN	A	65.22.28.37
+v0n0.nic.technology.	172800	IN	AAAA	2a01:8840:1e:0:0:0:0:37
+v0n1.nic.technology.	172800	IN	A	65.22.29.37
+v0n1.nic.technology.	172800	IN	AAAA	2a01:8840:1f:0:0:0:0:37
+v0n2.nic.technology.	172800	IN	A	65.22.30.37
+v0n2.nic.technology.	172800	IN	AAAA	2a01:8840:20:0:0:0:0:37
+v0n3.nic.technology.	172800	IN	A	161.232.14.37
+v0n3.nic.technology.	172800	IN	AAAA	2a01:8840:f8:0:0:0:0:37
+v2n0.nic.technology.	172800	IN	A	65.22.31.37
+v2n0.nic.technology.	172800	IN	AAAA	2a01:8840:21:0:0:0:0:37
+v2n1.nic.technology.	172800	IN	A	161.232.15.37
+v2n1.nic.technology.	172800	IN	AAAA	2a01:8840:f9:0:0:0:0:37
+tel.			172800	IN	NS	ns1.dns.nic.tel.
+tel.			172800	IN	NS	ns2.dns.nic.tel.
+tel.			172800	IN	NS	ns3.dns.nic.tel.
+tel.			172800	IN	NS	ns4.dns.nic.tel.
+tel.			172800	IN	NS	ns5.dns.nic.tel.
+tel.			172800	IN	NS	ns6.dns.nic.tel.
+tel.			172800	IN	NS	ns7.dns.nic.tel.
+tel.			172800	IN	NS	ns8.dns.nic.tel.
+tel.			86400	IN	DS	46924 8 2 3F708AF9FC2D9FA7E09AC99FA19BD6D1B4B0F3F5D95DD06BA2DC95B0AA2E53F8
+tel.			86400	IN	DS	48802 8 2 4A00B3F46AD973780B87F241360DA0B79481B257410BB68A923FE887087BE139
+tel.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . GYGfySMSdIaxWKLUpgof9FWStsl45sIofcxWuxZOzbxki9iRkj9DfL/3DhSb0eFTzsGEJsk7P/66sNHt5OHKd+a3ZqIN/poMtDsmRZheatezwsCrdVrf9JYfGOlnTtjwjRu2N8zWwZpjsyxF502Zgxrb5nPlzmVwENMv8lz72RdbSYNm6HLpVm7M5g0ecn1Wt90Jj890Q/2FFYJAV28MVQWDJELt3mHy2HcXjv5GwJaywVulAXCXiCNd5H7+m9V10OvW5evKT4TN6cB1CuEetOK7e8+Rg2XmOBRXX7+LBmDVZCl6TdYvwNLNVh15jJQNpOK/OBeX2wwt+DJZKZ8wzg==
+tel.			86400	IN	NSEC	temasek. NS DS RRSIG NSEC
+tel.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . gmEqQc/ZpX4aqTQ5QiIu+J79YLH50I57vfoCu1kyu5C3Plz55TXsZ5KSsjGkHAO7drFRxcYsyc2rKDVj0kIXUAdOO6qXUA9/bHpaTun55y/544VaIjC2LNwCThO+5kf52MQB2tVgaYvx2BU0IjuoprXCE7aytXrKDsCLHVmddi1X5m5KetuZ9bJTLjCXC4EN3zGf5j9ZRyBjg3Con5KVuEU7QQ6DfQk7p9/xiU1slKvD4cP54z3GrGV8N6ExpXrFejZETmCZ0vasxzr3x1if8HgmANaFfnatL5xg0lRULq9w5Vv3K2K3X2v+K9yxXe6eTjKyKVrySqpRW5EUi7FIRA==
+ns1.dns.nic.tel.	172800	IN	A	156.154.169.10
+ns1.dns.nic.tel.	172800	IN	AAAA	2610:a1:1071:0:0:0:1:a
+ns2.dns.nic.tel.	172800	IN	A	156.154.170.10
+ns2.dns.nic.tel.	172800	IN	AAAA	2610:a1:1072:0:0:0:1:a
+ns3.dns.nic.tel.	172800	IN	A	156.154.171.10
+ns3.dns.nic.tel.	172800	IN	AAAA	2610:a1:1073:0:0:0:1:a
+ns4.dns.nic.tel.	172800	IN	A	156.154.172.10
+ns4.dns.nic.tel.	172800	IN	AAAA	2610:a1:1074:0:0:0:1:a
+ns5.dns.nic.tel.	172800	IN	A	156.154.173.10
+ns5.dns.nic.tel.	172800	IN	AAAA	2610:a1:1075:0:0:0:1:a
+ns6.dns.nic.tel.	172800	IN	A	156.154.174.10
+ns6.dns.nic.tel.	172800	IN	AAAA	2610:a1:1076:0:0:0:1:a
+ns7.dns.nic.tel.	172800	IN	A	194.146.106.38
+ns7.dns.nic.tel.	172800	IN	AAAA	2001:67c:1010:9:0:0:0:53
+ns8.dns.nic.tel.	172800	IN	A	192.36.144.116
+ns8.dns.nic.tel.	172800	IN	AAAA	2a01:3f0:0:300:0:0:0:53
+temasek.		172800	IN	NS	a0.nic.temasek.
+temasek.		172800	IN	NS	a2.nic.temasek.
+temasek.		172800	IN	NS	b0.nic.temasek.
+temasek.		172800	IN	NS	c0.nic.temasek.
+temasek.		86400	IN	DS	35989 8 2 225862860C611D932591E3173CA1FF2A1903716878EE30981AB59E1D179570BB
+temasek.		86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . ZfkRW4Xs4aJohr/vq7EppC58l1VTCnaT5acstolNbGCCy5Jiq+PAAZDezO+b90gtzLXySFBqfYOL5IAXTNz+hV3up8PTNXMS2sd4nPqmUUncINV/6obv0kNrvjVNqf1L754SRUYo+7/od73qcDk1Vsq3C7oDoH99WaRzNn6Pe0mRlh5oTAG74i/l4ZBJvO8b9T1XXUhnknEdXMTkUsub29SzF5Osv/wsxN/Yh4gU+5Nix7SfhBUBYJzZpZ+qKkn4fs0utPc+wyizNTS+djVdNs/zqyy6Exfe7ltfcBm1nmA5xklOunPwSaNcAqIGwc5v/kn0SMcfLRPblh4Lit9epw==
+temasek.		86400	IN	NSEC	tennis. NS DS RRSIG NSEC
+temasek.		86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . tNyICUQ6mGTURWqkn6rjQJutg1sUE7HemLA67irOZ00jzc7lSYBO2Wr+ORGMSJMWUxNfzZoVL/Alm0LqCiMopLULYry1IQEkdkcQBC9d/N7uLmmZAKA6zaAkjf/A1b8oW6gSRmIhI5w02AxHCHtjWKOooRnf+LFz05snV92TJqMFC2l7n7jRfl+IZGvLtdPcH+ODlYJe8wzw2TzSwvI5qn4TSZ5ewPUmAGA7fgrDoGkclsZlZx6THRzldhaHEi6v6tSCTF2IdETaW/SsPEpSRcRQRn43TSTPEUQGyeQMv01UWqynZz2zlCvkqOaAlXBuwjWbyL8Ys5QpdtAODAl4tQ==
+a0.nic.temasek.		172800	IN	A	65.22.140.9
+a0.nic.temasek.		172800	IN	AAAA	2a01:8840:8a:0:0:0:0:9
+a2.nic.temasek.		172800	IN	A	65.22.143.9
+a2.nic.temasek.		172800	IN	AAAA	2a01:8840:8d:0:0:0:0:9
+b0.nic.temasek.		172800	IN	A	65.22.141.9
+b0.nic.temasek.		172800	IN	AAAA	2a01:8840:8b:0:0:0:0:9
+c0.nic.temasek.		172800	IN	A	65.22.142.9
+c0.nic.temasek.		172800	IN	AAAA	2a01:8840:8c:0:0:0:0:9
+tennis.			172800	IN	NS	v0n0.nic.tennis.
+tennis.			172800	IN	NS	v0n1.nic.tennis.
+tennis.			172800	IN	NS	v0n2.nic.tennis.
+tennis.			172800	IN	NS	v0n3.nic.tennis.
+tennis.			172800	IN	NS	v2n0.nic.tennis.
+tennis.			172800	IN	NS	v2n1.nic.tennis.
+tennis.			86400	IN	DS	41695 8 2 30E59D10FA2E38DB83B8DBAC7CED28B8A1D6A6697B19B0B8EAE5F7CBBAF5D0D8
+tennis.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . POq8Mz2f7wHoqE5YjbB2WU6LWeOGujoTBePWudF9qv1TNoMI40TBWrwzrbpEG5BHjUhGg9medOJQrKEU9lzRkNfE2+1i5Urx4x3d4ewvTK82iPMX1y5QmtWqPEq+6cDZwlRQzyJnsvHUpovcj+k7T/bwszig2gDS9GZxhHQC9KdEstsKLCyDMSyHXLSERrvAhe26YG/DQyDUOITdmpRiNwmBKFz12HRuEgvJLYQgphPu/Z2pYvhrHv6sL4AHatFxAPQtP4kr+lq8VakKeqWiu7GOHSL4ry8k1l5idKkAkEmbVw5EHf1zfOl3apcf2t3ZU0t3YhiEs/6SCYQCkwSf6A==
+tennis.			86400	IN	NSEC	teva. NS DS RRSIG NSEC
+tennis.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . yXQuOFDzE5wdMn4LHzflHrLTJw1Hh+g6Huu59Ws2DnHtz/yayX1z3z1gSontFo5WhRKrJyBa35JYhRmZuoNI4jkxn/QlUPEHC2MJ78XAx9oEiQH69J9yZCLtSpUI9xuvipTKyMFkl9xVG7PSitetTCtxxkKfllrBgW+V7oN0krmDUdFdMFK7OrOq09ndcmX7+ySSPBd3AHzEeOOfTCusETcNSuuRHYf9I5f6myw/DspcXSj1Bqo3DVbWoSjP/I0KWmY3aNjALzoSK7nc2EVoUka3bRfPrAyLinUmX+HukXXOEhh4qyTT49FSw7ZShG+KRkKM4DTLeExqR15ye6+kSg==
+v0n0.nic.tennis.	172800	IN	A	65.22.28.32
+v0n0.nic.tennis.	172800	IN	AAAA	2a01:8840:1e:0:0:0:0:32
+v0n1.nic.tennis.	172800	IN	A	65.22.29.32
+v0n1.nic.tennis.	172800	IN	AAAA	2a01:8840:1f:0:0:0:0:32
+v0n2.nic.tennis.	172800	IN	A	65.22.30.32
+v0n2.nic.tennis.	172800	IN	AAAA	2a01:8840:20:0:0:0:0:32
+v0n3.nic.tennis.	172800	IN	A	161.232.14.32
+v0n3.nic.tennis.	172800	IN	AAAA	2a01:8840:f8:0:0:0:0:32
+v2n0.nic.tennis.	172800	IN	A	65.22.31.32
+v2n0.nic.tennis.	172800	IN	AAAA	2a01:8840:21:0:0:0:0:32
+v2n1.nic.tennis.	172800	IN	A	161.232.15.32
+v2n1.nic.tennis.	172800	IN	AAAA	2a01:8840:f9:0:0:0:0:32
+teva.			172800	IN	NS	a.nic.teva.
+teva.			172800	IN	NS	b.nic.teva.
+teva.			172800	IN	NS	c.nic.teva.
+teva.			172800	IN	NS	ns1.dns.nic.teva.
+teva.			172800	IN	NS	ns2.dns.nic.teva.
+teva.			172800	IN	NS	ns3.dns.nic.teva.
+teva.			86400	IN	DS	21292 8 2 2F66A0187371C329D36B36768E56ACFB62F8B60C8D17A7BB6E3CF7ED800F8789
+teva.			86400	IN	DS	46417 8 2 7E670079255665759E954DEF033D30AAA2DABB07CF77ECA7F27975FD03E0CFC8
+teva.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . cFoRhP/JaswQsnM0opyQbWKWqALaOMWGidBm/nAzVwwkdFdgoW/nP5F48gnPwViOhltXd4H9sm03goUpYxdrGV4cAX3cfc6nroHq7yDVPL11n39Ro5UO34k2idHL2EmeFXtsP8GtcABYOCv/2dKwv5C/hMWOOll5lQRF+vNVIoJowiIAW2/ehlrRxmNLQbYJArL6ZiZ5YJpSEQSD43OjeWxr60CXKEyOPBe7IwBQCWapx8+c8uJqNb+k6DDlRT5A1/pKPNWA7BwB/4OUitMmxdJ1YZpKQyQDC216wtn2tqUSFRjC9Zn00zizHBXftbbR6hgifSj7mwqG8/aMvPyG4w==
+teva.			86400	IN	NSEC	tf. NS DS RRSIG NSEC
+teva.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . ztyBb0lTgAJ/GD3Fvw0tuR8Woc+ltyz1qpqMzjY1i7q9UwGK2uSI8q6hSzFn1plDMhgs6YA9CwnK5+V28xo/Ug3dckGksuSRwHyKJu+77kCeQbpwLpKo39XKO3n23q8+DuOKdRLX0h6NuqBzJId8icEXhs/BKvjI593nSFovU9KiO37982Ino77F2gLWPMHI69jBG1A5PuVIbJU7TjF+NsTL1cH4w8Jju+tX1jqmI1IdZvTug/ryw/OJuvi15dB6ZHUstDtU2BItjVil13Md+ofWOVuzSfxKpub1N+kGHylZJyv6VRF0Y4oI2QjcpeIDyXQzg33iQxTX+JIXuzKb9Q==
+a.nic.teva.		172800	IN	A	37.209.192.9
+a.nic.teva.		172800	IN	AAAA	2001:dcd:1:0:0:0:0:9
+b.nic.teva.		172800	IN	A	37.209.194.9
+b.nic.teva.		172800	IN	AAAA	2001:dcd:2:0:0:0:0:9
+c.nic.teva.		172800	IN	A	37.209.196.9
+c.nic.teva.		172800	IN	AAAA	2001:dcd:3:0:0:0:0:9
+ns1.dns.nic.teva.	172800	IN	A	156.154.144.160
+ns1.dns.nic.teva.	172800	IN	AAAA	2610:a1:1071:0:0:0:0:a0
+ns2.dns.nic.teva.	172800	IN	A	156.154.145.160
+ns2.dns.nic.teva.	172800	IN	AAAA	2610:a1:1072:0:0:0:0:a0
+ns3.dns.nic.teva.	172800	IN	A	156.154.159.160
+ns3.dns.nic.teva.	172800	IN	AAAA	2610:a1:1073:0:0:0:0:a0
+tf.			172800	IN	NS	d.nic.fr.
+tf.			172800	IN	NS	e.ext.nic.fr.
+tf.			172800	IN	NS	f.ext.nic.fr.
+tf.			172800	IN	NS	g.ext.nic.fr.
+tf.			86400	IN	DS	12095 13 2 4110ABE221396D1A9493C5DD67140890E14C73D7AC0FCD67F4B60979E9881283
+tf.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . F4vKarwZJL6fcbzJpgO3nC/DoMT3L8bbvOMLIIH1aZX4liY8i6UEbZKSL0bHujUdQ5vgzo2juH/zCwAKW/YcUfPQ5Yzw2y6KE8giMBitKDYrW7wy33FWHDqMCD83MK5cjHkMxF0qRWheTAmVTF9sQz8r7vDHv5SxPfNSxWUkASMcBRXzIRgKpygOBbOP4wysUYnzgQOpAJHWwFQUdM1t+K+TAd9ex0C8UOMIC6p6POn9XQtrq42vcspkAh5qh7Py3QQz+LRqIcN/3POnz6KDgQbRk8mjx9IzUyhL+bMPpGwmOcYUq/7KFfBUwjzVi0AbjcVShJcSgrWFjRTeqWrhXw==
+tf.			86400	IN	NSEC	tg. NS DS RRSIG NSEC
+tf.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . qq3ghMjDcnwdwRGEaY647doDIj3mXHIctSbRbc3RLlgtHkZS0xAIoZQwuz6iKwLnwrKAvCoVB1Y2k2QOHt6cw8IgyazP/WCrwEu9ACP9QyAgYi7VHS9VqqOtUrP3PwsDsIxAAaTDb6hGnhrIdtajnpfixQdJt6WiVl9otEZGee360Kgeg0Pu07sn/W1zGB35CAxWCGq77zr7EQDn6g9NhjuZbUlxnO090d4BJtP/1kl3/SQBo+LmDxFybNcuopTQ3nqWHqlSucw68xMh3wtMjRqoGdkrhSP3GoLsGoC5d98JHnekhvs8mvKrUSRAnwwGxZhZHo+qriYDe6N4n3BRsQ==
+tg.			172800	IN	NS	ns1.nic.tg.
+tg.			172800	IN	NS	ns1.admin.net.
+tg.			172800	IN	NS	ns2.nic.tg.
+tg.			172800	IN	NS	ns2.admin.net.
+tg.			172800	IN	NS	ns3.admin.net.
+tg.			172800	IN	NS	ns4.admin.net.
+tg.			172800	IN	NS	ns5.admin.net.
+tg.			172800	IN	NS	tld.cafe.tg.
+tg.			86400	IN	NSEC	th. NS RRSIG NSEC
+tg.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . 1Ds4qiAqB+H7alRuuIcFuzh0z83bDhG2/V2YSVpLqcgOC+81leYiKAASL8tJ+Be0fCS4VmK1lHS8x63gMwhVibAk28auZUDRC0ae+Mu5+eM6BzSeVtC10EIvr5CZRUyLhzKbnTv6MI/JrTJ/pZFJ+WLCrYw29S5b20S7MZVrrg9ziYf6Dn+KJRo69YI8BrYXLfPWxTZZqAwUGk9JPN7X6tMH6w7/QNfUwFdQyrKbbHZ5UT0NdEVIO7+TOSmK37i0RsAa7sMYE2aWTFbzCUWJHipI+3v+p2LLNgSZJtee114+UaJ0oPDre4GwUPxp/YsfGyBsG+GCiJ2ZI5LNblE24w==
+tld.cafe.tg.		172800	IN	A	80.248.64.20
+ns1.nic.tg.		172800	IN	A	41.207.188.36
+ns2.nic.tg.		172800	IN	A	80.248.68.12
+th.			172800	IN	NS	a.thains.co.th.
+th.			172800	IN	NS	b.thains.co.th.
+th.			172800	IN	NS	c.thains.co.th.
+th.			172800	IN	NS	p.thains.co.th.
+th.			172800	IN	NS	ns.thnic.net.
+th.			86400	IN	DS	19117 8 2 E26BF35F73234AC50C600632FC717AE491F4A8B4F662FB29234F5499ACFEBF64
+th.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . mVMKlqvEf6plpsEu0GIhuCg1F3vVe/O0RuTnRRN7JE2SwjRWXmmvmk7ntJ9tszn5VKLiRhyB2BD0djfpwePRldpcYtG1R6qAwtOonARXjLN6dF4QqGvZ2HVVHBWW5JGYbZc9qzEW06aDtoyLSvK1Eogv3fnuaqrovulUo7HT5e5aqczImxxfEriQ/aobU9UhtKKC4f5OIV0Qd4+Gt5DlEFxW0nY/dZ0G8F9UXQXnyk72k8ZGyHCH1VX1UsVrR5aGIEq7FDVIM/321um+aIdDC//8Uud5Ftlz/HppVX5mPY8TUkqIh+XxCMJz0n2lOz2L2H8DlqDdCVXk7U0Jh+sYjQ==
+th.			86400	IN	NSEC	thd. NS DS RRSIG NSEC
+th.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . Cz1dJw2NlshUtpL3/cWOvFGphUi6I2EN9mw12IW1u9PsGYeY4qwd+LYz3LR9CKYqZ8f/n1DxYcSdh4OP39kw5NL9gnw7A3yqyCi8ZeKTTfXMv0uaSoB9A6k1x4dnDHhJi168fYV0ShOfKh6bZbAijvD/e+9ozZav6iiRN+T4N5Y/O3E7lIMSwANtvNWS3v74Tjjavnf4RHphzDYVK9jsikvg0T1PU73U8Yi68IOBUdUi39I/AlPUoTzt6Ro4F2l8PoWUKiZwPaE5d5Xc4USUxn8y5stjBdP5RuEUO3u+BVzq0o3knEUqtAFGjzdMaE+Y9atKLoI0U7U68uE6BkS4sQ==
+a.thains.co.th.		172800	IN	A	122.155.23.64
+a.thains.co.th.		172800	IN	AAAA	2001:c38:2000:183:0:0:0:30
+b.thains.co.th.		172800	IN	A	203.159.64.64
+b.thains.co.th.		172800	IN	AAAA	2405:3340:e011:3000:0:0:0:30
+c.thains.co.th.		172800	IN	A	194.0.1.28
+c.thains.co.th.		172800	IN	AAAA	2001:678:4:0:0:0:0:1c
+p.thains.co.th.		172800	IN	A	204.61.216.126
+p.thains.co.th.		172800	IN	AAAA	2001:500:14:6126:ad:0:0:1
+thd.			172800	IN	NS	a0.nic.thd.
+thd.			172800	IN	NS	a2.nic.thd.
+thd.			172800	IN	NS	b0.nic.thd.
+thd.			172800	IN	NS	c0.nic.thd.
+thd.			86400	IN	DS	16237 8 2 A2B1E70EC2A5831A069B94CCF9B39E547CD9A351055EA87F4B74DD99F7B061E1
+thd.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . ssdx9keeVgxquKj74a2CU5xX2OcAwwH3yO68J0sSF0m+YtIYG75KH3rFal+NH4GbOm7H9cWavgdGEpS1oNcKsA/FaJBEslip+4cyuFW2j5L5a23H7UEoi1jA/XAzV2gLN88v2WczthJPNi/VPxbUE40Nv8OAveK+kuJDTxM52iRIBiliZKe8+sX+UmXKabN7FfAYVQSx3v7g83B4hdzezaKz8R/xWtJ55JVyLHSj0ToP/X+PeSrgyCbwA5j4R+Jsn0y/c5UNw49o5UoGmrenxwDeOa/3MdscXTXKLigFzOsk56UmA4hQxIbTEALRTQwT/7Ugphu/TIgJNBTqtjrgZQ==
+thd.			86400	IN	NSEC	theater. NS DS RRSIG NSEC
+thd.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . 01pjB3KzACNupmDuQQr9YqWPYYXoKE+uboLvBC7OguUwd70QiFd8GN0PI7+k8amPRn1i5uzICd8FHNRqzZZy3BlBAZi5pAkpK/hpZnugKiBHHBxHiatcAyKYBq5SsEhbHX091ai/gLWpbbxc4aMhqlxagKYzfpuGrLLFBXBn2+UN5YNSTFwaOAzQbcNl4MzzLZ52aJ2qqL6scTjotc6LKtqAQXIgFExQ2PHfn5XL8eshEI9sONe6QEfYM3+tVnxrlq4MVrgj7OT+8BJSfJ3jlwTQ0l5ffcNs9odu+HgjYf/qA/N8RYmCYIYlDAx24iZEYNX+g83IxxHw6sKFANrvQA==
+a0.nic.thd.		172800	IN	A	65.22.192.9
+a0.nic.thd.		172800	IN	AAAA	2a01:8840:ba:0:0:0:0:9
+a2.nic.thd.		172800	IN	A	65.22.195.9
+a2.nic.thd.		172800	IN	AAAA	2a01:8840:bd:0:0:0:0:9
+b0.nic.thd.		172800	IN	A	65.22.193.9
+b0.nic.thd.		172800	IN	AAAA	2a01:8840:bb:0:0:0:0:9
+c0.nic.thd.		172800	IN	A	65.22.194.9
+c0.nic.thd.		172800	IN	AAAA	2a01:8840:bc:0:0:0:0:9
+theater.		172800	IN	NS	v0n0.nic.theater.
+theater.		172800	IN	NS	v0n1.nic.theater.
+theater.		172800	IN	NS	v0n2.nic.theater.
+theater.		172800	IN	NS	v0n3.nic.theater.
+theater.		172800	IN	NS	v2n0.nic.theater.
+theater.		172800	IN	NS	v2n1.nic.theater.
+theater.		86400	IN	DS	835 8 2 1F2F456AA1F487103616FE00B21F4C6B8238213F5FC85401CFE49DC4B4C2DA10
+theater.		86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . fGfY+TI+j9KLi01m7oEm60J993SipI0uNsP/C5KG5F8WNnpGTaAAiatqBOpm2fuheQLhLVy0tqtvDLN2ae8XQd8GpexQPcKA+GI8x+PgQhISm40LsVRTHWN2h/51t3jem9B29HIn1F2T0M2xewpBosFq+xlLsZFVBjwFvpYPmI2p189VnvBlZo3hlEHw/MRDQko12v/61cjJHdbjwI8Au4UUdUAPn1n002oW59+XFE96Rekc/8eeuFMLMliCOP5bVVge5JQ7ogKKas4fOpM26sGEXxYFHZQPCbn/n3qjYzL4h3A96L+Q5lrq9sN8LddkOGmXB950sPWvs5/piiXcHw==
+theater.		86400	IN	NSEC	theatre. NS DS RRSIG NSEC
+theater.		86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . RTA8yRb98BjoUDLM0PPcUkz9yBIMjaETKf92WSpjksBAOrAcZ5KTOxmOMRWO4keSvVt5C9kxNVfsSgunVHDtDH7P+vePfAiIOHh4aPZJjlBUe5EhbLYakTz1hg27Y4QYqw2Q9Ud1sVD/BGN34beNVLZPGsuKwJbv7bK9mWZaxp1obRFqh1Uht6VYJ/9HeRUcR9nT5Q25n9ZCNHtr6zOcu1gxfssvo8uFhcdzAN/XbQ43dCephigQ5sZt3lKvRt6OA+m/44eqc8hIB+CWuaoIV/So3wIRhX3CTAhHKTvbVD3ZdeZ3z4p2OIkBqYb/XrrSdk9WZ2AFv8ncL3mtYPqKiQ==
+v0n0.nic.theater.	172800	IN	A	65.22.20.64
+v0n0.nic.theater.	172800	IN	AAAA	2a01:8840:16:0:0:0:0:64
+v0n1.nic.theater.	172800	IN	A	65.22.21.64
+v0n1.nic.theater.	172800	IN	AAAA	2a01:8840:17:0:0:0:0:64
+v0n2.nic.theater.	172800	IN	A	65.22.22.64
+v0n2.nic.theater.	172800	IN	AAAA	2a01:8840:18:0:0:0:0:64
+v0n3.nic.theater.	172800	IN	A	161.232.10.64
+v0n3.nic.theater.	172800	IN	AAAA	2a01:8840:f4:0:0:0:0:64
+v2n0.nic.theater.	172800	IN	A	65.22.23.64
+v2n0.nic.theater.	172800	IN	AAAA	2a01:8840:19:0:0:0:0:64
+v2n1.nic.theater.	172800	IN	A	161.232.11.64
+v2n1.nic.theater.	172800	IN	AAAA	2a01:8840:f5:0:0:0:0:64
+theatre.		172800	IN	NS	a.nic.theatre.
+theatre.		172800	IN	NS	b.nic.theatre.
+theatre.		172800	IN	NS	c.nic.theatre.
+theatre.		172800	IN	NS	d.nic.theatre.
+theatre.		86400	IN	DS	45196 8 1 ABED901A738D17ABFA754E304B6E1C0C9021AAC5
+theatre.		86400	IN	DS	45196 8 2 530B10CE5CC67A1F4C6E5F59BF28E851426B9D6991233203E42A8970BD9A8011
+theatre.		86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . 0IxW1sxbTvYWDA5+FwbSIx6O3V80ind6hREe+Xb5x8lIoNrGNRlIdqdy/g3Co2jcCFyKA8RYJO1kiB14nkE36yshYhUAj1ZQMPUD0BqBuPT9r6S6SdZiVWVOrtectwMiZbkQO1sTcOM3kszXR+cI89MOgNVPCAo125rpbVzJj3XhM6Cg6t+MZv75X9tdw/nYRSdg5IelHPTodnP5MIVXlzsdPRNN5NwVtwNX80zWi9ZKuKAMxOXgcWHwb20dg+Xb+HLTozTKINxprgt6ewCERdLL6ZZmafVMUaMKjzD83wt47ONONFTA6GHsmro2Qysn6WaikdLW8YcQ23uVL+FisQ==
+theatre.		86400	IN	NSEC	tiaa. NS DS RRSIG NSEC
+theatre.		86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . pK7ucLWBsNCV0NxeAgv1yqd8fuMhXtOOKo+Ga6S872wTZDVoDS1wMeYP6fm6TnGo7/zZ0MZbvf4NDQq1S/mAmGsnOXVbytLMRGUgyaGqY8r53OJ2phopyw/uy4csjDMZKFY3pjaxDAOHtL8B0DkHW3xYYAJf7DNAZuSSg1T9tJMvYyS+TDvxAuTByNZKh5WRnsHt77Gw2LswdMrQfasFjLPOU1iHglZa3NW5XwF2n3W64o56x3uw32M0QgI+uGMCYMooQ5yr4HNjxAcIgHKz7ehrStsYBWp096o52ekK2ZU+7bawz5dFQYE1TcYWzp+IsFttPYq+L4kgiRH9lcbAHA==
+a.nic.theatre.		172800	IN	A	194.169.218.69
+a.nic.theatre.		172800	IN	AAAA	2001:67c:13cc:0:0:0:1:69
+b.nic.theatre.		172800	IN	A	185.24.64.69
+b.nic.theatre.		172800	IN	AAAA	2a04:2b00:13cc:0:0:0:1:69
+c.nic.theatre.		172800	IN	A	212.18.248.69
+c.nic.theatre.		172800	IN	AAAA	2a04:2b00:13ee:0:0:0:0:69
+d.nic.theatre.		172800	IN	A	212.18.249.69
+d.nic.theatre.		172800	IN	AAAA	2a04:2b00:13ff:0:0:0:0:69
+tiaa.			172800	IN	NS	ac1.nstld.com.
+tiaa.			172800	IN	NS	ac2.nstld.com.
+tiaa.			172800	IN	NS	ac3.nstld.com.
+tiaa.			172800	IN	NS	ac4.nstld.com.
+tiaa.			86400	IN	DS	9186 8 2 5214D8971EC4DC7CD349205BCB13F84D4446AAFA4D87D07C8C5443A180741FEA
+tiaa.			86400	IN	DS	14185 8 2 14D2BA968E8BDA466149FEBEC577C50ECA9CB7759996FA762A5F8081C424B825
+tiaa.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . CmC9P3f3AMN8DrpQSmBClXaXpQbiZWkyxA4IVdaEQ5gzEQl3aLeCMX2UyEM9pyrDFanqJ3ed9nWx8FQK1swdp/g697nQ3skFDUwfRMC/1H7UHjh4JRqFrdCzZcmQzBYaX5naUShWH8Wkb/8SSUF44Yb7UccYXGfsEsrva0jrjgzADTme9Amz1tfQH7a/7GHzAcoYfM95tTHXD3Rwwnqgb01FHUFlr6bDg1L0+8ASZc9yNms1pZx7Zko7Zf4pMOpQHca7ggJkimgHyaReuIfYdTIkyI+CbrhXHjfj3/tQCAo/xLrAeVm5Fr1wQH4FpM0GFpyCRiJ91W6My42e/jLiYw==
+tiaa.			86400	IN	NSEC	tickets. NS DS RRSIG NSEC
+tiaa.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . OmCFuzJWxIY1XXZGPwdCUKuFsM9tDb0TTlxZiP6zigzJPsl2CA3asjBmqwJGzQmRG7OS1reygagUkjQ5LwO3BWQn1L2f2N7FAAhUZwcQlLVRJAJZJGqYkay1aRt+4GpWORVZpPq9XlfVXxAYSvdZTeJHs6fjR0Qo9X1oHM/GWvenHrHt3P1ITbLJDasjldBZ3IYoQca+OmAVkznnUfZo3zXHX6CcbsU1iIBjHG6uv8ZxfoHL9IczXTu+g0tmxqrbOdg20qPbQ7pSbAEITIbyxVqLsVc/Fe7g1jX2xSR6FKMc/l1i92i6RClmZ2xNnVVgqol0W1HRA0aA1E+s1WMe2Q==
+tickets.		172800	IN	NS	a.nic.tickets.
+tickets.		172800	IN	NS	b.nic.tickets.
+tickets.		172800	IN	NS	c.nic.tickets.
+tickets.		172800	IN	NS	d.nic.tickets.
+tickets.		86400	IN	DS	11069 8 1 EF9659C10A6FF3B9259F2DF0CF7D36ECA515C8F0
+tickets.		86400	IN	DS	11069 8 2 5D58D40B472461672340583B4865540A52BFB551CA57663B22084E554D09532B
+tickets.		86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . SKTQR3THe74Gcg7ck9WiA8tDmSIW49gBRqAIDJmConoHMMHXOQLl7a+BFOYmVjtL3tYUuQ5r4Txhi4e51ETSHkCSZHcn7hqaYgwfYCoCu92iZLqtPw9ytl04JAnwjp50VOwxZV4eGXAXy1PcxcY5uikIT12c0620EXnY2myTLuc9F/Q/tbHzpEOUrBV24HNKLkdNT8oPietKCku1W6IrwsdfBlJ2eD6+KfIsnZTOMh1GbZENuIqIUWd1VgtLP0erK10ol/KtMMHQaoEmB0bFVGxcQhauew9JvZwAMYgo9R4AHeol76TT2yVvJ78oLamXVyUF0HDok5WutJAUQx+w9A==
+tickets.		86400	IN	NSEC	tienda. NS DS RRSIG NSEC
+tickets.		86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . t8JqoeyOzHzmhGFUuCLZI9pKxIGWpHhJHOYk7QGQDlVxR3d/tgmNx78otMpIBKjI8tOVH12jI4UnWIzDMtdm/9quasaDsQtbvFeQAqnCK26TgYTSYdQNEoKNWV0ytLgSDYkYGFNiWE54QJTYyqJqEnPORBouL36TsiyHkhoF9Meckl0Cl5N3Mw5/YVO3oQnQkALwJMRPry6jklaC34BZSkQTSD8z2PjsChPiQu7DXA2BTEyozCNHytm6A84F7QeFVA3BItw9YnNA1SU8XIx0z2qBwLnl2YvhUu43DQ+ccJxJW9Xzj4Csf7A99SQhZG/2BmY03qibanKOXZYa/yB8ag==
+a.nic.tickets.		172800	IN	A	194.169.218.58
+a.nic.tickets.		172800	IN	AAAA	2001:67c:13cc:0:0:0:1:58
+b.nic.tickets.		172800	IN	A	185.24.64.58
+b.nic.tickets.		172800	IN	AAAA	2a04:2b00:13cc:0:0:0:1:58
+c.nic.tickets.		172800	IN	A	212.18.248.58
+c.nic.tickets.		172800	IN	AAAA	2a04:2b00:13ee:0:0:0:0:58
+d.nic.tickets.		172800	IN	A	212.18.249.58
+d.nic.tickets.		172800	IN	AAAA	2a04:2b00:13ff:0:0:0:0:58
+tienda.			172800	IN	NS	v0n0.nic.tienda.
+tienda.			172800	IN	NS	v0n1.nic.tienda.
+tienda.			172800	IN	NS	v0n2.nic.tienda.
+tienda.			172800	IN	NS	v0n3.nic.tienda.
+tienda.			172800	IN	NS	v2n0.nic.tienda.
+tienda.			172800	IN	NS	v2n1.nic.tienda.
+tienda.			86400	IN	DS	18877 8 2 8A24A050895DB01A10AA65274B30E9DCF130A48499F4E24659488430893DE7E1
+tienda.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . z3QoHSdJwYkuK+fojWRYOTw2qSRyHIdY5tQBVe1E69b9ukC0feeim4p2srLwobtXtFb+Feg9CiyD8hh5Cv/oVw/xtS9t6sk5JeSfjOhn06dNk+14u3n5kDodLbGlF+nwPKjrnoUNLpTexIZPTImke4SfRf0E1ExY2/kIPkWDyrLqFbv8fzr3spRXCUq0CpNLYgq5qGoEYvuEQRXemw34GFBCEPedjmsQoN/zRuITRSFDVSy9JTM2MwsrEVk3i7duETaEFxP7UwZSgkHRFqPPNUJCu6SS32hBePEbVIENxpRZ0KgiySPbFEb2j/Sl9JkOjZ2QpHGlwpxCl9MrveX4bw==
+tienda.			86400	IN	NSEC	tips. NS DS RRSIG NSEC
+tienda.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . QQPALsNbSFflpMlGSbGo1Kdmqx8iN7qczwAb/08ITf7TkB/iUW5wuOQ6v13yH7gSRQ+vsWvsma+wXmJd6hUoc7jobaNXowM14350npXkaeZwB+HewUsD4IhGbNxEaT+Xv1Z0WJOeqZ35zn3swF80w2WNFJCBS4eMWyC3WdkbGz4tbUwkEscygIQL6GgYAPhkVxYkUavOW9m6SmgJsLikB6lV8UNMFrkcGPUjczpeKDeG8g0W7FcetXbHKjOvfsIbBLNBcRhJ2Xmtdea/wPKwxjuR70q8AmtYCrxjY4eulpttGywmpSgNrtqtQp2eSU11DCZZj63dKBSY3nXWO3YEMA==
+v0n0.nic.tienda.	172800	IN	A	65.22.32.29
+v0n0.nic.tienda.	172800	IN	AAAA	2a01:8840:22:0:0:0:0:29
+v0n1.nic.tienda.	172800	IN	A	65.22.33.29
+v0n1.nic.tienda.	172800	IN	AAAA	2a01:8840:23:0:0:0:0:29
+v0n2.nic.tienda.	172800	IN	A	65.22.34.29
+v0n2.nic.tienda.	172800	IN	AAAA	2a01:8840:24:0:0:0:0:29
+v0n3.nic.tienda.	172800	IN	A	161.232.16.29
+v0n3.nic.tienda.	172800	IN	AAAA	2a01:8840:fa:0:0:0:0:29
+v2n0.nic.tienda.	172800	IN	A	65.22.35.29
+v2n0.nic.tienda.	172800	IN	AAAA	2a01:8840:25:0:0:0:0:29
+v2n1.nic.tienda.	172800	IN	A	161.232.17.29
+v2n1.nic.tienda.	172800	IN	AAAA	2a01:8840:fb:0:0:0:0:29
+tips.			172800	IN	NS	v0n0.nic.tips.
+tips.			172800	IN	NS	v0n1.nic.tips.
+tips.			172800	IN	NS	v0n2.nic.tips.
+tips.			172800	IN	NS	v0n3.nic.tips.
+tips.			172800	IN	NS	v2n0.nic.tips.
+tips.			172800	IN	NS	v2n1.nic.tips.
+tips.			86400	IN	DS	47965 8 2 F7855E0B7ABE74AD44B19DBA63986F47A496E1B7DD37FFED2BC2C2499DA4CA72
+tips.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . CSNqL6T/DzMBdrzFl3DH5m3ECHazkeRv/P7KMVLZCoew0jkfP/ZmQor5cEakJA0u63VvIqiJnlaTX3SbgEiI3aQJzomCNvItRJavrzBlZYvglMmWF3OuVMcDXPclzMSMwCys09zDfSagRu31tudBo6Eiv7URz7rzXVuVxYQ/iNvXYP2FJpBp86xXMIx3fE4x857KQnH65fniotoINeCGicWcWvmw8Bn//+JYZZjyjTQO3stXq2HrZZgL578MQ4aXTy8tSseXlNDPsgvSyHMix0/Dk2HF7eJ7ddrlM6j72q9RHd4MyBxSjTVCd2izvHjAlF6orDk4bLaLi2hmgmAvsQ==
+tips.			86400	IN	NSEC	tires. NS DS RRSIG NSEC
+tips.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . dfU0r/coBeGb/fw1TSwQI9ZVpLhhxsDx81emwxlkYIWTHs3QQhW5XSx5z/awjPODCgDt6aKxm5QfH9y+dUBQWRKuZI0dMHcQo9zbHni/Po79DuJYiF2xyqmA8fXV03i4VbhVgfafTTbZ/M8gYSTHB8TRxZRrqYglVIlj9A7MAjxqQOyP4OAfdo6FQ3pGSaEd7pz3Ldh1W8Zksqjsyie0MmfLGv20WJu30is+ju8bb0keag03/t+S/jMGikQHEXzs+UfqStO0SfKRwdgl7Nwxob2ZkQf6p3z5ZORjYrqhljqEPTS6yxW2ybDF+rQ/3ZH+deCDtBQpcQZi2MBMBjv/zQ==
+v0n0.nic.tips.		172800	IN	A	65.22.24.5
+v0n0.nic.tips.		172800	IN	AAAA	2a01:8840:1a:0:0:0:0:5
+v0n1.nic.tips.		172800	IN	A	65.22.25.5
+v0n1.nic.tips.		172800	IN	AAAA	2a01:8840:1b:0:0:0:0:5
+v0n2.nic.tips.		172800	IN	A	65.22.26.5
+v0n2.nic.tips.		172800	IN	AAAA	2a01:8840:1c:0:0:0:0:5
+v0n3.nic.tips.		172800	IN	A	161.232.12.5
+v0n3.nic.tips.		172800	IN	AAAA	2a01:8840:f6:0:0:0:0:5
+v2n0.nic.tips.		172800	IN	A	65.22.27.5
+v2n0.nic.tips.		172800	IN	AAAA	2a01:8840:1d:0:0:0:0:5
+v2n1.nic.tips.		172800	IN	A	161.232.13.5
+v2n1.nic.tips.		172800	IN	AAAA	2a01:8840:f7:0:0:0:0:5
+tires.			172800	IN	NS	v0n0.nic.tires.
+tires.			172800	IN	NS	v0n1.nic.tires.
+tires.			172800	IN	NS	v0n2.nic.tires.
+tires.			172800	IN	NS	v0n3.nic.tires.
+tires.			172800	IN	NS	v2n0.nic.tires.
+tires.			172800	IN	NS	v2n1.nic.tires.
+tires.			86400	IN	DS	21502 8 2 6DB31BF7D51A54D4C5179619A31D6256747D09B3B4788B6A82C61841C20ECEAA
+tires.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . LDtz4S5mSgXR72CeNFX2WOj7hGXbDsa/MOx37M0yaM4coSHnstWcVwnq7i/j/W8JKvGAh0Mb4vnkDQ/lVJnWNyA9vhyjFLlVPGD6qjs+D4yoruu0r0njIdvp1K5rfAueE/HmNjjLxN1BZwOcWpIYkVdJrwNyfDgE2KkU9BDPJ7bZP0mFhy+S3mIXRmoaQNrUu8wRoDg3PaJ11KBxOq6NvDtO/gN/lS7C0ZGY60g8KncdUROxGoWudQH+t1o08l+vxN4/28dr1ofnU8deEemprTtuWUemJQOIIp1gJUrwMFMRzrDiHO3pt7MF/iW1/MMbPie8zHDo2ke6WyjIwnpH7A==
+tires.			86400	IN	NSEC	tirol. NS DS RRSIG NSEC
+tires.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . SkmxJYHSKuesp2MOjWlLT5p9eTCjV+kR1vyeZMImZqmIdHn5UqMJgZcuvLrj0gfEuYtU6UwFvp3EYyECo5jxcchTyGcjgTu/0mkAPgsCi7qYFsQcEIr/L6nmcbUZtMuOH+PMGSRZWeJCyZ/efFm7iFHbY+0Y7UaOMRO/5c9+aH6AH2LUtFUcDx5JdiX4HGmuBRhOsKFALC4Wrm/niYRy/lXBFAWsIBLHdKYdG2p4/hvyGB3GarmX6e3732sJJ4F+0pxG86G8fl2V/jIX9DTKkdhzIVmbLtRsfQqBh/C2mBVq0ksOeSusx8sEaNxi57MN2mr2AXUVLUNInm9vePP5EA==
+v0n0.nic.tires.		172800	IN	A	65.22.24.64
+v0n0.nic.tires.		172800	IN	AAAA	2a01:8840:1a:0:0:0:0:64
+v0n1.nic.tires.		172800	IN	A	65.22.25.64
+v0n1.nic.tires.		172800	IN	AAAA	2a01:8840:1b:0:0:0:0:64
+v0n2.nic.tires.		172800	IN	A	65.22.26.64
+v0n2.nic.tires.		172800	IN	AAAA	2a01:8840:1c:0:0:0:0:64
+v0n3.nic.tires.		172800	IN	A	161.232.12.64
+v0n3.nic.tires.		172800	IN	AAAA	2a01:8840:f6:0:0:0:0:64
+v2n0.nic.tires.		172800	IN	A	65.22.27.64
+v2n0.nic.tires.		172800	IN	AAAA	2a01:8840:1d:0:0:0:0:64
+v2n1.nic.tires.		172800	IN	A	161.232.13.64
+v2n1.nic.tires.		172800	IN	AAAA	2a01:8840:f7:0:0:0:0:64
+tirol.			172800	IN	NS	dns.ryce-rsp.com.
+tirol.			172800	IN	NS	ns1.dns.business.
+tirol.			172800	IN	NS	ns1.ryce-rsp.com.
+tirol.			86400	IN	DS	49289 8 2 79FE828514049FE47CF888BD5BCC827503356C085951AAF089894C61C28F7496
+tirol.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . xuau4vtlNRXPoix7EQMtIRJdzh5DFy6sT6tUBEOp0fA5AZcA6B3ytaPeYh9+dkUlHIJ7mYg7v0wrUY3a+WelRLp3fpA3NZeZTQ8ZjNtLtvcXUfdPwM5V5vwdJowYZ7PQtBmScDWd49hUrJHuVqZmBg+LOU+suSm30tY6ou5KT9AgIhVOV7yufUq/yQ588FvHNCx1ZMRrfOh+o4YFfQqkQobzbJi8y1Y5WbYer1Dizy4LcQelO76E5VL+BetSjVZ34lPBMpyqESH+mzHoFonc4cKzaAj+9eoPgXCUf0gMiEr9mEufp5G1NJf18e9v/iyFGsPhy1abGcgLABZ24cnGmA==
+tirol.			86400	IN	NSEC	tj. NS DS RRSIG NSEC
+tirol.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . R8DtqgANPIJZ61b1bYBfAM/2rx7VlWKrZGiSqK2gsbTWnw9ZPgfZdRlhQE1FhVTK/MxVmN1otxqvndzUh2uyR495cUQkWHU3X87RDzb7JUAa66tG0i7GP2G482En3Ej6pp/V9EM1Q1TyEdyTYKlLEAB00Nq/TGGQaOMRIJ67fdo5sRE9dB/WBnX6obE+p+BXf9UfezFapSsMOUrIsIPL538L2Q4ZS8oGazz68VdyHqUffqjd9iakcNzgr7T2SL43DXdAryd7QxlGialq1VElx6fT9j0yrNqw5dzPQZuJfxmpCvvX6Gek8VZLQ3sR4e2umFuP0wE/Bhm0vjyERYy1RA==
+tj.			172800	IN	NS	tj.cctld.authdns.ripe.net.
+tj.			172800	IN	NS	ns1.nic.tj.
+tj.			172800	IN	NS	ns2.tojikiston.com.
+tj.			172800	IN	NS	phloem.uoregon.edu.
+tj.			86400	IN	NSEC	tjmaxx. NS RRSIG NSEC
+tj.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . JIe2o9sMkoy18BNx8q0E9AhNzBklUyt8y8f1DVSgzW6wAB6ctJFZPcsVp9+VzuTPUt2UiFW7MDLuKf7XlesssX2gU7mXRJjfdHDMdoI4H4PX+4rpUy1YgpZ58rImtfRGyHPW2x0mrgXzl6rKV1P8k2Ai3EQ4A0lo5I/eTvfoP6QC8ofNslweEfBfA3apobcfQjjncuj58Y2XemF9KsPVy7V4WlKrtPiqmYuPeX6Tl8KuAzU6xBYl+1MuqNIXgCsNzym1LGarmjnZBbvROsASShCYXmtCi6TQxxTJGhRRgorV3UQj2XFfkPxDbAB98wr5kLDzmQy3AG/rGNekCHs3yQ==
+ns1.nic.tj.		172800	IN	A	91.218.160.197
+tjmaxx.			172800	IN	NS	a.nic.tjmaxx.
+tjmaxx.			172800	IN	NS	b.nic.tjmaxx.
+tjmaxx.			172800	IN	NS	c.nic.tjmaxx.
+tjmaxx.			172800	IN	NS	ns1.dns.nic.tjmaxx.
+tjmaxx.			172800	IN	NS	ns2.dns.nic.tjmaxx.
+tjmaxx.			172800	IN	NS	ns3.dns.nic.tjmaxx.
+tjmaxx.			86400	IN	DS	47464 8 2 FD4D33C7B820582CA00AA1191DF28406FF4AC867302F06CB5101F29F7F54C33D
+tjmaxx.			86400	IN	DS	52204 8 2 C70AB029DCCBDE228B1CF0784CDC44470B89BF5F603C560645B614CD33D3CA45
+tjmaxx.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . DDMDQwcnw+2BXsrocUtF+kMX7QTGW8gVewGJO6t052k0rQm7i0gY8ZGYQSKoWVfX776IdDsHVyvF0XOoTXd557hgz4s8NWV240/lVebXd082TBlwRHc9W4tW3upIA+KqBiP8Zp5YMdQnao2rueuQ0hsFBL7EnXUMcRzXxpPpx/0C0plKIIoJcD92YAqN40tG9w9HKmBjcTYhnIcRpWydyiJZOZm6+KUqBp/dKLoD2qZoqUBDHsUd2hmhalAVEAe6kuh1vzQEe2MKnjJFk9KbI6BDfKSSnjNs6FylPTopz6FWwiDTVbCkPrP60v5/dMh9AOfmHnpc8U38zZSZVljxbA==
+tjmaxx.			86400	IN	NSEC	tjx. NS DS RRSIG NSEC
+tjmaxx.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . Loj3H4u4k6eoGFWBjo3D9Zm+gOKjR49HZF94XLQJVjrOpJ7pdX88FYYMx//8KwRJ7vCVlhnRb1bjwwKhbOFkyyTUhlvjK3qdPJADuN5R4i+XUWF2kkvRVFseLibQzxovBbjNahTaXNYgR1n38sKSRVg/p/UzMLiP3e759/4fKPGvhXYIgUupxqoj8t+FgDqKOrZdsozaf+yxejz4leTmdRtBD79VCFwEpf2ontegqtrMvm8JJ8oOoZIh2cWUsbjdDGAAIfrNOXz4owWDcus9QGFv4TqBHEd17A5PXOGzrjm+syO7v7KlpPtVnVzYPuKOMgn695cgh1PrzqzDKeSf+w==
+a.nic.tjmaxx.		172800	IN	A	37.209.192.9
+a.nic.tjmaxx.		172800	IN	AAAA	2001:dcd:1:0:0:0:0:9
+b.nic.tjmaxx.		172800	IN	A	37.209.194.9
+b.nic.tjmaxx.		172800	IN	AAAA	2001:dcd:2:0:0:0:0:9
+c.nic.tjmaxx.		172800	IN	A	37.209.196.9
+c.nic.tjmaxx.		172800	IN	AAAA	2001:dcd:3:0:0:0:0:9
+ns1.dns.nic.tjmaxx.	172800	IN	A	156.154.144.161
+ns1.dns.nic.tjmaxx.	172800	IN	AAAA	2610:a1:1071:0:0:0:0:a1
+ns2.dns.nic.tjmaxx.	172800	IN	A	156.154.145.161
+ns2.dns.nic.tjmaxx.	172800	IN	AAAA	2610:a1:1072:0:0:0:0:a1
+ns3.dns.nic.tjmaxx.	172800	IN	A	156.154.159.161
+ns3.dns.nic.tjmaxx.	172800	IN	AAAA	2610:a1:1073:0:0:0:0:a1
+tjx.			172800	IN	NS	a.nic.tjx.
+tjx.			172800	IN	NS	b.nic.tjx.
+tjx.			172800	IN	NS	c.nic.tjx.
+tjx.			172800	IN	NS	ns1.dns.nic.tjx.
+tjx.			172800	IN	NS	ns2.dns.nic.tjx.
+tjx.			172800	IN	NS	ns3.dns.nic.tjx.
+tjx.			86400	IN	DS	6334 8 2 009E613888CFDE218F0B08E676EFBAC926CBD6EE7A12CFC7B984BA18013A0C4A
+tjx.			86400	IN	DS	62626 8 2 C5299CA2E7E2344FA3FBE4E7AB6479704D235F4A8B0A628EA98E91D2F7670745
+tjx.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . sOegAJ906vEjtXr95GMSYXYIZ/wQGtrVi+Xw/JadQMmNnoN+Jqtekqi+bMSm4vFtWo+BXlcD84EVC2Mjf5nV6Xgt9TPZOt3VWxt2RYc4QKL1llkeJQVpHhpUzghodaZ3HweIa8I0MVLUxDQGS/2KEjfopCL/j36Q50GeKlLQc8soZdZRCqgdqLAGP8xH/SzTEs/VMbXt1U13n9drZ3tZtyCV+P6BjxXq7P5R0VFsY/jBmTMDFEX4hHOJJrP2A3O6ZEP7qmnqcM4+Fh+Z5CEUuEA+ASO//FAUk0pzOVnkwD4wfGR4SSL9oNZJ6G2wOl+6+QIS5bHjbn8PrmSoXCKBWg==
+tjx.			86400	IN	NSEC	tk. NS DS RRSIG NSEC
+tjx.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . UqAqAyDeJpl6hVfOMRNqnultD72Y4f8OECWrmtNPNM/UboS8st8ahNn1wEPih1ZQDBn5YsZ3RS9aDlJgiE7zSDFQJh7sFGgrXwP/mSxsM2ux5gqtIhMpNMbCd7bnSK0Y5CkZkvPqdSnklXbWTXa0ZTq4n41h31TOpqOl7SiVM9xXv6oPSjAOJGsMMy8v2scXxUVPd7W7JWeJEiYDq5ULl3MlhZOKkU2Fl1ipqmmzLWjxYG6THvDIVGnicEco+Jve+59JhCl5rxuJ2zG0NpjCRy+WY2eXTVK4cVseyLUVcoZZ/PqXdGgy45ibTKgkLXiMPyoC73mbZEGt8nEvFmTFxA==
+a.nic.tjx.		172800	IN	A	37.209.192.9
+a.nic.tjx.		172800	IN	AAAA	2001:dcd:1:0:0:0:0:9
+b.nic.tjx.		172800	IN	A	37.209.194.9
+b.nic.tjx.		172800	IN	AAAA	2001:dcd:2:0:0:0:0:9
+c.nic.tjx.		172800	IN	A	37.209.196.9
+c.nic.tjx.		172800	IN	AAAA	2001:dcd:3:0:0:0:0:9
+ns1.dns.nic.tjx.	172800	IN	A	156.154.144.162
+ns1.dns.nic.tjx.	172800	IN	AAAA	2610:a1:1071:0:0:0:0:a2
+ns2.dns.nic.tjx.	172800	IN	A	156.154.145.162
+ns2.dns.nic.tjx.	172800	IN	AAAA	2610:a1:1072:0:0:0:0:a2
+ns3.dns.nic.tjx.	172800	IN	A	156.154.159.162
+ns3.dns.nic.tjx.	172800	IN	AAAA	2610:a1:1073:0:0:0:0:a2
+tk.			172800	IN	NS	a.ns.tk.
+tk.			172800	IN	NS	b.ns.tk.
+tk.			172800	IN	NS	c.ns.tk.
+tk.			172800	IN	NS	d.ns.tk.
+tk.			86400	IN	NSEC	tkmaxx. NS RRSIG NSEC
+tk.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . KqiMzAbQz/k5CRIZqxJF+4DOHZWwUFRskJDV+3tb0ghmg2/liyDcYauLSmYNia0LMQKjNU29xgac+ajdovKAu4rZ9PrH/5EczsYxXOqda9qBGJ+VOw1xVDgIZVZsi+9nXt+4jP8lRUL1tPanb10StE24jdr8Nx4KuRnNm5O6v5qqkrZ/yJFiUIfCzNub3wFuxNLBt9Zui44YhuLFoBAoynHwJ5TB2uLvtHYOb2inoapgzuQ75ulKAqKMNRXfrS/7ZBXcSmpYe4HOOVf9KP0VSBZDalCHmJwkw6JixpXRzjx3ZFhao4zmoICcPNAwoLs4kCs1InI83vgUVDjHkR8s/w==
+a.ns.tk.		172800	IN	A	194.0.38.1
+a.ns.tk.		172800	IN	AAAA	2001:678:50:0:0:0:0:1
+b.ns.tk.		172800	IN	A	194.0.39.1
+b.ns.tk.		172800	IN	AAAA	2001:678:54:0:0:0:0:1
+c.ns.tk.		172800	IN	A	194.0.40.1
+c.ns.tk.		172800	IN	AAAA	2001:678:58:0:0:0:0:1
+d.ns.tk.		172800	IN	A	194.0.41.1
+d.ns.tk.		172800	IN	AAAA	2001:678:5c:0:0:0:0:1
+tkmaxx.			172800	IN	NS	a.nic.tkmaxx.
+tkmaxx.			172800	IN	NS	b.nic.tkmaxx.
+tkmaxx.			172800	IN	NS	c.nic.tkmaxx.
+tkmaxx.			172800	IN	NS	ns1.dns.nic.tkmaxx.
+tkmaxx.			172800	IN	NS	ns2.dns.nic.tkmaxx.
+tkmaxx.			172800	IN	NS	ns3.dns.nic.tkmaxx.
+tkmaxx.			86400	IN	DS	8737 8 2 96CAE3DD0D803DDCD31CEDE1B63D600D645CA9EAF67E39660E00D521CB16FE8A
+tkmaxx.			86400	IN	DS	46960 8 2 ECB1A09652906F084A1D362E599A9FCDB024F3E9382AC8DC6C3E47F6DD25FBD6
+tkmaxx.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . z34v245fAvYpnZOlOmcJWMk4vuhewAQv+kcbYJfZoPjvQGIypv3sPrYlt1yoNBKYRphOnRHTvKRNpK58bSY1RLkmJaJoqizUQ3PP++6gYIyEsunhNyA6Mh4r1jn/2gX2503m8rC6yFkY4VvO85K1PsUUR+Y6keB3mMECFNYCs6KMkrupSzcPNLEs/TILDuXCzbk/qmeJA7LyxBK1xUL+6caT2h1450rvpCnxJULjp+yss3AxH0UtH/ERG8vDxbyfNvEb0sO8gakoy/eVk8crxWGav0DEzknw7BB5A+juRlsg7UMWWvEUyljZJyeOggl9JrbT7iK2hvvVAD2i5NPgIA==
+tkmaxx.			86400	IN	NSEC	tl. NS DS RRSIG NSEC
+tkmaxx.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . Q3BkHBTtYLOn0m6PObXXoGo8n0GWKfehMkGlN1jNYEyKeiyGKjYsD4+d5ai7Z3uZokbkMrOc1VgwCQ2De5If/tXQ2cj+It+ZqMlHYKR7Diedg6brnkq3Bt/2Dx2bM2rZlkhrR1C5S/DcLYtNddJDpRLyBcfPbRt4L/hasNCv3P0eUcsFSxqyWARxFfNOhUgwsGxfZ36Ft+lwRR+QmWsy7R55maBG1dsg2gBWGXxJhnxRCoxmOZju0gjBMbxW3+YofQHpLDwmrh8G0EIhFmyzIArPZEQQUYrMIJuh/MtXmieSntiPzOYwef8pY01H4CIr1bx/fgmgT0DxMIqNZo/Rng==
+a.nic.tkmaxx.		172800	IN	A	37.209.192.9
+a.nic.tkmaxx.		172800	IN	AAAA	2001:dcd:1:0:0:0:0:9
+b.nic.tkmaxx.		172800	IN	A	37.209.194.9
+b.nic.tkmaxx.		172800	IN	AAAA	2001:dcd:2:0:0:0:0:9
+c.nic.tkmaxx.		172800	IN	A	37.209.196.9
+c.nic.tkmaxx.		172800	IN	AAAA	2001:dcd:3:0:0:0:0:9
+ns1.dns.nic.tkmaxx.	172800	IN	A	156.154.144.163
+ns1.dns.nic.tkmaxx.	172800	IN	AAAA	2610:a1:1071:0:0:0:0:a3
+ns2.dns.nic.tkmaxx.	172800	IN	A	156.154.145.163
+ns2.dns.nic.tkmaxx.	172800	IN	AAAA	2610:a1:1072:0:0:0:0:a3
+ns3.dns.nic.tkmaxx.	172800	IN	A	156.154.159.163
+ns3.dns.nic.tkmaxx.	172800	IN	AAAA	2610:a1:1073:0:0:0:0:a3
+tl.			172800	IN	NS	ns.anycast.nic.tl.
+tl.			172800	IN	NS	ns1.anycastdns.cz.
+tl.			172800	IN	NS	ns2.anycastdns.cz.
+tl.			86400	IN	DS	25307 8 2 BC0412D59817424A34040676F1AE1205B1F33FC9510E7E30114711851FFCEDE4
+tl.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . tDkBPBCfVFUSgZ9H41sLjOfoniE9sJcU4xvg7I4HMfjOPhBy1x8Vwj+EtcPer4nofaQ4+1zG8wZSeuVtvzSNLqSEfE7iDcvkm0Ica3cXXdRzEO3r3wnbl9pANa2xT2+z+KxAi4q6cGSDNeAnluKk+dP9cYTqnTtSpW8D0LawP/Scv4c2vUDXIp/gFtA0LGnczvPmZIjR8VPs4EkAXBUJ3oz6miHkC6hr1bwdm8Gj38RJD+ncdqRpMSbg2w3LHFJBImFLX63jWNKiS2uw4CJJNcvBAxfDKPBy43tW+yHUfN8y/UnUGHtSAnBCVA1Wwd6MsryhlDs59pUn9kRbzktf2w==
+tl.			86400	IN	NSEC	tm. NS DS RRSIG NSEC
+tl.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . asUIgwwrFLxKeJNasMAw1JWdN3845ewOqNxWo5Gnt9Rls5viXcCIKmtwYOGh6k95cz6ver+cJC81HAZ1JMacsIy/7a+s/AMR8WfsU2hssAavKNpJ7Xd/Q1aeKMk3eLr/aGyZlK1t+mIiYg9sadLIEsfEGAJjvNMNedHxdz1S+cN+yimTpHODLXUeTHImWG1ggm4vLLZy2TqRSOylXfnGOdUqMbCfja0pdIFmrttblegQ6+sKQsjqIoU0wFLSbGrOuEzGlhe84ZXuwq6U8SE5TwIXUjePBEoS3qVjdh9A8NbGIBk7xJJCRvIr00L1Fmjp4XEBSfXgfDnqZMdvUPd1sg==
+ns.anycast.nic.tl.	172800	IN	A	204.61.216.19
+ns.anycast.nic.tl.	172800	IN	AAAA	2001:500:14:6019:ad:0:0:1
+tm.			172800	IN	NS	ns-a1.tm.
+tm.			172800	IN	NS	ns-a2.tm.
+tm.			172800	IN	NS	ns-a3.tm.
+tm.			172800	IN	NS	ns-a4.tm.
+tm.			172800	IN	NS	ns-d1.tm.
+tm.			172800	IN	NS	ns-l1.tm.
+tm.			172800	IN	NS	ns-y1.tm.
+tm.			86400	IN	DS	36787 8 2 AF4A3A54AA5F73C114F9C6E4D9C3EF0040E387806A9F92AE85276FF38F33BCB5
+tm.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . VIZurKPOoOUUdX+MQktFNVOoNrMsVGI74H6SbZm05/OfJprf87FKUKhrGPQAz27z9XIfKewYaWristwV4l7LUYnFbNBUhV9vUl3MTCcY57JeEz8nxTV3zuOO++fGrYeZNnUfT1hN9S7ufZWrCdQZima+4EPS3AOB4BvF/RvzlKWILDzlEHSkrD8500c84F37YWuQH64wKhcRy6+zXmzGDhxbLSUNVPLqSocE7lvcia6WE0rxXztydhzSPdYScfISsWMtOTIoEbpk1cmvbpdIqbPDNv93qtxsZ+RSGU7vvakn5gYTdVmKwJy5mlM60niG+QyNnloeHCXzWtxIkntrVA==
+tm.			86400	IN	NSEC	tmall. NS DS RRSIG NSEC
+tm.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . dLz0IxuuKrynNmcVuaKNLmhmWXUoz9vr6fwHTKuzAfL7vzcSTV76TN0MXhOoBQnkI+uO0dW0n2RZStDY6tvWGoLK8lI4/cDu2N1IfoDNB1JApWG37+BDLXJ+x0CBEosZsh9lZd+iy3Cn1EiUqgFGC7Ffbit3BTMJMv8x4mU2WYjPb8ntunFJKp3FfM6dKD7Pf36b3JEn4ez5OM05gWc/wI7gjl+OyMEghr9i9KpPkyn9LCNiMtWBv32AydBhWr/RberyjWij0Cxxf6ZvF0Ouj6hdNuvOWlHa54TJO7XAPZe5kWuWsIhP8vPwlXmNZQwJyrOaiQmUP2UY4CIKem2Jpg==
+ns-a1.tm.		172800	IN	A	194.0.1.22
+ns-a1.tm.		172800	IN	AAAA	2001:678:4:0:0:0:0:16
+ns-a2.tm.		172800	IN	A	194.0.2.22
+ns-a2.tm.		172800	IN	AAAA	2001:678:5:0:0:0:0:16
+ns-a3.tm.		172800	IN	A	74.116.178.22
+ns-a4.tm.		172800	IN	A	74.116.179.22
+ns-d1.tm.		172800	IN	A	64.251.31.180
+ns-d1.tm.		172800	IN	AAAA	2607:feb8:0:0:0:0:5:8
+ns-l1.tm.		172800	IN	A	80.249.100.44
+ns-l1.tm.		172800	IN	AAAA	2001:470:1f1d:244:0:0:0:44
+ns-y1.tm.		172800	IN	A	91.208.95.22
+ns-y1.tm.		172800	IN	AAAA	2001:470:1f07:d0b:0:0:0:22
+tmall.			172800	IN	NS	a0.nic.tmall.
+tmall.			172800	IN	NS	a2.nic.tmall.
+tmall.			172800	IN	NS	b0.nic.tmall.
+tmall.			172800	IN	NS	c0.nic.tmall.
+tmall.			86400	IN	DS	58525 8 2 74CCEEB96EF2237B854B057AB38A9384865F16C48EEB467364D09458B75355EF
+tmall.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . etf45TaleufKmuBgn2qk6BpEZvoeb57ZRoBBhk8DoqkUm9WQfWh+9Z94UvCOmmam0L1MJ5P73CzqH8OkfqgGlP2SiTbQqJEneNfRtswxRzafalDlWr11v/4SCSTqirfBzJuFXFnNb33nBDACWykWUVcBZRL3U/yhvbCyX43T+uy9f1jCAteFGhL4pcoB6/fvCTNAYk1AQ9X3kO11jL1yB04aR2oTNlOOZXrVtCc3GJdJPAZnmWaemWCjXUXmFvXFDXBzowzzfWaD1M+J2CwDhJCDtS/pgwYebDBi0Q/N2IDNllpQXWzd1n0FDTZmlBBNLvbgpF2ChX2+vkIpWavAtA==
+tmall.			86400	IN	NSEC	tn. NS DS RRSIG NSEC
+tmall.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . O3KTOcTZUZvmTa/W+L34YAOAb0lEr1gTE0bTQdAAaZ+Nwrpa3nKtTVyWViOWY/saR+sHGMoHSXT50Q7ImpUbpcSEwmcXmGY4J6HPTteQGSzdKT5DGNIQGz0hIfcN1y4Cv6LvL7oPD5Mciej4vYgMQnnL0iCYb6APiHEeGB/4YIpcSvcByJcOgTFlzgQ2l+VC1f28N2zDklEsSmmtQpuTVTElBjcxyRXP8PrrDHZzcR90gtSV+/SPLmSBjejghdzJ813QjQDfGizVXU+lBWMUKWmEIDJbZzgXhB5QPHX1wgnuOZ6luyLyW0vd9AffDglX7ROVgub+d2ZqFjwSERwRZg==
+a0.nic.tmall.		172800	IN	A	65.22.52.9
+a0.nic.tmall.		172800	IN	AAAA	2a01:8840:32:0:0:0:0:9
+a2.nic.tmall.		172800	IN	A	65.22.55.9
+a2.nic.tmall.		172800	IN	AAAA	2a01:8840:35:0:0:0:0:9
+b0.nic.tmall.		172800	IN	A	65.22.53.9
+b0.nic.tmall.		172800	IN	AAAA	2a01:8840:33:0:0:0:0:9
+c0.nic.tmall.		172800	IN	A	65.22.54.9
+c0.nic.tmall.		172800	IN	AAAA	2a01:8840:34:0:0:0:0:9
+tn.			172800	IN	NS	ns1.ati.tn.
+tn.			172800	IN	NS	ns2.ati.tn.
+tn.			172800	IN	NS	ns2.nic.fr.
+tn.			172800	IN	NS	pch.ati.tn.
+tn.			172800	IN	NS	rip.psg.com.
+tn.			172800	IN	NS	ns-tn.afrinic.net.
+tn.			86400	IN	DS	8629 8 2 05C891303FDEE4FDAE258E2A7D48370CE21F98058C0EE0A50C438C2878A8E2D6
+tn.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . uHTW8ASAZ8mfpOjYOhSWPTgA/Dq4bn+8h4vx8YgbP/7OY4tkOJOh/xG8eqISpwLZLEQVhrCMPy4R4LJMyv5xtRkF68xrlghuhu0brTuyHtdQJWPvlNKldPUdIYFdbDJN3mWPrJG2ryZwEp1dbWHi/+5hirsC7Wft3jiFRLmf12EJHTWK2Xf2C5DXmEhlz0IeschVGGKswnLGrm96BRIWNcWr5kYPz0K7YBHxGWQl+Ai7ingL7NYAiijxGZXuhvtQ8uGexl1kewNvvkbo/W+Xpf87baIQ4WqZwp5e28cR3YGGRm5+Z9t/Qxn0xITBy5ngXqpKk+AzInAtzElIo8fGjQ==
+tn.			86400	IN	NSEC	to. NS DS RRSIG NSEC
+tn.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . K+dhoUy1qtXbcMNOfRa1Rmg9XMc9Hn2ZQMd5gs15ldiwpyzg0It+8i1E4Es/731AGGBbe+bN92EikGJGrUNRWAIPP9PVdh5jrFvZyju0aNa2c+sDIsrjwd4pPXWWetZyVW6U/iZrh6DLulX/lkFpRbj66z4TpjIodvbGjkvqCPwop2y6NPfi5EWOIRRnNupcXjNkoh4o/1+mUXPa+cSG1BtaQZD0Hrf+FA8rYo5wB62BzEnl7Foq4Y2g+BXfQqqOb1x76fJ8ho1Q/czZkyyrrOZG3/KxryEE37pD3C3xkxHc8eyGy4t8W9YyccporQBrIpEQXt0w14kRqMh8+hbZCg==
+ns1.ati.tn.		172800	IN	A	41.228.62.63
+ns1.ati.tn.		172800	IN	AAAA	2c0f:fab0:ffff:4:41:228:62:63
+ns2.ati.tn.		172800	IN	A	41.228.63.62
+ns2.ati.tn.		172800	IN	AAAA	2c0f:fab0:ffff:5:41:228:63:62
+pch.ati.tn.		172800	IN	A	204.61.216.94
+pch.ati.tn.		172800	IN	AAAA	2001:500:14:6004:ad:0:0:1
+to.			172800	IN	NS	cd5.tonic.to.
+to.			172800	IN	NS	cd6.tonic.to.
+to.			172800	IN	NS	cd7.tonic.to.
+to.			172800	IN	NS	cd8.tonic.to.
+to.			172800	IN	NS	tonic.to.
+to.			172800	IN	NS	sydney.tonic.to.
+to.			172800	IN	NS	newyork.tonic.to.
+to.			172800	IN	NS	helsinki.tonic.to.
+to.			172800	IN	NS	frankfurt.tonic.to.
+to.			172800	IN	NS	singapore.tonic.to.
+to.			86400	IN	NSEC	today. NS RRSIG NSEC
+to.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . WEE4tzxcxm6l7kL9OtGS8Pw3ocOjOufe+nxOqBdss8oQHudAaaI5YaS1xiRcnhaRwPXVPtDA4Z+QyMi3WPo6bitQz2NgDUnu1a3v5pYlNFJ0bsO9PqCAqmy6Qjqleo/p/s4tDuyZhmPW/LcbWl8mGSUTJDAgzsY52SiUTKK4GBEWaH2Fs3IAWlijoXXjcBnIL8KVSiRvocJ2n5XctjvBmPBJ3Vw1NjB/ML0w9URg+CbSRLSpX4YLnPE2EeHYNVu/afneXYuZcy66s/UFiW++gcp7C2xit6R6MS9Fhy2RoWFhV6MBiAGL6TVAt5duz1Ab+1L+Tdv9phOPnVRC8bES4Q==
+tonic.to.		172800	IN	A	149.28.204.240
+cd5.tonic.to.		172800	IN	A	185.136.96.197
+cd6.tonic.to.		172800	IN	A	185.136.97.197
+cd7.tonic.to.		172800	IN	A	185.136.98.197
+cd8.tonic.to.		172800	IN	A	185.136.99.197
+frankfurt.tonic.to.	172800	IN	A	46.101.233.168
+helsinki.tonic.to.	172800	IN	A	95.216.159.42
+newyork.tonic.to.	172800	IN	A	162.243.211.202
+singapore.tonic.to.	172800	IN	A	188.166.187.0
+sydney.tonic.to.	172800	IN	A	104.156.232.193
+today.			172800	IN	NS	v0n0.nic.today.
+today.			172800	IN	NS	v0n1.nic.today.
+today.			172800	IN	NS	v0n2.nic.today.
+today.			172800	IN	NS	v0n3.nic.today.
+today.			172800	IN	NS	v2n0.nic.today.
+today.			172800	IN	NS	v2n1.nic.today.
+today.			86400	IN	DS	8164 8 2 92C5EAF94DD9DBC7D5254FAF41CFF9DFEAE138C718773528DAE6B717EF1B6FE0
+today.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . Wogm2u5ydFl78THQuNld1Lv8mmgGonZdQi45XTAEdz1NBuMDaA6AXHgXJ8EiCEpAJW49/THY73YzVUJz4qqdRUVRSJ5317s+/Wf/ct2OpHSb9U/67r5vebYezVOK49jdkQE6Q/vI+ijH136n94loomrHG9y0acaDdQg0lBbdP68G0QKyEOZeeEs3YjSZ5vKRDNIF881uHrcJ9ITVfK+t3qlYKRofLLDRBYsVaooMgsA735P/8YLgpmdEuN2z02pH1vPJjtUAwKarhA0nX3pA0DvsHt5dw7+CUFrUHbwVEIjaLNf1QCh8sHDUT5y1H8b5pTY58I8e4Es7+OWnp/tzDg==
+today.			86400	IN	NSEC	tokyo. NS DS RRSIG NSEC
+today.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . aPZFNN6RWH7QKPX/575OuFtDhXnl8bsrDOtqcAy6Q5kjxFXDpjn9JHKFWAcmf58Df8fQyzkCgGO3hhXvolQKUbqoohu5HFO4FHYi8BSlHttRw7im1IygpQzyRurz5WWsB5eHxI9u52RDrqZWzLrTBY92zZFTqwxgfeTdHrtDl2lqUsFsbwI931iFP4wZbdHpGU7A2p+CnNEwKEEuTcOGGXKrSXCWArqihY7IiKUSs0eotP26YfNZZK2J7RJKf/654yEI9T0ag7noZj8QaBCoYMbVP338wdk+yqzEplJRKUnHW92zTQQYS1CLcz57LMwaMG6lKvMs0Q0nbaDJgBg2TA==
+v0n0.nic.today.		172800	IN	A	65.22.28.35
+v0n0.nic.today.		172800	IN	AAAA	2a01:8840:1e:0:0:0:0:35
+v0n1.nic.today.		172800	IN	A	65.22.29.35
+v0n1.nic.today.		172800	IN	AAAA	2a01:8840:1f:0:0:0:0:35
+v0n2.nic.today.		172800	IN	A	65.22.30.35
+v0n2.nic.today.		172800	IN	AAAA	2a01:8840:20:0:0:0:0:35
+v0n3.nic.today.		172800	IN	A	161.232.14.35
+v0n3.nic.today.		172800	IN	AAAA	2a01:8840:f8:0:0:0:0:35
+v2n0.nic.today.		172800	IN	A	65.22.31.35
+v2n0.nic.today.		172800	IN	AAAA	2a01:8840:21:0:0:0:0:35
+v2n1.nic.today.		172800	IN	A	161.232.15.35
+v2n1.nic.today.		172800	IN	AAAA	2a01:8840:f9:0:0:0:0:35
+tokyo.			172800	IN	NS	a.gmoregistry.net.
+tokyo.			172800	IN	NS	b.gmoregistry.net.
+tokyo.			172800	IN	NS	k.gmoregistry.net.
+tokyo.			172800	IN	NS	l.gmoregistry.net.
+tokyo.			86400	IN	DS	34775 8 2 009538D854DC2B09A147C657B496A8CD5151BC2FBADD83CF0C322F625FA5A7CE
+tokyo.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . ov/4USsyopE0ZrIrY6I346ih9hK0afnoL54t8GDnfShOphfA+MnrCjjV2U1+A4D5hJyVDI+XYWo/PpTpi9YmwYp+t9f4y15cg54e2urVBKlEgEtkQccYX9a7WMkYZZD9L0105fXnEsKaepa1nW/cPWPbVTJzIlpA506e+ITULqhHe91PSOsO4FB3uBFAr2xP1esjQAEVoEQN8JBhCU/wnmcKY1645/SKrRrfF2TncXqwkRtSNeQSrkbcTWJVkuLXdmktDrNkuZ27hmSKpE+0/ZITWiFmZtYHSmxyb81L0pekw9TcVJiKrUXf4aHeUK+qUBLlKPn+kbscxDarEU8TIg==
+tokyo.			86400	IN	NSEC	tools. NS DS RRSIG NSEC
+tokyo.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . BKbJvYuWXOzSryZuMJ9TnX1CGFPJhDxX762x/RaXQuXj3qRtZOlwKYHIYqpaJIfSI9JNMPXq0Nuz8phsE9YbZEsS1slPzjt+pPTVOsTw/k3E9NIRRcip/ujrars1cj4h6rHyVOmLuxi2y1LPnQHQx8spCW7oU2bq+ryKh4FMlNI05zTEdRya/XHjmRpYU9V9WpoMZDOMQE9YTkF/pqNA0ctBoUvoh7PwQY6ZvyQJ6P9Oh15lOQ+lVEZLvyS8mzid3/159buJJG6a8LUShrGjtP+agfrB6f+KqMMHNKPfasYY2kIciK+vDvqJ1BRO2uMmCxi/JemAK2htWkxepQhMzA==
+tools.			172800	IN	NS	v0n0.nic.tools.
+tools.			172800	IN	NS	v0n1.nic.tools.
+tools.			172800	IN	NS	v0n2.nic.tools.
+tools.			172800	IN	NS	v0n3.nic.tools.
+tools.			172800	IN	NS	v2n0.nic.tools.
+tools.			172800	IN	NS	v2n1.nic.tools.
+tools.			86400	IN	DS	13831 8 2 5DDD852D119830BE951AFA0D5176443A935EAA350278EF15FBEA34156CF5A9AB
+tools.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . V81pVhO7fRrpbR7Vs9eoTR0K1yMhDuoLZ6SPXov6COGqxsUYjNHwnVX1xk/P6yhSZN63v39foZkkgQVjSo7B5qKYyD5oRACQtTxAGICULyzXiBr85FDL25bJq56y9oKhzKpUmKFczFQw9j3PqBiZCRBlwq4eVUi2NFUNEo9pMF1FUT+dUxiLxAjDJSZ8/wLKRI9ewRar68+hauEfe+vkGUoDJtK/zBNC3HxAi2ji51Vdsxyq7TbHHoAXFs1GKdLrn9uhSTJssHuAjs5Nt+WsaKs5CYO3S/FXu2JP1hQgW3mT7y3y/yBur4A5zcVekS5tXU0BhQ9sSp+rRFog3XudHw==
+tools.			86400	IN	NSEC	top. NS DS RRSIG NSEC
+tools.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . IXJ4Esey8tTNsUWqAdF0agRlWRwEh5ShIXtq3bvTMqxKvl2iB1HtVuSSruo89F20TY1uhhlEcaQnmXN2NOSjxeLyKON43y8eU5svTkJGcTdcoP7+r49hR7PwpHzg/EkoQ4lbQLOOkMbmM5Mp9TAI/5SwfphIzQ8qdHWahJTRqaJDblzN/+aziPIi1DLTcJNnZU/FEH5xttc7H5ag4F2XuJFFktTBBCMOWWWEJkOtjWRSzFUVrS1TS7ABvxtTgCzsXk9bF8dElDIQAmn4uXOezMuptQymZl6z5Gzi5u163xBkaQxTn8wAucM47eLGeQyBcR1i03wBUks0rzqaF7zFyg==
+v0n0.nic.tools.		172800	IN	A	65.22.28.44
+v0n0.nic.tools.		172800	IN	AAAA	2a01:8840:1e:0:0:0:0:44
+v0n1.nic.tools.		172800	IN	A	65.22.29.44
+v0n1.nic.tools.		172800	IN	AAAA	2a01:8840:1f:0:0:0:0:44
+v0n2.nic.tools.		172800	IN	A	65.22.30.44
+v0n2.nic.tools.		172800	IN	AAAA	2a01:8840:20:0:0:0:0:44
+v0n3.nic.tools.		172800	IN	A	161.232.14.44
+v0n3.nic.tools.		172800	IN	AAAA	2a01:8840:f8:0:0:0:0:44
+v2n0.nic.tools.		172800	IN	A	65.22.31.44
+v2n0.nic.tools.		172800	IN	AAAA	2a01:8840:21:0:0:0:0:44
+v2n1.nic.tools.		172800	IN	A	161.232.15.44
+v2n1.nic.tools.		172800	IN	AAAA	2a01:8840:f9:0:0:0:0:44
+top.			172800	IN	NS	a.zdnscloud.com.
+top.			172800	IN	NS	b.zdnscloud.com.
+top.			172800	IN	NS	c.zdnscloud.com.
+top.			172800	IN	NS	d.zdnscloud.com.
+top.			172800	IN	NS	f.zdnscloud.com.
+top.			172800	IN	NS	g.zdnscloud.com.
+top.			172800	IN	NS	i.zdnscloud.com.
+top.			172800	IN	NS	j.zdnscloud.com.
+top.			86400	IN	DS	56384 8 2 BA378C5913404EC654DF544F519B0FB287E140D64DAC5D59E349962393C17945
+top.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . Zp4UiW1xbfmegJYzPxk24heMxcG4jq3RZLJynwcEBJjUm371EJsSRb31zi+/A7Zi9iCkcUdcb03hvMiAtJPgC0jfQEW6kRAs/mEPKrLXIH5xNnaWqvIU3dPEP8oZH3mF0IC9xrFkvUspSbYrTDg7zZjkm3DZ20ghYdFgqVovBLO/ODnpURUrW8OrPb7S+uRxuEzF21wPYgu2WfSsysYD/0qJbT5oe3FGUykcgMQy8PTlBqFAnf3momkNb7iZQpgz7BYYMrXRtcPl32/vVtxuMbny3sAitsqJkYbSklr+gmYLPO9+ROck4ZJG/sNN6JkSc3TLpVoTxZtLZCswvD9eAA==
+top.			86400	IN	NSEC	toray. NS DS RRSIG NSEC
+top.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . MsmvXoMl1jco6GE3/C/SP6mtI824OvLnfX+hB5NunbJU7JnBoXvUiKCwxJJYI/hXDcAV8pt8vBcY/S0U5EYjS49qYm5wLm4jSh0cjlV7wdhxiOozycEircCI6TkkewFQYFas7XOZWxgMj97XUSNh1eHDFH/55YDBXbkAOeKbUsI3n9UlytG6u0mWP9E7WCu6R2OKFVu81Gh5owh7UuF73IQ1ptM0fa0T/pSosQ3y8AjUq1bDX+m6Jdt43vBukdu+YMS5SeMMza5QXF2l4Q/3zsJcsP9iANe4qA9akcrxz1ONLm8Xfd2PqkldmodSPhVnaX1TQKIkbT96NhFUI9eLwQ==
+toray.			172800	IN	NS	a.gmoregistry.net.
+toray.			172800	IN	NS	b.gmoregistry.net.
+toray.			172800	IN	NS	k.gmoregistry.net.
+toray.			172800	IN	NS	l.gmoregistry.net.
+toray.			86400	IN	DS	53057 8 2 940A6F87F2D2482FC5541E20E646F38BB0535E7700D3317690BB42030C822D2C
+toray.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . xXr3p+7p9ZxC1EbdIFDwiWzuCsiJyoJcTzvnHY7jn4uvWBi9FQP88tQ8Fw/17nQnY0IrnAHIf0DiFjiUzNxBJxXLeBRCIxzJPnp/4YwjFvslpdxQizZLMTQgE2MS6h9E5YrtTZFw0sEpTLmMDJjmwE8R4xmz+OqrOjLnIx+9P/UK9WRbDeblW1RYDGzNTzhSoJ9P4mV+sVj/ujTqmg7Bh5rfMFGa698Lpm5jYPTrS9dEr2EFTQ3ZrNd+Ebt3oCCqR/9yUrIGwLi1iWIppScMQNmj/O1eluBAZu89lilk4CKkB8zpYU8zjmYc7Q8GkCvA54TWT4/fiAO+bB1/6kS8DQ==
+toray.			86400	IN	NSEC	toshiba. NS DS RRSIG NSEC
+toray.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . W9stMhCx+rHgPbTClXi42V67BTvxOrlHTbhyockXvnVXSKEqNhBBZXkiyUi8/C/ecyaSh2zFrAMsiwcI6WhMMf0GUfQHdHzozEyySSmuuUZj9gW1akAdcz8ynfZdQAKP4tbNqavx9c2ZdrV8aqXb5tTj70+DdJGeGs6tnHWo8gMJlFI9QZuypV6qhPopj4N2Uun+3NRkmXdiOY/HL3yyRJOGmheD6coQeFSTR1Vu0mf4CIGwM1bHf8c7yGjiZZWVoRamZRFhtl2vtnDPVg5wgtYmnt41d9Z4aL5/dWu6WYyKchgazcMH4Hl827FE59xL2p0Kg29Y3VsXp8jz3lgoBA==
+toshiba.		172800	IN	NS	a.gmoregistry.net.
+toshiba.		172800	IN	NS	b.gmoregistry.net.
+toshiba.		172800	IN	NS	k.gmoregistry.net.
+toshiba.		172800	IN	NS	l.gmoregistry.net.
+toshiba.		86400	IN	DS	38891 8 2 3EF24A44F5FFDA39FE23E4E4E4D2449E55A0B3001EC68A075A38313B6A4FF0D5
+toshiba.		86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . L/+4KsplgYT3Lk4TbAU5ljB7Bv16ug/xeUZcKfBPriXLTMzonIjd8PN2nqDhMQ+oDB8DmS6xbrgO5IGw2MsUKnS4NPu3tC/oGDzBGIa7tqgTWCZeVzCnhUnMUmnw+fldCL3Uq60Ph7fNYHxRDO0UB222BrbXR1yJJHIzIGzpTfUO+6rUSbdsRMDSkYMZ4ySAEWuYovVRBdaebVbVl5QEJVajKTndsY2HIJsv2ogKiC0VLpbYX/nscuo1Ut4A4mOarSMk9XTfkQ83yXBnJV1aVSBlBHc18OawyPyMjfKx8Wi1eZWYx+YTAhJrO3xRA+PKPtCtoMXpGSYrLLsU6rEUvQ==
+toshiba.		86400	IN	NSEC	total. NS DS RRSIG NSEC
+toshiba.		86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . nleuysDp4J3rFcu6lkH3rtacxtImoR/Cki9OM4b1B2/JVEg/g8g1dmDuK+L/9JgcJi9IzDhqG3w8sdJhFlEsAalQM6Bc4/c7Xa9TQQm5MHpplyP266p2o7RmHxPkB2I/M1w5r1F+AVnyFdvnIP0K1bM5EYA/lHnn4d8+7SD5ZMqaxI+mt/65uEaEGFMbNX3e95b1DXfxk7OPdJ7AjfblEOxXK87XoCKt5E59R5kLYBqt4D7ZThyReWtpnAR8XsoCjfK3UqqhgptVY8V2ia1agoyrerS5R7cfa2skT27kOEAYilJ1sIg/uDedz1lOGtxMPxEPAWylEqQB3ZtyWCCm8A==
+total.			172800	IN	NS	d.nic.fr.
+total.			172800	IN	NS	f.ext.nic.fr.
+total.			172800	IN	NS	g.ext.nic.fr.
+total.			86400	IN	DS	60785 13 2 EB38C07816FDF6CF8277071F558AC0C7C787088263271B55EEE4E59981414D93
+total.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . WvUhhzz9U1pp/PhPlUilc4tpiXRhict6deKjwbdgZtqsKi2gY1DHi7dtqHxBd5l7WcRIC0ltOERIo3IZd1vhou9GPF06w2BVheFoCcQX4zxvD7SyE09x2Safm1lBx3nsZB9qSVb2IevrMHX74maBeYveWmiujLimcREyq0bQHmCV4WzuGPGDSOH8R6TqE/p7MB+wINPG8yQGahxqbLMhW1dAVqCg8LqsbqtasZaV9sxAw2CrXxA31exdl4bhOYySqY25zMbwU1XeZOSmjzwkeJAVRUSgAuow8b7iq6hzjkysujgTiXqLmW4rguMmMq8awTtgPq7Rpw+ORSVRcwtbcA==
+total.			86400	IN	NSEC	tours. NS DS RRSIG NSEC
+total.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . c964k4MwHCF0W+QWxgHGNK0PgZZXmdeLyM2bVTzjHBatcdWkdhr12C9p8UnvcsXjLUQve/pD560Mo8sUj8Fu6RsNMmZCp+801f5FjPuwDEeQL6PTGkYiSUrYxIFyxazn98WPRHMgj+S7OztFN0NBDdP+kddNaj8ycbzEcXQrenSrcpXxqd4aY1dWn/yUO9ToNMRFP6fKZL02tXq0cylv1fxwFVkrSeWcmf/4TFMQVQwWtKSzS5Bfr2a1npxQVHHJqTMcc+fR3b9IH3Eq4LQ336epJcV0Meh5uLOiI9VYdNfYWgZgTsJh07lDBlni50NWeMGHDZk/5c0DSsUH7FU23A==
+tours.			172800	IN	NS	v0n0.nic.tours.
+tours.			172800	IN	NS	v0n1.nic.tours.
+tours.			172800	IN	NS	v0n2.nic.tours.
+tours.			172800	IN	NS	v0n3.nic.tours.
+tours.			172800	IN	NS	v2n0.nic.tours.
+tours.			172800	IN	NS	v2n1.nic.tours.
+tours.			86400	IN	DS	41716 8 2 AD0F4D55834496F7305AC2A3A8743DDBF7C4802EC246341E7F9E555FA42B5EE9
+tours.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . GkvAD4Tvq+E+5HVQmW2K4tr//boakPF02A3vf7xMzGrZyYq7E8h5/zV2IJog64AG3lGNizEHCA92/rTqHYv6vG+3nH+zAHABUpniUVjLGR2CEE8rp4U5Plo10AGawLyxG0zfnKDfhMiNg9cBBERYGOS9w6jLiInGy9s1I+NWsqD31exfrOqOb+EHj5/yRwXFcwWCVmHDdbeCix6M7F1wI/lAffr2yb9EoaLZs+zHZGD+5W6dgzh2/CP6AnyGXaUEvs5heBIi2zLB1xpJBUY78V1wyk5Eezu1uhfZxJW0noRzgRK7QY1dq5+O78ThbpsaIY1KIG5ASHsH7sPUEBsWAA==
+tours.			86400	IN	NSEC	town. NS DS RRSIG NSEC
+tours.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . HNBYtyYeBf2OB8XOCN4GC/RMb3uJNb05hKO63zAkmYCDyuNijIkZ4uumgTa/ICDmr3a2f81PJw5Uqr5gNiW12NDqMMNze2cJsOZwBCcQJHaLu7tSRtRLX3R7VVnWG4n9IV4J58TCvIGTZ4n9DBDBy/DzdrNFfAnarU8grC4zWRyfjF2SfZP19W81Uhd1lEz8n/kJZuhGaOWUYwoDgMPhHd8tC/BptRZP/s3fZOEmGW+2XdAdKBRolX9eYp7wXPP3NBa2col4OS8L8jfSmsa0Pok9QGDbEnWOvwv7ALEmfMkGdVULxnjnp+2FQYeCjL3c6s18cJ6DIdR/e2iP/ptLGg==
+v0n0.nic.tours.		172800	IN	A	65.22.24.47
+v0n0.nic.tours.		172800	IN	AAAA	2a01:8840:1a:0:0:0:0:47
+v0n1.nic.tours.		172800	IN	A	65.22.25.47
+v0n1.nic.tours.		172800	IN	AAAA	2a01:8840:1b:0:0:0:0:47
+v0n2.nic.tours.		172800	IN	A	65.22.26.47
+v0n2.nic.tours.		172800	IN	AAAA	2a01:8840:1c:0:0:0:0:47
+v0n3.nic.tours.		172800	IN	A	161.232.12.47
+v0n3.nic.tours.		172800	IN	AAAA	2a01:8840:f6:0:0:0:0:47
+v2n0.nic.tours.		172800	IN	A	65.22.27.47
+v2n0.nic.tours.		172800	IN	AAAA	2a01:8840:1d:0:0:0:0:47
+v2n1.nic.tours.		172800	IN	A	161.232.13.47
+v2n1.nic.tours.		172800	IN	AAAA	2a01:8840:f7:0:0:0:0:47
+town.			172800	IN	NS	v0n0.nic.town.
+town.			172800	IN	NS	v0n1.nic.town.
+town.			172800	IN	NS	v0n2.nic.town.
+town.			172800	IN	NS	v0n3.nic.town.
+town.			172800	IN	NS	v2n0.nic.town.
+town.			172800	IN	NS	v2n1.nic.town.
+town.			86400	IN	DS	63256 8 2 515451761441C5C476F32EE4D28AE24D5179521FB505C318EF721E5FD6165C16
+town.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . z+ZXOOqrFuEVxbluPmJgnA+aOssEpc/pcE1/YMUHC+EpaCbdG4KFOvRqP9AC9YRsBh3oWcTvQFO8tuiOMEzeq8sTx9i21VNSfkhKmxvZuf6u6LZfKzH4KgjdXGmz2zJ20niwmaUjBjV5GqnDHmjbksW5zfQpBoU/8hJ8k4hXWPp3KIS4Bx0DwPKYmmFx2JuZjtEv4rXVmuBxRD+ujr/iWxiwgMJlb3F+vNtHDEOAl5ir6JK24DjEoFHh3OQNsiI3YgU9Kg+w81VOSvDoj8wG5Vf11rwp9qQGMFdSNyO/XmGoOtzZXNeAOZTLkk58ULamHx8+GXjVm6YS/Igz+Qga2g==
+town.			86400	IN	NSEC	toyota. NS DS RRSIG NSEC
+town.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . DUyX+jaA9kkq5DSaN6ez7BzAGAzE4yU3ilgzFDwRcdx+dn+7ftlFbWu9MZpDxX464aWtpUQb3h7wnNqGLOq0oe91tGsf81Ygh5sw9UdXVmRCipCuLsbY+IxLsgep8m1tZ88P1wb4oiohhpsIE3pquFTUkE0i5NJOJhSLz2zT4vjxh5oHclAfYDXcq5VUOwbwsNy85bMb/gNtMoZsXuK5pUmLI07ZpEPVaJryymZimga+Do05Pfl7RGgWGbtKZQLlmgfF+sWjVdGXGaunGm9Kx+7Rc30K67ADKmr4/X485xl5w/S/ZAR/W65vMQQk2yHCo6iMMWllDEBpLc6zha9rqg==
+v0n0.nic.town.		172800	IN	A	65.22.28.55
+v0n0.nic.town.		172800	IN	AAAA	2a01:8840:1e:0:0:0:0:55
+v0n1.nic.town.		172800	IN	A	65.22.29.55
+v0n1.nic.town.		172800	IN	AAAA	2a01:8840:1f:0:0:0:0:55
+v0n2.nic.town.		172800	IN	A	65.22.30.55
+v0n2.nic.town.		172800	IN	AAAA	2a01:8840:20:0:0:0:0:55
+v0n3.nic.town.		172800	IN	A	161.232.14.55
+v0n3.nic.town.		172800	IN	AAAA	2a01:8840:f8:0:0:0:0:55
+v2n0.nic.town.		172800	IN	A	65.22.31.55
+v2n0.nic.town.		172800	IN	AAAA	2a01:8840:21:0:0:0:0:55
+v2n1.nic.town.		172800	IN	A	161.232.15.55
+v2n1.nic.town.		172800	IN	AAAA	2a01:8840:f9:0:0:0:0:55
+toyota.			172800	IN	NS	a.gmoregistry.net.
+toyota.			172800	IN	NS	b.gmoregistry.net.
+toyota.			172800	IN	NS	k.gmoregistry.net.
+toyota.			172800	IN	NS	l.gmoregistry.net.
+toyota.			86400	IN	DS	1172 8 2 D29F5D4BA40BDFED42ADBD4A710003739220B1D361D1A29E8E31F03BB067D738
+toyota.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . CdQMaePrttVO1/cm8QaFBpPJz00TpmVtNkExXVT3uM++iZ6/EihqXyf5SSHs6Zmej5qjrjH5jALw3rB02Iru0wyeJeuvjcYbDBJzu34t8yYk3KvpDBonMjdjE5r5Htu1EQTIMJulAG4f9iApR5h7ul9N9GgQyBoMaL2vrh+mzIQR2ILQkQLK6d9z/PpzR6kzcQ4ZI14ZCbgyO7UlGaTCqWurv3w8USZX6JOtlnSTNHLeQY0ZI8+SUldgVXyeGXg1/sc6FwsDuCdMkvanBLAPHYc76SQ4o865D8Ar70PPjxQ+Q2ucxI9hzBtJ5BtwTGQLVER/zTWLYw+T7H/d3uX0EA==
+toyota.			86400	IN	NSEC	toys. NS DS RRSIG NSEC
+toyota.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . UGGPHNUfUi9dRKLumHpDgC9ebJSQUGFVHHo4sqSfEVYjpTGfmy7kt12oC9JO1vIBuwZjEbA8nrMIz//h/Unx4VKA7Be2Xu/W2ZlpvwesDYFul0OVNHkX/5I6DnmP7rgMlhXgdGreeSVCSQRXCvBJr/L5VU7zAXbP9OlX2tQWbqDiK4lSDzP29Pgm5XeAGYqvUb8sQk2oX1D/OSQE3bwhYxDFoLw5QZ3IBci4fOIVhK2i27duRfELMNUXhZtELKyeL2SPJxaoHhnJGemLdm71/RaCDC8fDgc5ZK+vzuyJnRjeCA8xXDH8OFL7IyBu5BeMjZ1NO0KY/qQNryciENL6BA==
+toys.			172800	IN	NS	v0n0.nic.toys.
+toys.			172800	IN	NS	v0n1.nic.toys.
+toys.			172800	IN	NS	v0n2.nic.toys.
+toys.			172800	IN	NS	v0n3.nic.toys.
+toys.			172800	IN	NS	v2n0.nic.toys.
+toys.			172800	IN	NS	v2n1.nic.toys.
+toys.			86400	IN	DS	26029 8 2 7E93110615B5FADB76632C18AEE800588A81FC4D6D70B9029385987290678EA9
+toys.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . Qu6cJp1T0KlF10lxhbw+tng5K++ShDlg7+00G3ebT8JySgT3O3eAldrrerphGHR0uC0uRL8qdSgAeNuvjwxsXgOAkhb6Xl3E3Rw9aC71RgTi7jZbCGLV07zh5d2BMl1+iJ1dvpkiQ8sAourNRoZXZDL4FqHAgFbgHwRlUbEkmQRlHCKRo9NxlKXM4HYFSkCnhz+0eGzxgqCvcTSCVz+s7aGam55pj7C6j1VpPnWnw+wdPWuVXEQo4fntSW1zhYvk7pRMUklfCpKGXk6rI4+5tcn/tX/zlFwq3XyTYYD4cmOP2eo5SM28krpIet+LnZPkXHdM/2TKBXua6Yg3XcshSg==
+toys.			86400	IN	NSEC	tr. NS DS RRSIG NSEC
+toys.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . a13gFn8B4re0gsPgXiDb5yruM/2BR/tyF57ZdFfeRchaY1soNIeCYuF80+Dwte5NhsV3yNxfNZeP52usycmz2zpGGhiNK/Iv1zNR20mhQjvHDGdmOVdcHbE33Xym5UMnHD7eKVpFWqshAGNz6hPJx08rYouotQ3hdCWwqBzRp7xXawvNHJ9U7nIjz7orMUxVykiHzTCaET4UXwn1381AdxoGFRPtz7+tfczSpVIO4ftIZZq4U2ky0PE+uz/T8VxXZL0MHITkrjo6xx2kPzwkR1+4fI/3LhR6dQ2haKnx+QVmB6OGrpY03XDZmI5jODZrTZz3QoLxl5bwD2iu7Gq6Jw==
+v0n0.nic.toys.		172800	IN	A	65.22.20.23
+v0n0.nic.toys.		172800	IN	AAAA	2a01:8840:16:0:0:0:0:23
+v0n1.nic.toys.		172800	IN	A	65.22.21.23
+v0n1.nic.toys.		172800	IN	AAAA	2a01:8840:17:0:0:0:0:23
+v0n2.nic.toys.		172800	IN	A	65.22.22.23
+v0n2.nic.toys.		172800	IN	AAAA	2a01:8840:18:0:0:0:0:23
+v0n3.nic.toys.		172800	IN	A	161.232.10.23
+v0n3.nic.toys.		172800	IN	AAAA	2a01:8840:f4:0:0:0:0:23
+v2n0.nic.toys.		172800	IN	A	65.22.23.23
+v2n0.nic.toys.		172800	IN	AAAA	2a01:8840:19:0:0:0:0:23
+v2n1.nic.toys.		172800	IN	A	161.232.11.23
+v2n1.nic.toys.		172800	IN	AAAA	2a01:8840:f5:0:0:0:0:23
+tr.			172800	IN	NS	ns34.nic.tr.
+tr.			172800	IN	NS	ns35.nic.tr.
+tr.			172800	IN	NS	ns41.nic.tr.
+tr.			172800	IN	NS	ns42.nic.tr.
+tr.			172800	IN	NS	ns61.nic.tr.
+tr.			172800	IN	NS	ns71.nic.tr.
+tr.			172800	IN	NS	ns72.nic.tr.
+tr.			86400	IN	DS	48972 13 2 1E67CF0AA2E236A06D1F93491990960EFEBAB089A2BADAEFBB64E391AE6E95EB
+tr.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . WE5edfvuVVrnB/YyL08hK5wyVpyfzAE1Al3j6GEfEYdZYpPkmdAEMThpd7xLo6boauImlKyjHqP3WDHzfYyGU7EQKflBAh7CowY9NTN8sXqLi9n8PG+Ou888H/sAh+dncllwqqv0e0BO+PQH7lY4eA5Rt9/itVw+iowO9MmnC96ZxUYAoi6xluHpK7iCs7zI927X/fFfpHSrA9OPmK0kgVhdiCZbe3IcNpAUZZi1xE9ETwy6bK1WvWzBJK0fKCCXC9VHtuoVAnGAShgb8bgoLK8PQxrtC6YO5vAy8pjW5v1WKHSjOJ7Mvu+FqEbkYQrtqkpRzqOGIdHvAoprhR81fQ==
+tr.			86400	IN	NSEC	trade. NS DS RRSIG NSEC
+tr.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . bOYWa0HX3D4vWsJ2v4R8JsHQrAVShLlCdEJbMy9bd32dwm1v2iRF+MtyQvWEw9lYtZZvy0KlFtjyU6D+WOacDxZ7KqNjWe0SM5RaeYOxX1kBfc4Z4PVqldOwb6ExMpUWGp0lTipmv3oo6lFRNQsel0QTMDaFw7AVosroYoS1vBVmDkAXILyKL0oHk5JTlQENsnFqWIb37gPTxANALwVuZtR15/FwQ2Ha8yPPnmXDAsPFdYY/Y7Sc3ZjgK1smdaTIH39iAc1FGCDH9nrtJMifExB60oj/PBl2UGIyNo62JOxLlyOG59g0RxLkJg0sR4d1GVG3kNdhu/Lt3LtAE1Co3g==
+ns34.nic.tr.		172800	IN	A	31.145.139.99
+ns35.nic.tr.		172800	IN	A	31.145.139.119
+ns41.nic.tr.		172800	IN	A	185.7.0.2
+ns42.nic.tr.		172800	IN	A	185.7.0.3
+ns61.nic.tr.		172800	IN	A	206.51.254.1
+ns61.nic.tr.		172800	IN	AAAA	2620:171:804:ad2:0:0:0:1
+ns71.nic.tr.		172800	IN	A	185.67.32.53
+ns72.nic.tr.		172800	IN	A	40.68.114.66
+ns72.nic.tr.		172800	IN	AAAA	2603:1020:201:10:0:0:0:111
+trade.			172800	IN	NS	a.nic.trade.
+trade.			172800	IN	NS	b.nic.trade.
+trade.			172800	IN	NS	c.nic.trade.
+trade.			172800	IN	NS	ns1.dns.nic.trade.
+trade.			172800	IN	NS	ns2.dns.nic.trade.
+trade.			172800	IN	NS	ns3.dns.nic.trade.
+trade.			86400	IN	DS	34372 8 2 2647B121FA8A1109CF92D8A945F29FFC3BB42067D3B3C3DBA392211DE020D87A
+trade.			86400	IN	DS	64969 8 2 A6A28C3E7E7027758C2A68A2D255FF07956CF8BC41CE1F8BF8EEAEFD9280552B
+trade.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . oz52adGtKxi+SkP+hO5XexsJU2qcaUg2nE8qCfXK2kMljT3mdPn055HfXX5VXAq4LCE1Fu9cszyG1vzTWiY8UJG5Dt//nZYjSY1uNMA4NWKqhdjinK9Wf5mFN8yazt6AJNbxTlj0MNz2Ujo2uJbOj0StcpFT3aqDnBoxuYAay2oO+caEsg99Vl/swAiHhZg+epPaW5LI1bHj0HCLS+EoVvZmqsI5sM0UguDpHTCgGQmfUkNPfS5WqkZOcXQjOcPgL7i7swZkSKLrljdrkOjChkdYpogu3cv2UvnrHWJOqPDE2OX3/Yhd44MqAzssK9bJmll5bjvnFnNmzEescWxxaA==
+trade.			86400	IN	NSEC	trading. NS DS RRSIG NSEC
+trade.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . u0AjF3RHayGu/PdK6oDQ2O4Oh96OOPlfhmcCcPXSPwdUWfoSx36ye+ndUaUg9hkHbCO5GgfbOrBLciT3jIb6EujPnvjsOwmKr444GVjoQi2auMYNq/vT0QNOrOcOHcMrPEbJY0u+hyLtlo+lBtb1W+bS0upo5XbjgKQNq6gRAr+bDw0RMHNlmtgUYGrERPK5iQTrBLteh3BXBbsVdp3FRHVI6te2VJPUfIeVo99GqXEHASFC16oqFAFPnpuFk3FgykKRshTS8rsNqnyhvx3LT2ADhuiaJgVWRkKfYlMxtVxGKdmiYXGU31AIhG0FmMW+5A9ZwMBSDmov4t4VyGu/nQ==
+a.nic.trade.		172800	IN	A	37.209.192.10
+a.nic.trade.		172800	IN	AAAA	2001:dcd:1:0:0:0:0:10
+b.nic.trade.		172800	IN	A	37.209.194.10
+b.nic.trade.		172800	IN	AAAA	2001:dcd:2:0:0:0:0:10
+c.nic.trade.		172800	IN	A	37.209.196.10
+c.nic.trade.		172800	IN	AAAA	2001:dcd:3:0:0:0:0:10
+ns1.dns.nic.trade.	172800	IN	A	156.154.144.165
+ns1.dns.nic.trade.	172800	IN	AAAA	2610:a1:1071:0:0:0:0:a5
+ns2.dns.nic.trade.	172800	IN	A	156.154.145.165
+ns2.dns.nic.trade.	172800	IN	AAAA	2610:a1:1072:0:0:0:0:a5
+ns3.dns.nic.trade.	172800	IN	A	156.154.159.165
+ns3.dns.nic.trade.	172800	IN	AAAA	2610:a1:1073:0:0:0:0:a5
+trading.		172800	IN	NS	v0n0.nic.trading.
+trading.		172800	IN	NS	v0n1.nic.trading.
+trading.		172800	IN	NS	v0n2.nic.trading.
+trading.		172800	IN	NS	v0n3.nic.trading.
+trading.		172800	IN	NS	v2n0.nic.trading.
+trading.		172800	IN	NS	v2n1.nic.trading.
+trading.		86400	IN	DS	49129 8 2 EF6CA74A84FBAC616C85DDFC58EAC5475041C67DAEC11FE64FA0C481968A0790
+trading.		86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . Wkxj3ID0kkEHq3xBvUY0pceWXYbWWTzVg5SsajUH3bBtq0AV+nzYOrBLP/yZRJal11ENBupKGSYRKwrT7H5WZ0w2A+gMmQ3+xzL4/X5XYVKd4PrzZp6svle9pQqkYcBnFOaU3zme7XVlvmUrX8k7pscY9DorMq6rc98nBTbAJxNghTKQfnWOAh11P3uy2TOzHt5/sJE5XRTXKFU8GiFXxHi4Wk+ZYozf/VVOuK9/qpHNRvEP/lKmG1ZI4Z8rGMBnBZbmIi+3khoWSPU4tYVuQO6J3MvrD6G7qZWC1hZ2nd94McIgnmygJO7ebZI6iQLNQ2psL9lgSogRJsp/y4tOkg==
+trading.		86400	IN	NSEC	training. NS DS RRSIG NSEC
+trading.		86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . fPU1e3ujBMQQG8LRqVvBJ+3nnobsy2YT9pFOjgUXem3ArjPt2Se679JxzRaWd1GJXDfqhVGFokxKEJ8qmDYPQ5MwCb+bNgKXbAjhZqEXz4esumSg8fsf74fhvZKIuvNBKPTZOl6neFlad8Z1GwTL59TXTgRY61GX+/kFohw/VaJqHSMDKvmlwrjEB9F8eCaCJC6kEByU8gTE/rgNYA0Cr2cgVqYwWCyTcTNWTVFwXZt7wcZJvaApxvHsrWs/ph1y3iVubgmK7gyHVJBffEJAF+7SBgMY7VKZqoz9z5vO3ESiKAACc+zWNp27Wd1okdfym1XdA6FYEhmrYUzb5vlXmA==
+v0n0.nic.trading.	172800	IN	A	65.22.32.66
+v0n0.nic.trading.	172800	IN	AAAA	2a01:8840:22:0:0:0:0:66
+v0n1.nic.trading.	172800	IN	A	65.22.33.66
+v0n1.nic.trading.	172800	IN	AAAA	2a01:8840:23:0:0:0:0:66
+v0n2.nic.trading.	172800	IN	A	65.22.34.66
+v0n2.nic.trading.	172800	IN	AAAA	2a01:8840:24:0:0:0:0:66
+v0n3.nic.trading.	172800	IN	A	161.232.16.66
+v0n3.nic.trading.	172800	IN	AAAA	2a01:8840:fa:0:0:0:0:66
+v2n0.nic.trading.	172800	IN	A	65.22.35.66
+v2n0.nic.trading.	172800	IN	AAAA	2a01:8840:25:0:0:0:0:66
+v2n1.nic.trading.	172800	IN	A	161.232.17.66
+v2n1.nic.trading.	172800	IN	AAAA	2a01:8840:fb:0:0:0:0:66
+training.		172800	IN	NS	v0n0.nic.training.
+training.		172800	IN	NS	v0n1.nic.training.
+training.		172800	IN	NS	v0n2.nic.training.
+training.		172800	IN	NS	v0n3.nic.training.
+training.		172800	IN	NS	v2n0.nic.training.
+training.		172800	IN	NS	v2n1.nic.training.
+training.		86400	IN	DS	44281 8 2 80DD6F1AAD9C85FED280BC232C0DD8426C09DD7BDD6F6E6BC16232E252CBA059
+training.		86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . NljWx7MNqTr98TR0ZFwtZkKCbSSZwGqBs/xQ7rzvgUbkie9YX2Lyzd3CBm1mL3CyQARxkP86fjPwzxbjwUuvWnQkcJT9uko7XdNyL9cvEFXTKpkv6inrgasaZba406zYPTkdIzz93Wgba7L/HPwwtKo4khrU69uGhpl/PGdAWhJtkPdu+gmPmBZNAfEfVJvXQJYiHKitB3MYPpL4zjCsYYGoSymxN9sdRcs3iiIaUQ50oORWicXq9dm6noly4m6yV1SeGdx9IrjFOeBruC9yYvbwJgpHvR9B6H7j3mYp4utfY53e8svbH3N915YPsnrC4Z3L1xUOI3iZ31dHGww9wg==
+training.		86400	IN	NSEC	travel. NS DS RRSIG NSEC
+training.		86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . gHCvFhCBVNds2cQAC/DxK2SpgEO6olO19LemWCepA5etvzG/PFPEMY6Fw4M5YcGXSGXgn68Wc2Y/javN1TJZ2aLVAM3sB4g6Efekdhb36S7zqQqtCADv3rTA6laucBT277O5r6dLY8RWB5ZZ0R9NsIrJ17QpsyqLIvbMN9xZe+H4QnAkvhCLAacl90JM3H5lPVkBAJBHobHdX5UtjBD4Of6wWdyluOKDeGr+vZmKzLz0eNW2X22fA1tdE9gKis1uVR4Wbh2TWFWqF1ss0acqyECX0beVDeC/qM5ODhRhnk6vYocyBHTMZN0WR5/Z1ZsHTFppOZxOd1lxgfZJUXLjSQ==
+v0n0.nic.training.	172800	IN	A	65.22.24.41
+v0n0.nic.training.	172800	IN	AAAA	2a01:8840:1a:0:0:0:0:41
+v0n1.nic.training.	172800	IN	A	65.22.25.41
+v0n1.nic.training.	172800	IN	AAAA	2a01:8840:1b:0:0:0:0:41
+v0n2.nic.training.	172800	IN	A	65.22.26.41
+v0n2.nic.training.	172800	IN	AAAA	2a01:8840:1c:0:0:0:0:41
+v0n3.nic.training.	172800	IN	A	161.232.12.41
+v0n3.nic.training.	172800	IN	AAAA	2a01:8840:f6:0:0:0:0:41
+v2n0.nic.training.	172800	IN	A	65.22.27.41
+v2n0.nic.training.	172800	IN	AAAA	2a01:8840:1d:0:0:0:0:41
+v2n1.nic.training.	172800	IN	A	161.232.13.41
+v2n1.nic.training.	172800	IN	AAAA	2a01:8840:f7:0:0:0:0:41
+travel.			172800	IN	NS	v0n0.nic.travel.
+travel.			172800	IN	NS	v0n1.nic.travel.
+travel.			172800	IN	NS	v0n2.nic.travel.
+travel.			172800	IN	NS	v0n3.nic.travel.
+travel.			172800	IN	NS	v2n0.nic.travel.
+travel.			172800	IN	NS	v2n1.nic.travel.
+travel.			86400	IN	DS	60277 8 2 DF8590752DCF2CC075F91D5A6178C38A7BA1DBBC0C2327B88CA37BE4797BE126
+travel.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . WlO6SeLfyUoBrgxZxYuBEoVLQ94jnq+sC/v1M+BVVIRv3Z4UTxNYaAAy5A+U4XkNbYZJsgvbdM2ahxMfOZ21dlnPU8PH1pjWxrwGcXWmKAfjOQBHRe6xg3JL21zctCoaoSM35SEea94ElLg+LH/y/sj5Zl90yijna8rvx7pYCdSZweXaKY9tUdILl0Si/ADbWrIcKZTf6cei/SzW6E6e1dXMhEAb2ZKGRWcnAx5ID8IyCvdCoP8b5Xd1sCjuFNLnKIvPKhOwUfo7CNYVjOYW6x/Or2qYY0FCj/HO7FUAls92rD/bhhpc98QcBMnVGIbNaO7o7BpIOAtP2SoDHVqjrg==
+travel.			86400	IN	NSEC	travelers. NS DS RRSIG NSEC
+travel.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . L8zn+dnzC6e+yYBnA3PPyhex3Oxtxi+L4Ji5+yvqKag7uy9C8R+MW+AOzaDnQg9hjyrahLx6eROu2sgOinlOyPoodO6zbNHdlK0Ya+eH2Dzs7oJYPauITQby0JYCadz6Azf6UT6tzEdEN3kvDCfIPghMgLP/llkdKf2UVyx6D2NeAAMmyy0tM8cQ11kzDfZishKRat4JXlkWC86A4CzckY0bH7WZETx42/6yeWgidR/n0CHRFMdFi51U/Xv8+oeNMCHRoTWTanzY45mr+Y1UyYJiezdkNIPchJtr1OO5FtbzQbdFNYIS2/z7N2XvojjMCHtPmiMIQQpSTFrW0XfcKg==
+v0n0.nic.travel.	172800	IN	A	65.22.28.8
+v0n0.nic.travel.	172800	IN	AAAA	2a01:8840:1e:0:0:0:0:8
+v0n1.nic.travel.	172800	IN	A	65.22.29.8
+v0n1.nic.travel.	172800	IN	AAAA	2a01:8840:1f:0:0:0:0:8
+v0n2.nic.travel.	172800	IN	A	65.22.30.8
+v0n2.nic.travel.	172800	IN	AAAA	2a01:8840:20:0:0:0:0:8
+v0n3.nic.travel.	172800	IN	A	161.232.14.8
+v0n3.nic.travel.	172800	IN	AAAA	2a01:8840:f8:0:0:0:0:8
+v2n0.nic.travel.	172800	IN	A	65.22.31.8
+v2n0.nic.travel.	172800	IN	AAAA	2a01:8840:21:0:0:0:0:8
+v2n1.nic.travel.	172800	IN	A	161.232.15.8
+v2n1.nic.travel.	172800	IN	AAAA	2a01:8840:f9:0:0:0:0:8
+travelers.		172800	IN	NS	a0.nic.travelers.
+travelers.		172800	IN	NS	a2.nic.travelers.
+travelers.		172800	IN	NS	b0.nic.travelers.
+travelers.		172800	IN	NS	c0.nic.travelers.
+travelers.		86400	IN	DS	967 8 2 975D9FD3B056E286263F680F31106C7509ED466EAE0AA08B3B045ABAE39945F6
+travelers.		86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . A52Z8tmk4F3kMMnGMFBiWr5tcsizBfi2HSrcAT3bnE5pFvTlaYt363n4giZ/f/GjdzeR5yuiJYnA9P3f3XVQhFNDOMqwOqPfgl+YiVX/tBIYOCC5wFc6KlZXnJedBz8OAjxyRM3lRtgzcac/7Z2WvgnIulT6Ily8GvFM5a7RvdwgJHiKsQG9QEPAB3704Esk+jI/GW7c5OHlKOppI/Hx47ljM2/Z+5EqQ2OZ7CqRKxQ/Zrr8iK588OSwI1MV4joG8GF9JYUdjI9ABYe4zpLb/cZLqpSkiXOjtTk+6ho6ZEXx+2O8u7sIeZfgDCHTr0cELsWvkWBcuBPtynIBlGD+uQ==
+travelers.		86400	IN	NSEC	travelersinsurance. NS DS RRSIG NSEC
+travelers.		86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . MFcCttHBZDD3wm8LFpzGxgAvIqzoFnhCZMoxXNtZrABQ/khtanmeHEFsW9kKGGHbFmtGRCovS/osNRZgWiYSF2hPSvJP+GUFGSNjEdfs6UpQm39gp5MUa7kg7m4o2SihLTtAL2QG34z2SF/Q2rfKuQUvObmu88zJJCtG+nM2kdThaSe9ieUKU1e6DYncNT3zXoP0ytsX/93JGd5qR7Qofvpwa52O5mI3bbpQrVUgHkXzvXuNJvTgV34ncoZljSl3Oek/zjXLFsbgA0ivRLiAFB1dMfTWTWmkG9fCDQhWWtsI+AxYwAho1WfDp1/9ENliBEROAae0ulgNsC+SmQJ1fg==
+a0.nic.travelers.	172800	IN	A	65.22.200.9
+a0.nic.travelers.	172800	IN	AAAA	2a01:8840:c2:0:0:0:0:9
+a2.nic.travelers.	172800	IN	A	65.22.203.9
+a2.nic.travelers.	172800	IN	AAAA	2a01:8840:c5:0:0:0:0:9
+b0.nic.travelers.	172800	IN	A	65.22.201.9
+b0.nic.travelers.	172800	IN	AAAA	2a01:8840:c3:0:0:0:0:9
+c0.nic.travelers.	172800	IN	A	65.22.202.9
+c0.nic.travelers.	172800	IN	AAAA	2a01:8840:c4:0:0:0:0:9
+travelersinsurance.	172800	IN	NS	a0.nic.travelersinsurance.
+travelersinsurance.	172800	IN	NS	a2.nic.travelersinsurance.
+travelersinsurance.	172800	IN	NS	b0.nic.travelersinsurance.
+travelersinsurance.	172800	IN	NS	c0.nic.travelersinsurance.
+travelersinsurance.	86400	IN	DS	11389 8 2 1A8F262DDBE7316233E999F81AE452C17B3435C57BAB9CEEC4BAE518F121E1F1
+travelersinsurance.	86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . PsCKt2GXNE9wIkd+Kf/Ng5VLo8ynPj8cYQLlGWoHG31zIbRmeHKkD6WZboPFL0R9RFa7CVWHMN9Z/qmpHLcnb9DgVi6nj7+5/Q7KHwAyBV4iIoqRYSLl5LJ/WutcbK6ObXiovUSjfZEtEKGCZIWJpm0+FHXYa1E+KNL2tq+uNjZtVpY9t9CK2OGnuNeB6h3ShTLHIGsd4yE/YhMwO93rCUl7nt5vA/mQfP+kyb45uWDGHQ2253iKw815CiG14bnnFRKcWajhNZPyPJcXyMqMhuM0UvQazdrLs5wMurbOVPoVheoJTGM8xhqel/gTp89QcVcfr41V27BuWyKpK4gUwA==
+travelersinsurance.	86400	IN	NSEC	trust. NS DS RRSIG NSEC
+travelersinsurance.	86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . PcxQ72RNly0R8K8dCvNp0VjNX9gMCNsCaeX43osFGIFJGv3mMHPdKitim6AY2yV3lzAWwcH664QCAXnnQ7EEs42wSbRRjYlOVOTRp8A/hUTaEiAXkM3axaA9dkM6t/cha4liFkHis3qq6dm0htwYPus6KOFyXnoDq8aba7P/dOLZO6S+r55oRDPl+Qnq7I9i1tFLffNOO4PtzUzQDJhBzr7pIvwiCjGQXOZI/eH52S1dTg4CH4HdAzPGSCQu8SVow/YoIczmp58wIhsZZyRS+fcz+AacC5OrV1g60U1PQ7+MmbRpS3I2C2M7YM56sEQcU4HEy7srltFjOK+yeMQzfg==
+a0.nic.travelersinsurance.	172800	IN	A	65.22.200.17
+a0.nic.travelersinsurance.	172800	IN	AAAA	2a01:8840:c2:0:0:0:0:17
+a2.nic.travelersinsurance.	172800	IN	A	65.22.203.17
+a2.nic.travelersinsurance.	172800	IN	AAAA	2a01:8840:c5:0:0:0:0:17
+b0.nic.travelersinsurance.	172800	IN	A	65.22.201.17
+b0.nic.travelersinsurance.	172800	IN	AAAA	2a01:8840:c3:0:0:0:0:17
+c0.nic.travelersinsurance.	172800	IN	A	65.22.202.17
+c0.nic.travelersinsurance.	172800	IN	AAAA	2a01:8840:c4:0:0:0:0:17
+trust.			172800	IN	NS	ns1.uniregistry.net.
+trust.			172800	IN	NS	ns2.uniregistry.info.
+trust.			172800	IN	NS	ns3.uniregistry.net.
+trust.			172800	IN	NS	ns4.uniregistry.info.
+trust.			86400	IN	DS	33872 13 2 D324A81281464251E04686F4E75D2978B119496FE596012A89647FF6AF0EEFC3
+trust.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . hxjp3IRTER6+zVpzcEJQok1iBjN9wk6Xzze6MjxDaClJ4r4FAjvvI7/A6MXg/sR14NIurCXT5uWi6vLH43PXCKskCUPiV6CwnipO9TU5Tncn3BVrlBNTI1xdltqwj2ZByuuGl7nOMSb+BrkYiyTIrmpMy9MWYRwPSuC0EWa/UKPeEHsZxqWDFaEUpEtNNDiZbPc6PZbyG8D4uapjekPKp9LAwrKZD6iGNHTSQ+gzLXXw/iU3EW1hphZHWa3NNt4YoZfVtGki/rF7rzRsX4vngAp98UFJomJlzrFP1K8SP8FlQ0TIJwFhqqUQ2SWMh1I2d6nDVqfiQHXARPyS0/lc4A==
+trust.			86400	IN	NSEC	trv. NS DS RRSIG NSEC
+trust.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . ppM044RASaR3iq+0d/mIfzKdRNwPCbKETuoWHhmO07JxCPWb9SlDdDSE5cR67VMm7WJD1inNB3XTl/FxamIx58ZYW+RzF2vLZ3QyrCJBuAPBufrgQTZelYPvQX7Y+YyOfKdcJfX8nlZu78/FyJ4FnFXQm4HOpvGfnIVl53mh8l7QMo49O487CIP/z8RFp+AImuMD8S9/3xyEypmOZDCYt1geOLibBZTKJw0vnvC7dWhCaygrgvo6921FpRuB8dmL1Bw8gmQJRjgseCawYjSjH4UJuY7BTqQsMF2+GKL5PJAcorljvEW+TJtvc93gxjfHvSQ1CP6KLXZYohVHQyzNqQ==
+trv.			172800	IN	NS	a0.nic.trv.
+trv.			172800	IN	NS	a2.nic.trv.
+trv.			172800	IN	NS	b0.nic.trv.
+trv.			172800	IN	NS	c0.nic.trv.
+trv.			86400	IN	DS	48547 8 2 F525871EE63FFED32856BA0C67F5115D5B011A437B67250E357DF2BDCF1EA31C
+trv.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . Bj0TM0d/5Dyb0iENvHn39fLdVLVGOr+di7dbEMjjd+uwW/2Elv6x+KKKqwKXZhGUSYe3sXTuR4GpydbeNg9Vp7rE28hmUNhsCGfXoq6uvQ56c3QCKCNKmkg5pmBQeyEKFe+eEqiUc1feBR0zgGqryLFfwNOJRvT+HFNIYzQCutfbDWckFJHkPSw1G0RUZ4w5Jjv5aDCqpcLkyKRpfq8hxPaxGyfyNkiWusnAs0x+OQlD6he5SiELPjjoJS2LfpZQFu7FaT6PiggP4x3p2RUrHlEIY8pjyJTH7cvzrUVR88BLdtewO/voBUY9IeSt1914p0ddpgIhJCQkjvjqVELcdg==
+trv.			86400	IN	NSEC	tt. NS DS RRSIG NSEC
+trv.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . nDwDsJbhErTJJZSPzfCSCM6oqREad+C1QS4pYY7OXZjSJNbewuUnbpPyuvQxDJO8UpDC29A8KpKPA1txixXtuhDwJJmA+ZOtNCAt/T4qwMbSx6Pe3rTZLrnBMLd1DTYYtUiusV7BtMsBWXkfdy4+aWpgoQV5IdOrMY/bef18sgpUZQoPKdILkBugN/8U33rP53VLm557VqP4cTY3cMlOc/OLfWAG1LiFEIS7mFvR6rqm1D8NKQmHargjjBlfGFjla3B/FMvAjcopmxAClYJo6MK6saDT2MMyGAdXU7ApMc2LSgz0puUryr1/9lkajBoajRRYb/AdolWLUgT0C8SCQQ==
+a0.nic.trv.		172800	IN	A	65.22.200.25
+a0.nic.trv.		172800	IN	AAAA	2a01:8840:c2:0:0:0:0:25
+a2.nic.trv.		172800	IN	A	65.22.203.25
+a2.nic.trv.		172800	IN	AAAA	2a01:8840:c5:0:0:0:0:25
+b0.nic.trv.		172800	IN	A	65.22.201.25
+b0.nic.trv.		172800	IN	AAAA	2a01:8840:c3:0:0:0:0:25
+c0.nic.trv.		172800	IN	A	65.22.202.25
+c0.nic.trv.		172800	IN	AAAA	2a01:8840:c4:0:0:0:0:25
+tt.			172800	IN	NS	a.lactld.org.
+tt.			172800	IN	NS	pch.nic.tt.
+tt.			172800	IN	NS	ripe.nic.tt.
+tt.			86400	IN	DS	2539 8 2 B06DFA79674DF3EA8190E7616164414B01E9199B7C94EC1540378A395DAA401F
+tt.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . cnrxdvGPInumkfpOeLG/Zp0ZNTzTBXtvN4YQapgntmgW6zp/5PceqT1Kk0EClSY0VL++a9aH7yYWQuPcG44W6FOIqlFEvoOjbvijrM4apTOL6eccsQ/etTu9OmOgZ43PYFVJeLj0xKXv5w5+lAm6PBF9oILtABt8ds1Xn+8MeKIB/yDyscPpXYw2sGHlF8ewxj/tgj4pECMTmHfLCpAvZbIT053arCiqM4zcsVnneDcqjDa+OOJLY2JDxX/MXBSlhs/xunHUyDqulJVU9dgGbxcTSWELwXgAsVpR2FzQbX0+YxP0OK8XrV+R/rZFqNOtbDRZQuVF77azGiabh+Z91g==
+tt.			86400	IN	NSEC	tube. NS DS RRSIG NSEC
+tt.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . vBT2vl/ZFd2Kvg/OKYxzp8wLhF0heHy0iRFmE4/XRrjLSU6mi5EDjUz44rr+0SBC+IqECSR5F+1swe4KRI8DxFMIxT8E9GnIKROZo52YiqlNWEoRZwX4OWWc0Yb/4lu1/b7tM0wrp63VM4fGkrVJ+VCPBN2Q7LpjryUGRnLleXz6zzYfywqVYfK+lsf+0bUktaWhYvS5dQAvkvMG/2x/UHAI61Q/2OmEyKxE8Lg+HoLjwybUYZzPYUaKf/Ef/wrxsG/YxVWQ2FoxODWjzu00flzA/fsmfyadHr+O5uwFWnQ+/44z1jXZXM48RGLP0hkZ/nnvTtaAMXyiJthW8M/YMg==
+pch.nic.tt.		172800	IN	A	204.61.216.63
+pch.nic.tt.		172800	IN	AAAA	2001:500:14:6063:ad:0:0:1
+ripe.nic.tt.		172800	IN	A	193.0.9.50
+ripe.nic.tt.		172800	IN	AAAA	2001:67c:e0:0:0:0:0:50
+tube.			172800	IN	NS	a.nic.tube.
+tube.			172800	IN	NS	b.nic.tube.
+tube.			172800	IN	NS	c.nic.tube.
+tube.			172800	IN	NS	ns1.dns.nic.tube.
+tube.			172800	IN	NS	ns2.dns.nic.tube.
+tube.			172800	IN	NS	ns3.dns.nic.tube.
+tube.			86400	IN	DS	45112 8 2 A5918AFDEEED73D4603ADF2EC0EC6A2735B7DED61849C500DEB6B68A5BD03610
+tube.			86400	IN	DS	52096 8 2 03E03ACED82968F08EBE79B3D8641A366AEB3A9600B6B29671DCE8AF94492287
+tube.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . UW7E2m0/u/A7lwz85uEzAHlLmAKKF4PBlFav8qObqoe6NAzxbglLG4SrtwRC12BO1NmJZR6v1yfZi8QqnH6IOCUWpWywKdG4Bj0IfLOqkWys+jt2AolqHlY7L0Kk2LfprtxlCj4ULFNnjcZylI/7fkND8IU3HNw0VaALK/i0LxZxnIscXsml/YtU9ksQNy20Y63RPOqoiMWskexh85QyXWEZXBL38HWwGxbgN9MSE22RRmcthf5bPuwSZ3E/rC53Ru4Q8uI0O0Qt5vWDXupFjcDoEaQNBA0nwUrYK5iKWJHp8q5gDSiaO9NQiR/J7KjZjCicefBabfrOsZIQZXDrPQ==
+tube.			86400	IN	NSEC	tui. NS DS RRSIG NSEC
+tube.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . eaNAicg3rMPRLzMFhRwM34o4TwDjvAstqcOpvfS7B4ORx/Pz9AWTMSlIl/40ocrxN5g7xW5w39YhK6oxT4CgGQ4qEdIS5jbAHucRzVmobZRTuV/LX/VndF8rdFDq8yD9JGha/F05q1lH/e7j62+PhdP6+fwn0LbsIrMsuknZWvE+afkyWmitqAWfT63n3LJ/bVt3TovLVlvxNKd2d95BtZtbajphjVjbcBCCprnHgOk1FeTy9fuhLgEx8Zi3lYlCd1+SbHpKSpx3eLuY87SLsbJeeFFYd0wE9WPA4spnHpif5byh/x632V1brOIF1UMgoeUR2RiQXzZ51Fl083talw==
+a.nic.tube.		172800	IN	A	37.209.192.10
+a.nic.tube.		172800	IN	AAAA	2001:dcd:1:0:0:0:0:10
+b.nic.tube.		172800	IN	A	37.209.194.10
+b.nic.tube.		172800	IN	AAAA	2001:dcd:2:0:0:0:0:10
+c.nic.tube.		172800	IN	A	37.209.196.10
+c.nic.tube.		172800	IN	AAAA	2001:dcd:3:0:0:0:0:10
+ns1.dns.nic.tube.	172800	IN	A	156.154.169.80
+ns1.dns.nic.tube.	172800	IN	AAAA	2610:a1:1071:0:0:0:1:50
+ns2.dns.nic.tube.	172800	IN	A	156.154.170.80
+ns2.dns.nic.tube.	172800	IN	AAAA	2610:a1:1072:0:0:0:1:50
+ns3.dns.nic.tube.	172800	IN	A	156.154.171.80
+ns3.dns.nic.tube.	172800	IN	AAAA	2610:a1:1073:0:0:0:1:50
+tui.			172800	IN	NS	a.nic.tui.
+tui.			172800	IN	NS	b.nic.tui.
+tui.			172800	IN	NS	c.nic.tui.
+tui.			172800	IN	NS	d.nic.tui.
+tui.			86400	IN	DS	23290 8 2 D53C138EAD14027D6192DFB0C2CD0B7CFF36986E47FE680D8B05F84AC78D633B
+tui.			86400	IN	DS	35342 8 2 60BAC1E816660EA6CC89BBE453C4CAC50EE7FBC9BBAC3CA6F8EEBFB1A24AF721
+tui.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . QJrCXSdluF531DdK+/GlZk87AJ3a3n+yMbp+semnZyTVwGZLEipAvLf0Fec4Wj9KdbM6WUB6GdPP/Ycne/JqZtT5su68uq0J32J54J2T58hJu+o91wTdKjsqq2COCR5tNgmNdEPuCGPr/EhUPv/nUuYBbw9enQl/YlHTUt8pX/VaW5pBRohocXwN8pZYbo+Z0Ozh5/mF+hXSdMZSgdszVxQB8rlSWXlTXBZpEHLaW/QdTczOTlNFmLGSsZcv4/Qv4vhq6Hvqf57ouYskAuIvr+vjBRArJ3nKKlHST5QUGWKQecoyODoSZvCZYNCCPIqq22MI3ApF2jlbVNnnpw6ybA==
+tui.			86400	IN	NSEC	tunes. NS DS RRSIG NSEC
+tui.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . yZE/sCcsR9/VXUj17KvDZeQwikxnO6ppS0hSDpdiMH2N3OyYwEX+uuTnsgfynGpwlsrT+c5MfN4bN5aB6Xx+XTjZphDZUKOvNuKyZsbwv6NG44g/eA4rqZa9pkdX0RrcFTiHyX9ZZ0ZlUCh8oRqeR9gbmezSseBeK2K33SEDCt9rCBWEQzvZTPk48As4XhXvb5096f/EB5QtAWLDO2WzWhzg1kYk6gjzl1AwTE0MkCIxOFzvTvfTxVjPT8003cMiOogHhTuNfzh2XCdytljFIhyW+opvKvRh9xKAG1UloulmxpbRcGGsxYIaG2XZzotDXxmUl8iOAUn3ImR50vHXlA==
+a.nic.tui.		172800	IN	A	194.169.218.103
+a.nic.tui.		172800	IN	AAAA	2001:67c:13cc:0:0:0:1:103
+b.nic.tui.		172800	IN	A	185.24.64.103
+b.nic.tui.		172800	IN	AAAA	2a04:2b00:13cc:0:0:0:1:103
+c.nic.tui.		172800	IN	A	212.18.248.103
+c.nic.tui.		172800	IN	AAAA	2a04:2b00:13ee:0:0:0:0:103
+d.nic.tui.		172800	IN	A	212.18.249.103
+d.nic.tui.		172800	IN	AAAA	2a04:2b00:13ff:0:0:0:0:103
+tunes.			172800	IN	NS	dns1.nic.tunes.
+tunes.			172800	IN	NS	dns2.nic.tunes.
+tunes.			172800	IN	NS	dns3.nic.tunes.
+tunes.			172800	IN	NS	dns4.nic.tunes.
+tunes.			172800	IN	NS	dnsa.nic.tunes.
+tunes.			172800	IN	NS	dnsb.nic.tunes.
+tunes.			172800	IN	NS	dnsc.nic.tunes.
+tunes.			172800	IN	NS	dnsd.nic.tunes.
+tunes.			86400	IN	DS	52234 8 2 0D317EA34EDC8D43E8868616F66BC5BD9B5E5389DBBFDD1529F7C609AE095B9D
+tunes.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . wsxZsfrKVD+JC1jjrJyqu6UsQW8nMVOZRiZJhYrxRogjquZhCw0Up/F+iCYTP2FllhG7tIHintbCCkYsv8sYLE1ZyXeUkgm83Ec7x1a5FhSIiZexj1PQWPaYDOUjnxbAuH+Uc0fxy71wSjEePmLAo8L6wuOBl5yneHMXeh1OCkLNr9Ob7isGAAD1RfDjxwnNOCxNdFyVIJbgjFA4S3z5HamLLUWIfIQghxgFhZnkS3NKzM/lSVUwP1dg8HX3LLImM8gLWJM9epvq+w6LbCfRXH5E7CS25oe7Pp40Vg0UcCiOkZwb3yrj0iPyv/rInIi7iZByYwHFFwuR7Ar0pdH4NA==
+tunes.			86400	IN	NSEC	tushu. NS DS RRSIG NSEC
+tunes.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . mbNGb8sdQGegPoJ+tb4hi5hfgTRNXUvT2OOWTtDzek0E/c8Hdq/Q2j2VwL3l/fIR3aTX71nOn/9+fO5Dm3WqtUimUdV1PHqP6bg/GeutTLM3bZzuGjWzzAdCr/HD1yNZUJ8CDqFAXP0F6yKlWytnzXHXn2ZnPaC+AiSGB81GBDOcdH3P0LbDwjTYdMNkfdXuJc53mzJ+cyM8gaW450rSG2RMpIJuFe3Scj1TbmjNI4fb/EwVDmoKY4K9t35Okyr8TgUMXeK+kniBuZSzSVoWjMFtMHRqfkJDOk5eaS+Ris+j6BonehgDdieIWdt07Gieu+E3V+rsiw2JPVkiHAL+Tw==
+dns1.nic.tunes.		172800	IN	A	213.248.218.84
+dns1.nic.tunes.		172800	IN	AAAA	2a01:618:402:0:0:0:0:84
+dns2.nic.tunes.		172800	IN	A	103.49.82.84
+dns2.nic.tunes.		172800	IN	AAAA	2401:fd80:402:0:0:0:0:84
+dns3.nic.tunes.		172800	IN	A	213.248.222.84
+dns3.nic.tunes.		172800	IN	AAAA	2a01:618:406:0:0:0:0:84
+dns4.nic.tunes.		172800	IN	A	43.230.50.84
+dns4.nic.tunes.		172800	IN	AAAA	2401:fd80:406:0:0:0:0:84
+dnsa.nic.tunes.		172800	IN	A	156.154.100.3
+dnsa.nic.tunes.		172800	IN	AAAA	2001:502:ad09:0:0:0:0:3
+dnsb.nic.tunes.		172800	IN	A	156.154.101.3
+dnsb.nic.tunes.		172800	IN	AAAA	2001:502:2eda:0:0:0:0:3
+dnsc.nic.tunes.		172800	IN	A	156.154.102.3
+dnsc.nic.tunes.		172800	IN	AAAA	2610:a1:1009:0:0:0:0:3
+dnsd.nic.tunes.		172800	IN	A	156.154.103.3
+dnsd.nic.tunes.		172800	IN	AAAA	2610:a1:1010:0:0:0:0:3
+tushu.			172800	IN	NS	dns1.nic.tushu.
+tushu.			172800	IN	NS	dns2.nic.tushu.
+tushu.			172800	IN	NS	dns3.nic.tushu.
+tushu.			172800	IN	NS	dns4.nic.tushu.
+tushu.			172800	IN	NS	dnsa.nic.tushu.
+tushu.			172800	IN	NS	dnsb.nic.tushu.
+tushu.			172800	IN	NS	dnsc.nic.tushu.
+tushu.			172800	IN	NS	dnsd.nic.tushu.
+tushu.			86400	IN	DS	38627 8 2 81D6D592C13F144D74BBDE9D4A93531338245E9AC1781EEC826D4B610947D1A2
+tushu.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . aECPRI+O81pxjXrp59lCa5eCFfuS6CeLb52CvlXmDdwkRl/HmETPln2nUv39m32kJGLB0SylUG72KLo8+STTAF5Su4rQtCH+tJMA/jYeo6ipVUc0H49q4pnWbepstxKcGn+lyJxoM4EPt2GyBVu/j+O8DXpDMjjJQXaCSXx2OykcdJc0OzisS5PggceoEBSUV07m21415k1Q2aFCAsKbLnReKMo9TgrYyD5g5yzJSnuVfhH9CbMeqAkcFJRTGBrjl4R+7g7inz0iuigJrzt9oXAOHXXBjpP+xUt7pWGumS2leB/kTZuAri5iktJ0uyU0E9YkwCeaQ+IQuA75Ume7mg==
+tushu.			86400	IN	NSEC	tv. NS DS RRSIG NSEC
+tushu.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . DSHpMOQW9Xk+d+FqU+spzGMQBlqgAP9AxnXueJSHsy1oCcUfDjIWYNZ4PzI/uiX+44bIm2jxf8kd3wVhAhaFYLfxhKOQWO5iA5cpBqly8Stt+51XNp1zs8bVjJ3BzhBXXtJ5M/IaBjqyOFSqOK/TpG/ZGxZX8fHO2yltutESN/W4WEYO5EVOjtH2nBu6saLxY0+Ckc29OPW39vHIfJEdxkYUuCiIfBDpHsZcs3xLPhEvwBYNbSqcEtCjhfbb91Qg1tSegCBkJ/VvgUJp/wOV0aG8lpxtlwv7BSdze1s/iEplJyXlfx3LPy+sitOOkIvOW9kP8jAglPklMRBEbdl4xQ==
+dns1.nic.tushu.		172800	IN	A	213.248.218.85
+dns1.nic.tushu.		172800	IN	AAAA	2a01:618:402:0:0:0:0:85
+dns2.nic.tushu.		172800	IN	A	103.49.82.85
+dns2.nic.tushu.		172800	IN	AAAA	2401:fd80:402:0:0:0:0:85
+dns3.nic.tushu.		172800	IN	A	213.248.222.85
+dns3.nic.tushu.		172800	IN	AAAA	2a01:618:406:0:0:0:0:85
+dns4.nic.tushu.		172800	IN	A	43.230.50.85
+dns4.nic.tushu.		172800	IN	AAAA	2401:fd80:406:0:0:0:0:85
+dnsa.nic.tushu.		172800	IN	A	156.154.100.3
+dnsa.nic.tushu.		172800	IN	AAAA	2001:502:ad09:0:0:0:0:3
+dnsb.nic.tushu.		172800	IN	A	156.154.101.3
+dnsb.nic.tushu.		172800	IN	AAAA	2001:502:2eda:0:0:0:0:3
+dnsc.nic.tushu.		172800	IN	A	156.154.102.3
+dnsc.nic.tushu.		172800	IN	AAAA	2610:a1:1009:0:0:0:0:3
+dnsd.nic.tushu.		172800	IN	A	156.154.103.3
+dnsd.nic.tushu.		172800	IN	AAAA	2610:a1:1010:0:0:0:0:3
+tv.			172800	IN	NS	a.nic.tv.
+tv.			172800	IN	NS	b.nic.tv.
+tv.			172800	IN	NS	c.nic.tv.
+tv.			172800	IN	NS	d.nic.tv.
+tv.			86400	IN	DS	2107 8 2 2F2DC481C07E7DB2E54A546A7A35CC16CBCF242EC76B71385A42CD7BC37E7FC8
+tv.			86400	IN	DS	57277 8 2 CDF61FAF1EBC9D83D5BC3D9DE22E794AE8ACDB0475EA8CF27E92CC00F0C3F5F9
+tv.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . QckQDsCazN1nHuYXx5PmJYDBNgROSgTOyh2X5CK4a4L5WJia97WpYZTutTskA+OuQzHehqUjiEKQhOIoxC/cg1YM4Xc+JGfhP2EqQQ7180U7jjPE5oZA8QL0gzFgrsdMd6e1I9p5njHuDNQAS0kCEsFZEi0ko7AekAQjJZ2Z3gIA+uPAUHMTeHAZ4L025jVxewTEOM93tUi8rE3EZLeN8D3/L0jvjvf15qwsnypSbaHZ1DzQu58ymiumMIAbnJ+9jNj5D/KTZ8pbMF+KaEmggUpysTlUC/iFbt1lBza/ahq/ralGkwuum4JdlIUtBRfi8l/ZsTuNhmfb1ZEXYCykjA==
+tv.			86400	IN	NSEC	tvs. NS DS RRSIG NSEC
+tv.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . m7ySaoiny4RPl7ocqkiT0EugyeWZ1OZKzn3+vwv2B6RmcJ2cBYYonXS76cajJqd373S9/4T31NjdLESrbnjzg143rkuafZHRO3ZeG70ayifPOolzde+DuG17WjQh2io5UOjdrKasvkYTamFZqholFpiZO17w5XwhlhYUkBFluCnUzGB/aDJ5qmCQ8g0aPQyHwjm3/VwHHZFytqDkAdMcTEhEER1W60rCDKygkCz2k1EBddQJPnsBFsn2CRMZbqd9NCq+keUm5Br09BaxILmUwf93WRgCH5cpbSl/j0+Jtb0RMpvnylqdb7j0VX4K3y5XfYimeqtKx+u6W5NctPxu9A==
+a.nic.tv.		172800	IN	A	37.209.192.6
+a.nic.tv.		172800	IN	AAAA	2001:dcd:1:0:0:0:0:6
+b.nic.tv.		172800	IN	A	37.209.194.6
+b.nic.tv.		172800	IN	AAAA	2001:dcd:2:0:0:0:0:6
+c.nic.tv.		172800	IN	A	37.209.196.6
+c.nic.tv.		172800	IN	AAAA	2001:dcd:3:0:0:0:0:6
+d.nic.tv.		172800	IN	A	37.209.198.6
+d.nic.tv.		172800	IN	AAAA	2001:dcd:4:0:0:0:0:6
+tvs.			172800	IN	NS	a0.nic.tvs.
+tvs.			172800	IN	NS	a2.nic.tvs.
+tvs.			172800	IN	NS	b0.nic.tvs.
+tvs.			172800	IN	NS	c0.nic.tvs.
+tvs.			86400	IN	DS	29161 8 2 A36CBB75C2C810D16FDD5562C334351BDD007F5AEB008537115586951AC39240
+tvs.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . hyihM7B1QyNoVrZqZrpttaZEvVI0oYhU+iJYCfrzTzgJaJcPjr+Ds9oXT/eZrilKinzsGmIcEfE6he2K2YPptIhO4v70B3NAKK5GBa0LH3Bd9pcaZAx+ENznKl2YeySbGfBNY+gavTze1bCkvkxp5fTgINBjPZWmTpIgpJEpMszXvhKvgt/JDH6aOCNZI53ZOEWEZWP/WIcY+oqP+A8SKU90S+tUWlDFKG35R34ScwnqAdSgs9Nnh13Q+HmhhKWixlVISxvwuDf8hmbqeW9D3n9fXWUw5xZFmcdJvo+e9QkFyM1ahe4VTrfhFEdkuKzk3tN4RXQZSmRC9nOKFzjS3A==
+tvs.			86400	IN	NSEC	tw. NS DS RRSIG NSEC
+tvs.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . N3coToESAHaspj1LfcMq+rld0GvOXyJ70VzJaVuRrLHENl+LOPPLlC+QCrB6pGn5bJYAzpTNW+Z5gpwKUlSYDp8dgx+uNEYJqEq2pV5/V9gUbt5gNdu8ljJpM0ltJADoHx4GDjkwDgAprU25C5cm0cfFrfpw0q+nDpA8jvPHXp9pMiJ//WODLpaohm0QGXIYlJaRVeVOc9n24KJ8C0hOZEQIVf4B77siehJNA/xcPL+jsIvXWDVml8YT2DvzFoSl2qVD4PHfPjPi2kNcEyRQAyYn/8PTlRAODZdjXHktKGB4WecCG3x7zOTUAOs3inJDiowYEf0Yb4KLreWHXWKOpA==
+a0.nic.tvs.		172800	IN	A	65.22.204.9
+a0.nic.tvs.		172800	IN	AAAA	2a01:8840:c6:0:0:0:0:9
+a2.nic.tvs.		172800	IN	A	65.22.207.9
+a2.nic.tvs.		172800	IN	AAAA	2a01:8840:c9:0:0:0:0:9
+b0.nic.tvs.		172800	IN	A	65.22.205.9
+b0.nic.tvs.		172800	IN	AAAA	2a01:8840:c7:0:0:0:0:9
+c0.nic.tvs.		172800	IN	A	65.22.206.9
+c0.nic.tvs.		172800	IN	AAAA	2a01:8840:c8:0:0:0:0:9
+tw.			172800	IN	NS	a.dns.tw.
+tw.			172800	IN	NS	b.dns.tw.
+tw.			172800	IN	NS	c.dns.tw.
+tw.			172800	IN	NS	d.dns.tw.
+tw.			172800	IN	NS	e.dns.tw.
+tw.			172800	IN	NS	f.dns.tw.
+tw.			172800	IN	NS	g.dns.tw.
+tw.			172800	IN	NS	h.dns.tw.
+tw.			172800	IN	NS	ns.twnic.net.
+tw.			172800	IN	NS	anytld.apnic.net.
+tw.			86400	IN	DS	51277 8 2 462DA9AF501D2B1EEF6725522DB5972F8CD2490B51D92088FF1E3D2DE0EC7BCD
+tw.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . AiBDVciALzpcRqrQWNLs1WK3QYZkPvzLvH/F5I2R5H3aHTPxm2CHTeTsZND0X3KqqqkIAHe65gANc8J3klROv+qmonTkiel12hVqg54uK95vft1AaMMywM/aZPAJBM5yEXP3lkiEqAGM+4TisHH5dTh0FGHFnKPKGf52LW8SMB++FDL3uDqCKnqKJgaNgBIgDMwePljXDBVc3pvBEdpZTlGzaix/C24pQ6BJ0ZU6hP+WR1tidBX0UrExkWx+JAQVBds87GlJRKKiZz/5gkwgdrttSeqglq6mo/c35AsmwKe7C6o7GQSZYLgexfnKf5R3ojz1SyjSKTYfTa16esdU3Q==
+tw.			86400	IN	NSEC	tz. NS DS RRSIG NSEC
+tw.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . yS5oqcHzJtQqEmBCF4Kiu7pg4YKOEXPk9d8wceXl3uFYwgUqpdOGVvBSNngsg2kvoYrWMtNNGD3YtMS6xvlvfcXASyCw8BIxGjNECzKjTZUc+yyEZaYJLhu2CrTNe5gpQzdSNVg2+jW2VB+8VhPcv8VaqCKTt71nqzbEQYawBr47Yp8wB6EjJmivZv4wBmNGAYukIQrfc663I6H7qQ7TKKV6pW+0I0NuxGX2rryKeAe59g69k0TzCdW0UlfGlkBWby85D9WgcLtiOCG2ZP0G23MLXLfxz8aF77Ike9ohW3crNi2hlnp2GtIcWIiD3oFYdYBI1aTDqkSVhEv8COaOsw==
+a.dns.tw.		172800	IN	A	203.73.24.25
+a.dns.tw.		172800	IN	AAAA	2001:45b1:0:5:0:0:0:25
+b.dns.tw.		172800	IN	A	210.201.138.58
+b.dns.tw.		172800	IN	AAAA	2404:0:10a0:0:0:0:0:58
+c.dns.tw.		172800	IN	A	203.66.87.201
+c.dns.tw.		172800	IN	AAAA	2001:b020:0:77:0:0:0:1
+d.dns.tw.		172800	IN	A	60.199.165.186
+d.dns.tw.		172800	IN	AAAA	2001:4541:9010:7:0:0:0:186
+e.dns.tw.		172800	IN	A	211.20.231.11
+e.dns.tw.		172800	IN	AAAA	2001:b000:1e0:c000:0:0:0:11
+f.dns.tw.		172800	IN	A	163.28.1.10
+g.dns.tw.		172800	IN	A	34.141.111.176
+h.dns.tw.		172800	IN	A	204.61.216.119
+h.dns.tw.		172800	IN	AAAA	2001:500:14:6119:ad:0:0:1
+tz.			172800	IN	NS	ns.anycast.co.tz.
+tz.			172800	IN	NS	ns2.tznic.or.tz.
+tz.			172800	IN	NS	rip.psg.com.
+tz.			172800	IN	NS	fork.sth.dnsnode.net.
+tz.			172800	IN	NS	tz-e.ns.nic.cz.
+tz.			86400	IN	DS	30234 13 2 3D83825B9F7D66F9B28B5566BA5371798E8D3B88EF079BB88F52617811C1B9A0
+tz.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . l+Vo/vYcIyKHtt2vr4kjIcUHWsLDFNIpFE08v4jZ+AtFKQQTks3M1WXVFi5yuqT/ztzCqXC7roXn9siyZfS52ggmJ7kdnlnYml9dBuPmqyNIWLjcNKp8bevDADerlI/owYvMvZyPduuXtfott7kykUn+mFbMoo8Flw+4ZR6Yh5zocb1DzKBgeH0ZyqQBegAPccGCYDscXNkI9xzeJWrzpY6PoAXJHiLCyRAQq1qTTkeeV6tW+cCnkr+b1+R1Bq6tNs93jU+UgSZ+EE26tYFxA88dukA6mi7K+q116UD3jIBbuZKsyXmYILEiZcan6qdvg1gFSp7/HYY7cE5fwj1ECg==
+tz.			86400	IN	NSEC	ua. NS DS RRSIG NSEC
+tz.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . tYQnTXwAGrTUJHGwlKuHDG6CIbyJ1g+BwP2LKtwH2lUa5gS6VsetucuAgdTi7yvkvKSv9MSQSJ42hlCBKgIzvmOPuS5KEBxySuLjpasfF6Acuzv5W5ZRJOcnl1fdRGQSdEpCfc6/awr7RclObHLTVjvSLPHoSMfXN1FvzilmavKObCfUGsgtnY19nkRiD5qPNn+JTetaojd549PnbizhWelc14Ps/PhxDUpjaq6wU4T2nDvmAVqodwTg9y3gWfqv8577D3ZBuPr4L1LgZOpDMvNpUU1LsYOkaWJS7UsO8I+7pDYBk5CYxgnagCFTAY5fzqGdF+yc+jg7JFIyusXx1w==
+ns.anycast.co.tz.	172800	IN	A	204.61.216.15
+ns.anycast.co.tz.	172800	IN	AAAA	2001:500:14:6015:ad:0:0:1
+b.ns.tznic.or.tz.	172800	IN	A	196.216.162.70
+b.ns.tznic.or.tz.	172800	IN	AAAA	2001:43f8:e0:1:0:0:0:70
+ns2.tznic.or.tz.	172800	IN	A	196.216.162.67
+ns2.tznic.or.tz.	172800	IN	AAAA	2001:43f8:e0:1:0:0:0:67
+ua.			172800	IN	NS	bg.ns.ua.
+ua.			172800	IN	NS	nn.ns.ua.
+ua.			172800	IN	NS	ho1.ns.ua.
+ua.			172800	IN	NS	in1.ns.ua.
+ua.			172800	IN	NS	pch.ns.ua.
+ua.			172800	IN	NS	rcz.ns.ua.
+ua.			86400	IN	DS	48349 13 2 D8456DF0EAB0DB7D2422B4110722F5772D7B2F1FD41D487E956A54F1039D53C8
+ua.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . Yp9PZfsOnnKTEgIyJjCTeF5Yz4IfQ3uWQyDNa8JuSLlzjN6wDem5vJU8qNz110aHyzJxpp6Oi+4c54d5NeZ/5gxc2Yxqai10GY9tZFu6sHM3AaEYJtjItDKSw150TwEduqw2TrApHkuxSjzYaq3OiPzQeWLALc8ixvppVFkRuszyyPW2kQQHEMFJ1PcGjvnGFIITjU1nug1YkUIu+By+djDdozY1tawBnzTxuCQj+suBy6f+vtlMJYMhO89G7NoI6+xCaF96RhBQDXNEEzj/8H3q6m9e8GpFgLmtcb4cnd8gkcpz7xFsyQu2vFOpavf5wnLFTzN/5qHJZxJmN2NNMg==
+ua.			86400	IN	NSEC	ubank. NS DS RRSIG NSEC
+ua.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . HWCsXv/EUDKaaY2gFS5tt9FB7/N+zizaQ9mfD8769q2GenWcX23YkTpF4HZid569tdKmLwhVJUI3s8f5aTGJ6xcvInc/A1WbWavrBgmWObLleRi4Ux/cbwFs7FmFBFYJ5FAVCYN+2eqKkl1Gu9+gzE91a8h8cbS5e2FvvhfKL7dWzuLRY0FnqVjGUNtNAbbQHd2QjnASuwM4D2h2eqikEofhuRD7yrXkfjcNxynd8JFWrgq6hPX6TgpRU50fwY0zFogETU6D3absRBxTAzWw7HEqZAdvFmTXXe15ju0kjidbRlj4hE8z6/ufruCmdNK8YslVvcxtCH5kKs+PvaUUEg==
+az.hostmaster.ua.	172800	IN	A	195.47.253.13
+az.hostmaster.ua.	172800	IN	AAAA	2001:67c:258:0:0:0:0:13
+tier1.num.net.ua.	172800	IN	A	149.202.5.226
+dns.tci.net.ua.		172800	IN	A	91.231.86.238
+bg.ns.ua.		172800	IN	A	185.136.96.185
+bg.ns.ua.		172800	IN	A	185.136.97.185
+bg.ns.ua.		172800	IN	AAAA	2a06:fb00:1:0:0:0:2:185
+bg.ns.ua.		172800	IN	AAAA	2a06:fb00:1:0:0:0:4:185
+ho1.ns.ua.		172800	IN	A	195.47.253.1
+ho1.ns.ua.		172800	IN	AAAA	2001:67c:258:0:0:0:0:1
+in1.ns.ua.		172800	IN	A	74.123.224.40
+in1.ns.ua.		172800	IN	AAAA	2604:ee00:0:101:0:0:0:40
+nn.ns.ua.		172800	IN	A	194.58.197.4
+nn.ns.ua.		172800	IN	AAAA	2a01:3f1:c001:0:0:0:0:53
+pch.ns.ua.		172800	IN	A	204.61.216.12
+pch.ns.ua.		172800	IN	AAAA	2001:500:14:6012:ad:0:0:1
+rcz.ns.ua.		172800	IN	A	193.46.128.10
+rcz.ns.ua.		172800	IN	AAAA	2a02:850:ffe0:0:0:0:0:10
+ukr.ns.ua.		172800	IN	A	194.58.197.4
+ukr.ns.ua.		172800	IN	AAAA	2a01:3f1:c001:0:0:0:0:53
+ubank.			172800	IN	NS	a0.nic.ubank.
+ubank.			172800	IN	NS	a2.nic.ubank.
+ubank.			172800	IN	NS	b0.nic.ubank.
+ubank.			172800	IN	NS	c0.nic.ubank.
+ubank.			86400	IN	DS	54160 8 2 7EC37B9EEC2FD88753A21503F50E7A96F59E706EF760D8143773B0D6B1B16E4C
+ubank.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . L/B5O2NoVHB8FfHrWgZl5x/SdZGMdAzfK6LYnR2y2zIBeoWCdvJ+Cz0vZxGt4MqOAGuCTRW8OnoDWePUp0xp5aZ6HhXDDmbhpoh8zjC1+iFoHcaYbxiE8W/t1dlI8jZ5+1IXTxIZ2PzQ+YkrwfwoofxftSpogDSTQLRA77riXESYKZxGZWk1vfaXqzg+c4cQookvC+vvtEzKd2+Bxs6/8GXP2GA4iX78wW5eBZJQUkEnRcancJXnExbQtpEQHLz0cgXQ2DlYSg31nVVcDqnj0OXUJ0nwXv3nR3s/XL9ZOUs1mhwVwWbzHOApbHwkhK4O+KjZqkfXpOBzGvhCVvcffg==
+ubank.			86400	IN	NSEC	ubs. NS DS RRSIG NSEC
+ubank.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . tprkMZn47riNxVRMobwTkDir+42rK5wjYv1wzXXQWvfIYT2IPyr9Yx+/b6d0O9T9VIyBt+doP3Kz1H4VbyeIQdKGlFcmdOA4bSeAv6hw53BseeUcL2kwS558iYtY4DqogAdxkb5gsK2ysmD4MoCIpLhyiIo2FolDJMkLFGEcTWu2aGoldk3ZFNHFMjYriDuQivZmGhZFOu7msHOj56sw6izIdY5wh8WMmTEC21Amc25/bqryl7CwSBjVKffsip9RDy/pSwjISh7Brn/CNF/f9sQ9xjgsFV/KgeOV5t/LCgMWmc6KMKMDUVcc6eCoqx70sNYa3tbWWR+VS5276KGvAA==
+a0.nic.ubank.		172800	IN	A	65.22.112.70
+a0.nic.ubank.		172800	IN	AAAA	2a01:8840:6e:0:0:0:0:70
+a2.nic.ubank.		172800	IN	A	65.22.115.70
+a2.nic.ubank.		172800	IN	AAAA	2a01:8840:71:0:0:0:0:70
+b0.nic.ubank.		172800	IN	A	65.22.113.70
+b0.nic.ubank.		172800	IN	AAAA	2a01:8840:6f:0:0:0:0:70
+c0.nic.ubank.		172800	IN	A	65.22.114.70
+c0.nic.ubank.		172800	IN	AAAA	2a01:8840:70:0:0:0:0:70
+ubs.			172800	IN	NS	a0.nic.ubs.
+ubs.			172800	IN	NS	a2.nic.ubs.
+ubs.			172800	IN	NS	b0.nic.ubs.
+ubs.			172800	IN	NS	c0.nic.ubs.
+ubs.			86400	IN	DS	59500 8 2 7C8D56D7ECD2A44500D7463258C99B2ACB49EBC2BBABB7AEB3A658F2D21581AB
+ubs.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . wULfBpQFG22XtMMhGf7SNFW1obN+l48iqRcUZa5Iv4TEo5jfIEBQW0KfQzFmY+CLBV3sxSh/DFXuDlm238IDZ1xyV6IUTeC8B6ufyiqpcLhBsemzwID/8YqSIp0JggGKaXBis2PQQUYD+XgPZl708G9mR9aUPgeT8cb9MSCy88o+MSt14vS3n3Lte+DuQ1TGHSVa1HWy7yagTxv6KgwTCsyW5KZhgCNmjEPyKSIMqN72IV1YwpoqvrzQtYR8uwqCyfGdJmy22sZtTTtz42zdJYnZ3UT/q21l1klfAJm+BkmcHyT+5xAGX9iEthpsnaqt4BYe5hCiVZwzry0o/lHbug==
+ubs.			86400	IN	NSEC	ug. NS DS RRSIG NSEC
+ubs.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . ARq6F7CaszVPxfBJ1PTg+IafumLVTfA3vyvbxxZkTHbTFH9PQC0YIZ6+NeQmmkMy2OK4ex2vBKqdxk1wM50RMWkETqQdn5vLBkoH7nMGb+8UJ+rVmE0Nv7Ozj28pkJIqBvz9GgWiVkaDv9wHHpGznO2N15HZwHzlBT3pnJdbEmwo7hxj6NsMtQmsjbkxRMv6r2+aFfj22FWBU3Qd5hjrh/cOj1BFKt0ZcGjKOwa5gL4FSAj6Pkfg/pNVDeh4wpslHDlK4su9oKcnsmx+Wvp4LzT123GngUbjkCo4nbAq+UDfGofW9eSf4GDkq0dDPzb0dbp6s2riOzJ1xhiXJDx6Ag==
+a0.nic.ubs.		172800	IN	A	65.22.112.71
+a0.nic.ubs.		172800	IN	AAAA	2a01:8840:6e:0:0:0:0:71
+a2.nic.ubs.		172800	IN	A	65.22.115.71
+a2.nic.ubs.		172800	IN	AAAA	2a01:8840:71:0:0:0:0:71
+b0.nic.ubs.		172800	IN	A	65.22.113.71
+b0.nic.ubs.		172800	IN	AAAA	2a01:8840:6f:0:0:0:0:71
+c0.nic.ubs.		172800	IN	A	65.22.114.71
+c0.nic.ubs.		172800	IN	AAAA	2a01:8840:70:0:0:0:0:71
+ug.			172800	IN	NS	ns.icann.org.
+ug.			172800	IN	NS	ug.cctld.authdns.ripe.net.
+ug.			172800	IN	NS	root.eahd.or.ug.
+ug.			172800	IN	NS	ns-ug.afrinic.net.
+ug.			172800	IN	NS	anycast.eahd.or.ug.
+ug.			86400	IN	DS	2767 8 2 4278D7C4B2B45738A39F310EAC36558411BD547812517BDF23F95FCBB4796B2E
+ug.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . Y4k5HADQuk4N+jbvzKSlR5t2J9kJtzanjeG8jqizaJKMB9poy8vndAoc/t7o4Q3MVbxxnxYYKdbe2m2sVeQoAIsL7KmwW7F2E92WlSCxBMoCpfeCY/SsFUXSOF7NzpI7Nc0d7L3Mqk1J2DXaUCVFDHDn5ZsXiChuQVj6XeaPmVjelHugLuo8g2BK/NL7kPXiJcD70rH58h6oo4Q12mk//+OKXES5c6ZpxIY8/Pxsrf8WsLQcGAbeSi8MT9eZbP1L/qx2hhZRgDyOOPAnNCOuxiQ9VsJOOGwAzvL7z/2fjvAM7Hrxc0MVt62x1O94/KA3mgG2Jd70TXsWfbb6LAy8pg==
+ug.			86400	IN	NSEC	uk. NS DS RRSIG NSEC
+ug.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . A7AV/4+w8ndq55cBVxF7/gfVMBYkhXD3/jBheU4y1zCLLp94QRQIwYD/0lsz9sGDOamsi/9sfO9iy860ONjV+tKxOx7fDFLn/HrTvlGB6DvhlES0Vfp8l9B0MbpEJ694mGZ4FokmKJnUd7a+oQp9HVUZ9iIJ7C8se5bPP5BVgT3Il5lG/4RAb3iAmh8uRF+bMByFbBoJ5K2Y2S/Qix5J4gvDM4pqZh3DvVN6sxG2uCz5icg7FenO3VVJVPscSmgSSMM5XI0cBpWPj0izZ72J4S+Yaz8TxtdnJ+2Ce5ZlQujHBFwcyyUG4AZRlMO1acryBix/i8Pun0NuI5G3IKN1kg==
+anycast.eahd.or.ug.	172800	IN	A	204.61.216.60
+anycast.eahd.or.ug.	172800	IN	AAAA	2001:500:14:6060:ad:0:0:1
+root.eahd.or.ug.	172800	IN	A	212.88.97.132
+uk.			172800	IN	NS	nsa.nic.uk.
+uk.			172800	IN	NS	nsb.nic.uk.
+uk.			172800	IN	NS	nsc.nic.uk.
+uk.			172800	IN	NS	nsd.nic.uk.
+uk.			172800	IN	NS	dns1.nic.uk.
+uk.			172800	IN	NS	dns2.nic.uk.
+uk.			172800	IN	NS	dns3.nic.uk.
+uk.			172800	IN	NS	dns4.nic.uk.
+uk.			86400	IN	DS	43876 8 2 A107ED2AC1BD14D924173BC7E827A1153582072394F9272BA37E2353BC659603
+uk.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . 1fSSzqcGoLO8k5W+/Dq86U2luFM42eATFl/dlfS8w3tKLI6KEUidK0pAU/I0ewxojV0KLJwnusEbMDNijTkNN5CPf3NkcwW9IH+EarkufLURNVdymwVvjN9tq9BX9n3FWUlbLm3B3mroFPN8iAeNwJTrJ3ccA3FxuwIAB6WUMJ+1kDF8y7Lb4/LEEwFH3qFkiodS6CxiM60ZGfypSBvvGT6c6ycDKH2Cg+FL4YtpyfY2y9aNdrUyCDlWKoHBDvbsV3xUknGp6hxY3o/hoJA0bRyPwJ60tv9T7odfd5lSKS1Ay3y9ae12GA/7oOsLnv37CCvdHa6XOqFYGBwgoYkguw==
+uk.			86400	IN	NSEC	unicom. NS DS RRSIG NSEC
+uk.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . kUpMo6Vlmzs4vyCY0tG0XPriZqyFOdW/FKNDQz2g9Vg3ALO14IKA+1K7AWxXklvNQl7y+uf80rf2JQUnZAQEU4ObzNdQS5vRy9KL+PR6Y/Qltop+NrA/pcfEfpRx1WsBDBi23pLn5OCmh0mnTCmOzBGcdO9MZAaR3uARX24s9CX1xLqLp5eZhqQuUlaWv3Mkgz43QDcorjAYPP2VFYtpDrMB3+qXzir4KHItbPQuB76C9O9I8gkSd5ApOeBC/HSkRHRway2PRJEkkyXfcEX9CTNontsZD6Xvobw688CBGeHsPTA/KdRIhWLchs8XNsaWtmKTMZ5mhqCo1JPY1vUW9A==
+ns4.asnic.uk.		172800	IN	A	43.230.51.254
+ns4.asnic.uk.		172800	IN	AAAA	2401:fd80:407:0:0:0:0:254
+barney.advsys.co.uk.	172800	IN	A	217.23.160.50
+dns1.emdns.uk.		172800	IN	A	213.248.217.153
+dns1.emdns.uk.		172800	IN	AAAA	2a01:618:401:0:0:0:0:153
+dns2.emdns.uk.		172800	IN	A	103.49.81.153
+dns2.emdns.uk.		172800	IN	AAAA	2401:fd80:401:0:0:0:0:153
+dns3.emdns.uk.		172800	IN	A	213.248.221.153
+dns3.emdns.uk.		172800	IN	AAAA	2a01:618:405:0:0:0:0:153
+dns4.emdns.uk.		172800	IN	A	43.230.49.153
+dns4.emdns.uk.		172800	IN	AAAA	2401:fd80:405:0:0:0:0:153
+dnsa.emdns.uk.		172800	IN	A	156.154.100.3
+dnsa.emdns.uk.		172800	IN	AAAA	2001:502:ad09:0:0:0:0:3
+dnsb.emdns.uk.		172800	IN	A	156.154.101.3
+dnsb.emdns.uk.		172800	IN	AAAA	2001:502:2eda:0:0:0:0:3
+dnsc.emdns.uk.		172800	IN	A	156.154.102.3
+dnsc.emdns.uk.		172800	IN	AAAA	2610:a1:1009:0:0:0:0:3
+dnsd.emdns.uk.		172800	IN	A	156.154.103.3
+dnsd.emdns.uk.		172800	IN	AAAA	2610:a1:1010:0:0:0:0:3
+dns1.nic.uk.		172800	IN	A	213.248.216.1
+dns1.nic.uk.		172800	IN	AAAA	2a01:618:400:0:0:0:0:1
+dns2.nic.uk.		172800	IN	A	103.49.80.1
+dns2.nic.uk.		172800	IN	AAAA	2401:fd80:400:0:0:0:0:1
+dns3.nic.uk.		172800	IN	A	213.248.220.1
+dns3.nic.uk.		172800	IN	AAAA	2a01:618:404:0:0:0:0:1
+dns4.nic.uk.		172800	IN	A	43.230.48.1
+dns4.nic.uk.		172800	IN	AAAA	2401:fd80:404:0:0:0:0:1
+nsa.nic.uk.		172800	IN	A	156.154.100.3
+nsa.nic.uk.		172800	IN	AAAA	2001:502:ad09:0:0:0:0:3
+nsb.nic.uk.		172800	IN	A	156.154.101.3
+nsb.nic.uk.		172800	IN	AAAA	2001:502:2eda:0:0:0:0:3
+nsc.nic.uk.		172800	IN	A	156.154.102.3
+nsc.nic.uk.		172800	IN	AAAA	2610:a1:1009:0:0:0:0:3
+nsd.nic.uk.		172800	IN	A	156.154.103.3
+nsd.nic.uk.		172800	IN	AAAA	2610:a1:1010:0:0:0:0:3
+dns1.nominetdns.uk.	172800	IN	A	213.248.219.254
+dns1.nominetdns.uk.	172800	IN	AAAA	2a01:618:403:0:0:0:0:254
+dns2.nominetdns.uk.	172800	IN	A	103.49.83.254
+dns2.nominetdns.uk.	172800	IN	AAAA	2401:fd80:403:0:0:0:0:254
+dns3.nominetdns.uk.	172800	IN	A	213.248.223.254
+dns3.nominetdns.uk.	172800	IN	AAAA	2a01:618:407:0:0:0:0:254
+dns4.nominetdns.uk.	172800	IN	A	43.230.51.254
+dns4.nominetdns.uk.	172800	IN	AAAA	2401:fd80:407:0:0:0:0:254
+dnsa.nominetdns.uk.	172800	IN	A	156.154.100.3
+dnsa.nominetdns.uk.	172800	IN	AAAA	2001:502:ad09:0:0:0:0:3
+dnsb.nominetdns.uk.	172800	IN	A	156.154.101.3
+dnsb.nominetdns.uk.	172800	IN	AAAA	2001:502:2eda:0:0:0:0:3
+dnsc.nominetdns.uk.	172800	IN	A	156.154.102.3
+dnsc.nominetdns.uk.	172800	IN	AAAA	2610:a1:1009:0:0:0:0:3
+dnsd.nominetdns.uk.	172800	IN	A	156.154.103.3
+dnsd.nominetdns.uk.	172800	IN	AAAA	2610:a1:1010:0:0:0:0:3
+unicom.			172800	IN	NS	a.zdnscloud.com.
+unicom.			172800	IN	NS	b.zdnscloud.com.
+unicom.			172800	IN	NS	c.zdnscloud.com.
+unicom.			172800	IN	NS	d.zdnscloud.com.
+unicom.			172800	IN	NS	f.zdnscloud.com.
+unicom.			172800	IN	NS	g.zdnscloud.com.
+unicom.			172800	IN	NS	i.zdnscloud.com.
+unicom.			172800	IN	NS	j.zdnscloud.com.
+unicom.			86400	IN	DS	51527 8 2 79FE987F5EDEF21F8AFC9A56DFE663D4B6AE8E2B046F82EA092571B6B2871D96
+unicom.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . cLbBcwOY6UujV4GTaHo9gKJn/XqQWH6JHe4qa5jLd8saLRsJIk2ie0sPLvoBnhIB41YzPzVC0nBQJkshN78ddO5TAHv+jodAbnUJP3iXo8vy2fOGsqwRdAIqapP+ddB55lK6/C5CZNRupcZq4Z+ilzX1YQE4q5m0C/WJYacddnqcJ6ac9Z3neDKG92hA9ZY0UqfeCoolPYRnZjUQ0ShwWMMlOfRI3gFuVkppDC7XY2q0ri9ob/umpMcvJYuXO2McaMhsK92UX1tU+wR4dN8ElVbUjNvTZ57y+zdoefh5DuUWa447fU1ClRUjnv4laAsh9jhEcvuPyec4RNBtFfuAAg==
+unicom.			86400	IN	NSEC	university. NS DS RRSIG NSEC
+unicom.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . JDkimj2Yj8xSB+9KsqenF+oUzPQnbuMtZlkGPuofnWnfyDNgQLZQfB6Z1wMlnuIdy1yMjrq4PUoUlJ6uZM2Ftq07NeIVwFbXB2TlvyQQwX1GYwJ+HCr9e4pDOs988STDO1RerCFxYX/k//sFP8DlPr5zEfCDxNuP95qFbGJxzAHjZUkr7ukx2lP8JNYqmXxdenKPXJAnA1hw+FBbjWXhNTbf1utomIa4kn0QSXlqKIa8u/UKs9Fuv3+477ErP68xDRa86qlwAAIrmBmSKxJBM0R9OO+WMS/pLHoQuMxIQMt8cRRXkaspDPV5F1jfyfv1CV94Fi01QeaQ0Uu8mqNxSA==
+university.		172800	IN	NS	v0n0.nic.university.
+university.		172800	IN	NS	v0n1.nic.university.
+university.		172800	IN	NS	v0n2.nic.university.
+university.		172800	IN	NS	v0n3.nic.university.
+university.		172800	IN	NS	v2n0.nic.university.
+university.		172800	IN	NS	v2n1.nic.university.
+university.		86400	IN	DS	40537 8 2 674E5D0FC3D6A5EE42486211CE3BE970A6B6DDE79BA48553732C1A929715302E
+university.		86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . NKsAiqDZ7yJlJhchuo4/nGBm3Gxuy69vZ8xRjPTHheVt84Z0GaL0hKAWi1l1tDGWhukMD0ECmef+eYkjl4FdViTvQCAaEoCozQHap8AuDK+Cr17Hw7pz/ekYurYw0clipb/Vs96OdBuYPQqeuz+6sRk6dzvxmEIXfP8eoNXfHUkUXmce5JVuep9wvMS34B3JtQR47CMngvkKTDG0uonD4aUE3OF5249rGNR5COZA3a76DChyrMXerSPmpcA4o9ICzqPDG1zlIzNBrTG/G6cfJsZhkggLp3uizxvo9m+TTr82regJu+5tmb7G2CAAP2o9erXVYTC4nr/ohNZ5rI5hcQ==
+university.		86400	IN	NSEC	uno. NS DS RRSIG NSEC
+university.		86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . Cq8FwAhmICydPGj6A6DHuIqqMPClleO2i9zyXAGINa1vtALEpykn3DzK1ZTLkya3KmFdL06rPkXbQFueUh+2kMdR2hBJ1ePAYubX7udm3DxFmCdjKJ3oAcXhHcf634FmSecIHGOm1sG52kMPa8VSXI+KOa6Bj8xm1O9u9SzlzC5m+7k1z6U/2XMbqORITBp8za7WVbC2pOSm7HDdGfJWjVuESKuPjZR1JekBUcp7+iYjHHpcrUIt6DHW1Ugew99k1mUTTxExrCF7TyZPplp15UqSgxfOMytl638KfilK+SwJdI/8SvCvwQn6e4DJiOaz9Uu6EUR8eSnzZ/a21zih2Q==
+v0n0.nic.university.	172800	IN	A	65.22.20.19
+v0n0.nic.university.	172800	IN	AAAA	2a01:8840:16:0:0:0:0:19
+v0n1.nic.university.	172800	IN	A	65.22.21.19
+v0n1.nic.university.	172800	IN	AAAA	2a01:8840:17:0:0:0:0:19
+v0n2.nic.university.	172800	IN	A	65.22.22.19
+v0n2.nic.university.	172800	IN	AAAA	2a01:8840:18:0:0:0:0:19
+v0n3.nic.university.	172800	IN	A	161.232.10.19
+v0n3.nic.university.	172800	IN	AAAA	2a01:8840:f4:0:0:0:0:19
+v2n0.nic.university.	172800	IN	A	65.22.23.19
+v2n0.nic.university.	172800	IN	AAAA	2a01:8840:19:0:0:0:0:19
+v2n1.nic.university.	172800	IN	A	161.232.11.19
+v2n1.nic.university.	172800	IN	AAAA	2a01:8840:f5:0:0:0:0:19
+uno.			172800	IN	NS	a.nic.uno.
+uno.			172800	IN	NS	b.nic.uno.
+uno.			172800	IN	NS	c.nic.uno.
+uno.			172800	IN	NS	d.nic.uno.
+uno.			86400	IN	DS	35737 8 1 A6654717B1B97394DE61BFE6D043459BA3A0112A
+uno.			86400	IN	DS	35737 8 2 0DFCCFC8E90286393539413D9F228FD96F7B08B8F15143020C07E32E3D254936
+uno.			86400	IN	DS	57892 8 1 3B49FDC11DAEE5187A4170A5BADF77A917BCE481
+uno.			86400	IN	DS	57892 8 2 C156DD21B3B96A50FA94BE322CDF6F0144E86C9597E4AA56D53E9B490C94A537
+uno.			86400	IN	DS	64285 8 1 E0D6F2ECBE3F28F3F59D4193198240F9966011E8
+uno.			86400	IN	DS	64285 8 2 3B4DD0FEBFBD51CB5F15DB43CCFC832DE0989445D6BB70C31A9B96F681CC6C77
+uno.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . RycShqwIPYxgZ0zH43081E2fiIaXe5nUE+3/e+xcqHV/8YIIhF2q0J1ObKlc9ReW+BJ5bvVuTiYi9GuOZ7ltnvobcWuP0icfs2uXq5hOOmgA1I39/KUm8nq8fgI2BAEXjm2iDmCQ5/leVx+XVCq9wCGlK3M/9ZMiC9X2Dj9w84StfEP+54mGKEV+lV3wZ71n03yV20Y2vYicB50E03PpDnCnni8LxKb4YNDGgrXG/z0KXI7CoV35NbS63r/+ZFTulGSXg8PGbdjX9baKz6RrUHr1TZRfmIxBZxqBAqUgbp+NQVFmUxWPqCvlMwwMBG9A7mMXOdCF6VCIlPgVPGuMLQ==
+uno.			86400	IN	NSEC	uol. NS DS RRSIG NSEC
+uno.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . eDiYmgFKJex2pJrJCgPufYqASC1LmTjNnhbgGg93abBfsFGRJh0dThVoEAt0GVTXOGZknczMkbjv1AK5yw4UvXUQe/Ymqwt/GIlx38ysZxu7JupDaVlci1gpq/4B6HRVEC/mcZxvGkjd+sAWyIebkWpG3W6e8wejhVxU8CB72RDPIC/Wm0IKlgJkZBP+2d412zBY8n0rfZeOo6V7sjrrvm6q9eENk6s4YPXi2m1KD68O49Z4lwiRTtJKWyPxPfDEX/OpL1gg+ywUfat2oI+FhZweWKOyU5KfQ0TmQlwxywfkP+krhZIBRvku7bL8E6K8stDuqG5qiIz/LNiKR3/zsw==
+a.nic.uno.		172800	IN	A	194.169.218.21
+a.nic.uno.		172800	IN	AAAA	2001:67c:13cc:0:0:0:1:21
+b.nic.uno.		172800	IN	A	185.24.64.21
+b.nic.uno.		172800	IN	AAAA	2a04:2b00:13cc:0:0:0:1:21
+c.nic.uno.		172800	IN	A	212.18.248.21
+c.nic.uno.		172800	IN	AAAA	2a04:2b00:13ee:0:0:0:0:21
+d.nic.uno.		172800	IN	A	212.18.249.21
+d.nic.uno.		172800	IN	AAAA	2a04:2b00:13ff:0:0:0:0:21
+uol.			172800	IN	NS	a.dns.br.
+uol.			172800	IN	NS	b.dns.br.
+uol.			172800	IN	NS	c.dns.br.
+uol.			172800	IN	NS	d.dns.br.
+uol.			172800	IN	NS	e.dns.br.
+uol.			172800	IN	NS	f.dns.br.
+uol.			86400	IN	DS	2471 13 2 3997A266FB5806ED43E8FA8DF8D9E492673FB4C8D35747346BE522FA5123317F
+uol.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . SgJYjPBxDfxoAeBhbZrkn2zYgBF+3OLWTmXbZzPIQaBvs0V6oB1r7Dz+yQXhYKduKLi+M+p4JiiYLXifttTiuJxLY7+iXPFl3yVTrA5IhAwn2BY4jp0qiOCNbbfEA4yjzSWwguYTxucuvFfRifT0c6FOTQKT8fKmTsv8p7JQ3hg5RBdhzyhD5jGdDJAEjYME26fje6MO0/ZLp9b6SlNAdoGjR4gAJzWNGYP+XfGX5oDv6B9HNjdcRMv2+4KN2D5e5fj8nTvrbkBqR+Mnfe4nAmEEoCP55LYoHI3tsF0miGl7ReFmoRk23TCGev4uDzT0JAG0FrWmv4WEXPtj740/Kw==
+uol.			86400	IN	NSEC	ups. NS DS RRSIG NSEC
+uol.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . hUAyPb4vj4suR+J/EhfRZVIt2Q9DomkkDWxsOJEPOgKX6l0Q9xdj7zxLTGGZAG73Ukp+vnP6+GplrTrgj0EJ39Js5y57cQoFkaWQpgKAttcdRtMDqllwGS41arZl0XjOQliuTnmQXviactqHtsgovlLms8pd3UD2Wnixm+giYFViXzZgNM8A16oORUa+iqu9o9bVpsB1bOIMu3a7kMiNFjTgI5SLfyPGIYdFCwplThTRonueQnLbwO1fS4G53cO6PBahnfbbZSBcTyHpmkONPyBZtz/hcONe89s/Ge9/5hXsgWP+plfoHYQc7CpLeJ33g/cK9HyeNo0dur9KCRgplA==
+ups.			172800	IN	NS	a0.nic.ups.
+ups.			172800	IN	NS	a2.nic.ups.
+ups.			172800	IN	NS	b0.nic.ups.
+ups.			172800	IN	NS	c0.nic.ups.
+ups.			86400	IN	DS	2002 8 2 28E49220A4B3BC519F2CD5800B8C96DB682A9651EEC3BB19FF98D670CBE4BE36
+ups.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . mWoNWiggWNlRWgXB30IxnsVC4Rt2ukybJKOMowqbjkitnA4UtfutKLMkE4RuoCba6981RnDH1lw/H8/M3DN0yNDof4S7+NGsD/QVNHDLwflbEW7h2exn2kezYAiKJA4r87GfVA1nKrh2AvhG7L2WcTYewthSz0IZjFbS1GShCGBOPvWL2xiOP3hXmcDU/G9oNXKuFSiEZFeA6nSTWNCD+w8OYaJXhEW6iXiJQhKMxtyc/DF+Gm8sANLKw0S3aoWuJdVW3Q9EAVtzdWWym9MBj48j6mbLKI6OFQesL3xhGOwI6SRtZ9qXyc1Nu0RphBCLuogfgAPqE5KHmqVyTxo8Zg==
+ups.			86400	IN	NSEC	us. NS DS RRSIG NSEC
+ups.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . IZ3hxZqHurMs4I4LJmyTn2vfo04kiEfOWqCqk/a7PknvbJWmCqoYB6Nd2W7aEihp2h87z7zUzs62PnWeuTB4FP7xEp6nDNGeh/ejGESW5Ha/V5ziwH3VzE0tQuSIC6V2Xetyq3Vu2GGx/gMJisYHGBNM42rdY+ZCCxJ52dqktHa6w4AHcyYrYD2VKmJ+gkRj/IeWL+eKLikMnmJaKoe77/tjEzkYF0ohdbrXWKVakl8zwjnzhLNuy2nb3BLCpg7j75AV8PBhZgPB863ld8C7oxCy+W6SFjmXGtyMCSSlMqPdV3AMWsUNu6v3nrAPgwjhKNpN36L9/LkI+76WlK89LQ==
+a0.nic.ups.		172800	IN	A	65.22.240.1
+a0.nic.ups.		172800	IN	AAAA	2a01:8840:ea:0:0:0:0:1
+a2.nic.ups.		172800	IN	A	65.22.243.1
+a2.nic.ups.		172800	IN	AAAA	2a01:8840:ed:0:0:0:0:1
+b0.nic.ups.		172800	IN	A	65.22.241.1
+b0.nic.ups.		172800	IN	AAAA	2a01:8840:eb:0:0:0:0:1
+c0.nic.ups.		172800	IN	A	65.22.242.1
+c0.nic.ups.		172800	IN	AAAA	2a01:8840:ec:0:0:0:0:1
+us.			172800	IN	NS	b.cctld.us.
+us.			172800	IN	NS	f.cctld.us.
+us.			172800	IN	NS	k.cctld.us.
+us.			172800	IN	NS	w.cctld.us.
+us.			172800	IN	NS	x.cctld.us.
+us.			172800	IN	NS	y.cctld.us.
+us.			86400	IN	DS	46144 8 2 0C67E6017124BF19D50BE565CC486FF3CFE2A278FE2E5983FF97B2A453386419
+us.			86400	IN	DS	59017 8 2 7DAF469D42B5D8E5537FD4DD4B6057710E9A61F72C32EB7FB6526F52277EC2B0
+us.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . EfG7dvlLKc5oTHJegrcd0WLA+D6QHGCCJ2kPdZxvz9P8Yebt1OQTtZmyfBet1o7sQFiNzMm3I0uETAPBfgXun/hyL8mW02hhFNJ6adZWUvo8eK6eUsf6A24PzPxbYUmoS41dXoGDpojN5s/htTyBSSvDkx74iABzl26S2gpX9F+DTczMBJmrNbzPjporfv3gb4w8oQbnxEmme7o1WRMCxkW6cdBrW/WvLmiYF70vTgxvg0PBElJ5q2UsweQDbSLnN4md4jBySeAa4DHRM3ZmpviYSNC/FM778rr2FzOqxQ1lQEpWJH+c7IidXnr0BD0RyyCMY1QgAR5EyduCEuXUAw==
+us.			86400	IN	NSEC	uy. NS DS RRSIG NSEC
+us.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . xJ/TEqCdoM524I//4BJoZV3xJzEjpNk5JXI40kipDZ8BB8QBM2fWaZfksYLfl1OQ2AMoQiYiVpj8mPOCrt9mICOmv1ilRnzuMXInuB471Z/uYLil47TpJwC2Bjc3q4RE0VAbiOWFcoCTBmhzxc+JB0aT7ywu3jwmMngwIvr+Vl9BNP924dr/J1+qRzUesbjHBN5WtDWkSykI3bVfRmc8exihT3xquVCxll7OjQUM97sS24/vtoLCKIGsroST6XvkwGhjdJhS+5j6yGKa9mI8QXkeW/EqThztNr3zbbI4Wh0fZbshrl08tBhu3iNX0/Op4v8L3rvIHmEYxTHSmldI3w==
+ns5.asnic.us.		172800	IN	A	194.146.106.86
+ns5.asnic.us.		172800	IN	AAAA	2001:67c:1010:22:0:0:0:53
+b.cctld.us.		172800	IN	A	156.154.125.70
+b.cctld.us.		172800	IN	AAAA	2001:502:ad09:0:0:0:0:29
+f.cctld.us.		172800	IN	A	209.173.58.70
+f.cctld.us.		172800	IN	AAAA	2001:500:3682:0:0:0:0:11
+k.cctld.us.		172800	IN	A	156.154.128.70
+k.cctld.us.		172800	IN	AAAA	2001:503:e239:0:0:0:3:1
+w.cctld.us.		172800	IN	A	37.209.192.15
+w.cctld.us.		172800	IN	AAAA	2001:dcd:1:0:0:0:0:15
+x.cctld.us.		172800	IN	A	37.209.194.15
+x.cctld.us.		172800	IN	AAAA	2001:dcd:2:0:0:0:0:15
+y.cctld.us.		172800	IN	A	37.209.196.15
+y.cctld.us.		172800	IN	AAAA	2001:dcd:3:0:0:0:0:15
+uy.			172800	IN	NS	a.nic.uy.
+uy.			172800	IN	NS	a.lactld.org.
+uy.			172800	IN	NS	b.nic.uy.
+uy.			172800	IN	NS	d.nic.uy.
+uy.			172800	IN	NS	ns.dns.br.
+uy.			172800	IN	NS	ns1.anteldata.com.uy.
+uy.			172800	IN	NS	ns2.anteldata.com.uy.
+uy.			86400	IN	DS	19730 8 2 E85A089D69F869CF923DF395F279F1C92BD136A33B60988748B0186E12F7B88E
+uy.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . ritefIPkXRhYTcaOgODG+T/fPVGQd4bvG6Dc7tQ9EsX6KiSRRoBmnbgbiHn/Mxt7ZpXIaFegQGqLorbrVGCD8o45YPCiWjpv36Fsxi/Qaev6AA45q9UKUk8NRDSx75cSmF3KtvrdQPosITUWWsjm2QdPBZLOHWu1ETPH7vUydKn2hK9O1a3M4c2OGO+B2HFjiQdAyvOQni+nJDOCiBIRB4yPH10vbiYSAencjgZwgcAtaZiP+1bwxhd8FLhK+AYitqO9vDu9SFnMDcvX/yWAX9YYH1cFAyhDWf/Y1bUKHcoRf0TrCyWSD1rhn3yPftWTKAhlq4jHIme0sB5BOtW/XA==
+uy.			86400	IN	NSEC	uz. NS DS RRSIG NSEC
+uy.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . dbkNpcWMOSfknsj0klJj1q82XD1OT+rAWTWABt49Rw2/aGEHj9ytd4VUZdO0Uorcr1mGiaxTqHemIWM0p6RG5/uKrrHWJ3PYyA5umyBMuGSl2n1G067V60cgcf6X3a6+WK8XWRWR5dFXT66IEuavs+L3o23rmfkf8uMN2TWRqwcjarTFViD3i9ay6zeRJmsW6L3+1dgEht6eA63z+jqn5fVWvsrhuINs9nIaFAytWlocN1wrvmTe+JbZvOxvrpX+US3lky34aRAAIKhRdBjSWIwq46d4nMWbwY5gHIVia1FPD4WXPR0DJ6pg9aFOU3kGJY5iqHbvUN0KvolMQYyx4Q==
+ns1.anteldata.com.uy.	172800	IN	A	200.40.30.254
+ns1.anteldata.com.uy.	172800	IN	AAAA	2800:a0:53:1001:0:0:0:1
+ns2.anteldata.com.uy.	172800	IN	A	200.40.220.254
+ns2.anteldata.com.uy.	172800	IN	AAAA	2800:a0:53:1002:0:0:0:1
+a.nic.uy.		172800	IN	A	164.73.128.5
+a.nic.uy.		172800	IN	AAAA	2001:1328:6:0:0:0:0:5
+b.nic.uy.		172800	IN	A	164.73.128.70
+d.nic.uy.		172800	IN	A	65.22.41.1
+d.nic.uy.		172800	IN	AAAA	2a01:8840:1bb:0:0:0:0:1
+uz.			172800	IN	NS	ns1.uz.
+uz.			172800	IN	NS	ns2.uz.
+uz.			172800	IN	NS	ns3.uz.
+uz.			172800	IN	NS	ns4.uz.
+uz.			172800	IN	NS	ns5.uz.
+uz.			172800	IN	NS	ns6.uz.
+uz.			172800	IN	NS	ns7.uz.
+uz.			172800	IN	NS	ns8.uz.
+uz.			86400	IN	DS	3685 8 2 D058D5A354EFB638058DABD7E0310AF31BD168FFDCCF49405750BF4D5CE5AE0B
+uz.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . NGAa23uGuKF6Xmx3Z0QtFd9cbZ1hIqeCMtuQmilrUn3Ad7aEYNVP9qvZMKwoEdtMsmPw2bTi6Xy/2qLjsz4ZFPps7srFLPBlAOKE/23aVhiysn1L6bJBiFUi/3Rl6rHKgMJ1t9iItZuIIv0FlxePrdFiifOW96Oamxmwx7JSQkqmtUImdzNz07/bnTHVYHZgA/H/rXtqvFodQGO3KjsNcEpAcAPU5+O9Hz+SmqhrWKI+uUjiy/u6K/OF4bSXat+V5STtlXdT94S15r/t91alIK7Ufn3nD5+wE003qFxN/XbbZUnsTwldh56Obt5j2UXIjLpJQ3N2Qcred9GpXPgIhQ==
+uz.			86400	IN	NSEC	va. NS DS RRSIG NSEC
+uz.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . m6YhR8ez+mHL8H/iQcueo6uVzZ8pJX38DPcHPVDwwdlF15/TgPhA9pXXB8Clgyk/MF9Jxh8ESjlmxFSikZIzcm8VL3wf4na1ocKbdn+DZf6rFy5Nc74dcybB/vqvuHNMFEToqcz10f0Gg+X12dtHmurt+8XI49Ycce1ouMmTgW+KlZx53k1YmSTF+tBwKD+ISfsxKUUV9nsABU/ZZUvet/pEgM61WTC9UWK8qktfAmuhmKyong2ZpqC7GBpztr1vTFWMpTPUmL8BOYr2rJhdlY4riCiMxsHrLhLHdHdM5etIv9iZZirSjcCsriEsj8wshGFz5RyqzNL+4UY3SvcI2A==
+ns1.uz.			172800	IN	A	91.212.89.244
+ns2.uz.			172800	IN	A	81.95.225.245
+ns3.uz.			172800	IN	A	185.74.6.29
+ns4.uz.			172800	IN	A	83.69.136.139
+ns5.uz.			172800	IN	A	217.12.81.129
+ns6.uz.			172800	IN	A	83.69.129.33
+ns7.uz.			172800	IN	A	104.238.81.247
+ns8.uz.			172800	IN	A	91.212.89.233
+va.			172800	IN	NS	va.cctld.authdns.ripe.net.
+va.			172800	IN	NS	dns.nic.it.
+va.			172800	IN	NS	john.vatican.va.
+va.			172800	IN	NS	seth.namex.it.
+va.			172800	IN	NS	osiris.namex.it.
+va.			172800	IN	NS	michael.vatican.va.
+va.			86400	IN	NSEC	vacations. NS RRSIG NSEC
+va.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . Hx2LQYnJ2jNhZaMsI0nyiak/8WSbecLl1rYrl8E8IXHEWQBqtP9roNcAKGGJk4J/6Ts6mYQUZOF4ZJogLaSU5R6cy5tMkYFYAQkopFAw76NlNftBB7YrOFcRgwDPLM0hxiyy5XgQh/kPaCtolBEW8Gm43c05Zvt0IUmrA8MFSsJzDBc1//7ggTj2Xw7sPTzkEthGwpesMoyF+U7qNuD9icZxVe/EThBsA5E+rLbEeONDBVUMp0rerf3QPb+Drvoz1Re2VX38QH4JMX0s/x8vjksmrB36SJbh5VER05OKBHWmToN+thN9pygFT2qAWtIUY4afTRJ9GMoINSZm9fzyIg==
+john.vatican.va.	172800	IN	A	212.77.0.110
+john.vatican.va.	172800	IN	AAAA	2a01:b8:0:1:212:77:0:110
+michael.vatican.va.	172800	IN	A	212.77.0.2
+michael.vatican.va.	172800	IN	AAAA	2a01:b8:0:1:212:77:0:2
+vacations.		172800	IN	NS	v0n0.nic.vacations.
+vacations.		172800	IN	NS	v0n1.nic.vacations.
+vacations.		172800	IN	NS	v0n2.nic.vacations.
+vacations.		172800	IN	NS	v0n3.nic.vacations.
+vacations.		172800	IN	NS	v2n0.nic.vacations.
+vacations.		172800	IN	NS	v2n1.nic.vacations.
+vacations.		86400	IN	DS	53014 8 2 63AF40A94F8066D7F6AD7FCF89DC7111407C1DA7A217FFC6C7F2F84A87CC9FC0
+vacations.		86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . eGk8aXVBoJR8JDkovA1yOIuYhYhx0/RiCcQu32JFdwgjioyDGGbmZKtdHh+2N3X14Zj9SxUWfwJidbJ4xHqS2acJD58U5nIiHXHYtGgxyvr6uVh0PDTO0kLRoG1hbpNGVAmzncqqQONle1nlQZNy0Z0sbghrvkmlikMvgTtBRCq+fx73wwMPJpM9ZwPDFPwDI+Ze1p7lSDYZiguH6KQnOZu+mHEDSirKBc8Rpq3EhF9QLGo+K1hrDr6pW50IUGw3m/Xh2+E3CiyNTVPu+x/k8pgRLBCQYW6p1yhlhoVVIPUxqOPXGhtttDuMQOF4+FM1n9bm7X0t1KXE20SYok7vMw==
+vacations.		86400	IN	NSEC	vana. NS DS RRSIG NSEC
+vacations.		86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . nhkxAxKZDUf3NhebkhXhAJVyLT1MqsYxva+5hsGdLvFP33NtGsY0x6d+DkwhTC238IejcpLxUKT+CIgIJPU62AYn6+CJZjKwaZsONAOQjNJ8gRNteR3miKwmHo0pVe+mI76NtyxzmRSzRyeKS5uust61h34RyuTLUt509YBqU/+d6W5i6BNXn0wZGzDEPekhtWt+Uj0kdex30h4AdeguLCULmzK+Deu3MNd+TcRPPYT4Ndb/qsEMdNZA9R7Csm8v/lbU4DdY7vDxOwZYNsrtvhvddQk8+LnckkRvJIGIkKm/2dIHBJTeJIaocAWtXwUEdjAOFYuKZLC1/MVOAdfcLQ==
+v0n0.nic.vacations.	172800	IN	A	65.22.20.58
+v0n0.nic.vacations.	172800	IN	AAAA	2a01:8840:16:0:0:0:0:58
+v0n1.nic.vacations.	172800	IN	A	65.22.21.58
+v0n1.nic.vacations.	172800	IN	AAAA	2a01:8840:17:0:0:0:0:58
+v0n2.nic.vacations.	172800	IN	A	65.22.22.58
+v0n2.nic.vacations.	172800	IN	AAAA	2a01:8840:18:0:0:0:0:58
+v0n3.nic.vacations.	172800	IN	A	161.232.10.58
+v0n3.nic.vacations.	172800	IN	AAAA	2a01:8840:f4:0:0:0:0:58
+v2n0.nic.vacations.	172800	IN	A	65.22.23.58
+v2n0.nic.vacations.	172800	IN	AAAA	2a01:8840:19:0:0:0:0:58
+v2n1.nic.vacations.	172800	IN	A	161.232.11.58
+v2n1.nic.vacations.	172800	IN	AAAA	2a01:8840:f5:0:0:0:0:58
+vana.			172800	IN	NS	ns01.trs-dns.com.
+vana.			172800	IN	NS	ns01.trs-dns.net.
+vana.			172800	IN	NS	ns01.trs-dns.org.
+vana.			172800	IN	NS	ns01.trs-dns.info.
+vana.			86400	IN	DS	16105 8 2 F270CC6904F1292FBE949FC33C20CF64887D06CC82D2243413ECCAEB98E7221C
+vana.			86400	IN	DS	51813 8 2 93BAEC1BC806C42034F1BA91345D8AA439242EA114157951BF6B7E9F79FC9E0C
+vana.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . Ecw/Zo0ztynHoUw3QbXfr4dxJj2QvfYAFhOZcZl99QSw9ipO6snwF1UAQh8tqOUdcNRQtqMDWBBS0UhyQKKxfqZfhTGIkCXNyBgN+WfPGygvLEe4+JT3CJmokRq99FM+j1fsXxZ9kigYG4KGZn+MLPRNkY/1tQnbtuYdsw9Z7EOtAZDcU64AIm3k4t2YyBKs/VHLEwGniBnpg1NARwdOm7h7ngQxq6nDQ4MeLz/AUgqPeH+XtJ30IEMK3Gs8G7V6OrbGV8udqFVv+bYq1lLyusO44xk3OpixsU5U+oBQAnY1lyhZaIXmQLP8Nio1wlmMe+PwhC4TWd6dhto9exuEow==
+vana.			86400	IN	NSEC	vanguard. NS DS RRSIG NSEC
+vana.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . GfAC0ZXALOfVvkdiQVRR0QFp0w8qnBsawEyVCGi2gtQENqt3nVjUVgTh9oq6TD7TAJhCDN/yVrGnEC3ldfpgdVe6wTFTJtZ27Rmm/fAeb6v06e5O6RiProPooWSfrlLBqvGuG07EdWHcu8CXq7okmh1f46Cf3zktuVexbORXp3clmO37U5ikBf5OUnV4yP3Z0j6wYUwNXNQF+4diEeDRnwusghpqVYzT918qGodDaf3Wi5EPeotZwVN4XI3tWbcOFOx83Oa41gCiMJUnVNwNPzP/1WGYcKSt3BvX5pDUFzWQitxKvRMJsG2BQlNiLJVZCAo1g42w8FsNWJPigIqRfA==
+vanguard.		172800	IN	NS	a0.nic.vanguard.
+vanguard.		172800	IN	NS	a2.nic.vanguard.
+vanguard.		172800	IN	NS	b0.nic.vanguard.
+vanguard.		172800	IN	NS	c0.nic.vanguard.
+vanguard.		86400	IN	DS	28675 8 2 DE83F2879537F8479C81335DA97C8D0B923767B78B5FB56544889D3A7006EFB2
+vanguard.		86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . Ca26JiW7ny+pK8V12/DiA98Sd7YxRBA2eOE40zzVI/ae0zIYJ0Pm6B2ah+8oLIcQ/gkgQLFyO+uJic6xUxaf1u0vG2mq+PiodOaHjnawkEKjGui+D8SX2c5Bzdc48lyNHN+y/93CMltB88g01u5Iarbyh7yiZce+YxI4jiiAk4Qd5WOTvgO719Ex0dQbEYq/Nilrbgj3hMlNq2naw1niYwCIdjChM6lLlUsH6lUrzUUqGaCdWax+ooH9mM98arrSsYO9iByXPlRo2+Kn6h3p92nkIf7GldaEyo8qBiPt7ZmGCU2PcRBL3jZk19yJQWBhuGTifXI4y8d9f1pXuDhqhg==
+vanguard.		86400	IN	NSEC	vc. NS DS RRSIG NSEC
+vanguard.		86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . DQ2MEXCZCVaoymSli7+84eDK7Kx6on44+SeipNqbkGKLxDsXhuz0L412ZB/FtHRQOMvkCGxZu+BjvSX7xyzTdlgmASc2Spy/gyNtjMyRnevPjU9xNs/43lfhp/Db+vwxXObk4WckMg3EtL19P8thKFQC88A92RKah94fNxCXAQ0cQWPkF2srirEdMeDHc8FOoBqqTA8jVp4z6ReeM8DXsa5TbCmyHEL+TWXL8GrbNwFRfvz1kWN7XQn+w4BRSirqCy0KWJ1So40GFMSYLIv7bLawhMnw30/p+AJv/cwH3tOSw9mBimgvjnn8wG7zFbeKIDUb5heX4ISC4ZE98r22Fg==
+a0.nic.vanguard.	172800	IN	A	65.22.112.72
+a0.nic.vanguard.	172800	IN	AAAA	2a01:8840:6e:0:0:0:0:72
+a2.nic.vanguard.	172800	IN	A	65.22.115.72
+a2.nic.vanguard.	172800	IN	AAAA	2a01:8840:71:0:0:0:0:72
+b0.nic.vanguard.	172800	IN	A	65.22.113.72
+b0.nic.vanguard.	172800	IN	AAAA	2a01:8840:6f:0:0:0:0:72
+c0.nic.vanguard.	172800	IN	A	65.22.114.72
+c0.nic.vanguard.	172800	IN	AAAA	2a01:8840:70:0:0:0:0:72
+vc.			172800	IN	NS	a0.cctld.afilias-nst.info.
+vc.			172800	IN	NS	a2.cctld.afilias-nst.info.
+vc.			172800	IN	NS	b0.cctld.afilias-nst.org.
+vc.			172800	IN	NS	b2.cctld.afilias-nst.org.
+vc.			172800	IN	NS	c0.cctld.afilias-nst.info.
+vc.			172800	IN	NS	d0.cctld.afilias-nst.org.
+vc.			86400	IN	DS	54391 8 2 8E38107261B61499F2E57A72E762EF501798A0462CB69E6AFCC9C4A2539E6BFF
+vc.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . 01XbuYW6XlDBSE1DqiSH3o1GfenOLJA1Kc50IHpwdA00V4/XGrsPaG2JjHtwXEE+2YlE1Vzde8q81etBvgaihpL1GpcesyH7s0fH9dvKmjyVNbQgYyv7wShiTJRh8HU20OaQOkbi3DBcL16MaVdTAWQ8KMcdaHkm/fJaidA8fvCqSbUkBdSG4AGwP6QtuNKEETXkdNnnKDgIjik/PoNlo82ctGcfBalHeOoYvZt8j27X7uR7t6/Y/zxDPjDfPH0CF4qVAFPadyjwILe4jrWS2+upqpa8wPi43Iw02BixrW7fTpHUaxcihOeYuovAM81PPJkua58FO5e/Mre7OvFzGQ==
+vc.			86400	IN	NSEC	ve. NS DS RRSIG NSEC
+vc.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . OKJVaDqePIYRhNit+Qc8UyZBCIFIrxLI2cUWBBKKlFTui0W3/m5BK9smYWZkAL0t/6psHCs/BH8ag3ZsnWY/L5z+0As7eXxnfkAcq/CO3RhAQ+62+woE+BXx89as+3Kf7aqcGOS0MmTw1+Tzj+TY/0nkawSX9q9LQsSIyOcuDELXS5NHMdeyjUlOh3uJX3s9Aqw+6+lvZTMVA2jDN219z79KgJCFFdBfutHTYVNKRPe1HaLqtcD23vE6HuTjdrzcbhxRDJ68uBXTRlAyiCF8/RhscAGPrn3aMdMok4G4JaYUMYdMRe5s6OtvBoZS/dze0RwicDSqisnFL7HLfKO+vA==
+ve.			172800	IN	NS	a.lactld.org.
+ve.			172800	IN	NS	ns3.nic.ve.
+ve.			172800	IN	NS	ns4.nic.ve.
+ve.			172800	IN	NS	ns5.nic.ve.
+ve.			172800	IN	NS	ns6.nic.ve.
+ve.			172800	IN	NS	ssdns-tld.nic.cl.
+ve.			86400	IN	DS	62041 8 2 78F2ECB0ECD744A381D514EC91CA6389921FE168F41C96A41D0D794CAF30C3B1
+ve.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . waasti2sZEgmFvWYFmlqldMLVjLcBAGJ2Ic2mKT/rh6FS90/WJZXoDdowODOZ/o3FI8LnSbW3O4ZYgSu3PALmzUNsLjcBRZZ4otyl+Q3doCLUBWrWBkTNddqcBcClqnyDSwsm/nPAUq9aVW6aLi5V9yOwJnWSP5qMcVEnk3I0imx2U+dC5vChZJnMC7Gh0ZOYkseU7xYB+18rnebvE1EBOG7wDIL5CUwEAHp1Z0YO3uMXqPHt0hEuY7v5K95bg7nyTRlt1pAvwjvo1slbNDz5Vq1FKBX9TwhQpG3/gpZGJD2Pz/aJjZslkJLlPABOCrZyiCJiCaBvxgjTrdsZM0YZQ==
+ve.			86400	IN	NSEC	vegas. NS DS RRSIG NSEC
+ve.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . ekqyfMjb8xp7AEEngYApt4LFGRrUEjW1zkpauw+gSH1Lx0TsRG/XNIc+68cba893OunKAYUeLhUz86W17yFS3MXUCSTfdgx7xNQ9NHVAmStd6FyhmMiBgCCuAdJZJevTE6GLsW2WxXXjMj5iJUIcXeNtAdBpb/jjxYYKO8osxLdr9t27usNyBUs8yyzqaD9T39uGksXrpdRNN5oTYM+J17iFlknyj94zcAEBPyLoZmfLaEUcq5T9U7V4BmyNJQd9I/ooHYrq0ApYYhjE8YLG0IAjgo/YV9wILc31mC0FQW+LxVRKSHaUs89YJ6bp5RBRxRCOQqNW1vUjG6tqXbB8Jw==
+ns3.nic.ve.		172800	IN	A	190.9.129.56
+ns4.nic.ve.		172800	IN	A	190.202.128.43
+ns5.nic.ve.		172800	IN	A	45.175.22.88
+ns5.nic.ve.		172800	IN	AAAA	2801:18:8800:3:18ba:beff:fe61:d08b
+ns6.nic.ve.		172800	IN	A	45.175.22.4
+ns6.nic.ve.		172800	IN	AAAA	2801:18:8800:1:0:0:0:4
+vegas.			172800	IN	NS	a0.nic.vegas.
+vegas.			172800	IN	NS	a2.nic.vegas.
+vegas.			172800	IN	NS	b0.nic.vegas.
+vegas.			172800	IN	NS	c0.nic.vegas.
+vegas.			86400	IN	DS	13336 8 2 612D11E84DB7671F5DC9B54FB8944D57474DE91CA498CA80B6EBC05C162C3AF0
+vegas.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . QrN2Kn05RsBNb/dHJEhFLyrx19F7Obkwc2j7YjmpHmVNbeGoITTRFDauPwZO8qdVa6wszbbXuePwgOqnU/V3zwNH+lJph4nGZ/hoE6LIG9Mb5f0JsEHpHE5tS1LF6hq7iFqCeCjrXOzORdPjLMwMEtJCtGMavydCazG4yjlCMjV5N9OUqkQfyYETisJcxpqP27PS/i/nYr4tDXg+xf/zswxCCSoNSr0kGHa2RwMKz8kzM/o3oJa9IpIoEPZ3MSEsbTWn11B216M+dhpPAqVcSN5oaDEmCtUA1AmTbgW0KfTgWx6tviPQXJZFvy9v4NjlW2ApDhuD330ng5wTKFVShQ==
+vegas.			86400	IN	NSEC	ventures. NS DS RRSIG NSEC
+vegas.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . I9YVjdlZz3fx2lAjck67YEqc/iOGE0GZNKn9TuVZKwIjCLrDqaGAozB53biHbM8nM53JYCmkSdRk3YtR67qaRfyOC6aFbCYAX/ckFrNTULF0H4Zh1363FPT8nZZMZeazoOMQXy0g6sJBquU/0AabVwSiAQEMukxgL6fTlQiLxQeUqJtPf6VohiwvsPvUfPrlwRjd8AzcEcv2FNhHQgnnB612q/9HM78gjxFuu/25fei3/E8BDV7uy8Rz/GLj8iKTx9L7r0DvbzyUZMlOneIKgEH4s3Zk5NSPMMXtyXk0h7M7ae1uFSzHSKeAV2vlsk/QghiUY+VxFpEiplqlXcFxXQ==
+a0.nic.vegas.		172800	IN	A	65.22.68.17
+a0.nic.vegas.		172800	IN	AAAA	2a01:8840:42:0:0:0:0:17
+a2.nic.vegas.		172800	IN	A	65.22.71.17
+a2.nic.vegas.		172800	IN	AAAA	2a01:8840:45:0:0:0:0:17
+b0.nic.vegas.		172800	IN	A	65.22.69.17
+b0.nic.vegas.		172800	IN	AAAA	2a01:8840:43:0:0:0:0:17
+c0.nic.vegas.		172800	IN	A	65.22.70.17
+c0.nic.vegas.		172800	IN	AAAA	2a01:8840:44:0:0:0:0:17
+ventures.		172800	IN	NS	v0n0.nic.ventures.
+ventures.		172800	IN	NS	v0n1.nic.ventures.
+ventures.		172800	IN	NS	v0n2.nic.ventures.
+ventures.		172800	IN	NS	v0n3.nic.ventures.
+ventures.		172800	IN	NS	v2n0.nic.ventures.
+ventures.		172800	IN	NS	v2n1.nic.ventures.
+ventures.		86400	IN	DS	43132 8 2 5AD3E6B74A570BBD7EA2F84C87E6BFC6C305233383D14F29074F3E6E4A03A810
+ventures.		86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . FFSBRnXreBBMoNMQlYX+zw/BQs2jT37RWEmnSBe+WFmKya6RDAlmYk6LMVMmuXb9mGVApoh2iDNA/ele+xVDbNrCdYZ2WG14YCCZOlXMbyksuwfKlRcPk/71rr3s6u7zbKMqajXPe2vK1N7cZBDL7IgzZwOtwoN6QSfAZ/Z1cvtrC3SFmM4n1nM3Hdn63q6BUSP1mWEnlak6QlBNCHXCHT4CFPBqoC4+NinXn0u93zLThhfa3dUWAW0YrhI9D7sP8ZVryll+UqjNAimwmap4hApL85K/1CfVgu+psnZP3qT6rHRt4dvxVsJbrTf66yEEjby5KdywbtF3DaCZf1WqYw==
+ventures.		86400	IN	NSEC	verisign. NS DS RRSIG NSEC
+ventures.		86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . q17pVIO47JpAx3PkPfkh/l5NlNyti2Bp7rQopQAWx5gFQ32HerHXAzOeOYdvjm+RekLB7aGaZEqQADD8/YVPISf49ZkHVZWHBKXSwr+shB1i7xcoIMKVLRtFSCbFLX3rrjLXXYScrkgBpqJ1KzMNT4TAYPvg2rLgRKA/UZ3nW8JT7kg8FvCMJNZ51kj48h72XzhYwsmG3U1I3d2Rs1g6xw8o19ta4NVUnRSaXK6mTnVZaMQxeySfR7E/4vXCajIsxFHebtW/8rw76VCjlAO+5/2ojad7EVoWCMwwMuHr8e6gM7Mx5gVf1eLQ6z9+jA+UBDyIghIZ9w51bc7g5/C9hQ==
+v0n0.nic.ventures.	172800	IN	A	65.22.24.11
+v0n0.nic.ventures.	172800	IN	AAAA	2a01:8840:1a:0:0:0:0:11
+v0n1.nic.ventures.	172800	IN	A	65.22.25.11
+v0n1.nic.ventures.	172800	IN	AAAA	2a01:8840:1b:0:0:0:0:11
+v0n2.nic.ventures.	172800	IN	A	65.22.26.11
+v0n2.nic.ventures.	172800	IN	AAAA	2a01:8840:1c:0:0:0:0:11
+v0n3.nic.ventures.	172800	IN	A	161.232.12.11
+v0n3.nic.ventures.	172800	IN	AAAA	2a01:8840:f6:0:0:0:0:11
+v2n0.nic.ventures.	172800	IN	A	65.22.27.11
+v2n0.nic.ventures.	172800	IN	AAAA	2a01:8840:1d:0:0:0:0:11
+v2n1.nic.ventures.	172800	IN	A	161.232.13.11
+v2n1.nic.ventures.	172800	IN	AAAA	2a01:8840:f7:0:0:0:0:11
+verisign.		172800	IN	NS	ac1.nstld.com.
+verisign.		172800	IN	NS	ac2.nstld.com.
+verisign.		172800	IN	NS	ac3.nstld.com.
+verisign.		172800	IN	NS	ac4.nstld.com.
+verisign.		86400	IN	DS	34740 8 2 7468287539BBB69B7D1FCE14B16E16B6F75B6A1A8E50832DC333FD0F177C633F
+verisign.		86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . Bdv8k6p/3eDlJNuKJ0kGQsInlnuNtqH7N889JGJR8MB+PofYUWsTAHUU5a+z7h+IQjtxNtt7XaeB7X4uzGub0uOzrqDFaW6s0JeayYtiipgbJglDzrQZjWAJtNRAWD6lYoZgVltiv1G12VTIAkqgemJSszQQPBuHQrWr9G2X6o0EwR/AhAhq/m/LqxtWYOkulYSf/YTm4C4+L/EbrC8LK6AX/GyR4zVPQ3Bgus4sMmbFItN2xiAzsgXSz8IggXU9MgQaEscsUe+Gx8GI7lKBF1P4OLWX/knrsQfr+991ZYNOQq8OC7Y9ZlOY4RhlzrAs9qphw4nDX/f5paN4xrIbfA==
+verisign.		86400	IN	NSEC	versicherung. NS DS RRSIG NSEC
+verisign.		86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . XaFHDj6R7++l5URx/Gr7TWIkD/f2vyEWUVPzoG2Hmfw64fyV+08lMbgCRL1qf4juFE98ENCm4IqDiY/8wd4bhGC2m1aQnuIFDCRHZb2NNtq4zoRScIRxUwxmtokv962OvxBR4jW93FyYycqJkblcJt9hGOJNrlXIqIFE+UOVm93TBcvl9XMrzQ1mO/OS5Rb43OtdK/qB6nUapjicxSN9w5ZepWWyRsxVcZNbdZuBJmm2DUQRpP0BDTdiWN1rd6YKBIwW0waSrod2bODcXMjzCYqFcD1V/jWvKhvPgmSkkQUWMhlWbNWsnRpfpUWojmBC47e8SEo1S7WuDhHN5W3wPg==
+versicherung.		172800	IN	NS	a.dns.nic.versicherung.
+versicherung.		172800	IN	NS	m.dns.nic.versicherung.
+versicherung.		172800	IN	NS	n.dns.nic.versicherung.
+versicherung.		86400	IN	DS	26134 8 2 925EE924B5BC6876443E476C16EAF5BF02885ACADBDF27CA2C87BE8EEB7F3B41
+versicherung.		86400	IN	DS	53914 8 2 3FB290C372A8E1F1662E968C7836F7856E493F96F0A6603DE8E882F54BAE577C
+versicherung.		86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . DVqsH510izC7S865j5JwHcesuqXkpx09okOxbRfpYrcBIc3AWpu77HWNDbXd+UsTchm7R68oT45ZuF6BQctTkv7Ygm+8Nt0kUcDYiWvixJNObOeJQBJF3K2nfR+pP4/xYcgzzLGixnBrsWNWg2pLQOMxnIMLuCI4OAId3+mIxATWAGZN4nnxwux8uMs5s2IChadf13yDTjHQM1/KNjpDOeNPldYvx4eWx8dXXEPBeTTqEv9VQ0Iap/QscoA9RDDPF8Yd7dJGTtckCChxa4BokL9Vfl5BtgYsZPHt5W5N/mAGmXYkzE/t/40BijyrKcMHnisdFyBbXNVMQBcaHmly1g==
+versicherung.		86400	IN	NSEC	vet. NS DS RRSIG NSEC
+versicherung.		86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . KYRjpozTmcpLJGmHEYON7VyuTidpK6HxpES020XY+VAfwO2czhzZQ74Y0UdoOe9DpyIAjXfQ49k2pPxT8Ip7Zp7wej5EfwYQ0UP1zgUx72on2r/FdSDcubgfkceSU/D4XDBUAE5wwxvADtaws9QGfPEcZrsFEqL/c3pRYS9MP8PjozSw0qmUYDC7qPr/aqbXtet76JZ1sKiDo2rkN5lppJynYKIARoNcZm1bewGSzR1rDaP86giBQq6paNdZQWv7d32XceU/FNYraWrkxC9ad3ZWl/eE7pmEJ2TQ7FxGw0sq2u5o67rx8NX+iEsW3UkngDHo2P4tOPur8C+6/FAFVQ==
+a.dns.nic.versicherung.	172800	IN	A	194.0.25.13
+a.dns.nic.versicherung.	172800	IN	AAAA	2001:678:20:0:0:0:0:13
+m.dns.nic.versicherung.	172800	IN	A	194.0.26.2
+m.dns.nic.versicherung.	172800	IN	AAAA	2001:67c:10e0:0:0:0:0:2
+n.dns.nic.versicherung.	172800	IN	A	194.0.24.2
+n.dns.nic.versicherung.	172800	IN	AAAA	2001:678:24:0:0:0:0:2
+vet.			172800	IN	NS	v0n0.nic.vet.
+vet.			172800	IN	NS	v0n1.nic.vet.
+vet.			172800	IN	NS	v0n2.nic.vet.
+vet.			172800	IN	NS	v0n3.nic.vet.
+vet.			172800	IN	NS	v2n0.nic.vet.
+vet.			172800	IN	NS	v2n1.nic.vet.
+vet.			86400	IN	DS	19864 8 2 2B1B3AB9F4FDD837FC9F9C7875FA916B6A22C3EF5C0C04D5D3235E42828CF6A8
+vet.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . p4cYFlErJBJLVLBjuoVLvHO/v3BBv7dxeib11DdXBdKXDCBIcA8Tr3m4XOtOncpRNOvgbA1HboOAVoeV6IXZrMQOpiZn3n6UBMkmi8xpXw70TsF5IS5zbL8EhkBLbZxsgrbO7eWR7IV4Psz/eAW0D6I2gZZ1IjjzdTeUqC8wwMOHIVbh054cxHQGDW/m2axnRZpn5mPW2okgT9PkXJQ2va2y1p05CryHA6+A65EhCEoGrXXSVrozRLrKqjBdPwcFoczj1m7qj6Ux9mx5dmqslhcVm/xyDSi4qgEpQq4xQ7qb7K7EmhutflOgWxgp/g05c5QlQGQvuTy4qxw0UzOmdA==
+vet.			86400	IN	NSEC	vg. NS DS RRSIG NSEC
+vet.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . DyjgTF6+n+438I8gTgWJK3c1kWQRxas+/R2kGf8Cqe6644PlKTGK0qP7jkciVqR6Yo/6LYCfoNHqtooAkFRrUtF9vtzKVIYrOASkkd+mLt5IHpjSynG1BeHNoMOTk1v66VGNZ+ghJaDptZ19aQ1DrTyKhzC8aiyKgHrRhm47CqePbqVuIvzXlWNIjgfoBa3Ti10xM9FE8zCZ8oGUDDz6w+TNNeqEmSxJcc0n1oCkZJlrLppMwIYECdJcqZGkBfpy3zEz20vcUZSzT/Ey0nMk9y7SnIH0RDTZ2JhyR+mo/coqRud/H1W6x2Z7muNKQDh23EIliGnKSndziliuELK1vQ==
+v0n0.nic.vet.		172800	IN	A	65.22.32.49
+v0n0.nic.vet.		172800	IN	AAAA	2a01:8840:22:0:0:0:0:49
+v0n1.nic.vet.		172800	IN	A	65.22.33.49
+v0n1.nic.vet.		172800	IN	AAAA	2a01:8840:23:0:0:0:0:49
+v0n2.nic.vet.		172800	IN	A	65.22.34.49
+v0n2.nic.vet.		172800	IN	AAAA	2a01:8840:24:0:0:0:0:49
+v0n3.nic.vet.		172800	IN	A	161.232.16.49
+v0n3.nic.vet.		172800	IN	AAAA	2a01:8840:fa:0:0:0:0:49
+v2n0.nic.vet.		172800	IN	A	65.22.35.49
+v2n0.nic.vet.		172800	IN	AAAA	2a01:8840:25:0:0:0:0:49
+v2n1.nic.vet.		172800	IN	A	161.232.17.49
+v2n1.nic.vet.		172800	IN	AAAA	2a01:8840:fb:0:0:0:0:49
+vg.			172800	IN	NS	a.nic.vg.
+vg.			172800	IN	NS	b.nic.vg.
+vg.			172800	IN	NS	c.nic.vg.
+vg.			172800	IN	NS	d.nic.vg.
+vg.			86400	IN	NSEC	vi. NS RRSIG NSEC
+vg.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . ecM+D4SK+CmIG8op7XXY8byhpiWYXQQ6OaNj2jpMHHvuD7n6SNxSM+v52mp3dLyuNtpf4iTIuK+o5WoOT+Kh5D2BBN9IX98IfCG+r6qKTq7pzZH38pJz19qfiFZJh0Rum5Q8sdDj3ZEFupMNiyjEargEp/d43fGOPKWlAuWwAZVquW5scosh8AxB6KNPmV6Z142o3O+uN4uu8Zoi9+MT6eMQMg8Bp7pR7ghAHmgHA6FEWU2AKALmZMTsOdc7KJJTR49ncRcUwGtChiixwp3/1GMCxH0UoisZgaYfCoF48k43GGrTLHdj0kIWG1R52nfxCCfDf38Zisd+6NzZijS6IA==
+a.nic.vg.		172800	IN	A	194.169.218.104
+a.nic.vg.		172800	IN	AAAA	2001:67c:13cc:0:0:0:1:104
+b.nic.vg.		172800	IN	A	185.24.64.104
+b.nic.vg.		172800	IN	AAAA	2a04:2b00:13cc:0:0:0:1:104
+c.nic.vg.		172800	IN	A	212.18.248.104
+c.nic.vg.		172800	IN	AAAA	2a04:2b00:13ee:0:0:0:0:104
+d.nic.vg.		172800	IN	A	212.18.249.104
+d.nic.vg.		172800	IN	AAAA	2a04:2b00:13ff:0:0:0:0:104
+vi.			172800	IN	NS	ns3.nic.vi.
+vi.			172800	IN	NS	pch.nic.vi.
+vi.			172800	IN	NS	auth100.ns.uu.net.
+vi.			172800	IN	NS	auth110.ns.uu.net.
+vi.			86400	IN	NSEC	viajes. NS RRSIG NSEC
+vi.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . EvqLZscCr5S/iK4rgXEsrgxr+HwriSpjrEccy7FkgMJTnUOh9r3LWrlda0df+bS7bXQT8fZQKfHV1jSDvVHX+/2B/pBwhpOroW4jKsotCXQ7cJo+MoEXaNRw6LTh3BsAIfshgeiuFGjfSOnZ3IwT+l0Czt3PL7F5wkOtC4N2h0RqpG86fkWaLBo11u9qoyfRwENOdpskGeJ0HSMUItWencWHAr2sZKeFWxPMtv12Xe3jfzfQigqcXytyIMTaU3ieUK1m+ROGqUf1tUgX9OOcuK3jZ24jeag02WmOCmF71Vp4eSmYosyGCyR5+XLmVa/xY35vvUTu9hk5u6rdaLf1gw==
+ns3.nic.vi.		172800	IN	A	185.17.236.230
+pch.nic.vi.		172800	IN	A	204.61.216.133
+pch.nic.vi.		172800	IN	AAAA	2001:500:14:6133:ad:0:0:1
+viajes.			172800	IN	NS	v0n0.nic.viajes.
+viajes.			172800	IN	NS	v0n1.nic.viajes.
+viajes.			172800	IN	NS	v0n2.nic.viajes.
+viajes.			172800	IN	NS	v0n3.nic.viajes.
+viajes.			172800	IN	NS	v2n0.nic.viajes.
+viajes.			172800	IN	NS	v2n1.nic.viajes.
+viajes.			86400	IN	DS	1006 8 2 EE19922420D5F38807E2D61A8D0A7811E2C622BDF65CBDF56AB83FF4569FF4B3
+viajes.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . PQC3MCMqnLxY5Rkzf9VeUezrpYNlgZYHKeXEayClmtxjkpg6npha1F6/EXyxl5WTs0HLlplcx3BlPVtA7Uqc6+K0Oj1+rbmcR6Y3VDASWYXMu0TZPhs9dSz/iPqKCo2Yw/jiGbOEC6flMkjv0XeHWzP0D9nt7VbYMP/D1dV0M3iloWLcI066rvK8guKdSe8l2gpWTp/KkFcE2SKwmOaq35I5phrIxY3B8wfPnRNNJgLzaqk+7pHDXiFYGsAsivlcqNlms/c6D9g1m3MQY7FSJQD6iWqt0/Q3FYOhjrM/i3aKMrsDKOHvRf+DxdV/A/gDAyQtT/eueXzevSDNeFOuZQ==
+viajes.			86400	IN	NSEC	video. NS DS RRSIG NSEC
+viajes.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . wS/BtGyBVK1UymeVppn/gwCYpoBWlr5ByoNu0Qo/qCbPsxOQHWgKVlWZcvOcXxmxiX+uSWQQUd9SFQOfHqLqw5GtvDXVv+XFN995E7/jjIEgjoRvNUuzTjr+0ANXo6JmrUVTwb1ysT990PiNCYqLNNd4JM3fdmp1Da6H9PpqWJGzaxRNCPgRrpkbmgyDv91uvHXS2qOdlC7rE+qdwxsnL4BFQ2z7DWrN+r9ZRviI9Uy8qdKtNvax7fAPawH/LgnthYaHCcvaZDh7FhCB69tGNqp1kIV7f20w1cyGTig8lfs3AVkRMeaDo3jWVHdhMQe3PNt10z8rF9VOZqaq8aq9DQ==
+v0n0.nic.viajes.	172800	IN	A	65.22.24.32
+v0n0.nic.viajes.	172800	IN	AAAA	2a01:8840:1a:0:0:0:0:32
+v0n1.nic.viajes.	172800	IN	A	65.22.25.32
+v0n1.nic.viajes.	172800	IN	AAAA	2a01:8840:1b:0:0:0:0:32
+v0n2.nic.viajes.	172800	IN	A	65.22.26.32
+v0n2.nic.viajes.	172800	IN	AAAA	2a01:8840:1c:0:0:0:0:32
+v0n3.nic.viajes.	172800	IN	A	161.232.12.32
+v0n3.nic.viajes.	172800	IN	AAAA	2a01:8840:f6:0:0:0:0:32
+v2n0.nic.viajes.	172800	IN	A	65.22.27.32
+v2n0.nic.viajes.	172800	IN	AAAA	2a01:8840:1d:0:0:0:0:32
+v2n1.nic.viajes.	172800	IN	A	161.232.13.32
+v2n1.nic.viajes.	172800	IN	AAAA	2a01:8840:f7:0:0:0:0:32
+video.			172800	IN	NS	v0n0.nic.video.
+video.			172800	IN	NS	v0n1.nic.video.
+video.			172800	IN	NS	v0n2.nic.video.
+video.			172800	IN	NS	v0n3.nic.video.
+video.			172800	IN	NS	v2n0.nic.video.
+video.			172800	IN	NS	v2n1.nic.video.
+video.			86400	IN	DS	42529 8 2 4CAFBFEDAB7097A3727581BCC76FF8EB10B0C144B96F77CF48D7814E21D8D3A7
+video.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . aKJw2H30B7OJI+sY/IZwq+ekRHjpONQf99DDkYGLgnNJbuIvqkJ81J0cWAUCHQ4Fq2OToTLBG8vosW4RRD02uh3H9aY9YgEs3M31PXpvB1SxiJLp6tIEFBhc3/RdfAFvlmtyBIYTorB63rCCA7y9zt1FCAIezppKqFZbKD/LNcn7g/KfvQTtNM4GuNagXpyHYX7U1+45bjyCt8HFbCr1jMo2crTcd6CEGXwmqyUHQtNEFo3tWWznCCaQQ84+c1mtTofX4um8afNbJm52h/I+jEwMW3pH6v23g3kcNA0oK2Sfwi1WCN2m3LZbOcXCJBB9n3cCQqTIvp2i0sclQwzVig==
+video.			86400	IN	NSEC	vig. NS DS RRSIG NSEC
+video.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . ufL2P9lVvX3xWJdVW3Ry/nv81PXw3sCvH3/YVrJeC3NwmYFy67mKw/ptr9y0kjnH3CEILeGRbmDpTvpzAjN88vIyJ1Du1cJrSl6WU4c/PypP8XkQ49pEC4Odyn3sT8oICGcB6OmrM9mdm95szVxRlwH2eJ4Wm7eFskV+1F9X76zp7GRdswmLueup3MfOxCW1JclqvNi1VvWJSRbFuVZc6f7TULqUL60otnaMnJPHrW7D1gnpRemhLImhhevzDX1ybcUxYt0RPLSz+5TJBIJYi+Ichi91edskiSMZGAYmm+lUH/KmMfW8l3G0wWBbJn9jjo+YWfMvKUN9rM+89+mNFQ==
+v0n0.nic.video.		172800	IN	A	65.22.24.40
+v0n0.nic.video.		172800	IN	AAAA	2a01:8840:1a:0:0:0:0:40
+v0n1.nic.video.		172800	IN	A	65.22.25.40
+v0n1.nic.video.		172800	IN	AAAA	2a01:8840:1b:0:0:0:0:40
+v0n2.nic.video.		172800	IN	A	65.22.26.40
+v0n2.nic.video.		172800	IN	AAAA	2a01:8840:1c:0:0:0:0:40
+v0n3.nic.video.		172800	IN	A	161.232.12.40
+v0n3.nic.video.		172800	IN	AAAA	2a01:8840:f6:0:0:0:0:40
+v2n0.nic.video.		172800	IN	A	65.22.27.40
+v2n0.nic.video.		172800	IN	AAAA	2a01:8840:1d:0:0:0:0:40
+v2n1.nic.video.		172800	IN	A	161.232.13.40
+v2n1.nic.video.		172800	IN	AAAA	2a01:8840:f7:0:0:0:0:40
+vig.			172800	IN	NS	a0.nic.vig.
+vig.			172800	IN	NS	a2.nic.vig.
+vig.			172800	IN	NS	b0.nic.vig.
+vig.			172800	IN	NS	c0.nic.vig.
+vig.			86400	IN	DS	64474 8 2 4DD8D2A7168F0358E8945F0558E2A643F3E941F6440FD26AA0D91B4E2B54B0E1
+vig.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . jerHNvhaWuaerSljFoCAbs6dMb0Zzej+s+g0B22IQlmUySAXibnrv4JIgEz9MfR7DyW19fEPMkhIJp+Fszhv1O/8s9CLey8zv2YO3lXAp0m5G5hN6DEZXEhkqpvgShEszW5FicS1rCFFtfHwvslP+ocaqd/u8AFLaVABt9dv3ooBalalnfGRyYSvp2EtXxDmTxAffd/pEfXfXqYLYVGAnamlaZAbU2FWuVw4+PU0tH5xUhXrtcGq8+4wAwNVOMbUpQhbef7WCKOvzDPalTOtzZ2jcQizo2C3eE9P9Othv74XR9F8dC5fi5c/xr9f9ZUqklvdbKQXTok6e2odqnkWWQ==
+vig.			86400	IN	NSEC	viking. NS DS RRSIG NSEC
+vig.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . J/TytUF8VJmyzRuqPRQShB/MhVhMmv9VAClhs+8PwgUlg1giyYDdUBIOllo/QSkDeJ3CXUit6SmMAZv5lUdCjFPczLMwZKwByVTLng7zstLU9+ihbU7xTNtprilAj30wvDFwKTsiV2ZjdF82O7d+K2ZpDpHQgZD7X0LB6I/nFnQ7FNaoXZ5jXSXxbfCsFext5J+okXE5c2mpSWTKaz9zzpmzd1RUi+KSN5AP3mdRWwoOPTSSRBvhhDA4uImLn5V51P2TtOQbL6pQneh3thPg77TXQrWrtpblEsALDX4pElkewwEVnhvGAzwsA7uA8ipf/Q3UkCcR3sArf9lsTl+Kiw==
+a0.nic.vig.		172800	IN	A	65.22.48.25
+a0.nic.vig.		172800	IN	AAAA	2a01:8840:2e:0:0:0:0:25
+a2.nic.vig.		172800	IN	A	65.22.51.25
+a2.nic.vig.		172800	IN	AAAA	2a01:8840:31:0:0:0:0:25
+b0.nic.vig.		172800	IN	A	65.22.49.25
+b0.nic.vig.		172800	IN	AAAA	2a01:8840:2f:0:0:0:0:25
+c0.nic.vig.		172800	IN	A	65.22.50.25
+c0.nic.vig.		172800	IN	AAAA	2a01:8840:30:0:0:0:0:25
+viking.			172800	IN	NS	a0.nic.viking.
+viking.			172800	IN	NS	a2.nic.viking.
+viking.			172800	IN	NS	b0.nic.viking.
+viking.			172800	IN	NS	c0.nic.viking.
+viking.			86400	IN	DS	50971 8 2 1809DBA33D16E851270758C3EF774D65984AF94F7C3DE9B3470167CE19C22DEF
+viking.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . Rhytx74Rdn57HLAkmyfRke5JuV2aHpQpZYFzQ7rtHmDP9z81MGUheDPkQ8MLMfqWqLYdXpoKjZ5ywlkD2o18vbcVFen5e+x1FYxkFlmxkUMpzWpvuOdM4dGQc1LxHDgOpYW4eXHczE85I79LU827jD5Q7sfPBOXR+KqRLRpVBdQXjF8C3zEFQO5lNo1ZrXOvzR4nwp668THxNRWSA1yncAJck23+TP/vrqRbhuxUrwTI5r6Qm4nKBqP/t455YJxV6WeT2SPlmno6VzIIvmLK5cJ6wkOw0HsakLPvae3eJmzqBK7jYOH1xHEqf+i0yOUbotqxGIBXxoMIVlHix+ISXQ==
+viking.			86400	IN	NSEC	villas. NS DS RRSIG NSEC
+viking.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . MuTPi66DnKc3ZsTgz4hlXfWby3+TR/Sf/lQjWnGPkg/VTAqeJ3cGz04LcwKJ2abmygfBKRbm+uJj9G1f43RlSABBniQ8t1AcU/R6UQpEXOvqjRmbkdLL+3X0i1PZJ4i2ISvyC1EdwmGjCDmAjOGxu+DZsK1ztoRJFzMpZBOA6E8NptXZ647YwIMD0CKLVlAVsoISpx5WVqp+coIgOntc+KFR0XXR3w5hIORj00a1HxNoGNyXS98ePtBtLOiNQtXcBrz45Fcu+SrRcLPkwAnKCH1veXtX5nSZlN59StIjaCzzVuyn/AQpXuS+Txe49ogal7zH0fU/RQ92lpaX7381Lg==
+a0.nic.viking.		172800	IN	A	65.22.192.17
+a0.nic.viking.		172800	IN	AAAA	2a01:8840:ba:0:0:0:0:17
+a2.nic.viking.		172800	IN	A	65.22.195.17
+a2.nic.viking.		172800	IN	AAAA	2a01:8840:bd:0:0:0:0:17
+b0.nic.viking.		172800	IN	A	65.22.193.17
+b0.nic.viking.		172800	IN	AAAA	2a01:8840:bb:0:0:0:0:17
+c0.nic.viking.		172800	IN	A	65.22.194.17
+c0.nic.viking.		172800	IN	AAAA	2a01:8840:bc:0:0:0:0:17
+villas.			172800	IN	NS	v0n0.nic.villas.
+villas.			172800	IN	NS	v0n1.nic.villas.
+villas.			172800	IN	NS	v0n2.nic.villas.
+villas.			172800	IN	NS	v0n3.nic.villas.
+villas.			172800	IN	NS	v2n0.nic.villas.
+villas.			172800	IN	NS	v2n1.nic.villas.
+villas.			86400	IN	DS	32191 8 2 CE7CF1B69581DC8A7D97B190D57A0D90DE2F35F3F906E15984163F3BD62B6A7A
+villas.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . 0v1j08eSHj3iNmlvM98KT/yCgP0PC8adQsLdn42ZeRdahZ4AfZInHQxjjqXKEoRhU8MRIi74J5eGu2IAlW2R0mUYoFHHFTOp0lWvjf8LpaAQH96xq0A9TJDgDpPtRHorwtk79plcfVUnAI6mp+NCaqm1vTuuoGdgr9V4tUwl3+yeq7JHWGvVBjgbqtXWBq8Ez64fDFWQdVW7USdYNCZ7G5R4XhknckQEkKFjlAYg+lf3yqpCBfUDK38+wXGcm6QZrjElHLkrGVaBSnUN02q2wBS80gMTZGi3HMKSCQ/WPtZ0sBzzMEu4D2oE9/UOG0HvIC448oe3ZZQgvLrWSR+kSw==
+villas.			86400	IN	NSEC	vin. NS DS RRSIG NSEC
+villas.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . wT1nqo80RBQBSxNJgYrueGDZeS8chL1fO0YxLDw8lptS8WvRv6WG5AtmOzNJEtY2dqQNQjV9vtyBIlzVsotoDGnerb7iyOHu1EdnOdM3JwlHBZxYVCM3xD53VlZSH2XY0aWiMAS+qc3NvYRKezeifZ/sbxwv7qq7i38wF3L4Pl66DzNNowb96ZU98NiLnJVIwNoolvKA7iYggXqIPXPvAM85YmTJP9sSgiKa/EsjbMfuL6jltfI2QDBYPUURz/tAnouyPnYEQkHpLacurKTn/iA0wK5GSpBy+wLg8A8oTAQYTLvEI6oY7RuE7pfJwp9of8ZeRO4IVWVy125Ny15saQ==
+v0n0.nic.villas.	172800	IN	A	65.22.28.62
+v0n0.nic.villas.	172800	IN	AAAA	2a01:8840:1e:0:0:0:0:62
+v0n1.nic.villas.	172800	IN	A	65.22.29.62
+v0n1.nic.villas.	172800	IN	AAAA	2a01:8840:1f:0:0:0:0:62
+v0n2.nic.villas.	172800	IN	A	65.22.30.62
+v0n2.nic.villas.	172800	IN	AAAA	2a01:8840:20:0:0:0:0:62
+v0n3.nic.villas.	172800	IN	A	161.232.14.62
+v0n3.nic.villas.	172800	IN	AAAA	2a01:8840:f8:0:0:0:0:62
+v2n0.nic.villas.	172800	IN	A	65.22.31.62
+v2n0.nic.villas.	172800	IN	AAAA	2a01:8840:21:0:0:0:0:62
+v2n1.nic.villas.	172800	IN	A	161.232.15.62
+v2n1.nic.villas.	172800	IN	AAAA	2a01:8840:f9:0:0:0:0:62
+vin.			172800	IN	NS	v0n0.nic.vin.
+vin.			172800	IN	NS	v0n1.nic.vin.
+vin.			172800	IN	NS	v0n2.nic.vin.
+vin.			172800	IN	NS	v0n3.nic.vin.
+vin.			172800	IN	NS	v2n0.nic.vin.
+vin.			172800	IN	NS	v2n1.nic.vin.
+vin.			86400	IN	DS	25786 8 2 BA89439B43DD4C15AD9D0BC69198518041F5A9E269CE479569F0E42017D8A9A5
+vin.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . Vx1hUXqqxbIHnJglzSNldIuSatLsteE6OMOLTOIAD4zQwOJTlq57qVQ9930btsW8qwCPZt+sAUaIokwOSDJGmBsMiiyZ5MbYs9QnuCF64XI0PJujN8ofsbcNy+hCeO1+0PMLi5IMLHm96XnIa0ZgI/CrsXVZhn4/07EY4N0quFesL3EXk+bM+ffTS9wa2h1PLBOczYCEwHSNDwAQMPQFCs//t0PbXRs9esgqxiFL8P/vYYr38ZgZvpJesgwxOzW9vboYgKKYW478/T6nJoPyAQrW2NIzAZU+61KubKjUqCaGd2K7psl3rmx8O1W7Q6qOSKuTVI0f/+xdnn4gaRf+zA==
+vin.			86400	IN	NSEC	vip. NS DS RRSIG NSEC
+vin.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . JTPsxfpkZkAo8N3HOna3eb7/STuf7jrarkDaO6cYPokKBpWEUfZg9Qv77Z3B6U0Brs0TbyK0O7NswpE9watET5e0fqjILDz2BS0sKcrSr4u2cFkieMEAERQaaMBUEVLOC52pF3auabWh7237MqdEqUYQmUvFae+ErJOLaX45hbzRLwVZ/21DJbjyxYMaPS15kH7Na/SEvcxkxFEItdUbu4bKBQcbOj8XPVQXDG6DErMx69q6cS6tiCMRe78DHhqetjTXlk6T+qubsVAVYwG9cLVBvtCGtA/VAvX1m+GmP0/xEElSvZ/nEh6gQuM+zT6OkmVMbIJcAWmYcZTapm0upA==
+v0n0.nic.vin.		172800	IN	A	65.22.28.21
+v0n0.nic.vin.		172800	IN	AAAA	2a01:8840:1e:0:0:0:0:21
+v0n1.nic.vin.		172800	IN	A	65.22.29.21
+v0n1.nic.vin.		172800	IN	AAAA	2a01:8840:1f:0:0:0:0:21
+v0n2.nic.vin.		172800	IN	A	65.22.30.21
+v0n2.nic.vin.		172800	IN	AAAA	2a01:8840:20:0:0:0:0:21
+v0n3.nic.vin.		172800	IN	A	161.232.14.21
+v0n3.nic.vin.		172800	IN	AAAA	2a01:8840:f8:0:0:0:0:21
+v2n0.nic.vin.		172800	IN	A	65.22.31.21
+v2n0.nic.vin.		172800	IN	AAAA	2a01:8840:21:0:0:0:0:21
+v2n1.nic.vin.		172800	IN	A	161.232.15.21
+v2n1.nic.vin.		172800	IN	AAAA	2a01:8840:f9:0:0:0:0:21
+vip.			172800	IN	NS	a.nic.vip.
+vip.			172800	IN	NS	b.nic.vip.
+vip.			172800	IN	NS	c.nic.vip.
+vip.			172800	IN	NS	x.nic.vip.
+vip.			172800	IN	NS	y.nic.vip.
+vip.			172800	IN	NS	z.nic.vip.
+vip.			86400	IN	DS	34207 8 2 DB3E27D9A9BF7BA3AD1E2A45D5D2B10486670711BE8D81F1487B01912F06A47A
+vip.			86400	IN	DS	40669 8 2 EB70A1F31A3C3B26E464DD98A97970001FC220021DEA2B4A5DDA68DE2C1DBF00
+vip.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . HMp1PoLWc9wHPn3JrS8hkRHdT4Gqjw/0zdO5P62p4dbl5urpowDGnfeKKf8WWbNZidETKFe0chSeELCpc19lwwiihaTxKUKKDFv61M4yDHzAQTIym8SVZWltNRLyc8pMYVL10+sccJllaVU0FmWj86NaCYgUdFEpJIASBw2ItqCHBr6paw+l014ekBIKPnZSXz/Qlcw0VLQYQy1jkmrce//PYeLneS1SZYx43xjqLbpOB8lwZ30+kD4pJkqqxutzB568OE1vEx0+twQacMrT9Cq59779BM7M6z5vdn9LrSygpC9wrV8k4bNhTIsfmpaDvJ8RQBW1umSiey1MYfX7Wg==
+vip.			86400	IN	NSEC	virgin. NS DS RRSIG NSEC
+vip.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . R59iTA9zwJ1DEqLbO3oSirR+Yd8OdtWnau+2ktvJRsrpTM5yAeEf3mEqCc1fhhDrUVXAD7huTC/XplhOOEhkjdl4BWksbBIJuxFFVmERST2IdhEU8i+g7biMiRcYjcVpc6U1eW4b6IiJL0klwpMIErR9zdxM+sGkLZ8cHw4omeGARZ4hnnqKjm3fR/Ru3Bs24QNDgKy9ncbwhv2AMR0VlUPqnUODe3lhDSJlv+cfh5D8EGxqdOAqvG7bIF33he5K8tLqyYLgrfxxpZiOtXKaPQq4id5Vs73HgsWBGDklJ5YnCAt26JdXeke5eKAP91ljKeDSw1qv34tFd3sR5r1Lsg==
+a.nic.vip.		172800	IN	A	37.209.192.10
+a.nic.vip.		172800	IN	AAAA	2001:dcd:1:0:0:0:0:10
+b.nic.vip.		172800	IN	A	37.209.194.10
+b.nic.vip.		172800	IN	AAAA	2001:dcd:2:0:0:0:0:10
+c.nic.vip.		172800	IN	A	37.209.196.10
+c.nic.vip.		172800	IN	AAAA	2001:dcd:3:0:0:0:0:10
+x.nic.vip.		172800	IN	A	156.154.172.82
+x.nic.vip.		172800	IN	AAAA	2610:a1:1074:0:0:0:1:82
+y.nic.vip.		172800	IN	A	156.154.173.82
+y.nic.vip.		172800	IN	AAAA	2610:a1:1075:0:0:0:1:82
+z.nic.vip.		172800	IN	A	156.154.174.82
+z.nic.vip.		172800	IN	AAAA	2610:a1:1076:0:0:0:1:82
+virgin.			172800	IN	NS	dns1.nic.virgin.
+virgin.			172800	IN	NS	dns2.nic.virgin.
+virgin.			172800	IN	NS	dns3.nic.virgin.
+virgin.			172800	IN	NS	dns4.nic.virgin.
+virgin.			172800	IN	NS	dnsa.nic.virgin.
+virgin.			172800	IN	NS	dnsb.nic.virgin.
+virgin.			172800	IN	NS	dnsc.nic.virgin.
+virgin.			172800	IN	NS	dnsd.nic.virgin.
+virgin.			86400	IN	DS	41930 8 2 64E74557CC76DD3BB05F8EB86EBF531B186D95E91BFDAA09F35FD620D960603A
+virgin.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . ywKN9HFKUsmp6roh6n014wviTlHK3zrYD/K2UTDuJH+GrR/9dvsPRxF62ATwsAV7t7bXkOrBl3fp7suyUiK/xbbGcMEw01OmZFLCUH745/3ppPxMfD5q7aG9L+6s/ljY9Eflhe3fZGtPeQYZV/8EfKzZge7wd83+HG5teHsQPrSkeDpi2OA2Vm4NrIl7pvMgAE9QytfYF/I63NonqGJZ3pHRyHoA9aDVREe0uvOAM1NJc97sNQdoWPNhGoiKqOyKlFF9nZdu5G/4V3TsSe3YVG7j8vCKvhY7l+BQdiVf/arMraixIPp8fhsvrbXPqm97HFw5cNg36Mo7mq7mXfqNpw==
+virgin.			86400	IN	NSEC	visa. NS DS RRSIG NSEC
+virgin.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . S5ixnjWVWJmKRNZWobQFc+QsBE1ShgIdTBPZhaWRo1eY0a2aghgco9zOQKcCFxVy1wUlD7FGT2kgBdbZnGNAJWJeBswfnO2vV74erJ2Wk/7D3WdmSo99oZ9ERL8Ah42us/Mq4GNF+ZKXxj3KKYAeAXqcqQ2OTByjL0R6i7/hl0cOM8t4BDrjmRlaMwaTCqyxNnuVKFno9Z1/zgnFAaM37DrZsQaegtGEmID8TEIoFfyATlt+1QEo6U+Z77V79LmsWovnTTic6ipzqe8Em07heNNdwBwo5yAyzv32BMWNaeCPY5nSwZVtFzq+4Ryz1kaf2mp53LIAPjMUs4WqN4Rfdg==
+dns1.nic.virgin.	172800	IN	A	213.248.219.40
+dns1.nic.virgin.	172800	IN	AAAA	2a01:618:403:0:0:0:0:40
+dns2.nic.virgin.	172800	IN	A	103.49.83.40
+dns2.nic.virgin.	172800	IN	AAAA	2401:fd80:403:0:0:0:0:40
+dns3.nic.virgin.	172800	IN	A	213.248.223.40
+dns3.nic.virgin.	172800	IN	AAAA	2a01:618:407:0:0:0:0:40
+dns4.nic.virgin.	172800	IN	A	43.230.51.40
+dns4.nic.virgin.	172800	IN	AAAA	2401:fd80:407:0:0:0:0:40
+dnsa.nic.virgin.	172800	IN	A	156.154.100.3
+dnsa.nic.virgin.	172800	IN	AAAA	2001:502:ad09:0:0:0:0:3
+dnsb.nic.virgin.	172800	IN	A	156.154.101.3
+dnsb.nic.virgin.	172800	IN	AAAA	2001:502:2eda:0:0:0:0:3
+dnsc.nic.virgin.	172800	IN	A	156.154.102.3
+dnsc.nic.virgin.	172800	IN	AAAA	2610:a1:1009:0:0:0:0:3
+dnsd.nic.virgin.	172800	IN	A	156.154.103.3
+dnsd.nic.virgin.	172800	IN	AAAA	2610:a1:1010:0:0:0:0:3
+visa.			172800	IN	NS	ac1.nstld.com.
+visa.			172800	IN	NS	ac2.nstld.com.
+visa.			172800	IN	NS	ac3.nstld.com.
+visa.			172800	IN	NS	ac4.nstld.com.
+visa.			86400	IN	DS	55863 8 2 B7D4DD6E17C137C8D9121055EC796100868870D2D31AC0DC5A2CE1972F692CB4
+visa.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . mJ7tadLceoIDY9Hb1e5eZhj1N2BmN2VPPK6rcvBB7vF+vMPvDX2c5VvtHXX5Ly9NRY1hNnkuYLJ1dDpIY0txXtd/NPhTnYaXnpsp63OhdZ31J27l1O5TogVwva/Yjq8fBzjAYEX3nx5rI/sLJIXQvWdqPS50qTSR6kM3g+5O9Hsjfe8SQY2medW2QQMXdOLGZvx6DrhYEs9DCVtJZIJpyU2jCyCUj/3BLDPT/mdl6QsPNFiQOxcEKdFKzZx8wkmwyiDW/9TlJsbNj1KTyQkO1ISjCFXboJNZ+aX9nDl/FdyXDLELccIkEkb6w9E7EOp2BT0V7ED+9hMWRyJLlHv+mw==
+visa.			86400	IN	NSEC	vision. NS DS RRSIG NSEC
+visa.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . b3rm0YiChNwWIzyFC2JrVE2qfmuckhkTHmJfmICsv5jOOrh8RqOsgkzvaKq0exmTMeNSuqDo/oo5eDF7aJvlQmhpWCgoH9yahotkaRPbSPZUsYMMGAfPhfmhss3bfYm5wTyu23sT0dCf49nEcv0qRj8MXK17QRyG4d85PktsG1znWcF/jA/VNYdwxL/XWSO1D9XaL7iZtOcFw3sAuopI8UZ+sd9MehY/f3eQ8l2WrTt1XQ+XgdulWo2bSMgK/yqF4oXGYWdCgXE9fPi3zrIE8X3wzA8CC8lyjsWH/BQwQ6Ufja7IzkOBXSUWE9hyw3Upn45NyzFbpiTnlSoFGz7WOg==
+vision.			172800	IN	NS	v0n0.nic.vision.
+vision.			172800	IN	NS	v0n1.nic.vision.
+vision.			172800	IN	NS	v0n2.nic.vision.
+vision.			172800	IN	NS	v0n3.nic.vision.
+vision.			172800	IN	NS	v2n0.nic.vision.
+vision.			172800	IN	NS	v2n1.nic.vision.
+vision.			86400	IN	DS	58084 8 2 4E659852DD1934D5E78A5E6600EBAD107682821E3BB5991F8B4BF8DFBC6927FF
+vision.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . sWOvTmRoVUDOv1AdDiDacluzvFNMljE9xuS5YcEDdefukwxk0zClnZGLjJMu5dttn8tX+XZiUxBwhK9fRUnc4lsPcWbQJcw2+oY7UkFEy7hZs270kDg76nQw+i1UpfWMuu1xdmRCjPTW/Htm0fbBcrxTM1w8rrBF48BuVK5IU1Voyv0776WQB3zBjZnJmbRcqYjaJmVnF05L6XHcw3le+qV2z+ssaIbVZqcCKoxmHN6fOPgDpx3ybo6MBK+Xteut9aHHynaqoTlf1J0hfcFw6/PsYuL4EIkOryWyTnTO8+2BCbi5mYsggVU6X/r2WK1kT+XyMvYLnHm0r9YgF2/SOw==
+vision.			86400	IN	NSEC	viva. NS DS RRSIG NSEC
+vision.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . VDbNos/ACwW3DqhhLCTBuy3JjQqf5hAWF6WZi3Macbn+YNyNFeV/pBAssYdoai+0UHORwEr78POGsp5YJSLlF/S9HTPImnu1OyxpxyERlke0gMR1l4jip9r4F7dbRaHWp4GKSW2OyghpVRp50tDuPZQ3/xHY8hCSX4CYVSkNEM17jD3QeygqLEJm7a/+5Vx80OR2zpwN087iYCqk7udnWI344IFpjvYKUpj9RGcRYCLmZ4QNwZWnzy1lVVfo1mtK9jlM2dTjnfEh04wVk7G4sRIOpuiKcz+b51Iy+3apu27Y6j5vOVPG3n2df9zeSQbz+MgYNSe/OuS8ZmtCFWMJ7g==
+v0n0.nic.vision.	172800	IN	A	65.22.24.15
+v0n0.nic.vision.	172800	IN	AAAA	2a01:8840:1a:0:0:0:0:15
+v0n1.nic.vision.	172800	IN	A	65.22.25.15
+v0n1.nic.vision.	172800	IN	AAAA	2a01:8840:1b:0:0:0:0:15
+v0n2.nic.vision.	172800	IN	A	65.22.26.15
+v0n2.nic.vision.	172800	IN	AAAA	2a01:8840:1c:0:0:0:0:15
+v0n3.nic.vision.	172800	IN	A	161.232.12.15
+v0n3.nic.vision.	172800	IN	AAAA	2a01:8840:f6:0:0:0:0:15
+v2n0.nic.vision.	172800	IN	A	65.22.27.15
+v2n0.nic.vision.	172800	IN	AAAA	2a01:8840:1d:0:0:0:0:15
+v2n1.nic.vision.	172800	IN	A	161.232.13.15
+v2n1.nic.vision.	172800	IN	AAAA	2a01:8840:f7:0:0:0:0:15
+viva.			172800	IN	NS	a.nic.viva.
+viva.			172800	IN	NS	b.nic.viva.
+viva.			172800	IN	NS	c.nic.viva.
+viva.			172800	IN	NS	d.nic.viva.
+viva.			86400	IN	DS	12386 8 1 4BCBDAA886B0DCE29C68A90C49A964D61E95C59F
+viva.			86400	IN	DS	12386 8 2 CFAE0771825B368BEB345F67A1A08A64415AF41076486890EB62C79A32113F71
+viva.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . ph53kYFDOg6V0cBroYJkKUghI28yT6FQ7Rx7/8mRQbfh9iyv6K4TP2EbOseQV8KSOq+kbjIEOfn/8zqKw72UDJK7xtd51Cr+7MovJH3kbw0lDwv3UVvlZdgHUl2x8dyLHgrcyjjXChg053pPcrp9yeho0afDygwo4Ex3rGNczbyy3ElLndDl/vriQE7hmXtUsTYlbbJsWMrFKQKdnify+GrFdvx/tSiMuvFkBPINQkq91F+QshMD5GqUAzTZy9ZeYU7fcGJIMZWxUsBb+26EtYviGO5NWX78DvESpj+ZBOiGcQTPo87DxqpGfqjoKKWGvPTFaYuyoJD3Io78qCeKfQ==
+viva.			86400	IN	NSEC	vivo. NS DS RRSIG NSEC
+viva.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . oTAJglOf99OTdp1WjzxSuUSJVnnPGVDXEWlwcFA3DfEeUawdqLCI6yGW9h9ylB6nx1W3CUJ0TLJm/L9b37hahjP2fY5rY7lvOHedp81FHcXvM6Ov/vWTj74Qgz9zFkoIdw1RYyh4goqMtxyv3KZ6skTelpvTPwveZoZG5YIEvaztGNoqPmHPGH4zXey50ipcYJT9cVlFONmLoZIqo8hGZNFM/tKy8JkTB2nsz9qR/apThQI4K6Pe3yvWbcWBtaP8ZXnKfagJBAMCIwTmH9NVdjCDLPXfID7fi497/davtZ8PxAsVyZcgxZQzlr7FSteaau4/F1gf+CmkuXR2I9rjfQ==
+a.nic.viva.		172800	IN	A	194.169.218.28
+a.nic.viva.		172800	IN	AAAA	2001:67c:13cc:0:0:0:1:28
+b.nic.viva.		172800	IN	A	185.24.64.28
+b.nic.viva.		172800	IN	AAAA	2a04:2b00:13cc:0:0:0:1:28
+c.nic.viva.		172800	IN	A	212.18.248.28
+c.nic.viva.		172800	IN	AAAA	2a04:2b00:13ee:0:0:0:0:28
+d.nic.viva.		172800	IN	A	212.18.249.28
+d.nic.viva.		172800	IN	AAAA	2a04:2b00:13ff:0:0:0:0:28
+vivo.			172800	IN	NS	a.nic.vivo.
+vivo.			172800	IN	NS	b.nic.vivo.
+vivo.			172800	IN	NS	c.nic.vivo.
+vivo.			172800	IN	NS	ns1.dns.nic.vivo.
+vivo.			172800	IN	NS	ns2.dns.nic.vivo.
+vivo.			172800	IN	NS	ns3.dns.nic.vivo.
+vivo.			86400	IN	DS	25072 8 2 D450EBD4DCF5F47B529804DD9DFCA7D2AF45D3C6B0E4F72E0393F0512196D5F1
+vivo.			86400	IN	DS	37450 8 2 94B4E1A1583215ADB71AAC0E4AEC100854CAA49827165AC3AD6C3627FCAA7DDA
+vivo.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . Y4XdB6KmSKFU7ZrH6Ic6VqsLHKFP8EuDqi8C1prBw6IJR7ekfdehqle/jjMUMSIoYcVQe6d+JAKxXxv0vrrQ6bSagjgSHhmFFrGgR9ivV3G1C6Oi5G110JyofMp/5WxQDadquLIT3s3MHp2YS3K6z+0O3egr2AqHqmaJWtKBBj5Np9fGKrIccRitipPR3wIUakxmAvP0KcWGCj+5PlEp/HMyermwTyrcESMCgNN0S93pHc7PSLWgAwt72f730icF1+aV23Sry5NmhF3j2UN52LGSFT4uJUMF3wDbZ8dwvqRzh/54PaqaEEA7LlcinzS33O2HwxEmBhiV72GEZ4hRKA==
+vivo.			86400	IN	NSEC	vlaanderen. NS DS RRSIG NSEC
+vivo.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . YmKLdiJDhKG7+sgo2Ws8fK8eYKbG0Q7qm/CcAI/p59qG4+2hS3GBVPsEL57/TvmNZro7pvCsGDRSg5+LuIQsMlmCyV1McH3GeOMkEh0p5bdjVNJ4qwrshVOJFLLnivL8Ee6yXynMjha8JF08LGYnZIDPrWe8b0IOqNSqjCUv4PCkna6Re1bnsdcsV8NfwO64Wu1x7d43jFYGRSFJGaj/TX4uH+IwtDwHw3chrs+UcIzsASFSy2HHuF7VVfC0w0BPo+sm1EDJpkMj5pZ1BHJI6HDo/OaplgEFJT88RitSz2aUHYywEUNNafCGp04037yjM0V3RoQQzb2xQ+1a5EFkkw==
+a.nic.vivo.		172800	IN	A	37.209.192.9
+a.nic.vivo.		172800	IN	AAAA	2001:dcd:1:0:0:0:0:9
+b.nic.vivo.		172800	IN	A	37.209.194.9
+b.nic.vivo.		172800	IN	AAAA	2001:dcd:2:0:0:0:0:9
+c.nic.vivo.		172800	IN	A	37.209.196.9
+c.nic.vivo.		172800	IN	AAAA	2001:dcd:3:0:0:0:0:9
+ns1.dns.nic.vivo.	172800	IN	A	156.154.169.57
+ns1.dns.nic.vivo.	172800	IN	AAAA	2610:a1:1071:0:0:0:1:39
+ns2.dns.nic.vivo.	172800	IN	A	156.154.170.57
+ns2.dns.nic.vivo.	172800	IN	AAAA	2610:a1:1072:0:0:0:1:39
+ns3.dns.nic.vivo.	172800	IN	A	156.154.171.57
+ns3.dns.nic.vivo.	172800	IN	AAAA	2610:a1:1073:0:0:0:1:39
+vlaanderen.		172800	IN	NS	a.nsset.vlaanderen.
+vlaanderen.		172800	IN	NS	b.nsset.vlaanderen.
+vlaanderen.		172800	IN	NS	c.nsset.vlaanderen.
+vlaanderen.		172800	IN	NS	d.nsset.vlaanderen.
+vlaanderen.		172800	IN	NS	y.nsset.vlaanderen.
+vlaanderen.		172800	IN	NS	z.nsset.vlaanderen.
+vlaanderen.		86400	IN	DS	9286 8 2 F04E1190A18D3E63B8FD5261768EF06F8FA5F27F80F39C54AA81753B203E05E7
+vlaanderen.		86400	IN	DS	54397 8 2 2D655A3F1A0C26AD210018757FFBB754B2C4B167673283DDC1496C614AE7A9F5
+vlaanderen.		86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . Sk+Rqgx0tJiAjD1gozfUiHPTZknFuN1IEqcTxIsoyUaJr/NORXHjA8f9QWEPmGPRzz77Ci6NrvhIU2JhBU78ni2hTO5ZOf6C1ot+GrKGQfAJcUiG5kLJgi59s4R8GFkmGCtKgWO7SV7W+NHLhW0sT8MUF5jY6uvG2B7JR0rOFqEG6ka7T+lwhfVyDpJAiJjxHZEbbYWoelPAn/eM0YJM7IpYW95aN9/p2M87znAuIXsLGVfQEGqVvha/zJ4sRR7SxdzTE+UuZqQSoW3Ez40MmT3+f+Keu9T/rpRpjkGeEEQOwmQZOliW8D7zkjNXG33CsYZyATwQ+hb6qXrS2KGXeA==
+vlaanderen.		86400	IN	NSEC	vn. NS DS RRSIG NSEC
+vlaanderen.		86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . XoaGAPjDn6mPa0c+vJvulUWnHjx1Jgx5p9AYx0XYZzFTtdLlB8Cwy7URqpP25LcOgQ62DH+MF8E9+C/RylDtdAAaQOtzOsBlAHJN5pLOP4Je1C88OwXiyhHBJt8404FfmF4GuckITbuWXjHunKZLXq11KIRysVOwIaVNBeqDFTV0AKxh82rX1WLX0d/CSe5NCmc1B0TNx1WtjyALZ+bQn5oaSnohblfz/xZF9UrGOCIzhYs47j1bxPqRi2/7hLWGv13563KuGETxW+D4uEk7SNHwnJoYf3KdbKVhOzo1rzV4KNX39S6RpumjCap5GBx+mG6+mDbO9ZXDJ3ATo01EMQ==
+a.nsset.vlaanderen.	172800	IN	A	194.0.6.1
+a.nsset.vlaanderen.	172800	IN	AAAA	2001:678:9:0:0:0:0:1
+b.nsset.vlaanderen.	172800	IN	A	194.0.37.1
+b.nsset.vlaanderen.	172800	IN	AAAA	2001:678:64:0:0:0:0:1
+c.nsset.vlaanderen.	172800	IN	A	194.0.43.1
+c.nsset.vlaanderen.	172800	IN	AAAA	2001:678:68:0:0:0:0:1
+d.nsset.vlaanderen.	172800	IN	A	194.0.44.1
+d.nsset.vlaanderen.	172800	IN	AAAA	2001:678:6c:0:0:0:0:1
+y.nsset.vlaanderen.	172800	IN	A	120.29.253.8
+y.nsset.vlaanderen.	172800	IN	AAAA	2001:dcd:7:0:0:0:0:8
+z.nsset.vlaanderen.	172800	IN	A	194.0.25.19
+z.nsset.vlaanderen.	172800	IN	AAAA	2001:678:20:0:0:0:0:19
+vn.			172800	IN	NS	a.dns-servers.vn.
+vn.			172800	IN	NS	b.dns-servers.vn.
+vn.			172800	IN	NS	c.dns-servers.vn.
+vn.			172800	IN	NS	d.dns-servers.vn.
+vn.			172800	IN	NS	e.dns-servers.vn.
+vn.			172800	IN	NS	f.dns-servers.vn.
+vn.			172800	IN	NS	g.dns-servers.vn.
+vn.			172800	IN	NS	h.dns-servers.vn.
+vn.			86400	IN	DS	16196 8 2 CB68C5384104B31E1D9CBC1C45F861A92CDA9D8121AFE76F9A8978527983FD99
+vn.			86400	IN	DS	16196 8 4 276643F5EF43A0610277C06CC5261056728450B1584B34F6D19F4C5BD9DD1DEFF2D5D3CB805B86718B1E0778682AFE91
+vn.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . Q0rKejLTCJKvAlRIl/UCZ5Mrc3LDJVEhD3bAvJOXEXhfVVIpPkieHZXihMLW1jc+tWhW/L8QgYQ5eiX0wi9rvrMZG1SeIvs6hWjrb8U+cFVK1w+hpOZ5qdF43A0CbcnXKPFohUaYQum0wcB4XtOi73E6wNROe2uzVcJcwdZNd1RZANmAbRJsnKnb4REhaZmhSwlIWRwLc58EUlfk3lWqKH5ssLY9Cv5sptlirtE319/gjwf2Pk5C8UD/mCexWWqklCre36TDgCdpnprSHAyR+9lqgzIPNuQ/UHutKwiXOnloKnVAFJx3doJ7uS9mSJc+Sr7bvZE6EzzZSwLaRSAbIQ==
+vn.			86400	IN	NSEC	vodka. NS DS RRSIG NSEC
+vn.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . pGlWTqWZXwc4qycFeDkNgDOShX6MWbP/xGdlSYVKzETAKc5d9jzK8cuj7fHUNhKPITJmL66N250VW9Gjgi7/CZkDj2DrPypO9iivhfvJ5xuNl3uL9u7W+0EGbSko4u2g0tT/P8UzcLTI89bVCpb0aiRpose1E+GV55kOIYH20gyQIPewVLS6PKkW4v4miCyjjJbNEKB6qmG7pPfrKl60m+HN10TY5avBJ3NouL0ez8EeACmgnsrhsLMxfMHRp6JQMbbmDYb+JHQmwFzUsYUN7ccdNeGpyrDrmW9ykihM9myz/CdDBAhk8RO2z753r2evqwpc0UEBYaRJb+OzTMm2vw==
+a.dns-servers.vn.	172800	IN	A	194.0.1.18
+a.dns-servers.vn.	172800	IN	AAAA	2001:678:4:0:0:0:0:12
+b.dns-servers.vn.	172800	IN	A	203.119.73.105
+b.dns-servers.vn.	172800	IN	AAAA	2001:dc8:1:2:0:0:0:105
+c.dns-servers.vn.	172800	IN	A	203.119.38.105
+c.dns-servers.vn.	172800	IN	AAAA	2001:dc8:c000:7:0:0:0:105
+d.dns-servers.vn.	172800	IN	A	203.119.44.105
+d.dns-servers.vn.	172800	IN	AAAA	2001:dc8:8000:2:0:0:0:105
+e.dns-servers.vn.	172800	IN	A	203.119.60.105
+e.dns-servers.vn.	172800	IN	AAAA	2001:dc8:1000:2:0:0:0:105
+f.dns-servers.vn.	172800	IN	A	203.119.68.105
+f.dns-servers.vn.	172800	IN	AAAA	2001:dc8:d000:2:0:0:0:105
+g.dns-servers.vn.	172800	IN	A	204.61.216.115
+g.dns-servers.vn.	172800	IN	AAAA	2001:500:14:6115:ad:0:0:1
+h.dns-servers.vn.	172800	IN	A	202.47.142.105
+h.dns-servers.vn.	172800	IN	AAAA	2001:dc8:6000:0:0:0:0:105
+vodka.			172800	IN	NS	a.nic.vodka.
+vodka.			172800	IN	NS	b.nic.vodka.
+vodka.			172800	IN	NS	c.nic.vodka.
+vodka.			172800	IN	NS	x.nic.vodka.
+vodka.			172800	IN	NS	y.nic.vodka.
+vodka.			172800	IN	NS	z.nic.vodka.
+vodka.			86400	IN	DS	9085 8 2 4A2F917B298B97A57BF484931C74134A82B3EF0CE16DA123093C509EB9EA153E
+vodka.			86400	IN	DS	62887 8 2 7286A1B64C79D57E7D499442EDC470AA0685280D2DC642AF97615E215154A50B
+vodka.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . xj9NPmAo/2AhAFbQ9oMh3NZBs2twtcHT6vcCdMOfjvcz0Sl0j9g6hit3ZACZ6fmc3Nk8Qrbkiq7Pgg9KvHJt+Z1SQxbzHdsr/339b7VFLvYlPx5radJeZm7njssuJ2UIc5EqnW7eWdwZUtPsVesAHDY2k+VD7ZYwVXvXUscxb2baaBsFODnLhMJJ/EChLOEwJx3XdLCSteqIuyOm/xqfQPUjxjm4ZKNL9+ci6XGrEeKfEuXHe/SZg9N2QPtoh1pWtFHt9674Nfjr7n0RzmHuDrJO0GUGRZTzHtT0PkNnRDaRfkh8RMKhJS+HMw9HONLXSC7vXnGeI8ODLagIgndszA==
+vodka.			86400	IN	NSEC	volkswagen. NS DS RRSIG NSEC
+vodka.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . Wtn7eNsY3SuT43Pdr0kJERSh4PVx58z7k8RD8eJeBqYJ/xMdqeMe6wdTryAf52f4C2AZlsvBqR0EKjhc4jUjex8vfsrB2CxrHv2uaC1yH/vReQH9EHu8mq7ZjmtTvxrW/PEoDxvs8UdRlUdbBI8RIwW4+cimOzsqBycRvnfY8nSY+NNATbTMVLqmzVw327A3YlggHDiPTFEbivsHRl12iKJGrThxZS+6HzQc2GIvMOR64GmcmI18G7/AL4DDiQT+TNXlg70TXcRhc3rzCszWMIBT5OEFJm4ce2NSZSz5Gb0TZdP8ClBfC1QWr5zlOMaPwHxGJNKNY5qgnUVwqsekKw==
+a.nic.vodka.		172800	IN	A	37.209.192.10
+a.nic.vodka.		172800	IN	AAAA	2001:dcd:1:0:0:0:0:10
+b.nic.vodka.		172800	IN	A	37.209.194.10
+b.nic.vodka.		172800	IN	AAAA	2001:dcd:2:0:0:0:0:10
+c.nic.vodka.		172800	IN	A	37.209.196.10
+c.nic.vodka.		172800	IN	AAAA	2001:dcd:3:0:0:0:0:10
+x.nic.vodka.		172800	IN	A	156.154.172.82
+x.nic.vodka.		172800	IN	AAAA	2610:a1:1074:0:0:0:1:82
+y.nic.vodka.		172800	IN	A	156.154.173.82
+y.nic.vodka.		172800	IN	AAAA	2610:a1:1075:0:0:0:1:82
+z.nic.vodka.		172800	IN	A	156.154.174.82
+z.nic.vodka.		172800	IN	AAAA	2610:a1:1076:0:0:0:1:82
+volkswagen.		172800	IN	NS	a0.nic.volkswagen.
+volkswagen.		172800	IN	NS	a2.nic.volkswagen.
+volkswagen.		172800	IN	NS	b0.nic.volkswagen.
+volkswagen.		172800	IN	NS	c0.nic.volkswagen.
+volkswagen.		86400	IN	DS	52507 8 2 10DC75D4A1277934C86BD53C004EC0109396F5CDCA83C2B25C09CBDFE59FF6E5
+volkswagen.		86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . BGEG9S4aQ51czNcUijKUx5mQgMfhBc74PsospgqUHgkFfwjzeBVA/8ieaQWcawKXfXa5LE2ScLM8miMUT8BMxiL47nZcsYCpQRFzHsXrmJ4CexxfLj7paFwKYl3cXE2k9GrXplhXTSEo4KElUfLo+NPfwxfyk8724tgcF8b86ykWlKVmnW5PnDQXTKJB54rE6MGec8clJuWijzNo8Theg6XiVtE+Di5dSEpuAiAyrfuSSseYpOUxV6bOmUjU8Mu4+l701x4fWex43nvs1lnI9TbUYRrFFG7McYrdEwCy4G6Gt/jUgUBbiPUOmoDLK4BHLs36ddJiRp99fqMio02FPw==
+volkswagen.		86400	IN	NSEC	volvo. NS DS RRSIG NSEC
+volkswagen.		86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . xC2O5fCaT9dBB4BmNK9XNlfHR2jsd9OtO6IHPD2dSTG97pu8yPwGc53ZhJiut9vvk4TlhU7XGE4ysNFXHI0JC3/U8SiiX89rJz2EdvctMk+UJS4KnuepQfG+Dk/EhQzngfTm+k09aJnYqtXo9HbdHxTr5HvDaZmfC/e5nPaP96TgTXxuwYjwxU1UGYJjGrKDoMg0YA/9Un4oOw0V/xngcipb6AS7mcWHVDb3XRkRlo+sLzuG9VxUlzmZUPyY2oyemkNp1YaxojBnOkUuVDdrheiwj4AZ6OCf9QEANTQH/omPNrngWC6oBbohx8Gw6WTVg8kGm2jNuk3xVPnpchfckg==
+a0.nic.volkswagen.	172800	IN	A	65.22.208.25
+a0.nic.volkswagen.	172800	IN	AAAA	2a01:8840:ca:0:0:0:0:25
+a2.nic.volkswagen.	172800	IN	A	65.22.211.25
+a2.nic.volkswagen.	172800	IN	AAAA	2a01:8840:cd:0:0:0:0:25
+b0.nic.volkswagen.	172800	IN	A	65.22.209.25
+b0.nic.volkswagen.	172800	IN	AAAA	2a01:8840:cb:0:0:0:0:25
+c0.nic.volkswagen.	172800	IN	A	65.22.210.25
+c0.nic.volkswagen.	172800	IN	AAAA	2a01:8840:cc:0:0:0:0:25
+volvo.			172800	IN	NS	a0.nic.volvo.
+volvo.			172800	IN	NS	a2.nic.volvo.
+volvo.			172800	IN	NS	b0.nic.volvo.
+volvo.			172800	IN	NS	c0.nic.volvo.
+volvo.			86400	IN	DS	3397 8 2 0BB2AD4280D93D2C86CDD0DC7CF335C35B50FEE80E6E07C25A061C76A506A006
+volvo.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . mfu9MhFy6KMGAgVjArQ+452CuVPM6znprttljtgE8iWztu3M38vI/MCwgOJhrfygaQgwog0H6UrmhUsMc5moFWYFCdmd39cmcGd8VZ7HzvT2ei5EhqL4rErtLf89FVSeV6gqobtZrYRzgDsB5dmUm5vTWpcxpQFohb968sYAzt1Pob5P4Qi1K6RQaLmBDIrNRZf9gnbRECURF7HTFVpDfHIDrQbTJsIskHEnGBhzsOmQRjOCx7tukWcCqaxbHHy0Ty7LMlqxM5J+MKTNSsKUJQ63j85xYFokrY71KSo5aMV/DOa3v2hiU5UYLhn50Zj4Y9SIpelGdqckMEaVmFkJXg==
+volvo.			86400	IN	NSEC	vote. NS DS RRSIG NSEC
+volvo.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . J+PCfSRbXjoZWuhoPq9tL6a/4Flc+No9xSLtSi61mnQEkgChccgQLSSlfQp+Tpofct3kfM7/4sbofsqytjKVGZltJ0dqRLXcisYC0H9Lewk6WW+39rwe0DGRBrERqPXIChS0BFwOPRSS4qYLtzjKxM0ycTJi0lwesmcPoAu/B6ED4CuZ2l8TpxLro2KNCtiyLFQ0aQlDe/cUbprBCb7feiRfCC1QeqZMCJPtWVyQ1fIQDUtCdZXoKIE4Y1DjqbF2cGzBE53DWVyAw+VBy1hw1UJiFdly3HEJJg3lP3ptxD34jrc1uVy15hyXuHEOlOeOtroPnTzSsul/meuPF6besQ==
+a0.nic.volvo.		172800	IN	A	65.22.112.73
+a0.nic.volvo.		172800	IN	AAAA	2a01:8840:6e:0:0:0:0:73
+a2.nic.volvo.		172800	IN	A	65.22.115.73
+a2.nic.volvo.		172800	IN	AAAA	2a01:8840:71:0:0:0:0:73
+b0.nic.volvo.		172800	IN	A	65.22.113.73
+b0.nic.volvo.		172800	IN	AAAA	2a01:8840:6f:0:0:0:0:73
+c0.nic.volvo.		172800	IN	A	65.22.114.73
+c0.nic.volvo.		172800	IN	AAAA	2a01:8840:70:0:0:0:0:73
+vote.			172800	IN	NS	a0.nic.vote.
+vote.			172800	IN	NS	a2.nic.vote.
+vote.			172800	IN	NS	b0.nic.vote.
+vote.			172800	IN	NS	c0.nic.vote.
+vote.			86400	IN	DS	62749 8 2 101D2AE9C31FBE10078E74D477010AA5C8966D814421123A893B8B0E7B46891A
+vote.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . S1wyMuqrj520qTX6TJPlAu9oAQ2L0RGzAuttJEC5TcpTkZ9r1vhqeDRFxmpZh2VghblwAimxcuo8k4gZbnJUkPOPsgpAQR16QP187U+q0bRHu52C559yy2wK0Ke4zpW7HYNIctbDoBRBpkGy6fQHVCK515lxu7qqnv2dRa0P2vF4p5lpIZDLmRzJJhyaJtj/vWH1nFbivI8B7JT7GysJh6X/8VJ6jP6C4VtS8Sh0j/mmNwOIZbWF65koNavlEuc5UDWinkE79ZyvJ8b1VX7PGkY/76ORpGpdZkGy8oYXAybnBtXADaO+lE73I/X7SpmV6x7gHFhBvaYgzWD3NtQUwg==
+vote.			86400	IN	NSEC	voting. NS DS RRSIG NSEC
+vote.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . WjdjJMPqHwArzTJs0CxKFoU+ZKuS4JX+tnSdnftGD6rA9BqAwaTJmvmXpkQGjlVH4hZtNbwCzepZfqakyLNiPocIioLdZlz9bkJyLznbh5e6wfqVziIgTFk6XWkk4uGApmPzPntJAdF/+zaiQQvl9Ibvm9Bh5CGR+hykKSnwNLQ/bM/YAq8PAV+jVV3hgU/OMiojBhd3KBvZa+i3HeSa/jayFwldj1xZPXLqlrZISIxexl6DEdSsBgVoizsu62ITm6sazju7q23nOuAnJnQN0nCU4uVckmIHbH2Wsk++RzvIaY34P79o/XJ9wDQVEcNcLgPlx+T55YfPVX8YBntNmg==
+a0.nic.vote.		172800	IN	A	65.22.168.9
+a0.nic.vote.		172800	IN	AAAA	2a01:8840:a2:0:0:0:0:9
+a2.nic.vote.		172800	IN	A	65.22.171.9
+a2.nic.vote.		172800	IN	AAAA	2a01:8840:a5:0:0:0:0:9
+b0.nic.vote.		172800	IN	A	65.22.169.9
+b0.nic.vote.		172800	IN	AAAA	2a01:8840:a3:0:0:0:0:9
+c0.nic.vote.		172800	IN	A	65.22.170.9
+c0.nic.vote.		172800	IN	AAAA	2a01:8840:a4:0:0:0:0:9
+voting.			172800	IN	NS	a.nic.voting.
+voting.			172800	IN	NS	b.nic.voting.
+voting.			172800	IN	NS	c.nic.voting.
+voting.			172800	IN	NS	x.nic.voting.
+voting.			172800	IN	NS	y.nic.voting.
+voting.			172800	IN	NS	z.nic.voting.
+voting.			86400	IN	DS	9277 8 2 721CD786AA7F964EF0B943A67BEAA4333756F65771475F91678C536616E2037F
+voting.			86400	IN	DS	20254 8 2 8C2FEA117F4531A3DBD045F935E0E412A8BC7546104BC003D5FC4357AA9AEBA4
+voting.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . rENWb+3SdXrjk07Vo1/CRmJ1akG5uD4oyWqw7Pkp3yJfIOQfCD9mpPh2wLCOk8n7EDYXPZsWBhJRb3qWyWwbCFUBxU2+4l40G3STbJP+VTutpGAUXucZzxr7BkOWixAwZqsKcX83g7zWv2ypXHK5ORRlIcqsuOJC99EDIPOgoFNrv8BuEbl9pUL0ekQhFZLglxVxg//+ME9HkfxmDhQDtOXY+9yo4/qioEcJSy9s2v2sFVUz+vkgkXA9JgBxxgmTViEPX4yiS/ReukZysnvWSlHuULJxb+3y92ijOzxsurCVnfIqbKaD/pfQMDJKaLwEWIydmHuwsfgKd5Qq4UFxYw==
+voting.			86400	IN	NSEC	voto. NS DS RRSIG NSEC
+voting.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . d8HqgeRiImX0zPtMzDy67kut7h4+dLWetslg20vA9g//8GbW0BizfxihL2TWSZJW9qMw2488ouA19MSbXKCo2LtJ9rEWUlAeuoUqphn/8LXB0OmX2O4ecU79bPK5pPwx2MissdxNjxo0bdpCDDgetURotjY9tQLBtY1sCZ7oKq6rCU5BHnA6pTa1JyJf/xnv8PSbh89ojF7Q5Ahl064UVrBtgZ4i8ohrR1TKMwRLu4G5gX0OhfAVZaxTu8t63+mh8wzzWYWP5p/9wWobQrTFPWz/muBbL19eOBB4hNHhD2p6wOmDpGk9eHudO3uZYlXJYS+oHtTXliixETSg+nafbg==
+a.nic.voting.		172800	IN	A	37.209.192.10
+a.nic.voting.		172800	IN	AAAA	2001:dcd:1:0:0:0:0:10
+b.nic.voting.		172800	IN	A	37.209.194.10
+b.nic.voting.		172800	IN	AAAA	2001:dcd:2:0:0:0:0:10
+c.nic.voting.		172800	IN	A	37.209.196.10
+c.nic.voting.		172800	IN	AAAA	2001:dcd:3:0:0:0:0:10
+x.nic.voting.		172800	IN	A	156.154.172.82
+x.nic.voting.		172800	IN	AAAA	2610:a1:1074:0:0:0:1:82
+y.nic.voting.		172800	IN	A	156.154.173.82
+y.nic.voting.		172800	IN	AAAA	2610:a1:1075:0:0:0:1:82
+z.nic.voting.		172800	IN	A	156.154.174.82
+z.nic.voting.		172800	IN	AAAA	2610:a1:1076:0:0:0:1:82
+voto.			172800	IN	NS	a0.nic.voto.
+voto.			172800	IN	NS	a2.nic.voto.
+voto.			172800	IN	NS	b0.nic.voto.
+voto.			172800	IN	NS	c0.nic.voto.
+voto.			86400	IN	DS	26875 8 2 847371B1A0A21AE134A0E0C15B0E505BB4C88A26ED401DAFF4F4E8794C5B31A1
+voto.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . zESjSs0nIRjnVxGsXM80/+B54rzVhcIztVm91DH/xCukwwKkSm2u2BtOosnV6TBsaHrpBc9spJRVD+DzIBinPDsTMsSlUrwABHVk6xA1c9Y4bh1+rGgPzuUKS3fM8g1gY/2B0TIocri3yU6aXGgTvelFLpnssENb0uZN9/cDGYxsc6Tv6WbMVqbjwMXV1x/zq4RUetW60lPiIL2NQXcMvCRSixgqnDuM8hTbBhuCsvGR3hcq0+w/cBPiARKCTvwd9JJjFo8Coc5o2jvC2IDa0scE+GoDSuiFMHf0sh0SknxbEPmoFU+6fpSg0ctoubOvLFk3q7ULqfQIDS1f/meDDw==
+voto.			86400	IN	NSEC	voyage. NS DS RRSIG NSEC
+voto.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . Z3ogOZ5jRi9EiYuVqO7UrTiCd6xYhkvrAPRa0MiuVDwNucVR167EQTj5gW6Hx58ttjQlji+uKOeOP8oHPb0tI7x3f9QLgxoDMXB+oklpWdQr+Zg7hl52sMhYafRN2pF4sURx9i872b7vRO2jXJ6oa3iTOAf92+7qAjJSq8KTHpKa2+R72sWBeWA7132Ny90EMhVrCPgALGl5AA+9cykk62i08qrbPwFfHivU93R3U7BBeJNozgyLpTAGLg6NmZacV9VQ7rLi0r0Araeieh+7TnL5oP/wLEkmj2NkwnuMRwux0OJ2IAxf266Qjez93qZaIcKzW1RGreULksyV9wKrtQ==
+a0.nic.voto.		172800	IN	A	65.22.168.1
+a0.nic.voto.		172800	IN	AAAA	2a01:8840:a2:0:0:0:0:1
+a2.nic.voto.		172800	IN	A	65.22.171.1
+a2.nic.voto.		172800	IN	AAAA	2a01:8840:a5:0:0:0:0:1
+b0.nic.voto.		172800	IN	A	65.22.169.1
+b0.nic.voto.		172800	IN	AAAA	2a01:8840:a3:0:0:0:0:1
+c0.nic.voto.		172800	IN	A	65.22.170.1
+c0.nic.voto.		172800	IN	AAAA	2a01:8840:a4:0:0:0:0:1
+voyage.			172800	IN	NS	v0n0.nic.voyage.
+voyage.			172800	IN	NS	v0n1.nic.voyage.
+voyage.			172800	IN	NS	v0n2.nic.voyage.
+voyage.			172800	IN	NS	v0n3.nic.voyage.
+voyage.			172800	IN	NS	v2n0.nic.voyage.
+voyage.			172800	IN	NS	v2n1.nic.voyage.
+voyage.			86400	IN	DS	25570 8 2 E17EA6FE786D37D2884B4EB52AE275EC41C4265AA252E2469396FF49878170C5
+voyage.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . hoNfdGrq9lfojMqToanf9HC7yH/67ErkmfweIeXUcZ7pwkESVhlEXs9NhJLWoqCvB9lmb5YkgvLaPDdQRD6UjcRZujI5YFuZLpl8aM2FIFaLqv40cIW6NmI/Nx64k8RbjBUzRYM5+loTKTDFB9pwmFlhEgKObZrHNuIO1QMzwk7bYNP8vYvcPJLRkn97zuoMwWJNj6fA5oPFKnf8BHVL/fhSE4tCyM1sLHuXauZ4nwgSXLI/jBzy//GFgBZkWwRBcZyrqsfMm+A5swbsDTt4/Vrpc+EXvNzLOysTcptgFBG9hSfwN6Wlv7sj//KjKATf+lZjuK7XF92brQMczFqMBQ==
+voyage.			86400	IN	NSEC	vu. NS DS RRSIG NSEC
+voyage.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . v/xEP/8yDpacaltwnoKjeYWHX4J8Sud6Ms8kl83D8QLuoluR1fjvD4EwWxRJ7tkpbOwnKXvyPPcWNga6HJ/rJOBhyNqUtrJyqSi3MBx4WKphTf+umSPhPYtMIm+WHhFVrishy7G8bSCxFlwvgR9+tameXt2CiJnUQVdVgW0F69hBDW2UWHXVeLmNMxmvusEawFK7vccABsWXSw9rxb7VfhtGsDTYCAOcXrJhNu8wkjcmJ7/q/ygf0VjqPPyh0St+6vh/FBZ9Af8JrQVGLr1mkqod/tJakeOncBmh5wIr5JxbbWgPwAg+SUVXskYjVlDxOFfoL19sQh1nkpVzhT5BOw==
+v0n0.nic.voyage.	172800	IN	A	65.22.32.28
+v0n0.nic.voyage.	172800	IN	AAAA	2a01:8840:22:0:0:0:0:28
+v0n1.nic.voyage.	172800	IN	A	65.22.33.28
+v0n1.nic.voyage.	172800	IN	AAAA	2a01:8840:23:0:0:0:0:28
+v0n2.nic.voyage.	172800	IN	A	65.22.34.28
+v0n2.nic.voyage.	172800	IN	AAAA	2a01:8840:24:0:0:0:0:28
+v0n3.nic.voyage.	172800	IN	A	161.232.16.28
+v0n3.nic.voyage.	172800	IN	AAAA	2a01:8840:fa:0:0:0:0:28
+v2n0.nic.voyage.	172800	IN	A	65.22.35.28
+v2n0.nic.voyage.	172800	IN	AAAA	2a01:8840:25:0:0:0:0:28
+v2n1.nic.voyage.	172800	IN	A	161.232.17.28
+v2n1.nic.voyage.	172800	IN	AAAA	2a01:8840:fb:0:0:0:0:28
+vu.			172800	IN	NS	ns1.tldns.vu.
+vu.			172800	IN	NS	ns2.tldns.vu.
+vu.			172800	IN	NS	ns3.tldns.vu.
+vu.			172800	IN	NS	ns4.tldns.vu.
+vu.			86400	IN	DS	32778 10 2 E9A2E16E09E41F325DEB3B58A721D9980D0942E19E7C41B44FD4B2BFD8611E08
+vu.			86400	IN	DS	50412 10 2 49257111E03AD5F8C450F8330F101B87B84F82251FA54CE67C832B7EEFA45232
+vu.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . ttQICJ/8YQxhBsWnEC1z3zYLyq41JnCJuAmk+8BtdhsLTrVykf9Av7QHHzau000SvVjygoVsG8h8YkYH8ygwU4pwFSGzAFgIVpd7xVMVvYqJowMqXTGPov2kROQuAcnaLY6PvT8v5ipdMyCRzeWHusISNW4IS93CNSzU5itchShmm+TENBf0AbPYQq2Lyz9OjBKo5K8+Gs7XHkX45JWoa9Xp2rF/n5g01Y/vd2hKSdTQY+2+wHHvvUIZrPCYqhCAQTrGmphYrpKq2MFLCrELL2FiTiWkYVA+H2Lvbq95P2VtL+mCXEKMSnqHZZVv0YzkJRhMD1ADDwS/itZFhNULWw==
+vu.			86400	IN	NSEC	wales. NS DS RRSIG NSEC
+vu.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . bImgw5s54+eLkEMLkzS6dMY0ac3zDco2hYw4qcSMXypF2KQw//EF80sv8K8RfOwuBmoOLxC2a+gx0lWfswjwQiPdfD1F06P11obXNxMkk0CyDTW9zvzRvsHY7BRT4Q9C8Ksupg3/Rz7yjd2vg1ZkYg+OgIhG33DLPjM+G68bxmNpBpZbdPUmQaX+EhtOg5riXu97qFj6uFFxeb7Nwu3Fkud+WxJ7L2OGXcjl6dPxHhMn8hGuXM5bSMmPWSJsZEn3TEn1Wo0hOKR9HmqEWGJBMnDhKTxdvWdQsICNv2dbCVUGVKIbhRRcQbQXwuoh9xgMMKEZiMWcAeoFHxM505ZUiQ==
+ns1.tldns.vu.		172800	IN	A	37.209.192.6
+ns1.tldns.vu.		172800	IN	AAAA	2001:dcd:1:0:0:0:0:6
+ns2.tldns.vu.		172800	IN	A	37.209.194.6
+ns2.tldns.vu.		172800	IN	AAAA	2001:dcd:2:0:0:0:0:6
+ns3.tldns.vu.		172800	IN	A	37.209.196.6
+ns3.tldns.vu.		172800	IN	AAAA	2001:dcd:3:0:0:0:0:6
+ns4.tldns.vu.		172800	IN	A	37.209.198.6
+ns4.tldns.vu.		172800	IN	AAAA	2001:dcd:4:0:0:0:0:6
+wales.			172800	IN	NS	dns1.nic.wales.
+wales.			172800	IN	NS	dns2.nic.wales.
+wales.			172800	IN	NS	dns3.nic.wales.
+wales.			172800	IN	NS	dns4.nic.wales.
+wales.			172800	IN	NS	dnsa.nic.wales.
+wales.			172800	IN	NS	dnsb.nic.wales.
+wales.			172800	IN	NS	dnsc.nic.wales.
+wales.			172800	IN	NS	dnsd.nic.wales.
+wales.			86400	IN	DS	64480 8 2 5A296B3D4CDAAF2BB3B243EC31F31B283782BD5A930F84741AA3DD3CCDED6A6C
+wales.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . u99kD9/TJjsPt05J1uJhqE5oetc7au4KmWep236H3odz96nKB3S5SbPfovsD/8gIP03Pj0KaZnbwowcEr8TY18DX60c2PX0/vdLXHKFKmBenCIrUvaIRLtfj/0cfYcqogiszmzgy8ks06/N4V7N/phj36KZI7Ov63/dpsS9+GNAcP3gPVw/1SacMf8Wj0iXLxjdmt/s9Y1tNgIp3sKbQXkFQjHNWX6et37h+9/p/XEMMFTlJ0MZ3YbHn7Xq4ZmeCTAQfDYr/8dK/K3zlfUKKiFg2ifkLVBNJWNjx1mb7orhXwHH0shgHFgN6Cu5uX5CZKmaRHPnBGKYwGf9wLfUYtA==
+wales.			86400	IN	NSEC	walmart. NS DS RRSIG NSEC
+wales.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . QB1G2Czv3ey03j6VfRABBsOIwk1j+X7om5fX5E40YZJ3szBTsGf11EyYMIpY5gAneawOXkPu9zN7Zx8CpzWaQHiuKsW9hhjUrqSN4Ylop3zeDqvNauNIyRCO/6Guxp+/uO09+FvlWYX4LdzDwbvBd+70xhWscBg7acXe6e2YWnjmZhQl/VtvXa9N51Yp/5BcQIddVV4QvpH01kgdGjfUL3jV0FvcwjcE0/+CuzyyxiyrUIHz5meKqF0BV4o0PwUdN4LkeUP2IUsKA+FhHYuSk1lRtmebnHXnYnEb+viktl6/PcoAag6FklhFxx7DUpcHKBEI72Q4GfuIX0WKe/F5Aw==
+dns1.nic.wales.		172800	IN	A	213.248.219.2
+dns1.nic.wales.		172800	IN	AAAA	2a01:618:403:0:0:0:0:2
+dns2.nic.wales.		172800	IN	A	103.49.83.2
+dns2.nic.wales.		172800	IN	AAAA	2401:fd80:403:0:0:0:0:2
+dns3.nic.wales.		172800	IN	A	213.248.223.2
+dns3.nic.wales.		172800	IN	AAAA	2a01:618:407:0:0:0:0:2
+dns4.nic.wales.		172800	IN	A	43.230.51.2
+dns4.nic.wales.		172800	IN	AAAA	2401:fd80:407:0:0:0:0:2
+dnsa.nic.wales.		172800	IN	A	156.154.100.3
+dnsa.nic.wales.		172800	IN	AAAA	2001:502:ad09:0:0:0:0:3
+dnsb.nic.wales.		172800	IN	A	156.154.101.3
+dnsb.nic.wales.		172800	IN	AAAA	2001:502:2eda:0:0:0:0:3
+dnsc.nic.wales.		172800	IN	A	156.154.102.3
+dnsc.nic.wales.		172800	IN	AAAA	2610:a1:1009:0:0:0:0:3
+dnsd.nic.wales.		172800	IN	A	156.154.103.3
+dnsd.nic.wales.		172800	IN	AAAA	2610:a1:1010:0:0:0:0:3
+walmart.		172800	IN	NS	a0.nic.walmart.
+walmart.		172800	IN	NS	a2.nic.walmart.
+walmart.		172800	IN	NS	b0.nic.walmart.
+walmart.		172800	IN	NS	c0.nic.walmart.
+walmart.		86400	IN	DS	34531 8 2 E09B4CCFA8A68B1D6A13042FA28A343782D0D1B4BF3E79C6A1415D3B2825B922
+walmart.		86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . EwTkjUgoTGLPGuXZAOEz6UFpfe8aJYDLj0A0v2bpXVWF3qd302I/s6twZo65XkGk6ZE9jtU8YStMHGhhJhObWPpCjTFPmslh+An1lCnukzRvcQzRC7uBsfbGDK84Z00XqNeeyZkNikQoqNU5Ohb+aIfuukxT3CvDLX3j20A5zL+xWy+FrOCF0Gg47tuQzVfUOUrvGbVpXGmKH9pAhg57ifF3jHwquqCmZXe+/3LedG1edYpmo2Z0woyZVX7Ns8Y7TvaenJ6va2m4zRUYjxvHjAROV12Nmzhi+0ZILKe7gT8qtfh41N2bR+pGesVTizeig34AFMUfKaNqgHPsGP6O+g==
+walmart.		86400	IN	NSEC	walter. NS DS RRSIG NSEC
+walmart.		86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . BPpWMUUsTIXNq+ohkeE9AsMpN9tMkWo/i2gMy/4f5TpDtwwuHRrxc6o+biRcTVhm5xbhNeHeyk9k/tb/uCvADqie6mh7i3z5ZYTw7h6ZT74G65TpaZFHvmTpIDZJ5cqy3HqUJu0J0TL2zh5+Qsx0GAN4KY2ZBhykEmaRd0HiRKu95GNZrT4RjJ/kdkMbwVfEfg88AyuL6HrlhBFXJ6+0Giacu/m0knHjnfQy/TuaZS72XBF7rjNXKUBmZFuSElORFFrmBfBwAssdyMLHqygOkBP5Jm8mGUm2FXIrl8T9cJxXnq+FHf/D3Ld8gMWAQ12W9B9wL5WFHEJYKBS6Oi1ong==
+a0.nic.walmart.		172800	IN	A	65.22.112.74
+a0.nic.walmart.		172800	IN	AAAA	2a01:8840:6e:0:0:0:0:74
+a2.nic.walmart.		172800	IN	A	65.22.115.74
+a2.nic.walmart.		172800	IN	AAAA	2a01:8840:71:0:0:0:0:74
+b0.nic.walmart.		172800	IN	A	65.22.113.74
+b0.nic.walmart.		172800	IN	AAAA	2a01:8840:6f:0:0:0:0:74
+c0.nic.walmart.		172800	IN	A	65.22.114.74
+c0.nic.walmart.		172800	IN	AAAA	2a01:8840:70:0:0:0:0:74
+walter.			172800	IN	NS	a.nic.walter.
+walter.			172800	IN	NS	b.nic.walter.
+walter.			172800	IN	NS	c.nic.walter.
+walter.			172800	IN	NS	x.nic.walter.
+walter.			172800	IN	NS	y.nic.walter.
+walter.			172800	IN	NS	z.nic.walter.
+walter.			86400	IN	DS	11875 8 2 D7E94CBF8078C9B30AC939B8C2E4106C510879B267A0AB93A4CC61CE7B72E193
+walter.			86400	IN	DS	53764 8 2 1CB0D022FC25C7247A551E0A02B46025D83DFD7185CC1F016C93494C471F0E91
+walter.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . RPrDlLQBJlg2+/hONIFDkx+FYCb5+Kmg7NYS4HyPv/3LSdvnKWeUqT2DhVEYwLBRY9TbLAfS8S6YTfoJ3yFdCuaEqdoZsLCGHgSB5PUrQGQ+aCwBzGRFaNfH2JiZKB8jFcRc0uGhbraV9pqK8ich51eKj0Uioyi5mKDoDyCg9dz+4k/PElaw7w8nXnUHtDSXpX5r2gE7SbpvSW0W43RELzg61qE8ohTHO+2unr83Fl9iDsUn1ZAqRAqHpsclTyhipRIHkEj3iLSv+5dVfa9rDR4eOBkRBUCyVg6QM8wpqQwFTzsUFKYCTorz5XO7fYjBba0eo2OapaaxwzpmMycRAA==
+walter.			86400	IN	NSEC	wang. NS DS RRSIG NSEC
+walter.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . gGIaD8h/9/CasLOMb46hJZhCsd18dbNsGy1Vv6wMDnMHOh2PQQYybDy5fKd+yCFHl+38NjAqIDIsrONMo/PYxUxX6xlOnUZMu6NpFFhqz3D8dJdIj2f1X9cbnlY17a7UaWF58wli7QIQTFWzc8cSzow1MT2P/oB0IcMBg7JX90yh0q5ciEPetOEl6WmLu5chvMd6rxAJI/VqgR7KM/DKwllc8v2KyH/tGnepSr3Vn6pYZHUFjmh5UhsVnrY9lL6Jsti+XAC0oZrnkXYqoKBBfJNSrjlDVGcU96faDkNtmbRmeCGxiygGFlpSQlpqwFfWmEihPt07TjRvQ8w2n7QM8g==
+a.nic.walter.		172800	IN	A	37.209.192.9
+a.nic.walter.		172800	IN	AAAA	2001:dcd:1:0:0:0:0:9
+b.nic.walter.		172800	IN	A	37.209.194.9
+b.nic.walter.		172800	IN	AAAA	2001:dcd:2:0:0:0:0:9
+c.nic.walter.		172800	IN	A	37.209.196.9
+c.nic.walter.		172800	IN	AAAA	2001:dcd:3:0:0:0:0:9
+x.nic.walter.		172800	IN	A	156.154.172.82
+x.nic.walter.		172800	IN	AAAA	2610:a1:1074:0:0:0:1:82
+y.nic.walter.		172800	IN	A	156.154.173.82
+y.nic.walter.		172800	IN	AAAA	2610:a1:1075:0:0:0:1:82
+z.nic.walter.		172800	IN	A	156.154.174.82
+z.nic.walter.		172800	IN	AAAA	2610:a1:1076:0:0:0:1:82
+wang.			172800	IN	NS	a.zdnscloud.com.
+wang.			172800	IN	NS	b.zdnscloud.com.
+wang.			172800	IN	NS	c.zdnscloud.com.
+wang.			172800	IN	NS	d.zdnscloud.com.
+wang.			172800	IN	NS	f.zdnscloud.com.
+wang.			172800	IN	NS	g.zdnscloud.com.
+wang.			172800	IN	NS	i.zdnscloud.com.
+wang.			172800	IN	NS	j.zdnscloud.com.
+wang.			86400	IN	DS	20969 8 2 E686EB5367B243E5DFD5C5FAADB23B0A52172B9CF5C72B28836BE2AF9402DADD
+wang.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . J+Ti6Km3CjkHs8lpznC4eb/CoKdaF7m6o9968ImRX42O+6LEdg6fGgfQ+cxGqGEASaOO42BmRlr1tXzQJufQcjJJ0kI+aZsnQd7CfXpt8yhSQ711+rA3hTVRzYjSbEDWWy9FBwKOSUBkIu9Ab3wX6LNipseMGZvXCwRcq/LHT5ll6BLqFEVIBqYJJ972Ld/4Yalwp3j02nRT9BY8ZrOwNdmAwRpdxvUbi0kLYPSBw/DZrviqL8WjHjdOH4pFzJwOlbtUuOTPnzFKfI3lUY8AzyJJm1ysQSaD/8WSDzwKSdym/EHLbFXuzZpgZmdthggKGnalf4DYAKUXYckouqX4NA==
+wang.			86400	IN	NSEC	wanggou. NS DS RRSIG NSEC
+wang.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . wpOumR6BgdlOu4objdFsiPcSadn+u6cArbkVhqU91BJLNzmZa9sAfrx2M7XkPFaJt6ieSeVFB/gygIGnIlOeR66UDChbQ16CAcO9OqyJO07AwuA9xmp8X6lf14H5aPS6TCghjfhoPCcCLQ7ZsyabWgMQ0VojkufoD8jIPn2CtgN7aWh8eL00VNeHVbldL8Xou3TRpFPGmyW/Xe2nypcndMIsTtuqT8Jb9zHS766HE2UNgpIKbU3zuyUCDK6AZPYsRADCfuH1GmcB+e43ka1zZ1B0DUobwFaduicF4YoOL+3VM7Ob2Kplo9VA6YWZaFrWt9lqYhi07lvAnhkdrrRVTA==
+wanggou.		172800	IN	NS	dns1.nic.wanggou.
+wanggou.		172800	IN	NS	dns2.nic.wanggou.
+wanggou.		172800	IN	NS	dns3.nic.wanggou.
+wanggou.		172800	IN	NS	dns4.nic.wanggou.
+wanggou.		172800	IN	NS	dnsa.nic.wanggou.
+wanggou.		172800	IN	NS	dnsb.nic.wanggou.
+wanggou.		172800	IN	NS	dnsc.nic.wanggou.
+wanggou.		172800	IN	NS	dnsd.nic.wanggou.
+wanggou.		86400	IN	DS	3407 8 2 AC4CB98B121B9214B4432A123BCE7930F5152BF7A496EEBD7602731AB44615E3
+wanggou.		86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . u0tvnsxpc0DFaoCcVKlAn0MvzDzl6H23S53wFrS+eAlzswmpop+rjlLC3mbRtT6RLdue7P412hyUhJ5aECdJWS2vOX9ZoGu4uyj1aGjaHhIWtTX7WcZIBTNR5Z2MKiVYav1Tu80HojX/lx3uFNDe4Cb/J2d+T4EBYRgQQ1CWTZCm0q5/IqjJWVgs9lJiHQ1wiacOWX4/YGiqqhR/B4ZVN33Ylqz9hVoSOl/dY7jBh5o6Gz8twUncUeZhn0o9AU1bZX92HCi29n6OzA4iK0ugs9naM+CswvEd/brGcdaZuY689TjJB7vMKu2J3cv9V6sxbtXYrYOA9/6xq9U78/yZeg==
+wanggou.		86400	IN	NSEC	watch. NS DS RRSIG NSEC
+wanggou.		86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . gHKDVAcylUo0wpOWfEt1DVIZqZ3GuK+0WETaJnuVjX8BwvcmEpu19Z0HUpFTsOUlUrCT6b3yICYdHz3d4V88IsNXcQ27GvBkts0RuiAhtMqtPW8yK0ocN/MgeBHKu1MMBslkNw8XHWKhomSpeQuq7XQAM9p29o/vbLiKVmY2c24iCXLbbXOtmCLf86aJVr7XpoXinONWEj7ibJyXbiIpy0gKDfWMHcfZ1NLkPGhqjUt9SmsHnubRbUziRb1ZPoTy7013/fiLtbJt+kqriUUm5R+9juk1x0RwxutqsYvw13dQ1yC1oaQiJ3Yy21Dfv3+AhumePdBIlLuvPDGa1LfZlw==
+dns1.nic.wanggou.	172800	IN	A	213.248.218.86
+dns1.nic.wanggou.	172800	IN	AAAA	2a01:618:402:0:0:0:0:86
+dns2.nic.wanggou.	172800	IN	A	103.49.82.86
+dns2.nic.wanggou.	172800	IN	AAAA	2401:fd80:402:0:0:0:0:86
+dns3.nic.wanggou.	172800	IN	A	213.248.222.86
+dns3.nic.wanggou.	172800	IN	AAAA	2a01:618:406:0:0:0:0:86
+dns4.nic.wanggou.	172800	IN	A	43.230.50.86
+dns4.nic.wanggou.	172800	IN	AAAA	2401:fd80:406:0:0:0:0:86
+dnsa.nic.wanggou.	172800	IN	A	156.154.100.3
+dnsa.nic.wanggou.	172800	IN	AAAA	2001:502:ad09:0:0:0:0:3
+dnsb.nic.wanggou.	172800	IN	A	156.154.101.3
+dnsb.nic.wanggou.	172800	IN	AAAA	2001:502:2eda:0:0:0:0:3
+dnsc.nic.wanggou.	172800	IN	A	156.154.102.3
+dnsc.nic.wanggou.	172800	IN	AAAA	2610:a1:1009:0:0:0:0:3
+dnsd.nic.wanggou.	172800	IN	A	156.154.103.3
+dnsd.nic.wanggou.	172800	IN	AAAA	2610:a1:1010:0:0:0:0:3
+watch.			172800	IN	NS	v0n0.nic.watch.
+watch.			172800	IN	NS	v0n1.nic.watch.
+watch.			172800	IN	NS	v0n2.nic.watch.
+watch.			172800	IN	NS	v0n3.nic.watch.
+watch.			172800	IN	NS	v2n0.nic.watch.
+watch.			172800	IN	NS	v2n1.nic.watch.
+watch.			86400	IN	DS	54769 8 2 DF912E3DD3FD5D0961CCD55ABBCFB99E3CADBA09FF443E3F1A7BEBAE400D57AD
+watch.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . QmvPmg79HkMiomSi6usiD9XSH1EEUkdCSQpLkABf0BIZH25FbIuhRoao7qPHvzwpz62FivLrJyVmJXWll9pSxQJThvGb9GZQCT7mpTPGBaQDrf4I8ZHbYnwajxIMeva7kRSB5nwj6LPdIlJka6PGCDDvljwxH6orhp9pKIZ72yludOFAf1+QOjg/gIR8zL4QPMD9NlnlMYCqjOVqKKV+w8b0+7cjvPqHy1OUMy0eGGxqunhNfkEN/5jWljyBYMzLZbeLjONvxKhGIZp+r/9uyM3dur4QSHMACeRZ5DuduEG5+bwNhPJmuv8Og7KQtNYREuNGR+5iH6rNexSLZQQHYg==
+watch.			86400	IN	NSEC	watches. NS DS RRSIG NSEC
+watch.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . mbZ3lpUCDj5XB5yhbV/711NHoGLBqg+WQmSJGiV44g9ibFAgtc2QrnfJecSySJKS5csZq6V0IgNChnWr7WbDtBHCQonzx92E60WlE/A9kh8p+OMgbsvucozcw2WgQ06bDl/F/sQKLd5kYCo1y/WNetobqSZilopVYB5FADetCwius3AO0gHZd9I4wKCdxCwNopHDsR+RvyKp7tnOdafCTpvlVvDY/c4TTpLjm0brSsJ+bO7G4mPT1gD77J/52QYohC6fNSWWRP6tdwihphMNqzHuPTiWnVbzV13kLFvN/oaMu4Ugp8lCazMPHTeSba65DTRw7vKaLnQ2NAEpReYn0Q==
+v0n0.nic.watch.		172800	IN	A	65.22.32.48
+v0n0.nic.watch.		172800	IN	AAAA	2a01:8840:22:0:0:0:0:48
+v0n1.nic.watch.		172800	IN	A	65.22.33.48
+v0n1.nic.watch.		172800	IN	AAAA	2a01:8840:23:0:0:0:0:48
+v0n2.nic.watch.		172800	IN	A	65.22.34.48
+v0n2.nic.watch.		172800	IN	AAAA	2a01:8840:24:0:0:0:0:48
+v0n3.nic.watch.		172800	IN	A	161.232.16.48
+v0n3.nic.watch.		172800	IN	AAAA	2a01:8840:fa:0:0:0:0:48
+v2n0.nic.watch.		172800	IN	A	65.22.35.48
+v2n0.nic.watch.		172800	IN	AAAA	2a01:8840:25:0:0:0:0:48
+v2n1.nic.watch.		172800	IN	A	161.232.17.48
+v2n1.nic.watch.		172800	IN	AAAA	2a01:8840:fb:0:0:0:0:48
+watches.		172800	IN	NS	a0.nic.watches.
+watches.		172800	IN	NS	a2.nic.watches.
+watches.		172800	IN	NS	b0.nic.watches.
+watches.		172800	IN	NS	c0.nic.watches.
+watches.		86400	IN	DS	61699 8 2 9110905C79B0C95933EB1F037A0D7A150819F1D1553AD89187A7849039A97EBE
+watches.		86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . CwyyuJ9Y6j/zLWpjXIP7fLzvZoaClB9koluCXTbQDkip+FBCfggg7FnZQUv23Q5nou66R11RgM5F9p2R0vdDwC3M6yy4pS/uoV16F1o5QdxNOhSdo7Es+8EelVT/lOCyJL2SVBg/VThOONK9WYqt3cDkehFnAPnUEcrhaV2g2TIiGH7NWJIdYt7iS4jCEeOa4BwaD6lutql9OLHP0CA9R/qbLUZ4cbXaDiAG13U/H142Ccr8MzmC4Y6TtPyGPMIEdxGYedhN/APkZ93AZIhMKDa8gveUG2yesggGpHSoU7N5sA1sTtiLwvRyPdCAWUDQLAMe0P1kFAwQQXLZIhvhVg==
+watches.		86400	IN	NSEC	weather. NS DS RRSIG NSEC
+watches.		86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . 0+muSe0s94hTUB8VqyeVf0v0aMidtoGFeOlhnk5vF2DGpGbKGF+hOMqYixQHEn/xsWDOrjpkPnnGsh4YxkKEY/LD/CPnkEaFshXTJl8JUOeXbG2eT3GgHBXILMOmfaPulF8dEAJCbEUCMpyd3tT5jQllMBoPi3swq2/4qNzxJBZqhdx/FjB01Uuvkyn7r9yTWEnu3TiBBZ5ay4issdTRNvCiP9/wNkCFeDyxI5WO+PQW5LAFISRr81f19bTCjKyr2q3tSwQwTn0QyTLB44fnB/Apor3AuVqp73eoScEVxJg9ovHF7YTnxvlPFEV/IPrOUxW/MIqAv3QuALbnX6XPGg==
+a0.nic.watches.		172800	IN	A	65.22.204.1
+a0.nic.watches.		172800	IN	AAAA	2a01:8840:c6:0:0:0:0:1
+a2.nic.watches.		172800	IN	A	65.22.207.1
+a2.nic.watches.		172800	IN	AAAA	2a01:8840:c9:0:0:0:0:1
+b0.nic.watches.		172800	IN	A	65.22.205.1
+b0.nic.watches.		172800	IN	AAAA	2a01:8840:c7:0:0:0:0:1
+c0.nic.watches.		172800	IN	A	65.22.206.1
+c0.nic.watches.		172800	IN	AAAA	2a01:8840:c8:0:0:0:0:1
+weather.		172800	IN	NS	a.nic.weather.
+weather.		172800	IN	NS	b.nic.weather.
+weather.		172800	IN	NS	c.nic.weather.
+weather.		172800	IN	NS	ns4.dns.nic.weather.
+weather.		172800	IN	NS	ns5.dns.nic.weather.
+weather.		172800	IN	NS	ns6.dns.nic.weather.
+weather.		86400	IN	DS	1249 8 2 96765E88A1B12CCE10C5C67934B10344AD4E5D63588E4B9D442FC533C8224F01
+weather.		86400	IN	DS	6439 8 2 F994E24AD5E878714E771FA57227EA081F681B270D9FAA5BA4CADE422EE1AA3F
+weather.		86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . xItCekUJCoTDWWL4XJ8l8JyZv+VqXw122J2pioujiHYmrj9N58wYgYwRZarLlskwo5tGHostmA7f9U5ZsWunXpQJlfjEdTmeGQ20gB4vxArZN/8WvKTBT4ChZwILIP+JtlxAeIwUkfkPOoUdajEAkt8/aqiBrnTtbCvxBIjMOAqqfTRzGV/eX/nWy4+fzJNHTscRcRds1CK/BtdxWYDSTs0gi5XVf+1NseHYQAkuBd9sYrhXSOvmyK3Czol2fiVo+6Ijau8dvHn6ZERjD1EcI5bE8ufY1EKEmyYttvMfelv7KdTUZIyfAfK4IL6dHKhDIm8/oHwr+waaHLCEdw33sQ==
+weather.		86400	IN	NSEC	weatherchannel. NS DS RRSIG NSEC
+weather.		86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . b+14N80DfQdAgxwH26IoSu45DRLWaa8yBDVWXxujm8TihS8LhjkhisZaxR6akGICjAaivreyKdL9ANPrMCLEDl6QmZRRRxhN6ZjpVScKZTjZo5e0dlAUcvl5RbT4JHVVxLIv3EAkdAkvPMQ6R2BOA7o3tojkoJC0q02mdP396ReX37j/aa1It641EPJQaqi7WIy7iSK8qfpKysQHb7X9JnZkRp4Tj9QbjHmQO+JOwRBxsQuy7caCy3/d8RRPBWcNnebbOqIxZpbeDoq9X09bp2TRHlBvGvaZPIvs9o+UIyo/5Ced4Id3ThiXcM8nNmRNvCyeuqr3C3ixMgkVag7COg==
+a.nic.weather.		172800	IN	A	37.209.192.9
+a.nic.weather.		172800	IN	AAAA	2001:dcd:1:0:0:0:0:9
+b.nic.weather.		172800	IN	A	37.209.194.9
+b.nic.weather.		172800	IN	AAAA	2001:dcd:2:0:0:0:0:9
+c.nic.weather.		172800	IN	A	37.209.196.9
+c.nic.weather.		172800	IN	AAAA	2001:dcd:3:0:0:0:0:9
+ns4.dns.nic.weather.	172800	IN	A	156.154.156.178
+ns4.dns.nic.weather.	172800	IN	AAAA	2610:a1:1074:0:0:0:0:b2
+ns5.dns.nic.weather.	172800	IN	A	156.154.157.178
+ns5.dns.nic.weather.	172800	IN	AAAA	2610:a1:1075:0:0:0:0:b2
+ns6.dns.nic.weather.	172800	IN	A	156.154.158.178
+ns6.dns.nic.weather.	172800	IN	AAAA	2610:a1:1076:0:0:0:0:b2
+weatherchannel.		172800	IN	NS	a.nic.weatherchannel.
+weatherchannel.		172800	IN	NS	b.nic.weatherchannel.
+weatherchannel.		172800	IN	NS	c.nic.weatherchannel.
+weatherchannel.		172800	IN	NS	ns4.dns.nic.weatherchannel.
+weatherchannel.		172800	IN	NS	ns5.dns.nic.weatherchannel.
+weatherchannel.		172800	IN	NS	ns6.dns.nic.weatherchannel.
+weatherchannel.		86400	IN	DS	7789 8 2 79D6DAAEFC15969665F10E9DE136425C117994C302F41CA70F1157BE61FB9384
+weatherchannel.		86400	IN	DS	47695 8 2 B2F90E6997386B0411808F05702D0F9AC00F5C0D129262394C86E1BA79977BE2
+weatherchannel.		86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . uxjVcpFj4x9foKqyG+bK3Mehwyg0Fs6CRKJYmCWl27wTtWXjU87jKeN5Chx8XOT4mDcpLfy/opTwaCUD2t7hWGbzbIIbp8sY39iKdmpvjOQ7pd0uRpuU+wklOKG99vnIvyA1qQKzujBup2JMNu7c2tiZNDcM32vHN+OLPFsL2IsagLPmg0osUJ3ewdd+uW89GgctMaKzTvnRJrhoH3kH9yZ2UE9s77TQVIIeMlatAUh6IqjenggcQcmzBJNox8IYbd04EzKuWP6nA7QxnI5TeT+v4xfcTALs66R52GhMrF4Zf3CACc4FK85WqYJoQ41AGgw2mTTEgU+D3W25B85mDA==
+weatherchannel.		86400	IN	NSEC	webcam. NS DS RRSIG NSEC
+weatherchannel.		86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . MHU1CuOTVip/eyv7kWekj21GUZDBp0hnmReF72Up2Pefdlzk+J2goNhC+VU38ryMuzRuWhvqasTitt8/7ToGHBjzZraCey9+PZ3SUkONuuY37pnHNI/MSacYYVsqnyoAxRP2MI417ZPN0szF54AMalKlJbVHmziQw8kKQz2LPbHwUbFt69CEfrAGv7AXWVry45uTGuo2lkBDpWOLc2DL4T+XV/+E3Lb2v+cXCR2MWEEtnhSkfi/WMv+fgIoPHiSc5FH3DYr/Qri9uAiwZgdDgvRLVDFPTKf6r0tCg6mzFLMQ3GQG79v8J57QO3Ca1iBhGzsd4gY1ePJEinIrHBbWLw==
+a.nic.weatherchannel.	172800	IN	A	37.209.192.9
+a.nic.weatherchannel.	172800	IN	AAAA	2001:dcd:1:0:0:0:0:9
+b.nic.weatherchannel.	172800	IN	A	37.209.194.9
+b.nic.weatherchannel.	172800	IN	AAAA	2001:dcd:2:0:0:0:0:9
+c.nic.weatherchannel.	172800	IN	A	37.209.196.9
+c.nic.weatherchannel.	172800	IN	AAAA	2001:dcd:3:0:0:0:0:9
+ns4.dns.nic.weatherchannel.	172800	IN	A	156.154.156.179
+ns4.dns.nic.weatherchannel.	172800	IN	AAAA	2610:a1:1074:0:0:0:0:b3
+ns5.dns.nic.weatherchannel.	172800	IN	A	156.154.157.179
+ns5.dns.nic.weatherchannel.	172800	IN	AAAA	2610:a1:1075:0:0:0:0:b3
+ns6.dns.nic.weatherchannel.	172800	IN	A	156.154.158.179
+ns6.dns.nic.weatherchannel.	172800	IN	AAAA	2610:a1:1076:0:0:0:0:b3
+webcam.			172800	IN	NS	a.nic.webcam.
+webcam.			172800	IN	NS	b.nic.webcam.
+webcam.			172800	IN	NS	c.nic.webcam.
+webcam.			172800	IN	NS	ns1.dns.nic.webcam.
+webcam.			172800	IN	NS	ns2.dns.nic.webcam.
+webcam.			172800	IN	NS	ns3.dns.nic.webcam.
+webcam.			86400	IN	DS	22450 8 2 E2447935904A4E1DA9F3695F56055A2132FFC565A4EA2DDCF22C5AAE0605A2FD
+webcam.			86400	IN	DS	55165 8 2 90F6B109EFA3C0BDEE83FBCE4F70284B66FB7E61745B4D78A11DC1923DB958BB
+webcam.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . HOFnEoc7DQGFlu9FQ1SkpJnfP7l9X5myHuPqWYBIb9qRmwvHJwb6WRWlGIrVL3/hEFS47+KB5W+li4Qrwcmj9xG1tsY9uIllIAVkFDgGvIBXbUmAboDxqDP2219BnYqTB5Zd/yiT0e2egGNHQSCoh7Ejpi3A2FNGNFvjhj/tUMYYGGU1ASLrTLs2W209cJBKGXEP6V7G7XSSPv/JrbEXNl9BmDfpydaT0PiXrHO2Oe0uRXIZD+YY/J0+vBUhetrEf3ziQPG4IiOg49xwhFrgwuoZ0nMY3HmAJe3Lm7XoX9EoKsuGgI5DPM751O0wRdl5hp2k0ub5Em2yb5jQxJAbBA==
+webcam.			86400	IN	NSEC	weber. NS DS RRSIG NSEC
+webcam.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . CEYhgkZ+ezjj5QXvSl4Ft+PKQ1/7DBaiWfIdbCTaVDpSl0HSUXL9vdqFIVSKD9aNUDxlcsH5YkAfVpLG+K//gS+x8YQXe5di842X8YOGyB1/D24lIgEl82LsOpRqSdePvbBGfiE9mW8PDbwAes8CULCNZwRLgWK47DaJUBCkuydV4YMLXml6IC07tzJQ9+FvEaJH9790tahH5/hxmegga60fJYQ/IuE3jf0q+O6pc3YUw+546AbxjgTgVuiWjGqQv/NH4FOfkvVm13qFoidRJ3eVIeTJm9kJg1BgmQmTlIXqxu+/mdWwTt3/dmB6Ub0nOiGVBhwhHmPYCKo5yZPpYw==
+a.nic.webcam.		172800	IN	A	37.209.192.10
+a.nic.webcam.		172800	IN	AAAA	2001:dcd:1:0:0:0:0:10
+b.nic.webcam.		172800	IN	A	37.209.194.10
+b.nic.webcam.		172800	IN	AAAA	2001:dcd:2:0:0:0:0:10
+c.nic.webcam.		172800	IN	A	37.209.196.10
+c.nic.webcam.		172800	IN	AAAA	2001:dcd:3:0:0:0:0:10
+ns1.dns.nic.webcam.	172800	IN	A	156.154.169.60
+ns1.dns.nic.webcam.	172800	IN	AAAA	2610:a1:1071:0:0:0:1:3c
+ns2.dns.nic.webcam.	172800	IN	A	156.154.170.60
+ns2.dns.nic.webcam.	172800	IN	AAAA	2610:a1:1072:0:0:0:1:3c
+ns3.dns.nic.webcam.	172800	IN	A	156.154.171.60
+ns3.dns.nic.webcam.	172800	IN	AAAA	2610:a1:1073:0:0:0:1:3c
+weber.			172800	IN	NS	ac1.nstld.com.
+weber.			172800	IN	NS	ac2.nstld.com.
+weber.			172800	IN	NS	ac3.nstld.com.
+weber.			172800	IN	NS	ac4.nstld.com.
+weber.			86400	IN	DS	32799 8 2 67F60D0F656284C11307FBC8402E280BA0E53D83F601EC4ADF2EB54FCA93AAD9
+weber.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . GDWojfd7ck1m6Y/YI4M6iOr4sRiS7N4F7dVE8LOcK0yl9Gkx+BkkCX8JuwopuN3RTKZgxo008HFI7o5/vlTVXmBYKXE1eRHj841bK92uFbefA7pceB9CKhbdTi1JYJTEr0mTz7NVO4vsmwyN/zr3TtTAjSNlb4OvYKBpel42J83w8/JI9fW3jzgDfuLvsaZ9EHGpv8lJDflnYfbOofCIs12MjmFDC5AMx0naKTB6wiOeVxXbntAZJrl20HRh5QdmNwRlkZ0n16AvbuWseaXNcyd08oTxAbIS1Xx8zt2tVxbloLVAqdscWWzjm6v53W0E99JlgMgUaR+MosJ+iCbDqg==
+weber.			86400	IN	NSEC	website. NS DS RRSIG NSEC
+weber.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . H7G+n5A4fb/EC37kcuo/aaaE82QaIcfPJu1EiFEm9Xf5tcjCd6QYd5wImJ/HiSnMchjF7UjvcwQm0W0KSghcUspKqWbgV66E7VIiABzGz335sY3SsrrteF0cWTr1wfFQu7r6RNLClOYvtOAZt7HC5k7A49cRa7SWUvZUMCji9ZCKUTetjvoPqAyg8crIFcOGybgE5A4uAeMdu+eKz7NO04RfsRXB6/shn/Z5OdorUYRTuPLEbmyDpwyHAfDp7icWd6WuTNPzb6Q3372FjWJQYD4ee9pfA1GJvfuQWt4iR6t+tqAvLsvUrP/Spe8ik2Cpe9ncmL1r7gwfvc6LpSse0Q==
+website.		172800	IN	NS	a.nic.website.
+website.		172800	IN	NS	b.nic.website.
+website.		172800	IN	NS	e.nic.website.
+website.		172800	IN	NS	f.nic.website.
+website.		86400	IN	DS	47815 8 1 34C5E08B2F09248A85BE31CD465DB919AF06DA90
+website.		86400	IN	DS	47815 8 2 CB5F31743F17C1C1641D7ECC4C7DC40217363645E7AC25C509393C6709D933A8
+website.		86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . NM/ZsgBss7tdNio+Qqx30+v0D1bj8bzia68NAWJZhaWi955VJDIo8PezchTQe2kSM3wlrGAxVqlPGukL9FdFMw0U8+jJqI8hspZLLVWeZSVMMI1YIXB83yEBLpMzsIBuY6xOACI+DGcVfqBNFD5N5YAQvzAmJvEx7gsdFGaI0j4vH9+twSKAMcpfrz7soaX4lN06ONR7y23F8NKOe1y13pHEuqe4gM49kYLiIJwqmC9VBP/6JyqH/RSgAwqsMpB9JkORETNgNtmBoaPNsvhTUAOA9pG1bzGhWITg3qX7VKbv1ueOGQytGAbvC9SiTPvQ28iM2zVwDp4mogL7KcBqPw==
+website.		86400	IN	NSEC	wed. NS DS RRSIG NSEC
+website.		86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . OVLhDLg81QCgZ6Ne4YRFvBAH7r346CXFBBdNaDPuO9UNJwiOiiPTeYNzBKYrmpu4EFV03J2Gx6b+whTy0wDYpU0nf/sYuuNyOUPAdbk8KetGqhv/ufbX2J04e6NEDYudPLeRB62scS31LX18t5Xe1GZQs0j5cOUGuTRkcArYJZ5lAc+lCrNtP4aWNk05U3Q7Cq9KQoPlDEmRUCF8OZHlmdGwPWl7tR3e/CBLsSqhM/e0gtGopfvGdkYDgoH/9FAhQxz28Cr2mD8Xf9ncakex1f8trxLg7JC/XCv5z5CkljUNRY9SueX1vnLojjH7A7S0jQqvcSbtvRolVT0DqwuBUQ==
+a.nic.website.		172800	IN	A	194.169.218.52
+a.nic.website.		172800	IN	AAAA	2001:67c:13cc:0:0:0:1:52
+b.nic.website.		172800	IN	A	185.24.64.52
+b.nic.website.		172800	IN	AAAA	2a04:2b00:13cc:0:0:0:1:52
+e.nic.website.		172800	IN	A	212.18.248.52
+e.nic.website.		172800	IN	AAAA	2a04:2b00:13ee:0:0:0:0:52
+f.nic.website.		172800	IN	A	212.18.249.52
+f.nic.website.		172800	IN	AAAA	2a04:2b00:13ff:0:0:0:0:52
+wed.			172800	IN	NS	dns1.emdns.uk.
+wed.			172800	IN	NS	dns2.emdns.uk.
+wed.			172800	IN	NS	dns3.emdns.uk.
+wed.			172800	IN	NS	dns4.emdns.uk.
+wed.			172800	IN	NS	dnsa.emdns.uk.
+wed.			172800	IN	NS	dnsb.emdns.uk.
+wed.			172800	IN	NS	dnsc.emdns.uk.
+wed.			172800	IN	NS	dnsd.emdns.uk.
+wed.			86400	IN	DS	60571 8 2 32ED00D841E724EAA980472283420EE9DE48905E1B04709E79FC418C08FA1561
+wed.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . U1VKPupMdPOO4hlB8aGyR4+yNVT/TYtAQV+xPGu6YApOLGJIH8iPFMrRiqmBpPQRJu6XymeWSU+FoGP3+3ndlAc0FCVMB9kRzmPmcbBG0r5opIwnzAolosBZuUZpMTS9nM9IVE0Gc2v5n2wZJ0eTeyjUxLY63kinnFIBbAATLm8CX9TH3+UCUhMCOo7J0Nu7mJ+8RpYk715X/6ubciB/Z3fJtQ9tkb6OQb9ft++ZHTZHAKK2hkbjeNmknoCjn48VBb90j1v80yIQ5OdPlOpRLnZJMyhS7SLVwQcl7W7cO3gv21j8pAwVbekaheIN8KD8tc9gLGfYMHw+HhTE2NfcEQ==
+wed.			86400	IN	NSEC	wedding. NS DS RRSIG NSEC
+wed.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . aJ6Fbee0SGJfNNdQtX/e+lSVU4ZqXSnJ32v6oZoJ7BRj369POiWaDWfqIABJEwgPCPXTWegb76SOJ0M3z387PzMeeLdiX3/yq0juPNFNVX7iJt92BB8gDpZlgmN2Kd3GwMxZ+TFCv2WTniFHBGt+LaIhf8xskaCameeFupj9inWbKQRLIGsbZS0FKIvJvBjA5lNG554Gkc27UMOx1nkPh0qKZDEh2YSybN2wXN/KyffZMytWXE9R9NpO9UkO+DP9ypCiErpAE3f749Q8+yaEzr1MZSojPSHf3YtA5ORQkY2xSVUYK/7THOY5dG/wgYf+boI/zbDa4SgvpcrknP6hpg==
+wedding.		172800	IN	NS	a.nic.wedding.
+wedding.		172800	IN	NS	b.nic.wedding.
+wedding.		172800	IN	NS	c.nic.wedding.
+wedding.		172800	IN	NS	x.nic.wedding.
+wedding.		172800	IN	NS	y.nic.wedding.
+wedding.		172800	IN	NS	z.nic.wedding.
+wedding.		86400	IN	DS	7942 8 2 6BCBB57873BAD3EF4BFC74DA093B04A5232BBC92C68579DD6776F326467510FD
+wedding.		86400	IN	DS	52771 8 2 4D92964EE9FD15BB3ADB2D0D06C44B6E0FF864F19AD1CED67AB020A9921F5460
+wedding.		86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . Th3kmIndyf0HNszX0Mfv5PmrbsYUk90zkZJfPh2732uSQ2RQmyWMcJAbe6Mfv5nkUuq1lRFRIqhkObzLc9j44DALZZZ/rKxMupvPS8F8j1/4sC0G6s62yQOXtdYhlBuiCWGQHngOl9leCS5lW/3C9+WzsfKIva+z6s5AMKK/P1N5DJ7km+2fL2VV8DB1lYMBzkdoIGJChGbrtWb5axfY/+wZy69u67l9l9KonxLcWU8wwOi3IRVYmxI1MIrYdwuk37kPInrhWGZZ4TvGBhr5DdPnXkKvKk93LqA8A7WMPXVGvIF9nM4yBlhHNRkRrKLBH+ApTQO81RHFFTEvdtkYUA==
+wedding.		86400	IN	NSEC	weibo. NS DS RRSIG NSEC
+wedding.		86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . v8XsLA+Jt+xG7JYI/rlHFXRKgk50MEs9LoDntc1Jzguje7rSSiS51pTAyFKvs113yfX6AGowGS+8FA+uMp6wofPGSm4EM3k/us7w+uyf4UB4wGvrOgwzgyug8urFK+zFVBqXsXZmg1NzBlOUqcjYf5CipYliFrP0NLl0LIfUMVFMSkpAxVdVmzoMoAWngBqDr8qy6dYSEfWrxEmpNcOabDXCOMl7C6me7CXsfTTYWQU++5jISGhNUWrr+YIoTpaV06I/6FG4UC+ATbABwX/s9DkkboMQCF2Vq4dM3cksaDUtDBwCFlPvnpXMA27SoAM+kUhm+S+1Pm3JLnP9uZGt6g==
+a.nic.wedding.		172800	IN	A	37.209.192.10
+a.nic.wedding.		172800	IN	AAAA	2001:dcd:1:0:0:0:0:10
+b.nic.wedding.		172800	IN	A	37.209.194.10
+b.nic.wedding.		172800	IN	AAAA	2001:dcd:2:0:0:0:0:10
+c.nic.wedding.		172800	IN	A	37.209.196.10
+c.nic.wedding.		172800	IN	AAAA	2001:dcd:3:0:0:0:0:10
+x.nic.wedding.		172800	IN	A	156.154.172.82
+x.nic.wedding.		172800	IN	AAAA	2610:a1:1074:0:0:0:1:82
+y.nic.wedding.		172800	IN	A	156.154.173.82
+y.nic.wedding.		172800	IN	AAAA	2610:a1:1075:0:0:0:1:82
+z.nic.wedding.		172800	IN	A	156.154.174.82
+z.nic.wedding.		172800	IN	AAAA	2610:a1:1076:0:0:0:1:82
+weibo.			172800	IN	NS	a0.nic.weibo.
+weibo.			172800	IN	NS	a2.nic.weibo.
+weibo.			172800	IN	NS	b0.nic.weibo.
+weibo.			172800	IN	NS	c0.nic.weibo.
+weibo.			86400	IN	DS	40642 8 2 930EDCD3B0036BCDEBF43862AD49F6B7486DFECFC2E42F769AB66F21938CF112
+weibo.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . 0p+i3P3/aGbzgnZ0cIsdD4n/zBipNa/C6WPFqXkeuuFappkv+CzUkmCE4y/y38pRkeVysQ9FprM8JS/jp31HNroPPyYklQ5iwLxIuqk7QjVWbKyJQPXJHWu/4HPqfbmk2o5M/oVSVRzFiWML/Oc+Mr8BXfn3d8rAToNjgbkqbit1cfi8xLuj2S04z/NfzDt5ioI/UfLFgnECYJMn/ladGEECR4caLwG0bfkUEeHIF8ODbiflvCT3ZHsdubIh5G8kKepCsqZYmVbaSC5MkTv81AoSuyhSBVI9v105b5b5340ss35gXT8Mh539p1Mzml6d9mDleRDe8H5LnMpj+t/3kw==
+weibo.			86400	IN	NSEC	weir. NS DS RRSIG NSEC
+weibo.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . O3z14v9hzDPbNppMFVruwC4mqPqnOrM56alkeXdyCo/zDirdgVU5OvT572AAWIwfoffwYZQZTrZ0JxHcUIlCh6MCSqM32cclGt47I/uH1fxp0QHKFnapbJKF/Rop75tCmKiFMBpGQMna4WMd8SiSCHnBJq7cL0aXne4lzeUcTNYTg2i+niDg18Hgr0X1d1i2NYWK7LFKc3uRJNILh1kXN1eiwjZFrwMUM6qyoiyQoupPFAI7zZ2Jgw4jl4K2sfnUY4hVEx2lxYUaBeRULC9BFlk1OKT7c//k5hbVWxmsA+JjhidZFWtcjD5KY3ejxxhvl8GtRptGmhR81wZJMGNfvQ==
+a0.nic.weibo.		172800	IN	A	65.22.56.41
+a0.nic.weibo.		172800	IN	AAAA	2a01:8840:36:0:0:0:0:41
+a2.nic.weibo.		172800	IN	A	65.22.59.41
+a2.nic.weibo.		172800	IN	AAAA	2a01:8840:39:0:0:0:0:41
+b0.nic.weibo.		172800	IN	A	65.22.57.41
+b0.nic.weibo.		172800	IN	AAAA	2a01:8840:37:0:0:0:0:41
+c0.nic.weibo.		172800	IN	A	65.22.58.41
+c0.nic.weibo.		172800	IN	AAAA	2a01:8840:38:0:0:0:0:41
+weir.			172800	IN	NS	a0.nic.weir.
+weir.			172800	IN	NS	a2.nic.weir.
+weir.			172800	IN	NS	b0.nic.weir.
+weir.			172800	IN	NS	c0.nic.weir.
+weir.			86400	IN	DS	7762 8 2 BFFFB5B824D7CC802BEB433840269CD57749AA46593C40B9967BFBA4C376FC6F
+weir.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . XWRU+aRUwPj3Hz2QlMNb0AHnw+vJXtktj1K1PahY1ml8oq2oQTmCO79Y2aPdZHxXyRWjjbaFHDB/+RhtfWQqoYzmf56nAH8VwKGRkX8gZ8updM9343RDqGu8P8bJHVPRODxEx+9DONeMmW4NKW6VyOoUEtjBS/opvFDMM2yWuJq17fL6vSm5waLp4dyzSiXZMTnG/vzkJC+5eo7vwmtJ/EqrDHvEjPmj7h+dKeTXsY8g9E2lOKacNNDg983Fcmde0voLsKdIcJNtT6i5ZpAmXmO7CVi7Aw+LjhsIYkc+eKSPsrdkFcLo0ThFeF+Ohf46LhDVs7S2xTkFxXo4Z8gzEw==
+weir.			86400	IN	NSEC	wf. NS DS RRSIG NSEC
+weir.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . DAUkaWPghAizBs4wpHbVV/ZB3mJH6h/6YWnqEfat6qEAhkA/lvfgJQSkURBjcXjhDVHsGqP8YvVECzdhcn67yvDAbnDrxc94w4ZbVzjCvhbHlp70HaBv+fXoHzG2JD/iAizETG+ByYpmFio1UZ/6QUU3wiyB4MFYSfki4VcCAxMBqQkh3e6sZEDQPigRnqHB0myXlWh+SQtTlu5B6gG4lA17xVbme5yMIWhl4Te1yVFeamG3tpG0wMR2CfvStK+Z+R/NOfCwVEtO6ZCI0ZsvuWzCRhCTfHRzQteXTdhd8Xdl2ay7zmyuZ8Ie+Z772IDLbWT5qg615Zs9ayMxgoUa5g==
+a0.nic.weir.		172800	IN	A	65.22.112.75
+a0.nic.weir.		172800	IN	AAAA	2a01:8840:6e:0:0:0:0:75
+a2.nic.weir.		172800	IN	A	65.22.115.75
+a2.nic.weir.		172800	IN	AAAA	2a01:8840:71:0:0:0:0:75
+b0.nic.weir.		172800	IN	A	65.22.113.75
+b0.nic.weir.		172800	IN	AAAA	2a01:8840:6f:0:0:0:0:75
+c0.nic.weir.		172800	IN	A	65.22.114.75
+c0.nic.weir.		172800	IN	AAAA	2a01:8840:70:0:0:0:0:75
+wf.			172800	IN	NS	d.nic.fr.
+wf.			172800	IN	NS	e.ext.nic.fr.
+wf.			172800	IN	NS	f.ext.nic.fr.
+wf.			172800	IN	NS	g.ext.nic.fr.
+wf.			86400	IN	DS	18393 13 2 C67316FA4C43D54D07C93074EDDB7914346C4132726A258CD2ACC3D4877081E5
+wf.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . agNW5rXOXuOs5P/sk2DHcjRRv0iFMeyxtUf8mjdHTFOhCzpLC4P3UfqaZlRnrUH0Qffn4sYZ5sjHyfBYocWqXADeylmiQ50iTu7vlienDMu9STpBJigal69YH535shNzEb26FWdYqWOKJj614VTvh4foUqAtA6ReqWcDBM8pYFciaBhn6o2MILnWu/yn5XC0hTVlwXOUCtU/CAVqPTTajz/d36VXM/beshPXbJ24PNmpA0tY323HBdLfiaKeEErTGUqPZfrF3+FiVOpr6DkjZOGAEgRUtYHqy3wZwOlXmj/jyNrydnGjZ0V1vXuxdABrCc+wHHVp6d0ouJhtApghRw==
+wf.			86400	IN	NSEC	whoswho. NS DS RRSIG NSEC
+wf.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . MmCyboMwRDYDB38+VfaeQOuinnrpsmepzyxJOKJDXuc8GVSJr8egWbyvk3T8U3rNDfaGLJLUZFT/HpnUfRcQQHz0ZhWyjNKXXgF2Q4M1kHFE6oChh5Tjz9vFBGF+qgwYSgiEmUQQBMcvAgsS6zN2SjCOm4j9pMZp3UmBiQDgpwp/JgV8jExjPEEzVFs3RorUdYmpAWQAizfivOK/wxROP6zR91SY2RUrKTUOt3asHvYjfgzUO3qkgbFmng5VDcBBRIQl5c6GJrOA2mWsIp0FeFrtiklR9B2KWBDHC/zaLhyOZnt/x85wW0+8wcFwqfrj0lILZs90K02XagY9mAHOiw==
+whoswho.		172800	IN	NS	anycast9.irondns.net.
+whoswho.		172800	IN	NS	anycast10.irondns.net.
+whoswho.		172800	IN	NS	anycast23.irondns.net.
+whoswho.		172800	IN	NS	anycast24.irondns.net.
+whoswho.		86400	IN	DS	1094 8 2 B35D9BCF8C51A71118E63F2D38A06E25418DB690DBABFB35F0CF9635959B5E5B
+whoswho.		86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . OP3VPRBLSXPhrOYorS1fC4HfxH+xFWw4SBd3QlQe5wuC7Jd96uyTxMTJzYfOt8RNDGYm8Eg84YsjbGzo6LRca9RwJGgEnwlCsV5Z6JDXsQ/rwOiCuo/k/Z9ivmIENA2UNv2FB/CbDkRX3JquJgG9kaHUoJir5htCXAsVOPnoveO9J3839mLMaCIo9YRdBwHV/eE/JwZKcT9sLF8AHDMsuwajh4JM1ZWMR10WG3duTTUynsQJjWDAMymu+Js+g49wLmh7YaHh+vMq/muxqaVV9DFK3+//ZfKp27WbOP1dO1Q5IY8hmXvVqto+Dq+FqFKEiGQdMl96189vaoWRDAoiGA==
+whoswho.		86400	IN	NSEC	wien. NS DS RRSIG NSEC
+whoswho.		86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . rGCS9iB/xzAG+Zwwfr7O1v6wKAxKgt7xNK+A9K72EX9YofPW8V01NX7o9crFpIPzvpHVj/qDbGx0iTT+q9o5uEJOjrgpz6C/wQ1kmxZADTCiT51vjodqhGDpYiZPk6OnV6+va22IKef2Xc9pDZVUEnMzCguSHs6bcBOOTLoa/wvAkL+2We0JtKU/iSMwEAgt3kGwvHJ+jcWsE61tNCggTUWVGXmsFRL6uruKqGlObVTNGU9jWBy+ip3zdgHTA4joRDpcIrZDa+NfdD075rb4a41rk51oD/1UfZWmSx7AZ0rea3eS5hCn1za4Ft/9+I1+kS37C888hFgnjR3ayExJwA==
+wien.			172800	IN	NS	dns.ryce-rsp.com.
+wien.			172800	IN	NS	ns1.dns.business.
+wien.			172800	IN	NS	ns1.ryce-rsp.com.
+wien.			86400	IN	DS	57889 8 2 E2AA9BA196C7D4F10A8320A710FC24AD4BC86CE362239C307AF3B875D5CF44C7
+wien.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . X/756FshiyfTuCwJJHI16eak9UP9BIx2UxH7jqdjgiRSWOx4WBXsDAjxPg84NwYIFGfx9pc3Aox+A4jJ9sb//wt97qpqadFE9T44zfSu+DZhbX648C8m3Qj8ZDNCNtxbEdB8m92FunAm2aszCCd+k2AM795xTOtafyRkLvezAZKnrKAkXNxJ0Ote/Ag5K/Yg8p1P5SyqW4N1M8Q+HIbXBGlELuF8hI/pNyaloWp92z4cy64ocMgEHVjScGvGEu9jlbHdTrsKWe9CBDlnrPPkkJwfJU8+9t0lk52/+GCaaULsM46uGJ8SYY1lE1OtfQcHdK2FXK+zwVtHwet8x5sU+g==
+wien.			86400	IN	NSEC	wiki. NS DS RRSIG NSEC
+wien.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . XQwi+zRmUROoAYde8s6FZGJ2rJUuv6E4WIT2fum/Sau1X/z2GD3HXyb+nnc2GYvHLl1sfUtoynBxurlYL0XH0t/NA0otaNdBkjnZei5Q3ppr0Rt+J/Gpy06lZtHrQQAVoPCNTtttMITuVMKfe/nUrd1ZY5fgb13oxooRCQoZyobeJ/BfH4A5K7OSleMTXXes5LLA6z0HGz18GvoneRH4bcax83jHoqglEZa2Oo59Uw9LFVyKM7F8TeBBDWxf2IkHQ2dCNF2Kv7kkQ4CEAMc0iNrc3KAVivZUcv7WiFnaMtPpR2sWQbvmSf4itpgOHzt2ng8gwqIXHOzrKxRt1a2plQ==
+wiki.			172800	IN	NS	a.nic.wiki.
+wiki.			172800	IN	NS	b.nic.wiki.
+wiki.			172800	IN	NS	c.nic.wiki.
+wiki.			172800	IN	NS	x.nic.wiki.
+wiki.			172800	IN	NS	y.nic.wiki.
+wiki.			172800	IN	NS	z.nic.wiki.
+wiki.			86400	IN	DS	10870 8 2 3C2CA6A68BE31FD1222EB66AAA693C6C4991E6F8737CA62B1427B3C9E3E67539
+wiki.			86400	IN	DS	27157 8 2 C72478A4986A5330FB21A2E427823553131D70C399DDBCFEDEE395103CA8543D
+wiki.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . wnqbScGbOwkJnH8tRobcn2lXgsA+4To8VFNiXviKcnq/P431a2Ci+zqdSOatsxD8d9nA5/EzJuHvV+ph4snLu7LGew7FxO4o3Ymto61i6gj1Pz2ivV+sbMshA8mCGIDtXG42A4rRdbtgmEqFa3Q1AEo4LPhzUnKf3kaZd7HGm2M1K/63CyBroZlqLV5OxqSTQ/ObGLnU/mOFi8Ha+U0fEvyuks7T+OXT5jYp/lhWzLZ34ykjSPWpCSJUJtJw3KRMfz5u2O+6/ZuJxoFJfCI3ng0ou8hp7rCaGU2XgThiizn64XmLsMbGvyk2XVxETLgcOiM0h1uDGMTNGzCy+DuJkw==
+wiki.			86400	IN	NSEC	williamhill. NS DS RRSIG NSEC
+wiki.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . si6GnPAJOOCS9sOEsfYxkXHmGxDBnZnpn6sKMMG15OzmIDIH4+wnUsiCkiHf0lbZduG6tXuHgAaUKSEvqEMcmVLIuWceyIrFIvxdu+6PRT+TeJb0nbNvDOCP4FPN60TG1W2bbchto7qz/uu0Eb1vfy/bac126zeJ4y8TI8Xilb1owJsKpWLY5t3ySq2S0IfkK01IsfABYRV8wMqePdysnSOEl68gfzBah8R3JuP0TbXlPaS8lZ2MIPiVohX48uAxJZIWBT45RJQVWcjPX38PIFkWOUlPIO4pisXpbkOnWT8JUGX4PrFWMhWK5obaWu8t239jZofdGLSkBLDysMfOog==
+a.nic.wiki.		172800	IN	A	37.209.192.10
+a.nic.wiki.		172800	IN	AAAA	2001:dcd:1:0:0:0:0:10
+b.nic.wiki.		172800	IN	A	37.209.194.10
+b.nic.wiki.		172800	IN	AAAA	2001:dcd:2:0:0:0:0:10
+c.nic.wiki.		172800	IN	A	37.209.196.10
+c.nic.wiki.		172800	IN	AAAA	2001:dcd:3:0:0:0:0:10
+x.nic.wiki.		172800	IN	A	156.154.172.82
+x.nic.wiki.		172800	IN	AAAA	2610:a1:1074:0:0:0:1:82
+y.nic.wiki.		172800	IN	A	156.154.173.82
+y.nic.wiki.		172800	IN	AAAA	2610:a1:1075:0:0:0:1:82
+z.nic.wiki.		172800	IN	A	156.154.174.82
+z.nic.wiki.		172800	IN	AAAA	2610:a1:1076:0:0:0:1:82
+williamhill.		172800	IN	NS	a.nic.williamhill.
+williamhill.		172800	IN	NS	b.nic.williamhill.
+williamhill.		172800	IN	NS	c.nic.williamhill.
+williamhill.		172800	IN	NS	ns1.dns.nic.williamhill.
+williamhill.		172800	IN	NS	ns2.dns.nic.williamhill.
+williamhill.		172800	IN	NS	ns3.dns.nic.williamhill.
+williamhill.		86400	IN	DS	34804 8 2 A9905AEA06276DB0257B1964B05D99AC5CD6F787F1D02EE138166730B8447E0E
+williamhill.		86400	IN	DS	64624 8 2 97386EC38FAB6B1D4F0C1BCDBC8F670D92A474996EDDCC24786A028A249E2C23
+williamhill.		86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . kuukKagQMjfuJCvPDd15UEUmSm7jqVV/Od2VyrcyV34riicmwH41j7OoX+rqRqHmQ3K1qn+UqgFoNV/M+R39N/RHKQA2GMJwlGW/mNTmCwXoTskJGrGYQ+O1idmCXtZqk2OK0fPpsJCV5HagE+M4azP5yqF/pLbL5wll3/zFaMVlxjFzOj+Laq+y20Ud5UAFCPuED/7D7soBO6IMItJt4vs1ytvOsCTLh3cVaj4T04tNZ2QcIUjzuSpPO3E7SNvfJfbdMrGfzeXRz5x/ICcm3jXCfYVd6/YdjnqYez9cGC6UYUtjLQ7bmOoYSu34ZDri8dKE9Tay2YeaNLVm8VYscg==
+williamhill.		86400	IN	NSEC	win. NS DS RRSIG NSEC
+williamhill.		86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . gBXF1C/q38dlQZ+3+HJvn3S565757tAr0Av5SeXkt0MEjuKOfpMUGp9RUyUM6av//tGtXlQZCGeXnAQAq2eVgmtZat/+IeQknEP9h6czmMUklrmvYiRQv4O4huPoRpwzlJ7dCfH3Nyyh9kIaDtB4k9wiegIMvREnG6ACjZM7QM5sj4koK3Elzt6CKOb2LDuNveqmseX4SLIMKdwYbcDziwen3QQb+0IGiFjcQIuTuyKkW+6HRlOElI+ymNOzv1+bIzbpoSozbi3OxDvlywwIDlki8s4kIxENlkcbwjLAIJeWJz8yK4BlOfuBSyJhZkJbrPPl58KQ02qRBvDrdnV3Ng==
+a.nic.williamhill.	172800	IN	A	37.209.192.9
+a.nic.williamhill.	172800	IN	AAAA	2001:dcd:1:0:0:0:0:9
+b.nic.williamhill.	172800	IN	A	37.209.194.9
+b.nic.williamhill.	172800	IN	AAAA	2001:dcd:2:0:0:0:0:9
+c.nic.williamhill.	172800	IN	A	37.209.196.9
+c.nic.williamhill.	172800	IN	AAAA	2001:dcd:3:0:0:0:0:9
+ns1.dns.nic.williamhill.	172800	IN	A	156.154.144.181
+ns1.dns.nic.williamhill.	172800	IN	AAAA	2610:a1:1071:0:0:0:0:b5
+ns2.dns.nic.williamhill.	172800	IN	A	156.154.145.181
+ns2.dns.nic.williamhill.	172800	IN	AAAA	2610:a1:1072:0:0:0:0:b5
+ns3.dns.nic.williamhill.	172800	IN	A	156.154.159.181
+ns3.dns.nic.williamhill.	172800	IN	AAAA	2610:a1:1073:0:0:0:0:b5
+win.			172800	IN	NS	a.nic.win.
+win.			172800	IN	NS	b.nic.win.
+win.			172800	IN	NS	c.nic.win.
+win.			172800	IN	NS	ns1.dns.nic.win.
+win.			172800	IN	NS	ns2.dns.nic.win.
+win.			172800	IN	NS	ns3.dns.nic.win.
+win.			86400	IN	DS	29737 8 2 980F7CD5E938E5ACAA28B0B9A3A1504AC3839B3919CA6FDF9C3523675D0FE875
+win.			86400	IN	DS	49585 8 2 4466F9D8D5814557B154063E5B82925059115249B97F19C8B091C6CF06407D57
+win.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . PRy0yrOdvU1cqDUN++hiLE13sud1fK6URWKEjK439j2t/3pm1eELnxWIF7c8SuV8x5iedLfM4BP+5NyCS78ayMYp1sxUZMAvqLU3LBC6LHnBM5zT+IcXLneNc38dXF2kKDnhQ+mSNlnhwl/OWW3Cs9kcZVF8xPRG3Fr0gNDsHQk5DsRDU+CzLMa7WS7jdmpud9xmL9aO7RJ1kx22nOTT7CyBPMwCnasWM0NbblurlcF69IF3K0WzXNigGpBVHNZRlvWyLzCZ2OKErsCw+q4u1UfDCPRKkwn9s0E6DlH5rkhMYopEA0ROyX/aMLxKnwy5Jf+aKvLySigHg7k5GrD4PA==
+win.			86400	IN	NSEC	windows. NS DS RRSIG NSEC
+win.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . Xhtazkl+eFzuJxPm40pNgF49ZpK/PBieRUilxzD2ZfFkB1wusENrJb+OAUtChcvA1qZOm54qw18OQgc+uOU5+2iAhqGflQThxuDkTY7TMuvT3upegeVkh6o/MRe5w00GufPGO7vu07JvNzARA4Hn4oDiwIKklDBcmwUuUfSXt+uwMqSAnspcGkod4baI2scf2SYI9pS9wLxlhzIFSDqw8d5v8P716/oAttILQOEMZUezWyBAqp7MiZ4sAc5RVXeA7ZxzoQRGC1crsZknHue1fVxE8gko66d9CNdvuZc6MTcMYh7ua7hpH6de3zNp3qF7GRRrTBlChBfaSh4TRTKezg==
+a.nic.win.		172800	IN	A	37.209.192.10
+a.nic.win.		172800	IN	AAAA	2001:dcd:1:0:0:0:0:10
+b.nic.win.		172800	IN	A	37.209.194.10
+b.nic.win.		172800	IN	AAAA	2001:dcd:2:0:0:0:0:10
+c.nic.win.		172800	IN	A	37.209.196.10
+c.nic.win.		172800	IN	AAAA	2001:dcd:3:0:0:0:0:10
+ns1.dns.nic.win.	172800	IN	A	156.154.144.182
+ns1.dns.nic.win.	172800	IN	AAAA	2610:a1:1071:0:0:0:0:b6
+ns2.dns.nic.win.	172800	IN	A	156.154.145.182
+ns2.dns.nic.win.	172800	IN	AAAA	2610:a1:1072:0:0:0:0:b6
+ns3.dns.nic.win.	172800	IN	A	156.154.159.182
+ns3.dns.nic.win.	172800	IN	AAAA	2610:a1:1073:0:0:0:0:b6
+windows.		172800	IN	NS	dns1.nominetdns.uk.
+windows.		172800	IN	NS	dns2.nominetdns.uk.
+windows.		172800	IN	NS	dns3.nominetdns.uk.
+windows.		172800	IN	NS	dns4.nominetdns.uk.
+windows.		172800	IN	NS	dnsa.nominetdns.uk.
+windows.		172800	IN	NS	dnsb.nominetdns.uk.
+windows.		172800	IN	NS	dnsc.nominetdns.uk.
+windows.		172800	IN	NS	dnsd.nominetdns.uk.
+windows.		86400	IN	DS	31600 8 2 8057ADBDC309CAC9CDB987F477B7217B15C88D0A7F84E3B9BA5AF412D24B60C9
+windows.		86400	IN	DS	44526 8 2 F6DDA2F2E3E99E70C47F0393F0154D1641435ABDF20E5E5C0A8416C0DA34A922
+windows.		86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . XqgdGQNmDXFml2DHdR4MV+4esN/a6RPSbHknHntyW5T6qaw/6hinY/8D59SacEJwIuM9gwjH1dKRjOZMtLqGPvvE/8jt+kqvX/aCbExmdoQu6VZhPhWdKZhS7ccwezlQ84rVg1v54HHiH/Q2FXW2iEF0XEaMX9DBHXq3TIPXNuXlHdZggTczEkYyRPX38lnD/4FhJRFxnl6I7CCExe8lRoLjG85GtqqrXTsSHqgmNPHc9At2dS8VpIQHdFNqACPZwgFNZuFCkhvdsJQXQZZFtLeSfR1Q0bd67CxxJ9fQbWCYMSWyxJ/so9hSyw8NM4tYc6HUoLFJpEOFLJ3ndECcBA==
+windows.		86400	IN	NSEC	wine. NS DS RRSIG NSEC
+windows.		86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . v1YnsIrAvxPg1O2xVm9VflsTq0N+v5EgvU4WNuWeRIJQ3H9k5Heyj4kY6XDhhJKkVKozvbpBUAFH1WNzJp+lFaFkBWv0svG2Ts+4MHNsQ65dT8KgBrXGS7eDMJtEKQ4XBP+gD7RNFsDvEfhxlNw+cNHL6mj3rNRxJTgEcXcnvi4VDvogqQSdUvjbpZTBaUTJK/c6p38hjx/r3swHxPNOdvbsR5uewjrGKoYhrhKFx7Z0xttpgXNxXWk6sW9GsokFZ5Gc+wUa8lW8vhejHaWQSpSqaMpYbdFGCT0kdAI99yHrujBJ7ieccQ67dbILPINatgxDd/j/mqJ4Z66IrUiEPA==
+wine.			172800	IN	NS	v0n0.nic.wine.
+wine.			172800	IN	NS	v0n1.nic.wine.
+wine.			172800	IN	NS	v0n2.nic.wine.
+wine.			172800	IN	NS	v0n3.nic.wine.
+wine.			172800	IN	NS	v2n0.nic.wine.
+wine.			172800	IN	NS	v2n1.nic.wine.
+wine.			86400	IN	DS	4210 8 2 16016CD0C2432421B72D072422278999C3C2772353E3D5214D25BE24B4D521CB
+wine.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . TRPNAjZd3rrOSjhJvZzbXQUItT91fu/ct5Qejbx7Y0oMkxwZjNNUiskMGcjQmjxc8RYv/YGzy3VMt0Y/trbXd7JzQF5IVm8pRdpjAkBFnYZ4M7oKx2zvhiG6vkX7krQ+kVsv1aNHfgXhKboIWie/P5biUmRn+GLQ0acqGdAMqN8OFDZc8R/+GDCj6C5FbIstTBB6Q16fmiiY84aHAx9m/asuK+B+TPtNyUUVlRLQZJbhs+uf9MwT8qtwkvzZDFUsfcPErnQSeRUIQ8k8+1/iTaBMFMuZh0XiY33sr7Q5SvlrRHOQGh1dfWWlaxhE+vQwtslrWMCVVGki8gZfdDUKvA==
+wine.			86400	IN	NSEC	winners. NS DS RRSIG NSEC
+wine.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . Fmu2iDspUXGxFA/fyUJuIS/q8iRJpOLIPQAotqVO1wpaGg/Z6c9mHoA54wIKK1UMpazCfG+8gE2VIn3eoDeGyTgn+qLeTs5r+SWqWtxH4NyHGQJHwmz72l2PrUPXYD5IY4JjseFIQue5IaQpWuq2zFJmArpcq8d+iPRWebCTaYcSW/QW8Whd6Xzbc5I69gMGMuE5F4ilmpRib4Sdgjmka8BlYLtSnsmzgYQnXfBz7j2c84s8sZDedxcuWuehNt0Cih8e8VLbgpS4waHhZTft+XqnuNVY7uLg8DgTaNTWFiezPrKs0tNSghpHSREWM5AAXJWQB00irg0ChXYqcM/Gbg==
+v0n0.nic.wine.		172800	IN	A	65.22.32.11
+v0n0.nic.wine.		172800	IN	AAAA	2a01:8840:22:0:0:0:0:11
+v0n1.nic.wine.		172800	IN	A	65.22.33.11
+v0n1.nic.wine.		172800	IN	AAAA	2a01:8840:23:0:0:0:0:11
+v0n2.nic.wine.		172800	IN	A	65.22.34.11
+v0n2.nic.wine.		172800	IN	AAAA	2a01:8840:24:0:0:0:0:11
+v0n3.nic.wine.		172800	IN	A	161.232.16.11
+v0n3.nic.wine.		172800	IN	AAAA	2a01:8840:fa:0:0:0:0:11
+v2n0.nic.wine.		172800	IN	A	65.22.35.11
+v2n0.nic.wine.		172800	IN	AAAA	2a01:8840:25:0:0:0:0:11
+v2n1.nic.wine.		172800	IN	A	161.232.17.11
+v2n1.nic.wine.		172800	IN	AAAA	2a01:8840:fb:0:0:0:0:11
+winners.		172800	IN	NS	a.nic.winners.
+winners.		172800	IN	NS	b.nic.winners.
+winners.		172800	IN	NS	c.nic.winners.
+winners.		172800	IN	NS	ns1.dns.nic.winners.
+winners.		172800	IN	NS	ns2.dns.nic.winners.
+winners.		172800	IN	NS	ns3.dns.nic.winners.
+winners.		86400	IN	DS	44842 8 2 E0735A12E87E2C61DA2A863567D0D12D3754B2BC42237C53F08280F833F9B42A
+winners.		86400	IN	DS	45580 8 2 7A66263CF952160C86B31C0B85AD2D1D79E290C8C506F45ABDD807A6EA4D3BF9
+winners.		86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . f6qw/Goe9JNdecSw5R3mf6avxFvvfVn68GjI2L+vcGbnGzAU410cBIZXqR8GmtmP+CAQ6kI8Dv6ecPDw1K5vWxYxcgFxkE7TQBiMPzN/adgSOv4PFTFX+2fcyHfdlPLzNWDzGdxZjmFSZTNyRmLigxVy3wYDEi/wWtOw4VzB4QANVL+EjcdsIK5s5wwq7fjQtNCGYKx0hoc1ehniSg/4ujMO4uZq7Si9kapyAhVmbNi+7WEiftSJUHW74Qi0kedzA//YBI8z/k54wzuDF9ha5eLrz7GTMq8f/xLNqq65OAEaS2blmVIT2AjdDNR7bSekbaR+swVquVPrNPNORL8Kzw==
+winners.		86400	IN	NSEC	wme. NS DS RRSIG NSEC
+winners.		86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . pvjWVA0qdaTtRvY+no4V2hDCOi6g3mnXNOs+IMNEXvzjaDZPCAQKkzn+8x1dugCXZY61h1FIun+iGWuCoLKltJt34Jb/c1ofB6rl/MNLAjQQZN7ADfFdJKa7J/0yzKpMabBCC9Jtdtift9T0Ii1FjocWa1bKut6tq3I5blcl4UvfUXW7PfMEOJV0WhKYyrEE902H3clmZleDxJcLeIjvGbCMaIQtCgQGNmQPQoOoxXXt6U+n2auWKawHR/zOs9N2mfbiecbpUs12htCRKTz+EI46mtj9yK1MQeLCwm2pRiKiZ9aNc1k8Uyjqma1shewU9PgpwpnbyMmab+UcWewwRQ==
+a.nic.winners.		172800	IN	A	37.209.192.9
+a.nic.winners.		172800	IN	AAAA	2001:dcd:1:0:0:0:0:9
+b.nic.winners.		172800	IN	A	37.209.194.9
+b.nic.winners.		172800	IN	AAAA	2001:dcd:2:0:0:0:0:9
+c.nic.winners.		172800	IN	A	37.209.196.9
+c.nic.winners.		172800	IN	AAAA	2001:dcd:3:0:0:0:0:9
+ns1.dns.nic.winners.	172800	IN	A	156.154.144.183
+ns1.dns.nic.winners.	172800	IN	AAAA	2610:a1:1071:0:0:0:0:b7
+ns2.dns.nic.winners.	172800	IN	A	156.154.145.183
+ns2.dns.nic.winners.	172800	IN	AAAA	2610:a1:1072:0:0:0:0:b7
+ns3.dns.nic.winners.	172800	IN	A	156.154.159.183
+ns3.dns.nic.winners.	172800	IN	AAAA	2610:a1:1073:0:0:0:0:b7
+wme.			172800	IN	NS	a.nic.wme.
+wme.			172800	IN	NS	b.nic.wme.
+wme.			172800	IN	NS	c.nic.wme.
+wme.			172800	IN	NS	d.nic.wme.
+wme.			86400	IN	DS	7259 8 2 E7CB7561099040DB08978F7696320DDAF323F52DDBF951FA5F4C44B2F34E38BD
+wme.			86400	IN	DS	60194 8 2 A1D20932B733059C4BB7E989FDF75A19A787EB186CE2DB5648B1560C1DB54495
+wme.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . aSJsOKy1TBLd/pussHrNyl+IRUD9K11P8O5F533kNXNCQgMrxmBe8Tnwk8jY556fkaBrIDJvaDzSTvuIvtek7Ep+MJYBCvxbKfvavpwEaJktkur5jag/SHWpfPewJcb7pNgEuy/3Bq5TAOTG9CcPEmubiIDiBvw8Tc8W1bXBrJWnkSow8ifc8wXBTrVorE5uK/ki55B/aa30WGZaI577rYr2V3nJDEast6A2QpDXgduZpjbdC7MCHXvu63kHpCG1kZpLY9Ppr1YtCigS/VDos0Lt4S+d/7fJyjNmhxEYOS4fB/ObtrsLQ2IeVmBjyjOtqkKa3vlhqgyY91TjamDUEA==
+wme.			86400	IN	NSEC	wolterskluwer. NS DS RRSIG NSEC
+wme.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . FuY9T/ThlZzG4QIncANvYr+4ZAhQX56mwED5lm/m+mgbg+7YP+JD4j30kx6xtvrDxElMAfnqoyRXrcO8XyuS8qr5hfX2EeRTRZabxHqGbGkDvnQ84meDvBOXFS5ztF97fN3z4ebf4BrvDVrgre9LmV//D/bN/Wva9J8s4xVH1LR4PsiZQI4Uq81ar9ajTmxTP8n9HhS+91OzuVqhXTrWSTe1JQKbg5sZk+5vhE0t3oteme3TghNMs6ZTDkhBjYIPvtWxhJ8gagiezqCNPmVHth/aRa/VkNu++vg00N7+ntqpX2KcmxWt/5eb7wySehqOBITS4J1Z+FxN51BzyV2hAQ==
+a.nic.wme.		172800	IN	A	194.169.218.31
+a.nic.wme.		172800	IN	AAAA	2001:67c:13cc:0:0:0:1:31
+b.nic.wme.		172800	IN	A	185.24.64.31
+b.nic.wme.		172800	IN	AAAA	2a04:2b00:13cc:0:0:0:1:31
+c.nic.wme.		172800	IN	A	212.18.248.31
+c.nic.wme.		172800	IN	AAAA	2a04:2b00:13ee:0:0:0:0:31
+d.nic.wme.		172800	IN	A	212.18.249.31
+d.nic.wme.		172800	IN	AAAA	2a04:2b00:13ff:0:0:0:0:31
+wolterskluwer.		172800	IN	NS	a0.nic.wolterskluwer.
+wolterskluwer.		172800	IN	NS	a2.nic.wolterskluwer.
+wolterskluwer.		172800	IN	NS	b0.nic.wolterskluwer.
+wolterskluwer.		172800	IN	NS	c0.nic.wolterskluwer.
+wolterskluwer.		86400	IN	DS	58234 8 2 97DCE05D28C78AF0B76524DF031D5FAD0E1901B5AE12515BE48FC758AF56E473
+wolterskluwer.		86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . s7CNw5tCWRuUD/E/z5p8kGvhr+hKA0irii9tF8Cp5RykGzd3NKztXtIV9ieIJYnsX9//0Fd3/ZPrr6OEanfPqSueABsI7iXQXHOPoIWABgOyWzdg3Frd1BYhOHqxLUaiScu6EGFpwFVekXq+9fQOcjhe2Gf4Sqrsmy4YGujzta0WvPbJ8DYpaX/1o7smW3svoiIjMu/EXDhk0xOjKyF/9u2vKnQWRwd5glj8buGh0jeNR+KJTTJQ3td7qKif+gzNO3c/Y/9FlYfcmXh95VfqTJI5aQfshDLbkEqxAKGfWOFFlqII/H/pqiAXLOIFmHF7FBISdZTWlULbiHT2j3w8uQ==
+wolterskluwer.		86400	IN	NSEC	woodside. NS DS RRSIG NSEC
+wolterskluwer.		86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . sV9xbYdXIg5pXh73bf5p/cdj4QYx6vNqkVQYhpMd7T2mYHc0L+64qLkEgGbF3Qji3q+0UjPjkaJa9VYjiNRbDxKjHgRDgtujwgkk8TsLfPC1UQpl+5ws+jcY9+0Ve543QIxlSNuTgpg8yDNc3akkhxdRmWJrsiTidLgv5KLq9W/s5ZbLNqzgDVIh1i/9LFKdxlGJFAew3vAzckgYn4wLdPwlurW4+LrIqjSpKn5BC7uXoVzqEOqee1T4wGUrb0ydD/4G65lvDXlTuelL9iArp5K0yIFV3V6loAzj2wh118We1oy23b7Z7wK0fBUtGR6cYI5CzHxaYisY1Pp5lySZfw==
+a0.nic.wolterskluwer.	172800	IN	A	65.22.204.25
+a0.nic.wolterskluwer.	172800	IN	AAAA	2a01:8840:c6:0:0:0:0:25
+a2.nic.wolterskluwer.	172800	IN	A	65.22.207.25
+a2.nic.wolterskluwer.	172800	IN	AAAA	2a01:8840:c9:0:0:0:0:25
+b0.nic.wolterskluwer.	172800	IN	A	65.22.205.25
+b0.nic.wolterskluwer.	172800	IN	AAAA	2a01:8840:c7:0:0:0:0:25
+c0.nic.wolterskluwer.	172800	IN	A	65.22.206.25
+c0.nic.wolterskluwer.	172800	IN	AAAA	2a01:8840:c8:0:0:0:0:25
+woodside.		172800	IN	NS	a.nic.woodside.
+woodside.		172800	IN	NS	b.nic.woodside.
+woodside.		172800	IN	NS	c.nic.woodside.
+woodside.		172800	IN	NS	x.nic.woodside.
+woodside.		172800	IN	NS	y.nic.woodside.
+woodside.		172800	IN	NS	z.nic.woodside.
+woodside.		86400	IN	DS	346 8 2 3C0F130C65367A18EB0943151D1678C687090B6ACAE1432D4CBE7585AB6745CF
+woodside.		86400	IN	DS	38707 8 2 E4254780378E282920AE5D44E210DA28BF5D7FADB0AFCA33E400B74C5086DDC0
+woodside.		86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . qsPUmiz08q3ZzMM5aSEbMEd2Dwtg/twZzd7LJLHyBY/mdi9eRTAxyINJWhaOQpD1/vCGxZKFkC1sxuLnpUmfDOtHkkJCpvHM5JYRg684WAj3rjsf1RnpkNJ8wUh+UbziPVfU20h4KYtXqg3EO77JEPLV0bEM/UMN/kpJYM+bPwgrJKhOmY5loqgVLcrlvl/t0K2KbGVtsDfVCk/3zSJlhD+pbfTV7cCI805FsrOjJLZL/hM/t8tigIRiWApgTzt8RlsAssj8lsabkDLvM+Ml8uNXVci1S2aYsW2VMbrrOdxezT7gl58onHkwuaBrbnEC8rSCXjSAnN9Dje7UOCVmwA==
+woodside.		86400	IN	NSEC	work. NS DS RRSIG NSEC
+woodside.		86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . CgdPMQni1jpu9W1Uc8IguuO0kLQHGtU5T1AOYrkoRx+dm4PmUFFeNsM2F6m4qhWA0nzN6CpVc/nSLgm1AoNzIlApGhXQN1Ai4ELW1bW7UXI5hnyEAbyXMVRdaljJida0Cgh7mh01iMQbo3U/wJzi54dcvFRZjg/FIsqe5kYU+d/9mtpMEsLW335ZY6TFixxdRF/mRTsWkxEm4LZyJn03rnUo0McppqLHmiUlV4QU9pb+ECZ3cxW69aW0UtWJxhUneOMZw2qj7VkgZwgFFbdEsYmrUTwM/IggxvcOpPj6U66PNwtg6SqkYb2MlixrvlGvMaUV6/Wa5b/v03TXwM94cw==
+a.nic.woodside.		172800	IN	A	37.209.192.9
+a.nic.woodside.		172800	IN	AAAA	2001:dcd:1:0:0:0:0:9
+b.nic.woodside.		172800	IN	A	37.209.194.9
+b.nic.woodside.		172800	IN	AAAA	2001:dcd:2:0:0:0:0:9
+c.nic.woodside.		172800	IN	A	37.209.196.9
+c.nic.woodside.		172800	IN	AAAA	2001:dcd:3:0:0:0:0:9
+x.nic.woodside.		172800	IN	A	156.154.172.82
+x.nic.woodside.		172800	IN	AAAA	2610:a1:1074:0:0:0:1:82
+y.nic.woodside.		172800	IN	A	156.154.173.82
+y.nic.woodside.		172800	IN	AAAA	2610:a1:1075:0:0:0:1:82
+z.nic.woodside.		172800	IN	A	156.154.174.82
+z.nic.woodside.		172800	IN	AAAA	2610:a1:1076:0:0:0:1:82
+work.			172800	IN	NS	a.nic.work.
+work.			172800	IN	NS	b.nic.work.
+work.			172800	IN	NS	c.nic.work.
+work.			172800	IN	NS	x.nic.work.
+work.			172800	IN	NS	y.nic.work.
+work.			172800	IN	NS	z.nic.work.
+work.			86400	IN	DS	16252 8 2 499017AA972A79021573AF6624DDB5DEA13562ABB2C356FA30456E4604F3D4D7
+work.			86400	IN	DS	41389 8 2 D1AE5019CB2D29DAB235359FE6250CDDD84C83214DEAE65E7A1AB385D2050BF2
+work.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . 0F4H282KCP9LpzMhUxZujGgvzYz0jXaRQr+qjdmyQddaYlwn92NtGDwi7Wiw1MDiJMEGxdj4bGjOnz5pok6CZ7oEU1+/bMRaqnZxh1teifSKMcz9Jzxt/xxGwUBkyYscvemtPYtx3Erysrg2f6xtGBYeX3evqRrsZCUhKCEcQnBUHFdi5GOtXN8MmVqnQZSxDT20oX8WwIHeiKREzsohjcK1ijQbKoYJ1DzIpu61+93DirXxhQfXwvLKkLtZOaFoVsuyqYcnUKN2e6lh0lNG2NfeGzqTOz5dpMt9eUM5B0XpOhmQSEMW07Jpfyc21GFqxOtnRbJj2MTgBY+6gb7img==
+work.			86400	IN	NSEC	works. NS DS RRSIG NSEC
+work.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . MHaSx9GE2vDDkgDzS/g84DUMk9X67+6pVTT+MQVrUbhclkxcyZHIkkM2PCYCoQmHEWK/TMxsRK1cvifDeYAf671S5lCrfRkZzLfZjoIWa9Ncl0vEdfHz1IIFg8+lrJray57UJLutGxu0LIMeyTNa4B76DUcVxMBwQsmAcBWJnRsJfUU1zsXeZR6gmQt7W71t/jUrY5Yh5vd3wN3YAkOLXkM/juY/4SWURTISbIubAbDFITM5R9YzT952h4T4DVDscWODeJEsvT30lFDYgure1EgyYDAlEt5xIycPmUI60Y1Tsnt8eesPZ39Y9+5kNff3KBb24fCKrg/kGqFBzYAk8g==
+a.nic.work.		172800	IN	A	37.209.192.10
+a.nic.work.		172800	IN	AAAA	2001:dcd:1:0:0:0:0:10
+b.nic.work.		172800	IN	A	37.209.194.10
+b.nic.work.		172800	IN	AAAA	2001:dcd:2:0:0:0:0:10
+c.nic.work.		172800	IN	A	37.209.196.10
+c.nic.work.		172800	IN	AAAA	2001:dcd:3:0:0:0:0:10
+x.nic.work.		172800	IN	A	156.154.172.82
+x.nic.work.		172800	IN	AAAA	2610:a1:1074:0:0:0:1:82
+y.nic.work.		172800	IN	A	156.154.173.82
+y.nic.work.		172800	IN	AAAA	2610:a1:1075:0:0:0:1:82
+z.nic.work.		172800	IN	A	156.154.174.82
+z.nic.work.		172800	IN	AAAA	2610:a1:1076:0:0:0:1:82
+works.			172800	IN	NS	v0n0.nic.works.
+works.			172800	IN	NS	v0n1.nic.works.
+works.			172800	IN	NS	v0n2.nic.works.
+works.			172800	IN	NS	v0n3.nic.works.
+works.			172800	IN	NS	v2n0.nic.works.
+works.			172800	IN	NS	v2n1.nic.works.
+works.			86400	IN	DS	46672 8 2 0339DD99B86B96B8E437908E9AEA3EB578FAD0DE211BD8CF7A4FE6885E0ACDD2
+works.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . qYdU3BAnUkRwwQy7W9fzkV396aoGsIh3s12f4e6iWlOxxQbjcs/qTmB8lABHUGamPJ0pKDXWGUAp2qiZhXsmk2CfN49I/6FveXOzUxtn3HkBeV/+Yrn9YwoCSc2jVlZGc01LGJxs601PKO2X+Mm85HbSb0JqaPhhkk5yNKtnwTLhI94lzsTkufTPUWWG16mH2P5fLx+vw5uAnoGbokyh7aguAEGJDoIDfZ10hnjopwYjX7cl4jqFcOvVPNO2B3+KEsYwSaP/O3l97Nyts+ACvy/Mw1HuX9tPPetBoKLnqT7de2pJ/fmslS2eq7r0ALfim4UPcKC4+UaUzoX5BDhjZw==
+works.			86400	IN	NSEC	world. NS DS RRSIG NSEC
+works.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . MEeyO+sAWQStBf2RIhRoV48F+0sOlRoY7XPjdbegF41E6PoYzErzMnTHnobt3jfx2UBJzrkn3H5N0T/9wlWzQWlLJ9eel72DqijZ3/hPOZYMOXy8sM4f8tzP31jc9pxW78bYCO9YrFtGIrASVansSzlL2IT8MNEZUx45V89NIZeh1MtNQ6qY3CEEOwMrrYKsvciXRqERO7fUNt8XsvT/WFQdcUEDCcpk3zIvhoMvecvp0vByg28qv5nNRQZGxXmnJC83ngxVIl+pjEQ5DZ0nCptZ5Gez14l4FpfQNSd8Wb5xKNBMuKXkTJx5yEJjte1IVzDnr0EVjgPmkKyyHfkNRA==
+v0n0.nic.works.		172800	IN	A	65.22.24.6
+v0n0.nic.works.		172800	IN	AAAA	2a01:8840:1a:0:0:0:0:6
+v0n1.nic.works.		172800	IN	A	65.22.25.6
+v0n1.nic.works.		172800	IN	AAAA	2a01:8840:1b:0:0:0:0:6
+v0n2.nic.works.		172800	IN	A	65.22.26.6
+v0n2.nic.works.		172800	IN	AAAA	2a01:8840:1c:0:0:0:0:6
+v0n3.nic.works.		172800	IN	A	161.232.12.6
+v0n3.nic.works.		172800	IN	AAAA	2a01:8840:f6:0:0:0:0:6
+v2n0.nic.works.		172800	IN	A	65.22.27.6
+v2n0.nic.works.		172800	IN	AAAA	2a01:8840:1d:0:0:0:0:6
+v2n1.nic.works.		172800	IN	A	161.232.13.6
+v2n1.nic.works.		172800	IN	AAAA	2a01:8840:f7:0:0:0:0:6
+world.			172800	IN	NS	v0n0.nic.world.
+world.			172800	IN	NS	v0n1.nic.world.
+world.			172800	IN	NS	v0n2.nic.world.
+world.			172800	IN	NS	v0n3.nic.world.
+world.			172800	IN	NS	v2n0.nic.world.
+world.			172800	IN	NS	v2n1.nic.world.
+world.			86400	IN	DS	13081 8 2 84C4EE9B8CEC0C7EB9C2C892A07DF5513897F91C5B3BC80410EBB062E86EAC21
+world.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . aP8SRYLaaJDnlPOt04l9i1zbZ0bAdXt472Ddkx0gG5NEzyPXIwov0ORMVRoCJDyes6U8I7G1QQXWShYUw1LWyKXkuuKS4KLIKGvDOgig6K8qfoZHvaSjhH3YjCQFaLGPcH0RbmAihEgIYKSz5V3kCgVhlmvtWqBEzFh2b9Vx1cP3zziMBBQ6kyWx/0j97tSu+54U8RZ8CsTntwIyXOP8U5FVcOSK3LMXDq8o8LWXhOoZzWVHbcDE8oO9GO+IQb6lTUcBMXpJvC3SZ/twtkbqBnCaSnKEGGOqlOqKxNX50o0jXw8ANLq7LXU0quz3HsXOTP55qNY5iq96I47/tuNjOg==
+world.			86400	IN	NSEC	wow. NS DS RRSIG NSEC
+world.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . dZrzjXvK+MdL9MjMXq6vAsin0NTsspFXxrZPpSMinWOfEaugrEY7ApFS3MwRYLOYDCUVCX5BPse+970QvZrFzAT/tOMCSBIXAREg3CLpo+8YTz8cnpvovG/+tPhxAta5qZaY1jifVngc5A/R6fq9S4SC5VXv6tuWQrLb7TUZLWKnCeDmaq1TFI7gZ7mIoeRixOzT2FQPmdkohnBPoz4WH2i6YJ/ZM3pe84P4vX2HFH7O3HqCmTlW3Bc25ApEiNZMfiM5/n13jnv6kRXrpzaQ/4CoR4m6TJdpd6/9yCNdXvRxjkGrPiyKYaQSxLSLU12G9NJUtwVdi5uvnJkat8wp/g==
+v0n0.nic.world.		172800	IN	A	65.22.24.1
+v0n0.nic.world.		172800	IN	AAAA	2a01:8840:1a:0:0:0:0:1
+v0n1.nic.world.		172800	IN	A	65.22.25.1
+v0n1.nic.world.		172800	IN	AAAA	2a01:8840:1b:0:0:0:0:1
+v0n2.nic.world.		172800	IN	A	65.22.26.1
+v0n2.nic.world.		172800	IN	AAAA	2a01:8840:1c:0:0:0:0:1
+v0n3.nic.world.		172800	IN	A	161.232.12.1
+v0n3.nic.world.		172800	IN	AAAA	2a01:8840:f6:0:0:0:0:1
+v2n0.nic.world.		172800	IN	A	65.22.27.1
+v2n0.nic.world.		172800	IN	AAAA	2a01:8840:1d:0:0:0:0:1
+v2n1.nic.world.		172800	IN	A	161.232.13.1
+v2n1.nic.world.		172800	IN	AAAA	2a01:8840:f7:0:0:0:0:1
+wow.			172800	IN	NS	dns1.nic.wow.
+wow.			172800	IN	NS	dns2.nic.wow.
+wow.			172800	IN	NS	dns3.nic.wow.
+wow.			172800	IN	NS	dns4.nic.wow.
+wow.			172800	IN	NS	dnsa.nic.wow.
+wow.			172800	IN	NS	dnsb.nic.wow.
+wow.			172800	IN	NS	dnsc.nic.wow.
+wow.			172800	IN	NS	dnsd.nic.wow.
+wow.			86400	IN	DS	39542 8 2 168D62F4C47A24CD93F7AB8F58E366B5C225099B479D85366D61A43EEDA9D468
+wow.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . wNBwu1rKR8Y5V3yc+7TQ/82N3GHM57NPWAFuri4JBUSYBwbraLRcQXnpXxsJFbgA8ZXFkRwtLO3uri5F+2GYGH1nOxsDv8uyPogJKJFRA4kLltj8CGD7RycAUaVxFwanCpTr9WryLwys6mtXJK5DVPjtc0HYgMjzABQHjifAxgZLte9l04bDNUXddqFy06oVvLjXb4cvnfXUfTRLcw+VJjPjyAOcFD5fAUlDggX8lTHPU5+VXp3izUOT0lrUZsoJhX3BsRM/AJqlWU2TyLoGjctm3Y4WtGd5NI92aLFI2QFOLY9imx/ZtG85Au2ybiuYvetqnqw3oZWId/PgK7imvg==
+wow.			86400	IN	NSEC	ws. NS DS RRSIG NSEC
+wow.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . tWtEZwzKDB3mWq9bBGBFmh1mBDtHEsPEFE9rFKE9/jCEQHQQMYdJN23WfE0od/2XBwL69ZzB0xo9UBFHa4/uuJ/ZV2j/hb9Fam72Sy1WJipRjZ3axEcJfTscE7N8Duan25NiXtVd2seSlR0Ez3y/l+mbplffFSSQu9kBB+Z9C2fm7IE6iGqR5jd8CC0HqT/Hx3wzUs3DB2AUd3u53b/4yuFfUu8xbCKiDEmEKzeCfzHgj0a64tqMxqaGt1+QD6XiLeLsEAI5GIUd0xQeaqMe0k+DD0V1tCV/Mat6L8WgEcQkzbujIGqEB+wPLpiOCZhMA6CkK5kD+H5mCMLSP0m7OA==
+dns1.nic.wow.		172800	IN	A	213.248.218.87
+dns1.nic.wow.		172800	IN	AAAA	2a01:618:402:0:0:0:0:87
+dns2.nic.wow.		172800	IN	A	103.49.82.87
+dns2.nic.wow.		172800	IN	AAAA	2401:fd80:402:0:0:0:0:87
+dns3.nic.wow.		172800	IN	A	213.248.222.87
+dns3.nic.wow.		172800	IN	AAAA	2a01:618:406:0:0:0:0:87
+dns4.nic.wow.		172800	IN	A	43.230.50.87
+dns4.nic.wow.		172800	IN	AAAA	2401:fd80:406:0:0:0:0:87
+dnsa.nic.wow.		172800	IN	A	156.154.100.3
+dnsa.nic.wow.		172800	IN	AAAA	2001:502:ad09:0:0:0:0:3
+dnsb.nic.wow.		172800	IN	A	156.154.101.3
+dnsb.nic.wow.		172800	IN	AAAA	2001:502:2eda:0:0:0:0:3
+dnsc.nic.wow.		172800	IN	A	156.154.102.3
+dnsc.nic.wow.		172800	IN	AAAA	2610:a1:1009:0:0:0:0:3
+dnsd.nic.wow.		172800	IN	A	156.154.103.3
+dnsd.nic.wow.		172800	IN	AAAA	2610:a1:1010:0:0:0:0:3
+ws.			172800	IN	NS	a.dns.ws.
+ws.			172800	IN	NS	s.dns.ws.
+ws.			172800	IN	NS	ns2.dns.ws.
+ws.			172800	IN	NS	ns5.dns.ws.
+ws.			172800	IN	NS	us3.dns.ws.
+ws.			172800	IN	NS	us4.dns.ws.
+ws.			86400	IN	DS	36454 8 2 7DB7C8F0FAED1FF118C3F081487CEC39CEC5C89FE647ADC1E2D3643D1BC1F77D
+ws.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . ITyiiBDR7hHZ8jW48EvEhV4FhUM0+mdW+RCsfZql7b7/0un3i9+o/vwSUwGtbQ6H1Z9Gy0lz3LIsKRUF7SZr/n/ZkyEMvKiQTgM7qbv6M6NEFbIY5fV5e8zYnRcY0oVbZ79niyu6Gw4JC0t8JgWhxcR3/q0rGjdIqRzxX19UbO7fCasLjc4vrqLIxp+7p3Hr47a9SkDi27fWHCZH94hqT9YtRo4UVA64j9eHVa+2ucICc6RLsjbXZjHOyL03q857qY1rzSq1LncmXxc2c7algj7ngfC8gWZFHcAeJBnTHgdOnDV0er2XTVFGFNuUkSsl7WoYViw7mdvfSgYu3/fEsQ==
+ws.			86400	IN	NSEC	wtc. NS DS RRSIG NSEC
+ws.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . HQt6xwxAB22CsyPZhLQN5JCx02OLSfPGcD8IDSM7+AUpGnO7Wlxz9D+sRsKumioOoemCD9t84c2Kn+/cN/CiNCKzQvyOOf3t95FKm4EwFwcnf+4Pq4upXdjNNBxJZ5IBHEiFXqVBhWLsBdGcExYaqRjQ/2olwTLPhjxZLJRaqShCfy6Bnayfm1t8PbEuwTLDiWZS8XUjQoKSw5dxel9nPtvgfQl0oVHZ4e7F6Xyl8dzqj37wdOe8uuDVUYXoRy10G+1gB9UA6HAjqHjX3JHkcwZ7Ztm7OGWnx4t4y0o644DdDiqZ6zfU5FPJHuEtW2790pVCgQr09MVH9XhLmYb4pQ==
+a.dns.ws.		172800	IN	A	194.146.106.146
+a.dns.ws.		172800	IN	AAAA	2001:67c:1010:37:0:0:0:53
+ns2.dns.ws.		172800	IN	A	64.70.19.80
+ns5.dns.ws.		172800	IN	A	64.70.19.70
+s.dns.ws.		172800	IN	A	77.72.229.248
+s.dns.ws.		172800	IN	AAAA	2a01:3f0:0:311:0:0:0:53
+us3.dns.ws.		172800	IN	A	64.70.78.70
+us4.dns.ws.		172800	IN	A	64.70.78.80
+wtc.			172800	IN	NS	a.nic.wtc.
+wtc.			172800	IN	NS	b.nic.wtc.
+wtc.			172800	IN	NS	c.nic.wtc.
+wtc.			172800	IN	NS	x.nic.wtc.
+wtc.			172800	IN	NS	y.nic.wtc.
+wtc.			172800	IN	NS	z.nic.wtc.
+wtc.			86400	IN	DS	44554 8 2 B9A169F58E754770E8E23D48DA8591A92F602F3D94862B33344C996C0590A6C4
+wtc.			86400	IN	DS	60754 8 2 F5BA575547A9CC6E47F9785E00D2F89D55F9541135A7FA91926E8F953ADD6609
+wtc.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . U6L8taWZ+kImOtu/ndA7DVM9WXdUOfsWujBcpR9YnbxgLiBEeZd9pWzF5vsL3IlzMwdli0FhoKHjuLtQpbKF54YzbfG+4Cj/LD4kJ4CawJmsWlHDdjnNlCBZU/YLOAubk70JQxQpbrfMudNjatds2pdu7Io9MpU2/19mpLVoEpw/eGo1Y10VBV2dGLrlitM9v5V0mO2Lh5MdnB9cLUq5NIQPmNpRH5oUMEAQN9rprVHdQpECtnfvGnNRdJ7c7uI+x9bc5XEnVwDsy3z6rJJ6lh2qxAhF1kH2gMwuOG6FG2Pshb8EObBz6cgmnC6052/5onQRxtB2OokreH6oNF5JhA==
+wtc.			86400	IN	NSEC	wtf. NS DS RRSIG NSEC
+wtc.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . EYZ83H9UUhg92papldB5vDxC9mR+13up2cZ9KYdxYYrjrjxC085sV6MIOsd/2lujJhxqUqq2+CJafbFnjG3I/GtnGR6fUeNlRlfMQ09+F2b9QEr4IXEf8blzaYH2kPjZ1u5+2TgzXCQiOwJoE80NNYx15TWjtyWeIPXhAn++aQyoa5QrAzxo34QcAkhoHTWNAJp+8F5q/NWwcxbbt0VVWZsIIXFzoma3cvIIJkwjKLn8uSnn4LfEHRlfDAe7pmIy79wAcOHHoA2AmRzJr6Hg5PxOTxh8P405gHiVRCf5Z99qAuZKF24H99KOKbD9Gz/AzBO6QRalBvL3gTxySV6bCA==
+a.nic.wtc.		172800	IN	A	37.209.192.9
+a.nic.wtc.		172800	IN	AAAA	2001:dcd:1:0:0:0:0:9
+b.nic.wtc.		172800	IN	A	37.209.194.9
+b.nic.wtc.		172800	IN	AAAA	2001:dcd:2:0:0:0:0:9
+c.nic.wtc.		172800	IN	A	37.209.196.9
+c.nic.wtc.		172800	IN	AAAA	2001:dcd:3:0:0:0:0:9
+x.nic.wtc.		172800	IN	A	156.154.172.82
+x.nic.wtc.		172800	IN	AAAA	2610:a1:1074:0:0:0:1:82
+y.nic.wtc.		172800	IN	A	156.154.173.82
+y.nic.wtc.		172800	IN	AAAA	2610:a1:1075:0:0:0:1:82
+z.nic.wtc.		172800	IN	A	156.154.174.82
+z.nic.wtc.		172800	IN	AAAA	2610:a1:1076:0:0:0:1:82
+wtf.			172800	IN	NS	v0n0.nic.wtf.
+wtf.			172800	IN	NS	v0n1.nic.wtf.
+wtf.			172800	IN	NS	v0n2.nic.wtf.
+wtf.			172800	IN	NS	v0n3.nic.wtf.
+wtf.			172800	IN	NS	v2n0.nic.wtf.
+wtf.			172800	IN	NS	v2n1.nic.wtf.
+wtf.			86400	IN	DS	47461 8 2 A9F9582D8B0F154F7051751B8C2AB121231CCB2AE36EA6DA9536439855BF9F0F
+wtf.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . ulcCM5zyODqoJjheUKGCuARtwElsoWrfi0ySatUbEU9x8pxgXEcsybtG3Z114Z88Y9FTtcJTenAw/kieI4oBQu+h3LZMiojR7ukDdATrGv8V5yT57cLtlsn5DMODQjVK+1hpuM/Od+Cj4b44peTYJUzTEVUJyHv8hGN50lWdoC17ucLZgcYMOPJ3eXGvhHERgBjsI2QALHDQiVoCVDNEeAC5hZrEM/je11QA4dx5d0lYlHxqSZc8gXlRjdJZvz+OUB0GYgq0xGUCoC2VeOD5OKHh9FMU14NOyZ1B5PP1JYdmbESMTqXMoXUFEaHwhVHz0td5fcUGh9BD/pAhDp5ENQ==
+wtf.			86400	IN	NSEC	xbox. NS DS RRSIG NSEC
+wtf.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . Pu984k11xc5meq8bsp8XMi8SV66TD9c4BHyht/DFZ81/fkNaruoi7pz4zYOB+Cf5Pgo0M8gq/zzaQ2prsi4UCp6bh1Go6kL6A7hk1CmgDw2IApxcWHc8+dUkvZBrLXDh7dg5ytTiCVj7aP6lVHXTkNAo7+pqdxGX/ZXnyx1fe5OM8P3Df39cYcIork6OCOA27TdausBkSHOo2lSGeDtB0uTDS64NjcGz2A5eRG4twuhBBne2+EGfnW4lNccUrZMnZi3YWHyzxQPRcN5C+Q95SfHGScsbjC6T64wKcnnqj1uy3wB7e9J3WayF10QXC5e9pcwr2pHIvcYJczbFB/W8+A==
+v0n0.nic.wtf.		172800	IN	A	65.22.20.7
+v0n0.nic.wtf.		172800	IN	AAAA	2a01:8840:16:0:0:0:0:7
+v0n1.nic.wtf.		172800	IN	A	65.22.21.7
+v0n1.nic.wtf.		172800	IN	AAAA	2a01:8840:17:0:0:0:0:7
+v0n2.nic.wtf.		172800	IN	A	65.22.22.7
+v0n2.nic.wtf.		172800	IN	AAAA	2a01:8840:18:0:0:0:0:7
+v0n3.nic.wtf.		172800	IN	A	161.232.10.7
+v0n3.nic.wtf.		172800	IN	AAAA	2a01:8840:f4:0:0:0:0:7
+v2n0.nic.wtf.		172800	IN	A	65.22.23.7
+v2n0.nic.wtf.		172800	IN	AAAA	2a01:8840:19:0:0:0:0:7
+v2n1.nic.wtf.		172800	IN	A	161.232.11.7
+v2n1.nic.wtf.		172800	IN	AAAA	2a01:8840:f5:0:0:0:0:7
+xbox.			172800	IN	NS	dns1.nominetdns.uk.
+xbox.			172800	IN	NS	dns2.nominetdns.uk.
+xbox.			172800	IN	NS	dns3.nominetdns.uk.
+xbox.			172800	IN	NS	dns4.nominetdns.uk.
+xbox.			172800	IN	NS	dnsa.nominetdns.uk.
+xbox.			172800	IN	NS	dnsb.nominetdns.uk.
+xbox.			172800	IN	NS	dnsc.nominetdns.uk.
+xbox.			172800	IN	NS	dnsd.nominetdns.uk.
+xbox.			86400	IN	DS	43570 8 2 2C478092B86D62235C8A27BF365EDDA5C86167E1E9244A50526B735038E5DC26
+xbox.			86400	IN	DS	48291 8 2 1189083BB85010770D8937E4BC2A2AF6FC2C81F2EEF8A53A7A2457709A53C362
+xbox.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . n8wHsu2ZGyFLWBfHQlKM6/K41rLTDWXmGTjUF/ZiQG9VJi1rJpgdmC/FpwLhYlBB/wRMTBYUTnhKcJ/hsLzmRhbVJuezTrC10llkapaTpkEuLW4yeQxprYFzAs8oAsay0P1fMMAB2pWU4uD2eOrxsLa6qol5/lbkU3Qg8t8IYDNv2QHziRBx1z7ghFRlygfG0q0YXSAG/mtvf6KNc9g3UXZwHjGEUZ1JqnWgdkpmKfzntxdh7El/NE64Z0fCK4Ca6ydP71+J3rq9YYMpkuJAcHOyPX+gU4BHSzVaQ2eQ0nfOBRB3CPCpA3oCtSDadsybM6Xr0sj57mA2hY6psQ9ACA==
+xbox.			86400	IN	NSEC	xerox. NS DS RRSIG NSEC
+xbox.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . qhRtpSmh8iSk0vibCCcei7aQSRxfy+fzQuJ/v3x3JWdxWeGvI57di60jgTcHwLsSUB/AwU9BKhZh+otqdzjASTahMPd8xJ7AKPMOjCEsWu1ut93+SY3s2i0n1mwZa3+3VgNP4Y0phwas1MOSD+UDLnaFhZ9GjDFqPw/oJy7X9gWVGCpHZGJr0sSqZW7oFRe7Rnad/vLq8MVDCVcNAQgAY6rjtYdikNDX3CTwjyn0sjrBTeREPU+uC/iGYlsbquxIH0uoDTmViVljj57RKuoMMECTuBd6frWX3nwx+AXUNsVRtagdhyqG5KXv5zXVP1z+o9nTrGqG4Vv6ioBMbtR4zA==
+xerox.			172800	IN	NS	a.nic.xerox.
+xerox.			172800	IN	NS	b.nic.xerox.
+xerox.			172800	IN	NS	c.nic.xerox.
+xerox.			172800	IN	NS	x.nic.xerox.
+xerox.			172800	IN	NS	y.nic.xerox.
+xerox.			172800	IN	NS	z.nic.xerox.
+xerox.			86400	IN	DS	26830 8 2 7B5C562E138431A73348593E3A2D18C66DEBA2294F849C3B5BA62C7FB92443D3
+xerox.			86400	IN	DS	61096 8 2 95F8FB00A7DF39CC9FBAD6444F8D2786E6A15DEEC56424E1BCDA21E94A7C386F
+xerox.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . bDaP+nsfwb4q8Y2CLyd3Tvm2XAXXidhH9PG4GncjdT1HEGTGVHAWTvWp/13t2N+6OSxowCXbb8dm+DHxcCeCK6o2695gZx/rB8ZzkHyy64StVVqryyUeszcx1CIRH5NK64gO9l6fL1Mep1ZL6IlX5QEXcKxcnhbP9tsJ35FyXAAAWO0FfojWVguQe8792ZXwnBb6e0WnDObvMt1JSLRudFd6C64HhdQzIyNAcYdrogGGrHvNGCUi9/pCdavuHGxBWIIXYzIniHKhBTCjhKVDDvaVzt3PgoJd4YVlM86/+2Z+u4xXyj61Al4upfPsr4rDqd+TUcm1CKyLA1ZarH1uvQ==
+xerox.			86400	IN	NSEC	xfinity. NS DS RRSIG NSEC
+xerox.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . KTRKsZ6UaaeC4KuCaizrmfb6YPdrfvqQoJSQn4/ZxjtnHyqw6eZO8mQDWUZK8c5BeWduQNIBkTYAsHXSTTyYGr6/DPcXPCT74ddEWiyw+PAUTB7b+8WvV20hwLuzTovXRTWdcanwPsptXa/chhBkej7vUOqSggl1uHL937Y4WLxcLjzgpID8LBK7TSJD8Qv1VJv8U4qbkkSWjuRVNJA/iOpWFl5ZRxvFbJzj7cKmUzBfsAMJRDuT+XB8HkBDA41PN+VcSGfeRNX54L7M9l/BPRvPvTcsX0rNnmO3x3ETyvl6PGnTboG+jS8iex3B3yE4Jsc8nJI9KYlScucLxySnHQ==
+a.nic.xerox.		172800	IN	A	37.209.192.9
+a.nic.xerox.		172800	IN	AAAA	2001:dcd:1:0:0:0:0:9
+b.nic.xerox.		172800	IN	A	37.209.194.9
+b.nic.xerox.		172800	IN	AAAA	2001:dcd:2:0:0:0:0:9
+c.nic.xerox.		172800	IN	A	37.209.196.9
+c.nic.xerox.		172800	IN	AAAA	2001:dcd:3:0:0:0:0:9
+x.nic.xerox.		172800	IN	A	156.154.172.82
+x.nic.xerox.		172800	IN	AAAA	2610:a1:1074:0:0:0:1:82
+y.nic.xerox.		172800	IN	A	156.154.173.82
+y.nic.xerox.		172800	IN	AAAA	2610:a1:1075:0:0:0:1:82
+z.nic.xerox.		172800	IN	A	156.154.174.82
+z.nic.xerox.		172800	IN	AAAA	2610:a1:1076:0:0:0:1:82
+xfinity.		172800	IN	NS	dns1.nic.xfinity.
+xfinity.		172800	IN	NS	dns2.nic.xfinity.
+xfinity.		172800	IN	NS	dns3.nic.xfinity.
+xfinity.		172800	IN	NS	dns4.nic.xfinity.
+xfinity.		172800	IN	NS	dnsa.nic.xfinity.
+xfinity.		172800	IN	NS	dnsb.nic.xfinity.
+xfinity.		172800	IN	NS	dnsc.nic.xfinity.
+xfinity.		172800	IN	NS	dnsd.nic.xfinity.
+xfinity.		86400	IN	DS	42454 8 2 C4D6CFEB973503EDAA89943505206BF8C406FC92C80ABAD132318165AA1CB445
+xfinity.		86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . hKoez93CYnJDa5XD7mJWFeOVjjmyeu5sITanX6p4KAhFUgRmjpuCxisbFnwSEh0ln6oFH5hPh4nQGzQwXLlg2xvFQOIFk1pQlaaUBD2Cke1CiJM/CwXP0qtVUWZW6wJYdtuR/MFva0qbObqFlcSlhEQPLk7dBf2C7TvJk3bgC8xekO9miBoiB65kvEjZrahcAI5hwSea9bxJd0na093qDuxjWBTgzLrBEul9IwxdXkj7a2wo2zamLFZPpReIEQzjcNQ1CgbJwstNcBv4c+L7KCuMQNd5KUMLlM4oqgHHHfsnO3KbnMNjvHlZuH/P9fpscSUbpPFP3y9cpPg8jaAkhw==
+xfinity.		86400	IN	NSEC	xihuan. NS DS RRSIG NSEC
+xfinity.		86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . oceizaYzzxY0CtkskVTIE++Y52L544Ncc+iKfKHnVBoZ1ofEytpC8LCWLuhTqOGN3aFibAnFGaIy5RigoWWzsPd9+8OUepHRDi/U5DESvdsT0t8w32aHiRBgdvZEPYhA1qWRK34onq0oB+Q0s9ciRZll9K3pmRvvhCoWiuRAMBZvE4mdjibdPpstQjv8jTZKZKpdsw42cEDQDN7jooXsYo3KCjoHVq5gC768r4ksdWy2ZSTuW1e4zub4+IZWc2KZRLoXjxED3HFRfQFMGDBIdWzyJWRVb23iLz74GaD+Tby3PslRdjKcl6Pf37F5A2xtRrF+FSqfMwGVtjN/Q0dC6g==
+dns1.nic.xfinity.	172800	IN	A	213.248.219.7
+dns1.nic.xfinity.	172800	IN	AAAA	2a01:618:403:0:0:0:0:7
+dns2.nic.xfinity.	172800	IN	A	103.49.83.7
+dns2.nic.xfinity.	172800	IN	AAAA	2401:fd80:403:0:0:0:0:7
+dns3.nic.xfinity.	172800	IN	A	213.248.223.7
+dns3.nic.xfinity.	172800	IN	AAAA	2a01:618:407:0:0:0:0:7
+dns4.nic.xfinity.	172800	IN	A	43.230.51.7
+dns4.nic.xfinity.	172800	IN	AAAA	2401:fd80:407:0:0:0:0:7
+dnsa.nic.xfinity.	172800	IN	A	156.154.100.3
+dnsa.nic.xfinity.	172800	IN	AAAA	2001:502:ad09:0:0:0:0:3
+dnsb.nic.xfinity.	172800	IN	A	156.154.101.3
+dnsb.nic.xfinity.	172800	IN	AAAA	2001:502:2eda:0:0:0:0:3
+dnsc.nic.xfinity.	172800	IN	A	156.154.102.3
+dnsc.nic.xfinity.	172800	IN	AAAA	2610:a1:1009:0:0:0:0:3
+dnsd.nic.xfinity.	172800	IN	A	156.154.103.3
+dnsd.nic.xfinity.	172800	IN	AAAA	2610:a1:1010:0:0:0:0:3
+xihuan.			172800	IN	NS	ns1.teleinfo.cn.
+xihuan.			172800	IN	NS	ns2.teleinfoo.com.
+xihuan.			172800	IN	NS	ns3.teleinfo.cn.
+xihuan.			172800	IN	NS	ns4.teleinfoo.com.
+xihuan.			86400	IN	DS	27565 8 2 B77F15373B8AF8E7BA2D8641701AE833416F8D439BBDAEE71D18CE55EFDE7903
+xihuan.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . uJtuCjlaovXV3KmZtl/9Ej8OzDRPwWCC7k7woKQfe4T54xaVnkUeuLDKGmRUGUhp0b+xmmlL+yUX/jg2bKwqvzMqXG05z45CE1jb8dWr+BsW5knm/MNMa3KCUABQDYtODJcVtGmO6Zpg+4tVv2KOJHfdM+WSpibgRJTECf4jQXv7n0lWEbyBW7EXvP1/YZdiaRt0AMJ9FJyl6zL7IFNnR6Xs3gO4bPJxqulVYKJPblYQEnd5Op6ql9xmW4LJvUJlRumj41MmavCPZvVoxSX3ogQ5Qn80kp58p3pfgwZjWDU9u2dFNGpHOWM3EUfv/1/nwPUcSutIHSfJjO58joXWhw==
+xihuan.			86400	IN	NSEC	xin. NS DS RRSIG NSEC
+xihuan.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . Nr72gwXYIqzF48jUKb9EeZBhbx8d37qQ6sDhqIcm7gJdIo2DNY7ty9KgAaK+66+0bhV2tavwLq+erWgxMXBWLbhlyZwLLWl9SoBZ3wqKJEFIFrcXNYN3ErjjCJDL8nSyHne+hKmLhikIBQDfKY5LtriTlVvP9XLZtoSb1JlueDLgdag0VwQcZAELJmB6LcQxYZ3yoM70lC2BGJRpNaZq0lQ6EJZ1gebNxQyXdYPBz6+rE/N2vzLaPNjyEERHOuS/N9iOibKC3ruktKBCSlpzfylmLkBVlgNY0NJQ1Beagv2sXsXn/sZdCLgnMaqWDbYi9Fx1jd50X3q7Qo5P74d94Q==
+xin.			172800	IN	NS	a0.nic.xin.
+xin.			172800	IN	NS	a2.nic.xin.
+xin.			172800	IN	NS	b0.nic.xin.
+xin.			172800	IN	NS	c0.nic.xin.
+xin.			86400	IN	DS	2809 8 2 3BBBA82EF5EE5583F6743AF83A583F203153DF0C2066F8707A735DC514474BF4
+xin.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . XCk7DnKAIYnyXAWTST7ILxkxM0LS/261sSTTlD87Y4XWkRBkg4gAkI0Sq5vjF7BVcm19YNhkMrSi82LcCQ+6JIgtLz77ny+85ViloOhBcbXESEWfC+8jRI4yjiZjdrLjqWhrUdCkaFKg2PkYUI3/odmTUCu98BUfM2ap8jmTbPLXRnocu010QCDNcHY3kIGRKl94M0Za3MU/df4SVLJE4okbNeQDPdElRPummriJmPioeZDjlBmIoQ+5NqQhfaCCcRY6DQ1IBVL9cFkYvqfKneIG/1sBbl6BJf6KrqEfuzhShyBx6a96fqXYoIYuuSmxOjRPDnNBen94PIyIRDfInA==
+xin.			86400	IN	NSEC	xn--11b4c3d. NS DS RRSIG NSEC
+xin.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . F/2+AToz0xMt3qhmWdSpKZnr903eId4TSPAsGYXBvE/hbHH1YQa1btCjJGK87t29YIdTnQzAY32DyQgcS7uO86/7/+zNvrPbQrS7DalMZkzSig7EYt0rbbBrsQgikcjPplgYlB5dCyU2/HlRuJxTDEAVp5JbfvuT0xlXGXeUbafWVKbnCpmOgpIQ6lJUC0EurPKcLOkNDjwJKtay+XCD5aFo8oNWPfkUoZ4dpIyD7TaVy+lt16Z2paUGc0u36WodOO8IcDYJoY2uNPUuKfAlx1sPLCW9Rq/yuezZaAFbruv+ER7d+nsc/Sr4z7BipxL52+qPgHfTur61Ikb/wug/yw==
+a0.nic.xin.		172800	IN	A	65.22.128.17
+a0.nic.xin.		172800	IN	AAAA	2a01:8840:7e:0:0:0:0:17
+a2.nic.xin.		172800	IN	A	65.22.131.17
+a2.nic.xin.		172800	IN	AAAA	2a01:8840:81:0:0:0:0:17
+b0.nic.xin.		172800	IN	A	65.22.129.17
+b0.nic.xin.		172800	IN	AAAA	2a01:8840:7f:0:0:0:0:17
+c0.nic.xin.		172800	IN	A	65.22.130.17
+c0.nic.xin.		172800	IN	AAAA	2a01:8840:80:0:0:0:0:17
+xn--11b4c3d.		172800	IN	NS	ac1.nstld.com.
+xn--11b4c3d.		172800	IN	NS	ac2.nstld.com.
+xn--11b4c3d.		172800	IN	NS	ac3.nstld.com.
+xn--11b4c3d.		172800	IN	NS	ac4.nstld.com.
+xn--11b4c3d.		86400	IN	DS	3846 8 2 A241C8EBF2C5CD49C2DDCEF1B9E6F66A0CAFB2A40C15B80B5CCEC1BFB8AB9E9A
+xn--11b4c3d.		86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . hYqngl8LwjmMtZ6cRzvU2hvtTtuJGTHp0LVsNw71pcN2V/R7tQx63LUjAdvt0ppoKvzS0zmMywMBMVWSMEeUXmZD4XNmDJuCRqrI4N6YY9AXj2EgZid3jX2XyAK5ZRMjEd1c5I2P2ObhWxhSp7EcaJ7vKXNTSTcDHUdfDDkiJ6TvthiH62U0FZoOkqQwvuEAME1Q1+ZsgjUmRjP9xeTMIheSoxlg3va+BWXhg+VWaPSVUsI1pBX6fjnLn0dFlTS+y2Zvr65asUQm2Y7C3gPSpah28nX/Opmvggjtqbtac0g4hpz60jHG/PFIJDyO2H7QBc5CR/8MhXR+RnCGMBz0jQ==
+xn--11b4c3d.		86400	IN	NSEC	xn--1ck2e1b. NS DS RRSIG NSEC
+xn--11b4c3d.		86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . 1LlNPKti6SOF/Etp/BSGOdK66vokSqDnRrEoTZ4n5HYBUoBxKP80NinxnSeXEBhj9Ei7Xg9dr+B8mCyVmArQ0kAqPOGR7my7OKhUu+FTbUdH2C/5gEUZsf2wTAe0sX0wTSKlerVgPBRCGJ+NfZqQBoBeb+NUb0Suyv7XK1RnyhlrqNB2KzmEy1wN5GuzaE6pz4tV/t1jIQWujo8mG1Ljkulm6eEduRNSO9WbgwoJoJUvHB49ZJX8QQg7ANfxccI38gUPau9OvqeWGEOS+quPNCDVt1DeRboBoK6UVAAf5V18BhiQfJ7NigGjWZuXlPxrTs2qKoFK9iSmh4vnXcVSfg==
+xn--1ck2e1b.		172800	IN	NS	a.nic.xn--1ck2e1b.
+xn--1ck2e1b.		172800	IN	NS	b.nic.xn--1ck2e1b.
+xn--1ck2e1b.		172800	IN	NS	c.nic.xn--1ck2e1b.
+xn--1ck2e1b.		172800	IN	NS	ns1.dns.nic.xn--1ck2e1b.
+xn--1ck2e1b.		172800	IN	NS	ns2.dns.nic.xn--1ck2e1b.
+xn--1ck2e1b.		172800	IN	NS	ns3.dns.nic.xn--1ck2e1b.
+xn--1ck2e1b.		86400	IN	DS	3829 8 2 9402244C218BF8FE172483E4D2AD8355589BE11F812B471FE722DD4E572EAC26
+xn--1ck2e1b.		86400	IN	DS	45052 8 2 95AF6D712437FF0146056FB29421E23251BA928DD50401D6B48DAD894B00B234
+xn--1ck2e1b.		86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . Oe7nCHap7qsZYtEkwrtBYcfVV0HgGjbGFyLBBR6a4WJrGIupIktVCVXyzn+hxpW14z8ELiH6RyZBJ/6wz2PBYwqcmEU8dUd0fnCLFii5L2jR5u31IA9UzJL45Y075mVTZbPuoYByixdfc8a2SmizzaB3RFat2KXGsLGl8biZXSPkeRU5s37BExZqmuM90YYfshO1mk5idsJcUf0xfpkzJCBjBzI8Hck5TTJDX5/mLyemgs7v/paTa47SflS6OmA/zi73uNxCLRD0ZEaeOgknnWRtbDhb3SrMEkTv6DwpUadr/piCBo1fEghehYmn5K382FCXtpONJ3RkQfBG73pBNA==
+xn--1ck2e1b.		86400	IN	NSEC	xn--1qqw23a. NS DS RRSIG NSEC
+xn--1ck2e1b.		86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . J1lLp1QTUd+VD+Z77CeA1io18ZegHQSzKLWtWntoyDQI4Tmyha5eRMDngJBAYBbnjNCZN6EMHY1JywwQsWKwNwDYt4ExDVesrMRLNGdXPVgrpfulDjikd/5uCeWYMRWKvKh6g3QnPyQbiewEZMxaXBrG14D3Dqe9lBwS1UIKlQeCMnDa84bA+/pijZyE3FpPxjYxc9z8Fla6JwqUvr3Mt2eYcKw9ZoVFryNuWu3hRWg8J7g1FMzZ/v/tGHe7VBRU73nlumcCVv+gCcq68T7DAbPa1tYG9o+Yp8Gnw+Wk/xOlvk2NbOBRR+I3Dl2/x3qgT+XjXZg3/oMrdWKudWVZjw==
+a.nic.xn--1ck2e1b.	172800	IN	A	37.209.192.10
+a.nic.xn--1ck2e1b.	172800	IN	AAAA	2001:dcd:1:0:0:0:0:10
+b.nic.xn--1ck2e1b.	172800	IN	A	37.209.194.10
+b.nic.xn--1ck2e1b.	172800	IN	AAAA	2001:dcd:2:0:0:0:0:10
+c.nic.xn--1ck2e1b.	172800	IN	A	37.209.196.10
+c.nic.xn--1ck2e1b.	172800	IN	AAAA	2001:dcd:3:0:0:0:0:10
+ns1.dns.nic.xn--1ck2e1b.	172800	IN	A	156.154.169.64
+ns1.dns.nic.xn--1ck2e1b.	172800	IN	AAAA	2610:a1:1071:0:0:0:1:40
+ns2.dns.nic.xn--1ck2e1b.	172800	IN	A	156.154.170.64
+ns2.dns.nic.xn--1ck2e1b.	172800	IN	AAAA	2610:a1:1072:0:0:0:1:40
+ns3.dns.nic.xn--1ck2e1b.	172800	IN	A	156.154.171.64
+ns3.dns.nic.xn--1ck2e1b.	172800	IN	AAAA	2610:a1:1073:0:0:0:1:40
+xn--1qqw23a.		172800	IN	NS	ta.ngtld.cn.
+xn--1qqw23a.		172800	IN	NS	tb.ngtld.cn.
+xn--1qqw23a.		172800	IN	NS	tc.ngtld.cn.
+xn--1qqw23a.		172800	IN	NS	td.ngtld.cn.
+xn--1qqw23a.		172800	IN	NS	te.ngtld.cn.
+xn--1qqw23a.		86400	IN	DS	2506 8 2 A379E36D05FEAFA4A5DAB25F518B9F62DF2FD2BA659BD8DA1A3EA48E677DA5F9
+xn--1qqw23a.		86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . S/54uR83FhAqeiurXb4qgvGM9OFTl2aCaScZRqBcPv93A8AdSotWCFzPkt+BFNCRl0E/qoAVzRNcWUfvyVxDmIPlFuD7MamNXUs6UQL/6JPOdAFUNvLXQMTd6iuKy/PyG0D1py3DnsytbB3UKI5Cx3aHCpmKfok4WR+Z6u34eeU3Out6xNctLmPGMQYWkvmQ5ZlEIlgjscTituQlWW0F6EKLlO3Bedr0WJ39wr/EdO4cIn14if+FOWFr+R2vqVpfVQTrqKTACW5LRGb6/2rEd6rdwC8dO/gFcyMCuGByawox67QWPbzZKy7QSpGrF+QdCNWCwLWMhUNf9orMRSzK4w==
+xn--1qqw23a.		86400	IN	NSEC	xn--2scrj9c. NS DS RRSIG NSEC
+xn--1qqw23a.		86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . ekBkQutdMchVUYYqzw1cjF4yd8QrsbxqwT9BG0+NkiHRUYDgpP0xYYjId0jb4Mi/QMyaaoOcdfGEveKYzQkP5qDOZKwL0xK4f+uWZ/HLh24dmF32hCRRsUxlR7a8njpDsNJpGAKbPqyICNp4UuBMHmEJ7oEs4GM+Y3ISBLZthhmJqXV1ETQ/hwVHTOag+2Z8rxYQSijV7gdHQoAXeZwMI9y0QDrmnLOTiXQkHXxuFdvGbO9FO8g0x6JlqrT7gkOV6ptoNlxFVFeHH+DjexRI4U79dZU9lFk3Cbot+/gOMp+rlkH+svzF1cZC2Oqn18Wix82gpIORds6FG1BEmlLpBA==
+xn--2scrj9c.		172800	IN	NS	ns1.registry.in.
+xn--2scrj9c.		172800	IN	NS	ns2.registry.in.
+xn--2scrj9c.		172800	IN	NS	ns3.registry.in.
+xn--2scrj9c.		172800	IN	NS	ns4.registry.in.
+xn--2scrj9c.		172800	IN	NS	ns5.registry.in.
+xn--2scrj9c.		172800	IN	NS	ns6.registry.in.
+xn--2scrj9c.		86400	IN	DS	11140 8 2 4D6066C559009D857402623F36CFEA85B92EEAB23D507F12F28050AC873491C3
+xn--2scrj9c.		86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . Ci3IMEtVpm3RLv+yQUfKZEXoNZiYGCPEIp7TRFTR81qFHnspYVYr1SjVG0lC0Nxni14JlIbNdQb5LJQ1YQOxVknQlqxK8qMhNNfHgc2Sj+UtWqquxjWKcJDQmTvuarA+raipTpYi1/u9EPGS5oGL7+Xh8FLGj9Sj6rb/al0DTjP8bDCmxH3U/p1SdzxsCo1YQYFc3AGqED1XInV/0TsVtcRyd+Hg+bZosMHG3qcOyVB+waphH9V/phTLW+2LRaH3A+uNFkr4FIDLjxGU1lYC6ccoMfKZjag+2N6t5B9ZeEkjKyMhkSE6a+OHoX6ao7/eMGUI+/xL3pvU7oCKB9ffdA==
+xn--2scrj9c.		86400	IN	NSEC	xn--30rr7y. NS DS RRSIG NSEC
+xn--2scrj9c.		86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . Dn9PuWphPTsivpHTeSsYdCG7rp761HQsvm6/2FJSz7oKxR6X/6fdNjSnIa0mdKY2PQKrsn5l0gc5EZr+WmCmb+Q3e3mhrGCsfcTfT5ZVohnJDgAYryEH3aK+pWNEtPgVvVqy+0+X55nt7coJFVNsJxo7Lle+7kC8bzFhyYZ43qRtnA/aXi5ZFptSKzmXX/UYL2xsI8OXiYKdh9ywIg+Lr9cVmoDdSZtgzO1PD5eSLaFVGq1Hm38BIhnz+t2vqYA2Rs2O5ggFTboySEQ8TNVuFdp+hXg1qNGzYa0eBpTNtt3Eee8wRKAyDBUXtGD3dpuE+F02Sb7+Q+jn8JhkYiYJcQ==
+xn--30rr7y.		172800	IN	NS	a.zdnscloud.com.
+xn--30rr7y.		172800	IN	NS	b.zdnscloud.com.
+xn--30rr7y.		172800	IN	NS	c.zdnscloud.com.
+xn--30rr7y.		172800	IN	NS	d.zdnscloud.com.
+xn--30rr7y.		172800	IN	NS	f.zdnscloud.com.
+xn--30rr7y.		172800	IN	NS	g.zdnscloud.com.
+xn--30rr7y.		172800	IN	NS	i.zdnscloud.com.
+xn--30rr7y.		172800	IN	NS	j.zdnscloud.com.
+xn--30rr7y.		86400	IN	DS	42247 8 2 339254F4939C992790A50B1D257EA5C50BF4FC30F9D7B55A0FE875885AF8BB7A
+xn--30rr7y.		86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . pFPamONiwyO4mIpX/9V7GK9VhnUCpG7X7UpvgNQ8kHRxlfyqT/v1mvWYZGBW/ZCPXjUcvd+M4qHG6biY2xJUZJP3wwn32dk/Cj8Ohg/dbC35VyDGSZGFpU+xq/CWFhhHfPUEpLxRe33rmf9bVZZudrypb1ugAqpjS7Rg56mQLxGwlfPTTZip9A6/Pio9weBH+YeoYcITqvJ+pZ7QKHiqPr2/vAspL5GJenxrWDceK/+/HHRGZ4VMp9S2NRO3M07UwDzh84UK0k3r+ZvMkTwo1J8uvfH0Zu2kGXXqWZDqiOS7hmOGpLAFe898mSWfie/YxkAp+43EOdmmOO3p2FcVGA==
+xn--30rr7y.		86400	IN	NSEC	xn--3bst00m. NS DS RRSIG NSEC
+xn--30rr7y.		86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . f5Z7lCyFl2+UP4FLRHJI86rIVaciA0b8PFN5pxsXCZZTPovxQyGM24byuIQYMu3tI8UrS0I1h1k/T3zFtd1fOrdYaJJ8g8s50Piprie+8MJR82m4jkdH0116ie3EuvUZkaLTuq12T5WCBf8whEqKqe0IY+rMxnX6cvM1o2oJhuOrodrKXIme5s6iUgVFbkDoQb7erQIBZGZAKoxvKhu7uAUTC+iwo9K3hVCiYN0rMZFbbbcy9omkdbhx2bYCtXgKTibnAeEdN6aF9fSSBFCgKtJj5aN0sFYkgxFbI47QHM1Ns+jVLPFyFr/5pdM654hU7CRFbcN4RC6ZdVVpCoAU5w==
+xn--3bst00m.		172800	IN	NS	a.zdnscloud.com.
+xn--3bst00m.		172800	IN	NS	b.zdnscloud.com.
+xn--3bst00m.		172800	IN	NS	c.zdnscloud.com.
+xn--3bst00m.		172800	IN	NS	d.zdnscloud.com.
+xn--3bst00m.		172800	IN	NS	f.zdnscloud.com.
+xn--3bst00m.		172800	IN	NS	g.zdnscloud.com.
+xn--3bst00m.		172800	IN	NS	i.zdnscloud.com.
+xn--3bst00m.		172800	IN	NS	j.zdnscloud.com.
+xn--3bst00m.		86400	IN	DS	11479 8 2 7881A662F41E0D4B2133E66229672677147A22A8ECA1D1D02DB93ECDB127D895
+xn--3bst00m.		86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . qnKRLpUErwvFWQENqWgN6zz8VcglD1ZD3HiWRlGSXfZhy+MDYJBpwZFe83cAtZbLBJcYYbllRDfzyZcFx8GwgpXXsTMNWgIe4n6cZVrdjDn8248sFwxLHo/TUeFKv+BcNB/+CdzMhKV0KGCk2rgu1jjgUl9m0il51Mcnllp2TpWq1rd7OamGU3L+0mOVcP6JGDYLQuqm/f/S4jzlAI2TFhOtl9vSH6KtK49JzSIxicx+BHZq1t9HMvMlTMbVr1TiMzbBzMTXZSqWd6IS9OjobwTFcbyY3xWBXF47BERa9pM4fP+OZ1/tTKnieHa7Ci6z1CJwz4/q39nZvlIkQckJrg==
+xn--3bst00m.		86400	IN	NSEC	xn--3ds443g. NS DS RRSIG NSEC
+xn--3bst00m.		86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . rFvQJ6cKfjeuEF5F6lruShIw4xX9E0iX60lwhQycWGjuVcwbR9TQ6wxxh5fBU9HY/aRrYZHLI1O2ztnFysIbI/sRsDJc8s+vF4oG+d7xTFu/O7klnZysaUd++SIw9gtbPM67lk/drV6NEG9A/PFqvqi3odIQFtZm8waMLQPuukaOpnxRZghRZUsmIPobB7wXg7hKIFPsncFhcWdBABqQFgP3hZHRQ76i5wCV1Cf9VL/o43twAnKShSotzrV4E2JSXUkHOIIakyxkDJlERbHRdC3nmaNRSPepnxLilD4/D1A1P0279WED4yfWBa7n45QVgDB+LzSNokU9O6mOEdp6GA==
+xn--3ds443g.		172800	IN	NS	ns1.teleinfo.cn.
+xn--3ds443g.		172800	IN	NS	ns2.teleinfoo.com.
+xn--3ds443g.		172800	IN	NS	ns3.teleinfo.cn.
+xn--3ds443g.		172800	IN	NS	ns4.teleinfoo.com.
+xn--3ds443g.		86400	IN	DS	27565 8 2 B0E469C6095B437074BFC7EBC7AB15ED6434662AAB72C95D45E110D44233EDB2
+xn--3ds443g.		86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . HfzTiSWLd7Ji6lkpIQJ92EVfzEoQjB6MgIF7X6xibWPjmCh912sw8TzsajHWLngvOFB3AzcxuxU4alw02NRix2wXxZxyjiiDpxS35N681r/HgEcjesCjqXtgYeBuSxZWD6EDh4Q1P4atWvif9v0LOzLab8zjkJv34N6G2yA6WjIv1lT3LJ8lsiMeWqPk+38Jky1tb9uIciXR72OEOptfu4PwOS1Te2sGmwEayzSM6L20oVdd944tW440B6FkkSQ2cic+zdotl7fxqF1dH/GK+SyKDv9NvJb8Lp+wjWnJz2hcGsU8DtTgSsTU42/zxWMSCQvwnu4er8+Z93mweRXlSQ==
+xn--3ds443g.		86400	IN	NSEC	xn--3e0b707e. NS DS RRSIG NSEC
+xn--3ds443g.		86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . se9/R3yAvUabAZDbhj0rLFocZOWfyL4jcCXNNruTRSQ72ck5DSaqIHcD8FyZURDyJXSB3SvCRTwaqf7UQiMhb+lBMRYxNgs+hl9adjBrgYvjoaXSAgTZLZ6jHvAulyZUHmdIIxd1zntKxQEZF//n4yg7kd/xoOv0N9jzvlZjkTEfewBYRlYUge8oHxJFzpJPzO23n9ycB2tRo+KFfID3lWD5Odrs6tWIa62fGHOrKoiNnGC+lR7ZGNnM5Kf0i9x7bfxynCBRSWvB04q0GJdmS29C64dN3N6QWU7eE9lYJh2zT0O33XueZfz0ajF7tKMO1RAeSf6Y4+8NXj6fJsnjaQ==
+xn--3e0b707e.		172800	IN	NS	b.dns.kr.
+xn--3e0b707e.		172800	IN	NS	c.dns.kr.
+xn--3e0b707e.		172800	IN	NS	d.dns.kr.
+xn--3e0b707e.		172800	IN	NS	e.dns.kr.
+xn--3e0b707e.		172800	IN	NS	f.dns.kr.
+xn--3e0b707e.		172800	IN	NS	g.dns.kr.
+xn--3e0b707e.		86400	IN	DS	48379 8 2 88372B74ADB821C79FAC26E1883CC6BD96FF6EB97AAA1A9486BB4B3B26076D02
+xn--3e0b707e.		86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . EXhZahPF7JnXy07LNQMlNC3bCltRWBFIicRLNBMYIT6/YnFqAAClxGVpASiwWHy1UkXKKeNvfq3me6rar1mo8dtaDGfrZepdT9eowxwUlRRM5DTJf6DuroKChkogLPRFGm9OnSsv7yqfomLTw1JDEWc1liJLyEazGOTQ/T1wALCN5k8xgAH/s59yGWJ/rB02f7Z4LZ/7rCUP+LUITdtEYHklbKti70yopYyzTN4HtRYUI0aFZJLeYNfxPf8X539rlUDhNyWtr+J1PgTAWgFImbDOMcnREp/hPoY4hE9iwjm+ocVeY7v4tS9gvUEQrLbM/Gz+S6cqquKrOO6B8PWanQ==
+xn--3e0b707e.		86400	IN	NSEC	xn--3hcrj9c. NS DS RRSIG NSEC
+xn--3e0b707e.		86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . PrBzkMurLuDdVsGAbDLqA58YGH0WU9AZ45aF3/VQeNfGPnHI8XO+FF/4Rcyswu5tB0qFc3myI+f4tujxN+RypenON1o4rsBTlRgdyimSiX69gS/jJ6xP3X2oUTwN8jIfy39E0R6Fd1rFEpVlqaSgv+D7URtp7dURGvZYdcjoyNyI6NANxHvYKpcWkf+lgtT2PGBcbXXitvQ3AKyOUZghxan8zomPtvpChKRaj1pVXY6Pim4pJaivp0VIyCqLXv3D5REijW/WJXwvh+NIGBc2hbceve/f7jjhuAhS5mYm1jK5taO4ttkVTs6lHj1j/EGk7A4y4Mt/+kVpzQKke6FeKw==
+xn--3hcrj9c.		172800	IN	NS	ns1.registry.in.
+xn--3hcrj9c.		172800	IN	NS	ns2.registry.in.
+xn--3hcrj9c.		172800	IN	NS	ns3.registry.in.
+xn--3hcrj9c.		172800	IN	NS	ns4.registry.in.
+xn--3hcrj9c.		172800	IN	NS	ns5.registry.in.
+xn--3hcrj9c.		172800	IN	NS	ns6.registry.in.
+xn--3hcrj9c.		86400	IN	DS	29389 8 2 8C46DC84709BEA03AB530F8E3102AFB8A9CA1A20AF477186DAE164B4820355B0
+xn--3hcrj9c.		86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . y+8SfLVb8Au91RqiZb4UJtyO/LvHOvy0CPr+6F7RVdLMaCVAFTx2eYGkET/iR60TQUITAYF14CFkL+pO3ThfeB1mia5BE11CZGutfpzxF5FCJ8fAsNhaAk0qexwUqVBFVDtNBwYiECKzFV2Nxp2psWuCf7AUBkZRgE9iJLb3JJL1Zvf/G2Co+a6xtuqEZpXODpb+yilhAc2N8NJK6LUfZfyKl4ixJ+DX3OCZivD5p9E9B3cOnlw7qLe54jYSieQGLy76dyGAw6Hk3WGuVPzWHiJ25Zsho58a3vlT7dzrlP3HrVNhUmKWui52Nyka0QBeIGgEIQUEMMNFi4G4L8ZKvQ==
+xn--3hcrj9c.		86400	IN	NSEC	xn--3pxu8k. NS DS RRSIG NSEC
+xn--3hcrj9c.		86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . CcJRLFi0MQwbR/AM+HjSe0JiBvw7GP+rs0Xwh9dhYf8fKOS6BBWlMMwlne9ItyLhYIeN1nF9UyBEwRkmc2/7a5N4RLOs+UNGxcMVKEFQ5m2EBdCVILgNzmK51v96Uo9AgX48V16sQ67Szzle94BeKBucGf+5fTXkBvdWZH7IndpwhRSWn60kxme+tPuMF6F2T4ntmYhr1+6vwsHWb3+qHpysgXJwphfnZ4/ryO5jvNOnW8MIpwXhA7rLtjKYzetfkEINYAAK2xNRxVFq8KOfHKBhHV8SBWA1erQuJJu3Se1NknNUMhKdPgbjdM8YT7gGaV639PodpT5RC/pMEHKZdQ==
+xn--3pxu8k.		172800	IN	NS	ac1.nstld.com.
+xn--3pxu8k.		172800	IN	NS	ac2.nstld.com.
+xn--3pxu8k.		172800	IN	NS	ac3.nstld.com.
+xn--3pxu8k.		172800	IN	NS	ac4.nstld.com.
+xn--3pxu8k.		86400	IN	DS	23745 8 2 0F23A019515245F10713B33D636E88D012821880FF05527C13DEF97575A8A11F
+xn--3pxu8k.		86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . BLJvqDTUPC40JqwocWlPjxwSmDQWTa5jrGprPv3KTelA8CXeC+CrBFS+1Z5Bih9iMwVFWR7jLrLlVr5fcgK1j5GfC6ivoZusebn76j287ZtD0XkEz2FrCLTFloszEC9zo374o1m9JkCMo77/nHpMBJ56W/X6t7ZZ/LkLLusC1IRcoERWoYK5eVfQnRBYpKYGboEl5pSKWfvf3pEziPt+TnukaHcZGRMiId53V42yRkeZNqbDbQtmbEqnmNNITs25kiekAJOOTrRuSiAs3aVVJQkcb3QbSPlL2pJxKjqQ6cuZ1zlw4qmPc1HZsvh/vKuS9rIqkaI6Lh4snECt0X7p+g==
+xn--3pxu8k.		86400	IN	NSEC	xn--42c2d9a. NS DS RRSIG NSEC
+xn--3pxu8k.		86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . rYzXErIqFkhzkuBc9Y1fw5q72CIuc0qoZtPNQgyX5O8NSoCeyExrFT9q+sxmpjxWr5QbcGzLbRGS+G8nYae4C5IGCmgyz9xfyl/5BirCY8GmZ8wsJSVxk1knj+qrxeUWt/+NFdmPXncSYuJvLu4aIkVZD8srb5vNjv9tQZd2P38CqcoHfjZ3hpl6+CRrQiTAiNHJyCHlH4elUKoJyplwf0hYN964JBUYwD1Jr2ZpLYo/BYdMJ5Gh9AydrT70sFmcHIzVnq5l9mPuwwwvRlPzq2IcI2uAWfawrQxHvDrXYRXefEkSRGK+3RZpCGDEFjVNc+9rUfFLAM5V9jQklwoySA==
+xn--42c2d9a.		172800	IN	NS	ac1.nstld.com.
+xn--42c2d9a.		172800	IN	NS	ac2.nstld.com.
+xn--42c2d9a.		172800	IN	NS	ac3.nstld.com.
+xn--42c2d9a.		172800	IN	NS	ac4.nstld.com.
+xn--42c2d9a.		86400	IN	DS	51549 8 2 D9CB9D442C66759928FF2CEFBF93FDE4A4A45F0CA98E6C7D08DED196EFCB3312
+xn--42c2d9a.		86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . kZKPqn0HytSoHMd/AAPAVASPx97jUUJT0VoIADFVRDxWvsIP/bJ3jViC4ovfwDNvC7eSFLJKVHCwnqJCstX68uBHcBKWceJfnddNhb/W2LlUvMU7RpQ5Ae1uK/R6neXHVyVJtZ4EMBHJjsAGLUqHnX89n4Ih/kxgBYtiioTyY6netQQzyOUU5MkW/PiXS8d3cwetOQdc102Kl4nDm9hm05C6CbNA6g8Rd1FZgVScPnxrfHMQk6zSsb1cjnGzSStgAYTkNL4EN5d3ogDXC0kkIqCWvyet15TM7et0ekfI5/2WydQj7W6puUMZnsdnBTK5ZwepNPI0eKldLRiDZ4N/7Q==
+xn--42c2d9a.		86400	IN	NSEC	xn--45br5cyl. NS DS RRSIG NSEC
+xn--42c2d9a.		86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . cK554V4Suc8DbLxYGcNDpJoQAByXDeyFpfK6mo5uPjfVuA+mYE7wzRKUMfrZ/T5NzeKbu/aeXR9o4fK2ft+hMdGB0YkjWUfiuR6n/MATMCacdRhhJIaY+z0/yqBbWIqiQxYAm42UOQXrz5Pw9FJQYWsoaHD5y/QeVsm47cCWGNfzVm/o4b4pfnNcdYCYrRZnXw5YSjvMoBC3TYGKpdrWpmjUoyfbpveAL223ayvbqkGtLmQ2XwL9YeibGHM56kPvTOBFkTEOMqSOPugZkumJdYUMF3jim3s51OQGEPZWoe8QSYk/B2cget4t+DwQZlejGlqGvjyB6Ii3VH47ynnSIg==
+xn--45br5cyl.		172800	IN	NS	ns1.registry.in.
+xn--45br5cyl.		172800	IN	NS	ns2.registry.in.
+xn--45br5cyl.		172800	IN	NS	ns3.registry.in.
+xn--45br5cyl.		172800	IN	NS	ns4.registry.in.
+xn--45br5cyl.		172800	IN	NS	ns5.registry.in.
+xn--45br5cyl.		172800	IN	NS	ns6.registry.in.
+xn--45br5cyl.		86400	IN	DS	50029 8 2 1E97E87342E1FEC7260827D7E786453DF9950BBF59EF5E86C69C0E6DEB1E387E
+xn--45br5cyl.		86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . NTWrh6AzJkdxFS9waWzkZ6qVcLbvuCpVGan040J3nhcIuAGJDT6WepVZsjoyx57MEogyvGncao9rA0fy8gQjTvqJ3pzGQf6gikpu4kuq0OXEzEZVWTsuFIWFUWS5UcYi1oCXpSMghGKy5Z3sp+Cn/qImOPrClhFMWugx/2bQnx3ZCbpaLxRCGvWMdwtZAU3EsWJ6o/lfa9pHWPHlv8ewjXqiN6b9+/gu/OgIRW+AdgNBKQua3uzLIybRMPetq1r4XpnKLYE6TgobkP+G/vhevW2vsNRLKmFvhKfugKp3bPPax5R5odSzJpMYIMQawGnFEy7ntYMVJYzuxwg4g1pwPQ==
+xn--45br5cyl.		86400	IN	NSEC	xn--45brj9c. NS DS RRSIG NSEC
+xn--45br5cyl.		86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . sz4anLG7lp5nMy+m1DU5GFLoPIotgViH0RttiDew/XD+t7b91B93oP+ZhkF9dDNxLRG5MFlzg5b7YKQMJDokm+Jow+5Cfwgx5VvDOtj7lLRrk+ZLzBwpOEkrCK2uiI9vsTqP8boXzYWTfiBD0cOIDVxJS0yTsGLm/axoQmbPKC68UzU/fsGrF1OLgcioDs+uV/NBiPHooVk+t9F4Ljr9VMCNQrtWTILzgMEeP0oS69A3yAAln/P0JnX6CRoAUOniYN8X3JyLO1DpIgIwdtbp1T9+HChx9xsXuHaSuixCWMqZUclVG5HL4JPggpPZXd9o82Z9P/k9C9SkKpnlnwnfJw==
+xn--45brj9c.		172800	IN	NS	ns1.registry.in.
+xn--45brj9c.		172800	IN	NS	ns2.registry.in.
+xn--45brj9c.		172800	IN	NS	ns3.registry.in.
+xn--45brj9c.		172800	IN	NS	ns4.registry.in.
+xn--45brj9c.		172800	IN	NS	ns5.registry.in.
+xn--45brj9c.		172800	IN	NS	ns6.registry.in.
+xn--45brj9c.		86400	IN	DS	1777 8 2 9FF53F651D2C12F7C22BD9C301132042D423D7C935935E26376E57E352B6FDF6
+xn--45brj9c.		86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . DOqYNenk9gRsOVn49rty0Hq2/bRW9N59X4mcqsCHd314Amd6p3bAvuPunujufn5lU9CbarWrmWE2jVnYRI9KCpZpvfbhZ+6H7pHKYspzfD+kyZICEoVV7c6DLnGo1VK86fFFbcVew/Cb0DUkNfPdUZsQqV9D0/I6NaUhjRH8YVXBSdTRL0kpz6QMSE/HxxzibYCpnIrlt8LtqtJu/5xpEzT36vYQsAb5ITypWxEEv9rz+2ZNHnhCEkxIHBdqwr1b23QrbG3Qto9F1zyLg0D6G1jAiUL/wlsILGV6tFLaxYKDeACrMhIw4EAMHdPr/znoxjIxp8ygBykrL+Cq41B5og==
+xn--45brj9c.		86400	IN	NSEC	xn--45q11c. NS DS RRSIG NSEC
+xn--45brj9c.		86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . ZdP9rQmHng1/7XYn/XvU/CEAlVZdAuezlY/6ktISm0CeMVc8oU0+CNX0I3l/iG5coQTtqCCe8fyfaBabiBeIi0yBXsjk0KdmNGH6oQyIrrvKR5NsW2xKb2RgxbIRvtEKdBKTlOulcDgxscDukhEAYpwbqKg/KWvtPtVkpJxznstYwyHxWb3cnaFVX+JxlwfImSxHGTpLdw3zYTslXr6bfSbaqR6xbCD8EmnREDuBGe2OZvzsEHOavrAZc6mPBJXkKPL5IoCkYALgpHoBhokQ1JrJWqc3baJp9BgI9NakKcWKC6GbGNWiIIHCQ4bDj+eTtmxhv1KeRZVYDS5Yd9G2Zw==
+xn--45q11c.		172800	IN	NS	a.zdnscloud.com.
+xn--45q11c.		172800	IN	NS	b.zdnscloud.com.
+xn--45q11c.		172800	IN	NS	c.zdnscloud.com.
+xn--45q11c.		172800	IN	NS	d.zdnscloud.com.
+xn--45q11c.		172800	IN	NS	f.zdnscloud.com.
+xn--45q11c.		172800	IN	NS	g.zdnscloud.com.
+xn--45q11c.		172800	IN	NS	i.zdnscloud.com.
+xn--45q11c.		172800	IN	NS	j.zdnscloud.com.
+xn--45q11c.		86400	IN	DS	46399 8 2 65907E5274D504536003BC4C24AC8D4907D0A7018996FFDA5B7F46E8BD9825BA
+xn--45q11c.		86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . J7WY3JNqiBpl7zYCb6cafebjniU8m+yuhmpEI4zQ32k7g/DvsIOijWWHDdwjkwSUDwVupQ38iE6jMtPCOKOOji+sNZBy7OX484D0pLNV7A1pldkIbx6I4DyYOO36vO+cTqSVEishfy/7M2ofGsyud8X+YDP9EWdKYJ0ng7hcvSmc0m2nQnAr4v5qTxHgxhO+6s0Se9qgWZRJlTRcfh6kf534fQR8wQIFM4Q9vOrwKWZ8kPNobWYzR3LNSeivOJO4V/fiPV/t8QbuFLMvxXExVBxOCTlFL0Z+EcAR+2Lz/wkKk/B4YmJbqZgO01o3/3i9yRtZ74cBrpanwzOA7TBaBA==
+xn--45q11c.		86400	IN	NSEC	xn--4dbrk0ce. NS DS RRSIG NSEC
+xn--45q11c.		86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . EBILNOo7aKaQw6L3ss+T6GNk/skcYU5x4ZgIojivSpASz7mLUVyJ41T9CABZquTvCbZtbnXqtheTOMbu7oMght12iHPGytEjZm/xt9RQrEWtcWzW+qQCbrGgbrWnt9TKK3+xOmKCpzKrdfpwuNZEP8Qwgk3HPiJhaQE+7qPHVUnBiKblEsU8bJwXHH8vfmg1/E5tTacRXgHM4YLR2Spm9sffNJ+SCVJ5wnmSq8mcON20F08jaxddugvcpkZ2XgVdglPmlPJwZq0j/nEkKtU8igZLRpEaatsNXkpPjf9JhwfP3i0cvWX6vCd23PZswly33oegR9v+SX7fD/UdhGzxdQ==
+xn--4dbrk0ce.		172800	IN	NS	ns1.ns.il.
+xn--4dbrk0ce.		172800	IN	NS	ns3.ns.il.
+xn--4dbrk0ce.		172800	IN	NS	ns4.ns.il.
+xn--4dbrk0ce.		172800	IN	NS	nsa.ns.il.
+xn--4dbrk0ce.		172800	IN	NS	nsb.ns.il.
+xn--4dbrk0ce.		172800	IN	NS	nse.ns.il.
+xn--4dbrk0ce.		172800	IN	NS	ilns.ilan.net.il.
+xn--4dbrk0ce.		172800	IN	NS	lookup.iucc.ac.il.
+xn--4dbrk0ce.		86400	IN	DS	48814 13 2 0255186B246DCA8E53DE92159F38EF7B209CCA2A1BE875CB1A1DAD2D592A9C9E
+xn--4dbrk0ce.		86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . QE3zNJKBBEBGL0Hax/+pHEpWqwqtE1qo9BGYRytAuYFjSWRgOiTI6zc2Fso/UiZGRrrO5FsldLRBwHclXO6UntgT35uxpUdBkAHuwciplbei6PXvgsRF6UFsFmpXRss2rbMIqWSt3YaucUFBF83F5OIAAGoda9H/Wjne4ByNW4FQR+fZSmySPtTmAsUt7X9DcCp+Ry2o2c1QX9OMFohcMn2/xqFEky/O43pEAYgmwJpN5VJWGBe3srCGBbwjjNytzO5YXBmbiTZMhep1QDQCGdazzXfOvE6iprZIhy0rSn5V6JWmOsJ63utatg+pRVh/Mc090lzJMbcIFnZLDlmi3g==
+xn--4dbrk0ce.		86400	IN	NSEC	xn--4gbrim. NS DS RRSIG NSEC
+xn--4dbrk0ce.		86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . XilBXdfyEMYzUJBjNxyDc8ntXpUIru+TzJ9i8efO47RPkiGIG0LGvRFyHZtSQfyxRnFtveAcBDbAiMr7IoC/rzyeYYBocF/FlynuOhzQIsEzRKxpyGEGlzBA8dtLMZ+voOTMqpV90H+nTI6t19GNmHAtvMXmWvDxnFMei+0G0kNFnjw7DIi3S3zCyQ/dYzJCqyMj1lF5dzvXop/a03d4JpQWSmWbOnVuZFui2GaRT5HydvdRf1GAuIOljEk9euSKuKpju8LTaSrjki+jyxvHL/o2K5xxBvAsAVZbo/BrtzlGLN5M5A8JxGuFiNyZsXqsEHMOFpqJUtD7ESWuxO1zIg==
+xn--4gbrim.		172800	IN	NS	a.nic.xn--4gbrim.
+xn--4gbrim.		172800	IN	NS	b.nic.xn--4gbrim.
+xn--4gbrim.		172800	IN	NS	c.nic.xn--4gbrim.
+xn--4gbrim.		172800	IN	NS	d.nic.xn--4gbrim.
+xn--4gbrim.		86400	IN	DS	25097 8 2 123B7C37A9DFD48DED1914C9172EE05865D10E47C0517F40659CB0305BA0D8B3
+xn--4gbrim.		86400	IN	DS	38332 8 2 14E1F26F8B51F92BD671DBE97F651903FA1F26DF07E2E882DD997A1D73971426
+xn--4gbrim.		86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . Mqf+yP7klNRX/NToTPW49sxhTr707289B3VPyOVVWryjsjAfTBzHWxT596mOnech66StX85m/7M1Q8BUWbRlueOrsSkRlKazB/OzkpAaBVSjk+rJa/2quSvAK72ZgoPwq0NjXE3R3TmhK6LR6zBV8vmAAuJeFboKm5XAgAWp90AlEkEYehZShzGSkToslh7RTKUPKupg38ltmoYWegUVGjgEPVqdAVPl8PAqfFMLv75jDm3EBSRQbK8Ub27hwGIqU4UaxXnAwsNtXWFYhDcRorngzS+C+9IX9LOSwfZltFVl+oxF6PSNxjr2rqrhZcgWFvntrsTbg8rmXvFLo/zCGg==
+xn--4gbrim.		86400	IN	NSEC	xn--54b7fta0cc. NS DS RRSIG NSEC
+xn--4gbrim.		86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . fYqwxIJFpISCSI7HhqZ3Y0a54VcY4COUd1DAkSz0mUFqSr/EfmCbnsDVO/VZP34WvntvcTvcMK982+TbIu+4Vg8XunvWXFlTKi2BapHnOFVJAY9fsMq9EBtKLJqFVKvvf7hEiaaAIG6i9Mi8XaOG+nu8tDSvX1g3wlBhe4JlralY5NVNVUoc2+JPt9QH1qZKHY3mIxs8ZFBk1nxpc7Z8KCQ3ZVUJl47+wXXLHII4uVfWKtY7BGIM5n3S6aafIh4eKJk2w1AJc//mLkE54msfZ/r/KSa8WdK9kPNx0wGeR89cHwb61eBPucDOiBIKe4Po3oUIUpOQuVs/DA7sH7M2PQ==
+a.nic.xn--4gbrim.	172800	IN	A	194.169.218.144
+a.nic.xn--4gbrim.	172800	IN	AAAA	2001:67c:13cc:0:0:0:1:144
+b.nic.xn--4gbrim.	172800	IN	A	185.24.64.144
+b.nic.xn--4gbrim.	172800	IN	AAAA	2a04:2b00:13cc:0:0:0:1:144
+c.nic.xn--4gbrim.	172800	IN	A	212.18.248.144
+c.nic.xn--4gbrim.	172800	IN	AAAA	2a04:2b00:13ee:0:0:0:0:144
+d.nic.xn--4gbrim.	172800	IN	A	212.18.249.144
+d.nic.xn--4gbrim.	172800	IN	AAAA	2a04:2b00:13ff:0:0:0:0:144
+xn--54b7fta0cc.		172800	IN	NS	bd-ns.anycast.pch.net.
+xn--54b7fta0cc.		172800	IN	NS	bayanno.btcl.net.bd.
+xn--54b7fta0cc.		172800	IN	NS	ekushey.btcl.net.bd.
+xn--54b7fta0cc.		86400	IN	DS	63049 8 1 91E8936DFE81E7350DAF041BD12B77F29643A13D
+xn--54b7fta0cc.		86400	IN	DS	63049 8 2 DCDD04C4493E029DEE060D18A91E87BE930B9CE4C54FC7921F51F27455843DCB
+xn--54b7fta0cc.		86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . N+AVFkIrxzmQG7Rl0kBZ0iEPMHFrsOz+oE6VpwDm107WCLWsqsfleyQqgoLnYsgRUiS3wzcaSOeza4eG0Rn82p9JQLYLbqWYf6kGD166XpiRIAXI+v8mYDo9I0M18/Mpmm48loAU7Pw4lw0RStTqz7ZxSi7fm7Pj9Lz1FO8qK5OTFdm7Q6RuCawjuEBzB2uQ0/WsRa0OsUU3Ta5lc55EWWFEM3tDL7JpoSal59vJLN7fgbVB29eFBVDT0mfx5iZkXFIxLTH1+/wDlWKfvK4XViCe+m2ftvmEijkuBTdNH8X3Hh3JpbabKUrsGq1hmOqIeq8jN/QZLGu3+L4Km+WyFw==
+xn--54b7fta0cc.		86400	IN	NSEC	xn--55qw42g. NS DS RRSIG NSEC
+xn--54b7fta0cc.		86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . Gnlwk8DQM0V2CGVIE7bLegbKFe+Y3hUM/O38M0MH6GjF7rxuHWAfV3YZyftI6/2JAOOvgradIYXianINu2O9qI3HhmOlyF1uXXq1qnGF7SOCy7j9IGvscjGAYXeYzJ7KYm1Kfv+uJDJL9G22LW5eCv6m3cS6HSHmzNBGLxqy0iB0Ns4vV3+Oas88+62OP5EB01NySxRrCo1w34uLf0SvV4fGWFUqAhDDClGMU4bcyXWpXGiQiovA9TQCU2l11PMBxOYmbSPp4jNqhVTMtoiO3FXjfeouIUOwBXMDzf7cSjqTy6GyH3TqGU/KedioXfnLmLCmYg4IU3GEnGzxbPxTXQ==
+xn--55qw42g.		172800	IN	NS	ns1.conac.cn.
+xn--55qw42g.		172800	IN	NS	ns2.conac.cn.
+xn--55qw42g.		172800	IN	NS	ns3.conac.cn.
+xn--55qw42g.		172800	IN	NS	ns4.conac.cn.
+xn--55qw42g.		172800	IN	NS	ns5.conac.cn.
+xn--55qw42g.		86400	IN	DS	48226 8 2 A16754C480E58C0D17126B3BAF93F32BAC39A916CF9D1F6F3A1F5C33687BE80F
+xn--55qw42g.		86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . IkVw1WG77sReWz6uQTWE0lqusQUJ7SPeckBXhxPMIRNOPmN2UTG81UvtRBV83yiOyuTA8EPz/f20C5O4nS4trjmSbmDRGNxoRe7diTtCUvtFzo4OTAr6cvRj7LmLmNb3U1BVAA3BQh6dvNfg6KvyHrY0CL4nr/eWGkzhcF86iX905WrqWQ7MQ0YGz/8vECRMrT2eyjulDRFEH7yNU8J7CRFyhQHpQfcy/WBUTO6MsaYA5b6vVBFXf1SkAyVLm2BKLxaYowcXd0NV4DOWNYQYOcnbzeyod7jDDnecvkd4QMUyPmXVSGwikoDa1GQBYKQ2QHtNBfA5mkoc09e3RmC0Wg==
+xn--55qw42g.		86400	IN	NSEC	xn--55qx5d. NS DS RRSIG NSEC
+xn--55qw42g.		86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . z4vwhaBUzZgIzJyGRFhtH9sRiE1tfNxALQnPp/7w7WrIujlQcz4gka14ybUfwuz77OOjXXjsaZCET8XN9xJwdUjjZs79EleQ4QJyu8YxDmbTXANYgmiEp25pgSYJzm7Rna3pyJG/9TaLktgghzY2NN/8CYgaeWGEDSbRzd26MIBROfsX3Fp3LAYWrDYslugDIr3pGr14SelJEIJR3CmOd6s6QBQ6S9d19DLHHABZdP33T/Vg0lHXwSE3wahtvftHk0JhSQsSD0oT1PpOtfOdennun/ueM2PNg2tqO9kZfoxWrd4nCYtfw3goq4YAGmsDP1FpFYTbOAFUjOMOH6u+sA==
+xn--55qx5d.		172800	IN	NS	a.ngtld.cn.
+xn--55qx5d.		172800	IN	NS	b.ngtld.cn.
+xn--55qx5d.		172800	IN	NS	c.ngtld.cn.
+xn--55qx5d.		172800	IN	NS	d.ngtld.cn.
+xn--55qx5d.		172800	IN	NS	e.ngtld.cn.
+xn--55qx5d.		86400	IN	DS	47359 8 2 D8FE897CE8AC620CB7CB9F6F4E887FC7A14C3ED80CB973DA4E30A17CECA1015B
+xn--55qx5d.		86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . 0g3wzJpYDk2xsGdYKzMeKqhiqOIP0wG7A7Dh3Z0JxGSMYkxWnfFdJ+rVFncMEQhqji+dmmOVmyt86Mb02e0lyXqHk4QvHXGDuw3vL4iSRFnkLQ7pZ1GwG6GZsIssU6JxRXJo2CQP9nhDFB2vX9xCar2gLWnIS4ltWfF8vVcGYJUKzYGxpLlidxsqBvEGu8B2iw1HAeClK34pTrWDo661Vx99jbA1NvDzoTGHVXzxCBLADqgrejjl/qjyIW9xP9olIZGgZE99kxyz0bpmqYN2FZQLvTGO6BVG0aowAgcoZ7MuEmNTbkrOH0/GO9eXN7c8EJ0fUTboSJN7OcdO7GpYcg==
+xn--55qx5d.		86400	IN	NSEC	xn--5su34j936bgsg. NS DS RRSIG NSEC
+xn--55qx5d.		86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . 08bLip19LrEE91WB2G2rAKqUIBQpKHzcFjAmJT5yV6u81Cyz7VWEGU4EF/wd0xJhuVRcvu+uXhJP3CfMMaH8QjN1i6r+VYWXFZh1EXjg3S9A+v0lEjZ0sOjUVPCcqZrdcbTBBj9ZH9hDHjtYu5rb4ghv58gsHT1soGqqH9oxi1xcHo8R5AXJGwlgU2HahtW4V3saRe/lU/dozaRQ1w8CleGy41oDjZz28ok4disaDGEtFlt7W8qX/q+4hzrSemWnKPsmFk/vaTmRVqTzj6CnF8uO/Ws38lJkZC9br8AuLvPJkZdSvnxRrqWxg+/ryp1m9xJh2RhVqRmfuOJNjiSBjg==
+xn--5su34j936bgsg.	172800	IN	NS	ac1.nstld.com.
+xn--5su34j936bgsg.	172800	IN	NS	ac2.nstld.com.
+xn--5su34j936bgsg.	172800	IN	NS	ac3.nstld.com.
+xn--5su34j936bgsg.	172800	IN	NS	ac4.nstld.com.
+xn--5su34j936bgsg.	86400	IN	DS	38334 8 2 8E0BC7DE12A1B331B412EF896757471153D4FE1FB7E4EDFA21BCBCF49D9D7FB1
+xn--5su34j936bgsg.	86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . xhPtJBaYOP9cSPZ5FiBuL36Kc28YwZplva4lMqz2qPsIGO3d638NfVh0QENVGvm8vMKdAJTe7nGRNuaC0EtBg/xD30pxfqk7KZEPHE+332ygOCrdMfBtLVcC+rm0gLS3Xcw2owdAD1jHVffTUV2k/DGB69hrRMGSYcUOPWwFsQ3zLuf8ATkenVft5DhyLxG0QiMp+IfUHdJLse3Au9HQYgu2VTGVlTSeAKslOkV457XAEk9hcdDWRxb3HDOEUWeQ1VRDFmiId5Xu9FIsScMwnpp5pfP7vTtludgLyVK/5Ty2uosM5KpnZI3DFxxfheleKRdscpwmzDgzAxbVQAfu0A==
+xn--5su34j936bgsg.	86400	IN	NSEC	xn--5tzm5g. NS DS RRSIG NSEC
+xn--5su34j936bgsg.	86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . YOJ4qbsVC7MJ9Tw7Wvu/LE1um577AJMazjmBYvZiFFNDo5gc8+XwO9XoVjl3bA8RPy2+cclaeAErSheioQKS9JacY28U1OsYPIAV6aeSkjpoGsG9exo2TOFNzNGV3iMXcARyVL7aqHa+NxrEO31Ag5ZNUbO1G7eok3l/VbU7oTRvGY0/6Krfcbw7nsA2y9/LavoJkgTG76/8pxu9tzEo8JGYff3pPbqxgtjexWFjJK3SsV1ZQppqRxIEOSJY+tyYqlyh3t5VzqT0ju+ko8QzhRQP1wciaEXzWapaNpmTFHV517vpyl3o2kMn+OeO8NuuPMgJ8PMSEorfeDTVO/RqTQ==
+xn--5tzm5g.		172800	IN	NS	a0.nic.xn--5tzm5g.
+xn--5tzm5g.		172800	IN	NS	a2.nic.xn--5tzm5g.
+xn--5tzm5g.		172800	IN	NS	b0.nic.xn--5tzm5g.
+xn--5tzm5g.		172800	IN	NS	c0.nic.xn--5tzm5g.
+xn--5tzm5g.		86400	IN	DS	26359 8 2 7D1E023BBB026AC5D19AE62D5F13EE6E01F3450A1E6629E25A9205DCF2A31F9E
+xn--5tzm5g.		86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . Arsju5uo7Qyba/ws9aweZv9UTzAoklRNIo3oFtMWhXUH1TtEepjtfaL25yoEAP2HXCmeELrSAsqAaLz1BgWCSceTc9CVsHZkdFYIL/i0BHjzK42poqA2Z5I+/BqOR2grvJf6uqeX2Hq9RYl/2/ryOG+Y1kNpJCEk0fy5wZBzHDk4iDaIFjjciqZbxC3cacV3FKb0yMUAuWW9qol0T6dtC9xORYyoHM3E7/SrK5Zc6Bq5BCQrYk0zbKTeaw1GuKsauHyoIrlUsls4pfho2QLi7cDyPtN9Vdm8TGYKRSAdzizvUUK47bKKPBaw5OY1TOPIYjmEOe0Qwus7ok2rgfjLqA==
+xn--5tzm5g.		86400	IN	NSEC	xn--6frz82g. NS DS RRSIG NSEC
+xn--5tzm5g.		86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . otPqZNH+9Fv+cYjqeTZvh1zOFSdmYd1VYe1pkoIORpTVCdM1xsDrhEgEdXgWCVPM3BD2H5CsecdIb1gNBvRyR6pFEG9fFzKn3pkr9dl4dAziEUSla+RRbnLp9+uIGQmkw3rI3WQ861O5nMkSkGnb+Nl2axSNcx+4MaEdhi8+9ormBzNNlzYDMtPxKbuFq3TG1WGmaR4Jsm2VnOXyrtODJK4nwOWtD+OnKH8BFL7S2gHjGBXeJN+GVniXS7gnxH+pslAaaDhQEdeoh4F8MENpvzwIsnx6MSbMN4KsBj2SoqSyCbGTpaSIw9Ya4OxjUWMk+y2kNUGnE8/ZFPocQkay2Q==
+a0.nic.xn--5tzm5g.	172800	IN	A	65.22.16.9
+a0.nic.xn--5tzm5g.	172800	IN	AAAA	2a01:8840:12:0:0:0:0:9
+a2.nic.xn--5tzm5g.	172800	IN	A	65.22.19.9
+a2.nic.xn--5tzm5g.	172800	IN	AAAA	2a01:8840:15:0:0:0:0:9
+b0.nic.xn--5tzm5g.	172800	IN	A	65.22.17.9
+b0.nic.xn--5tzm5g.	172800	IN	AAAA	2a01:8840:13:0:0:0:0:9
+c0.nic.xn--5tzm5g.	172800	IN	A	65.22.18.9
+c0.nic.xn--5tzm5g.	172800	IN	AAAA	2a01:8840:14:0:0:0:0:9
+xn--6frz82g.		172800	IN	NS	a0.nic.xn--6frz82g.
+xn--6frz82g.		172800	IN	NS	a2.nic.xn--6frz82g.
+xn--6frz82g.		172800	IN	NS	b0.nic.xn--6frz82g.
+xn--6frz82g.		172800	IN	NS	c0.nic.xn--6frz82g.
+xn--6frz82g.		86400	IN	DS	51310 8 2 B725FA381426F5E3A9338C5C5A57447611ABA619E9675D9BF973D1D2A3B14B5E
+xn--6frz82g.		86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . APYVNp7JrjqtEza4dFy1k1rI4pkQH6982KgR9BOVqrvdrkTOnEDVG11aWfq2MrXOwGPNlp0A3jVeqdD6z/o8sKS/qP53wB/myKcxe9syG/faGGus9DXbCsUfx0X5i91tD0LcKZ8jfo1jGhbAUWKRaLuPijIALKV56YrLaAydtmQwD1cIMDHTFDG/gUPHEaPzp4GbkiJMhYQTa3XNq0wi2olG2yOmaRrrDH1J+GlSUHJ+gR1g4sLCqciggIHHCsRr6wp06jLbj4hegFyZzS3i5MYaBthd7rZqhlkJaig8MYDRJhGMqnjhpfd8kK+dcyx7RXBsAHqC+XXmFs2fDIY5Aw==
+xn--6frz82g.		86400	IN	NSEC	xn--6qq986b3xl. NS DS RRSIG NSEC
+xn--6frz82g.		86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . AYC3cTl7CDY3o8q516C9QlbBDu8Q0Dvby2G0Wwu0R7RgT4dI0bNQt6bLz2KrbWKwlwuZNpp13fxIXRwE1W1tzSn/DYJJXuTMvb23kHzD0+BFkluaIEkTo8mz/PWLNktMl9tGHQOzkpM5y4DPUGG2ZuaMh3v5rMdJQAhGcrWhPMO/S6oCYPelKMqnavFUuEHuAZ9HTK2I7Ybh0EfMP3S2lhHl+moqdfXGe2x/si2did0SnBWEXA20sj4LXgQcRswQxziBdsL3jGOdsD11Bp3nNhPEclSJPL8OZWwwRLO20SwCPQg5IlCTTKGBsRqfCfsskxOVPixGPPNcEjnAzPnvcg==
+a0.nic.xn--6frz82g.	172800	IN	A	65.22.24.9
+a0.nic.xn--6frz82g.	172800	IN	AAAA	2a01:8840:1a:0:0:0:0:9
+a2.nic.xn--6frz82g.	172800	IN	A	65.22.27.9
+a2.nic.xn--6frz82g.	172800	IN	AAAA	2a01:8840:1d:0:0:0:0:9
+b0.nic.xn--6frz82g.	172800	IN	A	65.22.25.9
+b0.nic.xn--6frz82g.	172800	IN	AAAA	2a01:8840:1b:0:0:0:0:9
+c0.nic.xn--6frz82g.	172800	IN	A	65.22.26.9
+c0.nic.xn--6frz82g.	172800	IN	AAAA	2a01:8840:1c:0:0:0:0:9
+xn--6qq986b3xl.		172800	IN	NS	a.zdnscloud.com.
+xn--6qq986b3xl.		172800	IN	NS	b.zdnscloud.com.
+xn--6qq986b3xl.		172800	IN	NS	c.zdnscloud.com.
+xn--6qq986b3xl.		172800	IN	NS	d.zdnscloud.com.
+xn--6qq986b3xl.		172800	IN	NS	f.zdnscloud.com.
+xn--6qq986b3xl.		172800	IN	NS	g.zdnscloud.com.
+xn--6qq986b3xl.		172800	IN	NS	i.zdnscloud.com.
+xn--6qq986b3xl.		172800	IN	NS	j.zdnscloud.com.
+xn--6qq986b3xl.		86400	IN	DS	30406 8 2 A9B0F70F49B9E0819D93E5E98D1A24499ED86DC201C15D77EAF1ECBBF7C6D2AE
+xn--6qq986b3xl.		86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . cnOZUyyYY+Leke56q1YEw6dk1boEPapixKw8W9UfR631TmV8a4BCmpR4gEfIF2FixwBPugiAD1MH8J2ZYGwD8o/pvma5C/HBSa6ps4eA4FBqL5muKvmp0gqz4UgwOcsFDvGjcjHnNhfYBow5mQLueLKO9w5wRo7dkmlLGwOJoD3wa2dOuZhg8FsNmlFpFqQch12qkqk6mntNBEkz1VHA9FE5sKfQJ+PxTHHvrGPK6dRm749U/DrgrPD0bHNH3k/0eCeGY0FtqaoTgEbAKKLLun6iAeQPiti9kK9zzsUC8LQ+FdvBiLnphdfTg4moUak77gYVSpkUp/ph8dsM28Vogg==
+xn--6qq986b3xl.		86400	IN	NSEC	xn--80adxhks. NS DS RRSIG NSEC
+xn--6qq986b3xl.		86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . suuMCgbaji6tRZkPFDJRRYGCVBnRyu9gW+DMV+CvaS89QUu6YRRDSCKjQ/M6QTBcFlEniaSzh6Di8l3BpTnBDmbg0CnJ6JJftVySvHa9FHU9FZJ6q2Etqg6ZzCduieceEfw4dXt49oBEwvcuJHNn+c9gXnKIDpNx8hinB7R4hKSUcqvPsx3JSxoUzEPva/CQnT1WK1IqfXKqZvJnDU+cSvbCvI/vnohjk0wz1Jgn1LCNRC03NLFIK9frJPiSXZS1NMwa74M8gBt9to/XMB2Zr+NDaGmrog5nucDH9gEvCZ65/wAh3y4lcR+QAPdWWzfB7lcupJIacxMiaHUrMbmgWg==
+xn--80adxhks.		172800	IN	NS	a.dns.flexireg.ru.
+xn--80adxhks.		172800	IN	NS	b.dns.flexireg.net.
+xn--80adxhks.		172800	IN	NS	c.dns.flexireg.org.
+xn--80adxhks.		172800	IN	NS	d.dns.flexireg.domains.
+xn--80adxhks.		86400	IN	DS	33904 8 2 7AF8634483E30E963ABFBF03F2EFE17732BA3C4D2F5020777A415420048F5FCF
+xn--80adxhks.		86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . C/meunhuFJfdKVvrWIjJjkCJRq2hHygo+AYMREzwj95XwKdBQ0az1DUwTiyBHyqMZoYjByoi7UW/BkZu5W1OD2gTwYb4C3kK/1gnWu0x4J704HEF+QvR62TJeU7hhsHOnBPxyS84EyQxsaXXxgQRj0r4jNbBnrpn9HmsFEXm1LbmqTXrUEeO5Si4/+HcAMAI5g0O4dD2y8k4FzGP/ONgzZci7KME83R7t4YA//yIPSQ4BgvuiXDm0cHovdi3EH010q+yk1O+NLDIMNge/scNaBVSFZuib1F9GEoYJ+9aWq2g6821ZGsl8oynM8t1QU5OD2rgIIAKTvOJIcS02Xaqkg==
+xn--80adxhks.		86400	IN	NSEC	xn--80ao21a. NS DS RRSIG NSEC
+xn--80adxhks.		86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . iJfQkN3dTvTxpOjDYrV5r4COy+Ohq1KRzZPFwljH8x1nDt/7R8/EbgHseXbgD6jxuDI/5BH8Ow6fMgTyAU94DSTQWNWIjg9i73CJP4PPb3VdekfrhlvppQdih0kMxN5v6hHHTLBZJO1eMUL98enKxBhD9ThY5Mho4Wm+aZVSFmMk4krS8eujktxSyROzt0GpL6yfEBN0wuIyIQDxGKycRO+uM2i6gxMYvY3JBwzoP3PynH4J/3jjig0M0+QKAlMkc9IGlnTwgCzzitPWhuuHI+XyXSj4dMd2XVQZjPZRx8JL1YTWFbUCEZhTXrtnxvsvf0O1Xv6ivvWRYCX2zYpOmQ==
+xn--80ao21a.		172800	IN	NS	ns.nic.kz.
+xn--80ao21a.		172800	IN	NS	ns1.nic.kz.
+xn--80ao21a.		172800	IN	NS	ns2.nic.kz.
+xn--80ao21a.		86400	IN	DS	12941 13 2 1E67E661E644F9C2CC122CF6307CE2BA434A1D3AEBEC08769BF5A28EC697F8DB
+xn--80ao21a.		86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . Aa+toH7ai3xfwyAt6tevw3GYUgFpoDnPo2ZINgDVZRBtZVbxm5okhme8MZ7yXXJO1YT8xP77nE82XbKpL+kigAgbHFkLfH3XrQvpsBuC/NuimGT+rcGZjS6kJ0Ah/l2VnU/7ZMUm7F4dFEuO2rSafhuAcXSovzTHurNl5t4qDf/UcaJCoPLlY63b1TEIeFg1itKf7cyyX8rFXljMJHiIRw/Tk/PVjRx1t0nEOavSVVyPNMFsaMpIidQFvoPTSVPokYYfRvVesBixoO1IPYDdjbo+A2dYN59HGf/uZNaL527p0M/XCwlEqlKOAyMIyIp7FMpZIxGOZQimPFhZbNNjvw==
+xn--80ao21a.		86400	IN	NSEC	xn--80aqecdr1a. NS DS RRSIG NSEC
+xn--80ao21a.		86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . gsblrpNrFS8FGYSKhKmSHeOqdqNxLtDIK9FZlgF+O2yMHPqaNkOTEoQB6L+4QLK7JvoR3UacZBUFZzucMngACwVXvHV3qvlcYfwbr7T+Z7ORBZ16ZeZL+99Vb7sv7qPtgIjeZggJbniXIpsCcLh3St7TvwGKT/MUa8nLp2dKp3GO4ocv9x3FokBDtACTxM9K5kebL677ohT0x/uHmpYK2CORu1VMxzG0ZJry5FGHyyygWvfqFAcm5fF0KW1e9/O4xSmHmLgJHP9ZI+yBsSEZ+YFrUzqNuNJPpF3cnhcVc6Eq3DyQKxDpJR6Y22xgvL5cEbJC0ibmL2PGgTE4PVcDFA==
+xn--80aqecdr1a.		172800	IN	NS	a.nic.xn--80aqecdr1a.
+xn--80aqecdr1a.		172800	IN	NS	b.nic.xn--80aqecdr1a.
+xn--80aqecdr1a.		172800	IN	NS	c.nic.xn--80aqecdr1a.
+xn--80aqecdr1a.		172800	IN	NS	x.nic.xn--80aqecdr1a.
+xn--80aqecdr1a.		172800	IN	NS	y.nic.xn--80aqecdr1a.
+xn--80aqecdr1a.		172800	IN	NS	z.nic.xn--80aqecdr1a.
+xn--80aqecdr1a.		86400	IN	DS	16210 8 2 3EC3F92A011E4087D2C0FDF107A5AE34CA52FFA467BD73677128A91DA3F552EF
+xn--80aqecdr1a.		86400	IN	DS	50089 8 2 1C651BD0C4B0B51D953B5BAAB9DF5FB4256B88CA5883CEA94AE060C1E5C313A4
+xn--80aqecdr1a.		86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . f/EtK/N3hZB/Ofy2+xtyilSxrA8mXVyPiz58LljXX1cWAtb3JxZ5vQoXmUNTX0L+niPzHEojYDf6M5J0DeQoQdthoNIw+2ilq7MLMUTTU5o7zI1Wnd7DkdhiRs98uS+pl/ud/3HK0dfWtDQwPJucTdvzkZGrFdo/B77QgX68cMvMB/pGJTroO7S+5NMZAhEjPnn3cPiNFja8S0OJTQFS2uSnsh3IgKfretoeWuzXEgmmsI24ewnU0CFaZUm4asYpbE4sKULoujdiOGcVK2nb6rNDI7Jfx8f0xaxfzJcLy4JMma5878Bz29mw4M1T2RUo9ORm4otrytj1yJxSF5dKkw==
+xn--80aqecdr1a.		86400	IN	NSEC	xn--80asehdb. NS DS RRSIG NSEC
+xn--80aqecdr1a.		86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . snLRqzdoZUpca8jVPetjpaT9yb7pj08xoPL1yQxn7/HNXKHDwCjJsjKh92/3b2OpX+Hr2A+9b9BylTPylL8Nim55u3SJLTtMd025sCp+1C5YWJPeJZyY2yv/y0Z6sqy1CTNhK1v0oNESmjNABqtXroT5YjyNWfcNFekUZnhMj8KkhjZjLCFIbl1fBLux74fb38K0mD0pabFM8ZC9Qrd/F56HGrT/IaAAn/MK3oISKWqgNLscay0Bdi5c6rxDs489fmvE8fcILP0ohEKQRg2hGKXrfDHhi4KnT5L1uTMr3ezMhqFEzRoXbZMos2cF4h40w8NxmBjZwlKkONm86C7jIw==
+a.nic.xn--80aqecdr1a.	172800	IN	A	37.209.192.9
+a.nic.xn--80aqecdr1a.	172800	IN	AAAA	2001:dcd:1:0:0:0:0:9
+b.nic.xn--80aqecdr1a.	172800	IN	A	37.209.194.9
+b.nic.xn--80aqecdr1a.	172800	IN	AAAA	2001:dcd:2:0:0:0:0:9
+c.nic.xn--80aqecdr1a.	172800	IN	A	37.209.196.9
+c.nic.xn--80aqecdr1a.	172800	IN	AAAA	2001:dcd:3:0:0:0:0:9
+x.nic.xn--80aqecdr1a.	172800	IN	A	156.154.172.82
+x.nic.xn--80aqecdr1a.	172800	IN	AAAA	2610:a1:1074:0:0:0:1:82
+y.nic.xn--80aqecdr1a.	172800	IN	A	156.154.173.82
+y.nic.xn--80aqecdr1a.	172800	IN	AAAA	2610:a1:1075:0:0:0:1:82
+z.nic.xn--80aqecdr1a.	172800	IN	A	156.154.174.82
+z.nic.xn--80aqecdr1a.	172800	IN	AAAA	2610:a1:1076:0:0:0:1:82
+xn--80asehdb.		172800	IN	NS	anycast9.irondns.net.
+xn--80asehdb.		172800	IN	NS	anycast10.irondns.net.
+xn--80asehdb.		172800	IN	NS	anycast23.irondns.net.
+xn--80asehdb.		172800	IN	NS	anycast24.irondns.net.
+xn--80asehdb.		86400	IN	DS	54606 10 2 A1A13FCD0AFB413657352EBA09765C81E0BA0AF0B8452F03EB0D0E4C9661241D
+xn--80asehdb.		86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . 1eCHHdozee6XYTU6Hy0O9o9Krko839l3ntnh3Hu1w+ErZeQ1NbvzNsnYp9KQAKig6Ln8bEsG0FHxovMIML28cxqUj7YCV9VY5FP15lpAtd46I5MrlzFyJtyDXBJO8ZOiEOIvyFLY8xbgVJEpc9JW7nqC10eY3JbpzwQH/YS4nbDETU88Eo2bfVFjsZlDYRP5S9XGayowGNCSJ4G4vgUV0g8TZ0UQ6RTLvHkoQDlE5kp5Ho+pviLTxah+yOLmFCT07C4IQmeWHdRlxHcD8vz3mqV2rgOGLcImHzpgnl9C17gEJKG7rLctS6RcOC7IwnuQdxXpxqUjJ4geXYcsMRznMw==
+xn--80asehdb.		86400	IN	NSEC	xn--80aswg. NS DS RRSIG NSEC
+xn--80asehdb.		86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . 0LYaMnqFqQWCcuzF0qK+5Jpuro4Qx2yxLEbs1gFUT7Ys7tDGDjl9FAgmoiRW9SybkGTMw8zjVGDjNNhv+6gQPycAv/zeRjq3SZDeNPSig7+M/SIYOTZ7GyWPIsSUaYp35OVFGV3+IlIlBuxDsS/UxBJ9catLMJ+uGEsKdFY2Ee4bJ5SUSTL+EUNQKPsni3/TvZRFC78ien6cHfG8bjdzxpvyccMLDCsJsI8krcaWqqMJ5XuWQwVuG97aJ7zeoH2fJol+4MX+K/vaz+Qp230TjIhCiA3XB9REYAUU+bKOhfHB8bft8SABxgPLGnmebnq5sU1Clw1mfMkmVx7NKqL4MQ==
+xn--80aswg.		172800	IN	NS	anycast9.irondns.net.
+xn--80aswg.		172800	IN	NS	anycast10.irondns.net.
+xn--80aswg.		172800	IN	NS	anycast23.irondns.net.
+xn--80aswg.		172800	IN	NS	anycast24.irondns.net.
+xn--80aswg.		86400	IN	DS	61281 10 2 FD5803E5D6CA1B8B5B3345B8E6AEA0E640988D973AE153713A7BC890A84E3400
+xn--80aswg.		86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . pZn72JXapHCeaEqyUSGJwclRwiCVpR1LaKFxhV0KMPeoOmLvN+dC/h6Xg0VqoYGSm2XYVK3H7CTeqe2muOr6jSQzveOxNmPu6YFud4qCU2RBmFcUiyLul+RXDr9EW1RqII30o8alaAJ/t+sauR0aBrHgWPov5iWP6+ANy2ETunVp2o6m7YT3Lts7fBvA1S+qZHNBsYnMkfZ9RNSdjD8pwsu5B0ud+01dSxqT2D3jkjUf5NqmV9UqaUysIDXnJ3XsN4RekjYeB2nX0Xpjqh6rPqzSQQ2i5NysB4ZF9KQ2SMhbd/NlO86NOHau3heh7EPqqxedis6mo0XbI2SgvAfGpQ==
+xn--80aswg.		86400	IN	NSEC	xn--8y0a063a. NS DS RRSIG NSEC
+xn--80aswg.		86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . T+ooy5nMqkO2O+KzElpgWX4ml3eOiheACdoxQRcDFNzsaOe7F7dj95iTpx+O4uAOlPq2vDLKM0gu1MrfLYilGUU+v5Z/Jv3Q4pSBJObUvLNWYofSeDjEoN+zWhu0bzD8qOr/nV4xepcKXVpTfsoycIGimJLxYmlRDoHufxN5IbVVfkD4mI3Kn693V0V2hAdfoWGh0YyxjuDQRbUs5XxPCHDbYgXDDS5nISEce0pvoWWpgT5Ux43lcQeBKKy8l14rAJpZE5pfopUPFOIFSPfjOO97GUEObAtvYi9f2Dw7m6qBL2oQuqXzNuj3FW7SsPRI28sTdxnL7wu9p7fNq9okRA==
+xn--8y0a063a.		172800	IN	NS	a.zdnscloud.com.
+xn--8y0a063a.		172800	IN	NS	b.zdnscloud.com.
+xn--8y0a063a.		172800	IN	NS	c.zdnscloud.com.
+xn--8y0a063a.		172800	IN	NS	d.zdnscloud.com.
+xn--8y0a063a.		172800	IN	NS	f.zdnscloud.com.
+xn--8y0a063a.		172800	IN	NS	g.zdnscloud.com.
+xn--8y0a063a.		172800	IN	NS	i.zdnscloud.com.
+xn--8y0a063a.		172800	IN	NS	j.zdnscloud.com.
+xn--8y0a063a.		86400	IN	DS	44995 8 2 75EC90F39171D405CB5D609AB0C62F21B2C53DA70D28D642D226121A4DC9A917
+xn--8y0a063a.		86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . rRIWokxyKICXfxu9R1gMXkmXDACMdjjYtBl8foPNqPYo8yqOLguyCrq/CyCUcWTYrQCGFSH1nYsCGtoFt1ZGWXrgNV6KsVv7KIj7yG6Pnk3Nh5fKjPrNmwdkSJDCp9NIJdcAbrJG2PFDTKBg8MHUI4MtRfXCMzdh1wUDdTV/ri4glSdjYuhcm2PROBWr9yD9tBQovIVKPA9TQxXsL0qa3M4DBGlYw9Pk1QQyZwsIKKrW2vJxk/uTfJ09YGqbgFWvvbaPwcsPf+lo+Soym+nqacXu7E/8a7afNMhH4w9Uj5XR/vI8JwIy/7jt1Sk1GSnBPT6QngiUgnI664dIDPh/mA==
+xn--8y0a063a.		86400	IN	NSEC	xn--90a3ac. NS DS RRSIG NSEC
+xn--8y0a063a.		86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . G1WWyxh0Pi56RrvbbkeiFcPeGfmxe6onSWv7l6Z8CKryc35SHUbGrqN4ki+j99B4tzf37l6r0RASbUinYDD9oUR3wo1GIGxpJkb79wlvCIQO5Fs2UVu3553at1/0x7gDVvWbhRPp5+htMmkGIase2p5cEF2a6FSfRmr4QaDJQt/jXzYxH7YXXU11bUxsJFSgz7kuXrdpVP+9/nkrLqB3XvI0ULnK4Jwj8OtD+/YmB4JQ8Jv+Fsj5CVSbv9NIrgjYc1hjkHbBk75/2meiLfwafwPuiwVkWOuU+OYdxSUqN08mM12u342tPkCPsK/TCh1wBeA41oMKyiBZqc4GjDWpvA==
+xn--90a3ac.		172800	IN	NS	a.nic.rs.
+xn--90a3ac.		172800	IN	NS	b.nic.rs.
+xn--90a3ac.		172800	IN	NS	f.nic.rs.
+xn--90a3ac.		172800	IN	NS	g.nic.rs.
+xn--90a3ac.		172800	IN	NS	h.nic.rs.
+xn--90a3ac.		172800	IN	NS	l.nic.rs.
+xn--90a3ac.		86400	IN	DS	64419 13 2 17FAF8DAC1408C3F80631695363F4A3B0A15023842563AF5FAF8850E3E632973
+xn--90a3ac.		86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . GDgfH4tZ+JLpbkRBerplfkkqTm8Gf7NjZZRph1sM8AoX93irNJ54ZvpwUyCJ+Dbc7TzSMdkjeX7Sd01y4q6NWOGtaul/+L5wcJwoEOL/lR6U0tl3PVlGCMrLvRJojfnLhpdlxFuR7sfrIOtHE8c+uqk6GYNX+JqiG8Jrf+e4GMcjBjz59tw873mUPO9LTMrdihilpjgRJSQwhTV5XE+cdmsD9NW3zZGluIAlOrPy5lmx8LVuVerCE0J+M0hx8u5tWxyBdZQGCkPAVxv3UuRQIIs8G8ZUq+0nJ1D+0PIXz8wzBnzrxTo3kjSPoXJ4AjK8Z+MNDG+cyNcL3/tp0Wpb1w==
+xn--90a3ac.		86400	IN	NSEC	xn--90ae. NS DS RRSIG NSEC
+xn--90a3ac.		86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . bsL9ZQBeEgFn4K/XqicNjoM1TJ6Odpb8dk4tiXMONLEos8nio0Ft/QoiqDE2Vlv3vgTpSPVXoaKh3yIqnhD4Oh2QqXC5uKi4JDAtmWS5qM6n8z4QPKYlq/F7eu/Oo0+FEI61MSAScFM/5g8iKCmmDQ0mURnE7P7ccD3lRxqP5AX43MjjqcSloNJFmwuNAc1iYDAjy667AdWw6m96Rw7u5rarlgawa4KWMy0ZjYV7j4EwFKyaLN0Q/y8F2fg4jRdYqTpoYCcsQobbmBfNs61i5s4N9GgIwxvdTuWL3/gOYhx9uog1mPYR+RMtvnM34yVAtiuHe98F3zPNYnkVoZlzQA==
+xn--90ae.		172800	IN	NS	a.nic.bg.
+xn--90ae.		172800	IN	NS	b.nic.bg.
+xn--90ae.		172800	IN	NS	c.nic.bg.
+xn--90ae.		172800	IN	NS	d.nic.bg.
+xn--90ae.		172800	IN	NS	e.nic.bg.
+xn--90ae.		172800	IN	NS	p.nic.bg.
+xn--90ae.		86400	IN	DS	55126 8 2 0669C2EB01C870DAE3EF098917DA83562B431531334A531E9814F117557509D7
+xn--90ae.		86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . LqpjLArOuxfTOUidf20WeNAVNllpusBsSWDYZH3TN4PPFI9e2Kd3TuPZcF88slXyCzysE7kBlmWhScU8w0HzhoDBU/pSIy+wydDnxKGapYedFbnNEZkdZ/BEsWiDReGgwUq6RTMYctMviKBNKdTlCbTBnaQRKZzF9N1ZCMPy7GW8Ka+sGoS/P/gC5ulCaOx/li0qDvJof0OoNJeX74wM34gkI5TcCYD6jR/OpVHnnONns5Ge2S8Doxln4KTHmIE3G+BeNfRP26fftTyrBZxyHrpwYpMsHSRsolobZ1oZL6aFV9YpEPCF+5tTzT76SqYj6EBzLzqdnd+VkXOPgcs76A==
+xn--90ae.		86400	IN	NSEC	xn--90ais. NS DS RRSIG NSEC
+xn--90ae.		86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . iIxjRyqBvu41eehAV/1nlxa3rdT2rCf2aM7ZVpg2PD76nUr/ydsX+EXy8s/lp5JQgbW2e2WGlzGZzVAYf7/XxviMqK/pzEPjoYQGOfnFxTo2aNXaX2x5lrFnbdoLt7WQWdiSpoP2b/nZC0qPYVjnnG6aR+j0M+FkIO1piv44z6ruZhhMQtCEFI5RoxvrL+qOYiJBgJB1fMD4fzCNMhM0AJKP8HTMt36YnnKOrdK3rwLvEDfT//Ew0rJnKq48I8QdSlk9VaBCJInrj8RRGmzYMrTSir45IkovINybI53S+kt/btIBwwIaIvvbay+p2GyKSmFMexGBf6zkk/uy9kDd0w==
+xn--90ais.		172800	IN	NS	dns1.tld.becloudby.com.
+xn--90ais.		172800	IN	NS	dns2.tld.becloudby.com.
+xn--90ais.		172800	IN	NS	dns3.tld.becloudby.com.
+xn--90ais.		172800	IN	NS	dns4.tld.becloudby.com.
+xn--90ais.		172800	IN	NS	dns7.tld.becloudby.com.
+xn--90ais.		86400	IN	DS	43354 13 2 E3288FD293924279D5C2CDDAAC9875052D0D3CAC2476F03CFD546EA512740699
+xn--90ais.		86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . n9bqsMgETjqM2oSX/1F3miom+pjZFeAhSzgwrnSxRi/QqgaBmOI6EYBiPsAvwwGrgk8EVdOjmfMzxLRG8rA3vXkI6mRjMjlWBqHV0RU10eWSkH2auBAb0TOfv/l1YIiQhSEbJaN/k9AxjMo9T8XKTFn+r/SM2+JGxS4YLcxlREKWfuFhb6yywwbrrykZVdMWRiqQNb/EtNM8nJgaUgN0hRcEZGBuOAN8ol3yJ0Lhgj/1cSjUXZqh7qgUJE/5g7fFIqz66u2+PfWk4n9GHjehWr/Ku2NtrjnEzSbqzhrVZ/oamk2opxpfgq3/cslAmSC4Nj+c/2NBJ+uhxUyDZ5LdVg==
+xn--90ais.		86400	IN	NSEC	xn--9dbq2a. NS DS RRSIG NSEC
+xn--90ais.		86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . 1yf0kwZOzVeFjMIOAQcqIu32Dx09U1LnOt1YrwTgK5SNSottU73xifV8xyowoZBtRxbDINVcJ28dSM2G0yrC23mWdJ1M583BZBTlErhcPZqOHxzb6tw8H7ak2llHJbF5oOV1dntI0sJmd2yFy/ixoxg9lOgzfJVKALV5WMeQAtn8XQofI0/ZdPHztEeo3hJ6HOuW7ohF84vIpIyUboUplbhE+7n+gPP89ApgU/RZxRBQ2kj/P8cOCrtDv1AlPUwiC18+OphhkyHZcOdbYjeWnU3/xyl4f0ffv8gTJNEc/4MBAun27rWtbxljSfUlsOdSc/phmRTdmV0k2c1MxwEE5Q==
+xn--9dbq2a.		172800	IN	NS	ac1.nstld.com.
+xn--9dbq2a.		172800	IN	NS	ac2.nstld.com.
+xn--9dbq2a.		172800	IN	NS	ac3.nstld.com.
+xn--9dbq2a.		172800	IN	NS	ac4.nstld.com.
+xn--9dbq2a.		86400	IN	DS	47235 8 2 014AE4831DF78851E081E2F33857B1335BBF16A65E3FE624CB42D2BA1A32DAE2
+xn--9dbq2a.		86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . X5geJzyTbkta9eYkA3akiK+F0eJgs+fTQKHDADsK/tlgijRh7OZT1fDlLWtgCSvew18YI3ORjEFB8RYqcy6Pp/u9ClelGsXqgFcncw3S3vLllYh9auYbtijrRL7UgaBlI4bJhB3HOuVuIpCD1STOL12UijTCi+0qZMFlCvcTlVar9OIiH02+c/NAneVKRtDJODEiAgg9VcGBvPrVFTrqLKqSdRI7qNv8dsJoHU4NnU2TW2RnA22BVqwwve8njRtT3JOezqU9cWeU6dSHssYjaIdvbaXlEqQHEbr8ghaysvMyW7Rm+ZJCHaKh6CG2phai5BCN5/WLxh53GRM+AQb9Rw==
+xn--9dbq2a.		86400	IN	NSEC	xn--9et52u. NS DS RRSIG NSEC
+xn--9dbq2a.		86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . GYgZi/WFuXDgy2R0LuBv3g2YMZUrDc0BTmY5xONo8LkfFlSXxxSUgNPo4W6VrUPaPTf4LTsikQ51o5W2PWsaT21HMaWMGUifxgjFqZ+KUalhE2I3o4SpAjX8dGg2zTuIlA280DpoP4zBxwgg1hL4hrwWwKJ+tO7hp5sv2BmPSqX6Qvt+RNEmNabyihCxcr0J0wHJuKtSjygOMrQwe8vBPBVIorzLZAC4sywNey6mqK9t20N3RIaeGbmfV4Y3dkw/d7xO56GzH7rxQV73hfaCf+WDUquWe1G1CRRAVyJettPo9hR9oeFsxj4+KlF0rGDXFGIGOcZj05GHue0wNFwGEg==
+xn--9et52u.		172800	IN	NS	a.zdnscloud.com.
+xn--9et52u.		172800	IN	NS	b.zdnscloud.com.
+xn--9et52u.		172800	IN	NS	c.zdnscloud.com.
+xn--9et52u.		172800	IN	NS	d.zdnscloud.com.
+xn--9et52u.		172800	IN	NS	f.zdnscloud.com.
+xn--9et52u.		172800	IN	NS	g.zdnscloud.com.
+xn--9et52u.		172800	IN	NS	i.zdnscloud.com.
+xn--9et52u.		172800	IN	NS	j.zdnscloud.com.
+xn--9et52u.		86400	IN	DS	769 8 2 2BAE7BA36EA94541B8BC12188EB1AA933B5081CC281909CC5874AF2EBEEBAE96
+xn--9et52u.		86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . FXu5zHxxyTZJo0YdhK+vqnhWQy6FxCpPe5JEaiIeO6J/6aclCrxemd4tK6X2S2YyCb7kVGKSpukkq8PBSFH3ke/tmyI2HQqlB8UL/QTXgAIRSqvFGGIxw0LOSW009s/HCqgKFcqoqZFdulc7W0G281qaEF13kgrmy6+hz106q9XKjYAUI9xd+hhpPrJyXiaCtDQ3fqnmTrbyc3bgPy9MirRLs0sopFPL4H6lVSPqLyMfcJu5bEAWP8+I/EeATORbMU+Spugbufw3ffJeUl63yE8lsUa0NoBDCZRhjockQdKZOMwaMOwjW8rA9lgBODiy8GfuRDP7u9lKrrKqEsM/HA==
+xn--9et52u.		86400	IN	NSEC	xn--9krt00a. NS DS RRSIG NSEC
+xn--9et52u.		86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . LOEF2OIqfOtZpD/UEgpl0TYJWA1iwD81APS2sIeEFK1SUxen9MGNT6fHdp0K3bbqg2g4V+HhhD/tbSj7iOguUHs1/OKFl1Q/xIS0b8fNYEweMI0a38NpvkmkjIa6kkGVVZMxMj9kjpqDmLWOB62AjAl4u0nkioGI7RZ3kMcrDjxoiXziFB8/Y8UDtOdwCA0DRjHqofy6UyGJCzJErLL30+Zyl/iBkoFlbFbrquPZGyFiS66A0rGkDGOp9G91/Ea/fpxsrqq/usWwzOhjj6hL4/VBfqPlvAl4siWpjQUIUYXc+dVTSq5up4Tv8omavw5uZO4NE1Ueg8OrlTpai1GU4g==
+xn--9krt00a.		172800	IN	NS	a0.nic.xn--9krt00a.
+xn--9krt00a.		172800	IN	NS	a2.nic.xn--9krt00a.
+xn--9krt00a.		172800	IN	NS	b0.nic.xn--9krt00a.
+xn--9krt00a.		172800	IN	NS	c0.nic.xn--9krt00a.
+xn--9krt00a.		86400	IN	DS	6052 8 2 E5AEA197B5FB7F042833684BBF64FD1F9341BAA2007B2DB2958C9DFAA5884B78
+xn--9krt00a.		86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . FVDYoup9ABq70jc235re53Wl9+8kmhaUulS0JneFqVRQwPqicgkEz55vxE+j6EtQq9FtqeWLfwP7WFfCexbgl/ImARFaRaBwe0dvimbnjqm8xrquh7UgBUIeoTfHvh0I3pr1wuwlZ3AZjfxRBp1q01ifKxe9Jpc9+AxslOx0Bqg76j6ERU+vv7PK2mXlWryPtlY/eUbluyMSvZxI0lSJrtiBApQUEfHGVv3zeEEbJWHpUBVV2uhG7jMVo0v5lB63FReEDc4Kq+cmo+qS8PuMnRZ2/BbJvHtiP6RDCXP2eiJaynlvmnD8OTHMD74IOr8A3OPkQ2291aqw+wg84iOaNQ==
+xn--9krt00a.		86400	IN	NSEC	xn--b4w605ferd. NS DS RRSIG NSEC
+xn--9krt00a.		86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . VNmQIgp6u92zjOAYKAC7g5g9R5ypAapKrENH4MmAauxnuWwkkFOrpj+XpV/Ua5TmL6rXorrDZM5G1ZukjrFMJCj1A16AO2NnfYxUb//YLun8LtTX1Fd+Qv3TW5zY1xObEqnmowP/OqfuLUFtPWfYCBFWyyersu2j16gGNRTwMCJbaqzIPOMZ4R7sBgfDyXmlH0NT3dqpxTf/izU6RVn7YiQR4QRa9qfC8KGcpzrFOlT9ZREcDbUmnQV6C6UaKwbc55uTSt2nU3FYDiZcrYs7uAChYd2FTGn8+yaTvdXotKzqR9mYttK4z4RLASVHAvjdSc8t15QGtzev9CqLDNDcpQ==
+a0.nic.xn--9krt00a.	172800	IN	A	65.22.112.1
+a0.nic.xn--9krt00a.	172800	IN	AAAA	2a01:8840:6e:0:0:0:0:1
+a2.nic.xn--9krt00a.	172800	IN	A	65.22.115.1
+a2.nic.xn--9krt00a.	172800	IN	AAAA	2a01:8840:71:0:0:0:0:1
+b0.nic.xn--9krt00a.	172800	IN	A	65.22.113.1
+b0.nic.xn--9krt00a.	172800	IN	AAAA	2a01:8840:6f:0:0:0:0:1
+c0.nic.xn--9krt00a.	172800	IN	A	65.22.114.1
+c0.nic.xn--9krt00a.	172800	IN	AAAA	2a01:8840:70:0:0:0:0:1
+xn--b4w605ferd.		172800	IN	NS	a0.nic.xn--b4w605ferd.
+xn--b4w605ferd.		172800	IN	NS	a2.nic.xn--b4w605ferd.
+xn--b4w605ferd.		172800	IN	NS	b0.nic.xn--b4w605ferd.
+xn--b4w605ferd.		172800	IN	NS	c0.nic.xn--b4w605ferd.
+xn--b4w605ferd.		86400	IN	DS	56659 8 2 BD5E5982605E7EC6077B7742D7894A6959657AFBFE9EE345EDA682A9A4BF0252
+xn--b4w605ferd.		86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . NZ6IK2/DMtyyC8yZNew6qKFHsQAUBAyZxVfMXUh44v3n1+7FBPJluTEPu7nQpN8EkWRUaVom/5uKAkeRt4BvViO90PWiDpxIzVzXyVGL/LZkQkrK0jAb5p7PCoHG4sW/Vh5kDsSTkHVpWVcR10RA1fsfEmO09FeA75KUJTtFBGJ8MXqErNpTxPjnTafuORIK+RlC7dQPq9xKFI+Uv9kJwwrttTJI4j9WlCxqluUSlBBJez2/q1HHY/nMlwsMs7qeZi8rQQW7NC6kWwiDQwd7bR6qPsSf+ylXCCxzjGlsbSr7bY0hVqQoHhURRIpxCeXNQOtN43Jgq/NaEPGqDfoC5w==
+xn--b4w605ferd.		86400	IN	NSEC	xn--bck1b9a5dre4c. NS DS RRSIG NSEC
+xn--b4w605ferd.		86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . xVc3UQHv82TmQmMvSBUMLVdfEmOw+4UGVAZaM/6P/agJGBj6JUMO1LrhDgGhwVpwkJDR90jWpRoBfwdOhhRP8Z54JAkU40c5/hPkG1MobyWmnDXlxKLWr3zbUNPaVFvpRVlsDa1v7g4mgJMXqZy3Let4WlY9Vt81ao6cDl2UCBCPKjhyIftECTGmFLtE5gpLvzGfJQaf6rQP9SMdPIF0t2LGk7+vSKm13VyxM19vEbC0/Z7UfkMA/eMYK08lzVl+dIiT5Eo+bPbmP8JCCbftDPF3PzHTsJx/8ylhrMlm5BQKU6BH2yBD01WQEz7/oWmXmOdjP47t3Bnd9LUoeV9OHw==
+a0.nic.xn--b4w605ferd.	172800	IN	A	65.22.140.1
+a0.nic.xn--b4w605ferd.	172800	IN	AAAA	2a01:8840:8a:0:0:0:0:1
+a2.nic.xn--b4w605ferd.	172800	IN	A	65.22.143.1
+a2.nic.xn--b4w605ferd.	172800	IN	AAAA	2a01:8840:8d:0:0:0:0:1
+b0.nic.xn--b4w605ferd.	172800	IN	A	65.22.141.1
+b0.nic.xn--b4w605ferd.	172800	IN	AAAA	2a01:8840:8b:0:0:0:0:1
+c0.nic.xn--b4w605ferd.	172800	IN	A	65.22.142.1
+c0.nic.xn--b4w605ferd.	172800	IN	AAAA	2a01:8840:8c:0:0:0:0:1
+xn--bck1b9a5dre4c.	172800	IN	NS	a.nic.xn--bck1b9a5dre4c.
+xn--bck1b9a5dre4c.	172800	IN	NS	b.nic.xn--bck1b9a5dre4c.
+xn--bck1b9a5dre4c.	172800	IN	NS	c.nic.xn--bck1b9a5dre4c.
+xn--bck1b9a5dre4c.	172800	IN	NS	ns1.dns.nic.xn--bck1b9a5dre4c.
+xn--bck1b9a5dre4c.	172800	IN	NS	ns2.dns.nic.xn--bck1b9a5dre4c.
+xn--bck1b9a5dre4c.	172800	IN	NS	ns3.dns.nic.xn--bck1b9a5dre4c.
+xn--bck1b9a5dre4c.	86400	IN	DS	2884 8 2 DD075C68DAC66ECE21097863183D23795595362FC5314150D38380ADEC50FD40
+xn--bck1b9a5dre4c.	86400	IN	DS	18031 8 2 F5936212E7D648F9906D69570E647F0A09C2C66BEE3B322CF39E5307175996D3
+xn--bck1b9a5dre4c.	86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . JI/toYfAKv0KdwurydBg0DUA089xFgGKcMdDAFcbv+O/rRrq4RdDktNaY0uvzWbP6BColv3+3vIPndJJTUakzt216XWmTu+DXbhApcbd3hcyVDwanwocjFRWhA2trxIlcxfPpWHZPn96jUxnm7Q0OOlKDBs2G2K8bLUXHWCCdfBYpzpx9UnZMpNNTOnrrhe2HxQcEMjP4QWrj6ErLRVAQrfC3K5dudpN09zi+/5e5kaTktN0fhId8XqWnXKKnAtAyVjALNyTxI3YZ4Sss2rNWo0pb/bwnhR8KKitCumniS8kB1NHRUEIgPDnCf4Ywn01Et2JFEpdZmGriRZ8xNiDPQ==
+xn--bck1b9a5dre4c.	86400	IN	NSEC	xn--c1avg. NS DS RRSIG NSEC
+xn--bck1b9a5dre4c.	86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . KpDbBHCGYCcHeiHcn++azn1LrEvOhI1XoEGiufswdaif0tO2wdQPTjWUtZraMXFXpHc1InTC0L7fsIZI5kijuO4HVe/Md9W4JeloLjoOBNZ8JZ07C4UIr2u91kp97khhlIug8nek0SlZbeaTHhwsJ9rZUK09k/xXF5za8q73FWaNerWWEoKagcxV+8T+Y6t64tX+v6Axcpqvs7KPNso6CV12UmdtXCP61UwJfp1MaDmB81qAbZrzmscAF2ZrLL4LvrVLU1bPNRUBYZ+ZIoOGXnA/V3BYZMVeoZT/j0dtkeD+Stt16Bu8nEHCteYiMxalwosaHjOtQ3MmW0uhkeZAGg==
+a.nic.xn--bck1b9a5dre4c.	172800	IN	A	37.209.192.10
+a.nic.xn--bck1b9a5dre4c.	172800	IN	AAAA	2001:dcd:1:0:0:0:0:10
+b.nic.xn--bck1b9a5dre4c.	172800	IN	A	37.209.194.10
+b.nic.xn--bck1b9a5dre4c.	172800	IN	AAAA	2001:dcd:2:0:0:0:0:10
+c.nic.xn--bck1b9a5dre4c.	172800	IN	A	37.209.196.10
+c.nic.xn--bck1b9a5dre4c.	172800	IN	AAAA	2001:dcd:3:0:0:0:0:10
+ns1.dns.nic.xn--bck1b9a5dre4c.	172800	IN	A	156.154.144.194
+ns1.dns.nic.xn--bck1b9a5dre4c.	172800	IN	AAAA	2610:a1:1071:0:0:0:0:c2
+ns2.dns.nic.xn--bck1b9a5dre4c.	172800	IN	A	156.154.145.194
+ns2.dns.nic.xn--bck1b9a5dre4c.	172800	IN	AAAA	2610:a1:1072:0:0:0:0:c2
+ns3.dns.nic.xn--bck1b9a5dre4c.	172800	IN	A	156.154.159.194
+ns3.dns.nic.xn--bck1b9a5dre4c.	172800	IN	AAAA	2610:a1:1073:0:0:0:0:c2
+xn--c1avg.		172800	IN	NS	a0.nic.xn--c1avg.
+xn--c1avg.		172800	IN	NS	a2.nic.xn--c1avg.
+xn--c1avg.		172800	IN	NS	b0.nic.xn--c1avg.
+xn--c1avg.		172800	IN	NS	c0.nic.xn--c1avg.
+xn--c1avg.		86400	IN	DS	16534 8 2 85D1FF435E850DCEF97843FD4CEED2D36CEEC9186DDCBC5FB3BD9AD440D7C398
+xn--c1avg.		86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . SzHp9LQza1LiEhAeMLd3ICEkoAh5ljI48pp3zctEcosSo7/AID30Hm5MbPceJIYFuIQB1PZHqKgBKPYmwK33s59pv/beR79a0gR6BsbVlzghTVmWd1brrwty7mFwMeJvvA1ojKhcRQZMeVAcjSFx1pFJNiAc/FmNAGqOneeH+YI16f+YJ9nswbaSXx6NAOzZzMhO66LhgNES/JNKTudXyVj29rNrvd1Fvk4K9CTt2izcBV6zz77e1G9289O8zo8apSMvXF/xbDlgwYNjPUMHMnO/RbnGc5yM0O5MDYBdH/riI4P1LgXyQHS9D4RYzz6Hm341chxeIX4qxa3ME9acoQ==
+xn--c1avg.		86400	IN	NSEC	xn--c2br7g. NS DS RRSIG NSEC
+xn--c1avg.		86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . hU+GP6gDy73X6+nvMZG+PgvcBD85LbuVdjxGLCFzdalQXeZCmv2byYMHe9dd1IlnQPFxCruuvKIGx26TO3RTs1mQGzyeOFjsow8zbaXZT9uEKOtVE/VaXVDrxdNF8rPogN40Cz1/3t4zBu4XCw9LzD8JeNPN2aH8oqEVLHnW5Ju3olafMoUN9BeCDtfMFTWck76OPrLuZLmLleXgDB+EbtWdD8b1X9XCrcYkOJPRGsyk2XTlmxwcbqxlODOuw2OPWaWwhDzt83zrhSxMUAiBth+fix6pscakPcFfWmP4Wadtz3fTiqFDjAT6H1GRYZUO/f24NPQBnEso5OnIOO2D+w==
+a0.nic.xn--c1avg.	172800	IN	A	65.22.184.25
+a0.nic.xn--c1avg.	172800	IN	AAAA	2a01:8840:b2:0:0:0:0:25
+a2.nic.xn--c1avg.	172800	IN	A	65.22.187.25
+a2.nic.xn--c1avg.	172800	IN	AAAA	2a01:8840:b5:0:0:0:0:25
+b0.nic.xn--c1avg.	172800	IN	A	65.22.185.25
+b0.nic.xn--c1avg.	172800	IN	AAAA	2a01:8840:b3:0:0:0:0:25
+c0.nic.xn--c1avg.	172800	IN	A	65.22.186.25
+c0.nic.xn--c1avg.	172800	IN	AAAA	2a01:8840:b4:0:0:0:0:25
+xn--c2br7g.		172800	IN	NS	ac1.nstld.com.
+xn--c2br7g.		172800	IN	NS	ac2.nstld.com.
+xn--c2br7g.		172800	IN	NS	ac3.nstld.com.
+xn--c2br7g.		172800	IN	NS	ac4.nstld.com.
+xn--c2br7g.		86400	IN	DS	42810 8 2 5BF46578D493A97436A5852ABBEA6CD186BD5786AD7D08387B7430228371EE33
+xn--c2br7g.		86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . nCSCfglZzpSW28SrcvZXwIlXDiwwhmzDnC4L7vKmtVCV//0z1a5RYWszesJGEVWljnGmh+TYgi/yfFnzWV/zDFEV9f85AYXLeza3IREZxGRXoszoKT7SwYcVTVjNAaoASwwkkBTN8mHDb8kE+Yib28yXe289ZLcRf0oSOZHm3sXQ+BRVnCf9XDmH1x+y39rYWOcFpMDSgNJ9niknWbkrG2jtLN7poUYyVA095iyiRY2pm5vVBGVzH8NpcMiDMEW9FgCnVvtQ2uhnX4mp7rUPA3qwAASECto6ViLN8auKhujIZHfLp80ufXTYudLkYD6DS+uqPQnxxK965bCrzIK4qA==
+xn--c2br7g.		86400	IN	NSEC	xn--cck2b3b. NS DS RRSIG NSEC
+xn--c2br7g.		86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . mfHy+PwaA+0I3S3eycQE3k0gsHFnCVGSXbBrXfx+R/NCcjiT6M9gyYNrfyMmQQ0V/2xpyvSwKVq2bjtwmzHvxd8zEbzSFZoT/piyT20mXKMh0mE63YEP22qebyBKkR598wvwVQ3stfN8n66A9/RB4t8TS/3grOaqZkKqAcd17L5HNcf2UtKtgvwDKuKBPIIFBjajLcQKIxfjfsWuyOR9+irDcac/loPepVkMKgb+sz1YkNQa/pg0/PSW8/lZtSeTrz/UlxghjDbDQF+IylNsFGe3RpMAp6PP5VH2G2s6G0sbqUbLDtM4EAQx3F+149kqk1MU0pIacnWU2/weBCQkIQ==
+xn--cck2b3b.		172800	IN	NS	a.nic.xn--cck2b3b.
+xn--cck2b3b.		172800	IN	NS	b.nic.xn--cck2b3b.
+xn--cck2b3b.		172800	IN	NS	c.nic.xn--cck2b3b.
+xn--cck2b3b.		172800	IN	NS	ns1.dns.nic.xn--cck2b3b.
+xn--cck2b3b.		172800	IN	NS	ns2.dns.nic.xn--cck2b3b.
+xn--cck2b3b.		172800	IN	NS	ns3.dns.nic.xn--cck2b3b.
+xn--cck2b3b.		86400	IN	DS	3841 8 2 123A65D7E5CEAAC47D65136B12037A6965B9A52F8ED600C1CFBEC8039B5877D5
+xn--cck2b3b.		86400	IN	DS	54514 8 2 00A885297FE7934B3A92A271DCCB88C79E37C8F1B18D15214E50E43E2386C63A
+xn--cck2b3b.		86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . A0N/XYsXbZI52fDTJmtFzi2HDyYBSSACAaoqmVron1br8kKklKzE2zDJH3HRGjH6MOKRypPFftXY3t89Xt8cw4HbIgIl0ZDT2oe7/8peD7vwJuYNh7CrZBHwktVKL5uwhnVQFjwNZEhF5jDGnAWWHH5+LwSoAeIP7sKwFYl0LHVmakIi+wmZpTuwRPgHPHWf3oHA5A1IEHjYoqASEiI4nFsoEjNI2jq26IBXch/77mlZ179AxmH3L3YYHftemd6twOy/C99pHhcsoHPIS9ftwR4dXh+6N/b5TI/YjI/A0EcL+36PffCD8kM+oGkAR0AF8nHOC6yiygoaNXmPAzB12A==
+xn--cck2b3b.		86400	IN	NSEC	xn--cckwcxetd. NS DS RRSIG NSEC
+xn--cck2b3b.		86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . AUJkUm+iHwA4Qpo0jJEqz6lWJlZBGhAi2mf0F8dIVvu5jo25/8yvvJnxbC8RuxhM4DUaQT7SL2EWqi+OXJdS/JSUP/8P+Io+k2yCEmwa08HBfXOAotHzQ950fzVri7jyDZ/5rdxO6gqhPKQk0yEJ8zPnICDyOtJz/WX/Ic2zweXFzCecfH+pc3EP/CqUnt61c/UUzjPeUp0BK7b7Id4WsCSCfB+8qFlJKkVDlFvJtNPMd7S5kVv0SpY2rmlJix72chlpEOTJ7UGZDIdCF1a00C2fXiiTIP5QNxtrJym6OgEuKtr9MfhC8vy8iygTQKIuartOmVfyPfh/S5j3uyrclQ==
+a.nic.xn--cck2b3b.	172800	IN	A	37.209.192.10
+a.nic.xn--cck2b3b.	172800	IN	AAAA	2001:dcd:1:0:0:0:0:10
+b.nic.xn--cck2b3b.	172800	IN	A	37.209.194.10
+b.nic.xn--cck2b3b.	172800	IN	AAAA	2001:dcd:2:0:0:0:0:10
+c.nic.xn--cck2b3b.	172800	IN	A	37.209.196.10
+c.nic.xn--cck2b3b.	172800	IN	AAAA	2001:dcd:3:0:0:0:0:10
+ns1.dns.nic.xn--cck2b3b.	172800	IN	A	156.154.144.193
+ns1.dns.nic.xn--cck2b3b.	172800	IN	AAAA	2610:a1:1071:0:0:0:0:c1
+ns2.dns.nic.xn--cck2b3b.	172800	IN	A	156.154.145.193
+ns2.dns.nic.xn--cck2b3b.	172800	IN	AAAA	2610:a1:1072:0:0:0:0:c1
+ns3.dns.nic.xn--cck2b3b.	172800	IN	A	156.154.159.193
+ns3.dns.nic.xn--cck2b3b.	172800	IN	AAAA	2610:a1:1073:0:0:0:0:c1
+xn--cckwcxetd.		172800	IN	NS	dns1.nic.xn--cckwcxetd.
+xn--cckwcxetd.		172800	IN	NS	dns2.nic.xn--cckwcxetd.
+xn--cckwcxetd.		172800	IN	NS	dns3.nic.xn--cckwcxetd.
+xn--cckwcxetd.		172800	IN	NS	dns4.nic.xn--cckwcxetd.
+xn--cckwcxetd.		172800	IN	NS	dnsa.nic.xn--cckwcxetd.
+xn--cckwcxetd.		172800	IN	NS	dnsb.nic.xn--cckwcxetd.
+xn--cckwcxetd.		172800	IN	NS	dnsc.nic.xn--cckwcxetd.
+xn--cckwcxetd.		172800	IN	NS	dnsd.nic.xn--cckwcxetd.
+xn--cckwcxetd.		86400	IN	DS	2212 8 2 750AE447B9A971825D2818BE9DBE88896F6FCD9148FBA4CF481F4323DD2E9633
+xn--cckwcxetd.		86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . SM51EX0M7nxCSr4nsFqozSh3you/aRQ6Aw6ikWo4NP7vuUTRuHJrThcdRwOm+5ssFx3kI+rMLQAMqIO83bF0G5uu7sPpiJXjxOgdEsRJkCy71WbNwL21XFg8t7h5hxEeHY90VaZrKwmBHaeU0ESh2CsHKFpZc0XxhLqa4gZiqJ+0MzzFEZdwjYDf6ofLckb2dSi1zrpxVp+ohYxchPL/go5pSmTpbG5gHP3hjZfn4woFPS6U2dVXCADwMd+BrMgwVxhVEt5PF8VYHqVkQFEykHntgTkBrpKbifDsesaEbUNuRu70/UiPcFZEb/NgYY/ZBA09n4HXXNU2lm6d7ZEGvg==
+xn--cckwcxetd.		86400	IN	NSEC	xn--cg4bki. NS DS RRSIG NSEC
+xn--cckwcxetd.		86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . njNAoVF0GABtPvGZ6YJ3OV6hEQYJb+yiUE5BmlFRCnmiLPNkcMKOk3/XYnOUGtUr6zfeZk64D7KkLaQLJnwbR4aSfgmsegtd0Adf59MbE3392aqsjPTzbp9eAglfD/bK7CrckAvrisl1Cpk+Qu1G0HhjSetFJHhgy1VH5tLuMuFVpd21oZ/JFK2XgvZcSSAXmf9tAPuA6SYLxn3Nvqt6c0hbQcrBtPloAWxzFfYGBmSph1ZkMCQdp1HiCWj+RIoSXKmjT8yAa31B3Fw8k0kjLRgX1AkbIG8eHvt61tE24VgffNJ5C5Xfv3m2wtJQny3jkbOsp4Gdo6fIrqN38W1rBA==
+dns1.nic.xn--cckwcxetd.	172800	IN	A	213.248.218.92
+dns1.nic.xn--cckwcxetd.	172800	IN	AAAA	2a01:618:402:0:0:0:0:92
+dns2.nic.xn--cckwcxetd.	172800	IN	A	103.49.82.92
+dns2.nic.xn--cckwcxetd.	172800	IN	AAAA	2401:fd80:402:0:0:0:0:92
+dns3.nic.xn--cckwcxetd.	172800	IN	A	213.248.222.92
+dns3.nic.xn--cckwcxetd.	172800	IN	AAAA	2a01:618:406:0:0:0:0:92
+dns4.nic.xn--cckwcxetd.	172800	IN	A	43.230.50.92
+dns4.nic.xn--cckwcxetd.	172800	IN	AAAA	2401:fd80:406:0:0:0:0:92
+dnsa.nic.xn--cckwcxetd.	172800	IN	A	156.154.100.3
+dnsa.nic.xn--cckwcxetd.	172800	IN	AAAA	2001:502:ad09:0:0:0:0:3
+dnsb.nic.xn--cckwcxetd.	172800	IN	A	156.154.101.3
+dnsb.nic.xn--cckwcxetd.	172800	IN	AAAA	2001:502:2eda:0:0:0:0:3
+dnsc.nic.xn--cckwcxetd.	172800	IN	A	156.154.102.3
+dnsc.nic.xn--cckwcxetd.	172800	IN	AAAA	2610:a1:1009:0:0:0:0:3
+dnsd.nic.xn--cckwcxetd.	172800	IN	A	156.154.103.3
+dnsd.nic.xn--cckwcxetd.	172800	IN	AAAA	2610:a1:1010:0:0:0:0:3
+xn--cg4bki.		172800	IN	NS	ns1.xn--cg4bki.centralnic-dns.com.
+xn--cg4bki.		172800	IN	NS	ns2.xn--cg4bki.centralnic-dns.com.
+xn--cg4bki.		172800	IN	NS	ns3.xn--cg4bki.centralnic-dns.com.
+xn--cg4bki.		172800	IN	NS	ns4.xn--cg4bki.centralnic-dns.com.
+xn--cg4bki.		86400	IN	DS	59631 7 2 7A16187809F4725A91F192336F6A9576F246DF35EDF500A1356B8C8DFF2D59F1
+xn--cg4bki.		86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . cyi0vp1lMlFtvMf/dcljqv6lMXM2yPFuYBDg4pgY94qwYmxeegQBOviHB43im68vVvVGnnwPZXpVD0DMqcRgOm3u2LB/97yCs5DZP0KvBH2cdyIKXZbfyh9wMZIAztljmtgjW5/Z64lr4v+6Tj4JjzIPPU/LtoLwsgfqsMEjNwUnICq8PI+++v3iSzXwmMGznybsvJdgcF/meKjJJTD1fyyWTwvyDCTgxGNRooATBA5cIY8k6piRciYjaMd3B14L+95cH61Q5HRFxWckYb6A9wfR/T28Q9tWN3KZ2MYd30PpfUENedey9ggl2OlXL86lcMjNvZBvdE08ODIyPAzP/A==
+xn--cg4bki.		86400	IN	NSEC	xn--clchc0ea0b2g2a9gcd. NS DS RRSIG NSEC
+xn--cg4bki.		86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . UHa5EGKOIaNuK1DrHdj/qh7Re7kCUM0RUxRK9vkSm6899HeGXgi0r8Gxq2yHDbcvv4zNI6ceUtgfPWMXd6pIZDkiTQaYE8M/cbVhN5ZHKkZ7/J1DpN7WooFcVwCV5clk9QxDJXNK8ogE0sKuqtOLg5+/dkwcTKmWybatFV4L9WPnIqk7m3FA0nbFTFYXttJk+hBXMCBjb5fEHz3tvjOW8NW0JsPl5BY6FQn0jI7BEYr5qaeHL7jOn708MuwNDCT0uU4YulUoD3o2xlWuKhnATVfhRzWj6M0C7wAkxTwXGID1bDCA2uctSxNH5jEJPtmXWfxcyrEWDPoFuXdSWE5Uug==
+xn--clchc0ea0b2g2a9gcd.	172800	IN	NS	ns4.apnic.net.
+xn--clchc0ea0b2g2a9gcd.	172800	IN	NS	pch.sgzones.sg.
+xn--clchc0ea0b2g2a9gcd.	172800	IN	NS	dsany.sgnic.sg.
+xn--clchc0ea0b2g2a9gcd.	172800	IN	NS	dsany2.sgnic.sg.
+xn--clchc0ea0b2g2a9gcd.	172800	IN	NS	dsany3.sgnic.sg.
+xn--clchc0ea0b2g2a9gcd.	86400	IN	DS	48176 8 2 C1C692E8BB1ECAB17A80C5829445D6301787A275B6091A95754C4AC9681FB50E
+xn--clchc0ea0b2g2a9gcd.	86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . ss7BmCPSBske6eAxheQHiwQLNaue6Gy2m0qiZkXp/Dpyb0TvZFbZzNsnjUM/77BECoJldxnoTcblQoY0HKaO9OpUhU2RtSwd6FlWVfQPbq9TenCmevm++6jXjEX8iFWBv2V/4tRf/xPRyLvbYz063KoC5ppiljWwaoWKDfs/OG46fS5SSyBoxjyDCpvTlO37SSL1ayGz+ahz8RvM9aLSp+XLXtzNUhPrfd2qUgow47e/q1ehwZCremhl7gdIobaadzdwdDduOWwQl5PS+PaGe5vpjz4iWbWvJFI3LbnTKFyG6zuJbP52Uc6DWotuhnmE5eFQS3bYvuSLXBGdJlZypA==
+xn--clchc0ea0b2g2a9gcd.	86400	IN	NSEC	xn--czr694b. NS DS RRSIG NSEC
+xn--clchc0ea0b2g2a9gcd.	86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . cj+D9EIw0LHPurbrH/ofFR8bBJXECuJpGcdKv5Q6LBKJMCeykfEkVGYGosoW+296A1uwnwrq3FCYZ0i3/KaPB0rfqSlRQX4BWvHCGbGroCt63+uucIgamQ8mLio+vWTVGZ9zBH0hhjKxMcUDg6Rn/0S6he0Q7/hZjYpttk4DUI/HsH1PJ4dAviD7NS6aFyVrPvuJkRbQa5IRCav+sE1pA0Fqbj2HgzhINrJQKTevs4HU3z/tOlMD3pGBgKjLaQ9WuRGL5FMDYh9zutQvi3y8nb0yc62Cm4JjMIhjy24nR2p3wernWFN1pc/C1nUqq1BvLwZ6C7Cum8tVaGYL+wQrGw==
+xn--czr694b.		172800	IN	NS	a.zdnscloud.com.
+xn--czr694b.		172800	IN	NS	b.zdnscloud.com.
+xn--czr694b.		172800	IN	NS	c.zdnscloud.com.
+xn--czr694b.		172800	IN	NS	d.zdnscloud.com.
+xn--czr694b.		172800	IN	NS	f.zdnscloud.com.
+xn--czr694b.		172800	IN	NS	g.zdnscloud.com.
+xn--czr694b.		172800	IN	NS	i.zdnscloud.com.
+xn--czr694b.		172800	IN	NS	j.zdnscloud.com.
+xn--czr694b.		86400	IN	DS	56914 8 2 5465BAA574AA100721EDDED85284559D873F32FED96C02D0144B0281569FF37D
+xn--czr694b.		86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . H4ogTpfHqvSGNOpSdro1wT98A9ZtSQp6sV7O5SL8iYAUb1fDhLZ++v8Fzu+M+4mpAQaWBVKKVdfFML6xa9RBSZ+z/p8KViZKopw+x4/alsyfiKo1yQ9YPQcJIVa0YLSpTsmyg1KiT+V6zSxMos5xL2/+Rb1rh0o4k0+kg3nCHDWirkrwdP1iQxuyF6uPPWnIwVE370BU9wcueFD71d4SkoAYsw+1t2IOgp4ln2te1nEcWHA3ykbxShTwPo3wT5nOErcMo2383wl4QgFcijHZfTs4bL9BkfWZjRlVIvnox61W77y2G7oycQFp2fswPrCwUJ3wTTco/ZCFuOspZf4mwQ==
+xn--czr694b.		86400	IN	NSEC	xn--czrs0t. NS DS RRSIG NSEC
+xn--czr694b.		86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . drTUOCeG/RRp+n8dkP9SwJlM1VrtP/lceIxj6xOFdSTnKiJuyDk+vV4UwpjblVOgD2uoinzmJPwwsG/+60fQVNeIwpTOUiFPL6GRCAfMNfptl9NKSFKD+WOM4+3cbnQIIIfvETF+BKnUhxTJ7SJUKkKbFIhjyRvFJrXdTiBzD4Zjnk9eAzKk6d4Q6XCTL9iXYoFMd6R/q1N1waVp7+/RM8kst5zy7CIrkqzFYFi1DF5TwtLElI0HorJ6vOdqqSCh5lE0OGsK6JLdW+xvfPMRLL+oeaYBkaMphi/Gy8obLgXuGXJI2NdGpTzvr2glBklALF0Anq239REfoi6WinEAZw==
+xn--czrs0t.		172800	IN	NS	v0n0.nic.xn--czrs0t.
+xn--czrs0t.		172800	IN	NS	v0n1.nic.xn--czrs0t.
+xn--czrs0t.		172800	IN	NS	v0n2.nic.xn--czrs0t.
+xn--czrs0t.		172800	IN	NS	v0n3.nic.xn--czrs0t.
+xn--czrs0t.		172800	IN	NS	v2n0.nic.xn--czrs0t.
+xn--czrs0t.		172800	IN	NS	v2n1.nic.xn--czrs0t.
+xn--czrs0t.		86400	IN	DS	1450 8 2 EE874DD50BA3CECB8187C1D3FB2F8C72FAE826A33C0C6A96DAB7C16DB8A70D84
+xn--czrs0t.		86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . jVZFd/Or3AqVNEnigJmCH3Cczx8KgIl+JrpLjrapaQ0TsEgLqcX9nVKSOvQ7MI+ayeqgi4QnMT2iR36hemEVUqKzV6kt5C3BabgRzf7m7M6mcooF6YLcPjM5vsv1L5z6Og7tcN4jwDsRd6qXl8L0dN4gPBfGKjlJfZwMg6jE1KBn8snJ1VuDvu2AW7DoR0BUUNx0nuUDaxGKXXdZJwD8xd37pldPwt1hUkbi97Dq0zay+coorHI8HE7F11ek+5qnnQwL90HjAZKRTBMuQouQfV48BankqcF4fGQgLqQfkcLi2njI194XyFTK8LGTDkFNLKEi80hkm1Np3xX4Q1hHyA==
+xn--czrs0t.		86400	IN	NSEC	xn--czru2d. NS DS RRSIG NSEC
+xn--czrs0t.		86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . UYyDa13+R6OB4sKfSgiwilXB8+WO/nVultkQKHSgLZCu4d3T4mlb/Wn4/9zInG7WGK039Trgv37wANXN6vOHyJAIiGDdd+efhvzb4U+5Nm8bHGUTPKom5WLm5cUCj3b9+kvNwhITo+Pa9i8X1iOMHtgEWBcGarmfZ1zaztLnJ+fKgN8s8wiF+JIdRzTiqpiDA8wFLp2bN0zD4bydXuCX6n5WmssYU3IEQBZu8ogruPwgA7cCsMAWUvxmxg4LweC4CmB3K/mMckxsmdYz1UjMTWAyBX2b6QS+AJ7QcirfzILBm/OeihtB7Nip7/izlK9TWfcT7XSQ66ak6dBhtBRUag==
+v0n0.nic.xn--czrs0t.	172800	IN	A	65.22.28.64
+v0n0.nic.xn--czrs0t.	172800	IN	AAAA	2a01:8840:1e:0:0:0:0:64
+v0n1.nic.xn--czrs0t.	172800	IN	A	65.22.29.64
+v0n1.nic.xn--czrs0t.	172800	IN	AAAA	2a01:8840:1f:0:0:0:0:64
+v0n2.nic.xn--czrs0t.	172800	IN	A	65.22.30.64
+v0n2.nic.xn--czrs0t.	172800	IN	AAAA	2a01:8840:20:0:0:0:0:64
+v0n3.nic.xn--czrs0t.	172800	IN	A	161.232.14.64
+v0n3.nic.xn--czrs0t.	172800	IN	AAAA	2a01:8840:f8:0:0:0:0:64
+v2n0.nic.xn--czrs0t.	172800	IN	A	65.22.31.64
+v2n0.nic.xn--czrs0t.	172800	IN	AAAA	2a01:8840:21:0:0:0:0:64
+v2n1.nic.xn--czrs0t.	172800	IN	A	161.232.15.64
+v2n1.nic.xn--czrs0t.	172800	IN	AAAA	2a01:8840:f9:0:0:0:0:64
+xn--czru2d.		172800	IN	NS	a.zdnscloud.com.
+xn--czru2d.		172800	IN	NS	b.zdnscloud.com.
+xn--czru2d.		172800	IN	NS	c.zdnscloud.com.
+xn--czru2d.		172800	IN	NS	d.zdnscloud.com.
+xn--czru2d.		172800	IN	NS	f.zdnscloud.com.
+xn--czru2d.		172800	IN	NS	g.zdnscloud.com.
+xn--czru2d.		172800	IN	NS	i.zdnscloud.com.
+xn--czru2d.		172800	IN	NS	j.zdnscloud.com.
+xn--czru2d.		86400	IN	DS	995 8 2 C37DB96801455F34FC09B824107A81B4DF13F273E00D1EF24B73986DF0EDA81C
+xn--czru2d.		86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . xAdVWT7T6I917mLZ2Z8BR1r5eLMAg5jL8oFCr3CNUTw9vM63t2Nw/of0Wa9PqujY8V1voJYClf5fmQ+pG2TVqocoo4rYGP+f/NHcCWLEhlNgCXsnFjOSNdAX9frlMmqMbrnLFtTk8eX3SHwN+T4hwLW/y9oPaESi0WmqRjh4PwN4/QuZ4fG9bvKVBiRFeWzcAotOkPek/5B5ZRqfHH4hQ0dQ+SvDto7o669wEr/zHtmrIzJvaVzS4nW7shhDcD7jZZQ7Ktd+sZ6Ly4XlZEsUvvLFYPjFDNqUKYwJZAKbMhapmo5T9sM/vVs3RJbCzT2nK37Izf/nHi5wxlxCd3hSwA==
+xn--czru2d.		86400	IN	NSEC	xn--d1acj3b. NS DS RRSIG NSEC
+xn--czru2d.		86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . p0WrtcO3bUjpVdpTh2kCdqQKl9fzGOmSY1EME4z6f/AyNhRjppW90B/jN9DbSiApEMIbgbb6P969mgV/Ez9aoinLfVRXHb++HxF+H2gNQANCgfCTKwgYhdmXpNZq0ucWKRi+91jLK67TdOgnhWghMJfhhfgKs3rtUgDPi4xCln/uDhTSamKBA2czF+MmLCiSTaO9fxpjz55tJYpj/WWfi6QO7Bk7C8MlZU5YacxtkfgZK8bZ4dXGn5qPORijLx9lTWD7CMBSmMby41aT7Xz0t6T68bLVQ7CIOgiljCVYP2zYWXNcr29Oa4WHRC+blaDOS0FOAjqxbpjd18aFQykOTA==
+xn--d1acj3b.		172800	IN	NS	a.dns.ripn.net.
+xn--d1acj3b.		172800	IN	NS	b.dns.ripn.net.
+xn--d1acj3b.		172800	IN	NS	d.dns.ripn.net.
+xn--d1acj3b.		172800	IN	NS	e.dns.ripn.net.
+xn--d1acj3b.		172800	IN	NS	f.dns.ripn.net.
+xn--d1acj3b.		86400	IN	DS	62719 8 2 78004BA803C2F5F251F3227C072DF8C545D30F3A018288142692AA4D20BA3F24
+xn--d1acj3b.		86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . SR71Abw3N87czGzq7GVsRYPXbJN8AEC19B5odm/NhgO+xPYpukKC46+843gnUYComJSD8F1FWWXRM6GNDsjFu7qlzSHg6B+vFW7z19ZBQlGVqQWC8dO7lR+TLoX2hlXF0u9M3L6Fh4bVhT88do/F7QQmOKy4gwRe9+00AAIOgi3JFAPa+xI3YhYO+cv3JZQm8diZJKB2NsvYiZr4thLdrlurIP1uV12mBGhavyLX/PArptrDNXtBMXYG1D21tnmZBRATFQJw+fPGql19W0epp15ach8f/19gG41v8tByPMgwpsllsEvRHq8yhuXQtq/CaCn/VJQ4GBSuRAMduI31AA==
+xn--d1acj3b.		86400	IN	NSEC	xn--d1alf. NS DS RRSIG NSEC
+xn--d1acj3b.		86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . KTCKmJ/N+yq4Y8JsqXDV9iUBS6QgMzEuTmUqxW2qGr8UZRG2HufBiEMQtBWhfSpQCfvvEaBgdhPVZn3ZQY1rNYf3DqvmJ0wESKK1zJPtaDuiJWGE9SB3qrqTtes9BWsiOU3iNHp2xfyoVj4iE2Nhmf9KQF8oTy5qUw1pdaX3+fl2BGpVdDtk517Xf2jSwLrJDw8LJFF6WZD5qQAtVH7nFcN1yWqzexMHPRe7s9yVBWMOst6dlw5ZoR/Bfs0R10veOgIhs5pTlyyRLbfsVBRK2LKeGbdwjxglc6Rom9oYjIZICer4gl90hSJLPU15zb9jh2c4cg6WbpvUJmNrd0OROw==
+xn--d1alf.		172800	IN	NS	d.ext.nic.cz.
+xn--d1alf.		172800	IN	NS	ns2.arnes.si.
+xn--d1alf.		172800	IN	NS	tld1.marnet.mk.
+xn--d1alf.		172800	IN	NS	dns-mk.univie.ac.at.
+xn--d1alf.		86400	IN	NSEC	xn--e1a4c. NS RRSIG NSEC
+xn--d1alf.		86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . CsVDUJ0ej31G+2D9ZeyYjIDootdgCaDPNBmazgH+nZAwjIdtxlIPXgnxSfGGpcGAkGr1R8krI8DxrRXmS4rlWh8wlkdtove9uUa2+9SGyeueaAIRo6KsjYIcWtS+YoxS58yaZLR9NJ8J7sv2eiMP221EZwv31hPAlvWIY9ManmWlBHGIPkLet3ofNShnkZaxCQHxMj3uRe0TW5kLHnD95PM1ESQpmmw7sltbYoWOLNfXDTjGwVXv0NNrPprvI7+27xU/z2wQAbBp20E+wda2/mxh+EDGW29NjYSyqOVKI3UmbGnfKWrExMvbCoB7P61Ru+CEUgCnZ4w8j3n5YLLKbA==
+xn--e1a4c.		172800	IN	NS	w.dns.eu.
+xn--e1a4c.		172800	IN	NS	x.dns.eu.
+xn--e1a4c.		172800	IN	NS	y.dns.eu.
+xn--e1a4c.		172800	IN	NS	be.dns.eu.
+xn--e1a4c.		172800	IN	NS	si.dns.eu.
+xn--e1a4c.		86400	IN	DS	8731 8 2 90045C6E0579687C19D9318132095ADBC9532831F3D175004D8E4A05FB05D268
+xn--e1a4c.		86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . x+Jvc5Bf2dx0MATVNbMVVS59qQx/vCMAbape14AS8qp3DgiOwzQRPe613Wnjr0UXw6mUcyJl/Em2cFNqTpmnaQ559/PCuEZaYtxd7h5IiaR9vjiO2zxHATb+xd8oUu03bplgObUW78y2nG359B77egymQ16zEmvnJt2KWrGawddQYom/NdJDxXnPv/LrAgRNwT4ejl+eXRPN/Gof0glbW6HEwjOA1tlqc81qIr8pWfzIrXQb1tltCvnnrmOqiF2BF2dT+mndhchrUYQD9s2nXd9zf/HWNOdSCobzWX5HySRvBmGpvW3e2tpi1gr5tl1yB9cLe7tV+4RoEvtpE/ATIg==
+xn--e1a4c.		86400	IN	NSEC	xn--eckvdtc9d. NS DS RRSIG NSEC
+xn--e1a4c.		86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . ZnQK05v6r7biLzh+EICSf72ecbZpSYsbDXC8o9G1dWCYZd4hQRtVEw5CO6rA1A5MkN6etjBhGRwqpjxz3wBo+C/8QlyZGptKZHorkvqqUkK9ulJ0fy8A1HO1nb45GAD3mu/02sAFp7Fh8UB1w9wq/rVxfqs1NKhvrMpppKZ5QsB/czk7GxuI+B5L62nokmMEK111l5OcZXfMXqOPRhkUtm0avFtXCd/oZ60gTtuxiwQRegvZx+pZBAiatAfTAnkmnkfBdrZaqSDGgE++EiAHAnpxNKPKPPh8eyNDNvK3NGU/1BDYwftacaHrMyaWjzHAHcskxIgYFW8KkCSZkc765A==
+xn--eckvdtc9d.		172800	IN	NS	a.nic.xn--eckvdtc9d.
+xn--eckvdtc9d.		172800	IN	NS	b.nic.xn--eckvdtc9d.
+xn--eckvdtc9d.		172800	IN	NS	c.nic.xn--eckvdtc9d.
+xn--eckvdtc9d.		172800	IN	NS	ns1.dns.nic.xn--eckvdtc9d.
+xn--eckvdtc9d.		172800	IN	NS	ns2.dns.nic.xn--eckvdtc9d.
+xn--eckvdtc9d.		172800	IN	NS	ns3.dns.nic.xn--eckvdtc9d.
+xn--eckvdtc9d.		86400	IN	DS	15400 8 2 02709FFCF8A245CDC4BB1D688F982898F244A65D798C574A5EC82749C918830B
+xn--eckvdtc9d.		86400	IN	DS	40972 8 2 87CA2A9DFFF26F0B71F1CFABF9DFA315ECA77CCAF0168C5A39228AB8A5394D7F
+xn--eckvdtc9d.		86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . PzZ4DdY9KAU58l2WiM2AP+UdWcNmlbY17VGxk/7DSUpnUBJ6lCr2brsI0m1L+GeZDlot52MLVeZSGWWkw+8IuT3h1YQmEAFyC6qxmwJomvWsZG0jQLbiMG4qdvZfgwLiYNY1Bj0qVlL6ksAgRHqMsU9O3bAb1hTTBpnJ8biykM0XTe6NLeAwRlUxTlSs/hbwV+wubIVlaeVYRmwNdUNlKhjcWRpu+yCfZWHkeOdFlp5VxILFhyxPx4PUOQIpjtef3PtlAUfoENBhzipbSU/1nNaLuMh3x6aMrR7gRQeze6sqTSSeFNC0qWv5/ZjvYsMEyYQrKpH+T5uHVm4zht/htw==
+xn--eckvdtc9d.		86400	IN	NSEC	xn--efvy88h. NS DS RRSIG NSEC
+xn--eckvdtc9d.		86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . Mu+O2yqaCP8RTx2kaQ77KXgprMKC4xCYowEQUNxIisrbBrXp1HTOz8jYf3OfKwBc63hpb9Jvdjkx9KKBVYmrrONU8TWWmVW7Wd6Sdq5xgVXv4ZVkB7O4DQ0iQRtZlubilfFA4kWmeWl+MTHgFgFPJk1zihWfKLBKEkMcha10SuKjwMcKzLMOYS2NLCfGMoxoeOQL3CkEGvJmBp2ZLeLGcHWkmwKXF38yOoRjcZRvu1PMAqupw7b+2X84P9G9fYqUEUX3OqcOCIqjaVZld4CPq84z60XjuBBWBf8SescLmI+TDysuYwqxuYADwxo8RsA3vuIYkU8JBoG+VVokwwFpzw==
+a.nic.xn--eckvdtc9d.	172800	IN	A	37.209.192.10
+a.nic.xn--eckvdtc9d.	172800	IN	AAAA	2001:dcd:1:0:0:0:0:10
+b.nic.xn--eckvdtc9d.	172800	IN	A	37.209.194.10
+b.nic.xn--eckvdtc9d.	172800	IN	AAAA	2001:dcd:2:0:0:0:0:10
+c.nic.xn--eckvdtc9d.	172800	IN	A	37.209.196.10
+c.nic.xn--eckvdtc9d.	172800	IN	AAAA	2001:dcd:3:0:0:0:0:10
+ns1.dns.nic.xn--eckvdtc9d.	172800	IN	A	156.154.169.66
+ns1.dns.nic.xn--eckvdtc9d.	172800	IN	AAAA	2610:a1:1071:0:0:0:1:42
+ns2.dns.nic.xn--eckvdtc9d.	172800	IN	A	156.154.170.66
+ns2.dns.nic.xn--eckvdtc9d.	172800	IN	AAAA	2610:a1:1072:0:0:0:1:42
+ns3.dns.nic.xn--eckvdtc9d.	172800	IN	A	156.154.171.66
+ns3.dns.nic.xn--eckvdtc9d.	172800	IN	AAAA	2610:a1:1073:0:0:0:1:42
+xn--efvy88h.		172800	IN	NS	a.zdnscloud.com.
+xn--efvy88h.		172800	IN	NS	b.zdnscloud.com.
+xn--efvy88h.		172800	IN	NS	c.zdnscloud.com.
+xn--efvy88h.		172800	IN	NS	d.zdnscloud.com.
+xn--efvy88h.		172800	IN	NS	f.zdnscloud.com.
+xn--efvy88h.		172800	IN	NS	g.zdnscloud.com.
+xn--efvy88h.		172800	IN	NS	i.zdnscloud.com.
+xn--efvy88h.		172800	IN	NS	j.zdnscloud.com.
+xn--efvy88h.		86400	IN	DS	16702 8 2 3DC3633898AEF4CF395E3B558DDDB6B02111ABC6BC31BE55346BB44CB7778E74
+xn--efvy88h.		86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . ZbmdsFJnqoyaK2s9KCxZZAjyCdxXnnAZwwuqliE0EF0nR+lloPvnXmTWngmZuAttddhUcnPntnnhFP1BaRLxI5LkKK9GSgjUONtAp4ybnzaUrSytKDMwau7q3sRzg4O38wh+faOxWl2dA4UiUaj3cUYGDX16GGzKdVw7PeugzzCZXsFY8omWwrq80yugb/aIsmNzFUEBKLkZZ3G9P2IxQNFKGv9fiIyngzI/lDVjuMULv8k40uFV4VzTDi54JhUPknveGitVc7IuUqtInA6wo6JeQxFiZN/vWMT0PbYcWqqMyi0ZXXbI/JjYQGfTpjHuPcE9MEXS0qqV9m/I9pbJ2g==
+xn--efvy88h.		86400	IN	NSEC	xn--fct429k. NS DS RRSIG NSEC
+xn--efvy88h.		86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . D+TqqJTCvdJIbkCdncZlRZMi8jhs/LjdQ7RbyNnCHkJcjBZyNR2mD0wbj/F8xrXUzEBrdrdA2GC6LmO+Kh12Mf3YRpC9OeW72RLEf8om8FvyWexCTbLVry5bid/rgP+7y4gJGAqIJeS0K0GW7DEADtONtWrN87FLwNnuJ5LFX9swomLnUWr+i70hB1qHuArs2aMUzhsG24yQUUVWTpexp8BAqCDE1WkEpxRPt9CL9P2A05ATfnjCIaEXRchAlqgj2SZQwB2t7KjyxS50ATKBrx1+PhJm/NplED+xbAZzPNPbo2g1bkcZLUAR6xGFJhPr/W0oQfFwCth4AqTcQDLlSQ==
+xn--fct429k.		172800	IN	NS	a.nic.xn--fct429k.
+xn--fct429k.		172800	IN	NS	b.nic.xn--fct429k.
+xn--fct429k.		172800	IN	NS	c.nic.xn--fct429k.
+xn--fct429k.		172800	IN	NS	ns1.dns.nic.xn--fct429k.
+xn--fct429k.		172800	IN	NS	ns2.dns.nic.xn--fct429k.
+xn--fct429k.		172800	IN	NS	ns3.dns.nic.xn--fct429k.
+xn--fct429k.		86400	IN	DS	8479 8 2 C4FA8D520FBB397127D969D901CF7D4CBA2341020E00066179F240C9B631005B
+xn--fct429k.		86400	IN	DS	43072 8 2 0C2DFC5910AB7282C7C3201810C8A465C2AD7A6C6C4E26B5D8A2282F0387685D
+xn--fct429k.		86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . fXBl1LF6ul/mYtnDqloj8AteeX2lnPiYD2c/CW/JK5QUE7lmRof0M+9ReuDn3lHWSfljuGJ9vqmqfct3J/SNyT5A75w4IL9R3aMnqTVDPbZKIJXbO7y30r1gVhaae9vZ0r7qIPwVtwU+rRHpbh6I7p/he772MReksrmgGvmABRwOBoZwIie6VwRSLGJuSdsZeQFk8ZYNpQ+mZ+9p7asRye7FEhXt2r0sGI1Crt4lu+oJacvl0jscz/soUWMjkU5PGjNlyGKGWtaI7sQmJjLmVX+w8j7IIPHg1e1PJZFTK+JgXeqrkGtM2U+T1PdqHaK8Rz1nvBDes7w7Egw5Y9+1vA==
+xn--fct429k.		86400	IN	NSEC	xn--fhbei. NS DS RRSIG NSEC
+xn--fct429k.		86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . g7mwJyshvcD++OSKXgpSC49CrMp0/T6SSdPJWnwpOBzlS3y/Sm7FLYgv+q0BLJIU1oZEJUoUQFLshC5eixeiw1HMVsfoou/j9+sVuCwf1sq848CV+LxmREPzyl/5fiPdDvSKH43kmFfVasUNGHVgBR+wB4MEQlcXLbGUFnz/l4J2gpjFQfcEWktVRjrjK28L/rTK0zZkLHQm0uwR/EcmyFrczg7tvaIt8Ub6bOsIaGDYlt2zMroyLbOperYrfmVuK4svdCELmexdJ7Rodaq1bRbrM/216mkp7HryVt8Gnsqi8bXQywIpUbgvrXQXugh1FXCU+5z2EW6DB+c2mZCHlA==
+a.nic.xn--fct429k.	172800	IN	A	37.209.192.10
+a.nic.xn--fct429k.	172800	IN	AAAA	2001:dcd:1:0:0:0:0:10
+b.nic.xn--fct429k.	172800	IN	A	37.209.194.10
+b.nic.xn--fct429k.	172800	IN	AAAA	2001:dcd:2:0:0:0:0:10
+c.nic.xn--fct429k.	172800	IN	A	37.209.196.10
+c.nic.xn--fct429k.	172800	IN	AAAA	2001:dcd:3:0:0:0:0:10
+ns1.dns.nic.xn--fct429k.	172800	IN	A	156.154.169.67
+ns1.dns.nic.xn--fct429k.	172800	IN	AAAA	2610:a1:1071:0:0:0:1:43
+ns2.dns.nic.xn--fct429k.	172800	IN	A	156.154.170.67
+ns2.dns.nic.xn--fct429k.	172800	IN	AAAA	2610:a1:1072:0:0:0:1:43
+ns3.dns.nic.xn--fct429k.	172800	IN	A	156.154.171.67
+ns3.dns.nic.xn--fct429k.	172800	IN	AAAA	2610:a1:1073:0:0:0:1:43
+xn--fhbei.		172800	IN	NS	ac1.nstld.com.
+xn--fhbei.		172800	IN	NS	ac2.nstld.com.
+xn--fhbei.		172800	IN	NS	ac3.nstld.com.
+xn--fhbei.		172800	IN	NS	ac4.nstld.com.
+xn--fhbei.		86400	IN	DS	9171 8 2 8FA92257D3AB8E1BE968BCE6500CD79EFC42D91F43226C7147F978E00C80944D
+xn--fhbei.		86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . 0nAy6wOMNPOsxGzKsCGswm6rtpRRAJFeEg5WRf8y1dPLK23UCBeza6Y8hE8MU41s2WbtFgcXdkDz8qUiLMWgrMOr067UEUiWVh2Cl8LfX7aobHcujFcVkcg+STxZU+FT5uuG1m+1GcYyGfq51/+RBehN+1xG0jpWrZvevFHBemUoydF1jKf43Qc29ImzbTva6bAICz/XGgSbq9G9JG3N5SmJ+f2dWx96b9U5VeapQsMO7ByZvCS2LC7lc/qFUgnB5CQ0yWU5eOif2fAshzEIgMQWxpFvJ15FFgMYYbPtS0y6VeYepVHvNOKny7aKN2qIiE71HAlmPARmk8YJMP5BPg==
+xn--fhbei.		86400	IN	NSEC	xn--fiq228c5hs. NS DS RRSIG NSEC
+xn--fhbei.		86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . wydeFkeEOTVkVPulbDhyrNRFYmmvB/0xZKv+eAXJ4skY/2gS2sDck9ZqIB4XGUvUAaskyjCTiUZop3KXEOqEYFG5MeC1X/kiAnkWdXZ0LFGOl60CKYvTsKpfsQIVBxg6psWar6/Y5+fUG3C5DwCURiPFmpXFKGAb/SJOxFTDpf2PK8xzX6CKFboZ6Z219ZD04X78cUXtk/PhAoyKfjLeT4mI891KxNAY7UrP7eJBxtGJC9reMV3mr+NFnx2ZhXDvMxHMDaMu2P8IqrCg6vOdxy4Gg6wmgdWw6pr2/UHcVl4iZHJouFHnt0I7G7u/3WrNcEN2O9SC+6S2IQvwaCsrKA==
+xn--fiq228c5hs.		172800	IN	NS	ns1.teleinfo.cn.
+xn--fiq228c5hs.		172800	IN	NS	ns2.teleinfoo.com.
+xn--fiq228c5hs.		172800	IN	NS	ns3.teleinfo.cn.
+xn--fiq228c5hs.		172800	IN	NS	ns4.teleinfoo.com.
+xn--fiq228c5hs.		86400	IN	DS	27565 8 2 646412B3004632FD45544EBEC09E1A2F27E3DDA2489814A170DFB2052BA1787C
+xn--fiq228c5hs.		86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . l8cRROf8pEFir/vwC9eKR2kWH54MNZD0de5UM/hDy5uTajuM6HRfxJ3/bt5wTy5JNcHh/bdtCUl0zJoJ5TD+4+HRFbPmf7jYTFnqBDMxNuRrRMj0+2cIloE8F4fIUgXwviG724IiPBQgR5J434ZhhsVWS44JlocBlUtdntmTKBwaJhP6KArXqwFh4EG5ewRfzy3x2D+SFisnF+YWedot/vTFgzA6g82A7w/su/J3JhcPFE9a/d7N4jbF4hUgefYp0VJeScV3QqxZFEf1lmKpZnxzBPEkRhnMuMGY/0CoSuHOXute3oI1LpO1kk5yWH3Ydg9+boruMBaGJPA7vfaYvw==
+xn--fiq228c5hs.		86400	IN	NSEC	xn--fiq64b. NS DS RRSIG NSEC
+xn--fiq228c5hs.		86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . IvNndWrroVYbubKjg+vSbKJcdFPdaOWLLZG1XiiHftNO6HQy3ck4q4j/GduiXDPe0Un8XFqpneQMlYXZFiWVfy7u9CxQ076MEntBDxnS5HAiu5qiABPbZHcaIe/dzh1z+quQDdpI7z2XNoBz2UGkCb5qrIQ9wpv39YYt86RtowkHYRBdqOllueWxhXr2/OF8bovZqQ4g1UrllDioCEMf8hZXXcyHfyc5emiosBpGi4XfeFaIy5X73UpNFOq1zetL5FGcwL9b5u0nNLNsxtLNqCeJg9I2DqS0Dtxf2Vis9PJRe9B0gszcoqT8KhvK4VwwX4kpa+XLFb+B+KcCOEgiBw==
+xn--fiq64b.		172800	IN	NS	a.zdnscloud.com.
+xn--fiq64b.		172800	IN	NS	b.zdnscloud.com.
+xn--fiq64b.		172800	IN	NS	c.zdnscloud.com.
+xn--fiq64b.		172800	IN	NS	d.zdnscloud.com.
+xn--fiq64b.		172800	IN	NS	f.zdnscloud.com.
+xn--fiq64b.		172800	IN	NS	g.zdnscloud.com.
+xn--fiq64b.		172800	IN	NS	i.zdnscloud.com.
+xn--fiq64b.		172800	IN	NS	j.zdnscloud.com.
+xn--fiq64b.		86400	IN	DS	38824 8 2 2DE6674A0EB17276F0E601CBD11A42A23FA04016329F0FA30A80DF7C6A5625F2
+xn--fiq64b.		86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . Hmy5jodKmdrnnEbuqHLTpHEx1tDkK1rSskH/pl7b5nXSjCzSGl/oB1MyugHlkV7+GAJjjlRYEwh1lkvvnDXoerDqwhIMmTzZbyVoDybZGRZwzZYeYDzh6p1cSM9I2LJZRdHjfDKdj3NYmcarr2fbq/dkjtZMyxk2tWFQZncmqxfdN5Vw2BHcJBPaVCR9KG1I8EnTp0TjoAiTFuC3BqxIbiGx/AHoO/GQgKK3Fy2ew5FoGA7KavQusyfwAtncRJ7mfvtVBI5vPA0s81yfi7TvZ1fBX+/IpZ+Th+56fMl1/TTQc7lPDcNIAjFtcSChFhG++EzyyRBJoMtif5IBjmz8xg==
+xn--fiq64b.		86400	IN	NSEC	xn--fiqs8s. NS DS RRSIG NSEC
+xn--fiq64b.		86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . j8F6MG2lAkrMRV/1zIR+hlB0BW6dtbCLLWMB8x1GmG4KcYU23rrUL76cX3o4/vOB7r3yI8YxQbHZc+ZpkoqPQcC8InaLkkEVPUf5/Ug1eNaw+1ztEmjdP3o69VPpOyY5sScqR62GF6M4yYgf3hVyjQHFIPQH+BnoO991bXaYIbvrEefgUKyKCE+zp7Tb0+uGbpFqXLQLJpB/rv8rnRQOj98Qn4jNQNDTeUENJiYOh20Axc/GU0UomTmnyPa6THH/rEEzY885NOlhZ/b5+URavTZ6kTs5SIOkTJ6qNExZHCjj/P40/Ufl7PhOc7Y6NsGqCmjaDSuObrG/WaL8+7xE+w==
+xn--fiqs8s.		172800	IN	NS	h.dns.cn.
+xn--fiqs8s.		172800	IN	NS	i.dns.cn.
+xn--fiqs8s.		172800	IN	NS	j.dns.cn.
+xn--fiqs8s.		172800	IN	NS	k.dns.cn.
+xn--fiqs8s.		172800	IN	NS	l.dns.cn.
+xn--fiqs8s.		86400	IN	DS	28162 8 2 9E1E18C1AEB006AD617593EC2D2971E33BB22048316D1BB9F67DDD5EB00708C3
+xn--fiqs8s.		86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . l00LWdvO3PDj1PlnxFCh8yr3hM2TKVhnoJ5+xYATxyxa+sIRx6RWl329xPqS0Mfu/HIs8OvpblP5prd7kWMiT4IAUh9VDuE8NQeg5e2Dh1dKLx2Rk9LA4r1JHJC/bx9cv74otkpwfb7HH2Dz4lcU9jYJeWvovbf5L8mb8VrLK+xKIfhcYXqErqTR/ra+Z0UB06ZqWRi4UJiE2snDB/7c8A15e3ARmAcSrMoEakUGF21NCFMqZrjaAfzvtBm3yAiDUNmiOkvoRiOFslmcvfITvauc9m2BG+nWrx3GmlwrYG96aAeWj/NUGKoKofvsw9F8elnfhTwpVtghZDLhT4UAmA==
+xn--fiqs8s.		86400	IN	NSEC	xn--fiqz9s. NS DS RRSIG NSEC
+xn--fiqs8s.		86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . co3XIxLclZ3aZm6mnwPuoVNKaVOoSotJRsyMuYVK2LHb66x66ExVrFXv0ON/A4i09Z5xVfwcIPaqfaQDmbfaNlLkdH1gakU3BXTHCHIbmGlu78XyIBI3iu1hx6HVTZEtA9CkBvTeUa/huwGUvWn8vbInFkyhVhJXMNW7PQQC16rtEM26BldR4/egJqu7j9kyQeAYZL1MaU2ET5EE7eB0Y5LMGEbbCwv/9jLOMjXLAK/4cu+G2OIn5T3n9N9rn6TO9kE1GwDjbp4UyA9fbf8MviYgHK1HKBxJ4G5DYti0mFLrjRgoop9Ke46SAj84ZB/gwBJNs54laVLJFlRagCi7PA==
+xn--fiqz9s.		172800	IN	NS	h.dns.cn.
+xn--fiqz9s.		172800	IN	NS	i.dns.cn.
+xn--fiqz9s.		172800	IN	NS	j.dns.cn.
+xn--fiqz9s.		172800	IN	NS	k.dns.cn.
+xn--fiqz9s.		172800	IN	NS	l.dns.cn.
+xn--fiqz9s.		86400	IN	DS	28162 8 2 30B55F108E07F9C2397F0D233324E02E667A137569FF91FC0311DCB73CEA1571
+xn--fiqz9s.		86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . WVXXf6D21eef+spDRgy45W16wu8TLmJ6VrZ8i0nNbhQhbaCv0W9x0rshiIrHWuB88uE0ahH84dckaM6XMFmahmj3GhV/TBxUnkcSER5amTjpNAFhUs9kumE6iGfx81zObnEWDVpGGB9bB5w2w00bSP8/XtL/pDjmYXfEEsZAC2ipJCTYz4tBuxxd1mdp6kWhRWpwNfvc2orgvjKsilTIaMKuOLSSeD5q+3EGnXrG1MTTkqnumpoPATH83+6ZffoMVSJaQP7By6GGKLuncz0w10qL62WABfc4W4goPGvM+ddPlZwoEOM79zaaGgDtggo6doHhoJRDHyM6ApXipz642A==
+xn--fiqz9s.		86400	IN	NSEC	xn--fjq720a. NS DS RRSIG NSEC
+xn--fiqz9s.		86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . lC9vdOiDT0rqA72So8wkJeodYzdjMuNKynAYxjlDoKA5qwbXks9Z3I+JlOJ6Z6ld7w+HuchpmhXLeMqXfPPMk5yY18G9xsRZ+CTYVXnSzUqYgaZETy6EwiADGEdwmjz+CrBe/vu2UM0LBEJiO+8M2FzlWLYOSHj8o4ht+0nQVgZJeSxAJmuGYp1hbdjlV1jusFq3A81jZX8Bu9FUNGb4FfpuTiCBdlI8qqj+Us9QQUZI5NptGGZCbbZZykiV7wD+aTh2pr/IZN+oPJrPE3dLGyBpRlFNLu2O5wZ20tLPqiTZokeYORIhNI+5HeCr8dncQwl0qbVXNm1n2APuwtxp4A==
+xn--fjq720a.		172800	IN	NS	v0n0.nic.xn--fjq720a.
+xn--fjq720a.		172800	IN	NS	v0n1.nic.xn--fjq720a.
+xn--fjq720a.		172800	IN	NS	v0n2.nic.xn--fjq720a.
+xn--fjq720a.		172800	IN	NS	v0n3.nic.xn--fjq720a.
+xn--fjq720a.		172800	IN	NS	v2n0.nic.xn--fjq720a.
+xn--fjq720a.		172800	IN	NS	v2n1.nic.xn--fjq720a.
+xn--fjq720a.		86400	IN	DS	63835 8 2 E3F265B8894B76BAB24512C5276BE9243C0AFB4595A14C879F9FB711E754C013
+xn--fjq720a.		86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . yaZ3WbxzE3SW0tl1UQEorZ//aosYXcSmr3tYW0TNjZvhEw/P5tOR5O+vDwe16C5ZyRRgc9Fx9kpCl/cJUpc2vRzv+wSgE5Yv5mFEsz2J2dmixJSZUHtc8T7auzvc4uqbF7EY02hydlkL2jcS5YXzZ7G5t0H4MOvENLz18PoOe9LR0/P4Rwz4WyQtU2vhmNicI7zHHJPHejjxJEbu6zfXfjfO4kzYphs9s+cmud6jl8dz0juAsTMCIgxwoA6HLzUOnSuhqH0VB/U7WLwYjRe3Kxi3VMJP3K0M6l+jXyaJ0zkV2enuNXF7Gs+VexlC8p8UrI9/DZTeGTRQRsGK5iHEZA==
+xn--fjq720a.		86400	IN	NSEC	xn--flw351e. NS DS RRSIG NSEC
+xn--fjq720a.		86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . GonTdnMPxwBhzXW5mCOcFCDDYhvLmEuULhHjHI/hCE6sU8Z7Ww87z35xFP2UJXNc9lGpPao432rGXysqLZ4ywiDmrnNYpvDIGA2PU3+bYEVir6OjnJ8hQvzszHpbd2SLRtWFnABCwnt4rx0LLvQdSJmt5KIP8NyKTiRWk1Y22QI4xy5d5CGfRVN0aV+KHJ9i2oONe7W+pk6BXzBBZvXEofJeVVJp6JoMBFKD4BmIkWtR543q2jruowbu3oqS3r0bGmru9XaaqJ/da0d+8wWS9WDr79F4DW3IDa3T6UKmfDnadVG2EotTqOl1hE2Uq8wBe0UaP7OsGaXhvz2HXi81aQ==
+v0n0.nic.xn--fjq720a.	172800	IN	A	65.22.20.66
+v0n0.nic.xn--fjq720a.	172800	IN	AAAA	2a01:8840:16:0:0:0:0:66
+v0n1.nic.xn--fjq720a.	172800	IN	A	65.22.21.66
+v0n1.nic.xn--fjq720a.	172800	IN	AAAA	2a01:8840:17:0:0:0:0:66
+v0n2.nic.xn--fjq720a.	172800	IN	A	65.22.22.66
+v0n2.nic.xn--fjq720a.	172800	IN	AAAA	2a01:8840:18:0:0:0:0:66
+v0n3.nic.xn--fjq720a.	172800	IN	A	161.232.10.66
+v0n3.nic.xn--fjq720a.	172800	IN	AAAA	2a01:8840:f4:0:0:0:0:66
+v2n0.nic.xn--fjq720a.	172800	IN	A	65.22.23.66
+v2n0.nic.xn--fjq720a.	172800	IN	AAAA	2a01:8840:19:0:0:0:0:66
+v2n1.nic.xn--fjq720a.	172800	IN	A	161.232.11.66
+v2n1.nic.xn--fjq720a.	172800	IN	AAAA	2a01:8840:f5:0:0:0:0:66
+xn--flw351e.		172800	IN	NS	ns-tld1.charlestonroadregistry.com.
+xn--flw351e.		172800	IN	NS	ns-tld2.charlestonroadregistry.com.
+xn--flw351e.		172800	IN	NS	ns-tld3.charlestonroadregistry.com.
+xn--flw351e.		172800	IN	NS	ns-tld4.charlestonroadregistry.com.
+xn--flw351e.		172800	IN	NS	ns-tld5.charlestonroadregistry.com.
+xn--flw351e.		86400	IN	DS	48919 8 2 AAACFE5EFE147EF640DBA9107A36F9E43BC2B3F736A538A680CD1C01AAFE41FB
+xn--flw351e.		86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . E09nLKkiFc4U5TnNFAgZzHP8L7WuEAClbVsn6M84gpTES3hxqfzZjtbwY9u72XVQI20hFpHb714HE1n52IlDX26cf9kK0xUUCoQaGQQOQONAoNT4BmA8SUoOCnJFsTIqcfkS33W9JjloUvr6mH2fn8DFMYNt9JzWAna4dCUOkETz//OxxtAVMUDKIb7CIBu6X3exUlKBC6jDfBehGzxXVzYaN977J0Ug+JuepUv2VqgBkOatubnJCVwzlTjjhl16Q5JfV+fNkl0eqtTsYuWSbC4u7a4CleZWcGOXOfNRsRVo75460TGKcpc660fjtFhaQfbsdKXC85OCJ3IppeDzqg==
+xn--flw351e.		86400	IN	NSEC	xn--fpcrj9c3d. NS DS RRSIG NSEC
+xn--flw351e.		86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . h9UkILbAgTA4C6fsmbEMPsI7od9DWO4Mik2pg/4PQ4AXG9kxXM1xdRX0r9dIBR+kzwxTmWiLA213289Ed6qdZM+7EGbDeaOvy4eDgWb/hpkRE7i9Jzzy2lTr1qa1RZmv/9oMe1weZPjFk8XWhkgLamJAKD12QxiaBGZM42QuJNJw5rYskJTMzn/YuL+ziQRKtHUSDKcjUex8Bl9oNrvoFsCYut/MxYH+I8yXdceTQJACCaHXGTbFtysTVk8mm/DXOWGl5ejL6I5Kzs0bTxV61d2ieND5GZkBikF9HUMZI1k48+tcCFXiDn+a3XlHFiHn3A2l0Xg7526BJWQ8EntKDg==
+xn--fpcrj9c3d.		172800	IN	NS	ns1.registry.in.
+xn--fpcrj9c3d.		172800	IN	NS	ns2.registry.in.
+xn--fpcrj9c3d.		172800	IN	NS	ns3.registry.in.
+xn--fpcrj9c3d.		172800	IN	NS	ns4.registry.in.
+xn--fpcrj9c3d.		172800	IN	NS	ns5.registry.in.
+xn--fpcrj9c3d.		172800	IN	NS	ns6.registry.in.
+xn--fpcrj9c3d.		86400	IN	DS	26197 8 2 EB7DFAFD23A445896290691D11244BCFC9B4A1FFFCD0F8927D613530C8DBE73E
+xn--fpcrj9c3d.		86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . nFJc78w2lD3Oe7f7Xxx9I5W9SdPhgL0uMofCuU37NgZS/reJuOdx8+eTAr9LW5MnITbtxoj9jHBavkFguRK5oLAtUsnixw0uVyoS/sKCK6O0m6Anlhg590QmZpqPKwnWF7tmQIHbUEn+N+kwtO/BRIDy6GhlRWSM3DQrVa1f9/m+eJG3Vvpz0fK9uCLV0Mb63AAmYsQsNXGiW+6kG0H/vJ4E7Bmu3iqILJDZXpTGGAbX7DR0rWgg8/Vr/d8eKI2YbTigJyJDCtwJPPL+/ZCcYW8Cil1UkdnIxYuCFm7WcOAvVb/EQNrb57D1J5xNkIrnvyI2kSB9bZS6vOeks3uwVQ==
+xn--fpcrj9c3d.		86400	IN	NSEC	xn--fzc2c9e2c. NS DS RRSIG NSEC
+xn--fpcrj9c3d.		86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . DE+wzj7NlP6PQIo37JYZHaUhSM1ORLVXwv52DXZzFVYlbuiozbrv4Z9lUbuUbqYKtCOXyXW2iI4VmKGp+G92Wkn5xEQ5q46XkPlpxLUO9K0MyVy7vvb6yhcV/T0wez7RYWdn//lHbui89utSaoXzjVh7q/0FaUOpR7elW12pT7Hd1JTIgRuaQDf5gMMNa0ZK06emJHzTYTPUoQUnD8BM/+RDic7HMjqladGeKMS9XN9PEPKHvT+jsOAdeZHOUWMcBWMWh7KAxG/PzV0owW+6Vl19iyrbGLJ7x7+0+9QZcr6xq4yEB7CHkODYJ035FYv+MDwjgb1RHW8IB7SZl4q1tQ==
+xn--fzc2c9e2c.		172800	IN	NS	lk.communitydns.net.
+xn--fzc2c9e2c.		172800	IN	NS	nic.lk-anycast.pch.net.
+xn--fzc2c9e2c.		172800	IN	NS	ns1.ac.lk.
+xn--fzc2c9e2c.		172800	IN	NS	ns3.ac.lk.
+xn--fzc2c9e2c.		172800	IN	NS	ns-c.nic.lk.
+xn--fzc2c9e2c.		172800	IN	NS	ns-d.nic.lk.
+xn--fzc2c9e2c.		172800	IN	NS	ns-l.nic.lk.
+xn--fzc2c9e2c.		172800	IN	NS	ns-t.nic.lk.
+xn--fzc2c9e2c.		86400	IN	NSEC	xn--fzys8d69uvgm. NS RRSIG NSEC
+xn--fzc2c9e2c.		86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . UZnvyVZacy9VMyUdJHK7/+uvCK/FJj183xszjqe254RsHQZr5vYqodMCEy3OssJ76zRBD0zq/SwDfjr3v9/3YWnS815D113jMsaWJHuNt4isx+VpiVwfpdhwQIG9FEVHXHdWYvVqiPO09PeXudlTyiH3oc6qvwq01C2PwxH5rVKqC+7VB3PoC0Y5/XSylKYxqc6e5TPp8jHh4Xx88dUWBihaTwdJ+dScb3nxoPiHXu5rsrNLWGn1pRTuuQ+/KPyUY+V3h5QaIHtv9KbyAe1HKHvJrLb9mad3V7mE1+vgnYsZVjRPRyDwZHCEvWIeX1Yw8tfGP2TpQCmUdIcUlZk16g==
+xn--fzys8d69uvgm.	172800	IN	NS	a0.nic.xn--fzys8d69uvgm.
+xn--fzys8d69uvgm.	172800	IN	NS	a2.nic.xn--fzys8d69uvgm.
+xn--fzys8d69uvgm.	172800	IN	NS	b0.nic.xn--fzys8d69uvgm.
+xn--fzys8d69uvgm.	172800	IN	NS	c0.nic.xn--fzys8d69uvgm.
+xn--fzys8d69uvgm.	86400	IN	DS	5302 8 2 1D8B69A4FCFC475FB7D9D7B5B1366B92C51826A503A530F2EA1C6D07D58B9D2A
+xn--fzys8d69uvgm.	86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . KYYV7oZaj7N1Xymk6CHiuzoS0NPITEIG5/8RqKvZAC7vkS8kiEbC16KyabfpePvUHOQV+40rM894bU/o93/z8g2cucFqyqVSSL0G/ZPVHMxzSz4vg5nk+8TtfxSYgITK9UVYQ6yb08qiGw5F7MQMCaDy/gn0QqqfHETrGe3hPq+43IzEDceIKZM6Yyw2KPBfFlxMBfGekWKyNSZBxI7XFoN9yxHiDUB8H/DuUhtfGQeoprD74OMG2DFnp6EXFA1J6zSYX9Bjbd2DYNW5xm982Zc8zlin0RGpsdsDt12W278q21N5tTQtYczYfG1Shgoz2E7ASxzJ8iiPfg453Px9BQ==
+xn--fzys8d69uvgm.	86400	IN	NSEC	xn--g2xx48c. NS DS RRSIG NSEC
+xn--fzys8d69uvgm.	86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . VSg5EjXyLdgCi6o52+HDbWVoMg6amYvrW0N6sGXksIP1T0szMiLW5zhONUM8cAlLvcWJwJMxG5LbqExza75wfcn7OPpK+KVWHr2bB0eQnu4JolKgezb74ovZOM+WCVo9LS1NdwCuUDOzQAhiVzYj/+ufRwdtn3I6ORrlLTzkRcBCsO2QfHYIp/i0VeSl3lN9HKH9vY9S9SSGKiU5kfZhk26MD2fCCyRpS5Z/mvEVKIfX5aEUEP8hLo5sDuFHvYpPdQ3PsDxhwADe0BrgNLCewJW/nIbEkmhtZkEmHiRHHL6FTKsm3ZMPQGfSuAYw/f0zF5jX5vo1Njp6RHTzccRZLA==
+a0.nic.xn--fzys8d69uvgm.	172800	IN	A	65.22.172.33
+a0.nic.xn--fzys8d69uvgm.	172800	IN	AAAA	2a01:8840:a6:0:0:0:0:33
+a2.nic.xn--fzys8d69uvgm.	172800	IN	A	65.22.175.33
+a2.nic.xn--fzys8d69uvgm.	172800	IN	AAAA	2a01:8840:a9:0:0:0:0:33
+b0.nic.xn--fzys8d69uvgm.	172800	IN	A	65.22.173.33
+b0.nic.xn--fzys8d69uvgm.	172800	IN	AAAA	2a01:8840:a7:0:0:0:0:33
+c0.nic.xn--fzys8d69uvgm.	172800	IN	A	65.22.174.33
+c0.nic.xn--fzys8d69uvgm.	172800	IN	AAAA	2a01:8840:a8:0:0:0:0:33
+xn--g2xx48c.		172800	IN	NS	a.nic.xn--g2xx48c.
+xn--g2xx48c.		172800	IN	NS	b.nic.xn--g2xx48c.
+xn--g2xx48c.		172800	IN	NS	c.nic.xn--g2xx48c.
+xn--g2xx48c.		172800	IN	NS	ns1.dns.nic.xn--g2xx48c.
+xn--g2xx48c.		172800	IN	NS	ns2.dns.nic.xn--g2xx48c.
+xn--g2xx48c.		172800	IN	NS	ns3.dns.nic.xn--g2xx48c.
+xn--g2xx48c.		86400	IN	DS	11539 8 2 FD57401D8CBD9EC59540DDF8FFFA884BC523D94B9A30D5EFD81ECE063376FF0B
+xn--g2xx48c.		86400	IN	DS	50719 8 2 66ADCE3F11BC5ED44969987CF67A110272341CDA053A5E1A03E92A24AC880902
+xn--g2xx48c.		86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . E3sggs2Oymdh4Ov442EIZuK1oKs2dK8vKknFHrGkloiGeT+aTi2sTE0x5LZrzWJ6c0v3NlwLfuO8MfTqaF1eKQkiDTrnSvsQnV9iPYvWpR31/qZPoMw078fZV1bhN4u+RnIO3K33yKHx7W8JBXGjx7klDXQmWdUYBQrRz5nlXOInN0M2z1rVcRK4l4cHrsTT8PoB6xWvpTGUXtzBTrpAikalU70bkVK8U2hifqlNZlZ8MtGcOpMNPo27Cg+7VyCuzbbHpOxwHTvHZdcaeMuYmy05llSyALgMfzOJP/AwVzLg89jldPp0M+y9g4oURXxTfLOwdKZxm72FFErzpI7otw==
+xn--g2xx48c.		86400	IN	NSEC	xn--gckr3f0f. NS DS RRSIG NSEC
+xn--g2xx48c.		86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . lX0CTpT7kabhFGPx0Xnf2pLFYViPxRHYcG0rWOQaf/+s0srTqYfFJluHQhzehzPoK+nf/gHCan1pjr/dj8C+x9SBzzMjUSeVK2PXe/ef73tLG8rhb1RQ4AF7Mtal/KSBvuwh2fzpdMDXJFlbPI1uK2wo0Z/CFkpVh7/7pOXdWXekTPFCC+lnwFGYPrzcwHKzmVmpBwKZ9i1CqcRSXA4M6/4NG4XZWfu7KhsvNFTT1c9QnFgCJ5/3ikKapRQb4085kYb+ooQdJYxJOsHE/vpKCNAKq1hYFNr0boo88It8JMB3IcKncp/4K/t8xzjjfY2/iGRTK/tT6QfY4Con9SZT8w==
+a.nic.xn--g2xx48c.	172800	IN	A	37.209.192.10
+a.nic.xn--g2xx48c.	172800	IN	AAAA	2001:dcd:1:0:0:0:0:10
+b.nic.xn--g2xx48c.	172800	IN	A	37.209.194.10
+b.nic.xn--g2xx48c.	172800	IN	AAAA	2001:dcd:2:0:0:0:0:10
+c.nic.xn--g2xx48c.	172800	IN	A	37.209.196.10
+c.nic.xn--g2xx48c.	172800	IN	AAAA	2001:dcd:3:0:0:0:0:10
+ns1.dns.nic.xn--g2xx48c.	172800	IN	A	156.154.169.68
+ns1.dns.nic.xn--g2xx48c.	172800	IN	AAAA	2610:a1:1071:0:0:0:1:44
+ns2.dns.nic.xn--g2xx48c.	172800	IN	A	156.154.170.68
+ns2.dns.nic.xn--g2xx48c.	172800	IN	AAAA	2610:a1:1072:0:0:0:1:44
+ns3.dns.nic.xn--g2xx48c.	172800	IN	A	156.154.171.68
+ns3.dns.nic.xn--g2xx48c.	172800	IN	AAAA	2610:a1:1073:0:0:0:1:44
+xn--gckr3f0f.		172800	IN	NS	a.nic.xn--gckr3f0f.
+xn--gckr3f0f.		172800	IN	NS	b.nic.xn--gckr3f0f.
+xn--gckr3f0f.		172800	IN	NS	c.nic.xn--gckr3f0f.
+xn--gckr3f0f.		172800	IN	NS	ns1.dns.nic.xn--gckr3f0f.
+xn--gckr3f0f.		172800	IN	NS	ns2.dns.nic.xn--gckr3f0f.
+xn--gckr3f0f.		172800	IN	NS	ns3.dns.nic.xn--gckr3f0f.
+xn--gckr3f0f.		86400	IN	DS	20257 8 2 B43C572DB9A2FCF853558B4439FAE106547749D710B0F67528343F0274404543
+xn--gckr3f0f.		86400	IN	DS	63631 8 2 C31C7F2466446141095814965F54B1C216EC7D588A47557FAF927707BA09278C
+xn--gckr3f0f.		86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . SygxRu42GnOXxoXkDCxmIA/9u4nK6uWWqliTIHILZEeQWRYtF2/z1bWz7dnubj/JZ/JXEV3Z22/ZHBCjR1nr85yNDzReaKQNtMBlTYuQmi+/t+UB2jL669u1kFWQQr3khvXONjHP8G8pit2/MJos8nR6WQ3imr1gc5GTFm95xwMogDXbybOtYhhFzR2ewMS038Jlta/V102PJgs7EjUMHXwQxkB3I0Wpo/8ybxewyeL2tlcvWNO5iv29lFhV83RR4kgLLuWIeHXaK0rqBWEQ46FiEXXAdCBWD5p1Kk9nLftgE8IKS9i4ylqcE7qBj8RS+zE3GRUuOicVQ0dj1VodpA==
+xn--gckr3f0f.		86400	IN	NSEC	xn--gecrj9c. NS DS RRSIG NSEC
+xn--gckr3f0f.		86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . KxTjQ4GW3/oR/D0sfPtXPo7rjQxR/WGXLv06nxC5T+Af2daSDx9bp2gQkf+MUBScCXuogFvsRBRzQQCbHIdXAb23Sv46tuPw+3MVNZvS/Yq3cA3z9mAED19vRb4j/Mi3bP4hp3wHMzqWQ10prnTbyocfkVgQJRFonBKuAU3zKjAmgDITrjLcX693kif5O2T5Yzix+Qe5plpxwbTbQDKDMCuJpOFhkJfwveJ+oAYNOzapFbaCdXgTD54qwNJxOs0qS+VdqaI5axUKnM8zrK/A8uH5zzv5haaB+FavXWIvqUjpAgQ3ZFwGyso/TEzqu0P7xZPunUUnfWs30UGK/mjeeA==
+a.nic.xn--gckr3f0f.	172800	IN	A	37.209.192.10
+a.nic.xn--gckr3f0f.	172800	IN	AAAA	2001:dcd:1:0:0:0:0:10
+b.nic.xn--gckr3f0f.	172800	IN	A	37.209.194.10
+b.nic.xn--gckr3f0f.	172800	IN	AAAA	2001:dcd:2:0:0:0:0:10
+c.nic.xn--gckr3f0f.	172800	IN	A	37.209.196.10
+c.nic.xn--gckr3f0f.	172800	IN	AAAA	2001:dcd:3:0:0:0:0:10
+ns1.dns.nic.xn--gckr3f0f.	172800	IN	A	156.154.169.69
+ns1.dns.nic.xn--gckr3f0f.	172800	IN	AAAA	2610:a1:1071:0:0:0:1:45
+ns2.dns.nic.xn--gckr3f0f.	172800	IN	A	156.154.170.69
+ns2.dns.nic.xn--gckr3f0f.	172800	IN	AAAA	2610:a1:1072:0:0:0:1:45
+ns3.dns.nic.xn--gckr3f0f.	172800	IN	A	156.154.171.69
+ns3.dns.nic.xn--gckr3f0f.	172800	IN	AAAA	2610:a1:1073:0:0:0:1:45
+xn--gecrj9c.		172800	IN	NS	ns1.registry.in.
+xn--gecrj9c.		172800	IN	NS	ns2.registry.in.
+xn--gecrj9c.		172800	IN	NS	ns3.registry.in.
+xn--gecrj9c.		172800	IN	NS	ns4.registry.in.
+xn--gecrj9c.		172800	IN	NS	ns5.registry.in.
+xn--gecrj9c.		172800	IN	NS	ns6.registry.in.
+xn--gecrj9c.		86400	IN	DS	59902 8 2 9A26F0E597291522AFF9251198C841E6573924B8B142CF99A44E292B9A252BA0
+xn--gecrj9c.		86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . RhdC/OXUkR8way+9VGhKyzQX77UfadMXZSw9bMIpSloZaqy14+EjelWeUveaGkEvj1AL7F2aCW3a67yw7LZDSMRsKOGI0GIAX+3LYAymXtD+TL0Q3zFPdxOSCbm/Wvn3rF+0i6s8uh/0KQ/1PRPxLUtr+/zjhd7Ng0ktG/X2DONlyqirDcETTMMQIDzdAUqbQCiOpvNOLKT9b0Ue/uRqmgVpIonc5qlBxfwP4P6/400d9Bc/SDJAiB7zKjEh3bOEcEyPCOmEtrYyCAME0BQtaB3TxCB+HXN8yBLTmLWd60iQHJJbwxvvGCHG07rnNDYvFuxo0ZnyhEt1F8w+W5KFvg==
+xn--gecrj9c.		86400	IN	NSEC	xn--gk3at1e. NS DS RRSIG NSEC
+xn--gecrj9c.		86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . AzdT9JSMhAHK4BUmTHWj2ZF/rNuqtNk8CxgVtL0XswHqdcEH/olEX/SuJrHMOUA/BxUKCv1MM9L1w4CXX4bMpKG3DKJ/2pk2KauRy3P78sZzdPJ5TbxVImrhLbdbDXnN+MVNN4OOy3MF2UKIc9A0iRGzLWKlm8BIRAaNl+dOgwFHnzXfyGYcyY2BnjWmp3BLR4Qbyq/LZ8RJpt7Y1B7DgXHzBF7/h8A/7IAesFD0YOQSdhrjBI0EqlYQUytR5JSAb/Z5EHMst6arIt3VS3+/kNr/2pWMp6s3NcKvWcyuUUn2iG7toSCFK17wNs1QNhfdWAI741IHR1flQYEYPA0VcA==
+xn--gk3at1e.		172800	IN	NS	a.nic.xn--gk3at1e.
+xn--gk3at1e.		172800	IN	NS	b.nic.xn--gk3at1e.
+xn--gk3at1e.		172800	IN	NS	c.nic.xn--gk3at1e.
+xn--gk3at1e.		172800	IN	NS	ns1.dns.nic.xn--gk3at1e.
+xn--gk3at1e.		172800	IN	NS	ns2.dns.nic.xn--gk3at1e.
+xn--gk3at1e.		172800	IN	NS	ns3.dns.nic.xn--gk3at1e.
+xn--gk3at1e.		86400	IN	DS	3814 8 2 A8FAE65DE82950B05B5478B60D464FB9BF75810FD371E9D3A1869F0CAE7735B2
+xn--gk3at1e.		86400	IN	DS	46249 8 2 C189F2AC583E682FD789AEBEEF182AE85F9C55E7C1C5BA849A72C6AE3E7280FC
+xn--gk3at1e.		86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . bD/20wIJZxdxbW5C5RPhi7DZ54/hEPO+kndneqtDbldkIIHAa5jh8LA2pTzT98EuhgVchju+2sogY2iXcxdcd/xY7M5OssuR6pMJ4zPh+sEigfamB8k93DSNxD2WTCVdu7gSBWU8TDkzw+R1eIgJ/4d9aReNa3g8lShrjU089PnSJAOD5U2nS3oe612VFHgGFX+KASwgIvYSVcGGZb1LmRoGCW6GFaa6lJ7PlP4JNYv6jZ/GFeqr7wUNlzWkUTMabuaHt8r9K2fBeUTQkkvF8Vb34TrjhwJfTrdkEkXnMMbT/McrAEp3F+4hISAsV0q+4gjqQkmWFPpIIuJeLTTcNA==
+xn--gk3at1e.		86400	IN	NSEC	xn--h2breg3eve. NS DS RRSIG NSEC
+xn--gk3at1e.		86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . sK01kx9EFCKBBstfZdHPMt6VGfmsOh9YW38W4xQgxJEtFEUJjAz+7cMwwAccTA9e3W8xImldqAOGfCl4GTD2GZYF9bZqvc6rXi0k/0VXGt3TeKloNVN71/8vot2JzjLC2OUNVthszljfqTbjEdcAGEhtE62A9mbSjXgtxaNeME6hb+cRoqDnD5xKtYD6+renppItzYFOys8tPQnAw3fXFvDKar6eKfKE46j9TB3va1s6mVYFg7MvizBMSNiWzhowDHLioazA6dPsJOYRlX5hu3EO30063w9Xb9jLcypbDgRvqN+TJZydPP+MGPZLuZYVEk7P38j+rvbVc8QGp55b9Q==
+a.nic.xn--gk3at1e.	172800	IN	A	37.209.192.10
+a.nic.xn--gk3at1e.	172800	IN	AAAA	2001:dcd:1:0:0:0:0:10
+b.nic.xn--gk3at1e.	172800	IN	A	37.209.194.10
+b.nic.xn--gk3at1e.	172800	IN	AAAA	2001:dcd:2:0:0:0:0:10
+c.nic.xn--gk3at1e.	172800	IN	A	37.209.196.10
+c.nic.xn--gk3at1e.	172800	IN	AAAA	2001:dcd:3:0:0:0:0:10
+ns1.dns.nic.xn--gk3at1e.	172800	IN	A	156.154.169.70
+ns1.dns.nic.xn--gk3at1e.	172800	IN	AAAA	2610:a1:1071:0:0:0:1:46
+ns2.dns.nic.xn--gk3at1e.	172800	IN	A	156.154.170.70
+ns2.dns.nic.xn--gk3at1e.	172800	IN	AAAA	2610:a1:1072:0:0:0:1:46
+ns3.dns.nic.xn--gk3at1e.	172800	IN	A	156.154.171.70
+ns3.dns.nic.xn--gk3at1e.	172800	IN	AAAA	2610:a1:1073:0:0:0:1:46
+xn--h2breg3eve.		172800	IN	NS	ns1.registry.in.
+xn--h2breg3eve.		172800	IN	NS	ns2.registry.in.
+xn--h2breg3eve.		172800	IN	NS	ns3.registry.in.
+xn--h2breg3eve.		172800	IN	NS	ns4.registry.in.
+xn--h2breg3eve.		172800	IN	NS	ns5.registry.in.
+xn--h2breg3eve.		172800	IN	NS	ns6.registry.in.
+xn--h2breg3eve.		86400	IN	DS	42016 8 2 53CD6AC5FC1C70EB0014CD02992BCC719216CD7BFEE0F7B624DADDED7DE26187
+xn--h2breg3eve.		86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . TXdRk2xjtvXkX8SkE/5dGm9AUObApy1MnbQIeozEYDzgqzxduukLcv78ge+efljupnZeOe+zZpTVDfInGSoap+NKdp/kPkdeqGW/LkR4j/9UvcPnjNTV8Aeqwf7//aMtABpN79PCPZQwxRBmZyDLX41269RX7ov1gbRXPqC7NvzHXeIy8lHvGIKEU7ebSqnYzli4x/eLFVBj0Uuabt9+zjKBRCEqHOMa4YhqGzECIelUt0NB4dBNhNzLdD4UjAr12tT+BssNOnkZU4DVOmA722D+75H+MtLNjKY1OAyCMP6SmOVc7xOusYQdxxgcxg6PLWsxd+pekcE3P/agCur3pA==
+xn--h2breg3eve.		86400	IN	NSEC	xn--h2brj9c. NS DS RRSIG NSEC
+xn--h2breg3eve.		86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . OH5YuwpuJRLxh9oC4Y+hq5QqLLcPYwscoNv8IzQtx/kvZhc5inyBPE9XHdMfoTwCnjiohAJFzWf+lyT2NqNJ82v1WqnwZadD+yDXoE3JHrF8e5Ns3/TnaNBap8aiB/BO9l4U2wyylxcM3Wgc8EMr96RmHneuK2YU0IKQmfS+f5rzZfbfEDpEIH5sT8K2iu2JikoqlI2UeyLiLKqDGJ5YWWus7+bzFEa0l+0GEu4gPYUAjL0yr5BfJwQC3MEvKZT8pn2x+uCRKByDmmAmPFL/1/fPIp2yfwLqylp0koFASsReFp6KLZBks6XpwW/the1fqgqgKSPmRrDMFxWS53WW+Q==
+xn--h2brj9c.		172800	IN	NS	ns1.registry.in.
+xn--h2brj9c.		172800	IN	NS	ns2.registry.in.
+xn--h2brj9c.		172800	IN	NS	ns3.registry.in.
+xn--h2brj9c.		172800	IN	NS	ns4.registry.in.
+xn--h2brj9c.		172800	IN	NS	ns5.registry.in.
+xn--h2brj9c.		172800	IN	NS	ns6.registry.in.
+xn--h2brj9c.		86400	IN	DS	49894 8 2 72C96A20ABE89F4F0A75C573B5C1EDF91F8EF7940521AACF842A161D4A55E35A
+xn--h2brj9c.		86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . UAu1i4rQA78hNqOjbUg+lFkfGtGH9BgOtBIcL4B9L3FZLEsYHZdwIsco77H3dJBQ5Igi0Jl8WBAEGC5Awq6zzPW8dDk1nE+6O4/WpfPjHIfdpPF6zLyneMrS445bO9GOCGRsrKXwsMrCe6zfWY8CklMilFYmYs5KvUVLx7kJzWcnzRYHl3lRPExAiOqhMSlBlEmp8SzyHozC3w4wOrCH/0r+vlBPbQXbkTszouVmpHCbHnZuq4CSCNxiYvymDZNs0Z9sm3N/lrMLf7cI1QPPeDP+XlGG3rABEbnGMyr61fqoSXPDRsOKP00hpMT0AKisOcU9upg1Ayr36L4PSqVPkA==
+xn--h2brj9c.		86400	IN	NSEC	xn--h2brj9c8c. NS DS RRSIG NSEC
+xn--h2brj9c.		86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . n50mRrIv9bSMIoZqOXfdpihNtfkpfoZmoNTlmkF7kNVTRLp7VUgMigfIS8E9KfonazmIlwiKMzBy6nFWWd9JQiqk7tra4ukd2bt5YqQagU1B6sRVQdmxljHgiNye9NkpKRDelBVZAz3fyGIcGb750K6T1dOTE+kdx0dZQuaWkAKcD4Z+w/U7luEdV3FYnaoYLiqanjJQnlVrUHgCuS4zhL5+SbZMGv4WxbSDHsmWe/9GXSofeiOhikFM6Txxzy91sLdLjPCoMzjtdh8/2C/yvhEJo2mLLdQDvB8Y3UxhVqOGjE7OLaaFIbSJhzAu9+4j4NUaZPEJpbfnA9pVjH2IzQ==
+xn--h2brj9c8c.		172800	IN	NS	ns1.registry.in.
+xn--h2brj9c8c.		172800	IN	NS	ns2.registry.in.
+xn--h2brj9c8c.		172800	IN	NS	ns3.registry.in.
+xn--h2brj9c8c.		172800	IN	NS	ns4.registry.in.
+xn--h2brj9c8c.		172800	IN	NS	ns5.registry.in.
+xn--h2brj9c8c.		172800	IN	NS	ns6.registry.in.
+xn--h2brj9c8c.		86400	IN	DS	44590 8 2 C4BE5D9DDC3D522148CE76774856BF13835A34D8FBE8F1228559708B15C39D92
+xn--h2brj9c8c.		86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . CR82Z71ZPDEAH4A8H6kJIVLUtQRNCmhmqS+4sLNuyGbYNqD9S8lumfB4cpP2mO2r7/761p/BIGeOhaDGj+/S4/AArcP9slxcyAIecjhAbocN5vmOaFb+ZQ5beTOaPQ27q243rU9Sgqrkze0HzyVi5niomxxMBJ6srU70kOuXqjrt44mxmfIH00/1wgX8YdokQ+Bh9cktg70u/kFHSxa+021+XCbHQRH5oMksXYWCeeMCwUlZGOkZcfSp3+/eOAz6KLY6IDTl1Ye5JoZppgxyriTFD0UvKCnYz7PdH0PyCJZ63bgLahXjpn90T08s8QTppwC3H8U4sIKbSWPbMCI79w==
+xn--h2brj9c8c.		86400	IN	NSEC	xn--hxt814e. NS DS RRSIG NSEC
+xn--h2brj9c8c.		86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . gtNhl/NJbCdDma1jO0VrEfu5G/U2UPmzf+eS/RDy4XWqo4rU6m/ZJOH2QWWK52EFJtSr1hGamEr8m6BVlK+JaxG7jNzfKDpNkYcYr7eDv+pQslDemxTsmCltqGiPRfNK9QaFfwK5ATVkMzSCBmFhIAxVW9WV/WB7c2s3x+s2OQQdcF2XZiNMPIWAp2eQMSI5B3qGpsoTY4LhvQ1vEieqcc4Xwt2XhIW7HtnWBXnfeJ/yxjPiq60/4bnNBst5VHg9PpdIDNBqUzokndUfW9HW/bkk6HlUnSU0ul8+dCCvHC5uUjto/f/upAEm+SdiyTsIOdIlmgPDekTsOUsnAIvHwg==
+xn--hxt814e.		172800	IN	NS	a.zdnscloud.com.
+xn--hxt814e.		172800	IN	NS	b.zdnscloud.com.
+xn--hxt814e.		172800	IN	NS	c.zdnscloud.com.
+xn--hxt814e.		172800	IN	NS	d.zdnscloud.com.
+xn--hxt814e.		172800	IN	NS	f.zdnscloud.com.
+xn--hxt814e.		172800	IN	NS	g.zdnscloud.com.
+xn--hxt814e.		172800	IN	NS	i.zdnscloud.com.
+xn--hxt814e.		172800	IN	NS	j.zdnscloud.com.
+xn--hxt814e.		86400	IN	DS	36091 8 2 D5BC5CF399DEADCE2782F1D21051A13787822441EA5850F69189960974C9EB95
+xn--hxt814e.		86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . hyYzDUOe8+gXoerobXIumU7RxGOSiQlVbBsYM4vlm9IShiQI8OTHF4C/XlZoQpjC6WNAqc94i6jLgAyOdfuKf/VkJd/asxDGqc0Du9B1CosDfmlvfBthPmEgQ2N/fp2EKLkLnG1JmPEPYhJqp7grEQqCHWI9BI5/AM5+csQ3qXx9TjY7lRmlMXoVcKlhGgaQ1zlG71YRO88Q3aXjuVKuw1ne2W7ccL82WREMsbizEb3YSJHpLynKw4iWUptv/57ZVi4NQCQWv9WqLkZ5+yli46FUgrWt8q8aiokIxFDR9E2eBXgr7oza7hZy03RL7l3oPMFEmolvJP1NZIIvP0L+Fg==
+xn--hxt814e.		86400	IN	NSEC	xn--i1b6b1a6a2e. NS DS RRSIG NSEC
+xn--hxt814e.		86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . YLGZJNDRMN3EFyYqQYIeXnGNhjbw5CO4oIa2WV9Fn2SsxhnPTIG+FkXHzGuovelnB+fUTmVtbV3KG8fcfZuu+o10hqLVlcThjXwmT2o2t4U/wobMZwgeSdHNuMj3GqkYXoPiI0Rn+ZGaCHEp34jkNRXttAToEv6rqeq2BQ4+Gro2Nby5XO6Km+Ucld8Cm6FMwYjvg17/oT0RoEkayrmvzZk5fL5LdIpSc6ZSRI+5M3OVeHL4xnkGU8E7Jb33xxScAWkx64nZXw4l2uVamK32TGBcNW/ldylnSlBHoIUxlHtsqcq4naNzVQO8oYmVFe/jn18WOIXL//gnQvV/zRHagw==
+xn--i1b6b1a6a2e.	172800	IN	NS	a0.nic.xn--i1b6b1a6a2e.
+xn--i1b6b1a6a2e.	172800	IN	NS	a2.nic.xn--i1b6b1a6a2e.
+xn--i1b6b1a6a2e.	172800	IN	NS	b0.nic.xn--i1b6b1a6a2e.
+xn--i1b6b1a6a2e.	172800	IN	NS	c0.nic.xn--i1b6b1a6a2e.
+xn--i1b6b1a6a2e.	86400	IN	DS	45889 8 2 1EF7ACA91F4EF292F518F1FCF77A646C21D7AA2594E3BD4AF18906AF70774604
+xn--i1b6b1a6a2e.	86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . g28TewLb1ThEM63wvmfPZDriWh6SO4TicZX/wMpXPPuqOK/QUscBBNd2sfr78TNaM3bW1LQn7Skmj3s9ftH1dur8HZ6dB1/gfpneJXhNB0SXowGP5NbZbF7Rle4P7z5Kqbpvqi8iRRNFdGQwB9org917/3Gfm0tZQMWQ8s3Bz2Snc8uHVi9zZI2HtG23Pn4UDesBl7x0AJ25TDVFxGZE+nJbKLYZUtWRHGFDhLW0G+rheTMLnRWb3Rc1d8X8wDcXVR51KNugln4redPSX3kZZjvqDsUxXJ1mQnftjUluv1BAIP5DM3zzKALRUjzbsStuc4BynyxX60q3Um2XVpSaug==
+xn--i1b6b1a6a2e.	86400	IN	NSEC	xn--imr513n. NS DS RRSIG NSEC
+xn--i1b6b1a6a2e.	86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . Kxj/mfXXRSYnsPLwKpq2Z0NQ0xwOWuAjn16FERUfZ0gps02SCScHmGFNIh2u3XpkYk6FkFI2N/f6yQBYD4NF5s1dPByPRmeHqYn0Xps9cPF/td5GN+3FR6yHeQxyexfpMVoCsw+8UiE2aSDvcx0SlWyPQWpoWB7IiNOXhdVdqP+amJDu4lP0Ghp5DlwNej7sUqKnzCBy+CjAAFbDKqZRgrVagwtTLnFhNkidHgkSfkbNhFn2hItbDccT6wcDbyd+LgqkcqqBFVBH2up8ALF2Oxn9qDvSZ4cQ7ZHVpiTWK9kGrd1YbAKJDFpD8eTZ2F88pcL/grCwRGzdZ1bAGQYL+g==
+a0.nic.xn--i1b6b1a6a2e.	172800	IN	A	65.22.184.1
+a0.nic.xn--i1b6b1a6a2e.	172800	IN	AAAA	2a01:8840:b2:0:0:0:0:1
+a2.nic.xn--i1b6b1a6a2e.	172800	IN	A	65.22.187.1
+a2.nic.xn--i1b6b1a6a2e.	172800	IN	AAAA	2a01:8840:b5:0:0:0:0:1
+b0.nic.xn--i1b6b1a6a2e.	172800	IN	A	65.22.185.1
+b0.nic.xn--i1b6b1a6a2e.	172800	IN	AAAA	2a01:8840:b3:0:0:0:0:1
+c0.nic.xn--i1b6b1a6a2e.	172800	IN	A	65.22.186.1
+c0.nic.xn--i1b6b1a6a2e.	172800	IN	AAAA	2a01:8840:b4:0:0:0:0:1
+xn--imr513n.		172800	IN	NS	a.zdnscloud.com.
+xn--imr513n.		172800	IN	NS	b.zdnscloud.com.
+xn--imr513n.		172800	IN	NS	c.zdnscloud.com.
+xn--imr513n.		172800	IN	NS	d.zdnscloud.com.
+xn--imr513n.		172800	IN	NS	f.zdnscloud.com.
+xn--imr513n.		172800	IN	NS	g.zdnscloud.com.
+xn--imr513n.		172800	IN	NS	i.zdnscloud.com.
+xn--imr513n.		172800	IN	NS	j.zdnscloud.com.
+xn--imr513n.		86400	IN	DS	14747 8 2 6581FD2FC61A9A81926E5DBE6F7EEB940402BF2DB280C98F50ABA666E4C74371
+xn--imr513n.		86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . SWxWSyjTsv5+pSOJnzcE4jiPVdS/ssEtVH/X0PXDj/N4MU13vRKcDQ3KFQr4Yenq1EPQJkew+fTIBcp5HiRruGVeSXAQUSHAdWJU5v96vLD9tDC17i9rEzxAFDYvxrIyy1Pgu5taxJK3+X9qrEC5kjpG0jIEaWUyqCmCSEhBO2r+Gd7kQ9Sm2DrYCb6idpQ1TZ3Kmy+8cag1WuNT5x/d0qR+mu+UfHzRk32Xd2dxBwDf9MiSFmcMY+EnbVBJcNG8moCjZOm9YD2tDgkHVbZO+0IQPD/paVJ6/mQdqbx40ukg7gl6ANPmsQ+B27NChr4r/ZSzvk0h6jencnQxzzeV6Q==
+xn--imr513n.		86400	IN	NSEC	xn--io0a7i. NS DS RRSIG NSEC
+xn--imr513n.		86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . g3iEQsq/UCJdHOs/U33TKeXikOTFefwMCIfA7VE4QEZFriu9aeY1NIRqM9Bqfi1G6npJaf8bAJwcgyqdzBv/Fa8yX3gQN+t3DwRNBoHvxPNC/klxcC3YMPJgqmkzlareiWDdLRBggYRFOsRJCnqmEgVgtJAEHpDh3r5R/dMjfGvcBIT95XjSZwwvVMgYEnnQQspCka9Ti+lPvgMKa5mASoBRvl5sAztjG7DZdpMvjOMJXwweFK7y9/2GSdkK7GRYuqR8w5n2cT4ogZ6tYcKluNlhvhinwFisBWcQQ1Cb93AFK2WncyBfklpwXbbjfQxiXYsgGGozIqT0nWXkg2euFw==
+xn--io0a7i.		172800	IN	NS	a.ngtld.cn.
+xn--io0a7i.		172800	IN	NS	b.ngtld.cn.
+xn--io0a7i.		172800	IN	NS	c.ngtld.cn.
+xn--io0a7i.		172800	IN	NS	d.ngtld.cn.
+xn--io0a7i.		172800	IN	NS	e.ngtld.cn.
+xn--io0a7i.		86400	IN	DS	47359 8 2 426DB7D3FB8E6058BE42D379ECD7742B2EFAB5DD0A7A95494D3518604B715B1E
+xn--io0a7i.		86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . 0r57c9RFDmLF0bMSnKCPeIa50vE7xui8EdaHEQOPdvLI3LUkprRBBfB30k1deeQXzXyGzz7wbjbu6aXXHGzlKUxN+32RbAgVi+xPpo7rYFbLZ5GDZc7npn6Dyv8+dkGMc3fZaX5+u6dVRtz7LS1j+Z3Q1S0em1yU2iEwilUVApJeYmvxW48417zM4MBeoF7ToQ68TMP0Hb9DnPEGQ01cRe3vDRuFAFvNNgEHR3I4RVDkCIqfmYxOn7ca7t97Gs4EObbHZE5kG8k5/U8RF8elLOlFJdIe67HpzcAPTg4rW80BWYRR21W+OmQRI4fcwtuiCspfIQjUG7hGW6OBFJZSpQ==
+xn--io0a7i.		86400	IN	NSEC	xn--j1aef. NS DS RRSIG NSEC
+xn--io0a7i.		86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . xkji91XS69xWIXZ/nrLhHGeiX9yuwgK6J0EH7YGx7IuzvuFuAGhg4aix6PKDqFqBMmZMx9+ZbyJ/+fjcofVF4YkFm77u72TY7wPlmSCa8rK284CA8EGsqUy7jcWkfFucBtIkO1O9i/FANx+Sagxl2bM7Hz4dA5//wdCrSB9JGiy8wsgDdq3ZL10w17PmuYIBXSr0yrS1ckuw2IrCvxY6G+k8sxZUKXp1wiER/poIF6GQPPbTdCx81SvE0Dsd82Q8MgcRAYQ1alzXj7i+vw+O5sZ+gfIc2c3Yq8YJNx73kP5RWAIu4UKwr5Rv0oBmNxBN1Imey20oFu7YcxtNP9M97g==
+xn--j1aef.		172800	IN	NS	ac1.nstld.com.
+xn--j1aef.		172800	IN	NS	ac2.nstld.com.
+xn--j1aef.		172800	IN	NS	ac3.nstld.com.
+xn--j1aef.		172800	IN	NS	ac4.nstld.com.
+xn--j1aef.		86400	IN	DS	32220 8 2 8CBAA94CF4C8387C6E98DCC53A90C9C7CE339029CF54D43E59E89B7D9C6F086C
+xn--j1aef.		86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . WtLrHu+IfYMO3EqUpuvs4ntemVjucgDRBiwRkaUSMwgUGf9PFMXV7/ZiPFsSKD1TTgY6vU32uEnZSOoD9UmM914c2Kx8hnSQKfe0Xf/Ymg9XsXECjUIeSONcKl2mmpcLiRE0NmNTVx+IKEEVcmciVFTec2ZMkuj/OwGBOyuUCOidEinier0kS1G07cWh9t35IiG9OowvOf4BeU7DqEQA8wtT0/XBkA0prO1oS8xR6KNsOfbUWMPbTl+FQ44VBNSDhiXyKDbh4Q3etR00qcYd6Mzq3jXY5RFOqemwbzRrtUsQxPDfKi7cyANMfhWsrXrzyJ70UlGT3d4ejt7UmmgZOw==
+xn--j1aef.		86400	IN	NSEC	xn--j1amh. NS DS RRSIG NSEC
+xn--j1aef.		86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . B0ZS5RCmFE9qnRlgcdTex0UHEkfr5XO5TeQNg+l/60lYCgviigxU6W7otHc2sQQJunXDbwI+yOwz7jptz3nqYy57Mj04Rg0YtVfwppIRknnm1BWN1OTy2RLkTbjXZRh4XvmZOk/ecEwwY/mxbUZCV93KowO9NaSqeIZoGcsLdsUjjQk4bsH1V3sSqI/luFYyt6A1W0GgPrO8Pn5pDKoNEo71bxuIWx6dqu+Q08mFQLP0xOXAcCRUKHashfmg3icoHIUz1yUBkvk236k9g2/3WjIc9W84GNGkEngfMo9ByXzj7R9t2Fqv9DH2JTbuJYhaXxDAji+PJQ5i8Q3eWSThNg==
+xn--j1amh.		172800	IN	NS	dns.tci.net.ua.
+xn--j1amh.		172800	IN	NS	ukr.ns.ua.
+xn--j1amh.		172800	IN	NS	dns1.u-registry.com.
+xn--j1amh.		172800	IN	NS	dns2.u-registry.net.
+xn--j1amh.		172800	IN	NS	dns3.dotukr.com.
+xn--j1amh.		172800	IN	NS	tier1.num.net.ua.
+xn--j1amh.		86400	IN	NSEC	xn--j6w193g. NS RRSIG NSEC
+xn--j1amh.		86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . vtA5JsC6G8LUnkbtqvRzzjXfy3EmrBahQYGsgGwKiOCqX3Y5/qvfvPG6hz9uWtPVwDEBSeOBgWdUtzoqMfGdcJ4fOt539hGD5iP5baGTGPF4leb2OsSPOm2T68mYWkxMno7csi/K0A2nHy9D69Iw2VCyrADmcJP9JqLfywzv06Cx8jYSamJeiGMU/WI96YRT688EQwO3t74Wl6mB3TmsUN3rcoa/JAcDT5zi8371iq0LtgPpu92VptLQ6m04YtaXIzedqby0qW3Y4tOeLIOah+yySvPtWGQ+GlLInkaWSTao9sB8c75v46zYSOVTm+5a1TElUsXrxldJ0Cie4zjpXg==
+xn--j6w193g.		172800	IN	NS	c.hkirc.net.hk.
+xn--j6w193g.		172800	IN	NS	d.hkirc.net.hk.
+xn--j6w193g.		172800	IN	NS	m.hkirc.net.hk.
+xn--j6w193g.		172800	IN	NS	t.hkirc.net.hk.
+xn--j6w193g.		172800	IN	NS	u.hkirc.net.hk.
+xn--j6w193g.		172800	IN	NS	v.hkirc.net.hk.
+xn--j6w193g.		172800	IN	NS	x.hkirc.net.hk.
+xn--j6w193g.		172800	IN	NS	y.hkirc.net.hk.
+xn--j6w193g.		172800	IN	NS	z.hkirc.net.hk.
+xn--j6w193g.		86400	IN	DS	51901 8 2 E6CA0901B162F725E226E514EC0FAB47F90426A2EFFA779337EFBB4965E56C34
+xn--j6w193g.		86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . GhDEJivuhui8IdxNBiELYfA/XamQWoBJLG2aCxUs+T8ONpqUFX+y/NrazPsYp5MZdoqlI2tGCexm+krqb+emxuUZOhjcOSJYcYaiV0kdECJ0eI03ll9t8Qa9PWRBPrGSXUp9RcghiiThlQSKNb7NQZy3Ym6fRKvGN7JHQwzDsGI17gEdc62WOZ7GY/qgOez6lIiLN/3QqVQVZT4xwdgbaE3ZHoiX1fNv3WvHQLFwr2j2+c6XT4krSdJIQAo07ujtvLKL9tSEVkX23YqG+7I75lcAe7JCeY0fDhrCu41fXfffZ5/jCoCJ32rOIOsZZICMsUG1kISN8W883cUJvNtLqg==
+xn--j6w193g.		86400	IN	NSEC	xn--jlq480n2rg. NS DS RRSIG NSEC
+xn--j6w193g.		86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . aVdGRvrh9BePsS9gAcUK/+e4ArXjZWbGuFin7QwsQJOISm9C94S6IJUGVuBzfm0kpmx2bJEMoHjwuQgicE/m2mt7+Z2Oquork1WIbxVhR5ClM2fsGvOsMyrhiNoFm0+2GC468izUtPTc0WZ31NGlWL+7ZzSkMaEqrUjSBku1akeK75P0UmRBeg89ajxN3UWutiyRo3wDnWIPypYwGszvXvxRm7XR9pMe6rgsDrWkL/4dLvR3fG1mNam1a6m4IQueYbAhob/28tgQJyuoNuCbaCVFqoErLZVlHvPBgIwy7U2ks++AYJS58puXjzj8ZUT75eqhZlcMRr4VMqmxXN44lA==
+xn--jlq480n2rg.		172800	IN	NS	dns1.nic.xn--jlq480n2rg.
+xn--jlq480n2rg.		172800	IN	NS	dns2.nic.xn--jlq480n2rg.
+xn--jlq480n2rg.		172800	IN	NS	dns3.nic.xn--jlq480n2rg.
+xn--jlq480n2rg.		172800	IN	NS	dns4.nic.xn--jlq480n2rg.
+xn--jlq480n2rg.		172800	IN	NS	dnsa.nic.xn--jlq480n2rg.
+xn--jlq480n2rg.		172800	IN	NS	dnsb.nic.xn--jlq480n2rg.
+xn--jlq480n2rg.		172800	IN	NS	dnsc.nic.xn--jlq480n2rg.
+xn--jlq480n2rg.		172800	IN	NS	dnsd.nic.xn--jlq480n2rg.
+xn--jlq480n2rg.		86400	IN	DS	31571 8 2 3CCFC69C090A34CA30DB066549363F433AF1B5066FA8BD957F9116D5404D12C1
+xn--jlq480n2rg.		86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . n0ySO1mRvrvoeEcs+APVPc/5F6P0y2j1B0cIq9TTO7HYDa23WNFTOFtD5mtUkRofVmmdkM4UcMj1o4o1W2OJpTOMZAZcRlm2I2wl8e/0cQ8deTKl3LanlAOknpIkG9MxUEIllqT65rDPJ5uUMkf1PIoeBz64GIfvZjNL8lGExhviKd4Cp5FkyZAnF1kwn/dgRkv1XrllBMgfDA67QUqnbp8A89GXSon3qsf0jLRxoUKaIJFxDBYoA7oSdgoFQTCZqmt7DgmU4QTXWuiMBtW1c/fFsMtxmfX+A/+UDWa0peYm8tgGBrSNucgBX2UDYOfwpbNfiuJVBlhSf26QcZT8Uw==
+xn--jlq480n2rg.		86400	IN	NSEC	xn--jvr189m. NS DS RRSIG NSEC
+xn--jlq480n2rg.		86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . gyJu6Zt8b4Hndxh3ehgpNQ5beEDNMzyPMKFEB8qlA+Z4UeZFkjCJ3LeMkIu8zb8mrtzpZaOzp7hyhhWyFsUcRq8TCs+ZgwYu0U47di4bix6ISHsFAol7XA16wQaw1EaCW0Z0DZIab+Hgm5qAllmlCKxUQ3RkDcPBUAdSGj2+fH6pB1qGxqdTlUNMjrIEUZqj1lUwpodTSljbz425+0O9SEQmqRFmrRTkAEOVjvUmZdfZkVJNZ9d1xMZxwuRmve2Qo/FfwCyK9qki3Nhpq+Ln6pYoDMYgdBNsyv08YHW6TD09/TLCXauS4fcHYsaW7vk35dCXzaA2z/apMgwheDV93g==
+dns1.nic.xn--jlq480n2rg.	172800	IN	A	213.248.218.91
+dns1.nic.xn--jlq480n2rg.	172800	IN	AAAA	2a01:618:402:0:0:0:0:91
+dns2.nic.xn--jlq480n2rg.	172800	IN	A	103.49.82.91
+dns2.nic.xn--jlq480n2rg.	172800	IN	AAAA	2401:fd80:402:0:0:0:0:91
+dns3.nic.xn--jlq480n2rg.	172800	IN	A	213.248.222.91
+dns3.nic.xn--jlq480n2rg.	172800	IN	AAAA	2a01:618:406:0:0:0:0:91
+dns4.nic.xn--jlq480n2rg.	172800	IN	A	43.230.50.91
+dns4.nic.xn--jlq480n2rg.	172800	IN	AAAA	2401:fd80:406:0:0:0:0:91
+dnsa.nic.xn--jlq480n2rg.	172800	IN	A	156.154.100.3
+dnsa.nic.xn--jlq480n2rg.	172800	IN	AAAA	2001:502:ad09:0:0:0:0:3
+dnsb.nic.xn--jlq480n2rg.	172800	IN	A	156.154.101.3
+dnsb.nic.xn--jlq480n2rg.	172800	IN	AAAA	2001:502:2eda:0:0:0:0:3
+dnsc.nic.xn--jlq480n2rg.	172800	IN	A	156.154.102.3
+dnsc.nic.xn--jlq480n2rg.	172800	IN	AAAA	2610:a1:1009:0:0:0:0:3
+dnsd.nic.xn--jlq480n2rg.	172800	IN	A	156.154.103.3
+dnsd.nic.xn--jlq480n2rg.	172800	IN	AAAA	2610:a1:1010:0:0:0:0:3
+xn--jvr189m.		172800	IN	NS	a.nic.xn--jvr189m.
+xn--jvr189m.		172800	IN	NS	b.nic.xn--jvr189m.
+xn--jvr189m.		172800	IN	NS	c.nic.xn--jvr189m.
+xn--jvr189m.		172800	IN	NS	ns1.dns.nic.xn--jvr189m.
+xn--jvr189m.		172800	IN	NS	ns2.dns.nic.xn--jvr189m.
+xn--jvr189m.		172800	IN	NS	ns3.dns.nic.xn--jvr189m.
+xn--jvr189m.		86400	IN	DS	7474 8 2 1A4BD45FC99D1B96BBF07728DA08ADCD9F7C3BC71851E140C5B1D0B6D7710349
+xn--jvr189m.		86400	IN	DS	29656 8 2 77FEB7DB568A4783B12ECB6DECAD2A0C7EF4C02E6CA448305380B2B4FFF29867
+xn--jvr189m.		86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . OXsyE1OJTdbSUaAbi1bWkM5EtbFnYooB/fcYR7tNTk16aXcDhXolAuoYW/o7gxE5JYcCoexoS3rVcWmOdVB/N9EazsasgvujU7hcaszW3hMBuHIXh6L4xVKXK6x6OgAMkok4l0FLsJYLArP4aCxcWO/dRW8ZA7Vnqkb49nkDgKVMj7E3V1BxPGs/DJ0mtnAFtMOHKza9SmLq7uy/a6Kso2xPH40Vb6A0APCy2rhJXe96KuUB8N07jSW1o+Mg+1LA+to4hpO+qSYqpvfA18RWntXgRA+J9P4s7TWcWrTyRHA4xTTbPqtHdy4OgADxSw/36454wJtsXNNc5ygjNN3cgw==
+xn--jvr189m.		86400	IN	NSEC	xn--kcrx77d1x4a. NS DS RRSIG NSEC
+xn--jvr189m.		86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . jup1GKkuT9YFMqSXkhDfHtO4lWea5t9HGRQkEH/SoM+Xa2uIl6rxO5FHp1n5n0tdJoIiIisJFDJvxcBe/FZ/uvq4/11Ls+r4iUz/sEx4qMm13RK1gMiGyBem80c78/Zky1j5VG+t2Il41M7gni/EzRwTZ3ugZh6oW3Aetp/+YGFCpWDfuQ7SWWseKop31vxfWEijk1BqGtdDp7ojfkniZI8PUuMLIo6caPQukKtDT3QnVLr+8X/t9rwfEtkQabNMFYQqhcA5Wa66M+LtEqqib/9LkStsT/Buif+hOKzw247t92g1Ri4iUId19NGiNFbVebCgVm9cRvs1cwVxvi9S9g==
+a.nic.xn--jvr189m.	172800	IN	A	37.209.192.10
+a.nic.xn--jvr189m.	172800	IN	AAAA	2001:dcd:1:0:0:0:0:10
+b.nic.xn--jvr189m.	172800	IN	A	37.209.194.10
+b.nic.xn--jvr189m.	172800	IN	AAAA	2001:dcd:2:0:0:0:0:10
+c.nic.xn--jvr189m.	172800	IN	A	37.209.196.10
+c.nic.xn--jvr189m.	172800	IN	AAAA	2001:dcd:3:0:0:0:0:10
+ns1.dns.nic.xn--jvr189m.	172800	IN	A	156.154.169.72
+ns1.dns.nic.xn--jvr189m.	172800	IN	AAAA	2610:a1:1071:0:0:0:1:48
+ns2.dns.nic.xn--jvr189m.	172800	IN	A	156.154.170.72
+ns2.dns.nic.xn--jvr189m.	172800	IN	AAAA	2610:a1:1072:0:0:0:1:48
+ns3.dns.nic.xn--jvr189m.	172800	IN	A	156.154.171.72
+ns3.dns.nic.xn--jvr189m.	172800	IN	AAAA	2610:a1:1073:0:0:0:1:48
+xn--kcrx77d1x4a.	172800	IN	NS	a.nic.xn--kcrx77d1x4a.
+xn--kcrx77d1x4a.	172800	IN	NS	b.nic.xn--kcrx77d1x4a.
+xn--kcrx77d1x4a.	172800	IN	NS	c.nic.xn--kcrx77d1x4a.
+xn--kcrx77d1x4a.	172800	IN	NS	x.nic.xn--kcrx77d1x4a.
+xn--kcrx77d1x4a.	172800	IN	NS	y.nic.xn--kcrx77d1x4a.
+xn--kcrx77d1x4a.	172800	IN	NS	z.nic.xn--kcrx77d1x4a.
+xn--kcrx77d1x4a.	86400	IN	DS	25186 8 2 484679FBE2D01F386AC34D3E523F48E0A691C90DF9EAE97B80494F6AFB645A05
+xn--kcrx77d1x4a.	86400	IN	DS	52825 8 2 5BB0DDA1180FDF0F6C0932F027C0B6FAF19CFA8E9848F954046D4BD63EBFBC5C
+xn--kcrx77d1x4a.	86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . d189+mjnSs8Op4KOlGQz9elUamKehLhVOGHMhMdUSim8WPZ4VDphiYRzk+Nja/eh2OHVhhV74m499qt2EMqpODSHjeVJ8MvMRcS5tgx2WndreRKxhJ4zQc2AfvOapRmAvvjBzU2TuGVC1Q0OHxCvUy9/P8AARdW2nFC+1M6wf1DLXeARlbrdkTelU5e5Uw/evEvQhynwzT+/KGw1rTOIEnRZmLorKPKcF1hcpB55FlluzkqLrfuRuTNR9sweec2sb1SN70nYv1xw8HVHXjbi9R/jYxu99ZJZrP4M0CWE7MA8xl87hNa/v2QsgkgHKAGQSqzurFLeDHI5pwB75IIobA==
+xn--kcrx77d1x4a.	86400	IN	NSEC	xn--kprw13d. NS DS RRSIG NSEC
+xn--kcrx77d1x4a.	86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . YzQfI2bf4F6p2lRh08u0xvfYsEz8NsCFeYVdtRqjSZPH86cWqOL1kEt3AOghkug0Ap0DQrm2LnmB4MbcpG5lKVoC8OEFJrXfQ4Jw2mh63nyWQv0J8ybP5aNwbCC2cGLA5C6OanDSIVQNvOSUQTvIoncBs56pvGTug/oNUXu6Z8AbfrbceDIGf4awl8PaFhNrD7x0ninUoYjitiudC32GgvPH06DmskHDJ8lb7fQPO9v0WPkkldPC64pMm7jH3B7b2dcS0C56GJO9M/s6uT85zCwwiiXvgiu0HMc/wSwOrv+LKsbqCO8fxbiOnQ5I2XgfcS44SMKClRTYnIR89E1XWQ==
+a.nic.xn--kcrx77d1x4a.	172800	IN	A	37.209.192.9
+a.nic.xn--kcrx77d1x4a.	172800	IN	AAAA	2001:dcd:1:0:0:0:0:9
+b.nic.xn--kcrx77d1x4a.	172800	IN	A	37.209.194.9
+b.nic.xn--kcrx77d1x4a.	172800	IN	AAAA	2001:dcd:2:0:0:0:0:9
+c.nic.xn--kcrx77d1x4a.	172800	IN	A	37.209.196.9
+c.nic.xn--kcrx77d1x4a.	172800	IN	AAAA	2001:dcd:3:0:0:0:0:9
+x.nic.xn--kcrx77d1x4a.	172800	IN	A	156.154.172.82
+x.nic.xn--kcrx77d1x4a.	172800	IN	AAAA	2610:a1:1074:0:0:0:1:82
+y.nic.xn--kcrx77d1x4a.	172800	IN	A	156.154.173.82
+y.nic.xn--kcrx77d1x4a.	172800	IN	AAAA	2610:a1:1075:0:0:0:1:82
+z.nic.xn--kcrx77d1x4a.	172800	IN	A	156.154.174.82
+z.nic.xn--kcrx77d1x4a.	172800	IN	AAAA	2610:a1:1076:0:0:0:1:82
+xn--kprw13d.		172800	IN	NS	d.dns.tw.
+xn--kprw13d.		172800	IN	NS	e.dns.tw.
+xn--kprw13d.		172800	IN	NS	f.dns.tw.
+xn--kprw13d.		172800	IN	NS	g.dns.tw.
+xn--kprw13d.		172800	IN	NS	h.dns.tw.
+xn--kprw13d.		172800	IN	NS	anytld.apnic.net.
+xn--kprw13d.		86400	IN	DS	3667 8 2 8AC78818CCA7D2CD3A323BEAD03CCF68025CA932219014748692F12ED7A4B2CA
+xn--kprw13d.		86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . YCK7vvjTZcM0jAyCg30b6DD7jVF1PwXFM9FgzEu5aftXJnanrcjlvFWZGgnJrduSs8usUH4cuc7TPhNA+ASURVN5kSOjDUW/Zhk1gKtl/sYroXT53+jO/Rh9L6p11VMyrqzsCpO2MMwCHaM847bTm9R5O1pC+C36eRGEptDr0d0O1e3fdQovr6aCaOyRYfmBMY3IT67/kE4Zbe87ogW/nXbIfIEDBlLQvNQ9m9mLfuGATArDZNBLEUE6JCQsLu/F8bdrF3jZZIkTYOyMkzH4U3G97oYfcXIGC2z++crCxJy/sU5j+13RZY2uvgOK79gu3VNErM2g7yJq/PuBBzPyrQ==
+xn--kprw13d.		86400	IN	NSEC	xn--kpry57d. NS DS RRSIG NSEC
+xn--kprw13d.		86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . g18iqx2aPaVPwK5V1eWw5I5HWfA5a3eh/1mUkRv68qBr6wngOFY8t7WTY6X5Z0IK4mKP0NR3nlR628R6PtcL5l5CqKKFt8K+02TpY3I0DN5tl9BLVxq1KdShtNpHb9si60do0ZLPXqZg40ZKNQQf1QQWtjxWa2O76OVs9DFuOPd9oo/tyoPHrHDevyUyhru53aZVS59s6N470nYrvZkPeoB0ssT6lMuFbrPxpL60YN6vm3zzYKolETPPjU6wXFi+zMs4u7x1GoB1HRfmQoku6dal+qrGc8/OGgxvY32YUp01h2mPOww6TOlBoik3cq2SmXyIZRLfHi3i7sPlf+ryTA==
+xn--kpry57d.		172800	IN	NS	d.dns.tw.
+xn--kpry57d.		172800	IN	NS	e.dns.tw.
+xn--kpry57d.		172800	IN	NS	f.dns.tw.
+xn--kpry57d.		172800	IN	NS	g.dns.tw.
+xn--kpry57d.		172800	IN	NS	h.dns.tw.
+xn--kpry57d.		172800	IN	NS	anytld.apnic.net.
+xn--kpry57d.		86400	IN	DS	15901 8 2 119F2B2637AEB13DA5C5D5B605DDCB9389A811A27D52102D9DF28EE507C02DA4
+xn--kpry57d.		86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . u4rN1IM8D9BDmMrGh7yHX1S72brJoPHZoMgCeLCztH206jTtLljlfRrRZjLNk9cC0WMH9NIIrEc3ToY2mm98iLnM+iW38B+1j5jTXL3965jK2o8xXndf/DiUdaJsfA/255iN1UuY2g54Fc0LnClfJdkeLi/MujZnd7pKdkIcrrCmxQlstSiDZrCEewvd5FkrsknH9nL3i+hQCy6ItYCDxR8kmNFjRfmlZeItYaKBB3SITEP1QfzGJMi8I62iHwqKJzkOsxpxddc6HBRbqpZGbdqYk03CucmI8oowPtULRZzQZriuc9je4Ctm+FIC4v+we3UYixUSJXraIet72l3Inw==
+xn--kpry57d.		86400	IN	NSEC	xn--kput3i. NS DS RRSIG NSEC
+xn--kpry57d.		86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . cJYeyHgsyQzNDaoqx+F+/A60nAneLk7H767V6Y6Zwzyz92DIc486IFgzCS0hWN4XuACLsjBUNmzcvOY2LptfzfWxJrWUeq/pI5XsnWih0s7dcLu/PNiAzwy7p6/gsp2Ce+KPn/7VXQUCc0DT2oQ0ZO4GHz3k/SshbzOQiXCl1YtqxWI+IBgHe/0oKFSK6JHs+/C7eEnFhE44LXNutwjuEURGOjiqB/zyFxaC/K3LlUbR4D3B71Uni66PE0TQGii3ezN9u/l8E7TSKbphlTyAY4UvGnz6uPCSSxNx6qXSdOS0atWn5lyCqlGwrCSHR+b+Fhl/HVHBjlXOIm+gfuAyYQ==
+xn--kput3i.		172800	IN	NS	ns1.teleinfo.cn.
+xn--kput3i.		172800	IN	NS	ns2.teleinfoo.com.
+xn--kput3i.		172800	IN	NS	ns3.teleinfo.cn.
+xn--kput3i.		172800	IN	NS	ns4.teleinfoo.com.
+xn--kput3i.		86400	IN	DS	27565 8 2 A00D06BA7171102D9575F47AF108B70FF9E24CE0D2ED3AD8F8923F14BB58F217
+xn--kput3i.		86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . 1ukdbiNMjiMKk05P/BcxeIbVmq4g7M+pXk86VsxonFuIc4e7eAkCxqVzkN0ZuK8hCwO1L90qmk+KfXXmkFcH0eZj5qdKGMWEeRJ9Lo0sRe/EAcPeUVl7Ye5x5L4G3yLk5Dwn4JN82+3cWcV1aqSVGpI+qAuCyb3m8isNH7CtdAiSeQSdodezEL6qzCeeUt7MvrKV8Uymuc6Ow4JM1dHtBscZ8uBcCC68T9FWae+XZq0V3LR6vSsCqCtqornVG5yGsRK9T2LujLGJBAlYvxjxl7B3LhFeDDyXQ6IGfR3fof7EfkAfFG5Vb3NIP/aPSNSEzF5NjVOKmcppYrO4E8g24g==
+xn--kput3i.		86400	IN	NSEC	xn--l1acc. NS DS RRSIG NSEC
+xn--kput3i.		86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . sGux2shRCeiD3Am5PDKk7hVb0O1ycnIYYLYt2L4tQD955c7NotqWmQdYnmZ2c//djuQ1hJpvqhK2hwgQk7SlCJOdfzNXqt88IbJkUGcqTwfyYvtk1oOYnE1Dac86Aojsy2HjjvUfin/TCaSNgIGKZuU3MsDR0ahn3hx11Y8Qt+PIsgQvaLYXwaUJuR98/ld/ti31afqLoglh01koWqTSuhRRzTe2smuPhWEQh4p5NtvfsWmhnS/URY/j7hm/fufhX/fjqMs6vVhw7rqdH7+0LhBHdIyIVMBHUk2ZxMux5RY3qV8Ml7q+BfHi8hCyGIWhW7Nd4AG/mzkPPrRxXgKMbQ==
+xn--l1acc.		172800	IN	NS	ns1.idn.mn.
+xn--l1acc.		172800	IN	NS	ns2.idn.mn.
+xn--l1acc.		172800	IN	NS	ns3.idn.mn.
+xn--l1acc.		86400	IN	DS	45112 5 1 1F4351261342FC31DAA8D5E4F1D4FBF6EE0D9857
+xn--l1acc.		86400	IN	DS	45112 5 2 1CBBA9081B31B12FA98F5B7FEE95751BD16676E41A2ABC0B25BD0C0031474492
+xn--l1acc.		86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . oZ458GnfmI41BPFKK6Xr9vq/Vl6xUwEdzn2saFDpxEql0cWu9+p3OzK0f7bnrlo6sxg0cUfLzP0+MY7m1eC/SoDogLFCLEW+w6UHhiG+VNKvUXYgX4xJHUI47U5J4C6J2wgpbrH/x0auNp1AVmzZgXBJp2KXLg7HD4Cld+3jUVrd9Y7FF6X/V7hC4Xmgb/ZS5EbZC5zSU8KkDa9qt6N0y9KencmhsHXYMKc+yvh/c8oGIH5LslHqKF/Moaik2ZDM/hG0IFUQOdZm5DVkNFdj76M4bldA5tWY+W6zaV7N6GLtyU7QbSy14EkEvzycWl3Yo/wjN5j+tgCOael+23ztiQ==
+xn--l1acc.		86400	IN	NSEC	xn--lgbbat1ad8j. NS DS RRSIG NSEC
+xn--l1acc.		86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . CqbT02pBtXhYW1ebALzNbp55R/ZxzQkxN9Nnpq22nhtBFd5zmwtqD7BMIEhQe1aijo8wuyQTw2/o0sZGSZIPv6HyXM04zaecfgXE3C+37l9TXp/J8nRxxCP5QlrgtiN1Pp09a/f7/hUfclYoyZVALp4l68SIfJ0K2mbaEzJBAiB/FDxI+4EMiqjGvbMeCvuGyPoNGhZbKtCt0FndNhhJ8WVswACKVHmKTINZ3xYDh+z/I0BhGYnyeQBUXmFf751hYd88/tjZotuGBnH7XRObs2w7GQsGjd1aT4/teEhkG7yWPzkIf5wLQG+4Dcl8RGNK8jpDcT0vuhrRQ/VNVQkizw==
+xn--lgbbat1ad8j.	172800	IN	NS	idn1.nic.dz.
+xn--lgbbat1ad8j.	172800	IN	NS	idn2.nic.dz.
+xn--lgbbat1ad8j.	86400	IN	NSEC	xn--mgb9awbf. NS RRSIG NSEC
+xn--lgbbat1ad8j.	86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . AXFQDxNyDu3N59hq6FcUQ8x4M0/IpDqFUUrwoxayLtCMGSKZciCHwOs+8+7flDPgFKpW6AFVUw2wcYB8HkyEgyLW00NQRKezf2qDl62vRK7+iyV6iBNUXsESxvxkIKWqN3RyYrkEIDWv5fD4JyJnftRNxIz9qHzoFJhv0VC7ALH+qpkcEpHAJFiU5TADu9H6lTTCaVMFPKmaJETBQjoM7M+XPngbVFLBatZuv3JgcH3Rn/leEPpTlrTikc4UnYQhwyza2L/u125HdXyJJoxKKNiP/cviOGR3KZeCioxHM7ptu0hZjhK/IC1Y/ZB3NUKbPv5JzvUgk+7CiHwY+HrU+Q==
+xn--mgb9awbf.		172800	IN	NS	ns1.registry.om.
+xn--mgb9awbf.		172800	IN	NS	ns2.registry.om.
+xn--mgb9awbf.		172800	IN	NS	cctld.beta.aridns.net.au.
+xn--mgb9awbf.		172800	IN	NS	cctld.alpha.aridns.net.au.
+xn--mgb9awbf.		172800	IN	NS	cctld.delta.aridns.net.au.
+xn--mgb9awbf.		172800	IN	NS	cctld.gamma.aridns.net.au.
+xn--mgb9awbf.		86400	IN	NSEC	xn--mgba3a3ejt. NS RRSIG NSEC
+xn--mgb9awbf.		86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . x5skPx2fzbFfM1Jd5tQe7DE6P6DoEvTQpS8QKP5G8cKA6zoUdRIzcMVbdzyFwfz5DlF3hOBi9lNrVwWIOFzPZBggzp1RnD/zFHVMcbEm4wE5/yEysjSo33siyseo5uIpDHKXMr3nRT9fU+hKd5s4Ohos8DwPYyVM3elxD5nzgqUODN+zNk5icGV9Q82iCcm64CMSSggkmWoG5L1+ob/7bj1C5efG+dEvaZC2dPzC3mb9IPUgfVLdj09KPw+yq2ERSQa6pzTnL2yhMRwl/iDzqHD9TFJDE91tqdTD7qfvpUDO0VkC3WW5CFsSDCvpN9+FnzQkTwZPZGqmHFHth5kz8Q==
+xn--mgba3a3ejt.		172800	IN	NS	a.nic.xn--mgba3a3ejt.
+xn--mgba3a3ejt.		172800	IN	NS	b.nic.xn--mgba3a3ejt.
+xn--mgba3a3ejt.		172800	IN	NS	c.nic.xn--mgba3a3ejt.
+xn--mgba3a3ejt.		172800	IN	NS	ns4.dns.nic.xn--mgba3a3ejt.
+xn--mgba3a3ejt.		172800	IN	NS	ns5.dns.nic.xn--mgba3a3ejt.
+xn--mgba3a3ejt.		172800	IN	NS	ns6.dns.nic.xn--mgba3a3ejt.
+xn--mgba3a3ejt.		86400	IN	DS	11089 8 2 C3A28D5F3C622803433961C5B5769C4DF33E5C83ABE9D1C2DD78FF4657FC8468
+xn--mgba3a3ejt.		86400	IN	DS	60499 8 2 31728B6312E2EEC4D09535252D0B46F6FDB80969882CD9E76D0320F3A2E37798
+xn--mgba3a3ejt.		86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . pmZcMD3jwMHX9eMJRYzgHSWcwRzQOCIE9mIuBHWXZHrih3Gb9FnuqHN/LmuQiT87UIvz6tMZjuPO9Z7Ytc4SRWI1P3oMG/u3czfFvyQVN4QKcmkk0QcLUx6Atihy95pZULtouKqgll2d3ENxVZyOeSk92FtRUghx/VCI3sDJtCiFaf8bXxrHtx8k3nr/wvoNjA88udlueo3uDXu7I1vGMVKxdMhKWYynybx9/NVhsCFoHCAAQx9la42AGm4tTAViHBTajHx9oqHR7X4Hz+6opZnZahTDitf1Hf8JSk9BfCHmzvAt5DGdHgPgSgq+kjAYGH6WIEydyf2firfDoxzgcg==
+xn--mgba3a3ejt.		86400	IN	NSEC	xn--mgba3a4f16a. NS DS RRSIG NSEC
+xn--mgba3a3ejt.		86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . wnKkF+mWpdasugI+tO+SXa+vD5vtGVpIyefzcvHNXeAvwjcYaH1q3o3Qn3uc2PI6Mte85JK4ZlRBNXRdUfQD3Xj0v5Sv8tOYDPTvArs244BZjNuSJva9LAud1o9B4ea7R8JSMLUf6M5n1nY8m2k7dUBl3IIaRrTwHwv1XF8snRKsOmc5/LFAZSzlnITcF15E8QUs6wsI/PtLJOkQX/aaniw5QZnqaG8mfSaISNvJao7rO5+4SWXfNJNimxtpcvUX6XGdD/kCl7KyijkGnqjQziA3rGhoC7VqnSi9wCFopVPVeb5hwgskceAg71kf07YaIg9QHwEH4793JaM6Et8a2g==
+a.nic.xn--mgba3a3ejt.	172800	IN	A	37.209.192.9
+a.nic.xn--mgba3a3ejt.	172800	IN	AAAA	2001:dcd:1:0:0:0:0:9
+b.nic.xn--mgba3a3ejt.	172800	IN	A	37.209.194.9
+b.nic.xn--mgba3a3ejt.	172800	IN	AAAA	2001:dcd:2:0:0:0:0:9
+c.nic.xn--mgba3a3ejt.	172800	IN	A	37.209.196.9
+c.nic.xn--mgba3a3ejt.	172800	IN	AAAA	2001:dcd:3:0:0:0:0:9
+ns4.dns.nic.xn--mgba3a3ejt.	172800	IN	A	156.154.156.15
+ns4.dns.nic.xn--mgba3a3ejt.	172800	IN	AAAA	2610:a1:1074:0:0:0:0:f
+ns5.dns.nic.xn--mgba3a3ejt.	172800	IN	A	156.154.157.15
+ns5.dns.nic.xn--mgba3a3ejt.	172800	IN	AAAA	2610:a1:1075:0:0:0:0:f
+ns6.dns.nic.xn--mgba3a3ejt.	172800	IN	A	156.154.158.15
+ns6.dns.nic.xn--mgba3a3ejt.	172800	IN	AAAA	2610:a1:1076:0:0:0:0:f
+xn--mgba3a4f16a.	172800	IN	NS	a.nic.ir.
+xn--mgba3a4f16a.	172800	IN	NS	b.nic.ir.
+xn--mgba3a4f16a.	86400	IN	NSEC	xn--mgba7c0bbn0a. NS RRSIG NSEC
+xn--mgba3a4f16a.	86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . bp1SxwRYIHCQaWFoGkdLq4WNc9/uslD5IWdt+gDOV1zczx9ms6fqunKbPcXPxejd2o9L7bgOJ9L7Eu/UUhDAHZcJTb7Q/gSVehow8YC/18yFrmExglJhxT1Fpuo/JdVG8uYADdN5cdLed6t1U3R9cFGvzVLSm//D1qKwxWTTmLRZVr4QRmji5FenTDnKPaQVTkP30YkQnv+vtDhG0BHgTOdmvaS2OR3zUnoUDLzfXOkldNI37Y+LoE1Z59DG6vep/+yHqTANocYyT4MlnY3jfgKFV3HelDgMxcHNclHEQ/sPVNzUGtZtZM0o1GVZqYZIzJ7E8oZByOExQo+onHH/Kw==
+xn--mgba7c0bbn0a.	172800	IN	NS	a.nic.xn--mgba7c0bbn0a.
+xn--mgba7c0bbn0a.	172800	IN	NS	b.nic.xn--mgba7c0bbn0a.
+xn--mgba7c0bbn0a.	172800	IN	NS	c.nic.xn--mgba7c0bbn0a.
+xn--mgba7c0bbn0a.	172800	IN	NS	x.nic.xn--mgba7c0bbn0a.
+xn--mgba7c0bbn0a.	172800	IN	NS	y.nic.xn--mgba7c0bbn0a.
+xn--mgba7c0bbn0a.	172800	IN	NS	z.nic.xn--mgba7c0bbn0a.
+xn--mgba7c0bbn0a.	86400	IN	DS	2662 8 2 A083E4E9E6F8037D89DE242FFFE38E301BF73B7E3F132835B239B6D68258EA9F
+xn--mgba7c0bbn0a.	86400	IN	DS	49291 8 2 3BDA917F1A0FEC4728394C77584D299DC23814CBCC508A46255A2EA944883CAA
+xn--mgba7c0bbn0a.	86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . ZSkd29530FSTipAoBnrzMYvGv0SGRlDcahCbiW/Gimk1gR+gymy4msrIB9Z+xtZdt72QnO8XxBiMRyN3DOFkFysMdGwyp1AC43LTbJL2I7sc/0M/PTQ9OjrDjQCDysGemAnzaOQMoVP/KAZFJ5TPubd+3uG6h2MSMlwO+i4ltXJ1/LDWRjLnI+ie9BUqaFKmUPV2fNR2b4F+Lci97Xiw3/n+OdQhKlATFxbWDE1lLM/ZINiwJISB1BGddhnaeFAjVEnXY+vtWCCd316Zvvr4BCbib5G3SVNm8XYpilS1Z5H+rwfA6VxUbkBsz41hrMAIuFVSjDjOSsO44F5aRuWNsg==
+xn--mgba7c0bbn0a.	86400	IN	NSEC	xn--mgbaakc7dvf. NS DS RRSIG NSEC
+xn--mgba7c0bbn0a.	86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . wKwXUxKGF359RQXSG7A56jP3ujnuwi4VZgFaZi1j7hT56Dcn5CsY/ZYU1AnllLUPlZW/f+MBInE/1uJDhNAqRe2K1Y0HZVAutdSQDASMOYDYxLBq8LSD7gPAppgmNPNCR3On7R9gv7opU8eDNVxkLFMB5e5Yi6xh/M0Hrz5T6xKth0VPhHvMVA8rgBntRy5RrH4xkE57Sb58DE66TQwphYsFg1kAN424uKj2EubibRuo9OpUO8e19xfnbAEViRuGRYGZ0Z7uia6+/SsxCgG88a8EzWpNb20aeZHJTIz6YAEL/EKqPsIUxDiNh/lEJwSrsUhtnEt8IbfTqS3Wgzwznw==
+a.nic.xn--mgba7c0bbn0a.	172800	IN	A	37.209.192.9
+a.nic.xn--mgba7c0bbn0a.	172800	IN	AAAA	2001:dcd:1:0:0:0:0:9
+b.nic.xn--mgba7c0bbn0a.	172800	IN	A	37.209.194.9
+b.nic.xn--mgba7c0bbn0a.	172800	IN	AAAA	2001:dcd:2:0:0:0:0:9
+c.nic.xn--mgba7c0bbn0a.	172800	IN	A	37.209.196.9
+c.nic.xn--mgba7c0bbn0a.	172800	IN	AAAA	2001:dcd:3:0:0:0:0:9
+x.nic.xn--mgba7c0bbn0a.	172800	IN	A	156.154.172.82
+x.nic.xn--mgba7c0bbn0a.	172800	IN	AAAA	2610:a1:1074:0:0:0:1:82
+y.nic.xn--mgba7c0bbn0a.	172800	IN	A	156.154.173.82
+y.nic.xn--mgba7c0bbn0a.	172800	IN	AAAA	2610:a1:1075:0:0:0:1:82
+z.nic.xn--mgba7c0bbn0a.	172800	IN	A	156.154.174.82
+z.nic.xn--mgba7c0bbn0a.	172800	IN	AAAA	2610:a1:1076:0:0:0:1:82
+xn--mgbaakc7dvf.	172800	IN	NS	a.nic.xn--mgbaakc7dvf.
+xn--mgbaakc7dvf.	172800	IN	NS	b.nic.xn--mgbaakc7dvf.
+xn--mgbaakc7dvf.	172800	IN	NS	c.nic.xn--mgbaakc7dvf.
+xn--mgbaakc7dvf.	172800	IN	NS	d.nic.xn--mgbaakc7dvf.
+xn--mgbaakc7dvf.	86400	IN	DS	1841 8 1 3ABD4823CF90E3891ACC13438DB4953AB99F5255
+xn--mgbaakc7dvf.	86400	IN	DS	1841 8 2 91BB6CEFFE38DDB9BD891A2A9D3CD1A86A6862F23F5E1BF5E9C77944BF47C030
+xn--mgbaakc7dvf.	86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . Gd7H7Qlp1ns/vnPnVJ1/31084/R325t/+hqTLn3kfP9UcyKAi5qZVTohZOd1nVq8IdwTc9GMlR8lwVqtC0EmdyM9ffppBNyiW8nEe/Qfjd4RE62IXldwhkQWAWpUIwnKmxsiAZo8nokPtaamC41PPMYu1LNLP79DJHvkX4zcjTrfgbisipXtYQCQ5bv1RKcpyRa8l1el4yPCZ+De92QwxdaDgScVVUOy58p2AjHcJYJjCzJJGO4YGF9NxT0fW+Ky/fNQzV6YfU0z9sg4ClXilNeNmkL74UuphtrqYNqg9NzU2O0MXDK2I8+sfCD7mnXtqfzy0OF7Z2Ca5gKrzY+YrQ==
+xn--mgbaakc7dvf.	86400	IN	NSEC	xn--mgbaam7a8h. NS DS RRSIG NSEC
+xn--mgbaakc7dvf.	86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . USaL2aiYSTDCQceqid819BuRQ/3F/64ATOCb61dDUAqbFirR9JxOs7KNhPEXhpClZpWV7uYoX3UJ+14wK8p9xxgX2TMEN2mI1H5LNTDL8vCX/Or+lBjKnWASl2UzR8n93XmfcaHar88OSFlK1jQ2bInBGcLSF4mljIUVup7foQ99RBYBltyRlduCcOhIoph4Nvj9GFS3FtfDMzs2vN25SVKZTUpHJXusi65fnNBLB2BVcXoO+TETrFwLQpGkc/j8E2Cu7OO7Sh3OcMAyD9/uW68b2bajRNBMF8ULhqXMtFB7QQ6gicXE8h+k7Bam+I4tXBP7WDsZWQ8seX0sp7YYsQ==
+a.nic.xn--mgbaakc7dvf.	172800	IN	A	194.169.218.23
+a.nic.xn--mgbaakc7dvf.	172800	IN	AAAA	2001:67c:13cc:0:0:0:1:23
+b.nic.xn--mgbaakc7dvf.	172800	IN	A	185.24.64.23
+b.nic.xn--mgbaakc7dvf.	172800	IN	AAAA	2a04:2b00:13cc:0:0:0:1:23
+c.nic.xn--mgbaakc7dvf.	172800	IN	A	212.18.248.23
+c.nic.xn--mgbaakc7dvf.	172800	IN	AAAA	2a04:2b00:13ee:0:0:0:0:23
+d.nic.xn--mgbaakc7dvf.	172800	IN	A	212.18.249.23
+d.nic.xn--mgbaakc7dvf.	172800	IN	AAAA	2a04:2b00:13ff:0:0:0:0:23
+xn--mgbaam7a8h.		172800	IN	NS	ns1.aedns.ae.
+xn--mgbaam7a8h.		172800	IN	NS	ns2.aedns.ae.
+xn--mgbaam7a8h.		172800	IN	NS	nsext-pch.aedns.ae.
+xn--mgbaam7a8h.		86400	IN	NSEC	xn--mgbab2bd. NS RRSIG NSEC
+xn--mgbaam7a8h.		86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . XnOnL0OUUsDlEJxrspBWQrrQZmrdl2D2IevGiGoxpz3PELsRooWF0XGlSMQkQZHwDRdf/bMYNtUvi/MTmnXxXPAnJCauHmSqKFnkz+xJvz1rI9G7i4gsJrFSBr5py0wFOiO5CLSI18yw5tj8BVgP8qbDVfYCGWeZzASfRnYIu+nXDHqd4x6RciC9ENbQOdaJqhHzN/6XItZJetfi4zO/c8AFqDksuR4C1xKtiwh2KjVdvNhsAOy9KgNzM6wbGF3G/Opt5tgBVOIc6YesHSu1c9Gsk01aduO7G9pYHIqAmirt7uCinYquyOSt+MgoMNvC1gTbwpHIdjHSUTaYIxH4Ng==
+xn--mgbab2bd.		172800	IN	NS	anycast9.irondns.net.
+xn--mgbab2bd.		172800	IN	NS	anycast10.irondns.net.
+xn--mgbab2bd.		172800	IN	NS	anycast23.irondns.net.
+xn--mgbab2bd.		172800	IN	NS	anycast24.irondns.net.
+xn--mgbab2bd.		86400	IN	DS	47778 10 2 0EC09A1126F31B2C64C4CF2302EC87B2F12375485347BD4BFCBE93DE7D33B7D2
+xn--mgbab2bd.		86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . knzqJfvc0kyo7GsX3TcS+aL1/I7LA7T8WZKJZSDl3gL46qcmup9qMJDhKLIhvjhmLJrCQZEbWxm3ncpvOV+rndiM/hWeJMnlHTSP0caRvVh5x9UgH3jcOKP2Yr8fEiNn9Rq1LkzW6/2Hm4//A93ddkaCGYrq9azhOjalFeaZLOOXMfHIqh6bMh+ZlEWk+vJsLjFo7LoY9BIeV3oWacYjxnYinybp4lUaS4Ui3uWvryNrKrySyu1BPaZyvX2pf9M8V8cO8IX3bcmNdu9a3cyE+VyLAf30kClnqgsniAW1fg60OCGUlBURsWcWZF58nFcZG2wSct1e3zEbPiG7nVgy6A==
+xn--mgbab2bd.		86400	IN	NSEC	xn--mgbah1a3hjkrd. NS DS RRSIG NSEC
+xn--mgbab2bd.		86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . JYcGB+IpUIu3rtZVb3cSsWnKlN5+55hEl/U1i5eOBdIpK176qRwvI6jysVZaLop71AR+dC+/EHxG3clBQV2EDzxlyNMuev4vJUJ7+496mNJE2rge9fEHVwtByNOo1DC7aoosEPO0kOtpvB9HpehBeJM4QwMR2imgkjbRq2a2cAbxTdU14MDHioIVqAK/8UNKOIii41xMwVp63Aaszw9cMFo17fisM+NdnqrszPfVopg3Ptvo8nrQHzgfvnhTrOs4K73Iub5aym3jlfg50Ss6NJAMOh0plmfYXMAun+JSwf3+PFRBcXo6/26m5SD0QJTRmFvJAri68YBLIJea3ajiaQ==
+xn--mgbah1a3hjkrd.	172800	IN	NS	ns1.nic.mr.
+xn--mgbah1a3hjkrd.	172800	IN	NS	ns2.nic.mr.
+xn--mgbah1a3hjkrd.	172800	IN	NS	ns3.nic.mr.
+xn--mgbah1a3hjkrd.	172800	IN	NS	ns-mr.nic.fr.
+xn--mgbah1a3hjkrd.	172800	IN	NS	ns-mr.afrinic.net.
+xn--mgbah1a3hjkrd.	86400	IN	DS	19030 8 2 9C1324BBE5B1726510CA3EA47E2D42F7E6C6A09BAF424AC344F32DE5488AE5A9
+xn--mgbah1a3hjkrd.	86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . JIsVJlCSLXlywVdvlou7FtUh6faAlnopzRM88Cd7F4is1dW4bct8ioIlyurxocOL4chOSHa0tf4Y6hxXC2y65XLU4Ert5nvSmC8879T0qbh5nFvYeCE7mTzXNmafEhjvL/gVy5kK9W//61SgNnGz0ZLPTQdUVkIi/eGlmmARB2mWqkl6h2PNtb24uXvF7ykTRrXO1SQFSHTqeg57kNLYDJDCW8jb7cyQKIG1Pf+167XLTMldvLSYdA3KXhe69tlXTErXXgcvOodQqGp5RJjUIADkgquzg79IyRX3aCNlIL6/kAyEqoTbIHocUv2QHzle6Ioqq6bFc45JbUpLG0xr6A==
+xn--mgbah1a3hjkrd.	86400	IN	NSEC	xn--mgbai9azgqp6j. NS DS RRSIG NSEC
+xn--mgbah1a3hjkrd.	86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . Bs4xHi3Dn2ksr7Re9SWW7+mqSWfvPU3SOLxL24TFs8RAwVGZe2l6cGrWyzsxFIqGp2qFEzvczU66lmMtaeRh7+Hblh3OZwsNZpY18wg5OQsTyypy+HClwe63tTFmaD5L+ZeT0fvFsjyYgQPGhs8GSVkuapYAuRXHfm+7qok6phJTAMK2TMaqnsG4jvlXtRKOaojSnzjsZusun56TgnKqVCEW5opObFgzgOGP1jdxkaABnYz89jvRW3nE2KA0gBiagA1rWJ+vfIiHVz5LRRJiwxMCRxiSRGYjkBruJ+YRcbdONrffOYDhNC4eRFoFLjpaecE/TbD3MkCKyqfznfHVTg==
+xn--mgbai9azgqp6j.	172800	IN	NS	ns.ntc.net.pk.
+xn--mgbai9azgqp6j.	172800	IN	NS	ns1.ntc.net.pk.
+xn--mgbai9azgqp6j.	172800	IN	NS	ns2.ntc.net.pk.
+xn--mgbai9azgqp6j.	86400	IN	DS	21720 7 1 9FC6318AA15A43B4CF11D3F64CD678935E40402F
+xn--mgbai9azgqp6j.	86400	IN	DS	21720 7 2 BB7D853DFDFD7A39574CE1B5D3009E5C813264E614430C1B29C894C090393DD1
+xn--mgbai9azgqp6j.	86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . bveYAUdg4wQ3cX7+wJL1ZAJVTH1KDkbvmPIYt++AJn0kiL8IdSWz13wjDabZimhB/cLyJVOkKS2yEZITSYW/dXTPG6DFoEQC3dIvNZxq6ui7dixLhfmscdDG5ty+sJS7pXuyFarixtu2jbClA0FTyvFD/EjGIEV8PZNTfqGWttnu+7uLVFYYIsCgczzW6jKabAq3palqo/ax7ZXNDLj0IGAE88tdl7RlUxJqZCj6+6jccNpUlYAXAfbmRgQ4Kd0DlE/Ap+mfnT37//Vrg0G+S6wZ2r4m8El80P/CX+S+7NnUFu53k17S6YeBtvDBM7O+Uz3D0jHsKKtUeplmKxUp2Q==
+xn--mgbai9azgqp6j.	86400	IN	NSEC	xn--mgbayh7gpa. NS DS RRSIG NSEC
+xn--mgbai9azgqp6j.	86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . GAzBysR4KsYHEOjrRTXrGt/wCFe7QzJIpgQrnO7s53aWATnwYO0cZUehHLo9l427ZogJBgaNGQU8pN/3J6qmPWaxdaV29y9VK4ja7y7OaQyP/mZ7enRZDLkSdxkHdXLcd3hKMwmFmzkhF4G88qOGD3DNhO6KOE4cbVux6iesvZTVJlYEJIFZlKEJBvkQpcMdJKfY1ejJZXtW/a+aH+opuINVWWLMYvuLZW6+Q86WNzHn5Py6veH0JTSw9NGKLvE+7vy4Z0ZqhDIAv/jmh8L7kHSnb2G3SHhJXnopAc0w/EQdCODSJPVUvr1nsraZ5B0P26MOdi9NaQEArTIRgVqXZw==
+xn--mgbayh7gpa.		172800	IN	NS	jo.cctld.authdns.ripe.net.
+xn--mgbayh7gpa.		172800	IN	NS	rip.psg.com.
+xn--mgbayh7gpa.		172800	IN	NS	amra.nic.gov.jo.
+xn--mgbayh7gpa.		172800	IN	NS	petra.nic.gov.jo.
+xn--mgbayh7gpa.		172800	IN	NS	jordan1st.nic.gov.jo.
+xn--mgbayh7gpa.		86400	IN	NSEC	xn--mgbbh1a. NS RRSIG NSEC
+xn--mgbayh7gpa.		86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . a2AcrJ41hMkzD84Uo33X1/QVE5noYM1+xBM7arWaeVUSJJyIZnDIryheXaSDVPZNrNqU+ZBze5bKO+Pm58GCnxfjtuncwmHqnod5DEURN8hz++VWjLLTpAVcz7SeH5M5LuI5AZbhq+L2ntctQghIfsbe5+2LfbrAn3Fuxq8JGhxaHOyBZHLGJr1LORVGCLx55Aha5fvoN5Hgx5BGh/VH3wqkfp131OgumWrJRuBx7SRv9yOzmxUvUZlwktZ0LICMuauFaY2xsKUv1nXMS4YVDcGmK5VBv2pSi+7I48vw6T4v9XgTb9Wdm1HUQb+4Yg9dGDL00Ibar5uQMIMh/le8bA==
+xn--mgbbh1a.		172800	IN	NS	ns1.registry.in.
+xn--mgbbh1a.		172800	IN	NS	ns2.registry.in.
+xn--mgbbh1a.		172800	IN	NS	ns3.registry.in.
+xn--mgbbh1a.		172800	IN	NS	ns4.registry.in.
+xn--mgbbh1a.		172800	IN	NS	ns5.registry.in.
+xn--mgbbh1a.		172800	IN	NS	ns6.registry.in.
+xn--mgbbh1a.		86400	IN	DS	4312 8 2 87EF57FB953465049FDBF317015EEAB875EBE6F4600494A191AFEC6023BCF46D
+xn--mgbbh1a.		86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . y/iXOBFljOnJngI1RylGX+OXuUPZ8j9V5jCntDO6S/FMwVlC/sz7OI3Vzqht+IDUk0iAdwf2OJ2DN2HnPdrLZRSlg7Bu+aMerT+XKQFFX/ovSOYOf6YaKan45M16jZZSNEoFz/3mhTIPIFdaotkvcm4+Tiw7S+rFH9GBnZzxbFtyjE0IySc22QeCZBeQSYYKJ+LE1wiU2WKeoitlI6gifJG4YM/5e8y9/gAjr9P+YNjten350xSnLPEJLXbzYQ6o5fGksSNlxnP7ycYi7EmAssbnI1TzLqNmKVkL2LcyFIiy3ByqudqG3lV/QLxWbbCADH3I60lKhfvceNBNJefgkQ==
+xn--mgbbh1a.		86400	IN	NSEC	xn--mgbbh1a71e. NS DS RRSIG NSEC
+xn--mgbbh1a.		86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . J4G2wwaWkzZIAuh3z6RXWrJFqnh2Hes5THQMrswxAmlF4IWlJiwuHYrL0Dv8/QvUgvh+RULEyBt5SKaIntZIfXDIxjWcD5yXUrpqg2hkZma+d0nZdmy0SWSpCqzWIk6t1O6E/bu6+3zn0QMP/rD+9OzAkFiLntBvP9GdWZJueBkHR0Z+/AHfNfGyVBMmn+6jy/4N5otGcZe4jxDt2LYm1u9bPeKFIve1k+jbLooKNTLEIxuzwQXGC5kVPWsWSpGzS/iLp0wKWovF++L503rH95CI2PSBXhTayt1LRmwnPeUu1zBq8XYuyyg40Dp95AYIEgfNDyJkt7PPxQXiSfaP4A==
+xn--mgbbh1a71e.		172800	IN	NS	ns1.registry.in.
+xn--mgbbh1a71e.		172800	IN	NS	ns2.registry.in.
+xn--mgbbh1a71e.		172800	IN	NS	ns3.registry.in.
+xn--mgbbh1a71e.		172800	IN	NS	ns4.registry.in.
+xn--mgbbh1a71e.		172800	IN	NS	ns5.registry.in.
+xn--mgbbh1a71e.		172800	IN	NS	ns6.registry.in.
+xn--mgbbh1a71e.		86400	IN	DS	14137 8 2 F965047D705B8CBA0BEE3CD298E612ACAC50A9CAE453C6114387793E8ADFA956
+xn--mgbbh1a71e.		86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . nA1A6VgeyhxO2Lvy7X280l4SvL9qYUy4Ij+PcdpG37jDx7F7GPXy9HpEtMFFc0BB6KjdylIVKt95rrsPdB3+rCybiMbpwubpI4pdZJ+ra/0ZVMVHW+iDc9ycUD7plLcoOoppaeNIGLV2kO0fOEDUGGX73r2uktxjXxirUoIwQVAYoXlXeZMd/z/m9ANN3DQmeZ5ujN8J6ma65h5KV8PkotJ0Cq3zS+qUM8ET+y3kPOKApNL4syv13YKYVYLyKAi9cb+wkM3lATDhvKgO2KWd6nRnZs+5Y2/CVqFq3AM6YPOnD1X06ne6lelb7kANoD0HWPM+PVQlKpUAlbdQh8HE6g==
+xn--mgbbh1a71e.		86400	IN	NSEC	xn--mgbc0a9azcg. NS DS RRSIG NSEC
+xn--mgbbh1a71e.		86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . pTa8/AUXtcnMZJm3hvKedBk7gv42nDHwnsrcg6KOLRWWEGR4lHXm9wK4ulTowL9FuPvXKskDOxCSbHCCnG42PA2gbIZ8skNvIvoA+DgjQmIlHEFpHBxknbPCzfYyogDG1gS05V8CaUhmxJP7j2gkYqkKonNGLBIsUrGvE8qPYdfO86p+hnKlYk+GbQ4gzhZjmIZuEQJGRVg6grEdCEqRr7IzVY4aBoFFYTADQ++4zcH/qe7mG2FpRpl7Bash6XDCmEf/ZzntTyCWbco+NtqtXR+4bkYnKmPFmgui7OL0MWBIWuZkesWbaDqsxtiC4Xhj6HlfU9MZgXjfCfzUEsk3VQ==
+xn--mgbc0a9azcg.	172800	IN	NS	a.tld.ma.
+xn--mgbc0a9azcg.	172800	IN	NS	b.tld.ma.
+xn--mgbc0a9azcg.	172800	IN	NS	c.tld.ma.
+xn--mgbc0a9azcg.	172800	IN	NS	d.tld.ma.
+xn--mgbc0a9azcg.	172800	IN	NS	e.tld.ma.
+xn--mgbc0a9azcg.	172800	IN	NS	f.tld.ma.
+xn--mgbc0a9azcg.	172800	IN	NS	ns-ma.nic.fr.
+xn--mgbc0a9azcg.	86400	IN	NSEC	xn--mgbca7dzdo. NS RRSIG NSEC
+xn--mgbc0a9azcg.	86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . cwKnLyezWUmdDILedV/I+U2pITUITHRwzVHBVTV6pQ3Wo2ELGJbCyMz7jasaptfiROoSAkYxu3L2RSNTnRujdTtepNbZpd34w9AkvePL05GgYFvhDYaTcNOR74ynf9DAOkmLtHbN2gXyqvDs43+tNAaoAiVeezwc+cfJ1ua8XHoY9+3rL5D5Rx8w96MnbC8BMIbHODyEyGxIjQCRyn9ACFmaaMqUraq6PTK4E4TJU4KU5sZdWl8q5AftCN53xt2GSexulnrWpGZwp2BhIjr/PMQOx81Wk7TK67ocHywaYAlcNGAT0sv4HzNNL1mgZ2GgflOObMetjTO0naZlWRPVZQ==
+xn--mgbca7dzdo.		172800	IN	NS	gtld.beta.aridns.net.au.
+xn--mgbca7dzdo.		172800	IN	NS	gtld.alpha.aridns.net.au.
+xn--mgbca7dzdo.		172800	IN	NS	gtld.delta.aridns.net.au.
+xn--mgbca7dzdo.		172800	IN	NS	gtld.gamma.aridns.net.au.
+xn--mgbca7dzdo.		86400	IN	DS	1909 8 1 D5A6F96664AE0D000A01B196C4348E7E231D95F8
+xn--mgbca7dzdo.		86400	IN	DS	1909 8 2 F62B4E977CBA32CEF37856A9F919CE405EB998F04D4ABB309F1F9B86C105CA72
+xn--mgbca7dzdo.		86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . FJB1+ipxdqXwyFDYN98sEiG+YodhsU9PRtMhI9KtA0HYS/oHyGHagC5Z9AJ5QgyWIMZM8uHJYywA+ONSUQ5YvQkLxA1ZMKt7V/89hc3+j7tB7xJW9bVZBsKFYIdovvSNhUlVvNpt7R15WKtXB79PTvZrJDAejjEQDgcPQBo2jhLkrQdoFzgYL16TfuJzIt+NH57nBr72FEbNl9Ek/gdh7eCQCt9S+rjtc/WhxIgeOUQEy/uUkoci0cbl7Tn3yFIsHoxHMlmaVLeyhk2zoFLCe7LFojj/3NI+CIpImqM22ap4f8DnvbJ8jI3cwv6Cuf5Wwl+RsX+5P6CahsMS3dJxNA==
+xn--mgbca7dzdo.		86400	IN	NSEC	xn--mgbcpq6gpa1a. NS DS RRSIG NSEC
+xn--mgbca7dzdo.		86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . qI8mfcgq0yJHkRaNlxL4ssLqUzw3ElVjIFRIaf5OL/c/xkIpaCtS24ZlP5oAuMTGnO5rH0j2S/d0rbIayKxngQbKSWN2P2rHXcUJb8ly2WoA+FUftQNN5X/4A8WiY+vRU6ms7qZJ+HmhVHt+1Ws515xuTNkOHgrRTQCTIy0sAGtXP68LZTab4PyPJfvMq7fiDTyqAg7Z0inLL2I15gMuwcuL4jUcVFOjrrHUIw+QYiKfcKvJnT63fBHdHA/5b6EMEEsqGVmJkwgXd7TzNs5mtouVu7Renr52FePZ+C0TdG4SLZYa0Umebdoxue0z2sIlM3Sx2NgV4caySP4HGVVXfw==
+xn--mgbcpq6gpa1a.	172800	IN	NS	a.nic.xn--mgbcpq6gpa1a.
+xn--mgbcpq6gpa1a.	172800	IN	NS	b.nic.xn--mgbcpq6gpa1a.
+xn--mgbcpq6gpa1a.	172800	IN	NS	c.nic.xn--mgbcpq6gpa1a.
+xn--mgbcpq6gpa1a.	172800	IN	NS	d.nic.xn--mgbcpq6gpa1a.
+xn--mgbcpq6gpa1a.	86400	IN	DS	18592 8 2 0DECD54D82C1C675E321C38A49E3193F83066BD70D1BFB108B62231C75B8B407
+xn--mgbcpq6gpa1a.	86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . svQH/CfaR/kP0XTw8uBsISD2a24DW4Z1vR7Bv+dETqwm41sE6Tai8RbLDr2gfHH7IbYe7fW2ujkRgIZKvpJKD7QlynFx1pTUWBwW/lwgWfdI7iUUxVCEPMYxRBx1bYrZUgyqHx7eTriEz5jdm4AylKZQTllUxJeSEnazTKNs5imDIkXqde0L6JW3gEh48W5Vy4B7ozVwUZJ+katU4kiU8kH6iQOf/cXqTGcUKXDUZGmD7nwkczWTc8khpe71XbMq6+53+7Xox7+F+N5xs+tRr5nrTtw6HtW2058TcJXVGQDow+1K5WCowXE6r5BcSv+JPkrjI6fZKjRBECtYqOPnQQ==
+xn--mgbcpq6gpa1a.	86400	IN	NSEC	xn--mgberp4a5d4ar. NS DS RRSIG NSEC
+xn--mgbcpq6gpa1a.	86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . rMepc1p2vCptZUd1Tcz0BL20TmjpqtD7eVNXkZ5UR29NBUv/aOhVgZidsyytCVhoeW1f8PQuXw2uHBfOWl13T8NE5zktws7hUAeGFlh5KfiGQlHzYwaq+HQvvP2OF9fJO4XfNk5LVowUlJUC8gjP9ZitbuXAiaDIYK5VJ59hU6bdI8K8BZfsfHpjbIUuBch4p+eV+RO5S7YVftCUZnPJmjl3JEDgvtPQ+em6hGC9i10O9fovOnDtzmxyyJlDlor8t8Vz+zGpWcRDNMM9QGtWLs9xxfO9Zj/w2OCuC+ywlmvtN7G2U9fdZNSaIJPAKu4DIrzLiiYOYNuFgpYFEUy70A==
+a.nic.xn--mgbcpq6gpa1a.	172800	IN	A	194.169.218.115
+a.nic.xn--mgbcpq6gpa1a.	172800	IN	AAAA	2001:67c:13cc:0:0:0:1:115
+b.nic.xn--mgbcpq6gpa1a.	172800	IN	A	185.24.64.115
+b.nic.xn--mgbcpq6gpa1a.	172800	IN	AAAA	2a04:2b00:13cc:0:0:0:1:115
+c.nic.xn--mgbcpq6gpa1a.	172800	IN	A	212.18.248.115
+c.nic.xn--mgbcpq6gpa1a.	172800	IN	AAAA	2a04:2b00:13ee:0:0:0:0:115
+d.nic.xn--mgbcpq6gpa1a.	172800	IN	A	212.18.249.115
+d.nic.xn--mgbcpq6gpa1a.	172800	IN	AAAA	2a04:2b00:13ff:0:0:0:0:115
+xn--mgberp4a5d4ar.	172800	IN	NS	c1.dns.sa.
+xn--mgberp4a5d4ar.	172800	IN	NS	c2.dns.sa.
+xn--mgberp4a5d4ar.	172800	IN	NS	i1.dns.sa.
+xn--mgberp4a5d4ar.	172800	IN	NS	m1.dns.sa.
+xn--mgberp4a5d4ar.	172800	IN	NS	m2.dns.sa.
+xn--mgberp4a5d4ar.	172800	IN	NS	n1.dns.sa.
+xn--mgberp4a5d4ar.	172800	IN	NS	p1.dns.sa.
+xn--mgberp4a5d4ar.	172800	IN	NS	s1.dns.sa.
+xn--mgberp4a5d4ar.	172800	IN	NS	s2.dns.sa.
+xn--mgberp4a5d4ar.	172800	IN	NS	sh1.dns.sa.
+xn--mgberp4a5d4ar.	86400	IN	DS	10444 8 2 ADE9D322EACE5B4843BEC6973FCCC5862BF52238076C973ADBD7F166543EB298
+xn--mgberp4a5d4ar.	86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . gUel2Vw99FRnnhqiiy6DXBzh31HafV7nZEuw9a6SiURIs9FD23Gwr/Z6enwFyZFwq2ZkHTSqFps1xmeM76TQ/7V0Sqk5Ksw3GnFsWv5Z1Ph2Xlbi4ASkLi7vnRd3V0eL8/tnAo9eir1rEz8uDXsGeimGEBb4kXV6GX/vFdjUJ/x45Bo14kGI/SNHkBQ/sMNeOOHn4wN/GLmz+leQGZ+Z07O4ykgtqGSxbX8WxIL3mS3L/4RaQdl2X4u3fyXjRj1D+dYH/ihPX1YBCIHBmdwVOsXWUNH7ztdD8I+c+rEqgsefrPO7VG0QCvFiTUMJwhSthQIdFb/6kA6kY3FRjqkGxw==
+xn--mgberp4a5d4ar.	86400	IN	NSEC	xn--mgbgu82a. NS DS RRSIG NSEC
+xn--mgberp4a5d4ar.	86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . OYwDQHY2eybkBT2f/Gs5BuZ5WxYCOyxRtzjJI4i4/Mmhq1+52XSLhZNWIWt2VrxgXdjACBlJZlHEZI+EsirB9aE/H339jONfnOg6pZ18QrpfPyA+bKUuEhgxYRR2KTMPEmw+FxrajuXRxFYDE33bbqydJpILXN5ewXArOlabatzL5nitD9igN+qeBi1e3mEgOMeKO0QJHTHAJ66AdnB3HQt/hVqJ2bz+QHVaVM7B/8ewI3oN7zL5JssF/0CqIzorWealF11ccoKTddVGyGUp7Nw31wBxoFrq1XOGwTFd5064Ydkj2ZJbxnzsX0ueTBd96+UWLcmr+fz7O1c22c4HGQ==
+xn--mgbgu82a.		172800	IN	NS	ns1.registry.in.
+xn--mgbgu82a.		172800	IN	NS	ns2.registry.in.
+xn--mgbgu82a.		172800	IN	NS	ns3.registry.in.
+xn--mgbgu82a.		172800	IN	NS	ns4.registry.in.
+xn--mgbgu82a.		172800	IN	NS	ns5.registry.in.
+xn--mgbgu82a.		172800	IN	NS	ns6.registry.in.
+xn--mgbgu82a.		86400	IN	DS	43765 8 2 1649858540F42632F63A6E55EF3E982A5ABD98A4613DDF3BFBBDBB572F0774D7
+xn--mgbgu82a.		86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . oQkBDaFGPEFM6nngzMhY0bd2HgONaglzei8U3U3ziPbn3YO1YYRDwUyZHLBlJ7ztN+PE++AEyTGObSmlD4rX4gLNfC+xqmxPqJdOv13jwc6BKfSlt20fxofFrkO9OvOXyclNSTYX2Pgp79UHRy0SBLRQOJN9K3FubTFHBTV1VO8HjzEm/00vELkbtPu8FZEjUfwMySN1zc3asNacR8/JtlrS2WqrTNX/KVTdo4ruJDwUDYoOv0rFSEejYDXhpRRw3Esq1vRI6aZ8fSE2ctyfHAYzIihCx+TRreUBZtxon/iXtP6ebddqzc6bPFlLaRt8l/nYG8JCjDBdtfvMZW9M2w==
+xn--mgbgu82a.		86400	IN	NSEC	xn--mgbi4ecexp. NS DS RRSIG NSEC
+xn--mgbgu82a.		86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . N/5qONy7d05dGgLuS4zj+oj/DH43eKDPxhQbeK6OqTj9j6InenMI72G7fNEJmKLDZWhaZRd4CNC5gqECT2NtcajyGXApE2/zYrQ7mLtuskmHE+GLsAE/CnmiWjtdJdIAIvqo9FnCsg7s/lgcxuaTjp7M628jpyVq8gT+wviz+KkoVhLVHAqhm5WS69qeRBLZHqaXKdg0Eztli4Z9bb90Ehit9tWvanPeU7yEPX22PTGlap/NJbmS2IIrDSeZnFQOBszVeaQoSMs1jYQNWchxSXL7MD8BW1Nq4X7EzfAM2YHTDtxjgAYAnARN6F6YK1t98srUsn+sry5Kf5VvDLiQew==
+xn--mgbi4ecexp.		172800	IN	NS	a.nic.xn--mgbi4ecexp.
+xn--mgbi4ecexp.		172800	IN	NS	b.nic.xn--mgbi4ecexp.
+xn--mgbi4ecexp.		172800	IN	NS	c.nic.xn--mgbi4ecexp.
+xn--mgbi4ecexp.		172800	IN	NS	x.nic.xn--mgbi4ecexp.
+xn--mgbi4ecexp.		172800	IN	NS	y.nic.xn--mgbi4ecexp.
+xn--mgbi4ecexp.		172800	IN	NS	z.nic.xn--mgbi4ecexp.
+xn--mgbi4ecexp.		86400	IN	DS	5914 8 2 308B25083F486A76906992484720BD2F9F944FCB49111512EA95957417F3C03D
+xn--mgbi4ecexp.		86400	IN	DS	34576 8 2 3D199736303984637FB5A1AF60F2E5CF6D276F89D464039DBA62C60F363F68C8
+xn--mgbi4ecexp.		86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . Db8DGgh7ycCFxx5k+UP4s/qa/dTRrFUkNppy3OUeV2MQG8UQRwwVvdjmvCR14nJHtOji9deGnOfPsOjmMpfAghjc8v1p66sb6neG8zeM/hbHLP4Ab6Bk2v49MZNp6jvvOQSZe1iSZZ+qgh25rEjNB7SdLv3dk8PCdNxeBybEAJ5OnfdS3zdsGCbqzCLCuZWsCiQmZy8ZXpv1lmJiRS4SJkqIM3zap04BuZKnFj5AgQo3oIHnHFi9ZFTj7/Tnn7RHR3FYNR5f4yHK6pVfat0Gl1w4ovRG1u13F5zz9eAa0OebD/cJUzHsx3DWehJTCkQ/GG82ruKuUs5e+dvO8/X/5g==
+xn--mgbi4ecexp.		86400	IN	NSEC	xn--mgbpl2fh. NS DS RRSIG NSEC
+xn--mgbi4ecexp.		86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . PvHI6FCQEUkHpTLj61xC1uvaLfWSjhzOMk63QCcCfjlkFGS523QYGBEIP71n1j5fF4yq4cnXbeA1UpC9w/QXeP4v8T9wng45smyUXVe68sVt+l2GYVlin6hlA8PHaOQ0a5fOO+AnqHtXtwNkJ2b5vwJTmkWqLQS1FXhjLa5CSf09Vd663YcBG911rQxWVxqiJuNsxgXhPlLZ2geErQJN2HNi447cGNOcvia8f3kbEjXv2iC/gTZVH2AW0Dj2PdJTgIIk9xB27hDQn2YHSGStCoM7FXN9eNNkwQxVUqhmt0E9dD0+fztiGLhN1NU7QXydqypditd+rSZnsOxRX3zwkg==
+a.nic.xn--mgbi4ecexp.	172800	IN	A	37.209.192.9
+a.nic.xn--mgbi4ecexp.	172800	IN	AAAA	2001:dcd:1:0:0:0:0:9
+b.nic.xn--mgbi4ecexp.	172800	IN	A	37.209.194.9
+b.nic.xn--mgbi4ecexp.	172800	IN	AAAA	2001:dcd:2:0:0:0:0:9
+c.nic.xn--mgbi4ecexp.	172800	IN	A	37.209.196.9
+c.nic.xn--mgbi4ecexp.	172800	IN	AAAA	2001:dcd:3:0:0:0:0:9
+x.nic.xn--mgbi4ecexp.	172800	IN	A	156.154.172.82
+x.nic.xn--mgbi4ecexp.	172800	IN	AAAA	2610:a1:1074:0:0:0:1:82
+y.nic.xn--mgbi4ecexp.	172800	IN	A	156.154.173.82
+y.nic.xn--mgbi4ecexp.	172800	IN	AAAA	2610:a1:1075:0:0:0:1:82
+z.nic.xn--mgbi4ecexp.	172800	IN	A	156.154.174.82
+z.nic.xn--mgbi4ecexp.	172800	IN	AAAA	2610:a1:1076:0:0:0:1:82
+xn--mgbpl2fh.		172800	IN	NS	pch.sis.sd.
+xn--mgbpl2fh.		172800	IN	NS	ans1.sis.sd.
+xn--mgbpl2fh.		86400	IN	NSEC	xn--mgbt3dhd. NS RRSIG NSEC
+xn--mgbpl2fh.		86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . fj5p+KTO7/JnV0vbStciX0wax6EkoWQStJTyCJuwxRGXpzPVqzVB9JyZ9DBoAX4CyXG2TiQzwKrFc39Xu/bYqiEAaeX0Y3E3fd8bvxaqMa6C7X7aaHdTTkajYesddcqopL/soboMUO8xhy3nBrFyyNP3AQow2dmMexPR/vuPralF6627UvrZ5YpE5HYGk6t5UG8PpTOLp6UBsCq2cbWf2xAFPhWOeihbB53xny1QPRoh01tgHixqej3jd8BWRWr2ADpzn2JIaXdd/6puiD3y6xT3gGMkBywsWBCGGDLzNiN+8tJcEakeIn+lpP7Cb9leClKlOM1CNcbzSJi3LhYqIw==
+xn--mgbt3dhd.		172800	IN	NS	a.ns.nic.xn--mgbt3dhd.
+xn--mgbt3dhd.		172800	IN	NS	b.ns.nic.xn--mgbt3dhd.
+xn--mgbt3dhd.		172800	IN	NS	ns1.anycastdns.cz.
+xn--mgbt3dhd.		172800	IN	NS	ns2.anycastdns.cz.
+xn--mgbt3dhd.		86400	IN	DS	11567 8 2 7C846E4D86211C362CECBCC868123AEE04F14232306937417F4E8B15148D0C43
+xn--mgbt3dhd.		86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . lqHo/PhjDUAq4/5XQrnM/WzKJtHUVoYSNzqqR9VsGOZMd6+NSjtNMZZzvC3PhXjEreYpUOJ/VnS3eajzccUXKjtE+3rXR7PseCsJ2weUy6N4nZIdPJkr5verPy4RG5ezIVqMSgVughVXyeUsAjLgcOy+RSAWSqMNI6ViaD7ZWcRpnuoURI0sLlI04dzpAcKaAsIyeJUAYt+DtKRPC8Y8LaZiVklu9BQVufHAULZnd9Y1XqCwjPo72Llaa4zDMLUtIxh5+lmG+QszFEdVrkHrc66ImnmZjx3wa/gY0NE1CdAW/8TwwVdqOnrutC3T7N7MQsn42YyRfhbl3PsRvyli8g==
+xn--mgbt3dhd.		86400	IN	NSEC	xn--mgbtx2b. NS DS RRSIG NSEC
+xn--mgbt3dhd.		86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . yF5btIupLpVR+2wVjemr6rnSvMJPPimSzASAWW51VlCYyCYvbf4PKqRQweetwnqilNfBMd3gWWquvJ9BD0LgDKzOfVNiq3/iqnzuZKfaB5WfKAzz8eS2RaDhaBGmTG2NnC+MR2fUJ3aYrxQaZN6ZNKjwbmoB8hX4Aq9yHctXfJrESWTKsugWhhpuBwdIRsmNLmGmhSa3NcUlBkaXDRz3zwdP6nWEqJsosqRGERnGfP5Alo/wmimmVvXCVzHjYYvxt24iOtTZYyMbVuUmerYwQrZzYzvbT/eQuoP9efkWvN54UfS///XJB8mCBPSE98ARAjF2601Pnzb/LdHx4wUbVg==
+a.ns.nic.xn--mgbt3dhd.	172800	IN	A	72.0.49.9
+a.ns.nic.xn--mgbt3dhd.	172800	IN	AAAA	2620:171:a01:ad:0:0:0:9
+b.ns.nic.xn--mgbt3dhd.	172800	IN	A	72.42.113.9
+b.ns.nic.xn--mgbt3dhd.	172800	IN	AAAA	2620:171:d01:dc:0:0:0:9
+xn--mgbtx2b.		172800	IN	NS	ns1.cmc.iq.
+xn--mgbtx2b.		172800	IN	NS	dyn1.cmc.iq.
+xn--mgbtx2b.		172800	IN	NS	dyn2.cmc.iq.
+xn--mgbtx2b.		172800	IN	NS	nsp-anycast.cmc.iq.
+xn--mgbtx2b.		86400	IN	NSEC	xn--mgbx4cd0ab. NS RRSIG NSEC
+xn--mgbtx2b.		86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . zzirwiFKpZdJwyPfPXekiYDOWc1yxvftB02fdj2DiQaNNfGN1Xtzd5zX3HmjUCoLr2YEBKEYEGPsbehjdwr5Ap7ibaz7OeKMV5WDRf6mSsaCU2+ujoqUV4k0Vydher0WhAz+neM730ddDPngdbtU1+JpkDjB2qGo0dK1kgOLWGX6Dd0AJAbFs+keb4dbCmAXCvE4BRbnCtJyP4sv6eAZmy8wr6c11Z6ogKQbaruti9H1laPR6SItYMXqF4dD0qgRkVXofAlqnAvMmnpfmoYfu4twGYrzZRdeHRQOCzeOrJ6AvICbkwTGbDlwGFMLxLoddRbKhDr00PYtRWt+r0fyQQ==
+xn--mgbx4cd0ab.		172800	IN	NS	a.nic.my.
+xn--mgbx4cd0ab.		172800	IN	NS	a.mynic.centralnic-dns.com.
+xn--mgbx4cd0ab.		172800	IN	NS	b.mynic.centralnic-dns.com.
+xn--mgbx4cd0ab.		172800	IN	NS	c.mynic.centralnic-dns.com.
+xn--mgbx4cd0ab.		172800	IN	NS	d.mynic.centralnic-dns.com.
+xn--mgbx4cd0ab.		172800	IN	NS	a1.nic.my.
+xn--mgbx4cd0ab.		86400	IN	DS	1998 8 2 DE4C45D877C64E9C3EBCBC79BADBC104D7C5292D72BC6CA47090B31BE24212E0
+xn--mgbx4cd0ab.		86400	IN	DS	15654 8 2 E7E6D7D1BBA6E0443EBE51946759FDCB9E370BA14F95B61091B9B989B1A90340
+xn--mgbx4cd0ab.		86400	IN	DS	37866 8 2 9818EC191CFCE9EF77E5E458BCF471D5AFCFA30D40F9A62BDD69A1863187247C
+xn--mgbx4cd0ab.		86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . FA+71vifICM7/Da2WfJonZGMnZe0vwQHsc5tFgeZ5Qitpwqd1qcVjz9g3EY3undQWkd96MiIhhKCMJBuZ4FEV+nw5gHIhqiWGl72QGWEiXrSpGY9Tysog4xPnTZlDp/gBSgUb80dUcT+eRObTGXVz8105q5ABbnAb3gCleEWtZMAGGQ9abo/Iye1CM2bk2yNc0UMKor4ynZAHqXwyNmcUMmIy7PKdKugvRMGKw7752g8Hh2iR33dB/zDREolokUcADduLQxEEismXIosFVt3XSX3ibeOQPcbzZjEFV0vSvr3ch8XIlrWGF/8nFIzEB374OGwf5F5Dc/4LBAEhWU8IA==
+xn--mgbx4cd0ab.		86400	IN	NSEC	xn--mix891f. NS DS RRSIG NSEC
+xn--mgbx4cd0ab.		86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . 1NhZu4bIyRPiz8HDa7fFG+08bmdiF+2lbeuMSfXVlU7H61dW13uj1DuaQnakyRCG65o1vW2x5OXS6KuF5jzsTo8SEoWX4jsMxUfVjjIs0u50nl15TA96XvNgbpwu+AHyX3GGBb27+HqGypYAqDTbr7nRPDkGOp0AEHnEYclulyAMbONiiTY+mXtI5/cau69TMvYlxEDAjBB0ciV1tqwMjCRmUyPuS8yMefNEG0ToR/1oNc+PnYEzIUdOlYz+7hUiLcLAp+VPdjvqkGXpe6Vpc+8Hl2neOekOr/PhQjBB/HumvGjKtF8LMM/03hI6a2cUjhjYPQ0Nqd60SPIp1/R3ww==
+xn--mix891f.		172800	IN	NS	a.monic.mo.
+xn--mix891f.		172800	IN	NS	b.monic.mo.
+xn--mix891f.		172800	IN	NS	c.monic.mo.
+xn--mix891f.		172800	IN	NS	d.monic.mo.
+xn--mix891f.		172800	IN	NS	e.monic.mo.
+xn--mix891f.		172800	IN	NS	ns2.cuhk.edu.hk.
+xn--mix891f.		172800	IN	NS	ns17.cdns.net.
+xn--mix891f.		86400	IN	NSEC	xn--mk1bu44c. NS RRSIG NSEC
+xn--mix891f.		86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . ao53NMh/kgH2vgL2/qoYSO/+0CB0K7zOIKCeOMdTApE0oxnnfIi8yYdNfOq5pSeCLGISfbnhmznz0LnKEBbqJNjKPD+olhAC+idYf5pZOKnr2VQhfLmH5pC6Z0rYk6nlIDKDkbcvArXrLyr0z1BssPYTX/0noCIcLt7uszxG8t1JfmkPl1FdDfCJjphcJkGFvC+dU4i9gUN1H/29+qWJw7fAtBbHxTW9Toto1DivWfz2xbvCD3sXqs0orhvorRFQW3zZUFKRUgpUttLaYn5WZCpGJ7Rf22WOAxx1rR35x20OUsyfBYP0LdQNZhlmfj4XUl4l8WWXk1Jz39rgkv26sA==
+xn--mk1bu44c.		172800	IN	NS	ac1.nstld.com.
+xn--mk1bu44c.		172800	IN	NS	ac2.nstld.com.
+xn--mk1bu44c.		172800	IN	NS	ac3.nstld.com.
+xn--mk1bu44c.		172800	IN	NS	ac4.nstld.com.
+xn--mk1bu44c.		86400	IN	DS	33804 8 2 1A04E458D4F1C4054140270E1806289F0093AAC5F3F20B1954526075988F91E7
+xn--mk1bu44c.		86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . Qb3fXupuWNlsujr3fot8pUhG5hH2xhMfkchoP1kfcgm25GRcewghZrGmnQveyKqa9cPzeQ+bgdPCCBXGQj4f4FLKzYXhzYPFIKD4Q6N8mCWASOLPTQT+IzMZCJ7U4pdfpUF0uEJSdYvxPHw+88wD+SluKnJX8CcmjMkPRteOmoUf7ZVeQbIb4CWBiOeXFkBmDuB5q0mImD53UPeD3dbPwQ07a8bYV+pWCXyRRPGJAlvBqLgbAB9GvoZtplgy5EdPLXrE16U6GOI+ZNr7JlkQtOCS1GpX8JvaeeAQ1nQTigxQ3HJZRa3GQdEW3kGFqtTHTZhg4ocTm8FMznwI0+t7rw==
+xn--mk1bu44c.		86400	IN	NSEC	xn--mxtq1m. NS DS RRSIG NSEC
+xn--mk1bu44c.		86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . P6bl2WW/vz1uobDcTs4A74IAVYoRe1hqC6Xk2rT22JSIg8XpEnSzHhDR5Q/bC9XhS4cNS5gtcO0HZ3EhXj4zdeu9YUKgd53Sfmi/8DaCqGFg5t0q+zOjVjel1Vun+UAxxC1mzeIOgZzSPmwYggoFwl3Tme+5vBm97qUp8Vx+IDEYsnKTqOVJoSjOoWqd7MiTXQviyZ1xqsYaPsP//x/+04gOwNVxgWz57XBQiomACh7gXGM8entatV/5DE7nlHrxz8Nf0T0gdsg0K/nkP2xb2f39ZskoIDXs/Hzd5Qkrc1SDECwdl54eK22u0Ywx+CrPE/5YX9ovauPSQm2FP2DlJQ==
+xn--mxtq1m.		172800	IN	NS	a.nic.xn--mxtq1m.
+xn--mxtq1m.		172800	IN	NS	b.nic.xn--mxtq1m.
+xn--mxtq1m.		172800	IN	NS	c.nic.xn--mxtq1m.
+xn--mxtq1m.		172800	IN	NS	d.nic.xn--mxtq1m.
+xn--mxtq1m.		86400	IN	DS	65200 8 2 24F4E4C9AF4E4B45EC7EBEEB231C572496F89D13CF403DF4FDCFFC326333CA73
+xn--mxtq1m.		86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . pQ9BeijK4m4mvmvYg2LCfuCVsAsUO39e3aNZOf80PILZDcqml01+mEAl2iJsFfueTxI8qs4FsSEepPboXBweLvdoW9fdKNmOKl/8JTJGGlZ0d7MqXTUa1jEZUtx0zr7J+tY+RCQBiR7Cp8kXfpqjmhH5nvgt1JM+NBdf8ZbUSyiIOdkAXEYaLlofGJyPNjwoaDYMtL+ri7QtxigKdj9PiG8JkrUCylk5Y4Ul/VMC6Qq+nz04DCAkJN4bj9F7Mwuj0yFEIhmE4MsOYQbzwATyKS0+7acAITN5Byb5qCBHqOA5p/suEKI/kH0Z5P1d/rDGmIJu80/XKfuqqKQQk6eoVw==
+xn--mxtq1m.		86400	IN	NSEC	xn--ngbc5azd. NS DS RRSIG NSEC
+xn--mxtq1m.		86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . mOAtC0NdGs/7Nk0RC2/xj1xscVL8AxejJEj/19q9axjNgl7xU2c152Us1PKDxxga65v4zuQWiHUWtMSwuR+A3AzDlXavAIp1RtRaKObKE86doybp1PkbMYy+WVQfKZX3zsnBUIhBlbhnqO9HjQ5lMz9ksxu+YCfTi20JSjj0h15Rek20fJjbH6XzHLk/ukuCKCgflQ8kUqqJ8ieYljJo5hPlD/rC7n1/5EAaG1mwv+FLBINlKBmZAwzLwWEUM9XA06QnJJI/7W5hTUHzvdHpjbIcz7kS5xE6OCBQG02e6AXvMBj7LKp0U/46CFpblYrB+MfIsWlP5wkiy6FrcGuP8g==
+a.nic.xn--mxtq1m.	172800	IN	A	202.169.175.130
+a.nic.xn--mxtq1m.	172800	IN	AAAA	2001:c08:175:128:0:0:175:128
+b.nic.xn--mxtq1m.	172800	IN	A	203.73.24.25
+b.nic.xn--mxtq1m.	172800	IN	AAAA	2001:cd8:800:0:0:0:0:25
+c.nic.xn--mxtq1m.	172800	IN	A	211.20.231.7
+c.nic.xn--mxtq1m.	172800	IN	AAAA	2001:b000:1e0:c000:0:0:0:7
+d.nic.xn--mxtq1m.	172800	IN	A	60.199.165.185
+d.nic.xn--mxtq1m.	172800	IN	AAAA	2001:4541:9010:7:0:0:0:185
+xn--ngbc5azd.		172800	IN	NS	a.nic.xn--ngbc5azd.
+xn--ngbc5azd.		172800	IN	NS	b.nic.xn--ngbc5azd.
+xn--ngbc5azd.		172800	IN	NS	c.nic.xn--ngbc5azd.
+xn--ngbc5azd.		172800	IN	NS	x.nic.xn--ngbc5azd.
+xn--ngbc5azd.		172800	IN	NS	y.nic.xn--ngbc5azd.
+xn--ngbc5azd.		172800	IN	NS	z.nic.xn--ngbc5azd.
+xn--ngbc5azd.		86400	IN	DS	862 8 2 662B4AB8C83D78983F29DA731E7B495A7B249F8C714268631E21CD1E88370087
+xn--ngbc5azd.		86400	IN	DS	57991 8 2 2CD63A89A2BD11A0D1F2A5AEAF04D5B07FB24F6CE9227FB2B5FC4C9D39C0AE20
+xn--ngbc5azd.		86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . hN8A2aSDQNiwPSG75YIVYZKaLGtdxzwey+AvJNvVgMcbCW8dOVzB7qR4IAup+rIc8z2LPIgnj7Cp1V+LAbUW8FK2SQ9+qzSvJDhHwOlQgSU23GWL2nCT9Ob49Ick7xi2zDnur+Dc+HiagdN6lslUEeUGsAJws4CcBmQNOVjmouWQ1tYEDH1WTiurFzQPGYnWp+jVb4Nb3DRf0wPM/HACFS6aJeFwiCut2puEP3e+AlTylIjebRdMeeGsoj4sEjth4bDJ5VautDksa31s/Sq4P6mtez8558giL9pe7xY17LxE7cg1KQACjtI6ymW9H+Wl0Zqu0kixv3VW9RhMJNAFsQ==
+xn--ngbc5azd.		86400	IN	NSEC	xn--ngbe9e0a. NS DS RRSIG NSEC
+xn--ngbc5azd.		86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . pJTjqoRuhjb/dp2mgjpMGX+NdSr0ksVYVHJ+EWzIlj4bSsK3NMyiPctrGKsYGAkDwCZ6DNM84zPN3af7kDbcwaM5m5QYSpD+E95NPMd+PFCsZ4582lpsDs/+b/Bp2KvV134PNMLzfrGxSi4/Qf56gN+p8NvdVNNrNOupYQP735L5N1Ku8xQS23GRuLwzzEhyrLOJFkZILKua2GKAeQuTSB2WS1yADoKm1tmnW7ShoDamYek2jAfRAeWgFuHovaDgEFVvW7hBXTtTT6WBKpMBz+nOK3RTj11+0Rkc6CkHf1/OfQupJQ6yIW/ZVIxRVOrAZd+Be9LTsZhyWvPu3zMoJQ==
+a.nic.xn--ngbc5azd.	172800	IN	A	37.209.192.3
+a.nic.xn--ngbc5azd.	172800	IN	AAAA	2001:dcd:1:0:0:0:0:3
+b.nic.xn--ngbc5azd.	172800	IN	A	37.209.194.3
+b.nic.xn--ngbc5azd.	172800	IN	AAAA	2001:dcd:2:0:0:0:0:3
+c.nic.xn--ngbc5azd.	172800	IN	A	37.209.196.3
+c.nic.xn--ngbc5azd.	172800	IN	AAAA	2001:dcd:3:0:0:0:0:3
+x.nic.xn--ngbc5azd.	172800	IN	A	156.154.172.82
+x.nic.xn--ngbc5azd.	172800	IN	AAAA	2610:a1:1074:0:0:0:1:82
+y.nic.xn--ngbc5azd.	172800	IN	A	156.154.173.82
+y.nic.xn--ngbc5azd.	172800	IN	AAAA	2610:a1:1075:0:0:0:1:82
+z.nic.xn--ngbc5azd.	172800	IN	A	156.154.174.82
+z.nic.xn--ngbc5azd.	172800	IN	AAAA	2610:a1:1076:0:0:0:1:82
+xn--ngbe9e0a.		172800	IN	NS	a.nic.xn--ngbe9e0a.
+xn--ngbe9e0a.		172800	IN	NS	b.nic.xn--ngbe9e0a.
+xn--ngbe9e0a.		172800	IN	NS	c.nic.xn--ngbe9e0a.
+xn--ngbe9e0a.		172800	IN	NS	d.nic.xn--ngbe9e0a.
+xn--ngbe9e0a.		86400	IN	DS	10552 8 1 C5F1478252DC3D25E585A8D43AD460C0E8F86863
+xn--ngbe9e0a.		86400	IN	DS	10552 8 2 B4B742442C6B66D321259FCD7608462A75F2A7EA70AF4E42A6CAD0430DD98D51
+xn--ngbe9e0a.		86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . HIRsShFP4zuOKzuTv4JgQ2yCYpvWEbJ7WyM2NhlGc1etcj7uw3LToo2l2T+KiJ9Prsu/riBOl1BQbQ0HQiPxqogd8GwTTu4advUn/eXauDBA+2TmJiMRW9eGqui9MDmw/vM2hlPfEQ+U2rP8QR3pIxHXJudNggaCj6a3RtlhEyjuoJ38PIe1wXZ3l0N7Ehndq0QfzgsX5GVdQqhj22n3UZ9pHxVxFkEJ6uUW1BtEPdHXf52DNmoYGpLMBt5sGellNiFv2zcc6NaJKxspUs51jpobg+oOHihe5zIWS0Kyn/nc6TLgrj0mo0vW0kAgSX9xoXoX4wMxdiHt9z9EAzcDAw==
+xn--ngbe9e0a.		86400	IN	NSEC	xn--ngbrx. NS DS RRSIG NSEC
+xn--ngbe9e0a.		86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . dae6qE/Jh94F5z1xW/1soyEIKgER83G7TfYOeXwnbRHY+cTBly/0gPghcEc3s2zr0q9AamYqyCRRm/ErPh49N5nqQE7tCchgt2sWMzHkQOBK6y/+cwuG1i8HR/9hxAYbb1kA3w2EPuLQ5GhKNAgJ7l6bgQ0JEz01192QpbyivkdVkyQKzvGpu9nnAI99xTfMyM7P3IqqWur6vwLEBeimAIULgLRQ/kI6hmKpvsCY6uBMPYZgy6jO1fuciKCl6IsNv5+xzj+zd3H97zujL3GH5itmIXYEr4zadGSpmsW62/A9Lrg16Tu8bdn9oGQFBAaQYpUvbnI5zM077efmzR3DTw==
+a.nic.xn--ngbe9e0a.	172800	IN	A	194.169.218.22
+a.nic.xn--ngbe9e0a.	172800	IN	AAAA	2001:67c:13cc:0:0:0:1:22
+b.nic.xn--ngbe9e0a.	172800	IN	A	185.24.64.22
+b.nic.xn--ngbe9e0a.	172800	IN	AAAA	2a04:2b00:13cc:0:0:0:1:22
+c.nic.xn--ngbe9e0a.	172800	IN	A	212.18.248.22
+c.nic.xn--ngbe9e0a.	172800	IN	AAAA	2a04:2b00:13ee:0:0:0:0:22
+d.nic.xn--ngbe9e0a.	172800	IN	A	212.18.249.22
+d.nic.xn--ngbe9e0a.	172800	IN	AAAA	2a04:2b00:13ff:0:0:0:0:22
+xn--ngbrx.		172800	IN	NS	gtld.beta.aridns.net.au.
+xn--ngbrx.		172800	IN	NS	gtld.alpha.aridns.net.au.
+xn--ngbrx.		172800	IN	NS	gtld.delta.aridns.net.au.
+xn--ngbrx.		172800	IN	NS	gtld.gamma.aridns.net.au.
+xn--ngbrx.		86400	IN	DS	37096 8 1 71BD52E2A76BEEF79D624F5294C98588F940402C
+xn--ngbrx.		86400	IN	DS	37096 8 2 DD05B598B64707491E63A742D3E61EDBB57091B5B93C8E0D65422595AD255AD4
+xn--ngbrx.		86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . f0ZhRcYJATRksDKg2maIee6decCXOQpUSEmKC2kteBhiIYSGQlJbCS6rcSx1du81w7/tpZumQ1R22V+cZot45yAcywaSKY6GFnj5kqfP+AwD4lT0Io3JI4rB5x/8hZ4KRCJM3+LDdPH8OlwzOnFdhFkJ5l6xvVViAnZdK+habNXcFvyZzo/w1hZgITSwYYLPxZf3HbsXPFXN/WwHtv0mhjo0jMOqFi+5FwrOkEWyRbNXFIZDUrvR+R6z6R4w3kHC756Ph1gUj6bY9HKxkSx/JkMMG0lHYlgrCCq6X03JNlrStsktL3mJeAD0hKKWQ4WlA0pmpCygqBdJLiKU262S9Q==
+xn--ngbrx.		86400	IN	NSEC	xn--node. NS DS RRSIG NSEC
+xn--ngbrx.		86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . d6yU3M96+VIk4rW6+pjdCdRRhCP7XZZUtqKIgz2Ik/fMPMIvJxlnY6EWFzsLFG4ybsnDqHx4nJ7wHOEVP8UEO1dGvhCaWzRWHk4H4+wtrVxET6SANPQe9jglXV1Bb4tg3Fy/m3gAxtc7cnN2A9PF5C1sYxe+LCcClf0rXFGEMtTX85m4tI9bIvv3owre3VqWAKjmhnnrOofDEMeCfa5Pde/t0CWv/Q3JYOW7pk8m4llvu+nxhbmAwmppIvBqq0y6DVo39kz5q/dMbmt78hFFQ8FJmVSTPnlO4OVZF6dyHTy9fMxdrhbFGLqcJIzE+GU+fOUBbMhZ2WopaI133vhEJQ==
+xn--node.		172800	IN	NS	a.xn--node.globalanycastcloud.freenom.net.
+xn--node.		172800	IN	NS	b.xn--node.globalanycastcloud.freenom.net.
+xn--node.		172800	IN	NS	c.xn--node.globalanycastcloud.freenom.net.
+xn--node.		172800	IN	NS	d.xn--node.globalanycastcloud.freenom.net.
+xn--node.		172800	IN	NS	xn--node.ns.anycast.pch.net.
+xn--node.		86400	IN	NSEC	xn--nqv7f. NS RRSIG NSEC
+xn--node.		86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . xfWI4Evs0vdHvtOe+GKw+DFx1tRokJueUegla1shidnzwo5TUPhacJoc1CxBX+Ses3E++2pvKEjXczzjhagJWygzOBpFmlUB0GLiQpxVzU77AhnTb+1/nWf7hswP/9BiCBC88YQfQlkmWV9pBHL76GfhHiL0Qv1SsGfEJBMq9AGBlicVcg0/hZSo9RiIk/tjBphXtDPUKm6+7hZzLMXgsRj67rFfGQiLRxgB/iXUZ5j2/DiOxzQfOJXZ+yMlFv3NgfikWbhKZA3CsVr2lXtWEdEyNIgcApD7gHTZwRgTvhkLicIkSCx7/mBeIHm1PpD/TyT028Mwqv1JffDBFBHMvQ==
+xn--nqv7f.		172800	IN	NS	a0.nic.xn--nqv7f.
+xn--nqv7f.		172800	IN	NS	a2.nic.xn--nqv7f.
+xn--nqv7f.		172800	IN	NS	b0.nic.xn--nqv7f.
+xn--nqv7f.		172800	IN	NS	c0.nic.xn--nqv7f.
+xn--nqv7f.		86400	IN	DS	22459 8 2 435A53C55E065976A2C03F1D8B09241A6EC3EA90D63D6CDAECD0ED93DAF61E99
+xn--nqv7f.		86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . D4ksqviUChxjXuwnHsGH7wytG7YY1wm9T+b44/eJ2YR35+QEEIGzaN3KAp4Vc3NJLBs4Qa+e156CdhYVtUUCxgFpU8eFgEB2IemqigIvr954B3WCO3CZwbcCfI9KFawkyOU4A+hJlP8NRhosVaT4HlPIjwDVbNmO1gzRbxPHcBNUmCh81ZzyrPwglVvgTBzWRlKNtFV2bmazwO2D/X35Z/Hmtww6CmR9kcu5Q9beKdgT4XYbd0MyoDIzwAL4ATpZwdCyh7lpvMJvCFEbqv0atvijdm9BEqKyD2hQ+TW6hV/XSkRDNPNnRSU4cnxTE10GiG8ntr+LDQvpr+5hrGHfvQ==
+xn--nqv7f.		86400	IN	NSEC	xn--nqv7fs00ema. NS DS RRSIG NSEC
+xn--nqv7f.		86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . YmFrmBlROG4eMLud8LvJJJvR7D6RI/7zECO0YGqAIQFSL5JVNtyMc7c/LNKuwqkdCUKf69GwIlgDjhD2HlQVg24yOTWmd6SA56WTssDOvZXz1klAt20xXcSLpi0VAGDW16zHytsh7q7T8uYXjwR7Y5cXi+wuh20dCx8HFztRoIwIsDLcLw0Wr9cZFHAyttUTLei2SeE3OLaJw+ErXIWBy9Lsvqa41Ka/Z0Wd5joMz6be+cyyAolohkgwuWJxX8sKBJ/ySYLdR9X9QNYBAvo322xknJnCdraq36RICrFokiB7fF4Hu7Uifz3XqrhFu81CZAg7imThFC3U2q3kDZav/w==
+a0.nic.xn--nqv7f.	172800	IN	A	65.22.184.17
+a0.nic.xn--nqv7f.	172800	IN	AAAA	2a01:8840:b2:0:0:0:0:17
+a2.nic.xn--nqv7f.	172800	IN	A	65.22.187.17
+a2.nic.xn--nqv7f.	172800	IN	AAAA	2a01:8840:b5:0:0:0:0:17
+b0.nic.xn--nqv7f.	172800	IN	A	65.22.185.17
+b0.nic.xn--nqv7f.	172800	IN	AAAA	2a01:8840:b3:0:0:0:0:17
+c0.nic.xn--nqv7f.	172800	IN	A	65.22.186.17
+c0.nic.xn--nqv7f.	172800	IN	AAAA	2a01:8840:b4:0:0:0:0:17
+xn--nqv7fs00ema.	172800	IN	NS	a0.nic.xn--nqv7fs00ema.
+xn--nqv7fs00ema.	172800	IN	NS	a2.nic.xn--nqv7fs00ema.
+xn--nqv7fs00ema.	172800	IN	NS	b0.nic.xn--nqv7fs00ema.
+xn--nqv7fs00ema.	172800	IN	NS	c0.nic.xn--nqv7fs00ema.
+xn--nqv7fs00ema.	86400	IN	DS	28897 8 2 6429B014E65CE5BD280E303E77C65ED29B9018FD717157B19871CD63994758F2
+xn--nqv7fs00ema.	86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . PDLd4alXZ1/k8fGPd4q8zPva3+V/ka1/C0htrRn4CJ5C/AS3Fo0LNyEqDMD/Kpzc111+ODO8oCbMlrm0nWeZt0ZALrhM1Czj6BHJ2N9e+i1nTr92962kjh6G6NfBKjVKR1ZMFPSFaaWQmKHL5igUdGAkVmKLPo8CNrIxnSCBghhlWr9Ce9JeQdmXiiobw6FVYFR0Vyt9GBaP6wAbDnBA53JvTeV++ys16504aIgS79jHFRCljogjAkgS1oEskjDXO5uSJ5B3YeWVleq5DFSWZnzdgLQoCmnF9T0eZpp3LuhVjoffrgNSxRlTuTsAG+RfuuxwcDpWn8bzMdfsWWQzeg==
+xn--nqv7fs00ema.	86400	IN	NSEC	xn--nyqy26a. NS DS RRSIG NSEC
+xn--nqv7fs00ema.	86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . VE7ADNpkYkvv2YdZzXkJ01AA2DsGw1+gYggrjdAaLRiyNC16JN2fY5Jbq7pcsCZK1ZKtJC0dNKEz9Cc/4BALaDw6WVMIKPm17g50GMj+VfkImNcsK5Ha3qK5D4Z1bwYoknz44mqbLYK4VcWLaGUMYE6yi6xeLK5srgWWjtKljlZhmDRjWIljX5JuPDzuEW1kqK80gQ8WmUPeIaGEYkIIXrRlwzqLvxP9WvsgOK3MwoKeeSgG0qR3FkICBBsmFBjbKJVtIUQU4/Qi9IaanpXEH8YA7UnXKOKXa1h+RCbuggfyYGnXfLwZ8S1Njy71dJQSc1XEHsfFub39kaWl37i7vw==
+a0.nic.xn--nqv7fs00ema.	172800	IN	A	65.22.184.9
+a0.nic.xn--nqv7fs00ema.	172800	IN	AAAA	2a01:8840:b2:0:0:0:0:9
+a2.nic.xn--nqv7fs00ema.	172800	IN	A	65.22.187.9
+a2.nic.xn--nqv7fs00ema.	172800	IN	AAAA	2a01:8840:b5:0:0:0:0:9
+b0.nic.xn--nqv7fs00ema.	172800	IN	A	65.22.185.9
+b0.nic.xn--nqv7fs00ema.	172800	IN	AAAA	2a01:8840:b3:0:0:0:0:9
+c0.nic.xn--nqv7fs00ema.	172800	IN	A	65.22.186.9
+c0.nic.xn--nqv7fs00ema.	172800	IN	AAAA	2a01:8840:b4:0:0:0:0:9
+xn--nyqy26a.		172800	IN	NS	ns1.teleinfo.cn.
+xn--nyqy26a.		172800	IN	NS	ns2.teleinfoo.com.
+xn--nyqy26a.		172800	IN	NS	ns3.teleinfo.cn.
+xn--nyqy26a.		172800	IN	NS	ns4.teleinfoo.com.
+xn--nyqy26a.		86400	IN	DS	27565 8 2 CB10EAD52DC0AB87619F0ADD9400977114E8AE84FBCC3C3A3C84674BD1C3D7A0
+xn--nyqy26a.		86400	IN	DS	38734 8 1 D1A95D7325518AC05264A89C41BCB06FCB34C4F1
+xn--nyqy26a.		86400	IN	DS	38734 8 2 F0E7B5258AD4D9048D0562A0C7D5AE30DFD87967A515AF0A256D3A8BA72ACDE3
+xn--nyqy26a.		86400	IN	DS	61705 8 1 8D4FF5A86429FBDF7BDD44C05391B08A3594C09A
+xn--nyqy26a.		86400	IN	DS	61705 8 2 60A626B01624F7305E1E22C1B04DA36C14BB501A3A6ACB76B40AF73AF445221F
+xn--nyqy26a.		86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . t373QvkJdmJdMf6MBldz2ET90NiyvxuGMpDnU4UFYhZGGBOeHK95F/JXGr/OwJ7L+aPvTyIVZeBqmni5kI/nyy5jHAjht0imC8az8u68CKFbs2Z+C/asprpYN3CKfJvPuUwqxxnvVC8IFdotgUZ/601KFZb2OueMejpEACIc+MGD5TAZoZ6kKtXaIbiynfUSmizur70REiSGSuA3wCn0smZvbCM4f1eu/mtF8BlF5sv7VWnVGsKwk58sExz1PvD0YI6GK2Njt/clg6sLMZ2Y0DRH8jZUlZmfAaF/VKeuykphvAW2Wmtg1RCKcfLu6oZ41m2Mr35VI+5nfPzKLliiOg==
+xn--nyqy26a.		86400	IN	NSEC	xn--o3cw4h. NS DS RRSIG NSEC
+xn--nyqy26a.		86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . H7d5yG+jd5kWdtFA8ozD5oljNjPuvZpCZ0erQ9nirbD/0AcLDXbHr+9KpaCGcbTWZpUzMdQ6VOlpd4nIdfqEBGJQHuwpfSNFB5xLhUmzM5L7joHgho63oeUaRrKwsF4mNvNELuvtCsdxkwucwnnlAG/pXrmhc+ztQBoFwJkigAPKSD+HgI3yCdoNZt+e1WpftVgu3knfjZjU8pXUgwF4o+6oXCtwFPxW6QMser3oGPq1QkLlq0g8fiSjkWX4FC0gBETKMdpgoraKe9U1PveNIP/k+1PwqgulGNBr+AdM6EyNfWyo0TGTwKknDZrfZBkP+JpCX008zTCdg5BC0xdfog==
+xn--o3cw4h.		172800	IN	NS	a.thains.co.th.
+xn--o3cw4h.		172800	IN	NS	b.thains.co.th.
+xn--o3cw4h.		172800	IN	NS	p.thains.co.th.
+xn--o3cw4h.		172800	IN	NS	ns.thnic.net.
+xn--o3cw4h.		86400	IN	DS	27061 8 2 53856679AC45EA6562EF4ECD2DE7AEA57D786870979F09C4BC1D5244C2E2A9C9
+xn--o3cw4h.		86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . C8k6itrbwqMJNuQv4eu0KhD4q1moHNPc2YuRc1OkfY+pIXpTICFGzbpXPMPhMEmI7VOsY5uZiCfwRaa1gJKQfMFT6gSnFt+86yyJPnfyFnvIu+cXVDGrB6zYbg3q7AAVkRlzAFhfPDpMotUTaY4nxOeMdzQEW5Cs3ZnwtYCmWQvEDwHdNB61CT00zYouWGQAz0F04lsZeB9ix+RImjxGC5KKZS7y2ww4+KOE9TfLSfBnc934LLeusx/3Sc3suot3Rm8MufoERHk8Y7usU6WuK2RAS7A5r4mCOYXs0ibVLXeoaxTzPpj04I3A/eA2MkuiRVXrHqn/mtj2SK0eSNI7Wg==
+xn--o3cw4h.		86400	IN	NSEC	xn--ogbpf8fl. NS DS RRSIG NSEC
+xn--o3cw4h.		86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . ylAqPA9ZaxY+5yC/uS0/VszULJZByryOznlXAACmlFKayN3OKfyAOQGCkwaQHvVCu7e2YoxdpuCR/zmugUZsbpKIsStflblqRyNRW7THNgB7g0+4ojPJMraNVwgBMojfMRlWy+N2C9o4BDm8Ac9XDnEoy/U+dCZeW8HQkOsLn1p9OqvPXs0tjPth9iZxC7pZBoPdxWPbC547LWE20TrCqKLR2dYiZftjFVIMjCiJyeSwxD8yl+FGX8lo4yZc/pOobDwYN0a1q3+LavOFZgWtoTqpgKNY63kh1g1mI5oCauie5PaN3kYdztWywYfsgxTVNN+nWeDM7yQq5lklJ7fnAQ==
+xn--ogbpf8fl.		172800	IN	NS	sy.cctld.authdns.ripe.net.
+xn--ogbpf8fl.		172800	IN	NS	ns1.tld.sy.
+xn--ogbpf8fl.		172800	IN	NS	pch.anycast.tld.sy.
+xn--ogbpf8fl.		86400	IN	NSEC	xn--otu796d. NS RRSIG NSEC
+xn--ogbpf8fl.		86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . hMVi5AXP7z+7H3mqcUZrkheuoR46xPF1t4itfAsX1AxORVWRzBB04cuC1W3Cq7FT5BI6VH7V7/NV08Uo/qvawFWp2Qc/9uOoXH2dQklFyUZxeFLJsgbYX9oe6Ji0nCDPv8jsuDfUN1O6pBeDCy1msRYbK0zi3LJbGato7qFRH0OYsJPV5hyqgTK4cUiQQhB+PhoUhOllGAJAjrbqyCYsxTvUk98gAV/BeKD1UcNz/ylD8VI2QV0iSmzM7TQ3ArNWUcd6dh6+SCJnfOVTTf9xCL96a6j048tHzncsvoiFWAM7L2DcHfZdAKYHTgLCNLbWFGmWsIvGMgzD9gc2bVH54w==
+xn--otu796d.		172800	IN	NS	a.zdnscloud.com.
+xn--otu796d.		172800	IN	NS	b.zdnscloud.com.
+xn--otu796d.		172800	IN	NS	c.zdnscloud.com.
+xn--otu796d.		172800	IN	NS	d.zdnscloud.com.
+xn--otu796d.		172800	IN	NS	f.zdnscloud.com.
+xn--otu796d.		172800	IN	NS	g.zdnscloud.com.
+xn--otu796d.		172800	IN	NS	i.zdnscloud.com.
+xn--otu796d.		172800	IN	NS	j.zdnscloud.com.
+xn--otu796d.		86400	IN	DS	61882 8 2 EF3F494C35F4C2C571A0E5644F6E2760818F2EB7B08E1B05B522D995022B6786
+xn--otu796d.		86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . DTiRrjFIpw/Bqc+7owikGf/2JtEXuvFiWsVUsIBzkv3IicVZLm8zE43RUlCi+dY2xBe2bkTy6g+rpck8w4T3A5GD7jnTq+BhJ7sQVb3LlaAeSjrSnWc+yk+SBO2/wv+RpPhfbfOu5eQzRDcrXMa1atR4lo6qIEXlrg1jr9nAdbjmYRXS+7tB4JSsvIDLpUaUI7nGJH72/Yi+nmy+HiSEhdD5iojYog6xxnXG5ctTi4nW74bO1j2jfL1LrT/0+BjLB7bv7olTfe/xr0PWzPG0h9lzr37OOZra4vkbkqA0OeNaeV1m0a0bvfhfUMdvQzDhfqNJQL4e4G1P8qK8luHUhg==
+xn--otu796d.		86400	IN	NSEC	xn--p1acf. NS DS RRSIG NSEC
+xn--otu796d.		86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . d1kqmU3M/BMYsw4glf052BlqAPI+UmUHb76IEB9q0ZQrtgHKNJlQWZgHmH03OU9FCaZXmUHmDqIcoLgoqqM4FuFp9GtMCZKzl2+Xx57FaskMkDitQfmrk67XWP4U5XTGSZGUgmPa9DwB17yZIccI0ic3LEQWka3JKlmjcHgS3Yv0SLIGv5kX0Ars1bEnlPLKbkBRo5YB7DSi9V9OxXIOddXkhCBS6VJdrc0+S2T4Kg96DUs+GFkq7ZQaMPUudBlwOnBL0yDvX4B/ck6H5W2IesGvozdYxniDWoJ0R+CJlFI8ZNwrKXj7fmZB94BbwPI6oNZ+oBGdUoGzM68YlrOrBw==
+xn--p1acf.		172800	IN	NS	ns1.nic.xn--p1acf.
+xn--p1acf.		172800	IN	NS	ns1.anycastdns.cz.
+xn--p1acf.		172800	IN	NS	ns2.nic.xn--p1acf.
+xn--p1acf.		172800	IN	NS	ns2.anycastdns.cz.
+xn--p1acf.		86400	IN	DS	11446 8 2 C39B9FB91B155CA7FF3F84BC7F7B7713E8D3B40AE9B7B0D9C3DE0FDC36FA325C
+xn--p1acf.		86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . bNK7Q3nwBGyyEtyvlZ6zmL5fB5jT/8La9KHFbCSHplLnYasnhSPxD+rOI0vJpw4BgyMyWayKCHxPCdKyXEsVRO59KWDnN8p1mAenguYbN5VqInfAfWMWrJlCaevvxe6JdcW7NixcUlET5Sx6KWBVvqspydll0+5WjQkyl8tfoxhKH71OJCXR2h6KTn83tvDlkx4lBcLUYrI+v3op7FgabzUY+KeikySK3O8aNThn8g2OxmITEcxCNhuXeXzn9k1tj1XT01fVW0UadAixPXyh3S6E3GvV55yJwgFxwgXhi8i49NcSrpulq0eQGnNln+un65KsousRvxrGc8br3hzRNQ==
+xn--p1acf.		86400	IN	NSEC	xn--p1ai. NS DS RRSIG NSEC
+xn--p1acf.		86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . zMzOdUVlV3EULNWO4zI5gvSTx7KoquTpGa69Ohz4tnNgaN5cY+QCGFbNIHAG3T5JXJPyFDoNY3z/+TBXkGyirFY1Amndgy7oIzi0cdBjqfnBNJkQCQ6rHL9f+S72UCIfxHEtTp27XP/K874Fa1pFk/QVz8+r+UbN49GRZtq1nrhoxapo9d8080zAKrQLf+D0PTz1xxLyD9h+4xqbr7OXydmswAxSQrm/Y+uRnvJaHBsh2R3I2jDhNdgK7lJLatX5khc1Tyv+hp+9cZ7Of8nbwd4TJzbP56DRRiCVf519fOZJ8lcUpZCYWW58Vp7h53/EApCiWGYvWYgx/Ehysrju6Q==
+ns1.nic.xn--p1acf.	172800	IN	A	72.42.113.2
+ns1.nic.xn--p1acf.	172800	IN	AAAA	2620:171:d01:dc:0:0:0:2
+ns2.nic.xn--p1acf.	172800	IN	A	72.0.49.2
+ns2.nic.xn--p1acf.	172800	IN	AAAA	2620:171:a01:ad:0:0:0:2
+xn--p1ai.		172800	IN	NS	a.dns.ripn.net.
+xn--p1ai.		172800	IN	NS	b.dns.ripn.net.
+xn--p1ai.		172800	IN	NS	d.dns.ripn.net.
+xn--p1ai.		172800	IN	NS	e.dns.ripn.net.
+xn--p1ai.		172800	IN	NS	f.dns.ripn.net.
+xn--p1ai.		86400	IN	DS	7900 8 2 383545B7CC236FF2FF20FB9A035A650EF9F2EC31C8E8BB765292AD5F62A27FF1
+xn--p1ai.		86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . F/5Qoq+hkH0y7a8v1Tp58kEuhsp1iQo99ju5tcERpHITRggrY8rT6SL6jLkEoQ1kKqsAbfKePJLmnei77bjWUzzoXZfqKmnSlO7CSJSHJitp/i0qmjWBycpZOsLJR7H8ss8fW1/PIfJprcNs5L+y505I1HazKQbQ7UDq6TJAlZdaSEv4+7+OHZSYDRdQ7fI5mH7KDJ4TP3uoFzHjSGXn9qzuggCEXlSMdvrnVtK+rYeY9xROvXIpfr6azao4tpeoJsTOaoETHAWKTR3aZYICPSVCXcwS5BdDkpudUHeIVZaeJbGYtIrxWD9lFgZkFt+ZT+acBLrfFV9g95B0jUH3tg==
+xn--p1ai.		86400	IN	NSEC	xn--pgbs0dh. NS DS RRSIG NSEC
+xn--p1ai.		86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . Az1vYnnCRHUIGQ67TdFIY/6nYrLFKV8XbE0VOs/31KgiyRo7L2A5+rPXsfhCWVx9vcemA/bw2qR1Oi52wxv8SYQwzG0id1NreqMcITqcL4euX2quWHkSvsVdWtqPDGzpMzX9mGmY2ReRfvZhhnJyHEVkYmJRf3SCkQbyUWF9E77PL8OJ8MS4ARYYoxRqjz6R7pi19AhDIO/s0QqXuy6Cfgv4JO4CnA/V82+vNWsjIyOvFXtIioMeG0tuYLOzX1H5SQCir5sh3hRR7P72VoMSOUDP4jWNdbZyAYGTdUJ3QOcspZKEDwXYcZ/95w8UhBD9mFi46GfBjfiHGlZRILIAzg==
+xn--pgbs0dh.		172800	IN	NS	ns1.ati.tn.
+xn--pgbs0dh.		172800	IN	NS	ns2.ati.tn.
+xn--pgbs0dh.		172800	IN	NS	ns2.nic.fr.
+xn--pgbs0dh.		172800	IN	NS	pch.ati.tn.
+xn--pgbs0dh.		172800	IN	NS	rip.psg.com.
+xn--pgbs0dh.		172800	IN	NS	ns-tn.afrinic.net.
+xn--pgbs0dh.		86400	IN	DS	23341 8 2 D7A6ED1FD619775C26CEB15A96586B3C1D7AC38574E44F1ABC100FF2F50198A2
+xn--pgbs0dh.		86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . SFxBY5wG2h+IUuemjAnO6j+1kxf+L+R4esgbfRGSkPk65ciVyQTbavhVzSWfDRriCAaMr8+4ne5oSmA0JeBqOfxZ58psn0/LXxRbq55oEFstonU7ulZ/420jn3sp+dbKyr3weKTXV0tFfVfGrsVYg2AR1zAd+BdsSZIdZOpT2ozHZonLtw5gIhlSCz8pKNE4ow1Ur9TyyN4NzWQzIKJPJRD6BBI9hjaC54ksshsxqJJrMRjEDjnLQfAF/+CNd3kebMnxw1Et4mF9OnoZFeqxtWN8I3GdRB3d4kzaLyC3ZzdPl9h+wxq4UUQv+vFf2zSMT44yvtN1dcX9eN3AwKEXHg==
+xn--pgbs0dh.		86400	IN	NSEC	xn--pssy2u. NS DS RRSIG NSEC
+xn--pgbs0dh.		86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . crq0UKndjapsPHfWO4E3AzhtYJ6jGTQQTC0rn+smilcMFtgzPhyPN+b1YuA7LPT3iha1ZVe4QSXhxUdkZllDkPDFsopkXxBOltF3ReiiVdHf3FlIw7iSXLATFmtbl6dX3zdiyXKaUN/pUN9zoCMcuQNQVP4vU3gDycCpzH0UzjvbdQ2tYQGkyeDkVWmW0NN3K+Du/sA3di9Z1XSGwUehGeP1q2+z3HWnD8F6slAuDRUyuJZx8xG0JR2iszVvvKrZimmTcG36D5i1/BTXKLozFb2YbEkM8GREtHk/xaJzzXy1gbFJcx/Z71YJw8iWd2Wl5K/V4VsSpoIgSXD+5cTCng==
+xn--pssy2u.		172800	IN	NS	ac1.nstld.com.
+xn--pssy2u.		172800	IN	NS	ac2.nstld.com.
+xn--pssy2u.		172800	IN	NS	ac3.nstld.com.
+xn--pssy2u.		172800	IN	NS	ac4.nstld.com.
+xn--pssy2u.		86400	IN	DS	39624 8 2 C8ACA8ACBFAF0BBABF83AD3A480DF9E961364D1BF326C953F1CF9597E844C95B
+xn--pssy2u.		86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . lev/sFO86YvvuDQCOCo56FFjzadDe0DgZ8LHlPtHmkJYoiYcMve1ZUSaVAT/bRN1Y8sO9/5glt/1GZB3jpzGeptF0TMQ4L0cNUiX/mv3TlGtHqt43cT0v2krumuZyLnzce1MG+r3RJ9XmbCEhRK/7W0hPGV2VvX9WBdcgyqSgW0xiRokjF+nrvTVEbylawlpyfrRzFO3xEp88FpJR1aSBH6hh/67xplguJ+lqBOgMKSIhfxS4kjp22ngE8L6NNKEZb2uuuluq3o2xBWaTuoOI8cfYb2T0TdZYjfLzEcIB0oET36bIrk3c4ng9TYth3tXFfLyQrGEbXGfD8w53OMVKA==
+xn--pssy2u.		86400	IN	NSEC	xn--q7ce6a. NS DS RRSIG NSEC
+xn--pssy2u.		86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . W/4qHzPlI8T8DRQ+VXnrdWNMGW4AsLm7MNacI95rJgltc+bCRGx9MsEjD6MjcGUw0+63pH8zBBIJ7dscyPhf4vWH9HlEHZI5HXteG7ms3dztjsVDjrRsrySLobGCqCHc9BTJAAAeo4APMAy9MzvdnWEL00zm0EsTULc+IjCU2wxR5c5G3xAYDNyFaQVc651hhhuVCiJHEx+0QAakbvIhVXg9M4cUCNn82iLCxfyXdgFrqaqHFcQMLH5mPAdN9eRoHb5YYs5i0l9CmTtGwrLmMfQi4sTY99JoCo5HmFEnTLKdIu05p+SAd5ksT6l7kw34rQfLHV5kxslhtJovJAb8LA==
+xn--q7ce6a.		172800	IN	NS	a.xn--q7ce6a.centralnic-dns.com.
+xn--q7ce6a.		172800	IN	NS	b.xn--q7ce6a.centralnic-dns.com.
+xn--q7ce6a.		172800	IN	NS	c.xn--q7ce6a.centralnic-dns.com.
+xn--q7ce6a.		172800	IN	NS	d.xn--q7ce6a.centralnic-dns.com.
+xn--q7ce6a.		86400	IN	DS	10705 7 2 0ABE3FC3E0D788CC7EDA69271C7ACB9ED5D23460D381B86253B44C57716A89E9
+xn--q7ce6a.		86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . TPD886uTFSp6yBAif7vDO3VqMVGgABGSieae6OL/7DN7FAijgdeRnt5+7oPE9+Go7a480Vt4lCpV6kgOEy7mspRRVYhH7npngYeBhOxyUlhvSjOjCprnnIEZ6r85Tb2LmlHY1amextAPDKm20eg6PA1El9yJngVLRUfl+h+/YDHDTeZCqNMqJ2+tXYSS2u2gG0nuL3B8fMw/pzUS2m9d3JgC5wsB18cavycTIc7awlqaAlBDRnqjgogR/rLJmd5+rlleaqJeU8CijPWC48GfMZNaYqWDBZrtLoArkvAzgVyAD7ikSZlBiO6/ainaoFD17W+t9RjckLXsBFKLn0e1gw==
+xn--q7ce6a.		86400	IN	NSEC	xn--q9jyb4c. NS DS RRSIG NSEC
+xn--q7ce6a.		86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . U/AszEp+Z+O3C4eAxHafsanf5AF/CGUvi7fpkkDyBQIUQ6TDA8Qr3u6TAn8sHm0dzDXa2yH/yCzb91TJuZUPmiXKbFesOF7pVvR2jc3nDXHY3B4W2J5/QJAbeFC4UiT4ss0k75e/zo2J/iXpr8pITVVXKuS0lFPFGcvCkfnsMM3jiDusLsDrGyRuzSiUuAo807pbocNkDdavRTEsO5RHcsSd6UxTSJcaTY0sEOrj97hp3zPeeBf49QuZD9rQuGuuifUziqWj5Sn/lazOUWzNbQVDuU7lOgPi6qnJLtGtBaLUfKVtRl38rDR5B7qllh/OJHxaZx1f8R2nYABjIivAzQ==
+xn--q9jyb4c.		172800	IN	NS	ns-tld1.charlestonroadregistry.com.
+xn--q9jyb4c.		172800	IN	NS	ns-tld2.charlestonroadregistry.com.
+xn--q9jyb4c.		172800	IN	NS	ns-tld3.charlestonroadregistry.com.
+xn--q9jyb4c.		172800	IN	NS	ns-tld4.charlestonroadregistry.com.
+xn--q9jyb4c.		172800	IN	NS	ns-tld5.charlestonroadregistry.com.
+xn--q9jyb4c.		86400	IN	DS	10159 8 2 2EC8C0789B0F4DDB281709A6B6D8EBE6259C0C30251F26F9759F29C6B93B7DF3
+xn--q9jyb4c.		86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . RjAN3vpXJzRysM++DxkS9d16+fOk1bYoD+ZNczgQdjeSZWWHVGy2AXaW1Fq1QWS8WKz9rknyTVXwLN4eQHefErmLChnfmGiXCb38kNlJHKudRdKDnH4UuJL+OLAg6furBlo632cBbqgrwgKYeKIU1zbEYOdrlzbLPTZFZNorE0T8jCplStdets6FFGjoF1CNVGepwjpNCIlw0cka1rIdpQxSL3CN/8IADSfhOoWW+5bdyA7maq9bICZTCbeGfMd2xdoPyeRfAaNSr8gvQjQSYYwBPgUi291cGBDdcbgXP8ipZfopk/Ce53TjxtJGgJOMnQcypsSN8YSkTbT3m7dOcg==
+xn--q9jyb4c.		86400	IN	NSEC	xn--qcka1pmc. NS DS RRSIG NSEC
+xn--q9jyb4c.		86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . MT3nVS/n/a49+lxU5zUdGC5715me0uvxL8aw9Zai4rRnRiBa+6E1wAAHWKFhjp44snpbLA4hlX1sGKeX5Y/fjX5B0rrVtMP+EnxRSXtBi5zWNRHv2wW1XyM0HBU4JgamiOMAswWkNNKh60mopYY5bg7Rr8zP6vPoT52UhWbBuEvcC6F50VAsSF6qJgQcvaBuqVyCl8NCtOV42pax8tRMNyKcEqMz1XzQtF/yKHr9kk/GzmV2dlVeoYCiL8hYu/3Y+PWZhdK6x3cyiYGtLir5g96xwVAbFKWe97df7vSzdy79DdXiS3tNoBx3jDCNCKSlSiGbWuVirnZPi7oCFCfjeg==
+xn--qcka1pmc.		172800	IN	NS	ns-tld1.charlestonroadregistry.com.
+xn--qcka1pmc.		172800	IN	NS	ns-tld2.charlestonroadregistry.com.
+xn--qcka1pmc.		172800	IN	NS	ns-tld3.charlestonroadregistry.com.
+xn--qcka1pmc.		172800	IN	NS	ns-tld4.charlestonroadregistry.com.
+xn--qcka1pmc.		172800	IN	NS	ns-tld5.charlestonroadregistry.com.
+xn--qcka1pmc.		86400	IN	DS	65200 8 2 4F705EEF39238EF3192218A9BF4FA3789B1557CFC96E8EEB86583114C02ABF50
+xn--qcka1pmc.		86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . WsjfOHAKq3OUZ57VSio79s4UMci9A4x3U7cw5DKsy1APNCezuFiRxJzaITudEYseNcXOSBFuOU0iQV7MIVyb69Wu4kb/GknB+mG7H2WExAdrleUnsihn7U1hxKCADXAUK/fgwChGkO3TmMxhFWauqw4BnV6JTd9h82WGGaYBYap3XajT+bC27V/qmbBaHR+Pq4eynSyKxF8tuB5xucwRAIqA2ZIVHmVCd/5J5fjCRK9V1P5LOp0EDXacevur2xdBll1PZx/rg+QGdUGqFk3XC6M0hVUlW6zS4ee4WfX4f3PsURcVoXuw65pp/Zc2apyrbgOMDg0bwddZmlZNbtRawA==
+xn--qcka1pmc.		86400	IN	NSEC	xn--qxa6a. NS DS RRSIG NSEC
+xn--qcka1pmc.		86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . ELPWA6CGp/2C1PNpA8PicJ3BbT472SINs7pX0vB9c8VMIukzgya3zs2YWHulK/CXTJdSWa4G3Dv19HmOY9bh613y3dSy3XeV6cPd/SUHrmwg93eY7ai/3F6rorFjXqQBVVegamif5lW6jblsOrUnATW51d9DQYdBFKnAhA+a/jsbTuYdPmce7opJVY0I118wlLOXWHTG1Z2LIj/Asrl7L0apaY2oQpDMkwni8dIOSU0alZPwQ/BywjP/Sk5Pxx0wyUkddqv4wkfXMa+ooBZ1NpcsUOD+Qg4/M9TozEhDg9yQnyWgN/jJnIMqQzu3ReBliW45EjVjNYiJpMXmhkGYcQ==
+xn--qxa6a.		172800	IN	NS	w.dns.eu.
+xn--qxa6a.		172800	IN	NS	x.dns.eu.
+xn--qxa6a.		172800	IN	NS	y.dns.eu.
+xn--qxa6a.		172800	IN	NS	be.dns.eu.
+xn--qxa6a.		172800	IN	NS	si.dns.eu.
+xn--qxa6a.		86400	IN	DS	28624 8 2 248CB7496D7D6C9A4C0F2BC97187E1EA7A4F9F1ACEFDC745680875E8A009B793
+xn--qxa6a.		86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . lOuv53In5mgdEtgSzJFWizHp2eOI4xTY0Dg46+5q649CwFekY9OMWhxG4Ty0TWXuWoYjUuWnOM8u4xUhsvRrBbQjxCz59bcMvgRwwHV05o20nSfvQUNWBCh/sJtsher0GAPPfOVvG4Q4/t8EEN+YwmB7HP8cSijVJqYf+d7I1gz/Hc6CCebYjlEg09LyP4ul30zZnFeAPHcsoYYgFXAQjelzkEPjHqV37dUmUX1UXso8rSine2C1WtFdKR6A28vlVGZOWQEEN/6QEQ4JM4BcL3cg0OQbaJU7hstrDbbeAiwFN1qyzqlO8pEJvYZWCyzIR4CSq/mz2Dk763uuKHgthw==
+xn--qxa6a.		86400	IN	NSEC	xn--qxam. NS DS RRSIG NSEC
+xn--qxa6a.		86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . LRWzurBm9iew623xSg9uNJ501PyzTq/hinYaLehchmI6n+qZApglvuubgkjvIWFOlWLnbgmof6+JuYM98o923E+qSmFa59O5Shs3tQPuZotRBGBLws3kwCSKk/JvhM7Pn5fw+UmbtLOmSY9pSZOQitLWb2zExoKcPJKiMklo1WDXQUQfbBwoY1cZ9m0dRYikZHvooJzzfJVc4XuKTrztjcuZSqg3v+bz2aVgvrt5Op4iqJemuAmA4sw4FVmYfnfwQNwlGV9u+odhH3i6pPeUJBvcQNEypE+2lVJzoPrOJta0mRd26gPn1TXuqcM7uO2wNiUe+9ckr681/q6XBQMKCw==
+xn--qxam.		172800	IN	NS	gr-c.ics.forth.gr.
+xn--qxam.		172800	IN	NS	gr-d.ics.forth.gr.
+xn--qxam.		172800	IN	NS	estia.ics.forth.gr.
+xn--qxam.		172800	IN	NS	gr-at.ics.forth.gr.
+xn--qxam.		172800	IN	NS	grdns.ics.forth.gr.
+xn--qxam.		86400	IN	DS	10384 8 2 10A432DBF0112CE38A83CED26F36CE36AAC7A3D37CEC8D07583C01A5E9FD8ED1
+xn--qxam.		86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . XHWsDHPdmV6HwN8jZX1MaM4UItyphwdOJpm/zXQ2y9LhCpDWzNXEG+Fy4N4Nn71KzXgEbmQNZWwHatoSqMNNAdXmrIbt/RWfPPkJs+RTaMl9Wt01v2pli4bNHEXnDc29FIGYogksolT1dkxlvw8BJHFNhRMyTzwhagnXq91u8XSixvO/+Mpjk29eHPAM+X0mRZif3lpGNaOIYCaRHS8OgnQ6AhpnUX4cw0i3cEzxtYjrSCPum1St3ksKXsd8fQ5c0neyxmMoyN4toj6o6cqeBC8co+xm3yhfKXo6E6T00he+BJahlnuBxeTbJQDR4aTZqyEQUmmtAVGpCrL6zPuXwQ==
+xn--qxam.		86400	IN	NSEC	xn--rhqv96g. NS DS RRSIG NSEC
+xn--qxam.		86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . Bry0Q8frda9m5Bl1Oicy67KuY6hq+/Rl7wX+4Q+RPmMChE8mtt+xBjiwlwW6W6sx7kjLmQsYjOUs+Ji+pyafxgWj0HqoZxkBoxjK402xdTWpIkRrMnWCRDL72Xdpdg/iljwJduXhUVtCBtweCtmqIxtDX4H/vRUb+EiNb06PDe1ojhBGGCTgxyGh5XRyysr31hXJIDbAdVo6DyFp4gVwA6hZhXustaJPy88IugdP+5pzatkKsHv7Gr+GK99w94pDBVlZJSjXh7+kcUPrfwY73T2H0P1m/xCL+KsUlSnLGN+sbUABNAtxbBveNGQkdGI1Sg9gmldRfI+lmLCendFpRw==
+xn--rhqv96g.		172800	IN	NS	ns1.teleinfo.cn.
+xn--rhqv96g.		172800	IN	NS	ns2.teleinfoo.com.
+xn--rhqv96g.		172800	IN	NS	ns3.teleinfo.cn.
+xn--rhqv96g.		172800	IN	NS	ns4.teleinfoo.com.
+xn--rhqv96g.		86400	IN	DS	167 8 1 5A8EBBDDFE4D0E442138737A5FC1D3E34EBAE03F
+xn--rhqv96g.		86400	IN	DS	167 8 2 34F9402AB776FFB050D28976320570ACAAB0AFCE393A589494C7CEA61DA3D53E
+xn--rhqv96g.		86400	IN	DS	17089 8 1 122B5A9CCCDDD8FBCA1164643630FF6D75D856DA
+xn--rhqv96g.		86400	IN	DS	17089 8 2 0CAB870792E42B0EF02EBCEF64C3A4FE22D1BE9EF91DD64004473741347A11F4
+xn--rhqv96g.		86400	IN	DS	27565 8 2 B53C43C6B3F1146CC9969545C292FAE4823D43B81DA05141646F837451E92375
+xn--rhqv96g.		86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . zrOAsqxqtkcv26R10mxT/nhEBCAk3fxuJyvbA+KSwy3ZlTUrwym94R5hEcIpV/hmrTW1T6njqBOWLJr/UBk2pK44f6OIVbjn+zPl4r2RFcDyxP+JrJPDMaVZpCKZRsBny9zvIKIv4qqm1Uw0ujPP8qVRN/T04Ot9ifwQMzw0mmvldqgokIaJLje2EnfBWxUYG9v7CtMnZG1/Jq22TgrzMUAvKpIKXWLJCDrnfKUqe3TWc5cAkbWQibkLpAKvdVq63L9jfgX2k3iLKaOpFp47Sjm1OlBviKJ5Fk+VK9u4i004xS22JWDVfDFlSRPdduyuT+WpRcgA4wOfEVh1j+1lAQ==
+xn--rhqv96g.		86400	IN	NSEC	xn--rovu88b. NS DS RRSIG NSEC
+xn--rhqv96g.		86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . q4E5axd48OD1sNCe4OukizG2T9qmRfInziYH7Y4PX4sVPI+aM13csRLVCJfDJ9IVfYy3ZcYpvsPTeDCjVhCHyJc0neRzmb3EtwIrWQyZMMR0wHcKy6acBaYNK0mhJpF6+gxpQ0iecUvwYIk8qSkkTCQtfhzvDq3c7XzLe4yy3yAMASbrB+VkU7nZBYjquLEq+U2SqWJtSjwNntfCFsiZpqRu11Or9bsMSSkk8XeU7mV9utpDkOj6otfO3y/eY/fa/VJ1IkxzQq/mvdPISbS842QY1RdkoldB8IXuvf4ST3syc9QKgKeM2RAT4eJ7D5fdebOXwXXprJDavHPGgCpiIA==
+xn--rovu88b.		172800	IN	NS	a.nic.xn--rovu88b.
+xn--rovu88b.		172800	IN	NS	b.nic.xn--rovu88b.
+xn--rovu88b.		172800	IN	NS	c.nic.xn--rovu88b.
+xn--rovu88b.		172800	IN	NS	ns1.dns.nic.xn--rovu88b.
+xn--rovu88b.		172800	IN	NS	ns2.dns.nic.xn--rovu88b.
+xn--rovu88b.		172800	IN	NS	ns3.dns.nic.xn--rovu88b.
+xn--rovu88b.		86400	IN	DS	247 8 2 74E7CC2A18827E9854E1F541072FB2346BBC81286343EDF089D7C3D9A24EB9D0
+xn--rovu88b.		86400	IN	DS	5119 8 2 48BD313E429D3C9E64D4DF6C2008EFAD55FE6D5FF0D1EE43CB991B2F4AEE8207
+xn--rovu88b.		86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . t65HRiH3uDt3XttQVnbja/41h4CGOVWueHcBKhyEG3Yo3MrRw8b23NDfB9Z5+aVjCgbaQAKqUYx6rUV/haHPp7p4fF0a2O3RdieWm8bt3JlCZ+t2eF0P783sUqLukAFndOVwUK3mzLenNi+ElD4ZiheTU/RNA+BfhGuBE9LPpyLnwZQT/8geSMZ4N7Eh5VCEaE2QeyHcGX1x24qIqnfcl0Qq9jDGZH+jdLn69Oz4k0cTJDUbftaV4aJD0+Ie9BR3bHQf4Px6XwR7hBPj4VwSfQKq1GEXtOGfsV+nm22oKSByVg0uVpAFaBO6V3vVoW8D1/hgFpZokFwr9VyFSa5EQw==
+xn--rovu88b.		86400	IN	NSEC	xn--rvc1e0am3e. NS DS RRSIG NSEC
+xn--rovu88b.		86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . EGjB7kNoXRwJ1tuQVtUupCZYQbxMzTYyAOrG8rkraddwDQuDx46utjFcA1oMdcTcT+582MIrPkdp1cha85P5LLD7Rplhtq8C2u1HoidGMCn+2Dcom/nFBR3c23MesB5aaTn4kzCKbx8DDaEXqbxzjFz/6iz3tuW0XNgAT7PlkbcS1IF/yOmkMESiKVbZOb3olQOFEuDxrgif/mYdbnffcRT23gQQhhk3H2az7uBYV97FUrkmNDuNDZ/yfhUxr/WaQDwqQXcLEqQDlGRU53gfX9MqESXUnEbE/oPilztzH2W2yiTlwTzE/GkFJCCeLtGHEa5ZEeAsXtnjvB4hNnsblw==
+a.nic.xn--rovu88b.	172800	IN	A	37.209.192.10
+a.nic.xn--rovu88b.	172800	IN	AAAA	2001:dcd:1:0:0:0:0:10
+b.nic.xn--rovu88b.	172800	IN	A	37.209.194.10
+b.nic.xn--rovu88b.	172800	IN	AAAA	2001:dcd:2:0:0:0:0:10
+c.nic.xn--rovu88b.	172800	IN	A	37.209.196.10
+c.nic.xn--rovu88b.	172800	IN	AAAA	2001:dcd:3:0:0:0:0:10
+ns1.dns.nic.xn--rovu88b.	172800	IN	A	156.154.169.76
+ns1.dns.nic.xn--rovu88b.	172800	IN	AAAA	2610:a1:1071:0:0:0:1:4c
+ns2.dns.nic.xn--rovu88b.	172800	IN	A	156.154.170.76
+ns2.dns.nic.xn--rovu88b.	172800	IN	AAAA	2610:a1:1072:0:0:0:1:4c
+ns3.dns.nic.xn--rovu88b.	172800	IN	A	156.154.171.76
+ns3.dns.nic.xn--rovu88b.	172800	IN	AAAA	2610:a1:1073:0:0:0:1:4c
+xn--rvc1e0am3e.		172800	IN	NS	ns1.registry.in.
+xn--rvc1e0am3e.		172800	IN	NS	ns2.registry.in.
+xn--rvc1e0am3e.		172800	IN	NS	ns3.registry.in.
+xn--rvc1e0am3e.		172800	IN	NS	ns4.registry.in.
+xn--rvc1e0am3e.		172800	IN	NS	ns5.registry.in.
+xn--rvc1e0am3e.		172800	IN	NS	ns6.registry.in.
+xn--rvc1e0am3e.		86400	IN	DS	44785 8 2 A6BFCE1BC1E4B74384CD0A53205286A4C56B822A29981E22A07233C9914A4397
+xn--rvc1e0am3e.		86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . MfMSL2N6Xt56Ks14g4Jl8L/Hv4jPFOio7dO7EhGRi5bTvnsD2NC8v20akCswJjL6GnSw/pauXY9X6T5JTAhw6aQbEA99Pavb++5ckzVcrg+o9SMTSdbgHJ1W+Pgq9xvT3FCHmgLKk8ZWmzhOA+qmbX8xM52H3brqROzdBu1BQx0ppS6w86EQM9BNkB4BCuQlUhXXY5RLEqD16gVuCEMHN40BgsO5GCD/9/jE+N8S47oavwdlbtnkz2WEN4g6dU6Mj6NfxziplAEwwjEpod7z2mUsNdR6jaMao8uY1NyoOlCnqkma5S85WsQi1a2y6p4CVDBSS9Q/lqn7WM2yEtCibA==
+xn--rvc1e0am3e.		86400	IN	NSEC	xn--s9brj9c. NS DS RRSIG NSEC
+xn--rvc1e0am3e.		86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . bhMJ+NR4zKRH5siewIFWN1NG77nndYwZQp/ZdUJRS9C62rk/lZ61IjtY3eK/DA8EmQ+5RK3QCY+rcVdFbox8TO12QwIWG0LYTzjZ+gaWk+4PZSUAgPCT2i/xe6J6I4W5QIBUk1+j5SrFfGfubIM/GXplmKBvluCrIZVuiwlsZYFgtI5jZTM3a4fvywovRKk/OVgTLR/vTM73f3HCz9cIkciuad/zh4uHkIgSco7kANKG/EJVquCpkQxbfplbEqQjTtIs1kKZrIwrpGiTO5PWP2h3+LPqFewP5GoxfEvdKUI52rSnr4MCZlf/jJM/+esx023W0pi0KUtujoI9fYj36Q==
+xn--s9brj9c.		172800	IN	NS	ns1.registry.in.
+xn--s9brj9c.		172800	IN	NS	ns2.registry.in.
+xn--s9brj9c.		172800	IN	NS	ns3.registry.in.
+xn--s9brj9c.		172800	IN	NS	ns4.registry.in.
+xn--s9brj9c.		172800	IN	NS	ns5.registry.in.
+xn--s9brj9c.		172800	IN	NS	ns6.registry.in.
+xn--s9brj9c.		86400	IN	DS	47272 8 2 5A0F20A974FED08735863B1A312EF3582290C5A25CA6FA79C32FCC3740CDBC3E
+xn--s9brj9c.		86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . OFs6tFF6bXRiCtqguhOrCf0tf3d+SkJLijOJP2JM6gEHRFMDntTeJTtAM4prZOJqPeblWoV9vKAkWMuTHOZu1dNPgnywaOTMV2L05eVykdZd7GqQKR5kVU/99TCIikj7zyH0NhLlfTA6HtjJ8Dez1PEhTKsYDWytZeWKwNc9ZTFDCYBpM6YQy3xNbn74oOHGTQngI6crrUv+Vxscn1fUhc/bXQVTPyhST7yil6tnH3ozzY1OcWGSHRcUvE5jiwBtWicYifjNse1vUBSpxYtFCa5UNz8AlC6mVqeSJQ70+6g0PcdJWZLVzReqnvvGa9JNqguKcThhgMcTTaQSUmgc+g==
+xn--s9brj9c.		86400	IN	NSEC	xn--ses554g. NS DS RRSIG NSEC
+xn--s9brj9c.		86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . K5owoP8cU1UnGh3Yr2HKbv/4Vbyyw0Ef97C4yAsAeujfu9+61u/99oFxQvGQRf8PmhGjQSZoRaqoKq1U+leeIX07k5WRFHqsBh3GvAKLozuNCrhM+xN91acz8x2EqVIfgpcWQsFqbRx0Y7KbgEg3o3XOZbeeZOrOoRdydJwMSpKZoMJbOsJOtIMISY6U2C3gHbR98CyD0lf6ho0Q5rtehj9txFgMj7SjRy3xjqueu1A4wvvrlS9nMB7+vmCfMOnmLq/RjL8WoLWKEAT20MMOQJH0/VTLPnO8W59Xfymcbgk9n9Ow9Ugh8A2qkJuvhI6gHY1hvq8YaXs2J1mzNhp7cw==
+xn--ses554g.		172800	IN	NS	a.zdnscloud.com.
+xn--ses554g.		172800	IN	NS	b.zdnscloud.com.
+xn--ses554g.		172800	IN	NS	c.zdnscloud.com.
+xn--ses554g.		172800	IN	NS	d.zdnscloud.com.
+xn--ses554g.		172800	IN	NS	f.zdnscloud.com.
+xn--ses554g.		172800	IN	NS	g.zdnscloud.com.
+xn--ses554g.		172800	IN	NS	i.zdnscloud.com.
+xn--ses554g.		172800	IN	NS	j.zdnscloud.com.
+xn--ses554g.		86400	IN	DS	57266 8 2 A3C057A22744EB0FF0518D51E55B1271DAB9D39391B55EDC98443B22882B1C0C
+xn--ses554g.		86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . C+TqGtywwePNeF9JAMYbzbP75DxCQZz/FC9j8LogqKDaZAIWvjLsZ+D7F93oDWglR2NibYC7+NwVe5O1G6FcKsM7tDu+CJXFV0I22pyx/+ioMiqFZLSlXMZaCiWJe0Tvx9elNnuLrJkt0tPvW5eQA2ELujzzZTZJE+QYnVxxCfsjbCx85wPAay0AqN1NnCDjMTZdywMmUlWj8rA/B/wiWBB2ce5y+reRo6LOpSTmOYnKvQWr960Sav0+tr6heLvOlys+wGMLuuX3/WtoHJkB3+OLaCyzVLz8XdQC0Jor0rK9zQ1EhxyoCUwHB5tzTGwPOx49hVAmhDAZoFd1sJvKVQ==
+xn--ses554g.		86400	IN	NSEC	xn--t60b56a. NS DS RRSIG NSEC
+xn--ses554g.		86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . yPyHBh7H93Oz2x6cgjUfSvMPYVw6+67upadsns/7otiUUfZDHlLbuqNXrzp+Rv+af6UKaWS4/VeFYmRnU1wxio5ORLskKVw2S5fDXMnxOyLg5E8bqDVdLlW2reZq7avHL8GsVSRGMqXrx2APDtr7hXquHLU+cUq7E5jSe8LWhprlKwRTaAukmPT1gSEHoaVVyJT1W3M2fKmRjMwr9DNieYvD82YvCvM1gosQ3pbV/6+7MdSQyOZoCLERKpi5PQsl51hO5ZSwII7H1hzbRYlP8NXeU/xdIptpdnT0jzVGNsuXqWESYSLZJ0zMvyvYdlmALdRm+2nF65BE3dQ5OTZjVQ==
+xn--t60b56a.		172800	IN	NS	ac1.nstld.com.
+xn--t60b56a.		172800	IN	NS	ac2.nstld.com.
+xn--t60b56a.		172800	IN	NS	ac3.nstld.com.
+xn--t60b56a.		172800	IN	NS	ac4.nstld.com.
+xn--t60b56a.		86400	IN	DS	13779 8 2 680CF412999F4FEFF1C17C14299D412C149C118DB24A9A5FC14C0C7B6A126387
+xn--t60b56a.		86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . FDPZPbsBgtgPmqWv6w7deLP7VfXcwEqq+ufdJ5iYmSU9pt3qplHOyMMa/mjnf70m1Tw8oqDhqpof9UsmCkECmBDJmXfNarTrwbxKJgcl+zrDuCznL3VySvxrE9zmYLI2Gi0djp9LXIuiOc/jy9mSzTQgMw2G610wti9j7emhIKCUDZJZd2xP7FfB3tAaNZPEAlFFukc+ehZPSrBBwoVTRp1gSXffn16qE51eoLn8J8r7Rugdjl1apnKkNEQrzgOX8H69zhDCUHzhYdNmO0nU52DRgy7CQrm6V1xjxIQVTcNAwPea4hSA0uQ7rI+fXhVV9Ms1s8xb7dl3K3YcpDDGmw==
+xn--t60b56a.		86400	IN	NSEC	xn--tckwe. NS DS RRSIG NSEC
+xn--t60b56a.		86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . NHUo8i3CPoed1Xi3tKGbVNC0/xqoiBvdCaDTbsgG7vKZ8jjRyFfaxpKhW2CNbl5yREYSPa/aerlcyAwpokYYzJLRbEz4GjoCz3DOwIuRK2WoUf/wpeNR3k+JJkDlcN2st6SdztYPGczhW9xenypPCLRTqqSz+DiGKKjKoSrnjo8VxqJu49+6cYhLbNiMBAM8jqzbLMgv92cxgbWGMDD/2gDRZskK3lNg+Eiswuax/KXhDBXDYpC7WCGST89jsaKS33H2YtKF3ARBGOYLOp1rQKRkgvzNoOafLESnk2nBT283Vt5o4sgOgKekv8oM6MnO6wGgdDHOQ+X174uFNQLZyg==
+xn--tckwe.		172800	IN	NS	ac1.nstld.com.
+xn--tckwe.		172800	IN	NS	ac2.nstld.com.
+xn--tckwe.		172800	IN	NS	ac3.nstld.com.
+xn--tckwe.		172800	IN	NS	ac4.nstld.com.
+xn--tckwe.		86400	IN	DS	35520 8 2 131328BFF91843A53643BF73535A6ACB5EF32A916A23E0A7AB54794C2227F45D
+xn--tckwe.		86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . YfeYzRzz+rtoFJ1x5wzA22vg7grx2nHBmODF3kRdexU4jPwGDkGVy8XqJ9IkP6safCQnANfSOEKs9yNzwGUlVpdA9j18S9PUVKbIT+PrdJJZQywg3FcmRbjOSCuYU7mwQyF05J41eWYeG7ZvQcGrdv2f5NKCiQWvmoDu3nFvKnXXYz70KnMjy+nI6PN0p3TFhK5mChT30DVXtIECii0WYAuS3+2yzTFDf8ioXZLZ7R46QM+C07CX7iU7OLjlMqcszN7m9a9JCvdwmEwiZP61DwM9PZONYhR7E0ocDD29Zb5nc9VzfbM+l3LjOHoqjT9rtcYIvnVq+8lWPPfHPyALiw==
+xn--tckwe.		86400	IN	NSEC	xn--tiq49xqyj. NS DS RRSIG NSEC
+xn--tckwe.		86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . aeEwViG5Bp8otFhDpwiud2qhV6D0BO2CS2jtAbHXuShHz74n49y+uE26oweoX7eXpz2jySCJS+rWF7We8Y9t6kubXMF86t2ShCnwD/XC1npVxmsLW/Oudvzj5QwPRYaKnIfrRmrxJYwohGqvwwOm5NyDvzZIcPA6Jalb96cOP/CVIUjElfaYKrm5E1ZHL5y8sTYEW2uOuROwhfw5lXkEXLC/1dfoJ9dfa98ZOlpQSlyC3MvfqJrw83hVhuwUTuM5b7qfQ9hpLmB9mI53UnhDkcigojNj9k4YPe73KUkeGKJq4KgkTgx/eOQoMfZx7U2rVmiHD89DGLpnHlh8RUkQUw==
+xn--tiq49xqyj.		172800	IN	NS	a.nic.xn--tiq49xqyj.
+xn--tiq49xqyj.		172800	IN	NS	b.nic.xn--tiq49xqyj.
+xn--tiq49xqyj.		172800	IN	NS	c.nic.xn--tiq49xqyj.
+xn--tiq49xqyj.		172800	IN	NS	x.nic.xn--tiq49xqyj.
+xn--tiq49xqyj.		172800	IN	NS	y.nic.xn--tiq49xqyj.
+xn--tiq49xqyj.		172800	IN	NS	z.nic.xn--tiq49xqyj.
+xn--tiq49xqyj.		86400	IN	DS	2386 8 2 EF5BB5C8DBC6EDFBB51F26333F779DABB955FDBEB68F276027494846EC8ED9DF
+xn--tiq49xqyj.		86400	IN	DS	20710 8 2 C1FBAC37A1A9B6FB9DC85BA47C7F98AD7CF2D78CBBD3CDA8C93D389870616BA0
+xn--tiq49xqyj.		86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . nMZR7jTDn1hoekVptmjAUtmVBs/JRxm7jSWSs9vZ2FN10Ktq+5ENegEyAcw35NA0f/pP1RQC6Pa97q/q4GR/nRKZutkfOh0sEzrOo/p2gTkkm4TCepRfsrtoK3i4wUGHQrLTABP2cfagLtEx+E+RPY+l9oCCBLL4Gd5M4ZBbmailgAeqSZwhvftP1S+ShEagXALp4TrqVukPgc8xEgZx/AdZnmRwns3qdxSBshJCENlx3s0tKdHC0N0AHySiTt9rfv6wtspiIUWibGBqseNQwSL27EEI4A7GrzA3nViuDVJ44VYRmSYqKofgfmwMTGXNBTQ5RK08YPgspJ5mtyWuxg==
+xn--tiq49xqyj.		86400	IN	NSEC	xn--unup4y. NS DS RRSIG NSEC
+xn--tiq49xqyj.		86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . UFmZp1Gc0yHlVxQxPMN64vjoAoAamuSfFnzyBzL6Uf74/V2lb598ZGGiLmkpJzjDlXGZsJspWVG/FpWeXHscou6NKj8Ai8WAu5IJWIQvhxzDGWHknV+KlR+J1biNMMJ4ZELw+hrxihyejq+9tfDzVK97mBkvKszy1F3qOUM1pUDPUyH95YcDYw8DQ0kbRjarNQeX/+rcWfGHgbf0N+NKg0WkEav772fPh5C+z8QLHSd4/TzUBt06zkE2/3a0JaPSwoNoq8EnF0lTHubwCeF39ve0FaOb+Sqvvp282Sodzj18VC5TfQ64IcMJ07B110tBgH01zknOQl8PSKQvwgDS5w==
+a.nic.xn--tiq49xqyj.	172800	IN	A	37.209.192.9
+a.nic.xn--tiq49xqyj.	172800	IN	AAAA	2001:dcd:1:0:0:0:0:9
+b.nic.xn--tiq49xqyj.	172800	IN	A	37.209.194.9
+b.nic.xn--tiq49xqyj.	172800	IN	AAAA	2001:dcd:2:0:0:0:0:9
+c.nic.xn--tiq49xqyj.	172800	IN	A	37.209.196.9
+c.nic.xn--tiq49xqyj.	172800	IN	AAAA	2001:dcd:3:0:0:0:0:9
+x.nic.xn--tiq49xqyj.	172800	IN	A	156.154.172.82
+x.nic.xn--tiq49xqyj.	172800	IN	AAAA	2610:a1:1074:0:0:0:1:82
+y.nic.xn--tiq49xqyj.	172800	IN	A	156.154.173.82
+y.nic.xn--tiq49xqyj.	172800	IN	AAAA	2610:a1:1075:0:0:0:1:82
+z.nic.xn--tiq49xqyj.	172800	IN	A	156.154.174.82
+z.nic.xn--tiq49xqyj.	172800	IN	AAAA	2610:a1:1076:0:0:0:1:82
+xn--unup4y.		172800	IN	NS	v0n0.nic.xn--unup4y.
+xn--unup4y.		172800	IN	NS	v0n1.nic.xn--unup4y.
+xn--unup4y.		172800	IN	NS	v0n2.nic.xn--unup4y.
+xn--unup4y.		172800	IN	NS	v0n3.nic.xn--unup4y.
+xn--unup4y.		172800	IN	NS	v2n0.nic.xn--unup4y.
+xn--unup4y.		172800	IN	NS	v2n1.nic.xn--unup4y.
+xn--unup4y.		86400	IN	DS	57331 8 2 98698BF6004DCFE48F3C5BEB164F75D63FBAC726AE652DA39AF2929A8F836F92
+xn--unup4y.		86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . byx0EfXb3h0PXpzqPVGilVPfjXkaH5E2ZlEZQp9lU46GGamJo3ZOEhPKM/rExuigwahr5B1EhRozLN4uoqLNMZjUUXyndXKHQjwREYey6Okb0hY3Ktk2lqM/iAUIqlqLjojhlt0LfEj3dmvbs1U+Eye83BCkkfSvl3DL5e8TOVNSjCc01jASGSPLe7R8kRSa4PsbwtOAA0WTvZNrlV9FX/L1Z+b6dLgODR4ofMJkikZFsCL1Ck0liJ4DKZwyBHdxehEXD5Spmit8hwiUDQVFXJsaA2ckg0T1Nydyxt6z4LzvnB3z5hq9s6z0TOBS9bEFQQTLK1sqWPKzkjSnW0ZHWQ==
+xn--unup4y.		86400	IN	NSEC	xn--vermgensberater-ctb. NS DS RRSIG NSEC
+xn--unup4y.		86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . 0JPwUeRLHc27h1QGJr9GnWZPCbMBSG+8XWDiHKsTxata+fuGEDXF5NYBzFLpbCIJiE9/dZqOhQXbmo5Mn52kbeE0mm7HWkP5TImQLlMC42SV2dcIyfzejXgkfREh5NkPiF/orFJUsgk/L0yFYyN0jW7Uex+H7tq040VyKHct0IgRhqhZkekOeaOS8sWhEu7nPCVo37fuXSmzSJuaNaM49VThgMmKo8IUlKimvvLx00/83DYPn0rDSUdfqwWmd0gvNJ4wogpFRHpJv5IgHXYsh3GTyKPxniscyemdU8DUfCkULmMH7OVbhx7YLFZEtsYpOcB01/RuEpY5tsSwyVCgGQ==
+v0n0.nic.xn--unup4y.	172800	IN	A	65.22.20.34
+v0n0.nic.xn--unup4y.	172800	IN	AAAA	2a01:8840:16:0:0:0:0:34
+v0n1.nic.xn--unup4y.	172800	IN	A	65.22.21.34
+v0n1.nic.xn--unup4y.	172800	IN	AAAA	2a01:8840:17:0:0:0:0:34
+v0n2.nic.xn--unup4y.	172800	IN	A	65.22.22.34
+v0n2.nic.xn--unup4y.	172800	IN	AAAA	2a01:8840:18:0:0:0:0:34
+v0n3.nic.xn--unup4y.	172800	IN	A	161.232.10.34
+v0n3.nic.xn--unup4y.	172800	IN	AAAA	2a01:8840:f4:0:0:0:0:34
+v2n0.nic.xn--unup4y.	172800	IN	A	65.22.23.34
+v2n0.nic.xn--unup4y.	172800	IN	AAAA	2a01:8840:19:0:0:0:0:34
+v2n1.nic.xn--unup4y.	172800	IN	A	161.232.11.34
+v2n1.nic.xn--unup4y.	172800	IN	AAAA	2a01:8840:f5:0:0:0:0:34
+xn--vermgensberater-ctb.	172800	IN	NS	a.nic.xn--vermgensberater-ctb.
+xn--vermgensberater-ctb.	172800	IN	NS	b.nic.xn--vermgensberater-ctb.
+xn--vermgensberater-ctb.	172800	IN	NS	c.nic.xn--vermgensberater-ctb.
+xn--vermgensberater-ctb.	172800	IN	NS	d.nic.xn--vermgensberater-ctb.
+xn--vermgensberater-ctb.	86400	IN	DS	22529 8 2 86F326F12A977D5815D4F0566880BCE0B7C6E5BF798A6C848323991E303ACE3F
+xn--vermgensberater-ctb.	86400	IN	DS	60320 8 2 BD736C840D3B1B3FDD1679D500C5F5BD82CF0323E9706932BC5B2D847D5644B5
+xn--vermgensberater-ctb.	86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . DuhBcbCSBeSSsrHayygyM5PbKAAfQ5yFcKCpIqHEptigpFQno+Bommn/q0wv4d0E8MeTwxhCiujF+PyneymUGhdbK2Jn3JlTtSCNPagtjPex09MhI8q4UjELugBRweR9udw2UyGkN1wYZoJGbglBOOYEG5NqLYQnjExaYiB7/ikpS6PWI7ULmxJ4AdG3u9cvfm2SeAgm78XMMG+AuKcDLEvR/hU1knVDdzPOhMQ2YG8Fj2zJRi+vczEedrZGEeUQy8SXWwfptHajHUtU466O+BPdp6jkQtoFFam0v+bw6a63mQIM6mNTFr/MdOT0R5NW5/hJ3dvdMQDYh+xuv2/2sQ==
+xn--vermgensberater-ctb.	86400	IN	NSEC	xn--vermgensberatung-pwb. NS DS RRSIG NSEC
+xn--vermgensberater-ctb.	86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . obs7fFrNbzXhrbQoOu6RbgHur+Vwq11apzm2uOGnjUX5fNYV6u3ajj2r9zrXCn4CKs/ylevBvg4qyFXGdhREMg+lpbUAaVIVoXWtEui9z5ngjXAkGA8fXn3je6ELybayQR3mpv+fQpqVA89J9i1NAtB4VOAxivu/d2BLP3YFRcSZPil1kHvww1hI3ki6rXBdUKBmywhMNSsnH15/ySOLnvlg2U/frHBqpqlB9Lsl+gutzwdFli1ioiQ/ydVy4kSh9CllfPb2/swe1kG5hsx8I7Orq22eEAnvTYhpEgpp/sY1krtWbclsfYIFGPW0Kk+b4Ft0VFWtoymGmIv/FZTeMg==
+a.nic.xn--vermgensberater-ctb.	172800	IN	A	194.169.218.105
+a.nic.xn--vermgensberater-ctb.	172800	IN	AAAA	2001:67c:13cc:0:0:0:1:105
+b.nic.xn--vermgensberater-ctb.	172800	IN	A	185.24.64.105
+b.nic.xn--vermgensberater-ctb.	172800	IN	AAAA	2a04:2b00:13cc:0:0:0:1:105
+c.nic.xn--vermgensberater-ctb.	172800	IN	A	212.18.248.105
+c.nic.xn--vermgensberater-ctb.	172800	IN	AAAA	2a04:2b00:13ee:0:0:0:0:105
+d.nic.xn--vermgensberater-ctb.	172800	IN	A	212.18.249.105
+d.nic.xn--vermgensberater-ctb.	172800	IN	AAAA	2a04:2b00:13ff:0:0:0:0:105
+xn--vermgensberatung-pwb.	172800	IN	NS	a.nic.xn--vermgensberatung-pwb.
+xn--vermgensberatung-pwb.	172800	IN	NS	b.nic.xn--vermgensberatung-pwb.
+xn--vermgensberatung-pwb.	172800	IN	NS	c.nic.xn--vermgensberatung-pwb.
+xn--vermgensberatung-pwb.	172800	IN	NS	d.nic.xn--vermgensberatung-pwb.
+xn--vermgensberatung-pwb.	86400	IN	DS	30509 8 2 B1D9B6E7E50BD1AC597183B160050A398919DDE4A33FAC3714BCCAEDD4BFD2EF
+xn--vermgensberatung-pwb.	86400	IN	DS	64685 8 2 AAFBCB4C8BB1CD236D7CD0EA943987F94DE28CB6DA343813AF260076D97828A1
+xn--vermgensberatung-pwb.	86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . Ke3ecUOYoZgx7zXqWpqJs0BYjBoc++UoIp0NwQ4KfqjdEX3l5tLm0h/wsPhxnJTzbDoSUJ2bzQudusoYvF7ZDNR85T9xqCi0jIebgShDxACv8VPTQqcu3n1ATq07cvfDsYjk/7DMP7esVE0TCsrRAGb9+sDCvmzPf2NFdLz1h7eGQiHvEVc+vJBpQRoAHzMBd+k+6lsxZVm1+VA5iHibtIeyiBCojoZG2/aIP3/y50rGRxEvG6UbewXRUTCvFs2RXkTRlo1eJLQi6XFxMiSDG2cPkXO0P1ySfEcJ7fEj2XLFoBtUv90prrQw5BqSHvV5KXtcu8rWMrhjwRWDKB0w1g==
+xn--vermgensberatung-pwb.	86400	IN	NSEC	xn--vhquv. NS DS RRSIG NSEC
+xn--vermgensberatung-pwb.	86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . weWl+ewvF8+3xnXkAUbdDnQKSMnepkx5AtLhdAE61CkMJzp2jUHFxs1wr1WrDXDfYMzzPq1RAmqSzxV9IclB6TdTgKXIFcRfD3qE9JITwzNsitf5t7wR3prhrc6HP13DM0bM7VbnvGCX2FS+o9IxsVlzw2Ncksh7dg8xEi6x90CBTp09/0rlKo2+KKNGZ4icxJsGzkvj66aA20FcUvWs6gaud0Yee8PXR5wX0Z2PMx5XeJ8GItqXW7aMoaAKiQAVe1/0zXNdyn1D4131qz0kQYK7IANds7nBncKpgzoM18GozcVdyzEVDH+Sk37bmvTs61UV0uUiGyJ1VCWB7QXDiA==
+a.nic.xn--vermgensberatung-pwb.	172800	IN	A	194.169.218.106
+a.nic.xn--vermgensberatung-pwb.	172800	IN	AAAA	2001:67c:13cc:0:0:0:1:106
+b.nic.xn--vermgensberatung-pwb.	172800	IN	A	185.24.64.106
+b.nic.xn--vermgensberatung-pwb.	172800	IN	AAAA	2a04:2b00:13cc:0:0:0:1:106
+c.nic.xn--vermgensberatung-pwb.	172800	IN	A	212.18.248.106
+c.nic.xn--vermgensberatung-pwb.	172800	IN	AAAA	2a04:2b00:13ee:0:0:0:0:106
+d.nic.xn--vermgensberatung-pwb.	172800	IN	A	212.18.249.106
+d.nic.xn--vermgensberatung-pwb.	172800	IN	AAAA	2a04:2b00:13ff:0:0:0:0:106
+xn--vhquv.		172800	IN	NS	v0n0.nic.xn--vhquv.
+xn--vhquv.		172800	IN	NS	v0n1.nic.xn--vhquv.
+xn--vhquv.		172800	IN	NS	v0n2.nic.xn--vhquv.
+xn--vhquv.		172800	IN	NS	v0n3.nic.xn--vhquv.
+xn--vhquv.		172800	IN	NS	v2n0.nic.xn--vhquv.
+xn--vhquv.		172800	IN	NS	v2n1.nic.xn--vhquv.
+xn--vhquv.		86400	IN	DS	25099 8 2 97139BE679993F9BC92729C06A1CE43AE75083580338CF750F15FD2B34737717
+xn--vhquv.		86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . D0rfS26+ZpIvQbTmQR0SLs4R/ooDd+d7lTUzHIuZJJMAxhY3iSDDJgHVrjLsy2SmEkOoF5Qpr2pqRBXaZeA5iOyaRBPSbOrLVVOEikdPtMc/aU9koP1b6RkTJoOEyice1Bk/Mj2zfH0mAmJmwoWZdzla8xKG6IxR5BV0C9j2agqiGB4flb8840zyn+LUB9YO0l6biMesOMH96jcQ1sfoRCDOcqIZ4MypTnHwPBkwvlrvApr65IpVRNOTBrvtamdOVJA/xfJR4TLAuT4rz3WfF0W2qzTAXFEdNUsn1qyFzAvTmSUuJN85co3nxZHsTF+SohqPod527EThrehCyUSSUg==
+xn--vhquv.		86400	IN	NSEC	xn--vuq861b. NS DS RRSIG NSEC
+xn--vhquv.		86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . wr19O9WioijoULYFyIo5zg9bhQ162eUUexw7lQDTTPaROUNgK98NN2RmdhfoIU+ks6bdht09ieYooJxSqi8fGJBh4ndervREZ1BQ2Y7tNwG/l66NlfVsb8cLnToLxifxk00SxraMCOvJq0hF/z6G/eufCkammgiWkL+MRMR7mm5wzD/dnGGrS5g9OfrsTC3Boxvf9zrLQsOJ17LyDjoBdcF4LBaB98FLiobAF48SM4g2NYWXDL+AGJnfCAF7tdnPHqTz1oPWOJRBd9qXF9g1ke/qS7CRhKRYaPhsOVmA6/lV625xNOfLG29JhOu2WiEBc4erGe6tw6VGVzHzMVQ4lA==
+v0n0.nic.xn--vhquv.	172800	IN	A	65.22.28.30
+v0n0.nic.xn--vhquv.	172800	IN	AAAA	2a01:8840:1e:0:0:0:0:30
+v0n1.nic.xn--vhquv.	172800	IN	A	65.22.29.30
+v0n1.nic.xn--vhquv.	172800	IN	AAAA	2a01:8840:1f:0:0:0:0:30
+v0n2.nic.xn--vhquv.	172800	IN	A	65.22.30.30
+v0n2.nic.xn--vhquv.	172800	IN	AAAA	2a01:8840:20:0:0:0:0:30
+v0n3.nic.xn--vhquv.	172800	IN	A	161.232.14.30
+v0n3.nic.xn--vhquv.	172800	IN	AAAA	2a01:8840:f8:0:0:0:0:30
+v2n0.nic.xn--vhquv.	172800	IN	A	65.22.31.30
+v2n0.nic.xn--vhquv.	172800	IN	AAAA	2a01:8840:21:0:0:0:0:30
+v2n1.nic.xn--vhquv.	172800	IN	A	161.232.15.30
+v2n1.nic.xn--vhquv.	172800	IN	AAAA	2a01:8840:f9:0:0:0:0:30
+xn--vuq861b.		172800	IN	NS	ns1.teleinfo.cn.
+xn--vuq861b.		172800	IN	NS	ns2.teleinfoo.com.
+xn--vuq861b.		172800	IN	NS	ns3.teleinfo.cn.
+xn--vuq861b.		172800	IN	NS	ns4.teleinfoo.com.
+xn--vuq861b.		86400	IN	DS	7210 8 2 EEE275C0966A2DCD2BC5B996B6C8FA003E991D877D456C2530D4681E1EEE0D55
+xn--vuq861b.		86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . o08TRX9qW2loAy4x1Fm1dORZQ9BoQ4CRStFqSwGCRJVpCohnJkZ+6AgUKcJBbtUuehZUlqxucZDP7q2zPtMAkzkQAJfOEHfT6DTVYl4Gzyilfv/JLwtV/66bVtRehMFMLhJWIv24Chz9nc/LLXbqpjFmHTqbG4I1cYaurEz7gW8yrNMRet85xTmb6mThARLzgUrfZU2R2vp19cNOeYzaCGrshv5M85ei2Idqamrzv244rWh0lqJrO/9xWfasurbVEwOuEmhVrlw5NeUY3IapHI3dgxEiywzxhXmmqHGbNs7W6amfW0yQxD0lLs6MWf/7CxgGBMYDTpHPaSo+bisa0w==
+xn--vuq861b.		86400	IN	NSEC	xn--w4r85el8fhu5dnra. NS DS RRSIG NSEC
+xn--vuq861b.		86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . rvEfhRJ2zcc48XHeY8UGTJbGRkbtNZ1N1oRUZvwuOmQ5ftFzSpwSG1pzxnoPtLuWMycVQge3/uYCBugpmOpz2hGq79bT79ivXzwbLOfct2nMEuBkMVMzUPaUsMyS9h7po8cFfCaDCmmGDJUm1N9omsTRagtVzDXfkXWXLhC9NcdmiEPh01dkzpEh72oaH4+jNYCtM+Sh69jzroKf4pDDrerzvdGBzYyFPXBknpvTEG3s06dfAfmrhiBlx/AaOP33nb7I4BTYNYsCQL8repPlYBJyEb7q3rBD5A6UlPOWpD6ZbDM7n0HMiubtHJHNWH5dO/cE/KpdeW4Vx1XqpaEGJg==
+xn--w4r85el8fhu5dnra.	172800	IN	NS	ac1.nstld.com.
+xn--w4r85el8fhu5dnra.	172800	IN	NS	ac2.nstld.com.
+xn--w4r85el8fhu5dnra.	172800	IN	NS	ac3.nstld.com.
+xn--w4r85el8fhu5dnra.	172800	IN	NS	ac4.nstld.com.
+xn--w4r85el8fhu5dnra.	86400	IN	DS	906 8 2 7A3AF4E169B87F77F5019E75A3BEE359415CD06E9787BFEEB00247517DD0EC0E
+xn--w4r85el8fhu5dnra.	86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . OUdgmAfShNWdfnRAR74ubwBORZZ++rahE7gomE4ZciagIJ9yesGhDM/kQ5haayOIuvydbQIVdUHF4UBdJr12AKPlDsd0WMnUuwbaS5ClL3/FPoqots9ayYZ7PjLdGapMVfdcS6GH00EiMs8dtgHue3FBfa455qW7uewiZOY1tYI2DuBqz7dmrYPeDvk/IAebAayLcMAUTrObKFZy1V+nFolcPabK2qmnsE1ZSJOE/NIqoTrCiv7goRDxXhr0sLOFhOsrL7ZqO1d04vpFp73nVUZqA49JirV4/USkyrmpP/eTqkq66YtIygYaKumeuwUsvufNufglhLjrgilLFElzOg==
+xn--w4r85el8fhu5dnra.	86400	IN	NSEC	xn--w4rs40l. NS DS RRSIG NSEC
+xn--w4r85el8fhu5dnra.	86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . d5R7J4kXgAeSGOpjSo+48utuMTj5DAfm2jeL/1uK67ItQhjhs6/QwikiW7qaPngq84ykeEXHcJt2Ip6F2WoB02zyb8/PkiZSdtk5uwg67nlppyMbipVE5Fs0dP53TcrzFVSYj+Hxcj54J+qbM+GMnYgzrMms2nSPghiZ/B16BCrzhBRmO8JEoGyWzuzAcipBoZonflolpIrj4yQ59ilGycCDyKK6yEj0FWCxFQWCKg4EZPL1TT6CjWU8Jb0MGZmNeAjzfevDC9HsbH6vMNZEpMY46/NjT8jhQRCdNt+3QGrcUWcbLXXiXISsEwV3TWetrQ5Wzx5KHZ9pWnam81teyg==
+xn--w4rs40l.		172800	IN	NS	ac1.nstld.com.
+xn--w4rs40l.		172800	IN	NS	ac2.nstld.com.
+xn--w4rs40l.		172800	IN	NS	ac3.nstld.com.
+xn--w4rs40l.		172800	IN	NS	ac4.nstld.com.
+xn--w4rs40l.		86400	IN	DS	37725 8 2 B8B0D86894F8635A37F163CF24737B3887B325594D58620764F04E99C1EC9287
+xn--w4rs40l.		86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . X1pcziPawIkxnT+bXvi2XDZKa6Bi44k8NXQ9+RiRO8ucihepGqV4xO8aoGQdCEf0ABnxFR97efoDjFebQKEtLRTmLldPmGLZ1qqM98YR+VC0RB75HL7dQSbGGwXSWYrE+WFt4I0Z1yxrJ4QCKDwRJIfaWw6zonm7qQZC8dFCC9eAOUjDf6jRgE+I5XpSddEC7BX6sMeSE7HeMS2uHxhR6R7Petw4Tahcw4gw2g5hg/whG6cHEtjZysTXzZfjODy3HsSiZ4Lo1jIZNV8tdwYjQI4A9e7dWZIoZAPQ6N/oSMRtEBP+7q6+ap3Cr29mFW9vD94DiqtgL6nRFLwstqIfng==
+xn--w4rs40l.		86400	IN	NSEC	xn--wgbh1c. NS DS RRSIG NSEC
+xn--w4rs40l.		86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . ETEy5DjyluwuMNIvUXKnaIOYHn6wEjxeTNI/v122P5w1XCvbMaoGxpuXmE8YdPILhxtQEDL9FQSk61UG2itOkheJzWD999wKZxn5D82R/KGcSdiJCVDg2kMmopQs7zHOdulRSyYPSHmKt+mmhxy8VXjB//5p9oedqY9PPHRvUj5iIhSYRtJj9fXLQ0AFHw55t0LgcmjYgtapU3I2WUXteFKHh/mPa/xrAPPRYaWkZx0ZQYWUwCktzfpGRCEx82XRw2Kg85rzESf/XpL/zk0t1uNNp/pJfINEIiyx5Y0TaUXqKsITEp6gBL6LtzDywwjpoGHdff5bhURv8CXO4K58KQ==
+xn--wgbh1c.		172800	IN	NS	ns1.dotmasr.eg.
+xn--wgbh1c.		172800	IN	NS	ns2.dotmasr.eg.
+xn--wgbh1c.		172800	IN	NS	ns3.dotmasr.eg.
+xn--wgbh1c.		172800	IN	NS	ns4.dotmasr.eg.
+xn--wgbh1c.		86400	IN	DS	65350 13 1 746DD718F1BDAE3B4F2578767C4B47A039501641
+xn--wgbh1c.		86400	IN	DS	65350 13 2 5ECE34228C4114FC455E07F4BB4B3DF8B501D874C4A4070ACBB378F41F17A0E5
+xn--wgbh1c.		86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . OrJna9iH4faOr6M8uRPdBG+iIhiYDe9fiUJ8TRF9faVn6HTqE+VREmq1SxPQO/WP1rZ8aWUCeOgaAz0DIyficHg7LKPXSlSYrLlZtIYLap05VPGj/oStwdZuoHoebk1rY2rv5pgGd32O7lnsBd2APjL5nWVmTQ6sCsA2cbE9F4HJAh5rMrQ9leduDt6O0RnXQK0Qcszv5/00QWBkUUovnOjeQRQLKoRUnqWr/DIA7ZAtxxU+CnK8XqrhXGCtVk1Cur0UDaSr8oJf3FYggpdyJMimhjIeYmx8NPDuhZ5b+5qpSC/mia7r0SLXwjttaQjCS5Npz5OAcY2p5PIhqU4vVw==
+xn--wgbh1c.		86400	IN	NSEC	xn--wgbl6a. NS DS RRSIG NSEC
+xn--wgbh1c.		86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . mDzKlKVo6Eoh2aGeHWILeucR+fFvl+fhRYWnanzbA1YOC/H1ZoQbcKZQFfDPIi17hyM1p+bc29t3KOz1B9u7T9+OO/zZFDXgujZp5BB0iqfieK0VpVEVlFVnJQpE0LBebQ2DAu9nShgRB15/d+bD7fG8r4avziI5RexIj7aaDQviezmJV6VuVsI8WJra5Kkk5XKc0y4TW9h1ZBif0cNxTYE6hDdjZxyiLLRa/v+UASRA6+ZzOCD2PJ29HHw3QjvO3KlJjCNAo6u392ibwAoYlgWqYzI9YPOhv9KPbNBI7+WkxlX+vhyVYG3QKMtAw7awTknCaAWh210ekAq2CGg5HA==
+xn--wgbl6a.		172800	IN	NS	a.registry.qa.
+xn--wgbl6a.		172800	IN	NS	b.registry.qa.
+xn--wgbl6a.		172800	IN	NS	c.registry.qa.
+xn--wgbl6a.		172800	IN	NS	d.registry.qa.
+xn--wgbl6a.		172800	IN	NS	e.registry.qa.
+xn--wgbl6a.		172800	IN	NS	f.registry.qa.
+xn--wgbl6a.		172800	IN	NS	g.registry.qa.
+xn--wgbl6a.		172800	IN	NS	h.registry.qa.
+xn--wgbl6a.		172800	IN	NS	i.registry.qa.
+xn--wgbl6a.		86400	IN	NSEC	xn--xhq521b. NS RRSIG NSEC
+xn--wgbl6a.		86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . XB2LIGilsb9aEPxn43B1MhYSk/lxhVK2Vr6ceptpnxF+KS3VaBBzWtchDWAHtXsvan5D/G+kusJHvmL/zAeDhW3vVsmQdgFF8sAag1qSSMSZQiRYHUWM80pPDSz82uZVrkniHhBsBwGGxYW6kGvkGX5quYXKyJBBeVq5sBFXp+wnR73jtIt2N2p32UmBZDDLctAc606+z7QcLjkoUYKMDFxSvdP9pvpigZfkHiMH1QGCcZmsg59r14qc7W1ldGIjQIb6xANtMJTfpezOU/AqKdYBujEwuGLGjQi5Gpre73VGDWk3QzAyxo1W8AmT6Ku0ZoMmEw3wgRo6a1WLLbaV4g==
+xn--xhq521b.		172800	IN	NS	ta.ngtld.cn.
+xn--xhq521b.		172800	IN	NS	tb.ngtld.cn.
+xn--xhq521b.		172800	IN	NS	tc.ngtld.cn.
+xn--xhq521b.		172800	IN	NS	td.ngtld.cn.
+xn--xhq521b.		172800	IN	NS	te.ngtld.cn.
+xn--xhq521b.		86400	IN	DS	2506 8 2 AAB3B1CBC1B41DA41348F9B7546B700CE2356D7627B9026FD616320F18B08FE8
+xn--xhq521b.		86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . KsLp5zJOAliLiIDY/I/tjA5O+e7vcw1bmIulOzoDmG0guKLyWbqoQA/mtrZUoREpVXyPNMiblU6oD1hpC23Im9zss1gueFHjAgAJ0ET9tJT5TJKsvgq9ea15o02sMIwjjRGiOXLJ0G0o2cIC9sOa4ZA/uJV46QPtv/1h1BGhq/6X8wZSxS0czu5dMgLmL+wdjTK9YLr2wGXjXMsSvkOHC8WDIU3BPuCG/MBGbENKEX7n7FHMk4hvW/Gd/m5hPDRKgEP90uFLmmgvkq61UqklMd98WYeOHBy7z6esxfMdiMUh/fnOIaXhPHCAUvHyAOQkUDrG79/Xs7quF43WTGFuUA==
+xn--xhq521b.		86400	IN	NSEC	xn--xkc2al3hye2a. NS DS RRSIG NSEC
+xn--xhq521b.		86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . s6zYIWWVq2FdDA/E5oAc+xCoauBWOCrqGSVBcWdtHb5Jlv2Fupqr0IgpQRwvwpZOHIm1UB6JFFX/lx80uIP6ZvdzlTLQ9eeZo+V/nkmYFIF8CQfeXngT/PbWQAVV2dDxW+tThEAVu6oVYwyuSZkeQnSiDqGIZ2VGPqRecoJPZcdBGrHMP9ykHA56ZEMWfxPxW+Eew5oICptCUMktwRMQDk6/fYmUdF0Gvtg2UH+YSYvwZNPQCjiUh+05+5qMhz+v6KeZQ5PGUq3B1nuAglY6w9Z500AVz4J0To46QHUJrNMWGEkuG6hWtfwQ3kph36E1T77vHKt9iLeVMKjF3b52vA==
+xn--xkc2al3hye2a.	172800	IN	NS	lk.communitydns.net.
+xn--xkc2al3hye2a.	172800	IN	NS	nic.lk-anycast.pch.net.
+xn--xkc2al3hye2a.	172800	IN	NS	ns1.ac.lk.
+xn--xkc2al3hye2a.	172800	IN	NS	ns3.ac.lk.
+xn--xkc2al3hye2a.	172800	IN	NS	ns-c.nic.lk.
+xn--xkc2al3hye2a.	172800	IN	NS	ns-d.nic.lk.
+xn--xkc2al3hye2a.	172800	IN	NS	ns-l.nic.lk.
+xn--xkc2al3hye2a.	172800	IN	NS	ns-t.nic.lk.
+xn--xkc2al3hye2a.	86400	IN	NSEC	xn--xkc2dl3a5ee0h. NS RRSIG NSEC
+xn--xkc2al3hye2a.	86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . 0rntgct56cX6zwJMY1kxDvIt85Kd5eqUg6I7lGBaGnibLitzfy58y/Afc2LPcCbRfOwI+tamkFWH8idwP14Pf8KCf/Xh40VT/rtmb1u/s17JjukGRJ3i1Ro+NWr14hUD0/yBAAjB5obnkLQhxH7gii/7iisAN9M4UgvxW3I2B/k7IFHiwsWXNellMHyaA8SyLXFX8HuTC4mjGX9F27MmY0az0Rc0T2o5PTd68/VJ98bK4tcV+mKxnE7dr0eDs2htRr6LXBEEpE2fC2/cjPLcOlW9KyrpxPo5Qj2LIHouRoLEKDjvNBrDwg7PVgyoYTQnXRZ0Ho4228b4sUDtu+C6Gg==
+xn--xkc2dl3a5ee0h.	172800	IN	NS	ns1.registry.in.
+xn--xkc2dl3a5ee0h.	172800	IN	NS	ns2.registry.in.
+xn--xkc2dl3a5ee0h.	172800	IN	NS	ns3.registry.in.
+xn--xkc2dl3a5ee0h.	172800	IN	NS	ns4.registry.in.
+xn--xkc2dl3a5ee0h.	172800	IN	NS	ns5.registry.in.
+xn--xkc2dl3a5ee0h.	172800	IN	NS	ns6.registry.in.
+xn--xkc2dl3a5ee0h.	86400	IN	DS	42949 8 2 5DAF7AE834260D89A675DE3088045669D58E6D9DCF2215EE95BD7C4C7A67BCF0
+xn--xkc2dl3a5ee0h.	86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . OSfAC1Q/fNGzBRdZnhO1bx7DiG9IKF6FFYgL3+uENsEZ4FK/pjSfeShrTLcvqzchuuYS/S+hKoDKBdl5oZfliZicnRmWQNqmSDaP+9tSlws3HrTa3CorFJE/ptWidbM8TMX7/q+LBNtfD/M7O22+QtipYY/07PwIfz46lpgeKvqtSoPgS9V761IQ2TvDaANs7Ecjj2cI2cvzfMrXYk8cpYQCKIVaPUrARPC5IwWUJjpMsnEWKtnSU3KOWSyloqK6V/Z5GDaTRq3FykEx44YQ54WGPQSVVb8a6TAJJXl1MHoy/ltv23rr76KG7IrOo63U5d4roDqB3TWV5KvA+/cZaw==
+xn--xkc2dl3a5ee0h.	86400	IN	NSEC	xn--y9a3aq. NS DS RRSIG NSEC
+xn--xkc2dl3a5ee0h.	86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . GexaIpGNNoyG0KWtaVmqHklao3i0rv2JgRy3UWmvN0bble0xthNmP6zuoxEvBfYQeHaTzSJublD+A+eeDcTqK5jbRgxADiUYZwTdYFZ9Ed/whPlrnJyO4vCzmhLfFsrlJSN7E2wO3frN8muVMFnWmQEZLhKdK96EY5R3ytGgrC91oKOQHrPTDx+WY+pqT04t3A2dMvIH1v29l8EFqnOKXLR6tp4DokeTbD1hzxPv4spOy58S2O8uPYYTPav7ryPhqw90/+gwQiwQQFMY0w/gCJPBMgAgeOLzswQDB68BQMdB/v3tffkehvEk+eGMiwQjxd0S8aqwfhey75k6PQGhCQ==
+xn--y9a3aq.		172800	IN	NS	fork.sth.dnsnode.net.
+xn--y9a3aq.		172800	IN	NS	ns-cdn.amnic.net.
+xn--y9a3aq.		172800	IN	NS	ns-pch.amnic.net.
+xn--y9a3aq.		172800	IN	NS	ns-pri.nic.am.
+xn--y9a3aq.		86400	IN	DS	62869 13 2 815A710EBACAF9227C48A8C96DD1199C7822BB3FC6ECE2620975B2A5FA16A0FB
+xn--y9a3aq.		86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . FSXyhXdk6hYsznrFr36falBZywk1BCkXXY+kzz8hGM3Wl6vyle7b9goo+bI9uv4i8WKc/Y8LKxD/MASQstDrMGUHuoceYQf+hIOpuw677vjGMAad5HWZ7UYFoT4fPx2i6NLsMf2qhouH6Xj+3N9gExC0OFbOcX1dOz2RNA10ME+vNq7JqYQ9oBMU5SyB6nIzDH6m9Mam7iZ5ggeCfKl0eysg98gl9ApymKSvjkokZNcMUqEaBSstO+um4x96/KiRjdUdCzv+VNdz+MuFEmjueErAiXFb5pCFm/JLRGYavkzOauWfoz0qUAC0zhUN8QqCPGB0mhlBK2L2qq0DyVlwpA==
+xn--y9a3aq.		86400	IN	NSEC	xn--yfro4i67o. NS DS RRSIG NSEC
+xn--y9a3aq.		86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . OFKLN9QY7ni/1q+yb/bTLtdpdm9lEOR/zgU1EAD0Y5MmJ5x0NCrfvzHBm0OGcWrHVCKiQbibBXpevz+EWtjHEIODHafAvouTnJk0LzD3mpykgOyOKsfZ8Tso0yA861QIsN7ytAO4fMUBq9ria1SdQjmdXYWSC4uhiZRreaMXw9FTDlMC0NcYShNjFvrnL19wQxtX/hgdUy9i0Nas+nB64bGAFea5yJEyPBkpCVWG2m0PZPIWZO7UrmWcnd8vyfJK9GsIrF3yojUnTG2CiNXs4Vt894h3yiSt4hwyqe7w58KqnilANaOPGzRsceyWJyVsFDKYG4UIitpnU0KSMgqHiA==
+xn--yfro4i67o.		172800	IN	NS	ns4.apnic.net.
+xn--yfro4i67o.		172800	IN	NS	pch.sgzones.sg.
+xn--yfro4i67o.		172800	IN	NS	dsany.sgnic.sg.
+xn--yfro4i67o.		172800	IN	NS	dsany2.sgnic.sg.
+xn--yfro4i67o.		172800	IN	NS	dsany3.sgnic.sg.
+xn--yfro4i67o.		86400	IN	DS	52561 8 2 8C1B2380F8EF57DAA14B40AB3F447A62838CA148D2D778E048AEE2D6FF374755
+xn--yfro4i67o.		86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . kqiFsf8l7ukI9qJvNOP4bv2YTL9TeJMuaCwSv6HznDmtzKRXiweIyERnZqjdo/ndu6CWxutKUYxzP5WhlvvDMOQtk81fQJvcTWPIgB8GlnO5N58hPEZanGW4DdzfT78GkAPXg+xizuUHKqWPDZ/ESZODTijbz0XhTcL5gw4rVoaKXQWcUbStbBMZm9MZVIoOtw/yObvcEdxCO9aeB8iOxPAmY/HYN9tYMHdzlWS1d8xC0GXmLHfRiMDHOmHbGSCALIUDJSW4jEiuDAzxk6Zr3nE/fOPoE/+4b0G5M61Ew0WaemQPjwToHIc8fGKMaizOgX/VNenRES6ggJvnR4Cn+g==
+xn--yfro4i67o.		86400	IN	NSEC	xn--ygbi2ammx. NS DS RRSIG NSEC
+xn--yfro4i67o.		86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . J1Dl8iLVRvfdarLQIL3ipqtrRArJoWhlWVKC/GwKw+xHbnh+nY6XQk9X34mkNeGr3TcOf2urzQ7G9iRZuTItofBO4VACBHoN+qevrK9pVAzei1h1kuxUujEg/6ows2iZSqI6C97hqobBHjVA3FX6SRTjfP4Mak4Gd0x5nR2yTmYKdVmfbQtaNXaTNm7EvQBEczHKC23hsORoAzaJjZwlIZtTP2XceGWYD4zPQaY/H/Hi5PB0O96NH/PLbDDU1JAXik3GJfVBoiE5ZNRj7r5miZBW+3MEJE0lErWcNDd7b8cQhZp52Tr2CTr09WeiT0UBKbDN2eRD4F2LAiuGBgu4mg==
+xn--ygbi2ammx.		172800	IN	NS	idn.pnina.ps.
+xn--ygbi2ammx.		172800	IN	NS	ns1.pnina.ps.
+xn--ygbi2ammx.		172800	IN	NS	dns1.gov.ps.
+xn--ygbi2ammx.		172800	IN	NS	dns3.gov.ps.
+xn--ygbi2ammx.		86400	IN	NSEC	xn--zfr164b. NS RRSIG NSEC
+xn--ygbi2ammx.		86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . aGcfcOHedHXD0D81+L4fU+SO+gt/1c/+YQfuhHWts9s4WNwbhzcvZ5tYxEHSADQgamSkb8q1IzrOS2dGljzRthF9tJTdEKkLnd7a+38Tez8xL6GaLD2QWWBi89G8ViH4MHbwUIItP2fTorqNKjuKZvEP9WIjNP6z2REOwkSPt9fXN6ukfGwtRzUZ3bcERJzGRB0pCDXN0aCmDgirYb50IEfn0+2Yo8TegRVeVEgRDaqw/ykKSLU98zcy85RhJlO1v4nZ33wEZEEgX+35WkO66FEcckBn78T0hjhcXyeIOpUyxpzVkWGYdzowHP2NBgeX9Am+2hLqOo8tm6IPOeo4Og==
+xn--zfr164b.		172800	IN	NS	ns1.conac.cn.
+xn--zfr164b.		172800	IN	NS	ns2.conac.cn.
+xn--zfr164b.		172800	IN	NS	ns3.conac.cn.
+xn--zfr164b.		172800	IN	NS	ns4.conac.cn.
+xn--zfr164b.		172800	IN	NS	ns5.conac.cn.
+xn--zfr164b.		86400	IN	DS	51421 8 2 9D673623E84D7E10B2AA5B376A3F617665F8B38EF442E8A7E86F0F18161C7801
+xn--zfr164b.		86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . R0z9F+aW6iKXiVq+r/1X16SbYkHjKlB6jz0VD+DmrH2V2pv4194oS5/wqTz0uxneUviuSpGOBji5h9uAXW7DOa+0RPzQ4V6+aoIzVXKhAgglqFf/smOKLrQx64UGXliplRSLF5NsggrShjDGWOuQfRi3sJY5MK9KMSXtZG5QU8B6tVkCM2RhZRjf1B2kDsjnf22QUqw0f1iVSF+PKajD3yImmkyFS7fAK3rG+MbtTzmtJtmkPDyWUmj6bXt/vkmPEbKUuaJs7NaOeOKv4w1ISuqCRD2TmW3UUFQHWob72QpiFUOB/Tc5GrbJhqxwoIFSPoMni7C0tEZxk7mT+yDUlg==
+xn--zfr164b.		86400	IN	NSEC	xxx. NS DS RRSIG NSEC
+xn--zfr164b.		86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . o7jf+4A/aDk9gEFO1JdiSZ77L2vo3qWk6NkIIRWeH4MDkUdjaCaTeHZfJf0Jb5Ys67QXtHU7HhyTW1wMabbI+6zcLkY0q5KwTPB7tcdT+2XXX1nhZaFyQy9FCniWGQ0BkQCkvQtOVzq//kp35pkioAAC6CpIbMRFdO7EEm1XiFyDgevh6tduEUQPM//TCKgr9CRS4qoomQg6POLV97gsj+DInWfANI5cyqLN0NOq93NM/HX9+EQZjNheDu0dhAzffER7tNjyyD2psn5kR/Gu5kz9VVcoqSlnbSh4KnlyMuOChVwT87rOz9KnJ3X43lU2p7jQDHc05cNZ2gPWAfU+fw==
+xxx.			172800	IN	NS	a.nic.xxx.
+xxx.			172800	IN	NS	b.nic.xxx.
+xxx.			172800	IN	NS	c.nic.xxx.
+xxx.			172800	IN	NS	x.nic.xxx.
+xxx.			172800	IN	NS	y.nic.xxx.
+xxx.			172800	IN	NS	z.nic.xxx.
+xxx.			86400	IN	DS	4654 8 2 0A2255017AB65CA9D9A3D1A1D74DA6F19E9C4DAD8B7B452E547D2420F9E74C39
+xxx.			86400	IN	DS	21709 8 2 39FE8AE19E8383391804637C5E219EA82B4AC7EC34368696E3C02B4756A59DA8
+xxx.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . l+V9FeD7vYF2pE848d7OAP8vR0kTnhyAT7wkzUW+d0bjE3DsbAkGD9Tt8wIGChRxReTqK73tuhfxdovnTskuHiv1UkAUrzRjxTvjmynd2gVB7gD/i4h0Y2eM3Fc/SwkFJk59vFdTri5/O3xKy52SGLZVg5opFHbUrmSTe3pMRgJco4oLYJeUcZoYbSiuF+e5/sYpH6E4asC+DKpyN5Nc2tCCLIzqudTlrOXR47G6STH/f0vx2C2F8eY89a9SZmplP2ttszRZ6gjOvLfLOIk9vqm+i5JVMQJGl9gfSOmuuufE3aHTjWRmHgiawxBXvoxWsmwR+171ZuOd6lSyILwuag==
+xxx.			86400	IN	NSEC	xyz. NS DS RRSIG NSEC
+xxx.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . luVv/g6toS5CiADHyuLdZoB63ae2AaKjrHwZg1E4rPCQSBmO8blG3bXTls6Osd67xxP5p7gYH04eFrFVgphD/53D/tfGy8T1vgUOz6EjN4+iIaSx9WP1/fOYy8DJcZEN7R7xnDChAosj5jhe6g+p1zFIyfRyz9RFfBC/RuUftUpIV8YZQaMKfUvxFOQW6WfMxSsEpu+IyLRkIqazFCx8ZBxid9O3JjLdYY12yPpFViXmnD02o+86VWqMoiWuFgOBYzRiPt9KrxvHkdsX3rclgqlZ9w45Wrky/szF5ZQZLxx8erHkjHkrUeiw6HLc5CadVXJx746LFjfz8Rf/JYirRg==
+a.nic.xxx.		172800	IN	A	37.209.192.10
+a.nic.xxx.		172800	IN	AAAA	2001:dcd:1:0:0:0:0:10
+b.nic.xxx.		172800	IN	A	37.209.194.10
+b.nic.xxx.		172800	IN	AAAA	2001:dcd:2:0:0:0:0:10
+c.nic.xxx.		172800	IN	A	37.209.196.10
+c.nic.xxx.		172800	IN	AAAA	2001:dcd:3:0:0:0:0:10
+x.nic.xxx.		172800	IN	A	156.154.172.82
+x.nic.xxx.		172800	IN	AAAA	2610:a1:1074:0:0:0:1:82
+y.nic.xxx.		172800	IN	A	156.154.173.82
+y.nic.xxx.		172800	IN	AAAA	2610:a1:1075:0:0:0:1:82
+z.nic.xxx.		172800	IN	A	156.154.174.82
+z.nic.xxx.		172800	IN	AAAA	2610:a1:1076:0:0:0:1:82
+xyz.			172800	IN	NS	x.nic.xyz.
+xyz.			172800	IN	NS	y.nic.xyz.
+xyz.			172800	IN	NS	z.nic.xyz.
+xyz.			172800	IN	NS	generationxyz.nic.xyz.
+xyz.			86400	IN	DS	3599 8 1 3FA3B264F45DB5F38BEDEAF1A88B76AA318C2C7F
+xyz.			86400	IN	DS	3599 8 2 B9733869BC84C86BB59D102BA5DA6B27B2088552332A39DCD54BC4E8D66B0499
+xyz.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . UEmcWk2IenvE2PwiywzKv7wClyKfjyFiZzb19m+ZinGymU8ep41Ogt0VKXO78U1KphVDVWxSMR/gJHxU38bOZXVm18gJzLnT5kShrV9SB+J01YCFteKSt/CM1tQjLzVUqzXbmvGQFer+9FZ9aDtI1dmZNaZSL/rc41WhFyJDGlBolPTIxXO68K5nwt7CLHNr3+iYMmUJtbAnOZGcztEkWgIjWnynta8983lmmI+Srs5OzbeJBdu8KQwhwQJrxZB5l35hYjvOGTYmPrYHpNrYeQoRjgiPeys0jsGrTHtIsUYS3YWr9Ty7BCbYKw52cLFlnNhrfd5JToppDyh+sso8og==
+xyz.			86400	IN	NSEC	yachts. NS DS RRSIG NSEC
+xyz.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . viIbj7frqH+jFa+EAHPDFTMDGBKUWEEaNmzJzkqARMD30sNySxBoVqa9kbQJCxwGTlb7rF2C0guSj7AJ2H5sSCjp+Vi74tXC0dJJZFdWGoWEidKZ4NbFZsQ966nErBF1JkWCY8JgTNmuC3XVN0Z95AbvOBLjGlTRd+srkVXrrENwnlL/iLJd1G9Q9yd4wWVKWdfwzO0AgjXVEyFl2rc7lINHbJjAjq49S+WTIjw/7Wok1UID4AYX/f3QP9+N0MGbRu2moDHE12hAlyOHcF00nzNCA280PArTOFf0GtwZNj4a4t51uHAb2kWSTKfkFeOIpN63e3lhxJzoSVrNvk+mXA==
+generationxyz.nic.xyz.	172800	IN	A	212.18.249.42
+generationxyz.nic.xyz.	172800	IN	AAAA	2a04:2b00:13ff:0:0:0:0:42
+x.nic.xyz.		172800	IN	A	194.169.218.42
+x.nic.xyz.		172800	IN	AAAA	2001:67c:13cc:0:0:0:1:42
+y.nic.xyz.		172800	IN	A	185.24.64.42
+y.nic.xyz.		172800	IN	AAAA	2a04:2b00:13cc:0:0:0:1:42
+z.nic.xyz.		172800	IN	A	212.18.248.42
+z.nic.xyz.		172800	IN	AAAA	2a04:2b00:13ee:0:0:0:0:42
+yachts.			172800	IN	NS	a.nic.yachts.
+yachts.			172800	IN	NS	b.nic.yachts.
+yachts.			172800	IN	NS	c.nic.yachts.
+yachts.			172800	IN	NS	d.nic.yachts.
+yachts.			86400	IN	DS	14477 8 2 0180ABC62CF090F5DF1EF074F1958C237261E14633F4AD949298514BDA155257
+yachts.			86400	IN	DS	50071 8 2 BF1B2D1657AD8BE12FBEDAD8AF0999D1E9185C100937AC023D01C9A6CCA78DAE
+yachts.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . Dnv99LUUWSICROgr17QZvAriXogkTVJV4whSdcULxy0Y9r4IrW2KTfyNaH9KC+veNCEXuEknaYkevWgCApoN6TkU5LBSODGqZvKf1IBEjoRjoGl8aMYz+WntQKu3gmj361/zZC/IKwmls3Cyl6ExuuAdKKd1GgZ//hcSXhRvl3rDYBqDgLO51BtAhW5h5DQZf9iX51oO0/S1U46mE5HctEuloGxV20yI064vZwUI489+wezf7LLyfiGI9y1J+D4pEFigboj6CqCRKhnkl0M3/rVRtEh0U0Mdv6+KORqrseWoNbpy5pIhhynqlL2hlCvYbdWVcHPv9nV3bsvj+2VT6w==
+yachts.			86400	IN	NSEC	yahoo. NS DS RRSIG NSEC
+yachts.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . x1ZNsLy39n4e73KWIYwBvUFRxELvNABxN5pRQmLNnJNbkWOYbe2xWIQXSocrrD+vaA0iDFbapvDO5jIwQm5/WToJfYhYr/5bwR6T3Kt2pjBTQ0C1hDXe33Be95Qiinke5Un3b/t68QZp2oOcvoRBv2yGxVT6X/nufweWWOABIL9tGNootYPQX1HLbv8zSvOinK2Agi7L088fmnexdYFZlT/a3vm3TPfmWKu2OTpIih0pFtm/ZLbB/Kpu6G9Od3ycl4Sply2fl7FkOSeRhiWp9vZqeafMF6Di75KcWEGZBryOd+3aZy4o4Usy6aQStaFTHpVcET+h56oowqlUXIWw2w==
+a.nic.yachts.		172800	IN	A	194.169.218.133
+a.nic.yachts.		172800	IN	AAAA	2001:67c:13cc:0:0:0:1:133
+b.nic.yachts.		172800	IN	A	185.24.64.133
+b.nic.yachts.		172800	IN	AAAA	2a04:2b00:13cc:0:0:0:1:133
+c.nic.yachts.		172800	IN	A	212.18.248.133
+c.nic.yachts.		172800	IN	AAAA	2a04:2b00:13ee:0:0:0:0:133
+d.nic.yachts.		172800	IN	A	212.18.249.133
+d.nic.yachts.		172800	IN	AAAA	2a04:2b00:13ff:0:0:0:0:133
+yahoo.			172800	IN	NS	ac1.nstld.com.
+yahoo.			172800	IN	NS	ac2.nstld.com.
+yahoo.			172800	IN	NS	ac3.nstld.com.
+yahoo.			172800	IN	NS	ac4.nstld.com.
+yahoo.			86400	IN	DS	52260 8 2 99DA5ED59CA94FC8C28C5C7A4A817E7FC0C52688B115DCF743FB914BE65BA447
+yahoo.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . zetsjTNTpUvrvXWtAgyvjZ7hi/C2wuXG6u33LsA6EP/5Px/luP+k1O7LOA/j4caG5zaye2liNIug8dKDaxZ6wCJsxh3pJF9OIujAJg7nWB/aLKZf3vzCDlkYD9syRNt8LbJzKiSHCztY2lpl/5VzYKlcG5dWzbDiprFwRNVQpk/Uk3h8ftd3nDdmM+bHoZ+PTQ2ye2FCUgH77t0EQWkF9UJSHTw9S8/agteBOwhWri9Ecnsb+JJsr1Cyk4kvPeWKyHt6ukt02KO2ueCEEh+kw+pyPDhJ/YxqiqbHwBrRNUsbSeitd2szh2ASon2TcuQLmNOXNYAkSaKG1QJwaSLrRA==
+yahoo.			86400	IN	NSEC	yamaxun. NS DS RRSIG NSEC
+yahoo.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . b2CGGVTZD5SPqnu2ny3X0Ws4WWT9IArCxssj1SACmonSLfPU67+hw8e+9HXLroUc2c0hRUsCcXsF+No3GKKpNxVqGabMEhfNRaAga3aNBvLJpG5DDof3MpB1uO0801vPgtIx4xlooDIgevIJABHjeHMqNuqfQHV1gofHAxlJemVJnF+eP+KDeqsDCwfj62km0Dl9ux4MBY9zWLRK8yJ9bgzSPcsR5K4TgReCPDzswTvdoMzKgsd6jscZnWIRxXnBgZig0ojP18T/3Nsbg/0pT+mEuaodj5WaDFth36GdWJuQVemjQlDt1A0ug607wu9pZHLbt9ToSAva+7/yDyJ3Vw==
+yamaxun.		172800	IN	NS	dns1.nic.yamaxun.
+yamaxun.		172800	IN	NS	dns2.nic.yamaxun.
+yamaxun.		172800	IN	NS	dns3.nic.yamaxun.
+yamaxun.		172800	IN	NS	dns4.nic.yamaxun.
+yamaxun.		172800	IN	NS	dnsa.nic.yamaxun.
+yamaxun.		172800	IN	NS	dnsb.nic.yamaxun.
+yamaxun.		172800	IN	NS	dnsc.nic.yamaxun.
+yamaxun.		172800	IN	NS	dnsd.nic.yamaxun.
+yamaxun.		86400	IN	DS	24775 8 2 FD24CFE326A910CBB3F11CDDC381ABC7E296BD29E75DAC6DE13B4B5DBB130EA7
+yamaxun.		86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . 0BKDWmSvFlcoDuRAhBnpVSKByOCze6x6xNObj2bf24yzsG4iBExxX3fPGnrNlM7cAjIxyxdRlJK8JaxfawOKfCjf+nGVF1mNWJW4ctNNc89W2pLgg+NAfQee+hcTYrJR7KWbCiyQE5guBIU7sA5tTWQKxtLBZz86adh78IHUs19wMEIEZmjKvzzDJrRTlD7UA3O+Dt4LTXOoOQHjTNom746QQaoK223cw+0MBHxi6z0BdZNebEd9TcJWjaUi+D1aI4G+xrSe8yMUgZcGjnoPw4qNGu/ZzcKat6eMicpv8t6GgT2jFCR3t6k256RMypB7PFz5rnS33qlEs3MjPQvqoQ==
+yamaxun.		86400	IN	NSEC	yandex. NS DS RRSIG NSEC
+yamaxun.		86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . FOPz21oRY2x+vxXSbpZzJ0zAT2wSlHhpXaF9fxeSiLE0vZnRQXkBhpHc6bBllgzT+qFfBzcinViqStJsHorOgtEomE6IwxSfXrIwliFLdI2a/kbppYqfWKNEz2bItLCy2JNh19tN9NNHZKDx0Fz4Pop32tfMO32ICc+jVS5CHVV2bzxinWng/R5BSLjjfYHR0/oWt+aWNZp97j5DCsgXtifa657HXw7feXEh0MJAfzjI6tAWexBcVgp8okFHE4J/pVklm0LCcmXjgkL88Yrx8pYiiOM+6fTTBsVBHddL4S5Wqz7MzZ1fQaqiPKCp5W8/A8v/xr8U5r6gtUs+fDfuzw==
+dns1.nic.yamaxun.	172800	IN	A	213.248.218.88
+dns1.nic.yamaxun.	172800	IN	AAAA	2a01:618:402:0:0:0:0:88
+dns2.nic.yamaxun.	172800	IN	A	103.49.82.88
+dns2.nic.yamaxun.	172800	IN	AAAA	2401:fd80:402:0:0:0:0:88
+dns3.nic.yamaxun.	172800	IN	A	213.248.222.88
+dns3.nic.yamaxun.	172800	IN	AAAA	2a01:618:406:0:0:0:0:88
+dns4.nic.yamaxun.	172800	IN	A	43.230.50.88
+dns4.nic.yamaxun.	172800	IN	AAAA	2401:fd80:406:0:0:0:0:88
+dnsa.nic.yamaxun.	172800	IN	A	156.154.100.3
+dnsa.nic.yamaxun.	172800	IN	AAAA	2001:502:ad09:0:0:0:0:3
+dnsb.nic.yamaxun.	172800	IN	A	156.154.101.3
+dnsb.nic.yamaxun.	172800	IN	AAAA	2001:502:2eda:0:0:0:0:3
+dnsc.nic.yamaxun.	172800	IN	A	156.154.102.3
+dnsc.nic.yamaxun.	172800	IN	AAAA	2610:a1:1009:0:0:0:0:3
+dnsd.nic.yamaxun.	172800	IN	A	156.154.103.3
+dnsd.nic.yamaxun.	172800	IN	AAAA	2610:a1:1010:0:0:0:0:3
+yandex.			172800	IN	NS	ns1.uniregistry.net.
+yandex.			172800	IN	NS	ns2.uniregistry.info.
+yandex.			172800	IN	NS	ns3.uniregistry.net.
+yandex.			172800	IN	NS	ns4.uniregistry.info.
+yandex.			86400	IN	DS	50324 13 2 3F25B6EAF2B08861672673779CB294CE5154337B250DA78FB9ED949A997C38DF
+yandex.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . nYt00rhe/vH2atE2ucEM++w8mRLqJmmBLQCjgdpGbLZOudM1nPkIAQAAVF6pw+igvqFLGmHedOlV/J0x1cEEHF71YZUM/QDvzBE0Y24KrhvBxewTY1eaH20kMWXWAN8brWeR0RaAatrQDxY2Amj0YYz/hDYtdUJLHunmXpRf/nEAfrxEtVvfgf4q8dsYPAgSiigUawxVC67p/51+pNd/bvTSV6Lg7pHj/hP6Pzk8Qzn68aL0M5m6CI9W5LtlOOF76IvwArbALRlUBMvzfmqGX8g1tQdvovaR5/zXG8dGEhgZ7BAfN/2dSckrhIl6Vps0ikzX/9TGvTcPy1yJNaWqPg==
+yandex.			86400	IN	NSEC	ye. NS DS RRSIG NSEC
+yandex.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . Oqw/XOydOfzjQaCqGHj2GUqR3FBkeKAMmmIhz4dqVCOBYw22l+6wfi8vqnf6xPGBlJyS7ft8ycfxBopTKG5AZ3TXor70MK8gICZq+ZRJwzREaNdzhFzeSxLvpz40qq1u9jva1L8HZrtGCj1N/f2lmLx6CClQvCL3oXUz07mrCQs0f/VxSqMTVJeoj9/LpH4MB+GzFO8Edx0ApdXrH3V6McM+m1D/+QJTy2CNKBS0/u7g+G+BiYvslP/TlQvETSv6EdKShjHjDpDJLLQNVrc/rAY/AFanKBhbB21jN7nF7UQGUouSTp0HgKYjwx9twGlBOHYm6HTZ81VkH78cw7OuUA==
+ye.			172800	IN	NS	ns1.yemen.net.ye.
+ye.			172800	IN	NS	ns2.yemen.net.ye.
+ye.			172800	IN	NS	sah1.ye.
+ye.			172800	IN	NS	sah2.ye.
+ye.			172800	IN	NS	tld1.ye.
+ye.			172800	IN	NS	tld2.ye.
+ye.			86400	IN	NSEC	yodobashi. NS RRSIG NSEC
+ye.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . V/q3AlmWuBhXgItZG8Auuh8LdB4Qa5LazgQ7/BOYSYd1vnAXWzaQa2d0R14pev6qcCP1FZDLe6ZzWLn+3vmBgqup1L8FR3oH/JxNNpNtTF265DCIx2yfIdi8fIXWHe5AmBLO+uZ6Lj3LPAk9Eq0XNxeSdYag0sBQevevnbOldWosRuuDHXyoS3xADyz2fmnr5RLyxNO2mn5IAFuBBg+pTVR5BfHnIu2rylQl1ngT91xFhD2GRh1b5g6C6d4a3PT8vz1977FIqCFvtmJBghxuZNcpCZZS7BFn2s+MsSNOrWo9RGfEF/k4UD7LRec4bwlz0c3ejmeaDqV4hkSWzF+KYw==
+ns1.yemen.net.ye.	172800	IN	A	65.162.184.33
+ns1.yemen.net.ye.	172800	IN	AAAA	2a02:2718:4:0:0:0:0:33
+ns2.yemen.net.ye.	172800	IN	A	65.162.184.34
+ns2.yemen.net.ye.	172800	IN	AAAA	2a02:2718:4:0:0:0:0:34
+sah1.ye.		172800	IN	A	195.94.0.34
+sah1.ye.		172800	IN	AAAA	2a02:e280:8:d000:0:0:0:34
+sah2.ye.		172800	IN	A	195.94.0.35
+sah2.ye.		172800	IN	AAAA	2a02:e280:8:d000:0:0:0:35
+tld1.ye.		172800	IN	A	195.94.10.22
+tld1.ye.		172800	IN	AAAA	2a02:e280:8:1000:0:0:0:1
+tld2.ye.		172800	IN	A	195.94.13.22
+tld2.ye.		172800	IN	AAAA	2a02:e280:8:2000:0:0:0:1
+yodobashi.		172800	IN	NS	a.gmoregistry.net.
+yodobashi.		172800	IN	NS	b.gmoregistry.net.
+yodobashi.		172800	IN	NS	k.gmoregistry.net.
+yodobashi.		172800	IN	NS	l.gmoregistry.net.
+yodobashi.		86400	IN	DS	40387 8 2 F2A6E4458136145067FCA10141180BAC9FD4CA768908707D98E5E2412039A1E3
+yodobashi.		86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . S1oWUqZDbzzHEDmq7gIbDYa3wCWFjp2vTzxJWv69SBMLE+OoTwVdCRkJe6cTBMUOUAigpEKFwXSoOjesd0AFoyQhMGynME4ZR67Ln7mjtD7GK7XHe9/M7FpgqthZsxxEtk9gqdCyzyw14160SbreEAsrp7MEBMuLKe4TZ/mM5Ihrz3LAjG5hpydn558MOP6KMRTzRzbMWfA+CaPziq4KVsiT9vMkjxjJ6I2Igw5+4buVuRGpeqkIE/l2eAq4kSLnxByYqux3NfvVG/Zs1QehSsRGFW1zIsiIkEU3F4RdSZqqJ8xuw8n05xnpwsQyYmPaYikeD7XswHEVDgy4us2ndA==
+yodobashi.		86400	IN	NSEC	yoga. NS DS RRSIG NSEC
+yodobashi.		86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . ePm+htoNdGA5TcA4mSb1v/9XQEWMAgsZeqYPt5F0vA4o+aQk1G0vkdGYY/ylEiwQAocR7LvBcQxnkJja5n02bpoQyDNCwvIUyYYy901tkiNDDeyMMXpJuJr9TAC+oZ2CVTwFf/o58DPVjid0ci+UsZa/4nAWpnEHrmS3aOS3VyAf2t5hvZQXJ0Xio4WRp0AYN+4A1cuUov9/YXW+PmPXgJaNF/2LOO5pwMajDhdPrctV9qMX+/zDZsMdMwgwQF45UhicSf24IBVukxWaRMcJd3F46QHdaCU9Z/3Rmfum7qPz7VCMcb4NRGPNCX7EYfPrBOZMj8mcw9FRRrRiFb5+AA==
+yoga.			172800	IN	NS	a.nic.yoga.
+yoga.			172800	IN	NS	b.nic.yoga.
+yoga.			172800	IN	NS	c.nic.yoga.
+yoga.			172800	IN	NS	x.nic.yoga.
+yoga.			172800	IN	NS	y.nic.yoga.
+yoga.			172800	IN	NS	z.nic.yoga.
+yoga.			86400	IN	DS	19357 8 2 FB9B29F651414B178B56B756E96A6A8660D67616ECACC53B6124BEBE13B0D3AE
+yoga.			86400	IN	DS	49771 8 2 1CD19FF5B29EB880307E17A1168AFCDD493DA3B36A34242FFC91EB1E8E3882EC
+yoga.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . abJZLzulJwodDuLlaG9eosZWFMaCGZ7vrCYI+AzPtA3+sQyGDS7MFnfV1X3X54PxZKIUGVaNf2PnjBkDbwSvxOkgKZn29nnw4rgJWXLvIeeIoUR7OcmaJpeljNV6/LkBSS5Ulh3eFzyuau13YTGaDO2/f2s6hLF6xZ1ZhK9fJ2Bt7JcV6KrFB1WblrJKqeXZu+ldMiDhwNt7CneZbcGw6CEtv25wIF4eEjkqYxVqi8FLGKgYMRXuTKlAadHl8Pd2Xia838Yojdh50yPNg0cGizGiCjgE1vlvqqGJ1S2/h7BtiEgANiHQECv28JeWQS55cBeV8IYFnQ5r4AbQvfbQrw==
+yoga.			86400	IN	NSEC	yokohama. NS DS RRSIG NSEC
+yoga.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . SYwop0Y1eC2MV/fdta1B1bjX+TsAFuLpPm18m3AQbxfrV2/oRF5z1Kttn9oaA4hMAbOswgS0ZArVLVIuFUst9OYkMbfVLyka11c+wAnBesG9gYmIxPTbCdEHLtDjz7YPstNBWXXZplXFFYi7gCgWQ5M2RibTyegB+ZLPP0gn6EYd/gsrDGpi02UW4qR0nR8B8ZEGt8104j0hf8nvKjjRedpuOMzxd9U8kc498CF5RFJIkW/TpiXhZfGN0hr4QR/UjrDNqxbs2yAacqyg4dt+nz86gK2R6p/A2DvAlb25xhsHJkGurnw0YYfsP3WE2TiXR8LcfqqlIH6G7C1rpkXIxQ==
+a.nic.yoga.		172800	IN	A	37.209.192.10
+a.nic.yoga.		172800	IN	AAAA	2001:dcd:1:0:0:0:0:10
+b.nic.yoga.		172800	IN	A	37.209.194.10
+b.nic.yoga.		172800	IN	AAAA	2001:dcd:2:0:0:0:0:10
+c.nic.yoga.		172800	IN	A	37.209.196.10
+c.nic.yoga.		172800	IN	AAAA	2001:dcd:3:0:0:0:0:10
+x.nic.yoga.		172800	IN	A	156.154.172.82
+x.nic.yoga.		172800	IN	AAAA	2610:a1:1074:0:0:0:1:82
+y.nic.yoga.		172800	IN	A	156.154.173.82
+y.nic.yoga.		172800	IN	AAAA	2610:a1:1075:0:0:0:1:82
+z.nic.yoga.		172800	IN	A	156.154.174.82
+z.nic.yoga.		172800	IN	AAAA	2610:a1:1076:0:0:0:1:82
+yokohama.		172800	IN	NS	a.gmoregistry.net.
+yokohama.		172800	IN	NS	b.gmoregistry.net.
+yokohama.		172800	IN	NS	k.gmoregistry.net.
+yokohama.		172800	IN	NS	l.gmoregistry.net.
+yokohama.		86400	IN	DS	40754 8 2 E03E2AF9C07C1ACDE150DC51E5A2D8803F70626FB5B6DEECDABC5F8FDD0BDBAA
+yokohama.		86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . sl4xqZc1yD3SuMp1WLC3FOTbljYjSdJPeaMBbGDJZBKm43Tagp3RTwl0c0QzAdLy0A2lT0M0kuWdAokDzXuCStzF76SEdl92BORlfkAtgDPYoGLFFcqn4GLlEmCvZLXRuVxTetKiZDcyzcNq7bRX5/BZfmRqOiStqMo2Yz1GPQV53fU++hpe2Je0cM7JcqMGDdz8ms+BUGWcZN6J4Z5M3qdd04gLjeX0IepgsjmVrUm2/5eoX5/ofKprXFbxOi2rO22ySEUYtvY0mzt9kIH6qx3mGK2kibkUcB0Pe3SucfdYa7nvhDyLJhLLAsN2sVtmcX9Y7iw2VEsz8LZ5yi2LCA==
+yokohama.		86400	IN	NSEC	you. NS DS RRSIG NSEC
+yokohama.		86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . G7H/BeJofh6KJAVhWmJGqW6FC6CFMX8Sbona0mhU31Cf11tjDSFItn3NKcGs7pvx6OioKzbQOMJU2tFUTDo8Zyw5E3apwPALyyq11ZjZaZE+SRuVxWV449mnRgXafFNlTzesHl1yUukxHgBHH0hmEs/5yvpURGExx62EptboVBUmt0abD2J5F3fFxXYLxOv2Bl7kauy1F306H09j0tBnO0K+vvl4Kd7CVo4yqqy0RjROgkk1BB12BcgEde3tnb87LZE9glLlBKXlo3CLwmfH4Xi08da45BwDTHZb4VeTR2ILweqctsOv8lIv0NrdQaEbTsyyloVGBFTEhGe5TArBig==
+you.			172800	IN	NS	dns1.nic.you.
+you.			172800	IN	NS	dns2.nic.you.
+you.			172800	IN	NS	dns3.nic.you.
+you.			172800	IN	NS	dns4.nic.you.
+you.			172800	IN	NS	dnsa.nic.you.
+you.			172800	IN	NS	dnsb.nic.you.
+you.			172800	IN	NS	dnsc.nic.you.
+you.			172800	IN	NS	dnsd.nic.you.
+you.			86400	IN	DS	41656 8 2 4D7022047E13AE416D1E12AC44C5EB5AB58C4BF1E4E86DD47C9DD62106A0E348
+you.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . nSKaKVlApmBXK5C+zlPGDFHfgwwkFrDO4d18X8aIJa3Wyk6qeAMCzSWNgAvDwwmceWUXENNNLbVdPBtKCfkUxWO7XyulGHeclGw1ofhFewGwh9oWmc+mNi5RkvZDk9aQ3bq+R/ey+htrnouPX/eolPA43aUbBCYocX0WGxhcIjK2GGkqVVdWoho+C9sqHZ1Cd+V8lcdqRM/HmQsVKNdNlm77QepIl+ULCYcn4pRGJyBBzx0ULSXAWz7GH2xAf1bi3Tc4jeLcsNZKpilWcy1Fu+dUcgbZh1ccFY4L8XjSImYTDTyRGdfuhKOv0BbfMe0JMdQ90T3r2G5qtTfZm+/KaQ==
+you.			86400	IN	NSEC	youtube. NS DS RRSIG NSEC
+you.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . jiNhkVPbq+ZKQClvi/tHqTwPEC7pFgpSCXnWtPq7GxXGg7ob5MjtqGzXransjVlI6ZBfuEkAz7G7nL/twcDKUWOm1ilEbqrD/hZEBi5Zfpfe4okchcuJwkbgcG0yEfwrykITxPdFEZEN/nc4sFZ2zChDVJA17TfEjRrmCWoQNObEjP8stl1t7jBrUyj1yu3ywKEA4EU7Qgh17W5xSR1EHWwyIiOTVjNUaxpWCxgDNzZ2jlCyUSHq00afRSSTmLJ9wVWwpxSYSZzXU1QZkpeAcYoWLjpwBle+v7oFmdyD4vCL1g5x9EE1xkLetqsZD2BIPSgrDqadh51672QjP8n55w==
+dns1.nic.you.		172800	IN	A	213.248.218.89
+dns1.nic.you.		172800	IN	AAAA	2a01:618:402:0:0:0:0:89
+dns2.nic.you.		172800	IN	A	103.49.82.89
+dns2.nic.you.		172800	IN	AAAA	2401:fd80:402:0:0:0:0:89
+dns3.nic.you.		172800	IN	A	213.248.222.89
+dns3.nic.you.		172800	IN	AAAA	2a01:618:406:0:0:0:0:89
+dns4.nic.you.		172800	IN	A	43.230.50.89
+dns4.nic.you.		172800	IN	AAAA	2401:fd80:406:0:0:0:0:89
+dnsa.nic.you.		172800	IN	A	156.154.100.3
+dnsa.nic.you.		172800	IN	AAAA	2001:502:ad09:0:0:0:0:3
+dnsb.nic.you.		172800	IN	A	156.154.101.3
+dnsb.nic.you.		172800	IN	AAAA	2001:502:2eda:0:0:0:0:3
+dnsc.nic.you.		172800	IN	A	156.154.102.3
+dnsc.nic.you.		172800	IN	AAAA	2610:a1:1009:0:0:0:0:3
+dnsd.nic.you.		172800	IN	A	156.154.103.3
+dnsd.nic.you.		172800	IN	AAAA	2610:a1:1010:0:0:0:0:3
+youtube.		172800	IN	NS	ns-tld1.charlestonroadregistry.com.
+youtube.		172800	IN	NS	ns-tld2.charlestonroadregistry.com.
+youtube.		172800	IN	NS	ns-tld3.charlestonroadregistry.com.
+youtube.		172800	IN	NS	ns-tld4.charlestonroadregistry.com.
+youtube.		172800	IN	NS	ns-tld5.charlestonroadregistry.com.
+youtube.		86400	IN	DS	63811 8 2 704005247382F846EAC39D9654488F071934FDF3E96C05BE3266009593F60617
+youtube.		86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . lY+Vsvl29uShPxlDopJp9JvW0rn6kGUo+yYq9zqjmuhO9S//RAfEe1EddiweAjNWsRLTganQFfhWWETOmYOW76gThUzOjPc993dWg+Y62/G5thy6TNejevb7F6MnPlKuqaLpp5gptJxBEgaKN0Ead6MU/aEXcpL3EXMvCCoVTKsFn5iOt5XZMD07zdXNMVP6t7qg847pHd4aVAwmvY1f3gyu5uJKRi033YqB7U6IN9bcIdcOs2gvqAct/Mo7olHLqb7LQvPa7Sy2u0rt9wHw5w35C8PRWsInb4CA0x8RHWnEcDZxT2Z0+isOF9bQfidcBvCLm4JjESuA8f1yONlhyA==
+youtube.		86400	IN	NSEC	yt. NS DS RRSIG NSEC
+youtube.		86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . tsugYHEvNp7eWE/reFj8S6/BoTUoDyGIDuf+kXuQ+ObCef0kCbTWqAtDPDFpwfsLHHxSpPtfq7V2w05HCGbqzmUDiCeTg+ffmwHE9F+EnkyuLFxuA069eJgCMVsi2bBcAV7N481q3PgOAUHqDO57AUPiDLc2Zp1k/KBx73PBnHsMK60mjkNXIdVoBU1mL0QWEmLZ/6hzJ0jd6RkFPuh2JVNBztZ8lPzDUqiUjcrhZ99aJY8oa9UarLu2EH13Fff7O7veczLacfPSCsA8geD0ilP18SEBIWLS7lyBoh9e0CjePSmTxrJt50f7SmVyYkGqYPZplKpfOzvfsaEUY/FMwg==
+yt.			172800	IN	NS	d.nic.fr.
+yt.			172800	IN	NS	e.ext.nic.fr.
+yt.			172800	IN	NS	f.ext.nic.fr.
+yt.			172800	IN	NS	g.ext.nic.fr.
+yt.			86400	IN	DS	58156 13 2 712DD1BBC29E719CAF3B34E9A0BEE2D443DF1ED9D2D6E09B97BAA828D5FF3DC7
+yt.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . deBNTPSei92mREkQYs5P/v4wy4ikF3jHGJs9ICycpFbRtHuPYtcY2sMS2bqkznjfqOZHCz7WQ2TwJqWw3R/UuSoq8jc0KVLmKEX8Me8VA7Oq/0SH/hHFns8NRfS7llbHsJspocCs2WDEFVXzPNYvV7QPMnKzXoCgoQKaDxoNyRvMXYjD7pK/9BMcgD1NBB0k64KXAf6da0Bj+eHAyG172PXD4IxSTTWxEpM9O3ax/638BG5KZKxskcBtQFYL0iVpAMJfGFVh1l/clxh9Zj0jPQy4I/kCb17WHpsA6icXZaDjZlYS+nZ5JRgtjYwxw/lZNLJjuHW9hhVaysQ6dvRX+Q==
+yt.			86400	IN	NSEC	yun. NS DS RRSIG NSEC
+yt.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . wFFuG+5aa6j1wMKPmLl5u0X2Wro6toLnnvKqfuuCYmkhxHiIVWvFMldENDqU/LsLV2mMUYSCoMuGZCy6ULTTwbhF6FcFgTRwennWpVyVuCn5mUQwL8PNagofYF7zIGyBBHcMytbpxTeaplPo/rvq/P00P9wvbrbfUZlaBQ5M2qZO9WmeLuN8G/LlIvtamhYneYIi3ZfjPcXEo6+7ZPyV35cwdWGctTOp3qXDHkHBG5egOXEJBEKxuMnSKIZNh9HQNxkeON8w65r+/n1g0I1Jra82WohQ/UDgVEBWCRaFYPHP4Pdez7H2C9mjcAN22ruX3nsmkY02j9cwmJ8T4GZsLw==
+yun.			172800	IN	NS	ns1.teleinfo.cn.
+yun.			172800	IN	NS	ns2.teleinfoo.com.
+yun.			172800	IN	NS	ns3.teleinfo.cn.
+yun.			172800	IN	NS	ns4.teleinfoo.com.
+yun.			86400	IN	DS	27565 8 2 D8B3C3D5EE497216F3920A87706F270101F63803903DE581669754AC772BAA85
+yun.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . dzuxeaIY//X8j98BWjRQ11763neQz6SNQxBg0L7x4ctiS2X9lGhgUuOitRjf7IdSG8IzVStsAGMmxl/p+JYrvmOsK5MgcWv+l6GX6RiRcw+Pf7u7YsSMHz22Db8cxcLrBkVGgku5EvhNv3bufsF+2sRTR/YSF855sPocHzFBoFbDb6QHm8rc2PYpJ2btYKpF5eWmMBc5LZqoC1/141tVHUDYJUsitNeR4J4bl+UJOrYx3swm7StCAi51xFf4RNhiD/qoDMmHHlcaod2M9qIT57YR83HcqCpHz5WcGOTaACT4nTleM7vDGA7mmd5zKkcvzj7AmdbUE6wA+9RJmlmQKA==
+yun.			86400	IN	NSEC	za. NS DS RRSIG NSEC
+yun.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . uMCosOUaE3rtgwjJ77C4ayOuxW7xbpyoA881/jNVwy0cOUUDU4pSfN/g/jeU9KrsbIszUgWmRknxaL1UZcGCACRkF9peg0T1OqHzHxAaAk5LDH71BU/6DPcD20qIj3UEDxeq9Zq+s1F5sx/qoVQdNJx82ZJAPPtfrHAgPZVxTeJSDeiaHxSABZahpmbKz6Y1wMsJRfBy8gff1WieT5g2PSyymA9qxnycd2rdvK0ar2fZ+uTpCaG+OjZlknuvhzsFc4CVQEmp8VUTcZ+/S1x48n8RE06RvZ4sC2sapTpMwxNsMq70c7KqnIlAxqFFmRNLR2OAe9d7Dm0nZ2HYArWrjg==
+za.			172800	IN	NS	za1.dnsnode.net.
+za.			172800	IN	NS	nsza.is.co.za.
+za.			172800	IN	NS	za-ns.anycast.pch.net.
+za.			86400	IN	DS	45749 8 2 3E2B0B7E6063CA11400FA4B54D8A530888234CD0EB3B5FBF820C0750784DA84E
+za.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . y5O22JNIVey+rW58RsMEJp9Ht4skMo83AFakuIVw1y0lVvzimVk9+CZBja9vaBHNTj6EYuGAg4LFNMqGuy4Eco94sFp9zC+9w/DjA/xSC7+UG9FCQUTk1qLcwSMHtKFvqjO4ApyGwiIVVd3a9lziBTxlrZwArvS5BL27IqS0zxHY5JPkrfDHwXByN8d0HauJlt5sQkKoanMjpa5Z5ShMVyBBIuEDD+Z3jLqS3M18sdqbDAJpAwmBa10T3mp5LWMqY0eyt02LADoBJtVA0WnnkQfcz+FXN6PWcZFagvC3s16dyoSEBLFc2cxIJrYUev2WIVf3dJbmkb7QZ60a4irgOg==
+za.			86400	IN	NSEC	zappos. NS DS RRSIG NSEC
+za.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . 0sIy9m+0z/Xt9lkma2mSCriTFe/XgWyRMU4q53CPgOyVealmYn0oKB1qthPWgxA7clgPT9XWK6C6Q63OtAjEKZoeF4wwqr+QpTo8+qzYE0gdEMgwSDIbhSovbj146jAWSozvUqcpW+azkugn3/zvm1fFhUcImfRZdW79VN1rw0u/s290qz9a3f8/jq+oAvDf/XXNcM7AHmmjZEhpnk/ZxQ8yrKIMHX5JdII4vSsLzDUmwgNrdCZ8jU5+KYusVaXvuLG2FntjzCUmUldmhW2bkF4Sz8CcNzR8qUsH9i2BOuPNwu/6q0lZL/GzNQSm/EJv7+uXexvazNqR2+3fVDmnvg==
+nsza.is.co.za.		172800	IN	A	196.4.160.27
+zappos.			172800	IN	NS	dns1.nic.zappos.
+zappos.			172800	IN	NS	dns2.nic.zappos.
+zappos.			172800	IN	NS	dns3.nic.zappos.
+zappos.			172800	IN	NS	dns4.nic.zappos.
+zappos.			172800	IN	NS	dnsa.nic.zappos.
+zappos.			172800	IN	NS	dnsb.nic.zappos.
+zappos.			172800	IN	NS	dnsc.nic.zappos.
+zappos.			172800	IN	NS	dnsd.nic.zappos.
+zappos.			86400	IN	DS	36265 8 2 A8426C392C1C10535D73C70C91860AB821CE7CCFBEC9567ED6C015C0C3541CA7
+zappos.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . vfQxx8gGvDlnWCwJeciUWIwlUsPjdbGcdbr3loFF2t1yXJ6kdlS5yDPohv6p5RPEUNL046XVHdTHVaqLQ85/tSWGQ+7BSoym2lyLgDAjSAX4AiS7ap2mzY5airiS6ZS9iWI4F2qFqLr1lyRGbrDRW2+gqY8f6J8gwoEiv09XFrTcHLRcuIIE252catQhxgmfx+uZ5WxpJU/ReQFH6EOHk8fSQWnnety/xnvO6aPhAWeNKepOL6bN9abAIW5MEI1zPbWdqESRLgB84VfAIg1uUawFHmGphcnPOUa18+bJNO5XnTWyN3yRdnmcP+Urnt58XfTOf/peroGGOjpMmYrcTg==
+zappos.			86400	IN	NSEC	zara. NS DS RRSIG NSEC
+zappos.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . QxTEOfPq3IO9tYlGZxYRZIXHFeQ3UPYgm1wW7Hiqw0i5hux665o8mnsE1bWOccV+IJoutqpCa7m1zmib8MrtlhKBKL3J8MEVrsfeALJH6HqsISzM1VEct46ccp0Y5Bu0q+ki+agOJRHg3usChQiYAGSaVYv6moRuYAXB5Ob7W6sPYef/i6w/9fU79wYlJyHCiHEmuQvpdKJDOtk7NWf4Hs3FHUlCeb1nVoBIM5jueNc/xmQUBjqgGrrDZMyZjHLDSuxta6FWc26iyzuHMxqddlNl/vjS+sh3OdQLoFAgzp2IJxp8inc8WLBwNNtI9QIZWb5tnQU6vSs5YBnU8mv7kA==
+dns1.nic.zappos.	172800	IN	A	213.248.218.52
+dns1.nic.zappos.	172800	IN	AAAA	2a01:618:402:0:0:0:0:52
+dns2.nic.zappos.	172800	IN	A	103.49.82.52
+dns2.nic.zappos.	172800	IN	AAAA	2401:fd80:402:0:0:0:0:52
+dns3.nic.zappos.	172800	IN	A	213.248.222.52
+dns3.nic.zappos.	172800	IN	AAAA	2a01:618:406:0:0:0:0:52
+dns4.nic.zappos.	172800	IN	A	43.230.50.52
+dns4.nic.zappos.	172800	IN	AAAA	2401:fd80:406:0:0:0:0:52
+dnsa.nic.zappos.	172800	IN	A	156.154.100.3
+dnsa.nic.zappos.	172800	IN	AAAA	2001:502:ad09:0:0:0:0:3
+dnsb.nic.zappos.	172800	IN	A	156.154.101.3
+dnsb.nic.zappos.	172800	IN	AAAA	2001:502:2eda:0:0:0:0:3
+dnsc.nic.zappos.	172800	IN	A	156.154.102.3
+dnsc.nic.zappos.	172800	IN	AAAA	2610:a1:1009:0:0:0:0:3
+dnsd.nic.zappos.	172800	IN	A	156.154.103.3
+dnsd.nic.zappos.	172800	IN	AAAA	2610:a1:1010:0:0:0:0:3
+zara.			172800	IN	NS	a0.nic.zara.
+zara.			172800	IN	NS	a2.nic.zara.
+zara.			172800	IN	NS	b0.nic.zara.
+zara.			172800	IN	NS	c0.nic.zara.
+zara.			86400	IN	DS	40147 8 2 2E4669652E0C3B84007E43707F8354C94AFD6F929A5152524BEDBAA6F009DAFA
+zara.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . otGKrg21ly8uNODd656gDdfTZvH77/XU3iQGBf6ZUX9umu6wNvNhjCZOhFX3EqVfIEAmZnQuRrtoqIRVnwzQpcGcmHKJzj0hTNsGwAMB+9MN/WnXUYWBfmKDGvSB2XZTG/J6Z/oyugEmaKlJDSrS9qNkqSYofEIx7/5SZ0euHhrvK5wk9owjtyooAK7Kt1Sr7c5ISqx9RPRbJOBizF1aHQBJH22WTG6SMHhwIQG8DWgAc3FyTMaP1IiWHmMdslBtNxoVei8G1RyxJdMCeUIfZnpGbbknzbxAuhHT1PnPegu9RXJE7be77M20DSyYPeJx8LSnHb/5jAp98fGwLco7Ew==
+zara.			86400	IN	NSEC	zero. NS DS RRSIG NSEC
+zara.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . a5fl8RfDXcV0/jpIBmYUCO0Y41Z3kVteZEIDi1UHnNpzkMbI+63o3oMezy2ZXQG/apLu8xRDLzAJhUAweIXQMmR/qtsv55Kh7bhAUhfLrFy6Zu+TmQpVSSdXi5aSyIvfCS2xmyE+TI0Xxz6pNAwlmrAkhf/KBpwHsiGAfwY/mF3HyXQO9H25IHPc+YBjp73OhyYEchaBfYZllZdtnQB49xRGBmllKjlZ0T78DL/J6FQq1+iyCFliMY0mOliNvQo1dEph5SOzZf1N0Tr0aXppcGgoj6jK0vtogFivpHxxomB+v45Ljydrwtxp8jdZgSz4a65ihmj32etDmQoxsRSOxQ==
+a0.nic.zara.		172800	IN	A	65.22.232.33
+a0.nic.zara.		172800	IN	AAAA	2a01:8840:e2:0:0:0:0:33
+a2.nic.zara.		172800	IN	A	65.22.235.33
+a2.nic.zara.		172800	IN	AAAA	2a01:8840:e5:0:0:0:0:33
+b0.nic.zara.		172800	IN	A	65.22.233.33
+b0.nic.zara.		172800	IN	AAAA	2a01:8840:e3:0:0:0:0:33
+c0.nic.zara.		172800	IN	A	65.22.234.33
+c0.nic.zara.		172800	IN	AAAA	2a01:8840:e4:0:0:0:0:33
+zero.			172800	IN	NS	a.nic.zero.
+zero.			172800	IN	NS	b.nic.zero.
+zero.			172800	IN	NS	c.nic.zero.
+zero.			172800	IN	NS	ns1.dns.nic.zero.
+zero.			172800	IN	NS	ns2.dns.nic.zero.
+zero.			172800	IN	NS	ns3.dns.nic.zero.
+zero.			86400	IN	DS	22717 8 2 C5360714B56C1EDBF51E44CD8D93E2C1AFA38D22EEC53750087915274E4BBADC
+zero.			86400	IN	DS	47974 8 2 331D019E413914C99D9AE0E89862063A248694E12C4D40764EAA91B109C3E4E8
+zero.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . W00ESdrQMO0P3BaIPNx/X6I4lBdXlr5xVlMQKNUSlO8jSzWoG0wksi/Q423oCGcXFe/pPUab08VAFLeQl5fzevzMd4NTG2puSmHlUc7KGAMYWHSSdc7PbrtvB/wukG+rP+aSusuw/MPeU4RUi4GdBVyPDez9wcHOzI71LXzoquV5qVbCcjjx7JoOrNsOjQPokWl/IuPv2Fpk1YH6lttGAMZ7l1zw3A6z78gOXs4MGebl3vwfX/Z1ACLFeOPebciyVYxxX/cY7BjhXzP5edlIHhVd/K907HtUNWwUdlaHxyavSk05UxUwQvdWQqpU4cJ9Li+VyqPykAVroSKz/NYKoA==
+zero.			86400	IN	NSEC	zip. NS DS RRSIG NSEC
+zero.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . CLUb1kStOHF8Mu2zusyKQXIP/JJxkWkVjKtBlLpM0GnYejRSwFN01yy6tJJxV3CNcMKvZ3FtGR0WDQMLgGO7QJ5bvCKDiceBLJuDWWgtuaqFkypd+wwkeUTxEVeR6Usziqe1kr75VhyyX/Eujw/1uFMWHea5ZDUzwqYB+6HCXohAkdjZQLG8E+wH3X+ULG3nCJDE0F8J2Po4QEQxM89D0m4VCwL3JstWYoV60Eb9XIv39BLe4FaeA6kGhjbQp4gi7hgJU17I9lZPJCC/KcS3SUAU1kFDTVfURHX+fzuWASZPI1NIKTXy74axkwuMo2V1aWT/GOTZNh9+lm/VKLj5fA==
+a.nic.zero.		172800	IN	A	37.209.192.10
+a.nic.zero.		172800	IN	AAAA	2001:dcd:1:0:0:0:0:10
+b.nic.zero.		172800	IN	A	37.209.194.10
+b.nic.zero.		172800	IN	AAAA	2001:dcd:2:0:0:0:0:10
+c.nic.zero.		172800	IN	A	37.209.196.10
+c.nic.zero.		172800	IN	AAAA	2001:dcd:3:0:0:0:0:10
+ns1.dns.nic.zero.	172800	IN	A	156.154.144.188
+ns1.dns.nic.zero.	172800	IN	AAAA	2610:a1:1071:0:0:0:0:bc
+ns2.dns.nic.zero.	172800	IN	A	156.154.145.188
+ns2.dns.nic.zero.	172800	IN	AAAA	2610:a1:1072:0:0:0:0:bc
+ns3.dns.nic.zero.	172800	IN	A	156.154.159.188
+ns3.dns.nic.zero.	172800	IN	AAAA	2610:a1:1073:0:0:0:0:bc
+zip.			172800	IN	NS	ns-tld1.charlestonroadregistry.com.
+zip.			172800	IN	NS	ns-tld2.charlestonroadregistry.com.
+zip.			172800	IN	NS	ns-tld3.charlestonroadregistry.com.
+zip.			172800	IN	NS	ns-tld4.charlestonroadregistry.com.
+zip.			172800	IN	NS	ns-tld5.charlestonroadregistry.com.
+zip.			86400	IN	DS	37525 8 2 32EB9249D844B8593CF81FA5E2CEC76CFCC536C249E116EA9B49269AC8F239CE
+zip.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . mtiMOB4U6zANVxXvRWhtjdyUq/y6liBGSP1AwcYARpxqG/ZZ2f8q9mMht1AtsnCTmzCd/FOiwLlvQI+q/qYpNrb0cjj/L5QXGIbKl8ytHqzuRhbQ1UeFUbyToUiMrMYlnCq8lJoDWdpqlIfKBej2bnWMaY9cXw9yIvFPrXIE7KD5EjKqfTiHcE1Ri7aFuWNb+zxxHIEcRS+qnA8zfeTBV1DfF5c+O/m/svdPnj7vohfQTzHFxeD3RIXMr6bWfKugXCXm2ULdrmDr6ywMxQtnup2uwTynumUvJy+KeyMtSOiuOBu/EzGETePzWH+9CQEUwPYPIrCvZYvzWQrLh8Bz3w==
+zip.			86400	IN	NSEC	zm. NS DS RRSIG NSEC
+zip.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . XIwm+OboReegdF0WoMcQRS0RIwI9DlUv6/7a+IBwVdU56uyyaguxHf4KfZ5DQn5lJqwy6yyXGGrsHJNj0eloXcKAtQZagwZ2DZEc9M72rLMBwujwZdRALydDgRtvz7RtN/PgibzXQChZ4tz56RsBwPbVIjAzA/1/LF+/BDC1A7/H/3lTgSE62agAVT2lRHhbwYDRUO6RoEx8j8TDH0/dM2H3YSUBSz/ZtZDr9X92fdZjjmaGEdBmELD3Sj88Gql44G9RCzx0QJa92wswSVjLkBrmdR2L+jgrmv/5HEEhpIF9drInaDVdyptVfdCdu9VrbsoSzqlzS1II0zy4fpecSw==
+zm.			172800	IN	NS	pch.nic.zm.
+zm.			172800	IN	NS	ns-zm.afrinic.net.
+zm.			172800	IN	NS	gransy.nic.zm.
+zm.			86400	IN	DS	35075 8 2 EB06F34B2B9F1729366BDA17411CD4CC2193644368905DFB0CFB1868BD590581
+zm.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . F6bPgpALgZ96JgM9gyEWQvFuPobzarKO7P+CXWn086qZTz8OpeghSbLqUnuv+52r0W71WsjTGlVjwLwBenVgOsqqdp2QwalapDfF3hln+1uec8E5AOJJ8FBZkPip6K6ZBvrz4hmiPM9NxqtxxnoUvwsaUZXHfiNRI6uOsbNNiKygtYzoarfSTguuvqXb6Uqqc7u5ar2L/nxDHl+gMsF0vGn+zfg3Livqzo6bqIHPakkuBafVfxcMiQOgWHqIV0r39PRfCWuAJF/i/ghQhx601bbCRY7wcD/WSuDeV9eaCQroP9MYYsn2bqF7zupUZdy8C9F1R5e4XQmUbbHD8YVdpA==
+zm.			86400	IN	NSEC	zone. NS DS RRSIG NSEC
+zm.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . tTuPNEgSu70aS/jKsMBi++uSTLWBMH9IHfSqUejtvUs032Gjgy2v+w7eEAeXr/5pweF/d7xRDgrJNuSHmr/FCF+xSjnbc6f1Hy9XMn4INXQAdLhvDLmejdFE7+/p/xUTDdtyCrGGCEyE2scWa4QSz7MK3GFltPTodQx4xiDcMHxQFEfSq0ZSCjN/5ZFmLITw13uImlmibFsy2aAt9jZTtPdHXiEZg7+JM8wyd7baQJKHRdMhNWc75jvgY5phrRsJycih30KL9/pI9p6uoesNsaHfN4PI+v9xzSwRRTtDYuVH+nDyv2wWaafz78TnnbpLoYcNmawV7JUEYa0F4BT0ow==
+gransy.nic.zm.		172800	IN	A	185.28.194.194
+gransy.nic.zm.		172800	IN	A	185.38.108.108
+pch.nic.zm.		172800	IN	A	204.61.216.73
+pch.nic.zm.		172800	IN	AAAA	2001:500:14:6073:ad:0:0:1
+zone.			172800	IN	NS	v0n0.nic.zone.
+zone.			172800	IN	NS	v0n1.nic.zone.
+zone.			172800	IN	NS	v0n2.nic.zone.
+zone.			172800	IN	NS	v0n3.nic.zone.
+zone.			172800	IN	NS	v2n0.nic.zone.
+zone.			172800	IN	NS	v2n1.nic.zone.
+zone.			86400	IN	DS	12136 8 2 44853E072AA0C590351B822B9A23FF95631412A3583228163A995598EF764BAF
+zone.			86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . J8IU8bEJu0lyNoE9DhQ1ZFrnyfUUMDzjO/LCl/XTL0MSqAsX8H9DJiu1NFk/LjpyfubIZeKk5XKBDTTtE5wbKAjawJzIYUwGTqW81jHHHBC1NXiQQKaybPmp66a54ib+GNM3xKkB5E+DKe3wD5MPKQ0A8TE4nQtv7kxz/VERRHmkI68D5NDFLxhgVDYNzZDlrUeDgJGJeGycyRbc1DwAc8MjhgzAQDRhOEizalSqTcjhIEQ3IGMs9fI/W0e3bChAlmZFxZZ6sP2u/XtGFkJRuS1gqr9t5sz3xx6ydXdeRmZTqxqyoi/k163x+MkVuexmA2cI8oc3b56lWhDm56EOOA==
+zone.			86400	IN	NSEC	zuerich. NS DS RRSIG NSEC
+zone.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . jFjXlTGxa21q5BQY2fag59gbhAvVAbk6yPBrH+ouN6N5Gn5urKroO7xKExUfseEYanCAQhS0XIG7F3I+L3ZyYbjfnlUvQvywlgqtUT9NBmhRNPGV6lUzJvHEAOcnQlb06MrxeEjKo4F30EIxb7X+0NausAb5S6JD5DaB8Qc/fVU1eJTYGleBa7ZGHeTah3Asozvm8zWOSEemA2i4TwhXTlr+s88TTJpyrYe8ZDYaa3bRAWxRH+/o7J0ukvUCzPeJONE39LQ/uIGxgQ+kYzE0Jx5BEmikjFhY6b8wrwQxvjcaJJ6FFdGjdHVUuIUfap6dhTXl+araNRppGnkF1o9w0g==
+v0n0.nic.zone.		172800	IN	A	65.22.28.5
+v0n0.nic.zone.		172800	IN	AAAA	2a01:8840:1e:0:0:0:0:5
+v0n1.nic.zone.		172800	IN	A	65.22.29.5
+v0n1.nic.zone.		172800	IN	AAAA	2a01:8840:1f:0:0:0:0:5
+v0n2.nic.zone.		172800	IN	A	65.22.30.5
+v0n2.nic.zone.		172800	IN	AAAA	2a01:8840:20:0:0:0:0:5
+v0n3.nic.zone.		172800	IN	A	161.232.14.5
+v0n3.nic.zone.		172800	IN	AAAA	2a01:8840:f8:0:0:0:0:5
+v2n0.nic.zone.		172800	IN	A	65.22.31.5
+v2n0.nic.zone.		172800	IN	AAAA	2a01:8840:21:0:0:0:0:5
+v2n1.nic.zone.		172800	IN	A	161.232.15.5
+v2n1.nic.zone.		172800	IN	AAAA	2a01:8840:f9:0:0:0:0:5
+zuerich.		172800	IN	NS	a.nic.zuerich.
+zuerich.		172800	IN	NS	b.nic.zuerich.
+zuerich.		172800	IN	NS	c.nic.zuerich.
+zuerich.		172800	IN	NS	d.nic.zuerich.
+zuerich.		86400	IN	DS	7399 8 2 69407FE45988E2C569855C70330A24520DB734481082C668317E8BBB764551D3
+zuerich.		86400	IN	DS	48857 8 2 C64FDE4469567966AA2300C152DF46BD230916A54F5BF936083EF79EB894C157
+zuerich.		86400	IN	RRSIG	DS 8 1 86400 20231118050000 20231105040000 46780 . QAyIyc48Vn0ptlEZEUEg59bs3Ee4fOEfy1t/k7ikQk3acxgckrvP3RiIQvjTeZlBeHuZJWTCb/z2FznrXdAINMc78ovJXrXoux20222q8rSCrWFdV6+ZldSJHqXVMiiyFJdA3Cfog8D73b/tkIctFPwIkYJdYds+x3MxMA6+HF6JcDeyDasHsMTvEadZhfWJ/9+fbbIUrSr5ot02tZDUhueYz6Qy97LxQ4+jLcMk15w72yUnx5qFDFqagcjAaYmEmd2/o9hZpbegG8LlUWHkQMZOlRcngAFYY9juDweNAEyC4xrSd7TwMcUaygTMmqphQXbw6r727FmVkEcHH0vzXA==
+zuerich.		86400	IN	NSEC	zw. NS DS RRSIG NSEC
+zuerich.		86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . H4Rk/9iBNquq6C6zZ99wtFO5YgqmSBkheMfeUqft+MvGIjtVAz6onWjxB+uGlMji+zg6BWjg+URS53eJxqXtlkcc1+cck3MOQJt/WmbQbDltSG55I5XmdOrrMnsgrVmp+v4IC8wHwfRM2T0/pn4su9p10+SImgZZCMNDpKLymFhmHVsU8RpwGqUoEJlQH3u0h3vL68o4UfqOCKxTtMBT7XNEAJh/UUYed231WsNoVMjpcgzeWC/TeEd5z0UsqFVS8Ju/n35jQQGzQZWRXg2OMDdTY0Ue6D6jrnGu399AbBzJ6Obra9QWvsloSbPr3NxPZNtd9iRgtpLCnNL7noI2vQ==
+a.nic.zuerich.		172800	IN	A	194.169.218.107
+a.nic.zuerich.		172800	IN	AAAA	2001:67c:13cc:0:0:0:1:107
+b.nic.zuerich.		172800	IN	A	185.24.64.107
+b.nic.zuerich.		172800	IN	AAAA	2a04:2b00:13cc:0:0:0:1:107
+c.nic.zuerich.		172800	IN	A	212.18.248.107
+c.nic.zuerich.		172800	IN	AAAA	2a04:2b00:13ee:0:0:0:0:107
+d.nic.zuerich.		172800	IN	A	212.18.249.107
+d.nic.zuerich.		172800	IN	AAAA	2a04:2b00:13ff:0:0:0:0:107
+zw.			172800	IN	NS	ns1.liquidtelecom.net.
+zw.			172800	IN	NS	ns2.liquidtelecom.net.
+zw.			172800	IN	NS	zw-ns.anycast.pch.net.
+zw.			172800	IN	NS	ns1zim.telone.co.zw.
+zw.			172800	IN	NS	ns2zim.telone.co.zw.
+zw.			86400	IN	NSEC	. NS RRSIG NSEC
+zw.			86400	IN	RRSIG	NSEC 8 1 86400 20231118050000 20231105040000 46780 . kq88TDEJ2UK48cVh6/SHW7a1m87O+xuCFbz7D9i4wM4oN48v0dJT30fqc45AvClK2pk/6BfbObPyh0kng06tnVbClguxVorO5lcJmZ/2ND9nFrxAIyv0A8ufKHbxXRiI70BsuE0p7bI5aPWR79pYwn/8WiNAMElboWYk8smn1HmdyA+8qVm/Av3mwviBLCX3EKJ4lsZAqqcf3CPjOgRIpQWk9v4onrUNTzOx0LTKgR7lSgxpHfRKgAtfp8lAOB753of1SWrBl6oYb/LPhCVLZ01uK153c+zMIJqE3wTtUO+GJbHM3IaLxgLXeR8nKXBffkq3bkQCM213owVOf7FuRA==
+ns1zim.telone.co.zw.	172800	IN	A	41.220.30.81
+ns1zim.telone.co.zw.	172800	IN	AAAA	2c0f:f758:0:a:0:0:0:81
+ns2zim.telone.co.zw.	172800	IN	A	41.220.30.82
+ns2zim.telone.co.zw.	172800	IN	AAAA	2c0f:f758:0:a:0:0:0:82
diff --git a/src/test/resources/simplelogger.properties b/src/test/resources/simplelogger.properties
index beb56b2e1..3894e75f1 100644
--- a/src/test/resources/simplelogger.properties
+++ b/src/test/resources/simplelogger.properties
@@ -1 +1,5 @@
 org.slf4j.simpleLogger.defaultLogLevel=debug
+org.slf4j.simpleLogger.dateTimeFormat=yyyy-MM-dd HH:mm:ss:SSS Z
+org.slf4j.simpleLogger.showDateTime=true
+org.slf4j.simpleLogger.log.org.xbill.DNS.Name=info
+org.slf4j.simpleLogger.log.org.xbill.DNS.Compression=info
diff --git a/src/test/resources/trust_anchors b/src/test/resources/trust_anchors
new file mode 100644
index 000000000..858627739
--- /dev/null
+++ b/src/test/resources/trust_anchors
@@ -0,0 +1,4 @@
+. IN DS 19036 8 1 B256BD09DC8DD59F0E0F0D8541B8328DD986DF6E
+. IN DS 19036 8 2 49AAC11D7B6F6446702E54A1607371607A1A41855200FD2CE1CDDE32F24E8FB5
+. IN DS 20326 8 2 E06D44B80B8F1D39A95C0B0D7C65D08458E880409BBC683457104237C7F8EC8D
+. IN DS 38696 8 2 683D2D0ACB8C9B712A1948B27F741219298D0A450D612C483AF444A4C0FB2B16
diff --git a/src/test/resources/trust_anchors_dnskey_invalid b/src/test/resources/trust_anchors_dnskey_invalid
new file mode 100644
index 000000000..4508bc175
--- /dev/null
+++ b/src/test/resources/trust_anchors_dnskey_invalid
@@ -0,0 +1,2 @@
+.           148029  IN  DNSKEY  257 3 8 BwEAAagAIKlVZrpC6Ia7gEzahOR+9W29euxhJhVVLOyQbSEW0O8gcCjFFVQUTf6v58fLjwBd0YI0EzrAcQqBGCzh/RStIoO8g0NfnfL2MTJRkxoXbfDaUeVPQuYEhg37NZWAJQ9VnMVDxP/VHL496M/QZxkjf5/Efucp2gaDX6RS6CXpoY68LsvPVjR0ZSwzz1apAzvN9dlzEheX7ICJBBtuA6G3LQpzW5hOA2hzCTMjJPJ8LbqF6dsV6DoBQzgul0sGIcGOYl7OyQdXfZ57relSQageu+ipAdTTJ25AsRTAoub8ONGcLmqrAmRLKBP1dfwhYB4N7knNnulqQxA+Uk1ihz0=
+.           148029  IN  DNSKEY  256 3 8 BwEAAc5byZvwmHUlCQt7WSeAr3OZ2ao4x0Yj/3UcbtFzQ0T67N7CpYmNqFmfvXxksS1/E+mtT0axFVDjiJjtklUsyqIm9ZlWGZKU3GZqI9Sfp1BjQkhi+yLa4m4y4z2N28rxWXsWHCY740PREnmUtgXRdthwABYaB2WPum3yRGxNCP1/
diff --git a/src/test/resources/trust_anchors_empty b/src/test/resources/trust_anchors_empty
new file mode 100644
index 000000000..8b1378917
--- /dev/null
+++ b/src/test/resources/trust_anchors_empty
@@ -0,0 +1 @@
+
diff --git a/src/test/resources/trust_anchors_invalid b/src/test/resources/trust_anchors_invalid
new file mode 100644
index 000000000..b87b6dcb5
--- /dev/null
+++ b/src/test/resources/trust_anchors_invalid
@@ -0,0 +1,2 @@
+. IN DS 19036 8 1 B256BD09DC8DD59F0E0F0D8541B8328DD986DF6F
+. IN DS 19036 8 2 49AAC11D7B6F6446702E54A1607371607A1A41855200FD2CE1CDDE32F24E8FB6
diff --git a/src/test/resources/trust_anchors_test b/src/test/resources/trust_anchors_test
new file mode 100644
index 000000000..1aa71b07e
--- /dev/null
+++ b/src/test/resources/trust_anchors_test
@@ -0,0 +1,13 @@
+. IN DS 19036 8 1 B256BD09DC8DD59F0E0F0D8541B8328DD986DF6E
+. IN DS 19036 8 2 49AAC11D7B6F6446702E54A1607371607A1A41855200FD2CE1CDDE32F24E8FB5
+. CH DS 19036 8 1 B256BD09DC8DD59F0E0F0D8541B8328DD986DF6E
+bla. IN DS 19036 8 1 B256BD09DC8DD59F0E0F0D8541B8328DD986DF6E
+bla. IN DNSKEY 256 3 5 ( AQPSKmynfzW4kyBv015MUG2DeIQ3
+                                          Cbl+BBZH4b/0PY1kxkmvHjcZc8no
+                                          kfzj31GajIQKY+5CptLr3buXA10h
+                                          WqTkF7H6RfoRqXQeogmMHfpftf6z
+                                          Mv1LyBUgia7za6ZEzOJBOztyvhjL
+                                          742iU/TpPSEDhm2SNKLijfUppn1U
+                                          aNvv4w==  )
+x. IN A 127.0.0.1
+x. IN MX 10 asdf.bla.
diff --git a/src/test/resources/tsig-axfr/request.bin b/src/test/resources/tsig-axfr/request.bin
new file mode 100644
index 000000000..9e110f7eb
Binary files /dev/null and b/src/test/resources/tsig-axfr/request.bin differ
diff --git a/src/test/resources/tsig-axfr/response-messages.txt b/src/test/resources/tsig-axfr/response-messages.txt
new file mode 100644
index 000000000..492d3d2a4
--- /dev/null
+++ b/src/test/resources/tsig-axfr/response-messages.txt
@@ -0,0 +1 @@
+dig @dnssec1.stage.arin.net -p 53 AXFR dnssecishard.com. -y 'hmac-sha256:dnssecishardtest:q4Gsu0nYoyub20//PATXhABobmrVUQyqq5TFzYHfC7o='
diff --git a/src/test/resources/tsig-axfr/response.bin b/src/test/resources/tsig-axfr/response.bin
new file mode 100644
index 000000000..f861f8b18
Binary files /dev/null and b/src/test/resources/tsig-axfr/response.bin differ
diff --git a/src/test/resources/unbound/val_adbit.rpl b/src/test/resources/unbound/val_adbit.rpl
new file mode 100644
index 000000000..f23760ccb
--- /dev/null
+++ b/src/test/resources/unbound/val_adbit.rpl
@@ -0,0 +1,174 @@
+; config options
+; The island of trust is at example.com
+server:
+	trust-anchor: "example.com.    3600    IN      DS      2854 3 1 46e4ffc6e9a4793b488954bd3f0cc6af0dfb201b"
+	val-override-date: "20070916134226"
+	target-fetch-policy: "0 0 0 0 0"
+	qname-minimisation: "no"
+	fake-sha1: yes
+	trust-anchor-signaling: no
+	minimal-responses: no
+
+stub-zone:
+	name: "."
+	stub-addr: 193.0.14.129 	# K.ROOT-SERVERS.NET.
+CONFIG_END
+
+SCENARIO_BEGIN Test validator AD bit signaling
+
+; K.ROOT-SERVERS.NET.
+RANGE_BEGIN 0 100
+	ADDRESS 193.0.14.129 
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+. IN NS
+SECTION ANSWER
+. IN NS	K.ROOT-SERVERS.NET.
+SECTION ADDITIONAL
+K.ROOT-SERVERS.NET.	IN	A	193.0.14.129
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+www.example.com. IN A
+SECTION AUTHORITY
+com.	IN NS	a.gtld-servers.net.
+SECTION ADDITIONAL
+a.gtld-servers.net.	IN 	A	192.5.6.30
+ENTRY_END
+RANGE_END
+
+; a.gtld-servers.net.
+RANGE_BEGIN 0 100
+	ADDRESS 192.5.6.30
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+com. IN NS
+SECTION ANSWER
+com.	IN NS	a.gtld-servers.net.
+SECTION ADDITIONAL
+a.gtld-servers.net.	IN 	A	192.5.6.30
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+www.example.com. IN A
+SECTION AUTHORITY
+example.com.	IN NS	ns.example.com.
+SECTION ADDITIONAL
+ns.example.com.		IN 	A	1.2.3.4
+ENTRY_END
+RANGE_END
+
+; ns.example.com.
+RANGE_BEGIN 0 100
+	ADDRESS 1.2.3.4
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+example.com. IN NS
+SECTION ANSWER
+example.com.	IN NS	ns.example.com.
+example.com.    3600    IN      RRSIG   NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854}
+SECTION ADDITIONAL
+ns.example.com.		IN 	A	1.2.3.4
+ns.example.com. 3600    IN      RRSIG   A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854}
+ENTRY_END
+
+; response to DNSKEY priming query
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+example.com. IN DNSKEY
+SECTION ANSWER
+example.com.    3600    IN      DNSKEY  256 3 3 ALXLUsWqUrY3JYER3T4TBJII s70j+sDS/UT2QRp61SE7S3E EXopNXoFE73JLRmvpi/UrOO/Vz4Se 6wXv/CYCKjGw06U4WRgR YXcpEhJROyNapmdIKSx hOzfLVE1gqA0PweZR8d tY3aNQSRn3sPpwJr6Mi /PqQKAMMrZ9ckJpf1+b QMOOvxgzz2U1GS18b3y ZKcgTMEaJzd/GZYzi/B N2DzQ0MsrSwYXfsNLFO Bbs8PJMW4LYIxeeOe6rUgkWOF 7CC9Dh/dduQ1QrsJhmZAEFfd6ByYV+ ;{id = 2854 (zsk), size = 1688b}
+example.com.    3600    IN      RRSIG   DNSKEY 3 2 3600 20070926134802 20070829134802 2854 example.com. MCwCFG1yhRNtTEa3Eno2zhVVuy2EJX3wAhQeLyUp6+UXcpC5qGNu9tkrTEgPUg== ;{id = 2854}
+SECTION AUTHORITY
+example.com.	IN NS	ns.example.com.
+example.com.    3600    IN      RRSIG   NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854}
+SECTION ADDITIONAL
+ns.example.com.		IN 	A	1.2.3.4
+ns.example.com. 3600    IN      RRSIG   A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854}
+ENTRY_END
+
+; response to query of interest
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+www.example.com. IN A
+SECTION ANSWER
+www.example.com. IN A	10.20.30.40
+www.example.com.        3600    IN      RRSIG   A 3 3 3600 20070926134150 20070829134150 2854 example.com. MC0CFC99iE9K5y2WNgI0gFvBWaTi9wm6AhUAoUqOpDtG5Zct+Qr9F3mSdnbc6V4= ;{id = 2854}
+SECTION AUTHORITY
+example.com.	IN NS	ns.example.com.
+example.com.    3600    IN      RRSIG   NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854}
+SECTION ADDITIONAL
+ns.example.com.		IN 	A	1.2.3.4
+ns.example.com. 3600    IN      RRSIG   A 3 3 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCQMyTjn7WWwpwAR1LlVeLpRgZGuQIUCcJDEkwAuzytTDRlYK7nIMwH1CM= ;{id = 2854}
+ENTRY_END
+RANGE_END
+
+STEP 1 QUERY
+ENTRY_BEGIN
+REPLY RD AD
+SECTION QUESTION
+www.example.com. IN A
+ENTRY_END
+
+; recursion happens here.
+STEP 10 CHECK_ANSWER
+ENTRY_BEGIN
+MATCH all
+REPLY QR RD RA AD NOERROR
+SECTION QUESTION
+www.example.com. IN A
+SECTION ANSWER
+www.example.com. IN A	10.20.30.40
+SECTION AUTHORITY
+example.com.	IN NS	ns.example.com.
+SECTION ADDITIONAL
+ns.example.com.		IN 	A	1.2.3.4
+ENTRY_END
+
+; ask from cache too
+STEP 21 QUERY
+ENTRY_BEGIN
+REPLY RD AD
+SECTION QUESTION
+www.example.com. IN A
+ENTRY_END
+
+STEP 23 CHECK_ANSWER
+ENTRY_BEGIN
+MATCH all
+REPLY QR RD RA AD NOERROR
+SECTION QUESTION
+www.example.com. IN A
+SECTION ANSWER
+www.example.com. IN A	10.20.30.40
+SECTION AUTHORITY
+example.com.	IN NS	ns.example.com.
+SECTION ADDITIONAL
+ns.example.com.		IN 	A	1.2.3.4
+ENTRY_END
+
+
+SCENARIO_END
diff --git a/src/test/resources/unbound/val_adcopy.rpl b/src/test/resources/unbound/val_adcopy.rpl
new file mode 100644
index 000000000..aeb8bfd75
--- /dev/null
+++ b/src/test/resources/unbound/val_adcopy.rpl
@@ -0,0 +1,173 @@
+; config options
+; The island of trust is at example.com
+server:
+	#trust-anchor: "example.com.    3600    IN      DS      2854 3 1 46e4ffc6e9a4793b488954bd3f0cc6af0dfb201b"
+	val-override-date: "20070916134226"
+	target-fetch-policy: "0 0 0 0 0"
+	qname-minimisation: "no"
+	fake-sha1: yes
+	minimal-responses: no
+
+stub-zone:
+	name: "."
+	stub-addr: 193.0.14.129 	# K.ROOT-SERVERS.NET.
+CONFIG_END
+
+SCENARIO_BEGIN Test validator AD bit sent by untrusted upstream
+
+; K.ROOT-SERVERS.NET.
+RANGE_BEGIN 0 100
+	ADDRESS 193.0.14.129
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+. IN NS
+SECTION ANSWER
+. IN NS	K.ROOT-SERVERS.NET.
+SECTION ADDITIONAL
+K.ROOT-SERVERS.NET.	IN	A	193.0.14.129
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+www.example.com. IN A
+SECTION AUTHORITY
+com.	IN NS	a.gtld-servers.net.
+SECTION ADDITIONAL
+a.gtld-servers.net.	IN 	A	192.5.6.30
+ENTRY_END
+RANGE_END
+
+; a.gtld-servers.net.
+RANGE_BEGIN 0 100
+	ADDRESS 192.5.6.30
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+com. IN NS
+SECTION ANSWER
+com.	IN NS	a.gtld-servers.net.
+SECTION ADDITIONAL
+a.gtld-servers.net.	IN 	A	192.5.6.30
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+www.example.com. IN A
+SECTION AUTHORITY
+example.com.	IN NS	ns.example.com.
+SECTION ADDITIONAL
+ns.example.com.		IN 	A	1.2.3.4
+ENTRY_END
+RANGE_END
+
+; ns.example.com.
+RANGE_BEGIN 0 100
+	ADDRESS 1.2.3.4
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR AA RA AD NOERROR
+SECTION QUESTION
+example.com. IN NS
+SECTION ANSWER
+example.com.	IN NS	ns.example.com.
+example.com.    3600    IN      RRSIG   NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854}
+SECTION ADDITIONAL
+ns.example.com.		IN 	A	1.2.3.4
+ns.example.com. 3600    IN      RRSIG   A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854}
+ENTRY_END
+
+; response to DNSKEY priming query
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR AA RA AD NOERROR
+SECTION QUESTION
+example.com. IN DNSKEY
+SECTION ANSWER
+example.com.    3600    IN      DNSKEY  256 3 3 ALXLUsWqUrY3JYER3T4TBJII s70j+sDS/UT2QRp61SE7S3E EXopNXoFE73JLRmvpi/UrOO/Vz4Se 6wXv/CYCKjGw06U4WRgR YXcpEhJROyNapmdIKSx hOzfLVE1gqA0PweZR8d tY3aNQSRn3sPpwJr6Mi /PqQKAMMrZ9ckJpf1+b QMOOvxgzz2U1GS18b3y ZKcgTMEaJzd/GZYzi/B N2DzQ0MsrSwYXfsNLFO Bbs8PJMW4LYIxeeOe6rUgkWOF 7CC9Dh/dduQ1QrsJhmZAEFfd6ByYV+ ;{id = 2854 (zsk), size = 1688b}
+example.com.    3600    IN      RRSIG   DNSKEY 3 2 3600 20070926134802 20070829134802 2854 example.com. MCwCFG1yhRNtTEa3Eno2zhVVuy2EJX3wAhQeLyUp6+UXcpC5qGNu9tkrTEgPUg== ;{id = 2854}
+SECTION AUTHORITY
+example.com.	IN NS	ns.example.com.
+example.com.    3600    IN      RRSIG   NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854}
+SECTION ADDITIONAL
+ns.example.com.		IN 	A	1.2.3.4
+ns.example.com. 3600    IN      RRSIG   A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854}
+ENTRY_END
+
+; response to query of interest
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR AA RA AD NOERROR
+SECTION QUESTION
+www.example.com. IN A
+SECTION ANSWER
+www.example.com. IN A	10.20.30.40
+www.example.com.        3600    IN      RRSIG   A 3 3 3600 20070926134150 20070829134150 2854 example.com. MC0CFC99iE9K5y2WNgI0gFvBWaTi9wm6AhUAoUqOpDtG5Zct+Qr9F3mSdnbc6V4= ;{id = 2854}
+SECTION AUTHORITY
+example.com.	IN NS	ns.example.com.
+example.com.    3600    IN      RRSIG   NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854}
+SECTION ADDITIONAL
+ns.example.com.		IN 	A	1.2.3.4
+ns.example.com. 3600    IN      RRSIG   A 3 3 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCQMyTjn7WWwpwAR1LlVeLpRgZGuQIUCcJDEkwAuzytTDRlYK7nIMwH1CM= ;{id = 2854}
+ENTRY_END
+RANGE_END
+
+STEP 1 QUERY
+ENTRY_BEGIN
+REPLY RD AD
+SECTION QUESTION
+www.example.com. IN A
+ENTRY_END
+
+; recursion happens here.
+STEP 10 CHECK_ANSWER
+ENTRY_BEGIN
+MATCH all
+REPLY QR RD RA NOERROR
+SECTION QUESTION
+www.example.com. IN A
+SECTION ANSWER
+www.example.com. IN A	10.20.30.40
+SECTION AUTHORITY
+example.com.	IN NS	ns.example.com.
+SECTION ADDITIONAL
+ns.example.com.		IN 	A	1.2.3.4
+ENTRY_END
+
+; ask from cache too
+STEP 21 QUERY
+ENTRY_BEGIN
+REPLY RD AD
+SECTION QUESTION
+www.example.com. IN A
+ENTRY_END
+
+STEP 23 CHECK_ANSWER
+ENTRY_BEGIN
+MATCH all
+REPLY QR RD RA NOERROR
+SECTION QUESTION
+www.example.com. IN A
+SECTION ANSWER
+www.example.com. IN A	10.20.30.40
+SECTION AUTHORITY
+example.com.	IN NS	ns.example.com.
+SECTION ADDITIONAL
+ns.example.com.		IN 	A	1.2.3.4
+ENTRY_END
+
+
+SCENARIO_END
diff --git a/src/test/resources/unbound/val_anchor_nx.rpl b/src/test/resources/unbound/val_anchor_nx.rpl
new file mode 100644
index 000000000..5d8855b8a
--- /dev/null
+++ b/src/test/resources/unbound/val_anchor_nx.rpl
@@ -0,0 +1,220 @@
+; config options
+; The island of trust is at example.com
+server:
+	trust-anchor: "example.com.    3600    IN      DS      2854 3 1 46e4ffc6e9a4793b488954bd3f0cc6af0dfb201b"
+	trust-anchor: "sub.example.com.    3600    IN      DS      30899 RSASHA1 1 f7ed618f24d5e5202927e1d27bc2e84a141cb4b3"
+	val-override-date: "20070916134226"
+	target-fetch-policy: "0 0 0 0 0"
+	qname-minimisation: "no"
+	fake-sha1: yes
+	trust-anchor-signaling: no
+
+stub-zone:
+	name: "."
+	stub-addr: 193.0.14.129 	# K.ROOT-SERVERS.NET.
+CONFIG_END
+
+SCENARIO_BEGIN Test validator with secure proof of trust anchor nxdomain
+
+; K.ROOT-SERVERS.NET.
+RANGE_BEGIN 0 100
+	ADDRESS 193.0.14.129 
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+. IN NS
+SECTION ANSWER
+. IN NS	K.ROOT-SERVERS.NET.
+SECTION ADDITIONAL
+K.ROOT-SERVERS.NET.	IN	A	193.0.14.129
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+www.sub.example.com. IN A
+SECTION AUTHORITY
+com.	IN NS	a.gtld-servers.net.
+SECTION ADDITIONAL
+a.gtld-servers.net.	IN 	A	192.5.6.30
+ENTRY_END
+RANGE_END
+
+; a.gtld-servers.net.
+RANGE_BEGIN 0 100
+	ADDRESS 192.5.6.30
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+com. IN NS
+SECTION ANSWER
+com.    IN NS   a.gtld-servers.net.
+SECTION ADDITIONAL
+a.gtld-servers.net.     IN      A       192.5.6.30
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+www.sub.example.com. IN A
+SECTION AUTHORITY
+example.com.	IN NS	ns.example.com.
+SECTION ADDITIONAL
+ns.example.com.		IN 	A	1.2.3.4
+ENTRY_END
+RANGE_END
+
+; ns.example.com.
+RANGE_BEGIN 0 100
+	ADDRESS 1.2.3.4
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+example.com. IN NS
+SECTION ANSWER
+example.com.    IN NS   ns.example.com.
+example.com.    3600    IN      RRSIG   NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854}
+SECTION ADDITIONAL
+ns.example.com.         IN      A       1.2.3.4
+ns.example.com. 3600    IN      RRSIG   A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854}
+ENTRY_END
+
+; response to DNSKEY priming query
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+example.com. IN DNSKEY
+SECTION ANSWER
+example.com.    3600    IN      DNSKEY  256 3 3 ALXLUsWqUrY3JYER3T4TBJII s70j+sDS/UT2QRp61SE7S3E EXopNXoFE73JLRmvpi/UrOO/Vz4Se 6wXv/CYCKjGw06U4WRgR YXcpEhJROyNapmdIKSx hOzfLVE1gqA0PweZR8d tY3aNQSRn3sPpwJr6Mi /PqQKAMMrZ9ckJpf1+b QMOOvxgzz2U1GS18b3y ZKcgTMEaJzd/GZYzi/B N2DzQ0MsrSwYXfsNLFO Bbs8PJMW4LYIxeeOe6rUgkWOF 7CC9Dh/dduQ1QrsJhmZAEFfd6ByYV+ ;{id = 2854 (zsk), size = 1688b}
+example.com. 3600    IN      RRSIG   DNSKEY DSA 2 3600 20070926134150 20070829134150 2854 example.com. MCwCFBQRtlR4BEv9ohi+PGFjp+AHsJuHAhRCvz0shggvnvI88DFnBDCczHUcVA== ;{id = 2854}
+SECTION AUTHORITY
+example.com.	IN NS	ns.example.com.
+example.com.    3600    IN      RRSIG   NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854}
+SECTION ADDITIONAL
+ns.example.com.		IN 	A	1.2.3.4
+ns.example.com. 3600    IN      RRSIG   A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854}
+ENTRY_END
+
+; response for sub.example.com.
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NXDOMAIN
+SECTION QUESTION
+www.sub.example.com. IN A
+SECTION AUTHORITY
+example.com. SOA ns.example.com. h.example.com. 2007090504 1800 1800 2419200 7200
+example.com.    3600    IN      RRSIG   SOA 3 2 3600 20070926134150 20070829134150 2854 example.com. MCwCFC5uwIHSehZtetK2CMNXttSFUB0XAhROFDAgy/FaxR8zFXJzyPdpQG93Sw== ;{id = 2854}
+blub.example.com. NSEC znub.example.com. A MX RRSIG NSEC
+blub.example.com.       3600    IN      RRSIG   NSEC 3 3 3600 20070926134150 20070829134150 2854 example.com. MCwCFCic/WwyMtdDE/84g8l0S0M8AOtnAhR88hQEp5cD5XQ3EmQ79RUuNTCgdg== ;{id = 2854}
+example.com. NSEC blub.example.com. SOA NS MX DNSKEY RRSIG NSEC
+example.com.    3600    IN      RRSIG   NSEC 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFFYX7iNIlT79gNFFlvnn44Ittm6HAhUAg7u0hZ4to87qyfkonZu2jVLW3xw= ;{id = 2854}
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NXDOMAIN
+SECTION QUESTION
+www.sub.example.com. IN DS
+SECTION AUTHORITY
+example.com. SOA ns.example.com. h.example.com. 2007090504 1800 1800 2419200 7200
+example.com.    3600    IN      RRSIG   SOA 3 2 3600 20070926134150 20070829134150 2854 example.com. MCwCFC5uwIHSehZtetK2CMNXttSFUB0XAhROFDAgy/FaxR8zFXJzyPdpQG93Sw== ;{id = 2854}
+blub.example.com. NSEC znub.example.com. A MX RRSIG NSEC
+blub.example.com.       3600    IN      RRSIG   NSEC 3 3 3600 20070926134150 20070829134150 2854 example.com. MCwCFCic/WwyMtdDE/84g8l0S0M8AOtnAhR88hQEp5cD5XQ3EmQ79RUuNTCgdg== ;{id = 2854}
+example.com. NSEC blub.example.com. SOA NS MX DNSKEY RRSIG NSEC
+example.com.    3600    IN      RRSIG   NSEC 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFFYX7iNIlT79gNFFlvnn44Ittm6HAhUAg7u0hZ4to87qyfkonZu2jVLW3xw= ;{id = 2854}
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NXDOMAIN
+SECTION QUESTION
+sub.example.com. IN DNSKEY
+SECTION AUTHORITY
+example.com. SOA ns.example.com. h.example.com. 2007090504 1800 1800 2419200 7200
+example.com.    3600    IN      RRSIG   SOA 3 2 3600 20070926134150 20070829134150 2854 example.com. MCwCFC5uwIHSehZtetK2CMNXttSFUB0XAhROFDAgy/FaxR8zFXJzyPdpQG93Sw== ;{id = 2854}
+blub.example.com. NSEC znub.example.com. A MX RRSIG NSEC
+blub.example.com.       3600    IN      RRSIG   NSEC 3 3 3600 20070926134150 20070829134150 2854 example.com. MCwCFCic/WwyMtdDE/84g8l0S0M8AOtnAhR88hQEp5cD5XQ3EmQ79RUuNTCgdg== ;{id = 2854}
+example.com. NSEC blub.example.com. SOA NS MX DNSKEY RRSIG NSEC
+example.com.    3600    IN      RRSIG   NSEC 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFFYX7iNIlT79gNFFlvnn44Ittm6HAhUAg7u0hZ4to87qyfkonZu2jVLW3xw= ;{id = 2854}
+ENTRY_END
+RANGE_END
+
+; ns.sub.example.com.
+RANGE_BEGIN 0 100
+	ADDRESS 1.2.3.6
+
+; response to DNSKEY priming query
+; sub.example.com.        3600    IN      DS      30899 RSASHA1 1 f7ed618f24d5e5202927e1d27bc2e84a141cb4b3
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+sub.example.com. IN DNSKEY
+SECTION ANSWER
+sub.example.com.        3600    IN      DNSKEY  256 3 5 AQPQ41chR9DEHt/aIzIFAqanbDlRflJoRs5yz1jFsoRIT7dWf0r+PeDuewdxkszNH6wnU4QL8pfKFRh5PIYVBLK3 ;{id = 30899 (zsk), size = 512b}
+sub.example.com.        3600    IN      RRSIG   DNSKEY 5 3 3600 20070926134150 20070829134150 30899 sub.example.com. uNGp99iznjD7oOX02XnQbDnbg75UwBHRvZSKYUorTKvPUnCWMHKdRsQ+mf+Fx3GZ+Fz9BVjoCmQqpnfgXLEYqw== ;{id = 30899}
+SECTION AUTHORITY
+sub.example.com. IN	NS ns.sub.example.com.
+sub.example.com.        3600    IN      RRSIG   NS 5 3 3600 20070926134150 20070829134150 30899 sub.example.com. wcpHeBILHfo8C9uxMhcW03gcURZeUffiKdSTb50ZjzTHgMNhRyMfpcvSpXEd9548A9UTmWKeLZChfr5Z/glONw== ;{id = 30899}
+SECTION ADDITIONAL
+ns.sub.example.com. IN A 1.2.3.6
+ns.sub.example.com.     3600    IN      RRSIG   A 5 4 3600 20070926134150 20070829134150 30899 sub.example.com. UF7shD/gt1FOp2UHgLTNbPzVykklSXFMEtJ1xD+Hholwf/PIzd7zoaIttIYibNa4fUXCqMg22H9P7MRhfmFe6g== ;{id = 30899}
+ENTRY_END
+
+; response to query of interest
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+www.sub.example.com. IN A
+SECTION ANSWER
+www.sub.example.com. IN A	11.11.11.11
+www.sub.example.com.    3600    IN      RRSIG   A 5 4 3600 20070926134150 20070829134150 30899 sub.example.com. 0DqqRfRtm7VSEQ4mmBbzrKRqQAay3JAE8DPDGmjtokrrjN9F1G/HxozDV7bjdIh2EChlQea8FPwf/GepJMUVxg== ;{id = 30899}
+SECTION AUTHORITY
+SECTION ADDITIONAL
+ENTRY_END
+RANGE_END
+
+STEP 1 QUERY
+ENTRY_BEGIN
+REPLY RD DO
+SECTION QUESTION
+www.sub.example.com. IN A
+ENTRY_END
+
+; recursion happens here.
+STEP 10 CHECK_ANSWER
+ENTRY_BEGIN
+MATCH all
+REPLY QR RD RA AD DO NXDOMAIN
+SECTION QUESTION
+www.sub.example.com. IN A
+SECTION ANSWER
+SECTION AUTHORITY
+example.com. SOA ns.example.com. h.example.com. 2007090504 1800 1800 2419200 7200
+example.com.    3600    IN      RRSIG   SOA 3 2 3600 20070926134150 20070829134150 2854 example.com. MCwCFC5uwIHSehZtetK2CMNXttSFUB0XAhROFDAgy/FaxR8zFXJzyPdpQG93Sw== ;{id = 2854}
+blub.example.com. NSEC znub.example.com. A MX RRSIG NSEC
+blub.example.com.       3600    IN      RRSIG   NSEC 3 3 3600 20070926134150 20070829134150 2854 example.com. MCwCFCic/WwyMtdDE/84g8l0S0M8AOtnAhR88hQEp5cD5XQ3EmQ79RUuNTCgdg== ;{id = 2854}
+example.com. NSEC blub.example.com. SOA NS MX DNSKEY RRSIG NSEC
+example.com.    3600    IN      RRSIG   NSEC 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFFYX7iNIlT79gNFFlvnn44Ittm6HAhUAg7u0hZ4to87qyfkonZu2jVLW3xw= ;{id = 2854}
+SECTION ADDITIONAL
+ENTRY_END
+
+SCENARIO_END
diff --git a/src/test/resources/unbound/val_anchor_nx_nosig.rpl b/src/test/resources/unbound/val_anchor_nx_nosig.rpl
new file mode 100644
index 000000000..e0dc7d8ab
--- /dev/null
+++ b/src/test/resources/unbound/val_anchor_nx_nosig.rpl
@@ -0,0 +1,218 @@
+; config options
+; The island of trust is at example.com
+server:
+	trust-anchor: "sub.example.com.    3600    IN      DS      30899 RSASHA1 1 f7ed618f24d5e5202927e1d27bc2e84a141cb4b3"
+	val-override-date: "20070916134226"
+	target-fetch-policy: "0 0 0 0 0"
+	qname-minimisation: "no"
+	fake-sha1: yes
+
+stub-zone:
+	name: "."
+	stub-addr: 193.0.14.129 	# K.ROOT-SERVERS.NET.
+CONFIG_END
+
+SCENARIO_BEGIN Test validator with unsigned denial of trust anchor
+
+; K.ROOT-SERVERS.NET.
+RANGE_BEGIN 0 100
+	ADDRESS 193.0.14.129 
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+. IN NS
+SECTION ANSWER
+. IN NS	K.ROOT-SERVERS.NET.
+SECTION ADDITIONAL
+K.ROOT-SERVERS.NET.	IN	A	193.0.14.129
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+www.sub.example.com. IN A
+SECTION AUTHORITY
+com.	IN NS	a.gtld-servers.net.
+SECTION ADDITIONAL
+a.gtld-servers.net.	IN 	A	192.5.6.30
+ENTRY_END
+RANGE_END
+
+; a.gtld-servers.net.
+RANGE_BEGIN 0 100
+	ADDRESS 192.5.6.30
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+com. IN NS
+SECTION ANSWER
+com.    IN NS   a.gtld-servers.net.
+SECTION ADDITIONAL
+a.gtld-servers.net.     IN      A       192.5.6.30
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+www.sub.example.com. IN A
+SECTION AUTHORITY
+example.com.	IN NS	ns.example.com.
+SECTION ADDITIONAL
+ns.example.com.		IN 	A	1.2.3.4
+ENTRY_END
+RANGE_END
+
+; ns.example.com.
+RANGE_BEGIN 0 100
+	ADDRESS 1.2.3.4
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+example.com. IN NS
+SECTION ANSWER
+example.com.    IN NS   ns.example.com.
+example.com.    3600    IN      RRSIG   NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854}
+SECTION ADDITIONAL
+ns.example.com.         IN      A       1.2.3.4
+ns.example.com. 3600    IN      RRSIG   A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854}
+ENTRY_END
+
+; response to DNSKEY priming query
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+example.com. IN DNSKEY
+SECTION ANSWER
+example.com.    3600    IN      DNSKEY  256 3 3 ALXLUsWqUrY3JYER3T4TBJII s70j+sDS/UT2QRp61SE7S3E EXopNXoFE73JLRmvpi/UrOO/Vz4Se 6wXv/CYCKjGw06U4WRgR YXcpEhJROyNapmdIKSx hOzfLVE1gqA0PweZR8d tY3aNQSRn3sPpwJr6Mi /PqQKAMMrZ9ckJpf1+b QMOOvxgzz2U1GS18b3y ZKcgTMEaJzd/GZYzi/B N2DzQ0MsrSwYXfsNLFO Bbs8PJMW4LYIxeeOe6rUgkWOF 7CC9Dh/dduQ1QrsJhmZAEFfd6ByYV+ ;{id = 2854 (zsk), size = 1688b}
+example.com. 3600    IN      RRSIG   DNSKEY DSA 2 3600 20070926134150 20070829134150 2854 example.com. MCwCFBQRtlR4BEv9ohi+PGFjp+AHsJuHAhRCvz0shggvnvI88DFnBDCczHUcVA== ;{id = 2854}
+SECTION AUTHORITY
+example.com.	IN NS	ns.example.com.
+example.com.    3600    IN      RRSIG   NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854}
+SECTION ADDITIONAL
+ns.example.com.		IN 	A	1.2.3.4
+ns.example.com. 3600    IN      RRSIG   A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854}
+ENTRY_END
+
+; response for sub.example.com.
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NXDOMAIN
+SECTION QUESTION
+www.sub.example.com. IN A
+SECTION AUTHORITY
+example.com. SOA ns.example.com. h.example.com. 2007090504 1800 1800 2419200 7200
+example.com.    3600    IN      RRSIG   SOA 3 2 3600 20070926134150 20070829134150 2854 example.com. MCwCFC5uwIHSehZtetK2CMNXttSFUB0XAhROFDAgy/FaxR8zFXJzyPdpQG93Sw== ;{id = 2854}
+blub.example.com. NSEC znub.example.com. A MX RRSIG NSEC
+blub.example.com.       3600    IN      RRSIG   NSEC 3 3 3600 20070926134150 20070829134150 2854 example.com. MCwCFCic/WwyMtdDE/84g8l0S0M8AOtnAhR88hQEp5cD5XQ3EmQ79RUuNTCgdg== ;{id = 2854}
+example.com. NSEC blub.example.com. SOA NS MX DNSKEY RRSIG NSEC
+example.com.    3600    IN      RRSIG   NSEC 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFFYX7iNIlT79gNFFlvnn44Ittm6HAhUAg7u0hZ4to87qyfkonZu2jVLW3xw= ;{id = 2854}
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NXDOMAIN
+SECTION QUESTION
+www.sub.example.com. IN DS
+SECTION AUTHORITY
+example.com. SOA ns.example.com. h.example.com. 2007090504 1800 1800 2419200 7200
+example.com.    3600    IN      RRSIG   SOA 3 2 3600 20070926134150 20070829134150 2854 example.com. MCwCFC5uwIHSehZtetK2CMNXttSFUB0XAhROFDAgy/FaxR8zFXJzyPdpQG93Sw== ;{id = 2854}
+blub.example.com. NSEC znub.example.com. A MX RRSIG NSEC
+blub.example.com.       3600    IN      RRSIG   NSEC 3 3 3600 20070926134150 20070829134150 2854 example.com. MCwCFCic/WwyMtdDE/84g8l0S0M8AOtnAhR88hQEp5cD5XQ3EmQ79RUuNTCgdg== ;{id = 2854}
+example.com. NSEC blub.example.com. SOA NS MX DNSKEY RRSIG NSEC
+example.com.    3600    IN      RRSIG   NSEC 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFFYX7iNIlT79gNFFlvnn44Ittm6HAhUAg7u0hZ4to87qyfkonZu2jVLW3xw= ;{id = 2854}
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NXDOMAIN
+SECTION QUESTION
+sub.example.com. IN DNSKEY
+SECTION AUTHORITY
+example.com. SOA ns.example.com. h.example.com. 2007090504 1800 1800 2419200 7200
+example.com.    3600    IN      RRSIG   SOA 3 2 3600 20070926134150 20070829134150 2854 example.com. MCwCFC5uwIHSehZtetK2CMNXttSFUB0XAhROFDAgy/FaxR8zFXJzyPdpQG93Sw== ;{id = 2854}
+blub.example.com. NSEC znub.example.com. A MX RRSIG NSEC
+blub.example.com.       3600    IN      RRSIG   NSEC 3 3 3600 20070926134150 20070829134150 2854 example.com. MCwCFCic/WwyMtdDE/84g8l0S0M8AOtnAhR88hQEp5cD5XQ3EmQ79RUuNTCgdg== ;{id = 2854}
+example.com. NSEC blub.example.com. SOA NS MX DNSKEY RRSIG NSEC
+example.com.    3600    IN      RRSIG   NSEC 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFFYX7iNIlT79gNFFlvnn44Ittm6HAhUAg7u0hZ4to87qyfkonZu2jVLW3xw= ;{id = 2854}
+ENTRY_END
+RANGE_END
+
+; ns.sub.example.com.
+RANGE_BEGIN 0 100
+	ADDRESS 1.2.3.6
+
+; response to DNSKEY priming query
+; sub.example.com.        3600    IN      DS      30899 RSASHA1 1 f7ed618f24d5e5202927e1d27bc2e84a141cb4b3
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+sub.example.com. IN DNSKEY
+SECTION ANSWER
+sub.example.com.        3600    IN      DNSKEY  256 3 5 AQPQ41chR9DEHt/aIzIFAqanbDlRflJoRs5yz1jFsoRIT7dWf0r+PeDuewdxkszNH6wnU4QL8pfKFRh5PIYVBLK3 ;{id = 30899 (zsk), size = 512b}
+sub.example.com.        3600    IN      RRSIG   DNSKEY 5 3 3600 20070926134150 20070829134150 30899 sub.example.com. uNGp99iznjD7oOX02XnQbDnbg75UwBHRvZSKYUorTKvPUnCWMHKdRsQ+mf+Fx3GZ+Fz9BVjoCmQqpnfgXLEYqw== ;{id = 30899}
+SECTION AUTHORITY
+sub.example.com. IN	NS ns.sub.example.com.
+sub.example.com.        3600    IN      RRSIG   NS 5 3 3600 20070926134150 20070829134150 30899 sub.example.com. wcpHeBILHfo8C9uxMhcW03gcURZeUffiKdSTb50ZjzTHgMNhRyMfpcvSpXEd9548A9UTmWKeLZChfr5Z/glONw== ;{id = 30899}
+SECTION ADDITIONAL
+ns.sub.example.com. IN A 1.2.3.6
+ns.sub.example.com.     3600    IN      RRSIG   A 5 4 3600 20070926134150 20070829134150 30899 sub.example.com. UF7shD/gt1FOp2UHgLTNbPzVykklSXFMEtJ1xD+Hholwf/PIzd7zoaIttIYibNa4fUXCqMg22H9P7MRhfmFe6g== ;{id = 30899}
+ENTRY_END
+
+; response to query of interest
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+www.sub.example.com. IN A
+SECTION ANSWER
+www.sub.example.com. IN A	11.11.11.11
+www.sub.example.com.    3600    IN      RRSIG   A 5 4 3600 20070926134150 20070829134150 30899 sub.example.com. 0DqqRfRtm7VSEQ4mmBbzrKRqQAay3JAE8DPDGmjtokrrjN9F1G/HxozDV7bjdIh2EChlQea8FPwf/GepJMUVxg== ;{id = 30899}
+SECTION AUTHORITY
+SECTION ADDITIONAL
+ENTRY_END
+RANGE_END
+
+STEP 1 QUERY
+ENTRY_BEGIN
+REPLY RD DO
+SECTION QUESTION
+www.sub.example.com. IN A
+ENTRY_END
+
+; recursion happens here.
+STEP 10 CHECK_ANSWER
+ENTRY_BEGIN
+MATCH all
+REPLY QR RD RA DO NXDOMAIN
+SECTION QUESTION
+www.sub.example.com. IN A
+SECTION ANSWER
+SECTION AUTHORITY
+example.com. SOA ns.example.com. h.example.com. 2007090504 1800 1800 2419200 7200
+example.com.    3600    IN      RRSIG   SOA 3 2 3600 20070926134150 20070829134150 2854 example.com. MCwCFC5uwIHSehZtetK2CMNXttSFUB0XAhROFDAgy/FaxR8zFXJzyPdpQG93Sw== ;{id = 2854}
+blub.example.com. NSEC znub.example.com. A MX RRSIG NSEC
+blub.example.com.       3600    IN      RRSIG   NSEC 3 3 3600 20070926134150 20070829134150 2854 example.com. MCwCFCic/WwyMtdDE/84g8l0S0M8AOtnAhR88hQEp5cD5XQ3EmQ79RUuNTCgdg== ;{id = 2854}
+example.com. NSEC blub.example.com. SOA NS MX DNSKEY RRSIG NSEC
+example.com.    3600    IN      RRSIG   NSEC 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFFYX7iNIlT79gNFFlvnn44Ittm6HAhUAg7u0hZ4to87qyfkonZu2jVLW3xw= ;{id = 2854}
+SECTION ADDITIONAL
+ENTRY_END
+
+SCENARIO_END
diff --git a/src/test/resources/unbound/val_ans_dsent.rpl b/src/test/resources/unbound/val_ans_dsent.rpl
new file mode 100644
index 000000000..361e222c5
--- /dev/null
+++ b/src/test/resources/unbound/val_ans_dsent.rpl
@@ -0,0 +1,248 @@
+; config options
+; The island of trust is at example.com
+server:
+	trust-anchor: "example.com.    3600    IN      DS      2854 3 1 46e4ffc6e9a4793b488954bd3f0cc6af0dfb201b"
+	val-override-date: "20070916134226"
+	target-fetch-policy: "0 0 0 0 0"
+	qname-minimisation: "no"
+	fake-sha1: yes
+	val-min-rsa-size: 512
+	trust-anchor-signaling: no
+
+stub-zone:
+	name: "."
+	stub-addr: 193.0.14.129 	# K.ROOT-SERVERS.NET.
+CONFIG_END
+
+SCENARIO_BEGIN Test validator with empty nonterminals on the trust chain.
+
+; K.ROOT-SERVERS.NET.
+RANGE_BEGIN 0 100
+	ADDRESS 193.0.14.129
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+. IN NS
+SECTION ANSWER
+. IN NS	K.ROOT-SERVERS.NET.
+SECTION ADDITIONAL
+K.ROOT-SERVERS.NET.	IN	A	193.0.14.129
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+328.0.0.194.example.com. IN A
+SECTION AUTHORITY
+com.	IN NS	a.gtld-servers.net.
+SECTION ADDITIONAL
+a.gtld-servers.net.	IN 	A	192.5.6.30
+ENTRY_END
+RANGE_END
+
+; a.gtld-servers.net.
+RANGE_BEGIN 0 100
+	ADDRESS 192.5.6.30
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+com. IN NS
+SECTION ANSWER
+com.    IN NS   a.gtld-servers.net.
+SECTION ADDITIONAL
+a.gtld-servers.net.     IN      A       192.5.6.30
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+328.0.0.194.example.com. IN A
+SECTION AUTHORITY
+example.com.	IN NS	ns.example.com.
+SECTION ADDITIONAL
+ns.example.com.		IN 	A	1.2.3.4
+ENTRY_END
+RANGE_END
+
+; ns.example.com.
+RANGE_BEGIN 0 100
+	ADDRESS 1.2.3.4
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+example.com. IN NS
+SECTION ANSWER
+example.com.    IN NS   ns.example.com.
+example.com.    3600    IN      RRSIG   NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854}
+SECTION ADDITIONAL
+ns.example.com.         IN      A       1.2.3.4
+ns.example.com. 3600    IN      RRSIG   A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854}
+ENTRY_END
+
+; response to DNSKEY priming query
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+example.com. IN DNSKEY
+SECTION ANSWER
+example.com.    3600    IN      DNSKEY  256 3 3 ALXLUsWqUrY3JYER3T4TBJII s70j+sDS/UT2QRp61SE7S3E EXopNXoFE73JLRmvpi/UrOO/Vz4Se 6wXv/CYCKjGw06U4WRgR YXcpEhJROyNapmdIKSx hOzfLVE1gqA0PweZR8d tY3aNQSRn3sPpwJr6Mi /PqQKAMMrZ9ckJpf1+b QMOOvxgzz2U1GS18b3y ZKcgTMEaJzd/GZYzi/B N2DzQ0MsrSwYXfsNLFO Bbs8PJMW4LYIxeeOe6rUgkWOF 7CC9Dh/dduQ1QrsJhmZAEFfd6ByYV+ ;{id = 2854 (zsk), size = 1688b}
+example.com. 3600    IN      RRSIG   DNSKEY DSA 2 3600 20070926134150 20070829134150 2854 example.com. MCwCFBQRtlR4BEv9ohi+PGFjp+AHsJuHAhRCvz0shggvnvI88DFnBDCczHUcVA== ;{id = 2854}
+SECTION AUTHORITY
+example.com.	IN NS	ns.example.com.
+example.com.    3600    IN      RRSIG   NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854}
+SECTION ADDITIONAL
+ns.example.com.		IN 	A	1.2.3.4
+ns.example.com. 3600    IN      RRSIG   A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854}
+ENTRY_END
+
+; responses to DS empty nonterminal queries.
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR AA NOERROR
+SECTION QUESTION
+194.example.com. IN DS
+SECTION AUTHORITY
+example.com. 3600 IN SOA ns.example.com. host.example.com. 2007091980 3600 7200 1209600 7200
+example.com.    3600    IN      RRSIG   SOA 3 2 3600 20070926135752 20070829135752 2854 example.com. MC0CFCOn5qKBIV7bwFMBA+Qqiblx0cylAhUAoFiGtFm2wHhJpq9MooTYdeVw45s= ;{id = 2854}
+
+; This NSEC proves the NOERROR/NODATA case.
+194.example.com. IN NSEC 0.0.194.example.com. A RRSIG NSEC
+194.example.com.        3600    IN      RRSIG   NSEC 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFDcoKl74U9FjsuYF3Vc0E8GQ2GgzAhUAhlyhO2MMcAWQMxIhEZ4MguokN5g= ;{id = 2854}
+
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+; this should be NOERROR.
+REPLY QR AA NOERROR
+SECTION QUESTION
+0.194.example.com. IN DS
+SECTION AUTHORITY
+example.com. 3600 IN SOA ns.example.com. host.example.com. 2007091980 3600 7200 1209600 7200
+example.com.    3600    IN      RRSIG   SOA 3 2 3600 20070926135752 20070829135752 2854 example.com. MC0CFCOn5qKBIV7bwFMBA+Qqiblx0cylAhUAoFiGtFm2wHhJpq9MooTYdeVw45s= ;{id = 2854}
+
+; This NSEC proves the NOERROR/NODATA case.
+194.example.com. IN NSEC 0.0.194.example.com. A RRSIG NSEC
+194.example.com.        3600    IN      RRSIG   NSEC 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFDcoKl74U9FjsuYF3Vc0E8GQ2GgzAhUAhlyhO2MMcAWQMxIhEZ4MguokN5g= ;{id = 2854}
+
+ENTRY_END
+
+; response for delegation to sub zone.
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+328.0.0.194.example.com. IN A
+SECTION ANSWER
+SECTION AUTHORITY
+0.0.194.example.com. IN NS ns.sub.example.com.
+0.0.194.example.com.    3600    IN      DS      30899 RSASHA1 1 aa46f0717075d9750ac3596c659a2e326b33c28c
+0.0.194.example.com.    3600    IN      RRSIG   DS 3 5 3600 20070926135752 20070829135752 2854 example.com. MCwCFC9GIqtp/103hktw6bPpD83gr+0iAhQ8yev2yUaR9l64rYBUYTJqOoTKdw== ;{id = 2854}
+SECTION ADDITIONAL
+ns.sub.example.com. IN A 1.2.3.6
+ENTRY_END
+
+; response for delegation to sub zone
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+0.0.194.example.com. IN DNSKEY
+SECTION ANSWER
+SECTION AUTHORITY
+0.0.194.example.com. IN NS ns.sub.example.com.
+0.0.194.example.com.    3600    IN      DS      30899 RSASHA1 1 aa46f0717075d9750ac3596c659a2e326b33c28c
+0.0.194.example.com.    3600    IN      RRSIG   DS 3 5 3600 20070926135752 20070829135752 2854 example.com. MCwCFC9GIqtp/103hktw6bPpD83gr+0iAhQ8yev2yUaR9l64rYBUYTJqOoTKdw== ;{id = 2854}
+SECTION ADDITIONAL
+ns.sub.example.com. IN A 1.2.3.6
+ENTRY_END
+RANGE_END
+
+; ns.sub.example.com. for zone 0.0.194.example.com.
+RANGE_BEGIN 0 100
+	ADDRESS 1.2.3.6
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+0.0.194.example.com. IN NS
+SECTION ANSWER
+0.0.194.example.com. IN	NS ns.sub.example.com.
+0.0.194.example.com.    3600    IN      RRSIG   NS 5 5 3600 20070926135752 20070829135752 30899 0.0.194.example.com. KXDA+/PJAE+dXhv6O6Z0ZovDwabSRJcIt+GT5AL6ewlj46hzo/SDKUtEhYCeT1IVQvYtXrESwFZjpp7N0rXXBg== ;{id = 30899}
+SECTION ADDITIONAL
+ns.sub.example.com. IN A 1.2.3.6
+ENTRY_END
+
+
+; response to DNSKEY priming query
+; 0.0.194.example.com.    3600    IN      DS      30899 RSASHA1 1 aa46f0717075d9750ac3596c659a2e326b33c28c
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+0.0.194.example.com. IN DNSKEY
+SECTION ANSWER
+0.0.194.example.com.        3600    IN      DNSKEY  256 3 5 AQPQ41chR9DEHt/aIzIFAqanbDlRflJoRs5yz1jFsoRIT7dWf0r+PeDuewdxkszNH6wnU4QL8pfKFRh5PIYVBLK3 ;{id = 30899 (zsk), size = 512b}
+0.0.194.example.com.    3600    IN      RRSIG   DNSKEY 5 5 3600 20070926135752 20070829135752 30899 0.0.194.example.com. fSmc7ef6NwbDXC0o4wPc/aa8LakW5ZJwEZ4xPYl3tTZKmPNM7hPXskl1tFlvst9Va4u37F62v+16trprHb+SCQ== ;{id = 30899}
+SECTION AUTHORITY
+0.0.194.example.com. IN	NS ns.sub.example.com.
+0.0.194.example.com.    3600    IN      RRSIG   NS 5 5 3600 20070926135752 20070829135752 30899 0.0.194.example.com. KXDA+/PJAE+dXhv6O6Z0ZovDwabSRJcIt+GT5AL6ewlj46hzo/SDKUtEhYCeT1IVQvYtXrESwFZjpp7N0rXXBg== ;{id = 30899}
+SECTION ADDITIONAL
+ns.sub.example.com. IN A 1.2.3.6
+ENTRY_END
+
+; response to query of interest
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+328.0.0.194.example.com. IN A
+SECTION ANSWER
+328.0.0.194.example.com. IN A 11.11.11.11
+328.0.0.194.example.com.        3600    IN      RRSIG   A 5 6 3600 20070926135752 20070829135752 30899 0.0.194.example.com. chZW77mqywhw/4ch6BxXQ4EbFgb9zgh2xF75FLlKq/7ey6CfHSJRpJRjRqtMTn+1i18UL2B4nPS/WnK5DZeqlA== ;{id = 30899}
+SECTION AUTHORITY
+SECTION ADDITIONAL
+ENTRY_END
+RANGE_END
+
+STEP 1 QUERY
+ENTRY_BEGIN
+REPLY RD DO
+SECTION QUESTION
+328.0.0.194.example.com. IN A
+ENTRY_END
+
+; recursion happens here.
+STEP 10 CHECK_ANSWER
+ENTRY_BEGIN
+MATCH all
+REPLY QR RD RA AD DO NOERROR
+SECTION QUESTION
+328.0.0.194.example.com. IN A
+SECTION ANSWER
+328.0.0.194.example.com. 	3600	IN	A	11.11.11.11
+328.0.0.194.example.com.        3600    IN      RRSIG   A 5 6 3600 20070926135752 20070829135752 30899 0.0.194.example.com. chZW77mqywhw/4ch6BxXQ4EbFgb9zgh2xF75FLlKq/7ey6CfHSJRpJRjRqtMTn+1i18UL2B4nPS/WnK5DZeqlA== ;{id = 30899}
+SECTION AUTHORITY
+SECTION ADDITIONAL
+ENTRY_END
+
+SCENARIO_END
diff --git a/src/test/resources/unbound/val_ans_nx.rpl b/src/test/resources/unbound/val_ans_nx.rpl
new file mode 100644
index 000000000..feaf35442
--- /dev/null
+++ b/src/test/resources/unbound/val_ans_nx.rpl
@@ -0,0 +1,250 @@
+; config options
+; The island of trust is at example.com
+server:
+	trust-anchor: "example.com.    3600    IN      DS      2854 3 1 46e4ffc6e9a4793b488954bd3f0cc6af0dfb201b"
+	val-override-date: "20070916134226"
+	target-fetch-policy: "0 0 0 0 0"
+	qname-minimisation: "no"
+	fake-sha1: yes
+	val-min-rsa-size: 512
+	trust-anchor-signaling: no
+
+stub-zone:
+	name: "."
+	stub-addr: 193.0.14.129 	# K.ROOT-SERVERS.NET.
+CONFIG_END
+
+SCENARIO_BEGIN Test validator with DS nodata as nxdomain on trust chain
+; This is a bug in ANS 2.8.1.0 where it gives an NXDOMAIN instead of
+; NOERROR for an empty nonterminal DS query. The proof for this NXDOMAIN
+; is the NSEC that proves emptynonterminal.
+
+; K.ROOT-SERVERS.NET.
+RANGE_BEGIN 0 100
+	ADDRESS 193.0.14.129
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+. IN NS
+SECTION ANSWER
+. IN NS	K.ROOT-SERVERS.NET.
+SECTION ADDITIONAL
+K.ROOT-SERVERS.NET.	IN	A	193.0.14.129
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+328.0.0.194.example.com. IN A
+SECTION AUTHORITY
+com.	IN NS	a.gtld-servers.net.
+SECTION ADDITIONAL
+a.gtld-servers.net.	IN 	A	192.5.6.30
+ENTRY_END
+RANGE_END
+
+; a.gtld-servers.net.
+RANGE_BEGIN 0 100
+	ADDRESS 192.5.6.30
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+com. IN NS
+SECTION ANSWER
+com.    IN NS   a.gtld-servers.net.
+SECTION ADDITIONAL
+a.gtld-servers.net.     IN      A       192.5.6.30
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+328.0.0.194.example.com. IN A
+SECTION AUTHORITY
+example.com.	IN NS	ns.example.com.
+SECTION ADDITIONAL
+ns.example.com.		IN 	A	1.2.3.4
+ENTRY_END
+RANGE_END
+
+; ns.example.com.
+RANGE_BEGIN 0 100
+	ADDRESS 1.2.3.4
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+example.com. IN NS
+SECTION ANSWER
+example.com.    IN NS   ns.example.com.
+example.com.    3600    IN      RRSIG   NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854}
+SECTION ADDITIONAL
+ns.example.com.         IN      A       1.2.3.4
+ns.example.com. 3600    IN      RRSIG   A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854}
+ENTRY_END
+
+; response to DNSKEY priming query
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+example.com. IN DNSKEY
+SECTION ANSWER
+example.com.    3600    IN      DNSKEY  256 3 3 ALXLUsWqUrY3JYER3T4TBJII s70j+sDS/UT2QRp61SE7S3E EXopNXoFE73JLRmvpi/UrOO/Vz4Se 6wXv/CYCKjGw06U4WRgR YXcpEhJROyNapmdIKSx hOzfLVE1gqA0PweZR8d tY3aNQSRn3sPpwJr6Mi /PqQKAMMrZ9ckJpf1+b QMOOvxgzz2U1GS18b3y ZKcgTMEaJzd/GZYzi/B N2DzQ0MsrSwYXfsNLFO Bbs8PJMW4LYIxeeOe6rUgkWOF 7CC9Dh/dduQ1QrsJhmZAEFfd6ByYV+ ;{id = 2854 (zsk), size = 1688b}
+example.com. 3600    IN      RRSIG   DNSKEY DSA 2 3600 20070926134150 20070829134150 2854 example.com. MCwCFBQRtlR4BEv9ohi+PGFjp+AHsJuHAhRCvz0shggvnvI88DFnBDCczHUcVA== ;{id = 2854}
+SECTION AUTHORITY
+example.com.	IN NS	ns.example.com.
+example.com.    3600    IN      RRSIG   NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854}
+SECTION ADDITIONAL
+ns.example.com.		IN 	A	1.2.3.4
+ns.example.com. 3600    IN      RRSIG   A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854}
+ENTRY_END
+
+; responses to DS empty nonterminal queries.
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR AA NOERROR
+SECTION QUESTION
+194.example.com. IN DS
+SECTION AUTHORITY
+example.com. 3600 IN SOA ns.example.com. host.example.com. 2007091980 3600 7200 1209600 7200
+example.com.    3600    IN      RRSIG   SOA 3 2 3600 20070926135752 20070829135752 2854 example.com. MC0CFCOn5qKBIV7bwFMBA+Qqiblx0cylAhUAoFiGtFm2wHhJpq9MooTYdeVw45s= ;{id = 2854}
+
+; This NSEC proves the NOERROR/NODATA case.
+194.example.com. IN NSEC 0.0.194.example.com. A RRSIG NSEC
+194.example.com.        3600    IN      RRSIG   NSEC 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFDcoKl74U9FjsuYF3Vc0E8GQ2GgzAhUAhlyhO2MMcAWQMxIhEZ4MguokN5g= ;{id = 2854}
+
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+; Bad NXDOMAIN response, this should be NOERROR.
+REPLY QR AA NXDOMAIN
+SECTION QUESTION
+0.194.example.com. IN DS
+SECTION AUTHORITY
+example.com. 3600 IN SOA ns.example.com. host.example.com. 2007091980 3600 7200 1209600 7200
+example.com.    3600    IN      RRSIG   SOA 3 2 3600 20070926135752 20070829135752 2854 example.com. MC0CFCOn5qKBIV7bwFMBA+Qqiblx0cylAhUAoFiGtFm2wHhJpq9MooTYdeVw45s= ;{id = 2854}
+
+; This NSEC proves the NOERROR/NODATA case.
+194.example.com. IN NSEC 0.0.194.example.com. A RRSIG NSEC
+194.example.com.        3600    IN      RRSIG   NSEC 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFDcoKl74U9FjsuYF3Vc0E8GQ2GgzAhUAhlyhO2MMcAWQMxIhEZ4MguokN5g= ;{id = 2854}
+
+ENTRY_END
+
+; response for delegation to sub zone.
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+328.0.0.194.example.com. IN A
+SECTION ANSWER
+SECTION AUTHORITY
+0.0.194.example.com. IN NS ns.sub.example.com.
+0.0.194.example.com.    3600    IN      DS      30899 RSASHA1 1 aa46f0717075d9750ac3596c659a2e326b33c28c
+0.0.194.example.com.    3600    IN      RRSIG   DS 3 5 3600 20070926135752 20070829135752 2854 example.com. MCwCFC9GIqtp/103hktw6bPpD83gr+0iAhQ8yev2yUaR9l64rYBUYTJqOoTKdw== ;{id = 2854}
+SECTION ADDITIONAL
+ns.sub.example.com. IN A 1.2.3.6
+ENTRY_END
+
+; response for delegation to sub zone
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+0.0.194.example.com. IN DNSKEY
+SECTION ANSWER
+SECTION AUTHORITY
+0.0.194.example.com. IN NS ns.sub.example.com.
+0.0.194.example.com.    3600    IN      DS      30899 RSASHA1 1 aa46f0717075d9750ac3596c659a2e326b33c28c
+0.0.194.example.com.    3600    IN      RRSIG   DS 3 5 3600 20070926135752 20070829135752 2854 example.com. MCwCFC9GIqtp/103hktw6bPpD83gr+0iAhQ8yev2yUaR9l64rYBUYTJqOoTKdw== ;{id = 2854}
+SECTION ADDITIONAL
+ns.sub.example.com. IN A 1.2.3.6
+ENTRY_END
+RANGE_END
+
+; ns.sub.example.com. for zone 0.0.194.example.com.
+RANGE_BEGIN 0 100
+	ADDRESS 1.2.3.6
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+0.0.194.example.com. IN NS
+SECTION ANSWER
+0.0.194.example.com. IN	NS ns.sub.example.com.
+0.0.194.example.com.    3600    IN      RRSIG   NS 5 5 3600 20070926135752 20070829135752 30899 0.0.194.example.com. KXDA+/PJAE+dXhv6O6Z0ZovDwabSRJcIt+GT5AL6ewlj46hzo/SDKUtEhYCeT1IVQvYtXrESwFZjpp7N0rXXBg== ;{id = 30899}
+SECTION ADDITIONAL
+ns.sub.example.com. IN A 1.2.3.6
+ENTRY_END
+
+; response to DNSKEY priming query
+; 0.0.194.example.com.    3600    IN      DS      30899 RSASHA1 1 aa46f0717075d9750ac3596c659a2e326b33c28c
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+0.0.194.example.com. IN DNSKEY
+SECTION ANSWER
+0.0.194.example.com.        3600    IN      DNSKEY  256 3 5 AQPQ41chR9DEHt/aIzIFAqanbDlRflJoRs5yz1jFsoRIT7dWf0r+PeDuewdxkszNH6wnU4QL8pfKFRh5PIYVBLK3 ;{id = 30899 (zsk), size = 512b}
+0.0.194.example.com.    3600    IN      RRSIG   DNSKEY 5 5 3600 20070926135752 20070829135752 30899 0.0.194.example.com. fSmc7ef6NwbDXC0o4wPc/aa8LakW5ZJwEZ4xPYl3tTZKmPNM7hPXskl1tFlvst9Va4u37F62v+16trprHb+SCQ== ;{id = 30899}
+SECTION AUTHORITY
+0.0.194.example.com. IN	NS ns.sub.example.com.
+0.0.194.example.com.    3600    IN      RRSIG   NS 5 5 3600 20070926135752 20070829135752 30899 0.0.194.example.com. KXDA+/PJAE+dXhv6O6Z0ZovDwabSRJcIt+GT5AL6ewlj46hzo/SDKUtEhYCeT1IVQvYtXrESwFZjpp7N0rXXBg== ;{id = 30899}
+SECTION ADDITIONAL
+ns.sub.example.com. IN A 1.2.3.6
+ENTRY_END
+
+; response to query of interest
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+328.0.0.194.example.com. IN A
+SECTION ANSWER
+328.0.0.194.example.com. IN A 11.11.11.11
+328.0.0.194.example.com.        3600    IN      RRSIG   A 5 6 3600 20070926135752 20070829135752 30899 0.0.194.example.com. chZW77mqywhw/4ch6BxXQ4EbFgb9zgh2xF75FLlKq/7ey6CfHSJRpJRjRqtMTn+1i18UL2B4nPS/WnK5DZeqlA== ;{id = 30899}
+SECTION AUTHORITY
+SECTION ADDITIONAL
+ENTRY_END
+RANGE_END
+
+STEP 1 QUERY
+ENTRY_BEGIN
+REPLY RD DO
+SECTION QUESTION
+328.0.0.194.example.com. IN A
+ENTRY_END
+
+; recursion happens here.
+STEP 10 CHECK_ANSWER
+ENTRY_BEGIN
+MATCH all
+REPLY QR RD RA AD DO NOERROR
+SECTION QUESTION
+328.0.0.194.example.com. IN A
+SECTION ANSWER
+328.0.0.194.example.com. 	3600	IN	A	11.11.11.11
+328.0.0.194.example.com.        3600    IN      RRSIG   A 5 6 3600 20070926135752 20070829135752 30899 0.0.194.example.com. chZW77mqywhw/4ch6BxXQ4EbFgb9zgh2xF75FLlKq/7ey6CfHSJRpJRjRqtMTn+1i18UL2B4nPS/WnK5DZeqlA== ;{id = 30899}
+SECTION AUTHORITY
+SECTION ADDITIONAL
+ENTRY_END
+
+SCENARIO_END
diff --git a/src/test/resources/unbound/val_any.rpl b/src/test/resources/unbound/val_any.rpl
new file mode 100644
index 000000000..058f44925
--- /dev/null
+++ b/src/test/resources/unbound/val_any.rpl
@@ -0,0 +1,203 @@
+; config options
+; The island of trust is at example.com
+server:
+	trust-anchor: "example.com.    3600    IN      DS      2854 3 1 46e4ffc6e9a4793b488954bd3f0cc6af0dfb201b"
+	val-override-date: "20070916134226"
+	target-fetch-policy: "0 0 0 0 0"
+	qname-minimisation: "no"
+	fake-sha1: yes
+	trust-anchor-signaling: no
+
+stub-zone:
+	name: "."
+	stub-addr: 193.0.14.129 	# K.ROOT-SERVERS.NET.
+CONFIG_END
+
+SCENARIO_BEGIN Test validator with response to qtype ANY
+
+; K.ROOT-SERVERS.NET.
+RANGE_BEGIN 0 100
+	ADDRESS 193.0.14.129 
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+. IN NS
+SECTION ANSWER
+. IN NS	K.ROOT-SERVERS.NET.
+SECTION ADDITIONAL
+K.ROOT-SERVERS.NET.	IN	A	193.0.14.129
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+example.com. IN ANY
+SECTION AUTHORITY
+com.	IN NS	a.gtld-servers.net.
+SECTION ADDITIONAL
+a.gtld-servers.net.	IN 	A	192.5.6.30
+ENTRY_END
+RANGE_END
+
+; a.gtld-servers.net.
+RANGE_BEGIN 0 100
+	ADDRESS 192.5.6.30
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+com. IN NS
+SECTION ANSWER
+com.    IN NS   a.gtld-servers.net.
+SECTION ADDITIONAL
+a.gtld-servers.net.     IN      A       192.5.6.30
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+example.com. IN ANY
+SECTION AUTHORITY
+example.com.	IN NS	ns.example.com.
+SECTION ADDITIONAL
+ns.example.com.		IN 	A	1.2.3.4
+ENTRY_END
+RANGE_END
+
+; ns.example.com.
+RANGE_BEGIN 0 100
+	ADDRESS 1.2.3.4
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+example.com. IN NS
+SECTION ANSWER
+example.com.    IN NS   ns.example.com.
+example.com.    3600    IN      RRSIG   NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854}
+SECTION ADDITIONAL
+ns.example.com.         IN      A       1.2.3.4
+ns.example.com. 3600    IN      RRSIG   A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854}
+ENTRY_END
+
+; response to DNSKEY priming query
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+example.com. IN DNSKEY
+SECTION ANSWER
+example.com.    3600    IN      DNSKEY  256 3 3 ALXLUsWqUrY3JYER3T4TBJII s70j+sDS/UT2QRp61SE7S3E EXopNXoFE73JLRmvpi/UrOO/Vz4Se 6wXv/CYCKjGw06U4WRgR YXcpEhJROyNapmdIKSx hOzfLVE1gqA0PweZR8d tY3aNQSRn3sPpwJr6Mi /PqQKAMMrZ9ckJpf1+b QMOOvxgzz2U1GS18b3y ZKcgTMEaJzd/GZYzi/B N2DzQ0MsrSwYXfsNLFO Bbs8PJMW4LYIxeeOe6rUgkWOF 7CC9Dh/dduQ1QrsJhmZAEFfd6ByYV+ ;{id = 2854 (zsk), size = 1688b}
+example.com.    3600    IN      RRSIG   DNSKEY 3 2 3600 20070926134802 20070829134802 2854 example.com. MCwCFG1yhRNtTEa3Eno2zhVVuy2EJX3wAhQeLyUp6+UXcpC5qGNu9tkrTEgPUg== ;{id = 2854}
+SECTION AUTHORITY
+example.com.	IN NS	ns.example.com.
+example.com.    3600    IN      RRSIG   NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854}
+SECTION ADDITIONAL
+ns.example.com.		IN 	A	1.2.3.4
+ns.example.com. 3600    IN      RRSIG   A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854}
+ENTRY_END
+
+; response to query of interest
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+example.com. IN ANY
+SECTION ANSWER
+example.com.    86400   IN      SOA     open.example.com. hostmaster.example.com. 2007090400 28800 7200 604800 18000
+example.com.    86400   IN      RRSIG   SOA 3 2 86400 20070926134150 20070829134150 2854 example.com. MC0CFQCSs8KJepwaIp5vu++/0hk04lkXvgIUdphJSAE/MYob30WcRei9/nL49tE= ;{id = 2854}
+example.com.    3600    IN      DNSKEY  256 3 3 ALXLUsWqUrY3JYER3T4TBJIIs70j+sDS/UT2QRp61SE7S3EEXopNXoFE73JLRmvpi/UrOO/Vz4Se6wXv/CYCKjGw06U4WRgRYXcpEhJROyNapmdIKSxhOzfLVE1gqA0PweZR8dtY3aNQSRn3sPpwJr6Mi/PqQKAMMrZ9ckJpf1+bQMOOvxgzz2U1GS18b3yZKcgTMEaJzd/GZYzi/BN2DzQ0MsrSwYXfsNLFOBbs8PJMW4LYIxeeOe6rUgkWOF7CC9Dh/dduQ1QrsJhmZAEFfd6ByYV+ ;{id = 2854 (zsk), size = 1688b}
+example.com.    3600    IN      RRSIG   DNSKEY 3 2 3600 20070926134150 20070829134150 2854 example.com. MCwCFHq7BNVAeLW+Uw/rkjVS08lrMDk/AhR+bvChHfiE4jLb6uoyE54/irCuqA== ;{id = 2854}
+example.com.    600     IN      NAPTR   20 0 "s" "SIP+D2U" "" _sip._udp.example.com.
+example.com.    600     IN      RRSIG   NAPTR 3 2 600 20070926134150 20070829134150 2854 example.com. MC0CFE8qs66bzuOyKmTIacamrmqabMRzAhUAn0MujX1LB0UpTHuLMgdgMgJJlq4= ;{id = 2854}
+example.com.    86400   IN      AAAA    2001:7b8:206:1::1
+example.com.    86400   IN      RRSIG   AAAA 3 2 86400 20070926134150 20070829134150 2854 example.com. MC0CFEqS4WHyqhUkv7t42TsBZJk/Q9paAhUAtTZ8GaXGpot0PmsM0oGzQU+2iw4= ;{id = 2854}
+example.com.    86400   IN      TXT     "Stichting NLnet Labs"
+example.com.    86400   IN      RRSIG   TXT 3 2 86400 20070926134150 20070829134150 2854 example.com. MCwCFH3otn2u8zXczBS8L0VKpyAYZGSkAhQLGaQclkzMAzlB5j73opFjdkh8TA== ;{id = 2854}
+example.com.    86400   IN      MX      100 v.net.example.
+example.com.    86400   IN      MX      50 open.example.com.
+example.com.    86400   IN      RRSIG   MX 3 2 86400 20070926134150 20070829134150 2854 example.com. MCwCFEKh3jeqh69zcOqWWv3GNKlMECPyAhR9HJkcPLqlyVWUccWDFJfGGcQfdg== ;{id = 2854}
+example.com.    86400   IN      NS      v.net.example.
+example.com.    86400   IN      NS      open.example.com.
+example.com.    86400   IN      NS      ns7.domain-registry.example.
+example.com.    86400   IN      RRSIG   NS 3 2 86400 20070926134150 20070829134150 2854 example.com. MC0CFQCaRn30X4neKW7KYoTa2kcsoOLgfgIURvKEyDczLypWlx99KpxzMxRYhEc= ;{id = 2854}
+example.com.    86400   IN      A       213.154.224.1
+example.com.    86400   IN      RRSIG   A 3 2 86400 20070926134150 20070829134150 2854 example.com. MCwCFH8kSLxmRTwzlGDxvF1e4y/gM+5dAhQkzyQ2a6Gf+CMaHzVScaUvTt9HhQ== ;{id = 2854}
+example.com.    18000   IN      NSEC    _sip._udp.example.com. A NS SOA MX TXT AAAA NAPTR RRSIG NSEC DNSKEY 
+example.com.    18000   IN      RRSIG   NSEC 3 2 18000 20070926134150 20070829134150 2854 example.com. MCwCFBzOGtpgq4uJ2jeuLPYl2HowIRzDAhQVXNz1haQ1mI7z9lt5gcvWW+lFhA== ;{id = 2854}
+SECTION AUTHORITY
+SECTION ADDITIONAL
+ns7.domain-registry.example. 80173   IN      A       62.4.86.230
+open.example.com.      600     IN      A       213.154.224.1
+open.example.com.      600     IN      AAAA    2001:7b8:206:1::53
+open.example.com.      600     IN      AAAA    2001:7b8:206:1::1
+v.net.example.        28800   IN      A       213.154.224.17
+v.net.example.        28800   IN      AAAA    2001:7b8:206:1:200:39ff:fe59:b187
+johnny.example.com.    600     IN      A       213.154.224.44
+open.example.com.       600     IN      RRSIG   A 3 3 600 20070926134150 20070829134150 2854 example.com. MC0CFQCh8bja923UJmg1+sYXMK8WIE4dpgIUQe9sZa0GOcUYSgb2rXoogF8af+Y= ;{id = 2854}
+open.example.com.       600     IN      RRSIG   AAAA 3 3 600 20070926134150 20070829134150 2854 example.com. MC0CFQCRGJgIS6kEVG7aJfovuG/q3cgOWwIUYEIFCnfRQlMIYWF7BKMQoMbdkE0= ;{id = 2854}
+johnny.example.com.     600     IN      RRSIG   A 3 3 600 20070926134150 20070829134150 2854 example.com. MCwCFAh0/zSpCd/9eMNz7AyfnuGQFD1ZAhQEpNFNw4XByNEcbi/vsVeii9kp7g== ;{id = 2854}
+_sip._udp.example.com.  600     IN      RRSIG   SRV 3 4 600 20070926134150 20070829134150 2854 example.com. MCwCFFSRVgOcq1ihVuO6MhCuzWs6SxpVAhRPHHCKy0JxymVkYeFOxTkbVSWMMw== ;{id = 2854}
+_sip._udp.example.com. 600     IN      SRV     0 0 5060 johnny.example.com.
+ENTRY_END
+RANGE_END
+
+STEP 1 QUERY
+ENTRY_BEGIN
+MATCH TCP
+REPLY RD DO
+SECTION QUESTION
+example.com. IN ANY
+ENTRY_END
+
+; recursion happens here.
+STEP 10 CHECK_ANSWER
+ENTRY_BEGIN
+MATCH all
+REPLY QR RD RA AD DO NOERROR
+SECTION QUESTION
+example.com. IN ANY
+SECTION ANSWER
+example.com.    86400   IN      SOA     open.example.com. hostmaster.example.com. 2007090400 28800 7200 604800 18000
+example.com.    86400   IN      RRSIG   SOA 3 2 86400 20070926134150 20070829134150 2854 example.com. MC0CFQCSs8KJepwaIp5vu++/0hk04lkXvgIUdphJSAE/MYob30WcRei9/nL49tE= ;{id = 2854}
+example.com.    3600    IN      DNSKEY  256 3 3 ALXLUsWqUrY3JYER3T4TBJIIs70j+sDS/UT2QRp61SE7S3EEXopNXoFE73JLRmvpi/UrOO/Vz4Se6wXv/CYCKjGw06U4WRgRYXcpEhJROyNapmdIKSxhOzfLVE1gqA0PweZR8dtY3aNQSRn3sPpwJr6Mi/PqQKAMMrZ9ckJpf1+bQMOOvxgzz2U1GS18b3yZKcgTMEaJzd/GZYzi/BN2DzQ0MsrSwYXfsNLFOBbs8PJMW4LYIxeeOe6rUgkWOF7CC9Dh/dduQ1QrsJhmZAEFfd6ByYV+ ;{id = 2854 (zsk), size = 1688b}
+example.com.    3600    IN      RRSIG   DNSKEY 3 2 3600 20070926134150 20070829134150 2854 example.com. MCwCFHq7BNVAeLW+Uw/rkjVS08lrMDk/AhR+bvChHfiE4jLb6uoyE54/irCuqA== ;{id = 2854}
+example.com.    600     IN      NAPTR   20 0 "s" "SIP+D2U" "" _sip._udp.example.com.
+example.com.    600     IN      RRSIG   NAPTR 3 2 600 20070926134150 20070829134150 2854 example.com. MC0CFE8qs66bzuOyKmTIacamrmqabMRzAhUAn0MujX1LB0UpTHuLMgdgMgJJlq4= ;{id = 2854}
+example.com.    86400   IN      AAAA    2001:7b8:206:1::1
+example.com.    86400   IN      RRSIG   AAAA 3 2 86400 20070926134150 20070829134150 2854 example.com. MC0CFEqS4WHyqhUkv7t42TsBZJk/Q9paAhUAtTZ8GaXGpot0PmsM0oGzQU+2iw4= ;{id = 2854}
+example.com.    86400   IN      TXT     "Stichting NLnet Labs"
+example.com.    86400   IN      RRSIG   TXT 3 2 86400 20070926134150 20070829134150 2854 example.com. MCwCFH3otn2u8zXczBS8L0VKpyAYZGSkAhQLGaQclkzMAzlB5j73opFjdkh8TA== ;{id = 2854}
+example.com.    86400   IN      MX      100 v.net.example.
+example.com.    86400   IN      MX      50 open.example.com.
+example.com.    86400   IN      RRSIG   MX 3 2 86400 20070926134150 20070829134150 2854 example.com. MCwCFEKh3jeqh69zcOqWWv3GNKlMECPyAhR9HJkcPLqlyVWUccWDFJfGGcQfdg== ;{id = 2854}
+example.com.    86400   IN      NS      v.net.example.
+example.com.    86400   IN      NS      open.example.com.
+example.com.    86400   IN      NS      ns7.domain-registry.example.
+example.com.    86400   IN      RRSIG   NS 3 2 86400 20070926134150 20070829134150 2854 example.com. MC0CFQCaRn30X4neKW7KYoTa2kcsoOLgfgIURvKEyDczLypWlx99KpxzMxRYhEc= ;{id = 2854}
+example.com.    86400   IN      A       213.154.224.1
+example.com.    86400   IN      RRSIG   A 3 2 86400 20070926134150 20070829134150 2854 example.com. MCwCFH8kSLxmRTwzlGDxvF1e4y/gM+5dAhQkzyQ2a6Gf+CMaHzVScaUvTt9HhQ== ;{id = 2854}
+example.com.    18000   IN      NSEC    _sip._udp.example.com. A NS SOA MX TXT AAAA NAPTR RRSIG NSEC DNSKEY 
+example.com.    18000   IN      RRSIG   NSEC 3 2 18000 20070926134150 20070829134150 2854 example.com. MCwCFBzOGtpgq4uJ2jeuLPYl2HowIRzDAhQVXNz1haQ1mI7z9lt5gcvWW+lFhA== ;{id = 2854}
+SECTION AUTHORITY
+SECTION ADDITIONAL
+open.example.com.      600     IN      A       213.154.224.1
+open.example.com.      600     IN      AAAA    2001:7b8:206:1::53
+open.example.com.      600     IN      AAAA    2001:7b8:206:1::1
+_sip._udp.example.com. 600     IN      SRV     0 0 5060 johnny.example.com.
+open.example.com.       600     IN      RRSIG   A 3 3 600 20070926134150 20070829134150 2854 example.com. MC0CFQCh8bja923UJmg1+sYXMK8WIE4dpgIUQe9sZa0GOcUYSgb2rXoogF8af+Y= ;{id = 2854}
+open.example.com.       600     IN      RRSIG   AAAA 3 3 600 20070926134150 20070829134150 2854 example.com. MC0CFQCRGJgIS6kEVG7aJfovuG/q3cgOWwIUYEIFCnfRQlMIYWF7BKMQoMbdkE0= ;{id = 2854}
+_sip._udp.example.com.  600     IN      RRSIG   SRV 3 4 600 20070926134150 20070829134150 2854 example.com. MCwCFFSRVgOcq1ihVuO6MhCuzWs6SxpVAhRPHHCKy0JxymVkYeFOxTkbVSWMMw== ;{id = 2854}
+ENTRY_END
+
+SCENARIO_END
diff --git a/src/test/resources/unbound/val_any_cname.rpl b/src/test/resources/unbound/val_any_cname.rpl
new file mode 100644
index 000000000..5e5d12b08
--- /dev/null
+++ b/src/test/resources/unbound/val_any_cname.rpl
@@ -0,0 +1,164 @@
+; config options
+; The island of trust is at example.com
+server:
+	trust-anchor: "example.com.    3600    IN      DS      2854 3 1 46e4ffc6e9a4793b488954bd3f0cc6af0dfb201b"
+	val-override-date: "20070916134226"
+	target-fetch-policy: "0 0 0 0 0"
+	qname-minimisation: "no"
+	fake-sha1: yes
+	trust-anchor-signaling: no
+
+stub-zone:
+	name: "."
+	stub-addr: 193.0.14.129 	# K.ROOT-SERVERS.NET.
+CONFIG_END
+
+SCENARIO_BEGIN Test validator with response to qtype ANY that includes CNAME
+
+; K.ROOT-SERVERS.NET.
+RANGE_BEGIN 0 100
+	ADDRESS 193.0.14.129 
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+. IN NS
+SECTION ANSWER
+. IN NS	K.ROOT-SERVERS.NET.
+SECTION ADDITIONAL
+K.ROOT-SERVERS.NET.	IN	A	193.0.14.129
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+www.example.com. IN ANY
+SECTION AUTHORITY
+com.	IN NS	a.gtld-servers.net.
+SECTION ADDITIONAL
+a.gtld-servers.net.	IN 	A	192.5.6.30
+ENTRY_END
+RANGE_END
+
+; a.gtld-servers.net.
+RANGE_BEGIN 0 100
+	ADDRESS 192.5.6.30
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+com. IN NS
+SECTION ANSWER
+com.    IN NS   a.gtld-servers.net.
+SECTION ADDITIONAL
+a.gtld-servers.net.     IN      A       192.5.6.30
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+www.example.com. IN ANY
+SECTION AUTHORITY
+example.com.	IN NS	ns.example.com.
+SECTION ADDITIONAL
+ns.example.com.		IN 	A	1.2.3.4
+ENTRY_END
+RANGE_END
+
+; ns.example.com.
+RANGE_BEGIN 0 100
+	ADDRESS 1.2.3.4
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+example.com. IN NS
+SECTION ANSWER
+example.com.    IN NS   ns.example.com.
+example.com.    3600    IN      RRSIG   NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854}
+SECTION ADDITIONAL
+ns.example.com.         IN      A       1.2.3.4
+ns.example.com. 3600    IN      RRSIG   A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854}
+ENTRY_END
+
+; response to DNSKEY priming query
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+example.com. IN DNSKEY
+SECTION ANSWER
+example.com.    3600    IN      DNSKEY  256 3 3 ALXLUsWqUrY3JYER3T4TBJII s70j+sDS/UT2QRp61SE7S3E EXopNXoFE73JLRmvpi/UrOO/Vz4Se 6wXv/CYCKjGw06U4WRgR YXcpEhJROyNapmdIKSx hOzfLVE1gqA0PweZR8d tY3aNQSRn3sPpwJr6Mi /PqQKAMMrZ9ckJpf1+b QMOOvxgzz2U1GS18b3y ZKcgTMEaJzd/GZYzi/B N2DzQ0MsrSwYXfsNLFO Bbs8PJMW4LYIxeeOe6rUgkWOF 7CC9Dh/dduQ1QrsJhmZAEFfd6ByYV+ ;{id = 2854 (zsk), size = 1688b}
+example.com.    3600    IN      RRSIG   DNSKEY 3 2 3600 20070926134802 20070829134802 2854 example.com. MCwCFG1yhRNtTEa3Eno2zhVVuy2EJX3wAhQeLyUp6+UXcpC5qGNu9tkrTEgPUg== ;{id = 2854}
+SECTION AUTHORITY
+example.com.	IN NS	ns.example.com.
+example.com.    3600    IN      RRSIG   NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854}
+SECTION ADDITIONAL
+ns.example.com.		IN 	A	1.2.3.4
+ns.example.com. 3600    IN      RRSIG   A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854}
+ENTRY_END
+
+; response to query of interest
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+www.example.com. IN ANY
+SECTION ANSWER
+www.example.com.	3600	IN	CNAME	serf.example.com.
+www.example.com.	3600	IN	RRSIG	CNAME 3 3 3600 20070926134150 20070829134150 2854 example.com. AH/qSA7et6tXS08u4UUsWmXbIedGFpBKhiCqqVAgV8Z95dgn/vrB5ag= ;{id = 2854}
+www.example.com.	18000	IN	NSEC	example.com. CNAME RRSIG NSEC 
+www.example.com.	18000	IN	RRSIG	NSEC 3 3 18000 20070926134150 20070829134150 2854 example.com. ACqeCl/aLq90zkeSfneQY+HnvJTUAeyTF03HWdXr3WhnYzupKAdnuQ4= ;{id = 2854}
+SECTION AUTHORITY
+SECTION ADDITIONAL
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+serf.example.com. IN ANY
+SECTION ANSWER
+serf.example.com.	3600	IN	A	192.0.2.1
+serf.example.com.	3600	IN	RRSIG	A 3 3 3600 20070926134150 20070829134150 2854 example.com. AGLOiUcDNkSCplT07hT8szlUfMHNfPh6/104ydBt4bJ6UcfXUiM3pV8= ;{id = 2854}
+serf.example.com.	18000	IN	NSEC	www.example.com. A RRSIG NSEC 
+serf.example.com.	18000	IN	RRSIG	NSEC 3 3 18000 20070926134150 20070829134150 2854 example.com. AEBNiqg7Uz+NfNvoyA4KjkqJPb7hrjyS7oPE2MGNgVwUgQrcRIxd7DA= ;{id = 2854}
+SECTION AUTHORITY
+SECTION ADDITIONAL
+ENTRY_END
+
+RANGE_END
+
+STEP 1 QUERY
+ENTRY_BEGIN
+MATCH TCP
+REPLY RD DO
+SECTION QUESTION
+www.example.com. IN ANY
+ENTRY_END
+
+; recursion happens here.
+STEP 10 CHECK_ANSWER
+ENTRY_BEGIN
+MATCH all
+REPLY QR RD RA AD DO NOERROR
+SECTION QUESTION
+www.example.com. IN ANY
+SECTION ANSWER
+www.example.com.	3600	IN	CNAME	serf.example.com.
+www.example.com.	3600	IN	RRSIG	CNAME 3 3 3600 20070926134150 20070829134150 2854 example.com. AH/qSA7et6tXS08u4UUsWmXbIedGFpBKhiCqqVAgV8Z95dgn/vrB5ag= ;{id = 2854}
+www.example.com.	18000	IN	NSEC	example.com. CNAME RRSIG NSEC 
+www.example.com.	18000	IN	RRSIG	NSEC 3 3 18000 20070926134150 20070829134150 2854 example.com. ACqeCl/aLq90zkeSfneQY+HnvJTUAeyTF03HWdXr3WhnYzupKAdnuQ4= ;{id = 2854}
+ENTRY_END
+
+SCENARIO_END
diff --git a/src/test/resources/unbound/val_any_dname.rpl b/src/test/resources/unbound/val_any_dname.rpl
new file mode 100644
index 000000000..37b38c475
--- /dev/null
+++ b/src/test/resources/unbound/val_any_dname.rpl
@@ -0,0 +1,212 @@
+; config options
+; The island of trust is at example.com
+server:
+	trust-anchor: "example.com.    3600    IN      DS      2854 3 1 46e4ffc6e9a4793b488954bd3f0cc6af0dfb201b"
+	val-override-date: "20070916134226"
+	target-fetch-policy: "0 0 0 0 0"
+	qname-minimisation: "no"
+	fake-sha1: yes
+	trust-anchor-signaling: no
+	rrset-roundrobin: no
+	harden-unknown-additional: no
+
+stub-zone:
+	name: "."
+	stub-addr: 193.0.14.129 	# K.ROOT-SERVERS.NET.
+CONFIG_END
+
+SCENARIO_BEGIN Test validator with response to qtype ANY that includes DNAME
+
+; K.ROOT-SERVERS.NET.
+RANGE_BEGIN 0 100
+	ADDRESS 193.0.14.129
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+. IN NS
+SECTION ANSWER
+. IN NS	K.ROOT-SERVERS.NET.
+SECTION ADDITIONAL
+K.ROOT-SERVERS.NET.	IN	A	193.0.14.129
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+example.com. IN ANY
+SECTION AUTHORITY
+com.	IN NS	a.gtld-servers.net.
+SECTION ADDITIONAL
+a.gtld-servers.net.	IN 	A	192.5.6.30
+ENTRY_END
+RANGE_END
+
+; a.gtld-servers.net.
+RANGE_BEGIN 0 100
+	ADDRESS 192.5.6.30
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+com. IN NS
+SECTION ANSWER
+com.    IN NS   a.gtld-servers.net.
+SECTION ADDITIONAL
+a.gtld-servers.net.     IN      A       192.5.6.30
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+example.com. IN ANY
+SECTION AUTHORITY
+example.com.	IN NS	ns.example.com.
+SECTION ADDITIONAL
+ns.example.com.		IN 	A	1.2.3.4
+ENTRY_END
+RANGE_END
+
+; ns.example.com.
+RANGE_BEGIN 0 100
+	ADDRESS 1.2.3.4
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+example.com. IN NS
+SECTION ANSWER
+example.com.    IN NS   ns.example.com.
+example.com.    3600    IN      RRSIG   NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854}
+SECTION ADDITIONAL
+ns.example.com.         IN      A       1.2.3.4
+ns.example.com. 3600    IN      RRSIG   A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854}
+ENTRY_END
+
+; response to DNSKEY priming query
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+example.com. IN DNSKEY
+SECTION ANSWER
+example.com.    3600    IN      DNSKEY  256 3 3 ALXLUsWqUrY3JYER3T4TBJII s70j+sDS/UT2QRp61SE7S3E EXopNXoFE73JLRmvpi/UrOO/Vz4Se 6wXv/CYCKjGw06U4WRgR YXcpEhJROyNapmdIKSx hOzfLVE1gqA0PweZR8d tY3aNQSRn3sPpwJr6Mi /PqQKAMMrZ9ckJpf1+b QMOOvxgzz2U1GS18b3y ZKcgTMEaJzd/GZYzi/B N2DzQ0MsrSwYXfsNLFO Bbs8PJMW4LYIxeeOe6rUgkWOF 7CC9Dh/dduQ1QrsJhmZAEFfd6ByYV+ ;{id = 2854 (zsk), size = 1688b}
+example.com.    3600    IN      RRSIG   DNSKEY 3 2 3600 20070926134802 20070829134802 2854 example.com. MCwCFG1yhRNtTEa3Eno2zhVVuy2EJX3wAhQeLyUp6+UXcpC5qGNu9tkrTEgPUg== ;{id = 2854}
+SECTION AUTHORITY
+example.com.	IN NS	ns.example.com.
+example.com.    3600    IN      RRSIG   NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854}
+SECTION ADDITIONAL
+ns.example.com.		IN 	A	1.2.3.4
+ns.example.com. 3600    IN      RRSIG   A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854}
+ENTRY_END
+
+; response to query of interest
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+example.com. IN ANY
+SECTION ANSWER
+example.com.    86400   IN      SOA     open.example.com. hostmaster.example.com. 2007090400 28800 7200 604800 18000
+example.com.    86400   IN      RRSIG   SOA 3 2 86400 20070926134150 20070829134150 2854 example.com. MC0CFQCSs8KJepwaIp5vu++/0hk04lkXvgIUdphJSAE/MYob30WcRei9/nL49tE= ;{id = 2854}
+example.com.	3600	IN	DNAME	example.net.
+example.com.    3600    IN      RRSIG   DNAME 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCdje5lZfq9kENX9a8lOOKn79BRlQIUbVCx/fXo0kfvAgC5kB8Dvd5LodQ= ;{id = 2854}
+example.com.    3600    IN      DNSKEY  256 3 3 ALXLUsWqUrY3JYER3T4TBJIIs70j+sDS/UT2QRp61SE7S3EEXopNXoFE73JLRmvpi/UrOO/Vz4Se6wXv/CYCKjGw06U4WRgRYXcpEhJROyNapmdIKSxhOzfLVE1gqA0PweZR8dtY3aNQSRn3sPpwJr6Mi/PqQKAMMrZ9ckJpf1+bQMOOvxgzz2U1GS18b3yZKcgTMEaJzd/GZYzi/BN2DzQ0MsrSwYXfsNLFOBbs8PJMW4LYIxeeOe6rUgkWOF7CC9Dh/dduQ1QrsJhmZAEFfd6ByYV+ ;{id = 2854 (zsk), size = 1688b}
+example.com.    3600    IN      RRSIG   DNSKEY 3 2 3600 20070926134150 20070829134150 2854 example.com. MCwCFHq7BNVAeLW+Uw/rkjVS08lrMDk/AhR+bvChHfiE4jLb6uoyE54/irCuqA== ;{id = 2854}
+example.com.    600     IN      NAPTR   20 0 "s" "SIP+D2U" "" _sip._udp.example.com.
+example.com.    600     IN      RRSIG   NAPTR 3 2 600 20070926134150 20070829134150 2854 example.com. MC0CFE8qs66bzuOyKmTIacamrmqabMRzAhUAn0MujX1LB0UpTHuLMgdgMgJJlq4= ;{id = 2854}
+example.com.    86400   IN      AAAA    2001:7b8:206:1::1
+example.com.    86400   IN      RRSIG   AAAA 3 2 86400 20070926134150 20070829134150 2854 example.com. MC0CFEqS4WHyqhUkv7t42TsBZJk/Q9paAhUAtTZ8GaXGpot0PmsM0oGzQU+2iw4= ;{id = 2854}
+example.com.    86400   IN      TXT     "Stichting NLnet Labs"
+example.com.    86400   IN      RRSIG   TXT 3 2 86400 20070926134150 20070829134150 2854 example.com. MCwCFH3otn2u8zXczBS8L0VKpyAYZGSkAhQLGaQclkzMAzlB5j73opFjdkh8TA== ;{id = 2854}
+example.com.    86400   IN      MX      100 v.net.example.
+example.com.    86400   IN      MX      50 open.example.com.
+example.com.    86400   IN      RRSIG   MX 3 2 86400 20070926134150 20070829134150 2854 example.com. MCwCFEKh3jeqh69zcOqWWv3GNKlMECPyAhR9HJkcPLqlyVWUccWDFJfGGcQfdg== ;{id = 2854}
+example.com.    86400   IN      NS      v.net.example.
+example.com.    86400   IN      NS      open.example.com.
+example.com.    86400   IN      NS      ns7.domain-registry.example.
+example.com.    86400   IN      RRSIG   NS 3 2 86400 20070926134150 20070829134150 2854 example.com. MC0CFQCaRn30X4neKW7KYoTa2kcsoOLgfgIURvKEyDczLypWlx99KpxzMxRYhEc= ;{id = 2854}
+example.com.    86400   IN      A       213.154.224.1
+example.com.    86400   IN      RRSIG   A 3 2 86400 20070926134150 20070829134150 2854 example.com. MCwCFH8kSLxmRTwzlGDxvF1e4y/gM+5dAhQkzyQ2a6Gf+CMaHzVScaUvTt9HhQ== ;{id = 2854}
+example.com.    18000   IN      NSEC    _sip._udp.example.com. A NS SOA MX TXT AAAA NAPTR RRSIG NSEC DNSKEY
+example.com.    18000   IN      RRSIG   NSEC 3 2 18000 20070926134150 20070829134150 2854 example.com. MCwCFBzOGtpgq4uJ2jeuLPYl2HowIRzDAhQVXNz1haQ1mI7z9lt5gcvWW+lFhA== ;{id = 2854}
+SECTION AUTHORITY
+SECTION ADDITIONAL
+ns7.domain-registry.example. 80173   IN      A       62.4.86.230
+open.example.com.      600     IN      A       213.154.224.1
+open.example.com.      600     IN      AAAA    2001:7b8:206:1::53
+open.example.com.      600     IN      AAAA    2001:7b8:206:1::1
+v.net.example.        28800   IN      A       213.154.224.17
+v.net.example.        28800   IN      AAAA    2001:7b8:206:1:200:39ff:fe59:b187
+johnny.example.com.    600     IN      A       213.154.224.44
+open.example.com.       600     IN      RRSIG   A 3 3 600 20070926134150 20070829134150 2854 example.com. MC0CFQCh8bja923UJmg1+sYXMK8WIE4dpgIUQe9sZa0GOcUYSgb2rXoogF8af+Y= ;{id = 2854}
+open.example.com.       600     IN      RRSIG   AAAA 3 3 600 20070926134150 20070829134150 2854 example.com. MC0CFQCRGJgIS6kEVG7aJfovuG/q3cgOWwIUYEIFCnfRQlMIYWF7BKMQoMbdkE0= ;{id = 2854}
+johnny.example.com.     600     IN      RRSIG   A 3 3 600 20070926134150 20070829134150 2854 example.com. MCwCFAh0/zSpCd/9eMNz7AyfnuGQFD1ZAhQEpNFNw4XByNEcbi/vsVeii9kp7g== ;{id = 2854}
+_sip._udp.example.com.  600     IN      RRSIG   SRV 3 4 600 20070926134150 20070829134150 2854 example.com. MCwCFFSRVgOcq1ihVuO6MhCuzWs6SxpVAhRPHHCKy0JxymVkYeFOxTkbVSWMMw== ;{id = 2854}
+_sip._udp.example.com. 600     IN      SRV     0 0 5060 johnny.example.com.
+ENTRY_END
+RANGE_END
+
+STEP 1 QUERY
+ENTRY_BEGIN
+MATCH TCP
+REPLY RD DO
+SECTION QUESTION
+example.com. IN ANY
+ENTRY_END
+
+; Allow validation resuming for the RRSIGs
+STEP 2 TIME_PASSES ELAPSE 0.05
+
+; recursion happens here.
+STEP 10 CHECK_ANSWER
+ENTRY_BEGIN
+MATCH all
+REPLY QR RD RA AD DO NOERROR
+SECTION QUESTION
+example.com. IN ANY
+SECTION ANSWER
+example.com.    86400   IN      SOA     open.example.com. hostmaster.example.com. 2007090400 28800 7200 604800 18000
+example.com.    86400   IN      RRSIG   SOA 3 2 86400 20070926134150 20070829134150 2854 example.com. MC0CFQCSs8KJepwaIp5vu++/0hk04lkXvgIUdphJSAE/MYob30WcRei9/nL49tE= ;{id = 2854}
+example.com.	3600	IN	DNAME	example.net.
+example.com.    3600    IN      RRSIG   DNAME 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCdje5lZfq9kENX9a8lOOKn79BRlQIUbVCx/fXo0kfvAgC5kB8Dvd5LodQ= ;{id = 2854}
+example.com.    3600    IN      DNSKEY  256 3 3 ALXLUsWqUrY3JYER3T4TBJIIs70j+sDS/UT2QRp61SE7S3EEXopNXoFE73JLRmvpi/UrOO/Vz4Se6wXv/CYCKjGw06U4WRgRYXcpEhJROyNapmdIKSxhOzfLVE1gqA0PweZR8dtY3aNQSRn3sPpwJr6Mi/PqQKAMMrZ9ckJpf1+bQMOOvxgzz2U1GS18b3yZKcgTMEaJzd/GZYzi/BN2DzQ0MsrSwYXfsNLFOBbs8PJMW4LYIxeeOe6rUgkWOF7CC9Dh/dduQ1QrsJhmZAEFfd6ByYV+ ;{id = 2854 (zsk), size = 1688b}
+example.com.    3600    IN      RRSIG   DNSKEY 3 2 3600 20070926134150 20070829134150 2854 example.com. MCwCFHq7BNVAeLW+Uw/rkjVS08lrMDk/AhR+bvChHfiE4jLb6uoyE54/irCuqA== ;{id = 2854}
+example.com.    600     IN      NAPTR   20 0 "s" "SIP+D2U" "" _sip._udp.example.com.
+example.com.    600     IN      RRSIG   NAPTR 3 2 600 20070926134150 20070829134150 2854 example.com. MC0CFE8qs66bzuOyKmTIacamrmqabMRzAhUAn0MujX1LB0UpTHuLMgdgMgJJlq4= ;{id = 2854}
+example.com.    86400   IN      AAAA    2001:7b8:206:1::1
+example.com.    86400   IN      RRSIG   AAAA 3 2 86400 20070926134150 20070829134150 2854 example.com. MC0CFEqS4WHyqhUkv7t42TsBZJk/Q9paAhUAtTZ8GaXGpot0PmsM0oGzQU+2iw4= ;{id = 2854}
+example.com.    86400   IN      TXT     "Stichting NLnet Labs"
+example.com.    86400   IN      RRSIG   TXT 3 2 86400 20070926134150 20070829134150 2854 example.com. MCwCFH3otn2u8zXczBS8L0VKpyAYZGSkAhQLGaQclkzMAzlB5j73opFjdkh8TA== ;{id = 2854}
+example.com.    86400   IN      MX      100 v.net.example.
+example.com.    86400   IN      MX      50 open.example.com.
+example.com.    86400   IN      RRSIG   MX 3 2 86400 20070926134150 20070829134150 2854 example.com. MCwCFEKh3jeqh69zcOqWWv3GNKlMECPyAhR9HJkcPLqlyVWUccWDFJfGGcQfdg== ;{id = 2854}
+example.com.    86400   IN      NS      v.net.example.
+example.com.    86400   IN      NS      open.example.com.
+example.com.    86400   IN      NS      ns7.domain-registry.example.
+example.com.    86400   IN      RRSIG   NS 3 2 86400 20070926134150 20070829134150 2854 example.com. MC0CFQCaRn30X4neKW7KYoTa2kcsoOLgfgIURvKEyDczLypWlx99KpxzMxRYhEc= ;{id = 2854}
+example.com.    86400   IN      A       213.154.224.1
+example.com.    86400   IN      RRSIG   A 3 2 86400 20070926134150 20070829134150 2854 example.com. MCwCFH8kSLxmRTwzlGDxvF1e4y/gM+5dAhQkzyQ2a6Gf+CMaHzVScaUvTt9HhQ== ;{id = 2854}
+example.com.    18000   IN      NSEC    _sip._udp.example.com. A NS SOA MX TXT AAAA NAPTR RRSIG NSEC DNSKEY
+example.com.    18000   IN      RRSIG   NSEC 3 2 18000 20070926134150 20070829134150 2854 example.com. MCwCFBzOGtpgq4uJ2jeuLPYl2HowIRzDAhQVXNz1haQ1mI7z9lt5gcvWW+lFhA== ;{id = 2854}
+SECTION AUTHORITY
+SECTION ADDITIONAL
+open.example.com.      600     IN      A       213.154.224.1
+open.example.com.      600     IN      AAAA    2001:7b8:206:1::53
+open.example.com.      600     IN      AAAA    2001:7b8:206:1::1
+_sip._udp.example.com. 600     IN      SRV     0 0 5060 johnny.example.com.
+open.example.com.       600     IN      RRSIG   A 3 3 600 20070926134150 20070829134150 2854 example.com. MC0CFQCh8bja923UJmg1+sYXMK8WIE4dpgIUQe9sZa0GOcUYSgb2rXoogF8af+Y= ;{id = 2854}
+open.example.com.       600     IN      RRSIG   AAAA 3 3 600 20070926134150 20070829134150 2854 example.com. MC0CFQCRGJgIS6kEVG7aJfovuG/q3cgOWwIUYEIFCnfRQlMIYWF7BKMQoMbdkE0= ;{id = 2854}
+_sip._udp.example.com.  600     IN      RRSIG   SRV 3 4 600 20070926134150 20070829134150 2854 example.com. MCwCFFSRVgOcq1ihVuO6MhCuzWs6SxpVAhRPHHCKy0JxymVkYeFOxTkbVSWMMw== ;{id = 2854}
+ENTRY_END
+
+SCENARIO_END
diff --git a/src/test/resources/unbound/val_cname_loop1.rpl b/src/test/resources/unbound/val_cname_loop1.rpl
new file mode 100644
index 000000000..b261ecf37
--- /dev/null
+++ b/src/test/resources/unbound/val_cname_loop1.rpl
@@ -0,0 +1,146 @@
+; config options
+; The island of trust is at example.com
+server:
+	trust-anchor: "example.com.    3600    IN      DS      2854 3 1 46e4ffc6e9a4793b488954bd3f0cc6af0dfb201b"
+	val-override-date: "20070916134226"
+	target-fetch-policy: "0 0 0 0 0"
+	qname-minimisation: "no"
+	fake-sha1: yes
+
+stub-zone:
+	name: "."
+	stub-addr: 193.0.14.129 	# K.ROOT-SERVERS.NET.
+CONFIG_END
+
+SCENARIO_BEGIN Test validator with cname loop
+
+; K.ROOT-SERVERS.NET.
+RANGE_BEGIN 0 100
+	ADDRESS 193.0.14.129 
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+. IN NS
+SECTION ANSWER
+. IN NS	K.ROOT-SERVERS.NET.
+SECTION ADDITIONAL
+K.ROOT-SERVERS.NET.	IN	A	193.0.14.129
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+www.example.com. IN A
+SECTION AUTHORITY
+com.	IN NS	a.gtld-servers.net.
+SECTION ADDITIONAL
+a.gtld-servers.net.	IN 	A	192.5.6.30
+ENTRY_END
+RANGE_END
+
+; a.gtld-servers.net.
+RANGE_BEGIN 0 100
+	ADDRESS 192.5.6.30
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+com. IN NS
+SECTION ANSWER
+com.    IN NS   a.gtld-servers.net.
+SECTION ADDITIONAL
+a.gtld-servers.net.     IN      A       192.5.6.30
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+www.example.com. IN A
+SECTION AUTHORITY
+example.com.	IN NS	ns.example.com.
+SECTION ADDITIONAL
+ns.example.com.		IN 	A	1.2.3.4
+ENTRY_END
+RANGE_END
+
+; ns.example.com.
+RANGE_BEGIN 0 100
+	ADDRESS 1.2.3.4
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+example.com. IN NS
+SECTION ANSWER
+example.com.    IN NS   ns.example.com.
+example.com.    3600    IN      RRSIG   NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854}
+SECTION ADDITIONAL
+ns.example.com.         IN      A       1.2.3.4
+ns.example.com. 3600    IN      RRSIG   A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854}
+ENTRY_END
+
+; response to DNSKEY priming query
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+example.com. IN DNSKEY
+SECTION ANSWER
+example.com.    3600    IN      DNSKEY  256 3 3 ALXLUsWqUrY3JYER3T4TBJII s70j+sDS/UT2QRp61SE7S3E EXopNXoFE73JLRmvpi/UrOO/Vz4Se 6wXv/CYCKjGw06U4WRgR YXcpEhJROyNapmdIKSx hOzfLVE1gqA0PweZR8d tY3aNQSRn3sPpwJr6Mi /PqQKAMMrZ9ckJpf1+b QMOOvxgzz2U1GS18b3y ZKcgTMEaJzd/GZYzi/B N2DzQ0MsrSwYXfsNLFO Bbs8PJMW4LYIxeeOe6rUgkWOF 7CC9Dh/dduQ1QrsJhmZAEFfd6ByYV+ ;{id = 2854 (zsk), size = 1688b}
+example.com.    3600    IN      RRSIG   DNSKEY 3 2 3600 20070926134802 20070829134802 2854 example.com. MCwCFG1yhRNtTEa3Eno2zhVVuy2EJX3wAhQeLyUp6+UXcpC5qGNu9tkrTEgPUg== ;{id = 2854}
+SECTION AUTHORITY
+example.com.	IN NS	ns.example.com.
+example.com.    3600    IN      RRSIG   NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854}
+SECTION ADDITIONAL
+ns.example.com.		IN 	A	1.2.3.4
+ns.example.com. 3600    IN      RRSIG   A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854}
+ENTRY_END
+
+; response to query of interest
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+www.example.com. IN A
+SECTION ANSWER
+www.example.com. IN	CNAME	www.example.com.
+www.example.com.        3600    IN      RRSIG   CNAME DSA 3 3600 20070926134150 20070829134150 2854 example.com. MCwCFH0SwLHe7u56TshoVciFRHEl1KqbAhQ3zBOZMlL8bt1DqoDoM5ni8U/1UA== ;{id = 2854}
+SECTION AUTHORITY
+example.com.	IN NS	ns.example.com.
+example.com.    3600    IN      RRSIG   NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854}
+SECTION ADDITIONAL
+ns.example.com.		IN 	A	1.2.3.4
+www.example.com.        3600    IN      RRSIG   A 3 3 3600 20070926134150 20070829134150 2854 example.com. MC0CFC99iE9K5y2WNgI0gFvBWaTi9wm6AhUAoUqOpDtG5Zct+Qr9F3mSdnbc6V4= ;{id = 2854}
+ENTRY_END
+RANGE_END
+
+STEP 1 QUERY
+ENTRY_BEGIN
+REPLY RD DO
+SECTION QUESTION
+www.example.com. IN A
+ENTRY_END
+
+; recursion happens here.
+STEP 10 CHECK_ANSWER
+ENTRY_BEGIN
+MATCH all
+REPLY QR RD RA DO SERVFAIL
+SECTION QUESTION
+www.example.com. IN A
+SECTION ANSWER
+SECTION AUTHORITY
+SECTION ADDITIONAL
+ENTRY_END
+
+SCENARIO_END
diff --git a/src/test/resources/unbound/val_cname_loop2.rpl b/src/test/resources/unbound/val_cname_loop2.rpl
new file mode 100644
index 000000000..009616f71
--- /dev/null
+++ b/src/test/resources/unbound/val_cname_loop2.rpl
@@ -0,0 +1,155 @@
+; config options
+; The island of trust is at example.com
+server:
+	trust-anchor: "example.com.    3600    IN      DS      2854 3 1 46e4ffc6e9a4793b488954bd3f0cc6af0dfb201b"
+	val-override-date: "20070916134226"
+	target-fetch-policy: "0 0 0 0 0"
+	qname-minimisation: "no"
+	fake-sha1: yes
+
+stub-zone:
+	name: "."
+	stub-addr: 193.0.14.129 	# K.ROOT-SERVERS.NET.
+CONFIG_END
+
+SCENARIO_BEGIN Test validator with cname 2 step loop
+
+; K.ROOT-SERVERS.NET.
+RANGE_BEGIN 0 100
+	ADDRESS 193.0.14.129 
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+. IN NS
+SECTION ANSWER
+. IN NS	K.ROOT-SERVERS.NET.
+SECTION ADDITIONAL
+K.ROOT-SERVERS.NET.	IN	A	193.0.14.129
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+www.example.com. IN A
+SECTION AUTHORITY
+com.	IN NS	a.gtld-servers.net.
+SECTION ADDITIONAL
+a.gtld-servers.net.	IN 	A	192.5.6.30
+ENTRY_END
+RANGE_END
+
+; a.gtld-servers.net.
+RANGE_BEGIN 0 100
+	ADDRESS 192.5.6.30
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+com. IN NS
+SECTION ANSWER
+com.    IN NS   a.gtld-servers.net.
+SECTION ADDITIONAL
+a.gtld-servers.net.     IN      A       192.5.6.30
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+www.example.com. IN A
+SECTION AUTHORITY
+example.com.	IN NS	ns.example.com.
+SECTION ADDITIONAL
+ns.example.com.		IN 	A	1.2.3.4
+ENTRY_END
+RANGE_END
+
+; ns.example.com.
+RANGE_BEGIN 0 100
+	ADDRESS 1.2.3.4
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+example.com. IN NS
+SECTION ANSWER
+example.com.    IN NS   ns.example.com.
+example.com.    3600    IN      RRSIG   NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854}
+SECTION ADDITIONAL
+ns.example.com.         IN      A       1.2.3.4
+ns.example.com. 3600    IN      RRSIG   A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854}
+ENTRY_END
+
+; response to DNSKEY priming query
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+example.com. IN DNSKEY
+SECTION ANSWER
+example.com.    3600    IN      DNSKEY  256 3 3 ALXLUsWqUrY3JYER3T4TBJII s70j+sDS/UT2QRp61SE7S3E EXopNXoFE73JLRmvpi/UrOO/Vz4Se 6wXv/CYCKjGw06U4WRgR YXcpEhJROyNapmdIKSx hOzfLVE1gqA0PweZR8d tY3aNQSRn3sPpwJr6Mi /PqQKAMMrZ9ckJpf1+b QMOOvxgzz2U1GS18b3y ZKcgTMEaJzd/GZYzi/B N2DzQ0MsrSwYXfsNLFO Bbs8PJMW4LYIxeeOe6rUgkWOF 7CC9Dh/dduQ1QrsJhmZAEFfd6ByYV+ ;{id = 2854 (zsk), size = 1688b}
+example.com.    3600    IN      RRSIG   DNSKEY 3 2 3600 20070926134802 20070829134802 2854 example.com. MCwCFG1yhRNtTEa3Eno2zhVVuy2EJX3wAhQeLyUp6+UXcpC5qGNu9tkrTEgPUg== ;{id = 2854}
+SECTION AUTHORITY
+example.com.	IN NS	ns.example.com.
+example.com.    3600    IN      RRSIG   NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854}
+SECTION ADDITIONAL
+ns.example.com.		IN 	A	1.2.3.4
+ns.example.com. 3600    IN      RRSIG   A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854}
+ENTRY_END
+
+; response to query of interest
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+www.example.com. IN A
+SECTION ANSWER
+www.example.com. IN	CNAME	foo.example.com.
+www.example.com.        3600    IN      RRSIG   CNAME DSA 3 3600 20070926134150 20070829134150 2854 example.com. MCwCFH0SwLHe7u56TshoVciFRHEl1KqbAhQ3zBOZMlL8bt1DqoDoM5ni8U/1UA== ;{id = 2854}
+SECTION AUTHORITY
+SECTION ADDITIONAL
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+foo.example.com. IN A
+SECTION ANSWER
+foo.example.com. IN	CNAME	www.example.com.
+foo.example.com.        3600    IN      RRSIG   CNAME DSA 3 3600 20070926134150 20070829134150 2854 example.com. MC0CFC7kcWPsMnGbjvzj5UNnxQzM0YvnAhUAgxIKgs1huJHvcAP2Xt3p8Adpy/c= ;{id = 2854}
+SECTION AUTHORITY
+SECTION ADDITIONAL
+ENTRY_END
+RANGE_END
+
+STEP 1 QUERY
+ENTRY_BEGIN
+REPLY RD DO
+SECTION QUESTION
+www.example.com. IN A
+ENTRY_END
+
+; recursion happens here.
+STEP 10 CHECK_ANSWER
+ENTRY_BEGIN
+MATCH all
+REPLY QR RD RA DO SERVFAIL
+SECTION QUESTION
+www.example.com. IN A
+SECTION ANSWER
+SECTION AUTHORITY
+SECTION ADDITIONAL
+ENTRY_END
+
+SCENARIO_END
diff --git a/src/test/resources/unbound/val_cname_loop3.rpl b/src/test/resources/unbound/val_cname_loop3.rpl
new file mode 100644
index 000000000..acdd110ed
--- /dev/null
+++ b/src/test/resources/unbound/val_cname_loop3.rpl
@@ -0,0 +1,168 @@
+; config options
+; The island of trust is at example.com
+server:
+	trust-anchor: "example.com.    3600    IN      DS      2854 3 1 46e4ffc6e9a4793b488954bd3f0cc6af0dfb201b"
+	val-override-date: "20070916134226"
+	target-fetch-policy: "0 0 0 0 0"
+	qname-minimisation: "no"
+	fake-sha1: yes
+
+stub-zone:
+	name: "."
+	stub-addr: 193.0.14.129 	# K.ROOT-SERVERS.NET.
+CONFIG_END
+
+SCENARIO_BEGIN Test validator with cname 3 step loop
+
+; K.ROOT-SERVERS.NET.
+RANGE_BEGIN 0 100
+	ADDRESS 193.0.14.129 
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+. IN NS
+SECTION ANSWER
+. IN NS	K.ROOT-SERVERS.NET.
+SECTION ADDITIONAL
+K.ROOT-SERVERS.NET.	IN	A	193.0.14.129
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+www.example.com. IN A
+SECTION AUTHORITY
+com.	IN NS	a.gtld-servers.net.
+SECTION ADDITIONAL
+a.gtld-servers.net.	IN 	A	192.5.6.30
+ENTRY_END
+RANGE_END
+
+; a.gtld-servers.net.
+RANGE_BEGIN 0 100
+	ADDRESS 192.5.6.30
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+com. IN NS
+SECTION ANSWER
+com.    IN NS   a.gtld-servers.net.
+SECTION ADDITIONAL
+a.gtld-servers.net.     IN      A       192.5.6.30
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+www.example.com. IN A
+SECTION AUTHORITY
+example.com.	IN NS	ns.example.com.
+SECTION ADDITIONAL
+ns.example.com.		IN 	A	1.2.3.4
+ENTRY_END
+RANGE_END
+
+; ns.example.com.
+RANGE_BEGIN 0 100
+	ADDRESS 1.2.3.4
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+example.com. IN NS
+SECTION ANSWER
+example.com.    IN NS   ns.example.com.
+example.com.    3600    IN      RRSIG   NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854}
+SECTION ADDITIONAL
+ns.example.com.         IN      A       1.2.3.4
+ns.example.com. 3600    IN      RRSIG   A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854}
+ENTRY_END
+
+; response to DNSKEY priming query
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+example.com. IN DNSKEY
+SECTION ANSWER
+example.com.    3600    IN      DNSKEY  256 3 3 ALXLUsWqUrY3JYER3T4TBJII s70j+sDS/UT2QRp61SE7S3E EXopNXoFE73JLRmvpi/UrOO/Vz4Se 6wXv/CYCKjGw06U4WRgR YXcpEhJROyNapmdIKSx hOzfLVE1gqA0PweZR8d tY3aNQSRn3sPpwJr6Mi /PqQKAMMrZ9ckJpf1+b QMOOvxgzz2U1GS18b3y ZKcgTMEaJzd/GZYzi/B N2DzQ0MsrSwYXfsNLFO Bbs8PJMW4LYIxeeOe6rUgkWOF 7CC9Dh/dduQ1QrsJhmZAEFfd6ByYV+ ;{id = 2854 (zsk), size = 1688b}
+example.com.    3600    IN      RRSIG   DNSKEY 3 2 3600 20070926134802 20070829134802 2854 example.com. MCwCFG1yhRNtTEa3Eno2zhVVuy2EJX3wAhQeLyUp6+UXcpC5qGNu9tkrTEgPUg== ;{id = 2854}
+SECTION AUTHORITY
+example.com.	IN NS	ns.example.com.
+example.com.    3600    IN      RRSIG   NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854}
+SECTION ADDITIONAL
+ns.example.com.		IN 	A	1.2.3.4
+ns.example.com. 3600    IN      RRSIG   A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854}
+ENTRY_END
+
+; response to query of interest
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+www.example.com. IN A
+SECTION ANSWER
+www.example.com. IN	CNAME	foo.example.com.
+www.example.com.        3600    IN      RRSIG   CNAME DSA 3 3600 20070926134150 20070829134150 2854 example.com. MCwCFH0SwLHe7u56TshoVciFRHEl1KqbAhQ3zBOZMlL8bt1DqoDoM5ni8U/1UA== ;{id = 2854}
+SECTION AUTHORITY
+SECTION ADDITIONAL
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+foo.example.com. IN A
+SECTION ANSWER
+foo.example.com. IN	CNAME	bar.example.com.
+foo.example.com.        3600    IN      RRSIG   CNAME DSA 3 3600 20070926134150 20070829134150 2854 example.com. MC0CFFMlXuWrNL/8aYOl9U9WYjgif8gAAhUAqsC/xOXakHP1SYxMSLANziOik94= ;{id = 2854}
+SECTION AUTHORITY
+SECTION ADDITIONAL
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+bar.example.com. IN A
+SECTION ANSWER
+bar.example.com. IN	CNAME	www.example.com.
+bar.example.com.        3600    IN      RRSIG   CNAME DSA 3 3600 20070926134150 20070829134150 2854 example.com. MCwCFAsalUJJSV86uPlfiGS3kKDc0JB7AhQ+qmHqagY/r36Re/J3Q1OfvcA1dA== ;{id = 2854}
+SECTION AUTHORITY
+SECTION ADDITIONAL
+ENTRY_END
+RANGE_END
+
+STEP 1 QUERY
+ENTRY_BEGIN
+REPLY RD
+SECTION QUESTION
+www.example.com. IN A
+ENTRY_END
+
+; recursion happens here.
+STEP 10 CHECK_ANSWER
+ENTRY_BEGIN
+MATCH all
+REPLY QR RD RA SERVFAIL
+SECTION QUESTION
+www.example.com. IN A
+SECTION ANSWER
+SECTION AUTHORITY
+SECTION ADDITIONAL
+ENTRY_END
+
+SCENARIO_END
diff --git a/src/test/resources/unbound/val_cnameinsectopos.rpl b/src/test/resources/unbound/val_cnameinsectopos.rpl
new file mode 100644
index 000000000..c73118cfc
--- /dev/null
+++ b/src/test/resources/unbound/val_cnameinsectopos.rpl
@@ -0,0 +1,293 @@
+; config options
+; The island of trust is at example.com
+server:
+	;trust-anchor: "example.com.    3600    IN      DS      2854 3 1 46e4ffc6e9a4793b488954bd3f0cc6af0dfb201b"
+	trust-anchor: "example.net.    3600    IN      DNSKEY  256 3 5 AQPQ41chR9DEHt/aIzIFAqanbDlRflJoRs5yz1jFsoRIT7dWf0r+PeDuewdxkszNH6wnU4QL8pfKFRh5PIYVBLK3 ;{id = 30899 (zsk), size = 512b}"
+	val-override-date: "20070916134226"
+	target-fetch-policy: "0 0 0 0 0"
+	qname-minimisation: "no"
+	fake-sha1: yes
+	val-min-rsa-size: 512
+	trust-anchor-signaling: no
+
+stub-zone:
+	name: "."
+	stub-addr: 193.0.14.129 	# K.ROOT-SERVERS.NET.
+CONFIG_END
+
+SCENARIO_BEGIN Test validator with an insecure cname to positive cached
+
+; K.ROOT-SERVERS.NET.
+RANGE_BEGIN 0 100
+	ADDRESS 193.0.14.129
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+. IN NS
+SECTION ANSWER
+. IN NS	K.ROOT-SERVERS.NET.
+SECTION ADDITIONAL
+K.ROOT-SERVERS.NET.	IN	A	193.0.14.129
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+www.example.com. IN A
+SECTION AUTHORITY
+com.	IN NS	a.gtld-servers.net.
+SECTION ADDITIONAL
+a.gtld-servers.net.	IN 	A	192.5.6.30
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+www.example.net. IN A
+SECTION AUTHORITY
+net.	IN NS	a.gtld-servers.net.
+SECTION ADDITIONAL
+a.gtld-servers.net.	IN 	A	192.5.6.30
+ENTRY_END
+RANGE_END
+
+; a.gtld-servers.net.
+RANGE_BEGIN 0 100
+	ADDRESS 192.5.6.30
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+com. IN NS
+SECTION ANSWER
+com.    IN NS   a.gtld-servers.net.
+SECTION ADDITIONAL
+a.gtld-servers.net.     IN      A       192.5.6.30
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+net. IN NS
+SECTION ANSWER
+net.    IN NS   a.gtld-servers.net.
+SECTION ADDITIONAL
+a.gtld-servers.net.     IN      A       192.5.6.30
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+www.example.com. IN A
+SECTION AUTHORITY
+example.com.	IN NS	ns.example.com.
+SECTION ADDITIONAL
+ns.example.com.		IN 	A	1.2.3.4
+ENTRY_END
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+www.example.net. IN A
+SECTION AUTHORITY
+example.net.	IN NS	ns.example.net.
+SECTION ADDITIONAL
+ns.example.net.		IN 	A	1.2.3.5
+ENTRY_END
+RANGE_END
+
+; ns.example.com.
+RANGE_BEGIN 0 100
+	ADDRESS 1.2.3.4
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+example.com. IN NS
+SECTION ANSWER
+example.com.    IN NS   ns.example.com.
+example.com.    3600    IN      RRSIG   NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854}
+SECTION ADDITIONAL
+ns.example.com.         IN      A       1.2.3.4
+ns.example.com. 3600    IN      RRSIG   A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854}
+ENTRY_END
+
+; response to DNSKEY priming query
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+example.com. IN DNSKEY
+SECTION ANSWER
+example.com.    3600    IN      DNSKEY  256 3 3 ALXLUsWqUrY3JYER3T4TBJII s70j+sDS/UT2QRp61SE7S3E EXopNXoFE73JLRmvpi/UrOO/Vz4Se 6wXv/CYCKjGw06U4WRgR YXcpEhJROyNapmdIKSx hOzfLVE1gqA0PweZR8d tY3aNQSRn3sPpwJr6Mi /PqQKAMMrZ9ckJpf1+b QMOOvxgzz2U1GS18b3y ZKcgTMEaJzd/GZYzi/B N2DzQ0MsrSwYXfsNLFO Bbs8PJMW4LYIxeeOe6rUgkWOF 7CC9Dh/dduQ1QrsJhmZAEFfd6ByYV+ ;{id = 2854 (zsk), size = 1688b}
+example.com. 3600    IN      RRSIG   DNSKEY DSA 2 3600 20070926134150 20070829134150 2854 example.com. MCwCFBQRtlR4BEv9ohi+PGFjp+AHsJuHAhRCvz0shggvnvI88DFnBDCczHUcVA== ;{id = 2854}
+SECTION AUTHORITY
+example.com.	IN NS	ns.example.com.
+example.com.    3600    IN      RRSIG   NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854}
+SECTION ADDITIONAL
+ns.example.com.		IN 	A	1.2.3.4
+ns.example.com. 3600    IN      RRSIG   A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854}
+ENTRY_END
+
+; response to query of interest
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+www.example.com. IN A
+SECTION ANSWER
+www.example.com. IN	CNAME	www.example.net.
+www.example.com.        3600    IN      RRSIG   CNAME DSA 3 3600 20070926134150 20070829134150 2854 example.com. MC0CFGcJxnNxpWCBzXejiSdl4p1BKRMnAhUApoJrugVBRwFgAoYAhhqlZFac7fE= ;{id = 2854}
+SECTION AUTHORITY
+SECTION ADDITIONAL
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR AA NOERROR
+SECTION QUESTION
+insecure.example.com. IN A
+SECTION ANSWER
+insecure.example.com. IN	CNAME	www.example.net.
+SECTION AUTHORITY
+SECTION ADDITIONAL
+ENTRY_END
+RANGE_END
+
+; ns.example.net.
+RANGE_BEGIN 0 100
+	ADDRESS 1.2.3.5
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+example.net. IN NS
+SECTION ANSWER
+example.net.	IN NS	ns.example.net.
+example.net.    3600    IN      RRSIG   NS RSASHA1 2 3600 20070926134150 20070829134150 30899 example.net. E8JX0l4B+cSR5bkHQwOJy1pBmlLMTYCJ8EwfNMU/eCv0YhKwo26rHhn52FGisgv+Nwp7/NbhHqQ+kJgoZC94XA== ;{id = 30899}
+SECTION ADDITIONAL
+ns.example.net.		IN 	A	1.2.3.5
+ns.example.net. 3600    IN      RRSIG   A RSASHA1 3 3600 20070926134150 20070829134150 30899 example.net. x+tQMC9FhzT7Fcy1pM5NrOC7E8nLd7THPI3C6ie4EwL8PrxllqlR3q/DKB0d/m0qCOPcgN6HFOYURV1s4uAcsw== ;{id = 30899}
+ENTRY_END
+
+; response to DNSKEY priming query
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+example.net. IN DNSKEY
+SECTION ANSWER
+example.net.    3600    IN      DNSKEY  256 3 5 AQPQ41chR9DEHt/aIzIFAqanbDlRflJoRs5yz1jFsoRIT7dWf0r+PeDuewdxkszNH6wnU4QL8pfKFRh5PIYVBLK3 ;{id = 30899 (zsk), size = 512b}
+example.net.    3600    IN      RRSIG   DNSKEY RSASHA1 2 3600 20070926134150 20070829134150 30899 example.net. hiFzlQ8VoYgCuvIsfVuxC3mfJDqsTh0yc6abs5xMx5uEcIjb0dndFQx7INOM+imlzveEN73Hqp4OLFpFhsWLlw== ;{id = 30899}
+SECTION AUTHORITY
+example.net.	IN NS	ns.example.net.
+example.net.    3600    IN      RRSIG   NS RSASHA1 2 3600 20070926134150 20070829134150 30899 example.net. E8JX0l4B+cSR5bkHQwOJy1pBmlLMTYCJ8EwfNMU/eCv0YhKwo26rHhn52FGisgv+Nwp7/NbhHqQ+kJgoZC94XA== ;{id = 30899}
+SECTION ADDITIONAL
+ns.example.net.		IN 	A	1.2.3.5
+ns.example.net. 3600    IN      RRSIG   A RSASHA1 3 3600 20070926134150 20070829134150 30899 example.net. x+tQMC9FhzT7Fcy1pM5NrOC7E8nLd7THPI3C6ie4EwL8PrxllqlR3q/DKB0d/m0qCOPcgN6HFOYURV1s4uAcsw== ;{id = 30899}
+ENTRY_END
+
+; response to query of interest
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+www.example.net. IN A
+SECTION ANSWER
+www.example.net. IN	A	11.12.13.14
+www.example.net.        3600    IN      RRSIG   A 5 3 3600 20070926134150 20070829134150 30899 example.net. CPxF5hK9Kg5eT7W6LgZwr0ePYEm9HMcSY4vvqCS6gDWB4X9jvXLCfBkCLhsNybPBpGWlsLi5wM6MTdJXuPpsRA== ;{id = 30899}
+SECTION AUTHORITY
+SECTION ADDITIONAL
+ENTRY_END
+RANGE_END
+
+STEP 1 QUERY
+ENTRY_BEGIN
+REPLY RD DO
+SECTION QUESTION
+www.example.com. IN A
+ENTRY_END
+
+; recursion happens here.
+STEP 10 CHECK_ANSWER
+ENTRY_BEGIN
+MATCH all
+REPLY QR RD RA DO NOERROR
+SECTION QUESTION
+www.example.com. IN A
+SECTION ANSWER
+www.example.com. IN	CNAME	www.example.net.
+www.example.com.        3600    IN      RRSIG   CNAME DSA 3 3600 20070926134150 20070829134150 2854 example.com. MC0CFGcJxnNxpWCBzXejiSdl4p1BKRMnAhUApoJrugVBRwFgAoYAhhqlZFac7fE= ;{id = 2854}
+www.example.net. IN	A	11.12.13.14
+www.example.net.        3600    IN      RRSIG   A 5 3 3600 20070926134150 20070829134150 30899 example.net. CPxF5hK9Kg5eT7W6LgZwr0ePYEm9HMcSY4vvqCS6gDWB4X9jvXLCfBkCLhsNybPBpGWlsLi5wM6MTdJXuPpsRA== ;{id = 30899}
+SECTION AUTHORITY
+SECTION ADDITIONAL
+ENTRY_END
+
+
+; Get www.example.net validated in the cache.
+STEP 30 QUERY
+ENTRY_BEGIN
+REPLY RD DO
+SECTION QUESTION
+www.example.net. IN A
+ENTRY_END
+
+; recursion happens here.
+STEP 40 CHECK_ANSWER
+ENTRY_BEGIN
+MATCH all
+REPLY QR RD RA AD DO NOERROR
+SECTION QUESTION
+www.example.net. IN A
+SECTION ANSWER
+www.example.net. IN	A	11.12.13.14
+www.example.net.        3600    IN      RRSIG   A 5 3 3600 20070926134150 20070829134150 30899 example.net. CPxF5hK9Kg5eT7W6LgZwr0ePYEm9HMcSY4vvqCS6gDWB4X9jvXLCfBkCLhsNybPBpGWlsLi5wM6MTdJXuPpsRA== ;{id = 30899}
+SECTION AUTHORITY
+SECTION ADDITIONAL
+ENTRY_END
+
+
+; reference the cache object
+STEP 50 QUERY
+ENTRY_BEGIN
+REPLY RD DO
+SECTION QUESTION
+insecure.example.com. IN A
+ENTRY_END
+
+STEP 60 CHECK_ANSWER
+ENTRY_BEGIN
+MATCH all
+REPLY QR RD RA DO NOERROR
+SECTION QUESTION
+insecure.example.com. IN A
+SECTION ANSWER
+insecure.example.com. IN	CNAME	www.example.net.
+www.example.net. IN	A	11.12.13.14
+www.example.net.        3600    IN      RRSIG   A 5 3 3600 20070926134150 20070829134150 30899 example.net. CPxF5hK9Kg5eT7W6LgZwr0ePYEm9HMcSY4vvqCS6gDWB4X9jvXLCfBkCLhsNybPBpGWlsLi5wM6MTdJXuPpsRA== ;{id = 30899}
+SECTION AUTHORITY
+SECTION ADDITIONAL
+ENTRY_END
+
+
+SCENARIO_END
diff --git a/src/test/resources/unbound/val_cnamenx_dblnsec.rpl b/src/test/resources/unbound/val_cnamenx_dblnsec.rpl
new file mode 100644
index 000000000..4a0432442
--- /dev/null
+++ b/src/test/resources/unbound/val_cnamenx_dblnsec.rpl
@@ -0,0 +1,179 @@
+; config options
+; The island of trust is at example.com
+server:
+	trust-anchor: "example.com.    3600    IN      DS      2854 3 1 46e4ffc6e9a4793b488954bd3f0cc6af0dfb201b"
+	val-override-date: "20070916134226"
+	target-fetch-policy: "0 0 0 0 0"
+	qname-minimisation: "no"
+	fake-sha1: yes
+	trust-anchor-signaling: no
+
+stub-zone:
+	name: "."
+	stub-addr: 193.0.14.129 	# K.ROOT-SERVERS.NET.
+CONFIG_END
+
+SCENARIO_BEGIN Test validator with cname-nxdomain for duplicate NSEC detection
+
+; K.ROOT-SERVERS.NET.
+RANGE_BEGIN 0 100
+	ADDRESS 193.0.14.129 
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+. IN NS
+SECTION ANSWER
+. IN NS	K.ROOT-SERVERS.NET.
+SECTION ADDITIONAL
+K.ROOT-SERVERS.NET.	IN	A	193.0.14.129
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+cname.example.com. IN A
+SECTION AUTHORITY
+com.	IN NS	a.gtld-servers.net.
+SECTION ADDITIONAL
+a.gtld-servers.net.	IN 	A	192.5.6.30
+ENTRY_END
+RANGE_END
+
+; a.gtld-servers.net.
+RANGE_BEGIN 0 100
+	ADDRESS 192.5.6.30
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+com. IN NS
+SECTION ANSWER
+com.    IN NS   a.gtld-servers.net.
+SECTION ADDITIONAL
+a.gtld-servers.net.     IN      A       192.5.6.30
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+cname.example.com. IN A
+SECTION AUTHORITY
+example.com.	IN NS	ns.example.com.
+SECTION ADDITIONAL
+ns.example.com.		IN 	A	1.2.3.4
+ENTRY_END
+RANGE_END
+
+; ns.example.com.
+RANGE_BEGIN 0 100
+	ADDRESS 1.2.3.4
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+example.com. IN NS
+SECTION ANSWER
+example.com.    IN NS   ns.example.com.
+example.com.    3600    IN      RRSIG   NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854}
+SECTION ADDITIONAL
+ns.example.com.         IN      A       1.2.3.4
+ns.example.com. 3600    IN      RRSIG   A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854}
+ENTRY_END
+
+; response to DNSKEY priming query
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+example.com. IN DNSKEY
+SECTION ANSWER
+example.com.    3600    IN      DNSKEY  256 3 3 ALXLUsWqUrY3JYER3T4TBJII s70j+sDS/UT2QRp61SE7S3E EXopNXoFE73JLRmvpi/UrOO/Vz4Se 6wXv/CYCKjGw06U4WRgR YXcpEhJROyNapmdIKSx hOzfLVE1gqA0PweZR8d tY3aNQSRn3sPpwJr6Mi /PqQKAMMrZ9ckJpf1+b QMOOvxgzz2U1GS18b3y ZKcgTMEaJzd/GZYzi/B N2DzQ0MsrSwYXfsNLFO Bbs8PJMW4LYIxeeOe6rUgkWOF 7CC9Dh/dduQ1QrsJhmZAEFfd6ByYV+ ;{id = 2854 (zsk), size = 1688b}
+example.com.    3600    IN      RRSIG   DNSKEY 3 2 3600 20070926134802 20070829134802 2854 example.com. MCwCFG1yhRNtTEa3Eno2zhVVuy2EJX3wAhQeLyUp6+UXcpC5qGNu9tkrTEgPUg== ;{id = 2854}
+SECTION AUTHORITY
+example.com.	IN NS	ns.example.com.
+example.com.    3600    IN      RRSIG   NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854}
+SECTION ADDITIONAL
+ns.example.com.		IN 	A	1.2.3.4
+ns.example.com. 3600    IN      RRSIG   A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854}
+ENTRY_END
+
+; response to query of interest
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR AA NXDOMAIN
+SECTION QUESTION
+cname.example.com. IN A
+SECTION ANSWER
+cname.example.com.      3600    IN      CNAME   www.example.com.
+cname.example.com.      3600    IN      RRSIG   CNAME 3 3 3600 20070926134150 20070829134150 2854 example.com. MC0CFBhJC8qi+g+EOYqzT2q6RxE8Im09AhUAotz8NFnpY+cpEDNBKjM940a74/E= ;{id = 2854}
+SECTION AUTHORITY
+; already includes the necessary NSECs
+example.com.	IN SOA	ns.example.com. hostmaster.example.com. 2007090400 28800 7200 604800 18000
+example.com.    3600    IN      RRSIG   SOA 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFCNGZ+/OfElYQMCZ77O9Lw9rhk7PAhUAmDcvTAst6Bq83qPq3r6c/Dm1nFc= ;{id = 2854}
+; wildcard denial
+example.com.    IN      NSEC    abc.example.com. SOA NS DNSKEY NSEC RRSIG
+example.com.    3600    IN      RRSIG   NSEC 3 2 3600 20070926134150 20070829134150 2854 example.com. MCwCFHV2IBWyTmDJvZ+sT+WsGrJX0op/AhQkAijjnjPAtx/tNub2FAGqcexJSg== ;{id = 2854}
+; qname denial
+wab.example.com.        IN      NSEC    wzz.example.com. A NSEC RRSIG
+wab.example.com.        3600    IN      RRSIG   NSEC 3 3 3600 20070926134150 20070829134150 2854 example.com. MC0CFG5DZSEIZC088rjcB1e6sQx8nQz4AhUAtQ09tP1YYLJkhL/Wg1KV2pW4Ivk= ;{id = 2854}
+SECTION ADDITIONAL
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR AA NXDOMAIN
+SECTION QUESTION
+www.example.com. IN A
+SECTION ANSWER
+SECTION AUTHORITY
+example.com.	IN SOA	ns.example.com. hostmaster.example.com. 2007090400 28800 7200 604800 18000
+example.com.    3600    IN      RRSIG   SOA 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFCNGZ+/OfElYQMCZ77O9Lw9rhk7PAhUAmDcvTAst6Bq83qPq3r6c/Dm1nFc= ;{id = 2854}
+; wildcard denial
+example.com.    IN      NSEC    abc.example.com. SOA NS DNSKEY NSEC RRSIG
+example.com.    3600    IN      RRSIG   NSEC 3 2 3600 20070926134150 20070829134150 2854 example.com. MCwCFHV2IBWyTmDJvZ+sT+WsGrJX0op/AhQkAijjnjPAtx/tNub2FAGqcexJSg== ;{id = 2854}
+; qname denial
+wab.example.com.        IN      NSEC    wzz.example.com. A NSEC RRSIG
+wab.example.com.        3600    IN      RRSIG   NSEC 3 3 3600 20070926134150 20070829134150 2854 example.com. MC0CFG5DZSEIZC088rjcB1e6sQx8nQz4AhUAtQ09tP1YYLJkhL/Wg1KV2pW4Ivk= ;{id = 2854}
+SECTION ADDITIONAL
+ENTRY_END
+RANGE_END
+
+STEP 1 QUERY
+ENTRY_BEGIN
+REPLY RD DO
+SECTION QUESTION
+cname.example.com. IN A
+ENTRY_END
+
+; recursion happens here.
+STEP 10 CHECK_ANSWER
+ENTRY_BEGIN
+MATCH all
+REPLY QR RD RA AD DO NXDOMAIN
+SECTION QUESTION
+cname.example.com. IN A
+SECTION ANSWER
+cname.example.com.      3600    IN      CNAME   www.example.com.
+cname.example.com.      3600    IN      RRSIG   CNAME 3 3 3600 20070926134150 20070829134150 2854 example.com. MC0CFBhJC8qi+g+EOYqzT2q6RxE8Im09AhUAotz8NFnpY+cpEDNBKjM940a74/E= ;{id = 2854}
+SECTION AUTHORITY
+example.com.	IN SOA	ns.example.com. hostmaster.example.com. 2007090400 28800 7200 604800 18000
+example.com.    3600    IN      RRSIG   SOA 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFCNGZ+/OfElYQMCZ77O9Lw9rhk7PAhUAmDcvTAst6Bq83qPq3r6c/Dm1nFc= ;{id = 2854}
+example.com.    IN      NSEC    abc.example.com. SOA NS DNSKEY NSEC RRSIG
+example.com.    3600    IN      RRSIG   NSEC 3 2 3600 20070926134150 20070829134150 2854 example.com. MCwCFHV2IBWyTmDJvZ+sT+WsGrJX0op/AhQkAijjnjPAtx/tNub2FAGqcexJSg== ;{id = 2854}
+wab.example.com.        IN      NSEC    wzz.example.com. A NSEC RRSIG
+wab.example.com.        3600    IN      RRSIG   NSEC 3 3 3600 20070926134150 20070829134150 2854 example.com. MC0CFG5DZSEIZC088rjcB1e6sQx8nQz4AhUAtQ09tP1YYLJkhL/Wg1KV2pW4Ivk= ;{id = 2854}
+SECTION ADDITIONAL
+ENTRY_END
+
+SCENARIO_END
diff --git a/src/test/resources/unbound/val_cnamenx_rcodenx.rpl b/src/test/resources/unbound/val_cnamenx_rcodenx.rpl
new file mode 100644
index 000000000..1d63ca9c1
--- /dev/null
+++ b/src/test/resources/unbound/val_cnamenx_rcodenx.rpl
@@ -0,0 +1,238 @@
+; config options
+; The island of trust is at example.com
+server:
+	trust-anchor: "example.com.    3600    IN      DS      2854 3 1 46e4ffc6e9a4793b488954bd3f0cc6af0dfb201b"
+	trust-anchor: "example.net.    3600    IN      DNSKEY  256 3 5 AQPQ41chR9DEHt/aIzIFAqanbDlRflJoRs5yz1jFsoRIT7dWf0r+PeDuewdxkszNH6wnU4QL8pfKFRh5PIYVBLK3 ;{id = 30899 (zsk), size = 512b}"
+	val-override-date: "20070916134226"
+	val-min-rsa-size: 512
+	target-fetch-policy: "0 0 0 0 0"
+	qname-minimisation: "no"
+	fake-sha1: yes
+	trust-anchor-signaling: no
+
+stub-zone:
+	name: "."
+	stub-addr: 193.0.14.129 	# K.ROOT-SERVERS.NET.
+CONFIG_END
+
+SCENARIO_BEGIN Test validator with cname-nxdomain with rcode nxdomain
+
+; K.ROOT-SERVERS.NET.
+RANGE_BEGIN 0 100
+	ADDRESS 193.0.14.129
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+. IN NS
+SECTION ANSWER
+. IN NS	K.ROOT-SERVERS.NET.
+SECTION ADDITIONAL
+K.ROOT-SERVERS.NET.	IN	A	193.0.14.129
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+www.example.com. IN A
+SECTION AUTHORITY
+com.	IN NS	a.gtld-servers.net.
+SECTION ADDITIONAL
+a.gtld-servers.net.	IN 	A	192.5.6.30
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+www.example.net. IN A
+SECTION AUTHORITY
+net.	IN NS	a.gtld-servers.net.
+SECTION ADDITIONAL
+a.gtld-servers.net.	IN 	A	192.5.6.30
+ENTRY_END
+RANGE_END
+
+; a.gtld-servers.net.
+RANGE_BEGIN 0 100
+	ADDRESS 192.5.6.30
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+com. IN NS
+SECTION ANSWER
+com.    IN NS   a.gtld-servers.net.
+SECTION ADDITIONAL
+a.gtld-servers.net.     IN      A       192.5.6.30
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+net. IN NS
+SECTION ANSWER
+net.    IN NS   a.gtld-servers.net.
+SECTION ADDITIONAL
+a.gtld-servers.net.     IN      A       192.5.6.30
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+www.example.com. IN A
+SECTION AUTHORITY
+example.com.	IN NS	ns.example.com.
+SECTION ADDITIONAL
+ns.example.com.		IN 	A	1.2.3.4
+ENTRY_END
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+www.example.net. IN A
+SECTION AUTHORITY
+example.net.	IN NS	ns.example.net.
+SECTION ADDITIONAL
+ns.example.net.		IN 	A	1.2.3.5
+ENTRY_END
+RANGE_END
+
+; ns.example.com.
+RANGE_BEGIN 0 100
+	ADDRESS 1.2.3.4
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+example.com. IN NS
+SECTION ANSWER
+example.com.    IN NS   ns.example.com.
+example.com.    3600    IN      RRSIG   NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854}
+SECTION ADDITIONAL
+ns.example.com.         IN      A       1.2.3.4
+ns.example.com. 3600    IN      RRSIG   A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854}
+ENTRY_END
+
+; response to DNSKEY priming query
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+example.com. IN DNSKEY
+SECTION ANSWER
+example.com.    3600    IN      DNSKEY  256 3 3 ALXLUsWqUrY3JYER3T4TBJII s70j+sDS/UT2QRp61SE7S3E EXopNXoFE73JLRmvpi/UrOO/Vz4Se 6wXv/CYCKjGw06U4WRgR YXcpEhJROyNapmdIKSx hOzfLVE1gqA0PweZR8d tY3aNQSRn3sPpwJr6Mi /PqQKAMMrZ9ckJpf1+b QMOOvxgzz2U1GS18b3y ZKcgTMEaJzd/GZYzi/B N2DzQ0MsrSwYXfsNLFO Bbs8PJMW4LYIxeeOe6rUgkWOF 7CC9Dh/dduQ1QrsJhmZAEFfd6ByYV+ ;{id = 2854 (zsk), size = 1688b}
+example.com. 3600    IN      RRSIG   DNSKEY DSA 2 3600 20070926134150 20070829134150 2854 example.com. MCwCFBQRtlR4BEv9ohi+PGFjp+AHsJuHAhRCvz0shggvnvI88DFnBDCczHUcVA== ;{id = 2854}
+SECTION AUTHORITY
+example.com.	IN NS	ns.example.com.
+example.com.    3600    IN      RRSIG   NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854}
+SECTION ADDITIONAL
+ns.example.com.		IN 	A	1.2.3.4
+ns.example.com. 3600    IN      RRSIG   A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854}
+ENTRY_END
+
+; response to query of interest
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NXDOMAIN
+SECTION QUESTION
+www.example.com. IN A
+SECTION ANSWER
+www.example.com.  3600    IN      CNAME   www.example.net.
+www.example.com.        3600    IN      RRSIG   CNAME 3 3 3600 20070926134150 20070829134150 2854 example.com. MCwCFGtYzScyRnHV8U/jOIPYwrlI9t3oAhRF0PIf+IthUR7uCWIvskWp5CfReQ== ;{id = 2854}
+SECTION AUTHORITY
+SECTION ADDITIONAL
+ENTRY_END
+RANGE_END
+
+; ns.example.net.
+RANGE_BEGIN 0 100
+	ADDRESS 1.2.3.5
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+example.net. IN NS
+SECTION ANSWER
+example.net.	IN NS	ns.example.net.
+example.net.    3600    IN      RRSIG   NS RSASHA1 2 3600 20070926134150 20070829134150 30899 example.net. E8JX0l4B+cSR5bkHQwOJy1pBmlLMTYCJ8EwfNMU/eCv0YhKwo26rHhn52FGisgv+Nwp7/NbhHqQ+kJgoZC94XA== ;{id = 30899}
+SECTION ADDITIONAL
+ns.example.net.		IN 	A	1.2.3.5
+ns.example.net. 3600    IN      RRSIG   A RSASHA1 3 3600 20070926134150 20070829134150 30899 example.net. x+tQMC9FhzT7Fcy1pM5NrOC7E8nLd7THPI3C6ie4EwL8PrxllqlR3q/DKB0d/m0qCOPcgN6HFOYURV1s4uAcsw== ;{id = 30899}
+ENTRY_END
+
+; response to DNSKEY priming query
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+example.net. IN DNSKEY
+SECTION ANSWER
+example.net.    3600    IN      DNSKEY  256 3 5 AQPQ41chR9DEHt/aIzIFAqanbDlRflJoRs5yz1jFsoRIT7dWf0r+PeDuewdxkszNH6wnU4QL8pfKFRh5PIYVBLK3 ;{id = 30899 (zsk), size = 512b}
+example.net.    3600    IN      RRSIG   DNSKEY RSASHA1 2 3600 20070926134150 20070829134150 30899 example.net. hiFzlQ8VoYgCuvIsfVuxC3mfJDqsTh0yc6abs5xMx5uEcIjb0dndFQx7INOM+imlzveEN73Hqp4OLFpFhsWLlw== ;{id = 30899}
+SECTION AUTHORITY
+example.net.	IN NS	ns.example.net.
+example.net.    3600    IN      RRSIG   NS RSASHA1 2 3600 20070926134150 20070829134150 30899 example.net. E8JX0l4B+cSR5bkHQwOJy1pBmlLMTYCJ8EwfNMU/eCv0YhKwo26rHhn52FGisgv+Nwp7/NbhHqQ+kJgoZC94XA== ;{id = 30899}
+SECTION ADDITIONAL
+ns.example.net.		IN 	A	1.2.3.5
+ns.example.net. 3600    IN      RRSIG   A RSASHA1 3 3600 20070926134150 20070829134150 30899 example.net. x+tQMC9FhzT7Fcy1pM5NrOC7E8nLd7THPI3C6ie4EwL8PrxllqlR3q/DKB0d/m0qCOPcgN6HFOYURV1s4uAcsw== ;{id = 30899}
+ENTRY_END
+
+; response to query of interest
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NXDOMAIN
+SECTION QUESTION
+www.example.net. IN A
+SECTION ANSWER
+SECTION AUTHORITY
+example.net.	IN	NSEC	abc.example.net. SOA NS DNSKEY NSEC RRSIG
+example.net.    3600    IN      RRSIG   NSEC 5 2 3600 20070926134150 20070829134150 30899 example.net. SEHthmjHyqGlzaOp3Dx6Jn5Fnvvtknw/IF6YSFY8NZLe+YSh1oRJbdEkQ8G92IT08n1jSN6jvKRsFBOUoFOQAw== ;{id = 30899}
+wab.example.net.	IN	NSEC	wzz.example.net. A NSEC RRSIG
+wab.example.net.        3600    IN      RRSIG   NSEC 5 3 3600 20070926134150 20070829134150 30899 example.net. gl8vkI3xfSWx4Pyv5OdOthiewE6u/13kclY7UG9ptuFBddamdJO3RQqyxM6Xcmq+ToO4kMCCyaKijp01gTDoGg== ;{id = 30899}
+SECTION ADDITIONAL
+ENTRY_END
+RANGE_END
+
+STEP 1 QUERY
+ENTRY_BEGIN
+REPLY RD DO
+SECTION QUESTION
+www.example.com. IN A
+ENTRY_END
+
+; recursion happens here.
+STEP 10 CHECK_ANSWER
+ENTRY_BEGIN
+MATCH all
+REPLY QR RD RA AD DO NXDOMAIN
+SECTION QUESTION
+www.example.com. IN A
+SECTION ANSWER
+www.example.com. IN	CNAME	www.example.net.
+www.example.com.        3600    IN      RRSIG   CNAME 3 3 3600 20070926134150 20070829134150 2854 example.com. MCwCFGtYzScyRnHV8U/jOIPYwrlI9t3oAhRF0PIf+IthUR7uCWIvskWp5CfReQ== ;{id = 2854}
+SECTION AUTHORITY
+example.net.	IN	NSEC	abc.example.net. SOA NS DNSKEY NSEC RRSIG
+example.net.    3600    IN      RRSIG   NSEC 5 2 3600 20070926134150 20070829134150 30899 example.net. SEHthmjHyqGlzaOp3Dx6Jn5Fnvvtknw/IF6YSFY8NZLe+YSh1oRJbdEkQ8G92IT08n1jSN6jvKRsFBOUoFOQAw== ;{id = 30899}
+wab.example.net.	IN	NSEC	wzz.example.net. A NSEC RRSIG
+wab.example.net.        3600    IN      RRSIG   NSEC 5 3 3600 20070926134150 20070829134150 30899 example.net. gl8vkI3xfSWx4Pyv5OdOthiewE6u/13kclY7UG9ptuFBddamdJO3RQqyxM6Xcmq+ToO4kMCCyaKijp01gTDoGg== ;{id = 30899}
+SECTION ADDITIONAL
+ENTRY_END
+
+SCENARIO_END
diff --git a/src/test/resources/unbound/val_cnameqtype.rpl b/src/test/resources/unbound/val_cnameqtype.rpl
new file mode 100644
index 000000000..05ef47426
--- /dev/null
+++ b/src/test/resources/unbound/val_cnameqtype.rpl
@@ -0,0 +1,231 @@
+; config options
+; The island of trust is at example.com
+server:
+	trust-anchor: "example.com.    3600    IN      DS      2854 3 1 46e4ffc6e9a4793b488954bd3f0cc6af0dfb201b"
+	trust-anchor: "example.net.    3600    IN      DNSKEY  256 3 5 AQPQ41chR9DEHt/aIzIFAqanbDlRflJoRs5yz1jFsoRIT7dWf0r+PeDuewdxkszNH6wnU4QL8pfKFRh5PIYVBLK3 ;{id = 30899 (zsk), size = 512b}"
+	val-override-date: "20070916134226"
+	target-fetch-policy: "0 0 0 0 0"
+	qname-minimisation: "no"
+	fake-sha1: yes
+	trust-anchor-signaling: no
+
+stub-zone:
+	name: "."
+	stub-addr: 193.0.14.129 	# K.ROOT-SERVERS.NET.
+CONFIG_END
+
+SCENARIO_BEGIN Test validator with a query for type cname
+
+; K.ROOT-SERVERS.NET.
+RANGE_BEGIN 0 100
+	ADDRESS 193.0.14.129 
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+. IN NS
+SECTION ANSWER
+. IN NS	K.ROOT-SERVERS.NET.
+SECTION ADDITIONAL
+K.ROOT-SERVERS.NET.	IN	A	193.0.14.129
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+www.example.com. IN CNAME
+SECTION AUTHORITY
+com.	IN NS	a.gtld-servers.net.
+SECTION ADDITIONAL
+a.gtld-servers.net.	IN 	A	192.5.6.30
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+www.example.net. IN CNAME
+SECTION AUTHORITY
+net.	IN NS	a.gtld-servers.net.
+SECTION ADDITIONAL
+a.gtld-servers.net.	IN 	A	192.5.6.30
+ENTRY_END
+RANGE_END
+
+; a.gtld-servers.net.
+RANGE_BEGIN 0 100
+	ADDRESS 192.5.6.30
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+com. IN NS
+SECTION ANSWER
+com.    IN NS   a.gtld-servers.net.
+SECTION ADDITIONAL
+a.gtld-servers.net.     IN      A       192.5.6.30
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+net. IN NS
+SECTION ANSWER
+net.    IN NS   a.gtld-servers.net.
+SECTION ADDITIONAL
+a.gtld-servers.net.     IN      A       192.5.6.30
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+www.example.com. IN CNAME
+SECTION AUTHORITY
+example.com.	IN NS	ns.example.com.
+SECTION ADDITIONAL
+ns.example.com.		IN 	A	1.2.3.4
+ENTRY_END
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+www.example.net. IN A
+SECTION AUTHORITY
+example.net.	IN NS	ns.example.net.
+SECTION ADDITIONAL
+ns.example.net.		IN 	A	1.2.3.5
+ENTRY_END
+RANGE_END
+
+; ns.example.com.
+RANGE_BEGIN 0 100
+	ADDRESS 1.2.3.4
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+example.com. IN NS
+SECTION ANSWER
+example.com.    IN NS   ns.example.com.
+example.com.    3600    IN      RRSIG   NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854}
+SECTION ADDITIONAL
+ns.example.com.         IN      A       1.2.3.4
+ns.example.com. 3600    IN      RRSIG   A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854}
+ENTRY_END
+
+; response to DNSKEY priming query
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+example.com. IN DNSKEY
+SECTION ANSWER
+example.com.    3600    IN      DNSKEY  256 3 3 ALXLUsWqUrY3JYER3T4TBJII s70j+sDS/UT2QRp61SE7S3E EXopNXoFE73JLRmvpi/UrOO/Vz4Se 6wXv/CYCKjGw06U4WRgR YXcpEhJROyNapmdIKSx hOzfLVE1gqA0PweZR8d tY3aNQSRn3sPpwJr6Mi /PqQKAMMrZ9ckJpf1+b QMOOvxgzz2U1GS18b3y ZKcgTMEaJzd/GZYzi/B N2DzQ0MsrSwYXfsNLFO Bbs8PJMW4LYIxeeOe6rUgkWOF 7CC9Dh/dduQ1QrsJhmZAEFfd6ByYV+ ;{id = 2854 (zsk), size = 1688b}
+example.com. 3600    IN      RRSIG   DNSKEY DSA 2 3600 20070926134150 20070829134150 2854 example.com. MCwCFBQRtlR4BEv9ohi+PGFjp+AHsJuHAhRCvz0shggvnvI88DFnBDCczHUcVA== ;{id = 2854}
+SECTION AUTHORITY
+example.com.	IN NS	ns.example.com.
+example.com.    3600    IN      RRSIG   NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854}
+SECTION ADDITIONAL
+ns.example.com.		IN 	A	1.2.3.4
+ns.example.com. 3600    IN      RRSIG   A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854}
+ENTRY_END
+
+; response to query of interest
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+www.example.com. IN CNAME
+SECTION ANSWER
+www.example.com. IN	CNAME	www.example.net.
+www.example.com.        3600    IN      RRSIG   CNAME DSA 3 3600 20070926134150 20070829134150 2854 example.com. MC0CFGcJxnNxpWCBzXejiSdl4p1BKRMnAhUApoJrugVBRwFgAoYAhhqlZFac7fE= ;{id = 2854}
+SECTION AUTHORITY
+SECTION ADDITIONAL
+ENTRY_END
+RANGE_END
+
+; ns.example.net.
+RANGE_BEGIN 0 100
+	ADDRESS 1.2.3.5
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+example.net. IN NS
+SECTION ANSWER
+example.net.	IN NS	ns.example.net.
+example.net.    3600    IN      RRSIG   NS RSASHA1 2 3600 20070926134150 20070829134150 30899 example.net. E8JX0l4B+cSR5bkHQwOJy1pBmlLMTYCJ8EwfNMU/eCv0YhKwo26rHhn52FGisgv+Nwp7/NbhHqQ+kJgoZC94XA== ;{id = 30899}
+SECTION ADDITIONAL
+ns.example.net.		IN 	A	1.2.3.5
+ns.example.net. 3600    IN      RRSIG   A RSASHA1 3 3600 20070926134150 20070829134150 30899 example.net. x+tQMC9FhzT7Fcy1pM5NrOC7E8nLd7THPI3C6ie4EwL8PrxllqlR3q/DKB0d/m0qCOPcgN6HFOYURV1s4uAcsw== ;{id = 30899}
+ENTRY_END
+
+; response to DNSKEY priming query
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+example.net. IN DNSKEY
+SECTION ANSWER
+example.net.    3600    IN      DNSKEY  256 3 5 AQPQ41chR9DEHt/aIzIFAqanbDlRflJoRs5yz1jFsoRIT7dWf0r+PeDuewdxkszNH6wnU4QL8pfKFRh5PIYVBLK3 ;{id = 30899 (zsk), size = 512b}
+example.net.    3600    IN      RRSIG   DNSKEY RSASHA1 2 3600 20070926134150 20070829134150 30899 example.net. hiFzlQ8VoYgCuvIsfVuxC3mfJDqsTh0yc6abs5xMx5uEcIjb0dndFQx7INOM+imlzveEN73Hqp4OLFpFhsWLlw== ;{id = 30899}
+SECTION AUTHORITY
+example.net.	IN NS	ns.example.net.
+example.net.    3600    IN      RRSIG   NS RSASHA1 2 3600 20070926134150 20070829134150 30899 example.net. E8JX0l4B+cSR5bkHQwOJy1pBmlLMTYCJ8EwfNMU/eCv0YhKwo26rHhn52FGisgv+Nwp7/NbhHqQ+kJgoZC94XA== ;{id = 30899}
+SECTION ADDITIONAL
+ns.example.net.		IN 	A	1.2.3.5
+ns.example.net. 3600    IN      RRSIG   A RSASHA1 3 3600 20070926134150 20070829134150 30899 example.net. x+tQMC9FhzT7Fcy1pM5NrOC7E8nLd7THPI3C6ie4EwL8PrxllqlR3q/DKB0d/m0qCOPcgN6HFOYURV1s4uAcsw== ;{id = 30899}
+ENTRY_END
+
+; response to query of interest
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+www.example.net. IN A
+SECTION ANSWER
+www.example.net. IN	A	11.12.13.14
+www.example.net.        3600    IN      RRSIG   A 5 3 3600 20070926134150 20070829134150 30899 example.net. CPxF5hK9Kg5eT7W6LgZwr0ePYEm9HMcSY4vvqCS6gDWB4X9jvXLCfBkCLhsNybPBpGWlsLi5wM6MTdJXuPpsRA== ;{id = 30899}
+SECTION AUTHORITY
+SECTION ADDITIONAL
+ENTRY_END
+RANGE_END
+
+STEP 1 QUERY
+ENTRY_BEGIN
+REPLY RD DO
+SECTION QUESTION
+www.example.com. IN CNAME
+ENTRY_END
+
+; recursion happens here.
+STEP 10 CHECK_ANSWER
+ENTRY_BEGIN
+MATCH all
+REPLY QR RD RA AD DO NOERROR
+SECTION QUESTION
+www.example.com. IN CNAME
+SECTION ANSWER
+www.example.com. IN	CNAME	www.example.net.
+www.example.com.        3600    IN      RRSIG   CNAME DSA 3 3600 20070926134150 20070829134150 2854 example.com. MC0CFGcJxnNxpWCBzXejiSdl4p1BKRMnAhUApoJrugVBRwFgAoYAhhqlZFac7fE= ;{id = 2854}
+SECTION AUTHORITY
+SECTION ADDITIONAL
+ENTRY_END
+
+SCENARIO_END
diff --git a/src/test/resources/unbound/val_cnametocloser.rpl b/src/test/resources/unbound/val_cnametocloser.rpl
new file mode 100644
index 000000000..08b3fd434
--- /dev/null
+++ b/src/test/resources/unbound/val_cnametocloser.rpl
@@ -0,0 +1,106 @@
+; config options
+server:
+	trust-anchor: "example.com.	3600	IN	DS	30899 5 1 d4bf9d2e10f6d76840d42ef5913022abcd0bf512"
+	trust-anchor: "a.b.example.com.	3600	IN	DNSKEY	257 3 5 AwEAAas/cAhCFXvBUgTSNZCvQp0pLx1dY+7rXR0hH4/3EUgWmsmbYUpI1qD0xhwKD/oYGEwAm291fyWJ9c0oVxXDEK8="
+	val-override-date: "20091113091234"
+	val-min-rsa-size: 512
+	fake-sha1: yes
+	trust-anchor-signaling: no
+
+forward-zone:
+	name: "."
+	forward-addr: 192.0.2.1
+CONFIG_END
+
+SCENARIO_BEGIN Test validator with CNAME to closer anchor under optout.
+
+RANGE_BEGIN 0 100
+	ADDRESS 192.0.2.1
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+www.example.com. IN AAAA
+SECTION ANSWER
+www.example.com. IN CNAME www.a.b.example.com.
+www.example.com.	3600	IN	RRSIG	CNAME 5 3 3600 20091213091234 20091111091234 30899 example.com. mfQXJgOsRe8wiqNDZT4+ygSgRqzNowJ20o5+b681Mssp0xc007dq1ZaUYwUCdZjTn/GhF+f74t0UI1oqsFw2XA== ;{id = 30899}
+
+SECTION AUTHORITY
+;; nsec3param 1 1 1 d399eaab
+; example.com. -> l0c0e5lac37ai0lpij31sj699hkktdmb.
+; b.example.com. -> 1lq6sb4omkd2vgj0l8lro2cbie223hco.
+;; closest encloser: example.com.
+l0c0e5lac37ai0lpij31sj699hkktdmb.example.com. IN NSEC3 1 1 1 d399eaab l0c0e5lac37ai0lpij31sj699hkktdmc SOA NS DNSKEY NSEC3PARAM RRSIG
+l0c0e5lac37ai0lpij31sj699hkktdmb.example.com.	3600	IN	RRSIG	NSEC3 5 3 3600 20091213091234 20091111091234 30899 example.com. qjV0zsbDWLuoOQQ3tgCE2zo1z31bK9nv/Wh6xqKhmhyFI87nw2HM0lZGfRQrpWvWfBDczLRxHH9WNZkeIzv28w== ;{id = 30899}
+
+;; nextcloser is:  b.example.com. ; under optout range.
+; disproof of DS using the optout range.
+1lq4sb4omkd2vgj0l8lro2cbie223hco.example.com. IN NSEC3 1 1 1 d399eaab 1lq8sb4omkd2vgj0l8lro2cbie223hco NS RRSIG
+1lq4sb4omkd2vgj0l8lro2cbie223hco.example.com.	3600	IN	RRSIG	NSEC3 5 3 3600 20091213091234 20091111091234 30899 example.com. ZOJhHYt+YkGHBxHynuXlyZ8PEGg4YyqD/roWiEtBoP2PiGoPNCNqtWd0WjRgsUT0YFp/VqjqAU/RH8D45B8S8A== ;{id = 30899}
+
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+www.a.b.example.com. IN AAAA
+SECTION ANSWER
+SECTION AUTHORITY
+; NSEC that proves there is no AAAA record
+www.a.b.example.com. IN NSEC zzz.a.b.example.com. A NSEC RRSIG MX
+www.a.b.example.com.	3600	IN	RRSIG	NSEC 5 5 3600 20091213091234 20091111091234 16486 a.b.example.com. pOj+aOIolZ8VXlLpaLD1NsYVbl8FW4wmsJbiVTYAMcyDOlgxOsbhTtlB4jQ7uV9pRVAzkvdm1V5wc/1PcncTuw== ;{id = 16486}
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+example.com. IN DNSKEY
+SECTION ANSWER
+example.com.	3600	IN	DNSKEY	256 3 5 AQPQ41chR9DEHt/aIzIFAqanbDlRflJoRs5yz1jFsoRIT7dWf0r+PeDuewdxkszNH6wnU4QL8pfKFRh5PIYVBLK3 ;{id = 30899 (zsk), size = 512b}
+example.com.	3600	IN	RRSIG	DNSKEY 5 2 3600 20091213091234 20091111091234 30899 example.com. hc+1QLqhy6lcfgH95k6eabsXrYsdH2oTLqDu6BjHYrmLi0kX4ZDiOI+syhIcGw9+hRqW1j8t+lsHvzvi7BgcXg== ;{id = 30899}
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+a.b.example.com. IN DNSKEY
+SECTION ANSWER
+a.b.example.com.	3600	IN	DNSKEY	257 3 5 AwEAAas/cAhCFXvBUgTSNZCvQp0pLx1dY+7rXR0hH4/3EUgWmsmbYUpI1qD0xhwKD/oYGEwAm291fyWJ9c0oVxXDEK8= ;{id = 16486 (ksk), size = 512b}
+a.b.example.com.	3600	IN	RRSIG	DNSKEY 5 4 3600 20091213091234 20091111091234 16486 a.b.example.com. kPftbF2Rut5h2Sc2k/gp27XS+4I9WQ/EYa5NJOnqfJZqpw/es7GuLyWAAZyvNhBDIUEenXtZ8k1H8F8poKdNXw== ;{id = 16486}
+ENTRY_END
+
+RANGE_END
+
+STEP 1 QUERY
+ENTRY_BEGIN
+REPLY RD DO
+SECTION QUESTION
+www.example.com. IN AAAA
+ENTRY_END
+; recursion happens here.
+STEP 10 CHECK_ANSWER
+ENTRY_BEGIN
+MATCH all
+REPLY QR RD RA AD DO NOERROR
+SECTION QUESTION
+www.example.com. IN AAAA
+SECTION ANSWER
+www.example.com. IN CNAME www.a.b.example.com.
+www.example.com.	3600	IN	RRSIG	CNAME 5 3 3600 20091213091234 20091111091234 30899 example.com. mfQXJgOsRe8wiqNDZT4+ygSgRqzNowJ20o5+b681Mssp0xc007dq1ZaUYwUCdZjTn/GhF+f74t0UI1oqsFw2XA== ;{id = 30899}
+SECTION AUTHORITY
+l0c0e5lac37ai0lpij31sj699hkktdmb.example.com.   3600    IN      NSEC3   1 1 1 d399eaab  l0c0e5lac37ai0lpij31sj699hkktdmc NS SOA RRSIG DNSKEY NSEC3PARAM  ; flags: optout
+l0c0e5lac37ai0lpij31sj699hkktdmb.example.com.   3600    IN      RRSIG   NSEC3 5 3 3600 20091213091234 20091111091234 30899 example.com. qjV0zsbDWLuoOQQ3tgCE2zo1z31bK9nv/Wh6xqKhmhyFI87nw2HM0lZGfRQrpWvWfBDczLRxHH9WNZkeIzv28w== ;{id = 30899}
+1lq4sb4omkd2vgj0l8lro2cbie223hco.example.com.   3600    IN      NSEC3   1 1 1 d399eaab  1lq8sb4omkd2vgj0l8lro2cbie223hco NS RRSIG  ; flags: optout
+1lq4sb4omkd2vgj0l8lro2cbie223hco.example.com.   3600    IN      RRSIG   NSEC3 5 3 3600 20091213091234 20091111091234 30899 example.com. ZOJhHYt+YkGHBxHynuXlyZ8PEGg4YyqD/roWiEtBoP2PiGoPNCNqtWd0WjRgsUT0YFp/VqjqAU/RH8D45B8S8A== ;{id = 30899}
+www.a.b.example.com.    3600    IN      NSEC    zzz.a.b.example.com. A MX RRSIG NSEC
+www.a.b.example.com.    3600    IN      RRSIG   NSEC 5 5 3600 20091213091234 20091111091234 16486 a.b.example.com. pOj+aOIolZ8VXlLpaLD1NsYVbl8FW4wmsJbiVTYAMcyDOlgxOsbhTtlB4jQ7uV9pRVAzkvdm1V5wc/1PcncTuw== ;{id = 16486}
+ENTRY_END
+
+SCENARIO_END
diff --git a/src/test/resources/unbound/val_cnametocloser_nosig.rpl b/src/test/resources/unbound/val_cnametocloser_nosig.rpl
new file mode 100644
index 000000000..1cf67125e
--- /dev/null
+++ b/src/test/resources/unbound/val_cnametocloser_nosig.rpl
@@ -0,0 +1,99 @@
+; config options
+server:
+	trust-anchor: "example.com.	3600	IN	DS	30899 5 1 d4bf9d2e10f6d76840d42ef5913022abcd0bf512"
+	trust-anchor: "a.b.example.com.	3600	IN	DNSKEY	257 3 5 AwEAAas/cAhCFXvBUgTSNZCvQp0pLx1dY+7rXR0hH4/3EUgWmsmbYUpI1qD0xhwKD/oYGEwAm291fyWJ9c0oVxXDEK8="
+	val-override-date: "20091113091234"
+	fake-sha1: yes
+	val-min-rsa-size: 512
+	trust-anchor-signaling: no
+
+forward-zone:
+	name: "."
+	forward-addr: 192.0.2.1
+CONFIG_END
+
+SCENARIO_BEGIN Test validator with CNAME to closer anchor optout missing sigs.
+
+RANGE_BEGIN 0 100
+	ADDRESS 192.0.2.1
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+www.example.com. IN AAAA
+SECTION ANSWER
+www.example.com. IN CNAME www.a.b.example.com.
+www.example.com.	3600	IN	RRSIG	CNAME 5 3 3600 20091213091234 20091111091234 30899 example.com. mfQXJgOsRe8wiqNDZT4+ygSgRqzNowJ20o5+b681Mssp0xc007dq1ZaUYwUCdZjTn/GhF+f74t0UI1oqsFw2XA== ;{id = 30899}
+
+SECTION AUTHORITY
+;; nsec3param 1 1 1 d399eaab
+; example.com. -> l0c0e5lac37ai0lpij31sj699hkktdmb.
+; b.example.com. -> 1lq6sb4omkd2vgj0l8lro2cbie223hco.
+;; closest encloser: example.com.
+l0c0e5lac37ai0lpij31sj699hkktdmb.example.com. IN NSEC3 1 1 1 d399eaab l0c0e5lac37ai0lpij31sj699hkktdmc SOA NS DNSKEY NSEC3PARAM RRSIG
+l0c0e5lac37ai0lpij31sj699hkktdmb.example.com.	3600	IN	RRSIG	NSEC3 5 3 3600 20091213091234 20091111091234 30899 example.com. qjV0zsbDWLuoOQQ3tgCE2zo1z31bK9nv/Wh6xqKhmhyFI87nw2HM0lZGfRQrpWvWfBDczLRxHH9WNZkeIzv28w== ;{id = 30899}
+
+;; nextcloser is:  b.example.com. ; under optout range.
+; disproof of DS using the optout range.
+1lq4sb4omkd2vgj0l8lro2cbie223hco.example.com. IN NSEC3 1 1 1 d399eaab 1lq8sb4omkd2vgj0l8lro2cbie223hco NS RRSIG
+1lq4sb4omkd2vgj0l8lro2cbie223hco.example.com.	3600	IN	RRSIG	NSEC3 5 3 3600 20091213091234 20091111091234 30899 example.com. ZOJhHYt+YkGHBxHynuXlyZ8PEGg4YyqD/roWiEtBoP2PiGoPNCNqtWd0WjRgsUT0YFp/VqjqAU/RH8D45B8S8A== ;{id = 30899}
+
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+www.a.b.example.com. IN AAAA
+SECTION ANSWER
+SECTION AUTHORITY
+; NSEC that proves there is no AAAA record
+www.a.b.example.com. IN NSEC zzz.a.b.example.com. A NSEC RRSIG MX
+; signature missing!
+;www.a.b.example.com.	3600	IN	RRSIG	NSEC 5 5 3600 20091213091234 20091111091234 16486 a.b.example.com. pOj+aOIolZ8VXlLpaLD1NsYVbl8FW4wmsJbiVTYAMcyDOlgxOsbhTtlB4jQ7uV9pRVAzkvdm1V5wc/1PcncTuw== ;{id = 16486}
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+example.com. IN DNSKEY
+SECTION ANSWER
+example.com.	3600	IN	DNSKEY	256 3 5 AQPQ41chR9DEHt/aIzIFAqanbDlRflJoRs5yz1jFsoRIT7dWf0r+PeDuewdxkszNH6wnU4QL8pfKFRh5PIYVBLK3 ;{id = 30899 (zsk), size = 512b}
+example.com.	3600	IN	RRSIG	DNSKEY 5 2 3600 20091213091234 20091111091234 30899 example.com. hc+1QLqhy6lcfgH95k6eabsXrYsdH2oTLqDu6BjHYrmLi0kX4ZDiOI+syhIcGw9+hRqW1j8t+lsHvzvi7BgcXg== ;{id = 30899}
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+a.b.example.com. IN DNSKEY
+SECTION ANSWER
+a.b.example.com.	3600	IN	DNSKEY	257 3 5 AwEAAas/cAhCFXvBUgTSNZCvQp0pLx1dY+7rXR0hH4/3EUgWmsmbYUpI1qD0xhwKD/oYGEwAm291fyWJ9c0oVxXDEK8= ;{id = 16486 (ksk), size = 512b}
+; signature missing!
+;a.b.example.com.	3600	IN	RRSIG	DNSKEY 5 4 3600 20091213091234 20091111091234 16486 a.b.example.com. kPftbF2Rut5h2Sc2k/gp27XS+4I9WQ/EYa5NJOnqfJZqpw/es7GuLyWAAZyvNhBDIUEenXtZ8k1H8F8poKdNXw== ;{id = 16486}
+ENTRY_END
+
+RANGE_END
+
+STEP 1 QUERY
+ENTRY_BEGIN
+REPLY RD DO
+SECTION QUESTION
+www.example.com. IN AAAA
+ENTRY_END
+; recursion happens here.
+STEP 10 CHECK_ANSWER
+ENTRY_BEGIN
+MATCH all
+REPLY QR RD RA DO SERVFAIL
+SECTION QUESTION
+www.example.com. IN AAAA
+SECTION ANSWER
+ENTRY_END
+
+SCENARIO_END
diff --git a/src/test/resources/unbound/val_cnametocnamewctoposwc.rpl b/src/test/resources/unbound/val_cnametocnamewctoposwc.rpl
new file mode 100644
index 000000000..1dc1c7f29
--- /dev/null
+++ b/src/test/resources/unbound/val_cnametocnamewctoposwc.rpl
@@ -0,0 +1,211 @@
+; config options
+; The island of trust is at example.com
+server:
+	trust-anchor: "example.com.    IN      DNSKEY  257 3 8 AwEAAdL6YJdvoKQJEt/SgB6MrbQ2RDwnrcQQb6bDE8FpGgLen6hvF31ntVsZ3RZzhCmwL6lvumOLFIRKaP9ZBEVutT9iMoF2dNRbT0TCUrv6uQNHcuCZ0BJhuDNBU42f3yOnfFv7PKxd0NP+yFHJkvDQAVLMB5GeUQuYnvgQGeZsf/3b"
+	val-override-date: "20121030123249"
+	target-fetch-policy: "0 0 0 0 0"
+	qname-minimisation: "no"
+	fake-sha1: yes
+	trust-anchor-signaling: no
+
+stub-zone:
+	name: "."
+	stub-addr: 193.0.14.129 	# K.ROOT-SERVERS.NET.
+CONFIG_END
+
+SCENARIO_BEGIN Test validator with a regular cname to wildcard cname to wildcard response
+
+; K.ROOT-SERVERS.NET.
+RANGE_BEGIN 0 100
+	ADDRESS 193.0.14.129
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+. IN NS
+SECTION ANSWER
+. IN NS	K.ROOT-SERVERS.NET.
+SECTION ADDITIONAL
+K.ROOT-SERVERS.NET.	IN	A	193.0.14.129
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+start.example.com. IN A
+SECTION AUTHORITY
+com.	IN NS	a.gtld-servers.net.
+SECTION ADDITIONAL
+a.gtld-servers.net.	IN 	A	192.5.6.30
+ENTRY_END
+
+RANGE_END
+
+; a.gtld-servers.net.
+RANGE_BEGIN 0 100
+	ADDRESS 192.5.6.30
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+com. IN NS
+SECTION ANSWER
+com.    IN NS   a.gtld-servers.net.
+SECTION ADDITIONAL
+a.gtld-servers.net.     IN      A       192.5.6.30
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+start.example.com. IN A
+SECTION AUTHORITY
+example.com.	IN NS	ns.example.com.
+SECTION ADDITIONAL
+ns.example.com.	120	IN	A	1.2.3.4
+ENTRY_END
+RANGE_END
+
+; ns.example.com.
+RANGE_BEGIN 0 100
+	ADDRESS 1.2.3.4
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+example.com. IN NS
+SECTION ANSWER
+example.com.	3600	IN	NS	ns.example.com.
+example.com.	3600	IN	RRSIG	NS 8 2 3600 20121126123249 20121029123249 64050 example.com. cpLjgKPacNxVIGo59tYMZ98GVYpH28WHRWj3AeIHK0StYFcAlflGLdkae1LEgMwfUmzrayrA5GMe3AH8LyuTgA2Dn1oNFxGfuShQvK2MFQ+LxvQfiuoqlAlL5Aa94IWcSoU/wLrr66I1K8oSB2yK1Tyyv73c2N40D1mBbzIE70U=
+SECTION ADDITIONAL
+ns.example.com.	3600	IN	A	1.2.3.4
+ns.example.com.	3600	IN	RRSIG	A 8 2 3600 20121126123249 20121029123249 64050 example.com. zxGyimwFsd39j8T7jJ+tSAQPwZ7tjk6HHmzosTMCRePM4k4newbLb5HbrpucSiW/plaEZvjRTDTJ6bPkw0msPXjPCI/22Zh236XO5vhGtMOlxDgAEazuhifVF6UsM7GZwONPBCvw705HgWQyCR1YlTK2w9ffH3GopU9f4oP7Pmk=
+ENTRY_END
+
+; response to DNSKEY priming query
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+example.com. IN DNSKEY
+SECTION ANSWER
+example.com.	3600	IN	DNSKEY	256 3 8 AwEAAdWzfjQD2bfQuoQGNYuS0ByosBxiTkoKcy9kMoWOQ/jx9rvTRhHImWxTxFtIyZOoRgn6E6mE71e5Y1q1nuyH544Em+4rNRMMW4bzecQmMmPk+B97MqW9aW6e4BwiCTt52IGfL++5GORYcaITw9UOlQLYH1oHHUNUC6ebHENofLTj ;{id = 64050 (zsk), size = 1024b}
+example.com.	3600	IN	DNSKEY	257 3 8 AwEAAdL6YJdvoKQJEt/SgB6MrbQ2RDwnrcQQb6bDE8FpGgLen6hvF31ntVsZ3RZzhCmwL6lvumOLFIRKaP9ZBEVutT9iMoF2dNRbT0TCUrv6uQNHcuCZ0BJhuDNBU42f3yOnfFv7PKxd0NP+yFHJkvDQAVLMB5GeUQuYnvgQGeZsf/3b ;{id = 46426 (ksk), size = 1024b}
+example.com.	3600	IN	RRSIG	DNSKEY 8 2 3600 20121126123249 20121029123249 46426 example.com. pisNb/A40XDEiMpcYtxc+yO6osISyfpqz+0UZ61pd70+TLXMF197zr9SqOVJHyRI6G2lSnFggxYrZDpxLbxOW0RY/KfjD3xlI14M/2DieJ1NdlQuYFGgTwxcoINUJ/wRd4YUxkF4JS0D4NBdQ0yQYR0KqDr84oyhnULEHX6WB7s=
+SECTION AUTHORITY
+SECTION ADDITIONAL
+ENTRY_END
+
+; response to query of interest
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+start.example.com. IN A
+SECTION ANSWER
+start.example.com.	3600	IN	CNAME	x.y.z.wc.example.com.
+start.example.com.	3600	IN	RRSIG	CNAME 8 3 3600 20121126131853 20121029131853 64050 example.com. uN8+hg2b9kqpso4zTtpb8CdkGkgOdlbayH1Ui7NVSi1Y8un8FDG4NHy2gpCi0zIMpeAOa5bENe3cdTEwYZKHQdvnGjaI/zFWpFAzXsEFg0VlLxDQXSzRB6GtoFoUEYiZBHsmLIy3zWjuihlWK9fRzyPyVtBDDmqU8KK7+H3BYp0=
+x.y.z.wc.example.com.	3600	IN	CNAME	x.y.z.end.example.com.
+x.y.z.wc.example.com.	3600	IN	RRSIG	CNAME 8 3 3600 20121126131853 20121029131853 64050 example.com. NQTIY1uMK1jxVMHOaMB4shedyhdAERZuPiZXytfqSH36hDVMf1C8tSxdbCjJ90lOLEWNtMmT09l5kh14gp1XIaBHzLuDsYmZJVeudBGCaQRkbM5focd2VMd8V4hHQk4odwsRrSY6IETftHeqeFiRifru/rI3x5Dlv8awI6V5TZI=
+x.y.z.end.example.com.	3600	IN	A	1.2.3.5
+x.y.z.end.example.com.	3600	IN	RRSIG	A 8 3 3600 20121126131826 20121029131826 64050 example.com. iS1Pe45xt8SLGlmfmrSPTrnIAlwpIX8leTrsoLgpQJc98aA0XJmO/D32CbMTRZzAM1oBVggm80ht2RIQkX3W1NvN/prcu+Gp0Zrm0rtW+7Q7VwcSbo7jyHh5K8Mppp2OsCleexco5NVAKpDMvD0nyG+CsKtNMQpKK2DlumQsraE=
+SECTION AUTHORITY
+*.wc.example.com.	86400	IN	NSEC	www.example.com. CNAME RRSIG NSEC
+*.wc.example.com.	86400	IN	RRSIG	NSEC 8 3 86400 20121126131853 20121029131853 64050 example.com. YrmCLu0uGgD2gcU4p12BGnUGYcrKmfg82MJHSF5OnVmmJxXiSbSBnZPahbJNGA/kPLt+SlDyBTcssZKXWxM6bW7WF57OwffOj7rMyr5vhx7J6OsuWKotPVqnUFDx9j/rOum24yCKqoBWvpW/RYUHLuX1Wm05WMCgNWhuN4wqwiU=
+*.end.example.com.	86400	IN	NSEC	escapedtext.example.com. A RRSIG NSEC
+*.end.example.com.	86400	IN	RRSIG	NSEC 8 3 86400 20121126131826 20121029131826 64050 example.com. P6uJSImaee+5NHlTP06pMxgO69qxjJc0Uo1+htjVyE8f15MhG8A7NttvzggbtyzmfLMPr7TilM+Mm7hC3pIk/TeBEdH8p+8qypnY0NzPntz5z1+6C6ZTjDXp6NxDwMz7th31r3B3u4xo/K4qMnXmrAFOIE5Lopk0uDGXfjKPCKE=
+example.com.	3600	IN	NS	ns.example.com.
+example.com.	3600	IN	RRSIG	NS 8 2 3600 20121126131826 20121029131826 64050 example.com. NgY7UAdkXprnCi/O6c5XoB82tqLBd1bY9LmDG9wwN0zEUR5aHQcOmX9waHyqXQI86SOFQbGCvO2wDLqdqWniw1IYf4S66Vf9KrpaH2gVbvHKiEpGJPeDYQcD5xkv50Lsp4ktcLyuO/dk8ORCP7E2yC5IQVNeFgUfaqttZcJoxuQ=
+SECTION ADDITIONAL
+ns.example.com.	3600	IN	A	1.2.3.4
+ns.example.com.	3600	IN	RRSIG	A 8 2 3600 20121126131826 20121029131826 64050 example.com. L/EsWsRNhM0Lt8877XYfm0FkVc+utuRPYlW/yxEi/Nzs/mTb9BMrOygsW0qfpYakYgfFvinR7S7ce9/naWidzGkWKYR85g2WFms3/TgchpmfjZHEsNyuT8zsiGrj3bQ3RxpT5cmt/IS2QlOak/RhdtawKfd9aqkMTVpP2idEQwY=
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+x.y.z.wc.example.com. IN A
+SECTION ANSWER
+x.y.z.wc.example.com.	3600	IN	CNAME	x.y.z.end.example.com.
+x.y.z.wc.example.com.	3600	IN	RRSIG	CNAME 8 3 3600 20121126131853 20121029131853 64050 example.com. NQTIY1uMK1jxVMHOaMB4shedyhdAERZuPiZXytfqSH36hDVMf1C8tSxdbCjJ90lOLEWNtMmT09l5kh14gp1XIaBHzLuDsYmZJVeudBGCaQRkbM5focd2VMd8V4hHQk4odwsRrSY6IETftHeqeFiRifru/rI3x5Dlv8awI6V5TZI=
+x.y.z.end.example.com.	3600	IN	A	1.2.3.5
+x.y.z.end.example.com.	3600	IN	RRSIG	A 8 3 3600 20121126131826 20121029131826 64050 example.com. iS1Pe45xt8SLGlmfmrSPTrnIAlwpIX8leTrsoLgpQJc98aA0XJmO/D32CbMTRZzAM1oBVggm80ht2RIQkX3W1NvN/prcu+Gp0Zrm0rtW+7Q7VwcSbo7jyHh5K8Mppp2OsCleexco5NVAKpDMvD0nyG+CsKtNMQpKK2DlumQsraE=
+SECTION AUTHORITY
+*.wc.example.com.	86400	IN	NSEC	www.example.com. CNAME RRSIG NSEC
+*.wc.example.com.	86400	IN	RRSIG	NSEC 8 3 86400 20121126131853 20121029131853 64050 example.com. YrmCLu0uGgD2gcU4p12BGnUGYcrKmfg82MJHSF5OnVmmJxXiSbSBnZPahbJNGA/kPLt+SlDyBTcssZKXWxM6bW7WF57OwffOj7rMyr5vhx7J6OsuWKotPVqnUFDx9j/rOum24yCKqoBWvpW/RYUHLuX1Wm05WMCgNWhuN4wqwiU=
+*.end.example.com.	86400	IN	NSEC	escapedtext.example.com. A RRSIG NSEC
+*.end.example.com.	86400	IN	RRSIG	NSEC 8 3 86400 20121126131826 20121029131826 64050 example.com. P6uJSImaee+5NHlTP06pMxgO69qxjJc0Uo1+htjVyE8f15MhG8A7NttvzggbtyzmfLMPr7TilM+Mm7hC3pIk/TeBEdH8p+8qypnY0NzPntz5z1+6C6ZTjDXp6NxDwMz7th31r3B3u4xo/K4qMnXmrAFOIE5Lopk0uDGXfjKPCKE=
+example.com.	3600	IN	NS	ns.example.com.
+example.com.	3600	IN	RRSIG	NS 8 2 3600 20121126131826 20121029131826 64050 example.com. NgY7UAdkXprnCi/O6c5XoB82tqLBd1bY9LmDG9wwN0zEUR5aHQcOmX9waHyqXQI86SOFQbGCvO2wDLqdqWniw1IYf4S66Vf9KrpaH2gVbvHKiEpGJPeDYQcD5xkv50Lsp4ktcLyuO/dk8ORCP7E2yC5IQVNeFgUfaqttZcJoxuQ=
+SECTION ADDITIONAL
+ns.example.com.	3600	IN	A	1.2.3.4
+ns.example.com.	3600	IN	RRSIG	A 8 2 3600 20121126131826 20121029131826 64050 example.com. L/EsWsRNhM0Lt8877XYfm0FkVc+utuRPYlW/yxEi/Nzs/mTb9BMrOygsW0qfpYakYgfFvinR7S7ce9/naWidzGkWKYR85g2WFms3/TgchpmfjZHEsNyuT8zsiGrj3bQ3RxpT5cmt/IS2QlOak/RhdtawKfd9aqkMTVpP2idEQwY=
+ENTRY_END
+
+ENTRY_BEGING
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+x.y.z.end.example.com. IN A
+SECTION ANSWER
+x.y.z.end.example.com.	3600	IN	A	1.2.3.5
+x.y.z.end.example.com.	3600	IN	RRSIG	A 8 3 3600 20121126131826 20121029131826 64050 example.com. iS1Pe45xt8SLGlmfmrSPTrnIAlwpIX8leTrsoLgpQJc98aA0XJmO/D32CbMTRZzAM1oBVggm80ht2RIQkX3W1NvN/prcu+Gp0Zrm0rtW+7Q7VwcSbo7jyHh5K8Mppp2OsCleexco5NVAKpDMvD0nyG+CsKtNMQpKK2DlumQsraE=
+SECTION AUTHORITY
+*.end.example.com.	86400	IN	NSEC	escapedtext.example.com. A RRSIG NSEC
+*.end.example.com.	86400	IN	RRSIG	NSEC 8 3 86400 20121126131826 20121029131826 64050 example.com. P6uJSImaee+5NHlTP06pMxgO69qxjJc0Uo1+htjVyE8f15MhG8A7NttvzggbtyzmfLMPr7TilM+Mm7hC3pIk/TeBEdH8p+8qypnY0NzPntz5z1+6C6ZTjDXp6NxDwMz7th31r3B3u4xo/K4qMnXmrAFOIE5Lopk0uDGXfjKPCKE=
+example.com.	3600	IN	NS	ns.example.com.
+example.com.	3600	IN	RRSIG	NS 8 2 3600 20121126131826 20121029131826 64050 example.com. NgY7UAdkXprnCi/O6c5XoB82tqLBd1bY9LmDG9wwN0zEUR5aHQcOmX9waHyqXQI86SOFQbGCvO2wDLqdqWniw1IYf4S66Vf9KrpaH2gVbvHKiEpGJPeDYQcD5xkv50Lsp4ktcLyuO/dk8ORCP7E2yC5IQVNeFgUfaqttZcJoxuQ=
+SECTION ADDITIONAL
+ns.example.com.	3600	IN	A	1.2.3.4
+ns.example.com.	3600	IN	RRSIG	A 8 2 3600 20121126123249 20121029123249 64050 example.com. zxGyimwFsd39j8T7jJ+tSAQPwZ7tjk6HHmzosTMCRePM4k4newbLb5HbrpucSiW/plaEZvjRTDTJ6bPkw0msPXjPCI/22Zh236XO5vhGtMOlxDgAEazuhifVF6UsM7GZwONPBCvw705HgWQyCR1YlTK2w9ffH3GopU9f4oP7Pmk=
+ENTRY_END
+RANGE_END
+
+
+
+STEP 1 QUERY
+ENTRY_BEGIN
+REPLY RD DO
+SECTION QUESTION
+start.example.com. IN A
+ENTRY_END
+
+; recursion happens here.
+STEP 10 CHECK_ANSWER
+ENTRY_BEGIN
+MATCH all
+REPLY QR RD RA AD DO NOERROR
+SECTION QUESTION
+start.example.com. IN A
+SECTION ANSWER
+start.example.com.	3600	IN	CNAME	x.y.z.wc.example.com.
+start.example.com.	3600	IN	RRSIG	CNAME 8 3 3600 20121126131853 20121029131853 64050 example.com. uN8+hg2b9kqpso4zTtpb8CdkGkgOdlbayH1Ui7NVSi1Y8un8FDG4NHy2gpCi0zIMpeAOa5bENe3cdTEwYZKHQdvnGjaI/zFWpFAzXsEFg0VlLxDQXSzRB6GtoFoUEYiZBHsmLIy3zWjuihlWK9fRzyPyVtBDDmqU8KK7+H3BYp0=
+x.y.z.wc.example.com.	3600	IN	CNAME	x.y.z.end.example.com.
+x.y.z.wc.example.com.	3600	IN	RRSIG	CNAME 8 3 3600 20121126131853 20121029131853 64050 example.com. NQTIY1uMK1jxVMHOaMB4shedyhdAERZuPiZXytfqSH36hDVMf1C8tSxdbCjJ90lOLEWNtMmT09l5kh14gp1XIaBHzLuDsYmZJVeudBGCaQRkbM5focd2VMd8V4hHQk4odwsRrSY6IETftHeqeFiRifru/rI3x5Dlv8awI6V5TZI=
+x.y.z.end.example.com.	3600	IN	A	1.2.3.5
+x.y.z.end.example.com.	3600	IN	RRSIG	A 8 3 3600 20121126131826 20121029131826 64050 example.com. iS1Pe45xt8SLGlmfmrSPTrnIAlwpIX8leTrsoLgpQJc98aA0XJmO/D32CbMTRZzAM1oBVggm80ht2RIQkX3W1NvN/prcu+Gp0Zrm0rtW+7Q7VwcSbo7jyHh5K8Mppp2OsCleexco5NVAKpDMvD0nyG+CsKtNMQpKK2DlumQsraE=
+SECTION AUTHORITY
+*.wc.example.com.	86400	IN	NSEC	www.example.com. CNAME RRSIG NSEC
+*.wc.example.com.	86400	IN	RRSIG	NSEC 8 3 86400 20121126131853 20121029131853 64050 example.com. YrmCLu0uGgD2gcU4p12BGnUGYcrKmfg82MJHSF5OnVmmJxXiSbSBnZPahbJNGA/kPLt+SlDyBTcssZKXWxM6bW7WF57OwffOj7rMyr5vhx7J6OsuWKotPVqnUFDx9j/rOum24yCKqoBWvpW/RYUHLuX1Wm05WMCgNWhuN4wqwiU=
+*.end.example.com.	86400	IN	NSEC	escapedtext.example.com. A RRSIG NSEC
+*.end.example.com.	86400	IN	RRSIG	NSEC 8 3 86400 20121126131826 20121029131826 64050 example.com. P6uJSImaee+5NHlTP06pMxgO69qxjJc0Uo1+htjVyE8f15MhG8A7NttvzggbtyzmfLMPr7TilM+Mm7hC3pIk/TeBEdH8p+8qypnY0NzPntz5z1+6C6ZTjDXp6NxDwMz7th31r3B3u4xo/K4qMnXmrAFOIE5Lopk0uDGXfjKPCKE=
+example.com.	3600	IN	NS	ns.example.com.
+example.com.	3600	IN	RRSIG	NS 8 2 3600 20121126131826 20121029131826 64050 example.com. NgY7UAdkXprnCi/O6c5XoB82tqLBd1bY9LmDG9wwN0zEUR5aHQcOmX9waHyqXQI86SOFQbGCvO2wDLqdqWniw1IYf4S66Vf9KrpaH2gVbvHKiEpGJPeDYQcD5xkv50Lsp4ktcLyuO/dk8ORCP7E2yC5IQVNeFgUfaqttZcJoxuQ=
+SECTION ADDITIONAL
+ns.example.com.	3600	IN	A	1.2.3.4
+ns.example.com.	3600	IN	RRSIG	A 8 2 3600 20121126123249 20121029123249 64050 example.com. zxGyimwFsd39j8T7jJ+tSAQPwZ7tjk6HHmzosTMCRePM4k4newbLb5HbrpucSiW/plaEZvjRTDTJ6bPkw0msPXjPCI/22Zh236XO5vhGtMOlxDgAEazuhifVF6UsM7GZwONPBCvw705HgWQyCR1YlTK2w9ffH3GopU9f4oP7Pmk=
+ENTRY_END
+
+SCENARIO_END
diff --git a/src/test/resources/unbound/val_cnametodname.rpl b/src/test/resources/unbound/val_cnametodname.rpl
new file mode 100644
index 000000000..8f7db4604
--- /dev/null
+++ b/src/test/resources/unbound/val_cnametodname.rpl
@@ -0,0 +1,234 @@
+; config options
+; The island of trust is at example.com
+server:
+	trust-anchor: "example.com.    3600    IN      DS      2854 3 1 46e4ffc6e9a4793b488954bd3f0cc6af0dfb201b"
+	trust-anchor: "example.net.    3600    IN      DNSKEY  256 3 5 AQPQ41chR9DEHt/aIzIFAqanbDlRflJoRs5yz1jFsoRIT7dWf0r+PeDuewdxkszNH6wnU4QL8pfKFRh5PIYVBLK3 ;{id = 30899 (zsk), size = 512b}"
+	val-override-date: "20070916134226"
+	target-fetch-policy: "0 0 0 0 0"
+	qname-minimisation: "no"
+	fake-sha1: yes
+	val-min-rsa-size: 512
+	trust-anchor-signaling: no
+
+stub-zone:
+	name: "."
+	stub-addr: 193.0.14.129 	# K.ROOT-SERVERS.NET.
+CONFIG_END
+
+SCENARIO_BEGIN Test validator with a cname to a dname
+
+; K.ROOT-SERVERS.NET.
+RANGE_BEGIN 0 100
+	ADDRESS 193.0.14.129
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+. IN NS
+SECTION ANSWER
+. IN NS	K.ROOT-SERVERS.NET.
+SECTION ADDITIONAL
+K.ROOT-SERVERS.NET.	IN	A	193.0.14.129
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+www.example.com. IN DNAME
+SECTION AUTHORITY
+com.	IN NS	a.gtld-servers.net.
+SECTION ADDITIONAL
+a.gtld-servers.net.	IN 	A	192.5.6.30
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+www.example.net. IN DNAME
+SECTION AUTHORITY
+net.	IN NS	a.gtld-servers.net.
+SECTION ADDITIONAL
+a.gtld-servers.net.	IN 	A	192.5.6.30
+ENTRY_END
+RANGE_END
+
+; a.gtld-servers.net.
+RANGE_BEGIN 0 100
+	ADDRESS 192.5.6.30
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+com. IN NS
+SECTION ANSWER
+com.    IN NS   a.gtld-servers.net.
+SECTION ADDITIONAL
+a.gtld-servers.net.     IN      A       192.5.6.30
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+net. IN NS
+SECTION ANSWER
+net.    IN NS   a.gtld-servers.net.
+SECTION ADDITIONAL
+a.gtld-servers.net.     IN      A       192.5.6.30
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+www.example.com. IN DNAME
+SECTION AUTHORITY
+example.com.	IN NS	ns.example.com.
+SECTION ADDITIONAL
+ns.example.com.		IN 	A	1.2.3.4
+ENTRY_END
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+www.example.net. IN DNAME
+SECTION AUTHORITY
+example.net.	IN NS	ns.example.net.
+SECTION ADDITIONAL
+ns.example.net.		IN 	A	1.2.3.5
+ENTRY_END
+RANGE_END
+
+; ns.example.com.
+RANGE_BEGIN 0 100
+	ADDRESS 1.2.3.4
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+example.com. IN NS
+SECTION ANSWER
+example.com.    IN NS   ns.example.com.
+example.com.    3600    IN      RRSIG   NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854}
+SECTION ADDITIONAL
+ns.example.com.         IN      A       1.2.3.4
+ns.example.com. 3600    IN      RRSIG   A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854}
+ENTRY_END
+
+; response to DNSKEY priming query
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+example.com. IN DNSKEY
+SECTION ANSWER
+example.com.    3600    IN      DNSKEY  256 3 3 ALXLUsWqUrY3JYER3T4TBJII s70j+sDS/UT2QRp61SE7S3E EXopNXoFE73JLRmvpi/UrOO/Vz4Se 6wXv/CYCKjGw06U4WRgR YXcpEhJROyNapmdIKSx hOzfLVE1gqA0PweZR8d tY3aNQSRn3sPpwJr6Mi /PqQKAMMrZ9ckJpf1+b QMOOvxgzz2U1GS18b3y ZKcgTMEaJzd/GZYzi/B N2DzQ0MsrSwYXfsNLFO Bbs8PJMW4LYIxeeOe6rUgkWOF 7CC9Dh/dduQ1QrsJhmZAEFfd6ByYV+ ;{id = 2854 (zsk), size = 1688b}
+example.com. 3600    IN      RRSIG   DNSKEY DSA 2 3600 20070926134150 20070829134150 2854 example.com. MCwCFBQRtlR4BEv9ohi+PGFjp+AHsJuHAhRCvz0shggvnvI88DFnBDCczHUcVA== ;{id = 2854}
+SECTION AUTHORITY
+example.com.	IN NS	ns.example.com.
+example.com.    3600    IN      RRSIG   NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854}
+SECTION ADDITIONAL
+ns.example.com.		IN 	A	1.2.3.4
+ns.example.com. 3600    IN      RRSIG   A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854}
+ENTRY_END
+
+; response to query of interest
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+www.example.com. IN DNAME
+SECTION ANSWER
+www.example.com. IN	CNAME	www.example.net.
+www.example.com.        3600    IN      RRSIG   CNAME DSA 3 3600 20070926134150 20070829134150 2854 example.com. MC0CFGcJxnNxpWCBzXejiSdl4p1BKRMnAhUApoJrugVBRwFgAoYAhhqlZFac7fE= ;{id = 2854}
+SECTION AUTHORITY
+SECTION ADDITIONAL
+ENTRY_END
+RANGE_END
+
+; ns.example.net.
+RANGE_BEGIN 0 100
+	ADDRESS 1.2.3.5
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+example.net. IN NS
+SECTION ANSWER
+example.net.	IN NS	ns.example.net.
+example.net.    3600    IN      RRSIG   NS RSASHA1 2 3600 20070926134150 20070829134150 30899 example.net. E8JX0l4B+cSR5bkHQwOJy1pBmlLMTYCJ8EwfNMU/eCv0YhKwo26rHhn52FGisgv+Nwp7/NbhHqQ+kJgoZC94XA== ;{id = 30899}
+SECTION ADDITIONAL
+ns.example.net.		IN 	A	1.2.3.5
+ns.example.net. 3600    IN      RRSIG   A RSASHA1 3 3600 20070926134150 20070829134150 30899 example.net. x+tQMC9FhzT7Fcy1pM5NrOC7E8nLd7THPI3C6ie4EwL8PrxllqlR3q/DKB0d/m0qCOPcgN6HFOYURV1s4uAcsw== ;{id = 30899}
+ENTRY_END
+
+; response to DNSKEY priming query
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+example.net. IN DNSKEY
+SECTION ANSWER
+example.net.    3600    IN      DNSKEY  256 3 5 AQPQ41chR9DEHt/aIzIFAqanbDlRflJoRs5yz1jFsoRIT7dWf0r+PeDuewdxkszNH6wnU4QL8pfKFRh5PIYVBLK3 ;{id = 30899 (zsk), size = 512b}
+example.net.    3600    IN      RRSIG   DNSKEY RSASHA1 2 3600 20070926134150 20070829134150 30899 example.net. hiFzlQ8VoYgCuvIsfVuxC3mfJDqsTh0yc6abs5xMx5uEcIjb0dndFQx7INOM+imlzveEN73Hqp4OLFpFhsWLlw== ;{id = 30899}
+SECTION AUTHORITY
+example.net.	IN NS	ns.example.net.
+example.net.    3600    IN      RRSIG   NS RSASHA1 2 3600 20070926134150 20070829134150 30899 example.net. E8JX0l4B+cSR5bkHQwOJy1pBmlLMTYCJ8EwfNMU/eCv0YhKwo26rHhn52FGisgv+Nwp7/NbhHqQ+kJgoZC94XA== ;{id = 30899}
+SECTION ADDITIONAL
+ns.example.net.		IN 	A	1.2.3.5
+ns.example.net. 3600    IN      RRSIG   A RSASHA1 3 3600 20070926134150 20070829134150 30899 example.net. x+tQMC9FhzT7Fcy1pM5NrOC7E8nLd7THPI3C6ie4EwL8PrxllqlR3q/DKB0d/m0qCOPcgN6HFOYURV1s4uAcsw== ;{id = 30899}
+ENTRY_END
+
+; response to query of interest
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+www.example.net. IN DNAME
+SECTION ANSWER
+www.example.net. IN	DNAME	blarg.com.
+www.example.net.        3600    IN      RRSIG   DNAME RSASHA1 3 3600 20070926134150 20070829134150 30899 example.net. ByevtOI1ChCDb8CD8Qvu2pNcooUWN4LkNXQj0vzSLp62rCltiWWTg8iU6DiojeOx2inVqx+PZXyiX1nX80kCgg== ;{id = 30899}
+SECTION AUTHORITY
+SECTION ADDITIONAL
+ENTRY_END
+RANGE_END
+
+STEP 1 QUERY
+ENTRY_BEGIN
+REPLY RD DO
+SECTION QUESTION
+www.example.com. IN DNAME
+ENTRY_END
+
+; recursion happens here.
+STEP 10 CHECK_ANSWER
+ENTRY_BEGIN
+MATCH all
+REPLY QR RD RA AD DO NOERROR
+SECTION QUESTION
+www.example.com. IN DNAME
+SECTION ANSWER
+www.example.com. IN	CNAME	www.example.net.
+www.example.com.        3600    IN      RRSIG   CNAME DSA 3 3600 20070926134150 20070829134150 2854 example.com. MC0CFGcJxnNxpWCBzXejiSdl4p1BKRMnAhUApoJrugVBRwFgAoYAhhqlZFac7fE= ;{id = 2854}
+www.example.net. IN	DNAME	blarg.com.
+www.example.net.        3600    IN      RRSIG   DNAME RSASHA1 3 3600 20070926134150 20070829134150 30899 example.net. ByevtOI1ChCDb8CD8Qvu2pNcooUWN4LkNXQj0vzSLp62rCltiWWTg8iU6DiojeOx2inVqx+PZXyiX1nX80kCgg== ;{id = 30899}
+SECTION AUTHORITY
+SECTION ADDITIONAL
+ENTRY_END
+
+SCENARIO_END
diff --git a/src/test/resources/unbound/val_cnametodnametocnametopos.rpl b/src/test/resources/unbound/val_cnametodnametocnametopos.rpl
new file mode 100644
index 000000000..d0b93022f
--- /dev/null
+++ b/src/test/resources/unbound/val_cnametodnametocnametopos.rpl
@@ -0,0 +1,422 @@
+; config options
+; The island of trust is at example.com
+server:
+	trust-anchor: "example.com.    3600    IN      DS      2854 3 1 46e4ffc6e9a4793b488954bd3f0cc6af0dfb201b"
+	trust-anchor: "example.net.    3600    IN      DNSKEY  256 3 5 AQPQ41chR9DEHt/aIzIFAqanbDlRflJoRs5yz1jFsoRIT7dWf0r+PeDuewdxkszNH6wnU4QL8pfKFRh5PIYVBLK3 ;{id = 30899 (zsk), size = 512b}"
+	trust-anchor: "example.org.    3600    IN      DNSKEY  256 3 3 ALXLUsWqUrY3JYER3T4TBJIIs70j+sDS/UT2QRp61SE7S3EEXopNXoFE73JLRmvpi/UrOO/Vz4Se6wXv/CYCKjGw06U4WRgRYXcpEhJROyNapmdIKSxhOzfLVE1gqA0PweZR8dtY3aNQSRn3sPpwJr6Mi/PqQKAMMrZ9ckJpf1+bQMOOvxgzz2U1GS18b3yZKcgTMEaJzd/GZYzi/BN2DzQ0MsrSwYXfsNLFOBbs8PJMW4LYIxeeOe6rUgkWOF7CC9Dh/dduQ1QrsJhmZAEFfd6ByYV+ ;{id = 2854 (zsk), size = 1688b}"
+	val-override-date: "20070916134226"
+	target-fetch-policy: "0 0 0 0 0"
+	qname-minimisation: "no"
+	fake-sha1: yes
+	val-min-rsa-size: 512
+	trust-anchor-signaling: no
+
+stub-zone:
+	name: "."
+	stub-addr: 193.0.14.129 	# K.ROOT-SERVERS.NET.
+CONFIG_END
+
+SCENARIO_BEGIN Test validator with cname, dname, cname, positive answer
+
+; K.ROOT-SERVERS.NET.
+RANGE_BEGIN 0 100
+	ADDRESS 193.0.14.129
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+. IN NS
+SECTION ANSWER
+. IN NS	K.ROOT-SERVERS.NET.
+SECTION ADDITIONAL
+K.ROOT-SERVERS.NET.	IN	A	193.0.14.129
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+www.example.com. IN A
+SECTION AUTHORITY
+com.	IN NS	a.gtld-servers.net.
+SECTION ADDITIONAL
+a.gtld-servers.net.	IN 	A	192.5.6.30
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+www.sub.example.net. IN A
+SECTION AUTHORITY
+net.	IN NS	a.gtld-servers.net.
+SECTION ADDITIONAL
+a.gtld-servers.net.	IN 	A	192.5.6.30
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+www.example.org. IN A
+SECTION AUTHORITY
+org.	IN NS	a.gtld-servers.net.
+SECTION ADDITIONAL
+a.gtld-servers.net.	IN 	A	192.5.6.30
+ENTRY_END
+RANGE_END
+
+; a.gtld-servers.net.
+RANGE_BEGIN 0 100
+	ADDRESS 192.5.6.30
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+com. IN NS
+SECTION ANSWER
+com.    IN NS   a.gtld-servers.net.
+SECTION ADDITIONAL
+a.gtld-servers.net.     IN      A       192.5.6.30
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+net. IN NS
+SECTION ANSWER
+net.    IN NS   a.gtld-servers.net.
+SECTION ADDITIONAL
+a.gtld-servers.net.     IN      A       192.5.6.30
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+org. IN NS
+SECTION ANSWER
+org.    IN NS   a.gtld-servers.net.
+SECTION ADDITIONAL
+a.gtld-servers.net.     IN      A       192.5.6.30
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+www.example.com. IN A
+SECTION AUTHORITY
+example.com.	IN NS	ns.example.com.
+SECTION ADDITIONAL
+ns.example.com.		IN 	A	1.2.3.4
+ENTRY_END
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+www.sub.example.net. IN A
+SECTION AUTHORITY
+example.net.	IN NS	ns.example.net.
+SECTION ADDITIONAL
+ns.example.net.		IN 	A	1.2.3.5
+ENTRY_END
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+www.example.org. IN A
+SECTION AUTHORITY
+example.org.	IN NS	ns.example.org.
+SECTION ADDITIONAL
+ns.example.org.		IN 	A	1.2.3.7
+ENTRY_END
+RANGE_END
+
+; ns.example.com.
+RANGE_BEGIN 0 100
+	ADDRESS 1.2.3.4
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+example.com. IN NS
+SECTION ANSWER
+example.com.    IN NS   ns.example.com.
+example.com.    3600    IN      RRSIG   NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854}
+SECTION ADDITIONAL
+ns.example.com.         IN      A       1.2.3.4
+ns.example.com. 3600    IN      RRSIG   A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854}
+ENTRY_END
+
+; response to DNSKEY priming query
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+example.com. IN DNSKEY
+SECTION ANSWER
+example.com.    3600    IN      DNSKEY  256 3 3 ALXLUsWqUrY3JYER3T4TBJII s70j+sDS/UT2QRp61SE7S3E EXopNXoFE73JLRmvpi/UrOO/Vz4Se 6wXv/CYCKjGw06U4WRgR YXcpEhJROyNapmdIKSx hOzfLVE1gqA0PweZR8d tY3aNQSRn3sPpwJr6Mi /PqQKAMMrZ9ckJpf1+b QMOOvxgzz2U1GS18b3y ZKcgTMEaJzd/GZYzi/B N2DzQ0MsrSwYXfsNLFO Bbs8PJMW4LYIxeeOe6rUgkWOF 7CC9Dh/dduQ1QrsJhmZAEFfd6ByYV+ ;{id = 2854 (zsk), size = 1688b}
+example.com. 3600    IN      RRSIG   DNSKEY DSA 2 3600 20070926134150 20070829134150 2854 example.com. MCwCFBQRtlR4BEv9ohi+PGFjp+AHsJuHAhRCvz0shggvnvI88DFnBDCczHUcVA== ;{id = 2854}
+SECTION AUTHORITY
+example.com.	IN NS	ns.example.com.
+example.com.    3600    IN      RRSIG   NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854}
+SECTION ADDITIONAL
+ns.example.com.		IN 	A	1.2.3.4
+ns.example.com. 3600    IN      RRSIG   A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854}
+ENTRY_END
+
+; response to query of interest
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+www.example.com. IN A
+SECTION ANSWER
+www.example.com. IN	CNAME	www.sub.example.net.
+www.example.com.        3600    IN      RRSIG   CNAME 3 3 3600 20070926134150 20070829134150 2854 example.com. MC0CFEv1gOb7KEskzkJNtFKKVBxY+Hb2AhUAqKJDIZJvNl+AdzqAt+JgdvnYAF0= ;{id = 2854}
+SECTION AUTHORITY
+SECTION ADDITIONAL
+ENTRY_END
+
+; response for delegation to sub.example.com.
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+www.sub.example.com. IN A
+SECTION ANSWER
+SECTION AUTHORITY
+sub.example.com. IN	NS ns.sub.example.com.
+sub.example.com.        3600    IN      DS      30899 RSASHA1 1 f7ed618f24d5e5202927e1d27bc2e84a141cb4b3
+sub.example.com.        3600    IN      RRSIG   DS 3 3 3600 20070926134150 20070829134150 2854 example.com. MCwCFCW3ix0GD4BSvNLWIbROCJt5DAW9AhRt/kg9kBKJ20UBUdumrBUHqnskdA== ;{id = 2854}
+SECTION ADDITIONAL
+ns.sub.example.com. IN A 1.2.3.6
+ENTRY_END
+
+; response for delegation to sub.example.com.
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+sub.example.com. IN DNSKEY
+SECTION ANSWER
+SECTION AUTHORITY
+sub.example.com. IN	NS ns.sub.example.com.
+sub.example.com.        3600    IN      DS      30899 RSASHA1 1 f7ed618f24d5e5202927e1d27bc2e84a141cb4b3
+sub.example.com.        3600    IN      RRSIG   DS 3 3 3600 20070926134150 20070829134150 2854 example.com. MCwCFCW3ix0GD4BSvNLWIbROCJt5DAW9AhRt/kg9kBKJ20UBUdumrBUHqnskdA== ;{id = 2854}
+SECTION ADDITIONAL
+ns.sub.example.com. IN A 1.2.3.6
+ENTRY_END
+RANGE_END
+
+; ns.example.net.
+RANGE_BEGIN 0 100
+	ADDRESS 1.2.3.5
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+example.net. IN NS
+SECTION ANSWER
+example.net.	IN NS	ns.example.net.
+example.net.    3600    IN      RRSIG   NS RSASHA1 2 3600 20070926134150 20070829134150 30899 example.net. E8JX0l4B+cSR5bkHQwOJy1pBmlLMTYCJ8EwfNMU/eCv0YhKwo26rHhn52FGisgv+Nwp7/NbhHqQ+kJgoZC94XA== ;{id = 30899}
+SECTION ADDITIONAL
+ns.example.net.		IN 	A	1.2.3.5
+ns.example.net. 3600    IN      RRSIG   A RSASHA1 3 3600 20070926134150 20070829134150 30899 example.net. x+tQMC9FhzT7Fcy1pM5NrOC7E8nLd7THPI3C6ie4EwL8PrxllqlR3q/DKB0d/m0qCOPcgN6HFOYURV1s4uAcsw== ;{id = 30899}
+ENTRY_END
+
+; response to DNSKEY priming query
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+example.net. IN DNSKEY
+SECTION ANSWER
+example.net.    3600    IN      DNSKEY  256 3 5 AQPQ41chR9DEHt/aIzIFAqanbDlRflJoRs5yz1jFsoRIT7dWf0r+PeDuewdxkszNH6wnU4QL8pfKFRh5PIYVBLK3 ;{id = 30899 (zsk), size = 512b}
+example.net.    3600    IN      RRSIG   DNSKEY RSASHA1 2 3600 20070926134150 20070829134150 30899 example.net. hiFzlQ8VoYgCuvIsfVuxC3mfJDqsTh0yc6abs5xMx5uEcIjb0dndFQx7INOM+imlzveEN73Hqp4OLFpFhsWLlw== ;{id = 30899}
+SECTION AUTHORITY
+example.net.	IN NS	ns.example.net.
+example.net.    3600    IN      RRSIG   NS RSASHA1 2 3600 20070926134150 20070829134150 30899 example.net. E8JX0l4B+cSR5bkHQwOJy1pBmlLMTYCJ8EwfNMU/eCv0YhKwo26rHhn52FGisgv+Nwp7/NbhHqQ+kJgoZC94XA== ;{id = 30899}
+SECTION ADDITIONAL
+ns.example.net.		IN 	A	1.2.3.5
+ns.example.net. 3600    IN      RRSIG   A RSASHA1 3 3600 20070926134150 20070829134150 30899 example.net. x+tQMC9FhzT7Fcy1pM5NrOC7E8nLd7THPI3C6ie4EwL8PrxllqlR3q/DKB0d/m0qCOPcgN6HFOYURV1s4uAcsw== ;{id = 30899}
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+sub.example.net. IN DS
+SECTION ANSWER
+SECTION AUTHORITY
+sub.example.net. IN	NSEC	www.example.net. DNAME RRSIG NSEC
+sub.example.net.        3600    IN      RRSIG   NSEC 5 3 3600 20070926134150 20070829134150 30899 example.net. PsKlcOSNElUi3u7Cn6c5+Sv8CRLTqmooMbvloTwUCkM53SuAirXcCA+9Pz5y0unO9+5IxwdkwssnoCOX5FqnCQ== ;{id = 30899}
+SECTION ADDITIONAL
+ENTRY_END
+
+; response to query of interest
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+www.sub.example.net. IN A
+SECTION ANSWER
+sub.example.net. IN	DNAME	sub.example.com.
+sub.example.net.        3600    IN      RRSIG   DNAME 5 3 3600 20070926134150 20070829134150 30899 example.net. G/UmcL1VmCF2mjB1O9IeNM2DnvayxEy6vOrvA+Ic/Gqcsgnq/f4VTCV9soQQIAWEir2v5Vt8hqPDP8rCRbMnyA== ;{id = 30899}
+www.sub.example.net. IN	CNAME	www.sub.example.com.
+SECTION AUTHORITY
+SECTION ADDITIONAL
+ENTRY_END
+RANGE_END
+
+; ns.sub.example.com.
+RANGE_BEGIN 0 100
+	ADDRESS 1.2.3.6
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+sub.example.com. IN NS
+SECTION ANSWER
+sub.example.com. IN	NS ns.sub.example.com.
+sub.example.com.        3600    IN      RRSIG   NS 5 3 3600 20070926134150 20070829134150 30899 sub.example.com. wcpHeBILHfo8C9uxMhcW03gcURZeUffiKdSTb50ZjzTHgMNhRyMfpcvSpXEd9548A9UTmWKeLZChfr5Z/glONw== ;{id = 30899}
+SECTION ADDITIONAL
+ns.sub.example.com. IN A 1.2.3.6
+ns.sub.example.com.     3600    IN      RRSIG   A 5 4 3600 20070926134150 20070829134150 30899 sub.example.com. UF7shD/gt1FOp2UHgLTNbPzVykklSXFMEtJ1xD+Hholwf/PIzd7zoaIttIYibNa4fUXCqMg22H9P7MRhfmFe6g== ;{id = 30899}
+ENTRY_END
+
+; response to DNSKEY priming query
+; sub.example.com.        3600    IN      DS      30899 RSASHA1 1 f7ed618f24d5e5202927e1d27bc2e84a141cb4b3
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+sub.example.com. IN DNSKEY
+SECTION ANSWER
+sub.example.com.        3600    IN      DNSKEY  256 3 5 AQPQ41chR9DEHt/aIzIFAqanbDlRflJoRs5yz1jFsoRIT7dWf0r+PeDuewdxkszNH6wnU4QL8pfKFRh5PIYVBLK3 ;{id = 30899 (zsk), size = 512b}
+sub.example.com.        3600    IN      RRSIG   DNSKEY 5 3 3600 20070926134150 20070829134150 30899 sub.example.com. uNGp99iznjD7oOX02XnQbDnbg75UwBHRvZSKYUorTKvPUnCWMHKdRsQ+mf+Fx3GZ+Fz9BVjoCmQqpnfgXLEYqw== ;{id = 30899}
+SECTION AUTHORITY
+sub.example.com. IN	NS ns.sub.example.com.
+sub.example.com.        3600    IN      RRSIG   NS 5 3 3600 20070926134150 20070829134150 30899 sub.example.com. wcpHeBILHfo8C9uxMhcW03gcURZeUffiKdSTb50ZjzTHgMNhRyMfpcvSpXEd9548A9UTmWKeLZChfr5Z/glONw== ;{id = 30899}
+SECTION ADDITIONAL
+ns.sub.example.com. IN A 1.2.3.6
+ns.sub.example.com.     3600    IN      RRSIG   A 5 4 3600 20070926134150 20070829134150 30899 sub.example.com. UF7shD/gt1FOp2UHgLTNbPzVykklSXFMEtJ1xD+Hholwf/PIzd7zoaIttIYibNa4fUXCqMg22H9P7MRhfmFe6g== ;{id = 30899}
+ENTRY_END
+
+; response to query of interest
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+www.sub.example.com. IN A
+SECTION ANSWER
+www.sub.example.com. IN	CNAME	www.example.org.
+www.sub.example.com.    3600    IN      RRSIG   CNAME 5 4 3600 20070926134150 20070829134150 30899 sub.example.com. ZE6A4pkyeUpNCscu2oeBv/3JbbirdwUaAMgmQ/ighzacUJCC6Lh8vAL5aYDEyTk7oktb8uS7gmYan171aM9/tg== ;{id = 30899}
+SECTION AUTHORITY
+SECTION ADDITIONAL
+ENTRY_END
+RANGE_END
+
+; ns.example.org.
+RANGE_BEGIN 0 100
+	ADDRESS 1.2.3.7
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+example.org. IN NS
+SECTION ANSWER
+example.org.	IN NS	ns.example.org.
+example.org.    3600    IN      RRSIG   NS 3 2 3600 20070926134150 20070829134150 2854 example.org. MCwCFAE1sQemdwqUPt4Qo+mr59a66DlFAhRV1mftIFs2YnkmIWsGtikIOJvh5A== ;{id = 2854}
+SECTION ADDITIONAL
+ns.example.org.		IN 	A	1.2.3.7
+ns.example.org. 3600    IN      RRSIG   A 3 3 3600 20070926134150 20070829134150 2854 example.org. MC0CFQC0yXaA8ywsZF+7dHukVIBFD820wQIUONbyI+UX9SDSDFmFnr+ApuTEooY= ;{id = 2854}
+ENTRY_END
+
+; response to DNSKEY priming query
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+example.org. IN DNSKEY
+SECTION ANSWER
+example.org.    3600    IN      DNSKEY  256 3 3 ALXLUsWqUrY3JYER3T4TBJII s70j+sDS/UT2QRp61SE7S3E EXopNXoFE73JLRmvpi/UrOO/Vz4Se 6wXv/CYCKjGw06U4WRgR YXcpEhJROyNapmdIKSx hOzfLVE1gqA0PweZR8d tY3aNQSRn3sPpwJr6Mi /PqQKAMMrZ9ckJpf1+b QMOOvxgzz2U1GS18b3y ZKcgTMEaJzd/GZYzi/B N2DzQ0MsrSwYXfsNLFO Bbs8PJMW4LYIxeeOe6rUgkWOF 7CC9Dh/dduQ1QrsJhmZAEFfd6ByYV+ ;{id = 2854 (zsk), size = 1688b}
+example.org.    3600    IN      RRSIG   DNSKEY 3 2 3600 20070926134150 20070829134150 2854 example.org. MC0CFBCSESiUl5XEht/LRecGFuX2Xad7AhUAoURP4DsIEbwMjlB955vziIB798E= ;{id = 2854}
+SECTION AUTHORITY
+example.org.	IN NS	ns.example.org.
+example.org.    3600    IN      RRSIG   NS 3 2 3600 20070926134150 20070829134150 2854 example.org. MCwCFAE1sQemdwqUPt4Qo+mr59a66DlFAhRV1mftIFs2YnkmIWsGtikIOJvh5A== ;{id = 2854}
+SECTION ADDITIONAL
+ns.example.org.		IN 	A	1.2.3.7
+ns.example.org. 3600    IN      RRSIG   A 3 3 3600 20070926134150 20070829134150 2854 example.org. MC0CFQC0yXaA8ywsZF+7dHukVIBFD820wQIUONbyI+UX9SDSDFmFnr+ApuTEooY= ;{id = 2854}
+ENTRY_END
+
+; response to query of interest
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+www.example.org. IN A
+SECTION ANSWER
+www.example.org. IN	A	11.11.11.11
+www.example.org.        3600    IN      RRSIG   A 3 3 3600 20070926134150 20070829134150 2854 example.org. MC0CFB/erEAxSMqW0I51r6VQMq861B+yAhUAqJ7DPU7xHFpWJGILOQ0WW3aDGi0= ;{id = 2854}
+SECTION AUTHORITY
+SECTION ADDITIONAL
+ENTRY_END
+RANGE_END
+
+STEP 1 QUERY
+ENTRY_BEGIN
+REPLY RD DO
+SECTION QUESTION
+www.example.com. IN A
+ENTRY_END
+
+; recursion happens here.
+STEP 10 CHECK_ANSWER
+ENTRY_BEGIN
+MATCH all
+REPLY QR RD RA AD DO NOERROR
+SECTION QUESTION
+www.example.com. IN A
+SECTION ANSWER
+www.example.com. 	3600 	IN	CNAME	www.sub.example.net.
+www.example.com.        3600    IN      RRSIG   CNAME 3 3 3600 20070926134150 20070829134150 2854 example.com. MC0CFEv1gOb7KEskzkJNtFKKVBxY+Hb2AhUAqKJDIZJvNl+AdzqAt+JgdvnYAF0= ;{id = 2854}
+sub.example.net. 	3600 	IN	DNAME	sub.example.com.
+sub.example.net.        3600    IN      RRSIG   DNAME 5 3 3600 20070926134150 20070829134150 30899 example.net. G/UmcL1VmCF2mjB1O9IeNM2DnvayxEy6vOrvA+Ic/Gqcsgnq/f4VTCV9soQQIAWEir2v5Vt8hqPDP8rCRbMnyA== ;{id = 30899}
+www.sub.example.net. 	0	IN	CNAME	www.sub.example.com.
+www.sub.example.com. 	3600	IN	CNAME	www.example.org.
+www.sub.example.com.    3600    IN      RRSIG   CNAME 5 4 3600 20070926134150 20070829134150 30899 sub.example.com. ZE6A4pkyeUpNCscu2oeBv/3JbbirdwUaAMgmQ/ighzacUJCC6Lh8vAL5aYDEyTk7oktb8uS7gmYan171aM9/tg== ;{id = 30899}
+www.example.org. 	3600	IN	A	11.11.11.11
+www.example.org.        3600    IN      RRSIG   A 3 3 3600 20070926134150 20070829134150 2854 example.org. MC0CFB/erEAxSMqW0I51r6VQMq861B+yAhUAqJ7DPU7xHFpWJGILOQ0WW3aDGi0= ;{id = 2854}
+SECTION AUTHORITY
+SECTION ADDITIONAL
+ENTRY_END
+
+SCENARIO_END
diff --git a/src/test/resources/unbound/val_cnametoinsecure.rpl b/src/test/resources/unbound/val_cnametoinsecure.rpl
new file mode 100644
index 000000000..78d04de97
--- /dev/null
+++ b/src/test/resources/unbound/val_cnametoinsecure.rpl
@@ -0,0 +1,139 @@
+; config options
+server:
+	trust-anchor: "example.com.	3600	IN	DNSKEY	256 3 5 AQPQ41chR9DEHt/aIzIFAqanbDlRflJoRs5yz1jFsoRIT7dWf0r+PeDuewdxkszNH6wnU4QL8pfKFRh5PIYVBLK3 ;{id = 30899 (zsk), size = 512b}"
+	trust-anchor: "example.org.	3600	IN	DNSKEY	256 3 5 AQPQ41chR9DEHt/aIzIFAqanbDlRflJoRs5yz1jFsoRIT7dWf0r+PeDuewdxkszNH6wnU4QL8pfKFRh5PIYVBLK3 ;{id = 30899 (zsk), size = 512b}"
+	val-override-date: "20091011000000"
+	fake-sha1: yes
+	trust-anchor-signaling: no
+
+forward-zone:
+	name: "."
+	forward-addr: 192.0.2.1
+CONFIG_END
+
+SCENARIO_BEGIN Test validator with CNAME to insecure NSEC or NSEC3.
+
+RANGE_BEGIN 0 100
+	ADDRESS 192.0.2.1
+
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+example.com. IN DNSKEY
+SECTION ANSWER
+example.com.     3600    IN      DNSKEY  256 3 5 AQPQ41chR9DEHt/aIzIFAqanbDlRflJoRs5yz1jFsoRIT7dWf0r+PeDuewdxkszNH6wnU4QL8pfKFRh5PIYVBLK3 ;{id = 30899 (zsk), size = 512b}
+example.com.	3600	IN	RRSIG	DNSKEY 5 2 3600 20091012000000 20091010000000 30899 example.com. BeCk6+D0ysmO1+X0CjvXH55AO78C7Vxrq58C3YgO0wt2eTG/deZCiWI3bz+3OC64cICbJr5fvCfqUuJDABU/fw== ;{id = 30899}
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+www.example.com. IN AAAA
+SECTION ANSWER
+www.example.com.	3600	IN	CNAME	unsafe.example.com.
+www.example.com.	3600	IN	RRSIG	CNAME 5 3 3600 20091012000000 20091010000000 30899 example.com. FJN0bZitZfxNQNTD1V2vcDBQ9cb4y4YGa35Ilr+VnrBiisAB9ZyrO8umvdtwzV1VPIlfFDQTJrKh5aZparLHPw== ;{id = 30899}
+SECTION AUTHORITY
+; really an insecure delegation, but co-hosted on the server.
+unsafe.example.com.	3600	IN	NSEC	v.example.com. NS RRSIG NSEC 
+unsafe.example.com.	3600	IN	RRSIG	NSEC 5 3 3600 20091012000000 20091010000000 30899 example.com. Le9EsRd2MxkOGRCvGtQkXRDAob5ZJOFQlZbDvcWAh5OXVpmcwZmCHctxw/Zyi4LkNYoYCSCc8PiVRrJM3IsGrQ== ;{id = 30899}
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+unsafe.example.com. IN AAAA
+SECTION ANSWER
+; empty response
+ENTRY_END
+
+
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+example.org. IN DNSKEY
+SECTION ANSWER
+example.org.     3600    IN      DNSKEY  256 3 5 AQPQ41chR9DEHt/aIzIFAqanbDlRflJoRs5yz1jFsoRIT7dWf0r+PeDuewdxkszNH6wnU4QL8pfKFRh5PIYVBLK3 ;{id = 30899 (zsk), size = 512b}
+example.org.	3600	IN	RRSIG	DNSKEY 5 2 3600 20091012000000 20091010000000 30899 example.org. rd9aoXbeaE0zyT96Z0sjN3Mz5Nz/wuRsIH1lwcjwUFmAAT7F+SjwVWeo8nGaTBd8JDSUdiL+VwotEE0I22RrnA== ;{id = 30899}
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+www.example.org. IN AAAA
+SECTION ANSWER
+www.example.org.	3600	IN	CNAME	unsafe.example.org.
+www.example.org.	3600	IN	RRSIG	CNAME 5 3 3600 20091012000000 20091010000000 30899 example.org. ZgRbMnunAqa1K46GINIihekkI73/1PkGFSAJRn7bSTxBpLM+qiHJDU1+QgS2SjaSKHqNqbXy/eeG3qX9r9y87g== ;{id = 30899}
+SECTION AUTHORITY
+; really an insecure delegation, but co-hosted on the server.
+; h(unsafe.example.org.) = ltchu0548v0cof8f25u2pj4mjf4shcms.
+ltchu0548v0cof8f25u2pj4mjf4shcms.example.org. IN NSEC3 1 0 1 - ltchu0548v0cof8f25u2pj4mjf4shcmt NS
+ltchu0548v0cof8f25u2pj4mjf4shcms.example.org.	3600	IN	RRSIG	NSEC3 5 3 3600 20091012000000 20091010000000 30899 example.org. yxuYgfkg8QTdB5yBMN9Up9GyKu7xjKDScqq95/tsy3lx22tLsdLD9Fojdrq7eB+K7Tr72AejmVJs44v6TmWkZw== ;{id = 30899}
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+unsafe.example.org. IN AAAA
+SECTION ANSWER
+; empty response
+ENTRY_END
+
+RANGE_END
+
+; NSEC
+STEP 1 QUERY
+ENTRY_BEGIN
+REPLY RD DO
+SECTION QUESTION
+www.example.com. IN AAAA
+ENTRY_END
+; recursion happens here.
+STEP 10 CHECK_ANSWER
+ENTRY_BEGIN
+MATCH all
+REPLY QR RD RA DO NOERROR
+SECTION QUESTION
+www.example.com. IN AAAA
+SECTION ANSWER
+www.example.com.        3600    IN      CNAME   unsafe.example.com.
+www.example.com.        3600    IN      RRSIG   CNAME 5 3 3600 20091012000000 20091010000000 30899 example.com. FJN0bZitZfxNQNTD1V2vcDBQ9cb4y4YGa35Ilr+VnrBiisAB9ZyrO8umvdtwzV1VPIlfFDQTJrKh5aZparLHPw== ;{id = 30899}
+SECTION AUTHORITY
+unsafe.example.com.     3600    IN      NSEC    v.example.com. NS RRSIG NSEC 
+unsafe.example.com.     3600    IN      RRSIG   NSEC 5 3 3600 20091012000000 20091010000000 30899 example.com. Le9EsRd2MxkOGRCvGtQkXRDAob5ZJOFQlZbDvcWAh5OXVpmcwZmCHctxw/Zyi4LkNYoYCSCc8PiVRrJM3IsGrQ== ;{id = 30899}
+ENTRY_END
+
+; NSEC3
+STEP 20 QUERY
+ENTRY_BEGIN
+REPLY RD DO
+SECTION QUESTION
+www.example.org. IN AAAA
+ENTRY_END
+; recursion happens here.
+STEP 30 CHECK_ANSWER
+ENTRY_BEGIN
+MATCH all
+REPLY QR RD RA DO NOERROR
+SECTION QUESTION
+www.example.org. IN AAAA
+SECTION ANSWER
+www.example.org.        3600    IN      CNAME   unsafe.example.org.
+www.example.org.        3600    IN      RRSIG   CNAME 5 3 3600 20091012000000 20091010000000 30899 example.org. ZgRbMnunAqa1K46GINIihekkI73/1PkGFSAJRn7bSTxBpLM+qiHJDU1+QgS2SjaSKHqNqbXy/eeG3qX9r9y87g== ;{id = 30899}
+SECTION AUTHORITY
+ltchu0548v0cof8f25u2pj4mjf4shcms.example.org.   3600    IN      NSEC3   1 0 1 -  ltchu0548v0cof8f25u2pj4mjf4shcmt NS 
+ltchu0548v0cof8f25u2pj4mjf4shcms.example.org.   3600    IN      RRSIG   NSEC3 5 3 3600 20091012000000 20091010000000 30899 example.org. yxuYgfkg8QTdB5yBMN9Up9GyKu7xjKDScqq95/tsy3lx22tLsdLD9Fojdrq7eB+K7Tr72AejmVJs44v6TmWkZw== ;{id = 30899}
+ENTRY_END
+
+SCENARIO_END
diff --git a/src/test/resources/unbound/val_cnametonodata.rpl b/src/test/resources/unbound/val_cnametonodata.rpl
new file mode 100644
index 000000000..4f9e8a945
--- /dev/null
+++ b/src/test/resources/unbound/val_cnametonodata.rpl
@@ -0,0 +1,234 @@
+; config options
+; The island of trust is at example.com
+server:
+	trust-anchor: "example.com.    3600    IN      DS      2854 3 1 46e4ffc6e9a4793b488954bd3f0cc6af0dfb201b"
+	trust-anchor: "example.net.    3600    IN      DNSKEY  256 3 5 AQPQ41chR9DEHt/aIzIFAqanbDlRflJoRs5yz1jFsoRIT7dWf0r+PeDuewdxkszNH6wnU4QL8pfKFRh5PIYVBLK3 ;{id = 30899 (zsk), size = 512b}"
+	val-override-date: "20070916134226"
+	target-fetch-policy: "0 0 0 0 0"
+	qname-minimisation: "no"
+	fake-sha1: yes
+	val-min-rsa-size: 512
+	trust-anchor-signaling: no
+
+stub-zone:
+	name: "."
+	stub-addr: 193.0.14.129 	# K.ROOT-SERVERS.NET.
+CONFIG_END
+
+SCENARIO_BEGIN Test validator with cname to nodata
+
+; K.ROOT-SERVERS.NET.
+RANGE_BEGIN 0 100
+	ADDRESS 193.0.14.129
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+. IN NS
+SECTION ANSWER
+. IN NS	K.ROOT-SERVERS.NET.
+SECTION ADDITIONAL
+K.ROOT-SERVERS.NET.	IN	A	193.0.14.129
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+www.example.com. IN A
+SECTION AUTHORITY
+com.	IN NS	a.gtld-servers.net.
+SECTION ADDITIONAL
+a.gtld-servers.net.	IN 	A	192.5.6.30
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+www.example.net. IN A
+SECTION AUTHORITY
+net.	IN NS	a.gtld-servers.net.
+SECTION ADDITIONAL
+a.gtld-servers.net.	IN 	A	192.5.6.30
+ENTRY_END
+RANGE_END
+
+; a.gtld-servers.net.
+RANGE_BEGIN 0 100
+	ADDRESS 192.5.6.30
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+com. IN NS
+SECTION ANSWER
+com.    IN NS   a.gtld-servers.net.
+SECTION ADDITIONAL
+a.gtld-servers.net.     IN      A       192.5.6.30
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+net. IN NS
+SECTION ANSWER
+net.    IN NS   a.gtld-servers.net.
+SECTION ADDITIONAL
+a.gtld-servers.net.     IN      A       192.5.6.30
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+www.example.com. IN A
+SECTION AUTHORITY
+example.com.	IN NS	ns.example.com.
+SECTION ADDITIONAL
+ns.example.com.		IN 	A	1.2.3.4
+ENTRY_END
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+www.example.net. IN A
+SECTION AUTHORITY
+example.net.	IN NS	ns.example.net.
+SECTION ADDITIONAL
+ns.example.net.		IN 	A	1.2.3.5
+ENTRY_END
+RANGE_END
+
+; ns.example.com.
+RANGE_BEGIN 0 100
+	ADDRESS 1.2.3.4
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+example.com. IN NS
+SECTION ANSWER
+example.com.    IN NS   ns.example.com.
+example.com.    3600    IN      RRSIG   NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854}
+SECTION ADDITIONAL
+ns.example.com.         IN      A       1.2.3.4
+ns.example.com. 3600    IN      RRSIG   A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854}
+ENTRY_END
+
+; response to DNSKEY priming query
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+example.com. IN DNSKEY
+SECTION ANSWER
+example.com.    3600    IN      DNSKEY  256 3 3 ALXLUsWqUrY3JYER3T4TBJII s70j+sDS/UT2QRp61SE7S3E EXopNXoFE73JLRmvpi/UrOO/Vz4Se 6wXv/CYCKjGw06U4WRgR YXcpEhJROyNapmdIKSx hOzfLVE1gqA0PweZR8d tY3aNQSRn3sPpwJr6Mi /PqQKAMMrZ9ckJpf1+b QMOOvxgzz2U1GS18b3y ZKcgTMEaJzd/GZYzi/B N2DzQ0MsrSwYXfsNLFO Bbs8PJMW4LYIxeeOe6rUgkWOF 7CC9Dh/dduQ1QrsJhmZAEFfd6ByYV+ ;{id = 2854 (zsk), size = 1688b}
+example.com. 3600    IN      RRSIG   DNSKEY DSA 2 3600 20070926134150 20070829134150 2854 example.com. MCwCFBQRtlR4BEv9ohi+PGFjp+AHsJuHAhRCvz0shggvnvI88DFnBDCczHUcVA== ;{id = 2854}
+SECTION AUTHORITY
+example.com.	IN NS	ns.example.com.
+example.com.    3600    IN      RRSIG   NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854}
+SECTION ADDITIONAL
+ns.example.com.		IN 	A	1.2.3.4
+ns.example.com. 3600    IN      RRSIG   A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854}
+ENTRY_END
+
+; response to query of interest
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+www.example.com. IN A
+SECTION ANSWER
+www.example.com.  3600    IN      CNAME   www.example.net.
+www.example.com.        3600    IN      RRSIG   CNAME 3 3 3600 20070926134150 20070829134150 2854 example.com. MCwCFGtYzScyRnHV8U/jOIPYwrlI9t3oAhRF0PIf+IthUR7uCWIvskWp5CfReQ== ;{id = 2854}
+SECTION AUTHORITY
+SECTION ADDITIONAL
+ENTRY_END
+RANGE_END
+
+; ns.example.net.
+RANGE_BEGIN 0 100
+	ADDRESS 1.2.3.5
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+example.net. IN NS
+SECTION ANSWER
+example.net.	IN NS	ns.example.net.
+example.net.    3600    IN      RRSIG   NS RSASHA1 2 3600 20070926134150 20070829134150 30899 example.net. E8JX0l4B+cSR5bkHQwOJy1pBmlLMTYCJ8EwfNMU/eCv0YhKwo26rHhn52FGisgv+Nwp7/NbhHqQ+kJgoZC94XA== ;{id = 30899}
+SECTION ADDITIONAL
+ns.example.net.		IN 	A	1.2.3.5
+ns.example.net. 3600    IN      RRSIG   A RSASHA1 3 3600 20070926134150 20070829134150 30899 example.net. x+tQMC9FhzT7Fcy1pM5NrOC7E8nLd7THPI3C6ie4EwL8PrxllqlR3q/DKB0d/m0qCOPcgN6HFOYURV1s4uAcsw== ;{id = 30899}
+ENTRY_END
+
+; response to DNSKEY priming query
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+example.net. IN DNSKEY
+SECTION ANSWER
+example.net.    3600    IN      DNSKEY  256 3 5 AQPQ41chR9DEHt/aIzIFAqanbDlRflJoRs5yz1jFsoRIT7dWf0r+PeDuewdxkszNH6wnU4QL8pfKFRh5PIYVBLK3 ;{id = 30899 (zsk), size = 512b}
+example.net.    3600    IN      RRSIG   DNSKEY RSASHA1 2 3600 20070926134150 20070829134150 30899 example.net. hiFzlQ8VoYgCuvIsfVuxC3mfJDqsTh0yc6abs5xMx5uEcIjb0dndFQx7INOM+imlzveEN73Hqp4OLFpFhsWLlw== ;{id = 30899}
+SECTION AUTHORITY
+example.net.	IN NS	ns.example.net.
+example.net.    3600    IN      RRSIG   NS RSASHA1 2 3600 20070926134150 20070829134150 30899 example.net. E8JX0l4B+cSR5bkHQwOJy1pBmlLMTYCJ8EwfNMU/eCv0YhKwo26rHhn52FGisgv+Nwp7/NbhHqQ+kJgoZC94XA== ;{id = 30899}
+SECTION ADDITIONAL
+ns.example.net.		IN 	A	1.2.3.5
+ns.example.net. 3600    IN      RRSIG   A RSASHA1 3 3600 20070926134150 20070829134150 30899 example.net. x+tQMC9FhzT7Fcy1pM5NrOC7E8nLd7THPI3C6ie4EwL8PrxllqlR3q/DKB0d/m0qCOPcgN6HFOYURV1s4uAcsw== ;{id = 30899}
+ENTRY_END
+
+; response to query of interest
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+www.example.net. IN A
+SECTION ANSWER
+SECTION AUTHORITY
+www.example.net. IN NSEC	example.net. MX NSEC RRSIG
+www.example.net.        3600    IN      RRSIG   NSEC 5 3 3600 20070926134150 20070829134150 30899 example.net. Z+3/WKJEqhWoMOQLC7Yb1dTVGaqzmU0bZ2cH9jSfNQZiT0O37yzCNNUmMsW4gsJOh3o61iZ+hxpze3aO3aedqQ== ;{id = 30899}
+SECTION ADDITIONAL
+ENTRY_END
+RANGE_END
+
+STEP 1 QUERY
+ENTRY_BEGIN
+REPLY RD DO
+SECTION QUESTION
+www.example.com. IN A
+ENTRY_END
+
+; recursion happens here.
+STEP 10 CHECK_ANSWER
+ENTRY_BEGIN
+MATCH all
+REPLY QR RD RA AD DO NOERROR
+SECTION QUESTION
+www.example.com. IN A
+SECTION ANSWER
+www.example.com. IN	CNAME	www.example.net.
+www.example.com.        3600    IN      RRSIG   CNAME 3 3 3600 20070926134150 20070829134150 2854 example.com. MCwCFGtYzScyRnHV8U/jOIPYwrlI9t3oAhRF0PIf+IthUR7uCWIvskWp5CfReQ== ;{id = 2854}
+SECTION AUTHORITY
+www.example.net. IN NSEC	example.net. MX NSEC RRSIG
+www.example.net.        3600    IN      RRSIG   NSEC 5 3 3600 20070926134150 20070829134150 30899 example.net. Z+3/WKJEqhWoMOQLC7Yb1dTVGaqzmU0bZ2cH9jSfNQZiT0O37yzCNNUmMsW4gsJOh3o61iZ+hxpze3aO3aedqQ== ;{id = 30899}
+SECTION ADDITIONAL
+ENTRY_END
+
+SCENARIO_END
diff --git a/src/test/resources/unbound/val_cnametonodata_nonsec.rpl b/src/test/resources/unbound/val_cnametonodata_nonsec.rpl
new file mode 100644
index 000000000..c1346ceb4
--- /dev/null
+++ b/src/test/resources/unbound/val_cnametonodata_nonsec.rpl
@@ -0,0 +1,265 @@
+; config options
+; The island of trust is at example.com
+server:
+	trust-anchor: "example.com.    3600    IN      DS      2854 3 1 46e4ffc6e9a4793b488954bd3f0cc6af0dfb201b"
+	trust-anchor: "example.net.    3600    IN      DNSKEY  256 3 5 AQPQ41chR9DEHt/aIzIFAqanbDlRflJoRs5yz1jFsoRIT7dWf0r+PeDuewdxkszNH6wnU4QL8pfKFRh5PIYVBLK3 ;{id = 30899 (zsk), size = 512b}"
+	val-override-date: "20070916134226"
+	target-fetch-policy: "0 0 0 0 0"
+	qname-minimisation: "no"
+	fake-sha1: yes
+	trust-anchor-signaling: no
+
+stub-zone:
+	name: "."
+	stub-addr: 193.0.14.129 	# K.ROOT-SERVERS.NET.
+CONFIG_END
+
+SCENARIO_BEGIN Test validator with cname to nodata
+
+; K.ROOT-SERVERS.NET.
+RANGE_BEGIN 0 100
+	ADDRESS 193.0.14.129 
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+. IN NS
+SECTION ANSWER
+. IN NS	K.ROOT-SERVERS.NET.
+SECTION ADDITIONAL
+K.ROOT-SERVERS.NET.	IN	A	193.0.14.129
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+www.example.com. IN A
+SECTION AUTHORITY
+com.	IN NS	a.gtld-servers.net.
+SECTION ADDITIONAL
+a.gtld-servers.net.	IN 	A	192.5.6.30
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+www.example.net. IN A
+SECTION AUTHORITY
+net.	IN NS	a.gtld-servers.net.
+SECTION ADDITIONAL
+a.gtld-servers.net.	IN 	A	192.5.6.30
+ENTRY_END
+RANGE_END
+
+; a.gtld-servers.net.
+RANGE_BEGIN 0 100
+	ADDRESS 192.5.6.30
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+com. IN NS
+SECTION ANSWER
+com.    IN NS   a.gtld-servers.net.
+SECTION ADDITIONAL
+a.gtld-servers.net.     IN      A       192.5.6.30
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+net. IN NS
+SECTION ANSWER
+net.    IN NS   a.gtld-servers.net.
+SECTION ADDITIONAL
+a.gtld-servers.net.     IN      A       192.5.6.30
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+www.example.com. IN A
+SECTION AUTHORITY
+example.com.	IN NS	ns.example.com.
+SECTION ADDITIONAL
+ns.example.com.		IN 	A	1.2.3.4
+ENTRY_END
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+www.example.net. IN A
+SECTION AUTHORITY
+example.net.	IN NS	ns.example.net.
+SECTION ADDITIONAL
+ns.example.net.		IN 	A	1.2.3.5
+ENTRY_END
+RANGE_END
+
+; ns.example.com.
+RANGE_BEGIN 0 100
+	ADDRESS 1.2.3.4
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+example.com. IN NS
+SECTION ANSWER
+example.com.    IN NS   ns.example.com.
+example.com.    3600    IN      RRSIG   NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854}
+SECTION ADDITIONAL
+ns.example.com.         IN      A       1.2.3.4
+ns.example.com. 3600    IN      RRSIG   A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854}
+ENTRY_END
+
+; response to DNSKEY priming query
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+example.com. IN DNSKEY
+SECTION ANSWER
+example.com.    3600    IN      DNSKEY  256 3 3 ALXLUsWqUrY3JYER3T4TBJII s70j+sDS/UT2QRp61SE7S3E EXopNXoFE73JLRmvpi/UrOO/Vz4Se 6wXv/CYCKjGw06U4WRgR YXcpEhJROyNapmdIKSx hOzfLVE1gqA0PweZR8d tY3aNQSRn3sPpwJr6Mi /PqQKAMMrZ9ckJpf1+b QMOOvxgzz2U1GS18b3y ZKcgTMEaJzd/GZYzi/B N2DzQ0MsrSwYXfsNLFO Bbs8PJMW4LYIxeeOe6rUgkWOF 7CC9Dh/dduQ1QrsJhmZAEFfd6ByYV+ ;{id = 2854 (zsk), size = 1688b}
+example.com. 3600    IN      RRSIG   DNSKEY DSA 2 3600 20070926134150 20070829134150 2854 example.com. MCwCFBQRtlR4BEv9ohi+PGFjp+AHsJuHAhRCvz0shggvnvI88DFnBDCczHUcVA== ;{id = 2854}
+SECTION AUTHORITY
+example.com.	IN NS	ns.example.com.
+example.com.    3600    IN      RRSIG   NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854}
+SECTION ADDITIONAL
+ns.example.com.		IN 	A	1.2.3.4
+ns.example.com. 3600    IN      RRSIG   A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854}
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+ns.example.com. IN AAAA
+SECTION ANSWER
+SECTION AUTHORITY
+; NSEC here ...
+SECTION ADDITIONAL
+ENTRY_END
+
+; response to query of interest
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+www.example.com. IN A
+SECTION ANSWER
+www.example.com.  3600    IN      CNAME   www.example.net.
+www.example.com.        3600    IN      RRSIG   CNAME 3 3 3600 20070926134150 20070829134150 2854 example.com. MCwCFGtYzScyRnHV8U/jOIPYwrlI9t3oAhRF0PIf+IthUR7uCWIvskWp5CfReQ== ;{id = 2854}
+SECTION AUTHORITY
+SECTION ADDITIONAL
+ENTRY_END
+RANGE_END
+
+; ns.example.net.
+RANGE_BEGIN 0 100
+	ADDRESS 1.2.3.5
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+example.net. IN NS
+SECTION ANSWER
+example.net.	IN NS	ns.example.net.
+example.net.    3600    IN      RRSIG   NS RSASHA1 2 3600 20070926134150 20070829134150 30899 example.net. E8JX0l4B+cSR5bkHQwOJy1pBmlLMTYCJ8EwfNMU/eCv0YhKwo26rHhn52FGisgv+Nwp7/NbhHqQ+kJgoZC94XA== ;{id = 30899}
+SECTION ADDITIONAL
+ns.example.net.		IN 	A	1.2.3.5
+ns.example.net. 3600    IN      RRSIG   A RSASHA1 3 3600 20070926134150 20070829134150 30899 example.net. x+tQMC9FhzT7Fcy1pM5NrOC7E8nLd7THPI3C6ie4EwL8PrxllqlR3q/DKB0d/m0qCOPcgN6HFOYURV1s4uAcsw== ;{id = 30899}
+ENTRY_END
+
+; response to DNSKEY priming query
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+example.net. IN DNSKEY
+SECTION ANSWER
+example.net.    3600    IN      DNSKEY  256 3 5 AQPQ41chR9DEHt/aIzIFAqanbDlRflJoRs5yz1jFsoRIT7dWf0r+PeDuewdxkszNH6wnU4QL8pfKFRh5PIYVBLK3 ;{id = 30899 (zsk), size = 512b}
+example.net.    3600    IN      RRSIG   DNSKEY RSASHA1 2 3600 20070926134150 20070829134150 30899 example.net. hiFzlQ8VoYgCuvIsfVuxC3mfJDqsTh0yc6abs5xMx5uEcIjb0dndFQx7INOM+imlzveEN73Hqp4OLFpFhsWLlw== ;{id = 30899}
+SECTION AUTHORITY
+example.net.	IN NS	ns.example.net.
+example.net.    3600    IN      RRSIG   NS RSASHA1 2 3600 20070926134150 20070829134150 30899 example.net. E8JX0l4B+cSR5bkHQwOJy1pBmlLMTYCJ8EwfNMU/eCv0YhKwo26rHhn52FGisgv+Nwp7/NbhHqQ+kJgoZC94XA== ;{id = 30899}
+SECTION ADDITIONAL
+ns.example.net.		IN 	A	1.2.3.5
+ns.example.net. 3600    IN      RRSIG   A RSASHA1 3 3600 20070926134150 20070829134150 30899 example.net. x+tQMC9FhzT7Fcy1pM5NrOC7E8nLd7THPI3C6ie4EwL8PrxllqlR3q/DKB0d/m0qCOPcgN6HFOYURV1s4uAcsw== ;{id = 30899}
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+ns.example.net. IN AAAA
+SECTION ANSWER
+SECTION AUTHORITY
+; NSEC here
+SECTION ADDITIONAL
+ENTRY_END
+
+; response to query of interest
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+www.example.net. IN A
+SECTION ANSWER
+SECTION AUTHORITY
+;www.example.net. IN NSEC	example.net. MX NSEC RRSIG
+;www.example.net.        3600    IN      RRSIG   NSEC 5 3 3600 20070926134150 20070829134150 30899 example.net. Z+3/WKJEqhWoMOQLC7Yb1dTVGaqzmU0bZ2cH9jSfNQZiT0O37yzCNNUmMsW4gsJOh3o61iZ+hxpze3aO3aedqQ== ;{id = 30899}
+SECTION ADDITIONAL
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+www.example.net. IN DS
+SECTION ANSWER
+SECTION AUTHORITY
+www.example.net. IN NSEC	example.net. MX NSEC RRSIG
+www.example.net.        3600    IN      RRSIG   NSEC 5 3 3600 20070926134150 20070829134150 30899 example.net. Z+3/WKJEqhWoMOQLC7Yb1dTVGaqzmU0bZ2cH9jSfNQZiT0O37yzCNNUmMsW4gsJOh3o61iZ+hxpze3aO3aedqQ== ;{id = 30899}
+SECTION ADDITIONAL
+ENTRY_END
+RANGE_END
+
+STEP 1 QUERY
+ENTRY_BEGIN
+REPLY RD DO
+SECTION QUESTION
+www.example.com. IN A
+ENTRY_END
+
+; recursion happens here.
+STEP 10 CHECK_ANSWER
+ENTRY_BEGIN
+MATCH all
+REPLY QR RD RA DO SERVFAIL
+SECTION QUESTION
+www.example.com. IN A
+SECTION ANSWER
+SECTION ADDITIONAL
+ENTRY_END
+
+SCENARIO_END
diff --git a/src/test/resources/unbound/val_cnametonsec.rpl b/src/test/resources/unbound/val_cnametonsec.rpl
new file mode 100644
index 000000000..27a562f3a
--- /dev/null
+++ b/src/test/resources/unbound/val_cnametonsec.rpl
@@ -0,0 +1,191 @@
+; config options
+; The island of trust is at example.com
+server:
+	trust-anchor: "example.com.    3600    IN      DS      2854 3 1 46e4ffc6e9a4793b488954bd3f0cc6af0dfb201b"
+	val-override-date: "20070916134226"
+	target-fetch-policy: "0 0 0 0 0"
+	qname-minimisation: "no"
+	fake-sha1: yes
+	trust-anchor-signaling: no
+
+stub-zone:
+	name: "."
+	stub-addr: 193.0.14.129 	# K.ROOT-SERVERS.NET.
+CONFIG_END
+
+SCENARIO_BEGIN Test validator with CNAME to insecure NSEC delegation
+
+; K.ROOT-SERVERS.NET.
+RANGE_BEGIN 0 100
+	ADDRESS 193.0.14.129 
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+. IN NS
+SECTION ANSWER
+. IN NS	K.ROOT-SERVERS.NET.
+SECTION ADDITIONAL
+K.ROOT-SERVERS.NET.	IN	A	193.0.14.129
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+www.example.com. IN A
+SECTION AUTHORITY
+com.	IN NS	a.gtld-servers.net.
+SECTION ADDITIONAL
+a.gtld-servers.net.	IN 	A	192.5.6.30
+ENTRY_END
+RANGE_END
+
+; a.gtld-servers.net.
+RANGE_BEGIN 0 100
+	ADDRESS 192.5.6.30
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+com. IN NS
+SECTION ANSWER
+com.    IN NS   a.gtld-servers.net.
+SECTION ADDITIONAL
+a.gtld-servers.net.     IN      A       192.5.6.30
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode subdomain
+ADJUST copy_id copy_query
+REPLY QR NOERROR
+SECTION QUESTION
+example.com. IN A
+SECTION AUTHORITY
+example.com.	IN NS	ns.example.com.
+SECTION ADDITIONAL
+ns.example.com.		IN 	A	1.2.3.4
+ENTRY_END
+RANGE_END
+
+; ns.example.com.
+RANGE_BEGIN 0 100
+	ADDRESS 1.2.3.4
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+example.com. IN NS
+SECTION ANSWER
+example.com.    IN NS   ns.example.com.
+example.com.    3600    IN      RRSIG   NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854}
+SECTION ADDITIONAL
+ns.example.com.         IN      A       1.2.3.4
+ns.example.com. 3600    IN      RRSIG   A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854}
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+ns.example.com. IN AAAA
+SECTION ANSWER
+; no NSECs to prove this, not needed in test, but could be there
+SECTION AUTHORITY
+example.com.    IN NS   ns.example.com.
+example.com.    3600    IN      RRSIG   NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854}
+SECTION ADDITIONAL
+ns.example.com.         IN      A       1.2.3.4
+ns.example.com. 3600    IN      RRSIG   A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854}
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+ns.example.com. IN A
+SECTION ANSWER
+ns.example.com.         IN      A       1.2.3.4
+ns.example.com. 3600    IN      RRSIG   A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854}
+SECTION AUTHORITY
+example.com.    IN NS   ns.example.com.
+example.com.    3600    IN      RRSIG   NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854}
+ENTRY_END
+
+; response to DNSKEY priming query
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+example.com. IN DNSKEY
+SECTION ANSWER
+example.com.    3600    IN      DNSKEY  256 3 3 ALXLUsWqUrY3JYER3T4TBJII s70j+sDS/UT2QRp61SE7S3E EXopNXoFE73JLRmvpi/UrOO/Vz4Se 6wXv/CYCKjGw06U4WRgR YXcpEhJROyNapmdIKSx hOzfLVE1gqA0PweZR8d tY3aNQSRn3sPpwJr6Mi /PqQKAMMrZ9ckJpf1+b QMOOvxgzz2U1GS18b3y ZKcgTMEaJzd/GZYzi/B N2DzQ0MsrSwYXfsNLFO Bbs8PJMW4LYIxeeOe6rUgkWOF 7CC9Dh/dduQ1QrsJhmZAEFfd6ByYV+ ;{id = 2854 (zsk), size = 1688b}
+example.com.    3600    IN      RRSIG   DNSKEY 3 2 3600 20070926134802 20070829134802 2854 example.com. MCwCFG1yhRNtTEa3Eno2zhVVuy2EJX3wAhQeLyUp6+UXcpC5qGNu9tkrTEgPUg== ;{id = 2854}
+SECTION AUTHORITY
+example.com.	IN NS	ns.example.com.
+example.com.    3600    IN      RRSIG   NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854}
+SECTION ADDITIONAL
+ns.example.com.		IN 	A	1.2.3.4
+ns.example.com. 3600    IN      RRSIG   A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854}
+ENTRY_END
+
+; response to query of interest
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+www.example.com. IN A
+SECTION ANSWER
+www.example.com. IN CNAME www.sub.example.com.
+www.example.com.	3600	IN	RRSIG	CNAME 3 3 3600 20070926134802 20070829134802 2854 example.com. AKvv+5rFiCFiNRbdpna4rQtyARsLltUL9lXRWgpBVB5voJNJ9g/n/f4= ;{id = 2854}
+SECTION AUTHORITY
+sub.example.com. IN NSEC zzz.example.com. NS
+sub.example.com.	3600	IN	RRSIG	NSEC 3 3 3600 20070926134802 20070829134802 2854 example.com. AJPvjSrqGbe3ZBOxV9J3XyFeOqrcPfIYPIWnlmj6G+PebJdAkvwIu9o= ;{id = 2854}
+SECTION ADDITIONAL
+ENTRY_END
+
+; this server also serves the zone sub.example.com.
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+www.sub.example.com. IN A
+SECTION AUTHORITY
+sub.example.com. IN SOA a. b. 1 2 3 4 5
+ENTRY_END
+
+RANGE_END
+
+STEP 1 QUERY
+ENTRY_BEGIN
+REPLY RD DO
+SECTION QUESTION
+www.example.com. IN A
+ENTRY_END
+
+; recursion happens here.
+STEP 10 CHECK_ANSWER
+ENTRY_BEGIN
+MATCH all
+REPLY QR RD RA DO NOERROR
+SECTION QUESTION
+www.example.com. IN A
+SECTION ANSWER
+www.example.com. IN CNAME www.sub.example.com.
+www.example.com.	3600	IN	RRSIG	CNAME 3 3 3600 20070926134802 20070829134802 2854 example.com. AKvv+5rFiCFiNRbdpna4rQtyARsLltUL9lXRWgpBVB5voJNJ9g/n/f4= ;{id = 2854}
+SECTION AUTHORITY
+sub.example.com. IN NSEC zzz.example.com. NS
+sub.example.com.	3600	IN	RRSIG	NSEC 3 3 3600 20070926134802 20070829134802 2854 example.com. AJPvjSrqGbe3ZBOxV9J3XyFeOqrcPfIYPIWnlmj6G+PebJdAkvwIu9o= ;{id = 2854}
+sub.example.com. IN SOA a. b. 1 2 3 4 5
+ENTRY_END
+
+SCENARIO_END
diff --git a/src/test/resources/unbound/val_cnametonx.rpl b/src/test/resources/unbound/val_cnametonx.rpl
new file mode 100644
index 000000000..fae397fe9
--- /dev/null
+++ b/src/test/resources/unbound/val_cnametonx.rpl
@@ -0,0 +1,238 @@
+; config options
+; The island of trust is at example.com
+server:
+	trust-anchor: "example.com.    3600    IN      DS      2854 3 1 46e4ffc6e9a4793b488954bd3f0cc6af0dfb201b"
+	trust-anchor: "example.net.    3600    IN      DNSKEY  256 3 5 AQPQ41chR9DEHt/aIzIFAqanbDlRflJoRs5yz1jFsoRIT7dWf0r+PeDuewdxkszNH6wnU4QL8pfKFRh5PIYVBLK3 ;{id = 30899 (zsk), size = 512b}"
+	val-override-date: "20070916134226"
+	target-fetch-policy: "0 0 0 0 0"
+	qname-minimisation: "no"
+	fake-sha1: yes
+	val-min-rsa-size: 512
+	trust-anchor-signaling: no
+
+stub-zone:
+	name: "."
+	stub-addr: 193.0.14.129 	# K.ROOT-SERVERS.NET.
+CONFIG_END
+
+SCENARIO_BEGIN Test validator with cname to nxdomain
+
+; K.ROOT-SERVERS.NET.
+RANGE_BEGIN 0 100
+	ADDRESS 193.0.14.129
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+. IN NS
+SECTION ANSWER
+. IN NS	K.ROOT-SERVERS.NET.
+SECTION ADDITIONAL
+K.ROOT-SERVERS.NET.	IN	A	193.0.14.129
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+www.example.com. IN A
+SECTION AUTHORITY
+com.	IN NS	a.gtld-servers.net.
+SECTION ADDITIONAL
+a.gtld-servers.net.	IN 	A	192.5.6.30
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+www.example.net. IN A
+SECTION AUTHORITY
+net.	IN NS	a.gtld-servers.net.
+SECTION ADDITIONAL
+a.gtld-servers.net.	IN 	A	192.5.6.30
+ENTRY_END
+RANGE_END
+
+; a.gtld-servers.net.
+RANGE_BEGIN 0 100
+	ADDRESS 192.5.6.30
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+com. IN NS
+SECTION ANSWER
+com.    IN NS   a.gtld-servers.net.
+SECTION ADDITIONAL
+a.gtld-servers.net.     IN      A       192.5.6.30
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+net. IN NS
+SECTION ANSWER
+net.    IN NS   a.gtld-servers.net.
+SECTION ADDITIONAL
+a.gtld-servers.net.     IN      A       192.5.6.30
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+www.example.com. IN A
+SECTION AUTHORITY
+example.com.	IN NS	ns.example.com.
+SECTION ADDITIONAL
+ns.example.com.		IN 	A	1.2.3.4
+ENTRY_END
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+www.example.net. IN A
+SECTION AUTHORITY
+example.net.	IN NS	ns.example.net.
+SECTION ADDITIONAL
+ns.example.net.		IN 	A	1.2.3.5
+ENTRY_END
+RANGE_END
+
+; ns.example.com.
+RANGE_BEGIN 0 100
+	ADDRESS 1.2.3.4
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+example.com. IN NS
+SECTION ANSWER
+example.com.    IN NS   ns.example.com.
+example.com.    3600    IN      RRSIG   NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854}
+SECTION ADDITIONAL
+ns.example.com.         IN      A       1.2.3.4
+ns.example.com. 3600    IN      RRSIG   A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854}
+ENTRY_END
+
+; response to DNSKEY priming query
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+example.com. IN DNSKEY
+SECTION ANSWER
+example.com.    3600    IN      DNSKEY  256 3 3 ALXLUsWqUrY3JYER3T4TBJII s70j+sDS/UT2QRp61SE7S3E EXopNXoFE73JLRmvpi/UrOO/Vz4Se 6wXv/CYCKjGw06U4WRgR YXcpEhJROyNapmdIKSx hOzfLVE1gqA0PweZR8d tY3aNQSRn3sPpwJr6Mi /PqQKAMMrZ9ckJpf1+b QMOOvxgzz2U1GS18b3y ZKcgTMEaJzd/GZYzi/B N2DzQ0MsrSwYXfsNLFO Bbs8PJMW4LYIxeeOe6rUgkWOF 7CC9Dh/dduQ1QrsJhmZAEFfd6ByYV+ ;{id = 2854 (zsk), size = 1688b}
+example.com. 3600    IN      RRSIG   DNSKEY DSA 2 3600 20070926134150 20070829134150 2854 example.com. MCwCFBQRtlR4BEv9ohi+PGFjp+AHsJuHAhRCvz0shggvnvI88DFnBDCczHUcVA== ;{id = 2854}
+SECTION AUTHORITY
+example.com.	IN NS	ns.example.com.
+example.com.    3600    IN      RRSIG   NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854}
+SECTION ADDITIONAL
+ns.example.com.		IN 	A	1.2.3.4
+ns.example.com. 3600    IN      RRSIG   A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854}
+ENTRY_END
+
+; response to query of interest
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+www.example.com. IN A
+SECTION ANSWER
+www.example.com.  3600    IN      CNAME   www.example.net.
+www.example.com.        3600    IN      RRSIG   CNAME 3 3 3600 20070926134150 20070829134150 2854 example.com. MCwCFGtYzScyRnHV8U/jOIPYwrlI9t3oAhRF0PIf+IthUR7uCWIvskWp5CfReQ== ;{id = 2854}
+SECTION AUTHORITY
+SECTION ADDITIONAL
+ENTRY_END
+RANGE_END
+
+; ns.example.net.
+RANGE_BEGIN 0 100
+	ADDRESS 1.2.3.5
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+example.net. IN NS
+SECTION ANSWER
+example.net.	IN NS	ns.example.net.
+example.net.    3600    IN      RRSIG   NS RSASHA1 2 3600 20070926134150 20070829134150 30899 example.net. E8JX0l4B+cSR5bkHQwOJy1pBmlLMTYCJ8EwfNMU/eCv0YhKwo26rHhn52FGisgv+Nwp7/NbhHqQ+kJgoZC94XA== ;{id = 30899}
+SECTION ADDITIONAL
+ns.example.net.		IN 	A	1.2.3.5
+ns.example.net. 3600    IN      RRSIG   A RSASHA1 3 3600 20070926134150 20070829134150 30899 example.net. x+tQMC9FhzT7Fcy1pM5NrOC7E8nLd7THPI3C6ie4EwL8PrxllqlR3q/DKB0d/m0qCOPcgN6HFOYURV1s4uAcsw== ;{id = 30899}
+ENTRY_END
+
+; response to DNSKEY priming query
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+example.net. IN DNSKEY
+SECTION ANSWER
+example.net.    3600    IN      DNSKEY  256 3 5 AQPQ41chR9DEHt/aIzIFAqanbDlRflJoRs5yz1jFsoRIT7dWf0r+PeDuewdxkszNH6wnU4QL8pfKFRh5PIYVBLK3 ;{id = 30899 (zsk), size = 512b}
+example.net.    3600    IN      RRSIG   DNSKEY RSASHA1 2 3600 20070926134150 20070829134150 30899 example.net. hiFzlQ8VoYgCuvIsfVuxC3mfJDqsTh0yc6abs5xMx5uEcIjb0dndFQx7INOM+imlzveEN73Hqp4OLFpFhsWLlw== ;{id = 30899}
+SECTION AUTHORITY
+example.net.	IN NS	ns.example.net.
+example.net.    3600    IN      RRSIG   NS RSASHA1 2 3600 20070926134150 20070829134150 30899 example.net. E8JX0l4B+cSR5bkHQwOJy1pBmlLMTYCJ8EwfNMU/eCv0YhKwo26rHhn52FGisgv+Nwp7/NbhHqQ+kJgoZC94XA== ;{id = 30899}
+SECTION ADDITIONAL
+ns.example.net.		IN 	A	1.2.3.5
+ns.example.net. 3600    IN      RRSIG   A RSASHA1 3 3600 20070926134150 20070829134150 30899 example.net. x+tQMC9FhzT7Fcy1pM5NrOC7E8nLd7THPI3C6ie4EwL8PrxllqlR3q/DKB0d/m0qCOPcgN6HFOYURV1s4uAcsw== ;{id = 30899}
+ENTRY_END
+
+; response to query of interest
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NXDOMAIN
+SECTION QUESTION
+www.example.net. IN A
+SECTION ANSWER
+SECTION AUTHORITY
+example.net.	IN	NSEC	abc.example.net. SOA NS DNSKEY NSEC RRSIG
+example.net.    3600    IN      RRSIG   NSEC 5 2 3600 20070926134150 20070829134150 30899 example.net. SEHthmjHyqGlzaOp3Dx6Jn5Fnvvtknw/IF6YSFY8NZLe+YSh1oRJbdEkQ8G92IT08n1jSN6jvKRsFBOUoFOQAw== ;{id = 30899}
+wab.example.net.	IN	NSEC	wzz.example.net. A NSEC RRSIG
+wab.example.net.        3600    IN      RRSIG   NSEC 5 3 3600 20070926134150 20070829134150 30899 example.net. gl8vkI3xfSWx4Pyv5OdOthiewE6u/13kclY7UG9ptuFBddamdJO3RQqyxM6Xcmq+ToO4kMCCyaKijp01gTDoGg== ;{id = 30899}
+SECTION ADDITIONAL
+ENTRY_END
+RANGE_END
+
+STEP 1 QUERY
+ENTRY_BEGIN
+REPLY RD DO
+SECTION QUESTION
+www.example.com. IN A
+ENTRY_END
+
+; recursion happens here.
+STEP 10 CHECK_ANSWER
+ENTRY_BEGIN
+MATCH all
+REPLY QR RD RA AD DO NXDOMAIN
+SECTION QUESTION
+www.example.com. IN A
+SECTION ANSWER
+www.example.com. IN	CNAME	www.example.net.
+www.example.com.        3600    IN      RRSIG   CNAME 3 3 3600 20070926134150 20070829134150 2854 example.com. MCwCFGtYzScyRnHV8U/jOIPYwrlI9t3oAhRF0PIf+IthUR7uCWIvskWp5CfReQ== ;{id = 2854}
+SECTION AUTHORITY
+example.net.	IN	NSEC	abc.example.net. SOA NS DNSKEY NSEC RRSIG
+example.net.    3600    IN      RRSIG   NSEC 5 2 3600 20070926134150 20070829134150 30899 example.net. SEHthmjHyqGlzaOp3Dx6Jn5Fnvvtknw/IF6YSFY8NZLe+YSh1oRJbdEkQ8G92IT08n1jSN6jvKRsFBOUoFOQAw== ;{id = 30899}
+wab.example.net.	IN	NSEC	wzz.example.net. A NSEC RRSIG
+wab.example.net.        3600    IN      RRSIG   NSEC 5 3 3600 20070926134150 20070829134150 30899 example.net. gl8vkI3xfSWx4Pyv5OdOthiewE6u/13kclY7UG9ptuFBddamdJO3RQqyxM6Xcmq+ToO4kMCCyaKijp01gTDoGg== ;{id = 30899}
+SECTION ADDITIONAL
+ENTRY_END
+
+SCENARIO_END
diff --git a/src/test/resources/unbound/val_cnametooptin.rpl b/src/test/resources/unbound/val_cnametooptin.rpl
new file mode 100644
index 000000000..77a3c06bd
--- /dev/null
+++ b/src/test/resources/unbound/val_cnametooptin.rpl
@@ -0,0 +1,195 @@
+; config options
+; The island of trust is at example.com
+server:
+	trust-anchor: "example.com.    3600    IN      DS      2854 3 1 46e4ffc6e9a4793b488954bd3f0cc6af0dfb201b"
+	val-override-date: "20070916134226"
+	target-fetch-policy: "0 0 0 0 0"
+	qname-minimisation: "no"
+	fake-sha1: yes
+	trust-anchor-signaling: no
+
+stub-zone:
+	name: "."
+	stub-addr: 193.0.14.129 	# K.ROOT-SERVERS.NET.
+CONFIG_END
+
+SCENARIO_BEGIN Test validator with CNAME to insecure optin NSEC3
+
+; K.ROOT-SERVERS.NET.
+RANGE_BEGIN 0 100
+	ADDRESS 193.0.14.129 
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+. IN NS
+SECTION ANSWER
+. IN NS	K.ROOT-SERVERS.NET.
+SECTION ADDITIONAL
+K.ROOT-SERVERS.NET.	IN	A	193.0.14.129
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+www.example.com. IN A
+SECTION AUTHORITY
+com.	IN NS	a.gtld-servers.net.
+SECTION ADDITIONAL
+a.gtld-servers.net.	IN 	A	192.5.6.30
+ENTRY_END
+RANGE_END
+
+; a.gtld-servers.net.
+RANGE_BEGIN 0 100
+	ADDRESS 192.5.6.30
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+com. IN NS
+SECTION ANSWER
+com.    IN NS   a.gtld-servers.net.
+SECTION ADDITIONAL
+a.gtld-servers.net.     IN      A       192.5.6.30
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode subdomain
+ADJUST copy_id copy_query
+REPLY QR NOERROR
+SECTION QUESTION
+example.com. IN A
+SECTION AUTHORITY
+example.com.	IN NS	ns.example.com.
+SECTION ADDITIONAL
+ns.example.com.		IN 	A	1.2.3.4
+ENTRY_END
+RANGE_END
+
+; ns.example.com.
+RANGE_BEGIN 0 100
+	ADDRESS 1.2.3.4
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+example.com. IN NS
+SECTION ANSWER
+example.com.    IN NS   ns.example.com.
+example.com.    3600    IN      RRSIG   NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854}
+SECTION ADDITIONAL
+ns.example.com.         IN      A       1.2.3.4
+ns.example.com. 3600    IN      RRSIG   A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854}
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+ns.example.com. IN AAAA
+SECTION ANSWER
+SECTION AUTHORITY
+example.com.    IN NS   ns.example.com.
+example.com.    3600    IN      RRSIG   NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854}
+SECTION ADDITIONAL
+ns.example.com.         IN      A       1.2.3.4
+ns.example.com. 3600    IN      RRSIG   A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854}
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+ns.example.com. IN A
+SECTION ANSWER
+ns.example.com.         IN      A       1.2.3.4
+ns.example.com. 3600    IN      RRSIG   A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854}
+SECTION AUTHORITY
+example.com.    IN NS   ns.example.com.
+example.com.    3600    IN      RRSIG   NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854}
+SECTION ADDITIONAL
+ENTRY_END
+
+; response to DNSKEY priming query
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+example.com. IN DNSKEY
+SECTION ANSWER
+example.com.    3600    IN      DNSKEY  256 3 3 ALXLUsWqUrY3JYER3T4TBJII s70j+sDS/UT2QRp61SE7S3E EXopNXoFE73JLRmvpi/UrOO/Vz4Se 6wXv/CYCKjGw06U4WRgR YXcpEhJROyNapmdIKSx hOzfLVE1gqA0PweZR8d tY3aNQSRn3sPpwJr6Mi /PqQKAMMrZ9ckJpf1+b QMOOvxgzz2U1GS18b3y ZKcgTMEaJzd/GZYzi/B N2DzQ0MsrSwYXfsNLFO Bbs8PJMW4LYIxeeOe6rUgkWOF 7CC9Dh/dduQ1QrsJhmZAEFfd6ByYV+ ;{id = 2854 (zsk), size = 1688b}
+example.com.    3600    IN      RRSIG   DNSKEY 3 2 3600 20070926134802 20070829134802 2854 example.com. MCwCFG1yhRNtTEa3Eno2zhVVuy2EJX3wAhQeLyUp6+UXcpC5qGNu9tkrTEgPUg== ;{id = 2854}
+SECTION AUTHORITY
+example.com.	IN NS	ns.example.com.
+example.com.    3600    IN      RRSIG   NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854}
+SECTION ADDITIONAL
+ns.example.com.		IN 	A	1.2.3.4
+ns.example.com. 3600    IN      RRSIG   A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854}
+ENTRY_END
+
+; response to query of interest
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+www.example.com. IN A
+SECTION ANSWER
+www.example.com. IN CNAME www.sub.example.com.
+www.example.com.	3600	IN	RRSIG	CNAME 3 3 3600 20070926134802 20070829134802 2854 example.com. AKvv+5rFiCFiNRbdpna4rQtyARsLltUL9lXRWgpBVB5voJNJ9g/n/f4= ;{id = 2854}
+SECTION AUTHORITY
+; NSEC3PARAM 1 0 1 -
+; example.com. -> 9vq38lj9qs6s1aruer131mbtsfnvek2p.
+; sub.example.com. -> 7t1ect6t5vp0s7se8si9d07roqupr3gc.
+; www.example.com. -> 0lverorlcjoa2lji5rik0otij3lgoj3l.
+7t1ect6t5vp0s7se8si9d07roqupr3gc.example.com. IN NSEC3 1 0 1 - 7t1ect6t5vp0s7se8si9d07roqupr3gd NS
+7t1ect6t5vp0s7se8si9d07roqupr3gc.example.com.	3600	IN	RRSIG	NSEC3 3 3 3600 20070926134802 20070829134802 2854 example.com. AIiTSxI4hTDiDzo+bMaOKSvjIyoChgjY19y2NQG/Mtt80sNbDBY126I= ;{id = 2854}
+SECTION ADDITIONAL
+ENTRY_END
+
+; this server also serves the zone sub.example.com.
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+www.sub.example.com. IN A
+SECTION AUTHORITY
+sub.example.com. IN SOA a. b. 1 2 3 4 5
+ENTRY_END
+
+RANGE_END
+
+STEP 1 QUERY
+ENTRY_BEGIN
+REPLY RD DO
+SECTION QUESTION
+www.example.com. IN A
+ENTRY_END
+
+; recursion happens here.
+STEP 10 CHECK_ANSWER
+ENTRY_BEGIN
+MATCH all
+REPLY QR RD RA DO NOERROR
+SECTION QUESTION
+www.example.com. IN A
+SECTION ANSWER
+www.example.com. IN CNAME www.sub.example.com.
+www.example.com.	3600	IN	RRSIG	CNAME 3 3 3600 20070926134802 20070829134802 2854 example.com. AKvv+5rFiCFiNRbdpna4rQtyARsLltUL9lXRWgpBVB5voJNJ9g/n/f4= ;{id = 2854}
+SECTION AUTHORITY
+7t1ect6t5vp0s7se8si9d07roqupr3gc.example.com. IN NSEC3 1 0 1 - 7t1ect6t5vp0s7se8si9d07roqupr3gd NS
+7t1ect6t5vp0s7se8si9d07roqupr3gc.example.com.	3600	IN	RRSIG	NSEC3 3 3 3600 20070926134802 20070829134802 2854 example.com. AIiTSxI4hTDiDzo+bMaOKSvjIyoChgjY19y2NQG/Mtt80sNbDBY126I= ;{id = 2854}
+sub.example.com. IN SOA a. b. 1 2 3 4 5
+ENTRY_END
+
+SCENARIO_END
diff --git a/src/test/resources/unbound/val_cnametooptout.rpl b/src/test/resources/unbound/val_cnametooptout.rpl
new file mode 100644
index 000000000..c9e982253
--- /dev/null
+++ b/src/test/resources/unbound/val_cnametooptout.rpl
@@ -0,0 +1,112 @@
+; config options
+server:
+	trust-anchor: "GOV. DS 26079 7 2 4ED5FFBC8A40262B56E1232135B929192804ACC006930D087AAB38A611C89041"
+	val-override-date: "20091113091234"
+	fake-sha1: yes
+	trust-anchor-signaling: no
+
+forward-zone:
+	name: "."
+	forward-addr: 192.0.2.1
+CONFIG_END
+
+SCENARIO_BEGIN Test validator with CNAME to optout NSEC3 span NODATA
+
+RANGE_BEGIN 0 100
+	ADDRESS 192.0.2.1
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+www.hud.gov. IN AAAA
+SECTION ANSWER
+www.hud.gov.    86400   IN      CNAME   www.content.hud.gov.
+www.hud.gov.    86400   IN      RRSIG   CNAME 7 3 86400 20091204150200 20091104150200 64775 hud.gov. taZtumaTp8eSlcj0vEGnY0Up05RtlC2NhHrtHDUdq1TskAPQH8Eu9AoVe6gKrFEyCC1ixprOhT8Ni661d/ZykdzgceZ8KgFIlSQ84Whm59yB2gcbXLen9rApF0+NuyRgdAph6yjMYMtfoRQWAASG7SqS/v52dkHNf/a9PXaDvHBvjoiTK+dXPKFulkmEl0KyhXBdsikl6/Xd68FF41FdDNzWS8ZzYCdd4CWaXXkwTtPSFsKyXGZeXOTxqGQJnD+hNBkn2sAca1oLiAsfaiCHec66I+rHGXT+mPB7HXez32jbbeInkgB7M2TUoRXehifuloR8sur8Xck9FPRv24Si8A== ;{id = 64775}
+SECTION AUTHORITY
+content.hud.gov.        86400   IN      NS      drfswitch.hud.gov.
+content.hud.gov.        86400   IN      NS      lanswitch.hud.gov.
+3RUD2HK5O5KA0IC6BF22C1T4R1BJGJ3R.hud.gov.       86400   IN      NSEC3   1 1 5 abcd  42bsks495i3mb2s3f6nhusc6rfm54g4g A NS SOA MX RRSIG DNSKEY NSEC3PARAM  ; flags: optout
+3RUD2HK5O5KA0IC6BF22C1T4R1BJGJ3R.hud.gov.       86400   IN      RRSIG   NSEC3 7 3 86400 20091204150200 20091104150200 64775 hud.gov. APf75Nx4eY9eHov3T9hduDLuG4TJfVfEUEhSgm7HIZRvSPFgajHz2q+Wy6888G3C0T1Zft1qL2PdHMonK6H1OEE+NiOxroDsZaH+aWZjAsbIO86qQ2xcC+/Z9DsddQtONk0zAqpuYxHSn879rAk/BIKeDukNoBChHCSTy8olUFiYt7XEmjz5AOoc8R5VQhMQi/vmbmC0BoFOemDxxowG2MX27Hj2MbVBEJiT8xioFEk41jsdDI0WQtpnory2NT/UM4kWZdmDdxbpwu2F8oixe3oi4AOI9j3EukoOZT9f0Sx+tCg/I9zLNZJi+VuI5oUlpZkSH5EoUyRgK33eO+KJhQ== ;{id = 64775}
+GO8CPDSLPULIOURE31GBK5JJKA0BKIVN.hud.gov.       86400   IN      NSEC3   1 1 5 abcd  gvfjd9enpjtet8a14uhb8hlrfeon2b72 A RRSIG  ; flags: optout
+GO8CPDSLPULIOURE31GBK5JJKA0BKIVN.hud.gov.       86400   IN      RRSIG   NSEC3 7 3 86400 20091204150200 20091104150200 64775 hud.gov. eQFg/RvJ640k+Fa5yIUZwkx8FvsYSivykYFjc6dOiGt7r3VprfxwGWeYpyjYr/+mzu0ugE5ePDjZWtr5naK3dvqmt7qKk4/nEvVDoUmrg7joIUmeTzami9RB9lzCq2O/ddempQ6jpwfjiIDuEKUxHMpBFpw8QQZnZSZHKKQCDB4pOj8U8J/wNJXCS+SP7plU1hEVroC+QXCOYS8NHY2wFyeuW7A+xvg9tyYp9PH6c5MoNMkRQt36Kdvfk1nk3osktwalJNLmMhDr/vtErFieGGD6E9Ud9Pg70bPF2G5nqwwLDRevy7hIFjaMDHfYrcWc4B5hrUSpGtLJkYog9vsd2w== ;{id = 64775}
+SECTION ADDITIONAL
+drfswitch.hud.gov.      86400   IN      A       170.97.167.1
+lanswitch.hud.gov.      86400   IN      A       170.97.67.78
+drfswitch.hud.gov.      86400   IN      RRSIG   A 7 3 86400 20091204150200 20091104150200 64775 hud.gov. ub6Anb7XgDMRsTYxqKDRUOYnntLetcJMXM9SVbG7Cb2n+ccp4OO38u6KnGO1i8U5rhTQ6WPlG6iKA+8U0mQuWp3fkzBaE+a5R3eEfzLlRE/MbjUqHjTb0MVYQnMWaA7YXmj/1BNFjBuAam+J3QnU4JR3RqN9WDmHXYx8IUEY9BYSWvTMhOnzebRu6z9MUBQWFfm69pFxf0Z1SkpInznU/mxGdGlslzxL8ScKAUMSBiQG1tyL90OEXW3Yp7kbOtpTxGrXucpMiMB9lXI/z9UiRJenZrJ7swyyyJ5Do0TjCiS3oS8RBhX8ou09sNftUmF9crKz/BdNq90wVYoHXYz9vg== ;{id = 64775}
+lanswitch.hud.gov.      86400   IN      RRSIG   A 7 3 86400 20091204150200 20091104150200 64775 hud.gov. QO+quzaZXrIBZy0JXhx85/8auhBj8dCqeidaUCs6rzCd/lgUDt7B/mH8IanU33o+PyKsBN+B5r9bavFFCNc4sPDUVwNcnZfKCyFQvvUnI3rztCJb/ESYnJ/xu/5g966cRLOajzAvvLAWZ6vT4p3b9+CpaONOJ19D08RpwsWnTkqiEP/UiXaWBpVwyt4JHN0oiNmMGshk5zjbHir1gUInd7QbJk3SpyiIgHT5Z4nhTUGkd1sIve++aIxjsQ8MVrE+INw4v56dJaoYD6bqQewmg2yAr9nYemYUHYi8+USy7/anEaUsOvk9zZfncevTfY/sOORFWoD15bHF2BWUo2YwaQ== ;{id = 64775}
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+www.content.hud.gov. IN AAAA
+SECTION ANSWER
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+GOV. IN DNSKEY
+SECTION ANSWER
+GOV.    86400   IN      DNSKEY  256 3 7 AwEAAaQ6vDoHd2QDRBLwB+n63RxnmJExvIcOz7uv9gM+l8QSMAJTTCDpqJ8R+8UfYs97cn6LM3cT3kcl9V0GnjljNzNMk39W11Ej7htNcbf4u1n5z2e4WsnpjQJJmKoWv2FORIfJmLKbxzGILSK13mrDUETj9onhdtOsjkhcK/7S+h1d ;{id = 51998 (zsk), size = 1024b}
+GOV.    86400   IN      DNSKEY  257 3 7 AwEAAZ1OCt7zZxeaROvzXNCNlqQWIi++p5ABXSoxqJ65WQko6xrI9RImK7IBT5roFhXjBDGJ8ld9CYIEN94kK83K/QwUGCJ+v3vIQFi09IqsPeRdHTQyghWWbhzAZpnlZ16imXB4yFZjdbV2iM66KcgsESQMPEcIayDQJh6JEi1wmslrYvRRJ6YPOWrlLD0RmdtCaRuzlUE0RiWSem/i8vDFdmsSwChRMcORklKqjqt1+RBIiEFJGKIz7lGc9DXRwkBfb+halii+jrELiZAPzfO7rf08l3QlgHEuxclTTdEaxctPd2O2U/Hl9tRgkxRL/Zv1i0sEx2mOJGcUCeVm4Hf2aM8= ;{id = 26079 (ksk), size = 2048b}
+GOV.    86400   IN      RRSIG   DNSKEY 7 1 86400 20091117211705 20091112211705 26079 gov. OR2ltuGs0IxWqikvqWIoXLy7gPpWafolM+fyQ9uyuzPdxILo8QboVzfRr3Q8X/hOa6MRwR0KHGci2NH/29p9cekafdMbOer0kvh0hndnf+yGLuDcd9HLj5hpoZ5uecZ2r02OWtRHCKetAPF95SYrIQBzoqUNOswdDlSTW1R8v/BQ6UpztuUQcciZJxARbXlovzSkMbnoyjtehgKjXPP/Zy79vSwhjpTJ4XAsc2E3Tw1qAE7ZZUzYpN8uGmAQYVtZraQIjazE/A+xVo+XB0dZdhlM00xUs6GNuZytckUOqecBKZ2IKlxBe+kBEkj2nz1PBRAzmZUoS3ZZPkKaA6ygTA== ;{id = 26079}
+GOV.    86400   IN      RRSIG   DNSKEY 7 1 86400 20091117211705 20091112211705 51998 gov. VDizeuAywZB0tQm4kmbOSGhrK1eJYC9VSSND/wG7oTj/oWDAKMEke1XrQXGEoIFyBKZk5dHpUB6tmEA9RPLMwI51ue66pM9RRT1aNLba08r6TDzr6ZxKjtqBDj4Xy16h6PWZ2jC9JASGeNGINg6zCeVmU75yqXh6+X+KeypO64E= ;{id = 51998}
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+hud.gov. IN DS
+SECTION ANSWER
+hud.gov.        86399   IN      DS      52146 7 2 54af554fc3ffc532bb898b9ab39f1276fd17b59d3e44772c3142ea62680d71c7 ; xihap-zehog-zybyz-zecaf-dyvym-nydun-pusan-zagil-kezyc-lutyn-tazog-gyted-sosig-depyk-dypeb-tasas-lexix
+hud.gov.        86399   IN      RRSIG   DS 7 2 86400 20091117211705 20091112211705 51998 gov. FHDstL7xVBBedCaG83M884pnxCV8PY9GjUulwH7BSTVIaFBJe/kxlKGTsD0j5x4QfezjBWKenjpvw5SiMGeQOnIJeA/z6Ze9QBCGVrbx0ZgoKEoSRyfD0vIjvM7J4T2PLgslI8fsMpWFs4KzmujKJNRVq4aFzFk9k8bFCJnEPJk= ;{id = 51998}
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+hud.gov. IN DNSKEY
+SECTION ANSWER
+hud.gov.        86400   IN      DNSKEY  256 3 7 AwEAAcAOoW+zclZqs8kCGmm290DImA1DDfKqbifB1oGNjOcmz6xz6PigLa8ORaAG0zpabZwLMXyhMaKbseR+beGnOf2wh5N0oxN8grCNTJm+YAMeyvCn2dz3J8YEoclyST4bhU38MGFsEVVZukXsIniFfvnKfpVxArpO7ocbDXI+EN3RA8EHFTIHOCfEbCS7zyO0mtrdM88Y/tIX9fjsYUig6lfVUNISJUL4TyUMpmi8/hu2dLdTuXXIAEMx/vyQHVFq2ZZM0nnDJ9vJCZEgwFAjUE5/BjlrDgofonxdY8SLDbQvn11z/SPugKiA16bdO6i/ND4FjEhG2HUJHeeQCrZ61rE= ;{id = 64775 (zsk), size = 2048b}
+hud.gov.        86400   IN      DNSKEY  256 3 7 AwEAAfFubFVJ6m7jO8HvInmFEXivfnqZZpS7SnsucTlfGg5yhIayzS3tC0UMAt1QU+pEIyVH+qa2fG2+/45gAp+iG3zwyepyZuup8eo/SlXefWXZ9CIjBNaaptd2sSDsuF8mPtdQmtm3AbPqGEe7p7edIHHJBxPy90AzJQeKppyRcRcrGO3QNC9Glso177NbHZVZuY46V63RdaY3Qf5t7/03xy/Z68KWFEJKUCBxkHjAVIH0KaT9M37dPzs9L7F/+NyOLfMUzk87ctv4ivW9dcJRf79aulzoIV4LlGu0ZsrvxRZ5t+ind+GDeTvaKseH0NWF5Am2dG/QrHtewQL9qGztjN8= ;{id = 41402 (zsk), size = 2048b}
+hud.gov.        86400   IN      DNSKEY  257 3 7 AwEAAZ50d20TkOzWzJD+anUMSIMfGaI8m4If6DMax4NQnZ34yta6UOb907SRqBs2vJ+MpcJkyRuLx/Z9vGlfZQ7V9eBgI62EZwmfiitanwSFPZgCzM8nVswpDS+/CmaHhXUoLdgNgUYh4WSl/7fXroluC/18xyMl3ZGQRRjJftpQSMXubP/n9nCHZXE5YiDw1cRklqA4lLyNeXBgadWa8klekr89WNij454KApevbg0GSudEJw7IWzbOb09npvQ1hnLz8pmDsaahfIsGBvcHSUEJrjSkk3J1oHDj0B7Gxm+tZH4Er21RTucEWeroyIJSQmsYN+Cm0FyfgJ75bNEsRe5M4Vc= ;{id = 52146 (ksk), size = 2048b}
+hud.gov.        86400   IN      RRSIG   DNSKEY 7 2 86400 20091204150200 20091104150200 52146 hud.gov. KWIA6wH6BqwuF7d6dyTbfqbcLgbUG2ZKJA4vVfhWqOC76Xnt7gXPLeB2GQwwyhSR0s3IHIzAB0Uj+RAGGcz2NH5JanfxNC9rAvubYESXSlLr/FC33exLeOxGisJZzRnPpk5NynXwyT8TXul1ew48/Mpyi7j6+tlqakqHw2HlId7oblxO2cjN6JV0JLZ44l7tCw6ALYhamA48PQ1WeJbGcfH7buCEG7S1ceZSZlG6kml+u7pb65QL9AZjCnDIecXk7B3HMCdIT8zyrO8QK0GiLMMak9RogF/5gBiH/WDCq7146vcVneW/Hn/+hLnY104iOKuadJcbmStlMF5k0iBzng== ;{id = 52146}
+hud.gov.        86400   IN      RRSIG   DNSKEY 7 2 86400 20091204150200 20091104150200 64775 hud.gov. V0JSAtTmQn76T408nyntg1ydX5sVvq8RSCN/Bf+cqTPXMFlPpmOs4VQv791bY85n28qOehV7Ws2CrhfxbyFbyYRXPBtWkg6jH3JXicYPn7Abm7E5N2Y6Mkm1Z9xt/APCw+aSkt0swMJzYBO5P5aeDesIB+Pz5I+SLuOPin3GFjGYL+YB5j5rTY/Nqnp2eQytF0SoFdqCIPCP7l9ZtYdaxBDQNX3Hklm4dRYP5U9wL8sqaeUwgKjJTGcbXiXdPXF9+3AojshKMpk14lcplHcy+cQ4p5ehSngtDwdWtG8gcWKCg829I/1iOFcnPgJ1YK1DdPVEGTgUFgGGwTx+HYMsPA== ;{id = 64775}
+ENTRY_END
+
+RANGE_END
+
+STEP 1 QUERY
+ENTRY_BEGIN
+REPLY RD DO
+SECTION QUESTION
+www.hud.gov. IN AAAA
+ENTRY_END
+; recursion happens here.
+STEP 10 CHECK_ANSWER
+ENTRY_BEGIN
+MATCH all
+REPLY QR RD RA DO NOERROR
+SECTION QUESTION
+www.hud.gov. IN AAAA
+SECTION ANSWER
+www.hud.gov.    86400   IN      CNAME   www.content.hud.gov.
+www.hud.gov.    86400   IN      RRSIG   CNAME 7 3 86400 20091204150200 20091104150200 64775 hud.gov. taZtumaTp8eSlcj0vEGnY0Up05RtlC2NhHrtHDUdq1TskAPQH8Eu9AoVe6gKrFEyCC1ixprOhT8Ni661d/ZykdzgceZ8KgFIlSQ84Whm59yB2gcbXLen9rApF0+NuyRgdAph6yjMYMtfoRQWAASG7SqS/v52dkHNf/a9PXaDvHBvjoiTK+dXPKFulkmEl0KyhXBdsikl6/Xd68FF41FdDNzWS8ZzYCdd4CWaXXkwTtPSFsKyXGZeXOTxqGQJnD+hNBkn2sAca1oLiAsfaiCHec66I+rHGXT+mPB7HXez32jbbeInkgB7M2TUoRXehifuloR8sur8Xck9FPRv24Si8A== ;{id = 64775}
+SECTION AUTHORITY
+3RUD2HK5O5KA0IC6BF22C1T4R1BJGJ3R.hud.gov.       86400   IN      NSEC3   1 1 5 abcd  42bsks495i3mb2s3f6nhusc6rfm54g4g A NS SOA MX RRSIG DNSKEY NSEC3PARAM  ; flags: optout
+3RUD2HK5O5KA0IC6BF22C1T4R1BJGJ3R.hud.gov.       86400   IN      RRSIG   NSEC3 7 3 86400 20091204150200 20091104150200 64775 hud.gov. APf75Nx4eY9eHov3T9hduDLuG4TJfVfEUEhSgm7HIZRvSPFgajHz2q+Wy6888G3C0T1Zft1qL2PdHMonK6H1OEE+NiOxroDsZaH+aWZjAsbIO86qQ2xcC+/Z9DsddQtONk0zAqpuYxHSn879rAk/BIKeDukNoBChHCSTy8olUFiYt7XEmjz5AOoc8R5VQhMQi/vmbmC0BoFOemDxxowG2MX27Hj2MbVBEJiT8xioFEk41jsdDI0WQtpnory2NT/UM4kWZdmDdxbpwu2F8oixe3oi4AOI9j3EukoOZT9f0Sx+tCg/I9zLNZJi+VuI5oUlpZkSH5EoUyRgK33eO+KJhQ== ;{id = 64775}
+GO8CPDSLPULIOURE31GBK5JJKA0BKIVN.hud.gov.       86400   IN      NSEC3   1 1 5 abcd  gvfjd9enpjtet8a14uhb8hlrfeon2b72 A RRSIG  ; flags: optout
+GO8CPDSLPULIOURE31GBK5JJKA0BKIVN.hud.gov.       86400   IN      RRSIG   NSEC3 7 3 86400 20091204150200 20091104150200 64775 hud.gov. eQFg/RvJ640k+Fa5yIUZwkx8FvsYSivykYFjc6dOiGt7r3VprfxwGWeYpyjYr/+mzu0ugE5ePDjZWtr5naK3dvqmt7qKk4/nEvVDoUmrg7joIUmeTzami9RB9lzCq2O/ddempQ6jpwfjiIDuEKUxHMpBFpw8QQZnZSZHKKQCDB4pOj8U8J/wNJXCS+SP7plU1hEVroC+QXCOYS8NHY2wFyeuW7A+xvg9tyYp9PH6c5MoNMkRQt36Kdvfk1nk3osktwalJNLmMhDr/vtErFieGGD6E9Ud9Pg70bPF2G5nqwwLDRevy7hIFjaMDHfYrcWc4B5hrUSpGtLJkYog9vsd2w== ;{id = 64775}
+ENTRY_END
+
+SCENARIO_END
diff --git a/src/test/resources/unbound/val_cnametopos.rpl b/src/test/resources/unbound/val_cnametopos.rpl
new file mode 100644
index 000000000..2f3c17347
--- /dev/null
+++ b/src/test/resources/unbound/val_cnametopos.rpl
@@ -0,0 +1,234 @@
+; config options
+; The island of trust is at example.com
+server:
+	trust-anchor: "example.com.    3600    IN      DS      2854 3 1 46e4ffc6e9a4793b488954bd3f0cc6af0dfb201b"
+	trust-anchor: "example.net.    3600    IN      DNSKEY  256 3 5 AQPQ41chR9DEHt/aIzIFAqanbDlRflJoRs5yz1jFsoRIT7dWf0r+PeDuewdxkszNH6wnU4QL8pfKFRh5PIYVBLK3 ;{id = 30899 (zsk), size = 512b}"
+	val-override-date: "20070916134226"
+	target-fetch-policy: "0 0 0 0 0"
+	qname-minimisation: "no"
+	fake-sha1: yes
+	val-min-rsa-size: 512
+	trust-anchor-signaling: no
+
+stub-zone:
+	name: "."
+	stub-addr: 193.0.14.129 	# K.ROOT-SERVERS.NET.
+CONFIG_END
+
+SCENARIO_BEGIN Test validator with a cname to positive
+
+; K.ROOT-SERVERS.NET.
+RANGE_BEGIN 0 100
+	ADDRESS 193.0.14.129
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+. IN NS
+SECTION ANSWER
+. IN NS	K.ROOT-SERVERS.NET.
+SECTION ADDITIONAL
+K.ROOT-SERVERS.NET.	IN	A	193.0.14.129
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+www.example.com. IN A
+SECTION AUTHORITY
+com.	IN NS	a.gtld-servers.net.
+SECTION ADDITIONAL
+a.gtld-servers.net.	IN 	A	192.5.6.30
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+www.example.net. IN A
+SECTION AUTHORITY
+net.	IN NS	a.gtld-servers.net.
+SECTION ADDITIONAL
+a.gtld-servers.net.	IN 	A	192.5.6.30
+ENTRY_END
+RANGE_END
+
+; a.gtld-servers.net.
+RANGE_BEGIN 0 100
+	ADDRESS 192.5.6.30
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+com. IN NS
+SECTION ANSWER
+com.    IN NS   a.gtld-servers.net.
+SECTION ADDITIONAL
+a.gtld-servers.net.     IN      A       192.5.6.30
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+net. IN NS
+SECTION ANSWER
+net.    IN NS   a.gtld-servers.net.
+SECTION ADDITIONAL
+a.gtld-servers.net.     IN      A       192.5.6.30
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+www.example.com. IN A
+SECTION AUTHORITY
+example.com.	IN NS	ns.example.com.
+SECTION ADDITIONAL
+ns.example.com.		IN 	A	1.2.3.4
+ENTRY_END
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+www.example.net. IN A
+SECTION AUTHORITY
+example.net.	IN NS	ns.example.net.
+SECTION ADDITIONAL
+ns.example.net.		IN 	A	1.2.3.5
+ENTRY_END
+RANGE_END
+
+; ns.example.com.
+RANGE_BEGIN 0 100
+	ADDRESS 1.2.3.4
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+example.com. IN NS
+SECTION ANSWER
+example.com.    IN NS   ns.example.com.
+example.com.    3600    IN      RRSIG   NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854}
+SECTION ADDITIONAL
+ns.example.com.         IN      A       1.2.3.4
+ns.example.com. 3600    IN      RRSIG   A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854}
+ENTRY_END
+
+; response to DNSKEY priming query
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+example.com. IN DNSKEY
+SECTION ANSWER
+example.com.    3600    IN      DNSKEY  256 3 3 ALXLUsWqUrY3JYER3T4TBJII s70j+sDS/UT2QRp61SE7S3E EXopNXoFE73JLRmvpi/UrOO/Vz4Se 6wXv/CYCKjGw06U4WRgR YXcpEhJROyNapmdIKSx hOzfLVE1gqA0PweZR8d tY3aNQSRn3sPpwJr6Mi /PqQKAMMrZ9ckJpf1+b QMOOvxgzz2U1GS18b3y ZKcgTMEaJzd/GZYzi/B N2DzQ0MsrSwYXfsNLFO Bbs8PJMW4LYIxeeOe6rUgkWOF 7CC9Dh/dduQ1QrsJhmZAEFfd6ByYV+ ;{id = 2854 (zsk), size = 1688b}
+example.com. 3600    IN      RRSIG   DNSKEY DSA 2 3600 20070926134150 20070829134150 2854 example.com. MCwCFBQRtlR4BEv9ohi+PGFjp+AHsJuHAhRCvz0shggvnvI88DFnBDCczHUcVA== ;{id = 2854}
+SECTION AUTHORITY
+example.com.	IN NS	ns.example.com.
+example.com.    3600    IN      RRSIG   NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854}
+SECTION ADDITIONAL
+ns.example.com.		IN 	A	1.2.3.4
+ns.example.com. 3600    IN      RRSIG   A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854}
+ENTRY_END
+
+; response to query of interest
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+www.example.com. IN A
+SECTION ANSWER
+www.example.com. IN	CNAME	www.example.net.
+www.example.com.        3600    IN      RRSIG   CNAME DSA 3 3600 20070926134150 20070829134150 2854 example.com. MC0CFGcJxnNxpWCBzXejiSdl4p1BKRMnAhUApoJrugVBRwFgAoYAhhqlZFac7fE= ;{id = 2854}
+SECTION AUTHORITY
+SECTION ADDITIONAL
+ENTRY_END
+RANGE_END
+
+; ns.example.net.
+RANGE_BEGIN 0 100
+	ADDRESS 1.2.3.5
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+example.net. IN NS
+SECTION ANSWER
+example.net.	IN NS	ns.example.net.
+example.net.    3600    IN      RRSIG   NS RSASHA1 2 3600 20070926134150 20070829134150 30899 example.net. E8JX0l4B+cSR5bkHQwOJy1pBmlLMTYCJ8EwfNMU/eCv0YhKwo26rHhn52FGisgv+Nwp7/NbhHqQ+kJgoZC94XA== ;{id = 30899}
+SECTION ADDITIONAL
+ns.example.net.		IN 	A	1.2.3.5
+ns.example.net. 3600    IN      RRSIG   A RSASHA1 3 3600 20070926134150 20070829134150 30899 example.net. x+tQMC9FhzT7Fcy1pM5NrOC7E8nLd7THPI3C6ie4EwL8PrxllqlR3q/DKB0d/m0qCOPcgN6HFOYURV1s4uAcsw== ;{id = 30899}
+ENTRY_END
+
+; response to DNSKEY priming query
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+example.net. IN DNSKEY
+SECTION ANSWER
+example.net.    3600    IN      DNSKEY  256 3 5 AQPQ41chR9DEHt/aIzIFAqanbDlRflJoRs5yz1jFsoRIT7dWf0r+PeDuewdxkszNH6wnU4QL8pfKFRh5PIYVBLK3 ;{id = 30899 (zsk), size = 512b}
+example.net.    3600    IN      RRSIG   DNSKEY RSASHA1 2 3600 20070926134150 20070829134150 30899 example.net. hiFzlQ8VoYgCuvIsfVuxC3mfJDqsTh0yc6abs5xMx5uEcIjb0dndFQx7INOM+imlzveEN73Hqp4OLFpFhsWLlw== ;{id = 30899}
+SECTION AUTHORITY
+example.net.	IN NS	ns.example.net.
+example.net.    3600    IN      RRSIG   NS RSASHA1 2 3600 20070926134150 20070829134150 30899 example.net. E8JX0l4B+cSR5bkHQwOJy1pBmlLMTYCJ8EwfNMU/eCv0YhKwo26rHhn52FGisgv+Nwp7/NbhHqQ+kJgoZC94XA== ;{id = 30899}
+SECTION ADDITIONAL
+ns.example.net.		IN 	A	1.2.3.5
+ns.example.net. 3600    IN      RRSIG   A RSASHA1 3 3600 20070926134150 20070829134150 30899 example.net. x+tQMC9FhzT7Fcy1pM5NrOC7E8nLd7THPI3C6ie4EwL8PrxllqlR3q/DKB0d/m0qCOPcgN6HFOYURV1s4uAcsw== ;{id = 30899}
+ENTRY_END
+
+; response to query of interest
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+www.example.net. IN A
+SECTION ANSWER
+www.example.net. IN	A	11.12.13.14
+www.example.net.        3600    IN      RRSIG   A 5 3 3600 20070926134150 20070829134150 30899 example.net. CPxF5hK9Kg5eT7W6LgZwr0ePYEm9HMcSY4vvqCS6gDWB4X9jvXLCfBkCLhsNybPBpGWlsLi5wM6MTdJXuPpsRA== ;{id = 30899}
+SECTION AUTHORITY
+SECTION ADDITIONAL
+ENTRY_END
+RANGE_END
+
+STEP 1 QUERY
+ENTRY_BEGIN
+REPLY RD DO
+SECTION QUESTION
+www.example.com. IN A
+ENTRY_END
+
+; recursion happens here.
+STEP 10 CHECK_ANSWER
+ENTRY_BEGIN
+MATCH all
+REPLY QR RD RA AD DO NOERROR
+SECTION QUESTION
+www.example.com. IN A
+SECTION ANSWER
+www.example.com. IN	CNAME	www.example.net.
+www.example.com.        3600    IN      RRSIG   CNAME DSA 3 3600 20070926134150 20070829134150 2854 example.com. MC0CFGcJxnNxpWCBzXejiSdl4p1BKRMnAhUApoJrugVBRwFgAoYAhhqlZFac7fE= ;{id = 2854}
+www.example.net. IN	A	11.12.13.14
+www.example.net.        3600    IN      RRSIG   A 5 3 3600 20070926134150 20070829134150 30899 example.net. CPxF5hK9Kg5eT7W6LgZwr0ePYEm9HMcSY4vvqCS6gDWB4X9jvXLCfBkCLhsNybPBpGWlsLi5wM6MTdJXuPpsRA== ;{id = 30899}
+SECTION AUTHORITY
+SECTION ADDITIONAL
+ENTRY_END
+
+SCENARIO_END
diff --git a/src/test/resources/unbound/val_cnametoposnowc.rpl b/src/test/resources/unbound/val_cnametoposnowc.rpl
new file mode 100644
index 000000000..e036ba079
--- /dev/null
+++ b/src/test/resources/unbound/val_cnametoposnowc.rpl
@@ -0,0 +1,266 @@
+; config options
+; The island of trust is at example.com
+server:
+	trust-anchor: "example.com.    3600    IN      DS      2854 3 1 46e4ffc6e9a4793b488954bd3f0cc6af0dfb201b"
+	trust-anchor: "example.net.    3600    IN      DNSKEY  256 3 5 AQPQ41chR9DEHt/aIzIFAqanbDlRflJoRs5yz1jFsoRIT7dWf0r+PeDuewdxkszNH6wnU4QL8pfKFRh5PIYVBLK3 ;{id = 30899 (zsk), size = 512b}"
+	val-override-date: "20070916134226"
+	target-fetch-policy: "0 0 0 0 0"
+	qname-minimisation: "no"
+	fake-sha1: yes
+	val-min-rsa-size: 512
+	trust-anchor-signaling: no
+
+stub-zone:
+	name: "."
+	stub-addr: 193.0.14.129 	# K.ROOT-SERVERS.NET.
+CONFIG_END
+
+SCENARIO_BEGIN Test validator with a cname to positive wildcard without proof
+
+; K.ROOT-SERVERS.NET.
+RANGE_BEGIN 0 100
+	ADDRESS 193.0.14.129
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+. IN NS
+SECTION ANSWER
+. IN NS	K.ROOT-SERVERS.NET.
+SECTION ADDITIONAL
+K.ROOT-SERVERS.NET.	IN	A	193.0.14.129
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+www.example.com. IN A
+SECTION AUTHORITY
+com.	IN NS	a.gtld-servers.net.
+SECTION ADDITIONAL
+a.gtld-servers.net.	IN 	A	192.5.6.30
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+www.example.net. IN A
+SECTION AUTHORITY
+net.	IN NS	a.gtld-servers.net.
+SECTION ADDITIONAL
+a.gtld-servers.net.	IN 	A	192.5.6.30
+ENTRY_END
+RANGE_END
+
+; a.gtld-servers.net.
+RANGE_BEGIN 0 100
+	ADDRESS 192.5.6.30
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+com. IN NS
+SECTION ANSWER
+com.    IN NS   a.gtld-servers.net.
+SECTION ADDITIONAL
+a.gtld-servers.net.     IN      A       192.5.6.30
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+net. IN NS
+SECTION ANSWER
+net.    IN NS   a.gtld-servers.net.
+SECTION ADDITIONAL
+a.gtld-servers.net.     IN      A       192.5.6.30
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode subdomain
+ADJUST copy_id copy_query
+REPLY QR NOERROR
+SECTION QUESTION
+example.com. IN A
+SECTION AUTHORITY
+example.com.	IN NS	ns.example.com.
+SECTION ADDITIONAL
+ns.example.com.		IN 	A	1.2.3.4
+ENTRY_END
+ENTRY_BEGIN
+MATCH opcode subdomain
+ADJUST copy_id copy_query
+REPLY QR NOERROR
+SECTION QUESTION
+example.net. IN A
+SECTION AUTHORITY
+example.net.	IN NS	ns.example.net.
+SECTION ADDITIONAL
+ns.example.net.		IN 	A	1.2.3.5
+ENTRY_END
+RANGE_END
+
+; ns.example.com.
+RANGE_BEGIN 0 100
+	ADDRESS 1.2.3.4
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+example.com. IN NS
+SECTION ANSWER
+example.com.    IN NS   ns.example.com.
+example.com.    3600    IN      RRSIG   NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854}
+SECTION ADDITIONAL
+ns.example.com.         IN      A       1.2.3.4
+ns.example.com. 3600    IN      RRSIG   A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854}
+ENTRY_END
+
+; response to DNSKEY priming query
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+example.com. IN DNSKEY
+SECTION ANSWER
+example.com.    3600    IN      DNSKEY  256 3 3 ALXLUsWqUrY3JYER3T4TBJII s70j+sDS/UT2QRp61SE7S3E EXopNXoFE73JLRmvpi/UrOO/Vz4Se 6wXv/CYCKjGw06U4WRgR YXcpEhJROyNapmdIKSx hOzfLVE1gqA0PweZR8d tY3aNQSRn3sPpwJr6Mi /PqQKAMMrZ9ckJpf1+b QMOOvxgzz2U1GS18b3y ZKcgTMEaJzd/GZYzi/B N2DzQ0MsrSwYXfsNLFO Bbs8PJMW4LYIxeeOe6rUgkWOF 7CC9Dh/dduQ1QrsJhmZAEFfd6ByYV+ ;{id = 2854 (zsk), size = 1688b}
+example.com. 3600    IN      RRSIG   DNSKEY DSA 2 3600 20070926134150 20070829134150 2854 example.com. MCwCFBQRtlR4BEv9ohi+PGFjp+AHsJuHAhRCvz0shggvnvI88DFnBDCczHUcVA== ;{id = 2854}
+SECTION AUTHORITY
+example.com.	IN NS	ns.example.com.
+example.com.    3600    IN      RRSIG   NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854}
+SECTION ADDITIONAL
+ns.example.com.		IN 	A	1.2.3.4
+ns.example.com. 3600    IN      RRSIG   A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854}
+ENTRY_END
+
+; response to query of interest
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+www.example.com. IN A
+SECTION ANSWER
+www.example.com. IN	CNAME	www.example.net.
+www.example.com.        3600    IN      RRSIG   CNAME DSA 3 3600 20070926134150 20070829134150 2854 example.com. MC0CFGcJxnNxpWCBzXejiSdl4p1BKRMnAhUApoJrugVBRwFgAoYAhhqlZFac7fE= ;{id = 2854}
+SECTION AUTHORITY
+SECTION ADDITIONAL
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode qname qtype
+ADJUST copy_id
+REPLY QR AA REFUSED
+SECTION QUESTION
+ns.example.com. IN AAAA
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode qname qtype
+ADJUST copy_id
+REPLY QR AA REFUSED
+SECTION QUESTION
+ns.example.com. IN A
+ENTRY_END
+RANGE_END
+
+; ns.example.net.
+RANGE_BEGIN 0 100
+	ADDRESS 1.2.3.5
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+example.net. IN NS
+SECTION ANSWER
+example.net.	IN NS	ns.example.net.
+example.net.    3600    IN      RRSIG   NS RSASHA1 2 3600 20070926134150 20070829134150 30899 example.net. E8JX0l4B+cSR5bkHQwOJy1pBmlLMTYCJ8EwfNMU/eCv0YhKwo26rHhn52FGisgv+Nwp7/NbhHqQ+kJgoZC94XA== ;{id = 30899}
+SECTION ADDITIONAL
+ns.example.net.		IN 	A	1.2.3.5
+ns.example.net. 3600    IN      RRSIG   A RSASHA1 3 3600 20070926134150 20070829134150 30899 example.net. x+tQMC9FhzT7Fcy1pM5NrOC7E8nLd7THPI3C6ie4EwL8PrxllqlR3q/DKB0d/m0qCOPcgN6HFOYURV1s4uAcsw== ;{id = 30899}
+ENTRY_END
+
+; response to DNSKEY priming query
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+example.net. IN DNSKEY
+SECTION ANSWER
+example.net.    3600    IN      DNSKEY  256 3 5 AQPQ41chR9DEHt/aIzIFAqanbDlRflJoRs5yz1jFsoRIT7dWf0r+PeDuewdxkszNH6wnU4QL8pfKFRh5PIYVBLK3 ;{id = 30899 (zsk), size = 512b}
+example.net.    3600    IN      RRSIG   DNSKEY RSASHA1 2 3600 20070926134150 20070829134150 30899 example.net. hiFzlQ8VoYgCuvIsfVuxC3mfJDqsTh0yc6abs5xMx5uEcIjb0dndFQx7INOM+imlzveEN73Hqp4OLFpFhsWLlw== ;{id = 30899}
+SECTION AUTHORITY
+example.net.	IN NS	ns.example.net.
+example.net.    3600    IN      RRSIG   NS RSASHA1 2 3600 20070926134150 20070829134150 30899 example.net. E8JX0l4B+cSR5bkHQwOJy1pBmlLMTYCJ8EwfNMU/eCv0YhKwo26rHhn52FGisgv+Nwp7/NbhHqQ+kJgoZC94XA== ;{id = 30899}
+SECTION ADDITIONAL
+ns.example.net.		IN 	A	1.2.3.5
+ns.example.net. 3600    IN      RRSIG   A RSASHA1 3 3600 20070926134150 20070829134150 30899 example.net. x+tQMC9FhzT7Fcy1pM5NrOC7E8nLd7THPI3C6ie4EwL8PrxllqlR3q/DKB0d/m0qCOPcgN6HFOYURV1s4uAcsw== ;{id = 30899}
+ENTRY_END
+
+; response to query of interest
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+www.example.net. IN A
+SECTION ANSWER
+; from *.example.net.
+www.example.net. IN	A	11.12.13.14
+www.example.net.  3600    IN      RRSIG   A 5 2 3600 20070926134150 20070829134150 30899 example.net. quSyDbSeHRvyMmanqq5rW+APC9MKOswbRLB5QP/G+C2iyokQFLuRTlX9Wmo/jo1Oo1MGBefJUmP9NdRd2EqABA== ;{id = 30899}
+SECTION AUTHORITY
+; missing proof
+;wab.example.net	IN	NSEC	wzz.example.net. A NSEC RRSIG
+;wab.example.net.        3600    IN      RRSIG   NSEC 5 3 3600 20070926134150 20070829134150 30899 example.net. gl8vkI3xfSWx4Pyv5OdOthiewE6u/13kclY7UG9ptuFBddamdJO3RQqyxM6Xcmq+ToO4kMCCyaKijp01gTDoGg== ;{id = 30899}
+SECTION ADDITIONAL
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode qname qtype
+ADJUST copy_id
+REPLY QR AA REFUSED
+SECTION QUESTION
+ns.example.net. IN A
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode qname qtype
+ADJUST copy_id
+REPLY QR AA REFUSED
+SECTION QUESTION
+ns.example.net. IN AAAA
+ENTRY_END
+RANGE_END
+
+STEP 1 QUERY
+ENTRY_BEGIN
+REPLY RD DO
+SECTION QUESTION
+www.example.com. IN A
+ENTRY_END
+
+; recursion happens here.
+STEP 10 CHECK_ANSWER
+ENTRY_BEGIN
+MATCH all
+REPLY QR RD RA DO SERVFAIL
+SECTION QUESTION
+www.example.com. IN A
+SECTION ANSWER
+SECTION AUTHORITY
+SECTION ADDITIONAL
+ENTRY_END
+
+SCENARIO_END
diff --git a/src/test/resources/unbound/val_cnametoposwc.rpl b/src/test/resources/unbound/val_cnametoposwc.rpl
new file mode 100644
index 000000000..b781fdcea
--- /dev/null
+++ b/src/test/resources/unbound/val_cnametoposwc.rpl
@@ -0,0 +1,240 @@
+; config options
+; The island of trust is at example.com
+server:
+	trust-anchor: "example.com.    3600    IN      DS      2854 3 1 46e4ffc6e9a4793b488954bd3f0cc6af0dfb201b"
+	trust-anchor: "example.net.    3600    IN      DNSKEY  256 3 5 AQPQ41chR9DEHt/aIzIFAqanbDlRflJoRs5yz1jFsoRIT7dWf0r+PeDuewdxkszNH6wnU4QL8pfKFRh5PIYVBLK3 ;{id = 30899 (zsk), size = 512b}"
+	val-override-date: "20070916134226"
+	target-fetch-policy: "0 0 0 0 0"
+	qname-minimisation: "no"
+	fake-sha1: yes
+	val-min-rsa-size: 512
+	trust-anchor-signaling: no
+
+stub-zone:
+	name: "."
+	stub-addr: 193.0.14.129 	# K.ROOT-SERVERS.NET.
+CONFIG_END
+
+SCENARIO_BEGIN Test validator with a cname to positive wildcard
+
+; K.ROOT-SERVERS.NET.
+RANGE_BEGIN 0 100
+	ADDRESS 193.0.14.129
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+. IN NS
+SECTION ANSWER
+. IN NS	K.ROOT-SERVERS.NET.
+SECTION ADDITIONAL
+K.ROOT-SERVERS.NET.	IN	A	193.0.14.129
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+www.example.com. IN A
+SECTION AUTHORITY
+com.	IN NS	a.gtld-servers.net.
+SECTION ADDITIONAL
+a.gtld-servers.net.	IN 	A	192.5.6.30
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+www.example.net. IN A
+SECTION AUTHORITY
+net.	IN NS	a.gtld-servers.net.
+SECTION ADDITIONAL
+a.gtld-servers.net.	IN 	A	192.5.6.30
+ENTRY_END
+RANGE_END
+
+; a.gtld-servers.net.
+RANGE_BEGIN 0 100
+	ADDRESS 192.5.6.30
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+com. IN NS
+SECTION ANSWER
+com.    IN NS   a.gtld-servers.net.
+SECTION ADDITIONAL
+a.gtld-servers.net.     IN      A       192.5.6.30
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+net. IN NS
+SECTION ANSWER
+net.    IN NS   a.gtld-servers.net.
+SECTION ADDITIONAL
+a.gtld-servers.net.     IN      A       192.5.6.30
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+www.example.com. IN A
+SECTION AUTHORITY
+example.com.	IN NS	ns.example.com.
+SECTION ADDITIONAL
+ns.example.com.		IN 	A	1.2.3.4
+ENTRY_END
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+www.example.net. IN A
+SECTION AUTHORITY
+example.net.	IN NS	ns.example.net.
+SECTION ADDITIONAL
+ns.example.net.		IN 	A	1.2.3.5
+ENTRY_END
+RANGE_END
+
+; ns.example.com.
+RANGE_BEGIN 0 100
+	ADDRESS 1.2.3.4
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+example.com. IN NS
+SECTION ANSWER
+example.com.    IN NS   ns.example.com.
+example.com.    3600    IN      RRSIG   NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854}
+SECTION ADDITIONAL
+ns.example.com.         IN      A       1.2.3.4
+ns.example.com. 3600    IN      RRSIG   A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854}
+ENTRY_END
+
+; response to DNSKEY priming query
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+example.com. IN DNSKEY
+SECTION ANSWER
+example.com.    3600    IN      DNSKEY  256 3 3 ALXLUsWqUrY3JYER3T4TBJII s70j+sDS/UT2QRp61SE7S3E EXopNXoFE73JLRmvpi/UrOO/Vz4Se 6wXv/CYCKjGw06U4WRgR YXcpEhJROyNapmdIKSx hOzfLVE1gqA0PweZR8d tY3aNQSRn3sPpwJr6Mi /PqQKAMMrZ9ckJpf1+b QMOOvxgzz2U1GS18b3y ZKcgTMEaJzd/GZYzi/B N2DzQ0MsrSwYXfsNLFO Bbs8PJMW4LYIxeeOe6rUgkWOF 7CC9Dh/dduQ1QrsJhmZAEFfd6ByYV+ ;{id = 2854 (zsk), size = 1688b}
+example.com. 3600    IN      RRSIG   DNSKEY DSA 2 3600 20070926134150 20070829134150 2854 example.com. MCwCFBQRtlR4BEv9ohi+PGFjp+AHsJuHAhRCvz0shggvnvI88DFnBDCczHUcVA== ;{id = 2854}
+SECTION AUTHORITY
+example.com.	IN NS	ns.example.com.
+example.com.    3600    IN      RRSIG   NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854}
+SECTION ADDITIONAL
+ns.example.com.		IN 	A	1.2.3.4
+ns.example.com. 3600    IN      RRSIG   A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854}
+ENTRY_END
+
+; response to query of interest
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+www.example.com. IN A
+SECTION ANSWER
+www.example.com. IN	CNAME	www.example.net.
+www.example.com.        3600    IN      RRSIG   CNAME DSA 3 3600 20070926134150 20070829134150 2854 example.com. MC0CFGcJxnNxpWCBzXejiSdl4p1BKRMnAhUApoJrugVBRwFgAoYAhhqlZFac7fE= ;{id = 2854}
+SECTION AUTHORITY
+SECTION ADDITIONAL
+ENTRY_END
+RANGE_END
+
+; ns.example.net.
+RANGE_BEGIN 0 100
+	ADDRESS 1.2.3.5
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+example.net. IN NS
+SECTION ANSWER
+example.net.	IN NS	ns.example.net.
+example.net.    3600    IN      RRSIG   NS RSASHA1 2 3600 20070926134150 20070829134150 30899 example.net. E8JX0l4B+cSR5bkHQwOJy1pBmlLMTYCJ8EwfNMU/eCv0YhKwo26rHhn52FGisgv+Nwp7/NbhHqQ+kJgoZC94XA== ;{id = 30899}
+SECTION ADDITIONAL
+ns.example.net.		IN 	A	1.2.3.5
+ns.example.net. 3600    IN      RRSIG   A RSASHA1 3 3600 20070926134150 20070829134150 30899 example.net. x+tQMC9FhzT7Fcy1pM5NrOC7E8nLd7THPI3C6ie4EwL8PrxllqlR3q/DKB0d/m0qCOPcgN6HFOYURV1s4uAcsw== ;{id = 30899}
+ENTRY_END
+
+
+; response to DNSKEY priming query
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+example.net. IN DNSKEY
+SECTION ANSWER
+example.net.    3600    IN      DNSKEY  256 3 5 AQPQ41chR9DEHt/aIzIFAqanbDlRflJoRs5yz1jFsoRIT7dWf0r+PeDuewdxkszNH6wnU4QL8pfKFRh5PIYVBLK3 ;{id = 30899 (zsk), size = 512b}
+example.net.    3600    IN      RRSIG   DNSKEY RSASHA1 2 3600 20070926134150 20070829134150 30899 example.net. hiFzlQ8VoYgCuvIsfVuxC3mfJDqsTh0yc6abs5xMx5uEcIjb0dndFQx7INOM+imlzveEN73Hqp4OLFpFhsWLlw== ;{id = 30899}
+SECTION AUTHORITY
+example.net.	IN NS	ns.example.net.
+example.net.    3600    IN      RRSIG   NS RSASHA1 2 3600 20070926134150 20070829134150 30899 example.net. E8JX0l4B+cSR5bkHQwOJy1pBmlLMTYCJ8EwfNMU/eCv0YhKwo26rHhn52FGisgv+Nwp7/NbhHqQ+kJgoZC94XA== ;{id = 30899}
+SECTION ADDITIONAL
+ns.example.net.		IN 	A	1.2.3.5
+ns.example.net. 3600    IN      RRSIG   A RSASHA1 3 3600 20070926134150 20070829134150 30899 example.net. x+tQMC9FhzT7Fcy1pM5NrOC7E8nLd7THPI3C6ie4EwL8PrxllqlR3q/DKB0d/m0qCOPcgN6HFOYURV1s4uAcsw== ;{id = 30899}
+ENTRY_END
+
+; response to query of interest
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+www.example.net. IN A
+SECTION ANSWER
+; from *.example.net.
+www.example.net. IN	A	11.12.13.14
+www.example.net.  3600    IN      RRSIG   A 5 2 3600 20070926134150 20070829134150 30899 example.net. quSyDbSeHRvyMmanqq5rW+APC9MKOswbRLB5QP/G+C2iyokQFLuRTlX9Wmo/jo1Oo1MGBefJUmP9NdRd2EqABA== ;{id = 30899}
+SECTION AUTHORITY
+wab.example.net	IN	NSEC	wzz.example.net. A NSEC RRSIG
+wab.example.net.        3600    IN      RRSIG   NSEC 5 3 3600 20070926134150 20070829134150 30899 example.net. gl8vkI3xfSWx4Pyv5OdOthiewE6u/13kclY7UG9ptuFBddamdJO3RQqyxM6Xcmq+ToO4kMCCyaKijp01gTDoGg== ;{id = 30899}
+SECTION ADDITIONAL
+ENTRY_END
+RANGE_END
+
+STEP 1 QUERY
+ENTRY_BEGIN
+REPLY RD DO
+SECTION QUESTION
+www.example.com. IN A
+ENTRY_END
+
+; recursion happens here.
+STEP 10 CHECK_ANSWER
+ENTRY_BEGIN
+MATCH all
+REPLY QR RD RA AD DO NOERROR
+SECTION QUESTION
+www.example.com. IN A
+SECTION ANSWER
+www.example.com. IN	CNAME	www.example.net.
+www.example.com.        3600    IN      RRSIG   CNAME DSA 3 3600 20070926134150 20070829134150 2854 example.com. MC0CFGcJxnNxpWCBzXejiSdl4p1BKRMnAhUApoJrugVBRwFgAoYAhhqlZFac7fE= ;{id = 2854}
+www.example.net. IN	A	11.12.13.14
+www.example.net.  3600    IN      RRSIG   A 5 2 3600 20070926134150 20070829134150 30899 example.net. quSyDbSeHRvyMmanqq5rW+APC9MKOswbRLB5QP/G+C2iyokQFLuRTlX9Wmo/jo1Oo1MGBefJUmP9NdRd2EqABA== ;{id = 30899}
+SECTION AUTHORITY
+wab.example.net	IN	NSEC	wzz.example.net. A NSEC RRSIG
+wab.example.net.        3600    IN      RRSIG   NSEC 5 3 3600 20070926134150 20070829134150 30899 example.net. gl8vkI3xfSWx4Pyv5OdOthiewE6u/13kclY7UG9ptuFBddamdJO3RQqyxM6Xcmq+ToO4kMCCyaKijp01gTDoGg== ;{id = 30899}
+SECTION ADDITIONAL
+ENTRY_END
+
+SCENARIO_END
diff --git a/src/test/resources/unbound/val_cnamewctonodata.rpl b/src/test/resources/unbound/val_cnamewctonodata.rpl
new file mode 100644
index 000000000..bd9b74a4b
--- /dev/null
+++ b/src/test/resources/unbound/val_cnamewctonodata.rpl
@@ -0,0 +1,238 @@
+; config options
+; The island of trust is at example.com
+server:
+	trust-anchor: "example.com.    3600    IN      DS      2854 3 1 46e4ffc6e9a4793b488954bd3f0cc6af0dfb201b"
+	trust-anchor: "example.net.    3600    IN      DNSKEY  256 3 5 AQPQ41chR9DEHt/aIzIFAqanbDlRflJoRs5yz1jFsoRIT7dWf0r+PeDuewdxkszNH6wnU4QL8pfKFRh5PIYVBLK3 ;{id = 30899 (zsk), size = 512b}"
+	val-override-date: "20070916134226"
+	target-fetch-policy: "0 0 0 0 0"
+	qname-minimisation: "no"
+	fake-sha1: yes
+	val-min-rsa-size: 512
+	trust-anchor-signaling: no
+
+stub-zone:
+	name: "."
+	stub-addr: 193.0.14.129 	# K.ROOT-SERVERS.NET.
+CONFIG_END
+
+SCENARIO_BEGIN Test validator with wildcard cname to nodata
+
+; K.ROOT-SERVERS.NET.
+RANGE_BEGIN 0 100
+	ADDRESS 193.0.14.129
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+. IN NS
+SECTION ANSWER
+. IN NS	K.ROOT-SERVERS.NET.
+SECTION ADDITIONAL
+K.ROOT-SERVERS.NET.	IN	A	193.0.14.129
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+www.example.com. IN A
+SECTION AUTHORITY
+com.	IN NS	a.gtld-servers.net.
+SECTION ADDITIONAL
+a.gtld-servers.net.	IN 	A	192.5.6.30
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+www.example.net. IN A
+SECTION AUTHORITY
+net.	IN NS	a.gtld-servers.net.
+SECTION ADDITIONAL
+a.gtld-servers.net.	IN 	A	192.5.6.30
+ENTRY_END
+RANGE_END
+
+; a.gtld-servers.net.
+RANGE_BEGIN 0 100
+	ADDRESS 192.5.6.30
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+com. IN NS
+SECTION ANSWER
+com.    IN NS   a.gtld-servers.net.
+SECTION ADDITIONAL
+a.gtld-servers.net.     IN      A       192.5.6.30
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+net. IN NS
+SECTION ANSWER
+net.    IN NS   a.gtld-servers.net.
+SECTION ADDITIONAL
+a.gtld-servers.net.     IN      A       192.5.6.30
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+www.example.com. IN A
+SECTION AUTHORITY
+example.com.	IN NS	ns.example.com.
+SECTION ADDITIONAL
+ns.example.com.		IN 	A	1.2.3.4
+ENTRY_END
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+www.example.net. IN A
+SECTION AUTHORITY
+example.net.	IN NS	ns.example.net.
+SECTION ADDITIONAL
+ns.example.net.		IN 	A	1.2.3.5
+ENTRY_END
+RANGE_END
+
+; ns.example.com.
+RANGE_BEGIN 0 100
+	ADDRESS 1.2.3.4
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+example.com. IN NS
+SECTION ANSWER
+example.com.    IN NS   ns.example.com.
+example.com.    3600    IN      RRSIG   NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854}
+SECTION ADDITIONAL
+ns.example.com.         IN      A       1.2.3.4
+ns.example.com. 3600    IN      RRSIG   A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854}
+ENTRY_END
+
+; response to DNSKEY priming query
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+example.com. IN DNSKEY
+SECTION ANSWER
+example.com.    3600    IN      DNSKEY  256 3 3 ALXLUsWqUrY3JYER3T4TBJII s70j+sDS/UT2QRp61SE7S3E EXopNXoFE73JLRmvpi/UrOO/Vz4Se 6wXv/CYCKjGw06U4WRgR YXcpEhJROyNapmdIKSx hOzfLVE1gqA0PweZR8d tY3aNQSRn3sPpwJr6Mi /PqQKAMMrZ9ckJpf1+b QMOOvxgzz2U1GS18b3y ZKcgTMEaJzd/GZYzi/B N2DzQ0MsrSwYXfsNLFO Bbs8PJMW4LYIxeeOe6rUgkWOF 7CC9Dh/dduQ1QrsJhmZAEFfd6ByYV+ ;{id = 2854 (zsk), size = 1688b}
+example.com. 3600    IN      RRSIG   DNSKEY DSA 2 3600 20070926134150 20070829134150 2854 example.com. MCwCFBQRtlR4BEv9ohi+PGFjp+AHsJuHAhRCvz0shggvnvI88DFnBDCczHUcVA== ;{id = 2854}
+SECTION AUTHORITY
+example.com.	IN NS	ns.example.com.
+example.com.    3600    IN      RRSIG   NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854}
+SECTION ADDITIONAL
+ns.example.com.		IN 	A	1.2.3.4
+ns.example.com. 3600    IN      RRSIG   A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854}
+ENTRY_END
+
+; response to query of interest
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+www.example.com. IN A
+SECTION ANSWER
+www.example.com.  3600    IN      CNAME   www.example.net.
+www.example.com.  3600    IN      RRSIG   CNAME 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFDwBErFx90ixZDOdIsKz1QaXA1WzAhUAprOUlV1d5fmUiOp7DZ0TWWcM81Q= ;{id = 2854}
+SECTION AUTHORITY
+u.example.com. IN NSEC z.example.com. NSEC RRSIG
+u.example.com.  3600    IN      RRSIG   NSEC 3 3 3600 20070926134150 20070829134150 2854 example.com. MCwCFCdc/AWOi3BbYLOClSaw7uVkEf0/AhRJLUUXhuvEsdxEXESjotO3tJZyog== ;{id = 2854}
+SECTION ADDITIONAL
+ENTRY_END
+RANGE_END
+
+; ns.example.net.
+RANGE_BEGIN 0 100
+	ADDRESS 1.2.3.5
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+example.net. IN NS
+SECTION ANSWER
+example.net.	IN NS	ns.example.net.
+example.net.    3600    IN      RRSIG   NS RSASHA1 2 3600 20070926134150 20070829134150 30899 example.net. E8JX0l4B+cSR5bkHQwOJy1pBmlLMTYCJ8EwfNMU/eCv0YhKwo26rHhn52FGisgv+Nwp7/NbhHqQ+kJgoZC94XA== ;{id = 30899}
+SECTION ADDITIONAL
+ns.example.net.		IN 	A	1.2.3.5
+ns.example.net. 3600    IN      RRSIG   A RSASHA1 3 3600 20070926134150 20070829134150 30899 example.net. x+tQMC9FhzT7Fcy1pM5NrOC7E8nLd7THPI3C6ie4EwL8PrxllqlR3q/DKB0d/m0qCOPcgN6HFOYURV1s4uAcsw== ;{id = 30899}
+ENTRY_END
+
+; response to DNSKEY priming query
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+example.net. IN DNSKEY
+SECTION ANSWER
+example.net.    3600    IN      DNSKEY  256 3 5 AQPQ41chR9DEHt/aIzIFAqanbDlRflJoRs5yz1jFsoRIT7dWf0r+PeDuewdxkszNH6wnU4QL8pfKFRh5PIYVBLK3 ;{id = 30899 (zsk), size = 512b}
+example.net.    3600    IN      RRSIG   DNSKEY RSASHA1 2 3600 20070926134150 20070829134150 30899 example.net. hiFzlQ8VoYgCuvIsfVuxC3mfJDqsTh0yc6abs5xMx5uEcIjb0dndFQx7INOM+imlzveEN73Hqp4OLFpFhsWLlw== ;{id = 30899}
+SECTION AUTHORITY
+example.net.	IN NS	ns.example.net.
+example.net.    3600    IN      RRSIG   NS RSASHA1 2 3600 20070926134150 20070829134150 30899 example.net. E8JX0l4B+cSR5bkHQwOJy1pBmlLMTYCJ8EwfNMU/eCv0YhKwo26rHhn52FGisgv+Nwp7/NbhHqQ+kJgoZC94XA== ;{id = 30899}
+SECTION ADDITIONAL
+ns.example.net.		IN 	A	1.2.3.5
+ns.example.net. 3600    IN      RRSIG   A RSASHA1 3 3600 20070926134150 20070829134150 30899 example.net. x+tQMC9FhzT7Fcy1pM5NrOC7E8nLd7THPI3C6ie4EwL8PrxllqlR3q/DKB0d/m0qCOPcgN6HFOYURV1s4uAcsw== ;{id = 30899}
+ENTRY_END
+
+; response to query of interest
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+www.example.net. IN A
+SECTION ANSWER
+SECTION AUTHORITY
+www.example.net. IN NSEC	example.net. MX NSEC RRSIG
+www.example.net.        3600    IN      RRSIG   NSEC 5 3 3600 20070926134150 20070829134150 30899 example.net. Z+3/WKJEqhWoMOQLC7Yb1dTVGaqzmU0bZ2cH9jSfNQZiT0O37yzCNNUmMsW4gsJOh3o61iZ+hxpze3aO3aedqQ== ;{id = 30899}
+SECTION ADDITIONAL
+ENTRY_END
+RANGE_END
+
+STEP 1 QUERY
+ENTRY_BEGIN
+REPLY RD DO
+SECTION QUESTION
+www.example.com. IN A
+ENTRY_END
+
+; recursion happens here.
+STEP 10 CHECK_ANSWER
+ENTRY_BEGIN
+MATCH all
+REPLY QR RD RA AD DO NOERROR
+SECTION QUESTION
+www.example.com. IN A
+SECTION ANSWER
+www.example.com. IN	CNAME	www.example.net.
+www.example.com.  3600    IN      RRSIG   CNAME 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFDwBErFx90ixZDOdIsKz1QaXA1WzAhUAprOUlV1d5fmUiOp7DZ0TWWcM81Q= ;{id = 2854}
+SECTION AUTHORITY
+u.example.com. IN NSEC z.example.com. NSEC RRSIG
+u.example.com.  3600    IN      RRSIG   NSEC 3 3 3600 20070926134150 20070829134150 2854 example.com. MCwCFCdc/AWOi3BbYLOClSaw7uVkEf0/AhRJLUUXhuvEsdxEXESjotO3tJZyog== ;{id = 2854}
+www.example.net. IN NSEC	example.net. MX NSEC RRSIG
+www.example.net.        3600    IN      RRSIG   NSEC 5 3 3600 20070926134150 20070829134150 30899 example.net. Z+3/WKJEqhWoMOQLC7Yb1dTVGaqzmU0bZ2cH9jSfNQZiT0O37yzCNNUmMsW4gsJOh3o61iZ+hxpze3aO3aedqQ== ;{id = 30899}
+SECTION ADDITIONAL
+ENTRY_END
+
+SCENARIO_END
diff --git a/src/test/resources/unbound/val_cnamewctonx.rpl b/src/test/resources/unbound/val_cnamewctonx.rpl
new file mode 100644
index 000000000..33c783d06
--- /dev/null
+++ b/src/test/resources/unbound/val_cnamewctonx.rpl
@@ -0,0 +1,242 @@
+; config options
+; The island of trust is at example.com
+server:
+	trust-anchor: "example.com.    3600    IN      DS      2854 3 1 46e4ffc6e9a4793b488954bd3f0cc6af0dfb201b"
+	trust-anchor: "example.net.    3600    IN      DNSKEY  256 3 5 AQPQ41chR9DEHt/aIzIFAqanbDlRflJoRs5yz1jFsoRIT7dWf0r+PeDuewdxkszNH6wnU4QL8pfKFRh5PIYVBLK3 ;{id = 30899 (zsk), size = 512b}"
+	val-override-date: "20070916134226"
+	target-fetch-policy: "0 0 0 0 0"
+	qname-minimisation: "no"
+	fake-sha1: yes
+	val-min-rsa-size: 512
+	trust-anchor-signaling: no
+
+stub-zone:
+	name: "."
+	stub-addr: 193.0.14.129 	# K.ROOT-SERVERS.NET.
+CONFIG_END
+
+SCENARIO_BEGIN Test validator with wildcard cname to nxdomain
+
+; K.ROOT-SERVERS.NET.
+RANGE_BEGIN 0 100
+	ADDRESS 193.0.14.129
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+. IN NS
+SECTION ANSWER
+. IN NS	K.ROOT-SERVERS.NET.
+SECTION ADDITIONAL
+K.ROOT-SERVERS.NET.	IN	A	193.0.14.129
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+www.example.com. IN A
+SECTION AUTHORITY
+com.	IN NS	a.gtld-servers.net.
+SECTION ADDITIONAL
+a.gtld-servers.net.	IN 	A	192.5.6.30
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+www.example.net. IN A
+SECTION AUTHORITY
+net.	IN NS	a.gtld-servers.net.
+SECTION ADDITIONAL
+a.gtld-servers.net.	IN 	A	192.5.6.30
+ENTRY_END
+RANGE_END
+
+; a.gtld-servers.net.
+RANGE_BEGIN 0 100
+	ADDRESS 192.5.6.30
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+com. IN NS
+SECTION ANSWER
+com.    IN NS   a.gtld-servers.net.
+SECTION ADDITIONAL
+a.gtld-servers.net.     IN      A       192.5.6.30
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+net. IN NS
+SECTION ANSWER
+net.    IN NS   a.gtld-servers.net.
+SECTION ADDITIONAL
+a.gtld-servers.net.     IN      A       192.5.6.30
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+www.example.com. IN A
+SECTION AUTHORITY
+example.com.	IN NS	ns.example.com.
+SECTION ADDITIONAL
+ns.example.com.		IN 	A	1.2.3.4
+ENTRY_END
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+www.example.net. IN A
+SECTION AUTHORITY
+example.net.	IN NS	ns.example.net.
+SECTION ADDITIONAL
+ns.example.net.		IN 	A	1.2.3.5
+ENTRY_END
+RANGE_END
+
+; ns.example.com.
+RANGE_BEGIN 0 100
+	ADDRESS 1.2.3.4
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+example.com. IN NS
+SECTION ANSWER
+example.com.    IN NS   ns.example.com.
+example.com.    3600    IN      RRSIG   NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854}
+SECTION ADDITIONAL
+ns.example.com.         IN      A       1.2.3.4
+ns.example.com. 3600    IN      RRSIG   A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854}
+ENTRY_END
+
+; response to DNSKEY priming query
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+example.com. IN DNSKEY
+SECTION ANSWER
+example.com.    3600    IN      DNSKEY  256 3 3 ALXLUsWqUrY3JYER3T4TBJII s70j+sDS/UT2QRp61SE7S3E EXopNXoFE73JLRmvpi/UrOO/Vz4Se 6wXv/CYCKjGw06U4WRgR YXcpEhJROyNapmdIKSx hOzfLVE1gqA0PweZR8d tY3aNQSRn3sPpwJr6Mi /PqQKAMMrZ9ckJpf1+b QMOOvxgzz2U1GS18b3y ZKcgTMEaJzd/GZYzi/B N2DzQ0MsrSwYXfsNLFO Bbs8PJMW4LYIxeeOe6rUgkWOF 7CC9Dh/dduQ1QrsJhmZAEFfd6ByYV+ ;{id = 2854 (zsk), size = 1688b}
+example.com. 3600    IN      RRSIG   DNSKEY DSA 2 3600 20070926134150 20070829134150 2854 example.com. MCwCFBQRtlR4BEv9ohi+PGFjp+AHsJuHAhRCvz0shggvnvI88DFnBDCczHUcVA== ;{id = 2854}
+SECTION AUTHORITY
+example.com.	IN NS	ns.example.com.
+example.com.    3600    IN      RRSIG   NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854}
+SECTION ADDITIONAL
+ns.example.com.		IN 	A	1.2.3.4
+ns.example.com. 3600    IN      RRSIG   A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854}
+ENTRY_END
+
+; response to query of interest
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+www.example.com. IN A
+SECTION ANSWER
+www.example.com.  3600    IN      CNAME   www.example.net.
+www.example.com.  3600    IN      RRSIG   CNAME 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFDwBErFx90ixZDOdIsKz1QaXA1WzAhUAprOUlV1d5fmUiOp7DZ0TWWcM81Q= ;{id = 2854}
+SECTION AUTHORITY
+u.example.com. IN NSEC z.example.com. NSEC RRSIG
+u.example.com.  3600    IN      RRSIG   NSEC 3 3 3600 20070926134150 20070829134150 2854 example.com. MCwCFCdc/AWOi3BbYLOClSaw7uVkEf0/AhRJLUUXhuvEsdxEXESjotO3tJZyog== ;{id = 2854}
+SECTION ADDITIONAL
+ENTRY_END
+RANGE_END
+
+; ns.example.net.
+RANGE_BEGIN 0 100
+	ADDRESS 1.2.3.5
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+example.net. IN NS
+SECTION ANSWER
+example.net.	IN NS	ns.example.net.
+example.net.    3600    IN      RRSIG   NS RSASHA1 2 3600 20070926134150 20070829134150 30899 example.net. E8JX0l4B+cSR5bkHQwOJy1pBmlLMTYCJ8EwfNMU/eCv0YhKwo26rHhn52FGisgv+Nwp7/NbhHqQ+kJgoZC94XA== ;{id = 30899}
+SECTION ADDITIONAL
+ns.example.net.		IN 	A	1.2.3.5
+ns.example.net. 3600    IN      RRSIG   A RSASHA1 3 3600 20070926134150 20070829134150 30899 example.net. x+tQMC9FhzT7Fcy1pM5NrOC7E8nLd7THPI3C6ie4EwL8PrxllqlR3q/DKB0d/m0qCOPcgN6HFOYURV1s4uAcsw== ;{id = 30899}
+ENTRY_END
+
+; response to DNSKEY priming query
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+example.net. IN DNSKEY
+SECTION ANSWER
+example.net.    3600    IN      DNSKEY  256 3 5 AQPQ41chR9DEHt/aIzIFAqanbDlRflJoRs5yz1jFsoRIT7dWf0r+PeDuewdxkszNH6wnU4QL8pfKFRh5PIYVBLK3 ;{id = 30899 (zsk), size = 512b}
+example.net.    3600    IN      RRSIG   DNSKEY RSASHA1 2 3600 20070926134150 20070829134150 30899 example.net. hiFzlQ8VoYgCuvIsfVuxC3mfJDqsTh0yc6abs5xMx5uEcIjb0dndFQx7INOM+imlzveEN73Hqp4OLFpFhsWLlw== ;{id = 30899}
+SECTION AUTHORITY
+example.net.	IN NS	ns.example.net.
+example.net.    3600    IN      RRSIG   NS RSASHA1 2 3600 20070926134150 20070829134150 30899 example.net. E8JX0l4B+cSR5bkHQwOJy1pBmlLMTYCJ8EwfNMU/eCv0YhKwo26rHhn52FGisgv+Nwp7/NbhHqQ+kJgoZC94XA== ;{id = 30899}
+SECTION ADDITIONAL
+ns.example.net.		IN 	A	1.2.3.5
+ns.example.net. 3600    IN      RRSIG   A RSASHA1 3 3600 20070926134150 20070829134150 30899 example.net. x+tQMC9FhzT7Fcy1pM5NrOC7E8nLd7THPI3C6ie4EwL8PrxllqlR3q/DKB0d/m0qCOPcgN6HFOYURV1s4uAcsw== ;{id = 30899}
+ENTRY_END
+
+; response to query of interest
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NXDOMAIN
+SECTION QUESTION
+www.example.net. IN A
+SECTION ANSWER
+SECTION AUTHORITY
+example.net.	IN	NSEC	abc.example.net. SOA NS DNSKEY NSEC RRSIG
+example.net.    3600    IN      RRSIG   NSEC 5 2 3600 20070926134150 20070829134150 30899 example.net. SEHthmjHyqGlzaOp3Dx6Jn5Fnvvtknw/IF6YSFY8NZLe+YSh1oRJbdEkQ8G92IT08n1jSN6jvKRsFBOUoFOQAw== ;{id = 30899}
+wab.example.net.	IN	NSEC	wzz.example.net. A NSEC RRSIG
+wab.example.net.        3600    IN      RRSIG   NSEC 5 3 3600 20070926134150 20070829134150 30899 example.net. gl8vkI3xfSWx4Pyv5OdOthiewE6u/13kclY7UG9ptuFBddamdJO3RQqyxM6Xcmq+ToO4kMCCyaKijp01gTDoGg== ;{id = 30899}
+SECTION ADDITIONAL
+ENTRY_END
+RANGE_END
+
+STEP 1 QUERY
+ENTRY_BEGIN
+REPLY RD DO
+SECTION QUESTION
+www.example.com. IN A
+ENTRY_END
+
+; recursion happens here.
+STEP 10 CHECK_ANSWER
+ENTRY_BEGIN
+MATCH all
+REPLY QR RD RA AD DO NXDOMAIN
+SECTION QUESTION
+www.example.com. IN A
+SECTION ANSWER
+www.example.com. IN	CNAME	www.example.net.
+www.example.com.  3600    IN      RRSIG   CNAME 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFDwBErFx90ixZDOdIsKz1QaXA1WzAhUAprOUlV1d5fmUiOp7DZ0TWWcM81Q= ;{id = 2854}
+SECTION AUTHORITY
+u.example.com. IN NSEC z.example.com. NSEC RRSIG
+u.example.com.  3600    IN      RRSIG   NSEC 3 3 3600 20070926134150 20070829134150 2854 example.com. MCwCFCdc/AWOi3BbYLOClSaw7uVkEf0/AhRJLUUXhuvEsdxEXESjotO3tJZyog== ;{id = 2854}
+example.net.	IN	NSEC	abc.example.net. SOA NS DNSKEY NSEC RRSIG
+example.net.    3600    IN      RRSIG   NSEC 5 2 3600 20070926134150 20070829134150 30899 example.net. SEHthmjHyqGlzaOp3Dx6Jn5Fnvvtknw/IF6YSFY8NZLe+YSh1oRJbdEkQ8G92IT08n1jSN6jvKRsFBOUoFOQAw== ;{id = 30899}
+wab.example.net.	IN	NSEC	wzz.example.net. A NSEC RRSIG
+wab.example.net.        3600    IN      RRSIG   NSEC 5 3 3600 20070926134150 20070829134150 30899 example.net. gl8vkI3xfSWx4Pyv5OdOthiewE6u/13kclY7UG9ptuFBddamdJO3RQqyxM6Xcmq+ToO4kMCCyaKijp01gTDoGg== ;{id = 30899}
+SECTION ADDITIONAL
+ENTRY_END
+
+SCENARIO_END
diff --git a/src/test/resources/unbound/val_cnamewctoposwc.rpl b/src/test/resources/unbound/val_cnamewctoposwc.rpl
new file mode 100644
index 000000000..d02c77df2
--- /dev/null
+++ b/src/test/resources/unbound/val_cnamewctoposwc.rpl
@@ -0,0 +1,246 @@
+; config options
+; The island of trust is at example.com
+server:
+	trust-anchor: "example.com.    3600    IN      DS      2854 3 1 46e4ffc6e9a4793b488954bd3f0cc6af0dfb201b"
+	trust-anchor: "example.net.    3600    IN      DNSKEY  256 3 5 AQPQ41chR9DEHt/aIzIFAqanbDlRflJoRs5yz1jFsoRIT7dWf0r+PeDuewdxkszNH6wnU4QL8pfKFRh5PIYVBLK3 ;{id = 30899 (zsk), size = 512b}"
+	val-override-date: "20070916134226"
+	target-fetch-policy: "0 0 0 0 0"
+	qname-minimisation: "no"
+	fake-sha1: yes
+	val-min-rsa-size: 512
+	trust-anchor-signaling: no
+
+stub-zone:
+	name: "."
+	stub-addr: 193.0.14.129 	# K.ROOT-SERVERS.NET.
+CONFIG_END
+
+SCENARIO_BEGIN Test validator with wildcard cname to positive wildcard
+
+; K.ROOT-SERVERS.NET.
+RANGE_BEGIN 0 100
+	ADDRESS 193.0.14.129
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+. IN NS
+SECTION ANSWER
+. IN NS	K.ROOT-SERVERS.NET.
+SECTION ADDITIONAL
+K.ROOT-SERVERS.NET.	IN	A	193.0.14.129
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+www.example.com. IN A
+SECTION AUTHORITY
+com.	IN NS	a.gtld-servers.net.
+SECTION ADDITIONAL
+a.gtld-servers.net.	IN 	A	192.5.6.30
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+www.example.net. IN A
+SECTION AUTHORITY
+net.	IN NS	a.gtld-servers.net.
+SECTION ADDITIONAL
+a.gtld-servers.net.	IN 	A	192.5.6.30
+ENTRY_END
+RANGE_END
+
+; a.gtld-servers.net.
+RANGE_BEGIN 0 100
+	ADDRESS 192.5.6.30
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+com. IN NS
+SECTION ANSWER
+com.    IN NS   a.gtld-servers.net.
+SECTION ADDITIONAL
+a.gtld-servers.net.     IN      A       192.5.6.30
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+net. IN NS
+SECTION ANSWER
+net.    IN NS   a.gtld-servers.net.
+SECTION ADDITIONAL
+a.gtld-servers.net.     IN      A       192.5.6.30
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+www.example.com. IN A
+SECTION AUTHORITY
+example.com.	IN NS	ns.example.com.
+SECTION ADDITIONAL
+ns.example.com.		IN 	A	1.2.3.4
+ENTRY_END
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+www.example.net. IN A
+SECTION AUTHORITY
+example.net.	IN NS	ns.example.net.
+SECTION ADDITIONAL
+ns.example.net.		IN 	A	1.2.3.5
+ENTRY_END
+RANGE_END
+
+; ns.example.com.
+RANGE_BEGIN 0 100
+	ADDRESS 1.2.3.4
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+example.com. IN NS
+SECTION ANSWER
+example.com.    IN NS   ns.example.com.
+example.com.    3600    IN      RRSIG   NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854}
+SECTION ADDITIONAL
+ns.example.com.         IN      A       1.2.3.4
+ns.example.com. 3600    IN      RRSIG   A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854}
+ENTRY_END
+
+; response to DNSKEY priming query
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+example.com. IN DNSKEY
+SECTION ANSWER
+example.com.    3600    IN      DNSKEY  256 3 3 ALXLUsWqUrY3JYER3T4TBJII s70j+sDS/UT2QRp61SE7S3E EXopNXoFE73JLRmvpi/UrOO/Vz4Se 6wXv/CYCKjGw06U4WRgR YXcpEhJROyNapmdIKSx hOzfLVE1gqA0PweZR8d tY3aNQSRn3sPpwJr6Mi /PqQKAMMrZ9ckJpf1+b QMOOvxgzz2U1GS18b3y ZKcgTMEaJzd/GZYzi/B N2DzQ0MsrSwYXfsNLFO Bbs8PJMW4LYIxeeOe6rUgkWOF 7CC9Dh/dduQ1QrsJhmZAEFfd6ByYV+ ;{id = 2854 (zsk), size = 1688b}
+example.com. 3600    IN      RRSIG   DNSKEY DSA 2 3600 20070926134150 20070829134150 2854 example.com. MCwCFBQRtlR4BEv9ohi+PGFjp+AHsJuHAhRCvz0shggvnvI88DFnBDCczHUcVA== ;{id = 2854}
+SECTION AUTHORITY
+example.com.	IN NS	ns.example.com.
+example.com.    3600    IN      RRSIG   NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854}
+SECTION ADDITIONAL
+ns.example.com.		IN 	A	1.2.3.4
+ns.example.com. 3600    IN      RRSIG   A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854}
+ENTRY_END
+
+; response to query of interest
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+www.example.com. IN A
+SECTION ANSWER
+; *.example.com. IN	CNAME	www.example.net.
+www.example.com.  3600    IN      CNAME   www.example.net.
+www.example.com.  3600    IN      RRSIG   CNAME 3 2 3600 20070926134150 20070829134150 2854 example.com. MCwCFCA2HhM4cInPoUZ58o6t9CVlqv+kAhRjxWXvnFecgDxnDphpEVEoc0Ps6Q== ;{id = 2854}
+SECTION AUTHORITY
+; weird NSEC that denies everything. But validly signed, so valid.
+; extreme version of 'white lies' :-)
+example.com. 	IN	NSEC	example.com. SOA NS A NSEC RRSIG DNSKEY
+example.com.    3600    IN      RRSIG   NSEC 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCSPaRH721mYjuTGb6fZ+nR3pnVxAIUAxEctE1hzMQSw0CWJSMLHS/A+Xk= ;{id = 2854}
+SECTION ADDITIONAL
+ENTRY_END
+RANGE_END
+
+; ns.example.net.
+RANGE_BEGIN 0 100
+	ADDRESS 1.2.3.5
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+example.net. IN NS
+SECTION ANSWER
+example.net.	IN NS	ns.example.net.
+example.net.    3600    IN      RRSIG   NS RSASHA1 2 3600 20070926134150 20070829134150 30899 example.net. E8JX0l4B+cSR5bkHQwOJy1pBmlLMTYCJ8EwfNMU/eCv0YhKwo26rHhn52FGisgv+Nwp7/NbhHqQ+kJgoZC94XA== ;{id = 30899}
+SECTION ADDITIONAL
+ns.example.net.		IN 	A	1.2.3.5
+ns.example.net. 3600    IN      RRSIG   A RSASHA1 3 3600 20070926134150 20070829134150 30899 example.net. x+tQMC9FhzT7Fcy1pM5NrOC7E8nLd7THPI3C6ie4EwL8PrxllqlR3q/DKB0d/m0qCOPcgN6HFOYURV1s4uAcsw== ;{id = 30899}
+ENTRY_END
+
+; response to DNSKEY priming query
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+example.net. IN DNSKEY
+SECTION ANSWER
+example.net.    3600    IN      DNSKEY  256 3 5 AQPQ41chR9DEHt/aIzIFAqanbDlRflJoRs5yz1jFsoRIT7dWf0r+PeDuewdxkszNH6wnU4QL8pfKFRh5PIYVBLK3 ;{id = 30899 (zsk), size = 512b}
+example.net.    3600    IN      RRSIG   DNSKEY RSASHA1 2 3600 20070926134150 20070829134150 30899 example.net. hiFzlQ8VoYgCuvIsfVuxC3mfJDqsTh0yc6abs5xMx5uEcIjb0dndFQx7INOM+imlzveEN73Hqp4OLFpFhsWLlw== ;{id = 30899}
+SECTION AUTHORITY
+example.net.	IN NS	ns.example.net.
+example.net.    3600    IN      RRSIG   NS RSASHA1 2 3600 20070926134150 20070829134150 30899 example.net. E8JX0l4B+cSR5bkHQwOJy1pBmlLMTYCJ8EwfNMU/eCv0YhKwo26rHhn52FGisgv+Nwp7/NbhHqQ+kJgoZC94XA== ;{id = 30899}
+SECTION ADDITIONAL
+ns.example.net.		IN 	A	1.2.3.5
+ns.example.net. 3600    IN      RRSIG   A RSASHA1 3 3600 20070926134150 20070829134150 30899 example.net. x+tQMC9FhzT7Fcy1pM5NrOC7E8nLd7THPI3C6ie4EwL8PrxllqlR3q/DKB0d/m0qCOPcgN6HFOYURV1s4uAcsw== ;{id = 30899}
+ENTRY_END
+
+; response to query of interest
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+www.example.net. IN A
+SECTION ANSWER
+; from *.example.net.
+www.example.net. IN	A	11.12.13.14
+www.example.net.  3600    IN      RRSIG   A 5 2 3600 20070926134150 20070829134150 30899 example.net. quSyDbSeHRvyMmanqq5rW+APC9MKOswbRLB5QP/G+C2iyokQFLuRTlX9Wmo/jo1Oo1MGBefJUmP9NdRd2EqABA== ;{id = 30899}
+SECTION AUTHORITY
+wab.example.net	IN	NSEC	wzz.example.net. A NSEC RRSIG
+wab.example.net.        3600    IN      RRSIG   NSEC 5 3 3600 20070926134150 20070829134150 30899 example.net. gl8vkI3xfSWx4Pyv5OdOthiewE6u/13kclY7UG9ptuFBddamdJO3RQqyxM6Xcmq+ToO4kMCCyaKijp01gTDoGg== ;{id = 30899}
+SECTION ADDITIONAL
+ENTRY_END
+RANGE_END
+
+STEP 1 QUERY
+ENTRY_BEGIN
+REPLY RD DO
+SECTION QUESTION
+www.example.com. IN A
+ENTRY_END
+
+; recursion happens here.
+STEP 10 CHECK_ANSWER
+ENTRY_BEGIN
+MATCH all
+REPLY QR RD RA AD DO NOERROR
+SECTION QUESTION
+www.example.com. IN A
+SECTION ANSWER
+www.example.com. IN	CNAME	www.example.net.
+www.example.com.  3600    IN      RRSIG   CNAME 3 2 3600 20070926134150 20070829134150 2854 example.com. MCwCFCA2HhM4cInPoUZ58o6t9CVlqv+kAhRjxWXvnFecgDxnDphpEVEoc0Ps6Q== ;{id = 2854}
+www.example.net. IN	A	11.12.13.14
+www.example.net.  3600    IN      RRSIG   A 5 2 3600 20070926134150 20070829134150 30899 example.net. quSyDbSeHRvyMmanqq5rW+APC9MKOswbRLB5QP/G+C2iyokQFLuRTlX9Wmo/jo1Oo1MGBefJUmP9NdRd2EqABA== ;{id = 30899}
+SECTION AUTHORITY
+example.com. 	IN	NSEC	example.com. SOA NS A NSEC RRSIG DNSKEY
+example.com.    3600    IN      RRSIG   NSEC 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCSPaRH721mYjuTGb6fZ+nR3pnVxAIUAxEctE1hzMQSw0CWJSMLHS/A+Xk= ;{id = 2854}
+wab.example.net	IN	NSEC	wzz.example.net. A NSEC RRSIG
+wab.example.net.        3600    IN      RRSIG   NSEC 5 3 3600 20070926134150 20070829134150 30899 example.net. gl8vkI3xfSWx4Pyv5OdOthiewE6u/13kclY7UG9ptuFBddamdJO3RQqyxM6Xcmq+ToO4kMCCyaKijp01gTDoGg== ;{id = 30899}
+SECTION ADDITIONAL
+ENTRY_END
+
+SCENARIO_END
diff --git a/src/test/resources/unbound/val_deleg_nons.rpl b/src/test/resources/unbound/val_deleg_nons.rpl
new file mode 100644
index 000000000..6e8f1bd83
--- /dev/null
+++ b/src/test/resources/unbound/val_deleg_nons.rpl
@@ -0,0 +1,271 @@
+; config options
+; The island of trust is at example.com
+server:
+	trust-anchor: "example.com.    3600    IN      DS      2854 3 1 46e4ffc6e9a4793b488954bd3f0cc6af0dfb201b"
+	val-override-date: "20070916134226"
+	target-fetch-policy: "0 0 0 0 0"
+	qname-minimisation: "no"
+	fake-sha1: yes
+	trust-anchor-signaling: no
+
+stub-zone:
+	name: "."
+	stub-addr: 193.0.14.129 	# K.ROOT-SERVERS.NET.
+CONFIG_END
+
+SCENARIO_BEGIN Test validator with unsigned delegation with no NS bit in NSEC
+
+; K.ROOT-SERVERS.NET.
+RANGE_BEGIN 0 100
+	ADDRESS 193.0.14.129 
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+. IN NS
+SECTION ANSWER
+. IN NS	K.ROOT-SERVERS.NET.
+SECTION ADDITIONAL
+K.ROOT-SERVERS.NET.	IN	A	193.0.14.129
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode subdomain
+ADJUST copy_id copy_query
+REPLY QR NOERROR
+SECTION QUESTION
+com. IN A
+SECTION AUTHORITY
+com.	IN NS	a.gtld-servers.net.
+SECTION ADDITIONAL
+a.gtld-servers.net.	IN 	A	192.5.6.30
+ENTRY_END
+RANGE_END
+
+; a.gtld-servers.net.
+RANGE_BEGIN 0 100
+	ADDRESS 192.5.6.30
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+com. IN NS
+SECTION ANSWER
+com.    IN NS   a.gtld-servers.net.
+SECTION ADDITIONAL
+a.gtld-servers.net.     IN      A       192.5.6.30
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode subdomain
+ADJUST copy_id copy_query
+REPLY QR NOERROR
+SECTION QUESTION
+example.com. IN A
+SECTION AUTHORITY
+example.com.	IN NS	ns.example.com.
+SECTION ADDITIONAL
+ns.example.com.		IN 	A	1.2.3.4
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR AA NOERROR
+SECTION QUESTION
+ns.example.com. IN AAAA
+SECTION ANSWER
+ENTRY_END
+RANGE_END
+
+; ns.example.com.
+RANGE_BEGIN 0 100
+	ADDRESS 1.2.3.4
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+ns.example.com. IN AAAA
+SECTION ANSWER
+SECTION AUTHORITY
+example.com. IN SOA alfa.ns.example.com.cz. hostmaster.example.com. 2010030800 10800 86400 604800 86400
+example.com.	3600	IN	RRSIG	SOA 3 2 3600 20070926134150 20070829134150 2854 example.com. ADsxLOHjxFzwFmwIiGOubqD9nKWAp4RccRIXQ0+EAUGfSDZMCB0ZiFA= ;{id = 2854}
+SECTION ADDITIONAL
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+ns3.example.com. IN AAAA
+SECTION ANSWER
+SECTION AUTHORITY
+example.com. IN SOA alfa.ns.example.com.cz. hostmaster.example.com. 2010030800 10800 86400 604800 86400
+example.com.	3600	IN	RRSIG	SOA 3 2 3600 20070926134150 20070829134150 2854 example.com. ADsxLOHjxFzwFmwIiGOubqD9nKWAp4RccRIXQ0+EAUGfSDZMCB0ZiFA= ;{id = 2854}
+SECTION ADDITIONAL
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+ns.example.com. IN A
+SECTION ANSWER
+ns.example.com.         IN      A       1.2.3.4
+ns.example.com. 3600    IN      RRSIG   A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854}
+SECTION AUTHORITY
+example.com.    IN NS   ns.example.com.
+example.com.    3600    IN      RRSIG   NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854}
+SECTION ADDITIONAL
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+example.com. IN NS
+SECTION ANSWER
+example.com.    IN NS   ns.example.com.
+example.com.    3600    IN      RRSIG   NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854}
+SECTION ADDITIONAL
+ns.example.com.         IN      A       1.2.3.4
+ns.example.com. 3600    IN      RRSIG   A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854}
+ENTRY_END
+
+; response to DNSKEY priming query
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+example.com. IN DNSKEY
+SECTION ANSWER
+example.com.    3600    IN      DNSKEY  256 3 3 ALXLUsWqUrY3JYER3T4TBJII s70j+sDS/UT2QRp61SE7S3E EXopNXoFE73JLRmvpi/UrOO/Vz4Se 6wXv/CYCKjGw06U4WRgR YXcpEhJROyNapmdIKSx hOzfLVE1gqA0PweZR8d tY3aNQSRn3sPpwJr6Mi /PqQKAMMrZ9ckJpf1+b QMOOvxgzz2U1GS18b3y ZKcgTMEaJzd/GZYzi/B N2DzQ0MsrSwYXfsNLFO Bbs8PJMW4LYIxeeOe6rUgkWOF 7CC9Dh/dduQ1QrsJhmZAEFfd6ByYV+ ;{id = 2854 (zsk), size = 1688b}
+example.com.    3600    IN      RRSIG   DNSKEY 3 2 3600 20070926134802 20070829134802 2854 example.com. MCwCFG1yhRNtTEa3Eno2zhVVuy2EJX3wAhQeLyUp6+UXcpC5qGNu9tkrTEgPUg== ;{id = 2854}
+SECTION AUTHORITY
+example.com.	IN NS	ns.example.com.
+example.com.    3600    IN      RRSIG   NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854}
+SECTION ADDITIONAL
+ns.example.com.		IN 	A	1.2.3.4
+ns.example.com. 3600    IN      RRSIG   A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854}
+ENTRY_END
+
+; response to query of interest
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR AA NOERROR
+SECTION QUESTION
+foo.www.example.com. IN A
+SECTION ANSWER
+foo.www.example.com. IN A 1.2.3.4
+; unsigned, no delegation.
+ENTRY_END
+
+; DS query
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR AA NOERROR
+SECTION QUESTION
+www.example.com. IN DS
+SECTION ANSWER
+SECTION AUTHORITY
+; NSEC3 here: 1 0 1 1234
+; www.example.com. -> h8c0nvkuibedn7ia997iegdl7h0i6h8b.
+h8c0nvkuibedn7ia997iegdl7h0i6h8b.example.com. IN NSEC3 1 0 1 1234 h8c0nvkuibedn7ia997iegdl7h0i6h8c TXT
+h8c0nvkuibedn7ia997iegdl7h0i6h8b.example.com.	3600	IN	RRSIG	NSEC3 3 3 3600 20070926134150 20070829134150 2854 example.com. AH+bPQZST3COwJ1vSe05N7E5BM2GmXzJUKsiWwXKrmm/XjYKSxSuNPE=
+
+;www.example.com. IN NSEC zzz.example.com. RRSIG NSEC
+;www.example.com.	3600	IN	RRSIG	NSEC 3 3 3600 20070926134150 20070829134150 2854 example.com. AA9Dm626WvHXHPQXJkVyjyTqJ/dCHfZgt6PWCn9gd8ZmPxyl3STW3iI=
+example.com. IN SOA alfa.ns.example.com.cz. hostmaster.example.com. 2010030800 10800 86400 604800 86400
+example.com.	3600	IN	RRSIG	SOA 3 2 3600 20070926134150 20070829134150 2854 example.com. ADsxLOHjxFzwFmwIiGOubqD9nKWAp4RccRIXQ0+EAUGfSDZMCB0ZiFA= ;{id = 2854}
+SECTION ADDITIONAL
+ENTRY_END
+
+; DS query for foo.www.example.com returns the referral without record.
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR AA NOERROR
+SECTION QUESTION
+foo.www.example.com. IN DS
+SECTION ANSWER
+SECTION AUTHORITY
+mipf0g23547qunto04vboegh9vadsrpo.example.com. IN NSEC3 1 0 1 1234  mipf0g23547qunto04vboegh9vadsrpq TXT
+mipf0g23547qunto04vboegh9vadsrpo.example.com.	3600	IN	RRSIG	NSEC3 3 3 3600 20070926134150 20070829134150 2854 example.com. ADc6JrdKuTmIJe4sAjpKZSUZKdHdfhmREk2F5A5cftU9053b0/3ILQM=
+
+example.com. IN SOA alfa.ns.example.com.cz. hostmaster.example.com. 2010030800 10800 86400 604800 86400
+example.com.	3600	IN	RRSIG	SOA 3 2 3600 20070926134150 20070829134150 2854 example.com. ADsxLOHjxFzwFmwIiGOubqD9nKWAp4RccRIXQ0+EAUGfSDZMCB0ZiFA= ;{id = 2854}
+
+
+;www.example.com. IN NS ns3.example.com.
+;h8c0nvkuibedn7ia997iegdl7h0i6h8b.example.com. IN NSEC3 1 0 1 1234 h8c0nvkuibedn7ia997iegdl7h0i6h8c TXT
+;h8c0nvkuibedn7ia997iegdl7h0i6h8b.example.com.	3600	IN	RRSIG	NSEC3 3 3 3600 20070926134150 20070829134150 2854 example.com. AH+bPQZST3COwJ1vSe05N7E5BM2GmXzJUKsiWwXKrmm/XjYKSxSuNPE=
+;SECTION ADDITIONAL
+;ns3.example.com. IN A 1.2.3.5
+
+
+; NSEC3 here: 1 0 1 1234
+; www.example.com. -> h8c0nvkuibedn7ia997iegdl7h0i6h8b.
+; *.www.example.com. -> cg2lpgpr8k7ck69h7bqu3od9pkht2o79.
+; foo.www.example.com. -> mipf0g23547qunto04vboegh9vadsrpo.
+
+;h8c0nvkuibedn7ia997iegdl7h0i6h8b.example.com. IN NSEC3 1 0 1 1234 h8c0nvkuibedn7ia997iegdl7h0i6h8c TXT
+;h8c0nvkuibedn7ia997iegdl7h0i6h8b.example.com.	3600	IN	RRSIG	NSEC3 3 3 3600 20070926134150 20070829134150 2854 example.com. AH+bPQZST3COwJ1vSe05N7E5BM2GmXzJUKsiWwXKrmm/XjYKSxSuNPE=
+;cg2lpgpr8k7ck69h7bqu3od9pkht2o78.example.com. IN NSEC3 1 0 1 1234 cg2lpgpr8k7ck69h7bqu3od9pkht2o89 TXT
+;cg2lpgpr8k7ck69h7bqu3od9pkht2o78.example.com.	3600	IN	RRSIG	NSEC3 3 3 3600 20070926134150 20070829134150 2854 example.com. ACzxBHMyDB5tTrXijboPSsB0ws1lJe3/B62QNAMcZv7l9DYNDEDKsXY=
+;mipf0g23547qunto04vboegh9vadsrph.example.com. IN NSEC3 1 0 1 1234 mipf0g23547qunto04vboegh9vadsrpp TXT
+;mipf0g23547qunto04vboegh9vadsrph.example.com.	3600	IN	RRSIG	NSEC3 3 3 3600 20070926134150 20070829134150 2854 example.com. AG2B7lrIVtBgg+WIt0yNYekGDBKkY7xkKfI0GLQ8q3brGy/+jubxba0=
+
+;www.example.com. IN NSEC zzz.example.com. RRSIG NSEC
+;www.example.com.	3600	IN	RRSIG	NSEC 3 3 3600 20070926134150 20070829134150 2854 example.com. AA9Dm626WvHXHPQXJkVyjyTqJ/dCHfZgt6PWCn9gd8ZmPxyl3STW3iI=
+
+;example.com. IN SOA alfa.ns.example.com.cz. hostmaster.example.com. 2010030800 10800 86400 604800 86400
+;example.com.	3600	IN	RRSIG	SOA 3 2 3600 20070926134150 20070829134150 2854 example.com. ADsxLOHjxFzwFmwIiGOubqD9nKWAp4RccRIXQ0+EAUGfSDZMCB0ZiFA= ;{id = 2854}
+SECTION ADDITIONAL
+ENTRY_END
+
+RANGE_END
+
+; ns3.example.com.
+RANGE_BEGIN 0 100
+	ADDRESS 1.2.3.5
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+foo.www.example.com. IN DS
+SECTION ANSWER
+SECTION AUTHORITY
+foo.www.example.com. IN SOA alfa.ns.example.com.cz. hostmaster.example.com. 2010030800 10800 86400 604800 86400
+SECTION ADDITIONAL
+ENTRY_END
+RANGE_END
+
+
+STEP 1 QUERY
+ENTRY_BEGIN
+REPLY RD DO
+SECTION QUESTION
+foo.www.example.com. IN A
+ENTRY_END
+
+; recursion happens here.
+STEP 10 CHECK_ANSWER
+ENTRY_BEGIN
+MATCH all
+REPLY QR RD RA DO SERVFAIL
+SECTION QUESTION
+foo.www.example.com. IN A
+SECTION ANSWER
+ENTRY_END
+
+SCENARIO_END
diff --git a/src/test/resources/unbound/val_dnametoolong.rpl b/src/test/resources/unbound/val_dnametoolong.rpl
new file mode 100644
index 000000000..6cd202ebb
--- /dev/null
+++ b/src/test/resources/unbound/val_dnametoolong.rpl
@@ -0,0 +1,258 @@
+; config options
+; The island of trust is at example.com
+server:
+	trust-anchor: "example.com.    3600    IN      DS      2854 3 1 46e4ffc6e9a4793b488954bd3f0cc6af0dfb201b"
+	trust-anchor: "example.net.    3600    IN      DNSKEY  256 3 5 AQPQ41chR9DEHt/aIzIFAqanbDlRflJoRs5yz1jFsoRIT7dWf0r+PeDuewdxkszNH6wnU4QL8pfKFRh5PIYVBLK3 ;{id = 30899 (zsk), size = 512b}"
+	val-override-date: "20070916134226"
+	target-fetch-policy: "0 0 0 0 0"
+	fake-sha1: yes
+
+stub-zone:
+	name: "."
+	stub-addr: 193.0.14.129 	# K.ROOT-SERVERS.NET.
+CONFIG_END
+
+SCENARIO_BEGIN Test validator with a dname too long response
+
+; K.ROOT-SERVERS.NET.
+RANGE_BEGIN 0 100
+	ADDRESS 193.0.14.129 
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+. IN NS
+SECTION ANSWER
+. IN NS	K.ROOT-SERVERS.NET.
+SECTION ADDITIONAL
+K.ROOT-SERVERS.NET.	IN	A	193.0.14.129
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode subdomain
+ADJUST copy_id copy_query
+REPLY QR NOERROR
+SECTION QUESTION
+com. IN A
+SECTION AUTHORITY
+com.	IN NS	a.gtld-servers.net.
+SECTION ADDITIONAL
+a.gtld-servers.net.	IN 	A	192.5.6.30
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode subdomain
+ADJUST copy_id copy_query
+REPLY QR NOERROR
+SECTION QUESTION
+net. IN A
+SECTION AUTHORITY
+net.	IN NS	a.gtld-servers.net.
+SECTION ADDITIONAL
+a.gtld-servers.net.	IN 	A	192.5.6.30
+ENTRY_END
+RANGE_END
+
+; a.gtld-servers.net.
+RANGE_BEGIN 0 100
+	ADDRESS 192.5.6.30
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+com. IN NS
+SECTION ANSWER
+com.    IN NS   a.gtld-servers.net.
+SECTION ADDITIONAL
+a.gtld-servers.net.     IN      A       192.5.6.30
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+net. IN NS
+SECTION ANSWER
+net.    IN NS   a.gtld-servers.net.
+SECTION ADDITIONAL
+a.gtld-servers.net.     IN      A       192.5.6.30
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode subdomain
+ADJUST copy_id copy_query
+REPLY QR NOERROR
+SECTION QUESTION
+example.com. IN A
+SECTION AUTHORITY
+example.com.	IN NS	ns.example.com.
+SECTION ADDITIONAL
+ns.example.com.		IN 	A	1.2.3.4
+ENTRY_END
+ENTRY_BEGIN
+MATCH opcode subdomain
+ADJUST copy_id copy_query
+REPLY QR NOERROR
+SECTION QUESTION
+example.net. IN A
+SECTION AUTHORITY
+example.net.	IN NS	ns.example.net.
+SECTION ADDITIONAL
+ns.example.net.		IN 	A	1.2.3.5
+ENTRY_END
+RANGE_END
+
+; ns.example.com.
+RANGE_BEGIN 0 100
+	ADDRESS 1.2.3.4
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+example.com. IN NS
+SECTION ANSWER
+example.com.    IN NS   ns.example.com.
+example.com.    3600    IN      RRSIG   NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854}
+SECTION ADDITIONAL
+ns.example.com.         IN      A       1.2.3.4
+ns.example.com. 3600    IN      RRSIG   A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854}
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+ns.example.com. IN A
+SECTION ANSWER
+ns.example.com.         IN      A       1.2.3.4
+ns.example.com. 3600    IN      RRSIG   A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854}
+SECTION AUTHORITY
+example.com.    IN NS   ns.example.com.
+example.com.    3600    IN      RRSIG   NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854}
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+ns.example.com. IN AAAA
+SECTION ANSWER
+ENTRY_END
+
+; response to DNSKEY priming query
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+example.com. IN DNSKEY
+SECTION ANSWER
+example.com.    3600    IN      DNSKEY  256 3 3 ALXLUsWqUrY3JYER3T4TBJII s70j+sDS/UT2QRp61SE7S3E EXopNXoFE73JLRmvpi/UrOO/Vz4Se 6wXv/CYCKjGw06U4WRgR YXcpEhJROyNapmdIKSx hOzfLVE1gqA0PweZR8d tY3aNQSRn3sPpwJr6Mi /PqQKAMMrZ9ckJpf1+b QMOOvxgzz2U1GS18b3y ZKcgTMEaJzd/GZYzi/B N2DzQ0MsrSwYXfsNLFO Bbs8PJMW4LYIxeeOe6rUgkWOF 7CC9Dh/dduQ1QrsJhmZAEFfd6ByYV+ ;{id = 2854 (zsk), size = 1688b}
+example.com. 3600    IN      RRSIG   DNSKEY DSA 2 3600 20070926134150 20070829134150 2854 example.com. MCwCFBQRtlR4BEv9ohi+PGFjp+AHsJuHAhRCvz0shggvnvI88DFnBDCczHUcVA== ;{id = 2854}
+SECTION AUTHORITY
+example.com.	IN NS	ns.example.com.
+example.com.    3600    IN      RRSIG   NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854}
+SECTION ADDITIONAL
+ns.example.com.		IN 	A	1.2.3.4
+ns.example.com. 3600    IN      RRSIG   A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854}
+ENTRY_END
+
+; response to query of interest
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR YXDOMAIN
+SECTION QUESTION
+www.example.com. IN A
+SECTION ANSWER
+; length
+; www. = 4
+; long1234567890abcdef. = 21
+; long1234567890abcdef.long1234567890abcdef.long1234567890abcdef.long1234567890abcdef.long1234567890abcdef.long1234567890abcdef.long1234567890abcdef.long1234567890abcdef.long1234567890abcdef.long1234567890abcdef.long1234567890abcdef.long1234567890abcdef.  = 12 * 21 = 252
+example.com. IN	DNAME	long1234567890abcdef.long1234567890abcdef.long1234567890abcdef.long1234567890abcdef.long1234567890abcdef.long1234567890abcdef.long1234567890abcdef.long1234567890abcdef.long1234567890abcdef.long1234567890abcdef.long1234567890abcdef.long1234567890abcdef.
+example.com.    3600    IN      RRSIG   DNAME 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFBdWQE6lzktCN4vdAx9HY1zZe6dYAhUAghsHM4lSJAykdvp5p0wppml03K0= ;{id = 2854}
+; unsigned CNAME synthesis is too long
+SECTION AUTHORITY
+SECTION ADDITIONAL
+ENTRY_END
+RANGE_END
+
+; ns.example.net.
+RANGE_BEGIN 0 100
+	ADDRESS 1.2.3.5
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+example.net. IN NS
+SECTION ANSWER
+example.net.	IN NS	ns.example.net.
+example.net.    3600    IN      RRSIG   NS RSASHA1 2 3600 20070926134150 20070829134150 30899 example.net. E8JX0l4B+cSR5bkHQwOJy1pBmlLMTYCJ8EwfNMU/eCv0YhKwo26rHhn52FGisgv+Nwp7/NbhHqQ+kJgoZC94XA== ;{id = 30899}
+SECTION ADDITIONAL
+ns.example.net.		IN 	A	1.2.3.5
+ns.example.net. 3600    IN      RRSIG   A RSASHA1 3 3600 20070926134150 20070829134150 30899 example.net. x+tQMC9FhzT7Fcy1pM5NrOC7E8nLd7THPI3C6ie4EwL8PrxllqlR3q/DKB0d/m0qCOPcgN6HFOYURV1s4uAcsw== ;{id = 30899}
+ENTRY_END
+
+; response to DNSKEY priming query
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+example.net. IN DNSKEY
+SECTION ANSWER
+example.net.    3600    IN      DNSKEY  256 3 5 AQPQ41chR9DEHt/aIzIFAqanbDlRflJoRs5yz1jFsoRIT7dWf0r+PeDuewdxkszNH6wnU4QL8pfKFRh5PIYVBLK3 ;{id = 30899 (zsk), size = 512b}
+example.net.    3600    IN      RRSIG   DNSKEY RSASHA1 2 3600 20070926134150 20070829134150 30899 example.net. hiFzlQ8VoYgCuvIsfVuxC3mfJDqsTh0yc6abs5xMx5uEcIjb0dndFQx7INOM+imlzveEN73Hqp4OLFpFhsWLlw== ;{id = 30899}
+SECTION AUTHORITY
+example.net.	IN NS	ns.example.net.
+example.net.    3600    IN      RRSIG   NS RSASHA1 2 3600 20070926134150 20070829134150 30899 example.net. E8JX0l4B+cSR5bkHQwOJy1pBmlLMTYCJ8EwfNMU/eCv0YhKwo26rHhn52FGisgv+Nwp7/NbhHqQ+kJgoZC94XA== ;{id = 30899}
+SECTION ADDITIONAL
+ns.example.net.		IN 	A	1.2.3.5
+ns.example.net. 3600    IN      RRSIG   A RSASHA1 3 3600 20070926134150 20070829134150 30899 example.net. x+tQMC9FhzT7Fcy1pM5NrOC7E8nLd7THPI3C6ie4EwL8PrxllqlR3q/DKB0d/m0qCOPcgN6HFOYURV1s4uAcsw== ;{id = 30899}
+ENTRY_END
+
+; response to query of interest
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+www.example.net. IN A
+SECTION ANSWER
+; from *.example.net.
+www.example.net. IN	A	11.12.13.14
+www.example.net.        3600    IN      RRSIG   A 5 3 3600 20070926134150 20070829134150 30899 example.net. CPxF5hK9Kg5eT7W6LgZwr0ePYEm9HMcSY4vvqCS6gDWB4X9jvXLCfBkCLhsNybPBpGWlsLi5wM6MTdJXuPpsRA== ;{id = 30899}
+SECTION AUTHORITY
+SECTION ADDITIONAL
+ENTRY_END
+RANGE_END
+
+STEP 1 QUERY
+ENTRY_BEGIN
+REPLY RD DO
+SECTION QUESTION
+www.example.com. IN A
+ENTRY_END
+
+; recursion happens here.
+STEP 10 CHECK_ANSWER
+ENTRY_BEGIN
+MATCH all
+REPLY QR RD RA DO YXDOMAIN
+SECTION QUESTION
+www.example.com. IN A
+SECTION ANSWER
+example.com. IN	DNAME	long1234567890abcdef.long1234567890abcdef.long1234567890abcdef.long1234567890abcdef.long1234567890abcdef.long1234567890abcdef.long1234567890abcdef.long1234567890abcdef.long1234567890abcdef.long1234567890abcdef.long1234567890abcdef.long1234567890abcdef.
+example.com.    3600    IN      RRSIG   DNAME 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFBdWQE6lzktCN4vdAx9HY1zZe6dYAhUAghsHM4lSJAykdvp5p0wppml03K0= ;{id = 2854}
+SECTION AUTHORITY
+SECTION ADDITIONAL
+ENTRY_END
+
+SCENARIO_END
diff --git a/src/test/resources/unbound/val_dnametopos.rpl b/src/test/resources/unbound/val_dnametopos.rpl
new file mode 100644
index 000000000..6142c7728
--- /dev/null
+++ b/src/test/resources/unbound/val_dnametopos.rpl
@@ -0,0 +1,265 @@
+; config options
+; The island of trust is at example.com
+server:
+	trust-anchor: "example.com.    3600    IN      DS      2854 3 1 46e4ffc6e9a4793b488954bd3f0cc6af0dfb201b"
+	trust-anchor: "example.net.    3600    IN      DNSKEY  256 3 5 AQPQ41chR9DEHt/aIzIFAqanbDlRflJoRs5yz1jFsoRIT7dWf0r+PeDuewdxkszNH6wnU4QL8pfKFRh5PIYVBLK3 ;{id = 30899 (zsk), size = 512b}"
+	val-override-date: "20070916134226"
+	target-fetch-policy: "0 0 0 0 0"
+	qname-minimisation: "no"
+	fake-sha1: yes
+	val-min-rsa-size: 512
+	trust-anchor-signaling: no
+
+stub-zone:
+	name: "."
+	stub-addr: 193.0.14.129 	# K.ROOT-SERVERS.NET.
+CONFIG_END
+
+SCENARIO_BEGIN Test validator with a dname to positive
+
+; K.ROOT-SERVERS.NET.
+RANGE_BEGIN 0 100
+	ADDRESS 193.0.14.129
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+. IN NS
+SECTION ANSWER
+. IN NS	K.ROOT-SERVERS.NET.
+SECTION ADDITIONAL
+K.ROOT-SERVERS.NET.	IN	A	193.0.14.129
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+www.example.com. IN A
+SECTION AUTHORITY
+com.	IN NS	a.gtld-servers.net.
+SECTION ADDITIONAL
+a.gtld-servers.net.	IN 	A	192.5.6.30
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+www.example.net. IN A
+SECTION AUTHORITY
+net.	IN NS	a.gtld-servers.net.
+SECTION ADDITIONAL
+a.gtld-servers.net.	IN 	A	192.5.6.30
+ENTRY_END
+RANGE_END
+
+; a.gtld-servers.net.
+RANGE_BEGIN 0 100
+	ADDRESS 192.5.6.30
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+com. IN NS
+SECTION ANSWER
+com.    IN NS   a.gtld-servers.net.
+SECTION ADDITIONAL
+a.gtld-servers.net.     IN      A       192.5.6.30
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+net. IN NS
+SECTION ANSWER
+net.    IN NS   a.gtld-servers.net.
+SECTION ADDITIONAL
+a.gtld-servers.net.     IN      A       192.5.6.30
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+www.example.com. IN A
+SECTION AUTHORITY
+example.com.	IN NS	ns.example.com.
+SECTION ADDITIONAL
+ns.example.com.		IN 	A	1.2.3.4
+ENTRY_END
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+www.example.net. IN A
+SECTION AUTHORITY
+example.net.	IN NS	ns.example.net.
+SECTION ADDITIONAL
+ns.example.net.		IN 	A	1.2.3.5
+ENTRY_END
+RANGE_END
+
+; ns.example.com.
+RANGE_BEGIN 0 100
+	ADDRESS 1.2.3.4
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+example.com. IN NS
+SECTION ANSWER
+example.com.    IN NS   ns.example.com.
+example.com.    3600    IN      RRSIG   NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854}
+SECTION ADDITIONAL
+ns.example.com.         IN      A       1.2.3.4
+ns.example.com. 3600    IN      RRSIG   A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854}
+ENTRY_END
+
+; response to DNSKEY priming query
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+example.com. IN DNSKEY
+SECTION ANSWER
+example.com.    3600    IN      DNSKEY  256 3 3 ALXLUsWqUrY3JYER3T4TBJII s70j+sDS/UT2QRp61SE7S3E EXopNXoFE73JLRmvpi/UrOO/Vz4Se 6wXv/CYCKjGw06U4WRgR YXcpEhJROyNapmdIKSx hOzfLVE1gqA0PweZR8d tY3aNQSRn3sPpwJr6Mi /PqQKAMMrZ9ckJpf1+b QMOOvxgzz2U1GS18b3y ZKcgTMEaJzd/GZYzi/B N2DzQ0MsrSwYXfsNLFO Bbs8PJMW4LYIxeeOe6rUgkWOF 7CC9Dh/dduQ1QrsJhmZAEFfd6ByYV+ ;{id = 2854 (zsk), size = 1688b}
+example.com. 3600    IN      RRSIG   DNSKEY DSA 2 3600 20070926134150 20070829134150 2854 example.com. MCwCFBQRtlR4BEv9ohi+PGFjp+AHsJuHAhRCvz0shggvnvI88DFnBDCczHUcVA== ;{id = 2854}
+SECTION AUTHORITY
+example.com.	IN NS	ns.example.com.
+example.com.    3600    IN      RRSIG   NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854}
+SECTION ADDITIONAL
+ns.example.com.		IN 	A	1.2.3.4
+ns.example.com. 3600    IN      RRSIG   A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854}
+ENTRY_END
+
+; response to query of interest
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+www.example.com. IN A
+SECTION ANSWER
+example.com. IN	DNAME	example.net.
+example.com.    3600    IN      RRSIG   DNAME 3 2 3600 20070926134150 20070829134150 2854 example.com. MCwCFH1xw24Hswia3g10AVL1yFUHUPdFAhQDrA+qZJwqXRPg2C1oiNPk9fosGg== ;{id = 2854}
+; unsigned CNAME
+www.example.com. IN	CNAME	www.example.net.
+SECTION AUTHORITY
+SECTION ADDITIONAL
+ENTRY_END
+RANGE_END
+
+; ns.example.net.
+RANGE_BEGIN 0 100
+	ADDRESS 1.2.3.5
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+example.net. IN NS
+SECTION ANSWER
+example.net.	IN NS	ns.example.net.
+example.net.    3600    IN      RRSIG   NS RSASHA1 2 3600 20070926134150 20070829134150 30899 example.net. E8JX0l4B+cSR5bkHQwOJy1pBmlLMTYCJ8EwfNMU/eCv0YhKwo26rHhn52FGisgv+Nwp7/NbhHqQ+kJgoZC94XA== ;{id = 30899}
+SECTION ADDITIONAL
+ns.example.net.		IN 	A	1.2.3.5
+ns.example.net. 3600    IN      RRSIG   A RSASHA1 3 3600 20070926134150 20070829134150 30899 example.net. x+tQMC9FhzT7Fcy1pM5NrOC7E8nLd7THPI3C6ie4EwL8PrxllqlR3q/DKB0d/m0qCOPcgN6HFOYURV1s4uAcsw== ;{id = 30899}
+ENTRY_END
+
+; response to DNSKEY priming query
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+example.net. IN DNSKEY
+SECTION ANSWER
+example.net.    3600    IN      DNSKEY  256 3 5 AQPQ41chR9DEHt/aIzIFAqanbDlRflJoRs5yz1jFsoRIT7dWf0r+PeDuewdxkszNH6wnU4QL8pfKFRh5PIYVBLK3 ;{id = 30899 (zsk), size = 512b}
+example.net.    3600    IN      RRSIG   DNSKEY RSASHA1 2 3600 20070926134150 20070829134150 30899 example.net. hiFzlQ8VoYgCuvIsfVuxC3mfJDqsTh0yc6abs5xMx5uEcIjb0dndFQx7INOM+imlzveEN73Hqp4OLFpFhsWLlw== ;{id = 30899}
+SECTION AUTHORITY
+example.net.	IN NS	ns.example.net.
+example.net.    3600    IN      RRSIG   NS RSASHA1 2 3600 20070926134150 20070829134150 30899 example.net. E8JX0l4B+cSR5bkHQwOJy1pBmlLMTYCJ8EwfNMU/eCv0YhKwo26rHhn52FGisgv+Nwp7/NbhHqQ+kJgoZC94XA== ;{id = 30899}
+SECTION ADDITIONAL
+ns.example.net.		IN 	A	1.2.3.5
+ns.example.net. 3600    IN      RRSIG   A RSASHA1 3 3600 20070926134150 20070829134150 30899 example.net. x+tQMC9FhzT7Fcy1pM5NrOC7E8nLd7THPI3C6ie4EwL8PrxllqlR3q/DKB0d/m0qCOPcgN6HFOYURV1s4uAcsw== ;{id = 30899}
+ENTRY_END
+
+; response to query of interest
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+www.example.net. IN A
+SECTION ANSWER
+; from *.example.net.
+www.example.net. IN	A	11.12.13.14
+www.example.net.        3600    IN      RRSIG   A 5 3 3600 20070926134150 20070829134150 30899 example.net. CPxF5hK9Kg5eT7W6LgZwr0ePYEm9HMcSY4vvqCS6gDWB4X9jvXLCfBkCLhsNybPBpGWlsLi5wM6MTdJXuPpsRA== ;{id = 30899}
+SECTION AUTHORITY
+SECTION ADDITIONAL
+ENTRY_END
+RANGE_END
+
+STEP 1 QUERY
+ENTRY_BEGIN
+REPLY RD DO
+SECTION QUESTION
+www.example.com. IN A
+ENTRY_END
+
+; recursion happens here.
+STEP 10 CHECK_ANSWER
+ENTRY_BEGIN
+MATCH all
+REPLY QR RD RA AD DO NOERROR
+SECTION QUESTION
+www.example.com. IN A
+SECTION ANSWER
+example.com.    3600    IN      DNAME   example.net.
+example.com.    3600    IN      RRSIG   DNAME 3 2 3600 20070926134150 20070829134150 2854 example.com. MCwCFH1xw24Hswia3g10AVL1yFUHUPdFAhQDrA+qZJwqXRPg2C1oiNPk9fosGg== ;{id = 2854}
+www.example.com.        0       IN      CNAME   www.example.net.
+www.example.net.        3600    IN      A       11.12.13.14
+www.example.net.        3600    IN      RRSIG   A 5 3 3600 20070926134150 20070829134150 30899 example.net. CPxF5hK9Kg5eT7W6LgZwr0ePYEm9HMcSY4vvqCS6gDWB4X9jvXLCfBkCLhsNybPBpGWlsLi5wM6MTdJXuPpsRA== ;{id = 30899}
+SECTION AUTHORITY
+SECTION ADDITIONAL
+ENTRY_END
+
+; Check cache response for DNAME
+; so 100+ the authority will not respond any more : must be from cache.
+STEP 110 TIME_PASSES ELAPSE 10
+
+STEP 120 QUERY
+ENTRY_BEGIN
+REPLY RD DO
+SECTION QUESTION
+www.example.com. IN A
+ENTRY_END
+
+STEP 130 CHECK_ANSWER
+ENTRY_BEGIN
+MATCH all ttl
+REPLY QR RD RA AD DO NOERROR
+SECTION QUESTION
+www.example.com. IN A
+SECTION ANSWER
+example.com.    3590    IN      DNAME   example.net.
+example.com.    3590    IN      RRSIG   DNAME 3 2 3600 20070926134150 20070829134150 2854 example.com. MCwCFH1xw24Hswia3g10AVL1yFUHUPdFAhQDrA+qZJwqXRPg2C1oiNPk9fosGg== ;{id = 2854}
+www.example.com.        3590    IN      CNAME   www.example.net.
+www.example.net.        3590    IN      A       11.12.13.14
+www.example.net.        3590    IN      RRSIG   A 5 3 3600 20070926134150 20070829134150 30899 example.net. CPxF5hK9Kg5eT7W6LgZwr0ePYEm9HMcSY4vvqCS6gDWB4X9jvXLCfBkCLhsNybPBpGWlsLi5wM6MTdJXuPpsRA== ;{id = 30899}
+SECTION AUTHORITY
+SECTION ADDITIONAL
+ENTRY_END
+
+SCENARIO_END
diff --git a/src/test/resources/unbound/val_dnametoposwc.rpl b/src/test/resources/unbound/val_dnametoposwc.rpl
new file mode 100644
index 000000000..33895855a
--- /dev/null
+++ b/src/test/resources/unbound/val_dnametoposwc.rpl
@@ -0,0 +1,242 @@
+; config options
+; The island of trust is at example.com
+server:
+	trust-anchor: "example.com.    3600    IN      DS      2854 3 1 46e4ffc6e9a4793b488954bd3f0cc6af0dfb201b"
+	trust-anchor: "example.net.    3600    IN      DNSKEY  256 3 5 AQPQ41chR9DEHt/aIzIFAqanbDlRflJoRs5yz1jFsoRIT7dWf0r+PeDuewdxkszNH6wnU4QL8pfKFRh5PIYVBLK3 ;{id = 30899 (zsk), size = 512b}"
+	val-override-date: "20070916134226"
+	target-fetch-policy: "0 0 0 0 0"
+	qname-minimisation: "no"
+	fake-sha1: yes
+	val-min-rsa-size: 512
+	trust-anchor-signaling: no
+
+stub-zone:
+	name: "."
+	stub-addr: 193.0.14.129 	# K.ROOT-SERVERS.NET.
+CONFIG_END
+
+SCENARIO_BEGIN Test validator with a dname to positive wildcard
+
+; K.ROOT-SERVERS.NET.
+RANGE_BEGIN 0 100
+	ADDRESS 193.0.14.129
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+. IN NS
+SECTION ANSWER
+. IN NS	K.ROOT-SERVERS.NET.
+SECTION ADDITIONAL
+K.ROOT-SERVERS.NET.	IN	A	193.0.14.129
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+www.example.com. IN A
+SECTION AUTHORITY
+com.	IN NS	a.gtld-servers.net.
+SECTION ADDITIONAL
+a.gtld-servers.net.	IN 	A	192.5.6.30
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+www.example.net. IN A
+SECTION AUTHORITY
+net.	IN NS	a.gtld-servers.net.
+SECTION ADDITIONAL
+a.gtld-servers.net.	IN 	A	192.5.6.30
+ENTRY_END
+RANGE_END
+
+; a.gtld-servers.net.
+RANGE_BEGIN 0 100
+	ADDRESS 192.5.6.30
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+com. IN NS
+SECTION ANSWER
+com.    IN NS   a.gtld-servers.net.
+SECTION ADDITIONAL
+a.gtld-servers.net.     IN      A       192.5.6.30
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+net. IN NS
+SECTION ANSWER
+net.    IN NS   a.gtld-servers.net.
+SECTION ADDITIONAL
+a.gtld-servers.net.     IN      A       192.5.6.30
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+www.example.com. IN A
+SECTION AUTHORITY
+example.com.	IN NS	ns.example.com.
+SECTION ADDITIONAL
+ns.example.com.		IN 	A	1.2.3.4
+ENTRY_END
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+www.example.net. IN A
+SECTION AUTHORITY
+example.net.	IN NS	ns.example.net.
+SECTION ADDITIONAL
+ns.example.net.		IN 	A	1.2.3.5
+ENTRY_END
+RANGE_END
+
+; ns.example.com.
+RANGE_BEGIN 0 100
+	ADDRESS 1.2.3.4
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+example.com. IN NS
+SECTION ANSWER
+example.com.    IN NS   ns.example.com.
+example.com.    3600    IN      RRSIG   NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854}
+SECTION ADDITIONAL
+ns.example.com.         IN      A       1.2.3.4
+ns.example.com. 3600    IN      RRSIG   A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854}
+ENTRY_END
+
+; response to DNSKEY priming query
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+example.com. IN DNSKEY
+SECTION ANSWER
+example.com.    3600    IN      DNSKEY  256 3 3 ALXLUsWqUrY3JYER3T4TBJII s70j+sDS/UT2QRp61SE7S3E EXopNXoFE73JLRmvpi/UrOO/Vz4Se 6wXv/CYCKjGw06U4WRgR YXcpEhJROyNapmdIKSx hOzfLVE1gqA0PweZR8d tY3aNQSRn3sPpwJr6Mi /PqQKAMMrZ9ckJpf1+b QMOOvxgzz2U1GS18b3y ZKcgTMEaJzd/GZYzi/B N2DzQ0MsrSwYXfsNLFO Bbs8PJMW4LYIxeeOe6rUgkWOF 7CC9Dh/dduQ1QrsJhmZAEFfd6ByYV+ ;{id = 2854 (zsk), size = 1688b}
+example.com. 3600    IN      RRSIG   DNSKEY DSA 2 3600 20070926134150 20070829134150 2854 example.com. MCwCFBQRtlR4BEv9ohi+PGFjp+AHsJuHAhRCvz0shggvnvI88DFnBDCczHUcVA== ;{id = 2854}
+SECTION AUTHORITY
+example.com.	IN NS	ns.example.com.
+example.com.    3600    IN      RRSIG   NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854}
+SECTION ADDITIONAL
+ns.example.com.		IN 	A	1.2.3.4
+ns.example.com. 3600    IN      RRSIG   A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854}
+ENTRY_END
+
+; response to query of interest
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+www.example.com. IN A
+SECTION ANSWER
+example.com. IN	DNAME	example.net.
+example.com.    3600    IN      RRSIG   DNAME 3 2 3600 20070926134150 20070829134150 2854 example.com. MCwCFH1xw24Hswia3g10AVL1yFUHUPdFAhQDrA+qZJwqXRPg2C1oiNPk9fosGg== ;{id = 2854}
+; unsigned CNAME
+www.example.com. IN	CNAME	www.example.net.
+SECTION AUTHORITY
+SECTION ADDITIONAL
+ENTRY_END
+RANGE_END
+
+; ns.example.net.
+RANGE_BEGIN 0 100
+	ADDRESS 1.2.3.5
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+example.net. IN NS
+SECTION ANSWER
+example.net.	IN NS	ns.example.net.
+example.net.    3600    IN      RRSIG   NS RSASHA1 2 3600 20070926134150 20070829134150 30899 example.net. E8JX0l4B+cSR5bkHQwOJy1pBmlLMTYCJ8EwfNMU/eCv0YhKwo26rHhn52FGisgv+Nwp7/NbhHqQ+kJgoZC94XA== ;{id = 30899}
+SECTION ADDITIONAL
+ns.example.net.		IN 	A	1.2.3.5
+ns.example.net. 3600    IN      RRSIG   A RSASHA1 3 3600 20070926134150 20070829134150 30899 example.net. x+tQMC9FhzT7Fcy1pM5NrOC7E8nLd7THPI3C6ie4EwL8PrxllqlR3q/DKB0d/m0qCOPcgN6HFOYURV1s4uAcsw== ;{id = 30899}
+ENTRY_END
+
+; response to DNSKEY priming query
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+example.net. IN DNSKEY
+SECTION ANSWER
+example.net.    3600    IN      DNSKEY  256 3 5 AQPQ41chR9DEHt/aIzIFAqanbDlRflJoRs5yz1jFsoRIT7dWf0r+PeDuewdxkszNH6wnU4QL8pfKFRh5PIYVBLK3 ;{id = 30899 (zsk), size = 512b}
+example.net.    3600    IN      RRSIG   DNSKEY RSASHA1 2 3600 20070926134150 20070829134150 30899 example.net. hiFzlQ8VoYgCuvIsfVuxC3mfJDqsTh0yc6abs5xMx5uEcIjb0dndFQx7INOM+imlzveEN73Hqp4OLFpFhsWLlw== ;{id = 30899}
+SECTION AUTHORITY
+example.net.	IN NS	ns.example.net.
+example.net.    3600    IN      RRSIG   NS RSASHA1 2 3600 20070926134150 20070829134150 30899 example.net. E8JX0l4B+cSR5bkHQwOJy1pBmlLMTYCJ8EwfNMU/eCv0YhKwo26rHhn52FGisgv+Nwp7/NbhHqQ+kJgoZC94XA== ;{id = 30899}
+SECTION ADDITIONAL
+ns.example.net.		IN 	A	1.2.3.5
+ns.example.net. 3600    IN      RRSIG   A RSASHA1 3 3600 20070926134150 20070829134150 30899 example.net. x+tQMC9FhzT7Fcy1pM5NrOC7E8nLd7THPI3C6ie4EwL8PrxllqlR3q/DKB0d/m0qCOPcgN6HFOYURV1s4uAcsw== ;{id = 30899}
+ENTRY_END
+
+; response to query of interest
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+www.example.net. IN A
+SECTION ANSWER
+; from *.example.net.
+www.example.net. IN	A	11.12.13.14
+www.example.net.  3600    IN      RRSIG   A 5 2 3600 20070926134150 20070829134150 30899 example.net. quSyDbSeHRvyMmanqq5rW+APC9MKOswbRLB5QP/G+C2iyokQFLuRTlX9Wmo/jo1Oo1MGBefJUmP9NdRd2EqABA== ;{id = 30899}
+SECTION AUTHORITY
+wab.example.net	IN	NSEC	wzz.example.net. A NSEC RRSIG
+wab.example.net.        3600    IN      RRSIG   NSEC 5 3 3600 20070926134150 20070829134150 30899 example.net. gl8vkI3xfSWx4Pyv5OdOthiewE6u/13kclY7UG9ptuFBddamdJO3RQqyxM6Xcmq+ToO4kMCCyaKijp01gTDoGg== ;{id = 30899}
+SECTION ADDITIONAL
+ENTRY_END
+RANGE_END
+
+STEP 1 QUERY
+ENTRY_BEGIN
+REPLY RD DO
+SECTION QUESTION
+www.example.com. IN A
+ENTRY_END
+
+; recursion happens here.
+STEP 10 CHECK_ANSWER
+ENTRY_BEGIN
+MATCH all
+REPLY QR RD RA AD DO NOERROR
+SECTION QUESTION
+www.example.com. IN A
+SECTION ANSWER
+example.com. 3600 IN	DNAME	example.net.
+example.com.    3600    IN      RRSIG   DNAME 3 2 3600 20070926134150 20070829134150 2854 example.com. MCwCFH1xw24Hswia3g10AVL1yFUHUPdFAhQDrA+qZJwqXRPg2C1oiNPk9fosGg== ;{id = 2854}
+www.example.com. 0	IN	CNAME	www.example.net.
+www.example.net. 3600 IN	A	11.12.13.14
+www.example.net.  3600    IN      RRSIG   A 5 2 3600 20070926134150 20070829134150 30899 example.net. quSyDbSeHRvyMmanqq5rW+APC9MKOswbRLB5QP/G+C2iyokQFLuRTlX9Wmo/jo1Oo1MGBefJUmP9NdRd2EqABA== ;{id = 30899}
+SECTION AUTHORITY
+wab.example.net	IN	NSEC	wzz.example.net. A NSEC RRSIG
+wab.example.net.        3600    IN      RRSIG   NSEC 5 3 3600 20070926134150 20070829134150 30899 example.net. gl8vkI3xfSWx4Pyv5OdOthiewE6u/13kclY7UG9ptuFBddamdJO3RQqyxM6Xcmq+ToO4kMCCyaKijp01gTDoGg== ;{id = 30899}
+SECTION ADDITIONAL
+ENTRY_END
+
+SCENARIO_END
diff --git a/src/test/resources/unbound/val_dnamewc.rpl b/src/test/resources/unbound/val_dnamewc.rpl
new file mode 100644
index 000000000..b011af88a
--- /dev/null
+++ b/src/test/resources/unbound/val_dnamewc.rpl
@@ -0,0 +1,268 @@
+; config options
+; The island of trust is at example.com
+server:
+	trust-anchor: "example.com.    3600    IN      DS      2854 3 1 46e4ffc6e9a4793b488954bd3f0cc6af0dfb201b"
+	trust-anchor: "example.net.    3600    IN      DNSKEY  256 3 5 AQPQ41chR9DEHt/aIzIFAqanbDlRflJoRs5yz1jFsoRIT7dWf0r+PeDuewdxkszNH6wnU4QL8pfKFRh5PIYVBLK3 ;{id = 30899 (zsk), size = 512b}"
+	val-override-date: "20070916134226"
+	target-fetch-policy: "0 0 0 0 0"
+	qname-minimisation: "no"
+	fake-sha1: yes
+	trust-anchor-signaling: no
+
+stub-zone:
+	name: "."
+	stub-addr: 193.0.14.129 	# K.ROOT-SERVERS.NET.
+CONFIG_END
+
+SCENARIO_BEGIN Test validator with a wildcarded dname 
+
+; K.ROOT-SERVERS.NET.
+RANGE_BEGIN 0 100
+	ADDRESS 193.0.14.129 
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+. IN NS
+SECTION ANSWER
+. IN NS	K.ROOT-SERVERS.NET.
+SECTION ADDITIONAL
+K.ROOT-SERVERS.NET.	IN	A	193.0.14.129
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+www.sub.example.com. IN A
+SECTION AUTHORITY
+com.	IN NS	a.gtld-servers.net.
+SECTION ADDITIONAL
+a.gtld-servers.net.	IN 	A	192.5.6.30
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+www.example.net. IN A
+SECTION AUTHORITY
+net.	IN NS	a.gtld-servers.net.
+SECTION ADDITIONAL
+a.gtld-servers.net.	IN 	A	192.5.6.30
+ENTRY_END
+RANGE_END
+
+; a.gtld-servers.net.
+RANGE_BEGIN 0 100
+	ADDRESS 192.5.6.30
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+com. IN NS
+SECTION ANSWER
+com.    IN NS   a.gtld-servers.net.
+SECTION ADDITIONAL
+a.gtld-servers.net.     IN      A       192.5.6.30
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+net. IN NS
+SECTION ANSWER
+net.    IN NS   a.gtld-servers.net.
+SECTION ADDITIONAL
+a.gtld-servers.net.     IN      A       192.5.6.30
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode subdomain
+ADJUST copy_id copy_query
+REPLY QR NOERROR
+SECTION QUESTION
+example.com. IN A
+SECTION AUTHORITY
+example.com.	IN NS	ns.example.com.
+SECTION ADDITIONAL
+ns.example.com.		IN 	A	1.2.3.4
+ENTRY_END
+ENTRY_BEGIN
+MATCH opcode subdomain
+ADJUST copy_id copy_query
+REPLY QR NOERROR
+SECTION QUESTION
+example.net. IN A
+SECTION AUTHORITY
+example.net.	IN NS	ns.example.net.
+SECTION ADDITIONAL
+ns.example.net.		IN 	A	1.2.3.5
+ENTRY_END
+RANGE_END
+
+; ns.example.com.
+RANGE_BEGIN 0 100
+	ADDRESS 1.2.3.4
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR AA REFUSED
+SECTION QUESTION
+ns.example.com. IN AAAA
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR AA REFUSED
+SECTION QUESTION
+ns.example.com. IN A
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+example.com. IN NS
+SECTION ANSWER
+example.com.    IN NS   ns.example.com.
+example.com.    3600    IN      RRSIG   NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854}
+SECTION ADDITIONAL
+ns.example.com.         IN      A       1.2.3.4
+ns.example.com. 3600    IN      RRSIG   A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854}
+ENTRY_END
+
+; response to DNSKEY priming query
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+example.com. IN DNSKEY
+SECTION ANSWER
+example.com.    3600    IN      DNSKEY  256 3 3 ALXLUsWqUrY3JYER3T4TBJII s70j+sDS/UT2QRp61SE7S3E EXopNXoFE73JLRmvpi/UrOO/Vz4Se 6wXv/CYCKjGw06U4WRgR YXcpEhJROyNapmdIKSx hOzfLVE1gqA0PweZR8d tY3aNQSRn3sPpwJr6Mi /PqQKAMMrZ9ckJpf1+b QMOOvxgzz2U1GS18b3y ZKcgTMEaJzd/GZYzi/B N2DzQ0MsrSwYXfsNLFO Bbs8PJMW4LYIxeeOe6rUgkWOF 7CC9Dh/dduQ1QrsJhmZAEFfd6ByYV+ ;{id = 2854 (zsk), size = 1688b}
+example.com. 3600    IN      RRSIG   DNSKEY DSA 2 3600 20070926134150 20070829134150 2854 example.com. MCwCFBQRtlR4BEv9ohi+PGFjp+AHsJuHAhRCvz0shggvnvI88DFnBDCczHUcVA== ;{id = 2854}
+SECTION AUTHORITY
+example.com.	IN NS	ns.example.com.
+example.com.    3600    IN      RRSIG   NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854}
+SECTION ADDITIONAL
+ns.example.com.		IN 	A	1.2.3.4
+ns.example.com. 3600    IN      RRSIG   A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854}
+ENTRY_END
+
+; response to query of interest
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+www.sub.example.com. IN A
+SECTION ANSWER
+; *.example.com. IN	DNAME	example.net.
+sub.example.com. IN	DNAME	example.net.
+sub.example.com.  3600    IN      RRSIG   DNAME 3 2 3600 20070926134150 20070829134150 2854 example.com. MCwCFEyO+NY3QgAf/cF0mmZhsj3TqgoGAhRqJhHoCd+aA1FbBp16WGfk1HmeIg== ;{id = 2854}
+; unsigned CNAME; one interpretation of the wildcarded DNAME expansion
+www.sub.example.com. IN	CNAME	www.example.net.
+SECTION AUTHORITY
+; prove original does not exist
+ns.example.com.	IN	NSEC	www.example.com. A RRSIG NSEC
+ns.example.com. 3600    IN      RRSIG   NSEC 3 3 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCCqvDUT+jMCvfm7OHL2IDY75JDmQIUfOtDiiyeSiwjuq3i3OuLnVRyoJ8= ;{id = 2854}
+SECTION ADDITIONAL
+ENTRY_END
+RANGE_END
+
+; ns.example.net.
+RANGE_BEGIN 0 100
+	ADDRESS 1.2.3.5
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR AA REFUSED
+SECTION QUESTION
+ns.example.net. IN AAAA
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR AA REFUSED
+SECTION QUESTION
+ns.example.net. IN A
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+example.net. IN NS
+SECTION ANSWER
+example.net.	IN NS	ns.example.net.
+example.net.    3600    IN      RRSIG   NS RSASHA1 2 3600 20070926134150 20070829134150 30899 example.net. E8JX0l4B+cSR5bkHQwOJy1pBmlLMTYCJ8EwfNMU/eCv0YhKwo26rHhn52FGisgv+Nwp7/NbhHqQ+kJgoZC94XA== ;{id = 30899}
+SECTION ADDITIONAL
+ns.example.net.		IN 	A	1.2.3.5
+ns.example.net. 3600    IN      RRSIG   A RSASHA1 3 3600 20070926134150 20070829134150 30899 example.net. x+tQMC9FhzT7Fcy1pM5NrOC7E8nLd7THPI3C6ie4EwL8PrxllqlR3q/DKB0d/m0qCOPcgN6HFOYURV1s4uAcsw== ;{id = 30899}
+ENTRY_END
+
+; response to DNSKEY priming query
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+example.net. IN DNSKEY
+SECTION ANSWER
+example.net.    3600    IN      DNSKEY  256 3 5 AQPQ41chR9DEHt/aIzIFAqanbDlRflJoRs5yz1jFsoRIT7dWf0r+PeDuewdxkszNH6wnU4QL8pfKFRh5PIYVBLK3 ;{id = 30899 (zsk), size = 512b}
+example.net.    3600    IN      RRSIG   DNSKEY RSASHA1 2 3600 20070926134150 20070829134150 30899 example.net. hiFzlQ8VoYgCuvIsfVuxC3mfJDqsTh0yc6abs5xMx5uEcIjb0dndFQx7INOM+imlzveEN73Hqp4OLFpFhsWLlw== ;{id = 30899}
+SECTION AUTHORITY
+example.net.	IN NS	ns.example.net.
+example.net.    3600    IN      RRSIG   NS RSASHA1 2 3600 20070926134150 20070829134150 30899 example.net. E8JX0l4B+cSR5bkHQwOJy1pBmlLMTYCJ8EwfNMU/eCv0YhKwo26rHhn52FGisgv+Nwp7/NbhHqQ+kJgoZC94XA== ;{id = 30899}
+SECTION ADDITIONAL
+ns.example.net.		IN 	A	1.2.3.5
+ns.example.net. 3600    IN      RRSIG   A RSASHA1 3 3600 20070926134150 20070829134150 30899 example.net. x+tQMC9FhzT7Fcy1pM5NrOC7E8nLd7THPI3C6ie4EwL8PrxllqlR3q/DKB0d/m0qCOPcgN6HFOYURV1s4uAcsw== ;{id = 30899}
+ENTRY_END
+
+; response to query of interest
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+www.example.net. IN A
+SECTION ANSWER
+; from *.example.net.
+www.example.net. IN	A	11.12.13.14
+www.example.net.        3600    IN      RRSIG   A 5 3 3600 20070926134150 20070829134150 30899 example.net. CPxF5hK9Kg5eT7W6LgZwr0ePYEm9HMcSY4vvqCS6gDWB4X9jvXLCfBkCLhsNybPBpGWlsLi5wM6MTdJXuPpsRA== ;{id = 30899}
+SECTION AUTHORITY
+SECTION ADDITIONAL
+ENTRY_END
+RANGE_END
+
+STEP 1 QUERY
+ENTRY_BEGIN
+REPLY RD DO
+SECTION QUESTION
+www.sub.example.com. IN A
+ENTRY_END
+
+; recursion happens here.
+STEP 10 CHECK_ANSWER
+ENTRY_BEGIN
+MATCH all
+REPLY QR RD RA DO SERVFAIL
+SECTION QUESTION
+www.sub.example.com. IN A
+SECTION ANSWER
+SECTION AUTHORITY
+SECTION ADDITIONAL
+ENTRY_END
+
+SCENARIO_END
diff --git a/src/test/resources/unbound/val_ds_afterprime.rpl b/src/test/resources/unbound/val_ds_afterprime.rpl
new file mode 100644
index 000000000..733177da6
--- /dev/null
+++ b/src/test/resources/unbound/val_ds_afterprime.rpl
@@ -0,0 +1,181 @@
+; config options
+; The island of trust is at example.com
+server:
+	trust-anchor: "example.com.    3600    IN      DS      2854 3 1 46e4ffc6e9a4793b488954bd3f0cc6af0dfb201b"
+	val-override-date: "20070916134226"
+	target-fetch-policy: "0 0 0 0 0"
+	qname-minimisation: "no"
+	fake-sha1: yes
+	trust-anchor-signaling: no
+	minimal-responses: no
+
+stub-zone:
+	name: "."
+	stub-addr: 193.0.14.129 	# K.ROOT-SERVERS.NET.
+CONFIG_END
+
+SCENARIO_BEGIN Test DS lookup after key prime is done.
+
+; K.ROOT-SERVERS.NET.
+RANGE_BEGIN 0 100
+	ADDRESS 193.0.14.129 
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+. IN NS
+SECTION ANSWER
+. IN NS	K.ROOT-SERVERS.NET.
+SECTION ADDITIONAL
+K.ROOT-SERVERS.NET.	IN	A	193.0.14.129
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+www.example.com. IN A
+SECTION AUTHORITY
+com.	IN NS	a.gtld-servers.net.
+SECTION ADDITIONAL
+a.gtld-servers.net.	IN 	A	192.5.6.30
+ENTRY_END
+RANGE_END
+
+; a.gtld-servers.net.
+RANGE_BEGIN 0 100
+	ADDRESS 192.5.6.30
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+com. IN NS
+SECTION ANSWER
+com.    IN NS   a.gtld-servers.net.
+SECTION ADDITIONAL
+a.gtld-servers.net.     IN      A       192.5.6.30
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+www.example.com. IN A
+SECTION AUTHORITY
+example.com.	IN NS	ns.example.com.
+SECTION ADDITIONAL
+ns.example.com.		IN 	A	1.2.3.4
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+example.com. IN DS
+SECTION AUTHORITY
+com.			900	IN	SOA	a.gtld-servers.net. nstld.verisign-grs.com. 1251367385 1800 900 604800 86400
+ENTRY_END
+RANGE_END
+
+; ns.example.com.
+RANGE_BEGIN 0 100
+	ADDRESS 1.2.3.4
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+example.com. IN NS
+SECTION ANSWER
+example.com.    IN NS   ns.example.com.
+example.com.    3600    IN      RRSIG   NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854}
+SECTION ADDITIONAL
+ns.example.com.         IN      A       1.2.3.4
+ns.example.com. 3600    IN      RRSIG   A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854}
+ENTRY_END
+
+; response to DNSKEY priming query
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+example.com. IN DNSKEY
+SECTION ANSWER
+example.com.    3600    IN      DNSKEY  256 3 3 ALXLUsWqUrY3JYER3T4TBJII s70j+sDS/UT2QRp61SE7S3E EXopNXoFE73JLRmvpi/UrOO/Vz4Se 6wXv/CYCKjGw06U4WRgR YXcpEhJROyNapmdIKSx hOzfLVE1gqA0PweZR8d tY3aNQSRn3sPpwJr6Mi /PqQKAMMrZ9ckJpf1+b QMOOvxgzz2U1GS18b3y ZKcgTMEaJzd/GZYzi/B N2DzQ0MsrSwYXfsNLFO Bbs8PJMW4LYIxeeOe6rUgkWOF 7CC9Dh/dduQ1QrsJhmZAEFfd6ByYV+ ;{id = 2854 (zsk), size = 1688b}
+example.com.    3600    IN      RRSIG   DNSKEY 3 2 3600 20070926134802 20070829134802 2854 example.com. MCwCFG1yhRNtTEa3Eno2zhVVuy2EJX3wAhQeLyUp6+UXcpC5qGNu9tkrTEgPUg== ;{id = 2854}
+SECTION AUTHORITY
+example.com.	IN NS	ns.example.com.
+example.com.    3600    IN      RRSIG   NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854}
+SECTION ADDITIONAL
+ns.example.com.		IN 	A	1.2.3.4
+ns.example.com. 3600    IN      RRSIG   A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854}
+ENTRY_END
+
+; response to query of interest
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+www.example.com. IN A
+SECTION ANSWER
+www.example.com. IN A	10.20.30.40
+www.example.com.        3600    IN      RRSIG   A 3 3 3600 20070926134150 20070829134150 2854 example.com. MC0CFC99iE9K5y2WNgI0gFvBWaTi9wm6AhUAoUqOpDtG5Zct+Qr9F3mSdnbc6V4= ;{id = 2854}
+SECTION AUTHORITY
+example.com.	IN NS	ns.example.com.
+example.com.    3600    IN      RRSIG   NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854}
+SECTION ADDITIONAL
+ns.example.com.		IN 	A	1.2.3.4
+ns.example.com. 3600    IN      RRSIG   A 3 3 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCQMyTjn7WWwpwAR1LlVeLpRgZGuQIUCcJDEkwAuzytTDRlYK7nIMwH1CM= ;{id = 2854}
+ENTRY_END
+RANGE_END
+
+STEP 1 QUERY
+ENTRY_BEGIN
+REPLY RD DO
+SECTION QUESTION
+www.example.com. IN A
+ENTRY_END
+
+; recursion happens here.
+STEP 10 CHECK_ANSWER
+ENTRY_BEGIN
+MATCH all
+REPLY QR RD RA AD DO NOERROR
+SECTION QUESTION
+www.example.com. IN A
+SECTION ANSWER
+www.example.com. IN A	10.20.30.40
+www.example.com.        3600    IN      RRSIG   A 3 3 3600 20070926134150 20070829134150 2854 example.com. MC0CFC99iE9K5y2WNgI0gFvBWaTi9wm6AhUAoUqOpDtG5Zct+Qr9F3mSdnbc6V4= ;{id = 2854}
+SECTION AUTHORITY
+example.com.	IN NS	ns.example.com.
+example.com.    3600    IN      RRSIG   NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854}
+SECTION ADDITIONAL
+ns.example.com.		IN 	A	1.2.3.4
+ns.example.com. 3600    IN      RRSIG   A 3 3 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCQMyTjn7WWwpwAR1LlVeLpRgZGuQIUCcJDEkwAuzytTDRlYK7nIMwH1CM= ;{id = 2854}
+ENTRY_END
+
+STEP 20 QUERY
+ENTRY_BEGIN
+REPLY RD DO
+SECTION QUESTION
+example.com. IN DS
+ENTRY_END
+
+STEP 30 CHECK_ANSWER
+ENTRY_BEGIN
+MATCH all
+REPLY QR RD RA DO NOERROR
+SECTION QUESTION
+example.com. IN DS
+SECTION AUTHORITY
+com.			900	IN	SOA	a.gtld-servers.net. nstld.verisign-grs.com. 1251367385 1800 900 604800 86400
+ENTRY_END
+
+SCENARIO_END
diff --git a/src/test/resources/unbound/val_ds_cname.rpl b/src/test/resources/unbound/val_ds_cname.rpl
new file mode 100644
index 000000000..7c3e41be3
--- /dev/null
+++ b/src/test/resources/unbound/val_ds_cname.rpl
@@ -0,0 +1,205 @@
+; config options
+; The island of trust is at example.com
+server:
+	trust-anchor: "example.com.    3600    IN      DS      2854 3 1 46e4ffc6e9a4793b488954bd3f0cc6af0dfb201b"
+	val-override-date: "20070916134226"
+	target-fetch-policy: "0 0 0 0 0"
+	qname-minimisation: "no"
+	fake-sha1: yes
+	trust-anchor-signaling: no
+
+stub-zone:
+	name: "."
+	stub-addr: 193.0.14.129 	# K.ROOT-SERVERS.NET.
+CONFIG_END
+
+SCENARIO_BEGIN Test validator with CNAME response to DS 
+
+; K.ROOT-SERVERS.NET.
+RANGE_BEGIN 0 100
+	ADDRESS 193.0.14.129 
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+. IN NS
+SECTION ANSWER
+. IN NS	K.ROOT-SERVERS.NET.
+SECTION ADDITIONAL
+K.ROOT-SERVERS.NET.	IN	A	193.0.14.129
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+www.example.com. IN A
+SECTION AUTHORITY
+com.	IN NS	a.gtld-servers.net.
+SECTION ADDITIONAL
+a.gtld-servers.net.	IN 	A	192.5.6.30
+ENTRY_END
+RANGE_END
+
+; a.gtld-servers.net.
+RANGE_BEGIN 0 100
+	ADDRESS 192.5.6.30
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+com. IN NS
+SECTION ANSWER
+com.    IN NS   a.gtld-servers.net.
+SECTION ADDITIONAL
+a.gtld-servers.net.     IN      A       192.5.6.30
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+www.example.com. IN A
+SECTION AUTHORITY
+example.com.	IN NS	ns.example.com.
+SECTION ADDITIONAL
+ns.example.com.		IN 	A	1.2.3.4
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR AA NOERROR
+SECTION QUESTION
+ns.example.com. IN AAAA
+SECTION ANSWER
+ENTRY_END
+RANGE_END
+
+; ns.example.com.
+RANGE_BEGIN 0 100
+	ADDRESS 1.2.3.4
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+ns.example.com. IN AAAA
+SECTION ANSWER
+; not legal NOERROR/NODATA response, but leniently accepted (not validated)
+SECTION AUTHORITY
+example.com.    IN NS   ns.example.com.
+example.com.    3600    IN      RRSIG   NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854}
+SECTION ADDITIONAL
+ns.example.com.         IN      A       1.2.3.4
+ns.example.com. 3600    IN      RRSIG   A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854}
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+example.com. IN NS
+SECTION ANSWER
+example.com.    IN NS   ns.example.com.
+example.com.    3600    IN      RRSIG   NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854}
+SECTION ADDITIONAL
+ns.example.com.         IN      A       1.2.3.4
+ns.example.com. 3600    IN      RRSIG   A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854}
+ENTRY_END
+
+; response to DNSKEY priming query
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+example.com. IN DNSKEY
+SECTION ANSWER
+example.com.    3600    IN      DNSKEY  256 3 3 ALXLUsWqUrY3JYER3T4TBJII s70j+sDS/UT2QRp61SE7S3E EXopNXoFE73JLRmvpi/UrOO/Vz4Se 6wXv/CYCKjGw06U4WRgR YXcpEhJROyNapmdIKSx hOzfLVE1gqA0PweZR8d tY3aNQSRn3sPpwJr6Mi /PqQKAMMrZ9ckJpf1+b QMOOvxgzz2U1GS18b3y ZKcgTMEaJzd/GZYzi/B N2DzQ0MsrSwYXfsNLFO Bbs8PJMW4LYIxeeOe6rUgkWOF 7CC9Dh/dduQ1QrsJhmZAEFfd6ByYV+ ;{id = 2854 (zsk), size = 1688b}
+example.com.    3600    IN      RRSIG   DNSKEY 3 2 3600 20070926134802 20070829134802 2854 example.com. MCwCFG1yhRNtTEa3Eno2zhVVuy2EJX3wAhQeLyUp6+UXcpC5qGNu9tkrTEgPUg== ;{id = 2854}
+SECTION AUTHORITY
+example.com.	IN NS	ns.example.com.
+example.com.    3600    IN      RRSIG   NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854}
+SECTION ADDITIONAL
+ns.example.com.		IN 	A	1.2.3.4
+ns.example.com. 3600    IN      RRSIG   A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854}
+ENTRY_END
+
+; response to query of interest
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR AA NOERROR
+SECTION QUESTION
+www.example.com. IN A
+SECTION ANSWER
+; nothing here, not even NSECs
+SECTION AUTHORITY
+example.com.	IN NS	ns.example.com.
+example.com.    3600    IN      RRSIG   NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854}
+SECTION ADDITIONAL
+ENTRY_END
+
+; DS query
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR AA NOERROR
+SECTION QUESTION
+www.example.com. IN DS
+SECTION ANSWER
+www.example.com. IN CNAME zzz.example.com.
+www.example.com.	3600	IN	RRSIG	CNAME 3 2 3600 20070926134150 20070829134150 2854 example.com. AERsv3PiBObAEhZ/dKyamie0sjvYLn7YaEKgv9ExB14KKLgWvzCaOWo= ;{id = 2854}
+;*.example.com. IN CNAME zzz.example.com.
+;*.example.com.	3600	IN	RRSIG	CNAME 3 2 3600 20070926134150 20070829134150 2854 example.com. AERsv3PiBObAEhZ/dKyamie0sjvYLn7YaEKgv9ExB14KKLgWvzCaOWo= ;{id = 2854}
+
+SECTION AUTHORITY
+*.example.com. IN NSEC zzz.example.com. CNAME RRSIG NSEC
+*.example.com.	3600	IN	RRSIG	NSEC 3 2 3600 20070926134150 20070829134150 2854 example.com. AJxl2TXciyhbKqSakVNtjlt8Bbkco02zpl5RlY88iqVmSa6ts+/guU4= ;{id = 2854}
+zzz.example.com. IN NSEC *.zzz.example.com. A RRSIG NSEC
+zzz.example.com.	3600	IN	RRSIG	NSEC 3 3 3600 20070926134150 20070829134150 2854 example.com. ACtgx/h0YfGEK79zg4G16jB/0oRWH0nxrMzUc/4hCY3oprsP8DrdjqU= ;{id = 2854}
+example.com. IN SOA alfa.ns.example.com.cz. hostmaster.example.com. 2010030800 10800 86400 604800 86400
+example.com.	3600	IN	RRSIG	SOA 3 2 3600 20070926134150 20070829134150 2854 example.com. ADsxLOHjxFzwFmwIiGOubqD9nKWAp4RccRIXQ0+EAUGfSDZMCB0ZiFA= ;{id = 2854}
+SECTION ADDITIONAL
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR AA NOERROR
+SECTION QUESTION
+zzz.example.com. IN DS
+SECTION ANSWER
+SECTION AUTHORITY
+zzz.example.com. IN NSEC *.zzz.example.com. A RRSIG NSEC
+zzz.example.com.	3600	IN	RRSIG	NSEC 3 3 3600 20070926134150 20070829134150 2854 example.com. ACtgx/h0YfGEK79zg4G16jB/0oRWH0nxrMzUc/4hCY3oprsP8DrdjqU= ;{id = 2854}
+example.com. IN SOA alfa.ns.example.com.cz. hostmaster.example.com. 2010030800 10800 86400 604800 86400
+example.com.	3600	IN	RRSIG	SOA 3 2 3600 20070926134150 20070829134150 2854 example.com. ADsxLOHjxFzwFmwIiGOubqD9nKWAp4RccRIXQ0+EAUGfSDZMCB0ZiFA= ;{id = 2854}
+SECTION ADDITIONAL
+ENTRY_END
+RANGE_END
+
+STEP 1 QUERY
+ENTRY_BEGIN
+REPLY RD DO
+SECTION QUESTION
+www.example.com. IN A
+ENTRY_END
+
+; recursion happens here.
+STEP 10 CHECK_ANSWER
+ENTRY_BEGIN
+MATCH all
+REPLY QR RD RA DO SERVFAIL
+SECTION QUESTION
+www.example.com. IN A
+SECTION ANSWER
+ENTRY_END
+
+SCENARIO_END
diff --git a/src/test/resources/unbound/val_ds_cnamesub.rpl b/src/test/resources/unbound/val_ds_cnamesub.rpl
new file mode 100644
index 000000000..ac89a04e2
--- /dev/null
+++ b/src/test/resources/unbound/val_ds_cnamesub.rpl
@@ -0,0 +1,278 @@
+; config options
+; The island of trust is at example.com
+server:
+	trust-anchor: "example.com.    3600    IN      DS      2854 3 1 46e4ffc6e9a4793b488954bd3f0cc6af0dfb201b"
+	val-override-date: "20070916134226"
+	target-fetch-policy: "0 0 0 0 0"
+	qname-minimisation: "no"
+	fake-sha1: yes
+	trust-anchor-signaling: no
+
+stub-zone:
+	name: "."
+	stub-addr: 193.0.14.129 	# K.ROOT-SERVERS.NET.
+CONFIG_END
+
+SCENARIO_BEGIN Test validator with CNAME response to DS in chain of trust
+; the CNAME is at a nonempty nonterminal name in the parent zone.
+
+; K.ROOT-SERVERS.NET.
+RANGE_BEGIN 0 100
+	ADDRESS 193.0.14.129
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+. IN NS
+SECTION ANSWER
+. IN NS	K.ROOT-SERVERS.NET.
+SECTION ADDITIONAL
+K.ROOT-SERVERS.NET.	IN	A	193.0.14.129
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode subdomain
+ADJUST copy_id copy_query
+REPLY QR NOERROR
+SECTION QUESTION
+com. IN A
+SECTION AUTHORITY
+com.	IN NS	a.gtld-servers.net.
+SECTION ADDITIONAL
+a.gtld-servers.net.	IN 	A	192.5.6.30
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode subdomain
+ADJUST copy_id copy_query
+REPLY QR NOERROR
+SECTION QUESTION
+net. IN A
+SECTION AUTHORITY
+net.	IN NS	a.gtld-servers.net.
+SECTION ADDITIONAL
+a.gtld-servers.net.	IN 	A	192.5.6.30
+ENTRY_END
+RANGE_END
+
+; a.gtld-servers.net.
+RANGE_BEGIN 0 100
+	ADDRESS 192.5.6.30
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+com. IN NS
+SECTION ANSWER
+com.    IN NS   a.gtld-servers.net.
+SECTION ADDITIONAL
+a.gtld-servers.net.     IN      A       192.5.6.30
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode subdomain
+ADJUST copy_id copy_query
+REPLY QR NOERROR
+SECTION QUESTION
+example.com. IN A
+SECTION AUTHORITY
+example.com.	IN NS	ns.example.com.
+SECTION ADDITIONAL
+ns.example.com.		IN 	A	1.2.3.4
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR AA NOERROR
+SECTION QUESTION
+ns.example.com. IN AAAA
+SECTION ANSWER
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode subdomain
+ADJUST copy_id copy_query
+REPLY QR AA NOERROR
+SECTION QUESTION
+example.net. IN A
+SECTION AUTHORITY
+example.net. IN NS ns.example.net.
+SECTION ADDITIONAL
+ns.example.net. IN A 1.2.3.6
+ENTRY_END
+
+RANGE_END
+
+; ns.example.com.
+RANGE_BEGIN 0 100
+	ADDRESS 1.2.3.4
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+ns.example.com. IN AAAA
+SECTION ANSWER
+; not legal NOERROR/NODATA response, but leniently accepted (not validated)
+SECTION AUTHORITY
+example.com.    IN NS   ns.example.com.
+example.com.    3600    IN      RRSIG   NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854}
+;example.com. IN SOA alfa.ns.example.com.cz. hostmaster.example.com. 2010030800 10800 86400 604800 86400
+;example.com.	3600	IN	RRSIG	SOA 3 2 3600 20070926134150 20070829134150 2854 example.com. ADsxLOHjxFzwFmwIiGOubqD9nKWAp4RccRIXQ0+EAUGfSDZMCB0ZiFA= ;{id = 2854}
+SECTION ADDITIONAL
+ns.example.com.         IN      A       1.2.3.4
+ns.example.com. 3600    IN      RRSIG   A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854}
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+example.com. IN NS
+SECTION ANSWER
+example.com.    IN NS   ns.example.com.
+example.com.    3600    IN      RRSIG   NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854}
+SECTION ADDITIONAL
+ns.example.com.         IN      A       1.2.3.4
+ns.example.com. 3600    IN      RRSIG   A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854}
+ENTRY_END
+
+; response to DNSKEY priming query
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+example.com. IN DNSKEY
+SECTION ANSWER
+example.com.    3600    IN      DNSKEY  256 3 3 ALXLUsWqUrY3JYER3T4TBJII s70j+sDS/UT2QRp61SE7S3E EXopNXoFE73JLRmvpi/UrOO/Vz4Se 6wXv/CYCKjGw06U4WRgR YXcpEhJROyNapmdIKSx hOzfLVE1gqA0PweZR8d tY3aNQSRn3sPpwJr6Mi /PqQKAMMrZ9ckJpf1+b QMOOvxgzz2U1GS18b3y ZKcgTMEaJzd/GZYzi/B N2DzQ0MsrSwYXfsNLFO Bbs8PJMW4LYIxeeOe6rUgkWOF 7CC9Dh/dduQ1QrsJhmZAEFfd6ByYV+ ;{id = 2854 (zsk), size = 1688b}
+example.com.    3600    IN      RRSIG   DNSKEY 3 2 3600 20070926134802 20070829134802 2854 example.com. MCwCFG1yhRNtTEa3Eno2zhVVuy2EJX3wAhQeLyUp6+UXcpC5qGNu9tkrTEgPUg== ;{id = 2854}
+SECTION AUTHORITY
+example.com.	IN NS	ns.example.com.
+example.com.    3600    IN      RRSIG   NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854}
+SECTION ADDITIONAL
+ns.example.com.		IN 	A	1.2.3.4
+ns.example.com. 3600    IN      RRSIG   A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854}
+ENTRY_END
+
+; response to DS query for a.example.com, a CNAME
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR AA NOERROR
+SECTION QUESTION
+a.example.com. IN DS
+SECTION ANSWER
+a.example.com. IN CNAME zzz.example.net.
+a.example.com.	3600	IN	RRSIG	CNAME 3 3 3600 20070926134150 20070829134150 2854 example.com. AKM6/j6yowuwqbazKzi4fEsavcLwXo3PjglhH9KD68ANZOrdN9y1ZCc=
+SECTION AUTHORITY
+SECTION ADDITIONAL
+ENTRY_END
+
+; response to DS query for sub.a.example.com.
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR AA NOERROR
+SECTION QUESTION
+sub.a.example.com. IN DS
+SECTION ANSWER
+sub.a.example.com.	3600	IN	DS	57024 7 1 e54100bff773a794854808694c5d217267a53649
+sub.a.example.com.	3600	IN	RRSIG	DS 3 4 3600 20070926134150 20070829134150 2854 example.com. ALHDGmpgZlXnAb54z4FbBKw/9nXVBdosG0UCEuh4qU7Lm/fs5Dv9aJw=
+SECTION AUTHORITY
+SECTION ADDITIONAL
+ENTRY_END
+
+; delegation down
+ENTRY_BEGIN
+MATCH opcode subdomain
+ADJUST copy_id copy_query
+REPLY QR NOERROR
+SECTION QUESTION
+sub.a.example.com. IN NS
+SECTION ANSWER
+SECTION AUTHORITY
+sub.a.example.com.	3600	IN	DS	57024 7 1 e54100bff773a794854808694c5d217267a53649
+sub.a.example.com.	3600	IN	RRSIG	DS 3 4 3600 20070926134150 20070829134150 2854 example.com. ALHDGmpgZlXnAb54z4FbBKw/9nXVBdosG0UCEuh4qU7Lm/fs5Dv9aJw=
+sub.a.example.com. IN NS ns.sub.a.example.com.
+SECTION ADDITIONAL
+ns.sub.a.example.com. IN A 1.2.3.5
+ENTRY_END
+RANGE_END
+
+; ns.sub.a.example.com.
+RANGE_BEGIN 0 100
+	ADDRESS 1.2.3.5
+
+; DNSKEY query
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR AA NOERROR
+SECTION QUESTION
+sub.a.example.com. IN DNSKEY
+SECTION ANSWER
+sub.a.example.com.	3600	IN	DNSKEY	257 3 7 AwEAAbvre/wK/WVeoj0SiwVkTD+NefvHPru9YIqLWY0m+0E5NYOpJZdc+PGQQYRzFNOlugVZtFirmv5Lmz7GNiASXtG/IFi//SlE30DxEKQOjt2F6qSZTZ1nZ5XOIMGTwWyp4OoI0egk5JavC5mQbyXqcj82ywt6F5Z3CmnThVl6MtOv ;{id = 57024 (ksk), size = 1024b}
+sub.a.example.com.	3600	IN	RRSIG	DNSKEY 7 4 3600 20070926134150 20070829134150 57024 sub.a.example.com. TB3rkkPBD/ESQR9WBpfq2aV+2howI+EJq2+om2EI6PiemQOdpN6ovLvKwCILb0LOsTEFfPpAvRCOuDzRC24sJqBgWpZ4xLxMTcQJ8hMvv7rIUfZotDPO2JYNHSRmpeQLuDGA6P+AtJLYIr7yfOltJmJ0aCJxy3Fm9RQxJxHVbEQ=
+SECTION AUTHORITY
+SECTION ADDITIONAL
+ENTRY_END
+
+; query of interest
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR AA NOERROR
+SECTION QUESTION
+www.sub.a.example.com. IN A
+SECTION ANSWER
+www.sub.a.example.com. IN A 10.20.30.40
+www.sub.a.example.com.	3600	IN	RRSIG	A 7 5 3600 20070926134150 20070829134150 57024 sub.a.example.com. az44R7VbfooRtaSOO65W+GP4K/fHlIcKMkF/z3LVvDXOdCK+zuYPJycBCYljH5cAhslMXgDeHMOWdcPhKIZ3EjykYUJIGlMckVIMobBieFKFhIX9r/bRpT0vlsCF2YKbmvyjpeRF/sIg2iSNMf/s6wxpZq02Kq6yuHtUEqgx7uA=
+SECTION AUTHORITY
+SECTION ADDITIONAL
+ENTRY_END
+
+RANGE_END
+
+; ns.example.net.
+RANGE_BEGIN 0 100
+	ADDRESS 1.2.3.6
+
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR AA NOERROR
+SECTION QUESTION
+zzz.example.net. IN DS
+SECTION ANSWER
+SECTION AUTHORITY
+example.net. IN SOA root. host. 1 2 3 4 5
+SECTION ADDITIONAL
+ENTRY_END
+RANGE_END
+
+
+STEP 1 QUERY
+ENTRY_BEGIN
+REPLY RD DO
+SECTION QUESTION
+www.sub.a.example.com. IN A
+ENTRY_END
+
+; recursion happens here.
+STEP 10 CHECK_ANSWER
+ENTRY_BEGIN
+MATCH all
+REPLY QR RD RA AD DO NOERROR
+SECTION QUESTION
+www.sub.a.example.com. IN A
+SECTION ANSWER
+www.sub.a.example.com.  3600    IN      A       10.20.30.40
+www.sub.a.example.com.  3600    IN      RRSIG   A 7 5 3600 20070926134150 20070829134150 57024 sub.a.example.com. az44R7VbfooRtaSOO65W+GP4K/fHlIcKMkF/z3LVvDXOdCK+zuYPJycBCYljH5cAhslMXgDeHMOWdcPhKIZ3EjykYUJIGlMckVIMobBieFKFhIX9r/bRpT0vlsCF2YKbmvyjpeRF/sIg2iSNMf/s6wxpZq02Kq6yuHtUEqgx7uA=
+ENTRY_END
+
+SCENARIO_END
diff --git a/src/test/resources/unbound/val_ds_cnamesubbogus.rpl b/src/test/resources/unbound/val_ds_cnamesubbogus.rpl
new file mode 100644
index 000000000..3f4234a4e
--- /dev/null
+++ b/src/test/resources/unbound/val_ds_cnamesubbogus.rpl
@@ -0,0 +1,277 @@
+; config options
+; The island of trust is at example.com
+server:
+	trust-anchor: "example.com.    3600    IN      DS      2854 3 1 46e4ffc6e9a4793b488954bd3f0cc6af0dfb201b"
+	val-override-date: "20070916134226"
+	target-fetch-policy: "0 0 0 0 0"
+	fake-dsa: yes
+
+stub-zone:
+	name: "."
+	stub-addr: 193.0.14.129 	# K.ROOT-SERVERS.NET.
+CONFIG_END
+
+SCENARIO_BEGIN Test validator with bogus CNAME response to DS in chain of trust
+; the CNAME is at a nonempty nonterminal name in the parent zone.
+
+; K.ROOT-SERVERS.NET.
+RANGE_BEGIN 0 100
+	ADDRESS 193.0.14.129 
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+. IN NS
+SECTION ANSWER
+. IN NS	K.ROOT-SERVERS.NET.
+SECTION ADDITIONAL
+K.ROOT-SERVERS.NET.	IN	A	193.0.14.129
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode subdomain
+ADJUST copy_id copy_query
+REPLY QR NOERROR
+SECTION QUESTION
+com. IN A
+SECTION AUTHORITY
+com.	IN NS	a.gtld-servers.net.
+SECTION ADDITIONAL
+a.gtld-servers.net.	IN 	A	192.5.6.30
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode subdomain
+ADJUST copy_id copy_query
+REPLY QR NOERROR
+SECTION QUESTION
+net. IN A
+SECTION AUTHORITY
+net.	IN NS	a.gtld-servers.net.
+SECTION ADDITIONAL
+a.gtld-servers.net.	IN 	A	192.5.6.30
+ENTRY_END
+RANGE_END
+
+; a.gtld-servers.net.
+RANGE_BEGIN 0 100
+	ADDRESS 192.5.6.30
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+com. IN NS
+SECTION ANSWER
+com.    IN NS   a.gtld-servers.net.
+SECTION ADDITIONAL
+a.gtld-servers.net.     IN      A       192.5.6.30
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode subdomain
+ADJUST copy_id copy_query
+REPLY QR NOERROR
+SECTION QUESTION
+example.com. IN A
+SECTION AUTHORITY
+example.com.	IN NS	ns.example.com.
+SECTION ADDITIONAL
+ns.example.com.		IN 	A	1.2.3.4
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR AA NOERROR
+SECTION QUESTION
+ns.example.com. IN AAAA
+SECTION ANSWER
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode subdomain
+ADJUST copy_id copy_query
+REPLY QR AA NOERROR
+SECTION QUESTION
+example.net. IN A
+SECTION AUTHORITY
+example.net. IN NS ns.example.net.
+SECTION ADDITIONAL
+ns.example.net. IN A 1.2.3.6
+ENTRY_END
+
+RANGE_END
+
+; ns.example.com.
+RANGE_BEGIN 0 100
+	ADDRESS 1.2.3.4
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+ns.example.com. IN AAAA
+SECTION ANSWER
+; not legal NOERROR/NODATA response, but leniently accepted (not validated)
+SECTION AUTHORITY
+example.com.    IN NS   ns.example.com.
+example.com.    3600    IN      RRSIG   NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854}
+;example.com. IN SOA alfa.ns.example.com.cz. hostmaster.example.com. 2010030800 10800 86400 604800 86400
+;example.com.	3600	IN	RRSIG	SOA 3 2 3600 20070926134150 20070829134150 2854 example.com. ADsxLOHjxFzwFmwIiGOubqD9nKWAp4RccRIXQ0+EAUGfSDZMCB0ZiFA= ;{id = 2854}
+SECTION ADDITIONAL
+ns.example.com.         IN      A       1.2.3.4
+ns.example.com. 3600    IN      RRSIG   A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854}
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+example.com. IN NS
+SECTION ANSWER
+example.com.    IN NS   ns.example.com.
+example.com.    3600    IN      RRSIG   NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854}
+SECTION ADDITIONAL
+ns.example.com.         IN      A       1.2.3.4
+ns.example.com. 3600    IN      RRSIG   A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854}
+ENTRY_END
+
+; response to DNSKEY priming query
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+example.com. IN DNSKEY
+SECTION ANSWER
+example.com.    3600    IN      DNSKEY  256 3 3 ALXLUsWqUrY3JYER3T4TBJII s70j+sDS/UT2QRp61SE7S3E EXopNXoFE73JLRmvpi/UrOO/Vz4Se 6wXv/CYCKjGw06U4WRgR YXcpEhJROyNapmdIKSx hOzfLVE1gqA0PweZR8d tY3aNQSRn3sPpwJr6Mi /PqQKAMMrZ9ckJpf1+b QMOOvxgzz2U1GS18b3y ZKcgTMEaJzd/GZYzi/B N2DzQ0MsrSwYXfsNLFO Bbs8PJMW4LYIxeeOe6rUgkWOF 7CC9Dh/dduQ1QrsJhmZAEFfd6ByYV+ ;{id = 2854 (zsk), size = 1688b}
+example.com.    3600    IN      RRSIG   DNSKEY 3 2 3600 20070926134802 20070829134802 2854 example.com. MCwCFG1yhRNtTEa3Eno2zhVVuy2EJX3wAhQeLyUp6+UXcpC5qGNu9tkrTEgPUg== ;{id = 2854}
+SECTION AUTHORITY
+example.com.	IN NS	ns.example.com.
+example.com.    3600    IN      RRSIG   NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854}
+SECTION ADDITIONAL
+ns.example.com.		IN 	A	1.2.3.4
+ns.example.com. 3600    IN      RRSIG   A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854}
+ENTRY_END
+
+; response to DS query for a.example.com, a CNAME
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR AA NOERROR
+SECTION QUESTION
+a.example.com. IN DS
+SECTION ANSWER
+;bogus CNAME, must fail validation
+a.example.com. IN CNAME zzzz.example.net.
+a.example.com.	3600	IN	RRSIG	CNAME 3 3 3600 20070926134150 20070829134150 2854 example.com. AKM6/j6yowuwqbazKzi4fEsavcLwXo3PjglhH9KD68ANZOrdN9y1ZCc=
+SECTION AUTHORITY
+SECTION ADDITIONAL
+ENTRY_END
+
+; response to DS query for sub.a.example.com.
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR AA NOERROR
+SECTION QUESTION
+sub.a.example.com. IN DS
+SECTION ANSWER
+sub.a.example.com.	3600	IN	DS	57024 7 1 e54100bff773a794854808694c5d217267a53649
+sub.a.example.com.	3600	IN	RRSIG	DS 3 4 3600 20070926134150 20070829134150 2854 example.com. ALHDGmpgZlXnAb54z4FbBKw/9nXVBdosG0UCEuh4qU7Lm/fs5Dv9aJw=
+SECTION AUTHORITY
+SECTION ADDITIONAL
+ENTRY_END
+
+; delegation down
+ENTRY_BEGIN
+MATCH opcode subdomain
+ADJUST copy_id copy_query
+REPLY QR NOERROR
+SECTION QUESTION
+sub.a.example.com. IN NS
+SECTION ANSWER
+SECTION AUTHORITY
+sub.a.example.com.	3600	IN	DS	57024 7 1 e54100bff773a794854808694c5d217267a53649
+sub.a.example.com.	3600	IN	RRSIG	DS 3 4 3600 20070926134150 20070829134150 2854 example.com. ALHDGmpgZlXnAb54z4FbBKw/9nXVBdosG0UCEuh4qU7Lm/fs5Dv9aJw=
+sub.a.example.com. IN NS ns.sub.a.example.com.
+SECTION ADDITIONAL
+ns.sub.a.example.com. IN A 1.2.3.5
+ENTRY_END
+RANGE_END
+
+; ns.sub.a.example.com.
+RANGE_BEGIN 0 100
+	ADDRESS 1.2.3.5
+
+; DNSKEY query
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR AA NOERROR
+SECTION QUESTION
+sub.a.example.com. IN DNSKEY
+SECTION ANSWER
+sub.a.example.com.	3600	IN	DNSKEY	257 3 7 AwEAAbvre/wK/WVeoj0SiwVkTD+NefvHPru9YIqLWY0m+0E5NYOpJZdc+PGQQYRzFNOlugVZtFirmv5Lmz7GNiASXtG/IFi//SlE30DxEKQOjt2F6qSZTZ1nZ5XOIMGTwWyp4OoI0egk5JavC5mQbyXqcj82ywt6F5Z3CmnThVl6MtOv ;{id = 57024 (ksk), size = 1024b}
+sub.a.example.com.	3600	IN	RRSIG	DNSKEY 7 4 3600 20070926134150 20070829134150 57024 sub.a.example.com. TB3rkkPBD/ESQR9WBpfq2aV+2howI+EJq2+om2EI6PiemQOdpN6ovLvKwCILb0LOsTEFfPpAvRCOuDzRC24sJqBgWpZ4xLxMTcQJ8hMvv7rIUfZotDPO2JYNHSRmpeQLuDGA6P+AtJLYIr7yfOltJmJ0aCJxy3Fm9RQxJxHVbEQ=
+SECTION AUTHORITY
+SECTION ADDITIONAL
+ENTRY_END
+
+; query of interest
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR AA NOERROR
+SECTION QUESTION
+www.sub.a.example.com. IN A
+SECTION ANSWER
+www.sub.a.example.com. IN A 10.20.30.40
+www.sub.a.example.com.	3600	IN	RRSIG	A 7 5 3600 20070926134150 20070829134150 57024 sub.a.example.com. az44R7VbfooRtaSOO65W+GP4K/fHlIcKMkF/z3LVvDXOdCK+zuYPJycBCYljH5cAhslMXgDeHMOWdcPhKIZ3EjykYUJIGlMckVIMobBieFKFhIX9r/bRpT0vlsCF2YKbmvyjpeRF/sIg2iSNMf/s6wxpZq02Kq6yuHtUEqgx7uA=
+SECTION AUTHORITY
+SECTION ADDITIONAL
+ENTRY_END
+
+RANGE_END
+
+; ns.example.net.
+RANGE_BEGIN 0 100
+	ADDRESS 1.2.3.6
+
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR AA NOERROR
+SECTION QUESTION
+zzz.example.net. IN DS
+SECTION ANSWER
+SECTION AUTHORITY
+example.net. IN SOA root. host. 1 2 3 4 5
+SECTION ADDITIONAL
+ENTRY_END
+RANGE_END
+
+
+STEP 1 QUERY
+ENTRY_BEGIN
+REPLY RD DO
+SECTION QUESTION
+www.sub.a.example.com. IN A
+ENTRY_END
+
+; recursion happens here.
+STEP 10 CHECK_ANSWER
+ENTRY_BEGIN
+MATCH all
+REPLY QR RD RA SERVFAIL
+SECTION QUESTION
+www.sub.a.example.com. IN A
+SECTION ANSWER
+;www.sub.a.example.com.  3600    IN      A       10.20.30.40
+;www.sub.a.example.com.  3600    IN      RRSIG   A 7 5 3600 20070926134150 20070829134150 57024 sub.a.example.com. az44R7VbfooRtaSOO65W+GP4K/fHlIcKMkF/z3LVvDXOdCK+zuYPJycBCYljH5cAhslMXgDeHMOWdcPhKIZ3EjykYUJIGlMckVIMobBieFKFhIX9r/bRpT0vlsCF2YKbmvyjpeRF/sIg2iSNMf/s6wxpZq02Kq6yuHtUEqgx7uA=
+ENTRY_END
+
+SCENARIO_END
diff --git a/src/test/resources/unbound/val_ds_gost.rpl b/src/test/resources/unbound/val_ds_gost.rpl
new file mode 100644
index 000000000..1d61af975
--- /dev/null
+++ b/src/test/resources/unbound/val_ds_gost.rpl
@@ -0,0 +1,208 @@
+; config options
+; The island of trust is at example.com
+server:
+	trust-anchor: "example.com.    3600    IN      DS      2854 3 1 46e4ffc6e9a4793b488954bd3f0cc6af0dfb201b"
+	val-override-date: "20070916134226"
+	target-fetch-policy: "0 0 0 0 0"
+	fake-dsa: yes
+	bouncycastle: yes
+
+stub-zone:
+	name: "."
+	stub-addr: 193.0.14.129 	# K.ROOT-SERVERS.NET.
+CONFIG_END
+
+SCENARIO_BEGIN Test validator with GOST DS digest
+
+; K.ROOT-SERVERS.NET.
+RANGE_BEGIN 0 100
+	ADDRESS 193.0.14.129 
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+. IN NS
+SECTION ANSWER
+. IN NS	K.ROOT-SERVERS.NET.
+SECTION ADDITIONAL
+K.ROOT-SERVERS.NET.	IN	A	193.0.14.129
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+www.sub.example.com. IN A
+SECTION AUTHORITY
+com.	IN NS	a.gtld-servers.net.
+SECTION ADDITIONAL
+a.gtld-servers.net.	IN 	A	192.5.6.30
+ENTRY_END
+RANGE_END
+
+; a.gtld-servers.net.
+RANGE_BEGIN 0 100
+	ADDRESS 192.5.6.30
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+com. IN NS
+SECTION ANSWER
+com.    IN NS   a.gtld-servers.net.
+SECTION ADDITIONAL
+a.gtld-servers.net.     IN      A       192.5.6.30
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+www.sub.example.com. IN A
+SECTION AUTHORITY
+example.com.	IN NS	ns.example.com.
+SECTION ADDITIONAL
+ns.example.com.		IN 	A	1.2.3.4
+ENTRY_END
+RANGE_END
+
+; ns.example.com.
+RANGE_BEGIN 0 100
+	ADDRESS 1.2.3.4
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+example.com. IN NS
+SECTION ANSWER
+example.com.    IN NS   ns.example.com.
+example.com.    3600    IN      RRSIG   NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854}
+SECTION ADDITIONAL
+ns.example.com.         IN      A       1.2.3.4
+ns.example.com. 3600    IN      RRSIG   A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854}
+ENTRY_END
+
+; response to DNSKEY priming query
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+example.com. IN DNSKEY
+SECTION ANSWER
+example.com.    3600    IN      DNSKEY  256 3 3 ALXLUsWqUrY3JYER3T4TBJII s70j+sDS/UT2QRp61SE7S3E EXopNXoFE73JLRmvpi/UrOO/Vz4Se 6wXv/CYCKjGw06U4WRgR YXcpEhJROyNapmdIKSx hOzfLVE1gqA0PweZR8d tY3aNQSRn3sPpwJr6Mi /PqQKAMMrZ9ckJpf1+b QMOOvxgzz2U1GS18b3y ZKcgTMEaJzd/GZYzi/B N2DzQ0MsrSwYXfsNLFO Bbs8PJMW4LYIxeeOe6rUgkWOF 7CC9Dh/dduQ1QrsJhmZAEFfd6ByYV+ ;{id = 2854 (zsk), size = 1688b}
+example.com. 3600    IN      RRSIG   DNSKEY DSA 2 3600 20070926134150 20070829134150 2854 example.com. MCwCFBQRtlR4BEv9ohi+PGFjp+AHsJuHAhRCvz0shggvnvI88DFnBDCczHUcVA== ;{id = 2854}
+SECTION AUTHORITY
+example.com.	IN NS	ns.example.com.
+example.com.    3600    IN      RRSIG   NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854}
+SECTION ADDITIONAL
+ns.example.com.		IN 	A	1.2.3.4
+ns.example.com. 3600    IN      RRSIG   A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854}
+ENTRY_END
+
+; response for delegation to sub.example.com.
+ENTRY_BEGIN
+MATCH opcode subdomain
+ADJUST copy_id copy_query
+REPLY QR NOERROR
+SECTION QUESTION
+sub.example.com. IN A
+SECTION ANSWER
+SECTION AUTHORITY
+sub.example.com. IN	NS ns.sub.example.com.
+
+; GOST DS for sub.example.com.
+sub.example.com.	3600	IN	DS	60385 12 3 2be04f63b3d069fd65f81a3b810b661a00d39be3ff00d1c7481a150b93b0d027 ; xepov-bofek-fuset-bipiz-tunoz-mukyf-rybyb-ranic-pobet-fakov-fozob-bagus-ludac-pyheb-rygor-bygyd-lyxyx
+
+; SHA DS for sub.example.com.
+;sub.example.com.	3600	IN	DS	60385 12 1 0a66f7923318bb1e208bfd975ffa2e30cfcdf962 ; xedik-katin-dasec-myvic-vumum-rizan-luluz-paraf-befas-tovek-dyxax
+;sub.example.com.	3600	IN	DS	60385 12 2 cd3290b84b457d02ca29846a005a5eba61640256ced8deca0ef8345d2cd34a58 ; xufef-dugir-modog-hyzyb-dadod-nicuk-pubyh-polor-pomuk-gobuh-kufet-mulus-pofyz-metoh-tarit-fudih-moxex
+
+sub.example.com.	3600	IN	RRSIG	DS 3 3 3600 20070926135752 20070829135752 2854 example.com. ADwjiGkzrz8RPRJ6LAB37cNEQxTXSaR6Stu/GwGvcQ7KVGH/Qw76ktI= ;{id = 2854}
+
+SECTION ADDITIONAL
+ns.sub.example.com. IN A 1.2.3.6
+ENTRY_END
+
+RANGE_END
+
+; ns.sub.example.com.
+RANGE_BEGIN 0 100
+	ADDRESS 1.2.3.6
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+sub.example.com. IN NS
+SECTION ANSWER
+sub.example.com. IN	NS ns.sub.example.com.
+sub.example.com.	3600	IN	RRSIG	NS 12 3 3600 20070926134150 20070829134150 60385 sub.example.com. LAgerMKnwGgapo7tDs2jV8kjA+RminByvkR6qHineRDv4SYbRdDlCtYcFR4CoYo9aigLPej1WBmaZjFV+/7AVA== ;{id = 60385}
+SECTION ADDITIONAL
+ns.sub.example.com. IN A 1.2.3.6
+ns.sub.example.com.	3600	IN	RRSIG	A 12 4 3600 20070926134150 20070829134150 60385 sub.example.com. qYVQEwiVNWwRRoDJxK3c3LaXtfvOm/YzOEzXbN2MxPHZXHaa2nCzWLsILNstot/wTAbrk4wNcT16gKxF5JguNw== ;{id = 60385}
+ENTRY_END
+
+; response to DNSKEY priming query
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+sub.example.com. IN DNSKEY
+SECTION ANSWER
+sub.example.com.	3600	IN	DNSKEY	256 3 12 9SZY+xB3wKtrLoRHzkBs9L3fjcvazjnk5HF3gMaD1PVp4pthrwgHIm0TUaLrd3YCa2VCl5wj+MzbhZi8NEJ/Cg== ;{id = 60385 (zsk), size = 512b}
+sub.example.com.	3600	IN	RRSIG	DNSKEY 12 3 3600 20070926134150 20070829134150 60385 sub.example.com. zyZCppfMjlMS9xs3pJfbWkdA6EgV5MqI11AdVRV8pBsyI7diYLWm8RAHlhEI5MT59A6IT6Di9YjOCvWJjzZ9tA== ;{id = 60385}
+SECTION AUTHORITY
+sub.example.com. IN	NS ns.sub.example.com.
+sub.example.com.	3600	IN	RRSIG	NS 12 3 3600 20070926134150 20070829134150 60385 sub.example.com. 3y6qmOn5GIytQQtXmdhkyL0+8Um7uNzOA0m0CkWFtzN81T98jHdGcCGNC3CIGMyhKaWKqPlOoSwIfm55fa4qRA== ;{id = 60385}
+
+SECTION ADDITIONAL
+ns.sub.example.com. IN A 1.2.3.6
+ns.sub.example.com.	3600	IN	RRSIG	A 12 4 3600 20070926134150 20070829134150 60385 sub.example.com. VS97UxG9Kn7DIYFCnBDJQ3n7sQ+aYF42/cU6s8jF1Y4nHSorKPFa0KHn0WVmaW33hA+Vs4BWTvJ1/JOpbiJskA== ;{id = 60385}
+
+ENTRY_END
+
+; response to query of interest
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+www.sub.example.com. IN A
+SECTION ANSWER
+www.sub.example.com. IN A	11.11.11.11
+www.sub.example.com.	3600	IN	RRSIG	A 12 4 3600 20070926134150 20070829134150 60385 sub.example.com. KVDpNBH83UM8l1e9yAdXA1fV+wFJSJF4NtOnDLTtbpfyVbndNW3tvPc2YfLBxTEZeUCns2QrqcmIMdZ086frOQ== ;{id = 60385}
+
+SECTION AUTHORITY
+SECTION ADDITIONAL
+ENTRY_END
+RANGE_END
+
+STEP 1 QUERY
+ENTRY_BEGIN
+REPLY RD DO
+SECTION QUESTION
+www.sub.example.com. IN A
+ENTRY_END
+
+; recursion happens here.
+STEP 10 CHECK_ANSWER
+ENTRY_BEGIN
+MATCH all
+REPLY QR RD RA AD NOERROR
+SECTION QUESTION
+www.sub.example.com. IN A
+SECTION ANSWER
+www.sub.example.com. 	3600	IN	A	11.11.11.11
+www.sub.example.com.	3600	IN	RRSIG	A 12 4 3600 20070926134150 20070829134150 60385 sub.example.com. KVDpNBH83UM8l1e9yAdXA1fV+wFJSJF4NtOnDLTtbpfyVbndNW3tvPc2YfLBxTEZeUCns2QrqcmIMdZ086frOQ== ;{id = 60385}
+SECTION AUTHORITY
+SECTION ADDITIONAL
+ENTRY_END
+
+SCENARIO_END
diff --git a/src/test/resources/unbound/val_ds_gost_downgrade.rpl b/src/test/resources/unbound/val_ds_gost_downgrade.rpl
new file mode 100644
index 000000000..3a589c194
--- /dev/null
+++ b/src/test/resources/unbound/val_ds_gost_downgrade.rpl
@@ -0,0 +1,249 @@
+; config options
+; The island of trust is at example.com
+server:
+	trust-anchor: "example.com.    3600    IN      DS      2854 3 1 46e4ffc6e9a4793b488954bd3f0cc6af0dfb201b"
+	val-override-date: "20070916134226"
+	target-fetch-policy: "0 0 0 0 0"
+	qname-minimisation: "no"
+	fake-sha1: yes
+	bouncycastle: yes
+	trust-anchor-signaling: no
+	harden-algo-downgrade: yes
+
+stub-zone:
+	name: "."
+	stub-addr: 193.0.14.129 	# K.ROOT-SERVERS.NET.
+CONFIG_END
+
+SCENARIO_BEGIN Test validator with GOST DS digest downgrade attack
+
+; K.ROOT-SERVERS.NET.
+RANGE_BEGIN 0 100
+	ADDRESS 193.0.14.129 
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+. IN NS
+SECTION ANSWER
+. IN NS	K.ROOT-SERVERS.NET.
+SECTION ADDITIONAL
+K.ROOT-SERVERS.NET.	IN	A	193.0.14.129
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+www.sub.example.com. IN A
+SECTION AUTHORITY
+com.	IN NS	a.gtld-servers.net.
+SECTION ADDITIONAL
+a.gtld-servers.net.	IN 	A	192.5.6.30
+ENTRY_END
+RANGE_END
+
+; a.gtld-servers.net.
+RANGE_BEGIN 0 100
+	ADDRESS 192.5.6.30
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+com. IN NS
+SECTION ANSWER
+com.    IN NS   a.gtld-servers.net.
+SECTION ADDITIONAL
+a.gtld-servers.net.     IN      A       192.5.6.30
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode subdomain
+ADJUST copy_id copy_query
+REPLY QR NOERROR
+SECTION QUESTION
+example.com. IN A
+SECTION AUTHORITY
+example.com.	IN NS	ns.example.com.
+SECTION ADDITIONAL
+ns.example.com.		IN 	A	1.2.3.4
+ENTRY_END
+RANGE_END
+
+; ns.example.com.
+RANGE_BEGIN 0 100
+	ADDRESS 1.2.3.4
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR AA REFUSED
+SECTION QUESTION
+ns.example.com. IN AAAA
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+example.com. IN NS
+SECTION ANSWER
+example.com.    IN NS   ns.example.com.
+example.com.    3600    IN      RRSIG   NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854}
+SECTION ADDITIONAL
+ns.example.com.         IN      A       1.2.3.4
+ns.example.com. 3600    IN      RRSIG   A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854}
+ENTRY_END
+
+; response to DNSKEY priming query
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+example.com. IN DNSKEY
+SECTION ANSWER
+example.com.    3600    IN      DNSKEY  256 3 3 ALXLUsWqUrY3JYER3T4TBJII s70j+sDS/UT2QRp61SE7S3E EXopNXoFE73JLRmvpi/UrOO/Vz4Se 6wXv/CYCKjGw06U4WRgR YXcpEhJROyNapmdIKSx hOzfLVE1gqA0PweZR8d tY3aNQSRn3sPpwJr6Mi /PqQKAMMrZ9ckJpf1+b QMOOvxgzz2U1GS18b3y ZKcgTMEaJzd/GZYzi/B N2DzQ0MsrSwYXfsNLFO Bbs8PJMW4LYIxeeOe6rUgkWOF 7CC9Dh/dduQ1QrsJhmZAEFfd6ByYV+ ;{id = 2854 (zsk), size = 1688b}
+example.com. 3600    IN      RRSIG   DNSKEY DSA 2 3600 20070926134150 20070829134150 2854 example.com. MCwCFBQRtlR4BEv9ohi+PGFjp+AHsJuHAhRCvz0shggvnvI88DFnBDCczHUcVA== ;{id = 2854}
+SECTION AUTHORITY
+example.com.	IN NS	ns.example.com.
+example.com.    3600    IN      RRSIG   NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854}
+SECTION ADDITIONAL
+ns.example.com.		IN 	A	1.2.3.4
+ns.example.com. 3600    IN      RRSIG   A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854}
+ENTRY_END
+
+; response for delegation to sub.example.com.
+ENTRY_BEGIN
+MATCH opcode subdomain
+ADJUST copy_id copy_query
+REPLY QR NOERROR
+SECTION QUESTION
+sub.example.com. IN A
+SECTION ANSWER
+SECTION AUTHORITY
+sub.example.com. IN	NS ns.sub.example.com.
+
+; downgrade: false GOST, correct SHA
+
+
+sub.example.com.        3600    IN      DS      60385 12 3 2be04f63b3d069fd65f81a3b810b661a00d39be3ff00d1c7481a150b93b0d028 
+
+; correct GOST DS for sub.example.com.
+; sub.example.com.        3600    IN      DS      60385 12 3 2be04f63b3d069fd65f81a3b810b661a00d39be3ff00d1c7481a150b93b0d027 ; xepov-bofek-fuset-bipiz-tunoz-mukyf-rybyb-ranic-pobet-fakov-fozob-bagus-ludac-pyheb-rygor-bygyd-lyxyx
+
+; SHA1 DS for sub.example.com.
+sub.example.com.       3600    IN      DS      60385 12 1 0a66f7923318bb1e208bfd975ffa2e30cfcdf962 ; xedik-katin-dasec-myvic-vumum-rizan-luluz-paraf-befas-tovek-dyxax
+; SHA256 DS for sub.example.com.
+sub.example.com.       3600    IN      DS      60385 12 2 cd3290b84b457d02ca29846a005a5eba61640256ced8deca0ef8345d2cd34a58 ; xufef-dugir-modog-hyzyb-dadod-nicuk-pubyh-polor-pomuk-gobuh-kufet-mulus-pofyz-metoh-tarit-fudih-moxex
+
+; signs SHA1, SHA2 and GOST DSes
+sub.example.com.	3600	IN	RRSIG	DS 3 3 3600 20070926135752 20070829135752 2854 example.com. ADB1PPtGoPKRrhNtRtkqeqpgnZdbPOdJMgjdZVxPfgGCoMTu3JFQVbo= ;{id = 2854}
+
+SECTION ADDITIONAL
+ns.sub.example.com. IN A 1.2.3.6
+ENTRY_END
+
+RANGE_END
+
+; ns.sub.example.com.
+RANGE_BEGIN 0 100
+	ADDRESS 1.2.3.6
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+sub.example.com. IN NS
+SECTION ANSWER
+sub.example.com. IN	NS ns.sub.example.com.
+sub.example.com.	3600	IN	RRSIG	NS 12 3 3600 20070926134150 20070829134150 60385 sub.example.com. 6mNrX32/DC2RU1A+yWCccn5H6wnsbNYTlf8e/LyF1fsuNfw6tH12sKGBCtk1mp4HpDIgH02HDHplJskSFOvzTw== ;{id = 60385}
+
+SECTION ADDITIONAL
+ns.sub.example.com. IN A 1.2.3.6
+ns.sub.example.com.	3600	IN	RRSIG	A 12 4 3600 20070926134150 20070829134150 60385 sub.example.com. kJEyinL7BkpiPW2HxmFHRLAi68EdrLXToJiK83a5cedDe5ABL7c/k+nFHd3WjATUtVoueY3pSnCDVCJaFmd+/A== ;{id = 60385}
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR AA NOERROR
+SECTION QUESTION
+ns.sub.example.com. IN A
+SECTION ANSWER
+ns.sub.example.com. IN A 1.2.3.6
+ns.sub.example.com.	3600	IN	RRSIG	A 12 4 3600 20070926134150 20070829134150 60385 sub.example.com. kJEyinL7BkpiPW2HxmFHRLAi68EdrLXToJiK83a5cedDe5ABL7c/k+nFHd3WjATUtVoueY3pSnCDVCJaFmd+/A== ;{id = 60385}
+SECTION AUTHORITY
+sub.example.com. IN	NS ns.sub.example.com.
+sub.example.com.	3600	IN	RRSIG	NS 12 3 3600 20070926134150 20070829134150 60385 sub.example.com. 6mNrX32/DC2RU1A+yWCccn5H6wnsbNYTlf8e/LyF1fsuNfw6tH12sKGBCtk1mp4HpDIgH02HDHplJskSFOvzTw== ;{id = 60385}
+ENTRY_END
+
+; response to DNSKEY priming query
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+sub.example.com. IN DNSKEY
+SECTION ANSWER
+sub.example.com.        3600    IN      DNSKEY  256 3 12 9SZY+xB3wKtrLoRHzkBs9L3fjcvazjnk5HF3gMaD1PVp4pthrwgHIm0TUaLrd3YCa2VCl5wj+MzbhZi8NEJ/Cg== ;{id = 60385 (zsk), size = 512b}
+sub.example.com.        3600    IN      RRSIG   DNSKEY 12 3 3600 20070926134150 20070829134150 60385 sub.example.com. zyZCppfMjlMS9xs3pJfbWkdA6EgV5MqI11AdVRV8pBsyI7diYLWm8RAHlhEI5MT59A6IT6Di9YjOCvWJjzZ9tA== ;{id = 60385}
+SECTION AUTHORITY
+sub.example.com. IN	NS ns.sub.example.com.
+sub.example.com.	3600	IN	RRSIG	NS 12 3 3600 20070926134150 20070829134150 60385 sub.example.com. 6mNrX32/DC2RU1A+yWCccn5H6wnsbNYTlf8e/LyF1fsuNfw6tH12sKGBCtk1mp4HpDIgH02HDHplJskSFOvzTw== ;{id = 60385}
+SECTION ADDITIONAL
+ns.sub.example.com. IN A 1.2.3.6
+ns.sub.example.com.	3600	IN	RRSIG	A 12 4 3600 20070926134150 20070829134150 60385 sub.example.com. kJEyinL7BkpiPW2HxmFHRLAi68EdrLXToJiK83a5cedDe5ABL7c/k+nFHd3WjATUtVoueY3pSnCDVCJaFmd+/A== ;{id = 60385}
+ENTRY_END
+
+; response to query of interest
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+www.sub.example.com. IN A
+SECTION ANSWER
+www.sub.example.com. IN A	11.11.11.11
+www.sub.example.com.    3600    IN      RRSIG   A 12 4 3600 20070926134150 20070829134150 60385 sub.example.com. KVDpNBH83UM8l1e9yAdXA1fV+wFJSJF4NtOnDLTtbpfyVbndNW3tvPc2YfLBxTEZeUCns2QrqcmIMdZ086frOQ== ;{id = 60385}
+
+SECTION AUTHORITY
+SECTION ADDITIONAL
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR AA REFUSED
+SECTION QUESTION
+ns.sub.example.com. IN AAAA
+ENTRY_END
+
+RANGE_END
+
+STEP 1 QUERY
+ENTRY_BEGIN
+REPLY RD DO
+SECTION QUESTION
+www.sub.example.com. IN A
+ENTRY_END
+
+; recursion happens here.
+; must servfail bogus
+STEP 10 CHECK_ANSWER
+ENTRY_BEGIN
+MATCH all
+REPLY QR RD RA DO SERVFAIL
+SECTION QUESTION
+www.sub.example.com. IN A
+SECTION ANSWER
+;www.sub.example.com. 	3600	IN	A	11.11.11.11
+;www.sub.example.com.    3600    IN      RRSIG   A 12 4 3600 20070926134150 20070829134150 60385 sub.example.com. KVDpNBH83UM8l1e9yAdXA1fV+wFJSJF4NtOnDLTtbpfyVbndNW3tvPc2YfLBxTEZeUCns2QrqcmIMdZ086frOQ== ;{id = 60385}
+SECTION AUTHORITY
+SECTION ADDITIONAL
+ENTRY_END
+
+SCENARIO_END
diff --git a/src/test/resources/unbound/val_ds_sha2.rpl b/src/test/resources/unbound/val_ds_sha2.rpl
new file mode 100644
index 000000000..4b9e97273
--- /dev/null
+++ b/src/test/resources/unbound/val_ds_sha2.rpl
@@ -0,0 +1,206 @@
+; config options
+; The island of trust is at example.com
+server:
+	trust-anchor: "example.com.    3600    IN      DS      2854 3 1 46e4ffc6e9a4793b488954bd3f0cc6af0dfb201b"
+	val-override-date: "20070916134226"
+	target-fetch-policy: "0 0 0 0 0"
+	qname-minimisation: "no"
+	fake-dsa: yes
+	fake-sha1: yes
+	val-min-rsa-size: 512
+	trust-anchor-signaling: no
+
+stub-zone:
+	name: "."
+	stub-addr: 193.0.14.129 	# K.ROOT-SERVERS.NET.
+CONFIG_END
+
+SCENARIO_BEGIN Test validator with SHA256 DS digest
+
+; K.ROOT-SERVERS.NET.
+RANGE_BEGIN 0 100
+	ADDRESS 193.0.14.129
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+. IN NS
+SECTION ANSWER
+. IN NS	K.ROOT-SERVERS.NET.
+SECTION ADDITIONAL
+K.ROOT-SERVERS.NET.	IN	A	193.0.14.129
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+www.sub.example.com. IN A
+SECTION AUTHORITY
+com.	IN NS	a.gtld-servers.net.
+SECTION ADDITIONAL
+a.gtld-servers.net.	IN 	A	192.5.6.30
+ENTRY_END
+RANGE_END
+
+; a.gtld-servers.net.
+RANGE_BEGIN 0 100
+	ADDRESS 192.5.6.30
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+com. IN NS
+SECTION ANSWER
+com.    IN NS   a.gtld-servers.net.
+SECTION ADDITIONAL
+a.gtld-servers.net.     IN      A       192.5.6.30
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+www.sub.example.com. IN A
+SECTION AUTHORITY
+example.com.	IN NS	ns.example.com.
+SECTION ADDITIONAL
+ns.example.com.		IN 	A	1.2.3.4
+ENTRY_END
+RANGE_END
+
+; ns.example.com.
+RANGE_BEGIN 0 100
+	ADDRESS 1.2.3.4
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+example.com. IN NS
+SECTION ANSWER
+example.com.    IN NS   ns.example.com.
+example.com.    3600    IN      RRSIG   NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854}
+SECTION ADDITIONAL
+ns.example.com.         IN      A       1.2.3.4
+ns.example.com. 3600    IN      RRSIG   A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854}
+ENTRY_END
+
+; response to DNSKEY priming query
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+example.com. IN DNSKEY
+SECTION ANSWER
+example.com.    3600    IN      DNSKEY  256 3 3 ALXLUsWqUrY3JYER3T4TBJII s70j+sDS/UT2QRp61SE7S3E EXopNXoFE73JLRmvpi/UrOO/Vz4Se 6wXv/CYCKjGw06U4WRgR YXcpEhJROyNapmdIKSx hOzfLVE1gqA0PweZR8d tY3aNQSRn3sPpwJr6Mi /PqQKAMMrZ9ckJpf1+b QMOOvxgzz2U1GS18b3y ZKcgTMEaJzd/GZYzi/B N2DzQ0MsrSwYXfsNLFO Bbs8PJMW4LYIxeeOe6rUgkWOF 7CC9Dh/dduQ1QrsJhmZAEFfd6ByYV+ ;{id = 2854 (zsk), size = 1688b}
+example.com. 3600    IN      RRSIG   DNSKEY DSA 2 3600 20070926134150 20070829134150 2854 example.com. MCwCFBQRtlR4BEv9ohi+PGFjp+AHsJuHAhRCvz0shggvnvI88DFnBDCczHUcVA== ;{id = 2854}
+SECTION AUTHORITY
+example.com.	IN NS	ns.example.com.
+example.com.    3600    IN      RRSIG   NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854}
+SECTION ADDITIONAL
+ns.example.com.		IN 	A	1.2.3.4
+ns.example.com. 3600    IN      RRSIG   A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854}
+ENTRY_END
+
+; response for delegation to sub.example.com.
+ENTRY_BEGIN
+MATCH opcode subdomain
+ADJUST copy_id copy_query
+REPLY QR NOERROR
+SECTION QUESTION
+sub.example.com. IN A
+SECTION ANSWER
+SECTION AUTHORITY
+sub.example.com. IN	NS ns.sub.example.com.
+
+; SHA256 DS for sub.example.com.
+sub.example.com.	3600	IN	DS	30899 5 2 51be8e847cc663f2775d0f2b6d15e41553c97ecb99b8dd667f18244e2f652033
+sub.example.com.	3600	IN	RRSIG	DS 3 3 3600 20070926135752 20070829135752 2854 example.com. AJ6FL7yKjrpEEO8WMKlG7TVZoGjgFblJeu0rkJCmJxfdeh6ysUlWQWs= ;{id = 2854}
+
+; SHA1 DS for sub.example.com.
+;sub.example.com.        3600    IN      DS      30899 RSASHA1 1 f7ed618f24d5e5202927e1d27bc2e84a141cb4b3
+SECTION ADDITIONAL
+ns.sub.example.com. IN A 1.2.3.6
+ENTRY_END
+
+RANGE_END
+
+; ns.sub.example.com.
+RANGE_BEGIN 0 100
+	ADDRESS 1.2.3.6
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+sub.example.com. IN NS
+SECTION ANSWER
+sub.example.com. IN	NS ns.sub.example.com.
+sub.example.com.        3600    IN      RRSIG   NS 5 3 3600 20070926134150 20070829134150 30899 sub.example.com. wcpHeBILHfo8C9uxMhcW03gcURZeUffiKdSTb50ZjzTHgMNhRyMfpcvSpXEd9548A9UTmWKeLZChfr5Z/glONw== ;{id = 30899}
+SECTION ADDITIONAL
+ns.sub.example.com. IN A 1.2.3.6
+ns.sub.example.com.     3600    IN      RRSIG   A 5 4 3600 20070926134150 20070829134150 30899 sub.example.com. UF7shD/gt1FOp2UHgLTNbPzVykklSXFMEtJ1xD+Hholwf/PIzd7zoaIttIYibNa4fUXCqMg22H9P7MRhfmFe6g== ;{id = 30899}
+ENTRY_END
+
+; response to DNSKEY priming query
+; sub.example.com.        3600    IN      DS      30899 RSASHA1 1 f7ed618f24d5e5202927e1d27bc2e84a141cb4b3
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+sub.example.com. IN DNSKEY
+SECTION ANSWER
+sub.example.com.        3600    IN      DNSKEY  256 3 5 AQPQ41chR9DEHt/aIzIFAqanbDlRflJoRs5yz1jFsoRIT7dWf0r+PeDuewdxkszNH6wnU4QL8pfKFRh5PIYVBLK3 ;{id = 30899 (zsk), size = 512b}
+sub.example.com.        3600    IN      RRSIG   DNSKEY 5 3 3600 20070926134150 20070829134150 30899 sub.example.com. uNGp99iznjD7oOX02XnQbDnbg75UwBHRvZSKYUorTKvPUnCWMHKdRsQ+mf+Fx3GZ+Fz9BVjoCmQqpnfgXLEYqw== ;{id = 30899}
+SECTION AUTHORITY
+sub.example.com. IN	NS ns.sub.example.com.
+sub.example.com.        3600    IN      RRSIG   NS 5 3 3600 20070926134150 20070829134150 30899 sub.example.com. wcpHeBILHfo8C9uxMhcW03gcURZeUffiKdSTb50ZjzTHgMNhRyMfpcvSpXEd9548A9UTmWKeLZChfr5Z/glONw== ;{id = 30899}
+SECTION ADDITIONAL
+ns.sub.example.com. IN A 1.2.3.6
+ns.sub.example.com.     3600    IN      RRSIG   A 5 4 3600 20070926134150 20070829134150 30899 sub.example.com. UF7shD/gt1FOp2UHgLTNbPzVykklSXFMEtJ1xD+Hholwf/PIzd7zoaIttIYibNa4fUXCqMg22H9P7MRhfmFe6g== ;{id = 30899}
+ENTRY_END
+
+; response to query of interest
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+www.sub.example.com. IN A
+SECTION ANSWER
+www.sub.example.com. IN A	11.11.11.11
+www.sub.example.com.    3600    IN      RRSIG   A 5 4 3600 20070926134150 20070829134150 30899 sub.example.com. 0DqqRfRtm7VSEQ4mmBbzrKRqQAay3JAE8DPDGmjtokrrjN9F1G/HxozDV7bjdIh2EChlQea8FPwf/GepJMUVxg== ;{id = 30899}
+SECTION AUTHORITY
+SECTION ADDITIONAL
+ENTRY_END
+RANGE_END
+
+STEP 1 QUERY
+ENTRY_BEGIN
+REPLY RD DO
+SECTION QUESTION
+www.sub.example.com. IN A
+ENTRY_END
+
+; recursion happens here.
+STEP 10 CHECK_ANSWER
+ENTRY_BEGIN
+MATCH all
+REPLY QR RD RA AD DO NOERROR
+SECTION QUESTION
+www.sub.example.com. IN A
+SECTION ANSWER
+www.sub.example.com. 	3600	IN	A	11.11.11.11
+www.sub.example.com.    3600    IN      RRSIG   A 5 4 3600 20070926134150 20070829134150 30899 sub.example.com. 0DqqRfRtm7VSEQ4mmBbzrKRqQAay3JAE8DPDGmjtokrrjN9F1G/HxozDV7bjdIh2EChlQea8FPwf/GepJMUVxg== ;{id = 30899}
+SECTION AUTHORITY
+SECTION ADDITIONAL
+ENTRY_END
+
+SCENARIO_END
diff --git a/src/test/resources/unbound/val_ds_sha2_downgrade.rpl b/src/test/resources/unbound/val_ds_sha2_downgrade.rpl
new file mode 100644
index 000000000..b15f39bc5
--- /dev/null
+++ b/src/test/resources/unbound/val_ds_sha2_downgrade.rpl
@@ -0,0 +1,229 @@
+; config options
+; The island of trust is at example.com
+server:
+	trust-anchor: "example.com.    3600    IN      DS      2854 3 1 46e4ffc6e9a4793b488954bd3f0cc6af0dfb201b"
+	val-override-date: "20070916134226"
+	target-fetch-policy: "0 0 0 0 0"
+	qname-minimisation: "no"
+	fake-dsa: yes
+	fake-sha1: yes
+	trust-anchor-signaling: no
+	harden-algo-downgrade: yes
+
+stub-zone:
+	name: "."
+	stub-addr: 193.0.14.129 	# K.ROOT-SERVERS.NET.
+CONFIG_END
+
+SCENARIO_BEGIN Test validator with SHA256 DS downgrade to SHA1
+
+; K.ROOT-SERVERS.NET.
+RANGE_BEGIN 0 100
+	ADDRESS 193.0.14.129 
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+. IN NS
+SECTION ANSWER
+. IN NS	K.ROOT-SERVERS.NET.
+SECTION ADDITIONAL
+K.ROOT-SERVERS.NET.	IN	A	193.0.14.129
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+www.sub.example.com. IN A
+SECTION AUTHORITY
+com.	IN NS	a.gtld-servers.net.
+SECTION ADDITIONAL
+a.gtld-servers.net.	IN 	A	192.5.6.30
+ENTRY_END
+RANGE_END
+
+; a.gtld-servers.net.
+RANGE_BEGIN 0 100
+	ADDRESS 192.5.6.30
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+com. IN NS
+SECTION ANSWER
+com.    IN NS   a.gtld-servers.net.
+SECTION ADDITIONAL
+a.gtld-servers.net.     IN      A       192.5.6.30
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+www.sub.example.com. IN A
+SECTION AUTHORITY
+example.com.	IN NS	ns.example.com.
+SECTION ADDITIONAL
+ns.example.com.		IN 	A	1.2.3.4
+ENTRY_END
+RANGE_END
+
+; ns.example.com.
+RANGE_BEGIN 0 100
+	ADDRESS 1.2.3.4
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+example.com. IN NS
+SECTION ANSWER
+example.com.    IN NS   ns.example.com.
+example.com.    3600    IN      RRSIG   NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854}
+SECTION ADDITIONAL
+ns.example.com.         IN      A       1.2.3.4
+ns.example.com. 3600    IN      RRSIG   A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854}
+ENTRY_END
+
+; response to DNSKEY priming query
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+example.com. IN DNSKEY
+SECTION ANSWER
+example.com.    3600    IN      DNSKEY  256 3 3 ALXLUsWqUrY3JYER3T4TBJII s70j+sDS/UT2QRp61SE7S3E EXopNXoFE73JLRmvpi/UrOO/Vz4Se 6wXv/CYCKjGw06U4WRgR YXcpEhJROyNapmdIKSx hOzfLVE1gqA0PweZR8d tY3aNQSRn3sPpwJr6Mi /PqQKAMMrZ9ckJpf1+b QMOOvxgzz2U1GS18b3y ZKcgTMEaJzd/GZYzi/B N2DzQ0MsrSwYXfsNLFO Bbs8PJMW4LYIxeeOe6rUgkWOF 7CC9Dh/dduQ1QrsJhmZAEFfd6ByYV+ ;{id = 2854 (zsk), size = 1688b}
+example.com. 3600    IN      RRSIG   DNSKEY DSA 2 3600 20070926134150 20070829134150 2854 example.com. MCwCFBQRtlR4BEv9ohi+PGFjp+AHsJuHAhRCvz0shggvnvI88DFnBDCczHUcVA== ;{id = 2854}
+SECTION AUTHORITY
+example.com.	IN NS	ns.example.com.
+example.com.    3600    IN      RRSIG   NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854}
+SECTION ADDITIONAL
+ns.example.com.		IN 	A	1.2.3.4
+ns.example.com. 3600    IN      RRSIG   A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854}
+ENTRY_END
+
+; response for delegation to sub.example.com.
+ENTRY_BEGIN
+MATCH opcode subdomain
+ADJUST copy_id copy_query
+REPLY QR NOERROR
+SECTION QUESTION
+sub.example.com. IN A
+SECTION ANSWER
+SECTION AUTHORITY
+sub.example.com. IN	NS ns.sub.example.com.
+
+; Downgrade attack: false SHA2, correct SHA1
+
+; SHA256 DS for sub.example.com.
+;sub.example.com.	3600	IN	DS	30899 5 2 51be8e847cc663f2775d0f2b6d15e41553c97ecb99b8dd667f18244e2f652033
+; BAD SHA256 DS
+sub.example.com.	3600	IN	DS	30899 5 2 51be8e847cc663f2775d0f2b6d15e41553c97ecb99b8dd667f18244e2f652000
+
+; SHA1 DS for sub.example.com.
+sub.example.com.        3600    IN      DS      30899 RSASHA1 1 f7ed618f24d5e5202927e1d27bc2e84a141cb4b3
+sub.example.com.	3600	IN	RRSIG	DS 3 3 3600 20070926135752 20070829135752 2854 example.com. ACqqpk1ow07XJvN1orEpiWOeqMLdDKQtTgWB8Mp6CF/9VTfHuWWmsu8= ;{id = 2854}
+
+SECTION ADDITIONAL
+ns.sub.example.com. IN A 1.2.3.6
+ENTRY_END
+
+RANGE_END
+
+; ns.sub.example.com.
+RANGE_BEGIN 0 100
+	ADDRESS 1.2.3.6
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+sub.example.com. IN NS
+SECTION ANSWER
+sub.example.com. IN	NS ns.sub.example.com.
+sub.example.com.        3600    IN      RRSIG   NS 5 3 3600 20070926134150 20070829134150 30899 sub.example.com. wcpHeBILHfo8C9uxMhcW03gcURZeUffiKdSTb50ZjzTHgMNhRyMfpcvSpXEd9548A9UTmWKeLZChfr5Z/glONw== ;{id = 30899}
+SECTION ADDITIONAL
+ns.sub.example.com. IN A 1.2.3.6
+ns.sub.example.com.     3600    IN      RRSIG   A 5 4 3600 20070926134150 20070829134150 30899 sub.example.com. UF7shD/gt1FOp2UHgLTNbPzVykklSXFMEtJ1xD+Hholwf/PIzd7zoaIttIYibNa4fUXCqMg22H9P7MRhfmFe6g== ;{id = 30899}
+ENTRY_END
+
+; response to DNSKEY priming query
+; sub.example.com.        3600    IN      DS      30899 RSASHA1 1 f7ed618f24d5e5202927e1d27bc2e84a141cb4b3
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+sub.example.com. IN DNSKEY
+SECTION ANSWER
+sub.example.com.        3600    IN      DNSKEY  256 3 5 AQPQ41chR9DEHt/aIzIFAqanbDlRflJoRs5yz1jFsoRIT7dWf0r+PeDuewdxkszNH6wnU4QL8pfKFRh5PIYVBLK3 ;{id = 30899 (zsk), size = 512b}
+sub.example.com.        3600    IN      RRSIG   DNSKEY 5 3 3600 20070926134150 20070829134150 30899 sub.example.com. uNGp99iznjD7oOX02XnQbDnbg75UwBHRvZSKYUorTKvPUnCWMHKdRsQ+mf+Fx3GZ+Fz9BVjoCmQqpnfgXLEYqw== ;{id = 30899}
+SECTION AUTHORITY
+sub.example.com. IN	NS ns.sub.example.com.
+sub.example.com.        3600    IN      RRSIG   NS 5 3 3600 20070926134150 20070829134150 30899 sub.example.com. wcpHeBILHfo8C9uxMhcW03gcURZeUffiKdSTb50ZjzTHgMNhRyMfpcvSpXEd9548A9UTmWKeLZChfr5Z/glONw== ;{id = 30899}
+SECTION ADDITIONAL
+ns.sub.example.com. IN A 1.2.3.6
+ns.sub.example.com.     3600    IN      RRSIG   A 5 4 3600 20070926134150 20070829134150 30899 sub.example.com. UF7shD/gt1FOp2UHgLTNbPzVykklSXFMEtJ1xD+Hholwf/PIzd7zoaIttIYibNa4fUXCqMg22H9P7MRhfmFe6g== ;{id = 30899}
+ENTRY_END
+
+; response to query of interest
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+www.sub.example.com. IN A
+SECTION ANSWER
+www.sub.example.com. IN A	11.11.11.11
+www.sub.example.com.    3600    IN      RRSIG   A 5 4 3600 20070926134150 20070829134150 30899 sub.example.com. 0DqqRfRtm7VSEQ4mmBbzrKRqQAay3JAE8DPDGmjtokrrjN9F1G/HxozDV7bjdIh2EChlQea8FPwf/GepJMUVxg== ;{id = 30899}
+SECTION AUTHORITY
+SECTION ADDITIONAL
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR AA REFUSED
+SECTION QUESTION
+ns.sub.example.com. IN A
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR AA REFUSED
+SECTION QUESTION
+ns.sub.example.com. IN AAAA
+ENTRY_END
+
+RANGE_END
+
+STEP 1 QUERY
+ENTRY_BEGIN
+REPLY RD DO
+SECTION QUESTION
+www.sub.example.com. IN A
+ENTRY_END
+
+; recursion happens here.
+; must servfail, BOGUS
+STEP 10 CHECK_ANSWER
+ENTRY_BEGIN
+MATCH all
+REPLY QR RD RA DO SERVFAIL
+SECTION QUESTION
+www.sub.example.com. IN A
+SECTION ANSWER
+;www.sub.example.com. 	3600	IN	A	11.11.11.11
+;www.sub.example.com.    3600    IN      RRSIG   A 5 4 3600 20070926134150 20070829134150 30899 sub.example.com. 0DqqRfRtm7VSEQ4mmBbzrKRqQAay3JAE8DPDGmjtokrrjN9F1G/HxozDV7bjdIh2EChlQea8FPwf/GepJMUVxg== ;{id = 30899}
+SECTION AUTHORITY
+SECTION ADDITIONAL
+ENTRY_END
+
+SCENARIO_END
diff --git a/src/test/resources/unbound/val_ds_sha2_downgrade_override.rpl b/src/test/resources/unbound/val_ds_sha2_downgrade_override.rpl
new file mode 100644
index 000000000..20b03de40
--- /dev/null
+++ b/src/test/resources/unbound/val_ds_sha2_downgrade_override.rpl
@@ -0,0 +1,227 @@
+; config options
+; The island of trust is at example.com
+server:
+	trust-anchor: "example.com.    3600    IN      DS      2854 3 1 46e4ffc6e9a4793b488954bd3f0cc6af0dfb201b"
+	val-override-date: "20070916134226"
+	target-fetch-policy: "0 0 0 0 0"
+	val-digest-preference: "1,2"
+	val-min-rsa-size: 512
+	fake-dsa: yes
+
+stub-zone:
+	name: "."
+	stub-addr: 193.0.14.129 	# K.ROOT-SERVERS.NET.
+CONFIG_END
+
+SCENARIO_BEGIN Test validator with SHA256 DS downgrade to SHA1
+
+; K.ROOT-SERVERS.NET.
+RANGE_BEGIN 0 100
+	ADDRESS 193.0.14.129
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+. IN NS
+SECTION ANSWER
+. IN NS	K.ROOT-SERVERS.NET.
+SECTION ADDITIONAL
+K.ROOT-SERVERS.NET.	IN	A	193.0.14.129
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+www.sub.example.com. IN A
+SECTION AUTHORITY
+com.	IN NS	a.gtld-servers.net.
+SECTION ADDITIONAL
+a.gtld-servers.net.	IN 	A	192.5.6.30
+ENTRY_END
+RANGE_END
+
+; a.gtld-servers.net.
+RANGE_BEGIN 0 100
+	ADDRESS 192.5.6.30
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+com. IN NS
+SECTION ANSWER
+com.    IN NS   a.gtld-servers.net.
+SECTION ADDITIONAL
+a.gtld-servers.net.     IN      A       192.5.6.30
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+www.sub.example.com. IN A
+SECTION AUTHORITY
+example.com.	IN NS	ns.example.com.
+SECTION ADDITIONAL
+ns.example.com.		IN 	A	1.2.3.4
+ENTRY_END
+RANGE_END
+
+; ns.example.com.
+RANGE_BEGIN 0 100
+	ADDRESS 1.2.3.4
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+example.com. IN NS
+SECTION ANSWER
+example.com.    IN NS   ns.example.com.
+example.com.    3600    IN      RRSIG   NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854}
+SECTION ADDITIONAL
+ns.example.com.         IN      A       1.2.3.4
+ns.example.com. 3600    IN      RRSIG   A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854}
+ENTRY_END
+
+; response to DNSKEY priming query
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+example.com. IN DNSKEY
+SECTION ANSWER
+example.com.    3600    IN      DNSKEY  256 3 3 ALXLUsWqUrY3JYER3T4TBJII s70j+sDS/UT2QRp61SE7S3E EXopNXoFE73JLRmvpi/UrOO/Vz4Se 6wXv/CYCKjGw06U4WRgR YXcpEhJROyNapmdIKSx hOzfLVE1gqA0PweZR8d tY3aNQSRn3sPpwJr6Mi /PqQKAMMrZ9ckJpf1+b QMOOvxgzz2U1GS18b3y ZKcgTMEaJzd/GZYzi/B N2DzQ0MsrSwYXfsNLFO Bbs8PJMW4LYIxeeOe6rUgkWOF 7CC9Dh/dduQ1QrsJhmZAEFfd6ByYV+ ;{id = 2854 (zsk), size = 1688b}
+example.com. 3600    IN      RRSIG   DNSKEY DSA 2 3600 20070926134150 20070829134150 2854 example.com. MCwCFBQRtlR4BEv9ohi+PGFjp+AHsJuHAhRCvz0shggvnvI88DFnBDCczHUcVA== ;{id = 2854}
+SECTION AUTHORITY
+example.com.	IN NS	ns.example.com.
+example.com.    3600    IN      RRSIG   NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854}
+SECTION ADDITIONAL
+ns.example.com.		IN 	A	1.2.3.4
+ns.example.com. 3600    IN      RRSIG   A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854}
+ENTRY_END
+
+; response for delegation to sub.example.com.
+ENTRY_BEGIN
+MATCH opcode subdomain
+ADJUST copy_id copy_query
+REPLY QR NOERROR
+SECTION QUESTION
+sub.example.com. IN A
+SECTION ANSWER
+SECTION AUTHORITY
+sub.example.com. IN	NS ns.sub.example.com.
+
+; Downgrade attack: false SHA2, correct SHA1
+
+; SHA256 DS for sub.example.com.
+;sub.example.com.	3600	IN	DS	30899 5 2 51be8e847cc663f2775d0f2b6d15e41553c97ecb99b8dd667f18244e2f652033
+; BAD SHA256 DS
+sub.example.com.	3600	IN	DS	30899 5 2 51be8e847cc663f2775d0f2b6d15e41553c97ecb99b8dd667f18244e2f652000
+
+; SHA1 DS for sub.example.com.
+sub.example.com.        3600    IN      DS      30899 RSASHA1 1 f7ed618f24d5e5202927e1d27bc2e84a141cb4b3
+sub.example.com.	3600	IN	RRSIG	DS 3 3 3600 20070926135752 20070829135752 2854 example.com. ACqqpk1ow07XJvN1orEpiWOeqMLdDKQtTgWB8Mp6CF/9VTfHuWWmsu8= ;{id = 2854}
+
+SECTION ADDITIONAL
+ns.sub.example.com. IN A 1.2.3.6
+ENTRY_END
+
+RANGE_END
+
+; ns.sub.example.com.
+RANGE_BEGIN 0 100
+	ADDRESS 1.2.3.6
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+sub.example.com. IN NS
+SECTION ANSWER
+sub.example.com. IN	NS ns.sub.example.com.
+sub.example.com.        3600    IN      RRSIG   NS 5 3 3600 20070926134150 20070829134150 30899 sub.example.com. wcpHeBILHfo8C9uxMhcW03gcURZeUffiKdSTb50ZjzTHgMNhRyMfpcvSpXEd9548A9UTmWKeLZChfr5Z/glONw== ;{id = 30899}
+SECTION ADDITIONAL
+ns.sub.example.com. IN A 1.2.3.6
+ns.sub.example.com.     3600    IN      RRSIG   A 5 4 3600 20070926134150 20070829134150 30899 sub.example.com. UF7shD/gt1FOp2UHgLTNbPzVykklSXFMEtJ1xD+Hholwf/PIzd7zoaIttIYibNa4fUXCqMg22H9P7MRhfmFe6g== ;{id = 30899}
+ENTRY_END
+
+; response to DNSKEY priming query
+; sub.example.com.        3600    IN      DS      30899 RSASHA1 1 f7ed618f24d5e5202927e1d27bc2e84a141cb4b3
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+sub.example.com. IN DNSKEY
+SECTION ANSWER
+sub.example.com.        3600    IN      DNSKEY  256 3 5 AQPQ41chR9DEHt/aIzIFAqanbDlRflJoRs5yz1jFsoRIT7dWf0r+PeDuewdxkszNH6wnU4QL8pfKFRh5PIYVBLK3 ;{id = 30899 (zsk), size = 512b}
+sub.example.com.        3600    IN      RRSIG   DNSKEY 5 3 3600 20070926134150 20070829134150 30899 sub.example.com. uNGp99iznjD7oOX02XnQbDnbg75UwBHRvZSKYUorTKvPUnCWMHKdRsQ+mf+Fx3GZ+Fz9BVjoCmQqpnfgXLEYqw== ;{id = 30899}
+SECTION AUTHORITY
+sub.example.com. IN	NS ns.sub.example.com.
+sub.example.com.        3600    IN      RRSIG   NS 5 3 3600 20070926134150 20070829134150 30899 sub.example.com. wcpHeBILHfo8C9uxMhcW03gcURZeUffiKdSTb50ZjzTHgMNhRyMfpcvSpXEd9548A9UTmWKeLZChfr5Z/glONw== ;{id = 30899}
+SECTION ADDITIONAL
+ns.sub.example.com. IN A 1.2.3.6
+ns.sub.example.com.     3600    IN      RRSIG   A 5 4 3600 20070926134150 20070829134150 30899 sub.example.com. UF7shD/gt1FOp2UHgLTNbPzVykklSXFMEtJ1xD+Hholwf/PIzd7zoaIttIYibNa4fUXCqMg22H9P7MRhfmFe6g== ;{id = 30899}
+ENTRY_END
+
+; response to query of interest
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+www.sub.example.com. IN A
+SECTION ANSWER
+www.sub.example.com. IN A	11.11.11.11
+www.sub.example.com.    3600    IN      RRSIG   A 5 4 3600 20070926134150 20070829134150 30899 sub.example.com. 0DqqRfRtm7VSEQ4mmBbzrKRqQAay3JAE8DPDGmjtokrrjN9F1G/HxozDV7bjdIh2EChlQea8FPwf/GepJMUVxg== ;{id = 30899}
+SECTION AUTHORITY
+SECTION ADDITIONAL
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR AA REFUSED
+SECTION QUESTION
+ns.sub.example.com. IN A
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR AA REFUSED
+SECTION QUESTION
+ns.sub.example.com. IN AAAA
+ENTRY_END
+
+RANGE_END
+
+STEP 1 QUERY
+ENTRY_BEGIN
+REPLY RD DO
+SECTION QUESTION
+www.sub.example.com. IN A
+ENTRY_END
+
+; recursion happens here.
+; must NOT servfail, despite the BOGUS SHA2 as the digest order is overriden
+STEP 10 CHECK_ANSWER
+ENTRY_BEGIN
+MATCH all
+REPLY QR RD RA AD NOERROR
+SECTION QUESTION
+www.sub.example.com. IN A
+SECTION ANSWER
+www.sub.example.com. 	3600	IN	A	11.11.11.11
+www.sub.example.com.    3600    IN      RRSIG   A 5 4 3600 20070926134150 20070829134150 30899 sub.example.com. 0DqqRfRtm7VSEQ4mmBbzrKRqQAay3JAE8DPDGmjtokrrjN9F1G/HxozDV7bjdIh2EChlQea8FPwf/GepJMUVxg== ;{id = 30899}
+SECTION AUTHORITY
+SECTION ADDITIONAL
+ENTRY_END
+
+SCENARIO_END
diff --git a/src/test/resources/unbound/val_ds_sha2_lenient.rpl b/src/test/resources/unbound/val_ds_sha2_lenient.rpl
new file mode 100644
index 000000000..a6315737c
--- /dev/null
+++ b/src/test/resources/unbound/val_ds_sha2_lenient.rpl
@@ -0,0 +1,230 @@
+; config options
+; The island of trust is at example.com
+server:
+	trust-anchor: "example.com.    3600    IN      DS      2854 3 1 46e4ffc6e9a4793b488954bd3f0cc6af0dfb201b"
+	val-override-date: "20070916134226"
+	target-fetch-policy: "0 0 0 0 0"
+	qname-minimisation: "no"
+	fake-dsa: yes
+	fake-sha1: yes
+	val-min-rsa-size: 512
+	trust-anchor-signaling: no
+	harden-algo-downgrade: no
+
+stub-zone:
+	name: "."
+	stub-addr: 193.0.14.129 	# K.ROOT-SERVERS.NET.
+CONFIG_END
+
+SCENARIO_BEGIN Test validator with SHA256 DS downgrade to SHA1 lenience
+
+; K.ROOT-SERVERS.NET.
+RANGE_BEGIN 0 100
+	ADDRESS 193.0.14.129
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+. IN NS
+SECTION ANSWER
+. IN NS	K.ROOT-SERVERS.NET.
+SECTION ADDITIONAL
+K.ROOT-SERVERS.NET.	IN	A	193.0.14.129
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+www.sub.example.com. IN A
+SECTION AUTHORITY
+com.	IN NS	a.gtld-servers.net.
+SECTION ADDITIONAL
+a.gtld-servers.net.	IN 	A	192.5.6.30
+ENTRY_END
+RANGE_END
+
+; a.gtld-servers.net.
+RANGE_BEGIN 0 100
+	ADDRESS 192.5.6.30
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+com. IN NS
+SECTION ANSWER
+com.    IN NS   a.gtld-servers.net.
+SECTION ADDITIONAL
+a.gtld-servers.net.     IN      A       192.5.6.30
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+www.sub.example.com. IN A
+SECTION AUTHORITY
+example.com.	IN NS	ns.example.com.
+SECTION ADDITIONAL
+ns.example.com.		IN 	A	1.2.3.4
+ENTRY_END
+RANGE_END
+
+; ns.example.com.
+RANGE_BEGIN 0 100
+	ADDRESS 1.2.3.4
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+example.com. IN NS
+SECTION ANSWER
+example.com.    IN NS   ns.example.com.
+example.com.    3600    IN      RRSIG   NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854}
+SECTION ADDITIONAL
+ns.example.com.         IN      A       1.2.3.4
+ns.example.com. 3600    IN      RRSIG   A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854}
+ENTRY_END
+
+; response to DNSKEY priming query
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+example.com. IN DNSKEY
+SECTION ANSWER
+example.com.    3600    IN      DNSKEY  256 3 3 ALXLUsWqUrY3JYER3T4TBJII s70j+sDS/UT2QRp61SE7S3E EXopNXoFE73JLRmvpi/UrOO/Vz4Se 6wXv/CYCKjGw06U4WRgR YXcpEhJROyNapmdIKSx hOzfLVE1gqA0PweZR8d tY3aNQSRn3sPpwJr6Mi /PqQKAMMrZ9ckJpf1+b QMOOvxgzz2U1GS18b3y ZKcgTMEaJzd/GZYzi/B N2DzQ0MsrSwYXfsNLFO Bbs8PJMW4LYIxeeOe6rUgkWOF 7CC9Dh/dduQ1QrsJhmZAEFfd6ByYV+ ;{id = 2854 (zsk), size = 1688b}
+example.com. 3600    IN      RRSIG   DNSKEY DSA 2 3600 20070926134150 20070829134150 2854 example.com. MCwCFBQRtlR4BEv9ohi+PGFjp+AHsJuHAhRCvz0shggvnvI88DFnBDCczHUcVA== ;{id = 2854}
+SECTION AUTHORITY
+example.com.	IN NS	ns.example.com.
+example.com.    3600    IN      RRSIG   NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854}
+SECTION ADDITIONAL
+ns.example.com.		IN 	A	1.2.3.4
+ns.example.com. 3600    IN      RRSIG   A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854}
+ENTRY_END
+
+; response for delegation to sub.example.com.
+ENTRY_BEGIN
+MATCH opcode subdomain
+ADJUST copy_id copy_query
+REPLY QR NOERROR
+SECTION QUESTION
+sub.example.com. IN A
+SECTION ANSWER
+SECTION AUTHORITY
+sub.example.com. IN	NS ns.sub.example.com.
+
+; Downgrade attack: false SHA2, correct SHA1
+
+; SHA256 DS for sub.example.com.
+;sub.example.com.	3600	IN	DS	30899 5 2 51be8e847cc663f2775d0f2b6d15e41553c97ecb99b8dd667f18244e2f652033
+; BAD SHA256 DS
+sub.example.com.	3600	IN	DS	30899 5 2 51be8e847cc663f2775d0f2b6d15e41553c97ecb99b8dd667f18244e2f652000
+
+; SHA1 DS for sub.example.com.
+sub.example.com.        3600    IN      DS      30899 RSASHA1 1 f7ed618f24d5e5202927e1d27bc2e84a141cb4b3
+sub.example.com.	3600	IN	RRSIG	DS 3 3 3600 20070926135752 20070829135752 2854 example.com. ACqqpk1ow07XJvN1orEpiWOeqMLdDKQtTgWB8Mp6CF/9VTfHuWWmsu8= ;{id = 2854}
+
+SECTION ADDITIONAL
+ns.sub.example.com. IN A 1.2.3.6
+ENTRY_END
+
+RANGE_END
+
+; ns.sub.example.com.
+RANGE_BEGIN 0 100
+	ADDRESS 1.2.3.6
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+sub.example.com. IN NS
+SECTION ANSWER
+sub.example.com. IN	NS ns.sub.example.com.
+sub.example.com.        3600    IN      RRSIG   NS 5 3 3600 20070926134150 20070829134150 30899 sub.example.com. wcpHeBILHfo8C9uxMhcW03gcURZeUffiKdSTb50ZjzTHgMNhRyMfpcvSpXEd9548A9UTmWKeLZChfr5Z/glONw== ;{id = 30899}
+SECTION ADDITIONAL
+ns.sub.example.com. IN A 1.2.3.6
+ns.sub.example.com.     3600    IN      RRSIG   A 5 4 3600 20070926134150 20070829134150 30899 sub.example.com. UF7shD/gt1FOp2UHgLTNbPzVykklSXFMEtJ1xD+Hholwf/PIzd7zoaIttIYibNa4fUXCqMg22H9P7MRhfmFe6g== ;{id = 30899}
+ENTRY_END
+
+; response to DNSKEY priming query
+; sub.example.com.        3600    IN      DS      30899 RSASHA1 1 f7ed618f24d5e5202927e1d27bc2e84a141cb4b3
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+sub.example.com. IN DNSKEY
+SECTION ANSWER
+sub.example.com.        3600    IN      DNSKEY  256 3 5 AQPQ41chR9DEHt/aIzIFAqanbDlRflJoRs5yz1jFsoRIT7dWf0r+PeDuewdxkszNH6wnU4QL8pfKFRh5PIYVBLK3 ;{id = 30899 (zsk), size = 512b}
+sub.example.com.        3600    IN      RRSIG   DNSKEY 5 3 3600 20070926134150 20070829134150 30899 sub.example.com. uNGp99iznjD7oOX02XnQbDnbg75UwBHRvZSKYUorTKvPUnCWMHKdRsQ+mf+Fx3GZ+Fz9BVjoCmQqpnfgXLEYqw== ;{id = 30899}
+SECTION AUTHORITY
+sub.example.com. IN	NS ns.sub.example.com.
+sub.example.com.        3600    IN      RRSIG   NS 5 3 3600 20070926134150 20070829134150 30899 sub.example.com. wcpHeBILHfo8C9uxMhcW03gcURZeUffiKdSTb50ZjzTHgMNhRyMfpcvSpXEd9548A9UTmWKeLZChfr5Z/glONw== ;{id = 30899}
+SECTION ADDITIONAL
+ns.sub.example.com. IN A 1.2.3.6
+ns.sub.example.com.     3600    IN      RRSIG   A 5 4 3600 20070926134150 20070829134150 30899 sub.example.com. UF7shD/gt1FOp2UHgLTNbPzVykklSXFMEtJ1xD+Hholwf/PIzd7zoaIttIYibNa4fUXCqMg22H9P7MRhfmFe6g== ;{id = 30899}
+ENTRY_END
+
+; response to query of interest
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+www.sub.example.com. IN A
+SECTION ANSWER
+www.sub.example.com. IN A	11.11.11.11
+www.sub.example.com.    3600    IN      RRSIG   A 5 4 3600 20070926134150 20070829134150 30899 sub.example.com. 0DqqRfRtm7VSEQ4mmBbzrKRqQAay3JAE8DPDGmjtokrrjN9F1G/HxozDV7bjdIh2EChlQea8FPwf/GepJMUVxg== ;{id = 30899}
+SECTION AUTHORITY
+SECTION ADDITIONAL
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR AA REFUSED
+SECTION QUESTION
+ns.sub.example.com. IN A
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR AA REFUSED
+SECTION QUESTION
+ns.sub.example.com. IN AAAA
+ENTRY_END
+
+RANGE_END
+
+STEP 1 QUERY
+ENTRY_BEGIN
+REPLY RD DO
+SECTION QUESTION
+www.sub.example.com. IN A
+ENTRY_END
+
+; recursion happens here.
+; must servfail, BOGUS
+STEP 10 CHECK_ANSWER
+ENTRY_BEGIN
+MATCH all
+REPLY QR RD RA AD DO NOERROR
+SECTION QUESTION
+www.sub.example.com. IN A
+SECTION ANSWER
+www.sub.example.com. 	3600	IN	A	11.11.11.11
+www.sub.example.com.    3600    IN      RRSIG   A 5 4 3600 20070926134150 20070829134150 30899 sub.example.com. 0DqqRfRtm7VSEQ4mmBbzrKRqQAay3JAE8DPDGmjtokrrjN9F1G/HxozDV7bjdIh2EChlQea8FPwf/GepJMUVxg== ;{id = 30899}
+SECTION AUTHORITY
+SECTION ADDITIONAL
+ENTRY_END
+
+SCENARIO_END
diff --git a/src/test/resources/unbound/val_dsnsec.rpl b/src/test/resources/unbound/val_dsnsec.rpl
new file mode 100644
index 000000000..07dd40340
--- /dev/null
+++ b/src/test/resources/unbound/val_dsnsec.rpl
@@ -0,0 +1,287 @@
+; config options
+; The island of trust is at example.com
+server:
+	trust-anchor: "example.com.    3600    IN      DS      2854 3 1 46e4ffc6e9a4793b488954bd3f0cc6af0dfb201b"
+	val-override-date: "20070916134226"
+	target-fetch-policy: "0 0 0 0 0"
+	fake-sha1: yes
+	trust-anchor-signaling: no
+
+stub-zone:
+	name: "."
+	stub-addr: 193.0.14.129 	# K.ROOT-SERVERS.NET.
+CONFIG_END
+
+SCENARIO_BEGIN Test pickup of DS NSEC from the cache.
+; make sure unbound does not pick up the wrong nsec.
+
+; K.ROOT-SERVERS.NET.
+RANGE_BEGIN 0 100
+	ADDRESS 193.0.14.129 
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+. IN NS
+SECTION ANSWER
+. IN NS	K.ROOT-SERVERS.NET.
+SECTION ADDITIONAL
+K.ROOT-SERVERS.NET.	IN	A	193.0.14.129
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode subdomain
+ADJUST copy_id copy_query
+REPLY QR NOERROR
+SECTION QUESTION
+com. IN A
+SECTION AUTHORITY
+com.	IN NS	a.gtld-servers.net.
+SECTION ADDITIONAL
+a.gtld-servers.net.	IN 	A	192.5.6.30
+ENTRY_END
+RANGE_END
+
+; a.gtld-servers.net.
+RANGE_BEGIN 0 100
+	ADDRESS 192.5.6.30
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+com. IN NS
+SECTION ANSWER
+com.    IN NS   a.gtld-servers.net.
+SECTION ADDITIONAL
+a.gtld-servers.net.     IN      A       192.5.6.30
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode subdomain
+ADJUST copy_id copy_query
+REPLY QR NOERROR
+SECTION QUESTION
+example.com. IN A
+SECTION AUTHORITY
+example.com.	IN NS	ns.example.com.
+SECTION ADDITIONAL
+ns.example.com.		IN 	A	1.2.3.4
+ENTRY_END
+RANGE_END
+
+; ns.example.com.
+RANGE_BEGIN 0 100
+	ADDRESS 1.2.3.4
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+example.com. IN NS
+SECTION ANSWER
+example.com.    IN NS   ns.example.com.
+example.com.    3600    IN      RRSIG   NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854}
+SECTION ADDITIONAL
+ns.example.com.         IN      A       1.2.3.4
+ns.example.com. 3600    IN      RRSIG   A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854}
+ENTRY_END
+
+; barely valid nodata for AAAA
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+ns.example.com. IN AAAA
+SECTION ANSWER
+SECTION AUTHORITY
+example.com.    IN NS   ns.example.com.
+example.com.    3600    IN      RRSIG   NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854}
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+ns.example.com. IN A
+SECTION ANSWER
+ns.example.com.         IN      A       1.2.3.4
+ns.example.com. 3600    IN      RRSIG   A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854}
+SECTION AUTHORITY
+example.com.    IN NS   ns.example.com.
+example.com.    3600    IN      RRSIG   NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854}
+ENTRY_END
+
+; response to DNSKEY priming query
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+example.com. IN DNSKEY
+SECTION ANSWER
+example.com.    3600    IN      DNSKEY  256 3 3 ALXLUsWqUrY3JYER3T4TBJII s70j+sDS/UT2QRp61SE7S3E EXopNXoFE73JLRmvpi/UrOO/Vz4Se 6wXv/CYCKjGw06U4WRgR YXcpEhJROyNapmdIKSx hOzfLVE1gqA0PweZR8d tY3aNQSRn3sPpwJr6Mi /PqQKAMMrZ9ckJpf1+b QMOOvxgzz2U1GS18b3y ZKcgTMEaJzd/GZYzi/B N2DzQ0MsrSwYXfsNLFO Bbs8PJMW4LYIxeeOe6rUgkWOF 7CC9Dh/dduQ1QrsJhmZAEFfd6ByYV+ ;{id = 2854 (zsk), size = 1688b}
+example.com. 3600    IN      RRSIG   DNSKEY DSA 2 3600 20070926134150 20070829134150 2854 example.com. MCwCFBQRtlR4BEv9ohi+PGFjp+AHsJuHAhRCvz0shggvnvI88DFnBDCczHUcVA== ;{id = 2854}
+SECTION AUTHORITY
+example.com.	IN NS	ns.example.com.
+example.com.    3600    IN      RRSIG   NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854}
+SECTION ADDITIONAL
+ns.example.com.		IN 	A	1.2.3.4
+ns.example.com. 3600    IN      RRSIG   A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854}
+ENTRY_END
+
+; response for   tub.example.com
+ENTRY_BEGIN
+MATCH opcode subdomain
+ADJUST copy_id copy_query
+REPLY QR NXDOMAIN
+SECTION QUESTION
+tub.example.com. IN DNSKEY
+SECTION ANSWER
+SECTION AUTHORITY
+; SOA record
+example.com IN SOA ns.iana.org. NSTLD.iana.org. 2009061200 1800 900 604800 86400
+example.com.	3600	IN	RRSIG	SOA 3 2 3600 20070926134150 20070829134150 2854 example.com. AAvpEruGS0UJzMoO6ou/+y8ZyHjjrFC6HKDWU8a61Ru9qtl4R66fC1c= ;{id = 2854}
+; qname denial
+sub.example.com. IN	NSEC wub.example.com. NS DS RRSIG NSEC
+sub.example.com.	3600	IN	RRSIG	NSEC 3 3 3600 20070926134150 20070829134150 2854 example.com. AA4+SSCI8kQZ2/iGj+9rxpNZyaIJNNRZ4eM0fEw2D5fVR/+WLUZ9GdE= ;{id = 2854}
+; wildcard denial
+example.com. IN NSEC blub.example.com. NS SOA RRSIG NSEC DNSKEY
+example.com.	3600	IN	RRSIG	NSEC 3 2 3600 20070926134150 20070829134150 2854 example.com. AARheDFiRjrnKHzsPloUJ0FC+8aAM6H49Lnm2AJrgxE9RlBlH2E4sRo= ;{id = 2854}
+SECTION ADDITIONAL
+ENTRY_END
+
+; DS query for sub.example.com
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+sub.example.com. IN DS
+SECTION ANSWER
+sub.example.com.        3600    IN      DS      30899 RSASHA1 1 f7ed618f24d5e5202927e1d27bc2e84a141cb4b3
+sub.example.com.        3600    IN      RRSIG   DS 3 3 3600 20070926134150 20070829134150 2854 example.com. MCwCFCW3ix0GD4BSvNLWIbROCJt5DAW9AhRt/kg9kBKJ20UBUdumrBUHqnskdA== ;{id = 2854}
+SECTION AUTHORITY
+SECTION ADDITIONAL
+ENTRY_END
+
+; response for delegation to sub.example.com.
+ENTRY_BEGIN
+MATCH opcode subdomain
+ADJUST copy_id copy_query
+REPLY QR NOERROR
+SECTION QUESTION
+sub.example.com. IN DNSKEY
+SECTION ANSWER
+SECTION AUTHORITY
+sub.example.com. IN	NS ns.sub.example.com.
+;sub.example.com.        3600    IN      DS      30899 RSASHA1 1 f7ed618f24d5e5202927e1d27bc2e84a141cb4b3
+;sub.example.com.        3600    IN      RRSIG   DS 3 3 3600 20070926134150 20070829134150 2854 example.com. MCwCFCW3ix0GD4BSvNLWIbROCJt5DAW9AhRt/kg9kBKJ20UBUdumrBUHqnskdA== ;{id = 2854}
+SECTION ADDITIONAL
+ns.sub.example.com. IN A 1.2.3.6
+ENTRY_END
+RANGE_END
+
+; ns.sub.example.com.
+RANGE_BEGIN 0 100
+	ADDRESS 1.2.3.6
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+sub.example.com. IN NS
+SECTION ANSWER
+sub.example.com. IN	NS ns.sub.example.com.
+sub.example.com.        3600    IN      RRSIG   NS 5 3 3600 20070926134150 20070829134150 30899 sub.example.com. wcpHeBILHfo8C9uxMhcW03gcURZeUffiKdSTb50ZjzTHgMNhRyMfpcvSpXEd9548A9UTmWKeLZChfr5Z/glONw== ;{id = 30899}
+SECTION ADDITIONAL
+ns.sub.example.com. IN A 1.2.3.6
+ns.sub.example.com.     3600    IN      RRSIG   A 5 4 3600 20070926134150 20070829134150 30899 sub.example.com. UF7shD/gt1FOp2UHgLTNbPzVykklSXFMEtJ1xD+Hholwf/PIzd7zoaIttIYibNa4fUXCqMg22H9P7MRhfmFe6g== ;{id = 30899}
+ENTRY_END
+
+; response to DNSKEY priming query
+; sub.example.com.        3600    IN      DS      30899 RSASHA1 1 f7ed618f24d5e5202927e1d27bc2e84a141cb4b3
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+sub.example.com. IN DNSKEY
+SECTION ANSWER
+sub.example.com.        3600    IN      DNSKEY  256 3 5 AQPQ41chR9DEHt/aIzIFAqanbDlRflJoRs5yz1jFsoRIT7dWf0r+PeDuewdxkszNH6wnU4QL8pfKFRh5PIYVBLK3 ;{id = 30899 (zsk), size = 512b}
+sub.example.com.        3600    IN      RRSIG   DNSKEY 5 3 3600 20070926134150 20070829134150 30899 sub.example.com. uNGp99iznjD7oOX02XnQbDnbg75UwBHRvZSKYUorTKvPUnCWMHKdRsQ+mf+Fx3GZ+Fz9BVjoCmQqpnfgXLEYqw== ;{id = 30899}
+SECTION AUTHORITY
+sub.example.com. IN	NS ns.sub.example.com.
+sub.example.com.        3600    IN      RRSIG   NS 5 3 3600 20070926134150 20070829134150 30899 sub.example.com. wcpHeBILHfo8C9uxMhcW03gcURZeUffiKdSTb50ZjzTHgMNhRyMfpcvSpXEd9548A9UTmWKeLZChfr5Z/glONw== ;{id = 30899}
+SECTION ADDITIONAL
+ns.sub.example.com. IN A 1.2.3.6
+ns.sub.example.com.     3600    IN      RRSIG   A 5 4 3600 20070926134150 20070829134150 30899 sub.example.com. UF7shD/gt1FOp2UHgLTNbPzVykklSXFMEtJ1xD+Hholwf/PIzd7zoaIttIYibNa4fUXCqMg22H9P7MRhfmFe6g== ;{id = 30899}
+ENTRY_END
+
+; response to query of interest
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+www.sub.example.com. IN A
+SECTION ANSWER
+www.sub.example.com. IN A	11.11.11.11
+www.sub.example.com.    3600    IN      RRSIG   A 5 4 3600 20070926134150 20070829134150 30899 sub.example.com. 0DqqRfRtm7VSEQ4mmBbzrKRqQAay3JAE8DPDGmjtokrrjN9F1G/HxozDV7bjdIh2EChlQea8FPwf/GepJMUVxg== ;{id = 30899}
+SECTION AUTHORITY
+SECTION ADDITIONAL
+ENTRY_END
+RANGE_END
+
+; query for a domain next to it, so the wrong NSEC gets in the cache.
+STEP 1 QUERY
+ENTRY_BEGIN
+REPLY RD DO
+SECTION QUESTION
+www.tub.example.com. IN A
+ENTRY_END
+
+; recursion happens here.
+STEP 10 CHECK_ANSWER
+ENTRY_BEGIN
+MATCH all
+REPLY QR RD RA AD DO NXDOMAIN
+SECTION QUESTION
+www.tub.example.com. IN A
+SECTION ANSWER
+SECTION AUTHORITY
+example.com.    3600    IN      SOA     ns.iana.org. NSTLD.iana.org. 2009061200 1800 900 604800 86400
+example.com.    3600    IN      RRSIG   SOA 3 2 3600 20070926134150 20070829134150 2854 example.com. AAvpEruGS0UJzMoO6ou/+y8ZyHjjrFC6HKDWU8a61Ru9qtl4R66fC1c= ;{id = 2854}
+sub.example.com.        3600    IN      NSEC    wub.example.com. NS DS RRSIG NSEC 
+sub.example.com.        3600    IN      RRSIG   NSEC 3 3 3600 20070926134150 20070829134150 2854 example.com. AA4+SSCI8kQZ2/iGj+9rxpNZyaIJNNRZ4eM0fEw2D5fVR/+WLUZ9GdE= ;{id = 2854}
+example.com.    3600    IN      NSEC    blub.example.com. NS SOA RRSIG NSEC DNSKEY 
+example.com.    3600    IN      RRSIG   NSEC 3 2 3600 20070926134150 20070829134150 2854 example.com. AARheDFiRjrnKHzsPloUJ0FC+8aAM6H49Lnm2AJrgxE9RlBlH2E4sRo= ;{id = 2854}
+SECTION ADDITIONAL
+ENTRY_END
+
+; query of interest.
+STEP 30 QUERY
+ENTRY_BEGIN
+REPLY RD DO
+SECTION QUESTION
+www.sub.example.com. IN A
+ENTRY_END
+
+STEP 40 CHECK_ANSWER
+ENTRY_BEGIN
+MATCH all
+REPLY QR RD RA AD DO NOERROR
+SECTION QUESTION
+www.sub.example.com. IN A
+SECTION ANSWER
+www.sub.example.com. 	3600	IN	A	11.11.11.11
+www.sub.example.com.    3600    IN      RRSIG   A 5 4 3600 20070926134150 20070829134150 30899 sub.example.com. 0DqqRfRtm7VSEQ4mmBbzrKRqQAay3JAE8DPDGmjtokrrjN9F1G/HxozDV7bjdIh2EChlQea8FPwf/GepJMUVxg== ;{id = 30899}
+SECTION AUTHORITY
+SECTION ADDITIONAL
+ENTRY_END
+
+
+SCENARIO_END
diff --git a/src/test/resources/unbound/val_entds.rpl b/src/test/resources/unbound/val_entds.rpl
new file mode 100644
index 000000000..1adf4051b
--- /dev/null
+++ b/src/test/resources/unbound/val_entds.rpl
@@ -0,0 +1,279 @@
+; config options
+; The island of trust is at example.com
+server:
+	trust-anchor: "example.com.    3600    IN      DS      2854 3 1 46e4ffc6e9a4793b488954bd3f0cc6af0dfb201b"
+	val-override-date: "20070916134226"
+	target-fetch-policy: "0 0 0 0 0"
+	qname-minimisation: "no"
+	val-min-rsa-size: 512
+	fake-sha1: yes
+
+stub-zone:
+	name: "."
+	stub-addr: 193.0.14.129 	# K.ROOT-SERVERS.NET.
+CONFIG_END
+
+SCENARIO_BEGIN Test validator with lots of ENTs in the chain of trust
+; query is for a.1.2.b.3.4.c.5.6.example.com.
+; labels 1-6 are empty nonterminals.
+; there are DNSKEYs at labels b, c, example.com.
+; and DSes at b and c.
+
+; K.ROOT-SERVERS.NET.
+RANGE_BEGIN 0 100
+	ADDRESS 193.0.14.129
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+. IN NS
+SECTION ANSWER
+. IN NS	K.ROOT-SERVERS.NET.
+SECTION ADDITIONAL
+K.ROOT-SERVERS.NET.	IN	A	193.0.14.129
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode qtype
+ADJUST copy_id copy_query
+REPLY QR NOERROR
+SECTION QUESTION
+www.sub.example.com. IN A
+SECTION AUTHORITY
+com.	IN NS	a.gtld-servers.net.
+SECTION ADDITIONAL
+a.gtld-servers.net.	IN 	A	192.5.6.30
+ENTRY_END
+RANGE_END
+
+; a.gtld-servers.net.
+RANGE_BEGIN 0 100
+	ADDRESS 192.5.6.30
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+com. IN NS
+SECTION ANSWER
+com.    IN NS   a.gtld-servers.net.
+SECTION ADDITIONAL
+a.gtld-servers.net.     IN      A       192.5.6.30
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode qtype
+ADJUST copy_id copy_query
+REPLY QR NOERROR
+SECTION QUESTION
+www.sub.example.com. IN A
+SECTION AUTHORITY
+example.com.	IN NS	ns.example.com.
+SECTION ADDITIONAL
+ns.example.com.		IN 	A	1.2.3.4
+ENTRY_END
+RANGE_END
+
+; ns.example.com.
+RANGE_BEGIN 0 100
+	ADDRESS 1.2.3.4
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+example.com. IN NS
+SECTION ANSWER
+example.com.    IN NS   ns.example.com.
+example.com.    3600    IN      RRSIG   NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854}
+SECTION ADDITIONAL
+ns.example.com.         IN      A       1.2.3.4
+ns.example.com. 3600    IN      RRSIG   A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854}
+ENTRY_END
+
+; response to DNSKEY priming query
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY AA QR NOERROR
+SECTION QUESTION
+example.com. IN DNSKEY
+SECTION ANSWER
+example.com.    3600    IN      DNSKEY  256 3 3 ALXLUsWqUrY3JYER3T4TBJII s70j+sDS/UT2QRp61SE7S3E EXopNXoFE73JLRmvpi/UrOO/Vz4Se 6wXv/CYCKjGw06U4WRgR YXcpEhJROyNapmdIKSx hOzfLVE1gqA0PweZR8d tY3aNQSRn3sPpwJr6Mi /PqQKAMMrZ9ckJpf1+b QMOOvxgzz2U1GS18b3y ZKcgTMEaJzd/GZYzi/B N2DzQ0MsrSwYXfsNLFO Bbs8PJMW4LYIxeeOe6rUgkWOF 7CC9Dh/dduQ1QrsJhmZAEFfd6ByYV+ ;{id = 2854 (zsk), size = 1688b}
+example.com. 3600    IN      RRSIG   DNSKEY DSA 2 3600 20070926134150 20070829134150 2854 example.com. MCwCFBQRtlR4BEv9ohi+PGFjp+AHsJuHAhRCvz0shggvnvI88DFnBDCczHUcVA== ;{id = 2854}
+SECTION AUTHORITY
+example.com.	IN NS	ns.example.com.
+example.com.    3600    IN      RRSIG   NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854}
+SECTION ADDITIONAL
+ns.example.com.		IN 	A	1.2.3.4
+ns.example.com. 3600    IN      RRSIG   A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854}
+ENTRY_END
+
+; response for ENT DS queries.
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY AA QR NOERROR
+SECTION QUESTION
+6.example.com. IN DS
+SECTION AUTHORITY
+example.com. NSEC c.5.6.example.com. SOA DNSKEY NS RRSIG NSEC
+example.com.    3600    IN      RRSIG   NSEC 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCoocKDsR+Hius4e+5zJPlXeeWNowIUO+pa14FBcWH/dCNK5R0vRrlWY5s= ;{id = 2854}
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY AA QR NOERROR
+SECTION QUESTION
+5.6.example.com. IN DS
+SECTION AUTHORITY
+example.com. NSEC c.5.6.example.com. SOA DNSKEY NS RRSIG NSEC
+example.com.    3600    IN      RRSIG   NSEC 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCoocKDsR+Hius4e+5zJPlXeeWNowIUO+pa14FBcWH/dCNK5R0vRrlWY5s= ;{id = 2854}
+ENTRY_END
+
+; response for query in question - delegation
+; and all other queries, receive a delegation to c.5.6.example.com.
+ENTRY_BEGIN
+MATCH opcode
+ADJUST copy_id copy_query
+REPLY QR NOERROR
+SECTION QUESTION
+a.1.2.b.3.4.c.5.6.example.com. IN A
+SECTION ANSWER
+SECTION AUTHORITY
+c.5.6.example.com.	IN NS ns.c.5.6.example.com.
+c.5.6.example.com.      3600    IN      DS      2854 3 1 4449f16fa7d712283aa43cc8dcc8e07c05856e08
+c.5.6.example.com.      3600    IN      RRSIG   DS 3 5 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCgiF7eFL89mSqjUPEpQuL5QEa1OgIUWdfUmMkwVBwOgmxlxZIKfGs5od0= ;{id = 2854}
+SECTION ADDITIONAL
+ns.c.5.6.example.com.	IN	A 1.2.3.6
+ENTRY_END
+RANGE_END
+
+; ns.c.5.6.example.com.
+RANGE_BEGIN 0 100
+	ADDRESS 1.2.3.6
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY AA QR NOERROR
+SECTION QUESTION
+c.5.6.example.com. IN NS
+SECTION ANSWER
+ENTRY_END
+
+; response to DNSKEY priming query
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY AA QR NOERROR
+SECTION QUESTION
+c.5.6.example.com. IN DNSKEY
+SECTION ANSWER
+c.5.6.example.com.    3600    IN      DNSKEY  256 3 3 ALXLUsWqUrY3JYER3T4TBJII s70j+sDS/UT2QRp61SE7S3E EXopNXoFE73JLRmvpi/UrOO/Vz4Se 6wXv/CYCKjGw06U4WRgR YXcpEhJROyNapmdIKSx hOzfLVE1gqA0PweZR8d tY3aNQSRn3sPpwJr6Mi /PqQKAMMrZ9ckJpf1+b QMOOvxgzz2U1GS18b3y ZKcgTMEaJzd/GZYzi/B N2DzQ0MsrSwYXfsNLFO Bbs8PJMW4LYIxeeOe6rUgkWOF 7CC9Dh/dduQ1QrsJhmZAEFfd6ByYV+ ;{id = 2854 (zsk), size = 1688b}
+c.5.6.example.com.      3600    IN      RRSIG   DNSKEY 3 5 3600 20070926134150 20070829134150 2854 c.5.6.example.com. MC0CFHsYd4tGO5BotXFzG9d8fzHkX576AhUAoZ2d1FNUBsrwxl6XSz/hoxme/4Q= ;{id = 2854}
+ENTRY_END
+
+; response to DS queries.
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY AA QR NOERROR
+SECTION QUESTION
+4.c.5.6.example.com. IN DS
+SECTION AUTHORITY
+3.c.5.6.example.com.	IN NSEC b.3.4.c.5.6.example.com. NS DS RRSIG NSEC
+3.c.5.6.example.com.    3600    IN      RRSIG   NSEC 3 6 3600 20070926134150 20070829134150 2854 c.5.6.example.com. MCwCFFFF5WwGibkPunDt0BW2W9lncACcAhQuFh7FbfCE1ulJqBFf1YxjvT/WHQ== ;{id = 2854}
+
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY AA QR NOERROR
+SECTION QUESTION
+3.4.c.5.6.example.com. IN DS
+SECTION AUTHORITY
+3.c.5.6.example.com.	IN NSEC b.3.4.c.5.6.example.com. NS DS RRSIG NSEC
+3.c.5.6.example.com.    3600    IN      RRSIG   NSEC 3 6 3600 20070926134150 20070829134150 2854 c.5.6.example.com. MCwCFFFF5WwGibkPunDt0BW2W9lncACcAhQuFh7FbfCE1ulJqBFf1YxjvT/WHQ== ;{id = 2854}
+ENTRY_END
+
+; any other query gets a referral
+ENTRY_BEGIN
+MATCH opcode
+ADJUST copy_id copy_query
+REPLY AA QR NOERROR
+SECTION QUESTION
+; dnsjava: modify query to avoid overlap in query cache, match is not implemented
+4.c.5.6.example.com. IN NS
+SECTION AUTHORITY
+b.3.4.c.5.6.example.com. IN NS ns.b.3.4.c.5.6.example.com.
+b.3.4.c.5.6.example.com.        3600    IN      DS      30899 5 1 849ebbdefa338db3e6c3ddffd58851523ba701de
+b.3.4.c.5.6.example.com.        3600    IN      RRSIG   DS 3 8 3600 20070926134150 20070829134150 2854 c.5.6.example.com. MC0CFEuXbvClpAOx7E1SXeH0d+Q4jpySAhUAtbEbQ8qtRF5chUOWNtg31ESAjWg= ;{id = 2854}
+SECTION ADDITIONAL
+ns.b.3.4.c.5.6.example.com. IN A 1.2.3.7
+ENTRY_END
+RANGE_END
+
+; ns.b.3.4.c.5.6.example.com.
+RANGE_BEGIN 0 100
+	ADDRESS 1.2.3.7
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR AA NOERROR
+SECTION QUESTION
+b.3.4.c.5.6.example.com.	IN	NS
+SECTION ANSWER
+ENTRY_END
+
+; response to DNSKEY priming query
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR AA NOERROR
+SECTION QUESTION
+b.3.4.c.5.6.example.com.	IN	DNSKEY
+SECTION ANSWER
+b.3.4.c.5.6.example.com.        3600    IN      DNSKEY  256 3 5 AQPQ41chR9DEHt/aIzIFAqanbDlRflJoRs5yz1jFsoRIT7dWf0r+PeDuewdxkszNH6wnU4QL8pfKFRh5PIYVBLK3 ;{id = 30899 (zsk), size = 512b}
+b.3.4.c.5.6.example.com.        3600    IN      RRSIG   DNSKEY 5 8 3600 20070926134150 20070829134150 30899 b.3.4.c.5.6.example.com. KNftlGVkrfvo3l3Wliq+i695MqJI9B8QnTVhCHKhFPZfEq0HCxV8gO3ZlaTUle1YEnr7+yXUritXlzjFOlf1hw== ;{id = 30899}
+ENTRY_END
+
+; response to query of interest
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR AA NOERROR
+SECTION QUESTION
+a.1.2.b.3.4.c.5.6.example.com. IN A
+SECTION ANSWER
+a.1.2.b.3.4.c.5.6.example.com. IN A 11.11.11.11
+a.1.2.b.3.4.c.5.6.example.com.  3600    IN      RRSIG   A 5 11 3600 20070926134150 20070829134150 30899 b.3.4.c.5.6.example.com. GUZcUHhxAvc6FYwAzVJcTqsjz5L36bGA45dyeSupEGEhhUJj0wm/FaYCAlO8J+H2zcFEqbgK0KzHdrFmNHkgUQ== ;{id = 30899}
+SECTION AUTHORITY
+SECTION ADDITIONAL
+ENTRY_END
+RANGE_END
+
+STEP 1 QUERY
+ENTRY_BEGIN
+REPLY RD DO
+SECTION QUESTION
+a.1.2.b.3.4.c.5.6.example.com. IN A
+ENTRY_END
+
+; recursion happens here.
+STEP 10 CHECK_ANSWER
+ENTRY_BEGIN
+MATCH all
+REPLY QR RD RA AD DO NOERROR
+SECTION QUESTION
+a.1.2.b.3.4.c.5.6.example.com. IN A
+SECTION ANSWER
+a.1.2.b.3.4.c.5.6.example.com. 3600	IN	A	11.11.11.11
+a.1.2.b.3.4.c.5.6.example.com.  3600    IN      RRSIG   A 5 11 3600 20070926134150 20070829134150 30899 b.3.4.c.5.6.example.com. GUZcUHhxAvc6FYwAzVJcTqsjz5L36bGA45dyeSupEGEhhUJj0wm/FaYCAlO8J+H2zcFEqbgK0KzHdrFmNHkgUQ== ;{id = 30899}
+SECTION AUTHORITY
+SECTION ADDITIONAL
+ENTRY_END
+
+SCENARIO_END
diff --git a/src/test/resources/unbound/val_faildnskey.rpl b/src/test/resources/unbound/val_faildnskey.rpl
new file mode 100644
index 000000000..4c3139ac5
--- /dev/null
+++ b/src/test/resources/unbound/val_faildnskey.rpl
@@ -0,0 +1,170 @@
+; config options
+; The island of trust is at example.com
+server:
+	trust-anchor: "example.com.    3600    IN      DS      2854 3 1 46e4ffc6e9a4793b488954bd3f0cc6af0dfb201b"
+	val-override-date: "20070916134226"
+	target-fetch-policy: "0 0 0 0 0"
+	# test that default value of harden-dnssec-stripped is still yes.
+	fake-sha1: yes
+	trust-anchor-signaling: no
+
+stub-zone:
+	name: "."
+	stub-addr: 193.0.14.129 	# K.ROOT-SERVERS.NET.
+CONFIG_END
+
+SCENARIO_BEGIN Test validator with failed DNSKEY request
+
+; K.ROOT-SERVERS.NET.
+RANGE_BEGIN 0 100
+	ADDRESS 193.0.14.129 
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+. IN NS
+SECTION ANSWER
+. IN NS	K.ROOT-SERVERS.NET.
+SECTION ADDITIONAL
+K.ROOT-SERVERS.NET.	IN	A	193.0.14.129
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode subdomain
+ADJUST copy_id copy_query
+REPLY QR NOERROR
+SECTION QUESTION
+com. IN A
+SECTION AUTHORITY
+com.	IN NS	a.gtld-servers.net.
+SECTION ADDITIONAL
+a.gtld-servers.net.	IN 	A	192.5.6.30
+ENTRY_END
+RANGE_END
+
+; a.gtld-servers.net.
+RANGE_BEGIN 0 100
+	ADDRESS 192.5.6.30
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+com. IN NS
+SECTION ANSWER
+com.    IN NS   a.gtld-servers.net.
+SECTION ADDITIONAL
+a.gtld-servers.net.     IN      A       192.5.6.30
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode subdomain
+ADJUST copy_id copy_query
+REPLY QR NOERROR
+SECTION QUESTION
+example.com. IN A
+SECTION AUTHORITY
+example.com.	IN NS	ns.example.com.
+SECTION ADDITIONAL
+ns.example.com.		IN 	A	1.2.3.4
+ENTRY_END
+RANGE_END
+
+; ns.example.com.
+RANGE_BEGIN 0 100
+	ADDRESS 1.2.3.4
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+example.com. IN NS
+SECTION ANSWER
+example.com.    IN NS   ns.example.com.
+example.com.    3600    IN      RRSIG   NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854}
+SECTION ADDITIONAL
+ns.example.com.         IN      A       1.2.3.4
+ns.example.com. 3600    IN      RRSIG   A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854}
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+ns.example.com. IN A
+SECTION ANSWER
+ns.example.com.         IN      A       1.2.3.4
+ns.example.com. 3600    IN      RRSIG   A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854}
+SECTION AUTHORITY
+example.com.    IN NS   ns.example.com.
+example.com.    3600    IN      RRSIG   NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854}
+ENTRY_END
+
+; response to DNSKEY priming query
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+;REPLY QR AA NOERROR
+REPLY QR AA SERVFAIL
+SECTION QUESTION
+example.com. IN DNSKEY
+SECTION ANSWER
+;example.com.    3600    IN      DNSKEY  256 3 3 ALXLUsWqUrY3JYER3T4TBJII s70j+sDS/UT2QRp61SE7S3E EXopNXoFE73JLRmvpi/UrOO/Vz4Se 6wXv/CYCKjGw06U4WRgR YXcpEhJROyNapmdIKSx hOzfLVE1gqA0PweZR8d tY3aNQSRn3sPpwJr6Mi /PqQKAMMrZ9ckJpf1+b QMOOvxgzz2U1GS18b3y ZKcgTMEaJzd/GZYzi/B N2DzQ0MsrSwYXfsNLFO Bbs8PJMW4LYIxeeOe6rUgkWOF 7CC9Dh/dduQ1QrsJhmZAEFfd6ByYV+ ;{id = 2854 (zsk), size = 1688b}
+;example.com.    3600    IN      RRSIG   DNSKEY 3 2 3600 20070926134802 20070829134802 2854 example.com. MCwCFG1yhRNtTEa3Eno2zhVVuy2EJX3wAhQeLyUp6+UXcpC5qGNu9tkrTEgPUg== ;{id = 2854}
+;SECTION AUTHORITY
+;example.com.	IN NS	ns.example.com.
+;example.com.    3600    IN      RRSIG   NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854}
+;SECTION ADDITIONAL
+;ns.example.com.		IN 	A	1.2.3.4
+;ns.example.com. 3600    IN      RRSIG   A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854}
+ENTRY_END
+
+; response to query of interest
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+www.example.com. IN A
+SECTION ANSWER
+www.example.com. IN A	10.20.30.40
+ns.example.com. 3600    IN      RRSIG   A 3 3 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCQMyTjn7WWwpwAR1LlVeLpRgZGuQIUCcJDEkwAuzytTDRlYK7nIMwH1CM= ;{id = 2854}
+SECTION AUTHORITY
+example.com.	IN NS	ns.example.com.
+example.com.    3600    IN      RRSIG   NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854}
+SECTION ADDITIONAL
+ns.example.com.		IN 	A	1.2.3.4
+www.example.com.        3600    IN      RRSIG   A 3 3 3600 20070926134150 20070829134150 2854 example.com. MC0CFC99iE9K5y2WNgI0gFvBWaTi9wm6AhUAoUqOpDtG5Zct+Qr9F3mSdnbc6V4= ;{id = 2854}
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+ns.example.com. IN AAAA
+SECTION ANSWER
+ENTRY_END
+
+RANGE_END
+
+STEP 1 QUERY
+ENTRY_BEGIN
+REPLY RD DO
+SECTION QUESTION
+www.example.com. IN A
+ENTRY_END
+
+; recursion happens here.
+STEP 10 CHECK_ANSWER
+ENTRY_BEGIN
+MATCH all
+REPLY QR RD RA DO SERVFAIL
+SECTION QUESTION
+www.example.com. IN A
+SECTION ANSWER
+ENTRY_END
+
+SCENARIO_END
diff --git a/src/test/resources/unbound/val_faildnskey_ok.rpl b/src/test/resources/unbound/val_faildnskey_ok.rpl
new file mode 100644
index 000000000..d3ac00c47
--- /dev/null
+++ b/src/test/resources/unbound/val_faildnskey_ok.rpl
@@ -0,0 +1,180 @@
+; config options
+; The island of trust is at example.com
+server:
+	trust-anchor: "example.com.    3600    IN      DS      2854 3 1 46e4ffc6e9a4793b488954bd3f0cc6af0dfb201b"
+	val-override-date: "20070916134226"
+	harden-dnssec-stripped: no
+	target-fetch-policy: "0 0 0 0 0"
+	fake-sha1: yes
+	trust-anchor-signaling: no
+	minimal-responses: no
+
+stub-zone:
+	name: "."
+	stub-addr: 193.0.14.129 	# K.ROOT-SERVERS.NET.
+CONFIG_END
+
+SCENARIO_BEGIN Test validator with failed DNSKEY request, but not hardened.
+
+; K.ROOT-SERVERS.NET.
+RANGE_BEGIN 0 100
+	ADDRESS 193.0.14.129 
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+. IN NS
+SECTION ANSWER
+. IN NS	K.ROOT-SERVERS.NET.
+SECTION ADDITIONAL
+K.ROOT-SERVERS.NET.	IN	A	193.0.14.129
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode subdomain
+ADJUST copy_id copy_query
+REPLY QR NOERROR
+SECTION QUESTION
+com. IN A
+SECTION AUTHORITY
+com.	IN NS	a.gtld-servers.net.
+SECTION ADDITIONAL
+a.gtld-servers.net.	IN 	A	192.5.6.30
+ENTRY_END
+RANGE_END
+
+; a.gtld-servers.net.
+RANGE_BEGIN 0 100
+	ADDRESS 192.5.6.30
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+com. IN NS
+SECTION ANSWER
+com.    IN NS   a.gtld-servers.net.
+SECTION ADDITIONAL
+a.gtld-servers.net.     IN      A       192.5.6.30
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode subdomain
+ADJUST copy_id copy_query
+REPLY QR NOERROR
+SECTION QUESTION
+example.com. IN A
+SECTION AUTHORITY
+example.com.	IN NS	ns.example.com.
+SECTION ADDITIONAL
+ns.example.com.		IN 	A	1.2.3.4
+ENTRY_END
+RANGE_END
+
+; ns.example.com.
+RANGE_BEGIN 0 100
+	ADDRESS 1.2.3.4
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+example.com. IN NS
+SECTION ANSWER
+example.com.    IN NS   ns.example.com.
+example.com.    3600    IN      RRSIG   NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854}
+SECTION ADDITIONAL
+ns.example.com.         IN      A       1.2.3.4
+ns.example.com. 3600    IN      RRSIG   A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854}
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+ns.example.com. IN A
+SECTION ANSWER
+ns.example.com.         IN      A       1.2.3.4
+ns.example.com. 3600    IN      RRSIG   A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854}
+SECTION AUTHORITY
+example.com.    IN NS   ns.example.com.
+example.com.    3600    IN      RRSIG   NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854}
+ENTRY_END
+
+
+; response to DNSKEY priming query
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+;REPLY QR AA NOERROR
+REPLY QR AA SERVFAIL
+SECTION QUESTION
+example.com. IN DNSKEY
+SECTION ANSWER
+;example.com.    3600    IN      DNSKEY  256 3 3 ALXLUsWqUrY3JYER3T4TBJII s70j+sDS/UT2QRp61SE7S3E EXopNXoFE73JLRmvpi/UrOO/Vz4Se 6wXv/CYCKjGw06U4WRgR YXcpEhJROyNapmdIKSx hOzfLVE1gqA0PweZR8d tY3aNQSRn3sPpwJr6Mi /PqQKAMMrZ9ckJpf1+b QMOOvxgzz2U1GS18b3y ZKcgTMEaJzd/GZYzi/B N2DzQ0MsrSwYXfsNLFO Bbs8PJMW4LYIxeeOe6rUgkWOF 7CC9Dh/dduQ1QrsJhmZAEFfd6ByYV+ ;{id = 2854 (zsk), size = 1688b}
+;example.com.    3600    IN      RRSIG   DNSKEY 3 2 3600 20070926134802 20070829134802 2854 example.com. MCwCFG1yhRNtTEa3Eno2zhVVuy2EJX3wAhQeLyUp6+UXcpC5qGNu9tkrTEgPUg== ;{id = 2854}
+;SECTION AUTHORITY
+;example.com.	IN NS	ns.example.com.
+;example.com.    3600    IN      RRSIG   NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854}
+;SECTION ADDITIONAL
+;ns.example.com.		IN 	A	1.2.3.4
+;ns.example.com. 3600    IN      RRSIG   A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854}
+ENTRY_END
+
+; response to query of interest
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+www.example.com. IN A
+SECTION ANSWER
+www.example.com. IN A	10.20.30.40
+ns.example.com. 3600    IN      RRSIG   A 3 3 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCQMyTjn7WWwpwAR1LlVeLpRgZGuQIUCcJDEkwAuzytTDRlYK7nIMwH1CM= ;{id = 2854}
+SECTION AUTHORITY
+example.com.	IN NS	ns.example.com.
+example.com.    3600    IN      RRSIG   NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854}
+SECTION ADDITIONAL
+ns.example.com.		IN 	A	1.2.3.4
+www.example.com.        3600    IN      RRSIG   A 3 3 3600 20070926134150 20070829134150 2854 example.com. MC0CFC99iE9K5y2WNgI0gFvBWaTi9wm6AhUAoUqOpDtG5Zct+Qr9F3mSdnbc6V4= ;{id = 2854}
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+ns.example.com. IN AAAA
+SECTION ANSWER
+ENTRY_END
+
+RANGE_END
+
+STEP 1 QUERY
+ENTRY_BEGIN
+REPLY RD DO
+SECTION QUESTION
+www.example.com. IN A
+ENTRY_END
+
+; recursion happens here.
+STEP 10 CHECK_ANSWER
+ENTRY_BEGIN
+MATCH all
+REPLY QR RD RA DO NOERROR
+SECTION QUESTION
+www.example.com. IN A
+SECTION ANSWER
+www.example.com. IN A	10.20.30.40
+www.example.com.        3600    IN      RRSIG   A 3 3 3600 20070926134150 20070829134150 2854 example.com. MC0CFC99iE9K5y2WNgI0gFvBWaTi9wm6AhUAoUqOpDtG5Zct+Qr9F3mSdnbc6V4= ;{id = 2854}
+SECTION AUTHORITY
+example.com.	IN NS	ns.example.com.
+example.com.    3600    IN      RRSIG   NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854}
+SECTION ADDITIONAL
+ns.example.com.		IN 	A	1.2.3.4
+ns.example.com. 3600    IN      RRSIG   A 3 3 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCQMyTjn7WWwpwAR1LlVeLpRgZGuQIUCcJDEkwAuzytTDRlYK7nIMwH1CM= ;{id = 2854}
+ENTRY_END
+
+SCENARIO_END
diff --git a/src/test/resources/unbound/val_fwdds.rpl b/src/test/resources/unbound/val_fwdds.rpl
new file mode 100644
index 000000000..485e28693
--- /dev/null
+++ b/src/test/resources/unbound/val_fwdds.rpl
@@ -0,0 +1,231 @@
+; config options
+; The island of trust is at example.com
+server:
+	trust-anchor: "example.com.    3600    IN      DS      2854 3 1 46e4ffc6e9a4793b488954bd3f0cc6af0dfb201b"
+	val-override-date: "20070916134226"
+	target-fetch-policy: "0 0 0 0 0"
+	fake-sha1: yes
+	trust-anchor-signaling: no
+
+stub-zone:
+	name: "."
+	stub-addr: 193.0.14.129 	# K.ROOT-SERVERS.NET.
+forward-zone:
+	name: "sub.example.com"
+	forward-addr: 1.2.3.6
+CONFIG_END
+
+SCENARIO_BEGIN Test forward-zone with DS query
+; The fwd zone is linked validly with a DS to the public internet zone.
+; unbound just has to be able to ask the DS from the right server (not 
+; from the fwd).
+; Here the fwd is not even recursive, just the plain server for sub.example.com
+
+; K.ROOT-SERVERS.NET.
+RANGE_BEGIN 0 100
+	ADDRESS 193.0.14.129 
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+. IN NS
+SECTION ANSWER
+. IN NS	K.ROOT-SERVERS.NET.
+SECTION ADDITIONAL
+K.ROOT-SERVERS.NET.	IN	A	193.0.14.129
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode subdomain
+ADJUST copy_id copy_query
+REPLY QR NOERROR
+SECTION QUESTION
+com. IN NS
+SECTION AUTHORITY
+com.	IN NS	a.gtld-servers.net.
+SECTION ADDITIONAL
+a.gtld-servers.net.	IN 	A	192.5.6.30
+ENTRY_END
+RANGE_END
+
+; a.gtld-servers.net.
+RANGE_BEGIN 0 100
+	ADDRESS 192.5.6.30
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+com. IN NS
+SECTION ANSWER
+com.    IN NS   a.gtld-servers.net.
+SECTION ADDITIONAL
+a.gtld-servers.net.     IN      A       192.5.6.30
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode subdomain
+ADJUST copy_id copy_query
+REPLY QR NOERROR
+SECTION QUESTION
+example.com. IN A
+SECTION AUTHORITY
+example.com.	IN NS	ns.example.com.
+SECTION ADDITIONAL
+ns.example.com.		IN 	A	1.2.3.4
+ENTRY_END
+RANGE_END
+
+; ns.example.com.
+RANGE_BEGIN 0 100
+	ADDRESS 1.2.3.4
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+example.com. IN NS
+SECTION ANSWER
+example.com.    IN NS   ns.example.com.
+example.com.    3600    IN      RRSIG   NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854}
+SECTION ADDITIONAL
+ns.example.com.         IN      A       1.2.3.4
+ns.example.com. 3600    IN      RRSIG   A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854}
+ENTRY_END
+
+; response to DNSKEY priming query
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+example.com. IN DNSKEY
+SECTION ANSWER
+example.com.    3600    IN      DNSKEY  256 3 3 ALXLUsWqUrY3JYER3T4TBJII s70j+sDS/UT2QRp61SE7S3E EXopNXoFE73JLRmvpi/UrOO/Vz4Se 6wXv/CYCKjGw06U4WRgR YXcpEhJROyNapmdIKSx hOzfLVE1gqA0PweZR8d tY3aNQSRn3sPpwJr6Mi /PqQKAMMrZ9ckJpf1+b QMOOvxgzz2U1GS18b3y ZKcgTMEaJzd/GZYzi/B N2DzQ0MsrSwYXfsNLFO Bbs8PJMW4LYIxeeOe6rUgkWOF 7CC9Dh/dduQ1QrsJhmZAEFfd6ByYV+ ;{id = 2854 (zsk), size = 1688b}
+example.com. 3600    IN      RRSIG   DNSKEY DSA 2 3600 20070926134150 20070829134150 2854 example.com. MCwCFBQRtlR4BEv9ohi+PGFjp+AHsJuHAhRCvz0shggvnvI88DFnBDCczHUcVA== ;{id = 2854}
+SECTION AUTHORITY
+example.com.	IN NS	ns.example.com.
+example.com.    3600    IN      RRSIG   NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854}
+SECTION ADDITIONAL
+ns.example.com.		IN 	A	1.2.3.4
+ns.example.com. 3600    IN      RRSIG   A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854}
+ENTRY_END
+
+; response for DS of sub.example.com.
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+sub.example.com. IN DS
+SECTION ANSWER
+sub.example.com.        3600    IN      DS      30899 RSASHA1 1 f7ed618f24d5e5202927e1d27bc2e84a141cb4b3
+sub.example.com.        3600    IN      RRSIG   DS 3 3 3600 20070926134150 20070829134150 2854 example.com. MCwCFCW3ix0GD4BSvNLWIbROCJt5DAW9AhRt/kg9kBKJ20UBUdumrBUHqnskdA== ;{id = 2854}
+SECTION AUTHORITY
+SECTION ADDITIONAL
+ENTRY_END
+
+; response for delegation to sub.example.com.
+ENTRY_BEGIN
+MATCH opcode subdomain
+ADJUST copy_id copy_query
+REPLY QR NOERROR
+SECTION QUESTION
+sub.example.com. IN A
+SECTION ANSWER
+SECTION AUTHORITY
+sub.example.com. IN	NS ns.sub.example.com.
+sub.example.com.        3600    IN      DS      30899 RSASHA1 1 f7ed618f24d5e5202927e1d27bc2e84a141cb4b3
+sub.example.com.        3600    IN      RRSIG   DS 3 3 3600 20070926134150 20070829134150 2854 example.com. MCwCFCW3ix0GD4BSvNLWIbROCJt5DAW9AhRt/kg9kBKJ20UBUdumrBUHqnskdA== ;{id = 2854}
+SECTION ADDITIONAL
+ns.sub.example.com. IN A 1.2.3.6
+ENTRY_END
+
+RANGE_END
+
+; ns.sub.example.com.
+RANGE_BEGIN 0 100
+	ADDRESS 1.2.3.6
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+sub.example.com. IN NS
+SECTION ANSWER
+sub.example.com. IN	NS ns.sub.example.com.
+sub.example.com.        3600    IN      RRSIG   NS 5 3 3600 20070926134150 20070829134150 30899 sub.example.com. wcpHeBILHfo8C9uxMhcW03gcURZeUffiKdSTb50ZjzTHgMNhRyMfpcvSpXEd9548A9UTmWKeLZChfr5Z/glONw== ;{id = 30899}
+SECTION ADDITIONAL
+ns.sub.example.com. IN A 1.2.3.6
+ns.sub.example.com.     3600    IN      RRSIG   A 5 4 3600 20070926134150 20070829134150 30899 sub.example.com. UF7shD/gt1FOp2UHgLTNbPzVykklSXFMEtJ1xD+Hholwf/PIzd7zoaIttIYibNa4fUXCqMg22H9P7MRhfmFe6g== ;{id = 30899}
+ENTRY_END
+
+; response to DNSKEY priming query
+; sub.example.com.        3600    IN      DS      30899 RSASHA1 1 f7ed618f24d5e5202927e1d27bc2e84a141cb4b3
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+sub.example.com. IN DNSKEY
+SECTION ANSWER
+sub.example.com.        3600    IN      DNSKEY  256 3 5 AQPQ41chR9DEHt/aIzIFAqanbDlRflJoRs5yz1jFsoRIT7dWf0r+PeDuewdxkszNH6wnU4QL8pfKFRh5PIYVBLK3 ;{id = 30899 (zsk), size = 512b}
+sub.example.com.        3600    IN      RRSIG   DNSKEY 5 3 3600 20070926134150 20070829134150 30899 sub.example.com. uNGp99iznjD7oOX02XnQbDnbg75UwBHRvZSKYUorTKvPUnCWMHKdRsQ+mf+Fx3GZ+Fz9BVjoCmQqpnfgXLEYqw== ;{id = 30899}
+SECTION AUTHORITY
+sub.example.com. IN	NS ns.sub.example.com.
+sub.example.com.        3600    IN      RRSIG   NS 5 3 3600 20070926134150 20070829134150 30899 sub.example.com. wcpHeBILHfo8C9uxMhcW03gcURZeUffiKdSTb50ZjzTHgMNhRyMfpcvSpXEd9548A9UTmWKeLZChfr5Z/glONw== ;{id = 30899}
+SECTION ADDITIONAL
+ns.sub.example.com. IN A 1.2.3.6
+ns.sub.example.com.     3600    IN      RRSIG   A 5 4 3600 20070926134150 20070829134150 30899 sub.example.com. UF7shD/gt1FOp2UHgLTNbPzVykklSXFMEtJ1xD+Hholwf/PIzd7zoaIttIYibNa4fUXCqMg22H9P7MRhfmFe6g== ;{id = 30899}
+ENTRY_END
+
+; response for qtype DS.  This is not available here.
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR SERVFAIL
+SECTION QUESTION
+sub.example.com. IN DS
+SECTION ANSWER
+SECTION AUTHORITY
+SECTION ADDITIONAL
+ENTRY_END
+
+; response to query of interest
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+www.sub.example.com. IN A
+SECTION ANSWER
+www.sub.example.com. IN A	11.11.11.11
+www.sub.example.com.    3600    IN      RRSIG   A 5 4 3600 20070926134150 20070829134150 30899 sub.example.com. 0DqqRfRtm7VSEQ4mmBbzrKRqQAay3JAE8DPDGmjtokrrjN9F1G/HxozDV7bjdIh2EChlQea8FPwf/GepJMUVxg== ;{id = 30899}
+SECTION AUTHORITY
+SECTION ADDITIONAL
+ENTRY_END
+RANGE_END
+
+STEP 1 QUERY
+ENTRY_BEGIN
+REPLY RD DO
+SECTION QUESTION
+www.sub.example.com. IN A
+ENTRY_END
+
+; recursion happens here.
+STEP 10 CHECK_ANSWER
+ENTRY_BEGIN
+MATCH all
+REPLY QR RD RA AD DO NOERROR
+SECTION QUESTION
+www.sub.example.com. IN A
+SECTION ANSWER
+www.sub.example.com. 	3600	IN	A	11.11.11.11
+www.sub.example.com.    3600    IN      RRSIG   A 5 4 3600 20070926134150 20070829134150 30899 sub.example.com. 0DqqRfRtm7VSEQ4mmBbzrKRqQAay3JAE8DPDGmjtokrrjN9F1G/HxozDV7bjdIh2EChlQea8FPwf/GepJMUVxg== ;{id = 30899}
+SECTION AUTHORITY
+SECTION ADDITIONAL
+ENTRY_END
+
+SCENARIO_END
diff --git a/src/test/resources/unbound/val_keyprefetch.rpl b/src/test/resources/unbound/val_keyprefetch.rpl
new file mode 100644
index 000000000..d340a8a58
--- /dev/null
+++ b/src/test/resources/unbound/val_keyprefetch.rpl
@@ -0,0 +1,216 @@
+; config options
+; The island of trust is at example.com
+server:
+	trust-anchor: "example.com.    3600    IN      DS      2854 3 1 46e4ffc6e9a4793b488954bd3f0cc6af0dfb201b"
+	val-override-date: "20070916134226"
+	target-fetch-policy: "0 0 0 0 0"
+	qname-minimisation: "no"
+	prefetch-key: yes
+	fake-sha1: yes
+	val-min-rsa-size: 512
+	trust-anchor-signaling: no
+
+stub-zone:
+	name: "."
+	stub-addr: 193.0.14.129 	# K.ROOT-SERVERS.NET.
+CONFIG_END
+
+SCENARIO_BEGIN Test validator with key prefetch
+
+; K.ROOT-SERVERS.NET.
+RANGE_BEGIN 0 100
+	ADDRESS 193.0.14.129
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+. IN NS
+SECTION ANSWER
+. IN NS	K.ROOT-SERVERS.NET.
+SECTION ADDITIONAL
+K.ROOT-SERVERS.NET.	IN	A	193.0.14.129
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+www.sub.example.com. IN A
+SECTION AUTHORITY
+com.	IN NS	a.gtld-servers.net.
+SECTION ADDITIONAL
+a.gtld-servers.net.	IN 	A	192.5.6.30
+ENTRY_END
+RANGE_END
+
+; a.gtld-servers.net.
+RANGE_BEGIN 0 100
+	ADDRESS 192.5.6.30
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+com. IN NS
+SECTION ANSWER
+com.    IN NS   a.gtld-servers.net.
+SECTION ADDITIONAL
+a.gtld-servers.net.     IN      A       192.5.6.30
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+www.sub.example.com. IN A
+SECTION AUTHORITY
+example.com.	IN NS	ns.example.com.
+SECTION ADDITIONAL
+ns.example.com.		IN 	A	1.2.3.4
+ENTRY_END
+RANGE_END
+
+; ns.example.com.
+RANGE_BEGIN 0 100
+	ADDRESS 1.2.3.4
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+example.com. IN NS
+SECTION ANSWER
+example.com.    IN NS   ns.example.com.
+example.com.    3600    IN      RRSIG   NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854}
+SECTION ADDITIONAL
+ns.example.com.         IN      A       1.2.3.4
+ns.example.com. 3600    IN      RRSIG   A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854}
+ENTRY_END
+
+; response to DNSKEY priming query
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+example.com. IN DNSKEY
+SECTION ANSWER
+example.com.    3600    IN      DNSKEY  256 3 3 ALXLUsWqUrY3JYER3T4TBJII s70j+sDS/UT2QRp61SE7S3E EXopNXoFE73JLRmvpi/UrOO/Vz4Se 6wXv/CYCKjGw06U4WRgR YXcpEhJROyNapmdIKSx hOzfLVE1gqA0PweZR8d tY3aNQSRn3sPpwJr6Mi /PqQKAMMrZ9ckJpf1+b QMOOvxgzz2U1GS18b3y ZKcgTMEaJzd/GZYzi/B N2DzQ0MsrSwYXfsNLFO Bbs8PJMW4LYIxeeOe6rUgkWOF 7CC9Dh/dduQ1QrsJhmZAEFfd6ByYV+ ;{id = 2854 (zsk), size = 1688b}
+example.com. 3600    IN      RRSIG   DNSKEY DSA 2 3600 20070926134150 20070829134150 2854 example.com. MCwCFBQRtlR4BEv9ohi+PGFjp+AHsJuHAhRCvz0shggvnvI88DFnBDCczHUcVA== ;{id = 2854}
+SECTION AUTHORITY
+example.com.	IN NS	ns.example.com.
+example.com.    3600    IN      RRSIG   NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854}
+SECTION ADDITIONAL
+ns.example.com.		IN 	A	1.2.3.4
+ns.example.com. 3600    IN      RRSIG   A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854}
+ENTRY_END
+
+; response for delegation to sub.example.com.
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+www.sub.example.com. IN A
+SECTION ANSWER
+SECTION AUTHORITY
+sub.example.com. IN	NS ns.sub.example.com.
+sub.example.com.        3600    IN      DS      30899 RSASHA1 1 f7ed618f24d5e5202927e1d27bc2e84a141cb4b3
+sub.example.com.        3600    IN      RRSIG   DS 3 3 3600 20070926134150 20070829134150 2854 example.com. MCwCFCW3ix0GD4BSvNLWIbROCJt5DAW9AhRt/kg9kBKJ20UBUdumrBUHqnskdA== ;{id = 2854}
+SECTION ADDITIONAL
+ns.sub.example.com. IN A 1.2.3.6
+ENTRY_END
+
+; response for delegation to sub.example.com.
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+sub.example.com. IN DNSKEY
+SECTION ANSWER
+SECTION AUTHORITY
+sub.example.com. IN	NS ns.sub.example.com.
+sub.example.com.        3600    IN      DS      30899 RSASHA1 1 f7ed618f24d5e5202927e1d27bc2e84a141cb4b3
+sub.example.com.        3600    IN      RRSIG   DS 3 3 3600 20070926134150 20070829134150 2854 example.com. MCwCFCW3ix0GD4BSvNLWIbROCJt5DAW9AhRt/kg9kBKJ20UBUdumrBUHqnskdA== ;{id = 2854}
+SECTION ADDITIONAL
+ns.sub.example.com. IN A 1.2.3.6
+ENTRY_END
+RANGE_END
+
+; ns.sub.example.com.
+RANGE_BEGIN 0 100
+	ADDRESS 1.2.3.6
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+sub.example.com. IN NS
+SECTION ANSWER
+sub.example.com. IN	NS ns.sub.example.com.
+sub.example.com.        3600    IN      RRSIG   NS 5 3 3600 20070926134150 20070829134150 30899 sub.example.com. wcpHeBILHfo8C9uxMhcW03gcURZeUffiKdSTb50ZjzTHgMNhRyMfpcvSpXEd9548A9UTmWKeLZChfr5Z/glONw== ;{id = 30899}
+SECTION ADDITIONAL
+ns.sub.example.com. IN A 1.2.3.6
+ns.sub.example.com.     3600    IN      RRSIG   A 5 4 3600 20070926134150 20070829134150 30899 sub.example.com. UF7shD/gt1FOp2UHgLTNbPzVykklSXFMEtJ1xD+Hholwf/PIzd7zoaIttIYibNa4fUXCqMg22H9P7MRhfmFe6g== ;{id = 30899}
+ENTRY_END
+
+; response to DNSKEY priming query
+; sub.example.com.        3600    IN      DS      30899 RSASHA1 1 f7ed618f24d5e5202927e1d27bc2e84a141cb4b3
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+sub.example.com. IN DNSKEY
+SECTION ANSWER
+sub.example.com.        3600    IN      DNSKEY  256 3 5 AQPQ41chR9DEHt/aIzIFAqanbDlRflJoRs5yz1jFsoRIT7dWf0r+PeDuewdxkszNH6wnU4QL8pfKFRh5PIYVBLK3 ;{id = 30899 (zsk), size = 512b}
+sub.example.com.        3600    IN      RRSIG   DNSKEY 5 3 3600 20070926134150 20070829134150 30899 sub.example.com. uNGp99iznjD7oOX02XnQbDnbg75UwBHRvZSKYUorTKvPUnCWMHKdRsQ+mf+Fx3GZ+Fz9BVjoCmQqpnfgXLEYqw== ;{id = 30899}
+SECTION AUTHORITY
+sub.example.com. IN	NS ns.sub.example.com.
+sub.example.com.        3600    IN      RRSIG   NS 5 3 3600 20070926134150 20070829134150 30899 sub.example.com. wcpHeBILHfo8C9uxMhcW03gcURZeUffiKdSTb50ZjzTHgMNhRyMfpcvSpXEd9548A9UTmWKeLZChfr5Z/glONw== ;{id = 30899}
+SECTION ADDITIONAL
+ns.sub.example.com. IN A 1.2.3.6
+ns.sub.example.com.     3600    IN      RRSIG   A 5 4 3600 20070926134150 20070829134150 30899 sub.example.com. UF7shD/gt1FOp2UHgLTNbPzVykklSXFMEtJ1xD+Hholwf/PIzd7zoaIttIYibNa4fUXCqMg22H9P7MRhfmFe6g== ;{id = 30899}
+ENTRY_END
+
+; response to query of interest
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+www.sub.example.com. IN A
+SECTION ANSWER
+www.sub.example.com. IN A	11.11.11.11
+www.sub.example.com.    3600    IN      RRSIG   A 5 4 3600 20070926134150 20070829134150 30899 sub.example.com. 0DqqRfRtm7VSEQ4mmBbzrKRqQAay3JAE8DPDGmjtokrrjN9F1G/HxozDV7bjdIh2EChlQea8FPwf/GepJMUVxg== ;{id = 30899}
+SECTION AUTHORITY
+SECTION ADDITIONAL
+ENTRY_END
+RANGE_END
+
+STEP 1 QUERY
+ENTRY_BEGIN
+REPLY RD DO
+SECTION QUESTION
+www.sub.example.com. IN A
+ENTRY_END
+
+; recursion happens here.
+STEP 10 CHECK_ANSWER
+ENTRY_BEGIN
+MATCH all
+REPLY QR RD RA AD DO NOERROR
+SECTION QUESTION
+www.sub.example.com. IN A
+SECTION ANSWER
+www.sub.example.com. 	3600	IN	A	11.11.11.11
+www.sub.example.com.    3600    IN      RRSIG   A 5 4 3600 20070926134150 20070829134150 30899 sub.example.com. 0DqqRfRtm7VSEQ4mmBbzrKRqQAay3JAE8DPDGmjtokrrjN9F1G/HxozDV7bjdIh2EChlQea8FPwf/GepJMUVxg== ;{id = 30899}
+SECTION AUTHORITY
+SECTION ADDITIONAL
+ENTRY_END
+
+SCENARIO_END
diff --git a/src/test/resources/unbound/val_keyprefetch_verify.rpl b/src/test/resources/unbound/val_keyprefetch_verify.rpl
new file mode 100644
index 000000000..be66c2c3e
--- /dev/null
+++ b/src/test/resources/unbound/val_keyprefetch_verify.rpl
@@ -0,0 +1,250 @@
+; config options
+; The island of trust is at example.com
+server:
+	trust-anchor: "example.com.    3600    IN      DS      2854 3 1 46e4ffc6e9a4793b488954bd3f0cc6af0dfb201b"
+	val-override-date: "20070916134226"
+	target-fetch-policy: "0 0 0 0 0"
+	qname-minimisation: "no"
+	prefetch-key: yes
+	prefetch: yes
+	fake-sha1: yes
+	val-min-rsa-size: 512
+	trust-anchor-signaling: no
+	minimal-responses: no
+
+stub-zone:
+	name: "."
+	stub-addr: 193.0.14.129 	# K.ROOT-SERVERS.NET.
+CONFIG_END
+
+SCENARIO_BEGIN Test validator with key prefetch and verify with the anchor
+
+
+; K.ROOT-SERVERS.NET.
+RANGE_BEGIN 0 100
+	ADDRESS 193.0.14.129
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+. IN NS
+SECTION ANSWER
+. IN NS	K.ROOT-SERVERS.NET.
+SECTION ADDITIONAL
+K.ROOT-SERVERS.NET.	IN	A	193.0.14.129
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+www.sub.example.com. IN A
+SECTION AUTHORITY
+com.	IN NS	a.gtld-servers.net.
+SECTION ADDITIONAL
+a.gtld-servers.net.	IN 	A	192.5.6.30
+ENTRY_END
+RANGE_END
+
+; a.gtld-servers.net.
+RANGE_BEGIN 0 100
+	ADDRESS 192.5.6.30
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+com. IN NS
+SECTION ANSWER
+com.    IN NS   a.gtld-servers.net.
+SECTION ADDITIONAL
+a.gtld-servers.net.     IN      A       192.5.6.30
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+www.sub.example.com. IN A
+SECTION AUTHORITY
+example.com.	IN NS	ns.example.com.
+SECTION ADDITIONAL
+ns.example.com.		IN 	A	1.2.3.4
+ENTRY_END
+RANGE_END
+
+; ns.example.com.
+RANGE_BEGIN 0 100
+	ADDRESS 1.2.3.4
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+example.com. IN NS
+SECTION ANSWER
+example.com.    IN NS   ns.example.com.
+example.com.    3600    IN      RRSIG   NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854}
+SECTION ADDITIONAL
+ns.example.com.         IN      A       1.2.3.4
+ns.example.com. 3600    IN      RRSIG   A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854}
+ENTRY_END
+
+; response to DNSKEY priming query
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+example.com. IN DNSKEY
+SECTION ANSWER
+example.com.    3600    IN      DNSKEY  256 3 3 ALXLUsWqUrY3JYER3T4TBJII s70j+sDS/UT2QRp61SE7S3E EXopNXoFE73JLRmvpi/UrOO/Vz4Se 6wXv/CYCKjGw06U4WRgR YXcpEhJROyNapmdIKSx hOzfLVE1gqA0PweZR8d tY3aNQSRn3sPpwJr6Mi /PqQKAMMrZ9ckJpf1+b QMOOvxgzz2U1GS18b3y ZKcgTMEaJzd/GZYzi/B N2DzQ0MsrSwYXfsNLFO Bbs8PJMW4LYIxeeOe6rUgkWOF 7CC9Dh/dduQ1QrsJhmZAEFfd6ByYV+ ;{id = 2854 (zsk), size = 1688b}
+example.com. 3600    IN      RRSIG   DNSKEY DSA 2 3600 20070926134150 20070829134150 2854 example.com. MCwCFBQRtlR4BEv9ohi+PGFjp+AHsJuHAhRCvz0shggvnvI88DFnBDCczHUcVA== ;{id = 2854}
+SECTION AUTHORITY
+example.com.	IN NS	ns.example.com.
+example.com.    3600    IN      RRSIG   NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854}
+SECTION ADDITIONAL
+ns.example.com.		IN 	A	1.2.3.4
+ns.example.com. 3600    IN      RRSIG   A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854}
+ENTRY_END
+
+; response for delegation to sub.example.com.
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+www.sub.example.com. IN A
+SECTION ANSWER
+SECTION AUTHORITY
+sub.example.com. IN	NS ns.sub.example.com.
+sub.example.com.        3600    IN      DS      30899 RSASHA1 1 f7ed618f24d5e5202927e1d27bc2e84a141cb4b3
+sub.example.com.        3600    IN      RRSIG   DS 3 3 3600 20070926134150 20070829134150 2854 example.com. MCwCFCW3ix0GD4BSvNLWIbROCJt5DAW9AhRt/kg9kBKJ20UBUdumrBUHqnskdA== ;{id = 2854}
+SECTION ADDITIONAL
+ns.sub.example.com. IN A 1.2.3.6
+ENTRY_END
+
+; response for delegation to sub.example.com.
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+sub.example.com. IN DNSKEY
+SECTION ANSWER
+SECTION AUTHORITY
+sub.example.com. IN	NS ns.sub.example.com.
+sub.example.com.        3600    IN      DS      30899 RSASHA1 1 f7ed618f24d5e5202927e1d27bc2e84a141cb4b3
+sub.example.com.        3600    IN      RRSIG   DS 3 3 3600 20070926134150 20070829134150 2854 example.com. MCwCFCW3ix0GD4BSvNLWIbROCJt5DAW9AhRt/kg9kBKJ20UBUdumrBUHqnskdA== ;{id = 2854}
+SECTION ADDITIONAL
+ns.sub.example.com. IN A 1.2.3.6
+ENTRY_END
+RANGE_END
+
+; ns.sub.example.com.
+RANGE_BEGIN 0 100
+	ADDRESS 1.2.3.6
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+sub.example.com. IN NS
+SECTION ANSWER
+sub.example.com. IN	NS ns.sub.example.com.
+sub.example.com.        3600    IN      RRSIG   NS 5 3 3600 20070926134150 20070829134150 30899 sub.example.com. wcpHeBILHfo8C9uxMhcW03gcURZeUffiKdSTb50ZjzTHgMNhRyMfpcvSpXEd9548A9UTmWKeLZChfr5Z/glONw== ;{id = 30899}
+SECTION ADDITIONAL
+ns.sub.example.com. IN A 1.2.3.6
+ns.sub.example.com.     3600    IN      RRSIG   A 5 4 3600 20070926134150 20070829134150 30899 sub.example.com. UF7shD/gt1FOp2UHgLTNbPzVykklSXFMEtJ1xD+Hholwf/PIzd7zoaIttIYibNa4fUXCqMg22H9P7MRhfmFe6g== ;{id = 30899}
+ENTRY_END
+
+; response to DNSKEY priming query
+; sub.example.com.        3600    IN      DS      30899 RSASHA1 1 f7ed618f24d5e5202927e1d27bc2e84a141cb4b3
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+sub.example.com. IN DNSKEY
+SECTION ANSWER
+sub.example.com.        3600    IN      DNSKEY  256 3 5 AQPQ41chR9DEHt/aIzIFAqanbDlRflJoRs5yz1jFsoRIT7dWf0r+PeDuewdxkszNH6wnU4QL8pfKFRh5PIYVBLK3 ;{id = 30899 (zsk), size = 512b}
+sub.example.com.        3600    IN      RRSIG   DNSKEY 5 3 3600 20070926134150 20070829134150 30899 sub.example.com. uNGp99iznjD7oOX02XnQbDnbg75UwBHRvZSKYUorTKvPUnCWMHKdRsQ+mf+Fx3GZ+Fz9BVjoCmQqpnfgXLEYqw== ;{id = 30899}
+SECTION AUTHORITY
+sub.example.com. IN	NS ns.sub.example.com.
+sub.example.com.        3600    IN      RRSIG   NS 5 3 3600 20070926134150 20070829134150 30899 sub.example.com. wcpHeBILHfo8C9uxMhcW03gcURZeUffiKdSTb50ZjzTHgMNhRyMfpcvSpXEd9548A9UTmWKeLZChfr5Z/glONw== ;{id = 30899}
+SECTION ADDITIONAL
+ns.sub.example.com. IN A 1.2.3.6
+ns.sub.example.com.     3600    IN      RRSIG   A 5 4 3600 20070926134150 20070829134150 30899 sub.example.com. UF7shD/gt1FOp2UHgLTNbPzVykklSXFMEtJ1xD+Hholwf/PIzd7zoaIttIYibNa4fUXCqMg22H9P7MRhfmFe6g== ;{id = 30899}
+ENTRY_END
+
+; response to query of interest
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+www.sub.example.com. IN A
+SECTION ANSWER
+www.sub.example.com. IN A	11.11.11.11
+www.sub.example.com.    3600    IN      RRSIG   A 5 4 3600 20070926134150 20070829134150 30899 sub.example.com. 0DqqRfRtm7VSEQ4mmBbzrKRqQAay3JAE8DPDGmjtokrrjN9F1G/HxozDV7bjdIh2EChlQea8FPwf/GepJMUVxg== ;{id = 30899}
+SECTION AUTHORITY
+SECTION ADDITIONAL
+ENTRY_END
+RANGE_END
+
+STEP 1 QUERY
+ENTRY_BEGIN
+REPLY RD DO
+SECTION QUESTION
+www.sub.example.com. IN A
+ENTRY_END
+
+; recursion happens here.
+STEP 10 CHECK_ANSWER
+ENTRY_BEGIN
+MATCH all
+REPLY QR RD RA AD DO NOERROR
+SECTION QUESTION
+www.sub.example.com. IN A
+SECTION ANSWER
+www.sub.example.com. 	3600	IN	A	11.11.11.11
+www.sub.example.com.    3600    IN      RRSIG   A 5 4 3600 20070926134150 20070829134150 30899 sub.example.com. 0DqqRfRtm7VSEQ4mmBbzrKRqQAay3JAE8DPDGmjtokrrjN9F1G/HxozDV7bjdIh2EChlQea8FPwf/GepJMUVxg== ;{id = 30899}
+SECTION AUTHORITY
+SECTION ADDITIONAL
+ENTRY_END
+
+STEP 20 TIME_PASSES ELAPSE 3400
+
+; now the key gets prefetched and has to be verified with the anchor,
+; not with the key itself.
+; this answer is from cache enyway.
+STEP 30 QUERY
+ENTRY_BEGIN
+REPLY RD DO
+SECTION QUESTION
+sub.example.com. IN DNSKEY
+ENTRY_END
+
+STEP 40 CHECK_ANSWER
+ENTRY_BEGIN
+MATCH all
+REPLY QR RD RA AD DO NOERROR
+SECTION QUESTION
+sub.example.com. IN DNSKEY
+SECTION ANSWER
+sub.example.com.        3600    IN      DNSKEY  256 3 5 AQPQ41chR9DEHt/aIzIFAqanbDlRflJoRs5yz1jFsoRIT7dWf0r+PeDuewdxkszNH6wnU4QL8pfKFRh5PIYVBLK3 ;{id = 30899 (zsk), size = 512b}
+sub.example.com.        3600    IN      RRSIG   DNSKEY 5 3 3600 20070926134150 20070829134150 30899 sub.example.com. uNGp99iznjD7oOX02XnQbDnbg75UwBHRvZSKYUorTKvPUnCWMHKdRsQ+mf+Fx3GZ+Fz9BVjoCmQqpnfgXLEYqw== ;{id = 30899}
+SECTION AUTHORITY
+sub.example.com. IN	NS ns.sub.example.com.
+sub.example.com.        3600    IN      RRSIG   NS 5 3 3600 20070926134150 20070829134150 30899 sub.example.com. wcpHeBILHfo8C9uxMhcW03gcURZeUffiKdSTb50ZjzTHgMNhRyMfpcvSpXEd9548A9UTmWKeLZChfr5Z/glONw== ;{id = 30899}
+SECTION ADDITIONAL
+ns.sub.example.com. IN A 1.2.3.6
+ns.sub.example.com.     3600    IN      RRSIG   A 5 4 3600 20070926134150 20070829134150 30899 sub.example.com. UF7shD/gt1FOp2UHgLTNbPzVykklSXFMEtJ1xD+Hholwf/PIzd7zoaIttIYibNa4fUXCqMg22H9P7MRhfmFe6g== ;{id = 30899}
+ENTRY_END
+
+STEP 50 TRAFFIC
+
+SCENARIO_END
diff --git a/src/test/resources/unbound/val_mal_wc.rpl b/src/test/resources/unbound/val_mal_wc.rpl
new file mode 100644
index 000000000..5279092dc
--- /dev/null
+++ b/src/test/resources/unbound/val_mal_wc.rpl
@@ -0,0 +1,152 @@
+; config options
+; The island of trust is at example.com
+server:
+	trust-anchor: "example.com.    3600    IN      DS      2854 3 1 46e4ffc6e9a4793b488954bd3f0cc6af0dfb201b"
+	val-override-date: "20070916134226"
+	target-fetch-policy: "0 0 0 0 0"
+	qname-minimisation: "no"
+	fake-sha1: yes
+	trust-anchor-signaling: no
+
+stub-zone:
+	name: "."
+	stub-addr: 193.0.14.129 	# K.ROOT-SERVERS.NET.
+CONFIG_END
+
+SCENARIO_BEGIN Test validator with nodata, wildcards and ENT
+
+; K.ROOT-SERVERS.NET.
+RANGE_BEGIN 0 100
+	ADDRESS 193.0.14.129 
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+. IN NS
+SECTION ANSWER
+. IN NS	K.ROOT-SERVERS.NET.
+SECTION ADDITIONAL
+K.ROOT-SERVERS.NET.	IN	A	193.0.14.129
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+b.example.com. IN DS
+SECTION AUTHORITY
+com.	IN NS	a.gtld-servers.net.
+SECTION ADDITIONAL
+a.gtld-servers.net.	IN 	A	192.5.6.30
+ENTRY_END
+RANGE_END
+
+; a.gtld-servers.net.
+RANGE_BEGIN 0 100
+	ADDRESS 192.5.6.30
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+com. IN NS
+SECTION ANSWER
+com.    IN NS   a.gtld-servers.net.
+SECTION ADDITIONAL
+a.gtld-servers.net.     IN      A       192.5.6.30
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+b.example.com. IN DS
+SECTION AUTHORITY
+example.com.	IN NS	ns.example.com.
+SECTION ADDITIONAL
+ns.example.com.		IN 	A	1.2.3.4
+ENTRY_END
+RANGE_END
+
+; ns.example.com.
+RANGE_BEGIN 0 100
+	ADDRESS 1.2.3.4
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+example.com. IN NS
+SECTION ANSWER
+example.com.    IN NS   ns.example.com.
+example.com.    3600    IN      RRSIG   NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854}
+SECTION ADDITIONAL
+ns.example.com.         IN      A       1.2.3.4
+ns.example.com. 3600    IN      RRSIG   A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854}
+ENTRY_END
+
+; response to DNSKEY priming query
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+example.com. IN DNSKEY
+SECTION ANSWER
+example.com.    3600    IN      DNSKEY  256 3 3 ALXLUsWqUrY3JYER3T4TBJII s70j+sDS/UT2QRp61SE7S3E EXopNXoFE73JLRmvpi/UrOO/Vz4Se 6wXv/CYCKjGw06U4WRgR YXcpEhJROyNapmdIKSx hOzfLVE1gqA0PweZR8d tY3aNQSRn3sPpwJr6Mi /PqQKAMMrZ9ckJpf1+b QMOOvxgzz2U1GS18b3y ZKcgTMEaJzd/GZYzi/B N2DzQ0MsrSwYXfsNLFO Bbs8PJMW4LYIxeeOe6rUgkWOF 7CC9Dh/dduQ1QrsJhmZAEFfd6ByYV+ ;{id = 2854 (zsk), size = 1688b}
+example.com.    3600    IN      RRSIG   DNSKEY 3 2 3600 20070926134802 20070829134802 2854 example.com. MCwCFG1yhRNtTEa3Eno2zhVVuy2EJX3wAhQeLyUp6+UXcpC5qGNu9tkrTEgPUg== ;{id = 2854}
+SECTION AUTHORITY
+example.com.	IN NS	ns.example.com.
+example.com.    3600    IN      RRSIG   NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854}
+SECTION ADDITIONAL
+ns.example.com.		IN 	A	1.2.3.4
+ns.example.com. 3600    IN      RRSIG   A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854}
+ENTRY_END
+
+; response to query of interest
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR AA NOERROR
+SECTION QUESTION
+b.example.com. IN DS
+SECTION ANSWER
+SECTION AUTHORITY
+example.com.    86394   IN      SOA     NS.IANA.ORG. NSTLD.IANA.ORG. 2007092000 1800 900 604800 86400
+example.com.    86394   IN      RRSIG   SOA 3 2 86394 20070926135752 20070829135752 2854 example.com. MCwCFFHjDbVjiPywHcXm669wMUJ7dlcoAhRfuauTUoExMSx96lTVYbBHOXtQEw== ;{id = 2854}
+
+; note that b.example.com. is an empty nonterminal
+*.example.com.  3600    IN      NSEC    *.b.example.com. A MX RRSIG NSEC 
+*.example.com.  3600    IN      RRSIG   NSEC 3 2 3600 20070926135752 20070829135752 2854 example.com. MCwCFE9CopvxP6w/1HqnqxNluh1Qbgk0AhRgKrdjk/YoEm4tcYflNX6McDMCgQ== ;{id = 2854}
+
+SECTION ADDITIONAL
+ENTRY_END
+RANGE_END
+
+STEP 1 QUERY
+ENTRY_BEGIN
+REPLY RD DO
+SECTION QUESTION
+b.example.com. IN DS
+ENTRY_END
+
+; recursion happens here.
+STEP 10 CHECK_ANSWER
+ENTRY_BEGIN
+MATCH all
+REPLY QR RD RA AD DO NOERROR
+SECTION QUESTION
+b.example.com. IN DS
+SECTION ANSWER
+SECTION AUTHORITY
+example.com.    86394   IN      SOA     NS.IANA.ORG. NSTLD.IANA.ORG. 2007092000 1800 900 604800 86400
+example.com.    86394   IN      RRSIG   SOA 3 2 86394 20070926135752 20070829135752 2854 example.com. MCwCFFHjDbVjiPywHcXm669wMUJ7dlcoAhRfuauTUoExMSx96lTVYbBHOXtQEw== ;{id = 2854}
+*.example.com.  3600    IN      NSEC    *.b.example.com. A MX RRSIG NSEC 
+*.example.com.  3600    IN      RRSIG   NSEC 3 2 3600 20070926135752 20070829135752 2854 example.com. MCwCFE9CopvxP6w/1HqnqxNluh1Qbgk0AhRgKrdjk/YoEm4tcYflNX6McDMCgQ== ;{id = 2854}
+SECTION ADDITIONAL
+ENTRY_END
+
+SCENARIO_END
diff --git a/src/test/resources/unbound/val_negcache_ds.rpl b/src/test/resources/unbound/val_negcache_ds.rpl
new file mode 100644
index 000000000..3a2c8d5dd
--- /dev/null
+++ b/src/test/resources/unbound/val_negcache_ds.rpl
@@ -0,0 +1,216 @@
+; config options
+; The island of trust is at example.com
+server:
+	trust-anchor: "example.com.    3600    IN      DS      2854 3 1 46e4ffc6e9a4793b488954bd3f0cc6af0dfb201b"
+	val-override-date: "20070916134226"
+	target-fetch-policy: "0 0 0 0 0"
+	qname-minimisation: "no"
+	fake-sha1: yes
+	trust-anchor-signaling: no
+
+stub-zone:
+	name: "."
+	stub-addr: 193.0.14.129 	# K.ROOT-SERVERS.NET.
+CONFIG_END
+
+SCENARIO_BEGIN Test validator with negative cache DS response
+
+; K.ROOT-SERVERS.NET.
+RANGE_BEGIN 0 100
+	ADDRESS 193.0.14.129 
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+. IN NS
+SECTION ANSWER
+. IN NS	K.ROOT-SERVERS.NET.
+SECTION ADDITIONAL
+K.ROOT-SERVERS.NET.	IN	A	193.0.14.129
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+www.sub.example.com. IN A
+SECTION AUTHORITY
+com.	IN NS	a.gtld-servers.net.
+SECTION ADDITIONAL
+a.gtld-servers.net.	IN 	A	192.5.6.30
+ENTRY_END
+RANGE_END
+
+; a.gtld-servers.net.
+RANGE_BEGIN 0 100
+	ADDRESS 192.5.6.30
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+com. IN NS
+SECTION ANSWER
+com.    IN NS   a.gtld-servers.net.
+SECTION ADDITIONAL
+a.gtld-servers.net.     IN      A       192.5.6.30
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+www.sub.example.com. IN A
+SECTION AUTHORITY
+example.com.	IN NS	ns.example.com.
+SECTION ADDITIONAL
+ns.example.com.		IN 	A	1.2.3.4
+ENTRY_END
+RANGE_END
+
+; ns.example.com.
+RANGE_BEGIN 0 100
+	ADDRESS 1.2.3.4
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+example.com. IN NS
+SECTION ANSWER
+example.com.    IN NS   ns.example.com.
+example.com.    3600    IN      RRSIG   NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854}
+SECTION ADDITIONAL
+ns.example.com.         IN      A       1.2.3.4
+ns.example.com. 3600    IN      RRSIG   A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854}
+ENTRY_END
+
+; response to DNSKEY priming query
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+example.com. IN DNSKEY
+SECTION ANSWER
+example.com.    3600    IN      DNSKEY  256 3 3 ALXLUsWqUrY3JYER3T4TBJII s70j+sDS/UT2QRp61SE7S3E EXopNXoFE73JLRmvpi/UrOO/Vz4Se 6wXv/CYCKjGw06U4WRgR YXcpEhJROyNapmdIKSx hOzfLVE1gqA0PweZR8d tY3aNQSRn3sPpwJr6Mi /PqQKAMMrZ9ckJpf1+b QMOOvxgzz2U1GS18b3y ZKcgTMEaJzd/GZYzi/B N2DzQ0MsrSwYXfsNLFO Bbs8PJMW4LYIxeeOe6rUgkWOF 7CC9Dh/dduQ1QrsJhmZAEFfd6ByYV+ ;{id = 2854 (zsk), size = 1688b}
+example.com. 3600    IN      RRSIG   DNSKEY DSA 2 3600 20070926134150 20070829134150 2854 example.com. MCwCFBQRtlR4BEv9ohi+PGFjp+AHsJuHAhRCvz0shggvnvI88DFnBDCczHUcVA== ;{id = 2854}
+SECTION AUTHORITY
+example.com.	IN NS	ns.example.com.
+example.com.    3600    IN      RRSIG   NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854}
+SECTION ADDITIONAL
+ns.example.com.		IN 	A	1.2.3.4
+ns.example.com. 3600    IN      RRSIG   A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854}
+ENTRY_END
+
+; response for delegation to sub.example.com.
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+www.sub.example.com. IN A
+SECTION ANSWER
+SECTION AUTHORITY
+sub.example.com. IN	NS ns.sub.example.com.
+sub.example.com. IN	NSEC www.example.com. NS RRSIG NSEC
+sub.example.com.        3600    IN      RRSIG   NSEC 3 3 3600 20070926134150 20070829134150 2854 example.com. MCwCFDCaiDM6G+glwNW276HWdH+McmjgAhRSwF5OfimNQCqkWgnYotLOwUghKQ== ;{id = 2854}
+SECTION ADDITIONAL
+ns.sub.example.com. IN A 1.2.3.6
+ENTRY_END
+
+; query for missing DS record.
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+sub.example.com. IN DS
+SECTION ANSWER
+SECTION AUTHORITY
+example.com.	IN	SOA ns.example.com. h.example.com. 2007090504 1800 1800 2419200 7200
+example.com.    3600    IN      RRSIG   SOA 3 2 3600 20070926134150 20070829134150 2854 example.com. MCwCFC5uwIHSehZtetK2CMNXttSFUB0XAhROFDAgy/FaxR8zFXJzyPdpQG93Sw== ;{id = 2854}
+sub.example.com. IN	NSEC www.example.com. NS RRSIG NSEC
+sub.example.com.        3600    IN      RRSIG   NSEC 3 3 3600 20070926134150 20070829134150 2854 example.com. MCwCFDCaiDM6G+glwNW276HWdH+McmjgAhRSwF5OfimNQCqkWgnYotLOwUghKQ== ;{id = 2854}
+SECTION ADDITIONAL
+ns.sub.example.com. IN A 1.2.3.6
+ENTRY_END
+
+
+RANGE_END
+
+; ns.sub.example.com.
+RANGE_BEGIN 0 100
+	ADDRESS 1.2.3.6
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+sub.example.com. IN NS
+SECTION ANSWER
+sub.example.com. IN	NS ns.sub.example.com.
+SECTION ADDITIONAL
+ns.sub.example.com. IN A 1.2.3.6
+ENTRY_END
+
+; response to query of interest
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+www.sub.example.com. IN A
+SECTION ANSWER
+www.sub.example.com. IN A	11.11.11.11
+SECTION AUTHORITY
+SECTION ADDITIONAL
+ENTRY_END
+RANGE_END
+
+STEP 1 QUERY
+ENTRY_BEGIN
+REPLY RD DO
+SECTION QUESTION
+www.sub.example.com. IN A
+ENTRY_END
+
+; recursion happens here.
+STEP 10 CHECK_ANSWER
+ENTRY_BEGIN
+MATCH all
+REPLY QR RD RA DO NOERROR
+SECTION QUESTION
+www.sub.example.com. IN A
+SECTION ANSWER
+www.sub.example.com. 	3600	IN	A	11.11.11.11
+SECTION AUTHORITY
+SECTION ADDITIONAL
+ENTRY_END
+
+; the downstream validator wants the DS record.
+STEP 20 QUERY
+ENTRY_BEGIN
+REPLY RD DO
+SECTION QUESTION
+sub.example.com. IN DS
+ENTRY_END
+
+STEP 30 CHECK_ANSWER
+ENTRY_BEGIN
+MATCH all
+REPLY QR RD RA AD DO NOERROR
+SECTION QUESTION
+sub.example.com. IN DS
+SECTION ANSWER
+SECTION AUTHORITY
+example.com.	IN	SOA ns.example.com. h.example.com. 2007090504 1800 1800 2419200 7200
+example.com.    3600    IN      RRSIG   SOA 3 2 3600 20070926134150 20070829134150 2854 example.com. MCwCFC5uwIHSehZtetK2CMNXttSFUB0XAhROFDAgy/FaxR8zFXJzyPdpQG93Sw== ;{id = 2854}
+sub.example.com. IN	NSEC www.example.com. NS RRSIG NSEC
+sub.example.com.        3600    IN      RRSIG   NSEC 3 3 3600 20070926134150 20070829134150 2854 example.com. MCwCFDCaiDM6G+glwNW276HWdH+McmjgAhRSwF5OfimNQCqkWgnYotLOwUghKQ== ;{id = 2854}
+ENTRY_END
+
+SCENARIO_END
diff --git a/src/test/resources/unbound/val_negcache_dssoa.rpl b/src/test/resources/unbound/val_negcache_dssoa.rpl
new file mode 100644
index 000000000..0121d1ff6
--- /dev/null
+++ b/src/test/resources/unbound/val_negcache_dssoa.rpl
@@ -0,0 +1,256 @@
+; config options
+; The island of trust is at example.com
+server:
+	trust-anchor: "example.com.    3600    IN      DS      2854 3 1 46e4ffc6e9a4793b488954bd3f0cc6af0dfb201b"
+	val-override-date: "20070916134226"
+	target-fetch-policy: "0 0 0 0 0"
+	qname-minimisation: "no"
+	fake-sha1: yes
+	trust-anchor-signaling: no
+
+stub-zone:
+	name: "."
+	stub-addr: 193.0.14.129 	# K.ROOT-SERVERS.NET.
+CONFIG_END
+
+SCENARIO_BEGIN Test validator with negative cache DS response with cached SOA
+
+; K.ROOT-SERVERS.NET.
+RANGE_BEGIN 0 100
+	ADDRESS 193.0.14.129 
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+. IN NS
+SECTION ANSWER
+. IN NS	K.ROOT-SERVERS.NET.
+SECTION ADDITIONAL
+K.ROOT-SERVERS.NET.	IN	A	193.0.14.129
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+www.sub.example.com. IN A
+SECTION AUTHORITY
+com.	IN NS	a.gtld-servers.net.
+SECTION ADDITIONAL
+a.gtld-servers.net.	IN 	A	192.5.6.30
+ENTRY_END
+RANGE_END
+
+; a.gtld-servers.net.
+RANGE_BEGIN 0 100
+	ADDRESS 192.5.6.30
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+com. IN NS
+SECTION ANSWER
+com.    IN NS   a.gtld-servers.net.
+SECTION ADDITIONAL
+a.gtld-servers.net.     IN      A       192.5.6.30
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+www.sub.example.com. IN A
+SECTION AUTHORITY
+example.com.	IN NS	ns.example.com.
+SECTION ADDITIONAL
+ns.example.com.		IN 	A	1.2.3.4
+ENTRY_END
+RANGE_END
+
+; ns.example.com.
+RANGE_BEGIN 0 100
+	ADDRESS 1.2.3.4
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+example.com. IN NS
+SECTION ANSWER
+example.com.    IN NS   ns.example.com.
+example.com.    3600    IN      RRSIG   NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854}
+SECTION ADDITIONAL
+ns.example.com.         IN      A       1.2.3.4
+ns.example.com. 3600    IN      RRSIG   A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854}
+ENTRY_END
+
+; response to DNSKEY priming query
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+example.com. IN DNSKEY
+SECTION ANSWER
+example.com.    3600    IN      DNSKEY  256 3 3 ALXLUsWqUrY3JYER3T4TBJII s70j+sDS/UT2QRp61SE7S3E EXopNXoFE73JLRmvpi/UrOO/Vz4Se 6wXv/CYCKjGw06U4WRgR YXcpEhJROyNapmdIKSx hOzfLVE1gqA0PweZR8d tY3aNQSRn3sPpwJr6Mi /PqQKAMMrZ9ckJpf1+b QMOOvxgzz2U1GS18b3y ZKcgTMEaJzd/GZYzi/B N2DzQ0MsrSwYXfsNLFO Bbs8PJMW4LYIxeeOe6rUgkWOF 7CC9Dh/dduQ1QrsJhmZAEFfd6ByYV+ ;{id = 2854 (zsk), size = 1688b}
+example.com. 3600    IN      RRSIG   DNSKEY DSA 2 3600 20070926134150 20070829134150 2854 example.com. MCwCFBQRtlR4BEv9ohi+PGFjp+AHsJuHAhRCvz0shggvnvI88DFnBDCczHUcVA== ;{id = 2854}
+SECTION AUTHORITY
+example.com.	IN NS	ns.example.com.
+example.com.    3600    IN      RRSIG   NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854}
+SECTION ADDITIONAL
+ns.example.com.		IN 	A	1.2.3.4
+ns.example.com. 3600    IN      RRSIG   A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854}
+ENTRY_END
+
+; response for delegation to sub.example.com.
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+www.sub.example.com. IN A
+SECTION ANSWER
+SECTION AUTHORITY
+sub.example.com. IN	NS ns.sub.example.com.
+sub.example.com. IN	NSEC www.example.com. NS RRSIG NSEC
+sub.example.com.        3600    IN      RRSIG   NSEC 3 3 3600 20070926134150 20070829134150 2854 example.com. MCwCFDCaiDM6G+glwNW276HWdH+McmjgAhRSwF5OfimNQCqkWgnYotLOwUghKQ== ;{id = 2854}
+SECTION ADDITIONAL
+ns.sub.example.com. IN A 1.2.3.6
+ENTRY_END
+
+; query for missing DS record.
+; commented out, this query should not happen as negative cache works.
+;ENTRY_BEGIN
+;MATCH opcode qtype qname
+;ADJUST copy_id
+;REPLY QR NOERROR
+;SECTION QUESTION
+;sub.example.com. IN DS
+;SECTION ANSWER
+;SECTION AUTHORITY
+;example.com.	IN	SOA ns.example.com. h.example.com. 2007090504 1800 1800 2419200 7200
+;example.com.    3600    IN      RRSIG   SOA 3 2 3600 20070926134150 20070829134150 2854 example.com. MCwCFC5uwIHSehZtetK2CMNXttSFUB0XAhROFDAgy/FaxR8zFXJzyPdpQG93Sw== ;{id = 2854}
+;sub.example.com. IN	NSEC www.example.com. NS RRSIG NSEC
+;sub.example.com.        3600    IN      RRSIG   NSEC 3 3 3600 20070926134150 20070829134150 2854 example.com. MCwCFDCaiDM6G+glwNW276HWdH+McmjgAhRSwF5OfimNQCqkWgnYotLOwUghKQ== ;{id = 2854}
+;SECTION ADDITIONAL
+;ns.sub.example.com. IN A 1.2.3.6
+;ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR AA NXDOMAIN
+SECTION QUESTION
+nx.example.com. IN A
+SECTION AUTHORITY
+example.com.	7200 IN	SOA ns.example.com. h.example.com. 2007090504 1800 1800 2419200 7200
+example.com.    7200 IN      RRSIG   SOA 3 2 3600 20070926134150 20070829134150 2854 example.com. MCwCFC5uwIHSehZtetK2CMNXttSFUB0XAhROFDAgy/FaxR8zFXJzyPdpQG93Sw== ;{id = 2854}
+nw.example.com.	7200	IN	NSEC	ny.example.com. A RRSIG 
+nw.example.com.	7200	IN	RRSIG	NSEC 3 3 3600 20070926134150 20070829134150 2854 example.com. AHMp+sqWyR3JL6P0LhJ10fufMFSkW9+DM3QghOokyqgbRu54Q1XrHoE= ;{id = 2854}
+!.example.com. 7200 IN NSEC +.example.com. A RRSIG
+!.example.com.	7200	IN	RRSIG	NSEC 3 3 7200 20070926134150 20070829134150 2854 example.com. AJsNy2VkFTJEMShfEcvIkBe+UViVYDJbNNuGnwf/QecOrhONaVpIXy4= ;{id = 2854}
+ENTRY_END
+
+RANGE_END
+
+; ns.sub.example.com.
+RANGE_BEGIN 0 100
+	ADDRESS 1.2.3.6
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+sub.example.com. IN NS
+SECTION ANSWER
+sub.example.com. IN	NS ns.sub.example.com.
+SECTION ADDITIONAL
+ns.sub.example.com. IN A 1.2.3.6
+ENTRY_END
+
+; response to query of interest
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+www.sub.example.com. IN A
+SECTION ANSWER
+www.sub.example.com. IN A	11.11.11.11
+SECTION AUTHORITY
+SECTION ADDITIONAL
+ENTRY_END
+RANGE_END
+
+STEP 1 QUERY
+ENTRY_BEGIN
+REPLY RD DO
+SECTION QUESTION
+www.sub.example.com. IN A
+ENTRY_END
+
+; recursion happens here.
+STEP 10 CHECK_ANSWER
+ENTRY_BEGIN
+MATCH all
+REPLY QR RD RA DO NOERROR
+SECTION QUESTION
+www.sub.example.com. IN A
+SECTION ANSWER
+www.sub.example.com. 	3600	IN	A	11.11.11.11
+SECTION AUTHORITY
+SECTION ADDITIONAL
+ENTRY_END
+
+; put the SOA into the cache
+STEP 14 QUERY
+ENTRY_BEGIN
+REPLY RD DO
+SECTION QUESTION
+nx.example.com. IN A
+ENTRY_END
+
+STEP 15 CHECK_ANSWER
+ENTRY_BEGIN
+MATCH all
+REPLY QR RD RA AD DO NXDOMAIN
+SECTION QUESTION
+nx.example.com. IN A
+SECTION ANSWER
+SECTION AUTHORITY
+example.com.	7200 IN	SOA ns.example.com. h.example.com. 2007090504 1800 1800 2419200 7200
+example.com.    7200    IN      RRSIG   SOA 3 2 3600 20070926134150 20070829134150 2854 example.com. MCwCFC5uwIHSehZtetK2CMNXttSFUB0XAhROFDAgy/FaxR8zFXJzyPdpQG93Sw== ;{id = 2854}
+nw.example.com.	7200	IN	NSEC	ny.example.com. A RRSIG 
+nw.example.com.	7200	IN	RRSIG	NSEC 3 3 3600 20070926134150 20070829134150 2854 example.com. AHMp+sqWyR3JL6P0LhJ10fufMFSkW9+DM3QghOokyqgbRu54Q1XrHoE= ;{id = 2854}
+!.example.com. 7200 IN NSEC +.example.com. A RRSIG
+!.example.com.	7200	IN	RRSIG	NSEC 3 3 7200 20070926134150 20070829134150 2854 example.com. AJsNy2VkFTJEMShfEcvIkBe+UViVYDJbNNuGnwf/QecOrhONaVpIXy4= ;{id = 2854}
+SECTION ADDITIONAL
+ENTRY_END
+
+; the downstream validator wants the DS record.
+STEP 20 QUERY
+ENTRY_BEGIN
+REPLY RD DO
+SECTION QUESTION
+sub.example.com. IN DS
+ENTRY_END
+
+STEP 30 CHECK_ANSWER
+ENTRY_BEGIN
+MATCH all
+REPLY QR RD RA AD DO NOERROR
+SECTION QUESTION
+sub.example.com. IN DS
+SECTION ANSWER
+SECTION AUTHORITY
+sub.example.com. IN	NSEC www.example.com. NS RRSIG NSEC
+sub.example.com.        3600    IN      RRSIG   NSEC 3 3 3600 20070926134150 20070829134150 2854 example.com. MCwCFDCaiDM6G+glwNW276HWdH+McmjgAhRSwF5OfimNQCqkWgnYotLOwUghKQ== ;{id = 2854}
+example.com.	7200 IN	SOA ns.example.com. h.example.com. 2007090504 1800 1800 2419200 7200
+example.com.    7200 IN RRSIG   SOA 3 2 3600 20070926134150 20070829134150 2854 example.com. MCwCFC5uwIHSehZtetK2CMNXttSFUB0XAhROFDAgy/FaxR8zFXJzyPdpQG93Sw== ;{id = 2854}
+ENTRY_END
+
+SCENARIO_END
diff --git a/src/test/resources/unbound/val_negcache_nodata.rpl b/src/test/resources/unbound/val_negcache_nodata.rpl
new file mode 100644
index 000000000..2fb9429ec
--- /dev/null
+++ b/src/test/resources/unbound/val_negcache_nodata.rpl
@@ -0,0 +1,167 @@
+; config options
+; The island of trust is at example.com
+server:
+	trust-anchor: "testzone.nlnetlabs.nl.	IN	DS	2926 8 2 6f8512d1e82eecbd684fc4a76f39f8c5b411af385494873bdead663ddb78a88b"
+	val-override-date: "20180213111425"
+	target-fetch-policy: "0 0 0 0 0"
+	qname-minimisation: "no"
+	trust-anchor-signaling: no
+	aggressive-nsec: yes
+
+stub-zone:
+	name: "testzone.nlnetlabs.nl"
+	stub-addr: 185.49.140.60
+CONFIG_END
+
+SCENARIO_BEGIN Test validator with negative cache NXDOMAIN response (aggressive NSEC)
+
+; testzone.nlnetlabs.nl nameserver
+RANGE_BEGIN 0 100
+	ADDRESS 185.49.140.60
+
+; response to DNSKEY priming query
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+testzone.nlnetlabs.nl. IN DNSKEY
+SECTION ANSWER
+testzone.nlnetlabs.nl.  3600    IN      DNSKEY  256 3 8 AwEAAbrNEg01ByEpUUiip+GNAkNVjUfeX7sl9kPUssR3JQvhCJWVs7aBY0Ae1cNtQWgzCmidGorlXvEY2nNBiMM4l7IXqopJsgyj+Cb3nQPVLi/7yVwUb+AIwSJw1gRFElMYonsMOL9qUrJi8BBCnCR0EqkL+X4slmtkXSJbzQAwvHI7
+testzone.nlnetlabs.nl.  3600    IN      DNSKEY  257 3 8 AwEAAbn0eGV0wqMBQNSVTY//BoiOD7bexC7FcVv0fH9bwjKOA8I+ob377E14vZN2xRLC2b1GG5iBckjeI+N2dB9eC2KRnScU3Gbmtw75BBYfm/y4Hu72zEjEZ0ZGv6gjSZRv/1o87ODAwQaxN8/dQD+5U/5xu12XM39bCJZx2GWTbf5L
+testzone.nlnetlabs.nl.  3600    IN      RRSIG   DNSKEY 8 3 3600 20180313101254 20180213101254 2926 testzone.nlnetlabs.nl. gSLZb/dSKutRlAKSo8ZCC1R+SkvABMYBRQsms77WPfYCDbt5GbXeuGqwGdadjEN8gGSU+qrYNxBZRhlYY6d2vtl+DGh67qwteHSwOCw0VvU64eVh38maJA1U673U4JtlBALzBOA/UHmXPlCgPPoW3BG0U3T2Qir/mqOmegmpBcw=
+SECTION AUTHORITY
+testzone.nlnetlabs.nl.  3600    IN      NS      ns.nlnetlabs.nl.
+testzone.nlnetlabs.nl.  3600    IN      RRSIG   NS 8 3 3600 20180313102201 20180213102201 44940 testzone.nlnetlabs.nl. Ox0iKc+z3i1qR1wMr8TBPYzuYO5UTaLrBsDagJAd25fvCkGN+h3HPmWlCIW0cBHsS+IaHXr1JhWutjSCc4UBcY+sT7Y7Fw3V1qdZW2KzbSgWUyPkTXoYcIIVLacSUTXEyltW6jj61WEI/RaUGUCJortvwH5iv1Hzee343isxObI=
+SECTION ADDITIONAL
+ENTRY_END
+
+; NODATA response for alligator.testzone.nlnetlabs.nl A type
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+alligator.testzone.nlnetlabs.nl. IN A
+SECTION ANSWER
+SECTION AUTHORITY
+alligator.testzone.nlnetlabs.nl.        3600    IN      NSEC    cheetah.testzone.nlnetlabs.nl. TXT RRSIG NSEC 
+alligator.testzone.nlnetlabs.nl.        3600    IN      RRSIG   NSEC 8 4 3600 20180313102201 20180213102201 44940 testzone.nlnetlabs.nl. QAgQ0AsMoYG02+VPfoOctSPlTHdQOkQt5fFkSkzIbVhUzNOqa+dB/Qkc81AwFeJosA+PvYjt6utcVkIWmK2Djy9eXC49gILtVF79vUe4G7ZrybO5NXjqNa5ANoUGM+yew4wkjeNOMVAsvs+1kvFY7S8RAa/0AIYlZHQ8vNBPNaI=
+testzone.nlnetlabs.nl.  3600    IN      SOA     ns.nlnetlabs.nl. ralph.nlnetlabs.nl. 1 14400 3600 604800 3600
+testzone.nlnetlabs.nl.  3600    IN      RRSIG   SOA 8 3 3600 20180313102201 20180213102201 44940 testzone.nlnetlabs.nl. GhmXNFQktZIgaBpGKwj9Q2mfq5+jcbRPK+PPgtRVicUPZga/d/iGEL8PV/8DzGwkaZbM14pamSUMgdJibW4zNhLz/ukjPilbjoj6giH1jtbdZLAQ6iK9pZ/4jKUEq4txviTczZNnDeolgPEEl4xo4NclQmi7zj1XBlQRbjvG0/0=
+SECTION ADDITIONAL
+ENTRY_END
+
+; NXDOMAIN response for emu.testzone.nlnetlabs.nl
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NXDOMAIN
+SECTION QUESTION
+emu.testzone.nlnetlabs.nl. IN TXT
+SECTION ANSWER
+SECTION AUTHORITY
+*.elephant.testzone.nlnetlabs.nl.       3600    IN      NSEC    duck.ent.testzone.nlnetlabs.nl. TXT RRSIG NSEC 
+*.elephant.testzone.nlnetlabs.nl.       3600    IN      RRSIG   NSEC 8 4 3600 20180313102201 20180213102201 44940 testzone.nlnetlabs.nl. GC4dtR5zYvfuIgMpr6gF8jV69wsi2GwGlftTl532H2sZP7nWa5cJmJ59+q4evBZ+P3fLxaZeGBpsp3fn1e7yadLW5PGiA25qrjG0TGVQgOPdIV+lo45sxn7Yn8apiXcJf/vtXZMR7FcHYK/BieTo2hafa2zaftfQVRA7hpJ/HDc=
+testzone.nlnetlabs.nl.  3600    IN      NSEC    alligator.testzone.nlnetlabs.nl. NS SOA RRSIG NSEC DNSKEY 
+testzone.nlnetlabs.nl.  3600    IN      RRSIG   NSEC 8 3 3600 20180313102201 20180213102201 44940 testzone.nlnetlabs.nl. gTKn6U1nal9oA79IRxLa/7zexl6A0yJZzeEGBbZ5rh5feyAr2X4LTR9bPCgcHeMVggf4FP+kD1L/sxzj/YLwB1ZKGKlwnzsHtPFTlmvDClaqQ76DRZq5Vejr2ZfnclBUb2vtxaXywTRW8oueaaq9flcShEQ/cQ+KRU8sc344qd0=
+testzone.nlnetlabs.nl.  3600    IN      SOA     ns.nlnetlabs.nl. ralph.nlnetlabs.nl. 1 14400 3600 604800 3600
+testzone.nlnetlabs.nl.  3600    IN      RRSIG   SOA 8 3 3600 20180313102201 20180213102201 44940 testzone.nlnetlabs.nl. GhmXNFQktZIgaBpGKwj9Q2mfq5+jcbRPK+PPgtRVicUPZga/d/iGEL8PV/8DzGwkaZbM14pamSUMgdJibW4zNhLz/ukjPilbjoj6giH1jtbdZLAQ6iK9pZ/4jKUEq4txviTczZNnDeolgPEEl4xo4NclQmi7zj1XBlQRbjvG0/0=
+SECTION ADDITIONAL
+ENTRY_END
+
+; No answer for ant.testzone.nlnetlabs.nl
+
+RANGE_END
+
+STEP 1 QUERY
+ENTRY_BEGIN
+REPLY RD DO
+SECTION QUESTION
+alligator.testzone.nlnetlabs.nl. IN A
+ENTRY_END
+
+; recursion happens here.
+STEP 10 CHECK_ANSWER
+ENTRY_BEGIN
+MATCH all
+REPLY QR RD RA DO AD NOERROR
+SECTION QUESTION
+alligator.testzone.nlnetlabs.nl. IN A
+SECTION ANSWER
+SECTION AUTHORITY
+alligator.testzone.nlnetlabs.nl.        3600    IN      NSEC    cheetah.testzone.nlnetlabs.nl. TXT RRSIG NSEC 
+alligator.testzone.nlnetlabs.nl.        3600    IN      RRSIG   NSEC 8 4 3600 20180313102201 20180213102201 44940 testzone.nlnetlabs.nl. QAgQ0AsMoYG02+VPfoOctSPlTHdQOkQt5fFkSkzIbVhUzNOqa+dB/Qkc81AwFeJosA+PvYjt6utcVkIWmK2Djy9eXC49gILtVF79vUe4G7ZrybO5NXjqNa5ANoUGM+yew4wkjeNOMVAsvs+1kvFY7S8RAa/0AIYlZHQ8vNBPNaI=
+testzone.nlnetlabs.nl.  3600    IN      SOA     ns.nlnetlabs.nl. ralph.nlnetlabs.nl. 1 14400 3600 604800 3600
+testzone.nlnetlabs.nl.  3600    IN      RRSIG   SOA 8 3 3600 20180313102201 20180213102201 44940 testzone.nlnetlabs.nl. GhmXNFQktZIgaBpGKwj9Q2mfq5+jcbRPK+PPgtRVicUPZga/d/iGEL8PV/8DzGwkaZbM14pamSUMgdJibW4zNhLz/ukjPilbjoj6giH1jtbdZLAQ6iK9pZ/4jKUEq4txviTczZNnDeolgPEEl4xo4NclQmi7zj1XBlQRbjvG0/0=
+SECTION ADDITIONAL
+ENTRY_END
+
+; AAAA query for alligator.testzone.nlnetlabs.nl, which isn't on the testzone nameserver
+STEP 20 QUERY
+ENTRY_BEGIN
+REPLY RD DO
+SECTION QUESTION
+alligator.testzone.nlnetlabs.nl. IN AAAA
+ENTRY_END
+
+STEP 30 CHECK_ANSWER
+ENTRY_BEGIN
+MATCH all
+REPLY QR RD RA AD DO NOERROR
+SECTION QUESTION
+alligator.testzone.nlnetlabs.nl. IN AAAA
+SECTION ANSWER
+SECTION AUTHORITY
+alligator.testzone.nlnetlabs.nl.        3600    IN      NSEC    cheetah.testzone.nlnetlabs.nl. TXT RRSIG NSEC 
+alligator.testzone.nlnetlabs.nl.        3600    IN      RRSIG   NSEC 8 4 3600 20180313102201 20180213102201 44940 testzone.nlnetlabs.nl. QAgQ0AsMoYG02+VPfoOctSPlTHdQOkQt5fFkSkzIbVhUzNOqa+dB/Qkc81AwFeJosA+PvYjt6utcVkIWmK2Djy9eXC49gILtVF79vUe4G7ZrybO5NXjqNa5ANoUGM+yew4wkjeNOMVAsvs+1kvFY7S8RAa/0AIYlZHQ8vNBPNaI=
+testzone.nlnetlabs.nl.  3600    IN      SOA     ns.nlnetlabs.nl. ralph.nlnetlabs.nl. 1 14400 3600 604800 3600
+testzone.nlnetlabs.nl.  3600    IN      RRSIG   SOA 8 3 3600 20180313102201 20180213102201 44940 testzone.nlnetlabs.nl. GhmXNFQktZIgaBpGKwj9Q2mfq5+jcbRPK+PPgtRVicUPZga/d/iGEL8PV/8DzGwkaZbM14pamSUMgdJibW4zNhLz/ukjPilbjoj6giH1jtbdZLAQ6iK9pZ/4jKUEq4txviTczZNnDeolgPEEl4xo4NclQmi7zj1XBlQRbjvG0/0=
+ENTRY_END
+
+STEP 40 QUERY
+ENTRY_BEGIN
+REPLY RD DO
+SECTION QUESTION
+emu.testzone.nlnetlabs.nl. IN TXT
+ENTRY_END
+
+STEP 50 CHECK_ANSWER
+ENTRY_BEGIN
+MATCH all
+REPLY QR RD RA AD DO NXDOMAIN
+SECTION QUESTION
+emu.testzone.nlnetlabs.nl. IN TXT
+SECTION ANSWER
+SECTION AUTHORITY
+*.elephant.testzone.nlnetlabs.nl.       3600    IN      NSEC    duck.ent.testzone.nlnetlabs.nl. TXT RRSIG NSEC 
+*.elephant.testzone.nlnetlabs.nl.       3600    IN      RRSIG   NSEC 8 4 3600 20180313102201 20180213102201 44940 testzone.nlnetlabs.nl. GC4dtR5zYvfuIgMpr6gF8jV69wsi2GwGlftTl532H2sZP7nWa5cJmJ59+q4evBZ+P3fLxaZeGBpsp3fn1e7yadLW5PGiA25qrjG0TGVQgOPdIV+lo45sxn7Yn8apiXcJf/vtXZMR7FcHYK/BieTo2hafa2zaftfQVRA7hpJ/HDc=
+testzone.nlnetlabs.nl.  3600    IN      NSEC    alligator.testzone.nlnetlabs.nl. NS SOA RRSIG NSEC DNSKEY 
+testzone.nlnetlabs.nl.  3600    IN      RRSIG   NSEC 8 3 3600 20180313102201 20180213102201 44940 testzone.nlnetlabs.nl. gTKn6U1nal9oA79IRxLa/7zexl6A0yJZzeEGBbZ5rh5feyAr2X4LTR9bPCgcHeMVggf4FP+kD1L/sxzj/YLwB1ZKGKlwnzsHtPFTlmvDClaqQ76DRZq5Vejr2ZfnclBUb2vtxaXywTRW8oueaaq9flcShEQ/cQ+KRU8sc344qd0=
+testzone.nlnetlabs.nl.  3600    IN      SOA     ns.nlnetlabs.nl. ralph.nlnetlabs.nl. 1 14400 3600 604800 3600
+testzone.nlnetlabs.nl.  3600    IN      RRSIG   SOA 8 3 3600 20180313102201 20180213102201 44940 testzone.nlnetlabs.nl. GhmXNFQktZIgaBpGKwj9Q2mfq5+jcbRPK+PPgtRVicUPZga/d/iGEL8PV/8DzGwkaZbM14pamSUMgdJibW4zNhLz/ukjPilbjoj6giH1jtbdZLAQ6iK9pZ/4jKUEq4txviTczZNnDeolgPEEl4xo4NclQmi7zj1XBlQRbjvG0/0=
+ENTRY_END
+
+STEP 60 QUERY
+ENTRY_BEGIN
+REPLY RD DO
+SECTION QUESTION
+ent.testzone.nlnetlabs.nl. IN TXT
+ENTRY_END
+
+; query for ENT, must result in NOERROR answer
+STEP 70 CHECK_ANSWER
+ENTRY_BEGIN
+MATCH all
+REPLY QR RD RA AD DO NOERROR
+SECTION QUESTION
+ent.testzone.nlnetlabs.nl. IN TXT
+SECTION ANSWER
+SECTION AUTHORITY
+*.elephant.testzone.nlnetlabs.nl.       3600    IN      NSEC    duck.ent.testzone.nlnetlabs.nl. TXT RRSIG NSEC 
+*.elephant.testzone.nlnetlabs.nl.       3600    IN      RRSIG   NSEC 8 4 3600 20180313102201 20180213102201 44940 testzone.nlnetlabs.nl. GC4dtR5zYvfuIgMpr6gF8jV69wsi2GwGlftTl532H2sZP7nWa5cJmJ59+q4evBZ+P3fLxaZeGBpsp3fn1e7yadLW5PGiA25qrjG0TGVQgOPdIV+lo45sxn7Yn8apiXcJf/vtXZMR7FcHYK/BieTo2hafa2zaftfQVRA7hpJ/HDc=
+testzone.nlnetlabs.nl.  3600    IN      SOA     ns.nlnetlabs.nl. ralph.nlnetlabs.nl. 1 14400 3600 604800 3600
+testzone.nlnetlabs.nl.  3600    IN      RRSIG   SOA 8 3 3600 20180313102201 20180213102201 44940 testzone.nlnetlabs.nl. GhmXNFQktZIgaBpGKwj9Q2mfq5+jcbRPK+PPgtRVicUPZga/d/iGEL8PV/8DzGwkaZbM14pamSUMgdJibW4zNhLz/ukjPilbjoj6giH1jtbdZLAQ6iK9pZ/4jKUEq4txviTczZNnDeolgPEEl4xo4NclQmi7zj1XBlQRbjvG0/0=
+ENTRY_END
+
+SCENARIO_END
diff --git a/src/test/resources/unbound/val_negcache_nta.rpl b/src/test/resources/unbound/val_negcache_nta.rpl
new file mode 100644
index 000000000..95c25fd94
--- /dev/null
+++ b/src/test/resources/unbound/val_negcache_nta.rpl
@@ -0,0 +1,121 @@
+; config options
+; The island of trust is at testzone.nlnetlabs.nl
+server:
+	trust-anchor: "testzone.nlnetlabs.nl.	IN	DS	2926 8 2 6f8512d1e82eecbd684fc4a76f39f8c5b411af385494873bdead663ddb78a88b"
+	val-override-date: "20180213111425"
+	target-fetch-policy: "0 0 0 0 0"
+	qname-minimisation: "no"
+	trust-anchor-signaling: no
+	aggressive-nsec: yes
+	domain-insecure: "ant.testzone.nlnetlabs.nl"
+
+stub-zone:
+	name: "testzone.nlnetlabs.nl"
+	stub-addr: 185.49.140.60
+stub-zone:
+	name: "ant.testzone.nlnetlabs.nl"
+	stub-addr: 185.49.140.61
+CONFIG_END
+
+SCENARIO_BEGIN Test to not do aggressive NSEC for domains under NTA
+
+; testzone.nlnetlabs.nl nameserver
+RANGE_BEGIN 0 100
+	ADDRESS 185.49.140.60
+
+; response to DNSKEY priming query
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+testzone.nlnetlabs.nl. IN DNSKEY
+SECTION ANSWER
+testzone.nlnetlabs.nl.  3600    IN      DNSKEY  256 3 8 AwEAAbrNEg01ByEpUUiip+GNAkNVjUfeX7sl9kPUssR3JQvhCJWVs7aBY0Ae1cNtQWgzCmidGorlXvEY2nNBiMM4l7IXqopJsgyj+Cb3nQPVLi/7yVwUb+AIwSJw1gRFElMYonsMOL9qUrJi8BBCnCR0EqkL+X4slmtkXSJbzQAwvHI7
+testzone.nlnetlabs.nl.  3600    IN      DNSKEY  257 3 8 AwEAAbn0eGV0wqMBQNSVTY//BoiOD7bexC7FcVv0fH9bwjKOA8I+ob377E14vZN2xRLC2b1GG5iBckjeI+N2dB9eC2KRnScU3Gbmtw75BBYfm/y4Hu72zEjEZ0ZGv6gjSZRv/1o87ODAwQaxN8/dQD+5U/5xu12XM39bCJZx2GWTbf5L
+testzone.nlnetlabs.nl.  3600    IN      RRSIG   DNSKEY 8 3 3600 20180313101254 20180213101254 2926 testzone.nlnetlabs.nl. gSLZb/dSKutRlAKSo8ZCC1R+SkvABMYBRQsms77WPfYCDbt5GbXeuGqwGdadjEN8gGSU+qrYNxBZRhlYY6d2vtl+DGh67qwteHSwOCw0VvU64eVh38maJA1U673U4JtlBALzBOA/UHmXPlCgPPoW3BG0U3T2Qir/mqOmegmpBcw=
+SECTION AUTHORITY
+testzone.nlnetlabs.nl.  3600    IN      NS      ns.nlnetlabs.nl.
+testzone.nlnetlabs.nl.  3600    IN      RRSIG   NS 8 3 3600 20180313102201 20180213102201 44940 testzone.nlnetlabs.nl. Ox0iKc+z3i1qR1wMr8TBPYzuYO5UTaLrBsDagJAd25fvCkGN+h3HPmWlCIW0cBHsS+IaHXr1JhWutjSCc4UBcY+sT7Y7Fw3V1qdZW2KzbSgWUyPkTXoYcIIVLacSUTXEyltW6jj61WEI/RaUGUCJortvwH5iv1Hzee343isxObI=
+SECTION ADDITIONAL
+ENTRY_END
+
+; response for antelope.testzone.nlnetlabs.nl.
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NXDOMAIN
+SECTION QUESTION
+antelope.testzone.nlnetlabs.nl. IN TXT
+SECTION ANSWER
+SECTION AUTHORITY
+testzone.nlnetlabs.nl.  3600    IN      NSEC    alligator.testzone.nlnetlabs.nl. NS SOA RRSIG NSEC DNSKEY 
+testzone.nlnetlabs.nl.  3600    IN      RRSIG   NSEC 8 3 3600 20180313102201 20180213102201 44940 testzone.nlnetlabs.nl. gTKn6U1nal9oA79IRxLa/7zexl6A0yJZzeEGBbZ5rh5feyAr2X4LTR9bPCgcHeMVggf4FP+kD1L/sxzj/YLwB1ZKGKlwnzsHtPFTlmvDClaqQ76DRZq5Vejr2ZfnclBUb2vtxaXywTRW8oueaaq9flcShEQ/cQ+KRU8sc344qd0=
+alligator.testzone.nlnetlabs.nl.        3600    IN      NSEC    cheetah.testzone.nlnetlabs.nl. TXT RRSIG NSEC 
+alligator.testzone.nlnetlabs.nl.        3600    IN      RRSIG   NSEC 8 4 3600 20180313102201 20180213102201 44940 testzone.nlnetlabs.nl. QAgQ0AsMoYG02+VPfoOctSPlTHdQOkQt5fFkSkzIbVhUzNOqa+dB/Qkc81AwFeJosA+PvYjt6utcVkIWmK2Djy9eXC49gILtVF79vUe4G7ZrybO5NXjqNa5ANoUGM+yew4wkjeNOMVAsvs+1kvFY7S8RAa/0AIYlZHQ8vNBPNaI=
+testzone.nlnetlabs.nl.  3600    IN      SOA     ns.nlnetlabs.nl. ralph.nlnetlabs.nl. 1 14400 3600 604800 3600
+testzone.nlnetlabs.nl.  3600    IN      RRSIG   SOA 8 3 3600 20180313102201 20180213102201 44940 testzone.nlnetlabs.nl. GhmXNFQktZIgaBpGKwj9Q2mfq5+jcbRPK+PPgtRVicUPZga/d/iGEL8PV/8DzGwkaZbM14pamSUMgdJibW4zNhLz/ukjPilbjoj6giH1jtbdZLAQ6iK9pZ/4jKUEq4txviTczZNnDeolgPEEl4xo4NclQmi7zj1XBlQRbjvG0/0=
+SECTION ADDITIONAL
+ENTRY_END
+
+RANGE_END
+
+; ant.testzone.nlnetlabs.nl nameserver
+RANGE_BEGIN 0 100
+	ADDRESS 185.49.140.61
+
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+ant.testzone.nlnetlabs.nl. IN TXT
+SECTION ANSWER
+ant.testzone.nlnetlabs.nl.  10    IN      TXT      "domain under NTA"
+ENTRY_END
+RANGE_END
+
+STEP 1 QUERY
+ENTRY_BEGIN
+REPLY RD DO
+SECTION QUESTION
+antelope.testzone.nlnetlabs.nl. IN TXT
+ENTRY_END
+
+; recursion happens here.
+STEP 10 CHECK_ANSWER
+ENTRY_BEGIN
+MATCH all
+REPLY QR RD RA DO AD NXDOMAIN
+SECTION QUESTION
+antelope.testzone.nlnetlabs.nl. IN TXT
+SECTION ANSWER
+SECTION AUTHORITY
+testzone.nlnetlabs.nl.  3600    IN      NSEC    alligator.testzone.nlnetlabs.nl. NS SOA RRSIG NSEC DNSKEY 
+testzone.nlnetlabs.nl.  3600    IN      RRSIG   NSEC 8 3 3600 20180313102201 20180213102201 44940 testzone.nlnetlabs.nl. gTKn6U1nal9oA79IRxLa/7zexl6A0yJZzeEGBbZ5rh5feyAr2X4LTR9bPCgcHeMVggf4FP+kD1L/sxzj/YLwB1ZKGKlwnzsHtPFTlmvDClaqQ76DRZq5Vejr2ZfnclBUb2vtxaXywTRW8oueaaq9flcShEQ/cQ+KRU8sc344qd0=
+alligator.testzone.nlnetlabs.nl.        3600    IN      NSEC    cheetah.testzone.nlnetlabs.nl. TXT RRSIG NSEC 
+alligator.testzone.nlnetlabs.nl.        3600    IN      RRSIG   NSEC 8 4 3600 20180313102201 20180213102201 44940 testzone.nlnetlabs.nl. QAgQ0AsMoYG02+VPfoOctSPlTHdQOkQt5fFkSkzIbVhUzNOqa+dB/Qkc81AwFeJosA+PvYjt6utcVkIWmK2Djy9eXC49gILtVF79vUe4G7ZrybO5NXjqNa5ANoUGM+yew4wkjeNOMVAsvs+1kvFY7S8RAa/0AIYlZHQ8vNBPNaI=
+testzone.nlnetlabs.nl.  3600    IN      SOA     ns.nlnetlabs.nl. ralph.nlnetlabs.nl. 1 14400 3600 604800 3600
+testzone.nlnetlabs.nl.  3600    IN      RRSIG   SOA 8 3 3600 20180313102201 20180213102201 44940 testzone.nlnetlabs.nl. GhmXNFQktZIgaBpGKwj9Q2mfq5+jcbRPK+PPgtRVicUPZga/d/iGEL8PV/8DzGwkaZbM14pamSUMgdJibW4zNhLz/ukjPilbjoj6giH1jtbdZLAQ6iK9pZ/4jKUEq4txviTczZNnDeolgPEEl4xo4NclQmi7zj1XBlQRbjvG0/0=
+SECTION ADDITIONAL
+ENTRY_END
+
+; query for ant.testzone.nlnetlabs.nl, which is below an NTA
+STEP 20 QUERY
+ENTRY_BEGIN
+REPLY RD DO
+SECTION QUESTION
+ant.testzone.nlnetlabs.nl. IN TXT
+ENTRY_END
+
+STEP 30 CHECK_ANSWER
+ENTRY_BEGIN
+MATCH all
+REPLY QR RD RA DO NOERROR
+SECTION QUESTION
+ant.testzone.nlnetlabs.nl. IN TXT
+SECTION ANSWER
+ant.testzone.nlnetlabs.nl.  10    IN      TXT      "domain under NTA"
+ENTRY_END
+
+SCENARIO_END
diff --git a/src/test/resources/unbound/val_negcache_nxdomain.rpl b/src/test/resources/unbound/val_negcache_nxdomain.rpl
new file mode 100644
index 000000000..520c5775d
--- /dev/null
+++ b/src/test/resources/unbound/val_negcache_nxdomain.rpl
@@ -0,0 +1,110 @@
+; config options
+; The island of trust is at example.com
+server:
+	trust-anchor: "testzone.nlnetlabs.nl.	IN	DS	2926 8 2 6f8512d1e82eecbd684fc4a76f39f8c5b411af385494873bdead663ddb78a88b"
+	val-override-date: "20180213111425"
+	target-fetch-policy: "0 0 0 0 0"
+	qname-minimisation: "no"
+	trust-anchor-signaling: no
+	aggressive-nsec: yes
+
+stub-zone:
+	name: "testzone.nlnetlabs.nl"
+	stub-addr: 185.49.140.60
+CONFIG_END
+
+SCENARIO_BEGIN Test validator with negative cache NXDOMAIN response (aggressive NSEC)
+
+; testzone.nlnetlabs.nl nameserver
+RANGE_BEGIN 0 100
+	ADDRESS 185.49.140.60
+
+; response to DNSKEY priming query
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+testzone.nlnetlabs.nl. IN DNSKEY
+SECTION ANSWER
+testzone.nlnetlabs.nl.  3600    IN      DNSKEY  256 3 8 AwEAAbrNEg01ByEpUUiip+GNAkNVjUfeX7sl9kPUssR3JQvhCJWVs7aBY0Ae1cNtQWgzCmidGorlXvEY2nNBiMM4l7IXqopJsgyj+Cb3nQPVLi/7yVwUb+AIwSJw1gRFElMYonsMOL9qUrJi8BBCnCR0EqkL+X4slmtkXSJbzQAwvHI7
+testzone.nlnetlabs.nl.  3600    IN      DNSKEY  257 3 8 AwEAAbn0eGV0wqMBQNSVTY//BoiOD7bexC7FcVv0fH9bwjKOA8I+ob377E14vZN2xRLC2b1GG5iBckjeI+N2dB9eC2KRnScU3Gbmtw75BBYfm/y4Hu72zEjEZ0ZGv6gjSZRv/1o87ODAwQaxN8/dQD+5U/5xu12XM39bCJZx2GWTbf5L
+testzone.nlnetlabs.nl.  3600    IN      RRSIG   DNSKEY 8 3 3600 20180313101254 20180213101254 2926 testzone.nlnetlabs.nl. gSLZb/dSKutRlAKSo8ZCC1R+SkvABMYBRQsms77WPfYCDbt5GbXeuGqwGdadjEN8gGSU+qrYNxBZRhlYY6d2vtl+DGh67qwteHSwOCw0VvU64eVh38maJA1U673U4JtlBALzBOA/UHmXPlCgPPoW3BG0U3T2Qir/mqOmegmpBcw=
+SECTION AUTHORITY
+testzone.nlnetlabs.nl.  3600    IN      NS      ns.nlnetlabs.nl.
+testzone.nlnetlabs.nl.  3600    IN      RRSIG   NS 8 3 3600 20180313102201 20180213102201 44940 testzone.nlnetlabs.nl. Ox0iKc+z3i1qR1wMr8TBPYzuYO5UTaLrBsDagJAd25fvCkGN+h3HPmWlCIW0cBHsS+IaHXr1JhWutjSCc4UBcY+sT7Y7Fw3V1qdZW2KzbSgWUyPkTXoYcIIVLacSUTXEyltW6jj61WEI/RaUGUCJortvwH5iv1Hzee343isxObI=
+SECTION ADDITIONAL
+ENTRY_END
+
+; response for antelope.testzone.nlnetlabs.nl.
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NXDOMAIN
+SECTION QUESTION
+antelope.testzone.nlnetlabs.nl. IN TXT
+SECTION ANSWER
+SECTION AUTHORITY
+testzone.nlnetlabs.nl.  3600    IN      NSEC    alligator.testzone.nlnetlabs.nl. NS SOA RRSIG NSEC DNSKEY 
+testzone.nlnetlabs.nl.  3600    IN      RRSIG   NSEC 8 3 3600 20180313102201 20180213102201 44940 testzone.nlnetlabs.nl. gTKn6U1nal9oA79IRxLa/7zexl6A0yJZzeEGBbZ5rh5feyAr2X4LTR9bPCgcHeMVggf4FP+kD1L/sxzj/YLwB1ZKGKlwnzsHtPFTlmvDClaqQ76DRZq5Vejr2ZfnclBUb2vtxaXywTRW8oueaaq9flcShEQ/cQ+KRU8sc344qd0=
+alligator.testzone.nlnetlabs.nl.        3600    IN      NSEC    cheetah.testzone.nlnetlabs.nl. TXT RRSIG NSEC 
+alligator.testzone.nlnetlabs.nl.        3600    IN      RRSIG   NSEC 8 4 3600 20180313102201 20180213102201 44940 testzone.nlnetlabs.nl. QAgQ0AsMoYG02+VPfoOctSPlTHdQOkQt5fFkSkzIbVhUzNOqa+dB/Qkc81AwFeJosA+PvYjt6utcVkIWmK2Djy9eXC49gILtVF79vUe4G7ZrybO5NXjqNa5ANoUGM+yew4wkjeNOMVAsvs+1kvFY7S8RAa/0AIYlZHQ8vNBPNaI=
+testzone.nlnetlabs.nl.  3600    IN      SOA     ns.nlnetlabs.nl. ralph.nlnetlabs.nl. 1 14400 3600 604800 3600
+testzone.nlnetlabs.nl.  3600    IN      RRSIG   SOA 8 3 3600 20180313102201 20180213102201 44940 testzone.nlnetlabs.nl. GhmXNFQktZIgaBpGKwj9Q2mfq5+jcbRPK+PPgtRVicUPZga/d/iGEL8PV/8DzGwkaZbM14pamSUMgdJibW4zNhLz/ukjPilbjoj6giH1jtbdZLAQ6iK9pZ/4jKUEq4txviTczZNnDeolgPEEl4xo4NclQmi7zj1XBlQRbjvG0/0=
+SECTION ADDITIONAL
+ENTRY_END
+
+; No answer for ant.testzone.nlnetlabs.nl
+
+RANGE_END
+
+STEP 1 QUERY
+ENTRY_BEGIN
+REPLY RD DO
+SECTION QUESTION
+antelope.testzone.nlnetlabs.nl. IN TXT
+ENTRY_END
+
+; recursion happens here.
+STEP 10 CHECK_ANSWER
+ENTRY_BEGIN
+MATCH all
+REPLY QR RD RA DO AD NXDOMAIN
+SECTION QUESTION
+antelope.testzone.nlnetlabs.nl. IN TXT
+SECTION ANSWER
+SECTION AUTHORITY
+testzone.nlnetlabs.nl.  3600    IN      NSEC    alligator.testzone.nlnetlabs.nl. NS SOA RRSIG NSEC DNSKEY 
+testzone.nlnetlabs.nl.  3600    IN      RRSIG   NSEC 8 3 3600 20180313102201 20180213102201 44940 testzone.nlnetlabs.nl. gTKn6U1nal9oA79IRxLa/7zexl6A0yJZzeEGBbZ5rh5feyAr2X4LTR9bPCgcHeMVggf4FP+kD1L/sxzj/YLwB1ZKGKlwnzsHtPFTlmvDClaqQ76DRZq5Vejr2ZfnclBUb2vtxaXywTRW8oueaaq9flcShEQ/cQ+KRU8sc344qd0=
+alligator.testzone.nlnetlabs.nl.        3600    IN      NSEC    cheetah.testzone.nlnetlabs.nl. TXT RRSIG NSEC 
+alligator.testzone.nlnetlabs.nl.        3600    IN      RRSIG   NSEC 8 4 3600 20180313102201 20180213102201 44940 testzone.nlnetlabs.nl. QAgQ0AsMoYG02+VPfoOctSPlTHdQOkQt5fFkSkzIbVhUzNOqa+dB/Qkc81AwFeJosA+PvYjt6utcVkIWmK2Djy9eXC49gILtVF79vUe4G7ZrybO5NXjqNa5ANoUGM+yew4wkjeNOMVAsvs+1kvFY7S8RAa/0AIYlZHQ8vNBPNaI=
+testzone.nlnetlabs.nl.  3600    IN      SOA     ns.nlnetlabs.nl. ralph.nlnetlabs.nl. 1 14400 3600 604800 3600
+testzone.nlnetlabs.nl.  3600    IN      RRSIG   SOA 8 3 3600 20180313102201 20180213102201 44940 testzone.nlnetlabs.nl. GhmXNFQktZIgaBpGKwj9Q2mfq5+jcbRPK+PPgtRVicUPZga/d/iGEL8PV/8DzGwkaZbM14pamSUMgdJibW4zNhLz/ukjPilbjoj6giH1jtbdZLAQ6iK9pZ/4jKUEq4txviTczZNnDeolgPEEl4xo4NclQmi7zj1XBlQRbjvG0/0=
+SECTION ADDITIONAL
+ENTRY_END
+
+; query for ant.testzone.nlnetlabs.nl, which isn't on the testzone nameserver
+STEP 20 QUERY
+ENTRY_BEGIN
+REPLY RD DO
+SECTION QUESTION
+ant.testzone.nlnetlabs.nl. IN TXT
+ENTRY_END
+
+STEP 30 CHECK_ANSWER
+ENTRY_BEGIN
+MATCH all
+REPLY QR RD RA AD DO NXDOMAIN
+SECTION QUESTION
+ant.testzone.nlnetlabs.nl. IN TXT
+SECTION ANSWER
+SECTION AUTHORITY
+testzone.nlnetlabs.nl.  3600    IN      NSEC    alligator.testzone.nlnetlabs.nl. NS SOA RRSIG NSEC DNSKEY 
+testzone.nlnetlabs.nl.  3600    IN      RRSIG   NSEC 8 3 3600 20180313102201 20180213102201 44940 testzone.nlnetlabs.nl. gTKn6U1nal9oA79IRxLa/7zexl6A0yJZzeEGBbZ5rh5feyAr2X4LTR9bPCgcHeMVggf4FP+kD1L/sxzj/YLwB1ZKGKlwnzsHtPFTlmvDClaqQ76DRZq5Vejr2ZfnclBUb2vtxaXywTRW8oueaaq9flcShEQ/cQ+KRU8sc344qd0=
+alligator.testzone.nlnetlabs.nl.        3600    IN      NSEC    cheetah.testzone.nlnetlabs.nl. TXT RRSIG NSEC 
+alligator.testzone.nlnetlabs.nl.        3600    IN      RRSIG   NSEC 8 4 3600 20180313102201 20180213102201 44940 testzone.nlnetlabs.nl. QAgQ0AsMoYG02+VPfoOctSPlTHdQOkQt5fFkSkzIbVhUzNOqa+dB/Qkc81AwFeJosA+PvYjt6utcVkIWmK2Djy9eXC49gILtVF79vUe4G7ZrybO5NXjqNa5ANoUGM+yew4wkjeNOMVAsvs+1kvFY7S8RAa/0AIYlZHQ8vNBPNaI=
+testzone.nlnetlabs.nl.  3600    IN      SOA     ns.nlnetlabs.nl. ralph.nlnetlabs.nl. 1 14400 3600 604800 3600
+testzone.nlnetlabs.nl.  3600    IN      RRSIG   SOA 8 3 3600 20180313102201 20180213102201 44940 testzone.nlnetlabs.nl. GhmXNFQktZIgaBpGKwj9Q2mfq5+jcbRPK+PPgtRVicUPZga/d/iGEL8PV/8DzGwkaZbM14pamSUMgdJibW4zNhLz/ukjPilbjoj6giH1jtbdZLAQ6iK9pZ/4jKUEq4txviTczZNnDeolgPEEl4xo4NclQmi7zj1XBlQRbjvG0/0=
+ENTRY_END
+
+SCENARIO_END
diff --git a/src/test/resources/unbound/val_noadwhennodo.rpl b/src/test/resources/unbound/val_noadwhennodo.rpl
new file mode 100644
index 000000000..46e1bad5a
--- /dev/null
+++ b/src/test/resources/unbound/val_noadwhennodo.rpl
@@ -0,0 +1,153 @@
+; config options
+; The island of trust is at example.com
+server:
+	trust-anchor: "example.com.    3600    IN      DS      2854 3 1 46e4ffc6e9a4793b488954bd3f0cc6af0dfb201b"
+	val-override-date: "20070916134226"
+	target-fetch-policy: "0 0 0 0 0"
+	qname-minimisation: "no"
+	fake-sha1: yes
+	trust-anchor-signaling: no
+	minimal-responses: no
+
+stub-zone:
+	name: "."
+	stub-addr: 193.0.14.129 	# K.ROOT-SERVERS.NET.
+CONFIG_END
+
+SCENARIO_BEGIN Test if AD bit is returned on non-DO query.
+
+; K.ROOT-SERVERS.NET.
+RANGE_BEGIN 0 100
+	ADDRESS 193.0.14.129 
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+. IN NS
+SECTION ANSWER
+. IN NS	K.ROOT-SERVERS.NET.
+SECTION ADDITIONAL
+K.ROOT-SERVERS.NET.	IN	A	193.0.14.129
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+www.example.com. IN A
+SECTION AUTHORITY
+com.	IN NS	a.gtld-servers.net.
+SECTION ADDITIONAL
+a.gtld-servers.net.	IN 	A	192.5.6.30
+ENTRY_END
+RANGE_END
+
+; a.gtld-servers.net.
+RANGE_BEGIN 0 100
+	ADDRESS 192.5.6.30
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+com. IN NS
+SECTION ANSWER
+com.    IN NS   a.gtld-servers.net.
+SECTION ADDITIONAL
+a.gtld-servers.net.     IN      A       192.5.6.30
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+www.example.com. IN A
+SECTION AUTHORITY
+example.com.	IN NS	ns.example.com.
+SECTION ADDITIONAL
+ns.example.com.		IN 	A	1.2.3.4
+ENTRY_END
+RANGE_END
+
+; ns.example.com.
+RANGE_BEGIN 0 100
+	ADDRESS 1.2.3.4
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+example.com. IN NS
+SECTION ANSWER
+example.com.    IN NS   ns.example.com.
+example.com.    3600    IN      RRSIG   NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854}
+SECTION ADDITIONAL
+ns.example.com.         IN      A       1.2.3.4
+ns.example.com. 3600    IN      RRSIG   A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854}
+ENTRY_END
+
+; response to DNSKEY priming query
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+example.com. IN DNSKEY
+SECTION ANSWER
+example.com.    3600    IN      DNSKEY  256 3 3 ALXLUsWqUrY3JYER3T4TBJII s70j+sDS/UT2QRp61SE7S3E EXopNXoFE73JLRmvpi/UrOO/Vz4Se 6wXv/CYCKjGw06U4WRgR YXcpEhJROyNapmdIKSx hOzfLVE1gqA0PweZR8d tY3aNQSRn3sPpwJr6Mi /PqQKAMMrZ9ckJpf1+b QMOOvxgzz2U1GS18b3y ZKcgTMEaJzd/GZYzi/B N2DzQ0MsrSwYXfsNLFO Bbs8PJMW4LYIxeeOe6rUgkWOF 7CC9Dh/dduQ1QrsJhmZAEFfd6ByYV+ ;{id = 2854 (zsk), size = 1688b}
+example.com.    3600    IN      RRSIG   DNSKEY 3 2 3600 20070926134802 20070829134802 2854 example.com. MCwCFG1yhRNtTEa3Eno2zhVVuy2EJX3wAhQeLyUp6+UXcpC5qGNu9tkrTEgPUg== ;{id = 2854}
+SECTION AUTHORITY
+example.com.	IN NS	ns.example.com.
+example.com.    3600    IN      RRSIG   NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854}
+SECTION ADDITIONAL
+ns.example.com.		IN 	A	1.2.3.4
+ns.example.com. 3600    IN      RRSIG   A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854}
+ENTRY_END
+
+; response to query of interest
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+www.example.com. IN A
+SECTION ANSWER
+www.example.com. IN A	10.20.30.40
+ns.example.com. 3600    IN      RRSIG   A 3 3 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCQMyTjn7WWwpwAR1LlVeLpRgZGuQIUCcJDEkwAuzytTDRlYK7nIMwH1CM= ;{id = 2854}
+SECTION AUTHORITY
+example.com.	IN NS	ns.example.com.
+example.com.    3600    IN      RRSIG   NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854}
+SECTION ADDITIONAL
+ns.example.com.		IN 	A	1.2.3.4
+www.example.com.        3600    IN      RRSIG   A 3 3 3600 20070926134150 20070829134150 2854 example.com. MC0CFC99iE9K5y2WNgI0gFvBWaTi9wm6AhUAoUqOpDtG5Zct+Qr9F3mSdnbc6V4= ;{id = 2854}
+ENTRY_END
+RANGE_END
+
+STEP 1 QUERY
+ENTRY_BEGIN
+REPLY RD
+SECTION QUESTION
+www.example.com. IN A
+ENTRY_END
+
+; recursion happens here.
+; it is validated, but no AD bit, because no AD was requested.
+; (this is a copy of val_positive.rpl).
+STEP 10 CHECK_ANSWER
+ENTRY_BEGIN
+MATCH all
+REPLY QR RD RA NOERROR
+SECTION QUESTION
+www.example.com. IN A
+SECTION ANSWER
+www.example.com. IN A	10.20.30.40
+SECTION AUTHORITY
+example.com.	IN NS	ns.example.com.
+SECTION ADDITIONAL
+ns.example.com.		IN 	A	1.2.3.4
+ENTRY_END
+
+SCENARIO_END
diff --git a/src/test/resources/unbound/val_nodata.rpl b/src/test/resources/unbound/val_nodata.rpl
new file mode 100644
index 000000000..f19963467
--- /dev/null
+++ b/src/test/resources/unbound/val_nodata.rpl
@@ -0,0 +1,150 @@
+; config options
+; The island of trust is at example.com
+server:
+	trust-anchor: "example.com.    3600    IN      DS      2854 3 1 46e4ffc6e9a4793b488954bd3f0cc6af0dfb201b"
+	val-override-date: "20070916134226"
+	target-fetch-policy: "0 0 0 0 0"
+	qname-minimisation: "no"
+	fake-sha1: yes
+	trust-anchor-signaling: no
+
+stub-zone:
+	name: "."
+	stub-addr: 193.0.14.129 	# K.ROOT-SERVERS.NET.
+CONFIG_END
+
+SCENARIO_BEGIN Test validator with nodata response
+
+; K.ROOT-SERVERS.NET.
+RANGE_BEGIN 0 100
+	ADDRESS 193.0.14.129 
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+. IN NS
+SECTION ANSWER
+. IN NS	K.ROOT-SERVERS.NET.
+SECTION ADDITIONAL
+K.ROOT-SERVERS.NET.	IN	A	193.0.14.129
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+www.example.com. IN A
+SECTION AUTHORITY
+com.	IN NS	a.gtld-servers.net.
+SECTION ADDITIONAL
+a.gtld-servers.net.	IN 	A	192.5.6.30
+ENTRY_END
+RANGE_END
+
+; a.gtld-servers.net.
+RANGE_BEGIN 0 100
+	ADDRESS 192.5.6.30
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+com. IN NS
+SECTION ANSWER
+com.    IN NS   a.gtld-servers.net.
+SECTION ADDITIONAL
+a.gtld-servers.net.     IN      A       192.5.6.30
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+www.example.com. IN A
+SECTION AUTHORITY
+example.com.	IN NS	ns.example.com.
+SECTION ADDITIONAL
+ns.example.com.		IN 	A	1.2.3.4
+ENTRY_END
+RANGE_END
+
+; ns.example.com.
+RANGE_BEGIN 0 100
+	ADDRESS 1.2.3.4
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+example.com. IN NS
+SECTION ANSWER
+example.com.    IN NS   ns.example.com.
+example.com.    3600    IN      RRSIG   NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854}
+SECTION ADDITIONAL
+ns.example.com.         IN      A       1.2.3.4
+ns.example.com. 3600    IN      RRSIG   A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854}
+ENTRY_END
+
+; response to DNSKEY priming query
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+example.com. IN DNSKEY
+SECTION ANSWER
+example.com.    3600    IN      DNSKEY  256 3 3 ALXLUsWqUrY3JYER3T4TBJII s70j+sDS/UT2QRp61SE7S3E EXopNXoFE73JLRmvpi/UrOO/Vz4Se 6wXv/CYCKjGw06U4WRgR YXcpEhJROyNapmdIKSx hOzfLVE1gqA0PweZR8d tY3aNQSRn3sPpwJr6Mi /PqQKAMMrZ9ckJpf1+b QMOOvxgzz2U1GS18b3y ZKcgTMEaJzd/GZYzi/B N2DzQ0MsrSwYXfsNLFO Bbs8PJMW4LYIxeeOe6rUgkWOF 7CC9Dh/dduQ1QrsJhmZAEFfd6ByYV+ ;{id = 2854 (zsk), size = 1688b}
+example.com.    3600    IN      RRSIG   DNSKEY 3 2 3600 20070926134802 20070829134802 2854 example.com. MCwCFG1yhRNtTEa3Eno2zhVVuy2EJX3wAhQeLyUp6+UXcpC5qGNu9tkrTEgPUg== ;{id = 2854}
+SECTION AUTHORITY
+example.com.	IN NS	ns.example.com.
+example.com.    3600    IN      RRSIG   NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854}
+SECTION ADDITIONAL
+ns.example.com.		IN 	A	1.2.3.4
+ns.example.com. 3600    IN      RRSIG   A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854}
+ENTRY_END
+
+; response to query of interest
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+www.example.com. IN A
+SECTION ANSWER
+SECTION AUTHORITY
+; SOA record is missing in reply.
+; Denies A, note this is the end of the NSEC chain.
+www.example.com.	IN	NSEC	example.com. RRSIG NSEC
+www.example.com.        3600    IN      RRSIG   NSEC 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCreYgWjFPE/E47n+KUp6vAPIfS4gIUaof1QcUQeIcsxVi1/M73CuHVwEc= ;{id = 2854}
+; Denies wildcard
+;example.com.	IN	NSEC	ns.example.com. NS SOA RRSIG NSEC DNSKEY
+;example.com.    3600    IN      RRSIG   NSEC 3 2 3600 20070926135752 20070829135752 2854 example.com. MCwCFGlz/gvGdVxEo3Kpr+MijEGCZgwaAhRU7qbF13vmCVgR8dFw7LQFKopV6w== ;{id = 2854}
+SECTION ADDITIONAL
+ENTRY_END
+RANGE_END
+
+STEP 1 QUERY
+ENTRY_BEGIN
+REPLY RD DO
+SECTION QUESTION
+www.example.com. IN A
+ENTRY_END
+
+; recursion happens here.
+STEP 10 CHECK_ANSWER
+ENTRY_BEGIN
+MATCH all
+REPLY QR RD RA AD DO NOERROR
+SECTION QUESTION
+www.example.com. IN A
+SECTION ANSWER
+SECTION AUTHORITY
+www.example.com.	IN	NSEC	example.com. RRSIG NSEC
+www.example.com.        3600    IN      RRSIG   NSEC 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCreYgWjFPE/E47n+KUp6vAPIfS4gIUaof1QcUQeIcsxVi1/M73CuHVwEc= ;{id = 2854}
+SECTION ADDITIONAL
+ENTRY_END
+
+SCENARIO_END
diff --git a/src/test/resources/unbound/val_nodata_ent.rpl b/src/test/resources/unbound/val_nodata_ent.rpl
new file mode 100644
index 000000000..96ba7dbbc
--- /dev/null
+++ b/src/test/resources/unbound/val_nodata_ent.rpl
@@ -0,0 +1,156 @@
+; config options
+; The island of trust is at example.com
+server:
+	trust-anchor: "example.com.    3600    IN      DS      2854 3 1 46e4ffc6e9a4793b488954bd3f0cc6af0dfb201b"
+	val-override-date: "20070916134226"
+	target-fetch-policy: "0 0 0 0 0"
+	qname-minimisation: "no"
+	fake-sha1: yes
+	trust-anchor-signaling: no
+
+stub-zone:
+	name: "."
+	stub-addr: 193.0.14.129 	# K.ROOT-SERVERS.NET.
+CONFIG_END
+
+SCENARIO_BEGIN Test validator with nodata on empty nonterminal response
+
+; K.ROOT-SERVERS.NET.
+RANGE_BEGIN 0 100
+	ADDRESS 193.0.14.129 
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+. IN NS
+SECTION ANSWER
+. IN NS	K.ROOT-SERVERS.NET.
+SECTION ADDITIONAL
+K.ROOT-SERVERS.NET.	IN	A	193.0.14.129
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+www.example.com. IN A
+SECTION AUTHORITY
+com.	IN NS	a.gtld-servers.net.
+SECTION ADDITIONAL
+a.gtld-servers.net.	IN 	A	192.5.6.30
+ENTRY_END
+RANGE_END
+
+; a.gtld-servers.net.
+RANGE_BEGIN 0 100
+	ADDRESS 192.5.6.30
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+com. IN NS
+SECTION ANSWER
+com.    IN NS   a.gtld-servers.net.
+SECTION ADDITIONAL
+a.gtld-servers.net.     IN      A       192.5.6.30
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+www.example.com. IN A
+SECTION AUTHORITY
+example.com.	IN NS	ns.example.com.
+SECTION ADDITIONAL
+ns.example.com.		IN 	A	1.2.3.4
+ENTRY_END
+RANGE_END
+
+; ns.example.com.
+RANGE_BEGIN 0 100
+	ADDRESS 1.2.3.4
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+example.com. IN NS
+SECTION ANSWER
+example.com.    IN NS   ns.example.com.
+example.com.    3600    IN      RRSIG   NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854}
+SECTION ADDITIONAL
+ns.example.com.         IN      A       1.2.3.4
+ns.example.com. 3600    IN      RRSIG   A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854}
+ENTRY_END
+
+; response to DNSKEY priming query
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+example.com. IN DNSKEY
+SECTION ANSWER
+example.com.    3600    IN      DNSKEY  256 3 3 ALXLUsWqUrY3JYER3T4TBJII s70j+sDS/UT2QRp61SE7S3E EXopNXoFE73JLRmvpi/UrOO/Vz4Se 6wXv/CYCKjGw06U4WRgR YXcpEhJROyNapmdIKSx hOzfLVE1gqA0PweZR8d tY3aNQSRn3sPpwJr6Mi /PqQKAMMrZ9ckJpf1+b QMOOvxgzz2U1GS18b3y ZKcgTMEaJzd/GZYzi/B N2DzQ0MsrSwYXfsNLFO Bbs8PJMW4LYIxeeOe6rUgkWOF 7CC9Dh/dduQ1QrsJhmZAEFfd6ByYV+ ;{id = 2854 (zsk), size = 1688b}
+example.com.    3600    IN      RRSIG   DNSKEY 3 2 3600 20070926134802 20070829134802 2854 example.com. MCwCFG1yhRNtTEa3Eno2zhVVuy2EJX3wAhQeLyUp6+UXcpC5qGNu9tkrTEgPUg== ;{id = 2854}
+SECTION AUTHORITY
+example.com.	IN NS	ns.example.com.
+example.com.    3600    IN      RRSIG   NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854}
+SECTION ADDITIONAL
+ns.example.com.		IN 	A	1.2.3.4
+ns.example.com. 3600    IN      RRSIG   A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854}
+ENTRY_END
+
+; response to query of interest
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+www.example.com. IN A
+SECTION ANSWER
+SECTION AUTHORITY
+example.com.    IN      SOA ns.example.com. h.example.com. 2007090504 1800 1800 2419200 7200
+example.com.    3600    IN      RRSIG   SOA 3 2 3600 20070926134150 20070829134150 2854 example.com. MCwCFC5uwIHSehZtetK2CMNXttSFUB0XAhROFDAgy/FaxR8zFXJzyPdpQG93Sw== ;{id = 2854}
+; Denies A, note this is the end of the NSEC chain.
+u.example.com.	IN	NSEC	y.www.example.com. RRSIG NSEC
+u.example.com.  3600    IN      RRSIG   NSEC 3 3 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCvUG2P/8Q8b02C6agrgtJX4YfBbwIUaF/fIuS4OFmGVNkFzgiLAkpze3M= ;{id = 2854}
+
+; Denies wildcard
+example.com.	IN	NSEC	ns.example.com. NS SOA RRSIG NSEC DNSKEY
+example.com.    3600    IN      RRSIG   NSEC 3 2 3600 20070926135752 20070829135752 2854 example.com. MCwCFGlz/gvGdVxEo3Kpr+MijEGCZgwaAhRU7qbF13vmCVgR8dFw7LQFKopV6w== ;{id = 2854}
+SECTION ADDITIONAL
+ENTRY_END
+RANGE_END
+
+STEP 1 QUERY
+ENTRY_BEGIN
+REPLY RD DO
+SECTION QUESTION
+www.example.com. IN A
+ENTRY_END
+
+; recursion happens here.
+STEP 10 CHECK_ANSWER
+ENTRY_BEGIN
+MATCH all
+REPLY QR RD RA AD DO NOERROR
+SECTION QUESTION
+www.example.com. IN A
+SECTION ANSWER
+SECTION AUTHORITY
+example.com.    IN      SOA ns.example.com. h.example.com. 2007090504 1800 1800 2419200 7200
+example.com.    3600    IN      RRSIG   SOA 3 2 3600 20070926134150 20070829134150 2854 example.com. MCwCFC5uwIHSehZtetK2CMNXttSFUB0XAhROFDAgy/FaxR8zFXJzyPdpQG93Sw== ;{id = 2854}
+u.example.com.	IN	NSEC	y.www.example.com. RRSIG NSEC
+u.example.com.  3600    IN      RRSIG   NSEC 3 3 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCvUG2P/8Q8b02C6agrgtJX4YfBbwIUaF/fIuS4OFmGVNkFzgiLAkpze3M= ;{id = 2854}
+example.com.	IN	NSEC	ns.example.com. NS SOA RRSIG NSEC DNSKEY
+example.com.    3600    IN      RRSIG   NSEC 3 2 3600 20070926135752 20070829135752 2854 example.com. MCwCFGlz/gvGdVxEo3Kpr+MijEGCZgwaAhRU7qbF13vmCVgR8dFw7LQFKopV6w== ;{id = 2854}
+SECTION ADDITIONAL
+ENTRY_END
+
+SCENARIO_END
diff --git a/src/test/resources/unbound/val_nodata_entnx.rpl b/src/test/resources/unbound/val_nodata_entnx.rpl
new file mode 100644
index 000000000..c8e704e30
--- /dev/null
+++ b/src/test/resources/unbound/val_nodata_entnx.rpl
@@ -0,0 +1,151 @@
+; config options
+; The island of trust is at example.com
+server:
+	trust-anchor: "example.com.    IN      DS      29332 8 2 751f8b755718a7b4ef8920a4b42407520889c3d2142a64f6ffad9e12fa9fc262"
+	val-override-date: "20140301134226"
+	target-fetch-policy: "0 0 0 0 0"
+	qname-minimisation: "no"
+	fake-sha1: yes
+	trust-anchor-signaling: no
+
+stub-zone:
+	name: "."
+	stub-addr: 193.0.14.129 	# K.ROOT-SERVERS.NET.
+CONFIG_END
+
+SCENARIO_BEGIN Test validator with nodata on empty nonterminal response with rcode NXDOMAIN
+
+; K.ROOT-SERVERS.NET.
+RANGE_BEGIN 0 100
+	ADDRESS 193.0.14.129 
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+. IN NS
+SECTION ANSWER
+. IN NS	K.ROOT-SERVERS.NET.
+SECTION ADDITIONAL
+K.ROOT-SERVERS.NET.	IN	A	193.0.14.129
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+0.example.com. IN A
+SECTION AUTHORITY
+com.	IN NS	a.gtld-servers.net.
+SECTION ADDITIONAL
+a.gtld-servers.net.	IN 	A	192.5.6.30
+ENTRY_END
+RANGE_END
+
+; a.gtld-servers.net.
+RANGE_BEGIN 0 100
+	ADDRESS 192.5.6.30
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+com. IN NS
+SECTION ANSWER
+com.    IN NS   a.gtld-servers.net.
+SECTION ADDITIONAL
+a.gtld-servers.net.     IN      A       192.5.6.30
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+0.example.com. IN A
+SECTION AUTHORITY
+example.com.	IN NS	ns.example.com.
+SECTION ADDITIONAL
+ns.example.com.		IN 	A	1.2.3.4
+ENTRY_END
+RANGE_END
+
+; ns.example.com.
+RANGE_BEGIN 0 100
+	ADDRESS 1.2.3.4
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+example.com. IN NS
+SECTION ANSWER
+example.com.    3600    IN      NS      ns.example.com.
+example.com.    3600    IN      RRSIG   NS 8 2 3600 20140320093645 20140220093645 55566 example.com. Z+gwYHWVcSXkIYX35nm3bHzlARf1AsI51gH7lGUSwKoD+ZEePXgkqnVS3jrzl/VjeNrmGutpl1rP1tZvTLD5Hs7Q04BlmhS5X22jiGpfwfdaKbbBUNDuCLN31+W8A4B6PBA+jNO3m3+vYNctWfemWX2YTIxKIyOppFOZP2+ll4A=
+SECTION ADDITIONAL
+ns.example.com. 3600    IN      A       1.2.3.4
+ns.example.com. 3600    IN      RRSIG   A 8 3 3600 20140320093645 20140220093645 55566 example.com. Fgdfl8Jp4xFHxHyjkjaso7pt0AdrRifUEP2fer8pNnW4KIH83uA4OjfYcMwdP4HqSBJFPb04wQLFoDrLDdFp3zSjHwQQm+4OIBffBMXQ42RSWFgjCygOzQ/vdBUsBDV9tf6y/ggQg+CVfI7l2oPrUwMQCrr69KdzzrRRlsivotM=
+ENTRY_END
+
+; response to DNSKEY priming query
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+example.com. IN DNSKEY
+SECTION ANSWER
+example.com.    3600    IN      DNSKEY  256 3 8 AwEAAdug/L739i0mgN2nuK/bhxu3wFn5Ud9nK2+XUmZQlPUEZUC5YZvm1rfMmEWTGBn87fFxEu/kjFZHJ55JLzqsbbpVHLbmKCTT2gYR2FV2WDKROGKuYbVkJIXdKAjJ0ONuK507NinYvlWXIoxHn22KAWOd9wKgSTNHBlmGkX+ts3hh ;{id = 55566 (zsk), size = 1024b}
+example.com.    3600    IN      DNSKEY  257 3 8 AwEAAb4WMOTBLTFvmBra5m6SK4VfViOzmvyUAU0qv861ZQXeEFvwlndqNU9rwRsMxrSWAYs5nHErKDn49usC/HyxxW1477iGFHhfgL4mjNreJm9zft2QFB1VLbRbEPYdDMLCn4co0qnG7/KG8W2i8Pym1L7f+aREwbLo+/716AS2PbaKMhfWLKLiq5wnBcUClQMNzCiwhqxDJp1oePqfkVdeUgXOtgi0dYRIKyQFhJ5VWJ22npoi/Gif0XLCADAlAwRLKc8o/yJkCxskzgpHpw5Cki1lclg0aq4ssOuPRQ+ne6IHYCz9D2mwzulblhLFamKdq7aHzNt4NlyxhpANVFiKLD8= ;{id = 29332 (ksk), size = 2048b}
+example.com.    3600    IN      RRSIG   DNSKEY 8 2 3600 20140320093645 20140220093645 29332 example.com. Vjcu4FD2hbHO4jgRXBeWwhUU29DOyUhdcQuRBhcNNZPYS4/MNKrKzhqZ/5jGRx//UffVvZMrVjb2xbJXf0UALrBktbG/yRK0lETXu4JHVtUyCY8jiKlmSl4LabsYC5GvvoLCzXilYFtp1zzagorONmJtmBc9DiP3fp/ju0gZ45/pTn6cLY8cm2/ja5U5SQ4KQ4SVQsiNduvpLAm3CM2qkqOdspWtNEjjG92EXqgBg5lQ0pt5U2wKk3igecACGUiKzrc9qlSBoErS+rDYAZ3TKqUdW489o4hd0vOowvwgb7Z+lqleplyptlCAwpw/djNqA4dX+FTK/oB6lokX5bxnjQ==
+SECTION AUTHORITY
+example.com.    3600    IN      NS      ns.example.com.
+example.com.    3600    IN      RRSIG   NS 8 2 3600 20140320093645 20140220093645 55566 example.com. Z+gwYHWVcSXkIYX35nm3bHzlARf1AsI51gH7lGUSwKoD+ZEePXgkqnVS3jrzl/VjeNrmGutpl1rP1tZvTLD5Hs7Q04BlmhS5X22jiGpfwfdaKbbBUNDuCLN31+W8A4B6PBA+jNO3m3+vYNctWfemWX2YTIxKIyOppFOZP2+ll4A=
+SECTION ADDITIONAL
+ns.example.com. 3600    IN      A       1.2.3.4
+ns.example.com. 3600    IN      RRSIG   A 8 3 3600 20140320093645 20140220093645 55566 example.com. Fgdfl8Jp4xFHxHyjkjaso7pt0AdrRifUEP2fer8pNnW4KIH83uA4OjfYcMwdP4HqSBJFPb04wQLFoDrLDdFp3zSjHwQQm+4OIBffBMXQ42RSWFgjCygOzQ/vdBUsBDV9tf6y/ggQg+CVfI7l2oPrUwMQCrr69KdzzrRRlsivotM=
+ENTRY_END
+
+; response to query of interest
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NXDOMAIN
+SECTION QUESTION
+0.example.com. IN A
+SECTION ANSWER
+SECTION AUTHORITY
+example.com.    3600    IN      SOA     ns.example.com. postmaster.example.com. 1337 1200 180 1209600 3600
+example.com.    3600    IN      RRSIG   SOA 8 2 3600 20140320093645 20140220093645 55566 example.com. dcglYOgcxQS6G0PIGitAvMsOUdChGmGAKKb9PYewds2CnoBZq9Tn5F27A4agfJJrUcMC1g3m/O9+kbIYSRs3L9qYwpV/hOu7WLAS/fw+8S3ASSWP2RE+uu0IC1qo0YdHtH5y/cNjqEUcH8uhD1CAYfgKdn3hWEwqXKpWAFrUE7U=
+; Denies A and wildcard
+example.com.    3600    IN      NSEC    0.0.0.0.example.com. NS SOA MX TXT RRSIG NSEC DNSKEY 
+example.com.    3600    IN      RRSIG   NSEC 8 2 3600 20140320093645 20140220093645 55566 example.com. dL8lR8Wsvow+dCR24E7BTG3NxzxVCJb0wxQ+k8gLVbQMMsMkQEh4gw2zOXkfX21764ULm6RxEww0ibuKnidXLGUEkCc6g+WL2hsnE2DUpwIGZXn/O3VamrB9+GJ+dbCj4NFl+IXNlrfQFsYOiw055jjQjZTxrsCzodnfxqDgwUg=
+SECTION ADDITIONAL
+ENTRY_END
+RANGE_END
+
+STEP 1 QUERY
+ENTRY_BEGIN
+REPLY RD DO
+SECTION QUESTION
+0.example.com. IN A
+ENTRY_END
+
+; recursion happens here.
+STEP 10 CHECK_ANSWER
+ENTRY_BEGIN
+MATCH all
+REPLY QR RD RA AD DO NOERROR
+SECTION QUESTION
+0.example.com. IN A
+SECTION ANSWER
+SECTION AUTHORITY
+example.com.    3600    IN      SOA     ns.example.com. postmaster.example.com. 1337 1200 180 1209600 3600
+example.com.    3600    IN      RRSIG   SOA 8 2 3600 20140320093645 20140220093645 55566 example.com. dcglYOgcxQS6G0PIGitAvMsOUdChGmGAKKb9PYewds2CnoBZq9Tn5F27A4agfJJrUcMC1g3m/O9+kbIYSRs3L9qYwpV/hOu7WLAS/fw+8S3ASSWP2RE+uu0IC1qo0YdHtH5y/cNjqEUcH8uhD1CAYfgKdn3hWEwqXKpWAFrUE7U=
+example.com.    3600    IN      NSEC    0.0.0.0.example.com. NS SOA MX TXT RRSIG NSEC DNSKEY 
+example.com.    3600    IN      RRSIG   NSEC 8 2 3600 20140320093645 20140220093645 55566 example.com. dL8lR8Wsvow+dCR24E7BTG3NxzxVCJb0wxQ+k8gLVbQMMsMkQEh4gw2zOXkfX21764ULm6RxEww0ibuKnidXLGUEkCc6g+WL2hsnE2DUpwIGZXn/O3VamrB9+GJ+dbCj4NFl+IXNlrfQFsYOiw055jjQjZTxrsCzodnfxqDgwUg=
+SECTION ADDITIONAL
+ENTRY_END
+
+SCENARIO_END
diff --git a/src/test/resources/unbound/val_nodata_entwc.rpl b/src/test/resources/unbound/val_nodata_entwc.rpl
new file mode 100644
index 000000000..c02e9521a
--- /dev/null
+++ b/src/test/resources/unbound/val_nodata_entwc.rpl
@@ -0,0 +1,156 @@
+; config options
+; The island of trust is at example.com
+server:
+	trust-anchor: "example.com.    3600    IN      DS      2854 3 1 46e4ffc6e9a4793b488954bd3f0cc6af0dfb201b"
+	val-override-date: "20070916134226"
+	target-fetch-policy: "0 0 0 0 0"
+	qname-minimisation: "no"
+	fake-sha1: yes
+	trust-anchor-signaling: no
+
+stub-zone:
+	name: "."
+	stub-addr: 193.0.14.129 	# K.ROOT-SERVERS.NET.
+CONFIG_END
+
+SCENARIO_BEGIN Test validator with wildcard nodata on empty nonterminal response
+
+; K.ROOT-SERVERS.NET.
+RANGE_BEGIN 0 100
+	ADDRESS 193.0.14.129 
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+. IN NS
+SECTION ANSWER
+. IN NS	K.ROOT-SERVERS.NET.
+SECTION ADDITIONAL
+K.ROOT-SERVERS.NET.	IN	A	193.0.14.129
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+www.example.com. IN A
+SECTION AUTHORITY
+com.	IN NS	a.gtld-servers.net.
+SECTION ADDITIONAL
+a.gtld-servers.net.	IN 	A	192.5.6.30
+ENTRY_END
+RANGE_END
+
+; a.gtld-servers.net.
+RANGE_BEGIN 0 100
+	ADDRESS 192.5.6.30
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+com. IN NS
+SECTION ANSWER
+com.    IN NS   a.gtld-servers.net.
+SECTION ADDITIONAL
+a.gtld-servers.net.     IN      A       192.5.6.30
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+www.example.com. IN A
+SECTION AUTHORITY
+example.com.	IN NS	ns.example.com.
+SECTION ADDITIONAL
+ns.example.com.		IN 	A	1.2.3.4
+ENTRY_END
+RANGE_END
+
+; ns.example.com.
+RANGE_BEGIN 0 100
+	ADDRESS 1.2.3.4
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+example.com. IN NS
+SECTION ANSWER
+example.com.    IN NS   ns.example.com.
+example.com.    3600    IN      RRSIG   NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854}
+SECTION ADDITIONAL
+ns.example.com.         IN      A       1.2.3.4
+ns.example.com. 3600    IN      RRSIG   A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854}
+ENTRY_END
+
+; response to DNSKEY priming query
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+example.com. IN DNSKEY
+SECTION ANSWER
+example.com.    3600    IN      DNSKEY  256 3 3 ALXLUsWqUrY3JYER3T4TBJII s70j+sDS/UT2QRp61SE7S3E EXopNXoFE73JLRmvpi/UrOO/Vz4Se 6wXv/CYCKjGw06U4WRgR YXcpEhJROyNapmdIKSx hOzfLVE1gqA0PweZR8d tY3aNQSRn3sPpwJr6Mi /PqQKAMMrZ9ckJpf1+b QMOOvxgzz2U1GS18b3y ZKcgTMEaJzd/GZYzi/B N2DzQ0MsrSwYXfsNLFO Bbs8PJMW4LYIxeeOe6rUgkWOF 7CC9Dh/dduQ1QrsJhmZAEFfd6ByYV+ ;{id = 2854 (zsk), size = 1688b}
+example.com.    3600    IN      RRSIG   DNSKEY 3 2 3600 20070926134802 20070829134802 2854 example.com. MCwCFG1yhRNtTEa3Eno2zhVVuy2EJX3wAhQeLyUp6+UXcpC5qGNu9tkrTEgPUg== ;{id = 2854}
+SECTION AUTHORITY
+example.com.	IN NS	ns.example.com.
+example.com.    3600    IN      RRSIG   NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854}
+SECTION ADDITIONAL
+ns.example.com.		IN 	A	1.2.3.4
+ns.example.com. 3600    IN      RRSIG   A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854}
+ENTRY_END
+
+; response to query of interest
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+www.example.com. IN A
+SECTION ANSWER
+SECTION AUTHORITY
+example.com.    IN      SOA ns.example.com. h.example.com. 2007090504 1800 1800 2419200 7200
+example.com.    3600    IN      RRSIG   SOA 3 2 3600 20070926134150 20070829134150 2854 example.com. MCwCFC5uwIHSehZtetK2CMNXttSFUB0XAhROFDAgy/FaxR8zFXJzyPdpQG93Sw== ;{id = 2854}
+; Denies A, note this is the end of the NSEC chain.
+*.u.example.com.	IN	NSEC	y.www.example.com. RRSIG NSEC
+*.u.example.com.        3600    IN      RRSIG   NSEC 3 3 3600 20070926134150 20070829134150 2854 example.com. MCwCFEiVqFPbtbpIh8NrE/YjNCDPFYZgAhR9/9SDX2lwxckJZR299JcRRsjnqw== ;{id = 2854}
+
+; Denies wildcard
+example.com.	IN	NSEC	ns.example.com. NS SOA RRSIG NSEC DNSKEY
+example.com.    3600    IN      RRSIG   NSEC 3 2 3600 20070926135752 20070829135752 2854 example.com. MCwCFGlz/gvGdVxEo3Kpr+MijEGCZgwaAhRU7qbF13vmCVgR8dFw7LQFKopV6w== ;{id = 2854}
+SECTION ADDITIONAL
+ENTRY_END
+RANGE_END
+
+STEP 1 QUERY
+ENTRY_BEGIN
+REPLY RD DO
+SECTION QUESTION
+www.example.com. IN A
+ENTRY_END
+
+; recursion happens here.
+STEP 10 CHECK_ANSWER
+ENTRY_BEGIN
+MATCH all
+REPLY QR RD RA AD DO NOERROR
+SECTION QUESTION
+www.example.com. IN A
+SECTION ANSWER
+SECTION AUTHORITY
+example.com.    IN      SOA ns.example.com. h.example.com. 2007090504 1800 1800 2419200 7200
+example.com.    3600    IN      RRSIG   SOA 3 2 3600 20070926134150 20070829134150 2854 example.com. MCwCFC5uwIHSehZtetK2CMNXttSFUB0XAhROFDAgy/FaxR8zFXJzyPdpQG93Sw== ;{id = 2854}
+*.u.example.com.	IN	NSEC	y.www.example.com. RRSIG NSEC
+*.u.example.com.        3600    IN      RRSIG   NSEC 3 3 3600 20070926134150 20070829134150 2854 example.com. MCwCFEiVqFPbtbpIh8NrE/YjNCDPFYZgAhR9/9SDX2lwxckJZR299JcRRsjnqw== ;{id = 2854}
+example.com.	IN	NSEC	ns.example.com. NS SOA RRSIG NSEC DNSKEY
+example.com.    3600    IN      RRSIG   NSEC 3 2 3600 20070926135752 20070829135752 2854 example.com. MCwCFGlz/gvGdVxEo3Kpr+MijEGCZgwaAhRU7qbF13vmCVgR8dFw7LQFKopV6w== ;{id = 2854}
+SECTION ADDITIONAL
+ENTRY_END
+
+SCENARIO_END
diff --git a/src/test/resources/unbound/val_nodata_failsig.rpl b/src/test/resources/unbound/val_nodata_failsig.rpl
new file mode 100644
index 000000000..88b515649
--- /dev/null
+++ b/src/test/resources/unbound/val_nodata_failsig.rpl
@@ -0,0 +1,167 @@
+; config options
+; The island of trust is at example.com
+server:
+	trust-anchor: "example.com.    3600    IN      DS      2854 3 1 46e4ffc6e9a4793b488954bd3f0cc6af0dfb201b"
+	val-override-date: "20070916134226"
+	target-fetch-policy: "0 0 0 0 0"
+	qname-minimisation: "no"
+	fake-sha1: yes
+	trust-anchor-signaling: no
+
+stub-zone:
+	name: "."
+	stub-addr: 193.0.14.129 	# K.ROOT-SERVERS.NET.
+CONFIG_END
+
+SCENARIO_BEGIN Test validator with nodata response with bogus RRSIG
+
+; K.ROOT-SERVERS.NET.
+RANGE_BEGIN 0 100
+	ADDRESS 193.0.14.129 
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+. IN NS
+SECTION ANSWER
+. IN NS	K.ROOT-SERVERS.NET.
+SECTION ADDITIONAL
+K.ROOT-SERVERS.NET.	IN	A	193.0.14.129
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+www.example.com. IN A
+SECTION AUTHORITY
+com.	IN NS	a.gtld-servers.net.
+SECTION ADDITIONAL
+a.gtld-servers.net.	IN 	A	192.5.6.30
+ENTRY_END
+RANGE_END
+
+; a.gtld-servers.net.
+RANGE_BEGIN 0 100
+	ADDRESS 192.5.6.30
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+com. IN NS
+SECTION ANSWER
+com.    IN NS   a.gtld-servers.net.
+SECTION ADDITIONAL
+a.gtld-servers.net.     IN      A       192.5.6.30
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode subdomain
+ADJUST copy_id copy_query
+REPLY QR NOERROR
+SECTION QUESTION
+example.com. IN A
+SECTION AUTHORITY
+example.com.	IN NS	ns.example.com.
+SECTION ADDITIONAL
+ns.example.com.		IN 	A	1.2.3.4
+ENTRY_END
+RANGE_END
+
+; ns.example.com.
+RANGE_BEGIN 0 100
+	ADDRESS 1.2.3.4
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR AA REFUSED
+SECTION QUESTION
+ns.example.com. IN A
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR AA REFUSED
+SECTION QUESTION
+ns.example.com. IN AAAA
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+example.com. IN NS
+SECTION ANSWER
+example.com.    IN NS   ns.example.com.
+example.com.    3600    IN      RRSIG   NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854}
+SECTION ADDITIONAL
+ns.example.com.         IN      A       1.2.3.4
+ns.example.com. 3600    IN      RRSIG   A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854}
+ENTRY_END
+
+; response to DNSKEY priming query
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+example.com. IN DNSKEY
+SECTION ANSWER
+example.com.    3600    IN      DNSKEY  256 3 3 ALXLUsWqUrY3JYER3T4TBJII s70j+sDS/UT2QRp61SE7S3E EXopNXoFE73JLRmvpi/UrOO/Vz4Se 6wXv/CYCKjGw06U4WRgR YXcpEhJROyNapmdIKSx hOzfLVE1gqA0PweZR8d tY3aNQSRn3sPpwJr6Mi /PqQKAMMrZ9ckJpf1+b QMOOvxgzz2U1GS18b3y ZKcgTMEaJzd/GZYzi/B N2DzQ0MsrSwYXfsNLFO Bbs8PJMW4LYIxeeOe6rUgkWOF 7CC9Dh/dduQ1QrsJhmZAEFfd6ByYV+ ;{id = 2854 (zsk), size = 1688b}
+example.com.    3600    IN      RRSIG   DNSKEY 3 2 3600 20070926134802 20070829134802 2854 example.com. MCwCFG1yhRNtTEa3Eno2zhVVuy2EJX3wAhQeLyUp6+UXcpC5qGNu9tkrTEgPUg== ;{id = 2854}
+SECTION AUTHORITY
+example.com.	IN NS	ns.example.com.
+example.com.    3600    IN      RRSIG   NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854}
+SECTION ADDITIONAL
+ns.example.com.		IN 	A	1.2.3.4
+ns.example.com. 3600    IN      RRSIG   A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854}
+ENTRY_END
+
+; response to query of interest
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+www.example.com. IN A
+SECTION ANSWER
+SECTION AUTHORITY
+; SOA record is missing in reply.
+; Denies A, note this is the end of the NSEC chain.
+; this RRSIG is failed, we set to 0 base64 data to make this easy to detect
+www.example.com.	IN	NSEC	example.com. RRSIG NSEC
+;www.example.com.        3600    IN      RRSIG   NSEC 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFDA8yqBITvLruoQjn/eqjYjwCwySAhUAk5/f3H1HKMsvM+spmmswwFtndyY= ;{id = 2854}
+;encode _something_ as base64 to make dnsjava happy
+www.example.com.        3600    IN      RRSIG   NSEC 3 3 3600 20070926135752 20070829135752 2854 example.com. QQ==
+; Denies wildcard
+example.com.	IN	NSEC	ns.example.com. NS SOA RRSIG NSEC DNSKEY
+example.com.    3600    IN      RRSIG   NSEC 3 2 3600 20070926135752 20070829135752 2854 example.com. MCwCFGlz/gvGdVxEo3Kpr+MijEGCZgwaAhRU7qbF13vmCVgR8dFw7LQFKopV6w== ;{id = 2854}
+SECTION ADDITIONAL
+ENTRY_END
+RANGE_END
+
+STEP 1 QUERY
+ENTRY_BEGIN
+REPLY RD DO
+SECTION QUESTION
+www.example.com. IN A
+ENTRY_END
+
+; recursion happens here.
+STEP 10 CHECK_ANSWER
+ENTRY_BEGIN
+MATCH all
+REPLY QR RD RA DO SERVFAIL
+SECTION QUESTION
+www.example.com. IN A
+SECTION ANSWER
+SECTION AUTHORITY
+SECTION ADDITIONAL
+ENTRY_END
+
+SCENARIO_END
diff --git a/src/test/resources/unbound/val_nodata_failwc.rpl b/src/test/resources/unbound/val_nodata_failwc.rpl
new file mode 100644
index 000000000..76fa8acac
--- /dev/null
+++ b/src/test/resources/unbound/val_nodata_failwc.rpl
@@ -0,0 +1,72 @@
+; config options
+; The island of trust is at nsecwc.nlnetlabs.nl
+server:
+	trust-anchor: "nsecwc.nlnetlabs.nl.	10024	IN	DS	565 8 2 0C15C04C022700C8713028F6F64CF2343DE627B8F83CDA1C421C65DB 52908A2E"
+	val-override-date: "20181202115531"
+	target-fetch-policy: "0 0 0 0 0"
+	qname-minimisation: "no"
+	fake-sha1: yes
+	trust-anchor-signaling: no
+stub-zone:
+	name: "nsecwc.nlnetlabs.nl"
+	stub-addr: "185.49.140.60"
+
+CONFIG_END
+
+SCENARIO_BEGIN Test validator with nodata response with wildcard expanded NSEC record, original NSEC owner does not provide proof for QNAME. CVE-2017-15105 test.
+
+ ; ns.example.com.                                                                
+RANGE_BEGIN 0 100                                                                
+	ADDRESS 185.49.140.60
+
+; response to DNSKEY priming query
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+nsecwc.nlnetlabs.nl. IN DNSKEY
+SECTION ANSWER
+nsecwc.nlnetlabs.nl.	3600	IN	DNSKEY	257 3 8 AwEAAbTluF4BfJ/FT7Ak5a3VvYG1AqhT8FXxOsVwGTyueyE/hW+fMFMd QlLMf2Lf/gmsnFgn/p7GDmJBLlPTATmLeP3isvAZbK3MDEP2O5UjTVmt LZriTv8xfxYW6emCM54EQjWii64BFWrOeLm9zQqzyaLl53CbIIXqiacV KPteh8GX
+nsecwc.nlnetlabs.nl.	3600	IN	RRSIG	DNSKEY 8 3 3600 20200101000000 20171108114635 565 nsecwc.nlnetlabs.nl. q3bG4e8EtvXKDcNWcyYHeQxLF9l9aJKdmeSubyN6Qc3UVHugd6t3YSxD hlD+g43y7FcdnNHdAPh/jpgC4wtOb5J+5XAuESDHwesmIXOCTJjrb+A8 r+xQK+vsY8FhNZ2r81JZ/KQ/+TcCS5tbYeNZQgENduWAxgGiw3fdrMOV xiU=
+ENTRY_END
+
+; response to query of interest
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+_25._tcp.mail.nsecwc.nlnetlabs.nl. IN	TLSA
+SECTION ANSWER
+SECTION AUTHORITY
+nsecwc.nlnetlabs.nl.	3600	IN	SOA	ns.nlnetlabs.nl. ralph.nlnetlabs.nl. 1 14400 3600 604800 3600
+nsecwc.nlnetlabs.nl.	3600	IN	RRSIG	SOA 8 3 3600 20200101000000 20171108114635 565 nsecwc.nlnetlabs.nl. bYibpCDg1LgrnYJgVahgu94LBqLIcNs4iC0SW8LV7pTI1hhuFKbLkO2O ekPdkJAWmu/KTytf8D+cdcK6X/9VS8QCVIF5S0hraHtNezu0f1B5ztg3 7Rqy+uJSucNKoykueAsz2z43GMgO0rGH3bqM7+3ii8p2E2rhzqEtG/D3 qyY=
+; NSEC has a label lenght of 3, indication that the original owner name is:
+; *.nsecwc.nlnetlabs.nl. The NSEC therefore does no prove the NODATA answer.
+_25._tcp.mail.nsecwc.nlnetlabs.nl. 3600	IN NSEC	delegation.nsecwc.nlnetlabs.nl. TXT RRSIG NSEC
+_25._tcp.mail.nsecwc.nlnetlabs.nl. 3600	IN RRSIG NSEC 8 3 3600 20200101000000 20171108114635 565 nsecwc.nlnetlabs.nl. ddy1MRbshFuFJswlouNGHsZUF/tYu8BOCztY2JuHeTMyWL7rhRKp73q/ 1RAXMwywKsynT5ioY0bMtEQszeIEn29IYaPDHieLAobjF6BMu1kO7U2/ oEBrSHM/fx28BcaM5G4nfCIm3BlhQhWvk1NDHLn3Q26x4hF/dnmFOUet aXw=
+SECTION ADDITIONAL
+ENTRY_END
+RANGE_END
+
+STEP 1 QUERY
+ENTRY_BEGIN
+REPLY RD DO
+SECTION QUESTION
+_25._tcp.mail.nsecwc.nlnetlabs.nl. IN   TLSA
+ENTRY_END
+
+; recursion happens here.
+STEP 10 CHECK_ANSWER
+ENTRY_BEGIN
+MATCH all
+REPLY QR RD RA DO SERVFAIL
+SECTION QUESTION
+_25._tcp.mail.nsecwc.nlnetlabs.nl. IN   TLSA
+SECTION ANSWER
+SECTION AUTHORITY
+SECTION ADDITIONAL
+ENTRY_END
+
+SCENARIO_END
diff --git a/src/test/resources/unbound/val_nodata_hasdata.rpl b/src/test/resources/unbound/val_nodata_hasdata.rpl
new file mode 100644
index 000000000..18f420c5c
--- /dev/null
+++ b/src/test/resources/unbound/val_nodata_hasdata.rpl
@@ -0,0 +1,164 @@
+; config options
+; The island of trust is at example.com
+server:
+	trust-anchor: "example.com.    3600    IN      DS      2854 3 1 46e4ffc6e9a4793b488954bd3f0cc6af0dfb201b"
+	val-override-date: "20070916134226"
+	target-fetch-policy: "0 0 0 0 0"
+	qname-minimisation: "no"
+	fake-sha1: yes
+	trust-anchor-signaling: no
+
+stub-zone:
+	name: "."
+	stub-addr: 193.0.14.129 	# K.ROOT-SERVERS.NET.
+CONFIG_END
+
+SCENARIO_BEGIN Test validator with nodata response, that proves the data.
+
+; K.ROOT-SERVERS.NET.
+RANGE_BEGIN 0 100
+	ADDRESS 193.0.14.129 
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+. IN NS
+SECTION ANSWER
+. IN NS	K.ROOT-SERVERS.NET.
+SECTION ADDITIONAL
+K.ROOT-SERVERS.NET.	IN	A	193.0.14.129
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+www.example.com. IN A
+SECTION AUTHORITY
+com.	IN NS	a.gtld-servers.net.
+SECTION ADDITIONAL
+a.gtld-servers.net.	IN 	A	192.5.6.30
+ENTRY_END
+RANGE_END
+
+; a.gtld-servers.net.
+RANGE_BEGIN 0 100
+	ADDRESS 192.5.6.30
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+com. IN NS
+SECTION ANSWER
+com.    IN NS   a.gtld-servers.net.
+SECTION ADDITIONAL
+a.gtld-servers.net.     IN      A       192.5.6.30
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode subdomain
+ADJUST copy_id copy_query
+REPLY QR NOERROR
+SECTION QUESTION
+example.com. IN A
+SECTION AUTHORITY
+example.com.	IN NS	ns.example.com.
+SECTION ADDITIONAL
+ns.example.com.		IN 	A	1.2.3.4
+ENTRY_END
+RANGE_END
+
+; ns.example.com.
+RANGE_BEGIN 0 100
+	ADDRESS 1.2.3.4
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR AA REFUSED
+SECTION QUESTION
+ns.example.com. IN A
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR AA REFUSED
+SECTION QUESTION
+ns.example.com. IN AAAA
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+example.com. IN NS
+SECTION ANSWER
+example.com.    IN NS   ns.example.com.
+example.com.    3600    IN      RRSIG   NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854}
+SECTION ADDITIONAL
+ns.example.com.         IN      A       1.2.3.4
+ns.example.com. 3600    IN      RRSIG   A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854}
+ENTRY_END
+
+; response to DNSKEY priming query
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+example.com. IN DNSKEY
+SECTION ANSWER
+example.com.    3600    IN      DNSKEY  256 3 3 ALXLUsWqUrY3JYER3T4TBJII s70j+sDS/UT2QRp61SE7S3E EXopNXoFE73JLRmvpi/UrOO/Vz4Se 6wXv/CYCKjGw06U4WRgR YXcpEhJROyNapmdIKSx hOzfLVE1gqA0PweZR8d tY3aNQSRn3sPpwJr6Mi /PqQKAMMrZ9ckJpf1+b QMOOvxgzz2U1GS18b3y ZKcgTMEaJzd/GZYzi/B N2DzQ0MsrSwYXfsNLFO Bbs8PJMW4LYIxeeOe6rUgkWOF 7CC9Dh/dduQ1QrsJhmZAEFfd6ByYV+ ;{id = 2854 (zsk), size = 1688b}
+example.com.    3600    IN      RRSIG   DNSKEY 3 2 3600 20070926134802 20070829134802 2854 example.com. MCwCFG1yhRNtTEa3Eno2zhVVuy2EJX3wAhQeLyUp6+UXcpC5qGNu9tkrTEgPUg== ;{id = 2854}
+SECTION AUTHORITY
+example.com.	IN NS	ns.example.com.
+example.com.    3600    IN      RRSIG   NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854}
+SECTION ADDITIONAL
+ns.example.com.		IN 	A	1.2.3.4
+ns.example.com. 3600    IN      RRSIG   A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854}
+ENTRY_END
+
+; response to query of interest
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+www.example.com. IN A
+SECTION ANSWER
+SECTION AUTHORITY
+; SOA record is missing in reply.
+; Denies A, note this is the end of the NSEC chain.
+www.example.com.	IN	NSEC	example.com. A RRSIG NSEC
+www.example.com.        3600    IN      RRSIG   NSEC 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFDA8yqBITvLruoQjn/eqjYjwCwySAhUAk5/f3H1HKMsvM+spmmswwFtndyY= ;{id = 2854}
+; Denies wildcard
+example.com.	IN	NSEC	ns.example.com. NS SOA RRSIG NSEC DNSKEY
+example.com.    3600    IN      RRSIG   NSEC 3 2 3600 20070926135752 20070829135752 2854 example.com. MCwCFGlz/gvGdVxEo3Kpr+MijEGCZgwaAhRU7qbF13vmCVgR8dFw7LQFKopV6w== ;{id = 2854}
+SECTION ADDITIONAL
+ENTRY_END
+RANGE_END
+
+STEP 1 QUERY
+ENTRY_BEGIN
+REPLY RD
+SECTION QUESTION
+www.example.com. IN A
+ENTRY_END
+
+; recursion happens here.
+STEP 10 CHECK_ANSWER
+ENTRY_BEGIN
+MATCH all
+REPLY QR RD RA SERVFAIL
+SECTION QUESTION
+www.example.com. IN A
+SECTION ANSWER
+SECTION AUTHORITY
+SECTION ADDITIONAL
+ENTRY_END
+
+SCENARIO_END
diff --git a/src/test/resources/unbound/val_nodata_zonecut.rpl b/src/test/resources/unbound/val_nodata_zonecut.rpl
new file mode 100644
index 000000000..eb84ac01c
--- /dev/null
+++ b/src/test/resources/unbound/val_nodata_zonecut.rpl
@@ -0,0 +1,162 @@
+; config options
+; The island of trust is at example.com
+server:
+	trust-anchor: "example.com.    3600    IN      DS      2854 3 1 46e4ffc6e9a4793b488954bd3f0cc6af0dfb201b"
+	val-override-date: "20070916134226"
+	target-fetch-policy: "0 0 0 0 0"
+	qname-minimisation: "no"
+	fake-sha1: yes
+	trust-anchor-signaling: no
+
+stub-zone:
+	name: "."
+	stub-addr: 193.0.14.129 	# K.ROOT-SERVERS.NET.
+CONFIG_END
+
+SCENARIO_BEGIN Test validator with nodata response from wrong side of zonecut 
+
+; K.ROOT-SERVERS.NET.
+RANGE_BEGIN 0 100
+	ADDRESS 193.0.14.129 
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+. IN NS
+SECTION ANSWER
+. IN NS	K.ROOT-SERVERS.NET.
+SECTION ADDITIONAL
+K.ROOT-SERVERS.NET.	IN	A	193.0.14.129
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+www.example.com. IN A
+SECTION AUTHORITY
+com.	IN NS	a.gtld-servers.net.
+SECTION ADDITIONAL
+a.gtld-servers.net.	IN 	A	192.5.6.30
+ENTRY_END
+RANGE_END
+
+; a.gtld-servers.net.
+RANGE_BEGIN 0 100
+	ADDRESS 192.5.6.30
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+com. IN NS
+SECTION ANSWER
+com.    IN NS   a.gtld-servers.net.
+SECTION ADDITIONAL
+a.gtld-servers.net.     IN      A       192.5.6.30
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode subdomain
+ADJUST copy_id copy_query
+REPLY QR NOERROR
+SECTION QUESTION
+example.com. IN A
+SECTION AUTHORITY
+example.com.	IN NS	ns.example.com.
+SECTION ADDITIONAL
+ns.example.com.		IN 	A	1.2.3.4
+ENTRY_END
+RANGE_END
+
+; ns.example.com.
+RANGE_BEGIN 0 100
+	ADDRESS 1.2.3.4
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR AA REFUSED
+SECTION QUESTION
+ns.example.com. IN A
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR AA REFUSED
+SECTION QUESTION
+ns.example.com. IN AAAA
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+example.com. IN NS
+SECTION ANSWER
+example.com.    IN NS   ns.example.com.
+example.com.    3600    IN      RRSIG   NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854}
+SECTION ADDITIONAL
+ns.example.com.         IN      A       1.2.3.4
+ns.example.com. 3600    IN      RRSIG   A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854}
+ENTRY_END
+
+; response to DNSKEY priming query
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+example.com. IN DNSKEY
+SECTION ANSWER
+example.com.    3600    IN      DNSKEY  256 3 3 ALXLUsWqUrY3JYER3T4TBJII s70j+sDS/UT2QRp61SE7S3E EXopNXoFE73JLRmvpi/UrOO/Vz4Se 6wXv/CYCKjGw06U4WRgR YXcpEhJROyNapmdIKSx hOzfLVE1gqA0PweZR8d tY3aNQSRn3sPpwJr6Mi /PqQKAMMrZ9ckJpf1+b QMOOvxgzz2U1GS18b3y ZKcgTMEaJzd/GZYzi/B N2DzQ0MsrSwYXfsNLFO Bbs8PJMW4LYIxeeOe6rUgkWOF 7CC9Dh/dduQ1QrsJhmZAEFfd6ByYV+ ;{id = 2854 (zsk), size = 1688b}
+example.com.    3600    IN      RRSIG   DNSKEY 3 2 3600 20070926134802 20070829134802 2854 example.com. MCwCFG1yhRNtTEa3Eno2zhVVuy2EJX3wAhQeLyUp6+UXcpC5qGNu9tkrTEgPUg== ;{id = 2854}
+SECTION AUTHORITY
+example.com.	IN NS	ns.example.com.
+example.com.    3600    IN      RRSIG   NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854}
+SECTION ADDITIONAL
+ns.example.com.		IN 	A	1.2.3.4
+ns.example.com. 3600    IN      RRSIG   A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854}
+ENTRY_END
+
+; response to query of interest
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+www.example.com. IN A
+SECTION ANSWER
+SECTION AUTHORITY
+; SOA record is missing in reply.
+; Denies A, note this is the end of the NSEC chain.
+; from wrong side of zone-cut
+www.example.com.	3600	IN	NSEC	example.com. NS DS RRSIG NSEC 
+www.example.com.	3600	IN	RRSIG	NSEC 3 3 3600 20070926135752 20070829135752 2854 example.com. AA+3mzAYPyQ8G9EKxeyNM+UZY+RtCiS5BOkS8h4wSxMT3lfVdadGpn8= ;{id = 2854}
+SECTION ADDITIONAL
+ENTRY_END
+RANGE_END
+
+STEP 1 QUERY
+ENTRY_BEGIN
+REPLY RD
+SECTION QUESTION
+www.example.com. IN A
+ENTRY_END
+
+; recursion happens here.
+STEP 10 CHECK_ANSWER
+ENTRY_BEGIN
+MATCH all
+REPLY QR RD RA SERVFAIL
+SECTION QUESTION
+www.example.com. IN A
+SECTION ANSWER
+SECTION AUTHORITY
+SECTION ADDITIONAL
+ENTRY_END
+
+SCENARIO_END
diff --git a/src/test/resources/unbound/val_nodatawc.rpl b/src/test/resources/unbound/val_nodatawc.rpl
new file mode 100644
index 000000000..542b65e82
--- /dev/null
+++ b/src/test/resources/unbound/val_nodatawc.rpl
@@ -0,0 +1,152 @@
+; config options
+; The island of trust is at example.com
+server:
+	trust-anchor: "example.com.    3600    IN      DS      2854 3 1 46e4ffc6e9a4793b488954bd3f0cc6af0dfb201b"
+	val-override-date: "20070916134226"
+	target-fetch-policy: "0 0 0 0 0"
+	qname-minimisation: "no"
+	fake-sha1: yes
+	trust-anchor-signaling: no
+
+stub-zone:
+	name: "."
+	stub-addr: 193.0.14.129 	# K.ROOT-SERVERS.NET.
+CONFIG_END
+
+SCENARIO_BEGIN Test validator with wildcard nodata response
+
+; K.ROOT-SERVERS.NET.
+RANGE_BEGIN 0 100
+	ADDRESS 193.0.14.129 
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+. IN NS
+SECTION ANSWER
+. IN NS	K.ROOT-SERVERS.NET.
+SECTION ADDITIONAL
+K.ROOT-SERVERS.NET.	IN	A	193.0.14.129
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+www.example.com. IN A
+SECTION AUTHORITY
+com.	IN NS	a.gtld-servers.net.
+SECTION ADDITIONAL
+a.gtld-servers.net.	IN 	A	192.5.6.30
+ENTRY_END
+RANGE_END
+
+; a.gtld-servers.net.
+RANGE_BEGIN 0 100
+	ADDRESS 192.5.6.30
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+com. IN NS
+SECTION ANSWER
+com.    IN NS   a.gtld-servers.net.
+SECTION ADDITIONAL
+a.gtld-servers.net.     IN      A       192.5.6.30
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+www.example.com. IN A
+SECTION AUTHORITY
+example.com.	IN NS	ns.example.com.
+SECTION ADDITIONAL
+ns.example.com.		IN 	A	1.2.3.4
+ENTRY_END
+RANGE_END
+
+; ns.example.com.
+RANGE_BEGIN 0 100
+	ADDRESS 1.2.3.4
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+example.com. IN NS
+SECTION ANSWER
+example.com.    IN NS   ns.example.com.
+example.com.    3600    IN      RRSIG   NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854}
+SECTION ADDITIONAL
+ns.example.com.         IN      A       1.2.3.4
+ns.example.com. 3600    IN      RRSIG   A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854}
+ENTRY_END
+
+; response to DNSKEY priming query
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+example.com. IN DNSKEY
+SECTION ANSWER
+example.com.    3600    IN      DNSKEY  256 3 3 ALXLUsWqUrY3JYER3T4TBJII s70j+sDS/UT2QRp61SE7S3E EXopNXoFE73JLRmvpi/UrOO/Vz4Se 6wXv/CYCKjGw06U4WRgR YXcpEhJROyNapmdIKSx hOzfLVE1gqA0PweZR8d tY3aNQSRn3sPpwJr6Mi /PqQKAMMrZ9ckJpf1+b QMOOvxgzz2U1GS18b3y ZKcgTMEaJzd/GZYzi/B N2DzQ0MsrSwYXfsNLFO Bbs8PJMW4LYIxeeOe6rUgkWOF 7CC9Dh/dduQ1QrsJhmZAEFfd6ByYV+ ;{id = 2854 (zsk), size = 1688b}
+example.com.    3600    IN      RRSIG   DNSKEY 3 2 3600 20070926134802 20070829134802 2854 example.com. MCwCFG1yhRNtTEa3Eno2zhVVuy2EJX3wAhQeLyUp6+UXcpC5qGNu9tkrTEgPUg== ;{id = 2854}
+SECTION AUTHORITY
+example.com.	IN NS	ns.example.com.
+example.com.    3600    IN      RRSIG   NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854}
+SECTION ADDITIONAL
+ns.example.com.		IN 	A	1.2.3.4
+ns.example.com. 3600    IN      RRSIG   A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854}
+ENTRY_END
+
+; response to query of interest
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+www.example.com. IN A
+SECTION ANSWER
+SECTION AUTHORITY
+; SOA record is missing in reply.
+; wildcard, Denies A, note this is the end of the NSEC chain.
+*.example.com.	IN	NSEC	example.com. RRSIG NSEC
+*.example.com.        3600    IN      RRSIG   NSEC 3 2 3600 20070926135752 20070829135752 2854 example.com. MC0CFEwIBOyCychIo8y/JnBLLrhQdejHAhUAtKBLVPEvhF2haaX/RNUGLji1Xw0= ;{id = 2854}
+; this NSEC denies original query name
+ns.example.com.	IN	NSEC	zork.example.com. A RRSIG NSEC
+ns.example.com. 3600    IN      RRSIG   NSEC 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCfm3mQakqw9pd8SluduiMXYYc+/wIULqIBxw1bK8QEwCrd8E6T50P4BEw= ;{id = 2854}
+SECTION ADDITIONAL
+ENTRY_END
+RANGE_END
+
+STEP 1 QUERY
+ENTRY_BEGIN
+REPLY RD DO
+SECTION QUESTION
+www.example.com. IN A
+ENTRY_END
+
+; recursion happens here.
+STEP 10 CHECK_ANSWER
+ENTRY_BEGIN
+MATCH all
+REPLY QR RD RA AD DO NOERROR
+SECTION QUESTION
+www.example.com. IN A
+SECTION ANSWER
+SECTION AUTHORITY
+*.example.com.	IN	NSEC	example.com. RRSIG NSEC
+*.example.com.        3600    IN      RRSIG   NSEC 3 2 3600 20070926135752 20070829135752 2854 example.com. MC0CFEwIBOyCychIo8y/JnBLLrhQdejHAhUAtKBLVPEvhF2haaX/RNUGLji1Xw0= ;{id = 2854}
+ns.example.com.	IN	NSEC	zork.example.com. A RRSIG NSEC
+ns.example.com. 3600    IN      RRSIG   NSEC 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCfm3mQakqw9pd8SluduiMXYYc+/wIULqIBxw1bK8QEwCrd8E6T50P4BEw= ;{id = 2854}
+SECTION ADDITIONAL
+ENTRY_END
+
+SCENARIO_END
diff --git a/src/test/resources/unbound/val_nodatawc_badce.rpl b/src/test/resources/unbound/val_nodatawc_badce.rpl
new file mode 100644
index 000000000..49ee7f17a
--- /dev/null
+++ b/src/test/resources/unbound/val_nodatawc_badce.rpl
@@ -0,0 +1,164 @@
+; config options
+; The island of trust is at example.com
+server:
+	trust-anchor: "example.com.    3600    IN      DS      2854 3 1 46e4ffc6e9a4793b488954bd3f0cc6af0dfb201b"
+	val-override-date: "20070916134226"
+	target-fetch-policy: "0 0 0 0 0"
+	qname-minimisation: "no"
+	fake-sha1: yes
+	trust-anchor-signaling: no
+
+stub-zone:
+	name: "."
+	stub-addr: 193.0.14.129 	# K.ROOT-SERVERS.NET.
+CONFIG_END
+
+SCENARIO_BEGIN Test validator with wildcard nodata, bad closest encloser 
+
+; K.ROOT-SERVERS.NET.
+RANGE_BEGIN 0 100
+	ADDRESS 193.0.14.129 
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+. IN NS
+SECTION ANSWER
+. IN NS	K.ROOT-SERVERS.NET.
+SECTION ADDITIONAL
+K.ROOT-SERVERS.NET.	IN	A	193.0.14.129
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+www.example.com. IN A
+SECTION AUTHORITY
+com.	IN NS	a.gtld-servers.net.
+SECTION ADDITIONAL
+a.gtld-servers.net.	IN 	A	192.5.6.30
+ENTRY_END
+RANGE_END
+
+; a.gtld-servers.net.
+RANGE_BEGIN 0 100
+	ADDRESS 192.5.6.30
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+com. IN NS
+SECTION ANSWER
+com.    IN NS   a.gtld-servers.net.
+SECTION ADDITIONAL
+a.gtld-servers.net.     IN      A       192.5.6.30
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode subdomain
+ADJUST copy_id copy_query
+REPLY QR NOERROR
+SECTION QUESTION
+example.com. IN A
+SECTION AUTHORITY
+example.com.	IN NS	ns.example.com.
+SECTION ADDITIONAL
+ns.example.com.		IN 	A	1.2.3.4
+ENTRY_END
+RANGE_END
+
+; ns.example.com.
+RANGE_BEGIN 0 100
+	ADDRESS 1.2.3.4
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR AA REFUSED
+SECTION QUESTION
+ns.example.com. IN A
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR AA REFUSED
+SECTION QUESTION
+ns.example.com. IN AAAA
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+example.com. IN NS
+SECTION ANSWER
+example.com.    IN NS   ns.example.com.
+example.com.    3600    IN      RRSIG   NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854}
+SECTION ADDITIONAL
+ns.example.com.         IN      A       1.2.3.4
+ns.example.com. 3600    IN      RRSIG   A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854}
+ENTRY_END
+
+; response to DNSKEY priming query
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+example.com. IN DNSKEY
+SECTION ANSWER
+example.com.    3600    IN      DNSKEY  256 3 3 ALXLUsWqUrY3JYER3T4TBJII s70j+sDS/UT2QRp61SE7S3E EXopNXoFE73JLRmvpi/UrOO/Vz4Se 6wXv/CYCKjGw06U4WRgR YXcpEhJROyNapmdIKSx hOzfLVE1gqA0PweZR8d tY3aNQSRn3sPpwJr6Mi /PqQKAMMrZ9ckJpf1+b QMOOvxgzz2U1GS18b3y ZKcgTMEaJzd/GZYzi/B N2DzQ0MsrSwYXfsNLFO Bbs8PJMW4LYIxeeOe6rUgkWOF 7CC9Dh/dduQ1QrsJhmZAEFfd6ByYV+ ;{id = 2854 (zsk), size = 1688b}
+example.com.    3600    IN      RRSIG   DNSKEY 3 2 3600 20070926134802 20070829134802 2854 example.com. MCwCFG1yhRNtTEa3Eno2zhVVuy2EJX3wAhQeLyUp6+UXcpC5qGNu9tkrTEgPUg== ;{id = 2854}
+SECTION AUTHORITY
+example.com.	IN NS	ns.example.com.
+example.com.    3600    IN      RRSIG   NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854}
+SECTION ADDITIONAL
+ns.example.com.		IN 	A	1.2.3.4
+ns.example.com. 3600    IN      RRSIG   A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854}
+ENTRY_END
+
+; response to query of interest
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+www.example.com. IN A
+SECTION ANSWER
+SECTION AUTHORITY
+; SOA record is missing in reply.
+; wildcard is *.com, 
+*.com.	IN	NSEC	com. RRSIG NSEC
+*.com.  3600    IN      RRSIG   NSEC 3 1 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCdZKVAPYKe6WhoeuK4+J2hd3F2DgIUXv9Dif1uZsSjboLYVx7Wp0DEg78= ;{id = 2854}
+; this NSEC denies original query name from a different zone
+ns.example.com.	IN	NSEC	zork.example.com. A RRSIG NSEC
+ns.example.com. 3600    IN      RRSIG   NSEC 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCfm3mQakqw9pd8SluduiMXYYc+/wIULqIBxw1bK8QEwCrd8E6T50P4BEw= ;{id = 2854}
+SECTION ADDITIONAL
+ENTRY_END
+RANGE_END
+
+STEP 1 QUERY
+ENTRY_BEGIN
+REPLY RD
+SECTION QUESTION
+www.example.com. IN A
+ENTRY_END
+
+; recursion happens here.
+STEP 10 CHECK_ANSWER
+ENTRY_BEGIN
+MATCH all
+REPLY QR RD RA SERVFAIL
+SECTION QUESTION
+www.example.com. IN A
+SECTION ANSWER
+SECTION AUTHORITY
+SECTION ADDITIONAL
+ENTRY_END
+
+SCENARIO_END
diff --git a/src/test/resources/unbound/val_nodatawc_nodeny.rpl b/src/test/resources/unbound/val_nodatawc_nodeny.rpl
new file mode 100644
index 000000000..35f154ebc
--- /dev/null
+++ b/src/test/resources/unbound/val_nodatawc_nodeny.rpl
@@ -0,0 +1,164 @@
+; config options
+; The island of trust is at example.com
+server:
+	trust-anchor: "example.com.    3600    IN      DS      2854 3 1 46e4ffc6e9a4793b488954bd3f0cc6af0dfb201b"
+	val-override-date: "20070916134226"
+	target-fetch-policy: "0 0 0 0 0"
+	qname-minimisation: "no"
+	fake-sha1: yes
+	trust-anchor-signaling: no
+
+stub-zone:
+	name: "."
+	stub-addr: 193.0.14.129 	# K.ROOT-SERVERS.NET.
+CONFIG_END
+
+SCENARIO_BEGIN Test validator with wildcard nodata response without qdenial
+
+; K.ROOT-SERVERS.NET.
+RANGE_BEGIN 0 100
+	ADDRESS 193.0.14.129 
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+. IN NS
+SECTION ANSWER
+. IN NS	K.ROOT-SERVERS.NET.
+SECTION ADDITIONAL
+K.ROOT-SERVERS.NET.	IN	A	193.0.14.129
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+www.example.com. IN A
+SECTION AUTHORITY
+com.	IN NS	a.gtld-servers.net.
+SECTION ADDITIONAL
+a.gtld-servers.net.	IN 	A	192.5.6.30
+ENTRY_END
+RANGE_END
+
+; a.gtld-servers.net.
+RANGE_BEGIN 0 100
+	ADDRESS 192.5.6.30
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+com. IN NS
+SECTION ANSWER
+com.    IN NS   a.gtld-servers.net.
+SECTION ADDITIONAL
+a.gtld-servers.net.     IN      A       192.5.6.30
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode subdomain
+ADJUST copy_id copy_query
+REPLY QR NOERROR
+SECTION QUESTION
+example.com. IN A
+SECTION AUTHORITY
+example.com.	IN NS	ns.example.com.
+SECTION ADDITIONAL
+ns.example.com.		IN 	A	1.2.3.4
+ENTRY_END
+RANGE_END
+
+; ns.example.com.
+RANGE_BEGIN 0 100
+	ADDRESS 1.2.3.4
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR AA REFUSED
+SECTION QUESTION
+ns.example.com. IN A
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR AA REFUSED
+SECTION QUESTION
+ns.example.com. IN AAAA
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+example.com. IN NS
+SECTION ANSWER
+example.com.    IN NS   ns.example.com.
+example.com.    3600    IN      RRSIG   NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854}
+SECTION ADDITIONAL
+ns.example.com.         IN      A       1.2.3.4
+ns.example.com. 3600    IN      RRSIG   A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854}
+ENTRY_END
+
+; response to DNSKEY priming query
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+example.com. IN DNSKEY
+SECTION ANSWER
+example.com.    3600    IN      DNSKEY  256 3 3 ALXLUsWqUrY3JYER3T4TBJII s70j+sDS/UT2QRp61SE7S3E EXopNXoFE73JLRmvpi/UrOO/Vz4Se 6wXv/CYCKjGw06U4WRgR YXcpEhJROyNapmdIKSx hOzfLVE1gqA0PweZR8d tY3aNQSRn3sPpwJr6Mi /PqQKAMMrZ9ckJpf1+b QMOOvxgzz2U1GS18b3y ZKcgTMEaJzd/GZYzi/B N2DzQ0MsrSwYXfsNLFO Bbs8PJMW4LYIxeeOe6rUgkWOF 7CC9Dh/dduQ1QrsJhmZAEFfd6ByYV+ ;{id = 2854 (zsk), size = 1688b}
+example.com.    3600    IN      RRSIG   DNSKEY 3 2 3600 20070926134802 20070829134802 2854 example.com. MCwCFG1yhRNtTEa3Eno2zhVVuy2EJX3wAhQeLyUp6+UXcpC5qGNu9tkrTEgPUg== ;{id = 2854}
+SECTION AUTHORITY
+example.com.	IN NS	ns.example.com.
+example.com.    3600    IN      RRSIG   NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854}
+SECTION ADDITIONAL
+ns.example.com.		IN 	A	1.2.3.4
+ns.example.com. 3600    IN      RRSIG   A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854}
+ENTRY_END
+
+; response to query of interest
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+www.example.com. IN A
+SECTION ANSWER
+SECTION AUTHORITY
+; SOA record is missing in reply.
+; wildcard, Denies A, note this is the end of the NSEC chain.
+*.example.com.	IN	NSEC	ns.example.com. RRSIG NSEC
+*.example.com.	IN      RRSIG   NSEC 3 2 3600 20070926135752 20070829135752 2854 example.com. MCwCFG0+PaReanKYupgDsJMHBBl7qaAOAhRApLLtiHNSl326iqVz/icLUJ6+Kg== ;{id = 2854}
+; this NSEC denies original query name
+;ns.example.com.	IN	NSEC	zork.example.com. A RRSIG NSEC
+;ns.example.com. 3600    IN      RRSIG   NSEC 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCfm3mQakqw9pd8SluduiMXYYc+/wIULqIBxw1bK8QEwCrd8E6T50P4BEw= ;{id = 2854}
+SECTION ADDITIONAL
+ENTRY_END
+RANGE_END
+
+STEP 1 QUERY
+ENTRY_BEGIN
+REPLY RD
+SECTION QUESTION
+www.example.com. IN A
+ENTRY_END
+
+; recursion happens here.
+STEP 10 CHECK_ANSWER
+ENTRY_BEGIN
+MATCH all
+REPLY QR RD RA SERVFAIL
+SECTION QUESTION
+www.example.com. IN A
+SECTION ANSWER
+SECTION AUTHORITY
+SECTION ADDITIONAL
+ENTRY_END
+
+SCENARIO_END
diff --git a/src/test/resources/unbound/val_nodatawc_one.rpl b/src/test/resources/unbound/val_nodatawc_one.rpl
new file mode 100644
index 000000000..081d20c0b
--- /dev/null
+++ b/src/test/resources/unbound/val_nodatawc_one.rpl
@@ -0,0 +1,147 @@
+; config options
+; The island of trust is at example.com
+server:
+	trust-anchor: "example.com.    3600    IN      DS      2854 3 1 46e4ffc6e9a4793b488954bd3f0cc6af0dfb201b"
+	val-override-date: "20070916134226"
+	target-fetch-policy: "0 0 0 0 0"
+	qname-minimisation: "no"
+	fake-sha1: yes
+	trust-anchor-signaling: no
+
+stub-zone:
+	name: "."
+	stub-addr: 193.0.14.129 	# K.ROOT-SERVERS.NET.
+CONFIG_END
+
+SCENARIO_BEGIN Test validator with wildcard nodata response with one NSEC
+
+; K.ROOT-SERVERS.NET.
+RANGE_BEGIN 0 100
+	ADDRESS 193.0.14.129 
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+. IN NS
+SECTION ANSWER
+. IN NS	K.ROOT-SERVERS.NET.
+SECTION ADDITIONAL
+K.ROOT-SERVERS.NET.	IN	A	193.0.14.129
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+www.example.com. IN A
+SECTION AUTHORITY
+com.	IN NS	a.gtld-servers.net.
+SECTION ADDITIONAL
+a.gtld-servers.net.	IN 	A	192.5.6.30
+ENTRY_END
+RANGE_END
+
+; a.gtld-servers.net.
+RANGE_BEGIN 0 100
+	ADDRESS 192.5.6.30
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+com. IN NS
+SECTION ANSWER
+com.    IN NS   a.gtld-servers.net.
+SECTION ADDITIONAL
+a.gtld-servers.net.     IN      A       192.5.6.30
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+www.example.com. IN A
+SECTION AUTHORITY
+example.com.	IN NS	ns.example.com.
+SECTION ADDITIONAL
+ns.example.com.		IN 	A	1.2.3.4
+ENTRY_END
+RANGE_END
+
+; ns.example.com.
+RANGE_BEGIN 0 100
+	ADDRESS 1.2.3.4
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+example.com. IN NS
+SECTION ANSWER
+example.com.    IN NS   ns.example.com.
+example.com.    3600    IN      RRSIG   NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854}
+SECTION ADDITIONAL
+ns.example.com.         IN      A       1.2.3.4
+ns.example.com. 3600    IN      RRSIG   A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854}
+ENTRY_END
+
+; response to DNSKEY priming query
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+example.com. IN DNSKEY
+SECTION ANSWER
+example.com.    3600    IN      DNSKEY  256 3 3 ALXLUsWqUrY3JYER3T4TBJII s70j+sDS/UT2QRp61SE7S3E EXopNXoFE73JLRmvpi/UrOO/Vz4Se 6wXv/CYCKjGw06U4WRgR YXcpEhJROyNapmdIKSx hOzfLVE1gqA0PweZR8d tY3aNQSRn3sPpwJr6Mi /PqQKAMMrZ9ckJpf1+b QMOOvxgzz2U1GS18b3y ZKcgTMEaJzd/GZYzi/B N2DzQ0MsrSwYXfsNLFO Bbs8PJMW4LYIxeeOe6rUgkWOF 7CC9Dh/dduQ1QrsJhmZAEFfd6ByYV+ ;{id = 2854 (zsk), size = 1688b}
+example.com.    3600    IN      RRSIG   DNSKEY 3 2 3600 20070926134802 20070829134802 2854 example.com. MCwCFG1yhRNtTEa3Eno2zhVVuy2EJX3wAhQeLyUp6+UXcpC5qGNu9tkrTEgPUg== ;{id = 2854}
+SECTION AUTHORITY
+example.com.	IN NS	ns.example.com.
+example.com.    3600    IN      RRSIG   NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854}
+SECTION ADDITIONAL
+ns.example.com.		IN 	A	1.2.3.4
+ns.example.com. 3600    IN      RRSIG   A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854}
+ENTRY_END
+
+; response to query of interest
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+www.example.com. IN A
+SECTION ANSWER
+SECTION AUTHORITY
+; SOA record is missing in reply.
+; wildcard, Denies A, note this is the end of the NSEC chain.
+*.example.com.	IN	NSEC	example.com. RRSIG NSEC
+*.example.com.        3600    IN      RRSIG   NSEC 3 2 3600 20070926135752 20070829135752 2854 example.com. MC0CFEwIBOyCychIo8y/JnBLLrhQdejHAhUAtKBLVPEvhF2haaX/RNUGLji1Xw0= ;{id = 2854}
+SECTION ADDITIONAL
+ENTRY_END
+RANGE_END
+
+STEP 1 QUERY
+ENTRY_BEGIN
+REPLY RD DO
+SECTION QUESTION
+www.example.com. IN A
+ENTRY_END
+
+; recursion happens here.
+STEP 10 CHECK_ANSWER
+ENTRY_BEGIN
+MATCH all
+REPLY QR RD RA AD DO NOERROR
+SECTION QUESTION
+www.example.com. IN A
+SECTION ANSWER
+SECTION AUTHORITY
+*.example.com.	IN	NSEC	example.com. RRSIG NSEC
+*.example.com.        3600    IN      RRSIG   NSEC 3 2 3600 20070926135752 20070829135752 2854 example.com. MC0CFEwIBOyCychIo8y/JnBLLrhQdejHAhUAtKBLVPEvhF2haaX/RNUGLji1Xw0= ;{id = 2854}
+SECTION ADDITIONAL
+ENTRY_END
+
+SCENARIO_END
diff --git a/src/test/resources/unbound/val_nodatawc_wcns.rpl b/src/test/resources/unbound/val_nodatawc_wcns.rpl
new file mode 100644
index 000000000..a3fca6a7c
--- /dev/null
+++ b/src/test/resources/unbound/val_nodatawc_wcns.rpl
@@ -0,0 +1,158 @@
+; config options
+; The island of trust is at example.com
+server:
+	trust-anchor: "example.com.    3600    IN      DS      2854 3 1 46e4ffc6e9a4793b488954bd3f0cc6af0dfb201b"
+	val-override-date: "20070916134226"
+	target-fetch-policy: "0 0 0 0 0"
+	fake-dsa: yes
+
+stub-zone:
+	name: "."
+	stub-addr: 193.0.14.129 	# K.ROOT-SERVERS.NET.
+CONFIG_END
+
+SCENARIO_BEGIN Test validator with wildcard nodata response from parent zone with SOA
+
+; K.ROOT-SERVERS.NET.
+RANGE_BEGIN 0 100
+	ADDRESS 193.0.14.129 
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+. IN NS
+SECTION ANSWER
+. IN NS	K.ROOT-SERVERS.NET.
+SECTION ADDITIONAL
+K.ROOT-SERVERS.NET.	IN	A	193.0.14.129
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+www.example.com. IN A
+SECTION AUTHORITY
+com.	IN NS	a.gtld-servers.net.
+SECTION ADDITIONAL
+a.gtld-servers.net.	IN 	A	192.5.6.30
+ENTRY_END
+RANGE_END
+
+; a.gtld-servers.net.
+RANGE_BEGIN 0 100
+	ADDRESS 192.5.6.30
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+com. IN NS
+SECTION ANSWER
+com.    IN NS   a.gtld-servers.net.
+SECTION ADDITIONAL
+a.gtld-servers.net.     IN      A       192.5.6.30
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode subdomain
+ADJUST copy_id copy_query
+REPLY QR NOERROR
+SECTION QUESTION
+example.com. IN A
+SECTION AUTHORITY
+example.com.	IN NS	ns.example.com.
+SECTION ADDITIONAL
+ns.example.com.		IN 	A	1.2.3.4
+ENTRY_END
+RANGE_END
+
+; ns.example.com.
+RANGE_BEGIN 0 100
+	ADDRESS 1.2.3.4
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR AA REFUSED
+SECTION QUESTION
+ns.example.com. IN A
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR AA REFUSED
+SECTION QUESTION
+ns.example.com. IN AAAA
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+example.com. IN NS
+SECTION ANSWER
+example.com.    IN NS   ns.example.com.
+example.com.    3600    IN      RRSIG   NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854}
+SECTION ADDITIONAL
+ns.example.com.         IN      A       1.2.3.4
+ns.example.com. 3600    IN      RRSIG   A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854}
+ENTRY_END
+
+; response to DNSKEY priming query
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+example.com. IN DNSKEY
+SECTION ANSWER
+example.com.    3600    IN      DNSKEY  256 3 3 ALXLUsWqUrY3JYER3T4TBJII s70j+sDS/UT2QRp61SE7S3E EXopNXoFE73JLRmvpi/UrOO/Vz4Se 6wXv/CYCKjGw06U4WRgR YXcpEhJROyNapmdIKSx hOzfLVE1gqA0PweZR8d tY3aNQSRn3sPpwJr6Mi /PqQKAMMrZ9ckJpf1+b QMOOvxgzz2U1GS18b3y ZKcgTMEaJzd/GZYzi/B N2DzQ0MsrSwYXfsNLFO Bbs8PJMW4LYIxeeOe6rUgkWOF 7CC9Dh/dduQ1QrsJhmZAEFfd6ByYV+ ;{id = 2854 (zsk), size = 1688b}
+example.com.    3600    IN      RRSIG   DNSKEY 3 2 3600 20070926134802 20070829134802 2854 example.com. MCwCFG1yhRNtTEa3Eno2zhVVuy2EJX3wAhQeLyUp6+UXcpC5qGNu9tkrTEgPUg== ;{id = 2854}
+SECTION AUTHORITY
+example.com.	IN NS	ns.example.com.
+example.com.    3600    IN      RRSIG   NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854}
+SECTION ADDITIONAL
+ns.example.com.		IN 	A	1.2.3.4
+ns.example.com. 3600    IN      RRSIG   A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854}
+ENTRY_END
+
+; response to query of interest
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+www.example.com. IN A
+SECTION ANSWER
+SECTION AUTHORITY
+; wildcard, denies A, but has NS and SOA
+*.example.com.	3600 IN	NSEC	ns.example.com. RRSIG NSEC NS SOA
+*.example.com.      3600    IN  RRSIG   NSEC 3 2 3600 20070926135752 20070829135752 2854 example.com. AFmszt1f4/pJQypUHc3e7izNQnc/eDaK2gB73kt/0H0iYMpOlWjYr8E=
+SECTION ADDITIONAL
+ENTRY_END
+RANGE_END
+
+STEP 1 QUERY
+ENTRY_BEGIN
+REPLY RD
+SECTION QUESTION
+www.example.com. IN A
+ENTRY_END
+
+; recursion happens here.
+STEP 10 CHECK_ANSWER
+ENTRY_BEGIN
+MATCH all
+REPLY QR RD RA SERVFAIL
+SECTION QUESTION
+www.example.com. IN A
+SECTION ANSWER
+SECTION AUTHORITY
+SECTION ADDITIONAL
+ENTRY_END
+
+SCENARIO_END
diff --git a/src/test/resources/unbound/val_nodatawc_wrongdeleg.rpl b/src/test/resources/unbound/val_nodatawc_wrongdeleg.rpl
new file mode 100644
index 000000000..2727515f5
--- /dev/null
+++ b/src/test/resources/unbound/val_nodatawc_wrongdeleg.rpl
@@ -0,0 +1,158 @@
+; config options
+; The island of trust is at example.com
+server:
+	trust-anchor: "example.com.    3600    IN      DS      2854 3 1 46e4ffc6e9a4793b488954bd3f0cc6af0dfb201b"
+	val-override-date: "20070916134226"
+	target-fetch-policy: "0 0 0 0 0"
+	fake-dsa: yes
+
+stub-zone:
+	name: "."
+	stub-addr: 193.0.14.129 	# K.ROOT-SERVERS.NET.
+CONFIG_END
+
+SCENARIO_BEGIN Test validator with wildcard nodata response from parent zone
+
+; K.ROOT-SERVERS.NET.
+RANGE_BEGIN 0 100
+	ADDRESS 193.0.14.129 
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+. IN NS
+SECTION ANSWER
+. IN NS	K.ROOT-SERVERS.NET.
+SECTION ADDITIONAL
+K.ROOT-SERVERS.NET.	IN	A	193.0.14.129
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+www.example.com. IN A
+SECTION AUTHORITY
+com.	IN NS	a.gtld-servers.net.
+SECTION ADDITIONAL
+a.gtld-servers.net.	IN 	A	192.5.6.30
+ENTRY_END
+RANGE_END
+
+; a.gtld-servers.net.
+RANGE_BEGIN 0 100
+	ADDRESS 192.5.6.30
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+com. IN NS
+SECTION ANSWER
+com.    IN NS   a.gtld-servers.net.
+SECTION ADDITIONAL
+a.gtld-servers.net.     IN      A       192.5.6.30
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode subdomain
+ADJUST copy_id copy_query
+REPLY QR NOERROR
+SECTION QUESTION
+example.com. IN A
+SECTION AUTHORITY
+example.com.	IN NS	ns.example.com.
+SECTION ADDITIONAL
+ns.example.com.		IN 	A	1.2.3.4
+ENTRY_END
+RANGE_END
+
+; ns.example.com.
+RANGE_BEGIN 0 100
+	ADDRESS 1.2.3.4
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR AA REFUSED
+SECTION QUESTION
+ns.example.com. IN A
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR AA REFUSED
+SECTION QUESTION
+ns.example.com. IN AAAA
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+example.com. IN NS
+SECTION ANSWER
+example.com.    IN NS   ns.example.com.
+example.com.    3600    IN      RRSIG   NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854}
+SECTION ADDITIONAL
+ns.example.com.         IN      A       1.2.3.4
+ns.example.com. 3600    IN      RRSIG   A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854}
+ENTRY_END
+
+; response to DNSKEY priming query
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+example.com. IN DNSKEY
+SECTION ANSWER
+example.com.    3600    IN      DNSKEY  256 3 3 ALXLUsWqUrY3JYER3T4TBJII s70j+sDS/UT2QRp61SE7S3E EXopNXoFE73JLRmvpi/UrOO/Vz4Se 6wXv/CYCKjGw06U4WRgR YXcpEhJROyNapmdIKSx hOzfLVE1gqA0PweZR8d tY3aNQSRn3sPpwJr6Mi /PqQKAMMrZ9ckJpf1+b QMOOvxgzz2U1GS18b3y ZKcgTMEaJzd/GZYzi/B N2DzQ0MsrSwYXfsNLFO Bbs8PJMW4LYIxeeOe6rUgkWOF 7CC9Dh/dduQ1QrsJhmZAEFfd6ByYV+ ;{id = 2854 (zsk), size = 1688b}
+example.com.    3600    IN      RRSIG   DNSKEY 3 2 3600 20070926134802 20070829134802 2854 example.com. MCwCFG1yhRNtTEa3Eno2zhVVuy2EJX3wAhQeLyUp6+UXcpC5qGNu9tkrTEgPUg== ;{id = 2854}
+SECTION AUTHORITY
+example.com.	IN NS	ns.example.com.
+example.com.    3600    IN      RRSIG   NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854}
+SECTION ADDITIONAL
+ns.example.com.		IN 	A	1.2.3.4
+ns.example.com. 3600    IN      RRSIG   A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854}
+ENTRY_END
+
+; response to query of interest
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+www.example.com. IN A
+SECTION ANSWER
+SECTION AUTHORITY
+; wildcard, denies A, but has NS without SOA
+*.example.com.	IN	NSEC	ns.example.com. RRSIG NSEC NS
+*.example.com.      3600    IN  RRSIG   NSEC 3 2 3600 20070926135752 20070829135752 2854 example.com. AD9PK7JGmYA7yzAMBiDXZNiYf9I8fbNI4MRZ2xebru+u5MBafoXacR8=
+SECTION ADDITIONAL
+ENTRY_END
+RANGE_END
+
+STEP 1 QUERY
+ENTRY_BEGIN
+REPLY RD
+SECTION QUESTION
+www.example.com. IN A
+ENTRY_END
+
+; recursion happens here.
+STEP 10 CHECK_ANSWER
+ENTRY_BEGIN
+MATCH all
+REPLY QR RD RA SERVFAIL
+SECTION QUESTION
+www.example.com. IN A
+SECTION ANSWER
+SECTION AUTHORITY
+SECTION ADDITIONAL
+ENTRY_END
+
+SCENARIO_END
diff --git a/src/test/resources/unbound/val_nokeyprime.rpl b/src/test/resources/unbound/val_nokeyprime.rpl
new file mode 100644
index 000000000..4675a382b
--- /dev/null
+++ b/src/test/resources/unbound/val_nokeyprime.rpl
@@ -0,0 +1,163 @@
+; config options
+; The island of trust is at example.com
+server:
+	trust-anchor: "example.com.    3600    IN      DS      2854 3 1 46e4ffc6e9a4793b488954bd3f0cc6af0dfb201b"
+	val-override-date: "20070916134226"
+	target-fetch-policy: "0 0 0 0 0"
+	fake-sha1: yes
+	trust-anchor-signaling: no
+
+stub-zone:
+	name: "."
+	stub-addr: 193.0.14.129 	# K.ROOT-SERVERS.NET.
+CONFIG_END
+
+SCENARIO_BEGIN Test validator with failed key prime, no keys.
+
+; K.ROOT-SERVERS.NET.
+RANGE_BEGIN 0 100
+	ADDRESS 193.0.14.129 
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+. IN NS
+SECTION ANSWER
+. IN NS	K.ROOT-SERVERS.NET.
+SECTION ADDITIONAL
+K.ROOT-SERVERS.NET.	IN	A	193.0.14.129
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode subdomain
+ADJUST copy_id copy_query
+REPLY QR NOERROR
+SECTION QUESTION
+com. IN A
+SECTION AUTHORITY
+com.	IN NS	a.gtld-servers.net.
+SECTION ADDITIONAL
+a.gtld-servers.net.	IN 	A	192.5.6.30
+ENTRY_END
+RANGE_END
+
+; a.gtld-servers.net.
+RANGE_BEGIN 0 100
+	ADDRESS 192.5.6.30
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+com. IN NS
+SECTION ANSWER
+com.    IN NS   a.gtld-servers.net.
+SECTION ADDITIONAL
+a.gtld-servers.net.     IN      A       192.5.6.30
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode subdomain
+ADJUST copy_id copy_query
+REPLY QR NOERROR
+SECTION QUESTION
+example.com. IN A
+SECTION AUTHORITY
+example.com.	IN NS	ns.example.com.
+SECTION ADDITIONAL
+ns.example.com.		IN 	A	1.2.3.4
+ENTRY_END
+RANGE_END
+
+; ns.example.com.
+RANGE_BEGIN 0 100
+	ADDRESS 1.2.3.4
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+example.com. IN NS
+SECTION ANSWER
+example.com.    IN NS   ns.example.com.
+example.com.    3600    IN      RRSIG   NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854}
+SECTION ADDITIONAL
+ns.example.com.         IN      A       1.2.3.4
+ns.example.com. 3600    IN      RRSIG   A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854}
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+ns.example.com. IN A
+SECTION ANSWER
+ns.example.com.         IN      A       1.2.3.4
+ns.example.com. 3600    IN      RRSIG   A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854}
+SECTION AUTHORITY
+example.com.    IN NS   ns.example.com.
+example.com.    3600    IN      RRSIG   NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854}
+ENTRY_END
+
+; barely valid nodata for AAAA
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+ns.example.com. IN AAAA
+SECTION ANSWER
+SECTION AUTHORITY
+example.com.    IN NS   ns.example.com.
+example.com.    3600    IN      RRSIG   NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854}
+ENTRY_END
+
+
+; response to DNSKEY priming query
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR AA NOERROR
+SECTION QUESTION
+example.com. IN DNSKEY
+SECTION ANSWER
+SECTION AUTHORITY
+example.com.	IN SOA	ns.example.com. hostmaster.example.com. 2007101500 28800 7200 604800 18000
+SECTION ADDITIONAL
+ENTRY_END
+
+; response to query of interest
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR AA NOERROR
+SECTION QUESTION
+www.example.com. IN A
+SECTION ANSWER
+www.example.com. IN A	10.20.30.40
+SECTION AUTHORITY
+example.com.	IN NS	ns.example.com.
+SECTION ADDITIONAL
+ns.example.com.		IN 	A	1.2.3.4
+ENTRY_END
+RANGE_END
+
+STEP 1 QUERY
+ENTRY_BEGIN
+REPLY RD DO
+SECTION QUESTION
+www.example.com. IN A
+ENTRY_END
+
+STEP 10 CHECK_ANSWER
+ENTRY_BEGIN
+MATCH all
+REPLY QR RD RA DO SERVFAIL
+SECTION QUESTION
+www.example.com. IN A
+SECTION ANSWER
+ENTRY_END
+
+SCENARIO_END
diff --git a/src/test/resources/unbound/val_nsec3_b1_nameerror.rpl b/src/test/resources/unbound/val_nsec3_b1_nameerror.rpl
new file mode 100644
index 000000000..b8d0277f0
--- /dev/null
+++ b/src/test/resources/unbound/val_nsec3_b1_nameerror.rpl
@@ -0,0 +1,135 @@
+; config options
+server:
+        trust-anchor: "example. DNSKEY  257 3 7 AwEAAcUlFV1vhmqx6NSOUOq2R/dsR7Xm3upJ ( j7IommWSpJABVfW8Q0rOvXdM6kzt+TAu92L9 AbsUdblMFin8CVF3n4s= )"
+	val-override-date: "20120420235959"
+	target-fetch-policy: "0 0 0 0 0"
+	qname-minimisation: "no"
+	fake-sha1: yes
+	val-min-rsa-size: 512
+	trust-anchor-signaling: no
+
+stub-zone:
+	name: "."
+	stub-addr: 193.0.14.129 	# K.ROOT-SERVERS.NET.
+CONFIG_END
+
+SCENARIO_BEGIN Test validator NSEC3 B.1 name error.
+
+; K.ROOT-SERVERS.NET.
+RANGE_BEGIN 0 100
+	ADDRESS 193.0.14.129
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+. IN NS
+SECTION ANSWER
+. IN NS	K.ROOT-SERVERS.NET.
+SECTION ADDITIONAL
+K.ROOT-SERVERS.NET.	IN	A	193.0.14.129
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode qtype
+ADJUST copy_id copy_query
+REPLY QR NOERROR
+SECTION QUESTION
+. IN A
+SECTION AUTHORITY
+example.	IN NS	ns1.example.
+; leave out to make unbound take ns1
+;example.	IN NS	ns2.example.
+SECTION ADDITIONAL
+ns1.example.	IN A 192.0.2.1
+; leave out to make unbound take ns1
+;ns2.example.	IN A 192.0.2.2
+ENTRY_END
+RANGE_END
+
+; ns1.example.
+RANGE_BEGIN 0 100
+	ADDRESS 192.0.2.1
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id copy_query
+REPLY QR REFUSED
+SECTION QUESTION
+example. IN NS
+SECTION ANSWER
+ENTRY_END
+
+; response to DNSKEY priming query
+
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+example. IN DNSKEY
+SECTION ANSWER
+example. DNSKEY  256 3 7 AwEAAaetidLzsKWUt4swWR8yu0wPHPiUi8LU ( sAD0QPWU+wzt89epO6tHzkMBVDkC7qphQO2h TY4hHn9npWFRw5BYubE= )
+example. DNSKEY  257 3 7 AwEAAcUlFV1vhmqx6NSOUOq2R/dsR7Xm3upJ ( j7IommWSpJABVfW8Q0rOvXdM6kzt+TAu92L9 AbsUdblMFin8CVF3n4s= )
+example. RRSIG   DNSKEY 7 1 3600 20150420235959 ( 20051021000000 12708 example.  AuU4juU9RaxescSmStrQks3Gh9FblGBlVU31 uzMZ/U/FpsUb8aC6QZS+sTsJXnLnz7flGOsm MGQZf3bH+QsCtg== )
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR AA DO NXDOMAIN
+SECTION QUESTION
+a.c.x.w.example. IN A
+SECTION AUTHORITY
+example.       SOA     ns1.example. bugs.x.w.example. 1 3600 300 ( 3600000 3600 )
+example.        RRSIG   SOA 7 1 3600 20150420235959 20051021000000 ( 40430 example.  Hu25UIyNPmvPIVBrldN+9Mlp9Zql39qaUd8i q4ZLlYWfUUbbAS41pG+68z81q1xhkYAcEyHd VI2LmKusbZsT0Q== )
+
+;; NSEC3 RR that covers the "next closer" name (c.x.w.example)
+;; H(c.x.w.example) = 0va5bpr2ou0vk0lbqeeljri88laipsfh
+
+0p9mhaveqvm6t7vbl5lop2u3t2rp3tom.example. NSEC3 1 1 12 aabbccdd ( 2t7b4g4vsa5smi47k61mv5bv1a22bojr MX DNSKEY NS SOA NSEC3PARAM RRSIG )
+0p9mhaveqvm6t7vbl5lop2u3t2rp3tom.example. RRSIG   NSEC3 7 2 3600 20150420235959 20051021000000 ( 40430 example.  OSgWSm26B+cS+dDL8b5QrWr/dEWhtCsKlwKL IBHYH6blRxK9rC0bMJPwQ4mLIuw85H2EY762 BOCXJZMnpuwhpA== )
+
+;; NSEC3 RR that matches the closest encloser (x.w.example)
+;; H(x.w.example) = b4um86eghhds6nea196smvmlo4ors995
+
+b4um86eghhds6nea196smvmlo4ors995.example. NSEC3 1 1 12 aabbccdd ( gjeqe526plbf1g8mklp59enfd789njgi MX RRSIG )
+b4um86eghhds6nea196smvmlo4ors995.example. RRSIG   NSEC3 7 2 3600 20150420235959 20051021000000 ( 40430 example.  ZkPG3M32lmoHM6pa3D6gZFGB/rhL//Bs3Omh 5u4m/CUiwtblEVOaAKKZd7S959OeiX43aLX3 pOv0TSTyiTxIZg== )
+
+;; NSEC3 RR that covers wildcard at the closest encloser (*.x.w.example)
+;; H(*.x.w.example) = 92pqneegtaue7pjatc3l3qnk738c6v5m
+
+35mthgpgcu1qg68fab165klnsnk3dpvl.example. NSEC3 1 1 12 aabbccdd ( b4um86eghhds6nea196smvmlo4ors995 NS DS RRSIG )
+35mthgpgcu1qg68fab165klnsnk3dpvl.example. RRSIG   NSEC3 7 2 3600 20150420235959 20051021000000 ( 40430 example.  g6jPUUpduAJKRljUsN8gB4UagAX0NxY9shwQ Aynzo8EUWH+z6hEIBlUTPGj15eZll6VhQqgZ XtAIR3chwgW+SA== )
+SECTION ADDITIONAL
+ENTRY_END
+
+RANGE_END
+
+STEP 1 QUERY
+ENTRY_BEGIN
+REPLY RD DO
+SECTION QUESTION
+a.c.x.w.example. IN A
+ENTRY_END
+
+; recursion happens here.
+STEP 10 CHECK_ANSWER
+ENTRY_BEGIN
+MATCH all
+REPLY QR RD RA DO NXDOMAIN
+SECTION QUESTION
+a.c.x.w.example. IN A
+SECTION ANSWER
+SECTION AUTHORITY
+example.       SOA     ns1.example. bugs.x.w.example. 1 3600 300 ( 3600000 3600 )
+example.        RRSIG   SOA 7 1 3600 20150420235959 20051021000000 ( 40430 example.  Hu25UIyNPmvPIVBrldN+9Mlp9Zql39qaUd8i q4ZLlYWfUUbbAS41pG+68z81q1xhkYAcEyHd VI2LmKusbZsT0Q== )
+0p9mhaveqvm6t7vbl5lop2u3t2rp3tom.example. NSEC3 1 1 12 aabbccdd ( 2t7b4g4vsa5smi47k61mv5bv1a22bojr MX DNSKEY NS SOA NSEC3PARAM RRSIG )
+0p9mhaveqvm6t7vbl5lop2u3t2rp3tom.example. RRSIG   NSEC3 7 2 3600 20150420235959 20051021000000 ( 40430 example.  OSgWSm26B+cS+dDL8b5QrWr/dEWhtCsKlwKL IBHYH6blRxK9rC0bMJPwQ4mLIuw85H2EY762 BOCXJZMnpuwhpA== )
+b4um86eghhds6nea196smvmlo4ors995.example. NSEC3 1 1 12 aabbccdd ( gjeqe526plbf1g8mklp59enfd789njgi MX RRSIG )
+b4um86eghhds6nea196smvmlo4ors995.example. RRSIG   NSEC3 7 2 3600 20150420235959 20051021000000 ( 40430 example.  ZkPG3M32lmoHM6pa3D6gZFGB/rhL//Bs3Omh 5u4m/CUiwtblEVOaAKKZd7S959OeiX43aLX3 pOv0TSTyiTxIZg== )
+35mthgpgcu1qg68fab165klnsnk3dpvl.example. NSEC3 1 1 12 aabbccdd ( b4um86eghhds6nea196smvmlo4ors995 NS DS RRSIG )
+35mthgpgcu1qg68fab165klnsnk3dpvl.example. RRSIG   NSEC3 7 2 3600 20150420235959 20051021000000 ( 40430 example.  g6jPUUpduAJKRljUsN8gB4UagAX0NxY9shwQ Aynzo8EUWH+z6hEIBlUTPGj15eZll6VhQqgZ XtAIR3chwgW+SA== )
+SECTION ADDITIONAL
+ENTRY_END
+
+SCENARIO_END
diff --git a/src/test/resources/unbound/val_nsec3_b1_nameerror_noce.rpl b/src/test/resources/unbound/val_nsec3_b1_nameerror_noce.rpl
new file mode 100644
index 000000000..ab3e7639d
--- /dev/null
+++ b/src/test/resources/unbound/val_nsec3_b1_nameerror_noce.rpl
@@ -0,0 +1,145 @@
+; config options
+server:
+	trust-anchor: "example. DNSKEY  257 3 7 AwEAAcUlFV1vhmqx6NSOUOq2R/dsR7Xm3upJ ( j7IommWSpJABVfW8Q0rOvXdM6kzt+TAu92L9 AbsUdblMFin8CVF3n4s= )"
+	val-override-date: "20120420235959"
+	target-fetch-policy: "0 0 0 0 0"
+	qname-minimisation: "no"
+	fake-sha1: yes
+	val-min-rsa-size: 512
+	trust-anchor-signaling: no
+
+stub-zone:
+	name: "."
+	stub-addr: 193.0.14.129 	# K.ROOT-SERVERS.NET.
+CONFIG_END
+
+SCENARIO_BEGIN Test validator NSEC3 B.1 name error without ce NSEC3.
+
+; K.ROOT-SERVERS.NET.
+RANGE_BEGIN 0 100
+	ADDRESS 193.0.14.129
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+. IN NS
+SECTION ANSWER
+. IN NS	K.ROOT-SERVERS.NET.
+SECTION ADDITIONAL
+K.ROOT-SERVERS.NET.	IN	A	193.0.14.129
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode subdomain
+ADJUST copy_id copy_query
+REPLY QR NOERROR
+SECTION QUESTION
+example. IN A
+SECTION AUTHORITY
+example.	IN NS	ns1.example.
+; leave out to make unbound take ns1
+;example.	IN NS	ns2.example.
+SECTION ADDITIONAL
+ns1.example.	IN A 192.0.2.1
+; leave out to make unbound take ns1
+;ns2.example.	IN A 192.0.2.2
+ENTRY_END
+RANGE_END
+
+; ns1.example.
+RANGE_BEGIN 0 100
+	ADDRESS 192.0.2.1
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id copy_query
+REPLY QR REFUSED
+SECTION QUESTION
+ns1.example. IN A
+SECTION ANSWER
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id copy_query
+REPLY QR REFUSED
+SECTION QUESTION
+ns1.example. IN AAAA
+SECTION ANSWER
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id copy_query
+REPLY QR REFUSED
+SECTION QUESTION
+example. IN NS
+SECTION ANSWER
+ENTRY_END
+
+; response to DNSKEY priming query
+
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+example. IN DNSKEY
+SECTION ANSWER
+example. DNSKEY  256 3 7 AwEAAaetidLzsKWUt4swWR8yu0wPHPiUi8LU ( sAD0QPWU+wzt89epO6tHzkMBVDkC7qphQO2h TY4hHn9npWFRw5BYubE= )
+example. DNSKEY  257 3 7 AwEAAcUlFV1vhmqx6NSOUOq2R/dsR7Xm3upJ ( j7IommWSpJABVfW8Q0rOvXdM6kzt+TAu92L9 AbsUdblMFin8CVF3n4s= )
+example. RRSIG   DNSKEY 7 1 3600 20150420235959 ( 20051021000000 12708 example.  AuU4juU9RaxescSmStrQks3Gh9FblGBlVU31 uzMZ/U/FpsUb8aC6QZS+sTsJXnLnz7flGOsm MGQZf3bH+QsCtg== )
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR AA DO NXDOMAIN
+SECTION QUESTION
+a.c.x.w.example. IN A
+SECTION AUTHORITY
+example.       SOA     ns1.example. bugs.x.w.example. 1 3600 300 ( 3600000 3600 )
+example.	RRSIG   SOA 7 1 3600 20150420235959 20051021000000 ( 40430 example.  Hu25UIyNPmvPIVBrldN+9Mlp9Zql39qaUd8i q4ZLlYWfUUbbAS41pG+68z81q1xhkYAcEyHd VI2LmKusbZsT0Q== )
+
+;; NSEC3 RR that covers the "next closer" name (c.x.w.example)
+;; H(c.x.w.example) = 0va5bpr2ou0vk0lbqeeljri88laipsfh
+
+0p9mhaveqvm6t7vbl5lop2u3t2rp3tom.example. NSEC3 1 1 12 aabbccdd ( 2t7b4g4vsa5smi47k61mv5bv1a22bojr MX DNSKEY NS SOA NSEC3PARAM RRSIG )
+0p9mhaveqvm6t7vbl5lop2u3t2rp3tom.example. RRSIG   NSEC3 7 2 3600 20150420235959 20051021000000 ( 40430 example.  OSgWSm26B+cS+dDL8b5QrWr/dEWhtCsKlwKL IBHYH6blRxK9rC0bMJPwQ4mLIuw85H2EY762 BOCXJZMnpuwhpA== )
+
+;; NSEC3 RR that matches the closest encloser (x.w.example)
+;; H(x.w.example) = b4um86eghhds6nea196smvmlo4ors995
+
+; b4um86eghhds6nea196smvmlo4ors995.example. NSEC3 1 1 12 aabbccdd ( gjeqe526plbf1g8mklp59enfd789njgi MX RRSIG )
+; b4um86eghhds6nea196smvmlo4ors995.example. RRSIG   NSEC3 7 2 3600 20150420235959 20051021000000 ( 40430 example.  ZkPG3M32lmoHM6pa3D6gZFGB/rhL//Bs3Omh 5u4m/CUiwtblEVOaAKKZd7S959OeiX43aLX3 pOv0TSTyiTxIZg== )
+
+;; NSEC3 RR that covers wildcard at the closest encloser (*.x.w.example)
+;; H(*.x.w.example) = 92pqneegtaue7pjatc3l3qnk738c6v5m
+
+35mthgpgcu1qg68fab165klnsnk3dpvl.example. NSEC3 1 1 12 aabbccdd ( b4um86eghhds6nea196smvmlo4ors995 NS DS RRSIG )
+35mthgpgcu1qg68fab165klnsnk3dpvl.example. RRSIG   NSEC3 7 2 3600 20150420235959 20051021000000 ( 40430 example.  g6jPUUpduAJKRljUsN8gB4UagAX0NxY9shwQ Aynzo8EUWH+z6hEIBlUTPGj15eZll6VhQqgZ XtAIR3chwgW+SA== )
+SECTION ADDITIONAL
+ENTRY_END
+
+RANGE_END
+
+STEP 1 QUERY
+ENTRY_BEGIN
+REPLY RD
+SECTION QUESTION
+a.c.x.w.example. IN A
+ENTRY_END
+
+; recursion happens here.
+STEP 10 CHECK_ANSWER
+ENTRY_BEGIN
+MATCH all
+REPLY QR RD RA SERVFAIL
+SECTION QUESTION
+a.c.x.w.example. IN A
+SECTION ANSWER
+SECTION AUTHORITY
+SECTION ADDITIONAL
+ENTRY_END
+
+SCENARIO_END
diff --git a/src/test/resources/unbound/val_nsec3_b1_nameerror_nonc.rpl b/src/test/resources/unbound/val_nsec3_b1_nameerror_nonc.rpl
new file mode 100644
index 000000000..e49b751de
--- /dev/null
+++ b/src/test/resources/unbound/val_nsec3_b1_nameerror_nonc.rpl
@@ -0,0 +1,147 @@
+; config options
+server:
+        trust-anchor: "example. DNSKEY  257 3 7 AwEAAcUlFV1vhmqx6NSOUOq2R/dsR7Xm 3upJ ( j7IommWSpJABVfW8Q0rOvXdM6kzt+TAu92L9 AbsUdblMFin8CVF3n4s= )"
+	val-override-date: "20120420235959"
+	target-fetch-policy: "0 0 0 0 0"
+	qname-minimisation: "no"
+	fake-sha1: yes
+	val-min-rsa-size: 512
+	trust-anchor-signaling: no
+
+stub-zone:
+	name: "."
+	stub-addr: 193.0.14.129 	# K.ROOT-SERVERS.NET.
+CONFIG_END
+
+SCENARIO_BEGIN Test validator NSEC3 B.1 name error without nc NSEC3.
+
+; K.ROOT-SERVERS.NET.
+RANGE_BEGIN 0 100
+	ADDRESS 193.0.14.129
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+. IN NS
+SECTION ANSWER
+. IN NS	K.ROOT-SERVERS.NET.
+SECTION ADDITIONAL
+K.ROOT-SERVERS.NET.	IN	A	193.0.14.129
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode subdomain
+ADJUST copy_id copy_query
+REPLY QR NOERROR
+SECTION QUESTION
+example. IN A
+SECTION AUTHORITY
+example.	IN NS	ns1.example.
+; leave out to make unbound take ns1
+;example.	IN NS	ns2.example.
+SECTION ADDITIONAL
+ns1.example.	IN A 192.0.2.1
+; leave out to make unbound take ns1
+;ns2.example.	IN A 192.0.2.2
+ENTRY_END
+RANGE_END
+
+; ns1.example.
+RANGE_BEGIN 0 100
+	ADDRESS 192.0.2.1
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id copy_query
+REPLY QR REFUSED
+SECTION QUESTION
+ns1.example. IN A
+SECTION ANSWER
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id copy_query
+REPLY QR REFUSED
+SECTION QUESTION
+ns1.example. IN AAAA
+SECTION ANSWER
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id copy_query
+REPLY QR REFUSED
+SECTION QUESTION
+example. IN NS
+SECTION ANSWER
+ENTRY_END
+
+; response to DNSKEY priming query
+
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+example. IN DNSKEY
+SECTION ANSWER
+example. DNSKEY  256 3 7 AwEAAaetidLzsKWUt4swWR8yu0wPHPiUi8LU ( sAD0QPWU+wzt89ep O6tHzkMBVDkC7qphQO2h TY4hHn9npWFRw5BYubE= )
+example. DNSKEY  257 3 7 AwEAAcUlFV1vhmqx6NSOUOq2R/dsR7Xm3upJ ( j7IommWSpJABVfW8 Q0rOvXdM6kzt+TAu92L9 AbsUdblMFin8CVF3n4s= )
+example. RRSIG   DNSKEY 7 1 3600 20150420235959 ( 20051021000000 12708 example.  AuU4juU9RaxescSmStrQks3Gh9FblGBlVU31 uzMZ/U/FpsUb8aC6QZS+sTsJXnLnz7flGOsm MGQZf 3bH+QsCtg== )
+
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR AA DO NXDOMAIN
+SECTION QUESTION
+a.c.x.w.example. IN A
+SECTION AUTHORITY
+example.       SOA     ns1.example. bugs.x.w.example. 1 3600 300 ( 3600000 3600 )
+example.        RRSIG   SOA 7 1 3600 20150420235959 20051021000000 ( 40430 example.  Hu25UIyNPmvPIVBrldN+9Mlp9Zql39qaUd8i q4ZLlYWfUUbbAS41pG+68z81q1xhkYAcEyHd V I2LmKusbZsT0Q== )
+
+;; NSEC3 RR that covers the "next closer" name (c.x.w.example)
+;; H(c.x.w.example) = 0va5bpr2ou0vk0lbqeeljri88laipsfh
+
+;0p9mhaveqvm6t7vbl5lop2u3t2rp3tom.example. NSEC3 1 1 12 aabbccdd ( 2t7b4g4vsa5smi 47k61mv5bv1a22bojr MX DNSKEY NS SOA NSEC3PARAM RRSIG )
+;0p9mhaveqvm6t7vbl5lop2u3t2rp3tom.example. RRSIG   NSEC3 7 2 3600 20150420235959 20051021000000 ( 40430 example.  OSgWSm26B+cS+dDL8b5QrWr/dEWhtCsKlwKL IBHYH6blRx K9rC0bMJPwQ4mLIuw85H2EY762 BOCXJZMnpuwhpA== )
+
+;; NSEC3 RR that matches the closest encloser (x.w.example)
+;; H(x.w.example) = b4um86eghhds6nea196smvmlo4ors995
+
+b4um86eghhds6nea196smvmlo4ors995.example. NSEC3 1 1 12 aabbccdd ( gjeqe526plbf1g8mklp59enfd789njgi MX RRSIG )
+b4um86eghhds6nea196smvmlo4ors995.example. RRSIG   NSEC3 7 2 3600 20150420235959 20051021000000 ( 40430 example.  ZkPG3M32lmoHM6pa3D6gZFGB/rhL//Bs3Omh 5u4m/CUi wtblEVOaAKKZd7S959OeiX43aLX3 pOv0TSTyiTxIZg== )
+
+;; NSEC3 RR that covers wildcard at the closest encloser (*.x.w.example)
+;; H(*.x.w.example) = 92pqneegtaue7pjatc3l3qnk738c6v5m
+
+35mthgpgcu1qg68fab165klnsnk3dpvl.example. NSEC3 1 1 12 aabbccdd ( b4um86eghhds6nea196smvmlo4ors995 NS DS RRSIG )
+35mthgpgcu1qg68fab165klnsnk3dpvl.example. RRSIG   NSEC3 7 2 3600 20150420235959 20051021000000 ( 40430 example.  g6jPUUpduAJKRljUsN8gB4UagAX0NxY9shwQ Aynzo8EUWH +z6hEIBlUTPGj15eZll6VhQqgZ XtAIR3chwgW+SA== )
+
+SECTION ADDITIONAL
+ENTRY_END
+
+RANGE_END
+
+STEP 1 QUERY
+ENTRY_BEGIN
+REPLY RD
+SECTION QUESTION
+a.c.x.w.example. IN A
+ENTRY_END
+
+; recursion happens here.
+STEP 10 CHECK_ANSWER
+ENTRY_BEGIN
+MATCH all
+REPLY QR RD RA SERVFAIL
+SECTION QUESTION
+a.c.x.w.example. IN A
+SECTION ANSWER
+SECTION AUTHORITY
+SECTION ADDITIONAL
+ENTRY_END
+
+SCENARIO_END
diff --git a/src/test/resources/unbound/val_nsec3_b1_nameerror_nowc.rpl b/src/test/resources/unbound/val_nsec3_b1_nameerror_nowc.rpl
new file mode 100644
index 000000000..60b2f7905
--- /dev/null
+++ b/src/test/resources/unbound/val_nsec3_b1_nameerror_nowc.rpl
@@ -0,0 +1,152 @@
+; config options
+server:
+        trust-anchor: "example. DNSKEY  257 3 7 AwEAAcUlFV1vhmqx6NSOUOq2R/dsR7Xm3upJ ( j7IommWSpJABVfW8Q0rOvXdM6kzt+TAu92L9 AbsUdblMFin8CVF3n4s= )"
+	val-override-date: "20120420235959"
+	target-fetch-policy: "0 0 0 0 0"
+	qname-minimisation: "no"
+	fake-sha1: yes
+	val-min-rsa-size: 512
+	trust-anchor-signaling: no
+
+stub-zone:
+	name: "."
+	stub-addr: 193.0.14.129 	# K.ROOT-SERVERS.NET.
+CONFIG_END
+
+SCENARIO_BEGIN Test validator NSEC3 B.1 name error without wc NSEC3.
+
+; K.ROOT-SERVERS.NET.
+RANGE_BEGIN 0 100
+	ADDRESS 193.0.14.129
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+. IN NS
+SECTION ANSWER
+. IN NS	K.ROOT-SERVERS.NET.
+SECTION ADDITIONAL
+K.ROOT-SERVERS.NET.	IN	A	193.0.14.129
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode subdomain
+ADJUST copy_id copy_query
+REPLY QR NOERROR
+SECTION QUESTION
+example. IN A
+SECTION AUTHORITY
+example.	IN NS	ns1.example.
+; leave out to make unbound take ns1
+;example.	IN NS	ns2.example.
+SECTION ADDITIONAL
+ns1.example.	IN A 192.0.2.1
+; leave out to make unbound take ns1
+;ns2.example.	IN A 192.0.2.2
+ENTRY_END
+RANGE_END
+
+; ns1.example.
+RANGE_BEGIN 0 100
+	ADDRESS 192.0.2.1
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id copy_query
+REPLY QR REFUSED
+SECTION QUESTION
+ns1.example. IN A
+SECTION ANSWER
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id copy_query
+REPLY QR REFUSED
+SECTION QUESTION
+ns1.example. IN AAAA
+SECTION ANSWER
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id copy_query
+REPLY QR REFUSED
+SECTION QUESTION
+example. IN NS
+SECTION ANSWER
+ENTRY_END
+
+; response to DNSKEY priming query
+
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+example. IN DNSKEY
+SECTION ANSWER
+example. DNSKEY  256 3 7 AwEAAaetidLzsKWUt4swWR8yu0wPHPiUi8LU ( sAD0QPWU+wzt89epO6tHzkMBVDkC7qphQO2h TY4hHn9npWFRw5BYubE= )
+example. DNSKEY  257 3 7 AwEAAcUlFV1vhmqx6NSOUOq2R/dsR7Xm3upJ ( j7IommWSpJABVfW8Q0rOvXdM6kzt+TAu92L9 AbsUdblMFin8CVF3n4s= )
+example. RRSIG   DNSKEY 7 1 3600 20150420235959 ( 20051021000000 12708 example.  AuU4juU9RaxescSmStrQks3Gh9FblGBlVU31 uzMZ/U/FpsUb8aC6QZS+sTsJXnLnz7flGOsm MGQZf3bH+QsCtg== )
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR AA DO NXDOMAIN
+SECTION QUESTION
+a.c.x.w.example. IN A
+SECTION AUTHORITY
+example.       SOA     ns1.example. bugs.x.w.example. 1 3600 300 ( 3600000 3600 )
+example.        RRSIG   SOA 7 1 3600 20150420235959 20051021000000 ( 40430 example.  Hu25UIyNPmvPIVBrldN+9Mlp9Zql39qaUd8i q4ZLlYWfUUbbAS41pG+68z81q1xhkYAcEyHd VI2LmKusbZsT0Q== )
+
+;; NSEC3 RR that covers the "next closer" name (c.x.w.example)
+;; H(c.x.w.example) = 0va5bpr2ou0vk0lbqeeljri88laipsfh
+
+0p9mhaveqvm6t7vbl5lop2u3t2rp3tom.example. NSEC3 1 1 12 aabbccdd ( 2t7b4g4vsa5smi47k61mv5bv1a22bojr MX DNSKEY NS SOA NSEC3PARAM RRSIG )
+0p9mhaveqvm6t7vbl5lop2u3t2rp3tom.example. RRSIG   NSEC3 7 2 3600 20150420235959 20051021000000 ( 40430 example.  OSgWSm26B+cS+dDL8b5QrWr/dEWhtCsKlwKL IBHYH6blRxK9rC0bMJPwQ4mLIuw85H2EY762 BOCXJZMnpuwhpA== )
+
+;; NSEC3 RR that matches the closest encloser (x.w.example)
+;; H(x.w.example) = b4um86eghhds6nea196smvmlo4ors995
+
+b4um86eghhds6nea196smvmlo4ors995.example. NSEC3 1 1 12 aabbccdd ( gjeqe526plbf1g8mklp59enfd789njgi MX RRSIG )
+b4um86eghhds6nea196smvmlo4ors995.example. RRSIG   NSEC3 7 2 3600 20150420235959 20051021000000 ( 40430 example.  ZkPG3M32lmoHM6pa3D6gZFGB/rhL//Bs3Omh 5u4m/CUiwtblEVOaAKKZd7S959OeiX43aLX3 pOv0TSTyiTxIZg== )
+
+;; NSEC3 RR that covers wildcard at the closest encloser (*.x.w.example)
+;; H(*.x.w.example) = 92pqneegtaue7pjatc3l3qnk738c6v5m
+
+
+;35mthgpgcu1qg68fab165klnsnk3dpvl.example. NSEC3 1 1 12 aabbccdd ( b4um86eghhds6nea196smvmlo4ors995 NS DS RRSIG )
+;35mthgpgcu1qg68fab165klnsnk3dpvl.example. RRSIG   NSEC3 7 2 3600 20150420235959 20051021000000 ( 40430 example.  g6jPUUpduAJKRljUsN8gB4UagAX0NxY9shwQ Aynzo8EUWH+z6hEIBlUTPGj15eZll6VhQqgZ XtAIR3chwgW+SA== )
+SECTION ADDITIONAL
+ENTRY_END
+
+RANGE_END
+
+STEP 1 QUERY
+ENTRY_BEGIN
+REPLY RD DO
+SECTION QUESTION
+a.c.x.w.example. IN A
+ENTRY_END
+
+; recursion happens here.
+STEP 10 CHECK_ANSWER
+ENTRY_BEGIN
+MATCH all
+REPLY QR RD RA DO SERVFAIL
+SECTION QUESTION
+a.c.x.w.example. IN A
+SECTION ANSWER
+SECTION AUTHORITY
+; example.       SOA     ns1.example. bugs.x.w.example. 1 3600 300 ( 3600000 3600 )
+; example.        RRSIG   SOA 7 1 3600 20150420235959 20051021000000 ( 40430 example.  Hu25UIyNPmvPIVBrldN+9Mlp9Zql39qaUd8i q4ZLlYWfUUbbAS41pG+68z81q1xhkYAcEyHd VI2LmKusbZsT0Q== )
+; 0p9mhaveqvm6t7vbl5lop2u3t2rp3tom.example. NSEC3 1 1 12 aabbccdd ( 2t7b4g4vsa5smi47k61mv5bv1a22bojr MX DNSKEY NS SOA NSEC3PARAM RRSIG )
+; 0p9mhaveqvm6t7vbl5lop2u3t2rp3tom.example. RRSIG   NSEC3 7 2 3600 20150420235959 20051021000000 ( 40430 example.  OSgWSm26B+cS+dDL8b5QrWr/dEWhtCsKlwKL IBHYH6blRxK9rC0bMJPwQ4mLIuw85H2EY762 BOCXJZMnpuwhpA== )
+; b4um86eghhds6nea196smvmlo4ors995.example. NSEC3 1 1 12 aabbccdd ( gjeqe526plbf1g8mklp59enfd789njgi MX RRSIG )
+; b4um86eghhds6nea196smvmlo4ors995.example. RRSIG   NSEC3 7 2 3600 20150420235959 20051021000000 ( 40430 example.  ZkPG3M32lmoHM6pa3D6gZFGB/rhL//Bs3Omh 5u4m/CUiwtblEVOaAKKZd7S959OeiX43aLX3 pOv0TSTyiTxIZg== )
+SECTION ADDITIONAL
+ENTRY_END
+
+SCENARIO_END
diff --git a/src/test/resources/unbound/val_nsec3_b21_nodataent.rpl b/src/test/resources/unbound/val_nsec3_b21_nodataent.rpl
new file mode 100644
index 000000000..90c5a0066
--- /dev/null
+++ b/src/test/resources/unbound/val_nsec3_b21_nodataent.rpl
@@ -0,0 +1,118 @@
+; config options
+server:
+	trust-anchor: "example. DNSKEY  257 3 7 AwEAAcUlFV1vhmqx6NSOUOq2R/dsR7Xm3upJ ( j7IommWSpJABVfW8Q0rOvXdM6kzt+TAu92L9 AbsUdblMFin8CVF3n4s= )"
+	val-override-date: "20120420235959"
+	target-fetch-policy: "0 0 0 0 0"
+	qname-minimisation: "no"
+	fake-sha1: yes
+	val-min-rsa-size: 512
+	trust-anchor-signaling: no
+
+stub-zone:
+	name: "."
+	stub-addr: 193.0.14.129 	# K.ROOT-SERVERS.NET.
+CONFIG_END
+
+SCENARIO_BEGIN Test validator NSEC3 B.2.1 no data empty nonterminal.
+
+; K.ROOT-SERVERS.NET.
+RANGE_BEGIN 0 100
+	ADDRESS 193.0.14.129
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+. IN NS
+SECTION ANSWER
+. IN NS	K.ROOT-SERVERS.NET.
+SECTION ADDITIONAL
+K.ROOT-SERVERS.NET.	IN	A	193.0.14.129
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode
+ADJUST copy_id copy_query
+REPLY QR NOERROR
+SECTION QUESTION
+. IN A
+SECTION AUTHORITY
+example.	IN NS	ns1.example.
+; leave out to make unbound take ns1
+;example.	IN NS	ns2.example.
+SECTION ADDITIONAL
+ns1.example.	IN A 192.0.2.1
+; leave out to make unbound take ns1
+;ns2.example.	IN A 192.0.2.2
+ENTRY_END
+RANGE_END
+
+; ns1.example.
+RANGE_BEGIN 0 100
+	ADDRESS 192.0.2.1
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id copy_query
+REPLY QR REFUSED
+SECTION QUESTION
+example. IN NS
+SECTION ANSWER
+ENTRY_END
+
+; response to DNSKEY priming query
+
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+example. IN DNSKEY
+SECTION ANSWER
+example. DNSKEY  256 3 7 AwEAAaetidLzsKWUt4swWR8yu0wPHPiUi8LU ( sAD0QPWU+wzt89epO6tHzkMBVDkC7qphQO2h TY4hHn9npWFRw5BYubE= )
+example. DNSKEY  257 3 7 AwEAAcUlFV1vhmqx6NSOUOq2R/dsR7Xm3upJ ( j7IommWSpJABVfW8Q0rOvXdM6kzt+TAu92L9 AbsUdblMFin8CVF3n4s= )
+example. RRSIG   DNSKEY 7 1 3600 20150420235959 ( 20051021000000 12708 example.  AuU4juU9RaxescSmStrQks3Gh9FblGBlVU31 uzMZ/U/FpsUb8aC6QZS+sTsJXnLnz7flGOsm MGQZf3bH+QsCtg== )
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR AA DO NOERROR
+SECTION QUESTION
+y.w.example.        IN A
+SECTION AUTHORITY
+example.       SOA     ns1.example. bugs.x.w.example. 1 3600 300 ( 3600000 3600 )
+example.        RRSIG   SOA 7 1 3600 20150420235959 20051021000000 ( 40430 example.  Hu25UIyNPmvPIVBrldN+9Mlp9Zql39qaUd8i q4ZLlYWfUUbbAS41pG+68z81q1xhkYAcEyHd VI2LmKusbZsT0Q== )
+
+;; NSEC3 RR matches the QNAME and shows that the A type bit is not set.
+ji6neoaepv8b5o6k4ev33abha8ht9fgc.example. NSEC3 1 1 12 aabbccdd ( k8udemvp1j2f7eg6jebps17vp3n8i58h )
+ji6neoaepv8b5o6k4ev33abha8ht9fgc.example. RRSIG   NSEC3 7 2 3600 20150420235959 20051021000000 ( 40430 example.  gPkFp1s2QDQ6wQzcg1uSebZ61W33rUBDcTj7 2F3kQ490fEdp7k1BUIfbcZtPbX3YCpE+sIt0 MpzVSKfTwx4uYA== )
+
+SECTION ADDITIONAL
+ENTRY_END
+
+RANGE_END
+
+STEP 1 QUERY
+ENTRY_BEGIN
+REPLY RD DO
+SECTION QUESTION
+y.w.example.        IN A
+ENTRY_END
+
+; recursion happens here.
+STEP 10 CHECK_ANSWER
+ENTRY_BEGIN
+MATCH all
+REPLY QR RD RA AD DO NOERROR
+SECTION QUESTION
+y.w.example.        IN A
+SECTION ANSWER
+SECTION AUTHORITY
+example.       SOA     ns1.example. bugs.x.w.example. 1 3600 300 ( 3600000 3600 )
+example.        RRSIG   SOA 7 1 3600 20150420235959 20051021000000 ( 40430 example.  Hu25UIyNPmvPIVBrldN+9Mlp9Zql39qaUd8i q4ZLlYWfUUbbAS41pG+68z81q1xhkYAcEyHd VI2LmKusbZsT0Q== )
+ji6neoaepv8b5o6k4ev33abha8ht9fgc.example. NSEC3 1 1 12 aabbccdd ( k8udemvp1j2f7eg6jebps17vp3n8i58h )
+ji6neoaepv8b5o6k4ev33abha8ht9fgc.example. RRSIG   NSEC3 7 2 3600 20150420235959 20051021000000 ( 40430 example.  gPkFp1s2QDQ6wQzcg1uSebZ61W33rUBDcTj7 2F3kQ490fEdp7k1BUIfbcZtPbX3YCpE+sIt0 MpzVSKfTwx4uYA== )
+SECTION ADDITIONAL
+ENTRY_END
+
+SCENARIO_END
diff --git a/src/test/resources/unbound/val_nsec3_b21_nodataent_wr.rpl b/src/test/resources/unbound/val_nsec3_b21_nodataent_wr.rpl
new file mode 100644
index 000000000..548a1d0ca
--- /dev/null
+++ b/src/test/resources/unbound/val_nsec3_b21_nodataent_wr.rpl
@@ -0,0 +1,136 @@
+; config options
+server:
+	trust-anchor: "example. DNSKEY  257 3 7 AwEAAcUlFV1vhmqx6NSOUOq2R/dsR7Xm3upJ ( j7IommWSpJABVfW8Q0rOvXdM6kzt+TAu92L9 AbsUdblMFin8CVF3n4s= )"
+	val-override-date: "20120420235959"
+	target-fetch-policy: "0 0 0 0 0"
+	qname-minimisation: "no"
+	fake-sha1: yes
+	val-min-rsa-size: 512
+	trust-anchor-signaling: no
+
+stub-zone:
+	name: "."
+	stub-addr: 193.0.14.129 	# K.ROOT-SERVERS.NET.
+CONFIG_END
+
+SCENARIO_BEGIN Test validator NSEC3 B.2.1 no data empty nonterminal, wrong rr.
+
+; K.ROOT-SERVERS.NET.
+RANGE_BEGIN 0 100
+	ADDRESS 193.0.14.129
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+. IN NS
+SECTION ANSWER
+. IN NS	K.ROOT-SERVERS.NET.
+SECTION ADDITIONAL
+K.ROOT-SERVERS.NET.	IN	A	193.0.14.129
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode subdomain
+ADJUST copy_id copy_query
+REPLY QR NOERROR
+SECTION QUESTION
+example. IN A
+SECTION AUTHORITY
+example.	IN NS	ns1.example.
+; leave out to make unbound take ns1
+;example.	IN NS	ns2.example.
+SECTION ADDITIONAL
+ns1.example.	IN A 192.0.2.1
+; leave out to make unbound take ns1
+;ns2.example.	IN A 192.0.2.2
+ENTRY_END
+RANGE_END
+
+; ns1.example.
+RANGE_BEGIN 0 100
+	ADDRESS 192.0.2.1
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id copy_query
+REPLY QR REFUSED
+SECTION QUESTION
+ns1.example. IN A
+SECTION ANSWER
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id copy_query
+REPLY QR REFUSED
+SECTION QUESTION
+ns1.example. IN AAAA
+SECTION ANSWER
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id copy_query
+REPLY QR REFUSED
+SECTION QUESTION
+example. IN NS
+SECTION ANSWER
+ENTRY_END
+
+; response to DNSKEY priming query
+
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+example. IN DNSKEY
+SECTION ANSWER
+example. DNSKEY  256 3 7 AwEAAaetidLzsKWUt4swWR8yu0wPHPiUi8LU ( sAD0QPWU+wzt89epO6tHzkMBVDkC7qphQO2h TY4hHn9npWFRw5BYubE= )
+example. DNSKEY  257 3 7 AwEAAcUlFV1vhmqx6NSOUOq2R/dsR7Xm3upJ ( j7IommWSpJABVfW8Q0rOvXdM6kzt+TAu92L9 AbsUdblMFin8CVF3n4s= )
+example. RRSIG   DNSKEY 7 1 3600 20150420235959 ( 20051021000000 12708 example.  AuU4juU9RaxescSmStrQks3Gh9FblGBlVU31 uzMZ/U/FpsUb8aC6QZS+sTsJXnLnz7flGOsm MGQZf3bH+QsCtg== )
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR AA DO NOERROR
+SECTION QUESTION
+y.w.example.        IN A
+SECTION AUTHORITY
+example.       SOA     ns1.example. bugs.x.w.example. 1 3600 300 ( 3600000 3600 )
+example.        RRSIG   SOA 7 1 3600 20150420235959 20051021000000 ( 40430 example.  Hu25UIyNPmvPIVBrldN+9Mlp9Zql39qaUd8i q4ZLlYWfUUbbAS41pG+68z81q1xhkYAcEyHd VI2LmKusbZsT0Q== )
+
+;; NSEC3 RR matches the QNAME and shows that the A type bit is not set.
+;ji6neoaepv8b5o6k4ev33abha8ht9fgc.example. NSEC3 1 1 12 aabbccdd ( k8udemvp1j2f7eg6jebps17vp3n8i58h )
+;ji6neoaepv8b5o6k4ev33abha8ht9fgc.example. RRSIG   NSEC3 7 2 3600 20150420235959 20051021000000 ( 40430 example.  gPkFp1s2QDQ6wQzcg1uSebZ61W33rUBDcTj7 2F3kQ490fEdp7k1BUIfbcZtPbX3YCpE+sIt0 MpzVSKfTwx4uYA== )
+
+; instead the wrong NSEC3 rr is included
+35mthgpgcu1qg68fab165klnsnk3dpvl.example. NSEC3 1 1 12 aabbccdd ( b4um86eghhds6nea196smvmlo4ors995 NS DS RRSIG )
+35mthgpgcu1qg68fab165klnsnk3dpvl.example. RRSIG   NSEC3 7 2 3600 20150420235959 20051021000000 ( 40430 example.  g6jPUUpduAJKRljUsN8gB4UagAX0NxY9shwQ Aynzo8EUWH+z6hEIBlUTPGj15eZll6VhQqgZ XtAIR3chwgW+SA== )
+
+SECTION ADDITIONAL
+ENTRY_END
+
+RANGE_END
+
+STEP 1 QUERY
+ENTRY_BEGIN
+REPLY RD
+SECTION QUESTION
+y.w.example.        IN A
+ENTRY_END
+
+; recursion happens here.
+STEP 10 CHECK_ANSWER
+ENTRY_BEGIN
+MATCH all
+REPLY QR RD RA SERVFAIL
+SECTION QUESTION
+y.w.example.        IN A
+SECTION ANSWER
+SECTION AUTHORITY
+SECTION ADDITIONAL
+ENTRY_END
+
+SCENARIO_END
diff --git a/src/test/resources/unbound/val_nsec3_b2_nodata.rpl b/src/test/resources/unbound/val_nsec3_b2_nodata.rpl
new file mode 100644
index 000000000..d3da26308
--- /dev/null
+++ b/src/test/resources/unbound/val_nsec3_b2_nodata.rpl
@@ -0,0 +1,118 @@
+; config options
+server:
+        trust-anchor: "example. DNSKEY  257 3 7 AwEAAcUlFV1vhmqx6NSOUOq2R/dsR7Xm3upJ ( j7IommWSpJABVfW8Q0rOvXdM6kzt+TAu92L9 AbsUdblMFin8CVF3n4s= )"
+	val-override-date: "20120420235959"
+	target-fetch-policy: "0 0 0 0 0"
+	qname-minimisation: "no"
+	fake-sha1: yes
+	val-min-rsa-size: 512
+	trust-anchor-signaling: no
+
+stub-zone:
+	name: "."
+	stub-addr: 193.0.14.129 	# K.ROOT-SERVERS.NET.
+CONFIG_END
+
+SCENARIO_BEGIN Test validator NSEC3 B.2 no data.
+
+; K.ROOT-SERVERS.NET.
+RANGE_BEGIN 0 100
+	ADDRESS 193.0.14.129
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+. IN NS
+SECTION ANSWER
+. IN NS	K.ROOT-SERVERS.NET.
+SECTION ADDITIONAL
+K.ROOT-SERVERS.NET.	IN	A	193.0.14.129
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode
+ADJUST copy_id copy_query
+REPLY QR NOERROR
+SECTION QUESTION
+. IN A
+SECTION AUTHORITY
+example.	IN NS	ns1.example.
+; leave out to make unbound take ns1
+;example.	IN NS	ns2.example.
+SECTION ADDITIONAL
+ns1.example.	IN A 192.0.2.1
+; leave out to make unbound take ns1
+;ns2.example.	IN A 192.0.2.2
+ENTRY_END
+RANGE_END
+
+; ns1.example.
+RANGE_BEGIN 0 100
+	ADDRESS 192.0.2.1
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id copy_query
+REPLY QR REFUSED
+SECTION QUESTION
+example. IN NS
+SECTION ANSWER
+ENTRY_END
+
+; response to DNSKEY priming query
+
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+example. IN DNSKEY
+SECTION ANSWER
+example. DNSKEY  256 3 7 AwEAAaetidLzsKWUt4swWR8yu0wPHPiUi8LU ( sAD0QPWU+wzt89epO6tHzkMBVDkC7qphQO2h TY4hHn9npWFRw5BYubE= )
+example. DNSKEY  257 3 7 AwEAAcUlFV1vhmqx6NSOUOq2R/dsR7Xm3upJ ( j7IommWSpJABVfW8Q0rOvXdM6kzt+TAu92L9 AbsUdblMFin8CVF3n4s= )
+example. RRSIG   DNSKEY 7 1 3600 20150420235959 ( 20051021000000 12708 example.  AuU4juU9RaxescSmStrQks3Gh9FblGBlVU31 uzMZ/U/FpsUb8aC6QZS+sTsJXnLnz7flGOsm MGQZf3bH+QsCtg== )
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR AA DO NOERROR
+SECTION QUESTION
+ns1.example.        IN MX
+SECTION AUTHORITY
+example.       SOA     ns1.example. bugs.x.w.example. 1 3600 300 ( 3600000 3600 )
+example.        RRSIG   SOA 7 1 3600 20150420235959 20051021000000 ( 40430 example.  Hu25UIyNPmvPIVBrldN+9Mlp9Zql39qaUd8i q4ZLlYWfUUbbAS41pG+68z81q1xhkYAcEyHd VI2LmKusbZsT0Q== )
+
+;; NSEC3 RR matches the QNAME and shows that the MX type bit is not set.
+2t7b4g4vsa5smi47k61mv5bv1a22bojr.example. NSEC3   1 1 12 aabbccdd ( 2vptu5timamqttgl4luu9kg21e0aor3s A RRSIG )
+2t7b4g4vsa5smi47k61mv5bv1a22bojr.example. RRSIG   NSEC3 7 2 3600 20150420235959 20051021000000 ( 40430 example.  OmBvJ1Vgg1hCKMXHFiNeIYHK9XVW0iLDLwJN 4TFoNxZuP03gAXEI634YwOc4YBNITrj413iq NI6mRk/r1dOSUw== )
+
+SECTION ADDITIONAL
+ENTRY_END
+
+RANGE_END
+
+STEP 1 QUERY
+ENTRY_BEGIN
+REPLY RD DO
+SECTION QUESTION
+ns1.example.        IN MX
+ENTRY_END
+
+; recursion happens here.
+STEP 10 CHECK_ANSWER
+ENTRY_BEGIN
+MATCH all
+REPLY QR RD RA AD DO NOERROR
+SECTION QUESTION
+ns1.example.        IN MX
+SECTION ANSWER
+SECTION AUTHORITY
+example.       SOA     ns1.example. bugs.x.w.example. 1 3600 300 ( 3600000 3600 )
+example.        RRSIG   SOA 7 1 3600 20150420235959 20051021000000 ( 40430 example.  Hu25UIyNPmvPIVBrldN+9Mlp9Zql39qaUd8i q4ZLlYWfUUbbAS41pG+68z81q1xhkYAcEyHd VI2LmKusbZsT0Q== )
+2t7b4g4vsa5smi47k61mv5bv1a22bojr.example. NSEC3   1 1 12 aabbccdd ( 2vptu5timamqttgl4luu9kg21e0aor3s A RRSIG )
+2t7b4g4vsa5smi47k61mv5bv1a22bojr.example. RRSIG   NSEC3 7 2 3600 20150420235959 20051021000000 ( 40430 example.  OmBvJ1Vgg1hCKMXHFiNeIYHK9XVW0iLDLwJN 4TFoNxZuP03gAXEI634YwOc4YBNITrj413iq NI6mRk/r1dOSUw== )
+SECTION ADDITIONAL
+ENTRY_END
+
+SCENARIO_END
diff --git a/src/test/resources/unbound/val_nsec3_b2_nodata_nons.rpl b/src/test/resources/unbound/val_nsec3_b2_nodata_nons.rpl
new file mode 100644
index 000000000..82007711c
--- /dev/null
+++ b/src/test/resources/unbound/val_nsec3_b2_nodata_nons.rpl
@@ -0,0 +1,140 @@
+; config options
+server:
+        trust-anchor: "example. DNSKEY  257 3 7 AwEAAcUlFV1vhmqx6NSOUOq2R/dsR7Xm3upJ ( j7IommWSpJABVfW8Q0rOvXdM6kzt+TAu92L9 AbsUdblMFin8CVF3n4s= )"
+	val-override-date: "20120420235959"
+	target-fetch-policy: "0 0 0 0 0"
+	fake-sha1: yes
+	val-min-rsa-size: 512
+	trust-anchor-signaling: no
+
+stub-zone:
+	name: "."
+	stub-addr: 193.0.14.129 	# K.ROOT-SERVERS.NET.
+CONFIG_END
+
+SCENARIO_BEGIN Test validator NSEC3 B.2 no data, without NSEC3.
+
+; K.ROOT-SERVERS.NET.
+RANGE_BEGIN 0 100
+	ADDRESS 193.0.14.129
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+. IN NS
+SECTION ANSWER
+. IN NS	K.ROOT-SERVERS.NET.
+SECTION ADDITIONAL
+K.ROOT-SERVERS.NET.	IN	A	193.0.14.129
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode subdomain
+ADJUST copy_id copy_query
+REPLY QR NOERROR
+SECTION QUESTION
+example. IN A
+SECTION AUTHORITY
+example.	IN NS	ns1.example.
+; leave out to make unbound take ns1
+;example.	IN NS	ns2.example.
+SECTION ADDITIONAL
+ns1.example.	IN A 192.0.2.1
+; leave out to make unbound take ns1
+;ns2.example.	IN A 192.0.2.2
+ENTRY_END
+RANGE_END
+
+; ns1.example.
+RANGE_BEGIN 0 100
+	ADDRESS 192.0.2.1
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id copy_query
+REPLY QR REFUSED
+SECTION QUESTION
+ns1.example. IN A
+SECTION ANSWER
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id copy_query
+REPLY QR REFUSED
+SECTION QUESTION
+ns1.example. IN AAAA
+SECTION ANSWER
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id copy_query
+REPLY QR REFUSED
+SECTION QUESTION
+example. IN NS
+SECTION ANSWER
+ENTRY_END
+
+; response to DNSKEY priming query
+
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+example. IN DNSKEY
+SECTION ANSWER
+example. DNSKEY  256 3 7 AwEAAaetidLzsKWUt4swWR8yu0wPHPiUi8LU ( sAD0QPWU+wzt89epO6tHzkMBVDkC7qphQO2h TY4hHn9npWFRw5BYubE= )
+example. DNSKEY  257 3 7 AwEAAcUlFV1vhmqx6NSOUOq2R/dsR7Xm3upJ ( j7IommWSpJABVfW8Q0rOvXdM6kzt+TAu92L9 AbsUdblMFin8CVF3n4s= )
+example. RRSIG   DNSKEY 7 1 3600 20150420235959 ( 20051021000000 12708 example.  AuU4juU9RaxescSmStrQks3Gh9FblGBlVU31 uzMZ/U/FpsUb8aC6QZS+sTsJXnLnz7flGOsm MGQZf3bH+QsCtg== )
+ENTRY_END
+
+; response to DS query
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR AA DO NOERROR
+SECTION QUESTION
+ns1.example.        IN DS
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR AA DO NOERROR
+SECTION QUESTION
+ns1.example.        IN MX
+SECTION AUTHORITY
+example.       SOA     ns1.example. bugs.x.w.example. 1 3600 300 ( 3600000 3600 )
+example.        RRSIG   SOA 7 1 3600 20150420235959 20051021000000 ( 40430 example.  Hu25UIyNPmvPIVBrldN+9Mlp9Zql39qaUd8i q4ZLlYWfUUbbAS41pG+68z81q1xhkYAcEyHd VI2LmKusbZsT0Q== )
+
+;; NSEC3 RR matches the QNAME and shows that the MX type bit is not set.
+;2t7b4g4vsa5smi47k61mv5bv1a22bojr.example. NSEC3   1 1 12 aabbccdd ( 2vptu5timamqttgl4luu9kg21e0aor3s A RRSIG )
+;2t7b4g4vsa5smi47k61mv5bv1a22bojr.example. RRSIG   NSEC3 7 2 3600 20150420235959 20051021000000 ( 40430 example.  OmBvJ1Vgg1hCKMXHFiNeIYHK9XVW0iLDLwJN 4TFoNxZuP03gAXEI634YwOc4YBNITrj413iq NI6mRk/r1dOSUw== )
+
+SECTION ADDITIONAL
+ENTRY_END
+
+RANGE_END
+
+STEP 1 QUERY
+ENTRY_BEGIN
+REPLY RD DO
+SECTION QUESTION
+ns1.example.        IN MX
+ENTRY_END
+
+; recursion happens here.
+STEP 10 CHECK_ANSWER
+ENTRY_BEGIN
+MATCH all
+REPLY QR RD RA DO SERVFAIL
+SECTION QUESTION
+ns1.example.        IN MX
+SECTION ANSWER
+SECTION AUTHORITY
+SECTION ADDITIONAL
+ENTRY_END
+
+SCENARIO_END
diff --git a/src/test/resources/unbound/val_nsec3_b3_optout.rpl b/src/test/resources/unbound/val_nsec3_b3_optout.rpl
new file mode 100644
index 000000000..bdce280c5
--- /dev/null
+++ b/src/test/resources/unbound/val_nsec3_b3_optout.rpl
@@ -0,0 +1,216 @@
+; config options
+server:
+        trust-anchor: "example. DNSKEY  257 3 7 AwEAAcUlFV1vhmqx6NSOUOq2R/dsR7Xm3upJ ( j7IommWSpJABVfW8Q0rOvXdM6kzt+TAu92L9 AbsUdblMFin8CVF3n4s= )"
+	val-override-date: "20120420235959"
+	target-fetch-policy: "0 0 0 0 0"
+	qname-minimisation: "no"
+	fake-sha1: yes
+	val-min-rsa-size: 512
+	trust-anchor-signaling: no
+	minimal-responses: no
+
+stub-zone:
+	name: "."
+	stub-addr: 193.0.14.129 	# K.ROOT-SERVERS.NET.
+CONFIG_END
+
+SCENARIO_BEGIN Test validator NSEC3 B.3 referral to optout unsigned zone.
+
+; K.ROOT-SERVERS.NET.
+RANGE_BEGIN 0 100
+	ADDRESS 193.0.14.129
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+. IN NS
+SECTION ANSWER
+. IN NS	K.ROOT-SERVERS.NET.
+SECTION ADDITIONAL
+K.ROOT-SERVERS.NET.	IN	A	193.0.14.129
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode
+ADJUST copy_id copy_query
+REPLY QR NOERROR
+SECTION QUESTION
+. IN A
+SECTION AUTHORITY
+example.	IN NS	ns1.example.
+; leave out to make unbound take ns1
+;example.	IN NS	ns2.example.
+SECTION ADDITIONAL
+ns1.example.	IN A 192.0.2.1
+; leave out to make unbound take ns1
+;ns2.example.	IN A 192.0.2.2
+ENTRY_END
+RANGE_END
+
+; ns1.example.
+RANGE_BEGIN 0 100
+	ADDRESS 192.0.2.1
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id copy_query
+REPLY QR REFUSED
+SECTION QUESTION
+example. IN NS
+SECTION ANSWER
+ENTRY_END
+
+; response to DNSKEY priming query
+
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+example. IN DNSKEY
+SECTION ANSWER
+example. DNSKEY  256 3 7 AwEAAaetidLzsKWUt4swWR8yu0wPHPiUi8LU ( sAD0QPWU+wzt89epO6tHzkMBVDkC7qphQO2h TY4hHn9npWFRw5BYubE= )
+example. DNSKEY  257 3 7 AwEAAcUlFV1vhmqx6NSOUOq2R/dsR7Xm3upJ ( j7IommWSpJABVfW8Q0rOvXdM6kzt+TAu92L9 AbsUdblMFin8CVF3n4s= )
+example. RRSIG   DNSKEY 7 1 3600 20150420235959 ( 20051021000000 12708 example.  AuU4juU9RaxescSmStrQks3Gh9FblGBlVU31 uzMZ/U/FpsUb8aC6QZS+sTsJXnLnz7flGOsm MGQZf3bH+QsCtg== )
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR AA DO NOERROR
+SECTION QUESTION
+mc.c.example.       IN MX
+SECTION AUTHORITY
+c.example.	NS      ns1.c.example.
+c.example. 	NS      ns2.c.example.
+
+;; NSEC3 RR that covers the "next closer" name (c.example)
+;; H(c.example) = 4g6p9u5gvfshp30pqecj98b3maqbn1ck
+35mthgpgcu1qg68fab165klnsnk3dpvl.example. NSEC3 1 1 12 aabbccdd ( b4um86eghhds6nea196smvmlo4ors995 NS DS RRSIG )
+35mthgpgcu1qg68fab165klnsnk3dpvl.example. RRSIG   NSEC3 7 2 3600 20150420235959 20051021000000 ( 40430 example.  g6jPUUpduAJKRljUsN8gB4UagAX0NxY9shwQ Aynzo8EUWH+z6hEIBlUTPGj15eZll6VhQqgZ XtAIR3chwgW+SA== )
+
+;; NSEC3 RR that matches the closest encloser (example)
+;; H(example) = 0p9mhaveqvm6t7vbl5lop2u3t2rp3tom
+0p9mhaveqvm6t7vbl5lop2u3t2rp3tom.example. NSEC3 1 1 12 aabbccdd ( 2t7b4g4vsa5smi47k61mv5bv1a22bojr MX DNSKEY NS SOA NSEC3PARAM RRSIG )
+0p9mhaveqvm6t7vbl5lop2u3t2rp3tom.example. RRSIG   NSEC3 7 2 3600 20150420235959 20051021000000 ( 40430 example.  OSgWSm26B+cS+dDL8b5QrWr/dEWhtCsKlwKL IBHYH6blRxK9rC0bMJPwQ4mLIuw85H2EY762 BOCXJZMnpuwhpA== )
+
+SECTION ADDITIONAL
+ns1.c.example. A       192.0.2.7
+ns2.c.example. A       192.0.2.8
+
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR AA DO NOERROR
+SECTION QUESTION
+c.example.       IN DS
+SECTION AUTHORITY
+;; NSEC3 RR that covers the "next closer" name (c.example)
+;; H(c.example) = 4g6p9u5gvfshp30pqecj98b3maqbn1ck
+35mthgpgcu1qg68fab165klnsnk3dpvl.example. NSEC3 1 1 12 aabbccdd ( b4um86eghhds6nea196smvmlo4ors995 NS DS RRSIG )
+35mthgpgcu1qg68fab165klnsnk3dpvl.example. RRSIG   NSEC3 7 2 3600 20150420235959 20051021000000 ( 40430 example.  g6jPUUpduAJKRljUsN8gB4UagAX0NxY9shwQ Aynzo8EUWH+z6hEIBlUTPGj15eZll6VhQqgZ XtAIR3chwgW+SA== )
+
+;; NSEC3 RR that matches the closest encloser (example)
+;; H(example) = 0p9mhaveqvm6t7vbl5lop2u3t2rp3tom
+0p9mhaveqvm6t7vbl5lop2u3t2rp3tom.example. NSEC3 1 1 12 aabbccdd ( 2t7b4g4vsa5smi47k61mv5bv1a22bojr MX DNSKEY NS SOA NSEC3PARAM RRSIG )
+0p9mhaveqvm6t7vbl5lop2u3t2rp3tom.example. RRSIG   NSEC3 7 2 3600 20150420235959 20051021000000 ( 40430 example.  OSgWSm26B+cS+dDL8b5QrWr/dEWhtCsKlwKL IBHYH6blRxK9rC0bMJPwQ4mLIuw85H2EY762 BOCXJZMnpuwhpA== )
+ENTRY_END
+
+RANGE_END
+
+; ns1.c.example.
+RANGE_BEGIN 0 100
+	ADDRESS 192.0.2.7
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR AA NOERROR
+SECTION QUESTION
+c.example.       IN NS
+SECTION ANSWER
+c.example.	NS      ns1.c.example.
+c.example. 	NS      ns2.c.example.
+SECTION ADDITIONAL
+ns1.c.example. A       192.0.2.7
+ns2.c.example. A       192.0.2.8
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR AA NOERROR
+SECTION QUESTION
+mc.c.example.       IN MX
+SECTION ANSWER
+mc.c.example.       IN MX 50 mx.c.example.
+SECTION AUTHORITY
+c.example.	NS      ns1.c.example.
+c.example. 	NS      ns2.c.example.
+SECTION ADDITIONAL
+ns1.c.example. A       192.0.2.7
+ns2.c.example. A       192.0.2.8
+ENTRY_END
+RANGE_END
+
+; ns2.c.example.
+RANGE_BEGIN 0 100
+	ADDRESS 192.0.2.8
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR AA NOERROR
+SECTION QUESTION
+c.example.       IN NS
+SECTION ANSWER
+c.example.	NS      ns1.c.example.
+c.example. 	NS      ns2.c.example.
+SECTION ADDITIONAL
+ns1.c.example. A       192.0.2.7
+ns2.c.example. A       192.0.2.8
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR AA NOERROR
+SECTION QUESTION
+mc.c.example.       IN MX
+SECTION ANSWER
+mc.c.example.       IN MX 50 mx.c.example.
+SECTION AUTHORITY
+c.example.	NS      ns1.c.example.
+c.example. 	NS      ns2.c.example.
+SECTION ADDITIONAL
+ns1.c.example. A       192.0.2.7
+ns2.c.example. A       192.0.2.8
+ENTRY_END
+RANGE_END
+
+
+STEP 1 QUERY
+ENTRY_BEGIN
+REPLY RD DO
+SECTION QUESTION
+mc.c.example.       IN MX
+ENTRY_END
+
+; recursion happens here.
+STEP 10 CHECK_ANSWER
+ENTRY_BEGIN
+MATCH all
+REPLY QR RD RA DO NOERROR
+SECTION QUESTION
+mc.c.example.       IN MX
+SECTION ANSWER
+mc.c.example.       IN MX 50 mx.c.example.
+SECTION AUTHORITY
+c.example.	NS      ns1.c.example.
+c.example. 	NS      ns2.c.example.
+SECTION ADDITIONAL
+ns1.c.example. A       192.0.2.7
+ns2.c.example. A       192.0.2.8
+ENTRY_END
+
+SCENARIO_END
diff --git a/src/test/resources/unbound/val_nsec3_b3_optout_negcache.rpl b/src/test/resources/unbound/val_nsec3_b3_optout_negcache.rpl
new file mode 100644
index 000000000..f8ef6f87d
--- /dev/null
+++ b/src/test/resources/unbound/val_nsec3_b3_optout_negcache.rpl
@@ -0,0 +1,217 @@
+; config options
+server:
+        trust-anchor: "example. DNSKEY  257 3 7 AwEAAcUlFV1vhmqx6NSOUOq2R/dsR7Xm3upJ ( j7IommWSpJABVfW8Q0rOvXdM6kzt+TAu92L9 AbsUdblMFin8CVF3n4s= )"
+	val-override-date: "20120420235959"
+	target-fetch-policy: "0 0 0 0 0"
+	qname-minimisation: "no"
+	fake-sha1: yes
+	trust-anchor-signaling: no
+	minimal-responses: no
+
+stub-zone:
+	name: "."
+	stub-addr: 193.0.14.129 	# K.ROOT-SERVERS.NET.
+CONFIG_END
+
+SCENARIO_BEGIN Test validator NSEC3 B.3 referral optout with negative cache.
+
+; K.ROOT-SERVERS.NET.
+RANGE_BEGIN 0 100
+	ADDRESS 193.0.14.129 
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+. IN NS
+SECTION ANSWER
+. IN NS	K.ROOT-SERVERS.NET.
+SECTION ADDITIONAL
+K.ROOT-SERVERS.NET.	IN	A	193.0.14.129
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode
+ADJUST copy_id copy_query
+REPLY QR NOERROR
+SECTION QUESTION
+. IN A
+SECTION AUTHORITY
+example.	IN NS	ns1.example.
+; leave out to make unbound take ns1
+;example.	IN NS	ns2.example.
+SECTION ADDITIONAL
+ns1.example.	IN A 192.0.2.1
+; leave out to make unbound take ns1
+;ns2.example.	IN A 192.0.2.2
+ENTRY_END
+RANGE_END
+
+; ns1.example.
+RANGE_BEGIN 0 100
+	ADDRESS 192.0.2.1
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id copy_query
+REPLY QR REFUSED
+SECTION QUESTION
+example. IN NS
+SECTION ANSWER
+ENTRY_END
+
+; response to DNSKEY priming query
+
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+example. IN DNSKEY
+SECTION ANSWER
+example. DNSKEY  256 3 7 AwEAAaetidLzsKWUt4swWR8yu0wPHPiUi8LU ( sAD0QPWU+wzt89epO6tHzkMBVDkC7qphQO2h TY4hHn9npWFRw5BYubE= )
+example. DNSKEY  257 3 7 AwEAAcUlFV1vhmqx6NSOUOq2R/dsR7Xm3upJ ( j7IommWSpJABVfW8Q0rOvXdM6kzt+TAu92L9 AbsUdblMFin8CVF3n4s= )
+example. RRSIG   DNSKEY 7 1 3600 20150420235959 ( 20051021000000 12708 example.  AuU4juU9RaxescSmStrQks3Gh9FblGBlVU31 uzMZ/U/FpsUb8aC6QZS+sTsJXnLnz7flGOsm MGQZf3bH+QsCtg== )
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR AA DO NOERROR
+SECTION QUESTION
+mc.c.example.       IN MX
+SECTION AUTHORITY
+c.example.	NS      ns1.c.example.
+c.example. 	NS      ns2.c.example.
+
+;; NSEC3 RR that covers the "next closer" name (c.example)
+;; H(c.example) = 4g6p9u5gvfshp30pqecj98b3maqbn1ck
+35mthgpgcu1qg68fab165klnsnk3dpvl.example. NSEC3 1 1 12 aabbccdd ( b4um86eghhds6nea196smvmlo4ors995 NS DS RRSIG )
+35mthgpgcu1qg68fab165klnsnk3dpvl.example. RRSIG   NSEC3 7 2 3600 20150420235959 20051021000000 ( 40430 example.  g6jPUUpduAJKRljUsN8gB4UagAX0NxY9shwQ Aynzo8EUWH+z6hEIBlUTPGj15eZll6VhQqgZ XtAIR3chwgW+SA== )
+
+;; NSEC3 RR that matches the closest encloser (example)
+;; H(example) = 0p9mhaveqvm6t7vbl5lop2u3t2rp3tom
+0p9mhaveqvm6t7vbl5lop2u3t2rp3tom.example. NSEC3 1 1 12 aabbccdd ( 2t7b4g4vsa5smi47k61mv5bv1a22bojr MX DNSKEY NS SOA NSEC3PARAM RRSIG )
+0p9mhaveqvm6t7vbl5lop2u3t2rp3tom.example. RRSIG   NSEC3 7 2 3600 20150420235959 20051021000000 ( 40430 example.  OSgWSm26B+cS+dDL8b5QrWr/dEWhtCsKlwKL IBHYH6blRxK9rC0bMJPwQ4mLIuw85H2EY762 BOCXJZMnpuwhpA== )
+
+SECTION ADDITIONAL
+ns1.c.example. A       192.0.2.7
+ns2.c.example. A       192.0.2.8
+
+ENTRY_END
+
+
+; DS must be gotten from neg cache
+; ENTRY_BEGIN
+; MATCH opcode qtype qname
+; ADJUST copy_id
+; REPLY QR AA DO NOERROR
+; SECTION QUESTION
+; c.example.       IN DS
+; SECTION AUTHORITY
+; ;; NSEC3 RR that covers the "next closer" name (c.example)
+; ;; H(c.example) = 4g6p9u5gvfshp30pqecj98b3maqbn1ck
+; 35mthgpgcu1qg68fab165klnsnk3dpvl.example. NSEC3 1 1 12 aabbccdd ( b4um86eghhds6nea196smvmlo4ors995 NS DS RRSIG )
+; 35mthgpgcu1qg68fab165klnsnk3dpvl.example. RRSIG   NSEC3 7 2 3600 20150420235959 20051021000000 ( 40430 example.  g6jPUUpduAJKRljUsN8gB4UagAX0NxY9shwQ Aynzo8EUWH+z6hEIBlUTPGj15eZll6VhQqgZ XtAIR3chwgW+SA== )
+; 
+; ;; NSEC3 RR that matches the closest encloser (example)
+; ;; H(example) = 0p9mhaveqvm6t7vbl5lop2u3t2rp3tom
+; 0p9mhaveqvm6t7vbl5lop2u3t2rp3tom.example. NSEC3 1 1 12 aabbccdd ( 2t7b4g4vsa5smi47k61mv5bv1a22bojr MX DNSKEY NS SOA NSEC3PARAM RRSIG )
+; 0p9mhaveqvm6t7vbl5lop2u3t2rp3tom.example. RRSIG   NSEC3 7 2 3600 20150420235959 20051021000000 ( 40430 example.  OSgWSm26B+cS+dDL8b5QrWr/dEWhtCsKlwKL IBHYH6blRxK9rC0bMJPwQ4mLIuw85H2EY762 BOCXJZMnpuwhpA== )
+; ENTRY_END
+
+RANGE_END
+
+; ns1.c.example.
+RANGE_BEGIN 0 100
+	ADDRESS 192.0.2.7
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR AA NOERROR
+SECTION QUESTION
+c.example.       IN NS
+SECTION ANSWER
+c.example.	NS      ns1.c.example.
+c.example. 	NS      ns2.c.example.
+SECTION ADDITIONAL
+ns1.c.example. A       192.0.2.7
+ns2.c.example. A       192.0.2.8
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR AA NOERROR
+SECTION QUESTION
+mc.c.example.       IN MX
+SECTION ANSWER
+mc.c.example.       IN MX 50 mx.c.example.
+SECTION AUTHORITY
+c.example.	NS      ns1.c.example.
+c.example. 	NS      ns2.c.example.
+SECTION ADDITIONAL
+ns1.c.example. A       192.0.2.7
+ns2.c.example. A       192.0.2.8
+ENTRY_END
+RANGE_END
+
+; ns2.c.example.
+RANGE_BEGIN 0 100
+	ADDRESS 192.0.2.8
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR AA NOERROR
+SECTION QUESTION
+c.example.       IN NS
+SECTION ANSWER
+c.example.	NS      ns1.c.example.
+c.example. 	NS      ns2.c.example.
+SECTION ADDITIONAL
+ns1.c.example. A       192.0.2.7
+ns2.c.example. A       192.0.2.8
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR AA NOERROR
+SECTION QUESTION
+mc.c.example.       IN MX
+SECTION ANSWER
+mc.c.example.       IN MX 50 mx.c.example.
+SECTION AUTHORITY
+c.example.	NS      ns1.c.example.
+c.example. 	NS      ns2.c.example.
+SECTION ADDITIONAL
+ns1.c.example. A       192.0.2.7
+ns2.c.example. A       192.0.2.8
+ENTRY_END
+RANGE_END
+
+
+STEP 1 QUERY
+ENTRY_BEGIN
+REPLY RD DO
+SECTION QUESTION
+mc.c.example.       IN MX
+ENTRY_END
+
+; recursion happens here.
+STEP 10 CHECK_ANSWER
+ENTRY_BEGIN
+MATCH all
+REPLY QR RD RA DO NOERROR
+SECTION QUESTION
+mc.c.example.       IN MX
+SECTION ANSWER
+mc.c.example.       IN MX 50 mx.c.example.
+SECTION AUTHORITY
+c.example.	NS      ns1.c.example.
+c.example. 	NS      ns2.c.example.
+SECTION ADDITIONAL
+ns1.c.example. A       192.0.2.7
+ns2.c.example. A       192.0.2.8
+ENTRY_END
+
+SCENARIO_END
diff --git a/src/test/resources/unbound/val_nsec3_b3_optout_noce.rpl b/src/test/resources/unbound/val_nsec3_b3_optout_noce.rpl
new file mode 100644
index 000000000..c078ed95a
--- /dev/null
+++ b/src/test/resources/unbound/val_nsec3_b3_optout_noce.rpl
@@ -0,0 +1,256 @@
+; config options
+server:
+        trust-anchor: "example. DNSKEY  257 3 7 AwEAAcUlFV1vhmqx6NSOUOq2R/dsR7Xm3upJ ( j7IommWSpJABVfW8Q0rOvXdM6kzt+TAu92L9 AbsUdblMFin8CVF3n4s= )"
+	val-override-date: "20120420235959"
+	target-fetch-policy: "0 0 0 0 0"
+	qname-minimisation: "no"
+	fake-sha1: yes
+	val-min-rsa-size: 512
+	trust-anchor-signaling: no
+
+stub-zone:
+	name: "."
+	stub-addr: 193.0.14.129 	# K.ROOT-SERVERS.NET.
+CONFIG_END
+
+SCENARIO_BEGIN Test validator NSEC3 B.3 optout unsigned, without ce.
+
+; K.ROOT-SERVERS.NET.
+RANGE_BEGIN 0 100
+	ADDRESS 193.0.14.129
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+. IN NS
+SECTION ANSWER
+. IN NS	K.ROOT-SERVERS.NET.
+SECTION ADDITIONAL
+K.ROOT-SERVERS.NET.	IN	A	193.0.14.129
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode subdomain
+ADJUST copy_id copy_query
+REPLY QR NOERROR
+SECTION QUESTION
+example. IN A
+SECTION AUTHORITY
+example.	IN NS	ns1.example.
+; leave out to make unbound take ns1
+;example.	IN NS	ns2.example.
+SECTION ADDITIONAL
+ns1.example.	IN A 192.0.2.1
+; leave out to make unbound take ns1
+;ns2.example.	IN A 192.0.2.2
+ENTRY_END
+RANGE_END
+
+; ns1.example.
+RANGE_BEGIN 0 100
+	ADDRESS 192.0.2.1
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id copy_query
+REPLY QR REFUSED
+SECTION QUESTION
+ns1.example. IN A
+SECTION ANSWER
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id copy_query
+REPLY QR REFUSED
+SECTION QUESTION
+ns1.example. IN AAAA
+SECTION ANSWER
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id copy_query
+REPLY QR REFUSED
+SECTION QUESTION
+example. IN NS
+SECTION ANSWER
+ENTRY_END
+
+; response to DNSKEY priming query
+
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+example. IN DNSKEY
+SECTION ANSWER
+example. DNSKEY  256 3 7 AwEAAaetidLzsKWUt4swWR8yu0wPHPiUi8LU ( sAD0QPWU+wzt89epO6tHzkMBVDkC7qphQO2h TY4hHn9npWFRw5BYubE= )
+example. DNSKEY  257 3 7 AwEAAcUlFV1vhmqx6NSOUOq2R/dsR7Xm3upJ ( j7IommWSpJABVfW8Q0rOvXdM6kzt+TAu92L9 AbsUdblMFin8CVF3n4s= )
+example. RRSIG   DNSKEY 7 1 3600 20150420235959 ( 20051021000000 12708 example.  AuU4juU9RaxescSmStrQks3Gh9FblGBlVU31 uzMZ/U/FpsUb8aC6QZS+sTsJXnLnz7flGOsm MGQZf3bH+QsCtg== )
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR AA DO NOERROR
+SECTION QUESTION
+c.example.       IN DS
+SECTION AUTHORITY
+;; NSEC3 RR that covers the "next closer" name (c.example)
+;; H(c.example) = 4g6p9u5gvfshp30pqecj98b3maqbn1ck
+35mthgpgcu1qg68fab165klnsnk3dpvl.example. NSEC3 1 1 12 aabbccdd ( b4um86eghhds6nea196smvmlo4ors995 NS DS RRSIG )
+35mthgpgcu1qg68fab165klnsnk3dpvl.example. RRSIG   NSEC3 7 2 3600 20150420235959 20051021000000 ( 40430 example.  g6jPUUpduAJKRljUsN8gB4UagAX0NxY9shwQ Aynzo8EUWH+z6hEIBlUTPGj15eZll6VhQqgZ XtAIR3chwgW+SA== )
+
+;; NSEC3 RR that matches the closest encloser (example)
+;; H(example) = 0p9mhaveqvm6t7vbl5lop2u3t2rp3tom
+;0p9mhaveqvm6t7vbl5lop2u3t2rp3tom.example. NSEC3 1 1 12 aabbccdd ( 2t7b4g4vsa5smi47k61mv5bv1a22bojr MX DNSKEY NS SOA NSEC3PARAM RRSIG )
+;0p9mhaveqvm6t7vbl5lop2u3t2rp3tom.example. RRSIG   NSEC3 7 2 3600 20150420235959 20051021000000 ( 40430 example.  OSgWSm26B+cS+dDL8b5QrWr/dEWhtCsKlwKL IBHYH6blRxK9rC0bMJPwQ4mLIuw85H2EY762 BOCXJZMnpuwhpA== )
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode subdomain
+ADJUST copy_id copy_query
+REPLY QR AA DO NOERROR
+SECTION QUESTION
+c.example.       IN MX
+SECTION AUTHORITY
+c.example.	NS      ns1.c.example.
+c.example. 	NS      ns2.c.example.
+
+;; NSEC3 RR that covers the "next closer" name (c.example)
+;; H(c.example) = 4g6p9u5gvfshp30pqecj98b3maqbn1ck
+35mthgpgcu1qg68fab165klnsnk3dpvl.example. NSEC3 1 1 12 aabbccdd ( b4um86eghhds6nea196smvmlo4ors995 NS DS RRSIG )
+35mthgpgcu1qg68fab165klnsnk3dpvl.example. RRSIG   NSEC3 7 2 3600 20150420235959 20051021000000 ( 40430 example.  g6jPUUpduAJKRljUsN8gB4UagAX0NxY9shwQ Aynzo8EUWH+z6hEIBlUTPGj15eZll6VhQqgZ XtAIR3chwgW+SA== )
+
+;; NSEC3 RR that matches the closest encloser (example)
+;; H(example) = 0p9mhaveqvm6t7vbl5lop2u3t2rp3tom
+; 0p9mhaveqvm6t7vbl5lop2u3t2rp3tom.example. NSEC3 1 1 12 aabbccdd ( 2t7b4g4vsa5smi47k61mv5bv1a22bojr MX DNSKEY NS SOA NSEC3PARAM RRSIG )
+; 0p9mhaveqvm6t7vbl5lop2u3t2rp3tom.example. RRSIG   NSEC3 7 2 3600 20150420235959 20051021000000 ( 40430 example.  OSgWSm26B+cS+dDL8b5QrWr/dEWhtCsKlwKL IBHYH6blRxK9rC0bMJPwQ4mLIuw85H2EY762 BOCXJZMnpuwhpA== )
+
+SECTION ADDITIONAL
+ns1.c.example. A       192.0.2.7
+ns2.c.example. A       192.0.2.8
+
+ENTRY_END
+RANGE_END
+
+; ns1.c.example.
+RANGE_BEGIN 0 100
+	ADDRESS 192.0.2.7
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR AA REFUSED
+SECTION QUESTION
+ns1.c.example.       IN AAAA
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR AA REFUSED
+SECTION QUESTION
+ns2.c.example.       IN AAAA
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR AA NOERROR
+SECTION QUESTION
+c.example.       IN NS
+SECTION ANSWER
+c.example.	NS      ns1.c.example.
+c.example. 	NS      ns2.c.example.
+SECTION ADDITIONAL
+ns1.c.example. A       192.0.2.7
+ns2.c.example. A       192.0.2.8
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR AA NOERROR
+SECTION QUESTION
+mc.c.example.       IN MX
+SECTION ANSWER
+mc.c.example.       IN MX 50 mx.c.example.
+SECTION AUTHORITY
+c.example.	NS      ns1.c.example.
+c.example. 	NS      ns2.c.example.
+SECTION ADDITIONAL
+ns1.c.example. A       192.0.2.7
+ns2.c.example. A       192.0.2.8
+ENTRY_END
+RANGE_END
+
+; ns2.c.example.
+RANGE_BEGIN 0 100
+	ADDRESS 192.0.2.8
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR AA REFUSED
+SECTION QUESTION
+ns1.c.example.       IN AAAA
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR AA REFUSED
+SECTION QUESTION
+ns2.c.example.       IN AAAA
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR AA NOERROR
+SECTION QUESTION
+c.example.       IN NS
+SECTION ANSWER
+c.example.	NS      ns1.c.example.
+c.example. 	NS      ns2.c.example.
+SECTION ADDITIONAL
+ns1.c.example. A       192.0.2.7
+ns2.c.example. A       192.0.2.8
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR AA NOERROR
+SECTION QUESTION
+mc.c.example.       IN MX
+SECTION ANSWER
+mc.c.example.       IN MX 50 mx.c.example.
+SECTION AUTHORITY
+c.example.	NS      ns1.c.example.
+c.example. 	NS      ns2.c.example.
+SECTION ADDITIONAL
+ns1.c.example. A       192.0.2.7
+ns2.c.example. A       192.0.2.8
+ENTRY_END
+RANGE_END
+
+
+STEP 1 QUERY
+ENTRY_BEGIN
+REPLY RD
+SECTION QUESTION
+mc.c.example.       IN MX
+ENTRY_END
+
+; recursion happens here.
+STEP 10 CHECK_ANSWER
+ENTRY_BEGIN
+MATCH all
+REPLY QR RD RA SERVFAIL
+SECTION QUESTION
+mc.c.example.       IN MX
+ENTRY_END
+
+SCENARIO_END
diff --git a/src/test/resources/unbound/val_nsec3_b3_optout_nonc.rpl b/src/test/resources/unbound/val_nsec3_b3_optout_nonc.rpl
new file mode 100644
index 000000000..dd84f48b3
--- /dev/null
+++ b/src/test/resources/unbound/val_nsec3_b3_optout_nonc.rpl
@@ -0,0 +1,257 @@
+; config options
+server:
+        trust-anchor: "example. DNSKEY  257 3 7 AwEAAcUlFV1vhmqx6NSOUOq2R/dsR7Xm3upJ ( j7IommWSpJABVfW8Q0rOvXdM6kzt+TAu92L9 AbsUdblMFin8CVF3n4s= )"
+	val-override-date: "20120420235959"
+	target-fetch-policy: "0 0 0 0 0"
+	qname-minimisation: "no"
+	fake-sha1: yes
+	val-min-rsa-size: 512
+	trust-anchor-signaling: no
+
+stub-zone:
+	name: "."
+	stub-addr: 193.0.14.129 	# K.ROOT-SERVERS.NET.
+CONFIG_END
+
+SCENARIO_BEGIN Test validator NSEC3 B.3 optout unsigned, without nc.
+
+; K.ROOT-SERVERS.NET.
+RANGE_BEGIN 0 100
+	ADDRESS 193.0.14.129
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+. IN NS
+SECTION ANSWER
+. IN NS	K.ROOT-SERVERS.NET.
+SECTION ADDITIONAL
+K.ROOT-SERVERS.NET.	IN	A	193.0.14.129
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode subdomain
+ADJUST copy_id copy_query
+REPLY QR NOERROR
+SECTION QUESTION
+example. IN A
+SECTION AUTHORITY
+example.	IN NS	ns1.example.
+; leave out to make unbound take ns1
+;example.	IN NS	ns2.example.
+SECTION ADDITIONAL
+ns1.example.	IN A 192.0.2.1
+; leave out to make unbound take ns1
+;ns2.example.	IN A 192.0.2.2
+ENTRY_END
+RANGE_END
+
+; ns1.example.
+RANGE_BEGIN 0 100
+	ADDRESS 192.0.2.1
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id copy_query
+REPLY QR REFUSED
+SECTION QUESTION
+ns1.example. IN A
+SECTION ANSWER
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id copy_query
+REPLY QR REFUSED
+SECTION QUESTION
+ns1.example. IN AAAA
+SECTION ANSWER
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id copy_query
+REPLY QR REFUSED
+SECTION QUESTION
+example. IN NS
+SECTION ANSWER
+ENTRY_END
+
+; response to DNSKEY priming query
+
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+example. IN DNSKEY
+SECTION ANSWER
+example. DNSKEY  256 3 7 AwEAAaetidLzsKWUt4swWR8yu0wPHPiUi8LU ( sAD0QPWU+wzt89epO6tHzkMBVDkC7qphQO2h TY4hHn9npWFRw5BYubE= )
+example. DNSKEY  257 3 7 AwEAAcUlFV1vhmqx6NSOUOq2R/dsR7Xm3upJ ( j7IommWSpJABVfW8Q0rOvXdM6kzt+TAu92L9 AbsUdblMFin8CVF3n4s= )
+example. RRSIG   DNSKEY 7 1 3600 20150420235959 ( 20051021000000 12708 example.  AuU4juU9RaxescSmStrQks3Gh9FblGBlVU31 uzMZ/U/FpsUb8aC6QZS+sTsJXnLnz7flGOsm MGQZf3bH+QsCtg== )
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR AA DO NOERROR
+SECTION QUESTION
+c.example.       IN DS
+SECTION AUTHORITY
+;; NSEC3 RR that covers the "next closer" name (c.example)
+;; H(c.example) = 4g6p9u5gvfshp30pqecj98b3maqbn1ck
+;35mthgpgcu1qg68fab165klnsnk3dpvl.example. NSEC3 1 1 12 aabbccdd ( b4um86eghhds6nea196smvmlo4ors995 NS DS RRSIG )
+;35mthgpgcu1qg68fab165klnsnk3dpvl.example. RRSIG   NSEC3 7 2 3600 20150420235959 20051021000000 ( 40430 example.  g6jPUUpduAJKRljUsN8gB4UagAX0NxY9shwQ Aynzo8EUWH+z6hEIBlUTPGj15eZll6VhQqgZ XtAIR3chwgW+SA== )
+
+;; NSEC3 RR that matches the closest encloser (example)
+;; H(example) = 0p9mhaveqvm6t7vbl5lop2u3t2rp3tom
+0p9mhaveqvm6t7vbl5lop2u3t2rp3tom.example. NSEC3 1 1 12 aabbccdd ( 2t7b4g4vsa5smi47k61mv5bv1a22bojr MX DNSKEY NS SOA NSEC3PARAM RRSIG )
+0p9mhaveqvm6t7vbl5lop2u3t2rp3tom.example. RRSIG   NSEC3 7 2 3600 20150420235959 20051021000000 ( 40430 example.  OSgWSm26B+cS+dDL8b5QrWr/dEWhtCsKlwKL IBHYH6blRxK9rC0bMJPwQ4mLIuw85H2EY762 BOCXJZMnpuwhpA== )
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode subdomain
+ADJUST copy_id copy_query
+REPLY QR AA DO NOERROR
+SECTION QUESTION
+c.example.       IN MX
+SECTION AUTHORITY
+c.example.	NS      ns1.c.example.
+c.example. 	NS      ns2.c.example.
+
+;; NSEC3 RR that covers the "next closer" name (c.example)
+;; H(c.example) = 4g6p9u5gvfshp30pqecj98b3maqbn1ck
+; 35mthgpgcu1qg68fab165klnsnk3dpvl.example. NSEC3 1 1 12 aabbccdd ( b4um86eghhds6nea196smvmlo4ors995 NS DS RRSIG )
+; 35mthgpgcu1qg68fab165klnsnk3dpvl.example. RRSIG   NSEC3 7 2 3600 20150420235959 20051021000000 ( 40430 example.  g6jPUUpduAJKRljUsN8gB4UagAX0NxY9shwQ Aynzo8EUWH+z6hEIBlUTPGj15eZll6VhQqgZ XtAIR3chwgW+SA== )
+
+;; NSEC3 RR that matches the closest encloser (example)
+;; H(example) = 0p9mhaveqvm6t7vbl5lop2u3t2rp3tom
+0p9mhaveqvm6t7vbl5lop2u3t2rp3tom.example. NSEC3 1 1 12 aabbccdd ( 2t7b4g4vsa5smi47k61mv5bv1a22bojr MX DNSKEY NS SOA NSEC3PARAM RRSIG )
+0p9mhaveqvm6t7vbl5lop2u3t2rp3tom.example. RRSIG   NSEC3 7 2 3600 20150420235959 20051021000000 ( 40430 example.  OSgWSm26B+cS+dDL8b5QrWr/dEWhtCsKlwKL IBHYH6blRxK9rC0bMJPwQ4mLIuw85H2EY762 BOCXJZMnpuwhpA== )
+
+SECTION ADDITIONAL
+ns1.c.example. A       192.0.2.7
+ns2.c.example. A       192.0.2.8
+
+ENTRY_END
+
+RANGE_END
+
+; ns1.c.example.
+RANGE_BEGIN 0 100
+	ADDRESS 192.0.2.7
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR AA REFUSED
+SECTION QUESTION
+ns1.c.example.       IN AAAA
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR AA REFUSED
+SECTION QUESTION
+ns2.c.example.       IN AAAA
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR AA NOERROR
+SECTION QUESTION
+c.example.       IN NS
+SECTION ANSWER
+c.example.	NS      ns1.c.example.
+c.example. 	NS      ns2.c.example.
+SECTION ADDITIONAL
+ns1.c.example. A       192.0.2.7
+ns2.c.example. A       192.0.2.8
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR AA NOERROR
+SECTION QUESTION
+mc.c.example.       IN MX
+SECTION ANSWER
+mc.c.example.       IN MX 50 mx.c.example.
+SECTION AUTHORITY
+c.example.	NS      ns1.c.example.
+c.example. 	NS      ns2.c.example.
+SECTION ADDITIONAL
+ns1.c.example. A       192.0.2.7
+ns2.c.example. A       192.0.2.8
+ENTRY_END
+RANGE_END
+
+; ns2.c.example.
+RANGE_BEGIN 0 100
+	ADDRESS 192.0.2.8
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR AA REFUSED
+SECTION QUESTION
+ns1.c.example.       IN AAAA
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR AA REFUSED
+SECTION QUESTION
+ns2.c.example.       IN AAAA
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR AA NOERROR
+SECTION QUESTION
+c.example.       IN NS
+SECTION ANSWER
+c.example.	NS      ns1.c.example.
+c.example. 	NS      ns2.c.example.
+SECTION ADDITIONAL
+ns1.c.example. A       192.0.2.7
+ns2.c.example. A       192.0.2.8
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR AA NOERROR
+SECTION QUESTION
+mc.c.example.       IN MX
+SECTION ANSWER
+mc.c.example.       IN MX 50 mx.c.example.
+SECTION AUTHORITY
+c.example.	NS      ns1.c.example.
+c.example. 	NS      ns2.c.example.
+SECTION ADDITIONAL
+ns1.c.example. A       192.0.2.7
+ns2.c.example. A       192.0.2.8
+ENTRY_END
+RANGE_END
+
+
+STEP 1 QUERY
+ENTRY_BEGIN
+REPLY RD
+SECTION QUESTION
+mc.c.example.       IN MX
+ENTRY_END
+
+; recursion happens here.
+STEP 10 CHECK_ANSWER
+ENTRY_BEGIN
+MATCH all
+REPLY QR RD RA SERVFAIL
+SECTION QUESTION
+mc.c.example.       IN MX
+ENTRY_END
+
+SCENARIO_END
diff --git a/src/test/resources/unbound/val_nsec3_b4_wild.rpl b/src/test/resources/unbound/val_nsec3_b4_wild.rpl
new file mode 100644
index 000000000..8efec7ede
--- /dev/null
+++ b/src/test/resources/unbound/val_nsec3_b4_wild.rpl
@@ -0,0 +1,156 @@
+; config options
+server:
+        trust-anchor: "example. DNSKEY  257 3 7 AwEAAcUlFV1vhmqx6NSOUOq2R/dsR7Xm3upJ ( j7IommWSpJABVfW8Q0rOvXdM6kzt+TAu92L9 AbsUdblMFin8CVF3n4s= )"
+	val-override-date: "20120420235959"
+	target-fetch-policy: "0 0 0 0 0"
+	qname-minimisation: "no"
+	fake-sha1: yes
+	val-min-rsa-size: 512
+	trust-anchor-signaling: no
+
+stub-zone:
+	name: "."
+	stub-addr: 193.0.14.129 	# K.ROOT-SERVERS.NET.
+CONFIG_END
+
+SCENARIO_BEGIN Test validator NSEC3 B.4 wildcard expansion.
+
+; K.ROOT-SERVERS.NET.
+RANGE_BEGIN 0 100
+	ADDRESS 193.0.14.129
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+. IN NS
+SECTION ANSWER
+. IN NS	K.ROOT-SERVERS.NET.
+SECTION ADDITIONAL
+K.ROOT-SERVERS.NET.	IN	A	193.0.14.129
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode
+ADJUST copy_id copy_query
+REPLY QR NOERROR
+SECTION QUESTION
+. IN A
+SECTION AUTHORITY
+example.	IN NS	ns1.example.
+; leave out to make unbound take ns1
+;example.	IN NS	ns2.example.
+SECTION ADDITIONAL
+ns1.example.	IN A 192.0.2.1
+; leave out to make unbound take ns1
+;ns2.example.	IN A 192.0.2.2
+ENTRY_END
+RANGE_END
+
+; ns1.example.
+RANGE_BEGIN 0 100
+	ADDRESS 192.0.2.1
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id copy_query
+REPLY QR REFUSED
+SECTION QUESTION
+example. IN NS
+SECTION ANSWER
+ENTRY_END
+
+; response to DNSKEY priming query
+
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+example. IN DNSKEY
+SECTION ANSWER
+example. DNSKEY  256 3 7 AwEAAaetidLzsKWUt4swWR8yu0wPHPiUi8LU ( sAD0QPWU+wzt89epO6tHzkMBVDkC7qphQO2h TY4hHn9npWFRw5BYubE= )
+example. DNSKEY  257 3 7 AwEAAcUlFV1vhmqx6NSOUOq2R/dsR7Xm3upJ ( j7IommWSpJABVfW8Q0rOvXdM6kzt+TAu92L9 AbsUdblMFin8CVF3n4s= )
+example. RRSIG   DNSKEY 7 1 3600 20150420235959 ( 20051021000000 12708 example.  AuU4juU9RaxescSmStrQks3Gh9FblGBlVU31 uzMZ/U/FpsUb8aC6QZS+sTsJXnLnz7flGOsm MGQZf3bH+QsCtg== )
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR AA DO NOERROR
+SECTION QUESTION
+a.z.w.example. IN MX
+SECTION ANSWER
+a.z.w.example. MX      1 ai.example.
+a.z.w.example. RRSIG   MX 7 2 3600 20150420235959 20051021000000 ( 40430 example.  CikebjQwGQPwijVcxgcZcSJKtfynugtlBiKb 9FcBTrmOoyQ4InoWVudhCWsh/URX3lc4WRUM ivEBP6+4KS3ldA== )
+SECTION AUTHORITY
+example.       NS      ns1.example.
+example.       NS      ns2.example.
+example. RRSIG   NS 7 1 3600 20150420235959 20051021000000 ( 40430 example.  PVOgtMK1HHeSTau+HwDWC8Ts+6C8qtqd4pQJ qOtdEVgg+MA+ai4fWDEhu3qHJyLcQ9tbD2vv CnMXjtz6SyObxA== )
+
+;; NSEC3 RR that covers the "next closer" name (z.w.example)
+;; H(z.w.example) = qlu7gtfaeh0ek0c05ksfhdpbcgglbe03
+q04jkcevqvmu85r014c7dkba38o0ji5r.example. NSEC3 1 1 12 aabbccdd ( r53bq7cc2uvmubfu5ocmm6pers9tk9en A RRSIG )
+q04jkcevqvmu85r014c7dkba38o0ji5r.example. RRSIG   NSEC3 7 2 3600 20150420235959 20051021000000 ( 40430 example.  hV5I89b+4FHJDATp09g4bbN0R1F845CaXpL3 ZxlMKimoPAyqletMlEWwLfFia7sdpSzn+ZlN NlkxWcLsIlMmUg== )
+
+SECTION ADDITIONAL
+ai.example.    A       192.0.2.9
+ai.example.    RRSIG   A 7 2 3600 20150420235959 20051021000000 ( 40430 example.  hVe+wKYMlObTRPhX0NL67GxeZfdxqr/QeR6F tfdAj5+FgYxyzPEjIzvKWy00hWIl6wD3Vws+ rznEn8sQ64UdqA== )
+ai.example.    AAAA    2001:db8:0:0:0:0:f00:baa9
+ai.example.    RRSIG   AAAA 7 2 3600 20150420235959 20051021000000 ( 40430 example.  LcdxKaCB5bGZwPDg+3JJ4O02zoMBrjxqlf6W uaHQZZfTUpb9Nf2nxFGe2XRPfR5tpJT6GdRG cHueLuXkMjBArQ== )
+ENTRY_END
+
+; catch glue queries
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR AA DO NOERROR
+SECTION QUESTION
+ns2.example. IN      A
+SECTION ANSWER
+; nothing to make sure the ns1 server is used for queries.
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR AA DO NOERROR
+SECTION QUESTION
+ns2.example. IN      AAAA
+SECTION ANSWER
+; nothing to make sure the ns1 server is used for queries.
+ENTRY_END
+
+
+RANGE_END
+
+STEP 1 QUERY
+ENTRY_BEGIN
+REPLY RD DO
+SECTION QUESTION
+a.z.w.example. IN MX
+ENTRY_END
+
+; recursion happens here.
+STEP 10 CHECK_ANSWER
+ENTRY_BEGIN
+MATCH all
+REPLY QR RD RA DO NOERROR
+SECTION QUESTION
+a.z.w.example. IN MX
+SECTION ANSWER
+a.z.w.example. MX      1 ai.example.
+a.z.w.example. RRSIG   MX 7 2 3600 20150420235959 20051021000000 ( 40430 example.  CikebjQwGQPwijVcxgcZcSJKtfynugtlBiKb 9FcBTrmOoyQ4InoWVudhCWsh/URX3lc4WRUM ivEBP6+4KS3ldA== )
+SECTION AUTHORITY
+example.       NS      ns1.example.
+example.       NS      ns2.example.
+example. RRSIG   NS 7 1 3600 20150420235959 20051021000000 ( 40430 example.  PVOgtMK1HHeSTau+HwDWC8Ts+6C8qtqd4pQJ qOtdEVgg+MA+ai4fWDEhu3qHJyLcQ9tbD2vv CnMXjtz6SyObxA== )
+q04jkcevqvmu85r014c7dkba38o0ji5r.example. NSEC3 1 1 12 aabbccdd ( r53bq7cc2uvmubfu5ocmm6pers9tk9en A RRSIG )
+q04jkcevqvmu85r014c7dkba38o0ji5r.example. RRSIG   NSEC3 7 2 3600 20150420235959 20051021000000 ( 40430 example.  hV5I89b+4FHJDATp09g4bbN0R1F845CaXpL3 ZxlMKimoPAyqletMlEWwLfFia7sdpSzn+ZlN NlkxWcLsIlMmUg== )
+
+SECTION ADDITIONAL
+ai.example.    A       192.0.2.9
+ai.example.    AAAA    2001:db8:0:0:0:0:f00:baa9
+ai.example.    RRSIG   A 7 2 3600 20150420235959 20051021000000 ( 40430 example.  hVe+wKYMlObTRPhX0NL67GxeZfdxqr/QeR6F tfdAj5+FgYxyzPEjIzvKWy00hWIl6wD3Vws+ rznEn8sQ64UdqA== )
+ai.example.    RRSIG   AAAA 7 2 3600 20150420235959 20051021000000 ( 40430 example.  LcdxKaCB5bGZwPDg+3JJ4O02zoMBrjxqlf6W uaHQZZfTUpb9Nf2nxFGe2XRPfR5tpJT6GdRG cHueLuXkMjBArQ== )
+ENTRY_END
+SCENARIO_END
diff --git a/src/test/resources/unbound/val_nsec3_b4_wild_wr.rpl b/src/test/resources/unbound/val_nsec3_b4_wild_wr.rpl
new file mode 100644
index 000000000..0ff070c8d
--- /dev/null
+++ b/src/test/resources/unbound/val_nsec3_b4_wild_wr.rpl
@@ -0,0 +1,167 @@
+; config options
+server:
+	trust-anchor: "example. DNSKEY  257 3 7 AwEAAcUlFV1vhmqx6NSOUOq2R/dsR7Xm3upJ ( j7IommWSpJABVfW8Q0rOvXdM6kzt+TAu92L9 AbsUdblMFin8CVF3n4s= )"
+	val-override-date: "20120420235959"
+	target-fetch-policy: "0 0 0 0 0"
+	qname-minimisation: "no"
+	fake-sha1: yes
+	val-min-rsa-size: 512
+	trust-anchor-signaling: no
+
+stub-zone:
+	name: "."
+	stub-addr: 193.0.14.129 	# K.ROOT-SERVERS.NET.
+CONFIG_END
+
+SCENARIO_BEGIN Test validator NSEC3 B.4 wildcard expansion, wrong NSEC3.
+
+; K.ROOT-SERVERS.NET.
+RANGE_BEGIN 0 100
+	ADDRESS 193.0.14.129
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+. IN NS
+SECTION ANSWER
+. IN NS	K.ROOT-SERVERS.NET.
+SECTION ADDITIONAL
+K.ROOT-SERVERS.NET.	IN	A	193.0.14.129
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode subdomain
+ADJUST copy_id copy_query
+REPLY QR NOERROR
+SECTION QUESTION
+example. IN A
+SECTION AUTHORITY
+example.	IN NS	ns1.example.
+; leave out to make unbound take ns1
+;example.	IN NS	ns2.example.
+SECTION ADDITIONAL
+ns1.example.	IN A 192.0.2.1
+; leave out to make unbound take ns1
+;ns2.example.	IN A 192.0.2.2
+ENTRY_END
+RANGE_END
+
+; ns1.example.
+RANGE_BEGIN 0 100
+	ADDRESS 192.0.2.1
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id copy_query
+REPLY QR REFUSED
+SECTION QUESTION
+ns1.example. IN A
+SECTION ANSWER
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id copy_query
+REPLY QR REFUSED
+SECTION QUESTION
+ns1.example. IN AAAA
+SECTION ANSWER
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id copy_query
+REPLY QR REFUSED
+SECTION QUESTION
+example. IN NS
+SECTION ANSWER
+ENTRY_END
+
+; response to DNSKEY priming query
+
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+example. IN DNSKEY
+SECTION ANSWER
+example. DNSKEY  256 3 7 AwEAAaetidLzsKWUt4swWR8yu0wPHPiUi8LU ( sAD0QPWU+wzt89epO6tHzkMBVDkC7qphQO2h TY4hHn9npWFRw5BYubE= )
+example. DNSKEY  257 3 7 AwEAAcUlFV1vhmqx6NSOUOq2R/dsR7Xm3upJ ( j7IommWSpJABVfW8Q0rOvXdM6kzt+TAu92L9 AbsUdblMFin8CVF3n4s= )
+example. RRSIG   DNSKEY 7 1 3600 20150420235959 ( 20051021000000 12708 example.  AuU4juU9RaxescSmStrQks3Gh9FblGBlVU31 uzMZ/U/FpsUb8aC6QZS+sTsJXnLnz7flGOsm MGQZf3bH+QsCtg== )
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR AA DO NOERROR
+SECTION QUESTION
+a.z.w.example. IN MX
+SECTION ANSWER
+a.z.w.example. MX      1 ai.example.
+a.z.w.example. RRSIG   MX 7 2 3600 20150420235959 20051021000000 ( 40430 example.  CikebjQwGQPwijVcxgcZcSJKtfynugtlBiKb 9FcBTrmOoyQ4InoWVudhCWsh/URX3lc4WRUM ivEBP6+4KS3ldA== )
+SECTION AUTHORITY
+example.       NS      ns1.example.
+example.       NS      ns2.example.
+example. RRSIG   NS 7 1 3600 20150420235959 20051021000000 ( 40430 example.  PVOgtMK1HHeSTau+HwDWC8Ts+6C8qtqd4pQJ qOtdEVgg+MA+ai4fWDEhu3qHJyLcQ9tbD2vv CnMXjtz6SyObxA== )
+
+;; NSEC3 RR that covers the "next closer" name (z.w.example)
+;; H(z.w.example) = qlu7gtfaeh0ek0c05ksfhdpbcgglbe03
+;q04jkcevqvmu85r014c7dkba38o0ji5r.example. NSEC3 1 1 12 aabbccdd ( r53bq7cc2uvmubfu5ocmm6pers9tk9en A RRSIG )
+;q04jkcevqvmu85r014c7dkba38o0ji5r.example. RRSIG   NSEC3 7 2 3600 20150420235959 20051021000000 ( 40430 example.  hV5I89b+4FHJDATp09g4bbN0R1F845CaXpL3 ZxlMKimoPAyqletMlEWwLfFia7sdpSzn+ZlN NlkxWcLsIlMmUg== )
+
+; The wrong NSEC3 here
+k8udemvp1j2f7eg6jebps17vp3n8i58h.example. NSEC3 1 1 12 aabbccdd ( kohar7mbb8dc2ce8a9qvl8hon4k53uhi )
+k8udemvp1j2f7eg6jebps17vp3n8i58h.example. RRSIG   NSEC3 7 2 3600 20150420235959 20051021000000 ( 40430 example.  FtXGbvF0+wf8iWkyo73enAuVx03klN+pILBK S6qCcftVtfH4yVzsEZquJ27NHR7ruxJWDNMt Otx7w9WfcIg62A== )
+
+SECTION ADDITIONAL
+ai.example.    A       192.0.2.9
+ai.example.    RRSIG   A 7 2 3600 20150420235959 20051021000000 ( 40430 example.  hVe+wKYMlObTRPhX0NL67GxeZfdxqr/QeR6F tfdAj5+FgYxyzPEjIzvKWy00hWIl6wD3Vws+ rznEn8sQ64UdqA== )
+ai.example.    AAAA    2001:db8:0:0:0:0:f00:baa9
+ai.example.    RRSIG   AAAA 7 2 3600 20150420235959 20051021000000 ( 40430 example.  LcdxKaCB5bGZwPDg+3JJ4O02zoMBrjxqlf6W uaHQZZfTUpb9Nf2nxFGe2XRPfR5tpJT6GdRG cHueLuXkMjBArQ== )
+ENTRY_END
+
+; catch glue queries
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR AA DO NOERROR
+SECTION QUESTION
+ns2.example. IN      A
+SECTION ANSWER
+; nothing to make sure the ns1 server is used for queries.
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR AA DO NOERROR
+SECTION QUESTION
+ns2.example. IN      AAAA
+SECTION ANSWER
+; nothing to make sure the ns1 server is used for queries.
+ENTRY_END
+
+
+RANGE_END
+
+STEP 1 QUERY
+ENTRY_BEGIN
+REPLY RD
+SECTION QUESTION
+a.z.w.example. IN MX
+ENTRY_END
+
+; recursion happens here.
+STEP 10 CHECK_ANSWER
+ENTRY_BEGIN
+MATCH all
+REPLY QR RD RA SERVFAIL
+SECTION QUESTION
+a.z.w.example. IN MX
+SECTION ANSWER
+SECTION AUTHORITY
+SECTION ADDITIONAL
+ENTRY_END
+
+SCENARIO_END
diff --git a/src/test/resources/unbound/val_nsec3_b5_wcnodata.rpl b/src/test/resources/unbound/val_nsec3_b5_wcnodata.rpl
new file mode 100644
index 000000000..64c7b67f6
--- /dev/null
+++ b/src/test/resources/unbound/val_nsec3_b5_wcnodata.rpl
@@ -0,0 +1,157 @@
+; config options
+server:
+        trust-anchor: "example. DNSKEY  257 3 7 AwEAAcUlFV1vhmqx6NSOUOq2R/dsR7Xm3upJ ( j7IommWSpJABVfW8Q0rOvXdM6kzt+TAu92L9 AbsUdblMFin8CVF3n4s= )"
+	val-override-date: "20120420235959"
+	target-fetch-policy: "0 0 0 0 0"
+	qname-minimisation: "no"
+	fake-sha1: yes
+	val-min-rsa-size: 512
+	trust-anchor-signaling: no
+
+stub-zone:
+	name: "."
+	stub-addr: 193.0.14.129 	# K.ROOT-SERVERS.NET.
+CONFIG_END
+
+SCENARIO_BEGIN Test validator NSEC3 B.5 wildcard nodata.
+
+; K.ROOT-SERVERS.NET.
+RANGE_BEGIN 0 100
+	ADDRESS 193.0.14.129
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+. IN NS
+SECTION ANSWER
+. IN NS	K.ROOT-SERVERS.NET.
+SECTION ADDITIONAL
+K.ROOT-SERVERS.NET.	IN	A	193.0.14.129
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode
+ADJUST copy_id copy_query
+REPLY QR NOERROR
+SECTION QUESTION
+. IN A
+SECTION AUTHORITY
+example.	IN NS	ns1.example.
+; leave out to make unbound take ns1
+;example.	IN NS	ns2.example.
+SECTION ADDITIONAL
+ns1.example.	IN A 192.0.2.1
+; leave out to make unbound take ns1
+;ns2.example.	IN A 192.0.2.2
+ENTRY_END
+RANGE_END
+
+; ns1.example.
+RANGE_BEGIN 0 100
+	ADDRESS 192.0.2.1
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id copy_query
+REPLY QR REFUSED
+SECTION QUESTION
+example. IN NS
+SECTION ANSWER
+ENTRY_END
+
+; response to DNSKEY priming query
+
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+example. IN DNSKEY
+SECTION ANSWER
+example. DNSKEY  256 3 7 AwEAAaetidLzsKWUt4swWR8yu0wPHPiUi8LU ( sAD0QPWU+wzt89epO6tHzkMBVDkC7qphQO2h TY4hHn9npWFRw5BYubE= )
+example. DNSKEY  257 3 7 AwEAAcUlFV1vhmqx6NSOUOq2R/dsR7Xm3upJ ( j7IommWSpJABVfW8Q0rOvXdM6kzt+TAu92L9 AbsUdblMFin8CVF3n4s= )
+example. RRSIG   DNSKEY 7 1 3600 20150420235959 ( 20051021000000 12708 example.  AuU4juU9RaxescSmStrQks3Gh9FblGBlVU31 uzMZ/U/FpsUb8aC6QZS+sTsJXnLnz7flGOsm MGQZf3bH+QsCtg== )
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR AA DO NOERROR
+SECTION QUESTION
+a.z.w.example.      IN AAAA
+SECTION ANSWER
+SECTION AUTHORITY
+example.       SOA     ns1.example. bugs.x.w.example. 1 3600 300 ( 3600000 3600 )
+example.        RRSIG   SOA 7 1 3600 20150420235959 20051021000000 ( 40430 example.  Hu25UIyNPmvPIVBrldN+9Mlp9Zql39qaUd8i q4ZLlYWfUUbbAS41pG+68z81q1xhkYAcEyHd VI2LmKusbZsT0Q== )
+
+;; NSEC3 RR that matches the closest encloser (w.example)
+;; H(w.example) = k8udemvp1j2f7eg6jebps17vp3n8i58h
+k8udemvp1j2f7eg6jebps17vp3n8i58h.example. NSEC3 1 1 12 aabbccdd ( kohar7mbb8dc2ce8a9qvl8hon4k53uhi )
+k8udemvp1j2f7eg6jebps17vp3n8i58h.example. RRSIG   NSEC3 7 2 3600 20150420235959 20051021000000 ( 40430 example.  FtXGbvF0+wf8iWkyo73enAuVx03klN+pILBK S6qCcftVtfH4yVzsEZquJ27NHR7ruxJWDNMt Otx7w9WfcIg62A== )
+
+;; NSEC3 RR that covers the "next closer" name (z.w.example)
+;; H(z.w.example) = qlu7gtfaeh0ek0c05ksfhdpbcgglbe03
+q04jkcevqvmu85r014c7dkba38o0ji5r.example. NSEC3 1 1 12 aabbccdd ( r53bq7cc2uvmubfu5ocmm6pers9tk9en A RRSIG )
+q04jkcevqvmu85r014c7dkba38o0ji5r.example. RRSIG   NSEC3 7 2 3600 20150420235959 20051021000000 ( 40430 example.  hV5I89b+4FHJDATp09g4bbN0R1F845CaXpL3 ZxlMKimoPAyqletMlEWwLfFia7sdpSzn+ZlN NlkxWcLsIlMmUg== )
+
+;; NSEC3 RR that matches a wildcard at the closest encloser.
+;; H(*.w.example) = r53bq7cc2uvmubfu5ocmm6pers9tk9en
+r53bq7cc2uvmubfu5ocmm6pers9tk9en.example. NSEC3 1 1 12 aabbccdd ( t644ebqk9bibcna874givr6joj62mlhv MX RRSIG )
+r53bq7cc2uvmubfu5ocmm6pers9tk9en.example. RRSIG   NSEC3 7 2 3600 20150420235959 20051021000000 ( 40430 example.  aupviViruXs4bDg9rCbezzBMf9h1ZlDvbW/C ZFKulIGXXLj8B/fsDJarXVDA9bnUoRhEbKp+ HF1FWKW7RIJdtQ== )
+
+SECTION ADDITIONAL
+ENTRY_END
+
+; catch glue queries
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR AA DO NOERROR
+SECTION QUESTION
+ns2.example. IN      A
+SECTION ANSWER
+; nothing to make sure the ns1 server is used for queries.
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR AA DO NOERROR
+SECTION QUESTION
+ns2.example. IN      AAAA
+SECTION ANSWER
+; nothing to make sure the ns1 server is used for queries.
+ENTRY_END
+
+
+RANGE_END
+
+STEP 1 QUERY
+ENTRY_BEGIN
+REPLY RD DO
+SECTION QUESTION
+a.z.w.example.      IN AAAA
+ENTRY_END
+
+; recursion happens here.
+STEP 10 CHECK_ANSWER
+ENTRY_BEGIN
+MATCH all
+REPLY QR RD RA DO NOERROR
+SECTION QUESTION
+a.z.w.example.      IN AAAA
+SECTION ANSWER
+SECTION AUTHORITY
+example.       SOA     ns1.example. bugs.x.w.example. 1 3600 300 ( 3600000 3600 )
+example.        RRSIG   SOA 7 1 3600 20150420235959 20051021000000 ( 40430 example.  Hu25UIyNPmvPIVBrldN+9Mlp9Zql39qaUd8i q4ZLlYWfUUbbAS41pG+68z81q1xhkYAcEyHd VI2LmKusbZsT0Q== )
+k8udemvp1j2f7eg6jebps17vp3n8i58h.example. NSEC3 1 1 12 aabbccdd ( kohar7mbb8dc2ce8a9qvl8hon4k53uhi )
+k8udemvp1j2f7eg6jebps17vp3n8i58h.example. RRSIG   NSEC3 7 2 3600 20150420235959 20051021000000 ( 40430 example.  FtXGbvF0+wf8iWkyo73enAuVx03klN+pILBK S6qCcftVtfH4yVzsEZquJ27NHR7ruxJWDNMt Otx7w9WfcIg62A== )
+q04jkcevqvmu85r014c7dkba38o0ji5r.example. NSEC3 1 1 12 aabbccdd ( r53bq7cc2uvmubfu5ocmm6pers9tk9en A RRSIG )
+q04jkcevqvmu85r014c7dkba38o0ji5r.example. RRSIG   NSEC3 7 2 3600 20150420235959 20051021000000 ( 40430 example.  hV5I89b+4FHJDATp09g4bbN0R1F845CaXpL3 ZxlMKimoPAyqletMlEWwLfFia7sdpSzn+ZlN NlkxWcLsIlMmUg== )
+r53bq7cc2uvmubfu5ocmm6pers9tk9en.example. NSEC3 1 1 12 aabbccdd ( t644ebqk9bibcna874givr6joj62mlhv MX RRSIG )
+r53bq7cc2uvmubfu5ocmm6pers9tk9en.example. RRSIG   NSEC3 7 2 3600 20150420235959 20051021000000 ( 40430 example.  aupviViruXs4bDg9rCbezzBMf9h1ZlDvbW/C ZFKulIGXXLj8B/fsDJarXVDA9bnUoRhEbKp+ HF1FWKW7RIJdtQ== )
+
+SECTION ADDITIONAL
+ENTRY_END
+
+SCENARIO_END
diff --git a/src/test/resources/unbound/val_nsec3_b5_wcnodata_noce.rpl b/src/test/resources/unbound/val_nsec3_b5_wcnodata_noce.rpl
new file mode 100644
index 000000000..77cb6c5f0
--- /dev/null
+++ b/src/test/resources/unbound/val_nsec3_b5_wcnodata_noce.rpl
@@ -0,0 +1,166 @@
+; config options
+server:
+        trust-anchor: "example. DNSKEY  257 3 7 AwEAAcUlFV1vhmqx6NSOUOq2R/dsR7Xm3upJ ( j7IommWSpJABVfW8Q0rOvXdM6kzt+TAu92L9 AbsUdblMFin8CVF3n4s= )"
+	val-override-date: "20120420235959"
+	target-fetch-policy: "0 0 0 0 0"
+	qname-minimisation: "no"
+	fake-sha1: yes
+	val-min-rsa-size: 512
+	trust-anchor-signaling: no
+
+stub-zone:
+	name: "."
+	stub-addr: 193.0.14.129 	# K.ROOT-SERVERS.NET.
+CONFIG_END
+
+SCENARIO_BEGIN Test validator NSEC3 B.5 wildcard nodata, without ce.
+
+; K.ROOT-SERVERS.NET.
+RANGE_BEGIN 0 100
+	ADDRESS 193.0.14.129
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+. IN NS
+SECTION ANSWER
+. IN NS	K.ROOT-SERVERS.NET.
+SECTION ADDITIONAL
+K.ROOT-SERVERS.NET.	IN	A	193.0.14.129
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode subdomain
+ADJUST copy_id copy_query
+REPLY QR NOERROR
+SECTION QUESTION
+example. IN A
+SECTION AUTHORITY
+example.	IN NS	ns1.example.
+; leave out to make unbound take ns1
+;example.	IN NS	ns2.example.
+SECTION ADDITIONAL
+ns1.example.	IN A 192.0.2.1
+; leave out to make unbound take ns1
+;ns2.example.	IN A 192.0.2.2
+ENTRY_END
+RANGE_END
+
+; ns1.example.
+RANGE_BEGIN 0 100
+	ADDRESS 192.0.2.1
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id copy_query
+REPLY QR REFUSED
+SECTION QUESTION
+ns1.example. IN A
+SECTION ANSWER
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id copy_query
+REPLY QR REFUSED
+SECTION QUESTION
+ns1.example. IN AAAA
+SECTION ANSWER
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id copy_query
+REPLY QR REFUSED
+SECTION QUESTION
+example. IN NS
+SECTION ANSWER
+ENTRY_END
+
+; response to DNSKEY priming query
+
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+example. IN DNSKEY
+SECTION ANSWER
+example. DNSKEY  256 3 7 AwEAAaetidLzsKWUt4swWR8yu0wPHPiUi8LU ( sAD0QPWU+wzt89epO6tHzkMBVDkC7qphQO2h TY4hHn9npWFRw5BYubE= )
+example. DNSKEY  257 3 7 AwEAAcUlFV1vhmqx6NSOUOq2R/dsR7Xm3upJ ( j7IommWSpJABVfW8Q0rOvXdM6kzt+TAu92L9 AbsUdblMFin8CVF3n4s= )
+example. RRSIG   DNSKEY 7 1 3600 20150420235959 ( 20051021000000 12708 example.  AuU4juU9RaxescSmStrQks3Gh9FblGBlVU31 uzMZ/U/FpsUb8aC6QZS+sTsJXnLnz7flGOsm MGQZf3bH+QsCtg== )
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR AA DO NOERROR
+SECTION QUESTION
+a.z.w.example.      IN AAAA
+SECTION ANSWER
+SECTION AUTHORITY
+example.       SOA     ns1.example. bugs.x.w.example. 1 3600 300 ( 3600000 3600 )
+example.        RRSIG   SOA 7 1 3600 20150420235959 20051021000000 ( 40430 example.  Hu25UIyNPmvPIVBrldN+9Mlp9Zql39qaUd8i q4ZLlYWfUUbbAS41pG+68z81q1xhkYAcEyHd VI2LmKusbZsT0Q== )
+
+;; NSEC3 RR that matches the closest encloser (w.example)
+;; H(w.example) = k8udemvp1j2f7eg6jebps17vp3n8i58h
+;k8udemvp1j2f7eg6jebps17vp3n8i58h.example. NSEC3 1 1 12 aabbccdd ( kohar7mbb8dc2ce8a9qvl8hon4k53uhi )
+;k8udemvp1j2f7eg6jebps17vp3n8i58h.example. RRSIG   NSEC3 7 2 3600 20150420235959 20051021000000 ( 40430 example.  FtXGbvF0+wf8iWkyo73enAuVx03klN+pILBK S6qCcftVtfH4yVzsEZquJ27NHR7ruxJWDNMt Otx7w9WfcIg62A== )
+
+;; NSEC3 RR that covers the "next closer" name (z.w.example)
+;; H(z.w.example) = qlu7gtfaeh0ek0c05ksfhdpbcgglbe03
+q04jkcevqvmu85r014c7dkba38o0ji5r.example. NSEC3 1 1 12 aabbccdd ( r53bq7cc2uvmubfu5ocmm6pers9tk9en A RRSIG )
+q04jkcevqvmu85r014c7dkba38o0ji5r.example. RRSIG   NSEC3 7 2 3600 20150420235959 20051021000000 ( 40430 example.  hV5I89b+4FHJDATp09g4bbN0R1F845CaXpL3 ZxlMKimoPAyqletMlEWwLfFia7sdpSzn+ZlN NlkxWcLsIlMmUg== )
+
+;; NSEC3 RR that matches a wildcard at the closest encloser.
+;; H(*.w.example) = r53bq7cc2uvmubfu5ocmm6pers9tk9en
+r53bq7cc2uvmubfu5ocmm6pers9tk9en.example. NSEC3 1 1 12 aabbccdd ( t644ebqk9bibcna874givr6joj62mlhv MX RRSIG )
+r53bq7cc2uvmubfu5ocmm6pers9tk9en.example. RRSIG   NSEC3 7 2 3600 20150420235959 20051021000000 ( 40430 example.  aupviViruXs4bDg9rCbezzBMf9h1ZlDvbW/C ZFKulIGXXLj8B/fsDJarXVDA9bnUoRhEbKp+ HF1FWKW7RIJdtQ== )
+
+SECTION ADDITIONAL
+ENTRY_END
+
+; catch glue queries
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR AA DO NOERROR
+SECTION QUESTION
+ns2.example. IN      A
+SECTION ANSWER
+; nothing to make sure the ns1 server is used for queries.
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR AA DO NOERROR
+SECTION QUESTION
+ns2.example. IN      AAAA
+SECTION ANSWER
+; nothing to make sure the ns1 server is used for queries.
+ENTRY_END
+
+
+RANGE_END
+
+STEP 1 QUERY
+ENTRY_BEGIN
+REPLY RD
+SECTION QUESTION
+a.z.w.example.      IN AAAA
+ENTRY_END
+
+; recursion happens here.
+STEP 10 CHECK_ANSWER
+ENTRY_BEGIN
+MATCH all
+REPLY QR RD RA SERVFAIL
+SECTION QUESTION
+a.z.w.example.      IN AAAA
+SECTION ANSWER
+SECTION AUTHORITY
+SECTION ADDITIONAL
+ENTRY_END
+
+SCENARIO_END
diff --git a/src/test/resources/unbound/val_nsec3_b5_wcnodata_nonc.rpl b/src/test/resources/unbound/val_nsec3_b5_wcnodata_nonc.rpl
new file mode 100644
index 000000000..fa20f5ee7
--- /dev/null
+++ b/src/test/resources/unbound/val_nsec3_b5_wcnodata_nonc.rpl
@@ -0,0 +1,166 @@
+; config options
+server:
+        trust-anchor: "example. DNSKEY  257 3 7 AwEAAcUlFV1vhmqx6NSOUOq2R/dsR7Xm3upJ ( j7IommWSpJABVfW8Q0rOvXdM6kzt+TAu92L9 AbsUdblMFin8CVF3n4s= )"
+	val-override-date: "20120420235959"
+	target-fetch-policy: "0 0 0 0 0"
+	qname-minimisation: "no"
+	fake-sha1: yes
+	val-min-rsa-size: 512
+	trust-anchor-signaling: no
+
+stub-zone:
+	name: "."
+	stub-addr: 193.0.14.129 	# K.ROOT-SERVERS.NET.
+CONFIG_END
+
+SCENARIO_BEGIN Test validator NSEC3 B.5 wildcard nodata, without nc.
+
+; K.ROOT-SERVERS.NET.
+RANGE_BEGIN 0 100
+	ADDRESS 193.0.14.129
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+. IN NS
+SECTION ANSWER
+. IN NS	K.ROOT-SERVERS.NET.
+SECTION ADDITIONAL
+K.ROOT-SERVERS.NET.	IN	A	193.0.14.129
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode subdomain
+ADJUST copy_id copy_query
+REPLY QR NOERROR
+SECTION QUESTION
+example. IN A
+SECTION AUTHORITY
+example.	IN NS	ns1.example.
+; leave out to make unbound take ns1
+;example.	IN NS	ns2.example.
+SECTION ADDITIONAL
+ns1.example.	IN A 192.0.2.1
+; leave out to make unbound take ns1
+;ns2.example.	IN A 192.0.2.2
+ENTRY_END
+RANGE_END
+
+; ns1.example.
+RANGE_BEGIN 0 100
+	ADDRESS 192.0.2.1
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id copy_query
+REPLY QR REFUSED
+SECTION QUESTION
+ns1.example. IN A
+SECTION ANSWER
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id copy_query
+REPLY QR REFUSED
+SECTION QUESTION
+ns1.example. IN AAAA
+SECTION ANSWER
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id copy_query
+REPLY QR REFUSED
+SECTION QUESTION
+example. IN NS
+SECTION ANSWER
+ENTRY_END
+
+; response to DNSKEY priming query
+
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+example. IN DNSKEY
+SECTION ANSWER
+example. DNSKEY  256 3 7 AwEAAaetidLzsKWUt4swWR8yu0wPHPiUi8LU ( sAD0QPWU+wzt89epO6tHzkMBVDkC7qphQO2h TY4hHn9npWFRw5BYubE= )
+example. DNSKEY  257 3 7 AwEAAcUlFV1vhmqx6NSOUOq2R/dsR7Xm3upJ ( j7IommWSpJABVfW8Q0rOvXdM6kzt+TAu92L9 AbsUdblMFin8CVF3n4s= )
+example. RRSIG   DNSKEY 7 1 3600 20150420235959 ( 20051021000000 12708 example.  AuU4juU9RaxescSmStrQks3Gh9FblGBlVU31 uzMZ/U/FpsUb8aC6QZS+sTsJXnLnz7flGOsm MGQZf3bH+QsCtg== )
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR AA DO NOERROR
+SECTION QUESTION
+a.z.w.example.      IN AAAA
+SECTION ANSWER
+SECTION AUTHORITY
+example.       SOA     ns1.example. bugs.x.w.example. 1 3600 300 ( 3600000 3600 )
+example.        RRSIG   SOA 7 1 3600 20150420235959 20051021000000 ( 40430 example.  Hu25UIyNPmvPIVBrldN+9Mlp9Zql39qaUd8i q4ZLlYWfUUbbAS41pG+68z81q1xhkYAcEyHd VI2LmKusbZsT0Q== )
+
+;; NSEC3 RR that matches the closest encloser (w.example)
+;; H(w.example) = k8udemvp1j2f7eg6jebps17vp3n8i58h
+k8udemvp1j2f7eg6jebps17vp3n8i58h.example. NSEC3 1 1 12 aabbccdd ( kohar7mbb8dc2ce8a9qvl8hon4k53uhi )
+k8udemvp1j2f7eg6jebps17vp3n8i58h.example. RRSIG   NSEC3 7 2 3600 20150420235959 20051021000000 ( 40430 example.  FtXGbvF0+wf8iWkyo73enAuVx03klN+pILBK S6qCcftVtfH4yVzsEZquJ27NHR7ruxJWDNMt Otx7w9WfcIg62A== )
+
+;; NSEC3 RR that covers the "next closer" name (z.w.example)
+;; H(z.w.example) = qlu7gtfaeh0ek0c05ksfhdpbcgglbe03
+;q04jkcevqvmu85r014c7dkba38o0ji5r.example. NSEC3 1 1 12 aabbccdd ( r53bq7cc2uvmubfu5ocmm6pers9tk9en A RRSIG )
+;q04jkcevqvmu85r014c7dkba38o0ji5r.example. RRSIG   NSEC3 7 2 3600 20150420235959 20051021000000 ( 40430 example.  hV5I89b+4FHJDATp09g4bbN0R1F845CaXpL3 ZxlMKimoPAyqletMlEWwLfFia7sdpSzn+ZlN NlkxWcLsIlMmUg== )
+
+;; NSEC3 RR that matches a wildcard at the closest encloser.
+;; H(*.w.example) = r53bq7cc2uvmubfu5ocmm6pers9tk9en
+r53bq7cc2uvmubfu5ocmm6pers9tk9en.example. NSEC3 1 1 12 aabbccdd ( t644ebqk9bibcna874givr6joj62mlhv MX RRSIG )
+r53bq7cc2uvmubfu5ocmm6pers9tk9en.example. RRSIG   NSEC3 7 2 3600 20150420235959 20051021000000 ( 40430 example.  aupviViruXs4bDg9rCbezzBMf9h1ZlDvbW/C ZFKulIGXXLj8B/fsDJarXVDA9bnUoRhEbKp+ HF1FWKW7RIJdtQ== )
+
+SECTION ADDITIONAL
+ENTRY_END
+
+; catch glue queries
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR AA DO NOERROR
+SECTION QUESTION
+ns2.example. IN      A
+SECTION ANSWER
+; nothing to make sure the ns1 server is used for queries.
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR AA DO NOERROR
+SECTION QUESTION
+ns2.example. IN      AAAA
+SECTION ANSWER
+; nothing to make sure the ns1 server is used for queries.
+ENTRY_END
+
+
+RANGE_END
+
+STEP 1 QUERY
+ENTRY_BEGIN
+REPLY RD
+SECTION QUESTION
+a.z.w.example.      IN AAAA
+ENTRY_END
+
+; recursion happens here.
+STEP 10 CHECK_ANSWER
+ENTRY_BEGIN
+MATCH all
+REPLY QR RD RA SERVFAIL
+SECTION QUESTION
+a.z.w.example.      IN AAAA
+SECTION ANSWER
+SECTION AUTHORITY
+SECTION ADDITIONAL
+ENTRY_END
+
+SCENARIO_END
diff --git a/src/test/resources/unbound/val_nsec3_b5_wcnodata_nowc.rpl b/src/test/resources/unbound/val_nsec3_b5_wcnodata_nowc.rpl
new file mode 100644
index 000000000..bc74c6692
--- /dev/null
+++ b/src/test/resources/unbound/val_nsec3_b5_wcnodata_nowc.rpl
@@ -0,0 +1,168 @@
+; config options
+server:
+        trust-anchor: "example. DNSKEY  257 3 7 AwEAAcUlFV1vhmqx6NSOUOq2R/dsR7Xm3upJ ( j7IommWSpJABVfW8Q0rOvXdM6kzt+TAu92L9 AbsUdblMFin8CVF3n4s= )"
+	val-override-date: "20120420235959"
+	target-fetch-policy: "0 0 0 0 0"
+	qname-minimisation: "no"
+	fake-sha1: yes
+	val-min-rsa-size: 512
+	trust-anchor-signaling: no
+
+stub-zone:
+	name: "."
+	stub-addr: 193.0.14.129 	# K.ROOT-SERVERS.NET.
+CONFIG_END
+
+SCENARIO_BEGIN Test validator NSEC3 B.5 wildcard nodata, without wc.
+
+; K.ROOT-SERVERS.NET.
+RANGE_BEGIN 0 100
+	ADDRESS 193.0.14.129
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+. IN NS
+SECTION ANSWER
+. IN NS	K.ROOT-SERVERS.NET.
+SECTION ADDITIONAL
+K.ROOT-SERVERS.NET.	IN	A	193.0.14.129
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode subdomain
+ADJUST copy_id copy_query
+REPLY QR NOERROR
+SECTION QUESTION
+example. IN A
+SECTION AUTHORITY
+example.	IN NS	ns1.example.
+; leave out to make unbound take ns1
+;example.	IN NS	ns2.example.
+SECTION ADDITIONAL
+ns1.example.	IN A 192.0.2.1
+; leave out to make unbound take ns1
+;ns2.example.	IN A 192.0.2.2
+ENTRY_END
+RANGE_END
+
+; ns1.example.
+RANGE_BEGIN 0 100
+	ADDRESS 192.0.2.1
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id copy_query
+REPLY QR REFUSED
+SECTION QUESTION
+ns1.example. IN A
+SECTION ANSWER
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id copy_query
+REPLY QR REFUSED
+SECTION QUESTION
+ns1.example. IN AAAA
+SECTION ANSWER
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id copy_query
+REPLY QR REFUSED
+SECTION QUESTION
+example. IN NS
+SECTION ANSWER
+ENTRY_END
+
+; response to DNSKEY priming query
+
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+example. IN DNSKEY
+SECTION ANSWER
+example. DNSKEY  256 3 7 AwEAAaetidLzsKWUt4swWR8yu0wPHPiUi8LU ( sAD0QPWU+wzt89epO6tHzkMBVDkC7qphQO2h TY4hHn9npWFRw5BYubE= )
+example. DNSKEY  257 3 7 AwEAAcUlFV1vhmqx6NSOUOq2R/dsR7Xm3upJ ( j7IommWSpJABVfW8Q0rOvXdM6kzt+TAu92L9 AbsUdblMFin8CVF3n4s= )
+example. RRSIG   DNSKEY 7 1 3600 20150420235959 ( 20051021000000 12708 example.  AuU4juU9RaxescSmStrQks3Gh9FblGBlVU31 uzMZ/U/FpsUb8aC6QZS+sTsJXnLnz7flGOsm MGQZf3bH+QsCtg== )
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR AA DO NOERROR
+SECTION QUESTION
+a.z.w.example.      IN AAAA
+SECTION ANSWER
+SECTION AUTHORITY
+example.       SOA     ns1.example. bugs.x.w.example. 1 3600 300 ( 3600000 3600 )
+example.        RRSIG   SOA 7 1 3600 20150420235959 20051021000000 ( 40430 example.  Hu25UIyNPmvPIVBrldN+9Mlp9Zql39qaUd8i q4ZLlYWfUUbbAS41pG+68z81q1xhkYAcEyHd VI2LmKusbZsT0Q== )
+
+;; NSEC3 RR that matches the closest encloser (w.example)
+;; H(w.example) = k8udemvp1j2f7eg6jebps17vp3n8i58h
+k8udemvp1j2f7eg6jebps17vp3n8i58h.example. NSEC3 1 1 12 aabbccdd ( kohar7mbb8dc2ce8a9qvl8hon4k53uhi )
+k8udemvp1j2f7eg6jebps17vp3n8i58h.example. RRSIG   NSEC3 7 2 3600 20150420235959 20051021000000 ( 40430 example.  FtXGbvF0+wf8iWkyo73enAuVx03klN+pILBK S6qCcftVtfH4yVzsEZquJ27NHR7ruxJWDNMt Otx7w9WfcIg62A== )
+
+;; NSEC3 RR that covers the "next closer" name (z.w.example)
+;; H(z.w.example) = qlu7gtfaeh0ek0c05ksfhdpbcgglbe03
+q04jkcevqvmu85r014c7dkba38o0ji5r.example. NSEC3 1 1 12 aabbccdd ( r53bq7cc2uvmubfu5ocmm6pers9tk9en A RRSIG )
+q04jkcevqvmu85r014c7dkba38o0ji5r.example. RRSIG   NSEC3 7 2 3600 20150420235959 20051021000000 ( 40430 example.  hV5I89b+4FHJDATp09g4bbN0R1F845CaXpL3 ZxlMKimoPAyqletMlEWwLfFia7sdpSzn+ZlN NlkxWcLsIlMmUg== )
+
+;; NSEC3 RR that matches a wildcard at the closest encloser.
+;; H(*.w.example) = r53bq7cc2uvmubfu5ocmm6pers9tk9en
+;r53bq7cc2uvmubfu5ocmm6pers9tk9en.example. NSEC3 1 1 12 aabbccdd ( t644ebqk9bibcna874givr6joj62mlhv MX RRSIG )
+;r53bq7cc2uvmubfu5ocmm6pers9tk9en.example. RRSIG   NSEC3 7 2 3600 20150420235959 20051021000000 ( 40430 example.  aupviViruXs4bDg9rCbezzBMf9h1ZlDvbW/C ZFKulIGXXLj8B/fsDJarXVDA9bnUoRhEbKp+ HF1FWKW7RIJdtQ== )
+
+SECTION ADDITIONAL
+ENTRY_END
+
+; catch glue queries
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR AA DO NOERROR
+SECTION QUESTION
+ns2.example. IN      A
+SECTION ANSWER
+; nothing to make sure the ns1 server is used for queries.
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR AA DO NOERROR
+SECTION QUESTION
+ns2.example. IN      AAAA
+SECTION ANSWER
+; nothing to make sure the ns1 server is used for queries.
+ENTRY_END
+
+
+RANGE_END
+
+STEP 1 QUERY
+ENTRY_BEGIN
+REPLY RD
+SECTION QUESTION
+a.z.w.example.      IN AAAA
+ENTRY_END
+
+; recursion happens here.
+STEP 10 CHECK_ANSWER
+ENTRY_BEGIN
+MATCH all
+; insecure! not bogus! (due to optout)
+REPLY QR RD RA NOERROR
+SECTION QUESTION
+a.z.w.example.      IN AAAA
+SECTION ANSWER
+SECTION AUTHORITY
+example.	3600	IN	SOA	ns1.example. bugs.x.w.example. 1 3600 300 3600000 3600
+SECTION ADDITIONAL
+ENTRY_END
+
+SCENARIO_END
diff --git a/src/test/resources/unbound/val_nsec3_cname_ds.rpl b/src/test/resources/unbound/val_nsec3_cname_ds.rpl
new file mode 100644
index 000000000..a3c2b8a11
--- /dev/null
+++ b/src/test/resources/unbound/val_nsec3_cname_ds.rpl
@@ -0,0 +1,214 @@
+; config options
+; The island of trust is at example.com
+server:
+	trust-anchor: "example.com.    3600    IN      DS      2854 3 1 46e4ffc6e9a4793b488954bd3f0cc6af0dfb201b"
+	val-override-date: "20070916134226"
+	target-fetch-policy: "0 0 0 0 0"
+	qname-minimisation: "no"
+	fake-sha1: yes
+	trust-anchor-signaling: no
+
+stub-zone:
+	name: "."
+	stub-addr: 193.0.14.129 	# K.ROOT-SERVERS.NET.
+CONFIG_END
+
+SCENARIO_BEGIN Test validator with NSEC3 CNAME for qtype DS.
+
+; K.ROOT-SERVERS.NET.
+RANGE_BEGIN 0 100
+	ADDRESS 193.0.14.129 
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+. IN NS
+SECTION ANSWER
+. IN NS	K.ROOT-SERVERS.NET.
+SECTION ADDITIONAL
+K.ROOT-SERVERS.NET.	IN	A	193.0.14.129
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+www.sub.example.com. IN DS
+SECTION AUTHORITY
+com.	IN NS	a.gtld-servers.net.
+SECTION ADDITIONAL
+a.gtld-servers.net.	IN 	A	192.5.6.30
+ENTRY_END
+RANGE_END
+
+; a.gtld-servers.net.
+RANGE_BEGIN 0 100
+	ADDRESS 192.5.6.30
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+com. IN NS
+SECTION ANSWER
+com.    IN NS   a.gtld-servers.net.
+SECTION ADDITIONAL
+a.gtld-servers.net.     IN      A       192.5.6.30
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+www.sub.example.com. IN DS
+SECTION AUTHORITY
+example.com.	IN NS	ns.example.com.
+SECTION ADDITIONAL
+ns.example.com.		IN 	A	1.2.3.4
+ENTRY_END
+RANGE_END
+
+; ns.example.com.
+RANGE_BEGIN 0 100
+	ADDRESS 1.2.3.4
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+example.com. IN NS
+SECTION ANSWER
+example.com.    IN NS   ns.example.com.
+example.com.    3600    IN      RRSIG   NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854}
+SECTION ADDITIONAL
+ns.example.com.         IN      A       1.2.3.4
+ns.example.com. 3600    IN      RRSIG   A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854}
+ENTRY_END
+
+; response to DNSKEY priming query
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+example.com. IN DNSKEY
+SECTION ANSWER
+example.com.    3600    IN      DNSKEY  256 3 3 ALXLUsWqUrY3JYER3T4TBJII s70j+sDS/UT2QRp61SE7S3E EXopNXoFE73JLRmvpi/UrOO/Vz4Se 6wXv/CYCKjGw06U4WRgR YXcpEhJROyNapmdIKSx hOzfLVE1gqA0PweZR8d tY3aNQSRn3sPpwJr6Mi /PqQKAMMrZ9ckJpf1+b QMOOvxgzz2U1GS18b3y ZKcgTMEaJzd/GZYzi/B N2DzQ0MsrSwYXfsNLFO Bbs8PJMW4LYIxeeOe6rUgkWOF 7CC9Dh/dduQ1QrsJhmZAEFfd6ByYV+ ;{id = 2854 (zsk), size = 1688b}
+example.com.    3600    IN      RRSIG   DNSKEY 3 2 3600 20070926134802 20070829134802 2854 example.com. MCwCFG1yhRNtTEa3Eno2zhVVuy2EJX3wAhQeLyUp6+UXcpC5qGNu9tkrTEgPUg== ;{id = 2854}
+SECTION AUTHORITY
+example.com.	IN NS	ns.example.com.
+example.com.    3600    IN      RRSIG   NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854}
+SECTION ADDITIONAL
+ns.example.com.		IN 	A	1.2.3.4
+ns.example.com. 3600    IN      RRSIG   A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854}
+ENTRY_END
+
+; response to query of interest
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+www.example.com. IN A
+SECTION AUTHORITY
+example.com.	IN SOA	ns.example.com. hostmaster.example.com. 2007090400 28800 7200 604800 18000
+example.com.    3600    IN      RRSIG   SOA 3 2 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCM6lsu9byZIQ1yYjJmyYfFWM2RWAIUcR5t84r2La824oWCkLjmHXRQlco= ;{id = 2854}
+
+; NODATA response. H(www.example.com.) = s1unhcti19bkdr98fegs0v46mbu3t4m3
+s1unhcti19bkdr98fegs0v46mbu3t4m3.example.com. IN NSEC3  1 1 123 aabb00123456bbccdd s1unhcti19bkdr98fegs0v46mbu3t4m4 MX RRSIG
+s1unhcti19bkdr98fegs0v46mbu3t4m3.example.com.   3600    IN      RRSIG   NSEC3 3 3 3600 20070926135752 20070829135752 2854 example.com. MCwCFE/a24nsY2luhQmZjY/ObAIgNSMkAhQWd4MUOUVK55bD6AbMHWrDA0yvEA== ;{id = 2854}
+
+ENTRY_END
+
+; refer to server one down
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+www.sub.example.com. IN DS
+SECTION AUTHORITY
+sub.example.com. IN NS ns.sub.example.com.
+sub.example.com.        3600    IN      DS      2854 DSA 1 be4d46cd7489cce25a31af0dff2968ce0425dd31
+sub.example.com.        3600    IN      RRSIG   DS 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQC1WMTfb25sTgeUEXCFR4+YiJqecwIUc2R/jrO4amyQxovSnld2reg8eyo= ;{id = 2854}
+SECTION ADDITIONAL
+ns.sub.example.com. IN A 1.2.3.10
+ENTRY_END
+RANGE_END
+
+; ns.sub.example.com.
+RANGE_BEGIN 0 100
+	ADDRESS 1.2.3.10
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+sub.example.com. IN NS
+SECTION ANSWER
+sub.example.com. IN NS ns.sub.example.com.
+SECTION ADDITIONAL
+ns.sub.example.com. IN A 1.2.3.10
+ENTRY_END
+
+; response to DNSKEY priming query
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+sub.example.com. IN DNSKEY
+SECTION ANSWER
+sub.example.com.    3600    IN      DNSKEY  256 3 3 ALXLUsWqUrY3JYER3T4TBJII s70j+sDS/UT2QRp61SE7S3E EXopNXoFE73JLRmvpi/UrOO/Vz4Se 6wXv/CYCKjGw06U4WRgR YXcpEhJROyNapmdIKSx hOzfLVE1gqA0PweZR8d tY3aNQSRn3sPpwJr6Mi /PqQKAMMrZ9ckJpf1+b QMOOvxgzz2U1GS18b3y ZKcgTMEaJzd/GZYzi/B N2DzQ0MsrSwYXfsNLFO Bbs8PJMW4LYIxeeOe6rUgkWOF 7CC9Dh/dduQ1QrsJhmZAEFfd6ByYV+ ;{id = 2854 (zsk), size = 1688b}
+sub.example.com.        3600    IN      RRSIG   DNSKEY 3 3 3600 20070926135752 20070829135752 2854 sub.example.com. MCwCFBznBTYM/SrdUnjQdBnLtRO79KAaAhQReG5nRuL7Xsdf6D0KKwPa1GpWyQ== ;{id = 2854}
+
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+www.sub.example.com. IN DS
+SECTION ANSWER
+; from *.sub.example.com. IN CNAME sub.example.com.
+www.sub.example.com. IN CNAME sub.example.com.
+www.sub.example.com.      3600    IN      RRSIG   CNAME 3 3 3600 20070926135752 20070829135752 2854 sub.example.com. MCwCFFyXwAzONbrkZD3oQ50zRYXOr1vvAhQAmzDTm7YYloe6F96eBS1L+KE9hg== ;{id = 2854}
+SECTION AUTHORITY
+; cover qname next closer name, for the wildcard.
+; H(www.sub.example.com.) = ecllopkacmb753v6jlld4d371l1u8gme
+ecllopkacmb753v6jlld4d371l1u7gme.sub.example.com. IN NSEC3 1 1 123 aabb00123456bbccdd ecllopkacmb753v6jlld4d371l1u9gme A RRSIG
+ecllopkacmb753v6jlld4d371l1u7gme.sub.example.com.       3600    IN      RRSIG  NSEC3 3 4 3600 20070926135752 20070829135752 2854 sub.example.com. MCwCFD4bIeWulXj9lhAGsqCfsKg6jQheAhQ9kkYqd9AVdomcl2YzWOupJnV5wQ== ;{id = 2854}
+
+ENTRY_END
+RANGE_END
+
+STEP 1 QUERY
+ENTRY_BEGIN
+REPLY RD DO
+SECTION QUESTION
+www.sub.example.com. IN DS
+ENTRY_END
+
+; recursion happens here.
+STEP 10 CHECK_ANSWER
+ENTRY_BEGIN
+MATCH all
+REPLY QR RD RA DO NOERROR
+SECTION QUESTION
+www.sub.example.com. IN DS
+SECTION ANSWER
+www.sub.example.com. IN CNAME sub.example.com.
+www.sub.example.com.      3600    IN      RRSIG   CNAME 3 3 3600 20070926135752 20070829135752 2854 sub.example.com. MCwCFFyXwAzONbrkZD3oQ50zRYXOr1vvAhQAmzDTm7YYloe6F96eBS1L+KE9hg== ;{id = 2854}
+sub.example.com.        3600    IN      DS      2854 DSA 1 be4d46cd7489cce25a31af0dff2968ce0425dd31
+sub.example.com.        3600    IN      RRSIG   DS 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQC1WMTfb25sTgeUEXCFR4+YiJqecwIUc2R/jrO4amyQxovSnld2reg8eyo= ;{id = 2854}
+SECTION AUTHORITY
+ecllopkacmb753v6jlld4d371l1u7gme.sub.example.com. IN NSEC3 1 1 123 aabb00123456bbccdd ecllopkacmb753v6jlld4d371l1u9gme A RRSIG
+ecllopkacmb753v6jlld4d371l1u7gme.sub.example.com.       3600    IN      RRSIG  NSEC3 3 4 3600 20070926135752 20070829135752 2854 sub.example.com. MCwCFD4bIeWulXj9lhAGsqCfsKg6jQheAhQ9kkYqd9AVdomcl2YzWOupJnV5wQ== ;{id = 2854}
+SECTION ADDITIONAL
+ENTRY_END
+
+SCENARIO_END
diff --git a/src/test/resources/unbound/val_nsec3_cname_par.rpl b/src/test/resources/unbound/val_nsec3_cname_par.rpl
new file mode 100644
index 000000000..e07a4aea4
--- /dev/null
+++ b/src/test/resources/unbound/val_nsec3_cname_par.rpl
@@ -0,0 +1,218 @@
+; config options
+; The island of trust is at example.com
+server:
+	trust-anchor: "example.com.    3600    IN      DS      2854 3 1 46e4ffc6e9a4793b488954bd3f0cc6af0dfb201b"
+	val-override-date: "20070916134226"
+	target-fetch-policy: "0 0 0 0 0"
+	qname-minimisation: "no"
+	fake-sha1: yes
+	trust-anchor-signaling: no
+
+stub-zone:
+	name: "."
+	stub-addr: 193.0.14.129 	# K.ROOT-SERVERS.NET.
+CONFIG_END
+
+SCENARIO_BEGIN Test validator with NSEC3 wildcard CNAME to parent.
+; to test the zone determination routines in nsec3.
+
+; K.ROOT-SERVERS.NET.
+RANGE_BEGIN 0 100
+	ADDRESS 193.0.14.129 
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+. IN NS
+SECTION ANSWER
+. IN NS	K.ROOT-SERVERS.NET.
+SECTION ADDITIONAL
+K.ROOT-SERVERS.NET.	IN	A	193.0.14.129
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+www.sub.example.com. IN A
+SECTION AUTHORITY
+com.	IN NS	a.gtld-servers.net.
+SECTION ADDITIONAL
+a.gtld-servers.net.	IN 	A	192.5.6.30
+ENTRY_END
+RANGE_END
+
+; a.gtld-servers.net.
+RANGE_BEGIN 0 100
+	ADDRESS 192.5.6.30
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+com. IN NS
+SECTION ANSWER
+com.    IN NS   a.gtld-servers.net.
+SECTION ADDITIONAL
+a.gtld-servers.net.     IN      A       192.5.6.30
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+www.sub.example.com. IN A
+SECTION AUTHORITY
+example.com.	IN NS	ns.example.com.
+SECTION ADDITIONAL
+ns.example.com.		IN 	A	1.2.3.4
+ENTRY_END
+RANGE_END
+
+; ns.example.com.
+RANGE_BEGIN 0 100
+	ADDRESS 1.2.3.4
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+example.com. IN NS
+SECTION ANSWER
+example.com.    IN NS   ns.example.com.
+example.com.    3600    IN      RRSIG   NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854}
+SECTION ADDITIONAL
+ns.example.com.         IN      A       1.2.3.4
+ns.example.com. 3600    IN      RRSIG   A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854}
+ENTRY_END
+
+; response to DNSKEY priming query
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+example.com. IN DNSKEY
+SECTION ANSWER
+example.com.    3600    IN      DNSKEY  256 3 3 ALXLUsWqUrY3JYER3T4TBJII s70j+sDS/UT2QRp61SE7S3E EXopNXoFE73JLRmvpi/UrOO/Vz4Se 6wXv/CYCKjGw06U4WRgR YXcpEhJROyNapmdIKSx hOzfLVE1gqA0PweZR8d tY3aNQSRn3sPpwJr6Mi /PqQKAMMrZ9ckJpf1+b QMOOvxgzz2U1GS18b3y ZKcgTMEaJzd/GZYzi/B N2DzQ0MsrSwYXfsNLFO Bbs8PJMW4LYIxeeOe6rUgkWOF 7CC9Dh/dduQ1QrsJhmZAEFfd6ByYV+ ;{id = 2854 (zsk), size = 1688b}
+example.com.    3600    IN      RRSIG   DNSKEY 3 2 3600 20070926134802 20070829134802 2854 example.com. MCwCFG1yhRNtTEa3Eno2zhVVuy2EJX3wAhQeLyUp6+UXcpC5qGNu9tkrTEgPUg== ;{id = 2854}
+SECTION AUTHORITY
+example.com.	IN NS	ns.example.com.
+example.com.    3600    IN      RRSIG   NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854}
+SECTION ADDITIONAL
+ns.example.com.		IN 	A	1.2.3.4
+ns.example.com. 3600    IN      RRSIG   A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854}
+ENTRY_END
+
+; response to query of interest
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+www.example.com. IN A
+SECTION AUTHORITY
+example.com.	IN SOA	ns.example.com. hostmaster.example.com. 2007090400 28800 7200 604800 18000
+example.com.    3600    IN      RRSIG   SOA 3 2 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCM6lsu9byZIQ1yYjJmyYfFWM2RWAIUcR5t84r2La824oWCkLjmHXRQlco= ;{id = 2854}
+
+; NODATA response. H(www.example.com.) = s1unhcti19bkdr98fegs0v46mbu3t4m3
+s1unhcti19bkdr98fegs0v46mbu3t4m3.example.com. IN NSEC3  1 1 123 aabb00123456bbccdd s1unhcti19bkdr98fegs0v46mbu3t4m4 MX RRSIG
+s1unhcti19bkdr98fegs0v46mbu3t4m3.example.com.   3600    IN      RRSIG   NSEC3 3 3 3600 20070926135752 20070829135752 2854 example.com. MCwCFE/a24nsY2luhQmZjY/ObAIgNSMkAhQWd4MUOUVK55bD6AbMHWrDA0yvEA== ;{id = 2854}
+
+ENTRY_END
+
+; refer to server one down
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+www.sub.example.com. IN A
+SECTION AUTHORITY
+sub.example.com. IN NS ns.sub.example.com.
+sub.example.com.        3600    IN      DS      2854 DSA 1 be4d46cd7489cce25a31af0dff2968ce0425dd31
+sub.example.com.        3600    IN      RRSIG   DS 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQC1WMTfb25sTgeUEXCFR4+YiJqecwIUc2R/jrO4amyQxovSnld2reg8eyo= ;{id = 2854}
+SECTION ADDITIONAL
+ns.sub.example.com. IN A 1.2.3.10
+ENTRY_END
+RANGE_END
+
+; ns.sub.example.com.
+RANGE_BEGIN 0 100
+	ADDRESS 1.2.3.10
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+sub.example.com. IN NS
+SECTION ANSWER
+sub.example.com. IN NS ns.sub.example.com.
+SECTION ADDITIONAL
+ns.sub.example.com. IN A 1.2.3.10
+ENTRY_END
+
+; response to DNSKEY priming query
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+sub.example.com. IN DNSKEY
+SECTION ANSWER
+sub.example.com.    3600    IN      DNSKEY  256 3 3 ALXLUsWqUrY3JYER3T4TBJII s70j+sDS/UT2QRp61SE7S3E EXopNXoFE73JLRmvpi/UrOO/Vz4Se 6wXv/CYCKjGw06U4WRgR YXcpEhJROyNapmdIKSx hOzfLVE1gqA0PweZR8d tY3aNQSRn3sPpwJr6Mi /PqQKAMMrZ9ckJpf1+b QMOOvxgzz2U1GS18b3y ZKcgTMEaJzd/GZYzi/B N2DzQ0MsrSwYXfsNLFO Bbs8PJMW4LYIxeeOe6rUgkWOF 7CC9Dh/dduQ1QrsJhmZAEFfd6ByYV+ ;{id = 2854 (zsk), size = 1688b}
+sub.example.com.        3600    IN      RRSIG   DNSKEY 3 3 3600 20070926135752 20070829135752 2854 sub.example.com. MCwCFBznBTYM/SrdUnjQdBnLtRO79KAaAhQReG5nRuL7Xsdf6D0KKwPa1GpWyQ== ;{id = 2854}
+
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+www.sub.example.com. IN A
+SECTION ANSWER
+; from *.sub.example.com. IN CNAME www.example.com.
+www.sub.example.com. IN CNAME www.example.com.
+www.sub.example.com.      3600    IN      RRSIG   CNAME 3 3 3600 20070926135752 20070829135752 2854 sub.example.com. MCwCFFKPEuHCx2R69zF2Nd4c7Vu/4RUxAhRB9zHHPCihRU4HT5HhpPJxJykeFg== ;{id = 2854}
+SECTION AUTHORITY
+; cover qname next closer name, for the wildcard.
+; H(www.sub.example.com.) = ecllopkacmb753v6jlld4d371l1u8gme
+ecllopkacmb753v6jlld4d371l1u7gme.sub.example.com. IN NSEC3 1 1 123 aabb00123456bbccdd ecllopkacmb753v6jlld4d371l1u9gme A RRSIG
+ecllopkacmb753v6jlld4d371l1u7gme.sub.example.com.       3600    IN      RRSIG  NSEC3 3 4 3600 20070926135752 20070829135752 2854 sub.example.com. MCwCFD4bIeWulXj9lhAGsqCfsKg6jQheAhQ9kkYqd9AVdomcl2YzWOupJnV5wQ== ;{id = 2854}
+
+ENTRY_END
+RANGE_END
+
+STEP 1 QUERY
+ENTRY_BEGIN
+REPLY RD DO
+SECTION QUESTION
+www.sub.example.com. IN A
+ENTRY_END
+
+; recursion happens here.
+STEP 10 CHECK_ANSWER
+ENTRY_BEGIN
+MATCH all
+REPLY QR RD RA DO NOERROR
+SECTION QUESTION
+www.sub.example.com. IN A
+SECTION ANSWER
+www.sub.example.com. IN CNAME www.example.com.
+www.sub.example.com.      3600    IN      RRSIG   CNAME 3 3 3600 20070926135752 20070829135752 2854 sub.example.com. MCwCFFKPEuHCx2R69zF2Nd4c7Vu/4RUxAhRB9zHHPCihRU4HT5HhpPJxJykeFg== ;{id = 2854}
+SECTION AUTHORITY
+ecllopkacmb753v6jlld4d371l1u7gme.sub.example.com. IN NSEC3 1 1 123 aabb00123456bbccdd ecllopkacmb753v6jlld4d371l1u9gme A RRSIG
+ecllopkacmb753v6jlld4d371l1u7gme.sub.example.com.       3600    IN      RRSIG  NSEC3 3 4 3600 20070926135752 20070829135752 2854 sub.example.com. MCwCFD4bIeWulXj9lhAGsqCfsKg6jQheAhQ9kkYqd9AVdomcl2YzWOupJnV5wQ== ;{id = 2854}
+example.com.	IN SOA	ns.example.com. hostmaster.example.com. 2007090400 28800 7200 604800 18000
+example.com.    3600    IN      RRSIG   SOA 3 2 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCM6lsu9byZIQ1yYjJmyYfFWM2RWAIUcR5t84r2La824oWCkLjmHXRQlco= ;{id = 2854}
+s1unhcti19bkdr98fegs0v46mbu3t4m3.example.com. IN NSEC3  1 1 123 aabb00123456bbccdd s1unhcti19bkdr98fegs0v46mbu3t4m4 MX RRSIG
+s1unhcti19bkdr98fegs0v46mbu3t4m3.example.com.   3600    IN      RRSIG   NSEC3 3 3 3600 20070926135752 20070829135752 2854 example.com. MCwCFE/a24nsY2luhQmZjY/ObAIgNSMkAhQWd4MUOUVK55bD6AbMHWrDA0yvEA== ;{id = 2854}
+
+SECTION ADDITIONAL
+ENTRY_END
+
+SCENARIO_END
diff --git a/src/test/resources/unbound/val_nsec3_cname_sub.rpl b/src/test/resources/unbound/val_nsec3_cname_sub.rpl
new file mode 100644
index 000000000..233afb086
--- /dev/null
+++ b/src/test/resources/unbound/val_nsec3_cname_sub.rpl
@@ -0,0 +1,228 @@
+; config options
+; The island of trust is at example.com
+server:
+	trust-anchor: "example.com.    3600    IN      DS      2854 3 1 46e4ffc6e9a4793b488954bd3f0cc6af0dfb201b"
+	val-override-date: "20070916134226"
+	target-fetch-policy: "0 0 0 0 0"
+	qname-minimisation: "no"
+	fake-sha1: yes
+	trust-anchor-signaling: no
+
+stub-zone:
+	name: "."
+	stub-addr: 193.0.14.129 	# K.ROOT-SERVERS.NET.
+CONFIG_END
+
+SCENARIO_BEGIN Test validator with NSEC3 wildcard CNAME to subzone.
+; to test the zone determination routines in nsec3.
+
+; K.ROOT-SERVERS.NET.
+RANGE_BEGIN 0 100
+	ADDRESS 193.0.14.129 
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+. IN NS
+SECTION ANSWER
+. IN NS	K.ROOT-SERVERS.NET.
+SECTION ADDITIONAL
+K.ROOT-SERVERS.NET.	IN	A	193.0.14.129
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+www.example.com. IN A
+SECTION AUTHORITY
+com.	IN NS	a.gtld-servers.net.
+SECTION ADDITIONAL
+a.gtld-servers.net.	IN 	A	192.5.6.30
+ENTRY_END
+RANGE_END
+
+; a.gtld-servers.net.
+RANGE_BEGIN 0 100
+	ADDRESS 192.5.6.30
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+com. IN NS
+SECTION ANSWER
+com.    IN NS   a.gtld-servers.net.
+SECTION ADDITIONAL
+a.gtld-servers.net.     IN      A       192.5.6.30
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+www.example.com. IN A
+SECTION AUTHORITY
+example.com.	IN NS	ns.example.com.
+SECTION ADDITIONAL
+ns.example.com.		IN 	A	1.2.3.4
+ENTRY_END
+RANGE_END
+
+; ns.example.com.
+RANGE_BEGIN 0 100
+	ADDRESS 1.2.3.4
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+example.com. IN NS
+SECTION ANSWER
+example.com.    IN NS   ns.example.com.
+example.com.    3600    IN      RRSIG   NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854}
+SECTION ADDITIONAL
+ns.example.com.         IN      A       1.2.3.4
+ns.example.com. 3600    IN      RRSIG   A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854}
+ENTRY_END
+
+; response to DNSKEY priming query
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+example.com. IN DNSKEY
+SECTION ANSWER
+example.com.    3600    IN      DNSKEY  256 3 3 ALXLUsWqUrY3JYER3T4TBJII s70j+sDS/UT2QRp61SE7S3E EXopNXoFE73JLRmvpi/UrOO/Vz4Se 6wXv/CYCKjGw06U4WRgR YXcpEhJROyNapmdIKSx hOzfLVE1gqA0PweZR8d tY3aNQSRn3sPpwJr6Mi /PqQKAMMrZ9ckJpf1+b QMOOvxgzz2U1GS18b3y ZKcgTMEaJzd/GZYzi/B N2DzQ0MsrSwYXfsNLFO Bbs8PJMW4LYIxeeOe6rUgkWOF 7CC9Dh/dduQ1QrsJhmZAEFfd6ByYV+ ;{id = 2854 (zsk), size = 1688b}
+example.com.    3600    IN      RRSIG   DNSKEY 3 2 3600 20070926134802 20070829134802 2854 example.com. MCwCFG1yhRNtTEa3Eno2zhVVuy2EJX3wAhQeLyUp6+UXcpC5qGNu9tkrTEgPUg== ;{id = 2854}
+SECTION AUTHORITY
+example.com.	IN NS	ns.example.com.
+example.com.    3600    IN      RRSIG   NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854}
+SECTION ADDITIONAL
+ns.example.com.		IN 	A	1.2.3.4
+ns.example.com. 3600    IN      RRSIG   A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854}
+ENTRY_END
+
+; response to query of interest
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+www.example.com. IN A
+SECTION ANSWER
+;from *.example.com. IN CNAME www.sub.example.com.
+www.example.com. IN CNAME www.sub.example.com.
+www.example.com.  3600    IN      RRSIG   CNAME 3 2 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCjVxqOi0bcgHgxVkwzJqIi6iNJswIUZxbmItvoyEczTclgVtHsr9Jmf+w= ;{id = 2854}
+SECTION AUTHORITY
+; cover qname next closer name.
+; H(www.example.com.) = s1unhcti19bkdr98fegs0v46mbu3t4m3.
+s1unhcti19bkdr98fegs0v46mbu3t4m2.example.com. NSEC3 1 1 123 aabb00123456bbccdd s1unhcti19bkdr98fegs0v46mbu3t4m4 A MX RRSIG
+s1unhcti19bkdr98fegs0v46mbu3t4m2.example.com.   3600    IN      RRSIG   NSEC3 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFFSH4klZKke48dYyddYDj17gjTS0AhUAltWicpFLWqW98/Af9Qlx70MH8o4= ;{id = 2854}
+ENTRY_END
+
+; refer to server one down
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+www.sub.example.com. IN A
+SECTION AUTHORITY
+sub.example.com. IN NS ns.sub.example.com.
+sub.example.com.        3600    IN      DS      2854 DSA 1 be4d46cd7489cce25a31af0dff2968ce0425dd31
+sub.example.com.        3600    IN      RRSIG   DS 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQC1WMTfb25sTgeUEXCFR4+YiJqecwIUc2R/jrO4amyQxovSnld2reg8eyo= ;{id = 2854}
+SECTION ADDITIONAL
+ns.sub.example.com. IN A 1.2.3.10
+ENTRY_END
+RANGE_END
+
+; ns.sub.example.com.
+RANGE_BEGIN 0 100
+	ADDRESS 1.2.3.10
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+sub.example.com. IN NS
+SECTION ANSWER
+sub.example.com. IN NS ns.sub.example.com.
+SECTION ADDITIONAL
+ns.sub.example.com. IN A 1.2.3.10
+ENTRY_END
+
+; response to DNSKEY priming query
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+sub.example.com. IN DNSKEY
+SECTION ANSWER
+sub.example.com.    3600    IN      DNSKEY  256 3 3 ALXLUsWqUrY3JYER3T4TBJII s70j+sDS/UT2QRp61SE7S3E EXopNXoFE73JLRmvpi/UrOO/Vz4Se 6wXv/CYCKjGw06U4WRgR YXcpEhJROyNapmdIKSx hOzfLVE1gqA0PweZR8d tY3aNQSRn3sPpwJr6Mi /PqQKAMMrZ9ckJpf1+b QMOOvxgzz2U1GS18b3y ZKcgTMEaJzd/GZYzi/B N2DzQ0MsrSwYXfsNLFO Bbs8PJMW4LYIxeeOe6rUgkWOF 7CC9Dh/dduQ1QrsJhmZAEFfd6ByYV+ ;{id = 2854 (zsk), size = 1688b}
+sub.example.com.        3600    IN      RRSIG   DNSKEY 3 3 3600 20070926135752 20070829135752 2854 sub.example.com. MCwCFBznBTYM/SrdUnjQdBnLtRO79KAaAhQReG5nRuL7Xsdf6D0KKwPa1GpWyQ== ;{id = 2854}
+
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NXDOMAIN
+SECTION QUESTION
+www.sub.example.com. IN A
+SECTION AUTHORITY
+sub.example.com.	IN SOA	ns.sub.example.com. hostmaster.example.com. 2007090400 28800 7200 604800 18000
+sub.example.com.        3600    IN      RRSIG   SOA 3 3 3600 20070926135752 20070829135752 2854 sub.example.com. MCwCFBLls0z0ncWxTXzDt4uLAuJsr932AhQvVeUJevgwAL6mfmLL6fAf2IZ7mg== ;{id = 2854}
+
+; closest encloser, H(sub.example.com). = 8r1f0ieoutlnjc03meng9e3bn2n0o9pd
+8r1f0ieoutlnjc03meng9e3bn2n0o9pd.sub.example.com. IN NSEC3 1 1 123 aabb00123456bbccdd 8r1f0ieoutlnjc03meng9e3bn3n0o9pd SOA NS MX RRSIG
+8r1f0ieoutlnjc03meng9e3bn2n0o9pd.sub.example.com.       3600    IN      RRSIG  NSEC3 3 4 3600 20070926135752 20070829135752 2854 sub.example.com. MCwCFBX1qVlth+YE+y57p5C7X00bLthDAhRIF2xoHF0exs29obE7JjVthwXfHA== ;{id = 2854}
+
+; wildcard denial, H(*.sub.example.com.) = hq432j8q183b54mejh50200pqo8rvlog
+hq432j8q183b54mejh50200pqo7rvlog.sub.example.com. IN NSEC3 1 1 123 aabb00123456bbccdd hq432j8q183b54mejh50200pqo9rvlog A RRSIG
+hq432j8q183b54mejh50200pqo7rvlog.sub.example.com.       3600    IN      RRSIG  NSEC3 3 4 3600 20070926135752 20070829135752 2854 sub.example.com. MCwCFAOXoeUk1d0cxT9p1gUvBrybAQCSAhQ5eLWaK932TxxY4U6NAxgst4O4uA== ;{id = 2854}
+
+; next closer denial H(www.sub.example.com.) = ecllopkacmb753v6jlld4d371l1u8gme
+ecllopkacmb753v6jlld4d371l1u7gme.sub.example.com. IN NSEC3 1 1 123 aabb00123456bbccdd ecllopkacmb753v6jlld4d371l1u9gme A RRSIG
+ecllopkacmb753v6jlld4d371l1u7gme.sub.example.com.       3600    IN      RRSIG  NSEC3 3 4 3600 20070926135752 20070829135752 2854 sub.example.com. MCwCFAuD3qb/+CWyqjBRt/RDjZvsSyCGAhQivfP3zr1+2Uknw9RhXUcUO0g6Lg== ;{id = 2854}
+ENTRY_END
+RANGE_END
+
+STEP 1 QUERY
+ENTRY_BEGIN
+REPLY RD DO
+SECTION QUESTION
+www.example.com. IN A
+ENTRY_END
+
+; recursion happens here.
+STEP 10 CHECK_ANSWER
+ENTRY_BEGIN
+MATCH all
+REPLY QR RD RA DO NXDOMAIN
+SECTION QUESTION
+www.example.com. IN A
+SECTION ANSWER
+www.example.com. IN CNAME www.sub.example.com.
+www.example.com.  3600    IN      RRSIG   CNAME 3 2 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCjVxqOi0bcgHgxVkwzJqIi6iNJswIUZxbmItvoyEczTclgVtHsr9Jmf+w= ;{id = 2854}
+SECTION AUTHORITY
+SECTION AUTHORITY
+s1unhcti19bkdr98fegs0v46mbu3t4m2.example.com. NSEC3 1 1 123 aabb00123456bbccdd s1unhcti19bkdr98fegs0v46mbu3t4m4 A MX RRSIG
+s1unhcti19bkdr98fegs0v46mbu3t4m2.example.com.   3600    IN      RRSIG   NSEC3 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFFSH4klZKke48dYyddYDj17gjTS0AhUAltWicpFLWqW98/Af9Qlx70MH8o4= ;{id = 2854}
+sub.example.com.	IN SOA	ns.sub.example.com. hostmaster.example.com. 2007090400 28800 7200 604800 18000
+sub.example.com.        3600    IN      RRSIG   SOA 3 3 3600 20070926135752 20070829135752 2854 sub.example.com. MCwCFBLls0z0ncWxTXzDt4uLAuJsr932AhQvVeUJevgwAL6mfmLL6fAf2IZ7mg== ;{id = 2854}
+8r1f0ieoutlnjc03meng9e3bn2n0o9pd.sub.example.com. IN NSEC3 1 1 123 aabb00123456bbccdd 8r1f0ieoutlnjc03meng9e3bn3n0o9pd SOA NS MX RRSIG
+8r1f0ieoutlnjc03meng9e3bn2n0o9pd.sub.example.com.       3600    IN      RRSIG  NSEC3 3 4 3600 20070926135752 20070829135752 2854 sub.example.com. MCwCFBX1qVlth+YE+y57p5C7X00bLthDAhRIF2xoHF0exs29obE7JjVthwXfHA== ;{id = 2854}
+hq432j8q183b54mejh50200pqo7rvlog.sub.example.com. IN NSEC3 1 1 123 aabb00123456bbccdd hq432j8q183b54mejh50200pqo9rvlog A RRSIG
+hq432j8q183b54mejh50200pqo7rvlog.sub.example.com.       3600    IN      RRSIG  NSEC3 3 4 3600 20070926135752 20070829135752 2854 sub.example.com. MCwCFAOXoeUk1d0cxT9p1gUvBrybAQCSAhQ5eLWaK932TxxY4U6NAxgst4O4uA== ;{id = 2854}
+ecllopkacmb753v6jlld4d371l1u7gme.sub.example.com. IN NSEC3 1 1 123 aabb00123456bbccdd ecllopkacmb753v6jlld4d371l1u9gme A RRSIG
+ecllopkacmb753v6jlld4d371l1u7gme.sub.example.com.       3600    IN      RRSIG  NSEC3 3 4 3600 20070926135752 20070829135752 2854 sub.example.com. MCwCFAuD3qb/+CWyqjBRt/RDjZvsSyCGAhQivfP3zr1+2Uknw9RhXUcUO0g6Lg== ;{id = 2854}
+SECTION ADDITIONAL
+ENTRY_END
+
+SCENARIO_END
diff --git a/src/test/resources/unbound/val_nsec3_cnametocnamewctoposwc.rpl b/src/test/resources/unbound/val_nsec3_cnametocnamewctoposwc.rpl
new file mode 100644
index 000000000..5188676e7
--- /dev/null
+++ b/src/test/resources/unbound/val_nsec3_cnametocnamewctoposwc.rpl
@@ -0,0 +1,209 @@
+; config options
+; The island of trust is at example.com
+server:
+	trust-anchor: "example.com.    IN      DNSKEY  257 3 8 AwEAAdL6YJdvoKQJEt/SgB6MrbQ2RDwnrcQQb6bDE8FpGgLen6hvF31ntVsZ3RZzhCmwL6lvumOLFIRKaP9ZBEVutT9iMoF2dNRbT0TCUrv6uQNHcuCZ0BJhuDNBU42f3yOnfFv7PKxd0NP+yFHJkvDQAVLMB5GeUQuYnvgQGeZsf/3b"
+	val-override-date: "20121030123249"
+	target-fetch-policy: "0 0 0 0 0"
+	qname-minimisation: "no"
+	fake-sha1: yes
+	trust-anchor-signaling: no
+
+stub-zone:
+	name: "."
+	stub-addr: 193.0.14.129 	# K.ROOT-SERVERS.NET.
+CONFIG_END
+
+SCENARIO_BEGIN Test validator with a regular cname to wildcard cname to wildcard response
+
+; K.ROOT-SERVERS.NET.
+RANGE_BEGIN 0 100
+	ADDRESS 193.0.14.129
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+. IN NS
+SECTION ANSWER
+. IN NS	K.ROOT-SERVERS.NET.
+SECTION ADDITIONAL
+K.ROOT-SERVERS.NET.	IN	A	193.0.14.129
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+start.example.com. IN A
+SECTION AUTHORITY
+com.	IN NS	a.gtld-servers.net.
+SECTION ADDITIONAL
+a.gtld-servers.net.	IN 	A	192.5.6.30
+ENTRY_END
+
+RANGE_END
+
+; a.gtld-servers.net.
+RANGE_BEGIN 0 100
+	ADDRESS 192.5.6.30
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+com. IN NS
+SECTION ANSWER
+com.    IN NS   a.gtld-servers.net.
+SECTION ADDITIONAL
+a.gtld-servers.net.     IN      A       192.5.6.30
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+start.example.com. IN A
+SECTION AUTHORITY
+example.com.	IN NS	ns.example.com.
+SECTION ADDITIONAL
+ns.example.com.	120	IN	A	1.2.3.4
+ENTRY_END
+RANGE_END
+
+; ns.example.com.
+RANGE_BEGIN 0 100
+	ADDRESS 1.2.3.4
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+example.com. IN NS
+SECTION ANSWER
+example.com.	3600	IN	NS	ns.example.com.
+example.com.	3600	IN	RRSIG	NS 8 2 3600 20121126123249 20121029123249 64050 example.com. cpLjgKPacNxVIGo59tYMZ98GVYpH28WHRWj3AeIHK0StYFcAlflGLdkae1LEgMwfUmzrayrA5GMe3AH8LyuTgA2Dn1oNFxGfuShQvK2MFQ+LxvQfiuoqlAlL5Aa94IWcSoU/wLrr66I1K8oSB2yK1Tyyv73c2N40D1mBbzIE70U=
+SECTION ADDITIONAL
+ns.example.com.	3600	IN	A	1.2.3.4
+ns.example.com.	3600	IN	RRSIG	A 8 2 3600 20121126123249 20121029123249 64050 example.com. zxGyimwFsd39j8T7jJ+tSAQPwZ7tjk6HHmzosTMCRePM4k4newbLb5HbrpucSiW/plaEZvjRTDTJ6bPkw0msPXjPCI/22Zh236XO5vhGtMOlxDgAEazuhifVF6UsM7GZwONPBCvw705HgWQyCR1YlTK2w9ffH3GopU9f4oP7Pmk=
+ENTRY_END
+
+; response to DNSKEY priming query
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+example.com. IN DNSKEY
+SECTION ANSWER
+example.com.	3600	IN	DNSKEY	256 3 8 AwEAAdWzfjQD2bfQuoQGNYuS0ByosBxiTkoKcy9kMoWOQ/jx9rvTRhHImWxTxFtIyZOoRgn6E6mE71e5Y1q1nuyH544Em+4rNRMMW4bzecQmMmPk+B97MqW9aW6e4BwiCTt52IGfL++5GORYcaITw9UOlQLYH1oHHUNUC6ebHENofLTj ;{id = 64050 (zsk), size = 1024b}
+example.com.	3600	IN	DNSKEY	257 3 8 AwEAAdL6YJdvoKQJEt/SgB6MrbQ2RDwnrcQQb6bDE8FpGgLen6hvF31ntVsZ3RZzhCmwL6lvumOLFIRKaP9ZBEVutT9iMoF2dNRbT0TCUrv6uQNHcuCZ0BJhuDNBU42f3yOnfFv7PKxd0NP+yFHJkvDQAVLMB5GeUQuYnvgQGeZsf/3b ;{id = 46426 (ksk), size = 1024b}
+example.com.	3600	IN	RRSIG	DNSKEY 8 2 3600 20121126123249 20121029123249 46426 example.com. pisNb/A40XDEiMpcYtxc+yO6osISyfpqz+0UZ61pd70+TLXMF197zr9SqOVJHyRI6G2lSnFggxYrZDpxLbxOW0RY/KfjD3xlI14M/2DieJ1NdlQuYFGgTwxcoINUJ/wRd4YUxkF4JS0D4NBdQ0yQYR0KqDr84oyhnULEHX6WB7s=
+SECTION AUTHORITY
+SECTION ADDITIONAL
+ENTRY_END
+
+; response to query of interest
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+start.example.com. IN A
+SECTION ANSWER
+start.example.com.	3600	IN	CNAME	x.y.z.wc.example.com.
+start.example.com.	3600	IN	RRSIG	CNAME 8 3 3600 20121126123316 20121029123316 64050 example.com. LHpx5n++Z0Jgjjalac+e7wdYSbfurqSDpLRAOI1PybTJkwrMvgDKfp0ycT4HwsLVy7spumZ/Ahg/5II9pai7jCiqv1Iyh6fx19ZVeClTFMOLotCK8xMHACYJIY39BhTwD2D3r9BxbK+RopUlXypwV02yzdY2xEnPCBJVDUn5d0g=
+x.y.z.wc.example.com.	3600	IN	CNAME	x.y.z.end.example.com.
+x.y.z.wc.example.com.	3600	IN	RRSIG	CNAME 8 3 3600 20121126123316 20121029123316 64050 example.com. BCnT6CIuqvF1U9LfiHIovgvXIVFJsCXqQWmnjHtbFvzUlTlfGj+56YBSOEpyCep4CBJ0CBgZ8gl5kWip8N+sTlveU/UWMv4FAkqLXRYjp4CZegslmJIuXU5uS+Q0GlLbWdSB9ZCZcbbO0qrOtUfrJ2ozcSTCS+D+oIZ+CkwvDlQ=
+x.y.z.end.example.com.	3600	IN	A	1.2.3.5
+x.y.z.end.example.com.	3600	IN	RRSIG	A 8 3 3600 20121126123249 20121029123249 64050 example.com. MyXXd3MvXtEYVNqWDepM3+Ra/j/b63QehzSHXZe5gL954WxW8KGHPYmeWyhDtruThpZS6s6jeARY2xt0lmEDnMgNyPJGA6UWwTIgvGD0u9Qw5kocCq3ZH4cSG4xu4rmZoi+h8OGrHxUb4jIKzipzAQDxhnAcp/wKF7e+p+OE+Fo=
+SECTION AUTHORITY
+; H(z.wc.example.com.) = isn85psesctb6afn2q105mv966tqqepi.
+isjq5aarcp8p5sukc56g961cccjus5u2.example.com.	86400	IN	NSEC3	1 0 1 abcd  isoaarjsq14bkqaamivn1t1milkv95lc A RRSIG
+isjq5aarcp8p5sukc56g961cccjus5u2.example.com.	86400	IN	RRSIG	NSEC3 8 3 86400 20121126123259 20121029123259 64050 example.com. Cxwzq1DUQvhkTVHEJHlb92c511Y+uJy/C0yL9br6W/5lB/usuSiK2DjW58ibPh2kLH1P3SpGqd1Y7LigptdXoPBDFakcNcimPWCN93R3J80+vrHHPkPyIsBaywwYI3SNGgfnHfPF+wmH+tZ1vfEHbigOxqPFK+T0ntKq7dkSndg=
+; H(z.end.example.com.) = a62608t4becqb6233m87ar7a3648rj3b.
+a61sejfu6am5a36p628t4s089s309o44.example.com.	86400	IN	NSEC3	1 0 1 abcd  a64lt5ij9a1up15h5cdsn1u2071901hu A RRSIG
+a61sejfu6am5a36p628t4s089s309o44.example.com.	86400	IN	RRSIG	NSEC3 8 3 86400 20121126123315 20121029123315 64050 example.com. gfBu4oqo9cVxJbqrw2Ly7mK638kGPOF8l8eh7ovalniwkU3F+PNYJyfSE9yGX8tMGbXrkEW9mAzAh39igr2+Bbzi9WPTRp4RDVM0qw+eyMmQRPWKt7FeanDtP+OcdVp0Hf2aPzsgmgTdS6s0AboUq1rX53H2M6F8xAiwPrBJXDQ=
+example.com.	3600	IN	NS	ns.example.com.
+example.com.	3600	IN	RRSIG	NS 8 2 3600 20121126123249 20121029123249 64050 example.com. cpLjgKPacNxVIGo59tYMZ98GVYpH28WHRWj3AeIHK0StYFcAlflGLdkae1LEgMwfUmzrayrA5GMe3AH8LyuTgA2Dn1oNFxGfuShQvK2MFQ+LxvQfiuoqlAlL5Aa94IWcSoU/wLrr66I1K8oSB2yK1Tyyv73c2N40D1mBbzIE70U=
+SECTION ADDITIONAL
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+x.y.z.wc.example.com. IN A
+SECTION ANSWER
+x.y.z.wc.example.com.	3600	IN	CNAME	x.y.z.end.example.com.
+x.y.z.wc.example.com.	3600	IN	RRSIG	CNAME 8 3 3600 20121126123316 20121029123316 64050 example.com. BCnT6CIuqvF1U9LfiHIovgvXIVFJsCXqQWmnjHtbFvzUlTlfGj+56YBSOEpyCep4CBJ0CBgZ8gl5kWip8N+sTlveU/UWMv4FAkqLXRYjp4CZegslmJIuXU5uS+Q0GlLbWdSB9ZCZcbbO0qrOtUfrJ2ozcSTCS+D+oIZ+CkwvDlQ=
+x.y.z.end.example.com.	3600	IN	A	1.2.3.5
+x.y.z.end.example.com.	3600	IN	RRSIG	A 8 3 3600 20121126123249 20121029123249 64050 example.com. MyXXd3MvXtEYVNqWDepM3+Ra/j/b63QehzSHXZe5gL954WxW8KGHPYmeWyhDtruThpZS6s6jeARY2xt0lmEDnMgNyPJGA6UWwTIgvGD0u9Qw5kocCq3ZH4cSG4xu4rmZoi+h8OGrHxUb4jIKzipzAQDxhnAcp/wKF7e+p+OE+Fo=
+SECTION AUTHORITY
+isjq5aarcp8p5sukc56g961cccjus5u2.example.com.	86400	IN	NSEC3	1 0 1 abcd  isoaarjsq14bkqaamivn1t1milkv95lc A RRSIG
+isjq5aarcp8p5sukc56g961cccjus5u2.example.com.	86400	IN	RRSIG	NSEC3 8 3 86400 20121126123259 20121029123259 64050 example.com. Cxwzq1DUQvhkTVHEJHlb92c511Y+uJy/C0yL9br6W/5lB/usuSiK2DjW58ibPh2kLH1P3SpGqd1Y7LigptdXoPBDFakcNcimPWCN93R3J80+vrHHPkPyIsBaywwYI3SNGgfnHfPF+wmH+tZ1vfEHbigOxqPFK+T0ntKq7dkSndg=
+a61sejfu6am5a36p628t4s089s309o44.example.com.	86400	IN	NSEC3	1 0 1 abcd  a64lt5ij9a1up15h5cdsn1u2071901hu A RRSIG
+a61sejfu6am5a36p628t4s089s309o44.example.com.	86400	IN	RRSIG	NSEC3 8 3 86400 20121126123315 20121029123315 64050 example.com. gfBu4oqo9cVxJbqrw2Ly7mK638kGPOF8l8eh7ovalniwkU3F+PNYJyfSE9yGX8tMGbXrkEW9mAzAh39igr2+Bbzi9WPTRp4RDVM0qw+eyMmQRPWKt7FeanDtP+OcdVp0Hf2aPzsgmgTdS6s0AboUq1rX53H2M6F8xAiwPrBJXDQ=
+example.com.	3600	IN	NS	ns.example.com.
+example.com.	3600	IN	RRSIG	NS 8 2 3600 20121126123249 20121029123249 64050 example.com. cpLjgKPacNxVIGo59tYMZ98GVYpH28WHRWj3AeIHK0StYFcAlflGLdkae1LEgMwfUmzrayrA5GMe3AH8LyuTgA2Dn1oNFxGfuShQvK2MFQ+LxvQfiuoqlAlL5Aa94IWcSoU/wLrr66I1K8oSB2yK1Tyyv73c2N40D1mBbzIE70U=
+SECTION ADDITIONAL
+ENTRY_END
+
+ENTRY_BEGING
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+x.y.z.end.example.com. IN A
+SECTION ANSWER
+x.y.z.end.example.com.	3600	IN	A	1.2.3.5
+x.y.z.end.example.com.	3600	IN	RRSIG	A 8 3 3600 20121126123249 20121029123249 64050 example.com. MyXXd3MvXtEYVNqWDepM3+Ra/j/b63QehzSHXZe5gL954WxW8KGHPYmeWyhDtruThpZS6s6jeARY2xt0lmEDnMgNyPJGA6UWwTIgvGD0u9Qw5kocCq3ZH4cSG4xu4rmZoi+h8OGrHxUb4jIKzipzAQDxhnAcp/wKF7e+p+OE+Fo=
+SECTION AUTHORITY
+a61sejfu6am5a36p628t4s089s309o44.example.com.	86400	IN	NSEC3	1 0 1 abcd  a64lt5ij9a1up15h5cdsn1u2071901hu A RRSIG
+a61sejfu6am5a36p628t4s089s309o44.example.com.	86400	IN	RRSIG	NSEC3 8 3 86400 20121126123315 20121029123315 64050 example.com. gfBu4oqo9cVxJbqrw2Ly7mK638kGPOF8l8eh7ovalniwkU3F+PNYJyfSE9yGX8tMGbXrkEW9mAzAh39igr2+Bbzi9WPTRp4RDVM0qw+eyMmQRPWKt7FeanDtP+OcdVp0Hf2aPzsgmgTdS6s0AboUq1rX53H2M6F8xAiwPrBJXDQ=
+example.com.	3600	IN	NS	ns.example.com.
+example.com.	3600	IN	RRSIG	NS 8 2 3600 20121126123249 20121029123249 64050 example.com. cpLjgKPacNxVIGo59tYMZ98GVYpH28WHRWj3AeIHK0StYFcAlflGLdkae1LEgMwfUmzrayrA5GMe3AH8LyuTgA2Dn1oNFxGfuShQvK2MFQ+LxvQfiuoqlAlL5Aa94IWcSoU/wLrr66I1K8oSB2yK1Tyyv73c2N40D1mBbzIE70U=
+SECTION ADDITIONAL
+ns.example.com.	3600	IN	A	1.2.3.4
+ns.example.com.	3600	IN	RRSIG	A 8 2 3600 20121126123249 20121029123249 64050 example.com. zxGyimwFsd39j8T7jJ+tSAQPwZ7tjk6HHmzosTMCRePM4k4newbLb5HbrpucSiW/plaEZvjRTDTJ6bPkw0msPXjPCI/22Zh236XO5vhGtMOlxDgAEazuhifVF6UsM7GZwONPBCvw705HgWQyCR1YlTK2w9ffH3GopU9f4oP7Pmk=
+ENTRY_END
+RANGE_END
+
+
+
+STEP 1 QUERY
+ENTRY_BEGIN
+REPLY RD DO
+SECTION QUESTION
+start.example.com. IN A
+ENTRY_END
+
+; recursion happens here.
+STEP 10 CHECK_ANSWER
+ENTRY_BEGIN
+MATCH all
+REPLY QR RD RA AD DO NOERROR
+SECTION QUESTION
+start.example.com. IN A
+SECTION ANSWER
+start.example.com.	3600	IN	CNAME	x.y.z.wc.example.com.
+start.example.com.	3600	IN	RRSIG	CNAME 8 3 3600 20121126123316 20121029123316 64050 example.com. LHpx5n++Z0Jgjjalac+e7wdYSbfurqSDpLRAOI1PybTJkwrMvgDKfp0ycT4HwsLVy7spumZ/Ahg/5II9pai7jCiqv1Iyh6fx19ZVeClTFMOLotCK8xMHACYJIY39BhTwD2D3r9BxbK+RopUlXypwV02yzdY2xEnPCBJVDUn5d0g=
+x.y.z.wc.example.com.	3600	IN	CNAME	x.y.z.end.example.com.
+x.y.z.wc.example.com.	3600	IN	RRSIG	CNAME 8 3 3600 20121126123316 20121029123316 64050 example.com. BCnT6CIuqvF1U9LfiHIovgvXIVFJsCXqQWmnjHtbFvzUlTlfGj+56YBSOEpyCep4CBJ0CBgZ8gl5kWip8N+sTlveU/UWMv4FAkqLXRYjp4CZegslmJIuXU5uS+Q0GlLbWdSB9ZCZcbbO0qrOtUfrJ2ozcSTCS+D+oIZ+CkwvDlQ=
+x.y.z.end.example.com.	3600	IN	A	1.2.3.5
+x.y.z.end.example.com.	3600	IN	RRSIG	A 8 3 3600 20121126123249 20121029123249 64050 example.com. MyXXd3MvXtEYVNqWDepM3+Ra/j/b63QehzSHXZe5gL954WxW8KGHPYmeWyhDtruThpZS6s6jeARY2xt0lmEDnMgNyPJGA6UWwTIgvGD0u9Qw5kocCq3ZH4cSG4xu4rmZoi+h8OGrHxUb4jIKzipzAQDxhnAcp/wKF7e+p+OE+Fo=
+SECTION AUTHORITY
+isjq5aarcp8p5sukc56g961cccjus5u2.example.com.	86400	IN	NSEC3	1 0 1 abcd  isoaarjsq14bkqaamivn1t1milkv95lc A RRSIG
+isjq5aarcp8p5sukc56g961cccjus5u2.example.com.	86400	IN	RRSIG	NSEC3 8 3 86400 20121126123259 20121029123259 64050 example.com. Cxwzq1DUQvhkTVHEJHlb92c511Y+uJy/C0yL9br6W/5lB/usuSiK2DjW58ibPh2kLH1P3SpGqd1Y7LigptdXoPBDFakcNcimPWCN93R3J80+vrHHPkPyIsBaywwYI3SNGgfnHfPF+wmH+tZ1vfEHbigOxqPFK+T0ntKq7dkSndg=
+a61sejfu6am5a36p628t4s089s309o44.example.com.	86400	IN	NSEC3	1 0 1 abcd  a64lt5ij9a1up15h5cdsn1u2071901hu A RRSIG
+a61sejfu6am5a36p628t4s089s309o44.example.com.	86400	IN	RRSIG	NSEC3 8 3 86400 20121126123315 20121029123315 64050 example.com. gfBu4oqo9cVxJbqrw2Ly7mK638kGPOF8l8eh7ovalniwkU3F+PNYJyfSE9yGX8tMGbXrkEW9mAzAh39igr2+Bbzi9WPTRp4RDVM0qw+eyMmQRPWKt7FeanDtP+OcdVp0Hf2aPzsgmgTdS6s0AboUq1rX53H2M6F8xAiwPrBJXDQ=
+example.com.	3600	IN	NS	ns.example.com.
+example.com.	3600	IN	RRSIG	NS 8 2 3600 20121126123249 20121029123249 64050 example.com. cpLjgKPacNxVIGo59tYMZ98GVYpH28WHRWj3AeIHK0StYFcAlflGLdkae1LEgMwfUmzrayrA5GMe3AH8LyuTgA2Dn1oNFxGfuShQvK2MFQ+LxvQfiuoqlAlL5Aa94IWcSoU/wLrr66I1K8oSB2yK1Tyyv73c2N40D1mBbzIE70U=
+SECTION ADDITIONAL
+ns.example.com.	3600	IN	A	1.2.3.4
+ns.example.com.	3600	IN	RRSIG	A 8 2 3600 20121126123249 20121029123249 64050 example.com. zxGyimwFsd39j8T7jJ+tSAQPwZ7tjk6HHmzosTMCRePM4k4newbLb5HbrpucSiW/plaEZvjRTDTJ6bPkw0msPXjPCI/22Zh236XO5vhGtMOlxDgAEazuhifVF6UsM7GZwONPBCvw705HgWQyCR1YlTK2w9ffH3GopU9f4oP7Pmk=
+ENTRY_END
+
+SCENARIO_END
diff --git a/src/test/resources/unbound/val_nsec3_entnodata_optout.rpl b/src/test/resources/unbound/val_nsec3_entnodata_optout.rpl
new file mode 100644
index 000000000..b0554707d
--- /dev/null
+++ b/src/test/resources/unbound/val_nsec3_entnodata_optout.rpl
@@ -0,0 +1,202 @@
+; config options
+; The island of trust is at example.com
+server:
+	trust-anchor: "example.com.    3600    IN      DS      2854 3 1 46e4ffc6e9a4793b488954bd3f0cc6af0dfb201b"
+	val-override-date: "20070916134226"
+	target-fetch-policy: "0 0 0 0 0"
+	fake-sha1: yes
+	trust-anchor-signaling: no
+
+stub-zone:
+	name: "."
+	stub-addr: 193.0.14.129 	# K.ROOT-SERVERS.NET.
+CONFIG_END
+
+SCENARIO_BEGIN Test validator with NSEC3 response for NODATA ENT with optout. 
+
+; K.ROOT-SERVERS.NET.
+RANGE_BEGIN 0 100
+	ADDRESS 193.0.14.129 
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+. IN NS
+SECTION ANSWER
+. IN NS	K.ROOT-SERVERS.NET.
+SECTION ADDITIONAL
+K.ROOT-SERVERS.NET.	IN	A	193.0.14.129
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode subdomain
+ADJUST copy_id copy_query
+REPLY QR NOERROR
+SECTION QUESTION
+com. IN A
+SECTION AUTHORITY
+com.	IN NS	a.gtld-servers.net.
+SECTION ADDITIONAL
+a.gtld-servers.net.	IN 	A	192.5.6.30
+ENTRY_END
+RANGE_END
+
+; a.gtld-servers.net.
+RANGE_BEGIN 0 100
+	ADDRESS 192.5.6.30
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+com. IN NS
+SECTION ANSWER
+com.    IN NS   a.gtld-servers.net.
+SECTION ADDITIONAL
+a.gtld-servers.net.     IN      A       192.5.6.30
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode subdomain
+ADJUST copy_id copy_query
+REPLY QR NOERROR
+SECTION QUESTION
+example.com. IN A
+SECTION AUTHORITY
+example.com.	IN NS	ns.example.com.
+SECTION ADDITIONAL
+ns.example.com.		IN 	A	1.2.3.4
+ENTRY_END
+RANGE_END
+
+; ns.example.com.
+RANGE_BEGIN 0 100
+	ADDRESS 1.2.3.4
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR AA REFUSED
+SECTION QUESTION
+ns.example.com. IN A
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR AA REFUSED
+SECTION QUESTION
+ns.example.com. IN AAAA
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+example.com. IN NS
+SECTION ANSWER
+example.com.    IN NS   ns.example.com.
+example.com.    3600    IN      RRSIG   NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854}
+SECTION ADDITIONAL
+ns.example.com.         IN      A       1.2.3.4
+ns.example.com. 3600    IN      RRSIG   A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854}
+ENTRY_END
+
+; response to DNSKEY priming query
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+example.com. IN DNSKEY
+SECTION ANSWER
+example.com.    3600    IN      DNSKEY  256 3 3 ALXLUsWqUrY3JYER3T4TBJII s70j+sDS/UT2QRp61SE7S3E EXopNXoFE73JLRmvpi/UrOO/Vz4Se 6wXv/CYCKjGw06U4WRgR YXcpEhJROyNapmdIKSx hOzfLVE1gqA0PweZR8d tY3aNQSRn3sPpwJr6Mi /PqQKAMMrZ9ckJpf1+b QMOOvxgzz2U1GS18b3y ZKcgTMEaJzd/GZYzi/B N2DzQ0MsrSwYXfsNLFO Bbs8PJMW4LYIxeeOe6rUgkWOF 7CC9Dh/dduQ1QrsJhmZAEFfd6ByYV+ ;{id = 2854 (zsk), size = 1688b}
+example.com.    3600    IN      RRSIG   DNSKEY 3 2 3600 20070926134802 20070829134802 2854 example.com. MCwCFG1yhRNtTEa3Eno2zhVVuy2EJX3wAhQeLyUp6+UXcpC5qGNu9tkrTEgPUg== ;{id = 2854}
+SECTION AUTHORITY
+example.com.	IN NS	ns.example.com.
+example.com.    3600    IN      RRSIG   NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854}
+SECTION ADDITIONAL
+ns.example.com.		IN 	A	1.2.3.4
+ns.example.com. 3600    IN      RRSIG   A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854}
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+www.example.com. IN A
+SECTION AUTHORITY
+example.com.	IN SOA	ns.example.com. hostmaster.example.com. 2007090400 28800 7200 604800 18000
+example.com.    3600    IN      RRSIG   SOA 3 2 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCM6lsu9byZIQ1yYjJmyYfFWM2RWAIUcR5t84r2La824oWCkLjmHXRQlco= ;{id = 2854}
+
+; NODATA response. H(www.example.com.) = s1unhcti19bkdr98fegs0v46mbu3t4m3
+s1unhcti19bkdr98fegs0v46mbu3t4m3.example.com. IN NSEC3  1 1 123 aabb00123456bbccdd s1unhcti19bkdr98fegs0v46mbu3t4m4 MX RRSIG
+s1unhcti19bkdr98fegs0v46mbu3t4m3.example.com.   3600    IN      RRSIG   NSEC3 3 3 3600 20070926135752 20070829135752 2854 example.com. MCwCFE/a24nsY2luhQmZjY/ObAIgNSMkAhQWd4MUOUVK55bD6AbMHWrDA0yvEA== ;{id = 2854}
+
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+ent.example.com. IN DS
+SECTION AUTHORITY
+; example.com. -> b6fuorg741ufili49mg9j4328ig53sqg.
+; OPTOUT
+b6fuorg741ufili49mg9j4328ig53sqg.example.com. IN NSEC3 1 1 123 aabb00123456bbccdd b6fuorg741ufili49mg9j4328ig54sqg NS SOA DNSKEY RRSIG
+b6fuorg741ufili49mg9j4328ig53sqg.example.com.	3600	IN	RRSIG	NSEC3 3 3 3600 20070926135752 20070829135752 2854 example.com. AHNLlpOM8cBFBBdzUO9nQC/O6mw3rDUrqcdiSwMKAIckd3k5WZvoP78=
+
+; ent.example.com. -> 2kekcu37chvrqjb272ptidu9jhk8oqag.
+; OPTOUT SPAN around it
+2kekcu37chvrqjb272ptidu9jhk7oqag.example.com. IN NSEC3 1 1 123 aabb00123456bbccdd 2kekcu37chvrqjb272ptidu9jhk9oqag
+2kekcu37chvrqjb272ptidu9jhk7oqag.example.com.	3600	IN	RRSIG	NSEC3 3 3 3600 20070926135752 20070829135752 2854 example.com. AFgtC3UEm/Tu4HIjfDHIDmZkvgwHF0kWKcD3wP2hs+/wOfaILtXBr4c=
+ENTRY_END
+
+; refer to server one down
+ENTRY_BEGIN
+MATCH opcode subdomain
+ADJUST copy_id copy_query
+REPLY QR NOERROR
+SECTION QUESTION
+ent.example.com. IN A
+SECTION AUTHORITY
+; example.com. -> b6fuorg741ufili49mg9j4328ig53sqg.
+; OPTOUT
+b6fuorg741ufili49mg9j4328ig53sqg.example.com. IN NSEC3 1 1 123 aabb00123456bbccdd b6fuorg741ufili49mg9j4328ig54sqg NS SOA DNSKEY RRSIG
+b6fuorg741ufili49mg9j4328ig53sqg.example.com.	3600	IN	RRSIG	NSEC3 3 3 3600 20070926135752 20070829135752 2854 example.com. AHNLlpOM8cBFBBdzUO9nQC/O6mw3rDUrqcdiSwMKAIckd3k5WZvoP78=
+
+; ent.example.com. -> 2kekcu37chvrqjb272ptidu9jhk8oqag.
+; OPTOUT SPAN around it
+2kekcu37chvrqjb272ptidu9jhk7oqag.example.com. IN NSEC3 1 1 123 aabb00123456bbccdd 2kekcu37chvrqjb272ptidu9jhk9oqag
+2kekcu37chvrqjb272ptidu9jhk7oqag.example.com.	3600	IN	RRSIG	NSEC3 3 3 3600 20070926135752 20070829135752 2854 example.com. AFgtC3UEm/Tu4HIjfDHIDmZkvgwHF0kWKcD3wP2hs+/wOfaILtXBr4c=
+ENTRY_END
+
+RANGE_END
+
+STEP 1 QUERY
+ENTRY_BEGIN
+REPLY RD DO
+SECTION QUESTION
+ent.example.com. IN A
+ENTRY_END
+
+; recursion happens here.
+STEP 10 CHECK_ANSWER
+ENTRY_BEGIN
+MATCH all
+REPLY QR RD RA DO NOERROR
+SECTION QUESTION
+ent.example.com. IN A
+SECTION ANSWER
+SECTION AUTHORITY
+b6fuorg741ufili49mg9j4328ig53sqg.example.com. IN NSEC3 1 1 123 aabb00123456bbccdd b6fuorg741ufili49mg9j4328ig54sqg NS SOA DNSKEY RRSIG
+b6fuorg741ufili49mg9j4328ig53sqg.example.com.	3600	IN	RRSIG	NSEC3 3 3 3600 20070926135752 20070829135752 2854 example.com. AHNLlpOM8cBFBBdzUO9nQC/O6mw3rDUrqcdiSwMKAIckd3k5WZvoP78=
+2kekcu37chvrqjb272ptidu9jhk7oqag.example.com. IN NSEC3 1 1 123 aabb00123456bbccdd 2kekcu37chvrqjb272ptidu9jhk9oqag
+2kekcu37chvrqjb272ptidu9jhk7oqag.example.com.	3600	IN	RRSIG	NSEC3 3 3 3600 20070926135752 20070829135752 2854 example.com. AFgtC3UEm/Tu4HIjfDHIDmZkvgwHF0kWKcD3wP2hs+/wOfaILtXBr4c=
+SECTION ADDITIONAL
+ENTRY_END
+
+SCENARIO_END
diff --git a/src/test/resources/unbound/val_nsec3_entnodata_optout_badopt.rpl b/src/test/resources/unbound/val_nsec3_entnodata_optout_badopt.rpl
new file mode 100644
index 000000000..7bf202e3a
--- /dev/null
+++ b/src/test/resources/unbound/val_nsec3_entnodata_optout_badopt.rpl
@@ -0,0 +1,198 @@
+; config options
+; The island of trust is at example.com
+server:
+	trust-anchor: "example.com.    3600    IN      DS      2854 3 1 46e4ffc6e9a4793b488954bd3f0cc6af0dfb201b"
+	val-override-date: "20070916134226"
+	target-fetch-policy: "0 0 0 0 0"
+	fake-sha1: yes
+	trust-anchor-signaling: no
+
+stub-zone:
+	name: "."
+	stub-addr: 193.0.14.129 	# K.ROOT-SERVERS.NET.
+CONFIG_END
+
+SCENARIO_BEGIN Test validator with NSEC3 response for NODATA ENT with optout. 
+
+; K.ROOT-SERVERS.NET.
+RANGE_BEGIN 0 100
+	ADDRESS 193.0.14.129 
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+. IN NS
+SECTION ANSWER
+. IN NS	K.ROOT-SERVERS.NET.
+SECTION ADDITIONAL
+K.ROOT-SERVERS.NET.	IN	A	193.0.14.129
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode subdomain
+ADJUST copy_id copy_query
+REPLY QR NOERROR
+SECTION QUESTION
+com. IN A
+SECTION AUTHORITY
+com.	IN NS	a.gtld-servers.net.
+SECTION ADDITIONAL
+a.gtld-servers.net.	IN 	A	192.5.6.30
+ENTRY_END
+RANGE_END
+
+; a.gtld-servers.net.
+RANGE_BEGIN 0 100
+	ADDRESS 192.5.6.30
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+com. IN NS
+SECTION ANSWER
+com.    IN NS   a.gtld-servers.net.
+SECTION ADDITIONAL
+a.gtld-servers.net.     IN      A       192.5.6.30
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode subdomain
+ADJUST copy_id copy_query
+REPLY QR NOERROR
+SECTION QUESTION
+example.com. IN A
+SECTION AUTHORITY
+example.com.	IN NS	ns.example.com.
+SECTION ADDITIONAL
+ns.example.com.		IN 	A	1.2.3.4
+ENTRY_END
+RANGE_END
+
+; ns.example.com.
+RANGE_BEGIN 0 100
+	ADDRESS 1.2.3.4
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR AA REFUSED
+SECTION QUESTION
+ns.example.com. IN A
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR AA REFUSED
+SECTION QUESTION
+ns.example.com. IN AAAA
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+example.com. IN NS
+SECTION ANSWER
+example.com.    IN NS   ns.example.com.
+example.com.    3600    IN      RRSIG   NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854}
+SECTION ADDITIONAL
+ns.example.com.         IN      A       1.2.3.4
+ns.example.com. 3600    IN      RRSIG   A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854}
+ENTRY_END
+
+; response to DNSKEY priming query
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+example.com. IN DNSKEY
+SECTION ANSWER
+example.com.    3600    IN      DNSKEY  256 3 3 ALXLUsWqUrY3JYER3T4TBJII s70j+sDS/UT2QRp61SE7S3E EXopNXoFE73JLRmvpi/UrOO/Vz4Se 6wXv/CYCKjGw06U4WRgR YXcpEhJROyNapmdIKSx hOzfLVE1gqA0PweZR8d tY3aNQSRn3sPpwJr6Mi /PqQKAMMrZ9ckJpf1+b QMOOvxgzz2U1GS18b3y ZKcgTMEaJzd/GZYzi/B N2DzQ0MsrSwYXfsNLFO Bbs8PJMW4LYIxeeOe6rUgkWOF 7CC9Dh/dduQ1QrsJhmZAEFfd6ByYV+ ;{id = 2854 (zsk), size = 1688b}
+example.com.    3600    IN      RRSIG   DNSKEY 3 2 3600 20070926134802 20070829134802 2854 example.com. MCwCFG1yhRNtTEa3Eno2zhVVuy2EJX3wAhQeLyUp6+UXcpC5qGNu9tkrTEgPUg== ;{id = 2854}
+SECTION AUTHORITY
+example.com.	IN NS	ns.example.com.
+example.com.    3600    IN      RRSIG   NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854}
+SECTION ADDITIONAL
+ns.example.com.		IN 	A	1.2.3.4
+ns.example.com. 3600    IN      RRSIG   A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854}
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+www.example.com. IN A
+SECTION AUTHORITY
+example.com.	IN SOA	ns.example.com. hostmaster.example.com. 2007090400 28800 7200 604800 18000
+example.com.    3600    IN      RRSIG   SOA 3 2 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCM6lsu9byZIQ1yYjJmyYfFWM2RWAIUcR5t84r2La824oWCkLjmHXRQlco= ;{id = 2854}
+
+; NODATA response. H(www.example.com.) = s1unhcti19bkdr98fegs0v46mbu3t4m3
+s1unhcti19bkdr98fegs0v46mbu3t4m3.example.com. IN NSEC3  1 1 123 aabb00123456bbccdd s1unhcti19bkdr98fegs0v46mbu3t4m4 MX RRSIG
+s1unhcti19bkdr98fegs0v46mbu3t4m3.example.com.   3600    IN      RRSIG   NSEC3 3 3 3600 20070926135752 20070829135752 2854 example.com. MCwCFE/a24nsY2luhQmZjY/ObAIgNSMkAhQWd4MUOUVK55bD6AbMHWrDA0yvEA== ;{id = 2854}
+
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+ent.example.com. IN DS
+SECTION AUTHORITY
+; example.com. -> b6fuorg741ufili49mg9j4328ig53sqg.
+; OPTOUT
+b6fuorg741ufili49mg9j4328ig53sqg.example.com. IN NSEC3 1 1 123 aabb00123456bbccdd b6fuorg741ufili49mg9j4328ig54sqg NS SOA DNSKEY RRSIG
+b6fuorg741ufili49mg9j4328ig53sqg.example.com.	3600	IN	RRSIG	NSEC3 3 3 3600 20070926135752 20070829135752 2854 example.com. AHNLlpOM8cBFBBdzUO9nQC/O6mw3rDUrqcdiSwMKAIckd3k5WZvoP78=
+
+; ent.example.com. -> 2kekcu37chvrqjb272ptidu9jhk8oqag.
+; the span does not have OPTOUT
+2kekcu37chvrqjb272ptidu9jhk7oqag.example.com. IN NSEC3 1 0 123 aabb00123456bbccdd 2kekcu37chvrqjb272ptidu9jhk9oqag
+2kekcu37chvrqjb272ptidu9jhk7oqag.example.com.	3600	IN	RRSIG	NSEC3 3 3 3600 20070926135752 20070829135752 2854 example.com. AAaGjBrmbElksOWsOAU0vdNwbRKsbsQgOwhFkONaynSk9M+2QpJQ6+k=
+ENTRY_END
+
+; refer to server one down
+ENTRY_BEGIN
+MATCH opcode subdomain
+ADJUST copy_id copy_query
+REPLY QR NOERROR
+SECTION QUESTION
+ent.example.com. IN A
+SECTION AUTHORITY
+; example.com. -> b6fuorg741ufili49mg9j4328ig53sqg.
+; OPTOUT
+b6fuorg741ufili49mg9j4328ig53sqg.example.com. IN NSEC3 1 1 123 aabb00123456bbccdd b6fuorg741ufili49mg9j4328ig54sqg NS SOA DNSKEY RRSIG
+b6fuorg741ufili49mg9j4328ig53sqg.example.com.	3600	IN	RRSIG	NSEC3 3 3 3600 20070926135752 20070829135752 2854 example.com. AHNLlpOM8cBFBBdzUO9nQC/O6mw3rDUrqcdiSwMKAIckd3k5WZvoP78=
+
+; ent.example.com. -> 2kekcu37chvrqjb272ptidu9jhk8oqag.
+; the span does not have OPTOUT
+2kekcu37chvrqjb272ptidu9jhk7oqag.example.com. IN NSEC3 1 0 123 aabb00123456bbccdd 2kekcu37chvrqjb272ptidu9jhk9oqag
+2kekcu37chvrqjb272ptidu9jhk7oqag.example.com.	3600	IN	RRSIG	NSEC3 3 3 3600 20070926135752 20070829135752 2854 example.com. AAaGjBrmbElksOWsOAU0vdNwbRKsbsQgOwhFkONaynSk9M+2QpJQ6+k=
+ENTRY_END
+
+RANGE_END
+
+STEP 1 QUERY
+ENTRY_BEGIN
+REPLY RD DO
+SECTION QUESTION
+ent.example.com. IN A
+ENTRY_END
+
+; recursion happens here.
+STEP 10 CHECK_ANSWER
+ENTRY_BEGIN
+MATCH all
+REPLY QR RD RA DO SERVFAIL
+SECTION QUESTION
+ent.example.com. IN A
+SECTION ANSWER
+SECTION AUTHORITY
+SECTION ADDITIONAL
+ENTRY_END
+
+SCENARIO_END
diff --git a/src/test/resources/unbound/val_nsec3_entnodata_optout_match.rpl b/src/test/resources/unbound/val_nsec3_entnodata_optout_match.rpl
new file mode 100644
index 000000000..daea3809c
--- /dev/null
+++ b/src/test/resources/unbound/val_nsec3_entnodata_optout_match.rpl
@@ -0,0 +1,202 @@
+; config options
+; The island of trust is at example.com
+server:
+	trust-anchor: "example.com.    3600    IN      DS      2854 3 1 46e4ffc6e9a4793b488954bd3f0cc6af0dfb201b"
+	val-override-date: "20070916134226"
+	target-fetch-policy: "0 0 0 0 0"
+	fake-sha1: yes
+	trust-anchor-signaling: no
+
+stub-zone:
+	name: "."
+	stub-addr: 193.0.14.129 	# K.ROOT-SERVERS.NET.
+CONFIG_END
+
+SCENARIO_BEGIN Test validator NODATA ENT with nsec3 optout matches the ent. 
+
+; K.ROOT-SERVERS.NET.
+RANGE_BEGIN 0 100
+	ADDRESS 193.0.14.129 
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+. IN NS
+SECTION ANSWER
+. IN NS	K.ROOT-SERVERS.NET.
+SECTION ADDITIONAL
+K.ROOT-SERVERS.NET.	IN	A	193.0.14.129
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode subdomain
+ADJUST copy_id copy_query
+REPLY QR NOERROR
+SECTION QUESTION
+com. IN A
+SECTION AUTHORITY
+com.	IN NS	a.gtld-servers.net.
+SECTION ADDITIONAL
+a.gtld-servers.net.	IN 	A	192.5.6.30
+ENTRY_END
+RANGE_END
+
+; a.gtld-servers.net.
+RANGE_BEGIN 0 100
+	ADDRESS 192.5.6.30
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+com. IN NS
+SECTION ANSWER
+com.    IN NS   a.gtld-servers.net.
+SECTION ADDITIONAL
+a.gtld-servers.net.     IN      A       192.5.6.30
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode subdomain
+ADJUST copy_id copy_query
+REPLY QR NOERROR
+SECTION QUESTION
+example.com. IN A
+SECTION AUTHORITY
+example.com.	IN NS	ns.example.com.
+SECTION ADDITIONAL
+ns.example.com.		IN 	A	1.2.3.4
+ENTRY_END
+RANGE_END
+
+; ns.example.com.
+RANGE_BEGIN 0 100
+	ADDRESS 1.2.3.4
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR AA REFUSED
+SECTION QUESTION
+ns.example.com. IN A
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR AA REFUSED
+SECTION QUESTION
+ns.example.com. IN AAAA
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+example.com. IN NS
+SECTION ANSWER
+example.com.    IN NS   ns.example.com.
+example.com.    3600    IN      RRSIG   NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854}
+SECTION ADDITIONAL
+ns.example.com.         IN      A       1.2.3.4
+ns.example.com. 3600    IN      RRSIG   A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854}
+ENTRY_END
+
+; response to DNSKEY priming query
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+example.com. IN DNSKEY
+SECTION ANSWER
+example.com.    3600    IN      DNSKEY  256 3 3 ALXLUsWqUrY3JYER3T4TBJII s70j+sDS/UT2QRp61SE7S3E EXopNXoFE73JLRmvpi/UrOO/Vz4Se 6wXv/CYCKjGw06U4WRgR YXcpEhJROyNapmdIKSx hOzfLVE1gqA0PweZR8d tY3aNQSRn3sPpwJr6Mi /PqQKAMMrZ9ckJpf1+b QMOOvxgzz2U1GS18b3y ZKcgTMEaJzd/GZYzi/B N2DzQ0MsrSwYXfsNLFO Bbs8PJMW4LYIxeeOe6rUgkWOF 7CC9Dh/dduQ1QrsJhmZAEFfd6ByYV+ ;{id = 2854 (zsk), size = 1688b}
+example.com.    3600    IN      RRSIG   DNSKEY 3 2 3600 20070926134802 20070829134802 2854 example.com. MCwCFG1yhRNtTEa3Eno2zhVVuy2EJX3wAhQeLyUp6+UXcpC5qGNu9tkrTEgPUg== ;{id = 2854}
+SECTION AUTHORITY
+example.com.	IN NS	ns.example.com.
+example.com.    3600    IN      RRSIG   NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854}
+SECTION ADDITIONAL
+ns.example.com.		IN 	A	1.2.3.4
+ns.example.com. 3600    IN      RRSIG   A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854}
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+www.example.com. IN A
+SECTION AUTHORITY
+example.com.	IN SOA	ns.example.com. hostmaster.example.com. 2007090400 28800 7200 604800 18000
+example.com.    3600    IN      RRSIG   SOA 3 2 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCM6lsu9byZIQ1yYjJmyYfFWM2RWAIUcR5t84r2La824oWCkLjmHXRQlco= ;{id = 2854}
+
+; NODATA response. H(www.example.com.) = s1unhcti19bkdr98fegs0v46mbu3t4m3
+s1unhcti19bkdr98fegs0v46mbu3t4m3.example.com. IN NSEC3  1 1 123 aabb00123456bbccdd s1unhcti19bkdr98fegs0v46mbu3t4m4 MX RRSIG
+s1unhcti19bkdr98fegs0v46mbu3t4m3.example.com.   3600    IN      RRSIG   NSEC3 3 3 3600 20070926135752 20070829135752 2854 example.com. MCwCFE/a24nsY2luhQmZjY/ObAIgNSMkAhQWd4MUOUVK55bD6AbMHWrDA0yvEA== ;{id = 2854}
+
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+ent.example.com. IN DS
+SECTION AUTHORITY
+; example.com. -> b6fuorg741ufili49mg9j4328ig53sqg.
+; OPTOUT
+b6fuorg741ufili49mg9j4328ig53sqg.example.com. IN NSEC3 1 1 123 aabb00123456bbccdd b6fuorg741ufili49mg9j4328ig54sqg NS SOA DNSKEY RRSIG
+b6fuorg741ufili49mg9j4328ig53sqg.example.com.	3600	IN	RRSIG	NSEC3 3 3 3600 20070926135752 20070829135752 2854 example.com. AHNLlpOM8cBFBBdzUO9nQC/O6mw3rDUrqcdiSwMKAIckd3k5WZvoP78=
+
+; ent.example.com. -> 2kekcu37chvrqjb272ptidu9jhk8oqag.
+; OPTOUT
+2kekcu37chvrqjb272ptidu9jhk8oqag.example.com. IN NSEC3 1 1 123 aabb00123456bbccdd 2kekcu37chvrqjb272ptidu9jhk9oqag
+2kekcu37chvrqjb272ptidu9jhk8oqag.example.com.	3600	IN	RRSIG	NSEC3 3 3 3600 20070926135752 20070829135752 2854 example.com. AJl6kanB5RTIcTJysEzDUNqQAr0ftIqzGzQw2+v8RLEbn3Yhi1bEfOQ=
+ENTRY_END
+
+; refer to server one down
+ENTRY_BEGIN
+MATCH opcode subdomain
+ADJUST copy_id copy_query
+REPLY QR NOERROR
+SECTION QUESTION
+ent.example.com. IN A
+SECTION AUTHORITY
+; example.com. -> b6fuorg741ufili49mg9j4328ig53sqg.
+; OPTOUT
+b6fuorg741ufili49mg9j4328ig53sqg.example.com. IN NSEC3 1 1 123 aabb00123456bbccdd b6fuorg741ufili49mg9j4328ig54sqg NS SOA DNSKEY RRSIG
+b6fuorg741ufili49mg9j4328ig53sqg.example.com.	3600	IN	RRSIG	NSEC3 3 3 3600 20070926135752 20070829135752 2854 example.com. AHNLlpOM8cBFBBdzUO9nQC/O6mw3rDUrqcdiSwMKAIckd3k5WZvoP78=
+
+; ent.example.com. -> 2kekcu37chvrqjb272ptidu9jhk8oqag.
+; OPTOUT
+2kekcu37chvrqjb272ptidu9jhk8oqag.example.com. IN NSEC3 1 1 123 aabb00123456bbccdd 2kekcu37chvrqjb272ptidu9jhk9oqag
+2kekcu37chvrqjb272ptidu9jhk8oqag.example.com.	3600	IN	RRSIG	NSEC3 3 3 3600 20070926135752 20070829135752 2854 example.com. AJl6kanB5RTIcTJysEzDUNqQAr0ftIqzGzQw2+v8RLEbn3Yhi1bEfOQ=
+ENTRY_END
+
+RANGE_END
+
+STEP 1 QUERY
+ENTRY_BEGIN
+REPLY RD DO
+SECTION QUESTION
+ent.example.com. IN A
+ENTRY_END
+
+; recursion happens here.
+STEP 10 CHECK_ANSWER
+ENTRY_BEGIN
+MATCH all
+REPLY QR RD RA AD DO NOERROR
+SECTION QUESTION
+ent.example.com. IN A
+SECTION ANSWER
+SECTION AUTHORITY
+b6fuorg741ufili49mg9j4328ig53sqg.example.com.   3600    IN      NSEC3   1 1 123 aabb00123456bbccdd  b6fuorg741ufili49mg9j4328ig54sqg NS SOA RRSIG DNSKEY 
+b6fuorg741ufili49mg9j4328ig53sqg.example.com.   3600    IN      RRSIG   NSEC3 3 3 3600 20070926135752 20070829135752 2854 example.com. AHNLlpOM8cBFBBdzUO9nQC/O6mw3rDUrqcdiSwMKAIckd3k5WZvoP78=
+2kekcu37chvrqjb272ptidu9jhk8oqag.example.com.   3600    IN      NSEC3   1 1 123 aabb00123456bbccdd  2kekcu37chvrqjb272ptidu9jhk9oqag
+2kekcu37chvrqjb272ptidu9jhk8oqag.example.com.   3600    IN      RRSIG   NSEC3 3 3 3600 20070926135752 20070829135752 2854 example.com. AJl6kanB5RTIcTJysEzDUNqQAr0ftIqzGzQw2+v8RLEbn3Yhi1bEfOQ=
+SECTION ADDITIONAL
+ENTRY_END
+
+SCENARIO_END
diff --git a/src/test/resources/unbound/val_nsec3_iter_high.rpl b/src/test/resources/unbound/val_nsec3_iter_high.rpl
new file mode 100644
index 000000000..2b78f0b7f
--- /dev/null
+++ b/src/test/resources/unbound/val_nsec3_iter_high.rpl
@@ -0,0 +1,165 @@
+; config options
+; The island of trust is at example.com
+server:
+	trust-anchor: "example.com.    3600    IN      DS      2854 3 1 46e4ffc6e9a4793b488954bd3f0cc6af0dfb201b"
+	val-override-date: "20070916134226"
+	val-nsec3-keysize-iterations: "1024 100 2048 200 4096 500"
+	target-fetch-policy: "0 0 0 0 0"
+	qname-minimisation: "no"
+	fake-sha1: yes
+	trust-anchor-signaling: no
+
+stub-zone:
+	name: "."
+	stub-addr: 193.0.14.129 	# K.ROOT-SERVERS.NET.
+CONFIG_END
+
+SCENARIO_BEGIN Test validator with nxdomain NSEC3 with too high iterations
+
+; K.ROOT-SERVERS.NET.
+RANGE_BEGIN 0 100
+	ADDRESS 193.0.14.129 
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+. IN NS
+SECTION ANSWER
+. IN NS	K.ROOT-SERVERS.NET.
+SECTION ADDITIONAL
+K.ROOT-SERVERS.NET.	IN	A	193.0.14.129
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+www.example.com. IN A
+SECTION AUTHORITY
+com.	IN NS	a.gtld-servers.net.
+SECTION ADDITIONAL
+a.gtld-servers.net.	IN 	A	192.5.6.30
+ENTRY_END
+RANGE_END
+
+; a.gtld-servers.net.
+RANGE_BEGIN 0 100
+	ADDRESS 192.5.6.30
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+com. IN NS
+SECTION ANSWER
+com.    IN NS   a.gtld-servers.net.
+SECTION ADDITIONAL
+a.gtld-servers.net.     IN      A       192.5.6.30
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+www.example.com. IN A
+SECTION AUTHORITY
+example.com.	IN NS	ns.example.com.
+SECTION ADDITIONAL
+ns.example.com.		IN 	A	1.2.3.4
+ENTRY_END
+RANGE_END
+
+; ns.example.com.
+RANGE_BEGIN 0 100
+	ADDRESS 1.2.3.4
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+example.com. IN NS
+SECTION ANSWER
+example.com.    IN NS   ns.example.com.
+example.com.    3600    IN      RRSIG   NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854}
+SECTION ADDITIONAL
+ns.example.com.         IN      A       1.2.3.4
+ns.example.com. 3600    IN      RRSIG   A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854}
+ENTRY_END
+
+; response to DNSKEY priming query
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+example.com. IN DNSKEY
+SECTION ANSWER
+example.com.    3600    IN      DNSKEY  256 3 3 ALXLUsWqUrY3JYER3T4TBJII s70j+sDS/UT2QRp61SE7S3E EXopNXoFE73JLRmvpi/UrOO/Vz4Se 6wXv/CYCKjGw06U4WRgR YXcpEhJROyNapmdIKSx hOzfLVE1gqA0PweZR8d tY3aNQSRn3sPpwJr6Mi /PqQKAMMrZ9ckJpf1+b QMOOvxgzz2U1GS18b3y ZKcgTMEaJzd/GZYzi/B N2DzQ0MsrSwYXfsNLFO Bbs8PJMW4LYIxeeOe6rUgkWOF 7CC9Dh/dduQ1QrsJhmZAEFfd6ByYV+ ;{id = 2854 (zsk), size = 1688b}
+example.com.    3600    IN      RRSIG   DNSKEY 3 2 3600 20070926134802 20070829134802 2854 example.com. MCwCFG1yhRNtTEa3Eno2zhVVuy2EJX3wAhQeLyUp6+UXcpC5qGNu9tkrTEgPUg== ;{id = 2854}
+SECTION AUTHORITY
+example.com.	IN NS	ns.example.com.
+example.com.    3600    IN      RRSIG   NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854}
+SECTION ADDITIONAL
+ns.example.com.		IN 	A	1.2.3.4
+ns.example.com. 3600    IN      RRSIG   A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854}
+ENTRY_END
+
+; response to query of interest
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NXDOMAIN
+SECTION QUESTION
+www.example.com. IN A
+SECTION ANSWER
+SECTION AUTHORITY
+example.com.	IN SOA	ns.example.com. hostmaster.example.com. 2007090400 28800 7200 604800 18000
+example.com.    3600    IN      RRSIG   SOA 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFCNGZ+/OfElYQMCZ77O9Lw9rhk7PAhUAmDcvTAst6Bq83qPq3r6c/Dm1nFc= ;{id = 2854}
+
+; closest encloser, H(example.com).
+6md8numosa4q9ugkffdo1bmm82t5j39s.example.com. NSEC3 1 1 8 - 6md8numosa4q9ugkffdo1bmm82t5j49s SOA NS MX DNSKEY RRSIG
+6md8numosa4q9ugkffdo1bmm82t5j39s.example.com.   3600    IN      RRSIG   NSEC3 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCz/LkFOFcaQzVnyySW9ZoVUnxh7gIUdxyS9vqVDzo8pGhFU+3YogN2ZRk= ;{id = 2854}
+
+; wildcard denial, H(*.example.com.) = 4f3cnt8cu22tngec382jj4gde4rb47ub
+4f3cnt8cu22tngec382jj4gde4rb46ub.example.com. NSEC3 1 1 0 - 4f3cnt8cu22tngec382jj4gde4rb48ub A MX RRSIG
+4f3cnt8cu22tngec382jj4gde4rb46ub.example.com.   3600    IN      RRSIG   NSEC3 3 3 3600 20070926135752 20070829135752 2854 example.com. MCwCFHS+i/OB/V/gYmS1eQTXieXIXGjsAhQQ0Ql7TW/hsUklrb0DfoyhVPG95Q== ;{id = 2854}
+
+; next closer name, H(www.example.com.) = s1unhcti19bkdr98fegs0v46mbu3t4m3.
+s1unhcti19bkdr98fegs0v46mbu3t4m2.example.com. NSEC3 1 1 123 aabb00123456bbccdd s1unhcti19bkdr98fegs0v46mbu3t4m4 A MX RRSIG
+s1unhcti19bkdr98fegs0v46mbu3t4m2.example.com.   3600    IN      RRSIG   NSEC3 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFFSH4klZKke48dYyddYDj17gjTS0AhUAltWicpFLWqW98/Af9Qlx70MH8o4= ;{id = 2854}
+
+ENTRY_END
+RANGE_END
+
+STEP 1 QUERY
+ENTRY_BEGIN
+REPLY RD DO
+SECTION QUESTION
+www.example.com. IN A
+ENTRY_END
+
+; recursion happens here.
+STEP 10 CHECK_ANSWER
+ENTRY_BEGIN
+MATCH all
+REPLY QR RD RA DO NXDOMAIN
+SECTION QUESTION
+www.example.com. IN A
+SECTION ANSWER
+SECTION AUTHORITY
+example.com.	IN SOA	ns.example.com. hostmaster.example.com. 2007090400 28800 7200 604800 18000
+example.com.    3600    IN      RRSIG   SOA 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFCNGZ+/OfElYQMCZ77O9Lw9rhk7PAhUAmDcvTAst6Bq83qPq3r6c/Dm1nFc= ;{id = 2854}
+6md8numosa4q9ugkffdo1bmm82t5j39s.example.com. NSEC3 1 1 8 - 6md8numosa4q9ugkffdo1bmm82t5j49s SOA NS MX DNSKEY RRSIG
+6md8numosa4q9ugkffdo1bmm82t5j39s.example.com.   3600    IN      RRSIG   NSEC3 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCz/LkFOFcaQzVnyySW9ZoVUnxh7gIUdxyS9vqVDzo8pGhFU+3YogN2ZRk= ;{id = 2854}
+4f3cnt8cu22tngec382jj4gde4rb46ub.example.com. NSEC3 1 1 0 - 4f3cnt8cu22tngec382jj4gde4rb48ub A MX RRSIG
+4f3cnt8cu22tngec382jj4gde4rb46ub.example.com.   3600    IN      RRSIG   NSEC3 3 3 3600 20070926135752 20070829135752 2854 example.com. MCwCFHS+i/OB/V/gYmS1eQTXieXIXGjsAhQQ0Ql7TW/hsUklrb0DfoyhVPG95Q== ;{id = 2854}
+s1unhcti19bkdr98fegs0v46mbu3t4m2.example.com. NSEC3 1 1 123 aabb00123456bbccdd s1unhcti19bkdr98fegs0v46mbu3t4m4 A MX RRSIG
+s1unhcti19bkdr98fegs0v46mbu3t4m2.example.com.   3600    IN      RRSIG   NSEC3 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFFSH4klZKke48dYyddYDj17gjTS0AhUAltWicpFLWqW98/Af9Qlx70MH8o4= ;{id = 2854}
+
+SECTION ADDITIONAL
+ENTRY_END
+
+SCENARIO_END
diff --git a/src/test/resources/unbound/val_nsec3_nodatawccname.rpl b/src/test/resources/unbound/val_nsec3_nodatawccname.rpl
new file mode 100644
index 000000000..48631bcb6
--- /dev/null
+++ b/src/test/resources/unbound/val_nsec3_nodatawccname.rpl
@@ -0,0 +1,170 @@
+; config options
+; The island of trust is at example.com
+server:
+	trust-anchor: "example.com.    3600    IN      DS      2854 3 1 46e4ffc6e9a4793b488954bd3f0cc6af0dfb201b"
+	val-override-date: "20070916134226"
+	target-fetch-policy: "0 0 0 0 0"
+	qname-minimisation: "no"
+	fake-sha1: yes
+	trust-anchor-signaling: no
+
+stub-zone:
+	name: "."
+	stub-addr: 193.0.14.129 	# K.ROOT-SERVERS.NET.
+CONFIG_END
+
+SCENARIO_BEGIN Test validator with nodata NSEC3 abused wildcarded CNAME.
+
+; K.ROOT-SERVERS.NET.
+RANGE_BEGIN 0 100
+	ADDRESS 193.0.14.129 
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+. IN NS
+SECTION ANSWER
+. IN NS	K.ROOT-SERVERS.NET.
+SECTION ADDITIONAL
+K.ROOT-SERVERS.NET.	IN	A	193.0.14.129
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+www.example.com. IN A
+SECTION AUTHORITY
+com.	IN NS	a.gtld-servers.net.
+SECTION ADDITIONAL
+a.gtld-servers.net.	IN 	A	192.5.6.30
+ENTRY_END
+RANGE_END
+
+; a.gtld-servers.net.
+RANGE_BEGIN 0 100
+	ADDRESS 192.5.6.30
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+com. IN NS
+SECTION ANSWER
+com.    IN NS   a.gtld-servers.net.
+SECTION ADDITIONAL
+a.gtld-servers.net.     IN      A       192.5.6.30
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode subdomain
+ADJUST copy_id copy_query
+REPLY QR NOERROR
+SECTION QUESTION
+example.com. IN A
+SECTION AUTHORITY
+example.com.	IN NS	ns.example.com.
+SECTION ADDITIONAL
+ns.example.com.		IN 	A	1.2.3.4
+ENTRY_END
+RANGE_END
+
+; ns.example.com.
+RANGE_BEGIN 0 100
+	ADDRESS 1.2.3.4
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR AA REFUSED
+SECTION QUESTION
+ns.example.com. IN A
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR AA REFUSED
+SECTION QUESTION
+ns.example.com. IN AAAA
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+example.com. IN NS
+SECTION ANSWER
+example.com.    IN NS   ns.example.com.
+example.com.    3600    IN      RRSIG   NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854}
+SECTION ADDITIONAL
+ns.example.com.         IN      A       1.2.3.4
+ns.example.com. 3600    IN      RRSIG   A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854}
+ENTRY_END
+
+; response to DNSKEY priming query
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+example.com. IN DNSKEY
+SECTION ANSWER
+example.com.    3600    IN      DNSKEY  256 3 3 ALXLUsWqUrY3JYER3T4TBJII s70j+sDS/UT2QRp61SE7S3E EXopNXoFE73JLRmvpi/UrOO/Vz4Se 6wXv/CYCKjGw06U4WRgR YXcpEhJROyNapmdIKSx hOzfLVE1gqA0PweZR8d tY3aNQSRn3sPpwJr6Mi /PqQKAMMrZ9ckJpf1+b QMOOvxgzz2U1GS18b3y ZKcgTMEaJzd/GZYzi/B N2DzQ0MsrSwYXfsNLFO Bbs8PJMW4LYIxeeOe6rUgkWOF 7CC9Dh/dduQ1QrsJhmZAEFfd6ByYV+ ;{id = 2854 (zsk), size = 1688b}
+example.com.    3600    IN      RRSIG   DNSKEY 3 2 3600 20070926134802 20070829134802 2854 example.com. MCwCFG1yhRNtTEa3Eno2zhVVuy2EJX3wAhQeLyUp6+UXcpC5qGNu9tkrTEgPUg== ;{id = 2854}
+SECTION AUTHORITY
+example.com.	IN NS	ns.example.com.
+example.com.    3600    IN      RRSIG   NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854}
+SECTION ADDITIONAL
+ns.example.com.		IN 	A	1.2.3.4
+ns.example.com. 3600    IN      RRSIG   A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854}
+ENTRY_END
+
+; response to query of interest
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+www.example.com. IN A
+SECTION ANSWER
+SECTION AUTHORITY
+example.com.	IN SOA	ns.example.com. hostmaster.example.com. 2007090400 28800 7200 604800 18000
+example.com.    3600    IN      RRSIG   SOA 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFCNGZ+/OfElYQMCZ77O9Lw9rhk7PAhUAmDcvTAst6Bq83qPq3r6c/Dm1nFc= ;{id = 2854}
+; closest encloser
+6md8numosa4q9ugkffdo1bmm82t5j39s.example.com. NSEC3 1 1 8 - 6md8numosa4q9ugkffdo1bmm82t5j49s SOA NS MX DNSKEY RRSIG
+6md8numosa4q9ugkffdo1bmm82t5j39s.example.com.   3600    IN      RRSIG   NSEC3 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCz/LkFOFcaQzVnyySW9ZoVUnxh7gIUdxyS9vqVDzo8pGhFU+3YogN2ZRk= ;{id = 2854}
+
+; wildcard H(*.example.com.) = 4f3cnt8cu22tngec382jj4gde4rb47ub
+4f3cnt8cu22tngec382jj4gde4rb47ub.example.com. NSEC3 1 1 0 - 4f3cnt8cu22tngec382jj4gde4rb48ub CNAME RRSIG
+4f3cnt8cu22tngec382jj4gde4rb47ub.example.com.   3600    IN      RRSIG   NSEC3 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFHo9PHBS+MkNWl2DVXH1h1Z8p0yFAhUAjBVKA5s0q5Bt8YOGdY1+9J6GmDU= ;{id = 2854}
+
+; next closer name, H(www.example.com.) = s1unhcti19bkdr98fegs0v46mbu3t4m3.
+s1unhcti19bkdr98fegs0v46mbu3t4m2.example.com. NSEC3 1 1 123 aabb00123456bbccdd s1unhcti19bkdr98fegs0v46mbu3t4m4 A MX RRSIG
+s1unhcti19bkdr98fegs0v46mbu3t4m2.example.com.   3600    IN      RRSIG   NSEC3 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFFSH4klZKke48dYyddYDj17gjTS0AhUAltWicpFLWqW98/Af9Qlx70MH8o4= ;{id = 2854}
+
+ENTRY_END
+RANGE_END
+
+STEP 1 QUERY
+ENTRY_BEGIN
+REPLY RD
+SECTION QUESTION
+www.example.com. IN A
+ENTRY_END
+
+; recursion happens here.
+STEP 10 CHECK_ANSWER
+ENTRY_BEGIN
+MATCH all
+REPLY QR RD RA SERVFAIL
+SECTION QUESTION
+www.example.com. IN A
+SECTION ANSWER
+SECTION AUTHORITY
+SECTION ADDITIONAL
+ENTRY_END
+
+SCENARIO_END
diff --git a/src/test/resources/unbound/val_nsec3_nods.rpl b/src/test/resources/unbound/val_nsec3_nods.rpl
new file mode 100644
index 000000000..7151e11ee
--- /dev/null
+++ b/src/test/resources/unbound/val_nsec3_nods.rpl
@@ -0,0 +1,221 @@
+; config options
+; The island of trust is at example.com
+server:
+	trust-anchor: "example.com.    3600    IN      DS      2854 3 1 46e4ffc6e9a4793b488954bd3f0cc6af0dfb201b"
+	val-override-date: "20070916134226"
+	target-fetch-policy: "0 0 0 0 0"
+	qname-minimisation: "no"
+	fake-sha1: yes
+	trust-anchor-signaling: no
+
+stub-zone:
+	name: "."
+	stub-addr: 193.0.14.129 	# K.ROOT-SERVERS.NET.
+CONFIG_END
+
+SCENARIO_BEGIN Test validator with NSEC3 with no DS referral.
+
+; K.ROOT-SERVERS.NET.
+RANGE_BEGIN 0 100
+	ADDRESS 193.0.14.129 
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+. IN NS
+SECTION ANSWER
+. IN NS	K.ROOT-SERVERS.NET.
+SECTION ADDITIONAL
+K.ROOT-SERVERS.NET.	IN	A	193.0.14.129
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+www.sub.example.com. IN A
+SECTION AUTHORITY
+com.	IN NS	a.gtld-servers.net.
+SECTION ADDITIONAL
+a.gtld-servers.net.	IN 	A	192.5.6.30
+ENTRY_END
+RANGE_END
+
+; a.gtld-servers.net.
+RANGE_BEGIN 0 100
+	ADDRESS 192.5.6.30
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+com. IN NS
+SECTION ANSWER
+com.    IN NS   a.gtld-servers.net.
+SECTION ADDITIONAL
+a.gtld-servers.net.     IN      A       192.5.6.30
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+www.sub.example.com. IN A
+SECTION AUTHORITY
+example.com.	IN NS	ns.example.com.
+SECTION ADDITIONAL
+ns.example.com.		IN 	A	1.2.3.4
+ENTRY_END
+RANGE_END
+
+; ns.example.com.
+RANGE_BEGIN 0 100
+	ADDRESS 1.2.3.4
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+example.com. IN NS
+SECTION ANSWER
+example.com.    IN NS   ns.example.com.
+example.com.    3600    IN      RRSIG   NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854}
+SECTION ADDITIONAL
+ns.example.com.         IN      A       1.2.3.4
+ns.example.com. 3600    IN      RRSIG   A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854}
+ENTRY_END
+
+; response to DNSKEY priming query
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+example.com. IN DNSKEY
+SECTION ANSWER
+example.com.    3600    IN      DNSKEY  256 3 3 ALXLUsWqUrY3JYER3T4TBJII s70j+sDS/UT2QRp61SE7S3E EXopNXoFE73JLRmvpi/UrOO/Vz4Se 6wXv/CYCKjGw06U4WRgR YXcpEhJROyNapmdIKSx hOzfLVE1gqA0PweZR8d tY3aNQSRn3sPpwJr6Mi /PqQKAMMrZ9ckJpf1+b QMOOvxgzz2U1GS18b3y ZKcgTMEaJzd/GZYzi/B N2DzQ0MsrSwYXfsNLFO Bbs8PJMW4LYIxeeOe6rUgkWOF 7CC9Dh/dduQ1QrsJhmZAEFfd6ByYV+ ;{id = 2854 (zsk), size = 1688b}
+example.com.    3600    IN      RRSIG   DNSKEY 3 2 3600 20070926134802 20070829134802 2854 example.com. MCwCFG1yhRNtTEa3Eno2zhVVuy2EJX3wAhQeLyUp6+UXcpC5qGNu9tkrTEgPUg== ;{id = 2854}
+SECTION AUTHORITY
+example.com.	IN NS	ns.example.com.
+example.com.    3600    IN      RRSIG   NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854}
+SECTION ADDITIONAL
+ns.example.com.		IN 	A	1.2.3.4
+ns.example.com. 3600    IN      RRSIG   A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854}
+ENTRY_END
+
+; response to query of interest
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+www.example.com. IN A
+SECTION AUTHORITY
+example.com.	IN SOA	ns.example.com. hostmaster.example.com. 2007090400 28800 7200 604800 18000
+example.com.    3600    IN      RRSIG   SOA 3 2 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCM6lsu9byZIQ1yYjJmyYfFWM2RWAIUcR5t84r2La824oWCkLjmHXRQlco= ;{id = 2854}
+
+; NODATA response. H(www.example.com.) = s1unhcti19bkdr98fegs0v46mbu3t4m3
+s1unhcti19bkdr98fegs0v46mbu3t4m3.example.com. IN NSEC3  1 1 123 aabb00123456bbccdd s1unhcti19bkdr98fegs0v46mbu3t4m4 MX RRSIG
+s1unhcti19bkdr98fegs0v46mbu3t4m3.example.com.   3600    IN      RRSIG   NSEC3 3 3 3600 20070926135752 20070829135752 2854 example.com. MCwCFE/a24nsY2luhQmZjY/ObAIgNSMkAhQWd4MUOUVK55bD6AbMHWrDA0yvEA== ;{id = 2854}
+
+ENTRY_END
+
+; refer to server one down
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+www.sub.example.com. IN A
+SECTION AUTHORITY
+sub.example.com. IN NS ns.sub.example.com.
+; proof that there is no DS here.
+;sub.example.com.        3600    IN      DS      2854 DSA 1 be4d46cd7489cce25a31af0dff2968ce0425dd31
+;sub.example.com.        3600    IN      RRSIG   DS 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQC1WMTfb25sTgeUEXCFR4+YiJqecwIUc2R/jrO4amyQxovSnld2reg8eyo= ;{id = 2854}
+; sub.example.com. -> 8r1f0ieoutlnjc03meng9e3bn2n0o9pd.
+8r1f0ieoutlnjc03meng9e3bn2n0o9pd.example.com. IN NSEC3 1 1 123 aabb00123456bbccdd 8r1f0ieoutlnjc03meng9e3bn3n0o9pd NS RRSIG
+8r1f0ieoutlnjc03meng9e3bn2n0o9pd.example.com.   3600    IN      RRSIG   NSEC3 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFEC78oZJjqlV6kVyQb4X0o6tsUpUAhUAk+bgth7eeN+aO8ts2+yLSyzSX9g= ;{id = 2854}
+
+SECTION ADDITIONAL
+ns.sub.example.com. IN A 1.2.3.10
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+sub.example.com. IN DS
+SECTION AUTHORITY
+; proof that there is no DS here.
+;sub.example.com.        3600    IN      DS      2854 DSA 1 be4d46cd7489cce25a31af0dff2968ce0425dd31
+;sub.example.com.        3600    IN      RRSIG   DS 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQC1WMTfb25sTgeUEXCFR4+YiJqecwIUc2R/jrO4amyQxovSnld2reg8eyo= ;{id = 2854}
+; sub.example.com. -> 8r1f0ieoutlnjc03meng9e3bn2n0o9pd.
+8r1f0ieoutlnjc03meng9e3bn2n0o9pd.example.com. IN NSEC3 1 1 123 aabb00123456bbccdd 8r1f0ieoutlnjc03meng9e3bn3n0o9pd NS RRSIG
+8r1f0ieoutlnjc03meng9e3bn2n0o9pd.example.com.   3600    IN      RRSIG   NSEC3 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFEC78oZJjqlV6kVyQb4X0o6tsUpUAhUAk+bgth7eeN+aO8ts2+yLSyzSX9g= ;{id = 2854}
+ENTRY_END
+RANGE_END
+
+; ns.sub.example.com.
+RANGE_BEGIN 0 100
+	ADDRESS 1.2.3.10
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR REFUSED
+SECTION QUESTION
+sub.example.com. IN NS
+SECTION ANSWER
+ENTRY_END
+
+
+; response to DNSKEY priming query
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+sub.example.com. IN DNSKEY
+SECTION ANSWER
+sub.example.com.    3600    IN      DNSKEY  256 3 3 ALXLUsWqUrY3JYER3T4TBJII s70j+sDS/UT2QRp61SE7S3E EXopNXoFE73JLRmvpi/UrOO/Vz4Se 6wXv/CYCKjGw06U4WRgR YXcpEhJROyNapmdIKSx hOzfLVE1gqA0PweZR8d tY3aNQSRn3sPpwJr6Mi /PqQKAMMrZ9ckJpf1+b QMOOvxgzz2U1GS18b3y ZKcgTMEaJzd/GZYzi/B N2DzQ0MsrSwYXfsNLFO Bbs8PJMW4LYIxeeOe6rUgkWOF 7CC9Dh/dduQ1QrsJhmZAEFfd6ByYV+ ;{id = 2854 (zsk), size = 1688b}
+sub.example.com.        3600    IN      RRSIG   DNSKEY 3 3 3600 20070926135752 20070829135752 2854 sub.example.com. MCwCFBznBTYM/SrdUnjQdBnLtRO79KAaAhQReG5nRuL7Xsdf6D0KKwPa1GpWyQ== ;{id = 2854}
+
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+www.sub.example.com. IN A
+SECTION ANSWER
+www.sub.example.com. IN A 1.2.3.123
+www.sub.example.com.    3600    IN      RRSIG   A 3 4 3600 20070926135752 20070829135752 2854 sub.example.com. MC0CFEExteiCsLkRi/md6o5K8BhRJAKFAhUAgg2tkvwaDn8Xbm9q+5xnjvgIB8k= ;{id = 2854}
+ENTRY_END
+RANGE_END
+
+STEP 1 QUERY
+ENTRY_BEGIN
+REPLY RD DO
+SECTION QUESTION
+www.sub.example.com. IN A
+ENTRY_END
+
+; recursion happens here.
+STEP 10 CHECK_ANSWER
+ENTRY_BEGIN
+MATCH all
+REPLY QR RD RA DO NOERROR
+SECTION QUESTION
+www.sub.example.com. IN A
+SECTION ANSWER
+www.sub.example.com. IN A 1.2.3.123
+www.sub.example.com.    3600    IN      RRSIG   A 3 4 3600 20070926135752 20070829135752 2854 sub.example.com. MC0CFEExteiCsLkRi/md6o5K8BhRJAKFAhUAgg2tkvwaDn8Xbm9q+5xnjvgIB8k= ;{id = 2854}
+SECTION AUTHORITY
+SECTION ADDITIONAL
+ENTRY_END
+
+SCENARIO_END
diff --git a/src/test/resources/unbound/val_nsec3_nods_badopt.rpl b/src/test/resources/unbound/val_nsec3_nods_badopt.rpl
new file mode 100644
index 000000000..6ddd47431
--- /dev/null
+++ b/src/test/resources/unbound/val_nsec3_nods_badopt.rpl
@@ -0,0 +1,249 @@
+; config options
+; The island of trust is at example.com
+server:
+	trust-anchor: "example.com.    3600    IN      DS      2854 3 1 46e4ffc6e9a4793b488954bd3f0cc6af0dfb201b"
+	val-override-date: "20070916134226"
+	target-fetch-policy: "0 0 0 0 0"
+	qname-minimisation: "no"
+	fake-sha1: yes
+	trust-anchor-signaling: no
+
+stub-zone:
+	name: "."
+	stub-addr: 193.0.14.129 	# K.ROOT-SERVERS.NET.
+CONFIG_END
+
+SCENARIO_BEGIN Test validator with NSEC3 with no DS with wrong optout bit.
+
+; K.ROOT-SERVERS.NET.
+RANGE_BEGIN 0 100
+	ADDRESS 193.0.14.129 
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+. IN NS
+SECTION ANSWER
+. IN NS	K.ROOT-SERVERS.NET.
+SECTION ADDITIONAL
+K.ROOT-SERVERS.NET.	IN	A	193.0.14.129
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+www.sub.example.com. IN A
+SECTION AUTHORITY
+com.	IN NS	a.gtld-servers.net.
+SECTION ADDITIONAL
+a.gtld-servers.net.	IN 	A	192.5.6.30
+ENTRY_END
+RANGE_END
+
+; a.gtld-servers.net.
+RANGE_BEGIN 0 100
+	ADDRESS 192.5.6.30
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+com. IN NS
+SECTION ANSWER
+com.    IN NS   a.gtld-servers.net.
+SECTION ADDITIONAL
+a.gtld-servers.net.     IN      A       192.5.6.30
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode subdomain
+ADJUST copy_id copy_query
+REPLY QR NOERROR
+SECTION QUESTION
+example.com. IN A
+SECTION AUTHORITY
+example.com.	IN NS	ns.example.com.
+SECTION ADDITIONAL
+ns.example.com.		IN 	A	1.2.3.4
+ENTRY_END
+RANGE_END
+
+; ns.example.com.
+RANGE_BEGIN 0 100
+	ADDRESS 1.2.3.4
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR AA REFUSED
+SECTION QUESTION
+ns.example.com. IN A
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR AA REFUSED
+SECTION QUESTION
+ns.example.com. IN AAAA
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+example.com. IN NS
+SECTION ANSWER
+example.com.    IN NS   ns.example.com.
+example.com.    3600    IN      RRSIG   NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854}
+SECTION ADDITIONAL
+ns.example.com.         IN      A       1.2.3.4
+ns.example.com. 3600    IN      RRSIG   A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854}
+ENTRY_END
+
+; response to DNSKEY priming query
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+example.com. IN DNSKEY
+SECTION ANSWER
+example.com.    3600    IN      DNSKEY  256 3 3 ALXLUsWqUrY3JYER3T4TBJII s70j+sDS/UT2QRp61SE7S3E EXopNXoFE73JLRmvpi/UrOO/Vz4Se 6wXv/CYCKjGw06U4WRgR YXcpEhJROyNapmdIKSx hOzfLVE1gqA0PweZR8d tY3aNQSRn3sPpwJr6Mi /PqQKAMMrZ9ckJpf1+b QMOOvxgzz2U1GS18b3y ZKcgTMEaJzd/GZYzi/B N2DzQ0MsrSwYXfsNLFO Bbs8PJMW4LYIxeeOe6rUgkWOF 7CC9Dh/dduQ1QrsJhmZAEFfd6ByYV+ ;{id = 2854 (zsk), size = 1688b}
+example.com.    3600    IN      RRSIG   DNSKEY 3 2 3600 20070926134802 20070829134802 2854 example.com. MCwCFG1yhRNtTEa3Eno2zhVVuy2EJX3wAhQeLyUp6+UXcpC5qGNu9tkrTEgPUg== ;{id = 2854}
+SECTION AUTHORITY
+example.com.	IN NS	ns.example.com.
+example.com.    3600    IN      RRSIG   NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854}
+SECTION ADDITIONAL
+ns.example.com.		IN 	A	1.2.3.4
+ns.example.com. 3600    IN      RRSIG   A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854}
+ENTRY_END
+
+; response to query of interest
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+www.example.com. IN A
+SECTION AUTHORITY
+example.com.	IN SOA	ns.example.com. hostmaster.example.com. 2007090400 28800 7200 604800 18000
+example.com.    3600    IN      RRSIG   SOA 3 2 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCM6lsu9byZIQ1yYjJmyYfFWM2RWAIUcR5t84r2La824oWCkLjmHXRQlco= ;{id = 2854}
+
+; NODATA response. H(www.example.com.) = s1unhcti19bkdr98fegs0v46mbu3t4m3
+s1unhcti19bkdr98fegs0v46mbu3t4m3.example.com. IN NSEC3  1 1 123 aabb00123456bbccdd s1unhcti19bkdr98fegs0v46mbu3t4m4 MX RRSIG
+s1unhcti19bkdr98fegs0v46mbu3t4m3.example.com.   3600    IN      RRSIG   NSEC3 3 3 3600 20070926135752 20070829135752 2854 example.com. MCwCFE/a24nsY2luhQmZjY/ObAIgNSMkAhQWd4MUOUVK55bD6AbMHWrDA0yvEA== ;{id = 2854}
+
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+sub.example.com. IN DS
+SECTION AUTHORITY
+; proof that there is no DS here.
+;sub.example.com.        3600    IN      DS      2854 DSA 1 be4d46cd7489cce25a31af0dff2968ce0425dd31
+;sub.example.com.        3600    IN      RRSIG   DS 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQC1WMTfb25sTgeUEXCFR4+YiJqecwIUc2R/jrO4amyQxovSnld2reg8eyo= ;{id = 2854}
+; example.com. -> b6fuorg741ufili49mg9j4328ig53sqg.
+b6fuorg741ufili49mg9j4328ig53sqg.example.com. IN NSEC3 1 0 123 aabb00123456bbccdd b6fuorg741ufili49mg9j4328ig54sqg NS SOA DNSKEY RRSIG
+b6fuorg741ufili49mg9j4328ig53sqg.example.com.   3600    IN      RRSIG   NSEC3 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFEtLEiFNr2V6qJOHUxIRQ4ittparAhUAm+WN3aqAHEgiQQEeX9z4S0Ub/dM= ;{id = 2854}
+; sub.example.com. -> 8r1f0ieoutlnjc03meng9e3bn2n0o9pd.
+8r1f0ieoutlnjc03meng9e3bn1n0o9pd.example.com. IN NSEC3 1 0 123 aabb00123456bbccdd 8r1f0ieoutlnjc03meng9e3bn3n0o9pd NS RRSIG
+8r1f0ieoutlnjc03meng9e3bn1n0o9pd.example.com.   3600    IN      RRSIG   NSEC3 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCategdxsiQTpOMHED1ehjPT7PO2gIUDJ9f/zGCEUHy/UVp97aOh0RRoks= ;{id = 2854}
+ENTRY_END
+
+; refer to server one down
+ENTRY_BEGIN
+MATCH opcode subdomain
+ADJUST copy_id copy_query
+REPLY QR NOERROR
+SECTION QUESTION
+sub.example.com. IN A
+SECTION AUTHORITY
+sub.example.com. IN NS ns.sub.example.com.
+; proof that there is no DS here.
+;sub.example.com.        3600    IN      DS      2854 DSA 1 be4d46cd7489cce25a31af0dff2968ce0425dd31
+;sub.example.com.        3600    IN      RRSIG   DS 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQC1WMTfb25sTgeUEXCFR4+YiJqecwIUc2R/jrO4amyQxovSnld2reg8eyo= ;{id = 2854}
+; example.com. -> b6fuorg741ufili49mg9j4328ig53sqg.
+b6fuorg741ufili49mg9j4328ig53sqg.example.com. IN NSEC3 1 0 123 aabb00123456bbccdd b6fuorg741ufili49mg9j4328ig54sqg NS SOA DNSKEY RRSIG
+b6fuorg741ufili49mg9j4328ig53sqg.example.com.   3600    IN      RRSIG   NSEC3 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFEtLEiFNr2V6qJOHUxIRQ4ittparAhUAm+WN3aqAHEgiQQEeX9z4S0Ub/dM= ;{id = 2854}
+; sub.example.com. -> 8r1f0ieoutlnjc03meng9e3bn2n0o9pd.
+8r1f0ieoutlnjc03meng9e3bn1n0o9pd.example.com. IN NSEC3 1 0 123 aabb00123456bbccdd 8r1f0ieoutlnjc03meng9e3bn3n0o9pd NS RRSIG
+8r1f0ieoutlnjc03meng9e3bn1n0o9pd.example.com.   3600    IN      RRSIG   NSEC3 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCategdxsiQTpOMHED1ehjPT7PO2gIUDJ9f/zGCEUHy/UVp97aOh0RRoks= ;{id = 2854}
+
+SECTION ADDITIONAL
+ns.sub.example.com. IN A 1.2.3.10
+ENTRY_END
+
+RANGE_END
+
+; ns.sub.example.com.
+RANGE_BEGIN 0 100
+	ADDRESS 1.2.3.10
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR AA REFUSED
+SECTION QUESTION
+ns.sub.example.com. IN AAAA
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR REFUSED
+SECTION QUESTION
+sub.example.com. IN NS
+SECTION ANSWER
+ENTRY_END
+
+; response to DNSKEY priming query
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+sub.example.com. IN DNSKEY
+SECTION ANSWER
+sub.example.com.    3600    IN      DNSKEY  256 3 3 ALXLUsWqUrY3JYER3T4TBJII s70j+sDS/UT2QRp61SE7S3E EXopNXoFE73JLRmvpi/UrOO/Vz4Se 6wXv/CYCKjGw06U4WRgR YXcpEhJROyNapmdIKSx hOzfLVE1gqA0PweZR8d tY3aNQSRn3sPpwJr6Mi /PqQKAMMrZ9ckJpf1+b QMOOvxgzz2U1GS18b3y ZKcgTMEaJzd/GZYzi/B N2DzQ0MsrSwYXfsNLFO Bbs8PJMW4LYIxeeOe6rUgkWOF 7CC9Dh/dduQ1QrsJhmZAEFfd6ByYV+ ;{id = 2854 (zsk), size = 1688b}
+sub.example.com.        3600    IN      RRSIG   DNSKEY 3 3 3600 20070926135752 20070829135752 2854 sub.example.com. MCwCFBznBTYM/SrdUnjQdBnLtRO79KAaAhQReG5nRuL7Xsdf6D0KKwPa1GpWyQ== ;{id = 2854}
+
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+www.sub.example.com. IN A
+SECTION ANSWER
+www.sub.example.com. IN A 1.2.3.123
+www.sub.example.com.    3600    IN      RRSIG   A 3 4 3600 20070926135752 20070829135752 2854 sub.example.com. MC0CFEExteiCsLkRi/md6o5K8BhRJAKFAhUAgg2tkvwaDn8Xbm9q+5xnjvgIB8k= ;{id = 2854}
+ENTRY_END
+RANGE_END
+
+STEP 1 QUERY
+ENTRY_BEGIN
+REPLY RD
+SECTION QUESTION
+www.sub.example.com. IN A
+ENTRY_END
+
+; recursion happens here.
+STEP 10 CHECK_ANSWER
+ENTRY_BEGIN
+MATCH all
+REPLY QR RD RA SERVFAIL
+SECTION QUESTION
+www.sub.example.com. IN A
+SECTION ANSWER
+SECTION AUTHORITY
+SECTION ADDITIONAL
+ENTRY_END
+
+SCENARIO_END
diff --git a/src/test/resources/unbound/val_nsec3_nods_badsig.rpl b/src/test/resources/unbound/val_nsec3_nods_badsig.rpl
new file mode 100644
index 000000000..1c37d21e1
--- /dev/null
+++ b/src/test/resources/unbound/val_nsec3_nods_badsig.rpl
@@ -0,0 +1,238 @@
+; config options
+; The island of trust is at example.com
+server:
+	trust-anchor: "example.com.    3600    IN      DS      2854 3 1 46e4ffc6e9a4793b488954bd3f0cc6af0dfb201b"
+	val-override-date: "20070916134226"
+	target-fetch-policy: "0 0 0 0 0"
+	qname-minimisation: "no"
+	fake-sha1: yes
+	trust-anchor-signaling: no
+
+stub-zone:
+	name: "."
+	stub-addr: 193.0.14.129 	# K.ROOT-SERVERS.NET.
+CONFIG_END
+
+SCENARIO_BEGIN Test validator with NSEC3 with no DS referral with bad signature.
+
+; K.ROOT-SERVERS.NET.
+RANGE_BEGIN 0 100
+	ADDRESS 193.0.14.129 
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+. IN NS
+SECTION ANSWER
+. IN NS	K.ROOT-SERVERS.NET.
+SECTION ADDITIONAL
+K.ROOT-SERVERS.NET.	IN	A	193.0.14.129
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode subdomain
+ADJUST copy_id copy_query
+REPLY QR NOERROR
+SECTION QUESTION
+com. IN A
+SECTION AUTHORITY
+com.	IN NS	a.gtld-servers.net.
+SECTION ADDITIONAL
+a.gtld-servers.net.	IN 	A	192.5.6.30
+ENTRY_END
+RANGE_END
+
+; a.gtld-servers.net.
+RANGE_BEGIN 0 100
+	ADDRESS 192.5.6.30
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+com. IN NS
+SECTION ANSWER
+com.    IN NS   a.gtld-servers.net.
+SECTION ADDITIONAL
+a.gtld-servers.net.     IN      A       192.5.6.30
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode subdomain
+ADJUST copy_id copy_query
+REPLY QR NOERROR
+SECTION QUESTION
+example.com. IN A
+SECTION AUTHORITY
+example.com.	IN NS	ns.example.com.
+SECTION ADDITIONAL
+ns.example.com.		IN 	A	1.2.3.4
+ENTRY_END
+RANGE_END
+
+; ns.example.com.
+RANGE_BEGIN 0 100
+	ADDRESS 1.2.3.4
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR AA REFUSED
+SECTION QUESTION
+ns.example.com. IN A
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR AA REFUSED
+SECTION QUESTION
+ns.example.com. IN AAAA
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+example.com. IN NS
+SECTION ANSWER
+example.com.    IN NS   ns.example.com.
+example.com.    3600    IN      RRSIG   NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854}
+SECTION ADDITIONAL
+ns.example.com.         IN      A       1.2.3.4
+ns.example.com. 3600    IN      RRSIG   A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854}
+ENTRY_END
+
+; response to DNSKEY priming query
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+example.com. IN DNSKEY
+SECTION ANSWER
+example.com.    3600    IN      DNSKEY  256 3 3 ALXLUsWqUrY3JYER3T4TBJII s70j+sDS/UT2QRp61SE7S3E EXopNXoFE73JLRmvpi/UrOO/Vz4Se 6wXv/CYCKjGw06U4WRgR YXcpEhJROyNapmdIKSx hOzfLVE1gqA0PweZR8d tY3aNQSRn3sPpwJr6Mi /PqQKAMMrZ9ckJpf1+b QMOOvxgzz2U1GS18b3y ZKcgTMEaJzd/GZYzi/B N2DzQ0MsrSwYXfsNLFO Bbs8PJMW4LYIxeeOe6rUgkWOF 7CC9Dh/dduQ1QrsJhmZAEFfd6ByYV+ ;{id = 2854 (zsk), size = 1688b}
+example.com.    3600    IN      RRSIG   DNSKEY 3 2 3600 20070926134802 20070829134802 2854 example.com. MCwCFG1yhRNtTEa3Eno2zhVVuy2EJX3wAhQeLyUp6+UXcpC5qGNu9tkrTEgPUg== ;{id = 2854}
+SECTION AUTHORITY
+example.com.	IN NS	ns.example.com.
+example.com.    3600    IN      RRSIG   NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854}
+SECTION ADDITIONAL
+ns.example.com.		IN 	A	1.2.3.4
+ns.example.com. 3600    IN      RRSIG   A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854}
+ENTRY_END
+
+; response to query of interest
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+www.example.com. IN A
+SECTION AUTHORITY
+example.com.	IN SOA	ns.example.com. hostmaster.example.com. 2007090400 28800 7200 604800 18000
+example.com.    3600    IN      RRSIG   SOA 3 2 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCM6lsu9byZIQ1yYjJmyYfFWM2RWAIUcR5t84r2La824oWCkLjmHXRQlco= ;{id = 2854}
+
+; NODATA response. H(www.example.com.) = s1unhcti19bkdr98fegs0v46mbu3t4m3
+s1unhcti19bkdr98fegs0v46mbu3t4m3.example.com. IN NSEC3  1 1 123 aabb00123456bbccdd s1unhcti19bkdr98fegs0v46mbu3t4m4 MX RRSIG
+s1unhcti19bkdr98fegs0v46mbu3t4m3.example.com.   3600    IN      RRSIG   NSEC3 3 3 3600 20070926135752 20070829135752 2854 example.com. MCwCFE/a24nsY2luhQmZjY/ObAIgNSMkAhQWd4MUOUVK55bD6AbMHWrDA0yvEA== ;{id = 2854}
+
+ENTRY_END
+
+; refer to server one down
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+www.sub.example.com. IN A
+SECTION AUTHORITY
+sub.example.com. IN NS ns.sub.example.com.
+; proof that there is no DS here.
+;sub.example.com.        3600    IN      DS      2854 DSA 1 be4d46cd7489cce25a31af0dff2968ce0425dd31
+;sub.example.com.        3600    IN      RRSIG   DS 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQC1WMTfb25sTgeUEXCFR4+YiJqecwIUc2R/jrO4amyQxovSnld2reg8eyo= ;{id = 2854}
+; sub.example.com. -> 8r1f0ieoutlnjc03meng9e3bn2n0o9pd.
+8r1f0ieoutlnjc03meng9e3bn2n0o9pd.example.com. IN NSEC3 1 1 123 aabb00123456bbccdd 8r1f0ieoutlnjc03meng9e3bn3n0o9pd NS RRSIG
+; bad signature:
+8r1f0ieoutlnjc03meng9e3bn2n0o9pd.example.com.   3600    IN      RRSIG   NSEC3 3 3 3600 20010926135752 20010829135752 2854 example.com. MC0CFEC78oZJjqlV6kVyQb4X0o6tsUpUAhUAk+bgth7eeN+aO8ts2+yLSyzSX9g= ;{id = 2854}
+;8r1f0ieoutlnjc03meng9e3bn2n0o9pd.example.com.   3600    IN      RRSIG   NSEC3 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFEC78oZJjqlV6kVyQb4X0o6tsUpUAhUAk+bgth7eeN+aO8ts2+yLSyzSX9g= ;{id = 2854}
+SECTION ADDITIONAL
+ns.sub.example.com. IN A 1.2.3.10
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+sub.example.com. IN DS
+SECTION AUTHORITY
+; proof that there is no DS here.
+;sub.example.com.        3600    IN      DS      2854 DSA 1 be4d46cd7489cce25a31af0dff2968ce0425dd31
+;sub.example.com.        3600    IN      RRSIG   DS 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQC1WMTfb25sTgeUEXCFR4+YiJqecwIUc2R/jrO4amyQxovSnld2reg8eyo= ;{id = 2854}
+; sub.example.com. -> 8r1f0ieoutlnjc03meng9e3bn2n0o9pd.
+8r1f0ieoutlnjc03meng9e3bn2n0o9pd.example.com. IN NSEC3 1 1 123 aabb00123456bbccdd 8r1f0ieoutlnjc03meng9e3bn3n0o9pd NS RRSIG
+; bad signature
+8r1f0ieoutlnjc03meng9e3bn2n0o9pd.example.com.   3600    IN      RRSIG   NSEC3 3 3 3600 20010926135752 20010829135752 2854 example.com. MC0CFEC78oZJjqlV6kVyQb4X0o6tsUpUAhUAk+bgth7eeN+aO8ts2+yLSyzSX9g= ;{id = 2854}
+;8r1f0ieoutlnjc03meng9e3bn2n0o9pd.example.com.   3600    IN      RRSIG   NSEC3 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFEC78oZJjqlV6kVyQb4X0o6tsUpUAhUAk+bgth7eeN+aO8ts2+yLSyzSX9g= ;{id = 2854}
+ENTRY_END
+RANGE_END
+
+; ns.sub.example.com.
+RANGE_BEGIN 0 100
+	ADDRESS 1.2.3.10
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR REFUSED
+SECTION QUESTION
+sub.example.com. IN NS
+SECTION ANSWER
+ENTRY_END
+
+
+; response to DNSKEY priming query
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+sub.example.com. IN DNSKEY
+SECTION ANSWER
+sub.example.com.    3600    IN      DNSKEY  256 3 3 ALXLUsWqUrY3JYER3T4TBJII s70j+sDS/UT2QRp61SE7S3E EXopNXoFE73JLRmvpi/UrOO/Vz4Se 6wXv/CYCKjGw06U4WRgR YXcpEhJROyNapmdIKSx hOzfLVE1gqA0PweZR8d tY3aNQSRn3sPpwJr6Mi /PqQKAMMrZ9ckJpf1+b QMOOvxgzz2U1GS18b3y ZKcgTMEaJzd/GZYzi/B N2DzQ0MsrSwYXfsNLFO Bbs8PJMW4LYIxeeOe6rUgkWOF 7CC9Dh/dduQ1QrsJhmZAEFfd6ByYV+ ;{id = 2854 (zsk), size = 1688b}
+sub.example.com.        3600    IN      RRSIG   DNSKEY 3 3 3600 20070926135752 20070829135752 2854 sub.example.com. MCwCFBznBTYM/SrdUnjQdBnLtRO79KAaAhQReG5nRuL7Xsdf6D0KKwPa1GpWyQ== ;{id = 2854}
+
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+www.sub.example.com. IN A
+SECTION ANSWER
+www.sub.example.com. IN A 1.2.3.123
+www.sub.example.com.    3600    IN      RRSIG   A 3 4 3600 20070926135752 20070829135752 2854 sub.example.com. MC0CFEExteiCsLkRi/md6o5K8BhRJAKFAhUAgg2tkvwaDn8Xbm9q+5xnjvgIB8k= ;{id = 2854}
+ENTRY_END
+RANGE_END
+
+STEP 1 QUERY
+ENTRY_BEGIN
+REPLY RD DO
+SECTION QUESTION
+www.sub.example.com. IN A
+ENTRY_END
+
+; recursion happens here.
+STEP 10 CHECK_ANSWER
+ENTRY_BEGIN
+MATCH all
+REPLY QR RD RA DO SERVFAIL
+SECTION QUESTION
+www.sub.example.com. IN A
+SECTION ANSWER
+SECTION AUTHORITY
+SECTION ADDITIONAL
+ENTRY_END
+
+SCENARIO_END
diff --git a/src/test/resources/unbound/val_nsec3_nods_negcache.rpl b/src/test/resources/unbound/val_nsec3_nods_negcache.rpl
new file mode 100644
index 000000000..d2ba7309a
--- /dev/null
+++ b/src/test/resources/unbound/val_nsec3_nods_negcache.rpl
@@ -0,0 +1,222 @@
+; config options
+; The island of trust is at example.com
+server:
+	trust-anchor: "example.com.    3600    IN      DS      2854 3 1 46e4ffc6e9a4793b488954bd3f0cc6af0dfb201b"
+	val-override-date: "20070916134226"
+	target-fetch-policy: "0 0 0 0 0"
+	qname-minimisation: "no"
+	fake-sha1: yes
+	trust-anchor-signaling: no
+
+stub-zone:
+	name: "."
+	stub-addr: 193.0.14.129 	# K.ROOT-SERVERS.NET.
+CONFIG_END
+
+SCENARIO_BEGIN Test validator with NSEC3 with no DS referral from neg cache.
+
+; K.ROOT-SERVERS.NET.
+RANGE_BEGIN 0 100
+	ADDRESS 193.0.14.129 
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+. IN NS
+SECTION ANSWER
+. IN NS	K.ROOT-SERVERS.NET.
+SECTION ADDITIONAL
+K.ROOT-SERVERS.NET.	IN	A	193.0.14.129
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+www.sub.example.com. IN A
+SECTION AUTHORITY
+com.	IN NS	a.gtld-servers.net.
+SECTION ADDITIONAL
+a.gtld-servers.net.	IN 	A	192.5.6.30
+ENTRY_END
+RANGE_END
+
+; a.gtld-servers.net.
+RANGE_BEGIN 0 100
+	ADDRESS 192.5.6.30
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+com. IN NS
+SECTION ANSWER
+com.    IN NS   a.gtld-servers.net.
+SECTION ADDITIONAL
+a.gtld-servers.net.     IN      A       192.5.6.30
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+www.sub.example.com. IN A
+SECTION AUTHORITY
+example.com.	IN NS	ns.example.com.
+SECTION ADDITIONAL
+ns.example.com.		IN 	A	1.2.3.4
+ENTRY_END
+RANGE_END
+
+; ns.example.com.
+RANGE_BEGIN 0 100
+	ADDRESS 1.2.3.4
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+example.com. IN NS
+SECTION ANSWER
+example.com.    IN NS   ns.example.com.
+example.com.    3600    IN      RRSIG   NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854}
+SECTION ADDITIONAL
+ns.example.com.         IN      A       1.2.3.4
+ns.example.com. 3600    IN      RRSIG   A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854}
+ENTRY_END
+
+; response to DNSKEY priming query
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+example.com. IN DNSKEY
+SECTION ANSWER
+example.com.    3600    IN      DNSKEY  256 3 3 ALXLUsWqUrY3JYER3T4TBJII s70j+sDS/UT2QRp61SE7S3E EXopNXoFE73JLRmvpi/UrOO/Vz4Se 6wXv/CYCKjGw06U4WRgR YXcpEhJROyNapmdIKSx hOzfLVE1gqA0PweZR8d tY3aNQSRn3sPpwJr6Mi /PqQKAMMrZ9ckJpf1+b QMOOvxgzz2U1GS18b3y ZKcgTMEaJzd/GZYzi/B N2DzQ0MsrSwYXfsNLFO Bbs8PJMW4LYIxeeOe6rUgkWOF 7CC9Dh/dduQ1QrsJhmZAEFfd6ByYV+ ;{id = 2854 (zsk), size = 1688b}
+example.com.    3600    IN      RRSIG   DNSKEY 3 2 3600 20070926134802 20070829134802 2854 example.com. MCwCFG1yhRNtTEa3Eno2zhVVuy2EJX3wAhQeLyUp6+UXcpC5qGNu9tkrTEgPUg== ;{id = 2854}
+SECTION AUTHORITY
+example.com.	IN NS	ns.example.com.
+example.com.    3600    IN      RRSIG   NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854}
+SECTION ADDITIONAL
+ns.example.com.		IN 	A	1.2.3.4
+ns.example.com. 3600    IN      RRSIG   A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854}
+ENTRY_END
+
+; response to query of interest
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+www.example.com. IN A
+SECTION AUTHORITY
+example.com.	IN SOA	ns.example.com. hostmaster.example.com. 2007090400 28800 7200 604800 18000
+example.com.    3600    IN      RRSIG   SOA 3 2 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCM6lsu9byZIQ1yYjJmyYfFWM2RWAIUcR5t84r2La824oWCkLjmHXRQlco= ;{id = 2854}
+
+; NODATA response. H(www.example.com.) = s1unhcti19bkdr98fegs0v46mbu3t4m3
+s1unhcti19bkdr98fegs0v46mbu3t4m3.example.com. IN NSEC3  1 1 123 aabb00123456bbccdd s1unhcti19bkdr98fegs0v46mbu3t4m4 MX RRSIG
+s1unhcti19bkdr98fegs0v46mbu3t4m3.example.com.   3600    IN      RRSIG   NSEC3 3 3 3600 20070926135752 20070829135752 2854 example.com. MCwCFE/a24nsY2luhQmZjY/ObAIgNSMkAhQWd4MUOUVK55bD6AbMHWrDA0yvEA== ;{id = 2854}
+
+ENTRY_END
+
+; refer to server one down
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+www.sub.example.com. IN A
+SECTION AUTHORITY
+sub.example.com. IN NS ns.sub.example.com.
+; proof that there is no DS here.
+;sub.example.com.        3600    IN      DS      2854 DSA 1 be4d46cd7489cce25a31af0dff2968ce0425dd31
+;sub.example.com.        3600    IN      RRSIG   DS 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQC1WMTfb25sTgeUEXCFR4+YiJqecwIUc2R/jrO4amyQxovSnld2reg8eyo= ;{id = 2854}
+; sub.example.com. -> 8r1f0ieoutlnjc03meng9e3bn2n0o9pd.
+8r1f0ieoutlnjc03meng9e3bn2n0o9pd.example.com. IN NSEC3 1 1 123 aabb00123456bbccdd 8r1f0ieoutlnjc03meng9e3bn3n0o9pd NS RRSIG
+8r1f0ieoutlnjc03meng9e3bn2n0o9pd.example.com.   3600    IN      RRSIG   NSEC3 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFEC78oZJjqlV6kVyQb4X0o6tsUpUAhUAk+bgth7eeN+aO8ts2+yLSyzSX9g= ;{id = 2854}
+
+SECTION ADDITIONAL
+ns.sub.example.com. IN A 1.2.3.10
+ENTRY_END
+
+; get DS proof from neg cache
+; ENTRY_BEGIN
+; MATCH opcode qtype qname
+; ADJUST copy_id
+; REPLY QR NOERROR
+; SECTION QUESTION
+; sub.example.com. IN DS
+; SECTION AUTHORITY
+; ; proof that there is no DS here.
+; ;sub.example.com.        3600    IN      DS      2854 DSA 1 be4d46cd7489cce25a31af0dff2968ce0425dd31
+; ;sub.example.com.        3600    IN      RRSIG   DS 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQC1WMTfb25sTgeUEXCFR4+YiJqecwIUc2R/jrO4amyQxovSnld2reg8eyo= ;{id = 2854}
+; ; sub.example.com. -> 8r1f0ieoutlnjc03meng9e3bn2n0o9pd.
+; 8r1f0ieoutlnjc03meng9e3bn2n0o9pd.example.com. IN NSEC3 1 1 123 aabb00123456bbccdd 8r1f0ieoutlnjc03meng9e3bn3n0o9pd NS RRSIG
+; 8r1f0ieoutlnjc03meng9e3bn2n0o9pd.example.com.   3600    IN      RRSIG   NSEC3 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFEC78oZJjqlV6kVyQb4X0o6tsUpUAhUAk+bgth7eeN+aO8ts2+yLSyzSX9g= ;{id = 2854}
+; ENTRY_END
+RANGE_END
+
+; ns.sub.example.com.
+RANGE_BEGIN 0 100
+	ADDRESS 1.2.3.10
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR REFUSED
+SECTION QUESTION
+sub.example.com. IN NS
+SECTION ANSWER
+ENTRY_END
+
+
+; response to DNSKEY priming query
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+sub.example.com. IN DNSKEY
+SECTION ANSWER
+sub.example.com.    3600    IN      DNSKEY  256 3 3 ALXLUsWqUrY3JYER3T4TBJII s70j+sDS/UT2QRp61SE7S3E EXopNXoFE73JLRmvpi/UrOO/Vz4Se 6wXv/CYCKjGw06U4WRgR YXcpEhJROyNapmdIKSx hOzfLVE1gqA0PweZR8d tY3aNQSRn3sPpwJr6Mi /PqQKAMMrZ9ckJpf1+b QMOOvxgzz2U1GS18b3y ZKcgTMEaJzd/GZYzi/B N2DzQ0MsrSwYXfsNLFO Bbs8PJMW4LYIxeeOe6rUgkWOF 7CC9Dh/dduQ1QrsJhmZAEFfd6ByYV+ ;{id = 2854 (zsk), size = 1688b}
+sub.example.com.        3600    IN      RRSIG   DNSKEY 3 3 3600 20070926135752 20070829135752 2854 sub.example.com. MCwCFBznBTYM/SrdUnjQdBnLtRO79KAaAhQReG5nRuL7Xsdf6D0KKwPa1GpWyQ== ;{id = 2854}
+
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+www.sub.example.com. IN A
+SECTION ANSWER
+www.sub.example.com. IN A 1.2.3.123
+www.sub.example.com.    3600    IN      RRSIG   A 3 4 3600 20070926135752 20070829135752 2854 sub.example.com. MC0CFEExteiCsLkRi/md6o5K8BhRJAKFAhUAgg2tkvwaDn8Xbm9q+5xnjvgIB8k= ;{id = 2854}
+ENTRY_END
+RANGE_END
+
+STEP 1 QUERY
+ENTRY_BEGIN
+REPLY RD DO
+SECTION QUESTION
+www.sub.example.com. IN A
+ENTRY_END
+
+; recursion happens here.
+STEP 10 CHECK_ANSWER
+ENTRY_BEGIN
+MATCH all
+REPLY QR RD RA DO NOERROR
+SECTION QUESTION
+www.sub.example.com. IN A
+SECTION ANSWER
+www.sub.example.com. IN A 1.2.3.123
+www.sub.example.com.    3600    IN      RRSIG   A 3 4 3600 20070926135752 20070829135752 2854 sub.example.com. MC0CFEExteiCsLkRi/md6o5K8BhRJAKFAhUAgg2tkvwaDn8Xbm9q+5xnjvgIB8k= ;{id = 2854}
+SECTION AUTHORITY
+SECTION ADDITIONAL
+ENTRY_END
+
+SCENARIO_END
diff --git a/src/test/resources/unbound/val_nsec3_nods_soa.rpl b/src/test/resources/unbound/val_nsec3_nods_soa.rpl
new file mode 100644
index 000000000..bbb0633aa
--- /dev/null
+++ b/src/test/resources/unbound/val_nsec3_nods_soa.rpl
@@ -0,0 +1,253 @@
+; config options
+; The island of trust is at example.com
+server:
+	trust-anchor: "example.com.    3600    IN      DS      2854 3 1 46e4ffc6e9a4793b488954bd3f0cc6af0dfb201b"
+	val-override-date: "20070916134226"
+	target-fetch-policy: "0 0 0 0 0"
+	fake-sha1: yes
+	trust-anchor-signaling: no
+
+stub-zone:
+	name: "."
+	stub-addr: 193.0.14.129 	# K.ROOT-SERVERS.NET.
+CONFIG_END
+
+SCENARIO_BEGIN Test validator with NSEC3 with no DS referral abuse of apex.
+; abusing subzone apex NSEC3.
+
+; K.ROOT-SERVERS.NET.
+RANGE_BEGIN 0 100
+	ADDRESS 193.0.14.129 
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+. IN NS
+SECTION ANSWER
+. IN NS	K.ROOT-SERVERS.NET.
+SECTION ADDITIONAL
+K.ROOT-SERVERS.NET.	IN	A	193.0.14.129
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode subdomain
+ADJUST copy_id copy_query
+REPLY QR NOERROR
+SECTION QUESTION
+com. IN A
+SECTION AUTHORITY
+com.	IN NS	a.gtld-servers.net.
+SECTION ADDITIONAL
+a.gtld-servers.net.	IN 	A	192.5.6.30
+ENTRY_END
+RANGE_END
+
+; a.gtld-servers.net.
+RANGE_BEGIN 0 100
+	ADDRESS 192.5.6.30
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+com. IN NS
+SECTION ANSWER
+com.    IN NS   a.gtld-servers.net.
+SECTION ADDITIONAL
+a.gtld-servers.net.     IN      A       192.5.6.30
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode subdomain
+ADJUST copy_id copy_query
+REPLY QR NOERROR
+SECTION QUESTION
+example.com. IN A
+SECTION AUTHORITY
+example.com.	IN NS	ns.example.com.
+SECTION ADDITIONAL
+ns.example.com.		IN 	A	1.2.3.4
+ENTRY_END
+RANGE_END
+
+; ns.example.com.
+RANGE_BEGIN 0 100
+	ADDRESS 1.2.3.4
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR AA SERVFAIL
+SECTION QUESTION
+ns.example.com. IN A
+SECTION ANSWER
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR AA SERVFAIL
+SECTION QUESTION
+ns.example.com. IN AAAA
+SECTION ANSWER
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+example.com. IN NS
+SECTION ANSWER
+example.com.    IN NS   ns.example.com.
+example.com.    3600    IN      RRSIG   NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854}
+SECTION ADDITIONAL
+ns.example.com.         IN      A       1.2.3.4
+ns.example.com. 3600    IN      RRSIG   A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854}
+ENTRY_END
+
+; response to DNSKEY priming query
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+example.com. IN DNSKEY
+SECTION ANSWER
+example.com.    3600    IN      DNSKEY  256 3 3 ALXLUsWqUrY3JYER3T4TBJII s70j+sDS/UT2QRp61SE7S3E EXopNXoFE73JLRmvpi/UrOO/Vz4Se 6wXv/CYCKjGw06U4WRgR YXcpEhJROyNapmdIKSx hOzfLVE1gqA0PweZR8d tY3aNQSRn3sPpwJr6Mi /PqQKAMMrZ9ckJpf1+b QMOOvxgzz2U1GS18b3y ZKcgTMEaJzd/GZYzi/B N2DzQ0MsrSwYXfsNLFO Bbs8PJMW4LYIxeeOe6rUgkWOF 7CC9Dh/dduQ1QrsJhmZAEFfd6ByYV+ ;{id = 2854 (zsk), size = 1688b}
+example.com.    3600    IN      RRSIG   DNSKEY 3 2 3600 20070926134802 20070829134802 2854 example.com. MCwCFG1yhRNtTEa3Eno2zhVVuy2EJX3wAhQeLyUp6+UXcpC5qGNu9tkrTEgPUg== ;{id = 2854}
+SECTION AUTHORITY
+example.com.	IN NS	ns.example.com.
+example.com.    3600    IN      RRSIG   NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854}
+SECTION ADDITIONAL
+ns.example.com.		IN 	A	1.2.3.4
+ns.example.com. 3600    IN      RRSIG   A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854}
+ENTRY_END
+
+; response to query of interest
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+www.example.com. IN A
+SECTION AUTHORITY
+example.com.	IN SOA	ns.example.com. hostmaster.example.com. 2007090400 28800 7200 604800 18000
+example.com.    3600    IN      RRSIG   SOA 3 2 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCM6lsu9byZIQ1yYjJmyYfFWM2RWAIUcR5t84r2La824oWCkLjmHXRQlco= ;{id = 2854}
+
+; NODATA response. H(www.example.com.) = s1unhcti19bkdr98fegs0v46mbu3t4m3
+s1unhcti19bkdr98fegs0v46mbu3t4m3.example.com. IN NSEC3  1 1 123 aabb00123456bbccdd s1unhcti19bkdr98fegs0v46mbu3t4m4 MX RRSIG
+s1unhcti19bkdr98fegs0v46mbu3t4m3.example.com.   3600    IN      RRSIG   NSEC3 3 3 3600 20070926135752 20070829135752 2854 example.com. MCwCFE/a24nsY2luhQmZjY/ObAIgNSMkAhQWd4MUOUVK55bD6AbMHWrDA0yvEA== ;{id = 2854}
+
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+sub.example.com. IN DS
+SECTION AUTHORITY
+; proof that there is no DS here.
+;sub.example.com.        3600    IN      DS      2854 DSA 1 be4d46cd7489cce25a31af0dff2968ce0425dd31
+;sub.example.com.        3600    IN      RRSIG   DS 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQC1WMTfb25sTgeUEXCFR4+YiJqecwIUc2R/jrO4amyQxovSnld2reg8eyo= ;{id = 2854}
+; sub.example.com. -> 8r1f0ieoutlnjc03meng9e3bn2n0o9pd.
+8r1f0ieoutlnjc03meng9e3bn2n0o9pd.example.com. IN NSEC3 1 1 123 aabb00123456bbccdd 8r1f0ieoutlnjc03meng9e3bn3n0o9pd NS SOA DNSKEY RRSIG
+8r1f0ieoutlnjc03meng9e3bn2n0o9pd.example.com.   3600    IN      RRSIG   NSEC3 3 3 3600 20070926135752 20070829135752 2854 example.com. MC4CFQCeKcyw76yvOvfa2+qtxv8bKcEyJwIVAJBeIGST4Y8Tk8YkQI0suee3Bxb1 ;{id = 2854}
+ENTRY_END
+
+; refer to server one down
+ENTRY_BEGIN
+MATCH opcode subdomain
+ADJUST copy_id copy_query
+REPLY QR NOERROR
+SECTION QUESTION
+sub.example.com. IN A
+SECTION AUTHORITY
+sub.example.com. IN NS ns.sub.example.com.
+; proof that there is no DS here.
+;sub.example.com.        3600    IN      DS      2854 DSA 1 be4d46cd7489cce25a31af0dff2968ce0425dd31
+;sub.example.com.        3600    IN      RRSIG   DS 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQC1WMTfb25sTgeUEXCFR4+YiJqecwIUc2R/jrO4amyQxovSnld2reg8eyo= ;{id = 2854}
+; sub.example.com. -> 8r1f0ieoutlnjc03meng9e3bn2n0o9pd.
+8r1f0ieoutlnjc03meng9e3bn2n0o9pd.example.com. IN NSEC3 1 1 123 aabb00123456bbccdd 8r1f0ieoutlnjc03meng9e3bn3n0o9pd NS SOA DNSKEY RRSIG
+8r1f0ieoutlnjc03meng9e3bn2n0o9pd.example.com.   3600    IN      RRSIG   NSEC3 3 3 3600 20070926135752 20070829135752 2854 example.com. MC4CFQCeKcyw76yvOvfa2+qtxv8bKcEyJwIVAJBeIGST4Y8Tk8YkQI0suee3Bxb1 ;{id = 2854}
+
+SECTION ADDITIONAL
+ns.sub.example.com. IN A 1.2.3.10
+ENTRY_END
+RANGE_END
+
+; ns.sub.example.com.
+RANGE_BEGIN 0 100
+	ADDRESS 1.2.3.10
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR AA REFUSED
+SECTION QUESTION
+ns.sub.example.com. IN A
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR AA REFUSED
+SECTION QUESTION
+ns.sub.example.com. IN AAAA
+SECTION ANSWER
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR REFUSED
+SECTION QUESTION
+sub.example.com. IN NS
+SECTION ANSWER
+ENTRY_END
+
+; response to DNSKEY priming query
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+sub.example.com. IN DNSKEY
+SECTION ANSWER
+sub.example.com.    3600    IN      DNSKEY  256 3 3 ALXLUsWqUrY3JYER3T4TBJII s70j+sDS/UT2QRp61SE7S3E EXopNXoFE73JLRmvpi/UrOO/Vz4Se 6wXv/CYCKjGw06U4WRgR YXcpEhJROyNapmdIKSx hOzfLVE1gqA0PweZR8d tY3aNQSRn3sPpwJr6Mi /PqQKAMMrZ9ckJpf1+b QMOOvxgzz2U1GS18b3y ZKcgTMEaJzd/GZYzi/B N2DzQ0MsrSwYXfsNLFO Bbs8PJMW4LYIxeeOe6rUgkWOF 7CC9Dh/dduQ1QrsJhmZAEFfd6ByYV+ ;{id = 2854 (zsk), size = 1688b}
+sub.example.com.        3600    IN      RRSIG   DNSKEY 3 3 3600 20070926135752 20070829135752 2854 sub.example.com. MCwCFBznBTYM/SrdUnjQdBnLtRO79KAaAhQReG5nRuL7Xsdf6D0KKwPa1GpWyQ== ;{id = 2854}
+
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+www.sub.example.com. IN A
+SECTION ANSWER
+www.sub.example.com. IN A 1.2.3.123
+www.sub.example.com.    3600    IN      RRSIG   A 3 4 3600 20070926135752 20070829135752 2854 sub.example.com. MC0CFEExteiCsLkRi/md6o5K8BhRJAKFAhUAgg2tkvwaDn8Xbm9q+5xnjvgIB8k= ;{id = 2854}
+ENTRY_END
+RANGE_END
+
+STEP 1 QUERY
+ENTRY_BEGIN
+REPLY RD
+SECTION QUESTION
+www.sub.example.com. IN A
+ENTRY_END
+
+; recursion happens here.
+STEP 10 CHECK_ANSWER
+ENTRY_BEGIN
+MATCH all
+REPLY QR RD RA SERVFAIL
+SECTION QUESTION
+www.sub.example.com. IN A
+SECTION ANSWER
+SECTION AUTHORITY
+SECTION ADDITIONAL
+ENTRY_END
+
+SCENARIO_END
diff --git a/src/test/resources/unbound/val_nsec3_optout_ad.rpl b/src/test/resources/unbound/val_nsec3_optout_ad.rpl
new file mode 100644
index 000000000..99b456924
--- /dev/null
+++ b/src/test/resources/unbound/val_nsec3_optout_ad.rpl
@@ -0,0 +1,362 @@
+; config options
+; The island of trust is at example.com
+server:
+	trust-anchor: "example.com. DS 57024 7 1 46d134be319b2cc910b9938f1cb25dc41abb27bf"
+	val-override-date: "20070916134226"
+	target-fetch-policy: "0 0 0 0 0"
+	qname-minimisation: "no"
+	fake-sha1: yes
+	trust-anchor-signaling: no
+
+stub-zone:
+	name: "."
+	stub-addr: 193.0.14.129 	# K.ROOT-SERVERS.NET.
+CONFIG_END
+
+SCENARIO_BEGIN Test validator with optout NSEC3 response that gets no AD.
+
+; K.ROOT-SERVERS.NET.
+RANGE_BEGIN 0 100
+	ADDRESS 193.0.14.129
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+. IN NS
+SECTION ANSWER
+. IN NS	K.ROOT-SERVERS.NET.
+SECTION ADDITIONAL
+K.ROOT-SERVERS.NET.	IN	A	193.0.14.129
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode subdomain
+ADJUST copy_id copy_query
+REPLY QR NOERROR
+SECTION QUESTION
+com. IN A
+SECTION AUTHORITY
+com.	IN NS	a.gtld-servers.net.
+SECTION ADDITIONAL
+a.gtld-servers.net.	IN 	A	192.5.6.30
+ENTRY_END
+RANGE_END
+
+; a.gtld-servers.net.
+RANGE_BEGIN 0 100
+	ADDRESS 192.5.6.30
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+com. IN NS
+SECTION ANSWER
+com.    IN NS   a.gtld-servers.net.
+SECTION ADDITIONAL
+a.gtld-servers.net.     IN      A       192.5.6.30
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode subdomain
+ADJUST copy_id copy_query
+REPLY QR NOERROR
+SECTION QUESTION
+example.com. IN A
+SECTION AUTHORITY
+example.com.	IN NS	ns.example.com.
+SECTION ADDITIONAL
+ns.example.com.		IN 	A	1.2.3.4
+ENTRY_END
+RANGE_END
+
+; ns.example.com.
+RANGE_BEGIN 0 100
+	ADDRESS 1.2.3.4
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+example.com. IN NS
+SECTION ANSWER
+example.com.    IN NS   ns.example.com.
+example.com.	3600	IN	RRSIG	NS 7 2 3600 20070926134150 20070829134150 57024 example.com. fIE3H2v3wAm3GPajsdgJn+A8R4Cp7dMXf1PSUQ8BfklzMBMJjpc0oM/S7u/HVLYQs1jx8CMdw2TZEpIPfo6Rl0TekDqNtVk6IBw1H+zxDFwf3v7UdOjm8s6FfoEJcZ5yEFV/Lps82NzHCR9uqprhv6ddQdAeVNA5QHis1c5Y1P0= ;{id = 57024}
+SECTION ADDITIONAL
+ns.example.com.         IN      A       1.2.3.4
+ns.example.com.	3600	IN	RRSIG	A 7 3 3600 20070926134150 20070829134150 57024 example.com. b0iX5vuTqngB5F0ORFrFLx8sAeTHGJVcPpD34iNFY71ZoFnHrHfAMWC3RAWz+nQ1NmH1oDdA8NTYN/aQQNzwEz4VmVYA2PANBSiwSY3q3gp9PWZU6CfRNf2dU/210H0y35FroQpADszmwC+Hlbcvll+bQj3fSyT2W/69kRVssj4= ;{id = 57024}
+ENTRY_END
+
+; response to DNSKEY priming query
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+example.com. IN DNSKEY
+SECTION ANSWER
+example.com.	3600	IN	DNSKEY	257 3 7 AwEAAbvre/wK/WVeoj0SiwVkTD+NefvHPru9YIqLWY0m+0E5NYOpJZdc+PGQQYRzFNOlugVZtFirmv5Lmz7GNiASXtG/IFi//SlE30DxEKQOjt2F6qSZTZ1nZ5XOIMGTwWyp4OoI0egk5JavC5mQbyXqcj82ywt6F5Z3CmnThVl6MtOv ;{id = 57024 (ksk), size = 1024b}
+example.com.	3600	IN	RRSIG	DNSKEY 7 2 3600 20070926134150 20070829134150 57024 example.com. lqOo8W7UffLZIKBoIJg8OAPkmCWptnstiLIg1bAtzuEZDZFr2KNZGv+5k6hbRJKYnZRLReY4v8G9Eg0GCC/44gLm8BZlnh/4jLOjMH9MKusFV/jNqz/HABITYn1pBwvVak7lzqN+bmL0KMyWf1MzPWilx4fM9YWinsQFILVLPL0= ;{id = 57024}
+SECTION AUTHORITY
+example.com.	IN NS	ns.example.com.
+example.com.	3600	IN	RRSIG	NS 7 2 3600 20070926134150 20070829134150 57024 example.com. fIE3H2v3wAm3GPajsdgJn+A8R4Cp7dMXf1PSUQ8BfklzMBMJjpc0oM/S7u/HVLYQs1jx8CMdw2TZEpIPfo6Rl0TekDqNtVk6IBw1H+zxDFwf3v7UdOjm8s6FfoEJcZ5yEFV/Lps82NzHCR9uqprhv6ddQdAeVNA5QHis1c5Y1P0= ;{id = 57024}
+SECTION ADDITIONAL
+ns.example.com.		IN 	A	1.2.3.4
+ns.example.com.	3600	IN	RRSIG	A 7 3 3600 20070926134150 20070829134150 57024 example.com. b0iX5vuTqngB5F0ORFrFLx8sAeTHGJVcPpD34iNFY71ZoFnHrHfAMWC3RAWz+nQ1NmH1oDdA8NTYN/aQQNzwEz4VmVYA2PANBSiwSY3q3gp9PWZU6CfRNf2dU/210H0y35FroQpADszmwC+Hlbcvll+bQj3fSyT2W/69kRVssj4= ;{id = 57024}
+ENTRY_END
+
+; response to query of interest
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+sub.example.com. IN DS
+SECTION ANSWER
+SECTION AUTHORITY
+example.com. IN SOA ns.example.com. noc.example.com. 2009310622 1800 900 604800 86400
+example.com.	3600	IN	RRSIG	SOA 7 2 3600 20070926134150 20070829134150 57024 example.com. HlyER7bYPiSJ9jdjjRBucQexYr932Oor1TvxSLPWw5fuWvr/fFitKVnLqC+lqBIeOby44KiDr0rIk+ZqYjWWKNjaLm5wMfhQzbsAgGTQxmO07jnYOGQG9SI6DSbR9GJdZ7imu5sx5oo5dze73MxgLMZIethGaFMkktYN53+AzG0= ;{id = 57024}
+
+; optout
+; example.com. -> onib9mgub9h0rml3cdf5bgrj59dkjhvk.
+; sub.example.com. -> kg19n32806c832kijdnglq8p9m2r5mdj.
+; *.example.com. -> 4f3cnt8cu22tngec382jj4gde4rb47ub.
+onib9mgub9h0rml3cdf5bgrj59dkjhvk.example.com. NSEC3 1 1 0 - pnib9mgub9h0rml3cdf5bgrj59dkjhvk NS SOA RRSIG DNSKEY NSEC3PARAM
+jg19n32806c832kijdnglq8p9m2r5mdj.example.com. NSEC3 1 1 0 - lg19n32806c832kijdnglq8p9m2r5mdj NS DS RRSIG
+
+onib9mgub9h0rml3cdf5bgrj59dkjhvk.example.com.	3600	IN	RRSIG	NSEC3 7 3 3600 20070926134150 20070829134150 57024 example.com. jHrF+lnyRL1LE/Bwz6C+jZg3E/2qQkVSboGxya6iX71v0zA3eUsob9m9l3gHNlhwhyahbamHUKx+OMvtYuzRa+RMv4ObuLRIt8StdixeXaUU+rx7C2qCKOFsa5q4HzK4bLYPfyb5T9w67HbzHPLEllXPA7tghzyzCM9qBtbvwK4= ;{id = 57024}
+jg19n32806c832kijdnglq8p9m2r5mdj.example.com.	3600	IN	RRSIG	NSEC3 7 3 3600 20070926134150 20070829134150 57024 example.com. f7ZSCahAuKOLXquM0jpdU6I9AX31CgGicRiB3aU4jvqQp/EygbCNn5kfpyXY0FvZvzggpl8naXSStOPN9dy3bb0NwGQkJcYD94NEw307T8uEunOvx1ug5TuakBAwqjY8xKM3xab3LnWYRtx4zdln/3ZDHvBUwfzkxUZrzeKjpiI= ;{id = 57024}
+SECTION ADDITIONAL
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+sub.example.com. IN MX
+SECTION ANSWER
+SECTION AUTHORITY
+example.com. IN SOA ns.example.com. noc.example.com. 2009310622 1800 900 604800 86400
+example.com.	3600	IN	RRSIG	SOA 7 2 3600 20070926134150 20070829134150 57024 example.com. HlyER7bYPiSJ9jdjjRBucQexYr932Oor1TvxSLPWw5fuWvr/fFitKVnLqC+lqBIeOby44KiDr0rIk+ZqYjWWKNjaLm5wMfhQzbsAgGTQxmO07jnYOGQG9SI6DSbR9GJdZ7imu5sx5oo5dze73MxgLMZIethGaFMkktYN53+AzG0= ;{id = 57024}
+
+; optout
+; example.com. -> onib9mgub9h0rml3cdf5bgrj59dkjhvk.
+; sub.example.com. -> kg19n32806c832kijdnglq8p9m2r5mdj.
+; *.example.com. -> 4f3cnt8cu22tngec382jj4gde4rb47ub.
+onib9mgub9h0rml3cdf5bgrj59dkjhvk.example.com. NSEC3 1 1 0 - pnib9mgub9h0rml3cdf5bgrj59dkjhvk NS SOA RRSIG DNSKEY NSEC3PARAM
+jg19n32806c832kijdnglq8p9m2r5mdj.example.com. NSEC3 1 1 0 - lg19n32806c832kijdnglq8p9m2r5mdj NS DS RRSIG
+
+onib9mgub9h0rml3cdf5bgrj59dkjhvk.example.com.	3600	IN	RRSIG	NSEC3 7 3 3600 20070926134150 20070829134150 57024 example.com. jHrF+lnyRL1LE/Bwz6C+jZg3E/2qQkVSboGxya6iX71v0zA3eUsob9m9l3gHNlhwhyahbamHUKx+OMvtYuzRa+RMv4ObuLRIt8StdixeXaUU+rx7C2qCKOFsa5q4HzK4bLYPfyb5T9w67HbzHPLEllXPA7tghzyzCM9qBtbvwK4= ;{id = 57024}
+jg19n32806c832kijdnglq8p9m2r5mdj.example.com.	3600	IN	RRSIG	NSEC3 7 3 3600 20070926134150 20070829134150 57024 example.com. f7ZSCahAuKOLXquM0jpdU6I9AX31CgGicRiB3aU4jvqQp/EygbCNn5kfpyXY0FvZvzggpl8naXSStOPN9dy3bb0NwGQkJcYD94NEw307T8uEunOvx1ug5TuakBAwqjY8xKM3xab3LnWYRtx4zdln/3ZDHvBUwfzkxUZrzeKjpiI= ;{id = 57024}
+SECTION ADDITIONAL
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR AA NXDOMAIN
+SECTION QUESTION
+rub.example.com. IN A
+SECTION ANSWER
+SECTION AUTHORITY
+example.com. IN SOA ns.example.com. noc.example.com. 2009310622 1800 900 604800 86400
+example.com.	3600	IN	RRSIG	SOA 7 2 3600 20070926134150 20070829134150 57024 example.com. HlyER7bYPiSJ9jdjjRBucQexYr932Oor1TvxSLPWw5fuWvr/fFitKVnLqC+lqBIeOby44KiDr0rIk+ZqYjWWKNjaLm5wMfhQzbsAgGTQxmO07jnYOGQG9SI6DSbR9GJdZ7imu5sx5oo5dze73MxgLMZIethGaFMkktYN53+AzG0= ;{id = 57024}
+
+; optout
+; example.com. -> onib9mgub9h0rml3cdf5bgrj59dkjhvk.
+; rub.example.com. -> c2bqk3tb4foaenfbp1v0pdk6mor3r7vo.
+; *.example.com. -> 4f3cnt8cu22tngec382jj4gde4rb47ub.
+onib9mgub9h0rml3cdf5bgrj59dkjhvk.example.com. NSEC3 1 1 0 - pnib9mgub9h0rml3cdf5bgrj59dkjhvk NS SOA RRSIG DNSKEY NSEC3PARAM
+22bqk3tb4foaenfbp1v0pdk6mor3r7vo.example.com. NSEC3 1 1 0 - f2bqk3tb4foaenfbp1v0pdk6mor3r7vo NS RRSIG
+
+onib9mgub9h0rml3cdf5bgrj59dkjhvk.example.com.	3600	IN	RRSIG	NSEC3 7 3 3600 20070926134150 20070829134150 57024 example.com. jHrF+lnyRL1LE/Bwz6C+jZg3E/2qQkVSboGxya6iX71v0zA3eUsob9m9l3gHNlhwhyahbamHUKx+OMvtYuzRa+RMv4ObuLRIt8StdixeXaUU+rx7C2qCKOFsa5q4HzK4bLYPfyb5T9w67HbzHPLEllXPA7tghzyzCM9qBtbvwK4= ;{id = 57024}
+22bqk3tb4foaenfbp1v0pdk6mor3r7vo.example.com.	3600	IN	RRSIG	NSEC3 7 3 3600 20070926134150 20070829134150 57024 example.com. jk6EYU9qTrmNeeKuQRG7iKyfNJnBt45MToPVpAQ+LoGDC3muy4bkWeKspj68cN9E5wNijfmm1eFK3khSSEnM50mfJbpiwlbKgL0VZz33Zn+Wu8b7sTtdDwDH7MUBLRwHeb7W+NtQIEXPLs4Z3BXHzAXy5ZpSjQ3PJZn6zBx4/dw= ;{id = 57024}
+SECTION ADDITIONAL
+ENTRY_END
+
+; wildcard expansion
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR AA NOERROR
+SECTION QUESTION
+a.wild.example.com. IN A
+SECTION ANSWER
+; *.wild.example.com. IN A 77.88.99.0
+a.wild.example.com. IN A 77.88.99.0
+a.wild.example.com.	3600	IN	RRSIG	A 7 3 3600 20070926134150 20070829134150 57024 example.com. GWV6cQprrpAsaYla5z7N9tppdb+X0ZjOsiWBuBueSACHU8CzsYPMbwKUZlTNbQ4mSVRRDa0rM1niYoZF9oqyAfbn5HBLi62TRjrBLHfvatDgSiZCa4mauUfzUS+U7FfUXikNIigG0aN0xdpJ//urmecjNSKg2aW4M0DYsm7keMI= ;{id = 57024}
+SECTION AUTHORITY
+; a.wild.example.com -> ad1535hlgg914unuuaei9jfh4ofr44uo.  covered by optout
+ac1535hlgg914unuuaei9jfh4ofr44uo.example.com. IN NSEC3 1 1 0 - ae1535hlgg914unuuaei9jfh4ofr44uo NS RRSIG
+ac1535hlgg914unuuaei9jfh4ofr44uo.example.com.	3600	IN	RRSIG	NSEC3 7 3 3600 20070926134150 20070829134150 57024 example.com. imoxsXE1c3FaXu6uSantJfMPGBgsauf1GhmNpS1lLuaNRjXOhf1PDXwt/GoD/dm2GXJAlWT8u6EK3RXkFwlDIsP7vYFuDfUNCQ/hvYq300sXl1nfW0O1bsoBJahQJuNM+xcbwbnQf0krCTxNthyi2cuiY7RYug6ZTZ3gz4DMkhU= ;{id = 57024}
+; for wild.example.com the closest encloser
+; wild.example.com -> 8aeigskl5tmraedgji7v1lqbmqs8qv7u.
+8aeigskl5tmraedgji7v1lqbmqs8qv7u.example.com. IN NSEC3 1 1 0 - 9aeigskl5tmraedgji7v1lqbmqs8qv7u
+8aeigskl5tmraedgji7v1lqbmqs8qv7u.example.com.	3600	IN	RRSIG	NSEC3 7 3 3600 20070926134150 20070829134150 57024 example.com. afV7c9knpxmD5c6UKrqw5J/06eokPwSb3HZi3TI63tzFcswuMjj4d7NKJmdpA+uo0aweVZgcOp+O+v9urgNYNYbxOy02qqOetLph8YWH7MQTftaGBwKD7gZMbnUArryPCtrlJz0i0GzoWvVTZnsjrrlDtP/ogLDnCKyi7Q0si+k= ;{id = 57024}
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR AA NOERROR
+SECTION QUESTION
+a.wild.example.com. IN MX
+SECTION ANSWER
+SECTION AUTHORITY
+; wildcard no data
+example.com. IN SOA ns.example.com. noc.example.com. 2009310622 1800 900 604800 86400
+example.com.	3600	IN	RRSIG	SOA 7 2 3600 20070926134150 20070829134150 57024 example.com. HlyER7bYPiSJ9jdjjRBucQexYr932Oor1TvxSLPWw5fuWvr/fFitKVnLqC+lqBIeOby44KiDr0rIk+ZqYjWWKNjaLm5wMfhQzbsAgGTQxmO07jnYOGQG9SI6DSbR9GJdZ7imu5sx5oo5dze73MxgLMZIethGaFMkktYN53+AzG0= ;{id = 57024}
+; wild.example.com -> 8aeigskl5tmraedgji7v1lqbmqs8qv7u.
+; *.wild.example.com. -> nvec78au1hpuma9eebeji5n06eq33gbk.
+; the NSEC3 for the wildcard *.wild.example.com. , with optout, A RRSIG
+nvec78au1hpuma9eebeji5n06eq33gbk.example.com. IN NSEC3 1 1 0 - ovec78au1hpuma9eebeji5n06eq33gbk A RRSIG
+nvec78au1hpuma9eebeji5n06eq33gbk.example.com.	3600	IN	RRSIG	NSEC3 7 3 3600 20070926134150 20070829134150 57024 example.com. jE+b5p+stQumm+tLZdaBT+KBpwYI7wRXijRHWcqiUp2SY1uV7HxBdW8aedVTqpFe8kYbMUgI3pCOAitmiI9R6SJg3q7022QOb9y+0/xSmIDqxATVPTJbkzVBInfWrulRtn7o3HmOyoIc9/w7NnNxFYpwtFL08jTBRr8XRTWDM7Q= ;{id = 57024}
+; NSEC3 for the closest encloser, wild.example.com. (an empty nonterminal)
+8aeigskl5tmraedgji7v1lqbmqs8qv7u.example.com. IN NSEC3 1 1 0 - 9aeigskl5tmraedgji7v1lqbmqs8qv7u
+8aeigskl5tmraedgji7v1lqbmqs8qv7u.example.com.	3600	IN	RRSIG	NSEC3 7 3 3600 20070926134150 20070829134150 57024 example.com. afV7c9knpxmD5c6UKrqw5J/06eokPwSb3HZi3TI63tzFcswuMjj4d7NKJmdpA+uo0aweVZgcOp+O+v9urgNYNYbxOy02qqOetLph8YWH7MQTftaGBwKD7gZMbnUArryPCtrlJz0i0GzoWvVTZnsjrrlDtP/ogLDnCKyi7Q0si+k= ;{id = 57024}
+; a.wild.example.com -> ad1535hlgg914unuuaei9jfh4ofr44uo.  covered by optout
+ac1535hlgg914unuuaei9jfh4ofr44uo.example.com. IN NSEC3 1 1 0 - ae1535hlgg914unuuaei9jfh4ofr44uo NS RRSIG
+ac1535hlgg914unuuaei9jfh4ofr44uo.example.com.	3600	IN	RRSIG	NSEC3 7 3 3600 20070926134150 20070829134150 57024 example.com. imoxsXE1c3FaXu6uSantJfMPGBgsauf1GhmNpS1lLuaNRjXOhf1PDXwt/GoD/dm2GXJAlWT8u6EK3RXkFwlDIsP7vYFuDfUNCQ/hvYq300sXl1nfW0O1bsoBJahQJuNM+xcbwbnQf0krCTxNthyi2cuiY7RYug6ZTZ3gz4DMkhU= ;{id = 57024}
+ENTRY_END
+
+RANGE_END
+
+STEP 1 QUERY
+ENTRY_BEGIN
+REPLY RD DO
+SECTION QUESTION
+sub.example.com. IN MX
+ENTRY_END
+
+; recursion happens here.
+; no AD flag on this because an optout NSEC3 is used.
+STEP 10 CHECK_ANSWER
+ENTRY_BEGIN
+MATCH all
+REPLY QR RD RA DO NOERROR
+SECTION QUESTION
+sub.example.com. IN MX
+SECTION ANSWER
+SECTION AUTHORITY
+example.com. IN SOA ns.example.com. noc.example.com. 2009310622 1800 900 604800 86400
+example.com.    3600    IN      RRSIG   SOA 7 2 3600 20070926134150 20070829134150 57024 example.com. HlyER7bYPiSJ9jdjjRBucQexYr932Oor1TvxSLPWw5fuWvr/fFitKVnLqC+lqBIeOby44KiDr0rIk+ZqYjWWKNjaLm5wMfhQzbsAgGTQxmO07jnYOGQG9SI6DSbR9GJdZ7imu5sx5oo5dze73MxgLMZIethGaFMkktYN53+AzG0= ;{id = 57024}
+onib9mgub9h0rml3cdf5bgrj59dkjhvk.example.com. NSEC3 1 1 0 - pnib9mgub9h0rml3cdf5bgrj59dkjhvk NS SOA RRSIG DNSKEY NSEC3PARAM
+onib9mgub9h0rml3cdf5bgrj59dkjhvk.example.com.   3600    IN      RRSIG   NSEC3 7 3 3600 20070926134150 20070829134150 57024 example.com. jHrF+lnyRL1LE/Bwz6C+jZg3E/2qQkVSboGxya6iX71v0zA3eUsob9m9l3gHNlhwhyahbamHUKx+OMvtYuzRa+RMv4ObuLRIt8StdixeXaUU+rx7C2qCKOFsa5q4HzK4bLYPfyb5T9w67HbzHPLEllXPA7tghzyzCM9qBtbvwK4= ;{id = 57024}
+jg19n32806c832kijdnglq8p9m2r5mdj.example.com. NSEC3 1 1 0 - lg19n32806c832kijdnglq8p9m2r5mdj NS DS RRSIG
+jg19n32806c832kijdnglq8p9m2r5mdj.example.com.   3600    IN      RRSIG   NSEC3 7 3 3600 20070926134150 20070829134150 57024 example.com. f7ZSCahAuKOLXquM0jpdU6I9AX31CgGicRiB3aU4jvqQp/EygbCNn5kfpyXY0FvZvzggpl8naXSStOPN9dy3bb0NwGQkJcYD94NEw307T8uEunOvx1ug5TuakBAwqjY8xKM3xab3LnWYRtx4zdln/3ZDHvBUwfzkxUZrzeKjpiI= ;{id = 57024}
+SECTION ADDITIONAL
+ENTRY_END
+
+STEP 20 QUERY
+ENTRY_BEGIN
+REPLY RD DO
+SECTION QUESTION
+sub.example.com. IN DS
+ENTRY_END
+
+; recursion happens here.
+; no AD flag here because of RFC5155 9.2 section.
+; even though we are sure there is no DS, this is what the RFC says.
+STEP 30 CHECK_ANSWER
+ENTRY_BEGIN
+MATCH all
+REPLY QR RD RA DO NOERROR
+SECTION QUESTION
+sub.example.com. IN DS
+SECTION ANSWER
+SECTION AUTHORITY
+example.com. IN SOA ns.example.com. noc.example.com. 2009310622 1800 900 604800 86400
+example.com.    3600    IN      RRSIG   SOA 7 2 3600 20070926134150 20070829134150 57024 example.com. HlyER7bYPiSJ9jdjjRBucQexYr932Oor1TvxSLPWw5fuWvr/fFitKVnLqC+lqBIeOby44KiDr0rIk+ZqYjWWKNjaLm5wMfhQzbsAgGTQxmO07jnYOGQG9SI6DSbR9GJdZ7imu5sx5oo5dze73MxgLMZIethGaFMkktYN53+AzG0= ;{id = 57024}
+onib9mgub9h0rml3cdf5bgrj59dkjhvk.example.com. NSEC3 1 1 0 - pnib9mgub9h0rml3cdf5bgrj59dkjhvk NS SOA RRSIG DNSKEY NSEC3PARAM
+onib9mgub9h0rml3cdf5bgrj59dkjhvk.example.com.   3600    IN      RRSIG   NSEC3 7 3 3600 20070926134150 20070829134150 57024 example.com. jHrF+lnyRL1LE/Bwz6C+jZg3E/2qQkVSboGxya6iX71v0zA3eUsob9m9l3gHNlhwhyahbamHUKx+OMvtYuzRa+RMv4ObuLRIt8StdixeXaUU+rx7C2qCKOFsa5q4HzK4bLYPfyb5T9w67HbzHPLEllXPA7tghzyzCM9qBtbvwK4= ;{id = 57024}
+jg19n32806c832kijdnglq8p9m2r5mdj.example.com. NSEC3 1 1 0 - lg19n32806c832kijdnglq8p9m2r5mdj NS DS RRSIG
+jg19n32806c832kijdnglq8p9m2r5mdj.example.com.   3600    IN      RRSIG   NSEC3 7 3 3600 20070926134150 20070829134150 57024 example.com. f7ZSCahAuKOLXquM0jpdU6I9AX31CgGicRiB3aU4jvqQp/EygbCNn5kfpyXY0FvZvzggpl8naXSStOPN9dy3bb0NwGQkJcYD94NEw307T8uEunOvx1ug5TuakBAwqjY8xKM3xab3LnWYRtx4zdln/3ZDHvBUwfzkxUZrzeKjpiI= ;{id = 57024}
+SECTION ADDITIONAL
+ENTRY_END
+
+STEP 40 QUERY
+ENTRY_BEGIN
+REPLY RD DO
+SECTION QUESTION
+rub.example.com. IN A
+ENTRY_END
+
+; recursion happens here.
+; no AD flag here because of RFC5155 9.2 section.
+; also for NXDOMAIN
+STEP 50 CHECK_ANSWER
+ENTRY_BEGIN
+MATCH all
+REPLY QR RD RA DO NXDOMAIN
+SECTION QUESTION
+rub.example.com. IN A
+SECTION ANSWER
+SECTION AUTHORITY
+example.com. IN SOA ns.example.com. noc.example.com. 2009310622 1800 900 604800 86400
+example.com.    3600    IN      RRSIG   SOA 7 2 3600 20070926134150 20070829134150 57024 example.com. HlyER7bYPiSJ9jdjjRBucQexYr932Oor1TvxSLPWw5fuWvr/fFitKVnLqC+lqBIeOby44KiDr0rIk+ZqYjWWKNjaLm5wMfhQzbsAgGTQxmO07jnYOGQG9SI6DSbR9GJdZ7imu5sx5oo5dze73MxgLMZIethGaFMkktYN53+AzG0= ;{id = 57024}
+onib9mgub9h0rml3cdf5bgrj59dkjhvk.example.com. NSEC3 1 1 0 - pnib9mgub9h0rml3cdf5bgrj59dkjhvk NS SOA RRSIG DNSKEY NSEC3PARAM
+onib9mgub9h0rml3cdf5bgrj59dkjhvk.example.com.   3600    IN      RRSIG   NSEC3 7 3 3600 20070926134150 20070829134150 57024 example.com. jHrF+lnyRL1LE/Bwz6C+jZg3E/2qQkVSboGxya6iX71v0zA3eUsob9m9l3gHNlhwhyahbamHUKx+OMvtYuzRa+RMv4ObuLRIt8StdixeXaUU+rx7C2qCKOFsa5q4HzK4bLYPfyb5T9w67HbzHPLEllXPA7tghzyzCM9qBtbvwK4= ;{id = 57024}
+22bqk3tb4foaenfbp1v0pdk6mor3r7vo.example.com. NSEC3 1 1 0 - f2bqk3tb4foaenfbp1v0pdk6mor3r7vo NS RRSIG
+22bqk3tb4foaenfbp1v0pdk6mor3r7vo.example.com.	3600	IN	RRSIG	NSEC3 7 3 3600 20070926134150 20070829134150 57024 example.com. jk6EYU9qTrmNeeKuQRG7iKyfNJnBt45MToPVpAQ+LoGDC3muy4bkWeKspj68cN9E5wNijfmm1eFK3khSSEnM50mfJbpiwlbKgL0VZz33Zn+Wu8b7sTtdDwDH7MUBLRwHeb7W+NtQIEXPLs4Z3BXHzAXy5ZpSjQ3PJZn6zBx4/dw= ;{id = 57024}
+SECTION ADDITIONAL
+ENTRY_END
+
+STEP 60 QUERY
+ENTRY_BEGIN
+REPLY RD DO
+SECTION QUESTION
+a.wild.example.com. IN A
+ENTRY_END
+
+; query is a wildcard expansion, covered by optout.
+; hence it is without AD flag (even though we are sure this wildcard exists,
+; we are not sure that there is no delegation covered by the optout span
+; with the name a.wild.example.com).
+STEP 70 CHECK_ANSWER
+ENTRY_BEGIN
+MATCH all
+REPLY QR RD RA DO NOERROR
+SECTION QUESTION
+a.wild.example.com. IN A
+SECTION ANSWER
+a.wild.example.com. IN A 77.88.99.0
+a.wild.example.com.	3600	IN	RRSIG	A 7 3 3600 20070926134150 20070829134150 57024 example.com. GWV6cQprrpAsaYla5z7N9tppdb+X0ZjOsiWBuBueSACHU8CzsYPMbwKUZlTNbQ4mSVRRDa0rM1niYoZF9oqyAfbn5HBLi62TRjrBLHfvatDgSiZCa4mauUfzUS+U7FfUXikNIigG0aN0xdpJ//urmecjNSKg2aW4M0DYsm7keMI= ;{id = 57024}
+SECTION AUTHORITY
+ac1535hlgg914unuuaei9jfh4ofr44uo.example.com. IN NSEC3 1 1 0 - ae1535hlgg914unuuaei9jfh4ofr44uo NS RRSIG
+ac1535hlgg914unuuaei9jfh4ofr44uo.example.com.	3600	IN	RRSIG	NSEC3 7 3 3600 20070926134150 20070829134150 57024 example.com. imoxsXE1c3FaXu6uSantJfMPGBgsauf1GhmNpS1lLuaNRjXOhf1PDXwt/GoD/dm2GXJAlWT8u6EK3RXkFwlDIsP7vYFuDfUNCQ/hvYq300sXl1nfW0O1bsoBJahQJuNM+xcbwbnQf0krCTxNthyi2cuiY7RYug6ZTZ3gz4DMkhU= ;{id = 57024}
+8aeigskl5tmraedgji7v1lqbmqs8qv7u.example.com. IN NSEC3 1 1 0 - 9aeigskl5tmraedgji7v1lqbmqs8qv7u
+8aeigskl5tmraedgji7v1lqbmqs8qv7u.example.com.	3600	IN	RRSIG	NSEC3 7 3 3600 20070926134150 20070829134150 57024 example.com. afV7c9knpxmD5c6UKrqw5J/06eokPwSb3HZi3TI63tzFcswuMjj4d7NKJmdpA+uo0aweVZgcOp+O+v9urgNYNYbxOy02qqOetLph8YWH7MQTftaGBwKD7gZMbnUArryPCtrlJz0i0GzoWvVTZnsjrrlDtP/ogLDnCKyi7Q0si+k= ;{id = 57024}
+ENTRY_END
+
+STEP 80 QUERY
+ENTRY_BEGIN
+REPLY RD DO
+SECTION QUESTION
+a.wild.example.com. IN MX
+ENTRY_END
+
+; nodata wildcard expansion, we are sure that the wildcard does not have
+; the data that is requested, but there an optout flag set on the wildcard
+; expansion denial, thus we are not sure of a.wild.example.com delegation
+; under the optout.
+STEP 90 CHECK_ANSWER
+ENTRY_BEGIN
+MATCH all
+REPLY QR RD RA DO NOERROR
+SECTION QUESTION
+a.wild.example.com. IN MX
+SECTION ANSWER
+SECTION AUTHORITY
+example.com. IN SOA ns.example.com. noc.example.com. 2009310622 1800 900 604800 86400
+example.com.	3600	IN	RRSIG	SOA 7 2 3600 20070926134150 20070829134150 57024 example.com. HlyER7bYPiSJ9jdjjRBucQexYr932Oor1TvxSLPWw5fuWvr/fFitKVnLqC+lqBIeOby44KiDr0rIk+ZqYjWWKNjaLm5wMfhQzbsAgGTQxmO07jnYOGQG9SI6DSbR9GJdZ7imu5sx5oo5dze73MxgLMZIethGaFMkktYN53+AzG0= ;{id = 57024}
+nvec78au1hpuma9eebeji5n06eq33gbk.example.com. IN NSEC3 1 1 0 - ovec78au1hpuma9eebeji5n06eq33gbk A RRSIG
+nvec78au1hpuma9eebeji5n06eq33gbk.example.com.	3600	IN	RRSIG	NSEC3 7 3 3600 20070926134150 20070829134150 57024 example.com. jE+b5p+stQumm+tLZdaBT+KBpwYI7wRXijRHWcqiUp2SY1uV7HxBdW8aedVTqpFe8kYbMUgI3pCOAitmiI9R6SJg3q7022QOb9y+0/xSmIDqxATVPTJbkzVBInfWrulRtn7o3HmOyoIc9/w7NnNxFYpwtFL08jTBRr8XRTWDM7Q= ;{id = 57024}
+8aeigskl5tmraedgji7v1lqbmqs8qv7u.example.com. IN NSEC3 1 1 0 - 9aeigskl5tmraedgji7v1lqbmqs8qv7u
+8aeigskl5tmraedgji7v1lqbmqs8qv7u.example.com.	3600	IN	RRSIG	NSEC3 7 3 3600 20070926134150 20070829134150 57024 example.com. afV7c9knpxmD5c6UKrqw5J/06eokPwSb3HZi3TI63tzFcswuMjj4d7NKJmdpA+uo0aweVZgcOp+O+v9urgNYNYbxOy02qqOetLph8YWH7MQTftaGBwKD7gZMbnUArryPCtrlJz0i0GzoWvVTZnsjrrlDtP/ogLDnCKyi7Q0si+k= ;{id = 57024}
+ac1535hlgg914unuuaei9jfh4ofr44uo.example.com. IN NSEC3 1 1 0 - ae1535hlgg914unuuaei9jfh4ofr44uo NS RRSIG
+ac1535hlgg914unuuaei9jfh4ofr44uo.example.com.	3600	IN	RRSIG	NSEC3 7 3 3600 20070926134150 20070829134150 57024 example.com. imoxsXE1c3FaXu6uSantJfMPGBgsauf1GhmNpS1lLuaNRjXOhf1PDXwt/GoD/dm2GXJAlWT8u6EK3RXkFwlDIsP7vYFuDfUNCQ/hvYq300sXl1nfW0O1bsoBJahQJuNM+xcbwbnQf0krCTxNthyi2cuiY7RYug6ZTZ3gz4DMkhU= ;{id = 57024}
+ENTRY_END
+
+SCENARIO_END
diff --git a/src/test/resources/unbound/val_nsec3_optout_cache.rpl b/src/test/resources/unbound/val_nsec3_optout_cache.rpl
new file mode 100644
index 000000000..215cca676
--- /dev/null
+++ b/src/test/resources/unbound/val_nsec3_optout_cache.rpl
@@ -0,0 +1,280 @@
+; config options
+; The island of trust is at example.com
+server:
+	trust-anchor: "example.com.    3600    IN      DS      2854 3 1 46e4ffc6e9a4793b488954bd3f0cc6af0dfb201b"
+	val-override-date: "20070916134226"
+	target-fetch-policy: "0 0 0 0 0"
+	fake-sha1: yes
+	trust-anchor-signaling: no
+
+stub-zone:
+	name: "."
+	stub-addr: 193.0.14.129 	# K.ROOT-SERVERS.NET.
+CONFIG_END
+
+SCENARIO_BEGIN Test validator with NSEC3 span change and cache effects.
+
+; K.ROOT-SERVERS.NET.
+RANGE_BEGIN 0 100
+	ADDRESS 193.0.14.129 
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+. IN NS
+SECTION ANSWER
+. IN NS	K.ROOT-SERVERS.NET.
+SECTION ADDITIONAL
+K.ROOT-SERVERS.NET.	IN	A	193.0.14.129
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode subdomain
+ADJUST copy_id copy_query
+REPLY QR NOERROR
+SECTION QUESTION
+com. IN A
+SECTION AUTHORITY
+com.	IN NS	a.gtld-servers.net.
+SECTION ADDITIONAL
+a.gtld-servers.net.	IN 	A	192.5.6.30
+ENTRY_END
+RANGE_END
+
+; a.gtld-servers.net.
+RANGE_BEGIN 0 100
+	ADDRESS 192.5.6.30
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+com. IN NS
+SECTION ANSWER
+com.    IN NS   a.gtld-servers.net.
+SECTION ADDITIONAL
+a.gtld-servers.net.     IN      A       192.5.6.30
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode subdomain
+ADJUST copy_id copy_query
+REPLY QR NOERROR
+SECTION QUESTION
+example.com. IN A
+SECTION AUTHORITY
+example.com.	IN NS	ns.example.com.
+SECTION ADDITIONAL
+ns.example.com.		IN 	A	1.2.3.4
+ENTRY_END
+RANGE_END
+
+; ns.example.com.
+RANGE_BEGIN 0 100
+	ADDRESS 1.2.3.4
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+example.com. IN NS
+SECTION ANSWER
+example.com.    IN NS   ns.example.com.
+example.com.    3600    IN      RRSIG   NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854}
+SECTION ADDITIONAL
+ns.example.com.         IN      A       1.2.3.4
+ns.example.com. 3600    IN      RRSIG   A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854}
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR AA NOERROR
+SECTION QUESTION
+ns.example.com. IN AAAA
+SECTION ANSWER
+; blacklisted address to stop it from using it, the negative answer uses its
+; nsec3-hash which is alittle inconvenient
+; ns.example.com. -> 7l9dbddmge35f7vr9mec78dqr6l3236k.
+ns.example.com. IN AAAA ::1
+ns.example.com. 3600    IN      RRSIG   AAAA 3 3 3600 20070926135752 20070829135752 2854 example.com. AExGBc6JU/xwwoSIeK/DtX8kr7AgOecx5Z2FnRiz/YSpnWGnFDt26ec=
+ENTRY_END
+
+; response to DNSKEY priming query
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+example.com. IN DNSKEY
+SECTION ANSWER
+example.com.    3600    IN      DNSKEY  256 3 3 ALXLUsWqUrY3JYER3T4TBJII s70j+sDS/UT2QRp61SE7S3E EXopNXoFE73JLRmvpi/UrOO/Vz4Se 6wXv/CYCKjGw06U4WRgR YXcpEhJROyNapmdIKSx hOzfLVE1gqA0PweZR8d tY3aNQSRn3sPpwJr6Mi /PqQKAMMrZ9ckJpf1+b QMOOvxgzz2U1GS18b3y ZKcgTMEaJzd/GZYzi/B N2DzQ0MsrSwYXfsNLFO Bbs8PJMW4LYIxeeOe6rUgkWOF 7CC9Dh/dduQ1QrsJhmZAEFfd6ByYV+ ;{id = 2854 (zsk), size = 1688b}
+example.com.    3600    IN      RRSIG   DNSKEY 3 2 3600 20070926134802 20070829134802 2854 example.com. MCwCFG1yhRNtTEa3Eno2zhVVuy2EJX3wAhQeLyUp6+UXcpC5qGNu9tkrTEgPUg== ;{id = 2854}
+SECTION AUTHORITY
+example.com.	IN NS	ns.example.com.
+example.com.    3600    IN      RRSIG   NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854}
+SECTION ADDITIONAL
+ns.example.com.		IN 	A	1.2.3.4
+ns.example.com. 3600    IN      RRSIG   A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854}
+ENTRY_END
+
+; DS query
+ENTRY_BEGIN
+MATCH opcode qname qtype
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+sub.example.com. IN DS
+SECTION AUTHORITY
+example.com. IN SOA a. b. 1 2 3 4 5
+example.com.    3600    IN      RRSIG   SOA 3 2 3600 20070926135752 20070829135752 2854 example.com. AAkQt1yoMF7s4gCYlojFzi0ubw6Uo4uWPSJTz6Dp/2iWUVDbxDKpy+E=
+
+; sub.example.com. -> 8r1f0ieoutlnjc03meng9e3bn2n0o9pd.
+; example.com. -> b6fuorg741ufili49mg9j4328ig53sqg.
+; proof that there is no DS here.
+; ce:
+b6fuorg741ufili49mg9j4328ig53sqg.example.com. IN NSEC3 1 1 123 aabb00123456bbccdd b6fuorg741ufili49mg9j4328ig53sqh NS SOA DNSKEY NSEC3PARAM RRSIG
+b6fuorg741ufili49mg9j4328ig53sqg.example.com.   3600    IN      RRSIG   NSEC3 3 3 3600 20070926135752 20070829135752 2854 example.com. AKHQ0gnNP5WDab1yqbd+Bt12CSSff88sqeDR40dvhiWOcYA8mmyjYNA=
+
+; span around sub.example.com., same span as foo.example.com, but it has
+; just changed and it is now larger to accomodate sub.example.com.
+6obgmo062d9935unjnnj2su5otaj9334.example.com. IN NSEC3 1 1 123 aabb00123456bbccdd 9r1f0ieoutlnjc03meng9e3bn2n0o9pd NS DS RRSIG
+6obgmo062d9935unjnnj2su5otaj9334.example.com.   3600    IN      RRSIG   NSEC3 3 3 3600 20070926135752 20070829135752 2854 example.com. ABzruSKUUcJRNlYDqZ4UmQH/WnzeXt9Gozp3chS4cR0sqsEeGjL54eQ=
+
+; span around sub.example.com. from previous delegation in nsec3-chain
+;7r1f0ieoutlnjc03meng9e3bn2n0o9pd.example.com. IN NSEC3 1 1 123 aabb00123456bbccdd 9r1f0ieoutlnjc03meng9e3bn2n0o9pd NS DS RRSIG
+;7r1f0ieoutlnjc03meng9e3bn2n0o9pd.example.com.   3600    IN      RRSIG   NSEC3 3 3 3600 20070926135752 20070829135752 2854 example.com. AF2FOKiIfOV9KrDTuP4RwnDI6lZnmhRHE+HAh8UHEq87uakYUEHfGUY=
+ENTRY_END
+
+; refer to server one down
+ENTRY_BEGIN
+MATCH opcode subdomain
+ADJUST copy_id copy_query
+REPLY QR NOERROR
+SECTION QUESTION
+sub.example.com. IN A
+SECTION AUTHORITY
+sub.example.com. IN NS ns.sub.example.com.
+; sub.example.com. -> 8r1f0ieoutlnjc03meng9e3bn2n0o9pd.
+; example.com. -> b6fuorg741ufili49mg9j4328ig53sqg.
+; proof that there is no DS here.
+; ce:
+b6fuorg741ufili49mg9j4328ig53sqg.example.com. IN NSEC3 1 1 123 aabb00123456bbccdd b6fuorg741ufili49mg9j4328ig53sqh NS SOA DNSKEY NSEC3PARAM RRSIG
+b6fuorg741ufili49mg9j4328ig53sqg.example.com.   3600    IN      RRSIG   NSEC3 3 3 3600 20070926135752 20070829135752 2854 example.com. AKHQ0gnNP5WDab1yqbd+Bt12CSSff88sqeDR40dvhiWOcYA8mmyjYNA=
+
+; span around sub.example.com., same span as foo.example.com, but it has
+; just changed and it is now larger to accomodate sub.example.com.
+6obgmo062d9935unjnnj2su5otaj9334.example.com. IN NSEC3 1 1 123 aabb00123456bbccdd 9r1f0ieoutlnjc03meng9e3bn2n0o9pd NS DS RRSIG
+6obgmo062d9935unjnnj2su5otaj9334.example.com.   3600    IN      RRSIG   NSEC3 3 3 3600 20070926135752 20070829135752 2854 example.com. ABzruSKUUcJRNlYDqZ4UmQH/WnzeXt9Gozp3chS4cR0sqsEeGjL54eQ=
+
+; span around sub.example.com. from previous delegation in nsec3-chain
+;7r1f0ieoutlnjc03meng9e3bn2n0o9pd.example.com. IN NSEC3 1 1 123 aabb00123456bbccdd 9r1f0ieoutlnjc03meng9e3bn2n0o9pd NS DS RRSIG
+;7r1f0ieoutlnjc03meng9e3bn2n0o9pd.example.com.   3600    IN      RRSIG   NSEC3 3 3 3600 20070926135752 20070829135752 2854 example.com. AF2FOKiIfOV9KrDTuP4RwnDI6lZnmhRHE+HAh8UHEq87uakYUEHfGUY=
+
+SECTION ADDITIONAL
+ns.sub.example.com. IN A 1.2.3.10
+ENTRY_END
+
+; refer to server one down
+ENTRY_BEGIN
+MATCH opcode subdomain
+ADJUST copy_id copy_query
+REPLY QR NOERROR
+SECTION QUESTION
+foo.example.com. IN A
+SECTION AUTHORITY
+foo.example.com. IN NS ns.sub.example.com.
+; sub.example.com. -> 8r1f0ieoutlnjc03meng9e3bn2n0o9pd.
+; foo.example.com. -> 7obgmo062d9935unjnnj2su5otaj9334.
+; example.com. -> b6fuorg741ufili49mg9j4328ig53sqg.
+; proof that there is no DS here.
+; ce:
+b6fuorg741ufili49mg9j4328ig53sqg.example.com. IN NSEC3 1 1 123 aabb00123456bbccdd b6fuorg741ufili49mg9j4328ig53sqh NS SOA DNSKEY NSEC3PARAM RRSIG
+b6fuorg741ufili49mg9j4328ig53sqg.example.com.   3600    IN      RRSIG   NSEC3 3 3 3600 20070926135752 20070829135752 2854 example.com. AKHQ0gnNP5WDab1yqbd+Bt12CSSff88sqeDR40dvhiWOcYA8mmyjYNA=
+
+; span around sub.example.com. from previous delegation in nsec3-chain
+; note it does not cover sub.example.com.
+6obgmo062d9935unjnnj2su5otaj9334.example.com. IN NSEC3 1 1 123 aabb00123456bbccdd 7r1f0ieoutlnjc03meng9e3bn2n0o9pd NS DS RRSIG
+6obgmo062d9935unjnnj2su5otaj9334.example.com.   3600    IN      RRSIG   NSEC3 3 3 3600 20070926135752 20070829135752 2854 example.com. ABQZ49PmeXGxUmMebbKcYI/Y3mhMdlHmshohKTbGhEsNF11OjPYmr9c=
+
+SECTION ADDITIONAL
+ns.sub.example.com. IN A 1.2.3.10
+ENTRY_END
+
+RANGE_END
+
+; ns.sub.example.com.
+RANGE_BEGIN 0 100
+	ADDRESS 1.2.3.10
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR REFUSED
+SECTION QUESTION
+sub.example.com. IN NS
+SECTION ANSWER
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+www.sub.example.com. IN A
+SECTION ANSWER
+www.sub.example.com. IN A 1.2.3.123
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+www.foo.example.com. IN A
+SECTION ANSWER
+www.foo.example.com. IN A 1.2.3.124
+ENTRY_END
+RANGE_END
+
+STEP 1 QUERY
+ENTRY_BEGIN
+REPLY RD DO
+SECTION QUESTION
+www.foo.example.com. IN A
+ENTRY_END
+
+; recursion happens here.
+STEP 10 CHECK_ANSWER
+ENTRY_BEGIN
+MATCH all
+REPLY QR RD RA DO NOERROR
+SECTION QUESTION
+www.foo.example.com. IN A
+SECTION ANSWER
+www.foo.example.com. IN A 1.2.3.124
+SECTION AUTHORITY
+SECTION ADDITIONAL
+ENTRY_END
+
+STEP 20 QUERY
+ENTRY_BEGIN
+REPLY RD DO
+SECTION QUESTION
+www.sub.example.com. IN A
+ENTRY_END
+
+; recursion happens here.
+STEP 30 CHECK_ANSWER
+ENTRY_BEGIN
+MATCH all
+REPLY QR RD RA DO NOERROR
+SECTION QUESTION
+www.sub.example.com. IN A
+SECTION ANSWER
+www.sub.example.com. IN A 1.2.3.123
+SECTION AUTHORITY
+SECTION ADDITIONAL
+ENTRY_END
+
+SCENARIO_END
diff --git a/src/test/resources/unbound/val_nsec3_wcany.rpl b/src/test/resources/unbound/val_nsec3_wcany.rpl
new file mode 100644
index 000000000..24bdaeb18
--- /dev/null
+++ b/src/test/resources/unbound/val_nsec3_wcany.rpl
@@ -0,0 +1,162 @@
+; config options
+; The island of trust is at example.com
+server:
+	trust-anchor: "example.com.    3600    IN      DS      2854 3 1 46e4ffc6e9a4793b488954bd3f0cc6af0dfb201b"
+	val-override-date: "20070916134226"
+	target-fetch-policy: "0 0 0 0 0"
+	qname-minimisation: "no"
+	fake-sha1: yes
+	trust-anchor-signaling: no
+
+stub-zone:
+	name: "."
+	stub-addr: 193.0.14.129 	# K.ROOT-SERVERS.NET.
+CONFIG_END
+
+SCENARIO_BEGIN Test validator with NSEC3 wildcard qtype ANY response.
+
+; K.ROOT-SERVERS.NET.
+RANGE_BEGIN 0 100
+	ADDRESS 193.0.14.129 
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+. IN NS
+SECTION ANSWER
+. IN NS	K.ROOT-SERVERS.NET.
+SECTION ADDITIONAL
+K.ROOT-SERVERS.NET.	IN	A	193.0.14.129
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+www.example.com. IN ANY
+SECTION AUTHORITY
+com.	IN NS	a.gtld-servers.net.
+SECTION ADDITIONAL
+a.gtld-servers.net.	IN 	A	192.5.6.30
+ENTRY_END
+RANGE_END
+
+; a.gtld-servers.net.
+RANGE_BEGIN 0 100
+	ADDRESS 192.5.6.30
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+com. IN NS
+SECTION ANSWER
+com.    IN NS   a.gtld-servers.net.
+SECTION ADDITIONAL
+a.gtld-servers.net.     IN      A       192.5.6.30
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+www.example.com. IN ANY
+SECTION AUTHORITY
+example.com.	IN NS	ns.example.com.
+SECTION ADDITIONAL
+ns.example.com.		IN 	A	1.2.3.4
+ENTRY_END
+RANGE_END
+
+; ns.example.com.
+RANGE_BEGIN 0 100
+	ADDRESS 1.2.3.4
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+example.com. IN NS
+SECTION ANSWER
+example.com.    IN NS   ns.example.com.
+example.com.    3600    IN      RRSIG   NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854}
+SECTION ADDITIONAL
+ns.example.com.         IN      A       1.2.3.4
+ns.example.com. 3600    IN      RRSIG   A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854}
+ENTRY_END
+
+; response to DNSKEY priming query
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+example.com. IN DNSKEY
+SECTION ANSWER
+example.com.    3600    IN      DNSKEY  256 3 3 ALXLUsWqUrY3JYER3T4TBJII s70j+sDS/UT2QRp61SE7S3E EXopNXoFE73JLRmvpi/UrOO/Vz4Se 6wXv/CYCKjGw06U4WRgR YXcpEhJROyNapmdIKSx hOzfLVE1gqA0PweZR8d tY3aNQSRn3sPpwJr6Mi /PqQKAMMrZ9ckJpf1+b QMOOvxgzz2U1GS18b3y ZKcgTMEaJzd/GZYzi/B N2DzQ0MsrSwYXfsNLFO Bbs8PJMW4LYIxeeOe6rUgkWOF 7CC9Dh/dduQ1QrsJhmZAEFfd6ByYV+ ;{id = 2854 (zsk), size = 1688b}
+example.com.    3600    IN      RRSIG   DNSKEY 3 2 3600 20070926134802 20070829134802 2854 example.com. MCwCFG1yhRNtTEa3Eno2zhVVuy2EJX3wAhQeLyUp6+UXcpC5qGNu9tkrTEgPUg== ;{id = 2854}
+SECTION AUTHORITY
+example.com.	IN NS	ns.example.com.
+example.com.    3600    IN      RRSIG   NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854}
+SECTION ADDITIONAL
+ns.example.com.		IN 	A	1.2.3.4
+ns.example.com. 3600    IN      RRSIG   A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854}
+ENTRY_END
+
+; response to query of interest
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+www.example.com. IN ANY
+SECTION ANSWER
+; *.example.com. IN A 1.2.3.123
+; *.example.com. IN AAAA ::5
+; *.example.com. IN MX 10 mail.example.com.
+www.example.com.  3600    IN      MX      10 mail.example.com.
+www.example.com.  3600    IN      RRSIG   MX 3 2 3600 20070926135752 20070829135752 2854 example.com. MCwCFBncNdBkFSOTvqF7RtZ4bZuojWF8AhQlEv7Iw8BpQ7YkZQidRDJdx+BrGw== ;{id = 2854}
+www.example.com.  3600    IN      AAAA    ::5
+www.example.com.  3600    IN      RRSIG   AAAA 3 2 3600 20070926135752 20070829135752 2854 example.com. MC0CFCWSH0WGURY1mQwpL08SN1XF9p39AhUAgwbFk0frQC62UxhNfn4pu7iq8q4= ;{id = 2854}
+www.example.com.  3600    IN      A       1.2.3.123
+www.example.com.  3600    IN      RRSIG   A 3 2 3600 20070926135752 20070829135752 2854 example.com. MCwCFCypz6dZfecwPbJ3BKrXEA7jw5kkAhRz1vprGL0idsKos8szoybKXe17Jw== ;{id = 2854}
+
+SECTION AUTHORITY
+; next closer name, H(www.example.com.) = s1unhcti19bkdr98fegs0v46mbu3t4m3.
+s1unhcti19bkdr98fegs0v46mbu3t4m2.example.com. NSEC3 1 1 123 aabb00123456bbccdd s1unhcti19bkdr98fegs0v46mbu3t4m4 A MX RRSIG
+s1unhcti19bkdr98fegs0v46mbu3t4m2.example.com.   3600    IN      RRSIG   NSEC3 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFFSH4klZKke48dYyddYDj17gjTS0AhUAltWicpFLWqW98/Af9Qlx70MH8o4= ;{id = 2854}
+
+ENTRY_END
+RANGE_END
+
+STEP 1 QUERY
+ENTRY_BEGIN
+REPLY RD DO
+SECTION QUESTION
+www.example.com. IN ANY
+ENTRY_END
+
+; recursion happens here.
+STEP 10 CHECK_ANSWER
+ENTRY_BEGIN
+MATCH all
+REPLY QR RD RA DO NOERROR
+SECTION QUESTION
+www.example.com. IN ANY
+SECTION ANSWER
+www.example.com.  3600    IN      MX      10 mail.example.com.
+www.example.com.  3600    IN      RRSIG   MX 3 2 3600 20070926135752 20070829135752 2854 example.com. MCwCFBncNdBkFSOTvqF7RtZ4bZuojWF8AhQlEv7Iw8BpQ7YkZQidRDJdx+BrGw== ;{id = 2854}
+www.example.com.  3600    IN      AAAA    ::5
+www.example.com.  3600    IN      RRSIG   AAAA 3 2 3600 20070926135752 20070829135752 2854 example.com. MC0CFCWSH0WGURY1mQwpL08SN1XF9p39AhUAgwbFk0frQC62UxhNfn4pu7iq8q4= ;{id = 2854}
+www.example.com.  3600    IN      A       1.2.3.123
+www.example.com.  3600    IN      RRSIG   A 3 2 3600 20070926135752 20070829135752 2854 example.com. MCwCFCypz6dZfecwPbJ3BKrXEA7jw5kkAhRz1vprGL0idsKos8szoybKXe17Jw== ;{id = 2854}
+SECTION AUTHORITY
+s1unhcti19bkdr98fegs0v46mbu3t4m2.example.com. NSEC3 1 1 123 aabb00123456bbccdd s1unhcti19bkdr98fegs0v46mbu3t4m4 A MX RRSIG
+s1unhcti19bkdr98fegs0v46mbu3t4m2.example.com.   3600    IN      RRSIG   NSEC3 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFFSH4klZKke48dYyddYDj17gjTS0AhUAltWicpFLWqW98/Af9Qlx70MH8o4= ;{id = 2854}
+SECTION ADDITIONAL
+ENTRY_END
+
+SCENARIO_END
diff --git a/src/test/resources/unbound/val_nsec3_wcany_nodeny.rpl b/src/test/resources/unbound/val_nsec3_wcany_nodeny.rpl
new file mode 100644
index 000000000..2e27fb502
--- /dev/null
+++ b/src/test/resources/unbound/val_nsec3_wcany_nodeny.rpl
@@ -0,0 +1,171 @@
+; config options
+; The island of trust is at example.com
+server:
+	trust-anchor: "example.com.    3600    IN      DS      2854 3 1 46e4ffc6e9a4793b488954bd3f0cc6af0dfb201b"
+	val-override-date: "20070916134226"
+	target-fetch-policy: "0 0 0 0 0"
+	qname-minimisation: "no"
+	fake-sha1: yes
+	trust-anchor-signaling: no
+
+stub-zone:
+	name: "."
+	stub-addr: 193.0.14.129 	# K.ROOT-SERVERS.NET.
+CONFIG_END
+
+SCENARIO_BEGIN Test validator with NSEC3 wildcard qtype ANY without denial.
+
+; K.ROOT-SERVERS.NET.
+RANGE_BEGIN 0 100
+	ADDRESS 193.0.14.129 
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+. IN NS
+SECTION ANSWER
+. IN NS	K.ROOT-SERVERS.NET.
+SECTION ADDITIONAL
+K.ROOT-SERVERS.NET.	IN	A	193.0.14.129
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+www.example.com. IN ANY
+SECTION AUTHORITY
+com.	IN NS	a.gtld-servers.net.
+SECTION ADDITIONAL
+a.gtld-servers.net.	IN 	A	192.5.6.30
+ENTRY_END
+RANGE_END
+
+; a.gtld-servers.net.
+RANGE_BEGIN 0 100
+	ADDRESS 192.5.6.30
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+com. IN NS
+SECTION ANSWER
+com.    IN NS   a.gtld-servers.net.
+SECTION ADDITIONAL
+a.gtld-servers.net.     IN      A       192.5.6.30
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode subdomain
+ADJUST copy_id copy_query
+REPLY QR NOERROR
+SECTION QUESTION
+example.com. IN ANY
+SECTION AUTHORITY
+example.com.	IN NS	ns.example.com.
+SECTION ADDITIONAL
+ns.example.com.		IN 	A	1.2.3.4
+ENTRY_END
+RANGE_END
+
+; ns.example.com.
+RANGE_BEGIN 0 100
+	ADDRESS 1.2.3.4
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR AA REFUSED
+SECTION QUESTION
+ns.example.com. IN A
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR AA REFUSED
+SECTION QUESTION
+ns.example.com. IN AAAA
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+example.com. IN NS
+SECTION ANSWER
+example.com.    IN NS   ns.example.com.
+example.com.    3600    IN      RRSIG   NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854}
+SECTION ADDITIONAL
+ns.example.com.         IN      A       1.2.3.4
+ns.example.com. 3600    IN      RRSIG   A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854}
+ENTRY_END
+
+; response to DNSKEY priming query
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+example.com. IN DNSKEY
+SECTION ANSWER
+example.com.    3600    IN      DNSKEY  256 3 3 ALXLUsWqUrY3JYER3T4TBJII s70j+sDS/UT2QRp61SE7S3E EXopNXoFE73JLRmvpi/UrOO/Vz4Se 6wXv/CYCKjGw06U4WRgR YXcpEhJROyNapmdIKSx hOzfLVE1gqA0PweZR8d tY3aNQSRn3sPpwJr6Mi /PqQKAMMrZ9ckJpf1+b QMOOvxgzz2U1GS18b3y ZKcgTMEaJzd/GZYzi/B N2DzQ0MsrSwYXfsNLFO Bbs8PJMW4LYIxeeOe6rUgkWOF 7CC9Dh/dduQ1QrsJhmZAEFfd6ByYV+ ;{id = 2854 (zsk), size = 1688b}
+example.com.    3600    IN      RRSIG   DNSKEY 3 2 3600 20070926134802 20070829134802 2854 example.com. MCwCFG1yhRNtTEa3Eno2zhVVuy2EJX3wAhQeLyUp6+UXcpC5qGNu9tkrTEgPUg== ;{id = 2854}
+SECTION AUTHORITY
+example.com.	IN NS	ns.example.com.
+example.com.    3600    IN      RRSIG   NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854}
+SECTION ADDITIONAL
+ns.example.com.		IN 	A	1.2.3.4
+ns.example.com. 3600    IN      RRSIG   A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854}
+ENTRY_END
+
+; response to query of interest
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+www.example.com. IN ANY
+SECTION ANSWER
+; *.example.com. IN A 1.2.3.123
+; *.example.com. IN AAAA ::5
+; *.example.com. IN MX 10 mail.example.com.
+www.example.com.  3600    IN      MX      10 mail.example.com.
+www.example.com.  3600    IN      RRSIG   MX 3 2 3600 20070926135752 20070829135752 2854 example.com. MCwCFBncNdBkFSOTvqF7RtZ4bZuojWF8AhQlEv7Iw8BpQ7YkZQidRDJdx+BrGw== ;{id = 2854}
+www.example.com.  3600    IN      AAAA    ::5
+www.example.com.  3600    IN      RRSIG   AAAA 3 2 3600 20070926135752 20070829135752 2854 example.com. MC0CFCWSH0WGURY1mQwpL08SN1XF9p39AhUAgwbFk0frQC62UxhNfn4pu7iq8q4= ;{id = 2854}
+www.example.com.  3600    IN      A       1.2.3.123
+www.example.com.  3600    IN      RRSIG   A 3 2 3600 20070926135752 20070829135752 2854 example.com. MCwCFCypz6dZfecwPbJ3BKrXEA7jw5kkAhRz1vprGL0idsKos8szoybKXe17Jw== ;{id = 2854}
+
+SECTION AUTHORITY
+; no qname denial!
+; next closer name, H(www.example.com.) = s1unhcti19bkdr98fegs0v46mbu3t4m3.
+;s1unhcti19bkdr98fegs0v46mbu3t4m2.example.com. NSEC3 1 1 123 aabb00123456bbccdd s1unhcti19bkdr98fegs0v46mbu3t4m4 A MX RRSIG
+;s1unhcti19bkdr98fegs0v46mbu3t4m2.example.com.   3600    IN      RRSIG   NSEC3 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFFSH4klZKke48dYyddYDj17gjTS0AhUAltWicpFLWqW98/Af9Qlx70MH8o4= ;{id = 2854}
+
+ENTRY_END
+RANGE_END
+
+STEP 1 QUERY
+ENTRY_BEGIN
+REPLY RD
+SECTION QUESTION
+www.example.com. IN ANY
+ENTRY_END
+
+; recursion happens here.
+STEP 10 CHECK_ANSWER
+ENTRY_BEGIN
+MATCH all
+REPLY QR RD RA SERVFAIL
+SECTION QUESTION
+www.example.com. IN ANY
+SECTION ANSWER
+SECTION AUTHORITY
+SECTION ADDITIONAL
+ENTRY_END
+
+SCENARIO_END
diff --git a/src/test/resources/unbound/val_nx.rpl b/src/test/resources/unbound/val_nx.rpl
new file mode 100644
index 000000000..d0e4bb339
--- /dev/null
+++ b/src/test/resources/unbound/val_nx.rpl
@@ -0,0 +1,155 @@
+; config options
+; The island of trust is at example.com
+server:
+	trust-anchor: "example.com.    3600    IN      DS      2854 3 1 46e4ffc6e9a4793b488954bd3f0cc6af0dfb201b"
+	val-override-date: "20070916134226"
+	target-fetch-policy: "0 0 0 0 0"
+	qname-minimisation: "no"
+	fake-sha1: yes
+	trust-anchor-signaling: no
+
+stub-zone:
+	name: "."
+	stub-addr: 193.0.14.129 	# K.ROOT-SERVERS.NET.
+CONFIG_END
+
+SCENARIO_BEGIN Test validator with nxdomain response
+
+; K.ROOT-SERVERS.NET.
+RANGE_BEGIN 0 100
+	ADDRESS 193.0.14.129 
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+. IN NS
+SECTION ANSWER
+. IN NS	K.ROOT-SERVERS.NET.
+SECTION ADDITIONAL
+K.ROOT-SERVERS.NET.	IN	A	193.0.14.129
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+www.example.com. IN A
+SECTION AUTHORITY
+com.	IN NS	a.gtld-servers.net.
+SECTION ADDITIONAL
+a.gtld-servers.net.	IN 	A	192.5.6.30
+ENTRY_END
+RANGE_END
+
+; a.gtld-servers.net.
+RANGE_BEGIN 0 100
+	ADDRESS 192.5.6.30
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+com. IN NS
+SECTION ANSWER
+com.    IN NS   a.gtld-servers.net.
+SECTION ADDITIONAL
+a.gtld-servers.net.     IN      A       192.5.6.30
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+www.example.com. IN A
+SECTION AUTHORITY
+example.com.	IN NS	ns.example.com.
+SECTION ADDITIONAL
+ns.example.com.		IN 	A	1.2.3.4
+ENTRY_END
+RANGE_END
+
+; ns.example.com.
+RANGE_BEGIN 0 100
+	ADDRESS 1.2.3.4
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+example.com. IN NS
+SECTION ANSWER
+example.com.    IN NS   ns.example.com.
+example.com.    3600    IN      RRSIG   NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854}
+SECTION ADDITIONAL
+ns.example.com.         IN      A       1.2.3.4
+ns.example.com. 3600    IN      RRSIG   A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854}
+ENTRY_END
+
+; response to DNSKEY priming query
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+example.com. IN DNSKEY
+SECTION ANSWER
+example.com.    3600    IN      DNSKEY  256 3 3 ALXLUsWqUrY3JYER3T4TBJII s70j+sDS/UT2QRp61SE7S3E EXopNXoFE73JLRmvpi/UrOO/Vz4Se 6wXv/CYCKjGw06U4WRgR YXcpEhJROyNapmdIKSx hOzfLVE1gqA0PweZR8d tY3aNQSRn3sPpwJr6Mi /PqQKAMMrZ9ckJpf1+b QMOOvxgzz2U1GS18b3y ZKcgTMEaJzd/GZYzi/B N2DzQ0MsrSwYXfsNLFO Bbs8PJMW4LYIxeeOe6rUgkWOF 7CC9Dh/dduQ1QrsJhmZAEFfd6ByYV+ ;{id = 2854 (zsk), size = 1688b}
+example.com.    3600    IN      RRSIG   DNSKEY 3 2 3600 20070926134802 20070829134802 2854 example.com. MCwCFG1yhRNtTEa3Eno2zhVVuy2EJX3wAhQeLyUp6+UXcpC5qGNu9tkrTEgPUg== ;{id = 2854}
+SECTION AUTHORITY
+example.com.	IN NS	ns.example.com.
+example.com.    3600    IN      RRSIG   NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854}
+SECTION ADDITIONAL
+ns.example.com.		IN 	A	1.2.3.4
+ns.example.com. 3600    IN      RRSIG   A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854}
+ENTRY_END
+
+; response to query of interest
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NXDOMAIN
+SECTION QUESTION
+www.example.com. IN A
+SECTION ANSWER
+SECTION AUTHORITY
+example.com.	IN SOA	ns.example.com. hostmaster.example.com. 2007090400 28800 7200 604800 18000
+example.com.    3600    IN      RRSIG   SOA 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFCNGZ+/OfElYQMCZ77O9Lw9rhk7PAhUAmDcvTAst6Bq83qPq3r6c/Dm1nFc= ;{id = 2854}
+; wildcard denial
+example.com.    IN      NSEC    abc.example.com. SOA NS DNSKEY NSEC RRSIG
+example.com.    3600    IN      RRSIG   NSEC 3 2 3600 20070926134150 20070829134150 2854 example.com. MCwCFHV2IBWyTmDJvZ+sT+WsGrJX0op/AhQkAijjnjPAtx/tNub2FAGqcexJSg== ;{id = 2854}
+; qname denial
+wab.example.com.        IN      NSEC    wzz.example.com. A NSEC RRSIG
+wab.example.com.        3600    IN      RRSIG   NSEC 3 3 3600 20070926134150 20070829134150 2854 example.com. MC0CFG5DZSEIZC088rjcB1e6sQx8nQz4AhUAtQ09tP1YYLJkhL/Wg1KV2pW4Ivk= ;{id = 2854}
+SECTION ADDITIONAL
+ENTRY_END
+RANGE_END
+
+STEP 1 QUERY
+ENTRY_BEGIN
+REPLY RD DO
+SECTION QUESTION
+www.example.com. IN A
+ENTRY_END
+
+; recursion happens here.
+STEP 10 CHECK_ANSWER
+ENTRY_BEGIN
+MATCH all
+REPLY QR RD RA AD DO NXDOMAIN
+SECTION QUESTION
+www.example.com. IN A
+SECTION ANSWER
+SECTION AUTHORITY
+example.com.	IN SOA	ns.example.com. hostmaster.example.com. 2007090400 28800 7200 604800 18000
+example.com.    3600    IN      RRSIG   SOA 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFCNGZ+/OfElYQMCZ77O9Lw9rhk7PAhUAmDcvTAst6Bq83qPq3r6c/Dm1nFc= ;{id = 2854}
+example.com.    IN      NSEC    abc.example.com. SOA NS DNSKEY NSEC RRSIG
+example.com.    3600    IN      RRSIG   NSEC 3 2 3600 20070926134150 20070829134150 2854 example.com. MCwCFHV2IBWyTmDJvZ+sT+WsGrJX0op/AhQkAijjnjPAtx/tNub2FAGqcexJSg== ;{id = 2854}
+wab.example.com.        IN      NSEC    wzz.example.com. A NSEC RRSIG
+wab.example.com.        3600    IN      RRSIG   NSEC 3 3 3600 20070926134150 20070829134150 2854 example.com. MC0CFG5DZSEIZC088rjcB1e6sQx8nQz4AhUAtQ09tP1YYLJkhL/Wg1KV2pW4Ivk= ;{id = 2854}
+SECTION ADDITIONAL
+ENTRY_END
+
+SCENARIO_END
diff --git a/src/test/resources/unbound/val_nx_failwc.rpl b/src/test/resources/unbound/val_nx_failwc.rpl
new file mode 100644
index 000000000..eb2f5ba7e
--- /dev/null
+++ b/src/test/resources/unbound/val_nx_failwc.rpl
@@ -0,0 +1,70 @@
+; config options
+; The island of trust is at nsecwc.nlnetlabs.nl
+server:
+	trust-anchor: "nsecwc.nlnetlabs.nl.	10024	IN	DS	565 8 2 0C15C04C022700C8713028F6F64CF2343DE627B8F83CDA1C421C65DB 52908A2E"
+	val-override-date: "20181202115531"
+	target-fetch-policy: "0 0 0 0 0"
+	qname-minimisation: "no"
+	fake-sha1: yes
+	trust-anchor-signaling: no
+stub-zone:
+	name: "nsecwc.nlnetlabs.nl"
+	stub-addr: "185.49.140.60"
+
+CONFIG_END
+
+SCENARIO_BEGIN Test validator with nxdomain response with wildcard expanded NSEC record, original NSEC owner does not provide proof for QNAME. CVE-2017-15105 test.
+
+ ; ns.example.com.                                                                
+RANGE_BEGIN 0 100                                                                
+	ADDRESS 185.49.140.60
+
+; response to DNSKEY priming query
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+nsecwc.nlnetlabs.nl. IN DNSKEY
+SECTION ANSWER
+nsecwc.nlnetlabs.nl.	3600	IN	DNSKEY	257 3 8 AwEAAbTluF4BfJ/FT7Ak5a3VvYG1AqhT8FXxOsVwGTyueyE/hW+fMFMd QlLMf2Lf/gmsnFgn/p7GDmJBLlPTATmLeP3isvAZbK3MDEP2O5UjTVmt LZriTv8xfxYW6emCM54EQjWii64BFWrOeLm9zQqzyaLl53CbIIXqiacV KPteh8GX
+nsecwc.nlnetlabs.nl.	3600	IN	RRSIG	DNSKEY 8 3 3600 20200101000000 20171108114635 565 nsecwc.nlnetlabs.nl. q3bG4e8EtvXKDcNWcyYHeQxLF9l9aJKdmeSubyN6Qc3UVHugd6t3YSxD hlD+g43y7FcdnNHdAPh/jpgC4wtOb5J+5XAuESDHwesmIXOCTJjrb+A8 r+xQK+vsY8FhNZ2r81JZ/KQ/+TcCS5tbYeNZQgENduWAxgGiw3fdrMOV xiU=
+ENTRY_END
+
+; response to query of interest
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NXDOMAIN
+SECTION QUESTION
+a.nsecwc.nlnetlabs.nl. IN	TXT
+SECTION ANSWER
+SECTION AUTHORITY
+!.nsecwc.nlnetlabs.nl.	3600	IN	NSEC	delegation.nsecwc.nlnetlabs.nl. TXT RRSIG NSEC
+!.nsecwc.nlnetlabs.nl.	3600	IN	RRSIG	NSEC 8 3 3600 20200101000000 20171108114635 565 nsecwc.nlnetlabs.nl. ddy1MRbshFuFJswlouNGHsZUF/tYu8BOCztY2JuHeTMyWL7rhRKp73q/ 1RAXMwywKsynT5ioY0bMtEQszeIEn29IYaPDHieLAobjF6BMu1kO7U2/ oEBrSHM/fx28BcaM5G4nfCIm3BlhQhWvk1NDHLn3Q26x4hF/dnmFOUet aXw=
+nsecwc.nlnetlabs.nl.	3600	IN	SOA	ns.nlnetlabs.nl. ralph.nlnetlabs.nl. 1 14400 3600 604800 3600
+nsecwc.nlnetlabs.nl.	3600	IN	RRSIG	SOA 8 3 3600 20200101000000 20171108114635 565 nsecwc.nlnetlabs.nl. bYibpCDg1LgrnYJgVahgu94LBqLIcNs4iC0SW8LV7pTI1hhuFKbLkO2O ekPdkJAWmu/KTytf8D+cdcK6X/9VS8QCVIF5S0hraHtNezu0f1B5ztg3 7Rqy+uJSucNKoykueAsz2z43GMgO0rGH3bqM7+3ii8p2E2rhzqEtG/D3 qyY=
+SECTION ADDITIONAL
+ENTRY_END
+RANGE_END
+
+STEP 1 QUERY
+ENTRY_BEGIN
+REPLY RD DO
+SECTION QUESTION
+a.nsecwc.nlnetlabs.nl. IN   TXT
+ENTRY_END
+
+; recursion happens here.
+STEP 10 CHECK_ANSWER
+ENTRY_BEGIN
+MATCH all
+REPLY QR RD RA DO SERVFAIL
+SECTION QUESTION
+a.nsecwc.nlnetlabs.nl. IN   TXT
+SECTION ANSWER
+SECTION AUTHORITY
+SECTION ADDITIONAL
+ENTRY_END
+
+SCENARIO_END
diff --git a/src/test/resources/unbound/val_nx_nodeny.rpl b/src/test/resources/unbound/val_nx_nodeny.rpl
new file mode 100644
index 000000000..311b6ab7e
--- /dev/null
+++ b/src/test/resources/unbound/val_nx_nodeny.rpl
@@ -0,0 +1,165 @@
+; config options
+; The island of trust is at example.com
+server:
+	trust-anchor: "example.com.    3600    IN      DS      2854 3 1 46e4ffc6e9a4793b488954bd3f0cc6af0dfb201b"
+	val-override-date: "20070916134226"
+	target-fetch-policy: "0 0 0 0 0"
+	qname-minimisation: "no"
+	fake-sha1: yes
+	trust-anchor-signaling: no
+
+stub-zone:
+	name: "."
+	stub-addr: 193.0.14.129 	# K.ROOT-SERVERS.NET.
+CONFIG_END
+
+SCENARIO_BEGIN Test validator with nxdomain response missing qname denial
+
+; K.ROOT-SERVERS.NET.
+RANGE_BEGIN 0 100
+	ADDRESS 193.0.14.129 
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+. IN NS
+SECTION ANSWER
+. IN NS	K.ROOT-SERVERS.NET.
+SECTION ADDITIONAL
+K.ROOT-SERVERS.NET.	IN	A	193.0.14.129
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+www.example.com. IN A
+SECTION AUTHORITY
+com.	IN NS	a.gtld-servers.net.
+SECTION ADDITIONAL
+a.gtld-servers.net.	IN 	A	192.5.6.30
+ENTRY_END
+RANGE_END
+
+; a.gtld-servers.net.
+RANGE_BEGIN 0 100
+	ADDRESS 192.5.6.30
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+com. IN NS
+SECTION ANSWER
+com.    IN NS   a.gtld-servers.net.
+SECTION ADDITIONAL
+a.gtld-servers.net.     IN      A       192.5.6.30
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode subdomain
+ADJUST copy_id copy_query
+REPLY QR NOERROR
+SECTION QUESTION
+example.com. IN A
+SECTION AUTHORITY
+example.com.	IN NS	ns.example.com.
+SECTION ADDITIONAL
+ns.example.com.		IN 	A	1.2.3.4
+ENTRY_END
+RANGE_END
+
+; ns.example.com.
+RANGE_BEGIN 0 100
+	ADDRESS 1.2.3.4
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR AA REFUSED
+SECTION QUESTION
+ns.example.com. IN A
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR AA REFUSED
+SECTION QUESTION
+ns.example.com. IN AAAA
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+example.com. IN NS
+SECTION ANSWER
+example.com.    IN NS   ns.example.com.
+example.com.    3600    IN      RRSIG   NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854}
+SECTION ADDITIONAL
+ns.example.com.         IN      A       1.2.3.4
+ns.example.com. 3600    IN      RRSIG   A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854}
+ENTRY_END
+
+; response to DNSKEY priming query
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+example.com. IN DNSKEY
+SECTION ANSWER
+example.com.    3600    IN      DNSKEY  256 3 3 ALXLUsWqUrY3JYER3T4TBJII s70j+sDS/UT2QRp61SE7S3E EXopNXoFE73JLRmvpi/UrOO/Vz4Se 6wXv/CYCKjGw06U4WRgR YXcpEhJROyNapmdIKSx hOzfLVE1gqA0PweZR8d tY3aNQSRn3sPpwJr6Mi /PqQKAMMrZ9ckJpf1+b QMOOvxgzz2U1GS18b3y ZKcgTMEaJzd/GZYzi/B N2DzQ0MsrSwYXfsNLFO Bbs8PJMW4LYIxeeOe6rUgkWOF 7CC9Dh/dduQ1QrsJhmZAEFfd6ByYV+ ;{id = 2854 (zsk), size = 1688b}
+example.com.    3600    IN      RRSIG   DNSKEY 3 2 3600 20070926134802 20070829134802 2854 example.com. MCwCFG1yhRNtTEa3Eno2zhVVuy2EJX3wAhQeLyUp6+UXcpC5qGNu9tkrTEgPUg== ;{id = 2854}
+SECTION AUTHORITY
+example.com.	IN NS	ns.example.com.
+example.com.    3600    IN      RRSIG   NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854}
+SECTION ADDITIONAL
+ns.example.com.		IN 	A	1.2.3.4
+ns.example.com. 3600    IN      RRSIG   A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854}
+ENTRY_END
+
+; response to query of interest
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NXDOMAIN
+SECTION QUESTION
+www.example.com. IN A
+SECTION ANSWER
+SECTION AUTHORITY
+example.com.	IN SOA	ns.example.com. hostmaster.example.com. 2007090400 28800 7200 604800 18000
+example.com.    3600    IN      RRSIG   SOA 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFCNGZ+/OfElYQMCZ77O9Lw9rhk7PAhUAmDcvTAst6Bq83qPq3r6c/Dm1nFc= ;{id = 2854}
+; wildcard denial
+example.com.    IN      NSEC    abc.example.com. SOA NS DNSKEY NSEC RRSIG
+example.com.    3600    IN      RRSIG   NSEC 3 2 3600 20070926134150 20070829134150 2854 example.com. MCwCFHV2IBWyTmDJvZ+sT+WsGrJX0op/AhQkAijjnjPAtx/tNub2FAGqcexJSg== ;{id = 2854}
+; qname denial
+;wab.example.com.        IN      NSEC    wzz.example.com. A NSEC RRSIG
+;wab.example.com.        3600    IN      RRSIG   NSEC 3 3 3600 20070926134150 20070829134150 2854 example.com. MC0CFG5DZSEIZC088rjcB1e6sQx8nQz4AhUAtQ09tP1YYLJkhL/Wg1KV2pW4Ivk= ;{id = 2854}
+SECTION ADDITIONAL
+ENTRY_END
+RANGE_END
+
+STEP 1 QUERY
+ENTRY_BEGIN
+REPLY RD
+SECTION QUESTION
+www.example.com. IN A
+ENTRY_END
+
+; recursion happens here.
+STEP 10 CHECK_ANSWER
+ENTRY_BEGIN
+MATCH all
+REPLY QR RD RA SERVFAIL
+SECTION QUESTION
+www.example.com. IN A
+SECTION ANSWER
+SECTION AUTHORITY
+SECTION ADDITIONAL
+ENTRY_END
+
+SCENARIO_END
diff --git a/src/test/resources/unbound/val_nx_nowc.rpl b/src/test/resources/unbound/val_nx_nowc.rpl
new file mode 100644
index 000000000..3a5aa18dd
--- /dev/null
+++ b/src/test/resources/unbound/val_nx_nowc.rpl
@@ -0,0 +1,165 @@
+; config options
+; The island of trust is at example.com
+server:
+	trust-anchor: "example.com.    3600    IN      DS      2854 3 1 46e4ffc6e9a4793b488954bd3f0cc6af0dfb201b"
+	val-override-date: "20070916134226"
+	target-fetch-policy: "0 0 0 0 0"
+	qname-minimisation: "no"
+	fake-sha1: yes
+	trust-anchor-signaling: no
+
+stub-zone:
+	name: "."
+	stub-addr: 193.0.14.129 	# K.ROOT-SERVERS.NET.
+CONFIG_END
+
+SCENARIO_BEGIN Test validator with nxdomain response missing wildcard denial
+
+; K.ROOT-SERVERS.NET.
+RANGE_BEGIN 0 100
+	ADDRESS 193.0.14.129 
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+. IN NS
+SECTION ANSWER
+. IN NS	K.ROOT-SERVERS.NET.
+SECTION ADDITIONAL
+K.ROOT-SERVERS.NET.	IN	A	193.0.14.129
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+www.example.com. IN A
+SECTION AUTHORITY
+com.	IN NS	a.gtld-servers.net.
+SECTION ADDITIONAL
+a.gtld-servers.net.	IN 	A	192.5.6.30
+ENTRY_END
+RANGE_END
+
+; a.gtld-servers.net.
+RANGE_BEGIN 0 100
+	ADDRESS 192.5.6.30
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+com. IN NS
+SECTION ANSWER
+com.    IN NS   a.gtld-servers.net.
+SECTION ADDITIONAL
+a.gtld-servers.net.     IN      A       192.5.6.30
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode subdomain
+ADJUST copy_id copy_query
+REPLY QR NOERROR
+SECTION QUESTION
+example.com. IN A
+SECTION AUTHORITY
+example.com.	IN NS	ns.example.com.
+SECTION ADDITIONAL
+ns.example.com.		IN 	A	1.2.3.4
+ENTRY_END
+RANGE_END
+
+; ns.example.com.
+RANGE_BEGIN 0 100
+	ADDRESS 1.2.3.4
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR AA REFUSED
+SECTION QUESTION
+ns.example.com. IN A
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR AA REFUSED
+SECTION QUESTION
+ns.example.com. IN AAAA
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+example.com. IN NS
+SECTION ANSWER
+example.com.    IN NS   ns.example.com.
+example.com.    3600    IN      RRSIG   NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854}
+SECTION ADDITIONAL
+ns.example.com.         IN      A       1.2.3.4
+ns.example.com. 3600    IN      RRSIG   A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854}
+ENTRY_END
+
+; response to DNSKEY priming query
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+example.com. IN DNSKEY
+SECTION ANSWER
+example.com.    3600    IN      DNSKEY  256 3 3 ALXLUsWqUrY3JYER3T4TBJII s70j+sDS/UT2QRp61SE7S3E EXopNXoFE73JLRmvpi/UrOO/Vz4Se 6wXv/CYCKjGw06U4WRgR YXcpEhJROyNapmdIKSx hOzfLVE1gqA0PweZR8d tY3aNQSRn3sPpwJr6Mi /PqQKAMMrZ9ckJpf1+b QMOOvxgzz2U1GS18b3y ZKcgTMEaJzd/GZYzi/B N2DzQ0MsrSwYXfsNLFO Bbs8PJMW4LYIxeeOe6rUgkWOF 7CC9Dh/dduQ1QrsJhmZAEFfd6ByYV+ ;{id = 2854 (zsk), size = 1688b}
+example.com.    3600    IN      RRSIG   DNSKEY 3 2 3600 20070926134802 20070829134802 2854 example.com. MCwCFG1yhRNtTEa3Eno2zhVVuy2EJX3wAhQeLyUp6+UXcpC5qGNu9tkrTEgPUg== ;{id = 2854}
+SECTION AUTHORITY
+example.com.	IN NS	ns.example.com.
+example.com.    3600    IN      RRSIG   NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854}
+SECTION ADDITIONAL
+ns.example.com.		IN 	A	1.2.3.4
+ns.example.com. 3600    IN      RRSIG   A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854}
+ENTRY_END
+
+; response to query of interest
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NXDOMAIN
+SECTION QUESTION
+www.example.com. IN A
+SECTION ANSWER
+SECTION AUTHORITY
+example.com.	IN SOA	ns.example.com. hostmaster.example.com. 2007090400 28800 7200 604800 18000
+example.com.    3600    IN      RRSIG   SOA 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFCNGZ+/OfElYQMCZ77O9Lw9rhk7PAhUAmDcvTAst6Bq83qPq3r6c/Dm1nFc= ;{id = 2854}
+; wildcard denial
+;example.com.    IN      NSEC    abc.example.com. SOA NS DNSKEY NSEC RRSIG
+;example.com.    3600    IN      RRSIG   NSEC 3 2 3600 20070926134150 20070829134150 2854 example.com. MCwCFHV2IBWyTmDJvZ+sT+WsGrJX0op/AhQkAijjnjPAtx/tNub2FAGqcexJSg== ;{id = 2854}
+; qname denial
+wab.example.com.        IN      NSEC    wzz.example.com. A NSEC RRSIG
+wab.example.com.        3600    IN      RRSIG   NSEC 3 3 3600 20070926134150 20070829134150 2854 example.com. MC0CFG5DZSEIZC088rjcB1e6sQx8nQz4AhUAtQ09tP1YYLJkhL/Wg1KV2pW4Ivk= ;{id = 2854}
+SECTION ADDITIONAL
+ENTRY_END
+RANGE_END
+
+STEP 1 QUERY
+ENTRY_BEGIN
+REPLY RD
+SECTION QUESTION
+www.example.com. IN A
+ENTRY_END
+
+; recursion happens here.
+STEP 10 CHECK_ANSWER
+ENTRY_BEGIN
+MATCH all
+REPLY QR RD RA SERVFAIL
+SECTION QUESTION
+www.example.com. IN A
+SECTION ANSWER
+SECTION AUTHORITY
+SECTION ADDITIONAL
+ENTRY_END
+
+SCENARIO_END
diff --git a/src/test/resources/unbound/val_nx_nsec3_collision.rpl b/src/test/resources/unbound/val_nx_nsec3_collision.rpl
new file mode 100644
index 000000000..41cd0d6e7
--- /dev/null
+++ b/src/test/resources/unbound/val_nx_nsec3_collision.rpl
@@ -0,0 +1,188 @@
+; config options
+; The island of trust is at example.com
+server:
+	trust-anchor: "example.com.    3600    IN      DS      2854 3 1 46e4ffc6e9a4793b488954bd3f0cc6af0dfb201b"
+	val-override-date: "20070916134226"
+	target-fetch-policy: "0 0 0 0 0"
+	qname-minimisation: "no"
+	fake-sha1: yes
+	trust-anchor-signaling: no
+
+stub-zone:
+	name: "."
+	stub-addr: 193.0.14.129 	# K.ROOT-SERVERS.NET.
+CONFIG_END
+
+SCENARIO_BEGIN Test validator with nxdomain NSEC3 with a collision.
+
+; K.ROOT-SERVERS.NET.
+RANGE_BEGIN 0 100
+	ADDRESS 193.0.14.129 
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+. IN NS
+SECTION ANSWER
+. IN NS	K.ROOT-SERVERS.NET.
+SECTION ADDITIONAL
+K.ROOT-SERVERS.NET.	IN	A	193.0.14.129
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+www.example.com. IN A
+SECTION AUTHORITY
+com.	IN NS	a.gtld-servers.net.
+SECTION ADDITIONAL
+a.gtld-servers.net.	IN 	A	192.5.6.30
+ENTRY_END
+RANGE_END
+
+; a.gtld-servers.net.
+RANGE_BEGIN 0 100
+	ADDRESS 192.5.6.30
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+com. IN NS
+SECTION ANSWER
+com.    IN NS   a.gtld-servers.net.
+SECTION ADDITIONAL
+a.gtld-servers.net.     IN      A       192.5.6.30
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+www.example.com. IN A
+SECTION AUTHORITY
+example.com.	IN NS	ns.example.com.
+SECTION ADDITIONAL
+ns.example.com.		IN 	A	1.2.3.4
+ENTRY_END
+RANGE_END
+
+; ns.example.com.
+RANGE_BEGIN 0 100
+	ADDRESS 1.2.3.4
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+example.com. IN NS
+SECTION ANSWER
+example.com.    IN NS   ns.example.com.
+example.com.    3600    IN      RRSIG   NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854}
+SECTION ADDITIONAL
+ns.example.com.         IN      A       1.2.3.4
+ns.example.com. 3600    IN      RRSIG   A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854}
+ENTRY_END
+
+; response to DNSKEY priming query
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+example.com. IN DNSKEY
+SECTION ANSWER
+example.com.    3600    IN      DNSKEY  256 3 3 ALXLUsWqUrY3JYER3T4TBJII s70j+sDS/UT2QRp61SE7S3E EXopNXoFE73JLRmvpi/UrOO/Vz4Se 6wXv/CYCKjGw06U4WRgR YXcpEhJROyNapmdIKSx hOzfLVE1gqA0PweZR8d tY3aNQSRn3sPpwJr6Mi /PqQKAMMrZ9ckJpf1+b QMOOvxgzz2U1GS18b3y ZKcgTMEaJzd/GZYzi/B N2DzQ0MsrSwYXfsNLFO Bbs8PJMW4LYIxeeOe6rUgkWOF 7CC9Dh/dduQ1QrsJhmZAEFfd6ByYV+ ;{id = 2854 (zsk), size = 1688b}
+example.com.    3600    IN      RRSIG   DNSKEY 3 2 3600 20070926134802 20070829134802 2854 example.com. MCwCFG1yhRNtTEa3Eno2zhVVuy2EJX3wAhQeLyUp6+UXcpC5qGNu9tkrTEgPUg== ;{id = 2854}
+SECTION AUTHORITY
+example.com.	IN NS	ns.example.com.
+example.com.    3600    IN      RRSIG   NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854}
+SECTION ADDITIONAL
+ns.example.com.		IN 	A	1.2.3.4
+ns.example.com. 3600    IN      RRSIG   A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854}
+ENTRY_END
+
+; response to query of interest
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NXDOMAIN
+SECTION QUESTION
+www.example.com. IN A
+SECTION ANSWER
+SECTION AUTHORITY
+example.com.	IN SOA	ns.example.com. hostmaster.example.com. 2007090400 28800 7200 604800 18000
+example.com.    3600    IN      RRSIG   SOA 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFCNGZ+/OfElYQMCZ77O9Lw9rhk7PAhUAmDcvTAst6Bq83qPq3r6c/Dm1nFc= ;{id = 2854}
+
+; some collisions added here. Say different chains are being signed
+; and some colliding NSEC3 RRs are generated.
+
+; closest encloser, H(example.com) = 6md8numosa4q9ugkffdo1bmm82t5j39s
+; for 1 1 8 - 
+6md8numosa4q9ugkffdo1bmm82t5j39s.example.com. NSEC3  1 1 123 aabb00123456bbccdd 6md8numosa4q9ugkffdo1bmm82t5j49s A RRSIG
+6md8numosa4q9ugkffdo1bmm82t5j39s.example.com. NSEC3 1 1 8 - 6md8numosa4q9ugkffdo1bmm82t5j49s SOA NS MX DNSKEY RRSIG
+6md8numosa4q9ugkffdo1bmm82t5j39s.example.com.   3600    IN      RRSIG   NSEC3 3 3 3600 20070926135752 20070829135752 2854 example.com. MCwCFHndWrEEbuzezs/4lxeiMgEuUsUbAhR72gJgd/Zmhf80yoxCauw9k5OkCw== ;{id = 2854}
+
+; wildcard denial, H(*.example.com.) = 4f3cnt8cu22tngec382jj4gde4rb47ub
+; for 1 1 0 - 
+4f3cnt8cu22tngec382jj4gde4rb46ub.example.com. NSEC3 1 1 18 - 4f3cnt8cu22tngec382jj4gde4rb87ub A RRSIG
+4f3cnt8cu22tngec382jj4gde4rb46ub.example.com. NSEC3 1 1 0 - 4f3cnt8cu22tngec382jj4gde4rb48ub A MX RRSIG
+4f3cnt8cu22tngec382jj4gde4rb46ub.example.com. NSEC3 1 1 19 - 4f3cnt8cu22tngec382jj4gde4rb87ub A RRSIG
+4f3cnt8cu22tngec382jj4gde4rb46ub.example.com.   3600    IN      RRSIG   NSEC3 3 3 3600 20070926135752 20070829135752 2854 example.com. MCwCFDRwji51WCXJg7W/3+Jx586af5qgAhQPxHegtzu1I/QbvCNrOOON05N1rw== ;{id = 2854}
+
+; next closer name, H(www.example.com.) = s1unhcti19bkdr98fegs0v46mbu3t4m3.
+; for 1 1 123 aaabb...
+s1unhcti19bkdr98fegs0v46mbu3t4m2.example.com. NSEC3 1 1 18 -  s1unhcti19bkdr98fegs0v46mbu3t4m4 A RRSIG
+s1unhcti19bkdr98fegs0v46mbu3t4m2.example.com. NSEC3 1 1 19 -  s1unhcti19bkdr98fegs0v46mbu3t4m4 A RRSIG
+s1unhcti19bkdr98fegs0v46mbu3t4m2.example.com. NSEC3 1 1 20 00  s1unhcti19bkdr98fegs0v46mbu3t4m4 A RRSIG
+s1unhcti19bkdr98fegs0v46mbu3t4m2.example.com. NSEC3 1 1 123 aabb00123456bbccdd s1unhcti19bkdr98fegs0v46mbu3t4m4 A MX RRSIG
+s1unhcti19bkdr98fegs0v46mbu3t4m2.example.com. NSEC3 1 1 20 01  s1unhcti19bkdr98fegs0v46mbu3t4m4 A RRSIG
+s1unhcti19bkdr98fegs0v46mbu3t4m2.example.com. NSEC3 1 1 20 02  s1unhcti19bkdr98fegs0v46mbu3t4m4 A RRSIG
+s1unhcti19bkdr98fegs0v46mbu3t4m2.example.com. NSEC3 1 1 20 03  s1unhcti19bkdr98fegs0v46mbu3t4m4 A RRSIG
+s1unhcti19bkdr98fegs0v46mbu3t4m2.example.com.   3600    IN      RRSIG   NSEC3 3 3 3600 20070926135752 20070829135752 2854 example.com. MCwCFDLy4GbR8ZaKHATVJGnGxzpsuq60AhQ1/pRbXi1ZbcYohzHgWzNC50fC5A== ;{id = 2854}
+
+ENTRY_END
+RANGE_END
+
+STEP 1 QUERY
+ENTRY_BEGIN
+REPLY RD DO
+SECTION QUESTION
+www.example.com. IN A
+ENTRY_END
+
+; recursion happens here.
+STEP 10 CHECK_ANSWER
+ENTRY_BEGIN
+MATCH all
+REPLY QR RD RA DO NXDOMAIN
+SECTION QUESTION
+www.example.com. IN A
+SECTION ANSWER
+SECTION AUTHORITY
+example.com.	IN SOA	ns.example.com. hostmaster.example.com. 2007090400 28800 7200 604800 18000
+example.com.    3600    IN      RRSIG   SOA 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFCNGZ+/OfElYQMCZ77O9Lw9rhk7PAhUAmDcvTAst6Bq83qPq3r6c/Dm1nFc= ;{id = 2854}
+6md8numosa4q9ugkffdo1bmm82t5j39s.example.com. NSEC3  1 1 123 aabb00123456bbccdd 6md8numosa4q9ugkffdo1bmm82t5j49s A RRSIG
+6md8numosa4q9ugkffdo1bmm82t5j39s.example.com. NSEC3 1 1 8 - 6md8numosa4q9ugkffdo1bmm82t5j49s SOA NS MX DNSKEY RRSIG
+6md8numosa4q9ugkffdo1bmm82t5j39s.example.com.   3600    IN      RRSIG   NSEC3 3 3 3600 20070926135752 20070829135752 2854 example.com. MCwCFHndWrEEbuzezs/4lxeiMgEuUsUbAhR72gJgd/Zmhf80yoxCauw9k5OkCw== ;{id = 2854}
+4f3cnt8cu22tngec382jj4gde4rb46ub.example.com. NSEC3 1 1 18 - 4f3cnt8cu22tngec382jj4gde4rb87ub A RRSIG
+4f3cnt8cu22tngec382jj4gde4rb46ub.example.com. NSEC3 1 1 0 - 4f3cnt8cu22tngec382jj4gde4rb48ub A MX RRSIG
+4f3cnt8cu22tngec382jj4gde4rb46ub.example.com. NSEC3 1 1 19 - 4f3cnt8cu22tngec382jj4gde4rb87ub A RRSIG
+4f3cnt8cu22tngec382jj4gde4rb46ub.example.com.   3600    IN      RRSIG   NSEC3 3 3 3600 20070926135752 20070829135752 2854 example.com. MCwCFDRwji51WCXJg7W/3+Jx586af5qgAhQPxHegtzu1I/QbvCNrOOON05N1rw== ;{id = 2854}
+s1unhcti19bkdr98fegs0v46mbu3t4m2.example.com. NSEC3 1 1 18 -  s1unhcti19bkdr98fegs0v46mbu3t4m4 A RRSIG
+s1unhcti19bkdr98fegs0v46mbu3t4m2.example.com. NSEC3 1 1 19 -  s1unhcti19bkdr98fegs0v46mbu3t4m4 A RRSIG
+s1unhcti19bkdr98fegs0v46mbu3t4m2.example.com. NSEC3 1 1 20 00  s1unhcti19bkdr98fegs0v46mbu3t4m4 A RRSIG
+s1unhcti19bkdr98fegs0v46mbu3t4m2.example.com. NSEC3 1 1 123 aabb00123456bbccdd s1unhcti19bkdr98fegs0v46mbu3t4m4 A MX RRSIG
+s1unhcti19bkdr98fegs0v46mbu3t4m2.example.com. NSEC3 1 1 20 01  s1unhcti19bkdr98fegs0v46mbu3t4m4 A RRSIG
+s1unhcti19bkdr98fegs0v46mbu3t4m2.example.com. NSEC3 1 1 20 02  s1unhcti19bkdr98fegs0v46mbu3t4m4 A RRSIG
+s1unhcti19bkdr98fegs0v46mbu3t4m2.example.com. NSEC3 1 1 20 03  s1unhcti19bkdr98fegs0v46mbu3t4m4 A RRSIG
+s1unhcti19bkdr98fegs0v46mbu3t4m2.example.com.   3600    IN      RRSIG   NSEC3 3 3 3600 20070926135752 20070829135752 2854 example.com. MCwCFDLy4GbR8ZaKHATVJGnGxzpsuq60AhQ1/pRbXi1ZbcYohzHgWzNC50fC5A== ;{id = 2854}
+
+SECTION ADDITIONAL
+ENTRY_END
+
+SCENARIO_END
diff --git a/src/test/resources/unbound/val_nx_nsec3_collision2.rpl b/src/test/resources/unbound/val_nx_nsec3_collision2.rpl
new file mode 100644
index 000000000..5c8bed3fa
--- /dev/null
+++ b/src/test/resources/unbound/val_nx_nsec3_collision2.rpl
@@ -0,0 +1,185 @@
+; config options
+; The island of trust is at example.com
+server:
+	trust-anchor: "example.com.    3600    IN      DS      2854 3 1 46e4ffc6e9a4793b488954bd3f0cc6af0dfb201b"
+	val-override-date: "20070916134226"
+	target-fetch-policy: "0 0 0 0 0"
+
+stub-zone:
+	name: "."
+	stub-addr: 193.0.14.129 	# K.ROOT-SERVERS.NET.
+CONFIG_END
+
+SCENARIO_BEGIN Test validator with nxdomain NSEC3 with a salt mismatch.
+
+; K.ROOT-SERVERS.NET.
+RANGE_BEGIN 0 100
+	ADDRESS 193.0.14.129 
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+. IN NS
+SECTION ANSWER
+. IN NS	K.ROOT-SERVERS.NET.
+SECTION ADDITIONAL
+K.ROOT-SERVERS.NET.	IN	A	193.0.14.129
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+www.example.com. IN A
+SECTION AUTHORITY
+com.	IN NS	a.gtld-servers.net.
+SECTION ADDITIONAL
+a.gtld-servers.net.	IN 	A	192.5.6.30
+ENTRY_END
+RANGE_END
+
+; a.gtld-servers.net.
+RANGE_BEGIN 0 100
+	ADDRESS 192.5.6.30
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+com. IN NS
+SECTION ANSWER
+com.    IN NS   a.gtld-servers.net.
+SECTION ADDITIONAL
+a.gtld-servers.net.     IN      A       192.5.6.30
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+www.example.com. IN A
+SECTION AUTHORITY
+example.com.	IN NS	ns.example.com.
+SECTION ADDITIONAL
+ns.example.com.		IN 	A	1.2.3.4
+ENTRY_END
+RANGE_END
+
+; ns.example.com.
+RANGE_BEGIN 0 100
+	ADDRESS 1.2.3.4
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+example.com. IN NS
+SECTION ANSWER
+example.com.    IN NS   ns.example.com.
+example.com.    3600    IN      RRSIG   NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854}
+SECTION ADDITIONAL
+ns.example.com.         IN      A       1.2.3.4
+ns.example.com. 3600    IN      RRSIG   A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854}
+ENTRY_END
+
+; response to DNSKEY priming query
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+example.com. IN DNSKEY
+SECTION ANSWER
+example.com.    3600    IN      DNSKEY  256 3 3 ALXLUsWqUrY3JYER3T4TBJII s70j+sDS/UT2QRp61SE7S3E EXopNXoFE73JLRmvpi/UrOO/Vz4Se 6wXv/CYCKjGw06U4WRgR YXcpEhJROyNapmdIKSx hOzfLVE1gqA0PweZR8d tY3aNQSRn3sPpwJr6Mi /PqQKAMMrZ9ckJpf1+b QMOOvxgzz2U1GS18b3y ZKcgTMEaJzd/GZYzi/B N2DzQ0MsrSwYXfsNLFO Bbs8PJMW4LYIxeeOe6rUgkWOF 7CC9Dh/dduQ1QrsJhmZAEFfd6ByYV+ ;{id = 2854 (zsk), size = 1688b}
+example.com.    3600    IN      RRSIG   DNSKEY 3 2 3600 20070926134802 20070829134802 2854 example.com. MCwCFG1yhRNtTEa3Eno2zhVVuy2EJX3wAhQeLyUp6+UXcpC5qGNu9tkrTEgPUg== ;{id = 2854}
+SECTION AUTHORITY
+example.com.	IN NS	ns.example.com.
+example.com.    3600    IN      RRSIG   NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854}
+SECTION ADDITIONAL
+ns.example.com.		IN 	A	1.2.3.4
+ns.example.com. 3600    IN      RRSIG   A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854}
+ENTRY_END
+
+; response to query of interest
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NXDOMAIN
+SECTION QUESTION
+www.example.com. IN A
+SECTION ANSWER
+SECTION AUTHORITY
+example.com.	IN SOA	ns.example.com. hostmaster.example.com. 2007090400 28800 7200 604800 18000
+example.com.    3600    IN      RRSIG   SOA 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFCNGZ+/OfElYQMCZ77O9Lw9rhk7PAhUAmDcvTAst6Bq83qPq3r6c/Dm1nFc= ;{id = 2854}
+
+; some collisions added here. Say different chains are being signed
+; and some colliding NSEC3 RRs are generated.
+
+; closest encloser, H(example.com) = 6md8numosa4q9ugkffdo1bmm82t5j39s
+; for 1 1 8 - 
+6md8numosa4q9ugkffdo1bmm82t5j39s.example.com. NSEC3  1 1 123 aabb00123456bbccdd 6md8numosa4q9ugkffdo1bmm82t5j49s A RRSIG
+6md8numosa4q9ugkffdo1bmm82t5j39s.example.com. NSEC3 1 1 123 - 6md8numosa4q9ugkffdo1bmm82t5j49s SOA NS MX DNSKEY RRSIG
+6md8numosa4q9ugkffdo1bmm82t5j39s.example.com.   3600    IN  RRSIG   NSEC3 3 3 3600 20070926115752 20070829115752 2854 example.com. AD1r+7exm2FOOkSqFvmoLt/VrovAYWd5Ouz9m5MxGlLFbTU2ja2Hupk=
+
+; wildcard denial, H(*.example.com.) = 4f3cnt8cu22tngec382jj4gde4rb47ub
+; for 1 1 0 - 
+4f3cnt8cu22tngec382jj4gde4rb46ub.example.com. NSEC3 1 1 18 - 4f3cnt8cu22tngec382jj4gde4rb87ub A RRSIG
+4f3cnt8cu22tngec382jj4gde4rb46ub.example.com. NSEC3 1 1 0 - 4f3cnt8cu22tngec382jj4gde4rb48ub A MX RRSIG
+4f3cnt8cu22tngec382jj4gde4rb46ub.example.com. NSEC3 1 1 19 - 4f3cnt8cu22tngec382jj4gde4rb87ub A RRSIG
+4f3cnt8cu22tngec382jj4gde4rb46ub.example.com.   3600    IN      RRSIG   NSEC3 3 3 3600 20070926135752 20070829135752 2854 example.com. MCwCFDRwji51WCXJg7W/3+Jx586af5qgAhQPxHegtzu1I/QbvCNrOOON05N1rw== ;{id = 2854}
+
+; next closer name, H(www.example.com.) = s1unhcti19bkdr98fegs0v46mbu3t4m3.
+; for 1 1 123 aaabb...
+s1unhcti19bkdr98fegs0v46mbu3t4m2.example.com. NSEC3 1 1 18 -  s1unhcti19bkdr98fegs0v46mbu3t4m4 A RRSIG
+s1unhcti19bkdr98fegs0v46mbu3t4m2.example.com. NSEC3 1 1 19 -  s1unhcti19bkdr98fegs0v46mbu3t4m4 A RRSIG
+s1unhcti19bkdr98fegs0v46mbu3t4m2.example.com. NSEC3 1 1 20 00  s1unhcti19bkdr98fegs0v46mbu3t4m4 A RRSIG
+s1unhcti19bkdr98fegs0v46mbu3t4m2.example.com. NSEC3 1 1 123 aabb00123456bbccdd s1unhcti19bkdr98fegs0v46mbu3t4m4 A MX RRSIG
+s1unhcti19bkdr98fegs0v46mbu3t4m2.example.com. NSEC3 1 1 20 01  s1unhcti19bkdr98fegs0v46mbu3t4m4 A RRSIG
+s1unhcti19bkdr98fegs0v46mbu3t4m2.example.com. NSEC3 1 1 20 02  s1unhcti19bkdr98fegs0v46mbu3t4m4 A RRSIG
+s1unhcti19bkdr98fegs0v46mbu3t4m2.example.com. NSEC3 1 1 20 03  s1unhcti19bkdr98fegs0v46mbu3t4m4 A RRSIG
+s1unhcti19bkdr98fegs0v46mbu3t4m2.example.com.   3600    IN      RRSIG   NSEC3 3 3 3600 20070926135752 20070829135752 2854 example.com. MCwCFDLy4GbR8ZaKHATVJGnGxzpsuq60AhQ1/pRbXi1ZbcYohzHgWzNC50fC5A== ;{id = 2854}
+
+ENTRY_END
+RANGE_END
+
+STEP 1 QUERY
+ENTRY_BEGIN
+REPLY RD DO
+SECTION QUESTION
+www.example.com. IN A
+ENTRY_END
+
+; recursion happens here.
+STEP 10 CHECK_ANSWER
+ENTRY_BEGIN
+MATCH all
+REPLY QR RD RA NXDOMAIN
+SECTION QUESTION
+www.example.com. IN A
+SECTION ANSWER
+SECTION AUTHORITY
+example.com.	IN SOA	ns.example.com. hostmaster.example.com. 2007090400 28800 7200 604800 18000
+example.com.    3600    IN      RRSIG   SOA 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFCNGZ+/OfElYQMCZ77O9Lw9rhk7PAhUAmDcvTAst6Bq83qPq3r6c/Dm1nFc= ;{id = 2854}
+6md8numosa4q9ugkffdo1bmm82t5j39s.example.com. NSEC3  1 1 123 aabb00123456bbccdd 6md8numosa4q9ugkffdo1bmm82t5j49s A RRSIG
+6md8numosa4q9ugkffdo1bmm82t5j39s.example.com. NSEC3 1 1 123 - 6md8numosa4q9ugkffdo1bmm82t5j49s SOA NS MX DNSKEY RRSIG
+6md8numosa4q9ugkffdo1bmm82t5j39s.example.com.   3600    IN  RRSIG   NSEC3 3 3 3600 20070926115752 20070829115752 2854 example.com. AD1r+7exm2FOOkSqFvmoLt/VrovAYWd5Ouz9m5MxGlLFbTU2ja2Hupk=
+4f3cnt8cu22tngec382jj4gde4rb46ub.example.com. NSEC3 1 1 18 - 4f3cnt8cu22tngec382jj4gde4rb87ub A RRSIG
+4f3cnt8cu22tngec382jj4gde4rb46ub.example.com. NSEC3 1 1 0 - 4f3cnt8cu22tngec382jj4gde4rb48ub A MX RRSIG
+4f3cnt8cu22tngec382jj4gde4rb46ub.example.com. NSEC3 1 1 19 - 4f3cnt8cu22tngec382jj4gde4rb87ub A RRSIG
+4f3cnt8cu22tngec382jj4gde4rb46ub.example.com.   3600    IN      RRSIG   NSEC3 3 3 3600 20070926135752 20070829135752 2854 example.com. MCwCFDRwji51WCXJg7W/3+Jx586af5qgAhQPxHegtzu1I/QbvCNrOOON05N1rw== ;{id = 2854}
+s1unhcti19bkdr98fegs0v46mbu3t4m2.example.com. NSEC3 1 1 18 -  s1unhcti19bkdr98fegs0v46mbu3t4m4 A RRSIG
+s1unhcti19bkdr98fegs0v46mbu3t4m2.example.com. NSEC3 1 1 19 -  s1unhcti19bkdr98fegs0v46mbu3t4m4 A RRSIG
+s1unhcti19bkdr98fegs0v46mbu3t4m2.example.com. NSEC3 1 1 20 00  s1unhcti19bkdr98fegs0v46mbu3t4m4 A RRSIG
+s1unhcti19bkdr98fegs0v46mbu3t4m2.example.com. NSEC3 1 1 123 aabb00123456bbccdd s1unhcti19bkdr98fegs0v46mbu3t4m4 A MX RRSIG
+s1unhcti19bkdr98fegs0v46mbu3t4m2.example.com. NSEC3 1 1 20 01  s1unhcti19bkdr98fegs0v46mbu3t4m4 A RRSIG
+s1unhcti19bkdr98fegs0v46mbu3t4m2.example.com. NSEC3 1 1 20 02  s1unhcti19bkdr98fegs0v46mbu3t4m4 A RRSIG
+s1unhcti19bkdr98fegs0v46mbu3t4m2.example.com. NSEC3 1 1 20 03  s1unhcti19bkdr98fegs0v46mbu3t4m4 A RRSIG
+s1unhcti19bkdr98fegs0v46mbu3t4m2.example.com.   3600    IN      RRSIG   NSEC3 3 3 3600 20070926135752 20070829135752 2854 example.com. MCwCFDLy4GbR8ZaKHATVJGnGxzpsuq60AhQ1/pRbXi1ZbcYohzHgWzNC50fC5A== ;{id = 2854}
+
+SECTION ADDITIONAL
+ENTRY_END
+
+SCENARIO_END
diff --git a/src/test/resources/unbound/val_nx_nsec3_collision3.rpl b/src/test/resources/unbound/val_nx_nsec3_collision3.rpl
new file mode 100644
index 000000000..f17aec4b1
--- /dev/null
+++ b/src/test/resources/unbound/val_nx_nsec3_collision3.rpl
@@ -0,0 +1,185 @@
+; config options
+; The island of trust is at example.com
+server:
+	trust-anchor: "example.com.    3600    IN      DS      2854 3 1 46e4ffc6e9a4793b488954bd3f0cc6af0dfb201b"
+	val-override-date: "20070916134226"
+	target-fetch-policy: "0 0 0 0 0"
+
+stub-zone:
+	name: "."
+	stub-addr: 193.0.14.129 	# K.ROOT-SERVERS.NET.
+CONFIG_END
+
+SCENARIO_BEGIN Test validator with nxdomain NSEC3 with a collision.
+
+; K.ROOT-SERVERS.NET.
+RANGE_BEGIN 0 100
+	ADDRESS 193.0.14.129 
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+. IN NS
+SECTION ANSWER
+. IN NS	K.ROOT-SERVERS.NET.
+SECTION ADDITIONAL
+K.ROOT-SERVERS.NET.	IN	A	193.0.14.129
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+www.example.com. IN A
+SECTION AUTHORITY
+com.	IN NS	a.gtld-servers.net.
+SECTION ADDITIONAL
+a.gtld-servers.net.	IN 	A	192.5.6.30
+ENTRY_END
+RANGE_END
+
+; a.gtld-servers.net.
+RANGE_BEGIN 0 100
+	ADDRESS 192.5.6.30
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+com. IN NS
+SECTION ANSWER
+com.    IN NS   a.gtld-servers.net.
+SECTION ADDITIONAL
+a.gtld-servers.net.     IN      A       192.5.6.30
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+www.example.com. IN A
+SECTION AUTHORITY
+example.com.	IN NS	ns.example.com.
+SECTION ADDITIONAL
+ns.example.com.		IN 	A	1.2.3.4
+ENTRY_END
+RANGE_END
+
+; ns.example.com.
+RANGE_BEGIN 0 100
+	ADDRESS 1.2.3.4
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+example.com. IN NS
+SECTION ANSWER
+example.com.    IN NS   ns.example.com.
+example.com.    3600    IN      RRSIG   NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854}
+SECTION ADDITIONAL
+ns.example.com.         IN      A       1.2.3.4
+ns.example.com. 3600    IN      RRSIG   A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854}
+ENTRY_END
+
+; response to DNSKEY priming query
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+example.com. IN DNSKEY
+SECTION ANSWER
+example.com.    3600    IN      DNSKEY  256 3 3 ALXLUsWqUrY3JYER3T4TBJII s70j+sDS/UT2QRp61SE7S3E EXopNXoFE73JLRmvpi/UrOO/Vz4Se 6wXv/CYCKjGw06U4WRgR YXcpEhJROyNapmdIKSx hOzfLVE1gqA0PweZR8d tY3aNQSRn3sPpwJr6Mi /PqQKAMMrZ9ckJpf1+b QMOOvxgzz2U1GS18b3y ZKcgTMEaJzd/GZYzi/B N2DzQ0MsrSwYXfsNLFO Bbs8PJMW4LYIxeeOe6rUgkWOF 7CC9Dh/dduQ1QrsJhmZAEFfd6ByYV+ ;{id = 2854 (zsk), size = 1688b}
+example.com.    3600    IN      RRSIG   DNSKEY 3 2 3600 20070926134802 20070829134802 2854 example.com. MCwCFG1yhRNtTEa3Eno2zhVVuy2EJX3wAhQeLyUp6+UXcpC5qGNu9tkrTEgPUg== ;{id = 2854}
+SECTION AUTHORITY
+example.com.	IN NS	ns.example.com.
+example.com.    3600    IN      RRSIG   NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854}
+SECTION ADDITIONAL
+ns.example.com.		IN 	A	1.2.3.4
+ns.example.com. 3600    IN      RRSIG   A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854}
+ENTRY_END
+
+; response to query of interest
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NXDOMAIN
+SECTION QUESTION
+www.example.com. IN A
+SECTION ANSWER
+SECTION AUTHORITY
+example.com.	IN SOA	ns.example.com. hostmaster.example.com. 2007090400 28800 7200 604800 18000
+example.com.    3600    IN      RRSIG   SOA 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFCNGZ+/OfElYQMCZ77O9Lw9rhk7PAhUAmDcvTAst6Bq83qPq3r6c/Dm1nFc= ;{id = 2854}
+
+; some collisions added here. Say different chains are being signed
+; and some colliding NSEC3 RRs are generated.
+
+; closest encloser, H(example.com) = 6md8numosa4q9ugkffdo1bmm82t5j39s
+; for 1 1 8 - 
+6md8numosa4q9ugkffdo1bmm82t5j39s.example.com. NSEC3  1 1 123 aabb00123456bbccdd 6md8numosa4q9ugkffdo1bmm82t5j49s A RRSIG
+6md8numosa4q9ugkffdo1bmm82t5j39s.example.com. NSEC3 1 1 123 aabb00123456bbccde 6md8numosa4q9ugkffdo1bmm82t5j49s SOA NS MX DNSKEY RRSIG
+6md8numosa4q9ugkffdo1bmm82t5j39s.example.com.   3600    IN  RRSIG   NSEC3 3 3 3600 20070926115752 20070829115752 2854 example.com. ACVnRA7g5H4x/BMgcw6xpoS9amkqcAVSQA0G+QC4G3eIyjBbIogvHic=
+
+; wildcard denial, H(*.example.com.) = 4f3cnt8cu22tngec382jj4gde4rb47ub
+; for 1 1 0 - 
+4f3cnt8cu22tngec382jj4gde4rb46ub.example.com. NSEC3 1 1 18 - 4f3cnt8cu22tngec382jj4gde4rb87ub A RRSIG
+4f3cnt8cu22tngec382jj4gde4rb46ub.example.com. NSEC3 1 1 0 - 4f3cnt8cu22tngec382jj4gde4rb48ub A MX RRSIG
+4f3cnt8cu22tngec382jj4gde4rb46ub.example.com. NSEC3 1 1 19 - 4f3cnt8cu22tngec382jj4gde4rb87ub A RRSIG
+4f3cnt8cu22tngec382jj4gde4rb46ub.example.com.   3600    IN      RRSIG   NSEC3 3 3 3600 20070926135752 20070829135752 2854 example.com. MCwCFDRwji51WCXJg7W/3+Jx586af5qgAhQPxHegtzu1I/QbvCNrOOON05N1rw== ;{id = 2854}
+
+; next closer name, H(www.example.com.) = s1unhcti19bkdr98fegs0v46mbu3t4m3.
+; for 1 1 123 aaabb...
+s1unhcti19bkdr98fegs0v46mbu3t4m2.example.com. NSEC3 1 1 18 -  s1unhcti19bkdr98fegs0v46mbu3t4m4 A RRSIG
+s1unhcti19bkdr98fegs0v46mbu3t4m2.example.com. NSEC3 1 1 19 -  s1unhcti19bkdr98fegs0v46mbu3t4m4 A RRSIG
+s1unhcti19bkdr98fegs0v46mbu3t4m2.example.com. NSEC3 1 1 20 00  s1unhcti19bkdr98fegs0v46mbu3t4m4 A RRSIG
+s1unhcti19bkdr98fegs0v46mbu3t4m2.example.com. NSEC3 1 1 123 aabb00123456bbccdd s1unhcti19bkdr98fegs0v46mbu3t4m4 A MX RRSIG
+s1unhcti19bkdr98fegs0v46mbu3t4m2.example.com. NSEC3 1 1 20 01  s1unhcti19bkdr98fegs0v46mbu3t4m4 A RRSIG
+s1unhcti19bkdr98fegs0v46mbu3t4m2.example.com. NSEC3 1 1 20 02  s1unhcti19bkdr98fegs0v46mbu3t4m4 A RRSIG
+s1unhcti19bkdr98fegs0v46mbu3t4m2.example.com. NSEC3 1 1 20 03  s1unhcti19bkdr98fegs0v46mbu3t4m4 A RRSIG
+s1unhcti19bkdr98fegs0v46mbu3t4m2.example.com.   3600    IN      RRSIG   NSEC3 3 3 3600 20070926135752 20070829135752 2854 example.com. MCwCFDLy4GbR8ZaKHATVJGnGxzpsuq60AhQ1/pRbXi1ZbcYohzHgWzNC50fC5A== ;{id = 2854}
+
+ENTRY_END
+RANGE_END
+
+STEP 1 QUERY
+ENTRY_BEGIN
+REPLY RD DO
+SECTION QUESTION
+www.example.com. IN A
+ENTRY_END
+
+; recursion happens here.
+STEP 10 CHECK_ANSWER
+ENTRY_BEGIN
+MATCH all
+REPLY QR RD RA NXDOMAIN
+SECTION QUESTION
+www.example.com. IN A
+SECTION ANSWER
+SECTION AUTHORITY
+example.com.	IN SOA	ns.example.com. hostmaster.example.com. 2007090400 28800 7200 604800 18000
+example.com.    3600    IN      RRSIG   SOA 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFCNGZ+/OfElYQMCZ77O9Lw9rhk7PAhUAmDcvTAst6Bq83qPq3r6c/Dm1nFc= ;{id = 2854}
+6md8numosa4q9ugkffdo1bmm82t5j39s.example.com. NSEC3  1 1 123 aabb00123456bbccdd 6md8numosa4q9ugkffdo1bmm82t5j49s A RRSIG
+6md8numosa4q9ugkffdo1bmm82t5j39s.example.com. NSEC3 1 1 123 aabb00123456bbccde 6md8numosa4q9ugkffdo1bmm82t5j49s SOA NS MX DNSKEY RRSIG
+6md8numosa4q9ugkffdo1bmm82t5j39s.example.com.   3600    IN  RRSIG   NSEC3 3 3 3600 20070926115752 20070829115752 2854 example.com. ACVnRA7g5H4x/BMgcw6xpoS9amkqcAVSQA0G+QC4G3eIyjBbIogvHic=
+4f3cnt8cu22tngec382jj4gde4rb46ub.example.com. NSEC3 1 1 18 - 4f3cnt8cu22tngec382jj4gde4rb87ub A RRSIG
+4f3cnt8cu22tngec382jj4gde4rb46ub.example.com. NSEC3 1 1 0 - 4f3cnt8cu22tngec382jj4gde4rb48ub A MX RRSIG
+4f3cnt8cu22tngec382jj4gde4rb46ub.example.com. NSEC3 1 1 19 - 4f3cnt8cu22tngec382jj4gde4rb87ub A RRSIG
+4f3cnt8cu22tngec382jj4gde4rb46ub.example.com.   3600    IN      RRSIG   NSEC3 3 3 3600 20070926135752 20070829135752 2854 example.com. MCwCFDRwji51WCXJg7W/3+Jx586af5qgAhQPxHegtzu1I/QbvCNrOOON05N1rw== ;{id = 2854}
+s1unhcti19bkdr98fegs0v46mbu3t4m2.example.com. NSEC3 1 1 18 -  s1unhcti19bkdr98fegs0v46mbu3t4m4 A RRSIG
+s1unhcti19bkdr98fegs0v46mbu3t4m2.example.com. NSEC3 1 1 19 -  s1unhcti19bkdr98fegs0v46mbu3t4m4 A RRSIG
+s1unhcti19bkdr98fegs0v46mbu3t4m2.example.com. NSEC3 1 1 20 00  s1unhcti19bkdr98fegs0v46mbu3t4m4 A RRSIG
+s1unhcti19bkdr98fegs0v46mbu3t4m2.example.com. NSEC3 1 1 123 aabb00123456bbccdd s1unhcti19bkdr98fegs0v46mbu3t4m4 A MX RRSIG
+s1unhcti19bkdr98fegs0v46mbu3t4m2.example.com. NSEC3 1 1 20 01  s1unhcti19bkdr98fegs0v46mbu3t4m4 A RRSIG
+s1unhcti19bkdr98fegs0v46mbu3t4m2.example.com. NSEC3 1 1 20 02  s1unhcti19bkdr98fegs0v46mbu3t4m4 A RRSIG
+s1unhcti19bkdr98fegs0v46mbu3t4m2.example.com. NSEC3 1 1 20 03  s1unhcti19bkdr98fegs0v46mbu3t4m4 A RRSIG
+s1unhcti19bkdr98fegs0v46mbu3t4m2.example.com.   3600    IN      RRSIG   NSEC3 3 3 3600 20070926135752 20070829135752 2854 example.com. MCwCFDLy4GbR8ZaKHATVJGnGxzpsuq60AhQ1/pRbXi1ZbcYohzHgWzNC50fC5A== ;{id = 2854}
+
+SECTION ADDITIONAL
+ENTRY_END
+
+SCENARIO_END
diff --git a/src/test/resources/unbound/val_nx_nsec3_collision4.rpl b/src/test/resources/unbound/val_nx_nsec3_collision4.rpl
new file mode 100644
index 000000000..2d20bfd5e
--- /dev/null
+++ b/src/test/resources/unbound/val_nx_nsec3_collision4.rpl
@@ -0,0 +1,185 @@
+; config options
+; The island of trust is at example.com
+server:
+	trust-anchor: "example.com.    3600    IN      DS      2854 3 1 46e4ffc6e9a4793b488954bd3f0cc6af0dfb201b"
+	val-override-date: "20070916134226"
+	target-fetch-policy: "0 0 0 0 0"
+
+stub-zone:
+	name: "."
+	stub-addr: 193.0.14.129 	# K.ROOT-SERVERS.NET.
+CONFIG_END
+
+SCENARIO_BEGIN Test validator with nxdomain NSEC3 with a collision.
+
+; K.ROOT-SERVERS.NET.
+RANGE_BEGIN 0 100
+	ADDRESS 193.0.14.129 
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+. IN NS
+SECTION ANSWER
+. IN NS	K.ROOT-SERVERS.NET.
+SECTION ADDITIONAL
+K.ROOT-SERVERS.NET.	IN	A	193.0.14.129
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+www.example.com. IN A
+SECTION AUTHORITY
+com.	IN NS	a.gtld-servers.net.
+SECTION ADDITIONAL
+a.gtld-servers.net.	IN 	A	192.5.6.30
+ENTRY_END
+RANGE_END
+
+; a.gtld-servers.net.
+RANGE_BEGIN 0 100
+	ADDRESS 192.5.6.30
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+com. IN NS
+SECTION ANSWER
+com.    IN NS   a.gtld-servers.net.
+SECTION ADDITIONAL
+a.gtld-servers.net.     IN      A       192.5.6.30
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+www.example.com. IN A
+SECTION AUTHORITY
+example.com.	IN NS	ns.example.com.
+SECTION ADDITIONAL
+ns.example.com.		IN 	A	1.2.3.4
+ENTRY_END
+RANGE_END
+
+; ns.example.com.
+RANGE_BEGIN 0 100
+	ADDRESS 1.2.3.4
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+example.com. IN NS
+SECTION ANSWER
+example.com.    IN NS   ns.example.com.
+example.com.    3600    IN      RRSIG   NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854}
+SECTION ADDITIONAL
+ns.example.com.         IN      A       1.2.3.4
+ns.example.com. 3600    IN      RRSIG   A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854}
+ENTRY_END
+
+; response to DNSKEY priming query
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+example.com. IN DNSKEY
+SECTION ANSWER
+example.com.    3600    IN      DNSKEY  256 3 3 ALXLUsWqUrY3JYER3T4TBJII s70j+sDS/UT2QRp61SE7S3E EXopNXoFE73JLRmvpi/UrOO/Vz4Se 6wXv/CYCKjGw06U4WRgR YXcpEhJROyNapmdIKSx hOzfLVE1gqA0PweZR8d tY3aNQSRn3sPpwJr6Mi /PqQKAMMrZ9ckJpf1+b QMOOvxgzz2U1GS18b3y ZKcgTMEaJzd/GZYzi/B N2DzQ0MsrSwYXfsNLFO Bbs8PJMW4LYIxeeOe6rUgkWOF 7CC9Dh/dduQ1QrsJhmZAEFfd6ByYV+ ;{id = 2854 (zsk), size = 1688b}
+example.com.    3600    IN      RRSIG   DNSKEY 3 2 3600 20070926134802 20070829134802 2854 example.com. MCwCFG1yhRNtTEa3Eno2zhVVuy2EJX3wAhQeLyUp6+UXcpC5qGNu9tkrTEgPUg== ;{id = 2854}
+SECTION AUTHORITY
+example.com.	IN NS	ns.example.com.
+example.com.    3600    IN      RRSIG   NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854}
+SECTION ADDITIONAL
+ns.example.com.		IN 	A	1.2.3.4
+ns.example.com. 3600    IN      RRSIG   A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854}
+ENTRY_END
+
+; response to query of interest
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NXDOMAIN
+SECTION QUESTION
+www.example.com. IN A
+SECTION ANSWER
+SECTION AUTHORITY
+example.com.	IN SOA	ns.example.com. hostmaster.example.com. 2007090400 28800 7200 604800 18000
+example.com.    3600    IN      RRSIG   SOA 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFCNGZ+/OfElYQMCZ77O9Lw9rhk7PAhUAmDcvTAst6Bq83qPq3r6c/Dm1nFc= ;{id = 2854}
+
+; some collisions added here. Say different chains are being signed
+; and some colliding NSEC3 RRs are generated.
+
+; closest encloser, H(example.com) = 6md8numosa4q9ugkffdo1bmm82t5j39s
+; for 1 1 8 - 
+6md8numosa4q9ugkffdo1bmm82t5j39s.example.com. NSEC3  1 1 123 aabb00123456bbccdd 6md8numosa4q9ugkffdo1bmm82t5j49s A RRSIG
+6md8numosa4q9ugkffdo1bmm82t5j39s.example.com. NSEC3 255 1 123 aabb00123456bbccde 6md8numosa4q9ugkffdo1bmm82t5j49s SOA NS MX DNSKEY RRSIG
+6md8numosa4q9ugkffdo1bmm82t5j39s.example.com.   3600    IN  RRSIG   NSEC3 3 3 3600 20070926115752 20070829115752 2854 example.com. AD8aB+T5nfcJUatP7WxLgUMzwByVMnTWY2T5ZDPKZri011kQC3lt7qQ=
+
+; wildcard denial, H(*.example.com.) = 4f3cnt8cu22tngec382jj4gde4rb47ub
+; for 1 1 0 - 
+4f3cnt8cu22tngec382jj4gde4rb46ub.example.com. NSEC3 1 1 18 - 4f3cnt8cu22tngec382jj4gde4rb87ub A RRSIG
+4f3cnt8cu22tngec382jj4gde4rb46ub.example.com. NSEC3 1 1 0 - 4f3cnt8cu22tngec382jj4gde4rb48ub A MX RRSIG
+4f3cnt8cu22tngec382jj4gde4rb46ub.example.com. NSEC3 1 1 19 - 4f3cnt8cu22tngec382jj4gde4rb87ub A RRSIG
+4f3cnt8cu22tngec382jj4gde4rb46ub.example.com.   3600    IN      RRSIG   NSEC3 3 3 3600 20070926135752 20070829135752 2854 example.com. MCwCFDRwji51WCXJg7W/3+Jx586af5qgAhQPxHegtzu1I/QbvCNrOOON05N1rw== ;{id = 2854}
+
+; next closer name, H(www.example.com.) = s1unhcti19bkdr98fegs0v46mbu3t4m3.
+; for 1 1 123 aaabb...
+s1unhcti19bkdr98fegs0v46mbu3t4m2.example.com. NSEC3 1 1 18 -  s1unhcti19bkdr98fegs0v46mbu3t4m4 A RRSIG
+s1unhcti19bkdr98fegs0v46mbu3t4m2.example.com. NSEC3 1 1 19 -  s1unhcti19bkdr98fegs0v46mbu3t4m4 A RRSIG
+s1unhcti19bkdr98fegs0v46mbu3t4m2.example.com. NSEC3 1 1 20 00  s1unhcti19bkdr98fegs0v46mbu3t4m4 A RRSIG
+s1unhcti19bkdr98fegs0v46mbu3t4m2.example.com. NSEC3 1 1 123 aabb00123456bbccdd s1unhcti19bkdr98fegs0v46mbu3t4m4 A MX RRSIG
+s1unhcti19bkdr98fegs0v46mbu3t4m2.example.com. NSEC3 1 1 20 01  s1unhcti19bkdr98fegs0v46mbu3t4m4 A RRSIG
+s1unhcti19bkdr98fegs0v46mbu3t4m2.example.com. NSEC3 1 1 20 02  s1unhcti19bkdr98fegs0v46mbu3t4m4 A RRSIG
+s1unhcti19bkdr98fegs0v46mbu3t4m2.example.com. NSEC3 1 1 20 03  s1unhcti19bkdr98fegs0v46mbu3t4m4 A RRSIG
+s1unhcti19bkdr98fegs0v46mbu3t4m2.example.com.   3600    IN      RRSIG   NSEC3 3 3 3600 20070926135752 20070829135752 2854 example.com. MCwCFDLy4GbR8ZaKHATVJGnGxzpsuq60AhQ1/pRbXi1ZbcYohzHgWzNC50fC5A== ;{id = 2854}
+
+ENTRY_END
+RANGE_END
+
+STEP 1 QUERY
+ENTRY_BEGIN
+REPLY RD DO
+SECTION QUESTION
+www.example.com. IN A
+ENTRY_END
+
+; recursion happens here.
+STEP 10 CHECK_ANSWER
+ENTRY_BEGIN
+MATCH all
+REPLY QR RD RA NXDOMAIN
+SECTION QUESTION
+www.example.com. IN A
+SECTION ANSWER
+SECTION AUTHORITY
+example.com.	IN SOA	ns.example.com. hostmaster.example.com. 2007090400 28800 7200 604800 18000
+example.com.    3600    IN      RRSIG   SOA 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFCNGZ+/OfElYQMCZ77O9Lw9rhk7PAhUAmDcvTAst6Bq83qPq3r6c/Dm1nFc= ;{id = 2854}
+6md8numosa4q9ugkffdo1bmm82t5j39s.example.com. NSEC3  1 1 123 aabb00123456bbccdd 6md8numosa4q9ugkffdo1bmm82t5j49s A RRSIG
+6md8numosa4q9ugkffdo1bmm82t5j39s.example.com. NSEC3 255 1 123 aabb00123456bbccde 6md8numosa4q9ugkffdo1bmm82t5j49s SOA NS MX DNSKEY RRSIG
+6md8numosa4q9ugkffdo1bmm82t5j39s.example.com.   3600    IN  RRSIG   NSEC3 3 3 3600 20070926115752 20070829115752 2854 example.com. AD8aB+T5nfcJUatP7WxLgUMzwByVMnTWY2T5ZDPKZri011kQC3lt7qQ=
+4f3cnt8cu22tngec382jj4gde4rb46ub.example.com. NSEC3 1 1 18 - 4f3cnt8cu22tngec382jj4gde4rb87ub A RRSIG
+4f3cnt8cu22tngec382jj4gde4rb46ub.example.com. NSEC3 1 1 0 - 4f3cnt8cu22tngec382jj4gde4rb48ub A MX RRSIG
+4f3cnt8cu22tngec382jj4gde4rb46ub.example.com. NSEC3 1 1 19 - 4f3cnt8cu22tngec382jj4gde4rb87ub A RRSIG
+4f3cnt8cu22tngec382jj4gde4rb46ub.example.com.   3600    IN      RRSIG   NSEC3 3 3 3600 20070926135752 20070829135752 2854 example.com. MCwCFDRwji51WCXJg7W/3+Jx586af5qgAhQPxHegtzu1I/QbvCNrOOON05N1rw== ;{id = 2854}
+s1unhcti19bkdr98fegs0v46mbu3t4m2.example.com. NSEC3 1 1 18 -  s1unhcti19bkdr98fegs0v46mbu3t4m4 A RRSIG
+s1unhcti19bkdr98fegs0v46mbu3t4m2.example.com. NSEC3 1 1 19 -  s1unhcti19bkdr98fegs0v46mbu3t4m4 A RRSIG
+s1unhcti19bkdr98fegs0v46mbu3t4m2.example.com. NSEC3 1 1 20 00  s1unhcti19bkdr98fegs0v46mbu3t4m4 A RRSIG
+s1unhcti19bkdr98fegs0v46mbu3t4m2.example.com. NSEC3 1 1 123 aabb00123456bbccdd s1unhcti19bkdr98fegs0v46mbu3t4m4 A MX RRSIG
+s1unhcti19bkdr98fegs0v46mbu3t4m2.example.com. NSEC3 1 1 20 01  s1unhcti19bkdr98fegs0v46mbu3t4m4 A RRSIG
+s1unhcti19bkdr98fegs0v46mbu3t4m2.example.com. NSEC3 1 1 20 02  s1unhcti19bkdr98fegs0v46mbu3t4m4 A RRSIG
+s1unhcti19bkdr98fegs0v46mbu3t4m2.example.com. NSEC3 1 1 20 03  s1unhcti19bkdr98fegs0v46mbu3t4m4 A RRSIG
+s1unhcti19bkdr98fegs0v46mbu3t4m2.example.com.   3600    IN      RRSIG   NSEC3 3 3 3600 20070926135752 20070829135752 2854 example.com. MCwCFDLy4GbR8ZaKHATVJGnGxzpsuq60AhQ1/pRbXi1ZbcYohzHgWzNC50fC5A== ;{id = 2854}
+
+SECTION ADDITIONAL
+ENTRY_END
+
+SCENARIO_END
diff --git a/src/test/resources/unbound/val_nx_nsec3_hashalg.rpl b/src/test/resources/unbound/val_nx_nsec3_hashalg.rpl
new file mode 100644
index 000000000..b4741103f
--- /dev/null
+++ b/src/test/resources/unbound/val_nx_nsec3_hashalg.rpl
@@ -0,0 +1,161 @@
+; config options
+; The island of trust is at example.com
+server:
+	trust-anchor: "example.com.    3600    IN      DS      2854 3 1 46e4ffc6e9a4793b488954bd3f0cc6af0dfb201b"
+	val-override-date: "20070916134226"
+	target-fetch-policy: "0 0 0 0 0"
+
+stub-zone:
+	name: "."
+	stub-addr: 193.0.14.129 	# K.ROOT-SERVERS.NET.
+CONFIG_END
+
+SCENARIO_BEGIN Test validator with unknown NSEC3 hash algorithm.
+
+; K.ROOT-SERVERS.NET.
+RANGE_BEGIN 0 100
+	ADDRESS 193.0.14.129 
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+. IN NS
+SECTION ANSWER
+. IN NS	K.ROOT-SERVERS.NET.
+SECTION ADDITIONAL
+K.ROOT-SERVERS.NET.	IN	A	193.0.14.129
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+www.example.com. IN A
+SECTION AUTHORITY
+com.	IN NS	a.gtld-servers.net.
+SECTION ADDITIONAL
+a.gtld-servers.net.	IN 	A	192.5.6.30
+ENTRY_END
+RANGE_END
+
+; a.gtld-servers.net.
+RANGE_BEGIN 0 100
+	ADDRESS 192.5.6.30
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+com. IN NS
+SECTION ANSWER
+com.    IN NS   a.gtld-servers.net.
+SECTION ADDITIONAL
+a.gtld-servers.net.     IN      A       192.5.6.30
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+www.example.com. IN A
+SECTION AUTHORITY
+example.com.	IN NS	ns.example.com.
+SECTION ADDITIONAL
+ns.example.com.		IN 	A	1.2.3.4
+ENTRY_END
+RANGE_END
+
+; ns.example.com.
+RANGE_BEGIN 0 100
+	ADDRESS 1.2.3.4
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+example.com. IN NS
+SECTION ANSWER
+example.com.    IN NS   ns.example.com.
+example.com.    3600    IN      RRSIG   NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854}
+SECTION ADDITIONAL
+ns.example.com.         IN      A       1.2.3.4
+ns.example.com. 3600    IN      RRSIG   A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854}
+ENTRY_END
+
+; response to DNSKEY priming query
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+example.com. IN DNSKEY
+SECTION ANSWER
+example.com.    3600    IN      DNSKEY  256 3 3 ALXLUsWqUrY3JYER3T4TBJII s70j+sDS/UT2QRp61SE7S3E EXopNXoFE73JLRmvpi/UrOO/Vz4Se 6wXv/CYCKjGw06U4WRgR YXcpEhJROyNapmdIKSx hOzfLVE1gqA0PweZR8d tY3aNQSRn3sPpwJr6Mi /PqQKAMMrZ9ckJpf1+b QMOOvxgzz2U1GS18b3y ZKcgTMEaJzd/GZYzi/B N2DzQ0MsrSwYXfsNLFO Bbs8PJMW4LYIxeeOe6rUgkWOF 7CC9Dh/dduQ1QrsJhmZAEFfd6ByYV+ ;{id = 2854 (zsk), size = 1688b}
+example.com.    3600    IN      RRSIG   DNSKEY 3 2 3600 20070926134802 20070829134802 2854 example.com. MCwCFG1yhRNtTEa3Eno2zhVVuy2EJX3wAhQeLyUp6+UXcpC5qGNu9tkrTEgPUg== ;{id = 2854}
+SECTION AUTHORITY
+example.com.	IN NS	ns.example.com.
+example.com.    3600    IN      RRSIG   NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854}
+SECTION ADDITIONAL
+ns.example.com.		IN 	A	1.2.3.4
+ns.example.com. 3600    IN      RRSIG   A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854}
+ENTRY_END
+
+; response to query of interest
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NXDOMAIN
+SECTION QUESTION
+www.example.com. IN A
+SECTION ANSWER
+SECTION AUTHORITY
+example.com.	IN SOA	ns.example.com. hostmaster.example.com. 2007090400 28800 7200 604800 18000
+example.com.    3600    IN      RRSIG   SOA 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFCNGZ+/OfElYQMCZ77O9Lw9rhk7PAhUAmDcvTAst6Bq83qPq3r6c/Dm1nFc= ;{id = 2854}
+
+; closest encloser, H(example.com).
+6md8numosa4q9ugkffdo1bmm82t5j39s.example.com. 3600 IN NSEC3 255 1 8 - 6md8numosa4q9ugkffdo1bmm82t5j49s SOA NS MX DNSKEY RRSIG
+6md8numosa4q9ugkffdo1bmm82t5j39s.example.com.   3600    IN  RRSIG   NSEC3 3 3 3600 20070926115752 20070829115752 2854 example.com. AAjRJ6G5VolBi6wQ8fO1gzgDZTEAPVLPc0YhnDLLNfl1hYxJVyLqd6A=
+
+; wildcard denial, H(*.example.com.) = 4f3cnt8cu22tngec382jj4gde4rb47ub
+4f3cnt8cu22tngec382jj4gde4rb46ub.example.com. NSEC3 1 1 0 - 4f3cnt8cu22tngec382jj4gde4rb48ub A MX RRSIG
+4f3cnt8cu22tngec382jj4gde4rb46ub.example.com.   3600    IN      RRSIG   NSEC3 3 3 3600 20070926135752 20070829135752 2854 example.com. MCwCFHS+i/OB/V/gYmS1eQTXieXIXGjsAhQQ0Ql7TW/hsUklrb0DfoyhVPG95Q== ;{id = 2854}
+
+; next closer name, H(www.example.com.) = s1unhcti19bkdr98fegs0v46mbu3t4m3.
+s1unhcti19bkdr98fegs0v46mbu3t4m2.example.com. NSEC3 1 1 123 aabb00123456bbccdd s1unhcti19bkdr98fegs0v46mbu3t4m4 A MX RRSIG
+s1unhcti19bkdr98fegs0v46mbu3t4m2.example.com.   3600    IN      RRSIG   NSEC3 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFFSH4klZKke48dYyddYDj17gjTS0AhUAltWicpFLWqW98/Af9Qlx70MH8o4= ;{id = 2854}
+
+ENTRY_END
+RANGE_END
+
+STEP 1 QUERY
+ENTRY_BEGIN
+REPLY RD DO
+SECTION QUESTION
+www.example.com. IN A
+ENTRY_END
+
+; recursion happens here.
+STEP 10 CHECK_ANSWER
+ENTRY_BEGIN
+MATCH all
+REPLY QR RD RA NXDOMAIN
+SECTION QUESTION
+www.example.com. IN A
+SECTION ANSWER
+SECTION AUTHORITY
+example.com.	IN SOA	ns.example.com. hostmaster.example.com. 2007090400 28800 7200 604800 18000
+example.com.    3600    IN      RRSIG   SOA 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFCNGZ+/OfElYQMCZ77O9Lw9rhk7PAhUAmDcvTAst6Bq83qPq3r6c/Dm1nFc= ;{id = 2854}
+6md8numosa4q9ugkffdo1bmm82t5j39s.example.com. 3600 IN NSEC3 255 1 8 - 6md8numosa4q9ugkffdo1bmm82t5j49s SOA NS MX DNSKEY RRSIG
+6md8numosa4q9ugkffdo1bmm82t5j39s.example.com.   3600    IN  RRSIG   NSEC3 3 3 3600 20070926115752 20070829115752 2854 example.com. AAjRJ6G5VolBi6wQ8fO1gzgDZTEAPVLPc0YhnDLLNfl1hYxJVyLqd6A=
+4f3cnt8cu22tngec382jj4gde4rb46ub.example.com. NSEC3 1 1 0 - 4f3cnt8cu22tngec382jj4gde4rb48ub A MX RRSIG
+4f3cnt8cu22tngec382jj4gde4rb46ub.example.com.   3600    IN      RRSIG   NSEC3 3 3 3600 20070926135752 20070829135752 2854 example.com. MCwCFHS+i/OB/V/gYmS1eQTXieXIXGjsAhQQ0Ql7TW/hsUklrb0DfoyhVPG95Q== ;{id = 2854}
+s1unhcti19bkdr98fegs0v46mbu3t4m2.example.com. NSEC3 1 1 123 aabb00123456bbccdd s1unhcti19bkdr98fegs0v46mbu3t4m4 A MX RRSIG
+s1unhcti19bkdr98fegs0v46mbu3t4m2.example.com.   3600    IN      RRSIG   NSEC3 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFFSH4klZKke48dYyddYDj17gjTS0AhUAltWicpFLWqW98/Af9Qlx70MH8o4= ;{id = 2854}
+
+SECTION ADDITIONAL
+ENTRY_END
+
+SCENARIO_END
diff --git a/src/test/resources/unbound/val_nx_nsec3_nsecmix.rpl b/src/test/resources/unbound/val_nx_nsec3_nsecmix.rpl
new file mode 100644
index 000000000..0396c6132
--- /dev/null
+++ b/src/test/resources/unbound/val_nx_nsec3_nsecmix.rpl
@@ -0,0 +1,167 @@
+; config options
+; The island of trust is at example.com
+server:
+	trust-anchor: "example.com.    3600    IN      DS      2854 3 1 46e4ffc6e9a4793b488954bd3f0cc6af0dfb201b"
+	val-override-date: "20070916134226"
+	target-fetch-policy: "0 0 0 0 0"
+
+stub-zone:
+	name: "."
+	stub-addr: 193.0.14.129 	# K.ROOT-SERVERS.NET.
+CONFIG_END
+
+SCENARIO_BEGIN Test validator with NSEC3 responses that has an NSEC mixed in.
+
+; K.ROOT-SERVERS.NET.
+RANGE_BEGIN 0 100
+    ADDRESS 193.0.14.129 
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+. IN NS
+SECTION ANSWER
+. IN NS K.ROOT-SERVERS.NET.
+SECTION ADDITIONAL
+K.ROOT-SERVERS.NET. IN  A   193.0.14.129
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+www.example.com. IN A
+SECTION AUTHORITY
+com.    IN NS   a.gtld-servers.net.
+SECTION ADDITIONAL
+a.gtld-servers.net. IN  A   192.5.6.30
+ENTRY_END
+RANGE_END
+
+; a.gtld-servers.net.
+RANGE_BEGIN 0 100
+    ADDRESS 192.5.6.30
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+com. IN NS
+SECTION ANSWER
+com.    IN NS   a.gtld-servers.net.
+SECTION ADDITIONAL
+a.gtld-servers.net.     IN      A       192.5.6.30
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+www.example.com. IN A
+SECTION AUTHORITY
+example.com.    IN NS   ns.example.com.
+SECTION ADDITIONAL
+ns.example.com.     IN  A   1.2.3.4
+ENTRY_END
+RANGE_END
+
+; ns.example.com.
+RANGE_BEGIN 0 100
+    ADDRESS 1.2.3.4
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+example.com. IN NS
+SECTION ANSWER
+example.com.    IN NS   ns.example.com.
+example.com.    3600    IN      RRSIG   NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854}
+SECTION ADDITIONAL
+ns.example.com.         IN      A       1.2.3.4
+ns.example.com. 3600    IN      RRSIG   A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854}
+ENTRY_END
+
+; response to DNSKEY priming query
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+example.com. IN DNSKEY
+SECTION ANSWER
+example.com.    3600    IN      DNSKEY  256 3 3 ALXLUsWqUrY3JYER3T4TBJII s70j+sDS/UT2QRp61SE7S3E EXopNXoFE73JLRmvpi/UrOO/Vz4Se 6wXv/CYCKjGw06U4WRgR YXcpEhJROyNapmdIKSx hOzfLVE1gqA0PweZR8d tY3aNQSRn3sPpwJr6Mi /PqQKAMMrZ9ckJpf1+b QMOOvxgzz2U1GS18b3y ZKcgTMEaJzd/GZYzi/B N2DzQ0MsrSwYXfsNLFO Bbs8PJMW4LYIxeeOe6rUgkWOF 7CC9Dh/dduQ1QrsJhmZAEFfd6ByYV+ ;{id = 2854 (zsk), size = 1688b}
+example.com.    3600    IN      RRSIG   DNSKEY 3 2 3600 20070926134802 20070829134802 2854 example.com. MCwCFG1yhRNtTEa3Eno2zhVVuy2EJX3wAhQeLyUp6+UXcpC5qGNu9tkrTEgPUg== ;{id = 2854}
+SECTION AUTHORITY
+example.com.    IN NS   ns.example.com.
+example.com.    3600    IN      RRSIG   NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854}
+SECTION ADDITIONAL
+ns.example.com.     IN  A   1.2.3.4
+ns.example.com. 3600    IN      RRSIG   A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854}
+ENTRY_END
+
+; response to query of interest
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NXDOMAIN
+SECTION QUESTION
+www.example.com. IN A
+SECTION ANSWER
+SECTION AUTHORITY
+example.com.    IN SOA  ns.example.com. hostmaster.example.com. 2007090400 28800 7200 604800 18000
+example.com.    3600    IN      RRSIG   SOA 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFCNGZ+/OfElYQMCZ77O9Lw9rhk7PAhUAmDcvTAst6Bq83qPq3r6c/Dm1nFc= ;{id = 2854}
+
+wab.example.com.        IN      NSEC    wzz.example.com. A NSEC RRSIG
+wab.example.com.        3600    IN      RRSIG   NSEC 3 3 3600 20070926134150 20070829134150 2854 example.com. MC0CFG5DZSEIZC088rjcB1e6sQx8nQz4AhUAtQ09tP1YYLJkhL/Wg1KV2pW4Ivk= ;{id = 2854}
+
+; NSEC3
+; closest encloser, H(example.com).
+6md8numosa4q9ugkffdo1bmm82t5j39s.example.com. NSEC3 1 1 8 - 6md8numosa4q9ugkffdo1bmm82t5j49s SOA NS MX DNSKEY RRSIG
+6md8numosa4q9ugkffdo1bmm82t5j39s.example.com.   3600    IN      RRSIG   NSEC3 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCz/LkFOFcaQzVnyySW9ZoVUnxh7gIUdxyS9vqVDzo8pGhFU+3YogN2ZRk= ;{id = 2854}
+
+; wildcard denial, H(*.example.com.) = 4f3cnt8cu22tngec382jj4gde4rb47ub
+4f3cnt8cu22tngec382jj4gde4rb46ub.example.com. NSEC3 1 1 0 - 4f3cnt8cu22tngec382jj4gde4rb48ub A MX RRSIG
+4f3cnt8cu22tngec382jj4gde4rb46ub.example.com.   3600    IN      RRSIG   NSEC3 3 3 3600 20070926135752 20070829135752 2854 example.com. MCwCFHS+i/OB/V/gYmS1eQTXieXIXGjsAhQQ0Ql7TW/hsUklrb0DfoyhVPG95Q== ;{id = 2854}
+
+; next closer name, H(www.example.com.) = s1unhcti19bkdr98fegs0v46mbu3t4m3.
+s1unhcti19bkdr98fegs0v46mbu3t4m2.example.com. NSEC3 1 1 123 aabb00123456bbccdd s1unhcti19bkdr98fegs0v46mbu3t4m4 A MX RRSIG
+s1unhcti19bkdr98fegs0v46mbu3t4m2.example.com.   3600    IN      RRSIG   NSEC3 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFFSH4klZKke48dYyddYDj17gjTS0AhUAltWicpFLWqW98/Af9Qlx70MH8o4= ;{id = 2854}
+
+ENTRY_END
+RANGE_END
+
+STEP 1 QUERY
+ENTRY_BEGIN
+REPLY RD DO
+SECTION QUESTION
+www.example.com. IN A
+ENTRY_END
+
+; recursion happens here.
+STEP 10 CHECK_ANSWER
+ENTRY_BEGIN
+MATCH all
+REPLY QR RD RA NXDOMAIN
+SECTION QUESTION
+www.example.com. IN A
+SECTION ANSWER
+SECTION AUTHORITY
+example.com.    IN SOA  ns.example.com. hostmaster.example.com. 2007090400 28800 7200 604800 18000
+example.com.    3600    IN      RRSIG   SOA 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFCNGZ+/OfElYQMCZ77O9Lw9rhk7PAhUAmDcvTAst6Bq83qPq3r6c/Dm1nFc= ;{id = 2854}
+wab.example.com.        IN      NSEC    wzz.example.com. A NSEC RRSIG
+wab.example.com.        3600    IN      RRSIG   NSEC 3 3 3600 20070926134150 20070829134150 2854 example.com. MC0CFG5DZSEIZC088rjcB1e6sQx8nQz4AhUAtQ09tP1YYLJkhL/Wg1KV2pW4Ivk= ;{id = 2854}
+6md8numosa4q9ugkffdo1bmm82t5j39s.example.com. NSEC3 1 1 8 - 6md8numosa4q9ugkffdo1bmm82t5j49s SOA NS MX DNSKEY RRSIG
+6md8numosa4q9ugkffdo1bmm82t5j39s.example.com.   3600    IN      RRSIG   NSEC3 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCz/LkFOFcaQzVnyySW9ZoVUnxh7gIUdxyS9vqVDzo8pGhFU+3YogN2ZRk= ;{id = 2854}
+4f3cnt8cu22tngec382jj4gde4rb46ub.example.com. NSEC3 1 1 0 - 4f3cnt8cu22tngec382jj4gde4rb48ub A MX RRSIG
+4f3cnt8cu22tngec382jj4gde4rb46ub.example.com.   3600    IN      RRSIG   NSEC3 3 3 3600 20070926135752 20070829135752 2854 example.com. MCwCFHS+i/OB/V/gYmS1eQTXieXIXGjsAhQQ0Ql7TW/hsUklrb0DfoyhVPG95Q== ;{id = 2854}
+s1unhcti19bkdr98fegs0v46mbu3t4m2.example.com. NSEC3 1 1 123 aabb00123456bbccdd s1unhcti19bkdr98fegs0v46mbu3t4m4 A MX RRSIG
+s1unhcti19bkdr98fegs0v46mbu3t4m2.example.com.   3600    IN      RRSIG   NSEC3 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFFSH4klZKke48dYyddYDj17gjTS0AhUAltWicpFLWqW98/Af9Qlx70MH8o4= ;{id = 2854}
+
+SECTION ADDITIONAL
+ENTRY_END
+
+SCENARIO_END
diff --git a/src/test/resources/unbound/val_nx_nsec3_params.rpl b/src/test/resources/unbound/val_nx_nsec3_params.rpl
new file mode 100644
index 000000000..dd3ab6b57
--- /dev/null
+++ b/src/test/resources/unbound/val_nx_nsec3_params.rpl
@@ -0,0 +1,164 @@
+; config options
+; The island of trust is at example.com
+server:
+	trust-anchor: "example.com.    3600    IN      DS      2854 3 1 46e4ffc6e9a4793b488954bd3f0cc6af0dfb201b"
+	val-override-date: "20070916134226"
+	target-fetch-policy: "0 0 0 0 0"
+	qname-minimisation: "no"
+	fake-sha1: yes
+	trust-anchor-signaling: no
+
+stub-zone:
+	name: "."
+	stub-addr: 193.0.14.129 	# K.ROOT-SERVERS.NET.
+CONFIG_END
+
+SCENARIO_BEGIN Test validator with nxdomain NSEC3 several parameters.
+
+; K.ROOT-SERVERS.NET.
+RANGE_BEGIN 0 100
+	ADDRESS 193.0.14.129 
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+. IN NS
+SECTION ANSWER
+. IN NS	K.ROOT-SERVERS.NET.
+SECTION ADDITIONAL
+K.ROOT-SERVERS.NET.	IN	A	193.0.14.129
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+www.example.com. IN A
+SECTION AUTHORITY
+com.	IN NS	a.gtld-servers.net.
+SECTION ADDITIONAL
+a.gtld-servers.net.	IN 	A	192.5.6.30
+ENTRY_END
+RANGE_END
+
+; a.gtld-servers.net.
+RANGE_BEGIN 0 100
+	ADDRESS 192.5.6.30
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+com. IN NS
+SECTION ANSWER
+com.    IN NS   a.gtld-servers.net.
+SECTION ADDITIONAL
+a.gtld-servers.net.     IN      A       192.5.6.30
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+www.example.com. IN A
+SECTION AUTHORITY
+example.com.	IN NS	ns.example.com.
+SECTION ADDITIONAL
+ns.example.com.		IN 	A	1.2.3.4
+ENTRY_END
+RANGE_END
+
+; ns.example.com.
+RANGE_BEGIN 0 100
+	ADDRESS 1.2.3.4
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+example.com. IN NS
+SECTION ANSWER
+example.com.    IN NS   ns.example.com.
+example.com.    3600    IN      RRSIG   NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854}
+SECTION ADDITIONAL
+ns.example.com.         IN      A       1.2.3.4
+ns.example.com. 3600    IN      RRSIG   A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854}
+ENTRY_END
+
+; response to DNSKEY priming query
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+example.com. IN DNSKEY
+SECTION ANSWER
+example.com.    3600    IN      DNSKEY  256 3 3 ALXLUsWqUrY3JYER3T4TBJII s70j+sDS/UT2QRp61SE7S3E EXopNXoFE73JLRmvpi/UrOO/Vz4Se 6wXv/CYCKjGw06U4WRgR YXcpEhJROyNapmdIKSx hOzfLVE1gqA0PweZR8d tY3aNQSRn3sPpwJr6Mi /PqQKAMMrZ9ckJpf1+b QMOOvxgzz2U1GS18b3y ZKcgTMEaJzd/GZYzi/B N2DzQ0MsrSwYXfsNLFO Bbs8PJMW4LYIxeeOe6rUgkWOF 7CC9Dh/dduQ1QrsJhmZAEFfd6ByYV+ ;{id = 2854 (zsk), size = 1688b}
+example.com.    3600    IN      RRSIG   DNSKEY 3 2 3600 20070926134802 20070829134802 2854 example.com. MCwCFG1yhRNtTEa3Eno2zhVVuy2EJX3wAhQeLyUp6+UXcpC5qGNu9tkrTEgPUg== ;{id = 2854}
+SECTION AUTHORITY
+example.com.	IN NS	ns.example.com.
+example.com.    3600    IN      RRSIG   NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854}
+SECTION ADDITIONAL
+ns.example.com.		IN 	A	1.2.3.4
+ns.example.com. 3600    IN      RRSIG   A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854}
+ENTRY_END
+
+; response to query of interest
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NXDOMAIN
+SECTION QUESTION
+www.example.com. IN A
+SECTION ANSWER
+SECTION AUTHORITY
+example.com.	IN SOA	ns.example.com. hostmaster.example.com. 2007090400 28800 7200 604800 18000
+example.com.    3600    IN      RRSIG   SOA 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFCNGZ+/OfElYQMCZ77O9Lw9rhk7PAhUAmDcvTAst6Bq83qPq3r6c/Dm1nFc= ;{id = 2854}
+
+; closest encloser, H(example.com).
+6md8numosa4q9ugkffdo1bmm82t5j39s.example.com. NSEC3 1 1 8 - 6md8numosa4q9ugkffdo1bmm82t5j49s SOA NS MX DNSKEY RRSIG
+6md8numosa4q9ugkffdo1bmm82t5j39s.example.com.   3600    IN      RRSIG   NSEC3 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCz/LkFOFcaQzVnyySW9ZoVUnxh7gIUdxyS9vqVDzo8pGhFU+3YogN2ZRk= ;{id = 2854}
+
+; wildcard denial, H(*.example.com.) = 4f3cnt8cu22tngec382jj4gde4rb47ub
+4f3cnt8cu22tngec382jj4gde4rb46ub.example.com. NSEC3 1 1 0 - 4f3cnt8cu22tngec382jj4gde4rb48ub A MX RRSIG
+4f3cnt8cu22tngec382jj4gde4rb46ub.example.com.   3600    IN      RRSIG   NSEC3 3 3 3600 20070926135752 20070829135752 2854 example.com. MCwCFHS+i/OB/V/gYmS1eQTXieXIXGjsAhQQ0Ql7TW/hsUklrb0DfoyhVPG95Q== ;{id = 2854}
+
+; next closer name, H(www.example.com.) = s1unhcti19bkdr98fegs0v46mbu3t4m3.
+s1unhcti19bkdr98fegs0v46mbu3t4m2.example.com. NSEC3 1 1 123 aabb00123456bbccdd s1unhcti19bkdr98fegs0v46mbu3t4m4 A MX RRSIG
+s1unhcti19bkdr98fegs0v46mbu3t4m2.example.com.   3600    IN      RRSIG   NSEC3 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFFSH4klZKke48dYyddYDj17gjTS0AhUAltWicpFLWqW98/Af9Qlx70MH8o4= ;{id = 2854}
+
+ENTRY_END
+RANGE_END
+
+STEP 1 QUERY
+ENTRY_BEGIN
+REPLY RD DO
+SECTION QUESTION
+www.example.com. IN A
+ENTRY_END
+
+; recursion happens here.
+STEP 10 CHECK_ANSWER
+ENTRY_BEGIN
+MATCH all
+REPLY QR RD RA DO NXDOMAIN
+SECTION QUESTION
+www.example.com. IN A
+SECTION ANSWER
+SECTION AUTHORITY
+example.com.	IN SOA	ns.example.com. hostmaster.example.com. 2007090400 28800 7200 604800 18000
+example.com.    3600    IN      RRSIG   SOA 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFCNGZ+/OfElYQMCZ77O9Lw9rhk7PAhUAmDcvTAst6Bq83qPq3r6c/Dm1nFc= ;{id = 2854}
+6md8numosa4q9ugkffdo1bmm82t5j39s.example.com. NSEC3 1 1 8 - 6md8numosa4q9ugkffdo1bmm82t5j49s SOA NS MX DNSKEY RRSIG
+6md8numosa4q9ugkffdo1bmm82t5j39s.example.com.   3600    IN      RRSIG   NSEC3 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCz/LkFOFcaQzVnyySW9ZoVUnxh7gIUdxyS9vqVDzo8pGhFU+3YogN2ZRk= ;{id = 2854}
+4f3cnt8cu22tngec382jj4gde4rb46ub.example.com. NSEC3 1 1 0 - 4f3cnt8cu22tngec382jj4gde4rb48ub A MX RRSIG
+4f3cnt8cu22tngec382jj4gde4rb46ub.example.com.   3600    IN      RRSIG   NSEC3 3 3 3600 20070926135752 20070829135752 2854 example.com. MCwCFHS+i/OB/V/gYmS1eQTXieXIXGjsAhQQ0Ql7TW/hsUklrb0DfoyhVPG95Q== ;{id = 2854}
+s1unhcti19bkdr98fegs0v46mbu3t4m2.example.com. NSEC3 1 1 123 aabb00123456bbccdd s1unhcti19bkdr98fegs0v46mbu3t4m4 A MX RRSIG
+s1unhcti19bkdr98fegs0v46mbu3t4m2.example.com.   3600    IN      RRSIG   NSEC3 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFFSH4klZKke48dYyddYDj17gjTS0AhUAltWicpFLWqW98/Af9Qlx70MH8o4= ;{id = 2854}
+
+SECTION ADDITIONAL
+ENTRY_END
+
+SCENARIO_END
diff --git a/src/test/resources/unbound/val_nx_overreach.rpl b/src/test/resources/unbound/val_nx_overreach.rpl
new file mode 100644
index 000000000..c63d4da5c
--- /dev/null
+++ b/src/test/resources/unbound/val_nx_overreach.rpl
@@ -0,0 +1,166 @@
+; config options
+; The island of trust is at example.com
+server:
+	trust-anchor: "example.com.    3600    IN      DS      2854 3 1 46e4ffc6e9a4793b488954bd3f0cc6af0dfb201b"
+	val-override-date: "20070916134226"
+	target-fetch-policy: "0 0 0 0 0"
+	qname-minimisation: "no"
+	fake-sha1: yes
+	trust-anchor-signaling: no
+
+stub-zone:
+	name: "."
+	stub-addr: 193.0.14.129 	# K.ROOT-SERVERS.NET.
+CONFIG_END
+
+SCENARIO_BEGIN Test validator with overreaching NSEC record
+
+; K.ROOT-SERVERS.NET.
+RANGE_BEGIN 0 100
+	ADDRESS 193.0.14.129 
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+. IN NS
+SECTION ANSWER
+. IN NS	K.ROOT-SERVERS.NET.
+SECTION ADDITIONAL
+K.ROOT-SERVERS.NET.	IN	A	193.0.14.129
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+www.example.com. IN A
+SECTION AUTHORITY
+com.	IN NS	a.gtld-servers.net.
+SECTION ADDITIONAL
+a.gtld-servers.net.	IN 	A	192.5.6.30
+ENTRY_END
+RANGE_END
+
+; a.gtld-servers.net.
+RANGE_BEGIN 0 100
+	ADDRESS 192.5.6.30
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+com. IN NS
+SECTION ANSWER
+com.    IN NS   a.gtld-servers.net.
+SECTION ADDITIONAL
+a.gtld-servers.net.     IN      A       192.5.6.30
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode subdomain
+ADJUST copy_id copy_query
+REPLY QR NOERROR
+SECTION QUESTION
+example.com. IN A
+SECTION AUTHORITY
+example.com.	IN NS	ns.example.com.
+SECTION ADDITIONAL
+ns.example.com.		IN 	A	1.2.3.4
+ENTRY_END
+RANGE_END
+
+; ns.example.com.
+RANGE_BEGIN 0 100
+	ADDRESS 1.2.3.4
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR AA REFUSED
+SECTION QUESTION
+ns.example.com. IN A
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR AA REFUSED
+SECTION QUESTION
+ns.example.com. IN AAAA
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+example.com. IN NS
+SECTION ANSWER
+example.com.    IN NS   ns.example.com.
+example.com.    3600    IN      RRSIG   NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854}
+SECTION ADDITIONAL
+ns.example.com.         IN      A       1.2.3.4
+ns.example.com. 3600    IN      RRSIG   A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854}
+ENTRY_END
+
+; response to DNSKEY priming query
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+example.com. IN DNSKEY
+SECTION ANSWER
+example.com.    3600    IN      DNSKEY  256 3 3 ALXLUsWqUrY3JYER3T4TBJII s70j+sDS/UT2QRp61SE7S3E EXopNXoFE73JLRmvpi/UrOO/Vz4Se 6wXv/CYCKjGw06U4WRgR YXcpEhJROyNapmdIKSx hOzfLVE1gqA0PweZR8d tY3aNQSRn3sPpwJr6Mi /PqQKAMMrZ9ckJpf1+b QMOOvxgzz2U1GS18b3y ZKcgTMEaJzd/GZYzi/B N2DzQ0MsrSwYXfsNLFO Bbs8PJMW4LYIxeeOe6rUgkWOF 7CC9Dh/dduQ1QrsJhmZAEFfd6ByYV+ ;{id = 2854 (zsk), size = 1688b}
+example.com.    3600    IN      RRSIG   DNSKEY 3 2 3600 20070926134802 20070829134802 2854 example.com. MCwCFG1yhRNtTEa3Eno2zhVVuy2EJX3wAhQeLyUp6+UXcpC5qGNu9tkrTEgPUg== ;{id = 2854}
+SECTION AUTHORITY
+example.com.	IN NS	ns.example.com.
+example.com.    3600    IN      RRSIG   NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854}
+SECTION ADDITIONAL
+ns.example.com.		IN 	A	1.2.3.4
+ns.example.com. 3600    IN      RRSIG   A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854}
+ENTRY_END
+
+; response to query of interest
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NXDOMAIN
+SECTION QUESTION
+www.example.com. IN A
+SECTION ANSWER
+SECTION AUTHORITY
+example.com.	IN SOA	ns.example.com. hostmaster.example.com. 2007090400 28800 7200 604800 18000
+example.com.    3600    IN      RRSIG   SOA 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFCNGZ+/OfElYQMCZ77O9Lw9rhk7PAhUAmDcvTAst6Bq83qPq3r6c/Dm1nFc= ;{id = 2854}
+; wildcard denial
+example.com.    IN      NSEC    abc.example.com. SOA NS DNSKEY NSEC RRSIG
+example.com.    3600    IN      RRSIG   NSEC 3 2 3600 20070926134150 20070829134150 2854 example.com. MCwCFHV2IBWyTmDJvZ+sT+WsGrJX0op/AhQkAijjnjPAtx/tNub2FAGqcexJSg== ;{id = 2854}
+; qname denial
+; The overreaching NSEC record; it tries to deny other .com zones!
+wab.example.com.        IN      NSEC    wzz.foo.com. A NSEC RRSIG
+wab.example.com.	3600	IN	RRSIG	NSEC 3 3 3600 20070926134150 20070829134150 2854 example.com. AEimIB2N5u7AQOb5IBMnckASZ4MlhBxziJy+zVUjLov/s7q85j8eWQc= ;{id = 2854}
+SECTION ADDITIONAL
+ENTRY_END
+RANGE_END
+
+STEP 1 QUERY
+ENTRY_BEGIN
+REPLY RD DO
+SECTION QUESTION
+www.example.com. IN A
+ENTRY_END
+
+; recursion happens here.
+STEP 10 CHECK_ANSWER
+ENTRY_BEGIN
+MATCH all
+REPLY QR RD RA DO SERVFAIL
+SECTION QUESTION
+www.example.com. IN A
+SECTION ANSWER
+SECTION AUTHORITY
+SECTION ADDITIONAL
+ENTRY_END
+
+SCENARIO_END
diff --git a/src/test/resources/unbound/val_pos_truncns.rpl b/src/test/resources/unbound/val_pos_truncns.rpl
new file mode 100644
index 000000000..57f320ea3
--- /dev/null
+++ b/src/test/resources/unbound/val_pos_truncns.rpl
@@ -0,0 +1,151 @@
+; config options
+; The island of trust is at example.com
+server:
+	trust-anchor: "example.com.    3600    IN      DS      2854 3 1 46e4ffc6e9a4793b488954bd3f0cc6af0dfb201b"
+	val-override-date: "20070916134226"
+	target-fetch-policy: "0 0 0 0 0"
+	qname-minimisation: "no"
+	fake-sha1: yes
+	trust-anchor-signaling: no
+
+stub-zone:
+	name: "."
+	stub-addr: 193.0.14.129 	# K.ROOT-SERVERS.NET.
+CONFIG_END
+
+SCENARIO_BEGIN Test validator with badly truncated positive response
+
+; K.ROOT-SERVERS.NET.
+RANGE_BEGIN 0 100
+	ADDRESS 193.0.14.129 
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+. IN NS
+SECTION ANSWER
+. IN NS	K.ROOT-SERVERS.NET.
+SECTION ADDITIONAL
+K.ROOT-SERVERS.NET.	IN	A	193.0.14.129
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+www.example.com. IN A
+SECTION AUTHORITY
+com.	IN NS	a.gtld-servers.net.
+SECTION ADDITIONAL
+a.gtld-servers.net.	IN 	A	192.5.6.30
+ENTRY_END
+RANGE_END
+
+; a.gtld-servers.net.
+RANGE_BEGIN 0 100
+	ADDRESS 192.5.6.30
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+com. IN NS
+SECTION ANSWER
+com.    IN NS   a.gtld-servers.net.
+SECTION ADDITIONAL
+a.gtld-servers.net.     IN      A       192.5.6.30
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+www.example.com. IN A
+SECTION AUTHORITY
+example.com.	IN NS	ns.example.com.
+SECTION ADDITIONAL
+ns.example.com.		IN 	A	1.2.3.4
+ENTRY_END
+RANGE_END
+
+; ns.example.com.
+RANGE_BEGIN 0 100
+	ADDRESS 1.2.3.4
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+example.com. IN NS
+SECTION ANSWER
+example.com.    IN NS   ns.example.com.
+example.com.    3600    IN      RRSIG   NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854}
+SECTION ADDITIONAL
+ns.example.com.         IN      A       1.2.3.4
+ns.example.com. 3600    IN      RRSIG   A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854}
+ENTRY_END
+
+; response to DNSKEY priming query
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+example.com. IN DNSKEY
+SECTION ANSWER
+example.com.    3600    IN      DNSKEY  256 3 3 ALXLUsWqUrY3JYER3T4TBJII s70j+sDS/UT2QRp61SE7S3E EXopNXoFE73JLRmvpi/UrOO/Vz4Se 6wXv/CYCKjGw06U4WRgR YXcpEhJROyNapmdIKSx hOzfLVE1gqA0PweZR8d tY3aNQSRn3sPpwJr6Mi /PqQKAMMrZ9ckJpf1+b QMOOvxgzz2U1GS18b3y ZKcgTMEaJzd/GZYzi/B N2DzQ0MsrSwYXfsNLFO Bbs8PJMW4LYIxeeOe6rUgkWOF 7CC9Dh/dduQ1QrsJhmZAEFfd6ByYV+ ;{id = 2854 (zsk), size = 1688b}
+example.com.    3600    IN      RRSIG   DNSKEY 3 2 3600 20070926134802 20070829134802 2854 example.com. MCwCFG1yhRNtTEa3Eno2zhVVuy2EJX3wAhQeLyUp6+UXcpC5qGNu9tkrTEgPUg== ;{id = 2854}
+SECTION AUTHORITY
+example.com.	IN NS	ns.example.com.
+example.com.    3600    IN      RRSIG   NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854}
+SECTION ADDITIONAL
+ns.example.com.		IN 	A	1.2.3.4
+ns.example.com. 3600    IN      RRSIG   A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854}
+ENTRY_END
+
+; response to query of interest
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+www.example.com. IN A
+SECTION ANSWER
+www.example.com. IN A	10.20.30.40
+www.example.com.        3600    IN      RRSIG   A 3 3 3600 20070926134150 20070829134150 2854 example.com. MC0CFC99iE9K5y2WNgI0gFvBWaTi9wm6AhUAoUqOpDtG5Zct+Qr9F3mSdnbc6V4= ;{id = 2854}
+SECTION AUTHORITY
+example.com.	IN NS	ns.example.com.
+
+; Truncated, no signature for NS record.
+;;;example.com.    3600    IN      RRSIG   NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854}
+;;;SECTION ADDITIONAL
+;;;ns.example.com.		IN 	A	1.2.3.4
+;;;ns.example.com. 3600    IN      RRSIG   A 3 3 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCQMyTjn7WWwpwAR1LlVeLpRgZGuQIUCcJDEkwAuzytTDRlYK7nIMwH1CM= ;{id = 2854}
+ENTRY_END
+RANGE_END
+
+STEP 1 QUERY
+ENTRY_BEGIN
+REPLY RD DO
+SECTION QUESTION
+www.example.com. IN A
+ENTRY_END
+
+; recursion happens here.
+STEP 10 CHECK_ANSWER
+ENTRY_BEGIN
+MATCH all
+REPLY QR RD RA AD DO NOERROR
+SECTION QUESTION
+www.example.com. IN A
+SECTION ANSWER
+www.example.com. IN A	10.20.30.40
+www.example.com.        3600    IN      RRSIG   A 3 3 3600 20070926134150 20070829134150 2854 example.com. MC0CFC99iE9K5y2WNgI0gFvBWaTi9wm6AhUAoUqOpDtG5Zct+Qr9F3mSdnbc6V4= ;{id = 2854}
+SECTION AUTHORITY
+SECTION ADDITIONAL
+ENTRY_END
+
+SCENARIO_END
diff --git a/src/test/resources/unbound/val_positive.rpl b/src/test/resources/unbound/val_positive.rpl
new file mode 100644
index 000000000..512b1653a
--- /dev/null
+++ b/src/test/resources/unbound/val_positive.rpl
@@ -0,0 +1,154 @@
+; config options
+; The island of trust is at example.com
+server:
+	trust-anchor: "example.com.    3600    IN      DS      2854 3 1 46e4ffc6e9a4793b488954bd3f0cc6af0dfb201b"
+	val-override-date: "20070916134226"
+	target-fetch-policy: "0 0 0 0 0"
+	qname-minimisation: "no"
+	fake-sha1: yes
+	trust-anchor-signaling: no
+	minimal-responses: no
+
+stub-zone:
+	name: "."
+	stub-addr: 193.0.14.129 	# K.ROOT-SERVERS.NET.
+CONFIG_END
+
+SCENARIO_BEGIN Test validator with positive response
+
+; K.ROOT-SERVERS.NET.
+RANGE_BEGIN 0 100
+	ADDRESS 193.0.14.129 
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+. IN NS
+SECTION ANSWER
+. IN NS	K.ROOT-SERVERS.NET.
+SECTION ADDITIONAL
+K.ROOT-SERVERS.NET.	IN	A	193.0.14.129
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+www.example.com. IN A
+SECTION AUTHORITY
+com.	IN NS	a.gtld-servers.net.
+SECTION ADDITIONAL
+a.gtld-servers.net.	IN 	A	192.5.6.30
+ENTRY_END
+RANGE_END
+
+; a.gtld-servers.net.
+RANGE_BEGIN 0 100
+	ADDRESS 192.5.6.30
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+com. IN NS
+SECTION ANSWER
+com.    IN NS   a.gtld-servers.net.
+SECTION ADDITIONAL
+a.gtld-servers.net.     IN      A       192.5.6.30
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+www.example.com. IN A
+SECTION AUTHORITY
+example.com.	IN NS	ns.example.com.
+SECTION ADDITIONAL
+ns.example.com.		IN 	A	1.2.3.4
+ENTRY_END
+RANGE_END
+
+; ns.example.com.
+RANGE_BEGIN 0 100
+	ADDRESS 1.2.3.4
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+example.com. IN NS
+SECTION ANSWER
+example.com.    IN NS   ns.example.com.
+example.com.    3600    IN      RRSIG   NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854}
+SECTION ADDITIONAL
+ns.example.com.         IN      A       1.2.3.4
+ns.example.com. 3600    IN      RRSIG   A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854}
+ENTRY_END
+
+; response to DNSKEY priming query
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+example.com. IN DNSKEY
+SECTION ANSWER
+example.com.    3600    IN      DNSKEY  256 3 3 ALXLUsWqUrY3JYER3T4TBJII s70j+sDS/UT2QRp61SE7S3E EXopNXoFE73JLRmvpi/UrOO/Vz4Se 6wXv/CYCKjGw06U4WRgR YXcpEhJROyNapmdIKSx hOzfLVE1gqA0PweZR8d tY3aNQSRn3sPpwJr6Mi /PqQKAMMrZ9ckJpf1+b QMOOvxgzz2U1GS18b3y ZKcgTMEaJzd/GZYzi/B N2DzQ0MsrSwYXfsNLFO Bbs8PJMW4LYIxeeOe6rUgkWOF 7CC9Dh/dduQ1QrsJhmZAEFfd6ByYV+ ;{id = 2854 (zsk), size = 1688b}
+example.com.    3600    IN      RRSIG   DNSKEY 3 2 3600 20070926134802 20070829134802 2854 example.com. MCwCFG1yhRNtTEa3Eno2zhVVuy2EJX3wAhQeLyUp6+UXcpC5qGNu9tkrTEgPUg== ;{id = 2854}
+SECTION AUTHORITY
+example.com.	IN NS	ns.example.com.
+example.com.    3600    IN      RRSIG   NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854}
+SECTION ADDITIONAL
+ns.example.com.		IN 	A	1.2.3.4
+ns.example.com. 3600    IN      RRSIG   A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854}
+ENTRY_END
+
+; response to query of interest
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+www.example.com. IN A
+SECTION ANSWER
+www.example.com. IN A	10.20.30.40
+www.example.com.        3600    IN      RRSIG   A 3 3 3600 20070926134150 20070829134150 2854 example.com. MC0CFC99iE9K5y2WNgI0gFvBWaTi9wm6AhUAoUqOpDtG5Zct+Qr9F3mSdnbc6V4= ;{id = 2854}
+SECTION AUTHORITY
+example.com.	IN NS	ns.example.com.
+example.com.    3600    IN      RRSIG   NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854}
+SECTION ADDITIONAL
+ns.example.com.		IN 	A	1.2.3.4
+ns.example.com. 3600    IN      RRSIG   A 3 3 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCQMyTjn7WWwpwAR1LlVeLpRgZGuQIUCcJDEkwAuzytTDRlYK7nIMwH1CM= ;{id = 2854}
+ENTRY_END
+RANGE_END
+
+STEP 1 QUERY
+ENTRY_BEGIN
+REPLY RD DO
+SECTION QUESTION
+www.example.com. IN A
+ENTRY_END
+
+; recursion happens here.
+STEP 10 CHECK_ANSWER
+ENTRY_BEGIN
+MATCH all
+REPLY QR RD RA AD DO NOERROR
+SECTION QUESTION
+www.example.com. IN A
+SECTION ANSWER
+www.example.com. IN A	10.20.30.40
+www.example.com.        3600    IN      RRSIG   A 3 3 3600 20070926134150 20070829134150 2854 example.com. MC0CFC99iE9K5y2WNgI0gFvBWaTi9wm6AhUAoUqOpDtG5Zct+Qr9F3mSdnbc6V4= ;{id = 2854}
+SECTION AUTHORITY
+example.com.	IN NS	ns.example.com.
+example.com.    3600    IN      RRSIG   NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854}
+SECTION ADDITIONAL
+ns.example.com.		IN 	A	1.2.3.4
+ns.example.com. 3600    IN      RRSIG   A 3 3 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCQMyTjn7WWwpwAR1LlVeLpRgZGuQIUCcJDEkwAuzytTDRlYK7nIMwH1CM= ;{id = 2854}
+ENTRY_END
+
+SCENARIO_END
diff --git a/src/test/resources/unbound/val_positive_nosigs.rpl b/src/test/resources/unbound/val_positive_nosigs.rpl
new file mode 100644
index 000000000..e57836f90
--- /dev/null
+++ b/src/test/resources/unbound/val_positive_nosigs.rpl
@@ -0,0 +1,181 @@
+; config options
+; The island of trust is at example.com
+server:
+	trust-anchor: "example.com.    3600    IN      DS      2854 3 1 46e4ffc6e9a4793b488954bd3f0cc6af0dfb201b"
+	val-override-date: "20070916134226"
+	target-fetch-policy: "0 0 0 0 0"
+	fake-sha1: yes
+	trust-anchor-signaling: no
+
+stub-zone:
+	name: "."
+	stub-addr: 193.0.14.129 	# K.ROOT-SERVERS.NET.
+CONFIG_END
+
+SCENARIO_BEGIN Test validator with positive response, signatures removed.
+
+; K.ROOT-SERVERS.NET.
+RANGE_BEGIN 0 100
+	ADDRESS 193.0.14.129 
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+. IN NS
+SECTION ANSWER
+. IN NS	K.ROOT-SERVERS.NET.
+SECTION ADDITIONAL
+K.ROOT-SERVERS.NET.	IN	A	193.0.14.129
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode subdomain
+ADJUST copy_id copy_query
+REPLY QR NOERROR
+SECTION QUESTION
+com. IN A
+SECTION AUTHORITY
+com.	IN NS	a.gtld-servers.net.
+SECTION ADDITIONAL
+a.gtld-servers.net.	IN 	A	192.5.6.30
+ENTRY_END
+RANGE_END
+
+; a.gtld-servers.net.
+RANGE_BEGIN 0 100
+	ADDRESS 192.5.6.30
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+com. IN NS
+SECTION ANSWER
+com.    IN NS   a.gtld-servers.net.
+SECTION ADDITIONAL
+a.gtld-servers.net.     IN      A       192.5.6.30
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode subdomain
+ADJUST copy_id copy_query
+REPLY QR NOERROR
+SECTION QUESTION
+example.com. IN A
+SECTION AUTHORITY
+example.com.	IN NS	ns.example.com.
+SECTION ADDITIONAL
+ns.example.com.		IN 	A	1.2.3.4
+ENTRY_END
+RANGE_END
+
+; ns.example.com.
+RANGE_BEGIN 0 100
+	ADDRESS 1.2.3.4
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+example.com. IN NS
+SECTION ANSWER
+example.com.    IN NS   ns.example.com.
+example.com.    3600    IN      RRSIG   NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854}
+SECTION ADDITIONAL
+ns.example.com.         IN      A       1.2.3.4
+ns.example.com. 3600    IN      RRSIG   A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854}
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+ns.example.com. IN A
+SECTION ANSWER
+ns.example.com.         IN      A       1.2.3.4
+ns.example.com. 3600    IN      RRSIG   A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854}
+SECTION AUTHORITY
+example.com.    IN NS   ns.example.com.
+example.com.    3600    IN      RRSIG   NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854}
+ENTRY_END
+
+; barely valid nodata for AAAA
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+ns.example.com. IN AAAA
+SECTION ANSWER
+SECTION AUTHORITY
+example.com.    IN NS   ns.example.com.
+example.com.    3600    IN      RRSIG   NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854}
+ENTRY_END
+
+
+; response to DNSKEY priming query
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+example.com. IN DNSKEY
+SECTION ANSWER
+example.com.    3600    IN      DNSKEY  256 3 3 ALXLUsWqUrY3JYER3T4TBJII s70j+sDS/UT2QRp61SE7S3E EXopNXoFE73JLRmvpi/UrOO/Vz4Se 6wXv/CYCKjGw06U4WRgR YXcpEhJROyNapmdIKSx hOzfLVE1gqA0PweZR8d tY3aNQSRn3sPpwJr6Mi /PqQKAMMrZ9ckJpf1+b QMOOvxgzz2U1GS18b3y ZKcgTMEaJzd/GZYzi/B N2DzQ0MsrSwYXfsNLFO Bbs8PJMW4LYIxeeOe6rUgkWOF 7CC9Dh/dduQ1QrsJhmZAEFfd6ByYV+ ;{id = 2854 (zsk), size = 1688b}
+example.com.    3600    IN      RRSIG   DNSKEY 3 2 3600 20070926134802 20070829134802 2854 example.com. MCwCFG1yhRNtTEa3Eno2zhVVuy2EJX3wAhQeLyUp6+UXcpC5qGNu9tkrTEgPUg== ;{id = 2854}
+SECTION AUTHORITY
+example.com.	IN NS	ns.example.com.
+example.com.    3600    IN      RRSIG   NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854}
+SECTION ADDITIONAL
+ns.example.com.		IN 	A	1.2.3.4
+ns.example.com. 3600    IN      RRSIG   A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854}
+ENTRY_END
+
+; response to DS query for subzone
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+www.example.com. IN DS
+SECTION ANSWER
+ENTRY_END
+
+; response to query of interest
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR AD NOERROR
+SECTION QUESTION
+www.example.com. IN A
+SECTION ANSWER
+www.example.com. IN A	10.20.30.40
+SECTION AUTHORITY
+example.com.	IN NS	ns.example.com.
+SECTION ADDITIONAL
+ns.example.com.		IN 	A	1.2.3.4
+ENTRY_END
+RANGE_END
+
+STEP 1 QUERY
+ENTRY_BEGIN
+REPLY RD
+SECTION QUESTION
+www.example.com. IN A
+ENTRY_END
+
+; recursion happens here.
+STEP 10 CHECK_ANSWER
+ENTRY_BEGIN
+MATCH all
+REPLY QR RD RA SERVFAIL
+SECTION QUESTION
+www.example.com. IN A
+SECTION ANSWER
+SECTION AUTHORITY
+SECTION ADDITIONAL
+ENTRY_END
+
+SCENARIO_END
diff --git a/src/test/resources/unbound/val_positive_wc.rpl b/src/test/resources/unbound/val_positive_wc.rpl
new file mode 100644
index 000000000..5384acf63
--- /dev/null
+++ b/src/test/resources/unbound/val_positive_wc.rpl
@@ -0,0 +1,162 @@
+; config options
+; The island of trust is at example.com
+server:
+	trust-anchor: "example.com.    3600    IN      DS      2854 3 1 46e4ffc6e9a4793b488954bd3f0cc6af0dfb201b"
+	val-override-date: "20070916134226"
+	target-fetch-policy: "0 0 0 0 0"
+	qname-minimisation: "no"
+	fake-sha1: yes
+	trust-anchor-signaling: no
+
+stub-zone:
+	name: "."
+	stub-addr: 193.0.14.129 	# K.ROOT-SERVERS.NET.
+CONFIG_END
+
+SCENARIO_BEGIN Test validator with positive wildcard response
+
+; K.ROOT-SERVERS.NET.
+RANGE_BEGIN 0 100
+	ADDRESS 193.0.14.129 
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+. IN NS
+SECTION ANSWER
+. IN NS	K.ROOT-SERVERS.NET.
+SECTION ADDITIONAL
+K.ROOT-SERVERS.NET.	IN	A	193.0.14.129
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+www.example.com. IN A
+SECTION AUTHORITY
+com.	IN NS	a.gtld-servers.net.
+SECTION ADDITIONAL
+a.gtld-servers.net.	IN 	A	192.5.6.30
+ENTRY_END
+RANGE_END
+
+; a.gtld-servers.net.
+RANGE_BEGIN 0 100
+	ADDRESS 192.5.6.30
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+com. IN NS
+SECTION ANSWER
+com.    IN NS   a.gtld-servers.net.
+SECTION ADDITIONAL
+a.gtld-servers.net.     IN      A       192.5.6.30
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+www.example.com. IN A
+SECTION AUTHORITY
+example.com.	IN NS	ns.example.com.
+SECTION ADDITIONAL
+ns.example.com.		IN 	A	1.2.3.4
+ENTRY_END
+RANGE_END
+
+; ns.example.com.
+RANGE_BEGIN 0 100
+	ADDRESS 1.2.3.4
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+example.com. IN NS
+SECTION ANSWER
+example.com.    IN NS   ns.example.com.
+example.com.    3600    IN      RRSIG   NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854}
+SECTION ADDITIONAL
+ns.example.com.         IN      A       1.2.3.4
+ns.example.com. 3600    IN      RRSIG   A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854}
+ENTRY_END
+
+; response to DNSKEY priming query
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+example.com. IN DNSKEY
+SECTION ANSWER
+example.com.    3600    IN      DNSKEY  256 3 3 ALXLUsWqUrY3JYER3T4TBJII s70j+sDS/UT2QRp61SE7S3E EXopNXoFE73JLRmvpi/UrOO/Vz4Se 6wXv/CYCKjGw06U4WRgR YXcpEhJROyNapmdIKSx hOzfLVE1gqA0PweZR8d tY3aNQSRn3sPpwJr6Mi /PqQKAMMrZ9ckJpf1+b QMOOvxgzz2U1GS18b3y ZKcgTMEaJzd/GZYzi/B N2DzQ0MsrSwYXfsNLFO Bbs8PJMW4LYIxeeOe6rUgkWOF 7CC9Dh/dduQ1QrsJhmZAEFfd6ByYV+ ;{id = 2854 (zsk), size = 1688b}
+example.com.    3600    IN      RRSIG   DNSKEY 3 2 3600 20070926134802 20070829134802 2854 example.com. MCwCFG1yhRNtTEa3Eno2zhVVuy2EJX3wAhQeLyUp6+UXcpC5qGNu9tkrTEgPUg== ;{id = 2854}
+SECTION AUTHORITY
+example.com.	IN NS	ns.example.com.
+example.com.    3600    IN      RRSIG   NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854}
+SECTION ADDITIONAL
+ns.example.com.		IN 	A	1.2.3.4
+ns.example.com. 3600    IN      RRSIG   A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854}
+ENTRY_END
+
+; response to query of interest
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+www.example.com. IN A
+SECTION ANSWER
+; from
+; *.example.com. IN A	10.20.30.40
+www.example.com. IN A	10.20.30.40
+www.example.com.  3600    IN      RRSIG   A 3 2 3600 20070926135752 20070829135752 2854 example.com. MCwCFFi0g6v/20JyUxoQq7XM0iQnaMMOAhRjhUCLZjMqR1tj2MGGOgfhb1BSyw== ;{id = 2854}
+SECTION AUTHORITY
+example.com.	IN NS	ns.example.com.
+example.com.    3600    IN      RRSIG   NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854}
+; denies www.example.com.
+ns.example.com.	IN	NSEC	zork.example.com. A RRSIG NSEC
+ns.example.com. 3600    IN      RRSIG   NSEC 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFGbrr95DAxBIRKFmr4BUm5OxXWMUAhUAsduS0iF2Pa7FagrbAPrJxZ2KPNs= ;{id = 2854}
+
+SECTION ADDITIONAL
+ns.example.com.		IN 	A	1.2.3.4
+ns.example.com. 3600    IN      RRSIG   A 3 3 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCQMyTjn7WWwpwAR1LlVeLpRgZGuQIUCcJDEkwAuzytTDRlYK7nIMwH1CM= ;{id = 2854}
+ENTRY_END
+RANGE_END
+
+STEP 1 QUERY
+ENTRY_BEGIN
+REPLY RD DO
+SECTION QUESTION
+www.example.com. IN A
+ENTRY_END
+
+; recursion happens here.
+STEP 10 CHECK_ANSWER
+ENTRY_BEGIN
+MATCH all
+REPLY QR RD RA AD DO NOERROR
+SECTION QUESTION
+www.example.com. IN A
+SECTION ANSWER
+www.example.com. IN A	10.20.30.40
+www.example.com.  3600    IN      RRSIG   A 3 2 3600 20070926135752 20070829135752 2854 example.com. MCwCFFi0g6v/20JyUxoQq7XM0iQnaMMOAhRjhUCLZjMqR1tj2MGGOgfhb1BSyw== ;{id = 2854}
+SECTION AUTHORITY
+example.com.	IN NS	ns.example.com.
+example.com.    3600    IN      RRSIG   NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854}
+ns.example.com.	IN	NSEC	zork.example.com. A RRSIG NSEC
+ns.example.com. 3600    IN      RRSIG   NSEC 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFGbrr95DAxBIRKFmr4BUm5OxXWMUAhUAsduS0iF2Pa7FagrbAPrJxZ2KPNs= ;{id = 2854}
+
+SECTION ADDITIONAL
+ns.example.com.		IN 	A	1.2.3.4
+ns.example.com. 3600    IN      RRSIG   A 3 3 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCQMyTjn7WWwpwAR1LlVeLpRgZGuQIUCcJDEkwAuzytTDRlYK7nIMwH1CM= ;{id = 2854}
+ENTRY_END
+
+SCENARIO_END
diff --git a/src/test/resources/unbound/val_positive_wc_nodeny.rpl b/src/test/resources/unbound/val_positive_wc_nodeny.rpl
new file mode 100644
index 000000000..e87611e89
--- /dev/null
+++ b/src/test/resources/unbound/val_positive_wc_nodeny.rpl
@@ -0,0 +1,169 @@
+; config options
+; The island of trust is at example.com
+server:
+	trust-anchor: "example.com.    3600    IN      DS      2854 3 1 46e4ffc6e9a4793b488954bd3f0cc6af0dfb201b"
+	val-override-date: "20070916134226"
+	target-fetch-policy: "0 0 0 0 0"
+	qname-minimisation: "no"
+	fake-sha1: yes
+	trust-anchor-signaling: no
+
+stub-zone:
+	name: "."
+	stub-addr: 193.0.14.129 	# K.ROOT-SERVERS.NET.
+CONFIG_END
+
+SCENARIO_BEGIN Test validator with positive wildcard without qname denial 
+
+; K.ROOT-SERVERS.NET.
+RANGE_BEGIN 0 100
+	ADDRESS 193.0.14.129 
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+. IN NS
+SECTION ANSWER
+. IN NS	K.ROOT-SERVERS.NET.
+SECTION ADDITIONAL
+K.ROOT-SERVERS.NET.	IN	A	193.0.14.129
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+www.example.com. IN A
+SECTION AUTHORITY
+com.	IN NS	a.gtld-servers.net.
+SECTION ADDITIONAL
+a.gtld-servers.net.	IN 	A	192.5.6.30
+ENTRY_END
+RANGE_END
+
+; a.gtld-servers.net.
+RANGE_BEGIN 0 100
+	ADDRESS 192.5.6.30
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+com. IN NS
+SECTION ANSWER
+com.    IN NS   a.gtld-servers.net.
+SECTION ADDITIONAL
+a.gtld-servers.net.     IN      A       192.5.6.30
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode subdomain
+ADJUST copy_id copy_query
+REPLY QR NOERROR
+SECTION QUESTION
+example.com. IN A
+SECTION AUTHORITY
+example.com.	IN NS	ns.example.com.
+SECTION ADDITIONAL
+ns.example.com.		IN 	A	1.2.3.4
+ENTRY_END
+RANGE_END
+
+; ns.example.com.
+RANGE_BEGIN 0 100
+	ADDRESS 1.2.3.4
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR AA REFUSED
+SECTION QUESTION
+ns.example.com. IN A
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR AA REFUSED
+SECTION QUESTION
+ns.example.com. IN AAAA
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+example.com. IN NS
+SECTION ANSWER
+example.com.    IN NS   ns.example.com.
+example.com.    3600    IN      RRSIG   NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854}
+SECTION ADDITIONAL
+ns.example.com.         IN      A       1.2.3.4
+ns.example.com. 3600    IN      RRSIG   A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854}
+ENTRY_END
+
+; response to DNSKEY priming query
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+example.com. IN DNSKEY
+SECTION ANSWER
+example.com.    3600    IN      DNSKEY  256 3 3 ALXLUsWqUrY3JYER3T4TBJII s70j+sDS/UT2QRp61SE7S3E EXopNXoFE73JLRmvpi/UrOO/Vz4Se 6wXv/CYCKjGw06U4WRgR YXcpEhJROyNapmdIKSx hOzfLVE1gqA0PweZR8d tY3aNQSRn3sPpwJr6Mi /PqQKAMMrZ9ckJpf1+b QMOOvxgzz2U1GS18b3y ZKcgTMEaJzd/GZYzi/B N2DzQ0MsrSwYXfsNLFO Bbs8PJMW4LYIxeeOe6rUgkWOF 7CC9Dh/dduQ1QrsJhmZAEFfd6ByYV+ ;{id = 2854 (zsk), size = 1688b}
+example.com.    3600    IN      RRSIG   DNSKEY 3 2 3600 20070926134802 20070829134802 2854 example.com. MCwCFG1yhRNtTEa3Eno2zhVVuy2EJX3wAhQeLyUp6+UXcpC5qGNu9tkrTEgPUg== ;{id = 2854}
+SECTION AUTHORITY
+example.com.	IN NS	ns.example.com.
+example.com.    3600    IN      RRSIG   NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854}
+SECTION ADDITIONAL
+ns.example.com.		IN 	A	1.2.3.4
+ns.example.com. 3600    IN      RRSIG   A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854}
+ENTRY_END
+
+; response to query of interest
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+www.example.com. IN A
+SECTION ANSWER
+; from
+; *.example.com. IN A	10.20.30.40
+www.example.com. IN A	10.20.30.40
+www.example.com.  3600    IN      RRSIG   A 3 2 3600 20070926135752 20070829135752 2854 example.com. MCwCFFi0g6v/20JyUxoQq7XM0iQnaMMOAhRjhUCLZjMqR1tj2MGGOgfhb1BSyw== ;{id = 2854}
+SECTION AUTHORITY
+example.com.	IN NS	ns.example.com.
+example.com.    3600    IN      RRSIG   NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854}
+; denies www.example.com.
+; ns.example.com.	IN	NSEC	zork.example.com. A RRSIG NSEC
+; ns.example.com. 3600    IN      RRSIG   NSEC 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFGbrr95DAxBIRKFmr4BUm5OxXWMUAhUAsduS0iF2Pa7FagrbAPrJxZ2KPNs= ;{id = 2854}
+
+SECTION ADDITIONAL
+ns.example.com.		IN 	A	1.2.3.4
+ns.example.com. 3600    IN      RRSIG   A 3 3 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCQMyTjn7WWwpwAR1LlVeLpRgZGuQIUCcJDEkwAuzytTDRlYK7nIMwH1CM= ;{id = 2854}
+ENTRY_END
+RANGE_END
+
+STEP 1 QUERY
+ENTRY_BEGIN
+REPLY RD
+SECTION QUESTION
+www.example.com. IN A
+ENTRY_END
+
+; recursion happens here.
+STEP 10 CHECK_ANSWER
+ENTRY_BEGIN
+MATCH all
+REPLY QR RD RA SERVFAIL
+SECTION QUESTION
+www.example.com. IN A
+SECTION ANSWER
+SECTION AUTHORITY
+SECTION ADDITIONAL
+ENTRY_END
+
+SCENARIO_END
diff --git a/src/test/resources/unbound/val_qds_badanc.rpl b/src/test/resources/unbound/val_qds_badanc.rpl
new file mode 100644
index 000000000..dc686153f
--- /dev/null
+++ b/src/test/resources/unbound/val_qds_badanc.rpl
@@ -0,0 +1,224 @@
+; config options
+; The island of trust is at example.com
+server:
+	trust-anchor: "sub.example.com.        3600    IN      DS      30899 RSASHA1 1 f7ed618f24d5e5202927e1d27bc2e84a141cb4b3"
+	val-override-date: "20070916134226"
+	target-fetch-policy: "0 0 0 0 0"
+	qname-minimisation: "no"
+	fake-sha1: yes
+	minimal-responses: no
+
+stub-zone:
+	name: "."
+	stub-addr: 193.0.14.129 	# K.ROOT-SERVERS.NET.
+CONFIG_END
+
+SCENARIO_BEGIN Test validator with DS query and a bad anchor
+; The anchor is the wrong side of the zone cut; no parent anchor.
+
+; K.ROOT-SERVERS.NET.
+RANGE_BEGIN 0 100
+	ADDRESS 193.0.14.129 
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+. IN NS
+SECTION ANSWER
+. IN NS	K.ROOT-SERVERS.NET.
+SECTION ADDITIONAL
+K.ROOT-SERVERS.NET.	IN	A	193.0.14.129
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+sub.example.com. IN DS
+SECTION AUTHORITY
+com.	IN NS	a.gtld-servers.net.
+SECTION ADDITIONAL
+a.gtld-servers.net.	IN 	A	192.5.6.30
+ENTRY_END
+RANGE_END
+
+; a.gtld-servers.net.
+RANGE_BEGIN 0 100
+	ADDRESS 192.5.6.30
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+com. IN NS
+SECTION ANSWER
+com.    IN NS   a.gtld-servers.net.
+SECTION ADDITIONAL
+a.gtld-servers.net.     IN      A       192.5.6.30
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+sub.example.com. IN DS
+SECTION AUTHORITY
+example.com.	IN NS	ns.example.com.
+SECTION ADDITIONAL
+ns.example.com.		IN 	A	1.2.3.4
+ENTRY_END
+RANGE_END
+
+; ns.example.com.
+RANGE_BEGIN 0 100
+	ADDRESS 1.2.3.4
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+example.com. IN NS
+SECTION ANSWER
+example.com.    IN NS   ns.example.com.
+example.com.    3600    IN      RRSIG   NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854}
+SECTION ADDITIONAL
+ns.example.com.         IN      A       1.2.3.4
+ns.example.com. 3600    IN      RRSIG   A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854}
+ENTRY_END
+
+; response to DNSKEY priming query
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+example.com. IN DNSKEY
+SECTION ANSWER
+example.com.    3600    IN      DNSKEY  256 3 3 ALXLUsWqUrY3JYER3T4TBJII s70j+sDS/UT2QRp61SE7S3E EXopNXoFE73JLRmvpi/UrOO/Vz4Se 6wXv/CYCKjGw06U4WRgR YXcpEhJROyNapmdIKSx hOzfLVE1gqA0PweZR8d tY3aNQSRn3sPpwJr6Mi /PqQKAMMrZ9ckJpf1+b QMOOvxgzz2U1GS18b3y ZKcgTMEaJzd/GZYzi/B N2DzQ0MsrSwYXfsNLFO Bbs8PJMW4LYIxeeOe6rUgkWOF 7CC9Dh/dduQ1QrsJhmZAEFfd6ByYV+ ;{id = 2854 (zsk), size = 1688b}
+example.com. 3600    IN      RRSIG   DNSKEY DSA 2 3600 20070926134150 20070829134150 2854 example.com. MCwCFBQRtlR4BEv9ohi+PGFjp+AHsJuHAhRCvz0shggvnvI88DFnBDCczHUcVA== ;{id = 2854}
+SECTION AUTHORITY
+example.com.	IN NS	ns.example.com.
+example.com.    3600    IN      RRSIG   NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854}
+SECTION ADDITIONAL
+ns.example.com.		IN 	A	1.2.3.4
+ns.example.com. 3600    IN      RRSIG   A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854}
+ENTRY_END
+
+; response for delegation to sub.example.com.
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+www.sub.example.com. IN A
+SECTION ANSWER
+SECTION AUTHORITY
+sub.example.com. IN	NS ns.sub.example.com.
+sub.example.com.        3600    IN      DS      30899 RSASHA1 1 f7ed618f24d5e5202927e1d27bc2e84a141cb4b3
+sub.example.com.        3600    IN      RRSIG   DS 3 3 3600 20070926134150 20070829134150 2854 example.com. MCwCFCW3ix0GD4BSvNLWIbROCJt5DAW9AhRt/kg9kBKJ20UBUdumrBUHqnskdA== ;{id = 2854}
+SECTION ADDITIONAL
+ns.sub.example.com. IN A 1.2.3.6
+ENTRY_END
+
+; response for delegation to sub.example.com.
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+sub.example.com. IN DNSKEY
+SECTION ANSWER
+SECTION AUTHORITY
+sub.example.com. IN	NS ns.sub.example.com.
+sub.example.com.        3600    IN      DS      30899 RSASHA1 1 f7ed618f24d5e5202927e1d27bc2e84a141cb4b3
+sub.example.com.        3600    IN      RRSIG   DS 3 3 3600 20070926134150 20070829134150 2854 example.com. MCwCFCW3ix0GD4BSvNLWIbROCJt5DAW9AhRt/kg9kBKJ20UBUdumrBUHqnskdA== ;{id = 2854}
+SECTION ADDITIONAL
+ns.sub.example.com. IN A 1.2.3.6
+ENTRY_END
+
+; response to DS query
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+sub.example.com. IN DS
+SECTION ANSWER
+sub.example.com.        3600    IN      DS      30899 RSASHA1 1 f7ed618f24d5e5202927e1d27bc2e84a141cb4b3
+sub.example.com.        3600    IN      RRSIG   DS 3 3 3600 20070926134150 20070829134150 2854 example.com. MCwCFCW3ix0GD4BSvNLWIbROCJt5DAW9AhRt/kg9kBKJ20UBUdumrBUHqnskdA== ;{id = 2854}
+SECTION AUTHORITY
+example.com.	IN NS	ns.example.com.
+example.com.    3600    IN      RRSIG   NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854}
+SECTION ADDITIONAL
+ns.example.com.		IN 	A	1.2.3.4
+ns.example.com. 3600    IN      RRSIG   A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854}
+ENTRY_END
+RANGE_END
+
+; ns.sub.example.com.
+RANGE_BEGIN 0 100
+	ADDRESS 1.2.3.6
+
+; response to DNSKEY priming query
+; sub.example.com.        3600    IN      DS      30899 RSASHA1 1 f7ed618f24d5e5202927e1d27bc2e84a141cb4b3
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+sub.example.com. IN DNSKEY
+SECTION ANSWER
+sub.example.com.        3600    IN      DNSKEY  256 3 5 AQPQ41chR9DEHt/aIzIFAqanbDlRflJoRs5yz1jFsoRIT7dWf0r+PeDuewdxkszNH6wnU4QL8pfKFRh5PIYVBLK3 ;{id = 30899 (zsk), size = 512b}
+sub.example.com.        3600    IN      RRSIG   DNSKEY 5 3 3600 20070926134150 20070829134150 30899 sub.example.com. uNGp99iznjD7oOX02XnQbDnbg75UwBHRvZSKYUorTKvPUnCWMHKdRsQ+mf+Fx3GZ+Fz9BVjoCmQqpnfgXLEYqw== ;{id = 30899}
+SECTION AUTHORITY
+sub.example.com. IN	NS ns.sub.example.com.
+sub.example.com.        3600    IN      RRSIG   NS 5 3 3600 20070926134150 20070829134150 30899 sub.example.com. wcpHeBILHfo8C9uxMhcW03gcURZeUffiKdSTb50ZjzTHgMNhRyMfpcvSpXEd9548A9UTmWKeLZChfr5Z/glONw== ;{id = 30899}
+SECTION ADDITIONAL
+ns.sub.example.com. IN A 1.2.3.6
+ns.sub.example.com.     3600    IN      RRSIG   A 5 4 3600 20070926134150 20070829134150 30899 sub.example.com. UF7shD/gt1FOp2UHgLTNbPzVykklSXFMEtJ1xD+Hholwf/PIzd7zoaIttIYibNa4fUXCqMg22H9P7MRhfmFe6g== ;{id = 30899}
+ENTRY_END
+
+; response to query of interest
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+www.sub.example.com. IN A
+SECTION ANSWER
+www.sub.example.com. IN A	11.11.11.11
+www.sub.example.com.    3600    IN      RRSIG   A 5 4 3600 20070926134150 20070829134150 30899 sub.example.com. 0DqqRfRtm7VSEQ4mmBbzrKRqQAay3JAE8DPDGmjtokrrjN9F1G/HxozDV7bjdIh2EChlQea8FPwf/GepJMUVxg== ;{id = 30899}
+SECTION AUTHORITY
+SECTION ADDITIONAL
+ENTRY_END
+RANGE_END
+
+STEP 1 QUERY
+ENTRY_BEGIN
+REPLY RD DO
+SECTION QUESTION
+sub.example.com. IN DS
+ENTRY_END
+
+; recursion happens here.
+STEP 10 CHECK_ANSWER
+ENTRY_BEGIN
+MATCH all
+REPLY QR RD RA DO NOERROR
+SECTION QUESTION
+sub.example.com. IN DS
+SECTION ANSWER
+sub.example.com.        3600    IN      DS      30899 RSASHA1 1 f7ed618f24d5e5202927e1d27bc2e84a141cb4b3
+sub.example.com.        3600    IN      RRSIG   DS 3 3 3600 20070926134150 20070829134150 2854 example.com. MCwCFCW3ix0GD4BSvNLWIbROCJt5DAW9AhRt/kg9kBKJ20UBUdumrBUHqnskdA== ;{id = 2854}
+SECTION AUTHORITY
+example.com.	IN NS	ns.example.com.
+example.com.    3600    IN      RRSIG   NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854}
+SECTION ADDITIONAL
+ns.example.com.		IN 	A	1.2.3.4
+ns.example.com. 3600    IN      RRSIG   A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854}
+ENTRY_END
+
+SCENARIO_END
diff --git a/src/test/resources/unbound/val_qds_oneanc.rpl b/src/test/resources/unbound/val_qds_oneanc.rpl
new file mode 100644
index 000000000..f21ab422b
--- /dev/null
+++ b/src/test/resources/unbound/val_qds_oneanc.rpl
@@ -0,0 +1,224 @@
+; config options
+; The island of trust is at example.com
+server:
+	trust-anchor: "example.com.    3600    IN      DS      2854 3 1 46e4ffc6e9a4793b488954bd3f0cc6af0dfb201b"
+	val-override-date: "20070916134226"
+	target-fetch-policy: "0 0 0 0 0"
+	qname-minimisation: "no"
+	fake-sha1: yes
+	trust-anchor-signaling: no
+	minimal-responses: no
+
+stub-zone:
+	name: "."
+	stub-addr: 193.0.14.129 	# K.ROOT-SERVERS.NET.
+CONFIG_END
+
+SCENARIO_BEGIN Test validator with DS query and one anchor
+
+; K.ROOT-SERVERS.NET.
+RANGE_BEGIN 0 100
+	ADDRESS 193.0.14.129 
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+. IN NS
+SECTION ANSWER
+. IN NS	K.ROOT-SERVERS.NET.
+SECTION ADDITIONAL
+K.ROOT-SERVERS.NET.	IN	A	193.0.14.129
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+sub.example.com. IN DS
+SECTION AUTHORITY
+com.	IN NS	a.gtld-servers.net.
+SECTION ADDITIONAL
+a.gtld-servers.net.	IN 	A	192.5.6.30
+ENTRY_END
+RANGE_END
+
+; a.gtld-servers.net.
+RANGE_BEGIN 0 100
+	ADDRESS 192.5.6.30
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+com. IN NS
+SECTION ANSWER
+com.    IN NS   a.gtld-servers.net.
+SECTION ADDITIONAL
+a.gtld-servers.net.     IN      A       192.5.6.30
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+sub.example.com. IN DS
+SECTION AUTHORITY
+example.com.	IN NS	ns.example.com.
+SECTION ADDITIONAL
+ns.example.com.		IN 	A	1.2.3.4
+ENTRY_END
+RANGE_END
+
+; ns.example.com.
+RANGE_BEGIN 0 100
+	ADDRESS 1.2.3.4
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+example.com. IN NS
+SECTION ANSWER
+example.com.    IN NS   ns.example.com.
+example.com.    3600    IN      RRSIG   NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854}
+SECTION ADDITIONAL
+ns.example.com.         IN      A       1.2.3.4
+ns.example.com. 3600    IN      RRSIG   A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854}
+ENTRY_END
+
+; response to DNSKEY priming query
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+example.com. IN DNSKEY
+SECTION ANSWER
+example.com.    3600    IN      DNSKEY  256 3 3 ALXLUsWqUrY3JYER3T4TBJII s70j+sDS/UT2QRp61SE7S3E EXopNXoFE73JLRmvpi/UrOO/Vz4Se 6wXv/CYCKjGw06U4WRgR YXcpEhJROyNapmdIKSx hOzfLVE1gqA0PweZR8d tY3aNQSRn3sPpwJr6Mi /PqQKAMMrZ9ckJpf1+b QMOOvxgzz2U1GS18b3y ZKcgTMEaJzd/GZYzi/B N2DzQ0MsrSwYXfsNLFO Bbs8PJMW4LYIxeeOe6rUgkWOF 7CC9Dh/dduQ1QrsJhmZAEFfd6ByYV+ ;{id = 2854 (zsk), size = 1688b}
+example.com. 3600    IN      RRSIG   DNSKEY DSA 2 3600 20070926134150 20070829134150 2854 example.com. MCwCFBQRtlR4BEv9ohi+PGFjp+AHsJuHAhRCvz0shggvnvI88DFnBDCczHUcVA== ;{id = 2854}
+SECTION AUTHORITY
+example.com.	IN NS	ns.example.com.
+example.com.    3600    IN      RRSIG   NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854}
+SECTION ADDITIONAL
+ns.example.com.		IN 	A	1.2.3.4
+ns.example.com. 3600    IN      RRSIG   A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854}
+ENTRY_END
+
+; response for delegation to sub.example.com.
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+www.sub.example.com. IN A
+SECTION ANSWER
+SECTION AUTHORITY
+sub.example.com. IN	NS ns.sub.example.com.
+sub.example.com.        3600    IN      DS      30899 RSASHA1 1 f7ed618f24d5e5202927e1d27bc2e84a141cb4b3
+sub.example.com.        3600    IN      RRSIG   DS 3 3 3600 20070926134150 20070829134150 2854 example.com. MCwCFCW3ix0GD4BSvNLWIbROCJt5DAW9AhRt/kg9kBKJ20UBUdumrBUHqnskdA== ;{id = 2854}
+SECTION ADDITIONAL
+ns.sub.example.com. IN A 1.2.3.6
+ENTRY_END
+
+; response for delegation to sub.example.com.
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+sub.example.com. IN DNSKEY
+SECTION ANSWER
+SECTION AUTHORITY
+sub.example.com. IN	NS ns.sub.example.com.
+sub.example.com.        3600    IN      DS      30899 RSASHA1 1 f7ed618f24d5e5202927e1d27bc2e84a141cb4b3
+sub.example.com.        3600    IN      RRSIG   DS 3 3 3600 20070926134150 20070829134150 2854 example.com. MCwCFCW3ix0GD4BSvNLWIbROCJt5DAW9AhRt/kg9kBKJ20UBUdumrBUHqnskdA== ;{id = 2854}
+SECTION ADDITIONAL
+ns.sub.example.com. IN A 1.2.3.6
+ENTRY_END
+
+; response to DS query
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+sub.example.com. IN DS
+SECTION ANSWER
+sub.example.com.        3600    IN      DS      30899 RSASHA1 1 f7ed618f24d5e5202927e1d27bc2e84a141cb4b3
+sub.example.com.        3600    IN      RRSIG   DS 3 3 3600 20070926134150 20070829134150 2854 example.com. MCwCFCW3ix0GD4BSvNLWIbROCJt5DAW9AhRt/kg9kBKJ20UBUdumrBUHqnskdA== ;{id = 2854}
+SECTION AUTHORITY
+example.com.	IN NS	ns.example.com.
+example.com.    3600    IN      RRSIG   NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854}
+SECTION ADDITIONAL
+ns.example.com.		IN 	A	1.2.3.4
+ns.example.com. 3600    IN      RRSIG   A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854}
+ENTRY_END
+RANGE_END
+
+; ns.sub.example.com.
+RANGE_BEGIN 0 100
+	ADDRESS 1.2.3.6
+
+; response to DNSKEY priming query
+; sub.example.com.        3600    IN      DS      30899 RSASHA1 1 f7ed618f24d5e5202927e1d27bc2e84a141cb4b3
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+sub.example.com. IN DNSKEY
+SECTION ANSWER
+sub.example.com.        3600    IN      DNSKEY  256 3 5 AQPQ41chR9DEHt/aIzIFAqanbDlRflJoRs5yz1jFsoRIT7dWf0r+PeDuewdxkszNH6wnU4QL8pfKFRh5PIYVBLK3 ;{id = 30899 (zsk), size = 512b}
+sub.example.com.        3600    IN      RRSIG   DNSKEY 5 3 3600 20070926134150 20070829134150 30899 sub.example.com. uNGp99iznjD7oOX02XnQbDnbg75UwBHRvZSKYUorTKvPUnCWMHKdRsQ+mf+Fx3GZ+Fz9BVjoCmQqpnfgXLEYqw== ;{id = 30899}
+SECTION AUTHORITY
+sub.example.com. IN	NS ns.sub.example.com.
+sub.example.com.        3600    IN      RRSIG   NS 5 3 3600 20070926134150 20070829134150 30899 sub.example.com. wcpHeBILHfo8C9uxMhcW03gcURZeUffiKdSTb50ZjzTHgMNhRyMfpcvSpXEd9548A9UTmWKeLZChfr5Z/glONw== ;{id = 30899}
+SECTION ADDITIONAL
+ns.sub.example.com. IN A 1.2.3.6
+ns.sub.example.com.     3600    IN      RRSIG   A 5 4 3600 20070926134150 20070829134150 30899 sub.example.com. UF7shD/gt1FOp2UHgLTNbPzVykklSXFMEtJ1xD+Hholwf/PIzd7zoaIttIYibNa4fUXCqMg22H9P7MRhfmFe6g== ;{id = 30899}
+ENTRY_END
+
+; response to query of interest
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+www.sub.example.com. IN A
+SECTION ANSWER
+www.sub.example.com. IN A	11.11.11.11
+www.sub.example.com.    3600    IN      RRSIG   A 5 4 3600 20070926134150 20070829134150 30899 sub.example.com. 0DqqRfRtm7VSEQ4mmBbzrKRqQAay3JAE8DPDGmjtokrrjN9F1G/HxozDV7bjdIh2EChlQea8FPwf/GepJMUVxg== ;{id = 30899}
+SECTION AUTHORITY
+SECTION ADDITIONAL
+ENTRY_END
+RANGE_END
+
+STEP 1 QUERY
+ENTRY_BEGIN
+REPLY RD DO
+SECTION QUESTION
+sub.example.com. IN DS
+ENTRY_END
+
+; recursion happens here.
+STEP 10 CHECK_ANSWER
+ENTRY_BEGIN
+MATCH all
+REPLY QR RD RA AD DO NOERROR
+SECTION QUESTION
+sub.example.com. IN DS
+SECTION ANSWER
+sub.example.com.        3600    IN      DS      30899 RSASHA1 1 f7ed618f24d5e5202927e1d27bc2e84a141cb4b3
+sub.example.com.        3600    IN      RRSIG   DS 3 3 3600 20070926134150 20070829134150 2854 example.com. MCwCFCW3ix0GD4BSvNLWIbROCJt5DAW9AhRt/kg9kBKJ20UBUdumrBUHqnskdA== ;{id = 2854}
+SECTION AUTHORITY
+example.com.	IN NS	ns.example.com.
+example.com.    3600    IN      RRSIG   NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854}
+SECTION ADDITIONAL
+ns.example.com.		IN 	A	1.2.3.4
+ns.example.com. 3600    IN      RRSIG   A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854}
+ENTRY_END
+
+SCENARIO_END
diff --git a/src/test/resources/unbound/val_qds_twoanc.rpl b/src/test/resources/unbound/val_qds_twoanc.rpl
new file mode 100644
index 000000000..4e4f2e732
--- /dev/null
+++ b/src/test/resources/unbound/val_qds_twoanc.rpl
@@ -0,0 +1,225 @@
+; config options
+; The island of trust is at example.com
+server:
+	trust-anchor: "example.com.    3600    IN      DS      2854 3 1 46e4ffc6e9a4793b488954bd3f0cc6af0dfb201b"
+	trust-anchor: "sub.example.com.        3600    IN      DS      30899 RSASHA1 1 f7ed618f24d5e5202927e1d27bc2e84a141cb4b3"
+	val-override-date: "20070916134226"
+	target-fetch-policy: "0 0 0 0 0"
+	qname-minimisation: "no"
+	fake-sha1: yes
+	trust-anchor-signaling: no
+	minimal-responses: no
+
+stub-zone:
+	name: "."
+	stub-addr: 193.0.14.129 	# K.ROOT-SERVERS.NET.
+CONFIG_END
+
+SCENARIO_BEGIN Test validator with DS query and two anchors
+
+; K.ROOT-SERVERS.NET.
+RANGE_BEGIN 0 100
+	ADDRESS 193.0.14.129 
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+. IN NS
+SECTION ANSWER
+. IN NS	K.ROOT-SERVERS.NET.
+SECTION ADDITIONAL
+K.ROOT-SERVERS.NET.	IN	A	193.0.14.129
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+sub.example.com. IN DS
+SECTION AUTHORITY
+com.	IN NS	a.gtld-servers.net.
+SECTION ADDITIONAL
+a.gtld-servers.net.	IN 	A	192.5.6.30
+ENTRY_END
+RANGE_END
+
+; a.gtld-servers.net.
+RANGE_BEGIN 0 100
+	ADDRESS 192.5.6.30
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+com. IN NS
+SECTION ANSWER
+com.    IN NS   a.gtld-servers.net.
+SECTION ADDITIONAL
+a.gtld-servers.net.     IN      A       192.5.6.30
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+sub.example.com. IN DS
+SECTION AUTHORITY
+example.com.	IN NS	ns.example.com.
+SECTION ADDITIONAL
+ns.example.com.		IN 	A	1.2.3.4
+ENTRY_END
+RANGE_END
+
+; ns.example.com.
+RANGE_BEGIN 0 100
+	ADDRESS 1.2.3.4
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+example.com. IN NS
+SECTION ANSWER
+example.com.    IN NS   ns.example.com.
+example.com.    3600    IN      RRSIG   NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854}
+SECTION ADDITIONAL
+ns.example.com.         IN      A       1.2.3.4
+ns.example.com. 3600    IN      RRSIG   A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854}
+ENTRY_END
+
+; response to DNSKEY priming query
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+example.com. IN DNSKEY
+SECTION ANSWER
+example.com.    3600    IN      DNSKEY  256 3 3 ALXLUsWqUrY3JYER3T4TBJII s70j+sDS/UT2QRp61SE7S3E EXopNXoFE73JLRmvpi/UrOO/Vz4Se 6wXv/CYCKjGw06U4WRgR YXcpEhJROyNapmdIKSx hOzfLVE1gqA0PweZR8d tY3aNQSRn3sPpwJr6Mi /PqQKAMMrZ9ckJpf1+b QMOOvxgzz2U1GS18b3y ZKcgTMEaJzd/GZYzi/B N2DzQ0MsrSwYXfsNLFO Bbs8PJMW4LYIxeeOe6rUgkWOF 7CC9Dh/dduQ1QrsJhmZAEFfd6ByYV+ ;{id = 2854 (zsk), size = 1688b}
+example.com. 3600    IN      RRSIG   DNSKEY DSA 2 3600 20070926134150 20070829134150 2854 example.com. MCwCFBQRtlR4BEv9ohi+PGFjp+AHsJuHAhRCvz0shggvnvI88DFnBDCczHUcVA== ;{id = 2854}
+SECTION AUTHORITY
+example.com.	IN NS	ns.example.com.
+example.com.    3600    IN      RRSIG   NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854}
+SECTION ADDITIONAL
+ns.example.com.		IN 	A	1.2.3.4
+ns.example.com. 3600    IN      RRSIG   A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854}
+ENTRY_END
+
+; response for delegation to sub.example.com.
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+www.sub.example.com. IN A
+SECTION ANSWER
+SECTION AUTHORITY
+sub.example.com. IN	NS ns.sub.example.com.
+sub.example.com.        3600    IN      DS      30899 RSASHA1 1 f7ed618f24d5e5202927e1d27bc2e84a141cb4b3
+sub.example.com.        3600    IN      RRSIG   DS 3 3 3600 20070926134150 20070829134150 2854 example.com. MCwCFCW3ix0GD4BSvNLWIbROCJt5DAW9AhRt/kg9kBKJ20UBUdumrBUHqnskdA== ;{id = 2854}
+SECTION ADDITIONAL
+ns.sub.example.com. IN A 1.2.3.6
+ENTRY_END
+
+; response for delegation to sub.example.com.
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+sub.example.com. IN DNSKEY
+SECTION ANSWER
+SECTION AUTHORITY
+sub.example.com. IN	NS ns.sub.example.com.
+sub.example.com.        3600    IN      DS      30899 RSASHA1 1 f7ed618f24d5e5202927e1d27bc2e84a141cb4b3
+sub.example.com.        3600    IN      RRSIG   DS 3 3 3600 20070926134150 20070829134150 2854 example.com. MCwCFCW3ix0GD4BSvNLWIbROCJt5DAW9AhRt/kg9kBKJ20UBUdumrBUHqnskdA== ;{id = 2854}
+SECTION ADDITIONAL
+ns.sub.example.com. IN A 1.2.3.6
+ENTRY_END
+
+; response to DS query
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+sub.example.com. IN DS
+SECTION ANSWER
+sub.example.com.        3600    IN      DS      30899 RSASHA1 1 f7ed618f24d5e5202927e1d27bc2e84a141cb4b3
+sub.example.com.        3600    IN      RRSIG   DS 3 3 3600 20070926134150 20070829134150 2854 example.com. MCwCFCW3ix0GD4BSvNLWIbROCJt5DAW9AhRt/kg9kBKJ20UBUdumrBUHqnskdA== ;{id = 2854}
+SECTION AUTHORITY
+example.com.	IN NS	ns.example.com.
+example.com.    3600    IN      RRSIG   NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854}
+SECTION ADDITIONAL
+ns.example.com.		IN 	A	1.2.3.4
+ns.example.com. 3600    IN      RRSIG   A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854}
+ENTRY_END
+RANGE_END
+
+; ns.sub.example.com.
+RANGE_BEGIN 0 100
+	ADDRESS 1.2.3.6
+
+; response to DNSKEY priming query
+; sub.example.com.        3600    IN      DS      30899 RSASHA1 1 f7ed618f24d5e5202927e1d27bc2e84a141cb4b3
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+sub.example.com. IN DNSKEY
+SECTION ANSWER
+sub.example.com.        3600    IN      DNSKEY  256 3 5 AQPQ41chR9DEHt/aIzIFAqanbDlRflJoRs5yz1jFsoRIT7dWf0r+PeDuewdxkszNH6wnU4QL8pfKFRh5PIYVBLK3 ;{id = 30899 (zsk), size = 512b}
+sub.example.com.        3600    IN      RRSIG   DNSKEY 5 3 3600 20070926134150 20070829134150 30899 sub.example.com. uNGp99iznjD7oOX02XnQbDnbg75UwBHRvZSKYUorTKvPUnCWMHKdRsQ+mf+Fx3GZ+Fz9BVjoCmQqpnfgXLEYqw== ;{id = 30899}
+SECTION AUTHORITY
+sub.example.com. IN	NS ns.sub.example.com.
+sub.example.com.        3600    IN      RRSIG   NS 5 3 3600 20070926134150 20070829134150 30899 sub.example.com. wcpHeBILHfo8C9uxMhcW03gcURZeUffiKdSTb50ZjzTHgMNhRyMfpcvSpXEd9548A9UTmWKeLZChfr5Z/glONw== ;{id = 30899}
+SECTION ADDITIONAL
+ns.sub.example.com. IN A 1.2.3.6
+ns.sub.example.com.     3600    IN      RRSIG   A 5 4 3600 20070926134150 20070829134150 30899 sub.example.com. UF7shD/gt1FOp2UHgLTNbPzVykklSXFMEtJ1xD+Hholwf/PIzd7zoaIttIYibNa4fUXCqMg22H9P7MRhfmFe6g== ;{id = 30899}
+ENTRY_END
+
+; response to query of interest
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+www.sub.example.com. IN A
+SECTION ANSWER
+www.sub.example.com. IN A	11.11.11.11
+www.sub.example.com.    3600    IN      RRSIG   A 5 4 3600 20070926134150 20070829134150 30899 sub.example.com. 0DqqRfRtm7VSEQ4mmBbzrKRqQAay3JAE8DPDGmjtokrrjN9F1G/HxozDV7bjdIh2EChlQea8FPwf/GepJMUVxg== ;{id = 30899}
+SECTION AUTHORITY
+SECTION ADDITIONAL
+ENTRY_END
+RANGE_END
+
+STEP 1 QUERY
+ENTRY_BEGIN
+REPLY RD DO
+SECTION QUESTION
+sub.example.com. IN DS
+ENTRY_END
+
+; recursion happens here.
+STEP 10 CHECK_ANSWER
+ENTRY_BEGIN
+MATCH all
+REPLY QR RD RA AD DO NOERROR
+SECTION QUESTION
+sub.example.com. IN DS
+SECTION ANSWER
+sub.example.com.        3600    IN      DS      30899 RSASHA1 1 f7ed618f24d5e5202927e1d27bc2e84a141cb4b3
+sub.example.com.        3600    IN      RRSIG   DS 3 3 3600 20070926134150 20070829134150 2854 example.com. MCwCFCW3ix0GD4BSvNLWIbROCJt5DAW9AhRt/kg9kBKJ20UBUdumrBUHqnskdA== ;{id = 2854}
+SECTION AUTHORITY
+example.com.	IN NS	ns.example.com.
+example.com.    3600    IN      RRSIG   NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854}
+SECTION ADDITIONAL
+ns.example.com.		IN 	A	1.2.3.4
+ns.example.com. 3600    IN      RRSIG   A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854}
+ENTRY_END
+
+SCENARIO_END
diff --git a/src/test/resources/unbound/val_refer_unsignadd.rpl b/src/test/resources/unbound/val_refer_unsignadd.rpl
new file mode 100644
index 000000000..90e0f0421
--- /dev/null
+++ b/src/test/resources/unbound/val_refer_unsignadd.rpl
@@ -0,0 +1,353 @@
+; config options
+; The island of trust is at example.com
+server:
+	trust-anchor: "example.com.    3600    IN      DS      2854 3 1 46e4ffc6e9a4793b488954bd3f0cc6af0dfb201b"
+	trust-anchor: "example.net.    3600    IN      DNSKEY  256 3 5 AQPQ41chR9DEHt/aIzIFAqanbDlRflJoRs5yz1jFsoRIT7dWf0r+PeDuewdxkszNH6wnU4QL8pfKFRh5PIYVBLK3 ;{id = 30899 (zsk), size = 512b}"
+	val-override-date: "20070916134226"
+	access-control: 127.0.0.1 allow_snoop
+	target-fetch-policy: "0 0 0 0 0"
+	qname-minimisation: "no"
+	fake-sha1: yes
+	trust-anchor-signaling: no
+
+stub-zone:
+	name: "."
+	stub-addr: 193.0.14.129 	# K.ROOT-SERVERS.NET.
+CONFIG_END
+
+SCENARIO_BEGIN Test validator with a referral with unsigned additional
+; but the additional record is from a signed zone, 
+; and a proper proof for no DS or DSNKEY types is forthcoming.
+
+; K.ROOT-SERVERS.NET.
+RANGE_BEGIN 0 100
+	ADDRESS 193.0.14.129 
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+. IN NS
+SECTION ANSWER
+. IN NS	K.ROOT-SERVERS.NET.
+SECTION ADDITIONAL
+K.ROOT-SERVERS.NET.	IN	A	193.0.14.129
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode qname
+ADJUST copy_id copy_query
+REPLY QR NOERROR
+SECTION QUESTION
+www.example.com. IN A
+SECTION AUTHORITY
+; Skip .com, to provide unsigned referral A record for ns.example.net
+; and go straight to example.com.
+example.com.	IN NS	ns.example.com.
+example.com.	IN NS	ns.example.net.
+SECTION ADDITIONAL
+ns.example.com.		IN 	A	1.2.3.4
+ns.example.net	IN	A	1.2.3.5
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode qname
+ADJUST copy_id copy_query
+REPLY QR NOERROR
+SECTION QUESTION
+example.net. IN A
+SECTION AUTHORITY
+net.	IN NS	a.gtld-servers.net.
+SECTION ADDITIONAL
+a.gtld-servers.net.	IN 	A	192.5.6.30
+ENTRY_END
+RANGE_END
+
+; a.gtld-servers.net.
+RANGE_BEGIN 0 100
+	ADDRESS 192.5.6.30
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+com. IN NS
+SECTION ANSWER
+com.    IN NS   a.gtld-servers.net.
+SECTION ADDITIONAL
+a.gtld-servers.net.     IN      A       192.5.6.30
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+net. IN NS
+SECTION ANSWER
+net.    IN NS   a.gtld-servers.net.
+SECTION ADDITIONAL
+a.gtld-servers.net.     IN      A       192.5.6.30
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode qname
+ADJUST copy_id copy_query
+REPLY QR NOERROR
+SECTION QUESTION
+www.example.com. IN A
+SECTION AUTHORITY
+example.com.	IN NS	ns.example.com.
+example.com.	IN NS	ns.example.net.
+SECTION ADDITIONAL
+ns.example.com.		IN 	A	1.2.3.4
+ns.example.net	IN	A	1.2.3.5
+ENTRY_END
+ENTRY_BEGIN
+MATCH opcode qname
+ADJUST copy_id copy_query
+REPLY QR NOERROR
+SECTION QUESTION
+example.net. IN A
+SECTION AUTHORITY
+example.net.	IN NS	ns.example.net.
+SECTION ADDITIONAL
+ns.example.net.		IN 	A	1.2.3.5
+ENTRY_END
+RANGE_END
+
+; ns.example.com.
+RANGE_BEGIN 0 100
+	ADDRESS 1.2.3.4
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+example.com. IN NS
+SECTION ANSWER
+example.com.	IN NS	ns.example.com.
+example.com.	IN NS	ns.example.net.
+example.com.    3600    IN      RRSIG   NS 3 2 3600 20070926135752 20070829135752 2854 example.com. MCwCFEsWNXjGDFwH/0NGClonWUQlBaiFAhR/dt0asVj8M0VKs7PdTEKN/Y9i5w== ;{id = 2854}
+SECTION ADDITIONAL
+ns.example.com.         IN      A       1.2.3.4
+ns.example.com. 3600    IN      RRSIG   A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854}
+ENTRY_END
+
+; response to example.com. DNSKEY priming query
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+example.com. IN DNSKEY
+SECTION ANSWER
+example.com.    3600    IN      DNSKEY  256 3 3 ALXLUsWqUrY3JYER3T4TBJII s70j+sDS/UT2QRp61SE7S3E EXopNXoFE73JLRmvpi/UrOO/Vz4Se 6wXv/CYCKjGw06U4WRgR YXcpEhJROyNapmdIKSx hOzfLVE1gqA0PweZR8d tY3aNQSRn3sPpwJr6Mi /PqQKAMMrZ9ckJpf1+b QMOOvxgzz2U1GS18b3y ZKcgTMEaJzd/GZYzi/B N2DzQ0MsrSwYXfsNLFO Bbs8PJMW4LYIxeeOe6rUgkWOF 7CC9Dh/dduQ1QrsJhmZAEFfd6ByYV+ ;{id = 2854 (zsk), size = 1688b}
+example.com. 3600    IN      RRSIG   DNSKEY DSA 2 3600 20070926134150 20070829134150 2854 example.com. MCwCFBQRtlR4BEv9ohi+PGFjp+AHsJuHAhRCvz0shggvnvI88DFnBDCczHUcVA== ;{id = 2854}
+SECTION AUTHORITY
+example.com.	IN NS	ns.example.com.
+example.com.	IN NS	ns.example.net.
+example.com.    3600    IN      RRSIG   NS 3 2 3600 20070926135752 20070829135752 2854 example.com. MCwCFEsWNXjGDFwH/0NGClonWUQlBaiFAhR/dt0asVj8M0VKs7PdTEKN/Y9i5w== ;{id = 2854}
+SECTION ADDITIONAL
+ns.example.com.		IN 	A	1.2.3.4
+ns.example.com. 3600    IN      RRSIG   A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854}
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+www.example.com. IN A
+SECTION ANSWER
+www.example.com. IN	A 11.12.13.14
+www.example.com.        3600    IN      RRSIG   A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFC6+BbFcL95vH6SOhMLGotcBospIAhUAhjfof+1VY5GsCp5b9UOD7UydBzI= ;{id = 2854}
+SECTION AUTHORITY
+SECTION ADDITIONAL
+ENTRY_END
+RANGE_END
+
+; ns.example.net.
+RANGE_BEGIN 0 100
+	ADDRESS 1.2.3.5
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+example.com. IN NS
+SECTION ANSWER
+example.com.	IN NS	ns.example.com.
+example.com.	IN NS	ns.example.net.
+example.com.    3600    IN      RRSIG   NS 3 2 3600 20070926135752 20070829135752 2854 example.com. MCwCFEsWNXjGDFwH/0NGClonWUQlBaiFAhR/dt0asVj8M0VKs7PdTEKN/Y9i5w== ;{id = 2854}
+SECTION ADDITIONAL
+ns.example.com.         IN      A       1.2.3.4
+ns.example.com. 3600    IN      RRSIG   A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854}
+ENTRY_END
+
+; example.com zone in ns.example.net.
+; response to example.com. DNSKEY priming query
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+example.com. IN DNSKEY
+SECTION ANSWER
+example.com.    3600    IN      DNSKEY  256 3 3 ALXLUsWqUrY3JYER3T4TBJII s70j+sDS/UT2QRp61SE7S3E EXopNXoFE73JLRmvpi/UrOO/Vz4Se 6wXv/CYCKjGw06U4WRgR YXcpEhJROyNapmdIKSx hOzfLVE1gqA0PweZR8d tY3aNQSRn3sPpwJr6Mi /PqQKAMMrZ9ckJpf1+b QMOOvxgzz2U1GS18b3y ZKcgTMEaJzd/GZYzi/B N2DzQ0MsrSwYXfsNLFO Bbs8PJMW4LYIxeeOe6rUgkWOF 7CC9Dh/dduQ1QrsJhmZAEFfd6ByYV+ ;{id = 2854 (zsk), size = 1688b}
+example.com. 3600    IN      RRSIG   DNSKEY DSA 2 3600 20070926134150 20070829134150 2854 example.com. MCwCFBQRtlR4BEv9ohi+PGFjp+AHsJuHAhRCvz0shggvnvI88DFnBDCczHUcVA== ;{id = 2854}
+SECTION AUTHORITY
+example.com.	IN NS	ns.example.com.
+example.com.	IN NS	ns.example.net.
+example.com.    3600    IN      RRSIG   NS 3 2 3600 20070926135752 20070829135752 2854 example.com. MCwCFEsWNXjGDFwH/0NGClonWUQlBaiFAhR/dt0asVj8M0VKs7PdTEKN/Y9i5w== ;{id = 2854}
+SECTION ADDITIONAL
+ns.example.com.		IN 	A	1.2.3.4
+ns.example.com. 3600    IN      RRSIG   A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854}
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+www.example.com. IN A
+SECTION ANSWER
+www.example.com. IN	A 11.12.13.14
+www.example.com.        3600    IN      RRSIG   A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFC6+BbFcL95vH6SOhMLGotcBospIAhUAhjfof+1VY5GsCp5b9UOD7UydBzI= ;{id = 2854}
+SECTION AUTHORITY
+SECTION ADDITIONAL
+ENTRY_END
+
+; example.net zone in ns.example.net.
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+example.net. IN NS
+SECTION ANSWER
+example.net.	IN NS	ns.example.net.
+example.net.    3600    IN      RRSIG   NS RSASHA1 2 3600 20070926134150 20070829134150 30899 example.net. E8JX0l4B+cSR5bkHQwOJy1pBmlLMTYCJ8EwfNMU/eCv0YhKwo26rHhn52FGisgv+Nwp7/NbhHqQ+kJgoZC94XA== ;{id = 30899}
+SECTION ADDITIONAL
+ns.example.net.		IN 	A	1.2.3.5
+ns.example.net. 3600    IN      RRSIG   A RSASHA1 3 3600 20070926134150 20070829134150 30899 example.net. x+tQMC9FhzT7Fcy1pM5NrOC7E8nLd7THPI3C6ie4EwL8PrxllqlR3q/DKB0d/m0qCOPcgN6HFOYURV1s4uAcsw== ;{id = 30899}
+ENTRY_END
+
+; response to DNSKEY priming query
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+example.net. IN DNSKEY
+SECTION ANSWER
+example.net.    3600    IN      DNSKEY  256 3 5 AQPQ41chR9DEHt/aIzIFAqanbDlRflJoRs5yz1jFsoRIT7dWf0r+PeDuewdxkszNH6wnU4QL8pfKFRh5PIYVBLK3 ;{id = 30899 (zsk), size = 512b}
+example.net.    3600    IN      RRSIG   DNSKEY RSASHA1 2 3600 20070926134150 20070829134150 30899 example.net. hiFzlQ8VoYgCuvIsfVuxC3mfJDqsTh0yc6abs5xMx5uEcIjb0dndFQx7INOM+imlzveEN73Hqp4OLFpFhsWLlw== ;{id = 30899}
+SECTION AUTHORITY
+example.net.	IN NS	ns.example.net.
+example.net.    3600    IN      RRSIG   NS RSASHA1 2 3600 20070926134150 20070829134150 30899 example.net. E8JX0l4B+cSR5bkHQwOJy1pBmlLMTYCJ8EwfNMU/eCv0YhKwo26rHhn52FGisgv+Nwp7/NbhHqQ+kJgoZC94XA== ;{id = 30899}
+SECTION ADDITIONAL
+ns.example.net.		IN 	A	1.2.3.5
+ns.example.net. 3600    IN      RRSIG   A RSASHA1 3 3600 20070926134150 20070829134150 30899 example.net. x+tQMC9FhzT7Fcy1pM5NrOC7E8nLd7THPI3C6ie4EwL8PrxllqlR3q/DKB0d/m0qCOPcgN6HFOYURV1s4uAcsw== ;{id = 30899}
+ENTRY_END
+
+; deny DS and DNSKEY types
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id 
+REPLY QR NOERROR
+SECTION QUESTION
+ns.example.net. IN DS
+SECTION AUTHORITY
+example.net. IN SOA ns-pri.ripe.net. ops.ripe.net. 2007092101 3600 7200 1209600 7200
+example.net.    3600    IN      RRSIG   SOA 5 2 3600 20070926134150 20070829134150 30899 example.net. E1T+LAsAk7rtA6mnKRlgca5Lk+NJYUNNkfco1CrUp5IZZ1+QL7u7CINQBcndJkvoBwKhdVI8rz2LLW19wIywTw== ;{id = 30899}
+ns.example.net	IN	NSEC	ns-new.example.net. A AAAA RRSIG NSEC
+ns.example.net. 3600    IN      RRSIG   NSEC 5 3 3600 20070926134150 20070829134150 30899 example.net. HLkPBWA8Hstub8e/zdp/A8xyI6+fnnMsA9oiZ20VBuSTaBknX0SXmVulNhVGfdmz9fYmYFUr1zjqvPFG+ErO8A== ;{id = 30899}
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id 
+REPLY QR NOERROR
+SECTION QUESTION
+ns.example.net. IN DNSKEY
+SECTION AUTHORITY
+example.net. IN SOA ns-pri.ripe.net. ops.ripe.net. 2007092101 3600 7200 1209600 7200
+example.net.    3600    IN      RRSIG   SOA 5 2 3600 20070926134150 20070829134150 30899 example.net. E1T+LAsAk7rtA6mnKRlgca5Lk+NJYUNNkfco1CrUp5IZZ1+QL7u7CINQBcndJkvoBwKhdVI8rz2LLW19wIywTw== ;{id = 30899}
+ns.example.net	IN	NSEC	ns-new.example.net. A RRSIG NSEC
+ns.example.net. 3600    IN      RRSIG   NSEC 5 3 3600 20070926134150 20070829134150 30899 example.net. fAbDxuMP6lMqi71Wa9nsByG7buoJpfxyQhjps6HXOPzOC24UCCjdvZfZltlRy7Yrfrs28MjHwYEmHFmCeFpfPw== ;{id = 30899}
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id 
+REPLY QR NOERROR
+SECTION QUESTION
+ns.example.net. IN A
+SECTION ANSWER
+ns.example.net.		IN 	A	1.2.3.5
+ns.example.net. 3600    IN      RRSIG   A RSASHA1 3 3600 20070926134150 20070829134150 30899 example.net. x+tQMC9FhzT7Fcy1pM5NrOC7E8nLd7THPI3C6ie4EwL8PrxllqlR3q/DKB0d/m0qCOPcgN6HFOYURV1s4uAcsw== ;{id = 30899}
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id 
+REPLY QR NOERROR
+SECTION QUESTION
+ns.example.net. IN AAAA
+SECTION AUTHORITY
+example.net. IN SOA ns-pri.ripe.net. ops.ripe.net. 2007092101 3600 7200 1209600 7200
+example.net.    3600    IN      RRSIG   SOA 5 2 3600 20070926134150 20070829134150 30899 example.net. E1T+LAsAk7rtA6mnKRlgca5Lk+NJYUNNkfco1CrUp5IZZ1+QL7u7CINQBcndJkvoBwKhdVI8rz2LLW19wIywTw== ;{id = 30899}
+ns.example.net	IN	NSEC	ns-new.example.net. A RRSIG NSEC
+ns.example.net. 3600    IN      RRSIG   NSEC 5 3 3600 20070926134150 20070829134150 30899 example.net. fAbDxuMP6lMqi71Wa9nsByG7buoJpfxyQhjps6HXOPzOC24UCCjdvZfZltlRy7Yrfrs28MjHwYEmHFmCeFpfPw== ;{id = 30899}
+ENTRY_END
+
+RANGE_END
+
+; prime cache with example.com. NS rrset.
+STEP 1 QUERY
+ENTRY_BEGIN
+REPLY RD DO
+SECTION QUESTION
+www.example.com. IN A
+ENTRY_END
+
+; recursion happens here.
+STEP 10 CHECK_ANSWER
+ENTRY_BEGIN
+MATCH all
+REPLY QR RD RA AD DO NOERROR
+SECTION QUESTION
+www.example.com. IN A
+SECTION ANSWER
+www.example.com. IN	A	11.12.13.14
+www.example.com.        3600    IN      RRSIG   A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFC6+BbFcL95vH6SOhMLGotcBospIAhUAhjfof+1VY5GsCp5b9UOD7UydBzI= ;{id = 2854}
+SECTION AUTHORITY
+SECTION ADDITIONAL
+ENTRY_END
+
+; test nonrec referral validation
+STEP 11 QUERY
+ENTRY_BEGIN
+REPLY DO
+SECTION QUESTION
+bla.example.com. IN A
+ENTRY_END
+
+STEP 12 CHECK_ANSWER
+ENTRY_BEGIN
+MATCH all
+REPLY QR RA AD DO NOERROR
+SECTION QUESTION
+bla.example.com. IN A
+SECTION ANSWER
+SECTION AUTHORITY
+example.com.	IN NS	ns.example.com.
+example.com.	IN NS	ns.example.net.
+example.com.    3600    IN      RRSIG   NS 3 2 3600 20070926135752 20070829135752 2854 example.com. MCwCFEsWNXjGDFwH/0NGClonWUQlBaiFAhR/dt0asVj8M0VKs7PdTEKN/Y9i5w== ;{id = 2854}
+SECTION ADDITIONAL
+ns.example.com.		IN 	A	1.2.3.4
+ns.example.com. 3600    IN      RRSIG   A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854}
+ENTRY_END
+
+SCENARIO_END
diff --git a/src/test/resources/unbound/val_referd.rpl b/src/test/resources/unbound/val_referd.rpl
new file mode 100644
index 000000000..d475f835e
--- /dev/null
+++ b/src/test/resources/unbound/val_referd.rpl
@@ -0,0 +1,176 @@
+; config options
+; The island of trust is at example.com
+server:
+	trust-anchor: "example.com.    3600    IN      DS      2854 3 1 46e4ffc6e9a4793b488954bd3f0cc6af0dfb201b"
+	val-override-date: "20070916134226"
+	harden-referral-path: no
+	access-control: 127.0.0.1 allow_snoop
+	target-fetch-policy: "0 0 0 0 0"
+	qname-minimisation: "no"
+	fake-sha1: yes
+	trust-anchor-signaling: no
+	minimal-responses: no
+
+stub-zone:
+	name: "."
+	stub-addr: 193.0.14.129 	# K.ROOT-SERVERS.NET.
+CONFIG_END
+
+SCENARIO_BEGIN Test validator with cache referral
+
+; K.ROOT-SERVERS.NET.
+RANGE_BEGIN 0 100
+	ADDRESS 193.0.14.129 
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+. IN NS
+SECTION ANSWER
+. IN NS	K.ROOT-SERVERS.NET.
+SECTION ADDITIONAL
+K.ROOT-SERVERS.NET.	IN	A	193.0.14.129
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+www.example.com. IN A
+SECTION AUTHORITY
+com.	IN NS	a.gtld-servers.net.
+SECTION ADDITIONAL
+a.gtld-servers.net.	IN 	A	192.5.6.30
+ENTRY_END
+RANGE_END
+
+; a.gtld-servers.net.
+RANGE_BEGIN 0 100
+	ADDRESS 192.5.6.30
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+com. IN NS
+SECTION ANSWER
+com.    IN NS   a.gtld-servers.net.
+SECTION ADDITIONAL
+a.gtld-servers.net.     IN      A       192.5.6.30
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+www.example.com. IN A
+SECTION AUTHORITY
+example.com.	IN NS	ns.example.com.
+SECTION ADDITIONAL
+ns.example.com.		IN 	A	1.2.3.4
+ENTRY_END
+RANGE_END
+
+; ns.example.com.
+RANGE_BEGIN 0 100
+	ADDRESS 1.2.3.4
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+example.com. IN NS
+SECTION ANSWER
+example.com.	IN NS	ns.example.com.
+example.com.    3600    IN      RRSIG   NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854}
+SECTION ADDITIONAL
+ns.example.com.		IN 	A	1.2.3.4
+ns.example.com. 3600    IN      RRSIG   A 3 3 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCQMyTjn7WWwpwAR1LlVeLpRgZGuQIUCcJDEkwAuzytTDRlYK7nIMwH1CM= ;{id = 2854}
+ENTRY_END
+
+; response to DNSKEY priming query
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+example.com. IN DNSKEY
+SECTION ANSWER
+example.com.    3600    IN      DNSKEY  256 3 3 ALXLUsWqUrY3JYER3T4TBJII s70j+sDS/UT2QRp61SE7S3E EXopNXoFE73JLRmvpi/UrOO/Vz4Se 6wXv/CYCKjGw06U4WRgR YXcpEhJROyNapmdIKSx hOzfLVE1gqA0PweZR8d tY3aNQSRn3sPpwJr6Mi /PqQKAMMrZ9ckJpf1+b QMOOvxgzz2U1GS18b3y ZKcgTMEaJzd/GZYzi/B N2DzQ0MsrSwYXfsNLFO Bbs8PJMW4LYIxeeOe6rUgkWOF 7CC9Dh/dduQ1QrsJhmZAEFfd6ByYV+ ;{id = 2854 (zsk), size = 1688b}
+example.com.    3600    IN      RRSIG   DNSKEY 3 2 3600 20070926134802 20070829134802 2854 example.com. MCwCFG1yhRNtTEa3Eno2zhVVuy2EJX3wAhQeLyUp6+UXcpC5qGNu9tkrTEgPUg== ;{id = 2854}
+SECTION AUTHORITY
+example.com.	IN NS	ns.example.com.
+example.com.    3600    IN      RRSIG   NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854}
+SECTION ADDITIONAL
+ns.example.com.		IN 	A	1.2.3.4
+ns.example.com. 3600    IN      RRSIG   A 3 3 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCQMyTjn7WWwpwAR1LlVeLpRgZGuQIUCcJDEkwAuzytTDRlYK7nIMwH1CM= ;{id = 2854}
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+www.example.com. IN A
+SECTION ANSWER
+www.example.com. IN A	10.20.30.40
+www.example.com.	3600	IN	RRSIG	A 3 3 3600 20070926134150 20070829134150 2854 example.com. AD8qRJvXxOtmSuy8Ogyo0roA294qOtNT2E1m05kSU0jbxN4qLYn0OmU= ;{id = 2854}
+SECTION AUTHORITY
+example.com.	IN NS	ns.example.com.
+example.com.    3600    IN      RRSIG   NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854}
+SECTION ADDITIONAL
+ns.example.com.		IN 	A	1.2.3.4
+ns.example.com. 3600    IN      RRSIG   A 3 3 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCQMyTjn7WWwpwAR1LlVeLpRgZGuQIUCcJDEkwAuzytTDRlYK7nIMwH1CM= ;{id = 2854}
+ENTRY_END
+RANGE_END
+
+; first ask for +CD and get the data in the cache.
+STEP 1 QUERY
+ENTRY_BEGIN
+REPLY RD CD
+SECTION QUESTION
+www.example.com. IN A
+ENTRY_END
+
+STEP 3 CHECK_ANSWER
+ENTRY_BEGIN
+MATCH all
+REPLY QR RD RA CD NOERROR
+SECTION QUESTION
+www.example.com. IN A
+SECTION ANSWER
+www.example.com. IN A	10.20.30.40
+SECTION AUTHORITY
+example.com.	IN NS	ns.example.com.
+SECTION ADDITIONAL
+ns.example.com.		IN 	A	1.2.3.4
+ENTRY_END
+
+; now the data is in the cache, validate a referral from cache
+; note, no recursion desired
+STEP 5 QUERY
+ENTRY_BEGIN
+REPLY DO
+SECTION QUESTION
+bla.example.com. IN A
+ENTRY_END
+
+STEP 6 CHECK_ANSWER
+ENTRY_BEGIN
+MATCH all
+REPLY QR RA AD DO NOERROR
+SECTION QUESTION
+bla.example.com. IN A
+SECTION ANSWER
+SECTION AUTHORITY
+example.com.		IN 	NS	ns.example.com.
+example.com.    3600    IN      RRSIG   NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854}
+SECTION ADDITIONAL
+ns.example.com.		IN 	A	1.2.3.4
+ns.example.com. 3600    IN      RRSIG   A 3 3 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCQMyTjn7WWwpwAR1LlVeLpRgZGuQIUCcJDEkwAuzytTDRlYK7nIMwH1CM= ;{id = 2854}
+ENTRY_END
+
+SCENARIO_END
diff --git a/src/test/resources/unbound/val_referglue.rpl b/src/test/resources/unbound/val_referglue.rpl
new file mode 100644
index 000000000..dd7e7de91
--- /dev/null
+++ b/src/test/resources/unbound/val_referglue.rpl
@@ -0,0 +1,301 @@
+; config options
+; The island of trust is at example.com
+server:
+	trust-anchor: "example.com.    3600    IN      DS      2854 3 1 46e4ffc6e9a4793b488954bd3f0cc6af0dfb201b"
+	val-override-date: "20070916134226"
+	directory: ""
+	access-control: 127.0.0.1 allow_snoop
+	target-fetch-policy: "0 0 0 0 0"
+	qname-minimisation: "no"
+	fake-sha1: yes
+	trust-anchor-signaling: no
+	minimal-responses: no
+
+stub-zone:
+	name: "."
+	stub-addr: 193.0.14.129 	# K.ROOT-SERVERS.NET.
+CONFIG_END
+
+SCENARIO_BEGIN Test validator with cache referral with unsigned glue
+
+; K.ROOT-SERVERS.NET.
+RANGE_BEGIN 0 100
+	ADDRESS 193.0.14.129 
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+. IN NS
+SECTION ANSWER
+. IN NS	K.ROOT-SERVERS.NET.
+SECTION ADDITIONAL
+K.ROOT-SERVERS.NET.	IN	A	193.0.14.129
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+www.example.com. IN A
+SECTION AUTHORITY
+com.	IN NS	a.gtld-servers.net.
+SECTION ADDITIONAL
+a.gtld-servers.net.	IN 	A	192.5.6.30
+ENTRY_END
+RANGE_END
+
+; a.gtld-servers.net.
+RANGE_BEGIN 0 100
+	ADDRESS 192.5.6.30
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+com. IN NS
+SECTION ANSWER
+com.    IN NS   a.gtld-servers.net.
+SECTION ADDITIONAL
+a.gtld-servers.net.     IN      A       192.5.6.30
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+www.example.com. IN A
+SECTION AUTHORITY
+example.com.	IN NS	ns.example.com.
+SECTION ADDITIONAL
+ns.example.com.		IN 	A	1.2.3.4
+ENTRY_END
+RANGE_END
+
+; ns.example.com.
+RANGE_BEGIN 0 100
+	ADDRESS 1.2.3.4
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+example.com. IN NS
+SECTION ANSWER
+example.com.	IN NS	ns.example.com.
+example.com.	IN NS	ns2.sub.example.com.
+example.com.    3600    IN      RRSIG   NS DSA 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCiyp/3hxwKS5QZPnjk36t16s4QTwIUI0m+MBVOAPacANrXXFKieyZd39o= ;{id = 2854}
+SECTION ADDITIONAL
+ns.example.com.		IN 	A	1.2.3.4
+ns.example.com. 3600    IN      RRSIG   A 3 3 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCQMyTjn7WWwpwAR1LlVeLpRgZGuQIUCcJDEkwAuzytTDRlYK7nIMwH1CM= ;{id = 2854}
+ns2.sub.example.com.	IN 	A 	100.200.30.40
+ENTRY_END
+
+; referral, for all types
+ENTRY_BEGIN
+MATCH opcode qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+ns2.sub.example.com. IN A
+SECTION AUTHORITY
+sub.example.com. IN NS ns2.sub.example.com.
+sub.example.com. IN NSEC tlib.example.com. NS RRSIG NSEC
+sub.example.com.	3600	IN	RRSIG	NSEC 3 3 3600 20070926134150 20070829134150 2854 example.com. ABdrfr+eKT1syk2qFlV01wLOqQdvNMpEtPmGAM6CrtyQAje/ddXSi9A= ;{id = 2854}
+ns2.sub.example.com.    IN      A       100.200.30.40
+ENTRY_END
+
+; response to DNSKEY priming query
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+example.com. IN DNSKEY
+SECTION ANSWER
+example.com.    3600    IN      DNSKEY  256 3 3 ALXLUsWqUrY3JYER3T4TBJII s70j+sDS/UT2QRp61SE7S3E EXopNXoFE73JLRmvpi/UrOO/Vz4Se 6wXv/CYCKjGw06U4WRgR YXcpEhJROyNapmdIKSx hOzfLVE1gqA0PweZR8d tY3aNQSRn3sPpwJr6Mi /PqQKAMMrZ9ckJpf1+b QMOOvxgzz2U1GS18b3y ZKcgTMEaJzd/GZYzi/B N2DzQ0MsrSwYXfsNLFO Bbs8PJMW4LYIxeeOe6rUgkWOF 7CC9Dh/dduQ1QrsJhmZAEFfd6ByYV+ ;{id = 2854 (zsk), size = 1688b}
+example.com.    3600    IN      RRSIG   DNSKEY 3 2 3600 20070926134802 20070829134802 2854 example.com. MCwCFG1yhRNtTEa3Eno2zhVVuy2EJX3wAhQeLyUp6+UXcpC5qGNu9tkrTEgPUg== ;{id = 2854}
+SECTION AUTHORITY
+example.com.	IN NS	ns.example.com.
+example.com.	IN NS	ns2.sub.example.com.
+example.com.    3600    IN      RRSIG   NS DSA 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCiyp/3hxwKS5QZPnjk36t16s4QTwIUI0m+MBVOAPacANrXXFKieyZd39o= ;{id = 2854}
+SECTION ADDITIONAL
+ns.example.com.		IN 	A	1.2.3.4
+ns.example.com. 3600    IN      RRSIG   A 3 3 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCQMyTjn7WWwpwAR1LlVeLpRgZGuQIUCcJDEkwAuzytTDRlYK7nIMwH1CM= ;{id = 2854}
+ns2.sub.example.com.	IN 	A 	100.200.30.40
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+www.example.com. IN A
+SECTION ANSWER
+www.example.com. IN A	10.20.30.40
+www.example.com.        3600    IN      RRSIG   A 3 3 3600 20070926134150 20070829134150 2854 example.com. MC0CFC99iE9K5y2WNgI0gFvBWaTi9wm6AhUAoUqOpDtG5Zct+Qr9F3mSdnbc6V4= ;{id = 2854}
+SECTION AUTHORITY
+example.com.	IN NS	ns.example.com.
+example.com.	IN NS	ns2.sub.example.com.
+example.com.    3600    IN      RRSIG   NS DSA 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCiyp/3hxwKS5QZPnjk36t16s4QTwIUI0m+MBVOAPacANrXXFKieyZd39o= ;{id = 2854}
+SECTION ADDITIONAL
+ns.example.com.		IN 	A	1.2.3.4
+ns.example.com. 3600    IN      RRSIG   A 3 3 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCQMyTjn7WWwpwAR1LlVeLpRgZGuQIUCcJDEkwAuzytTDRlYK7nIMwH1CM= ;{id = 2854}
+; This is from an unsigned subzone
+ns2.sub.example.com.	IN 	A 	100.200.30.40
+ENTRY_END
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+sub.example.com. IN DS
+SECTION ANSWER
+SECTION AUTHORITY
+sub.example.com. IN NSEC	www.example.com. NS RRSIG NSEC
+sub.example.com.        3600    IN      RRSIG   NSEC 3 3 3600 20070926134150 20070829134150 2854 example.com. MCwCFEG4WWIYBDknWlr2d8S42UZHRuByAhRgnDELUAccGZTCVzG+xl/locivpA== ;{id = 2854}
+ENTRY_END
+RANGE_END
+
+; ns2.sub.example.com.
+RANGE_BEGIN 0 100
+	ADDRESS 100.200.30.40
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+example.com. IN NS
+SECTION ANSWER
+example.com.	IN NS	ns.example.com.
+example.com.	IN NS	ns2.sub.example.com.
+example.com.    3600    IN      RRSIG   NS DSA 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCiyp/3hxwKS5QZPnjk36t16s4QTwIUI0m+MBVOAPacANrXXFKieyZd39o= ;{id = 2854}
+SECTION ADDITIONAL
+ns.example.com.		IN 	A	1.2.3.4
+ns.example.com. 3600    IN      RRSIG   A 3 3 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCQMyTjn7WWwpwAR1LlVeLpRgZGuQIUCcJDEkwAuzytTDRlYK7nIMwH1CM= ;{id = 2854}
+ENTRY_END
+
+; response to DNSKEY priming query
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+example.com. IN DNSKEY
+SECTION ANSWER
+example.com.    3600    IN      DNSKEY  256 3 3 ALXLUsWqUrY3JYER3T4TBJII s70j+sDS/UT2QRp61SE7S3E EXopNXoFE73JLRmvpi/UrOO/Vz4Se 6wXv/CYCKjGw06U4WRgR YXcpEhJROyNapmdIKSx hOzfLVE1gqA0PweZR8d tY3aNQSRn3sPpwJr6Mi /PqQKAMMrZ9ckJpf1+b QMOOvxgzz2U1GS18b3y ZKcgTMEaJzd/GZYzi/B N2DzQ0MsrSwYXfsNLFO Bbs8PJMW4LYIxeeOe6rUgkWOF 7CC9Dh/dduQ1QrsJhmZAEFfd6ByYV+ ;{id = 2854 (zsk), size = 1688b}
+example.com.    3600    IN      RRSIG   DNSKEY 3 2 3600 20070926134802 20070829134802 2854 example.com. MCwCFG1yhRNtTEa3Eno2zhVVuy2EJX3wAhQeLyUp6+UXcpC5qGNu9tkrTEgPUg== ;{id = 2854}
+SECTION AUTHORITY
+example.com.	IN NS	ns.example.com.
+example.com.	IN NS	ns2.sub.example.com.
+example.com.    3600    IN      RRSIG   NS DSA 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCiyp/3hxwKS5QZPnjk36t16s4QTwIUI0m+MBVOAPacANrXXFKieyZd39o= ;{id = 2854}
+SECTION ADDITIONAL
+ns.example.com.		IN 	A	1.2.3.4
+ns.example.com. 3600    IN      RRSIG   A 3 3 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCQMyTjn7WWwpwAR1LlVeLpRgZGuQIUCcJDEkwAuzytTDRlYK7nIMwH1CM= ;{id = 2854}
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+www.example.com. IN A
+SECTION ANSWER
+www.example.com. IN A	10.20.30.40
+www.example.com.        3600    IN      RRSIG   A 3 3 3600 20070926134150 20070829134150 2854 example.com. MC0CFC99iE9K5y2WNgI0gFvBWaTi9wm6AhUAoUqOpDtG5Zct+Qr9F3mSdnbc6V4= ;{id = 2854}
+SECTION AUTHORITY
+example.com.	IN NS	ns.example.com.
+example.com.	IN NS	ns2.sub.example.com.
+example.com.    3600    IN      RRSIG   NS DSA 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCiyp/3hxwKS5QZPnjk36t16s4QTwIUI0m+MBVOAPacANrXXFKieyZd39o= ;{id = 2854}
+SECTION ADDITIONAL
+ns.example.com.		IN 	A	1.2.3.4
+ns.example.com. 3600    IN      RRSIG   A 3 3 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCQMyTjn7WWwpwAR1LlVeLpRgZGuQIUCcJDEkwAuzytTDRlYK7nIMwH1CM= ;{id = 2854}
+; This is from an unsigned subzone
+ns2.sub.example.com.	IN 	A 	100.200.30.40
+ENTRY_END
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+sub.example.com. IN DS
+SECTION ANSWER
+SECTION AUTHORITY
+sub.example.com. IN NSEC	www.example.com. NS RRSIG NSEC
+sub.example.com.        3600    IN      RRSIG   NSEC 3 3 3600 20070926134150 20070829134150 2854 example.com. MCwCFEG4WWIYBDknWlr2d8S42UZHRuByAhRgnDELUAccGZTCVzG+xl/locivpA== ;{id = 2854}
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode qname qtype
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+ns2.sub.example.com. IN A
+SECTION ANSWER
+ns2.sub.example.com.    IN      A       100.200.30.40
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode qname qtype
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+ns2.sub.example.com. IN AAAA
+SECTION ANSWER
+ENTRY_END
+
+RANGE_END
+
+; first ask for +CD and get the data in the cache.
+STEP 1 QUERY
+ENTRY_BEGIN
+REPLY RD CD
+SECTION QUESTION
+www.example.com. IN A
+ENTRY_END
+
+STEP 3 CHECK_ANSWER
+ENTRY_BEGIN
+MATCH all
+REPLY QR RD RA CD NOERROR
+SECTION QUESTION
+www.example.com. IN A
+SECTION ANSWER
+www.example.com. IN A	10.20.30.40
+SECTION AUTHORITY
+example.com.	IN NS	ns.example.com.
+example.com.	IN NS	ns2.sub.example.com.
+SECTION ADDITIONAL
+ns.example.com.		IN 	A	1.2.3.4
+; already validated and thus stripped from the answer.
+;ns2.sub.example.com.	IN 	A 	100.200.30.40
+ENTRY_END
+
+; now the data is in the cache, validate a referral from cache
+; note, no recursion desired
+STEP 5 QUERY
+ENTRY_BEGIN
+REPLY DO
+SECTION QUESTION
+bla.example.com. IN A
+ENTRY_END
+
+STEP 6 CHECK_ANSWER
+ENTRY_BEGIN
+MATCH all
+REPLY QR RA AD DO NOERROR
+SECTION QUESTION
+bla.example.com. IN A
+SECTION ANSWER
+SECTION AUTHORITY
+example.com.	3600 IN NS	ns.example.com.
+example.com.	3600 IN NS	ns2.sub.example.com.
+example.com.    3600    IN      RRSIG   NS DSA 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCiyp/3hxwKS5QZPnjk36t16s4QTwIUI0m+MBVOAPacANrXXFKieyZd39o= ;{id = 2854}
+SECTION ADDITIONAL
+ns.example.com.		IN 	A	1.2.3.4
+ns.example.com. 3600    IN      RRSIG   A 3 3 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCQMyTjn7WWwpwAR1LlVeLpRgZGuQIUCcJDEkwAuzytTDRlYK7nIMwH1CM= ;{id = 2854}
+ENTRY_END
+
+SCENARIO_END
diff --git a/src/test/resources/unbound/val_rrsig.rpl b/src/test/resources/unbound/val_rrsig.rpl
new file mode 100644
index 000000000..0b672e0f2
--- /dev/null
+++ b/src/test/resources/unbound/val_rrsig.rpl
@@ -0,0 +1,170 @@
+; config options
+; The island of trust is at example.com
+server:
+	trust-anchor: "example.com.    3600    IN      DS      2854 3 1 46e4ffc6e9a4793b488954bd3f0cc6af0dfb201b"
+	val-override-date: "20070916134226"
+	target-fetch-policy: "0 0 0 0 0"
+	qname-minimisation: "no"
+	fake-sha1: yes
+	minimal-responses: no
+
+stub-zone:
+	name: "."
+	stub-addr: 193.0.14.129 	# K.ROOT-SERVERS.NET.
+CONFIG_END
+
+SCENARIO_BEGIN Test validator with qtype RRSIG response
+
+; K.ROOT-SERVERS.NET.
+RANGE_BEGIN 0 100
+	ADDRESS 193.0.14.129 
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+. IN NS
+SECTION ANSWER
+. IN NS	K.ROOT-SERVERS.NET.
+SECTION ADDITIONAL
+K.ROOT-SERVERS.NET.	IN	A	193.0.14.129
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode subdomain
+ADJUST copy_id copy_query
+REPLY QR NOERROR
+SECTION QUESTION
+example.com. IN A
+SECTION AUTHORITY
+com.	IN NS	a.gtld-servers.net.
+SECTION ADDITIONAL
+a.gtld-servers.net.	IN 	A	192.5.6.30
+ENTRY_END
+RANGE_END
+
+; a.gtld-servers.net.
+RANGE_BEGIN 0 100
+	ADDRESS 192.5.6.30
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+com. IN NS
+SECTION ANSWER
+com.    IN NS   a.gtld-servers.net.
+SECTION ADDITIONAL
+a.gtld-servers.net.     IN      A       192.5.6.30
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode subdomain
+ADJUST copy_id copy_query
+REPLY QR NOERROR
+SECTION QUESTION
+example.com. IN A
+SECTION AUTHORITY
+example.com.	IN NS	ns.example.com.
+SECTION ADDITIONAL
+ns.example.com.		IN 	A	1.2.3.4
+ENTRY_END
+RANGE_END
+
+; ns.example.com.
+RANGE_BEGIN 0 100
+	ADDRESS 1.2.3.4
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+example.com. IN NS
+SECTION ANSWER
+example.com.    IN NS   ns.example.com.
+example.com.    3600    IN      RRSIG   NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854}
+SECTION ADDITIONAL
+ns.example.com.         IN      A       1.2.3.4
+ns.example.com. 3600    IN      RRSIG   A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854}
+ENTRY_END
+
+; response to DNSKEY priming query
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+example.com. IN DNSKEY
+SECTION ANSWER
+example.com.    3600    IN      DNSKEY  256 3 3 ALXLUsWqUrY3JYER3T4TBJII s70j+sDS/UT2QRp61SE7S3E EXopNXoFE73JLRmvpi/UrOO/Vz4Se 6wXv/CYCKjGw06U4WRgR YXcpEhJROyNapmdIKSx hOzfLVE1gqA0PweZR8d tY3aNQSRn3sPpwJr6Mi /PqQKAMMrZ9ckJpf1+b QMOOvxgzz2U1GS18b3y ZKcgTMEaJzd/GZYzi/B N2DzQ0MsrSwYXfsNLFO Bbs8PJMW4LYIxeeOe6rUgkWOF 7CC9Dh/dduQ1QrsJhmZAEFfd6ByYV+ ;{id = 2854 (zsk), size = 1688b}
+example.com.    3600    IN      RRSIG   DNSKEY 3 2 3600 20070926134802 20070829134802 2854 example.com. MCwCFG1yhRNtTEa3Eno2zhVVuy2EJX3wAhQeLyUp6+UXcpC5qGNu9tkrTEgPUg== ;{id = 2854}
+SECTION AUTHORITY
+example.com.	IN NS	ns.example.com.
+example.com.    3600    IN      RRSIG   NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854}
+SECTION ADDITIONAL
+ns.example.com.		IN 	A	1.2.3.4
+ns.example.com. 3600    IN      RRSIG   A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854}
+ENTRY_END
+
+; response to query for A
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+www.example.com. IN A
+SECTION ANSWER
+www.example.com. IN A	10.20.30.40
+ns.example.com. 3600    IN      RRSIG   A 3 3 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCQMyTjn7WWwpwAR1LlVeLpRgZGuQIUCcJDEkwAuzytTDRlYK7nIMwH1CM= ;{id = 2854}
+SECTION AUTHORITY
+example.com.	IN NS	ns.example.com.
+example.com.    3600    IN      RRSIG   NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854}
+SECTION ADDITIONAL
+ns.example.com.		IN 	A	1.2.3.4
+www.example.com.        3600    IN      RRSIG   A 3 3 3600 20070926134150 20070829134150 2854 example.com. MC0CFC99iE9K5y2WNgI0gFvBWaTi9wm6AhUAoUqOpDtG5Zct+Qr9F3mSdnbc6V4= ;{id = 2854}
+ENTRY_END
+
+; RRSIG query
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+www.example.com. IN RRSIG
+SECTION ANSWER
+;www.example.com. IN A	10.20.30.40
+www.example.com.        3600    IN      RRSIG   A 3 3 3600 20070926134150 20070829134150 2854 example.com. MC0CFC99iE9K5y2WNgI0gFvBWaTi9wm6AhUAoUqOpDtG5Zct+Qr9F3mSdnbc6V4= ;{id = 2854}
+SECTION AUTHORITY
+example.com.	IN NS	ns.example.com.
+example.com.    3600    IN      RRSIG   NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854}
+SECTION ADDITIONAL
+ns.example.com.		IN 	A	1.2.3.4
+ns.example.com. 3600    IN      RRSIG   A 3 3 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCQMyTjn7WWwpwAR1LlVeLpRgZGuQIUCcJDEkwAuzytTDRlYK7nIMwH1CM= ;{id = 2854}
+ENTRY_END
+RANGE_END
+
+STEP 1 QUERY
+ENTRY_BEGIN
+REPLY RD DO
+SECTION QUESTION
+www.example.com. IN RRSIG
+ENTRY_END
+
+; recursion happens here.
+STEP 10 CHECK_ANSWER
+ENTRY_BEGIN
+MATCH all
+REPLY QR RD RA DO NOERROR
+SECTION QUESTION
+www.example.com. IN RRSIG
+SECTION ANSWER
+www.example.com.        3600    IN      RRSIG   A 3 3 3600 20070926134150 20070829134150 2854 example.com. MC0CFC99iE9K5y2WNgI0gFvBWaTi9wm6AhUAoUqOpDtG5Zct+Qr9F3mSdnbc6V4= ;{id = 2854}
+SECTION AUTHORITY
+example.com.	IN NS	ns.example.com.
+example.com.    3600    IN      RRSIG   NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854}
+SECTION ADDITIONAL
+ns.example.com.		IN 	A	1.2.3.4
+ns.example.com. 3600    IN      RRSIG   A 3 3 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCQMyTjn7WWwpwAR1LlVeLpRgZGuQIUCcJDEkwAuzytTDRlYK7nIMwH1CM= ;{id = 2854}
+ENTRY_END
+
+SCENARIO_END
diff --git a/src/test/resources/unbound/val_secds.rpl b/src/test/resources/unbound/val_secds.rpl
new file mode 100644
index 000000000..02a4d9280
--- /dev/null
+++ b/src/test/resources/unbound/val_secds.rpl
@@ -0,0 +1,215 @@
+; config options
+; The island of trust is at example.com
+server:
+	trust-anchor: "example.com.    3600    IN      DS      2854 3 1 46e4ffc6e9a4793b488954bd3f0cc6af0dfb201b"
+	val-override-date: "20070916134226"
+	target-fetch-policy: "0 0 0 0 0"
+	qname-minimisation: "no"
+	fake-sha1: yes
+	val-min-rsa-size: 512
+	trust-anchor-signaling: no
+
+stub-zone:
+	name: "."
+	stub-addr: 193.0.14.129 	# K.ROOT-SERVERS.NET.
+CONFIG_END
+
+SCENARIO_BEGIN Test validator with secure delegation
+
+; K.ROOT-SERVERS.NET.
+RANGE_BEGIN 0 100
+	ADDRESS 193.0.14.129
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+. IN NS
+SECTION ANSWER
+. IN NS	K.ROOT-SERVERS.NET.
+SECTION ADDITIONAL
+K.ROOT-SERVERS.NET.	IN	A	193.0.14.129
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+www.sub.example.com. IN A
+SECTION AUTHORITY
+com.	IN NS	a.gtld-servers.net.
+SECTION ADDITIONAL
+a.gtld-servers.net.	IN 	A	192.5.6.30
+ENTRY_END
+RANGE_END
+
+; a.gtld-servers.net.
+RANGE_BEGIN 0 100
+	ADDRESS 192.5.6.30
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+com. IN NS
+SECTION ANSWER
+com.    IN NS   a.gtld-servers.net.
+SECTION ADDITIONAL
+a.gtld-servers.net.     IN      A       192.5.6.30
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+www.sub.example.com. IN A
+SECTION AUTHORITY
+example.com.	IN NS	ns.example.com.
+SECTION ADDITIONAL
+ns.example.com.		IN 	A	1.2.3.4
+ENTRY_END
+RANGE_END
+
+; ns.example.com.
+RANGE_BEGIN 0 100
+	ADDRESS 1.2.3.4
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+example.com. IN NS
+SECTION ANSWER
+example.com.    IN NS   ns.example.com.
+example.com.    3600    IN      RRSIG   NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854}
+SECTION ADDITIONAL
+ns.example.com.         IN      A       1.2.3.4
+ns.example.com. 3600    IN      RRSIG   A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854}
+ENTRY_END
+
+; response to DNSKEY priming query
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+example.com. IN DNSKEY
+SECTION ANSWER
+example.com.    3600    IN      DNSKEY  256 3 3 ALXLUsWqUrY3JYER3T4TBJII s70j+sDS/UT2QRp61SE7S3E EXopNXoFE73JLRmvpi/UrOO/Vz4Se 6wXv/CYCKjGw06U4WRgR YXcpEhJROyNapmdIKSx hOzfLVE1gqA0PweZR8d tY3aNQSRn3sPpwJr6Mi /PqQKAMMrZ9ckJpf1+b QMOOvxgzz2U1GS18b3y ZKcgTMEaJzd/GZYzi/B N2DzQ0MsrSwYXfsNLFO Bbs8PJMW4LYIxeeOe6rUgkWOF 7CC9Dh/dduQ1QrsJhmZAEFfd6ByYV+ ;{id = 2854 (zsk), size = 1688b}
+example.com. 3600    IN      RRSIG   DNSKEY DSA 2 3600 20070926134150 20070829134150 2854 example.com. MCwCFBQRtlR4BEv9ohi+PGFjp+AHsJuHAhRCvz0shggvnvI88DFnBDCczHUcVA== ;{id = 2854}
+SECTION AUTHORITY
+example.com.	IN NS	ns.example.com.
+example.com.    3600    IN      RRSIG   NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854}
+SECTION ADDITIONAL
+ns.example.com.		IN 	A	1.2.3.4
+ns.example.com. 3600    IN      RRSIG   A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854}
+ENTRY_END
+
+; response for delegation to sub.example.com.
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+www.sub.example.com. IN A
+SECTION ANSWER
+SECTION AUTHORITY
+sub.example.com. IN	NS ns.sub.example.com.
+sub.example.com.        3600    IN      DS      30899 RSASHA1 1 f7ed618f24d5e5202927e1d27bc2e84a141cb4b3
+sub.example.com.        3600    IN      RRSIG   DS 3 3 3600 20070926134150 20070829134150 2854 example.com. MCwCFCW3ix0GD4BSvNLWIbROCJt5DAW9AhRt/kg9kBKJ20UBUdumrBUHqnskdA== ;{id = 2854}
+SECTION ADDITIONAL
+ns.sub.example.com. IN A 1.2.3.6
+ENTRY_END
+
+; response for delegation to sub.example.com.
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+sub.example.com. IN DNSKEY
+SECTION ANSWER
+SECTION AUTHORITY
+sub.example.com. IN	NS ns.sub.example.com.
+sub.example.com.        3600    IN      DS      30899 RSASHA1 1 f7ed618f24d5e5202927e1d27bc2e84a141cb4b3
+sub.example.com.        3600    IN      RRSIG   DS 3 3 3600 20070926134150 20070829134150 2854 example.com. MCwCFCW3ix0GD4BSvNLWIbROCJt5DAW9AhRt/kg9kBKJ20UBUdumrBUHqnskdA== ;{id = 2854}
+SECTION ADDITIONAL
+ns.sub.example.com. IN A 1.2.3.6
+ENTRY_END
+RANGE_END
+
+; ns.sub.example.com.
+RANGE_BEGIN 0 100
+	ADDRESS 1.2.3.6
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+sub.example.com. IN NS
+SECTION ANSWER
+sub.example.com. IN	NS ns.sub.example.com.
+sub.example.com.        3600    IN      RRSIG   NS 5 3 3600 20070926134150 20070829134150 30899 sub.example.com. wcpHeBILHfo8C9uxMhcW03gcURZeUffiKdSTb50ZjzTHgMNhRyMfpcvSpXEd9548A9UTmWKeLZChfr5Z/glONw== ;{id = 30899}
+SECTION ADDITIONAL
+ns.sub.example.com. IN A 1.2.3.6
+ns.sub.example.com.     3600    IN      RRSIG   A 5 4 3600 20070926134150 20070829134150 30899 sub.example.com. UF7shD/gt1FOp2UHgLTNbPzVykklSXFMEtJ1xD+Hholwf/PIzd7zoaIttIYibNa4fUXCqMg22H9P7MRhfmFe6g== ;{id = 30899}
+ENTRY_END
+
+; response to DNSKEY priming query
+; sub.example.com.        3600    IN      DS      30899 RSASHA1 1 f7ed618f24d5e5202927e1d27bc2e84a141cb4b3
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+sub.example.com. IN DNSKEY
+SECTION ANSWER
+sub.example.com.        3600    IN      DNSKEY  256 3 5 AQPQ41chR9DEHt/aIzIFAqanbDlRflJoRs5yz1jFsoRIT7dWf0r+PeDuewdxkszNH6wnU4QL8pfKFRh5PIYVBLK3 ;{id = 30899 (zsk), size = 512b}
+sub.example.com.        3600    IN      RRSIG   DNSKEY 5 3 3600 20070926134150 20070829134150 30899 sub.example.com. uNGp99iznjD7oOX02XnQbDnbg75UwBHRvZSKYUorTKvPUnCWMHKdRsQ+mf+Fx3GZ+Fz9BVjoCmQqpnfgXLEYqw== ;{id = 30899}
+SECTION AUTHORITY
+sub.example.com. IN	NS ns.sub.example.com.
+sub.example.com.        3600    IN      RRSIG   NS 5 3 3600 20070926134150 20070829134150 30899 sub.example.com. wcpHeBILHfo8C9uxMhcW03gcURZeUffiKdSTb50ZjzTHgMNhRyMfpcvSpXEd9548A9UTmWKeLZChfr5Z/glONw== ;{id = 30899}
+SECTION ADDITIONAL
+ns.sub.example.com. IN A 1.2.3.6
+ns.sub.example.com.     3600    IN      RRSIG   A 5 4 3600 20070926134150 20070829134150 30899 sub.example.com. UF7shD/gt1FOp2UHgLTNbPzVykklSXFMEtJ1xD+Hholwf/PIzd7zoaIttIYibNa4fUXCqMg22H9P7MRhfmFe6g== ;{id = 30899}
+ENTRY_END
+
+; response to query of interest
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+www.sub.example.com. IN A
+SECTION ANSWER
+www.sub.example.com. IN A	11.11.11.11
+www.sub.example.com.    3600    IN      RRSIG   A 5 4 3600 20070926134150 20070829134150 30899 sub.example.com. 0DqqRfRtm7VSEQ4mmBbzrKRqQAay3JAE8DPDGmjtokrrjN9F1G/HxozDV7bjdIh2EChlQea8FPwf/GepJMUVxg== ;{id = 30899}
+SECTION AUTHORITY
+SECTION ADDITIONAL
+ENTRY_END
+RANGE_END
+
+STEP 1 QUERY
+ENTRY_BEGIN
+REPLY RD DO
+SECTION QUESTION
+www.sub.example.com. IN A
+ENTRY_END
+
+; recursion happens here.
+STEP 10 CHECK_ANSWER
+ENTRY_BEGIN
+MATCH all
+REPLY QR RD RA AD DO NOERROR
+SECTION QUESTION
+www.sub.example.com. IN A
+SECTION ANSWER
+www.sub.example.com. 	3600	IN	A	11.11.11.11
+www.sub.example.com.    3600    IN      RRSIG   A 5 4 3600 20070926134150 20070829134150 30899 sub.example.com. 0DqqRfRtm7VSEQ4mmBbzrKRqQAay3JAE8DPDGmjtokrrjN9F1G/HxozDV7bjdIh2EChlQea8FPwf/GepJMUVxg== ;{id = 30899}
+SECTION AUTHORITY
+SECTION ADDITIONAL
+ENTRY_END
+
+SCENARIO_END
diff --git a/src/test/resources/unbound/val_secds_nosig.rpl b/src/test/resources/unbound/val_secds_nosig.rpl
new file mode 100644
index 000000000..1d652a802
--- /dev/null
+++ b/src/test/resources/unbound/val_secds_nosig.rpl
@@ -0,0 +1,233 @@
+; config options
+; The island of trust is at example.com
+server:
+	trust-anchor: "example.com.    3600    IN      DS      2854 3 1 46e4ffc6e9a4793b488954bd3f0cc6af0dfb201b"
+	val-override-date: "20070916134226"
+	target-fetch-policy: "0 0 0 0 0"
+	fake-sha1: yes
+	val-min-rsa-size: 512
+	trust-anchor-signaling: no
+
+stub-zone:
+	name: "."
+	stub-addr: 193.0.14.129 	# K.ROOT-SERVERS.NET.
+CONFIG_END
+
+SCENARIO_BEGIN Test validator with no signatures after secure delegation
+
+; K.ROOT-SERVERS.NET.
+RANGE_BEGIN 0 100
+	ADDRESS 193.0.14.129
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+. IN NS
+SECTION ANSWER
+. IN NS	K.ROOT-SERVERS.NET.
+SECTION ADDITIONAL
+K.ROOT-SERVERS.NET.	IN	A	193.0.14.129
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode subdomain
+ADJUST copy_id copy_query
+REPLY QR NOERROR
+SECTION QUESTION
+com. IN A
+SECTION AUTHORITY
+com.	IN NS	a.gtld-servers.net.
+SECTION ADDITIONAL
+a.gtld-servers.net.	IN 	A	192.5.6.30
+ENTRY_END
+RANGE_END
+
+; a.gtld-servers.net.
+RANGE_BEGIN 0 100
+	ADDRESS 192.5.6.30
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+com. IN NS
+SECTION ANSWER
+com.    IN NS   a.gtld-servers.net.
+SECTION ADDITIONAL
+a.gtld-servers.net.     IN      A       192.5.6.30
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode subdomain
+ADJUST copy_id copy_query
+REPLY QR NOERROR
+SECTION QUESTION
+example.com. IN A
+SECTION AUTHORITY
+example.com.	IN NS	ns.example.com.
+SECTION ADDITIONAL
+ns.example.com.		IN 	A	1.2.3.4
+ENTRY_END
+RANGE_END
+
+; ns.example.com.
+RANGE_BEGIN 0 100
+	ADDRESS 1.2.3.4
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+example.com. IN NS
+SECTION ANSWER
+example.com.    IN NS   ns.example.com.
+example.com.    3600    IN      RRSIG   NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854}
+SECTION ADDITIONAL
+ns.example.com.         IN      A       1.2.3.4
+ns.example.com. 3600    IN      RRSIG   A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854}
+ENTRY_END
+
+; barely valid nodata for AAAA
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+ns.example.com. IN AAAA
+SECTION ANSWER
+SECTION AUTHORITY
+example.com.    IN NS   ns.example.com.
+example.com.    3600    IN      RRSIG   NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854}
+ENTRY_END
+
+; response to DNSKEY priming query
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+example.com. IN DNSKEY
+SECTION ANSWER
+example.com.    3600    IN      DNSKEY  256 3 3 ALXLUsWqUrY3JYER3T4TBJII s70j+sDS/UT2QRp61SE7S3E EXopNXoFE73JLRmvpi/UrOO/Vz4Se 6wXv/CYCKjGw06U4WRgR YXcpEhJROyNapmdIKSx hOzfLVE1gqA0PweZR8d tY3aNQSRn3sPpwJr6Mi /PqQKAMMrZ9ckJpf1+b QMOOvxgzz2U1GS18b3y ZKcgTMEaJzd/GZYzi/B N2DzQ0MsrSwYXfsNLFO Bbs8PJMW4LYIxeeOe6rUgkWOF 7CC9Dh/dduQ1QrsJhmZAEFfd6ByYV+ ;{id = 2854 (zsk), size = 1688b}
+example.com. 3600    IN      RRSIG   DNSKEY DSA 2 3600 20070926134150 20070829134150 2854 example.com. MCwCFBQRtlR4BEv9ohi+PGFjp+AHsJuHAhRCvz0shggvnvI88DFnBDCczHUcVA== ;{id = 2854}
+SECTION AUTHORITY
+example.com.	IN NS	ns.example.com.
+example.com.    3600    IN      RRSIG   NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854}
+SECTION ADDITIONAL
+ns.example.com.		IN 	A	1.2.3.4
+ns.example.com. 3600    IN      RRSIG   A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854}
+ENTRY_END
+
+; response for delegation to sub.example.com.
+ENTRY_BEGIN
+MATCH opcode subdomain
+ADJUST copy_id copy_query
+REPLY QR NOERROR
+SECTION QUESTION
+sub.example.com. IN A
+SECTION ANSWER
+SECTION AUTHORITY
+sub.example.com. IN	NS ns.sub.example.com.
+sub.example.com.        3600    IN      DS      30899 RSASHA1 1 f7ed618f24d5e5202927e1d27bc2e84a141cb4b3
+sub.example.com.        3600    IN      RRSIG   DS 3 3 3600 20070926134150 20070829134150 2854 example.com. MCwCFCW3ix0GD4BSvNLWIbROCJt5DAW9AhRt/kg9kBKJ20UBUdumrBUHqnskdA== ;{id = 2854}
+SECTION ADDITIONAL
+ns.sub.example.com. IN A 1.2.3.6
+ENTRY_END
+
+RANGE_END
+
+; ns.sub.example.com.
+RANGE_BEGIN 0 100
+	ADDRESS 1.2.3.6
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+sub.example.com. IN NS
+SECTION ANSWER
+sub.example.com. IN	NS ns.sub.example.com.
+;sub.example.com.        3600    IN      RRSIG   NS 5 3 3600 20070926134150 20070829134150 30899 sub.example.com. wcpHeBILHfo8C9uxMhcW03gcURZeUffiKdSTb50ZjzTHgMNhRyMfpcvSpXEd9548A9UTmWKeLZChfr5Z/glONw== ;{id = 30899}
+SECTION ADDITIONAL
+ns.sub.example.com. IN A 1.2.3.6
+;ns.sub.example.com.     3600    IN      RRSIG   A 5 4 3600 20070926134150 20070829134150 30899 sub.example.com. UF7shD/gt1FOp2UHgLTNbPzVykklSXFMEtJ1xD+Hholwf/PIzd7zoaIttIYibNa4fUXCqMg22H9P7MRhfmFe6g== ;{id = 30899}
+ENTRY_END
+
+; barely valid nodata for AAAA
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+ns.sub.example.com. IN AAAA
+SECTION AUTHORITY
+sub.example.com. IN	NS ns.sub.example.com.
+;sub.example.com.        3600    IN      RRSIG   NS 5 3 3600 20070926134150 20070829134150 30899 sub.example.com. wcpHeBILHfo8C9uxMhcW03gcURZeUffiKdSTb50ZjzTHgMNhRyMfpcvSpXEd9548A9UTmWKeLZChfr5Z/glONw== ;{id = 30899}
+SECTION ADDITIONAL
+ns.sub.example.com. IN A 1.2.3.6
+;ns.sub.example.com.     3600    IN      RRSIG   A 5 4 3600 20070926134150 20070829134150 30899 sub.example.com. UF7shD/gt1FOp2UHgLTNbPzVykklSXFMEtJ1xD+Hholwf/PIzd7zoaIttIYibNa4fUXCqMg22H9P7MRhfmFe6g== ;{id = 30899}
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+ns.sub.example.com. IN A
+SECTION ANSWER
+ns.sub.example.com. IN A 1.2.3.6
+;ns.sub.example.com.     3600    IN      RRSIG   A 5 4 3600 20070926134150 20070829134150 30899 sub.example.com. UF7shD/gt1FOp2UHgLTNbPzVykklSXFMEtJ1xD+Hholwf/PIzd7zoaIttIYibNa4fUXCqMg22H9P7MRhfmFe6g== ;{id = 30899}
+ENTRY_END
+
+; response to DNSKEY priming query
+; sub.example.com.        3600    IN      DS      30899 RSASHA1 1 f7ed618f24d5e5202927e1d27bc2e84a141cb4b3
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+sub.example.com. IN DNSKEY
+SECTION ANSWER
+sub.example.com.        3600    IN      DNSKEY  256 3 5 AQPQ41chR9DEHt/aIzIFAqanbDlRflJoRs5yz1jFsoRIT7dWf0r+PeDuewdxkszNH6wnU4QL8pfKFRh5PIYVBLK3 ;{id = 30899 (zsk), size = 512b}
+;sub.example.com.        3600    IN      RRSIG   DNSKEY 5 3 3600 20070926134150 20070829134150 30899 sub.example.com. uNGp99iznjD7oOX02XnQbDnbg75UwBHRvZSKYUorTKvPUnCWMHKdRsQ+mf+Fx3GZ+Fz9BVjoCmQqpnfgXLEYqw== ;{id = 30899}
+SECTION AUTHORITY
+sub.example.com. IN	NS ns.sub.example.com.
+;sub.example.com.        3600    IN      RRSIG   NS 5 3 3600 20070926134150 20070829134150 30899 sub.example.com. wcpHeBILHfo8C9uxMhcW03gcURZeUffiKdSTb50ZjzTHgMNhRyMfpcvSpXEd9548A9UTmWKeLZChfr5Z/glONw== ;{id = 30899}
+SECTION ADDITIONAL
+ns.sub.example.com. IN A 1.2.3.6
+;ns.sub.example.com.     3600    IN      RRSIG   A 5 4 3600 20070926134150 20070829134150 30899 sub.example.com. UF7shD/gt1FOp2UHgLTNbPzVykklSXFMEtJ1xD+Hholwf/PIzd7zoaIttIYibNa4fUXCqMg22H9P7MRhfmFe6g== ;{id = 30899}
+ENTRY_END
+
+; response to query of interest
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+www.sub.example.com. IN A
+SECTION ANSWER
+www.sub.example.com. IN A	11.11.11.11
+;www.sub.example.com.    3600    IN      RRSIG   A 5 4 3600 20070926134150 20070829134150 30899 sub.example.com. 0DqqRfRtm7VSEQ4mmBbzrKRqQAay3JAE8DPDGmjtokrrjN9F1G/HxozDV7bjdIh2EChlQea8FPwf/GepJMUVxg== ;{id = 30899}
+SECTION AUTHORITY
+SECTION ADDITIONAL
+ENTRY_END
+RANGE_END
+
+STEP 1 QUERY
+ENTRY_BEGIN
+REPLY RD DO
+SECTION QUESTION
+www.sub.example.com. IN A
+ENTRY_END
+
+; recursion happens here.
+STEP 10 CHECK_ANSWER
+ENTRY_BEGIN
+MATCH all
+REPLY QR RD RA DO SERVFAIL
+SECTION QUESTION
+www.sub.example.com. IN A
+ENTRY_END
+
+SCENARIO_END
diff --git a/src/test/resources/unbound/val_spurious_ns.rpl b/src/test/resources/unbound/val_spurious_ns.rpl
new file mode 100644
index 000000000..bd79db19c
--- /dev/null
+++ b/src/test/resources/unbound/val_spurious_ns.rpl
@@ -0,0 +1,155 @@
+; config options
+; The island of trust is at example.com
+server:
+	trust-anchor: "example.com.    3600    IN      DS      2854 3 1 46e4ffc6e9a4793b488954bd3f0cc6af0dfb201b"
+	val-override-date: "20070916134226"
+	target-fetch-policy: "0 0 0 0 0"
+	qname-minimisation: "no"
+	fake-sha1: yes
+	trust-anchor-signaling: no
+	minimal-responses: no
+
+stub-zone:
+	name: "."
+	stub-addr: 193.0.14.129 	# K.ROOT-SERVERS.NET.
+CONFIG_END
+
+SCENARIO_BEGIN Test validator with spurious unsigned NS in auth section 
+
+; K.ROOT-SERVERS.NET.
+RANGE_BEGIN 0 100
+	ADDRESS 193.0.14.129 
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+. IN NS
+SECTION ANSWER
+. IN NS	K.ROOT-SERVERS.NET.
+SECTION ADDITIONAL
+K.ROOT-SERVERS.NET.	IN	A	193.0.14.129
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+www.example.com. IN A
+SECTION AUTHORITY
+com.	IN NS	a.gtld-servers.net.
+SECTION ADDITIONAL
+a.gtld-servers.net.	IN 	A	192.5.6.30
+ENTRY_END
+RANGE_END
+
+; a.gtld-servers.net.
+RANGE_BEGIN 0 100
+	ADDRESS 192.5.6.30
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+com. IN NS
+SECTION ANSWER
+com.    IN NS   a.gtld-servers.net.
+SECTION ADDITIONAL
+a.gtld-servers.net.     IN      A       192.5.6.30
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+www.example.com. IN A
+SECTION AUTHORITY
+example.com.	IN NS	ns.example.com.
+SECTION ADDITIONAL
+ns.example.com.		IN 	A	1.2.3.4
+ENTRY_END
+RANGE_END
+
+; ns.example.com.
+RANGE_BEGIN 0 100
+	ADDRESS 1.2.3.4
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+example.com. IN NS
+SECTION ANSWER
+example.com.    IN NS   ns.example.com.
+example.com.    3600    IN      RRSIG   NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854}
+SECTION ADDITIONAL
+ns.example.com.         IN      A       1.2.3.4
+ns.example.com. 3600    IN      RRSIG   A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854}
+ENTRY_END
+
+; response to DNSKEY priming query
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+example.com. IN DNSKEY
+SECTION ANSWER
+example.com.    3600    IN      DNSKEY  256 3 3 ALXLUsWqUrY3JYER3T4TBJII s70j+sDS/UT2QRp61SE7S3E EXopNXoFE73JLRmvpi/UrOO/Vz4Se 6wXv/CYCKjGw06U4WRgR YXcpEhJROyNapmdIKSx hOzfLVE1gqA0PweZR8d tY3aNQSRn3sPpwJr6Mi /PqQKAMMrZ9ckJpf1+b QMOOvxgzz2U1GS18b3y ZKcgTMEaJzd/GZYzi/B N2DzQ0MsrSwYXfsNLFO Bbs8PJMW4LYIxeeOe6rUgkWOF 7CC9Dh/dduQ1QrsJhmZAEFfd6ByYV+ ;{id = 2854 (zsk), size = 1688b}
+example.com.    3600    IN      RRSIG   DNSKEY 3 2 3600 20070926134802 20070829134802 2854 example.com. MCwCFG1yhRNtTEa3Eno2zhVVuy2EJX3wAhQeLyUp6+UXcpC5qGNu9tkrTEgPUg== ;{id = 2854}
+SECTION AUTHORITY
+example.com.	IN NS	ns.example.com.
+example.com.    3600    IN      RRSIG   NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854}
+SECTION ADDITIONAL
+ns.example.com.		IN 	A	1.2.3.4
+ns.example.com. 3600    IN      RRSIG   A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854}
+ENTRY_END
+
+; response to query of interest
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+www.example.com. IN A
+SECTION ANSWER
+www.example.com. IN A	10.20.30.40
+www.example.com.        3600    IN      RRSIG   A 3 3 3600 20070926134150 20070829134150 2854 example.com. MC0CFC99iE9K5y2WNgI0gFvBWaTi9wm6AhUAoUqOpDtG5Zct+Qr9F3mSdnbc6V4= ;{id = 2854}
+SECTION AUTHORITY
+example.com.	IN NS	ns.example.com.
+;example.com.    3600    IN      RRSIG   NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854}
+SECTION ADDITIONAL
+ns.example.com.		IN 	A	1.2.3.4
+ns.example.com. 3600    IN      RRSIG   A 3 3 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCQMyTjn7WWwpwAR1LlVeLpRgZGuQIUCcJDEkwAuzytTDRlYK7nIMwH1CM= ;{id = 2854}
+ENTRY_END
+RANGE_END
+
+STEP 1 QUERY
+ENTRY_BEGIN
+REPLY RD DO
+SECTION QUESTION
+www.example.com. IN A
+ENTRY_END
+
+; recursion happens here.
+STEP 10 CHECK_ANSWER
+ENTRY_BEGIN
+MATCH all
+REPLY QR RD RA AD DO NOERROR
+SECTION QUESTION
+www.example.com. IN A
+SECTION ANSWER
+www.example.com. IN A	10.20.30.40
+www.example.com.        3600    IN      RRSIG   A 3 3 3600 20070926134150 20070829134150 2854 example.com. MC0CFC99iE9K5y2WNgI0gFvBWaTi9wm6AhUAoUqOpDtG5Zct+Qr9F3mSdnbc6V4= ;{id = 2854}
+SECTION AUTHORITY
+; removed by spurious NS record removal code
+;;example.com.	IN NS	ns.example.com.
+;;example.com.    3600    IN      RRSIG   NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854}
+SECTION ADDITIONAL
+ns.example.com.		IN 	A	1.2.3.4
+ns.example.com. 3600    IN      RRSIG   A 3 3 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCQMyTjn7WWwpwAR1LlVeLpRgZGuQIUCcJDEkwAuzytTDRlYK7nIMwH1CM= ;{id = 2854}
+ENTRY_END
+
+SCENARIO_END
diff --git a/src/test/resources/unbound/val_stub_noroot.rpl b/src/test/resources/unbound/val_stub_noroot.rpl
new file mode 100644
index 000000000..7c21cd345
--- /dev/null
+++ b/src/test/resources/unbound/val_stub_noroot.rpl
@@ -0,0 +1,87 @@
+; config options
+server:
+	target-fetch-policy: "0 0 0 0 0"
+	trust-anchor: "lp0.eu. IN DNSKEY 257 3 5 AQPQ41chR9DEHt/aIzIFAqanbDlRflJoRs5yz1jFsoRIT7dWf0r+PeDuewdxkszNH6wnU4QL8pfKFRh5PIYVBLK3"
+	val-override-date: "20100913111500"
+	; the dlv anchor is completely ignored, but here to test that.
+	dlv-anchor: "dlv.isc.org. IN DNSKEY 257 3 5 AQPQ41chR9DEHt/aIzIFAqanbDlRflJoRs5yz1jFsoRIT7dWf0r+PeDuewdxkszNH6wnU4QL8pfKFRh5PIYVBLK3"
+	fake-sha1: yes
+	val-min-rsa-size: 512
+	trust-anchor-signaling: no
+	minimal-responses: no
+
+stub-zone:
+	name: "."
+	stub-addr: 81.187.81.187
+stub-zone:
+        name: "lp0.eu"
+	stub-addr: 81.2.80.65
+	stub-prime: no
+CONFIG_END
+
+SCENARIO_BEGIN Test validation of stub zone without root prime.
+
+; this server does not respond. (for the root)
+RANGE_BEGIN 0 100
+	ADDRESS 81.187.81.187
+ENTRY_BEGIN
+MATCH
+ADJUST copy_id copy_query
+REPLY QR SERVFAIL
+SECTION QUESTION
+. IN NS
+ENTRY_END
+RANGE_END
+
+; lp0.eu server
+RANGE_BEGIN 0 100
+	ADDRESS 81.2.80.65
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+lp0.eu. IN DNSKEY
+SECTION ANSWER
+lp0.eu.	3600	IN	DNSKEY	257 3 5 AQPQ41chR9DEHt/aIzIFAqanbDlRflJoRs5yz1jFsoRIT7dWf0r+PeDuewdxkszNH6wnU4QL8pfKFRh5PIYVBLK3 ;{id = 30900 (ksk), size = 512b}
+lp0.eu.	3600	IN	RRSIG	DNSKEY 5 2 3600 20101013111500 20100909111500 30900 lp0.eu. zWYOT1zmB2k7hMl7mke7k1UNp4lDveUxi2EnF0tW++j2/qJopiAAcFHBo2GOo88jHcLWycurf0Qo+YGXfFbpEg== ;{id = 30900}
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+proxima.lp0.eu. IN A
+SECTION ANSWER
+proxima.lp0.eu. IN A 81.2.80.65
+proxima.lp0.eu.	3600	IN	RRSIG	A 5 3 3600 20101013111500 20100909111500 30900 lp0.eu. xwS3PLSlxh500pDYh/t6fnLzxQAra6n3nhzk4fVqLzwmneBIfcx4F/vO44wRzXSprz1UbMkVUcruTbQYlLFBEg== ;{id = 30900}
+SECTION AUTHORITY
+lp0.eu. IN NS proxima.lp0.eu.
+lp0.eu.	3600	IN	RRSIG	NS 5 2 3600 20101013111500 20100909111500 30900 lp0.eu. KM7Zfwc1b0Ay8Ezer0ZAERPbmgGzKIrTfZMxzXzSkVx5DWirTtdgPTNVG/y9fkN4tUARNhElN2eb0ufb04Hdgw== ;{id = 30900}
+ENTRY_END
+RANGE_END
+
+STEP 1 QUERY
+ENTRY_BEGIN
+REPLY RD DO
+SECTION QUESTION
+proxima.lp0.eu. IN A
+ENTRY_END
+
+; recursion happens here.
+STEP 10 CHECK_ANSWER
+ENTRY_BEGIN
+MATCH all
+REPLY QR RD RA AD DO NOERROR
+SECTION QUESTION
+proxima.lp0.eu. IN A
+SECTION ANSWER
+proxima.lp0.eu. IN A 81.2.80.65
+proxima.lp0.eu.	3600	IN	RRSIG	A 5 3 3600 20101013111500 20100909111500 30900 lp0.eu. xwS3PLSlxh500pDYh/t6fnLzxQAra6n3nhzk4fVqLzwmneBIfcx4F/vO44wRzXSprz1UbMkVUcruTbQYlLFBEg== ;{id = 30900}
+SECTION AUTHORITY
+lp0.eu. IN NS proxima.lp0.eu.
+lp0.eu.	3600	IN	RRSIG	NS 5 2 3600 20101013111500 20100909111500 30900 lp0.eu. KM7Zfwc1b0Ay8Ezer0ZAERPbmgGzKIrTfZMxzXzSkVx5DWirTtdgPTNVG/y9fkN4tUARNhElN2eb0ufb04Hdgw== ;{id = 30900}
+ENTRY_END
+
+SCENARIO_END
diff --git a/src/test/resources/unbound/val_stubds.rpl b/src/test/resources/unbound/val_stubds.rpl
new file mode 100644
index 000000000..7e1dfedec
--- /dev/null
+++ b/src/test/resources/unbound/val_stubds.rpl
@@ -0,0 +1,230 @@
+; config options
+; The island of trust is at example.com
+server:
+	trust-anchor: "example.com.    3600    IN      DS      2854 3 1 46e4ffc6e9a4793b488954bd3f0cc6af0dfb201b"
+	val-override-date: "20070916134226"
+	target-fetch-policy: "0 0 0 0 0"
+	fake-sha1: yes
+	trust-anchor-signaling: no
+
+stub-zone:
+	name: "."
+	stub-addr: 193.0.14.129 	# K.ROOT-SERVERS.NET.
+stub-zone:
+	name: "sub.example.com"
+	stub-addr: 1.2.3.6
+CONFIG_END
+
+SCENARIO_BEGIN Test stub with DS query
+; The stub zone is linked validly with a DS to the public internet zone.
+; unbound just has to be able to ask the DS from the right server (not 
+; from the stub).
+
+; K.ROOT-SERVERS.NET.
+RANGE_BEGIN 0 100
+	ADDRESS 193.0.14.129 
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+. IN NS
+SECTION ANSWER
+. IN NS	K.ROOT-SERVERS.NET.
+SECTION ADDITIONAL
+K.ROOT-SERVERS.NET.	IN	A	193.0.14.129
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode subdomain
+ADJUST copy_id copy_query
+REPLY QR NOERROR
+SECTION QUESTION
+com. IN NS
+SECTION AUTHORITY
+com.	IN NS	a.gtld-servers.net.
+SECTION ADDITIONAL
+a.gtld-servers.net.	IN 	A	192.5.6.30
+ENTRY_END
+RANGE_END
+
+; a.gtld-servers.net.
+RANGE_BEGIN 0 100
+	ADDRESS 192.5.6.30
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+com. IN NS
+SECTION ANSWER
+com.    IN NS   a.gtld-servers.net.
+SECTION ADDITIONAL
+a.gtld-servers.net.     IN      A       192.5.6.30
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode subdomain
+ADJUST copy_id copy_query
+REPLY QR NOERROR
+SECTION QUESTION
+example.com. IN A
+SECTION AUTHORITY
+example.com.	IN NS	ns.example.com.
+SECTION ADDITIONAL
+ns.example.com.		IN 	A	1.2.3.4
+ENTRY_END
+RANGE_END
+
+; ns.example.com.
+RANGE_BEGIN 0 100
+	ADDRESS 1.2.3.4
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+example.com. IN NS
+SECTION ANSWER
+example.com.    IN NS   ns.example.com.
+example.com.    3600    IN      RRSIG   NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854}
+SECTION ADDITIONAL
+ns.example.com.         IN      A       1.2.3.4
+ns.example.com. 3600    IN      RRSIG   A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854}
+ENTRY_END
+
+; response to DNSKEY priming query
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+example.com. IN DNSKEY
+SECTION ANSWER
+example.com.    3600    IN      DNSKEY  256 3 3 ALXLUsWqUrY3JYER3T4TBJII s70j+sDS/UT2QRp61SE7S3E EXopNXoFE73JLRmvpi/UrOO/Vz4Se 6wXv/CYCKjGw06U4WRgR YXcpEhJROyNapmdIKSx hOzfLVE1gqA0PweZR8d tY3aNQSRn3sPpwJr6Mi /PqQKAMMrZ9ckJpf1+b QMOOvxgzz2U1GS18b3y ZKcgTMEaJzd/GZYzi/B N2DzQ0MsrSwYXfsNLFO Bbs8PJMW4LYIxeeOe6rUgkWOF 7CC9Dh/dduQ1QrsJhmZAEFfd6ByYV+ ;{id = 2854 (zsk), size = 1688b}
+example.com. 3600    IN      RRSIG   DNSKEY DSA 2 3600 20070926134150 20070829134150 2854 example.com. MCwCFBQRtlR4BEv9ohi+PGFjp+AHsJuHAhRCvz0shggvnvI88DFnBDCczHUcVA== ;{id = 2854}
+SECTION AUTHORITY
+example.com.	IN NS	ns.example.com.
+example.com.    3600    IN      RRSIG   NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854}
+SECTION ADDITIONAL
+ns.example.com.		IN 	A	1.2.3.4
+ns.example.com. 3600    IN      RRSIG   A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854}
+ENTRY_END
+
+; response for DS of sub.example.com.
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+sub.example.com. IN DS
+SECTION ANSWER
+sub.example.com.        3600    IN      DS      30899 RSASHA1 1 f7ed618f24d5e5202927e1d27bc2e84a141cb4b3
+sub.example.com.        3600    IN      RRSIG   DS 3 3 3600 20070926134150 20070829134150 2854 example.com. MCwCFCW3ix0GD4BSvNLWIbROCJt5DAW9AhRt/kg9kBKJ20UBUdumrBUHqnskdA== ;{id = 2854}
+SECTION AUTHORITY
+SECTION ADDITIONAL
+ENTRY_END
+
+; response for delegation to sub.example.com.
+ENTRY_BEGIN
+MATCH opcode subdomain
+ADJUST copy_id copy_query
+REPLY QR NOERROR
+SECTION QUESTION
+sub.example.com. IN A
+SECTION ANSWER
+SECTION AUTHORITY
+sub.example.com. IN	NS ns.sub.example.com.
+sub.example.com.        3600    IN      DS      30899 RSASHA1 1 f7ed618f24d5e5202927e1d27bc2e84a141cb4b3
+sub.example.com.        3600    IN      RRSIG   DS 3 3 3600 20070926134150 20070829134150 2854 example.com. MCwCFCW3ix0GD4BSvNLWIbROCJt5DAW9AhRt/kg9kBKJ20UBUdumrBUHqnskdA== ;{id = 2854}
+SECTION ADDITIONAL
+ns.sub.example.com. IN A 1.2.3.6
+ENTRY_END
+
+RANGE_END
+
+; ns.sub.example.com.
+RANGE_BEGIN 0 100
+	ADDRESS 1.2.3.6
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+sub.example.com. IN NS
+SECTION ANSWER
+sub.example.com. IN	NS ns.sub.example.com.
+sub.example.com.        3600    IN      RRSIG   NS 5 3 3600 20070926134150 20070829134150 30899 sub.example.com. wcpHeBILHfo8C9uxMhcW03gcURZeUffiKdSTb50ZjzTHgMNhRyMfpcvSpXEd9548A9UTmWKeLZChfr5Z/glONw== ;{id = 30899}
+SECTION ADDITIONAL
+ns.sub.example.com. IN A 1.2.3.6
+ns.sub.example.com.     3600    IN      RRSIG   A 5 4 3600 20070926134150 20070829134150 30899 sub.example.com. UF7shD/gt1FOp2UHgLTNbPzVykklSXFMEtJ1xD+Hholwf/PIzd7zoaIttIYibNa4fUXCqMg22H9P7MRhfmFe6g== ;{id = 30899}
+ENTRY_END
+
+; response to DNSKEY priming query
+; sub.example.com.        3600    IN      DS      30899 RSASHA1 1 f7ed618f24d5e5202927e1d27bc2e84a141cb4b3
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+sub.example.com. IN DNSKEY
+SECTION ANSWER
+sub.example.com.        3600    IN      DNSKEY  256 3 5 AQPQ41chR9DEHt/aIzIFAqanbDlRflJoRs5yz1jFsoRIT7dWf0r+PeDuewdxkszNH6wnU4QL8pfKFRh5PIYVBLK3 ;{id = 30899 (zsk), size = 512b}
+sub.example.com.        3600    IN      RRSIG   DNSKEY 5 3 3600 20070926134150 20070829134150 30899 sub.example.com. uNGp99iznjD7oOX02XnQbDnbg75UwBHRvZSKYUorTKvPUnCWMHKdRsQ+mf+Fx3GZ+Fz9BVjoCmQqpnfgXLEYqw== ;{id = 30899}
+SECTION AUTHORITY
+sub.example.com. IN	NS ns.sub.example.com.
+sub.example.com.        3600    IN      RRSIG   NS 5 3 3600 20070926134150 20070829134150 30899 sub.example.com. wcpHeBILHfo8C9uxMhcW03gcURZeUffiKdSTb50ZjzTHgMNhRyMfpcvSpXEd9548A9UTmWKeLZChfr5Z/glONw== ;{id = 30899}
+SECTION ADDITIONAL
+ns.sub.example.com. IN A 1.2.3.6
+ns.sub.example.com.     3600    IN      RRSIG   A 5 4 3600 20070926134150 20070829134150 30899 sub.example.com. UF7shD/gt1FOp2UHgLTNbPzVykklSXFMEtJ1xD+Hholwf/PIzd7zoaIttIYibNa4fUXCqMg22H9P7MRhfmFe6g== ;{id = 30899}
+ENTRY_END
+
+; response for qtype DS.  This is not available here.
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR SERVFAIL
+SECTION QUESTION
+sub.example.com. IN DS
+SECTION ANSWER
+SECTION AUTHORITY
+SECTION ADDITIONAL
+ENTRY_END
+
+; response to query of interest
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+www.sub.example.com. IN A
+SECTION ANSWER
+www.sub.example.com. IN A	11.11.11.11
+www.sub.example.com.    3600    IN      RRSIG   A 5 4 3600 20070926134150 20070829134150 30899 sub.example.com. 0DqqRfRtm7VSEQ4mmBbzrKRqQAay3JAE8DPDGmjtokrrjN9F1G/HxozDV7bjdIh2EChlQea8FPwf/GepJMUVxg== ;{id = 30899}
+SECTION AUTHORITY
+SECTION ADDITIONAL
+ENTRY_END
+RANGE_END
+
+STEP 1 QUERY
+ENTRY_BEGIN
+REPLY RD DO
+SECTION QUESTION
+www.sub.example.com. IN A
+ENTRY_END
+
+; recursion happens here.
+STEP 10 CHECK_ANSWER
+ENTRY_BEGIN
+MATCH all
+REPLY QR RD RA AD DO NOERROR
+SECTION QUESTION
+www.sub.example.com. IN A
+SECTION ANSWER
+www.sub.example.com. 	3600	IN	A	11.11.11.11
+www.sub.example.com.    3600    IN      RRSIG   A 5 4 3600 20070926134150 20070829134150 30899 sub.example.com. 0DqqRfRtm7VSEQ4mmBbzrKRqQAay3JAE8DPDGmjtokrrjN9F1G/HxozDV7bjdIh2EChlQea8FPwf/GepJMUVxg== ;{id = 30899}
+SECTION AUTHORITY
+SECTION ADDITIONAL
+ENTRY_END
+
+SCENARIO_END
diff --git a/src/test/resources/unbound/val_ta_algo_dnskey.rpl b/src/test/resources/unbound/val_ta_algo_dnskey.rpl
new file mode 100644
index 000000000..36988fce2
--- /dev/null
+++ b/src/test/resources/unbound/val_ta_algo_dnskey.rpl
@@ -0,0 +1,186 @@
+; config options
+; The island of trust is at example.com
+server:
+	trust-anchor: "example.com.	3600	IN	DNSKEY	256 3 3 ALXLUsWqUrY3JYER3T4TBJIIs70j+sDS/UT2QRp61SE7S3EEXopNXoFE73JLRmvpi/UrOO/Vz4Se6wXv/CYCKjGw06U4WRgRYXcpEhJROyNapmdIKSxhOzfLVE1gqA0PweZR8dtY3aNQSRn3sPpwJr6Mi/PqQKAMMrZ9ckJpf1+bQMOOvxgzz2U1GS18b3yZKcgTMEaJzd/GZYzi/BN2DzQ0MsrSwYXfsNLFOBbs8PJMW4LYIxeeOe6rUgkWOF7CC9Dh/dduQ1QrsJhmZAEFfd6ByYV+ ;{id = 2854 (zsk), size = 1688b}"
+	trust-anchor: "example.com.	3600	IN	DS	30899 5 1 d4bf9d2e10f6d76840d42ef5913022abcd0bf512"
+	val-override-date: "20070916134226"
+	target-fetch-policy: "0 0 0 0 0"
+	qname-minimisation: "no"
+	fake-sha1: yes
+	val-min-rsa-size: 512
+	trust-anchor-signaling: no
+	minimal-responses: no
+
+stub-zone:
+	name: "."
+	stub-addr: 193.0.14.129 	# K.ROOT-SERVERS.NET.
+CONFIG_END
+
+SCENARIO_BEGIN Test validator with multiple algorithm trust anchor
+
+; K.ROOT-SERVERS.NET.
+RANGE_BEGIN 0 100
+	ADDRESS 193.0.14.129
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+. IN NS
+SECTION ANSWER
+. IN NS	K.ROOT-SERVERS.NET.
+SECTION ADDITIONAL
+K.ROOT-SERVERS.NET.	IN	A	193.0.14.129
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+www.example.com. IN A
+SECTION AUTHORITY
+com.	IN NS	a.gtld-servers.net.
+SECTION ADDITIONAL
+a.gtld-servers.net.	IN 	A	192.5.6.30
+ENTRY_END
+RANGE_END
+
+; a.gtld-servers.net.
+RANGE_BEGIN 0 100
+	ADDRESS 192.5.6.30
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+com. IN NS
+SECTION ANSWER
+com.    IN NS   a.gtld-servers.net.
+SECTION ADDITIONAL
+a.gtld-servers.net.     IN      A       192.5.6.30
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+www.example.com. IN A
+SECTION AUTHORITY
+example.com.	IN NS	ns.example.com.
+SECTION ADDITIONAL
+ns.example.com.		IN 	A	1.2.3.4
+ENTRY_END
+RANGE_END
+
+; ns.example.com.
+RANGE_BEGIN 0 100
+	ADDRESS 1.2.3.4
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+example.com. IN NS
+SECTION ANSWER
+example.com.    IN NS   ns.example.com.
+example.com.    3600    IN      RRSIG   NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854}
+example.com.	3600	IN	RRSIG	NS 5 2 3600 20070926134150 20070829134150 30899 example.com. YTqtYba73HIOQuPr5oDyIX9pfmz1ybEBjwlD/jUgcPmFINUOZ9FeqG6ywgRKwn4AizkKTK00p1sxZYMKxl91wg== ;{id = 30899}
+SECTION ADDITIONAL
+ns.example.com.         IN      A       1.2.3.4
+ns.example.com. 3600    IN      RRSIG   A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854}
+ns.example.com.	3600	IN	RRSIG	A 5 3 3600 20070926134150 20070829134150 30899 example.com. Dn1ziMKrc3NdJkSv8g61Y9WNk3+BAuwCwnYzAZiHmkejkSCPViLJN7+f4Conp9l8LkTl50ZnLgoYrrUYNhMj6w== ;{id = 30899}
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR AA NOERROR
+SECTION QUESTION
+ns.example.com. IN AAAA
+SECTION ANSWER
+SECTION AUTHORITY
+example.com.    IN NS   ns.example.com.
+example.com.    3600    IN      RRSIG   NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854}
+example.com.	3600	IN	RRSIG	NS 5 2 3600 20070926134150 20070829134150 30899 example.com. YTqtYba73HIOQuPr5oDyIX9pfmz1ybEBjwlD/jUgcPmFINUOZ9FeqG6ywgRKwn4AizkKTK00p1sxZYMKxl91wg== ;{id = 30899}
+SECTION ADDITIONAL
+ns.example.com.         IN      A       1.2.3.4
+ns.example.com. 3600    IN      RRSIG   A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854}
+ns.example.com.	3600	IN	RRSIG	A 5 3 3600 20070926134150 20070829134150 30899 example.com. Dn1ziMKrc3NdJkSv8g61Y9WNk3+BAuwCwnYzAZiHmkejkSCPViLJN7+f4Conp9l8LkTl50ZnLgoYrrUYNhMj6w== ;{id = 30899}
+ENTRY_END
+
+
+; response to DNSKEY priming query
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+example.com. IN DNSKEY
+SECTION ANSWER
+example.com.	3600	IN	DNSKEY	256 3 5 AQPQ41chR9DEHt/aIzIFAqanbDlRflJoRs5yz1jFsoRIT7dWf0r+PeDuewdxkszNH6wnU4QL8pfKFRh5PIYVBLK3 ;{id = 30899 (zsk), size = 512b}
+example.com.	3600	IN	DNSKEY	256 3 3 ALXLUsWqUrY3JYER3T4TBJIIs70j+sDS/UT2QRp61SE7S3EEXopNXoFE73JLRmvpi/UrOO/Vz4Se6wXv/CYCKjGw06U4WRgRYXcpEhJROyNapmdIKSxhOzfLVE1gqA0PweZR8dtY3aNQSRn3sPpwJr6Mi/PqQKAMMrZ9ckJpf1+bQMOOvxgzz2U1GS18b3yZKcgTMEaJzd/GZYzi/BN2DzQ0MsrSwYXfsNLFOBbs8PJMW4LYIxeeOe6rUgkWOF7CC9Dh/dduQ1QrsJhmZAEFfd6ByYV+ ;{id = 2854 (zsk), size = 512b}
+example.com.	3600	IN	RRSIG	DNSKEY 3 2 3600 20070926134150 20070829134150 2854 example.com. AKIIYDOGHogglFqJK94ZtOnF7EfGikgAyloMNRSMCrQgFaFkmcOyjrc= ;{id = 2854}
+example.com.	3600	IN	RRSIG	DNSKEY 5 2 3600 20070926134150 20070829134150 30899 example.com. J55fsz1GGMnngc4r50xvXDUdaVMlfcLKLVsfMhwNLF+ERac5XV/lLRAc/aSER+qQdsSo0CrjYjy1wat7YQpDAA== ;{id = 30899}
+SECTION AUTHORITY
+example.com.	IN NS	ns.example.com.
+example.com.    3600    IN      RRSIG   NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854}
+example.com.	3600	IN	RRSIG	NS 5 2 3600 20070926134150 20070829134150 30899 example.com. YTqtYba73HIOQuPr5oDyIX9pfmz1ybEBjwlD/jUgcPmFINUOZ9FeqG6ywgRKwn4AizkKTK00p1sxZYMKxl91wg== ;{id = 30899}
+SECTION ADDITIONAL
+ns.example.com.		IN 	A	1.2.3.4
+ns.example.com. 3600    IN      RRSIG   A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854}
+ns.example.com.	3600	IN	RRSIG	A 5 3 3600 20070926134150 20070829134150 30899 example.com. Dn1ziMKrc3NdJkSv8g61Y9WNk3+BAuwCwnYzAZiHmkejkSCPViLJN7+f4Conp9l8LkTl50ZnLgoYrrUYNhMj6w== ;{id = 30899}
+ENTRY_END
+
+; response to query of interest
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+www.example.com. IN A
+SECTION ANSWER
+www.example.com. IN A	10.20.30.40
+www.example.com.        3600    IN      RRSIG   A 3 3 3600 20070926134150 20070829134150 2854 example.com. MC0CFC99iE9K5y2WNgI0gFvBWaTi9wm6AhUAoUqOpDtG5Zct+Qr9F3mSdnbc6V4= ;{id = 2854}
+www.example.com.    3600    IN  RRSIG   A 5 3 3600 20070926134150 20070829134150 30899 example.com. JNWECShNE+nCLQwOXJJ3xpUkh2G+FCh5nk8uYAHIVQRse/BIvCMSlvRrtVyw9RnXvk5RR2bEgN0pRdLWW7ug5Q== ;{id = 30899}
+SECTION AUTHORITY
+example.com.	IN NS	ns.example.com.
+example.com.    3600    IN      RRSIG   NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854}
+example.com.	3600	IN	RRSIG	NS 5 2 3600 20070926134150 20070829134150 30899 example.com. YTqtYba73HIOQuPr5oDyIX9pfmz1ybEBjwlD/jUgcPmFINUOZ9FeqG6ywgRKwn4AizkKTK00p1sxZYMKxl91wg== ;{id = 30899}
+SECTION ADDITIONAL
+ns.example.com.		IN 	A	1.2.3.4
+ns.example.com. 3600    IN      RRSIG   A 3 3 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCQMyTjn7WWwpwAR1LlVeLpRgZGuQIUCcJDEkwAuzytTDRlYK7nIMwH1CM= ;{id = 2854}
+ns.example.com.	3600	IN	RRSIG	A 5 3 3600 20070926134150 20070829134150 30899 example.com. Dn1ziMKrc3NdJkSv8g61Y9WNk3+BAuwCwnYzAZiHmkejkSCPViLJN7+f4Conp9l8LkTl50ZnLgoYrrUYNhMj6w== ;{id = 30899}
+ENTRY_END
+RANGE_END
+
+STEP 1 QUERY
+ENTRY_BEGIN
+REPLY RD DO
+SECTION QUESTION
+www.example.com. IN A
+ENTRY_END
+
+; recursion happens here.
+STEP 10 CHECK_ANSWER
+ENTRY_BEGIN
+MATCH all
+REPLY QR RD RA AD DO NOERROR
+SECTION QUESTION
+www.example.com. IN A
+SECTION ANSWER
+www.example.com. IN A	10.20.30.40
+www.example.com.	3600	IN	RRSIG	A 5 3 3600 20070926134150 20070829134150 30899 example.com. JNWECShNE+nCLQwOXJJ3xpUkh2G+FCh5nk8uYAHIVQRse/BIvCMSlvRrtVyw9RnXvk5RR2bEgN0pRdLWW7ug5Q== ;{id = 30899}
+www.example.com.        3600    IN      RRSIG   A 3 3 3600 20070926134150 20070829134150 2854 example.com. MC0CFC99iE9K5y2WNgI0gFvBWaTi9wm6AhUAoUqOpDtG5Zct+Qr9F3mSdnbc6V4= ;{id = 2854}
+SECTION AUTHORITY
+example.com.	IN NS	ns.example.com.
+example.com.    3600    IN      RRSIG   NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854}
+example.com.	3600	IN	RRSIG	NS 5 2 3600 20070926134150 20070829134150 30899 example.com. YTqtYba73HIOQuPr5oDyIX9pfmz1ybEBjwlD/jUgcPmFINUOZ9FeqG6ywgRKwn4AizkKTK00p1sxZYMKxl91wg== ;{id = 30899}
+SECTION ADDITIONAL
+ns.example.com.		IN 	A	1.2.3.4
+ns.example.com. 3600    IN      RRSIG   A 3 3 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCQMyTjn7WWwpwAR1LlVeLpRgZGuQIUCcJDEkwAuzytTDRlYK7nIMwH1CM= ;{id = 2854}
+ns.example.com.	3600	IN	RRSIG	A 5 3 3600 20070926134150 20070829134150 30899 example.com. Dn1ziMKrc3NdJkSv8g61Y9WNk3+BAuwCwnYzAZiHmkejkSCPViLJN7+f4Conp9l8LkTl50ZnLgoYrrUYNhMj6w== ;{id = 30899}
+ENTRY_END
+
+SCENARIO_END
diff --git a/src/test/resources/unbound/val_ta_algo_dnskey_dp.rpl b/src/test/resources/unbound/val_ta_algo_dnskey_dp.rpl
new file mode 100644
index 000000000..f4f002b91
--- /dev/null
+++ b/src/test/resources/unbound/val_ta_algo_dnskey_dp.rpl
@@ -0,0 +1,187 @@
+; config options
+; The island of trust is at example.com
+server:
+	trust-anchor: "example.com.	3600	IN	DNSKEY	256 3 3 ALXLUsWqUrY3JYER3T4TBJIIs70j+sDS/UT2QRp61SE7S3EEXopNXoFE73JLRmvpi/UrOO/Vz4Se6wXv/CYCKjGw06U4WRgRYXcpEhJROyNapmdIKSxhOzfLVE1gqA0PweZR8dtY3aNQSRn3sPpwJr6Mi/PqQKAMMrZ9ckJpf1+bQMOOvxgzz2U1GS18b3yZKcgTMEaJzd/GZYzi/BN2DzQ0MsrSwYXfsNLFOBbs8PJMW4LYIxeeOe6rUgkWOF7CC9Dh/dduQ1QrsJhmZAEFfd6ByYV+ ;{id = 2854 (zsk), size = 1688b}"
+	trust-anchor: "example.com.	3600	IN	DS	30899 5 1 d4bf9d2e10f6d76840d42ef5913022abcd0bf512"
+	val-override-date: "20070916134226"
+	target-fetch-policy: "0 0 0 0 0"
+	qname-minimisation: "no"
+	harden-algo-downgrade: no
+	fake-sha1: yes
+	val-min-rsa-size: 512
+	trust-anchor-signaling: no
+	minimal-responses: no
+
+stub-zone:
+	name: "."
+	stub-addr: 193.0.14.129 	# K.ROOT-SERVERS.NET.
+CONFIG_END
+
+SCENARIO_BEGIN Test validator with multiple algorithm trust anchor without harden
+
+; K.ROOT-SERVERS.NET.
+RANGE_BEGIN 0 100
+	ADDRESS 193.0.14.129
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+. IN NS
+SECTION ANSWER
+. IN NS	K.ROOT-SERVERS.NET.
+SECTION ADDITIONAL
+K.ROOT-SERVERS.NET.	IN	A	193.0.14.129
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+www.example.com. IN A
+SECTION AUTHORITY
+com.	IN NS	a.gtld-servers.net.
+SECTION ADDITIONAL
+a.gtld-servers.net.	IN 	A	192.5.6.30
+ENTRY_END
+RANGE_END
+
+; a.gtld-servers.net.
+RANGE_BEGIN 0 100
+	ADDRESS 192.5.6.30
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+com. IN NS
+SECTION ANSWER
+com.    IN NS   a.gtld-servers.net.
+SECTION ADDITIONAL
+a.gtld-servers.net.     IN      A       192.5.6.30
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+www.example.com. IN A
+SECTION AUTHORITY
+example.com.	IN NS	ns.example.com.
+SECTION ADDITIONAL
+ns.example.com.		IN 	A	1.2.3.4
+ENTRY_END
+RANGE_END
+
+; ns.example.com.
+RANGE_BEGIN 0 100
+	ADDRESS 1.2.3.4
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+example.com. IN NS
+SECTION ANSWER
+example.com.    IN NS   ns.example.com.
+example.com.    3600    IN      RRSIG   NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854}
+example.com.	3600	IN	RRSIG	NS 5 2 3600 20070926134150 20070829134150 30899 example.com. YTqtYba73HIOQuPr5oDyIX9pfmz1ybEBjwlD/jUgcPmFINUOZ9FeqG6ywgRKwn4AizkKTK00p1sxZYMKxl91wg== ;{id = 30899}
+SECTION ADDITIONAL
+ns.example.com.         IN      A       1.2.3.4
+ns.example.com. 3600    IN      RRSIG   A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854}
+ns.example.com.	3600	IN	RRSIG	A 5 3 3600 20070926134150 20070829134150 30899 example.com. Dn1ziMKrc3NdJkSv8g61Y9WNk3+BAuwCwnYzAZiHmkejkSCPViLJN7+f4Conp9l8LkTl50ZnLgoYrrUYNhMj6w== ;{id = 30899}
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR AA NOERROR
+SECTION QUESTION
+ns.example.com. IN AAAA
+SECTION ANSWER
+SECTION AUTHORITY
+example.com.    IN NS   ns.example.com.
+example.com.    3600    IN      RRSIG   NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854}
+example.com.	3600	IN	RRSIG	NS 5 2 3600 20070926134150 20070829134150 30899 example.com. YTqtYba73HIOQuPr5oDyIX9pfmz1ybEBjwlD/jUgcPmFINUOZ9FeqG6ywgRKwn4AizkKTK00p1sxZYMKxl91wg== ;{id = 30899}
+SECTION ADDITIONAL
+ns.example.com.         IN      A       1.2.3.4
+ns.example.com. 3600    IN      RRSIG   A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854}
+ns.example.com.	3600	IN	RRSIG	A 5 3 3600 20070926134150 20070829134150 30899 example.com. Dn1ziMKrc3NdJkSv8g61Y9WNk3+BAuwCwnYzAZiHmkejkSCPViLJN7+f4Conp9l8LkTl50ZnLgoYrrUYNhMj6w== ;{id = 30899}
+ENTRY_END
+
+
+; response to DNSKEY priming query
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+example.com. IN DNSKEY
+SECTION ANSWER
+example.com.	3600	IN	DNSKEY	256 3 5 AQPQ41chR9DEHt/aIzIFAqanbDlRflJoRs5yz1jFsoRIT7dWf0r+PeDuewdxkszNH6wnU4QL8pfKFRh5PIYVBLK3 ;{id = 30899 (zsk), size = 512b}
+example.com.	3600	IN	DNSKEY	256 3 3 ALXLUsWqUrY3JYER3T4TBJIIs70j+sDS/UT2QRp61SE7S3EEXopNXoFE73JLRmvpi/UrOO/Vz4Se6wXv/CYCKjGw06U4WRgRYXcpEhJROyNapmdIKSxhOzfLVE1gqA0PweZR8dtY3aNQSRn3sPpwJr6Mi/PqQKAMMrZ9ckJpf1+bQMOOvxgzz2U1GS18b3yZKcgTMEaJzd/GZYzi/BN2DzQ0MsrSwYXfsNLFOBbs8PJMW4LYIxeeOe6rUgkWOF7CC9Dh/dduQ1QrsJhmZAEFfd6ByYV+ ;{id = 2854 (zsk), size = 512b}
+example.com.	3600	IN	RRSIG	DNSKEY 3 2 3600 20070926134150 20070829134150 2854 example.com. AKIIYDOGHogglFqJK94ZtOnF7EfGikgAyloMNRSMCrQgFaFkmcOyjrc= ;{id = 2854}
+example.com.	3600	IN	RRSIG	DNSKEY 5 2 3600 20070926134150 20070829134150 30899 example.com. J55fsz1GGMnngc4r50xvXDUdaVMlfcLKLVsfMhwNLF+ERac5XV/lLRAc/aSER+qQdsSo0CrjYjy1wat7YQpDAA== ;{id = 30899}
+SECTION AUTHORITY
+example.com.	IN NS	ns.example.com.
+example.com.    3600    IN      RRSIG   NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854}
+example.com.	3600	IN	RRSIG	NS 5 2 3600 20070926134150 20070829134150 30899 example.com. YTqtYba73HIOQuPr5oDyIX9pfmz1ybEBjwlD/jUgcPmFINUOZ9FeqG6ywgRKwn4AizkKTK00p1sxZYMKxl91wg== ;{id = 30899}
+SECTION ADDITIONAL
+ns.example.com.		IN 	A	1.2.3.4
+ns.example.com. 3600    IN      RRSIG   A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854}
+ns.example.com.	3600	IN	RRSIG	A 5 3 3600 20070926134150 20070829134150 30899 example.com. Dn1ziMKrc3NdJkSv8g61Y9WNk3+BAuwCwnYzAZiHmkejkSCPViLJN7+f4Conp9l8LkTl50ZnLgoYrrUYNhMj6w== ;{id = 30899}
+ENTRY_END
+
+; response to query of interest
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+www.example.com. IN A
+SECTION ANSWER
+www.example.com. IN A	10.20.30.40
+www.example.com.	3600	IN	RRSIG	A 5 3 3600 20070926134150 20070829134150 30899 example.com. JNWECShNE+nCLQwOXJJ3xpUkh2G+FCh5nk8uYAHIVQRse/BIvCMSlvRrtVyw9RnXvk5RR2bEgN0pRdLWW7ug5Q== ;{id = 30899}
+www.example.com.        3600    IN      RRSIG   A 3 3 3600 20070926134150 20070829134150 2854 example.com. MC0CFC99iE9K5y2WNgI0gFvBWaTi9wm6AhUAoUqOpDtG5Zct+Qr9F3mSdnbc6V4= ;{id = 2854}
+SECTION AUTHORITY
+example.com.	IN NS	ns.example.com.
+example.com.    3600    IN      RRSIG   NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854}
+example.com.	3600	IN	RRSIG	NS 5 2 3600 20070926134150 20070829134150 30899 example.com. YTqtYba73HIOQuPr5oDyIX9pfmz1ybEBjwlD/jUgcPmFINUOZ9FeqG6ywgRKwn4AizkKTK00p1sxZYMKxl91wg== ;{id = 30899}
+SECTION ADDITIONAL
+ns.example.com.		IN 	A	1.2.3.4
+ns.example.com. 3600    IN      RRSIG   A 3 3 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCQMyTjn7WWwpwAR1LlVeLpRgZGuQIUCcJDEkwAuzytTDRlYK7nIMwH1CM= ;{id = 2854}
+ns.example.com.	3600	IN	RRSIG	A 5 3 3600 20070926134150 20070829134150 30899 example.com. Dn1ziMKrc3NdJkSv8g61Y9WNk3+BAuwCwnYzAZiHmkejkSCPViLJN7+f4Conp9l8LkTl50ZnLgoYrrUYNhMj6w== ;{id = 30899}
+ENTRY_END
+RANGE_END
+
+STEP 1 QUERY
+ENTRY_BEGIN
+REPLY RD DO
+SECTION QUESTION
+www.example.com. IN A
+ENTRY_END
+
+; recursion happens here.
+STEP 10 CHECK_ANSWER
+ENTRY_BEGIN
+MATCH all
+REPLY QR RD RA AD DO NOERROR
+SECTION QUESTION
+www.example.com. IN A
+SECTION ANSWER
+www.example.com. IN A	10.20.30.40
+www.example.com.	3600	IN	RRSIG	A 5 3 3600 20070926134150 20070829134150 30899 example.com. JNWECShNE+nCLQwOXJJ3xpUkh2G+FCh5nk8uYAHIVQRse/BIvCMSlvRrtVyw9RnXvk5RR2bEgN0pRdLWW7ug5Q== ;{id = 30899}
+www.example.com.        3600    IN      RRSIG   A 3 3 3600 20070926134150 20070829134150 2854 example.com. MC0CFC99iE9K5y2WNgI0gFvBWaTi9wm6AhUAoUqOpDtG5Zct+Qr9F3mSdnbc6V4= ;{id = 2854}
+SECTION AUTHORITY
+example.com.	IN NS	ns.example.com.
+example.com.    3600    IN      RRSIG   NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854}
+example.com.	3600	IN	RRSIG	NS 5 2 3600 20070926134150 20070829134150 30899 example.com. YTqtYba73HIOQuPr5oDyIX9pfmz1ybEBjwlD/jUgcPmFINUOZ9FeqG6ywgRKwn4AizkKTK00p1sxZYMKxl91wg== ;{id = 30899}
+SECTION ADDITIONAL
+ns.example.com.		IN 	A	1.2.3.4
+ns.example.com. 3600    IN      RRSIG   A 3 3 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCQMyTjn7WWwpwAR1LlVeLpRgZGuQIUCcJDEkwAuzytTDRlYK7nIMwH1CM= ;{id = 2854}
+ns.example.com.	3600	IN	RRSIG	A 5 3 3600 20070926134150 20070829134150 30899 example.com. Dn1ziMKrc3NdJkSv8g61Y9WNk3+BAuwCwnYzAZiHmkejkSCPViLJN7+f4Conp9l8LkTl50ZnLgoYrrUYNhMj6w== ;{id = 30899}
+ENTRY_END
+
+SCENARIO_END
diff --git a/src/test/resources/unbound/val_ta_algo_missing.rpl b/src/test/resources/unbound/val_ta_algo_missing.rpl
new file mode 100644
index 000000000..e8d5c349c
--- /dev/null
+++ b/src/test/resources/unbound/val_ta_algo_missing.rpl
@@ -0,0 +1,181 @@
+; config options
+; The island of trust is at example.com
+server:
+;	trust-anchor: "example.com.	3600	IN	DNSKEY	256 3 3 ALXLUsWqUrY3JYER3T4TBJIIs70j+sDS/UT2QRp61SE7S3EEXopNXoFE73JLRmvpi/UrOO/Vz4Se6wXv/CYCKjGw06U4WRgRYXcpEhJROyNapmdIKSxhOzfLVE1gqA0PweZR8dtY3aNQSRn3sPpwJr6Mi/PqQKAMMrZ9ckJpf1+bQMOOvxgzz2U1GS18b3yZKcgTMEaJzd/GZYzi/BN2DzQ0MsrSwYXfsNLFOBbs8PJMW4LYIxeeOe6rUgkWOF7CC9Dh/dduQ1QrsJhmZAEFfd6ByYV+ ;{id = 2854 (zsk), size = 1688b}"
+; dnssecjava behaves different than unbound by creating an in-memory DS record from a DNSKEY trust anchor
+; thus add a real one here to prevent a forced digest upgrade
+	trust-anchor: "example.com.	3600	IN	DS	2854 3 1 46e4ffc6e9a4793b488954bd3f0cc6af0dfb201b"
+	trust-anchor: "example.com.	3600	IN	DS	30899 5 1 d4bf9d2e10f6d76840d42ef5913022abcd0bf512"
+; this is the anchor that has no DNSKEY, thus causing the validation to fail with
+; harden-algo-downgrade enabled
+	trust-anchor: "example.com.	3600	IN	DS	30899 7 1 d4bf9d2e10f6d76840d42ef5913022abcd0bf512"
+	val-override-date: "20070916134226"
+	target-fetch-policy: "0 0 0 0 0"
+	qname-minimisation: "no"
+	harden-algo-downgrade: yes
+	fake-sha1: yes
+	val-min-rsa-size: 512
+	trust-anchor-signaling: no
+
+stub-zone:
+	name: "."
+	stub-addr: 193.0.14.129 	# K.ROOT-SERVERS.NET.
+CONFIG_END
+
+SCENARIO_BEGIN Test validator with multiple algorithm missing one
+
+; K.ROOT-SERVERS.NET.
+RANGE_BEGIN 0 100
+	ADDRESS 193.0.14.129
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+. IN NS
+SECTION ANSWER
+. IN NS	K.ROOT-SERVERS.NET.
+SECTION ADDITIONAL
+K.ROOT-SERVERS.NET.	IN	A	193.0.14.129
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+www.example.com. IN A
+SECTION AUTHORITY
+com.	IN NS	a.gtld-servers.net.
+SECTION ADDITIONAL
+a.gtld-servers.net.	IN 	A	192.5.6.30
+ENTRY_END
+RANGE_END
+
+; a.gtld-servers.net.
+RANGE_BEGIN 0 100
+	ADDRESS 192.5.6.30
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+com. IN NS
+SECTION ANSWER
+com.    IN NS   a.gtld-servers.net.
+SECTION ADDITIONAL
+a.gtld-servers.net.     IN      A       192.5.6.30
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+www.example.com. IN A
+SECTION AUTHORITY
+example.com.	IN NS	ns.example.com.
+SECTION ADDITIONAL
+ns.example.com.		IN 	A	1.2.3.4
+ENTRY_END
+RANGE_END
+
+; ns.example.com.
+RANGE_BEGIN 0 100
+	ADDRESS 1.2.3.4
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+example.com. IN NS
+SECTION ANSWER
+example.com.    IN NS   ns.example.com.
+example.com.    3600    IN      RRSIG   NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854}
+example.com.	3600	IN	RRSIG	NS 5 2 3600 20070926134150 20070829134150 30899 example.com. YTqtYba73HIOQuPr5oDyIX9pfmz1ybEBjwlD/jUgcPmFINUOZ9FeqG6ywgRKwn4AizkKTK00p1sxZYMKxl91wg== ;{id = 30899}
+SECTION ADDITIONAL
+ns.example.com.         IN      A       1.2.3.4
+ns.example.com. 3600    IN      RRSIG   A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854}
+ns.example.com.	3600	IN	RRSIG	A 5 3 3600 20070926134150 20070829134150 30899 example.com. Dn1ziMKrc3NdJkSv8g61Y9WNk3+BAuwCwnYzAZiHmkejkSCPViLJN7+f4Conp9l8LkTl50ZnLgoYrrUYNhMj6w== ;{id = 30899}
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR AA NOERROR
+SECTION QUESTION
+ns.example.com. IN AAAA
+SECTION ANSWER
+SECTION AUTHORITY
+example.com.    IN NS   ns.example.com.
+example.com.    3600    IN      RRSIG   NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854}
+example.com.	3600	IN	RRSIG	NS 5 2 3600 20070926134150 20070829134150 30899 example.com. YTqtYba73HIOQuPr5oDyIX9pfmz1ybEBjwlD/jUgcPmFINUOZ9FeqG6ywgRKwn4AizkKTK00p1sxZYMKxl91wg== ;{id = 30899}
+SECTION ADDITIONAL
+ns.example.com.         IN      A       1.2.3.4
+ns.example.com. 3600    IN      RRSIG   A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854}
+ns.example.com.	3600	IN	RRSIG	A 5 3 3600 20070926134150 20070829134150 30899 example.com. Dn1ziMKrc3NdJkSv8g61Y9WNk3+BAuwCwnYzAZiHmkejkSCPViLJN7+f4Conp9l8LkTl50ZnLgoYrrUYNhMj6w== ;{id = 30899}
+ENTRY_END
+
+
+; response to DNSKEY priming query
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+example.com. IN DNSKEY
+SECTION ANSWER
+example.com.	3600	IN	DNSKEY	256 3 5 AQPQ41chR9DEHt/aIzIFAqanbDlRflJoRs5yz1jFsoRIT7dWf0r+PeDuewdxkszNH6wnU4QL8pfKFRh5PIYVBLK3 ;{id = 30899 (zsk), size = 512b}
+example.com.	3600	IN	DNSKEY	256 3 3 ALXLUsWqUrY3JYER3T4TBJIIs70j+sDS/UT2QRp61SE7S3EEXopNXoFE73JLRmvpi/UrOO/Vz4Se6wXv/CYCKjGw06U4WRgRYXcpEhJROyNapmdIKSxhOzfLVE1gqA0PweZR8dtY3aNQSRn3sPpwJr6Mi/PqQKAMMrZ9ckJpf1+bQMOOvxgzz2U1GS18b3yZKcgTMEaJzd/GZYzi/BN2DzQ0MsrSwYXfsNLFOBbs8PJMW4LYIxeeOe6rUgkWOF7CC9Dh/dduQ1QrsJhmZAEFfd6ByYV+ ;{id = 2854 (zsk), size = 512b}
+example.com.	3600	IN	RRSIG	DNSKEY 3 2 3600 20070926134150 20070829134150 2854 example.com. AKIIYDOGHogglFqJK94ZtOnF7EfGikgAyloMNRSMCrQgFaFkmcOyjrc= ;{id = 2854}
+example.com.	3600	IN	RRSIG	DNSKEY 5 2 3600 20070926134150 20070829134150 30899 example.com. J55fsz1GGMnngc4r50xvXDUdaVMlfcLKLVsfMhwNLF+ERac5XV/lLRAc/aSER+qQdsSo0CrjYjy1wat7YQpDAA== ;{id = 30899}
+SECTION AUTHORITY
+example.com.	IN NS	ns.example.com.
+example.com.    3600    IN      RRSIG   NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854}
+example.com.	3600	IN	RRSIG	NS 5 2 3600 20070926134150 20070829134150 30899 example.com. YTqtYba73HIOQuPr5oDyIX9pfmz1ybEBjwlD/jUgcPmFINUOZ9FeqG6ywgRKwn4AizkKTK00p1sxZYMKxl91wg== ;{id = 30899}
+SECTION ADDITIONAL
+ns.example.com.		IN 	A	1.2.3.4
+ns.example.com. 3600    IN      RRSIG   A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854}
+ns.example.com.	3600	IN	RRSIG	A 5 3 3600 20070926134150 20070829134150 30899 example.com. Dn1ziMKrc3NdJkSv8g61Y9WNk3+BAuwCwnYzAZiHmkejkSCPViLJN7+f4Conp9l8LkTl50ZnLgoYrrUYNhMj6w== ;{id = 30899}
+ENTRY_END
+
+; response to query of interest
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+www.example.com. IN A
+SECTION ANSWER
+www.example.com. IN A	10.20.30.40
+www.example.com.        3600    IN      RRSIG   A 3 3 3600 20070926134150 20070829134150 2854 example.com. MC0CFC99iE9K5y2WNgI0gFvBWaTi9wm6AhUAoUqOpDtG5Zct+Qr9F3mSdnbc6V4= ;{id = 2854}
+www.example.com.	3600	IN	RRSIG	A 5 3 3600 20070926134150 20070829134150 30899 example.com. JNWECShNE+nCLQwOXJJ3xpUkh2G+FCh5nk8uYAHIVQRse/BIvCMSlvRrtVyw9RnXvk5RR2bEgN0pRdLWW7ug5Q== ;{id = 30899}
+SECTION AUTHORITY
+example.com.	IN NS	ns.example.com.
+example.com.    3600    IN      RRSIG   NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854}
+example.com.	3600	IN	RRSIG	NS 5 2 3600 20070926134150 20070829134150 30899 example.com. YTqtYba73HIOQuPr5oDyIX9pfmz1ybEBjwlD/jUgcPmFINUOZ9FeqG6ywgRKwn4AizkKTK00p1sxZYMKxl91wg== ;{id = 30899}
+SECTION ADDITIONAL
+ns.example.com.		IN 	A	1.2.3.4
+ns.example.com. 3600    IN      RRSIG   A 3 3 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCQMyTjn7WWwpwAR1LlVeLpRgZGuQIUCcJDEkwAuzytTDRlYK7nIMwH1CM= ;{id = 2854}
+ns.example.com.	3600	IN	RRSIG	A 5 3 3600 20070926134150 20070829134150 30899 example.com. Dn1ziMKrc3NdJkSv8g61Y9WNk3+BAuwCwnYzAZiHmkejkSCPViLJN7+f4Conp9l8LkTl50ZnLgoYrrUYNhMj6w== ;{id = 30899}
+ENTRY_END
+RANGE_END
+
+STEP 1 QUERY
+ENTRY_BEGIN
+REPLY RD DO
+SECTION QUESTION
+www.example.com. IN A
+ENTRY_END
+
+; recursion happens here.
+STEP 10 CHECK_ANSWER
+ENTRY_BEGIN
+MATCH all
+REPLY QR RD RA DO SERVFAIL
+SECTION QUESTION
+www.example.com. IN A
+SECTION ANSWER
+ENTRY_END
+
+SCENARIO_END
diff --git a/src/test/resources/unbound/val_ta_algo_missing_dp.rpl b/src/test/resources/unbound/val_ta_algo_missing_dp.rpl
new file mode 100644
index 000000000..0ed78be3a
--- /dev/null
+++ b/src/test/resources/unbound/val_ta_algo_missing_dp.rpl
@@ -0,0 +1,190 @@
+; config options
+; The island of trust is at example.com
+server:
+	trust-anchor: "example.com.	3600	IN	DNSKEY	256 3 3 ALXLUsWqUrY3JYER3T4TBJIIs70j+sDS/UT2QRp61SE7S3EEXopNXoFE73JLRmvpi/UrOO/Vz4Se6wXv/CYCKjGw06U4WRgRYXcpEhJROyNapmdIKSxhOzfLVE1gqA0PweZR8dtY3aNQSRn3sPpwJr6Mi/PqQKAMMrZ9ckJpf1+bQMOOvxgzz2U1GS18b3yZKcgTMEaJzd/GZYzi/BN2DzQ0MsrSwYXfsNLFOBbs8PJMW4LYIxeeOe6rUgkWOF7CC9Dh/dduQ1QrsJhmZAEFfd6ByYV+ ;{id = 2854 (zsk), size = 1688b}"
+	trust-anchor: "example.com.	3600	IN	DS	30899 5 1 d4bf9d2e10f6d76840d42ef5913022abcd0bf512"
+	trust-anchor: "example.com.	3600	IN	DS	30899 7 1 d4bf9d2e10f6d76840d42ef5913022abcd0bf512"
+	val-override-date: "20070916134226"
+	target-fetch-policy: "0 0 0 0 0"
+	qname-minimisation: "no"
+	harden-algo-downgrade: no
+	fake-sha1: yes
+	val-min-rsa-size: 512
+	trust-anchor-signaling: no
+	minimal-responses: no
+
+stub-zone:
+	name: "."
+	stub-addr: 193.0.14.129 	# K.ROOT-SERVERS.NET.
+CONFIG_END
+
+SCENARIO_BEGIN Test validator with multiple algorithm missing one
+
+; K.ROOT-SERVERS.NET.
+RANGE_BEGIN 0 100
+	ADDRESS 193.0.14.129
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+. IN NS
+SECTION ANSWER
+. IN NS	K.ROOT-SERVERS.NET.
+SECTION ADDITIONAL
+K.ROOT-SERVERS.NET.	IN	A	193.0.14.129
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+www.example.com. IN A
+SECTION AUTHORITY
+com.	IN NS	a.gtld-servers.net.
+SECTION ADDITIONAL
+a.gtld-servers.net.	IN 	A	192.5.6.30
+ENTRY_END
+RANGE_END
+
+; a.gtld-servers.net.
+RANGE_BEGIN 0 100
+	ADDRESS 192.5.6.30
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+com. IN NS
+SECTION ANSWER
+com.    IN NS   a.gtld-servers.net.
+SECTION ADDITIONAL
+a.gtld-servers.net.     IN      A       192.5.6.30
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+www.example.com. IN A
+SECTION AUTHORITY
+example.com.	IN NS	ns.example.com.
+SECTION ADDITIONAL
+ns.example.com.		IN 	A	1.2.3.4
+ENTRY_END
+RANGE_END
+
+; ns.example.com.
+RANGE_BEGIN 0 100
+	ADDRESS 1.2.3.4
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+example.com. IN NS
+SECTION ANSWER
+example.com.    IN NS   ns.example.com.
+example.com.    3600    IN      RRSIG   NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854}
+example.com.	3600	IN	RRSIG	NS 5 2 3600 20070926134150 20070829134150 30899 example.com. YTqtYba73HIOQuPr5oDyIX9pfmz1ybEBjwlD/jUgcPmFINUOZ9FeqG6ywgRKwn4AizkKTK00p1sxZYMKxl91wg== ;{id = 30899}
+SECTION ADDITIONAL
+ns.example.com.         IN      A       1.2.3.4
+ns.example.com. 3600    IN      RRSIG   A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854}
+ns.example.com.	3600	IN	RRSIG	A 5 3 3600 20070926134150 20070829134150 30899 example.com. Dn1ziMKrc3NdJkSv8g61Y9WNk3+BAuwCwnYzAZiHmkejkSCPViLJN7+f4Conp9l8LkTl50ZnLgoYrrUYNhMj6w== ;{id = 30899}
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR AA NOERROR
+SECTION QUESTION
+ns.example.com. IN AAAA
+SECTION ANSWER
+SECTION AUTHORITY
+example.com.    IN NS   ns.example.com.
+example.com.    3600    IN      RRSIG   NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854}
+example.com.	3600	IN	RRSIG	NS 5 2 3600 20070926134150 20070829134150 30899 example.com. YTqtYba73HIOQuPr5oDyIX9pfmz1ybEBjwlD/jUgcPmFINUOZ9FeqG6ywgRKwn4AizkKTK00p1sxZYMKxl91wg== ;{id = 30899}
+SECTION ADDITIONAL
+ns.example.com.         IN      A       1.2.3.4
+ns.example.com. 3600    IN      RRSIG   A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854}
+ns.example.com.	3600	IN	RRSIG	A 5 3 3600 20070926134150 20070829134150 30899 example.com. Dn1ziMKrc3NdJkSv8g61Y9WNk3+BAuwCwnYzAZiHmkejkSCPViLJN7+f4Conp9l8LkTl50ZnLgoYrrUYNhMj6w== ;{id = 30899}
+ENTRY_END
+
+
+; response to DNSKEY priming query
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+example.com. IN DNSKEY
+SECTION ANSWER
+example.com.	3600	IN	DNSKEY	256 3 5 AQPQ41chR9DEHt/aIzIFAqanbDlRflJoRs5yz1jFsoRIT7dWf0r+PeDuewdxkszNH6wnU4QL8pfKFRh5PIYVBLK3 ;{id = 30899 (zsk), size = 512b}
+example.com.	3600	IN	DNSKEY	256 3 3 ALXLUsWqUrY3JYER3T4TBJIIs70j+sDS/UT2QRp61SE7S3EEXopNXoFE73JLRmvpi/UrOO/Vz4Se6wXv/CYCKjGw06U4WRgRYXcpEhJROyNapmdIKSxhOzfLVE1gqA0PweZR8dtY3aNQSRn3sPpwJr6Mi/PqQKAMMrZ9ckJpf1+bQMOOvxgzz2U1GS18b3yZKcgTMEaJzd/GZYzi/BN2DzQ0MsrSwYXfsNLFOBbs8PJMW4LYIxeeOe6rUgkWOF7CC9Dh/dduQ1QrsJhmZAEFfd6ByYV+ ;{id = 2854 (zsk), size = 512b}
+example.com.	3600	IN	RRSIG	DNSKEY 3 2 3600 20070926134150 20070829134150 2854 example.com. AKIIYDOGHogglFqJK94ZtOnF7EfGikgAyloMNRSMCrQgFaFkmcOyjrc= ;{id = 2854}
+example.com.	3600	IN	RRSIG	DNSKEY 5 2 3600 20070926134150 20070829134150 30899 example.com. J55fsz1GGMnngc4r50xvXDUdaVMlfcLKLVsfMhwNLF+ERac5XV/lLRAc/aSER+qQdsSo0CrjYjy1wat7YQpDAA== ;{id = 30899}
+SECTION AUTHORITY
+example.com.	IN NS	ns.example.com.
+example.com.    3600    IN      RRSIG   NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854}
+example.com.	3600	IN	RRSIG	NS 5 2 3600 20070926134150 20070829134150 30899 example.com. YTqtYba73HIOQuPr5oDyIX9pfmz1ybEBjwlD/jUgcPmFINUOZ9FeqG6ywgRKwn4AizkKTK00p1sxZYMKxl91wg== ;{id = 30899}
+SECTION ADDITIONAL
+ns.example.com.		IN 	A	1.2.3.4
+ns.example.com. 3600    IN      RRSIG   A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854}
+ns.example.com.	3600	IN	RRSIG	A 5 3 3600 20070926134150 20070829134150 30899 example.com. Dn1ziMKrc3NdJkSv8g61Y9WNk3+BAuwCwnYzAZiHmkejkSCPViLJN7+f4Conp9l8LkTl50ZnLgoYrrUYNhMj6w== ;{id = 30899}
+ENTRY_END
+
+; response to query of interest
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+www.example.com. IN A
+SECTION ANSWER
+www.example.com. IN A	10.20.30.40
+www.example.com.        3600    IN      RRSIG   A 3 3 3600 20070926134150 20070829134150 2854 example.com. MC0CFC99iE9K5y2WNgI0gFvBWaTi9wm6AhUAoUqOpDtG5Zct+Qr9F3mSdnbc6V4= ;{id = 2854}
+www.example.com.	3600	IN	RRSIG	A 5 3 3600 20070926134150 20070829134150 30899 example.com. JNWECShNE+nCLQwOXJJ3xpUkh2G+FCh5nk8uYAHIVQRse/BIvCMSlvRrtVyw9RnXvk5RR2bEgN0pRdLWW7ug5Q== ;{id = 30899}
+SECTION AUTHORITY
+example.com.	IN NS	ns.example.com.
+example.com.    3600    IN      RRSIG   NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854}
+example.com.	3600	IN	RRSIG	NS 5 2 3600 20070926134150 20070829134150 30899 example.com. YTqtYba73HIOQuPr5oDyIX9pfmz1ybEBjwlD/jUgcPmFINUOZ9FeqG6ywgRKwn4AizkKTK00p1sxZYMKxl91wg== ;{id = 30899}
+SECTION ADDITIONAL
+ns.example.com.		IN 	A	1.2.3.4
+ns.example.com. 3600    IN      RRSIG   A 3 3 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCQMyTjn7WWwpwAR1LlVeLpRgZGuQIUCcJDEkwAuzytTDRlYK7nIMwH1CM= ;{id = 2854}
+ns.example.com.	3600	IN	RRSIG	A 5 3 3600 20070926134150 20070829134150 30899 example.com. Dn1ziMKrc3NdJkSv8g61Y9WNk3+BAuwCwnYzAZiHmkejkSCPViLJN7+f4Conp9l8LkTl50ZnLgoYrrUYNhMj6w== ;{id = 30899}
+ENTRY_END
+RANGE_END
+
+STEP 1 QUERY
+ENTRY_BEGIN
+REPLY RD DO
+SECTION QUESTION
+www.example.com. IN A
+ENTRY_END
+
+; recursion happens here.
+STEP 10 CHECK_ANSWER
+ENTRY_BEGIN
+MATCH all
+REPLY QR RD RA AD DO NOERROR
+SECTION QUESTION
+www.example.com. IN A
+SECTION ANSWER
+www.example.com.	3600	IN	A	10.20.30.40
+www.example.com.	3600	IN	RRSIG	A 5 3 3600 20070926134150 20070829134150 30899 example.com. JNWECShNE+nCLQwOXJJ3xpUkh2G+FCh5nk8uYAHIVQRse/BIvCMSlvRrtVyw9RnXvk5RR2bEgN0pRdLWW7ug5Q== ;{id = 30899}
+www.example.com.	3600	IN	RRSIG	A 3 3 3600 20070926134150 20070829134150 2854 example.com. MC0CFC99iE9K5y2WNgI0gFvBWaTi9wm6AhUAoUqOpDtG5Zct+Qr9F3mSdnbc6V4= ;{id = 2854}
+
+SECTION AUTHORITY
+example.com.	3600	IN	NS	ns.example.com.
+example.com.	3600	IN	RRSIG	NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854}
+example.com.	3600	IN	RRSIG	NS 5 2 3600 20070926134150 20070829134150 30899 example.com. YTqtYba73HIOQuPr5oDyIX9pfmz1ybEBjwlD/jUgcPmFINUOZ9FeqG6ywgRKwn4AizkKTK00p1sxZYMKxl91wg== ;{id = 30899}
+
+SECTION ADDITIONAL
+ns.example.com.	3600	IN	A	1.2.3.4
+ns.example.com.	3600	IN	RRSIG	A 3 3 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCQMyTjn7WWwpwAR1LlVeLpRgZGuQIUCcJDEkwAuzytTDRlYK7nIMwH1CM= ;{id = 2854}
+ns.example.com.	3600	IN	RRSIG	A 5 3 3600 20070926134150 20070829134150 30899 example.com. Dn1ziMKrc3NdJkSv8g61Y9WNk3+BAuwCwnYzAZiHmkejkSCPViLJN7+f4Conp9l8LkTl50ZnLgoYrrUYNhMj6w== ;{id = 30899}
+ENTRY_END
+
+SCENARIO_END
diff --git a/src/test/resources/unbound/val_twocname.rpl b/src/test/resources/unbound/val_twocname.rpl
new file mode 100644
index 000000000..d8e8cf316
--- /dev/null
+++ b/src/test/resources/unbound/val_twocname.rpl
@@ -0,0 +1,135 @@
+; config options
+server:
+	trust-anchor: "ORG. DS 21366 7 1 E6C1716CFB6BDC84E84CE1AB5510DAC69173B5B2"
+	val-override-date: "20091116100204"
+	fake-sha1: yes
+	trust-anchor-signaling: no
+	minimal-responses: no
+
+forward-zone:
+	name: "."
+	forward-addr: 192.0.2.1
+CONFIG_END
+
+SCENARIO_BEGIN Test validator with unsigned CNAME to signed CNAME to data
+
+RANGE_BEGIN 0 100
+	ADDRESS 192.0.2.1
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+k.root-servers.org.  IN      A
+SECTION ANSWER
+k.root-servers.org.     3600    IN      CNAME   www.ripe.net.
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+www.ripe.net.        IN      A
+SECTION ANSWER
+www.ripe.net.   900     IN      CNAME   aquila-www.ripe.net.
+www.ripe.net.   900     IN      RRSIG   CNAME 5 3 900 20091216060007 20091116060007 19386 ripe.net. NjCpVZC/LLnoV1pa91GSL9SP65n7eFKoe/OcuKzUPHumXIDrXnE23F1rNfbjYpVrQDEsG6iInI7Edh2MCS4NI4tLwrytEDgCX7ZnqIMIOV2/gJa5ZkLlmVT71Agnfi788q7ozEq14zlhY+brD5kyBiEcfOhH/qkX+zJuGdt1AcQwMxYn/GQ0Z32k5ulBnzrIFWObBksO ;{id = 19386}
+SECTION AUTHORITY
+ripe.net.       172800  IN      NS      ns3.nic.fr.
+ripe.net.       172800  IN      NS      sunic.sunet.se.
+ripe.net.       172800  IN      NS      ns-pri.ripe.net.
+ripe.net.       172800  IN      NS      sns-pb.isc.org.
+ripe.net.       172800  IN      RRSIG   NS 5 2 172800 20091216060007 20091116060007 19386 ripe.net. Km2zmkvPOjRddE+SlFBokj2QVroW/R8D2C6u6uCtFI5HVLZTV+oxrIw1ZYYWwe/Jf2CpVBzh3P6iHtWvojM8DHhfkO84wsO33ssqzIzq7e8nDOinqeeGB7yyl642xHCt0jObRewX1hU6Deubs42pFZmO6YKL8Tx6Jb5oe2yyoVebv4bX2qLoEPFw9plE0VavfD397Y4g ;{id = 19386}
+SECTION ADDITIONAL
+ns-pri.ripe.net.        172800  IN      A       193.0.0.195
+ns-pri.ripe.net.        172800  IN      AAAA    2001:610:240:0:53::3
+ns-pri.ripe.net.        172800  IN      RRSIG   A 5 3 172800 20091216060007 20091116060007 19386 ripe.net. BRxWwUNDivDxXnrPlj3/VPUBrf/bk8tKljRG0pQ/7XucTUMR9ae1huNVTC+FTrfZjggqU9/PZlyJ9TwI1lp7J1lEua1mByCHObzHlO7Cq/m7sjZ9cFvpIm6ke2c+xxjs3X8mHsiyftSsCCSvB43DLhgcJtib6QZlCpFxa4Y3sg1fx+1GENrbKlcuJGGqkdrAw0irvKEv ;{id = 19386}
+ns-pri.ripe.net.        172800  IN      RRSIG   AAAA 5 3 172800 20091216060007 20091116060007 19386 ripe.net. Ngd/GLGHakPj1A4rna19OPFpMPVSgCj7CgBtsuwjGwurMFEje4F4miNleazkdQKqe2kRMpB+Kg2OBnnRZpjR2PR9ZjRv6rss6/DL5qMRkDH6Xghwl5ZZzIONTgRSZlHKaHQZ7BHR2azZTo9wupK7VuE7f7EWmjBc5SDNiNOfwuEujUg2DvO1JOv16P2JLeQ3Vst4ovxW ;{id = 19386}
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+aquila-www.ripe.net. IN      A
+SECTION ANSWER
+aquila-www.ripe.net.    600     IN      A       193.0.19.25
+aquila-www.ripe.net.    600     IN      RRSIG   A 5 3 600 20091216060007 20091116060007 19386 ripe.net. RuPSSATpwiS5hY4WTt7x9Hzq1tQ+ttWgq0hpgJPSorqJHlLbvgucXd8LhrcIFmBm/K/3sj9UYP1viCjbqfvjGToUdv+g4z9KrNq3FoAal6WSyTBgxAgvnHjNi9gRTZBm4O+rUQCKUD8XwlG6r3SKo6iOeSM84CHeQkGjsp5GNxpGnIagWkr5BzjKhaaUc+i82vk1SrNa ;{id = 19386}
+SECTION AUTHORITY
+ripe.net.       172800  IN      NS      ns3.nic.fr.
+ripe.net.       172800  IN      NS      sunic.sunet.se.
+ripe.net.       172800  IN      NS      ns-pri.ripe.net.
+ripe.net.       172800  IN      NS      sns-pb.isc.org.
+ripe.net.       172800  IN      RRSIG   NS 5 2 172800 20091216060007 20091116060007 19386 ripe.net. Km2zmkvPOjRddE+SlFBokj2QVroW/R8D2C6u6uCtFI5HVLZTV+oxrIw1ZYYWwe/Jf2CpVBzh3P6iHtWvojM8DHhfkO84wsO33ssqzIzq7e8nDOinqeeGB7yyl642xHCt0jObRewX1hU6Deubs42pFZmO6YKL8Tx6Jb5oe2yyoVebv4bX2qLoEPFw9plE0VavfD397Y4g ;{id = 19386}
+SECTION ADDITIONAL
+ns-pri.ripe.net.        172800  IN      A       193.0.0.195
+ns-pri.ripe.net.        172800  IN      AAAA    2001:610:240:0:53::3
+ns-pri.ripe.net.        172800  IN      RRSIG   A 5 3 172800 20091216060007 20091116060007 19386 ripe.net. BRxWwUNDivDxXnrPlj3/VPUBrf/bk8tKljRG0pQ/7XucTUMR9ae1huNVTC+FTrfZjggqU9/PZlyJ9TwI1lp7J1lEua1mByCHObzHlO7Cq/m7sjZ9cFvpIm6ke2c+xxjs3X8mHsiyftSsCCSvB43DLhgcJtib6QZlCpFxa4Y3sg1fx+1GENrbKlcuJGGqkdrAw0irvKEv ;{id = 19386}
+ns-pri.ripe.net.        172800  IN      RRSIG   AAAA 5 3 172800 20091216060007 20091116060007 19386 ripe.net. Ngd/GLGHakPj1A4rna19OPFpMPVSgCj7CgBtsuwjGwurMFEje4F4miNleazkdQKqe2kRMpB+Kg2OBnnRZpjR2PR9ZjRv6rss6/DL5qMRkDH6Xghwl5ZZzIONTgRSZlHKaHQZ7BHR2azZTo9wupK7VuE7f7EWmjBc5SDNiNOfwuEujUg2DvO1JOv16P2JLeQ3Vst4ovxW ;{id = 19386}
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+ORG. IN      DNSKEY
+SECTION ANSWER
+ORG.    900     IN      DNSKEY  256 3 7 AwEAAdV7bl0omw53nFPoUZSowSTSTDpQO4K8th19coBjlS0iMIWb0NF5YzGkoeditMS8ZLkgc9wS9txeH6XGHzwqJNc5eQcQEOasmC7vqaopoeN/GP/ZkUMbtNTcN1qzS9WzJ4gToxeNCHkAc7LZGh5XY/v1n599hk/ifotV/ZDGhN+H ;{id = 5273 (zsk), size = 1024b}
+ORG.    900     IN      DNSKEY  257 3 7 AwEAAYpYfj3aaRzzkxWQqMdl7YExY81NdYSv+qayuZDodnZ9IMh0bwMcYaVUdzNAbVeJ8gd6jq1sR3VvP/SR36mmGssbV4Udl5ORDtqiZP2TDNDHxEnKKTX+jWfytZeT7d3AbSzBKC0v7uZrM6M2eoJnl6id66rEUmQC2p9DrrDg9F6tXC9CD/zC7/y+BNNpiOdnM5DXk7HhZm7ra9E7ltL13h2mx7kEgU8e6npJlCoXjraIBgUDthYs48W/sdTDLu7N59rjCG+bpil+c8oZ9f7NR3qmSTpTP1m86RqUQnVErifrH8KjDqL+3wzUdF5ACkYwt1XhPVPU+wSIlzbaAQN49PU= ;{id = 21366 (ksk), size = 2048b}
+ORG.    900     IN      DNSKEY  257 3 7 AwEAAZTjbIO5kIpxWUtyXc8avsKyHIIZ+LjC2Dv8naO+Tz6X2fqzDC1bdq7HlZwtkaqTkMVVJ+8gE9FIreGJ4c8G1GdbjQgbP1OyYIG7OHTc4hv5T2NlyWr6k6QFz98Q4zwFIGTFVvwBhmrMDYsOTtXakK6QwHovA1+83BsUACxlidpwB0hQacbD6x+I2RCDzYuTzj64Jv0/9XsX6AYV3ebcgn4hL1jIR2eJYyXlrAoWxdzxcW//5yeL5RVWuhRxejmnSVnCuxkfS4AQ485KH2tpdbWcCopLJZs6tw8q3jWcpTGzdh/v3xdYfNpQNcPImFlxAun3BtORPA2r8ti6MNoJEHU= ;{id = 9795 (ksk), size = 2048b}
+ORG.    900     IN      DNSKEY  256 3 7 AwEAAaT7yoAEj5kX1rW40gMxUgPYGIc6hIPXihtK44jq6UQlZxTeFdsNX6aNaFpSq9pbI19y4JfQvCPPjw2248fwNzgwxfkdyRk7vzKagad2hs8wQ/C7vYuTUoTjrOBRwnsEHix+jYgKZH+lX1ZRKo/YXyMz05KWH+3j5y0VSrKBcdBZ ;{id = 53990 (zsk), size = 1024b}
+ORG.    900     IN      RRSIG   DNSKEY 7 1 900 20091123154522 20091109144522 5273 org. zHcY20bnIBzsl1CXmZdtt8PWPy079Ic3dQ/pLH2z1yCoC+kWGzLIlU/EcWa0rrQzqc9oK+v63xzXFoib3LewcijiGmKYtFcyi3HGfVdJrDFIxmN52x4pZerVZq9NA/FLQ8ZrobkVgYiEAmjMU1OesPPZPwwlPRdSG421q3o3N4Q= ;{id = 5273}
+ORG.    900     IN      RRSIG   DNSKEY 7 1 900 20091123154522 20091109144522 21366 org. Xlh0UQl+Ldig/jBS7Ty9rfeUztG5P7Brjr/Du+XlC7KjUkk/gNfpxgPmIKuA3ZLwgwTvEF6i7CD7b5gEKKC2P8Y5kQjKcjcDZl0+5W1IfpFF1Ka546erCy5cznXT23W5bzODNiraMs7KwvwMlD3LeOCiBeldPKeZ0yxWI/3YXmwAbkky4MApX9khSnilSaewcVSzQM/iOVuCR/+5esNvcKqjgWbT3M4vorzjc7YxVxF2BTgxybDOn4OkWvdeSlDiIVVS+VtxK0U7yIc59mpE7WxoRLtw/Qkd8bjh+KF5izQO2Q/7VxhkJ6pBxxumHwQahlgOQYxWMLqUc/EZnXSQpQ== ;{id = 21366}
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+root-servers.org.    IN      DS
+SECTION ANSWER
+SECTION AUTHORITY
+h9p7u7tr2u91d0v0ljs9l1gidnp90u3h.org.   86399   IN      NSEC3   1 1 1 d399eaab  h9rsfb7fpf2l8hg35cmpc765tdk23rp6 NS SOA RRSIG DNSKEY NSEC3PARAM  ; flags: optout
+h9p7u7tr2u91d0v0ljs9l1gidnp90u3h.org.   86399   IN      RRSIG   NSEC3 7 2 86400 20091130090148 20091116080148 5273 org. FL7e/4Lhihh9LKAPDKNmlvEHbjkPY/6GLhtVMWtbSfBS8rAaHuInCD/tbQxCmFmT6e3HXHXkUcjC7BSDFPnlhtB8P2iNjvkdZJ72jVTXDY1P6LuK/OJhRT8DjFlHlvjdNgS5/0HCuGYU5A1GPkWGx1waUmblryPApb8HNSAmdYA= ;{id = 5273}
+i8i48ibuph5kgh999ld485qnt660qdag.org.   86399   IN      NSEC3   1 1 1 d399eaab  i94atlaqkvkoms2q45m5msds8r3414ft A RRSIG  ; flags: optout
+i8i48ibuph5kgh999ld485qnt660qdag.org.   86399   IN      RRSIG   NSEC3 7 2 86400 20091125010858 20091111000858 5273 org. WrWFYs2FuzPRYh+hgc8B3ZKL6jiMee2F1FsPNVEx9Ojv76BMELWomI0Zcd90NZbs7kvs5FP1G79s9o3oQHeWVfa6as8Wi6RLn97nX3FVqYI39r7GZnoKj8QGrCsRCatqK4Lsh426X0vzR5CwIA14/XL1w6UQ1KuTHlIu51RidA4= ;{id = 5273}
+ENTRY_END
+
+RANGE_END
+
+STEP 1 QUERY
+ENTRY_BEGIN
+REPLY RD DO
+SECTION QUESTION
+k.root-servers.org.  IN      A
+ENTRY_END
+; recursion happens here.
+STEP 10 CHECK_ANSWER
+ENTRY_BEGIN
+MATCH all
+REPLY QR RD RA DO NOERROR
+SECTION QUESTION
+k.root-servers.org.  IN      A
+SECTION ANSWER
+k.root-servers.org. IN CNAME www.ripe.net.
+www.ripe.net.   900     IN      CNAME   aquila-www.ripe.net.
+www.ripe.net.   900     IN      RRSIG   CNAME 5 3 900 20091216060007 20091116060007 19386 ripe.net. NjCpVZC/LLnoV1pa91GSL9SP65n7eFKoe/OcuKzUPHumXIDrXnE23F1rNfbjYpVrQDEsG6iInI7Edh2MCS4NI4tLwrytEDgCX7ZnqIMIOV2/gJa5ZkLlmVT71Agnfi788q7ozEq14zlhY+brD5kyBiEcfOhH/qkX+zJuGdt1AcQwMxYn/GQ0Z32k5ulBnzrIFWObBksO ;{id = 19386}
+aquila-www.ripe.net.    600     IN      A       193.0.19.25
+aquila-www.ripe.net.    600     IN      RRSIG   A 5 3 600 20091216060007 20091116060007 19386 ripe.net. RuPSSATpwiS5hY4WTt7x9Hzq1tQ+ttWgq0hpgJPSorqJHlLbvgucXd8LhrcIFmBm/K/3sj9UYP1viCjbqfvjGToUdv+g4z9KrNq3FoAal6WSyTBgxAgvnHjNi9gRTZBm4O+rUQCKUD8XwlG6r3SKo6iOeSM84CHeQkGjsp5GNxpGnIagWkr5BzjKhaaUc+i82vk1SrNa ;{id = 19386}
+SECTION AUTHORITY
+ripe.net.       172800  IN      NS      ns3.nic.fr.
+ripe.net.       172800  IN      NS      sunic.sunet.se.
+ripe.net.       172800  IN      NS      ns-pri.ripe.net.
+ripe.net.       172800  IN      NS      sns-pb.isc.org.
+ripe.net.       172800  IN      RRSIG   NS 5 2 172800 20091216060007 20091116060007 19386 ripe.net. Km2zmkvPOjRddE+SlFBokj2QVroW/R8D2C6u6uCtFI5HVLZTV+oxrIw1ZYYWwe/Jf2CpVBzh3P6iHtWvojM8DHhfkO84wsO33ssqzIzq7e8nDOinqeeGB7yyl642xHCt0jObRewX1hU6Deubs42pFZmO6YKL8Tx6Jb5oe2yyoVebv4bX2qLoEPFw9plE0VavfD397Y4g ;{id = 19386}
+SECTION ADDITIONAL
+ns-pri.ripe.net.        172800  IN      A       193.0.0.195
+ns-pri.ripe.net.        172800  IN      AAAA    2001:610:240:0:53::3
+ns-pri.ripe.net.        172800  IN      RRSIG   A 5 3 172800 20091216060007 20091116060007 19386 ripe.net. BRxWwUNDivDxXnrPlj3/VPUBrf/bk8tKljRG0pQ/7XucTUMR9ae1huNVTC+FTrfZjggqU9/PZlyJ9TwI1lp7J1lEua1mByCHObzHlO7Cq/m7sjZ9cFvpIm6ke2c+xxjs3X8mHsiyftSsCCSvB43DLhgcJtib6QZlCpFxa4Y3sg1fx+1GENrbKlcuJGGqkdrAw0irvKEv ;{id = 19386}
+ns-pri.ripe.net.        172800  IN      RRSIG   AAAA 5 3 172800 20091216060007 20091116060007 19386 ripe.net. Ngd/GLGHakPj1A4rna19OPFpMPVSgCj7CgBtsuwjGwurMFEje4F4miNleazkdQKqe2kRMpB+Kg2OBnnRZpjR2PR9ZjRv6rss6/DL5qMRkDH6Xghwl5ZZzIONTgRSZlHKaHQZ7BHR2azZTo9wupK7VuE7f7EWmjBc5SDNiNOfwuEujUg2DvO1JOv16P2JLeQ3Vst4ovxW ;{id = 19386}
+ENTRY_END
+
+SCENARIO_END
diff --git a/src/test/resources/unbound/val_unalgo_anchor.rpl b/src/test/resources/unbound/val_unalgo_anchor.rpl
new file mode 100644
index 000000000..de6b28104
--- /dev/null
+++ b/src/test/resources/unbound/val_unalgo_anchor.rpl
@@ -0,0 +1,153 @@
+; config options
+; The island of trust is at example.com
+server:
+	trust-anchor: "example.com.    3600    IN      DS      2854 208 1 46e4ffc6e9a4793b488954bd3f0cc6af0dfb201b"
+	val-override-date: "20070916134226"
+	target-fetch-policy: "0 0 0 0 0"
+	qname-minimisation: "no"
+	fake-sha1: yes
+	minimal-responses: no
+
+stub-zone:
+	name: "."
+	stub-addr: 193.0.14.129 	# K.ROOT-SERVERS.NET.
+CONFIG_END
+
+SCENARIO_BEGIN Test validator with unsupported algorithm trust anchor
+
+; K.ROOT-SERVERS.NET.
+RANGE_BEGIN 0 100
+	ADDRESS 193.0.14.129
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+. IN NS
+SECTION ANSWER
+. IN NS	K.ROOT-SERVERS.NET.
+SECTION ADDITIONAL
+K.ROOT-SERVERS.NET.	IN	A	193.0.14.129
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+www.example.com. IN A
+SECTION AUTHORITY
+com.	IN NS	a.gtld-servers.net.
+SECTION ADDITIONAL
+a.gtld-servers.net.	IN 	A	192.5.6.30
+ENTRY_END
+RANGE_END
+
+; a.gtld-servers.net.
+RANGE_BEGIN 0 100
+	ADDRESS 192.5.6.30
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+com. IN NS
+SECTION ANSWER
+com.    IN NS   a.gtld-servers.net.
+SECTION ADDITIONAL
+a.gtld-servers.net.     IN      A       192.5.6.30
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+www.example.com. IN A
+SECTION AUTHORITY
+example.com.	IN NS	ns.example.com.
+SECTION ADDITIONAL
+ns.example.com.		IN 	A	1.2.3.4
+ENTRY_END
+RANGE_END
+
+; ns.example.com.
+RANGE_BEGIN 0 100
+	ADDRESS 1.2.3.4
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+example.com. IN NS
+SECTION ANSWER
+example.com.    IN NS   ns.example.com.
+example.com.    3600    IN      RRSIG   NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854}
+SECTION ADDITIONAL
+ns.example.com.         IN      A       1.2.3.4
+ns.example.com. 3600    IN      RRSIG   A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854}
+ENTRY_END
+
+; response to DNSKEY priming query
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+example.com. IN DNSKEY
+SECTION ANSWER
+example.com.    3600    IN      DNSKEY  256 3 3 ALXLUsWqUrY3JYER3T4TBJII s70j+sDS/UT2QRp61SE7S3E EXopNXoFE73JLRmvpi/UrOO/Vz4Se 6wXv/CYCKjGw06U4WRgR YXcpEhJROyNapmdIKSx hOzfLVE1gqA0PweZR8d tY3aNQSRn3sPpwJr6Mi /PqQKAMMrZ9ckJpf1+b QMOOvxgzz2U1GS18b3y ZKcgTMEaJzd/GZYzi/B N2DzQ0MsrSwYXfsNLFO Bbs8PJMW4LYIxeeOe6rUgkWOF 7CC9Dh/dduQ1QrsJhmZAEFfd6ByYV+ ;{id = 2854 (zsk), size = 1688b}
+example.com.    3600    IN      RRSIG   DNSKEY 3 2 3600 20070926134802 20070829134802 2854 example.com. MCwCFG1yhRNtTEa3Eno2zhVVuy2EJX3wAhQeLyUp6+UXcpC5qGNu9tkrTEgPUg== ;{id = 2854}
+SECTION AUTHORITY
+example.com.	IN NS	ns.example.com.
+example.com.    3600    IN      RRSIG   NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854}
+SECTION ADDITIONAL
+ns.example.com.		IN 	A	1.2.3.4
+ns.example.com. 3600    IN      RRSIG   A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854}
+ENTRY_END
+
+; response to query of interest
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+www.example.com. IN A
+SECTION ANSWER
+www.example.com. IN A	10.20.30.40
+www.example.com.        3600    IN      RRSIG   A 3 3 3600 20070926134150 20070829134150 2854 example.com. MC0CFC99iE9K5y2WNgI0gFvBWaTi9wm6AhUAoUqOpDtG5Zct+Qr9F3mSdnbc6V4= ;{id = 2854}
+SECTION AUTHORITY
+example.com.	IN NS	ns.example.com.
+example.com.    3600    IN      RRSIG   NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854}
+SECTION ADDITIONAL
+ns.example.com.		IN 	A	1.2.3.4
+ns.example.com. 3600    IN      RRSIG   A 3 3 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCQMyTjn7WWwpwAR1LlVeLpRgZGuQIUCcJDEkwAuzytTDRlYK7nIMwH1CM= ;{id = 2854}
+ENTRY_END
+RANGE_END
+
+STEP 1 QUERY
+ENTRY_BEGIN
+REPLY RD DO
+SECTION QUESTION
+www.example.com. IN A
+ENTRY_END
+
+; recursion happens here.
+STEP 10 CHECK_ANSWER
+ENTRY_BEGIN
+MATCH all
+REPLY QR RD RA DO NOERROR
+SECTION QUESTION
+www.example.com. IN A
+SECTION ANSWER
+www.example.com. IN A	10.20.30.40
+www.example.com.        3600    IN      RRSIG   A 3 3 3600 20070926134150 20070829134150 2854 example.com. MC0CFC99iE9K5y2WNgI0gFvBWaTi9wm6AhUAoUqOpDtG5Zct+Qr9F3mSdnbc6V4= ;{id = 2854}
+SECTION AUTHORITY
+example.com.	IN NS	ns.example.com.
+example.com.    3600    IN      RRSIG   NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854}
+SECTION ADDITIONAL
+ns.example.com.		IN 	A	1.2.3.4
+ns.example.com. 3600    IN      RRSIG   A 3 3 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCQMyTjn7WWwpwAR1LlVeLpRgZGuQIUCcJDEkwAuzytTDRlYK7nIMwH1CM= ;{id = 2854}
+ENTRY_END
+
+SCENARIO_END
diff --git a/src/test/resources/unbound/val_unalgo_dlv.rpl b/src/test/resources/unbound/val_unalgo_dlv.rpl
new file mode 100644
index 000000000..142beae8d
--- /dev/null
+++ b/src/test/resources/unbound/val_unalgo_dlv.rpl
@@ -0,0 +1,284 @@
+; config options
+; The island of trust is at example.com (the DLV repository)
+server:
+	dlv-anchor: "example.com.    3600    IN      DS      2854 3 1 46e4ffc6e9a4793b488954bd3f0cc6af0dfb201b"
+	val-override-date: "20070916134226"
+	target-fetch-policy: "0 0 0 0 0"
+	qname-minimisation: "no"
+	fake-sha1: yes
+	trust-anchor-signaling: no
+	minimal-responses: no
+
+stub-zone:
+	name: "."
+	stub-addr: 193.0.14.129 	# K.ROOT-SERVERS.NET.
+CONFIG_END
+
+SCENARIO_BEGIN Test validator with unknown algorithm DLV anchor
+; positive response for DLV.
+; but only has unknown algos
+; have to treat zone as insecure
+
+; K.ROOT-SERVERS.NET.
+RANGE_BEGIN 0 100
+	ADDRESS 193.0.14.129 
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+. IN NS
+SECTION ANSWER
+. IN NS	K.ROOT-SERVERS.NET.
+SECTION ADDITIONAL
+K.ROOT-SERVERS.NET.	IN	A	193.0.14.129
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode subdomain
+ADJUST copy_id copy_query
+REPLY QR NOERROR
+SECTION QUESTION
+com. IN A
+SECTION AUTHORITY
+com.	IN NS	a.gtld-servers.net.
+SECTION ADDITIONAL
+a.gtld-servers.net.	IN 	A	192.5.6.30
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode subdomain
+ADJUST copy_id copy_query
+REPLY QR NOERROR
+SECTION QUESTION
+net. IN A
+SECTION AUTHORITY
+net.	IN NS	a.gtld-servers.net.
+SECTION ADDITIONAL
+a.gtld-servers.net.	IN 	A	192.5.6.30
+ENTRY_END
+RANGE_END
+
+; a.gtld-servers.net.
+RANGE_BEGIN 0 100
+	ADDRESS 192.5.6.30
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+com. IN NS
+SECTION ANSWER
+com.    IN NS   a.gtld-servers.net.
+SECTION ADDITIONAL
+a.gtld-servers.net.     IN      A       192.5.6.30
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+net. IN NS
+SECTION ANSWER
+net.    IN NS   a.gtld-servers.net.
+SECTION ADDITIONAL
+a.gtld-servers.net.     IN      A       192.5.6.30
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode subdomain
+ADJUST copy_id copy_query
+REPLY QR NOERROR
+SECTION QUESTION
+example.com. IN A
+SECTION AUTHORITY
+example.com.	IN NS	ns.example.com.
+SECTION ADDITIONAL
+ns.example.com.		IN 	A	1.2.3.4
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode subdomain
+ADJUST copy_id copy_query
+REPLY QR NOERROR
+SECTION QUESTION
+example.net. IN A
+SECTION AUTHORITY
+example.net.	IN NS	ns.example.net.
+SECTION ADDITIONAL
+ns.example.net.		IN 	A	1.2.3.5
+ENTRY_END
+RANGE_END
+
+; ns.example.com.
+RANGE_BEGIN 0 100
+	ADDRESS 1.2.3.4
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+example.com. IN NS
+SECTION ANSWER
+example.com.    IN NS   ns.example.com.
+example.com.    3600    IN      RRSIG   NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854}
+SECTION ADDITIONAL
+ns.example.com.         IN      A       1.2.3.4
+ns.example.com. 3600    IN      RRSIG   A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854}
+ENTRY_END
+
+; response to DNSKEY priming query
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+example.com. IN DNSKEY
+SECTION ANSWER
+example.com.    3600    IN      DNSKEY  256 3 3 ALXLUsWqUrY3JYER3T4TBJII s70j+sDS/UT2QRp61SE7S3E EXopNXoFE73JLRmvpi/UrOO/Vz4Se 6wXv/CYCKjGw06U4WRgR YXcpEhJROyNapmdIKSx hOzfLVE1gqA0PweZR8d tY3aNQSRn3sPpwJr6Mi /PqQKAMMrZ9ckJpf1+b QMOOvxgzz2U1GS18b3y ZKcgTMEaJzd/GZYzi/B N2DzQ0MsrSwYXfsNLFO Bbs8PJMW4LYIxeeOe6rUgkWOF 7CC9Dh/dduQ1QrsJhmZAEFfd6ByYV+ ;{id = 2854 (zsk), size = 1688b}
+example.com.    3600    IN      RRSIG   DNSKEY 3 2 3600 20070926134802 20070829134802 2854 example.com. MCwCFG1yhRNtTEa3Eno2zhVVuy2EJX3wAhQeLyUp6+UXcpC5qGNu9tkrTEgPUg== ;{id = 2854}
+SECTION AUTHORITY
+example.com.	IN NS	ns.example.com.
+example.com.    3600    IN      RRSIG   NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854}
+SECTION ADDITIONAL
+ns.example.com.		IN 	A	1.2.3.4
+ns.example.com. 3600    IN      RRSIG   A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854}
+ENTRY_END
+
+; DLV query
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+example.net.example.com. IN DLV
+SECTION ANSWER
+; algo 208 is unknown
+example.net.example.com.	3600	IN	DLV	30899 208 1 14188c885f20623ad1d3bec42798f3f951793e4c ; xehac-mofum-malyd-bomaf-pegit-fuzes-ganin-misiz-nigel-nozog-soxix
+example.net.example.com.	3600	IN	RRSIG	DLV 3 4 3600 20070926134150 20070829134150 2854 example.com. AFBU1dN/KstcLfQQzy7ZKvPq+2hQg7D6QynqgwI3f8envPQGj782/NA= ;{id = 2854}
+;example.net.example.com.	3600	IN	DLV	30899 5 1 14188c885f20623ad1d3bec42798f3f951793e4c ; xehac-mofum-malyd-bomaf-pegit-fuzes-ganin-misiz-nigel-nozog-soxix
+;example.net.example.com.	3600	IN	RRSIG	DLV 3 4 3600 20070926134150 20070829134150 2854 example.com. ACK48Q/oKwh/SM9yRiKjZYuc+AtEZ2yCPNJ15kKCN8nsVcv7xigmNTY= ;{id = 2854}
+SECTION AUTHORITY
+example.com.	IN NS	ns.example.com.
+example.com.    3600    IN      RRSIG   NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854}
+SECTION ADDITIONAL
+ns.example.com.		IN 	A	1.2.3.4
+ns.example.com. 3600    IN      RRSIG   A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854}
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+net.example.com. IN DLV
+SECTION ANSWER
+SECTION AUTHORITY
+example.com. IN SOA open.nlnetlabs.nl. hostmaster.nlnetlabs.nl. 2008081300 28800 7200 604800 3600
+example.com.	3600	IN	RRSIG	SOA 3 2 3600 20070926134150 20070829134150 2854 example.com. AKPJnPBqfJKxE4P2iVYkSRJno9HmiXJZtjdqE8oBeq9Lk9FytcMdcig= ;{id = 2854}
+example.com IN NSEC example.net.example.com. SOA NS RRSIG NSEC
+example.com.	3600	IN	RRSIG	NSEC 3 2 3600 20070926134150 20070829134150 2854 example.com. AIoUkJ04/7/kJFDLocoqksqt9UL2RHHwlRfXAMxGdBHcNO+GSpG47Uk= ;{id = 2854}
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NXDOMAIN
+SECTION QUESTION
+com.example.com. IN DLV
+SECTION ANSWER
+SECTION AUTHORITY
+example.com. IN SOA open.nlnetlabs.nl. hostmaster.nlnetlabs.nl. 2008081300 28800 7200 604800 3600
+example.com.	3600	IN	RRSIG	SOA 3 2 3600 20070926134150 20070829134150 2854 example.com. AKPJnPBqfJKxE4P2iVYkSRJno9HmiXJZtjdqE8oBeq9Lk9FytcMdcig= ;{id = 2854}
+example.com IN NSEC example.net.example.com. SOA NS RRSIG NSEC
+example.com.	3600	IN	RRSIG	NSEC 3 2 3600 20070926134150 20070829134150 2854 example.com. AIoUkJ04/7/kJFDLocoqksqt9UL2RHHwlRfXAMxGdBHcNO+GSpG47Uk= ;{id = 2854}
+ENTRY_END
+
+RANGE_END
+
+; ns.example.net.
+RANGE_BEGIN 0 100
+	ADDRESS 1.2.3.5
+; DS RR is
+; example.net.	3600	IN	DS	30899 5 1 14188c885f20623ad1d3bec42798f3f951793e4c ; xehac-mofum-malyd-bomaf-pegit-fuzes-ganin-misiz-nigel-nozog-soxix
+; DNSKEY prime query
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+example.net. IN DNSKEY
+SECTION ANSWER
+example.net.    3600    IN      DNSKEY  256 3 5 AQPQ41chR9DEHt/aIzIFAqanbDlRflJoRs5yz1jFsoRIT7dWf0r+PeDuewdxkszNH6wnU4QL8pfKFRh5PIYVBLK3 ;{id = 30899 (zsk), size = 512b}
+example.net.    3600    IN      RRSIG   DNSKEY RSASHA1 2 3600 20070926134150 20070829134150 30899 example.net. hiFzlQ8VoYgCuvIsfVuxC3mfJDqsTh0yc6abs5xMx5uEcIjb0dndFQx7INOM+imlzveEN73Hqp4OLFpFhsWLlw== ;{id = 30899}
+SECTION AUTHORITY
+example.net.    IN NS   ns.example.net.
+example.net.    3600    IN      RRSIG   NS RSASHA1 2 3600 20070926134150 20070829134150 30899 example.net. E8JX0l4B+cSR5bkHQwOJy1pBmlLMTYCJ8EwfNMU/eCv0YhKwo26rHhn52FGisgv+Nwp7/NbhHqQ+kJgoZC94XA== ;{id = 30899}
+SECTION ADDITIONAL
+ns.example.net.         IN      A       1.2.3.5
+ns.example.net. 3600    IN      RRSIG   A RSASHA1 3 3600 20070926134150 20070829134150 30899 example.net. x+tQMC9FhzT7Fcy1pM5NrOC7E8nLd7THPI3C6ie4EwL8PrxllqlR3q/DKB0d/m0qCOPcgN6HFOYURV1s4uAcsw== ;{id = 30899}
+ENTRY_END
+
+; NS query
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+example.net. IN NS
+SECTION ANSWER
+example.net.    IN NS   ns.example.net.
+example.net.    3600    IN      RRSIG   NS RSASHA1 2 3600 20070926134150 20070829134150 30899 example.net. E8JX0l4B+cSR5bkHQwOJy1pBmlLMTYCJ8EwfNMU/eCv0YhKwo26rHhn52FGisgv+Nwp7/NbhHqQ+kJgoZC94XA== ;{id = 30899}
+SECTION ADDITIONAL
+ns.example.net.         IN      A       1.2.3.5
+ns.example.net. 3600    IN      RRSIG   A RSASHA1 3 3600 20070926134150 20070829134150 30899 example.net. x+tQMC9FhzT7Fcy1pM5NrOC7E8nLd7THPI3C6ie4EwL8PrxllqlR3q/DKB0d/m0qCOPcgN6HFOYURV1s4uAcsw== ;{id = 30899}
+ENTRY_END
+
+; www.example.net query
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+www.example.net. IN A
+SECTION ANSWER
+www.example.net.	3600	IN	A	10.20.30.40
+www.example.net.	3600	IN	RRSIG	A 5 3 3600 20070926135752 20070829135752 30899 example.net. ACvv4RQVC7TbI57ewqFImRaVoymktJ5Cxn/FaCodIENt82LVM92nivbP2WtwWCsQHWp7FkrMxTlQTJwyAeXFyg== ;{id = 30899}
+SECTION AUTHORITY
+example.net.    IN NS   ns.example.net.
+example.net.    3600    IN      RRSIG   NS RSASHA1 2 3600 20070926134150 20070829134150 30899 example.net. E8JX0l4B+cSR5bkHQwOJy1pBmlLMTYCJ8EwfNMU/eCv0YhKwo26rHhn52FGisgv+Nwp7/NbhHqQ+kJgoZC94XA== ;{id = 30899}
+SECTION ADDITIONAL
+ns.example.net.         IN      A       1.2.3.5
+ns.example.net. 3600    IN      RRSIG   A RSASHA1 3 3600 20070926134150 20070829134150 30899 example.net. x+tQMC9FhzT7Fcy1pM5NrOC7E8nLd7THPI3C6ie4EwL8PrxllqlR3q/DKB0d/m0qCOPcgN6HFOYURV1s4uAcsw== ;{id = 30899}
+ENTRY_END
+
+
+RANGE_END
+
+STEP 1 QUERY
+ENTRY_BEGIN
+REPLY RD DO
+SECTION QUESTION
+www.example.net. IN A
+ENTRY_END
+
+; recursion happens here.
+STEP 10 CHECK_ANSWER
+ENTRY_BEGIN
+MATCH all
+REPLY QR RD RA DO NOERROR
+SECTION QUESTION
+www.example.net. IN A
+SECTION ANSWER
+www.example.net.	3600	IN	A	10.20.30.40
+www.example.net.	3600	IN	RRSIG	A 5 3 3600 20070926135752 20070829135752 30899 example.net. ACvv4RQVC7TbI57ewqFImRaVoymktJ5Cxn/FaCodIENt82LVM92nivbP2WtwWCsQHWp7FkrMxTlQTJwyAeXFyg== ;{id = 30899}
+SECTION AUTHORITY
+example.net.    IN NS   ns.example.net.
+example.net.    3600    IN      RRSIG   NS RSASHA1 2 3600 20070926134150 20070829134150 30899 example.net. E8JX0l4B+cSR5bkHQwOJy1pBmlLMTYCJ8EwfNMU/eCv0YhKwo26rHhn52FGisgv+Nwp7/NbhHqQ+kJgoZC94XA== ;{id = 30899}
+SECTION ADDITIONAL
+ns.example.net.         IN      A       1.2.3.5
+ns.example.net. 3600    IN      RRSIG   A RSASHA1 3 3600 20070926134150 20070829134150 30899 example.net. x+tQMC9FhzT7Fcy1pM5NrOC7E8nLd7THPI3C6ie4EwL8PrxllqlR3q/DKB0d/m0qCOPcgN6HFOYURV1s4uAcsw== ;{id = 30899}
+ENTRY_END
+
+SCENARIO_END
diff --git a/src/test/resources/unbound/val_unalgo_ds.rpl b/src/test/resources/unbound/val_unalgo_ds.rpl
new file mode 100644
index 000000000..65db9b236
--- /dev/null
+++ b/src/test/resources/unbound/val_unalgo_ds.rpl
@@ -0,0 +1,203 @@
+; config options
+; The island of trust is at example.com
+server:
+	trust-anchor: "example.com.    3600    IN      DS      2854 3 1 46e4ffc6e9a4793b488954bd3f0cc6af0dfb201b"
+	val-override-date: "20070916134226"
+	target-fetch-policy: "0 0 0 0 0"
+	qname-minimisation: "no"
+	fake-sha1: yes
+	trust-anchor-signaling: no
+
+stub-zone:
+	name: "."
+	stub-addr: 193.0.14.129 	# K.ROOT-SERVERS.NET.
+CONFIG_END
+
+SCENARIO_BEGIN Test validator with unknown algorithm delegation
+; DS has unknown algo only.
+; so subzone has to be treated as unsigned.
+
+; K.ROOT-SERVERS.NET.
+RANGE_BEGIN 0 100
+	ADDRESS 193.0.14.129 
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+. IN NS
+SECTION ANSWER
+. IN NS	K.ROOT-SERVERS.NET.
+SECTION ADDITIONAL
+K.ROOT-SERVERS.NET.	IN	A	193.0.14.129
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+www.sub.example.com. IN A
+SECTION AUTHORITY
+com.	IN NS	a.gtld-servers.net.
+SECTION ADDITIONAL
+a.gtld-servers.net.	IN 	A	192.5.6.30
+ENTRY_END
+RANGE_END
+
+; a.gtld-servers.net.
+RANGE_BEGIN 0 100
+	ADDRESS 192.5.6.30
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+com. IN NS
+SECTION ANSWER
+com.    IN NS   a.gtld-servers.net.
+SECTION ADDITIONAL
+a.gtld-servers.net.     IN      A       192.5.6.30
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+www.sub.example.com. IN A
+SECTION AUTHORITY
+example.com.	IN NS	ns.example.com.
+SECTION ADDITIONAL
+ns.example.com.		IN 	A	1.2.3.4
+ENTRY_END
+RANGE_END
+
+; ns.example.com.
+RANGE_BEGIN 0 100
+	ADDRESS 1.2.3.4
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+example.com. IN NS
+SECTION ANSWER
+example.com.    IN NS   ns.example.com.
+example.com.    3600    IN      RRSIG   NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854}
+SECTION ADDITIONAL
+ns.example.com.         IN      A       1.2.3.4
+ns.example.com. 3600    IN      RRSIG   A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854}
+ENTRY_END
+
+; response to DNSKEY priming query
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+example.com. IN DNSKEY
+SECTION ANSWER
+example.com.    3600    IN      DNSKEY  256 3 3 ALXLUsWqUrY3JYER3T4TBJII s70j+sDS/UT2QRp61SE7S3E EXopNXoFE73JLRmvpi/UrOO/Vz4Se 6wXv/CYCKjGw06U4WRgR YXcpEhJROyNapmdIKSx hOzfLVE1gqA0PweZR8d tY3aNQSRn3sPpwJr6Mi /PqQKAMMrZ9ckJpf1+b QMOOvxgzz2U1GS18b3y ZKcgTMEaJzd/GZYzi/B N2DzQ0MsrSwYXfsNLFO Bbs8PJMW4LYIxeeOe6rUgkWOF 7CC9Dh/dduQ1QrsJhmZAEFfd6ByYV+ ;{id = 2854 (zsk), size = 1688b}
+example.com. 3600    IN      RRSIG   DNSKEY DSA 2 3600 20070926134150 20070829134150 2854 example.com. MCwCFBQRtlR4BEv9ohi+PGFjp+AHsJuHAhRCvz0shggvnvI88DFnBDCczHUcVA== ;{id = 2854}
+SECTION AUTHORITY
+example.com.	IN NS	ns.example.com.
+example.com.    3600    IN      RRSIG   NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854}
+SECTION ADDITIONAL
+ns.example.com.		IN 	A	1.2.3.4
+ns.example.com. 3600    IN      RRSIG   A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854}
+ENTRY_END
+
+; response for delegation to sub.example.com.
+ENTRY_BEGIN
+MATCH opcode qtype subdomain
+ADJUST copy_id copy_query
+REPLY QR NOERROR
+SECTION QUESTION
+sub.example.com. IN A
+SECTION ANSWER
+SECTION AUTHORITY
+sub.example.com. IN	NS ns.sub.example.com.
+; algorithm 208 is unknown.
+sub.example.com.        3600    IN      DS      30899 208 1 f7ed618f24d5e5202927e1d27bc2e84a141cb4b3
+sub.example.com.	3600	IN	RRSIG	DS 3 3 3600 20070926134150 20070829134150 2854 example.com. AEMPMNVJAygL0TyRUU+MVgP4FA7jSIpVj6628IdLe7eY3OwWp3hUTnU= ;{id = 2854}
+;sub.example.com.        3600    IN      DS      30899 RSASHA1 1 f7ed618f24d5e5202927e1d27bc2e84a141cb4b3
+;sub.example.com.        3600    IN      RRSIG   DS 3 3 3600 20070926134150 20070829134150 2854 example.com. MCwCFCW3ix0GD4BSvNLWIbROCJt5DAW9AhRt/kg9kBKJ20UBUdumrBUHqnskdA== ;{id = 2854}
+SECTION ADDITIONAL
+ns.sub.example.com. IN A 1.2.3.6
+ENTRY_END
+RANGE_END
+
+; ns.sub.example.com.
+RANGE_BEGIN 0 100
+	ADDRESS 1.2.3.6
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+sub.example.com. IN NS
+SECTION ANSWER
+sub.example.com. IN	NS ns.sub.example.com.
+sub.example.com.        3600    IN      RRSIG   NS 5 3 3600 20070926134150 20070829134150 30899 sub.example.com. wcpHeBILHfo8C9uxMhcW03gcURZeUffiKdSTb50ZjzTHgMNhRyMfpcvSpXEd9548A9UTmWKeLZChfr5Z/glONw== ;{id = 30899}
+SECTION ADDITIONAL
+ns.sub.example.com. IN A 1.2.3.6
+ns.sub.example.com.     3600    IN      RRSIG   A 5 4 3600 20070926134150 20070829134150 30899 sub.example.com. UF7shD/gt1FOp2UHgLTNbPzVykklSXFMEtJ1xD+Hholwf/PIzd7zoaIttIYibNa4fUXCqMg22H9P7MRhfmFe6g== ;{id = 30899}
+ENTRY_END
+
+; response to DNSKEY priming query
+; sub.example.com.        3600    IN      DS      30899 RSASHA1 1 f7ed618f24d5e5202927e1d27bc2e84a141cb4b3
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+sub.example.com. IN DNSKEY
+SECTION ANSWER
+sub.example.com.        3600    IN      DNSKEY  256 3 5 AQPQ41chR9DEHt/aIzIFAqanbDlRflJoRs5yz1jFsoRIT7dWf0r+PeDuewdxkszNH6wnU4QL8pfKFRh5PIYVBLK3 ;{id = 30899 (zsk), size = 512b}
+sub.example.com.        3600    IN      RRSIG   DNSKEY 5 3 3600 20070926134150 20070829134150 30899 sub.example.com. uNGp99iznjD7oOX02XnQbDnbg75UwBHRvZSKYUorTKvPUnCWMHKdRsQ+mf+Fx3GZ+Fz9BVjoCmQqpnfgXLEYqw== ;{id = 30899}
+SECTION AUTHORITY
+sub.example.com. IN	NS ns.sub.example.com.
+sub.example.com.        3600    IN      RRSIG   NS 5 3 3600 20070926134150 20070829134150 30899 sub.example.com. wcpHeBILHfo8C9uxMhcW03gcURZeUffiKdSTb50ZjzTHgMNhRyMfpcvSpXEd9548A9UTmWKeLZChfr5Z/glONw== ;{id = 30899}
+SECTION ADDITIONAL
+ns.sub.example.com. IN A 1.2.3.6
+ns.sub.example.com.     3600    IN      RRSIG   A 5 4 3600 20070926134150 20070829134150 30899 sub.example.com. UF7shD/gt1FOp2UHgLTNbPzVykklSXFMEtJ1xD+Hholwf/PIzd7zoaIttIYibNa4fUXCqMg22H9P7MRhfmFe6g== ;{id = 30899}
+ENTRY_END
+
+; response to query of interest
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+www.sub.example.com. IN A
+SECTION ANSWER
+www.sub.example.com. IN A	11.11.11.11
+www.sub.example.com.    3600    IN      RRSIG   A 5 4 3600 20070926134150 20070829134150 30899 sub.example.com. 0DqqRfRtm7VSEQ4mmBbzrKRqQAay3JAE8DPDGmjtokrrjN9F1G/HxozDV7bjdIh2EChlQea8FPwf/GepJMUVxg== ;{id = 30899}
+SECTION AUTHORITY
+SECTION ADDITIONAL
+ENTRY_END
+RANGE_END
+
+STEP 1 QUERY
+ENTRY_BEGIN
+REPLY RD DO
+SECTION QUESTION
+www.sub.example.com. IN A
+ENTRY_END
+
+; recursion happens here.
+STEP 10 CHECK_ANSWER
+ENTRY_BEGIN
+MATCH all
+REPLY QR RD RA DO NOERROR
+SECTION QUESTION
+www.sub.example.com. IN A
+SECTION ANSWER
+www.sub.example.com. 	3600	IN	A	11.11.11.11
+www.sub.example.com.    3600    IN      RRSIG   A 5 4 3600 20070926134150 20070829134150 30899 sub.example.com. 0DqqRfRtm7VSEQ4mmBbzrKRqQAay3JAE8DPDGmjtokrrjN9F1G/HxozDV7bjdIh2EChlQea8FPwf/GepJMUVxg== ;{id = 30899}
+SECTION AUTHORITY
+SECTION ADDITIONAL
+ENTRY_END
+
+SCENARIO_END
diff --git a/src/test/resources/unbound/val_unsec_cname.rpl b/src/test/resources/unbound/val_unsec_cname.rpl
new file mode 100644
index 000000000..bfea21129
--- /dev/null
+++ b/src/test/resources/unbound/val_unsec_cname.rpl
@@ -0,0 +1,363 @@
+; config options
+; The island of trust is at example.com
+server:
+	trust-anchor: "example.com.    3600    IN      DS      2854 3 1 46e4ffc6e9a4793b488954bd3f0cc6af0dfb201b"
+	val-override-date: "20070916134226"
+	target-fetch-policy: "0 0 0 0 0"
+	qname-minimisation: "no"
+	fake-sha1: yes
+	val-min-rsa-size: 512
+	trust-anchor-signaling: no
+
+stub-zone:
+	name: "."
+	stub-addr: 193.0.14.129 	# K.ROOT-SERVERS.NET.
+CONFIG_END
+
+SCENARIO_BEGIN Test validator with DS, unsec, cname sequence.
+
+; K.ROOT-SERVERS.NET.
+RANGE_BEGIN 0 100
+	ADDRESS 193.0.14.129
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+. IN NS
+SECTION ANSWER
+. IN NS	K.ROOT-SERVERS.NET.
+SECTION ADDITIONAL
+K.ROOT-SERVERS.NET.	IN	A	193.0.14.129
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+a.b.sub.example.com. IN A
+SECTION AUTHORITY
+com.	IN NS	a.gtld-servers.net.
+SECTION ADDITIONAL
+a.gtld-servers.net.	IN 	A	192.5.6.30
+ENTRY_END
+RANGE_END
+
+; a.gtld-servers.net.
+RANGE_BEGIN 0 100
+	ADDRESS 192.5.6.30
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+com. IN NS
+SECTION ANSWER
+com.    IN NS   a.gtld-servers.net.
+SECTION ADDITIONAL
+a.gtld-servers.net.     IN      A       192.5.6.30
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+a.b.sub.example.com. IN A
+SECTION AUTHORITY
+example.com.	IN NS	ns.example.com.
+SECTION ADDITIONAL
+ns.example.com.		IN 	A	1.2.3.4
+ENTRY_END
+RANGE_END
+
+; ns.example.com.
+RANGE_BEGIN 0 100
+	ADDRESS 1.2.3.4
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+example.com. IN NS
+SECTION ANSWER
+example.com.    IN NS   ns.example.com.
+example.com.    3600    IN      RRSIG   NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854}
+SECTION ADDITIONAL
+ns.example.com.         IN      A       1.2.3.4
+ns.example.com. 3600    IN      RRSIG   A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854}
+ENTRY_END
+
+; response to DNSKEY priming query
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+example.com. IN DNSKEY
+SECTION ANSWER
+example.com.    3600    IN      DNSKEY  256 3 3 ALXLUsWqUrY3JYER3T4TBJII s70j+sDS/UT2QRp61SE7S3E EXopNXoFE73JLRmvpi/UrOO/Vz4Se 6wXv/CYCKjGw06U4WRgR YXcpEhJROyNapmdIKSx hOzfLVE1gqA0PweZR8d tY3aNQSRn3sPpwJr6Mi /PqQKAMMrZ9ckJpf1+b QMOOvxgzz2U1GS18b3y ZKcgTMEaJzd/GZYzi/B N2DzQ0MsrSwYXfsNLFO Bbs8PJMW4LYIxeeOe6rUgkWOF 7CC9Dh/dduQ1QrsJhmZAEFfd6ByYV+ ;{id = 2854 (zsk), size = 1688b}
+example.com. 3600    IN      RRSIG   DNSKEY DSA 2 3600 20070926134150 20070829134150 2854 example.com. MCwCFBQRtlR4BEv9ohi+PGFjp+AHsJuHAhRCvz0shggvnvI88DFnBDCczHUcVA== ;{id = 2854}
+SECTION AUTHORITY
+example.com.	IN NS	ns.example.com.
+example.com.    3600    IN      RRSIG   NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854}
+SECTION ADDITIONAL
+ns.example.com.		IN 	A	1.2.3.4
+ns.example.com. 3600    IN      RRSIG   A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854}
+ENTRY_END
+
+; response for delegation to c.example.com.
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+c.c.example.com. IN A
+SECTION ANSWER
+SECTION AUTHORITY
+c.example.com. IN	NS ns.c.example.com.
+c.example.com. IN NSEC d.example.com. NS RRSIG NSEC
+c.example.com.  3600    IN      RRSIG   NSEC 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFDQ1xBqQ8Yxy7d7MbfAOg9g+dInHAhUAgP2w61bvME+hLWFiNg42Ny02/vo= ;{id = 2854}
+SECTION ADDITIONAL
+ns.c.example.com. IN A 1.2.3.8
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR AA NOERROR
+SECTION QUESTION
+c.example.com. IN DS
+SECTION ANSWER
+SECTION AUTHORITY
+c.example.com. IN NSEC d.example.com. NS RRSIG NSEC
+c.example.com.  3600    IN      RRSIG   NSEC 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFDQ1xBqQ8Yxy7d7MbfAOg9g+dInHAhUAgP2w61bvME+hLWFiNg42Ny02/vo= ;{id = 2854}
+SECTION ADDITIONAL
+ENTRY_END
+
+; response for delegation to sub.example.com.
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+a.b.sub.example.com. IN A
+SECTION ANSWER
+SECTION AUTHORITY
+sub.example.com. IN	NS ns.sub.example.com.
+sub.example.com.        3600    IN      DS      30899 RSASHA1 1 f7ed618f24d5e5202927e1d27bc2e84a141cb4b3
+sub.example.com.        3600    IN      RRSIG   DS 3 3 3600 20070926134150 20070829134150 2854 example.com. MCwCFCW3ix0GD4BSvNLWIbROCJt5DAW9AhRt/kg9kBKJ20UBUdumrBUHqnskdA== ;{id = 2854}
+SECTION ADDITIONAL
+ns.sub.example.com. IN A 1.2.3.6
+ENTRY_END
+
+; response for delegation to sub.example.com.
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+sub.example.com. IN DNSKEY
+SECTION ANSWER
+SECTION AUTHORITY
+sub.example.com. IN	NS ns.sub.example.com.
+sub.example.com.        3600    IN      DS      30899 RSASHA1 1 f7ed618f24d5e5202927e1d27bc2e84a141cb4b3
+sub.example.com.        3600    IN      RRSIG   DS 3 3 3600 20070926134150 20070829134150 2854 example.com. MCwCFCW3ix0GD4BSvNLWIbROCJt5DAW9AhRt/kg9kBKJ20UBUdumrBUHqnskdA== ;{id = 2854}
+SECTION ADDITIONAL
+ns.sub.example.com. IN A 1.2.3.6
+ENTRY_END
+RANGE_END
+
+; ns.sub.example.com.
+RANGE_BEGIN 0 100
+	ADDRESS 1.2.3.6
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+sub.example.com. IN NS
+SECTION ANSWER
+sub.example.com. IN	NS ns.sub.example.com.
+sub.example.com.        3600    IN      RRSIG   NS 5 3 3600 20070926134150 20070829134150 30899 sub.example.com. wcpHeBILHfo8C9uxMhcW03gcURZeUffiKdSTb50ZjzTHgMNhRyMfpcvSpXEd9548A9UTmWKeLZChfr5Z/glONw== ;{id = 30899}
+SECTION ADDITIONAL
+ns.sub.example.com. IN A 1.2.3.6
+ns.sub.example.com.     3600    IN      RRSIG   A 5 4 3600 20070926134150 20070829134150 30899 sub.example.com. UF7shD/gt1FOp2UHgLTNbPzVykklSXFMEtJ1xD+Hholwf/PIzd7zoaIttIYibNa4fUXCqMg22H9P7MRhfmFe6g== ;{id = 30899}
+ENTRY_END
+
+; response to DNSKEY priming query
+; sub.example.com.        3600    IN      DS      30899 RSASHA1 1 f7ed618f24d5e5202927e1d27bc2e84a141cb4b3
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+sub.example.com. IN DNSKEY
+SECTION ANSWER
+sub.example.com.        3600    IN      DNSKEY  256 3 5 AQPQ41chR9DEHt/aIzIFAqanbDlRflJoRs5yz1jFsoRIT7dWf0r+PeDuewdxkszNH6wnU4QL8pfKFRh5PIYVBLK3 ;{id = 30899 (zsk), size = 512b}
+sub.example.com.        3600    IN      RRSIG   DNSKEY 5 3 3600 20070926134150 20070829134150 30899 sub.example.com. uNGp99iznjD7oOX02XnQbDnbg75UwBHRvZSKYUorTKvPUnCWMHKdRsQ+mf+Fx3GZ+Fz9BVjoCmQqpnfgXLEYqw== ;{id = 30899}
+SECTION AUTHORITY
+sub.example.com. IN	NS ns.sub.example.com.
+sub.example.com.        3600    IN      RRSIG   NS 5 3 3600 20070926134150 20070829134150 30899 sub.example.com. wcpHeBILHfo8C9uxMhcW03gcURZeUffiKdSTb50ZjzTHgMNhRyMfpcvSpXEd9548A9UTmWKeLZChfr5Z/glONw== ;{id = 30899}
+SECTION ADDITIONAL
+ns.sub.example.com. IN A 1.2.3.6
+ns.sub.example.com.     3600    IN      RRSIG   A 5 4 3600 20070926134150 20070829134150 30899 sub.example.com. UF7shD/gt1FOp2UHgLTNbPzVykklSXFMEtJ1xD+Hholwf/PIzd7zoaIttIYibNa4fUXCqMg22H9P7MRhfmFe6g== ;{id = 30899}
+ENTRY_END
+
+; response to query of interest
+; another delegation, validated unsecure.
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+a.b.sub.example.com. IN A
+SECTION ANSWER
+SECTION AUTHORITY
+b.sub.example.com. IN NS ns.b.sub.example.com.
+b.sub.example.com. IN NSEC c.sub.example.com. NS NSEC RRSIG
+b.sub.example.com.      3600    IN      RRSIG   NSEC 5 4 3600 20070926134150 20070829134150 30899 sub.example.com. KPdURTUrbQvc6OXtDZaH3+14uO2qPUPIFO86aTNZ/Ujy3d2RMSB7fkSSulDO6QDSBEUhr9WgbQr0/YoljCBirA== ;{id = 30899}
+SECTION ADDITIONAL
+ns.b.sub.example.com. IN A 1.2.3.7
+ENTRY_END
+
+; b DS query.
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR AA NOERROR
+SECTION QUESTION
+b.sub.example.com. IN DS
+SECTION AUTHORITY
+b.sub.example.com. IN NSEC c.sub.example.com. NS NSEC RRSIG
+b.sub.example.com.      3600    IN      RRSIG   NSEC 5 4 3600 20070926134150 20070829134150 30899 sub.example.com. KPdURTUrbQvc6OXtDZaH3+14uO2qPUPIFO86aTNZ/Ujy3d2RMSB7fkSSulDO6QDSBEUhr9WgbQr0/YoljCBirA== ;{id = 30899}
+ENTRY_END
+RANGE_END
+
+; server ns.b.sub.example.com.
+RANGE_BEGIN 0 100
+	ADDRESS 1.2.3.7
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR AA NOERROR
+SECTION QUESTION
+b.sub.example.com. IN NS
+SECTION ANSWER
+b.sub.example.com. IN NS ns.b.sub.example.com.
+SECTION ADDITIONAL
+ns.b.sub.example.com. IN A 1.2.3.7
+ENTRY_END
+
+ENTRY_BEGIN
+; query of interest, give a cname to another unsecure zone.
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR AA NOERROR
+SECTION QUESTION
+a.b.sub.example.com. IN A
+SECTION ANSWER
+a.b.sub.example.com. IN CNAME c.c.example.com.
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR AA NOERROR
+SECTION QUESTION
+a.b.sub.example.com. IN DS
+SECTION AUTHORITY
+b.sub.example.com. IN SOA B-EXAMPLE. b-example. 1 2 3 7 7
+ENTRY_END
+RANGE_END
+
+; server ns.c.example.com.
+RANGE_BEGIN 0 100
+	ADDRESS 1.2.3.8
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR AA NOERROR
+SECTION QUESTION
+c.sub.example.com. IN NS
+SECTION ANSWER
+c.sub.example.com. IN NS ns.c.sub.example.com.
+SECTION ADDITIONAL
+ns.c.sub.example.com. IN A 1.2.3.8
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+c.example.com. IN NS
+SECTION ANSWER
+c.example.com. IN	NS ns.c.example.com.
+SECTION ADDITIONAL
+ns.c.example.com. IN A 1.2.3.8
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR AA NOERROR
+SECTION QUESTION
+c.c.example.com. IN A
+SECTION ANSWER
+c.c.example.com. IN A	11.11.11.11
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR AA NOERROR
+SECTION QUESTION
+c.c.example.com. IN DS
+SECTION AUTHORITY
+c.example.com. IN SOA C-EXAMPLE. c-example. 1 2 3 4 5
+ENTRY_END
+RANGE_END
+
+STEP 1 QUERY
+ENTRY_BEGIN
+REPLY RD DO
+SECTION QUESTION
+a.b.sub.example.com. IN A
+ENTRY_END
+
+; recursion happens here.
+STEP 10 CHECK_ANSWER
+ENTRY_BEGIN
+MATCH all
+REPLY QR RD RA DO NOERROR
+SECTION QUESTION
+a.b.sub.example.com. IN A
+SECTION ANSWER
+a.b.sub.example.com. IN CNAME c.c.example.com.
+c.c.example.com. 	3600	IN	A	11.11.11.11
+SECTION AUTHORITY
+SECTION ADDITIONAL
+ENTRY_END
+
+; test that a DS query does not get CNAME redirected, but instead
+; asked to the right server that has to respond to it.
+STEP 20 QUERY
+ENTRY_BEGIN
+REPLY RD DO
+SECTION QUESTION
+a.b.sub.example.com. IN DS
+ENTRY_END
+
+STEP 30 CHECK_ANSWER
+ENTRY_BEGIN
+MATCH all
+REPLY QR RD RA DO NOERROR
+SECTION QUESTION
+a.b.sub.example.com. IN DS
+SECTION AUTHORITY
+b.sub.example.com. IN SOA B-EXAMPLE. b-example. 1 2 3 7 7
+ENTRY_END
+
+SCENARIO_END
diff --git a/src/test/resources/unbound/val_unsecds.rpl b/src/test/resources/unbound/val_unsecds.rpl
new file mode 100644
index 000000000..8678160ca
--- /dev/null
+++ b/src/test/resources/unbound/val_unsecds.rpl
@@ -0,0 +1,194 @@
+; config options
+; The island of trust is at example.com
+server:
+	trust-anchor: "example.com.    3600    IN      DS      2854 3 1 46e4ffc6e9a4793b488954bd3f0cc6af0dfb201b"
+	val-override-date: "20070916134226"
+	target-fetch-policy: "0 0 0 0 0"
+	qname-minimisation: "no"
+	fake-sha1: yes
+	trust-anchor-signaling: no
+
+stub-zone:
+	name: "."
+	stub-addr: 193.0.14.129 	# K.ROOT-SERVERS.NET.
+CONFIG_END
+
+SCENARIO_BEGIN Test validator with insecure delegation
+
+; K.ROOT-SERVERS.NET.
+RANGE_BEGIN 0 100
+	ADDRESS 193.0.14.129 
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+. IN NS
+SECTION ANSWER
+. IN NS	K.ROOT-SERVERS.NET.
+SECTION ADDITIONAL
+K.ROOT-SERVERS.NET.	IN	A	193.0.14.129
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+www.sub.example.com. IN A
+SECTION AUTHORITY
+com.	IN NS	a.gtld-servers.net.
+SECTION ADDITIONAL
+a.gtld-servers.net.	IN 	A	192.5.6.30
+ENTRY_END
+RANGE_END
+
+; a.gtld-servers.net.
+RANGE_BEGIN 0 100
+	ADDRESS 192.5.6.30
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+com. IN NS
+SECTION ANSWER
+com.    IN NS   a.gtld-servers.net.
+SECTION ADDITIONAL
+a.gtld-servers.net.     IN      A       192.5.6.30
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+www.sub.example.com. IN A
+SECTION AUTHORITY
+example.com.	IN NS	ns.example.com.
+SECTION ADDITIONAL
+ns.example.com.		IN 	A	1.2.3.4
+ENTRY_END
+RANGE_END
+
+; ns.example.com.
+RANGE_BEGIN 0 100
+	ADDRESS 1.2.3.4
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+example.com. IN NS
+SECTION ANSWER
+example.com.    IN NS   ns.example.com.
+example.com.    3600    IN      RRSIG   NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854}
+SECTION ADDITIONAL
+ns.example.com.         IN      A       1.2.3.4
+ns.example.com. 3600    IN      RRSIG   A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854}
+ENTRY_END
+
+; response to DNSKEY priming query
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+example.com. IN DNSKEY
+SECTION ANSWER
+example.com.    3600    IN      DNSKEY  256 3 3 ALXLUsWqUrY3JYER3T4TBJII s70j+sDS/UT2QRp61SE7S3E EXopNXoFE73JLRmvpi/UrOO/Vz4Se 6wXv/CYCKjGw06U4WRgR YXcpEhJROyNapmdIKSx hOzfLVE1gqA0PweZR8d tY3aNQSRn3sPpwJr6Mi /PqQKAMMrZ9ckJpf1+b QMOOvxgzz2U1GS18b3y ZKcgTMEaJzd/GZYzi/B N2DzQ0MsrSwYXfsNLFO Bbs8PJMW4LYIxeeOe6rUgkWOF 7CC9Dh/dduQ1QrsJhmZAEFfd6ByYV+ ;{id = 2854 (zsk), size = 1688b}
+example.com. 3600    IN      RRSIG   DNSKEY DSA 2 3600 20070926134150 20070829134150 2854 example.com. MCwCFBQRtlR4BEv9ohi+PGFjp+AHsJuHAhRCvz0shggvnvI88DFnBDCczHUcVA== ;{id = 2854}
+SECTION AUTHORITY
+example.com.	IN NS	ns.example.com.
+example.com.    3600    IN      RRSIG   NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854}
+SECTION ADDITIONAL
+ns.example.com.		IN 	A	1.2.3.4
+ns.example.com. 3600    IN      RRSIG   A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854}
+ENTRY_END
+
+; response for delegation to sub.example.com.
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+www.sub.example.com. IN A
+SECTION ANSWER
+SECTION AUTHORITY
+sub.example.com. IN	NS ns.sub.example.com.
+sub.example.com. IN	NSEC www.example.com. NS RRSIG NSEC
+sub.example.com.        3600    IN      RRSIG   NSEC 3 3 3600 20070926134150 20070829134150 2854 example.com. MCwCFDCaiDM6G+glwNW276HWdH+McmjgAhRSwF5OfimNQCqkWgnYotLOwUghKQ== ;{id = 2854}
+SECTION ADDITIONAL
+ns.sub.example.com. IN A 1.2.3.6
+ENTRY_END
+
+; query for missing DS record.
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+sub.example.com. IN DS
+SECTION ANSWER
+SECTION AUTHORITY
+example.com.	IN	SOA ns.example.com. h.example.com. 2007090504 1800 1800 2419200 7200
+example.com.    3600    IN      RRSIG   SOA 3 2 3600 20070926134150 20070829134150 2854 example.com. MCwCFC5uwIHSehZtetK2CMNXttSFUB0XAhROFDAgy/FaxR8zFXJzyPdpQG93Sw== ;{id = 2854}
+sub.example.com. IN	NSEC www.example.com. NS RRSIG NSEC
+sub.example.com.        3600    IN      RRSIG   NSEC 3 3 3600 20070926134150 20070829134150 2854 example.com. MCwCFDCaiDM6G+glwNW276HWdH+McmjgAhRSwF5OfimNQCqkWgnYotLOwUghKQ== ;{id = 2854}
+SECTION ADDITIONAL
+ns.sub.example.com. IN A 1.2.3.6
+ENTRY_END
+
+
+RANGE_END
+
+; ns.sub.example.com.
+RANGE_BEGIN 0 100
+	ADDRESS 1.2.3.6
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+sub.example.com. IN NS
+SECTION ANSWER
+sub.example.com. IN	NS ns.sub.example.com.
+SECTION ADDITIONAL
+ns.sub.example.com. IN A 1.2.3.6
+ENTRY_END
+
+; response to query of interest
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+www.sub.example.com. IN A
+SECTION ANSWER
+www.sub.example.com. IN A	11.11.11.11
+SECTION AUTHORITY
+SECTION ADDITIONAL
+ENTRY_END
+RANGE_END
+
+STEP 1 QUERY
+ENTRY_BEGIN
+REPLY RD DO
+SECTION QUESTION
+www.sub.example.com. IN A
+ENTRY_END
+
+; recursion happens here.
+STEP 10 CHECK_ANSWER
+ENTRY_BEGIN
+MATCH all
+REPLY QR RD RA DO NOERROR
+SECTION QUESTION
+www.sub.example.com. IN A
+SECTION ANSWER
+www.sub.example.com. 	3600	IN	A	11.11.11.11
+SECTION AUTHORITY
+SECTION ADDITIONAL
+ENTRY_END
+
+SCENARIO_END
diff --git a/src/test/resources/unbound/val_unsecds_negcache.rpl b/src/test/resources/unbound/val_unsecds_negcache.rpl
new file mode 100644
index 000000000..2e9b1e795
--- /dev/null
+++ b/src/test/resources/unbound/val_unsecds_negcache.rpl
@@ -0,0 +1,195 @@
+; config options
+; The island of trust is at example.com
+server:
+	trust-anchor: "example.com.    3600    IN      DS      2854 3 1 46e4ffc6e9a4793b488954bd3f0cc6af0dfb201b"
+	val-override-date: "20070916134226"
+	target-fetch-policy: "0 0 0 0 0"
+	qname-minimisation: "no"
+	fake-sha1: yes
+	trust-anchor-signaling: no
+
+stub-zone:
+	name: "."
+	stub-addr: 193.0.14.129 	# K.ROOT-SERVERS.NET.
+CONFIG_END
+
+SCENARIO_BEGIN Test validator with insecure delegation and DS negative cache
+
+; K.ROOT-SERVERS.NET.
+RANGE_BEGIN 0 100
+	ADDRESS 193.0.14.129 
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+. IN NS
+SECTION ANSWER
+. IN NS	K.ROOT-SERVERS.NET.
+SECTION ADDITIONAL
+K.ROOT-SERVERS.NET.	IN	A	193.0.14.129
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+www.sub.example.com. IN A
+SECTION AUTHORITY
+com.	IN NS	a.gtld-servers.net.
+SECTION ADDITIONAL
+a.gtld-servers.net.	IN 	A	192.5.6.30
+ENTRY_END
+RANGE_END
+
+; a.gtld-servers.net.
+RANGE_BEGIN 0 100
+	ADDRESS 192.5.6.30
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+com. IN NS
+SECTION ANSWER
+com.    IN NS   a.gtld-servers.net.
+SECTION ADDITIONAL
+a.gtld-servers.net.     IN      A       192.5.6.30
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+www.sub.example.com. IN A
+SECTION AUTHORITY
+example.com.	IN NS	ns.example.com.
+SECTION ADDITIONAL
+ns.example.com.		IN 	A	1.2.3.4
+ENTRY_END
+RANGE_END
+
+; ns.example.com.
+RANGE_BEGIN 0 100
+	ADDRESS 1.2.3.4
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+example.com. IN NS
+SECTION ANSWER
+example.com.    IN NS   ns.example.com.
+example.com.    3600    IN      RRSIG   NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854}
+SECTION ADDITIONAL
+ns.example.com.         IN      A       1.2.3.4
+ns.example.com. 3600    IN      RRSIG   A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854}
+ENTRY_END
+
+; response to DNSKEY priming query
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+example.com. IN DNSKEY
+SECTION ANSWER
+example.com.    3600    IN      DNSKEY  256 3 3 ALXLUsWqUrY3JYER3T4TBJII s70j+sDS/UT2QRp61SE7S3E EXopNXoFE73JLRmvpi/UrOO/Vz4Se 6wXv/CYCKjGw06U4WRgR YXcpEhJROyNapmdIKSx hOzfLVE1gqA0PweZR8d tY3aNQSRn3sPpwJr6Mi /PqQKAMMrZ9ckJpf1+b QMOOvxgzz2U1GS18b3y ZKcgTMEaJzd/GZYzi/B N2DzQ0MsrSwYXfsNLFO Bbs8PJMW4LYIxeeOe6rUgkWOF 7CC9Dh/dduQ1QrsJhmZAEFfd6ByYV+ ;{id = 2854 (zsk), size = 1688b}
+example.com. 3600    IN      RRSIG   DNSKEY DSA 2 3600 20070926134150 20070829134150 2854 example.com. MCwCFBQRtlR4BEv9ohi+PGFjp+AHsJuHAhRCvz0shggvnvI88DFnBDCczHUcVA== ;{id = 2854}
+SECTION AUTHORITY
+example.com.	IN NS	ns.example.com.
+example.com.    3600    IN      RRSIG   NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854}
+SECTION ADDITIONAL
+ns.example.com.		IN 	A	1.2.3.4
+ns.example.com. 3600    IN      RRSIG   A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854}
+ENTRY_END
+
+; response for delegation to sub.example.com.
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+www.sub.example.com. IN A
+SECTION ANSWER
+SECTION AUTHORITY
+sub.example.com. IN	NS ns.sub.example.com.
+sub.example.com. IN	NSEC www.example.com. NS RRSIG NSEC
+sub.example.com.        3600    IN      RRSIG   NSEC 3 3 3600 20070926134150 20070829134150 2854 example.com. MCwCFDCaiDM6G+glwNW276HWdH+McmjgAhRSwF5OfimNQCqkWgnYotLOwUghKQ== ;{id = 2854}
+SECTION ADDITIONAL
+ns.sub.example.com. IN A 1.2.3.6
+ENTRY_END
+
+; query for missing DS record.
+; get it from the negative cache instead!
+;ENTRY_BEGIN
+;MATCH opcode qtype qname
+;ADJUST copy_id
+;REPLY QR NOERROR
+;SECTION QUESTION
+;sub.example.com. IN DS
+;SECTION ANSWER
+;SECTION AUTHORITY
+;example.com.	IN	SOA ns.example.com. h.example.com. 2007090504 1800 1800 2419200 7200
+;example.com.    3600    IN      RRSIG   SOA 3 2 3600 20070926134150 20070829134150 2854 example.com. MCwCFC5uwIHSehZtetK2CMNXttSFUB0XAhROFDAgy/FaxR8zFXJzyPdpQG93Sw== ;{id = 2854}
+;sub.example.com. IN	NSEC www.example.com. NS RRSIG NSEC
+;sub.example.com.        3600    IN      RRSIG   NSEC 3 3 3600 20070926134150 20070829134150 2854 example.com. MCwCFDCaiDM6G+glwNW276HWdH+McmjgAhRSwF5OfimNQCqkWgnYotLOwUghKQ== ;{id = 2854}
+;SECTION ADDITIONAL
+;ns.sub.example.com. IN A 1.2.3.6
+;ENTRY_END
+
+
+RANGE_END
+
+; ns.sub.example.com.
+RANGE_BEGIN 0 100
+	ADDRESS 1.2.3.6
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+sub.example.com. IN NS
+SECTION ANSWER
+sub.example.com. IN	NS ns.sub.example.com.
+SECTION ADDITIONAL
+ns.sub.example.com. IN A 1.2.3.6
+ENTRY_END
+
+; response to query of interest
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+www.sub.example.com. IN A
+SECTION ANSWER
+www.sub.example.com. IN A	11.11.11.11
+SECTION AUTHORITY
+SECTION ADDITIONAL
+ENTRY_END
+RANGE_END
+
+STEP 1 QUERY
+ENTRY_BEGIN
+REPLY RD DO
+SECTION QUESTION
+www.sub.example.com. IN A
+ENTRY_END
+
+; recursion happens here.
+STEP 10 CHECK_ANSWER
+ENTRY_BEGIN
+MATCH all
+REPLY QR RD RA DO NOERROR
+SECTION QUESTION
+www.sub.example.com. IN A
+SECTION ANSWER
+www.sub.example.com. 	3600	IN	A	11.11.11.11
+SECTION AUTHORITY
+SECTION ADDITIONAL
+ENTRY_END
+
+SCENARIO_END
diff --git a/src/test/resources/unbound/val_unsecds_qtypeds.rpl b/src/test/resources/unbound/val_unsecds_qtypeds.rpl
new file mode 100644
index 000000000..e277fd788
--- /dev/null
+++ b/src/test/resources/unbound/val_unsecds_qtypeds.rpl
@@ -0,0 +1,210 @@
+; config options
+; The island of trust is at example.com
+server:
+	trust-anchor: "example.com.    3600    IN      DS      2854 3 1 46e4ffc6e9a4793b488954bd3f0cc6af0dfb201b"
+	val-override-date: "20070916134226"
+	target-fetch-policy: "0 0 0 0 0"
+	qname-minimisation: "no"
+	fake-sha1: yes
+	trust-anchor-signaling: no
+
+stub-zone:
+	name: "."
+	stub-addr: 193.0.14.129 	# K.ROOT-SERVERS.NET.
+CONFIG_END
+
+SCENARIO_BEGIN Test validator with insecure delegation and qtype DS.
+
+; K.ROOT-SERVERS.NET.
+RANGE_BEGIN 0 100
+	ADDRESS 193.0.14.129 
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+. IN NS
+SECTION ANSWER
+. IN NS	K.ROOT-SERVERS.NET.
+SECTION ADDITIONAL
+K.ROOT-SERVERS.NET.	IN	A	193.0.14.129
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+sub.example.com. IN DS
+SECTION AUTHORITY
+com.	IN NS	a.gtld-servers.net.
+SECTION ADDITIONAL
+a.gtld-servers.net.	IN 	A	192.5.6.30
+ENTRY_END
+RANGE_END
+
+; a.gtld-servers.net.
+RANGE_BEGIN 0 100
+	ADDRESS 192.5.6.30
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+com. IN NS
+SECTION ANSWER
+com.    IN NS   a.gtld-servers.net.
+SECTION ADDITIONAL
+a.gtld-servers.net.     IN      A       192.5.6.30
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+sub.example.com. IN DS
+SECTION AUTHORITY
+example.com.	IN NS	ns.example.com.
+SECTION ADDITIONAL
+ns.example.com.		IN 	A	1.2.3.4
+ENTRY_END
+RANGE_END
+
+; ns.example.com.
+RANGE_BEGIN 0 100
+	ADDRESS 1.2.3.4
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+example.com. IN NS
+SECTION ANSWER
+example.com.    IN NS   ns.example.com.
+example.com.    3600    IN      RRSIG   NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854}
+SECTION ADDITIONAL
+ns.example.com.         IN      A       1.2.3.4
+ns.example.com. 3600    IN      RRSIG   A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854}
+ENTRY_END
+
+; response to DNSKEY priming query
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+example.com. IN DNSKEY
+SECTION ANSWER
+example.com.    3600    IN      DNSKEY  256 3 3 ALXLUsWqUrY3JYER3T4TBJII s70j+sDS/UT2QRp61SE7S3E EXopNXoFE73JLRmvpi/UrOO/Vz4Se 6wXv/CYCKjGw06U4WRgR YXcpEhJROyNapmdIKSx hOzfLVE1gqA0PweZR8d tY3aNQSRn3sPpwJr6Mi /PqQKAMMrZ9ckJpf1+b QMOOvxgzz2U1GS18b3y ZKcgTMEaJzd/GZYzi/B N2DzQ0MsrSwYXfsNLFO Bbs8PJMW4LYIxeeOe6rUgkWOF 7CC9Dh/dduQ1QrsJhmZAEFfd6ByYV+ ;{id = 2854 (zsk), size = 1688b}
+example.com. 3600    IN      RRSIG   DNSKEY DSA 2 3600 20070926134150 20070829134150 2854 example.com. MCwCFBQRtlR4BEv9ohi+PGFjp+AHsJuHAhRCvz0shggvnvI88DFnBDCczHUcVA== ;{id = 2854}
+SECTION AUTHORITY
+example.com.	IN NS	ns.example.com.
+example.com.    3600    IN      RRSIG   NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854}
+SECTION ADDITIONAL
+ns.example.com.		IN 	A	1.2.3.4
+ns.example.com. 3600    IN      RRSIG   A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854}
+ENTRY_END
+
+; query for missing DS record.
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+sub.example.com. IN DS
+SECTION ANSWER
+SECTION AUTHORITY
+example.com.	IN	SOA ns.example.com. h.example.com. 2007090504 1800 1800 2419200 7200
+example.com.    3600    IN      RRSIG   SOA 3 2 3600 20070926134150 20070829134150 2854 example.com. MCwCFC5uwIHSehZtetK2CMNXttSFUB0XAhROFDAgy/FaxR8zFXJzyPdpQG93Sw== ;{id = 2854}
+sub.example.com. IN	NSEC www.example.com. NS RRSIG NSEC
+sub.example.com.        3600    IN      RRSIG   NSEC 3 3 3600 20070926134150 20070829134150 2854 example.com. MCwCFDCaiDM6G+glwNW276HWdH+McmjgAhRSwF5OfimNQCqkWgnYotLOwUghKQ== ;{id = 2854}
+SECTION ADDITIONAL
+ns.sub.example.com. IN A 1.2.3.6
+ENTRY_END
+
+; response for delegation to sub.example.com.
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id copy_query
+REPLY QR NOERROR
+SECTION QUESTION
+sub.example.com. IN A
+SECTION ANSWER
+SECTION AUTHORITY
+sub.example.com. IN	NS ns.sub.example.com.
+sub.example.com. IN	NSEC www.example.com. NS RRSIG NSEC
+sub.example.com.        3600    IN      RRSIG   NSEC 3 3 3600 20070926134150 20070829134150 2854 example.com. MCwCFDCaiDM6G+glwNW276HWdH+McmjgAhRSwF5OfimNQCqkWgnYotLOwUghKQ== ;{id = 2854}
+SECTION ADDITIONAL
+ns.sub.example.com. IN A 1.2.3.6
+ENTRY_END
+
+
+RANGE_END
+
+; ns.sub.example.com.
+RANGE_BEGIN 0 100
+	ADDRESS 1.2.3.6
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id copy_query
+REPLY QR NOERROR
+SECTION QUESTION
+sub.example.com. IN NS
+SECTION ANSWER
+sub.example.com. IN	NS ns.sub.example.com.
+SECTION ADDITIONAL
+ns.sub.example.com. IN A 1.2.3.6
+ENTRY_END
+
+; response to query of interest
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+www.sub.example.com. IN A
+SECTION ANSWER
+www.sub.example.com. IN A	11.11.11.11
+SECTION AUTHORITY
+SECTION ADDITIONAL
+ENTRY_END
+
+; query for missing DS record. on wrong side of zone cut.
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR AA NOERROR
+SECTION QUESTION
+sub.example.com. IN DS
+SECTION ANSWER
+SECTION AUTHORITY
+sub.example.com.	IN	SOA ns.sub.example.com. h.sub.example.com. 2007090504 1800 1800 2419200 7200
+ENTRY_END
+
+RANGE_END
+
+STEP 1 QUERY
+ENTRY_BEGIN
+REPLY RD DO
+SECTION QUESTION
+sub.example.com. IN DS
+ENTRY_END
+
+; recursion happens here.
+STEP 10 CHECK_ANSWER
+ENTRY_BEGIN
+MATCH all
+REPLY QR RD RA AD DO NOERROR
+SECTION QUESTION
+sub.example.com. IN DS
+SECTION ANSWER
+SECTION AUTHORITY
+example.com.	IN	SOA ns.example.com. h.example.com. 2007090504 1800 1800 2419200 7200
+example.com.    3600    IN      RRSIG   SOA 3 2 3600 20070926134150 20070829134150 2854 example.com. MCwCFC5uwIHSehZtetK2CMNXttSFUB0XAhROFDAgy/FaxR8zFXJzyPdpQG93Sw== ;{id = 2854}
+sub.example.com. IN	NSEC www.example.com. NS RRSIG NSEC
+sub.example.com.        3600    IN      RRSIG   NSEC 3 3 3600 20070926134150 20070829134150 2854 example.com. MCwCFDCaiDM6G+glwNW276HWdH+McmjgAhRSwF5OfimNQCqkWgnYotLOwUghKQ== ;{id = 2854}
+SECTION ADDITIONAL
+ENTRY_END
+
+SCENARIO_END
diff --git a/src/test/resources/unbound/val_wild_pos.rpl b/src/test/resources/unbound/val_wild_pos.rpl
new file mode 100644
index 000000000..624d8e07b
--- /dev/null
+++ b/src/test/resources/unbound/val_wild_pos.rpl
@@ -0,0 +1,163 @@
+; config options
+; The island of trust is at example.com
+server:
+	trust-anchor: "example.com.    3600    IN      DS      2854 3 1 46e4ffc6e9a4793b488954bd3f0cc6af0dfb201b"
+	val-override-date: "20070916134226"
+	target-fetch-policy: "0 0 0 0 0"
+	qname-minimisation: "no"
+	fake-sha1: yes
+	trust-anchor-signaling: no
+	minimal-responses: no
+
+stub-zone:
+	name: "."
+	stub-addr: 193.0.14.129 	# K.ROOT-SERVERS.NET.
+CONFIG_END
+
+SCENARIO_BEGIN Test validator with direct wildcard positive response
+
+; K.ROOT-SERVERS.NET.
+RANGE_BEGIN 0 100
+	ADDRESS 193.0.14.129 
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+. IN NS
+SECTION ANSWER
+. IN NS	K.ROOT-SERVERS.NET.
+SECTION ADDITIONAL
+K.ROOT-SERVERS.NET.	IN	A	193.0.14.129
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+*.example.com. IN A
+SECTION AUTHORITY
+com.	IN NS	a.gtld-servers.net.
+SECTION ADDITIONAL
+a.gtld-servers.net.	IN 	A	192.5.6.30
+ENTRY_END
+RANGE_END
+
+; a.gtld-servers.net.
+RANGE_BEGIN 0 100
+	ADDRESS 192.5.6.30
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+com. IN NS
+SECTION ANSWER
+com.    IN NS   a.gtld-servers.net.
+SECTION ADDITIONAL
+a.gtld-servers.net.     IN      A       192.5.6.30
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+*.example.com. IN A
+SECTION AUTHORITY
+example.com.	IN NS	ns.example.com.
+SECTION ADDITIONAL
+ns.example.com.		IN 	A	1.2.3.4
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+ns.example.com. IN AAAA
+SECTION ANSWER
+ENTRY_END
+RANGE_END
+
+; ns.example.com.
+RANGE_BEGIN 0 100
+	ADDRESS 1.2.3.4
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+example.com. IN NS
+SECTION ANSWER
+example.com.    IN NS   ns.example.com.
+example.com.    3600    IN      RRSIG   NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854}
+SECTION ADDITIONAL
+ns.example.com.         IN      A       1.2.3.4
+ns.example.com. 3600    IN      RRSIG   A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854}
+ENTRY_END
+
+; response to DNSKEY priming query
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+example.com. IN DNSKEY
+SECTION ANSWER
+example.com.    3600    IN      DNSKEY  256 3 3 ALXLUsWqUrY3JYER3T4TBJII s70j+sDS/UT2QRp61SE7S3E EXopNXoFE73JLRmvpi/UrOO/Vz4Se 6wXv/CYCKjGw06U4WRgR YXcpEhJROyNapmdIKSx hOzfLVE1gqA0PweZR8d tY3aNQSRn3sPpwJr6Mi /PqQKAMMrZ9ckJpf1+b QMOOvxgzz2U1GS18b3y ZKcgTMEaJzd/GZYzi/B N2DzQ0MsrSwYXfsNLFO Bbs8PJMW4LYIxeeOe6rUgkWOF 7CC9Dh/dduQ1QrsJhmZAEFfd6ByYV+ ;{id = 2854 (zsk), size = 1688b}
+example.com.    3600    IN      RRSIG   DNSKEY 3 2 3600 20070926134802 20070829134802 2854 example.com. MCwCFG1yhRNtTEa3Eno2zhVVuy2EJX3wAhQeLyUp6+UXcpC5qGNu9tkrTEgPUg== ;{id = 2854}
+SECTION AUTHORITY
+example.com.	IN NS	ns.example.com.
+example.com.    3600    IN      RRSIG   NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854}
+SECTION ADDITIONAL
+ns.example.com.		IN 	A	1.2.3.4
+ns.example.com. 3600    IN      RRSIG   A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854}
+ENTRY_END
+
+; response to query of interest
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+*.example.com. IN A
+SECTION ANSWER
+*.example.com. IN A	10.20.30.40
+*.example.com.	3600	IN	RRSIG	A 3 2 3600 20070926134150 20070829134150 2854 example.com. AG3iIIzflgRHsIlOKiSHADHIn/NmfNgESAslc1wIjxys5r9w4CxNIGs= ;{id = 2854}
+SECTION AUTHORITY
+example.com.	IN NS	ns.example.com.
+example.com.    3600    IN      RRSIG   NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854}
+SECTION ADDITIONAL
+ns.example.com.		IN 	A	1.2.3.4
+ns.example.com. 3600    IN      RRSIG   A 3 3 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCQMyTjn7WWwpwAR1LlVeLpRgZGuQIUCcJDEkwAuzytTDRlYK7nIMwH1CM= ;{id = 2854}
+ENTRY_END
+RANGE_END
+
+STEP 1 QUERY
+ENTRY_BEGIN
+REPLY RD DO
+SECTION QUESTION
+*.example.com. IN A
+ENTRY_END
+
+; recursion happens here.
+STEP 10 CHECK_ANSWER
+ENTRY_BEGIN
+MATCH all
+REPLY QR RD RA AD DO NOERROR
+SECTION QUESTION
+*.example.com. IN A
+SECTION ANSWER
+*.example.com. IN A	10.20.30.40
+*.example.com.	3600	IN	RRSIG	A 3 2 3600 20070926134150 20070829134150 2854 example.com. AG3iIIzflgRHsIlOKiSHADHIn/NmfNgESAslc1wIjxys5r9w4CxNIGs= ;{id = 2854}
+SECTION AUTHORITY
+example.com.	IN NS	ns.example.com.
+example.com.    3600    IN      RRSIG   NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854}
+SECTION ADDITIONAL
+ns.example.com.		IN 	A	1.2.3.4
+ns.example.com. 3600    IN      RRSIG   A 3 3 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCQMyTjn7WWwpwAR1LlVeLpRgZGuQIUCcJDEkwAuzytTDRlYK7nIMwH1CM= ;{id = 2854}
+ENTRY_END
+
+SCENARIO_END
diff --git a/src/test/resources/zonefileEx2 b/src/test/resources/zonefileEx2
new file mode 100644
index 000000000..3a1342c06
--- /dev/null
+++ b/src/test/resources/zonefileEx2
@@ -0,0 +1,139 @@
+;; SPDX-License-Identifier: ISC
+;; Copyright (c) 2014-2016 Internet Systems Consortium, Inc. ("ISC")
+;;
+;; Permission to use, copy, modify, and/or distribute this software for
+;; any purpose with or without fee is hereby granted, provided that the
+;; above copyright notice and this permission notice appear in all
+;; copies.
+;;
+;; THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL
+;; WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED
+;; WARRANTIES OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL
+;; THE AUTHOR BE LIABLE FOR ANY SPECIAL, DIRECT, INDIRECT, OR
+;; CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
+;; LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT,
+;; NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN
+;; CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
+example.com.		600 IN SOA ns1.example.com. admin.example.com. (
+				2014102104 ; serial
+				1800       ; refresh (30 minutes)
+				900        ; retry (15 minutes)
+				2419200    ; expire (4 weeks)
+				300        ; minimum (5 minutes)
+				)
+example.com.		300 IN RRSIG NSEC 8 2 300 (
+				20141126120153 20141027112239 60798 example.com.
+				U1je2BEXY7S/u4An8sKEp2Cb8b90+9mNBoFb9nXgkTvC
+				cJkT/4OIUIaO7EbsIASmlzjDwJEKSO/nPDFg3y6tsR0m
+				GT7H7AYAouwBhUlIrDrGQpxqRLJXA1kPkxboX4M2JGx4
+				rBcBsN/7lG5CGbjtLW3PMnJRELE5fBJBLZM1KLo= )
+example.com.		300 IN NSEC ftp.example.com. NS SOA RRSIG NSEC DNSKEY TYPE65534
+example.com.		600 IN RRSIG NS 8 2 600 (
+				20141126115318 20141027112239 60798 example.com.
+				TGC1gAksxHHDoltjJ8ETJ9qdr5MzFjA05vEllSNWBFe7
+				O71Payf8o4MISHNeUoZpu7Ys4zBiTRLqUaLeI0oSEnzM
+				r2QJkrfUHl1k8D/wCWApEUhMa1GxLIKMsEfgd3D5nK52
+				6LAVNihx5BKC1YxuYZXhhBMYQm7bIlUXFvxl3uE= )
+example.com.		600 IN RRSIG SOA 8 2 600 (
+				20141126122239 20141027112239 60798 example.com.
+				0ntLprFpg9bKWs5ArGvpZq8uFa9QPEfl6bOmfIwbNnEp
+				9PgBS97icRs27JDgIXGM4dWxXiPVX6sZ8jFulSp2mi2v
+				4dhtqMfb4S/rfxSmCphIz5PA+bngKSr5fhRI6tTM8fW1
+				l5V3zfKCPFracE0CgdcWIt0xViEs56Axj942f5w= )
+example.com.		0 IN RRSIG TYPE65534 8 2 0 (
+				20141126120153 20141027112239 60798 example.com.
+				Sv+7vfHXz4zlLSEuWs5Bt5boqSDVCK2GcOgAzVXnW9/0
+				zgk3v8VwSXRTRnwdsvl3SK6YsM9S/HNXk32AQs2PjXf4
+				2/cmv6VCOGSVGin/L5k4KWjpy0ESV2iY0hIIyeXWqUdB
+				ZUCu1+2GhHiA5+gKODn/8sg6x04g+lZe6wuhU44= )
+example.com.		600 IN RRSIG DNSKEY 8 2 600 (
+				20141126122239 20141027112239 45319 example.com.
+				F2vrBJqvloP5yNE6X1+b1XJ4gY6DlH1oyJz6pSULmGgQ
+				FFztyrCJoV4MI6TeFRXJKLTePewjcTzKlaRKJHZRElcM
+				QaClWr6RdZ2Uc1fFOBgYocrDZtGWdTVg7XCiLJ/ubrDH
+				7et9rSexmKEwI44T4Vf7w3e+kUQSzMBGfA9Z5Q8WnnBW
+				IDn4QFqRx0B02bVLV4giJbVp649ukIApVoHSpJvhrWq8
+				eSSdP2ojymzr4gAuQZzmZUJnxp7Q3ktuQgIokhLG4FDH
+				/O9qnhnOkUZFsxbBaDYVn5TIl1Kkmn3LH98JQE0z8a7D
+				WfqAPAFy0rKHkvyOA8FlimDW09OYeJS00A== )
+example.com.		600 IN RRSIG DNSKEY 8 2 600 (
+				20141126122239 20141027112239 60798 example.com.
+				PoUdallJO0ZF3iFmRoGoKh/iLAJVn52ABVEVku9LK34C
+				oh4Y29rgK4jd3DwxU7zDLadVs0Fo3JFHp2jdYCEm03BS
+				XE6d0cijZP5aFt8rO/grO/qbkdv+ScEi1kOhCKcvt3Kg
+				1mXhiZt4Jx3LeisUpD9mGa+m9ehcPYlAHPKoZMg= )
+example.com.		0 IN TYPE65534 \# 5 ( 08B1070001 )
+example.com.		0 IN TYPE65534 \# 5 ( 08ED7E0001 )
+example.com.		600 IN DNSKEY 256 3 8 (
+				AwEAAfbc/0ESumm1mPVkm025PfHKHNYW62yx0wyLN5LE
+				4DifN6FzIVSKSGdMOdq+z6vFGxzzjPDz7QZdeC6ttIUA
+				Bo4tG7dDrsWK+tG5cm4vuylsEVbnnW5i+gFG/02+RYmZ
+				ZT9AobXB5bVjfXl9SDBgpBluB35WUCAnK9WkRRUS08lf
+				) ; ZSK; alg = RSASHA256; key id = 60798
+example.com.		600 IN DNSKEY 257 3 8 (
+				AwEAAb4N53kPbdRTAwvJT8OYVeVhQIldwppMy7KBJ+8k
+				Uggx2PU3yP/qlq4Zjl0MMmqRiJhD/S+z9cJLNTZ9tHz1
+				7aZQjFyGAyuU3DGW16xfMolcIn+c8TpPCzBOFhxk6jvO
+				VLlz+Wgyi1ES+t29FjYYv5cVNRPmxXLRjlHFdO1DzX3N
+				dmcUoZ+VVJCvaML9+6UpL/6jitNsoU8JHnxT9B2CGKcw
+				N7VaK4l9Ida2BqY3/4UVqWzhj03/M5LK6cn1pEQbQMtY
+				R0TNJURBKdK8bH663h98i23tVX0/85IsCVBL4Dd2boa3
+				/7HPp7uZN1AjDvcRsOh1mqixwUGmVm1EskDIMy8=
+				) ; KSK; alg = RSASHA256; key id = 45319
+example.com.		600 IN NS ns1.example.com.
+ftp.example.com.	600 IN RRSIG A 8 3 600 (
+				20141126115318 20141027112239 60798 example.com.
+				PNATas8HPjc6tm7Ldfk7P61IlRVSQW085P9lDw8qwITc
+				TghDdAXHJBkCTXaDRWPyQZbGI5fNcxWLkf/HRbKREzQs
+				eyztZj2OBnBnnK0t8SWLyM4+OMsGH17z4ZvBmPO/Wgju
+				iSm98reH7J87yRlUMQHdPSwAP6q5tZeJbwpSkao= )
+ftp.example.com.	300 IN RRSIG NSEC 8 3 300 (
+				20141126115318 20141027112239 60798 example.com.
+				ohuvpkqlNR+TYOG79JizEV+SFjVbUKSB3hEfHOJszCIr
+				bcdPKTS0GgQS62N4ISwfvb735oQzc8pI5R+f+8MMn5c9
+				/yRnArTpPJOKDnyIiMaMLBU5sEp5wI+OLsLFMkLef4iK
+				gn+j608Qnoo7dXtWWQPv85FyaT9j3C+EV6rglCk= )
+ftp.example.com.	300 IN NSEC ns1.example.com. A RRSIG NSEC
+ftp.example.com.	600 IN A 192.168.1.200
+ns1.example.com.	600 IN RRSIG A 8 3 600 (
+				20141126115318 20141027112239 60798 example.com.
+				z1rnlU9oVnIhwxQey3Zo6ENYmWXtf97RiZng3u6VkE0n
+				yUC5S3sseZgD8Vc+uJsKVAvafM/k7NgS+P3pe5gN01Ln
+				+geKEMZ3pCHpzHG4UgJj4Xw/iuWOVAFURD26GNnPppDK
+				RNYPWIhA/9FF18vI3V9evNcHGxN+7rOOXF8Qbss= )
+ns1.example.com.	300 IN RRSIG NSEC 8 3 300 (
+				20141126115318 20141027112239 60798 example.com.
+				chH7c6aW6Qk14d4LB866jva9OcH52pJkeHpdslVmUbJ2
+				OkJQNhbpOekSjsroxDU4av3/Y49Dtg0lqoISvMMqwE5X
+				5sKmn+CMKFfMmi22ui+RsPXyDqjkx+JOsi/7kCx7DFJz
+				jF0a6KcsTWNV2QfZjQ50RyrSBBOkw6aqdUC3oF8= )
+ns1.example.com.	300 IN NSEC web.example.com. A RRSIG NSEC
+ns1.example.com.	600 IN A 192.168.1.1
+web.example.com.	600 IN RRSIG CNAME 8 3 600 (
+				20141126115318 20141027112239 60798 example.com.
+				VgHPC0WllAlHY56xMF3j8FI7MsxDhLJJBDBMSVSQpQkA
+				z81kfInYQL4YpAt25WrH7xt4pCmjVl3kUcDGAWWuSiQy
+				nh2O4CoY/tSqQ7Sr9UnE5SIvpW5yws8iROOHvJYuKAmu
+				8B3gYw1gp9xCMS4iBOIXTTq1KV2OHwo0cPXVyfI= )
+web.example.com.	300 IN RRSIG NSEC 8 3 300 (
+				20141126115318 20141027112239 60798 example.com.
+				zh+9fnIQlfpvc0oFRnNIPJoL/S5RQF4HuGwmLxoCxRVp
+				FCQoZbzNB0IVvaA+0XEslcHq3v4+0j9EeKKQw7xORaGu
+				TrzcoRGbjuKZlpvnVlxYkjCiEKVbkXd5yEMnbgolFkhH
+				NjFlozSyzypY0TY0UVRPXWhZ2shASae/ImqFiug= )
+web.example.com.	300 IN NSEC www.example.com. CNAME RRSIG NSEC
+web.example.com.	600 IN CNAME www.example.com.
+www.example.com.	600 IN RRSIG A 8 3 600 (
+				20141126120153 20141027112239 60798 example.com.
+				TLkMRs7I3QW8HRS3trNG307Y0/drO4k8uG8Bv8856qPo
+				33rbEajV49XBBQ+w8jynfKwxMNDfJhpSG0gxo7+0m75Y
+				HRBZ9Xe3EAMNt2/iu0CL6NHyN99qF9TPNbYnD2Zw077L
+				GSDOua1KFMxDqFU7rU0+YlKRGbSk1rqAJBqKEH4= )
+www.example.com.	300 IN RRSIG NSEC 8 3 300 (
+				20141126120153 20141027112239 60798 example.com.
+				GSyFVBgMROqDuoSJoDegX3EkdqA90skBTvi9tkPxoQPo
+				i8LlaD+wRmcXpYKE3vf/y0WpOOVQXbasyfFk8wGzFsde
+				fqpFsscbz3OYgnkwYcTvGXZF9802ytiC5txli9uxUqjc
+				lGL+SDl0woYhecwJD63fTDIMszlVR/eptIL9dLc= )
+www.example.com.	300 IN NSEC example.com. A RRSIG NSEC
+www.example.com.	600 IN A 192.168.1.100
diff --git a/src/test/resources/zonefileEx3 b/src/test/resources/zonefileEx3
new file mode 100644
index 000000000..5e4df8847
--- /dev/null
+++ b/src/test/resources/zonefileEx3
@@ -0,0 +1,7 @@
+$TTL 600
+example.com. IN SOA ns1.foo.com. john.doe.foo.com. 2023110717 28800 7200 604800 7200
+
+@ 86400 IN NS ns1.foo.com.
+@ 86400 IN NS ns2.foo.com.
+@ 86400 IN NS ns3.foo.com.
+@ IN A 1.2.3.4